From 253ab0d0b7b24ab1fd9582463ca3777e9663816f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 9 Feb 2024 14:36:54 +0000 Subject: [PATCH] Charts CI ``` Updated: amd/amd-gpu: - 0.12.0 argo/argo-cd: - 6.0.5 bitnami/airflow: - 16.5.5 bitnami/cassandra: - 10.9.0 bitnami/kafka: - 26.8.5 bitnami/mariadb: - 16.0.1 bitnami/mysql: - 9.19.1 bitnami/postgresql: - 14.0.4 bitnami/redis: - 18.12.1 bitnami/spark: - 8.5.2 bitnami/tomcat: - 10.13.5 bitnami/wordpress: - 19.2.6 bitnami/zookeeper: - 12.8.1 cert-manager/cert-manager: - v1.14.2 clastix/kamaji: - 0.14.1 cockroach-labs/cockroachdb: - 12.0.0 crate/crate-operator: - 2.34.1 crowdstrike/falcon-sensor: - 1.25.2 datadog/datadog: - 3.53.3 dell/csi-isilon: - 2.9.1 dell/csi-powermax: - 2.9.1 dell/csi-powerstore: - 2.9.1 dell/csi-unity: - 2.9.1 dell/csi-vxflexos: - 2.9.1 dh2i/dxemssql: - 1.0.5 digitalis/vals-operator: - 0.7.9 external-secrets/external-secrets: - 0.9.12 hashicorp/consul: - 1.3.2 jenkins/jenkins: - 5.0.13 jfrog/artifactory-ha: - 107.77.5 jfrog/artifactory-jcr: - 107.77.5 kasten/k10: - 6.5.4 - 6.5.3 kong/kong: - 2.35.1 kubecost/cost-analyzer: - 2.0.2 kuma/kuma: - 2.6.0 loft/loft: - 3.3.4 metallb/metallb: - 0.14.3 minio/minio-operator: - 5.0.12 nats/nats: - 1.1.8 new-relic/nri-bundle: - 5.0.63 percona/psmdb-db: - 1.15.3 percona/psmdb-operator: - 1.15.2 percona/pxc-db: - 1.13.6 percona/pxc-operator: - 1.13.5 redpanda/redpanda: - 5.7.23 speedscale/speedscale-operator: - 2.0.11 stackstate/stackstate-k8s-agent: - 1.0.68 yugabyte/yugabyte: - 2.16.9 - 2.18.6 yugabyte/yugaware: - 2.16.9 - 2.18.6 ``` --- assets/amd/amd-gpu-0.12.0.tgz | Bin 0 -> 16280 bytes assets/argo/argo-cd-5.53.8.tgz | Bin 159886 -> 159876 bytes assets/argo/argo-cd-6.0.5.tgz | Bin 0 -> 161818 bytes assets/bitnami/airflow-16.5.5.tgz | Bin 0 -> 205109 bytes assets/bitnami/cassandra-10.9.0.tgz | Bin 0 -> 44177 bytes assets/bitnami/kafka-26.8.5.tgz | Bin 0 -> 139520 bytes assets/bitnami/mariadb-16.0.1.tgz | Bin 0 -> 48350 bytes assets/bitnami/mysql-9.19.1.tgz | Bin 0 -> 48416 bytes assets/bitnami/postgresql-14.0.4.tgz | Bin 0 -> 68150 bytes assets/bitnami/redis-18.12.1.tgz | Bin 0 -> 78943 bytes assets/bitnami/spark-8.5.2.tgz | Bin 0 -> 43668 bytes assets/bitnami/tomcat-10.13.5.tgz | Bin 0 -> 38384 bytes assets/bitnami/wordpress-19.2.6.tgz | Bin 0 -> 137115 bytes assets/bitnami/zookeeper-12.8.1.tgz | Bin 0 -> 46028 bytes assets/cert-manager/cert-manager-v1.14.2.tgz | Bin 0 -> 80729 bytes assets/clastix/kamaji-0.14.1.tgz | Bin 0 -> 69762 bytes assets/cockroach-labs/cockroachdb-12.0.0.tgz | Bin 0 -> 31703 bytes assets/crate/crate-operator-2.34.1.tgz | Bin 0 -> 7838 bytes assets/crowdstrike/falcon-sensor-1.25.2.tgz | Bin 0 -> 19095 bytes assets/datadog/datadog-3.53.3.tgz | Bin 0 -> 160741 bytes assets/dell/csi-isilon-2.9.1.tgz | Bin 0 -> 11582 bytes assets/dell/csi-powermax-2.9.1.tgz | Bin 0 -> 12879 bytes assets/dell/csi-powerstore-2.9.1.tgz | Bin 0 -> 11523 bytes assets/dell/csi-unity-2.9.1.tgz | Bin 0 -> 9666 bytes assets/dell/csi-vxflexos-2.9.1.tgz | Bin 0 -> 9634 bytes assets/dh2i/dxemssql-1.0.5.tgz | Bin 0 -> 5075 bytes assets/digitalis/vals-operator-0.7.9.tgz | Bin 0 -> 6955 bytes .../external-secrets-0.9.12.tgz | Bin 0 -> 92849 bytes assets/hashicorp/consul-1.3.2.tgz | Bin 0 -> 219520 bytes assets/jenkins/jenkins-5.0.13.tgz | Bin 0 -> 71671 bytes assets/jfrog/artifactory-ha-107.77.5.tgz | Bin 0 -> 166002 bytes assets/jfrog/artifactory-jcr-107.77.5.tgz | Bin 0 -> 166713 bytes assets/kasten/k10-6.5.301.tgz | Bin 0 -> 203174 bytes assets/kasten/k10-6.5.401.tgz | Bin 0 -> 204022 bytes assets/kong/kong-2.35.1.tgz | Bin 0 -> 204741 bytes assets/kubecost/cost-analyzer-1.108.1.tgz | Bin 165727 -> 165720 bytes assets/kubecost/cost-analyzer-2.0.2.tgz | Bin 0 -> 141408 bytes assets/kuma/kuma-2.6.0.tgz | Bin 0 -> 58967 bytes assets/loft/loft-3.3.4.tgz | Bin 0 -> 6226 bytes assets/metallb/metallb-0.14.3.tgz | Bin 0 -> 38876 bytes assets/minio/minio-operator-5.0.12.tgz | Bin 0 -> 24945 bytes assets/nats/nats-1.1.8.tgz | Bin 0 -> 19854 bytes assets/new-relic/nri-bundle-5.0.63.tgz | Bin 0 -> 310263 bytes assets/percona/psmdb-db-1.15.3.tgz | Bin 0 -> 12241 bytes assets/percona/psmdb-operator-1.15.2.tgz | Bin 0 -> 46487 bytes assets/percona/pxc-db-1.13.6.tgz | Bin 0 -> 16201 bytes assets/percona/pxc-operator-1.13.5.tgz | Bin 0 -> 27002 bytes assets/redpanda/redpanda-5.7.23.tgz | Bin 0 -> 109667 bytes .../speedscale/speedscale-operator-2.0.11.tgz | Bin 0 -> 16616 bytes .../stackstate-k8s-agent-1.0.68.tgz | Bin 0 -> 33329 bytes assets/yugabyte/yugabyte-2.16.9.tgz | Bin 0 -> 22678 bytes assets/yugabyte/yugabyte-2.18.6.tgz | Bin 0 -> 25683 bytes assets/yugabyte/yugaware-2.16.9.tgz | Bin 0 -> 26103 bytes assets/yugabyte/yugaware-2.18.6.tgz | Bin 0 -> 24335 bytes charts/amd/amd-gpu/Chart.lock | 6 +- charts/amd/amd-gpu/Chart.yaml | 10 +- charts/amd/amd-gpu/README.md | 4 +- .../charts/node-feature-discovery/Chart.yaml | 4 +- charts/amd/amd-gpu/templates/labeller.yaml | 4 +- charts/amd/amd-gpu/values.yaml | 4 +- charts/argo/argo-cd/Chart.yaml | 6 +- charts/argo/argo-cd/README.md | 311 ++- charts/argo/argo-cd/templates/NOTES.txt | 132 +- charts/argo/argo-cd/templates/_helpers.tpl | 2 +- charts/argo/argo-cd/templates/_versions.tpl | 13 - .../clusterrole.yaml | 3 +- .../clusterrolebinding.yaml | 3 +- .../statefulset.yaml | 77 +- .../argocd-applicationset/deployment.yaml | 22 +- .../argocd-applicationset/ingress.yaml | 64 + .../argocd-applicationset/networkpolicy.yaml | 4 +- .../webhook-ingress.yaml | 73 - .../templates/argocd-configs/argocd-cm.yaml | 4 +- .../argocd-configs/argocd-gpg-keys-cm.yaml | 4 +- .../argocd-configs/argocd-rbac-cm.yaml | 6 +- .../argocd-configs/argocd-secret.yaml | 6 +- .../argocd-ssh-known-hosts-cm.yaml | 8 +- .../argocd-configs/argocd-tls-certs-cm.yaml | 8 +- .../argocd-notifications/clusterrole.yaml | 33 +- .../argocd-notifications/deployment.yaml | 6 + .../argocd-repo-server/clusterrole.yaml | 3 +- .../clusterrolebinding.yaml | 3 +- .../argocd-repo-server/deployment.yaml | 32 +- .../templates/argocd-server/aws/ingress.yaml | 71 + .../templates/argocd-server/aws/service.yaml | 6 +- .../templates/argocd-server/clusterrole.yaml | 5 +- .../argocd-server/clusterrolebinding.yaml | 3 +- .../templates/argocd-server/deployment.yaml | 41 +- .../argocd-server/gke/backendconfig.yaml | 10 +- .../argocd-server/gke/frontendconfig.yaml | 8 +- .../templates/argocd-server/gke/ingress.yaml | 69 + .../argocd-server/gke/managedcertificate.yaml | 11 +- .../templates/argocd-server/ingress-grpc.yaml | 68 +- .../templates/argocd-server/ingress.yaml | 93 +- .../argocd-server/serviceaccount.yaml | 2 +- .../templates/crds/crd-application.yaml | 76 + .../templates/crds/crd-applicationset.yaml | 194 ++ .../argo-cd/templates/crds/crd-project.yaml | 10 +- .../argo-cd/templates/redis/deployment.yaml | 58 +- .../templates/redis/health-configmap.yaml | 35 + charts/argo/argo-cd/values.yaml | 426 ++-- charts/bitnami/airflow/.helmignore | 2 + charts/bitnami/airflow/Chart.lock | 8 +- charts/bitnami/airflow/Chart.yaml | 16 +- charts/bitnami/airflow/README.md | 190 +- .../airflow/charts/postgresql/.helmignore | 2 + .../airflow/charts/postgresql/Chart.yaml | 8 +- .../airflow/charts/postgresql/README.md | 251 +- .../templates/primary/statefulset.yaml | 1 + .../templates/read/statefulset.yaml | 1 + .../airflow/charts/postgresql/values.yaml | 32 +- .../bitnami/airflow/charts/redis/.helmignore | 2 + .../bitnami/airflow/charts/redis/Chart.yaml | 10 +- charts/bitnami/airflow/charts/redis/README.md | 385 ++- .../redis/img/redis-cluster-topology.png | Bin 11448 -> 0 bytes .../charts/redis/img/redis-topology.png | Bin 9709 -> 0 bytes .../redis/templates/master/application.yaml | 6 +- .../templates/master/serviceaccount.yaml | 2 +- .../charts/redis/templates/metrics-svc.yaml | 4 +- .../charts/redis/templates/networkpolicy.yaml | 7 +- .../charts/redis/templates/podmonitor.yaml | 21 +- .../redis/templates/replicas/application.yaml | 6 +- .../templates/replicas/serviceaccount.yaml | 2 +- .../redis/templates/sentinel/statefulset.yaml | 6 +- .../redis/templates/serviceaccount.yaml | 2 +- .../redis/templates/servicemonitor.yaml | 22 +- .../bitnami/airflow/charts/redis/values.yaml | 76 +- charts/bitnami/airflow/files/dags/README.md | 2 + .../templates/metrics/networkpolicy.yaml | 70 + .../templates/scheduler/networkpolicy.yaml | 69 + .../airflow/templates/web/networkpolicy.yaml | 69 + .../templates/worker/networkpolicy.yaml | 69 + charts/bitnami/airflow/values.yaml | 239 +- charts/bitnami/cassandra/.helmignore | 2 + charts/bitnami/cassandra/Chart.yaml | 8 +- charts/bitnami/cassandra/README.md | 92 +- charts/bitnami/cassandra/templates/NOTES.txt | 20 +- .../bitnami/cassandra/templates/_helpers.tpl | 8 +- .../cassandra/templates/cassandra-secret.yaml | 4 +- .../cassandra/templates/headless-svc.yaml | 2 +- .../templates/metrics-configmap.yaml | 2 +- .../cassandra/templates/networkpolicy.yaml | 78 +- charts/bitnami/cassandra/templates/pdb.yaml | 2 +- .../bitnami/cassandra/templates/service.yaml | 2 +- .../cassandra/templates/serviceaccount.yaml | 2 +- .../cassandra/templates/servicemonitor.yaml | 4 +- .../cassandra/templates/statefulset.yaml | 2 +- .../cassandra/templates/tls-secret.yaml | 4 +- charts/bitnami/cassandra/values.yaml | 67 +- charts/bitnami/kafka/.helmignore | 2 + charts/bitnami/kafka/Chart.lock | 6 +- charts/bitnami/kafka/Chart.yaml | 12 +- charts/bitnami/kafka/README.md | 47 +- .../kafka/charts/zookeeper/.helmignore | 2 + .../bitnami/kafka/charts/zookeeper/Chart.yaml | 4 +- .../bitnami/kafka/charts/zookeeper/README.md | 16 +- .../zookeeper/templates/networkpolicy.yaml | 42 + .../zookeeper/templates/statefulset.yaml | 1 + .../kafka/charts/zookeeper/values.yaml | 56 +- charts/bitnami/kafka/templates/_helpers.tpl | 14 + .../kafka/templates/broker/statefulset.yaml | 9 +- .../controller-eligible/statefulset.yaml | 9 +- .../kafka/templates/metrics/deployment.yaml | 1 + .../kafka/templates/provisioning/job.yaml | 1 + .../kafka/templates/scripts-configmap.yaml | 2 +- charts/bitnami/kafka/values.yaml | 50 +- charts/bitnami/mariadb/.helmignore | 2 + charts/bitnami/mariadb/Chart.yaml | 10 +- charts/bitnami/mariadb/README.md | 92 +- .../templates/networkpolicy-egress.yaml | 34 - .../mariadb/templates/networkpolicy.yaml | 76 + .../mariadb/templates/primary/configmap.yaml | 2 +- .../primary/networkpolicy-ingress.yaml | 58 - .../templates/primary/statefulset.yaml | 6 +- .../templates/secondary/configmap.yaml | 2 +- .../secondary/networkpolicy-ingress.yaml | 51 - .../templates/secondary/statefulset.yaml | 6 +- charts/bitnami/mariadb/values.yaml | 173 +- charts/bitnami/mysql/.helmignore | 2 + charts/bitnami/mysql/Chart.yaml | 8 +- charts/bitnami/mysql/README.md | 41 +- .../mysql/templates/networkpolicy.yaml | 60 +- .../mysql/templates/primary/statefulset.yaml | 6 +- .../templates/secondary/statefulset.yaml | 4 +- charts/bitnami/mysql/values.yaml | 100 +- charts/bitnami/postgresql/.helmignore | 2 + charts/bitnami/postgresql/Chart.yaml | 10 +- charts/bitnami/postgresql/README.md | 269 +- .../templates/networkpolicy-egress.yaml | 34 - .../templates/primary/networkpolicy.yaml | 98 +- .../templates/read/networkpolicy.yaml | 78 +- charts/bitnami/postgresql/values.yaml | 136 +- charts/bitnami/redis/.helmignore | 2 + charts/bitnami/redis/Chart.yaml | 10 +- charts/bitnami/redis/README.md | 383 ++- .../redis/img/redis-cluster-topology.png | Bin 11448 -> 0 bytes charts/bitnami/redis/img/redis-topology.png | Bin 9709 -> 0 bytes .../redis/templates/master/application.yaml | 4 +- .../templates/master/serviceaccount.yaml | 2 +- .../bitnami/redis/templates/metrics-svc.yaml | 4 +- .../redis/templates/networkpolicy.yaml | 7 +- .../bitnami/redis/templates/podmonitor.yaml | 21 +- .../redis/templates/replicas/application.yaml | 4 +- .../templates/replicas/serviceaccount.yaml | 2 +- .../redis/templates/sentinel/statefulset.yaml | 4 +- .../redis/templates/serviceaccount.yaml | 2 +- .../redis/templates/servicemonitor.yaml | 22 +- charts/bitnami/redis/values.yaml | 70 +- charts/bitnami/spark/.helmignore | 2 + charts/bitnami/spark/Chart.yaml | 4 +- charts/bitnami/spark/README.md | 48 +- .../spark/templates/networkpolicy-master.yaml | 91 + .../spark/templates/networkpolicy-worker.yaml | 89 + charts/bitnami/spark/values.yaml | 128 +- charts/bitnami/tomcat/.helmignore | 2 + charts/bitnami/tomcat/Chart.yaml | 8 +- charts/bitnami/tomcat/README.md | 46 +- charts/bitnami/tomcat/templates/_pod.tpl | 2 + charts/bitnami/tomcat/values.yaml | 14 +- charts/bitnami/wordpress/.helmignore | 2 + charts/bitnami/wordpress/Chart.lock | 8 +- charts/bitnami/wordpress/Chart.yaml | 10 +- charts/bitnami/wordpress/README.md | 112 +- .../wordpress/charts/mariadb/.helmignore | 2 + .../wordpress/charts/mariadb/Chart.yaml | 8 +- .../wordpress/charts/mariadb/README.md | 60 +- .../wordpress/charts/mariadb/values.yaml | 18 +- .../wordpress/charts/memcached/.helmignore | 2 + .../wordpress/charts/memcached/Chart.yaml | 8 +- .../wordpress/charts/memcached/README.md | 79 +- .../memcached/templates/networkpolicy.yaml | 74 + .../memcached/templates/statefulset.yaml | 2 + .../wordpress/charts/memcached/values.yaml | 73 +- charts/bitnami/wordpress/values.yaml | 18 +- charts/bitnami/zookeeper/.helmignore | 2 + charts/bitnami/zookeeper/Chart.yaml | 6 +- charts/bitnami/zookeeper/README.md | 13 +- .../zookeeper/templates/networkpolicy.yaml | 42 + charts/bitnami/zookeeper/values.yaml | 55 +- charts/cert-manager/cert-manager/Chart.yaml | 4 +- charts/cert-manager/cert-manager/README.md | 1888 ++++++++++++-- .../cert-manager/templates/_helpers.tpl | 14 + .../templates/cainjector-config.yaml | 18 + .../templates/cainjector-deployment.yaml | 14 +- .../templates/controller-config.yaml | 15 +- .../cert-manager/templates/crds.yaml | 294 ++- .../cert-manager/templates/deployment.yaml | 11 +- .../cert-manager/templates/podmonitor.yaml | 50 + .../cert-manager/templates/service.yaml | 2 +- .../templates/servicemonitor.yaml | 4 +- .../templates/startupapicheck-job.yaml | 4 +- .../templates/webhook-config.yaml | 15 +- .../templates/webhook-deployment.yaml | 11 +- .../templates/webhook-mutating-webhook.yaml | 10 +- .../templates/webhook-validating-webhook.yaml | 8 +- charts/cert-manager/cert-manager/values.yaml | 827 +++++-- charts/clastix/kamaji/Chart.yaml | 4 +- charts/clastix/kamaji/README.md | 2 +- charts/cockroach-labs/cockroachdb/Chart.yaml | 4 +- charts/cockroach-labs/cockroachdb/README.md | 10 +- .../templates/certificate.client.yaml | 6 + .../templates/certificate.node.yaml | 6 + charts/cockroach-labs/cockroachdb/values.yaml | 2 +- charts/crate/crate-operator/Chart.lock | 6 +- charts/crate/crate-operator/Chart.yaml | 6 +- .../charts/crate-operator-crds/Chart.yaml | 4 +- .../templates/cratedbs-cloud-crate-io.yaml | 22 + .../crate/crate-operator/templates/rbac.yaml | 2 + charts/crowdstrike/falcon-sensor/Chart.yaml | 4 +- .../templates/clusterrolebinding.yaml | 5 - .../tests/test-cluster-permissions.yaml | 5 - charts/datadog/datadog/CHANGELOG.md | 16 + charts/datadog/datadog/Chart.yaml | 2 +- charts/datadog/datadog/README.md | 5 +- .../templates/_containers-common-env.yaml | 7 + .../datadog/datadog/templates/daemonset.yaml | 1 + charts/datadog/datadog/values.yaml | 5 +- charts/dell/csi-isilon/Chart.yaml | 4 +- .../dell/csi-isilon/templates/controller.yaml | 12 - charts/dell/csi-isilon/values.yaml | 12 +- charts/dell/csi-powermax/Chart.yaml | 6 +- .../charts/csireverseproxy/Chart.yaml | 4 +- .../charts/csireverseproxy/values.yaml | 2 +- .../csi-powermax/templates/controller.yaml | 4 +- charts/dell/csi-powermax/values.yaml | 10 +- charts/dell/csi-powerstore/Chart.yaml | 4 +- charts/dell/csi-powerstore/values.yaml | 10 +- charts/dell/csi-unity/Chart.yaml | 4 +- .../dell/csi-unity/templates/controller.yaml | 1 - charts/dell/csi-unity/values.yaml | 8 +- charts/dell/csi-vxflexos/Chart.yaml | 4 +- .../csi-vxflexos/templates/controller.yaml | 1 - charts/dell/csi-vxflexos/values.yaml | 10 +- charts/dh2i/dxemssql/.helmignore | 46 +- charts/dh2i/dxemssql/Chart.yaml | 4 +- charts/dh2i/dxemssql/README.md | 30 +- charts/dh2i/dxemssql/app-readme.md | 16 +- charts/dh2i/dxemssql/questions.yml | 230 +- charts/dh2i/dxemssql/templates/_helpers.tpl | 124 +- .../dh2i/dxemssql/templates/external-lb.yaml | 44 +- .../dh2i/dxemssql/templates/headless-svc.yaml | 48 +- .../dh2i/dxemssql/templates/statefulset.yaml | 216 +- .../dxemssql/templates/tests/test-setup.yaml | 56 +- charts/dh2i/dxemssql/values.schema.json | 26 +- charts/dh2i/dxemssql/values.yaml | 76 +- charts/digitalis/vals-operator/Chart.yaml | 4 +- charts/digitalis/vals-operator/README.md | 2 +- .../external-secrets/Chart.yaml | 4 +- .../external-secrets/README.md | 9 +- .../external-secrets/templates/_helpers.tpl | 10 + .../templates/cert-controller-deployment.yaml | 4 +- .../templates/crds/acraccesstoken.yaml | 87 +- .../templates/crds/clusterexternalsecret.yaml | 128 +- .../templates/crds/clustersecretstore.yaml | 1460 ++++++++--- .../templates/crds/ecrauthorizationtoken.yaml | 69 +- .../templates/crds/externalsecret.yaml | 171 +- .../external-secrets/templates/crds/fake.yaml | 27 +- .../templates/crds/gcraccesstoken.yaml | 36 +- .../templates/crds/password.yaml | 36 +- .../templates/crds/pushsecret.yaml | 55 +- .../templates/crds/secretstore.yaml | 1460 ++++++++--- .../templates/crds/vaultdynamicsecret.yaml | 367 ++- .../templates/deployment.yaml | 2 +- .../templates/webhook-deployment.yaml | 2 +- .../cert_controller_test.yaml.snap | 10 +- .../__snapshot__/controller_test.yaml.snap | 10 +- .../tests/__snapshot__/crds_test.yaml.snap | 1460 ++++++++--- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +- .../tests/cert_controller_test.yaml | 17 + .../tests/controller_test.yaml | 17 + .../external-secrets/tests/webhook_test.yaml | 21 + .../external-secrets/values.yaml | 12 +- charts/hashicorp/consul/Chart.yaml | 10 +- .../templates/connect-inject-deployment.yaml | 3 +- charts/hashicorp/consul/values.yaml | 13 +- charts/jenkins/jenkins/CHANGELOG.md | 76 +- charts/jenkins/jenkins/Chart.yaml | 14 +- charts/jenkins/jenkins/README.md | 427 +--- charts/jenkins/jenkins/UPGRADING.md | 148 ++ charts/jenkins/jenkins/VALUES_SUMMARY.md | 94 +- charts/jenkins/jenkins/templates/NOTES.txt | 6 +- charts/jenkins/jenkins/templates/_helpers.tpl | 93 +- .../jenkins/templates/deprecation.yaml | 38 +- .../jenkins/templates/jcasc-config.yaml | 2 +- .../templates/jenkins-backup-cronjob.yaml | 168 -- .../templates/jenkins-backup-rbac.yaml | 64 - .../jenkins-controller-statefulset.yaml | 20 +- charts/jenkins/jenkins/templates/secret.yaml | 4 +- .../jenkins/templates/tests/jenkins-test.yaml | 4 +- charts/jenkins/jenkins/values.yaml | 145 +- charts/jfrog/artifactory-ha/.helmignore | 4 +- charts/jfrog/artifactory-ha/CHANGELOG.md | 21 +- charts/jfrog/artifactory-ha/Chart.yaml | 8 +- charts/jfrog/artifactory-ha/README.md | 9 +- .../jfrog/artifactory-ha/ci/large-values.yaml | 8 - .../artifactory-ha/ci/medium-values.yaml | 8 - .../ci/rtsplit-access-tls-values.yaml | 8 - .../artifactory-ha/ci/rtsplit-values.yaml | 15 - .../jfrog/artifactory-ha/ci/small-values.yaml | 8 - .../artifactory-ha/files/binarystore.xml | 6 + .../artifactory-2xlarge-extra-config.yaml | 40 + .../sizing/artifactory-2xlarge.yaml | 118 + .../artifactory-large-extra-config.yaml | 40 + .../sizing/artifactory-large.yaml | 118 + .../artifactory-medium-extra-config.yaml | 40 + .../sizing/artifactory-medium.yaml | 118 + .../artifactory-small-extra-config.yaml | 40 + .../sizing/artifactory-small.yaml | 118 + .../artifactory-xlarge-extra-config.yaml | 39 + .../sizing/artifactory-xlarge.yaml | 118 + .../artifactory-xsmall-extra-config.yaml | 40 + .../sizing/artifactory-xsmall.yaml | 118 + .../artifactory-ha/templates/_helpers.tpl | 29 +- .../artifactory-node-statefulset.yaml | 45 +- .../artifactory-primary-statefulset.yaml | 45 +- .../templates/nginx-deployment.yaml | 18 +- charts/jfrog/artifactory-ha/values-large.yaml | 82 - .../jfrog/artifactory-ha/values-medium.yaml | 82 - charts/jfrog/artifactory-ha/values-small.yaml | 82 - charts/jfrog/artifactory-ha/values.yaml | 119 +- charts/jfrog/artifactory-jcr/CHANGELOG.md | 6 +- charts/jfrog/artifactory-jcr/Chart.yaml | 10 +- charts/jfrog/artifactory-jcr/README.md | 2 +- .../charts/artifactory/.helmignore | 4 +- .../charts/artifactory/CHANGELOG.md | 22 +- .../charts/artifactory/Chart.yaml | 6 +- .../charts/artifactory/README.md | 9 +- .../charts/artifactory/ci/large-values.yaml | 8 - .../charts/artifactory/ci/medium-values.yaml | 8 - .../ci/rtsplit-values-access-tls-values.yaml | 8 - .../charts/artifactory/ci/rtsplit-values.yaml | 16 - .../charts/artifactory/ci/small-values.yaml | 8 - .../charts/artifactory/files/binarystore.xml | 6 + .../artifactory-2xlarge-extra-config.yaml | 38 + .../sizing/artifactory-2xlarge.yaml | 117 + .../artifactory-large-extra-config.yaml | 38 + .../artifactory/sizing/artifactory-large.yaml | 117 + .../artifactory-medium-extra-config.yaml | 38 + .../sizing/artifactory-medium.yaml | 117 + .../artifactory-small-extra-config.yaml | 38 + .../artifactory/sizing/artifactory-small.yaml | 117 + .../artifactory-xlarge-extra-config.yaml | 38 + .../sizing/artifactory-xlarge.yaml | 117 + .../artifactory-xsmall-extra-config.yaml | 39 + .../sizing/artifactory-xsmall.yaml | 118 + .../charts/artifactory/templates/_helpers.tpl | 29 +- .../templates/artifactory-statefulset.yaml | 45 +- .../templates/nginx-deployment.yaml | 16 +- .../charts/artifactory/values-large.yaml | 80 - .../charts/artifactory/values-medium.yaml | 80 - .../charts/artifactory/values-small.yaml | 80 - .../charts/artifactory/values.yaml | 123 +- charts/jfrog/artifactory-jcr/values.yaml | 6 +- charts/kasten/k10/Chart.lock | 2 +- charts/kasten/k10/Chart.yaml | 4 +- .../alertmanager/templates/_helpers.tpl | 24 +- .../alertmanager/templates/statefulset.yaml | 26 +- .../charts/alertmanager/values.yaml | 13 +- .../templates/_helpers.tpl | 24 +- .../prometheus-node-exporter/values.yaml | 13 +- .../templates/_helpers.tpl | 24 +- .../templates/pushgateway-pvc.yaml | 12 +- .../templates/statefulset.yaml | 28 +- .../charts/prometheus-pushgateway/values.yaml | 13 +- .../charts/prometheus/templates/_helpers.tpl | 124 +- .../prometheus/templates/clusterrole.yaml | 2 +- .../templates/clusterrolebinding.yaml | 4 +- .../charts/prometheus/templates/deploy.yaml | 19 +- .../k10/charts/prometheus/templates/pvc.yaml | 12 +- .../k10/charts/prometheus/templates/sts.yaml | 53 +- .../kasten/k10/charts/prometheus/values.yaml | 13 +- charts/kasten/k10/templates/NOTES.txt | 2 +- charts/kasten/k10/templates/_definitions.tpl | 5 +- charts/kasten/k10/templates/_helpers.tpl | 13 +- .../kasten/k10/templates/_k10_container.tpl | 15 +- .../kasten/k10/templates/_k10_image_tag.tpl | 2 +- charts/kasten/k10/templates/_k10_metering.tpl | 3 +- charts/kasten/k10/templates/_prometheus.tpl | 29 + charts/kasten/k10/templates/deployments.yaml | 1 + charts/kasten/k10/templates/gateway.yaml | 74 +- charts/kasten/k10/templates/ingress.yaml | 2 +- charts/kasten/k10/templates/k10-config.yaml | 4 + .../kasten/k10/templates/networkpolicy.yaml | 8 +- charts/kasten/k10/templates/rhmarketplace.tpl | 8 + charts/kasten/k10/templates/v0services.yaml | 1 + .../{charts}/values/prometheus_values.tpl | 156 ++ charts/kasten/k10/values.schema.json | 12 + charts/kasten/k10/values.yaml | 2 + charts/kong/kong/CHANGELOG.md | 20 + charts/kong/kong/Chart.yaml | 2 +- .../admin-api-service-clusterip-values.snap | 18 +- .../__snapshots__/custom-labels-values.snap | 35 +- .../kong/ci/__snapshots__/default-values.snap | 35 +- .../__snapshots__/kong-ingress-1-values.snap | 37 +- .../__snapshots__/kong-ingress-2-values.snap | 37 +- .../__snapshots__/kong-ingress-3-values.snap | 37 +- .../__snapshots__/kong-ingress-4-values.snap | 37 +- .../ci/__snapshots__/service-account.snap | 35 +- .../single-image-default-values.snap | 35 +- ...est-enterprise-version-3.4.0.0-values.snap | 14 +- .../kong/ci/__snapshots__/test1-values.snap | 39 +- .../kong/ci/__snapshots__/test2-values.snap | 72 +- .../kong/ci/__snapshots__/test3-values.snap | 16 +- .../kong/ci/__snapshots__/test4-values.snap | 18 +- .../kong/ci/__snapshots__/test5-values.snap | 65 +- charts/kong/kong/templates/_helpers.tpl | 23 + charts/kong/kong/templates/deployment.yaml | 1 + charts/kubecost/cost-analyzer/Chart.yaml | 17 +- charts/kubecost/cost-analyzer/README.md | 41 - .../cost-analyzer/attached-disks.json | 18 - .../cost-analyzer/charts/grafana/Chart.yaml | 15 - .../cost-analyzer/charts/grafana/README.md | 162 -- .../charts/grafana/templates/NOTES.txt | 37 - .../charts/grafana/templates/_helpers.tpl | 43 - .../charts/grafana/templates/ingress.yaml | 63 - .../grafana/templates/podsecuritypolicy.yaml | 47 - .../charts/grafana/templates/role.yaml | 17 - .../charts/grafana/templates/rolebinding.yaml | 19 - .../charts/grafana/templates/service.yaml | 52 - .../charts/prometheus/Chart.yaml | 18 - .../cost-analyzer/charts/prometheus/README.md | 475 ---- .../charts/kube-state-metrics/Chart.yaml | 20 - .../charts/kube-state-metrics/OWNERS | 8 - .../charts/kube-state-metrics/README.md | 73 - .../kube-state-metrics/templates/NOTES.txt | 10 - .../kube-state-metrics/templates/_helpers.tpl | 47 - .../templates/clusterrole.yaml | 182 -- .../templates/clusterrolebinding.yaml | 21 - .../templates/deployment.yaml | 192 -- .../templates/podsecuritypolicy.yaml | 43 - .../templates/psp-clusterrole.yaml | 19 - .../templates/psp-clusterrolebinding.yaml | 21 - .../kube-state-metrics/templates/service.yaml | 38 - .../templates/serviceaccount.yaml | 16 - .../templates/servicemonitor.yaml | 27 - .../templates/stsdiscovery-role.yaml | 29 - .../templates/stsdiscovery-rolebinding.yaml | 22 - .../charts/kube-state-metrics/values.yaml | 126 - .../charts/prometheus/requirements.lock | 6 - .../charts/prometheus/requirements.yaml | 7 - .../charts/prometheus/templates/NOTES.txt | 112 - .../charts/prometheus/templates/_helpers.tpl | 276 --- .../templates/alertmanager-clusterrole.yaml | 23 - .../alertmanager-clusterrolebinding.yaml | 18 - .../templates/alertmanager-deployment.yaml | 142 -- .../alertmanager-podsecuritypolicy.yaml | 52 - .../templates/alertmanager-pvc.yaml | 35 - .../templates/alertmanager-service.yaml | 55 - .../templates/alertmanager-statefulset.yaml | 155 -- .../templates/node-exporter-daemonset.yaml | 133 - .../node-exporter-podsecuritypolicy.yaml | 59 - .../templates/node-exporter-role.yaml | 20 - .../templates/node-exporter-rolebinding.yaml | 21 - .../templates/node-exporter-service.yaml | 47 - .../templates/pushgateway-clusterrole.yaml | 23 - .../pushgateway-clusterrolebinding.yaml | 18 - .../templates/pushgateway-deployment.yaml | 100 - .../pushgateway-podsecuritypolicy.yaml | 48 - .../prometheus/templates/pushgateway-pvc.yaml | 35 - .../templates/pushgateway-service.yaml | 43 - .../templates/server-deployment.yaml | 256 -- .../prometheus/templates/server-ingress.yaml | 62 - .../templates/server-podsecuritypolicy.yaml | 57 - .../prometheus/templates/server-pvc.yaml | 37 - .../prometheus/templates/server-service.yaml | 62 - .../templates/server-statefulset.yaml | 225 -- .../prometheus/templates/server-vpa.yaml | 27 - .../cost-analyzer/charts/thanos/.helmignore | 21 - .../cost-analyzer/charts/thanos/Chart.yaml | 18 - .../charts/thanos/requirements.yaml | 0 .../charts/thanos/templates/NOTES.txt | 0 .../charts/thanos/templates/_helpers.tpl | 51 - .../thanos/templates/bucket-deployment.yaml | 109 - .../thanos/templates/bucket-ingress.yaml | 64 - .../templates/bucket-poddisruptionbudget.yaml | 31 - .../thanos/templates/bucket-service.yaml | 31 - .../thanos/templates/compact-deployment.yaml | 129 - .../charts/thanos/templates/compact-pvc.yaml | 28 - .../thanos/templates/compact-service.yaml | 31 - .../templates/compact-servicemonitor.yaml | 33 - .../thanos/templates/query-deployment.yaml | 159 -- .../templates/query-frontend-deployment.yaml | 151 -- ...uery-frontend-horizontalpodautoscaler.yaml | 38 - .../templates/query-frontend-ingress.yml | 67 - .../query-frontend-poddisruptionbudget.yaml | 31 - .../templates/query-frontend-service.yaml | 35 - .../query-frontend-servicemonitor.yaml | 33 - .../query-horizontalpodautoscaler.yaml | 38 - .../charts/thanos/templates/query-ingress.yml | 132 - .../templates/query-poddisruptionbudget.yaml | 31 - .../thanos/templates/query-service.yaml | 66 - .../templates/query-servicemonitor.yaml | 33 - .../thanos/templates/sidecar-service.yaml | 62 - .../templates/sidecar-servicemonitor.yaml | 33 - .../thanos/templates/store-deployment.yaml | 156 -- .../thanos/templates/store-ingress.yaml | 128 - .../charts/thanos/templates/store-pvc.yaml | 28 - .../thanos/templates/store-service.yaml | 67 - .../templates/store-servicemonitor.yaml | 33 - .../cost-analyzer/charts/thanos/values.yaml | 800 ------ .../cost-analyzer/ci/aggregator-values.yaml | 9 +- .../federatedetl-primary-netcosts-values.yaml | 9 - .../values.yaml => old-grafana-values.yaml} | 111 +- ...values.yaml => old-prometheus-values.yaml} | 16 +- .../pod-utilization-multi-cluster.json | 18 - .../cost-analyzer/templates/NOTES.txt | 33 +- .../cost-analyzer/templates/_helpers.tpl | 941 ++++++- .../aggregator-cloud-cost-deployment.yaml | 112 +- .../aggregator-cloud-cost-service.yaml | 4 +- .../templates/aggregator-service.yaml | 10 +- .../templates/aggregator-statefulset.yaml | 230 +- .../awsstore-deployment-template.yaml | 6 +- .../templates/cloud-integration-secret.yaml | 16 + .../cost-analyzer-cluster-role-template.yaml | 9 - .../cost-analyzer-db-pvc-template.yaml | 4 - .../cost-analyzer-deployment-template.yaml | 227 +- ...nalyzer-federator-config-map-template.yaml | 14 - ...analyzer-frontend-config-map-template.yaml | 360 ++- .../cost-analyzer-ingress-template.yaml | 15 - .../cost-analyzer-network-costs-template.yaml | 6 +- ...cost-analyzer-network-policy-template.yaml | 2 +- .../cost-analyzer-network-policy.yaml | 2 +- ...rometheus-postgres-adapter-deployment.yaml | 61 - ...r-prometheus-postgres-adapter-service.yaml | 21 - .../cost-analyzer-psp-role.template.yaml | 23 - ...ost-analyzer-psp-rolebinding.template.yaml | 21 - .../templates/cost-analyzer-psp.template.yaml | 24 - .../templates/cost-analyzer-pvc-template.yaml | 2 - .../cost-analyzer-service-template.yaml | 15 +- .../templates/diagnostics-deployment.yaml | 20 +- .../templates/diagnostics-service.yaml | 2 +- .../templates/etl-utils-deployment.yaml | 10 +- .../federator-deployment-template.yaml | 143 -- .../templates/forecasting-deployment.yaml | 131 + .../templates/forecasting-service.yaml | 17 + ...rafana-attached-disk-metrics-template.yaml | 4 +- .../grafana-clusterrole.yaml} | 9 +- .../grafana-clusterrolebinding.yaml} | 7 +- ...grafana-configmap-dashboard-provider.yaml} | 9 +- .../grafana-configmap.yaml} | 40 +- ...na-dashboard-cluster-metrics-template.yaml | 4 +- ...ashboard-cluster-utilization-template.yaml | 4 +- ...board-deployment-utilization-template.yaml | 4 +- ...bernetes-resource-efficiency-template.yaml | 4 +- ...board-label-cost-utilization-template.yaml | 4 +- ...hboard-namespace-utilization-template.yaml | 4 +- ...a-dashboard-node-utilization-template.yaml | 4 +- ...na-dashboard-pod-utilization-template.yaml | 4 +- ...dashboard-prometheus-metrics-template.yaml | 4 +- .../grafana-dashboards-json-configmap.yaml} | 9 +- .../grafana-datasource-template.yaml | 18 - .../grafana-deployment.yaml} | 149 +- .../templates/grafana-ingress.yaml | 47 + ...grafana-networkcosts-metrics-template.yaml | 4 +- ...od-utilization-multi-cluster-template.yaml | 4 +- .../pvc.yaml => templates/grafana-pvc.yaml} | 13 +- .../grafana-secret.yaml} | 13 +- .../templates/grafana-service.yaml | 51 + .../grafana-serviceaccount.yaml} | 5 +- ...ubecost-agent-secretprovider-template.yaml | 2 +- ...-cluster-controller-actions-configmap.yaml | 41 + .../kubecost-cluster-controller-template.yaml | 40 +- .../kubecost-metrics-deployment-template.yaml | 15 +- .../kubecost-priority-class-template.yaml | 2 +- .../kubecost-saml-secret-template.yaml | 12 + .../templates/model-ingress-template.yaml | 15 - .../templates/network-costs-psp.template.yaml | 40 - .../network-costs-role.template.yaml | 28 - .../network-costs-rolebinding.template.yaml | 23 - .../prometheus-alertmanager-configmap.yaml} | 4 +- .../prometheus-alertmanager-deployment.yaml | 142 ++ .../prometheus-alertmanager-ingress.yaml} | 24 +- ...rometheus-alertmanager-networkpolicy.yaml} | 4 +- .../prometheus-alertmanager-pdb.yaml} | 8 +- .../prometheus-alertmanager-pvc.yaml | 35 + ...etheus-alertmanager-service-headless.yaml} | 14 +- .../prometheus-alertmanager-service.yaml | 55 + ...ometheus-alertmanager-serviceaccount.yaml} | 2 +- .../prometheus-alertmanager-statefulset.yaml | 155 ++ .../prometheus-node-exporter-daemonset.yaml | 133 + .../prometheus-node-exporter-ocp-scc.yaml} | 2 +- .../prometheus-node-exporter-service.yaml | 47 + ...metheus-node-exporter-serviceaccount.yaml} | 2 +- .../prometheus-pushgateway-deployment.yaml | 100 + .../prometheus-pushgateway-ingress.yaml} | 22 +- ...prometheus-pushgateway-networkpolicy.yaml} | 4 +- .../prometheus-pushgateway-pdb.yaml} | 8 +- .../templates/prometheus-pushgateway-pvc.yaml | 35 + .../prometheus-pushgateway-service.yaml | 43 + ...rometheus-pushgateway-serviceaccount.yaml} | 2 +- .../prometheus-server-clusterrole.yaml} | 14 +- ...prometheus-server-clusterrolebinding.yaml} | 2 +- .../prometheus-server-configmap.yaml} | 36 +- .../prometheus-server-deployment.yaml | 253 ++ .../templates/prometheus-server-ingress.yaml | 45 + .../prometheus-server-networkpolicy.yaml} | 10 +- .../prometheus-server-pdb.yaml} | 8 +- .../templates/prometheus-server-pvc.yaml | 37 + .../prometheus-server-service-headless.yaml} | 14 +- .../templates/prometheus-server-service.yaml | 62 + .../prometheus-server-serviceaccount.yaml} | 6 +- .../prometheus-server-statefulset.yaml | 221 ++ .../templates/prometheus-server-vpa.yaml | 22 + ...service-cluster-role-binding-template.yaml | 34 - .../query-service-cluster-role-template.yaml | 109 - .../query-service-deployment-template.yaml | 186 -- ...uery-service-service-account-template.yaml | 17 - .../query-service-service-template.yaml | 22 - .../kubecost/cost-analyzer/values-agent.yaml | 29 +- .../cost-analyzer/values-cloud-agent.yaml | 9 - .../values-eks-cost-monitoring.yaml | 31 +- .../kubecost/cost-analyzer/values-thanos.yaml | 149 -- .../values-windows-node-affinity.yaml | 20 - charts/kubecost/cost-analyzer/values.yaml | 2190 ++++++++++++++--- charts/kuma/kuma/Chart.yaml | 4 +- charts/kuma/kuma/README.md | 7 +- .../kuma/crds/kuma.io_circuitbreakers.yaml | 22 +- .../kuma/crds/kuma.io_containerpatches.yaml | 31 +- .../kuma/crds/kuma.io_dataplaneinsights.yaml | 22 +- charts/kuma/kuma/crds/kuma.io_dataplanes.yaml | 22 +- .../kuma/crds/kuma.io_externalservices.yaml | 22 +- .../kuma/crds/kuma.io_faultinjections.yaml | 22 +- .../kuma/kuma/crds/kuma.io_healthchecks.yaml | 22 +- .../kuma/crds/kuma.io_meshaccesslogs.yaml | 211 +- .../crds/kuma.io_meshcircuitbreakers.yaml | 726 +++--- charts/kuma/kuma/crds/kuma.io_meshes.yaml | 22 +- .../crds/kuma.io_meshfaultinjections.yaml | 247 +- .../crds/kuma.io_meshgatewayinstances.yaml | 219 +- .../kuma/crds/kuma.io_meshgatewayroutes.yaml | 22 +- .../kuma/kuma/crds/kuma.io_meshgateways.yaml | 22 +- .../kuma/crds/kuma.io_meshhealthchecks.yaml | 202 +- .../kuma/crds/kuma.io_meshhttproutes.yaml | 230 +- .../kuma/kuma/crds/kuma.io_meshinsights.yaml | 22 +- .../kuma.io_meshloadbalancingstrategies.yaml | 307 +-- .../kuma/kuma/crds/kuma.io_meshmetrics.yaml | 205 ++ .../kuma/crds/kuma.io_meshproxypatches.yaml | 220 +- .../kuma/crds/kuma.io_meshratelimits.yaml | 278 ++- .../kuma/kuma/crds/kuma.io_meshretries.yaml | 325 ++- .../kuma/kuma/crds/kuma.io_meshtcproutes.yaml | 110 +- .../kuma/kuma/crds/kuma.io_meshtimeouts.yaml | 215 +- charts/kuma/kuma/crds/kuma.io_meshtraces.yaml | 157 +- .../crds/kuma.io_meshtrafficpermissions.yaml | 79 +- .../kuma/crds/kuma.io_proxytemplates.yaml | 22 +- charts/kuma/kuma/crds/kuma.io_ratelimits.yaml | 22 +- charts/kuma/kuma/crds/kuma.io_retries.yaml | 22 +- .../kuma/crds/kuma.io_serviceinsights.yaml | 22 +- charts/kuma/kuma/crds/kuma.io_timeouts.yaml | 22 +- .../kuma/kuma/crds/kuma.io_trafficlogs.yaml | 22 +- .../kuma/crds/kuma.io_trafficpermissions.yaml | 22 +- .../kuma/kuma/crds/kuma.io_trafficroutes.yaml | 22 +- .../kuma/kuma/crds/kuma.io_traffictraces.yaml | 22 +- .../kuma/crds/kuma.io_virtualoutbounds.yaml | 22 +- .../kuma/kuma/crds/kuma.io_zoneegresses.yaml | 30 +- .../kuma/crds/kuma.io_zoneegressinsights.yaml | 22 +- .../kuma/kuma/crds/kuma.io_zoneingresses.yaml | 30 +- .../crds/kuma.io_zoneingressinsights.yaml | 22 +- .../kuma/kuma/crds/kuma.io_zoneinsights.yaml | 22 +- charts/kuma/kuma/crds/kuma.io_zones.yaml | 22 +- charts/kuma/kuma/templates/_helpers.tpl | 4 + charts/kuma/kuma/templates/cp-deployment.yaml | 8 +- charts/kuma/kuma/templates/cp-service.yaml | 4 +- .../templates/cp-webhooks-and-secrets.yaml | 26 +- charts/kuma/kuma/values.yaml | 13 +- charts/loft/loft/Chart.yaml | 2 +- charts/metallb/metallb/Chart.lock | 9 +- charts/metallb/metallb/Chart.yaml | 10 +- charts/metallb/metallb/README.md | 8 + charts/metallb/metallb/charts/crds/Chart.yaml | 4 +- .../metallb/charts/crds/templates/crds.yaml | 1936 ++++++--------- .../metallb/charts/frr-k8s}/.helmignore | 4 +- .../metallb/metallb/charts/frr-k8s/Chart.lock | 6 + .../metallb/metallb/charts/frr-k8s/Chart.yaml | 16 + .../metallb/metallb/charts/frr-k8s/README.md | 96 + .../charts/frr-k8s/charts/crds}/.helmignore | 2 + .../charts/frr-k8s/charts/crds/Chart.yaml | 10 + .../charts/frr-k8s/charts/crds/README.md | 14 + .../frrk8s.metallb.io_frrconfigurations.yaml | 404 +++ .../frrk8s.metallb.io_frrnodestates.yaml | 61 + .../charts/frr-k8s/templates/NOTES.txt | 4 + .../charts/frr-k8s/templates/_helpers.tpl | 63 + .../charts/frr-k8s/templates/controller.yaml | 429 ++++ .../charts/frr-k8s/templates/rbac.yaml | 72 + .../frr-k8s/templates/service-accounts.yaml | 15 + .../frr-k8s/templates/service-monitor.yaml | 128 + .../charts/frr-k8s/templates/webhooks.yaml | 156 ++ .../metallb/charts/frr-k8s/values.schema.json | 387 +++ .../metallb/charts/frr-k8s/values.yaml | 173 ++ charts/metallb/metallb/policy/controller.rego | 2 +- charts/metallb/metallb/policy/speaker.rego | 2 +- .../metallb/metallb/templates/controller.yaml | 13 + charts/metallb/metallb/templates/rbac.yaml | 5 + charts/metallb/metallb/templates/speaker.yaml | 29 +- .../metallb/metallb/templates/webhooks.yaml | 20 - charts/metallb/metallb/values.schema.json | 68 +- charts/metallb/metallb/values.yaml | 18 + charts/minio/minio-operator/Chart.yaml | 4 +- charts/minio/minio-operator/Chart.yaml-e | 4 +- .../minio/minio-operator/templates/NOTES.txt | 2 +- .../templates/job.min.io_jobs.yaml | 112 + .../templates/minio.min.io_tenants.yaml | 267 +- .../templates/operator-serviceaccount.yaml | 4 + .../templates/sts.min.io_policybindings.yaml | 3 +- charts/minio/minio-operator/values.yaml | 14 +- charts/minio/minio-operator/values.yaml-e | 14 +- charts/nats/nats/Chart.yaml | 4 +- charts/nats/nats/values.yaml | 6 +- charts/new-relic/nri-bundle/Chart.lock | 18 +- charts/new-relic/nri-bundle/Chart.yaml | 16 +- .../charts/newrelic-infra-operator/Chart.yaml | 4 +- .../charts/newrelic-infrastructure/Chart.yaml | 20 +- .../charts/newrelic-infrastructure/README.md | 8 +- .../templates/clusterrole.yaml | 1 + .../newrelic-k8s-metrics-adapter/Chart.yaml | 10 +- .../newrelic-k8s-metrics-adapter/README.md | 3 +- .../charts/newrelic-logging/Chart.yaml | 2 +- .../charts/newrelic-logging/README.md | 135 +- .../templates/daemonset-windows.yaml | 15 +- .../newrelic-logging/templates/daemonset.yaml | 48 +- .../templates/persistentvolume.yaml | 57 + .../tests/fluentbit_persistence_test.yaml | 317 +++ .../tests/linux_volume_mount_test.yaml | 37 + .../charts/newrelic-logging/values.yaml | 34 + .../newrelic-prometheus-agent/Chart.yaml | 20 +- .../newrelic-prometheus-agent/README.md | 8 +- .../charts/nri-kube-events/Chart.yaml | 20 +- .../charts/nri-kube-events/README.md | 10 +- .../charts/nri-kube-events/values.yaml | 2 +- .../charts/nri-metadata-injection/Chart.yaml | 12 +- .../charts/nri-metadata-injection/README.md | 4 +- charts/percona/psmdb-db/Chart.yaml | 2 +- charts/percona/psmdb-db/README.md | 5 + .../percona/psmdb-db/templates/cluster.yaml | 26 +- charts/percona/psmdb-db/values.yaml | 16 +- charts/percona/psmdb-operator/Chart.yaml | 2 +- charts/percona/psmdb-operator/README.md | 3 + .../psmdb-operator/templates/deployment.yaml | 27 +- .../templates/role-binding.yaml | 4 + charts/percona/psmdb-operator/values.yaml | 6 + charts/percona/pxc-db/Chart.yaml | 2 +- charts/percona/pxc-db/README.md | 2 + charts/percona/pxc-db/templates/cluster.yaml | 6 + .../percona/pxc-db/templates/s3-secret.yaml | 2 +- charts/percona/pxc-db/values.yaml | 2 + charts/percona/pxc-operator/Chart.yaml | 2 +- charts/percona/pxc-operator/README.md | 2 + .../pxc-operator/templates/deployment.yaml | 7 + charts/percona/pxc-operator/values.yaml | 8 + charts/redpanda/redpanda/Chart.lock | 6 +- charts/redpanda/redpanda/Chart.yaml | 6 +- charts/redpanda/redpanda/README.md | 46 +- .../redpanda/charts/console/Chart.yaml | 6 +- .../ci/18-single-external-address-values.yaml | 26 + ...-tiered-storage-with-creds-values.yaml.tpl | 10 +- ...-tiered-storage-with-creds-values.yaml.tpl | 10 +- ...-tiered-storage-with-creds-values.yaml.tpl | 10 +- ...rage-persistent-with-creds-values.yaml.tpl | 36 + ...rage-persistent-with-creds-values.yaml.tpl | 48 + ...rage-persistent-with-creds-values.yaml.tpl | 49 + ...t-nameoverwrite-with-creds-values.yaml.tpl | 38 + ...t-nameoverwrite-with-creds-values.yaml.tpl | 50 + ...t-nameoverwrite-with-creds-values.yaml.tpl | 50 + .../ci/96-audit-logging-values.yaml.tpl | 8 + .../ci/97-license-key-values.yaml.tpl | 8 + .../redpanda/ci/98-license-secret-values.yaml | 8 + ...tent-config-options-with-empty-values.yaml | 6 + .../redpanda/redpanda/templates/_helpers.tpl | 35 +- .../redpanda/templates/post-upgrade.yaml | 3 + charts/redpanda/redpanda/templates/rbac.yaml | 8 +- .../redpanda/redpanda/templates/secrets.yaml | 34 +- .../redpanda/templates/statefulset.yaml | 26 +- .../tests/test-license-with-console.yaml | 10 +- charts/redpanda/redpanda/values.schema.json | 43 +- charts/redpanda/redpanda/values.yaml | 66 +- .../speedscale/speedscale-operator/Chart.yaml | 4 +- .../speedscale/speedscale-operator/README.md | 4 +- .../speedscale-operator/app-readme.md | 4 +- .../templates/configmap.yaml | 2 +- .../templates/crds/trafficreplays.yaml | 40 +- .../speedscale-operator/values.yaml | 11 +- .../stackstate-k8s-agent/Chart.yaml | 2 +- .../stackstate/stackstate-k8s-agent/README.md | 4 +- .../stackstate-k8s-agent/values.yaml | 2 +- charts/yugabyte/yugabyte/.helmignore | 1 + charts/yugabyte/yugabyte/Chart.yaml | 16 +- charts/yugabyte/yugabyte/app-readme.md | 2 +- .../yugabyte/yugabyte/generate_kubeconfig.py | 231 +- .../yugabyte/yugabyte/openshift.values.yaml | 4 + charts/yugabyte/yugabyte/questions.yaml | 2 +- .../yugabyte/yugabyte/templates/_helpers.tpl | 183 +- .../yugabyte/templates/certificates.yaml | 33 +- .../yugabyte/templates/debug_config_map.yaml | 23 + .../common-tserver-service.yaml} | 0 .../multicluster/mcs-service-export.yaml | 21 + .../service-per-pod.yaml} | 8 + .../yugabyte/yugabyte/templates/secrets.yaml | 7 + .../yugabyte/yugabyte/templates/service.yaml | 319 ++- charts/yugabyte/yugabyte/values.yaml | 159 +- charts/yugabyte/yugaware/Chart.yaml | 21 +- charts/yugabyte/yugaware/README.md | 4 +- .../yugabyte/yugaware/openshift.values.yaml | 24 + charts/yugabyte/yugaware/questions.yaml | 2 +- .../yugaware/templates/_default_values.tpl | 14 + .../yugabyte/yugaware/templates/_helpers.tpl | 53 +- .../yugaware/templates/certificates.yaml | 99 + .../yugabyte/yugaware/templates/configs.yaml | 85 +- .../yugaware/templates/global-config.yaml | 4 +- charts/yugabyte/yugaware/templates/rbac.yaml | 193 +- .../yugabyte/yugaware/templates/service.yaml | 4 + .../yugaware/templates/statefulset.yaml | 154 +- .../yugaware/templates/tests/test.yaml | 37 + .../yugaware/tests/test_resources.yaml | 40 + charts/yugabyte/yugaware/values.yaml | 172 +- index.yaml | 1758 ++++++++++++- 873 files changed, 32295 insertions(+), 19062 deletions(-) create mode 100644 assets/amd/amd-gpu-0.12.0.tgz create mode 100644 assets/argo/argo-cd-6.0.5.tgz create mode 100644 assets/bitnami/airflow-16.5.5.tgz create mode 100644 assets/bitnami/cassandra-10.9.0.tgz create mode 100644 assets/bitnami/kafka-26.8.5.tgz create mode 100644 assets/bitnami/mariadb-16.0.1.tgz create mode 100644 assets/bitnami/mysql-9.19.1.tgz create mode 100644 assets/bitnami/postgresql-14.0.4.tgz create mode 100644 assets/bitnami/redis-18.12.1.tgz create mode 100644 assets/bitnami/spark-8.5.2.tgz create mode 100644 assets/bitnami/tomcat-10.13.5.tgz create mode 100644 assets/bitnami/wordpress-19.2.6.tgz create mode 100644 assets/bitnami/zookeeper-12.8.1.tgz create mode 100644 assets/cert-manager/cert-manager-v1.14.2.tgz create mode 100644 assets/clastix/kamaji-0.14.1.tgz create mode 100644 assets/cockroach-labs/cockroachdb-12.0.0.tgz create mode 100644 assets/crate/crate-operator-2.34.1.tgz create mode 100644 assets/crowdstrike/falcon-sensor-1.25.2.tgz create mode 100644 assets/datadog/datadog-3.53.3.tgz create mode 100644 assets/dell/csi-isilon-2.9.1.tgz create mode 100644 assets/dell/csi-powermax-2.9.1.tgz create mode 100644 assets/dell/csi-powerstore-2.9.1.tgz create mode 100644 assets/dell/csi-unity-2.9.1.tgz create mode 100644 assets/dell/csi-vxflexos-2.9.1.tgz create mode 100644 assets/dh2i/dxemssql-1.0.5.tgz create mode 100644 assets/digitalis/vals-operator-0.7.9.tgz create mode 100644 assets/external-secrets/external-secrets-0.9.12.tgz create mode 100644 assets/hashicorp/consul-1.3.2.tgz create mode 100644 assets/jenkins/jenkins-5.0.13.tgz create mode 100644 assets/jfrog/artifactory-ha-107.77.5.tgz create mode 100644 assets/jfrog/artifactory-jcr-107.77.5.tgz create mode 100644 assets/kasten/k10-6.5.301.tgz create mode 100644 assets/kasten/k10-6.5.401.tgz create mode 100644 assets/kong/kong-2.35.1.tgz create mode 100644 assets/kubecost/cost-analyzer-2.0.2.tgz create mode 100644 assets/kuma/kuma-2.6.0.tgz create mode 100644 assets/loft/loft-3.3.4.tgz create mode 100644 assets/metallb/metallb-0.14.3.tgz create mode 100644 assets/minio/minio-operator-5.0.12.tgz create mode 100644 assets/nats/nats-1.1.8.tgz create mode 100644 assets/new-relic/nri-bundle-5.0.63.tgz create mode 100644 assets/percona/psmdb-db-1.15.3.tgz create mode 100644 assets/percona/psmdb-operator-1.15.2.tgz create mode 100644 assets/percona/pxc-db-1.13.6.tgz create mode 100644 assets/percona/pxc-operator-1.13.5.tgz create mode 100644 assets/redpanda/redpanda-5.7.23.tgz create mode 100644 assets/speedscale/speedscale-operator-2.0.11.tgz create mode 100644 assets/stackstate/stackstate-k8s-agent-1.0.68.tgz create mode 100644 assets/yugabyte/yugabyte-2.16.9.tgz create mode 100644 assets/yugabyte/yugabyte-2.18.6.tgz create mode 100644 assets/yugabyte/yugaware-2.16.9.tgz create mode 100644 assets/yugabyte/yugaware-2.18.6.tgz create mode 100644 charts/argo/argo-cd/templates/argocd-applicationset/ingress.yaml delete mode 100644 charts/argo/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml create mode 100644 charts/argo/argo-cd/templates/argocd-server/aws/ingress.yaml create mode 100644 charts/argo/argo-cd/templates/argocd-server/gke/ingress.yaml create mode 100644 charts/argo/argo-cd/templates/redis/health-configmap.yaml delete mode 100644 charts/bitnami/airflow/charts/redis/img/redis-cluster-topology.png delete mode 100644 charts/bitnami/airflow/charts/redis/img/redis-topology.png create mode 100644 charts/bitnami/airflow/templates/metrics/networkpolicy.yaml create mode 100644 charts/bitnami/airflow/templates/scheduler/networkpolicy.yaml create mode 100644 charts/bitnami/airflow/templates/web/networkpolicy.yaml create mode 100644 charts/bitnami/airflow/templates/worker/networkpolicy.yaml delete mode 100644 charts/bitnami/mariadb/templates/networkpolicy-egress.yaml create mode 100644 charts/bitnami/mariadb/templates/networkpolicy.yaml delete mode 100644 charts/bitnami/mariadb/templates/primary/networkpolicy-ingress.yaml delete mode 100644 charts/bitnami/mariadb/templates/secondary/networkpolicy-ingress.yaml delete mode 100644 charts/bitnami/postgresql/templates/networkpolicy-egress.yaml delete mode 100644 charts/bitnami/redis/img/redis-cluster-topology.png delete mode 100644 charts/bitnami/redis/img/redis-topology.png create mode 100644 charts/bitnami/spark/templates/networkpolicy-master.yaml create mode 100644 charts/bitnami/spark/templates/networkpolicy-worker.yaml create mode 100644 charts/bitnami/wordpress/charts/memcached/templates/networkpolicy.yaml create mode 100644 charts/cert-manager/cert-manager/templates/cainjector-config.yaml create mode 100644 charts/cert-manager/cert-manager/templates/podmonitor.yaml create mode 100644 charts/jenkins/jenkins/UPGRADING.md delete mode 100644 charts/jenkins/jenkins/templates/jenkins-backup-cronjob.yaml delete mode 100644 charts/jenkins/jenkins/templates/jenkins-backup-rbac.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-2xlarge-extra-config.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-2xlarge.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-large-extra-config.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-large.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-medium-extra-config.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-medium.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-small-extra-config.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-small.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-xlarge-extra-config.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-xlarge.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-xsmall-extra-config.yaml create mode 100644 charts/jfrog/artifactory-ha/sizing/artifactory-xsmall.yaml delete mode 100644 charts/jfrog/artifactory-ha/values-large.yaml delete mode 100644 charts/jfrog/artifactory-ha/values-medium.yaml delete mode 100644 charts/jfrog/artifactory-ha/values-small.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-2xlarge-extra-config.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-2xlarge.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-large-extra-config.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-large.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-medium-extra-config.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-medium.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-small-extra-config.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-small.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xlarge-extra-config.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xlarge.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xsmall-extra-config.yaml create mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xsmall.yaml delete mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/values-large.yaml delete mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/values-medium.yaml delete mode 100644 charts/jfrog/artifactory-jcr/charts/artifactory/values-small.yaml create mode 100644 charts/kasten/k10/templates/_prometheus.tpl create mode 100644 charts/kasten/k10/templates/rhmarketplace.tpl create mode 100644 charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/README.md delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/templates/ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/templates/podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/templates/role.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/templates/rolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/grafana/templates/service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/README.md delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/OWNERS delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/README.md delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/values.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/requirements.lock delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/requirements.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-statefulset.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-role.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-rolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/server-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/server-ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/server-podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/prometheus/templates/server-vpa.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/.helmignore delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/requirements.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-poddisruptionbudget.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/compact-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/compact-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/compact-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/compact-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-horizontalpodautoscaler.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-ingress.yml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-poddisruptionbudget.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/query-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/store-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/store-ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/store-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/store-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/templates/store-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/charts/thanos/values.yaml rename charts/kubecost/cost-analyzer/{charts/grafana/values.yaml => old-grafana-values.yaml} (80%) rename charts/kubecost/cost-analyzer/{charts/prometheus/values.yaml => old-prometheus-values.yaml} (99%) create mode 100644 charts/kubecost/cost-analyzer/templates/cloud-integration-secret.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/cost-analyzer-federator-config-map-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-role.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-rolebinding.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/cost-analyzer-psp.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/federator-deployment-template.yaml create mode 100644 charts/kubecost/cost-analyzer/templates/forecasting-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/templates/forecasting-service.yaml rename charts/kubecost/cost-analyzer/{charts/grafana/templates/clusterrole.yaml => templates/grafana-clusterrole.yaml} (65%) rename charts/kubecost/cost-analyzer/{charts/grafana/templates/clusterrolebinding.yaml => templates/grafana-clusterrolebinding.yaml} (80%) rename charts/kubecost/cost-analyzer/{charts/grafana/templates/configmap-dashboard-provider.yaml => templates/grafana-configmap-dashboard-provider.yaml} (69%) rename charts/kubecost/cost-analyzer/{charts/grafana/templates/configmap.yaml => templates/grafana-configmap.yaml} (67%) rename charts/kubecost/cost-analyzer/{charts/grafana/templates/dashboards-json-configmap.yaml => templates/grafana-dashboards-json-configmap.yaml} (73%) rename charts/kubecost/cost-analyzer/{charts/grafana/templates/deployment.yaml => templates/grafana-deployment.yaml} (62%) create mode 100644 charts/kubecost/cost-analyzer/templates/grafana-ingress.yaml rename charts/kubecost/cost-analyzer/{charts/grafana/templates/pvc.yaml => templates/grafana-pvc.yaml} (50%) rename charts/kubecost/cost-analyzer/{charts/grafana/templates/secret.yaml => templates/grafana-secret.yaml} (50%) create mode 100644 charts/kubecost/cost-analyzer/templates/grafana-service.yaml rename charts/kubecost/cost-analyzer/{charts/grafana/templates/serviceaccount.yaml => templates/grafana-serviceaccount.yaml} (75%) create mode 100644 charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-actions-configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/templates/kubecost-saml-secret-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/network-costs-psp.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/network-costs-role.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/network-costs-rolebinding.template.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/alertmanager-configmap.yaml => templates/prometheus-alertmanager-configmap.yaml} (66%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-deployment.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/alertmanager-ingress.yaml => templates/prometheus-alertmanager-ingress.yaml} (52%) rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/alertmanager-networkpolicy.yaml => templates/prometheus-alertmanager-networkpolicy.yaml} (79%) rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/alertmanager-pdb.yaml => templates/prometheus-alertmanager-pdb.yaml} (62%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-pvc.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/alertmanager-service-headless.yaml => templates/prometheus-alertmanager-service-headless.yaml} (50%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-service.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/alertmanager-serviceaccount.yaml => templates/prometheus-alertmanager-serviceaccount.yaml} (72%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-statefulset.yaml create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-daemonset.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/node-exporter-ocp-scc.yaml => templates/prometheus-node-exporter-ocp-scc.yaml} (90%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-service.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/node-exporter-serviceaccount.yaml => templates/prometheus-node-exporter-serviceaccount.yaml} (72%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-deployment.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/pushgateway-ingress.yaml => templates/prometheus-pushgateway-ingress.yaml} (53%) rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/pushgateway-networkpolicy.yaml => templates/prometheus-pushgateway-networkpolicy.yaml} (79%) rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/pushgateway-pdb.yaml => templates/prometheus-pushgateway-pdb.yaml} (59%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-pvc.yaml create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-service.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/pushgateway-serviceaccount.yaml => templates/prometheus-pushgateway-serviceaccount.yaml} (73%) rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/server-clusterrole.yaml => templates/prometheus-server-clusterrole.yaml} (69%) rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/server-clusterrolebinding.yaml => templates/prometheus-server-clusterrolebinding.yaml} (86%) rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/server-configmap.yaml => templates/prometheus-server-configmap.yaml} (61%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-server-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-server-ingress.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/server-networkpolicy.yaml => templates/prometheus-server-networkpolicy.yaml} (61%) rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/server-pdb.yaml => templates/prometheus-server-pdb.yaml} (59%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-server-pvc.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/server-service-headless.yaml => templates/prometheus-server-service-headless.yaml} (51%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-server-service.yaml rename charts/kubecost/cost-analyzer/{charts/prometheus/templates/server-serviceaccount.yaml => templates/prometheus-server-serviceaccount.yaml} (67%) create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-server-statefulset.yaml create mode 100644 charts/kubecost/cost-analyzer/templates/prometheus-server-vpa.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/query-service-cluster-role-binding-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/query-service-cluster-role-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/query-service-service-account-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/templates/query-service-service-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/values-thanos.yaml create mode 100644 charts/kuma/kuma/crds/kuma.io_meshmetrics.yaml rename charts/{kubecost/cost-analyzer/charts/prometheus => metallb/metallb/charts/frr-k8s}/.helmignore (95%) create mode 100644 charts/metallb/metallb/charts/frr-k8s/Chart.lock create mode 100644 charts/metallb/metallb/charts/frr-k8s/Chart.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/README.md rename charts/{kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics => metallb/metallb/charts/frr-k8s/charts/crds}/.helmignore (95%) create mode 100644 charts/metallb/metallb/charts/frr-k8s/charts/crds/Chart.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/charts/crds/README.md create mode 100644 charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/templates/NOTES.txt create mode 100644 charts/metallb/metallb/charts/frr-k8s/templates/_helpers.tpl create mode 100644 charts/metallb/metallb/charts/frr-k8s/templates/controller.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/templates/rbac.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/templates/service-accounts.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/templates/service-monitor.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/templates/webhooks.yaml create mode 100644 charts/metallb/metallb/charts/frr-k8s/values.schema.json create mode 100644 charts/metallb/metallb/charts/frr-k8s/values.yaml create mode 100644 charts/minio/minio-operator/templates/job.min.io_jobs.yaml create mode 100644 charts/new-relic/nri-bundle/charts/newrelic-logging/templates/persistentvolume.yaml create mode 100644 charts/new-relic/nri-bundle/charts/newrelic-logging/tests/fluentbit_persistence_test.yaml create mode 100644 charts/new-relic/nri-bundle/charts/newrelic-logging/tests/linux_volume_mount_test.yaml create mode 100644 charts/redpanda/redpanda/ci/18-single-external-address-values.yaml create mode 100644 charts/redpanda/redpanda/ci/24-eks-tiered-storage-persistent-with-creds-values.yaml.tpl create mode 100644 charts/redpanda/redpanda/ci/25-gke-tiered-storage-persistent-with-creds-values.yaml.tpl create mode 100644 charts/redpanda/redpanda/ci/26-aks-tiered-storage-persistent-with-creds-values.yaml.tpl create mode 100644 charts/redpanda/redpanda/ci/27-eks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl create mode 100644 charts/redpanda/redpanda/ci/28-gke-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl create mode 100644 charts/redpanda/redpanda/ci/29-aks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl create mode 100644 charts/yugabyte/yugabyte/.helmignore create mode 100644 charts/yugabyte/yugabyte/openshift.values.yaml create mode 100644 charts/yugabyte/yugabyte/templates/debug_config_map.yaml rename charts/yugabyte/yugabyte/templates/{multicluster-common-tserver-service.yaml => multicluster/common-tserver-service.yaml} (100%) create mode 100644 charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml rename charts/yugabyte/yugabyte/templates/{multicluster-multiple-services.yaml => multicluster/service-per-pod.yaml} (82%) create mode 100644 charts/yugabyte/yugabyte/templates/secrets.yaml create mode 100644 charts/yugabyte/yugaware/openshift.values.yaml create mode 100644 charts/yugabyte/yugaware/templates/_default_values.tpl create mode 100644 charts/yugabyte/yugaware/templates/certificates.yaml create mode 100644 charts/yugabyte/yugaware/templates/tests/test.yaml create mode 100644 charts/yugabyte/yugaware/tests/test_resources.yaml diff --git a/assets/amd/amd-gpu-0.12.0.tgz b/assets/amd/amd-gpu-0.12.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..47cc1b169e63e4f19d12fed1efef13704d555520 GIT binary patch literal 16280 zcmV;JKWD%niwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%cH20zC_KOU6xi}PtCQ@Il6*@>-(>dZv7PR$P8=`Wec9ua zlYvM`!k7fu04Q6NWIy{^xbS|LWhdPu{77UHEEEcbLZN`Ff`Mnx!)SQCfJ`_m82EqM zco~gGqr?4u_5WxzD*iv-KREc)c>myVyuY`%KR)==XuNx{clakT+B_=d5^(|9pGNm? ztJt~UNr8k=0R^UnPb>gjD4pTS#4e-m-UTuKBYqT%yl0J%VHxIlg|^y!>BA(>k@Xmv}O zr)YbVAS?;(N3yzQg9T*XEo8{DfgCki>*wmB4Oo4S?OfAIi7PPN~Ex^24jR}Rw|C1@qsh8JUmBSOaNcN z-Gjr)pZ5;IJUHC_^TFY4j1CU>W}_D_^2XkuM~B|Q!3ZAikG;K-I~}1zba1e@ zyTAYE*&&)9?vK1fYmNwFP{_4wushn_w?|`p_wZ`8H#rzhMu*O5?{If-{PNE){yz94 z&h0KGp8reeM~FX+0@$YijSu&V^Z&(*(RThnMjU~E0nSdGeIkGGtPLb~;R`pJb z2p&QgP1HJX^A#5;uq-c>wQ&IFNdCwR3y-=th$#(@x>c*M{9p&XUn0h^hd2-mq+tO8 z=iqihIRYM(^RUN|ilF0TFOM0fSiW8z`X_>jU7^7t8Xe{(TYEZNx;f8yZus zoJYQYiCl&RpMdKRmc@}9F)UWcQrEf@5)0`2^!A+LCHB!AopKlYP%DO->{1yH;S~E= zC{ZoZ@E8sCFB=@aeQQ~Q`cmM<+Pn>J&}ssX85Y=u{*mWV!rv2rrM{t|tV`JhoZewB zxMfLs{gERdx$?0EfRWvfeBq>WUQ#D?u|3)wjXsV?qg^Lth$A8 zJv-e0ca^l?W{Ks$Ktbq3f%x$3{nhEEBksh;+Gx}N_V$YV|NY&){jL0ejPmIdaJ24! z1_K1Xe922Y+k+^egd<_LqsRl8fMf{(-$?*JYvmz*`sK@a)~8Q4z_a9KEG*-VHu&&7l?{NSb0zM9~Kpqejhy~{0$#kVCadLJk>tZqoJVfqO$9gjZ z#uTZ6xK!DzxKT>gGc3R@_I)r#AmS2F4xmEbU|UOAStn22j3A9)CiFB_YTtLEx6cze z|4ZRMdDVSDQydd2XdupoCQ&TjHJ-VLJ&_9;CSnE#|C`(Yn-2=GbfewbtNLe-=`y1! zXNWOa$dObdYS=^9QfpVksH$4&kQTd=rLz8Qwl(0h+@Sb!eH;Ae01Q43`cEMm1e9nD zc|C^uy+(0?{J`N0ZLFDqPoDrLt{-{j4moBiFTIa<5^oJyC&MYGi$}@kO}>L+SlDGG z7NS&D$b9k{{1#Dx3SBNk2_S)UwjARFRK6du?)88f4c{V`+5CucQoGH z+W#JDK5)QiKrrzT5#VL|ZAMC^4>CeGb5@?QWF5X4!(|GyV9i_`S)-Mzv*Z|z-8A|x5iF@0TZ*&X>xFvsoz!v+ zzI>Tf)evwFJ{NWAyxNntRACoROSb39qL-_mp~rYP4|z%bC_wMz+Q{=@V@h~o?lAy? ztb7i|VgiOs$c8?isHiD7QK^GbMp#Tx+T-=;?MwjO(-lT@zhuI_5ZSm%1Upj_jU zYccHA-RiD3LY7s(w#?6#^7@|`>Na*3*s}ibk4yI7gWZGe`TwJo4p!Q%iomAObzmeG zl;M9V(d^v3)H}6UZ#dT1eJ-evDl`X|*=3QdmWa4%i$%V^ivUCXJ)=>`C*XQ8_>ezb zyB^4|xO%)qY^omJN|j;o91P}2$p3uI)&EiGL4gJzEZes4(VxFz;$bqc?AElRUrCp8 zT98=_EJl5FfoAIP&-AnbAq#*qeS1)qN7H{ISLo|m3eaV4$CSW|(W}IHop0;3zT#Ni zNBu0H8$5{S2?K8)Mz+t^S2qhF$~xv&*W0YFXIJQN{?u<%;L<8mgUjerwJgZ;dSkK) zIHx{#R}*mL-@=Tda7)<@Ci4@_CSb@Y70DZy1_6|F;CkSw3kbQHtR$W;kj<6YvzH78 zQqI|KWUCpe{@^(9GJhH+27BtS84R$$$^b)TnblZg-R9)-*wQ3;9m=pZHI{B*PTY6uLK2sC+rN^~~Y7q4ms}!W-+EBLexG zGCa4Q{g1T+eufOwh=VsLr`&QvMx{z^IoLyRsH-#jPs>?ymwIUUdys$e{J%IoI(c{M z1l|L*(RTl1ceGoa|D(gL{r^$QPU2CdypNPhYgzws{d3;+<-?Qswm%N$4qvD%6LOn8 zh29(uO>J9OwlSGe7N~g+{r}=(<)c?K9}1iQ7D0xdg8#U_DmvS=v>@x-nd)8III3_1 zYiTC^B)Qbv+LC46$92ov*#Q^mw+J&7AR@SBrJqc|KN7E~f2f-8LyZPF$@pzp)@N{$ z?qfa!bF(5jCbvG@nesXJpZsNgzOOTfR7oq}gU{OC4SZJkYjsv4{3DX@h%8;2(pwYu$r?fX@KrKxxZ;21Z(^boBEX_?S!l z|8e~xsZ}zjeFjrXeOXK0=}s$FZAaHcKfiCy0ZEJ`%Frv)Z&H&;u72irf2MB6CQ;X) zoJGPJ^u0ws$fKcdlqawYTSTYs-h3@`MF82&q9gZ**P{=41mtEh`8;E&xE_6QZct&Q z%9rhHzl|^8=K<);`0+<_(!7&8Sw;$3R(GdH%kEXIqe#%iZ3@g7jm27Q-2xGpm|n~M zg6&b4gXP#c$gU6>qzGlVlzRUhCbeS+UOv>HJ^ei>Nq^uH>who|ZHAy1pv~)mE&AX1 z;6>s7$9Qjiu+{$_rBv&G*QpNj;riw!{{XIYTFZxPFZ=*-5c*1K(E?X2pfJv2+CPh- zIp#tOJV0kjOPBzd8fs(zaHTl8GzcSslyTIj&~q%SDE$DO(nx^o3+N$A-iL@Bn~$DI z8TjYsc|Da?<+_*AHb9A zH-ro5n}uZ_VGrq6uzvpGDNq*$<*J(W@+~IO9q<@lB31)Jp9Lg9EK8EL%CS~OSdh}w zrNl*{;6p<+8+rjI36%>6)k8}SUJXP`6DoZxTX2j={Sc9%?$Gdd0fmjZEo(aq5%`v- zOMSqBi}%Mr+CM59+9!$tR*qbm&;t@?u3fXK=0j82ro{FoDKi*}NKl5MKm0Ai?u{*H zurQeANt!lfj$Ot>anaD6jj)W8uaW)QbN^2n`QI48 z;-1lA+U$Ra<@nv!41JX9fbZ%fofI~%b)i_YQA)~hGtX2v zrLt{<^!SZijqwqh!;W;susIBg9FUEUf2a9>zvuwX^MCKfe$oEFJ32hr-Om5VD2W$* z)(74wZmak%44HZLp^f50fd!3x4@?o@NO>51_hxoR#kt|0MhB3OVI-(ArJeDl5%~t)2?o`T zmNRu@0D2zs93n?|@Z9_r%O~~lgZa=yWR>~OLj-3&G=JvQ%H-4dyxLr(0oQ{iA|7S- zSc$`!m&SwV@rzx_Z1MBm1dt}$6~si2RJOxPDF3p+0=>mtOu%49=^$->Mci}5Fjeti z7V(Q4pUx-dHvj;7-U((uAm|~Mhb~|GoceSwC>I`L<@Y|F{|&k~fU%bFp(a!SZ$)5$UFiEOz#?J`tbG?}cpfoH*EW$Q1z2v5=|twqJ9u}A|Ai)C{BktPlkP2@S5nVc z4^Mr)Y^NZV$T^9aiKa0=;K{2U?d7RfH?V-}2y}{oPj3;E+gXzTSP^5cyqwHyh6Gz_ z7JD{!(y?NQpxYA!Js%Um4hg^?wP^$F&Bt%CA2Ydsq%c4Y=F4nPHe89fS03}s$Fn`LWW#r zGgRFRA%g*upfJ}b!m(E^0$y5oesO*bj?UjG%1TMCfK3r#D4@&uY#0lzM9v~97!to* zAeRryQZxc27~eEOo-ZmBFD(};)(7+Z=k-euu3 zm98rZJmcoJ>F#JWvaFhWSM3pLs&87EJ61s1&A|r~VF!BeiNCs_RLJ?Q_rw{=$RcvY z&nS@rBl}03!)fhR9dwBODhr+FgT-^?gB|AXV9S;R|``+^dUj_Y|Sc9Y58b2 z!vu?!CZNRQDE9<_P#OIg@=hX#$=m?MWd257JTi|@?~og%I*Pt(d5iFTp@etlQe|R8 z%wM)tcdAbBLWVfcUzm=ebsv#zN$K^5lwN8RK;ntgdp5v*gu*vOAhv}51RSQiqR|yD6PFk0`yXV zl6@^_>ELhg-i!xTPj|~tkKexg>21a1ckh3$c>3%3u>AD&;@xHW>Fe>~arx;FS6AhS zZ~uOLR`K}VyI(6Gp8i@<`K+Su`TO%qz!xVMM`tHh&o56;E1zFo9-o(=Uw&WF=;h^U z<--cvUtXT>RX*LXep(5l62{fZuOGkv>GU$+`Gj|ViMcM}9etvjVWk^ADb?%%gJB58 zVkqd)JkEgC58j7a&BYAK`;R~TeNcG#>&wI9qmy@Ul1HJ7Ghp;_sq$kgqint&?T$u8 zh@-vYlW~@I8m!tQzE&3ui!fc;ViANkf)$@?SjDG2n(8go$Lg=r_l55xKJDB8QsZb= zd@?K5nav)D9zJzpmaP_)-tg0W#9H&xjkt)tm3Ba~MN8Kbv)%$vxeyAu$ufavGrQb) zH>Z>tW9m(yF`R3D`7;+Eg z)45y#!O_`?mh;f}b$!HuKrG+@6WND6M72mf!47iN2d0~<{&PSX2oZ~MilOo6Adov7 z_2<(pxEy+=1;l`v$W_ZxD_6coovN6r0Kn1DzaETtUr)d%8pa`PzcjbRMZ7ic*HjV# zSvB>BU$F=^Hx;hi6rmqQ#HKW9>$POzFXf8dg>q-{aW03LsNI?RfIN?PIM;&^F?DT* zxM=X98DZv$HL$%nxq7>IeAHtMIA5oo>CEXr27-oCwOy^zUVOOyF^GJDrM3z^Oy-q? zQj3FL@*KT>t%1a^FAtjtE6dxrlB`D`V@M|(+c-G^J6?3 zjZjA}Fimo#Zp>_8Hdf7$a(n5KW8d}y_|NL;bx@+Ls*cmy_`S$fACHpywa9Wo8Jr_$ z>Qnb-4P2QqTF9Mb8R1bS!XCV9u3U>PK|*ep9K9y5fv()LD@j>}KonM@%R`h5eu2In zP}UYMheQEfOFDb#qqaI%Ah6ps)8dAgYc%VjrMAtMiA21Q9=xk&MCw(3qA}^fi%NlX zC^rW#YassSqzZu<@+gCY=V0I>A}DVnn?ZuaUgG`7%lPZp2+9Aecl-9Q?etKprjC%Z z1}a(^Om0xz5IXJ7#P`=!kI1T8NsZs$Q%$vZ2MV68dQzpV$~G$X)HknFH5J9LpYUjE z$7<$NfJq*r>{nJ{73!o`DDTmNlG>=E9+6c^J8jZkLGR_WBYOaKaE6zN*&2@hYun1p; zx{BlcfY133efk6#By$9u;$jKDe91{la|t|lh5Pgg#DQa8B|&H6P##(Encz14hG4U+ zcX^a(h=}v7l5KxJy|{ey{_NwM6Q@>p9`DKZe|*ry!^M#SyX%cjDjkcX61v#<%c&7j za}9j?qJn89U%a}-VqsUX^L>V=USfCAC2}&MJT{|haS}_QSmHdCS*A*|*3V*e2c=fP zv&sxuLdJEtAay`9h3<_VpDL#3>*}A7p`{ASp!q?^X@{(4s(Vootjxl)j>_YhHE9Dv za-$p5nvF;k5!94Ymm&x?J<=%t`%Mx}}$sNqDQj*WCQ%5>clEXx^EzG3i|;!95#7e>y)o>foTW18&d?ywc8#avqum2fWf&D>}(!9~ZIH2z`Z2djmI)k|u8 zDKEWBFU8jJ#R<G!+FwMhr>RrUcc}d-y__Yo@ zUA)_O8>=HGHu2!uAO&?Ppg=k%Y#|7J&JWdDf1# zlNn_BUe7|{A|~Fcta}VRkwdhQOsX9DRKyhIJyl;RpT8YIkaiCYAW_pmT{xq1uXu|& zdJaNHmze7yLkL{Gy;Kb-hUeOY+Y;K)Q&JsLL=xR0WHgW)(WvqZV>FUf{Myd>k5IbB zf4EL61ID%60St>p2>uZY*+VN zv!gb&>9BYy1L&x$+5$i|89by{Xm$0}PAjErzq-He(qO8BqG-w8YyK&Kx&!5$GsW;G zrkbwURx3y2T=;~HV>7pyzE2oU^0IN+n^&1GY>FPZY`n#?JQCYibATn}Ke>>m`vBd{V3L_<&)xoGICr}aTd8Kp zk(#?}k4?GB^@gJbPQ?g(?d|EdJaFl2|8Wr$wpPcOt&DK(Q9;}C|GXF<7VJL&x=_D5OD82oz!m@=QMU^egq@7{Np96L4o!BKu4NVl z@a0R|&<>bkW}IFyPokWdoR|?u@#a{oQvV;ABA?zWi&Y$J-$w!w#QD8YarzDq`0~Z! zOZTfZ>X`V`j&kR+0Kl9_h$Z<-Q*Lyjt>3BVnup({59a!&UV+`S`&c)-Xm5mLGdKYe1xMO~Nl-!XjO8T_14a)WuXp`j34oY|7 zxjCjtB==^>>_XkgIto8PYW3doU$1K_I%n5(AT9ELe>5)2|GmQ(dt3Sc7{$ncNW7XI ze&H#bLN_*e7Pc?y6^z7!GBfSt{2{62(%f@F{VK`TTV1pAE`F*nEdc!FDDyKQn0SZ? zurEQe$k&;BV2G6ymeCdcW)|A%txuYPHjQvFmx zH%m>CnI|cx6YpYL-R>+6IhT8&@UKR}g!r`e>}*E~U)FBs*l~wsqFdd;^*f?h7z} zo>ANfsX@h2RLLb6sqUpAZ^bSv%iJ|Pt-99*b}ud*kI(W|o1U*a2kQ8(0HhjBI)y?; z?^aoGF~Cm9gw(6RrSxe`JCljHhB4*K_>uVn*KmG+{+qi+mYcgdE_*^*@~SGQPzxtN z{YKby?tVjz*(LyM!IatZ!8yxAKHBIi(E$4a^vP}ceU*FY|5HpnOy>7L|2x}=W zGvU`>(0i7?`kz@=dS!xc*8j%4FAj_P-|pew_WswSl(ySlS+NGgkf##tB=JY8kX-k< z)^xwKlnshM71o0KXaW-4Bs}E=Um#eeW44Bo_2N!&67;`e;8!)75hd}lkO^hLwUbCe zAJ2q2&;Vlh72TM+dG%mOQ70A?rs)h9BP2lk|#iN8t48Llu zU~z8!N zCYPVACI(Hh8~LFqhsmfWv+)K+EJK_)fMIUT8}Vqyh1Vi7-pz8F8L$Z$WM-p!}<`EYfKTuMA{(oAPQRoRoP-|Czx4}-=*XDk4iLF`8iU8N}pa}{K>xlELH%56Gk zM_K5qoZ0C}4kXfp{20Uwq3mft;F)+Kg*L`DZI~}IZxC7LyQC|gy+1kqcy{#eGzUaQ zCVS1|)L0qHVdQ(s#f#D#73E5aJZ1Ghi&He{;?f|1#LIu1JJ}oLm?d{A6qowhnufut zpQn(`E8vy2o!AKzd{o$7 z9aj!Y0CYok=AgiaA%3NVc?I%5M-tV!^4Szk8pu;Hu0q(fr!(~1$fW4+L#CpBn#s)G zK5DAAt<(>j@K+M#KPe_)@Vw*;ngiT#Bug4$l1{!ILs_{Sf?2Tl!Y`l6z8%H5zDBbd z$pY+q;h9aY-@sc!Rk%kxxpe*Dv$8k5;b4Ht68hL1)KkV~p6w=|R!q!1=t^q%92G(D z?0~-|VZWXO4|5$^iFqJxO*wL?KuJI>pbn1|3xHT6@%|W>B;vh>(8!pJ$VYrl8fP!L zG^1YA*nQ{9in!-W&8V3hE8^N(52?VZ@clh7Av5nN#OIJf-$y>?LHop&3oZb<~FN1P2*ALc$Y0I3bWSq27TyKOwS(2 z56whcY$aA1KT2lz#;+4*n!ZJ2MH^Y$Nvd!5=0~jAL$Q`d?ex*t^54O5Qn6`R*FaYu z1T0Wcm&-qMkFR3z00`B{Rn@Aq-ee;ursT-QQ(WJEQ)@CZu@y7+qBz>(y2hHirZQn5 z)7G-FA=hcJ{(PdZ{a?pd*rfe`w0}4%`hV{pjK*90|6`QKBh!1IjoRyIVmNH`Bl3I6caN!P>_A=7VinJi=oevN@W6 zjTsleV6pgta&d-4^@{XJM;6^r4d(7WP7GpwX`b3+AH$GeGUJz9%h~bMFLOrRCKGOr z0k_V4+iJY6Fx?u%?c7b#D_U2}VUpsY=uLZ6xh0yrc3kyUURWg%^1Gi3ZMbAWu4bQh zvvI@eQI~uQhJqDY6?Cb}tq}L1CBuTLR-KOtR3By39T0$qbBMXycn0xBg|V-el#i>N zOVRuYiuv4qY^D4W%R2ghW+T{XBhaG%j}8tG3i|*4-tN}_|4~Yx`#80OfQB1sh#shi$}}k|JuV`Th^KXaUigVT>tmC^Z!vwpZIhS zBp)*D^leH7LzG%ska_=yU;oqGN!`x?TIT=wV6^P+E(y1Cn^G63zNCyQidpZTpFa7|8wdYIA6*Cv&lTXUuy}-P{)t2 zHkq0Y#`#L~d`LY*xKrYV6es8SHds&+BbGDpWO59SVq1Kn72Gl z{k?;2{Fg^5edGUCr#@_10b=!Yt%cx01KDkQNvQMcD3Gmmqj>%M-kS}>S3A7L5N8`5 z;>U>=_uymQLd?e-^va-j)kFIb;qNxe8xIz@?ZMfhO!LR%fJPh6*O}xGYEXFa!K^0T z!wl$SuK#`YztY`5=C$4gXx9IB4_~|}<$pam*zW%yrQBa-(Bk9x;)GYY`(bn^5K+gz z&j>RIHsw)Q>cW^`&khmy7 zMDSr4`TlVH@`Vlsl}41X=ZGk<(+K;XNe7k4!;v!{JG&OpM>Cj`D;yv$U=U6KiF`lJ z4^FO!5Zet*wyK&`0wg_^*W{DybWFS}^No7#V=jKIt@2jqLI5E2BL@9CRJC{7 zf-;f24xr=%Lptxgu7k-u@*%4PBoX2+4N>BGrcbz%djPSA%5n_-Z~@0wa#tbo{-Yrx zN9S*T-n+~_2EaqyWjNFxI8|LWHKvFw+|q+L#qMH(FiWYOdeJZ%B3AU=$*^_apC^mN zcM?zI1E%xMa}|-r^cZ=jYdVEJ=76D)A&!XV@PeNfmD3VXWzu)l5{wv^V-oo)1k4gK z0T^=WoZx>YuvIcV*{G7&#c&Sl4hez2zWMN65h8#qz>sVOL?i=GUyg9VJIWBiWR{;` z@pN`+5JUuv)lf|$JdFfpeCVMi@`oJHZOGgO7RZ%L%23W;g*s7F+6la!WK_P(;i|1@ zTrf=LnHP%p8%97fKEND6^QrDdN@)2=Qs?6I@+x5nH5f(eE4rs2@^lC!!7!Prm^+w* z8KZ%MiOfwN^@rbGW$UlZ0J@^1f zN^@Hhw%ZUC-E*^*HPtdN;`ycg8%y4Bm7ybQnvGvT#^5UR{9lxmob0kJ@pnp)6ne48 zo1Fa`h@4^at-+c*?YNa7XBY&)3`4~tNMiRKAZP9XPTdNhx;w<$hCN$ zi(H$QZ;heq=+;QF5HdtW@6T#tf$EZDt61TatX0p**;$-xdt-CL#poy)d7~eMYh8L6Rqa!Y@E*lc8~)E70?Gzg$aw*?go&_0uGlD`wFa} zN;Tui1JjktG*~@4Kwrm}`t=0--zWd)KR??~|Le(<>yiEE5C8e(|2XQ$v#0;{^mF{j ze?EQsC^xEU$rRR+36P8#zfeZ*?Pz- zLb0VK>HoLMN6F}5y^`byI2}eeVp0bAWrD&9TRIQ6cd zK2}GEN(A+ktK835;9G@hxjDOJL&&^Rn}4geB`t3=9L5D@D&|uhv8P~w+}#==)3P-{ zR?LYygUbV$TG}m8_cO0F?I+gS@YQaPHz!}JcDKC*%+`eb$1)-3$L{3x{NnWZ=<4(& zR^k~7sMNVJ0n70e2{?W_k-Iqw7WlG~l@{spk`@Gy*t$Rq9t<`#Kwcc8- zP5Jtqvb9=g%GPSVwOVhj*1u14(bj6cwOVhj)?2If)@og&W^Jw3k7l)A+cd47=*g#U zK)Wsq1@g{{7k~#kBz}C4SN-YAnXYe3gX<5LhKjtO<14rFVb0Uwp7;MZ5dU+$w|7{) z|G$4Y+WLP!N-5?wtG@f+lE(+4fRanJnKVAd7`)$>V^HkbUV&w+KcJ`R#L+{f`+5At zJrxxA>S=r`Z~|3<9E&6KZD;uD;T{YANa=ox{l0(hpBnzyW&*0o1e9y*=;Y+$^zw2u z%_;T9Sx_$CoF~=l6Au*!u09QsPLS>;`&U~ZV7wa2w(KQjLmy9-TbPeTu4equkzW+k z4K=Kh8l^WKlO1s%p|CRFQ48FP6iB74(G?Bs@s`X(%M5H^)J7XY%}! z=~E`nbR9QY4TDjHUs|Brn(DM>m6}tZ^A&G`o_)P0zqgW8Gp(GBji?klnyFfoJ-mX_ zz4LUJv(w}=c5fm9dUy1jG0SJrzF+F|0!|rIR(m4FB4ezbRj~tXUaRqETPWmfublw$ zfg)Lk5}_d>UnPUKDaq0zSL(585Siu1>$aYK=9C|7Tf&e=3D*N zO5gJz69=nT29TEXpWWTk`Oog*!8ZTLqm(}R-@2dr{2@a5gXCBt!L2SV+#l;?C+Y52 zKhH@psa!P-@gM2%<{Lj&S?gq}JtiaQd1hlE-v6j3H}s8Z`RlRhws-tWr$5byKgoAr z{p{!b{mJHYDoL&B!A4x!qxynw1KSN`wU)1-{lwWNbE|C7N!K`YTf4@Ydq0b}mbJE5*HX7>X)e%u z!ya^wlkeTP?HEqK)(Z*M?}b7`v%SwnVw@iQG^E561zUcz;Hfg3rY8No5Nek-&Cu%P zPJ?)92AC5yEfS>}Qc1cr2$5z;IVhWy8|@v)$&h}cqJ7}jk{yjAViRpv%8Yi=P-&yz zR0jUERQeHS?DLt#_k~JXyL`6RhQv_W0$;YlXTNN-KN}Pu*U%oDFCM|ZZkl=!vwBm5 zA;VN{zN?b`~BmTZuWm?f&2i^31w)FHd^w3jSlt>3ikie z;dq<>_fg6YIM;4>Dr}P;VsN`a1gHcE%Ec49H*k))W9@*e1?GT9q1u)LzCgYY=02Tj zyEG>A=YSy}3cN&W1;{*y#Itq)L38a{{v>2*hVPK41;>9pb%0a~m9M$+1Oy>sz{dnR zmUD9X@lsHRtQ~MngMbq7^YJC{Fyodp$6~1d)#zK!^j~bK{*50j=0o{U{3lee?EfY$4W@O|Y&mkq2SX2qK3z$8L%Hla3laEFElt|^4Zws87P&eC z*F6MHxB2ffj}N6%tzv(5Ncog2&GY|YJl-v?|GNkK+xh<}rI_;VAyPK=$gZ^OjB`1Z zlKnB6c@i5vk;+Mvimz+(B^hz1p61genKzZ$kzyp&i+sMLSpv|cIZE7Fyobzm6pQ5~ z0KI!h zL*!;+&B5GMH?tsbYpe~e6-$9~*o<7`uVZ0h0us$4-v@ z?nObcGQJUd-=cJqkWoRWQTgzoNQ5AS0#C8u9Js0zn|G}C$g@H6OT|QxteKw!hTCfz zU3(75?Ia{M(JSvU58fEKZ88`^cL8WUBit^qyHKB!1Xm-tK@j-@%PEyEB@aC>8Uk!~ zAwxF&vee6y9yL%v7pNwKkM0uEnJ~=|ct~C5Y6Q@w|E8gqWjR;3x0KMOOO%-9Dx^xxZjZ3KHoPoeACF5{ZffM794Yi=^H|3Kz@o%p#*%Wa7lS9nnsFivh1tlFG^Lm)H*L$gi2Me7 zj(po>(@_X%a+Y&l&se?1hv{Y?FS&K5L+P&F7^u}|F>m^o>Q!vVokEVX7gt<0`uJbE zW;_>6Jn83vNA4mvwyVuJO%@{gzN>jiiMYV&rGjQ5(L zM!x{qLJ!&kq)~M};qKW#X4)qp0L?vRUJ_<6(NlbV& zwGC<#tGH%EsP<0#d83@Dzz3Gi9-GQRIbg=JKpQOCg zm|Yosld(*oymtFBY782w%LS|xDEK>|-=!g%dKxu)sqomAG;{^Y6J?;<&q z)I5pXRfafYh-igt4v@2WwtUmw0F|6!b+IH>4Mn`)Cz%NQv&{K_TammbsOFZKJZ;?r zeXUwSVOY9!c3pE@)htV!&dxI;C9`?n39!m)6Ejo7OUZo2ButMiz?*i)(j}W0Np=(p z%CxOUYNcW5W8~?(s_`w;uE;7Qn8Zol_{wBm(m3iyWUaW_j(}ql@N5&^S*PFp(1nIw zYZk`;eHhP>l(s5?jG=5dgn@EVkAm(<*x*f9rjnJadCDk9iHu;jfm0mJXmzETD#gb!X<#ZBrbF6D+ zrgCSfAe|4yyZ>y~MPp~|Qd4A(LCww}nR|^1zKTV2?DHHWJ~zV(D2vByZ7hxC1?UdC z!d%MlsuZN9+(q!ckm$V?=4!5j-e+`fX>v+Z4gRfg`p6dmsE}H(3pwJ|G=Kv52=cF*Dba@=aJ4`j z<+ZPNi= zcQ4)OVKk$zdXa9iGuU>mDAsj4gKX1@a;to2s0|uX5$WzLeziVSrR8*nS)~ot>Nvf7 zAL~NvXgEFfn>DnXe!5K`&8DMX(__)@+PdA*X4SdrE<|ca&dwWmTMkef(P~4elNEU_ z`?0nV*W%vOa@@xj-_cqeOVx$}?PDjdv;#N5ZnqHkvH*9}&^lRtd)j-AEw^O~^|17I z6i)rDyX)9>AH<^D%a)s1Y1>aBx>|8lwW0&eZuZ+$XKC+!Ut3R~okzD_$HsRYU3VKD zcN*Py8NGHGJ$4tpcNQIY6&-gJop%#Gb`pJd5xtb7&bxDj z=mfQ8w@};#bnAcpPT^h_(XO^ot^Icb*})3hSM%?o_4m~HyKDR1b?sIyzq6YCFc!;x zwn{x+TR^U9rR+$Ej+V)uHp$rD*wVF**2wOb#_lV9mvw%_t9-XLzS9cdb$#!#x_4gN zd#>!A*7Z)SddD@r^NQYmJ?|m-I1cW?f`a!t9R$M zdksgv_I10fA79Iw-D#ofV(@CS!)?ISMH&{$yjwuV#=%PW{)-JZ42475K>ReI*%f*QZJaW zr$_-(t=!jgrIG2O=v)}CQwp5mbzbt};{nQqW3uPwD3`(T4dYftJ42z2-KeF~Q{hImMcib`s{_*8`!8r`6VtL&XS&}EI#bF87l z4XR)CHn4y!A^S?6FF!+;Y-^X0VL0`*hYuIZJFoj%0aTP#{k;)t9%e|LjAAnLu`85F zcNdV%5sx=uSuGDAr?L|o))S4FLFDaSUTf|ECKMId_@ z$7E35TVTYLOCjRVlW;BQE~H$tt#U98kcT0w=L8yw)W{AXkG*RexuSt_BwO_I8~Qo( z!9#itC7kj{bR23D7}_iXK+dUfM}D%ILXW%GYPHk!I zxUc-+{v!Wi7!nRSCLyaY0RSn-J?Qd&+$~{JcKa~&5vzm$ECB$31FmuC)qyJZWElV+ zVlKszfKdmRkq0^QfJfYTfI|5v>cKeRUylAJK^7kk>(Ncl%YX_G)9RwpnStYHV)pwyMpI?b`ZowfbtiQfcn( z?A2-;HQ6$zK^^otk66827CS$ptrXzV6`Y0HbBR~3bjmE45nY#pl3poskUveSm z0g^L=1dbSabr3;+%0om8t9h730USFa9H2UAP@jP2USZAaxQm=2qD)TXvw#0qE!Eaa z6{qs7usTHnf(&WE`V=q02){KThP5RaMb^*KPHAJwLlFu+6uKC(`jP`&5_(uI9Yr2y zP9K&~2)lt?UIpEJSOS2eh%n3v9oIn*2dG{ym&7iioRzJAYRNd(<1i*M10D+S5YaKm$FOGNK9R|rVEX~ z%qc=;frME<18D&OuD6sd@kVK5t+c)LXA`oge-HYXz5fH^UO#>xbMF7j+WO|?{lETn z|NjyH^7p|^if`zG2Sab{p&<%Lgs4T6G$kpz0kDsM7_S4?hqaB(`o{K7Z)az#*6Vt` zwax0zy0^Z*=I(fFT~veBt@W+m`WmXNx$A2iJ$HS(QdxK1irYn--8FX;t+`7+3K12Y zMjb5IDz!DIvf)%WE~-2A+D5&$S*on>Y*x2lR(9%@%JLI&n)=V2f61J&pCbUwJpXGO zYinzNTlw?9wYl|l{{M)7D=UWm5`0z<`!SV#`O?Y?I7ht&m?_s=T3K0IS^88;>)HT@B3OMY6F^RzlhFpN=Xb=SgbU$Hw8R*6wxKi{2&~*`G;Ch=0IDjEK zM09CI!f;^-7~%j%*dWh9A5mm6`UVRrzU8JdnZUHVSc?6l7NAHojDQOIPmu?@W5D}= zm|2Jl$s-`K=M&-wa@b%+m6TMG+z!L4Ui~ITVxZ9XDe|QhNJ)Sg;C;vey5%VJ0J_DD z3-sI|W*kvdg#a9KM4`*U2=l&SYg0TYHsp26_X|ObxIzNyA&Np5mDQ{|Fy{SG{{LN> zcA;BdNs)6j1`>fKSK{6z!>NwvB=56q;Y5vY^n+xJx*h^v_v8lvOezdWCth#PHb;6 z(~x#Cr;v_8j6EfP3&7%HH`@*9CY~9xK)o3=P6o*emVlWNjjXPJgis_a01|3JFb;LiB>=7win0wFshUFUl`aC%^VHcD{p!AKWd`{6 zJ!$NDq6`KgfL#>Kgy1P@7zR=wp}>gA*bhh-3ZlgNP#l)*Wcc!HG967a7?9BPCT3i$ zu;?b;&QtmVK)`@eluC96>S;WG=prf(FbO>1p(r5Z0SY-dM{+xL5SK%vNRY4+xacF% zpEyuKAO`G1+7;W+B|(5(j=YlO?}k_qh6Bt5lXr{UB@6Zty^~lhm?1mIHCg zAR-|Oxm;uMxvp^++o1FJ7t%55Y_K5iJ2+~mXASgIhUC35-AnGg?Q4aeg zs`Wu0=y1qUFAf-zgJ$W^Mvj~;4012C_UTS|Fu;g-0#Zc0X&{b&CuvPVYn!O0#8I$q z1H}6%W`MaAM#!e5W@8T!r`Tok%D^sSg1}%Vd6cfE4UhpC0vK>aL#e})3{W3|j%ss4 zLUF2DNm0MF+svr+4W#kAAif_Ud9$cPD8}K)l?DvCF~xi=RfOo4mt>>=YYw^NfU9rc zufX#TLg14n;e397Ar@LUZmPD)g(0rn2D@ZpBk%0&SY`W^#F16lvr7!VCoqb{4(=j8 zLMQ}>ZHarIFfO=N%?%lnjKi;z5{s!rA*UE63_(P^XH2$ZQq?M!Q2c5H7&4^Jwd@n% zs1B-?Qms;2tCZF&3c0k$x-O79$)mYY-`aszzhQKujSGy0)fe>2cOv z(y9F!kggb{+ME-R08pHbS@#5#LCiy;LI8(86|6F+u-C)xl6rfPmG)3LK2)Fc`^SKZ zC?;yJ1dvU^#nfqvDyLEtvb;P2DI^{O42dh0&|*NMN=MhooHhf4lK@fc#7{u5Doj#v zG5%1DB@)+v2QP+TD%B^aG$I~=A;(SvNG`WUz(W!uL1r20X+qwI)KgSeQX!5T20jp# zbSI}`Zn9A27cn7?3_?Yd`XF=w;Nu9@fhZ}0Jb>Ko19U6qiX{`C=}$M4HCt&#eZ&%& z;2MqVfRl&>#2=Tk0>~W+kyRN05{U&A>wg$#J}5$eRL_(FM=S`WF2^o(5M;bM@h(pdk>*HLwPZp4?ToSq{;;bwVbwHrU%HmED|L2(LaG31X zano+g3i@GBal+<62<9t5Jq}3BR{_?<&`VB+q<+~Jq^H<5gSR{&QwE!?npm*`yzN}0 zQ5{r&m&{a}hDVDmrf49fx66=0j#&>2DX9+j$SL6+w~xFyut`nAk_%)w^2hh%4?4P) zB?+j#eNKV^hrW7T)nBMxR!^`MBaW$$>Y%pqzwFY>5Dp;@)BwacgLW$%VoE}Z_YhL7 zWJkep3PP!G|0%emaF~*(ML3zJdN*|;mz2SOO@B^sHi>FVidt+*iCp?R+n4&^V2bi; za#zn#UzNK7>6Qmj2-a%9o1^OtU>L(diyV$SklcendoX$D$)TEx8lM4-2Uw`beq##7U*ly_QV8IKv4KVOC1aN1{`RsF3@8HG~;f z0Y*_+N*+QnDVs_b9xbWH5Ml%a=evz2Kw*zi7Y!8AnA{iB-+cqIMft>DQ0fgF`sG?_ z&8d~v%PUHE;)qTi+J&x@?^J17O5$68DIk7Hf7cJ~7RQnu1-eBp=po2sDs`!H1}_gE zXBw1I+sBFmb6NF}emN{40=uC5ptQ zhXV|i(L!~*!isyQs7Dd&+uIj-kVC=Jk5CYZ|8huu#4VIu==M>jL&3gG^qTg$hi)fm zoGACuZAq0I^B6(yT@r@!=49!`AgLzi2XPmmTR4aUWPNhv49t*UTobr*ri19!z2uFs5J2xt<%PT>BX1Bz4EYD zs-(LinfvDPVM|uXeM_cVA_fHl&?}xXN(gT@Y^(ur#J}Cv{^2QTw$3jOUmZ3Z7cE(8 z)hd-r0EI3QH<@+stHUA{-lbA054Cl=HytKLH!)%yd53!!ETvfT7X@*`BG0 zD(3KHCKsf+MeJs0-{_Ac6gn3uKm)|-*eJ(^q~v)@q3|4){1RAyCL9G$^0~ggR^3{D zA>j}nM5Uzqvu8=aO%ig!ry~m5R4f?B$m%-P=-ZbEQw}buzH47VJ)hT-?J#KF~Ly(Q{=+fPxn3?u-l?i9-damcJUFS*UJ3zS`@4OV?n<#kY24{l``MRp&OTTI3zS$#3-f^h^e z=6ylo-IP(%pf#6S5;Z24PV=_=9}nA7)1cKrc6-H$mi#*$WiAi>kn!GmCFqNDre9Y2 z2#UGHAvm~yxM&NhCn6zJ!nM=_mB58$T?N!t`P9z|SY9sKecqOO0%%D;*VN@pF`?MU z;Zn+XN5o;%H?(}!10)1tLK_658B@8kDO+l+s?1%;N}v&rwdHmom9KpSs$hU%$UsOy zAOM%rM>~bGAhSV$0?Y=bKs_j?=dO_w3NdFzbn%3Lc(^wPeKN|B70dt|hpxC+G|`bS zM+#>_utR+xsYi0_`A9UoS_N0?;&DhAjIE!sRH0Y}9tsdgS9z(FA#Tx`NWbF=*!fK) zHRnca)uu#hrUggX8HcXm{v+7Mfzdop?Lu$2C83UghInx3djwM^kBIu&e zW(|&iG2`-rNRMMuiD~PDjFG|sj_rG00v3cri7UvH)S+a+8*PAumosL-%$NkIn_aRD zFc`rxlQ(`4kdbK+hkHG*s42f+edJiz;C4DQyC~`Q01BZlYHT}g$ z*UwN8{r2%wbxBeQFc6%i_-iIhCUprJU6Oo%7JmMz0O`*!)bp5JPFDIUY+E{8vO!2V zkWWTf?sJMn4ad^ z8747c2#LvrQN&gSO_xt-s{nD=NJ(npOL{04-zf(C3J1tsy8>a+xudNZR7=6c$wMrr zpkVK0o>8AYoA!*F;Nh~N#R#mk<&pyxSkV*1AH?^7}jH}>Z ztKeVdf2}IQHLIDvmDnoq5tr@eHc50-80nrCXcQ3tK7F8DwKgJ#^`;qT|*x&>U??<*(&wO$#URCPnE zt;Vg>y%|mA*64H&z;#GQp)vm;6zpT3p$8Ay6?tC7dX;kIt5kV~vA!d_c0|{XT0FV- zO8_v|zt^_O0=w7lIkJXdpbJW8N1gZX*j(vF*Vn{GQY$ZD9Ecv$CH}-%zm)QKpX=-E zYXG?(gAVJ%niFEiquR!QCTKJojaKdL*N+FM{p0ti5%4Ka-dH1pQVYmG99}|XXNJSn8B`pu+iKh*Y9w}>(_#v{iD~xyuK)d zvY%bm&)BWC#LvCPo5rpv_TMzWZiU|I?He-k-8bP^)_0HTO}mA0)DQW~w-*<~z4qqd zVE1_EYZabeUVm7BzeH7kI12ZV-v(#>ee{8bAK{6Aezf_rebl^s5BIvwtsCBbx9uNZ z_m8*Wev_Tia&u#|^ZI05-fe#D-FnsV-Cg7CwzJpv-?9OsXS*MIr#AtAyHoDJYu@aR zM~A0}=Px(BLx1!2#p|tFBB(0cX$ZT0nkLCB8$?(w_Rpx<$Cy0y!} z`270Kc+Ag_`SHuO?Th`}>)U287@WP___*EdbWT5P?PKrj$>GPXH|uvNUmLZs8t&8J zV(eh}M_V(YMy*qzPrwZvGJ5lIYvcXV z20!X_w_crpj?rO@tzTTMf4zR$S@-&F)VOSJj9+&5K4AL6KUv>zZpE$ej)xz|@a?-d zTf1x9)yC2K8;_3oM)l)O>-MPoCc3yh4PUmt-jIvY@aFXE`t{B2#+%FLVdbLVDSx;= zyM5h!KWJaR``GP&jhg<(CVp9iyPM6yQSJ49Kit@VI@%a~t(=^CyYCz8<#*xeVDmj` zzk7Xmv~fC)Yj?YAVdG=;va`{T-msTZb$D7WkJ#61vtPTIcVqV&@e-l_;~ld0;hRBx zcd{EFdGFAx^_Q^5zIHm%?okEbVBUH2a%1;o=cpf{+jyVXDzBr9w};JL4^Fz#(Z&1C7IW8sDyK2IX|)cTvAZ>X$4Ak&ceu6LYPEK& zZ*M;Aym@`IIlO)e$DMJP>}|YxwOKtZSKpzFQT)r-k zpEYQCb3kKUCc9hFHGFq;@OABO%c~wX*N@&E^AGD=C>Vb2!i(Vgw6cEWmN$-HwJ;@g z|HIoZuWnp7E`yu>lg*9jdh_G%Er(}oFV`x9f}DT6zCG)|JU%)u?+&{k%lQ1Xf5?w- zPRAILH($$fzr1xgT#v^GW%q5l(p`Ulx7YF3_9Bk`cQ@PX!Rxr&-QnfE@MAzxXZnojY&q%_aGI z7QGLSH*1a2#^&WZIeYo4aU7%J@Z>9ghv4w2|N164-@+T=4x=Ajdir*Y^TFPKXzRLH z-q~tz+`;&;f9rmI|MK==xPD@GXiAm;Di@c9@lU$0ay>jo{zG`;Ga z+}yoJZ+GbB-R1iAJIwdLqVx6kyAG`FblNwstG&0^eg1XrV6=1l_4w`kw;$-`&YR%F zJ9>8fem8ovdGzjU_v^*pg|~NqO-TRMo!@PJD8P83)70q2&4Z)27hiAU+acdU8_$eEa?3P5H9Io2O%P-NNMmPUp?w_B1*tmIL zyFBWkvtis`-`l)s-yFTFl8|=p4tBb?JMS-hwV>s_yC`E=J#8I*jl;{ExO#iGTki0q zy@M0-e!YBlG(NnGJC&P%@WN459uM(4710x^2`_VnVs$zQK`whvzJ=+zLMxQB*+%4*|2i?VeZthfJq{S;om9UtEHs`UK_Z{6D(k|KsOR?2TK zdlwfsD1ONYwVHp%hA-dJw-+bZo5Ruh<<^G(p*-G+`Nm0it$V()`*vg7J9y|_@8zpkVQmwCxOxBj+`l{g_|g5i@piLMTa`Ed+RpXI z!8*KK-zJsDWw*E4iPk&E-Y|?$V2!;!9Ubg;NoT9|`g*Xj_5Mx!?d4keO*B3|KIp#N z^X^8R2A!AaZmrT;Yj_{}$49NR+s6L(2%Uvv%8y?+E>XCDGq|`W!8SQOtRkuj-Vy1pAC0yT^r8%z z5PnNT%wiZY9($NPEzO_3G?wZjefP@iSyGp}jIIR$bjvB!>H?)|SMRRcwejM(V_P*b z{r!>EGd5O#j&$#J7z%n0!+wZ7hX>5Dk#GogAVubLckH;*sn>Dg5&%44_fqE===W0O z^O}R5jU^|h5U6v;4(H#4(XmZ)Iu2=Wj3x(i+rtbnZ2|z5Na%P(eR%y@G*fPuO z$d@h3xc-`a7>xB?)UAcXA?EgPpk9(guMR%3{^!gWNPSiZpB#4;JVS1ufaSvwa|{Fd z-d8G>mY>-TjG@GI@T2_sT%)iobR7C_r5gR?JuW|la{KVJct)p>a-h8UDH}w z3HK~<1Gjy$^%iY$Ox2^Ne;n`_gr;!_ps@7;9nyQ`OmsfvZ z-i1_s@4~y^m%o4izHH5!G5yZYt=MJSg|Ae9W^vcUw9Nh`iO6!UV(8_U#Scig4wnD* zFDowQa;{E(u~#J|Py#Y0A3)(y>zXsWw<9glrf%Qb)Bb(hzrWu8%>?%$Ap(SgK^$-# z1qggHenm<65-V`Q=Si3BPoJkDR&X|H&F@0xrt`y=>Lz0c%PJgl2(5NwNK{-q>&tawz)f zLWVZii<}OUo+hTIHh*qvKRP+KAzJc(cXc)SGsQvocy7YRuKtB4QUw5Lwa;5Z{@4Q!I3YvDJ8Q?-5@Y?6HG0`1edNyj*DeMxZJz^| zhBcTCga>Q_DKS?ZNOzBEm)#?E{={Bt>i)nXH!xs;eAAvT&n1Qx00e5 zfI#_^$yx}yeQ=G&Dr6#H+9SdPT@;X!L{6Xfb1}?BhO>MX2w?-5l?%6KzX|WZqOjM~&R%s=8>_UbvGd=f_eJIN?!sX%GB#5?B zsaPSrC)~!)+O5-0=K!?N58pO_E?VHI^`XFhEZe+-PJPV(Z`xtqbm#=IYm^|O>696}*Mw!}YyNaC5NYkooWg<) zd<7Ce!Gf>Tq86Q79E~#MvCe0AoH4b0)FYV~P$^3?6>)-b;~8s=NF_>tBWYO{Gn9>G zmJTzC@wl3pjw4U|(JarHv*nTn`N!BgN zfR7;za^0GmqR#ZLf8=a`+C3~z6v`RI?sHu1CAQ9qU0irTj72&_A;Z$4SO~|Dph%R$ zMyf_EuOvMg8ETcxO*%ge*Pnb2p#6|L_(7sO|UGeLZoM{q^?#e+RGJd0E{`Qo{Uh9qK{m{Qq( z&EYRXzy?`_h)qY9m#6n($j`(2NGVw+rV8}DjK8D~4LNtmr=eSQ6X|l=ivx+Bia4jE zxgAMJ6PE3@c z#S-rs;L^N9&#p_y5eI!JgO{k#E7@C5Ul_{AOL=N0`_cq|8CKg>ZK19Wu>?NofYYua z>6poH(vIHraMkA$rU#s`yW0fS3RqqSQib}Z{caEZ2XG1;4?L^?9zFyA0fLWv#>)Sw zjm!V2!SXZhQ)x{_LyV+tpMZ2NGJ^yI;w4TD(hIxkP5S)Q~p ziFK%D6R1eVr<7qc8RGH~D)+~jlYw-44uUZlkT_I9Q6r^s^?(4a94>W$Yw6DyCiiaE zWw9U(rX2Vzo$C+0N~#xSHS)5IpgIn;i=~u=^w0l)s4$czhCS4U6nxWRDW#X4Pe~kl zbr9eXLF&j5ODN>e#ZD!hlff!j+1c4y1uI)yTdQDYZEbB8tki0?Rj^X6R$u&Y1?;FKe_EiKqFhUk8Y_A@A37 z<*F|gL||Fb{x5iruA?UP~$WETpUAdv}nnJ(=)Evk`i zoLuQM0Zi0V1*h}23`nG^vk2bAcCqHUGd;s7%Ed^Ggdj(HNeYLhtZ%;+l4B|TGYOGi zTvPezD$l(n{g|Z$a4eunfZ#r|!WzJ0xDoMGZ1h-DN6P|;s_^Md(P9@08o>IHdNN3V zc25WG_YwzA09{HLvpO{pv^+2Wt^*aJbK0bUHu1n7W;B-0!(cb|e6^1A<8gAxu34GJ zp<@lVoai2$$mOaOZvQGkYj*fmkS%)(L-A?l)#Lmz?X$S>8wM&*CKSctKx z0Nj%v@`*A^wHx5Dk%r;4xt(d4#^Dd(nsDz2kbyq-`!YZXa*-#w2pKW&$_{GbbxSsi zii^re57j)-)U7RJ&==$duypdA$h&rdT{my0Rpj`R>?>8ZjMa48nFQ>~zJUIJ&q9Gi zU-dniM?fYckYW6Fq>0DwJC|fY;W3eUz+z#4Jl{akQAJzMR_W`5G5!akUk&KU{+QTS1fYdveWo<+;5mMR1pyvVS zfL6Ef4^~>c_7Mym9ox&%vAxXnqo8+yV4wqZ*1__|z5AePG^HuMh#FdwSKm7(z}WI; zW!cWHV3-WORi%I<_NYvbn~kzOjRr`uqoM4(KHnp1^Hg}bn9V30z7ofOdy%#aoAPL& zmYC!k8!%(yBl$|j;w6@?k)!qWqJ?5x3#zLRPMX9ZKi4L)YGD|`sT`vHBD9!9s28W1 zbeNgg!w~ZvGFJ41d3dNiV${Trwepy0M)Wy*A!E>B!Oj>2tyih%=oYyzQd7efom4D& z&XOvg=O$_v(;3^8o=Am%5+mLVxh=Hi7mH;iedNYc6|fkyIx{I()~uquqSb#sv5cvV zmGeWE2ZxyFR!43nW02yJQ5X>DIh>Fnk(CwS0$>o~5Y^XAaglkX{9r62SBw}p5-aB1 zoB=T(Dqiayj*4EFq;|NRR5N*a*nj@h7S-ZV zlw~{q=Rd(<2)Z~d%eG%++Y}-&N*p;0Wdm(Uf_Q*VNF4I)@T7)Hiu2i)HX8b1+g}Tg zs@=t$gE4?OOi$BN4n1pSZR}!3%Q9GXSqwfIutBr{N&SVzT?Ha-GZp=Ln5!eL>rU>$ zqVAyEI9SI#Q&(XHKI9MXyD365SVEL6Rb4|EA&%>bO-V{MMYQ(12-b zLT3{FC}7FXcB5DbO_hNu7@&a^95$-86KpPi)oHd-ZDX=gZDaEU>v!B~+^gQpK$5a0 zke0MXfh9Pd=-f-$CQ3F_pXy+{vRz9i?0_(Cvhd_n?iWmdPM`pRggin+7u6QfPBW;KvGgVqD=0Tm58@!EC_UbvB%sfloQSGe zDvNNb=Rc%vM#hSkA{OMCc6*FC9aaEF7ZDyVmoYH(o9MJ&|!XV=?_`Zmz`_u#jM<8pDxmzVxLX4WTp9$*|4}wpR~A2$4XK5Vp_&BLAn{kewe(H znw(oECzWQM(j-WWk35$K?S-B6EW_JmF_@cwCTk`)cc1y0(ofN|>#vw~E1S6>iJWRJ z)UTCvWWgQ6QVYO*vSD(tP3+wwNqZM3g0`dG_odaZVubo z4;`A>UJy*->r2duvOQ?D4>QVOGfigH4I3fTs*{<0?Koiq`%Zr=7^JLiCg`%^YbPFm zuyT1wr@c&BbAOz?XC|;ryll(9N@r`vp zf(;{|K$2X!*{rs6cSn0#OO^V52u-vq^HZ=ZYzl-==SWVQPLB84NY?UYjY%VRW*AkO z)7J!A6>PX{i9_Gca5>R|n#X%|gF_!NZZamA6MViI!0G@|GPGnUeSjTLEJ8_{~s=O1<%3i)&E*2H0tya2!b2C7!Yo|xI{ z#=t5Hau>5&g(0GngLf&GCXv=>dm6H>;=usQM}CtW;WIcT@|{kK?6xCO))C%A%%wO| zs+oUhK7qsoLrDK2;TF6w>zt&Ln3-9RAmgCA0R}jXxlE{m-F^d%#(2BLK;^|U4n55DD%+}Ax~>ob8snQBp4!3BZC=m0}>l2N{+)=rW+UtHXUM> zZ3>m9ZUMn!%bY9oHbHjvzp-)Xeo=4X|IcsB3dHjF;yqF8FT5v4kcQbExyY9I_U-E1 zw|^+eG7HG}?^oZyf6lOfq|#Pr9J+lVsoOJVde3w|O;FGYl2p=wN9smT*Qd|YDsm6qE_vv-zLXu3hi;cFjI@BMuhCn> zvg&tAbgL~A9%fu1h9Q7z7zIWJKPqo6BGmjDBEu8w|HS$~vHp+B`Wq^K`>Wb8XDHo$ z?UvKV54BY;fbjQ!w@?0g=E)wqy{}!eSb=Fq$jP^S>Tlat*zdbkZdG)Py{N3N>IncG zDgq!aeTTKu+E%GjP%pK;U1(|kmKME9`o9o!GkY>KsE+55<~P??TZg%2D*%vNzn@|# zUW7L+Oj-0$tMGyz{3~-! zi%Moov!Sa4c&G6V=FMo9)M^nx+aILH2oJDp%>jO>J?m6353yrajON0&suNbHo9nYJ zRjZRt)@tUm)I3`;pCDC-=d8)7H$a zKiRQn>{wTTG!sAp^Dn?+dR|^1ZDzI z2ncp;Dgx#)u?WOTA!9bhOka!MPd54gJvRADHhMC?|22*8t@k;pY8A+EgWMoU?XpxuEJhwvAJsu^1+SVn}u z5>nI^AQW7EWhA^>oaO|?_i^Z#6hN`{0^+}tKa%)(R=-mCD}l2R0n)33D-U&J|7sOn z;jl-_DS&EdEx1pU(TNPE`95eCx z7kwr^*8{t+&QJ~Nfse!4#!v6U4}TYy`|Q3i!)p4c2dENXXS@qXaW}wj3AwZcM@($d zYedTd?ovp{Wtwa#3tHxpc&k(?Ro5I9St4H(=i@{DScBtRa|1&Mb2>;nO0KWr656Gqyk%^AHYjxv-t= zt02}`VP&~Ns-=xJE&rSMv#C+TrgZtE+hyv8$!ykittWMri)bt7=_{vdEEmvOE~d4d zrnj7-xh&RQX0?}={&G>R|BTarGx>%tfZC7YimkC81QJds`zD}yrOflY)wWvLHhmoU zbxlj|YYVGpdx|BjVwxSNi$hQUSgw@h|CaA(QlO5>eT@oot^NjP1ynISf3#u24|V%+ z(*o7)584&jxKCIX%zxCh_s}E1mu5i!$cyO|Ko5B{HC)$%ucozv2tU<-+V;G6(o-jBTCvHLvSiQ-F!XdUeA?A-SmP6vs}?A7^Uh>9BMTS~}{U~_G2=YDUnJJnkC zk>6m8cGmn?*xb;5;ydhPJhPU>oF8?@hgvS&42^3-ke>9d|2_IvLsy?PuD`Ix z_0NC)n;uogW@FOlz?>R?peT|`mgZP5gBgqEU;HUB38Rd54?nSlT%YYzUU; zPmp1te#EIyw^6tb@_|Nj(OUjGK}}B0F`LrcuM*Zoaz=C7E#TW|ugy<#ZamaJivaS( zQCZ{Km$8Ps+7B^tB7gF7eDZSq^}QU;Yk_mn04(mx%%w8D3v>~GOFYFTc}%$kd2{Qx z38xQB`q=y?*!!!c92aE8f!>3mH{KIM2Z<2X30ceCfOK`jR#Rjkmo2Gd$rR?E?wBQN z+k+4yw1-(*MGr>bOE~lcr1;?s`!hiTe!cgUKlx4LUe5|T%J|~%3HNwS$i5{+h%(GL z3i(^9O|qFd^ODMc(poM8Bs4F(#6wfwNR!pqPlaxtgO1GcN}iST!uC+GStOJr5u*-$ zwHyN`Th6O=a>JuGWO=;hB4|pPrv^O0Q;i7oe9h4 z9>-t^1MH<5yB_up&MFSRRcG2>}eQY?AmH55^Dint`Hf+kBF$o##F#p{fP#BWX+`rd*?}9?VlFsYj@*_7;spaReEPAQdu}Jca5} zybr0@2sv&fQhv4{OGwa)06lM(Zrtu)K}|2xM$#yMCwwfV!YF{8;Q1fxNo+AajQlVO zGOuNsSgHloc#rf%IZK(hRIu_B%E|jJ|CGfqcu|sG#d1ZD##IbD~K{&Jo*;mg+7$G%S( z*I6IzLFX!))aOeRSZJa zdFqRXsw(6JPBo5+XVaAxpwfyhsR>HcrRwkudfqbjmbtiK*?g$>Rikc};vA(}_y>f4 z;yW>ofwbKeyclz#iW~{`4;=cFRBUQP@ch$3yYcx&BD7?CoK4xZ&(37R)hW<`>`PHI z9G+XFwW;O9VZz%K=7z;04H1Pt0?qa%h&c}Mof3pB6UVu*Rkp8Y`|>gc&`#Rd!A51W zKlLE}gI%6TAPe+rNsKZIq1pQ^^;G!1!=Xn;)?-C#HK(o$j51bEj@CK1)hnhc20#+%dL}OAqzl=0 zC5zc*WW!zsmr9A{VJ{^^YikKCh0s{$)vftE8>h(C&8 zKD^Z|l+yTFGp(C{6s1K?;lT0~G2%r|JAX!Gluvvwry z8iR;1-r?qvB%-LpNtCmkP*3r(+6Tn< zktfhI6Cni4BINEJ1B-T{TVCOPl;X`CD<*SVIw`bhowHok!WEig8&R;HAepNNxS!01 zlB4=JF&v92F>5zx=`ydYxeH)kzlx^IJhaseoMPggo4Us!+w)vfT1l7oA{N~l(@D;c zoDj|FuITx5Vw`?d`^Wr$I>wA!O6w#E>;$Z(gyR>4HvN@0X}!N_opuh-PQP59AKMiY z!QsIJDM~|JEmcaDa#FR#AuaiLvk_|^w3U&ETiIHCd+N)k-3L{wmH+GNOKNRkI!wQzC~JM*!U@i~y>C?fJp1h@*wELo-JG z3;VdFTDHe>a#1XdI!}YKlNukaq?QArkHg!#gu*io0yH3D;0bofcXFu#G#CXm~fOuT}gZ&zdvI# zwK63Ody+bwL}N$nF&H@PTIa}@knJSsj1J2~D9vgzGh0?I%c|vKZdLi6e%MotuvYh3 zL9VnB$8+{VoM$Q{A5 zCIfTSh^BaxW$u1+gJn~|>tm`+o9b(cJCc(4>fjUWuL8&YY(8YqCvd<>EQoV+mZq>T z-QlR{%5B_##T2F4@r&+O!Ti-W(mGCn!}!*L18;L(g8k<|?Y$j`qAc6-KmQ2^L(s)x zS+@Nm+oljf*-nICHqeT;Kgg%~FG`^giu3y~=*Oq``TQusdL?aaVn)jWabZvvgG~l# z5Gz1Re_?S~fk@lTcNWZ?NZVU5v&V|MLxYHq_b^?5)B*6(Jqmx&kML2v2MbkA3%U{( zc?HgOC7c$uRTg$~dW88td4(;OfVTP;Jm7X^+YW%YfLGpjWqU1|!2`lLI7NI!=(U`& zPG;KsgmL}Vl8ztIpRaRIPrm$wJcU%vg;YIHqE9N#p&k6xL?KqQ(uM9d3cdTh$XG8h zM4H2YsQI(XO@~er1=CSomuCghd-l|k& zg=422F%lPeu9ZbBgZqn_Ryek`sB+epCYREGt|al?$@r5PFLA*Et1djy9V=Z^5n6^P zr-Ohwpa3yprJx)t585G0o#NDsR<%zt6 zfPlro^G@SbXWdF|`Gw?`^N_fZ?qX6bMILzO>Ams{JjW$el2@U)R9~2xv{taRkO@YA zt-4w1gWteT#hYRll;4B)GADE_X3$4vtM~E>MIjpLM5zYvtXYv@i2@>R5hZga27qoO zOvPri&q?ZYA%P-qv9YbGp;b42=FsHdyK(^5=vLSt*EJ5kG~(`|EL1UfO^^Up zq``>l3qTcALE{%7&QR#mal{RfTu_O2nj@)T|0^C^RS{QE<~?6)t&HA+^z4L7$|u;( zU)`4X4b7k%!3d6-L6mCvM)e^pW?uCBnG{bz4wLv4M*XpnIYJMAQjdY> z?W1Pr1wf%oJjtLFYB#e`X*Z8LRfURZvu!XjP3u4uXCf3d0$=c`{ej>O<)!JPPtCm;W*r@KPj$6&WPU9+h`qa?t;JnkY`#nNq(8U}ue3#q+nNALS zX=@;z4d}Y2ogd5^jDTw|nMr zo0(&7@%(az5FJe?M04}EDYc-LW-U=JPmAF)8K)-KVBtVDxpu|jX{Oaqg2WVse~2k+ zAU0u|VM2()ZSli~2cDBK7>i5HSODv{bm;|%us;M7 zsfAcyUzc)5t=DC~C^;V4-g1)w*hY^UZxgNz4)8R7l#cq$rqiOo}?nBr};i z-9OqJOS@x>^arD;O$jG12}~cp5T!(EymD#8uRY5>TIy;Mb zViRNUQ7w_!02P39**Gg^B$ z1;G@05dOq8b~yAYVg)V}Ff`v%&Fur+CoQWc1MVTwFiqPzg2o=|;Se$XtY{ipmV=Vb z!h+Jsw*VDe%TfUACKHcvW-T$}LS8eF`-EwR!?=nZsxPUlB4Jz}e?%4Is*8-#qSP?z z+CnDK6PPqK&S|EZ600r6wlp89@9A*>!+3N+8tM-)NcS0j>trPd|ow9TPaS27ev z%LA@jx6tKRtKh0lQ4ilLEzhBuZ@I`F9ZT#g>E%NCM#~m6S3gBg8dSF>hS|YJ%0Ta5 zNzs%p)F*BJV!LV=e{fVOIjsZ60*4~y-=3==V_f9QOtY9FC*9{ulXEFmGZP_Kd5|BU z{X#J&F}2kzj>VX)B%2|F(VX3I$q<_mTk|r_m2@IP(3@9Nt+3J{*@j~t@+7`qvao65 zNd`RPN*_n$0jQpPe@qdj`zWWxPNu^A0fMJ3sLUWf3CtbcfA;fCYS=+MjzAo#!J6(k z0n+qNihM8xjdvZ;INntRi8bDJ8ppf$B&_pMyg${Q5A(4}a#0`CDKs20F;O;C(y{e2 z$zrPMRcl~NSBcmrnh1&^NVHi1OK)Sj>#VGRrqW4}p6Vsh2@#r#S-?XP3Z+7xgeHV8 z@sKoxhtz@we<=bq4nrLJC2$xrF63}kH$=!|*-lo4Y@hpRVV0Njrdk&`4EwC4?Zq)E z!x3|&y?R$G0xa*3@~~E_mHTAmVD5;0%gQTyQ5-F*XC*5|dkxC=^6V<|E3QPTA~D{q z3oe!PspTjLn5-z38KIZx3#8k&gmS#ApSBJzF50z{e_XPdp@ig&kl2FK&jE~JC>J?E zI`)d{+XTSuA;@Ej3@58E5ToOHtMFH8_Qd z#9_}KAZF6!U=Z;!V4R9^EH7JADH#OUOtEQaew5DSa1 zhDZwvl*1z-r;|x9E>hD}Md5U7mTPU9uzpcWU2BgOgG)^p<^hb16#@z67T-T=X|mI_ z0vX$Ly=#9?L#JDO^gbbefNcN4R_L1?snaI^QwFY}(TaA6`#AO7k-rkJIv81AWRoe4 zf8{>{W8POzea%##l5yTFv;~uox=O#F9C|&l6K!N>KhtK+XvMzUKWY`6%WQyBHz2WB z@+DO1yl3%gNKTou2oNk7CuMEiCg~UX+-ucJGnY*r_EbMLeTrlo zMS(PBpGMIOru-EpAy0Q*)5N$}_^VYAPgVJa?&dO1#xPw}avh(#o1s7XAe&eeIV(>^=x zw7xXY_F6h0Lqtr3Oo}4X$wtYPpNm3din`9sIGNOHIxkqJ-OV2mDbqr2<_awke?-{Pre`1E`1gxA`wAp#yGaU3oti)r6sN=`jL*-K*KVF0_HSc;&29YxuJ4qNKwFD;E&JwUxipw&X5{*NxZ!C8fa#aQ zlT&*-I=|pfzt8#nIY+1VbavF)SuDz4UK>>$L~g-QW;U?-@yzB29Gkr8r$!yiuda?@ zr&%LQp+2>`GeLW%hc0`Y;%VGKaA-2NN+yx?R7($2K*A)FfyUp;f9mtrjL1A9_>q5v z##F2FBo6tkn#}-WJMN<^ek)C8G<1zqo3%BaYXwm?>7!uqj?ily`eI;@*UN~|YY*$# zn|u&GBIsmAhLFloSC0sL2&ti{E5Hz{M}%)kU!o5tz8@$OEIlJ->M4MtJ{lkj1I1L1 z)BV&5$wf1vyc0q~}W;4Ba{ep39+ zKRj%XWkTlgfH|BLh`07D$suF0Ob=$o+L?$BD3gW}Zjxak4^Zs)IS9!Jbdd`M!IK%2 zMWu)^hPy&q76PKYO*1o|4YnufB#F6tg|VD_q!MlM*ghG>!(#>bnE~`+QGR9sEHZSk zEi7To`*N3+f55p4g6OGS>nP|sf(|1uvxX%tbW9HfWQD4W|8KOGB zLF!+gjSRt@yn$kNYM!Em{KcY#tj}xr6eZ*-O2}U?e@e&-SWcsaEQr(}875?9#T*M` z>@S59!xLI0^%*ntOK_)|Fb^pZ`ECnCPkHtVrc!{bOONb6il>AaVVc4pU-9VktMMMd?CUa9NVw?xKK<76=$aXQDSPYRrs5Nefz%5&ROD5&d*zS4>Tw(_COf zM7x<<+Ll`X3NW*Ojv#mY(&40$0_z}d$u3JUfAgijls%}^+vVL~5>3mr7HZQg*T=-6 z#U3Q$cJ{?$_m=6<=Q+DfZ~2QFsLz`E`nrtH~6d0%t(>5FrJ z&f ze_rg!bjnLV(LR2!)jn@E8yBrTFzY_Z*v|I?=!^VB3(JH0K-|1Qt+W0=?L;+_o}J{|vQV3%SF{o8O0%H_RDaX&=fxF)3&WTaQF^-i2K<+52Op#}`2kD$xgzS~2J`m; z_23NkGhvqs%;*L5)Q(=U+IG@U*_K_I#E<#lMqda63f3wv7?{6HRfB@FEG7NHugCi`*vzfKYjY1lSp0j3z`}J zTnl^6DO<6*vaSKM2QyQ}{Z}`SemwhR@QYYn{~6ZuGmQ72_TJOp``LT%f5|W4r~3u` zGF|}pRX{)a1pKvp0`4uC{ZbwRb9wTg<1et1$RJ7hTg<_}c{H2iB`~2gDDW8=Kp{4i z6Hv_A$Gp6vO$X&Uh2)FRVY zeO~gXS;<9m4|NFOUsk#H6 z%f#`^p>p!apC+|vc0Mv&FM?#O3zJ+TNuGTF_W`>dlJI^oGQ;E zmO=ByOyTXqSl(*(#n{pGq2_?PDChBIs1gi4pu^3B?pPUA7olYoK{Hm;Qj#YtTIBCE zfOKqrO=eE3 zQ;`Rrd3x=hf#)(gw2*Ctg!rN$%ex6MHJb;iRW~br@Eh2vcvH;u^4rf|_JmEA0dLAy z@8uPWLNwBkss`_@-Ioxs10v&FOHo}60NqBIip^&qku*QHe*~H&9GWw>H8r&A#?Ks@ z{Cigpz#5&s2QXu?d6-$G!$jn;8md1t%++KUz^5dRNxTkZrz%Wg9t*Vtk%P)be zT;JwqlrZwIumycxl{#T{@1q0g_8+ z(oUTd3--U(f8on2Lc+0oKG&Crm9xb1bd+*VW&>iuxjGWZWYBeRb&7^&(2ZaO$IKu~ zHGHFzmlbUU#JRS6l*1%Gg;9SD7>A(;smH+c_EEF*0-(?(GP|3&<*jBGD(&V`r>am9 zZMLrxrdle|2zm-f0MqtL4=;HmWA@LCN{>SV6ZxrNy>J|%# zWB>+`r+k+n)9Uj5%1C&%xY98ozK=t{qyP$}e*)sal0Wq7%|}LB3s^jXhq|#ZxB?vZ zi1_aa(op;tQA+3okdqx~+>XWHnI&vVtKw|zf29sHSNp6Rx6l~B$XpztA`AVz;r$#_ z`Wcw~-7M*+-(G*TA^l@x@|UusPc_&;W<}7xOtwwW3V1~*7%1amMF^yfo_jaQUYJw0 ze@@9vl~-h6IP@L6XD97h|7Gzmg070L5oBB!S;tN*NjVf$L78ag0{y(}BS{eZV$Iw> zq+F|z*z{ds1=h(JX{J!G(YP*8A&4NRGLQ|N&bG;L;?tx5%mf=0GL|`rLB{q^1Cy^c z*qs2XK;e)fs?__F@Y3w!a%0L{*(~B}e`el{HkSd!-4f`K0Rme0#ek28NIT9a4A^6C zEYo*c@NYwmMk@Ig=4g<8vta>ruN^LpLzhzB>`%f*_Et{S&pw4c7(xd|IHPX(X$a^J zEfn;#33F7cbu$&ocQk-FkcU#z`CPfUuSSGsH2FUTaoL?jd(xFh$;!<3^RV4|f97Q{ z)Kznq;X9Q|RcnZ!Tz?+s`tyss@cg*P%0k`zVg4NkjOCG1;EPi1sU-c4(1kJ_tApxP zC#FB!8|N?UL}mCZD<@>}ZOLM{4(-s+jFDBke@~#GE+~3T{CoTQx`Q9o`swV5e*+j5YW{x7 z;GHuAY)%_#8f|l4uuUz>h&zk{7loWkZMCtxQ->-;Nh@Rlj5Vm1blyL}w`Mqy0CV7%}s){@dxKO)M1 z%Vave#}G21B5e|9)X2uhIAdIt-?ZvEApEIM5|W+NKWyg_T~>lo?g4ZIN}BXuj3We=<%%wU|6U*UF-KqAK60QrSK%f92vqPXcyHK&U`vrMlfk8@0(AJ&Xd6E!V-P+?V{Y?16R0p$j_l zuuMP%Cj6S50EwnLRwZ%7^xp-z0lu=x4S=fdE~xP82SkO1BV{ET?PMeLH##ifA=S3P^tW7-zOVuTPW4~ z`}b9SDvRpPt21MkzJ2?LTN3Pb@o=q)`iEQ6)a4OorU=c?ncv?(7g5(ff&uS49`Y&l z7A3L^(6K&bzySR*YKm^%0O||p9)z?Q0g!3xAr7%*lOIgG7AC&VPo=)#Cz0RYx?5SR zJdxj@M1G$Lf80+eaFRh*VGR}|Zm(1b1Wsfm+XdLi$0u)+bC20m{z){rwX?amwfRJYpJ?!3ng(l;b}=H{f03yNMLX#%_oFoUhv=z^Tr`iM z>Ux5nmY(S0&!dNxy~bXv@k9@w=;2?Q9%hxck0y9aGN)hz%)qlt1^?NfA%ja?Y$W~= zLELORG-WiIih6V3XH)+RWVcZUUVcmDOa6`o`H4ZDiro`I{tFRg6X)NV$|V@NPQw0Fdsf1#U*EKki`-r>#;cyf94a+g7W^c)nr(1}ETH$Rq{CVe%4n5F$RUYW}KP8!UO|7HnMQ)HzV zbbJ+v8V8T2fY2dz{`b34vg3XCFNVF;h!Y}yIp2TpeD{fy_FaC&3hodK22Q@9E2UHG zf1-%oJm%M;l>v3j?LYzAiB2lhw3i|;b+Xtz^)N>GyT3W#@wo5_u+C7`iBQ z{lI5P*2C-*z}`aGIpJB|0;2UwWxd*nrLtqA+4Nb`7YrLZ7HMFuLNwA^Ed^E)Qc10X zfyfqp*(4Zi8hcl3mQRLSzhFX46{}!in;3-ksSvJC2U9?Pgm2ngr@>!ye{UzRacFKW zdzKYVsOU>2z@1gX6F&mCTa0T~g*)Zt(ama9MOo@rMVr1T<}<7skEA42v4YnoQ7^2F zhwfyB4b`nrio=Vr;VBOwSOM8dH2D#}**6cRk~|#rVe1*bm2iK#edz=g)X#M-$4W7B zBf4A;410j^r|Wn#KkTske+TEc)Qi{i-T2UHh)^>PGn&QFTB31+GFz9D$6Xb4lL=iO zRV$=bpeb>nT|-r0g6!1J0_j&?h2|zIOCV%gZ6#{>IE@UtWjyj|wAjrJA=3x;?1AN* zFd&q*s4y^bK)Mju7#33l6^A$=3l2&GyJSd`YHUCZolA_cXb6B3f8m?1X8N$p->(@h$H>!!5 zhu?#99CM-`@>;xA#98k3UJJ6piFX64R}coa>_KZ65o9p)X!b zuGC6{7>QmbK9Ecm z5Ar}b&~qLEVfTDa1%4yTE^;iU;sv2r%`FQxs#E!qw5(@iHC_2rtw&`&7WZncnp=>S zdpFIh_=Y;3hbyiFxrK3sE`<+E#rnYyy&4#)ZI;6cL(eA_e>kH~hAa=jJ4amCc07*<OeR7N6d&c8L`rlG0x8viyC%?4V;e}m3wbmM@SE(x6G8C@L>C(YSBi2W#l zP4TLUf0*edX@bye@*JG+-qH2MEF}+OG-A1ToC9WJ>;rK@=mcouhup6+jqL0& z=*e<*FbF*~bCLkhX($%Y@#Z+`!4F9c0v;f+f93pBK!5TDjI{CNTM{(n>fO8K3oQDC zCNLIJ$CH3oBK3NcVc8V#n#lPNL16^q>GzGV{0y9Q`g_CqjY&TjXHL_5_wInACoH)< z7(fwKM!-#bqr>=xCDLLB50eQ`qsI~nLgyolV@mu;xLtjm`yQ;Zt|q+wgK)<>`meJl zf18UYOT5;Mr?BY;{vlmBFd$IqKE;~JuL-B&!B_FSaadFj`JS6qTyVkg>~Pocl_GWD zzwWkDMC(EfQEXa;Z26_jhWMe&T735c9nU9R)8of{sfoE1+>o!{N8mm?QgA)Uuzm4C z##7u`D;u5{- z2_NA2iFl77?Snfk{4xgt%V|bWK0HI^yMI6qoz;(NACwB>JVF=D>FE{Cpq!7H(aSCB znX3Ye+MLAL^oesI_N42(5v|LNB_rq_w%+xh9L#rB4#Z6Z^|5$|?3tgX(Ph!r0C50A zUSMk-+Dsm9<_`?X%XCDOI@Su6e}+8SVd#(d4E?L`tIw*0XF3ubiXwbuxGGO;BN$;n zjGvswf0O2alZFP3_giP3+5T46pER-bb4jAI0TD`1tQ200g#j#>U{r zIlnO-6P4f^|98V_JTw;no|43q^y?AC*bz=_G{MCB$#$LODdX=sIa3(ST4Z{}mdll6Iy#G$ zlz1TVuJhHB$dWe#`hn-We=)N)psl3#4HwNK6vB`{6n{GnaXhF09nwxf6lu|pMO@P6 z;~T>?^@&Qp%~7WL&Nq$#j+^KyiLGm>A!gh>3WnvNj!2Wsz$sGd0@YK7h*6BuKfx?u zItg8Yljuv>%%<_C%jQ;}1(~~t346?w&d-h}y2Y$yq&DfuGfffwFUD=tA>k z-K8KncG*fW0!v>f(4^W$BPYIzG!8n?P{wQr2gpmGzhjyU^b|W0hEEU^$Mc__Af`Qp z$YUYbo6aYIdEN$=24AbePd&NT%s0_zk@Mf2Ur`9jI~KIw-ZM|DMGsRBe2p+9M1-u> z5wKLWE{>$jY*{2re^v};7B0TY{IO`2bcvexaUNHmxw2VSz6?@K_5u7QY1v|VIAXt( zRBI6Q6gL_Haa!+7m1o(gnlCe+veg_sJmT- z69(S~JwxUPe`!Z-ruiBi4~5^w{2nHgUBp55Z_XF!gpi+NF`OZOSu>;K$}>oaqsk28 z2|K}k!F~)2q!xio!?>^LJ4dF5PbQGg*`d=&kmnPpC7{qJ-wp)@bUr^vo(@WWk^hdc z{F=5>9$e|$X*R1Tb{R&V$ZhL;^kUHeO<@p0Ojf4=e=OGjog5!uo@)BP^LG1qum9Ub zsiFT%^cz_+j#^5Nu~4|N*dga9n#PT}oIcHi5flxa@3M}XiJyCO3dr<3mf?qM;NHb3 z)80``{5aW%iPJt7FAy_jobtMdmemUk#^66uPa+v6jp70rb5>>d`;{(VCY52594Cgd1Yz0Piz9{ zes8}1t&|91x}@OSbbAD9>a{e?c-~FYSZhw;$3r5QhNMQ&Jp94gQ~` zG1BByGaU2<@?CR*~zsc2qdyN!v-aQ9tRBf2Q zXHU#Voex<;vFr=ZSFQEwY9n`81b4BIwG2?%SIW%2R`i{6)3N-Q`kuY`1lZzK7QEA7 zf3KQTAa3~O>LNEJyEkFl)h^e~3SBFoGZ{cbXxp+245z{SX=FG^lbk%u95T`oSKm)T zgwg9;u3l1CVnw2=%#RWbrIFD{JS^o#Nl(gr7Tn-eF9k5VR+FTzV@+P@8e_)&RLr0nhiIJH{TmKYVhmLdxQ}L9z<)MCX zm#KoUjDrVkkXwvhnqMV6)PijRygZ6|$cF`|wnA2o)5TGTSu0~y#;#43YcXuYycNP; zjA@sHDr4LHS||C^R>Qu9q_HYVOMqKW*wWWfa>*(Pue+E8P8C;^v39NHlpE6gfB39q zK~;cNaYbPmq2@}LmE>ozs--1?TbrkBZMisM)i?OItf33A>8*S^*tz;!u2Wef1T)t7#tPl9zkT?My^eL^7 z1xS5-OP(r;*$)dar z=fHz7>Z0h)IY2W%Hu^4zt2w731rBJ?GpE^gMvEk{0oRd=e+=WskA}RvyC3(iw0F<&jX1M8iCJ{y7-4Qo%*H6WX8C95 z_Qr|nBofC%F>|cp*C7a(t|Q?BR{aw*eLzxxvW9a|LE&JQ0!_h91ZU!Uf@}g04+{}W z!U;)%(|8hZu9G%KQPCs#q*@kf*%bGxs)%d{_T+u*(5A$dRd*#6f66+0vr5;{T_t$R zfXUd|2g<}BlN>9lRp8b4PCSnSilrr{LWA3;raux2*fPs0;PSLc3s8!-(U6chblz*W zZ~>Z3{4l9o2Re(HQ4M&&!*Uo#$u8tpSqs+S6ufaOU{MTOP=qmPI0uv1IXEbe#Uck0 zst~p1(D}{r!}#Ltf6!?ku4JbaJabhWCTDcUP1CqDCf8cV-O;JOWYh`vc z+5T6seeI$t%f2j74E8_bJh(aopkn)<<97S3t=s>cw)gR$H&SZY|A@OVdWMbxp1@f4 zkSp~JdY(T*;rC;54FVBh*7ZIltsk?hE!|Z}0+TwGnXc6(e`G-vVH9DXX+qMN7%Z~F z#~*u67PY8A1(mcSEjK`OZ-USyuqmDlQ8%(Ss$!&etK|Mn9k9-zpW^ok(2a;TZSl4( z7tM}d+L}tHq)z@0*4W??#-Lq%kGkyzzAuF(&;P+>g5d6`^ZO(<`Ln34ir*^(SKS#V$KC(e@787r6bq7)Ci~K49E1cYFij5 z&Bab9D$tIh%U-@f{3v>zz?i$X_=NxQ1;p<3-MeP9x!u`>o*yqZo3!PhbT)FHkn+eFdSn~MbEmrubWVt4{EizT0#>5F$M zFH}WOIbQrm1W&UU3TMFbrc`flQR8D+oPUyF8Rplv?J2j%K4ZOr$o+y11!sj>wB zfAmAo4=3f@KpFqf<^MZ5Ke;^H^Z!khKQ90Oz?bJAZyTWO89q^T62@CFH18ZIzcVg2 z5M<87>e3SuhdEMA!K#8a8O@224wJyMSJrs6drrU7QkVZHA=c|?g-iJV$;IiJF8?2& zf9?7IMv7gQOlDdVA!TNqvRuIgmgTd}BxgwlE+ECv+Z1sY>W;E(u>jPm&di9%>PI-T5wP#{3qac}^Gx38&(4`~FL(xqo_yJNvY?%i+xi1$vRbvHMmK5J5T2naoT>$A%LM*^NDQQyXV({+}Md@w}=De?S@kzdX&! z|7Yiyd;Y(PQcb6jyQ|4p!TNo(ykX2x=*I}tvx18-L`2w+C;LabsD^Xf#r-k@dg^A7 z-$P0%3csc8rdX592})R%qx#xaZ&$W8RY%2~Pop|Yx%SKKni}Xz`=@=oHf)3w$)u1k zYmvl+nM!cuj#?8EL3e5Ge^FijU(4`Ilydto{r>0V^mH%(Z=}?`U$+}ptxtinYs}VW zCfsP`t%G?gQ=ayP+da%cRLxRXwaO{ zCf_S8aG||WpQa0h6G+~u{f3<1cM24{x1pi$+RSWbK z2c(-uj^t3%M+;M(w|mS?E*Nu7AUEyGh&9@4Ea@AvQ7ewcOKtg2leOjt+>+Jj|yxvU2 zktDXWO#(?{e?K!C{>vHPU*BIjL!L~4$ zd4&9q5qhj!p6d4#uX#f&UODHC)3ZJ4ZlSA&9Wm>3(uE`tkv=S1a!Z^RcM9ESGM^o} zGq1^GL@NWp!;CxcTVnyc^#Kq#0P)mmBe`N>z!j=%b=N~bXM#Y+tF%nuoB_=tfE2N3(n8$lO^o-{Ls)ohz~Mc6rP z^LHo9T(>aBj=~uDA;i)#4`BHa-E@xT1Rn*+e+9wOqaPNZOr&PbB$hxkLOA~3JQ8XD z1B7Fe9DEJCUco6@!h~}bJ>Hh1F!WlG^otLbFnJ7kO{to?@~UkC#UBZs7$%#~$p9l4 z5`u6JH~zjEr4@9Ps_#yPc%TUKJRWvb(kko621L;ilDE+1pOTIVh@vKD@7LG=CxE>& ze;lR&d+SAnz~Jc<1i{#!K{StZs{;m4%_#&yGv*bVgmaxWp_8R+5(wp(9LGyajk_W`0Q|L z6T;*=zyE$!m}ybG8H0(ET`>nT29q4Je^gN8zVGE|YYprj=@q3;iy~=+ikRX!Fnqbv z=7h`FE(%?cLlTBB#u*M@Gy&Q=z3t=tD$r&)bBO2+Ki+q*AG-H<g)x>)zjW`#1g0xPO25Fz(;>?mv(7o&Avd>t}@@FK{8Ij$f0Ktyg<3ySzX*Oe3FIkXe>sWaRqs_3?}D$+Uw zwiFmi>I%7k81;rf^@i)AP|}o`iIq|Zu93K88XrbzsQ&!dOI@V?s{jqZm#Ks^_Ce_I9tb44`Y4|+rXaF@tVMe8+Eesllvhx_4eXH6`t z4!K!U$Tbjo)BCA+vl}$3qTq^1yzPyL{qE?Y+v$GlJ@kGa^!b9`KFP_s+Xe0vw%}{z zKzqBgFAJo<5u2AytiTNFuGWSQOl;nNvOpCJ6iSG~Z;&Mf&6C554aA=3&qoc5ZHZH~rD=!%hFTzXPKD^ZXIIalrED z2LTLxGHWplv#MiIc$*QvPL4j95`K7igcDBPz z?1ATpkdOgJk5Hy;e;UWpM;NOUCd~c0`24H-N{dsQ6hHK19|YGh0BQATW=X1hs;^tobePxGDU$`5v1Ns1^NX1V2)v3pn5YIsFtrQ zzp_oxMU%osZ~L~=^*XYd0TmbmE&kDoxYgG_rfV3@;E@!Ge~XqE6wGJv7R^K5*2+eS z++royo=t~2KM(ka2BPSQbI>En7+*cID-2Y*)>f=TWUwaMH9)k=yK?&3oo_d_>CuUc zqrf>xM&ZzTpSO!O4nv_`UFgTA4%O#ZD@7wGQiG=_+TUA!vq9C@<`Gno~q# zk&8mLXciA`B9pOQEvDgxIfu#g(Ndhs3yEY}WbQe$5USw+Rl)y{!1&08IQF0DgWBOg zOY^^7e_kHz@jp-6`}l7gDPIfo)yuP|SU{2A3 zGKVSO!Wj|n+a%8GWp+lP=nPt_G@GG$9L{uo@uP!$v-~{ z8*%j4y4^eb7j?QFXMcTV?1sa?hSkcQfBqMPzp&%K)?IDqe`7{)6Q5DO=EZ$OP2cSb z{6mdkH6PIxdWjmlEASL`v=9qUwJ-|=#->OMjvkc2^YHgq1qb5_)+rofgwZ3c3y(E2 zLHhz9rwBdQg(sTn5X<-r^FEIZLoY~UZ@$-KG#Ed=8XbE0Z8#529eVh!iRa-ee|t2# zu{%~*cE=c%V!8fvF71xZt$pRaTin~70)v#3N?mKd+4a1$O-S|(ZraNtnKA0r!c&89 zH34*-Cm#l$(fUuk<8~>@0V1>8G$N3kS@LeJ^~N-KlO&g{&fwezp5{Qk4Ou>K#YAa?{u?;p}FpT`22B$eZQ4 z;PvL2-o%evWd1lq-aOa|mY3`X!~2iSh4!c3!|0!P-Azi1$$o&*gn7@tz!rH6-CYtF z?|T1W>*t65O^?afANqHjf7~d<5QXpyTR~4gT}lCZeDuSe*gwi+LM%HzwMZ%+%xaM$ zRzEP7fDt=7G6i8IRzEaF(NuPHe9EG%tY(n9_jldT!(s1ktVMy_*)eia=*}^Qp&kQ| zv}WLSO~YjIPF^olF7QI$0t+5>Zy$#D_v43d=V8#%qOz=aAc#9_e_@2;mJ3=Dh^M9~7&&u63Wb7hsX zQK77PKs$wA&`zNz^g{PdHjii-5q7n-A~cNGR8^1=_facC!*aW2N2K`vI`Cg$=45OL zgYGy=6?MX6HyR=Le_8i3Pn^l~!(Zl1UWi?(KY5Wyc_HKir}9F#@1Zyaxg-hM3d$-e5(O0S6c&x zb)}6J8Z%&G$4x7-rM|#A_;?nXM@@QOX$hI5LzD()C=QfSYLNLYMu|{qSaYNZ-NxevRUv}PHp5gap^mb$6KJhvbwsmZgRBBN zZD#^%*e9#NOqvyd)b>k5R1JwVWp^vATDo)QgK*Rg!%?Wo%7x-^io2%LM!xsVRNCMp`$sNS{eP2yfBChYe;11X(LOsq-uwSO0#IC^mAQvQ^k&GN!_dCYKAc*x}#c zrR+aB2v_Y*vQE}TRN#37jAk&N!a0$g91FazC8b^^AWQ)*UbcL66qTs8b?n9e1B7GU zV^Rf7e_RYAc;z(cPTRFdk?jaaG^# zjW}wbS!A24`+vy8p$Qw@dQw2i{@=bhz0~7>f6(gt{eJ_c{{Ek6fcS#of^(9%|Db%A zDG?{cwPec=nQdQE{ZN-HME8C;X+8g)C~?Q`WX#O+#-BS5ml)ftcV*XZmdW5WHszc9 zreK!Y9kodYsV+iNh)=1RK{FfvRGXBX&<#jrj8@w$ywNTN&EULr{1!p6h4uL`Z}bRS zf0h47-s3`NzrR%A|Ci?{8vk6qWmHvf*zHYANh1i--7O6w(kTr}w{$lPq+7bXq`SLI zq`SMjbG_UD^PDrrd%o>Yd+fdPzUKVRc?%1*w9fyN`trvBM}3XI-k!du;ch;y7Mbh3 zQ+EF&1a0!%zuEY!iWcZtnJ9#s;Pi{X&Qc&njX6aHx}M|wkr$4o6MdgxJ8Rn1-Uw}0 z>Qjun_xx82+-r)N_*2`+w}ml8$fGLF@hUqYfDeBI3x+BcfGv$?N6+BqrO_D3{qsu%$>8jZ0&Ou|6t{NF0Zl5_WO`d(tE-fwh46$tOw{{fL>(vsw8a=yzx3r4k;9^e5N z2AbWp?E?AE#B-<=6a*;Fa%-a8^|z)_OJ+&gU3mB@P;`Ef9lGH~&5x4SlKy^DnQdY> zy(#d3uDvfa-H??|$7RZ zFRcNEAIW6c8aD62lUPI1XYke=Tm!yn?!AJ(6^U*5ze1pCeY*K+^?BiQADEFe|N0m8 z4MhGSSr8xCLEqt1gWEUkQF-sFZ`(0x{&=;Zaco~S494=8bIk*_EX+4gnYRZ!I~kx& z4r4Ef63!R8p~=$Eg{yp$dbeY}+(DpB`FwB|Hauh=_{3I{f*~FBrN8Vuy-Bab<&g@0aS5r?2sZ>{hIajf_tYAC!Jv zg71-E@HgTw!Ko2tARWvkCOJFl_^3ob0#1tCjUWC*6nOL{dHPk$=hv=xop*zTQAqYK zghXD8xf>%oAjmfLq{43qp>gfr5aLs~-GK zJW}{0g^aiY*^LY%i68h`@DrWCyimMp2Tl@+%V!AZe`5dBtr9%y-aZHO2V5ercQ6wyD9i3C+LPxecXLUoTjaU(B$E$;--*gsRB=XsUDPm%^GS zj!eAO@LLka>T>|sghK(ID+{Ig`jgBQ-)5fBr3F{a4F6Jle?f6qX=KyA?ubpH@aX&T z0!=0Cl6rS*N@d=MCQi<4w}=Xh;$6i;;fHZHo`Y#XVM`;FrmNBKgBTeRd$O`h$lnQ} zzv>);b=cElahzSFaeQ)QdrH$3H@E{XY2Raw1SCst5SLBy-Q67#yHu{aB=PiU&u)a$ zx0$K#IJME^a&JPWT#+$?S^g3nn&|oL@oaeBBC-|M*H-@+wW6vfC!JcJ2$DP5vLIj_ zT7X#wSZZHBfAh}X0cJM#?W&LZM3`nol=*l$A^Xssc}0ibJSUEnwN*apHocfWeZB+D zbWcx&xs~8x1(RSdDgI!MT%N1Qb^{QN%)7wwM-cudhF+VAOi@xhPT23Azr)OdEmHd| zJzX@~KbM5Y5w&pR!}&S-TpzRq^P4!uKgkmUfZhjvULEP(0P!kef#t~!ie$zuD2LK- zr=?xaB=3}23Cm)I$Ha~z6Aqtsht(@L?@0#s_&{M^^RpA+qf%|GM|b$WN`=39i5s)? zFF*!yQKQMrKcT^h307n7XWd7eU81vxtITSZJ#eDi)CZygyL%UpK%TTuPni)oC@z45 z>4bC=Pz(E=qz5q~JWZHh?;&(jj5y)M;>oxm!~Zcu4E-x>=KaRnHVOI%yD4W;sf~Ea zN#Es32=I4Xr3+z=zHd{J@~V@x)rw%qiKMD3;fW(s+amP1c0ygII+*AGPT|Nmz5UoU zHSVZ^aA+SL|LUlg7M582yyjP-^anVkb~!I^B!b-MSFJC5tFM4)pDlRSHMg8E?6v#( z!;?ZgiUH5&lg>U9+_F3^o0JQI(>@myU|)FUbRh8CpNOnnMZD~h<1pE zgQ$f2y~BiR@SneTl3ih3Zr(m{?_F%723mJDN%S_UmwsRptX%J;_90*Qf(P&&<78Re z%ZLi;!Nf`CQh`^|CzUy{mSySb9w4L(3%&h85IK5b)s>QeItt^deey(^qA`7@6hX2< zNT<@t-O%HLN0AtrnJ&*^$4i05R`bYEcE+ z=4CojikO!ed)jwa&^MoAA1LgqNTek2cD}MZ$ERmWd&oAe9EOBc2`4kM%PuW^#M=Vv zriF2@LHFm(sgWr`a7|J(28`Vn(8jvS)<8GX`VIukWx-5Q9|4LO?_1_^U&g)Qypwxe zDEqy6n(B)J!zn921g{~QzI>EceT^dVZP|yneGi!=XU>470m!VJN=J2@>A2Vgw`R=P zJ_x5$k*dsB`6+RP1g}?V`4&N+of_+R*&un`8w93mq|rdnHz%JN6g_=Rye;#V%+CWR zZ3(b8BYJY!SOF{@Wy2fOB?kH{fXm#j4Exi;iw!e)r1|7%19n8`EP#^r>?IwiqcrWS zQZ1x!M?>%011K7_4%#bAw4*OAmSONFYlcVGHzR+nAmROd3@i^Uxdhz_Nb2Iw!J05^ zLGatt{ifr;cRJ&3W~fe3#bLn0tM$Hv>?YqpDY+jo7idz)s14iBAp8CIkM>=qV2gYC zXIDM|=V&{tQU@x=J%KOE`OiS?^ip%%@eS68So1um~z zk8(EMPmTChRd?B}*uNz|<)gI?g#PHd>1?Xx0Yj~pC4*(NNF}2w_w}MAs)QdHNO8Gw zH?5AxrX`Es5C`iEKa=2mF0`}v^qdf|=8jV6Ke;N|swvsJ0?m2ekUiS(a|%VZL_9Jk z-e`Q(nfY*Q^qQKI{@&%gjA=`jb1^f>V)6tgNW97|0Uyury!MY+$8|$v|QydPTh_*9VOyWj}+I z5-7NB2~exI4NW0R$>4wu^!LH1k~oNOth;?FoRN8a1u^U9r(rFd6RRer@cz_`xsGsE z?9{D90`dl&*sxRfA>Fb}Jq`V>UM2LZ9f13JA^SBsW0veIf7A2{D8G0Dyxes}SMTpJ zRRmc{dfS5xF%SC(RT{gHc`M)RG^O;BGwH(T&0(I?(~|GHrL(c;ii zu4}DE@@&+|Yr={`R#_4F{WSDcXGMD^!`UcfZia0$mhgc!43Lm3$HeVr_~52qTPMz) z?kLUnY*I~V-Sfz8x zh2UR{hZNt_Ce}=u#O_2T$3GOF-4t%-s8xL9C9;_$)D|7box1}z-vp(%RxOEMLdT*r zp`eu`Hk*7{<|O?V9=JXN$|&A5rTM=8$#(>UD*mj{bdF!)H9oz_;DT%Qieq zRXYTo>`Sk}nyIO_R~rg315U>RlKl_Dwh6H>^(mdk3oWK1JF&C=b z7tE}?x&u9)#vp{p3t;!meTub=+iYo6iM6S3v3r4|52_O;b1Ksp^ia)X-&ttb!`g((E;xSL271kiL!!;>AN%Cz^~P-7>7vz!*paby_TV=M zu3!8gtfx9)GARLX=qi3(V2lF2SMfP`KJ3Nhye#hV8Js{D6izE02TQ!N*TBq-^s^nv z4O(^uqI>eb_%=Wf&uw6f(d&=F8(ssON#JS1q9Kj0GHfNAqO>KdMt zhD!F2R7~Y(pPv&TG{!;+{>+LmtBSM?un-?ra^qi&r*bZ}5$<=2DZ~_Y4hKlp$tEYM)1_sVpH=&G8gu1jE0Pp z5fM?d2r2%gj_zOVi>HW<2vC<<52J3B$i)qYC9^&-7_$F;)V1_)Mb0eNVc;tG<5h^; zF*CeY(nUUXPO4a7NF!9*aRlH@XW+HlA{S5=kvbWve%v09?pIKl(#qODH`RlAb49v- z2UC6KFaD|AWU=E_JiXpvIYLIHOa1?`N|7A*=A+h{-QVGz^!?zUn}vs1rS$)-(s8K- zx?y!W{-HK31c5#?&HP{Zo5>{ABqVIM8&C!$ZUDu8&Uox@VWpNxeR}A+1J54%7a8JQ zvuscJe_knp1z%H^I>Kv?=fE+;*G>9lp~~aP!?OLb_!3C@b^M1?I*C$O4usgiscJhC zG%f^e*vacD;;c@Wwc&|50-W1|IaPNASMmsMlB-tipnm1(*_?&6F8n8E zz+4=0VC`EWL;4nUH=B8gIKB7>9Up3FPv5S)+i1jbqs^e$cO|9=te;{DZx@&Qu)8@h z)c5_=Yh5m30h@iQc>9h9dcZ~HLoc_CRa_&tidZpN&)O*~jayjp8io_G&0n@C zIV2mY<533zeV1P)^ViVCMWEQUZ9QiQ3Fy@jPXAblL-{42tInVpX!d`y-RX4&(D3qK z|1%p~H7_6DH1R(2`*lT-f*a)yON4LvR#we!IAyq%V$Mbv_ZcxmV=BTXRs+1{-S@_@UVtC*73;}gf6=@V0Vv{BR*-#0gw!B@w3L1x*Q)4e_q<*-kXLzLv>7O}eP<1~m_*uE(PXPZ{Wbq;Us(tfo-LntD zV^xviO_MWJNnkipd>ZQ8j103N8x%T1qnl8l+>H{3vIHLHz(GF>AiJnK6DMAa&g|iU zFRGRene=bpk8#B~2IDuw#~bdL;fg-gHo1tR>rVgULrDr6K#CA;iVUV}n+`nWCi>yN ziBx=-DR|~?FR;%n0>1>{HNBt9*_rz}-nEnH_f?<%Mp51BQRr(=TSY-oNu@&E5#EDI z_FGS`Qwsy{n`yv7ekda@)aY>kU7!0`--J^|^6EyI4B?iN=004>-;5M_?eH9AO1(HU zw`IXru>~$lHKz9_Rs|i{qpt1*h73EZL(3l7SZ~r2Aa;}NAWBG{T9tE#xx_8rEfA`7 z@v8fQU^WKa+pbO@0UhkC8z2v=A}cVzU2ay)?FUbR6Y$M9UY&y<`D}m1O;k^Vjjz$| z6E@e*Bw6=Nt6*RHP_`*&H1_`?%XB6(#hS;9;QS9rdq)zYB6AGt#D5AXZ~wsSpeNll z!02Kq6v+<~_fA4)Nw+{>rbm^Ikx@OZRpEm}BB*U?pCO6=9 zg4aF3fsAN>rXXy%XU%(i!pNe;=lCBQ)`fBo+x*Bwd6R7EbgwGK&wkYdL~4z!MyRMZ z{~CJJxk@E-M!;_*_S%uO)j@0g3?6@v0-ZeD=Rm6h#!XPUt840X0i?m17bArl73?^W zY=1c86iqF#gcXZuAi{I*S>6_be6=e0x!k$f zNewk|R8_p@ul9YN0VWneP&aauu$w#Q&N(U7@TB6nPuY4KWwY#r(x5qDJD+n5IL|k#@;1wPsf9d^PZ3Hn|kN* z?yRPWa6!a2R&llP+&k4MaO@uhSCIf_re|#5gMC7;PbQ(gAi9<|hOdP1xgkl6n&~*+ zhqPKD=uOVv?J0^Z2rZYlld~`()1rTMRc6YkHdMW-#`tMus5daD8AK$tm{7=n_w*2v z{myp-XmF@3vYAQ1kh0H!sw?M|-bB#ggU{G=aJWqUDQ7?zEVJ4--&{mVG%qn`I|d`l z@;O;uvZh!wX7n!|o13uG3oc$VwQx9@H?;3@KwqZHz!+MI4jl5*rLl8>A%HOPJ#vmr zxIC&9{)cu0Im0zw++G-1j+2$^ZEE-H%0!X`D4WV3{)rYC&i|Nw+{q%i3?uz~G48K% z3Q582ocLA~4y$OM=INs{ZoHp$Zfk0_b6SxZ^O6cveNB9>N(g(^Ap_T>n8CA$p$iBm z_a$3*6tbbAGP_G6OhNF_*}sf!BQvG@Ux&iv5#fwamWaG<8_&CymNq< z8jF>TcJddi6DK7@0vK()`<_2!4TJf>72OVxy(EKC8kRVy zt7rWwq_0Wa{VxKoMU%S=h{y>d z`HC0)gD0mr&0|JF{KGJ8^wpgr{x7V~s|_)EkUimjI-!FLin(%`kxWCt32Nf;gtIA$F!j8(Els#d_Cv7A2** z=75&%vwnpKFn6+c?dJJx2iCiQZfS39kRx;n@O4ofGd;#c6YW#8-xZ)P+`wkq9e&rg z;GFp&;`bEv)#g5y3+U<^-ls!e9+Mm~NXDZQ()d;Fxfxo9X(De{g{bZKx6;93s^uWc zn#B6C;e{xPSBnEtZ#`C%;oS5!l)6%w;O>-|Z*J}%Y~)1`o7u~12|Z>w5vnG+X=NjD z>>|-3`omzl9wDaUDfe$s>T1uu$(#La&(94pYC<=koi_Wqf!v^_*OeZHwvFEa(BPG` z=~HXsecxRNj!euvxDD*XRFq_uERlE~zID-qu6Et=<_vHhswnxt=v9!c?1GT_^;iPR zGM#1D+~5GpFk{cE6F`|XFdKaNye&{e3%&BR1if>zltv&O5N3k8vlBMfcN0{GwJyla z2M=5u=?UQ{jqeRV8!V$Z!F6@Jl{+ZfL{>0z5t$=s;8x9#U z1fq3_6S)_a5H3u+5GCCU(Q#6}an-3>Dx54yghjjFQge!qt9-Q#Rpe~%qH>DpuAEyK zLzeESe|%}!*7I;>*;=2rfHmo4l9lo?;O*N1$3{swQF(oHhw;O z+`jh3FdvKUZ`i`t(GOdwZorkEAht~haXR*VSb;498=_E`-fa};P@!hi*zB7`P-rF9 z1|@R;52qOFQ^B4gL()?V$sN9qb{!lO>xY zb@jeo6)tCb`jeh;TAXN=N%Gqgqq}dnqN)@08jl|cEdnOtS;aVLncI@TCX*(ImAF;k z?9o@czS}X?buY;Gl^61!GWPgNu+NuxS`RmV3pX8hZShCY>XZj!`y(Q~*SkhE_U4G# z+Rx2UWS4#ig}8Z80qz0j#BghS_F{)fEHRrw-p79H1PJS8y)fck#l~j8qt*I~#RJ|a zTm3M@ylbiJEV5E@HTt{U)US*>gafa`73|J{yNiA9#~a9{e^_Regby>O>qu4V{;F!E zRtv?MB~t9kBS)**S%Ma#7YU)nW9K2sLqB<8)RoR#qdrozE6^9JnA| zhEx9RXtlcqnGoKQtsqywn8vd|og8lvRE7OFA_SjKuW&{HWaahLSi1@I^hDiZeR69S z@{E7P)i4<5VuoHLSn^x(z6KjKVcy9PRX}en#poi419JjJLCt9HXV~b8cevlbFVZ*( zI@+W2SdgoJQ2a9UL3oIzhFz%op0`7D=iVA2^E*D+JEW(jQWREjh+~{cEwesY!px0p z{`-T@I%DWs`3ob1VI8l9mI}&@IUW-p4Igx+`;XLww-sn^EKuO5RAzZyWPLBV;U5`? zd3`lzc0jS&)(xhSvR6SOtoq0FtXX#DbM7+a3HvPbRDs4cliCkjlfB5Y6VYm!V~}!> zXl@-(Eh_w@)D^57Chq6xpeW&{lF7#P*Z!yt*#-5~?jExLIJp3Y*NExu_wAY~ziqx? z<7x1H)tNUH^iC>q-wx9W=*+yy7iGUE!RdnJWYJhe#VsY8`* z&AA2_-$bH{=@mtGW7AZ`r*>e+ z2=zGqE^z)z6)Ii6H>XmC=?(|}o7e0QOp#gfKy-}A8_DA^Ci7eQzfI<4nL~l}}H$cvahfD@d0)HWK zs`lkG$ar8<&O{BQSzI$}YKsxkn;m_fKil37)vNp#bQ$4)FL&QWBF{?svq~^u{92CY zv(9Vaf_+CT!Ru#6ype$gGTST332uCN5i$c^hJuo{cbI(#SgL%-Zm1%?jx;!fv?L|Y zgpTI;s?@U8MhY<~yJhn?>CLmrU%-^^@6|QiIU_zY^$`{TR=Xh++sD2Iom&*yZfazQl$?hs# zKVa_!Ecj+ZQb9q_kPI>JHg@b}Q#76(p#*Rr!HC84j$B+k=X2|{`9 zF&CRvz{YhG1?D|>zH@mmh$r_(zgNVaVIA-ZOZ< z%2UNGB0TYv8;AyO;nC#G({Xj=RbOB6q@HP{lb`3>$IpO8)4iwX3PQTnhgbE)u(Q-% zm@wnhrNZN-#JYItXW=Fs%`wOyYxRn00RfxLvj>n`x{u*y(kkb=Q}Za&si{S^#;4Yz zMP#Ch$L5V<-iQ0zGo7|ua&1C75hPj ze;meI?3UN-Ttpnz4&XH+xh)M@t6w>&XGTqMpvttL=k<_d;6yB%h8X+LFTW}Q-A&5m z_2q#pbygMiZSfy-WXwkI27Y-K^?;_d*M|P;qmVCMbbAGw6CpPQrAL>a8s3-n3H0ar zpuCy)*YK${WePq#Z`ocTcu*6fXm2&#hqhY6epjwXRj;Pel`;*T1R05McZUd+KBYPv zX$Y-@HfS?aDEV)xpc{Jxnsb0A`_Du}@Z-Oo@|zShJFh%Xzj)S^AE|sBi?6?x7NQ>V zMGn;QuU4cT)p}R*c=6+ZlRlDk$gwo}bW&pLf?TbuFtmDuv&|&Knke}}7AP);T|vUc zDV4)*i=5WI>7U*DAI_u~3@vVP-tdlHUQcwZ>{-=S%eeIG)cmpq)K)GDY>v6tiK-`B zyp^klfzQ{lx`Wk+Yf4XNw_@_3hciT7UXx_I4?{fC)312Ol(3c$=1{qi+9S#RJNo9` zcwTj`hV>X+mmy63jR4@!b{_F2(P=c8dMj5<2 zLwq|A9;>D%f5a|8*=@b0XpCQ9%wtbTO;Zgcl7R1ZNSnt+>k?8N6Yps()MuxnJn#+m zPu}4uH#4G*HlbIw((}+HT&ZZhl^qn1jJr|D8lRM{_#Rro_;$1jxY$b@9-ymL-NSWP zoJhoA{M3O`b#A7y26?hMXP<$40}$SeLTn18IhIVhF#^u!?wqs=d11+t6yK4)e|D_t zAJ)mt;6pRPP*{IK>D8?y5&hq6ww#M-?D((mLFi$X@b+z1=F2B@nEh7nOD1x?<#hCm zw3EL+Dh+b?{H2zYSBst6$XP%QP}OobLwHssf@h(eB&%wIf^%cSDJxPLxJHU*jAJ^h za#RIq-&kQAI1mr0V^BdzXrDQR2z|s3Pag$D6vRotNi@&TyBLKcp~cq&skPMjqsm=Y z-J{FWLG)G53>jh*uw})fH6d<+yO#NQx(DwGB<2BVwr9*xv;Bp$l*9HPE2BtBly)u; zYe&J~m775aiI;oZ9l}?}5|@{h<8kU(C$& ztCKh=qkui6&dr9xcNXKPXwSo_KAorCBXgm`dOtjQX)gx6=gJ%>XF`fPCtBr6e@j&d zav^l{1m$jb%;)Qt4)43aY{p*)b=n{)Ucp;ED8r=Jv`(HEewZr$x|?aUdA^@4tN_l0 zTU|R$rkR}*I<0v{b;Dh(Fd0+E@|d|KTK@vmdvnPqm=rW!Drzx%xmJp8%$nwjo!o}H8nivLoZ7~r^?XE6iK}1LU6-Xb3PX()L5f>V|m|jW%9dFLL?0n&t zs*swaz6AbD&{8^KON>b{KFQ}RCE(XwaxG)ZUx7=XTH+3zvMz~>NuPze3JJhzP{070 zfu{e}2xbB2<&7ZLF2SkiDL)_>^A5{PnMW@yastmkGZW^z4{9aUWU)WIq|;p61&-?$ z3=s4gJ_hCg+F$4{o_IYcM#Ks4zUq#xnGN*$^g%2(^WQ=jGQ4QfZBygifb#HtN1`~1 z&N6gs(mx?W!Qrl>F!AYXO+1wD){*)2+Fonf5($^ij;XG`yt~YG<}u>PwnOWxH5%U! zUw)M!O!i)qlR4?66uH9#N0>@GG2`vu0!3`Mw%QCv{o|s0>tIu60(~mirb+BT7NM8# zLJySU_b2_C4~G%u_;AWV8`lzpYKk+a8olN$4AKE?A=O>i1SAXbB)eOa%ShKz4Wgt5 z-j!APtUN*?e(-TUVQpoYp6WUCXH^4G9XjR$ z=7>ZEu0;D`gbdcZeR*G;^|_{ql`yT*MxLw8CzKN?Ob-%kRq9i#72mHJE0K+?ts_s8 zGOW+W12CEgd899pg&I|Q1=~$+hHCQxXDVj*#a*3jM|FMo??!S|CMW5M2K=lcbi}bw zrFW1I*dAnpT-uuibGG^b_c=U5;3>?bXI)!W?GBLunT!o@ZRfdIROv9c1YQ91AQLx! z`}R4KZtcogXn2awVz9z3lS?4US<4)H?&>*ExO$!qa34AeqkBkm%d$U^y^TwW=S10z zI%jG-NtB_bxl*RA|E`)K#8QWBK}aiKDfH z1f6e7VJRPh0!M;0gIQ*D^ksnLG^io{!g&a3JTITEqz}ox@!(~;WkE=Up8xx=41F8G zmgRL7OU&`k#=K?YXYcnr?^R}|qRUMuRh%1%bO?M82{>6fz>U$Yv-up$>uVOfyM+Ia z0;fnU6KTuO%;mgqa&f&S(YIc$&R(zX^`{|uH|?nUKf^U=CAd!8~-lUdLH1d%+zdK2jSi6{0DF1+X2uMe|hb?1zcv1kWI$! zKR9UZgSD!#KS8tRdug#d+haPLzbuY`S?4hBp+ETWFNb!o?^z?7Nt0bz-I%}IsS`YD zNwXY}G?%jxvw2N7Zt5=lnv&m@$C)vKUaZ<-wqf&UH8Sr%6>oZ5{L9P;;m}fIZ}Pg zI-W&tXRn#l8!YZr&+PT)*-#&Pr1FvWhWI~bBMUIi4nl~KmbmMvr;QtKK}1Z_ZItfS z?(nPTJJG$XQP+X_0{s3Nt1Feo)73R_{!DP$tNo?Y>SUiYGB+V?yav7KnCP!*)ChyL z&10_J*=e?em)ycp0zBUTDq?Q;33fTJ={c++(Dho<|DtkCQ$d>msa8tbUp?EY zGj{pQPcA7FSyLxgVdOPy%hk$MocDekFJqwR{tM*rS%Hi!aSxc{6*iXNkdA`6)lhuT z1F*8SuZ|p5n{&CB$2+q0g!~%Jh!6V>slRV8GO%fw@iF?``be0-eRb@m*$c*ahzU|a zB%9iG2yXWur6ZrT>q7><%y`<7+I>o4?o~}ec>{|b=ZUyk@O>0{(yv17T;N^{%{tUX z5&vR){Y#hUW>B8gkw!`^UFZ0g$3W!IOrjJK#q6nKxH?Al8hK*N zoN5U9v+DZMyjP4L6xb-0aqta&eve~If8&5^(K+>P@SGJcqhmj>!nRmdK#g^d zpfjKP8)W~7V@r$mgiPzVdKaD+IxCU&;NdT^o6l99_(xRwq7&CiQ@vbVZLx4!BD;ON#V4nNZ*fqLq$=wO7Wg*Oh$>lL7;T_#CiMd#FnXkGoR^4l3z!K5xUNz zp|6$e`zu->ZNF%oPYYPeY?%(#s`@xQ=`c;#gHT`MBOJz(WInR(L_o1EosgEgdz_D4SJPNBsGYUo#}s=*??KDqL^radF{ zIe$R&e}aB03Hv#}dhze|qji(pLj3FUL#6#}zc^0arI3(c#Y<|0tH@A4aJPHbo@w0w zk&bBe)Av3N@G$Uxj9@NRLU$t4T%(B$0VRRn3Q~(VhsxtIGGh!AKB8(pO~hS*g42P5TX@4a4W?^Tv_v+c1*eN zdIw+JCQ9@CN;p3!)Th4B`Z1j%Y~TFnOz#w{H&OJn}NiW`gdTVSNj;)kZfS0K>{3y zNSzf!FV+6Gr0%#r7Bp{yPVvC@rxw|a|7(ci^~+a%bmmSXqQy{+aks$dV{|9$hRXxK zxoSH|^XFOVoe7lj8ravD{0hA2>SUaBfO0rTcbT&8Y_Nz;{t)D0cKiLMZFm$bf)qv- z2@dTO%gSZGg4L+h7+9Tt;zL`>?`wa}ZCg{LBX zL0ZCV zopfc`bG{uMqX|{SNOGsx{On$iVmBb!z-hf7>QlKqDn7(|EV$j3i>rRo-M%$SHp0V& zlfDIOMy3n}U+?;ch9KdGFArKZBGo+5(8o3IH6ze~Iiv%ptpQw+Wpi*~J6cX|*fBul z(JlGC*dCk8(A`x|o5j8DM*5dN?ZIp3&p6@9=U10kktx{nPUfb_dCc}&mQ*_9XA&`1 zN@b8vsM}0u?&81J4R7b-D{$)S<-vxc&+~Q5fobh^I4!e7PCc;uG3a_Fb7E}Dd3npP z4#340>B**OlVLZIS_>2)>44)9{~&rZcsAX7AX#(|^D@NQZofD%aAtHaAHv zLp9Zq%cAP87eruX785=#Xah5#sqG;UE1=PCRqWGo@4E+cOl5njh}e;ARU7^BZONd!%CHr;zQDVIs?i>+iY&6ZpH27z}wMYBcTjt}o6tv*yC;)$yBAe5kbJbiV zGnL$yOdq%kmg4C2U%(3{5hE)9Y6wie#JrOHt3nE>ro5dKxQx;I`Z(?f9j;G|%SVhU z4w^sEM#UOQN?fX0OfF%Dt70?MF%`;e6qdrA;5T1Xs~|73|73W}>K_E9?kzBkM;(3IB9`@EU0*L0wi*1yu%PW7b49LOlu*M?0LEln#iNFjj} zhkQw3iOt}d+mq{m@u78)hdfl`G8!*@vE_?# z_s3EAS}LR0!AANOSDYQ00jG(yzBhD4E;+T0C0wvT3u)%*h`Y>tP~mi9&J1*#6&e`= z@$gO{{Pve3vsq&`Y)v^MPO2})OQ}1S)_;o6glFFRdquLpomRJ?lrAe@G06WDNN3Zc z(uFv<`L;2M=+|i7xE`zu2ZO$I94&dXU68=61%)|Y=o_(lY9}L=x+%5M2?_=xq06@s zBy4CvmbQX9MH99dESohF;x9q^V5_>fVb#d69)3P|&~T)VWY#L{gi1HPtqNXhoMc)S zAr?RWEJl8c5os63;Gh?zJ=C&LZxVjLgUMfuelRO`nKxo{@J_Q|)yfBOV6;?o(WKR? zM`|)e&B*Xn|0`$W8PD{+tY_24Pw{Iu#iTM7aP-~H46fCR%~Y2$Kj#_!{=u%w@KZ9x z%;q$Oz%$Krpk*G;<>zd!N_?Ngfq*Xz(7S8~O%MO&e5%KD3R(-d`o8Tgz&-{HAeF(El>mYf0V5+TFfa#5NRvO_|&gYh_AuGN)t8Ga-}#m3aVOb zWQw!O)Z5{=xKiWDV-A6QD3Ty$;=9@eGUbz3p8>xqpLG)=1eJOn2CL0@aygn%c6@it zVXT&q3{MpY8MbvH7ypt!7=RH}3{CN2_j>l2A=L+CA$t_ZD6(%O-aOIN3Xnb&qqcY7 z@3*p%a+gcwHpQ0d;!Kl3=Jbq|wq6ltDx*g;{U6E*rnWx}{;>Nl*RHXZPf*)Lc(3xC z4mD^DjR4HI^TKjN=cc?Uo#YP{Uduv4g1mEQ;9tng<8qBU)cLhA7FfF!#quK^hiAih zP^$m2!k))Z!;B- zM}Ym&__dVo%iw3iU~;BN;zTavZ%qk5qD_C`K!4z#P>xw|M0{EN`76X9ixOMkxclul zmFJ%D)GMSjBfa^lP8#4M>M@nj`fQKqE9-#D_BbOZQIKqae{85YX=ruF7b@YjKd?UW zw~Q@lq3iLn)-=Qog%m?D7JLhxZ&|TDn`x8Ax@&7d3>>tiv?+47;JrMt)z9kBOo2)0 zOZ!ZY>Cw+=Yu;EUa%S+{0i?l&)IOQ>sqmlJQQ15%q!Qc${5}B1=oH5ke^f3{48Of; z-H;)Ko4`32_#*oXHMAN=jz3wmejw>~%tK7cd`oc}OEucGh5cr{CUzYP&0R@{CexlF z08(WqBCC*YpT`h#C#g{9-7ykb)G8yH=87Dv3MDA=R*XF3vA2u0`&TFH?A0u*)`8T# z$e-ilzQ_a&?B*}Pp6^~Gt*0-KGppkSopZC4LKg06O#6)itcE(Z8f+g|e#S&(`Qzgg~g-Igs)y1>cn5rHp4}O2q{82 zxg5t4{Ri7ML*o*e5gxO@jFdmU`GcNGx*L1%KM~#~`&acii11!&wzTxu!`7dugI16| zh_b+8#=hB--gDpY*wxqu($3Zb-QZ0RO)nnK zit@e$-39_o#>|@AX9Kn*He1;P2sE%2z$Uguc!Xmdzy!j7n}WV$`xAiYnAUsSbN|!H z+|^K%>{7;u&2?lnn&j!a=KfrbPt|-hC;r+vlsyZe7ARy*6;Ef1lf!Fa&G8vEEVovc z(r#`?41d4Z?=bk&EPt&R?-TMwy!(wd2As{`Ey7%p82NcyJsdcUhH%pRb769vPrr1V zBROasmnzFd1B%CTetd+-d4KDFYKDrF3hO>w6>9|kN~@0lRyocZZnwZrFv&L*Y>=HYtf*c>qHfpMD*Bwl=PB>`l&=E}$Vho;^HPzsOWDHT zy9xav22OgU4g%b1I95Jh=@6^&xvg^L4 z9k5H7yZGbF>bN_fn}9ddmZcr4>DNET&>vNAx!||at9Gt4v2KB9ZkjJcrpKNaem=}6 zhz5Ku;~X4km&q&{H$N}3@8c_FoN?sbyx>@qx{^YNhQ2KFy0O(fM>EnXH z?P~pk6@?UD+SnBX{bQIQrVznhc#BJ}A+RTI#@Mvt!Ss#HZMQ!nB4UZh=;DJ0=_lB% zyseh2HEu;H$#eMMp6oS}=Z%M=4OEynI+~gfmjVTg^J2|EcFUL_={Q0jo`O!=w5K&` z8qZD>cBZtOMnR$KkC~H?6Le`|?nmWQ<;AZ%#C{{cQ>6WPG&LvvP5eep zRM=zhns4i4=f}c*9GlcNB4*pvjHWT;W#Jya`++KAZso+ddR|k_XkpHZMs`h4v)amK zf$;C2+Uo=*i>^_3SIS3Dbl13PUf2L_0W<_vekscHpW5$x9@#AF$OS7c4Xxd5(iUtzw&WcU`GsaIxr#$heHTMCy=fcTxHmYl_-_HkmT zwFBnNqs@xBQ&h4^i&J3(CRh57>o?w(d>fV|`7)BnZ_S!I^>@y5pUk=Y=662FM5ET?(uSz_^~%!FH*Urd$I zJjJQmNLrlbv@wb~%l_(e6&5o;itP|r){m?IW(wMF}mkigg`p|CxojU#&Hl*|d-<;e~A89F@C6SJ6k z?NgN3z!6=H3AcIzI#4g)El=5>CQNpXA1bw7<`t%>h7)OZ|Hkdn>ITOrI9D+-eChF+ z^JZg3@^-Ji$#pt~tUEYu%F+qW-pen!KTepGi8z`TQlXAEa3Eoyo7He#)NQUxmNn0M z=D!GN<|li#)T{xpB^N7QL4TVUr@0&vYDJ_n;%)s7{Qw$3CMKK4!DW2xuawKULg6;B zfw$p-;HOa5D3j`4 zUM{jFp4Z;yyz}YrUli0RUsIsuNG@|~Z6=GQuioJKE*%4U+eWV^o^MT*>p#VJMst+q zo5bg7)(i*>F1DsG*7qChU*>$gb;u>-6^;%2a-p)|8Dsfz*7u%kq((?k#l__WnLgN% z14F8l5zT1H_nm8FJReJ>X>Ww>a#)m!C~>6o*U~wucFrZa=rg#GLiwDe4Wv;DUpGdE zmaco%z>+~=SoJHjB}x_YNcP$7T1viE2p$@4#G(n#l%F}bw07-AL+a%0i+oucQQcee z-?BqM3#+!62KW`hwP41wBrAcNhokFR=q2GQi+Hxik|FoG^ zDk0gpN`4YawTkI)+qIbS>1m4lDZ)+ofYSfR*E>ho^+f%{xlv=AH%?>Qwr#618{XKq z?KBM=+h}ZC4I4IS^4@-*-?P?>wcbBw);Tj0mk94d<}N-=?5P+R+yNo#mQ6rcJXN_3U`VHHzW%^$PRJ!4ik5 z%$BsV=Sj(1YMn~u$3c}{Cq9Ft`omVS0bT7c>GN?w;Z%=7Bnt z6Sq8jzNh*enz~{)N1V?ol5Gh>JC_R|SGj@>Z#LI0&k5P zUX3>F7rOAG-;P|k&UNsq$<(lI8+ZAUNO`VSi~M%HhMp`47H4f(<-Mlma+n=#GZMR} zeOZ*K?>ycc*0(|0kutpaUdE$U?eol)8i-Fb9h=y87=S3E2mo-x&%t)#2^(YLy} zzy&z>82BiAc#l$SR87WH|8yA3JIv3g(FZhC=hp@{MHpzW=Pg!BTy~I<)`(JG+LY=T zKQ=mKU<(TBzfW;xGEKx2=2SUa=RP2|QTsI>+a&Ydw;q6=;aQ>1_`LgKeXl|W)$6Y_ zY8-Lbj`2M~RB?x0#O|0aA2>T!i2zzChh}TztCwz*@Tnwe!7e-`Tvj zems4wf9&=CEqfKu6L@Q#{Pjoi&Pl#gP8bUD_28;x`gr->>kI9V$&jtnrZv~cYOnjL z%55j@Kb7mCgbwJ-$KDf8Iw#tvEYTmkqG`2H>5Y$d24kz=3xvj-46b51n!SN2lMULU z!AB0S!0!IkmsjcR!PdzGz_BtGK;)@j;F|eSEw0QAE zrXv8JTzOQbr!j1FrE7%;bU|TZ5u1c5olTI1pUDacmB_)8RKzy#FFyL}b%*i@rRT?W ze$f3yaR*<6*f-=SD`-r3X)Ca#S#9K$+MR-r%ekzCUsRlu&sq@a_t}i)H zdVA{wPdC`~cN30{`?d~u>sV#tL5(#IkK359TR0}wm8_0ljQRY~ z5nR@w8g3tyna@*$bH^Dc^1i#m+A7%a>YTL>xyT3j(EC631i-&y8hktda(ckYOQvys zye$o(CF3ktjWyBSv5wD|(G;E5*)qyeu3KzGq#}TBmjAXj-FYh1o>MB5eB)PjFyt@d zW0fo8D0!nuHcJHwbaC0gvogkPdidiS+TVQ!StPaWrU$J&kFIzd3K6eDyRNLNfAo-k zV~MiJ^YF?n2*l9znw;Ndu1x=>Hp!aO|)gvb3U4M}xAl<6S` z@`;s;!xcz-P;BHiOe>%Ku4UgrRuUO+p=jtn|Emi5kI8*H&lhawJL2;<$lx!Q^dybtL`^ zhTm%*KluA{dt1}uO<~&Ss8Puko8~|tpo1;c!!zgJt5&tU0zTPxRG4y1;XSw=_PcWw;r#79*A7|h~{6XYhLVGcuw2op@6@hq%-Af zaVrh;$->W0&01H>L#od2t0_$G7sOOw1PaLjrs5ib;*r{900BxgKRCk&YSGA006IJr zMKOR9vXYOIC5gqEya+RH ziZKoDHG>qU^FCu^Re0oMfT?250t6|$7b@!j?L~g(8Xqw-+&h z4#XmpcD_T2){KB^Fw6{+)Vsmv>OyGL9Y>=VNW{L@X-)Glf^CAdCnZ>v1J+|>w_#hP zRVC5~iD;MB(;vR###{bIghqIi145)1qA`ey=mcUHLN$a2nZZMi41|~mIkI8P;J6xL zL8TA({`RbAgf_vsO($0*1LRAR7KVLy2>~*0@~DU?zy{f=LVf`O;*l}ysqiciKQ#~Q zm)&+2pj^1-`Bwt2$sxW1JV`$tQX&0BggPB|IvX&-No0f@=&pw_rajZ$P@!*K<|M5kHS14Bh1nBkHAsFB`~Py?xFB}K!F0D(3s<7Y4rejc> zsj=+iNZVj#obQ5GphN1wI~v`S*`uN5&_}3U71~E4sDAo7_^GMg>H-nP7V`#!+>mK8 z@fjim&9VeQ4QH2YhNhW_t791cMgQOJ;W_;3KFSx{8Jl&)a6rg<|6acX9Qdiw16n7zN7`a0oy zEHB?biLR7$nXR1to|3chWtNLP8yGgoMz@6Jm=z>aTlV>KtGHR#f&cUBL`&T|#8E3V=>5^x+|7F6jwY2M z+ApmvW?l0wlViofu)Kxy=xu!QEL&>ykI1Io4(@P-XNBg*tH=8NyKNmU z!zWe76f(Ba2#dg~htmOuWCtzoPwT{uZTL^1zkbI#F1MflMX#t!BTOhO{#axV=D6Y% z8}nKyL=Kfz8XjsJxW^kx#{9nw(~n8l3zPE5SM8cY2w?Zbrvy-oQKT^m4S$4O`%IlX zvyRO4&ue*PcOEM%_mOR`zGu{SxD~#0>wjCKm;&v1JH{fC3s;Xl~4J3THKcS9oadVQzHa>zIow zBQDRa&8e91<+fw5F5wa@Zlu8RN~qp<;Y^TxzJSE~bl#lsCu>;?6=}>Dusu=kPo;Fq zpCHbSdBFPGnQ&Dt*}&U{olP@ieme(xY&wL{f4S(z{i07ZS*m0d>qIg@*|L#bJpO~; zo5z2u<~#eSC;OU1lIq>du7tY~Q`30zW_E_thi3rdLk>6dNDGw{lw#xz*Vu$IvN=sg!t2fU#!n~IRUUsX_fFS)E`ZPARktarwjR_v{u-AcVV{iF zJl@N@E01pZR{gRy9W7h-1;JD#J4Z>USvD!*)2ZssuHM%r@i)lG z_aNS(L(5Lm-p5?kn82Z>ShZE>BVubnJ3esnG+Jop8lg+9dEwc!;T~RayK%M zQ^Kj`sJxQEvYM^HKArR9+ANok$Avp1r@YLpvx!za&vDI;+S=~&$HTCBvT(EOW`NPE z;?t=?>5*CI_g|D=zutZII}g`8SbEnQow>(&k2;tpqBi|^l~df- z6#(5Sed~IFmK4Gb9l%P8`-X;e1W5N|kNz$~SV#$WFqu@ZX6PDLFm}_G)V=E4C1@o~ z*Qtqb%Run8J{@8Qb`x|l!>LxEhJVkbs3!s=1 zxLN(lfZF>g`#&*xe+V#}5U)WGU%q+>pW?DKlq=I6K1j*O$f9>-4itI$mCrw`bosk3l;rV!!sG zSDN2xnrP4QApvVmVwdHRkj4v5zpgz2m`j2~(3MD^RPmup)!@{}K{tPun%sU50RWsS zJa>9Q!^Rf-Abd-u*Ooepy@~eCr_c-7Wj$IVb8po`0!^@AH>VKiRYE z*Y{TSEe~uZ&z8BSt87$W%+0X|ua796U+$~D! zvU#!cJrsAV&oih6ky}C!w2@PbD~_BUO2`8mD~8>m63y9AU$H5;Jv^Xj-Wt6(o0#YD z!>jC{xvO;=$7-)mv~xhV_cfXae;GgQ)n|6r&|}z!@%=f&QPKs=JA^C#gSP(!hvPADT`2F=NjoAn7%-^0W@dG!YoOUF6yRmLnQL76qtA3Yip}| zL6J8g#6!c?(;}x)r_rSE0XrZM+9*%*@;L?DMbeR@MeSj7#b4XUC$VImdG`zaE8|-H zhLr8HjT3dp9)AhUdXFRnPVCn6@Cx>!ruJv166R#>h4}Pbt*5WFI;&Rd^16+jepMuq z*~KMd-1%mDq#jSQ=d@SREE*YYRLhanOMYDd1+XWEJttyOk7rkeF-{JUx~+2dvTs<* zYPOQ!RCpaOh>$Q0f4Kj0;WJ1y#S42hON7cAZL~!}4P$4$rhj0PDpcjfaEwvK?)EA` zx~kI5ZsoSD_%c7G_)+5hwxe&p6{L(BahiXn+;Zj2kvqQ0^x>`U`1udD;aB}+f4O`* z&|MB=Os621HigDDS(D5)Hj;}B-$hivYL1_ z@uE}}#wASeBPt7(Lthek6!31z$aH6zVo%MjlXK;>()S#c&g6?cvcKKqJEBx*l&+w^ z;YyuCtMSe;AaGz*knv(#+DhIl&N5a>tx3SXLD^*cj0wGL#4F8~=9!6>nnOlqrp7rV znNcwXpip`O2&iJkt+GYnTjrBd(gKm-%S0i!EubMwDabQF<8a2s((FXXBA5u(LG_6o4N=yK{3>bzsnk`e4;N$KluQe_lkQIVcHd!eF1 zHv0mvMI@KAFz^wO-LYssWT85zX19SH6mW59VnB{wRSbLrmSUg+Qv+>qplPyg5QG?z zZ4Om;zc2tIaalTq1B8M2Ge}$p_>y0!WFklc+6;Ij%}+9o>^ z-}5-2AxgRGla2D&m?CsFX6E4#dgdQ@4@Do$eH(N+%+#Nu;a!pyth|M^zZZW|vG7VO z?N_;_c332*52=5a&=b?s=xsTxpe2jMKvMKFGEu@yz5-49OLv-HnA+#+yL<|jKI>*3 z_iw0;z!J*KZgaAl$Q4;kgp<(_V4%D9_%T>LFIEESs7+3ejhZsS?@Exud`nJtpw&O7 zDM8$0B%p?#A;bCjM=SeOv+z+;sy>+Y+jou%!TBYalf+m{Y^15^{_r@U9?Vd)m};#> z?yB7?vjylLw@?a?CS1Nb#%$Pm&Wy*ef}xc+20LeI{yHfpJ3gT-A(2yBpM>}`J)Ra0 z_&Bn%<9dmzwKQ5zYq1dpiS2=gR+*3u;j2HV`m2sK$_b<)@|askxUs{MopIB< zgJ?p~S0N&i2BIwOyRQ(vh%9Fc;hca{7QPvVsyGm|3zUx0Y}iIgKvj`*sa`j@drQy&#uTVJJ)n zBsv`y0~S~|yz8nv{&tyuX)QE?h8QHyT}60`n7viAQZj1Y@?fTL5#=GYULqzz%6u%Vm4qg&=p zWy?l8Py7jy%cj=Nn2rz57#av7)gq11mrRJkHNW`R zI#ao4vpG+yNRKqdfgMKjU1CZ6NlEsrFcX9lZe1Q}153gSsK$@~BE`XZkqe7u!S3vN zriQKV&f?c}ex=Jgk%cmi-=^NKW4$*!J+PbCP!F2DoDdNlbeXYG=LzN(V~l9f~THE zQ=%MvxA5ANm$PiKq;O)UpUzdM-=BRr>8RH!E8shutMo%Zya43$uwdM=d{wKfpOLg8 zG?wFgZR=(g{g=5_)(KRh-SQ&@@AZu~VZouz)5sI|9AeKUaDP>C8Cp-@<+?tkmhM8ApejM}}t#m++J6kRP>@hy@V(n0fZ zN^8xkR%E2Sel;ljk}x|n)vIire(fbp zB=MJvX1P`gl%xP6-iZQS`0jN!J#AG=y_$N}Et5pw{q!rNp(D6k77C)s&!zA^9pdTT z8W~zY#L3h-xb(@(9o!YnU3=6P7g#c)cuDXQZq9n!0*Bu*5kd>n)(CB&Tc?P#ngvf_ zzT(1(@(?TV^y*{_CWS+}`>JjOoddV)$wyb9e9g7)PaX)=rQs*#MH=F1k<$&y{1QTjkb%#|9X~w)fRMOM5Jg)5j}HnW$%R1`PL3(m~8DNRrYvW zFjvbNEoFOJj&~gXUf%R^u_BPsQoXRr$@jgO7}Dvw*T!iZ3W{9uYhJTIB)qX=r6-4W z(#~?gat~9+A@pO>c3$Rgn&it@1$bXEbX*`aV* z7BkEgOiA-VA4B+=cT z(nL%Hpsv@V6*3g=V%$L+leyD@il5Z-u3wCL{%)LwJG2}o1Vps`@}$C}*8kS1eO8Sr zt5F@(OAMmHa&Qn%x8kitM|Z(nlXSx1BObnTCF=?yrj(*+B%u1f@+-jBNQ&{s{}t4> zPO4mIiVP17TS)m!+57gwRYhvtYRZucjb2PoiUM=b z|0!qKTc1ay7XK+ZIYh*J-%X%usWMI4RHtgTv9PogSeD>c(8R(hlf#MBmn}R2cgiSILig z!7hbL*#S8&^wto0WrII85Z<-vPy$6WLci&6_p)?RYb|)ED5uVCnuFf`ktrnqIqgk& z1{orhQo&JlQC3Y85pqXz@>leTSD74{?1?YXjRZd~__p5IrmEFwzN#!&fLI zIMG1bl8@YWTmy#39D`05orjDqVkR&vB7m2k^-ulHQRF}_)7aWiLD8?i!S#{yeK1*XCA=)Fu<^$jOE0L_6uR~3?;fFe*nyx^*%Hf3FLxrDY z(B5-5y2?zJiBj1|DYs|Iv}+;FQ5x6CT5{10c=6OxYPC${=kT3_fA7#X>;P-xS#}D$ zxEU*u!LiIYZg4D<%<5hwYS{^BcjQA3<_d!@&moRME|TJ#Q5-cDuf()&2P`9+w*j6V zY;a&Aw?<%C)zY^Q#K1qzNIRl*OeUxFlh0hs2zx?SeSu6APm(w zV<1J6Xa&8O2hg>);*ukO5D{s?2cM(CqQEwz0GE#6I3)TP0@xdiq>zG{2^Enj(#0m4 z*Y{O}aEN9QzAV{gyk0EdgaluUo;Cuh2AvCpRP!SSy0qb|`PU*R9&4l$Vw{1hj@HO& zEX-({@JS5J3s7;;A5)+w9tk&648BwZu2dMd)Gmjh-4_P|U=V0r zXC}I4rD73^f!@M`2y##kEdX276B`_rSYgA~A&9z#>u5fH`<$Nus*p(~tSkZ;+ZyZ1&hl1|DU+m!Q2`CY}fjh#C_#tv_xg!3_v-7GYw# z{md^cfy@?T|AG^uaNLDJs3B)EGv@+<1?_2wXw#O^;Nd`LR$3FJL7ia2Z>NPiFZDWZ z9J_OS4Z#45A~ao9J22X_4Wrc9Qx`)CfP)Tuf%>KWm!w{PV~qB#DHWrrU1jjyVNtLk ztN=vV-Qq1NYY|g8QphJ!Al`SNh{272;0{c--v<-}rU*jG-OuE8nL{p!T^PeQ!Nm-M zP+USj?AXLILri1`kU(oM-zTOm243?h-3;?}zOa*E?l_eJsg;t8dEZLGS(d;xR z$Ygi`BBp58tdy?E9(rG^R6G#|noK=}Oxz0rQZhUwDM{)IViIe24A>olZ7qcL2sN3IN$Xe@##aI1`yti@ zrHSI#08Q`}FF0~g!WcqYNWAT$`YcTgC+oG5p?VZBGEkz=On_F=ELOWom?BwwCRP&a zgVVMmLF`c08BCh2lAoYBJFoJw#dFRAbAtHO5S?*Q_8E}I@DXo5ZGA_oWGA{%;0mK~ zwl0-}njyiyM~V=nh>MRw>2C$){t7BE#Cm5q_WD3eOr;_R$q10T zP^QamB3~3LIT`CYsoFT(y^H~_aV~xhGM0Qd1Xy!KDnv34_k3vfW@s%eR=&|!!vOOV zxHFP($bsf}8@V#h4t)k{zzwnB78qH&a*dT5SpXsub$dIu_wawd*$ zkwgcg9frFYRK~F~*~*|k`P2?p(G)ZcFCq=b@WSnZz;2hl@?8n(IZRZ1Oo-QVOSBXL zU~1nE-mVS9VD7OYD@2eugV9@(*mk#UmfxsZQb%Z#V2m()f)dwV4NCbg@Li$Fch5{7_ zm5BQH*8k^AnRwAdaD<^v@WU~ zza-2&QTAHUSp-;IX3kIc82NH=Uf28nGPC1%@cwaL2kI62^8xysA^i9Gqu@&pzxUt$!4KVTnHbRfpHYze zci+3(JCJtQxzc5gzpFMgDM3~e(P+1)pup+Yr!U-!8&ka>dvjLjxJw7ZPy4%$>K14F zXQ&|7sTofX_r{`+67>mGI^vNgPhoqI9_|ObuJv))^M^wI@s#?KANw~uZ8t7Bc5obr z>sx2Uj(XK^kD{#kP|O>c)A;8|QZLr8Rd(X#J4lBUcT&7TM=8$4dhm2WvwM(-8v!It zxVIJC826VYLfn}Q_L8W1^8ME2ybUxqU;Tb<{r)?GWZNXgVUm*nOp^YYG^X+0WoIG} zG2z_q>SOjV#}p|zZ%?9qpD>~kQ{3+E*zk_dp(isVAjCRkB|#qe_owv-HPqoot$%y9!}B&%v>#tok3VVWpK@W)fx`wa z%+mQA9ow%9s-e1>O!n%+lamZN?m@MVd4ciyo%_64z=BZYbJ-tJHh2c9y~WQuJkl!Y3d8y&vZ+ zzPp+WsH?&nU)X-0m$_4+X_%@kTza0m2=~zMwffoaWwLqC zUT3ye$?Svgf}96lKCcY3&)XpBiK#h zJ}d*WoB8YfiRq;Cn~5fhiHTzp2C^NkFuek$Egg*xxiCx1YdO zI^yQ(o=Og?@`x7stzavX!-Nx#Wu2%c#6h>s35zeQ$9bAb34Q@LJa7*Ycl$RE5ew3i z#3t}A(HSK&aPXjBS3}4A*{t)*$Tg>-4daEpeSoQ_H)~~?(cT&M{@v8=6eC#YDIzY& zEy`q=lq)nIVbJm#@t_UF_Jn2q1qfgao-X>j6A{-RA%TwW%MD576UnN6^L3nM$$!rP zh9U5*N9N8XY!tA`Pi}KEn6COexR~tesD(N+LB?;Dfv=O{#z;5CeQ09~x2cDoWHSO}kRIBH?^dXF9v4Tvp9*>GMfRQxoxMYvMcw<^In@`Si}(Bf7WL~~1x&%O6a~pW9(nVF zm>h^sNF4rTy840Ia0S*+#n^Ysn!Ln=oWuQ1!~H5xO~0xj!m+I4Zmm3(dCbtmv10`& zZypXq!)~GhaIWheX`6FGDM!DP4%(Y@g&0U+z10soqG?x4Q;{zcrhfsz4_M{l@}TAT zR>{Ru?R=nRO+{x4A(-y?0cM)o4NdQ&Ap6R2cQrkQUgtaWYMJ5SPMANl)8-1+<@Pzh zpMLG%`w0bNY?dhAfI-Eu_DUk8W#SP71P@zJX-vWqoEVW6_qhtU%(JK>Kp2?C);ozPrsw#M7XKYI8&gBD5N3KtaO@{*)6wQ1RM}PU z9g0~R5QdnFUpdqvG))OB5SY)2YN8^*te$|4Hxqp`+P87G_xom@Y@@_y0@sPSjHc|M5=ptmqe02; zfo@?lgQCpP&1P3l#;*PQkKi37l#aYlTJ(i|4VBzIYBFQ&`4bet8G4 zBsu+N;@@8Oo7J`9S3NZJ)A+u4LokxC0gNZ8opD^iWN=`aK?{DgKDN;`*E7u=UZ1AG z*w8cJ>uAcv=Xu;KdsizA5>>aek5F%-{s=5W^`PoSNb_<#D=+bRp=&38Ho}?f$gNWM z-;UBye9t9z=D3)`K#wufgK%S^A!5?5v9a%GRhDxqf( z@K!@PJ!iivo?*riFaufID3NYGd?gL84zP9eE95M^Ntlz4vi61}8D^4>cpC-OeK2(M zHwJY6j@=48-i_V*>5)&~NkskY^=_15k0-CAZx`?~TKU&g%n_&;Ki~JU7AFIx6#^z$ zZaV?j`%U1^MHLJ0$8-=_%C>=pH&@b;?tJ^$ZLA+yI_d*e%h!csvR^m1h+&2SfTo+TEPrTk*+RmrpM>fZ-Ne}_pqxg_ znprCy73B9-9V2AT#=;xyp&qbtLFE*acRERifxU$55r|G;H(b~nockm9u?}{f&*6hZm(>&v^44Oh~MM~H5aNt1n#)(zG=>DQm zH``89h5R{4kU602`W^M~*6~CC)m3xjw%ZWv*`0y?;ib&5m8#!Qgg}xq>p8lZ4g57`v2EI%_Trt}3XK#gtS3 z>!pd|5dA#gmkgS8s|bqw*Y*GS*M}!tWR09cB3ncw6jM4YjV!5V;}lgodoTsQz?3bb z$^*BKfu+9`8n9t-C5x35NUEJSfVHm?$Cl1IfJskRz&0H&$RPN~rGwWOco4*w&h7~x zo}&F@l2Ehh&j%aikOiu;B~KRnbgHSJ-|ZrhEY=D(@n1>EkU>BWAd)Te0^j(`QHGI# z?ViGb0CP7>L~C1}C+%ZD-;~oDfn{q%fgcc`RJ^eWZYtKyI4QML8H7vvBrF0OKCmF{ zHJCr0rcrG-%V351Bjlg&>%pG-&k43v$sjRlwbR5YDK(okM=;|7cnB1q-P@$V6=fLM zFf}gY6g7o-(sKx0T%X;>oeF+X*HWEumUir5W|0r;D&kY zBrLsKS;{aR8=NGp^$*?u#7cvypDedaXF)yVw`a><`~!taq+eeX%MQpCQuPO{JRRb zxNib$*8*$r3`xRk1(V|b<-<6L_algMshe}99O+gXOv2-Siy$H<|HmW~OTT*ekC2^H zQNj$g3DIpg*~A?$ZMNA0Ht}Ei4K}ks0c^l`2{QxbsG+tHaDy%+5aS>}UB+$PUU1%k zoOBy&%93&K;8)f;+A>F-3Gg1WkH8> zggE^_3JO-HTCgJUHK=h-CbnjNN+#CVfc&51kXLLdN8*Osz$RlHNSSR8{xjx({3fcN zgqNX1&U&>5z6b9Qj~MtrTuf#E$*NfcD*$swfYpN;Wn$%D7%&dxgunxUoB|L1ML6c4 z*r!VHsPwF_JSD0qgl|AC4NAXU1y%#etx4@2Crg>i8F51u<#B(-*y}H~_*vp!ef~YI z1|LxGYp!}&bHAt9=q>H+2@ zF=~sAfPV{gWUw$HUabZFZy1qFz@I=LP&pxO zinD_oegV64Z-D;OZ)L~EooPs;hq)E)d-MjAqZ=~waYm;_D1$i@t-;yr0453$)X~iA zhI~OKik4fb8S86UBztUY&f0`3)Z3hpO*~8IYJkwT`E6DDC|6jg@W8&{ps2j~<3gsx{z?+8p*t zWexZDn&ukjt?n*B=aEXTz6o5CFsN2tsNS0BFQ5^5?&>e;>j}*Qv;C7~@!|Wdj3t8A z#AW0plcOPa2Rvv!#r)hYN3~!o@9OE_5My$LS2Jpy?8pkOjoq2vb#qyMTY_Gt6`a#V@U)Z;SC?xR=>tz!Y(WrHF zhEVg`*}fs3fKd^&H`2!(+G_T{J|7doz(}~po>dsEPlSRU+*`^?K{^kn8l6Xm* zau5hy>oG7iHG!IW3_}*#z~x1|bWz+ltU^)P$iQD6D`T=DalU;25_I=6LGzb-3gjdp zsXnWZ1>yCS#{i85Gjut*1apHVF(9yM<=Rh)#@LvdNsmbVj)Sow=eQX(4SReU!vmqB zo01+X))?gbiZS8J5urVz0L@8ys@*`SjqMdYLMF01_?Y?G3@B1BmSfOo;LFhB8WEX^?1j)Dl8~_j{3+BKAVtA!h0F75MC+ zvQk#TAEsQ^%A%TInKI(J00h`Kt)-L=3Z@XZhiqvf#2oz>;kHMT8O@Radr-AtP9B9K zW18YhcSXu{`6>WOfkZbhjWU(`?nhm;NMzIp1dn1`CDWPuV!}WrR2v;SG@R0T$%ZAe>DUEEb=;hHC~17uTt{5J2y3`vGr8pmH>m zanxc_e}ftmJl!g1aYZGheO7O?TDUTPqP=5Oy(VUY+rR z*<^pq8qB6L*y&-H*I%-|iif(WRIK9aa z9T6>f<8Pw9)qJ@DfipWz^w%>%MhuM(l1+SO-1ab%a=Wchd{wv!b;3?^`kI-A!7y0b zKmM4QVn;JVfv07psh}+&^JuU)uZ&8(4ldMavFi#0&;4t_TwsFE6SmN&EBB(J#rX`( zFKK)50O86@pA;(2Iog3l^ZM>Un)ua6K-?3{>l<6zs%AEbM)!sALcu(WW^Y$zZm7Xw zbDv;;8)$`^H5Z+cq%~4CTNF09>*D$ulYeH7Mg$u&ssJE_LW({D~B;Qd#}{@#+6mp674nX*h&>6hSM-FYiqsU zG0c*S{b2C=fDYP%fWB@yKPQZpm_;!Y<6pdep^Z4XaDdn!iGfm(ri@(~k~d2OEt0cK zu1`I9EqX*5-_jJn0gkFO`i1B*B(dSN%eHO$K&{dJ`bV?1(X!Rav_AM8KmJ_Mg}cS{ zeUVIDR1MB!R1JIZT`9ee+tOC#3T zG_iGY9I17(qvEm6ivi)#*rQlfYYUmt-OSB1l7+|Pd=Ek5(&O{_Y|$)JPb>MSDXRlU z1vEGCebTgeSelzw;$AVi5V5exQo9s`;r?#iNIfDXJzAC*>)uU|NDeP<*a{x_+>FxIaZ<=L-)z%8s z(poCDte+55IZ{b4;q79xBCk9WnP?^1RR-GR!W1ybp__}*$j^F*){kG5d#`Y#vShXY zzvkC6k$iI5T{Se@VoIj4N69DyzU)MvEO|-X`I3l5naEj%s7$h|!VEhWfH0-0ZVs~g zvcl^2(%bEucx^Uaxy!g9rkLpePK{1XizOLTEC3>`zA#1^26enZfp&!>lTV5)owfrm z8Gl&-lF(}#oIf*EgaCh#!I^;Xa~&c-Jwh9VA2a0H0Ga^hj3PDw3n-Xan!Jk&m#>Sa z$OS?;pfHl`0_DO*U~B=9XFu)#6XI$2>~Cdj1X;EUzRL+8jD!4crun{$q%tXd56!-s zVtP3ZQv*&^JIo1OV^zP$$Nw!%~>>_UUt6!8-%qxB`W-G<|CcEI%J zxIOhK|3n;1KoF+kI~c@FG=mE6U=WkD|1XFmqc3>ACjH+3KZ}-Ta^|(LSAv=0a#Y~E z4%#z8|MIhQw3c0c85=~L-0h;E#iMEUhdlYWfP?oN-)uKW_o&LrVui>W31|-el(GRs z1|r~;_VCZTq?!v(PugFakN6a;skml7ds}O|7tFUqr;J$tCsVsSP1lnWeV%KV^n>|< z$b{SiQ7IIHSbyvbh3E**_9VH6z3B$IguVA-ARe+l(bc!K(r-a%pqdOkVR}a?YzrMQ zmJ0`>Sxt{3>!aK2l6U>^_y0jzDk_G>MN($v{|jZEW$l>u<074ZP!4`rlD)7JRp5dW z^Zg$vciFj2jQ)dis@?yAGEwb6C|53mp)6JU56W?Rd?26C7(c*Rrb4NQ?}LF`1VeeQ z;vbZ6?-gBZ5Ya0BL3#cDPBvOyI_n>l2mXVyg)JD$MRH&$i>CgAax^6)7|N1*U?_)| zgQ4tm{}0M-b475!{tuM@FZSLlDvqw(0;QpG2{aCkySux)y9Rf62{i8R?oJ@Mg(SE` zfZ)L$LhvLIAm440@BDJ?j`MV1?n{pzUAt=Ut}*6XbI!GP72D5eD7%$CLz!Ui8OpEh zpiqXGNj+m3-|!EXcO;&n+*I-pC{u_(L)lU+KDGFpTk)cLak#nY-%xHU`cF_En|X$E z-Oc|B3*8D@0En%?DA*mg9 z(_vA}N9A=;k(0!A7A##nb*Pd=MQmCZ&Kf?A$BCWft`#e;iF~rRCKZJw7mY=faU^3b zR-DMZe3H6+@~nJ{x~714TYy2?vS;Al80dXj#!UwO0YsQavAfwp+P+{uDQ3QZUrv4j zVyc;AjA2h5H679G%nLN;qDa-dnY?+??ogLALi0n}4<$2gh!7ssC@d)T^ILUtQ$T@m|bSB1nyY)Hcg+c9rC!dkT;iseo`xP}jblk$A&+HeAI(g4*$Z5;gq%GFTstv$rCwdZAJ zeI|>uD1@8W2d&|F=VtPaYx>WtZ%49|wOvbMp_4i^cF{*g&(A#Sl(`W-6qt7PTv+e3 z)5sQL`r)hU`F9{~v^89?*1-9u(;GXzRM5%9@y{qq@cB84swd(X`8-F_2UchlZIJ#Q zMImZp+fgp>L-QS1Tr~Wj!)VzT6lfSV&>M@TkXXcphEZt~Xc*--=^oWcs9?g#Tu^jd z5YJvvsw>2OlaEqYq3OzvNi*!1=E1En+$*49_6Chb@0AZOm9mUq9%aTleg8}reZQhVj_8mGptLkpAnX{y5A3bYiPcFFxI|XPK?w3 zoz_1W-mV?0O_6KA-%~HtP%S79SAYw@3$P^7GB$WwXJFb_ZlsjVZC;Zw%9KKIeO|_i z*U$FCK-5-xko>=&vPr^Et*Y-Yc?`D1t!gCjJQy=e5D~N*o}&i6GT`|Uiqi4g(3RWG zdQq@Ej-h_3-aw#up~>poy15{Ki{g_;I8skuw@MUgpm(H10x^?p;^JU}j#L7A6uuA~ zarXi|%U~?7z?(O(=3VC>N3^&h@b3=F22iBLyJMR4@cXzhk#F4c$Klh(+r}&`8kuwM zjO3k|y4?|b2rhI0Uv+fSvnbx7xSL8DBpqH(nig-@kb+|{&unK4$G{Yx5vgds8_ znE0$VV+gMcYN@jwL;%8cyx6zO**=Ob)YV!LWv_GX@M|d&ebOSf@%(-` z5XB#!9V!DAi@@97up!P!z*zdEHipkE5E{nC@v_@#05Y)ZhS`rafS+it>1RX@s6)nb z1P_+kuyg=jz)-dU9h49)xCc~UBs_!9`v8i@aBt1*jBU<#q_cJwG9-s?!$9p(pw9`k z(3~mStH66v69stG9Cea!8k0yyU9G?%UFY6%iv0l+jRtGAX**)1yoQ;SybQNtTlq(c zx*+d+xFbRht@`J0v`P-U3Vps~M8W&l3!dN0b@w1xqf2r*dCQE`>C8{)-(i|@SfR2; zCjN%}!!XZ~3BeR8r_`B#1IJ<6+=C=)bf|0)!&~-`QZ#-mNR$llP#|ZUM|9oVJKp^I z4;=T3`ed{p+duvT$Mtnx-_1j{Ole-nAN4){#&J2{)c~Ul6vwj=e<+Z}#(Y(^Ab&HW zvoI(l;(w^W%g=8Z*W6(}bW*+1;ka?!XADdvIrhs88bPw&hi5nS^Y!_@9WTr=!J2dM z&{h|JeS)}-JK!7YW|_+t$^1hhzBy~S zzs-=Li3oC69$>%RYVk{}pG4<05#g|gz+F3uuP(=c0r@FwhavuBqXk+ElDkesIhbZ; z6>37s$AZqfK)+UTeIz3?UbV-VlFGIyPuOi!y)2}3#%t5#DpA5GGg)ock&(iq!&(1X zr8^+L)O}~`K5*Cv6L3IP73R;p0kY_|+z}jWN`h3DXYYdJf$^I9g88O~A+F44J>bv! zue`!{iMFUcJ7GTR`^Yew6N(jQFnOa{*5+jF;fqxd&keC;H70;;n%js$y}L&5r7HP{ z2hNo^;&Aiu$+=OC@XfJbKFQRCD1zgD8N2A~atOuE#T3WW$iqeIPX?7Hi@!b;RhJ;s z{Q^luxNb7E)z*k!4B%lpN+()tDiTsgwAZf{b0F8$p8# z1;aZlHV3b&+%&q9POy2tXhYWbR2#CTbwO6^Aoo`ay^>1H<{$&$LPqUtQZY+&K^#)F z!kI%z!=(1qa`Y8)cGU9pwFQEP@0jPlbiZ@ALVl?+;jj4HE?U>;DdSePmyKGU?zGd! zxI1F_QW11LQEkm-?ZArE_f=~YkVPEc#iHq%)T*qB zsxOp*Id!8*8C%J067IMD! z@|<;O#jaO(itg*~UWla)^}<1|=SP}esRe*8sL<_jCDu!G9p0R?kUcO(iG5U|7W)ik z)8=*2_3&qCL;v>hz=ydsXOq|IdF855wMab~r}kz!KhHl}kpw&6BmZUO@j%XmP5p&4 z)V1;s&G~|42{}_Ka&;fpc%sn2_Z0o=2>KWic`_^Nch{*MpYmNSE71Elx$*ZP&p`n1`PoiS_>Z3NM zshK7j9V6J~`qS>Lqc5_89k6_Kxo_wxCi5LXLu!4%U zPj(OR+_!F2ztGm!smXLl0O39e3}Ru*R>^t7N7fjyg29yBXnJl0zmyz|Rzbe@Cd!8x z9bA_>Vl{4Q%Q=Dh86A(^-4Rm7_K#IZoz}adMU0+evjtpBu5VJREAKLl`po#nf{1n7 z^8g=Z90MS(lgSGw$vs*Ng&FxlMPtI9^n>Ibl@e}pwib&IGfkY7#0NYiom@->5=YE5JU^&e zvOme@4H_L%G>~=v=wuvCn?4k=l>4hFC{%-1O9_%O-YATiD~zp>Ps7J#&sNSMiq8-j z8+}Laa}-p#VE*OUUe)iPd8m-}3!(aDYgu7rxKw$8z$$xZR}{VnLDN+OFb|O% ze-Sdm3Qdm^{127jfZkiTP&qXiOWJFyd65Z56;3rHrJgHBlLjaIoBMR@777d*e}=#J zbwD;VI_kQ{b77^?aFuCD1Nzu>Qa`W|y^D>u_sB0l+|`ZiS*M|Z9I-!bb%{L|9TuR1 zDNkFF_OBVuUQ91p)wqlT~9*6(3o3eKel+JkCD#tV>1UKm=9Du-5GpSGVv|e} zieh-eSpN(&Tcr#$DrnhePw~!HZv`1krTeS~DPV?*K3jnh-NPfbWC1fxGqr*erea?W zr4aLX!mOmsHr3ZuzJk_jXka~ly9mm!R=0j(X;FZ)U646eyWB{ur1$3MloUo}!en~G ztv{~}UGU;h0fsQKbId>JAU!z!kguqW;g}`6&4>VYg68af4@^<0d`|Rd zW!4;EnG7Dbr*;3(mZXKzc%snku-7_@)p}iCTSAPH{23u!@U0`YX;-SgSv2}^XOxhN`o{gvy*74RSz}iBHJF31(C7x z7_bC=>}7k6SY$3fYC_@(Zf-PnO+dJ(FZ< zAmxJmr|c&h!2SP5leb3~EuK14@QzIsL+DuDt4?@0Eb$5?8gv&oBAq;nfSw=p>#^ zzwLJ$*qF!fMNCs6(w4om5PAVSV{MjxcsiQawC$t*baE+=Ek-m$c$MCNEQR#p zq3!(^tEl>(qwVV-)cMn&E9yjX4>%`QwmK77L=Q6b2Fy`sjh*XD(EA3C%`UVeHMo?9 zws`l@8G|<=pRcLB6>V7}226W?C}gslx};+A6}|fGCd~ki>VbN(PAbN8j1F0-xp5+` zIb}$zqeh9zEEQbB`=VavSSsP@5Mp&IZw!xqQdtR*4uVAy>^zZ&oZf6 zrH)s}y4-o~9bZ(k7KWVT$p&}|YWjta&xX(vrGXuTq4pnNR{Ez^e&{!tdR=0^vps8O zuBtiC(zp}($l;Vj|Lg+S@ZxpB`3;z3;s!$)APj7ihTH78C84qFZP0f%WzyzWHykwj zWj5+|wB0`n(5=dcmfa@33=Ya)_`3|X4weHnMWAqFu_6EUyQY)4ITViYT-4bilQB8> z@c-aBd*`}N7OdtuGrWcAZ4iO$k2@7%M5Nqv~o|u;p&#s1zbC4`0%Wqd>s^;n0)lgo0b~W&vpIwdc4ydcK(h7AoCJGw< zxEchl&#s2kD%91$Jb~!(c8>G6JS(Bq=Hc~~fT8G)>i8nFvlOtrDR`{0c_NNL7(2=JMK(1iC_5Pi2x2zcP?50 z>;VvYe(HgIkCN~o)OO&IXsx3@xD^Th%(Z-D(VRDKWd)DLhFpdXy`4Kk=soypibF z5mY9*Sj4o4>*dl;E+IFut;cf zvd5wy{&J_`F}}hjI6$k+>&I=~`b6Iw_lSunHM=y|xBCH0`XK6|*opKk@F7_%hc5>k zLLz}f*+smLy1;18tAuNVFn0T}L+@bhru+V9pI_&M-ll*JI;dE8hjko1;B3M&O^&qp zN{fW%#<$VOu_lwqCVgh&Shw^sRBmJK0uTW zr~QSODic@k4`pl*C8Fp#v`#mZ z80jNp$GqjHaQu3==d*IkL$n9dNMEX1AZ~A(GbqGjv#rdhkMi{2YNmCq(qtwKc_Xu- zub#KU>YZZAkT+IP^)R_zF>0&DfD+qJe;!}Q8#8Dp(tM+sWFY*j-bj1JS||AmsvwJc?&an3l4ev zBU$r4nP={YJZB$$V|%|<(TMOG*&>Hpd)Ttwkdx5Nd8x=ReTs*L9XHi3d;D4L{Z4UL zJ4<70vyrl!N=6q^l3BSzjq6@ktNfdveK&e+;Reu*&KsT@Mcw2=(wt*vAuj6nyncer zbwJ`K;xP#z!y5#{TISb1_uMS%n7nZ>`$AV%q~Ng<67gVSLY%x_#*{csbSI!q(H2a3 z@rw$xit%dETNsY5L)AjuRG2X~ z^b7}UEpcN4355c%see9#2=S+a$C5!Zmw|}|5W~n*{Crb#Hi-E>5&sgZ$=CSE7+?wl zV0c?@=At*RoPs39`GXZwC3cSehk;Rha?z+5a-7_AAmk0!OLBMa*cEYiSX3QM=A;Bz ziD^QM_3aY(Gb~9I@X?jif^(ZKGWlpc^ck-A?y9^ZIbg9*6(P`V4V{-I*L(byZv6*# zobG_bigQeg*s)E_&_ncfW+c16UgeNz!;y@ih09)vb>xe{7Zy9bKakp`%hyt=u26;OZ`s zV8}m%>$OdiV|zES3c^lN6Sg}*B~?^HaQQN-ydK$8%oK)PpYZ5YqXA4`Hfa!_C}@QzM=43r9gtqN-6p)Pc+oL|XFlI)a;4sD?W-rr{^IOWwehd;s|H=pH zC%@ZQ^3QNlY#5n4X3XwW6rqFYql7~J1Up?W?0(xhMSYT?age)2!!5SbB|LEZL(WL_ z*f6Y_ndi28jaqinscq`tB2dv=Rou+p95vy>K z>`?yCVII_$mmLZu76aPJh_^sXt|&8iR5a4gK1TdY0T@e9)F@Ob5mwr5)bk}t>1H?{ ztv9lUG|Ln5lFQrvU5AK^_r@i|+2|B+L$d>3BgvYcB}2G{@qs$;oklU=pzxW3kBF8I zbLzRI@i_2V%}yqxurb78yd8YYVt17y==mkzuwQydv8Jv^h1syZGwn<#BAHXXHU{;r zXMg42*yo@9VJ$SHVJVfZK#dL9gZ_5Zo0#bqP4J8QOMPxwIdVo(yu>WRs5%$}?%nQ$ zI;8OhzB);(xtejmh`3Z4DmyKM@?;9fj2<_c@~UE1Vw!g6Od`oJgE@Kcy`0+8g;XY@ zo}%?@xRo9c8LDCYH^D$(vN57YN$a_>-pLlaV@PXAy_rFqYM8TgA@K8@AachqEa3}K zthmmM@z=KiKPi2g>9V;Bw8{aSIr*?ODS1s9P&`cE(ib!8u&EyI4(r;5Zbg(|eFL&gSHaaHtc z`{NZ}MSdzPoZofR7B``R|G+sES7U5t##q6+DYDCjVnQjp^uzqP|s7uqDVjht8Ik`80i76c?+yKl(N`UC!@^>SHr_Y3(<)79Ei?OEbMHu;;rXhDh{nlrD2b_b6WXj0-Q(@Luz zTFgauJt7MuV-+x93H#W~3bAWh0I6iacrQdXbg$zibxD32{V$^Kiw6~y#$6*31snVgaXSf8tcq6Og~%<;H2bApL|*ecfEM0z%} z9Y6|*TPj=7>1hY30zgdJl{Q`{HDU8Y`}O+NE@~Gx_pd2bwetpmxccJeI`KyEx}~$6 zv+DF%d2l^a#!2wkZYA0Rk|byZ@roar`H$}{=3v-LXPEB5`sZO$np&=^H981tNSE*p zRqo{NO4;~P^87zX-$K}`Zy;~!{`J#k@D&j z9G|#+Ak)*_b0L|Ojd3-LO&PoogQ%5XGG0qLMNGIS5#>jUQwsPpJXvwIZGDEkQt(Vd zhoeYURy431@`ku}&?-jOPrF`3m)9JO%2NfRlW?t#iAqUF?pjDVZWeaizsq8hO&f)O z_lJzRy#a0JM|`8SrfK@pgF&ujfXyGKK9YwdF2!K3BAl&oP#+tVuBi8E<6*yLalgx| z(a9o7v+)(-Sp%$w6~oSiG`ifquE&*bz=`e%wT>bLN2Gz9C)by7uv=l+QGupb2)U!( z8{{PSg?i%`OVsS$`IW@A^rC7XxiZldPmU}_rD|!4 zWB0WtMYz1w=zSE<3bhZrp?H@HJ*rFDKZ&x&Yo+RLx~bI<<3|zn>}I=*7ijH%p^qZa zsxhcBl$%Jf1UuuT-9B+Yq}!GIkz_=xEmtI#6d`r9sXI}(uG>8_)VLzoxGeXLIG2(C z;Y1u)XP>O9x5TG7&h&z1bkCm}d0TFAw4sJh$Tk*8^c{~L*#hbSFeE*mi7P|bX0gKF zIx|)#v%Uq~zLPZvl2Bo*cy$KAh?vnhNLOI67@Hr@I29gh89#1xALVN_vrJR!s<_*@zWJ~wUTZXs&v($uI#&ZzGdvw{`aD55}qq=~l8 ziZjWegf=5p=0*N;NJylLJhLSMj7WDvWHXZryAYg1pL@20E7Y#5TpoO#H~kZY{TOD0QkdxL?O;tp~Kh_(d` zD`=r_#Y?9#z{^f;BQXn!a>4X)e{n%pE+C~qjsGj?EKCV4Kb>?452yQ@#>^6#EDf9*k(@;sfqkYlYh zX{D*K05*Nr_!Rm82_)&M+soIJX?^wK!x zBK6-7-RYWhwP;6KmqkI!8JW9jncq<|Tb?t~@E7Y|#9&(hUWh@X#OvU z;{1uqZ<7WjQD?oOKgH7+$D=agrrqQM9%{txvtog1qibbNbT;^+lddJ26r{zaQ+p_I zXVh=*+-K*UGpt{ysnrSWrsQ!av0JREEw9!sqeaH68Uk>`K=?~xc~ZRszS(nr(KYn{ zN#DGPj9YClN3GR<@<}1i@(rg7Zu%|Cr|LHTg3QWVra^6;JVk`cvRjVg(gnqN>FZjZ z3c?<`g<0zFs&%9rcZn&bE?zn?-@FDn<5yFS*?wv>OMt!0y4Ud^dCFGT5t+Z0uGZ|- zpij%9Ihxq<){l2%6JsY0{kJo$u- zysZxNZ4T2zhSNF*No#JCcCjT@kY!uZ?=XmxM>Ta*6*wGLGB%RM3l39%kdMLjUyvU% z{y!jJs_;LMuS@Y?kpDje-|oN3;Y*;)jwKkkcA#|8zarla<)6sMRQcbK57YdgknaHY z{2TZ}OQh!gUyJhl#~Kob}CdV;K3i<#Fnl z3pnTeoul_e&>IO<`t=A3t|Q;KxYZmVe?stYOnOvD_+{G^MCM%pLPQjia677Y+!Hj~mU#*E0fK%z*!)NZo9g2Pb(2PZS`*!}g1r}V{wzf<)$ z<#c&k84bQ&6>g)}jYerPundcsEYYgtF?)yXcS1^abo?USoAarLpmt*p6eh?VvDl&p zCj^ntYY%;0f6zxav$OFFOiK@IC>2tscWe$pMqSU4XRfwJ_6lEZ9_z-Qd}Dt5pZMAf5n$C1HBO|(g zA1IxN{*{k!r77jT-H79thaftAl?sGOr=5v#X6>*GHSlIDR!f!5ERGFE9$k0Mt`1cw zox+F^CjQsxcS-221WGbSr&;8Btu&2r4QVXiw+oCN)cpfEUI_>riWvW?J|?124Ljk;U6OhjCtWyab|ME^^3~VHlYu zFWL^vBK0HUXW-DLLZ&V82Q1Eof(DfJJQsZ%4xu#1>7qEAnDP*m7VR=LOKOjrv!&@?U5@tmglvW$7M-q!E({b!zj^EKd4p2jtK&eIN! z5u&x3#&afnNv_7|di(#Gasxhwru7Yz&&w+qqdldAy8XB*JUH>=S%;$aM^iETb3t>G z1zcG}NV0MKX;cLBRQw?79BoxnNJCN9F;rrL4F~l8kZlsX!i>+~2sMf5GBGs;2?`_S zZ}-v$jy+Z`gU)Q9{uXa<88@ z#@~S?keXnwVmEFDZWULdr-~=#eFFd#WvA$mu)_p+5TaV@K|4Lg!5DkEk4{XGqBjeW8qId^fYQVs2)naFFb9Nw|)hdo)I0zU)8k3M$O25eLjFElF zzLL`$gn3ktUQOwvM4Vuqq4g%;`)MxhDV)9S8N(r?)qaSQhTGSIc^9^d`Y)N=Ud(M8 zrViPTClRieL;&z!s%l$_RaHdprGo&3)!i-#SnHqo2keMQm2Oywh&pZT_}9;1M}>oe zeF)l+Cv@!1$c9XZ<12oK3b*S6};~^RK(KLoo4M zamrjA+pU-nt4=BzD0=y=t1sjvoG}uc?P<%=p|6Uu<_rk z7F0aE*lxt^MFoEOId;ms>`fxR^pe&MSo)n4iziakH`k9f-GLSRfp*cT>Y-x1J!`zb z&6uGH{7nvWKi_B+`8cZSn-NQtlvlnVSAH8%o{*cFG3#n5V$FHMIYOS!*qC-o?+bEr zgi`XPC55JM$=m+f^1xb64@<0fT}0#D41*eE-R?1Mx_zeYFsy~Y#d<@OvMN3Qca>>v zxZI;{SNQ050HDnr&$8BEc>}Z`FgoO2vM5*uNh&ft%AwZJ8JM5DoR9c9B0Yc7o;d#6 z$lheHT>6}LfvbunRk=MujqV`sT@;6o^86S4VyGHlVyS9G)0(zmB+LjH9(@(1`2`1i zyn2b==D0|`G<8L&me+lcPco`*NTZbC&tScvoFj6EL23V zc`j91Lg{U9Ciimlcyto>QiQN@gsUnzMB7VwdYAEfr?SN?pgU+___0Bg1PJ14td{0y zir7<0L^S!?t`-1kxCro3XNLtK=HDwA=jmJ6rZ`EDSAm4km>Zr9R}*6^ajEgdp~b4v z(IllCTtwqgb6&RM{(i@{Dimg<=l32!BvKcS&bD@F z$+(~E6=Th+O1RZKy2=#_Gea>@vjXEAjf=`9#3n!{m8%0$$U%jedQ_x-j&)8;f z#7BN}HbmUjW zN$G5U>VwM1U!$1|>66j?8uoE2Gt}BcX0^2u^`w`-3D8`=8;{C!Q0&R1PP?JrFLqM- z>&JJpm-7XdsL?6%w7A_)6_Azi)jWFK#ty|7!ThiUNix{K{R$K7*U-RNLlsp|3ME3o z{99l!d|GeX)ZawtqtwU|ndMCq*X%7+%*bDQ!pdQWe6(LgmM=Mi5+R_U>RCR}N0kjp z0zr^YuVt@J>?7cpQo}{76ZqQ%p`x=@BK&Q3ED=WEO9|E(GxcFcYmLItcvX!NiDvn|Z?#k0)65_g7iMeU%R}O^6{_Ll(+xT`)!jkC znD#EnHe)zC;OzFVzzkwYS005veScb>&f$<9KiIV@Urngjq<3`&epK&sTmD3~*| zA^_6N6(MATUZ{ToN6jym0m?Sd9X^wff)&G6!bAk}LwOO|ul(ttKG>&eS#-oRK4Mjl z*C|_n{0oF{&(bFJ-li;CqJq!Kr93q7IZT?r8!y>>m9ps+vYFZM|F?T#*8A_u2Cprj z05%T(>^Vx3C~|`N;0XBYX;t8MX$Rc&tOXnfS;}d`@-W^7{ozC*pP>SVdWE-Cjd7N@ z$I+?Q8EuI7KMNQcu{ecn4r6HFt?@5lQ3TRV1`_F8?sAeG29B^)%A|dys9U5YATn)c zx?FuVO+euqNp#lbqCz)Z!yoI>CnzdoM1dwE14Gu90`$~X!QKPjl}DpO)h0Dp#5Yog z4I?5L%G00T&K~9BajYX4rI2g)>9nfn`kM`jAn5F9=Ooj_X8)xNz$4u5q^4<3Fo(I_ z=foRnZyBfq9-J324*n*i{B?j@t)1<$o9Qp zAOwohaz;dYm}l%rCrYFd^*1Qsz?|d7V6=h%+DBw3X4E$}$4!KKlr^&;tb8%ajd!M%iUG0^46q4|yXzi7eV0{ch*hFQI4oy2ej;1jWeF!~Ot7ratr|CZf ze#wyd9%YB`@|)S=M$gD{hyF#X`zxB?fwwT>sm0pKi>zlIq#Fn`y~y0q2G_)HxcbmI zFgBI8*J{(78CUF>xen=8wXcs4aJ-X%O7Us~dHr3SmE%C1u4d;- zT5Xdfp5_8dZ~Gh)lHZD)bG0^FMv?`^H}Ph#nDO|})vF`#_tG)TY26%p$x#+{Kqq7I zV3F~@SV9RjW%50cED+=D>XtO`DcXYki*`eGz5b~}0M--eWD?ZT5~C)2Sb4omskBiE6A!Q@@dQ*MV)XKw?@5e4TpVwiI#tz zE`Wc;bEX_WM`#JU3XEW}_p+B#_0DUBy#u~KtS6YD?L({yu&c=BQt0|-aFyu>R%u^i zl^583pR|STWgywDp(LgU?-onFd?>SKH|%5dTahic98;aATl8?}KVz2JoG!}O?;HAS z92@rFk#3+Q+AKN{A!-V_81ZAP_Qw+O%gWK&xKUGy$wOIsym9Ba6XW@D;2O9Thy-@4m{spc0 zv)Ruyf8&#jT+&biZj9BK=S#=$rJ$ac-V(hur_abC2XA^&8aZR&$s&5-}( zHAj3`vBZTv;4g56n$3N8w8)AW6biTs%&;MGr96(eKV_cYvY8+LX?rL z5|D?a|K|!E7^$$_tsbgx<)<7Zi?w?lyp~rKA%_GN4*x~q{@-d!|8%1NXFuw{v7>&M zlob*Wg88Ty0uz^N`B2H z{tdQAd&k#}FR~VRbmREvmm&Jd7AoeJm9M>%xI46YO@EN82@+GOFb{lyrxiD}FjC4u z_Xr@C3M00SBeqO4inMoWXg>K=__fW8uciDwyvKHoN|=6orZg8XAc-OYFCVxJGT#7| z&XLNIN8eG#k~t)(qYmL)YjLbNs#02o6wr=>pqu8)Kfx-DpLpmPHbd4tlI>H~tE*=U z75xxnVYERc?uWCnUJE^_Lso(o-^uaJFw!;UR&cwfb7rJ27*Srm@N3#u;}-Zdr|pm+ zC?h0mjVb*j`;$J^NA)^ON>v+kDsgk4 zfBGZ6PDiLqAtDCP2NZ~;kv6ofg<82XSBE;>T1%XQ#A54g9<#*cb7w%>A3x!(} z!bt+TuDJ3K;;|S~nLyHxnxyR$BqYMPj3T#gWZYnA&+E)bym;7MwUFNM#AOde>asha zRpMSaE4F~nxc-yQ^bgh0K~vuXLj1J0yphm_Kxc3xtmCQQVl2vFSZHJ^tOCKGJ4#F<<`eBmx%pm8>eb2$Kg1~v z`u4-XLG65*YgBXexgr_qZ!4-qApz$V{X5G^(nRD>m)nZ3b68NT&^4`b2jAW~)FA=F z@mcx5)3WPNBl*bF_Ol~NMQRl^ja1Ss_Dsv`C^E?De|;eKcOn@?pwq@0W}#>?q<3KD z(2;O2AJF;B$+HWY_Ei*SCES~}SSv^xN}VU=`~?;lJSkh(8toxHxz1um^ke!8pvzak z&T4lEwS(x;U4{K!4~>hDf)2C0$w0kM$HVJBonmRMn0n6Ga};AW)J5zv2djo2(H=@_ zJzYIZ|EMvP+NlM7#qe|_k z;gqV#MzDH31FY6`(~=aXK`o|1VTxgDihg8D_qEwHuMqPBPj4FefP^-cTKfVwK*PQ7 zwy*A?bimt8=TY_Zy;i3?cyi5*clgfD(aQN)lIo(e!B>icX^TX!N4O=80JGSp*wwRU1J`a?-kDqO?^vTq{ihXN!vr(Ax3t>Rrn!Fq=3M zzywJRi=m8Yq6`@dK{xBbe9}|@ZjSUYg6hXiDf2Zy83#sH1crF^{#fe5uS1lA9Q>hT ztiSB@64`7zo%E%Cp`3tM3x(`)S(a#Rt{ ztMhM?aV2|fZjdlMK75D6L9a`Wny-dCPB*_*zZwN zy}&+50}1=S(2ui43Zx51lCaD3B?=@e=6#Ydw`lTp3Z%E{^At$7=*>T&hZ;wPfIHLB z;}`bO!;on5-cF5H1HmcvBcIcpQs@AiFBO2ABUK`B@K^Z?K;0mQMAsruJM<)xH{M7C zjwH|zL?h^FZ{K1_=zAdz;Oq(l&BvIaXDZfnIkiY(M!kQ&x&uiVdtM)OjnMV5-+slA z@Efg%PKYf6UFftIbWwVLQOZU`jxi(j45P`FS8kvOmkb^9pg%B`Fgnt?f-f*5TA^36 zZIHs;+DipWiSDC-Z%CCsY#J{U|&Oo#^EkYJ`@5wnMf_ zVV+|~ylBUeAei-rF1&sYqmKWQ0uZz&7!9ni>bnqK5=zSOJfX?jr1v8?vBM)Bu&w1wA&_U4u zTTlpHHFWU~(8Is4vT_1lP0qDqG=yAvmKi$1;PbtOjxdCdi1*Q8IB)_rxe@964kw>-xLySw2e=AlKQ-o`)yqtLv92S`aY6! zxpDodU$)h){oR3bXpBb}xsKq^qh4P118{!Jur;ykjC3L>)J<9kG!VtN2yAeoUs>y1 z7fZFu^e9_Z8B8`i0?CA5g<0vs)^U^F1+d?^{E#c)rU*gc{Ps?-br6GQEI8RZZ&Pl3 zHZ-xM81MXynq3exp#jsR4}~9W!vV150xas-)+#cFH88c+?1k4w`O zPo?&alQr6+-M%feOoBLn)ENe!2X^VZH3kuGL`Rpt&7Um>C)-K|2icx~lc=~k-~Sph zspx3h^=gOCHU1*Tg;RATn8}5dN{k=Jc-PF-4Id|5I%;$Ooe?cy$ilpEOicIMd(`B_ zf}8Nc@awlB9`}Vi^SWLG5B0RJw`@lBAzlat>FnF!w4!fzDVC6zYBu2=?yU)Xjz{l2 z1+$J-ch&813Ww|m3%$<1hoj!&z;HdLCX%Mx1kfNeRrH2GL7^eH#5 zR*$M7&GA5H=a->m;|`n44lA@pV!Lm~XCp#uG)88u3PF~Bm+D7|E?vsF?S3@prI-+H zILvOSy7b#&K(`!3rNeWEiM<)%S>Jz@KR7n8?_Y4HgECn+(1fPI4=~E=k3C2F{EgxT z+|EtOMgeYW@1-17W=#{i%+F96T1<`je`%2zkX-2RwvPb6ly989u*Wf#IaH3?hwp%L z8bvasvg?ePVkhTbsI^$l?%KpH4Ah7Lk!M2ataGPf)lnG7$F2wGByLh_41c$!E8je~ zrDucFBusZ$-MJ}|j@N1YtM>mmi${4sV5WUT4g{=9#Gtf>oPg|-6)1IA(nq*+DN@4) z1Z;$#A_6{#t4vEuekZR-nXT*GDdlq$sF_?M@Z$k^gfDQBy1*fKghsAG#1C3BUq&uh z_w`+q-$yn@t<0Hk`w9MQXZk57peuZ}#cYjSU5H?Fc<`)%w}7`1$kro8oo+@D0nkRI zdz}n3ln1Po5*Sb=Wqm(_t{O7a&q4v>MdZmQ7z3}@xVZ@+`N*6zOf7{B?w7<2O74^A zR>1m!rQ0ET{|{|%6%}WoMCpbQ+=9CV3&AZoG!`H@!QCymJ3sF3?ydoXy9a389hv~a z-KB?fX4c%fcg^d4=+|DoTB>XB+F#Xxtp6}d$Y3uC9JN%IaRo5&Avh45MS~z~C&Pg6 z8SSl^nc{9?-u}gXBE(>C&rSEt-mp268UmaSg-}_E?4CaGLqi1}rF!Z{qY2{n)gC(cmil@*Y-M z`RG&Fhcc1AS;bz0b&4f|^E-z)wjNspxZbs1BVmT*U{&ti z5;){Oi3=2-kHlzoFS;8`F8pkKr#5H~)9&FN_aEvMHat@pq4D8=N zso$euXvl?ScSz|vIpHfoC95>HUDd5 z`~X2pz6C*MkrAVz@`Jt7+4I)YEUt2q#nSQsnA%-@ZwmVEiswDckAE4+HPTE5;M1@& znyIe9NwOh2xVQuONUa{fQ^1EVI=Oit1|a}lDB*wkj_seGbxevo6!ayo3lRU z1a1wBhcKV|x|x1aGDcYb+p(EQXYhePWheK!XV7=&PuDN12~2!KMznWoQd6nxwHC~8 z7k>!<(ynC*(SathT=Gwa2E6b`(k%u4V>zO8wU7T=#vS33mj#~b2*;+N$3-KpC_FUd zO8tm}XRb3f?1LMUV>=s929}H}n5_SG6i;J6{k)z_`rnSCie;@z_-TJXD|lijyV#oC z$z(QJw<%X{TTd=&U@5v}2K?iTr7FlQ}D7A5N*P zCP7M4@AsneHfPK9c4SpQ&4TVn)G9@vGdvgcrIdxZN$B$bwi6LHY5Yf*4GM!O@vf zuq;9#VvTyuZg91cvuN?W=pduwu~*|p|4B*lDD7x{_A6}Hu|Pei z8UhVTP^a{TqN>LBr*tv{4gsEi62pI>zdN72$$n=x97g|7WT+{hPv}=0ETzu*{~Cw` z|6!dpta*68M8&;bP@j4DuZx&95*O6b6a%kj1S_JF6M3G{3Jy}*pF@20z^WZl!Gr3 z`X*t{L|I({bYxu2n9RU8Y$%Pl%=e=^?@|^WwHi8mcCH#1TC9h^%&Sh*kYXW{27Xb_ z1rNSd5(?uG9DR7zGkpi^2Y3vG|A0dSG3bGTv)^GAC$l+uo>$_fU{yj9i-^G~aI^5e zExqT=WSe`x9jY7}?WRd7|BDP+aPb)WeE2s_4WJT_V!B@PoP4#le{Y6nixltv^$iy? znBS5J?k^Yl#o(x5*aT0K3;&G-FB5)*8h2}kVzi3V3|T;rl??4oZyHXMC~tqFMJ38| z?}bc~EPj}EFt=}z>C5VMK^o4qywmjWPZz-q>rWGLgB!vVz6t6{DOX*TEF860O(;(9 z01(Y^sWZSAYb6(S?3`Dh@dHq&slN-ye!7j4jQQjW_9GJeuh_(73iQtZxCnj5xs!OqoTM3DJ%lE1R>-p0C~~h zuq*5TMhXG{MTIEa@-B1;u31r2P>@H0?{0OQPnZ2z`wN|RB0=G)IpJyfoUxCJ*{^^*QWh)k5CjGxUvztKW zDx>-T50&}9MJDinRhdGm-0Q-U>`xT^6R~Gzu^6DzOuJUmDME005UX>@#zp==)NGER zLJr00GPZ1jlnKL$(x8&Wr_W)d8RJxG6gTkbiY8@zd>YwgHS*{h<`|lG14CghHin{$ z@e{u?cx&eOu+sX1@{sYsKn%J^0NiijOH2(d_{AN@&%iWGq1_DToxbPw`n?p1-Jdu& z(LB_|kWeHf(U7hy?e`f|w!~Q8ORV=h4$hQ(upb5r_h1NcV#nsh;D!n*pA83B*ZX&R ztq_*U4g{`i3VQCc1{hRA#?oU-ezcRHriqEdi#P+k(O>@s^$_y!048{9dhjY?DsY9| z(x<`j`~Q#_aU8ee^pUT|y(CTQ3-TB4WXc+MW02K;8xxUJ;>)O`2(!j**l@ll^!)@pm(U5hJL}_AMeLTMjH6AZddBg25U~^?yjz zm>RA3CjkGwHM*J87Oy1xy08)o!Bi(kaoy#uz?S&bHUanj_D%~G$v^&kDbJq9J<30& zKfG!_dZ2e~`?~VL;KMGBT{C3I!1hS$22x}f!%OM4NF#F(flw>fv}FtW(LsNXnCDj4 z-FOlz26bBQ_ScnJV}woyl0b!@dFL5UJ z@J9kYR_F|Xg?XEwwVJ}9(9@RxBo((QCPMa(sjX`lfQGT5e>bt*OSlTse>zQ`ziBrw zP|lXB9@0i{eQ8J&7ugEkIr30Raww#H8!C>Cv>UX*|$5!=J#e0DHzNVu6 z2*3`D6-!_c=Eger`QS(lv-V8~#Gi}-M22d|_RjC&biJ`{Fu}ziMHRD3PNsrd%RYJO zt$7{VrRsa3?jcP07gxlc;u+Ito&32!L1Iz*QK^RmzxvtuVgP)a{W6KFn&&EHEP<5U zw5#->wCmz26og-ro4uF)qIM*Bl;?IB4m_zFwk;a@Xbkab7UoB^V)yf&zg^aP8(nQ2 zO@ZjRVFr$|O+p!0Fl>UB*7fsd?i2yBK}vhJwu9N-YN5zPG>?T0ww|U{(Q0a}gr^VSn2~u4H~Ro0qzg zV#GLV>7Y&TYb!4rbGt`E5q^ z*KbrhAc~Ubo?ipzZHt~VQ*l=>(0f|;QBuR6pRSA)4~!mz<;VMXee7$~usy<;?j;Ac zVNHIm;w(61X9q^pe_bvlULc*4scfpeUBqlc?9rr;YA|+N$S{V&tJ6LV1u`E*Kj2bR zmDdMLCOrhA>`1%eOTBA0_VOP)7bzi8vBh8|KQ+Cfm=hh{|4MAQds+vF0Hn6Qp}aPd zO_#0{yektst|Xzxt$c3rp>#5#;{w9gBBd@gN$G*VXsWVwR%wy6$dEhWZ9qu755zHsI?BXs1|+FE zKK?a~_iQmq==UZQ$1sZoJM|&BZUj$g^nAQP?0JE!LwUD@f35p2hvhoyozdO}DEn>gHYrT{Z*94*EjsA8w_wb{ymP>- zFV3>G?@bCmMSRYO@t|T>2p3 zY}%~2BSxt%VZFOh5pja;l@C@z>;De-3u&}%yD90EhEG^rxK7?bGZ}LcXX^wO?04m! zbs_z!04rE7qM2LG(woXKrf&&9f@Ng_sedP=&kQ9P6Zxo*6a)B8T8|TQg+%!wjp-W26|r@Z&H) z*YM*yu0X9$sUfDJ;L7tu#NOPhYsGhzvhN*e>MRnZP`}gu{S#qBrYKA5CNAaI+uGN; zey%#RTjqMYh}H~X{>^diw-B&3cAS?Gq(k9tfEz$i{)E!X{PCP@hUn_+$A^zmZcFq}nr8d0&x+?Kr)@OF{A zm8F4$j7&Dz-*6LVk_B;slq43-lN^C+S+(h4{nw!Z2SkWCCW+5@insiCk9YM8J-8S1 z7}Srk^XEh|c6IgTwB~NB|3o-=b$R+$-qWb65A~T!_bH!l2-rJ+P>~VT)}C4yE&h;U z-?{ru#9xgb@bOxFwW3AiHPh=EM4unvgt7{w6v>ITux%l7T3h` z?w?EJ6|>vcu8;RD1IzHj=9Pop3ls5d%-aZcH?&iyNn6@oDXknii}(VOTdBZA+JG2B z_8UW`4&m;k&ic>PiTR)H6<=-r6_TlxM1zwLOZSQ)fSp?X%Uf&|{7Uy?$|W_Y^{Ubp z1<8f-J?(?MM1#dHYJu#R)wlQBVeTqqe^4_%$7^KjwOh}Z=yu@SmM)*$%gr32r_*-)$yYf6nw!HVv+|UYZb6#6 zMj@bu%F-P$pit@S1Q?=Npe{6=v-@g2NK3z_~ z(TrT=dS4?<(56TQ`t5jCg?iH9V6(pPQvIXuVD+HrSda#L8G6N%6u>2kg4NEFs}PYz%{ZYu_Bd27GULB@8qE2DN^XH?DidbLQ$ zH=Sy}KZP`aL65$_cd|8T+wh~KWC-KS^Y*;cWTa@exX4eHQ1St8 zh;IQF&9!*Cn=)In6Pt>|$MN8p0bucsdTf*)co|q61z#IKMKIq65_rH#%LK+*f98~R#) z{hf5Zg4O5wED~g+ek@&Jy?d{x{kO9DLD|T{B(0u`#Wjg&PkXqkKIgt%Dk)kU{e}x| z**cgNH1z~oc~4zzwm2D(zx>{fewtEAj}!f6GSUuz2lrM$Z&8d9U4bqTJbgDHTdVsd zzMRdABC|Qx*Zc(WNh(7Hp2TH;$IOyXOb&N3i?`s*l{QQ*UOBZhy!3+CXeL7s<>B_r zL8l`F9GQc&4dU5jOJ|xhV(mzev)k$@aDO+O|9vB--!u!GJwzt>Lh0SFwOqMOmx68c zYGSs(vwKsz>&g{bC-mgHk;+msM#GA|7fO|E63HW7Q2tVa9P02F2z3obW;vgi*b?O< zmi5WjdXX<)sZ!PNXex~~>_&yyE#cdVU1-Uxo@(Q?z%gnp*Yr%kS7Ol>^j-aa7)Ik% zK3$#-!l15By#2_VuOL!qO-{|(&Ch-9*<-7QQ1mX1SL0U81`A(89ErP22L7@ozE3oj zuPH8CrN$TkXz!9h)PJ+DVR;do2*bf4;JM?265p*+P;E+tb2uYgc!1&0ufau%{s?AA zha;|;M&HQ+=-stn=+2by20l-NXnU)bCK?kC`>&NUHHhBCIHTE&fgYWu=C7fcSZ321 z1Lmk7$rGipPMAyhXRdK|=x^mSYEVcw!C0m*mAs*{%L;d3NSblLO5Z!9Y{vZbh2oZXfSd-4r~h43@{!bWZLJ&5B6EQ9Cg}cS$~CwIK|akpANEkjd6ws<%1qN14&% z*aUul#epNprPRYM!|ouut6X<}Hd-!PO|e~W-R9?p94XC(c*xIthjpQ80 z?44L3!uT_*xsF+XrbK@2+s5~Ai^Wv@9H_)6%nf`e5nRjNWtxp?Cu8;OY0bC2G}xnX z#5I`Hr4q{lxnF9U-5!Lm)J25*-uRwTT{f^R3F`tt$}A86?jJh_8Lzb*2sBJyW> zSFpFa2^?Z^yRkmaegPjSnw8E>C9}mf7?4dcypQ_p+Tdp4rIxI@?Pdy*&ipJ&b^lpfL8adDY0a!7-q6)b!!bbJn<*2of3Q`2#14gjsNIJP zs50N}`6Z-v7I|QiqLm=orTPA-XGDO5U5;v!+bW%xtyyDt5NnCpqh{afXW19RyJ!to zV1z}&a>VU7p=WdKn{{qjyK9WnYx)$5YhJ7$*&d%y>LsrYvrB7OeVbUleJQX6>5eqp zR{Uqt?AO>;yUt0Dh~bi=+%6^xbT8%tRXdZGYtW~&-1^eRkep%pihK{sJ8HASO}D0x zlHJMmYuCoN0l6g{U%iW~Q!2=eKuQM;*Ru~uQPoq7z1_iMK1`XfwQPi~jJymTaY@*i||F(R!1QksgY z1W$I-d&90jA*2n=ZfC9xdkxrSao2EPg3FotF{+xXZ$n(wS!!%4f=*v{*8bpByM(c{d1^jvMb&%a+@lo`tgp`(25!T6Shs+w@L z%M}d%x2t4?jUMMIoPNLVYcAsput8Uo2mY)bzf22|uQ|duc=3vgwWwY-w1jH26T0Qh58%V+2WHxxTqOHt+CS_knEKSV*(uz5 zTbU9wb*m!+PPeYMb)DFr7RThOB&}$xLammc7~pJPPIlTwo9~)vY0#?xG9mG&!e3O` zp&Oeo_5|zXBnOuxrah}K;=#AX<(+e=Nm6Fpmod$z;f236rs}ht#~cRR!`z4lKJgFfx92MFP`MeKn%O7AUJ{v{V}8Z0)6@Mc2_Ggw4^dNnQAO#OKJ z=lEn+TQe|1fMz5K1eJfR1=S!&t(%|qRbB5q8~?U(YQ>{jGW6AA)4&sG`7QYAI;b;i zL9+m_xpY7UdBih!ss289i=y4CJAp(%~bT$&|ir3%X^Ges_lhFGmPZo6Fcxs@Jq{S~lY^IuDX53ip!$^PyFkBrm?^ zPss)f)>r|6o=*q9C?oZeoI^3`mHpDWc;7LjTsI4~$zfUYwukECX6o*@yNOAu=Tu3v zq#kE|rV#w4PGkUN0VbIRHt2QCDL)jkXKAc+RdKFkS?Vl1FVOcTK8rMsuW3O$Chux8E) z;n-;ILS(}{W8iC`z%*gA4cOsge`ep!Y|`$dQbxWb-(QLPu7k0@Y@P7{iq)<1dvZ1v zDqfUpzB*zBW=~zHsSEF|az|YOvC7`M0#KmRjqIIX@nfOc9r^|+!?`mH<~=)KX6*AlsXRL-mmyCc;bDqp zNDtnvv)<*n$-{o2CoDDj&cIbU4zOT+U_lmaWfQ>NsMa+-U7&uIm(CGfr*@A{+jaH5 zx!A|3W$|rqc?Nas>ia&|j>UHCc69pQ?6i+<3U#*Y9WcRS%NC$nFUs3T| zsyfgNyFyaOghUgFg8S#825_=Yo@27BlIz_NbGR|SxTRA1+m&WfvfkD3czzfQoy1KecgzzfBfKFn%2B;t!)~u1<})d zBJyph@(KH`z0mb-joC^c_B1t`FVINtvG!Vp8sUT=lS@7;c&dHF?#h1N?^N6I+0*c0Uo#^MA^tP$ zlR-IGK96(j@`PlkPo~E4>T75Alg9DdQ)toL;?Y$neT}P4 zC&a&h7NA+MvO&d>S{Jt&xEAY|7)>z2(~7uhsqNz+1_dS|jaPu7+eKQ^U;1(ioE?-* zuB8>80#pT5@gNsmJo9l?^dHg5x=_B@=PEhfG0-Hq3DooXtzDil`Ra3c-&JMP6PrGi zU%Ep-uYM&)Xav=}C`;GgsDD&aKb2_D`_X*wFD)qCDFV=gcYqaha^UtkFWu;9rsnxm z;w*9Lp&DUT2~d}#e;>~Dx%2V4yu8Pug!l&&wcup_H`}eQHJ8=>; zZrmu+LpX)9@2B)jiY$2QkqI7MsoDq9B@c3AP8W(JC0(ymc!9>Y_u7q|H521T1^65) zbokm*fX-KHTPgzw6C1DxwxM8p&MHlz z?frPYD*w7T-Sh`qZ>=AmM}Y1+@@!4a0{5cI*>OH=Vs>*$Zr)#~g@&z*xXPr~SQwkP zR_>9Bgi3P3KTyLuSFOJ;%v~76cuw6M{ zx&YGi%rnVwZxb=Q%FkkIf3;49e#fEfg5C0a1|HYPZtkI}lU>lR)Z0>+pYNYNQjN-B zy#e)@YfXftX)i zq%774mg9`SSm#fr5Jy1nxHON^3l6*oX0vl7c9E%iPofvDA-s;NP5R`t+xyhF7Szu= z5$G(52Gu*KuIJT3H7uf8fn|_#pKc-@J%F}_wd|}eU&WkNb5l+ZWenTeYZ6F52v_;K zHT80~Jm&Izc9sjQX1~2izZc-a!-*?+;(Zw{S@gW2FKy4jMO6cIen$Eddh`ld5svwj z->;}!0^vb9x0`=d1ho2|uRH0KlveHv4j$GUBxCO?>b+DJ?;c)P9Cp^`w-1pLfuIY% zwlM1rfe$3`*iEytt+NcB#smiv)SQ1*(T=P&RW3-|0dMtG`O>S?nr0nGlQc|pm6prl!rrY9u&sCtTsKCTc0&K0g3 zQ0C-v=I9i8xk~B$6ObzebR9r_me-+Hme6N&Us$G=A!cYOc+!HW2v|JIPCvT-v%u$* z86l}jx+1yD|1(8o2_MkyYWPlr<=>~!bU zzTF=K9$%U#`Ce-aKV5;Egc8q^QE(@&SZ_m|#0)ISDx3R~vtz+`bfp9)-%+B6pK6=s zUKQr16f_xx&-S6_0E=G78V|G^dTTihb>VC{do@XYj>Z8!YZBOc&@Jf*)OTOgUdI1p z(*0vVBgjBeg0uTqFboxj7wjdkE*eHu!y@zOTxB2V23@UNw+Db`?!iu*GtKa zaQJ0)S(qk&W;BPZ-MpRpUWPMi$f|u!Ke#nurgaKwpCvaFxarpr#{a%Zma?HK;$fv} zjgaHIca+`l#6*yVmd8NYVeXjmg)r-^$`uD~BFvD581?ZOKAImH;f!aPhaRC;W@lz- z^K#Aquy;4KqGCq%)L0?9W}dyBzlqXLcRlCd%@0lb)pYY}Mj+Xts?QJy{_2v$@Y-VR z!m)+GE}ymrNZDEcv5wD{qKhq2uIE)YNjhj{Gg(}F#(a@6-J+_ zVij%|liAkJ?%?Xtrk<{jH)FN`d7Owywg&2NW7k8E`-1qbjdb@g6z zD>2AHy1vgRXQ`mq+tZVq(lLET!qmk@uP+`e%}}=%C{tr9X1!f&@Pbvs)hLBjzUAWf z<)8dPoIJQ02ud`rn)5VKWqDZJ(dn*0;x#9S^?>b&~Z89b=0cisKy_f}5&Se($$Z-EtA()m`Wp z(HI_fVT@hC7kc9PeC9T(@4ff{99kT`=GMCL`jI6H2v=g%h9cHJg|7XO%NC&REavm} z&Pf#Pb8$P|)2nOaw_P9)r{kUa&THm+au1~TZ>wU-CFhiBK8}8AYH}WPeGKai`U}dK zb)jl=<)1DV74v~Hs8s$vNxs*5*}i;`tc~O*+oeB*V58$Ox36Bu)u?!^8Da~OD0iN`Ml1=-=mM@X zF^uX)jH&nbN`PxNGz-@cBOAIYv|a{%I&oWn(3dI9g)(m&$@7V#93fIEoCu1Tp(>FM zYsj@A6=2~?F4|CopA*DI-c@(&+%l7vRd?u4HsuO69*(Z^)-l~AuWtPJN%JtWpp#vj zJW%~E_l;d(Zsun=R0pM^yby@F9uZeKt%EsVOw{vjet_WeGf1<9R~3~wA6!ML7PlHJ zwNBLPUgkEu-}>|by?pR|fu7}n&LD5K^fzFCIa(y@E| zYtp7}IJw$k@JSV?oQh~wYYF`ikb-O<`WM;|{kXZ={oGag_UFw{2TV0z>J5I~YPua% zhC4Oj^c0am<>lIjeA|i>9nx~!qf_wfVs4qiVQfF0(yw#& zoUmMFjUh06bmBj^Cvrh2>Fgu%@~iUeekU1I&m22QH;+%B zfZMGl1SsuO2*%m;-uX6rz<7P5lV-OPG_uXTX~Hpue>-B$^~^fYj`-uk>NOwm*1c}( zcpk~mDKq@5NnVRQscdtavmbkKb!S z2dwpny~Ve+O>*q>Uvy&(CcU%q6+oxC*`1`}fCne`9sAtg)g|*~Xe-xlsBwG+>&^JP zVDgv(lME#u6xDw;R~ngCUHEij8J<(I!Q>gWG!W+Ygh&C-)9|!WZ5p$3tm!}K+lw=6 z;VK83&lp$ALV2&t3Q7rb(*MdoQ^tE1VC8>i$JuMcj~S$#-B2%Y)c+TLiS1CicMyQw z4qR31e)TbuJowgNKv$n&2wAkEf&B_TIm2te^I@lO!QjF>m*!p{3*0@ov&mnBvpbhP6>ZqM1Vl zHccsH5#zx-vu@Ia0_$r^__`%A?B^=T0J(y1VzFH|h|4%PSS&ehTnH!epI%W8XDaw| zU|n*gnsisu@&Mtbp`km>uIr&)Run`6Js;;b2QZ5g#5&GK7MV9(Hi_X{xQ)Qro+R_!eunO8>(BZf1%{~EFciSb_hHbh{E^@ zqrs*oS&!zlm2i1)t1!LB?0Mugo(3_ac0Zr{d%+acx@qnx9Cet!kqzjFh(Tgs6yYH| z1=b_W%d1g|1(0U_NT!x58;I+u03JI|_XZ<i)*;4Z>z$i%dbjT!l2*uYNz^}V-I zY>iGB?xUY)m@1@lO8FKM?Dxl9Gac5Ddqq*4V;$cvNl?ZxZk8SpmsiDSnZZI(Rgu}+%u7E;PV--Aq~Qm)RXxXT1AJGVbRZy$q$aXT!C#>BHX z1&^ST&?nz+0J!Ub{)S#x#*>#_H}`_uRo_aZSORI9|EH0t-zxEcviK4HdW}?U*e=N$kzJFfam8q!-2zX1T5Ar7b>rdOm53O0_D@GBhlYg&LGAdU% z6RFBunjNX-=cJaO#Jk8`bM$}?sX@DG+0s|V7qxR~Ux&vt9Sq{fac;g;_2Y;8se3820&b<0>%40GuvfevgCTFJ-u#Md^*uBU08nTaVh^j z`__c#xIC06&QP!UH%raL&5(GM+}g`qXlB`TE>wBQ;Z*l^tgxY>c3`)qJ8iOk z|HbYJ8d=+L>=lbV&ZIscVBu|M*I%glF|0@7B>i}ookJhiuAoEvf`0l{%JXsDn!@)c zq8VyPFhZ{I9uQzV>fo7oWat|m)C16~wA#_=3(IN-7D$Z(5hWcLK?0g%Zd{UV7RmtJh*9FRcr($RY zyK=o6&Pj>&C=P~SRxw*njIm-BY8qiY8cm$N9REv~b`tDVr|i6Iktgr|+VbJq*xl#Men*nz>`J?a%PK-@8L=lwD%rh63>is>X z`!;x4WtL9qA(>rQAU7M0+X@)T`^l!x9g>ys*r>6N&+??eQ7GI?b->sJ(@Qh92x-pj zetyt|K19CGZp;!Fsu3>dP@9!sHK%0GGg=>@lmwc;>~9jW85T(zr5`Dz zRPl`wb$D2`DlDq7r%U{76lWJuj=B$-->kiIa=?KTab_t}Di{yr7z2``cBm6JiU74G ztRKbonyV(6WB=AMAd5drQ>WX3XRYU9$CR99O?nwFs_8_CO5n{n#uEGkZGdDxLhHqyq@oXIW4 zJcON}O1;Jm`(#9HQVR!n(GQ84gWd4y=0I(5Za)NbnUW@i!- zPCn;TYV_5Y|C7VVUW#l$5`fa5QIp((3A`eea1{ia7!1-`qm%bzy;;U>;|A9>j_h8q zX96sEz-9S>nk4wGuxxNn^ygGxIu<6Tx79_O4w^m4EGMOIfH&yg?j&870A_Qh?Y0Z| z8jKr8uvLs=mTp=yc`aXd+iF#F!4}GfKZSmj`P?#s(NjF~Kj9~D?*(hJ7It0lK8I%> z<8df`H~XS{+1tGOkXJ-zGDs=T_{Q+_B^HK9D-r?|ReaDJxmN1GT98tiZ9VL$6u%cco?0%CQaOFy=UFvTN!N~Xv_SdZRPSz1WC2@mzC26wN%L{D{PqaoB zFq9$5g8}y~Km{6h>&Ug+dG6XjdP|BALbMIz8A6KDIhIna-M{1fhmk5#%h@;v{9Ri$ zM?-eEm}Wb5`M96gluTnwX}tZF9KcOqWjZ{2b(wQqG;SKGD6y?_BYrgon2*gSUIm+m z;2K-fk|U1|9`16f`^l_18FNlD0h7<>+`%y^t!&jrlcZKnnG{U1j>RnLpw#>HvfLeoX**T_Uf#;GxC2q)O7~IeA^mE9Oxri&Z*IU)jIqueOULf`Tp1xjz9V0Qb z+v+TuTIL^cvH8gSaX>Z8XiKM2N;PiTmuy(gO&xAeJf#pLC~*M>K}Hh|VT71PA^ z2ldFayNEMT)7|4&sxc$c?#(m>(A@XG<016AxKk2hTJe)3!k#iP*+}_=pIWv`v%F3+ zA2z{}aO$5&EqwMo%}Ria3TJr@OI;mG^#}evy!2eo)dv zWoi&+tp4({eg3W)}v7UM2n;~8zNHi^gyy1D|6}1UR@+jLGv=qBG6y4~A$G^r-*c%rK>Dx4>D9htRgJsmTb=L>a~+>8({Bhh(gJ z$lR{4LDE;y_*ejym1B!0_$F@pG_yrw-Y6p`6N46?*5UtjPwMFL;3PxDiP9nyqL(ua z;OTy~G8P25`&_KD)NbhO>34eiJnT!x4ycRX48H_3ls>NwkGZAR*07B4Xy*ttU}r56 zpA;r2@SWgGOm>kAYQ2nDj9GPSHEFG+ap_MCP93s9fmi|wb5R^F4dNUY&rS;%5i`W6 z#0MY~j{ow@DcT;urL6NPn=_W*1Xx!5KE}@p6a_Pju0x;yDQNHCW4=6DbqXi{6pp7Ff%qNzOBdX({^Z31YFvc@$*Qm+WCPXD{xBiYs z)=3@uviJ<@9%H*dwqDf>H8SYlxjH5&B#p&^jRjEx6%nlKLF*;5L*gv66nm+9fAvd% z@2nko@N{TmVR?L*GTBMI4N`%uB!gD`Vti(wc45A0e3GXp5FX`7|74;4DC;3-8P!hS ziNa%z@$sApoSX=)&}AEP#qiX}bU^)@BYgUYkyM1CCPCy+$RY`8%?M)zdsc`}m=STw zX-jHvDk?=vvSpX^nY)AspTV(~?z@Cy;2Q*4@g@QJyJs7tVNCRi?{J7FHSym~Qpt}n z#xkzNaPj!?z}{)@Z0yQ(_h?{YYq81T$3dJFgfLF_iy*9L_uHn$uvCJ_m;uH<8JH!c zZy%1bvqr9*Vmo++cxFIG3A#$?lrWze(=&0IupJb)=lt3*-IX*{3k2W$13Omo{nNyU!4LYZZU=M((H5eG z`RNQ?@=J_E+M!?5XXg74LjildZ1z7EVBMNI%+Roy%ff#H!vDR0ra4^( z%YV$texaZC@(wFUmnhbn7|IaQ0wP(+9Qv9z#8Ly^XuZdm5CSmsi&O-B{QL~--Hv&H z_#pAEH0!r9(eHVjDE8{pcL?9}_&~}4Ckl*m`+h>K<54nRS^8ESyCYR}u1{)~KfB~e z_eqGckaTW{3fMnh1hppivu|6BZ@ub!!Iys5D1;Xs0_487DLc6)b#6iuzyc2BHiqsL zcI^-qLMV*YLZV=l;k1v#j!4OpF2firWW3?2lQX2ML$f(Pa;$@jWjdq!`v>J&JLtC- z@CMaxnGlJ~_S3mix9PPl4!EDg%5fF9qQaeu*}3}!`@v(?TgYN_Tv`~MYhDTPFBYO;NC8S#eCi#DC5ZCAPddG=<2}B}7$$)PXG-^g<85>Z&V291-ns;{= zH=HpuTUqTH!2lsn1Zw^b{pby+fGFFC0V1$ONY@A3jkDZWp=reo8GU@sjg*CuO6bu>*=XUt#;GojgM-w6gNZGFS6`}uNhZ)O| z7*Nn4QPyvOZ$_`8$fMg!9HZ;3$Pv+v!p(<@?0z7`fIsh>A;&~f@>N+MQ$OyB@ZPn=chHuLvow7OVw?r6!0Hh1$iO-1tDpr-P+dw`h zs!5ERZ>bFQJY>1kQwOjUPj8EkGyL&pDWdwDnYSIJ_a*rppx9krWiAq0@+@eDL#IuN z17ZWt&oX*mUB^n@Fb*EPS9zuxR|vWClsQa{S`a#>5it`3J+||Ep04^a*!xg0(B}s* zK*t}?wRRjw1Q*GD2|}#*5)%X6s15VQTgro&6qsVkeJQk^j}sCbUj2D^$eyS1FJF5T zj^aFocwrELsHpqS*AsVbrmfBlwBWTF>l4V6RB*J_&_G#RnsA}rpA-dSqTWxb`9s7+ z#ep~%C!{@bI$0Baaaq#6 zTbf=3Z&V4(yc&;AU%kII*?#V|7cGIoKZ?{D$++7B{mDA|JL=j$q}uz^z@vTwfdPGw zKx%?~N0h5{Bt_kF{jS{Y++OylaRb+^AW2PxrbdcDM_DXTbLCpfYjOQ$t<7Pse)p2XiKsGlV($Tiu?r1m;kF@LF)AAm9iwG7u!~>EL$ze#- zVT{B?P6_{s*v+Kl1E!q4PRlZODcrMDcLNjIUeJ05A`1@(Jr#_r*vAjnAMdU7V{9hZ zeNJD~nzty1zokn1r&%C<`VVmV14xFK;EBL4{Y2$2CX^yHfmKpG6iwLLL zON4BomYFIVdP*i5_TX}vAL@=ZzE{*r7RYCOvKG+2Lzk;w*ZrMpkxZ-!ac!vI-cs*6 zjCA^Afp=?3pNNWcEVDlE&+l79NW%5WtGSVn||2bIIXk-@TJ_gPAojHFxe^tCbs( zw#IhK5HhsVOoyTIwML+NN#f1H2;^xZbFDPqz#~&HZngdpOW@YyHlLxUiJNN>LF61Z zSbTZ$aW!^zh~ucv8WDe*Pzbd1Af>$3a*Qy0F9#=o1_FQN@W2-qFmMLW)u`YUVQ@(a zA1o#=NH=*kLRj$3*$fwb8EARurAcsSSk|8}41mC)3A~kUKci(XQ2^kVa$Al}Xa_~~ zH<*!=eBz9(`EZ_3>oITzm=T6Tg2i_=ojdXinFfZCGTM5ECqS``z`H8;*E-La-hW#V z%xhOUOZ-^;8W|Xu~Dd9iMwF8jTsxmbprUlkgw#b z-M%7UNgqF_3?O0v3p92cHWEgf;nL7qmVeo8-PRQE4lh|FW4UV zzQkrqC5?wZ{S3q`gZnWfYWRID^o(B{NvX&9l?)gY|B-OouWF&fYm`e6(tW{8SMK?=9M+Qy!0=u2xGHZ%x4`;iGnjvodXTKtNMKwrt# z#bPhLY5khhwNMT9>okiVA@j)IoHn!lM_ici#7io$|!n|$&V z0m$x>V@M|NN$~m(x#Db;VjNx&xUzDNnST(a!GV^}e5%-l<~)U0m`3ystfS<Zhb+W83ppD|r4<}vRzYc^w!ndI0Fpm%3#*Zh#gS81#t9-&*bcr%#YBZX zJL&7D*_LC z24=P}9Q#vO=NJ`3oP}u+hm>51vuh#_{OU|;sQ=F-$9d|uJ%1WR>WI^}98izpCs`v1 zT4RZa5~0i;>#D#9yw<RGBD{0;5n2+P}$`5@UkDY5e=hY8O zaDk-e#VnJH*U{|s^=Fm-3_Y=am3rf^={zZ_Y)tFQ?B(!%!TYurek~RE=b1B^akC(G3#v;YD^>6wZy0SY^fd0^y=p z)*%^#z@$_0EaQX?Dd#MKsg&mRZZ~gVn?uomT}jrpiJf>oRjDGik#Vt+`6kzwU8Mt* zgZAw75Gq&_*@?(bZWBYunV(Q$rdG0h0cTjOQ6f~CWT76AIc7nQ2y&3(JdM-F5esX6 z#_hAaS2MfVuW4#o8pf_HJZF0aKg2Y0&S^-eG!?oO&o^S7VV@q^f;7Q4OKIrnpL@@L z_jiA6Z(CV{hQ%i+z6wJc27Ky5Ap~P=Ff=@@v4})^jKXMs+1-k}p>Y|;{OK=ODJ4vUZOFoKC zCdgGkP^g>%odkdy6jl?|dB2;>Odvjg8^m5Zf%=*h1_`d5PMxF@9O-(qbYj(FN3xb< zE)N=tLJ5msbQ4>VTsJk0r0N|18N@Y5ir4@5tGpQZaqDmHc$i!^F52R}Y_f3H3W(9HT=+CHFx34|;B87BkP+=My9e(yZfuedmr6 zZ%SQR$ELWscvFfMpS9cV|2V&j4$cQz_+~;qA1l$lIX^#zEPSzV!3GbnlS|H-!sG5J z2u-_feU~0=x#X-&-$8Q1e#w&TE$o)E_)V&rRdh1K^dta92OLT-4;6?xYo`1@Dmi;F zCme!oVy0=xX?{B3NZF31E0W)TlpUmfY(CO}SIi;%D|mx*4( zU-~I+??~>1Za|ZOI)-g^rFt;~Be)A-;0>=y%69MwBh(2?unhUZ>510Jxl_-{h_Gpp zim77>)^XgC2pkEp;;EcsRlF@^;~?50gPHWYaY}_E_u`oEsI(Q1R~fi}HKT{{-#g~h z!uZD_8=&1K8qkD{X3;Ey;Hwhq*>LZ zmvt#B%z0q3#LG~o2JwZhi`<5R6Zm;Mzs%P6!sJ#~#8RxJ5{x8R3-O8>MMX&io?zhu zFw!#Ne8^%rC>oFa0x}GL`DZkAPL2+VY?U&&cOr-=@$oD!Xykl5TS27tGaT&rY;cAB zx6wZge@hEQM$tXVeFxB`y2`7B;1#4c?-i*z--@4ska4sf%ya2Ym2_7>#+uZu=T}v^ zX~p%G8;1Sz&V9Z&saBKg7!Oq0Dcx3Z0Ra8Dbw|7 zM9XaeV&u3@#pzC&T%wH&MTf82d)@9!r@QNP_s(};^t#V`-53A2ePxyI&sjo`=nad- z23R@hK3E*8(vofn4syft6WUr3BuDh-L(Iu79ZVRzCiF(T>udN6)g9SmHhKQK;p+Sc zL5k(@@d2sD*C2p@h3_wULd&rJ`0?b(W^0PC>o_gI1NEC8RkIeaen${4R(|gQ?`asB zGPu0#D~RCGhtL1(0BTt`Psun)LvJ-kZ@q;Wu`yqP4I3}Ae#3^S>Ee%pPgYm3eBwY^ zM+fjA)wV^xj-t&2o-HV&<|LL&)NllIZz~Ybic6ZrOXe|u`AU8>$Xm`28F$9Y7Vn9JXt*pmwo7Dde#g>SvZiwbB{( zDA8KwXv@%lf5nlQ`+5PKC+oPv4$tAn2DLO)3l));tI_}$6!|A(+tWHaK0P}=JUBl- zB2F%s$4HKm`RY&-Z4`QAUZg$D(8_0k2CMhfQr&K0`^a0^(6* z??>t?@A8_tIC@{GeEQka-G=Ft)A(zUa72I|7;s-fRhH9`g)3|W(ZHTu(B&aONjv>A z>0c8zT?kyE+AhyTB`uXP`Pp_?QJL^z%(7D8^(=KOn+L7(0To$_T~Z?8Y$`!)#|k00 z?4w_Q07zOqJJmr@#bZ1HgeBk|jpbM~Vyj41*wR{QvQFFiD6=dz@(@967}IJAQf~|! zsW)DMXEnyOlCjZcdre4GQ>rLPYnJ>;6r_d4ZbX|GU*}TgyG9SRwwpJ^oIhUL?m;9i zrb{o5FXflWV{y*<98md|s}^>OHIgH`yqMd6QAG&z1Qtlx$P!A#KHeanq*`l{76|4V z*HLXAx>uyV+{=<@ry&QHV^4vN(X@^tuSWM42xcv7>BV$dT1k0IZeO%{*fglpL-kMd zU17N`@HiD=X(FDST4uONR=0J@)qA)L0x!MvNP9v(AELgpZJTUGjNAlCI`cwua=P7r zBuC}hyeLHd+E?U+`B;WDPtr7YWK-)1!Rkb}T0MRF-&3$stE|}^)dqs){H8-S+g3@j zeJxFy9k!f)DWsMyHr<-jf;y+jWbyT?I5nT9#12@+Z!sQ_ntJ0EK!^Jhrdd6jtlvUx z@ar=QGYypis?`a(cxSejkm}FM(gmY`h(j$*eIH5?jVU*A1`XmYrgDp8Zq&X7F3Ez! zU1Fe+X=y;<8YJMu3AMVNWrCyjhQ%VY}KOB~Sgh{C92NC7`G+_hkj=Uh8CG>ofP(ERyUq~8z7ev8y z2L5qQhcoby$u1f9i&&8QEN4hG4Y2-)XsPc|oOp1jA)gJ0l!{5L7YxuBUU)=9Z{9~V zYBl0k!c`@w+%1VvyG7n(ul6k^aKH(&NgKt9X%aBMLXbD?matJuBY;eQNMWEdyS!dD zH%;}7V178aJdoY02O_&H@B~uUEjw?RFwPBzib6?)8igAy&=u*O z2Mn%+uPKn&1K!#~1M_go_%T!D!S^%$F2%~A%@yL^$)b9PN5OUV8}H3wXr=`&NK zmUPI$LhPFmUS4T9%Wd}sc1=6~%F}5v_)6uJi*{eXz`=G}UM(NiK2=6NxgtB`(zn-% zH>9U_^|%k}vA%KcQX>)uBRZT9LrMTyP-I(~lWW^Sjn-hxo@bwbKPzZB`gS3^JeB#l zMV5;t?%D;Y=xYh3HfH_px$bo*EQF!p2O4&BI7|>87{!9i48imb!Z&& zTM)Cf{=m3VSMZwz#!ddSl<}b_j_2-xie1@yjy+Vh&oS9U_8_{4#5Bt+*&reVmQKjW z7&f3Ib{olhrx|>IxR<5Ry~ogW?yRX+pLx-kctM-qz|RUqq^s<wVZTNJil0t*_99S&FO)TEGSkAvSG43qa*A6BLTyU7gCR3 z^G-60Og-P3=qYq!<~vG6+Nl*jh|1HHvkliZO}L5Isz@(A}u<%T5@IaHP@1>qg-p#lUUXuR7d#JmrlM{vYvK8oy zl*}2}v3%!$s@i<~X1LufV~ws-R^nJ&@Z%XBKI&*yb=^<>J0Z-2x08iD_)UIU^+byQuE=X`m1eKLT9c;?r`H;GEg+*to#iL5A z<-rB$EI^(GIX(apmhZkQBFua+`lxPJsD20xtj0utS`qtIM_HDL{axGc#TorQGuc(% zO%SPTYGE{NgqdxAkPx_52TgK)94K;J3&gB;Ol!iGCHco(aF@4|c4E@RMT4YUFqb zcC3cnTCig^^sBIA&ug(`H3T1w9jm6fZtU0soYsULYv!~%cC4AlTCiiyY@QT5)-29C zuw%_!9veH>EWv8nu?6U_j2&y{u@3B*!KEC3N;FKdcF{{=QRbm1P{yEvl2>G zpuIXKtmcUD03g@`B7aNtS5cJj6#Zq2xdQsD={&SNqRJ=LG>xIWhUDv!j|P&eqY$K8f$pQ>2WO1Q;8S8q2croyq)RSY7-A-zxck%{8+PKmx`M@Q3TOsTbt6hPo$&-htP{9kOW~Z+DSx)#f07#eXMZ z=q9G5k#F_oybT9B{X!dh2u)V$O4ND;$~yC7F^^b zLLzN4uL6f$W^x`44Y|A!j|PTp62-u>8F30#$gZ$x45ibb;hU;pHI%%ETO7Cg2k-fI zC5L5QKbZlm>~5M=snlUffm<(sdNLKb1@t%dk~xvxw}x=Xt90R1aFW2Jde6|_?#u3k zydpn$eXHjUuV#aTDfP*wBDzVo0++gA=VD1#sqjn*sw7*)mue1PZy;LmOY0kgH>V@5PJVpK$_?50Cl>iwH)eA@fljL$1@`4*R>h zG`oqUg%PuH;>D9W;i(sY`Cj64vL$+K6HU!5y9v_jD?3jQf9vm}kfP5|iwK!Wtzv^< zy{FolAzLYE6&vLw$BV9V50xa;fk*2b0s=u4@F2YP=6n$edGIGS??-tq#sw#iL68#o zRlfMSSveVzY-M1%PN;LOp5+d94LAwL5lhtljuu%G8qwQd&}UkItH}0IkL|v&>#;ZN zmV^u}G@vC!rgw3W2xVi=9-pvT=nEYWtZPI=RCL)Tr7O!O5FJ!7b zBf?@-xub(QNhblftH%mC;aptaG(Y0kYCj$}?piU6;MxOVbuPTvf07< zr}9k@Z%KJqtf%;Y&?3flVmE`<_ZvX#c1jk&dROI;+Og_II!ofzi-hYS>XOwO;OTap zc!~b%sPuY94*;WQT~`I7_X|M?N%=we^Xh}>itzIq!gnc+I2^TCTzel+NJea_m1xM& ze5~iQ7+xAN_i9)M-wLwo&$l>x&69YXku*8k$v+uvym6p^%iU!kdIK)+vv)KR2kMFI zw0Ap#T(>5=wY-hKPOcK9{HE)6U1@dZk>krUSiKBHVH$YBS)H+5NA5)J3%Q=uiJWg- zlV3JtqC&krX`)2+WIaKiL=*FMrAajK`988FltdBSOWI`bW-C>8Cl#?r-kL~jeH2p?& zyaI(tJ-?~tm5sOjZ#6bb-8;c0G(?TYs0{%}vS1pAn0to7xbitmv8=S)EmLlQB??r; z!#FR&y-yQ53hvsNmXkd-0D3ET3AsAH^M>iw4!OdA=6KLQQ3HVGD6do4pct57@wUUIbAxtyTRzWWpb!pB}vs7IENLoOzpP) zW961=H=6xO^j&3@T4nksXl1J;YX&M?d3w= zE3{seb!3Frb9n4*(0cBxWr8-)UO5Z2p8h&AKqZGVkOY6gs8RkzSX6kAlJ_ZTuaxtD zS&&=hP#UCHPx-8N);%EOvsvJ8neb_f@tr1nDiK#m^yKzH!SeZ?RfHZrt+Tj_3Icpz zshM`6zU4vZaZ@twOum<+&QqjfYE}!RVVX2H^@4Y0@}ib3wIp#fPePDm~N z@<}H4I8P@Dn~f(WCeXT`#bW1O83%4S?kZXe6?}49woMC^G=Lb|R+BnUywNBaRz#YG z-4U^raAQ9wh#iEAI; z_cJfDAtCWcK|R3+;`9)P?3Q?-8`Xv_1_^;<3$sWDY2Ku1Y$lH8F>#8@M6}Wf9~I!q zAI!H{6wbwyE(Qq1uU7`DHVY7cZ8u4l%V~Z7e7{08{#3FRVjZRnq;}StN!cAX?OLir z74DFs7wHP5`h8Nb(M{lyKpc-35W$%2#;IO_T1D=A)sXnQ#>9ERqJu0WulVkMltiaq zfF-$Q7oyVcT+&B48z)zXVL+qw6$V`NWbsE%>91ga^Azd)cGgX) z{JgNUH4!<)_TxS1g|>dtbBrzB2c#?afuP=p{8v0)3A7 zGRgDYj32f(Ha5sdNa#`lXBFN&%;MpHi0AP7?DVkJIvJ5Uo1uF|<$)D@W|8zAXbhH1 zMAZ>L)!U;jVtxe~G4P&$y5w9~GI(!TcG;9zmih(IMo^~A$dwlkH2fx?_bTx$jzXw7 z5~0!~fMP-YJ7s<_nwyhl1nE8BC!QE0&acT=Zy{o;OcPU3is-Ep+HJLtF{!cFYF%Aj z&An;ZLQcIFQOv}jgvc{ckBAw8Zw#%CO$b?hyg1H&V?VK&Xym|u_S7Sr7heG7({J~l zKi|LqyxG_v{k=VO;74BA*a6dO9kFBeNDyb!AQnf}RH!v$&JLi4)Wq-%Jk%q4s}yq% z6(f%5-TEs<`1J1EWa(5K_>0L!4jh){kU6E43Y?ZrFj_93MBj(j8*@$<_UzIOL zu}ijaZq>5$yZlXmD0VszOQ~v*HlGPKPU4}F4gccBkAgm+o-A2V76Oyp;pfGR7cap* zbAEohAc0a=*NYb~erm|-%8^+z9Y!pvg|c4+lQkq^2`!+OaXCjS&t&yXtOiaGNX3%< zR?WjQ1k;{-LAv}BD*Iph4}E%PG=4zVR$*EUTC1dNRZ(4kPyR_A^>rklh)GrGG(q?g z@wmK97$wNd8LfQKT7oqs0a^IkR)WE@DvpxlC_3q;m3%a*5}OBQ7+H9j zt1^$xYYwu17)7a6R{~Kgt$Y9eitM?2Ke^os9^W`#S{CS=#7fIztT|3vX7J5pq-BvF zB|Zvl*!WkLOuh1n!1ls~Y&;I4u{(k;YEKCn)H0cRX;x@P*lY+-{|9H$mC5fd7sYJ_##zH+bqr?>@wEUrYv?~Idb383bwD?3$Uio2vxfC*pv^kMDL8HS1gP=Jna`aXW zgjP|$6U%CavZ+W{k*QlpnpN|`!|+K!Unip<_;l!5N3i0gYZeyLPg<+5Fycyas={^g zY!C)RmktxxyXBohkVf7#=;X=P6sBB%Mut*gZP$IVFN3+33VqFFSF++4SSxD@{UaaC zyR@dzKdKWICPw0qumt4}URsDnrVB1KpAD~R(g}k>;w5ujZ|!U&E5w0K2BlT>quX_N z_Z=^c1DW=PG*tZ6==^=)0;E8zAOma{?xBiR!>zJ(V&i)!E>$tAJhJ1ZE??nCTrP6_= zUs8Pw1caTa?UnzQk-b_;)^kyR4THzOqrZmvs@L<^kzT{i{59m)b1A=IV7re$zn2$O z+#_ATFG#Nx=0jn#3+xra)nj~rXN3db0|I=#}i1#}5D4xhxg{(rW6V zmvviMmtsJr44cw0a>x0?k)<&#lnZU-B0#z2Tqc>fnDbuJ3VZo!Z{P-hj!$;^HgfxZ z;u%G?vD&TIdDnN5>Tke6A=?nooK0#G_wn1$3Z%o4csA{c8 zCwi-|(7!bC+}5w+#1n>p#=e;^m5dVe9TJDs;}l>TWES%@q28379UmOMI~E$gBUUfS zjmqC`olhu+jU)-!o*`e=Cli{`-XjHY#IUjhrmXxBSa&MpnR;2fyw{|(@fwy4u&ORC zu~;NXZ)Ziyt2xZy91xy*DILv1PSYjAF@kmDv6dU63r@2EK76r%*ZTp_n#jS+S;W8| zs2W=U3|K#k6F)~;-cj^aF6|ueHTkmz&50K$>~6l!#V$$OR-@*&>Uv**$3s{Cn}bsz zz1(6~T$_S$zNVkmdkUg)2fwqDoOp?U5T$`pf2K(Lj|qkRh2qp0KAaIthO+X_EFvr- zoW>s9LMz^+s!6PWcI_(GYB<=!^iyG9i&w*BP;H4UY-ordYS+V3(^oztJ#-EqJ1mj$ zcvxgY^p9!6q54DmJJ=(&sqERc^t#)SifNGU7BL5T@)`qBaQN8XyMt&>ZoDw?GrLOk zQX9W2b;c?OwaR(^f=& zqjUV?c0!|%5%ir7izvu{q8d!)Y5Y2DBIY@9E!9D<1C&r?8h}dL^5QdGaOwqEz7zN=K*}~%+&&*%RA1^1BHd}Th zX0tW81liJlptj}Oy{nmlG71nra#pc<<(Vx%j69d~;#gK3gNZxHZNKL6e4jXQgDlh; zl|V#)SvBj{i&ABYdl8{`0Z#>Uq`O7OF7fo8=E^f9qxZv*&ERIWo4}{ZHdfXWdRGuj zCzMkn438;IX~G}j46I70f~>9*U0&B-w%N^l-OZuOiZP(zax>Lqg` zyKjlPWswX*HE`57aMo@9d%G{Y6Y`4u-1V*D!*lShKun7IWK$8{BwK+?UGToAfslrc z(8@L>Xp(S|;IBCu`pUws1naDEVCUd}29q?-NWl4wCN3NR8cL2~Q#>oUL_F(Yl+}mS zRktNYay)j)l_`rGu&V{dxeg+minT~1T4rS&PT)%{gd86p^$(U2kVZr1qgdv>kiQ-FclGvf)}ezLVB^G#Cv(D6FY>*_=VVLt z*e05qFy3=g;+yWoOx z;F0@=pg<4>JqT~TIbTLn9{fpvv+aMc`y3LW#CACdQUbq9#gUt(lM%^QOjc!FKjR(j znwdb2x+b9!z5N9-NVN)aANAqx3%fpi!){5)qOrm=3DN0Y93(PRSo=&#gI%&vD_9;f4!2|-lhxQ}QQa1I{VCaS6T!+S?LaemW2Xpj)Kv~tUP5y>N zoS$S}{F+3ZdWx9iY|`76FscDvp4u%PV3b(V`?1>v`TmeUEJ1NemwTPPw15-7AjKLo zfvN>6qy$y6UcCV0gJpO?eo~pls)qVA9JN zRu!prBuv!KNhRmwhb9bvEk9q!t0!Jdy!JueA z@R$u6xETnIik0!C30F(aY<=u$iBgHxk?IG?^PmEUmVoy1tXI#!IT;Zju9Ek65PIWj zGeRcdc#-rL7E*AIAhefd;sAb3&8pS%St&zjX)Uwf5|K+ioA0WBa%8P+-=rK%twd`s z%u>tio0n**mF`iBwG=q6mg81IY(2?t4aA@HCh`VZ9+LXjKyocPa1A`H(B9(ltpx6E zAo}2}xO%$lPLErV+nVy^7UQ;h!rWqf)=~&_F;-8SIk%Wd>qwznjMHQ1(k&*%YDskq z@>n^$ZZSUVNV6+{aI%!n${KK*8jd$~4pbU~KuOWDFnWwUy#kNbu1&ADuw|Z{h1(i# zQeVche#qtO4;j|Cyl>qm&Ucy-SQK@c)WGKFU*%F;AWLus;*Wn%`_eM4Qag0jv+Va( zQM6vT@8LB2xOGPBnSF2P*{7&JT4K4t_3{mGpmF1TiTbL4H_z8{w(9@IPSXX#3m&SQ zGk5J|s}EA<`L!H#s~}f(wyZx4%gCP1DqH9{yy%Iwf_Bxx^|4c!8`wQXG240(n(EqC zzXQt;cTIO0*E6ZCuKUoFLS+fwf*enoL0x41M5)vzw%<=q_0oqEsgU&Tunn(%7GG6Y z^EPPfBK-w_{6&$btsx!aaY*dLVqEUh#5?uUNo|N&v5B!^Gueq1_NhXZikxiKOiuo{ z+G+=ot}sTVMWHxUKVg8-1k*UgoCr)gt;WR^C0e8!h7zKBKP^%f^Lt*}uuc;?3hrd# ztL#C*9;IM&Uw~acBj9eA#5lJ;HX!i-V5Zm#q(U;q{S* zwg@2-Ie%M#dq|Y_dnOS~;tg6qNINpgKLtj+zz{Z_k4ae0_{i?d^F2NpFfZ}RED8S& zAp}80;?NtyBKY#fl^COp-u*qKAjt_vQC^tuPO{_cbrv0`MbMQ>j#eC3l~KoowC-S+v-H zD(tlNqL}JwKPiZ*UX+JmnCdC61;SL%;=y2}TC(fL8ZE|bO;DqSn5~X9T8Pb)qJI{W z=&>O=3kk6rB4;rcD+6*CVzUlBPM%TO*Pi>m=wq+kpNe3d0++|Y;uKkkPiSq_p6`wN zQziwavpC_i;e>dc@X#Ax?+`lmf>3OK`O?dx6WmH7tb_)twt6ILrp#+~EYK3R<^zyG z4;a$7!~t2P`A%U#1xX)JAbdf$P=zC7@v`A7@_BS@P~BO>Ceg}(geBfMOjd5tDA#n} z0|iH7FGx6+&Z(^jFRSTP@>{FRw~1Mh(y47&uW3Y+U|1R+jwgsX1*}jIEjXxuO3h`N zzp%3KeGQk##URvkdkP3btprU7gqr2C^9Z&@nPgbsqGU za3VH@1RR2@oB%34GrC6#v`V~;$Wv(^&kH(Ahp7k_Y06g)DQYx~VOS^mDX|p=&QAob zD02P2kQL?vsoi$cBp8nicC@j7IONYViMpbN1#IX)Zm&s&z7^bt#L8T0?q(apA7tqT>(J^SV0Q2L}lXC>{$ zyYCErz*eRcDmu9V>(HpfQ(?k&unH?noT(Shys(oDykV!6#g{Wu`BIdBf>LM5q9Kh_ z_#=x~bv$^+PRxYT@oA@Z@ryUSrjd__mwrr#23;ug=Z+a0V~Hz+kwc?#5YYm&0TM%= z8@W%ye!aZe9njR zPcC4c*c)DZW6I&d0Y}Au_CKb~_rh12M#~cYTkHv_^PdyZ^p+*pK{W385r>B$f9td^ zbX_V{>(l*sYVYj>LO7BkHB%5WJ!0 zDu~9H^2bZ{<7GNY*lawx97zeV@nu#uvUOodPC)XtPDATre0F+&=t#jJPUl<8OLMih9+9Kby^p1P7msrSnBa>-brSW31I9@SQ7jxcCiqan6Tpb z&cz|Ni)6iWWn2D+CnrFZU9zWS|#m!)=4#+(QhwA-Vq0Xu#T^(@Xm&qrR)o50Cagv!qgu`A1-cE_CseQgLnW<-YWVf*ZBix+ghhFp6g^>t!$fmKE z27@3B(m8qOrActNn*QRc7lv~6@L3GSmwlm)IN9l>a%isgCbb8u8|5>xABbcjP&X>Q4WWdV^O&%qex)jWY^Dy5Z9}p~x9d zWL9?M1ZRsT58>+ss(0&O{`$AvKlKU~Zg=V&iqD`2R_D>}cDpa1KZpNzyWQe{clY*p z|7G|2i0wcdda_ZSLRh5+<%jQUL5?68mUKa z_F7&X>yJOWUH9jfpMimU1a2aGlQ|S6QjHUjOoH(woEyG!RY~2%Ps2&PMW6&aTq?#x z@1}Tfm>2n2YpE{`^@xV*P9}6EjJzOZH#Cth6+yc-VN;5Vqu1%k`_5UX6%2*YN}tSP zu`#-Tx50HVrGDVKEE#vir&xRv`ZS%)ri0GQ&dWguq`!R2#?0k6?L{FWs?@3kB(Lf>-8HJ!so+H#0E?G8LnTT`*&B7jCTg)mi*a4!s|+zY)K<^O9e zz7zVcMPMW75iWnqI(S~fA~*Erqkx9KrHk)>MgH7Z7rC|YOZ8f}q&r+lpr%Dnm(Ok^ zF+;|0jTgkh-fq7j&Q6Af!3|Bi-Iv(zQr&0Jx>3vSxx2UTcK_1kPxG%z{~Lzj$~@}z z|BL;-Znvoaf85{wOaDK`zm1J7!k#4;=r|Zwt)B)dZ*6RlgpRb9tv_Q9*)*P|)X@Qd zxK3+hqXodkUW*u&@T6{P5t4dix#!3mtoGgAA6o<k(1GTmYyb*3#Bh4I-?_+ zz=c#PBP^nXC1eV)6A6;Uun@v=Co}?TK{S>a$=sl7-2rNgqHy}xCr>zfI6%yiKubpf zEya*=$1DLq15Q{J&W&4TwLGn2;~u$x_}tncj@0jM$xQIYLAF~s44K(2BhrF2T#Y3j z1&hRlsU|(L4_ywyvlsk{fdTW%$C&xX_A0%sy+vlrauChj*SupeK@UO3#Q`n><*k_c z@ATK|(SJxF&Hjvf{#*{&^BtH)H7@aO5c%|u`UDIMPR2AP5rwNX5;kQi21EvbRN5c9 z2bMFCnA$FJR2CeU4GD{&t^ss#sY}{F?fl#(Q|d*W{FF}MMfo|MAYWZxT1tjwZ})U~_@=?AGG!F35@JWH;QkHb^P* zuBqb6P@&b*mC7yrp+~;lS2WLm-DBO7|9xxp!uM(F#X=o4aMW#EgoHL4=ai?C4&v3d z2x82-nUhkULfENAh}K1UZFJ4N(3^Tuhfio24kvVY4Q)U>-E`d-ZWkGyX=s5G7WL>m zFDAf8%oEWnHJdB|PZVOdtLvfcdpX&Tj9_+J`FN?ECz;6z`JRXq@JK#?AZ>(!WNa3C zwut=LBWW_DNUdCIJx2*4^R9eC5_v=M%2yeT4mgn8As!M6ILRVN7%egvvOAiEAv9D0 zPeB}2B(h;~N`k1vW{^OkgYJS*F^~?h1U;45{V^T{$;5zYe~$nF3|580aeL&=0l^Ed z#JU>LRA`^vt)Zloos8app>~q)B^S{Gx}JTUuseBEE1t$snYp-g4%u`{BOiAP87B$n zL|Eip-4(6kCfqG8(cyqaDRrf7AFz(R*vs*UEV}9Jx<7XUq4?cNIt^R$NAYkZ4o;1p z5TnpykG$Of@n^Bd%=|+At)3{zaW%ruLO;Jb02VvA=Yk3zs$1fJF?9yhb%d=Ea(wkm zvJjG8IsocWe05Fd@8!xOaHRp{2Az88q(?gGH15FSlad9-MPMHBsUHks5d&~Li1ekU znU2D}3Y3NCe~7|)rEIaBjGww_MCt9kQlCj~nGV}?U%Eddu}Z_LMk53t>HlEE+pu09BHPEQ&B7#fb;*@S(?lK~kaXlDX7UfGrm)16XU7 zn7tzln?(7ATxks9W~uJ!V~H^$skZQ)OXo4|5uIKE--TLhi?6Vq@y3Xcxdj!?!muT0 zUS<9ro*bQRa^i&{yOlsGoGJ0=TZ4h@XY%aB$~^O;F~t?02`zW#_l9?fd!?VH!Ygg} zA4a2K7uFGAmA*?Qb`8@Q0(}Ys(SrR9RU|@vo^u6Y4^-FG* znsdVx4OH>JVrl|~nhS<@{du>$t3TodK~j$5=!pN|P67SpHXsFP$vwnG^rKKh2DsM{ zuI@=@aO%Rl9lcTt0MkCvEQ3N)u?$X-?o+J6kyT=UH4HJG!k|q$OcDp14*TnVJ<^_H z^B@|xbMzRS~yG_Pabs3CnM=;wAMd4e2zc$=uNoMf8BL zX`0Lnb8S*A>{I!H@5n1O15i?kg%Z1TqSgTPhR(*IKFGM5=2Lii^|WK*HoTWMKLhfo z9@&L|2@pp}wMXao4b>3eIDEx>j`{*en#Kck5-;;->;X!#jhyl2rFW2saKrmfbmq?+#ononr7 z()*eD38dW}$j)t(7seoAH45}X7t_8@*6P_7#L35(U= z4mo)HR;u(h+@0Sdq{NvOXvR*%}P!99^s zyvAMLv@cW;Du<3(;2(L{WvWSb5*2(G3OEIYlRL^u}Z@5lP&aZg3 zqE%tb#urFT2@5It#S@F}04i&?7MLf`p9WFKo23BPLUS1ro*Nr2@kg)dzi4fc_aDy5 z+413rckhnh9~~d{>{Tm*NIC`8t<3a}4rk(YnGAw7@shc^=M`pT7W;7N-JB19)6kf$ z)&}`cNg!gkurC#qv5S3xN=R>L;*I6rr4`(~)jSn=c7O>9gcaq;qkIR+>yKh)@T(Jb zge;jDa$xe9q>fWP;=?63ZompY{lSdS2kcIH^>^L<=k9L7mycH`3e!!Pnr|3S`*WVL zEIZCV;+5K-zUG$8TiTNyLfx@{OWHhT$#uKzs#s=rvcuJM7N$WQQb+T_D8@#{7`+0x zFu~y|>w^{afO^Nk+Ud2jb38aT(8z_2R-QYibNsGNlpO(=W>39zI3fRa@#)j8^XZfO z`ESp*@tyM`p)-{y%+FMg%A7<$D(nGi$iafmmLzDkG~~+D^3#h(0@C$=0E5$Xc1SQn z!hmGRUs_L+5`u&eF$rY+$I4y7(*`^Q*w6n z3*nI$^9f72OSZ0m;(Biy3Aiwcw;O$p3nC!_=9kInpy>iSy+-gJdD*uO1_Iv!eO;p%VGRBd+#LDb=s_6})x#5N(`1Q`wP$h)%12S0R0@xdm0J;dHAb@6KUv};<8V6VgRe@X`S;R4bph{j6(_?+cApY_Z z8mLic+t7_!3NIUgX$zD}=ILOHe~zX=P(&{%BX)*Aw7|u#u%7iMv;sq9R`ed2(FKbY zp46r|m2OJ)6x>jKP!$FnW_7X=k@;h&dq&<6qfpSWN4hTjuWS%2ITkaj_v}`6naE0p zwIcW5!nUrQhJ%miZ^)KVT|q*jj3Z107|Vi~j+%p0-{bt2C4Nu;CCQ7!eo6k9=G7=~(t(?e8* z#q%o2=gI;8M&|~L+_)MHbi zBAU8GmQa^7@oKXuk`E8GMt_fN!b`p>FG28Ck4D zdVPI}4G190yzO<;#quVFtYYpAXzHm70_$X_rVki;Q5rbvo0eG-PsgDJZAR%UOR-v%Lu=J0hghC%ZH$gN$L4UoAUmrtgN0xYF zF#;mde=?#8sOKg1TirCm$pfnjR8DB|8MdlI&kF{gOVjT{Xk&vMBgP8A{siV*bHJ}i zHVcc*q3$Pi$Sn=Vle9-(bhB?2MH&rh&-|KT$m94<`EhvRXF>5A%;lJ+#h(aKiP1gs zo~0*IxdCQ5m53tYwttw=ww#uAJ?olRW@DpO9sXZ7_+Ng#3J8Gm(>4(SFd&{$z= znwEQoa*rPruht8eXDxFCiciFg;~x3)B`a^$)<|%%1+^$=;)r|2N&uR z=G&?Q32^YrKidi8sbH|qrN7(FuYKmL89t}Uv@rC#39FwnIe%$O&)VYiR+u??WO95q z^@7M13d_yU=ASGA-Ic?hJUjqaTiBwqD3>+BJ@xMT*Ys8*zH`HZZ*C_v`WSI94frTP zG%Tdbm~b(TVry_=sdiRD5XMa^(_~d9%C7r-A5u|jQQVE7M+JG@+ijVE$0F9T3h4-Y z4V3A5!+2^q2!Bg~lpY2)#QTI``MZE49DEog!`T$V5&`EkDm4`VNc;$IW(#pMh5!j0 z4rd7$R>6=a!r(FQ6VaBUgr1me6_z*EKtS-RnRxv?ycRvZX^3-&<|hx2^GFpqrp2?4 z3@;`5s-hir^eQ773g4|-u=xyeiQ~l*;g?c~OJw1O zGq22Ewozh;F*x#Xe4nx|U=b!Xoh1<$b29S?I3eWDr!EFU?;obN$}H!M#xE?L6n{qW z#X!}|=6^fjfRX+ekGy$(e17out$4f=)g)=X!y@b>CQkUXRK6KPELl+@8e5Y76o#ln zZ@f?tlLRp?h)l>Ud9=@%9r!-j1x4AR_#S6dN+uqkkRT%d0K6a@py(kS<%Qu^yMO%l z`0%{FLtbp>Ig(eoc5=Aw9nuzL9YNL+GwkrxOMiJ=^$tcPA^*QuBnm=seaNrH1H9b1 z5rPCz!gVXzCO(tD!t-*mUhEc*b%)$+iviX=KiQc^e*Uj)cEn3RVoW@+=X-U$+9SsF z5bQ0U@3lc78M0N&LPCrge%jiG3e#{iw;>9yPWcoKIDQT&z7CkU6#>5rM7$m#zC1kK z27eA;78+g;41XF}cnK6<3kfd(!i!t99&G>c;C)~21pYwc4#A(|T~mCW1tAQu0QATY zMsR{krDI(m2(Yj_38`^~4;dyNpM;FXOT-5%{OJ1?KKErD_e+u{R=@pTt5ux>RhIx| zPk*u`KUG5F$|0+Nm8d>%mQFAVpn_Ot2!Cq>iJYn+mWDYlAGyjA+6GYpE6Ew)C@4Aj zqfh$#ge9ckf1}g!Ag}-jMF?b-LR}zHU0_S*gx5v2bWBV9(Q3ss;Q>!+l%f+hX9j0E zM(U&j6?Dj{?nJN`=_5LXK)zN>WfsfJ8Fv(T#K`9Qck`>i>mDjz>9lQ~+U*_r_J7If zC@20r@}|KMYaj7|MW}O;+ALDnLv9&R@@)dKEnpPQ!f=N~ti%kC4LWWhwuW?v3@40b zC>a@Y(41-F60$Xp_k=Zk@JC;az>9n@@d+A6g3jyTj(6bc|EthkQ9t#D*V~3e)exg6 zra>6b@NT_hKGhhuGwS(&Btc3)M1MnYDhGdxm!kVRu%<;CN>Sy!6al^DoXK5HSm#24 zgSHfpdj}?~xKQ*38Y$E7k1ztH-d0rL-d(q~LH_WP2y84^;Zt$=hVTtQ*|KFiVxdp* zKml13;vmE4Jf+kB(NZ*JPC0B%!Z;Up2L#YOo*k|^!+T^WlAxDh0SFJFn19&4N7@}R z#E#``jiGU2I1DH3HZpSJvG_!m}Ww^V3_Lzh?w zuYBW3I+qQG-eENn$jv-}^#_gp$tfs!v$;RXLKqMg)C1vqC@SnXrjc3e0E3QLIh!UB z&Vt7jjEtKN-pfJ>W;q2k)g|ym;xW_{)M@Q$$n(&J_wwnO1C#=*iGS>=Q$UjD`-mMu zwv|(=nqJd+zUfgg8U@sOL&I?DMP%#f%{FwWcXFAUZ~!@9#GF}0*`MSIA0Ajm*AK8q zh8{=`TP|*hLGD&Vc&#y^!-umAwsJ4{{#VW?pIv#Zm(!i?-&SJkq78i2{n<2j6Mt}t z50oXrIDqTTN2rB(HGd%$ZZ48)ZRjmrs2S)h@7FMISB0C!a|9jLmPSM7Q?XHy>z{-K zXUG5hYC)DWwl3AM_q4te|sa8hP zCwU3CoDu?W1Ao2jmi$29y8i9|>;J0iKkG~9I`2Q6ANSq#E`2bMhWh_|FJ8VV)PMeQ zulwS!`p-}CPi}59H33df)CUlOu&hQTqGT(GQsVxOp>p)U2$i! z_g}scagMpaCz4vemGV;E-)9L_B~n?VjG8zCX4vk9Wq;4Idn(1xHK`kcZrCsgOFM%m zDDHj6#t=4%C^a9LG z^kA>m`trpw#|}ZQ`}@|eOU@ZdXqp7{hFZcwu(8qMgpp@k!Xg=_Ayj0ReuPCvLL5fg z|KKc&y?=D_>WeE*dl#ERg3ZtOZSs{2JWgLeCywLOA@k{WtF`Bn!)!bm7*eLj2rC+l zEQL{rAcQ!`q8;FpUv!Nc=)H)Tvaqt#1@gLP@hp)sf{Cg)-Gc&gYBJ~@9TF#4Y$`Gy zPE>;CsRvA)p?nCAL-?fC+RtVq%eTe}IedE}UVjiw^ixNGZIn=3M#S;Rzn>i+o%Eg4 zgMQ!n_3Xnt2R%K1hlN2yPUUJin?=Mk&M$S-{Nxj{S340s3|Q+yPZpA7nfDCl3f}wg z$>?d`|J8MKZW=%EDv0|1|Hs|#?vMHXf3Mqpx%b!p{}lheeChl^Zh~nKTxz2rr0G1S zuYaauT80zaBR_QR?{No^M~1eni@_nC-x~bsIU%6mMH>|C<%pd=gMfs3m|Ed@L#(2NTT0qTAc4S#8Sl#6O*U3cUGsy7STe*XORV%PckGyb^?|M{|a|8?)8>pYj=?!CC^ zIxjwNe{#3K?B6fjYx@)b;eXloSCi*~^Q-5KK7ZNWd4Av9{_^8}>D#Zp?d`AD#xL); zdZpG|TaufU;FJG#_mlt0M=Af~lfS+7$!%;SMz>wf`NjR#R+;zqm))H`(d|iOcwQ-k z=w|!rKh`N&jb!_kl0C1G>`QlN@BWFT+pCoBMYVMMPbJ-MrF1W=rGI<=7}E8s1o^RA zkQeJ0WP9s>x_{gL51}}=H?()iVW#*-x^AVEZ)ZE^ZfvMbaqbh~eF z{~IPOXa6Jz(X=Gcc7LuV9CVyWP{W_^+tve)_%}$Xcb)rIPDD;-@@#7h|M(jTwli)% zi?V$TVz35Ja}oo%2Xizp9?`OXC$dEljb%tphElgG_M~msZ5L<|8FbUz+14WQwe1~a z{{!?aYHO#ZK|d|Ni*l?BhFA zGERNs1f;#oJAePBOI4ETJn%`0)u&HUr=7F+4nMsA^}b!{!#IE2zdSoWeS30vaDMXP z{pIodgJ0erAGOIVOz5avNyTTqd*6HZ1%mLIN5dG0IhMWrSY%dzVP1$JNlGM%o+Q#Z z+{(pUBm0`=URq{Df1}r2k+m1_<#8R@c8mXnA3m%J1LTUu;WTi zlHw;O$mG_u`K}5xRwX+4?(M#>x*=3P$VFsaMZN`O%WE`+{BKfc=B?qTE|U){Tl5co zJ#P`Vj(5GY(L-KWIZ1*78&$lHFgI=Wbzvdw-FZT!2Fs&m|njvi=TP3?`Ct>{cy9HN7b#n>kjSS({-@N>>&b7gJQtnq80u zws({z{}wigldqCop>?$_lFs5wg`Bs{U0+u1oW&YnUt>dN*Bw9*_D(EDG$4xBTU%Qe zUEnUi0)?&&qOnk)PFXc5Ta534d9oJqs_1sndkCxy4x6D0B8)ePbod z6zavy5?Wa2D!IXvZ}*mZO(VFryJC;#o&R!wkS*OGI=I=|7ouIKyq0sE(FOMuLmFBo?m81f-y~LlwM94PdVw5 zuYbh5y(XJqNSp*wN}lbK`_00v;PK#3F$Z~aHD@{;*>RGvq(?sD)jLq@h_mp9mQPnS zN}*H(-!4oM5W5RfS#V$dE1VG3M9MQ>K-Do~YwFF(AkT1{1YkiI24mIg>SfU?23C=b z<38kd(QBbug5oPvocyM@rn0@w+K923SASj9GTVxl30W%cd3SN%OT0i7GR|H>W3T`J zWN^~B1A75C{rcxu&TUSNO4n4jdMq9(@%3Z+qvXQe%7oa4{qOX{``4Aa3560(Hj6*4 z=7}Pi>!ra%X7yPKx$@S;D2V)OZ`JQKvG}Sg&jE{`*kZZ=$aPg~;8$AIRYZyejDP7Z zKg-NhMgB+aLoK?K4!vkIMH!l%Ng08IG^NuRZ6k)Y+4ZFxL_bjd6*&KF%W>gDvMD=@ z43}ZH#oN!xP2QmL78;EH!je2TmPD@=OQcc;C;v${-+y@h;lok??ZNNIo1|h<*cP?E zDF$n6QXgw$<>-~4JE^i{RH;Zj1Ai247WFTGp0PHOr9Qi*AB!ehQCBRv`k!LuKXPRI zuLV-KKt@5!qLkmT5DLTyVRpNm4%?OudADon`3F^n1;#YZZ3LTK*xwPmb;$w0hOKIm z01sJF#XpvQuYI!~#(Rpp0Q`-SH zVGDW8J>P-qxJ^z=!wD%4J)06m?!-yJpg?4Iv)HNJq~6PFdSY@ygRf5asezO5zv}qz1=kH9Y*rOSp*-fAgV#{{G-jZe!VTPOyf1@TX8w`K`i;kYNuf zsg*!AL~|3(>reSzrBao@Wd8Pi$gXHBwM#~W@~@{8TCIf*C7f9gG;B1@40n|5VptcJ zgMc#Vo0Z%Kxn;>U$GY{wNCvwCPT;2gbmB$I#J9V?%xxVgtAEF2M0h9O4b5rO&1YYX zkN2DMIv!A(n`&>7n|v_R+oRdXJhvGUxWc>@?30#Z!I&=wG0bCesO&kGXOKUtNy|%| zOXUqO#=|}CA0C_@A6*Jsubyow`Q>@_D+aqL+2oyzPo01L-1+qBUpwQ??SC^Ksfvc# zlCe6^zL*^D%YQ+#s#vL77izHPNqT`n=Mu~0xb36XxTb9QCa)DIA(uf`m<`PtrzJNF z`ANv@x-;tebI^5FDzpAR|3Ye^u$$;VYYH1}mwzu75875V#cpu;_T>2e`Q?XGu^+r@ zKg^%^eY*2#UD(NH?|jHOfUj`%+puC7NRL4T^A^l+vw3vMDCMC!IIs>sNJshWNKF zt?}}c(n>~X8U3u#TeC|(=d}#Jhj6u4#C+JthqENX8-B3oj@U-z`$s%|K-Vf)4CGnC z$|b#5mVdgfR#Uj8)(?+a#Oac2%9;RcF0Lkj@sx1d))0F-5Qd zXj_f)2Hzun?{r?_Tey)R2}+bL$yP>KYo@V?>wm_^zF}kU@=m5rjMivS%j}rCrh5On z34Z^*CRi^Z%&QA zseinB6uzrv{9$WX(}1EDo8>mSxL9#j{)+Mr;9dERCSb+Gw3HMRBB` z+_x6U+*h#(wlf-xnx6VD$EUGdn`&$Gj^IjhZ$#%5eMBmng6$3mUuew70*;j zNrh>vF5qT0)ip{jRg|llgQ^!a)EMS3guLrf+8TRs77B@~0U zn(v?blgj+9{vD8rhh!KfVVG$+-^$d8ogXp-g8X%mgkiPy!EuqK`Z88|*@}Z5PP#Jl zlx5mcHFk6D?rHL{;-_KJHiBp#4AKk_>TfEwzzrBBL4W7fc!Vu?Y?|!M%;raV_zqorallxc|sO4jY^`yqI z7pLcMj!#ZM8Mai|m%>c`|9@Z4F0D>$;t?>^>%#Od=bIjxFO~;_snL;1M>GkNOj)+E zcQ~cjqRyGcx1IY^y!ZJA1jxsMalkPMt8(F~8WuheD2cfEKHx4^Six|F6qr$_d(yzl z<(u&8#vI332z=_M_*#U0OOijLl$vw&f!kCZy}GMN!W zNavTG2q8bZ%Gig4X}BO?346w|e>M3DhA{F4LCbJW{)BYyMg8LlvQdjqV)>v^gTyWV}D(ufMBL^Z}~t>uSL-x z31U1YyVyrouGkj36~n0P@}EI0B+eOAVm^g2(sF4=Xa!t!=EK}iQhm3frhcYqKoJ}1 z)U~sMXPfa&rcx_X_&0WbV3To49;=390d@xtd(q4=*E0-SpNejpua3_z-v9SMZEsl1 z_9d&>@igp@pnv(T-MaZeri&W1VL&Jd35o3|$@_cuQ{aHGh_W$3CbrP zD#N-)-1%Lp6wv~{6R`8GnB^|;Jg+Inu)OCPehJRoshJ^SUMTjwnU!GX)&b+LB zTgSVyD^%GLYL07NO~*Qi$CK0F$?V^pWRY1XHN5Ivj!yUSs4IIorI8%0Lt1oO(y!|U z>G+^xE~u}az0Qj-s>+-9$1l%REyp=7`8JhLqIo7|b~S4;`y>ephqp&*dz3coD6Q*| zq|Yk19DnBlj!C8C?SgK%_dGX_oWB)Epwj1d{^?oR-}YVyXqD&Zq0>=r%bH7#{I4Sv z#)z&g|LfkfX9owR{I4&z`Cr#kYUh7#KWUs$1UUjQd*zyh;RO7Vz)(L8k5zznuko97 z?TUO^pM&RzKp+?cedNQ0A;8EOf!9eN(Fk$GbbrosjKYA)3#Sl|F-L();EfsB=})Bo ztMjAF_ii!rcfE$3Ur9D@ji9FtBCYJRoU?Z#FkL2VPU*L(`TiPFiUS0uYUX0j;-7fj zO$Gye3!1I0GeIs}n+liASkx+8+swxl9HvfXg<9|u?9=@5ZKUm3wYS8Yr@lyMx|dw? z?SE{pxnCEapfukMK=VIX>pz50mg`N8y9kn0{aa(tg^B~jCd}s{z+*T>6`SX&I-abP zjq@!i#GW6R2 z!8!tf`3brw5)+0wp%XO)$2n^Ob0=#$yt-B#Ub|LfA(k^B9Lw0BNA+t5Wo*zr8}?80dJ zz!4ZD4g<)cIDR(eQRxx$1FH>$aonj$0BIR?M~Gq$hp3ZFci+_((JA;NAzaF*RDXTy zl+xncl_VevqsreX8t4I61$;A%fjX4*k1IL{qX1kZ$}ow%#u*0zK@5y>gvT%hi1{!! zwqQXjaby!pvstINa2$sSkc7tx?=%4TlaMQfVnkc}-hp@60N{quAf|}1)}eRc?SDGh z+kdflu>ZYl(=xcUq_i&06endj5B2UN!7ibr|V)fjP=r=(?%@(X7>p zi+nmEQ1YitNt?qRlgA<0DcC@Y)u!2uo4dfv`n!f94&IhKrD%w5-$L$>K!5XpK79Om z)B5<)`~7dReGscQh5$3XTqXI&@~gkL(#>xMgHF==tc>}l^d zL9;n~8!{#)uPEY}l9*yC;>6gT3UO>>5(JphL|*>)lVFJWEI}nE!OOJzPpW#>V;-|l zU<~^>#2h2$9iN}+O3Zr&8GmTTB*gxteZ8N0o~tVw`$M%TU{&iQ4)*ZYkt90eVqDm083B-pPY<5dz)>DpTS!D8q;1Q_|VEq}!T&GS2g`ejd= zi$YfMZ3w89nq2w{yiu}V#=CUZ@Q#%VJU5}7wNmKO9q>MeeZV7t{U%Dp$Xc>Ki}h)cTG1kODCg?7 z1Y)GJd2#6*C1-c_oVd6=|02@!=HwUS7Bb96OO~V zm5Y$K24pevE8+2@fXDu#@Q9Osh}q~J;WBL1aS#Yy6S0m8&y!oNViG4|B82m^bJ3bm z&N_|Kg;s@AWqPI6(wNQtSi4rstr2xPCFjX<$j6uxPJ9w}z~#xg{Dnh0MEqQ~m-QP3 zjB@RiBR-^=n17B=%0o7HVukpRHRh(fb!!Pn25#Lm~1xp&fm- zomtFOS2?qpo`o^fmARwhjEchR%1tXlS%DhHB#@5*n}1~%q|ZmnfUG&MkpC|r|0%cE zF^m^g0O!bm`!Ajs<-dcyt^Bv1;*^_|lk{5{-%*pxQ02}#oj6Cct=_3?N|nW1SIDg0 zwjK7%msa+Ru~8Kcd%a-8^Oec$;Doh=xKu>0ez~x6?bU307D2iLrbTPf8mqVwOn!2K^dD>sh`P9JXVwQV;)tqvnExZEpPJ8$? zXJw`L1RBL=hBhsAHYX6OSKucL(0{{QTg<08=Jol(T>Ia%qW{OUgQLAI{a;5Z+zh4i zliFiYW$3#%hp0rRugnT)K%{MTB@AkYeiXPkY z2+9KVKSKP5(5sfZ3}3(qFo*shJv%DV|NZ^LE&X3dDae0%kI&T>TY6CWVn(rwcXorE ztbeGx!qL#X`c4|ZuJ`ZCPx7d@AUB!0M3}!*DBP3OBkXf}T%643w8s_7xA}?JGfq^^ zSzV+65R;&rGq6gpqBj;lufeQmGT$8IRTyzOiIMKT160oX41b~igdFG@RN z-!qDa^5;T>+=<0e4%G&fjNQogz_SdAN!XFl*mz*M#rULn>RlCsIOu<624f>f zvw1@FH{f!FOei_EC?ErRazG-`)qgGsUBm^WWT2mL8SQ|N5V%B4{hD_58v-{_y)c2- z1P2;2I2z^~0IZz+mGgf3ntlFGb<9kctpbz{>Mk618`U?@U4Q9i5&EA+jFYUoHZPcK z|35k`+J6q7?{De_|JB$3WNKx{=z%=NfCiPPg*}TG#@F68hoT`BfEgh5tsuU)HOR?0=FS7tp zZdHn}BF?q}gC*@(bSP`@N_J^r@ZE-q!2i}|0s2qLB1GRR^ZY+v92DjM{k^UHznaab?VK)}`zm>CHj*)=PV9tc7?(?p{VfcAEaUMzm*YAE>x}Vp&*FO|6zxn zcH8^g^nbeQANlZ9S@rHKRp0yDe|dlFn0n@Nh)}R2tN)Cnpxn~+cv#Jqv5}_)rrq7@ zE)Hk)aF}&)m+%Jj-hWN&DljYIdvA2nFF`|8u{(|>kk;D1+bG1)Xa!yXPP^S1vpVz?j(sZ4P4$y?@agPjWgpP@5o6^( z-1nO+cTnG!m6nD0|6*Z3(lU?#zc?!DfBVl~Z0-MRDT~L=cz+}sTGhj)g4>Y!y`ysz z1w}fxd``8{0QykfeTb6BYDKKSs@NI#37g@HU*Vg7cfdQ9U#BXf#XW*qtRjxZJwjNl zA$rAq16QmrX2pHORjevfMJ)p13{lY%|8Y<9ZXqgWMyIG5n_^~IirFp_GwJ`r{9gwn zUEceT{pW{8{(pbCf3&s#uBB9Pi@fc(S|84tD(i|1l}5|0ZoCxTI5Vc?LONDvW>H$B zcF}cHPgB)$V^}msaM_$xJzQyuu5qm>%cg#F-fVWuLo6~c8F~FY2}4y`?ojbJ*BkFr zyUbf+?_qt17pMQ)`Dc0b|KQnv`TgIEZTyF|6zl$PXMbK48#7R%0Frrh<_PihjpySljeo0T=GZVO2Vg`mzwwL{q>VWmm8 z_FJPRKG@fs<=rCEnF;n?Ft*wm>0=VSg%KR0F@K7mEW&q8VmnPNl>;MsGQj6vlC2@=e`XglG z3Dp6Lu<)q9)^qwr#IUV(7{`9W=-;26|UYX|D$d9Lq<;oCe}sZ0L^O{dxu5fxUu@B=IZ{M|RKLh7 z*}uA&Wv?VKrV8FNp$uy5r3z< ztB?yv!?R&T(w|Rnk)Mbe<|Bu+6zOxv8v(Opj(~+}pgrf>@k+p*iKoHTn1p0Fd5tC= zkdInFB8-a;oVcL3hoS+ZcZTi_!ov~ofc?F_!nDM`>+QTmbX*4RoQ;{gHFw{fg}3K^ z8?@jS6;5yd&m7rOopxg(!<~?baepBQa#nPu$;K~L&B7av;cfQ{-Q?Iv^$5DQWk%h% zA(vZktq!dgcIHO&b0HhUpCm#}d%&9!ihhk4#e8x?B93mIL6-|v+#Q$isekWqqb)Zr z;bbhnhmaazT0oxOH+?Nu&Ow619F*#2HoXs&>Q1m!Ejcz2Q$$gfG5jL}>1 zH5a@~y9N;^L1dp!QT1G^Qh)8zXNT%RWt)x?R=tFWMJ(x_zPmhoclzej*~?E> z0>c!=#4wq0QM$~0jKu%M5^g)-KLV%Yj81K}3wFNE2@bnr1luAv1)L_44~|^UEDkTC z;{1<)y?j-i@6WktkAHf*DB`ctM89jzO6eN3=+OgmCB12=*TAjt4 zx?cdM^~86D>aEs*P#=N6R=hiu5CLDl{8eFJJ4nW{M}z*S{51da7a(>CwAkEwcu-OG zKZ`2|e1sz4$A6%8U8q_dgit*EPcXox!N%9+#-9p*H*Mbjb0HS7qM8MgSvq=E@2c&^ zEX16uNaP(}CFivqRyrdi#^Z`PHZ4#r1u~EwpF^c$CLoMhS zv<8B02`onbh=3LXADiEP*6)|Ud~AXr#pfc%`=c=lz<<%+9&mj%WM&}>BrkJf(8A>| z)6yb9Y_KoY@YiT^GD7|pj)p%(q`HOBp8}Xyv3+DGEtK z2v&g({Ob6;O4MO%NKA-Ve2%9x%*OhTIxvu?3|yJ@%~{!wL%uGs$CtM+sq-v1LRNq z5Pwx4jkJpUXcPlIJXRsn79$HY%?pwRQ8MRXy;5m%k>}fG>2iDJvOKY~R=AVxwaZ$r zU8)mgs&Z#dARTOJ%0NYrca!`oI=i#%SJB@+q`!(DA4vXly*62bZjdf=dFnw`m-obz zWhn_&9WDb?9*3$h2UTV$3)VuGqA$3kdVggzt`M!jOp(1ZiQ#X3hBQn{%21KTLXOin6-e)Yc{9zSoxjgN|gZf zkF6is){kuKN9G3iW-By~#+Dm=BR@)!EDJ*Plb}N{5l6nv^0qwhS|Es%6c&!@kQJr7Rx5j={6qFadA6vw zawcfcP;JV^>C3b3r{k9|FAAr{84`(wr^VgX$3n3+xy7v0Zd)-1n<4RGI3kQU%RRy% zpop=;7FS|!H6gMmu%z+JdCTVu{eMNeUj+2|aku;1`-_+5xtFQ`Ec(ANpIw;K&Z7Bu z=C(7){atUbD{xwN)?rKVF!?J58nH*i=mC z@=f>C$(ys&cb78F#Ls7MPMvd0$#dI&Ul}s*3Qc~-AzE~>lhcdKJB%iNTz_o1<2w%p zPaK0SV#pkE9{+-P{xB^T&_lPW71dgmd3Le1>4MhN8J4VyE@v6Cs*P+FomJY{sx5?% z8~lr!CF{U{0ZU?y4XA77oN0KodRxr!mdn8G1ib4>bhRO?a?jjC_M)`j7IIaM+`P1{ zMSf_Fb)GgjjeM3F~vkmnIU8>zq_SR`B-7D zh9#(~jV^gm78E4)=UW(eN-9b%y;HRx!?@wx$NA5jE1xl&_q+DQVvTWWwR!LRE77<$ z3rFt@lr&L;?!5>kQ7}hiRtz&D#WcrxGAl31O7qrVA?>#+&xR6;$k85{h=#gBNxoy_uYThopal@=Jb{Xr~~$1JbUJ(I?6;oljN8x z3(y-x8D<2vLaT`8MN( z7OyT!b7A;TXH?Hw*r7X?Os3Fg2mJw>t!BNp)_W-XXB|$h*>F<{dB|A;tND_NSmx~1vxlBN0vgAB@)A3vz?pAFv48UO=7)NAmiqCZV@hr( ztpLR#nT*jQ34mtDf8Kw-e^iYBe0a3K&HuNS^0^p6Pj0i#x>VHWm+8JcLp$Fwkh31{ zYs=|w!YVt03SW>g#L@6q8A@1&HonFJl&`QLv6DA=jClv_R|P#b`;))LT}~u?Yd66B zxM8zn9^VNEfPW*x>|JJFGv?WRTrkky{MfOTLS!+pv03sMaf*Fb5#P92t18TK&LA@< z&T+BN<%K(*HA>D*R~cZ|iq}0qRJR$z9}L}rxOIh3c0ler0j^EQa9)&aSH&99Wo?=K z8}JUH00lB6B1o9P=_DGH01q$<0PRD+#Sl+oZ!!+k?tfgftxPGW1<`v4*(;oWhpg)! zV)jJy)S`qDHLg3eerv=Uymxfsdj=Yw8CN*Pr+M*(T@{xYXE^P?cD&)4EtVK}SdFsb z@rO%n)Si3oK)2gC!gmGog7Jj6(SYZ5xQzx}iE%YBtwapnVP_YMIB7`b9Pi(JwFSI@ z^9}D1wSOn=V3iRm+XWHOz8qu+#emkFM;c zUJ&W(7%9c$^f-}xRhV?Y*Qt)(-a2!;5zv&mu4VJ?D7TK?>wc-~=weBZUiu-?pZQPH zmh#J0uY8?|RxPSE2kEM|cU(XL;eBZ35f36p44!&e~ zURflzC#6`Wm~-8^eYaPhTRPU_kN7G~d9K;&Dy{mn{eFLMzdYN5?QYg&YYAa<<*z%( zUrQKmOXun~;(oix(o^r15u_++G2&n4JRfpGQ4*!?D|Uc~Goc@&@c@SvLYIT>8_(6Z zrhk^xKWWa(zSOo|^{}sEEqC^+n%P0Mchw>wtpaG->88Sy#_m1uQB&#K;+C72?e;Yr zA!l7^r#E^P7uz#V%ze83TJOuhwzBB`e;o7|Oa46f{(o=3eE+}y;>9-q^IA$3l_$YV z%xDsGOroEXV2HSMd9&~S-Gt21(#u+D#eYZn6r7i<-qVplpy$`>Ot7vT&8`1|LP;`@gXcXU;8D&xWPf3UtWdL*O|NcQS|Ns8;E&X3hneYGg*^v-z=GA`c8{db% zb=_~X4*3Ztd_*YzQ{GB@SKrA?nCpGb94<(RHpZ>YC*znzDB^eUd0Gn>p-Cu|secxL zG5&>;B-U)Br96ZSzRg z-2lMi^>^CZEi1ZbS(N^36j(?Fn14h6kM@pA^8fSaM_c;8jxwMA+jKjn&YEm|^^|!v zRJlO4>ODd*CojD7Sfxh*6`OBHs_kd)YEaw*he=Dlh_P=KPr`(8M9qTq9lXw^^>^&gP#TLBy9jXLQREjelTxN#S6C zecKht`Dx|~W^}glh1k&RN`3S~oD5dp2K(!5*ZVm=XC6)mjzy*p2kCo$Kh6nlrBE(~ zfo+F^m=aEW5_Z7l$+`T6LpnrU-K`rZhK1nzjs$Xu88D4>6*CL-_e>!@{G20=+ z0koV0VI}aKJ`c0OSErZx>wj>1N;u-ixZE9VOMB(YT>cTW7nbwP$RTI`LSU}-e^J~2 zR+#>`D0h_qp;q~8sR8rsKYRPd``@F3!>#V+<%e&kM&FMWzheF z7Y_RW;>DK!ucO%d2JlW`4Es2g&ttvg^D|AqnD+`Y(A1lbqoL;$iU{+3GHze*H^HuG zyija_nN6}f1+G#xgFLU%LoMAnRd0cj#ea-pW3ye5>J2mpEDM^gD!ic5dugSW&rt!3 z>ed{!uP|dAaYV0SXn&?-{$2zb>^|!2pM_313X%9Uv7^bBBF`?`$=#=;;=r1Ts0bRD z>c@pvjC6_yZ_GB z|DL^gUiANcet59u|LZ6Y{VyNWG#B?L|1M&;t z(H+Lkr2wc*4={7oD>PYj)L?WDDIBxPp$ipejvtI>4F9N9?)mgT&GH8mKDrYRm_z^f zUK|za|G~4pEr0!AOL5Tu{Cn{n{jYeKy%;07+vDti1JXb1Rk{1sc?=o5AvDN{jpOFO z_2oL*i#i=nN7jw_yMNo*j7k}l)v;*!r8s`J<724*5%cM_< zN65d*0w|T^%A~-(M2ydiF5{|f#hA%r6SY9A#YQL$f6#%59NACpI7Q_*_s-lG^V0`9 zVh33n5S{tstQEQP9X?Nu5=+TO_uMHhy2BFH2}v{~6j9krN&AYFISUdLgEv716K-T7LRZwZDFdL2I;-%^I{~P?fM0 z;AlW(z-FCgccws)hHDWd>fco$xSu(xivC}m9)G`ld+LpYCD53e^#5S*#s1M=p8oGY z+dJI8|65D>23$zbP^8Z|U^w!T=#v2-Muzl>dN>-gr(gux z2!FAsAjFKbr+^{(|AcZB=s)_Hk73N@JVuik(U1&7GGtz(@y$2j^38v~yl6Cfyz|61(N_>%fNQ5({7s|P)K4#y&>kKq%WYLj)!WFBgSDErmfRMBSvX7 zeww7${(OX)auZ7%9fFty3~<6>*l9GL0Dlr8@sn9Oj)nj#+6u;yaYPk>wZ$jn4Pb}F zDx$fS^T4SFdQHsQUI?Z4h2u&Z9D<|hNx*E=#N|@vk+dRih@ zrzA*Z()vc@G6PYc5Y9N2dkJiGWEMW|f)O5$!b#Sv22)$jnQ_R`APE@~Fc%%YPJe?u zr^ua)`@9Q$_3A`tIp8A%UWt8|fSB*!RBsn~I13 z6XFmYpPwt#q(C4&L>F$}>6n%{46?gHXpAu3&bJ}Cqc)JU*QrWPC!v3e6&U*@k6eO>%?d;)(6 zEx4WnN}W0s#trwNu<~#EsdrB-h>+q?eWVR1iC|d*^9PuN2}!7|qM6B=BI1Q}cu7*~o^IG$InJdRRSAFXK;>s+ zimL;n&ZkAA46V~A*KjJcc=bFR%;sT&Woh12;9NPrm9eS{4hBOK4HdyW$T1!#Z{j0_ zDIhmd)|Fu~lFWb)xkdcG^G)vW-4tb{C?QuLLkh=;3!WzFiI70@m=MTx6K3TKI*rDU z;K`Fq96x!|0dFwlf~*-IAEtk~NKbB@7^QBp<1Ob&lFv5<^MYBBZ^lqvY|`|3IuP_(hIFtpm~ImoyPWu*s3LeZrB zEOk8v?@~3-7Qot;Fts6N3VMetpoqG20mYaEZ&PKrKzOoQ2$9CNBnUCr(vjzpqsLXI zp!c2zh@#*E!Jxd{rHv!8lzeg{>J*#^*%UA&gg_y33K>!0tVDlP25v^!AAty6BMOEB z=9G*HPt`Mp(;hgHy1cZ5GbOd|dEi(`pD57sBG_+z?*Z%~4;(%{0xfXJM^d;v;-j3N zp#~enD+Dmljq_B{Y?`V$f?!7hx)ozdfcE5KoiAj2vPL&XJ|1AXE}`&J0E_mBOixt} zgH>(Jy^5gUG+BSP1YkOMKv8HkJw3EIhvILeEfgTgi3Z(DCb!Ho1;3yODZJ0jjHQdR z>=JFE&K*#M2`AD6=aO8Zs0XIteJnKiHc8~6OTUY`9G{;FKn6muhM~Z90ohbfe>`Oh zdIK1;)nH=|jM;_p{IRCMsxFXHunZDu;pWw`NkF^w34?!Ll!Rd~H*@8gS`$E1pdDG) zH)%8T&tLSstuT=#j-d{>Al(T=%C4IkQa7lqo``0*=)L05@)-{&07~x$%j&<%9bQEd zGWOw%?^g~*{q(7q8~XB1_v?V6|h9TUcIKa|RRfSEK_`m(At zG6Nq`jt62vhzZ^~60A}$Pipr~tMew1C?Qd$8Ik5gtTmTh&U55k6C%Nx`WXb`cdS`)}aG8G! zdi&4T4n_U!I}gSw&=1Hr1_jgdFi_OKikBmb*ocIIrrh1cuqOTcrod4^amAJi2NVYo zhY3YRDE_Q|-bg5}3>9rC=2L{;iM^y%jzg^OucR-V_ITf62!TEd$<6K(=DyfMff!pm zRZZYHTx#bQ6cfhD_{4_gRNc`jrmMc&_Mia{k#U*OaPz>KcDKb$xl!;Dii#U0J`aB* zLf3e5^M;nx9-Sf06r7y@+J1}1gihpobNBHP38Y<3HIvTE@`YuH$Cy7htF|`Ouc&id zEz?=Zb5Klgpx&fO%3l$3Wh6I!79ZU$RjI7&+`;m#RsL>Dz|FE+TOJM@P}YTuNgP0q zx?DbkkeL>GQ}C<&F?$`6VW5FxcVmB`ctNBmnp)CQ0ct@}hROMd6)K_!rr=ckr~??N z01*l&FE-~at0Lr)rN|yxkLnKB1okQ2KRNE6GC%kYx_%O%J6PE@ULJ~l90hqOrZ-y> zfPWPg{t5z2h3IxIZ-2y363(fAQiS*op;s#Y>i}-f)$E?f->ooQA z%GR2@EzMn(rt4eIZD~5_dM->$Yc1ZEeuY=1=~}khCT*qoNW~*BGdUH=;`P)qDs$%)sQN?73{zTWwBcw6CbFz766y@-h3GMp1dsp z=12XKIUgVD3dztQI8xzadc{!Xy%LC)1fZwDm)9HVqiQUph5aju%&mVbAAw$Fg!JC7 z+rlBIobL4HNX8-qg1i`ag7mzkNPr^%OJMTWv4ORVwaiu#q3_>$4vK#ygeGJA-tH}q z@HiP;(WlhaHvWM}*bierA7AEI1yxybkhq)dd_6N_(|d--8nMDmosNybjWhj!1wu#o<7f z)!+157LJ7-4;+!K9#vT*^cK40?LKn2<;#k0cx565htE*?_==hqCT`FnUOfU9H63ec zm&&6YHH!L<{Pq0t={mZsUgaqOz#e)5l}CoVR32_>Tjq=SYgB)I4BITq`qo-qLchY8 zO_KN(##A1R`*$v&SkxD-p%+ygYwC;l#;(Qm#{7}UbVfVWf5AKWogmCQyRo3#F%i-? z!^23%3fi2qda`XLJt&5HxJ*B7I4qYhH`tvED2^Zvjw6nb2LmA^*!GLxbgZE)vZi)A zmqEa?fI|a9edT|dPLl|bD2>XbyptcEvaLQ~1`GnMqL^zqVr2YWj?+&7rr)G9Qy^jH zgzm$`tX$Ti3FJ~`*h-Yiq9NG;x;62&po}b?gJL)Hpna@Rq)Bwler1Su!2aIe-cvAO zzo_R$>QDLo9f>Xo;VPY3O}I-aR%IT!8#uE_{f`xz4sd@xRk7jEDZa)b8lqF?Lltki z1Ed)IR7e#*8OP_83~-1#;4@HpG%u2f<1sRkbH50VAHzNl<+&C0KtM^{0Uto~_|2Op z_#G^=Ij~4(vz5HRMwH?J$uP@AMS0V;g(4wjAsssf>WmhTaYxjqG@C0W6k%0Zsx$I4N2dI2N5dkB@WP)myIBI|&Lj>kEfLA9Z@jGmEv#mLpX3vPQ{469xfAET1_?CcuA*7>ALMz$?PIfNA?!)dZ)vDtQco%4$1-)3z0ph;5=i_ z%%?C$c9QdDPiB=xNIaRO;bGE_As=->TPJCJ3JPBd zOyara6du!I<}znr_0VA^lc(~|rj#|xjVjlkeK&Dzd@J>T-XsvHTIzP+IHyWyFdY%g z09blvl2GTAm8oh~CwlumodtjaXqh@xMoBJ&&}(oFDd=6CzC7!GI{okS_ZOF^7oWN( z7iZ^}y~V8|(NyWZ6$Ifei7`yC_X&0vPS8< z07bz8SPcC%fy_JegLdUtfhP<=F-ueL;76A^ateAn4d%+_#sU;&pp$DDrc|=47>xP- zsZbOn!o>+xnxe&wOzKXSZ?!sF!%|E zF!FIUY^&ckqO6`r8z`320os50Dh(WsHn>rm%Q_xO8z|}nU5K>xmIQb($rAo+`DVk6 zJuA)YR0L$|9W@)2S^jnFxyq)()n0$e-C>%p`ApiYFRGJPKlYL>b5$a99*UOLx(LO~ z&9z!jLGQpj@>cWm)d58-1$YsP=jo?a%w?rz1u4m`&P!0Vla${hIk|uC^UBsC8`I((vYQU$taf`(J_wnZFH1EZ*xj21{Oh~5XHI%(LTt9cRfNO@M1KU z@2DSkDGL?t@LF88k0_T9S(VP7RyL~pSfw2vnS+!*UJ~$7QBLjfm);g5Hl{c*q7+U& zV^3+G<_*1cS%WPi6}W$k$sk-o8I&7jD{V6vD*UMvn88>fbi505*+8xly`h++67Nre`}OqU=B!YEXB2!d{wj4v5`5N z?XtepQF3;h>EyPe87)xO2bt1~k&^A#pj%8HffL&L0HduuDl>nDV;)6okf;ZmCn_t} z*?IFRXl7u3}wCgl;*a5ezRW91O5u zvSt`0a@MPbQTBg{T@O~R4~fiz9qEglM{$#6?)9?;2j46LP)AsJqKpCo6z0Z*MC{_lo5MDoWUEyJ%nEL2W!7FV@vOs@lpt&(XR2Nd;tteW24vNNk zFlW)tPPI1STE29ufpUWoC;SnY_2Hs{Vw}G!P4%uK_*e$NM}Ji+9~A7Z@Y?sX+7F46l~aHAqJKSWtSUA&+7u?ubw z?~%NEx8r{~Q2Z*qkJsm_AZu(60A*Qyepv&lm|`Ns-G-1c%QRN{T?*WpZ@=|8 zBIxZ(#EVlRLHy%l*`{Bggy%cVC#_l&=6pt+5}ywnKH+0~dU z@O^(i>isCaC))($4xPNC>bA5brMfC1}c%^t8uC0$0W zwQL}1usqBD<4srV6%@Snc2un z1<8_F-7}J?B?D-o=o(WZ^Q=53Y+OBEj7fj+5;K}e*!+|PLzCD@;bQg;sE>dq;iehh zR*#Dj93#U)3XvRB#v-3bjo{|oZWqexxyv94LnkDs;O8U^C-PBC3QLMY1Q}A$gi){= zz+F8Q-D>45%~FNr8Nn9Qsc0BlQEwmg{)pT}Ij`J{L}nEfGGZ%>F##E%gh=&L%!}LzHFAVw8_egA>!x<~ zJep0I&qEm#py<+P+)EW8tzaGUxvq@q@fy(xg_-j5ILqqYS8OQyWITpZ3PtM^(4SP4 zM&u{_v7chQtUh3X4MmEEm~ovmCJ%qbvphDMnk$>zQp*(d0^(mG>S3~)XIObCTDf;- zLh+G{Hia?;y?(+beR8`hS1KEdxe)3zp}1KQ)u*7h?;Y-YE4h;>LD33EGY5*ICWtpB zIL#FFj>8)`S;_TS35qgK#w)^jcfxv8@HP#bA%(Vb+87`?zH4x`4 zcnoj5SLjA9_$|Bz>l0Kpl67n=A?LSF0ch7G|DEc*GkYhH$Izod)cj+G`9V&m7MdK+LK^h41z{ub+ zdRb0;U9G+yN0S>k=@q#Q^nJwGrz^AJGr7$1Z{1JFCnu-f?x)wM|NM0JQhMyj9zcn6 zJ^0E?YgLNW0&DG_o?M(>T1$SU>vgP^q9Gn}%S}PmnMWq>Q z6+E2zaiyq~FhqaQ?%gtVLVYMnZHY?by)M`~)@{L@jDTUR(DMm&E){|}-$vZp1I^?iq8)29RWq9;< z_i69*7q#RF@f$*~)MZvVmyy*(XIKR9>=sfeRzc3}J(tSCqbWI6C%@oQ7(A<${fs}q z=*M2Fw%30hI#D$N$5y<=jaqWmYH>8Ah_Q<#MC`-w9z!AWIg#XA?=3LDfj<&NB`Xim zKyc%tZ@ElGEW4AAy$`xtL#<}6HYSv332ZNAd~n8177F<_wemcYmAT5a_u;cj<*Q8L z;@>izFDE_;JK*x<{L53It1uLC9HG!z%Lz18i6MV?LJ{;h;8=wss1ifwqR1mznX4F$ zh{Yl1KT(LImx!y_n#CwVvN|x&nn54&8-yYg8c}19&KfKq-N-&cUv#S8iZif-WdME> z1#I1Mo2R|!d(~?##R8Gu0Og90UpfI9QEzl(^f=&S0{}He83p?Xg>2cc91eeY z=IwdUS}=?ST@jx^I&9lGor?)J8se0~KDmF+{4ZsGYXOK0jl~jig${`$D@a!wb41NdM9v{$D3<}_gVoLNJJuh&jm9_MfD?a} zOhmy;fUs*$zRnGzA3zCcW2T==z$_Wbm@uws2B8_*$T!vxe|2mp$N-ea0u{tNhFAcT zl4LkiNNi2A2a+g2G`&dIc|ycQdnt$0zj~mHr2XKEfj$b!jhvtWCcK6?l-Cn_LSCcs z;Z$t^$a?;LN1(O9YH|~W1O}e^hKYX$JL960cGhAy>n1mwx;^C@?KT<~Vu&TjVao*P zc)r&IH>sv&zo0IFhGkjd%fN)JBk^rA4&}kJhvPNT8!fi4-N;%;Ut zA4RFtiNb+vL>VU0|Nh_qgS?^FX^2s>@xB3PhQU1ZZvXfH{vU==N=hia(e!^KVTj5n z;}Q3KGH%0&V~YM%pld(#_N*Nc-Hvh8GAUDAoU~*Ln-177eH+8uRtSe3@T^go&XIR3 zkxKn_c<0F-DpOkC1qh z9^JpI`agodk0IlTwuY1>aZ7(}^pD{05}khRiK8`!1yW{pBJjQi2cr2HhauKN0yx~; z+pEUp;)z}inJdQZs6iECpAA$}KLLJ9WRSxMAu$ITs}te$ReU8)lL?ey1d!Y{^Q$KR zN*oRfR4bRxiBNl?_9qXV>(^<7Ywp8Gh^1UdrfEu_v%zRmNQGoJS`B~BM+j3P-^2ol z*T?{~uxHu_P0R5WGgFIp?~%|3hY_JD@FYihB{+h9Kho9jM;Z;qV8(DFBi0GPF-cjZ z#|$%=c%_=@?UtUeW9W~>%s2r;dKcUS-HIil;HhX9L&~wAgpdLp`4quS7-D1$Z+#L) zJ)1`PvS=7H-SEB;%a6V`4nKTuo`lX#<7%4bznL9mPW|AFp5YL z`KV=r!IFXcpiZbJ?rAz~ffJas;#EZ-4P-J;F(Vuey~ddyc>r-J4nb*{vvWxu2)D$C z0c0GYNQx>u`+I*z_W@&gD|leBk6o{E3|QiifG>`MTzra1mMC+eS1SV_G%hf^6177-#)6*rkq?F3S6YLN>?r!{#YsQJZ1j%s3j~A7 zaS#X{7HO2~Jq0l2Be5=dsM0w<&1H--dEzKCj=%ws1owXiQYi#jE0O^_y+-4_{8pR+ zNF|X=>6a2Aw8*N?ogfv0G@Dm_@^Gb5kX#SYGld98IpJAglJZW$T+t|P&Qmw{7%|Bh zs?5Jqkx)vLhLvIgpqH}>_EKHa4oNHtgOSD6Gk9emCpRisSj#PX%Y+!$m`^+4N)bBT0R!+^Aa-U%wcQPho%ID85;2p=YC*3)}e9@o3`9_<`6dnlS zDb{~sU3T;V(28J4Zg!sPALt7}{3sBPk~ZF7M!ZZ#UeN=biEP+BFeh7)iVk(&ri5C=Y{elk{Elez4E zf{prw3K5bhwv-!_D)uZ+ivoxdSu;C9!be2fM#2y@tvNQqj&vX!5z2Sf%LdYy-3rPv zg4b989WzZp1hvG`u%nNxo+7)!T(BCWK1ApSP}Gw6FO(dqy*vf|goA(}#mZG1xiWuy zEgpCa|0Saw2s%Y59%8Y*0cL)}m`+u#9!ZdXh{j+9nP%jI1uE|JcSFpy6-=mhFJTl+ zUK;zDwu-eeV+msI{e%4b^9jQN@*%Zf zC<@rqBobfykc|NIDUNw2nWkU_AsK&SU#a(}*N9H$nTw5-12s&+4rCgS`jd1&cEywh z?$NPOfkf|T10mq)ZPcrg(Zf0bMJ%Dn(zMh@{FMPpLdik(Sdf7m6oy`|Ke3gy`&6V~ z%ZVH@rRqsk5(G@N^`rnGG%BrnX#2LZE(#Hm=_f6P6Ck5i!4NaWDilgEup@s1P7hHe z9YUFAC@dTF22KFxe`O#b5duL%jnF5=EYa!iQ+Whay(>4ayns^_L<>l1)~rj>AmgUe z6Gz~jT2+cIcsxb{h8#%|q45nkQBN1%kfEeBN8bLC_dRHVCr`ln`^(dJmuJUsz)u&a z$FI-c{Q^#29l!hK)B{hRG|qp7A{`{YN-Ydj2s=s0^lJzi_*KltLDs%a0x~!S|GM zh?(RgUZVxhof9zG;-pNu`0%>c-mtRM$5)*0wg+HrA{EQ>oTAYHR-kDvyuK?hr?m?IL<8BF)vfGEDk60c2X9)lR9B_?8uMSkPC(8iv z5OXPx1dKYkj6BGZ2R!1&0~E?XQ4hue2SXUd2=oXAFp2`~%3e!y5 zGC9%D{{36ER9h=moXWGp>J$YCGNilK=X?o9_^kmktS!MPvVN9!N*hZaicsjG(8Y+= zmmJ`d(8FqRDe^FL`mlsT*bU?cP|(eXB>*Uj2*aGvaUJx3aDeLNa!KqX%30Z}mW*Rv z4q_>@i5lPl1p^>k$ql0?ZWTb_Avb^&ay&$!Y}fXoxssrKLU*_?kVSm)<3VWILprUpxv@$pJp*Bw|ZqS>G0}>Hy-9LmVP1VWbNwAr}i`HxjFS7485_3hA1F^5uz5w(R8ASzGELTUI(lXYa5&O zjqRP@&dye?*Y$d9o7J6lZ+(5u-SO7Cs0OQB>s!6`HB?!1*Vi_B?)rA6vhKPSw~IEr zYwjjmbC-M+A}TlyabH$yYffduscu|Ucj~o`dTp~*S>M^LZojPT)GL+cC(<+ZpE>`M zIb%P6M*x_4{?|6v*4DQ2=YMN!^XdHm5&u?J409#8s2=uXD*5uIl@)M~dJC{huD7(Z zvb3}U90#;18Db9sDCr2mA&3I#B0zfJO7T5ck|{YGB1*BRnG*p)wC-?yM2Heh#B%ke@JY9$Po~1 zJ;Wgxz!3Kk;~DlW*Hh9>qkX7ru%#7n*aKq{gAok50L{@L3IynW!qPI(jX7|o=mntb zBF4b=HWP3FLv)Df(u#!P!VoaT0gSLgo`F81$YSFS7E*l6O=B{FX?3v_`$sK6k!A;f z0TuM0A`f)OfcG)85EXJoKw{4)#1G`K!HOy=sUo=@hE=`#O^U=oq3=`VODT|&05QP( zkOOqfQRo45iy0T_xk1c0qNWM~IOK>zmxB@JeZ#b-cus7{>y)b(f);Uwe9=P`g)SBU}Du;*f}a%EW;&&_`mClY>d)&>+}U6*PLB#%O7YL?~o^ z+~dg(P~w@`-eRU9?P5+L9fKHqO8ypr#l>#68_-QWGh~5!GiIC&k`>6&2UkjeHoC(@ zHEaMw55$pAp@%^8e2*;wGb0*VUH=H7NLBzO)M8#7>Y7UcTq6`^8#Gcih1e@y1fb`s zvn%@5ec8$k@a=oj*z-gg3_t+8D3}SsQ?f1$q&`A{5tFeWkS-KNiS?m4EZNEM<=137 znq)8_q3KP`xL9G)O}d?@^aX%_fB~Z@mD>!|(|FKDR2*Ouc)&wZK*j?Ua&V61cIqH5 zhenYgVI^?UN1{J*pn^aQ*oU+$wx3Ia0J$7_CCT3nu^tx9 zfoLbGWp^wG;*vo`LKJej#^Q5b<1V&C4|u4DL*xmGJ>?+P#!n~RZ18k{EKCBidCr>{ zj*V_6xpZ7F?JOaHa+1|bB#;&29Qt6?Ck!RJD6DF$t(Pi6BvcN4N#UmqM}lm}LC_`v zb{8H~u2~%%_D%_JQ^ZinlQr%jmx^VSG|;8ULm|gdZP_Re0tJSF9wh?+K}7LTP$i0d z%s3q{S^a2Gb@1tPb}<8g;`@RwkVu`UsmrP>S_|7j+@56vsYmDl@)Bra-bb_!t~k2o zSAbA(^_7wEN~!H+r8*Gb=0XgFa8Uwhq2L|r;L1bY*uPo@S2*ku@!t`oq3S_UaH_hH zt?EG3St_C&_DNLhgFMjTkfUB4FeC@f(w~hSIawIwUS{pno$z3PfD!Qoq=%VVA}?W_fgCMb196FO-aqh9w1J!%jA`TUBm=|!A$ZfT}>Mx126oHz-@adef#)5Bz$Z(>`TRmGv~Ju~ZIcT_T(=E&$;3w9+1atm_9=-YtFUL6 z7<^A)6p0<&MSO%%2oBp4_da12`Gb@heCw_4t*+EWlmwQhutOh_8=?m zp>TYtKIiw30TWS7)Lsc7n}Um}(-c)sr6y!~c>+>MJOmgLS16&yfJBv!u8}!y1_mbq zqSlF@fM8XBn55uh{Gk|2B(4u$48c^YPflq>JOD$Eodl3vZi|42Bt(MDGSbt8ybr0T zsH~(y95)PnAS&rjPQ~10p~^2}LK+!_iYE0z=m5aS5vl`GQUrMbx!VWmR?HPkCOp%h zZYFEC(u(?sB{0D?8rK0Q5ebMtE@cIfI}#$RG5{oh5(_BS|1ivaP=u(SDFcpJ5J+8) zUFaalcy-425fb0?d+O7L#;g-j1idB+8K)43oPE~Exp1E>AXm90bWy}vSsdzsK#!Hh zog)6vG1K8N*{kEG-If*f!=B=V&4CciSAcpPkeIImtcjtQoD50*vMoqYv1bSp~|P<#8F1OX0x^|-3PP`j+2U@Jx(Qyt z^mVo`^}oRs<<;b_o}s=fcLUNb518cN{~+=&XRT~dywt&qOS!^&CoL@RWLM^Qfv>pl1YIKfy?uM zWAI!F12A||0_W%^#?+`S%*2Z7oz7YMj;?M-!=?3+Qu&FKN}+o#nRs!A6CT2>l$ei1 zrw~yg_xoxHGpquPqOg=ab7E39l`K43QjHdN{yPnIu%VE3CL@ih2~WzP){c2RRfh{Rjnt_%DalN8Ccmg>D~ZIuz{7 zM6YR|d+2t8#))zd-Ii3jF^>`C-X&ouZ%&q843cVMeh_y7x`l%%K-MQmUo?tLS|0$w zUSY9%C{zG5A2c?ZG638FqmUne?$rT=-LC6;9zwldrBbcdYHMqSm6Zac4*ns=Xy~`~ z1+0KZDryE}@Q?q)$N+sg+U|T|vc|vbQ<~=bBh+Vkgw0dvn8egkARIz{vmR%Md(G^E z6idGzy0wX`ZcVV~7A%{#61s~iYV0MYn6X%J!RA~A#K&Q2fL%%iKTN`Z0EbEwf6+Q^ zoL+o6+$#@jrAoRRlDTglAGTzL+_z+^C1Ow@0KMWFqlEBg!^Ro_NBrAu?H`_kX6yXo z@YP|nanX{cR;^O01W@P_ag$m1zB(*Y;aw_~@=#l+d(&Z3bQ2@Sk$1RvL9S8Q3?Lq4 zR?-&&dTwnIV@j)*sF-tq&^j)OP^OV1xcLx!nWBgiA(v;$&;a5cdH`)!W3#Rr1z-ih6=|!=bo|`g{Q1pd5Qofq^OD;fyFgh@+F;cORbB^W_25>9QDpZaxy58m zlGPWJE*M7uW8N1O-c1=L4O(-VB~fEy=`?S<|M9RbH4Rz~WVct0Xvx3BQRec{4;k;B zSAxDcXZmG-rH`PPOB{lOi;K39dLj}sC0t7_PzhW})>S}Vl~4VgfaT?q-REtoCxDjp zb4^{o6cdVl94@7NcSIaEeM8GvJwQSbCbU5?nlY6to3f?Gs>Eh75!R1Ojj=eY8_33o;u7D8Ot`3eRCNgYZCywL_ocsXMR z%#2BZy4fYm0D}=6GkN0&0U4>6X-%aC^%xAG!;sikqW1tZUedQRj3S34IB-aaR?}a6 zL|#lN71AN5di@Lq(Qh9=RhJ}{00Y5Eioa%mvSd=1kkKW{XW{3c3XuN%LOqYk+j5 z*m^Js80bRx8gR0zG-2Y>AQaz;NolkX6B=0{-yQY<8DK8PPACu@(0EneP02}OT+g|G zymL4KQmR{(mSGYDhLD&{7)5MV&~*8Pwh9n;jg+JozNCj@@ttD8uW*3OwJQ)7ojcl! zLA4Z2oIJ#03JUg4<{9|vzBZL}&Us7|P_ zbW^Jt!ng|lwF>@K{@1D^T(g?#TZyd#A92}kZj(eeg^})QfkpxG@6!jmMeeFTh=oJ( zSMxfMy8JEZY#yAo0i}Y3Nl98-Sl+?`4iWH_CRv`yiz`LnMxy=|i@R5Us(o^* z#37a?njz7q2M{o6@wh6^8kDz#IOeKQZ)b%_9V~xR8iCKY^7;gFw~r|3#i87Kl9Oyg z))n(}X8sBX5)$?AKhMQm9~#=&DYEUm1QSH+Kmbj`sUdW(9N_27 z2n9qh5$Lbcm>T8(!e$$CGERxOHQE+r)+ccw7(;Q#5t`gOSAOIJ$5DmAaUdNK3jWVg z>%+eleoru0Ctbh znn$UAN>w+s+G^Z7-J8)=ZjDao09=P;6dLmnLcu=f8G7)LU6JQStXC;VzDku>80$N- zYe#hLsKt|OzXSkd{d;YjEU1B(?Ga#)0S|UE)uS z^-C##_qo2lz6Ox%G3c;=KCC$*W<08GY=TCk(P-7)e*JiG+CP4ONyIbnEfO91qgT5-;Wgj*a85s*d_9f#H%_;= z;&b2MY#!4t*%&pvi}HALSQ#9>tz6bdm3JR&A9l+xUtUDSz4m{9n}xer0_4>;HmW-k z=jPh!9c)&Ek9&vJ(~H)IMD*&gc}8xIjv4Iw2OG^Da{UfhynZd% z**|(6%sIKU-o7Ct-+dE)WqtRU-n3g7NBxk$ ze0y;*+-q+R4t9@!cfMBP>E-o@^-EOshof-+_-%03-$x&4_z|A?=SQ0_+egjI_i(S< z+`8f2ciaBqb^mw^?l;*PEjKqdJFid1<=y7T-mO;+-`zFNZaaHz|1BFJdbazacX|`> zw>#zjyXMXAcyxGrc>Z$3JM=eSU%cL`MQ$r<7f+rHSpy}oVsg2CC#jgQ;SPUrN));{*Wo*aJMdb56a z^0iS5tKmKkF7~ePMte;*dO5mz)!u*8sBZ1JVQ>H4*}L<%H2zxMyxV*~9^MYWz8-b& zDx)_aw>I8?A8qiXPIv3o=@=ch*!soA`q%51oprC@Mvcqn#`tA-?*pbE{FC+l=2qMa z?|Are4Bx(cv$eanU2Pn#zwzjZZ&W|tv~G{OZ=#FK)9_{M>kYXW4R21ru3z8WZoIi{ z9#$^;o$`n4v)k9r_k;H3yN})e*Qn`lY~q(SxVzbZ930hN@At!vt)q>>*UHJMxBI@a zUVayj4mRJD_Pf`2M;oW(xOTU@7B)UcFFPCk=nZ=rRfnh5@`!!CHv6@Uc{g^i5ib$y zKi(m0AHEsHcPG2?k@pV0T7L;^>}#hJ?H*O|4d$IUFE@5ic8>ZHx{ddFt@1j$czd!H zZ|v@WeGL83_36#tN%x(1d-Cqx**^ccbLn?){Ew|-q!&6}hw!cyZ|{u!Hy_u#H*C$@ zTzk_wx%==IR!-vAHB|GDE{<;EmzS4kQ#+Y|toGiZ*LVFmI*%)H#r2T?@eppK?akJH z?dGh>4%uGy{it%=LAbpaH0jp$&Cb^8@!+I?8y#J|-)u2=t#TTZn^xD!zB#SFz1@7*cs;7VK4|y-ptZk$ ze}LfTo5SYl^;v_KHwQGvWwN^!UBh=r2Vd9jw!G?LbN%SuG5@f>g@WPNF1!e?Pb=$3 zZh7PQRSQ!>_dmSt^6JKQ<1)C}KiS-ft~WpK-g0=h_HwNvD9HK8>)W&b%j2Wt^6s$v zv5e18`-lAa=5&k^dGoa#_sd&{!}WN7d{B1ZmMh)$cY7UgZ7<^3e|NLJ9=wjb-5p-u z3qJ<*HN3kW?=|D#VsPZ0oo@}7NUdH5*wmaSJj(fp}qs@(%#5-yPyI(hUyngsL z+PU+#-dvKeXVLrMc(c|RZERkyle3qv8pkmj4o|+~cL)xT`mb+-^DVp)?lAg)!KJ5f zw>Tf{jkd0P<(;ke#vP0g`?v1b_b+b`hU+J0ho)5duX1r&82_Z}D%Zo)CG~VkEqF=! zm`3qzw5x-PN#kIy4rht-RED|4n{k-Uyt9u zfBS)6?z{;;yrXBw?{}j&n@8_|zIMM}>|JUU3iePE+GelYOmqPmeBkJJI2Xz1IHq z&e1K~@2?HUor`n-gug%D*j~FC>_&I!&C9Ph&69I~_hxrzJ6^kc`SNvtl^q4|58m}o zcD!-FgND~9qfWO^&bQwm-jpvZym>k%*DYL*5!^j#4!iEfLH}&)l{>oouv2??wElrt z;Qsm9hmD)}wacRpIvd9A^}WrD_RZ0&DhX-l?qH{TyYv3CR|{I+yNfc0)zj9|*Eqbq ziL19~yX6i)+B-NQ@7K$JXGi11ySP)iDPL6Y&KeiIKZNY{E7GQouh*o1F@}4WceUfw zjo0L0du^xx7LQx|+qLoT%agC}tG62`musihp!()`&3${>?C-4Ic3=#vr`sDhco@87 z_~g31-#y#7JukPyb=>-}c~pDfZgehNClI4|Z%;4IoBZ{9XZzrP<&Itr!HIilsH`^b zvnX2!v`Q}C-JIT>1$X*H7W~+wtLDuS(y4@YcPp5!w8@8(bd`n~ini?FPq{ z!QSQgW2OA&vUhQDgW{KbP^vyggU#FO;E22(_g=nw71lQKhnx4W&;7f@k00HS8*exJ zv{iZIukBoa9IV5;^=(pVTy}e#ooKyt>C1lHKw)6v0hmvpvTudfFiTkqer-(Iej z-$dink9+JA;dB5^R&h z!z%K6TZ4D+y6@ihD&g)R7}u&V!;kKud2!fzv&%hq+=i`?Z1rBfIoaE*ZI)Rj=pB*n z`q60nKrhOW3E{Ui#4LsZQ)@TTLauRQfuz*N@)tOf zj^0wU-40?OhmWxz)Ra4e1hx|?*kx&w9?h}uiYAwTE$e!9pS@5BZu%}zlK{jLDrdHt zV3qbwnICfz)Sp@X2vk!87Fc z30OW1F~=~F?|r3GY5AGmz!*wQ2fqp&x1ftm2>?!JcdCD?`)|K5U*pjGeYp;PUrzSe z@5`%y;P>S;oP+v2tg7+>;?RQ}iqdc3_vH`{kgD;I#`*qPbMH%|-TrdgIBBW+$%A-t zrB1ui)HSV@mB4>renm*ORqOQamse+Js{T>tOj`|FYs@F6Zjx7kgDg0wo|L?g11IwXQj{dppt+ZR+-|J?-D8{rl_f-%M~H z5+Xn-7{md`QGmcF<5!e~FR=m_e4cd4{`7g;#jYQ;)L+h{GEV08{fA*2xAF3d8MX<3 zB;#1azIQj)gRL?4D6iWvNeAcvxlE@WtPy~ybx>1kqWYV+rRruL(gV;iC+e^*zNKT{lZkLMqxl@i`Z zRLP}^ek&=80SJ^onXHAN+XvTZtU@LNradA&&_w|mNo1AqMGG-l0@kmje`}{|J1Z1& z8RVKFd9N_1nr^8~;NJpk)YNuMerrV0;hyaRpB7u;%0!jgWR+He$1Y^(GShP(*@vQZP*1|B9|T=7;{uSU=aR?9|8n|E3+*O@~eZyG98jnogOqdreqozUEKY z0+H6P%qc9`z*ivg6D;^TEo#xZ#nC839_xH|#~D-0M?I2>0hO{OQxPYB7&o4=#)wp+ zG?JEOF+}!o={WMVAIu3d1egzA1Z`aYCVwbTmd7 zVJ7#nY8+9dW5Aa^h=Z}yjd9><<8(*)U_0`Qj@z5zPwEPV5++Hpj0C7B zjjO84o@CvU4EPwrAlI#bsVVAA@A^m1rrpEhM4_BP>^{fEUSjK<*u{kh#8{*=6f!Iw ziiL3e2#Q20Y@}+$@=DT!BYKds1!Kff4#18&X-vh;qKMDbGqTiOSRFd!Tby;5IxddH zI00jV!CTDmFaGJOV=$zh8VjIzvsH?^xx75wn+bg;T+#Zzb3uGoI1|KYc?4IKUp&}D!?Q?LlP{io zXhXn{H<2!< zy*QBAsfcqrno9zI6o;GuR1^p(@x=O*NKSG~D^F4w1Ui5g7{rW=sR&8vNEaK0s(hz2 z`@woUINoctzqA{j&bza7u~7$OGw;j!XgL?h9k8cJ?Sx2j$&h(vvV#~9T2Pt^ouC#< zoxY2J<-|l8S}gIN0WQru^z6EH9C6TxGI)s!y^_84^o5~+e7uyWX0k6$kYTl5)fVd7 z5KG{L4mj-^l8%}DChh1=4_AFIVS2y`ySq(Lt$^iaAXTVe+VA$je*mYz@xZhC@8L7> zA0YU+XRQ2>+PM6W8Z1B4K9$x~G{i{S_6bPWA~Q%ZAYS6cAicm#pyijq)pD&;*>oyZ zr&7D9ZqzG(>-EaU$K@*xC!=~?UcLg)b%8ud#syY@dodfg6HzB05DW9-pXEs#lURpZHi3#%d`cNMlOZk-p>ltWIT=W&=O7q^0f|Eu6g5&BR}To#%HdK6 zxR(BWVRG+gT^0+%V9J5d(z*V?tE75SRwFOV2&&_MK)YBQqLY)Zfi3h>6i~{eTAIYZNNWNUn=@G+{m;=K^b3UQdO1_Yw7rn5`Lae!k$9S~ z`gMR<8}fcVSFZX}K?If+?f-%&ItgF6Tn0*Rd70Q%Ya0xI*Z^uJJU0aqFju`NCbNsI;TwvXcG_YVMb%=JPdYY&sXa> zKOQHC?3$Hn96Hu;%Zcv6iM*~L#F5v{1b-DY4?ys#O}w;Y)$ivtT4V7N3NX2-aA1xs zH)SQf?t=uo+0crW{+VDnY70mnk|L0Q#KHuy#}Nf+h+PxK%PcGf5uz>%IrI^Dj{H&` zY*hZ&i-j1A3cx+-A)hFtRJ#EV8)+C$o7A#&q_=1VrHrW zL9T3}Ysx;;CJcgU1ib+IGVHZ9geiJV5|W!y$*BNhc8(l%+sUqVocZYs1FjrL1>thi zKv`D`f+}xY@w1j|mF4?FPa<)DO?Hrc%Jfmae;+W49C6J#6v_BFsy&RN14zAdS=L4r z6Css740;}L4rq1z{$QoGYahYD(XqW89ox%HKMHyW2nISpXB{kW+`A8&MpK&7i>RR` zdG)+?OLHcy3rmy6kq!r?1% zyccP^uqlrQYKcj%u>mtCK9a9gEM8*S8aY}|FIp(JwV=BC;G{_m@^fv{rWS?~oXR2E zFG7n+gnDtBNr#zd2XVAW-*a;oBe7!6%^48$q2jgP;i%|!Not47Ni~zTnUxJ@sM=l3IT!a+JSou4MCxJ#4Ns3S$nd*(D+Q1n_fC((Vu6(lJ#_HQcQppIK* z!f(x)3JsX1CUhpzj{=tLY&VL9&{P?if&m&x!C|9XJHh7SSDj`X)ix#@)iyRyuzts# z#=Yvj3?wOA0%=KG6j*}OiO#*0ZK7l|^{EcFE8DeX!VU<3<0cDFKIMMFEtp(DG4$T8|;*X=Y-gg*c3tUEDXk?_!SNi8#9guRs|VEt4;9`2gpY)=E6V+bx*Y? z47n~DL~Rv+NZPzv>69OFD0oku+(o^oo3N2MO&{Y?5}Cgp&^SIej%m=tA!0I&a2L&3 zgZpTlEDaNpnO@YqS>*v9BGIiw4FZltKwc_ISz8p@+Z%^?5KC_&v4U~~^&k#niqhl# zNdo$;$%&|nRo+rj6M0%U(uYGF`hrt&5%RQQsfKlb(Wi*@N#NDNT9MvG^Y|K)4w0zO zTOTq(MrB~BF6t4QA|xYPVvZr#-Kk%}9tz+%5e)1o$_HcwNROjXhCS2WDozX09-#w! zz_M8+Wu`)4MUy9o&)6cfr>pkjAUlIX|iT=bN88_Dg6{ZyZ(w< zx3ZZFlE|snLj77vxO8U9hU*FmVA4trni>GADvRh}Ga+gdh@Bju#JVu^R6FJ6s_?zT zN+WB+=H{@S{m`MA?FGRUzP`kqDBFWZ`!J&nHq&HA-LMfdtvZ?6*Nzh=ublS_5HTTEKdu9U5#LKqqt8}(z9O~8k0;A}QE>wML00o^*N`|W8 zQszO`oC%G22BDMes3a4Z;RiKeeAu4V$~Bcr;Odlw=n4$rwX~LA?jz{Q2=2P>GI$;m zFvOI{FaU?`7aDE?B5(1Q?P;uPH9{?J+qr65>GOLLQ2wd&zyGY`2_N}x_t%h zb@XwN$C^htNc;GCu{o!lpp@bdKb->Ew8yjbtrf z)|fP6XNFOgIekr_Rl$bKmN@k743`rfsCm3cH#qbW<0fN*Il<=(^_H6u!v-aP>us?! z02mPIQYbZzlNKy3*pJ&s$;MDW^4orTV{VN2%sCCRGVuZ+5|2M!J^3xL04rd5peo|f zUl6Ix!J3+3elD2B4!2~Na_L;PkwFUjJPsCmWL@m&NN7JkZ4%7S+GP^>0~bQJoj?22 z8<#o}au=I#X*HHPlK=)t(9{Nh^+_X&PB3FB-B^*vwGpl7eEwmVp^!hfZcQBa$P4h> zZ=h;b?1`DJZVarVAa^mVRTv^FIe3?1X%cCDwx=Q6Djp1=eB?LD5k7-cBH!tx$Zk6l zWgX!?#9WFarJDJ7<`YOfFog6U5^li@v(8B>iJ6)82r>?;8(@ILn9GEJ8rbdUK&uog z(#iw##Fp73qY%jS#5@T{E~Igl)Fl{~fHEHq5%RQVH3yd>MuH*oG%}b0Hz2WbqU1P? zWx9cZVACO1*``ow>J|_zw#>OQZxdu!{~H^J?ickI{{Q^8tUxS(FWwWi{=$1=1ZkMv zk&A4JZ{M!Iefx)kEVF=reE)v+{rl$(ODb)3#-ZD%B*b^fyT>lM$Q`sP{Uy7oi%^*9 zOL?CTlY?mhS8Je8VyZWgy=CMh9hZjZJ$sc!7aqkuxkpEEtPD4JKfg;r2@odFXb@ z!bl64`Wn48EUSK}M7P=^;bF!FVi*FbhEZTt@T2n9B0|ldAu>F%{!gs`6YKw|tiPe+ zx4)_lbB5C0*KRp~ZTwJME%oO!M@g^sKPHED@%xTu-X2OETwxQWb zBReEEG&`Hp?gnIyb?jEvNJY;;4#*FC;PQZ#S4;;u^ktxCP8|ITX~~Y( zEFUr!MhmR)2lw<+n+NV;0Z699o5~3`t=*zijq-5` zoGS}&r6aOpePU zt2$wIy172vQnfnSWUXc{OU;Ajj8a#?>DfiA4leqLDV2)Kv#LWU1Y^*L)Keh~#dut~ z!=;sfSs#YJ)ErMWY?XP@3#?iNEv$o$jg8H;u7BQc7S;7>1+)}{K{iwy{PqlZnjYQ=$lz=I@9pweNl(Awvu-To-wn_N9nE=w4t*Hn|7OJTI zzRg3;Kwu^Sg@9nkrXpY-6N^Bc6f$O0%=ESB{bZB>-(!=nWTPkJ`(M-e-g=*ts#bx2 z3`hR>Vd8v8x3(y@7AHs$;LyK}Jje}#)GkXk#A4(z^-&$vHvX4gnt3x4-)vDVAig+< z1ISCDg=IweD@B?NdXjFFChLa`6G#sXZ0(EzY;hL5g@%f zxbjdp_ODjK6%Knu{C5OtDE^BmCG-J*c*qVk8pq;qMegKz@Gx7V;{Wq@Dzb2zrHX8q zwN+8|%`p?7f6-^+b3L&8>I~JO9{4z%ZT$2u{P1^SxzFzVGOVV5dVnhNb;i4J6n6vc zmXJ$JaKywGy+*Vg;4X!9T&Br}vY=%iiML9XQgzKyktOmqaXvoOPkt_5v8_OVB<>En zl`0hqguvrMWhthLCMDWMT2DV)3%$#!i7{|BykUC5%^HGPYHH=Xjt#%zv)qbRctmUeGbg20g582WND7|GMKSg{>7gHlQ4Q2&$t4DoOigH zj-{Qmz=mLX{sb8Y>PMXVbQ^{1ARlNX7p>*56V&9?9J49C{VHKiBxf|I-2%Ri_S*a; z=f*?rvj`wh9F;Y$eHm-GtNjoYC-NsR$0skxU*F5oycReI4Zz}muFPC2)4Ms&Sg1x_5%5gzf9Oyk5dgDDIbdU&9oshNM4M5f^Vwmk?TLVK8{RrFx=y@W$QK#CvEus;(d;MaRk`IFx??)9voql_>9o^X%X zgzQ^Fgeb#|qmaLUmD(hmi8C*$EUo1tKtl7fOFT5?jWk(({Z#1YIq1k7ujE-dFKiD5 zn?*u75;5w~SKCnskMJppqq+)?GJxFegRB4V)9=5JoZo*heSZ0mD`RgiZWyD!^Yr_l z0I)CG+nKOz?r{u;Fu-1_vFl;q;H=`{OAbptSxV`li)==JQzo6(YKG?wq4dyS0eQ@d z9$crsge18jHGc0zhYSu?u8O@~fP0`zxUv!S@eqYp{;9;4P>1r*e;-lIQJOe}0q8>< zGHzfKR~qwsB_+)Z*-4WJulQBz+48bZ2_UPBQjw^)g#njw|dOG^Osq4+qSILaP4XsGTp zeU@cec1I_=mkhtGp&2Nuw#_H0+Ij9{5~^CzK9a^HV#+nj>cKo^l6r)?YH!gv6i1Mu z2vQ+q$y2Bv#ru$YjgaF;BIRfMv4jMz2+;Fp>BjAU{uR{pB5fp%a>B<#DvSci37-G4 zp2QZ@!^jVlAoE(5iKSXVjrT}Tl(Uq1O9d-Gp`5(m@=sa(f)|CUYd?X3fID^h@29{@ zl;8?zcIEH8?pa_9YStEw?VAO@vhtG@Q_~ej6O2c~rI|KBfdm%FnY_mdyantUjZ#Y- zHD$Z?q?G=tPNQsi7Aw;1FZ3NPJfMn7iv+Y05Wkes#B@vq85 zAoDGgUeQS|K)`6t8sT^Z$GXn~6Wn}Abzo@)v~K0QM_@K^lGAkw=`ZJ5 z6TWPHeeC;$ah>(S9(1m73EQ;^b7&I z#Z0D4)(Na7!O&c!rL22Cuw7QgR@FS2!RYFR%KrII2x-!BnIXO^DZ*7|0!vAYbdII# ziXRdxPn1C^lc&CDsH#Fv;8f$7cs5;G0V=K7lA542U8)Yxpyw@PZ<&h=md%H1Up4A~ zW+~25nuUKrD83WZ7)aYq!HY2$s>qR0|G=R?NyVl%1kXPmv>TsaBtlEJ$Jvxk`|M06 zT%7_9$i5Uc!{NC#TANxv945R?VQyF~(hyPTBhYMLf|%m~-zh=JGI5*>TV?xdwl6PJ z0PUoG9c)x4`%@3nKiK7o1hPP{mc%H3qY$dC0J^9ThnP_FaH7+e;ZTV!mywiC_Q)s% z9;QmH()^rhn$h0KZ6m5%mP(AvS5JlCI~;msWIa}-R&(mAz$jzoPP&k7SF)I0MmFq)5ql73wON>L7B7vlY-u+VZS0Jb_fR|ResbJpMi@hX8c;bS zO&NY|g3SD)cH#FRO~nQ-xnVxgQhW-OzrV@&PfT^J<5Ao<&2e@m?w{Vc@W?${v?{Oy z7HBzBh4`Zg=EGafLMe@(HPgEJM^ReT6dtUA!`><3ZHgEQ`QOdjbz&MHm`-*Q&U}N` zi8jBkIcrDKt}%!R;~j1uNg|4WI-Eo~%L#Rr%H*s%u#L7R&e(k>ZLFA?WJ@LBmw)p~pqqlhT^>IAUM%G&)p!O@Z3rMcpy@H8f|(TJvlS(U|qAwnkHxVntN z`EH{rsC__uA9(^jGZ8|tEJE(yF|cSCy5$w#M=9RSv0^f(rISL7);Y^nEnJ}~wh;yE z36i;bfcwd8C^@Qs6T`8X60>%5mM-(Un!5nz^{Z&Q%tKqvz$qr)xv6^$vOUiwrImDP zFJjT1F`eZ6$O+M$?uwp&KPSfNN40;i!k-wb}bTa#rPUach3=da@IBqQqQRyFG}F(q<;XmJG4jlu|^+MXZG zia1&rJ2Yd|zp#%>s%3jDCl|%SsPi-!JE`%(N@_U}`Z&C;ODH_kAV32W2A*Jtd?%N> zFln7s3jOkw2K7p*CJhKyCX$>xU|J)qisQh5k%0J|Fzz9m{igVX0gQh8$Mg2t-j~zH zNvqRtG+QqwKxb@!4Odc{xRRke2FOxMXXNRWoTOC4!bV2y1np734}AaXe=)wW{b)lnk*a!#nkX=p~k{<6`Xpa?}zgL@5->_;?S~MI8Vi-J|da{Rkh$ zd$3T|w4f_tkyqecSHfvgTV-Jtv?APZ-xJS%9NNK8O%!4^D_!Vb zqtLs5&x?%p0z;%ZjG8~I+;r$9Q7|3Vb$M10&8MK3PeCuGvBI>lzE2zEX@mTcQBkM4 zN*9<~Jo!!kSNTmBa+FU_)W5J3^@3q5f4PvA^OMZj$y^@enN6me;Q@2(>?2Ohkmq#A zCgDu7>8(mdRycOb5hHPd=UQ3BGPu8(X@z5dTZ<}ZZE12T?Mf2Qos2(;@e&stuLHRvsFLOf2Vg`Lwwt6qGP!yt(PLyi!&YBeomM9?7 z7Ev-+VgTqi!c=TF`<$dc7ZND)78~1|8d`PZXAVvNy(B%mX|6K`m5ElcEnc(T9HMTZ?a8}hypyijqRjzO29;SWxvOdQJeO=?wOC#%$pw{Yr#X@e_P^qxRTXgsW#03(*2?HD zNY75VqR(a;RK5scuN8APduZ&V+$V&+A^pGolqbUPhr#_ z3z;MIAoUn{-acw}UH}xj#FGp

{J1m3H%}Q&p&lHroah)3gpmaVA1RBk%=}+8+qs zP+poo3Z(~1X6%{%l2FIzoyOHFxN3Q|jg9J#>bTY1>ol&Cr%w&N4$eCbyWb-;23^bn z!*|IIkm=;Gm$nAd`9Lx+NoT8ns%dK8Z_?q5;yS2R*0)n4Q=raFeL_v75Jc_GsL1j( zv&~DU%*eFtkl%4D3jl;bd%vA=>$xJrjx1WqR~%MLM`$d&laM7L`ZH73J%o>#lNRoN zDdFblal2;@x0yNS7SAtd2+`4WLNqsjn^Fr}Y1R_u^0XK(lW}Tt4HgbmlWSKTf1YMq z?IcJ{QHYqL24WMY8771%+!jAU}Yky?oL^|kqPlDq_DGL0-Wh@z&f4i@TGUahOfH{aX`l*AkXPKBiHN{WIR z$E2vEOfr+X)BU5pv9vq3NPjSjf7+CA;*y{Qo~P_&97Tu%7cvAKAUW!Ti;H&0*wN>E zZKPo8s-{Is5~p=Ul@Q}2p2#gy^CIZNVLN3)lc)vKtU#SN3(8?T%Px16z;)OLRGEzm zQWXSbq_eY_CpIzm9@P?w4Nw6%myNSxMsDU3hVihi%_()kVLR7w4~2vye)1n>fXp{QJ0M*dfg$tB-K z=d@cOCKveWA-SfEG#IEd<#&qwJZg&ZZh!*XVwxkF61=>xlfp8IE<^vf1&!4x+)UJbtOY#v^?Odbqig7wF<7<6!q|}(()Xd`Id{^(Xqs?l3p&9Z?tSNbM;f?q(OCC zVwfFlqzv@_l@v|se?ooI<}bFZb^%9~lG8e1EO01N{_VL6GR8%&%ruJ`a?*XiG&z@2 zH8T-%l?VCp*)J4h5>s2f;#iEyO0pR;7|q!YmkhB9u{AH#TuCP)1ig7R)e0*Ol5IHV zAy4A#B@3G-o@BryuJmz49)Rk(_s0}bx{q>7>|`p;A0T+ze}c*k;*-GK(QQA^q=p^D z;|Ro&8m#G#6Ch3Rq{s(D(0JDYjpJQKkXYkgr*XV{Pr^DM#rsp;`7j@wBp3BDokGJA z6BA`KB^_HYlPsp1UbP0cbd`v0qKTjwf<&7Iu=F;TyUxlAXeylq>8V~4oe-g^m<2o( zp-?L1NoYdoe-aN#LwHCnXpka6<1oabUjm0A<3bKsbwh+amhEI!$o9F97G`-VZ>n{H z!?4dv+Fl%!G8{2S+N*c9BEa(gC=Y9;TDea~4(5*7x2(LP7sb({dRDShwAY|)FVC(b zzv4=iDiY((y5LetpIVNBfXRwdnGt%4zCgNdODM;?fBI?b;NqfPE6F8`8A?db2#GBy z{T#puhH{Yuq+_qBzD)qk9)dik$Z)dy0x>$Cw+ery>Z#3R9OfUWUxcezS$Ra}V*aS_ z!FkLC_J^`13tS3+d!A+f9Q-{Qnj}xcS%kt)ANM#ompV*&qjx&TGF}4jQxf}qIZ2m? zQjyp^e?C+Iw56rEVPq7vXMKIbp8-_zOBwFR^-3^`nB!8n#E}e9R@U@QI%;XF@no5r z>0P@gjZtKmuW;z8`r2|u;Hp#~E)Rf*m`iaN0mn&b!EYo&Arr$hi|QC=%bW%4nlOeI z{{cQlk?vYKN*wm=0b(Xi4h9h)1IDQs$MUi@f0dF!aLp8(b|ylDAZ=1%T*%So7vupF z?3o#~2C=aCYKXL;Ksh`Taypsx;vzLoRTNIQX1Ugu3F{Z7)V20lF}T!pVIIK9SRs&5 zZt?x2mL@w*E0D20*Sq%TG<3SfNADBj2gvpxY=yqbkveViKV{$w8m(xDxQ|oM9r-Kq zf2xC#wN|>QS!kT67wlxB&b?NxG;`V1 zVNdl_)2B$bQ4~m1_GuKoV9H-n67qD{e>F{vdxih%A2R)h5*o&E#oUNE^uOqjU(ClZ z`h0%rY0OpSFIJRKxq!XQz$O<@4*b#2T6Q|895(x`8K&ZbsF&m9_!OTyidaNKhML4f z>Rg?-I_G0%0=kQ9eqH%qakWJV0hK;GY*Ab5?&(p)oUs{{^8j^GEKFijQeimR~eD=AzW7 z*c2{9W*-(7vk1gfOw1pMiJ4xc_l=8bZ`b<=#hg53j}{Trl5mRB<@`Xu`9PPJ-eX3d z{vYUY(J+>Ox44zrNqb<>${djSe-SIQ4gQ|tDlKMsPQc2EMVp=HJ;Omi#7aD7h&q0Z zJycHSNXUd@flWM}^5aF=QuD6YWDq%nv6F-$QcGZh?JNOHrMN7EDbYC8`Zg1zPJmG3 zUry@lAU@rgjl1MFDK1R(t;L|?pc2-{Y|`(d5K$?vc37G$)>bvM(T0#Ze?1%^HWfsl z43HUhI^1#^>L?F#@{8CL12WWcoh;1t6U(z90&br$6v|BouaWVh7viiy58%)^WU8oW zYL-j)#ae;X$g4bh_5hM#Jju40tdlVl5}@5dW~lOL3K2jO<6*6|F2lHy^!uF8pL29-PiIG+oyDT;<+V}8LF5(;Wo84LAJ1%lz_H1T zernXQ{OalmcA7P^6zWr}I}@~Ldg!vZDW1j+1cxSLt7H;MPqp+ge+48=A{l7>t*kz8 z&4|n+f*<)uXiT*#PvVfzs@V)6w&Om!;Z1XoFi=e8NG*`of77X~3Nb@1Q|lnRh`IE9izzi8FTP#@8M$|myIYp9(3<~a^i|3?`Z&!6ML_q*ZBeX z3TNmk3g1%{zNa8-f14m{Pf_@uHpnj%h3_f+-LDq@ZoV4*e<}9eUn}Bjf7`+m#=I|gSqYr0Ac&sIwT^Uq!NMwtOi-#pDYPGQ4by4Fve#1pg z68Swcks+${8>If_*~k#g$r~tUr{*b2$X_f<$ojl?e@{_Do}z^O^`eBVfaNqw$bv}y zkzqnsR?M+5#{N<$F+8C~QlBwHzXW%h3GU@8T;y7b8ILyn|^Q`^_e zjuH=1(_>*DI^XG@#d?xnZz-X4qOwGM(r7%>+x><$!%|cGVg3+sJvD`vtdo&Ul)RIn4z&M6{c!rERJ8uK+Xq=LmAQFC9)Ae<`pI;+E{P1T$aiOWA`uyeezpuIajA?tA@%ns#Pp0fYV9K67 zl=n4fpT0QvH*TN33;!rn_eaFyA%^dd*!{iD;17Gilfh-YRWT((iMQ6@a`Y zfBYVCuf-ju4dTU)OsBl`6Yb;oTJ7^zvvJYd1GDafjO~0cfWElqWcJULUSvRBGNUqJ zCFx7bO4<7(1zyrCD0tE#q7-{5``BgYTosJlICSMZ8XqB~f`jOw?~-R%Ia@Vfs{tAB zanbZgvGwSf#$hqG`X=`1Sln$g4vzllf6?)I9OknX8a7yKDFZC$R2$|!+y!CYIgnsm z+A{%UENhofK74uGI8RMtwbR?O{O|HCKZbd|F7DZ&(X-qeK%s*JnB(FACY>C>TsMb> zoeyU6H;?5pu$b-UqoXpz@-w?<2Z`CIK<9Z#=s@b!Z>O1ne`cXu zR-o2_cx#z{s=-aD0H2hVzqYcn@}#VMQda)`l$F1DNaIO)WAO*DDGe77om<>~&NJAQ zR`c_9Olg>VLffiTDhstKdPN(dt~483K=n8MeqLM=xG;<<5v8ZAZ@_=4cJM(ulOM2@ zpDUs+ZZLlzP!G;fKNEJTz>Ho%e^2e`6{~G0t=E<{Ia7LRnq%40FV;>DWtPCYuyy@{ zhVmAnkQS&#^`)(1{$>81q7y~+H3`v#D6#x|6g&F4TVuXe{Q}ebWMiMRv2Ulw^wX#B zIf>LYzo41n&$Y1EoU#?0E9)9CdoVLq+<$fR=*P292ET~K^`BuaKf`$ce`)VM?Y*D9 z_n!O$e!5@4FXIJpUj_7&PrzTxC*ahs@-qBDW`@b642qZ(@2H6w`BO%f=2^-mW02_> zV1&y?8)pG|%&br|5+KaW3^gUsf|{0GrUg)xPyu99Dx6MBp^&Sm9$Rub6Ox)M@;q65 z_rHIuma048xlA0t94aS&9Qvi}ZKhIrFN=K=Gh>W1a|lyrYmxEge~V`%jR1vdBfvt5 zBXXOhINen~KZO0Fd^$tB$`e8XCi6sqT&9RQhhhYmkb6ZG?%goC0{R!Azuiu6L-HNmnW({1WqOWe%@)EG6gby zCOXK_+GOUmIu&`~nWxw88F(&}LkrnPNQf^Avb>uBQ?q%HT6MG12fu-xiZ{hfFTefl zWlz{-8StiT^gF{Mc&bQ)5!DxfDyW3UFF>53 z(52&u8z8xKeYaPCoOa@&CSEp!b z2HgloaLf#%RKqtad0Ej$K%8s4M>$O5QyBHffN>alka`R}Zyz-~F8~T%BD1@RTi$AB zq0(+1b*c&#(PsN9VX9TrIuOOx44)JDLd56~l7#o#fATIfjoJPb%T)(g=beV&xLRIq zW23sGI&L-hIt|k?G|=ndywkAzJwjv9#T+nvm)r=MP7Zr%Ys1A-ZS-(pl^*~I6|D8m+lQHhZa(w$%((gVcb<17S;QMzeA6PbJ$*1~KVv<&j z>@RBNKVvoSYvex-)I)9j=fZn3@&5r6|IF;(*TR45F2BEl|I7{eN7?s39uf~R?|;1B z|3*RXr*5%;NCsd4dCGSQGOaG(uZ)COiz^)if8zT%^h*k$Kq?^qEBQmO-h5=FwSdJF zc&Houf-AsbkBI+{APvQT5v7Da06E!##_d@Aoms+`v?|WV{#WWSbG6U9aSM&{i_FCV zDzebe8{W?`rJsSx-_4SK`t9{c8`3{ECVweA`c#7rWL5<2%VgX1tbkX9f`Kv~R)j#x zf9Sb)gY1PlRqK?@RCz`Ag+t%5dv?;E^1>+}Cq6y;&rGmEA!C_? z7-Ve!G%)#EgWUPVozInv`)WjJMw9xtSr>cALid-z*rtB1->Z7o=Vc+ z2wf<{u{x+ubz=Iny>b4sPE>}!vT{Ne-T&`9f3R-dS4l3jJU%Xa8byq)K(k2J9VfsM4rW6=29FP5%#f# z6C1ps(wPE_VyHqb`pO*0-e=yx-z!YOtJOYZC;DNc02ydB^DrREcGNueV>);fPzz|WUFMJqg4#>A}0%U1`IFwQG1wH@%e_c*Tq{O~B3~}g} zENP1|nXmRgR&U?F;T}LYprlFf#W+G>S+3~v_wV&lA9M7@?IZX4%K*~r`nPW=^uB+$ zZJK7F5|WX@1BBV(q}MqUbO85+u$UsN_LPOFOlsPf^|K=Y;M2FvPXLxV<^fu+gXM4E zKoM@stA#DT1US52f37bV8z`0S!%{9D^dw-H1cVAyR;t@wv{9R^(ZeY4*m50w%6-WX z%N|%~9J-(*56c8ZV8XA-36N;2V^tDIO#fYgD*(%^PbgoW$V@E$ea}~)gb-Vjxmq+d!g`tnYKXB-wf7?~?4;R#b19pEx29?TR z_ID#w|xFx|}7Z2B(sDHR6O|#{U#Bkssdyo=X;s~Nr4~Llbk=Nkgzbh$5NB}(&1Y{&wPiY-kpA92fUTeIaEZ&;N z=Ix#Nj}YDeHvunYB=Cz6;h#i0wrB`)GoHgOIg zRSDWfe<-wqItF8%Tj$SvVw#23y|f1ZKYQ=q+_;S_j_%*{DR_0}RP4Pg+46I*t5Uzx z$jXdv{7^}nZ1$Ym>xD^J;+i5Dfb!UxSVEb>S2uVcYkxf<98F^{mVj# zLB&?QavvcJ@XXe4H8MmOi_tOUjjj0GkHke2QgGHSB*kd>Wu!>j2-$+t`pJ=D5+o}w zDK*%3ISq#Di!lHWK!8~b=lw5X65LFle~8Y+<8jKBTtdHa4Og_jgjZR-QV=e<^Kc z%<3w&5)3FxTfC!q!O)}qm7th%t-4s68kQlNwpk2U5Jf{s`4o4Cs)ncDh~voJ>02Dt zmdG>F!q7#b>jyqVvL0ri0QMHbF4wRK!zsYt;%E{WJW&BtxJOr9j#{IpQ??vo@WkZ9 z6l;<7qXwq*#5rOkFjjJaR72U?f4Xde(uOTD@(UrK#*r#TG^<&LRDhC5Rh4mI@uI4r zz$;e4fcbY8ARtDqWB_utj9q87$_dZv77(phD(lroER`J_&8E+izF^qUu}A}J6{3;W zYALXakVeAk8W0@D#}u~D%$i#F`r@8cqApE ziWR&ziF#pWJai{3Y^ZL1QXF1{4NrLh!3xMuqREf&&AxdkmE_@|4_nXht%Uo_?Mo-1 zpnk4vIaZ318`0%*VAunMe?MKvoB3gf-9I?LrCz+A@5YBtLxh@Xn9(eT))I{ql-atJ zJnpKXn@s5Ps9GVd0!@hn?Ha235@e@#7D&JHDl|7ySpp%`YAaF0$7y8HE#r|#qs4A+ z2$?>xXAdmjgaM(fMTLQh1JZ@K#;}+gs5ry{S#VGi*d;@fRAU2Tf9PCdghfLDlnCE+ zHPfG6=Amrtzo-Gn!d#;U5+(A9wYE`0P*aZ7m7DW@6-X_%%JuOolcu$v*r`SYbg6=w zT)!T2yirZeJp4ACht)9?_3L5A8&x|3CC>W4|Nd^+yS@L(c>GB!rD!BCl9+Cl41Muha-~)pf5b@iDgjDg)g65JIG-4Lx7Rg(#aWbLR;eZueDk`2z=OCKKpwNa z8cxQhO^0>nc#sFefu8dS2)pNVD)1Xwc9CN-6)y<2YHnGmQJu<iJF&C%DdjvusO~WgaHHuw(gRco6hgQJAXg^`|;J;*(ndA z3qp_L6FMjowk3}keIXE2raX<~=<4VwKrRTV$bLoJe{ypN*M(7>OHlOgq$Pr#rilhc z7DgT&&Ux|!==?j?f3YgbA?e=?GGuuG-Z|pBw&Qs`AXh4tvzRD^1S}eTJjG}}nJ$q^ zP9SmgUwj^#?Is~SaUtrNEG=Z^*I-Ufy5~e^!2pV=G6HVe8y&_kERhy7c$iFh8am;3JcUg+@DJ(2fdPR+_bJv)eoZ(H559`ujl-gP$oJf=;(`l? zXNS9nuN0~K{&lyNB3c(>h+@+!WXmsIHpCBI*5bPt=y*QinjSyqOHItB;D&tlJ_7gI zk%H?%hV6?FGM?hjTG^oeJE0_3M;fqye{(WJk5Rep%kw`#$=iQC@T8foI0{zOM~VH% z@%hEEZvSz4cD}d&*hKmI_2{q8i$A+!aq{Tq9lu5J`xzY;cM7kZzaBAJ^yshedaqHk zBgxrdS>V3bJ5jGGta&q`jSFne>@CwZx4Ntu-Dy%LNoyves`Hx@<9X;h7pLq`e}6Wb zKRx-cPNSItOZWiCPsDo!X&>BS;g>lGSWYu~^5GdO-~9t}=&XKB`=C@1=MlPKPEW6B z2IYLrj9zY0&s-H))aE3{rcay$u_s;Mjc8qFEEz%fu=TG0?FL^S{M`&-sn%n5YET_`e%Ycb%`6e?*qN5zr4j-;J5A0c|CGS>n;VsvCCG15m@>>#d-gG_z%=0#|H27K#e(K4!X1<9&i=6-F{E9+I-m#$d_MUlKEqa)8 z;A?~-AtGe0j)0}2e|2#rU1rN7S+ZgvJc=d zNy`??!x8(Pq*{ZZr?|m5fcEN&#qy?OgrRrM^cNzuxgSpYJRvlH+7DiuuShYsONT!jVBJ>*( z*ftlZLf!2uf1EJ*Hs~2LKS(=bGtJlFcqsfX=Jzm}>>>`be{;S-CxrYIi{T9M%bFP- zSDrya993ozPuL0W3-)7JAhifw8peG^-#Ichd@_M_&JLYMf;^u%Edhl-`F1EMp!4}T z@^n!0i~M(l<=3>8^59C}PP17(vCA;>L~dK(qZfnze{Twd2x7821z@rM@8tOS@>J9R zowwVUd;Q-gN)7#AqTk4panw?BjD^CD#SS??(KK$%<@9MDjG$=Xe3y09O#IxNQ$VKQ zu?#<41NSaQnf8ui;>XE8Oq}+yc!8KH9o(DB7pinMzkd|lbXqOfY~GZnh7;cH^Q0YfiBei#>{ z&MQm1ePRbzIQq$Cqt5Ed|4pv`+iRqV z^X@rFqiVzaJ$qs{>U_u&ie+DLzG|&cR~xy*BDjlvtYv`8zEWoHwW9Bon~vqb)c5Sg ze<#2er?TLk27A?<0&&AHR~NY<*}VzVu6DU@R_I#!oXG$hLfe*IU^orlPb0%Yn&jkJ z=8%z&xcYtyB8*<&a`lqB5-So_Wqy=kD2`mzERmnwtxlf70gq@Q^pjtpVGlA3D-BNQ}%p+WM!^I&`En zn2M*wEf4jByG#{)WgI+UgWO{5()=pnp%!cl;N?-wLq04xwH2~zoGy+!%vu?vGInjM zT#I2F=B*I+VobXnR2kdm*E-3Uwi@;=B#l)`S_0g1!j`^JL@Ra}fkjcTn$+h|*dZY3+RI!Nn609B|dND-O&8NU6^dC$C&D0Gd;q~By55_FzsG4yDC(Na=HX6uC>xS1A`*KRb# znUQts{Qf&L0}wBNOQyThf3=|Wl?=F!RAd-8el+CW-TkM5qCy_WFikV{#zYamTbR7v7uw7ilr@}#3JM3a6le-=A~+M* z6J!&3cvy%~5>7}8oW_%QbDgv?ii#e=C)Kh@%ci(jRYhbwuqW?Ze}^_DuB^H%p-|S@ zn^n4o?kd4k2294zK2Rq9nB-VVtpcyUcj9>zP%JGm6&l<&HT{uLz?NA~0hgymT7Xit zjfRB8q4Qp|g$vMR;)hAyI?!3njB3CG9+tx}N_HW)%381nr{IlS0gGbLf+CDT!#SA5 z&cQ)(EEYM4P=%;1e}~R*jvvMsXNOMva3wpX;F+u1Fgc?$ZkooOF}c<)rK~T`RMr$@ag3?Q0iJS@vatVzB=a=fTw(02SN+9JkwNZQcIo^kg6Zc_XEU{g1c{ zqi5(C;0cUn54lp$py&A`6n;M@*B}r9W?k>nT|yQ_5k?XA znIR8UDP(sBbd_a+EU0-NH=5OpJKqbf#fw@U8M)B)=Z`YC>& z0Nsda(-v>ra?$MQrLC!CO6uhAV2uqPVGP>E_o&-m;QLZo^86o6CKygY44W7QkhI>w zY{_k)g#Vu&f1m37|Kj}QY|sBUQFKihlVCf^5@2CFxhq$~pROGI2;3H!$5Vv;UwOQd z=f88`yY{N)hgGfzsrzkjO#8Bt zVvzrMe~>R}Z8kGC;gJaYO+~}Xl405T|MW!j|2a9mJUiLTf14uWe=N9h{B<0@OgMsrH%Ps zb=#lRH&vG4|Brs?`QfB|8z|%dx%_`8=cmV~d;Y(P^2g=>ANcb8<81?!J;Nu8PQrK# zhUT5)wDOgpoCZjnq(qR&K_R1QMcF*ZoTI%xuB*c0ht#Aqd ze?Pf6J=5j?pN%_ZS0=t;6d(L*f)&l_MggYgv3^_)_U6n|bG*Qa_w z94AU&ve11<#3rnOx#T*iPPPt|xEMq*f2RaY$BX|o+sM=$!OT)xvGz>NWfUZHb0&U} z2)cAcc_^A{W5Gfh$&)YpP8PHia$A4EOjfIQ)aWM78p1O)g;N#btYe*ghoyQDD$JBe zQ~*hv-AU21B8+0>qTtFIcLySV*{?gssz=9=}D&tyrHEyFaY$e|o9Q|0D0Qwnb1G|GzlX?|)9(=j}cJ-$b#W|L9Cx z&VKxJ&-ncSdDlL{bC!_l!`z#|cm-;=T|5R>-&u+eg>-P2J_r^8&z)S1XFAKlXr*VJ zGE8US^>fJLYqR7*42=4W&%f#JY37F=wU(t1sh*_0J~o_C$ZqVZo7y;QfAjzJ_>JdP zO#sUH|K({;{y)38*z^BQlxjMK++9t+3fAwNq{2o$DQTQ!wH^rJYkJ%C%o+*VI5)+CS~v zwP7QiNG64RS&Jkl%v6FKe|OZHkO;aGwY;r)PWle>6x z{Y!m5M$a&`DQdM2i$G8`YHvTw@I7TCD$*k8L~LCRziazu+0BSHfJ} zQ0T6N|DT?pw{!gee|#VRVIxJ-{~weDm9Z)D8^)APHLecCnz|KhYOy@L>4fmrEMylV$`50RUqFxnNuJ18 z@P?^#oCw6zE9WRPPg@WL4B1-u!-+JR(!(nyL6Kp6|6YLPe**aM$3qiVxmTOUO=K8L zLGa(DQ?)=(aX`9hXG?lUsd;ECKnp|2ll9!M<(Wj;A zw$9Ff!t2dMe;i3-JKH3XH1;#2;lG^m{q_BoGvtZHpAdE)F$B+kIHB7&OIiqsGxbS~ z@EcFx>$q%2okz&;7@^0y<*9x@@tQZZ;+1pGI6d2w?iRXg*b%cnCtXMa5$VICCAY+B zai`FICiB^mJM)@6Mzk^jJj}TBzBLxGTOR;{0}xN0e@4R2MX2iZX9}t5&KM)7r#R;~ zhfKlA`30HJ94!~5|KuD9?|wDc0~?Mff6^1K{&GrIV^)Y>{zNG9OGrva1MSPxT!~Oc zR$7GJMaU~-b9xo6zY?BSnXeU)q&y0gFJa3}=s?D(s{s&oo7U%bQ+&-{?FhL0GyZ~(E7yb*L!=t(nE zSk1O+SA?CzHh*`r%ykQ6>?n+ZA3`i0^8l6)f6-0nXio4^fLst9J^Eqs$wX?_OkxQ% zBZTAc%_EWaKR`Gp$-&pK>lK`mB}_P1(c^773PZ02Nx%3|36sZw*OaQME3euXQ2de5 ziD9z&oD48>At4CoaO3ZrQCdMqsrv3zhzE)w&*Nc7C9Sf4Y(NwZA$bd3{we90fGBEW zfA)TT{eJ@3E5l(5u(w`B2n?P+K@g1n8AS6qw>n_()SN;PG-F<&NjTS86FOPCCV^0n z$#J}-)TrynEI^YVc-9~divUe{I-#}ndBc(k<-24_hF0Gre2p>a;0ak;#&QzbN4`jQjU@599uA@BZ^R-`NkTf4_cK z`0?@|RJ2|rX4fygb_H0s^_@bIbEx!FDLO%G%(dLUaj@0Rzl!A+-sH}3tse*<5(yn96f z@R^!%owSeW$1r{v-|WETo3kCSn)*R+IO>na55wN*{`0WgV_(Af(=L$D9Sqs}kEg8& zV#0k07p9+yD7_tIbs&oPwfYK}-LQAvA8lLM&JtrUNKu-)l0iOE9l%$1TOABp75M6t*bgWC zqD|LvsN^^2gtnZ)MF(Nf8IAsNKfL~?2O$E4d_mY-n0a3Je&~F@8SfzL6hpaoDe-=M zGkEA+UsIm6C8|*zL@nTXENbH_$fFqU$79(taCs-%^NIc`8&pdPlx59~5{6 zlwWF_VrM(d#2$Ele+UT~VDt!O%BFD~eT1<(VZz*>i_gERue3O|N%2EJ_CatB1MpU2 zrJy3yGPKl4s$%+}0gcR-546O}g<(Z_vGtbGambwI%^6QIBvTZ46+!CFRG?4559S!w z1*$ibfol1>@+;c}T{J0N^tNv+U9TgX8Bl>C(BdDRh+BQ_e`C6a(F`6*k+^7iLBV_m zZ_zx|ZLMsS$SqcK?b&pg^YegzXdsG?I0rqFjPcbYyTU+~Yi-3kLQH@twNf;4A~kq=qW!(qH;a_+PZJ;- zuGpWg#KJ8^e_rZhV>fP7YNc@Hr)x98i%}r%6bg(Zm*9?J~&4wUWt|gQG8(&H}rsO|4A&TW@+~_R73WSAl zejykw>7^d(+S9*J?1bM}FcfZ|lv)-TCt7*H`8KIyf5TB_UFI@b-zGr*tRRcTysH1K0MQzo`4?)L-Ia&c^s3G;8HCeQHA(nNhDnz+Ey ziSoj3r#VF=7P%-?i)QiACNde@)nXc6m~)s+A1%eHypTwyMdqF}3!w`BUlsiS2#k+h zh-3eWe?F)k{1~{eYZRbHRMc=JccS(k3xA%l9*S)>}4%DeJ+~KP*?|ohi1SJ z)lu?7BKem$mw;rl?k`%5X}F3{h-A{B+3>bFe?mnOqH``13u48uD?=v>cY$FDzkGmC z2n$HkgVK(CLgo;sI>0*p@}?~oNjn**2@kzkI)q6C#%i-IdZJBqs5x`naxfwHD=La1 zRsbZz{tJlVk5E|sX1{Aj8Zm?;sJj1WF?efl|7HIFXJ@(muP5#O{=b=0y#HH5F{yz9 zf3DM|vE(+Nt+6V*yruTm_xQYy=ufo8+cjk*#vq21x5gstVI&$?SPWTJHe5-!5~tMl zYI#0s34WmUDLESGdLVPnE}DmN0^bznK83N+$ms4{ER)$9`>${`k)Q z%QKDDJNf4)VIz+ITDN;=|DsN}fcpm=#s^DN;!8(OQ zj4*nHb>Xo_CTL&a;}oIiy6{9Z9by@OVczGFVdw>E?9KOjj0WS!SEEA@zYXW1f2l(c zzcukZTxE|&H+IMB%I+AWQY_bh&ZXV4xwWsncZ++wQ(%yCQmJdrH@lv9wh76e!A*Nv zBr`^xT6k*kttNnu^W?+8Gg|+Ncib)|IY4A~n??lk_KKt4ST*uSp9^jGx-@DXXD7l^U%<(+P}e=s!Hy$_#1 zZg3<#_&A^J0^w#4{q+)G;EKPU5y-pmuYUl{e)`*3`on)d3_ovjBlPeao^NpD``8~p z+}>Y*zUhqw54_$y)0_Bli_9Nq$eRZ{!Sa&bV0izLxzPU9dl>!muDeNTG1(6=nlSI# z7uX_ip}R}s;$80_Z2kPuf4}K5`T9fuZj&2@7@`n?K})Re_B+Q^$rAaXDy6S z+;TxH0`YVghNE+HbN`RtH5-<}@cyU%b#J({-wX%>^aXlsAR~-kd=DC;uoVnUB^`G! z@A+)>eXguhHY$`g4``>*3)(64gkI>r$>tF)Bf_qhR)mJ}nyLyC;y!9cXjpEy?1&WK zUkCmR%$$r3VbC2%f2pEQc zY9Ll{rECdyK!`3J^1YCdY4bTmU&7`Tk(g8imOq+uU~xd2F2q&AOrpsVUk*lSlW5X> zhHo{1-I{UtB1Yse+((VrUet&Z>+^L)j;OVdt|~-O*=Cq(CDc(?b^@)n ztd3|FY>-tzr|nEY4f|vjm`Sq&klKD}h^irxrtEHoRZDlyd=QSBVK@pkS-DUgPH{L6 zrywMUQyiAVDG1Hs6o%(;>>)aeK8+2B%gFbhnMxace`Np2rKwtoQ??2_OvY4r z(d2SL7CZbKyp;VX2jQx{N!H1_hzdM!fYA)bQ#dD*lVgF`wWQRm1cWJ|#mknDj-nE^ zwvN5{e}8~*tb0tVfQgGi1h1S1-Dw;7aVzxJtUr>g@G?(45#zV0&{0aqgVt9TL&4{+ zw{?R#i6QO}oCEkvtqvRAq-jGOVN+Ojkk1gvyJ@F)M~RG911@bV`}F1SJ(gK|0%#2I z1jYj`B(Cbay%9(4GmC6fb^i}}I5c5{TTcoof7$=r7pIqc{Ev(Cef*D&l=}OBq5$)$?z5VxO`)>?S(3 zI*;}+Tj7MVETaRIG6!RLG-%eVC<&gJtZU)&dVdh(^E#Na@UlY~l7z5B`|+YX0A3cDuucZ? zXn5FC<-Y(;N%x*)?wZpqo4wV6ieB#0C;a7a#l<=Ck5k%%ZLChl;p!(@MFUt^IpLLF z!WML+1x?Mdb+D!T{VsJh89S7_L->B7J^m*-o|i#OL@}Px=ANiKI&V$5e4G(+8}-o{ z>rY0=uXk>#P3nE&b5QrPvo9KEAaE_3Xk^oS0WJfy{XzF&|I;&oW0L*^zG~OIH4=XR zG7Ap%EGuvaH)6Mi#+V1E0H2(X9WW*){UsECq=A(c^;+5F{72Wbbm76c*|)0U{12eQ zY2%y$IN9Dfa|XcfA%cG*Z8avy!g@#-WY$JFuOeG#yZWoe9<-2+IWO#B`JmjfGpZa0 zIK`kXux+0ZI1oU0A|3A_?;0K*_@=phTzcz7=kL*er9jBf1v*wge(eLt$Htr=z)Q$~ zwEDz$Q1M4s4`!Bew`7kzYZTTMmr`cbBnLW!SFTi{m;v1fG*V&IycLg;HY#Gd(8b4_ z;qp@nRhxm@E}hNl<8gb*qCwD%4!Hgns6GTLuqZe~0gsi{WxzU5B@xVz+{~Iq!g9NQ zA#_V=?)=ibYhUUJheBSI5nCv&_MZ&ML@@eOZ|SvV8YHaGFr{m!Od}#uIqdaoX9jHH zxo@As#eAYg0{z@HlsY^08M`r6#MDb{(3geW}hV>I)tfwL9v7^u;fdGJ}0F zx+`?+xsRrEQF3TFd%jcz?oN9z^?V}wLU?*N#?^Qcaj-i;?&iC|G5r>CdTGyqWC6WzS zMYIiS31BSAhfsPuQus>X3zSbtaP|z8k5agU0>tz(nV|K@O}Q%EwP8KB9n=-4WvS(9 zIbYn`8Lai2>D`edpRYJUGm>53AozIZ*>b-t-+PQ*Bb@!{LG}X7wItGJBz(%mt3Aw? z=NDACl4jWmK+A`d>q4FvOPn$mMzd<;k;Wfrg?VL54t90>i4vBr=n5eqTb2B*K8*t@MUSvEbOT}{E9IT9;+x{sVtLgVMJ zSodtjV+@Q2r+dlw!=E}yjuQDSEB^-f;*N+PZI3%nHs|K^g1;{DN?+~p^R|G|dwW|~1OD(&!Qn{~w-a#G|G>fmm?;9M# zZ$Tjeq0t8b$UHj(J}NP;jHZh*7(yrC*m-uiyPpr;>W*AhUP3w%G5p1L?Di`Q^K<<9$8#@-rurwVISJA!SnM zTl6jX7X!9q`3X4|WAPb_%iHpz(}r(<4~wZiPHWl&%zDL_07knsTS@9lSIef$zx({^ zHq-M7e2v%r-0@1^@fY+u8O{D!=z%$8BSZmc@+2%XT_c|nt2^=bpZaZu`N0EE^dUvU zqV8^TSFpZ=%^oO+nT_*bgpCYO2(#Pup4jv_+d^ zbhgD`KeAY(o$Sf+`DFn?UX#p5Xm28IZy{`Qf*d=ggvRkS8G=hk;q7&>_e!v&72u>g zzk&!e7<#2vK}&MblcSdcWKd4$L-`HZsykGbRFqkhBdTD_nU*{dHObLst6V1>DiRK6 z+Gj~7eQ2%y845C7)_i>HAu_om|CT7`_*cAW)pxYtuTnYfVcYnzSyK_`MPGoXVhW4}xsIG7}vRZkWEm5i`<;5{et zC21{MnefFwb3ewWu!}$%=r)%O;eHd|*D2{H7de}0UGaMaoXzX4lZVT{>wwLxW+ydm z&!BjiDM-CIR0?h8&b;@aJ@Mz{WLSN||G8q3|MaKaMQo_T9!*Db`~yosIA5_dtq$@b zaWhf*5O`$nH3QqdGR`c24Y57h8jkyqv$Ozw@E~n3CNO(CSL&;>q7u?jC8SK9Pv%Au^n4C{MNaP3m4NBd#3ag|D~d4NJr8MsQ=*rbi5Th8E$*t z6A$yt1mf7A$3KT``Y+9;J#)#Ux8zW>XA)Ty2bI2PUg8L>OV#C(TTm5wZxWf1<`G83 zkYp<VPJl7}ue+S=Q$&ZW#^eF`Csp~*W`F<0OM1NT zbh_tQ4-b6)MahQp97n>Wa;=5nw!F6cUfKjo-hpICc~+qW1-yJ>hCw%<=5eqi#z+~X z@<6XonpT%}8GnOmzBO^)g%8RTIw^}TJNyonqYizI=<2qtSmhad(3Lqf5nk!b4m_M~ zD>Z<8=9$MGU}U_QkgdCbmFQ*MlYY#IghEs=yFN)Y^NHiDckS3Q%w4UDIVtjo2@4wJ zsm{qF25iSgo)Yb=S}7(v=oXb@Qy>_SJ;& zSvW-grqJ6MXvrz#YCgzQ4%=XHBo`ewcS<9`ybnqmZ@Rha05>_%y9qmZ1f~2S`mfzj zoBCXm^#bqwtH>|pn~3Gqi6_;_H#Q@nf|m5nQC z?F2%fj<+NKlEq>qd41QkvlE+uZ5=IuUo_%G)Q9T(|FPXbzcypee-iRCITeHt%IN6) zd!}D}57s+Bj}JavtU?{B#hSr{liOHL@+r;n)QjI094|iYm}-U(29Z3GUZpsl=4 z-A1mbYe>8qq2b>i6Fj5?&d&;Kw6$Aj&&R7#30cQ5RN_jt=DzN7(Y#PU`T1dS((1|a zaaWoi>}M6}iNf-+Y)&SrR01pFzNLei=@}1WZLV@h#9Y!5OOHmyek4Hv>;Ui}NT^Y%ZL)_@G_mxQ^;!LkrQB)6Y1a$(Ybyur0; zW&;d=^i8+`Z$oWBM+dL^D6lmq=L!hD(Qfi-rh%wdKE+SkhV@^~w%U-fU`#c1uP~h7 z2ylSZcnqNWCd<19VL~Lk*ATEYy#riZ25j;OkHPS*4*Os0|0)fH@}-el4#p?ESA=DM2WGnt3$xP2LbTnJ4> z4$ig|#E}eY1U>#d%5f*0_mzzga;+=ZzU>c4XTp2vc$Ev+Hfqo)iJWBwU2Fd&IDG?q zs9ZfipZ$AP*zP_P1-w%H!mj6&&iwjE@H}g0I^sSSVwqK>voV7XhehJh@?<$<)i-b8 ziLE@2Ka#Ne8)B2g((!z_g8DFRW)E`5-+K;y=QF%Go8rQvIfpN?gaL%|t3=_YWij7% z+AFJ5Rv6_VBjTCwWSED)2photB{W>M5|5JLo?_J6WixkHHbvIA&iSG@5;&;;HqL$y zG@{;Cy;r%>Dq=G^lS9+wx0h`W_>4xR771;O&R=? z)5jxa4nZvVpHB+2NjnIly=gfS9Jr>TH{6G{cw06)sHp8ZPxMswwCC`CO5;=AbxzV* zeEmLBWaX{P>Sq3OwJ3_@TYR zd>SDBOzD2BGf(1}5rIHxf^h}6b@PO!sgsvnB2K6veC z;;LdRreCUaa<^8oZ6L>E^v_V_OiPS>vir@JL>OI=c?*Zs{-pM^eJ-n#yRCeRqZ7xx z^&yFT6h#m<8qGgfLWna12&=^(-9_(PaFyZ^`2=0%)jc4=!2BsC!>Po!d5*w|vW|w{ z-VpW0_dO15@X`>F35HKushrErCF$$VkY@AR8&>DbG*silBbkV(5BJWZW5S5R_T;3pKxP| zvpFc*?L@S^IEZx7|DH3oz>v6-7S@+VlSwJ+WsDPa}GV2nIB$z@C?Hy#6SGPS%uT-&5g33Q2acK$@R!zgzeTEq4P^S(6v~mbN?9H7|su zILlr1i>5re@d97d&d}MtnHs}Lzr%|v-gz}M5hX`jGG6yWgUk5%_qOr(^Xo5sUfPn2 z6ea42B(L=WUGusgd$uoRBq(wT&w0ORq(2WU%)94BD#F<_s|5t*=+N_hHN}_@HwZ-F zbSD-gM5qWC!Tz=$EOvhBN`%cFNSHhF*Gwp}gfzd{M zrVjkTH_RO*5va;V!Oa%accDb5-dqAYKfH5vItIAW0PFPDxRN8fA$F zy18)FTBl&_m|nbd$fE8nQ@OB+$y>@BrX-XYs)FD3wqjPPoNaL_0^Qt}9M9?B`=+M} zwdpIQcURF8KCRd0MI{=E=tO?Kg39q>ci`qkWgPl-6YP&h!MKOCc8#or2MA;^#-ea_k{jb_KiSpXj`lT7Y1qjhVOS3LDYRuJx%S<_>Ffs)}8 z>?Hxk=(j+#Jr795)>RwSmcs-K%tU>Y;W7>t%I;)Ffd78_ASZD-3KYIw;xr+qi{-~u z^f@@25fieXQ22YrvFA0&C1gJ`zA^EAyJgqap9Ayar`Wb@opM=?QKMBkz@FlK`lkXf zJbL1{Zg~SIdD~oWjQrAH@`p~v0C3(F0;~B0L8T5DkJ-NP1bd^G#()(wH6TVM8YBKI z166pqqDCm5dfRTh8IClSRZR;EiaYhXfZu^GXXyI~CVkU>|{uEuy8_>SKo_B+SSxEUllMG(> z|H)*jnYIGcRnm!g4My-<^6x+5&OS@PX@>iJ0O}UTZPDwH(L2%uoX#5Es| z6u99F4@lz{ef*xztcvf%YP>RuVe-o7U<3c_W>oO|9)}8iao8sM_`hEZh8$>Le=|TC zudF{Bg{`qY((^c#(JH;{*p8~xxxPbv0OcJXfN=%pyG!sr>a)dacx`%YQwuJun5@sg zh;6?!<)mW<->44s0?|lx;NUe3v@-Dox?u(<3Zrc#d5wp;_TdnXg=Izf)}Tzav`=~U z*UKrML8=Y>x?R8h(a(Fz--twK9?qbTfBE`xEd|}P5tH`*gU!-#pYCnQC42<5%0>^R zb)g*t@9bduPSebdP+|YC{(n;JKVJ5xJhLO)+Mw-X`{YHH3hRRxV!by&^Po$Ya1Sa? zuEECow=%bRgJ9vFCv4&#y4`A)Ni$RrXr2$@ZL(I*f5-hR4IbJYP(f@4aK+5$6MhL= z?c^8lL4wCKO;A?C?_VVm=5)8+w|~gGBfg}h(|DO6(o0O;(4xFA824~Yht~6Z0O1wZ zZTEuvnsh8#gCHEjD+(Zk_qD)LDSaOGvL{h6|JWgJTAF@z6Shn7x(<5PS2__gZXF>) zhI`BGki>T)FK7!VnR5FuEr$SyH-Yi#m_vp&4?dT)0+bHq((DadHTfzdi03qXH?q}R zY_g}9am|P)?#8)BR=K+$SbrvVdT{aJ<;_~j{r+mMT-wTpA6*NaLQulbj7rASvfe<% zr`}8Io;tqAb#6{iL%9rFhzvx*7H1ew{7UZfX1TZsyOb3I_iaoUTNS&#~5d&7(Rm5jF9ZyA{zk#15P2;`~W}QkFVT z23yLiXVH9#&InrvpsKF@{(_F~gxj1LC1;bdl?Hy#LxX0F_gd8Yei3n$3Vul0xAtUb zI!QK>csa;H#)m?0#UK%K|L7gYpf>+kaRIT>c_yTmT^GUs16l1|T=YLLuRibDleN-w z`j{JdF->@%3Sj6CSqEt)u^Z20c=Z)II+snVI3fbCPszpGHWcO%Uoqqs(%A`7GliSz z#orrz9=Z%=s25M-$?m0cdd=HCHY#^kAk^&Lc(8WsYOwo#l)~3f!L+P1^MN6y6Z(Cn z#S;enV0h+E-WH*IVRu&|@kfaVK z`6~@*J;Ycmiw360Ov*A zD}G1=n+Z>oxSQ`f%54gtitZ+!+$YG{*-W1DCWW+_?FuWA^r^{N=xWeC=bvK?$h4`4 zuHvpnauA))Y+uDU*g9I!;W4L(#s6Y~!BD{erJ*L`{2mMpL^2t!!tGgRQ0$!YWnhtD zIQ?X(AYt`~^I6&|a`{GV1)ryK*pi*7Y^JGA!ZuC#6J zGG=MJz1>|XImTUPKgOL9zgHvZs)7aJl^_nIYxIW$g zt%Cbx!Gcg8V++VZ8pU>_IJQRvZe&}ZJ)GnXSW^DH?V-3w41i(QG?}J5g4*Od&?hI` zcBW4`9MiaL$Eg`nWd^5bKKpTSlWocLLpo~!-l@pFTqfrU1 zN94O^k?<95n!zky^ z+$ax`K{`Majv}P61DaXrj_H*-j8{b4Dj7!pScTzlN$A^vjYf!6l9-(>u7y`ZglB48 zUz9DjayExhSg*Jd!{fL|^k3*~mg2BXCF#G=Szu8^tf3JyKQNh4dHA3nqdAE%;mh2H z!0A?^fj~4cTMGaB`vn!NaW>29T_nmr;3yI*cUu(e*-mi<$q`Y^euxGU|8jGGMfaZy z9=_AFkTf0}gsLj|m+uO9&{d*w?y1`H!q_I^efnLqC?B_N@u@gdx{i;Ug@b4MaDsoX zwj-?;%B+8T4tKH-3o~Oj(s`uz`+PM&FkLfBxAjmZA4_aExq_8#BhH#6gq2q>{V9Oq65%`qWNUCOK*J)1ZkH)1G$t3OK-%iLZ_}tzVJXNg3 znx9K`WZpkf(Ogem*!eL+)lhE=Oq@CQBSarKF zPcSI8b&;8ASUHy<6NGM;OKW~oQ3O;Zv#hKlkn&-4*$>|sz zd~r9-v~ErlJ2aZbQ{t~Z07N5BETpXTlF%Ac1hu4PuSKXx*+vD-XnU<+aV`ED%2$G9 znj_+mL$!&(lkH=OY$VJQY2{zu1D7PL9NA=iao-tyRomI$`O@?HF|ZP3K>db^9zBo6 zmGy4Pr|gpz5ZK9U#o7lO9MV!`lZ;p=_nJP*${QA!=VZeK@k$z?Jd%G+$$65jbj2uzU_68hx+%$+U-uE*gWOBxTMh@rZh^(Ezj)>EPh+KDzt7wStVaNTA%Rs zgt#wscuz(--K|r#xg0Oqya!rhkci&M9V&Ue(xZ5ZL)WIV1@ARV`}w!LrR%wSLSXZx z7mmuVj|$~ImV8$@kV)qhtIwtU&g=PGFmY)uNbBQ+HUww#1n$@~gJAE0&%apE8R+4Y z5u0Z-e0nx|tmi{;=T63TIA{*xmSU~5h0ZE%6ZY{AmQ*_x0N~)~Mrj2HrMGgwF#ebR zNS7Wo%S%u}LFRyBv1kkO4&`Ukcj`c3Z225OZSq^#T_l0wKUES7E?;G4Nv%pSCYQ{Q@hzTY)v0 zVm_jyE&FMHU$eS7j8|o1F1K=Ra1^i0pyAC9G0H{ixuZ~;fh6KLPwB}0RQbSG$m^ON zA9pUu4-MwTs2b7r-IyF(R#bnHo^~}^^$sSgu<3WjP77Cr{vikQbkT}}Y9}A}r&x<+ zlZ*#5Xb48MtB&}b%Q!-zTtAwO&459%U+}-Ii05fA$D==3^Z6w`6!7_kXBm)sk4dP} zAgV0E(n0o-kKk?ZqPaW>cvQiDu;TF=QM%LcVrIplRR=l6*%GbWSh=InNE=E7xP1t% zej!A)55(kD8hAWO=Jl*BjVPn1S ze7;mWo%640nPlZ}@mMU>9X~UOvi%(>w%B1>8M1kj(JO_i$HF20&JBL-Fp|N(XbsG$ zy?fB-R!WQqZ^naE|nzHRAN zZ7GB~n`@0+^fLbqn3+8hg{8*@3blRTdjJ>z&66?5NElkWn0^vM=ikU<)yyUctTJi^ z;Ws&Zu3>c04i!4qFt*+Glnvq5?7sTV&PUe<^QtQ7Z#L;lo9zPt3&Z#u;|1!*+*IoM{MzbLSFvMZ6KlubOZ!Mw`o(tp(JVmKYwAXkLBzH}i>Pb6RSa z9`={~2)XPg+$5mLr<2WyFQCEmyPG-pK+E!_)IRc|Gh>P;D`#4XL?ZvkNPM`nm~Q;X zNW9(aU@(a)TT~|5<{zGxKvPa{m<5KI|GxDc75Ss-JZ#xowdU(OAb$2J*ZToPnZ)p- z94-cAPCAweU_}&*4^SvT-Mh|0RT}W4?NWlIiHCCRYcFj&5CKEiHH71aei}6i;2=h! zEX-X&ur@LKqIKzD)hBO*^f(lWKkCPl&gY1x>uow8u1K6j%CjX-E-Su|`QV%Rl@dLd()bgQx#v$V zEZ_z1EdFQ*GaK%nV74ky04glRa2^e=R-7Hx$~(RkVa;X~X1_l$jZA106mTXPp~&cb zA_(a)5DFUedu2EyHko=F^gf%i=?yu)A=Jt;1$D&ob^T~ch_13qtzsUfbzZb> zP`X@7TIu`3Zn2uTs3o=66X^HZyr_DTd7?&+@W_{1bXv+qKM!yKDor}=)o%yIU*9af z@7d-5SwSHUX=aD3cumxe>GJ@WiHVPy_bQ+CK5&FmJ^)wsAd1^ujy0vwe>pI1D?}R#Sl! zxcBo>#vKlJMFEnD% z{CM|c-xYX1P5(BO6W!+FcdzJi+y&Ri`pn~J|LBTn~E@2T& zPutn*NITx@u*!q5-GLrZaX#jkj4*>uM)W3B9~iO^IZh91Pgd#!+c+Q3H{Y!H!UU!~ z@01QuU^Nr`s3coe=xAT~YkJdE=C@?1Wl^0oo=tDboUKmq(`?FKWDjAF-Q}Ey@gIpC z`z|Xp)%(A>_w)zN*H(5Pf20f?<=+^id{gLk73FuFL}ut3PRL;Ox;WUo9HeFYW6KR4 z0n}}sdMT0)%NF&DrfS10l?JQvB_+u}F*RZQgp~{ZHDk{tHIaHqc-CLwY_*LTeZM(l z6atgmvf6?OGmFm&)*izQ=fWUyQSgV40YFo>bYr5j9ZSr6R?;e&LjSZMO)1GICAX$^ zyXpVe+lh%gmcp2yqOUR$soVXmE4DW%-6?3~jp%DZj@YjMl}hKOh;aR_22j(L-)*asG881>Ok~MP56d# z+yQA?q=P8<47vla$fClV(kZ#Z#R$xw9Tg^z33Yhly?BP-i%KeJk4}YpKY4D&ff(q z+~=J5s2R^(Pl(_$8sHICZ}MeE1peP-gUbaxg#RVvw3MHrffVvyG^_W zmYBH+vp>OTZcPiDQz59GQ0qxVgN(fId!|TDCiw{%PhYq?dW)h2EN=K;qk9H;Ufd

fJ$4J!(zVGQ9Q67BW9`MjagdBx6s^f7lBq4}$qQ z-OmOq9UaT;=@md3ExKuCuenA_{ps`HM%Vt`^Q%fB=wA0av|#Od&&Aw$D2-KKVULOI zyJv!>tKIa$TBIio66jAa3|-sgvE-;OPb|3@`)xer9ufKv;`I2v;v*cyi{!J@`99MM+lC zGP&2`>xNc{Mxv)sib!kN>+|yYeB!6>?<;QsG65&PzY1-^tK$LCN{-dXnI<~)>|sW2 zN%Tz~^QO-9KlomeUZs1ny5A8`pXUFPQWHI7v^enEo(kQbk@0TXpSiG-ouHS&r`#K& z^{}Oh0c@I-ZB9IQEg0#Ozqwa0@1)hs&k$ml`j|!3%vcRLZ(OXZ{OODk|KOD_7@jo? zE!F4zxf=Yl=OO<;;kNq53;Pc`oZ+l@n|jglM;O}gIz4rqPz9qrx?9Gq#b6meNyfgm z^S-cLhD8LE2DS5qJ)`$G!7a#qPh2xxz6 zl`M$+YI17Z>19Bw&oBGfSIyHAFVk&owQ-Z5cN5b;WOtFHp8?Q4Si;c$%;w3=J$odI z)x-PSvb2UoYn2vqAWJ;*Ns4}9$rNeZMi3MU>FRB(*wt5VGL8+ZdA-msk!eHt+E@JS z)FC<4f;C(80Eolk^GS=*wR+&dO( z(PUms{(D{X4tC0%0e?bhU(urO;t0{mY4uN~$-)PbNm$4maSlg0LhyyP&n_5;qKd9Z zto|hWylx^H=p*}C{n#{yUV)A#Bb|RFDNEz(rgR)@(bp#ZH1uOVwne2ok{OsP?9v#T zGhgrM#KdOr+{YS%_zm%s8P>xKZlP|`Pz z7a6M}LBW*g5HVWsAIfE$RsKNJ92_&(B2lS{nf8kYh?6B;_@4IFp-b(vdN5-#K^Rh> z1`7%?(V|rqT4@ylfmCTwG8D&YZAF-^PL`Z`%`rRFl)Fx8&ag*uorI>1l=ti^gK=&Z z0?Pn+m5K-@dhoF#3UVD6AaTVC*?M8i)Tdhr<&U9$P-7qsAgcD~A_5X44S0AZOjT_f zr~%tx%PKq;YsGF7i1$0s^C>bktM1_>3HW28h&;HV#H6r?w74?V+|C2sfqaRV6vb9) zmQ0yzR-9euy&{PhNA!TfZ89R2gM|PKQ>Z5m9OoVJUmORly;Mwh^G4^EwMZp~AM`@H z;bvbW5JJS{kr-?o@_`WnTF=J!BUHFqgUfWVjV1pR^Mec>%h8m=Vtzz{)H$%29|SYG z;>#bSJT3OYj*FdK@BTk#Y8E}D=vR&`D>zrvwoZl#9>0$U9tG`HW){;E7xyS86-mEU3G9%?eXK zF6L`3Vut>sd~im}AR%hLP^C1VVfa`=UwV&}x{^-9QI}`$cR3feA-imw+!vpWvaw*t zI@%GF!r#p;gL4!4eG@^3b|~ER9jQ(}R(0*)5jfS{IY`X3iO;Jo*kPrFxqUPHV8Fsk z*&S%P{G-#Hcs;4~luLjuRXui>GT5{H)2f<9Raz60ImjW)ZX2?od(#b<&;#(bTQ$_( z3!PkfLpw%sIl3S3zbVLisJ~t)5HsO;$TvHa8h$;ol1jmef?eT6roA74-fB_aE@ZJn zT4Th+%H*j`7C6(`>UGu1s(7NWnmt>zK`nfFMK)!aC#q~Y2)-p;6#|S z?>F+e+=KW@wx}aMV}Ch*g){_}Y4AE&GN{;7=1%;uCZuq=!IXwtaQsx5+IIV#seif! zn>95$0JZ~N(f3KH{K8()1|Eu3WB9?seq}&1t<%YfJ&rNu{a)tg3ffH#i&aOwHvmo} zGm_ma$5%rz%=-He@7CHITN@VuFqLliYz>=J5d}X*mB)hzYwd{^)`Fu*7+~Pr`tvtD z(_$k?G8nTD7omCDF+(_o>o_Zgvo2|`PHGmj0aNZPDeCk282pw^_KV!pgF^Ux#2f)|I{hGVCw#$1r`KNS^$V;{|*dei)*^r>`s+u=<3nUMVu0 zurgr!SlzQ7AtFnDX=D73I{3XaecKBb%m9>ly<)?o_C(_^4O5GxUV86hY&h2te>9Ps z^a%c;ce{uSFWR10oqcyLcQTqvXY$lBa5Bg~$ov60{ung-RoL$VISZe@t>LN`goi(^ zajF@H2a0UKHJh^&;G^=$ip~hH>#lVZA;Q@FhvND(Sm%jdB?IdIYj?7c8dNhMeIAZ$ z@s?;X9hkWGWvG-Xr*;WsIT<#UehW%qp%2agVNt9p^Ue_L{0J~JGaXhkbZrDcmnGRU z!F!$Ih7R_`Ex5_nq1GRW0e=y#Zj|`(?szU-B$ALSw3da=f3VD*~(ktH326 zmo2Z-hjw9rJ+dP0_Tqw1vyDD{=eR&$?L=zu`ea`wfovgLoH&Js+Ic*+(_U?!Y@7xo z(KhwNI*ZSG6PzbX8XxW-TT^1DEimS;(FW|eeb~t_2l)h7he2X`Q>cR3-<+o{eL%SH z{J$Q04W=yl?kZxRXI$cnL3!`Xbc9v!Wyi3c|CLb+J|W*|j?GZDIi~yz)R_3P%*G(F zlM&Y{8b1|Q=q?ct-3y6#8HseL{G*=DVJPC=olq)$m=1`nlL$v(XGSeK}lChb;Ok#aPxXAt8&1G?{(5ycNzW7&x z^fj>unj)d6#2`)X!RpI4k}J|r{byf@iG0UC7X3hS)k4mL&%esTD8GKki5?QKnnfzg zt(PeMSzFvLA3m6cm2p4CnVv4FTf*^RC_)JiBj$nM)Ae^`y$2A{K0{{?BrF$h8-{W48ZQ0Wd7u+=|(0N)QG zK)@IJZ-72)IHa#%E+hpn{S`fb{gz!QX!5NO93g+Jo=+T=<8{!;oKka7k-sG$kMCM% z3K$S(o(FLA((PXg>O+ci^6VEioVRi)ii@|VJgLMrhffO5 zFAOttWnbLP5``+2ST<SjrD z>Br`0ta>TZx2h+#s*cwK(!o()qFWLXz>Dwm%1e@`UnYekv=I=Dqfm{st-Etd|8%ZW ztb4=3BkP6`5ULE{g2kK-(NGn%zCt^oRs!;kI=9Y zym=rL5Y4>^n$uKt3=?6hn`S?ZT3O8TJ~{-oY^K$*HiEDQ-6H{rZ+*8zi9 z_OCQhB$A_65dMA}n5!n2&l`**D}Se1fkg06(4xDuh;#doptai}Q&?!qVjnGok}Rl| zv=ra}2vaGSP|JaMKS5Ny&{D=ExFhJ> zKi8MJY(Kh6#R?=s;Z@_7Gr7x2w8~;bx_pUja4k`>swZB;I$Lx5P2?8U%Ja3hlZnLO z`sJ?UX+ANFbktKAQ)MF#e$hy_>&C|eS+{n*{_wpeyyZLxq#(J_-Js_&b<=1A~*T9|{kz5h>+g&zYePDr@=4raYyGrI9Ak@5X}1`Y!^(97K^IfcRhj3z@+;+4>PJh#ZOXnT~3r|edUFoP^_bP z>#VAmab?Yzh;NjAo+C-?%+^P{qHi}xL{Z2vycZp8u!4S)3sP>Nx;i^?UTg*KHGlt@ z8temc`C>wPEHw5la4_bTzJc8rh!l>2>tX*yLti=KzQn&;|3BbZPhbtyMZpzs)kw!1ls_8)xmMQU+|exur)zmRjcOvJMZKibl^A2 zIQ>Y0q8XaWbT4xRoxxR7$+C*luW}ZIZ+%S{B-IpJ2izA((IQUydfo(xU8z_1ecz+= za6Xa{BEk1CQ6mdNqL7g=w||vyjiCJfXm#{8`>^JBiX6OHkU%yc(Tm<)-wfwtnnfX+ zLaQBoMo#o^I`t7jwesvnB%avcFuQ?4;&e*hQd?QMldp^Y?g&0#T@(0W0O0VTx^Ca2N5p`@5CH%A=N25dW~;%Tli zwRbJ@a*}ov)5^n5_{G-Ek($}O5C(h2{g@7(sH+A0WEw;S|NUJQrIEB33n@TtTHj#l z1$W_O#>Y2h!ZHtqTl{{q#46G!7^UoMEN-IG2UcV~g1THzaAfd)^ukS$=nTHyX_R#mco+yU9Hbb5)N`Ls1Hc7W8uA`=}T!Ob8{DY_! z&vRkmGdVblqImh1Pai^&CBx^RG{$^AGScF;8*bKS;6>;2?l_iIOj(Z{9^I6+z{r6; z#zkIl#OmLA0N9?rAtMd3V3@r4Y+17`p7ztKSzn8>>|Lk5cv_EfFV)}(J5zeu z;~-OvCmn9;&4Fb;Q?5rzc4nKSN4h<+L8`J-Si|Vq8-hl;@s&OH(@aBB$d*P_YLSfe za#~I40C|eKPBNn)rD3HWV_9~!=Eberlc4r}B zKLQ!&$=+c@{^$8A)|{&?P;mFRI9$yrQsq#c%)@gv5JIanxHke9AzeVG_Vry^oSxeB z%(vl2S5=PPNr1#X@-29?$Cuk?9aUSioO%1p7%Y0Yv^9Tb8LjcYNQ!s1#o*BQF{`;r za+o6vwdqgi2fiQXG;xJHYt6ensCp{fFnCTJCrKXngz%jYnr=aj4mCM1gl&j((jQM7 zp0}@e17oC!4j>ydq;j#!_$||^yQZ{n|E5=c=o6z7YvQ>-^v&?G=*3^bD!2W_siD&ZJu5ZNf~o!Elc}5)j%LyIEV4f^p}xk z*|Wtmt2Wi>*nv`NGTlPdJN;B8yPry1jd^HW|L#$dyHczWh!iL_=gwritqCVedK^>) z^&0e#fwRpXe&b&6>G7q+)8FNM=V3)t)loDUa(K=q2+lr%o|eaZrm9oCo`-x3%wdIN zp3BEW)+WE6-<;s-Tp3&y$t@8~JzG3#pc%|TGxVM2n%~@Btru}kFh1+xx!cgn-wrZ9 z>z@$(9XoTm_ZglS1H%VDnDebQ{?!M~lso_zzyV=JJ^1~7`%y)UF_mpXAH+G+vb-dZiLM`y!%4Wb$?3ZKanrMw~M!QWP6uiDZlHWdK=0@BwqiL1G^mpja1*$>UK zK#J$o`<>0ICU3kbf?C0Ata(lUpZA4l`t3q2zCIs5x+Xt==eVl&S}5l`E5-OcSxCgo*=V!uAWT9O5?Feie^q@VjK;qroleltu_^xPv{#~r5<{YeZtjRiKjoxg zz}3G;nO1S+Ja9LrlRq)xuL0ykw<=(~Q%pxt|3l-)&P2nL?dVi}4_a`TxHU)EL02tt zKJ(J~vYh#mPodh_&!v}GD({PU*|s|TzRunUF~6>k^`20tU3na<|J=b%cahqCEoc7g zW5qO0xA9EZuk!abgb*>^B%0xoY7N?hz~Tk`J-x>qc2`$90oMSJzHde7mGr~F$Gg*4 zXXX4;kN=0QcZ{y=3EqWc+qNgRCbl`TZ5t=HZ99`p>||mm6WcZ?);;t4-+R}3@nLt) zK3(-xb!R<&c6C?x_Aq$(w%LxjvEAy^#5mc~u&*D|azUs|RfDXjE2@$4lqtSJw;1kv zFW)YP_1Ety@~wpxK7FnUS!>&;oS*y>tzzv~t$7mxtF`jgUYRlV#{;>fxD{KpHs#)5 z_e%xmGp>!6^Q|+=552t&b8lq02HgU}#~(F-z;f%GlTF1$zHPqsI6xKB)!r|t+HpP*pfB=fHyPXQj&d7A!B9_#O-`o80U zYu!-k`)8}r=P>{n0Y%0xp{j9S1wsS$coa#=^ zL8shVJ2GO8BF%?KyOiE-yKW|~_$Lj}h*%cgus>{GwT^4?0ago}|C1-H1nJ`v;OQ?i zDb%4r#Jr#PwsV7V@pf3XF5co5wrLo;FDz@?;Kko(*AJzgqT%G+dt_D#X~l8>y`n+Bt)?XqJ2 zffl2O1l}4yO8DVQHA&xH%ZIUCgDd8EDTMLZrK?$#UP5tf6C@&6K+ci<+5)&i1tTYY z)-dUrYL$4f;G@h4sZ{zM2m+61lh%j1ubx0$jYp;$?Xs2)}1%lqj_BF5{0v*ft9z!RibE5R8=XUxv-$!~E8o1! zxcpZX3S_x2_Y2k^!XVLXK;t6*_weJCqg~7UiTl#;H~HTxqCzUOmN=)wZV|w4*BtYJ zPcbXqo1baCA*Dq!*?>=LV;E`pbG3uj?P? zWlL^J)W}P@6)m;7O1U_tDp|^(sM0Lsf<*fGoL?Df;#VC#(TpuG0E`AH9mk2@^Y{Jp zF2;N$Td;PUi%P&Y@=^v$Cf7;VUTz8A_gUZp&gMEiA)rZMCW2gSYRy{J>r=yN(IrLD zkNUiidzL?!J0xJRAsEE8U+``nXzup&u>O?QmbIhy^BtPqFODfl-?i{^S__8zCJteZbqPTHlD_aQN$>h)LEBE+BQXWWmxpa zSXBt$YblJXyQ2}`bIQ1^{`N&^I4!s)Gg23{VVMk_Shjld8}M~|<#XrSX7Hp_`SOP` z#`BjX9|bJi>7dOld5+&JNSOo9+YvwuMPgYSZCl5|muKKUrrRZP5I$c$ zOlYV=yU)a%8v#1vniSAFKP@N9YV^3PMa`az&I}TQrnqV(Hy?EFFMfL?@em@N`W>tL zapDlTZj^$eJiL)lmM+0BF#bUqaCNQMv7PT*aPwY7Wq!3Pr12w~NeHMTrRyaftWE$S zLW2yaln)fFR+39POJvlL$+JNWjC;gMc6e2!RJEdQZ}efRoII zl4M3pM?i@O1t%s9i$l{#-c>Ov>w8Vyr)eBSNheT&3d^_EQT^4E&5E*eL}&0se^r(s zQ2-0fAptN`n~p_`<|@SvG4~m;1QMrqxn|-}`4FZBEo4jv^iuQAP}8Gul9*33IcuTN zkP0i|Fw^+Mk0ukLz!kYG<&N-kV_es*3(-KJPzF$jd^1cnRAvuUR%(X}DlWL8QR6Xd zjDblI`H32&+_(5QyE6_XRS>6S{J{YYMmrR`b`OwF#_$Y>uMfHU(=-B;Xf(>>=lXb$ zQm__i3o@cLCCW+^+y-33xY}r{P{B8q70kO2_>qQZNH9o$N)!-TC73i468c`anLy2c zq52R|lij|0A+Ag~3V0r-DA0+$ZBM=xEHGwxFWJPh1du;P$TK3#ZNdpy_5?H}RKY^c zG=YF-kdZLh6*Po~Q1G?A8kLt#MQHc-X@P|R4^)sYkj{AUJ2a@HP|&}7t*%DQ@S|7| zyZV{|OewdynT$*a(FRb~(-@FgR0PZj5QqbfWr;gRFjQggx_zL=L0#e%%q+VB#w+Ey z%*bkO8IA!gg_4pYyf6?11A%d%VUj`dv(SJ9(h0Q5BgEcODd&3bK4QZeFkA(yf;Y6- zSh9g}#~_#I8P=adcrf~5i(p_Z1J(hMYy;M`o|@nm&Zi!|U%D91z4+URgC!^pbe6m2iPHbH&MH$SmoQ8-~Drcy;|J(M`bLMy<# zc7s=S*&ZRon_xX*6B)6sM|}fiBN}Ew&>=V!SR&}8!a86f+`;?(g-&@dsNom}B7svX zMz*_jqggv#b-0qUWbh=8J1@lpI{^S8?p|kT!lDi#3UzMSD0CDoY82);XuR+?3VqKU zW)L226dtt`c``X9d>RYqip?3o3W^*L+hKcz{4BdBU>XL^GK2QCs{g0e`7)~B4hZVp zS!pzkGhesEcb2c`y6)C!UK^X&kpdf4{QC31&*qd3-Pn|auDiyJa#>9H^~@2CG%_BF z?ENO|2m>Al0@^Mf%M$uO8x8=4FE^G%SHd&Y!ktuJXnE_g=4e}Vfc?w4R- z^!gHRZGs(sE)bQ_QXgHIXlL~eI*xNet%|qu68>Jk{1@Q^qwGDh-OQ*0s%`VCFk1xx!Ht(VFP_e)-Z23qXZmMS}| zt9&_ajWTcTZEUR$$IX+$IV9ETr76|JZv1B4MP+yfU$lHvMO-YZ%q7{NIxT)l0mKT8Ko0f9`gWuzJbaPFz znF=-2Fc-2B+Par^(j z$$C<2Al0Bn_QfZio?H3r8qP?r3HKPtI4jJAD+8COdRY3=|3zx z;SVO`eXS==*%O{F@9&v_an`NdIc8>*;=QIjZ9o^1k2+hW1AKb8-;lmssDM|sgI~sk z!{!gb{wK3Q8oBIECKEEUx*lhc`6`EsLWQm!gL${z;{u?ez3XhGsG*Zd$4QTx_`=D0 z^?8zas&mn2Ij+q<@+R&V#B z&wdX-huo^|)dna3Ju(F1^M>QRulh5EcMn|{ckxFpJ_$%R)7Spy)1t<3Z8EzJhT5@o z&2+nAb}pc9EXmwq<&T@iB)#2Ho?PxQHzW#w$D@E1jrN>$dW|KIWKP+>y~>e@!}y-> z-MP`T_**rqd{1?8vz?g58Jt(D@?E@ z6|hK)V7180fj8vtI5>@0#I^3Msus(to~g(=k@e-lqCl9_mOUXquTsCMl~S$HYRi$# z*8I5ky2mm`tj%LD$aGQWhiz8e{WNgN zyQ_YcJ;&HO|zG|!7i1jgSK?-8E^U!w;8oGz+Yz^>9Csuefry|gL#yE zS)U*S3~FtBek7H>h0VW)dM#?D&W*o+p3fsLGbTjmy-(yfuFUyCW3M$ZYrW1Ub$v5n zyrf$-e=wM$8>4$;O152-1Il=`xHO-vnZG=^NG zzUL84Bw^o<+@ZGg`1`#7XRB7OeFHU@-c#)GD)P96y%vW@kvvxXM^+~y|BE`l;=#KL z-~~MyW`hURFIi-R6I3DDYoiKUjmqmV>xDL%ZqpfbxG{Ir6qd{BNjCXt!u+dw7n7Q# zyR0gCElbgY!DoGnwUTdF-PY!QVkzw^Zz}86`aWT4^XXSstNHx+-LGWsV**U;tnKZ^ z(@gB4LH#vQPoDdHi!FctWUFIlQ1|4lV_C4@ImySzl%Us*h$jM|V*XFz57#}czu!KJ z&0FLei!D*v!|`(7DnzBNzB(Bvy|Wjs8k4hWyUM-D-RBd2TI=9t(-XbUQ_FUuswL2*K!uLUl3Iu3nT!<1C7}YVr&4)yz?d>2aC_^&K{Uc~eGR zO2bWM$^9j1Zu{xOp}gaqF6Y9w*kY4|*qN#=(d62;c}j|K>!Z!!w&5e0O$2r4{DbV* zLji*aOObfkP-cIB^4Yu8-7kjmOlZ^`Nc*r$*z)P5GB zAl^oeJJXPhsPm`fo8rx8MZkvIwL9q&IQ#t;>6yEX2f~J`xiQQXqH*$2ac7)h*~Ag% zhDX_9Vud9J$`;rB>ZgZf>w_k7#F0OUtPXW0^i7eO`kCGmgd=!Wo+#V|KhDZ_786t? z?^K3<&xenWD&Pxc7kjj`ZdP0ml%v&LQZ zmjRzoH*lmO7hS+3r3AjU@0?~T-Gb9aRk5PGt3^GP-!S^7?8BS{{+^UpE{Q`CUMDS7 z@Tktl-=bwAsmfk_2M~WfS{}%+8TEC#uvBY-UY9V&E9V^M( zW1YSFmbOx^!SZs~|I_>~Au=)Ff?PmR{3MSj597Sp2ZClRsPl(e=DWBHvfO7c`lE|v z5~N26jFu2`KI>q*{`G1i*1FfkqqC7D=7~FnvInRAANLmi@a%oufdjZFy@KDA9osg@ z#fUQYkN&y-t^gokTVxvnx&+TTFHG=rwNFg`>-c*mZXs@^dKiay3lp9A`wFm`CtpHY zev95y*_k>R=kjxNH+JWH_H)9bK7UY7&J2q>z|nZ)U5k_!P*08{MB=1)Mo6>C#l`3C zPEGH)LpbdvRVC`+(IY3_#T+rV1BlcKcA%)|2S^7U0i@;)<=*6KUYVKX=)Ir|4lt$o zM_xge8>0~Rd@7tpPmsm-!9_{~DB!5HfsT$g3IQxK7XuTOlH~ka^&yT(AjO#MXGBr$ zBV<>*Gt%^qNeXFY^2tzy%ASaQH_EJp+9YJ`F<=ZbtpjMKIw|%I<72KSII}CvH(4(=e2b=b&JC z2?-lAbT7n;_LKBRv``JH3a}0m3spB^3cV{iB`E2_W8Q+zBFkOXL0vH5(e|^#XeQvZ zHo}A2am>+5w33*I@E0t2H40GZhcMC#;i-KH0J@(j6q@X>)p;{fx(sr@p@O*ff6;=8 zNW`+}VhYbW9cVKm;ED>)>f~wBqyv57RxeO?F+@1T{alSHRGYK|8N{h$z$%KMG-pF_ zmB=DReh`v|iO?2mS5e=M%Z?U|KJlj!$YJ5B%~6M3SvjN^%NNFof5dA z0}2&#HefZGVrF1VoQt$DEGZO3ovFs>qE504bW~y+A`zaUXV@PS{QkBQ<`ziv4FyS! zK%lYE;_u=N%ILlmNL_%j%ix4hvInBsmQoVZf#Rac1VeOrIbaKIVZqIAz6fwF*F~?$Vi5u zpwKnjLOUfc>=^}^TZ~J(4dFNgvpQ%H1^4%j^G3!NQ>aQJUD9Q zkVu5$9d*>pNSfpiP)c@noX}ziGV-iJg~-wV)m$)yqZJzyAu|Dul<{OoBmsqggB2%+ z7iujs64?88QG7sGYwpaoLm4cu>5T>uDgvvEWR`^ai6D_FLN2>omj*#>jRHuN`?(++ z0;W>nO4n|I<9e42Zj7FJN z4+$oI&c`I_%~%JS)|Z#VX&W$^!V_3QikeX2sj0SgZXK>(8Y%&~Q7a}!M?{tCallSx za3C%+ToaU79l`6{?O8&`m}q@*Tf;tEEp!bSwQf@(k4O+IoeB<{3QviG z5hps@9Y41(oYWU)13D0;J;>0x?+Mf&+i)%u!3Ipq$Td$(1s`?~s;;X5zE$!=MfBdd zxFV>pp~)sF_6!qd`5OSG0XynayecW?E40c;YD1hEgBb-nMs44n%`x4`SjAb(vLFz$ zAADa507a#VqgH3wW{6r{v4pI-{J2OhZ zCQb|shFOdnWlDz7MwBaiLx88Lb%g1Og0Rw*D4}~M7%Kp`#G_7R+Oj`9N(ss& zWmYYPMeU~xjTt-X5@{wVw^@m|4m}%`3T~S>jy7(LhD2&8iZO1b3N{qY0DZ875yu8A zjTh!1V{v4z`F!Dt*~}8TA_M9GJwg=jW0es}rnJa{Fbg5VA34-n1b$~QH8z6f7)$FF z9z>c^^PP*iQaV7{iQ%*P@@AuP3L9Y#n`60i{d9j}ZfGB$iP2ZVdTO9|*nZwvnIptY zjGEQXYVltFE{tW#tWzM_bDHXRf~IJ)LP)=GQcp`}GCV6s@`!+yJnCu0plB%a;wk4Q z(}>&v7%SZvcE>i;oF--|s|4MCKME54EcU}xe9IviupofrJmZf0u^6Aov(<(n4{jJ9 zUjgE%Ts@T1@Kf?($DGMRHUx|Eu*-Hx zi6;E6t?;@<2hpg~_pqLkDqK{SXd-)Y!Bs;jXF50=T#R=ZIVUvUd!!~{C_7CE#!1j2 zXh;O$)Ujq6^IhMdJRKv3q6JkfbD7oJl-eBM?|A_Eb;iy^`Y~-nG)@FL+zzSo6DTSK zb*2$PNff=x1RG|wSC~kq7n>UsQxbunJRdrnrb;~ly5AnUE?ot`<j;3Rv>*!(GJcP{^ZBURWnwVIX%=uZ>QfH#4(n>+2o$=`B=b{Yu$<<`0;!;^4q;; zQ>U?ok^Glm0@u?P@T6*tHv{|RErnmUHqb1OFUmya>yDRQ7mQ1w{rez8_1QmRn*c3) zTacN=a{IU|lKZv;mk4nS;$CaDcIuSK$??Gh;fil>?y3Uz%hLWDYo?hS7SItn(o4(y zUL&qHTe6s6!&dO8#@05Z$QPzM8Xw+_9xbHSpJ@QAh~gXl$awKvBkyR%P(L}Z)9&tU zZ`CA$yuWrnHYc_FXLjvV)cU@k(twOD>TsU}T7#yygKTq+Hntri@0v~vLy;{E^;88d zR6dBcs?qG4hAD{$yK6Ca<0k+Wv7|-A@9_Dq&xw30{LH&SZ+??JeTA!ir_|c-B7z)W z0)ARO+aHc759>Lat-K%NtZu&4P<7X#*V9`b#dw$Do88(zG}CPNsd*KalK`DJh&WH@ zxQjyc{daeKbem)yL*v-ib2n$C;3r4(bpym(HJ{iM!7aaS^E;0(^9e?xS2^Nb+MUm_ z--Knq6xIVhIpy;OQAYv_I`ciS<>vSwI)2+r&gkB3otxcem``-?d3=I$S?xVUC7(hs zsg=C6uiSlDt~14ld0m3aj{-_1e!g;=72kOO?H2uISpJdg?P;p@Qc%$ojeG`QDYt5R@TK52_`hw1A6D(dz^Mu=eFb(?#H zrSRn_T$|Mu_t$yTdh;&cv``>vOMg~%QPJl4Sg0Hku!&_$%M@>^u?FaHsxa1kQ~h3Z z9Zj#-X75Hdhm_OpHROFJr*Y(WkK=U0zB!-~${mce&W$zh?+IuI-&Q}xRdqn%Nc>7M@4;Zlj+vV-ul9So)oZ5VbSK%?UOzXvn_V8;8cjejl-K`h_b*QL62_-< zqTR5WN9XmSd0ZoO0<^&Zmwevz!?`yi^bv{!#f#zdS+nWKYP?<^ugmdUR+9vu3HPej zQw=k0>&Nv=s}(4eD;a^WF3DADYW~p7IxLV78#FS-?v_4r#ps*}y+LwMz=<8TPHEGx zerxx_ZSH-#+_#SR+>Ukf9%$*+2-Zk*xiCE)c{Fk;Z-L~X00dwtC_W~?zfY`}`1@{# z%_^aZMb!FoW6WF=*kT>q?SeF$Z^+6Zfwiwr55Crj`g-nv?hwBzkM?HbA;osOtwzZG zPIlh(`{-|K&U|QDo!^`XqO?icE)^+LnBrwxbNXD*=u zYN3p{1i8>_;%bZ#Bl$yS4s&dt>jN2^ooS$!nsdR)7!^37#hU zG>BN*G9YjT0Ot55|Vn5uLV0j&b)Y{h(nJ>A`T9M-`;S?5sH)&sHZU1ao~6c-CP&2X7qKV2YFGWTq8|( z1pl9yM)=vq{yr^8%SCCLAlXwiT(=nx5W_QS9=_r%;&^B%$Mau6W6=vc3@9G-5B|y9 z?;Cu#)s(||keXh%m2mAPH9Qjvm3j$v&~eHRvxb3|Ved}Q8G?7p&qWxH2#jP7p@5Oh zF4RG5p%w;-J3jWHl$JJXE267x)$LjW>b;NxK3S8%q@`#$LxDVX;sg~$G63&@`bd#pOobsT z595yq^#<0!f;-7h!-Ob*7@%oI(xvslQ+zjDV9U-|VB23HL}Qotp%fo}6hzM+s4oHY zg)l1Mg6k!eg&N`kWtyA03ZRKx00&()_ta(UWgg>aBh@q?MT33-4|r!~WtLYkL?RFY zyB&vc1KU@&L&-;=PLUa=9Dwr*@-o$|DIj3|DY5d-@^gt1En#>sb~m(VH-{z0T@$AK zY>SLnRgNYPhf!9pE*fetJaEOxbAy@Q9EVUJ2lEF`=9g9=DpZaD1%NJf8d5Y)57BkT z49kuX3WxM7`oD<9$!b(}6bh$&oS_0`5QPwP^bDg4_!-UkLVQy6ULFldto53sQf(pQD)yNPqkt4?W?m&Fo)#~VQ zYNIOJmZK%ma>UV>14lv`2#x6TyOT5E0jCLDMT5fv?;k1%U_mf}wXZ7*Ha;CN zo|+Ai3?G4mN(dD(6|dx>SGIPil$laeLAMS-XblCo|DQO8^nb@GH)&LVv4C;PGXqY* zzc>Xn^nc+YkHfi;T0?TH$*NSeER zU11kkpciD&y$EQxlzNizZzT={*cKS556B=uqVi2}YHhL`(>=3o=nePt|@$W9|YRs|e||N};GiXaH0YCOkNOm`HSD zRY(JBgia!oFcwOP9AX&4CM^sGE|P=@$g9)94ILvkG3}H`ribbnK!8JM)z+z?TU`!E1wD!SjSPGY# zdY4jmmJYW3AOWKs!?#0Zsi(a*N@6ZTP9)8<=R$Rn!Yln5m$V(&&@r)OB|deWAaPR; zE@XYppf1vZw(ziPSQM2RV4GMlU9m{p!>trn!fj(h8|G-1v7+s?f$dYI&N0xZ?t!u? zzAR)`0-#LFXTuQkB2pVpO3gSy-tgd$!=c$h=!D{m`~Xuqkc;dzVY#~iB`|u+;g&3@mel$C;fhcnd;w%)L4BdES>yISXO z0^6{s7JsAr1A)e?I?C)O7xni=itGjdTDz-*hiK%l-)G|5@8=`iUyUxC*$z3s_w+oh z4K9;Ay0zg1iLw^SD= zBYqI)s`x9NGUqkF8NJPSJR6MhvN275+1#-^KpYKb>*h?+{HM z-KeQEWr4TRM&}!p42^nZm;AhrQg^B6$A~^$fN|%HVbopZi*YHwd1^%6nxa_;tRTB^ zLtq=vObd5jFd?_Zy@k`)oP9YR5&yp4MdVyAr#UBntl4P4X{$Z@MBY@K ze>cjeJaiKOvXyJ5$&$6eo>-c+DIe(YzV7gPetx4^=coGZaIV9@<~Cs61L>CFa%qWQS z29!VkTvgUDKg*+SbrxHE&9D`iE)K^smLyn)Tl5>a#*Q|dHUs~9lZGQJPYoi~Ke(O4 z7mB^0Ue;%%z6MjSl?&Ub&WDE(SU~5HrZ~I7J5_d4@ml8^65B? z=Ot_Pv4X|n$M5pj1v|A6c;mt)*|xu&P`8_Sa#uc>m;QVCwlc)^aj3Y};-{?CJ^hQU zcv@fN{WXTC7|z?@ztWYBzVzEvGX018_81QHC3&_%6fyg;aMzI1iEV^trRw5k6Um5; zVM_@DEd?!!Z*ITSq$B(^1VB9Q6RAC0XR<@%wCdhYPf!~)=Eb5-7w~y#r$Wwq-80F7 zw|iVQx{Zaza)BEIB|B{BS{19Q>wmt(ywxViAMQ0!M1_-UZ0ZRS&uPO6Uw{!J{5h#H zvkV1f`JQBK8s?*o<)G8YoTjYrm{mXlC3i*!HU3?qdT3_lTH*C+*Bz z5Vaps3&IHUV`!gn;T-F<^elElw(%G4u<|Un1pCEqx#a=J@bf(Okr(PuQV&-cfTBSW zdw_P_T<_OvtQ7cb@x@*Wv!4+RPLJa*p+g_&fRg+mA}ccN zaR3ZAKT@`MC`TGo%lQ>$D{l0+LZ+l|7kh8nUUr-PP!>Yh#GK)bq!Dg_6&&t#m>=&( zq9+y1x{p1~ao=1Nom!yKX2?zmqMrO#aD1gOQ0qO&dke#H*Z`36=?JQu*wgC0U>R4@ z?8rYn33|K9gWLsdaWR=_@SF|oZGv7R2E(U{8YjT6Q#qt1yEgq;&O5=t9WdQcL=`Z( zAjwziwZTwC-<*~8h=<=VqIJQV#m(=~GSr3SW(Kevb~$2A!XCxVKU0h&9>pz_Obw&x znqy32=s4(m2>|M6eTxV)a&juAOIkRkbasu9JCO3IFlkl>jNY(8o<)A3PU3I<>;{AQU;Pdw6vO6MW#f=1p+njr#)~<;TF!AK#H%nh$ZNeno*Q<$ znhlGm9SQg8D~@Gkzt`jS;lhBiSiv?Q4UZxUgKiE02?qGh`uQ1XKXnB$i|#%R%InJ+ z_9CJh-XficiF8U!IbXc8OmdpDjf#u)A@f~8IhA^=k%@F0wPPia*e-bmg4egF!;#}; zGl1ZLu3og@2(KpjWa4Hpv}Kw-N=XZq@l&W8qoc2viUnrwExq(*Ufjs}2b4+WCY}It z3NF{@odG<3>&nJ;I`L@WFE?crP>sqGmRug+*t{bkJY5vI1V^)JBPc{7zJZBBCma|2 zkb*LP`!%y)jPf{zeZ!x(x%1ET8ANJ?98=(Qg$W>oBUrw*)m^jvg(ftOExJK+x1M9` z#moaJ69+wfH@_{oTW>S*>^r=$zXO{TpVEt?%0;#G4^4;U+tB@U$iOudIVmt%2R#38 z^?u;b;gL=aiYuf`6$ye~p_@NVhsZwM?g?CXTNR5QPFk(ebb3fx^g4FLIDEDwxA2)p zn-Czg@a)3S&8w}0+feVj=?5LBM6FFUddIYDnBMc?)S7M(tz3-0QQyTy0yTZXN9*26 zM_7A469|rE=J9+_9Y}9_-Unw7>IgpDfgTD?amlWeNKi)M^=n#yjb*C_n(qel^SYBO zD;_x5p4L4G)X+WagJ$6EPZ$6~S1u6|@-F~k!}qFk-`gc+Zx!CS@f%Ye?DLW`gR2}_ zvayD}`SXXeFngH1dKXpu`yJ+jVKq)2KZ|5~SJ^tHlL%4w!90hENmDW1m-Nt585^tMyRsg4K}H2A|-8a!!rZg($>X2*bV z5B|y=GQZtvDhsMzRF3q|_>2)$U#WT)%nBI>X7eg@cP@&{`_C5g#@qL}6?qx#Yj^g7 zWWg#^D^g?v9rd~fT{DB3(J|OYXt4b{G_!dno4_7~C^o~F)k9>lylsfUSogrp1 zp8k)CAh0N>Y~WW+`LC8bnth+6%br9?Kojd zBF!Sz9;mkuYytU%OPd6+F!cg@oOsC7z)ze8bOv|<-9gTZqW?1pl==g__ifSD1kSzy zwE$XqwEtmQOaTo5RR!q()09lJn6pSc)Vh;4^}@2mN<3Ws()tfq5-9y-wnhJEE1y4x zSUn2i`kwK-C|M57Ypk$BpI8%rR!y3(n$_{iG>7a8oLJVTRbbs6WM)fR=lP+BE*Zh!z`~G+@1?Q(tM*CMR@?WiY zgA{rS86tfgmNZgXwS7v!NvLl z(UHd~$&JWq*L(&QMD1}Ti72Mhuw>LoMh5zNs-gw2T2h3@mCW=2oeL}@2QI}X>IMA9 zO^bkc0CvNr6@8Kjvh05nKxcmdtx<#`t=dwA{x~(K2o+%buiwIL*poygRRAYIm!%7V z7)C(bhX3{3YeA(HoIE{nkA*Gp-eMvYQs{rwvQ+-VTCxQikW@Jt0GbCjha!~94@29!29l83v@rq8$cYb8g(dkJhs*5W1V7i*`qHDBiZMQs6y zaokZ0dY~Dpy}tgESxTm(wTdNYvDXm7g_VAhim6`t02ZEIWGq)|k%MjflxX{`2)`3? zxX|_`jCExc$yn@laH@$TokskLBApavDTZ@t{;O5MvPzOD>8D6PRtUxYSCayzG@*?5 zEZB)^)oaa+wm*$W$BVYF0Pw|%bc)A|8f@D_1EOR{54KUE?aT0DM>-_}(XWKtP1y}8 zhQ$Se6(&II4SYC}PU}F?*LI8S&ClExe7>;#cc1Ax(4(tk=oSA)I-y;^5g zofo4RMx3c`;rH41q!_jXdid`mWJ<)re&4Dw=FJP|{ zv13L$MFPe07=TT)ZLb4~_#ZWu|G~=oXFw{(M-$ld|ACkMA!DgMNS2EEHbW2m^wszu zZah%B)a}S#GKKdJ+yVc*gmEMok;eJ4@2ExY%y`XNc%{j;uxGSI9bh-1;l7)Pc1@qU z1Kr65OlOuM-lE9%SXjpPT*BFsd_U5me%KR12;Q)H2@YkDxxjBfHR^9mUPW{+QgaBu z4>4iwvB4sE_4{pE=mzhLv~el|epzxII^mhoi+nOH0<{#lxt3nNmIlnz8?CIrZ`%v6 z^2IQ}^)ni^zmflg3Fw>j_=uG_7LhxAbB5ooYP;OyT)r{(Z+86?`Te{(!XR01ST+Vh0d^wb6P)w&lFM z^*>=dcZa%4eE6XTY@2|@`=RE*K<$_qm_{1WgN*jTT$^E$l&GxJ2aNVex!ghoB>JIR zs@f&S7c!t}wgHzi6`#bDR^3JyAyjyA3_nSTYm+>e_O^@_PjNs?0OQ? z@dQcrL(SJq1$-yXha?IxGbn=K({qA@U_)N-0qZ1%s#wL&Oi2W> zeH5pl;Rpe~AgB@sgi$x#n0ioB!`)UrfET&5|94&6OR!)2YZ(@p_oMjnUj7g)y1`>B zU{EZeAY5<90hUwf#0YxjycZndyKRo3H)DXMfmo1u7a-VdJs!J*$2L=Oc^r!1`$fRc z2^1*FfhF;ha{?jtp`%|TFVkSUmlKNyAz&m+J(lAOEta@x>XUJ{ z1xo|^8-N~4DX@bzY=);$qBaA)mp8P?f`m^t7U?X%- zlENhhs~f}M89+cxD9#&OgB6e_zeMm^qGgJ$)U)0uzs$f`-Ls%0(B-S&SlqvU`OZ1a zy$`FhLw1XUI(lr6i3lkRZS?5sf&3Aom>jU9GRKw!nL zP;-D9UrAPf*;?Z&&)kB_s_Ui?@2PE+p9<ZN&UK2HFO@>IO#g23T49 z)NmP-N6W`059R!JSVuUcrVWa=OqlabnAjI?Fpj}=sdp)p5Ob0q zifoxa{d;;5s6i`dI-}$>-VXW%wH!w5xhMcfy2oTpNC&^$ReOj>1aGfQ5&AR%U!p=( zCy87cx;e5l>=8GuTaaGgdd#9~kEf35DHt$YgG;-iCfZHKWr22;Bg<6l_VmG9mF-%o z(!?0}6km;^hocHiGRT#0uxVmMaUnFiK<*y9kNt1A0roZzYPY8WH~)v9m%u#xv^ zNpafqzeo8pQ1wq=Eqhrg_^&#e6W?mFBmF&>RHW!IMDJW*f42|ZR5-L8h8Cu~)P$NK z!-LrV2Xd~*pbuY--tPnXJU_MiA1?VCo78iUuDC%A+{DHXn09szMcdiV6}m}3yVh19 zPs4jvoD7kz|6s2scOUqnR084e^DEi= z_WAX`tVul-mQGX1Nj(}F>qp@VYaMWao*`I4ymO|{NDqcMjBsOdq^I+k3KIQ&jg9ym z;bySwvZH{FC&S>!Q~v`u59KC!t(Hqm1wEDwfd^_G-g7U)j(Elsx$zHxNi|Zh)GMj< zcmFhdnkO0(5~e)C`Y=N+=@p{!V*+lCC$5!Q4jiF2Hv$oLI&1xXjvtt~5K0Q2jh7`fE`0ff3<6KL+R8pvfn6@Cbkx?|G$}?dws$;vIqyI$b|iuAV6)@yItbZ22AR| zfg4_U;c&Y2Z_UJvKX9|ejZT(}Jx)Z$L{Um;b=y^T&6vtA<58>Py*kUi%>kWHEFqhB zs^4$~+~H7=zNd$K*+Vox%Qz$BNoP}4^xdh?M)lwml~cDA1H@x#9=IHhOXK zB?Zb-zmFD#0fVg$gdT&(b+l3Skkgp<>L8v{tvBvPBbl;VAiz=mEEdYQ8mCJgX|pP$ zgf6luU05~xPpvU`D@@l92x&sfl~pv#6{$$Hi#D{+RZMpg2wuPD9ZRB(Cb@A-A$fyb zJ9{hyV>ZJ)Y+}9DdUeP&tYhjW|VG$OT%6c|17W_XxHJD%ed3DOv|zJ$KT-rSI_-XEFY!!S~T4 zfFAZU8T{W7_y1?WHFh+Ev@}zf*M_R5hfqf{u+-eI!np%19q1hy6=s3oaWaH^R0b{oR8?vdolsi7ash7)) zW$d_y7Ceb>zh|aIS11C(3y2o>>rI;2mUvW<10qv zg0XR#{-d#A&u15{ow^glb5I>@YA;`2^vi#9wXrJ0@V@O+$}Y+HVgS7>e)a8+!E3H7 zI9oJeYcbcjRs3p1GQE*grDU{lr245eHM9@kR$boldI%kIX4;Fz6Z~uK!;$ zhnV>_XV?%$H3P{^qG^yjXpc2$%0|-kKV%-N#wz#yM`n@A|4ruJ*?(jXlKDqwF>4^1 zXDUjIfm>>o|FL-wBpXCGK$N$!xmpPcWUd#;|f z?vMKihUxCA?q2L&``Npz`U%XEX-{CTY=VMW^7skNvhz?ds}@7SY+?fibAikgm;*^j zqx1g)^F`rrFw^Tn!Tc7x1`6i>h$k?Ed7GeUb}3l;17@rF;BR35{4ZdRIeh|ip}>C*<|!+LAuA}D!@Y3Ce?xQp`@g_kKJ^4< zs>XaJMq;i`+s*6gK~t-4Kp&o7p~3j>Jpuv8q-{;f{R95sMcO93RovTEKKTy06Z8rhXM8`WyW zjP{vl1V5U1G*=?zPcrS^a?h{)S1Kv+|AdtKuT)at{|PDeU#XWBe%tFO&A`z(ab@_P3> zIlNsJg|hN&WhXk(t0{%N7T&4{%?`b_`GZRtbMw*JXtI|gzrOKSkQ;*?o3f+rf8ewk zXa;+FpH)Don}YSZznbSRJo3s+W5nWnv^TnfKXV`cMWVi?Qik|as>Z`vs}9p(pH3ij ze&^pPwB8U(p|DHd+qO>>+Whs2LglaiqEN@91CqA(@GtnOw@(z>Q46Ke1dp(6LZF7> z6NN6~K`C@0)ekf*+p(h}R|7AD;V#!*ysmrEQIRjtbS(|1suoMnD3h!)m6Z&CGcoHr zYz@}t7|;kUV-z2c1D-lW0Ue4ZQ9KP$ex0HUQV#TY>vhpR18CD(a?d)wQx4=oQ!64$ zFpYUzd%9X__Az>J*y)WrGv&sK!DAzzsoR!U*Eei+v8Gf<6pqXqXHpBF^A#nt0c9)g>wz&T?k!BwpT6(Ep&Db`p|OpVen$s%D2zi9z=B z00_Y)vOjChFknZKjA5ZWm&x50cDn}KY{ z-}1Qzi4U3BnzAEWZ7AKQHkh|Ww)RxG)Mw?zv%%DMq;>e}cKRJIoYqi!{e-TPzC#MR zEj29LLK?QP8>uJ*fy@NH3R0@fcmU-RJtUh5+8wy5Y9eNKr z6gKskKBEucg7VX57;6-e1g8#{5vK48w3bcc5Hgswzrptx*kEq_3VS6QPEdn)r$Xp!W zgjV>}%nOar8=F4EQrL#pG@4C(&%Ws!NNj}lpHgxS#V-+?vk`YcZ*nHIS%fs8T?%Og zN5oMisX<}vPb3}r1mmy2{(|x7XLA|dnB0+nz_>Eno*bWVUvr?t8*}OpjD2yQSMNN* z7@R}k(S8}?|C#&xFC34sLB&vXV{deC`&uRo-kI6V0k<(8SFdz!!^&ztst$&{o>4$x3X;}ibAA!Gb(WWY^B0*_R1CrcMZ zDt&UGMap~9HLr=#UKgZTl?q!04ic$^cnUKgh~RCgmTcOX#7ASx?0XkQXQU?0IuYeI z+?_IwP{d$qOYu#p2IsJ<2FIl^^v5%A=NX#POUjOG#~kgO(o7b|BEI~##5ivy=Enoq z;eIifN~*8PZQ&x`U*lv)i*At<1IDL!z(mj2erd*(K041zIUgvQYS4S{ahcklERlN~;T`SP^!f9Asjf}q+e=7bSS7w9iJ2{MjA0Ft+5%P{L z(3%2xu+5u{Mi*q0I6P#a%YME}S4qb@2#Zez21GP~rngf$aKu<; zesy2NAc^g=Oc|?26XJZ;o-M`w4Ef0Y_5PsXk@HqGE0E__(%)()?c4$_sTG${ga*X` zl}agPsART>AyGjF2T1Q$aU|}W9ZrmboymyJWig;G7probDD4_5?i(r{9GWyyQM5D( z?9Tl_B9nHGSCU-@mi+B1#c5K@@1}T4reM;Eh!_66Od8m8m8Irzpj$L)Ebz)ik!sI0 z&IOlistHXq7af24Xz zjEtO(5M_x9mp~7x0G;NeSiP7|VwL4iHm;E$w_1O>$PeawNJ*aI9;y(!IOS(cv4YJU zVPd2$uyvP8io5}x8QF?w4p0=!*~%MYAza4zQOGN2jX$VUO0m-Hw}lfKjI%H)Yx+5A zF~+6vDBZ>ctY=n!mZ0@eYL+2Bwyz{rQ!-WmvUUoxwX1OGI1|os=N*1of&7ao9mX>1 zHJ2*y&@uQmDvDz!qhqw3BVb{}%6tJL_`&kn(M;wC`d%MK7JR#1Rr&i3c)l=pJxAb% zV(7JE=!ickh5vd*CEgPI7&|katdgO%BxQn&H9bm-rNW!|d zJSORo$WhPO`du@UEw;j;<$i{4jYp3lvOS*tCSr5%`^fS* zXGL<%*X&56uIHfKpFKi(K3My`D-e3?u2=Zv(Rd4iOyC}tR@#s-unw+!k0zDd^NV)* z2r2L&Vz=_k-j1KK@(3t1_#X(q%a3V^v44}^zE33a>ksH*-pbv64_ao~zQ4)QeVW|h z1qys8P-yXu;M}>cU?an$Y!eG?^!haTO1*AZHneq5JmQvy8}okeQ-)OHyZH#{<48G% zK48o%v&QKLuNz2BiR79Y#NpfLmL`RV`c*L2AxZCGvXZ<=C^{g7DXH$<97Wh*6>nc6 zsjN4+m7~awy-~0zZr(9EA7gPCDXUkaT3hJLWe9?Y!vUV|nv|`*5J&V9=+O1i>Y}0Yin8u){EmedY_yK$jcLxE^+2=99WO7THwgoy3l;+9la7s&Fk#hHm9obh!CD!or!d#jx7WL~BM z-&MwllW%}N9obO@=Pleczxj_FR3E+QSM3Ps;g<`orkYhm=LSusw=IvdIX}wiLws+)8~(60S{rVGr(vNVIygvOutCS?x&6S6xZqUG-(^WQfA8W4u5x8r zbJ*naymDG2AhhIcmdrSva7!5HN^H_~ZA`l1B;IvPY=C%2J~Q*$T#+NaxsL&JYR_&s zsUJ|?;MZ{}X`e3l7(gE>b0UyZ9^M!pbe&`0fQnzD@7y~P78us)=a^K2MUvDZ!LPBc ziL5z)F6@coef-bQs{qA_Fm%PklgJu zUVr{dK^Q50?=TpLlHw(#04GxReb{Y7O;s|JmA zYD2-EVL4cHDU;y%==?*WVAqV4ISP6L6nP9vMm#wtSW)?(#j_}XhEXQh<1pG`++L`y zKt-|g+anx;{P;r7fj8iCoQ9PghqfXn&CN#Ionm1?qcbF^)AEC6ZwESzMh!m=qZMtD zBC_1A!9LgtQIoZ@v{V;|AzszW6l{3OuHVkVhfRE$#oP0#s#NF@PYH4SfJv|N6dHro zH;iI!;+L?#8m6DA%+9NNk?|P%uPaiT&?lL!WH|8d-0IR6}B%@5%@Cq zcRG_c=N*&1qW$vtg>AqtV`lKCt6XOoWxm0{SrytAQDmr3+w@+r9EF|*2ZuJk;v*|f zOX@}&oT1`qjp#^CrQBp>TNwAo-$R+nidHA#KCxN87-#(ysu7wG_)Uzo>(Id`Z2dsR zf$N`!Qnue?>7I5yLy&@4aa2+p?m7Xj>#>dajs+W@q3mQ{elk`;2C%>!qSXY)ObfAK z2M9f;John7z0zoLp1;x8aeo9QFM^M2HzcO!zY`g(i&= zT{PFA)U_^zEXzY;SQA%fl__c)bc+Jg31rlB^n+vc0ZF--qBi(HtTFEUR=3JbY~fsojt; zJf;>&3m@9_8kg8-UegXRz1DKJSMo3ol*`FZvI@V(Ak* z#SD;uQ`$|LIvHNamD$#3?iwtOZFZ5M({Hf8>Gz{pD;BeKSA9w2bI*Lowq=0GYg-$@ zf`aCVw3LVWmiwY;I~!YsDE4LOdFQLo4_|iRczQfXd|x%JbtzSzsH?IS#r}9bxw@mS z>_ZD`ftg-vL0yMoiN(BmsY%GwDEauBYcqf65ZuiwqE_a8@GpB4SFs75#O-j=;#?>w~g2 zN41^j*hO@FJTcW{Up_RH$4H4?(S+bMilZwgxI|IIe*JiTg*g4woRs2Fqgzout2m(A z2oEfRd;R%6W7^O6&LZq3oTK|&h&NLs8tY1`B_66T4b9y88h|A85_uJMP_;-<-&YcP)Y{5@Ukt)q9perM=BkyLel`yr)SmQtM@ z0ars!`!1fi?+em;{Rdag58t{CaryB&@ZUO073tb{Zd%AGZM57`8Vp7ecZJL-PtD3o znh1i@Zyq%>>2>d!vxlcpiSaQpG4Ky)Qa5&pjmF3a!=uceOkg|nAi+R-5Tfcf81fDB zt)UtLQyoB@KBlDb7G1?Q$!A^fEL!{6&Qc-keV$uV94>?W*SqhKR=FR4a;V{H7hD*H za#5U%r1RgQ&fJlbkWB(K)gkz)y135985#bq`hMNg#Eu#9ibdZ-pHiVr`PSH z&#yryu90ZUp@AX>X?xFiFbOs%sWzQWKTyp$^VbHaKQ}-}E<@O@?Jr;s8($;9Sam`e zif$=)K7@K1AuqJ2GMNvj@Wi#znG^d6Ciwb?t+g#*jaiFuh|s0UJgvH8yml!)jvgnxBjfljUV=nt9IO#zyS=ld;iX zTmv;Wtmm|##s<4h74-Ur^`XYb)Y>0oBaTBKYHSRq)hv=DB!UAh-Lhh-AE4DxI;s9t zT+L`~%}5MsES}$=YG@>!_1{)Q`#n$9kk7mSyc()%hAnG`Rztgu_zk-MD2A--dj1qc zn|9D*D7jH@mZCJ}UFJt_g7NG@jp+@z*RabQI2RdF`UAZ(mgdV$JtaEDhNq{KFGgv%ghr=}?ElH=89mdBsW1=53(}XS_6L+S;CIB8{&kT@+uuuRPRDO~B zIc@H>B<{z|e7a`j+za4H%Nv_FTXXwS`Vdylq~F1+i^p_*m2-IHOxsU`LV(;S+E7`Z z`}6EMCm>-f*ScREl^@$50nR9peP;@EzS8W@isJ*$miig%QQh*D3(aru5 z`*t{>sy}SQ$b}drYSE4uN$o2SLz{d=#cnq-)$2entH&K!2!2x?wMa_PueCWB_yiV) z!jF8DKLR#q!2Dj<8i6)2QqzE*Qz6cxYL^CWxqS~JpvJ4fwwS&KJkS90S%2v+KQp=J z*#XO&p9AD^8inGc4PG!}u-Y&|+hfQd4{t?ki^G|FV2iQ~G`QN#Zv2SDv=hk(%#haw zh;<%c1eb3(|4Nz}j1L)wN{ z+ptO;RIQNZj%`^x%yRX= zi12VXl?QiHeGjV(w|PNUs9{f!Au8-OzjbaeLxqu`?Bu+rK9z>BfXHYYy=~}!tQH#B zk46CU!y&A;YU86xHX#fx$YxO1*>w%H`)F01l%GOfee)wus3qPs1V`R;Ck;zC6Nd+q z4$N*--Ijmd!ruaiQzecZ6$BZRaoyl^4%P^!D67Xq76*a?biVZD|ixnV#e zb6914@k3~d~_yoJ3rMSap zV^Lu7vf~xA=)M%p>T4{?Gz7^s*y6Nb)M=0AY?s=N)0i>L7|%aMIAbl1sk8DZiE4n@ zh3nLO%biJe#=90ge=fcTjW+P6D{;KsAl4=6m>u)8{rpj7jMHs2H7lNlWYq7WR{z#P zG~INvyZO@+(iyT!0|xdw2Gca+s|cx76F5(KIQ~eA{UuT6)G*B#d8G)b1JW00d{`uY zULhlo zK4;`)013ZK?{j`Ua_--j4X4wiD)@jvMiWnmO~RmTQh*vfoTy4s&My&50^*Jr7MBg$ z70Qk4h`V6{?0Iv9Vo-_9jF%!M?^FW<& zT|rq0fG>H^8bj>zsWaZpGW;C%gp$*x`gE(m?4yMn6N*RPh9H7z-UdHf=F5y|>9}Ky z6#owXUpg0=_PlSm&cE1;h|VG3*lhR;=m`@Q<&tLf07$6Gda*C!O7SOwUHqVBnc|{nvTWVD9FNzK+Q3cuP=M;hZn(atncOxPcrw zAAqx=o*xpn28(jZV~TL*h>!FVF z0CK+a7iDf$|0pa3nIk;Jo|#$Nqz@{yrzI<&J=Kb+_2hCDVACHONXxQ7NcTMsqx^Ob zN1Ra>R3?uNq=(rrfXSlKiH#+Emo!!~K^HR8!jdYWE!R)3vkE^@$kS61g(n;{;&$E| zJUABdhKA*75C5!}#_&=hPXINIh8Zhync_4t z#5800G_rQFLw@)|9~{h(Y7jHB-?LS9s>jWH3#gc97UW5pcy~Hfrx9#fR;f8d?^>ec z86BBwo^fo7b&Qeq!5PmgX1Q%3uvSQ)+Z|!OaE^Jd797>ZyvDqMUxUEwT8T!i-R}9F zx8LU@dl`AjcZ@O{V0oBUpJA5_8X!z-h*fVFwhe)*fYgzz1EOgP0D_B{FY)6*Fk{tn z>f)4hseUn9sr%&^t+8pycK#*C(wxM2UZFE$ctP3^5~Yy3*G?4W z%>C^o?7iQLY4YJ6n9EV^u2Stua)$F1&?dV~!SWQuviPocA>!S!%E_^q6T%3$$A;B2 zE3pfj8ThC{J{bTc;HefP7h3JK0m%Sx+pBWfy#LOQ+v#Q8i!uA{} z&6h>FI~Gn|&oX#96eX{oo)3%0P;KW@)yIUZhe(V{EAA%h6**ZiN`{%jBvT#&Fjqa! zKtK{UW+C39UGzc7gPSy*Rk1snMroedLIL#TFL7fQdvZrp>=CXS1>(rqJiv^C-w;ms z%F=r7MR1;rgyh&VTu6dI8r-H1B%^KN&Q4fK;ucM2!t?SvcpY}zDjnI2mS&^;56ICl zlnkk}RZ1O_t8OO;E!Cj|VIss8l3`z-zlp@up@%-S_iI<)ZllJ04fz6t1>2R+`24Fa zu8~wgWSk2BjH-DfmMqO7TS=Y+IQ+)%;q7zVnR-(Snj|?!w79mj>1D|Z=jQKUemLVc zKN8wnyelx5CRwwNELSmLv6=4VdQr3DIxPFGE&q=m!#vX*@Jp^UDz1k2G+Y5#Fxtb) zU`^=Y0Bjg&tD_D%EBtxtoz#x)I{fksS~5Y9sZ^yY)rr*SA>Eo3(O?!@gN*WRhEMWr zoAS>;PNWyhM-`T(meO6ane)A<@Mf)`@u2T-X;BXTVv_@}{|hzX7 zq)G-zdTTZ(M-{Y1a>3v*MyQxwRARtWqRBC$%be;+O^bXfkL50IYqO3$u7Q8=4h{Au z#ngvsx^b@q&8_qY=M?b@xw&rpWhqPmkOgkA(tTQHm( z;3WxtteZ0Pq#^KpiKl=iBWBHZivZ@ZhVp>|r8Tb|Uo>AM_Nzg?zKpm^E&jY!)EAfS zgWl1+TyujI^CY~jbMibdYS|NFxRVvQFY#=wnBN=dx*XuIj#aSP=&4#IU3Qo%i^yM+ zD9_QT#IW`&q63E0j3NAv08&L)7t8SZiRw)5nrhDaa#zi?BHj&7J*x8Ku#~sLeL=JQ zmHwQJQs}w@8EQEZI=n<5dCu-e@D!!bf>;1mU!v~DhFGbragtgI`_vgA`Hs-K&Hp?B zgo2&Th|LO*XCe0o;s2We*9&e~CN8c{%kOUd{SAm>x4&lBdY&k}Fiqd^z+O@B)p z6>A=ofHO|G9GV7s=>#p4uHQf~g?k#!>W%U)#nmny#&-+LI)>yd753G*F2(QafkT<#ff0G#&mdce3Wu&U z;aqoK=}etaFq&du(@;wq1IgYMZ#evm8Qd2mG_9x$8+zsoWr81Uj~y*!-k|OEVQ0bD z+c8I3IlzJ>2w8biYH0^LXvK?!<3%wqq<|uega!DK&nHUF>Q=HP$6)xC;%Oa{3}wm? zl9CqoE1S%k_sJH(R0Ybfas*S)F@b<`8iAdu0-WP=4}!>X_n}iU=+s=glK47i=PZt# zh)qr0JF;_={yZDk(xQq*LXT+A*a?crv*%^?(zyj1qmtQE1JZ$Pp|YCnzC{+Zl3(FD zAaEl;)zXDNF|$UfO|E+>Yj=CEvGe_q63p?T*zf&(-%o@Dp6`s4mW5;banG4ei;Vlz z)qM85bkc#*fO%>fNd$&36FFOEo@ymUP|+}cTo15GlOlG5!GOH3p5W-Spu|V6J02t+ z1?M-N^x;fP0XA!Zb1lr2(?>*azPf^|A#QCa5cwiGQ}=56F$#H)u}4 z0WSy_BS1C-UI6SkO!>qzoCPgB6l{`(+5}HT=F*}zu>u@0ao$qjUL{W4O15hFWfct3 zEsL8u2D!mER0Q?@7*(8JtV+}xZ~j&|%j1PwYb3T*0dFw{7q4Gs3zGf9@Odki3n7cr znSh~bEoe70ZkaH#<6`WY0UQb4$UZcbev@3GPo;Bl-F4O86ADZ=bd!1^Hd_|{uxWE z5%REj`+?pOZXCaIrMERLQaBB^CSBr*vo=Jj_-{3SSm5-2`T+KqbBm8-qfAts2(_UB zQ}sD0rJ!o-^97Q}7p9R@$DQ)HGuTl-pkq5kqjA*ucpczB=+zR2h3&-UoiJqdh6q-j zD>GHQF;!I?u6V%cQfBpGhn}oT8j#3aI_$J7Rz@qGW@%t&k@1MuhAUxu9muO4lw(ao z2tP47NT*HIDK0u|gwd{qmS~4sPQ57s!yhg%872EbIOMZ6a3C7T9myv8`t<#tP0GPF zVEFf)l2o$I)g&?PBbxQ4azyc{%W)yA&9Ld!2!S^i%O&-!_T6@_6QlJ`cBM>9LP%g{ zzG@7@8jMCl1x>q?Gz#rvx>~pzVjhpHMfpXV{(%&}KtvdNjeNQ!<##WYtUk(vnO~99 zwg?pLaDR!ksN{VkAm?(bSz2M1WMq1uf*;Y?!0lm~UMa6Wp0APe@_;KvPcBpTWpgyQ z#BC^X=Fq0xQV~fnHs@koEoy$QqmC7aVA5x)ylC3UB4uvKLvXJ&ch*B-$xCh$9#C_^ zTBK-_HtT;u;N(T24=>B0lessvuJ1?p1(*SC3#(CC6~3WkTcS<=t-BORFeU6BOZt+*tH zt+bRfwQ4eSs@j<*RY@F)Sg{wc?x#k{wnUFWnyDEnbX4KhV~R(~dU1aUd&%_Q6E?f< z-w3-r`7gpAV){QNY}n0ZVwl>rz_EWr*vgduAnZch|Cq2TTKg-*gJ4%F{-q6{qJ98$kBP%J-1bvnne;hVpJC~5 zP25%1k5|NahZ>^ZGpmh{iAVZoo#OpcBKbt$FZ7nLMe*u8Tlu352OS=<_Q)?(s2L>@ zRSJA1ro#A_s_-#s-&C+wkR||ammnwcY5*}YbYv})^ ziciM(L*`u7s;}Q}xmrTs_|je$@T%yXiSyPxd*P8!CJrN(E-_ob9o&$4`Ij=zwFQnB zGn`0wMOoRmd`LZtC@S9{m8JH>ARSpAdno~5xjnF8x0%!4{4R}I+LYFJw@g6(;Okbn zBe*Mw#C~BKgva?ca!VE>tBH6B`K zLodY#A`4%E>1ckD*@oK2%{Zv~qs0XVT&)#I+zf-BHPyl0Vp-#%fJq>7qcp9top!k8 zgb>jT_*8F-Z(d=e@DaFY*D~ahuh~!%pQ|^VMx&D+96z_!A9~U(Ie(mLKVGeGyR=?3 zWJ#w{RYIDmm}>Wmz976?oK;hCzG@+Ne#cp>q@)&IT}qFMD8;U6)IVIUY8E&SF4M}l zJjzu8zg-oq_~x+tLOeXPQ8P$?0b`QIO2)NjO}!r8Wifr<)%bh`V(CU+x0q&G6kb%z zLc&qaW4TstmwFjhlg5%K7+V(4f+Ore8%)gAI#)T$3zfy6N0O>WzAeRCRuSs!cCY>= zi*t1TSr((I#MGcFKy|TJ=xd08BLJk}+N~XK_wGp;&okH0*#AQqHyi#Xj0>5cgz)tDv$yd03OC2)@ME-6`wklUZmRyB+(imN^@7ivn9+5 z$hW$j+|9`3(Tv?q5X6qsJ(b6q ziYJE4fY8`LXQ{xa9JJco03rck$u_|`;R0A5%>w0TFH!SNm^^lX1|#@E!kXi&VyxDm z-!E|h1l_wCK;L(7Ie#A65eAZi`xmCFWV4X`@+ zu*U3uV*jLxz97{SiShtyN}DX@-$X)$ZwQt-U{1I8Pe0$esI z7^CqI!~>vU^fIMjlnh_}4aT{LN+=lPI@mhdXC$QBRqA4=FElW> zS`_LB<9E+UEtNWmfBhUyT}+-tD$*>`d0_8nd=Fd>b2It*TMS*%8R!f{#Sn?WD=<_I zg*;mDT;JZ18_#E(n-j>=B=4M(T)fDtiBj9PbK`y3X0ZFtF+XM`fh54&@E)rmwhd+^ z)63fNS?zvw;$Al&GJv5gEL0`@(m9FeR2@`xOEGXsF>*@bXiNg$D^-;# z9vF@gTBr?cs*&z12fu!u1OH)80Hx(8w$N8#6osa|BTFHHHgyJ_CEp443(Ul2)YU5d zzLMl8ldF0uVH^cvw5KA&j^YyZShH2fOA*LBWyZquwn9JH;A?stW|Q9NB6v>yGbkAz zOZFRai{oO0`W5!lXgS{>J5U#Erek<9 z)wEJqkv2r_-Cg>76}ucWs_%=$!{{Gzn7Dy{^hGI&wKR1#H0`MzaNr4Ju434LCE;H}P^zL)bTxW0bu42WFvyq*Z&&XT5=EK6n%N(R zwuK)V>e)7Z6dXmNXT!mPfkyX;PxV1Qej`Y^7I{kLS-NI&=@Kj*SPQmx!gVoRUs?g4 zr~CeEJrW<5fXvb(ZAm2M=O4iP;^liOuQt=4sR_liI#Y-1EeNo+>wnpk$t-*n_!~G@6+U~SGZE~(ZvSEI41=xI4i*D zmG7bExMD49o2?-(du-y4Pc`>e0kvq7GJdEoO*Et#akGLJYu_QjM@YS~G};B^N*^3N zn!-I&#@iHryB-W#gZ=OORPZp?;$}pHFh}E-EU|{R!E35T7C6A^BN=A(2BOwy5Ia=> zKYVJ!E~vHA2@vr+FoZ6`$%6c{Qp9S4b^_mXY~p>RB*u~;%(|Z7f;Glahfmj45nf*~ILaoHIHx1dm?seqE`xx zGY^T5OVZ{|Q5x{P8hqvJZ(L}8^rq$udfaxsnV;r3>)e}i7{tMw;}0g9ljv=%dJE0+ zX9i`x3poNGquM_#fN`61&Qf@W_HqJ$Ao!Avt%_8V+>Sll7!(pil!~nb(QsbTeJ%K2 z#MfDZk#t|*Le~EX$5kEwrUtYtwC;8FU|QLw3!6}vj+IrUtt@EHUeWn{f$%hds(G7@ z>*m^mmrskIZugG3zNpv2*n~dWP@g{ewID*q22hSjWv{7RcF#2(#;J9GeL+)_ge7NaNGp8)m@cg5{%j1Y!PH^!r5DM zVCobO>hIVeg(p}HsoGiLKDM39P^XsH{V>Tm0!9>frF{C;mgMXD9gChxseU{oG@6iw zC)Ifg?vK*(#i=bFhq9}FYm%gEZs=oj&GE0zpSuc~ZVua6P^m)&iNp0{*T*RtSkgM~ ze^Xmp008AG8>)C<-bcMj?wdJApd1rD+>`e-xIX0X16N$XNsB8o;+Lq1tF90H z38h)UokI9SNyrbNy<>`qctxiy92fm1+hlJ3dsvL2E@;sS{+FtgeV<#4QY9Xap-hel z)7dpCe-A53BXNidrhMxa`kzdpT4iq$E=Eti>q2Q7UUcT4;smrUJ`aV2{*kE9qHx4z z@wup+%0QMqQpFDexXvzA$L=OBoS(H&nUn{fQBAX&8X=qPG=Zs;P-Gw7Pe>c#BB9P8 zsn8>|{>0(V?%-4m+}7Y^Fxh^RKw<+?d+LAzq7M4LA}Hemp!qemMIiiPgxU@#OJh3e zxXM}g% z;aMe%%f z_0HW{V9y__{T&h1zE7Cvs|Zb)?>}OZEF_2EN<$<-QKl9_6V!_O$7V5dqAGA9IyhBC zkKepYt(5R~`S!|}&(a(`{wB0W^O>?yFY9R%T^z7osfY$MXOqVHtb#ICr16CvjNl&A zifPg~&;xS~Mg~?>>CzL6;G!B8p-=p68UQ5!o)AO;z*yUX5$aC9sghnlRrrxLSBa>; zF09PWhLd(oAm35ahHQ;WhS#aE#d2nsbI7VuxA8>5_I-q%3rgF~dxWu)K!{cIGNB{A@&ku0Gt}+k$QAfk# zETZzmHnoJ*nCX4SE_2D8HsvE?57|_g{>t4t{%2v%_;(ghd|j7ZZ`=|acP0VRAFz9t z-=0~L>Is7{&FuF{lQ2Wq)qgp*Rqev9CP@&y!uYxwtMX=+bZqg~Xqtl35&G_Db4kV? z!JtmipjKXD0N~j}`InUFpm|l6Vlsv_Ob#EH2ksB6Uj9I{ zMR?^n0?C37c`8z$#3FhkJ`U>0AQTIOfyllf;oMD$#$PJX=_r-g?sy8qa?cBmsos1C zZw=1>!ahSP));96o%Sg^C_+cD#T8Y~cjj(^mb4DC=ElsUt8veD@~#Fod>Y{$rX%7C z?;q076szvely}#Sb24`WR1tx~PsDx{y4e49bOkxUrdg>oS^Ms+N6`o2hO{qCl|sjdgZ!yiBzV-Lw*08!N@l80xC^(FHK=bkp zK7tKJ-c?O2VgE00vFvhZ!Mpyrljz19n)=X$^94~O-)%S1fPtQT7Y20O;W!U;rr`^p znG!Ar#u2vLCfeLgj?^aiSV&~noWi5=bj|x`EDOWoUO-|q6-K9M(`p&Op=vz|;V8-n zhH1iLc?iV#-q7d={4d$hY>#cVcs?lN@+tfw{6r%*PDxWi6(t3u!jVE4Nzup__gWXb zy8;QnncHhOD-&fj>vyr6`0QcVngf5s5$ZIWd*ZAFg|8@)3gcB}(ddi`rnmfHAp8g| zb?-JTmTPdcvfu|LGW7?#u-Mye!7?;BWVgpD7*?a(P)Y?>C1$U2#>;jbxZGcf64Bl$53D??>%i*ix3WW)zpX~>=2yeOp`hYvXeul-X9X>G zDQp^52ZM5_rO}yPdH-l@N~@;`Xtv?+MkC=`9GDs1!rg(BmzSKAmxRsJvV4`bE>YcZ zmYdt*pKD!}nBkr$qtWFZ2|*t#7RndrtT_Z6v8GuwGh%$jJ66e-R8TuyPORN@pzU;} z+`@Tvl+CiHZv49Qq)k+QDYXu{Um#q88?GY{wEm6KRXR$J){Z+P)*lChLNwz3wE+HK z%!2SvrEcjoeU}_m8pmhef2*lb9%Jov^*k!Hn%%I{LEIL4my_o_>+C?w6 z3nP>*fJD}ZIZ&~gYHv3d_e!wssUel0*jHRv(Nk%i+uZ}2q=3XVWlYjE4_qQgTtp}2eCiHoznS^qS zlRo@-%UrSD(bjhq!|)ormic$Ny%$ke7v2(&h@S+Gr(n9JeY8+_gJuue16}=(_sE4< z7YAEL`QgAu-O4(D(b7-PWK?&98^0|fg>Py0e48#bNbA(!+3(D7d^Z<^)NVmEg0Cq}H&MuR^)^=&Bw# zVUgnP$T>Z-%leQvw}SyMCm9JzgpxCX*&C;HyGGdn%4*8>#>jHA4{~rS?{m2M9@i6P z;fl%045IKFE&H3qDyz-B35=ESC{4}>5JorQ5vz#$F~?~L5lzdTqj8qonu_&Wi7Mn7 z_mQjKfT`csn6GYyG8MMbN@}4=P1BZwnHU^3+D`IbW4`DQeUDY>zNIOcsHi69p)7eX zY*yO0i=h2s2!v2vnR%4}1`5L5Vk)F6W_$N*4GPtwlxnvQO|w-*)7C0@H&1xx;kBJ4 zGr+oN(#;tLeYP#|71xNX)?AU%4&9qLv156UrMrFM?YM9k9cK`g+_V!QnM_jvhNZ5z z_Aik#8%4*%i^Ao$3Z&DLEzay^^yna*Z<(v4*f@#qm0w^+0SOcqn)dmoVJSKe`hCET4Jvr9rFfgttgFGa0tuDby zQX8zuRHk&Aqb5#bC`4k+o0UJKawVcTdvjsip1$=(*(~4hD-Gh_a8Z&lA@tqY1s_*y zV)Li|>ug}+cIUZR_R@&>$>DlUI>nF!lgfn-80NdD%C z^gYBl4B!Svp%&+vO`Li;R(HAExwbp_{`f$@7Rw#cjfoOHr@#yKNTl5jKM>4`7e~A> z-uJ`Z?PtBX?1}?fzu4JIKwzQR^_$U1~%Rjz#wald~dSHhdD0+%Y2G^J9H6_=tnQw)oA0*$LBy3 zDcDMzkMgC3vOfaJOaxzszK{#6TEL8~59=gdQJBU+fNFqTtBVvi64O9%>?TkwSHhBy za1-PvyOlrXGNR1xz+X#(F3Dd?U#F5EoKUoUt5DvIfCLmNy`XfhhpF32R|*S+8D*-| zX>)1YafHPo%%Nq9n45LxZxJ-su^ScQe%cDxF=qC+N9fLaN82VmATbrY zJzn}>;ci&Vy7wb49NulYl6H62AeW_s>!ip88nPG6t#bY$jBaISJ5b-ep!`IMe2C$l z9vDA}DVCo2`1GS&0Dk*TjRe-_M*(=#(6BBEtTU`oL3mRFdFX~}O08b#rfcsAimo;2 z-@?!xp_^}c?RXU;h)y;>DsB)#f$mcxfn{Xt5w7HkJTSWgZQT&sx-<^-U~A}y@Scy9 z$X~siC9oU|4>85sGU5f{w@-|Rj<86B&*hJ0oaVe%XuLg?<7r zKb^M+@<69Pv=9GwXdg|`?nR+TC_J@~5(qt`Mi1}&u}wiCm9ZF^Fr;;8NA@{GqBomz z=+G}{ITCW9rv&Y$V3`sbt^<0(UOel7yJ1n(#jb1US-|B$o8O0S^LpB=P9NGd^joIR zFIb_vW8hP)&=qLc8^an8O@x>wiW* zO1doy{$v`u%jtO@AAxy;^FDa1=-#~4Q---6g#7K2MODIsVA$_)^x7e@9&AG**qEC& zu|0MN6Ygbs#XvMU`|H%5m(S~Kq}cwWuv?t@LwdZUrZ>!2Js6%u{rzH@Ab8KpE=k*! zEz7>Lk5bn)0`Brx@)paCC6gaKzlKD-N|=%t1*aas89%ey{PHt0nGSwdw6y2e&U3W@ ze(h_$;=%(1kw6{x)xtnd4!kr{a6MijnhqdhkcG~~fiAz}ghf*h!Fl0Kt+Xiv^QAu4 zB(;4gAwx#_UNS$B@B83&Y*2u<`&9jx_R93ZH_r&rW}2TDJ)E<q&kz7M(5>nn@4 zfODwsjPX1Uvu;R1AA zevf@rLHubwYJnvxgcWVm%13cqKJGc=gFwe?;>dI7??$Lg%=|XFTi#SxlQ4}Eh28`_ z$;mfIYTEg7&y>QStSPIJDv98yO)(I!r9f7sZVaBv?&6;wgV2c-;Cm65u!}a1cP|__ zP&Jl4p3v0?)goHQaAF#{z>DOXxLc?d(@FC_#s7~rWpGKB{~fbVC<6Ve3@S(9ci}d} zOpwWO`KUoXNFL!7`F<)tC`|n7Ds*MX$SgDgde^){SBPv#9&5yK@90Dw6MRPoUsLq+ z)~S$`8?=0@I={yy)FGqk#ahM^6hH^P`unT_Fm&303Mmzg7rQ>bA_=@5(qN}|dd@=l z!bs|tlvkt$5IuxF@MJ6W8aq%YIp3W@W_5gUc%`i$WtJZ*Lk14=4}fqPAtZR1Y)JjJ zW5Qu;#Lnp;To;{45KXcM%-fLio9J}LbMO8-zVxC%_$W8U>$mCo&dxgsXd!L}IEoSA z-u`JelzYS#TF_1D$NxswTZOe5wcWa-lVe#rg6yv<1gT<| zjtJ=AShI>57+6{Hy^npv_R|BOh74f zC8QdJc<{edS^Ao~g|-(d0x>y3+u)*QiwShWXdID6(#!318!sjw^$=CAfR7_L|hvqz#ZTe$!|$@c`UAh}e_Re9o3srn_zUH@_1c`A<{f z-}oF(xo=ZAwvmafA^J1R;1hrQ`VsFDWRGYe+-m#t!mxKEW^gL(0Oj-Nm{bG<1zrYa zG%Vbh@QV;Edv~-LgvwV+An$6jHT>09)me|s?@1plkq1+y!TTtyR7s7Fy5M< zME(UdH9YYY$ds@m*QoJSR$uvnoi4IY%)PX`=php^k@E8-1?y2FtTKy1R(?^2#0u)@+^t#+9| z9(yY}cpxl{gwh!AF)M?W%N?#TkIM=-dw*4KNwr|{$-;BRn}jYZi018ov%KY(AEHs2 zssAU-qd85Wnez3(4F-F*)yAJ1N87a2jNaB3;~lP1q1@O+dis9eXfeFq!FYa`^0-zC z-mH4_F=_Cu=iMV<2{)zlg+nu$Nyr6`ws$*c=yzbmFD*h8<7Vy~n%MH{zmcDjzi)h2 z-{6IdPHr4Cnp%H)GMovTxo9Irno~tT9E!O0qDlY2!R-_4+SJ#A{M#R^R#u+xz+wt!cDr zA1+4?lnd*4x+HB&J@w>Ga)O&3|2l5;@0-7qW_gA^+v)de~J45!3*8!9Zl_|Gb6&2mC{dKt-Sm`VwbNCdvKZ{4RwBFYeF6{8X2e z4Qc3z^B2DwvBS0hap#xopGC>6>{T*RP1%tJzZZSQ8u{Pmyud^K)tpPN{FyyPau3TD zQSS;+uEp&Ce-Jvh%{QqQZ={)qCIPn+1*qUX*M{!L0gzBOd5@#Bg89d{EC_RGZy6EN zFoOC&!Da>`HZ zz{&Dz$#Gc@D!LZm7G-{3WCrSw9xYVxDx_*y|KfC){TBVpmATAHEEa4A-4XsnmiiU( z;KwUEH}s<~8c)GE^uL}wr(a=w9WxJCY25-&Blr8;05s)evQW`rp{*VTMZ?f!rm;{a zw&fFtPb4VlC_O?d6!P`6tZ<5sUDsU>`U;!eOk+v^8=C|EZ*K0VC=P2TasY8~x04WA z^Tk@n@jM^FXETlK#M{=#E+RN4?a$e(q;1$2ca9qLU3La@Gb@T(|37pt>Hq<4Kpgpv zs33a_qo@M=u8#NzGYmO1ngTX{(!a!UV5V?pGN!*PJV{7FaO^||Jllk`D8qvFo8MRh zeYfGCrwqRT{g1cazzMKw)D42Of&d3UP>Ewc%FyKsIksI`XSagtSEMe zyUA>e>=+$d!F~MjpD|(5UNkj-A`rScVU?4JH8w@q4?2-4CU(hwjh=$b&78G|?&?C? zf}c}WwP7ie7olU>Ft|O(_y5P9u1={+|MNx28t=CG#Jm5qfPfmXf_v9;m(8lSmWh!5 zk(+S)gMbgAd*C}?1QJQKrg@$B4=Pp@SmYD_94ix_s5Xq=c>~&p5uhFS7oeS3CP= z7+GC%bKpKi=#_+#bXnX)@LUb@YJK`7p;VuYdpB;So(A+mzN%)PF%eVNv zuQm*KQ5HT;5~XtoyJoRb@dhI2`|I zT1xLxH^`>>SA{A3F?^1(}agZ_YIE(g>8a$xVb@^jz1@wAH?rg_sjv%keqFXk_lR z%FsqNsH|B5l^^a#oCtn+|2+V`i5?Mlzx_(~{eALBthJbH>0ICKpr6cbPSJBo(j1?* zE>W4;==9s9Y!c^5xI6E6!d_pZPBY3eIQT&8Mw7<2cJeSTQ{+xj<-1jD=Is zduTRLb;w9jEO=V%#azM!L;w9Y`KsD*5y}iW80s9Jy+zz`vte|=;~$C-7&(R8>uoP1 z4%GVj&}K$aw!+u2vBA7h^mZu0(G;(5de;Tz)n^tV%%$r9Y^v2xNBt z+z^=X*LwM@;b^ar*+<0>pDsNYoa|*sMSni9zd`)NY}+-#owx<(GuM2gWvWG3m4{EC zf#i&bpidw~IlbgU;h)HxYl>(@W1T%lxPfj~r1vj>L?Pp!bX>MqY5&I{njgU|?)6^) z=Y|~XRBx`Tk@q}Bvp7XF$}xa zZz@!im^B714a%qAe=zv{VUE#*SkX)x2s?`4AK5mBPEvw@X{%vCCNA?PXruv+r)ax-FJanC-IPR$%)~b zI!WE&44!{?Aa`8_Wugn7=xuQM!$)>+e(goRUr=*ESJcOx!)Pm@u1ck@i>AIW3baQ0 z+_rLi$n}|UCHjf`%o^v;pZg6dNVp-M1(hMW=5wb1_TXDwTu>X6o3PDAxb(kV;H1rt zAmP^~5{6w>&vb$v0;U94|~ zO*WITp>ET*e}hP3j|0C@U>6f#H<0D_sqBp}-mf{$V$etN?Y#M|fs{|57qm!6%%1Ed z9Ij>3A40<8!&s+C6@J9>b$?-sCHgYS5X(1jrcjDA+|=LXfTc%7cKE7CX7%{H@Z#<0kBCg1>P?LV9a1fXbD)=&P4?d_Gj_O9gSIjiOGN;JDVcf0 zuX_U;6S4*Pw`(F=#vLEXNq$2*Khn^7# zb=!*+tI9v|RDuy&(@R(rjOjj1-@?CXuW(!2{nXYLWAC-QyZGqMe^%aUYPQPPzjF-u5T-SnHIk(Ge5G#=dp4IZa-fFZRMrB^OD4?GUTYU^oV3%< zjCf11!`(tdfT6JaHi>9?rcgf1@9wnm7AD~P=yD3{^nhGG?Za+QmXjFuePF8*N$dPi zjfE2(PiM=8uy2`hUamH^Dx*8=nQ>2ABrCD3wL;Ia2g^;{b$~r~=XpqRqL2Z5ROAb6 z_2`MLPros2z}^;;9bslTq1D~cu2YW7qMz6Ccm*d0UFiWjeK z{Qy?Q?z${FP=xGSM7ie96j~2&!@YRNU<9!CvORu#Hz1Z(<+V%S(s*<{&o>gG3ry=fssV}$)wW1$r z`OJH)(J3F3c9XpOF-l=0B)7c~x<8T+Eat*_dM0_mUeB~q!H>HQaOLf#;yT}7A>P=D z8hcL+HeFof9F3sLiZ$p$#BqXv_9QVQ^<$&?`(1>LPd>jm zn_iWc0z;ol@!vGnR_}7e0{A`%=O>UF?oW~mSGX791i#p;VB5jgxK1p-bsQtm;YClU z{zT(V#-jN+RdY^#zUD^V0bK`RDvx=uIV_OO554QpYM^zaRBUkasieQ0TYmojgOynZ z9E-yvg?d$PtfnddtnzhafIh@4E!d_(IGNBt?e81w;{fC< z5d|}v2geW1s|ip8v$ME;5!b@sSF;JtSCGrc87H2!evK?&p7T+hnO*c`#H-#|sTwgt z%BfjD<)B{9OOaNQAe?(E3J06)W=CyPif#zT9R* zY(^wLtYZ}v^H$VviY`169N~OO0|Sj^C_*58F>VYfhzIvIp2r7tvA88`~B8w%bt#T?#s=~AZ@?RRnYEf6@Z{m z2diGG(`4;LLCW=hNFY+N$@mke3XF1>&s2N3{Pi9oLBEuH^e24394TrhVrF&gqAcLB zo24!-)*_miEZWUfpDL_W)b*~`^~R)CwmL5c=Izzh>u4cxj-0LuWUsE&mjz=Z;c3{a z&^j{in_;t9GBL*2(P^5e1GT2b{ zpKA8`qa=8^-e7ZZ=51)pd{_DLV!9upFz3>o)iTq@Gv0VDzCK%VbU08TPFu8EaK_Gd zUJxDUK`z4f+;m2!-H@r!k0VdzGJHzShY=gQWbf--T5gpdY4Kr}KB+Fv-MADTv)qs~<~G z)-Jm=LOhA$UAW?6n~jfr5~oY<+`-AM+u>P4X2i-SRUj_#M+~(yD0HSw+_gpmtC1yiP@? znja@VL-cYwe1t>D&M``EQ3|)a{u>8KExdm)wq3|uRfcYNvvvNpJAy+v;p`e~D|fKV zUw9ri2r;9*soqvxhV<7*qpPY(@}+!wX3{qSdZRUyTHRZ*uE2;YKOcX`_oyUgAgC>? zd5g4`;;27WitvFp%JGp5SfFR7~$5q|RhlXun58^h&U8)=J%T9io=iqXU zicx2CpP~kxg{EA~E~oX|S*Qx1W?sMPyikVN)=7&db|OaW`@OhW{OVZ5?CGX)M#sqN z)dZ2#bkX5bCz~~F%?|X|LaL|uxG?lPu!$y+;OX4)#I4X?bN>3sW}gz$&*lw`64Eh@ zbH|8`4L1M1cZ-B6^z0qE)-Db_q)-=5(beU0Ec;Z8WQg-CuybRV5}mPll~3A?Uk5$k zN$e6?hk_wRF7^Xm=Y#;>a*OoF)EQOUoH;I&*u2%|(se(-<*kXLn)@%$?Q;W7 z8)5KN@gb}V#sWSyRS)NSvI3ZT=vWI_Cu*#$&%o4K4nnDy5!503yVj=$WVMT8taGqt zojq!VWv}9R5@|i(vW>b$v9C+BZ>_remPzD?YKk6}&;=58_<^%pcSAt!(GmJ%si9dX z0{w(Zpd6PDnOJ8j^Rrivp4>5=V#K^=&TDh!=}VWJ+fcI2aRkX zsd2f=O=(tRWUt$2tYz5@y05^O&RF^P`eZ`nA!{Ow{|UP51>J9)=sdj?IJU4xOcuGB zoWNY&G{1mw zZw4yke1%&;#mc@W{B;d+et6^Bsa|z&#HFsdQ1yZn(mZ-oL*l!uZzHX;<}=Rr+$Z3z zlwu-Rq5TENtq`r}V%T?>8%!dlgtnM!Ysxb*ZsjV+VJBv$UjRq{$Wz&ymDkG#hazKW zpRrTge8$x5QrxK#FT-4g-#SZuVMIEfK{^e!C*%moPUIse3o zj7gXwI+!Pa`O)5*i0F?g=+b6FLk(J|mtJm$cTKVr25Pc3j*bvW;_qbf_6rD|MoE|< zDvBG{2{vh8E3(dwK*8H~+w(8+Db^OR!I$E8z6@|6>kNMmWJ^xX4V^k%< zi{S-`&7Y~~SKb{**PqZg=P`SDUP5bo*Pu-bp;#6ootgFOajzKN%Z-q?e~!kKQbYgUFhxM>W!2= zUa|qYtwF2V$gnpaOm$qqj9<@j3pYq9jIxofs?OeDEvStI-(kXfQndsX}!d8UcsP|F3NqG zvw`rsw{K2dfBWlgm2ZkWnXhbu+%r}uR#EG-YZ7r|I;THSD4bBBF3GB}ta6rsFj8t= zaJ}zpK!vPG2BMPs;C1=1($@CaN;J6_YAZ>Nr&A;da?da>&9n0~wne%n2Et28A{t4; z$nW|^Sx#>==0em3;z2e{ONEj-(~_7dXg*dikhz$sJd!c=-N)*iK_V4cy>A>f*Y%xU z{2bLkp8hsI^JNQxT0f3@Ht4T4Gv=sZW*Dg( ziQ))3B2)h6)>cpm8Q{^DC2w8Rf3DHq^lqPgUI;1O7WB~_8#RU$%FfKshy56P_S$#t ziP(COdFoC??$ZEnBL(H<;7b>kgiAU&mJ9j<3BoG?lW4yJwII;G}>Pi_?q9Lmvye{SZ}Sp z(<#9J*0W)iroKmBMy6$1f>fdbx=(08PNzE?-ndXEc$^4Sp;AW%mvptQ*g`cutsvc( z`VZyG+(;^MA!cX5*RtoyX{owrV=R+?#m`au3)PB5dJ={u7>6NGk*Tfv-(%ahW9Q&@ z67B6FPpO-&=BFxP>QVWG!6yN51(>twCAK_G$*a8ccW8?f#}a%(OFx>*5!?~#qp~3} zY=-~ozIGpB98){VZ5J&ieT`GKam0Wv>gKse-iGUNZl41PI?oKbvnEVoDd3F&>-#xQ ztGVH_H3SOWFl&c>n(jzCpjS^A*O#h%)hE&FYQV5QWG7lq&2KT+%x>gRHq$L`g0^Fx z$=6oh_F-j9{wpFg%1oSA?fkA1i>27S{G38uQ2&m!v^TSR+I^QV_V`TlR7a|^YuRoHd6GmXgeU!gcl-Xl` z60$9t@2Pn?)f2sj;mEq8!sJ$j!<+rBxzs?UT|qE2MN_R>g$agf7&{&VgX}GR4!`4W)a{n5*L(&$G{vv+dl+qU?F8#PhJg`MLvEzH>Fyn1#>4BMg^$kRB`;6l0sPg#}EuBFa##aq50qB^Pea%*F&`V5|ttk31o z9JaL{(aEN`Ieg%er!k3i?~8LYkzfUHHDx9(LVtY{fUK3flPrH=e=!!S8eRJirM(W^Exr6CG z#TDPk_Ya!W!rKt&vF%?N2HUmrJksRT0}KpA;4pH4VCS7L9osPORIocxBMlV~CxOzT zH1cBFFc5?Fy)YhrUMDi_)KpcW(V=kaFXtUSJNN68EW4*MQf9<1%^OVUKNg z$u2W!kLtUr#aFab*G6tbPi_9iDOj4yr>)lNqCZpOOKsQdo>lhf2p#Gi1YRXgj02B` zbpImqtkI;;%l@_1(>1)4=efE8Z8l@0fIdtnpscZQjmM*a+|_u(KbZGbC82)sbqg3E z3JP#fHzrI7Sjcy@+_v{T6TI2D6j4<@q`9ju6ko7PStZhrZLF}9zxFDoOE?{?RZHv~ z;Z)mXLJIJFNMZ7-+x6hmiELEBPzOdKcEx8AxT6(_xhj=>v-{Co^$q*e3+_oC;}$x! zmsYT*mX2lVww6SrF)txZV;zdhHK$0PBCx8LqxT$_)J+}gR4MV;?^2Um@}r8&j@G>C zEor$e%hN-v-B~Sj@Avaa>)0$8kjqyIVqeL?z@IqZWhI-)6tVDQ#6Dgi9WclG5Os9X z3v+F(m?Jidm}6jsP0WSFWHAUpZ|_D)0Pnlo$C+Km#K_U(yG&u;q(xYsP_6=61`2-;H;1(vZdrDe<960kJJ8P8uJw>ACGdfXxtu z;`_LPl02w}?e*7pK_Bv4vqbgsR?4Rw>hSQKyU9$B@$_WBue`<6$!M001#4F2nc4MWj70ZxqUi&uFRjB0FoSjP!VMZ zxdz4--e!`r1Q$gcmwj7#ulP#c9kZjG`AO!G{+ick@J{+PtF~5QzAT@m<+^*CzL@wp zVr&23FP%gH!OYj~(_xJIZ3mYER+jaBKn48VtRf)sXp%#9xA^A%Sdy`G*#{Dyft8;m zs-~pea_u=#GQCn=q_e-k@GzkXck$;Lc<^b5!rUja+##=LN$N=_C$c@|Lg9RbEBoKG zO#4QOHhYy1I%`gDi~9|W+avQ$TQ4->vtOcY>1_~p1f=1cL@r@q@t5=SPVc2TSaCiP zCUBtbS-FMpp#8K}{MMZbKSKk-j^{8+dfAQ8OM-?%zM1F`j1Ft#(-7?SoH*|Ey{q{P zt7mP4PP}eyAagOPJa%jESb3z+i+k%Vr;Ztd?(8k0A|Klv9-vl2%huS~S`t2fdR`ai zA7|1(fhMHvX-+C6p3wsDSEZ!)~Z(k{`F3q%gfn z5Ux85<@L*+V3`1{?Fu$G4eC5RhV0i`6l|yPUp-&d+COgpl;8gM&pYPU!Md(adc9@5AGW}cFXs<4=iJW|T1)C%s?5=S$H)*batvR$Td6k1ZWRw;Pu~cW zvj1E@5L09qo;h}@Q(3-mq67N5kiB^p&3uXuO9boQohAjDNX*~&u2MQ?9}KP^f56mZ zRq6SgjZ6I_+-y@pMkU9OljlkNd0+IH^JVkd=RXr!2KL5g0RxiPtuHZ|T=^i^oY@DJ z$Ia$^X1)myh<-Z1VJ6QLD+Ey9EEEp6?||eSx?n$gF^qB8_Uv4w+1KD5AU~O~6Zj=t z;k_@uXM;@&bTD{n>p^!EK%VN}n_KVrwC$0vsAD&nhBfO2}!rKLs9dS{42}`mk zV^bDpvmX6r#yYP>!#Kmve6Fmk=R3cp9K|z8RGD{xA___FCO~V^eE@H2m^Yr)m8U1p zL$6NSWpDLQ)#OLBUp=o=Q_SPk=|MEtah_%4Z0pGJWU_n*gFR^D3+RqXy2E0`_;;c* zyXEM$Dq$8TAs5z`XQCz7bkLB8?<5MalS1m@Z7>rxW2!QCD-SK^?g!=hHua0RI zRmi-u+HXavPjAK<9*$@s10?dI!~&ZL9hv(&jRVqVj=j_;?Vk0E??+v+0z9jCpNwqx zDQg`d$t2+%m3^%EB|fVr$+npe)&8>q=>z^FNgQczl)^XvB8KIj%+=kpkn!?jlZSXH z^FHPr%vY%o0Ft$wb767HkmC@aj`2lv=FegHqkU&}QT`Zej$1KQox{_OAdX5Y$Fcsb`z@O!8o1v}tL+ShMVpbUSW)L; zo2_WIRaF-E6__s5TMeX7ls$NO+%wG8~k~tyMW1InT!m23eyGTp$t>9L2OsohpCg`#>X$-h}XR_ z5lLBD8T29nu_S-0UqZm_3sRNncPo)L&KFZM>MT%`yCL-V;|o`lX$SN3D;%(FZ4m=Yu7h3ng6Ck#$F;~8e4aoDZn zzMtCgp;0c6yE-NDvWXt8MncUh&Q8uZi|1&pRgqAJ)wUc)G(N7^MhW~W&RTL_e74>l zN+{-vRbqr7SZRF3=moveBcUySad=Ks6s!mEGl843q`Rrnb+)+ca}4jFi=6~Y5#aHU zjS_<<#Z{Vk3HWgQ)e`CqeMr87e0?+!)r0Te@67~vYRks_s|akVb5hPCI7TvaI~oui ztzukF=MYOXKOV~Z)L$N+d`Lk=q{x_6STUh(EJG(h8#ie4`O1-a*7M7+7I#W%RI(Pp zt8qH{hOq*siekqM)8u8H9%!p}&<8sb`3Mj!>Ud1e(v>9-Iamyu=D*N^iY_E_x2_lK zY5N5ay`3YEpNcp;mB{!QYs`h17%_k1A?+^bx*4!bS@363%Of~D?n}p>T1vN3cH6Y* z`a&Jt_Ii-?SffmHK+5}!|#w!YJ8|_GR|Huwx4xC zX0|`Xg3T{IrN>omQ-@EK!*vGME*oT^lkKG@RV1L`eXa6SJ1{6SpS0NZM#I!USg@05G#Leow+@t+1TD0hFuIJOA(W0c6B*sVi3DDTyWiVf@RlCf2eH>-vnHZ)y z5yEZn)<|1cDnY}2W!rQVmz1w_eUw=?h_FD-kD7~>1tX|ir^vEwUqs;H5t6gL|59i! zKqH@8$pEMx7f=&BKXf9&7+xn0ZTH)pQV#;!dr zrJ2yxJy=56G3;m_2LJYWkR_?F(odKgffw4vRO^Imuo&B0yl5{8$A3SW7f;>%&Q7Kg zDaw+=A++j~?)W;Y|I}ksVi{lbES18LIROezs|QRJ>XSq)(=6B~Ye)Sv9*d-FjLe zI1PbDHOChzP&u~_!yu&(+X9*KcaP(j`+nTbhY_7YOK8}wJ7=CSfy^=ilW&ZQDXO!V z(_02?kNLMOwW0#r1I2NMpqCV4{Z}afOxdBuj>)8azYrmlFq2j56ACLh&syBYFN#eW z(3O9YXsGdZCb=2wJC4GmZ5i!kjXG=a`NrdrbQ8*Q%ZA@C7$y@N7T8`xkA3jqF8;Ip z#F&e)pueH6Hj!tPMIPfuFp=_}z9*ycF%3yLK#(FS zZjXQ0b|?!wu|JG6Ng$bqF5;VF7aFD)@d%{m=Qr9*>1WdLg`K2nQ;+(MQdRNV`Z|`^ zaOwZ7TR5-01dT^VnnM-7&>4bNt_va%Px`^{Gl2wm^k{Fh$oBrCa4O)dVVk7xJ%kPbChA`ST`6pt; z;i`u&SyBJd3EC&?7Lii)wKksNVPpB!M?nd##^?)qVpuv&#_&|1co7OMJfpzFAuk5c5cbvzcn+Bsn}8+Dv@2;7x+RpZLYUSu9~F-~vAzXf1TC?~aQgV4^a=V>dufoKv)K|%(ndeII!bHlKn2=cu``+R zbI$2eXcrdj`)qMnLmCc%ma1V!LK&}|>7b~W<9@Zq^S0_rA7gCCtMhy-`CSB;KOJge zYmbeWv@z4Ma`RR?fgU=1 zx1d*JaYEs1iuh00F0sat%VX5VJ_&>>;I0DRwnWr7P$8_f9Y?R!b4ZFXCsKPk2_5QN zDkQfl-vD1;@Aw#|81`$V4u|wOReLp$V{N=DE!=VE(RCIWST;M?)J}%>(0MTR^xMzT zT%AMdJ^6~mcbf8it?i?a>s#i_r!_p~ZITDx%+xMVz+A-ENHu?CTZ*QUq>I84DIZJ< z!LpLh)Jt6I_QTcMh#>J@5L>{psMfg?W~!JjHLIeAjK<~#C_S}09l3bilu3V%fGF=p zn{6Wh*F#d$0l{eS=<2OYz}z=xyb>l|m3RK-D8E-HdfC#1JzT+-6|Cjn)P6Bec(2y2_K?8b+JGs};_V$KPO*M<%67jHwfyI= zGWi|kF7r;`j!qS9;trkLdTQT#iaBlf8y~7ko;>H+n?Z9$_pHs9Qirdb`lGhv%=~9f zNzh!_!to=+{r7#nCo?F=l~MOx7_(MZb7qPq&_{u_iz}`z6-@;i;U8JmbR9HJv=Iz6!fX9+v5P5ElMYd+$tghEcP-gpG!^1Zj+_~ zHlFJU(r~cLpCZyf=HOd8&~8mZ`$0c>BG_Hk6!5>xw5*$uzq zgvvXfPX50BWm{~f*tO|C8=V<%qUJBCLV9!v)quqZxRJ0l(ihuSt@jaZV|Q z)p*hPH_jbRYxbVoTAVLOqep>T002JKKdW9KVVq77 z`O0F7`}^wq_Y`s1Q|~%I^!8|bf<#aM`F6DQE@?r%QcoZHFhv1LP7`8(>+`t$ zDk8W69&VzW?tZ7`7OyfQz++F0YfarLWMV6~%iTQ9(3+hzIVDqM3P85rB%NR>wtTI! z?v_c1!A*Wlyf0#pUmn9m{HpYfcqh)9j$wZi_JXZ9BRgknKG!{L+&N2y;n|e_zV|pm1>086Ex8W+pZ|@p@y~5=sZxuNl~DaskXE%E zKb(AEir@D<9q~NM3LpkA^t{P8{P;zM%Bc7+vpKfq=ipoqTl1fTba}l0KGOC{!oU0J z`Hkhht#sD+%I{H*ce(CxA*XO}^#YomF7@ka2NutS&S}Y`vj;GSh*I(?Ec#WMKY}k( zb9>oR#1w;P{va#b^v)99G2h3*_0=$sC!G;Zyqc3p-BM)1nmXX84qS7w1Pso=0_02iC^;GTfZxp366};@>hAev?eB z-Qq*gMb=}J#XP>h;mHm)X#dON>30^(F^C}XC?QirJ0kRTBaqU$Hpi6w6HPk40*9~< z%{1fTmw)`FGQxqkpLt>5Fg>YH+lm&VHl8YoBk171|~Xae`v=P5-$%#3?Z zqkd#$bIGFCVd=uL85}x-hp~6_-F%$;9wk$lM+tN`lD%JnP-VkC+EUwhVab(b$+~)k z0pNTR$tltrE&M&dXPG}m9=&>q1s0mri1B7{XEcvcQbd(~^P?CuG6SnSol8Z#_UX55 z7=%jVc6pH6^EeiTJ?e+XRfjQ&!t@&NPLW?zD2H zWJCz%$h3s3N$vRFg{U2)MH(Qa%LIg4;`T?2E=b>{;-dNe8!li?%I@+#K&`C&JSixQ z9c5`GPK=7uVYKAhdN7G!ML=UdCYW6^ECMibybF2)JS9fFMc7$G(444EnS_jmX1W?A zPOvvkQ<`Y>%>K<3;KxK$%Pft_coT3wY$9}fGDSRp{$06&=r4J{i9m5mdKG~e{npd0 zsR`_S7pUNU*1--FOEL+DmQ9RE<|V1R3CAh7+j~KG!O=y|cqebOLmapu-#+m%M31O9 z^*JB{!%^DFvqDne3^Zp#?-3)6kF4i6=KZnWWA^(v;pMB(u@psAlV1xIrIT)VztPip zq%a~2uN2Z$U->9U{MDGuSWrYirsnvJ3?wmD`iD7N1V4Xsh1XgQO@mhk*ToM`k8GFL zcxA*ovHWO0ERj1q8voRwVxw2f!^HCqovLgsK>J>7q6mLj{;a}BCjjh$xnk<@N~Xke zq^EtNjrodsIoQb5gP@oCOKkb0T#jf^#g%DgleCz48^)ZD0ja&@X3sv zm>796JpjLZA#sn*?(Ee2%@Crude%A&&HInNXuW^NeVm*wqQBC`f8^%?o@+7z_}26kZe1a3W%!prYFN1;l>oT<9dSFNJSYug(6Wom#HzLsDGjIG&8F zii2TsjS9ZBl%e3N``mkYcO4GsGo;k)59+52=MPy zJ9Q@@DgtTJ9@qwX)%?`W?X5pOFRmOBTrJggzuTv+apge_#$ZNm($L?Lnr}mZ3GL}n zsW%X?S0J5b^*3ALpxsL<$y8y<3tMO<92>l8lumt=Xp9KgIo37&CS{4GvK1cK&Bn%> zoG%+w=f1j{wNlYHkXgDQL9WD73;2s)G)(sWQ9o~kr$CTH9k@=R29>6@)8fqA{85NT zh@}1ZrsBsxgJdd(W=;&X9-hR>OERO+HI5Pk(x0c^4+f?2IcjwY-0>`L8Okk|hh6+; z$z?`2;CL_8^})aMc6af1Wp)2-v<)7Ci=jmYsZUgzT4_7aA^E}7*=@T|+6OQn@;Pel zSSj%}-Aqhh0C+qP||{@8X>Va2xXKelb#ted^>ZTFm~HCkKqX+4a#<~Mrpe4m5eNj5+)kD4J1&Du z1QwHM-CL_O z^g;nWWX0N#qGy)-ReI`}nZh6f3@x%}ri-!>xV)qx@iFjEJ z0zyD*FuIuL)A!W-Ou?Z-YsL3)YC&v{yAg-0G;nQ_Z}G7vDa}7zW7?bk5*IxGTMZsl zzd$!I{t8~d-Fakta5+5$WAt=}kYiPgfD37OKRC84IVS)%dp5z!++dVsiQ`FC#6Ww! zHeYCGby`<$j4M$NfRj3SA9}~GoFlQn=fe=u$yG-kh8KrHHVqZZ6~oX zNPIx<05g-5d=5l`Y8rMEJ?V#3z(8@ndpB z+4t|TG6t6G`ax0&jG%iOfe4G2Lg2Co5YwUnWB(?wHzmbo;v|n40=a+s{+pc*DW4G^KMeQ{8zye&{hlVDpW49AL9(G3ZjSH^ zRtrx`H;(8(LC#cJR``01kM!3+1S()K$=FO3{)(_)|4!)<4lh62iac1nr|0H_o$+?j z_;5*Z0I_epgJeV9jt za4rc0iIYw|d5t!>ww(rKr&(fU_=b|p;N*rZYPv`MszN!+RMu$Wkh1o$DOkn-fwzCv5fro5N zKiNw}-toIkpvy%vH_2}kmAKv3VT_1pkV8v7c+qxfuHwLPNt>4z3&4}8#3UP39TgTh zCc~R7I-eSrFSE)OcOkCYsJ0@-cw&;+2A0)ZGn$mlF1DVFg?5=z_~EnmNY*)90CcwI z02Qa?pfZ83zj3^?MDow?d`h0VR#Oqg_Crb5@6>=AMrZK-?}1nEtFD6RFq zEb=G;{q8sHw3M_5t5OEoB^6gypV7+p0O^>6ZfV|eTa|zQv@YOuRt8xbZm;wzP*nsW zG1c?BMB|dnTBx2gtV|6dyDPcvJR_wzd-SqFT!jb1S$gPBI~o?!BA) z;_$=J`ys>XTqM(68h^j63F34mjF_$2e7kV%?WSE$zy;K9CBL{365sXK!P z)B*VJ?))n0Xmpr5$I!2o~aZpimjZglXD-uo3hEUqSF4fo;f( z{uyk;Rca`S>L<8ozLO`R_W*1a0HZ)Xa5Hy|Z;4q?lda}X z*^xO!kA(4V7}8QeUdL~Hz+S(Vb|iGWQ-ALjl6~p;@ofC^iHChEo4_QG@T^>p5aQ9e z6e;KxBw&gUuYYHo`4`S4iKZ>>r$0Cv{#iZ{FLZAwIE7j3uQfRxT^|>JgnfKGGGqO~ zUq^f2L0YlGH$+?t{T+c9(qk3u*_3hN9s!vyOf zoEVyBYM#rEpsx1FVnd+AhrJ={GqX6g$mn9M-=$gOMnsnEI4jguS|wlR)|YGv_vti& zK@#1zAvrYmtL@nr0C+a@Ssz1VqZbgmRl}KM+EKxVBf&8V%HK7L5hI^7!4Qv{_?(Q?&X{1?b{dOVNb4iAaJyNfxq{Nbjnqglc8;nu9pGyf#glL`iHVRJCudo}cU|$C7 z2kNYBNbw-*-6`3!2vxrY2p=Mxkb^Ab)n?{Ry>IH8gWawIh@a+Q7nTc|BpnZ3&&X4D zB$xjbp;ut>CN>ecc+DtcNNaxl{j(Bz&|YRlu6Fz~O>J+dl$tNomEam{(c@*V$7XhFX4j{@K2M2vjU;YAV?9L9X)2~{Y>(h z1JwCUJ2*I`P4)rrYfiz+N5YxP6+9DSf!Vf#ZZQfMr%w+A+`&^$xj9GzCtqGO&Yxoz^D#+!}S$|4Xwy01%BA=7nfE^@u$LbxrTWlzFGo${B;Mmj6 zln1@&)9klJ(#dklu1Xmtqbcwx3jI(P_Hag9y#o$}tlsJMSF`4BY|55;(o|!L6hrbp z?Qo3=YFcT$8whx8|AbW7V-c(Yp;^xZ?06#};8#Jui?gewX+?5h7rKyWM4W|_5ZUqi zDjaE5?ylj8MG)OZPt2Fmi;gxiOXQW*6|eu#MKyg2h#KN1uNuk8SM?8s;OK%&!yFlh z^1_Zc=A}Y&{+{wNIl5{OeYw?AShpR8pp%9Dk5r0ov93?BwAJ_s=qVak@8R}Ww8m{v zz)b_tP(~v`Dx+F~OxqqDg>1x*R^DUm0L@O9n#Xr>>)ajS+TJ1WaqasoR`cGu>~{-T z*HAzG%A$A(->TKL^-l@93L46%WjGDpA?Bq2m0txZB1dWe(2f`rvy?pc_<)ymaCr1adJ*b;JEa`-!;@@Mg)ZUVwbJ~Vy z{`|suF?E9+r$S10a|J-5O z`Kt={=NtA1g6{Xp_70rAq7QH~YLF;q#q&9j#MTB7s(hg=d+}~6T=z@Y>Upwq)G3c` zosE0*8+z@MP$WBW4geKDe`)rBlnZRo$SC_sxF0!xl)cXr5`Z2eYZ*xbfY+semuf;i zRu;zr2%Gom0k5%C+;rOo1gDrl*6{pH^)>Ja5d7V;NT_ zLq;78Wv)skejKh%@ZQJtR5y{O!^PKYUJe#zFNzFoG#||s71I6|Xg7M@y8Tq^ws{b= z>F^Snc-=3$Bov)9ZhzQ&QT`plhjm;z4VvQ6W^GiWNyhzmJgV&nKrNU_!7v~=hCW~P zVjpo&s=NuyD!{PX>Br(xzK_`2co)5wJD#&4_Y=knj@&u*owch&fZj z!IRjZFu5RFe${_$+nA~AU~wv_sg!%8WoDsKrfxcEx?N!%#5Z#?ag9_9_atX@>&>I; zgFw0XLRLm{s*-g%fU|1OWR&nijh~o&dYqZ$J-M8T1V>XWN~OGO#o~P0KYmEMrm@UP zB|BoxDF+_a2D=oD_2s$bRip9KG-2yiMRik@%&~P9i99yM8f;ua+ z_hDP|KJ2i$*}}qrNx2^pI9{Z1fUll&%p@EKF9_USSB8fQkKxFdA>=RJ5V3P)TU#vV zpr7&?0E`<`0MyTV1M{!+;@mVgaEKbSt|b{n)3Z&#=z289!xoaD_C6)nj-t_%kmb4A zKOh6ogv&d1!GmnLbJUn4BMdz5J_lmY0Q(MgrNEOs<@k-elSD&P3?2B=9zC*CIOo(s zUCK0@zGGwVUdH&HCa~M#O2+jH&9jgU)}q4Nw*ez5KzgwEZxp2|1$2(QD>)bVTS#G@hY*IW#SYQ2D;GF&#zmr2PdH@Rv~#HFJjgj9JoOD}C<598?{3vmvMhbj zyAQ-~H$;N%;mA+4K%LBw2N#}t7$$DEE3_6SWPoq*+Iwj~m9fa3_JuH3^ z8yGMcfB{9@Fn(_4GOs!fa}?$>4!&CDO~vNp6oUv%@DORp*u@-x&A&Bc7MaL zlscKMRH?NOOfO-}t9M8GB@--yf2WE;wN}>`FwK6~hnZfg7*`juNNe4%uA;8LREfq#UKiCbsdzcd1u;FfCxZHSO!k&9!O@HZxD^|2H7KJxbdxV#U=9I^SnYTT}i1rUJ+4yCrIKqMgHp} zDcdlSh)Bv}cpB^*Z3NC^+>%h~k=a)Qpfk06dg?Tix+&2_BH=a@p#D9ZL1}uvH+kB3 zY*(d!Css(SCEwN2kO+ALwmarw_>jzLMu%)@FfIi>bRV^tuJ=m3oke&83^Xnx#-|)- z<*DELg~rtBN%Hu@eofv0T)5AU$PuP8?=BE6%+}rwD&>>oUU$@+53V@5dDtHTu)&xG zT+Lt1r1F!^+(C1)p&Ah7{3dUx4Dy=L5sLJ19ZP&w4wTIwAFEHk64m>$B5z{85hRV! zs>86IZ*hx-(^R6WEzHBITwMp|!Q~wM8!faNRF>8X1b%uD3YjhAP5-RzU^DuBhvJl| zGpxOWhg(ULQ752Vax^R8$GAr|pnP(~A#{C`W$A?0jG~(3cDa#2U|Jy%?o)W2(is_C z>?id{rl6v@z7-T7so8K}bxl3)Rx=rJ?%Rq=UQAI88g}!2h z9ON=y4Ncc#ZNBnGZ9-lDDX;^r_3xQG;Dy4+YI^gNC4?bli-B)NF$}LRw7_ROkg~4 zG*f*ti4gPJu{Ae_xrrec#>r{q^~V*82wGai|(| z>sxn{c3;Us=6}+(LOV|Y98NsYT}zYC{|pk)7HPQv^Ao2z7#U^L#j#q1Q@orOsTw!ek`Vs}hoT zY2rw#&SY}068yV7tots}Dnozh_FV zin08m<`{KO-t>0+%OT&FEE-3KLeyB_a^$TP0^rB%bU?7xz1dL^)Qg))Eh|njbuVBn zyOZDvzybJidK}(Q4gOvS<#9F(*v2_c(R9q~{YY)KVh^7~7%J*QEwTtl_V`jfck%J$|MjkC#03u4 zs~%Pn1|CGi!z2IHEh_)D^+|K>k?K#b{uEjhXar!DFb1toX{86(rIQF{)4r_pw?@Od zeQVhd;Os0;h@vvXBUhjRF2`^n4~J1i7jV}@yx5u_8@d$jUs!t@!zs8>pBRz;RXnxRp5`ekiJc+kMPM4PyP*(Kh3x9*sJPx zNXmc@542EwV`;os4u!1_<&vVK8FsT5N*Jl3cb$APhL7clXjMgFkz;MHYKUn1S|G7K zhqz6jm;fpH9OXT&BhZZUcy=a!9RAkQ5J;(nK>r7|L^0$7E^1hj=M%TP3{G8S)TedG zsRD45$P`dP zWs@M>sG25}Sb_e6R%51`@at8Le;|@IF(luT1{!lNc^(GtU41TXC2{*?R~89yjr1> zpqHuHqEtSs^0J!JK~@3 z3^KzggY}GI|Kg;hB1^17pkIb{t6pr_=&J^$>fELs2ZTU11_K{{BBABmPOR>ubHMxM?+3WWScXUb>?m|KTNT|asqz2?dbhTX zhunwArdWt-M$>w@GEtq9@3=o|l2BzujsH24_|U!_85r)ek)wfi*Y%?47^(+5v!ah) zGf?K>)%>U04ZFuca~=7JK?KkqY?Z$-pLzQYZn-Hx3Z{8oPN2-I-X&=vmF1n__(N2$ zUK^ZmGZvk3*5F5q{`3i`;X~zlx!}WZ5*QMiUoZfDKNLOG-})jiKZ{Vq3Z5cuuJ>U_ z!x@^;5OFi(9(}O}WXO*65yy9Qgw#J@u`Fu5(BfDVDXDm0se)oSkz4_79Ty@Fy@!5J zv6Op){7%_V_7d^uOQJ2QEwjs`YJthyuA9|#Ra1P{36H z}$YMS(?1H0o@SsaHtszdPRwxnQHk}eM*r}=I{o`a9ozN^U!^r zUrs>rc6h8t9!l9UXH#eWZR)?OVev8_s@CAp(pj7)k{wAb*?kn3X(k*E0SlVc6!#9Z zF~nNYfJjfAV~W;iD`AN~J^Xp+`VuHXhr^#F8Y3QCOkHav8Y=(-pIOpF=6kBlE#Uw!r@F!_V_J=-Z=@4_9P|?*1k6)X7J`%QyDV0tKY4FX3RAHrZHf zSksETd%(1><~5)VjNktb0MpV`o*O3nBJwaV@`W!xk%2@U3p9D)WpgfIt&+MRka z3-?zclUti)K%`!rPO^%^q%n}A28gv;Gl^A2{Inyh#M|X&5y9c8r4nk%pSIW_a(-Gv z!P=NJlw=;V6jdJ^J>!iOmyM`B?bjqb1GPqH5wJ9GAOTf+pa_+?gN(yImJ1UFcdc|M zKyjJkEC7Iat{{*OdN`xWU7Tu%HudFz|6o8DkYnziH&vk6gNw-7Af(n5=xK0urH6MAog9k0Uto zAO|8P8)|t;QHS0TEe7P${JTjhdQ*UZ0O0>8DKCnZ4dy5-k3E z!WFP)DAX#=Tf_vsQ&Lbd%=z}nde7GO)7>mt`pcg(%dvx?@eLW5Lv}4#s~sXHakMqU8YQ0m!xl3+ILk*Vuapt4 zj<;I?#`hZZiWSx0<~cV667cdkCb(!0`WJ9XIqJ+^HJy8{5k8zN-7H)=;2N+nrOisy zF;J{0qgLAggXMu#FF>_N;f%cX0V*jg{cX$#09 z&EB4Br%B1hc5fCBv>DrJL9gk|7`~yyc-}L{>M8t4#{GyqL^r#(ao^TB`rXvkCXLlq zXfBmEjcP#YmGkFzU}<<5>J+}5dk`m~ukSwgb_bH@PrcJMM<{U%qnztV8#G}B! zm4B_c8=`g}#hR+pcK@B$0}B|EKQ^LKL!3Ke%^#NHW2@ga==7vH0Y4i}gft^z8vXHG zzti)Utkq&_S^=9}aqP_dc5g@lQA>}TMW%QloT5qbDax=ul$<^va)IUNvE*S!WlqFm z?QFF)sO|sV>l}Mtk z^HK~=2nlPWyo8r&+3<*eTi#OSUouI-6u5xrMZ+4(kRfA#xpWQu zp)h|rJJ+Q^wk8yP&cue;p-jUpc6#*@$0Za4c>jjbucW`6HV2x}t_`6dCi@&Vnl(^s zm1LbP#toq_JUf|zzTAz8UM!8Ex$~HDfioDv8i5v>RC*Dvs%#n~X4*(0$RMUm;jOf2 zE|A2IYxo1Jgp)tn z+Jx9!R=YQPSvomjD;f95d=QCN-b_UJTSoi07%NEd+mwc34ukG^p^6dhwVE&~weUe# zG%|C`OF)TjzVvWV5o*!EQ`*vG%nPoFuuC-VcvH|!he`lRN}?%>NmW1?-TT2{rsTG`Rf44`n{pcpnoH78_v{Ku##ZLv%JCJ|>vV zBvJ{7ML|o}eTnMWJxghx*TREdKGk_^IABxx<{Mg8!I&!(YlM`8A(l{7*Y$ zKEMSF0KbTRbKik%(oRe(vY3n!%dBo*d-v%#eA}bJhQWxboyXHMlh%maC;P$qfEU%7 z24e~m{b%Bt4l(hCs9nuROZ3H}bbU_Ln+*=%*N;#335~9tp4bOG`=c6?o*bE1Nbq&P zkJqlwygkCxH$NfoA|@iZKYE5WFx7MyAZ_ zK;qR^kh?0^``a-#+JBPBK6V+G76@0)s9Ra@e z<1Gp6&*;DTdGg@h#_^TZA5C9sdh2Ny3pC!2LM zH$UpUh3r+o?9Y9LnQh6XdY=$p%LOuKf}aR!{K-O7elVFGhV{0q;7%`$uN`(#7R4;r zn)<7`Sw#$y3VHL=DeF%feI5DVEXbT%VmW92M2$tQ#E)y*K+$u|M7-IJ>H=&bdoGD0 z=}(bDJqa$ZfEo6_DP_HIkKM)oEpfIw_N*DrWw4a*pR5q!`7S-GWx62tqFopLZJ^B)yT^c$<#8bFr%fDxl)_+~d+lO;LD z!5q~Hb(igF2TS{wQccdd31Fj9r#{e!Rh$d=uHA`88DuSEY9u1^q1Zu~n%RAadz$a^ zvSJhwJu*Ow{udyNjwntMi*ql(48L*uyX}A zd2$8Xa{oOc&=muP0opX#!};Q|)_qG4!WwvNZeg${E!N{98&`dAn^p>49bfEScF${< z+0CSP_}Tl|E$DcD(XDAvz7V?}w~t+BzqA{LXYTG84J#~Fq)85R8jSkwfut)0maAY@x?BChrzJHzq z@J;ilN+C$c0OeXO`pL918&NP_@Se2kWSiemKceKCO(TZ{w~Hv$7K*cC6GA|)x$e6s zb_8njYTE&5ySP+mt$FJNqS|K_K2 z%#UiPMri7VxN|p-Gbw;svw|I&x&N1@b2#gEz)Qcr!_$^T?rwmRqRSLW>y2t zyt&`vVj7y9M0M56%BOBmS8sRwUT;yI;F1jWInqSzVuT%R4~;M!S&)t#D$`ywhVtH6 zlchlck~FC5Bvd+|LC?M&3G?-R+8!<~fc3 z3yNeW7@|y3$^#0z0~+k_x7R=Gcu8u2(|X%@0({WhaD#=V3LKcTa`l+43y{}7craEg zFjcl9ft0Y=uwR);`8D(#(zR1~(C$d~04AyZ=>O89e$c%9100T_hCrFY1|)GUKS@0| z9cA(nlQi9o`c}{mZN;o};`%bpD7L?5>chJb-GjnNa5m&U+R;uSR}D;942Q%bna+5K zNnTkTcL^_@|C<)^ebXYg);Fz`pM>);l@2aK86i8-aOmH_2=Kp&5%9mn2p81qKg7sv z3;y*##K_^F`466S(Em@2{s$Pr?(~-@$i3C^+feY3jAUqvn6dxM)ZEmDgUTu zRU2ldn{tR1%tCW+fd7dDP1xoD0|%ir6Lhom=iZF`urHSlu>SSjK1~8DZJQQEOmS18 zO3O#o@+9@Hyi5;qhSG)aHBwp_A`%;>MXJS{iTFE%4f!0RiIK7W9XS8>lW3DX_2P5CbN zo|2syeMVq2)BsE;0+iT$z=-Wk@1&rmYGpK)T&uRV`MHULOtN%ktm-ep9B53gMu^5V zi!Sf4$Vpc#CHKd3CABT3r@=-`VrQCL#l9kRGs(SMB9+4 zwglX!aTXzOnmsd(x=guF{K(j5V1zQRJrv09f07=y%TH)IA^F`?qww5Q^j1Kiaf4Fs(p3 z6u^hiT3V`A%36L!j#*DlNE#W@EH7KnFWn5 zfLC{FgW5kv_spLt`ZtQ3S#35{I)3pi(=~_bI*@JU4Q8K4n&MBk>Z`&dyJ8BJn2i-k z)p6PV8@*RFk*iBlGpftYZ$C7Dx7xIix8_Khxow8!V9?6kU>$glA)Jw(Q%M*7to!`! zT%IP7B^gra5N7B3*zi)`p4lR#gMG@l17M6~vqL;Zi4!pWhYH4KlR$)K|9Od04{TAm{pa z)ZZ&Y!CdOa0fq#I6fJBE1*&XJegFBwq?2T>YGzQaJ`WC6(Xs_yzmp!O#dJ9v;xLzcEbiDW_MXT5 z9&ROMM0t}StmX%h&_yZkl=kTea|$m7k==rD(`)BU!6`O!L08xKvO&^oV*2nBR52{* zcPtAOv_h zSK4TX3m{_8hYzd@#f2Vbi(!bC~vk0Nnw+ZnAcGY<8V)+x5Wl9&p(YL*0 zT$tX=1OE=G1B^ji^d_2YDtDKqHssmY2wB=p!{*$ak`5h>wem}79;XG{8EM3$7tn)!YTm@ z`wH6>Jo!2-Q;itSKyoi5KYOC`Q^TKZF?Kq+j~_Q)h)&f&vj5 z0%8-i%J1`Pg3;?p$ahdw4+~3KJm@mK4oew5FY$w7QzdXJT1v0w0(cfX` zLE%{Gi19dg8$ds_r}M+fEC1rHD+(0xb`cJ{|LCQHOYY#{D5bueGrnPvCjJw+yjxW~~6|x6e*?Bi|ap zRbs>p+d*X45Mt|2{-s||#5gb2Z@xczC@Jk9!`M)sPz5jI43=2qhNt~sgb$E_YlgFu z`a9q5`D0SvfKddl|6yNiXMT!{ke8Efw!P~6g^Rah&!BRg!M!|7lq`seMStRsLS0ly z?O-tGNSHn~R>mT0S{;xtBvb534ch&wF;DR>mt&^Om8Q!j?QYQlvy;9lh~-GMlp5M+ zH+sbvDXJ@YZwNl)_&%1)AK>OI7vjM&NN;Aq1)evqgI4@S{O0JCR8Pc%k2?r%d8aKRb!D=3n+bVWQAGHbNN2hp@-27cqu2d%kO>O;Fn;_ zdaH_J3lD_k9&BK`xVY-N=(g1(__stga#1y#Brbp-VYdIKFU`BP@SY@w)OAz^PlkFD zFK5Dt2qlD5=yEqDleA;c{yC(=h;Vqe+kg|v_%4j^)Vr;RGb2sydM$QOALov_q)))B z&*s5aHx&vy3J!PoaQ>fh$( z`u1nq<}suGMbC%RzoGk0!0A=D=hxj~Py7`R)XIayunK_jHSKDwGcxGi;chxAXj_Tw z5jd$o9%b@*TeR*5uz$tHX_eTatmn)SQ6gRBx&@NsDD=1O(rKhD$bGP74eCHh=M5AY z^F7!{K8JcG#5JY9^()3%mR^|(YxD!*h22HaPnA&{b_?2+_d`?VX7WR z>9Oz&d;s{m&?;xpIpc{=626f`RQU??qqaOJAK#X?8PHS4?RsXH*U8p~j^)c?5BV=0 z&e-898=fAsh-n`N=%|?%0%y77+Jt5TQuz+>xcMbj+g6x7R5=paMY0X}Aev`k2l3Z` zcv08E-8QHzFy6uAx%EgnX|+Jau2<^3e23FLA3(yd=S4Alh7aYgC5BTZY_w9V+4;kU zb;*hNTb+GKr`ncv#_)zDBO^zVB>QIxTaU6UR?E#&v*(S?b&n2!)m_P}M$tb+5l1t^ z$G3k&U-~UN3*RxP9{=Y4Dcm}kkVVy6j6(7tg{qyG2#x9BTD9UodzH&|ep zkj}JNDDjj(PU86#_=}mzQ2!N&b$dm>D6OdlXsdeOOe-!$@(w* zOPl`<8MbgWS7|zT9Mq>9yrFcMq8pJkcS|YP->7diy_o#3V~TixG5wG~&>tZEF7n*# z427n$P7ym6xL;3Vgu1})kMz?`>b)d8cimLFD?BN84z`o}R|)z-#kh>jXnf_zPO1NM zMRndV4TU~XtEQ8rgdQohbD#)!L3+jP31iz;R$y){$xK!s`Uia33)mq#*}+PziJ!79Yqv81hv#f)s2_nO9|LM++XoxoY{KM$MVD&J-kvSM&J8v2xABP%4X4x zF|;odh@K6;=$Fzn3`% zgzIIX1%E`=RG)ry>1sh#v-xl2sW4_gNK$1F|IqYRuJ3JynIIE*3?iX72C;`u=x$`2 zS8CM=sK5C@R^qBjW=KuCRl$y-?#k9UV;yCfH}biPyPB4)oU1LL1rDcFK-$qa?O8wJ zpm>Q!$yzg2#83cojH*(^WGk@{+Do@#^XIv;i6A4GsY)iOw0uJh{mn8Gutb!Gfu8|{ zD!Q?Ik{N@&0?v_?R8fto@(vjv>~Z@S33`uR0i_t*&Cb`v3PHP%S&n0E!ZjHl{aX+@ z?Ul$KpYrIyX#7cGO$CyuVR;Pfrl&n67R@sKf)C2b1x zYhXX6(r*$CJdswda-TO%<7mlp2H)d3FIgYa5{+Ju{H3)$I$MiQ<~GjXB zS!x_8{d9mHIR6ht!7Z)%c;&itXAK*eiYNmCo?nl|mvM4h6e z4JI*gwU3(gOu_u4z!6Sjkb>;_TPii=YPhukO&byGrZ@G{}^=d@D)9e$;!l%KQ+kDL{Y$Abte|Bg*2 z<$b^I9}M_+)!#e3cW{#+$r#4@gFmxN*+IJU8<HQWgQ&`vv#)+4?1P+02DgM>Q;*JnrQ$BW_x*-~#wg#zJ1L$f@ZZ9I3CybWRP?+r z!i&u8iE4<%51|ywHk|ka4g%+=ElHzaY&!9^e}`gSYq<_<(qaZ$RXoy_9liS>q2pb$ z!P*DL$DT41dE?MAq#J+t{%^T0oN&25nJS>kqCY)XS*rbmcV)%Ez@nee! z(pGm0tskPtaSII17EA8r=x}Jp`_EZ3PzK8BBl}uxsL(5yybhe=!7%(x@&JXQ3)IjN z4mBRJQ>}F*svr0{qN89`40p?&ePNL!O3M#O5+BMmZk@NuXx}<<2my+dXGD(ienH z+$wy(GD?k7LLjVEV?xA25|VU4{SQ<1>Oe(F3nYIO^hc1Mf=C&moz+Ay7P#9uDv)E; zIHhr3!efehjoGcySUk{>;ua&=z7YfZZRSJi_x1|ioW1W0(ib4gE!yijbxSCZHTZO9 z%WKW{;mM1GLy|xCBE&pEQrLCiCz6g8f=c%%mHln<+oEBnV`5TY3N#)J8aaUP$j9G< zgPVa4kCE%R*f{T}a!eue?7%a1b8m?-R;PAZD4|TxQQggZI98S@zt#u)sW5<*<%GIT z&_@Y5N}bM18r;~*kbodXAt&4Iu=DjCoc)${4jdnEZ!koEr1ODNchJG31T*W)Vg!$H zsw@IGlb5XWNEzYnZX!OXA!P2C;qWoId&&34f~zkVkCvVBkqY#XQ%c!M&gha)?rF`` z9~MNn(sl|4F5`y`m!nAeS1SMtyPW!ic0G4BdRE@mU27ird19opf>%Qf6Ec%%eNf%> zotxyxJ~(f|E)&Dc2kljE!Yn+?gMM+k=^yjlzn3Y;V*Ozl#elM@coY3k+Hj2xb?tPXZx`&QFV`;pTk{ zxdBGK1{ZBm=q&$o>T1D*&`lp)kLezUOo#`$A2)TKaRtrRC-aQ^SZRTP0{b@Tptbv+ z4 zE|fOdoea~5q#^b;LP}HIyE2IZBvgp0|6(Vj@(vJb?-*-nPJ5$k2avGPc_UAp1P;L| zSgT}7a~65S*_R5G!UZ8V@T`UdKbRNz$sEF!s4Z8>^sv7)IKop1qHq^|+$-8;O(_Pn z6W$$+bTs4#`bO?KO=U`}iSreQQ7OTq&4gqnCi}{+oqms_^_2WeJQy+pBy2$vTsUdL z2v%#~PO@hw(Ft90^7N4El=`wt>5AFuwEM=Rh{OA|XCNR-r%H%NR^>4wh&1(`lF;_= zd0`&79D)D}T!O^xbrD0`kM6S9&hRsuy8jOVn?Pj0!~mYy!r!kO!9Qm#5q85~t?_OS zqt1SJ$p;9@$_B#zQ`Cg4GDT|vsS*&oXD5@kvLR4fR(oYI@@GREylO`qBR~U*nbsi15c!=`IFjOiD+2$<3oY3nx0&{=l|J&Jt zd*6i}m>F4h#!BC&PS#+rSfXb}>}(eopN^f$&$ifEUF57x(Hco>j-%P4XcaNEas(}l zpPA9K1I}ktv2#HTRXo~|rYH(0LAs-TANTBCnQHsK}Tl$Rj*sz~RK4ub7~AJwcpB9>3ge1fGNAjxPM zJH5U>#0CTqW#0BW>0)`4LRK+%1~m0l1%Y+4Q_}|wy(kSF^-asH2&g^yX3+IaBZO7? zt|cO`8d%SvP|q|D13tm%lGMk7N01ORIIB?DU|9M`P(q=Po|_;VpP+x<#jlScv?EKr zu^0i7=sy|J1l04A`mJsn;pBl;1u7@B_zYWBq2~ny&!y>iA+)hUjuB%8V1EMhtvTRV zB%6iB=1}(&I^>oH<4M{hFS^;ciXx4Mv}b-zFywK3r~Ej)@Ux(J4d!yp(&A5qsKn?V zdC$_5sN4XvoJvHIa9e*&Xj@Lpx}J5-E3>iDst*4z8~iW7UIhd|`DvSo0GJS{RA{U) zHBHOCLb=BeidX9e%d?g_0>vld#c_{(`I42lYHK98*aF(bCHMEmP6-9)Ds*(u@Pi9= z3G;1Lfdn{s<)7_@@l-Ha=hENp=GQ*+)eN80WLg+{-GtRonVf&LrDtvNc`MAEJTf^x zn|eXy3Weq7XY)@Mf$qv-PaYlst1WC%S(M8f;GTMS{cCzF5#PCC!8f-P8hwnomj-+k zAQ~1@WlXr3MzJ-xuv9y%APD0om1(jn6J^(Zz7MG=wJ7dJ(4&Gp?(Mcrz+(~XScP4)X5e_~KlHqI$VTpkA8I_s}03?2dH?xJf8AE`C z4TrOY3#(vA6JhX}_lamrQ9@5lwhGIeY9Ju^)J(j79$t%{-ZaFyL-Uh|$9bd*9Mj@i zM~0V@d{xnoI(n564RZGMPMwU+XshwS_1!U9zmL)$!NPx#9(num!0AJpKA^6Ro10`Z zJqhsX$YtcpcGhb{w@c$e+lN#euBlW`*xoE!cd9xWw^diSSD)#3izD z!aKK3ai$~tPK0ZHq`&K+&iE5Ix-eD2;5fdl;St{QQA(pJD5RENKe+om? zp*LPAh)IGN7eprHl|0&K%np1X?1G}~P<)TGDJ2t+Pe>3Ee*j*P4N&wDj`G5AtKC0- zdwh7_-XSlx^Bl>mTst}3_6}(avW_6@h#7Wx>ZO0Yt$GI|l92!3D-s1ExIX09;sIXn z+z3GeDB-%5Y!jc!U*UPVSTA-9$GSsqw#5Kzo}cVYBR~IFHap^_A2B8#*z>(QUhNTM zdI0s4lQ2bHeMQS~{jB{%Eygn(%<9G)mD4n=^y6 z93yp7feJe0RCglSi}Vp4LLgtOr80}<<%~NDJYr;X{k!?q-*pcauXNhBPVM%NeEWZ7 zbd(c+9(mJXh_#P+z#`PSNNpCW>mj!cDET&l*cLE~W?{HPB35Ds#|9lY5L-jKLxvN^ zGL(!AIcUx_aS7QP$9uvWKKP?AM&L!hm-qw?BSGi&Z^t|E^#4_8uBe}S!|QFsp=yZH z6Vo7!XLz^XF`sG-+ZpxzKawD&AEJLDIF*Ax#Y@qB9az&M4W+1ZUW$NTa?a$gCaiOz zz(HGz$GroSRa_|g0*#dE_eU53Qg16NaPO|$+8}>;Ndz_)tnjHgd_(vKplsPP9kI}- zc%Xo+32~6&bDq-a|7axqzyrE$@^&+x$^ky5n(>u9LO*nv@FJjKDqU=xdgbxp_qU#6P zBSQ})hbi%pRyNN%z z#0ScfU>v~p<|EWXyqbTI3O5%?wKnt?F4PS4mG^6yx2wX<;yHqjYD=Rb^QqV<$n{S` zg0tiQ{qf}N_y}#*eI-#3_Kr>55-zXld=u8$CbGvbLiok5{OTXF2FTAsRR*Nb)nb>f@m1dz&u4cJi}5wn^2Vgm*dwb z@5x#JfSjJ4{C;qLOny85Px$3i682jx04bAZv%h**e&^izIFZE|JVOj)qmEP&UM~@I6v;Y>0SC@9u4*X_g?(?qEP?& z<=*b|zv@3f#Xq^Z$u``ButHb$_2FP?bn!jWTND2$*5J7nXlL%kHTZKi8yg1iE3vAS~?+ znyiSBK6>AmW$F?(1ut(9p=VUqr|7lpc&@z3>lVGsc*eQEclpiGm84t<@V8p$InWC* zGtq;+R_n_b#~eEZweIg*yDm9rB%x^%&>LzA2f@ZhhZ9DgZ3&BHn1)c1S^5zc83}P1 zY5#+>DE5ES$*V7}IPG0*3JEqp-?zzEGVnP4@i}oEpAMN%w_B|}mmFr}$-s~@HAYy` zU}PzbIs_raK^E-*m;9n@)Ije=#FT}Voi32qHH&A7j1f#!#pxath*Oh6@92;?!D3U9 z@o=ING*3NX;tb_Oa2&!Xt=4`v8(F?JPRQZg6Y+n7V4|No0&Js%+A<=JNB;fn_~@kX zoF4T1&aY=5-Z|*$`8zBO8geRE!`Un%o^gJuo8~8{Dh?VI7hzQv@JU5(?qS#|wXt zOJ?J0q?ENyfmQiWn|8`2+1eCT)}UTT+1stEri$l`T1^EtD`Xq^+eXN2RKF;f(SUVr z|5Acat_1btcvL-TKJ?X8VZF{NCc>9yp`9h_w^0?THVdgI<9)=aj`SGhJ6eqVLPf?l zdDf%@7gvc|3V2MQ85a}+)cqnF()NES7uCwT?#KgFZx{?*K4}+6dO4=)C5~omn|zVK zrQ~l^Kbl}fE=c=X|M>m+$@}BCm!}`j&fCPH|0G@V`QKFjK=v(}DybMl`P_zr_*lbXGagJ#!%V9a5?!R!Y{Q2v}uJiL}{Bsxn^JVY;>)u7zc`m=*dvVcq zUVPsEh_p+poRt?XT9xKi+Tk zO0BoHBsVF+C;#j2C;yX=QvSy$e|zhb+t@~oZo8WEi~FsuGVkp#yE}WL+mp!fyix|y z&GyrOtW&TW$@VKHdtM>gm+sEq{S!&IS1H|#YU%c$O1j-j>3*!1?)iUXNY|?pvKltUwXBf5rj6co_*Oh4u>J7@vHreCrd~`f`~lZ;`EO}@#Vnczn13;MSpV-1syTAr>6kPX6wKwTb~RA=;Y|~*_V^| zN5}ssH|?S;dH0`}M!Q$-PtR=K%6xOoo_)!aDXfn;n-*ycZSTm6o#L1O{qe)u$9JY= zochEGNPCxe{!4$CswC5S;FA)oPoJVrJ7@15et7@ueY?_!asIY{d3JpI_T=#3{N%&? z%j5S4zq~y@YLi!(&{4ONiqCrYzW3}41mQD}hA|FvEPMH}$gKXtybwW>lt>aiNu+VO zm5aAV_BG4Bw9JP7L}@c;TokccG^9=tlV@KJ-oO9w@%?|{@#Tpyr~m$UQY86c$Ca8S z#ZOF-$*pJeT@_}mN_6nu+kIbkL#TX^i^#Z&d<)2y*Juj)-=xmWTfW{T;FxOeE#lty+d^dQ(O=bF4PAHp7^dt}HMvrl^`VyC4f} z?uOshoyC_5Id7S}zO33gi#5K!#)izUJAfeUomh-$KoqUFwze$D zE4X^5`nB%s!l4qq=IOPbmF4mxKdayD+Lo&lvPyq@7G4rlrwM6ui?Og#=Ipup#!8kc z)Qg!Vw6M-qa)T$|?k)A2MsRI+#U9N&|K{9M7vITE$29=NrJd)CI?{< z`Qe;+s@(8a=6=gw;x3feFn?0`z-`c9@-DR;hoj?P4?eySZJliGrn}u1y zLa7G6U6>*ub{C|w;J*4-I3cQulxMtvs$;~~)SHt*p5ZnLz=AFe#;VoT%c4~btRfl5 zeaP#g*Fv)d#aE^{`Au(4WqX^o5o0m0x~P9;wiPWCvQ*sj?&7?cc!4NnoV|j^UjP5e z;G}T}_5yDD_0O-I+ngAcuBmMGSUghV>&Ns*$%VO<39$|P-|2_a!AZ<*kWP5c$>Ks^4j1@l{ox0~S58#d80V>#Ekkue7MEh!hDJ(_4Rj zmYJuD{Eym)T68BJdeLTzGBi7rG6Dx_N~bZ}Mht7S>q|F?exUj*aQ@krR~=XFwk;d-Zr9TD52^|ajA@$N2sXK}zaw_*k^_DXTh$@~ z9nqU!OQ8^&A~%%nnRg zY~xki<|2Cb1^OCOC8)o8mUDlxh$)p+?%Ug?bBJhD5jj_UE`zuxe4e=kgSc`N$$Let z{x0q7tZ;i-e4&Qx?^VIoWp#9w#4#L54UWxfc=(N%a1$T?=0pGd{lU9qp&`{hE8AH% zlbJ@vF4cA8s`J?g6}{<05h#08Yi<E}M- zZUJI0idsNvFtC{$pO!<$wN=yXU3!I;BE>6Oywp8AY`&^ZnarPT%WVtEKsm?1$-aF1 zV`)>j&T)x8Ebv#0AV$huEI~d&NgbJ>Xww3zFNKL&ifTn-VN(uU5Cy6E!sK_xe(EKu z-u&Q=QH9X-n+7vtc&LA7t#V_PwUM=*Ui(2J&H%=vY#9=qU=8=+PobjnTZIuJ!yZsl zD}ic=<|dlgpYpp(r7C~P{O$RWUC~x*my8DGUr#5rS_>OWII|vT*l3y=?kL&Cur4eI z0cFrPE4dAF%aUu3b?bwX40Z*az)k(>#EX=PZ+Cr}+d5EIkI8?C@J_rNn$xD6&%PKR z?>FUjJfJi;)!rgE`Cz2CN3)N4ZZjfqg?TI3CoRK*F<%T~n8)H!*>fzu?+efW&P1*2GUMo&QE`zKv8=5mtOKukO zlaSYSXVmlOpzEqsX8nEsh15b}H_?CA6gJu}|6VK}w5@20-Qe);$?^O1%MYhwKX}!C zm_P6Pbm!5?udt)UVOG7vp?SOr_@zd~=HGU3Hf7lfHEDm6_^&=pQ=nvsCVNk^+rP?O zE1!OzMqF84qR76GZffsql#6=yrL=TPG{xi_6yY{0rCWz&Q%rnMI&a9=uj={?@o!sN zG(3aMEu#nZ-;OU+iC>;bDyO-<&Y z{qm*!By|^cYW)AR_wL(m+t|YR?{7T?mfAC8XClh7out*7b{*Go8?W5_v)t*KmGndq z2}u}J1Pg$+)hKW9J<|71=M}z%8wrx2ZkA*#BdmYb#v(ynHa7MR8+#knGApKzsouY? zgWrEI$^e?or&V1dm}R=r0n>jtGKS6Dp`cT4O#aJXz_%t3Q)9rvfy8a=s8kzC)8CG5 zVt4xO-d@@qXr%|7)}f`EO=@t~Ig0v8nDVwN_SMIC4H-VO(W4MYC7v}!vcG))=FI4u zO3Z)AbkK!Ge+NCkkJE!3n?Adg`*i2+Fz@l1P3pyZXrb({tSO0pv-#KT$w%63+D4nA zd2@}+pqJntqpftINHsx)lygN8m=i7SZL&kp`=Y15KqEO|y2{qW1(9|Ai{n7rd(B~r z7Z8pxufkb2EPK^zn@?>y#MVyE!-NOqHWGh|+zz)F#_ej<+zfaXXcwT5B}imHrd zmI##dM_t-prUa>@?6lcAG+=}!Ym7o+amZx0EL#pLp5@vwVhfmIX#`c)Mr(&DiX;8x zzO_K+K8kgSiS}lF|K?0dy+$IfI?h!DBKJ6VPC3`Pu#-_b$7PXLHNJG#%MDQfsaAh= zhBbQ#V@mGEp5Gt1;<2T#r-x&6R+|}(&A4tz0O-+=ggVRpIImiyp^z;UG=1tSo~e?O z3iGWxfSdNIu2K3@MY)>Vsj5-_a)|uvsUOM;W~YQQqaqk081msK`R>z@^Y~LjL*23o zG3QvE^NXA3X*QrQUp}FvmRA593B{nP z#`~v!r80l3zXKBSkPMXJ`o$S6{kfuW6Lo}9mAR;otkxYN8Vo`@4 z^smJdC@jEzO+Qi+@=2)sxUfRmj?t^Y{kS1pFoo2_J-fpA|f%?#^I)&vvdtIPbl zMN`d3`Y|fiM|ZKz7O&RlZ|`4Qo#(Kv(8b01yI)bg>ydNN11 zmuDAmPEOB08Mahdm%>Q?|6hO4udGJr#3Nv+*QIG)jyK&hUn~y%G zUg4Bpi#q2P-*&D`@!aPd5Fj51#sSA5tjdL_YFPN(rzGOyeV@BnVFkkxQeZ}z?nwhH zr*Fcm8*?0EA@Hf2;%gE1ElDDkqg4v0u4>n4tQTi_x|;=bT=CrV#`1rAjIXeD6NWw+ zOz2&gSGr=Ig{JjB3dhC8{zl$isz9LZ-M!#aIhK1v#|eyV)CJ%fW&y)cZz;9uWilg% zkj^hV7D9e>ov{xG({Mq)684N^|9bor3}NI8f|lW$e1vrFMg4FH*|5RKvAj^GQ$SZC z!%BFP`v9tf3q4BigQI^w`3S6#u5&bJ9UjfaNama8T&yNxs8M1!xDP%9MsGezC&#_? z#Xk4~K7**o=*`|tQDq+t5I6+);Azvz*fP8h^u>OgTKi{F|!5TxndjWPIRNP%YO#3kT|CdiTM=9NXw-ep%rk^nGbW1r21|{O+BWlPZ1mH z)V0%sXPf>_rcx_X_&0WbV3To4ZmXJO0(Juqd(qS|*Ha8ypNejpuTCy5-~abNZEsl1 z_9d&>@igq0p#FcY{dN6;Oc!&|hCZPnBqX-4B)1OitH?Rm`k8bC{N*pXYsUJn5|mdw zREBkpxU-v5DWU~@$6)VUG0J`5d0t)gVW0V@C-;`Q*ECYP8!)rm`V?3C%yre#Rnhor zg1F3MjGsL!(`e>Tksc@*556k%Len)`>A06iQr8A{8G?V67!u+e6d}eOetBZHd$Y3k z?HupQu25x1s2Q$xb2`>JJf58XPG+)DkGislQyR&^+N4FdC4IYI zkd6;3=7M_LK4`!AqN==kfAaEN)pG3Pl5bOaCz@+gW>vE``g}Y1FduaJajtBUD4pV3+@OBW3RVugxd5Q;Hx*0A{yblQ0~EKN1+~tKqQ<(C*cK zldfHnFY9yg{0ImHW1xq8m@otw86ogG=^+{+j+lSWd5%#SFnQn<;t}R3Pzk&-1AD!( z)PHq;ba~$`M*hB6ljAGN#*HELltHACy_RG4P6ejRWX&o47B%1BAWCt7z(kE)j9L7N zN1deK$9JIK$Ql#mvazjj$&5vfvbD{;Ou=F5R92V^UV?p^AKymWjy3m^SmV?O=}fnh zOTK@djWzdl;Q>nXO&`?%gEjs`2xYm}RKJTLN!8yPdoEQRAU0+`4*?#*0jgL$Pu1~c zovfd4DH>qL>Dbr@Q^3{(;$I``VPc7vvW;`mgl9g?n&NO^uS{LC0Pg-;)SZCTqF9Dr z^FLTy05Cs5_dsI8Feh}ZhTzy|4WM>ffO&r#{1-?5Fd~e^L&9o9&STbYHV2pwlb+|3 zQPY0k^vP&MqK0H~%~}Y1C}bYvFbW_I)Ob~j{`A=^6pnzdSi7>{sE2Yd_N7@}UW7{+ z3ILA42yqxd4#oDfDUV8znD1CEAdKU7MFL36pgTkqb2vclT)O*?wunx^9|_@7KBa%^ zRlAfH->xJ9QRr1Zqo}VtTo>?7HwNlZ(m$@~9E<{RgDAr!@@nTC1OzcK!Vw<95FqBm z*w}&vsl<^@D9vJ>-N8{DB0v%zC%jz);7>xX5sDFQw7f&_s0P3-p+QU$V~r#4&})4< zJZQZ*IBb3ITC@x<4JoZl^SHY44C;S>tAqNdx}jhHP(ufk5&^O3+f)uBa8N>m^c6np z1%|#)l876>r)tu!KR8kK-&GO$d^OKky*E=x5GeUmrlif`j>+Q?>=kSv#cGpm#PxmPW$oR-5C?C|jZ!o~cW)v0hoFD{KOa7R zyls5^=>7h;Z|mhDSWDw>PE~N;xh!xklhic;^%Ef5nlUdF3BoU(<@JYqBQa>P#q444 z*Fn8LeHk()CXXoMn39-cDdNP~>q^Xf1sQ*+$0Wr5xOvk`JA;NrfAswLSz-Sl9UnZ~?f*@b#hpu1 z6<+N~v1!Wt)Y45C@<4wnU*4I+AEnV~RFNZzsBU^R-EX2qjI1f^y*NJ&QZrhF4&_|k zRzQqYHZLxHqvU8+bP|R}H;A5+Q7jbN`rm(Od98!SK^=UX7pR1yrNQg{g1P=PJr^?s z0fzAqde^B|=3&z0Bt#T))JP)fk<&m?5EG&NwLzWJB!2)=bxnUrX$IL8%*{aZPdEx^ zRxU!`>X60AuY|{s0v@eJ;Sndj5VPSs!e!X1lOPbfCSq+Bo+me3#UxI{LP_ zFv_)3j`)yfU^;&~DG%AqffeFE&M`LKtZRHu0J@I_^DtC3rVQ2@6Lk7utybs2dRI8i z44gX5+H`QC1!V~2tz)*;MPH0;n zZD$rU)l|-Grbl7SbY)CnW1x{{{BHiovpk7&uG*Ydt?G z+W(G@cJkjw%6fKp5mk0#;2NYd+poPO1~~3o>7kbIj#PY{zh2@Q<+woUoPxh?ldgX0abXf7&m04=eemsmwtZfd zR>VGM6d%gRg%5H&7DqW$>r*mvBijSx8h9MY_PHY7M?L~e9*$EWIR%yrKyyxb8l!*R zBizFUelp)4(x_Y5L<;iv-bVV|Fxx|gL;R_mt9Su(?vw2~;XC_ecMc$z|9oiqZdO@9 z{*Qy+!mgjP%(DL+AGC`1|DM0t$^RQE1>);)xh{Eox@qDpXKhPoxF}a$RxyZ!-dAQY zHgYtZB}9J%u7=2jl2elcGN301Bm#dO?SjxjTrf%odI^`&4)_p(E5y{(w5i_^xP|J5 z3A`aV(2&8=ApZft%E@0j@29ufXRlP-jC9p1K-r+~!eO^jef!+?S6&vO|5?O1$*Sk( z1vBmc$45o`&*6)M9sS=#DboLRjfDtk%iuN#(4qNpH1K>v5n=M$UwV9Sk!ycs`P%@~ z$Cmlyx~>k)^^MEUA|DnhO1>4C1|8I-egYz!R~QmLpd^V?HE^M+gK|KX!XR)dmb!T| z4FKh@O7T_1-Zo&cr2UEpW$k^*E)5L6+cFXO-?}V7|0!97=v!r$|Hq5NqWs@F*vbE! zDUSPJ?%Tnsg586@c~)Qx@)dtf_>fTir?h}umVd<>F3Eiu!q+6{D>7Sa02t$6a*U#0 zm#4HU)OPwby*5z;;0DoN`a;Oz%TwD0_kRyZLMd2`49t}OTE|8I-{al+-)71K?Ejw> z4(-T*logZSzmU%*CCFV`)8L;08&|*w2_>;vFHv8>))1H}3seKZqR)Q|EyqsK+v>6a z{a^C-|4jOS*lHE^|JHHqXh;7yQ9fsJP_rWx#tB7*TmK*pga56JaB`_?b&do6*UtbtGGFDu)CzK<9y zx8XkDT)Tt%uB^2z#Qzry`;nGe{Qt#qQU7Z_KiJv-H&PaloAG~0G_cfx?%! z8efdu<*b{%T+G$1lj~z;3hRui*r6cPBo70pJlLNvf}?49-{T;e2Dr8pt8d zzerEw-Qs`y%yCClZXDy)GKcgx(?fod8*y{^qfa#@Jv1F(wk*Q`t*C}8^#6Hwbo{({ z{(JcBV8{PAQr2~#Yx8gz$IN2c+0B$?Z~deu!R6J(#qX?aNOfCCIw%BnE~*{M9tkT= zx^v$(TH%F#%~{?pBAuCF-vwiQf-(yX!u!3Eg@5kD4`4u$iHUEsEH$NqMykwRmPFMsZkd9%kPW9 z6dhHvxPtaeXKcj%q8?p{nWr3u zI_ZCQ_zqNGh_F?pD#c~Lm@s3i4zv%fE5+G`3Kbw&$h-9^0&l(IOC{B%LDegoua-LH z=eC6E07Y21R6o~s`bEUBL!9$E$~4+s48Q7x#FG4AZl2)i)KF^&>g$6iL`OK1 zsQn9tKDs~@lc0lq5(U->rdD&EXU*4a)xLj84Q~Dr1xbi#9zSxA^O#@!qCRI&5eZWL zBCBLSbur7_SBnq^(}2!&U4zaES`LH~%w7wp62?SjcdvBw~MD2!fmyU1_rZOI5S*Mk9FFxkk4+Hd5V#u5Fo7 zTQ=l!^PQ_f>kB(`qj_A&#_%VJP~GnEc8H>1BL+EUeJmzFXSb#A?9TOGKqt}o7LIfM zRpM?X&MuCtbK~eTxH*d_x(>`##d{u`P2-Ua`3c2*d`cpY?wmoF3su|=m(PExmpIXu zi?eS;O9N(7f}nkLIz z$Z;W1Oi|3%6WU|>sXrvQQ5m(wd+|X-zIR|(ZkO9Bz`uNHmtJ!?*bFGL)v_=lKZQn4 zOR4I|qe*naer1T}l=cQ_29U!!kuO&@k9hJ`3E9ktmd$6ypr5wW@mzm<+@Tjp+myYz zog2WhGHjUH8R#Gf!KUESBnrpcyw=nPu#F%Qif-DAXFzPsm+-KNC7rW(SLg4}-h4WL z`N>LPn4*~ICNnNdmzj@|_)kpXt_}Vpa5~QD)K>do@7tW|a4S5yhUN|FVl|lO z5UN}k>|EWRoJm&C{J;qngQ-Pzgz{}^WM-4FF+2q<&{W5IhBSh>Qh0*3p6Tc zu7JV&C>-mwk;PVLafXUjbGoRjcI_s3$QnMP+?IN@i+Smd28e$?y;{w+H+!bKPJP2Fh`@ z(a?XoZvdwC#CwJ6jYgkPAA!GC+&h#I0bjoSRbgK07x`^#TG*1?bBbrIwJ;fQ|(;P~JGxZWBvvk(Q6hdD85 z;Bu2`X%HY5*q3VfYcxI`BL5mkgC8PN{e{q>UPt6M5+AXjafp6s2I!_4C1F_cm6J}T zC?pA$`@??&^0j8QXGa>BBaH#)Lm&4DB{RY_f=(z?mOjM<5F}%Ne|h8k!Q;= ze2GFhu6Aw6eeOBFDI9Xn@RZ0m7rXr=MA1xi-j?#!^G&ft#_PBmQpAQN3}!Y~{21uAj~agIQB!}V7HpQh(kz)wd!j9g6Z!A&j}(RW z?t>MDrtXOrh1Twk7lrm76ftaf#QCIkGlv=CdLhHh{2>j@I9+_!;>e}@F7AXT75-@R z8G5WCq}TE18-}B~2RDaRTE2iw3frVP%-xp4(^5nFv2%P<#`}i_)e2d#s&;j3ZZn1u z_mO`;_Cr*?HPR~Xtx*j0@K}XNTZ}A>G%rXNM9G|k^;)ILMXqm`rOVxs%j(3=xx$_7 zj$Jl#>{6W|Q*s=@YPTrR1T?+(plET6X9k8Nw*Jxx{lz+%> zC{GvF*3Ja&5voPGJbQWG`E>H~FI71?_@T|DHdRr*ACYPACn@uamU_B&042OjA zdbvdy1Qan=SmH{|ttLeF09Mq0Id6aYY@xqM_ltnOIO%kLdw=<|JoYm6pGN-|=CccP z+G#X@X>L1(+%J22U5Tqc#c_qwrPku?zc1cjUY%Wj>YQGlUtGD+si|7g|9D{nml{gN zwy7A-)tkLd5@2+H;iJ#BkoH@sqlINyP$G;$+-%N`I^w8hT71dgmS$47X(*>=kQ!H5(O-?gpRU6qV8mqLi zRa*!jH~1GdOU?uT1uThkEWo^0&Z&kstF^@pZ@CQ2PQbgaL{}TKD%Z>{WG_nVZ6R0H z$c;JLuH)?M&6U@f&HY__V6n!ywA!ru z{gr6kn1-YG1xlKzLAPE6k|>y?5i5onkz$%-Kbe`AWTjd2uaNc|m3x0fiN#Y0gOC+e zr7}Uvp6BCIO!>qu2p1Zf4RJA%+5XU#w~-6x@B6O5YRO;s_u(Tg@+x2IgbqWsB&F zMpnI~Is}}{Dpl%I$6S9aoI%Kj>|kapE&=H~# z%kyo<2`wI7l*YpFpU$YB)38G~ESXH8pSM5Mv$M<} z|2d}QZrlh^9Fp+}Es_9edi>|s^VV@O{`1lC;V%E*M#|@61Um@CfrZXjKJ0HtUl=#a&G# zd}}qp?6_gmV;+Amg#*A5VRo63&l&SYggC`MtB7x0tW_1} zIA@TV5$Cwr=IX*7PwORTrmGAvYsKrH9je=O;r9pbK-{{*Cp#ebJOQpv!*EuVYgffN zqRZMc`8VJlLIDb7NJNk@fzwGeA_4AW6ad4ooW%LwDHO#Uf4`QaQu> zH(zZ5FW`Uthf755NgG&aM9OAC1hkI_<`paE^`=VOp2z*Kp(@$9=kNl|F|`#$sjFb8 z_X{3f*~)xDq^o136t~mkMDlfE(*16yI#zq<%Odfua^(zV4c zH?P|5YdS(sJJ3!~^ePUvr|g*fH2bxlmw#<#(ewW}=q;A~dFJ{5L92ZJ-+J+4m;ZSq zrHaav;3Z}>i8&_GPf0L9T)Mp3Xa8-moUZ=}rj|N87m2sZU- zKlP38LEk#=w^@gL1rt6b6#pqtrM>I#cV(Hf4E^unD8SKR zZZh8*nKF^|{)K!lIe`LmJ|pc6_|Eje6VyQ; z3mHZ;WwC1jSiF9zrQNZjdzMA%zeaz7g;anU^#AzaxFr8Se{r;<|C=bY>Ay|4Q|heA z##c|7*F%*HRBOIV2xjMnOZQc}1W>W~rl-06%v~Q8*T7-YQa57kQ^nITVI0x(i}KN; z=|g;!wP>y{pg*R6P=7;U@DmJSI|kdw)TnG(CbKj^iu2$R$d1C?R3}s87*fXPKS<3rVa<`eSSaA z32miNE`^S5hk}?APJ9x!!PV)7e8M3eAg<2VjT6H{aD7Jt*~Ju?M!Jd_h50=d3GyFR zNAQ^L5a9q?&VjHJcut>(>EM5xrNh#9c)W`<;-0E5z{A@^UTO0XZ}E7 zruBbO+y73O{XFb@!|1K{@+Mh+Pbr#reF*V^C}E;T=rW| zbr7_0h$!Z%)3*6gkJJ#%nG{uS8TI;9{Ape`vL_lGbI@RiXYfWWLOXv#|L4~O!4taoy8uIU%^UO@)xdeLz-@O(lMVV+M$ z&6`#o?2C^ViVZOJldMjGt5l63&ues7D>qKfH^Io_KgO`J-7ZM;buqsf*c&o0`?^21Sa zV9h{O1dS{8aG?=p?c|W{U!*7Tb@}buDf`OFjc1$~<`5TG6H;e>*Sz}}sP7}c&CCC@ z0FVp2|IXC^p1pWp^#6T++}iQ~O%#XzmycZac-e%Vm=OP5N>^}#GFG}|R*70utZ=yIi?F9*z-LWZV zGz7+MYTuTETh@mt9C>Wm91?O}Zv%?EmE+2!z`a6@&x$VNs%*uW$zl^VK%>EiC=7qlfruR0PwhBG?q(m~x}Jk9~LULiFsnrOWc)6j}&*Z>Vb{Zp;4A7aoLE@ZO? zjTlrVECo2~6B)2sXW5-95TxN+1c~~06$tKUPO5*R|CeVcFW;VdqhJLzW-9$ZJb2MM zKFHJm*0Y1--Tl9flyAVL^gOP8kpKR^H{?8SH?XFv;5wI|@>9|Bw|+lv5C5=)+kBiUmT1&D@YF#sI(DNHwt z?Df}pKw)4;Cw&WRwF@Z7akZM#UbvG zO|+>$4>Z5tV&4VCzeZHL_u(uw@|!=ZQJwFLe8@rNVtz&ps#?J4M9 zk`Q(Ezxu9n_o;+YH{W+RlVboIk|Yd34}k!MNYJqnj1m}zV~JtK#a4Smj!b}=6L9R^ z)oL9f2$aU$J@)Rp;MK{6l(Wp<&vt2lnmH3tG$J=Bkb|Wt4xu3Jy|L^Pjd~~uPyjxd zmeS3w-EXpW(j-!>k(S2Ne>p{{sW+#f9u)VQj-l*7Rs3O&CCLCFaVNAZYb^(`k zrN7HHX$bY|$1)ly%$EeWgaO9WhylnL@i7!MNUlOgZxkwp@&m;tl-?=la%#g>_1hs?{do!h8yfWddFzmAF@btnOA9F%>oQ zbu?a^v>TOW+Pf_)Yn{rZHUZtDNu`@Dph9R_0a!Md@=A9l#p|wRoy`b298?UA!@<-x zK=-+K=sjz|FvbyD@hGhkX2}aG1}Z9mSY1P&Hr(_6JHjt063k&0!_CHM*=KTN>?4YV z^2&+ih=hU>k&3M{<>YN zZV&|n0dq=5gs1A6!f6kjN?l&s!I_d;4?J)pq)!xRc@eZ4-+KUi$OA`Dk3j<*@u3th zkNGgCXQ<9b@EQTkbNxIOG@GVsjv&}kfbK+J5};i_hR}XbS}ha-u=EmcgyEOu#QFLJIFQ zGh^wXEIUM7sBs4rVZw>@z_}vVDC&XC*RNEGHM|0+4~wt6?Z`T|hR~ z(;rWnfNmd#Y(3bR17mhzJiD(6u&N8B6fA>8TDW<2ViM4Qu6)3t8zo`b&5c}nrp^hV z3DAzLn;Wzl`R6Zs+*X*#630-RTafOAA!XOi45?dG)=xyUQ}k}JYk7@_69A=mgJtz! z=L)Z*2pRk6#rJE6qQ3gn&2@eCrt@_`a-xNobgq|5UK7+yPI;0V_z=_cQ`W(dHE32h zGv+-7xG!CQIOT~fs23}a5vv0n0evHgME!@ED@^$CG{h*%6#0ohvyKU4xED%gKEO;G zD}7m28kvEQD93#H@RlFKf#D*jcH0ACjhBfKu+X6=c#WhQ~8!FmR%%=!lioK*wJVtPCioX=#xDCl zXqc9N2ZG~5OlBJ(xhXDFfa5}JW=r6>5k8~L?=p|XJ8c#=XNEqBZiEs>A_=t!j#7^~ z?cy|0=_f`B<0^m;=>E@#j~{OvA3u7(|LxnZv@21kRsU zPryku1~)LofwqRINK^iLZF92a=X8Ru`f1J zAo|u$Rbw~`SK7D*#e{J(I<;XrQD=0D>8kg(J*baEWLzdR+&plu-EA>bZWMfoqT)h- ziPwXO&<*a~yrCtvM`uVg0jC$gHs7KVp<_AU+~}3HVh$%x*_y7-*n>*x4E=UJ~hvrlzz~fLc(LVRHUqg^K8c2{;oE zbpQhuAVT5f<@W4lRfIgU64@hbQJvwMz&@q(C&$@S<_Et;$4>%uhif~=%R{k;qaY8( z^kho{@UNo6UqOJW5Z!L%>5q6M;hg#>MTp-LdadHW_Tly%Jx@S)13)gGmR25rm2Mxp zPEtRwY_7S}(%eyLI=|JNmZqI<=D@Tx*WzjES9nyK&h;xkEnUAUy8?<|)oJPa4X_nZ z{Hjh%9}J3L)oJPajo1}X{Hjh%*Kfj3q4-swmTr*0eATC=8>Ee2^=awD!SU-lEnWXr ztSUHuU8kiR|LthDa8R3OeIUaS-}q5g zp={#fM``w^>l2X1*;Zj9GMyiSu8uw|aTLWKLcA5Ogae zq<8n-77jV&bfvF`G8P#SgQp!i2ZXfm?T z?cU-DkCKrUeM%jDGY}!c3LzZ}$})mj1$$F1tZH;CEECW@+z{<9Ivz~GKcvTj9X4kX zrvq4WQ^?#9bc>sEL|FfS>1PJTg5!b9>mYAeUBL06v{oDSJt$GHqT@ly>mXg|hy-X` z91dhz|4FZ9;aJ%5z!AynQI!osZ=plp&Lf9gzO3nlS0++$_zab|uc&EZ;udY<^&?{?83%x{TIXS7587rcYt3Bs(i8wHI-(x^7Z*#fHD2_y&h)fXdO^x6;X>)udkI*gjHdw z(hyYUZh}I8;+O=F6js$`{p2>wyIO!}1r)RTYZ}!W$_An6Oru%sdIB!9FwQy-VcG(a zi8E#5PMJeY#r1sz(4GL$y(Tb(BN#QaL9Pa_l~AmV^eZHMIM^QW=^~(bbKpJm*5Tpg zfTGJVm>We7DjH8GvW3j$%H3iOVq&Ci%=G zf}3QOpDODfiNZ0!eNbElfSEZDQ2Br&0)~Xi1l1~WR3ATv2+SJ*uTGR?a=coIdEVD% zm!~R!Jx-S0t&~p=r>V`>G}e2S^`D)jP?Qo&j@6tQSg8aS+gm1}OG12u=)u8rm2&D+ zmSyYSjpv|P6dWxmZhLZw3FzLmyu%mklOaoO`I6tO8w891Oin{o$edwROt++ zBVriYTDNRjq17FTba=05AY8Q-{hZ$%PPl18yJ%-OIC==bcYy|9$cP^6KpJ zQ|I*Z{Nk#+xHV+5V%S+N=b@;AAiO1i5$2>Mj8DL?44FU)BUMM`LbZf)5+e%5i$_*A zD18^8C^!I%p`Rv@d1oGISAG?E!T=PrH1!UCbeSV3psUkhu3c^{Kv4!dxq)FyB|D12 znCDN0q8Je_cA(M}EoNj=ce4C9sW0`0%LH^I9In&$SOrCnLL_L|_yY1_S8!~9$cNJ9 zLT3F*31C{UA^6^U272Ez0o`VrGkN8WPlMtt<5_`3#*i_^U@Vk;|48WMCV6xL7u8+f zjJv!dw?JlJP9ly&0L^yQe#Jn1zyL|OH{V_t-|9}*z0=pfqtle)1p`^?T^yt-*542q z`~*W7`8XOh)w8WA>*vu1iluaafOfu014p9`Zk6V;iA&N3ih4sAB5l1T0q&2pg#TK; z*)n6#TJt&;0hxM7O$TL`f8DySvaN8n=U;Mnn51()m-gz*>ZH|=y=2o|m&lxlqGh!% zLh)*Qt=1FJJ@k&f_1t`QK+#G8UWDRB`f43xS!-ECN^-055)|zu<@ZQ`POjU0H0jCL zpPbx4k%!EEBC2eO>O!zIWT{#*$|Xm1gd=?#9i`CQo|1}zMNlY2v5rBs4|3sNk5CA_ z7>(pT>W7`mLPa~g7H91v%H>5?rL(7%jp{y9X@`eqBc+#@1UyufQ#<^nx5J37DGrP% zg;USiQ<|rFOAlQ(V2en91@2-p2v<-B&4Y!B`=5ybE*KKyDDdrI@2N zT6WF#z|>-J$0@Y)UZiv71jHfq1;UI$cK0Z~_^5b@iRO{NYm}d04oDj;#krPzRkPi( zl{uR2vbo(+a(0{Q&+97Su8s0Zq& zDl69cMg1wLXJ$)8>q0rGzaxP(E^R0RcU75yZaUEQxKtFO80m=@FC-VCXzHmzMqtmi z8Y(s2MQ%IF&6u^G+x%=H4ILCU&zN&L@WW&dby5Kt+nKiVqHjt?l__m46i8c z_px8HW*8)L)|(4|qwF2K8LZkI5}64*(ib_m;x@_Ln`a9SzF7pIjmm%uF)HC{j{918kV^fZRq8c_(Xg2YupS1cR7R zt}SWZ?8p>A8LC&^&yeRRRtBvQ-aK+$;bEYd`shx;D{V-BvOs5`xivsk2U6dyDO!9E zipF^`XVJ}ewKm~ezI5sXk_#-Zx!$kwdIDb@{>Rmg#s58 zQ}byCMK|cSq<~uq4%-iMnzmN+nNTrsxkrH<26u3-M9;i zD$r$yi%uw-O4|WMmAP(RV07c6OnN&5il)*Iid9g5%mp&5f}*OlB|wxux0~6~5-{g^ z8M_2U6_HI!&)Wk-3B}e1q4+ZlXF#woYithyWm$iISp%tCsjpw|Yo$;)l!K@81w22&#QtUM-cTt8iZj7jhkGnz=){FDR(lh{b%V)hQGmw+bW zwi({mkBbo;A;UomksMRTBCkgc;r5(v7s~p%OFs!iCnP7}=Ohfr@={9*ONv4S8B)-M zQLr7rT|X4vYUMP|QibFh!Uof+Xc$^kaKu%W4XBqoIQK`uL;YZV-z8klaQ&uiVQ-W)&1NVk3(&0U4l#NcB>Ti`)t|a)@Ia%omUA zq;~y0nvI#yLm3mG=+bB0OBEokU>)+hu8isN8qo-aney^D%lh3{Y$*CG?_#^GKVX0jMT!QPah)@NCJ)8)JT{t|Ya822%LH@-;$I``VX~fUSa~Q~ zxp$^Q@sW!*g)#x%Uc$yba-p(!aWuhBXp6#^TU zHY(d8ST!tP;(i~a#w!$tBN&0bm#_9Ee9@ghgwX)mIrbkV%qQJ-LolO%961tbAb5JR z<(qo~x;|X@wx)=2LXpRgJSDkgHrY${s%XDyfRo=kpmPL5;-{f-f@Bnf2EZQj06S_o zo4v%pM!YGWdo<{+X9n|5bnViifg-xYjN@pa!mnkZ>>$Z|IZcq^!TGA`fvScrp`g=w z1$>GE6mbk6HY&jS0mw;zOhPgkcjP7OQxY*wA&z+Nrf_OhG_?Vf)dg~z`s*0sipoR- zamIv4@UC->Zq4|B=FMxxa3|o(EUgqK2sKOm z=*uLXrFWh55RH(Kr!i^%Nurr+emg|buMvYBvp&`l8YH?)|0wByP^l~$Pr(qiQP&we?7|L&1a&?=?5vSD6S znle|x!*d2fMQO|ngK=2a3GIh{TP%NM7+s=?Sa>5 zZ26nwNQT`GafDJ=(?EGmevCY|C=F45I{W4P9k}eAfQ!rXf1F&Mf!AmMly5#pp6BWR z$p>feUOFqTMFrC7WK=j)?aXWgQC&vN9Gw+N{4fdRRk^WQ!DgjqtJ0EhmlE>jW9=A>iqgU;4atEsb%3FTP=+bbC#oN<$dLcUF{Jdb2%t}^L<_^eX- zDpR=lTc-2n#3x}JT%BHgc?xtDh9Zt56gq1;frcu7F=QzeL5~BDRVacgF=Qr+Jd&BY ziqVKz9Af?xg*bYNxQeY=j1nZP19Pnz^bo&AC^DfDHTLMN!Sd3LY!mcEqw20W1AABo z;3rYQHXXNl(tUnVJ=an!5a|t2uK4(+6Oa-0S|>(6?vDY2zJ0QqFq1{3+h{Pvg(mic zjF9|);c5Ek?_B`tAdv>m`eWluRA z{P4^>@SZhb7z?^0UV*gRrg1tK1FY4=E`>dRa+CRA%KX*>5SJQ@CE^Ml5=T~$t~BbH zSF0K427H6U@lyc7KTqDi(U~-)d@ErtZ=?;8iaVWA0_&vDhmjD1V@hstAag{CCiKM3 z`bel$0Xqk&Mql^kjo~P)g20d9$&)J_KY7vy|0IbVL&8ul1I7odncw%UAN#f1H{XDN zQuz8Oew+u4x9L8QI8xtS|oR*iMiED2)Xwh<6OJ z0462LV5pGT8e|tFQGjTAkgoHDh=F!f4yT`bpo66S;F^IR3dyY;pa3SkfjE@M6M8^i zt@hzeEda<`{(VoNwZLj}8-)Z0o_dFWi3U64qLF6y#eUXIZZz|@l>2DERR6BOJABwU!4uWQ2;V znW=mfrA{Xb2W}8$m_+~kfBz5i241@+ddd3x2AmrP^US;Z-~ao67(yv2q3~9J(~pE9 zDzA)3-1Et(2_udv`cr|f`OG`8RzNg6!coJdOl@$|kST21pjCP|f_IG&4%*;ZtuUNp z?@l6>`gOGQ;Er>HlT9w##F2A;DpqkiyKHj$g`OICrXgOdr5ib2Hg$gy1!;tQtnNoh zJW03i-&Oq|!QV%aaYP#fN|LyLAr|^a@OOz$KX%2|8o>f7vl3zeoADJ!w4ZU1{tdp;q+E~B~6nFlwbsqTs8Al zlYb=+2L-B?OXozWJyH9W2QKvOG{QCa;X}kyt|QYlrPtYDG%lnqh0YZ8g+ymW-DWTx0_$-E$V?PNY1vv64f|)SH$Ozu~ zB#OG4)rjpF$eX^h4uuhaiy;*f(J+yII|IbL+7$r-0gODAfDsETM3W>2P@1}Bq=!IS zHdCvoGE=KgGndn@K@PQkPbELnfX`6Z`k-9{I?i^W0!-8Zu>FG5hg#lgOT2G@W)DYA zHq^fwcfS5>(x@o`QuP5Ew;)1-=1}CN!17m5>nHDk05n1ZmM-@jz&!j zXrBbo1k9Rx%xa4X6i71xK+2Q2R{Kq$Pnx)znMpncm@BM?oTE`JB~u+(PTr*vaxRP_ zl0-ggm|(D^uU@Dfs)>7=4qM;^=B#*B(L;Ti%u|dAM+2{Ru6yo79Ewd)>gN1HQU}5< z@u3eH2Pl%F%3kY#!00|;1n&e7EVi-l)lL9Q{2}ngw)Q2}8^Sn7k?2z33!(lHF)pK9 zVg_QQuAPfl5y=u|_VsLK;Dg#FX4j&2h(}n^^B(e{ko!t=kdYlld)+wcg_sTB5q^na zFg^(ap~E7LQr)KjhI}aIB{x+%=BK%gQ6^6uMaB_00FvN;-a;yc0Bc4vV5e8BU6k*N zGXSY1aw+{%B7_!M)xHy?LXc*2t50sOGzyaI0(zzp;V36O3rtepDVQr7rOkQj5wnOWGlcC1EhKxVi?f?BnEC1q*AqMQ@o9;|BAwrvz_N z#gI;^!)3OA<_qO~B8UPKWQry7(6*n1;n=Iygkm5U&Op$W};q5{OkOIo>(*`DF_sX;6s=*BPlUi2uFFpjDYy8>66GuF=tJ| z@oq4>Z3a z4-)TTfvrki!c+7bj>1|FO;VCLg?C5vql_(>~{h>0n+mC_#strct zhSDBXyu(J?R$4bE!9wkRlV#=9d@1)D#&J7iBBp%)+yLH59DCB8^UD|g`kQaGnM~n< z5T0Ux9oA(}Zvd?bhU9ktsX;@r3hE0^@^|&kN2Yz%d^`Oqz^QDV&yQYwZ#@QiYp3Ib z!x>*F0a{_Q+zu+liV|F`RFsw_kl8a5db}VI$lhT><-HwZe<&#mr-{!c<-^jC(1&3t zcNdI`Tk{%?71`?8Ryk^$IBeToV2oR}+OJZ75)_nHNvq))Tu0e^klPw zatz@O7C^^L6A(cyaWrV_EvtvfZZQ|E#;6Ywx&;(9B>oE}M`|xmK`-GTAV{%t^^Kf= znLQT|yoLXgQ4R#1A`}m>Sl$3LKVeL#s#cdINH0VqFoaAqa=`)>clx^_X4(oSRJ)fj z3dS#ueN0=$nwYT!v1aSA^`ocESTQ9rVJHBMgo%Wu0AfOgoE44%7F$!0ePcdhI6yw6 z_6DO{1M@*@D5|so26W@AL01z6LRz0+RTUi%{h{*JnmckB@(W+pGnPL?RB^cO$lL4m( zD3T7LOfwXgb$ScO0Q0{x5ReFgAfZO+6JnNVbpNT`f~nq>>sKDYDGH(mq%>>RmG~gz zrqUBf;GCLOiY<6FLIH*xNfDv;4LDU-7v7M8q%_A~>)87qG{BQ5;Ntz&*}JRrlQ-a} z%d?Z$=kI<2r>{=l{c`4kCr@gB=R%PV5?`ej1}cP|BxL$FgpBg1!*{*RqEK45LP-E> z4RC5bpj;48W9yXPHmrDyW2kmu51~kR6L{b^$iR~)+0odOC*X>JCr?Tt3oqnL518P4 zN;$+#@)57r02j^ym~3%Urd+&x{rU9HfrkEJ%R2y#BEUOf?{&7cFHuZ?krL7Nm5`{d zZ$hxN*Cfa)8vMTKT&Sa+q{q-7iJ~&f7}Lin3{s+6h?J?FK5mh821|Rv5wHe!)ACy1 zw`;X2!W~aIp%{j&X*y`?NQuo_?L^7COzHx9vs$wwkx(~Su1EEX0ewGq2qPc{VX1i1 zCr8=V1xX|c*ZXQjZlE+dIdr{$D5aq)wxyR3=BUlk=BrteF-u?Xo%bC&@qX?9+m&6} Ym0j7DM_K+~00030|7A|cjR2e+0JjE!-~a#s diff --git a/assets/argo/argo-cd-6.0.5.tgz b/assets/argo/argo-cd-6.0.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..97de361bef58fee6b2c1591d4c99b6eb0c8dc79a GIT binary patch literal 161818 zcmV)RK(oIeiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYKciTA9Fgl<8D{$?8C&|Rr=3Vd8b01lD9LJktdCAhbF+@TX zVv3*vP_mrKf4>JC2~yNz$4RGqoH=LO0)awdD^wL~fz&6C>y?{5NO@@l`@ugR{a>Y0 zsjRQA%Kug>mHdBe)s@;ms;g`3)zy`i)s@;mD%ILrwek;8d3;pH|HX_$`j5(Y_mv;q zU*sPQL&71)BxLmk03hYK3tireJ0(oYZV!e&Vs-GJ1pokWz%>rNI#9))ECawp%%wOI zFzR5xA5k(u9`J}8_fe=|gD#<904XLh132_4Vhk|ESHk z^oWu#B_ErPtnqDBYa^%3~CE7imacdYNb?J@KA(84}~s9tiIp?mxLZxi%F4(nbU(M6v9p* z7hHii9~JS~8GTIf{kMrfGoJDCh&(N^TWBbISk% z54i!PkmCVb278#FL`l$5FG(dNU#88>w~z1XoxssrG*|5_?k_i*WM-l zWIv?4U;(=V8GFMxu2-T6dc21`;xaMMC@eEBW}^%lL!6ZZ;*(Mo`U}@+G$hoMlW3sp zKV5IZ0Y2s=VhdtjFAA5n4{^vL4iS|w(v_5uX7A^P?AkLDQ&+9&T;nfuicnb~Vb;$; zngf9AEhJ04UaFMV7XEC?_VjO_f7$y#Anx_!_c7!CudJ-DkKO;3m8bjvXZ*`k|Ecud zPyr8y-pE4(6p#o}ivnr7QAF>tj~K55)`PXR_4?Z8R(ES_qt@+s-Iev~)~dIzx&M9j&+vJ_-?qTwS1*+KN+IbE<1+ z)vbDMtzKI%RaUpwtD7$?TlGq1@rf2q{AbSp00uE)KSltUdj40|S5{ZX&i}^x#?$%# z8UL1+46`M;sxJ0pDmnIrr6q8Rx^u8juD7tXw6L%Q90#;08DI|qDCr2mA&3I#B0##} zO7THgl1VukAWE^PnH2#+v~F{XLmzMgx^WPU0MWI;)uLg>#0LRj@oK^RnZjCJRB%iQ z;5}q9gN7z8gJBQ5J%AaA8S+GbNNj(|5fFSn#3AUz5O)#d8Fnq#Q_@YNwXbWig(a}x z1tSuJAq=?y%~3xJ1n6GE;xf>QIdG-u1)%E+Vd#332{?cuIzV(`Ny2bpD5N9+BW#do zpob{3_OH#26zv0fNnVoJ%Da8<6^qqAZ8pN~(%zL5y|GP5nK)1YR}Isa%TH5ggyc= ziURB^@mK6tv0<3lxd!@B%yx1@XdD^@o2r6FkJA_}ERYC=tcSZ?NYWBlB{zwECT1Ga z4(1fn5s0xTQ5KUcZ&p!T`6+t4)@it0SrA5M?Qrf0?pGM zA!X|s(a7rh2M9&70wAH5zv58WTmax2p(xv+k?IS?Ug;nJJx?7X(XZ~y)+&f?X&QT; zD1!kAU_KdK~vVhzg=c0uOj73dpFBLJm%m+)i!8<dd<>tIFox`Vnf4miMl(N2=B&PWc#CH;tm zDCBaD#pk-lU2KOg@K6_r$P=P;%F3yYpH8~j;OSVH1Y$FPH!&O;tw}=tT`%n{p+s_$ z)k-9g72+KFVAvxJ3AEIJRBg5OQuTy{%Aqew?S$b-kgYffS|q^k++)f$tAqXSG2tzW z7z%l^#%<(Mv5b-ix)gaR{u^M3Ijfr=ta{9}TJwK7PtB zW@s;}U>7k#U@()+LPygE$N&rh3^<~pRGmpqq=!ITwK*c8IMuAA zs9)M`W>oqH()gVb-w%+yS=1pE<8b6k1BTp~Vm^|ZIdscQveEyVL+&`>>g%^F@Vt!> z_-Kh5pI(TC){UF0ZE|6V>$btpnb^o%TU%Dy9wl*P6?W|sgYOZHBC&%zhz}78!G25P z-Xn|)wo!9Kh9u+gi=@P2>QKljMhQa@5$_q3?U>YXiX{}k8Ucn3sdFv+1URaLYNb@G zlvXOG)rvwc?Xj*4q$;q~ADItXst_VRB=j0YimK6AF%T0-gRZSAi-3nDM1ssR($$2#2dSs1tfWF5Hw=6rD(Oy+#oT0}$}eI< z8X1I&CiOw+0Ki8Pssm9{1i25n+XLuU%oR%}Jky_UCTs4d74;EIV1jEjssm0U5)gk> z$_gNNBt%wa07xVjP^|xcnE9XxQ9V-z9I+sfx*WUEL6Gt4lppqKAA(Va!Kf-h_kXd)B%AWD~mft{GVf{!(p;l$4$E}E9m=O#R;1O zA(*cKbvYn0Uj|qcLoYcQlKN#^kgj6a4Bqm9Oc-pkYGTFu@V0%8hILR~FjHw79?Y|t zqJfa!&O-({W?d|#q&nCk$Aq`t9`fSACN&95E|B5KAKi~XXzNy%B%t>8DG34``sa}c zxj~HDW%UGGG2)o|s19mt|Hm#p58(jfKn*~AGidLI158OM@g6{mmFy@OPC+R3?LPr` z6b@4IG!G}!R4CZ9FCeaZ|QHw1okxO4^dr}b_Owb~Y@9HUfq;e-9opK)v z!CLKib99|P3}YB*k;8HOl6w$n_s8!%IaE_o@PSH(_sZm>)i51n`?UVF{ zTiuL?OY0$}dlM&>LibuS@!||8JcL;(F&~LeA)-R=_tg+mtw>4g0zwx_hE<+aHSkjM z{)kE0RI>2cm1+zjMlf)?-Dm<7b_sP+UlEP*eKGmDH4s~rkL?Ae-oT+>u9a4tT4}Ys zq;w~a=+vPd=sNjMm6oL>zLf&vm-Ki2zHM{7!4>LK55~h>Dls{8+a_8g>_YsNZ zo#A2Tk^!OscL4+;8m78bqr(I~;UJ1T0cJgQn7GuC7+r%B{uRg)MdH%K0fx#}pt@OM z#XVEhrHJ+H?F&4}ppaR;DV*pC8aeRA|gqsXN70RZe37ONLK1u*kLW0NTZzzr}8 z`TkBFK-lTHuIC}t?N%z)YOS`iQdn6jFzVnpF-AkbtuJ5+G*VGB7=hpZhmk(|e6ZR6 z%w&y!*C#a1^+%}B@(7zZ$q|XEqd+)>`er>&_IH}u1u2$(J#=dmSKXRm&n;LsZNGCD zQ`Fc=N-<-x;DXJ$3W$%xQXjjN2!5D^0S=M8+0J&48^>p#_jk&JTB(xmhGg!Whx@y- zLhf5K)eHoNlcJj#F^;_boilQc!e#(*KeLj)5YTgLix^W{wM507gVuIQ zgffjB!Oe%*%M?YF2)R5{hWZc(iW@5AOh5!F>?4k75$pXpOp52oPMF27sDc?hi`6d2 zTu2^XUImh0$AXoJl-@$I<%ZWWY7NEL$ZMZT9gkoKP{2^>fo#u2L=|&*G?fd|+#+_f zvv2gr5el6%6reuhbYzs{LQ?WPrBHZ|N`46}5{?2V`CMOJsctO3kZ=eOqEb@**|VhI zCJDLV(-8$NDi(}mWObct^zF-oamZsPwwH?-BN|sX0aa2JN@;~Us8wb`Rog{w!HIyA zIvLni3wAp~F79F>ALtv<=(#c@KtUJukYEuwNBxM84*><;lBiKK_a75ipU3K8E$!_z zeWC)VttN1VC}BF*4N7^?;zBQJj%y6~dL>z#wt^cKtjlQ}nr?@f_e5`Jhi#jc!=Y3k zj%%$hgm5o;T*+JaDC!E<4Ts_;>hXS1Qcr@oo4!#nK;tk}O2ZxwJwTCQSp;`XZbu*v zJwySEI}zkP;Nh-(pIAc~4MyH)WJGXw7Ao zM2)ef)4c88hy9k+G-x%D-Ci-GCI1dbnae{zWV~};3Hsuk=$Dlqf?_Ul2wtC^wS?3Y zk&r3jT55qx;7qcv0_w7SbLRvsE|%;*Z%bVPw4|SF>hh(SQ0(JyA?3Rx;;_jZTE6N5 z5`r+H4T8~(sa)BVEj8v%<}PF<&x5mw*M~P~r;mBy}hm@J1UT;pL1OFf%3r>SmWL0}O_6#N>@11Z1dQrZtro z)T7^r4ntyFiQWUucuC*NFp3h&`eM8AFfP+gK#0`vtZ zDgK(ul1W`cMwcX?g`a;cK>E`Q^*kn*la+o5+m_CjY!DI-%t&lpab1&z{#@Ggo#UoP<$sQrP10? zXk>wWx8DV%kGU8-p+Imzqh)zFB`1k-J?HYy;RHyjZdsaWNemc5VlrVAv1LKicrLCKeH)4TS1j&asrJdK5{FopXof_a9zejP1?RFjYf#<};+U&Ky`2>z zb+GtRX#_sm%IhP@-5#Q#8;5Ss3CZK`$Jj$PAYf#Q8g?ngPmPni)4h+ZPlU!xH<%Ky2|HsoX+6LD*_EXb@!;y^Hl z;*KLUxpl7m$On$23W4K5+9wqJ&%y5de=Gh@v`*gJ1Rkr6-QDWutId_htDW8L+KQnD z+K3`mb+z_dpmn}|xZeZ^yYIpF;Ysr#)laGFhE`jRcaL|bG?iPU-F^+OLoy7F`3Iq3 z5AzH?c*w5E^CH%(lp|lI%1ey(9ND!ax^~p!$+ceqfU(}awoMk;y>`!mHT(iyP&zy6 zymv&|K=pkL=kBs$7DS!8=zPh>skn1t%upX>AA!aLVi_iPn-`m^UyZwXq?(vtmyXfwue|!DmXtY71 z1Aq8xdn>%=Ywu6#`=c+%@!s0;=0<$#`|Hg^+97MhhIdvTtq&^wgNw>}ZCJVdPS`!w9e5+JX(wpQJeI5$_0?_jeUeAwBq9-r;5NkmVMZf?Tsi#yt{w7tFc z^AmD&aL8cCf4$b+BG;F=;`M65*51LJU{+t0LD|o?>SyHEcE!(~#@oiWDE8krzifow z@$FkO^xe1N7uItR=}l`FNQlUIZt- zJ@lT2AK;OHda(YobQGN3|WCwod@bWn5wcVRe?Yuuay?#3y@zXfOUf0qciHOM+3J_;m+e)r*Fuf+ z=Gy3GXXibp@BO3Iz2-)|8{YBo!w6nnzTMbf*{n7WR^NJb$k(bLZgy`EI&Y)1^W*U4 z?w1>KHXPg>e_6f0xm|mE-rTR8_1fk4*C)4cn(z9p^UDvN-j}H9udU;kHMqUr>>t$L z?DfL6jf1uRm&(zxxBafMTD}a2uh-v^*5#YKgSF#PT)W#|2^$}xm+iG)^p?Ghs)OTd zdC0z8oBi6syc4_Eh?fZUAMcR0_TTp7yQA&+z`I1RR$syz`_gVl+XoeVgL(Vy%eC#J zt%F{KZsR>(tGtQME{-=q+E*Xi1a zcf0ZC*3f_ZVYPF^R=o9&4M& zT!|~Lhx`xwa1(8=@9x!ZPMU0=?Nr|lE4OWgTRTCMZd~7NZ5$u=k2=x8*}L^!=B`wZ zV{)^*`??vs8>34;j5fXfjrHB#-R)qwi>M+aujG);TymXY{ywNsj$0<#$~d-5naQ}gV$eH?l!#YeslHU@{qq@ z-9W+MO9!3>*T>aJIMc3;ewr@E+S$Vlq5ftR~ z!}aY+@8#jaVR?Jd`B28E$Gv@icym0$h`jw$j(g>e{lRKHdR=xe%9YOQdvg<< zZs4_Wi_!NkJ-*oByuUNtxbBv>Hd4+2vrbdvZIgYeb&e0t zw%gJE`<>mr>#c)Zw%1$fkJ@La{topL!RmWnfqSPX@7HeL)y@yv=wuMLR(ICVS~mx;swAZCyVqNt+pTx!-CD5gU7nRO ztRC+ke2K&Jo49&=vR!WTgPqq$SFEaeC4AUyds<$yD>tD8m>%&2_ zu}Zw{;IPu)IUjwfl;56r&(3a8{F3);HUESSUS80Pv!mZ?WnWT zIbGYnSljdt-i>ay8e8XRd#wqtQ7>Hk;P=;WtNjCVG3vg2^(w5bd;7;fV6XH;r=?ZuQTu zNw7)w_p8Y3ZuBoNJC_&TO1Rw*Mz!k8@PpfLp6$2aZgbBawcu_@HoC9g9_{SZ*2}CC zbPq^p^M#I#1blJ zwy9v1_FRoEv%HRc*`kc=ugQo0NY6#xS~whHZvO`AB{}r!;3MmO%6x&;XLaz=ahJg} z>$hi%basPG)zif2#Yhe=J_((EDSt4*pn7 z_Sheb%ixd2Gz^3KJgBPjKH|`W9E#Gf;E%-+_K~XbTjO-^q`C9C(Q17@ZXE5Z`pJWM zaiw;v(bP4qm6gE%SbRlDw$<+O#phQiC#wEI8ool;Iym3n{d}=|+TK4oPU|#sBT>~F zt$kCq{m0_+AB)?Ns_z|m_s8P5Z{HTJSu>{J*|`DOi{@AK`PIJ{zz9#9`_Z$l=37= z4V#5ZY6tl^B}E}ufbl@dd4Y5gq=-s8{W@6upRAE4;G+EBi&lLeu%>iCXcjn>6x-kG zjSY7ohoX-TWN3Z0$mt;IX>4k0v*)Jvy^~`bq9uPOa^~X0SW!66bo4JJZ4ur>RLNV4E-C4N0SJ_z zl&poI+XL5Vq+;>`rY-$F&_MwiiVl>tV8`>xQoQt6(!aF=+I|RyT!vLuiu)|tnF)KBaYCVwN$S*oDZ06prD-=qYB*i*@2nx)-qIG~X(Udodsw#VubxSgk zVF-g)1S>ZCCh3yLB>Re#1(H&}J(jL&S=4d}2q!r&N;F~(&+gSr&J zWL;ZZMJTlBh|Ro&zVQMdqE3&HYk&qxC?>T%%*gB*c=G@~gp+^<@L@o=jUkM7)+>PC z$yO=q=KOqrXDalma7F9;&IR#V;Y<*p-9)-lcH=-|ry{B8C?yF{ z9C89sQGlDo!{|>UIms=pJS1Td=)h2*A2TkdA|#FQTrn^@Ajl`yL1$B(1SAeg^Jvfy<9Y1RxU!y(Jxtk6Qfq`3bj%l8)6B(*MWmw zLpd>%-=rC~>EWu!B}@-EVQ0Gusui%f2&4w?bL(;k{0DFf91lFJ{}Da|{{ezsddAAX z)kfvtYOwrFyX48Oq0W0ljHG36w3M7?1_}DaOKjk!6LAUb`Xz9+SgTalol4cI)Xu7F z^~!3!vi4!|O2f%$t`--sz;j(7H>~lX6yRP=$L&be$;Xq!Ap+_}4t#93+ko*=fY>Lw zp+_Xvk$O#>8x`JAMqOlx%e}6==VDI!(q}dZMxamPP{q`Yl)}yf0<`ki)A5m|J6M=p zZ&{DGf+&h|;L}ug-|?uW9wgPs%Q67xD9|2yQsB@(|D&Q9mKgR>2U74=M>UjAT0SLl z=+!}hLjYZ)wUY-}uprInSHWw2DM)t13hwOW1ge-$tj z$htu(90Af*XAT@}GRsF+2K9&nGFnL3>~s91rO&ccVl%VIP5&(Ip|Mx(i)J2o`B| zy=`b6z#&UZlh6riO<+PhCd;G$Ir@WEV5_bdGgVC6GsyujYP1w3rTMB~`iQk4@6~hV zsxRe(zNkp-XFS%C-JOh{IjeFWq(bf-OT1x$>=1iMU^_M8^g$Tm)H z&Zz*#YN>+bSz87q!plhnZ(_Sxv$mO@VHD*;>_tLeBHbhu|3cO^+=}S1kp7uO*eQRXcAwxhb*snSPVBJo(ioUYwBnjkWdwUn<-lCLO}yq4^mIYSnleW z?_T2n2cSy{V^*gIf)<fu#orDxBF`m5A0w@W9jn>wqws%`)76-NeZJLTtYSl%bbPu; zpw@}-a$#CgICv$dW}dclzus%07HjJovk&vCFL?oVEholok)u_ZqJ?5L3aYCQP8zp7 zKi4LOVPWL3iMP6~ET4~y*Nf9kI?PP$eu#Mv8Oz~$79J{x4>jQ;tsFv{d3erV$gmSw zTm=R}OJV;U-6HozYF)IX6Z#~YekqneH-U1P&X%NPdlfy1crWC((8eAtmcg@;8%yzR zzKecp9-iz=YI#X(Mugay48#~VK4f`thxk6v0fC;w2?-MUM$vo#g9wMH zzG8}tETZHGV+^%qSnr`&G3Vw4i1|<<8t-saq*VBcF`m0CUuq@ktmTgmrzzE)Q7Rm6ZvaR!`A-ONOg1jWgYR2UDP{5L%?MAU+I4gZq&_{jAbgfluM_8x+(4A%*)z-!v)z;RJ zuzunyMl9LOK$5Zrke0MWfyHzl>2xdECW^0BpXy+@{KBB;HW^`l*xCBaG|X z`IH$ScaGaxm7v(ZUdXg*i=A4_igqhnSq$Rz?!AyDe4S2eCJnn&9&gqZPRIc>#<3Iy ze@K9|b4g$n_Z^1~c1*%kLhScFilBEA1|w1Y3I~Xd7)O1pf{dHfqIiG<?N_dTKP0;&7TV!lNWIe>k=8BgoXF%3YTm5!01uGp)}aOgMkC$5L1*M z?~fADCrwU7RqP>(JXsTYTCVKD0ST6uSLGP;KA3JGA`fCriy0IDkU=&mwRDHDk89H7MTD)YQH;kBVq zS8QdDG?6lM*iKgxYi4^+Fol}ym=pD0+-U7*6lrFf%%~eSLZ($aGyB?B+QjmltY__~ ztZgRFs^M$Ll>fQZgOjxS*4!T^Z%_#=6C&3#J<$nTai~}CGmN6ox={700TgsLE*YwZ z3zS{%Mb3)_7>6zXnk$92`6jG9wduFst&nJ+-)$J>2 zucNnf zPNXsiYhqIAnPBES+>%|&WpLCFv?=J*IGF2!YQCc*p?&|fNiaWZmr39cTnO2A_Uun? zTxv(ioo~LSrBCKe0vI4cQybJLjVL<8jHPsAN!lGow4QVGg&l@M{@l7Xao8m>7`JdF%yzzs;O7(x~|MUBz0K?XcPKNc2NhRFw>WE%o`*J z(*Um4K##;!ZyqR#|l6QQVb#bO=Z4(VO@3yF|6cQVRt3FfVB)U9&k7 zA`Cs1g`|fxrI#rhdXS6dFygclnMWiBLug4INz|`01 ztzlX9J0-f+DP10BTp)%afNB^8Mg`w1Z_Ojr{23y{6YKxP`aiM$kIMQRDt`N`+J9y! z-FRBlyti@m6&TcC5|cz%bTBw?E$s_B%Q)u}=l_N4;a)AEd?z53p;^0e+}G>qIaQv13(?=G?ZbV^*i@tJ5u2 ztK&^pYUZ-kJXp>sbqO4wobA@ZSr0L#Qc-TtFpGK~%yOGwN$6$7CZEf?B&0NR#!EDpk%&b4z zv1aU8mw+@CWx2^!pW4Z#BxM=#`QN{TTB)X_Fk_0EH#XJkJj87sEeHoG(4Hi_&t6+rs3H4y>HLKU^&vw5f~2uuZ_5D@Ix zL7O43Dyq$_HoMfpY+huK4RDE;I#OGi1nfO!> z?7lifHK+$Z4rd!by$e75U0Ck3`@RgT>7N|jM|_>~F04}EmykvY=%ii8o4>QgzKyktOmqaXz-r4}LCQvaLWQ?hd+@DisQZz~e$?DW;0XCE9sf zPd;07z00YIF>p1!L3+VW8-iKn%rYkvJ}HV*7Km;$WeapL4`Cmd3){)Q3gR>sR+by2 zT3XxC^1pdMn;3CvLYLpWT_$dr%w|p3dR$jIkG67_zH*|*at@v4d|Jy%ddn%A%VOPS zR(ombFY_AA+{`^Ek$P8rVe0-AH~eB%)qS+1)5kH*5c2WWM-voCE15HNe-+ZW5@~Io zam>==6liiXaDTjdYO;drC#e^U6pU&P3N-c)-<3~W@o6hQY%AI~-HhkjDQwTU@sj{* zTQMnl)OyJ^MY+dZRh+e(vf5S)+orF&zphQ-eVrK8Y)^1uP}&a1>EO`QKNc$``M<^c z*@7uLa$jq(T&rKx9;|>H(R!H79sZ{W1iA;kpTo}kC%sv%JnEa(+7Ea%TKi?*!G8W5 z=Gym~1UzlGr|ov1?RIbbTdFjJKidNLySjb24X*0;I}LDc+{a9CXIuYeZotPiEX;uZ z9@D}JfF5F8Xw;K)nitjzLSa^Go3jiICm1DW9}EP$@ExXZ>^>H5qWGL4S_fNOTZ&f9 zZ?C4KDQ5QS?0B6;4YX9?VO9t0D;rxDb(+IiajROZKC-c5(axG}u9zFz4>VYO49moO zgv?CFmJ2wP2{t4bZi;C_LXe&e6aIS)6AWE_GEMk}O%winJGsf>2W>VcwVTU{6-6Nj zvovQR75p=wH4-hP$%f08qr(Qb|)Aokk)peP{wI=BabJc;O|aqY>Z93367!+KA63J3BO z4&+x42V%@>oYxJ&;*QLIE_2sG7qKLyk|d8QmmqI$ZN%gBU`ZdF-vxVrwUFb2tb{2$ zF!V+{Lg*k7qB^O2xf76%PWo<&4CJyUbu5^|oQ)f^L~VNzLWK4(ORMO?=z9r=et;A| zoMC^)NWiaWc=RV5|J=*|MyKPM-|*%hW;a=*n+Q>c8Al<%klG}hi8D_cEUo1tKtf{z zNjx;cm@rv=ZByswIq1k7uf+Z`FKiD4n?*u75;5w~SKCoXS@S80qq>SB*oWNhfvf-T z;~#$voj?94eR}!Zm2u1zH;hr=sXIoUnLW|oPV;GVk0UUE0rpajT^IWXXO%EYa#+f? z&!n8R7)=D-Uh>Su5K0gI6_CfQ$TD%F$&jF`Hs!h$9Wppj`T2LY0q%kh;Yv~M;{gh- zRGEoFTj#vWe;-oJ5m5g1ieL624jDJFi7UNcy^@mVh3ursLmD43BLhBLT-150fkd(n zM9G2`YfrFeuN&ex-72+A2XV2ahXi`tFo2;e7P}1EVh4mM07r7gj7xq=vE+$+eMHGE zR${4UNM-fX0suWIK90tYvIkx_RQH)a%d#xHqZ8drhF><15E_cAZSzU0cAonfhpHB| zhosfDm~xG>vMf!Rq%NVZ+FLXZ#SvsEf>g*@@)RoT(H^8;BjmV|Ncq`*EFnQF0`$CD zx^cUI1vR}$8%d*_@G+MPqX2S(=YK2{g!%L^^20dDyq0Bbspe4QJ(4ZoG-cjG!OD** zC-1lX6BfVVMPcIFk6|F-PF()`DXEF9TIu+gry`R);z4V)ybUqJfHY1Y>zTVEgh9${RkN3#c=s~j`&OG=OC&ndMd$k>oj zu_er(Q)(ylM=C#}^bx}Bx1I`zF7uU#0NrB7<@>a>{80o$bCH&^?s?yi?IO0S=E)33 zS1(j*^GhM5$p}9T@nuO7t}+u?N?N3IEDad^kWhJ|3`#nn&*Y)13ORvOjbrTDbZJS- zsfaG92}*Op>o{h5-ZG9!xd6J^WbgJ>qi&Xh1nf(B_^%1YcVZd?>EtAMG3G)QVjb!q zIP}M<*u;k5`N!9-#-|sF(30(OI%U&l4&&M6CqM(TFGbC8cxsK-rj`$f32#%FmNiIY zfGG44XtvHl%yEG4lptjJ0?mZ2(&9E-=jSPaR?@x>)+*!usR!xr?D9wgnWI-rVwB;! z)m8u<)Pn;|sChWi`F(My#Fq0&N+&yH7y=JdC01#E&NR(vZ{)TS)h)|V#^tN0!tWA? z9vNDX6{$V4x+*ZrSd}_j=iE}Sn5Gy2NucYQ0Pf?4M4Oc?X6KO&dv3%YgjsDGX6waE zV=P-*jYJze<>WooVX>DScWEhUNCPToq$$I%jggsO)PeFIq^a1zB{$3mx>Qbp^7r?x zd>F2CIalhyZTIx9%&o*^ZRaHIU*VB^w6LyV3Cz)QstWOY5zNPdorY2xXm+X_;P;|5 zug@r00{h)#!dnzE6!O2Dcfr^+j-^PL&xK$d&TI#Qu{OV^`+!_+NxMcMB8<1Wc_fJ_ zYI73hEGN`eIwCOzIs&Bj-pJT}CT*MgbjwS;hf=(mV06*>NP;ylNCWa$1C1&kr zEM4YxHFp8b>Q~Y9L8VkFRWopkiFa=59)oPp^4;D|y0jOu=+2l-a=zz;Xij%Y&z}?H z^rPB8=GP%++)`QtN7JM+SPKcqF9>b=D{Zp-?ritCy?=82`TX?Iu8;^04<1OFq5wgL zSlJ`PFd)z?52~d~sZvg=mN=v(|86>B&DXolgZBB+pMv3Mw};$o7WY|+-*RiWC>0Ah z-?z5vPkb}@;r{=YX?V4gNS{9;D!^Rk`ZD!YZdJ1$6B9!07l+DUD-4yd?fJp9(ENo# z_A^HPbNjfYTDHe>a#1XdI#2zPlNui^rIrJskHg!#gu*io0@NpA;0bofcXBztlh#S4 z&@WGDP_L9~(tuz|rNT>{B7g%XHL|KW4h$Fxh|dY*9-`TAia+SX==a~Aw@!9GA2*J6 z+pR`(_r)0KjIH5PN)wkdbjJW$Na>6`osyHZ3IXV16nGiV&?;|1-m8N?;!p+*PdLh= zt|Y#X-=8s=5_L2FLkmV@WEkIQ#ZF4d(k@j&E;BkP51=%w$;@n7wJfWa z^SM>!clv%;F~VBiXZadxBaY|ng*<_nA^^=1NX04e9Ni-K1&D&!$Dx8Lm`GQ?ii(3H z?J%Aj(*_3nNLgo0N?<2&Q$B)}46r91@_In@5=+)`KK&9!T|`mnqOywV=)jowLizu9 zW%2(4eXVs`as!M)?g*AO8JMF+G{KuJbN8DY%;AIt$r9>gs!W^eD~UUjlKAT2BkL^# z$NgkJWX~sXz)&oRb8{k12Ls~cuylu`qARy?7gJPDsukU>g88ehrFEPDhw-fg``-Gh z1pCi_+Iu?=MOn7vfBqBn2cUz)vTXZVwoM^|vf3PK7Rm-%(e{_avv;`N(ndp{68r0% zetdeL&rYYISJK8NX0#j-7Y1c9*kphPu>z#@7Z!IEh_uaYXTi*gw7ms0d#tEC)Q|XR z2h({S03Y3>@H_noAH{pHP}MZ2D`AmW;7nJ-N$Cw_VLPWsnC+8S*kS=_t8c*rZdNw! zNYQh6;m^6zaq0Bdyi9>9#n#vo>%4wE~T^I9R6*kxAkI+e(ow_>kX%rSR+>z-VE-!~T2&EOQ06^fYpsmlf^_Z7q{=7Q z&0q&8awLw)pzGl37!Ayz8^I8cm_d|k_(t_1D`sBwdzoCQKn|1m6h^&~kU2sRQjdY> zt%GL!1wf%oJjtLFYB#e`X*CbpRfURZvuQ9fP3u4uXCf3d0$=c`y}sZL<)!JPP|Y_=p+#lkb;1d3M6%dnP-cnv8k= zM9hW|9ZV)fGZP&vwV;)cI8iQ7is3RIrzY26?m#uUcE#ZUe?Wl0X(rW9g2WVsh$(6y zHes5IO^CuR@xz7(o|7;biA&5_0PC+M@%73g3X7)wqPo&U{Zpl~Td8Dp=>>?epMr_h zLaeT?%$}3vB_NZMZ>~WUHDz@$SGV$NT{gb?=02b#<_K^qByCqx6wEj#MIB|b{>_~3 z@9mAH-LZN4gHhC?gcFwpCGb3DC*vqW6u6Kf-~h={zdk!_wT&HpzSl+yrmkvQq$F`# zM^p(hKH`boA~i39F6_5bCNzm!Ak7NYd9$GGx3cVVTM1nIEkKpos328AK!!Svp?P8x zWA9Qek=OtgfK%BxD`w_$dQ<^TOMLkCQOz!0cqBk z6L~@$`S2>(2W@}g46%m*3cZM=F0{JwnQCj96k4~k+C)M;liq|3F=--cv_z%UyyvPZ z-~abpDjvu6p8C85*Jup6s^-pT=N0^d4afQ$Dm|6Ms;So<~(ORHDmLS%+{X(?ynYl*vk?Dx3R5K48lWUd4`6HAk=s$)c{?Q0p&0^PZ_ zRB3Mp=^3(7L5uu>`EFTU11>MA;8#x7VJwg#6L^o3*zZl;!2(HXgj~`va<4Hmc87#U zk#hR3gGI5o7Uyc7LnCQxGecb*BBmdT$2WpvoRdAHqor9Yecfd2Srrt9UFZ?U6B4ns z1ddP6cI(nWO1?hG=o1}e3{Rz&cwgg$nc3U2v4K>m`A_?oYCR}e{Q_q?AV1YX*=k_A zQ;kLuN{_r6wcZhMR?H6odrenmW!D&b+6k`wIdQ!ThE+0{!0GlvYp1SG|?ZW5258; za7dsBjMl?6lpGraQk|!QzKU5-s9Smo*-Aahg*@`L4TsDQg5gM4f{wgTVH#0{;z+^?K zMhd+|QzMDEgmSp89~EDpowaHu(1fA1E0SO#14ATkZ|PwIhA@;f7$6<>M)hr$u8Sa# zDKavIJ{d;4cA@ZBO17Fk)V8ggoo{$erDh~u)hJQ(5}ImGfQKR!$~QI=nyA>sLvkpP zB0%FX#GzkG!S08QizQR_LWDe)?O++~x5hq>>1rn02ssSJ>+1X83FO@T;|Ro2cAhx_ z(g{lv9T*xmMJX~^<-V{CzgA-I=Yeu_iaK37Vh_lH5a*qV6O@VY`RB9Gpt?5lKzj?L%O_FUXOe?@PX~ zdAP3tXeT!zR>}a>&kXH&22jZ_Wmpr}E5RsYj!WGVM>0BeSt~eXj129tTOcO@#f!-< zU*XVG^|jN0z*W6EyF36MVlKrU1RN)M!u_2@C}d)IDO;mCA#)5Y+1@PHe}GR>q`Ou= z>ib=LfS5^Z?|#HbfN>!}fW<{?Dka%=%@k*@&=HAC3qaZG6tYnH1$n@m;E5Tu1~IpJ zV)9@^x_LatulS_ZS?U$2Ze-n>P5vou3|wk8J_}%E48Tc@V_8fc>c)!tcc+@W%)(Jh0jZkik$;8WcFc!!izvWMG60oDBtXoPRvFfa+?&hq5xY8{)8}F)<+fV zc57=Z`H+tqnBr;&>dRtnRWloH0IAc(ss3mjM33~58Ff0`avJkmWT{xEaDXV2smnQZui4}ofkRUB4#&fu;#u-Oq_XNO=Nzvw5%Va>0uj_IpeBP+n|#Olr%?U@|R z^&-X7IL1mh2ARWNGKr+CT6&lQ5+<>oH2zke!wWMa6A;yp`~x(iT9qep$mbbv1`ykk zuwC(6srjRUYux;;t?67Vh^k2s1^r7xuW{&$fjwR?Lqe}TtfP_he)Nc-lNA|2DuaJM zBJ2UAhN3P3L#Q4Rz9D^yKA8A^ph&Qc6(L_y0g8I4k0=ZjQ#n)%r1f+v&s5CNuBr7p zyNJ1j#q%jO9xvi>0U5b>*x_Or4~;!s0Bz3b!v%qaX9gdxP76M4D=+R5fp~H=S;q=P zY-`fz3q!m*ISldX_{0^*BGv#NCmL}*@yb2gsE2a!LfMBGL0%pJQ$D%s0<1bk|F3I7Yc%h`7NJ%+)K5?K4rjSG2>7;^DDE9!>%Ju(*d)02UcK*p4eO<~_N~O5oJQ;pnQMJzYo8 zVdQ1ju%v~K$)ORgz@W0i%s7fAa1^sdF$vm@V zdb!TVXtYJe`2#f;wVK-;vZ(Qlup~uI68Swcv9hYO8>A6;vazz5lQ&SzPR&!?w7*!~ zwAESdp5mrG#ZCL`#Z6lRi)q}nIg$FAfzy_j%&}-HfkpbXBs`%-QlBwHzXW%h@fl5l z$ah;9ddkaQFqO(hh7&OCL5`$?Q+1@IpCodF>9Md6odJHwVm(Q>yO2;iQCT_TEaXpn zrnmbIYl@|&b{YFF;56|bntZdTvE7usrJX6#Fb15)Xj$G6fW=gDmvQKle&PZt{TRfG z#8Pfhi_(FviAn}KC?LZ*Lg>+{=uL{FH)T-yV0!AbjB`Yb#mwp7J+NMG^5mKsS2gh? zeL4mXfDzuKB#tr(m`$Sel8kArZ90;tBfDa1@|G2ni%0K2Uo=ir8%^znwJ86)IL)wrRCg_7giqfzI=g(7sd%OVd30dM4{>W4mN^ zFDBU}W}#bViO}=1jcrk6OegiEJ^Qt_XO$=I*^~C{@25Tc#j_5KGr;q|$V_NB_oK{& z_Orsp7q^<7QforP+?&ourBa!zP0_Q?5Ot&-%N)9>$@la8nyI;AOi21LS)Ty@OVw2m z65_wZbbF@EG`|J+eLy|bkb64pQh{B!fSww5D^^=uX;)IupS*3iv=y<8yXR}Cl6g!K zr{*^Ip3`#MA{5djvZ%f^p36TKUn)9LR9}-2O^6axv_~=Qp1Cz(e@N=3a zH=n^E`|w|wxZt_YS;#VIzL_GaPF<9)u)_l@6L-#nyASEeM8|#Zl763rW>tYMpO_163|>2y82}R55P@SE8vJ>? zam*CRRL_`=?VZe=mdB9?o_Tuho`L5w0l2sv1&i^bAd`P-u2?fg*3d zv8||~Ro8yx(B$9Sasbxo>^*=Pi;ZS)o(_{c%WA0p%)F_LcL97#;-~}!Im2BY92$mc zI&)R61a|$BN=Rt+eWhVb7l{#T{?>Rm8IafCb^ZmTNLbntpt))#1(1xe5&<%R&Zp?cSEIuax>TgiX4e!GUz(E zIz|IC=teMvBW4h#8otr#$ci=sGWVv{qZ}sjDU5m}Ap(USq#gs$TL;bd3xGnG$aG)g z?y{O$sI-~~?W#gWwAs8$9@JFRIuONG8;3^Vi#w{vIWp6j?N6nGsDrE1 zcH?RpTUg)g({7lKp@Cipr|pK_?*STt4(5R2yW~d5bh6(~TiaQ;OlQlg zsSpYMkWfPofGnv|PM6sj;)$#VW@Tu}->MnbHld<*$t@`@4q@VkA4ybb)eETM<*rtTZr}{!- ziCB#6FY0YDWi{^WY%mGbLwyZq!h3Qx_zqWt%zV`N`#AJV3ZOtLApR@)L$BU!WTcUZ zCCPiJ6Z=9uz+sn&{|+Gy#eWf{ggyW{*@4FGQ2d=)!d+=hp3Om^geN1APrGpoeK3l= z1OO^>%*gv&%0=g_y96HgOQ>wQ?4cOicrv3HsgvA zNX>dq#gx4;C%zRWGgV%aec{k|?4F&pXZ@GOy9l}}x<-(3U1S|Q#ndwn1yxX%xw(Kt zmpvp2Vo$7@+k=$rhaWb17gzy)GPb!X)N3@V%TovGOYRJC`41i28E1e z4q}io`P9IqVh_7xKouw)G9-;)(tz|Syrm`3gkchLTi(iM5tlRbW~4?25O+(UP5Q{l zi46F7fV2aD!hk*I#xi}E1^+g{XsBde%uzpUO3wo5UOQac1Y2_555h+FR!$upd3ptS+*d$0qTVZ>JiZ?4@%4*)ZhgO_(p=sAG`AiD#&Sd|a6u|| zP?K(E=uFuQ)+c5^0orV5*$v%}%WXirjhr*m4weFc#;oe{$>Yy`4 zRQ%IDb8L0M5A@5C_x0oY&CFV`*={p4$DVhZY5sRR%{-ZB|JRsjTdy-uw%LC-+wA*Z z)ro2Lf<;J>(y+|3q@Jd+`(cLEv)sI=D3Ip$@}6{e%;)1h@o5(nJtqFWUA*1?cWV7~ zmc~Ae3N?SfWDwD*fj%dVG>!T>E9j>dWyBrEfQv#-rMB8w%d10`A@VHlFqh)Uh_H_> zoY>$6mCh7c6mu!_MNSC`9X1MGhjGYb=EUK3NQNQc6#G8P@qr25rO3q*MwwKij*{By z95G(AN~I7dOaIpwe_AH{z;u%VQ;bpZ2qcbx9=(F2H?)B$Bq}TPYUs33N`(~S- zPC+FkLxTqhv%^WRb0+8j?h0WsMON)83sIR|wI}OmM*zUbubH0!EON{Pv{(m=U%!GP z+!mJ$TYL_1c)eI(EH+Ro+lQrGJm_)2E(r(~s4P`CJ7}#oUZaaq;IYLz_?Y{WAC^6^ z_9%2gTOO7%h`>bMlM^7(RL80$j+p+t09ODOS&vY@IF=z<{QH)#J`KIpC}l3}BIK6z zNmHfsmmkGOc9!&GQYolDx$7E1Owi4 zJmgd8%}ZqGpkqDAfC2h_)D+#i0n``HJqT$r0wB}WLmXnsCO?>V%}sorA4+|}4MP1RH?7banmrH?WWdL4b=yE!8D_sIo{Pfds(JL?V~79Sz>m z;BT4+iz970B0OR#5NSK+;=U{mUW%SZ0jr7#s;EclX=_IhS4R&IFFTjL&W;}L=;1d_ z57SE9+78}~%yHP3hpiv(IQ$1~vPr)~-L z$zPEm?*vri=ynA88zRV2c*|Oqpbr29QY=sZjZwvAm7>dBG3AY_lGb1+ptUz>S}usK zLDHn(!!hX$T#H|)y|t_{2MAmX1`e=7k#x=@GSQ^31^}`2quMJ|neW75WB6~Dm^B`( z^n%WB3Zg>6!>Ntwlv@Au!zki-Km0Enz0`;!B7Rvv{bc>{nWOeYcE)n<5OXF@zMw0_ zQ|TfP-R#IOMJvtF4Yvb1!;W-PiKe}9@KPs>ty2#nh<^B|^#i|~_~CyIh-g%7`8)Rk zu(;lA|CU2Tbg>v7L*Cdpe)EwyZ$Wa-y1A%m4ZpM)NsN$fD5aka8ahF;U#r7I`JL^>KK3 zczAYl!u~%zJXHTbZl9d~t$lKO);>8tJ~=-6+hP0UsD1u7>#(*F@d4c24UBDCTHyyV{&w})9(y&_A*RLYSzSX2>NvkykKCm%p-9+B6*4M8rS<}VI z$uW0lr&0u=0v-&7l=pz(3kJxd9G{Tz;^4rCj_tFsdbBMUJRApvBopBG-BC-p9miqn zJPwunX<3h+53GOlQO40Gg`@Jn8DzjB^1QPI;q16Bca4e7?3r~k#y*P+L#7DMC(|WD zv5P?*{1;z`X1j?o_u&_?lf};7h&qmtcLB*ydYYu#{Rz5pofu$)%^PPU57;&L%`-n)fD%;KHuja!h|JVVf){) z1IvdKFW?3YaR>#AL63H$h3vqEGb@Uu5ZgSvmODpL4_<(Y?Q>7Omi3!}{^$u9apQ-# z$U67p-Mi=m%lkqmEWII%VJbMMNNv+(qil+IO=$fG!yvTD^ryy`7E=>Moqlate_9VV z24^Q$(|z}Dj}A{9nOxulVZJTk#=X&Ld|`2>nPf4U@F?>v&OWd{0YWJ9BXPg^Y3{k8 z!nT?4_V?o6^WeWunrtnaEG~JIOhMD}y?webfKMfkM+>67E#ZP!@w>5~R}XrwlT=)A z!|>qgm*ABS>b8H`ZN&qv3XvZDHM@{)zj)hVkDdeH;QWVYV7VS<``+>h-)dql1+nA1 z_rZ3aEXj)vu+ctyc0w|oSu2^ee@B>P>PQpzZ;oc*GAuXEAn;KU#=$YYxPTJ?)so zB75c~*=v})l#MN$4PK1aIJJow9nFaM7|&+(GM>?>jmCDbHiO+BqVzz}%>d9)gT$IZXvh60WETV|mrN_0LGyS-HRjdKI*W#7Aus{2Lq16z-?tk7^ZztE&HuKW ze;hXdfA_8bZBWrrIkw8!wf5Q6Wu}$E5--HB`_!)%{q_4C5}-%3%h+!eY|4lkf6vjG z0)N)R(*w3$E-c-NTkNFh3Xyl6troe4UJ2-XuICV|AzDf88xEX>FaQC6DE_t@;#5!n z+ozq_VW@;F5RS#ohc`CT_);_aHY4wFZR5~JqzNA*=XgyGvEuq!&}@hFj5N7y9S^5tPp`m zfUxCykBz+<6r-mE`h0Ps5&b;jH?kBdnU zX%=`55x`jZoT~#cR5WgmsLNzqL|ax&W)knE$u3lBm3WKl`8W>@!|tLDJ6{GV7JCo; z9<^+-Kw8A>MAaG?K9UBb0LrTi7L0?=5d!Wd(~F4MBwjG-^E^!aaqpGolZ7mtXVZEC z-ek%m+VOn46s~|d251(AAWDU1NrG82*Le|?>s@k1z5GX%OndY>amcC2E$J@eTtM+c z6wT(;M(%Dl%f-PFA6BK=(4whDa#bjn-YyA+WS@PsWhn8A7O=%e-b;vyrT=JCZ3wsg zia%TV1b)eDn6v_J23cSFjRQSx2saG*J$!DWtQ+<=9!-LUpM2xn% zI2LJcSK@@h*`TWl-6V0uW*l(Ia$)cT;nz1(5-NU>{ipQ;tN`#+ECMsg?|5c(UU>*8 zaa5TBG+`&W7vvF;BejUJG_-t0`T3c8|9jd#+Uft+QYz^G zBK?MviK?uUV=NSI%=q{8NYS`4n~}%4KLVnG^@EgaFEUhXPHjB>fraSf8n|}^CfYkX z5|2cD7+dW_@d7?tv?0F(wlD~7WV1V|ADTbpX#V zdQ?#>lhMMO!^-ibKc&!22gAEDsTPebT7vI1g;ew9ORW9LPLOtb^>d~45=f`c_#mV7 z*ARa+s=_PM@44W$CheXJUTfP}6jo(@W(u!M@EVzYfWQr*7m)m+^U4ypk4y-@ za@zxT1uM)C#1&>XhBjFEVj)6BJ!D#P_twg2M2%07k_sf@xXca9HdsYq5qy;u^LrA zWNC;+UvRc+rB7Fxx&1u2i+!v`fQr6S1Y8f-^qn$TnlJS|d-2(3n=`fHtpqIG=#P-xxla*yq`ug25FI_XOY>9G~?;_Q#(ZP^(|8` zsw0Po0UX`%f8M$vv3cs?t6*&bfI4YuS$#V3ypI=~(gg?8vltR$Uu14Yl6= zn4X2IyD>eolAAHFQKh|Tnr-9M)v^=IgEVeLF5jf`qzw4okT?PD^(n4^c{o43MNd83Sp|y_SRV9Qh5a(K_HM z8N`30Ieo7`T8dkv7?^gZt^t}v@?dJd*fo`ywA7mt(;`iW$bfP2lLcoU(KgiOv>N>QnKUo@ehWelJE=w(i2#W9o-u`L5=V@#&ep2oo<9;IyqTxKw2ykhA z(Na<(CM!*k%1nRAYd0F=w8uKNzJ6sF_~PZC(L$BF(3AG}fNM8Jau4lx$M0@#$Gr>X z-4l4j)@+Um3rs*D;zq!1j-m^a-#XV<7NIMHEf*5zYQrxwAS&De!sn~}$D!N$R6vTA z8ha&F1$y~y&n$596MnLQ`}?^A5~l-cTrHkIgKLv@9Z7C~Jo|pEACb0Aey?fej_If! zy>IQC)UUGAtpGz=+pbr}YPu^0FEwHE=*$zPqij)lv)G>R;wOvDL!XXPicbSbatG7k zR;BTe2m`jwGODvIF46{U`Eb(W4&)7K5c}49#fr^`lZh8Zb*n&U$^FU!=Xn5ivt$-e z%j^ZyM2f~OAJ{Jajh?H2g^>b3SrMikpU}C4D z^hV$GjDA}s`~BOK2?7(FfF^>zNK(68A4Ty$4v*W)_kVWUKG}W$>nQ3;nDN0*v;~HA z2XI#o@0ZB220hqL%bt@dMBX1fj=|H9-1nya?#T<>3pw@RyC@jp#k(l6Wr>I&$tEPQ z`Rsw0cX6^wrmrxMA=C0gn2IDf;A-E#$=PXNvhO@$#-KbkW7D!j?-PRa5OX_c3MoYJ zKP?ZY5_P{5QIvcs=U_QWkm+U8Z2^gz3rZ&{(2jw_UOof#AbOnu!cE&f%>Q_?i8Foo zuGwsEb~SwDr+>}4(epO#1{Q;2vF*T` z?)F2S`(Y|M6941q`26T>C;zRZXyreN z#IHyC)0={GDkyV?Y6L#*q;9alk381(uT4B6L+GV;YAWwE)lWMRm1xcLeJhSef>Zby zB&S@gjV|KNc`Q~XMP5wnxzVbcm=Fcb~$hF4|U=&wjNy{~trTv>wtKX`%b1(RYn zP)Pp|75(4Q>CxFv|F@R1V*3Aq?~%VA8=&MFJksGrgg0ku-dR?bGcGm}A}A27qWvK=+LQL~2d42$8E9dOdIioV4n#0wQ>Oe0Ewq|I)mXgMK*1Uk^au*Thi zh+nkW?ux?iunX-01CkIToQepfB`$>l^QuagYnH64^8Wyk7l@uh=zGpvNhzT4{CBFJ z|4xn%cjv#g6g_1Zt32SVEG*O&0YKF8f=T88cq2DY2?pDBijxGDX#bZxj8>6QBAOp1 zOkl+C5y4rcMvH;P0m!0+VKKF2*ER}q3Za{hSf+_rwsMkn7Lj$j(&M)J)!pl=w5ml%~>9o4|8_{ zNDUglZ9E2+=Pdb$LOQui9|ZG&XHG8KGo9gJRO?x%Xrwdy^)5(~_cAc)XMFv2*IqL( z=%i~I`jF~L=Gcdt6AIoAp1Ll^S(*OF$8R(*YXVS2|Id#z^8d-{?*4x*rJPP7;sZHV zkb2cEGmIGwJOU9tD>x7VNFmH5{t<7g;oM|1u#A8no0(^MNFheSx5RGpHMtz2h*Vi= zkDc=Eida+mq3Gl3mmgB5{W4rr0bPoJn%T965l$qNLcXm<5(8$X!R<;aEl3EQrL{*@ z>3=1|FHwr<|M8J}|8sPFyp#XeQYv2Un{B#Qr$E^@Vrw!JZZxvi!8}DGPy4_<_-1xk z&QgCVGvson!-k#})8NEjSeP1@!W=wsJU{cg79p-_c!>G)DmZ5toMwF*T zP?6ZU8h+dOX3@=vGJ#86lI-rDOOyrazfkDbLjR9XPum&#f3l1Ju$Cg}|M${SSUQ9L zFHt0*&o;IiCMAADo3f?C)q&Vk*J4jCc84%Z0oj&21O>Hk>N26EL34zge6O&;h4w;y z>Mjs!zDzguT>t$*lvhHr_*%?Db|Iv^fB^Jt`w5WfiF^gGSvt!KZ8E*E4ifXU1&4qD z+v{F1krq>Wc#%p_qM6?xa|XGmHlPFcgE}zYCXYfu4wuyK($E4kdoH zFxFYS$He4<5!VQE)2xhGp}oeEz9DP1;#j;?mj6VaJ`748{tM;5 ziY#H-VTdJxD#^&0lBQzvv8RNp+;ag4yD)rHt;wZ5BY6qw6a5*gZtCp(9bRun;z$%B z)+B+%5o8$-QHIXX9wrdIU3oLlD7)zDYU0p}-J`87NIzpzHw)c8Y>Azp74IxD5a~;! zC9~&gai+j|!t>dIGjp3f^lWMZc=TfHeQPXWw?5by3~VyB8WDXL5pd(5F{Gw5W0aj9 z>#RR5JhhKb&+vR^DaqlyM{93t7qWO+QWM}E-UN#luz_m^)G{N}c98%LggKV_6`0zEIYLb4&*Yj-44K2%fbo96T#5(YURVA?bTIpct7k7uKL~1DAg4cUkZ;N8u2F6)3DdQz3KL^`kitA z_U3-vzwX`MjkBG7j9qe*!Ue`_JNy~E31gphk?pvf&Mfo(3A|lc#G3&)CoM#&s^j^d zErPSA3kTF`oI10xHqf`shp)~{l_Cj;uvM;p*&iH z+xy;dcssoRH0*SH_k-TBe|vd9qUc^~HhvweCY|T>bCLd_U<)7wQENh_fL6%F04j`8 zIbdPLI|KG&7Pl(yQqHIqA{Tv@Tei^R@Ev^%D_Z2yxHG;R-4BMh z-QH+)JKO^7F|o-Uw?YIRfH6e1<9s{l4f(@uLK}vFr%zfT=2y3$KHd(mJ1b&ARnSec zfvo_^tKKiYtL?y%B^s+6#p~X9*zb<+yPfXm-hJ=aL7#8v&7&Nhj2zpUf);oUJ+z## zVWL~TtB?1ed!4K8quv0I~94WE0y=8rvBJ;#Tu&2bK1*?povWL3bchlv+V_*ICivr41ioMYN@1{R%! zL1#4j*X{7~o1TQw#`pyycVXgr+56bJyBcpH=@e7Baw+k4d^Nc5TwYR|v>~h^@xzww zx-8J%D$wiSjC$R>VaX4EHTZb}yZ2k*do6+B=U(Tsx3LpC!*9y6HrKO$lsJzDoo;Va z7)h5Ot*DXNvN9_0>2uKS7g5Fv)`?WR%KXgXD`wyM&&$k~xZXc!(HU_N++j)YI zkM*lq`02WT*}K2&Zv*zO_xKneu06LjyUD#H51uI+%GIojS*bf!&5f!Q8(5zBv;&4E z+f@v5+)0X!A9O+2E#{kHyIue=9w7JtWXz_7gr5LOuaoc-;fMG?(yx>N$5HVDk9f9! z34Hslz?vmJn3krcf>Ie183kylw~(PlXyvNGOE*db#B;|17>}n2;3@Rok|5P)X`qj` z=g$$S3RG<-166X&Wp}m?x@eNS=}q5OykAEqbFmzQvBf_+5%B!dLv#(U^yer0^SrT<)+bg%6b{cZ+F9VP0I!r&msC5{bgT4LuNc(%M zZaynnQk2RKuw<~R?>VtM-LzZc zuB@q)@&Cnu95?_G?~y*J9R9a3|Ks_&n*aUisJ)B-xR#>OKxx%SfVAXQk31QgN?aCN zr#Z6&dqQPvISp{qcu5ChX&72Zx|~tlTkb`y41K#iiIu_W{Pr|ej2^|ZWFhgOoYhNO zaQqxNo57$81Q*V1FG$al8(=BEL~{v9I%l4|%@~KP`3!L))C&ilqV1Ft8S(}?=O-J1 ztoU`I>15$95D37_2k;0Hh}^&92ZbGZ7|#KUHMmv!6BA?;FnMb%vL8mG zaf!{4RAti@bt_RyRXv)elZN0YN}m-2pp*z_vX+P>1*U_2O*SvTr z2;FyELpTU6SS2JxjX@!_-Q@&^u#^}nR=GGS7!X~k6ibaN;=1Uki=3lw39}&%F+}hI zRE5VH>7c!Uhbe?lRpE(dD#RlCVhDDUL(SA1Mng;tB~nMVSRJ}S_B25|mK|jB9mn>? z3Vfr*o@G6Hz<0IAdg2|oCyC_C#A;YOfUH&Fs5h1k3qM`me&}4?4~9KvVt9Gqxw*L= z^P1%cU1(^SHFw5D_cb zT=nj+m~X&+@2c0$c($x|Zn)B=7waiCeNRAEQI=H>+cYj;s zvh$?++km?G0{9Hv-~Q4Y4*QoCh<;sP0H2W-dVY_c~nHJ7~)cc0cc6E1j|PqqPZ zeSDAABA*k;V>2_54gRtE3D8IR*u>T!{&qjSTPGuQ(Hoktk@0=%kMFNnzXi@ViHkSA zf3f}Zv47QL^7V)Q%{m!{n4$o@upRX1(XHgehX*g%3jR?XQD)issf1GgWR{CFQ~$&m z!p&^y%;W^2sefwnVli#${1nA#s%MhAw>RCp;gGwP%F#2oc8(kvICF%!tEn7@6KmaT z>zO8lZ~SVBa*hxD21xLzdwoB=y&d0oJNJW*64Pn56M>ys3qeR)j@=4vGTnyh=v-ah z{;PM%re!d^{iUA?1+hinjP3jI1-NV?Lj<2aZP18XC7N$yUWC}Q@U)at{r9qt+*()e z(wcUyo?UV1wsM`itz5_Mg>Gp~4&L%W*o90@!_Z#tlo^D$#i?l+hC3niK=N;WeeW40 zKGT}$|CW`il3sA)gd^xYsZR5eZ+v$8i+tmAM_1?`pXVT-3pvL}KG#b=7igZNe1WTc zF5G-?`2v6WT*!GY^9CxAzq=HdeC_r!2V_|N{;C>(p~40$ABCaH4yzE0q1qO!6p^9Y z9;*zX!5fxiv-$`PWd_bQW$QHUbtKi8j)X$pqywn!b2fHYYGm#(nqtJ};TMT-U#$m;QFI3aC ztqgvl+5m1}0F2BCcR?^V7X+igW_uNZFe>rUx*{GGF~e9Xk)GugCs10;+K6TjgDe9& zZl?pP;ge-xM$K|SD*RFtBt$|j#ocnN7IMyPOp%IFMRN66naCnmesmElC&Gx8A7#YK zi8Ny6MjNrr5l8YqjWtLA$o8HX7;Ah*cjd2F%KHC$0lRvy?)+OE|KsHJOwIq_K56gr z|F5M8QN|A3A|GJm!GdoLQ+SYohePs$N$crHoC*-q=S@>y!{4_XZ5bXBO}Ls5Ha`kL z#b6InCz9d%hCHh?p2Y_Ug}fXw=3=VJNJRSEsUzzs6Q$!%5F?e=5v?FW=$=5 z#N33liSm}DvSr)c>;l} z%6`H#%@hxM5n7@Mau8({<_!LP_5e^GMq+3!3PHQkO9YTft*R0?CfRD)2qPsnl(eML zS=@AVOs#G43ReNgmU@$m{(iwlHz8MY)k}ZMLrRmDAoSj&1yNB?#K)xuGmdx;@hj0u z;w$@BO7p%5t<)SS^?Bgqv*j{NFkXt&n#1pGyp)yyqwI?-kpDID|Jujr=R5g-9c5|x zKiU|EP(iVSaYTkC;0fI9? zreKacrOpNtXD9`P8QzGO^t2cjnDeNk7yl0^?^WcXG+^u?n@TGUg65!+FPdeJHq~dc z&a)6H5Tw;{kXWuN{@m5Jjz7l)p#H$x1HV`5u+fd0HpJCk46DlElL2H;Yq8B-q?@h) zm$sE7fMo5xmf3m&D6!E5kb#ofBpvB#En%Hb3<5}5{x8%x!X>ks6i~qb+h=W6|95nD zveW;qrBvtt(aksC5d6ZRwQ77KWBht$m-*^07F}D}*%AVO$ z_JvK^Lb)l3V`7V|lR3(Zj1=NyY);)wraitjk8UD0gGdOg!W`VuHigvVv~&Cx0>QE( z{r4u%g=Oh~=sqlT_WN52`hR|Uq|pDvlk?LZ{a;5}`us;XhT-hTH+({%2hhFrFq*Tw z{SR|@0?6*}r_#ZYPWDRgeP{>Y&Yce(?aY3?3+!jx^XVSspwiDWcRfCi>UlvYT`Q*_ zsjg(ZcBna(Y*8TBLe^52{v+sDPy8WDk^b-OtgX`jv-6$&zm}3OsTl}6da#|AJttF$ zygyjwj4(cgel5DbzX)-Uua%pY9eSS-oQJUxO9vJr_@9;s*%QS(qnYx4)I0*j@buu( z3vA!}Bl3xS2IwIM%1>nLd*c@HO=7K!{usU02XHeXoobt^D&^-3hS@|9|iTmhZmi z{9o;(Lrwm#UH*@?lvVQo4}8Du#DGK$fIbjG5h9Y4Gn?a zxT0dJeDl8Cjl14P>$|@rMF@Ke_VS zqHFwxOGWx`bDm#~4HVJ;lao_b{y#rC+0p-Xl%?-~(!yY52vEQHqQhu}c4s4-a?w-`7$~%l{Ii*lTs|(0=fIk9YvLI)lC-^tkoe##TdY5-*sv9EbqK zEeFmHp4$y$R;`l8VT!@!wb+b?Q;KOAX;vhFtj1m}j&PD?5!Fx(zNK@+0w(Seo;VXd zrILBW!u=+h*{@bt7Z8A+Z9f4NJt<7E z$h{K}(&0}R90mgHTkrxojhpmvrBRR!W8#m8x{+mGZDM@bnSzwh9s6A>FXjTh5kC|B zB!09o_E|&H#3+XmaLW*UNqi2u`m7 z8>YRFKz^mvCuZfAo0SypixXC%JSE?tztw!SYGM@m12P{+j)rl#l^n;P7ffHy&Ncd7 z5MfvkQy9r)XcW4wCagpU{HV-a8Nd2N@v*&oqWAa-c>1U<#_IxfEi}#qd-wpEsbJ^8 zlu~*HCC0Zcu)(YRzG-E;T*u>*leFJXrr+L+80x|>6#$1zhb!K_gZ|@nnx_E!^dkW+ z(3+$nXz>jxA`|2j@tB{Y!LnsR%B$5FxNRVb^`*`mTqa6nVoT*dSky#z8MY8 z-?q08>UE?P16h1h%^$d1L%ij@Kt8uh{gVjD{N=)){OCqB=D=mU&xAy~ArTs;F&#+n zUJ;Dd=D3TvFInTv%jYe@ll1eUmUua~t}rfD3M9?4R@}%vv;7291%ori+4V594A+7{ zA3pryd+hMb>2uzXR{%UD+5Hmzrc78~Zfr-G=8i>-mN65^o7Y86$mdSBxJiejk zlL0)^7%)O8UarpR?1AoeZ=cKRoVO-+dQfh~qo_(rq}+AZ z;7WcEXRIwIAc<{R)QxaDN;?_Ge(Lalrq2K?K23&?h6P@`)9R=`hG%^%dQL@5Q1jOf z0q``cp*H(kbZ`wu4#t-UuOaI*pMfY_W}zLXZno;kHfpA=-CgKouZ}5o_oPBAQw6xe zgO8*Y@7ux~FTk2oyi1_2V(0<2{~vp9rEyO$QgfTs23SG${-IGD!7d@*yGXAT?Qg8c z{dThb`>rjF3^-m3ceRG{^FWWfDS6u9zPE10&xGX18aarB2)Qh27nG`7N_4i?F9L%%QjDiSifR1s)GB-Ly}g`R5`9@DC9_;i&;2 zpWyl+&{%^!-1!>@~Ykz>L4dZd5D7vk?_4M0yfYJMjm5|g)gcEv)fl>Y=Uf!+c&{bit<4<^zv z6~j}4a342vBk-%`Bk^^j*G48Tk|d%AWSZNLoW;*^0&wvTQ}flOZ_cnPI3EK{{^tH6 z4|^|N4|`!fb@ZBy1S7qeJ_7lMqZ4j-O9_t9=m)YL=ntBg277K)&X8rqFJ6JfCp@wh z!!6Nd$c^5U+`qfVmjW(ZxfHGI>gSW;_xTU_)oQ@(KH2BKedXHVY)Em?DtY1*=AThJ zvJ@Ns#++L*w#`?%d#~1Nh7VpmoEGk*)S<_JK9FmVIfMF12-9OnL`;&)g}Of3U+DUF zzjyt2@A|%*aLE|VP~CwO|B$B+aaOmt4a8j7eQs1yzdKuZT+e{ zH42#42y_BvEDu=7H^Wk|d7WTM*=s`^j@Zgb>jji^c?1j<;jx(dSNMG^lTFz)6Aa`z zbwiQLTvBo96FfyldS>)Wz?+5_te*7zQMYEDHiViWpnrfz+Z|9(LGRv*r=67B3?`RY zs`$+?w$wnBsPJXb$8Y*atM$l;c0wCyOefEF((aT|@Iam0`RAUHl%n-~mZy##Yw?MQ z?_IC>mdN0zNU1gc2k>N;1-PysEmzo^=8r$0=hN??|DDJ1j=(tU;`u0}Co>}>?c3c6 zM_w29kYjCS%E#wPZ{FBU%#YxLE8x3q9ME-P>j0pyqIZ9n_S8>9CDIC%XD1b+bTU31 zC(iZIHfp6c-F>=xc2@+$&=={5gcj|60xSsYbORqpSEoL`nW?{6m#xG_BXQTSfqkV7Y8YeA(+^vOY}qdoH_?8S;A+#h^_?!`YoDbd8w z(IdBhDpSBNoPxr}vN>S#{(cVV;Yv|(dK6!s5Nx|ACBJj)J5mdnGs!HJ1<9reeWz1Z zoc?x#&K&rKi9eP)XL$l)D?OuWvK~rFQ?EF0B7UTCp3-F?K3<@$bFvuW!(;)rEb_BC zL0R(!cMJmZ6d2R~-7AcR(5_0-Cnbe1Q~d8oZ+=5=(14(x zs7G%$C#(P06ar1@{rb4x?wJkP7D)$2+RRvT$2oIk%V=YEcC-H>D!xp;(zA&_LJjI* zs6o?Dy5Gtg(q7X}g9!~h&`u<$fByT4y&I&N(ggj*8fAgqP-3xiQrdIgL+-u1TSd&e z3=Fz^(ftIcTT+AxRjQ3zYYBhb=!(emkLT%_`^9bhos`Q z`|*Y46X+*jb8HLuY!yMSZ1ZB-!KKbAD13iD3HCF1-8$I#hfHwe5d@l-*)xte|IO~V zi{>ODnv?NIWC;$~BnZPHHp|NC7)&kv{eKLS@Esl{UJ= zWs6#gW=7{2I~6s$u9R9~w;2g7HWZ^|ng&A+Zqc8TvT-^dB4HUG0n|Kh${&yBVIjVWT*I~-r9NFvh&rDw%Y zqW`6f{#CY?6c)C}3a0{ACUOi|DVLB6mvq~=UAnDn%eA;}0p&<_dy^}W z&N8L_RvpBDkx&q@0q?z&D#1CrLqQ@Es7E66nIhC-_1V%9;J%G~R4Zqr87Sp=_gL@j z=x!x`5_xR@mq1#1Y=pAob*--l9Y%dofTIdZq0RM%OID?=27uRhZ#;mXJ z-wa7Vb9#5=^8tYQ*2}nmDU_zj)Le1VU;oBT&$M*kh4xn;kyB*AiMRiWd}r2FMCI1O zYZ@sekd4ApT&ce9g&vK7@>BwS@<$8PBQBC5sgJ;)B zvJjMe)+$$TvQE(SnWwIuzZA%w-y*{L>u&)`ni-Fxy>(-@I_MK}Jc>w@PSW-p<@`&E zu@LC@9dcQ7U=mI{pw}E2Xh}I`lNF*=LUafYR7UZk>tVwCY88d?B~y2N&7voL^`={v zcWK;v{C+DA72zjlz_Ee9>k%lPNs@WlgACX~HyS=U8Ut_KFrAPX&1O3vmRZ|f7azmZ z`=HvP+t*6r zQAEBJxcOX&>AcMpOIN-m=JAa3I#U|G=!{B)Z3O(Rh0f%kLLod~IUaIshUTAa42q4h zt2zlyNwVqmxp7~G}Cr-@ZJBQP+zSP5OskW z!J1Hb<&eYWFAo0A(d4swyCaqXa7cie#%diKbS6Oa`av9uSSi-}l~O>dHGL|Twg%-} z(y@A~KsC0q7$=gxP~+|4w7w$)QotLeJ?gu0al15+-71=OC7xzjBJC!wo@&*sA;l6m z_Et~%@l4unj*YgjrlmU~*?=^rXbU?dMW})TIrR$wYy?qKg&Y%L7Y|$&<`)?s0l<#2p z1}(`3PW?+b9hQU@5|dN#oF{`{2obXAspbh2sS{Bg8EdTg78#a9`WbV4K>mH%V6xYf zj@?ji(CV z<H^_5z;2PMQr_6^$4{kZ=S?zUiH@m&7w&K?w ztJ~9e5bYlw;2hutqKj%5j)yMwA2<>fl|6T61h(jL5k#?C{!-=p5gU8=!w7h>f zr^BacP9LeTHJH&xPfeU*t>Qin0m1V?$ng$+A0Ivc{J-Jq2v|g6Y+t@x>#jZ=-VQBlu?l%p zvq-;~-16wNyaM1qfPd_O^TLi-dm=T(bOFv1vmbF{hNrl`#WfzcHMjgCW!;>v>g|ex zfRo?mXdHL?cMf2$BfvjWF*FqKsKDploZ^^El1^DEuOrkfZLn{2VmF)DplRAGZO_|u zI;|5RMS4%zJy5k1C?qVndIDnTv=xDso8SNm2h&Ee%}LBZnvzcrcnwCpPgfl&1waKU z0BZs0RSjF?gC^oZPOQpmfT4F3ouj?#6M`Bok7GpxmB~2XPA&g)o7clxR0qr8%Iv+> zH2gsPg@zfor>Mf-${A#&^c9y73+a83k}wqCdcJ0vkKf5#z{? zVBISNwYjq;Si*0hZ-TbOB!3m6-iVLN*Sul9oHdzJYoA<%$`p4hSXnwO@C3q|+)<5v z9q|jMnC}qE%7upC<3M2Olg)*a<2#3}Fb7Ij^%Drwa-GNsO##DNk*!{p*HW|q(h2zT zs~B6krkgBKyG)~SPmnsURDB)T#VD+yEe&nRii5|NXB(W0WrHo&I#SWij#czCtR$S@uI4;a&|W&! zOZA-&&r)qzp7+75*57~r!sNlX>fROD=Izfj6}l`X&l;Ot^PP9P<4BCLl}iaxP5r>9 zYuHA&q=qft3g%ZYa}1<2(uWD5urK*KzMUM_Sw{*OqIsIq$#1rS`*ISTUi%q*ubLV^ zosZdv4=rF@H#DP+{j2b`kf8m`)1nPRgACHOxzRV!!Rkq#@=lbg(_NUe?Ct-5|I2-%|CL12|4SufnNCE*8lS zpcU=gd(v(DPTgzWTlwh2$hn}K+8Z1wTnhRuo*rK%fF<6(fK}4Rw*B>8=cnbItk2;s z8^Jcx2cW+OBVAtLxy~3hX$M#f^RmRb-D@>hJ>(U-X{f=Gno~K>yoT z?PjF_1Cc|BBEjoj6mCOgoc_+@%@J=hlb70e5N6a2dZV3$+uK1MKo@^+cfK~#53j(* z?w3}U4lN6Z?Fd$8I8yy*$3y>K4V+{IjYhb+!kgdAt(QhaggJq59<%lvR}5 zgw6&{)h9`I-dEBk`A=s)D<|>(>1TOxCBoitETlERc+*x#$>{rhe))E}VKUyQfmAE~)W7v`(bCLL z+!W0$H9rhDK?Y9Uu)x^ozw!p$o~<^znoIxP`}6)IncvgRuZZoCub{(KLc>bV$SE_{vl2d3#`{~(V+9b!M(cCuOwuag zBe+h&6^!!i{FZ2cbJcFtv*9~*HJelzrN)MZXE))g6nDMUnF=}zLtj(dD3hlp5fX$H zrM`ra^A!Afp~@z5LG43Ik>j-$4rxvjRp-J+8$qNQRE?z%`o><4o&KRZ-#@nc8o)V( z5JqT$7JXnJ-^UrSA8PI_Io<0P9>W z_f2!x*KL0o@E)Jw9mpRilPN#0lYdTf#Bv8;B%hE1k6bU`L@Y5pD^_(2_Mk~_9Do?l zj|L&W+IE`EN)phG>@+5}8Nar6VsLud7(*1A<@)>o4-U%>ZBg4cdxXHXsjO(=itybpER<*D|boLPmQZU4)G|tNBZPv5!wr2 zfwf=ym1pO%eiRq9$t(){Mn#Q0ZV8fl=_g;#doNk%5UrNqiUAXU= z&ro@7<-T+>bBOQO$NdC#%w3{XI6v4H@56rPU|oP@!M=ef0CNaO|0z!f$sBaW;R8RK%&>}RrbaaD`~Sky*jyRzj|uuI376J+&v*@A@D)$CK^ z+u|F>r_M!T1!ye{Hk)&oeM=1lZRJ`t>!B0ty=QMTxd$wNOK{*0+O_%e(6S)Kaq-7G zjRtXNq@AT6%N35^xQB_#Io&vkydS$gY;y)v7e9?fl?P z40#obnBJrY2^Tve?r=1>F|jz!qICd|i`g7J12ZNxV7?5E8HS*FG<4iXI_8&@Qf!Yp z|J>~vA3Uwd-B1i`CDd2XN`w5agC_6W`x{ywOM;_~Z6Bx!^?*kD?AU+}H?�fI8N8LAIyPFDvB&`CyzizVxNe;1YCPNE}d0wY1(Skxpk`)u&Oj6zhDQ*be5N!QWe zqL!0LfpsnULBP-O$Gz1&#C;%fPIhk5zDVQrbOI=XTT-9+-iJm;i~WV6-0eDmYEL>a zeB|vL$-@V@hd=?$7Ylp@#J8|!x`X8 zS~jR)SzE77U87x;@(-$Y{iP6O8k*P@&v6aScb!b7m~!#`cWMg^N95LJ0P=_4cGV{eI_Zn)#vzvkUvBF|SkB8snplu05wKCS$1h8SreGG|MLl&t4d@w9Oa%H5Im)fAkz4 z^^KsQL@TQoZwtd!hEgu^ZpzJF?5qUGWa=n$UKz^k3bjh;+W#b;V6#k5!Z3Z%WekP) zgm--FD`frq4`r#=vbr>bm`fJ$A2B?TgUYnTf82i|rZMdDso15-$=?8j&jQ6uB+7+= zZ?i9EG{F7cmv|5{a$Me|>r%tXVex?NS(aZ-1J;t5RSNa(fj19>$UbrtII+am9VJsjs#X zir(TOv2}l6-;V zFqwJz%nTLkanDCwE(b?92$Xm-3ws4Vu8z7&0|6dQ`=FNEp>rHd+wS@FlSSXv|8NC_ z^Z(%rylXC5`LE|kjb4A`!FCwd?PwiNj}#?+iS@AR-hzItzj*Pe9b879JpVAFd0yNEr#)oWgSk0UQs z+6aubGUV$=(IUE@#ALG4Q6k`xPgue=hk&(I9srD?3c@Ou{j|@syancFXJ2)JGVq50 z;6ri9dr5hZxg4eUDuuVDWii%A0*jQkJBZwItb8FwonE5_#c%QIxANUTl(0y688`p1 zcsEzz{%DFL{F@U~?*-;N7Q$+;tdE~_u3)^dx(7a=8-mmVzr)orkbf-cwtI}7qIC|Gy&I0sPY++iLqVJPESQnN@yCu?M_GPf zK?2a{Z?Ity>hwDiu2(uZ7f&2x=-+L!Q5jUs0RQ!b)HXr)tjZ|{4ug;xW~n;djsGil zzx!|O&eV;osE;BER%eI@JADz(O%>~>W#ZuO&D@l}J2$%!_!AtS?13?RKLbPWP?e-n z)SM2zhq+{ydNP&r+=WJ3s+e&y?6m=;{es$bD%+H~9t@)!({I_LP&CP0Br+rkZMExk zwGwm?$q%5R@~ziZf+bZDH0GjLyiVY}5Rt&ao0dC8rzYuz4D}@O`~P?Sh0v=+)Y$d2 zUGs4#S_oZazk^srAMdQHTHEbpYQ!GHbF$39csK5YphIHGZ@HFH`b8x&=n+vEEv*vK z01RscP)Zw-`36j$&-qx^j~+6S)PP{@Q8S5OpbN?Mpud|v_8uW zWXO6G_QTxR17E0?MoQwb`L}QpFH02uJtVo4oh7KQ=Sm%QqcegVlJ0l$OayPWXo_h7 z4Hc7K9PA~%Es!MBCQUuc(kUlZy}${Zic$~i&#PDNp{TNQ z;mM3MDSO%~Q(lQY@oXH&)UM+i;{)YJQAQJR>2i&R|TQX9q1Yjzir$cCy&5g~m{q}%q|9j0JbD2fdE`N zJ*!ACmilcjR{mmsI2&LJ>EGMxZPC9IZ7SHQ406LnV}zgZ#dw8XN@fwPWS7dL%SM^t z66~akQKAK>qwb(nfQ$L5u7pI~5asjAI%azf{usmJOuEJ0-P6PKe(w=k3j}X$Vbj7UV4Wg%(0l? zIRq&h8Za9S14z6!kogmIs<$FBh{%dmq>?x3ib%~y^M84|o}08VuZbj7H*P2y^p2V; zDBWw3INn=GfFxD+u({^Lzzg24?p)#S36AHeC)mN}O?+Nk*-l`B!XZ8e4=W`!6eJ$h z5PNcr+yS%zYMU5s!GAxJ&(t<_#1&~d>)*{Z7GFFjH4l;uC`^uY1@JvbgdLI3BkMu= zCc~RDUXwlt>%p;{)i{6bi>}e$D_wqP=9ghb6B2s8mV(^mooI;*sxnvHUY`_&{_J*v zilhM6_G>)6gJQ$0dyt>UcnDmC5OHY5`>p#7qeoB?|E`WsbbTA|+&(_n?L}Vzbjl92 zx&bqNxd;9&%J~J1pp6g!);3}pUH($s`gPFIGKw>%u}5I%Xc%U2+w?%Vyc@(;GB*UZ z3Z=M35X1B=%Q>ZYQH0PPge5|4l>XCYy+{?aJUKNN$#&xSk9hL5Jg0d1UoBfo?d$W| z>4W+Rcu8lStqBE_(`dPwMT0-x^5vGeW?_Yn%rNAEI}H}Xy!zRoq510oubqhv8XerC z0Ti>P>n<*w-v*=(NHE-)`f-t!k^8>y9N`NdR~)pUSPIIGI8hVO7M|D zi)9G|#UJh5u>Jo=YBJ~HOtcY!B~}}MUQ3KkBxgUc%;#=|2*(er=K51T#)tw0Zx9iqVfWW8Du-q`YUN*StXL1>MLAeasdg~yh`)f1e7l6>{o+!L zJz8Dz)rWf5N;*?WpT!TO(Pzru368q_RdLzR*5K=(kNMo!pR5slU(FNTEG~HHx`D3` z;-O9Hy>cD+>&fAZW2$H<@t{&2Xo{ENfN_erW=?cFN?-1DM!HVJZJs~ltH+MS@FOZo z2U*}!as^iwx#Ztc`4T%hgI#a~jPRr*jw=HTm>puyUIk1`ebMWx2hufn)18$}Xz*Tl zE5Y8ou2a3=*&OKG7dgA7>z4-~Wjyc2JRMj6twpgeBJXdK?swqIMcoYnk+$~6{ac~x z#De6(#x*VBhp~qz6sf=FdI)io@)vF$nO*H${qg@!6s0fcBlL zVbnvneR~@euvCm*YBp%c--s`q^IsPwjI> z{dq8S#PBg_lZoXI%U&Z(>}%n_bSv=4X&$Th;rGW5q!-5@Chbnb@P$&~B`S9emdmjHrKPpXT#-uZvz`6c_3Ysk6$99cgOeM&pw9Dj@rBd0(ei( z&fKv__Gjp;95Z{oOmPNJk5(J)X7)Zj=Lvvz(hcK>_HIWUnTU4a@X<2Pbe87P7O|n{ zE6@H`E#cwHZ4GkZ`q$wb{u`pWh>y$XpnyiHJlc{YoVn<1z4RW=-S6vl`S2=L&O+2o z&6a%Boc6ktH;c!gZ2)(mf-~>w_Lc(<*WUip1mgE^f8BUJgElF$&zJdKP9I_O{QHre zMWPe-!!&|VO@nzlSuD?=3SB`0uImVihx#7}e zr*|ggv{&AwB`UGSJ^b-yaP)R|23$T}I$zd^IOq%TQ&Tzcp$Yp2k8KI^F3qtk0yr-> zH@sO`>3uhU@9ddDg#PRMSsf*17(E@&dNpX_Nt5TC4c>!Ffh%8v{&{)F4$l>-yBf<< zj1tHH?7P;lEd3F~ibnFrU8mmo#oeVzJvK8ZkKAF2TLNyY#TYzH-*zu*yEmVLh@YIe zYwgj~naM+IontRx6;2F;K3x|&PoJEIKn|DBGvR?-*5K92|L*b8IaeaLqUNYweM*$R z-CYbLuk)4Zf?CVJZEUVxUDqR~@<~lvVgZB>=U-z{Ym5UH#kcxy^9pAt=zL1{bsWMp zQ{?eqZ6*S8e~ILU*z=-l5-M%#{#|R-72;w}({${q_gpda=~+Gi`}$InQ42jZf2aXw z5=s*TsgFceEqo*znUIAdYWWkfl#)2bLBFEJa1w3~y4LsF@LC_q31nQYj9Kn{{|wlJ zZjn2~`?+5p7d#HjH4HUXcc-`&V0xM}(RZFLKYgE8z&1K$+YBp#3M==aX#G>?XB_r0 zQmh|ZSvf&Q%8SXMi;t^G=172B`Uw_i%zgPEIZn@0|7kKXJXEv*S!nta*iseIs4q-O ze-%Ui<8ejg{sE{*I$~LV;czwHL7#qP4RP*1$ha+mS(xKg|INUTtlW?I5Z>DW=N>kf zKld>I`+CC_Y-pbz!UrMH(J-Hrvr&p*tMKB*9g3kx!(ikZ?YEKhtW>RQ`TTyFSv7XB z0&^2+c4tw$hq-$Lq38WUn?h9=0jNbDbJ}Vi!u_cs87@te9zj$ZF(`#G@A5xB7kfhj z$mepe$?@j#f>Aa5G1L55u=QB|q<6*r)j3@BlqAt_eI80;$z?v9U^Y*OgeED(r!7xB z4;0tg<$Ob^3uP0}g*W3&FY~E_3)_YM%DrQ1!{qZ9nOl2}3?)>5pzi86qk1|Je)z+UJMUp}k zVA1JWr^KC+2?k)BywG{8oy=N{;q)R#QII4d!lD%2iLMTA#RG^ezAXibVgCunWi6vv zkiLjD;r?xP{+T6P$gL^2Pxc;|^W3?2IbM(~O(k7HUHDGBEv$!o28Pj!{y+Xp}t*nC7{Sds=AnaUEbNu??e2Kp@nfORmDx&PuZXN_r00%%X<^ zOR!aod!pl_APKG}e)42$+`fm^q|~WKQD>#fNG6x0R3hpati&Qz`(*3I*N|qTrRm$U zm51-*_l=**Ffpq`6zcO{Dw^6!=$ziVtF9^~O0Fx)xW}stNVQ(xsc%?mY^cB|Iw6T? zDRMNwhrwUKHfVLKLA7G6#li*FKFa3BA-cUwdoDDIU;Xfuw4mY~hW*o*s~Cq(krZa9 zx4{?Z{3TP%;?Z@>kB*NdSqa^u4km2{V$R$`QQ4zXy@T7b=eN|_fLmv+Zz~pq<}(}e zk+5z`hT! zM96QLvJpCDfy=@oI(LAa+>0rIJ^k4-@F03aszTJYr){d|8D&~OF>->#;HapV+cloO zLUPiM?b2mbz$jAUJfrUsv@s%rd@+a#h*B2?CMbiZQ9-8E%gO4$ZJlFkO^LZ8&AQ)3 zW4(8Y`Qv%yx1Yh_fBtKOif*&HT48=^0(Ey*j`Y&qC!;ZU6nvK%NV*0*COb?slGo*p z4azHQ?7P#PvNW+BTjwoumuMD+FTQ3@i{Oo4yON(J36MD~)%GG4Gz;v#P>39Xk-l2NcI~P*y!=Vt~WC1}5M2Pkd~z z&hCP2!a}TEpzv&1tse{&xM=SDii*?aUVX&PQm`kMj)I_#&rp|4WpC5Ywre=BVwkXe zdGldER2}zit6Ocha$q*?qOtgreB9$lD~y3Z$$C<=jY9)ttDL{dQw~0@Ojaw;*FaVu zZ=B{2#O*w4`}%T$28*z?E*S;Zl_$^iG^W1{SM$28hXRcjXxLYa<}G~Q_5^KI+XaCy z=2Ggz+pfu~X{ok-O+I1i*WUE z^j{#IcMrk=u&};AIrbgU^l!=LKF_D&G`tl zxntv0C^0lw@H_3evU7y}4@UCD|4|;Zu(lmef#?gRjY+>x!6NAUQdyX`T0zlP1a1zy zs@byxD~j33axjp@=j$WgD6CjV+e_ zn2uKHfjj+@|2fJ?(@+`w}EuV&m;F$g>!>z%|N%)M_KV&@G|#dPvUl@+8L)pOaHqYA30u*#2|>_IcpT2`Kb)u$ zsPd-y0CdR9$@|YJkkChIrPIvE4J#S>^Z#r#wH*Anx;7=ik;&M4RTA6`tjUUZ`(MVg ziYwZQb*8}O%BuAtbdCozazJ^!1%FW4tn}_=URP5T57sOI>SOSGP&ud~RsS{hGq2hE zN#u;4zV)-$OaC!jksKq}0Dp1{?RC4bvhz!Wt-jZBptuVOLa|)ojk4VJ0@l+=#>XV` zh7~uaRUWt>nrDl2+=tu?^~d%TsLCIfMD@5V=uxO|_C5nGOhzVv#ZO8e3bgh8B0xj$ z$Q6{{+LyQ$4;qdkl50NjDL$sJ6cvC$(Zf*)F$i@jhliae8#(#uN&f|=+ra;i)Gi5+ z^oD!>1?0KK1nTpiWh{2iYS$uIE!ktV-T9SFc!WuJ8lfAUQGlqKjZCNVr)v0r*UVxh zKaYxafwe;bK0%?4!G9%~;7`EL`YwnuoPq6&5qTYPx4JMYVmDKC2X}+5rXAW}}Qo~85Whz&&{ z9l8Aa7L&Dmp-vz`hX?JDOP*8JBsQutwaqFfm4dLO>Ovi!lI+{^q`8+UjS6WTvTBoS zHe0%OWbT;Xm!Ompi8fbAqa}MvJKRWE-@>@l5eY4218i&5W&Xft!k;3BvuNAj-Dr_u z&9^Afyl&}enxu^To~o19@$MB^|#Bq~TUpNjJim?P)(3w|Q};YJ1PV7C_T z7C~cV5E?ntx7BGA@g1S`vLRJp3ac+0cczbFDyX380qDc96Mn2tw3=wo5>vk2%)0*- z{JW+zI;6!v0p$LIjm=Mi?b$G`f!Y|%!+dxi{VOE}=ol1ac#fx91mtt7yvbXWk)i$9 zU!_jRL8uPt1=AE_k<^C=@m=Hnc|pSADx&rszdX{Gvr&E}t=Zx~$Q(K(O5pGJI=}OK z87NayOIF*=rL_=k|H+_Mkb4#R79vBY5C0(|>}Y)}LUM5lSk|D*EBLpFPaH32Y_g4L#m6zXMg!z}vo$-<46*o&V6TsAK4{R-D3d~RrR1uo=Of-At*!pPs zYgueYG+Ra1J%w_IfOgn0nkAqf&W(Da6{QqD+yGz)Qznv>d(9RVRu2%^ec2w*K zi(zhbCmLyK{V>~|T_Ty2n!{I!Qdc|k0d`^xasS~K@vIK)S6}BG>TPpsMj+paC6JT4 zKktAE?Cx*(wqdZPu~8&4R*dalRGC6R>DRB{4rwfweeRHuM}tY}rMqLUmE&ms=5 zE`5O%1t$xhgiPnMG-%acqfl9ZV*+`48&6z9i6fWe1n#B^FoA_4qRb?@5A zfkN^>_0M>(>T2D43`)a(b(fSv8N`^ayVjKD{bOShVRoBd_7^(2)wxj9Kg|d-e5WsZ zHER6g#HFG4r#8DQl(Whe%{kC2|BB zLeRq`=v4ygwQ`gl>qjf_9}eH)1pRqOJ9@-W=20d7iVbMqUPx%bcI>*ZKlYbT-u?LU z(jV``iXRFPL^0_P2QMOcX_}@|`WNXkp*ef$)KguJRp~RuSz(xLS4&9Yk>BF(G(qZ;$fP$N6 z=6^C859#F)9T4vcN$z>043A@m&?}7%!GNY&_YAo(P>g$0@mk1Tb;f~cz_lllz0Q51 zbvBZKVq*3A-iLj;w`01O7KhgW-)T(-tkyd;Gxq zURNCTK6*~qICi|t1KLiZ^Eu+OJj}(r&e)eAd+Zk-a4`;eDjbj=5xXDN6gkbz8 zl3y!Gujs$KY^02ih3~F?%p}#`hFT=$%+>+DOCEhfQ0%?P%#3v(GhL=ec3XH}k?(WT zBSGU;i86w(dI3I+h7~PVTgrZ!eNbgi*&08X3gvO4(_)P9)Oud|RO-viST;@Y(4<>u ziGGvm-|*a+?{DnNclyO&yg4uR6ZVTGDOXX^xhWuqssJIs3;(V+Sgt$Fs6(C?Ry6aZ zt)Nj5h3(H(jUN*I!I?Axt%14L{9va;=`(r7}DmH=SKZ`7djFP1fapmRA z3~#z1(nV*J8nx*Tij-7g;tU=KHUskaL@X6ydsFb+uh) zm;1)($VAIlcVaOf3K#l{d7&vU>UQNg)!#e&U&q_9Djdg#VpW+xQ$d#QjYxF_-yb3x z_*LQX6yLR*kt(5?pAA(*vsE`Lm9x3rk8z@iC#9A`Yf;=~XzK}8>_@mAM#eBf*{*z!#{fGy}A0+mfAAVOw)YtKGo+~-)&_0aa~DTA!>tRI7);3Z3; z!}nl4*%qdrw6Ts-hZhM4y^rC@chXPL)aX6F0c-Bnd^ItIqz-P2-=0y&?Mr1Yhloc2 z^xq_6sjvFe1xJwLgMV$vCsPFTR$7i7d3nxzIHSz4nTa5V{fq9TO*t*o96#Pbg;=6J z#J)|3w&Uuk!`^OW`@6kFdQ4tocI$J^;AmwO4|$xuUmOD0Bq3Otys*V*Wh|7`A9impmz{Bg$ZNqR2H|$b@ zj~;G0gWNrWbd(xMHl6nn?oSf~>1=%AQP&A2==0_E==s~3sNdj)2Fcfb3)FQ@m5`9i zY#cRMQlUqX_Q~&tQSTM<{H8R;VN@J%PS!^TFfuX7twj!53=c8mQO#zrlbreSaYC}q z@q=*?Q4@t(BR4v3qWylM(~2~7x;ziP9+F}_MuZW@>8 zOjb%OvfJ5R1m2Da3pEL75GKl!T3rOfd`?hh->8V6w@ieDi;i*aPEbO%0RLvY#fw!K zV9H@xd=I?#!mESz9WKa*WWOrg&|y85PR1<9L`t^63-CKlku&crc=qe;iKeIA$4{71 z#HgHhWRHQ#4|9J5);)E1IuYu1u?i;~X<@y}y@IXg-Yb^eNbK{#UJod@UkyZ=Ss(7~ z?Co(jYp!LnNik4a`X6oFZL#W7QQIk4RA1>=QpuP5%@D6soS{}~e;AzIA@kJ=rlXUT zNQ^IYF9k7p;xvAY_x^IN=U2EpBpt@__;x0DclUKI=%7@oner-EW#Wxud@XR=36K{X zf7-zA`;*H*%<3YsfwB4|@Xt0x`;?U765vR>a(#kxvzo9ouKYwfzByH(`ThZVp7|`| ziP?yeb=|jpJij5!+`)}pZ+3GoyiH(}IgBL6L646$8L(EH&=$?y_OQG%^ppDz|7$mI zZAf{ZAmjGgW7LOXc1A>1i}RS?`W*72Cv0toyt4ct73w78sTcghCgp~~*KSS|>gxK^ zuHXxqn~u9J?oKy@Rm*LOH|QGII)kncX4fFD&RXahJHYt#nw=5&o7Z&*mn!3jI<~J9 zt@NWBG4(UlkOxp7i$ZQyYlhn1?b(>5~Dkv$+C)=&q6m?-K=AiGNqV4 zo|VVZW>$XXE~%%R^-d!|9*wiWcjqVOnFw1qp`hpfKkG^J#W}izq(C1BPfkTWzl8Xa zbOF}z!xMJfL%FP!m|?3&Eh6KYr(er0Qy2|HBEak0ep|?U_dl)U=d@Xw=?DE@n}703 zG#XfEyRv1QZA>CrnJ>%@v_}xG0^bI9WUucEt4XWdoyu|K>X+A;_k|X1-BmjT@ozr6w)is3~UzYhV2@9f<CQ?=+KmU5t5>?79P4s$Gu@V=P@w6io; zc0X2~hjPypbSaz;caxD7v$n!Ii7>j!!KZ>X z&6p*VG&#f{X>#YgH2m%KvgRWc;cx{>5o0DAa^34Ug5bIQCUbo0P@L;VRzisc$&!~^ z)v{a{=eknj6;jkujwDAv$Ioe`LwAE!t)XsBsC#~e6@WX+t+n`zPGx#wsam_(c3GZt@?LQ^$kq-AGRT2e<8aZ`URLT;i_H^fnY^yFeT4?Xm`Ls==mr-$ZVF@6LAoO?5CA ze?7RWY~xmz&0Lh2`>a@ee9`6m6Xk56PCmBF%SB@`x~tXh1z(%0{YFJ@P467m%%#(V zmDuW^28D#%w0&%u;#uARIKol~tyX)MBg^yO|J{&(lj6U$Hb zZkvD1i_iI;a~Y`q;@r`v+Wb^V)bn)M+@1fz(0unk4c!QK({|f_{`vQhfB2UP_g+Ko zK7?lb=nQcB+r)%*P}BeDf8U+h?4H*?wrO?@MgH=6H0xLz1|d=x(qzMT=sxhgV2Ad7 zUl8AxY4C<-6|;2XthD*kmUao9*LerVQDeT&KULfN3Na~1_3qzsd|c@_)UDU5%|Go< z`YY%0U#IofP3g|DVwaau+$*v zRb@Lgo?E7YGxDgjU7z;T!!EFVy0QG@b0T(e63AhAx80x|t#TH0Z9+XZAio3GZ0f#4)LTl- zA<2mnP+p7r&+Hc+hnzFz3K&YTj_B>aARf`n-Krya0|oUqA{tXc4y5xN_WOaMt$dAA zT6ctx80`1mBV!i3|94MC`o*I9auBf+j$}?SLo);6zAQ96*8U2U@u9{2e+0Zm196TCCM zEZ_962#$oxgOh(~yn|r0VQ>Ap@o=2dE{WO@{d{Q;To4qNiiD<`UTvK8gc|rVwjNQR z)B3U7yZtqFkgB3en}7a#q6$e%#wzmc$$Uz(bm@u7`fFN?VzD;a_93MbB;L6ncSq%& z*zG#WlLzZYRQs--QJtuzQlwV?35n9mKOIgRHvg2CMed5ebI`W=6r80^_{qTQ{L|~a zE}st01ag)zp@*rAiHtXO2eE$QvIoz-NuGIWzcRRXY zM>`mYnY_en0UYjp`havebRYEZEC{u0PZHlxVpxtU`SZa;2Q=ax!lMTWx$iUec}5v5 zj#S$$qMCR8HLbsHA*hQapZ1tq6zjG7b@K3avs=C|lYH^`;ut$(f88coQ-C+GU%r|e zu!C|mAEqlvdr4x~pKRIWwetveV2iJ+eg`S&eADZwyS{6l{8!H)rxT?T$ zdXp$DVK^*dNGuvG7GSAE;<1DwvV>x?;8Yf%y+~x1AZ!+FJ4)uW1R}H`j237|3UL%j zZ!`zq_G%;r{4N-yDR6iS*c~V14icm)Fmgc13IJOHp(}t}dhA$)#&FT4xXk59h(>e4 zc`l@S(U~vNUiB&3D{s1OdqsXRi3$^t3&SPD(0eVZDW>@_T7($-P(~;*fjBV;DTZu$ zaas&zSPU5niVOtQ^3rW$7ytll1*txn0ogG+^cWV$4)B@tn_Lz}CL~9OL6Y&GfIR83 zWRPVC_41fUl<`)(b%a8gG67CPxCT~!_2y7d2mm)PGfpDYGxS_AOLCy`=4-_zyL1;Hhyc=NHFqt>Os5cz$jrWzx z`+hnb=Q90JgODR&>-BqpoITN)N}^iBIZb z`6WTL9##$rv4@obi`v7=DY%yyOz+|OqG1FdMjnt62yp2{WBG)k`S5r?fhGzv)d%4E zaL7IkwvPtgM}hAnyLc8de!!tecLJr6e#nlZ0fw;TI9<;C5mA41PuP9yn1J*jW&RJb zU3?6nP!u3P2MCB4^s#_~(SUfT7y3jXgb8$E&(s|mh`1o?_(6O&&?Q}oa6(YPNr*JL zP$LimOhS~71{^_9-9CdX1n8W zIrJ%ATC=g`o$CS3|J-$Zy049W@!ZWm4ORk)_yC z?fRd0|8j3D^H_Xty3xj#tD;=D@S&&t^w!qDMs$t?L_*k0=V0Y}dY^k@{{C@$Zx?me zzUl9SqD^(guF&J1mA1Nd&JWXb__5E0N%Li676yJ6Md{{=#&~R-YWU{MM{DlxTF;AB zmOL~MK5K_&B0Bt$_dp=CO_7p(X-a#yC~Z>P&I-1+?d#Ux``yc*zk6eB?vC*M@i~hk zUuEf{b}xQRn(4MKQ`;Wp{Hv+cHBBJWcMC{Z9XuArM`BldQxqTDo>pz|*J)Gwr~N`< zIq+(kbdh;JNCt?qN9SgdY_qx<&~A{$&bTkqI7j0|-D?NW^((K# zk1;+DmbR+X++}|}0uJeI`(L)porC3n)5Y3#r1_8C&5dzB`KMO8E=;k%H9h+G>0vv* zX+60~O>&cDj!acs^Er8HR&MRF@>3T)+!cJJQ!cV?Rol|sKbf?yO!c(BFS2yuiqV;+ z9iq?H%~s`utF;+jqc%pOvLh$%o~4TCs(H-IXXl_e_)dF|pXt@=!2$B#fVZ}3{}N~P z-Hk)n65}BdyNB+oMX@=Y6`C#2WAe%Nt>pMOeK6&VwXKt7QYSCQI}f1|+ipo&$+chd zu=$!@U3VPYwPe>tMvvDABci+GGMg;Pt$F$GZ>PIZ-+A+5tXuLr(1iJH*#WQ8RX3_n zjJ*?_fWhw%Z$kE;v>EI5qfN_pcYmsp+6%uu-LEanj&Qgr)|;eEs}sKeqs#th`|`Fh z$7SB_u6NOkt27%6(rs$e*YB6A$U8(Kzx1x|%`A|mpKLdQocNJ%88hh(~0!A zeD~H3kq#kN^4phw5u%*GZZ+3siTLTAjLrZF<5cOPao6ztr7f zW@$6GW$IRpQ@rKTZ|}2)qE9+`Wh?reBbTP**QCr3y(x>+vBZb&7wxY`R`T6D+Oy4R zDE7V0iu|E+=d{g&(5^T2Q?Jypc1#lY<%j#6{WBxW&ab*1{#SiTjt$+!x9ImkZ_=vS zXZ?__Q(tquKkUM>2^G#`&+h#jb7iIF$ z-tD|Ff6Eu8O)AHSI{nJD{Y86_(e5_3UC4Tyo8ut$ty>l5v+dDRrCk*3wLNJ`(|yKi z{ldKJPL+$A?e%w$iy)m2%{gs<|kgtAaD^DZeH{} z3p%gRLeFsXyLwN&RHsF}aCv2{JW)Q8f|AD}@dft z8xZ8iLUw)x-g^B~hJJv%7P_4@G{|jF^fdA!+EF+=5xgGl!08n2z%15K)Do6t{K(lH*PS3JPdps#*TMb@u{t$6gWh zHV>UW-6SEP*~++VLhI5H*(^A=e=UJwu?Ouk@lFyDn>06wA=qAC2LpUP09#K@8k5Lt zV#Lm9^LPN)nrLhPDiOe0qk+gIIWF za{63-g#?)Pv|*qg;>Ag`K+=OZlR7>hA$_jJ2a1YjL85mMXy0HW;Gq#@DrH0g$Y%!Z z8LqY$^DM8i58WIB+Ds(pVMjtFL~~ol$z6F+IJ43?rJ$HYK$zjaH(65(aybNSS-%z@ zswWq!?4Ze>sfC17CRD?VP}YPedq+0)NR^06mgsHJZpF#>z9b~F>TMI+)?04Lm;hUH3(=sp z5U!ThnCJ0G^1NgeH5&vn%g4)(BV@fGfC+3Y8yMR{VMl5yLB)D%L&3u`!LZ$@8>Pp zJ2h{cY6w+0+2F~2v8@N)u%G=Wc^AIr$VB9PpxAkF^gLm5@I=rDh@qz~{Je4Wp(5#- zvGkK~baN2PQJplodn4*Y#ncCiswc(O6WhicTdy8n4~P;`BJ2ak*z=@`l;UeuBW!UQ zK3bG58fS|LZ$Ni1kmL~b=39~n^2gxoMd4raV89=ZA1od}+6;e+He;9OZZk+P^hWFl zirMEx?bCXnx7y>e`x?>vw4q0h;13nUPl)0tS;H`q{K~QXh&80yEB)|L$V$=V=7Yrb z%Om??eh<-qX4)LW5&ofK{DVaKE5!Lzr*@jMWRPfoX1u?AH_kDH3OoQUA^>9l04hKj zE`UB609&+P#RNcH{05-}T*iKrX#v4_0X$*=weyjv0b#fSI^+OixA4;gLh}PS1Oe(- zq)-IHa0J*S0n+RS-NR20WFJu=3{xNsRY099Kx}CmTOb%+APirCNEjf`Dq_k2DJmcs zX~4%CAaxaQQ+bF3y37IEIuzgzaD2pwrYtCZfXN>qc6|nefKMUt)>4;4K%IzbEQ0g) z9}uB?w9;&|wptdpUzL3iya3gdrKIvka&;_wfwE z5DmxydHB(m7S|v!*+6xSQ}_m92nP@yfLLb==O7H}AXIILdS5As{zFccDff`6PYFw2#o>Xb?Xuts7!_n`OV>E1}2-~5-t}Qp&`IT;5G6Te`Upqz}Inz+h&SWn(7jY zL~aPlZXic1uomI|Kn)VZLAurFED^Ox4$uLDhW%sm9H6$MF&#Km2f{ZEQ6)7~63jweP((8(Xf5a(%*;YI>EC zZ0lm3)MHDz!xcsU+cwva)^48BAY7St{_@TNWluKUvc4${&|@m29*6FJ_fwmHlsDjSmgN9m1yE=2U|A zSMQo1pT3t~+RWCp3b?&@Gl&-1w(8>qT);zP?pMV&U-mn_{=PcNpVmb=N${_lIk)vR z+4U6HNp;(+vf1j5O)_eeedvCFy46bi$(A*#)$WtU$F6IqWs`|xs8n@Q+b#&CSniHj z`}XTv_)NXYv#w~*JeIp#$+xynmPwru2LIcUNB8Dw-TzHn^O0ISq@Qd)xCH%Ux-#FD zHmU9I)&EwPTYGwnCfJ3GX$TP(huJ0cYP{w0!pQ0|s?D=iSX~Zgt5uR_y#a8qF!%N` z`IHu?$AbUMHp8!2OtU+>G)OqzAkzr{3@)%L!!ziy|`rJABQCZkvlYcy^q zXq)=wwhg2Lj^$o;kMyhDWL<3Yy04NcR;w50RclE+8=h^RI;v7-7e&6TzBc#UX3e|J zmL|z6=a!x9N@)IQUyQEe`}Bu@UjN~1^M^k@PWlj&H(IO2e+_!*x#b?{B7ocft_!o? zW_7yBo?LU?H!IG*QoiGsRWm2rWbxR4bJu|MQ?XIa`o#w~m{I0Rh zM{gN?1_dh(mHCk-T(&lyc zWQuzima_El`}R2={Ub~t+!boyI!jw8X;yV?K`%{kP@b>5d)Tz zDMzRRzBxHds`}?L$t#!5&*}K->Y>FsdaO4;jeTub|GWBso^T#$^51=(kze)JW0}$$CX{zU%`?Q<{HG#_OpJU>X> z7o=%%M?XE$pC?-N(I(j`uZ3s8gXTy3J~_0rdtm9o4Rvn>Pt>8!va{LX;o0O+IysP> zWqvk@2IWt(iEguh>3xUZ@D$$D*k)v!J6VBlj%z(A+__Lc=`HOEysa78<(b_<3trlZ z(eap8r_rm29jE;j)N@7_SbdJn8L~gkKPpl8+T)U)Y%b^O|0ylDl`9lu=36?au@7}p z)^_=lM&*5V_{^YB?4~`}L`}}qyRE8yN9Y-^tt41KTGd>%S!T~riFDN2;xMS^RX^En z9o1w}Iv1zLV01UWX}ce4>hi1`da5wBZ}IP1O61OKciXl90K2=c-ADMGR1?=8ed@rv z+-C2y9o^fUEO&LP;KiyvQs}N_(}{7>$B4OW*wYpERLtY9L3S`4zr=0}NotmkL4F#N zesFy>eSzsNpZl#8$;Oakz^8cRM|II-k{b;!xuKr6c=_ZLAlFBRh zytDO}tx#sU_pOd;F5s3M#65+;FE?C0Yi_{EDI(wesH`N$ zIpL*-%t1GZry$5SCcV)-=k#dsjSU>>W+2Y7fujxEM33n*c;uDAxW}v<==@_tXCNDZ zgKRLzO9Q#A(m3iym8EX50SJCEr0x{9x?%9uN%f*K*iE!oyAT#tcjxn>oMVt(cr?HV7vgj$z^cjO+Z$>;qc=9Cm@a|ufdEr(6WOTre~P^ zcyF~^R|SM2AK)Z}YhYD)^2X>fZT)L z$sdSN4;MPXOac(=4U<~$w<0aoo=L7ZP-i6)?2qb7q}Y4wx~=RBC6c{Cx(|hDe^hBQ z)!tj}A@!a`wl~mMrV;Ls>Px2F`$uZQC*7NiDjWLA_l8Zsr!-p_0=|2>HU-}xUw}%( zH(Vk<;hyc}j&+)fPgq=?YEN3Tk!CUlLcXE%;25NQf5+RA^u4rvL+?_gCiIf?kLoO@ z=Nn+f4N>$Bo6`Z9Ngh$(TY_hdYYrdXAj5`5*Z0?-N!T}rL)rJfQhDD`rSY2!^+P$C z-xxNX-+;Z3KAh6Kc)L%6o3E0Awt_W(1?bJ{)R{O zr_}F6b9u@B{wYPXrThv2CYTC)Lcc{oW@1R$K)wDk(C3Sh$65t>4P38oTY_@kZB z4m8DpleJS(4G3R55-dB2ihyA#2|(2&C<+`^POK_m=(YsALLe&)7y)|FuzYDi9}uGA zfC+gUjJlc;6$lK=*NLk{V0eB>fFc1i2f8u=GXsV~0W+uIUSgnP0W%j!xqy`iWCQ|S zI#JXN3|G;>TcLhY8f4LlSrnqefuXA$7>3e;!PO3og5rUZs~#BP#j{BLz@S5q?gUCv zLNIhk(EvkOa-1$zM=(a9kYJQg*nR7mV2TMwS2cm$F4O7>$5qx*P%vH<1%t#3POB*# zRYFTq!7xuRw3QVMpsrvp?U}k$S|Bcndc+S?ZNXgBl?YW{fJ=)^LZr!s8i5dC5~6f8 z;0S{1_8DX;NK|St47CR0xBPyqjK27T_Ee}JsA8LN6R9!wI2-L zepC&Jqf+~HAb`&uw2JBmk@Ug|eFzgyBf^ByiEyE3j#H9^pnn0zHsZ^F<%qi_8-r9ELN zMxqvSS!C=_T2M-35P={~6jYzSKY5P?IXkV80hi15nuv>XvV z6bL?q?rH%5Q7{A%1|b4BwjsbC!O$L@3vU$f!2^7tm$$5oRT%TZ$^}DxK(G%C_W_?0 zprCwbS@!^g107uA> z#~?=>%n@a>cnBueQNCxP4P=74 z6cx%849lbhX2QNY9nKUC&m;#l0rNb=DTrb;XrQKGs3sWJM0n!?>WG4CBD@m?IzitH zfjV)pPK5d$oTQS#PLxkO(e~5^B+imbcqbriE(GEUhCBh?jM$tc)Kdu96S6;mflqvw zUC8VP!ak{ipP)g-hCc@&v&^U9NXd!=Na~Mmqq_x%wm#2^9(o6$lG; z`Gp`44;2a!6#@~(0IOhQ9tK5)K}CgwMUik(Sewz1Q6ZsGAU2A7G^>SkH6 zRN(t{++h$vPVv0dB-kmYHyMbYV&;P3rA5me0F&f@FGKv8kM3Q-&tD<9BY1iFZ$ zf~i8Gskm^efD;XXsDdC>JWLe}RHcKeQh`-TulB{jDtK@r4!=}v72p;eXrRk33p4;$ zLWGt6{egdl6clBp4znV+kRNCj4rxV!T0s%2ey|k>ZAIwKH24+w42A%}BALGfNEU>^ znt>-W3c^xBVO`n{j0409JjoHKE_yUeph=F_0imN5x|?sX1t|c^f>2q|X$T4i0^{xk zTPS*6$j~gE<0JlpeHxubE(ZL`;3F(Oi+=#x3SC3s%OFs$Fjy|`_?v^LFY%=wL>Cv* z<*CN*ViCi1`4;s%h?fu4MgBwtSQi)94SKYOv$uWnkvMdS-L|eyL@@-<##4MW`SQdm<3Wf1>Zjc= zO`0#8{@1!!9Py7$RVTGIpHH6bZ8yuL?u=Klt5qJ}ljoFqVX`8Bux0o1$_$F?Z0J`rFjw zE$X6qwkiLhwtw6^+S{@$%Id$Jwo0A~?OsTz(ykNrlW0+<4{4sX@H|^JBWjx1=ilcw z9g+z2`&+&$4v(z{y*bI+-BxGdC#NDGWstCOqi$eTY1O1N7V?71fBNA)_3)o|kXFC` zrL^;%YK-!~Pn-fg>nyt`rmWxR$728Tsd_ZMe`gCve@N>V$+j-mZi=C=>|XZIG$Ww0 zwOh=VTidM5_eSFM>^Dri%J!v5cah}JC)EA)M_K>)Jw>*aE&b!+pw|D{J#x72?$1XP z_sZrQ`c|`bQu>Y6VSRjDU4O?eZ9T=ee70Mu%cuPvljDrmWm4ORr@a$>x*D5%_i2@+ z6N13B{&}A)J{BuvKl<cS@-wN@@#uwHM55I*u81C)K<+0ZYpD!uF6`M zCCly9^fy|;SKGsxFj*JdyzZ-Liq-0cd1Y70Hlv&xZS%Bl$MK@bm(|zie%q{cw%O7o zS>+<~l3hv7AMFdzCb~_3_~-Q>zBYgO)1zh}Qq!Yo9yEt5IQLKoplScRF3ftH)oIg{ znzG;-cs@Wa<0abq6KjRE!-uVM0S$Fp8P8xfsFyDgCozD%ZPn9u z97t$?tW%fC;$wSz{@^(!ruLOx@t||;zDn(1-`m~=X<3->rN5KdB=e znV8*?L0{~>%>f+!+f!%Xng_W=CObAmS4LDvX6U8V3q|;)WY=Nf%~U6fJJ(j;9}&DP z$d`09+f(9~EW7KK^x4hIAOD)x|IHL-r^V1+9(d~W$M$xq9n$0XEyK$Z&l?X=HoL;@ zbRZgomTWfeFO=@)+AJ`u);-fVVt=G})R>;i9yImo#&lbT&KePAi#p+=-QsBcTO72u zcd+ok#UlgI|pyp^i2br_eGX9+aAwb z_vd7t+i9L=JtQw_SID#zB7lA2S9LKQWfy`KA8Nml)LjVg^y|MEZ2lnXz!;_$453OC zUtGh`z#wX!9M#OP97B4iX;o3EnkU3}_8K#q3Ni+F)FCU$7+g)}g00)@&YZb5$?7r& zR+u4HoT@`(Sdo;F9*sdXX~=IhJM|h+m&V{;q@ffXj3KKyK<|VV9}F{|)-aSG3^NkC zO=wi8;l^tkjuM0*H&hYApsElCR)#Pf=Uu~ap++=tOaL7m!!Zf0?~Jz$T^GlM)5bBd zK8}f2_GF4y_9#UwdmbwbW5`2 z9*{W;7Y3bN*!n;Q)d(Wi_i$u-bb^TQ+^GrCw1TK#238a@jHMkCa%{q>3mH^li1^O! zW)Lri8dTZzqMtEAu{ZZ)$eQyhPQP@B_pV| zH#En>>P7}tIHIrPlPptFIWmmF1gRaFK#E7kpsGjIMFus0u!GVyl1xaQB%`O5WEg!1 z(M&Q7-6UcQICUij?IbfZ4R@-RlEL+qsEeI34WCn*O5|gxR(Xk_t3-U`q52X-Tgl+x z64O{RxXu#YYEre9h;Q5}G70sT3}+5k(_JzsBNo(OqMD|rBcd8i2JMbOGZXcgOdw4r z1Mi?1+Dt~shJwv{Fr6l&snulg0V&XIG7Q}&@{z~x`opK)1Ps%CJ0lhtT{2-hPG$x@ zS*+<~lysd8tN)VqolHQDCxhxd5#LExgEBK)+H%#Q45|=?n-s4~6n$kjqKib+Ofd}W z!cdGd4Am%l3y_tg07HF-cBHCE8HSP+v8G()z7ZY4>#0ha^D0Z3@HPuknKHQ26tR*@ zHig_ui0YKVm8WK0Ye2{ZQ=%f)c~DE18kNDTO;)8cft0BXYP~quaiB_-5u=8UzI;xzOZkGYHyNu|>%cJ2%-=`e z8IH1+;T|aJ&N2fXG3W!IDnq!8gJ4SeEN57?O zj~SG8NzfoO933)3<^K5BwAR%k18a|Hk{vYyO_z+&3M}iB(f@9L)_`W|p zBAkQ?$MaDU_>3^gaDp5;bT|edjzfrJ9)t0YDKQ#n7#`=`k8&|CXHYUHhs_zS@>Gge zc_KxtJVSf3)!Ji`N?J|&5mpJAw<2=|k2cnT`{6S10y1%=q3 zoaG|wY7~?J8ioNXq=3pNq%jic?`j@ml0(C>Lxa#mh5S(dhVOSe%`>)~A!wokp6Gn% zaTZrJ3|Um2Ey@{aFkciSjFOwejn5#AQGhba=(ZSX6k?46bMt`Up++0!^d^)z8jLxr zOC5z*OKiVRx*N8KmSl4!D>?3Mu2u;v~{gEK-0*3LJQ9 z@<>@L097U_9J>#2N$ESgF7%W|CWX5w)Z_r46eg6Csu%94nMpF0#;q`>3V>%yAISTA z>}jGY`Hj5$4q)gD>8HW?ry&Ta5(X+~A%}BN=P?dcXsCKTR9>%!n5YmHmD~V(>rCUK z0&B)qQCf_QI>+U=gpeABks5@Os>4a;SRf`VH5e^52rrdQOy#sFLQM_EO_d>;WY-qD z^whKSQ_o`8P>L$XQN4)O0on_tsbW0UYp6X0$_v6()gh}gst?gsA-*d8782mF!nTli z#mS(tYM>k>UZPAdMVQKZMn4{|t2az%m3RZo39TYeT^6NPlp}}KD#}nqYZc{ucE4*j zwN>Wr%_Fx8@?;sSGhCEo3|EZeO0MVbJ!joC@GKxqb7k;cB}7*N(^Zq|s>pTKaS&2s zyE07x9`1n=Ug6M?Gnf{QE4I_DSNb8uN|*K;_STKMUPP&{q^kWjtwHW9>9q$03=;Vj zY-1|@H4y)mL4akDEvOXOfE-wi1S>nio1(!Y2X{xX9u^OFX3;A=Dy$+Gc1{kjZJVI0 ze@-y(*`|GH8b_l$&oJ#H-JWrHhlYHdWm5n%W{H$p^kl}phR>;F#m|d3#VAP^N2VAgJ;ow)JFYd-M`%1$~+dIo6fwk<*F#x zgzaRL{p3&RdkE)Z1~Rf=I#**i68kbI=IbxqY&@9wVk>04#VLsRuk6=fCQxqTDeqL?w*J;xRPx~d@67m!})!X;r?nmd|mu$1TF;dPz z#G&9xaVVVlHF*`_`Jwkmo*!%;lQBrz;Vnq>yM72Pwq@z=J|4T}oQs;AyYa%&Hw!EM0v+A)vG!wYrA|&Des5=w^PM+ zFPtoFv(CC}9^^D|W5?dxYMYS?y!&zg#mn|j?huNgGT=9P?G4&;=Og;o*2yxdlX1)U z?0D?-9gA@vHvIn!uo-u5(CknFkg7YxBe)P^YQW%Xfck-_*}PL`nv^ z7dGqAcjL3;NKxPPPaRsKor!5yrZj~XLX*Xhg3m>Qze{Oz^He&P8vrq1hv%9a|yw|@vd%fP&Pa{>-sv*Va z_b}=x&6g)SbMu~1eR*xGDtW*@!rS(lfi293+C53uY%OeA7Ji?@F8kfFU6xdJYXX0I zPaX~A%2Mv1j&Ga}KgiIHLi=No9ht|XX$}X4J7V6y)cY|4)vB>@TTD^vgL`B!Pp#6t zohiGuCjGeSe>9u_duyy4@abU{-PZld)*bG|9huwZKW)k_1w+%hwClAFF?r=Q%Iw_ohi z>^Bz&ch3Bs1*zBjKYm*pVxx7sf~8#)8))PF?3iMbfijp8fC6H+3h{}K*O+b=YH2o}{tnr7a`|Z@^2+J2c^N6=E zn8F_9g&Ib`iKyI!Gsrm(#;E=hFQy*#@MQTC!Z84hTu`rj$mbsOxQAUQF~>=|rk%E$ z9W+GYZwR`Nl2z*h>D6IMbkj&RGi93xkxx zI<_grA}MHuA)Ou41w$0UsGCkq3yk(wpi9wpy#Ph80V|r&0!mt5$X7@7yHMq>R*{SR zyu=~DL`v# zZ?Onfrm0N9>QR?o2y#`TAbluopnH{}P#q(NJ_$1B89Gp?0u*gEN7jBiY!S*tq}^sz zr6*M5X@_AaR0;&O^Nwcq6rIkfSAPP3oK#D_< z)(}r+h@~&2qb#JNDI~kvSI`jxn-6jLrK<*!-GT!RblGLWXB& zKhITtJXP{*{(yQu#1^7x_~7b2I|J^iwQ__iMXM)>N)J_^hj#`urO9IeohgYL&&55F zaqS%y)t$?_fjz7H940y9)J2bG2{g&kIv{kELU;2GwjhPnZb&*epau+20Rz;wVQ-=6 zbpe!YG>(t>3-(dn8uw;$G2l-IA7SZP{DD3VAk@OFA@F4|H5!@@4Mz|rcvXX#Wa3M` z8Z)4}Ot&QWRD-T7bD$aHThs%JGGr(gK}81Ek8#>CzO}lhatyJyh*}J)6GMZV(G_A2 z)L%Sr^=iYM(tYu~b5s>(Qt`#}Qb-Sm^iln*O~3jJ!IWU2;(2khFi7#seL=fw>NtV8LLxxEc$hEmbhX2PX@S0g*_8U>)F%FoK7xVT@vUxF8;mlq~DooFzEU%IWtg^G!#O>BGn7c$P

{}0H;*50rU^L1OalrzgE42c z+2{m%hwvaU9|VG(1;L%c^8r2=VAh#Ti~+1L+RiMijW}@wm^5g@?SX1)pfon17Ic=S zO%rTjS|DUvAZQwjO(VUMj8;RJVTj*FFu)p!SR=i0yBS=UVP;Y?S!jUP0-@G8)}Mh} z3j6U{h(`^(O9Kit4s2bzRmB!M z7&`8t)zc1-X{2yp=qx-5nOd|?oLTnHE(b1K^6A$0;^d|C%$k`06sl8=F` zV;#(C&J_bRA9CWwuPOAMFhE}@L?3^A&d0->{9-SzFA%VggY5IZvdI~O_5q)a1nvuj z?o)>MA^3Fw;KxGvd22oZnb9DA-Z$o+I=d9noKZ@x3lBII<0#huwap4tc9nW|38+Ad!n=QL4_(k_a8k!Ha8zKeoQy4liHfkCyzn*S(db0JO_={O4 zwY{s;6MLA6{?%VCzp+VHKekXqPkq07f8v?LikG&t9i26JbiX`N=cYZjZk$zh(R_20 z=2@ECW*TW`mCCv^*JQK#xwQ5xPR&j%Sf72qes+6y!_Xf-4;&EM6QiZMKQ$(t#h3~L z8r>3{Zr%@V+q6ekO>-``Woh%eHLOX#?3%S}#FGQft*LgO;pd-T{q&bEw|i^W)&)nl z8}eq}d)l06V*k!<^0w1!+uBNuJ^n1D)^)hHU3L@e0Jb>*YIcn^0nRJ#oxlG;R6MWc`~b=a}xB_g2N< zaoR+hnA*3HD|XbatNwc~cV|P?P&)soA=bh>B|a9#$LTIU<@PakOYbe+)Si;`@Z{aL z_YK{2T)iu|`NWRT-w4zFsmr`}Ab_VfVv< z*Kado-Ph?SlBwZ4QGtCad~^1`7}aPw>~7cEQ&CT}S9-KWW6s(~Wa!B@vWJ%#r@Pyj zS)1$v6W@5dUMHt;$cHW4{%VM}?N>zq`TmC%s?hzLEjxec6J>Nq0ryY-?l3)d+K#8% zWPN%>JZH1+e%?(mNwd}K{<^I}Gr@bOm&Ie6E%yt*(;K+SBVMmLnciScd77W{E#KF+ zeezi~FI}MtyVRIfU#Dyqyq@*m;jLh|`a8AbXx=rl@R{z6?Mz~qKNp10^4;#oQw9J0 znAGMmsm#5#qg}Ck)5(AKuRNEws?*$MI=)0ZWT5Y#XlLGo14NqfI?DTq&R0l}qc&R8Q;sB1;#pSltn6 z$H{MYv7UFPEAye*j5ttGxA9fcFd_Ojj=8cQ&R=cCcdzu+sXq)m9GQC)WPU#Ik^h`# zzGy(_jMBEJd;9L;yJ}Hv?7+UYXRnXRCto4^LxyBPn0c|bb+SzAZ|An|}cO@K5w%E8= z>8dkHRMnBcJ%3JU+S+m~&2sQY#Kd8`BmI%kaV>U}3t=DZ=p>EFY8G+*s_vI&XVhvC zw41BF_&`_3=?>d6$OgMCcd?VDpW2PRo$3};mjIGGJ^7yGmtWr{_2cX8y;WEqU9cvK zySoJWaCdiicekJk?hxGF2?W>R?(PJ4cL?t8a=zsM=j@q1XZFp^#ax_=?&s@fb*-xE zhgwx{Ro7aG4nZRpX&(vI2YpKk9RKB^$Sb`^y=cf&tkuW z7#iB%k}g{;^im1nbgd}iVSp%)vThARk1e?Jx4{QIep>PyI=$kWe|(K~{OJ_v4IN8-@qVBOibj-uG!)y8)& zKd#j~HLi2XiKvOlj+6x=ZupL?^ zkr5_K3V@+9zLs{jA~Vem?C*y{6AvJZ&samWW21Yh$3~&J5pm40|4LE1&Rvcv} zY7%k)$!-}biC8g&GA*On`!yOU$u%GHGEVDs4ji(7t>`*jz(NqjbZ%x2%67E#aIS(v z*rkG=JJkbSyBM#sUrl?7I+^;T=c5%v+9# zATJbmt_pEsh8tTM<&~3!f3{E~RQx??u=m7gWGVUpsb{|c0oF2d<#|9(9J1mdbTNf? zFJ+J)^75YwlN{&RDAkdxKNTj#!&$(+^P2mJ$>#g6R1$}8tJ{Z-!U;7PiusUf(Hq&2 zX`AXEpKHiG+zo=8KOvJ6Vex6ak;E|cqRRw?(srX;=lK`75pNS@og&FPOG-LQirY)N zHdGNef^!h=@eXT8!3Z1(a_eL6{}h?@$Is!)?7NqWVb1~J_EB`hNWP;h z&`5HNB$Fhdi;;xV#P#t8PNV&bm-?-@hK`Fppd8=dQjU+Kh(LKrCYjNCI8EnI!L0)w z6r*xz+u4Iv5O*jKGn}4AUJN?2Ufra0+X^DWiT6wL6|ya%AMxJ;6T!GfX6ZvbFheNx z23S(7K73!N%Ukl!Ioi+YV*OAl)eaYT^v9r}_$?JrYkDXjL7soGfJ{}J`oNow)vA_UDZu*NWFji60Kp*jwW9id2FBm!Fbn{BX zU059+|80?Gr83Sm>z6QY)QD@t!PBz};DZ^1_J^?$#<95c@|%QAb)ood0zwyp-LV zEtH#S>W?HjEIj81AuslrI}4_TUZsTqhXtGh_6>~#H)XlIUWL7!~D1aa0E5hrnG+(?wReD0x++sJW& z9-WLb_bTq^Ons8j&5KeVR8Zculqe_d16|{s`KHV9Dex7_hd=5a>SnXJ5rw2X-r(5l z!xVwb9ZTbPw=ilMF?@`=g@oo)bS zPXBfW*N$@E`HY`P1h{UBt$Ix`(qLqpbvCBzZ|7zQcSZ8L-@Vhng?v68MVk(;>3z@9 zThQZL(ZkvJ6xk7^g9PP*bTBcTW*@{S>1nmKkbiw(4@OYps;30~fub8L>ZXCFukOrm@eeHChZrpL5Zd*OQ&7o1e_ZjzwYUSxLr>(l)e-2l5$MOWd2^}6V}$_?cAiEX#Bhn ziT~X%CDnOEpKD_M2i8<`VSu|E@m0)d`)8Gl`erwoUEY@bV6e9sW-sO<2Oe-_M+Rg| zq=H3q9yUH^WX3T>IJ2{X?H%PP=gD#KA@_GyN;Ga{OIbL6MlwN0DKF08JnXQ1Ny?)u z#e{lGPnN6=Ij;?e(kwJhJ0t}!zSa#~3gzqmFfl#I46zadbUri@z3xDUNWifH&N*Sq zE99??h(>p*Oc1c_1^-l2@ZA3G&-TY!&`xPi1Af0kGu*Gf!g*6hjbKNN{vyi0xw@q2 zS{gls7d!fG|J+_>?HD5E-Aze44J@a5P73#iaU#gMuW9z)NJADfXLHPch~}*&>OLoR z?#McWo_cvr-kg17@*x7ry{)o%!w}5txmvC|>Rn@hD^s|+vV>6tj11epTJO5@J9ExK zJ$8VaRQc{nC8uYf`uqRm`n4=C)q1QxdN&-L+%3n@WhiJA<}H|wxnq@m75AbAWO)w>dHW zF*m$bRT{lc#81#M1{Soul1t^pOALtc|f&x!rjB`W}I{L^=Z{^{lgdd6Z+$W@#A{D z>-{FX>n&8!`=!eFeYWZ2nsM`eRPdvZ^W$|~(D&v{Fx9S}_8W~2Fe&k|jqhMEN$W;l zauj(qLO|DbD8iG5beRW_wfeS~!|GLi2cJ&)@WVx)Yq?+@vfEIuR{AVuWq$&$^YQVc z%%EUE(EE8-uod3nCbJFFeKR^(^X0I?XO5ke+2dS(CHXSPnW$o&&4csfJybHi!cZ;t zV-C5tO+LObvPkfCfK70<1hC`s}wo;YEj!xI*?3N< z4e0x{MuYyn00ku$r0To6e(K)vfdn>FC+o0yW5pNU&RY1UmE*JFC7m$G{^bq+4tb7? zBDb3Ye$Zv=P|wHXxcaJ9e5i9ucGx0AE~8itR60T!X+qA(>>6Qo`O@>Qe%QgDoW2A%S_oHz)YLZ^@Od`1zwR zAbwf5QITVYKHe#FLuqc=`<}l(WYu>s;6laP{8x+sNKqmUK7OMY1Q)-7Ed%K5@%JOU zsW3=wNt%&0XSMyrg>mYwI%ybexdMH?r)ZfxFZgBCYjZ?0avD#npf(GD|5=KH1t&>K zur7UWT2x<@hHrb8nR4|r$?ROUEOW3E%=(}E!&M>bJD&T~L_s=el?D7L)Uw^TGpmzS zv$we0zV(HX1VvoDoK`ZA2G+69=!IMf^m#W|lLBJ56y`oy@N`!AXKy)f=9 z2FaqI`#&)T*bP+>kSNU+St90Sn7Rgz0@nW(8kG^WP>i4_bf&pL_^s*8AZdG0Tn;iY2_Ql=Eb4eo3q>=5z7I58NAv z9&#~dZ2KJDg2o87{)H@>0TT(j`XX#;K9oCuA98^I;pi9-M~LCUYC|Gvl0je$^Ng8p ztcp&S2jA_Xzg&zph1;GtHGacl{Z<`^tce?j- zK^fh;_M3^PFB836&)_SZh#s9nIr!wbA7(5*tsI7$pUYbKHb4a+zw|qQR@M&Pj^QDW zs8(!kyKt)FXEYj9Qp)BUt;0p&A_Wt=xLl8G;|b^fC@OUl;5`L#6;w_CBu)D9~1ilKeSy5sU297+kVJQ^!FdA zkXWcXoO^|;HjYwn9;wx5#Fu|?#T+g+jqGt1NJjQd@arJ#_LSA)jLG4iAFox8Q2}=9 zCkWQPe!2VvB;WulVNno;HXs{B{Lo+C;RpoaDo?$@CwZOPgbvWT8)PZFBX7O#3*7ki z4YzhDJ__U{-CWxoGuEFPesj08Lf2oCp`9@_|K@EA(>rkML4n%>5&SBz8$!zG28YVs zcd}-k@iJvFK%He5(j0T8xw?b^{dB_A>L}^q!-&Q`dQ&$*uwV6C_4?Dn^1v?lWMnOG zwiaJs_&Zn|MI&v;hD+z`rLuFufOAP#rz(8s*N#_9ozV`1?P9Ghld3r0&2a;O6Qt(1 zU=_XFJfTC!DhG9dLmT!1BU7@4!1FfOmZ1@tS?hKk!PQ>nqltx=i`#2tMz&+s8JF$T zSY#(_Y_m2Iq%k~&LCofy&5_JG~ti7VwNW?K2Rb*PA>PZH15WLr8>1MYp%m zE`k~U(ju>`3F>xR{koQ(f$nf}e`#8PX)fwL3Q_cRxeSVK$5pfTgZIH5G$u9J(Df z(pWr{OH|GxjJ$w_CNc6Bftt>X3;$>dO^1_N_W4*;3yo0BsAfehqDV~V%Rc>Xh9+|D zCY#hH+DP?YZY_y<*_g-?ZdhGPLxapFZ}+~$QqWmS+pmr~XqC#WM;}4!Tmksh9E<_2 z#gNBx`ajkY#j!fN&iX_7x=67SRr=d9txtAiOQZGWUj5XFyFLg7o>0C)k&8Klo2VMb>zv685DJOqR z$)jna1Wq9gq(%ph@<)=nC9{1(cGr05Dw)rmKzRx+nNwRNBmMc@)v*G9SgGv+=j#Nr z;a{Fl^PrU=@7IM-9m(qURy=YxOjqiN3{(YhgmQBFci?1ddjd~JYJ2xTi$^L{#)?PY z`2Na6z%cu-DuE+_qeFo#2LcaC_4B~;JQ_}B;HX64b+()Z2MACb9zgbzfOF>4G?|@=sHS*?-h&J%vj&!O^6H1yUy73|YJ2Ci?dmNZf*v?Tr5N}dzmhyl#c)t> zaRWaYM3i4!S~TqD%HT`7G3bhD5|5B5;s+&9`fJ?Lz9He&5065&KEB0D-I1MMgV+{-70Ug*5$>}<+A$;>ltfV^8ygtn?dlP@;_cZ*f92^j!~0j2 zz!5-}nSd+KdgD~g}MA1uJ@#G^4N;s|%aKk84&`=k1WF}lBM?gLW%`z|Q> zvBcZSV}Y-%XM`le{e=jqCLl#^ARFFkO<_${HC|s&+A_OmhmhONhGrZd=tk&_S=;Wp z0jN+J5u_w$OLu#3*~6ZW(lXD3%0tbvInhDoUKlJIbUwh-Cj;dncN%fP?<7G5h8;dK+?bJfL9c7xUz8A!BO#&d2v_5 zJVl&F7%UP*z&`+axDMC$ZKX1$8>NQB{g!ZwqiC-Nd`wamg9U5vQ*abxB5-D;4`K^M z)Zi#&72w_5Co0pmpFaqj!~nlR3ct*b6Fo`-escgt`E&dcrzbQ&?utPi@L3VaL?G~n zHWcw+Nn}UH_(u{*kPVXQtbp>!Oq(z{#bSYbT$a*7vCdMN0_XDvvH`9QBv?b14&uvs z`vJ5WRHmoHba1%HK%Qd$@SOVnuRee_1B2!MCzWZr${3aDD<5!nAPI(l=;Z&=7;tnb zkX|7008#|nj5uay;HX64^*=Ua=+OhnViJ(W{J0vR&G_>Yh=3Gpjmy8%;HM-twDa}!mk zy*A_>d}i?_U5u33+%-w#7S31Hw9#E30@rvV(3|;9X0S zIN^PkDXr+TKth%&d%l#)U-Q&U2eh9gvOPOzlf~PF7NYj2+(`%Zt1?7G#4l2E(Aa%| zF|brAl05A6rCi>F+wAmkzK{{N(Rhn&!0~ZeWamNh{>X#Gm!1yb_l5O6g@f-22q4_| z2HlfDz*?dFksRMG`a;H%geRf$B|!}V1bZ=83+8Gn8BrG#=Ezw25gm)ur&<-EY~PbolDgQBPM(HGIgb-`q#iqOLCbZLS121U+$ z2QB+W0sWhTTu@(rI@m5vIOA%afvs+1w@CvB&8^FmSI+~oGN~;1T`k7(GO~-}tLU!};`CvWj zjPvCT8~t&5cWAJ=EhBr%Oh?!PUv_(3UYxHW!SP#HDLK5F6dhqMZaBlg74jrCDY7;b z#Tj(ncX%i;jnWqQ&~1x33V#4IwHp z7K=*=-5Za2z1y2Gpndbx4k6D=OR5>UzQ@8T6on~pA&68LrI{i-LcHfI9ECha_s_U4 zsxWyAaxx@SRc&~yb;?7CK+BN8!wgy4EO1)LV5;v@q)cJ}HZf8zF{|N{y3!QLmh}}v zNvu<>iVR9|+5_q7k?0Nyj9wc0Fe(fMfgrKH1IYg2vp5N*jHR4o9MzU(6&4hgU&Qk{ zj=|qN-g7h%fpx&U1x4$uN5?XtPM)J7%TfHng}oIB0?8me(F`O=d8&^TwL(168gWpw z;qtL76`)2?)Q%bCD=?FWA4t(lb- zkF604L28=V5^u>x-N{7_dNGKykEIN~O1%}B8+DRp%51mqQ>;<+=LXPJ<{y7`{=r(o zWy-Wmy`Xo`%*t|nec7Yy;DCzhhbcv6&F#vRo5T-5pu&()a)gB9HVzIj=sAg+SM7Ay zG(7^#(0XLmsjY}~QE~dNT5HAjZ&+bIkvkI^F5fcFNaAcFXI3|lpKh8mq;Is()3ZhN zLOS_R51fpS12NA#0W(w#dNYu@1MGwLzhT7 z0Whf0?-VZ#fzX6MPkfaf>I}%)9}hU8th|8y_EOpH)7QjZuF<==>Sk_L#xuTd50Z5p zR6DHLJ>OI6XtA(<9rAedrN{W z)ZjJ-@R46Ge*-QDzZMNS3M**FlzN~d+Ug%Ix5+V9p*YCpaA=`jL)y8}_jic_{52F% z6X7HJH$AzV4@8LWVeE$6Hd_+d$1?Qm+%=snYs6dN4f=Mq1r&r4Os6W63S9}X2&E(FOznPXYGETxW z-Igh}U|=#-AX{3yRR=vLS|oKN9xZ}`+0v%+ydhrF<>LFu-@v_yD5hqrJk%>*d7fT5tkau$ zwjnUCIWSffA9>5(IC&`kjN3<>bO7(Uzp+eEk!=>K?CK*7?CHobQbcsAOa5+y_JCC~ z;FtZCx4Yj1ULpu&j~-(?-l#qJrWR(KeoQy$;=AER2(63-#`ylQ`=x1 zysy@)!Paz$;0j!dD;;-fLUcAqs8gZFbWV;Xh)gS7UGl(cG-#utx^*g;N-w`OsEi-) z$Rp}hxM3E9mut|(21s{ZD(54pdS5{X;waG%s-EmJOP{!@!aN%f5A^vxa z`kEZZzIi?x2YTVRhW{|3rxc_To?k@zbhoV-b1nOawIns@U zr{^|rauPty`!rXIVOiuI$`d*&u;<5%=tP6u+BS_$4%gWhEG@wbqnKYr1G!^`A&wU1 z2CpxQmsF$#Yh{$Bf+_}zxPul3c57Y>tqC&=U$Rl4r*aiZehZDxy=DU!c=o0P&dpU&9E8(1OgOm_G@E*#4D$SB5y=QMizsV z3yBzy)&#;9p28XnvXpId$Xq#Z1l?$)9Nx319fDMB{g`C zKo{46ckQEAc`9`A_1UPSZtInk@OEtsXL&K0$rUa>`u0IY)uiRrIeaBi6*89O0tid9eI?gi$p! zKk}U;TTngW44RRr{c&&6P5SNedGu$!`T&0qcC&mj*Tz+4s&7fetNt|IhhA&FSTQ|z>3~eR>44}0%bu*RAVJsQV3ezN#(k%8QjgK{D5!y#9TA^86pM8K z;x6~Yk&p_SI^9p#4riG<;d2$NSCb||$yGRNgN%cYBa?Hp>_#Vr!k5Ib1F?jdOA%)T=-TUd;LIYZe<@ z$;ymDiP+qCEK!l!&izW_LQD8aMsiD9Q^u`OI4A7*I>t_X4I}fDx{!LLdG#2*f$~#b zZpc|9)35sLhc`9zl?rN0OJ547w@k_~C6dD{G)lGg+e>Py?<&DuxRzx8_1Kf9s~9_t zP@Jj;=DzapH{f0I;9Ph@J%G=gxZxh?I6L@m$NMBp#2F>!9 zPW_dfyT$}77db|B*c%eQ8QgC{u6fQ!ysu6>RjRHz!=lm9Now%YTv44y>&fNcO#0jJS7e;(Q{$C@0%=W))#Dh-ENd-92LB0P6 zBcA`?8FBW-|I&yX{AVMMcm99Sh;Q2#di?)J{Qo{99=P#%o4K;CaJlxPnp3VV;~+M; zZH=`S-XZp@EU;X{_;b!WAxr1=$0hyWi`AFyAY{ z1i6JPZCOmMnJ4*IR)+31kG`16rcY)|{kqS^wDIzJy3m0H%nPorlPEOq~ zGufXV5`V^9jXooJi`p(8bW-GXx;RyMnW!B&R1DwvC!@Osz5WVrd*0(JOChl6>L-nZ z6$JyTuT>0B0)U4N^J_GqU&<&kaTvxY`lVqE`X#9dtkWmi$IqHtFsSg4Chuu{aMfcY zmMDIV3}77a#znX=0g<7V)=Q<=J_F}FiyI}$R9!siA9NB+pV$}}`TEt0J7*XG6wh#7 zfl>Rk6&*>tv@CQo3csvD%|LrJwVb&-H2ItZ6TVfcr0WQsCd7C#Y{%F@%0=|1+1$2QRTT(q-*j`?ER0OU4r_qcUs5RVEWWbWMhRBW(M{+}4mQJ<=QZiQ=-8t>~(SS8un^;nK*GP?t#JuF20?WNY15!BSWGpcZI7%Xsyz3jVon2Qc zQYu@DJk2^(hP3d<#+42}U!}5;VJkUD&b*7C7)(V?)~Vx5>5*u=2vFHFAej=_sL<2Y zUg+AynG&>8fk*v6CC?Uwh~?>EN>z*f_^K7mjGz%K+rGS62*+i5eNl(2pY0UQ>@&-D z?9L3~PKI7zKMX~K++6P^%f}5WnpRB)yJCwVfgNlMt^^>Cs1^sYF)5b70x- zvMvYG1|0$0el0e`De>T8g`TXh3};9zW$j}o`5a~)-^I#2W_<}~6M0mFFTfit(y3k6 zrzj1+IWllK4!WiOE~32pCdi9aChUVl*n=v_5CwMS`x46RfH0 zML6xoB#LxQsmNn-3IxH_3vcoFV`W}oWyZT{L6~PUB)K8IOHA{BN^qtLzDY~BPe%!b zD{YP`t(rEQsNad}i7V1_TK+XQR6N=TZ8tC=t_Gq(oLjxO)Dxs~AHCrbUUNZt--~!S(;VZM7JF!pC+Q42A zH}|V`U=8gye-u_6v$^$wx|gDlPzZu*LYIwXYP*f%?@X3O>&N-PVP+T{@_uG*YxL0f z@P$h<%A6w~XptL-_qG{@?yc3M7d#$-;5Y()=<+Xo4h{ZT5R(b$p@1e}*d=wb-}?Dv zE}M~Z$+7!MTvl@&6pX`27e-*}7P75@QL}+wa7jE~RW$oD8MGCx_{=kroZW$Ji{BK{ z&e3Dk>Heq2XY^kNu}qo<|H2|rVGUbo8c6z<4jj9SkBC>a2;vPj|P)1p3vLC+$GLnt$lQw(x!7ZTn$vUvCpqIbPi79=pZP zww2;5tXt#gKARyXYqkW#%;Hi^4EB))f~G_k`0pRzEZhjazSB!AbJw*?m$g!5`*c@{ zJZciJmBoJ7_pUqxNff5XK?QrSSK^lF&BB@(B{{EWvO{&!@u8&OmygV}Y7jAE$0_$T zUaV6QR5PxkNtOs~qxo4m@}n#wJ{fJ%4p&u&&lS@r=-dwQd3t16{z#rS5;N4Ju*I4&WQ~i$M%G`hRwoyU1c$5aP^ERqaruLoS92HV z7`TU(*k>2&i;Q_;`9R}dXzP5VKG8PSN?My)Mq33NtgAkB?5uM?gfinbEc9&gJEBV` zNp_!TLU$~jaQL1k&E5AjC=e62?lqnmLQ$u^LYwS9K4T)KHNLopSrBDzd{yXW9()Sv zEMt65!f*ow#NovDm98JIMO~6fHJQVoG!%N+V8(z@`17qpaFf|Iq=d;k2O(*wx$qjk;j zq>mFgTWpnds%+C$F+Xrn+dMh3!iEygKFUo_j`oA{C+`d7aDOhpFaSu(UU4^d`)|K4 ztX`^=m0ap+$P-yVg|ECioM9{~j4W^bEQ$VF#KDYr0X1Pb^+dc}pxN--pb&R`9GypL z7iaW^Wf(iwZu(JqqovR(;rXF%4yel+)5EU%}n)`*)o)t=eTTquayH8-1ht;W-SOTG=L}L<W|6T02KY~nS#FOKS~*Ma&N+{wIAZF_mP&A>DQ z%e7@c^e|ow(>9`*t5~=M1mufYhR0UB%ng~WZ(v`Q_QnJ-<}sMauuT2>8e-APWOP#j zL5o~W53H>U;y?m-yLZw*yz1?P{W&x> z;;^+|HVkqRm|vi1WT@y+v(z`$>gU&5cq0Ql>CGD*mLvh0j{VprGIh^ z%y+BX1Z9!Mvf~AMLT|uTREp~@jS^A5$Jwe%4NW!$OOzzZXIx*HCXRuwQ|*&J;F~{N zIg?vF)$^Za)ba3{MMWp{m`1YF1o!q2J{2dp*xEXsBB0sEqa4q#NgExq+oEHvwm0!_ zJoLlq&pI0JRCrC5dJ9j)J`yzkXC0MIi-a7%+Z~(l9}ATJF}dX<N|-h3W=t^^r+ZSFxqaeLd<^kXli)w_t6-`Hm6Wx zr|(P6RD3biYz#xHG%OPnX_2@GLy@d6Lik=BZZM#%mhxP+kp5q?A?*N5A z5mDGgOZ^Tvuy1jgNjMvrD29kATYzZN_Y9sgPwlwXiZch(9^2^=50!eyER2e^rLSUu z@|l1zk?mbkDK#Ghp^P;oD~N$`#L^h%D^ z%KsJ|scO-zjclpH=FA?F>=5$=+mXN*%vwTPF=Z~@7O&%7wiS>SE98P*ck?9s6RA*1f1@wmZ{`q-V+>uVt7dcKW7^&;X6E+5KN+aJjbHI9Vh0C&ML(SD^kXg zX4;^4Mzm7O5+N_}_mB}sfn*DlC5D?yA12fT$T0@BCGV^I%}iHw>0K-+?6dXWvsLBX ziaw}S`Kt9kr~xCx-Xb01c_xARgz-ohX_^50>v6Rnn7QvUpci~oj>R}`T;(0 z!aixnJ`w&tprUW)PE`OmuDIaW@Jvi|Bk0OUt)w<<%;X>V5XDK-zrsy2$~ z0`dwG{GMNTG9G{(S!+xPb4HpNM{SMiPJ1BXz50Dseo)HuGqypO3Zb zZlL%Y*qjF3supi`$CeE|>uY<-q$3}_>y z+=JH6MNR8q;Z`>pnJQ5tZx-RYhQOuMo{Rj>55`urjvQ)DHrgNL_Gg6G8v_w__;j*EoSXT79R%g?@>9F30|s;;o1+(I@D6#?cT`1ygIitG~dw5YzT zbDYIbPe!APa}=2ksBpYT84ekxJjB$ zpP-F30>t^fL!Yh?xWpCFX392Y(+iN3jV6*o>H^6iemHnQk5o}vsx)0UepW+-b z$|ah4cKAjVo%HaQjvRHxbi#UOS@pR5CUA!7<>rTd}EPC66y4T{zLNg*}Vbbsn*MFOw7bXrfj&MSw+{t1ScdYJb895?6h;{8nU-xlw4 zigXMrxQqWGi4^UC;YY4ECDu;-`nM8*?Sz65Zx>h!Fd!Hau{Ln+bFmA$(JJ_wwURNq ziGr!!AJGoOntPO1PQJG62m2p6BxC(QvF;~qpu6E?Y4^d=axorIRY184#~23G~iYI`KZ@JyC9QcOt&DN;eaNLeRe>Ii$1C?B&Hf8 zu}%?h$qv#)JYDTJ5C~l663}TNeLsPMpT_J3Z&E3o^5ulcgl1(Ah+!_!WBWk=Fb6izQ0Z`tH%5Ih(tb!hOoESOSfs*6 zUe9^nCBY?BUWHo`&yi&S#=mUCcF_3cmEsKSiH-!<_%B=}Z&!a3OD?|(J5;2d^mGuy zHy(lI0VNa7Kp->P0T=+omG!QPuk2uNBGMK|oRl&DQx6s~-*2~vAtx%X2dob;6xKUC z78B>!10tCt+rS7|9Z{3^Pc7KoT<@RMQc`d7NWRewqt_hOEOggnfN(hi!vf@@Dx~Ht z1oBT9fq$S(Ias~_6auf?<-X8r-n{HUxkFJH6KaMy_K`8sv-sw~<5T!xqh%-SwE*`z zo7NSc)O8`JpS{MS@d)MNPU~a%OcA0}x#9f}mYKE=jDdd|G!ZM7XmIj=Wf;iJpBX;| zx4B$i13--Bux}4xK~xSGnJ8bT1xTYqR#WdX!kNr!!-j(|t1XD=Jizkw5T|Vu^Bl}X z9CXVF10u+0U=WmH5T{{~lyw}B%a6^3ZJQc@#Y49JQ}y*{_5NIi8eA;{PXZU5hzwAE z@&I*k2= zTw+ffs7UUokRKTqc!<#%P8X+;k6F;;Y%-hg`nCHaAt8q+7;XssL=DPyYKy1FEvGtJ z{EQT)Hc_!c#@}_tt=OsgR28XtmZ|7Erw#v2DQ~MyH`SCa@RH55RE0Q8LYb_`y=jWQ zK-dE=ISy){8dDf!ikQKlO304ln|&}-2gWZ#Z`hc54rS(w$?_JA4Wb=8h{ zW!Ozs`gjSL>@WUmeUECg9Brdw4fX=-vmRHczD6etWhQmPiPz>I1U;i@f{!DDK}cG_BJPzAbIT>9mO0iF`>QR-#3G+;0I zr#nwo)&r%ZfqvjeCD^Du%s>BbmR2jf%fRH6X>=L;7Js0tOF3GgFtOo8(&3q13ls63 z1?2c9(rJS-GIk)s!;faOldh={U+{zI+r|5CWBe}i`Q)4C+;C?VeW*15>r{rVIfH3~ z^%HNxeD1>OX_j5DK13wh95G0~kV{kh`zB*4NZb~<*d9296exbpXLe9E4FD@GEm5{L z`dn1oQmNF|dO&34JGrHyKa?)2#9>HF5Er$BKE)ox*-B?xy6-?d+kphBdB)_%rzu*GcsUmJ(cG;F|6GkO znB@O4&1?@bMMsslPB!}HwK2}_7Om!I31T)5x^c?K`nlX8LUVZ6SWmo#jI;6ZRjXKV4EsHobunwTemO3abd9iv#Ymq`}g7Ha7FWt;4a zz5~bmo&S??SqUdw`Gg_C@UnIo8A~M2APxtRKTBEVC zJmIF_%7u*^gX`nC>lU=5bOLyyLjB6l8bB>~4e;j#UCCBJaBrbRyG*pO zCBV{B$nfmxwIf^yBi&+as}MW7Oy!CJ^cd}g1oi2=zRYfK(JDji7|~3N`hx;@aR(St zB76D>i^@1A2RCRGhXsZ45h8;UUdNYRCxjqLIoF{Pe+no4or@O^&ML%$Mr}D>q7bB2 z(0WTPWQgEmV0q{t*sRH99|pY+5w8>~ny!duW?oJGXKtQ5T0Ko~(cqQI50vhUXErv40HI*`=GO)_X4^I9)e-|=C zFJ@g01$N&O(oc#-GB#L>t>|=g$keHKLe8!(OrE8%=tm<$zFhBbiWr5SEs1=)-wsW% z`v?Q?ePnq=*~yX8QWxw{p0@^{g$Vg*qWwQ%#8<|cnLz}{6}Xf;|3+Voj|j^Ps;2QH z^P^|;1`Jl^?DWNr#AseFeaC{f5KvL!bpf{yzL`$nxT+Qa3=@1v$A_OEx(txD{k8~| zb(e%=n?{E~CV79X-;d6xtkoVn)aUh-5TS!OzDg#)X zyiPN4kO;qXB{A?T6Hba3n0mZcUj{w>eoSia_h9?cyz4PzALcB(YZ*rNjHMudsOC9A zNUL^0I$RhmS0X4-1u4*wb)L2_Q)OX~iLP>rEAgvnnH6Co?#rZ*c$q(#$q2t>@s8HZ zSE8l6K{pS`ICc^Xli0^y_C0I7B!dl9lh}c=Pmr8Hd;;e z)B;{9&!1s;NT9&)G9=5vo4fda!l5q95-N9qfUkx+M?(AX!hGv~?h$q2YJT7~Pwc+) z_{GiJ!@us(XY||z+yR&t@=K`e+`}72_4JnhLadcf7!Rw^q%(pl;5q;QVehSj;%d6Z zUEJN>gL{y{g1ZC@?(XjH?hXNh26uM}Ft`)k-6aGIkl&E^{m%K0R^2+cu2h|WM)&M) zW{UOndb(F{V`L2*7MDiTz*BF9k($z1F=zrKfv|KOdLb1` zh#3tPrZC407c25>iE_9YIZvUBZt(78rEwX78Re{}jFk*_WyGe{NtVUL`vn&2RA<`n zVXIviPxNZ1%VZ`~&8INzQ>`Vbmxi{*w+Fs-r(J6=?&2ygp>0b(d=EbjWoBh2JnKd} zi)N|Plc2{!CoNJao^t2ZLL5Q^9j%?vqZC+fu-EqrP>DCJ+E-s>+pFl$!391dqvB-n znM5%fG3jKj)-Y!~fpK+~pwO&wNk%;?#*N6b*U5OY_59R=L9XZ~hxL7dK3yCh7}Kuw2Aj^E6R z7SD4qbZAt&3oJTQU8m@I=V$uXB;<0a=q4j`{aO7LlrOf!QTE`1b#0D%O&@)=Ua)O9 z6ibH~g<@&msd3A6J9-$7mJSD#s4yxMb5g;cVv=g=Kmk~-2XTy8f_OT0Gb3%$Y0(xp zqYb#BW7FikSmW%@&hi5vx#8Z#>w|bqh+De?MDDxkqmomoydFptWLIB@=d-$_(m`=$ zMiZ2;b)?L$4gBogxJ(4{t~p>qM_fVGS~`+T*0`bFS~`tPNfAR@IzFbyHU*IfAE_I^ zyINgYVZ?7}>CoIcDjro2x{iN_fqgpVedke4RnX^@7$_XB`@wslGC(|Dmo#Tyo-~+x z4B+EE@vLOgFu3q!nGqnOt&{yr+Rc$?K~tyNB4x#uK5i3HLb#5Jxq2FzwA|LQE>uB^ zw&iSIQPF-m(one1w4_`mkegkGnNM77UdPM}Pt|LzT7szE&augkHBZSs8Zow8TgL@! zV}d)e4YWf;ODiuLXyXp@D*T$>Bq`o2*#-t`vRz3D{p;i9^6N8zoX~M79Zh z8K|*q*h)E+!3n=T6j5-I$VTW44;djk4q|#l2?NH2J)UP{{0zPpph-jl5Jd50L;+Ev z8FC6F6}f7AZdT?*T6Nkr`&QL@V+%T6X%$|`Wg)3DaAjC=%pz1zj?j)S0s~4|l4_;= zqbb$R8CX!9Y!OYR+2qXexK`iUdE(^bPR=jjD&Av{UuPocBnrT&Y^#RE7YD=ziw}#t zAZ>=INdfB+=8bskPYk08wltHJRe`MFUWUZc2HaXY?gIiprN!NDt5VCRLJdfr z`-sDNi*eU;j>0LhH*@-_ziEa5`^w}(J&1}FqplSKIZMSok&^Rp4%iZf=q<=pgy^SF zhw-!XXRNMnkID`)0TV@>D!+xFvMcb@bwy90S_$CyFvst6WvsdEC%4yk}0DL@r@wY!hi> z)0P>_k;c8GKI$$FT^^u|6lmje*pKf9L&d<#6B1gTj*LX;@1W}P5;TM(ZCNAe7^obe z{lbmfy@8I>RDzo zJ#+-cna+*$TI}H2tyV@frb?3S>~(vxfPE`8qly%8do{r$IolCOEd@*e^1!Y~rRJw4 z-;*Jw2pWB|uezEQ*+YTB7WyGn(=ExuyYT}#kHEe%$ zf25!<({78EvNvA<0*i(PcMYXY_(Gl>{KJJndKtI3BO#59bw&XM18t?HV^uFTmKH1l z!n=MaA=HS9_ri84SVc7RLjl*NNaL`u>-s(%y`rTr2;DGh?RjPM^U0Ve48gci4?=I_ zauvxEIFb0k7ifTM$Q`OfcKFOqG=~w5A1&l>N$#q@c zU!lx{1qN4CN?!o!2_PWk2elLw_~_@QkZ_1y`L%Ruw2gr}>8thIs}K0?pR?1)Kgo}S zn~$mYZInqQF|szx%{vG!C4t)etyCHHj5GF@HM*y4abCE^{`}55DD7?e6*zB?5vdN4s7WFS$ z!amHcI!kRTOpd!_)tWj{Bb5azVw7J4A5h?7er0eYD?C`!tFsI1tBmCJ>XE)@P~5JL z+*8S~#t)+b^Tm*)5!Pw(BQOJNIe>-UaVl?U)fvhAUa|wd3)XOeuzm%p*$}FrAym0s zx(!xqMj3|PnH5{E0KKs!RPiVh$RDsEcgtFOo2DDfk#X`J8HQbm6F)Z#H9HGAtDVi@ z1Z4oWblaVPjFZk`v%ZM5_!QmT0;6=W|0Cv{e%nlUBr~;gp1+@+JadD2)tRUB;g^kU&%1h$qQ#hcbn~rG&quA>vtNegVD&Mzegm= z)9M&o5Q)<187o>AL2!j#ON-m^r=hha#17)@SjUbiA@ysb%=U#vF^ZGNU^!xiv8IGM zV1=`0X7j5FR1KfcPXZc^TK*2>ZC*_3KM9oK8B)=d>4xQpNh%?46 z9dt2S_=dwtb_-5}wZJA9pr-+(Sc=72BzA3Z6-gxawKk=1+>Oh3BVPjQH~{k%j>X++ zp7Nyz-Aigm9B{TB9q3iaNnq(xj5<{ekgb$RzEPEiddg8HAP@{=B_Q1LI>CUlTkCpn zK}p(x5l%VgMLy0cBFSYEbGWD;mw3+SZ_3?38FWc_QU>8lQ=iHdSLTdiwMii1&K}*d zaZ#lBqkAv148z4~M4d46wK46@F5?el##`&!`I`5R$X@;6ReSN-mDAt?4g+>dmCG^( z_}Wmz2{JKEP-hYK7ZI~Z3alxjzKQdwoFB^}Pon!(kzTWsr9P9TBh(kg)vq2knrJzV z7$oaeR%aXY7R?{;2bU!6h){ril9JNlabY9J_72iel&Z`d;KCb7!NzEX0LDBq-!d2U z-UkpO`bj27b7YNS87s^*E8#=UOhkKTQ`{?B8Bi$T7&62vgiOy)ERR5 zNxK{1Gwtl@z402Qj1AwZ?cg}m19i@TW@d*}&AqgSczc}#{tMY}T(}BjZG$ADZnlh6 z%Mpw}m3!394}za~NfpK@_cM1~%c+K^LJI_ZxJjD|mkaC1pabw$&y#{M18;*s)16Kt zvXP-PAY1@u_Bv|p9hoYosw5Jl5?M1;1dp76!kVlF!C~a9%6S*kyXIEBBxgh&%7l-| z&lj7x|1@ep1#TT+&u7aBP4aJbs&K|bX7Zl!wr-90*}<)WBb>W!0n7@SB#LbLuSM}6 zNc-4$Q>5jxiRQ6}TIJ%d3HyWPq!1FN6G~^$tPL4|d`%TS9(Sgl5?~IK0(fCK>B1MT zc&UYaKAN6Q%U8+%l^iLfy5y@W?Lxvo;(7ggkC-|6#{v|gUH;7D?^h0VPzWL#$=>=HQc(8PafiY4f6QRZqfn;4E*BV?5`LIoO^1wBV zP?N8sq`m!Kte%c}@V0j?)B6n7X@Hg=i^VrbVq~4cqZWa*s2`?;-Q`-87&d`+8!D2F zECkd0m*R9^UhJa%?2r;r2`O$nbfHl1_c-VOGUd%55{L|$f0PNLyf6CE91 zdS>HuhIc$)!k*;QbcYxnF_>B5&pQ?k_-gcmKk0PAtop#~xkZX4Ty<)XwGEMb&NU*z zM!BEHKJ(6GS3%0Zj1MRaH)D z$>k4q@uDJ&9}eV$F+Y7CO_hsSQDvvKSOJbBsAAbtJgP$3hHb+?XgVY?XJOrG2ZeLT?gMf%|tuxkS^OHufeSza>AVD5!PB5k0p=22Jo|> ztm;a?58SFV7Py`wv_jJ76OxOz8&QQyGKBsewveI z9#?1+{~l^kza2>MYDl+fTpUpt5}!);o&AH_C@-#@3B%zovg1w4E!*rs!86|$OfmMo z>%bCO`U4x*qhs158_pA_#>rx4D~!N)fZC0ug4$643Bag@_PfoynHVMr6RCGYI1p}P zn(ktjE;M+f`Q1_{;aM~b;6KF;>0$gQq>JPeWT7>cC6{eowAh*2OlqZB)YK>0h?P%n zZ~9cE9m&xH=&7ixiP|#~q6CB)X{po{jR=v9MiJn30*xhnalLSrw!C{|p?eBP#0e%$ zqu5F;R!fnBjt&O-6%xH^Ia$$ZqH9wnXhbZq<@D(B8`*e;C-#wp{poaaYd+Bf*;8Q; zvq`$VT%iRNIj|wg1bmz)6K|^v;b#M71iNE!BU8Vq&9P7?;pp|>mow=TeK>0C6tMRf zFN=cOU}|kW(hs`BhI`Kqvq)%j0sZta8Snxlc#x+CZ)cA>pm98pS_J^h9VIm769msi zv7v`#o0=d5uDVw8muLruh}N&s5%Olx2>)=<_qk7AF<8Fpyi)_K3cO5;Kw1s{ly`7p z*+|yZpZ$ue!aUgdsy#`J`d)}xc7Y$o`{MfjrPkK9H- z+my5|0ga+tl*S!T@p{PDgky`)GKE43kn3>F)a^mT=(A!`&liVl*q~*Z;bh7fD{j#N z^dF#L{HgiN-@#an*9C>?c1=*+&Nqx+c!kk*>q_v>y=E)Ut}~eMbZIgn64jMRhyn?dDky+i?hH{x7>D{|j7rsT zXNgM8&}$$uhFVS`b&uX*PiSe6q5NFco)5=Fp4tka$T^ac6#T0tJ_^*<_s;>Y1$8R01VPDf zVx`ifXV2x@*xZUbML##T2NUCaC`md~G#+9(OX|Dfi0*+)A<-YjletlQvdWBd(!e8_ zQ79;Vier~sz4{}rs5S4Dt}^(DE|5Zjuex_Zuv${`Dzi$8oAx#$4G$Uj26+=23YJuc z%xRA@6U79N_)P3lxK6Q~vZD^9Z0FJ34H&9pWND z=15{Vp*jPuJTwh;zTT+60c}~`X>SD5q*5EENLx)dE6hoDpw)KNc|KG{LK2IUc=2v2 znGY_waN0(C-%*N6yFWt}OZ#@Z^_(zVKYA~)@}csS3~IQ5v%mxsVG++uQ!#20PnDo7 zAlA@F8J#fxofxx;ab4&``%g!#V289|ms%j9tP&ihI8i7$QZYHvAh{ehP5h^i3{HGa z?@_9jsurC%)&J5WpSr?S`(@sRs3J(>l4HEI1_9bhc4(tcrRFLoIhaqRe%Lm*^6Qmq zj_m=s+AxnVhg4aC=3FikckQ$A^^pBQWg%c6#U2H3n7s%?(XIxx6&tbU&suS0xT;8a zaaSbFJlyYfaBhWzu9EA&GZjrFH?=Ym&RdO3b>Z&VaMv75RlH`_BmHQVuh;2p*t5kw zh_XjjBY?sP#dw!k8o^pAKvsAwLlR8*q97P{=pu-&xa>as(c3H=+DUW-11IFVN`mUUy~-?b^1b;<)u{XiKsYkX1$(;P(V`qUrSVE|8=Cp=3drB`By;Mu5O zyhb(&vd?%?&w#OKJj53Q#-FEhI>EUPLJW_TGz>06s6=(zSk}!+7DG7T>_r&Hh~Rt$ zm3##p?U+dWiuzPPMJJL^0-g$3v4eXKsAj2$i-Q=;3eUKBnKILK*q4fMD;N$lQ0QE} z9=FPhS`*-eurV;yQFP^`26M@9urL^C>yTmCOhcind)W%R5xb&kuLQP+f;MONC}I!T z2QyR}ZB=1}U49smlne``5M)Foi!aF(Vv;u^P_v{Wt>ES49o&TV^A-&bv$ZhE< zP!)%`#L>~YWfA^`5Ryq4e2UC<58>-$-s=}k>a17+)zSiMROxaOu0{m*aX+>`=L^_J zSgzE-jKhQ2-E&^G+_@^U{`E)_IPB6k1QlIxhJc_pIn4Au_GZT0Hkq#|W<0AN)q(I! zUr+xb$kl;hJ}Tjl3BB~N^vsjYu6bKehMf*;>08zjj^Zj+2QUa+z3pfZ0o%|`ic{2O zGR&#Cq1DA79mc?{;ESwCVA)+$pa9|Hec?LUo^c=Morrd(@8D){vL5o0p5wRR&_=f? z6i}=z3{m!g56Ii(NK~Q2SbXyq5lyUa`g5cCCQ78EEHTlF=qOwvax(p;Za>5U}r2xS>n`o`mDG!K%7)j_-nUaH9=HuGG$G{?Z@@4gab^X6is1q=UI^*0SNkoTrR{IiyL!h!_eG)U_lNP}d|-DYs$+h=9VjeUX`3+x+JcUv#J z2xnZX0BMk|>LexgHx07-NZXN)$(r+~L2`c_r|8t}0^T&px5qaP(((AFLB`EM8f2Rjq(KZg z-!uqY7D$6!XM!|Ho(f2VY_q><5Fr!0@)v>ivdJB%ca&^jqHtp%12Y+1zQuQszNgXLAqwf;;9Xoa+UL9dl-vq9UwyAkX4ZwR<+jNCnWKS+L-8h11p$!+4~(cJ_M zU^l+l;Ws2Dn0L z|0AQlnAmKQV`;mPcz0&w=-H{*kT&9I<3uwHo=|2GH)V4abLLvCZUOsWt8BC^bHWre__9v+OMtqp=kF=B&Cg^)!vO$eJJo$7$oA6nqHHhVZ_sp+LydPHFa zC=EP%4EMU;idhQocZ2l-JRcyISKois#pF94{wRrfxx%SZ?@jMT)pRMKE!2Mxu#7GK z&aK1_LkIKh08vN=H4!&Nk1$)SA;ljti>5J1ennFjss_(r4G#=7n#Hm}p7kqki z->hQK$A;>iRo>i^Q;%5ZL9^u_cmd0P7k@G!a1D9S@i9RZy^v8d5~*w1+Tw+F(%v$; z$Pcg-VelBpqgLWqPV|Gnz2)bxe6!fuVBn~Ut7nyT-b4})!A&4VHI)*`*VlLwFlF-mA zlyNSAkI#xQuaXXrob;=i03M69_g@JP@OribAz&ME<3_VD;eq!W3{5 zo0dmVMMIYZzM1p4IRGxuRkDcDg4WJ*VoZRcf>SeKnNgPw?SQLM{5-Du=;CWOkad!e zA7P3=MvjlnAly$^bilPlULUC+>&LwPl*j3G$+ovAHQVZF9AW2fpprwXRqpS(w6<1Ai( zKqISKMKfs4A?JbEV&Z#QLkX7_4IK_U?A%iPtU-H$UoUuDx8ptX=(SjqY;$P zHA{UpJ1GfvAKwtmDW^V0p8t5Zn?O)P`r|8Tll2^sgqoNIF@Rreeot7Aexg9;*7X4+RoCt4Ku7eyK1rI@!2rVDXLCH^}fO%n9;XV%`TjlxW za_NccR&3P-k3MZe$so@^G*nfc=P3+iTQN^tK94@1bF@>J?oOioNJ7>^VQwKdX(c_Em4K<8z`f6N z(oa`N8I`r+_WW1+lNI~M&)6Z5i258;7(Ub=W4sbg=}E@$;glB+yxt;~b~&V<^GQvP z{y&{Yh@!drlm1*i6yv}2%KeWf65=WqJyYm(ZQ1DHtc=jCm3TyTNLc18O`V876D_Q+ zqpO+IXY9TwHc%Cp#u-A~_VeQO*)_JtWfM#3n9e?-MV%dKGpOVf zyCXFr_I)@A;zMzjVQJ@^K^3R(<_nb%Yk-RnR>?%T21w;&?dCvOD@NboQ42GT8&d?T zP78evP|aIRd=C)K)WbYh%gzU*USw_4xt!;BCNlNTCZ~O!75ILID*H&nAWrnorxL0z z?Yd6+dz%4;HV>(NL~=<{d?Gc@{w6p#ZB=UxW#a?j)d=Mg+? zW0Ig#y$I}WFM5Y~of$)>8b1QgY$ zYtv4t%IC%`KeoiiD~xV++sB&|&tD8OpQx_v`Ub^+V>H$XWwf!iZWuVTOat9v z&bS}gV4GwdyuHbWWJ>%j2EngXH)vNM;jdf_RPZA_?KS|Q9q;ye))6R(92)KpaHVhi zNEu*@5mrU_V*N;BZCCOu;sWfI+2Q=8OyFeq`|-X-W(9F@ifAR%f@L$IK^8eZ6_WP) zlp45(a&lB-FXf3?i>azY@DL0=va(iyw~`hY=W9bapuO?e`RBI$*)Sa3_C0^`&yFLl zP7zDKf;)eV z&d?WXT8qi05HcWjhTyV;p0YtE?mp|0tK5(I(@meNG+$Ln*1C(N@~@2sXsSWvl1-x+ z`ax70heP_L8u$t=>2F4c#)d$~qH=5x`$8qOtH$`?b7eL~zNq5wko&XbI4l>rri8!Z z+(ojpdW)}vXjO5gQzZ2E@T6gw$3ZI=A$ZbR=^ad3N*1S21XIA4^G*!IqD*<`4rf@D zo_4;63zL!cqe@l9!1F9c<}77nU`wuiEZn<58wdZMT1zMYqRMk%=hJ^zL~6Cqgi*^) z$`ySuWo&t=HHhj?0DL_dC%O-2PdF<3GKo{DC%w=u*ey0JTH?FX)!mPJZ+XJta0XT# z1F_6d*p3KS8(2SLt`^0G2I;U6{25+=^nqWT> zrH;9>idKMgvP|`9r1+*_8oL`ecO7BEO#Y9G9By_X&kjc9bO?%L9^axB6M`j5czuo} z9qs)MS8XKm4jGdMRvu>vE0t)Mn_rP11{w2@iR4ua5CAJ7lF{4_k4oPuuY?Czfgr%6 zlRM4D?`5Y_Ua5a2K72JPz`%CvxuhnbOHkeT=b0hxT`90MgFxzj?CqYnrMCDT@UX~E z*$qSef=N=7)}H>2=iqv){ys9+af6#=iE{l>Hqh_;YN{1aL97;-w-kRZdOdz)HQyVn?RkmS z1J~Z?Ai)8lcPD2gGZ2zNtTyPuM`Hl7+MgA~>aO6CoZw^M;K*rg5UaNkEq!PH!Rnu) z{|T$(K-WVBvHH~Yjn%%B|HSG$#ecB+-0F?h(`#?6W^w*!R(qwtvAQK2#A<;t5UcMP z{)N>g*&tR+@_<-<{!zi|o9G`_KPA1fI(M%Gl5l(@Ivd1l-{Ch_KgIuHwR<**)dD~e ztDj=uSp6#o#Ogb|H&z>_f>_<+@y6=vo#*w8zgf+F{l;n+^fy+!qrI`(1@(>9&Hxar zb-(@1YHh$9t5pF1!fHW}H&(v~w6Os6)g791w_;tP{${l+#J^*8_vRa`r!N0nR=eMt z9UV@9SncJB$>;e`tnT{t7puM8-dO$84q~;pD~Qzvt;X#x|I6zCW%d6bSWQKgw6Cx{ z-Nz4~1-oT-p6vm)3U|o<(~QM#SIqL9`H~DDcs9O>VB(vn8lEo$!L2H0wAF-j#G6~*;9D?Y6lcb=S3?!Gga}M zxLiNob@-&=3@rR01`ZK_?coRML>RG1{kC$e(3lZ1?@Upw1HPkUEbp`R1pzjsX# zP)ZR#&R4XGl97gK)cm9g`}g0Z=i7H|o=+iFt_XhLOj^1mq_n}bQQfoE6UIyDB3=Kr z@Yl(;Sd{pXmD@ASZY|^*R)h-1nHr;W)6E-uv1Xv_mc8>|r>Ql8{KqAn)rfqARekki9mT&4bJ zQjOs3D5w&JgSCtqTyV3D5^mQK^>EO^>db&^YPhAqjtBBkC`vLU+8TgqEQ2gB?dQY< zEjsO`zDL3~TVlvy%mh`(FKCe&QChM{?DTeO0H}H9lFtUS=5U(44tvT)2^;~6QM5gh zl~^9#1_MgtYCk=+Tfo6O))=4>pti$P%-|+QM60HVQ`A$u z&)NxmNm#-;aBvY5n?4O-Ur=&K92fwfgA`>HD<L??_7@t7^OEifiK}@tzSWZtIIS9$g+;~L)Y$EgV zy)FK7CKS2?Q4R!R91IjtG!SzfKk6l1T1@Z*18#D{hBeadQP)razlSOTBo8g9gkx+J z4uM?yRO5JvrkWBPT^!!<6PPrZ_K~P)jK1(-IC&~@%~qW*7s{khQIXpT%o4(3A$QlV zp|401-)k}j=K9QOl(ZXg3MKt24$Go|24j@@YQUW%a%s;!2#zxWEPfn9xC-BBV@u5A z3`ayJ>@d=XXvK0W2`gS*bZOwBP}fE*=-H80*QzbcG)Skj72WKU&2)+k&0Gg>z=W8zl*z56(`7R|qeZl7+ zm|8at8Xm28`@>&p%ARj#ICk#;-2)$|niz8`}-qM=d&Cc24`q660%Cyf$8JG&uWXXT>%MW46;%ev;$RQ|} zgP#}67gmPGv|0zl*et-eQs3KTRMPk|uciQb_X$o=*wVx$7oxHVxqADXJf`%WL_5i%Rt(} z->tS{)?MYs7kKy#VMm>JUVHg4F6Fm*ovGCM6gTy&x_j68=YqSBgvao&xGB(4-MbBl z??CrwB0evm_ZH4UkIySEA36_D_&(edf4SG2w@T{_@O@wboy2(p^oKI*f?7<0IO6+Y zukZU?ZSM$lGaM|r(9;C!?d1t4jMKlCH8oy7thxJCcYwMRkPm9;6Rs`fv&jk-QN~Zu zGtOX8=f>Vz`E!`t+hL%#b5QSyzgWNZ88H*|bOQ9uk1bG# z-X0@^?%m#g4?fW6eoUVBBIJR3;|V&y?%NLp`n8;E|J-}N{Pinb|ceK0h4y;9x=DfO5LGfcly$pF$^GP|L}EX!+!T(=yr~P`qI1 zL=@{%mvpg9e8`WOkS{v-^T;;s16ZIt_APDZ==ATSMs5J=<!a6lho0mA>eQ%>gsu*daprCRexL7krLOuG@@E1`eQ}B*_x3Aznlo zr3_Dh?sBW33h-dGL3<3B*ti%@WmZTo`%>PO*vi#RAUHp&P1Te&AmFpC30dU6l^p_E zqTo$36qNmDs86yu#sJ+e2RU=sV)q2$B85ks3b>O+DuT!+ha3n!zSFL@{l1;F;`A&k znKxzodM()jc4dO6JjmuSDu_RAlFIj#J(XHXX+}6-2AS61efj|?-L_Gu&gL^?6v-gS z$d8y>gY?P~V*c_c-#yYmf*6JsK|fD}-OJ@%p5V0a9fYZ@g1NLuc|TWo0~oAGNm~dp z##eTLxMK`PTu1LdZHI&0{z+yx3C2G4G9vbl{!9cCf@~Oy!utB<5|=%vt2Gw0n3GYQ zSm(1u>2>Hl!k@y@OaXjl+@*!(-h>ZmV*BsV1+~_C{;n)#=Z8{)gG(5Su19JBiwTmT zuYYz>J|)4BXP6x7`A|FCdChXEBa2c-W}hHSlmiFR?k25A_xSfvsLDIwJ74b!QGJ+% zJf43Zj<^9cR11v=XKqLfwa7VnM6+0_BN|g=ZL#LCo0ya;IDr>ocNJVUjH_$Y_l(ce z3LzZq-KlW(iEz!aaOG)L&$L8eAm*Il=vYGRBXWqpE-3!nXoNly!peyF6?s+yj&4C3>|? zesOkz=vBV$pu$onUk4<HWSIjE&Kf)h{TE{jlO>)xM}+v<|B<^HLGb0@DzhhK%ogZ?&cJ?g>oprO56P=WZFF&xw{$BN2@Zv(CtZ^k7rU;@Y*zs8KRV zG-QcY5ilxqCM{tbQO>V`QCu2wY>vl}QCzp8lvBkys8!^j_w%&(S(gkmxOhsbc{)oj zMOSl~Xy4lyXJ3S~^g)8JY?I9{2v<4uUILr?z)>I}d7SM7AfJ>q%RPP-o97KUrE~@) zkIhVAZ2zYvrnb0oAODn?uH|JV*vOC&e{qOX;2EUJN&3GqBJ!uVZEys)3WF#KZYna9 zG6ga`6k4jt%UG4z1$>eF_5j)N|5jybH)xlDM=2*ua+Q<#DeJ(GRV5u?+h$Mkbp}JQ zyu)U$E$@(m-xsaCSDdlR3&?PqLNCuNT2BVjl#W7n__4x2Fxlh{bNIMWd=S9?k{vUZ z8@Czt8;h{{ThTrxq%Uk*t3pSR0Ssmky+*+Y-WwuR?NqVy)xwXw>Pre-Ja)5($%esoA)Zc63&-9YC3<0OPVV--y;4jeH^|H<}?6C z54729KZUDXt)SVlUprd5QW&0m5~ZHHEi=_Z-6ejC5#Y@ zyKOZOad5WL*F0}hcenABTMx#*zOsa4t9`#wWW0ag))$z!qTR^dBUOO<+S2JKA%?@btU2OFPDQRwsF%vmXT_A%+g--|TYhgFVq8Zu20|T^)=y zWB@M4t=TDmuQ#>>`%^ zluwEAuA0@Y0!_63v~9>a?3lJ;amJeCWL{eDF#W=!o#r7}b7P#( z>*5f5&hd|(+;d~9=W&#_Li(Zd7I?rM>G4&i%$Tr|g=H zFT*t7AYGm$yDz@&7eKMtiP^%RtU9qP^wnE)Fg5=$t}F-*9Q-THj>w%}zM` zl_0O0AsB`u$RxbmYAs=KbDki)l7xuP0=IX|&5Zk06&4(!PDfe}&%$3c3wag>tDZqg z^y11!(tj$vmQAjb``7YS=skb3c1Q}{tAA!FH<1pO1Z{OF)^X>XF@9rc!Xk*FWLzMI zHo*yM^>+Qu&?jyXL(gJ|D)Rqgs7(H|14dIdfbjQIFUI9iPp30FcacknFta1l5rT)4 zm0H2W-vDI-1mF<#A|TZ(h`a%GLkI-WduS0?pOAZ~H-P#HfdJYSP|K+_{6T2g$&bK> zp!*AG`!Ht^K+!)>1A{>T4Tr4{hHdtTEsv-K0Td5n?iBVP00n;hcL3G(`3s;uupoeL z2$ZZB5{CQ!1E5Fq!EXS?|2+RC{0*R}Pj3JvMFj!W`#KK<&~R7~Kv7Bl0niOT5I}w1 z-vByA3^h*w2cY*WZvg$k2ZZ7unAd*;XqW37Km}ai0NUjO0_aKM8$d<>0F>_yp!O&r zfc8Lv0P4r{22j3zhy2~Y0V+EA2GAVGH-J_H-T+F80s<&E5eT3;4u1jEt@jO}>-PTw z&|K~}fUesmblH{W*hTo-Wpu3l4bb-0e+N(&!Z(1%PyE*a?U>K=o__=AD@W-C$G-wp zGV3pZK25&?RKNlR(4SvG02K{!zU2Rp0M$kK&jETq7yCCr@&6|PeJTGNpg)8D2Iw*B zKLA>C_rC!Be-@x!Rckz;eH%hMXU14Ue;qU#)3oh~_-=j#C!FYt)^;SGdq#6Lvur@7 zlz1!PB?F><4-L)N)qZbI$atW{1(Mc`V#Y>wP{MVU|(GQEiPyiK&^!H6NdTSlj3q@x8WK%|jB%H<< zwoh6-UO8qCcGX&x)+qYjaqo4r3b;NFe)w%LahfQnx#w~CBHseL`5W1Ks>XY<(rxgr zX0hAZ)Oq(p(;|nO{nH%r=e5^Qas^~p-;VcnHD=U1{Gu1iqVBKE&dv7M^hgc(0LVy$ zA3Czn;J~>T*3aPw#>hh{^DyBb_#t>=!6qrHYjVa`{fBmQR=1w^Q@SB!KY5L}`pkA#1bU&>TK>3m7YhX%$WX1WlUtFB?hmc2PQW=4mVXZe?nmZ%onTm-k$$9g43xA(wL#*(%Pm;T3NeaXajj1Y5MxQW`%w*@ocZl5) zfG+yL7ENRo;{XRoS+~(u??&y7QBy(Q;vv4vnMqiwLr*YxhZZj#l#FwgV`aWAej5_S z357I})o$l^Pv0XtG|Y(xBicMV5a<3`Hk*Z@=xt~6Nm5S*6hAj z{28L`h)MjwqvD!5+BWYdL8BuaQWu_P(=aaA3ip5$m*<PDxVQ^uyplpg(w@_9GKAqP&VT19$k&99+New4H+A`v_ag<4n0O-B-eAk5J=&^t0YSHASBr~hgjT;tMl0Ow)hY@jQW`1*+5FjXpQH|&CcRDMDR3zf zxqYflV%2ja?uSFjj@hsTlthKa zKwdz;4!c1s=RB>V2IoAP#RJE@1*~I6{?@cZbsO{DtL>50F^cZ@3?taSq`+ zVK$tMI+z#Y+T7^sTEj_{-LTe{CQ7rHgA+gjVhS!9(iz0EYxd+8^|~wTwu6c1{ezTf z|Mne^ka++KAXk`GUAJNwrccc=+aRk^iU7w0Z%q}K=r)d}Dm2DPfz&x5%*h8A3S#s) z^(TE3$;ODGfOQ9;!4#eMC+Om~B8R!-Xg}eOdXO-1g=$Qvy}^A`^E;qw!`U6a^m1MF z{j3P%CIsLCs38!sIWdTSV@3EN4Dv(Ur#i@j&$hIByP*`3IA1W`RQ>>ymMI%rQ^l}RX>~soa96+?Z^HgR`hj` zyhiJ?GyDR!w20Hll|a(WT5kAa1#T2{W7p~{;|@SaL!ZuV5Hd48V?m6#16S+y{4nWj zOkR$$K#6l{Z!`NSaq@zIsc-RRagrG?&)=Fm1+ANf;S90RtF}MP;j(2VwmAH!5;Qu* zX(obSlQTQq(L{h=Y3xedmR*TzrE_)%q$3ur8{7FtB+5n()?s~t8-;j#Dw?ijB4r<6 z3!n^WP*=)-N`f2O0QRH7rh-k2f=Rr>*U4<;UzT|S(QABm z5ZQakH*RA<{q(98Po0+TjJ$+)ZPf8yw*c<*h>)m+1`VMd3FN4RQ&@;xQQloAShqB& z`(&ym*o0TVytqXElCrP1xsbH58U%Xj{aBMMZb#ck{0u<9*o()byp5R2%wXnT=b!7i zIclx1!ELwdE^}IOU0Ca%$cpSK1_F1MDA8|Z?)@Sz>|L?Qb%3J1>VSh$@5SoS^@3HN z^tNW${9op77u;~~4Gp@W1ApNb#glbz65sNpTwpEX&2{{Q2&szrWd%?^S=*f&DT4l< zan5aMWnSx#T5~zq(!;m8v0V|qG3Q@XaJm69{1?!;9lOw}V_ly+-*ySI9xLGXqlMvh zCX*{+*R`n?Y2u}CYG_@%&dcNIqVMX6dT-6cp1|vyKCHN!bC{#=n?_6J%BaFA^)d?S zb)Mi{+>~w9p>qBTmIwT_Pgi@e?Tf)p>mQfXbNFN9QJbqI>WgaUZg|&?W|e*??RX55 zf&{+^wM@!9R2}(EURORm$r{jjIVJzhe0bZaCkNH`qXm$pzRumIi}sXXJ&NFnLk7t| z<+UE~omHV0SyZlf-7)a2un(mvrGhjy=EqjL)l!?DdvadBcaVT1PEQO`a0MClap4uyrJAs(`<(t$#S*BoCYk<7FQq$~8q~*RS$OjNv7Of+PSSJ38R@G15IW3i zzYG;?7yL0VpGn0jH1W05II?p-_<Tvbuzv)U`JR$}`57+B9$|i?bjNJ}^+0x09joGM zd2s6YyebEpOb0g#F`tOU+$mxQ(*NvGH83&$F;(;U*B!d%#?k~O zWvXED(9W3HVB#GJa@qp-O|%0RKU-i6g}fFkS|m)_O=*h`>8g-zwW=oMd@{uXXZ54G z1-}SR9k6r?JvlQ;_*qa_P7v;EeIXES@?6aEy$4|EcfV{eI~#_ss4qiihA+jd8B0E1 zxd~nG|9)NUm}Qs)El_)U#T^qoZw`~qvY9woei+6TJamt&Q!*T#?A)T|oYVyR?7JLT zC(?diA^F-7haHC9zlJ~%CA)elOIWQBW&90-R5d9|%yWk0R*-p9cU*nx++)t8!M0cg z-^6jDX5wbW{tN9`W_0asH{&;dT0P0gQLV=a&8(rP<6u}7K_-q?+=;{J>5rEr8r8Rw zh|XaCtZJmHS3G3vET%|qhDI1mc*Of$VZZ46Gf&SKqQSrqpd@{VP9x3Ha;drvhSMBw%AQkgoiUdB&t*<^?@;M$(fpF;k80Lf z0yQ4v^t#94D|TvOrNsv-9a@&yTHLIgh9j1%;kBbGj|86t@n0-F`Sb}pyq9{k@YDLA zADZx(l-c4^a10w)FU>LcLK#(O6(iik!hM-=wB&ID+k_vQFRY!+Lk6QoJ`R@Q?20#~ z(?wO|*74ZMr#9b7HcAc3`LVLFnnke$Z%sxN2sX#mpE7D4hAw?>((Mm}BEJRI}K{yzYZKybesFpQm-k8QK_a!c>oxo77czwokinH~0X@cHT=E2hng zCuC5>ILePyP_c7CNA}^+S1+?%Q}q?a)|XtWXR`{b^qLz#2t*VHcg31aqUt#7^09$EC68CH z6{$Ig&EyAFtd~*2*3dSD4hsu$xO@fL5x=*~@!DGE-*$Z=|M~V+cGz03Y0flXRI|W8 zmR^?Ppe^D+hDtoU_<1*5(6D86}jH+yj92|3;`Qvs>EMJ8x zHrks4ws-yiq3$x5W1=Q1QK4rEmCKXO`(y1({!1pI@WZh&oipJv59Ycti2<@+z}eZKU3*UC2Pmr zU0xy?X2*+_BzVQ!vSl$+oNJW)SWz+G-K$|kI5pFHYr{NdpoO+1Pki$UY@{d)0ZFYR z&o|#P3zqJ1|BF>aeB{2Kuc@J?6h$y|yEyA%#qiO|fgKX6_*QEVA>#6Eg-}g7^I~!qi zn)mV$z@6zbxOo>!@(?(}lQJcjD*s{IK9f^SPhy z`YwJbe)7|m2hX2|g&E+7B1*<8$?bAm8ffhDD6xekNIRfRe06}^l3%R2{KbIAq2*W9-|d(K)Jqvhuc;cu^AC5!D{(7L(5RdM7tZF}dohpdzx z_RqJk3ftb>S!_D8cK8?__`=TgF7*E8hvVp`cBZR4SDAG;GZor*XnUv`DUmF~)fsQc zrxN?!C63BsNy}={t;AUuVCv7+*UNIp%sZH7DL+*w%ffSFKY=-9XrneVB~+TX`6Z4q zzPoZxpOY$iR!#!kq085j1k>3*qhzMUO}1Dzuw|aSt3D1iZ|r-O=k6Wrusmk(ScB!E zIn5Iu^LbVh-;Md#72>WRHw!k-_e4357NMQJVe=)2I?a5fY#J`sI^5^vUF%GFU@4l*a3KSu4V>tDy}VthP>uqn^Ec!w%xW{6H+vH;g6czK zl+ILg<7;JB)Xt;Q-Bph<5boJwcg&%*!|srX(nedz#2%LDkWSFvOpOnHx?Ory z{j}z=EM#!ydqUU=dnK*+L@lr06VRAR5VFxMHUFj80RxsTu9wva!Uywe_=J_Q(g@tN$q9XA~5?mQ%1%!L<{9&6_FjS}*1gy!m)w!AiBAbwTHsapH%m z_g7L|ZyI=WyEWXqZ$E~f$;aP)uNU)GW%5>W zx0#)1Ofl;>SC`65R9eL`D8yo6+v@+AQ;Z|9tuEhgUCtd-v*cZM3Z6WD;%l|ILh(*E0Tx zx_i3|-a1EX*$zh!<0whjxGS6REKSQP`%9H_5hdxChFJSm56!ddA1qFyH1eY0sd)GNVr#5v5_{OO z%(IZO<|W(KimSFFuxc;(u_m(K~7)i89-QKf)^ZJYQ z!X}Bmn%7Onq-K@q@L9m(8iT$fPKoJ^cbyn|E%4$d|~;o{NAZF3RIG(OjZ(BzG>wp zTK%yJvf?O+rgxXIF&&;qp-vO&hx?qG)sK`&uDE4=0=ehgTmHV`_#Rk4RW{4=UFG@y zPsTM{8?`^Nm>#9ahHD*Y*Um;&t!a0}fl4Dlqd}h+?(xs}`NtnUu60xF{IqL-$n^Bq zuDVkPt9hK>o%@Le;aX3fTs zE6bz@a_`c$JO3wC=}nYeXIR_h6rlb2KMx;$|Lr#$`9Dt{ecR{%9OTM3Lm7^@%%F@1 zGQk~YB~C7RLiuxkINidC|E2uOwY;IWvtF9b>M3HzemG5(&T+{nOF#NR#L;-$z^E`U zcv4OBP{EdYu{>Io-1CFnOILEuZ+o7Ln@T?Q&6{>O9COFtx~Fk{ZI%nYT%p3a*g@jD zBXJi2%Pnhb&D%)p$u#V{yIAF1@pHx^2iqlg>;HH>;z<0=uR8tz-IH%O^#6AcAAZy8 z|3h3m^nY2muVqk-M^!pMW8;;gzlg@?zD^d_F8^UMo~rdU(WSE8;Z-~O49ZH&+bm$< z*uO(mrJ?S8>sEJ@gQvxArHyWqIG4Bo441gN+4JjvE2q-fHwU`7&kvui-?jPj(hVio z#KSEz+fU`}*zsq#{!gMn@ofM#`v2kg-)-jqfA{Fg_r3l<#O0p-m#Rl}{EH%WNQI?EkdH#u|uw_s%xr5QE&ErR{%bPP4hR<@z5~GRp7C zpt1+HHp%|SjnPgejnTmOua^J3i4TJssI&hbK6$uV|MT7BN4@+X;$oNoA2PQ2bj&>? zD|rH6p$GOX)>+X&?QK>_2wEDwumylt=VWiWTuaEUeczt^-P%R(p6$|K^lP{N&-sMO z1gz2jj~{Q_f8Rgp&;JLx-1Yxb%jY`hV20ivw_(Ajb?4tbr(eihozBQ5C0W@&w2ghr zVHsD>iHfwoiU)R#wBZ(5x@s#5Lh=`0L`nKGP2+OW&9yx~g2`v046o;=yq|KB|7{eK6! zO8WoH;d2?wkstV}uk>)$3SAFhN-gfK+V2d#C{d9fdeQvBhe!AB?=@xjn69sL{;D`} zRt>nm!{jevJdQ3io3}RshslK9bW>JFr7NbPw=$tYp=#J*E3m^??D6rcA)R*T>Y;ZW za*Ouy8#zh9;~Q)meweD{gAB@*Q`ui?kty=p%=MHh$k>UpJnM($V*k<~`RfrX2+98Z zb{9EYKUERMO_TO!s{B#2e>=g2xDJs9TbbO;KcUxtJKb)TC}H*B({lO6?l?h%Sr$Z9 z*u@l#Rdsj;8`O%`V~5;7PJ z&dhOoVlha6*5Y1<4|}hCM$IY+hvM_4crA0cDhdqO#qf_mdVy@`+Lr&d+K)kQ3lGLB zL>Ge8=6^ljsQ-BU@X5Cid-*@ag{=SBc~8zO=PJC*)7V?C4S|(;te*Q7$pa ziWXYW_uss>wWud`%uyusa*w=-qLCrx!p>R%V^ql*joKk zi70(=P-Yp&!|TOJC80`{-EFE@yQKI_G?eCRhun|C+yHbgbiw)IbF*<60d$dc?Gfop z1m&Hu*bXx7EZ3FOa|H~}CeT9$?^&F7AcJ$x>IP_VMhrV_FzB^gG*$oySL|aP$ibW1 zxWxE7?yEr$F5lD?N>_P|Js4fD9EgC+{K5c zy7PS${^CMZ-T5{$hXGJk8)va4Ej2t=0lsZta#p6T3Zgoj`UXg~{o@9g?1ZRxg_126 z7z`%6L0%W&WH;d~v+uU{J#z%~^&cwc1_q*aK#kneI_lOiib}TiO%<$pl{L0}lapDt zad)%!*~Vad47D|TrC5QtFV26y{O#HK`PlUc7H>uQNC*Ub)Bc za4;4sUP?9^D&9+j@ZWfKQ)vF}aw61Db!SC@nd!`n?p82_8M#f^suwrZAz*7zq6T|0P?F`$rU)?yYcj!prD%|+qti^J22a1$aFiSTF`VNYI?D3CkF%mN8=#i z@aW^`dGzt~{SNO6I{*avUFx^Bc??}PCVRT$Z0Z`Q9%Qc_ETN9p-j(yr>u9W=iic0W z`))t`xr1T<1K~ zJTG*OV-2sXsyV(SnPTo+k%Fh?KT@xT6;{qc|D*QXDkKKV1d z<<*;K=Raq6{of*;siN7C@@7%_eZ`+|{nTa%2{G}{RyVE|p!~$P+xtisjC(1N+enrE zFG`L$5TI)G|Klg$Zr1;P|M;8ldi{ThYg7M!S+xP&C+z_1H*b~*SMCpcp{Cq+hn2JH z_%?+-c55|s(_V|Ux^C8=h$yKUq+Bz*ao&^T@kJ8NRXS4({miMhw&b{UdWm($=Rca` zRE5iNljsu8(PsMI`unt($XGoU_tIpMtKdJjOPcq?h}Ey#@>L9A+v#1rE7rC-yt!@d zLvM@k<|AIP(5Xs(z7Suk-(6mR?|JdWz1%0Ue1!vrtKl}My3ysKA}6fArg~Q#2f;uq z=fw_;EG}RyF7@GJ5>)N~oE?Db_Wy4mZuS59_WOSSKgdPj|6R((oNR;+_7Otv+Ix!3 z7^*ssv71mEL?tSYF1tvW`6Y>h0NQ`4oSjwETWPnQZC`zA-IaDrVpsYrb^WT^|2aEA z)%t(8_W$p`dEDba9OOEP|97LP<`8|P81~t&SQFLNN$mZkR_|>eyt1;R)QZSPdP!Y8CoU*=raB ze&<*`DDb;p&4~lQoAlPTZ8tW(Bh`_oeAVcG76kYj{r}B(+xYL__xN9jx$yQs16({q z>d4;E?Iynb<|(8RfO)4QiUY*_-WeSRWWM2~mFA%4_YT(-*!=!M+kl&QO^$#~rE$pl zy`vu%bbc=>9I*2Zki~^Ozju%xdmg1BJBL4C*nh*B3g-Saj1t8@MveXV@ZmR`@xRAU z9`*6RgIo{38m7~aXVD^!7wMVjKREkpIE~VI9JJ4y{nh+c$p70H&(2@J7|zEHjIme# zzxn3-@4w$X|2=-#`~MDeeI}kI(?~o&7td!hNzcxniI*yv3(x#ZOroUt{c9n`Sb2d= zWa@uVUyGmo^i8ZS$ci5>qJ?`rtS(?WB>4OJTKbTgFuU4^B4X5 z%VM%T~6%1^|# zy3}pYQ`ez00L;Lzc|P4Wn@I^4XFJR^L^O?h2M4iVe<77UA+XKNK&Y ziFq_u`FE3H#ysJYfz+*>$AQW}Z?^18gz7de7F!R`E-ar58R$sN^n>Bq+26%iU;Rrap&w44e)ZMa-^G7N3lS1|mU3+VTzYAC!dridJp}sU+vUTL&(2n6ZK}m|c2YNYC7#&QfE(X3{5v<$JOlvPHV_gRv)*u@SuNo12~Omnc=)ww9X-<0$+h zHDYDAriC{9qg*~*7DM5uU+8Slk0Y)9QK0M|tJhURp~J6=CAliJO0HC1FM`xJCPp#M z6|R}lUemW1&zCh5LNDStGUu&-nql%MeoA6*`BvdiGOKjQs^w2>5rx5>kiyI^P^-7c zDp|68K}BZESlrb+A#tHyGi zjmvcQj#DcSJDD-tG4$%Ax2DL9=ne9NhS5KH@$bObdZCi1;@)59clkg5PS9VMoBP9Z z?O&FcyGT3CH+32KQtw>zJa)BO;%EQ56wg*Rm3S4&vG_p-<_MacoxLraN}HzzqY!@G z`vPk?a#&RIMh{A+-@uq6gHb+;9>`#%2QnNFJoEW{Z=izFz>GRD1l%85(`e~HC{9sQ zYYWL`G_6cju3wFP6HO*|2=ng`zRXtX`Rn3DIowp&|FlnDl`LH$Z}gSOQp>bhMQfLb z(xo;{6FHgqo;}W6B_2j1h(dFKwFjF*i?6BIHOsQ3!rNAc8!J#DSuz+^$(0O7RrXUJ z0bJKZdmhO0X$Kj;fFIZ1zb%4B0&5=&e4VOrkfi{NFMjJu`+V6MBaY&QO(VJ5{Nz_(i>p#8^z>Spxn}BfJSd+g zuB;sFxcS4QkxJ#G;g5-RK8>>|?NynFvfNCW`koAeyWI3B#C}6$jQE*pF3lST;mJSD z)5<*~h!*4FG>WE~#5@Sq^r`sbk9+xY-OFD2=NDD?7aW=qXdks~ckikA_nzKc zJJ;R&^Up8Nn8kW}ojo+YUScihbZrLCGfcDRGv!^E>yJJ2hoAFoi%aD_72iB8{k%df zek#5z{XKizT?qmBQR&x3xc&R%@>{JOlmuGXjEmnFO0V}a_*nWq%SHLi!@m^tP1cxi zHK{^k-$gI&R#$q*+G>j;vm)dC=j-R=9S|7doa=Q9~ji=+3O#Gm?R zYk9luM{subb9PvXir;=M&ho3K1#WKh`$C4|*Q;eK^#{4r(`Hj%xxHf)M570DX%y9i z-7mT?d@ZIbG~2%#=R5J$^+Ko7-2bSqhT>kOH#B2d=p zs?CvSW_|IwSGEXnsM}a2z6w2MmEXFevSK$D(IOp+m&yhP{M1Gkw2f2PV_s_GEkb%T zU#-153yEi5&v2{~H5OOdmn$9YZp>u7d?r_x?jj@bYB{4-*hXh7WF50tnI}4XnomcJi*~IRI7tPIw6*C!*?Yyk}dJ$(-_>)QD4zJ=$F;eM`QlUt1 zqQW7sh4j40I=6$nA|fV3p?n)V7#T(h&FhUE2Y1%&%Xr!nZ%HsrS2gC-vojY_@S=Gv z6ZPQ3qv2nMPlm(chsVQ*!-t&#=1g|3EUvR3g=NOmGZ_RngzDcKyIg8NxDzA80r8z-yGKtS74Ai~ri8p?tgpl* z3dSmN(?NN>bwdZ4_uMZcBfb{DUad!CODW~RA9ey- zBNs-GXmMlpNWAo9=ikGw)AP6ITKpC*Qtgk`Z-uPnk>LN%150CH+lt`)fptAhh6MHuLC1c3fLhzWl~lRy&W!)`?-4 zHk*SOE6+9tUd5zW2hn0r$-Y7nSG0XN&Fd^7B1$p}Y~o)wd}dr&3YTdShSHoP))?Yz z5oa+Gd&D$H5iboawZ)gRk7md5;4Tx!U)Oo}-(Rl(`@#Lqx{wm`*Kk5Aa-r3n_;>C2hT+a`Whu;qW zFTTOD_uX3>Zkb*TqUo6p?@ty%Ak2}`d6t5-bzZzD+l zbQbv2nfcDkU9C9Ylrt6N$j0ePPKQ**It%{fCdf#MSS98WHO?elC7BdwAKnUaBtmtg zmWd6yj{4qg2YDR4SjDftN|fP$U3hiPUisBmHX&xL;zW7Yu3ILb=H78Fu7YU#N_|j4 ze((#T>5q0ES5;5SWV)E!?1QVnF8`|kK9tE+5C1w*GF>F*`!T2ga z-VL*}-PSl|5sPOnQw(tGasN^|ek+1YFPK3Zj%SU-Ob<*UUg zQPLch#aCYy9F?d*=IWr(0l6#vtFKBM@M?`_GO>57TXVj#-=at)vS!Z*nfTE{@ABiX zy8>1T2#NaOtDDUIZ<9CdTjluuLZ>-zZLCku6qai|nR+u}_OxUXsCI1z8li|p zNo__gLMEBdEQ?02G~4p*p7~s?2leeD$TjmyhVp2G9Wf7;6o=!puhxIJ#$YVdnZC*e zIaB`TPgi+(H&NzXW8)inbYqzlk{y|?Lw4tztvh}F%>^Z;x92Hn(`hS*;o@z$+6jdEYGNUoZgN7`SMGab_n4Gy$4R$#Gke{(JMqbzujNed zTqhe*BqU)>5nO_@txocM_UE7q0Kr#Dmh5EDot|?hmIPE4L7-5m`c>gfJMOfF1<_g_ z24qU5piE4S6(seGR!!ztm&lEK$`h)=8>T(J^Fg74AT?t(km6WJT=RMl4oh3835RBQ zN%Py_uP^r8{R6k_bO-Y6Dh=o)kuO{I$}9r;YAp(q!JfPSRN7*4OGw~d-BRL((*8tO zu^g|d_a~3Y>FYl6y^uzMm+X?EngvrYnnMf(4<92QhWwUza)Qf8Mm(bz#|iiRiECDb zpcIF#Y@3|&H$8G?F+JsPK3(ZQvSHeDyWnol%txt7$*7Ud~T zCtO9`N|NDkY5?tFb4j1#m>ZRL{PtWimm@Nsv9+S0I20<{EC41B8@-sVMcPO$mqG zwu_;MO-Z#JxUIkQ8NN3#YxT=B6Cn2*tl0_pQ8KV9q!uozL)mB~BoTeKhTRZ%mbrFA z=)0MW{fN?AlvRrXx{AQ`lEP-|;A!F^mx{h%HE22LigA? zSZ1itcAyN=@{^iQ5Kqw*E_r`LlLWjGk#)8U1}IubcgG*W~9Ax&vG zH^T1yS`t=nRyntI3WLnvHd7t? zfH~^^EMH>zd+Uw>yFnU?W16Iu-`QPu^2W=APH~b-8^&}Layx?qwnb`SAxgDh5SF0a z^JRAhAhoHuwt1afrLg>Al;~WT(~~|#j!B2`8=BlE47~r?N{)X#8-~m$FIk#PZ^&Nd zLFrW{G?>Y`Fku2-SjeUm{9w8O@B3wl~awSf`+5~VN+R# z7Q-8cz8OhT9+Kr@Pk=tvi$%A2g-`HCKENQ;4cWuPqC3kV@l2&R!1iRpL-`1%t$f9K zFJkuc;E%+J6!W0z8Y5;5Nk4Kh3DjmvH80rzLd(Xqyco`#~c zm4+gRd~l?ebcS;$_aHkifmmajc#xCCBl%K|LBk_GU>c-_sW7oOCtfO#gX*oyleK$I z=SmC6PkxdPU>Rn!t?byFcu7Dbk@;I7I)l?eN}^S9b^tRiRo1ysZl6G)lS%mwV5#KO z!^obyzyB90t=s|RM2u+?&Jn$ZXG%P_=*R?|UifIldrF)%Bl@C)^El^GP|k4Gud$e|$cjLR6bY)N-hUIb_Udx8&K%>A!+&0}mSd zIHFII*|f^+Ncjv6aZdC{XTdZph^E3y0w(BOo3si{BNyT;8cy+e;{`lUi5JS%p3Sl2 zixZLCM9`H1zC;`nEB^HN_a81kA6>kBe|+-!-O=0A{`t}I>5F!oY!T{?T@x?2+g+T# zIX&v1%H|a<-)J9tTHE4xwBG3`CtB(1iVFv4s=0L z7vebDD5D_QPxAlDWu7%sZ#aJ;hu9*cU~aUU(v+s2tHZNe&6)x!FWNsh2IqU4I*oEuI9^|Fcas0 z0RD_80jdq{HnT+ni8OyAyb%rO#2b5ZzlCM`M0eX=_uZIJ6MF#2SXkI&6etZ@-98ye1$3X=HNP8x;x(h9H zro5&!#@!E63jx4*aRRX><>eo=Yo4*)gWdxokD=BZ$Q_xLBWTT8G7PzYEzseb%%Ug* z!>NfVw_)mzdsW#d)lBmjzKv&8q(jcHbvj5^Ob=&(28S0)yP3;ua%{@*VnP;-B0$6) zNd$~7jcH|(7qUNTVr7$e|qHs&8L-t-oN()_?t0Wnw< z08lePUcj|qsPl7=ygEHPDWta)%EpnWFGnILUq$zf!1kY%N8fIi1rAetE{gD4M(r27v_J#idQFWG@=QO ze7nNfIN`InC$|-0$Y5PaYd6t9{6p~QoI`#^E|IGv4-p;hN6}295ih16&5|tJ5lq8u z%*?b=@0@X!gp_kUHE0UGBnw-TpRhPp;C-;#wvdRu48iR3;uy>>^Gb>aQKh9}@5et$ z5;ZIAg=C7Bg_b~T7T~TSPWO^Pcm7HLu~-Ng+I^RNP+PCEK<%kg`pvQmNj`gCSN<%?f7iQI15T6AG2U@{T-Lk_R zB7H*VpBWzqn|fni2_tt-Aww2<$y@;@%^CC769&bCag}^GC$n=gNR&xe(@Kkc;Qrid z{ecl|CdiaU8ANJV)nrlbHTgXFfhJFsxeV8$hMs>tKtzMiy0apWR^=AWwCi@!p*7?; zRE?Mg_1A-k{$ODT3J>y*ly{bFXbvCcYFmH_8cUj1MU;r&B8In|Bxpf^r>2StLfz?N zW*L%>{QR@zJe);A2*FqIguo#D{IgZ8Ci9C~jskUNxVqVQ_oYz#?twA?WtU`z{;W^h zNo1x~c0y7^ePDb3)!B~da~bRcp@*2{6jHu~JSq=xis2N}z$Q-+mXZlr)-)nP!sD0* zhBdf#U2=Lz>SC-2{SUg5l=WgDDMQ1Dq$q(wz7B*HoIFa#QbtC@z&vHw z-AAO49M=ip+-=R2!X;-Z`3(4_i5JH-5}z@gsn9)E#U!EQ80=4F)EVP_iyX@twYNhYV$;e<1st4; z7&xC3PlrTMW-B^exG4eZr51|V$@A{PvYnwqf#^K%9_)YyPEgk<5K~T6>uH&M zb#iG;JlrIFo~X1bcwe~r6~x?9%k&U*4lU%oDk?eFQY%GnTuJ$LWd z0olHtFn>a(3{a!fgOLEmk=apEO`@Cc&>f=*x4+XcqQqsxrAW>`UM9j5~g= z9T+1FQ4PutaLI|S?6PW<7B~VGt2YNoAqn_xl(H%8^d^fzMS9uDm|vKe0^ZnHM+jg= zWHDrlrn!=$uZBR^^(M!gApjwL?yHu zyn#oiUfgQ^p|U%we1?W*PnF5gbp_gL@#5=R*wrD9qdS|lqw|D9pk1((idM_9!tA{q zoEQlFk;4ODRe*sraIQfGV+H~^*Yo&bQ^}+jAuM_3Y=*183befS(uCbvmi4DA3m|Z8 z18-H^PiUDd6ae_8+?J!tpn@X$i>e8j%T834f-m#AlNPQ3({52nu=obkxud>NxwZ%? zqphFt1SqEwcvt2A+T{5%`)><^dF{+b_X1V_Rw=X$57p9Kw78ixz)#~FTJMhDp7yL? zTdwPxY4H+L>}?cctM!$2lz*XnO=^*^t*?&!5C32Pllu!kwZ2*# zh2E6}`AYZ@ycu7~;LEoG`AQ^3OeHN{Wm0Z@6a)%IsnjVR&&+7a@c>6*M%41qRM4}2 zT}Vm~_*XLIT>hhguV3|)f(f6?mo$CBpH}YpT7Hd5nUR`v#uuhK%cH^3c%0C&m(mL` zb~8FE>-H--#=Gl0-7rvgF>F05m&-VXv>BtCa4ey&qx_@GIs;ekFsePwP6?=JEa~Wr ziVUjstJ2AmTDvW&_3?Ac3C1_MZaOfxXPE1b20*mJysDsUev^Fz1 zhz8`?hK*YsG7ET31}7FUxsrZAl?S5nyn=YvR}Lw*T7?OXZc6j)G`e94kAUcnmoU^M zfNc|IwJjn%;UYZ>8Tf>X4BmQiEZ@E^>2h{XuwuAQ2*n&`m1)SLf1txjC4{l8B1z1H zCj!Cy1gfpr5%n#W->x93(s5PPnj6V!|@0vjPky zo^r@^1^(i@*Wcr%0~W+e&aYV*B6Agj^GKYq8@aD0bj(DWxj)LgQo{P)&N zB4kUGgeN(^%AtjmPhV+VZ!o^In=3_u8b{6*D;QMELcQk`8qIZ)-U@bFO$RiZ18MCb z)m1NT`d0Q+rS`IR8gtuXv&gWQtfg;b9uz6o?(A>MTY5d6gzb5kO*V%?cNPPHXa z-E_etS7nxvuhP_)gbyU$ceCk`CJQhP}mMGqhd-yo}Kba3A*my+RrHE zhSW;KtF^Q2Hq9@nHjA&8_SI!wmrp9Wuacv*(M>|?LmBBNe*q7A7P__YIMr`mpJQ~i zPZxZ?l4sXM9{BZ{(o+AQNRIQ=ZF|9#Mf!--t~j8c!cVGX8nniWHzh)u! z>AYQa8nf|m9o+*~uUs{7IO8L!?R@ZUBI+8>7gp&E$P?30_&AwC*r6yIy`z5BBN|<+ zo>8_Vstk^_eSpb_vl2ZkT}19$uDTFKv1sBD^0B}?5Y-2iN0Gj&U(5-M^46B2l-C(XKB8ir5+1%QCo;o0~639S{QQG&f+$}$8@_*|ZL z*+?F<>8-^|hi=9^#r#E~q9KJ^eFb6e@08Mc-HO`Oi;J{NTYkYe1KO^F3>5LMxRy#s=2GE5zi>gCN5HfrzEWDb=XTvTTws8SQkn~@O!hdJa4!dzX% zaQSVu@K}Qeq61~!=a`S<@!Bta9FLuAIv4dXOLBqqGI<#!Z=3>NK*#dNCNa96oJ2^K-60@L-=A})farO2HdCmif+5(Pys_;cow4-fyA2W&Klu&%B2nE=c*R4!2^UFE?E3kCB; z-+`yC1ncx9yFuzaEM$jA;oSO&^-!!Y5ZF1Wd?f23Fg;Yh%Q)da6@n))l*+u`>*noi z`%z3+l676gPA*SfRY-4SLT+S%&GlJV>j3Sby*NLHg1)+#Hc_42MGPUkeL|&~TFdSb z&ahZbM5;2yLcbvUnI$PuD#L}9diR#haZx~(dw`gd28pf`w!&$Wi-^Vm^ zE@?=oG?ls(&o^?OVV@q^hJ?O0Pig3wpL1O7KE|jecmJ(`F%#cnP;QOT21l85<<|=1L%!aX- zPN3W{g@*)JPNzvy1!Hu*SvslIVkfG!Z7yRO$~Q@iUv`sQk(xIRjFjpe|HFqr-?-iW!}(oyaNesDH52Lu zSTyd{<>fiS+xG+-Xt11Ia>+Gvc2|R4+U?4XtwSZ_Ju$zmHC%9?pq?Ae$U%8VZ^p4meV_W95nzH~H7{;9Be?5z==s+q<-2%< zk?Mpecq_xv`I*tkxl_;Ci0~;(<No- zy*L)TI>AKXRkd!z(?j_0Ee~kn`Ntt2qTMAM(1eU;k#CT!$DSBU?oh2}fJH<@KEz<6 zDj_&X=$PIOl<#6p@AR(~(yVLJs|pe|<~*=iVKJ1cL40BRDz{TJFhv9E!fv70Dr?~F|4%8IAR$#e;)b_p64d+|=GZ3jYeH{~ zyS{)@nyvhW;x)iM_8EzsCp0szR3kf?gM75re7xgd%~wn0U&hS)tTrN zpfYYg+mdSP{N0aPR#>~4rD;{=<*I!_MV4|WQz*46l_0lFjbdB%)h_||ES_(gV50Ih zo&gFHFp1W5Yhx^>m^9NF>H3;cnzNQIM7Uys>qT)w=6=JV3;8s^&9{Z=w#4hygne_tdU=G4 zWKCO_4Bo-b3V2ViN7@tW1rV84ZQEo!;^c-U>C6ks+4;^QIcm?(MIoB!z9uKl$1?1A zlBThvnpQp`Se@wlYNoILJqIhb&YI0pT|ls$gJiD0uap$qH_}uYT&wAqLi*Qo!)-V% zsdI`9x>z^j;w-g)v`hvnpL!N!TIw4nY?bZtR z{7GB7U=#_wYE9oR!lE%1HWpxkILoQr;xjMQz6CDHl8?K>gF-f>1yfrff$%4^(#2i> zkh;rq^q1LaN*osKIRzeRSbrj|XJYlrb1D1$t09V>U|7oXbJ`LO$jhnRYN8BOe8aKWBoP@#x(u3q8T80t?F4`=|QI6 z-G?YEm{ML185|9cn%SL4RxiBdjovT}v3tS*yb==A#HUdzkB{4Q?DoiE_kZrVm7=id zs8*2N^ym^cvPzdR8tgPkx`v!3F;~gATJpVA9N?Eo!dip)!py9yrC92P*)65St>(jF zNtlFs0gI>*=LsKDcjU2fme9*dLdArKK_Rj0EsNN620m;-{TX=3RF{nVRV+z;QX?dr zvVbNufR^S)!ifhr1d5sOQz{3sSuj9Ic;N{Ry?GxIqxGm*1u0dWa(50wB@`$;nq5|? z1!jUEn{=T#F-;f`Y6N-3ZwVizGy+(I5(es=s~fR%!_>?O#z%;X7qVCPLR6P!-iT^C znuYndqTW=qXbP8G9)zZsfvBgPP;5%!?)Wl0b+1;QGJvWoA-ct>j#nPIwp+o_guoG& z84?pO!IDxVbJd5b4Cna?7s6twDU>v*Ra~J0UZTA7fRj}aGY#ar*Q#yG!8}CV)g8=? z9MV_Q%x)0NCAaIl)bL77s~VTN2(2JTp)Td}d%u-Cu7O8|DvOI)%~B4LzI^Gscs@O^R?`Qdrkfk*t|}rS8&QAmhm-&cp~$v2f46EUw_1ZueVKj! zq+#UfV}?xhRORj#SuU64TP;9M--@v7!pz`ie{?}=yyf&QR8ej6{^r^>bC5dAdQp`O zm*BOC4La6M7#(t95Z|=A3*QS_G0@2d91}xS4`O;K z{IklaWf2+jbV5GFuo0f{+elS0&7jsbGA#Bwz2XV`Q%;AFobvz_zwAsCvVHaH{OHq; zQ7`#|Q?)Fo-rYsX5~HZfclt79F2|_>i(tmEAti4v*P8 z0xf@ZLlgP+@%aZb%R1P{%{8QWOQ$@UuO!G6x~wfr>88{5LGU!@*6pUmg2pxS^}PzO zg;l3Yr!b^*D?JL+P%TOg*A2B_efR6z-Crh%7wE_pi>CWuPpgkun0RiS<1oSodMO7rUSXj@Dozt%*TvqO8iv{>|9##S#5m zX0q!X9Tw@!XW?o12(#bkKU1A@#(rh^NQOoDMM?PvLdyv3~#ce&5V+EnjVAvW6KPrZ; zL5}-i*c!-f1jE)qzYfFpv=PJBK=9rewtAYI#;`5HX+s#c#hlj1ur21X5e(a6Hjj#7 zTP)5dFl>vtJT!)Fu>|X3*p{HbHim66k4<3MEH33xqGgJ;i(ZNs{@xe_vP1eZ56Wl`s-Wpgv2H>rp{UX3yQZ;jyqP!t& zTRnrCLQ0i$y$EHqs6HmP%x3#Y*s>hU9}8R7U=7a%J&omgD)GWsG@Sl{cP^i>q++V7 z8$cw2}t;A&&;95B{WYB641ys|pi0=VX z)4abIK&^uRCc$YM&1Fsd3XW@G(+Vsylu;Fy8yBjfGI^&v2z`WCJDd;L^SA{?R+JQ_Er1(|2Y=Xw!!#IXP+=1sv3L z)xA9Q4m^jh&!<(mtErdFiR!-X!n%&kdkM}P@2qlpVuWEbGt zuqlD2F4Wy-BYnGUWUh))%~UB+TLzc$!2&U^SyWa2vqB2lQs3Q2250ak-lC_2FY2pi zhBant1w+|VJyb|jK_jTcT1#Jr_g~Yw>xE;UuyiubGrH&>DR`0oSzje=E&}kYQH9oh z7#IDc!7dq`2K$GHd%xlUoF1R_kCqXPMm`Tv980eA*T?-mQ%TzfGr|+|apJ|3IT5KB z1zr*evMqb;5JSzbk_gh88y3%xU-$P=NZIF?WrR$WR;fb4yrbqksak1t3m@eq$9su# zFO?+Jfma(?0s=u4@F=|X=3*HM1^biQ*I7K3&jm)`kfj8ERSQ2iDrX~-%?zxr2xW=& zyWGXDOb|AXc%rZ4tB@t35xxBl-Byi?>;U!H-eI*Kd&O@_$iYGbT2f?s7qdhv8+-J` zgwMi2>Udz?AQ}Qw%U%If2sBX;*2>cDs(fiKT`pgDQXfvG#i-K=hjWrnn5b5dHFCny zq`YZ@VEAHiQbVhW6I7TMn4rOk-)_^op`o6fCb1Xe zh7T6thN~%6V1~OojjtLmT%@xiRJcgE2_>vpZ2%!$4b?5tUmqCU%;+9?;H>MqSm1ua z53DHP3j$n!5M2`i+(7s)r4ghjuRHfXoRN&!N;A=tVezqE%wkwHa_seES$u2A>ObG$ z=q(<^(~P9esha$wA$J!(=xSGwhu%=A>&G2K#DVh9CiA!&#A{j;(^_2~-XvEE)qB%* zyRNc2^Wfc88LVFspfC)g;4jQrZUVmExF9!!UeCEF4f$0;>ow}_QL*avgY^hd^+n7# zg;Za_=f?o5Yl-mQ_eJ(@HdFOQ@x}ONk>0Ivhn{~;qu@N@DffB!H+4C0Ziru9UY_sc zwJ6w{#HzWu%-0O-AANH4<~K6FI6uxocPm({pD#GVWn-u7=dN&) zXMcvbXR6y6eZr=32q`vr#vK7t5eL#ryH{QTGEg)IyJX5Gcg#-&MT_?s%ymrGu_ZV`sd32ZyJium}N>h)D)F<0|>$@w^>Z%bXW#Ul*@uTXhKJ;NLB z1!U-jUgWPN4osF4@Ow8J3V~`OSvHAS!C5cCrQGrby^!@S(^dc0*;LB=%y~jb?5>T8UYQPpttQj+ zr+1#8N-dAgQPH2}_6og)RO$Q0N;Hp%*5Ehc6je0c#!=vBfpV7^F9w(tsxur;eFUV zw8C6c3UTyDUmCg<%c)P(Sxjaz8o`=<%JDKx*o3{vSjsgF?xCdbGn#c;yzs{Csef-i ztLgbhHXGXnK)46o2y!cd&<~Z+Tq)Cc0m@fOvSEyTC6Dh8 zkFS*KL6Gr^(|XCv1tMZ2iOV%aA2n&YMuz(&EZ30QNV0MbZBdh`e9)MvTtn>MNy^pq zHl3infXjxGlbgA$pP1ZCeAM!`^|OuZT|@UsHeM|7_sli6#rQ$Lj>^_Zpx_-#VEXXlxv zKv;xhFk&G`4e= z^H^X_Wg=S{WTQr$@1Qjmrnik=|PQX;<042+#mUY zTQF*iNmV;++Kp7DD%>T$7n$O>W&m;un z(NUI(TwJ>!6j6Q05m8-;PB(T*A7Q+L430xaqx9^20DG?T_*Jl7d(_^{Ys#>D(`&Zh^G??yJL=GIel&4 zJ^01#7WzXoyW@|My945^1HLM~)rh5Mn}4&~n3Uwzh}OPnBf$nzz$*Aw%>;{Ooi{nh zQFby-Yxx*bB{uiUFRS2T&&oVPX|b#MwW%9LbXNktdZT;)`hx7c`@gu|8Xn&{YE%~J zyF`r2Vr)2CRA%tqBSmGA9wbTxZ20(ho=m;+iJ)r1gnT?^(bye97rm#194gsNy)-K` zByBbX*#1NCXkhbu0|wqI?7$?nxxp7!ZJ&S+XXC*x8L()?<-fOH63KsQlJF$sz8?6` zrm$QjWD)YOisF4BcU5#Yg14(6ylFgJ6N?Rj*&0}^k7R2gz7ZH(1N}$Eur@FI z`G-cYHLzX}y4FN^ZQNP|@lAl%B>A#~IrC%~13srK9t5W*39kiGvroDT@1<$3k4~#N z6y5`t)*#}#c(gU(Xhwt|6pIG(tpP+UyuX|qWOX!JBee&Iq^YB3#hkspVloZWSDUh;z$hz}s^Ef%^c{Y!Bu`2f3?wJVu1Og72d6c3{PJ7Cb_2 z?76~1s0}__bkBK`zO0OV^zDO*d|(KLC`eHam9l~zC$Zlyku#aa3uwNo45^ePgBVLQ zl?8yBvSbTrzO9SZl!VhK+5)Y|jQj(?M+*BRuOBDoZ>yYjBK(q0MR-3WyGm?7b5FOn zw#Wqyn2>*Mk@pzD-y;s`vuGSr{1FSwMLsn{MmV(G**qd3kqo~NCIDG4ii-Zax4*X_ zDq2YhzRbuxJ9z#pZd&r|#Y9#Nt`^8Pg;$Z$h61d}w>t2t7~LcEX?m_3{LG1GT}UO# zFARXHH)wUZXAm?eMULLOfzUe2cXC>-Q8X9nYBEjp$go;`@UVOm(AUZ6vw-?u9Sa{-Eaq7Z#@oX3}-=%)ydbgr8WNGA0Stn1np)BbtGL!;qd+yd~#V|D&9;AKjnbpU2nFa05ms?xOm0WGN?#(;VRyXl8CmmbebS`WyR zr?D9*Pc_Y&8eS&Jd*gMys>Qeurl^|IMo>l7q(xN`ucDJp6pMIO)4F#JuS#;8hCDSh z*%0Wdk;(e7r$+M4z^60)tCy@l2WKc+P*vHWOBj$X+ye`rKlHJ9ZuVMagQ4-{6(x&#X=CEb@E zBNyQ-xStjx#d2t;94IWOx635+N5edDqUK=unD8dW@sR*dn%j>9aVn~fbzn|O0S!~6 zx(dq4o>4ZsX`eW1^1M1~wJs-2C^VBCbOBvQJPi4*oVe+PC4m!riPU2gFM+yTL(Wq< z5Hazz>xKqMvxnuQdY#UgrIXpv_4%}O;zhyyL@Grd)1(7*L?=xs?Myw{TYrVIf{Ew0 zewRo4FtiNB`~?#zvDhVXNIgLTxlLxVNE7N!$;Ii>$=g$@;X88ng50S5-PYxVB9csz z06SEUDGkVkCbaiJm@fHPnI}b+#A1~@mGw@&tXt&BIWfk zG_Q`N-IUVNEEF_d0ih*XFEm_*CA#D^8{*5Cdwsw})emuxL=f6_K#^IEopJ%A&PxPDH7L<~K7G!{C#ZJ9+uJCU1>ikK&{RAe5WCXuL?%Z#LjmVIzGPPrN zL!(@wYIO{bg38}-6P8jU4J&;d8+$Agsiw_+f0iUPa8Vr+CiG4iRLPD8*~^5_Dv~xZ z*`=MsZQsZPn7Z;yZcbn{nvfnDOG-U5or#o8z0{wO!GB(T{CMkp{OErA%THL!Q&kvE z=`;@WZWAfkh8A?KLDO`Yuy(7qn#k=Q%-`Mi)Vu3n)7y5h-QI0$BCqKjzqp;y=tCsD zl!*}_a^=_GD)ysgODC=_{}Q%}F_knCB7h1wddx5^$4!k#vpaLJH<0J7x85BQvaxXq z<9jT>`#NscfG^;vTe{cAtLZY{`IAQ!WYI4Gir_(YK^%f51u4Dg1>*Gm2@Pf;J&NYH z-W()2jbI-Ds}pfWyF_j>L<+-4b*5<9V2oHeAlrC+6Pfv|_ya3#v#HKYS%WK(E$s(- zTW;LD7BkRB0V2vTYBsMtv(+CX&*ifCENec4jUmfzzxMI`fH>q-7hqSpNoON6=QDEa zMX9#Ly@=2|CQ`{9>2A}pOFW`3f6mt&m*;dogUj!4SU{7VT_7m+t|XRDsGvj|9#fjq zL_EM5Sl5&XSzRr9U)6*x+3avxgSuS6epFRN5){1Jf-E24_SCN3DVMX_uVYV$Tb=}i z9aoxW5n<^QC^Nnbs&$Z;&a}>k1ibp=h$l)xgy(oDH*FJCekKT!$g`8H6m}XWn6mrf{&dIfaF$+pj@Qy!^E=mL(~YuLCk@9#b9PRI-LYd5HjVPAsZ1L8$AAWt;W zCuEzs)CJFY%A_=Wgch(R!6FHlK_FD#!@r$iS!4n198~_v!VzIY%xL0*alW8JFg8Uy z-X-!~vk{pI*&Y=;?Z;YK6u(&`s&;3}``iOEYF2j2>xO`Kv2%4BxU;bL-tI-z;6edYVqn?lY zw;m7=UOpC4p zrnB@MlMOCQX@2Jk9kDx=W|mQc1V8N`AcNC8&rb)tWPr`_BzvX@30dI@&#ye$Y8g@( zqB`wSo?=>ao4KHLDe+P=DDY5&Q<{S{0WcDw9|8>ELC6fHtApYQYpsX&_h6@6$ zwBmlOt5ceV`w>pF4|}0XGqWG7-Uoh_RW!?t6#iE!Oq8f2SitTv zZtZCnVbKLX^=n}D$6aI#Ze&bruMxWMNul ztMFhMy>H(jol_+cR(q;@m@T@>r`uh0l}`=96%l{-q+SZ|cWmMP$|4jv8lc^X zMHI3}935cvYw4^38;o;_5VfzSfZMBMUkx2>OJktjYhO^D0_|0>g!dHb9!SCxg>`|1 zwW6QvlWd;lLKtB!!3tWnAi`6CgyqZIVblUuRR{2afrGUi?|~c4(|T0c;0mMq2%y20rP&l@a8<@X#ytrI!PddLtf(qNKK@;< zl5$dO)$@mZJZ90@9YL3!!hWA)7jj4hntExLy(Kqjgd+Vz@Musi&Ks}~R*?oQiiN^J zD=UL4pu^dCuuBFk8gcpWt(QddUz#L5sS<7pz=N($RjOo@E23IWHt+T*T5L6T+GcSR z&9omCHqk7~eNYq46gL8zXl8M5cta!EO`{u@W40l1!&1!F$2Kg*=27tmOG)(5Ab_QW zSPuiR9E-If086pi1Ogz>sO;U#{a*Cy)$UKl@PC2JLqz|JEaWG&HX6_ORvj;!g4S7r zh?zejo**Lh{OesprydLCman`lb|yhygthPo^;VCH)0cUzk3Lwz*1QMy;2w|kJ&^|$ z()^&ngMy^@xKUt9w@{5EWBGdq*5vcxXoRM-MwLWshd@_YahO=XK%-pKc@GpEi9MDG zEJ4(GfrP3`RLgIpF5gAWSW2f=kM)v9G+}<}@$h+ABq*R0ShVCr)oQMa@e6Bj%4p#7 zuu;!uZjTZ4Y?NS8%(G#7toW=Oig-5is10~7Z5b^U?JUSJ8=4qdMI|Nll?Wm?gajOd zy7U7oJv)*}3babRtjJSo94`wx%7m#17Q4zW8Elz0Y7@pj*I!$R-Sa-(Z{Ue^-avuDnW18)>T30%hd-2=RvGPfO%B}{GYv1t$Ky#%N zDm%H1cWBfRsWjm_Sk0Cv&eV%$Uf4;7p5JL@@#TzEzNDw5)bV-b(>R4cvUpX;gLmx2 zTq>P_c3M}zdHywx0zAC*W9nOUpbFko%G40kHG{1Ube%y7 zs2_R>gc%({(^=fvQXE9<>h}cH>UwW~!f&0FcT}#bGooH955Ze{tXMSutbY8gfBc+I z5?pz3A+1PsT30Wl+4;*=NI{r>JYxav zjN`F$LldLhI<2c$=SR&`EcL{-=p?hqhD>!PJYj#zT`YttCapN(d!d|Um7ckbMdm3q zEV8dUu(PKHg_8fYh3=)#$~*U2E&W!(%hLEz)|f~YAN7_<>@4NesY&Z>CS1F6wk{se$7&i+!IOfyXOWBZxES;0LUYfAG_4JoW zy)aa>N6caLtXPJBJu=e8E@uIn7h;_DX@TbF~{Lh(9b$XZ5 zNGyK0PUsCqN1d~%>GbcZH+&(*oKlD1I3pI)t$@Y}Mb2;{t7J#caI|Q0AHELLy<7jX zssHrUD%>8`IhLPceXP%;+wFFrJ$(xQcDvo;zkB-!d;hZc^zhl<(}RPj2mAlh-8+2x z?D@Zt?j{~^(SI|Mdda_Z*XC7xxc?^qc`^GNuGAj6*>8DqY(74ByY8>8AOp$v2;6k` zDs!|c1eYKlnXvIBoLfF*U8&tJjRGgs7J(A$aA}zcy_@2_WL^|tfvCPTU?UppJD>1~ zJ@Qz{Z)l=i4U%?i!lx7$RIh_`SZaNg#SH2aDXd9CA(Pu)(w( zB2R%sPtev>ZbS$ykxe0d(<8zQ*;II;H>2WzkL7n#53~p<$Q}{ur>ukLB|LINZ$4r) z3@W+=UKGp&eNkKsztqdRrQF0)0zE8dxB`9~$q}-CTX+E-?0MA}&{dP+A-kbTxBCp+ zeb)CSv~KjYd+P2VxZTZZxPSiF^k1F+w+y7Uc{J<)!-M^9x2XT0A9Vkz{~zPOt*tEb zoPq95d;tl zbwk#HyZ5|B0P2T0%^o=$z2oV5LWNZNQlbkwq6u7hm2$!(N_ax10LM_^K@685Om#vd zpvI!H!Vcyhs_~etw` zZLiAv*jr|_Dh_CwTUT@}CU|nrxH!OtQPGNd@YZ~-U;X<85?(K;7tGZIdw~O^sGm!I z%c6kZ(SU$qA;_4fB%*LtN5ZE(#X!N3D*MCqz{FyOHSH2d7s(Tk2Z7()k_x}^Qf z?yqe!rCub+FX;pp%CG4J`I-{hN-`v?J~%oM{GuzV2}+3<3f?Pk$SIGRFFHb*L9K*; z&R$^~U%Pd(%LSOTTamN7CMTYg-JsXnBBhA5p^7s@ha5{+Hn;GH9{KXErg`q3?3ViX zjnxa+)6|QlI#|Hbv~3X*R?)bmB2{z{$8AKA&up4GDHSP%V_Jk5U6j{G*W3%esTXy` zgodF%q5d_r0qu0tbr0PxGP*D!cP%XH(YIbqfR7v}VpM82SO6+0#4^{{L)rIgupJfI z>$LK5L^V#TNFkJi#Q3>K@_||_JfdQj(6dF<#~w+O8AWR4a`8Dz2qkyb8&ZfAidV|2 zAT1L>ZkKpShzXKKRxpZUPh@vA3qxqA1A&q_sz_wRjc@kIt0RIJXvujsq^Z4s!yZ zM>m~4_ty@Sir<~2)3Bv}lrKl&!}QY=VwF7Wk!J_bf0c90&bu?;nt_4}nN~Pf>gQKS zz+xBoTu{NjzJ(rBN-&K@+8Uw2rC*YTknG|FP>1rXYdU|YW)^{K86aoo+)F1t(n+Ur z2PU7Aj9C|rc_g3#^I;MLpqWMHQq)XG;a&yG!VBI<;k;J1SPjN6T{NQ1c3!K`6t_%= z?Yqz1Uy)d?Vb!3Ktt(v%+E{7D_3SYq@_-hZ(qNS~mVAeeRu-`_Oz_Y}{Z0s-#_9Zo zCDxdn^MGV=2ZDizRi3mMqOqPl7@B8_%h3%blYFobf}+XEBcr9$Tdsc1;~RTqPk(PA z4du73+!_=q^RMSbP$4v`%f55=hI#rjK%y@s1d{i zH?i*tkW}irWUjOnV6LUg0MH1dh!~B~j zlp4>HJVCIb70NRArt8_SxYcUTEn75D#s3Q-`xL4?TiW&4z3!g*hyw)4Dw?As|G}LC z`m1d~3D8n|h>dhdp`;9OZz5bjl+57Ng?C4KC1^Z1KG7_*KvAi9I7zxsu|#)P6VWon z47A^vbeKF1HXZgi{d%N5#pWy;w{!F-{FaQsHxQ-a+=lim!Z;$PkFHJGBL`iPqlA^U zdGQkbl!kPg(q!(Kmm+(>*ECJ$g|W6N7WS$9gYT*|Lu^YH*b_m-@x7cEkcU7*k@z1wPojoE7TRE#iY{Q4f)c*Fnx|p z7t54*e?yam1yqh6;dpG*B}KHJt=i#~W5ZMEQQ%}m{+c)VQ1LkW8eo4kCUW#Mm?hUj zD2QOD;pN#57Mbiom@?-~?g1)1h0H7R@P^!Soal?#U~5KX79OvAsCD8+bNd>Md}DoUeg2*3$0`d6(&*X)%L=0gw+0w0Dt5&M;0hH*>R6ROG)V_Y zN|VrhWz8PFTZ4Ndp?FQay2)RvASzN(rJZs{pC*!Ft-z*d5nlb~^GL{(*4g>ZGdZXU z)Uk6_Z@6znjjw#SvQ=Tr#swsYgol*;=E+HS1U2qjON^5jOj*?NW+}j!&|F63S_)wQcgjA>odKh{!E@OlOanJFPZD>uwX=H zaR3+h&4r(a)@Zf1$ln!#h~L7#R8Yn)_5ms(y`hOWR(qFGaP!vUp}?~P3<#4}l%tOF z9VBl)%8|jZ&h!zoWMZfXQ^zEIoa&JPZsu_rFZlF_Gch0XJMGoqa}S=ndj(%UUjHaf zH)(3V;v((OMaHu1IQxKCc6;WkUZHM*Pj(4)$1Z7$lqc8iva4d1(a8>1(^;6ZIHZo@ zgHepFj4^rzaAJbPQ(gU0&;xpnfwj|XW#@QsYM_w|8?8EbOy~Grn`k=%F6EwjsXrnA zdG+z*t@H7t`{^$~?ckd8BB?XACoITRj?O4VKPv12X(+&g&88%1wKNpk)AGyVLITS5 z01s#A>=HIY!&bgc#_I<-8;l1bFT8J`MOvyReK|fMQ(cp=4rm1>GzdI z&CX-B4WKX%`Tfm@{;QMU>`%%NMKyu#@)lzj`Ow-!FLO-&8q$#8>VCiT1T4Y~e53ma zN_D_i!#i9PUsC6O1lQ$OB_UH5>BTFYlsj^28^=)Y$EkPcgi^~Nf~NW#WUXbDbFqVW zH>Fe98rt1VtG)H^2!3x@n}MjMii$=e^&+3TrfMG(WEMe08m&W%wxhz7qV_ZPl_z}IuFr*7{8SwhudULF}MQ`vf zF9t#Al&ig7PTlJeZ-Fzq7-baRjog!d?RLptyJh(?l$Eec0+vue4doF8)ZqkmAAq#v zhg+6_@Q;regeRBd;LEb53!dzZ93a+{DVK}CZ*DqqaeXhMgL z92FfCllCX|pk763d==WxfD9FJ0ql)O08^Y$55tluHZ3~o2$(dk^iKakM#7rnFc7{K+z{Reyp3Nq-218_4 z^gfu;1&bBl)Dw9seWKJ8yP@WwDh)PsNv6uHLftd+e2hXt!yf6n@V~M_tmRnFsNS!( zs>?*yGORVZ{}#4&?JyjDxO_#nrRrh{h4O|l5MV4zVkT-1PJK^^Tb=|x^Oqto4~z7U z39!dig1nlw@|$ZqCj&|CHJuO0HY(pt5?52(Q7#`OgwevDX{JJhisgxwdMfEl!%%N< z<`Fev`MwJBx#|I5)49bW_go7Mb;IQcwbi#WYkh?Wcw`Izpy>(zYsM34H|#eW@AhLf z+3zlS4?R5Ec-_Un=&u-AWZbc@VdLZBieBwKRf}`LerCD zo$#0@;XHE`NDkCbr3sCTUMN}I+{t2%Q$zFemipjldlF|8{oZ{tsaX zW=2+%vC^+nCmXO=Dxzmr>}(GwpNXBR&sDLrrpQ^DVr3+4aU88GidGXtD@V|>_?aC& zI}&0xl{**2Q01!)X^Nr ztQSzgW*Ub~Ofb5n^s(f@5@H8uH3}OH%ish`3-r-*!=mvS>RtT$6hb?y^cjy45Q+Yi z5luinuc+Ueh7nF4m~CG>pv8CCstY|Y8F(%YzYC#_Epmz&D**cw7;nP?zarTvEH{Rx zpVT3@l#M58j~sThZ#6|4`Lt($O)%tfdZ+z3qVTh%cn#)q%+umegy@9f9(l*pv#8tv zvz$sqk#JiMXj=`-rrveKlG)m7)rbFA4gQyxR{;S~e%m%800smq_*pYd57TN(DEIn7 z@fy8Q@vc>lK=F-uaoi(czGP*e+6Df3KUL`#jJid`XjO;nAB0ta-@PpshS=%a2=OLNR_eSVg|*w zz=fsTRSJSIZc>{jt20sd+@}YSiqeSUUI=>BkjMSKmJN6;Vjb&{jO_x)KSq*dV4L>fHy zJsZYSRL~Qft;X`E1_%f~H5;#=hu5N~Hw|&@(EJqPX&$Kp$Fz9XQQ@T|Uv0Cak6vX& zgBm@vQzv6P+G@RUbEity?}M^OuwbG`-h4Q6`jDm%sB7y+Bb7`~7``3#?i`WF*e7A1G<}<_3^UCa18!d)>21osk z>nZC37GXluSrQ33CNqzK6GH8L`obLa{$XmX%5u(V{KnHs@n-~I40Ro8u?r3u<$v+W ztCy#jM{nN9*Q-!Xiq=~!PCnxDgg;Bw%8+8IiVD%VBI!?Kh&uGf3nei{5aWW#guGBk z`;6I95P)4!lpTuF2|lG{;)w}i5ebIi1=#{c58)^;47c0;(>JHbm+f70xRd8dUgX-T z$8GPDwj}FFvW^^KN2FdV+PXIzk%atzFG$2faDAw+p;Yt0phE}!>hpIt3tz@f#Ht>3on7f z8zJEZKzMPBHV@lBK6=+zJ3%m1xI^%#c-It{vm}H87JwcFYy>B$R5{kofdC7hlaN|h z+YmqT#3bZAULihE<3~TJ@wuv9h`T&Hn1IriYGKI_;`X?e?x(eJVOCNHCAQDf6-RkzhPRor~0F zk-j!@+k%qs5QuF7qi7a}yCmWzW^imUaRa$Eq`SnQaGs%LRLH?_rin|)_Bh^`*6`6E zefb1l6nIHM&@hs8UcNrvg}48|q~?nHspntsSPoT7jGi0@X*|Q)ddmZ9Fl-mp3;sx0 zO5aC5IF;F-a#3_&vdXkbODXD{mm;8-TynLmN$XrHaL|_Wb??Gp6(@?hSR&1|ELmHUI++9H2=Ndz_)%emoWm$hnM%N9f`r~I@+UAzcr<|uwD4s7Ho{vU^kb?qm(pst;7phr$~x+Zvqax2 zs%`^?lp=m>AO-ofSM8wRBEPdRG&YC2M_wwl!l6sf1K4-vV_&}M=Wquqaqu#$bg#?_ zUzZ;Tdr)!!4{$pTg)0gC&O+KI4rZKW1b4B;HJ#fH^!0Jqbgmls-f=w<$jv;0`3H@I z$vG%^yLm9lLKqMgG!G)oqv){Tm_~N30}MK1MQNHqI164A8(9_q->E_gb~yz!)fMnW z;W6|ZG->T=DDu#Sck1of52ysz1KHE3fF#ZLkvoEFtADcl9;}L0+)I)o5pSu3_s%w z{siXP6J(EH$PQY9f(6mqBB%dx^!EJCDN!R>B>zMl^g5m4%)h3odA=tlfyBh>0$j6` z3X8z13*|PzB0rpgd2)P#rFxz~vG(6iU!J`q7yTo0esT7!-m;XyOhGJ6zl}gSPHvD@Ljv0!7e-; zc9W;PfW|a}rKwE>xx`$k$y$ovT245hCzRV2pB)_m+d?FXw!uJPhVJM%_e8zInN)sf z3@^t4kPFx(TE%%)0DVA$zenT3Fu7Hp?h=>MJ&Wkp(hkzx{Wo$#u*lrAkWZa`W1q-N zY%=eM6aHQ|A|%ZsKvE+mti6z{I65($|*4uQ-1@qA&d)ol&p zD$JpZ$y52A?bkiw{>;>P?RYVBr@@xw4swDR3S@(>e-(4Yj}GxdnxsASkDl}3gx^N$ zHv$+q^h+x^4q5=8XYrSR@ZpR0moG}=+rcee90~(m?Qi783(_?tMm*_}!>ReK&MFoQ zL2qaR@hLxHP)y1EXdiW~9=R&H7rIUw`SOKG34cNsuKeoTw>J6qP0p^seojKfY&!Ll z`D)!;5F9wm-D|8024-j`-J}JKRD=m@EVc?asaN)`?WeBuE_DKw6m-g;3%1OCNPvNy z(1hZ}bJ_Jso~hatWG6=CW|xmsplucSLSs-DGJ9wLR*kwBHO0*k(`*u35SU>g?@*xT zMxKJ?XVa~u*&2_-m>D3ft7_B@5c*ymxzVcVJ<13tycCQ((_7ehQ0u(5Oe9s>lsAmt zcGPtu=)K2Fbwme6?QFrnjs_`V@d}XhqOhDDb2EdrBAiTHX2I)ht`{QL_7A#_@pSIs zdPbzCRmDAP9rIvi>Q*5oUHJw%Xy_>$LAXz7Q(uoRxZzn!?2D1$;0TR%E7;Z5c4@Be z+y*|o2Kl*TWP;ANh)zB?IFme1c*=bq_Q>V&c}0i)1wE{Zhb9I%O=xcFalV^PE}^bY zo%!iZu2GSj0CL_JrbA1_AxnQtJQkhM6r+p1+&=ZJTk->a@A|j@um4w9|Jhu|)_M2- z^0e=!cj>)(EU5p#fB5XMQ2+V)e)s7=>pwrne`<46sR?j;q5*&iq-8ZC5hdF!N{Rb7 z43(q*MXH<~(k0)%0jlK7mx|xXw{Ks*5P6RI_KhfN`BvIX_3c}hKvg1@HOi>TBVdN@ zURw4nyQfzCT$83JFbx+xL`6G`CNCnSPu}%anYx5e!OP1c^o*+d6unk8o-1$ix<&6Y zo^if?bH$DCDpD>4_*<>Z9Owm@+33MutM%oJV?R3twZ468?YZQVlZ2)Tqc^l790VI1 z^(UPCv@I^CZOKr2P-Uqu5I)FTS|)w0HGHO7P^J4ohMu6$o)X6i zsLuns(`xOzmCEvv`)M z7{NqWobEw^I6WBjj{3x5%MC@w!--1JJpF=+~FOIRSLp-+<(uKgk% z{ZVwRj&=mn?srY+i@K>8T8;F@P@_#em^cVBS;V4>fTf*k*k;kR+(>xK4MwSRHADJe z=H_9n%~5z4RyO$#WRqK>$ln~D#~Se}F2&6G8mrXGnJ3@A&8d(k8&1NA8}n_6aZ}OC zd|4p7Z31D>rJ5&H?mLdchr%?K+nfq%RLD{Ih^&5s`1Vg2Yv{cwE=99au@^L#T;!kF zr_7+nIwV=92tc9~6v9!j7hadj#x+Q($~Fa7RTXiS__@??AaKR=3}x3{;iy3VhkzFzG)zkb3$ z_u!u|``^CqUv-_Q>f8OptFCkSY3HN6^X1^%s=anTil2Yl`D*h#a(?%m(WftayHCIM zcD_9SR{Hj9Z)fLgW#ebxwtJ=4+uMqplHgP2r46<9*PyfD2!5SnxsFmz#jbvZCyZhfBNxJ=7=??3qJ9sSV z_G+bjRxjPthmfvUC&=@9K@K-B$jJTXd)W|wNLxYs<)KJ!nN{7;qq zPnG;nmHhv(N**zDW^hn9e{0p9Fg_aKWz*8Ut~|JS?Knyz4Nb_u$=v;ILM|Yfp&5&;h^J0k{bT}tzCJ*k^c=7>Rso) zRRfWenf$c9jeq=wu$_!sz@uy*gBYyE(;h?y_h63Z#UonQ?@YB|(O8AlR48@3W>4C2 z-FATnQ9(Deooz1@U)$NW_CG++!j@OlxAMfilSzWxg{Pj zvfY{mWc#CK0G*wD{^`rvyOY!Z$PK&fO5Xncv(@fJ`{Pel-O7A(%zpZkCsUXoaW*W< z7TVcW6+7iG|L4Q|iw|#Y$pj6E!$^BibpF$nswC4n3rLC8$B$8`owN6j-@p6)Tf5eW zarvhI`Qr5a&DsCY-kWZ>jbn|X_qUz`SIO70(-Gw%LzTWxt>bcB6|YJhU(4zKdL`8s zL_!kU6u}}u+o~vUa31Nr(|LuvFp&TVYOpQEP8(}=S1e-O*w_;`_TJw+J^XNVc5t-! z^SgsLP4HSi=$M5`?p|+y?L7V>F5ydyhOrKFEj#vF)T@36E`WClDqVsCNMP=AYms-x z+;4f_OV8P$pK`XPF)m3+o`k4{Q}Fo9-qF#Ak4O6lXNO#z{^=*+c6n{Xl?IX?j|0dY zt>d#@IS{Lxy0G2*ZC|sNP`iQ1}c zmqNghq!Z;1{B>r zI(C%g8me2!A}mkOwCB7Bc3l;t$Fjm_%j#=D>%pdXjb2(>Ww2P2;n*kkMh3mOMARvYyLW#EZ!@RDPg8zXFt#WOPU|4qk8u*k699F%;f>P# zRvzLl5njXmr2PXo1^rUF)T|NS9Q?BP@!jcJsS*qkLkT+@5y~jo0#g7l&%u)~AkA>X zz~gQ3^@#%&sUG~vVPJPRL#LA~JIFGUb-+iNdPl@Mq9ndRRqYBTOoVEnn+}LXXIGf1 zfcv^Q8lncI((y3TYQ)AEPC(xta1&r5K|71_QgwY;3KAo*NZsRJ=eQKOFn!*|2zJ0^lL3`l9S?9p17ZGW{Co&>1B?E%xkma^RlIh z0ZyWNYt`RT=CM`P>H&*tY^mZu3a@4g__Y#sT_XY7z(pHh|g1;Wb6Yw|ch6Y4Kc zhJkOYvsL4{7jGJ>FdPXLeHn3SdDt!r*SRqDDXmQSJ`>U7FQTmhD&G6+$CinO zgH-kMwYgc*LwKEpr@BBWL(q9K}0)TW>6w_2jAzLfTM`^wIh zm6{cyLEG2a2-Q1B&O0W`;RRH8G?Mk0PK2`uRle5x6ATIhAqi@jzX6VG2a1 zel~)M7V-V2FO#i{p7k~vH@qWwfh=nJa7?9psv>TSji zoC7yUK4};djCnACAs%z3veWYHfvu`3$&2fyD#MGhxd+|-z2k#7XS}c1k2m!EmA*Qa zmt6=vq3utf+kg4J{rU4>+QTQC|7~okz76v|#%e$QVvg{&dP!DySE}(sFV@tg7g)6Q zuuQGnzv{xTsa(D})(wGRy&!X-QH(6XVnM+Mf=%mA5R4{**42^B+4=mPr-fW@LVwH% zY_wVZ?gkIq)O~Vpu>bDx;OO-1!!hRvubbDi=iN|f+rmC9c8=$)2U9M!ONzS#;ZG35E)KoioKH7nr-mAO=aXc6sffm5(z#Y z=2<2){K%HiI2%#t55Ph}FGwz5$YV#!1)bNPxUF7MxS{cfrX-GjPS#HkL#+UvRQ(V4DU_X`ub`rMiFW|Ax!_*owuqANYxGGgf(&BH=F);^yys=Sq2eyj~ zPUF&2uBI?Js~kmxJT7=!9s3&KtCk3#+3IHyCl#JGL$W{l@a{nCn^Mdub?5pb;Ff*k$9#C6RUYo8v*+8?9l67Z6S`tHW73s(RHb zn@{6&hgWx^G?2i#s7x9d@JJ>Zp~U4lMVEM-b6sxy`uB9P^edTo1|6r^^` z+h*_7fEJdFIdX-?Ba@l3Y&EEOnQKFfEntqN5!6{5jT0s*j_{LvY=F#v73&cb&BOZP z-GP*PwM1HXohu21^|N(PxzN3^mr;7>Wsp`mzhc$bo1prq+|@bO>=8^eay1FU!O$0v zt@u1U9Gkb=+-PjtbwdC^&3??)Sr(?YYEgtjHc(KHsj39JNZPd!M@nwZu#CWDpH}a5t@iM5D6LML?l%)s6!uy=X?t!7T|%R9|Z|HdrTJdj&6$2wDXLHYceBEPO{s`;FKPAc`$RVuQ@%l-N5 zhu@6BEo^g!I6gf3b&(E_KOFt)??F%Qb6ud8&o$PQ1%^F2IDWUce{iPRlCv+)O#Z)* zho?rT3*r&b)ayj|F6LVtnXiTig09gKNkdNF?YD2*SyZ5!MDBp;@QeNXa4 z=4chdsju2OnyAgWKHV(?I^OcyZDaWj=I0#UoT4+03H|fxPS@-+*R(z)@x~O^M=-Ldb@NiD=#W}SOs=0e>JEz~<@tJ>` z#)xG&tVo1~WI!1#-gCGb>n#chdKx#D5BT(28Tunfloezbhsekk+d@}-7@1xE3rM-d zIb%vR%wUR?Tv`%Z4i}aA(E3TJ?le1+F8M~_4qndsSzpsk(nP@XIv7; zs^M9H*@4GiG&9Wg41?C0>!$g3@A%}y|NPVRhBa(oqKX+$!~6)EkImN2Z)CbyfHn+B z24X@|^GWjdmiZLfa;=|BH^5*1Vm&ifZ&>nns=7qLz zw!(4GMpEAa_8Eeu7!uc(BF7IYoeyF#^Bk zeUv4LA*ynoV-!bJTsXyej2Vh#0&h&gMt>soUzHzSymw1cxEVCW{3^0>YXk#n5NVa4 z#hinEj_D#%PLJG#0h0);9gI z0EezqTVWx1arUYIc$_FZ*1}t2%u`*YQ`L)=e7l^h_3P3T6y}=&X#N*%{TCO?tls3f z%OFYJzZLeJ$T&cBLPHh=Bgh~>ekSFS=@IRLRfZy6e>0apclJ&cAr6!ect zItP;oT%e3%k_3%I1|ote7~=$wVGIxrVXAGxoK)h(B$Rry4zA!hjS(O@OLNv~0PrUv z=Ln@JYi$QR!EOV9OOi!thA3_A20Ov_+0NGXtF4{wAAOrv!lfmobzvTtFP=g3uT9WA zYij!ScR6)1tq>4{zRlzy90vs?$Ux$w+F%%lBu|+3d#Wexs==PDe^f{0?P@_NM{gCX zadG}PW?nUH)^(VucYzjVb-He4~B#79285UBW57NpJNj>*y(Y&bR$x7xIvadQ&{ zWq%hi#?kv~rx_ZetM`zFBhdWUr_Y}+Tc1A%zyI}dvpNN1Yy92G3f?!D4%gC2T_e!k z1EQ}v>p}@9{K8pYHQX5UN%JFSPJ6Qnn$6kUP%<%bMUkc%Ni!@&oD}O*!H;c9q6pJ0 z7nlG2JQ^Z4OHfHk^roo(v#ehBXk+$1Okp3#m|;YNz2iewi3V>W1s22r{YJJ4u_G}jattI;9%6$D#{v>QO6onaL!32(%(gf$|e_JnKy>j%w?N<-_ z-+GEVKb-Yi2JVf7ltwgkg(<_yuq*a|Qwc8mAa=mTcH3J${OA=Qh{3&vaFR{ zkM4jEDf}Zx4Gj&$Xvo3*TiKsQt&bt4TuK2`(0}&;JOPcgu=VFH8sK zod4aI&tEv_e|PuQi-+^Sj@{mbru(=L2^aQ&>_p!?G}iU%;v>}ZYJs$8qZ*6=!=it}VO-(QK=C;hIus@m3W|Yqx2K{ra_4{-SME&S76H*zkO1vOGBPLPA_2BG+~CU^Wgsyt@N->5t5VrkxzpFRD!lD={c7m6N>g8SwLtlcd7m1X zT+DFKubYz<+9Gg>chSSyoRwAH6DSm$8QQec*_=SAfx}Ohp#Pe;wrH5)lr7E==Gy;W zxc(n6c6MJq(EoK5=VqvopX45cIz!)$IYccoeP>oc4H~&j2^^`k)`7g3=#EWDRt(BT;_3cPaWBYkY zpq1yUQ+=hq-}BxTJs!#(C`-`)1hGq!owwv=_!35dIrRVei{};kzrDTlK>ycK9QjY} z@v+=uLl3H6%t%&oWHzv5Mb#BfhQav{!uWNueO-QHqu!F-Wabi~eW&2ulPpHq=k&Nd znYXmZ70S2v#1}J8)XiC5qyUhTsB0Nmg;&u#gP$+JtYmlq4?QpV4YZ;Sg1D0$k>l;-x$}x-9WZ4HSs>|2rM=nXFzfW zESG@hg7DNvyE}M>9e%Rd8B(b093lz%8y_QeZ&;oo=MsPB;c_2fE_}1SAbjWF>@EQ0 z>Oa4=d^fKwA^)dQe`(iGQRdlyo^Nft@Bd!De31XwQXJyzak;K|d-`eOJZEh~XE?4_ zy{=-AM*Z*1V65e6I!}mx1WrdthmwV z{VyZN30A!@FPLlpf4=M5e|BDOJ<$Jk6qo)Nd(1^ZQwBFVfC|lzlVK2&3=t}x{T0^- z$5toTe+@8uZlyo2@9DroZG3hX@uN#o>|S6IbWoA{DM(CSp-K2KBY9e=flDnNR0FCw zlfac&>iU;i0I0UA#8=^GTZ6%n_G>y6wKoO3)G+wro{7N!(PatxpOIyVzES4+f4tgp z<^S!i2l;FR0`Ttqs&;uC|vSQx?dMy&5A=T>V<|lM`91 zyUPh;^Ivqg({2ZUo&KvU|6zxxDyw(j%KE`y|5xzWj;^OKhe!rCMD<^A5>;FJ9uLd8 zQaTExz_htp-^K2%9(KzPt`pv1-n(gad>%X@R~B7C;m}R-M-JBQzCHWx;GZ24_}^EX zPqv88@bzocz5kmrlf}?b&SUQ%-Lvk&{>j1V+1~#CLAN_&R=a`3v9rqDWItsGXNPZU z`+#AHD6RJ4zu#QBgZe{RX<3T@FBkTsDD(LLtLLu%xBcSPgZ+OkW%;-ncSJ+0d${Dd z4e8%IDmPK&(y`m;R7(w@4%PLCsCcZ_#QLj?opF<}8NT=xq5gLV9LfATbrCIY5X@o~ zaV%~S!eR~4D{dONVs$YqZW^v)Rgo$dA`spX6)pZB|0J&$qGD!riUng+%nVC0+eKm~ z{a>2@t6-$J_x@x1<*v*BcekHE*nihjYPf}M`>of9EmP&9;zF&_@t?`l+X`YPc~h8zZ=CPO2ZSGDY9GMwDe;zd3I-pyOmRqFp0xE{nnxPnt5z8hjX|hxrAR8?-cBS<-CVGdQ2h9~YZL z*@1;L|0aEbcgvqM&l^#3aI{y;0@B}H5BX(Y#4X^DKGT%+t?Br6%QF1mh-!F?{y#5v zpTBhPe|Mh0df@+SDXY5BHF-EpQ);m6@@2|(U;Pv&!RxDw%fDG!lj^pVbl?PacGV7P zkA$@*-G$#8-Qt6N#aWJ)k_~vbb6O z?gmrzR4L;MnjgKf5jR~u+KJ>-{q6({GAq=Uc99F7}P$HAko}g z4yR6W9DV@x46a11uJ@R55#ns?D6?p@8-CRbiEHwMg?WN!P))5psIM-bP&USi zKe&ftvfe`!7Uu2D34KQblaD<5#Md;f==ds(X$uEjCg=f~swpQMXOV zS?gV>L!*V6xl#Y@WMlY~B&cZ)csWAJ$Am(L=>YS^FF0(aojJHV3urHyT*8SpUM=p{ z;_ULcx-gDj2RG;OMBjy(ta!s~vspZnqA<@eo9vT>p(}6DWv7b2t4vf`GbjrB427 z3)70N^61{?Owyu?*}8n~=-VqRQM9UP?AZ2}D>Tl zDc2xE1&GYk$*UdF z)dpO9to|B~$YoMRE&iQ1Xo>G0?6OX|nF9Rl*G}a#gTwWJqTDS56YM3lEG?yOoFL1S zJ^GQN%u?E0pdCR57eqd*s*QN!Qw7;{L&N5C%b=fi((yuP+@lu=+mv~@y$8UvGjvqi z8M2`T!8Yg8B#9@=yw+9*u(co&N-jFfXFzN%mhjNUlJ3FL>EY4AyR*YLXGQ|U0>$_+ zrEyWX%zRGx|M(KFI^e$|uj7nLZM6wD9$SLLCLh7H$V~yu@+1V$ea58L%J9p+8jcbb4SiCQ^YRg zD^-Ubw+!VO4pei%yxX(QcU z=W&LbUGuuA%YMx+SWH_X%9ttjC>Qg}7X=V?dv!a{-prM%IxV{Eax%Ibj-$5t|Bkq< zX7`UvHCv%695l77MT-H?`@GT-1AMk|S3m&_k!WUZcmd%I4W;91tEK+we*sw3|g$O*Ud3Puv0=|BIBC)R><>NHSqW+mZ&Ag?jR(?!~X^YTp4V9QEhzY{M|Hp`!7x`Vo5a}l36)=b?>Up#Vo~~>PX}@UL{*y zE<@gy5K(8-hvgpV0w0Ai&Y2<+@enc`!Zt}!Lg}a##uz2+yP+1@7_P`@SQGU1KrFE~c8+Y!2GCwUy#wDQua0)+&j@;CesAYUt1dmc#R z^+=qU5bt~(nls>#N9HC-=G*y>RlVG=7Fb;bICc! zQ^M{p_4`TiqL}ESJ=xXmu4pdeb)1eeL`Ni!=62>bu)7;T9OoHYygRpn-5t6reO6?t zoN8GtsYn0R3M)UgWop58#VgH_$&@GBHF3gje{-a8`nw5MI9=TkEu7wNj2BLS-xM)S zcf`e{b-ji;;<}UJW$};(dY(Q$YjEVsdl!E~lNx`t#SA^h6pH8gi%rAR-8VOf)mpxQ zPYPS7In3Xe#M4Sg>Syo#gpBuh1FAK$U|sF{*xY&!F&?0B62_?hXcSfaN5c*Da94#$ zQ;c+GY73H%C}}xZuT+{`=J|G2x_r2DxjnISp>QV;*DhJU0-)oaw&<%=3-ky3;*X0fIE^7g`*KA(rvFba?l_~-H9}j+H4}N41eq?@d-*1J+ z)7Wr>Z`h-_WSJA9pE(_RgBS`$CXe~9@eg)6Gidn&!Gm36sjla8HScq6@y%gs#Yf54 znhP+*&2Y*B6HOwgR6+?11pH;3J`y*F=8 zoYUeBiA3WAcX!pXkZetCG3~V5MvTE`OhOos2xZM`k1&cdM5(jIwU}E^h|CGx()iW9 z<@1Gpm+rfOKHlqg|MB7EO?B>7>OYJAFU@C{=CreD{Z2j7KtKP^~(^;*Jt=>X-x52-xS#lBhFJVbsU;`Gla?Uio z8NDrMc(XDvdjaoz5?yb|s@*fcki9IeH-%hT! zU3XRE^Ko3vzj3~AW2@SKnqeZO%otK??{4Lj9V^V&umV-N(G?F$M?sQ*zK3b2qM|IM zcgpr-m^QroIRANb?K5Wme%G8>sxYpoHt&6ZEgH9G;pk0)QY30ny}Ll-1v50JZkQ1v zrg_ejUU@}Unz#NMX}?u_Hl$cQgD`MeK~|~~r1Ez=F2#%{enHsjXg;iWp#L_U+`=qgLl8tEvLH6 zj;$3U-N43r$z#Ma9MYQj#%`^;FvpfbW=@=Ax6j)PcRXtp%S=}rVAhD&JwH^p9wHnJ z{eieug)=iC_aXtVb;odClxttb1)|HEGWjELgiwSc5fTyPl;d=sj7fwC7)2oK!>~mW z%hO;oj*ISmv#m`jrv%X(2ibE@zem>f4>5b9Hnpf=!~)lyWxor=8oY6I;u{7Uo*7rT zz^8ffg?$xoG0t$&{lf8vXSTS-xWjUkdmewd!bZ)xFC6IhA&&5MfxKiq;fH9z^E!Np z23(7A3t(D>82ZD`E*Ei9lgc^Xzjn1HynyY7*NECvbg;^Zlx;@@G_MC16)P6?rYibg z#Qm=&E19_G@dC7%+ATz>t6`@%3m#qD%VI&K>tm$2$LVe&`KmDKX0KB{yZzwI?MFae z=DL>6yQ6$?>|XavRZkbUiJeEcwe7)R#^<%T1{`p>{dH9m%c~z0voRnmhe9nu`?T4-E+={W5f5cZ~%Ja=u zRcS3g+aI^LwyU#sYZqn`ddSCv%m1Xb$)2P2( z^5?nt|6AMD`~U4%FCX$hucg#cc@n+BG|N+lN%C_Z4G|MAZ|2>mi{XgSV{$$L;s&|J+H|B zFJJCH(EoLm`SjnU+XZ!2WaGQ1%&Vcw4%J%h5rRH>@wLaQJOZfMd_B^_e&)Ug?jCqd zTJlAVd8@b|=aixB@VI)lsK?-q${zLe1@y=42F-T_MnA(CCLzk2oAtmosvRCHq_cjT z2kS{8s0Tt{BP^7@uZvFu^PXk&wh4aJqjieqk^hA|~(FwG+cqa6KZC z7-9xY6IDgeLjOGz3G7Do5jK`(00U;IwdrGRz96ZQW4KR1?g(6jdA<`FWrJQ-5rgzbJ4lK!ZJ= z!E3PyJrMf;>~c-|KUOcjZ-f5tyzZ-I2i^Z$q=DINXG4p?IzgdjhBiIFtbTn$Kfh>~6Na)280+cizn4J_N^ndHsbC>?_yx4l6|7$58`ftA%x9ES(!|df4!Sx)cj?TQ)~19tU*P9uach>;QqjDsypROt50^dAtamn0tvm zrWtV0)7TEU=d`th%M?$EM<_fm11MGF$`rsoMU>5pF5|0g#F!~#6SY9AMMo%(U#mbw zp6sV)oTBQRdvETG`RM~av4e~Zh~E5h#)^FT4qp~ViCf7=_tGmZ`oj_}5|U^}D59#D zlmG^U8Pi@nN9aPN9yAh+%1TL`$du^Xxybwkz*Hwss!w zf7Vj2>Hm8J2|-zb@0)zEa7JpX$oD7Hv*sQYb&J+lWa4nof{ig~9H!~;I(f^Z!y*KXU zG-f9K-`RS#{d~)&|JyINb|2pVt))ByC&Kf%@k#vm_l*%_X{W91n3%LT0j2;Z07e%u z2~h;j(WE5}93c!xNSKZ&BN+<7A>)y%R`oDNS$#&aS|fl zCj}u)H0k5@a5ALNzzEV2qR&8#DWlH-MdJTS#!#gG=wmj9DHZb=O;VJ_WEhhn4H}I{ zkHG1>|9*4QX!Lr$KBS`tC;NbtLI9%(L@wg)jr~0^*qS^v%Xoz%GfL27=+pH!_Xk z1*#dCE;lkYhvqwSn6QjQxky^yXq=WH>J!2!%fwy+6CJ66kDFkGhog8>_Nu_tmUE^I zGBn6zia5-9N52(8o(tr*;y!PJP`)}*Sq|6;fwz30Qy8AZA@4tdLzGE;I?j-Y<4!R{ zl>VFcpaiMLQ*iuu4lbGPg@Y$g1<%8Y7%@*Gl*JQ10h|mn zSR52F>c@1L!AQ?e_!c%A$3heU2^Wso2y%2o83H2?hCV`k@ku`JqYRJ%2eEkYK=C+@ z@nE9+(wN4VIOcpuC#?Y+1CoJ0VjMC9h+}f0a8XD+TyWXcliv-lz=d*kBm)EO18_P* z6cwYxI3|~Jy%h1PWH7)XhB5e*+564UT|~ljlnED~Gl>A48gZ6M<$@!^SFZ!>i~JS5 zualqm_5sNp*He&@7|{UiQGw=^A5fXxq5$q7BjaKrKfT@wwt{U=zkYhX8*Bwz_S&9- z-U*3OPyJWDRqj0#FzVT3_ewbi&=JYw2=oz%P>eVo8^a`raXb+i=5Dq;8)9Z0%#48N z!BwNt<$^$E&b{ZsRS&$~I~H=5KKtbOSaG4TsP1|O zfXzknh4mbdlpaWsm|>Z`pk|`H0!ZaErF%p~e?d@<=7d-hna&pMGCm=NyVA7CJ-Aot}e?_o1xxzz8Vn zl%JKZr{Jhi^GpG(Z3t8Mq)b6?cLfwtb^g*}oCOzYOiKb6a}6DN9yz*O zWeR#9vIu1;Izce1F89{P5m-vj{D?XQ`&>2!6mcPti=13W!7{TKiopaASXdk$J)myLvQ`J9a` zJwpyQhUW-iW{vZV)9kEJb2!0HB6P*a5&-Rq#d=@J_C$?tib6cVVqIL}%>Z=m5v86g z8%C?zm>U&Nzq9>&I2Z~&y>8YXlIplw9ZNY&cBMNjYncQubDfks7NaB5IW~^M4 zm6vEsb?$*8%o!0LIH%+sB|R_&A5yNtw@EGzUGbgIW$*Zq12W=zHHO&*t_B+|FqRj_^T(P3qdG@Q&N4`%gqyc}IsxsiPZ;!)JdS(T%%x}Qf&iKV<;c3e zN$Z(^`Ksn^go&(h40*UY>CP#VcHPpDdXLKLiD-F?-gAc*&v+OCPVm32#F-ZOv) z!i7`Z$bzO@ae`TDpQ05~{g|RXeRfUlm zgeYTpz!!ul=ba^IB;Bw&D;|>u7%G?^Sj6+aiq+``pz&U$pu%!NFtz?z;WR*r(B$dGX2Cj zr%VR$0lj~H`uzE__4#w~`(GdTgk4Fw{Aj!DTB+p}^u`mp#M=j^0Y#WB2WwpPSF*zxLj}YyN&~SN)}N0^7IMQ?Qpzzy*wP zq^u#b5|CcdRJzg$jbHkgX$B0_G{*A&O8BxVkM|9V5a^?rTyEaN+?QJ@;A1PNstFv& zx7xV@#hfxS-Zx=6m3MTK>B{e>J!pVqq+KQy+yZc@+-)(HZWL^U5_bWJ9CzcR_~&6l zvNfJu+t5jM-hYYAZwiiaIyd zGL?ngf?{z4^{z-#{+5t)ExD<)c;{}ZDrH^g4pwii?7JxrH^XXecsSgHvMyZA(+D!u zW#Sox$h6R#f{)_I@^wUsff|b4djrK2B0SOLl5Q2C1{6h@oWC2PB6?s74)~8MfPoAU zA#w8L{+wl5xIA(zvPapYyu;OjeJb})p1Y^g5B?rqKXK6Qtn3=khGHKlkqyP-W=jC@ z39s-3L^$K3+l9FO;XesD7yd~JVwWU4m+@Z*@cvvqPeE@DKz46SYp+W0AG%HpKd*AF z)@`YERa&g?c5X|HLDzF(T3M@mTlyVdl@@FLj&Dm>Z_2KL;&*jhx_Sd_4HUnt+tP0a z#qa92boEB;8Yq5Ox23B$VHZ&Ru5U}%$X~we+tM}C#_#&J^xMJl`?@V%{Zp(uIDTKZ zrEBCfT(7dt9S0)%3u3_)%HC z9(oTHakgcch*IZ=pr@kG@G3nWRzs-lMz8}Pl=*ITbbO%RS^!+pd+jjpJ#kwA^pEN# zvmGDm9Es2%IFaFEdTyxlUIj$A1fXXi6xSQYqiQUoh5b8E^sOr!fnIHd^xmf5!Xc(y z?DXkK#3BQnyl8iV;=B|{fD-^KU<%f;feRO7nJpKgZ{E2D#XoYAV=>S&T6iPP) z)#JJx5mtZuSwhiqJn(rP*ml(=91kjcwN~GQ3iWaw4=P><#YQJ2LifetK$O+r^coh9 zr5z7Ek*w}iStIn8y5#NNak$xKMK`=6k%Gr(sCs;PO#>6}(IH+v0=k-xF|<$Rk&YU! zz9W7;zI(ckDyvs{8~~U@FQM{?aF^1WD45r2)Uk7k>$tZ%HlN1QOL?8cmKr-V!26b};-E9m}| z)st-_>46*S;k5X4&tZA{a)a49hvEok(O$yv-eACG1k--;4;5>ujI61g&P5QgGT_jF zWTEs-&+-J2q=?ESy_3H^Wm|o~3>ZaNMln}##7O(O>=mB?EWQb6rbxid3*B!Ivuas~ zCSaw?FqJ5sMMJOwbfx2KK@nNnf?~JypuMY5%<^Q9exxYtfbFfVt!H3Bf0fURYsKW5XY3_yWghhz@87WxVAM5MuB%E>(nN zoE~RnfMe7FUx3V`d6Fj#kCBd?`;~M26!vi}&MmJ8qKu>+@Ch{c-o0yr-@!7Q16?v( zuH?f7$}$`w5oVdlC~vAZS0uPBq++K)mC@oZ?ugu!W^<*4BCZQdRfM3@ZxbXErzEw5>F zJq4h5PGAhjFlm>QydAjKLa{c|FPHG)@cw{L6%NIVt>8tl3J)g_6n%z4dp;*c_&a^l z_jSTgAk(1T{zPwDI22cQq-9iJlu=9>N|-c82NeH_Eb~Mc|A`8aDckh@DpRn%^($Ug z=Uyl}?+N{H3GWv$SI=E4P@KoA9{^Z(E{u%hluh2?YD|Qwoq2?Fld|$NY2719JOOwB z++6^e>iYnh4=5pEM5stmEfYr#@Lh<&yaw>9L`gcwtAUt@17&u3Ce!1T+1)DndMQ&*ot0U(Zrr&AMOSb%pm^Vt zLrg*MVmsJ*wK^HHfMWI4Z~;Y;Yw#YIDd_#Uy|bcsFI6ZW6+!4LKooJ>?`JVq+46*n zzO7L#Xu>GU5VbSshy*wZWiSa5cuOebFm3P2n&99{CJ!SZ#95e+FT~SQB6v8>k+P_% zf8zuk9$&l^yj<)ISE1s3Evdk!pcj)6#(eBs2c-i=C$h&B9GA?Qh8awendJPoC$q}J zC7x2!2ry}GG|`( zWW!P>FXWy3Qr0Lp%3OQq-Nc^utyKScmqQ?H$=iMHoGP5bR75NdVBwibVwF=?q^gyj zsO=9_761yMVd{_>B^eh&FTe%NK=0(>&0+WK;D3%koSYt%ZE>`Dfse}Bdm#e^_^0;Q&CFe9D1 zliFqgv*7<`cn|VqF#&hz12+grez9x z?ILILt#>{Pit~(T4v9=5rINuIDEZ-z(8+c3Xa^VNTi%kpyd{@FWM9q`hGPKraaDfB zfH$CkNkX4`b)t~4hrMP1tE4+)NBE|YU0;8W{43iKi!?yhGUX<1IXbr_m zIzTgDrG}%{2Je;TvW`d68j9*bJCU~DlL!wcWx{_Y-`q1}&r0(;xqvLZqh^D$%)f3t zSGlinHP>HpcbFDyJ{0!qllr99cfFL$T$RXdL(#BWyHGs6zgFuh=7Kb zsk0ZAwdy{WX@^JpAQg|7I6P#OQ#1T!@PHBbrg$)-5>CBjPeq>QdwS`z23tfSaJ$JM zd_ftc8)U0!GZ;$zStKxnwnC_Q7y7b+T%hbS!wjv^va6p578ZjmmO(S`MX^>!KpMl4 zBg_PpZ;y(HkCKPzXdd=kBYS}skk(k-wN`vp%hPc$b2OV}eW#=1>^9TMZACL$qO1=x zl@}uw+pk8ql-vO)wDkc-S$Sk;3eP-TYY?von)@;<*5PsU8EBSfOO!Raa?m^?kuWZ; zDFSz0nSx$1(bc$AxKK>g!rceSE);b=8OR81_;y3)8tWsVq4|wMNldlHekGk(HFyPs zy)fkRu@Dg}05m?XVpc0H)>W(ziO>~8SpwtJ3=Rf3tXMNN5_#(_gi+>+T@O~R4~g`G zJ?V?QNAW(%-0Nox9=_=UP(@g{<7JJYV>mpY6!&;N6J+8OhzX29UsvFQx%6UG;S%1W zIHfw7VvqVt8@K zb%k#O#llB-3f?M1k^wpm&3gkxc_H<~ilW6^P}I(YmPNNb)yjlx_|nM+(hY*2@H<@A zhl?7DseM&i=v^-OXbHbNe^n|T6l|^XL4gm7h559Eq91hk`HP?U~J z%0B=7;Npti>nc#ZMek$Ija+2@7G?c(@n+t~KDd2*kL1<69nXQ{cj0}!J}1Q*DAsx( zyBK$u-H*RHU7Y8AT;bt&(HnVvdUPEweh=Qq>pRi@5YalWwg?M-Z!g%^hl>gy0%eaW zxQTgt+S5o=R8mpfRy4ueDpSyVz53#rFX0BTm82z{?lHSgN zqOSA+#X2Zjfz0ZlC@b9)APS$`^_*w{m_u8}u0T;nWE0Z!{ehu?;`SP$_zR5ZKyV;x z+#djnvikh88d7P7i3oQaLrM+PSmk#iaF@RQ#^a1TTh@7f>I)jYSj6D!bCkqjlf)9jrjuK+fnaF#XZ?W!27au%d6QN&)OTz zS_AXm1hrm$9P0v#-t+;B&dV^_}3)uXeM?;<1NaAAo4akom%j5fIcw0R#CUA^22XP`f7K}waj~c=IbGz-7 z)pM6Y9>-otPQfpE98bifmI9U;iV>tpLK7y@{Q&Ojq3BmDXK9u)B+m%8s7ggc(Taj2 z-d0(Ida0r#2Pt&Z%73ItzQYn%hD2s$|tC1s|nqWS@TQ{|<=h1XRLl%pe0Io})b}yBHG=g=A=ei=M z$8RW0P+Tf6ceAYCeZ_=gNXBEB6i_ri0rg2nX+&Yp?)oV<%jyFLm{82n5L2dd#@J9i zw6RgwT-n@iwM;=TBH=m80!&u(49kY1k$Yz*6z{lbaGuldDy^QkhV+La5J# z;{A%KJ_Wt)V0SxM$(=+6ibgP+IZ)&^L3&?;(@a5cFTRA6m0XWipeW*Gyd{)%C$u*O z?~AY*LP+ejDWAuH#F6CFy*B^7MOQPsTP*A4(UuR8jf?lz0SK(c8bQMmit-p`R=5%% z<1vUQm<)lU(mi7pS7g z*xwU26j3=E9m5QcsaZW5mHEbHaFQudAu-G;I>xUf1tfE@dlnf-mZ`Fm1mUXkMwCdW zHq*VK(y%;7lluunT?$y9qg6yI1STv^R5nAfDp z{?P^9T@aJ72!#{n;}o<24p0E-Zl~Su=ixbGZT@?ZMg7&RV9|xHTsqWHL|2$HoD607 zwGxzFBzP~&a-?~%UA4GSRj?%)=yu3_AD!}Ri$Vf_JGMse9BkO&VP?kZQ zFzcmoVN}$$0TtCba_ai4nBgszsRH7h1&`rX_Z(fy1;2+^fS#jEe#V6B3?nhh#5=UR zU#7k7d5hIwev=G$3QqOb3Soj|dW-LTnHH-I&htLX62#?cOxk~vWbU3{j!^P3p^#xZ zz$!w6KzHFEB^)ZHMdKM5!7SqBfs(;p^s=1xx=MZ9OD30a(sQ{C3`0ce*}2~EnOtV? zAKkOP{r!V(_w2WWf1Vw_5gt3D2T5iM4hQ_D>E@jV0gF^?KHtp&=&8 zg3<$D>&d~dhaZma=mL#WSt}jcqSB1Davn~@v{qEgDa!trbT{jW^lIN&U|OG~#Gzj3N3HI1a#uC(Hn2Ym8d`}os0};s+^fkAj-#xrK7V1Nf_sm zSbSIcQFK>xwSJ3b+WYi-uUze6f|*?kFUb3@VnH!rrHY>SWnU?%su2L6gweQ@> zXux>VEh2fB2Uvw17HlJqi=Yg5-tIo_efcVvoFH~dvU7QvRn28&G*KBA!I9ZQ2*onU znYrgeIk+>$Qg!SFSHj>Kt;}cq_M-24soP$E=tS8B>>2SA@70p)R*REihA2JBV?;mw z9#9mckP$(y)!qXA8~7tfnPBA+8gOpx`j(4S#G*Ul*!xXatEtt@)utq4Wdhq%5g(i~ zorOYtEv!6uWM#fG?S1+pQ~63$IRCdu=gUY);tn|7KmPg*s45gC3@0e|*75=k)ndrC zPz2o#IM$&Es>P7GC~`+u<||qwqG^oT&l$wY8^mO6O*cxAs1EeAX3$6M5}`zgMpW3N zvIdJsH=<9_=bg&8;uLIP5rCg05nXrO=4tQcR{dHlu|R}3K(*rCmrg)Q)EnItg?KOl z2!`g(YEE?)kzT7s5#yTJYY`#&)3f5AzxM#lhPg0UF#>uc6pv*N!8q;(;1`ksbOpz0 zjGi?bym>8SA-h-w*1d+tyC!e1eSzKc%owE=vDPk>8pF z;zVJwKwPdv;=~BjRYV;N8V&8-fGd4VBGYD zFyTUQnvn|}i5yY93$<{)KLRRsz_uXO8mO^?2^`0D5cml^eR_)1r%yZJpClJ^$SJZi zV0<#V`F+FqW3$nC^a$+BWFit?9E4qc@>OmS^#F=P8&maM0+z{0#)L9OGe}mF4ZE>= z_^V<&K?em2tk+2_}Q_x2- zxfB!Rz=RhN$KrZIO(q>S!i133u*^6w9E=$1tz2&fp3#>EDn}AL8i%5(h3&MlnhL@BjJVC>REv1|Ovy?-4lE4CX~}^?(1* z|E35Pq$Govihkr2W#Y+r!h(>D+c04`Lw`!pwO<5V#t!gq$2e)}l&LL7S|Wu_2W(fq zjp0=*hQkhc(Qu~oJh&1_CI8yJ_T-*hlM`Jo+r_STeKJ;YvAS|`>VsMuc%dNPXcPyz z*f#lo5k*CWd@SEb2s|l{?%!nnpTOV7kTR6Dh8fAz7T@Tfz~2Nq{nX<}YYZJyW^}^w zz6A%o`54DBRzd>U-P+o!$7J_JFNe%EV|L`A60r{lGN~U2e?~-*!vrBd2NA0i;o?<% zElm>%lwbmo*fssDBL7kxjvT6GrE?;gxlr>{0FKq`G{O}3VIxEft|QVk70=mVGI3HN z>5Z0yvk}4>mv2%I#0#W>>Fk;EK~r*k&CKMY{d>fT^fv)(HQ1py9OJT-vn8z>! zI0-WZOJRtTF}w;%lJpd-;m0u&FMUOw3??*%8JCDgx$xT=A{sPK35W=wls9iMmFEP6Mbo+mQ?~(Ez~o3od?C z@=izKeG9bvIBC<7`m1#ns((#e4Jkm%F+l4QB#6_T3F^&R7CIFbRJZ&`o!O^EkTut>Np8?DyRzt?nI2Dqq z3M?ny(r`H!CJD)t5VdqLSTc|w3JW8kjs6QHHgTLyuV(W z_hU>)M}(aq7)|z~i0iOOp;Ye~fH52Kb%{e&%=wv>F-qr&%aC>ij({MzmoO7TfUzPG zurp{hj;n9QDS(+Eas~a8B7_oI<+JG2(A1>fG?Mj1wmp=M zF_SLH!kDjaM$PFIc{~E4e)SA9Q9mZ(xqYF>H%&?k9EBnH6kBE_DJFB_$o9*KNJ!fu zNkWt|+U6YZ0;9_|hc!-yEe_Kb>HiyrjJBoGy8TG}w^dAMGiaR3gp(ZoIrL&m3=v38 zuBab0xbh(I9y)AQ=n{dX*Kiy+EHo)dvI$L1my6yzioCW;)w8R<=})|jAqz*+&~E+= zM5_)MPg+uYkns*%MPEhTltfGQ`>4#ysrZuh8K!BcWFoqJ`O*TxUYZ8No%8Eg_4&~w zWhRq&z=fw&g>~6b2S6!;F}d7)rqPh^f^5Nv{Z?N$(*4WsJH?+IoYL0$a`)Ab#?QdE zc6u7@%xNJ7Xo<<YQ(7sl#uIR!kjn&25Cb93!h9^b zCiU6SU#+XW0AyI;Y4H0m9 zh!WutN)2j5iImBYg};wCn<;$kczBXr@TSQ zO@${8$2qyG0$cESj3Nvf5+Xw55!jbc7v7Pfpft~e?dQRdpaq^j1;-yw4~|X`_uhe@ zPY(8eJ3RUo?7!VR`t=|HPoFjpxgs6qp-e3dWC%M!$kb~H5#>*X?|M^4p)_8Fk_a?f zVBh#5W1N6$Tc>E-GU6>xpge(ngc3DO6o7v~3Z6bKug0D}1*Zf&eOd`wcq~2!KnLHG z$|0tLj|7btIQC9JXNwauu%khB0mH0op23V!P4Uld>)qx_~;Y#_CAI)eUNmC_ho4-p7t$0{A2h6;Jr& zNZUFmi6m$0T#d;E6efpW@OP;+)Wx<8>|l<{46R$ui;P)my>U43=){|i|L37Rl!x+A W9?G38|9=1g0RR8%=g9K_A{_vDjNyR* literal 0 HcmV?d00001 diff --git a/assets/bitnami/airflow-16.5.5.tgz b/assets/bitnami/airflow-16.5.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2bd13e91764b08495ecaf4ef3b9c9bfb887eab14 GIT binary patch literal 205109 zcmV)iK%&1NiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcf7>{cC^~=pQ{bm$H+HWj`4y*I=k(sI*h<>B{koRZy>n;g zIuHp-7*hnB0PSef`R?b37YUHyLk~Mn#@wBbMFLfYLZMK2R29VWI3V}kqbZD8XAWn< zU)KKY?Ck6u9vp~&cXoF2|L*S|?*3)>;Pv6|!T$ci{@!19cJ~es_WlBP)=x_DNhpKy zUv^f;m2ccP^1v`83^GhY+S>rYgA4{_((xc;0qS7V^-#?47$d(2A{es}#m-_rrcnUr z?GVmT5A-AGO%doz;c`~EO-87FhhmCJ*aNTr`{&)x?oaKVSI)vQ3J|17L5C(-G$HZ4 z2Yx5V1X7R4OZ2(u8*a5rDRx6|3% z+1uOM-#zH;w0$(fFl_Jcw&R0?ADxJ(H${FDG{=-y=m2OcO#R6MLui{$Q4rL@(&c))7EM1LZU7Kq4~3M=g%r;AUT0?m zM))@^f_HlxFpAQjqGcOCicsjI(8GxKHrl`=p^up;5F;Pc4hrEYK>h|$q>8s20K_OF z6f+^4V;rDfx7+D@T*=a|E|W_C?vI^MoliFSh)_0(5&a`5;K)AJAhHT(*!C4R3C$z3 z83}73rG*%r2u0Bbis|k2(_O|o4&O)Ai*Y1dV=DxJDS&_x5&%X3`V_^8QUF6Apijt4 z7y?{ac}WT&1wM|E#{>hQH}?YUfk_ObDFvIy{r7aM15Oygp%)}Rq99>7zzieGVe2sk z7^Js!8_Y<^TPS{lC?=dcyel~FDGYs85}5to*_aZ}s3~I+?RB-Zbv!cLz#ea%{zC7< z4iqizka*G+4DCWX=Iry)T{nu!Kat1U0htimB{81h5C$|IqPrb>H`%yF^LrBeLf#}a z{)ZZu?UXeeZQ#Sn#th<+K^&r3RFHl8+u1#g(Ka{{TC4LcKtYN?7yAEy~Be2 zx4-{v|2@W&pWw=8G2-D~w;Q7grYxSfcRPjoSE&(uV%y#8?51!_XRf7y?{^M52i5b~ zGH~}gy9a#g#}hk*Zt9{+bRNDzIP1z_d)-`jt)_hv6Q{`Yrx51z;WV>~aw z5sBt8o=ll-HM{`B%j5rPpGvd2ed41~tOMg7=wJ4aei;Y@dgH|l@PAX}aVrnJ56B1x ze3=Mmh@qJBuj=Ko7Zvny{3S7*5bp04bIH5fBvYjs?QW9j&cO>YDiM>bfGJ;@V@~W@dc7ty7}_`CgS6j&znM$Q-TF!3;;qd3}QuVPvHm!6!d)` z1oBTt01N`bW{Cj#AVzAfBS<$Y_Q2;a1(^M8$4me=cF>waH$Z3<1F^;jK8BN!P=-A) zBR&F3A|$XG3fU&z>QV+78YcloOpU~>+8ObY8eEEM`5pPELP`UVco{0| zaP`K?;jQ3*>jFx~d=zf!VXM&ez!(M;RS~3t9jSjA$z+xj;}N~S)!eA%h@wG3?y0>b z8Xy!^Q3B%$1%3XX_0hm#Y65UL#vx{NTUY5l5znc!`U#uznb#BIlAAeWG_GFPr(~Be z&|jeN4#yo%oSyBj6v zaNa06@##jzNeJd7iNQF4^cKJOb>W5%x}@0f{%KS&Z0-X%R2X? zB1v!QryP8h;Su&Hz!a3sY^e&hxS5-b4b}t% z`h!n!76pic;XP*Fl*=1`4Jer*gJrT1hig{Sla@L28zTe^Bjn-nTnGs_iY+M?CB^kC7&%9<{CWl>aF5wkj1WiT zWnbmsX?&-=E4+j z8o(LFjPRNs328Fp9WpmbS5u|1r_?EjVJg50?JUJ0Z4k{vQ#W_Xq=T= zgWu+zpy*-=HizLT9z$YQKm?>vZV<0R-J|7@?v;$eW8$~v^Kz|p(%Xy z7DpyJ1}Akec#%y!nf+HF93SWR*Vz?vWEA-$@rYG%NS7<$|Gq$ki_AnSgli~ z()CUWAJh4rhmNkN+b=AI5dt$9CIX5VBcbS3--@Mn1U;12vXZn zR_FL)+arycVgr5htjUq<7@%@5_>3eWqb^-4B{opPY%uW7tXM0%CYo|GmZ3l*=ZG5+ zAaOf)Ztl^@+P1kzBV|0kmGf72??p_EdV_fZdrjN(MRV;QjT&2PHW^Oi%mmlKHdAyJ zLAxxm3^up2>>3N(T^TTCP}%Sv$I8lxFpMmlkTRRfuBuhPqpoQ|IU0{f$wY7Fs-}xq zGvcG=4KDK1U?AxEs|TdNNH^xj!8U|8!jXS0hw5RBZS;_y1<9V2vYPR4#0=2({!6a?JF~4 zsqF;om5HiT*x2OonyvfQ?g#&@crFg&jA?~qH1|mA*ZKw#`kW*^=~GJCSb^yxn+ZkZ zBmnnQ6oP~b;^c0N6!O9eiR>a9pEwPvKqkI7#w5-`Txjg|gcv)u_Ac*E-?!&qK4Yi+ z%&jb{a9ZmNqu=W6?Iy_8Dx(U$z1C=me-nqmq|o-xpkXKwpmrGFR}3qe%$$Sr+_I&QGh*o#H~zlp3Ful z=B+i6sUm43%ql&wD?uJ<)vI_zB6%>J=SDUay#fKgLm{Gc8^j3uIMjEcDT6UfB6S+; zuof4d0J8TQXFEmNR_NLiUH63n#2~=nnTB!6Kj+Vtt&bpQEE}7x)j;_o1jFDM1&~iP zB=qI36NUls`AaU3;w@*eRksFmgkns54f9g`S{fL`Gei=mpnn8b1{GoMRPHr z4TaMIRH$L|?Ly+Y@08BnhmuaEV4bpQep^5?Es%@JrCGHaZmmo<2h~6xn*(boi_HNx zl*0l*aUC&xmyjJ)tnlU(^CF0CfEAdB<^WT8twFa4Rufo;(>506r9Tj(KN3XM)!+cn zFl%VZnY$L*iG6nlL%x3Z$Sg|4`dwWvG^{*_x>bcbk^pfFC4H%=O7}t=Pl_67+C&Lf z{4no5Hi0Y@dFpY-Wm!_CxC>G~X6(*P?ff!>ucne1vpFxr&?mMI+nFku;uZSDx-TeV zZ8k;i{FnBa#BIo{7nl}_AudWQ(sC0)aZ&rKq&3x0$Mk(nlIUm(!wFLRl0(Gg{ewAW zXa**{0PsYKvJFZHWICrF3#fp0%UKuziWtM;gsKey-qo@cz#&8N7w=s_QGoa| z5(a{LnkQMVsRZFgfh^~O0F&eEtD=+uRXn|PSO8dNT{yU%p2!HjEP0mhgcVzweo~v7gxx+s@i%Q;-6M6U)3)%6wC#4?SLr7K+!1?1`}6}vaY6d3ngY^l3t~Da;T0il31q5fb9_;Z?{I)7 z$QRfwEUsadm2Zv%1_8Oh)D;KRgMqqx*92o(?dJGB7{QV9Bk%YziP8-)^NYGq#=l34 zw2mT=PvDm^;mWPU<`EJNt8A321R`0hu+h~}SJ^|L2e|CZ8CFYPs(XMXAO?)AM@{p# zjO%6@lY2cC&VjS92maRTpPsgqezf?b%W*dKKhUL zPvTn~PP)+d+bCo)Mzqa{m@*La+8hCG-(xlvf3_8_u5OP(n{(ecBEI3dqfYTt|DAkq znmfyBO=ovR#Ls*0NZ>gio*E2!_nktokENdn=<7dRo8bUbiYId0yxhr2z`j~;tsoJI zUI~ehx-T?gZ5aA(7&6?}ZzLXh<@TdymHH-5J=w?Y>_fs4QiGN#bv9^hma*uzMGlv5bEHvV3(gxhl#x67CyKf|61 zxIvI}OfnLYfK2AYC`QmfA|YilhsVj6Ux54s%x}Co+$=KYV=7BQFD8^qcRS_74B(7} z6TJo7_JxNt?SMgrFIRJ3aJwoX(5GF_Q~sZ}Zc|&*#MjlD^6rb`JF)sU?UhoVxGk?3 z6S0U0Af@7x%cXh)WITY>HGkO+Ox`Aqr5(ix&BRKi`$E6;MBoH1u6cT#<2a3+cdq;b7Y0>rGPXskieP6G zlgNh*4Ot8sn#`qfV>T%Bqy|(K5)*nIpqK<)H+~Rr%OI*kK-SHz@r--B%kqq`COHn? z>lxba3*8dUHk53-1qAq@AH}_Ms$bCUweRf?@w?8>9 zsiy@ZeK)84qPp?TeN|l#GxH{Yo>vRs=Woic{GI-9jA@QL{(07|`KEu>%G!O~zk;CE z?)*0(!=S({%?-q3Oyfjg2X7O9f*NkJm#JJo1?RZlANiw>yc(=_asUL8KT^R`svDGt zGs9s&^^ZM+pYSZ1flyp{>qaQ{P{`m!Tr5n&%#pVA9$W!D{Pe-7w>koD1NbAUEF}-j z?L@OR`gGhTLB<9Wr2dXZ;9Txq0Wr9+-u`NCjyv|i)SvB0fy|a;@`D=3dZlSDA4&^Pj}Zm;QzRV4p(a}$WllL$F_kurxL4$)OFk=ag4n5 zO1*_s>>5qs9n!2cE^+g^LKBK^#Z-)V6yk8AL6K0=z!|YEiV1)mM#Rj5Z{w90}{$XrPV)Z3X)V*g;jVTStwclX^ zwRSzC>@ut|dqn2MkbdDzaTN8_9R~ZG{4O?y)DCR%yDSqEJ}k$vh@Rjtg<&8=2J5Kh zPBdb3h~sh>0Dwe%F-hVcI0?(j6n2jCPup&Y#d*W=p}PMEOLzagwEG9E^*$rdeZOGe zYXxj@zlj8>K0Y6wW&G18)Bgac>9L1symB@r_khK4JjR~XT{56Z>Mul_BfTWP6EC-M zf>m&<8*jz7rB`}NXb|6>ewOJ{+VZx{!sg4#JnwTkOlz&`eVHxq9e$YUw}rhi^8`Bm zGK=7wduL{JS0QzIZ050=ew%p+3wv`alCqfzD$=?1+})D;&VhwGyo(_+C^T&PMs8LQB(=+9^vB2B#- zn>Yq$V83N3HISINr(Fno190tqaui!RV2683m!7`vLyAYNE{{9^a&6#64cftjv z_n}-1OEIkCU|0%tH8;aju&X;8mV*8_a5*$gmB)Aa$|HYl$FDs8M|A%(4a+Cu1ZEC{ zWn94)QfN!Ng_UAii*uN5vpo$TnY@cw#>NF4#q5UFc*j&?ScB78CHytGj#a~7-hr$M zUo77mi|gOCGns4HeM>H7=8}9t$1?YVtKk58Bqy^52;Ht`%^FwYaMl#7%k69t#4hKv z2Do!BXby}EIHEPcSLu${5PKu1v<9@S?3&g{gr6PM9>hV-Tvk`QsX2t|A)VEXoyo7` zvX&9>tvaq*CPYK`HTOnhxf7d(V_{deQfyTYZH8o2y0zu(>nH2nX0x#1;+ErZnWI}) z?7MPzt7=wrr?;ZWxLw~Wu`S{NSAlRbH@HfQ7IcQI7%^-glD$lo{MDp#Wu8#>Ibfk{u_Z7yqM6X&^gje<3~(3!+PJJK!hNN0?fZ_b@A zqy5`;sx#zxA=f%wNDxLG3#I46gua+c-qh40$G2Qiysedu2J(p-ZVXo%D zS90sI1l5YpeC1ax*X7ceU7vn3j(x^L__5vl%20m?PJYHc`FdBstngQN_$!r$XScua z$@Qzo?XOY_o}K@`2MK88{8uIikKh7Wi~3t~1myJRya45^5*NVVW%-r;|0EJu5=QZ1 zVb4E{E_XUc8}I@?f3jvNE@ys56PfAiXVqOiQ=|3yd^Ux=6O&LdTn_VUBFjKo#=wMTJ}U2#MKihx}bjlu8-*$Uowqi6G45jWQtDk zE9FykLR>MWq7&vCvMM^^{u_8Xs)jF>Td|3_K1hZ|2j~@&EIOdAlxNWaZ{<{r4w&D6 zwnb&3eT9UJCgw-axo9GP%(RQz^n4;tx2Z~AD*0lwsdV`ij86FL$-3Vre9 zj!rz4`5l!URHt|}OyDQ$2y3vdnCQ`9X=$!US?0U)e=Tj(0vR7|0VzrPSc+$%ypJWQ z7EJwEO3R|zAFEpaeR;bYJgd(E=~M;}AlD|J%hN!XjQR$dAeWW4Z@|N~O5Zij2e~49 zp1yCZYGI?Skn527btQ(>WIwyKu8`fIB?%)7aKAs-RXq@vPaBzAD}DD)tNL>8O35Runf86VtC~0F9w>!m$=$i? zERqGX)|5!Hl9(oR90d^1u9bPvfG9;tu38CQltIR|zOe)^MP0FjqsxHw4@SiOKIozR z@vYigO(>FE03XpOkinCyhm`0#crzScDP|fci;%NT^b8cc#=JYq zWXFOAKe?f)eqIb3gYg8hqstHA7>#i#M?3#1KS&P%JeeRV>#7=n%I9`7VK~75QYKU? zT25b~BHA-FBk|nCJd+r=G}L22uSSnbsYgdxeo&Z{W`!MH)OL&X36Ltw7v?k_fsqu({LzX=@wsg0b|x4iFQyH(~o%}gc+sNKQ*N`tbVAw9s9gv$5`!YWq`L+rJ+jl&j@-`d%`Rr46}p86x}6c z(k|k{#fOtpJ4Q1MH+!*>tNE9MF8Qc8>G&|ely=KvBT^YVjfVS52p(Y6E6}9_|5>go zGy>2d$kzL2z$buX`wx2Qw~n6N3g20UktB*wyT1;yaQ z)yXzMlaBb%>vs7+H&lG`_uX#MUyc!(!uLsAn_J~{lCoH}8AEOz$lS>B(#tBQr z-i+8t*#?o^P)R5PuhQCn_zK{VG6elRY4S68tKvF|!#xCJZz`!I$h#Oz>8imBcfolB@Q(q$uyTC>q`hEzG&ovWum4qT+hG^qJwe==s zM)rEg1uD7+Z#kk%Na;O^3vA#7t8IhK@sAO39Vg;eh&m_d#Q;UYSnpN2r85WYiUiWn zF6Ms-zQ~Iv@|Lb-5|qFtT)rfo;u*)p7rL0rs=^9}L5!e32j~-~tOL$q=tD7~8L`}) zWaP=@An6&5B3@&r{uL&@;O6nUG?Vq^9Z}o~gKMrnJ0%kwrZ;Q)r>ChTyprToX|e~r z+%_PwJjNtpo|hY9ByTttDoKocpyeLuT#w4J*8?rzOGlaS@nOcl=0v>*T3#q>2~iV2 ze-@Wwx1H6c7%7dN=WP$X;-d1(@##t&&$KR+QGh*O*W`N-y!tE<_k&=YBtJ|4Z3h88 z@VC|nisIHkwq3brDR($L?OvY_4FxU+ESCmrP8L1Sg8Wk0 z2iK>=?r?aT*4h@K6@}E|&xK?x=5+Qx?b)x<7?yVpZU@YIQcpQC{q^DYYg>F&}ue5IRsCm1ngz z+oZPD^b2)3n#-A2p8D6*A#5125dM9NVx>K00r6d&P6%rg`JINWeTM@iRNE@dJ?f`m zDw%4O6SN=o1^I$M>5b4009a7I=aG{$x z6G&7H)~G>=XpLr!#;6dQaYtM%(higIwh5n8d1H|iUr2mp1c*%Q3C+SWDtH&ygC6jv zgi!T;gxEboA^6|>J3Bi&?ftzshj0GdbTlgjj?5>gQWQ{m9G<$%9?1*ve3H$s^rR;F zgly}Z1Y!?7B0itsVv>Y@J0>Hn4nKcWK2=Ae{>dc}et6-cE-0=`RO(&krC~RqXW*%B zs$BT-HDr3%UWaDU=3B0Yx=`-|liu6*REv#^-1+cT`#U=A{Z>{hA)o|fH$a4M+= zTC7oL(oqzol?={^t(^3AiDU!>`fp(XL(hrwlt3To?|4mWNL(;8@2onUjJ$v(emjcE9rjV&9^)9@!yxFsh!JHm_E=ki z8I#y*c3aW8VIB&;cmc}VXE-YC?sVk;?{xPLT>%?Mj~}BP3i4iM0U+ZT`IlR zVIG;sXuKL5#c6C?;}HC5YX*sB!@#IKdL_;2leK0|x@(DE=mo_PHz!br&e=}dl6XS(#HEP3=5rAhZc$CoW z`r_oKaX7o%+5Pdq)CHAmwf3h;#Ct>9cKNbmhf3Xk^>u)Cai}{ZA_gNAaiwhfW-z{$ z9;c>L2Iqw3vRd!rI10$5ySKBq)7?4f?(B8(jB6OtL=hl_4+q7nHjHo^hwThNn>V1F z`3u<`Ehtva`UtY=H8-?QQt@I_%gWLvdf-GeT=ccNsO&kx!U+E+?@obtB=$1!{mT=5 zs|swY_%YZMw={gjkjEt7L&Esvo!uHw;gz;zN~rLu(idT5pcXyx+ajyM>N-83Oy5pG zJQ$R6Dupe6RKQjS-e37563&HdsNDKtaubRX@T&X6E9(rFuP4MuvCZ5+eVYO{d>GAM zkw@$f<{O$Uy}V~Ayu79}hmYPW?SSia@5o%r@h;28J6{Vy4*_9XN@+(iYs>A~*hHkH z{{zim?#kGLvXPgk(1f}TC~}#dW|>s|B@|9js^?y$gTHNH$j`;5hS$@tJy12Hg@<$x zgcBToO3lR_8EW{qF{KHLd%*tPHrISrQ;SB)0;;v}_31F@E~`6JNWL!|ID7yZ_?RCf zA2a?d?Z{ynD@0=<%wmlAQdnM&7bU5293qF$$IqYJAc}Fw#-Q~dw9NwA0v)+%=oCii zmoF+X3LhUH3=Jzs3JA(bR+sKR+7hEYz=SAe6lGwpkldiN#4)Rf85qs=>L9z>Pa_ig zatk>p9VX0QP%txKQ51~Zj*T4?gV7qjYX6xp+CQ4h{fY@Ps|JoFR;wdqzw`Oco|xs9 zYAJzg9LsGO-l}X7lkF{(6D4ewUkG1C_Vx8VArgiMr|xnUFl@vbeTPJ(BJES*(w^C1 z%#aj(b{#4k09!L^i%J5>+r(BwE+Ly%Gz7*Y%wibN1$?Rx4l>m~LcF;A+iX@6`pQ#E zM5W{makf$5S1;PS5kKf=ji7gnLf=?}Dtk^&?vw`Y7|An_LJ{droKR#aJ=@+Cs4Ka1 z9ncbevq)zbByXO4y;VjMA^f#wPj{DGMnCmxD7P6Z}}UIsad27qI|`2qfwp9D-L_ zyIzSocbvrHqP~jF2TsOZGh(XEFG0qfB(GwmQ|(w2u|7{rLOu$Rzs=i(m9g$=MP(={ zk*|moa|Z+L+6S+q;QZp+K?OjVw_&?n&FQI3-vXAnIXU}>uYsSs?4Jn4FrWlPgiMSZoMA_T4m{o}JiXC?^{s|q7gQ(k~+ zc1yTi^`$~7L|Qnz{MpW40MO>o+rj&jb8t26gUhRv-}=`B@ay2O;)_|d)9Dmy4$hBj z>KV+azF*}%(9jO>b_!Ox-jO0+*^IwP@!wnJ1<{AIECe3>Ux|WODD><=s;^FMN)ZWD`C9oa=u@{G4$U5|JWaK!ZC$FIU!eqqO~Wq>S?-b9jD!Ly z?TnKkkf;4-1g#D0UTP`bm62P;nJ5*@NRax(y9$y}ZP;7w%{-o8yZ}e?Zolba46yXD zPa7s;!&xAFBDkdOHoofq^+&NWk*>oQj2WA6|3cf0#ZE0-4!(E+#C?pnkRl)S#Rls} z0}pm_GoT9-CSoPX3smt4dR^m61ploiTdgnzE-pv>kGEJXjQCLDMSB~?h!Z(rQr9Zm z=jv_$DAT@au+dBj#)keAW?6()KzM6fNF~p{)n%8-A}sLd4#lHZ z>5)9+3u4dOhTTx_Y_*|Y76Mn0SjeAYSpdpl=tFV+Rii>B4NsM=r6r{ztd z86k`oOUSDsID8v*Ll@1-YZK*mcFeL(Zk=%>jQL zXGxnPM~2=URb}3jML78+y)HoOai`38cjjBU)7jhE+uPaSJ+M724-S5G`B*-CC9c;i zF|P(!Pq~^3QRAemF666bU9F|Uk$2Ta$AczbttGM~^{OVcD%oiYTTg|HW<33AcXv-> zEr5J7Ii)ls7E3DScK9g5YMe#N2Dn7lD5pS_WsLdC>7q2BYV$<_4G?%bWs%}nA-Yxt z%r)eRs(`+RL{U}Hm(LVc&k-w6jwv|bP_n23`Stmdo%%hN?y9 z&J5M4T_w4pnxS+hhgtxuD?L;#;#_{H!bG}2f~Z`Cr;bI^TPHAPY@ zXFJ-J$hwAoQ<5CZpw`TeH7I1ps-e5_0;ig81EWcNRmLr|1q-IENdd17%ET2KEp2mu-XwB$L14DHt>EFvH z0Bc0?f;r6=B7EIh#tPzVB^$KU5-ljxYe^wks+qT|wUZ1AR^Ca=<_~oAera~LmAJRI zY;2m;s+?MD?B}I(XlXj_G)ku5?d^{=OJoE#WvEr*nV^ou+&jUG>~X9+!BWB6(SAmD za19M4yQbpgOu1)gVP`t^I+gp<*?~p2C7s)puELmk>kYXH1b4MH&maS|G-12*&xH&Lg43~7YLpk9zEbg5QK6F5j=@SVfK zh|KAc7!lgdq@=AQmUl-18Fgn+=;&kOC8>K>7e=@<^IxFQj|dJe^_PW^YT7DE=(Y5F z2KryQHKL+8PIYrQFU9qT$8MHIWb?KKX{Ky_RZ9mspF*Ys$O@-JO7e27?I#~oeW7$T zH{{ABFR(+M*YjLkRHm4Ql)=ywUMKRSgj&aHeOp3YN~T>FBh;Ni9Ht)}o$$hVm)9JI z!nF*p2F;3*AXyxQUCF=Yc|1*1hlopJ;x;PP8*!pkzCNUcR zzo*h+t{88%p-HP&45mpdLDN5it`v*T9L@s6=^-nSP44$taZANMAThV?#SJjfYTlz9|CIpd+=&5x?OIL0Iu>mLIF?OWi)IH{NbBtz$Aw9#UAyES2 z-6B8p0_XKAXi7tzrWrG!c1{t2JX6nv3K%KvIxJ~+V{t)9sbCbTNk27#qr(yAA{FMN z6e@d_<1s}qMk0bg3}^|8*qdU8JP`=csA#?4{Fpg%$b%o1u9b`O$E}SQFE%oeR+vy_ ze(;8vmpDwhF>Dmwfjuw^Z(tg22c!~}u6;EJ)9dn9ahqkTlG&o3;hC}_l8PuJ)MQYO9x1}EXZ^?6m+TxB2rPaWNg5&Fg()x*M$rv3YB}L z)L_&+_!Z5okl!LlW)vshjXc7hx=PXm!dq5FS&(MZ>x2D072P&BVycEmZY(*+N@*+8 zIGI<-$MipAH2Gg^pWb2)x@2Y(-x^P929bPHE5I>kvh?0*D&M8y&W*ZhVFOcCjAw0P zvnAHtk#Go(So@i*b_%HiZ)$9#j``kom|vmUg;ykp)I_J}R{jo-fXxwMQy_Og#Q`o2 z;2qlPSSj8hh+*iH8Q9%vr^%!M45BFvlNpM!2PlgA?oj05Vw#>w<8dA~*2mM1DQ~e! z&6?Fr30iVivj<-NgeFkR*~}b;?)gj>7Soq0HkH$vtdmYPMm_zm98t4TYgbx*s*%`O z4E?&<#)WbDsiqw7hJ~)5Ktw$^oIur@0_d$l|#;WA4ytb_u=rs;Ogq)N(SBau`f`n5be?gRA&B%t5ZHgMY!5mVi#9*co4h-9t;AYz^#?M z4H14?DhT1ypI*ETJ;F^xhCmWB90++zFI%QtJt~49x0!=Gt}-^b-6?|fmK5gFz*|bj zvZd**%8lI)&|^y1-~~r>eFI8}h3Yr-2WXwE>=W4_wo-KPUY08_u@vc_T)jKJ`2FUW zi{bUpFE`C$84@2g9G3+AlaerkZ2EKSa|bgtqkr4^M~5=V653JM9g%paetcM7r%Vj(mX^eDivqssS&Nel9@7?^=MwPBWDC7(sGRQejeXTr z0Ggu6!3XWOwwlGYNdCWA_~dW$sp1pRa$%-J(C1`ehg$_)mCJun$S3d?|6jSl{J4|$ zUnuAMy$(3iBUKEjbQd-o)VU$V0TkxRgyBHP2JK7`Q`4iGEam%_%UEiOjCHNl>}l(T zUCW+7zkGRk)MGJQwr|n=Dy5BIuV9WbZ8+esr4>FG~x z%oa>}@OL%p+HIO$loF%+XX8q5Zq(;$-J_8Tj9J8sO&((S*8-7_#^3H$I4!!d_|3O=Zaw!VL%fgyx zL(Z}x@`RPA8zfKARp?h?e94O2AVTq&#IqdLl%a_B3Tupfjt!2mWQrEsx0DhO%OK`7 z4Y|zeva(I2*3QXg&(h9EryqvbgR7g9%b#Cv&Txpieg-(&0x!Tt2+q`-4){P(4}8?x zI}KYOj>$*fBjV}+6`>Q=H@U})yeR=KgKBxY!8Jm$%`Bkc%NLqz#Fm~mYBgkEWqC^=lcEf&zynxwJjg%(~pF>8O{V6>GlqUZx~A?GxJ=E%r;! zw(LD6yVSXrRcn|I2UowH963a(F^0#rODp<4YfAli*8-6lvKNs^+dGQMJyl1H>Q0fy zmYw$zArZ*u1avkw_T|iES->JMu6btiqzqxfMtOrqQKGqJ--a@aU#4d!1?$OTrpZ^c ziF#*Jgqnv8NrdT!X0f0*Mc(Zd2?88WuHi%%{n~rh&(Hdv;`z_b1hbnd3L+HK4vT`- zanzjuyxDublRN)8+}$~NKL2@)=kw?84;x1$n#XuDW#G57dl;i_a1wf*jp60-|FloB zheC?lCqj*mG1plA%l^?XgZ5r$XXA&i)H2;4z#X3TWC9NyAhEEVaprnc)B~cJz;%UK z5{EPmE^8#x!xF_@W!*}nDhtOz8RJ%+I9u78vzXOm68PNwC-KG|36hx#U%R2Ow^jD3 zOuYA{P3~`%-GL=rn%Z%-EIrCTGpEu zXtk|39r-3hCL`$i^Ca%onkS(LI6gO%LlWz(X|@lr~RH0lcFQklevHfOvm<2EnW<&L=kSJn->XoH?`i>a$KRLOte z{-_(Ix#0k>JQB#Hb2JFS$Vyx zuL^WIJ8@`E4hC1{BwQpl@dK+!TsOXB;=fu0NSDaI_BVOFRI zTB;&9eHi&GoCW!t6b^xR&@7mgg({bHWKqWj1qyzX>MPKoZ=?tcR=e_2iz5?UUAAx$ z#a6-T4GQU0*d5`pD=ud&(n4|hWz~B%)zBAin4mbd%quK^zuh+0mKq`L? zH14GbEz$xiu~Vu5HrF22jpL-rP5o8qvLRNlU}~*zm*FikQ|Zl_$1uP-p096zODZ1L z{N^~Gt?z1W$a%E9@tv!^JOvMHdRr(S+wvC3AIk8~fUnu^et3%-Xb*`vLH`T*#4v&u zGPGAPwfW=u%NV}eJQUiS#CU?koF(|@pPAdOV_GYDv8bKAnx(AUzm(DX5G>#i4G@Yr zBz;=aI^3xc{xtk$3dAQNdIA=+pzgs9<`OJxw3jms4`(hHajer?EcxClLPxUXjCVKN@$PwCZ* z;!<2)pq5UwfHR&h%k6 z*z^bt5cN>8!cpI-qS3jErQf#P+b6t@bMQw311_LGfKdd}7*?mp{mbgMI=e=G*sOIV z->STiBkvs__b;uBsOoxYHC02y<-Dy&&o3yLfxXV|u1Gv8qS$f_S$+@^Swuyv5%G9* zmS%-RxPe39G1h8BR?LK>)dWI2hgV;Hx8%E`P8Hh5 z`04-_!xl)nS7M!Cl%?;MYS2=xaW`d|c9@MQLd}WBH`f@)-vvb!#Uw)64SBH@DZ})Y zY9h7gneM^n)S>uHbt$!m6ThwqF*b_t(MT2oEjeWJL#Tlo%~3y0vkf(AN16lZWIYW^ z;jOz_zmxd3VVmwn(KR(l0$W#WCYV(=!Prh;mGBhQ`uZRZ4Bwy=bTs5OwZ;OsdW*z` zH{Gn`{`+Qa61$;mYETAi_0}8AqynHhs9j5CdnFm7_~Z3H z$0pdL&BB*D2wHkJBB;xCj=fLPHtOg1C#)b8FO`={gKY@4JgDr1#d^SPahC_^Z5Pfn z3wC~GoY4Fd$c4QT0H@t=#es0Jx}`y@?#peP*IWL2Y+YtbZlSSdXy%duR#c<;(?|D; z+fci;tMgn)eb>sowo=XNUc+Hguppq9&K0(`RIXc&>mlM|rVHg(RncN%hpn>4YVA;5 zZ8~S<&KB4-`BTT3t>&CD-jxiLN2IoLm%yUL7`%F<`lH++&XG|U1K%-CmJe$cG`MEn zTRm{gv}U=!tJSma>dS1TmN#7A94>dct|`0*m+o?h@}*bD>aJgT5$L8P zq5Fe!o^{=1vHC_UA>K)CaeY+5Gd&PfxK{l}RV^3Z!s01^@TXHYLeJwcR4SY*g(k}P zW%1H+Z5Qh(2k}ggJ0_I!QCI?02k3B26PfL;{wM@ibOI?IxDDDO=v;`>AJy0yp-V->Awd_qNQb~`?e)ok1+Pj8b~Ek6pWSY%z1 zsJW66E*;RxyF8^WIpysboLyf3wa|zjXt6j!E%UB=DF=SJ7+yE*DY+J_?)=M(tLvNd z4`*)&R}G;`CEju0oNPEYCeKq4#%N+4qy{^ZwaMp-5qB zSXs`pJWxPu!9}F))}bm*&8&8^sap%@_3xHzdb;`b!&@P@gW-)ZcZQe!Bilf6=Xt9H z^!vrtuY;?bql@$F{>k~^>gH;2c`-b>zPS3U1-isB!MtqM(K$29z8Ya$79{Gr|K6z` zEd&fsY9XJT_1_O}EyFY${2T2{C-Ps{r~-YWDfTS2i-sAf{^U|!GQt$7ApV_=bHdOz zh*i{(G&2Gp&N4=Nni-1?so@ zTf{Uz6A2Gm|G&ui{(p%gWyGjEW(w-hWqqiYnI`n!-~aCa*Gng4Y3j>1wt7GAwCooL z2m7rp6T5g{g`3;J8c#lzP5ynFk;OnDy6)%dq7JmOUc2B;#{aLCGEJ6}jcD6evg6p4 z%px2h0D}PB!#Ly%Sb#&}+oe3IW{6TaLEEC$B3a-V;wp#4d;)+}Rum-4rA1tEc7B0T z#A(dl6$RVIPzZ*N)l$gY!!Qw7yKu|A!z+Q zY#Bw{MiR`ltgZ}F$^CoyTmSUKUdWSys; zj8n&iHs~|Jr#1$x0JC$TxBzAeWg>5`%$%w6+PCrnUs_y`OA8z{lzx|Nw#|zqrYb1} znAwy81Pk9yc(VT#b`hwzSVk;~%9!A8ydXiO3MTg5&XIJ>C-2f+N!1wSBcF_%h)eJx5OsP)<*eOZUeb#Ik6axXl<935$H?5 zN+Mg2CwRt)cN|O<1W%WdQGH&D#6H{LWdWR-HoG*?kv9E=EEi#z%cFWx{+lGmlq4Y) z*VC^g)J1xvtZunx@KPSAh(!yuU)D(5t^hoKyY+Z;x4F?7N`pb@o+2xTPcB^5G9$>1 zvr>EKgJd}rxC^R7hr5b>6*cZ6q=6dVx&-NKz41t(#u zM|HHKz0PiDNA6`Ep#a76;s!s6(H{wp5d{=6#=BRxROY-?)zZQ^1SIxR3>XpRlw)=< z?`&L)@GlfV@d3sp34NKaivpUA{+UZtOvYpEVHk)wvOyyE?yk^SW|O47Zg+y&G#Pa~ zGD|mERdVYn34-q7&QFIgFr^9N{6isY|M>dw;HRH<4&Ky7Oi0f%$~Hc;v*t3k6+;Hu zoO0X=`fObzR0ygD;-kd>D#m}42S}L%fY`-e2}gDOxBb0?gTq|>w>LYx&+*?L<>3Oi zo(OPl@KPl0?)|*@k)pk8tiN0SQVKeslOwDGr1ikv?#3++{T?{do?aU>#Gnru>}|Nt zq|2N-6;i%&0dz&YU^P<>487n*>%c#qCpAO zCXNOiMP@oOJkEp*3mtR8e(SB88ie`|?)JP&`4o?xFm*9Y`f@osxa$fY>tQ{+j;HYZ!sL zF=Zn1qv=lpqsX{i(ZQsfx+DuI;dKp zB}=u+NZ;Kt$ET2chSyA;0dZvtL*k>xD}mMm*t zLuu!5hbTZEUk{~a&9`fjdJE0khAJZgiu3y0c)1qRO(biiJR$*^%!g5opnpU{%3_F( z3y{}MlmMBH9vrqo~z5vN;l*`xu&0Deaqr^QW7J+pkz9B!8y9C zu>#WFDVsp+wTrltdIf@t7vC1VAXj6;RK`<~1e7K$ssmOXOrc63uo>JUFR(RPXKRvP zDQe3DK-fbxmlMRYAlokUTF3DiF68Tn?J4Jpgaw!zTz(1*hb-9$3ja)xG>`!1=4ngZ~*EeYn23%JrtpQ%CJL*8u!| z@OC)3`fYHf-KN}No9w1F#ACZfRky-%%e62cgHn~1%U`FTl00^0br;k+#ZWwXmN>>w zjuB>TorWW@%$eAp6$`;6mNe*cP#2j096WP(-op^?2EGdYnKjWXO!D?T@I1AzZEDZ8 z!^dzE63Vc5MttNZd$sJ5ZbZf0k@m{p)s$Qcg_KuDqRX|CoI|h(scYc+3TZ9fSaL}% zm*sbscyoP}nxI!)mIfdrnUri_J9Gq0;mgGUOQ!8;SB^T z%S)L_yF1^de!~3rS2eh1@=~6ZG9$~8?XnR~d-P26J`G8nTYx{S#vH_ub!%X-!jMTDzc;wF_P3(l3>vFTc#QmY+$NxId1nrB`# zB;GAz`SBA8Ni9folQosa=~H}%LPV*fZv*qw8avlUxq9zfbh^8D4NYQOO5L5jj@CGPInK4_Yj*Pjd%;>N-r)ez&ijCjKufrSh*;{~ zA3D*zRklhD_{zQzk6k}?d&dI40I`H=A{|l-xe!VSEsY(&5Um=@0_2w7D9$XuhE0$| z#=a-qb{wbGwZwfs#vhuDWWBN?#T!{RiK`zctV&!n>-;xkFsyx-!2@Z4UUtf>On62 z8jo?@1D{J-&0i6a< z1zf8yAe%?12QDJ`M}iE;z$K!$J0ntOxhPcJXYeN&9Uh?2D~V41wTIzXdm8J18EJc| zDWFdOzs~!A@9pj#?mg@O$9NuE|5s(*u1ZDXOwjEtvOq$C${H1E1y-F~>T^3kPcmO~ zk}1y-R64_`ybRy`^irq)1Ap}hAa(kG_h2U<|6}jqS^q!Evu6FThlvmy_eS1P_o3u5&AEdA8z|J8#()$9NL!@a$n{y*H` z-+$KskMXQo|64}8OcDLOo8qtGKh z^0&bhg&qR;2!sgvfDsVk2=RYk$w}`OVE5QV0^s!&iSRaU<%Ek#2xiEe!VuFLfOilF z+!_LqHQ*Aa;VT9_GK(O?yp{;YDCiOqI8CfE8WTQX?-B4|2uK*rK|+yCjWSL`PmqFj zwtaD{majXZKL=uP(hc*ht0g7h^Fv7nSuR1)3z!aS-C^7C((gvTDW`%X4%~yy#q7UH654| zzd#4(+O>QKezm=VqWvchW80iDYcc-n?Z2J9H?MQ{-|NFShtKxkV?67${~Z1l$0!Pj zOitHsZ#ag2tr=4oi{Hey+BfqQ$G-|S-StJ+%}}_q9;hDwy9aMx@8I%HqMdL}2t5=p6BX!4@!#mNkZFwN|-y zgPk#1A0Zy=fxZG(8H-hM>zi79>!7PK63H!T5A0^y4|ROpHFT<$q?(|+4Z54^aE+ov zW{`Q)(|QRo%9RR1Mq8O2m@#IXNrIm66t%gi$EF07-HS9h=M3Y!+SSMs=u6#>T*pAH z?}O&Ck+WX-D#3*{YnO^HtSdikcwrZo)kA-#4PQOLushCr0l||BF>DU0iU_`{SgY9( zc$DzNmNKZ0KfEsL*A|*s)7~sLaYbooaN>&ct3@X^0k0`MarKy4bAVzE_F*FwyRfVt zzBhyVwPF<4Q?R~PE*+(~0f447EF6Tmrefo^uO)tPIke>i2)iTsRfOuZmSoaMafDm4 zLjmfgX}O2EhPv*ke06aDy~FZ-7qRXZjwE+^b#XSh{$=oCcyrvp?!WC12RCo~N52lv zk8_^DD%@C0yJNH#hTAM;TEPo|+rte)rnxX)UR*7Mkq^)%F@6|U#Az$Xm{1fuFd8R( zbq+R;Z}KjNC~&FXexRr}#+{Rq{o(NUiz}y06oY{QsgC5)nlrpm)vZ6H1rkUhF1`5_ z&KDbdku2n6-#-=c1kWz7|60k6p2`~A#521I_Y5DnIh}b=eZzB;ndZi=4n)CnHZw~kJ{=d72 z&-p(e<$2)qKP5ym`nYK*%Tv5_^YcO{gf`&9A>o6c3A$^gWeV%RuXNe;2^@@-W#p_l z8LP?4sgDf4+F_XU_)Ba)d`l-_QnO#rBOPL<4NgLCY*Y1Xpno9ohb;60^n-xh13#oj z?rv2hH_f(H(6rb4=2RRLMm!Sqz=z|@rbVxhE-maNVIz@Y+#_L#JSjnp0K%py240X* zhGO0&w3@O;OTRzGAuRL|X#Ks_0xc^Rn*ph?H&zV6ZR}gx#N=d0KWmhsh1ADxsy~`3 zc41-)DY5FUyeD3YrB?4*W*`m?39b@`MY`~jq^Q!){9Ftn>*gKg!)BnISF`$KYyH$v z5Ob#TYBOuw3$Rd3xwUd5xl{dmK0M3Fv)P)?$V)U!-)MY!i{{(lrI1lR%dAFI$}|qv zFcL)PD;4t_R7KE3u*wlQs&G_cylAcf)$IAu8c?HILE z1k2ZdTJ^1d3B1n#Z*M<;|MT$8&a?mDqdZ^d{-@#eCxqsGXay=M6}t|AvB$I1TH7u;6k7QTHdT|kfIdg|m--14McWX!8Ur47%O1z#NgulYKj z#wAOqKPwUCDp@nQVeIQIUv5LU?S0>+RshBIDF6({6U5}Mu`RPtXRCr%-dtMiw!~tC z``NeWv7cJ|Z$?7QNW6*}SY!Vkyvh6j?d|OE?>^gqkMXS8{)3@kY6F&N)-xqwC8na1 zKO9av9*GeV`mLKcAQg~@wJTE^Lf`3xXl5WbUarZxpaSa>($%bK^7WOgfrU>G)660T57yWz2}zva!8Tqtkt`<+i=L9x z451H&A)+_u+a-Hmg{|PC{U48@*NsWAj-6lm)Y$)fyE_N@_#X!c&-=fR@;uP~FBhVY z7bD0}A>v!z)gDo|#O?oz1SOlr&mrQzh6x!bfmAwe03-Z9CP`%Ipq4z&&8{|PUxc%x z_<4uok@-bRO)GoBml4L#2{M1(bJb`3_ECVW+L11>429i*Ox#o|DwYC@J|VAR+Z7tu z=n||q?;V96f%UWrV00$KR5AH}0|Ixb~H=u`ET+le)#yI3iTOsWpM2z6Zsxo}&Iw zBYLbY0%*1V-{0HK`~U5}d2_Jytp6Y5S*QMgd7F&H#qUk!vq0T>*s=)0@=Y-*#G}Rs zO$GjYx?Gwz>iK$Uqx1WeUr%t|l}lRvm=2Md82x+12Q|eYi@a)D3MoU>=ObG7ELFdp?*64!tE8YVrs-3Q0&4Oal*L^2rpUXc$xNlCn!(7L9X5p? z2QNF~%=X~t8v<+maxsbOI~otUb*(N`T+b$u;ZTU^zQ z{$`O?E6Y1$t5()nExM`=dQI_FYX;Gp1FU9%8H#5(6uSF;3_Wy-Vk{z2lF&Cpl~xri z(X4f#!Q#X|XgpXqp0zUjtHp$ELc{7&VGXskY+TqX5CwPX=JYHaBeu3`0e5jrcZnmM zYCCQX;byDgEgx`}E7v1O&{?N7H^D3m3_&|yKtd~9nn{vNg3H6cRxUjY7N{8%6;84o z>POn2UcsD7QJkF6%xAbwS2fQ*7++JP7Tj z@K_NAtB;Nk>Rv>!-SilR95omke0k)S6tldzm*TA%wrc^RSL1twRxMQh5!zR!AW{ZBG#i!+j;Zr=YxMxfmehzEm(q!H}>ch^UE-7pD) z#Ra}hhOQ9waf#^0*0=S_ZVvA{h1VwAExqe#TABF9xu!kK?*q#3kinQGkwbc^@nyZT zYvEjV1EhI_A0Z)1DY7+g^Oyr=i3BCC>I)KdM}lOA&PWpGQ?+PP-{An!&ijCjKx@qZ z?)q>-yFYZId8=%7Ek;D!hm*FbksDy**2<-fZ9*c}9bp#28Sd(9(E`2zv4r7Pev|tVnfJoK(K?=#oD-bENM7}@Hz4W-(-`$@6G;o^5*KzW z$In9$TmpR+(p_p#jV-5+6F|SV$J6s;K2`pI>&gIFpSN#04WQZW&xru*Zd6!yZlMBKL*{ijSE9CW zHQ!&UB42aHzb1GdIOpGk^t)p#zO1Q_mZERrsjp#_*|iTJEKO8g00E)Yyz{O5y0{+Hdu z!@cMA-(x%vzW$5+kq-ZrF8VHsf1C=|TOn8rE&Zaew&r_|^x`xtzs*Q5CHYTm*`49A ze+O{@M}g{N^G%uGrL&?nSydy2pFV^zht_&mh1gNKfchydnZK>TFpoAhKgv@z|EmR2 zdy1eRAWE0r0quTbZGu(+lT)DL>&drF2 z+&6!yly62_-E$HmcbZ%V>1{h8lhPcyjW#}we7GjSCu@W}yv?zwfIXzeQJnwp(P(Xv zU*%I1|Mktm&g*>sht~(s^Z%nf>ze<+TJ+X?H2R)a^Y>`jhE?(uJjDR4O0XXw^r{2$w-I!e6TVcqRbKI7 z1FhyUtRD4GH1>glt6H$1R9ICln-$?mh0*hLLaC;ssXB=2I;dV-_*71Fv%sk(C7mHt zOUkYmEL8)2$S|n|9P1gqYY&au1ZdNsr~=l5hC|I`SQAsfS_sr??5hVq6^dlpu&3_I z3kN*qU=|K_T2ZNh?_q+RDjmFr@TP7^PdczEC;3|pX{u(#fA3(XV$0(}sCGbpx&chr zCBym9rP=xpR0l1^I##K53$H3hX}VdpXmrx5wk{i&w3>g<5lM55dZ<{WCiH*zD5PSI z`2g`pQ@CF<^5}Eu(Weo5^wmyB{NJmFkQNCpYU$L=+6be0q#uTZtMmTZpcW5I*tC;S z6o;1S?1p;T9}a)NxH@)0Erz88a`K1~`xVWdVeP7O%<`HA+uM9@(L9@MBS`5ziT$Gd zjf=p!{C|jp2BBf!_J@O;4_Bw9jI4rP5f0W7&mxcd^tgX{GdS;j$9XL2Hg^ z3$#L#sj9$-QL3$*1*WyCG@{37|=gn~JUgJRJ0|j(#bH?GYFt>LD8m=X~*v zA1;LX!^!c@yOY7GQ^+fjC)j_7QQ+HeDT1*#?K2kRQNl|7Fr1XUJvl!X1GyQCM>zBs zY^%WVn1h-VI&3(wd3)TW+TCx%!PU*x;Qh()`l^3@a&g{JFe!?!&;*NfC`=ZVl|0Uy ztBZ=kT8a3I1dE9WM>V`T>t9};oWE~|GbRC|XE2IzI9USM@UQ1bH~s6I(~I{f4cRL& z4(FlQXQyO>7iRCx_35x)`CZ4{Mr*x;0Yy0l$O5{I5;UtdA+>+X{~QiZ-`xyP-k%T3 zwMSE;g-_xT1>+%}gyqCLskuHK-W>IBjs{oPC+|*<`q$+$=^Ua*{dYJ(I(YhGvslIJ zZ#)D#H_0A~?gH#}hds|DFyfKtKjmVQyFXJW%b%m1KgB5Lj=o=&UG*TBBW)dQYX)=K zF8y|+nU@XZ+V(W8__ZRK=i&>RJ$g3ZD{GqqZT@UJgS$|8;=UqVD=lWe}O51yR+6h5X43heYf^Q32Q4qCL1bv=`Ag}6S z5jgBb8rFqeU)tl60(dtt_4%G3Ww4P9HWAD+)b|J4|G3)&l z{a6**ds8&;_7+>v$H1Q-0!|~e=t=d#!qLY^%vEtv+`%IReW$TxT~nHB^AUFbPGRQ@ zD7ue;^R@fgVtZMeNi8PfX*)iu_NjJzlyb_Y=}v+xB=r>i9$|_+&_B{Y88;aYCV)>7 zc=!6~3>+T;s|yF5a)4P<`DTg&aB=Yt-~hxye;dWO<$|;0BdfK{6+z+lsmg3-m9U4# zF!K3(;-N#Z|NKRZQGOuL6J$28PW9{KlLUA4DaL=$c%NN>KQzGqfBE8N7XM-Q5&vO5 zpFdWE|7Zlr+Be!DM40L&@DK)_ybv3r;XCZ@kRa{|yFYIz#Uo>7E~i`0WlM`jp4#O* zfE;K?Mj_t7^3MpQm|6&j0gnL;yc}2hzey6=2KrrNU+1AlOeGeD@(%FSs%*eVG|Sm` zQ)l(k&U26?@xDhR-yA1O*58ycZpYLPWV(0ZI%y1coNGHR#PNV|1k7qU{3WP+hO;xvKKF*VKz<$cf>6WmWPywWEHG9caQtNqkO{zzEjbXiJX zmk>@%FtlM0`a6Blxl}x@mWsIV(^=@F848rPy9kjhjw70&`z0q&o5)E+F)7mz=R)zN z3ND=2m}|9qBgv4NY|tA;8wvNBg2XHvYH_f94+A(s^c?*jA;uFiwsyBX!S>d-xtaT! z#UYyoKT2jV4SYZM(_6@WUQcrml=+Ag_%EgUlybczW821YZ%cPr4-9Y5?=-NTBXbnAYi3nH)c9Iovp zw-#Gj!#CXW%-rqkZSCoa$7xmXwpEa{{ukR8BxV&uwA@>5C3>RESK4a2xR>vZ%nb$35b#SaBU{+rpqm;Ds)|KV^HPpO#C|tnRh(Ko{PUo3`Ue^-_;jrlz2OY|8Yt$XGA&6^w4u zWGN+?7dO-0y(7^30s1g-QT7qdbiohAQ{ft#ER*MPN#S^m-2(7mQ@^leMbMfxfX(R+ z2nQQ7y(Cw`w~AiKOxJT5Ob|0ccV)j9GE-J~&3v4m6;WRzBk3XqlomYgXk}fua)0Nq zY0@t|TJ7rbk#RBEXJJcaujxou4`rYmRMc;7T0vIkr$Ua?^)jAIjTO*fWf%1pM84n1 z4{9wd3MDaJ#E=xU+B%Blo}DmPf1qq`)!elezxb#4{KtJZP;pXSe zrt;Gy9#m{=ZNfoibr*_i6BHaD#aV{~7xuxyi|0upM7b`edOsFll(rpUA8Zun+n6Go zvU$<@B1^*N`N1VaJ&1UY=*6ZmkdcI$_|mUf)9Q z94TulYcIFpx*G7j`%XsDd0W_hBVSj*%T4Ok#5|>ko+EL+KwQ zAJKXI0Lx}&v7hoUwy3jyn}~vG2vgw%@rISj8&lirkMXiNBi>QGEb8MAS!TjU%5So{xhOjcEf=7rQ`Qe%pyu&Tw#E`1*Q&ty@Lo zNQcIClcKsV;uO2F6H}R2=Nj2i`_&B4VG=~CF?PZz8|})_>>ANyG7BL^p#L9x&i=t* zw_qGn11}~x8SPZ&rt*OvT_Xx7=o802{-?AV>ljt_j?X^jA}2E#o2sB4AF9T{>dX2K zc1TF#scbp!Gc+S~e$R*gy(IE}jD86%D>YI}?Y|CF0BhqvUOdmnf9@U}JlcQj_^c}a zQ_1+fO#xia8v91F0F_ztupBEZOaxRS`z_}JnhAeQ2W))dU7S{?M5Qvb?7?OP7HaOU zlLG5HS#e(AN@lz$HL!@!^<@XP+U1%i2o|w)$2o$FkQ5Kt%F+ZYsk(zq!G-Br#Xv2Y zELf^PI?WfX?d9R843?h%I!pnq%l~`+GJF2p+uwV{e_6|C_5T0R8#yjTkfW8m{qH!% z@X^Kp=;ALhVXht)M#9TK|u3H(9i9V!{QUv@z0{;!WngDHZZ zzZ@2LZT|n>i>&|m;MrsR=UP5@m;aaBIR{g}+2(l*IE?}qyg1N!{uj}BjK6~Zp#QkB zew!QXDxK8rebjA|@#3_QbgtJ25}@MLoS0)!l$_JZ^=KvJq{i?5ZP)iEi9-$3U2Eg@ zf6DiNE6QZa6p-ru|6qUj`9T){_1W|1kNf{RJ{_O`S9ic~8`f7DC6$kmdOX}e+92Pc z4N~G6Af5tipP_*3gl%(?o&BNEKTuG=;+2w$pg;ZFF^K|xw{C?70{MWP41(DB(S}tY zw~B=<3O&ft1*edsiI%VQcg0Uu7uK%EWH82yo)}A&%ki?-V|?M{PLX@XqS=mX-bPGq zDI0RQz*FZ^H|_iY8Iq6Y_H~t{rnHaxn=;axzRH3{>h!~Eb@Jo2d5wZD_TtvC-U)R?W{O*UGdi?xk9C3 zn`Py5u>hI6Q^NR>k0G-kPqe;V@(ucYC-u`_c=4L29H!u1d$71TZda5bElyqxn6fq=oL$px#LEl)0jU<1w^o1(9U^(uXZmY!= z(jE{GH6~mXuA$s+Pm!%LHe{+_ec>xKPppCZ;;LjBdkt5JXxBt-fD{18MWwT&_1585V zlga!dqzHP)Bw(CEoO)fpv`9x>l@VYWy36qxQcNi3^W^2ixI*ry!c#@AelD!2AtlV6 zA}{h0O;eHjx`=|3dbwU%YU}?{`igkIT;G04ywohbKyE}8I+>W6{Oj8+T|h|)nc<>C zPo^=@k6*>UHMV!NSr;nv*!Z2ZuhTUf( zHhcoT*GF&Jsm*)LNAXr_pBw9GtbTJlJ?34V5i+f|9Mzgv!qpV6hVbIXm!aQXP@vg7 zaMvo&+2{6C*F`#zAy;V2YOkN6D&XJ`+r`pq0+}^@++`))7YIR`(yBNR5%`Q5< zh3X)UKG~pBL#A2~y~Kz&V5xcCHE>q=WhQwOltspwPbw0wb*LOD&f9EaewLhfq$B-; zL&~G@jFM4ib7j^q-5B5b4wpA!Z7NGnYD@F6QFN|jDL%|uZnOE`%H8mSxL0Yg77#~L z=0vE;VI(!u@9;GW5Mu>%>)StdIJxOAm!I7foyF7J0V{>`>!(?{j}v^3podFln5KT~ zaEddXEMsmzLd_#6%h76DX+f@a zUNjC8d3R|Uu?<;JifE8(MY7V8lh|J~o@8pWXr$_u6{%vi$R9t0IEc+V#}+~59m@FA zOB_v^Q^IGfna;f(sm536@>mrUrF|^JONI}IJ>$R&meOHL=-dm!VlLi0s8y z8x@!6VdxDibzJO#NGt#NpvXhNuHUCcJy&)rU;lZH=^^-|$b;AV;fFp9A6;a~zn=w8XJvfdMLImHaHD3o4Wz^2Ie!9*PCWR?pKCfk4_A98$+ zKnVHN`W^;e?+FOdMD4j7Aw^^S6?xzW^C|dWn-2IG_;Wx4SyPY%LPUX&1LX9a*B8HD za6(b<2{@Lz5PUwq03N2SCv@|U{9i?W&l&xb?#TZ&UrZ-E;(yGa>^j&<8X7_ODhh!z zF18$Y6ZW>85xnYcIeZrOw*J4~6Yv>QOdFW`h(QS5DFR1IEWlv!w_fiF_(7fVjVb_RLNg_My-ZEa00f*6U+5L|HI#UHFz|qi zr$Ew$CrUB^nOMlk<;Vljox47E!Gywa%D~3!qql6+0jJ#9LJUM)=lF`2O~@|bkX^BD zFe3rxgvvibNXaDbcM1bfmjfOOh5Zz`Sg5t$myg$oUSo6v$T-8-KQ^YEhwN}C_G>`- zyF=(?XS3J4q|ie%NUzwTR*q!MZy-f72T`a`%*?QPU^F*F>43{A0u-?jxl&v5xFIk@ zfl!gi12_PDiU1jp5fyETcF9ekTH@&jTrvw`fDx0b7DPZ^ zhdVnIO)%qhKG<_S;>xH&Vq8Nqy_lH+6m9l;?+CdP9C0Ek%?eK-=FW>Gyzl=8mvj!k zsKj(|34?z|;3$-Nqmuk%$e~Xr$xP{P9hb~@P{0ulDQ0MMTaH-r1wbBF{EuS+FKAbd z$7#T0f_gnU(~>PPB7`$eVJM^wd?}Nj3FgyiBuO$3vm}~yhf{=hW)KHiZ`!61RiDho z!~hZi2)-oA@k#5cl)23q1vz4Jh^GjA`4RcEq`a6*hfO!*1wE7LywvIS%t)w711=1} z2#Gn;8@22ohGC|6@r~o5>zz%h94xAZFwWv^VKLZ(7I3WE$AO`isewMDh@#&k%rHl+ z*BgL@U$E!wAN-{^Pz@Y7-#fd1(UT*k(l9HV?)5H7EUw~PHC>ViwQ`jB$_Mv`i98Pv zTS)!+$=lP5%ky7;{c!aDWas?k?Bm7hPks@C3IpeOmr?qGjfd>Fzdk{Sd+&f_F_g{47pkE$;uIJsBW0Ofb^=32T}a_1ibah z2>RC8_IkHKX4MpaZozBBT#6-RXK|5S4e9Ctx4m01DEokl->PfKc83$mg^GVa*MdG& zy=w+vOPNlYd3CD#o{PX5n(UE06E{w$-$!nGLM)L1wl-I7#7O>vN*P~s=@pCBm!X2e5a zLy#0wGC~Zke z7>gJs zU??~k7XKJ?8A8Tx2=!82p6M?i1eclZ*#0r*axAytpOCd3-hwysOK^qe@*Iuah@#Ys zQ1|B3kV|FYXSmcE51LCF1?p@+_943hFbvnmMD3>`mnOhMF{XC}seZ{=oN3JO=DeeQ z4$|FhG&n^PhZ6ehpX7QjO|oFN&}~e=DdDL1%#f!t_1Ga8UZCG2#hQV=9BzZ*J7FB! zU!jO5(oJA@5nJjF1_rH3bo@pxUR2pz|9z?pW?5b0!=x0CuX zw5{If=G*G<8K2PPc??b#;f!ouGNQpS**}{xSAk>7>%UuSotXwmeKpAa4S%A;oYcw5ixXjgmE5G$h^~u-uNz z@b-c>4WF4;R+s(4HwzF2jSxQG<4YMqzPEz&lrde9!!K%u1 z$*`0u>cNoog-aEFZ8T{l=uWnR$Ac8gqx+6y{^p|LSdte?&5 zlD^VLEX5H3ZQ6}vldRxM?VB)x2^$eZ;u_WO% zSHn+JmdczamF*tM(7)OAm$ovOvw2&yWP3;|+fAG&*0QNPaCgC3L-kPX4ykNc zdrBJevw?#+_?n@BVVTt7K@KdN(xp$|M!POK>TCW=@vX)Zhe zh*>I;yE2wS``wn(83yWkmv!=zu(V&oQ5j1d&k%`tHBYzTQWaZ2Pq$$ByyaRNL+nQs zT}~-tQ{opds$1|z6$9LqTNhKeVECdXODvK{g*uilB7LH`1D5JFUNIJ5rOJynUIt2U z4JxmZ#>=qOMCDa!ybPCJe{R9>pjJI(SZbp33N_w}c}ZB>Ys*p-l~=6s*1}UGjhA7m ziOMU}cxzy)k;cog)I{Z#X}tBYRIl-h@Plj2*I47FAb{6l;x%(zeN&KZO&9Fgwr$(C zZQCYN+qSJUI%C_s^ZjujZrq5DjJ>KKx_ftZbycohxjaiWtW5S*t-4Xtw*7+l zRw~0#q+?{djbhr2^pO608<8bqWO@;!+R*Y>Yf8k(bt(rn0h9wu8EEuo6$ugQm3OPd zN>??!V6`zW8ku}dEL9OPv<-34OXbf{ZE+3Z8AT$QQ1&~TeA!EuIG71AFkF@OqI->J) znBvR~h$8{iQ+3aH?`SY_pV%Dq%}Z1oMo!0$eUk*8@t9gH0(=JHPB=2@pxs61z&Q3I zWAj&zaaM=O^hT6W!uo-C0{XM+p5RgDqnb$8$o>Xwz4rB<CDg$R zDz{0cPZay_V0zTR(+mNn&)Tf8LLF7KwyXn^zywEcMMM!@0bR7MgB(SsYY5LPl7QiNL#Os2zxYT(P_SGT?C zM-$Jhy3dwrDh4ky%f+zd>zxC<57F|&eoZ1smS?r(a(uC@yO&8=AuIWa_0+CA5jx%> zZAjdeBAm8DX=jxB?+muRw=?%uX&m;6H;t5)c2Xf%{k{3}7LtrA5INi}sCRiQeQ8A|OlVE7ob6AXYJRk!<-!V{(e$w&Tb3I~N7 z5zV3SnOq8EZB{3jFzZ56bgzjfLH+f^sv!m5md|P^+WZ=h2kCn{YBInXfd`nk_0Ns~ zevd}>T+w$mr#}&B%Mtmd2BPRAXxJg1ur|!Uc9 z?Q51n`%!XQv#EL#i6?@$H+DPUj3nAwik*>wSiPcX0y4Jxt@_u;tDVsM4t z8LD$fn-L&bl5`ak(M7T6NT8Hb1duh(G0$LuYEPgUsLMm*!UBQZB9(@fYYE>)@GPO5 z%`zLMpb?73XwM*mq=py(?;`9kCAsH)D-B6LkM&N8p)+2jnfM!u{8eb}!LwtHcs5+q@XJmphS|ADGeP!i}LtBm7p8d!g8WgNZ>oHz>P-9A`M*xeEem%wE%cI z-@4|1ahUPJtQu;j;_4GnU?)y(j7Wp#fjJ=>`cOy30Ic4Ixg{EUe^14T(%Eyu;qTp&{kKC$z$4e@ z|HIw+$dRy!6N3~hs&dvQjdnQon0tj3GyO>;a(8&qOeaz)b3&Jgt3Cc^^9D*hks-`W zFw{bALEA|9h0u`_MWRmBWv=dUpjEXvtcH2oyTMmPSj|f`(L!xBe4JbnuV3sHq5OSi zSrmvXD+O{iE=zCjS7fycmZ)7gybx6?^CH(c`G#pxd)c)p+z9nx^#&+DbnU2|f9fV0 zT9A<=LNv8-bA=WdX`s>?6h_7=uV|_=bfJz5s8QShbe;JUpe>i>?&v4ejK%XpSgl^% zF{Z*TRzT=U%BhFPGywBdUolE(TqDyO-~?^^(E4ycqm_P<=T}ObIr0Zwe~2mtahdLx zP089mr5qc&p&jL0Y;ZGEfur)4J+pBgF0LqkM77Y7runzMPhL?~(2CIpTh-Xb>Fr*- zd+<-rKey&1Urn^NsFQ~IExOjHI;dS^((kMg9{Y=dk5eiyn*xA_r#(OC@qM7O?>}Jh z#e~1#F#i9Lz8E$N9)gws zqP}WO4P*+4K4P^4sFX%_gdzzrPSl~ujMJ#Zkrck6pwqPBq=`m$M*>7M)$Ke^(1qc} z>DrvZ;YPJ^qQ&VQptr*J(=|vu#T&W$1gX1lj^Q&~j{aC=S40sL%U1z0;ROzdQBLCd z#O12rVOU75>s_$4=60MEF+5I4I>xNoE#`KN2)_4*;TQlo};ZF*Jvh1w?5|3VS%+K?{O)&HJR(XI{P9nhK4Q<(g}VMGTS^UF*C=TXK- zs6qDqw2v@=oF%lW>bz{#`XsuU9caF6&cj+_humH!4f#D(L*^#FS|4YADb_I_n}{;5 z6FgRSMTW-ew2p624OY?w#_Wm(dq^A46adpv^M2*Blyu1bj36VcQ7t8ea+2l+SU`nv zgAG*Qa(YKeLmCxUt}jdGQ^t`^C-nc#Q{*|bYk+cKdOJgQAaL92H)a@Zk7lc8zRhPd*=aK%&Y6FIUS=TUw6KAHSZj&~d z+qiCvw@zuJvO%=OuWFFkDw2Cf7?QXQYq|T2XUXeIS}#$kDoi$9UNi-?UEvd(>jhS2 ztfU)s2zeHvIBWpoOqkaw85X&Q8)q^qI~mIM?~DL7N2H>aRI@ z%aNDE@hY@k^Sn3R>{bK(-K7#Xa0;3fty5-^bCl^PBV5Ni)o?+*_OZ}@#*X%S>L|{> z$T689`Vo+PGBB5s1gRU`g8HFY_Pjd3D6t6eFe3MYKCGxAXofO#gKZp76;QEO1bB7H zt|PC4imqvX3yh66JcMf4bPHpj!7!v#0RuHwC`XX?Z4+3I5^Dc{%7%uSxAXdM6n}7rmtAfwT08AXQz?)4)Hh*3(krkebS48hj0+TnFYkH{ zU@r7r>&&isGgX6ni_^0v7BBYeNS$_Za&7^DplJ+ox@&f_;G;aD(%q7c??fYifk)j})O1PstP$i?@h5Edt0lhOs? z9QUP*7{T1Zb(?Q%1$!;MZ`+wPfs!H7orGg0~!I5y*UUo|E)e^|&tX44vLHz`W zN^8;i85HUseF29yVvP3%5OC2T4cH zI?4dic_*|0B*|+zNSgbrzp2&tPk|ZtGrOn(nBLr3{YD1$+(h#R%NqpFEd*v$2pT;r zN02NWPK@ze=jGON2HDE#i$P=iZPO(h*}fJ`NSOWs=1g?xMD_EZv5+XKt;9{^wan(v z+V+)wXqB6X6HbL}W`;4vEDu|um&koqu+*o!gv~PYseqWpkTfDU-Q=DMNE+e&9`cX* zB=xtE54ooU!TmJTC%g+moIu9qvtEVZP9UT9SuY~+Qb1A5`2-3$&rSjG+g5{)yy?H& zAv~DBKu5cTIK8qWv<$v(KCA-keZn|jU4%jro$+~8_Y4+nW&&N ziDxVGL@ojnwE@Hhh#$u20od;uM(V(caoh&mQdRz;4#QIOr#6oEmM3hGXlolajKC-i zP`F|O5_6%zVqG9%n2m_~D;E=~ovPE;sfg&DJUMv*FQx=@geaV7Gm>>DA~jMJ+-2R6 zP;?LF$&6!Dr)9BNgtU`fL%`@_9^Zg1r0yzI{>|bAQd886WIKhxt1joAV_}QvTwpgr zZ%HCN;Jh4J4uo+(Hu}*wse6V7Lw|vfdQo1tsK`m~%axUZgg?fKJ{N|L7i|W9_xqmYbQl=gcScUPP{y~aP+#eX);qBJoqZPclAwwnj=6S(?m9;!K@P8US4}c5LunU)abqh#ZIeoSK!2Ep8Q= z;9aAJ7OjFJB+;;=jemGf4O`4CnV0-VT$P{+T+GSEbL~z?;NrSkCbOV`Lk z8zmXge!+fO6bqR@iPk!KV#t#(m9u0dWGKcE3CCnm%(ynVT!eQvZA3u~?h$gMtr1g( z0y5!UFsYOziaW5Bn7fCqJ#;9(gaXC2s!aJ`BwJt{O^-ORe~YjBOi!t$ZP5{pd&4Nm zb`yh?TF9OW0ZT3ss>%-ckdMCpd@x%y|Qh-Z{!R3nmMzU%_lvV%_v(&gY}6!X8W>nAi2 zkxjwxQIOyJKn-x(_LkpieeRjV_~ig{EyoQzd`_thh$k#Sy=He_{4`MntCYAg$%Mws z(n7=xra=%)SO0ublF7|rOmwVCid{3zfWX|Di)e0IR%^QpmuJCTFKke@tBDSTf(Z@R zPFFo6h|{T4@B;ob^3#9qS%*Q6F*B0Fn9Ct?fyQE10tCkLB5o2=d+z`h_NjFB-Y*@j zb=+5R&1I00aOfl^bCrS{wsf#+l{aCB@IuUzKmgYnZ9{EUmI&7?Tx<=vpOKo<_y~xHVTJ0Q6xS5UO-sC((fvy8Tf&U^IvcvdC0!q)d9aJ39f1+y+O(+D@ zB4&e2sGoE#oJc<9(&mh1r=es6@U0mZIX;%5EPnPV)BISi}Jsguc~Zxb-~jLz{`ve4pq3p`4r& z75l`>m2VT8nGiPz-*nW_`o^p>E*2*zqN_2(tuZ65ew*Bq!bNR?V1_lF^3IhcDq?}a zI9@DNF5|NV0(>Gx5fO2uR8{H4v9fOA306K7$OTi)FC{_4OH@RKSpOo5ova2JL6{3A z88wXS$WaQ>^8P$2ry@RFD*k{>{9oW5B@U!*xdhQEL}$!`)Bg5X_NxTgLZsiPKd}7e z0WDufLcGX4QH!!nu+h(FSkZw9Dl35OByz!%B$=yQD8~q$HFmG|#>(c6Jl4ov>#8jE zq6)5CMX{8;vGQ%s;~pjfp3qSRb3kpNzXOK5Lg^MpgrL5#P{*Xe@^?-(!;0Gm!4AQQ zx(AS}C^={34V5gnZh3f}_s%nscMW5gHvR~BXs98gzUbM`)ti=|l6z(?kG`np{(k|T z2Xb%Y#1Zs;%PPvFb3rm6&178V#UTZ!q*}?hJ<+V$o1#UWUki@DgO;i;x#VIBDz(Z; zf$am`px(!mYI=<7+Jq<_KxJeFEDnJB2?PTQ!}J|15ZMuj!FTZ}Vv*XKZO4-}#hwg$}H_Gb2M0r#-M6SqfUc;*|-5pA$(&j*}J;bi?_eLN7;B86n)#~NGqUWOe@@ff8UOM$k{|cXX zrm3}2UHLd#_iTN?~)EZEN9g7NSaF^_XUES0;>0J+>F_oJy~*-oox;EkB-G z=8;QB$X`%jPcvBk6+qhzxmYNp4add}(?S(5pK>ohd7x=XTNE`C#?jJG2by4$2#_u#;hhf^cK^fK!xAt7oUx-(u5j{B)>kJ8WV>7^6$ z`=KHA1{d``f8JxFNpe;$sI%1bV`sU1_4|I%iK{7wY0Gc<{D_HFk--U~)h(~yJOKIo zgWPZGzIt|s+|U1L_Fi95`&~Va4!Q6BFZk;V{aS=K+~f=UCPjMe9zTR=Vv#YO-BPlT zLb}&H)268%D61$gRVg&s9-qJa^-g<=rn6;0%gNQ1t6*q4!yl;Ak41WnAhLUN(U%*fZaClPQjgn(sWUX%M?n!^`Qv5b_uqWD(Ao?c)pun=tz znLz8T9Zj^4`~u}6IoJjAZYxt0fJEQjscuBqlqU<6Z^J7odw%?zi747r&zWMX&R>Pm zVr*elbHzF9LduMqt`xG0xwhbHZKyqS^d4EKVwpDak2+EV&OjUaAfG*@*{Wbu0mWYx za-zIf=x4O?GO=N4UCuFz)xldZ(mq=y8=-?`3za0x>BLx;f1FA$TP2`xBUsTBssZfv ztT9&sQ%dHNlBv*g4m#rdO~@l^+i3kRK#;ZqHO@=m3pUMx3eu8S59Z(>9v4eN?n!xCr>#2GpLD<&Z6^U@>;XSY7rZaRJK`LNyWj*bO;4ppDc` zoV2lMtSIN@HOz?4#Au|hDTNA!P+bL(Ei0~p#YK}6<4Rpp(gmw>3d?F3kenU51tq_G zDS9})@0P9q#&VpPmPfU(p!iz4g7E%Iwb;LK5z5-OXlYoSsKPix^&ER`3N4qmZgW{d zyY7fW)a19C)A1j2(@fNeC$e+kz@!r$rKrg1w;uR?8$%G}h(L)a`xk6k9jWHtz~kPA zDj4X+pFM>R6-Wb#c`r9j1#EZ=Bm_FX-spvzt+-77xwT@$AAfLBH6$)7tbc7oTCc=1 zj_`U%&Wxfuj|;%~s^qdtbjE!Wcfj4>AIix=5gC_*tPjN~)w}t#2mJ38;Zvv(qdr!Y zc$6`YV-X%q7+p5vhH%pHmYCtzaUNGVCIOrRi#QU<<&2mR-|yF_f>9#Uf=CceQoeNH zkm2l+pTb(RN5}XSwd|2aw@&6DhRNqv5Z7Uz~)%kop;LF{^5rR+Zxh&nXmGM^==ffnv!`6R)<8P0EG+N(G z86k;~8aEnpr}v4={H3X41B~{YVbHAJ%vc|aQE9a8=^k#EPM zgXK9Sjs<`@CJ;$B93?#r@XksPh-sR$VfMWig-bqEow*cX1z||Lp^MmxCtFJv#m3z5v8R)BhV0>kRTITN=-+ zOIAl%VuJNK9^9@}Balhj1(Dy0SVL1_1ZK3;+#JsQ`(RSX*Yq3K##VRV-dY+qGM$%L zhD!y-yCL)wA6t1=*tNZhdB7Vh1}ANL|HMh9h&!98nK_7Kyr;^TwRz)$*Q2mOR^~W` zKtsOseNY(3D6fJ#mHtEoa{dI`o-0dK2N(TcFsX>guxaeIYT_udT)BoHHxi~w<_d5n z7FKv?5J{19(;9b5XOM$bU<7~KYkX4%6!#)=oHB0|WRTEmkA&XU<{s&L4G&6vI8iAG zk>+NN zC}Uu{Hf5$1^0*P$o|ZU{1jI`FR;%}vG*J*(s1;dDoODAmwvM>3zeOTxg&wHN(uNzYEgQyR>q^2>=30zg477!9-z7rcj2cO;`ia|XAII38(D>mjlY@xnF) z)8qaI04N{;&@PS)jkYN>y9{~*>c$1>PpsgcB??6W)EK_{%) zEfnAzPm;ovl!RGBXMAJj`j_gw_}M>Td*0aCP}U5yHlaO6I@fFXi^&k%>e1Rr5}vNA)EVV(KoH4IpS&L?B6 zzS1P0c=$kCH>nKdZwGbfP=&v86JC8%C*hHpvAg3l*!NfIUG1%d;sC<%a*4?CN~_Em zaLhc{_i7+M^L@#WK7|{%z?$7%_=f>t+in?V%Zx$s3_k%wPcE z>G;?!M;8A0Rg_NXSVWN#WvsP|b(5_@Z{qK`_Er@naVDd3*e3Jq)nGPWGTwPx;cTp@ z!-hs<-!!iYcoKJA7?f=ATa=`L-({n2YnK`fsEh8iNazp63JpiR1vlgz{AL-}_m52r zjfqhC;Z35g1F!|^o%n_xQ6U0AJ`% z4=*)jt6(aS3t|i#H5*`+7*Hdkx;lDK&PR#iuqB62qIZ%{zp2~hN{Yrcp zShlkg_;|QE`(9uFoo?5OkByO||B9x4KhF+_ekyX43=6A8_04@*1^}f~yO$>m-q{w0 zCfP7&o*<2DM=5LA8tqV4!m+lef%5q2ZcNkMctl&Mb<(Ek9Up|dTxJooJNSklGp7yv zjoXzXG4T5l;8mK8d{mwb(Vw1jn=U?G^1myq5rp`BO8iu$1R(AsHfmTq&4?zH*bi}i zjm|ERV|-(WF6E8x?8xDDGVJqgIbrYCKz+3cYtCPG-rrM4Cw)JSA3Zk30!na#yFMRlex84N-u%A4zT^v4JPSnv zHcqH1{FadepUh%L6X+lF6n+ZmWqo>FycfnUZ!ioX-tVRxsMf~&!-!jpCbKfuRSc^E zvn_NH={)4x>=7A*(32crNjs+{}~j{PSQc@pg6w84c{~sHP(R>-hlz$ z&Cen){RIHqAqdfJID7OI-)8_Y*st4?!<}o^EdnG|;?;!Q?d-9AO4|-uoDhW4C2~#9 zJlIKFKM^%!&bnZ;V^m$Uk3#&*BHkoz8Nkp;d!izzgSTX&?UMlxk|391h*vz2=|pT? zwmDV_^lykW56J<>xo%G+r%75wwujNsdqt`@v@v1socqeRxi|4u)P_RWtQQ{6NSmrv z0Asyfu;{A0q4A93k=V4;5AMO@v8ff1Vkgbi|+7id{2%JFYiPxqvspnwUg0U$LS}FbRU1 zr(_%WD;qb2bJh$o^t|lrq#gOQ1Ozo z3DrOESf$FFp_YrG70^JOoxevzj&zEZS8bAn*Ax?Sb2`Z^bpF~jHCTCp`)m^?kU^6M zl|Eh+j=e?rTJJXTMOv)CeZTZsZBtdO6+h~78WG+{4-g42mm|$W3x*TihH9dj)s;En zo$rwa+Iu{)M+1Y3^=R~qhK;Sh3}n;8>Cd#m`m37pVUprqjhO5~*56d><#+eNm}ACKGK!5u3!uElFKj0U>-cdAKv(eN^!cL?1hzz!Eu(F8jnXyeK8Uk#T>lVv;2tHtIkNt4-Z^ zH&oSCWID~viE)PK?C%iG6hp-I;$k9s&job)@{}QO6r!EGk zt%mTLML--$>PW;wanzucLZeFs$$8Cz(D&?wteZ7-SSSKt3UdiIrpxCu#PwtNiR#%^ z$xoAb)R2iQt~>3+LwFM%OR>~EHfCu0RAe)mAL6EWzaf2)P9dK^dIIP7Y{rjv$t=(j z;m0$}mP?~L<(x)LtQJsA6hmPP6}q}Fod2$S^$Y6t}LKT0;ITiKB-Zh zE}Fm^V~>qbyS4!ME87Z5*Xb_Cw+u2N)KfwW?ar08nN?wmk3BP)OXGV&O_qE6D3Z{| zfr={ks(g8U8$yr47O8)9bu~p2{Z}yjZT0hZ?PWuPnVq3Pj7}+QF$kvA7W7+eR5jHu zqg0I6Q;bTR$P5BplfEwkkG!8RJ+?@=0^43pg7p?I3yDbHrB^ozTkz-fcO^D$s~l?T zlrjs{Iomk_A^FZA`4qdB)laTTxki;Cx-5u|5p;8j)-1@n1?meS=j*d0*`Gj z>ibNGk}H4W3NJEn%#F!0mFK{`#J#+>E4?~OPb z|Mq1prPbCwcb&L;$#JTJxmZhB)>eorj@FN`zzHj=DYlKexOvoCq-A6nLH^3ef9DPC zg&T7}yX1At1w8#FjWE9rGo25V;22q<70l2rfb;ZE4?5lr_nKa2(3(=(Ohjr^ zHWB)k+e&LP5(fkE_Bk3${kAwi476@t3?lhRPJp&s?5_Up{P^rPqKgK8t3k_huJ4x8 z9b$&X;0tvZBkS+IBc5$>aI*ejTklM~v1`U)LRuU=>=lCxf_t$v#5t(@LslRV2 zfi^if{M`u`uCV2uBXJ_UCtx{95)KJi`z-2j-n>qn!TYtUuU`;_RD{^~Vq1OVCn5Kr z$*S9;#%*FtRB7r7ic@!EnXk^0-W{cn%hYwTRuesOq`y?~MJS|vzbE4{Y%={oWCqe+ z^fIm}<>*esl2fdt@Qm%X-e?7JaZPaW=p_kbmzelhPhy|WWxx+3?G$u_MI6PC8sAm5 z!8%gnK2+|IOC+dVXKCy|+F5Fs^BH^_qkMOW&LiKVqg;tw#rD?Cy&OOk=~dVYL~vbP zY@KU=o%+WTwoIES*+c1aPMFw=CagvmV<=R|dlMI((<3Ewl-k?(P9HyKy5jhMJYAg~ z?jFV-*6MQYbVP{{9q}npxG5`x1ewT=b?mMoz(GDoB?u0j-~GllP{^^HZ_V+y&JF%B zV7QNy;%(9pAI(g>g(Xet`*FRMXdCULu101?B^^AdDj?Tgh%IOPbhmqZ`8wX^-Js=F z2pV0WE2$xrFNC)~B(0U9OUIMK`-h;E1PN)uFP|L1F#c(ikDqNCHjXu8a-RwQ93Nlf|HztLX*%&=qZ*(|kt*vB{7K~ka2#LY zxX0W#ASTcOk|Gn_(+&!N&Vc4E_Ab<>%2g3>K&kuvE94rPIS=4ufWaJZ)+FGaYAbQ4 zwH2R;rmgk3tEj-C9|+7eL*hI0v9ccSLV^8uSO{e?VGta3z||LE|U^I^6zj(nOWJ>qUyqQomydN<;m9E#yj_c zFt_CIySL6fj4U8Tw`b;RQwge!v*e_vZob<-#0C{83V5o$k8c~R5+9R42eBlT8!73N7(iB$x$!MR77c#o9n1WCsR%Ia9C5HVlxCW;3q(JOj3 z&oDJdKt%1^#-=+PH#cU?ziCz$ecmwr;EpkeU%NX4Z0oz*yW47Q$ZH=CG>b9OPbJJ} z9@qx}O_cXgkVu=F$`2wmDdDi=?)_yJ2>;cqzLm-WC;jB5Rt(U+n$Z_(H)ql zP##i@W+bcNWqIHe0=NkA!s!SJ3&p&WJ7|n@W@O8uR-J$Av=F7%%DKn+q%*M+}6B9O^=)!@Sv9&SHaN%0=f?$*J zYQhX!)Y5&MmiSC;1z>tq5i-`1eFP`TWPQA`nXUkPjP+(HBN?6JvZ?-S&JJET6{E|8 z0Q4tZm4O|_c++#@?-E@@81Iz(1F(~1jfoNr1P^-6qpD8FdA2VhDmMFXdY5UxiF8cB z=eIDD7&6dcwo-d>x?W3tsJR6;zv2}6#Y(yW!2s>##B;-&AjOLc{t9s=j_S0@t{QGp zWiqs-Y8Xj(fL*y^2#{TNU4}x-C@$`?hZtUfKYI`{a;Xg%U?6!qJYU1v7x<*28uuVT z{!oM~=#kX_*Q3I5%p$#+K}4ZUBJLk+f*`1;u}K4+Y|YmY9zdkJWf1@qQq=Ub>+E<- zqI?SWZz%^MBu`3}6;rTE%df<;Q>n%}&obG77)Kcb3?Oj_a>3&1| zsaWnBePmNpsN4mUcEmjJO|1|Wv@118(TOjVjvU1!Y>_L0n6>V~Y|^y^UvVWOBJC}# z?q6_EfyuL4GE_JWWr8AWx`T(qFo%-nB2}zBMK^5{d4;Zbh-K1hv}Pn*gi2^`8dQCb zDBoB?p4=d9sb(1rok*+P?xrKv-)5%y*48TN%I=2drl$IQj)XGZIV;w)C(H>@Ev8f{ z_nm*%C5Hl`MF*s1($$~3W76=<~d ze&1d!lP(6kk|w^&-ebjQ$OWWY4MLlZa?zbypDHa?d6jZjltT=9UYjDoQ1Wq}N{GxU zTac|9?;SQ(Zt&EPSQ#aqs7NU*{ zXg4x)l##=2U$*CsLGT%dyVNJf3~8bNc@fBc0EcwpqLOwtbT_NfkgfdQOOot8A16=3 zt#JkmG(<&q?cv`O`FSvCdd9jm{YSel{eg5ja)7)3|2}%!fxCWQ^i3LSNtFN7Py3m^5Ion706CC|RC^w|Jk$)!dlExKP`?FbAaHNfqf)a*jIMx={(Lt3wsCG`&Pg6(zfpkWW9o|QTMKE0wBuHl+&7uP(xOw^( zt{czFLh&rBi>%LaD;p!nr;`Kwn7!Wh?2!-fcH`|u$DDz!ydD?t4`Ub79e`Y!Smgj< zM{&xqni)^u6^Qi2Gt1sjkUEbJ8=DWttcRA^Q=aGV1SmuIxgA;GaKh&&liGO% z#>LO+`Sm@V;i3D~(ACxTvA@Cmw!6K(ed*`+^5Xhqdb9C>?llJomy3J(Gj+Yw^tEmN z1LWF8lz)!Q2zSxOV&c z+-^`rviudHjGdI(86sMH)e+^To*IJc)pU%QJwRr5_iiG%9;4V6>?{QtENKTd)B18G zptOx0VQdUxVTVA>`V4m8rg5jgem+akrq)2jC1l{`t*0KktweSkn4r*CNYk=dQGR6w z17m#i_2j*=4Qh{aw?je8YE}p3!N3oYu$9NL2N=-`(d?(YOBC38cg) zASLS~h)#CT_lE%f0a)2Rn@KbxFNnCg_!$2raKj@_@g39%`*{w`N3^$hr_-la9}O@t zy&$Ng$lK3Qt-Xa^vQI}^*y&p)kjXKEB;-R6DX2GZT-M@a{ zJWl_!v~&FV?}k5&;d5*EAfe8S0NPxAzM0pNYXPpgyHXUm4xcHcW7L@$*>6*Ffk-y& zaQ^;60Fu8M42I$>1<)|17C#Q+I9`kEf)^V|6qk)+E%M>ncrG31`-C3&PW#?o8{prq zKF)(+@tNV?`EhbyMt;84{hW|tzCV=_zsB%^kvWx@g36Jk&?!WBF2eT>3K3)N88~x( z56@bHXd{RzhM&hv1Wa9axo_`akQE#tUc3)O1pINz5M)&BTi&!UignIR+j#MP#jR?`zZ*dS$lXqAo}GU`Zjxh_KC{X!e2sH4Zr#fY#~ z{QA3z__BHRvZ!=zM=Y~3v->HQzJB|o%r^LJo+8*#+1Yhzen3^Q|h6oBdVOq~a#-XRTk!{kGeZ z*LJCV@#AKQ(YM~S2P+Ws^Ya$9ZI1c#vvYm@ApY~~)97~mbD|7_QeO6j6e2l6qYO)F ziSpMUj$IN)m?su?K0;n>UcTn&GR_s-bs$m+xGG%*e|2}X)hX7N%TLORyA*Xv(DJuR zVxh-*Nw_FRsMIEykd$zQ$(}d%f$`6w2cy8X1kfSZ%&`ogE}L88vl8>z|7VT2W6+k@ zCO>)9zY&d{Oa^>fMdw!gA{IW>&UV!Pr2(J z{+wH*TWo;QXctB)Mr*+(CmHgi2yALf%ZfwUHOdtx)#QsFR6Nj+4Hr+T%fw+8w>m=Q z+o%;T%}QZ3%kD;8KZ5(?auyrqnj`mH@}sEzg68)E}R|iQ&m7+v9Vo_o0Fq=T85q(gA3D8 zG4BoG)`cMyNtW)gsrM~);mRJ(54AuB7{UZsrC#;_f~8CUKqYDea( z-stez$vB0FtI?^4K57}pu2yKHepT(-j*E|&YJdzqEBaz=!h#tSMq&$`2d&7~esg&P z*B})jko7UXemu6eKd7(8nCPj4AQ85#izeiG3Ze{9oN(yl`=3F#Yy|W!~ z5$p`}sS%gkSHtYZ6$#*NiqcUQZm{)dmdk@6>|gzyuTe|fiKhkG0B(_6Rf&u23MExq z^XTS9dS)7Q*K4uBtrJsb;rk5Yj8 z501U?*aB*Yg8p=ofHn2GBCejA8tDj-Kl$dQ!DS%FK{)Rw_qf2!ID48XC^Mt0YQjG$ zn^x(f)>dDd#7jTM2k%qYdv!nSTkrQj-=AZvd47CXK{3m>{@VQ$pk+oR)!J{HF~@W_ zKUOz>E6|hBC%#|OKHnz;-%V*5pL1#Sde?kAKeY!2R!brH^!HLkcBKtq8DAz6d z_VlF;;*n|qSeW#7xkr=@8<9i4P-Z0jAX#Vi3WQ20WM1pe<@MhgP)^g&U|<5&JAe$V zxVLasCoxHjM#{qj!Dnt_5C{2Hf`FKaWEu!S5J3=lC3~F)9P{E|G%8JoFvOVViwXMYIF0}BJ1eW zY*O%B08-z;49bTE!dw(xop~s2|9+nt)mi+EN<+86P9WoOFKOq?jL3T_f6H^;@QGH% z*UPsB$FB(;4Fx6460+!CGV8DoA~~J0Fgj$zyHd1{*{UU>u1Vl=gy)uMOV%RmG40{-@e5r zE=s+0UMmbm`N$TCXXrvC;6>NAYq)0xybtpj|({fHx;30Yz`M#>fj0Z+x}+Rnr*UVQ&d?dwDrAMLXtc&rrDKY%ZY|vuor+mMuRxbLpO1S z1Mif9{tSjmERSm-pJ_NHTy5IQwv%L`*ix1LE0t8F$229``j_xw zk3*6ADjWzrmQeq3W|GzLrWD7lR2*hTDn-gIhywh($;wjDeG4(l2eCFU^v&akRsbA{)S95q5`>6SMYQ9a0@&p1svxVi>q9$^; zEIjnJgGdcc+BMYI>&Y5rbNjy8(IRV4Q6p;FEY-W#S&x(Qp!KIZEtngm4IE4eMNEH9 z(KQy|?}QYYhpFWA+5ZN{(Dz5sy<+Op4^j>i0Ng73>DpX1wL8wpF8aVxu(?gN<#qN> z>#6+V5>A>NCU&;e1z4ya87sh*eGi#3VLi5^?uB;xdFbGKxcmK!7w&U3 z-W`qIXZxdr@ymnf?#qL{-It@6ySqD@KxaapynD7cc=zlXh*?VCzYYK2hP;0J%jU*^ zJNjS$+y3W3{(dz0FF5$;e-Hlg7yVoE#pc$gsPUIZ<(>|$u}YmzjGP?4(pTXn1>=K& z=g9x>$5oy8@~Ok*PaN2Po=JYI4;a9a!r&am@>YF*C_Vqz`+szB`4SGG8voC;=PzGo z@gH{&9`irf@>zfW=Ue?sw|uTo2q+4Kxhfs_SiOA=IUf1?Q5Wd@c7o{9*=hVPyM6VS zSG8JhbuaOL$5iaDz6sO6>c8}FXGEx3^PB!Fdp~t%-9}k$#urhJw7dZs0~jQ)2PGP{}*QJw(%jazC98 z74dZ!)c0ZX(Hi+)Gn$~>Ro81VaP~ddrGB$k{A@x#jLL|Q8dX72xygz5CoA6S@KsGr zQBiVDVQ?v-U<3W0YP={7V>4f>JZD06V9mU;M{H3@eisv&`d!X!R>SMxBI=bZeW*Z)2Z8{^D8ochj8|)qIDyLc|J8 zwraoEnTqVbZBtTwIRKR2G$``Z+i()&~FVgCPv8(sa(KvZ2!tPCID*0}4 zB<5{L5Ax2FctQtuGxd`z+J3K^7TW+~JUP5rEtMQ!jGnd_uRgt0^lGA1l&YFS_7j?e zRMY+JKrD5X1&D^5IYYg89t%<3QZp$UO3h(K6*G&Vus<_@%EV4hU19lT^3pZTyrrfs zH(iBI#?MA&G3cuT1JdS_9(~nhvxv(Vyrcmt%uja;AkzpQ4hxa%FpXtsV-pHf zfL*)k0u|aM4Qp7XP%O06tTyTWjDRPjL~mfg#d+H&Bn0FdQJ@;rYE3)nb?DTUH5|aPBm3qt#fZ}+{aJ(r`G;gVzG?*Uu*xr z+}+FC|IeNuJlg;3_^dtt^WAiDwtlc#OY-{-EsXl4JE;zq-?vWD1(i%^%bz%V?gEu6ENp2DDL^ z@-E3(!NI?>ewq>WZ)1Vo0*XQ(x(M|D(g*!t`-?LLIpkVGV2J_ zMz$`?bJ2&OoW%*BjLeXIE0cH)mD@@_39l|8Om zT1oG@F|Da@TN9X-!c=Rj-!{TlZSvO&p}M6)fjfVYvRLj)RnnNSX9=b`f{1SPRb*05 z=jCV%RQ~Z6{Q>^y|_~sj$_q zm(-E(lN&p$PKqK6#crX}9Elnp4=E6fS>$s(ND5iUN`M34lG#XRpPA>j>o;ZDPQlJ> z^R4=_6`uTN`CS^8Ze$V^L1!G=>44v{WQdw>A4Pm-rn}^Xm#isgv+5M68+SHa4aJi7 zU#!ub!XQ|WyHP>#B7$rgIYOZ3Q^w5L_H$tPQI? zi)fT4n$~4o8Uq*-M-1wc}W;|2QN5lMG_+*HK+dG_wc>orTXtwZyg1^#u z#0FIXpyuvxsXnrlklqy2xaVF9zNLFF@d8gv!(r#}=X{iRi7OXzv=A%%9YGU37oC`s z6h}pla-sR{qR$T<&E!gG$$)8I7Mz$RV|7(9$N~Mlxc(?Zr~KWDORGKyC`x^9TR~iR zDeh>uaQqY77M7;D>I|pS^s8-Z6Pj~CcfZqL8( zAqtEyagyjbeJd|S(DEG7I3#bEef7u?U7yI&IN3Ca=DB7HxUdwZBugoo6Cqh}9u%bn zhYJ*dDId0)lX#2(MbNUrEbq>0_s2h=ZoK3o@ zzYk-`#27*hnY)8`eqS0qtfqcRVv*;F?6w@qZBs5A-Aza;5A_U>DMvhGLfn_lg#zS? z$sn(zsHgLv64>8dXho%@t9$GWdDKtZ0th`b?8U~hB zfYkmwXCs6w^n<_!RLx>Rg*kK46I+Y!HdkNfQ%!qI4XyIf24@v$@-md5Nnn=dxG?9Y z!V=oPC5xqKGF|6UstuSBlov%P*LQjlBr8d{+d=5SN0+8(nC|MF;-Uu1nI~4GTo-ap zv}TX12$#|iNfn^|j6TG+ezmPK!O{s<9|+kh^qVLJXqc)RR(AT(M^~VCqJ^c33hYun zK7#3~)Kr~@x*?p)YL zdK=WjqiNu(@!s`A0n)11Vj;5aWfc!(zxL(bt9d@A5f5$omRkRbhEE@dBtWHWKV^RM z@5s*=K~VdOex^vP8Tp!? z*R-}$daKK;wLrEODg)dtv{I;>Kw>+F=1G`nvAYRQPt(f`M{M(f%=XO<-8R)4B8nXkKb za|YV;fYQ=RQ1<~Dlebqg4&x|_UeFBOkKJE?{n_FL)U*0i*yTJ+(UZ2o?YdE2!->3w zHNXBud@>u2B2rLj%law!az2|@Q&Y3)x11KfWvv&NPtXZDnM0>lu_~BlftL=^Y$i4w zuXY`jzdHbzrDx4J;g*>Nbq(D7T%im05EC1{JIWygizAw;D#X&B(`JI&fVS{i$dz+d zPldwsN(HehtvOvtjr*B;73@ycK>66-gcWzujn=Imed9bdH_dmghYxFP6@svBY&$h( zmVH}_BDvPaDq0l2JIrM`ZUaZVDGgFJpM|Y5Hy}$o!F|=71$(DFIv6D>nNv37<-HTO zH{ra^WS1?QCi_R5y(>z0lW^T|q^Repx+V!`trHCQO`L9&0N(KYbAWu9u<=F#LeHv>u$P0@ukBBUw%DqtP z1<(iwe-?1xd1;%ws)AtgL{AkAEPduwd2`-AU;fe3Lvm1><*(GM9r8N_0ys^ImEZI# zYqya_Pk!zG+U*wo7cIY)JDqCEYJ2lVt8enBQUB+ub!)Ex4f_A!$&-Fj{~vz2|L4Q} zd<6X;ha@$J9`a1doFJLFtAwNzoN&2G;{i)dwHoyY7bZK0_^x`3ydp0Yxrw0_t43*e zjgv-sWIUJ6{&yoo31UM64t5~o{{uPOEM(5-j+I#Qco9$XRcRzJ^(T+;=m3(x* z>MCrzZfbtD2TTy55ZJ|j%g(N%=WMQB-}Rv|y{|eifl4g>l=6xpb4OKKn)RJDV$5_N zxUXO&DG5jjHVTx#i}jT=z_>}4C4*jXnityiRg@HEJ)Wd=+!LJQ{v?}5TfjR{Ogs3k z)y&XE5>RE8ggOE4*S~U$I=2;QMMhpcgXe`a^g~t6SMl0uTK2N9RPok`h?$F8)bhk| z^ruQf2ZR-sDByW175mdRR~pxUd9L`7`M*#0%lE%L`Lh4}Fh3uB{g=i3Xe@6hg;H7> zLt~QVQ83CATd%yNOe&}Hm}F{3FZZ|UOYhWE_{P%@TjtBvAhs6aR7ZVR(+v1-*l9d} zg;QP7hP+K!njxVx&v^5jho%6^@;k#Dh>1@k3QG$YzrYoNV*9H)Y<&U8ipQ9f?@FJ-+UOMv&=+yo zoAX*|dHwdf7CT5DaQbMsVt)*O=4YL?P-;STv)mGg!!Wg~%MolGxuxMICVE!>wbB$T z0nWY4qBkn|#u`Dt>z+eYAF;rimR$^g6E7YW!VwB)Mvkcz!fnCvDgs3knT45>IVCbN zQ>e~VooTTV+WrgQR_6(b#z>o7k7^=9oZxJ8fU={HVsc_!39(*0Uv@NNPEh7z{PKvY zN6Osy-oHmn&QRpBn&zPutL7Z6A(pC^>f{2Z5JZ4SC}y#zTDK9o`p~LEDEBQ{^j$fG z0Pa;K(ZN?t08rhButD=KC3BK;@}qb-c#hPcs+B8ccGKb@uNUT3ZP>coHcK1|*#mw} zq)?T>Sa|?d5^_8t!7ZOn5w>EK#j{%4Zq+YK%t!xe(*IVha_@D3ImdCB z;?)*|CjVdmpjiLo;OW5^|KA7s`QZ9rg^Ck&tc5AR8No!JL*Xu=SRn#^X@qS>Fnunj z24J0YP+$CGqWyIuuWQ%0i_LR0%ym*C#N*|i)z@#PLpaJS>~HNF*_OGM)1i?5Ua^JEAt;cg!U_&Nl_Sy$kZfCk z5DtIhB)v?@h`wzF=9Vmc`B4FqPARdIP4dlf9(7#6>E=CvS;10iI6Nxm{=*GK#VQgI zW3#JYDu&2QN!)4yrPL2z^j5BtHdE?uZO%-E@OGOB%N?KPchw0nc?ear4uBeGNuE-p zroV<;kz-R`7up)TB^B6aZ)rqvy0G$C<(URlWdqHse5@=j)cjbg+#08ft{k{TU3~<# z(MY!Eh7cGMEr}`Sisdln+$z@Du(Loa?oO=&*&5KM242nFyeq4Xz1D8kgWi5HG@KTr zVEcyaM?`mQ3GW>zGh`H1=K@w8aom^hIvGWd_ewmsmjZ1;7+XPI3-!s*KD!eQV_uwP zRm17N`4VscS^uoG|C{2J;&8aCE3jez_w3o>VR8R=@a)U}?}Pk&y#3!xAxtOVZhZHr zh4hoz`{|C>?))HU@qW8LjpJeVd=)HRX~(C(SK#n0o2YoD$)7rINBP&29OrLUrW3n9$E zdH^<6(X^an|0<50HY?!9d^sC52HMcQhBHTlt$??VBc~;p4ZCr4Csr8uHC;G$Q10o# z(O^Gu_l>PiSD9muQTKq(n+Ke3P8aSo&+HXxm5EjJ-G&`=V*ai$vbmZ4S&nK>e#3~` zTC!@y?C0yc;a2niuz1Wi?f>cTKY3it|2;VD_rLgmKE%&Q^#2H9I{EhBQ!@UK%{zgV zq<%V1AiKBqo*+r~J$*qost0limD#(RLr8tU5r>cqtHvR;+>PUcsBz;oI+Y5Ys&^`V zY7U_joZ%tn#qUG)_(M6Au8B_UDZ7&7yGBSyvutvj%ZdfZ$VH7C3Lc-y&}?|0Q`?6oH;px+)^O82s7rL&mgMstn)~}j z^^iThU-V-;cp83I^Z!9{?UfTjo8rHoJ}$+7?LYpK|M@|FKBE6`asA&fHt+az>c4+{ zw;y!!K_kBa!vnebip*Ti$p>F=#KmVrS~KFyA!hA(FB{62Xs<8PUgaG=%;Q@lC*@W8$dO)B0Kdd}eH>p?-v`}Vcgfd z1VBG=-%@KQM!o6wkS>genO^tyT*!I#na6Wgo6(=$Xts9|8g2Mcaa`;EtmOYm7|+Hj zS=9;D5dYPGR`UNG?tjVu`!GKr&;N5Nh3O%jK$e_-GM=EErh0c!-sXNjAq&^TIEJbj zypngw0&&kWFcpw0T|{PgY1-S{uV$!1+v}%1cXTx1u=YwzqKm4rRXSFDcd_}1-js5) zO3v1A^UKZa_q7#sV?!lo%2c@S6~!TIAXkz?dld80bNvVvD2n5;gxRY)6qX8Ss}Xou z_rmg?eM*jo^~~px1T-Y(@=+oP6Dy*+EKbq6Y|SeR+l&)m-*D#?VZS8{kBvP2ZrQq4 zbFHtBpp?9zd`JwnA(Z*1v7%ZpVFe{#yQnPhfoo0|HZe7K>Q%O~@L1w0B_$+pTYRNz zvfIuEcho(jUCk5G49{BVB%|bAR;{#Qt$-GhGzZL9@04}r`kmsKTC`OAkapef zEZI-j;#d{%hFw)w7gv;+^_*5q0NvAbWe?V;?Y`2^j*>~Z;t%aP#n zt9l={zCn2>4}OC?unPU?Rs~V)Hhxw9fc#$BHSHR#bGO&p)otRyiq7KdD6n#nU`V;` zd|ZiD#)a6-B)e&A_Bd4j#L3Yto2)*bN`#wfoN;ow5}BWbH{ZIdGUw2JA_*OC*LzS+ z-v#{|wX*wMmz@=VR*<$Ov2%9Idf&FIf@=}494BXE|NI@-O>QWuV3)1c)r-Pv&ZlY^ z_uQFDpr546Nv?SE@=(1Ilf7@vY4FIXh4TUTSR1oK>X-fcVV2+6W44_2@^(sd3IqHG z`T^oL*Bs^2p3@3k&PlYRYzFkV=cxa9xAjO=njQC$|4Mk4v&&w2v{HAMubmZau3fnn zc57@efk52@yXM+aq;|RaK}U7y?HMb?yJ0eZ>|NN$`&nuKZ!bzKcmW#r|Bs&?7We;$ z2mLSke;?%M-n6Zrxtr1T!cT z$=lyoW^xU-{${cD4YoEWU!A2V@42qzO;s1lcU~8U0VURAuX|bTA{*>ITsP(5*YE}a#2Kze zQ6Klv!miJkDtSe?Z@gp9hN)S4UM3vli$rZKf5{!(|S@q?Vgv;xgX83$ru&WK`muY zlQGGTXK6~}+^N{@79BS@4vpqe8l&Jp(U|JE1|Qw9(|G<0r*@EJ4H@|!2HoV_nJsaybo{ zo*q2;V*h`LpDlEWGofR+kV-k^V!?>fa7Lq0=-&hfw|Gpr-`PSp6Uq^vB?(J2j`)N` z5k#w?Db9ikjmLW^B@xc(TrGI{a~y}AEfkZnjBnnNP6ZW5ivGv0k1pb9fmjS*3X)Jl zQWVjc_#OY``t`L~o;q9T7-ST^I=)6BO?k&3)2s*oO7c7Y@Q<_y|LO;maZmiC|K#(y zmjfE&;C7b4u7!8L^7&oT`N|*S+s;>hHcdKT{Xd;8^a`hx%{V$cIprNcN!f2C$T~g^ z3GT^uDf_MC&w0Q?()*133Dxue>h$R3<*7dnH-e)f|Le)KgC~Xg|M=O{FZI7a$j=t~ zR^I5ZXTu9ROohF1ECiy{IYPhuK%%Mp_#ZoyEKB&H*Awf6&nLZ*1-zHBga*79$)>NB zNNtHWyWqJVr)-u8l_JFqMQlt1G$h#_A+aGue&=^OTU+Sn#ebY!bvkd}yb(5WCnO1p zLlOs+D7#y%iUS1?R%qn}9iRjMt^ZcX%P>wemM#W}1$5BsrDRNbmM*-$AF|+PA>4;t+gMWc$i7+%xGawHq^p!?G?{{u#91f7!g46L!oOGrn!@~R( zluNoR_B`SR_eZlRlEI8{B(1-iE~IUPx<8O8V(4d?11 z$pyy^kXSJ%5lc`^?vxavnK0y~440&KS1)a7ieo$`so&|iLg*lXb?TQNXG4OMgy+z1 z)e}D?^PUv+kR%aXOocHjjAIEN{$wKr^XXW^r!fkm8P7_drw0e@a6B%nA#G)`t2;=zPWF}&GAXHz^TSBz!3 z%<8Ei#4B4QWPmtqyE+Jkga;{wz1IMpz&t^^xwWaJ0;t$$MJy0|uMR@wEuJP386Y#e zIvr~kHlVsPErELyzL*U*WF?TjcueEBolb_wO<*OQ43BLveZT+I?|UH`QXG5zeJ_1_ z*y$v*D7s`34H{_$W{(yKOYoQGLvz*zhSl~_bcYvwTWpsM9fD`u;AYRZ_vERS*e8hQ zXQOkLU8aPSINO%=$n$=l6NJ+gFFFX(j7TrUa!U0kI$9vEiH;=@A(e)Fg$M2AnLe1C z3CMT-PA4S8nZ@p*JQ6IiM)n1cU+4%e*bLpVSrnp(-V*VK6N1RwEX9b%BbH93ijeC9 zw+Bfc77E!uiV=-@hU0)JU_&zKY#Fh%C2q@6{I0xg3I5lN{uZ)^AK4?(*+R1GiXzav zVqRSetL9q0Px|y!wiiaPhUME#5Pa-(c*asZCdU!xyh%2{pD->RE;)f2 zdc~sIl%Q(~2mz!$bT-nm*Y&!4$VPJxOI5e4bZ$twpp&C;0n4S-)?(44@z|lb>vcOF z90Y{(mnHJ zQhE7?`9OvaB)yU@6=y9va?rP&;gEdYLKb5S4A?@z0U&w{wqX`pBeSPY98oT|V3{=Z z()PmXcqHZEb2>X+DCoCj@e(J(_8SyosprNFlrR$#2+ea#7NGfIArNn33$u7h<2oWF z{cH$3wPnnfrkEjh3)#eOA!K}sqLB`*`H?IPD+Mp1!-BAx&{RK*4fLIg^F*A)oWhnE z<|5R-u}uUTBdiGDL!35l)9GH~N_wPGSr^6)5d+htZax;>6J}}A4dRuXMbbbBv#np*CurrR*vFQ6@=;x!{XV5i}IE%mSViMJkxCvs(hX8s16772BDT||tu(0OC_=*eMbm{k^8rVB zVW6IOyL$y*KJRux;Owk+%s;Gh~5z{%A++3xh0z zkM)V22YN2S0WrD6xhx=$q2D-*1$ocA@8JF=-;%=jU7_AECr=+EFWl`^v7o;e3;H$- z`kP@v{{dLgFS0->4fInoPH`wK6;L5J4E6nef4|fD| z==p(mWurUH5o|%k_Gm<7$|oeuxAd?J*i zDgKS6+8rgfdNRV0iw-LT#vJSi6C95Tmkt~0%MkB#Pl1|autCU}Pzo$fSc)@g#D;V< zA}}l?g0opFK!qWJvsc;GLuo+)6fqB#$qPOWgG%)P(TtO5BsNtz4V7JCSay2x!dF`P z=LyaX?RO+4h$@#3QOCYTKK##4$3vGXnS(c7J>-%fl-nJiaf05s7Rej5qqGL_VYom; zmQCbG2hhJm&3p@x7+UG9gZ{fP56Up5cLlLHTI~Ahmmf$PClSO{xKQsu>jqp6vm?Q)_}BS}KK&XlV`SNr zNU9apFKjfT;BUe6C-Pw7|=aBs`}>diRu0?Y~DRntVhipO&B zbRRN?=7&mJe&S>_i%>-4TkxL#r^YRC`nD50n`JDeIO4sOa2CypC&)X1e-FKc@yyFf zkt5yvn+>r|Zz?|+Mr_=ZZHOm&0yw?-ftNA$>tXM2u&k-z%Z?SH`R@Ts7XKlZu|qdn zv!fb^XcmVmp#3Pp!Gvfqdr0RV9r*ibM>OcFSKZzJ=m^=F;suDI(7qr8Fulp!fFv;e z12#<}D!0&j=};j2&fgUPHq0>0ctNUO>r^X*vrY$CGU)a0?(TdHB>F5J_afPZ_gRM5i=U8nM(Jf0g6s!ufBWjo!_MaB&fA*gq z9)3Ch{UAR$j+v4qu{jTLM#kVT*H=V#kUSdT1N3Ldc8)OaLHvi>0YD?m{jMF3J>725 z&mHZ3Fa73;15FE_C-)H~Z30{RV6gA^pZNPWj%Sr9es3f>Z#n2c_4_W+13|b}RRg7B zAr{`XEIT+!%%2iW;rzOEdcD>`H9{F4tJ84x#xoELr{S)vIxoPwqf74X3SEd}#1axC z&Sqk-FI}jfjO&3gOnoshx{cYLKqGWmN+ODtLsFO(;OnGuM#d@47Ct&UK0ERB`jPD+ zn&p8+BbE|6j?pby@ICY!qcPtT)KhZD_fVG7@tCBb`c&$?*s2616gwTiGhu>@6(`jl z8iB~>!Pt*DzvEcT;IGW-=4<8?t*8l#O_|FgW^Drxtwe0jC`~6Nx z$Ao7C#3%UR$7S$ z*nj+F|LgwO`0K;{VTix(fAh_gVQ|h*{?~`! z9DM!s|8&2otEE5n^WQquxhIaL^Z(%B$>Bk1{y+Ir|Nq1MY@wRu&n?s@{j;;Rh5i>O zvU0)qvM_Iwhofz6p-XTV?V*@~uNo3{D3^ysVt<>`Q0|BG&-T=zm)QB*`e_dZ5KB2r zHwVGd7ioGKPYb;Ea?}>QCFEN^1Mq5@E7p-^?bh z+&A-T2|C@TExJOufQ}FhlMPCu>Ka1eT42-)ZKjWURUGXSm({f zP=i7x;Y$-fqhcTs(yGXMl$2ZP32i-cNw8kz{mg@ziehawmn77^tLBtxvTUF^N#`^m zK6r`js{Gb~sWu1>#q1HQ``Bo-j_fM5%GsP|R;R5cP0;I@J1SwuF?VDO*`3?jkmv)K z3vKCG;r#l{a%-z&H3d955HYUiW0eq{F-U2qaI|V{sLDXPJaJ+NEH3SFQsD>kC=ae| z6=c}R3Up|I6|{&~t?3YGim(c(ly~fe31V%A9m^L;z7dd|rUU(@AF%*O7DNa#KY@Tt zbfg2`W#qYZZgQDD0u9W$mS&F|2#-xyfMphFFtx0103TjJ>?1k~Llp)oFzHioi4h8? zDR&)o%KC7C-n}ouJj#9c0NC>3w}ozj&?w{uFes#W95bHLKt^Kg?EMU9WHgI7$pnhG`5 zk6xbsqfCU^d6i+Ad>|Xz<;C^c&4q$zQB(<9Ly$bXrHO)_;c>aSc(_BS(^)11uJBlv z?M;bbt=Nx-yCo{6kE;w!Jy&CUhZoulhOzJazSN?`URHjmH?BIL$@)qK4VODihO=@0!AR!D=%7#;FC!+aQW^5J4Sb5_Tpd)I ztK*#5$%LKi<2dbK)VuTAtStF@bD3EH&Y3c|X1($$lffYYivyBCcD0`BJ$a_u+e%X6 z2`-b+laKU_ugyUMlq)84DYt?iWQY(QLfYdDV8~6NDb->kH2roR%rL)&-bv?-m$1+? zeeH>!$j*65O6NEuo)&?ggs;*k)H0H+WFL1$A?Y3EWDlieDwMBGs4_OjFcR8H zyJ=)m)6}&#YywoSR*BR#eOx{|gJKn-5Zp>X2vjzbiPE8&1=X9x0!gjCUK(s+gIVn1 zYM!k%d$zPkEBU(2ymmLl1(4RR^(Tj4CU!f|YPTh$;=2Jnd~I6Q;i(sqBC_>(Sb?g# z@0;@F`E~Buy`oPO%EPFK6=c3Kvy!TQi{=T12|7z;JgAJPl{sw?$E?Vl!r=yvIMcQ^ zH|c|Kq7WxWx4seVd~tGgDY&Qa|B-F{A&tY=NgH~K#F$9<0CTmXc4~Ytg>iUD7iQT{ z)!>z?r)|^T#toA8K%T)hDD0HIYGsd_32IC1+rmoDHRo-ed#&n@*2=X&fAt-W2uCm3 zEY2J+C^$W!IueAI6CCCVr#MC=p3{`YQ<)T$QZZ|+g~NevSy7sZG?>tg1lcTgt^{|U z@4S&!o+B2MH;AR^jn%m~;D@o>4^ZA*pt7&k)kdle#oF3(6{!UTM$g78uvlnatHi#N zi7(<{lCqf1_%WMKX$E$v^%OSfGz0&KkB*{<-H}l3n+E6&i-mraM#*cOB+y1>KY&3dPOHMqSUgx+KFE~1%K}r-G>Bd~1&Vpi_;5l(9wgIAZmXQHE2Dg*Y zfn!)!#Y%-^K`7Q28JqccEQIP!)o$YM?#_1jvUIHWOft=^m(JphPKhVS&AY>qKgp)i z*7rXhd)I$IKmOtB;{4*LYw!5t<;$}hGt-JgFhE^48VMC!&5i-uuVtWBMF;eTc0*dv zVaMd_>;ter!a0ruaK7cOlu>VX76r%yG+n&5o;i*`WmsP>@r0X3;Ki2CKKrwQdq#_% zJU%>-8=8=2IdNNCn=tXQ07_%qO97Akh>d?>JOhL31skIvqC#~{)H7c7!7+F1Ij zPxVd2#vX-W)iig1ilsebW6)Stuudos>cO#D##aHDjDdTiBLb59rTEGu<|EZqY&c2G z-SI5~Q+1LggVgU5l4?`>R`%f~jb9SZ@mOeb`3q1HkvWNA$2-BPmAe5pX$6yB(3q&} zY;N=kf)HzfMPs5brP$FaoT|(yC)sWlyc;?tf3TP!^NTiZ1w<%!kl|^<<(@C3nUGaW zQgXMhD-F(bcVzQdIa_t0LXpq8dML4RfJmCMRAR{4q99pa)2A3W4E`7DjlnNrMR6_`s$4MwAxSg1@!mM~ei)faSIuhm85oTPJ- zqO(hc!%!!u*i|(oInc^4ek@ab#XqrHKH}mxu+NgCfHGDBAjQTy$Vwr=N6$0ZDgrfN zR*hIX)zjzX9MV^5T<+3r9}b zA<24;vn*Ya7xK%aOeKUZ<+;K#qLDBO*1_`~e7a=5I>ey-w~Wc^stAw8o;E88yE8h~ zP$g=$SC)e)pQsHG%$JbKosoF|S717J9H1r8!GuhS_PxU9nZMBx#b8}m@iCJd4Owmo z67oor5~wHl|NnpgZ;5qTWG-5&<($<9T@&L7&X}&Wb@SpHkvK>fiRwp3d^e~%Oq9CK z#JQz@D>A0YhJAIY8m#vNYgsT>~t2-vFr$aFcKC8wTxC6LPbr>hro z%0fP&k`18>dPJxTu?ADxYiBWcf^Ei*`O1jxDnyXX{A_Wso> z_P&rU4@ehgzS&2nv=Aha!#KeiKB3M|9a4`%nxYYlLNIVTrS^GAEc-B1d|8R*TG&nD zWlAE3Ls<-!5{~3!AqL{P%F!1ucHn^6<3s?;NC@}r?Yfjy!yKS)G6ow6`g@(>)Hzj5 zSh&M?!GvS84B4rmVv8}EqA8iObODR^w+mBbLmsxlhSAvYA=&}Q71WZ77HU}YeT3S5 z@m+}qz3GKy-s6)gOz1aHAHRIF>{vje^i(YZ!{?q#r+(ajy6o$mO8Zy!?cviWj|DgR zWGX{b-TkPQP5;U?|I` zIH?RLfi;^ZBe^A1J8O6$nktJ78lXVzp}A4^h9%ov4Y-7CLWvba3`qmj|DKu+a{g3K zE1?UEMr%i@nY^dANB)~u9YA&15-3=34SM{TCKI8rbmc`WmRu_OZ7z{PJ0w3PaX>gqvAQh| z%K?=8h3)*=L>HHO$Gv!NqL3tjGlmjS- zDOy~)Oz9M-i$Y{jBA>c5T|M+m=U(bXey+Ad#`@tNnqm%tD-pq=_^ znWKQJ2#1J3x0NhuMC0FN!AQ)lg4?UR8@X6YgM!!59Zws3X*hLHlJO5ieB9I><#%%J z>4F+wyAL3d$=I6=G4vzv1*{HRD%he#=m7oc>97lMGK0|vhF>~UGKUcO>&zQy2T#gv zrVAq~(*=k9N&lMzzyI`Wf8XEl9Xv+U@QG2M739>gSZhexdWw@u^=X7b`n;+Jq0H{{ zi<{E{dQ&Nu%H>`^(517%;)$OjcuChX2r_d8=u|yz>;&484iK3o1#<>!l1n?#X}Vh> zU-xnPMiIO7v?tlim^UPzux?2xE8V~`k_Tp{C)QAiZ&8$aIUqq}&bA6>G)l#(^VRy& zp|Q6RlS)DxrJ+P<-nFxsX5p|=AKWL(NXCxQcFdNOx4d)DSe4q0?4FkSkU?ixJKcL_47&W10R~neNhfm!Fuw5t=Su z3!Jaz8=p^fSr&LJ{`)_ALmKz^#Cb}B2}9iz1~oae35~~o*U5rVh|s(Dt=N!HoWc}p z*-1HdZpxXUZ>sUVsUX&1ZasL)%vS$tLoeD928UR?sAYcV1)Z(1!QG0!1vo}`EWJfI zV)3}Pb8w{H!00Lt6!LazyAO-57RtgTF~MMBqxzNvGgVTuQnF1rLW`-Z{kAoD?J&J| zc*`MRTGQrLNmT~OHaB)^ekw5}`AyzK^Fl0+((9p;MPV)_ z1yixZZ0oH(u|iePTX5Jq+=TVj;itO#eJO7B_YcBcyqORLzvPh#GR#)tRIW=0M;qX9 zYIOrLn63^S5}pBGjo%d^s}p8+Sh$xNdnuMTA99tQ1mh_e&#LGendK9L=v0_2F$`k zDiCx0vK3$J0vXlw&Cyfibjf!TGUdo*(OE{ha=GdzJ2M$fA`70v(Z4czWS+ooF%zk7 zSim-0f)L)f#wP7HjVf2bDw{5mj_4Y;up&;ECLEF)o?CFlcGb^d5LN^{)Q1P;ENTJ;^>4#cyUbv7Ka?R z1{6mq6b}(sPa#6X{E&@~O+b0g^=$ zi~S#%quQ4A8-or!T2`79=zAV1KG*A{4vISxU2o*dAr%ZMKO`3|BBcbu&}-XeXfY zprOKDS~4|lflXU8m=XUzWwYcME_+c$2Chja^MV#UBU5?1v$_sOml|jZoiBKhMI0dB z3dTex9l;8qm#v_tbUMO8^#W7{eU>BawU=+Qd@6?%6&4g6ezLg?f1<-T`9qjC!41IatRF`FF`fAZ6R~= zg2uDA7s@N~i!AoD7tiEvKmPzRxITqO#&;nj3?#tS(518ZNG79SlWb`>kZHOGhI1A} z9JYgGo7W&wtyja7q;yUrGKR?61}u5o75hSPco9bnLEU%xRBY~5<#(&$2A}?=Cj68K zSk|_0#$Na3YWM@3$RhztxF4o0fp8wgM#z4n4lTs{WL55R5(r!2GG#)|`Pm{N&7D&p zp+tUVg}hWEsnccdv>PBX-{g9#rQYZ!!n>Vd4PWD z9=&+cRT|depl&Dc;_6<>03lUKrrOyH#wMG^*|jV&cN9Pf=MB3hu}ZU5Z;*P0GI&R0 zdkt9zrYhJ`qn|LI9Yqv#;v4{nKzP5+>!Xf@gmKqCpHjb*Az=5a43*&R!7X*}-X zF!V^ArIbL}hgcv;7I*>y_wHymfnPm^tEW3>5n1cN7H!TYCcD}Y(5@)3stxJYq#VnO zcC55X1$@^gL?LNn>e=OSi4O5>BQ%^{9xubMYRJ9BiBJ|+MY+(VJ6YAkmST(Y0&|tp zYZsZbelPaP5+@_Eh2nBG2Gxt^zJQP}>x2Qb43SN~!d5Jqw;IY~^}IT~BUz{oDmP^{ zTtis3lDF(-ZfOrQ8mf`0DNs%u=WLY8NP-DY!#6ALHhC~1;Vh!@*ducpw$j5;QU~U8 z%tF%J0?Qlz*7SHd4m})a)I71-Xn*Mk0?$^N{RH zzx?RH?wB6Jx}$9^CAxddRwpE7dTMIut?7v?O^t?$t&)0b*M+_1if~T_7}bqssS*(! z;nQpzhQln$>YLi-N&vnl5eYJuqH`kzOV|7LIod|$*h)rIR!e@yB2#$b#`^sO$b;A# zWia+R5r%k+u39P1Si&MUUR)<)dvnZUo}~h&=!txT#VA5!fmjKopFiM(93TS`g1Zr_c8A)TD z5oBKP!3`g%%QKeVc2}yc38kW_7)nnKspXB+_y2naQ@+7+Xshi(M$##bK~BFDe z(@Jw{S#6TVgoLtCih@GWSO9^#;44n8vMBYoEaE&ia>ZmB-L<`yw}D@0DbC1vQ8Gld zX=QJuxM~arLmQwei-dan37$4VSB=#*<%Pp3D_Lt@UIr}A1P&n>7T(^LMChsB(LAQj z?ajclm9FfLNvDkcq*g}OR(-{O*0n{IO^>3RRh#NIDBmMnkKxCdBWT|&KXo- zp?JGG|5Tk~O~cj}aLpn>SWRrzS4+>q^`#u;+@((8%8d%KSNC>+Ube1((9Tk&f(v^%Rh8}RvH@z_ zt3=#vA?s3*QUx`g_92XBd7Uk!G$f1@Hzg#PFvitIB}0SJlx;k-}ep=o;`i` zw+7OMC0wfiX3!RFT@9V!=Q4&e@XO=DHAl=*Z3AKFA(uNp~O(eJ4~b5h$%-oa(~#0vc_j&K}6w_h+EqM`a5 zon6W+0CK^Hs+2FRZ{C=sGa@Sh*)QEs;c|SiN+ZN#u+26oA{sR0dwRMHHe=kbwipZY zR)V~d^(9o;fr?~M$xseT}Ej>+$+c&7*545U6 z?UE!bpHiFdP!p z6&kNAbY}M$Wbo|L%&oJL^$@Pmj)!l{uI72Nw`&jEN5n*m^-jDZi|7Y zhx_|WI;3D)tHlq6B@ZPjOGug(7^7E4z53R(L$`DnxSSg*-3J$zJhSvRNWGz`=J>D5 zwA8nY*4c?xgF0K$YEq1JtH20#!ECfLw(RoNu`_c^0Syg!bzO%D(`jXyfy-CN%KhYO z2QT-_Tl9#kW=jgE1HNZSZ*lkZ^dKh zYFsgN>Rw!AU5r~JTe2sX<_*b+#w6TxuFI9Kxc{^t{muGD-89tox>cWbyL;$vLW7CE zC5@wS0hh1KEM%cpv||Nc?~2tzp^9fww1;9=LI?XrM0u{+;6ws8GCC?# z2XY(iB=r&687BuwtYAN1@2PU^sTi;v()T}}?upmv-_b=v;_D0tx9-i1#ohtVN+Ab#Kf1DrcQkj!w>2}ZUk)DdE=!^ zW0?zbak(PmnXD$2$5(ICBW!w>NeK-EUN6;nOG|Sm=>zf%b!v0d#JnZnmKO7zA!@ZS zB&kqyIl&bFuALhc%PV^x3%DkEVhOztu%Pf&k)9!$;5lWfTxYH8dt?bmz3OQi#lD?# zl#*~3kkBSKM=}s2k7;~gl21rPvZXZ3ZKT-l5uSITKx-($6lqn^4Y74)=-`x+#nHkr zCO_jqJFIxKO7T(-wP=;^0I_eLC|=KD-APe#l@kv0TQHo$b~2$3O55=W&q-B9JMnov zHv0w)>(Y&7?69&^@^6c&XAY9~1;fh7zSIsYvT`%!IC4&Z=z<)z{n=1ej;fwD*X5|C zYE#8IT98#!p2H#SL)PeU5Pt%NI&v0%?xi{$&aPdrqlzDG(QK-0#}X9xsNJyy>b(kh zEP;FPDjrK<|I?T9DA*Kh*Yj9Sq93ZP$1)`MsqL{0?)?gUEQ5UiDj&b~2(kCwpGb+2!lJWgosd-xiu;xexi`MnRYPhq{qxifad>sl;vr42Hc&yN z3B?A=h%};Dzm`Z#27M_gvWn1dzN$z&@S80y(hldn>x-;_=Ke)S+9BIOrID7sdbn~U z?Fe|_nj`IqxOd@^wzK0)^^uQMeZ+Msf1DB|4h=PRNOJ4y)2~EQ>d$7%kyLS`Z9$R} zNgtysiM!`ou{6oj-q#c-afQ2Gq`oU?Mx>XN@F*H;tqYYb?NWWIk|Mq}>XkHMURJTB zgub>Ahr`N$-NGg1@mf~Bq`KfPD{|uWqGhF%hmnr8Yn>Fj z@TK6%`UOv1>tn5|C(EtH#=0l&Dc@&X{KS>XRV$#lX5D8~1I6idLm`yBi|tCGEQ4KJ z52YH(KXXNtavitB&H#qPF!>T>W#OA}N*V|0T+#I6S;>t(0mu ze)`o?%Hn;Wk||4Nd0EjEO9ie`HpQI{8?BvE3HmcCpi)Wy=U+vovRj`(DV0jPR`$}a zTv4SG?U%AD4Gj91t*z21E?)|)Y^cCWo!qTjWo4;uSXyVLl7cVAR_73#SMQlt19HDSFO;C`s_%}AxeAG2pd;>}yT1*A;R9RMHHznuq0*z-l#c@UmH!x;0 zc6glPX%2^S6tfIr#ABTB3Cobc6T%UVkh(jZhP@#UZpAMsB>|h0bb*G@M*wrrSt@$! z{lc7BA?OW=oJ)e*j3TU+Fy5`azRZNjq(wlq=@@ZE=!; z*T47%Jlxo`v*?yD6B|hmTnEJ_5(L-5yJnK$+Njn|6kG@4+R1`z^={J%gX<9SAW4Jk z5VB_C;CeG>BgunJnS<4uwKjXOI)AV>gRm}#uuT?WyF9|`Ov0*M!n$n2CHaI)$4wT$ z6GKw5Lg?2S6Rc6=AR~2*->x^LagR^T-(FyT?Iz>bV#kA{2zg!*5ga4WqazO-P8@mi zn0QXHmk3)CPE1pwfIRQ_8Ow-=qsXJ7*ba{7 zGF42ba85L2vp6iC=vALhwdl33PmUrQ&yt zCM23F4-sOC3hnpN3xekg7MUj5LiRwl0|>H44#?{Sr;JA!adTlPjreHD$Z{z4{+Ly{;~s{hH=;Zbxv~H zbktJD0(DUVFFl2Cg&{vphJW(2*Ze$I9U)t|oa11C+mp*wYhJ38;OiErz!v((!``xl z6;6Bs%6Bv-D4RiTUjb&GtKS=SOjKfTRh!(PY3y*-=lN0Bk;)PLeMSTy<|H-2>lu^& z=a8g8>yXBwpnC_>TC8LIhy{7f`>svd!$Q9%WZ6QTk`YNs9FX3a#6p>q&}!!4g!blr z|6sqjC9MI)5^vu3rX<61n8mskk_^*`Td2*i&Ow}WW}qq=sO88xI)H{pVW^8IfUk%W zcoo~9xsG$^RnhCE>o6Etip-Luybj)!WGM}J6I{s^*%s|2DMX-?nT~*83OdG9!V?_i zwwUq}`~$sYG0hk(!={yCuCmsAbTc8`*lya4fWrA1L&^eP$Ql8Lu=>A(4=v-_#$fTGEo}P}b7*`P zk5jQiUd^IhD5-o1&x$8D?y%S`eU&sT*Icoo{4QnFqQI&zP&$iLt;H$6C6%{%L5eh( zymGCk;`>p`rU>q5$Y?N&aEe$;$29iuOXm{lKd%vaNk8Q#09P2Wx`=4ywS1yWzB~t% z5Nf26ioYg#WUnD^hwt9IrP$nm@S?=m_3-O&Ld

22eY43bM`16KEIaz)-kJ=Otn&*X9zvNdq4z;GTA^znP^m5H z@#Zz#2D-Vja$C~DwKQC@54Mu4$Mr?i6)+!vE}E`(OJd1bNaDpYi(|PP;y3J6Wh`m! zMvBTUB(d0Euvs={;K`AxP2z#rB}(s_OcdHfHj!6zeYQd$oS-NcbSQAlh-Wg z=`2s=B_(qeosbw(%ykE4I*;t4?*w86Y?|N<)G@?$fg@J&B98(SP-}Ts*a?)ADM(Sg zis_9-(NcnyF(=w|iBK&Usb+!F$&>|Qa<;lHTMWc&=_jy2 z43LZ&0Qq5eaIH`rs$dP}_eqN3nmc?~x_}Z!<4pXOF|?f@hpFI!ZNy?(WJD-FL17ua zBao%nVpIzTv{r&a%(aY0+ z6ox&rc=0tZMRj=LpmlrYmHYmS4o3+c!Br?A3S+Fz}WYFA6-TS zb0Soaka=p&kUg0Lob5@=Lf=6Ea56k@MQmcKIJ72Md{R~0d>IOPZ5dw;2bUiiFT>QF znrTTKppXT(B=sp%&$V<6kWMbrG6oGYJRYEa-wVl*;@Io=z4RM-JBAzvK13C zbCy9hul&@oqPzl*5r*6L*eI`%p*n7?In4-twr0-M^dXy)1INj=fpbdHA64cfN$DKJ z^$L=S`ovO~yU2Y;IsMKmGhJM%Pk$r}+29glP{wH&dL|Jf4cS$tMt?7;3 zfffi%=T|_Xzgh7v2g`|PqpGVWFSGpQAt<|x?Feo(Vo^v^2*77CQO^H{aITIycM)b3 z9CML~-Boa>Ev#DhexRcF>rjs1A1j8^H4*Lwza~m^gBWzIob$(K@l*v*RXtmRwXx=U zn+ogu`2!VMYCSRGQn?|&tlqgBp5z$G7ukfQ=(1!NE5@ng$ZzFoT5ew+!*ZdPNO|#; zO8PbjZ>Mh)l2REiyW1&N2UN{fYoSuDgnFpb&=aH-@DIv1Xa`m`i5sgD?1eZSnX=p} z7p3j(nwnUJ(WX_^c6Tjx_nj|STT?7V{3Qm1jgVU)zM|B)kuU&Z0_JK_!DY=iYDqU~ zS1uOKARSO46eK4ZC`&~u<$!4qVF`$GWR5|tP;z0bvRJzE{Lw6mps`aW(p>voD6ChY zduio;$TZTB{uledQn`cjpw`uC7d?jVbCj}3>aoI?R&L!82U=Lwl)n-m3BeG* ze5)tBSmbG{YvW&E3ZC4t^j2OgKE%Pm64{D6_ySLAyHBpZJvx>S2m#7ew9c=8PPO+z zS%o;EDk$Hr`=+G~p@N}ewK3Ho;qN&~hs73SO@Mw7QEphA8vjG_9x9cevWhJ!cQ#NG z)x_?rXV$7prxfWV=z0R*thN?Hw=C+Vc`wU8=kUJ0d{r(ew-*zB8`{Fe`^%sG4B-nxV2^BG0WAR z?cTTE7i;L6UchpzRq_eM(b~03mA#>wZ=^c{dOY@Ga_1?qkc|LIX(Kv@`~ojukUG|p z!%Jt4Kqwi%)@L5pf(_w;1Ju1feQ|nxgF-*VQ1lfYU4vlmq2r_LQ}pu>r{@AffHNGi zu|L7wKznVHPj<}bduaRk;{5#d_-1<--4s5yD0$84AJ%8P==8<)DcVP;=O=;!@%Hs_ zAr{x~t}b5I06|b5F9m-G&@QY^8l#7HA=2~Bg?#gTWk7Ss1fKYf4Nfa#k4QNkoR0g$_9 zJLJemowP$5>S;WGg;QNU&nm%$<~XG?<~+Y5sCw;ij1I&JxzB{KNbn2^b(NHn-3R?l z7XZHe{`KkqzPz})IlX#)a&~?6?TgdbC#T;X{q*AI^~=+ntFz;4!)&N8GeBLjt?N3a zb~SLL`Ihsb#m$f(F}t-&ac}y@%SOnX_4_rVyZ1ep?J(T`ipxek8@S!Fxi1fQv1KFf z2fov?5&ylfvuq*yUv9Ge&^K8gYelN+E@+KX@Fq6ta(&bOUVi00cz)F7?P7F>q~%#z zTgR%#=^2!sLgz_zy)6rfMLW}d7ARu$RF z!CudF4CHdK9ppZ&Qx_E@H$d`uK5_4a>C3a2V#Qq9w%GjvdMf8}fqq%3sN8EK`IWNk zzP-Qj7O<@*z3#_t;5W+e>L6Q4@ajNY%JAxdTS{>S;0`K0{lw*1>Fr7>w%^@fh8;|+ zNwEECGwep`T@73d$z2U#OQ~HAXiJGL0qr2?S#2^}rMN1|Y$vb%8hPzMSxI1}58;Jl z9H`?c*J6M;O6`i~PLjAR#b>!B9B>V8xGPt;E8GQ*zY1~}U<3ARdrm6c&OBWOvkj~s zuYKou-*GP=yUc4@hcnIoZA_b?U3Y8m$X-Y&G6ODuF< z3lFYUV|TGf6A#N9TAaB0C6^Qxdse&+L?4Do_jU2ojxpPF?&(NaC>W5kSsZ#P8|LMG zU#UBO^=%-UPaEZk-RU;hb`(2r$6=TZuF@?{xqxL1;zGQTawwDwjLYU>Uo#|h2rmE&>j_?VaMIi(>fq;b72eH;+MZi+RxP4~96cc;H zhz)yF43{dMuwVv3eeycyg!CBzp&H16o00{5T}lxBNU{ zw;Uqd_f1uEup+tC6Pc4EW6&Tole3~^lUG|Dt&Zn9(bSqeH0BwO z%M~-4SgpesplB8EWho)ODW-9L(Mov`wwyCESC^m`_Y>4~DNK zgi?Ahj)*WMf0&Jl%E1@NU*K`x2#HN!IzY+zb(%MM9pUji1^>CQLz9%o*$8$2!gUBx z7wynEh-M){-O3>HF7kJUW%?fV(Baelee}1y&_8&8#PZOe+K-~DlwwZiBn9(6NNGj` z9NF(n=C=9H2}-g022%U(9crW=y?^fnMsgJ4@mScc!-W7K`0_}qkoWJqqVcDI|#pz<;mQ2X$Ssk!C{?tLt|Mul)g&$1QQN-@F(UVW8-dygrcrYPT?El7Dye^LY z{r&x?j~~N-_xJY;|LyNTJ3Rci{^KW4`;QL~A0Hn4+y24+{^R|BL;IWUYW2^IXE^=0 z{d?mocJ4FzdDlUx`$!IQcYwNLO&|1nVz@mu^ei3sitzbvym zK<{8mcI~3M=Bf2P&r%wX;d}XdT?+LcE}=9#781dJn94`#0XFmJ4? zy~3J#V=0|Ca(#Wjr|6z#lPY?x{<`!Y&9VuJGp)j$jlgoEE7%6lrA?yv0HGevdyA+c zV-dkQ8kaJ4UiE8NPwZd22!~S|3o{^fKPoa1YBNK*MplEN9$ zRens3fD$54qc9VA=$PHjDO*u1J4 zEgJSAQ38&{=pQC8FsER(Zi`U>17tJZZXDE#E{kv0@2;wT13;iC)C6;6r=_#fb=OOW zsBwO5bY2u#Ap8Fb%?eA0|Fj`Vv2D@T;sOlPg~{X@nGMLV?UnO+P&$?hZZmDFq}!TG zxjH|QRp6V|mGZ9MYx`m$Ue!Lx>uuIiK;w*ziyF;P0GARQ5TE)IQz{g5pM_?fk*niL zaYUhp(y|b+L8N#8J4RPv-p^J3Kh-MLgd{Z zb;SSQw{wKn`~UQ55$~N}+?-zf+1qSQA5(+>@7ckV$7TQD;TQkkhxj@E;pplHogckC z9iVsb)ES=-`3(2EZQ7hURJd@N)oG4=c})Dm4qQd3CTW{SW!LheD9X{02&+CMNyHW;L|=W?>AZXA2{T^@|AZ8eW5zQYykud10QmlW=f(gM zo9rPWaSn*aDE|;mp>qCF6saU2G{JMCzL57eg%B~RYXXVi4NNvC>0L^*jKomGcF^hM zcibVMws4q|C6V%`EBgZNgfz(Xl2F$*jk&ARL%ZnFF8UM2G!6y#9*aIBgwrwKC|Ut< zDbCLK>N>heCEG!Zf8RhWDy#ZOt$d6{Mb|oiaP)F^CQ&v?~xZF zoFu**5vM~so)aR~OGD{b(MB54*W9bXV4bO^ z;Hplj8YAXbMNs-H($Ua5oyEQ&Qb-kvxMZ{VYV@@liL37>Va1d8mFg1nyi9O#$RMq ztjUoKLBm2EopZ*rC+C1FDsGkc0T)z~vT!D=HCe?8xG&{7mIT-yR~Z>0Pb)}><`hGy zv~w`-intwms!qq1CwIi6h~0@*?BrY)?BMd|3DFZ83-y%h2xT>S>(QuNQ3?m~ex083 z`8?3E+P=IhOkT3rgIo5j676PLCBNrlVC_2Gog*-8Ii=QC>)zB#PkE78J#dQfwPn+i z%%%w-(A_Xt!C-Z<{hT>Ol+I!`lG0{JmlxMJ-(Q_xzdky7d3OH#^62{d=ZmY8=Z|*m zMNyTXY_$L_lSEwtNXenc&~Kc@VlVl;`_2z>hW&T%YQ8RN#4hsRzklCFf1)Age}0ni0Au`_ zja{5i;=iHui<{E{Ivc?z(z>H6-;>E)9kGYogB!?Hyy^sJ@QvQ0b=TY&b`iBUhVp)H zK>$fpusQhe(Lh}S3y02diO$&xva+M}xU{IR^#1*O6fz>MXxKD#mupBcWGn6XQ$Q)uxEzsC&*raw*57K)4<)D7K@=MlE^g7bmB$&n^oKoxJa@-Slu5FPf1l|7HIl zKF@GA6FWr6CM57o{qerLTO#4|;_9YA#5(ACLIRn-Ch*0ICGWc?fpX>fx4Ueq60auU6_T+!0*o{07y8g)Y{S#N^CDkncZrihuOtEFNsAAsvqq-ByW+{B$35Yed8e7-vvQX@}S0A zY_GeUowqq(w1BVV%J|$T_kFwn32T63o!j1W-PDspbk7^H^bV(CyP3h~L2u>Ru?n9D zD-FuOZ*qe451#q^{=VP;#6|tyTax0`usZ&kb*QwJx2<>MO}?2B+k0%>EII_8j$ z&SIT+$H^XIQHU;I9ZN#sxDm(jP?NYPixZM8gSf`bKnAFHEZ)xK0!~IF5@bF)5fs2J z{KfkYIoi2=#djqx&Z4=r%PHqG;ww|UdI07)q9M+R)GT5M^if4|AA5(>81B?bSrpND ze1pfiMv^nO(9z}5@eilo zfxqARswa=3-tR8NAfmroFpT_ZCxs@HsrJpLke8nev^!t(td-8nF8)i)#NwhQ2wnYCvPUpR z{7R?Sv(bpYMO`l^5Eg11d9%CHvzFfC@An+x{OWYY9RBGIcJ(=@X2dj}c=fv<5^@@x{-pBYtbICdY7MHQm>p}1vB z*u6Mbb0ohG*RDu5OXcC1jD9U&k|dxvbxoZ-NE{_y18=!*q=J9ouPer~qIKDoaWUOO zoXqb3W$#_P8@G`~(fRCOful}V+Sx6+?S9Sjy*cM7veWGyKXfd2=FHBXWkVz+aZC{m z0lHg>bAS6?c#s51fCMEh6{{ty>l747X-C3gaAwjRrVV~=hn zmR!tRT!W>)8?L_PVQUOY<;qDDgf6pe*m>V<)s#FsH?(MQlsGb)G&JR*#O^MCKVVZc z=geG5!Y1yQwG5-tHYm(_uCo?)Lb3aA$`ety8CHUD8F=Jsw%j5Oc19xBMlnYiCVs!d zcBaHqP7=r0>=#jOBwyX6Z&eyU{poJ!+n<*XhCU(=s#}jW?}AKUO}$mVF4|oeSmJGv z#^Jj1Ig{Z%Q|?*Dwm)Iw6Hsrv-xXsd6@3?m>7!J24)}+$7r56YN~fQ~FKlX6M!+|< zH49K|TDcSuwc40^?QW%y{++{2nCD`%eFqKV7hFRU4kR@b7BNU#*y-iw=62e7KG1u^3yURA^K?Rt2fFEg zhdYPUSuyd9Eg^X4>Fjh$TwY;rdEzB2p!hYMej3ApT4h)8=33HJF~x*ZOD|jWm5R5c zt*qaqw?X4|d|Yg~+pW0QY3MjYVYW9jm{(+8z zV-YzcCTIuP$&G!{%E;&P)#RKgxTF{HP2434odz-(h=#{y&b{&<9ji{3S#Q}w5)63OQ>XSrmElYa0Uf`aPG^Ao) zaiu=l&8gU>uXQ}WI1J~IbpAW& zC{?>kxSq6bx8TJ1-@z~a)6d5v@Js*niu+K;k!m>5OO6_icm+=`oD(o#!F|K^%C$#RzoQ3!_vOnM)%J;_ zsmzTl(tqv2n9jN!o*A9{tFMjWXsC)(mp}Fgib$XQOfhb_2>1>&>Cz-jG@_j19F3tP zKa?q$HF^b?FAzg zj=bN!U@Cs|5V7~w3n5d;W#%^&i3cXNY&$(qHM#;jpkYk$M--rl8w7NMyy+BUFpxdg zhokmiQV60X^n8Z_;!Q+|M+Use|46bL{K+Agt^~E zEgH>s(Y>PW3BOhQ&lx@Rll`-Vf4K?&87($D=YxL31>Rrl5_e$D3b&t<;?xfM>C7%a zTbHNyGj(}toF*soOTa9NnWm=(h9tHgoe1%lcF-s7_;FnMr0B{~ID*PcC3g}fB$Ine z_O{A3^{UH$RP8-%xAeayUB0**x!M*iiy71DC&ZE(lNU?{IhBbsFd$-PK=~=JGEFY~ z{?q3D?-)9_ak%G1IQTan_ZD#8>=|%P{P%-*rTFg$`ybvtzyIAtVQZ+J7r?nKD3**G zoP9a7*q?vyz|fO{fj3SCIy;f_d~eAqauPdA*p z@jQgSzmvVMgw+Gm9+>84);#7F-+Chd2#?PxVG(o@-F8xJ6c;a`2|N!pf!ZBB4{?A3%5x}Z zQ_3ev$xgh6nNoYtPgh_0qMftEM4@&eV(TmUlx;)ogItXLT%Xl}{1x*S36aAVGjV3f zjeW5Y#hNo$1Q83kPzs*R&|D{4{hC(*wC$?kt8}>#ORoR9W;f zfu4`t|HNbR$s-g;i&Jmz(W;L0Ekti5=J6XRvEQUeb1R#vw5tjAqNMp zTup|LmC#i6mz)284nWDRNDw~N%JzU;R@p(y&v3p_H*;wk}Ps8G3L>iYa6 zANL9XnuDGdm8~ab1MF@802Exo?fG26U%t#y(k?f`S&FEXCOyAQKrskJ-BZ|}I@as* zSmresU>A*$j~t4ld^`2aYI#knhFpHaK=zKBs1w(1L-fcBpX{pMlqkOChKx!YHY~1e z!t`UFpJxRHcZazjGW3QYKaY+t3m^Zmj)4veg_GfBE!r^gi#)>#we0g9>qYNkAbD*kw`ft-hh`QU&^nugPZy)B3W7D-!RCp+xLjh8Vh}vzlFkM?`g}IL zJ~}CGOLZ`#fPo{%6S%9<5Yk!g2FYJ;o43Vibb5JlaWy#B%t5We#=PJ89kObk)OKFW zG!zS8)}e)=QahN5t!O^9k|(SrO;_d#+kaaGLd26eVjkmW&eI1B(9%=YHji z(9%MtAE;O7auu6MfgyISW~MkVIoM@_&nf^l!V`zrcRwc^yVfA_4_T0E-JEy^DfE)fWv-1Pb2`NgQXRGWx>Y8 z)7Joc8^XKBQ|Xb$FKuA|5AU4jw*SA?+W%j_*+1AX*#Gz6?01m>;NEE%b`w(T4uMT+6WKyl$k!o z4~O908^vxJMwns;`-kB3(a^T))nF)xpjhocUB!wohmEFawXYkhwc3?sH&6q$cPj-G zoAY1V%J$MY7Y)^by7T|_!H1&%_lNzr&*%RpO3UYeU8svvOtD_+h|avblc*cDN9-!` zs_c&3oO$Jej@~*$tH5r{&gg`!f9Qj`K?}2-KYa`)}VL6wd#*@1D>9&6Ec@|26UOT9E@< z31Imw5IhQj0NCfzYO=TJWPZ~Z1sJs7pzhC74Zw~gK`Ts`Bn&STydB2Ifk7O$SzdCQP zG37|~wI1|l_xOYe$%EojFp70}tyc}&&~5#pqwml~hz`NPj|oN5$#4e%f_VP*{$#>b zkGw~E5%EG@?HOKd<0NB=+UcK_0~H$OuB8;WkL0P`jMA{1Ehz5I!5us*h7f7O=9#D_ z+EExy5gqc@g>L^4c^}==)?UP5KVVUZ8kt$(7mX?{6*wfALd<=Sc^T!TD1{`&X4) zw(|-qIse5OCQukYmZNN)&a7o*Ydl#SEC9I^a-OX=)}m@2QO`|EeyBC|mHFMx+-E1b zph%T2tLA}~*abTO*jxmGTBh0lHexd>J?tKB26-{aw^gYnm!EVQ(Pi}o)j*WVqi>A$T8e~KBhavJ*S&<6UOsDmA=7aD zr~Yu}iIgVxA88GoE#3dTeSPr!{&yqg0q_6iaypaC$#7L9SDP11 zdk&5e<_FDQ@d8P9(n1KRlI11I0;;jV)L;~BBvO=N@a>HlRl4ljI-`;Kh9{xUzwww) zn&>9^tLhF$-!dmakepD(ml?Tp+7kc`5RsySXd?->De7fNu4=BzmL3Y+5PLy(c^2w! zximtXVUoOnqUbJrkqtodiw)7stxF1x9T>!kV2G}~Il?i`8s~nt0m#tLl2Ap6Q=8{m zO`9q|uDGo&Mm0#Q?^i}m{CufHu=Hs?XqF*Z8?rMT;7D%8w5jr=&C1gDk%Pxz%i)}Y zpUsI*)~&xd`OB*wjpTm{DVoGSLCpezRm%VSuRk2@7xTZpd2{f5|GSaWru@Hhdbhd@ zT6F;$u4hNG$_UYQC<7ag0-Hd!y~2Fy2H47TEx~&u9&5V6w#-vaT7}6W*ynlxKT&NX znv*-HH$%|%xuZg_GM+&kx{#s~jUYu+>C=|~P2gYf?>02A52^47UC7$MbYH`5dp?<3 zF_GHR%n-Dcfvq0pzpHk6OQbZYo!d6;MK2|N4Jf>^lyQ16p@zmTTvj;~&drPgGfaOfk<|G|G*2g>O-i)1XtqrJ{jR zg-;sKFrj_lg9PPt_VmYgUh1l&7-;l&d-Fqzc+R(;&z<6#zdF=u|CS)<64a!iq}zyX zy-N6G6Q=5f*v-PU(?w|5$+Ej)gb1R%A8{;pKu1>V*d4yR#!Q}^VNkDa$dxYF34MTF zWDPp2TnD?_p#Z$cDuT`}Pexc@`xY%S0o9_usA|H{cB|;~t+tnIRXa|5JDp-5Ma2_Q z`LP|~)lu4nJ;XkqE=FO5Ad_PVji49M943Y;ZQ*5tzz{NF2`t0N!#uy54+&xCqT*{+ z{G>g_Dmt)*AxVNB<(ubz){dQTSW38QO=%R(y?`&Ej}dgx5Jeu(JeTF{=G3mLriIV4 zV{2Mjq}{7eMQHA=I{RSN;$m`wd|{!T2<3ae(aCUNY;ZChl%|9!h^n)Kn!qm?p+;o? z8!`g$_k3x!-Q9c-#)>&V+;q~i%qt}a2{N0Dv{uScy3i+sG!M0UtEm27QZQFUx$IPX z2pk+Py2W&bwb`r7W9ai)S7oy{^iiAN+OR9qj6C_;S)!gQ%U0I7VKVU-;2#LMIQWk8 z96(-#0Aw8V&hya}xmmJt;01urJOUg@P(3!yQjgm2_9Zip+T~Rjxp8y;m|d_p_JTb! zEBx9;PT`mPf*+?7s>y=C2d3oP;(M|2Y>r*<{`KpMHB5anKoQktp*CmOwM+-9CePL9 z15G;0V6yG6Y98`BKT~K5Tw|SVPRCw&_%2S3t_vyLQXW(8W+`q{)y>0hHj|{Gp?}HY zTDC>MftP^d5skcH3SL$qZRBlH9P|mlf85;#9T-#GDG%q&@RtDGcrNJ1H;4ScAHh9v zVhXx0=ztFBP7ZFgBC3K-O~Q120&+35re_O`{`~V$2U1mL<5h9cCFh>sx?TjjVUxc1 z*v_pp`|<|4keq`vY3pq?mV<+d8GOOlKM20Qh44?jz-`hU=*}5e2DZkbjV3Z0Xg@vM*}5~{ z5m~7^&pGFJeJ5mYLp-EwdoIeM)Sp?gNrQFQJbS6uJNUHA+8gXSjpYij!>P2b(T+zA zNBY64Uy*@;O@}P1aW$Zen-5(}H_7wsP$%2D8mp1P(BncZnOo>>u>&ts? z@N}^!b0-jpitnL>CX4N{4}Lo090EdZqIY`RiyWJn-_0#KlQT{49)3)uSDNegn;dM| znS5nT@tGt!e_fqPNJMfJ1Gi1U!}kYa7C%4L3SfU7?Ei4alEej*184I1!=Jtu#4X`i;j`#YJ8UD zc>%h5Y;<1>3z2@h1iA1v-&$NOp$TqHOy<%NGlekC|7>A+Y;RXn9b^?BHS~wfK2uc? zIK~f~vo~xW0=43=*x2~fp!S7fM&bzZh@^i_n?@3RkUXH&VHcH^I;0ORmdCNoS1BUL zRvc=G8|}tmxHQM10wxaj&c^coN89pobui5dRV63q?=%s7y|^nBZsWo)G+aY3nIo!~n;hmOn@W?68(LKIyo?vyog~KHO@q7jzE=7v zCXqVJC}OQB^vgly*VE53@W$6eq@SLauP%2>-db(eIsJUlLI9CEP%7LDa_1i>l7(z?^_h!DFWQ?_bH9B)_ct2;k`zLNtW&>a?ZN zLFqW&5^h)n+qHjJqJgzwJ zBL&>i)rCVApH3!JNR0oJ;HBNUFXsLXC4)uG-5oKYFP;n_qi!uVB>l5!ZoPbmr&*3e zzV0hAft4rQbv2jt8&#v^>nw7Fwl4f6?bXZ1MyQ|eP6i(1EJ_^_$o@2#kcyri{8)F_ z766#?frL}YMD;okTogWp$mCLmNSqw)Z1#F?CO#CB4L^ajuvTNV+8UZ7?GuHt>ZM}q zQ;bYs+qw+hPEJmhN6my;hj6EpjDS^o?%o<=fcN<|}W+!Bg+QD2Ooz36s=T!f3_5pscyO`7N zcD##+{Z_}uH068t<~7^*O^%*soZbDgExX(Qh`0JRjwL4W_DF;homIB%n{#89WyrC- z`-_O$^&;cTCHnp$!f^GV508hRtLmfk(e(+>Ij-(UQ*$?*wb>gLi46yUc22um^Lb!x ze~zsCA)km6_H9gpkK9=KYRuJ?S?aACbB2jnU%pd=r_=yrAgafy-cBHlBs?0IJUDrU zn3nA3EOEF$4uRJOJ7LWQr11Cr)m1%`Ktl@ba8{bvRR z+K}nheM<g0`yhbt@NcL7w!!Y(aSaPBUr%#45AYk8yIeWOijzBDDD zL6YQzvui7!qQT2Wu4)||(>AlpZXRrS(d4e{Ht9@7jYJRZG4~wq^8N3N$P}jT!{}al z%I&dry)=doi=d0 zk(@E|KD6Wl;@eiRaHC#j$lWHNhY-!@G=W8UV=Cd~l*;UZguS0lhAg?R!k2o)BHz!; z5Rx2%5KgCizxzVBFMb}rd(f3fw)B;kO|ynYZ>C_nA6c%8Ed@5yWoR@trqLzacrZvr z*xRQSx$CAeZ%jJ7FQmv!K#kDqfhBoC8>xmbrRLEge}_b5UuEcT<6FI95rT9{4X z`01f)Go%|o#g$}*ApEgWa;`!cXC5VEUov7Agn6Toty_L}ZTEjt4+erSn1K$wejU={ z68QALrl7`Zzg1ic#?xAu5Rh!A4;jyRd#F! znO<%dltzMJ)497=SK|(C>GXZZg)W-=p6_}b&r8l;?aq24N)1R>pv@DYBZsg!<5?iG*K&jU>FB(ZJr3;B&^t^{LEMA zFIfX0TRdS=1IcuUm#UdMU_aDmkKT!6wdL^@(d+SBdxeiBPYUSIR5o^?x{&=WA}V6o zpSU2#SGDo+c_FL*aly&ov|x%w+Co_|;T9+91=FTIw);Enq!5TPrV-!5Z~Uw2F|-cT=D%#SZ(z~p*Zah*I>9T-8Hu`_1Zlb4@b)ngQ>*A{bz$jWL~P{4nTq`F#zw<2*L=qmH3wH-3YgQ<87yg-4J{5;2+x$nF9 z3-2}(uv72Oh!?VDWw9zzrIvh@i^UdFt3T|@y;%RiGu~D>Ji3G_Odg_UjayRazSfZ_x3pT!2l|t{tQ0$B1 zUyFQ#KOxSBWm@ADpXP&Of}pqtY?Zo@F#?kpGT5eAM(GWfxHmo=e@!f}hW*a59=Ke2 zrqIN4SOZTiTjb*VXu*sx01j5fCF4g*#^>C=S(lh*-xeqmy^wAH%`(;Q+L-LB15C&z z!#5I2DidAt+M^Q!GnryxVd>+3`gOAs_K&2+-~E@jSKjywmN~19+awY_UW5etzGb%H+8D zhS0CUa?>{!HhOGXp@~%!wUvR{@b%icfwON7>pY7JG??!0h3W#K2w2#_f{*>Sds%c+ z6jXc(w$ZWM&p$?Y5k^`|Uj z0y`0jJHg9Sa|2T7DF#Akh5Ma zAk$dT0!lD+cox!#_nD8GXXFt@$ZgJT3ksRohK8YcP^24ncyz>|7xU-jlTFfe!;o{s zLPQE?atN+M-X1(^1Owa033QNFkKXpp3o?w{Er!b&cmlN<-X#u{`JLKMF~H) zx4pes*x){C?#G}Lb1uLqY%Kb`{q^ zCrB+)Ydx_O?Nkvi)0x=nYWJ%gc6729z)H|Nn4mej-UyFl*nCY>g;7bwWgb%1X%+V@Y2aMa;K2!9R;ZMvVOgipyLs#qva<$j(#aLQh%d)m zeBGX1gu1>H%8xve5%jMO==D4mm4EEWiMK0Bxu;n)ywzE=CuFFUD%=^UEi4b)v zvCKUMF2}Ks3$XUSO2Z4BCE}Hycl^2I_mS`Z-Sc*P{q*qG6Fz_cW+$JHxJByG#(OAZ zrXR^y^G5f8lKh$%ioS%m zObf-nW-cIrF+Z{*%^XE=>J9L`B_svd5cpxbHvcN`K2vFmk zUq9SpVg&TOQuR9}vcwsYN`o-9r}=x1hS3VRhhX7vrF@DHh@ z@KA9b+0EnZtRX-}TI#?;#JTO$>1Ja}w&3j9w=Ar2;wkC6##CP8QXyadym%WtQCHu; zU)&P*R(Z5$^F-LRrJc>>;`cWCZSg9bT_!lIcDm)87VTA&1hXG?@5GcYQK3)^?eq$H zYL)MPEv_+hn0w`*-PY%2xge`MV_mYV#P2r)YnOSvj(8A78bFV)UJ?Ltn|}kqu8e>C zEm2*{(pI3(`fIuK7v>Sf??>V-!n~SS%RK)ta{_o&h@E!{&@DO*rpe{5U{S!Z3BOZ8 z=3x!>M`pL#^(;BpT1X9><4I%51tuY}m{NytUsJ`AsbqEe5$du5IUO29W8gg;Xi=pwu-L-d=&2BxW;zdY!cxBmmbo-dUze3Ve= zr_@3-yeKdO46(Vh4F5#eoCv2&gdb36sr30Y7 zchSCxqj310UJCmj4Ie}mQZ^3(Qbtin^IB-WicS%#dlU!!ZG}i&;6;DNK2V)rWGqAP zfzEgkcvR0-F42CUxQifE2yeG@Wfd4*eh}MX3wS)z(if*uK;Rt>xA(VDGUi69RYjHC zSBGMeH{N)~LM3C`Q7<4Kv6(&g01-_|zNc-O=E1a^&Q zyREE8d$g_ramH%8L8rUS+$<0ypIl={d6I+TSeK}LspklM{~h^3#i2O?Cv*%unp-s< zOIMJOu*8i{^nB;c1hX~+ii?CT#E{381*fJxGz%s^@fs2zN)k&C!A}~D*AOuyd6)R6 zSb186%sQA(#PO_@bVKsefED3=p-f+6egP!r#IXDO(gX~TRWyEtWOlb#ZADm(jpbiT z7e}EfI-vz&iX;~g>6iu*EPEmsHRYsa; zu_tBeo0ma(I-8h(1`!F2Uu?Yk#@5t}VP%?=+~karnEbr*`LbRR|LAm%(0-oS;)T%D zOM-MO@x2+wfXMEyeP07y1++uks2d3Af%v+S1gskfdm;}e;9PGk*`=ig2mw8## zR|r0K(N*f3y)Le|gvY)xgD?>FT%zE4EXDkxI~Zpip-kuea1*W(bhY7mXU0#1C=3s? z(e80JLx-W=CAgQV`fF2URzJf_TMw|kaIM729=<`1*G>>0?tE9B1SsdrVh6)r*Qz`F z2)#St-NnWA8aU!~Mt66zkT~T6YXM#gId|QAuhO2(3F_=pQAl`0$>;mV*iY>tu0>{4 zat+5Ukh^=Jq2DRN88$pRH(kN$c;TME0#&BGLG6TF@c#*JCcESNiX1k3ujx;F)Ar>( zI4weYz;=h7ggCmn4gp_K*8#s&W?h6Jodw+-?M+f#(URu%iX^D*;zwic&bL8Y1OU9O zAR6ePW}lq5C%IL5s=Bh3lXiLxAX~L}Kwf`1R?=%df^;Wy`qEjoI0$C@`Ua!IcHarW zR(7mq$@O>HuYWn8M8*CbanC|-2tDM06!$w^1ex7sGx(0EWG8Ufd8OTHpUZfl5YrGV zikF61=&xAl7*KlM&zFIEM4;||OKCxl1fDi8tqIvmkD%%Y$X(QCoSyq2NAe_jkA>y` zFTGKaXJ1WWjeZNJ4A!;K`+)A2uT;?A`(mTzafKNlnusV!^n6lS4Xh;Q%`pIUs zEtQegE5cI4^Nj)(oH(1)F+*m^=Cd(H%tAB;h&Zh#$5^FEm2J@uyXuLW>NdLyk1GGf zi#{uV=%*}}OYCMBV=B!v>k7uW%LRA0KisjChe%&dh^?+^J+qzuynWmOKELhwrDaBQpfBQQ0D-3-sc^QRvJ^e5bdRZ`oO8DvYQY z(Fa!WW^PZNTzFaK|bgH9Z0q^lz| zN-0z1@Asdq^P6bOd>=~L{ZLHJ--}=~5L7_t)Gf7ZJoa}aFFeYJ&o z0lu!+k*B-0+wi2T7Xr_w&JU@&d8dF$^^y1A9*%fJxa|*+Y4v(>}&8 zx9z=o##OD{*rzjNXEWRpfA<6!-H-VSPfi@M(swke44j?X5qG?A@Mv!oZOOOPx>C>TWye&9{_qDp1N|RsqaRmyCw>;(&k{ZSAIyB{2yx1Gk-1)2 z3rb@6Bq@mL-Pil_j4{=nDNR~ruKAe}fUX(g0|IT_fDkg?Bh~~wZLF7ng~4KSVC^olW2+(#iD%#um5S_h|zAPuWjv$VvqKMl58O zW)X>kzNE2>@f``c+SJd^!UL=fc?7W~BFutx?j z&*y3&zbd|&72yc~c4MVs>;~4G6d@$_osHeSEj_J`{rp^amWu%QKOI!KJ0ie*4}mPA zP+0}!JPwa#ejeU~=&xsDfYbNK!;y*aqwt|wEFIh_!{AM$U~jlB6+7I%QI-KkGwdTf zyV#%(14C7mXPt(|6NtLTRt*EEw9SB}cnFIpmqD5B1g#$0!;R^^-O5go`N~1{a*L zsT$p~(0cdWK01Hrq5Qp*9z;@_$$Dxw@F;8KyMWNJCW|eY$?n=+3UtJ_?wvgNeX|FegKo=>L{&4uGclCRKV->IFEb&`{PNVl+!vCtym&LmNmFB- zF7;m{ImptR74vkpj#*F1XF*at6w$isY0-_2PB{hbmaYPscp)Fv;^co1zN4ec8NJtu z+$dt)rbY-;W57u1*-*n>6w&Ib?WWCINYvRxpG1=u6ncA~0l60z6l4LB>54uCtT?6i zP4C~^L^FVaHFQFK4iV)kMWqPt?iu{%6&Tc75Xq{iyTSN7P`SdJg=2+=b4T#53!Kpu zUm58w3~%_rPI}h#h7+$lQEVrcFl;06tL);1;Y0XvjxS!4YUuBEgR%T2+_8aB35`PE zwjEOh`qq!F_XO>9^jDNy9BCr*oMT_ld8wxReebzuTnFI_}Fd zN%)V#IrUZ+jDY3756!Q;lxOp0`T=Ty!f#NSC1dH>F}5wp-ya57)UEr0iis37RL2*6 z^F)-D98P$#HYYKRGm{(+e40$gu%YwE4B###3}*TH@|^wCbOmCzMzWpex~a*c+mlt| zOKEhoZ$#J3jV26Y*5VVf*ut<)&RvH)Nde7{i|FdT18HVYg#ycBw-`(-T9%~JaVuHN zO28BgO6rZeSi8F8aC)|zl3!IEDu-PX88{)+qi}Cb5 zUf74A)WWQx`QoEB6dG3uO&i(98%K3xsqRsf=2GO|0< z@)1uZO}s?ZrCX`Snah4^h|94cn#cJU<6z57-u|L4EJ;CYh*xDvH36$zXK(`L9S{mn z*XkqzlVHlm57Am&Jw)jrPAsp{Xrx&*gGlI_YUo(>R9kf?8>Q+=r3)u4DEmetQybFHFWpV7bPhxM^;;~OUW5ied)UXM)2hN{XZf%Y;lwhBGzeGMXCIr zwY1YI4XXP0+pJc{2F>%^&P|qWLPv`c$m{v%P0dc{!l57F_LvLsK|W4^m;}(1JMeAE zB{jiFEtjD%UO7&+O^NFIi#w3cQhYG?u1jyME&If7OWQU}|NtOZG8N+8K z8i{CL`5r`;_prk-%KH;MDjw8in@joQd;g6;5nGs1T%XabUOWu9SQ#k_lre_tcl^Z+ zi6QQtYNI|7R1S$fMKd0-JBY75#%BH>wnA3YP%kf)*y(+y%&)FLYUO}OsBq*pub=Xi z8$?&Zl<5}8FM9}B8LeXr(Jjth1-N!fdl6b?(s3x~@J8wXmm1tT{=e1W^2-0C2Fug_ z|51ZK0dGjB2;hcM<1W^5f>=&7Uo;#$ z3K3t>?=Q-u5%PNjkvaxCwjaCuN=@XC_Z{&kYBS-NNvRO#kCM}$_b?yE)Ke=OXMv>wzr+mU>{IxEbYFa&_3|YyS7e?T9>p+1Vz-D-L+$lInWv?18U9f5-0M#7=vd%QzX!~P z&+MyIqehOS2qA;;d5KH?5}O@1dneP$5GTXn5~H43lw@GCfxms~{nTmgPu)DAE;eQ9 z3!q*DAn5c3RG0p|tobef`24k(0V*k6A@VcfNT{B{iZ={(v5pZv)Vz}Br~kLusy{EY zEGUhzv<$q4xboSuNT`@5GXOqyUS9W~fB$Ig4uo-d*9#c@evdTFm;f&Vg7^vKBS0pp zoKZvSH7=MBB~(^dl>X(Ptf84fy~~iODyAo|-k)>bIq;pox`|)55*KlOJso2g*7{2# zqN?2@bDC9{zmjhL)+AL1evMZwlC5%|H2m|{U+-bMm=qljqGle~=pm!#kAzjITg?HO zFxYn)wkKgKI(^^tY%r|>(4xw<=Fb-{F-eZCe1W6-HW6|>1sd(+J>IIwM4IB3W z_sM(n)P`(;9Rc?*^B!lw$MJ6Ze}R!PKu@}nuoDDFMUuk2A%+^;5@wtS3z=a^n*%LN z`O(NPwuDrFZXTohYo92)14cIeh}@}~K1aJxSD_PhI_}+~p#0ddp!0&ge?*FsR7(2a zSSDgadb9C!V!rV=b%~qu%Z8*i_zxy2zHCkO)3)8I{VQ7#hHO`9J6K5%SL%l+TXcL9 zCGi|LAN;4EZY7}CeXn0S7+ho0(vNFE3-{&gQv)S4wq*vf0{&1CwmXOxx4bzr25*5J z?;IJI4u6Q;xM7@^>9L0Kr+7%T5dU$60wb0+pYavUD@hFiL|Q#V@pHJ?GQ zX6Z%3^|XK2&^HmO=CQnkpZHDwnME)BsuSgkQZ5NLZjt!-3#q3V7)8|gM%k;wEgm>yaVw7)u$wz%iNu#t1hn5hEblws zUQNj_d>}$#15GE!zIbN@1&_>ao08}TV4!CiV8Eu9Qmn^buC*yJQJsvJ0==`?Qv11U z$HgADp5qDQp$bN#1$#X`JF!%5S`=Sp8k+JkF@|3f_y!Oj)?TTJrdt_Hab?bvwRIn= za$R+sb$Lw^H#0PussYs;k;_4*xWe=dxlM|3vBTk!af<0Lr`FWzuf3K-Kfj4@KLuz` zEo?#ABoFd&9R87}l^!26K@9QO6THvPpw!L2H^~ZgoH~7ULmeUl5Y84rgB|+5=uyZI zxf$O-lK_tjU(M(OpL1DrAhe=9%UfQeD@$-fB>hlv3A0l`NHAaR zZ!OkQ;-tQQ>vx`bP3_j}a%ZsJOBKaXlR13xSQ!x+u)S329~9qbxg0Q2G8%LtoQf0ydr0KuR2Xs_rqbA zV=k*y9_9CB%12U_h!_A@J$^6GYXCcvBXCS%X(d#opBwZ;^p&K8)dxL>v_K^8 z7W)WEyA$x%3=go;R4%YMta~5Er#sBsl?r`EA8_JBk@GF0oFtJqJc#RQSfsqNFtcao zs2`JHgzoK7AAgc@(4T$dW#ZoP z;1fGNkbMK_$;Q~l!1UlG-#t7{yL{}20^o2tmz=agU59%jf4@w_?oO2$2Kr!#@oamy zzr3=EJbd@?UK3>Fy&PYUo2Xs`TI`+?5nyfvo_D$cw?6?i_Whan81Wk4@ygk9+%H`>p`F*qf^;TGSMNxkdRG>S11jFm59kfee$k`cX ziEW5inO>flxSQ}$0@&-D-f|#@JWFg3=Q+@?zA>ehzK7WtLqP-JSo2NGK$1f_Q2R*q zL$p_pXOMfCO^;Jp4{*yvxe`j^PL+PlaM*q*p3!KM;Wby^u2vIArgxBAQK1_H28*PS zpZhR_Zf~WodVAKbt+lp@yvSq5cCyd}mVIcmbC#6|%$r9^W;=RJhJ?1ufC?<>0uE+% zsfCzc-C$PWRKZ8l2fSLUfPhe_lLkU^DcS)pdnS}?@@?M7wMu%R zELq;2U*4D!vfaJNLVpgor>7$^cF!LHTkY zEC<4^1+KTuUIXG<^Wg~Z05$HXa0}_J$&C}3IcE`m9{t0yHQn#Re13KL8BB6p27n0; zYy=~^rHQr0&PUQHB(>E2EAIy3=H{AEh7Ru!3d$({2UwEIzYuDm)}QdB=%k>dOK+Mq zDcmSh&yeug3Iwy=knsH_&{Q}q?~qZLcZu$fl9-1_j|_-<^#-r=EjGLQbXV@?rfcQ0 zW{+V%C$p@IQaVkpp2MU#{SCHzAxH`gI@ge72+naiuu3l z1W$iDu}8FN5rQu1eSe@yEtB5fzz}E{8a+S%JbrpXHMyP&50#(RrJ5$ zqT~Bg&)LCjV^`;;Zw+8802e3{PKiHq-xo)bj9(@gNP}E(0z6@9&yO^DERu;|36BxF zyTkFC-ri(kMwntffbVhGpC_a&Pf^jaWSU^fW%~gQB%Je*nx&Zl3+*b0d#jlvXxUc_ z7b|KU5|sRtZnk9Ko`R%~>W!b`Q`PX=iq=9IO?*%ClPjV-wEf8EkK%+71TzxHcwjCN3c zzJ8x(x)j=Bx;|-@3K_r?=R>T~G5dR=QLTmbFpV0SU0(IYbi?^nLyuq3$;jDHdFmI$ zQ1z%%n*Ubs7~hH{8))=CD{xGN{1%?qW0M;dmA09T&eQR=wN1lKj`B*Z;4g@8%noHV z{+KfGH#GyP!oiX3SPEc#iM2M@>Qlp7)Quf%2m1i zbU}mU7MIykTTE8aHIkttM_Zm7A%ye_vF=mGYx6%q`WrVigxe)!4VMxBF2Kvr1tr%b!~wGA z$fJA=OqqVy+G&yy5)aqF|E18m?wcAr#9jD_<-tgA6bNRXXSR4T!u%&GQXBn?{35sa zur8`3I2NGch5w;JM@4zUnb5mS0q!{FMuW)Es{w;^G2pYI6AgANFU)& zDRMOpC3#0;qe5?{`3Wd@^v44wDG}_ zrg$d$O`O+muz}J?{)9gWlJ8qy<@QE-sMqW51ILahf>^6u`U}7fL9`KLk zy-SX9`Vvw_ho8Di!n~2W@yq2tK8R+I3WVg34*uQ^tLJm$S{RG+TEpOQ=5g82X-5TS zyJ|cC!m@#1q0C~v^k-~xOrug{5_m+wfeL%kc@8v@@4ffG2Dj}X7Ftzc)H(Uil|W#@zHE#=e*x#tp!kt5w46vv^=DSHujr>QIeLrf2^?gm z(GlQwV9s&6u+T>jzr`c`!{Vw(4~m{TPg7*h1}I2Qa!}q}FV>S?HepmswpP0^iMAGb z#77?jKcVVIIf6hOTt+5YOs*Ou%y-zM8-{oZ`lN{l;8u3=qOv0Sl z`mxl2ebS%~$dfzoDB|HJQ=B*Z!E&xc@zY%lwV_Hj6sfAEtam{}Ndpf6<{|CA%Wyq|k50?F$bF1fDp;Bc?qQKDG>5ag*|cFnt6)sLAKD9_$0`3^&t5Kdk^G&t5I-LnKzkB{&-JH0-R^NzoVpDbra z78KHEBfJ8=>?2Bg@A$}FrcAd^vTL2|I$n|*v33cOgpeEQLHqw|&JT|)RF9A#h@}fK zWfMIIz%E@3|M`$1S;zGlEF)A1XXh+FOy`!t@LCUE;QzRxV&`^-T0gYvJBK(Jlt+@58NDmaY09%R+Lf zs%Dq*P`giIMrgYi-4r@@N9+=Kp}FkkBEhQ*Q>eTP@h~KR669Zso~}@icldBl=%d8e*CE!#tJwMaB)vXym7ILVS$ST8L$@K1a}vc z&@sp1(@xIQ)X`nLHP`AY)XR-TcmJSm3}0n4)FRnzhT{l1O7o}4hFQ~XSmknDNHDn? zRGkl;ttqnle=$5a-hs5FuuGiu;|ONad9x_e#$^2rQ(`TUdo2oKC+nHEV6IZUoWYq+ ze@_zM<}B7u|G@v3i-qUTjRI6M3kyYu%j4ntqT5(RWb<)TF0^!6zpauqsxf3Oxya zc-L1`jQKtIA)Ez(^~8M-#4OqQ6TF&vcg>$KCiPTz1VQb5$o+>mYQAF{!zK~ePcq}Z zP3g9(uTvb1_m8IKp6kzhD-}`3Vv4Ua>*SdrJ8K1R!xekXsL? zTALewZk+j;GcgR1gI9f2nf3^j>cSb~=0e^7)}+hoLt zO%IGcnCY0+aoN#|vaYQ-kf+Z<$&=?icn>vu*TpYj+8F-V21V$rjp?DS97L7uj*zZ= z_5mvxCvb+6vzoCmC4~G$E_>kZ`cX;Q+z9ORvQYHOX8# z<|c~tw*|~7Lodo7DgvE_a^bIoTh2|6mATvY?dImVG6!Gs^fs#Sl$UVMKUp82&rUDv zh%1i)@_ULI2{j^{>psFv+iNu(+T53mHr9fv8A~Op99|pSx&3s0nq=}utj7wsX+F%y z+!lGSpUXwO!N`0spP^cU$lspe>G*S$Eh7({UKKt5)N^H-Oykohqr)kqMoWhLLy-^@ z4l#NII;leuaV8FUx+=Rs_pS^<_xCboP^qz)dPW0=Io7v3v^0@^60{Gf_RF3weLJ)X z1&G#TC9^PvCSbTP;#o+^R=%r=1U)=6+aN|2 z-({WT>8n@;D!UfmBc5jd>{LBci^r^rg}Gre;S~vitkH&od6U918j*B6U}Qw_tH|g0 zxE{E|%^A0(L`j#%WN{av^v9?PJ()_<9HMN=FdyVX;<%zpxImJ9gOO0+CQ%!xj;VRd zVn}>V21-*1xv7^>=E{Fd(qf@t!X&zQTu~J4SzC@g42Wd%3eDC@dub3B0Q|N#d#reux(Y zGm=TKuo)8JC<4#_A^N;y&;G@l(Weot93&iP;0@6Xp41!KXm?aYw=!L~bzVgABnXQX z2^%VMYga`o^mJ665Hc!m5Zb@mCe&Kl(%MOfLQVSKf0U$EfY{GCr(>v*Mr?|^SNsv@2hOdaOt*CoEb}Dt*@puty(wZ* z^VJo*aF6<*+#h?x|sR6^$^RlSgso_{MvAUSuL(=r^nzcptXdZ^>p z_$RA?l3|NV)M zlv?5L5HT&tSs6EEG{`ffckKSCB2ptmQ~$jo9@9dUWL-vzda9zfU)gd1e^{j~FMs5l zCsk~`2bFPp$7u;IQ89rTFmHA(S!TA6Qq(Wh2%LqT$Ev&>^>62 zy8mvDBFfIj4w!8vwWuL^L;J6r0JSb>>>QW`)GkynwAdN>AJ`%&WLyaZV!m&v5eO=y zUkW%8D?EcRGiqjGA(UdLEttsCo=&Val1jPxgB2tgVegs3XS-V;4f9@G+(}uC)pOPl zlw3xg$lfSP`ZEv6Dx4u^9?K#-_DMNR#`$(zSRaIGI*K&O+`BibQ~px-d}IB_Qp z8O1V!Z}!!26^a^u{N#N}YLEyuJ=?lBFF(Nqzkta7lp2w6+AxtX>bm57=g0z}H!blH zTGIwg#GkGeOOR}KGH9C2R)iu>I3HFC;J^GO8o(VW$%8|%B}*9wk+hKsy6$MI`#V3< z**KbTXL_lbZkxLv`a^_%Vj#g9OL#C}D-6pA0_jzsVRUDI1Rtgn@#!M$ehr2Zm2j7) zd!flUo}m&jlz<`?S7pU!P-ZU;IZ&NARYXuX733$>oHa~Q^oE4h-@haI+#`Kt!>S|r z^C3IPpwjgY6O>i8xBa6X58kYFb`-El^}{yArdCAED$qhNKhox(pJ{ej&(UPbjnM?y zWTzjm6O8FsCi{X0?f2Swrq-Xel>e)qDpYbN+TK-uD{_U&9b}Pvo+x$+ZY4!74X-Kt z`^@UZU}^i4ocx;8eOgtWoZ|76SoU~0P`aK8O6-DNsXYqxd}=O!HqDNe(qZV=2ryp$ z>9mvLj>D>f#w&XI=1}6lxO(t7IUqBe)wf1|t$yphpKJV2;fZMG{QPXqxq4bBSwH>W zSP~FwR~0ak3|6d=L(C}#?iRZn*b_NOq@Xj<&tIbMiRL8K5>_Fl-igToo^+(&c4)t; zv*948yu%{?F95PYO}{9e3g^6AcC-gVvX;T)q9 z^_rk%Mk%0PcddBcC%;#r6kr$S@lj!>xQAvZ+Evm2{SE9uE1&^bU zM)kGB$F?ksl9;C|n|L)!qJ4^$EtxD)vT)Z;yKXR5$sAN3N{|q5D!k!aD^?tj&F%>K z$f3quQ{{foQ<794wXI`ig%ZVnlD*Gfdbr9OZ5*Zgg-3CSeLP)^!U#ckfCEA!=mk}G zXAC9L2#8idX~t3H96dvah+5EzFd<-po#dGKdqz8`KeuVNFI0Q6F zGG=E$jy%kjSsxNoO37?MX($^3-YN-!#gIYJnYAKwn})V|?BmRk8~Z4-Lr3)cnIHfI z0DX$0fX!ao%PW9-(;ny$ilf_3>k(|NP@*WBdja1UA0z0XVZ9p>f8NL)Z46RGfRHP4 zoXXA-n6kbnvG1>T^JIlm9J-LA5se^4(?zZ10E*{Qa($_)NksO>rH7SJ(4cgQecubF zpE=w&7AQr!22D|todD5y!9zd^w7e8b^-P>!cZn#U-0ow+%I|@=&JdvrrOqy{&3tL# zgRbj|Dl$x~=-cX+x+-F;{VOwplKsQE<|tKSV;_0e3MJyX$gzJ1DEjTYt_rp6Lv;s` zs^CiSFN+eB)dndjmRfBACDz9V@M*O0hS(j2$XR{i$&T7tWqOqA*#i+)U@PvO_WN@@ zMp1w$BB>R*b$)Fa`eqb3ob#;0T;2DPLy@x;`Q#Az+&p%0?(P zu)11VTayLZZfV3Gd<@+mp$`M6mQ?rP6hjw`Wo>XW1l}aYf%6HEfSXgL$3`~yYLx7$ zguZe`!M_qQvo#K0O25*1O$NOZ4t)$WZtIHf)|V+L<9HPpn>s3uIElDNkyn^eO#AhrbM#!9a(Sg}bhbQWE~phhEunS?O07OpZYyTpgX?bqUD3N$vk5GaViN~%Naa;N#i4H2U zqgWu;e!}acdU9sC0$Y=Y@XmH&&0&< zaG7+D^tVTLQ4E`*#Q2j?ENWCh`4*5-hx0V4F|EHeLy3wR<&wiCVn28|5Sm~?QpyCP zj2x01L`lQs%@1c9lB185n}Fp}s&`(qLW${hBL_;X?vwSDAuvWWc<13rXn>SILgQic zfbbEOM{$DG2vN2GBjm2se^&2SFf%DlyxD-?*t4Gi0%StW^l8>P;0ygj{`oxEKXyxGfKtiuq(sFo7hz5** z*!#uA^RbANTD5Q1k3zzt+bZI9GH!a6?koR%+dd>skL}*Y3NkTbyz{K#~DAhaR2pWf~eZzwSAFP?eN;ZaHwQBKNTfEi=e#>o!Y%LsK?FVhO=Z9^_ZCx*F_IR}&ymjq(S+2t;6u~ur zeyuBv>sll!dw%$YV!7tmVM_sB^K!?!Lb}@HwQ5w?44+NJb*+r*T7_5R(5`yC))m~< zp3gscd{@o&x;bWL!}od*6y!CxC#?c-+T*pcNUzP2SP8GqgnMlTspji&6ER=gqL(G# zctU|+wRk;&=&xG5ox(s;G5wXJ&D#6vJ)wZJ%i*;RQD=XI&TSkj7g4Rmi3JZCDYgKIK5XnGFKtA% zebBhJx$;=xXjsJFAM+hztKn*inQ&{iv3)%C9Owf#o`(tZN<;B>A~cPC82O9kj4gF= z=vnt8FDezB2nYYhdn!A z>5O|7-BeH^>2959WN_%!)kj`*RB&+M#8HF-XHj(*k?W>{3Z?GWi4M5oF2h?!2pttB z(DRY|pLk3@d4%FFM31~^&jk_IX%hR^l&CxxjNPpP9dPsJ zsZfE!hWI?_2o?UClp0Ld4We})e>yw>8$T=J?K0g zDny7cU)z%z)KDSU-MY~MHy42n0JufO&{1KP7)!%aTW(VuL^$|QJl>NQl=Y!wxVU`e z#gYn-I3iRY9Yc7iM_w$c@QCAA72wc2$vpC6ONGZ9ZL0vsQ>MZavBBg~uwirz0h%6p zF<3CRD3VzLjwf?EZ&%#4JUWITY>&J&qQaw$5?6rZ>2st<8Pl!+$J6IXk1_&Z0gfkg z*S1~p0`utn1*q^SqZ{VY`3q3tQO07-qhkon_{d8`N%av%j?AND2qXE(i=GNge} z5dGwck>p;bmryDUruG{@B#uRm-?{_^H1=O2(C}J%F+zlZiUvT7tZkH{p zAHMlx`0?oT+3@=4g4_esbKkj4^+J2WAh{#QoAqrjBq?TDp;*0pL|^i_uv~2ro=ZM{)0#FD=s-gOBi`V+NGiet}B%R^Bxx$#1wjrni=K zJ`I3ME}JyS&Jm3~hb)8i|Igmr_qS~$jiUQEKLxIw-B_tfS$<2aUH2T8zLbIHAS!hB}d!je)jvr03g9PiIQa}eb(Ilr51^o8DKD&8O#jok(E3~H;gu8 z&c-Aek;&?rN0$Ps0kRPu6A@#73Dejo^qNI9VW8os^^sx5+Fa(L%MlT&@yw(Jng{}h zd~FM#scTKrae10GxLk7XjM>gX799GPvH<3hjahIPG|y5rAqoEK*~jN1OQRttLYz-R z0%_sLn9r21`X&lzKXNv%rSO!DbsLCJLVe@-7~hawHZk3@x@H1wZc2fsvi^XxF~SJW zLi|aHIbxg+X|xK;bIG^?vUL=$wy`SORTxu|CM`^uMy{CX&mIIx2~_A7YUqHHQ-sXY}bNp z#ll@;&6W_mw`cB}B^Is$iDt(viii&;uuJw*rvYA&`Ii)zY(OF@HL^)EWDq~2(g@2J zQfF1?Au4n479t;g5-W@6i_;6V37NY0cT0S>F|ze*)<(9D?bfziJ+u6QQfkxymCY=u zyE+Ba8R26JiDAXMb>6Q*)t#I0XdTM#*P!Fhg+URwGV55Ay`<7-ZMycA6KV~s@I%Fq z*{ytyqd}J|u7Jj3 zEYDy5baHWd{?Dt^qt`F5m%uV+LTYXc@LUE<)8f5gdG_YwFqri62| zX(f0#-z+^B%XkuoO@ic`V<}s_p9tYk==x-E$`ZJ}F)GG^EW+}F_?#?AM!zJMLN&Q| zEbGHOYp^ulCc+Epm@dk=-vmq3B2o>m7sW*;{DoL@btJtYwaF4#ng+iDESHN1{2D?5 z=Y|0;i)CfJ9b7!f?bzRfc<=zvCv?4CADz4kmc@YQiV)`qM|1sH7Nhn)<>T?b2&St@ zc*{jUd_onk9~jxWK@VCxdy|X^M`w3X$i4>c%Z6s<6UMJW!^)oG@u9w1sdiU0lG6+lceYJFF(eFQrH7^pe$mMz7i;hshaXN&C-18n(uGd@Qdy zc3r*V&sj*oEF%B-!K`&D-%?HjwN@_9B(dExesfRjzAz_%32$iDOs$&dKO7x{Efai; zR?eJ%x2IsJjz!#fO3)|tZbV>zO_-*6gzda$+60W=9i5+^oc`1+e^W{5V@`ZnFf_6+ z51V$qoi2j&3$PJPB0R-3)aEnzyq|u~%?WJ%ueI~UT{izB!Vf44G)pmmN7L(r$^^|i zQ-pXYmzs+N^8{hbI|Odrj-6%DApVsi~2)jM5i1iDn>`QEF-tEu&OFOY5D%Tv>YH0&Ni?OLsbJqJ=2XrYh=4c%mx}5Yx8w%4 z65)N_>GGOoplXKFSCV_KS%SG{D19Y~+?r);TLPsopA~JLg!h%C7+XPX{o3<&trMlM zB>B}kQTj?UNi|Cs)s%^U6=|88ee4-Hb6CUq>Q1?n)jyMq`7FI8+Pe@-sff7^h z{*d~Ft`F{nlD;iy5lR;mhEU%8^ z-4{yBay+(sn&YhaekN%pl+6Bj z#&{x3(uM`f#ezN6oHAu*e+ZIX6{YXG-#%YXxmYIRLHBYwBB{&2Fp&)vajr%jLb+?{rtfxgyMo_?K}isBbw3&mr0hD^{UJM1za0@ykRMVKC0Q8F zkZqxaDc?^#Cg77Rbq_X)0++KsUB=q~309u+)4E$T}cIJ>$56+UD= zlb9J6NTMKSbSb~k)z^|vn$yriq@6-9a&^(U33~$R$mckw(J)0vWofgJe*@Wt*#aK1 zioTRbDNX(`rwKbxMZr6_gx#jzZiOMmbE4dd(k2$TzplQP3`%e{=d>xzFrx>SYeB`P`cy3^c(8~i1XJ{F}g?P z1JVI73FbqRq_V3D^+8x^g}<@Bs!1cuC3_C1UxDLg?VeA;m%&km7W0)MwkyL;L@5fbPacRz>XV+*B<(jaYQ}>6W?;2>+5Tu zMS_LIvCE;4Nl%%((36hj@#9f<_yhd0@4W@UJNeal%k8JmQbo%D< zWe>f90U1%D2SP=Fg=|KGEkxmW#1a%UomwzqIxmt+Fc(8!IJs7y3X{Li=LFKw;ZSTL zG4V%o=a~q?foDp^+yElBG(pRm@X)2*w#c<^H>#z41*RnOEpy=vj%MYQOag75y%lZ6 zn));ADjGG{u4)L;WJ|&(=dX-fe?r5=r4hoxm_~9oaYCnZI9MnU9iTK8&U3y;&z`-* zJfhL?*|YSv9h}XG;f8b=G06&9gd%clR-VF_MvBZJlX=X^l(I=72c%k@w^*ci>Ler1 zCPStAz+%=kbS@XAB&zrD0_|)cbpN$EN|IRgI-Ma+MiaP$ zu%j17N3DzwlolOXysdIGOHni+38tZNoTCuZ_Q@#n@WD9 z@;HDI72B~RTS(AhL=12shWkQy}(@< zEE$ymGAUfu3JnN}3D+@P^xpu3=@D~M=+J6brFk#ln#^KAFrZT!Oyq29O2H~~gIw+j z%STOWrmHzbigpoI!4$`?>{qjAHn2!1ReAv?Srn)%E07+G2-Jbhv+9@<9fgAB7?y=^*0p_iMac5$<-Nog*#MQB5bm(`wdDr-WO zU(a8mJ{i&|0w%2b8!$drsJ|Eg>UBE*7%?IFIQhQ!581)@*B&}$WS!o&t3rfeg`O-$(t*s+M#%?BY9wPOwu1+Mx6^&>DX=25d67i+-Bhprk z*bi?#bj=w{wjvSwfj!E?XK^+bf?)2C5WKAGItj%UC%^lICuzOQR~N`15&uRi8FEES zrcZbRdtO3Bp)JRf-g+R!Cgfw{*hF*KO8A7d9776+E%{fk(;3gML=&0C1>G- zng(4O2K%rjCVlkPYPuU`6d*kGsWsV)1);ZH}?!mSPOh zXGgEW#3EH)B__Z$DpJYh{Va(JqLCj?Angt)djgFoA^{d9d>oTND&JznZX>fgl{G;R zkY;q5KR36OxY!2)H>>{JL|U+ZL+}*)3y`yb?~Mp_C4C8fC&jl*7J4 zPfi!lG>km3px_wTa-Xg}$4OC_0|@w=$a;GUDzJ=)KlgDR^q%9KMCnj!nv_bIilA0v zO4=V(a^#e$2O=y(?-gp zqAJ72Ez4{m8U;`sD{rdfk==@P_X6END3~xlr~%1X2-nYa#pY|)S#piq2yQQ zrFAt2upyNmSc>-7o)}$k$^Xa=0xTZ#PjC3|YfbPfbk@33Le2f*f@tQVA1N2fmdW&{i~xWStWJeSiiP6VJqM0v zEZd~~c{Aw~KM74sx|Jb`2&aB-EZig%uKw=21J1^-Z1>RX$WorqD_={b3a_y&YhaPc zT#iVzm9C{K>Z*pl_5z4QDWyUYiCEt7Ilm6_=>wzgzRGi`4$8J0;WQ;EIX$-vpJX&)HYM*m8UGx26IHB>}DQ%F#*diju4An zbxn=3!dLE(H)$q7`%i6$-+%ty&TboVGQ=EY(X2=gT8XTj;EA#aUpGjfqBt!GwVHjD zvn5}{z6n-IM5ct#l92@Bmhl@9lc6EQwOmn?$gv zG@nXcOmXf&M%_G%BfA~rSjV_j4u%pa;|$%-wvd1!!O)aq#fpUn?^?4_doR48<2amY z)1MYKQm1O{`%DeL)W_TPr8(20!6YvdGhMqcO)(y*7X^SWqP|!o&o!z}^u(fqnIJTt! z6#@@jz)Fg#L;|%pEBOU1<{GuW?KtFpl15?he_SwS0OgYpdKKM1uCbPhrcBH7HlbVr0T{lOg^kS=;B1EX8Ue4Vt=oFXI4`EPtO6PNgJqLDT>p%b9*E(6x1XbPY2K;)xmnIS+EH zlM1CC83ltBsVyujN8*;V2@w$qQCizr9Nh3(WTl`b~AIPeq5C%Ie=Bq~-#3i{G+#Kh0~mvX5M$w85;)1vTcp{Mu_wt7=rdoI2lB z49hp=u`0cCs%D@F)2E78vZA$Bq!lkFeb+ZM@Tu@>M^{{}$0DhsGWq6kOi2&+2g!Dl zkz63^92)gW$ZqvgF`k|=R%coOttMp;{mgEq7_^1Nq^~P?fuHQaLNq5+zPjnKkmV2y zbW6f8Z9?+A zxz}Pzpvx0=7#B^(eZp<#ok;R_8`FqN z3D9$ltoA-TYx&paMni`Fz1#sLiz_}*M53+SU zz82arrq`T@S2AKkVY!83<;Me_;6M^%K<@WY=^kUyO_Y;o-gg-dXhg**Rpfub{>>!T zJ{drZIWo-VADj~U*uO!A;^pOGJGogc$PG7Br}G|crs2vPLA6Q%t5v!BTOLzz^p_-9 zg{#3ZD7Pi6jN)VO-;$7UmQBzUetVR4+FJpaBb09sfRd0{WP~;m z;I*SUqm7e2SYU3j_jj%1$yo)H4Ov55=bHSN?PyL6$q39U+)&Y7o=3i3C%?4!TQ{~TD>R5;^H zCLFF!%HvZwt7it)BcLnDWB?(CU3?Sy+8&eg3RHIo`?T znjZ~4#9Qf!n~};OrH9%Aev>1r?rq=O-O*D3^cr*GQ(=Z;t7;CxretoKKh*wKYJsc6 z&M2HI!;>1nl%>EKjdCVct|Tf7uuiq}l%%N&Ss__*h-aAvj!lwy0ttvQ(wUG3lhCXd zz2;tM-#Q=SK$BZSqN=@ApOHradjA3(xzQUrf)rbh*HX;TUfz-+T&1Ff7Bcnm5GpiK zal40cKQ`xz#@QA~RLdk%IEOe9>tp2|09%@zjh3Okwv;^;W~BP&0Nr`EI~C#9V z&whGwba~{VBYjfOi4@u35TX)vaQsz~5xx-}>n7FHvr;?hU{#J>&KR6G>!qv7Iz7?? zHY?|aPqaaUX@}iwkv|err{T(DTo_R+I|fsVgT91a`6oo^nnpA^He&0whmPQcwND~4 zpoywPMZvFy3d`e|1x8y$1|HNWa;rgE}WC z+2sNf@`1V+w&1JZpIP03;HDKB<#0^Y`BNGpl#YMq5Z1H&k}L18P<(F7@{5{#-Gwe* zf8MLUi_uugiTU@XA>8x2%7Qhb!x7=xIA%p)#Vj5xFOB#hDamNv*BrPNroafGocdtM zNF#rX16`g^3F0Kq##SFe1;s(rkRC>pFieNIqFhDJ_QQPk^u-gDj#0k1rL*}rB?$W_ z2{_PSTxA_-mNNDqzJGf3>ebVKtxS{Jokz)8XDoOs5Z1|%v`xskR@yFRl1ObAGgHO( z0sF82`Y#Wsd6iNvVpFs|^dpUek|d3ApG}ei5b2Seb(mjs@>C)6`YiHEoWLI$ckN&y z=rD3)7Pt`$NN2cZ%eOD zs|zJoOF%NLGh3V91m0%`knyCN&n^z?EEY zWgnu1mOe7BzDsNhA1y@^@(^n& zSPKJBg=ItmasNH+vq`>JG@Q_Y%+U>%cpG*`?AA?K$FA=A1 zC%L>X8S3tO+upWbQDgiY<7r%pj`+$&2bKgGFyD0dy^j*Z?t%BwLqBRWi6jn|%5`!B zS21&z!h3srYa4+XAFAciJ?KmfsNN_Uhv1x}UXiq?42hj}AhD;B*k2bC`-_m+&mqxO zNSx@%AA><%n9wa2s6QFUiny*M_*Y2iv-G1-E}0}74-+29iHb89WGbmA7igC8RONFo z5b*41hz0~F6RwUcvSTkP_eUX(NTzeiog0)R0fG3MM;b9$le`rWE7g}PTNBZnz?J2Z zTe^02fTs-3R<1DjM>HY61kSFag28-XvETr!(CncrFcRaCMdS+5v^&4@iqOC@3(;w$ z$`!mxM1P-{@8T+Fk^<)d1Gb0WjYy<-A*+QgmBKU^G`xtCU)NH!zcyR4cu8;fxB zOYqeOb=Y4^VHEj~6#*><;$jOgbA@F~g%LafFZLro6#3y$@899@1qH%Y-tHI5*}e24 zH>SBSnwZnqaxv*yRxi?Zw1~*_e)o#p^SHdmACDEEklR{ex$3{N0Bqki6626gi7*)!=M@P;GUxL#n?!{kE+hw)vbRols7K2}WjN~Nb24UA@*|ZJ^L%#w zt03q~3XJ)MCM5uZ12u$dXph8&+*5v-EwOs_QKcfQf(bxFUZ-j;vyjRm7J(D4|T?n^y?#) zped6B0i41|JW1GV-~kP&rBGKnrq;JRmVaI3-e0mCB85XKsc)d4mBMGq@kSyy68vTE z>y>(arL>Hz?zZ>w3X(@<0YMN1#z|(QID31%X^wFdhT!&uDmM}qDQia>-<5?SrF!!q z(`0P@MLW!G<{ijV_gW#~I61ZT8vQ}#Mie$@y=wQej9KcE@HFrS>+^Ow6DlE!7WGVi zOg>S;@i>}kdxanf`zDC7>!CM&2aXbF?{QTwV<<;Al=NBh$POV8K zABkU$nY)c#S5n0YxjuSI{1HP>emJ>2J$ij|b@KY?r29*8+dzc)lGAg96l+GNIKg8H10RbGoG0_gNSkyq-aOw=%WQ- z3gk9Nk5nKP!j(lPDD{p-WFG0sHfyFNh4V)W@hHmls(HH5?r|ZcAX1!`MumudeE<@& zq3vw>B#k(fA5dYDvp_Uo<>gY~t~s}a6f0OnqGWmY;CY_qcZ;^a?QQS(x;x(fcj)Bw z$2SNa9)6Erq;AdDU?_K2O-6z8yYW0|&?It$&84)5sca39rDEO^RIXfvo7GCq2B4F* z={@sJG9vtz3Sv7M(kOtq6V4e=1D}DfMMTdmWFbsVeMnH_Nt9*c${QuYxuicC$D+=< z2OGGQ{V*70lyOca0nGUh>UC~*)ve41VLLdo3a@~gvx+)nrrs+{7R@TpBW)R%FnhVx z_2;E+gb*szcXzwj-SeLBSoHnu8G`GI3KahAnX|LKv*T{>xZ7Q;>h2!;>GdUg-~AW* z@#ymCRS#tnl1?lFV=F<&3FH`s#iEj?ENt_|%gdt^+32P5{tYOHjPf(EA7^P7RLbG< z%IS8ubV4;92v>w8XRGe+d0j6H;Jaj~yRBs6_irL}%BBR|;=8+BXlHw8drO^!Om|YJ zlv{8>=VRq>sr^|i&y?gorw^1iB&(kYmkr!xMBJFO--w^IbM|ioAr;0>4R=2c^e=F@ z2-4F6SdnUp$?pKA3cFBdZ>*EO%8B7I<0i&DOR8lo<_HIY(nu7lyK0YOIuC&HhD{CV zP)cKfXd*~BumXqE64M>@^35wSpPw1oU!y2e&kYM~$g+ZC`c}&%XxhC-nMpnhwLSFyXTq&BEjfpt7-=s+7E{S+)EVK1 zoJky0jg&i}Bn;Z=@#bL8i5wgfW^i32s4JDs*9;sAbTr*8S2y)TzS7j7T;peW99|hZ zxPmcI?;IB$ffKgTV6H&&vRYTebhU-BsTeZ<=1L`6l@dwjpQeO?oFJ)oxruS(Pt)1y z$<9Lw4Qrnxiv}g$qUhOfBcWhP^>#SfApyc+Ji>jF=BA7gMk6+65@Ol;EuN+R_4fHr zMkmGrDj|G~u2gtw&OiX!fwVJ|u|XK6Jj7FSr9at*h%0ksVP;vM5udZr=z$V2K;4_>6M>Dw;ybKV%2uYA9n)K+9nuR`9D_sIE=0R@N*j*%KK(QL}qH4uY zcdn+pSIWVevZ%9>{^?ExkqR6UZN0Yjr)a1q*Wi#aG~G3`_p6X%zm&aigq)l-%I8vh zQ#W$B<^<9)!%_MU{JRVCznej)kJe=u24}Gps#(<^LN+W{?T2ibdVWKS5IESM?zjol zf9|#yo29m^%~IR8S?aq-tJFNJ6nnHv{fAhk9?TTAPOH*NMxXMj{6dRQQ%g_Pq%3Q* z0rk6RteHDI|I@8CtF4dwGs|cd@4I@xB|p^}aDZd2Ggz!&ZGOrphX?w~oSH2Z+Pdl! zkzA$jya?iMx z-!gUFc)Tv$gTJfXg1@tO;BOyy;Kv>KK6l^}D^Z%!<4*gy(?0IB6+7*+%i}&bTJ(zg zBof4Nj#)h8bT~@T-+UI&{*HFGclOW^oZ-M{V=uG1w9LDfQq)1eH}B9%`RJ1v zj8WjhLgAj%)cmQN@F4NCY=9{)kC8;yuyb7s;ly$NA%z8faDf3tIJ5{=5z%>da{Ti2 z;-$OeZGZ1LzeeCTn;LxkGjsYPC4>;)BE}IOa(%u+BXrBDTuWO>ut9Q*IdRfxwcPL+ zn5Y%brf#po5o#S>pp%Oh`r+u}GIXZrG`r_pB zd6m79teF-O0z8OW5Uvjln#frQtB0n@gI~IK>c0!wDV|G-Oi( zmu?j^PC5{$t1Vq6biBVjJ`eO@$_F94H3o3&7A5^g1(tL&^X>9|Y;SLGAMEYHf48@{ zi~sFz@9h4iySIPP-P_&W+uixg_D;9Ez5N%oeIE!HpNU8?|I7BB`zj*$CwZ*v@p}$J zK2FGx@mUX@L<5e~;{XRC!`phACrjSuMo*J#%3Ki{RP@KaFDV=OQ^g2cgT{?TC`!t3(&(07#u-dCrK9Ne>y#&a$~W)RzEN zeCY)2HVPRIL?>iJCd@Z?jQNchM?>d^%pl=-&v7-pj*CVlj0tyKl#p>8;)FOZ8cZV4 z9URx7;EXXf8GB@Pm7VnMYsuobV0&~Bn(#1#tTv#{QFS!{D!U4_xwvLBi%AcKYAT#* zVaC2RNj^Rg_%!AJR#w!d`&hvLw|5Q>iu`|f@8FUDKg6?vGSNQAhBnZ}*^B>jwM6Eg zfT?3Z3Gbn!v!mmmLAC`YAsCZyZE^Sbq;vd2-^?l%!k9Ck2qC5ZjScj_#SM*( zwdbv*G-qSOv40yrr@~7gS=8E|rt9DAYNB(M#Y=lh+=Lsp;N)NVe$723lw{pnif{H)PgAtsmdKX`zACX`Z(r9?1auBK4FX5gbFyA5M zqBy;-x2MxFk8$FUUMij1$lU62(G8jP&>w#wxSZqjXDf*|iwVaG<5DWOUhDAUT()hA z6^EN%Jso77Yf1JayFj1N?-Q1g;#XOnM1gsIOC(kFP}eaZ-10m^(ww`@qio=Q=TY?_ ztC&rx`83KFE=UOei72>M-a;+4TJB{A)#NFh=m3%55oC-p zeQM0%YcsClSq+jy>^+Ctu2rMSc_ zP_Ix6VryT^#ak>?{8BZry8c;)4lsp6BgM}WPzXzHp(l-}#=_Q&@RJl@)H}>3riHxh zLsr%r3A;E9T^o71?`f^lAXL;WmC4sGVQ)7fIe}@SRB-jJHs6wAq;Q~axOc`~#~J87 zSge~xqEjdF-qdS3+-`dN!F_XGGi>hEyEADcQnNy+5duB{cceF1?4>cRt zpMoIf?pI$iK{VKc*0%dRjPkE~T7&Ly=~C-c{jGgzk>>xU?Ywo*3ikh8*4-v201NE@ z`v=>5Mf?BW^Swv=|3f@q%>JK@2ud&?k|cL6hK_EmV+}dlliPrHH^~G;I!Fajeb1P^ zmWv7ce{n}_IL*3(0yjY21g;4J189CTAZ zACtm4pn^}pt*1W;h9vQt%~`Ck*GSvT&72_PDdER#9Ai#U>mOZjr|WLF%JNA)9eC}u zK@b^GOLf_qcKam3-Bx~B>&ljmnyZeLPN$|3Z#GJWyGWW2*7G}$6(p>L(~M^0m0i-~ z-Fyqu*gA*K=Pde-^&1YFDgBVN)t542v!OCY*Ec)?CSw+f#%nJt-*||+dk;=hIF7}7 zhbg@RtLZpp75<|J%8JftI8t_vha4)6`j;3aeS1~I0Wzg)2FL8ty4ajgRtssV21Sg1 z^JNIOy5sNe+;P>evzE>3anv4qi$DM2=ooRL-Ip7#D&EKb68z@wVv*`_l8hLq|5h2{ zml?u&)z>$a$LBAa4xrD2CC2aWq=#dgk^NFbS5tF+qjq$5qVw)H96KCSQ=$0~Zm(kq zIT=!s@a5^Rw(k0d@n=ceEJ`5VUx1D#2@^gJ32!*6qZltCxbH4IoZ1%M&h4;r1bi5@T@@TC#8PmtfSY|Q=O85l!?XxUry}qcFTDMO& zw2+9{ORFpz`~B7Uin1{Q)XO7z6zE9K3U`;Z0qI;+0>CV{>#n!^jprOehRTE?e?8I z&@e5q>+O2mDm6jg#xI-EBWRN2>a-Q=KE@z`qgx!J)*qigw@{YL(=#_$O0cM~`^Exc z#L19+gwt+w(+pw*IHDfZ!+<`2Mt$Pri6E+FNROy90o)K3;cLp$2>oN%+tmqhh05*O zqESNl0Q&?+WWXj-&{8R{J?Gi8OUPEs;qIJ3Wy6H5J2=518$K0iOd~p;L{+o#>{&zm zmD*~A1#52oStHZ>V{`g`+x_le?Pu@*@8^F#`~3My3vK3x2Yo^byGY;)e(O|z;YRZ% z&;M39|5bNPHjMrH%i{RY-JQMXh4bIt-Tmi}=f4l}JmmQ=^mVE4|5K^$3rTKOS|sHP zWRg$`b6X^2|B_7tyXX^D&U2h!1s;+fEU70`9MS;x)R(e@?QPUMEV*!Gg@lf*(RVI- z&}8b`0^gL!V~mrLm$39A!0qi8YN=#f=^v*M4AFuF$WTQUb+@-$*@jnwuzOz+c9(## zn?hIuMK5=qeJX8Ulp(RvO5J`cW~4j>?Yvv4B&l-~J#0Eu_ofNu=2+|vxkxi!7nzzK zdPUW}pjm0TDZ=IGiQZl04!6nkgy8p#l%m-x!U+)wMhdwxbk|f{OY^`}WRta=sH`GL*TN|G^W0QIBcw z5Vbx;CSlkGdU<~S=DY`YrNDZOIh#_G;>_f+%hqo(lXaHB&ui6pdZ;D3+{@O72o;}G z1{uh3g2*Y}y(TmB_D1K5O7o#5=H7Qd#B?my z0``v+4jGp0bnrfoWdADtl!Plm>$!=!vymb1D)Mu0M>HgEIxo7so*A(MihnIs(k`31 zVr7E-ga(*~7U_O%BGUipX9f8WZc$pJ{P+BMh5Wbk82|qu&x6ZnE(;+N)Vd&AR5OG0u^aO?kwSf`H;6_U9%| zJ%Tu6eMcxAneT(&ilH7%ujwN(I-D*>cig8|!wm)k^jm+PeomFOfBP_}qNH&`RU*Ba zr0%S1xBc7D_L`=FA`Zt5yI;5TRP`IZe}qG|Q>;510@*%fp`}>shoG&Ix;9z{^R8fdU;_cIHb9?Q%0@0fsucfgR*b$90V0W{WcIOI9sf` z6)Z5V!uJx9b0gl*D*T(J;Xy6q9CpTnk4qlya|(ANm`I=M3JI9&U<0jKES+TFg$y!RM|QdwEdc% zYNb^n7S6M3Y4{gZ7coyOhZeRjTog*>h-Z8HXdctR>*rW&6VHgOLT;U+Q(=^0C7?K- zo8eDq-ZG>M)>*_%x*q%ftj z;BtoGHYb`Ro4FCJrx<0WtF$vfNyMc>#W%AEs$F#jS3XMrj+e0X#|9%jmJj>tL2UW@ z;sWWZ6Ljqp%hBJ*Y3Dkz&)t9L`trd8ddB1V^SE>K^7!+3V}sE3_9D*y@A`R1?bDNT zr0Unlatb-;>)e0MzvJd}^waU;>pkeb*72eBLgHOVZ~3J}rJZ_ZS^KaF zU5vU*%n!p*jYR_j4EbwYw$i(H*JbvCI_4tRD&X1|65Q(ytG_U5>*yT0`3*?-M11M6 zwF=VI`_r|JhZpw9R!ya~4D)m2TeaiX&FiV)qaD3Cc^*x*9i)mPwM=s!x`-_U-E3kFs zfMGDdK8^wMwsG*0i7QJEtVWL!_KAght9W< zawccGOXcGFFXYh+=bsQNDITS{w5*f?^Fi<0v3@Ff!f!4n;!u&IiediJviXCe_rycT zr62k`YU-H!YNz_+JnIxa$9T1H1JOC$1SNLA@tci{?fYaYDu?bj@g65o6ok@>L> zDAY&`y%rNCCQjO(it?YyZ*dZGmutlK*G#@MS!zf<^Fyfi4SXH!;jtP~q*`fB|T}$+AXiZ#D$5JYFf?ITU z-+-6%)6SIFJZ;Lh-5Z&BSxdg_9JV8*SYT~a*~9lmv+D`_x;26;#4aJbUC(n0&@0sZ z&LceiVm$H7NQleH-wVlXWI!Skh6+od6NpsC49VCQWaLo#*1;>l;{NM63!x#C>|%?e z6z~pD?Xtz^9rpwOG`Pc^J&IbZ8|?`GIY*O~MB!(NdCFBCTYG+m`m_X>(6)LxvfW6ZN?bKi zwDs~I_GbFwsg+Cf0}^8CcPCVx={sP9QlQJH1kHZppL`{v2E_ka@Wmyq9ncBZ(UhmVmO01IREWnjud2zjluVg5We22Vb=Jmkx_9>bQt^v_iyA32RLn*LlX?#8 zvI`n(=HB+|tk9qQBLRQgilB)LD71r5R`oLwz{)U$K2iHct!{3_<$aY-^h4bpL}}r| z%X67o!ZHsQ@TSdZG+P$QxShB9G{%(B-J%M`&o)TSSWVUX<83GPkE;+K)*qc2LSjZAcsEqELTRZ~(g7P0HsL&3vjngl&Bk2v#T0ut`)Jh0m1* z zd@=}~dfUWiDE+F}ZBPwT$3KBO$k$?JojR3i-uXDd z*TZ%h+>I>BkP=#ir3*KOf95T ze!11OYY6p@48i}gG!-~z$e{UMF);a0)lQr1^yZ+`w!@81;uztjqSnJuHo3aSM}{zj zw6nSJEC54-!2=%iXms%gLY%T5N2x!!Lx)tZTAV{v5dWFSkwZ)5Au;GhRd$g3#GI3|tU%4TW=4u;PY6-XkV7wfcJ)R)SxQ@wqGx-HW~3hP&&5 zqcqF}Dm}km8L|T3uYNz@ejP)55$S&^ZTe&2p4z)kciW6Iwrb#oWxx||8~(aTV}ze2QgQvhZ;g;{x@9H&;8H&|10G@B zleqR4kSbUb3Ev>bKviiSf@ExcR;Nky!=6U7#_+w$^>HISRT$wc%)70!eys6SbPhI0 z@MMi;f2QQ2=Ezc%1n<}J6o|U~{&9Nm=fi$T+eFdJu!ZF!C|ACy!7AKdf*ke!2g_~z zG3B4`6t8gn8T%UCM~B>RsmuObC387#sG|z@EZMo*mNGeKE5>1qW|&ZKB5V&a7XzFAu5GH`BwBqRMpmKoZAm**jv zqRAD}6vvXJ#{u_wap(k-amWR}v(^fhr>cwPC5P*oa_(m8M<00NjM>!`o|!#46=_1H zdhu#jrAw04apD8!i=vzMX<}5zD88e2c)nNH?b8F^r>Qhp?Ys$o6_$548BF+_u`pU; z-lsTff#UrX?K67tAu04&K^@&&L^KDYg4zCM!`(Bjn&z@p6JZhDRmQS<;hqCI7=44+ zCVc&j$X$gd;X7H5!tK)PTf_+{HH7_-ZwTsUaO#}YqmaP)Xg%4qCG40}(w0 zMQBCN!V>iM6X;=4K%uYNwIl>v3xzygiuB~L9~NBD9iW8$Tp}b*Ee+XX5Of%!-4&ul z7eDpBQXJpR2Q9I?C7XF%Dfpi%fK10Cz~+UDkFxcbbO;9#Osc$gv-$q}`D{3jL~ zH;1N9La<6ZxeNUmoMdU6*lB%t{w*@J55*n68v@~)fSh!T^5BI6G=eK1w>B}nOI?`s z!M#pa+9ApNhtN)`Qz}#6f=H3OFoE#5{f6pIf1rxAodyS)WaQ8EDh$?WAH^N%L9U&Z zzP@>K0=wJcbY+_vUjQXmUK{Xe3}hGXi{u@wj4D2uOu&^Dek1NmE#J;kZc1BDO?xRH zQIW1=Y+f0RI#46yF(gEqogu%J+nlR4bMU}R{U1PaJB4$dVjHbK8+(YLLaeAlCK@el?rpQmN|@R&ao+h zm?23rqGG#tAr)C@8c5B!6LFeLRJqt}mBFJd*K2aFTd+r|s(l$XrCR=0eFk34_Y(c33|nBqHXOAMqsvDFJksq2iFN%kiFIj=#VKEwZ6|FzxYq&cNQs!}CB+uK);cH}1`b&Y`mh+Ij;*RLGi;g;UUXZU z=Ar7i+?Am97<0cYUaG>16Dki9!98_XndHAD`qkvQ#N6e0){}lLso?x!IcwQCJ3cj+ z=Xq3Vjp3qp)@OQ@DINQ3yHt%!!|W?7_d~=0l8u6RCYg9x1*f|JHjP-1SnzM-FxZ`r zUxG`!G|#%@dRsPkMRKgTX1}gcZXAvRR8SlS&N@H;VOy5s@Y3ue&1cG7e`C?(-V-c8 zDR^Tpy~ZS*rOZyT7>5rEHbHHRi@{fpos*&GvN(!KgihQF32`pHS09$C>Re|r7+D=e zLBzCZ)d4R#l{I8j;FRcP)`Tvdn~-BOdgW2Ze)?XUziK5QMqPp4Xg#B@2&+rEgR?Og z4|yT;NN;)K9kT^aan;>1lhZWCPcIUxU2~XD7Q^s&#>C|T{6Smh5sAjR&N$sd(-@l4 zsJ|`&q)#OyAI?ygJZ)xp!&R_7r9OwwMa4nE(ASXWb;4p-cpG91B%dKOV(PCDp|MXm zqxZ&0pj1B(Q9|>f|LGO~Htnnb&uhUqfBwPy;yd8_Ybz6m2x<6ht$9_(p05rGJipRH z<9pE?$1+_UC06z|s?G^rqv$Cz2sy!rPK;0cpO&^tb{H(B2eg=QS&gRL^YV1qk(ORB1xg3_k2S}&RgI=Bg_zUMEzFYpNiRfY zQ;Sk{ErenZ_2lxke=_99lY@ai9WiO>xez3U!f&0U`n=%a+_DL6E2q(o;+Z*52?bT; zrix*NysG{9l>1KL!_&zVNME*1Z1M>Z>gkmEu>qZrxpy+znP^Q=XNja4~E;?kH0<8yMpUn0L#hwtp8m~1L z!|OYm!4cAsYKc*yoo~+Emu+x0 zo>P@)G~{c&I_8sPYg$0}YFKsFN=wS2V=aAs#3E>E*gEDL>&N6YpPgR0^O6Fa3<1)> zLrsmP)9&QdFK(GGtEJlF6z%fe$qt74xoPfY1n=q(Uhzj%_zUB)%rD2gfkeO$QIW|} zZ@P9Ty~{StShD)a{sVK_2)N0ls>E}4MlN9`AYIPcJ%l*9xp)mVClM*{@x=p(#R9>Q zdG7)3;F}ZAwKau+Nc#Be1b<16we$Ap2ksQFn97K)B?6;S^S?ekQ~lIMYV5k;UT}VK z)F^#}4%o4!PEAbxcE{1G%u+F@9m5nf*H27v5RSJUuC(9#=CW-hJ)@~zVnzOEs$O)B zQCQSooZPjxeO$FIItR+(L^rnlAr&ygk>F(oar>yZj)UgWb;Yo!r#85ZG8JMt0%}Ms zGYzg)3cp0Y>D;(eUytW*oz!y`3-NhBq19hX9a|5Tnl;x#nGX!-$Jo_q7ofaW`ERHO`jnPI?+Rv8y!Crb_oHZY6HS}V)9#+$rF!xlcW1c{CwTFiNZ~=29o``m0~~XFRsS`wsICxq{ooT4;QcHQ zn`XaI5k}jirV!3lg>I~Y`}}C9-X3N9megD0QdkQguIzs02i=t;ScRiUP(`>ULFcgH zB}w5ADn*-4gB3^1amKn}mG|1f%vALR>i$98?bjDYbf$_ko?q%}YrtNiv&qyTZcStU zVweFkULQ^;e-|>V^xpoRGLHYO?NpltI@fLZH30=i?{_|oIwR5Deo9k!;*vh{hYcDe z)B~X3^pQ88PUlKSv)y(T(1tVFQ10DpW4hq_?h^JqbO~ribwNT38>CmK%*@_{eDOm zv1|H9f3YbW^t6eVQGh)I#Ku%7N)d@JhFUb{#Jaj&Wt!DMELeHlkLHT8VZ>^?y~pt> zWgUkrM32gxhoeN3bsHA=7W=l}k_e`*!-7`kq2UE*+PxLzv7ND&+8Vl*byAwxX>F=vDU<_+1&&dooB-1P~M`)XI3)lqw*!kW@ zHR`l zDl`NqKT#FJbLBk`X>CzSDn09qW!NgT2;nbBV>C6(RPbkTwEeP;fLVj2kAdQ6v$Ux+t#8Q{gF`wM8d0v0=Ne`TpvkT~myAf>iHuOA6A+A%gA zA&5>DRFrl{-XVswRQ^I9P={RjKz&zYJ>XaaU9p_dDP)<2xWbI)Em@0v()_;q({jp^ zAZQTn{(IOetx5iY=Oo`~)c!hbSvpZwpQY^aXE@VG-+>q7s$u$q&?Y@ZL(Oq2l(+qN zYTBCo1&{Xv@`Rww6m*6D;g*emrHypgnZ*G^8SY+ z8(ZijCUJLr#SvoO?e!5S@aNBSMiID+AM1dNnyWDqb)v091ksK!T?EnB7Fz_-`zfAR zD%(jO_!wEpqO%xTqfC(#NJS^&DAP~jp5HV<^N_580v2isZ!LAjg)(g3>2r}win7?8 zmNcH94LOr3^{K1M46_o~eQ(7-QMh1?ign~0JAfdKX%)uI4V@1eEsd)<&=FsEG}y-N z{+aqFQtuT%T>un_@-Db~y5`Xfl=vuJbk}eRZKus_c1^uD!bJ9t3L!C%Yg@uEXSEXc zKS7@9xIi~AayOnz;#x-+iy# z_Qf9XuWrvSb1Lw2BJ&eu%;)g~Ky)=WsYNh(811X9AS&S*r?b2Iyac$9hcXIi7 za;dR=VN7zhmvE1DSmL zuHUP3_1nL>uf*hBGYH)s;F6zV1CZcCXc#Ckd4G8E%`b4f8h|lZIn*+P9XGDvhPJS{ zvP5rq>mVLbegt8*AZ*BJGs8=ZOrcW{FLzH*XtWPFASvR*n``O9V+y`z}*z z@Mq|xK9|!}tJk~kRC6~GK>ZHwPEaNvkz|THhGWqZo}T4)UBN;S%FDSUZ*cKnxt7lO z*$A1E1TE<6YF^6pm;*lkUE|l#PlYIt*+T}@sEtN0K2GH`rb@|wbt%G8*$nP!)yqi= zM{iSmS-N%V8*%GiZbv5z&3+6UHyH{VSdnt7leUtTyoj4~E*475EB4)N!?6j{Z3h^O z;mOa|2s*Xivp9u5yF@y3MhoC`Lj(}!hj;T?Vy&ZwX3jF^lkOob#~K2)=IV0m#Rg>^ zBR)G6Ep;7u^kY$-{-$&_gI0e3rie}`c@659AQh_9x7WIcDjWaGZayi=Gd1%tlBDA$ zgu_q#D+%*DOlcRwVot|h%lAT+Cj6J4ZZUeh^X2*ucj~Tc{t`U!ECLPC(>BgP)*wm-QMjzlkehqed zK1NV>tCp4{+yriJ#YS79WeMIVor0q6h+1kGo`k%~wr5cvSt0kd&tm;DRmh^_`{P2@ z*{Um-|H;y2(kU%MGDU*H%0Mq{+W z)3n*QYx8|wU-Zbfva3#m+-D5wL7| zcOBvyHlMkDE~bk_Nnbs+U?tjle_Iw>9oF^G<7*Y?)t>dWVihpq4u90bF9ev{HF9ff z;`1^|y%F69a-U4mL}_W76mBYv&i{f z0t>!0SYtAwsCr>*t_rrU^8@vB?KRFKotT?r4>3xH77MQynNUYj7LXSYtA_Z6_OkhWSC)GP?wZ;s07KTURZGWMYUg2 z=zvR>4CGD78$4;CO00Jw&xMV8l7DIVhSPBnF0}*nr?ZGaYYp~Kl3PK_j&i>=_!%3U z9{`pF5GUp5vh~sxdSOcD&Qp*S7(8(Njaka%xR*or5fUsAe49i4$Y8s?Fj1Azh6)j^;V zI7ktTs|0~YjuyI84H)LRmEyp2AXOC2nl0bDX?W&=%Rcc1@0!TEy!9himqfaN+)1(yBSla_$_ z=z@EXI#voC@S}pjs)u(={e^)fTPR*2|MX4B-|J!TQO=Q|YIX$hQu}%Q<2~fDr>hm1 z27DLEL3{}6nA@%j)oPk4{_D(8y6qf0`<^SqGu`vGazrCzI(P1NP_q-ELj7HaO2JUl zeG*)8l1!C{s8fQNa!zWMsNH}ep-y8ic2+1T;{Y3>Dy%Lr0~sXef$sh+MJccanDf^W_A^u9MrL4fam9(Z8DmB}e`<@mQi)Lyz3AwTTr3-=wLD ztm~1Cnlq!o(s1-bo%(7vRZ=}u$f^bqK(}B~z6@q5*a$=PhpI-uqQ*$$pfk;0hQE;? z>`O=LJN*L*#8g9Tz>zr6R71^>7BQT2im=_Vv=cKU*d^V~**}P2SpmIJyY^3ifQ>ba zZ+0)-_5@9L$H<4KKwA6B5TZg$P#gO zFkW%qlflWUk9&hR3F#x6MA4keEyi4EWJ0ORAqr{rq{@-~MH?a(yQaocL9NufSf0Fy zZho8CM=LkYgGwQrL+82Z)iVmxpS7PJgrX4MAUYYgNHe#K01NI`gcq-#4yb(>$3vh)Fy`^edSFCRUelbStvQT+tF(jH zv4aI<&gzuspHzaaDbNUB#krTM1+2&^@5Akbr$|yq&soNi5iGO z_-fTuvX4DVh?3=+)5{S75P%L5Kqfwwnr7h@KzAb5r3M1aG^wlfOLV{rY+gaHZr^Z7ROx! zm^XmPeV?8`;+q1Q!!A5a^m<4eS9nqyjA~a?e&5FYvWq2a=?9Gz-#w-Fx`-VlmngG?bJ81&UH{YRnV8%i{=$ z2nfhzoMp0u?s^FbJkl!AZBalBtn5h|%vvvFtg#A`g+1k(^I;qcJE?VUC`Wp^gUAy; z>bQh6N0GIOr3d-`0il5A&3B86?XAY2@v{bcQPQhKv|Dwd-yr856IDKa6%wU3XrF;c=olhFEOuk}gk0vl#TLoVB)wYj08PVQsod1UD| zEdPU_{~8U+1ZH=fxJLcc+4U{mF^1Qb^~V9qgeKbjnWG+FVwSExf9n|*6n-q;YNng* zAJ4G-o(}c<2|A#wt@1k5W6hc0`UF~HXk6;ZWMt?$HbPOFxVanP>GN*#C%mHi`t#(rXA;8uWkpK8n5{KR-dAnZ2+ue>=!Lg+lVKiaE@>SA^zu z&ZD?plAhFj*M~f_Ky2=zSeFF;{_KEq0FZZbA~ z$Gy6W)lW`iSuG0n7*NVcR0Z&6!y{2)*)aX36X%MMhmmFeu5)#eqGibkPe3`ak=3-o z1t|o>aSZpcI!vmlE~ycPijsYYWFL&TiFd7~gV|PT^g=&!bl@KFz#&OZ5@=b7*kjQt z2cg_pNLU!b0g14w3Xq_IjangRH3@lnnC(c-qwriYP4qFK1ra2>!gLyG(7H9!VHby) zS~*AK*OELkCOwo{BozvL;>7P*BfI{*u~E}J=>SfH9t>OlvO3fp7(mTE+8F2hqCWU= zzL1z-O0;@0VXxx~LibW!maat=_{Y8dRnms~GUi}`)AG~zmlBrx{xW-bn$`wnM4kK) zOwTcB{d`{aEAbV~+B_`P%QnFY27~@_1!iN$*x01gA8LfkIvDayZa4cjKpHUozX+Bxu_lIe z+jj;_3=Ng{zSXnjz_=YeTH2Pr>8Dx7a4cm#RInXA6@h}nq^%ZwNJ$b!`MG!|UeiI< zc!H@6$Ij2_I&pX-7s;+qw_H$LmBAlKzP;m1!Hk0M^*x}e`b-C%j*v!lNYs%{O;@Sm&W6H;lufr*T zN+pkQ{g3IzpKu#X`1I96LPvc2aWKZu@};j%avQ5?E8)JF0K)^}yZp8V^#r zYW~!6e&$V<{~46FP+#31WtnB|LNSUW0d#25%IUwYEpHs*2OMH|Q4Mi7!)$^c{w@&c zg=@m&6&ear^GpkWOC&Ce5u{tjglO~82-6!5(bg;~rz3_{l6bKL2z83ACu$i7PXu{& zlFopGiT}Tll6v}spzJa&MSvTEUgxnsO2YZSw2mZ|lsB5eIVV6E1marK4NU9~EU{Yt zlPm$GqVx#I96^0>Z0qE$>+T1(FYpJhztIHlJ{a&%_T}gC>;3lC*Ywr>$o+PhrxOON zf{ZHfv$JTZF*CQ8IG;2jVmQ&;!Rjz7mHrKI77qlYVe)!-XO;EPdvkJj>({FXbo;V8 zNRBEQjM1WHw_EM`rO7op>fLnqjcq(X|`x(5oId~Inu zr{~hKg*xR6Ud>x|TSSfYcHvf%&Dart`b}<=J{Pvhg3*TX!7d38uE}vg{ZVJVlE$lCxq&EV?CVO<` zh@(D)Jf1s>KYQNWfI_3LLiiEQdT!5uYtUy&QDu-LP`B2EPA=bn=UyOpfH$6vkqyNSymVamGCh|?|=5_bR^?RoxUgNA7 zV>xX5CSmLQrp0roVe7`m*3(mqN5>2@lKWTZ<7oYnQ1baU-;9nFvFi$O`s*9-pWE76 zP5!#~@^PsZ7{7qtSxd>hX33G*Ei~k=_(8z@rZdgkntOFmQ3oUQQw<`MVg5;CTE z)2ZIgl=vwDf1n^{rDWZM7S1QSj*BC&OpkwOX703&h{kYn%h}H!|2d_y?2aS;iX7B= z;Qd4P?_W~UBXi&O*D8p6l|ooG!0ml__igd?SEv2cTVFhXUwEF#r^`OC|;gfErqfT3WB@F#-0?0 zMUMt3DAXue;9ZhLHpne;M>WFgPmn@si0wS#VCedi`JS_&86!Ce=#WZ?6QF~v?)z}T z478nq9~oH^7q_g@D%ySC9=SaCFK=daX5rrLQA_smXA9a6$bfjs6bU<`dOSd2G{GTh zRzU|pLMEm%(jG=VZqD5tOx><#+%&9rn9MMB)iXq3`Wt<;4jRQJ;l&H|FzfU_>m?T- z1{F{GO`AMX5>wAH{21pCpP@NMBQ#?K#ZdKX+P%i6X~WP>+^(mD-`Q%CT8$X-xUpb2 zSfMJ@1$l?)d|I;3&3Hv;W^4Y02X8wexmG+hY;a})%+L7(5UnC4Q}u z^F`Va?-My$vL%Dx1+tSE@y+T8cP~gVbwSU++#l)Rtej7D8XrWPI2UTp8-~BmUE_?H zCDqBx@P>Q5MvPrqCKNDf(7<(k#1l+zA%G7zSX6}81zRLGywuvIEGDtz?PJuRV9!w| zzb@Ko_8}zTYyRjiKBM9}spz3Ol$E4jL>m7{Wj>S>g1HKxtFeq>Hn{f*y?3m= zgO?zHB*Z!3*x3J1h-Duu=dezbde)2zUhI%g%HSo5G%m>Sa$^+-yZ*cEL~=lVHfpcE ztDksLIIpMiU?~lj)0AqWDT<{MtWip|Cz;*0;R6L<*PZ;kaC1DVej=Q8{H`!**;ZZ% zjETHTN@zIVJp;yQMUEjPDeR~h#+Vc|vz)uap<((zjoASI?e99u9fV`&5_)W5B2_W% zBrJePe5Z&WZ8xGC!Hk!$J>EPLy+pkYzH3&uf&hnQbIq^~(;6k$zY2XePt`HjmCBGZ;PtPQVYCV^IK)V}pxam6|am~E;cD13J) zfV}$$NUD_MLv%agu%r)&aS|C0!y+WLoAiL5xi^COk9)XDlRZKqSzcclMyDKrvmzUR ztGZmP={iW1a{$aXs9x204#j07uX*QVWU{SUP%7)O%2yS)<>xiO)!dBdULFH`!9&bD z)>~2@hdHY6Tr9$0Q_`V)5K}gYbtW!xudK(uZas`HxG;?lv;ybkWCaW*W_30kzgfHz zQJnf#j7%XiU)*9DmF|)X)KA3ksSJa#ozud^g+^?yV0GA#Svc}U6juopu%GTEcGCna zC~E+fZlDJk_QJD_Qcz4|YWAE@?lUu>ZEOge%os;J*jRWj^!UEt9;njNEBAeT^TWDC zk@s;dW&Hc zBP23nlY34wP-On&$PhH(sXU3-TbHYT4mqK||A4X;S69 z*m^;=GS$pC=76||z6q<^FS%);sUw5mF6{F^y+=BCB_$Dzt%5YXA~zNlcuI4BXW|pS zr^6xFv5Lx7H{Q%mg-f%T`f??%+Jmt;th!dqw@y9_&3MH9xQr1g8bDOMlYQ=u6-gd) z@<3*VIZ+P(=BP>p8Tt!}Yanf*EMxz=Eo5xnsz zzrW$V*X-9w*#*_rNI4Yx*+{t*D$peV9X7W^t`?+|FTXC1s(4*qlbUK}{828^VZh8O zp`pAAMe!ejdWWT_naSoj&9H6 z#fEaba93O7uY7a}jptepo?6R}-Soaa4*o#}uTciLN?l8+75)}gAHd7Yw=_KLTS z7-&4(mYhvr{Yl8eYcv*W~LxB#yQcM#IxkQ~U{Yg07>Nf8N z89RJMC6dmA#=7lB&2uUG*1iDU3nln2ENxXy7APhLi!`dH)NDJZG|EgnohX*F$c&UK zwWo;OK!Tg$ilG$$#QY~M6O|gCZJMkfW=lCnQkVcc9;_GUMwLI-0&K+LI6TNRhXQp^ zQBD)u6n>i9O5WEB_)r<7;$r(|(+&=L8}HJYH2RhT8g};{kZXMZntiUs0|i2(rPGC0 z^k(eu=(v6LJmm1=bM+Bv`c9g6-IR#{!AuWO9N+=Ek#arw@2fccaGt&;`!XgpbDM-K zxA(`v25Z_&Il2w_OI>B4|5;t3EA00#$3la+_E^X5NmG8t**C(ug+uSwkA9dX@@A6- z(QyDqVU87dAl%1O2?mBeuzZ+Q6UE<#K?D}5Wt2;r0`!-MyD4 z2sh&Z)jpKbM9Bd>3qT%z#6y%Hir&xwcJ1ViZh~`TU4$WpDyuV1XC|iHLZ2y{_l^n1 z^C`QJ3wH-oJX!i9T-)3xG{F1Hc~cd=Xi60<$O|XzVW9>_U|ACz)^S-wKcXUpG;fA{ za?W2;2acV?;3iNjMMn*dq=4ZZ1wa8$=B8HUjkJI2g9O`sg|%_;uS2w~&Pg%T^rpM5 z9rhrIo{8V+gEy`@+_iHNatjpu7Bx~iv^Qng!v|WQjEGP2z2u^415gmk?W6fA6M^T zf>5N<1S*V)t5wywBRD{TFHTAk?s+z9ItY4T!4pB{riohZ}cgkT$g{)Cow%>&=MnzOR9RCX3il!@VI;bURF!S_-{7a};xHrLX8O z#(YKS%-X22oV24QbFlG?AV8+5hdRxVvZsz}D|yG2pJN#^8|>tiI>nzW1p)g_i6#B= zP8O|BN!m-3U@c@R{C)->>`^OXaSj&`XWnP(=d@I2I;t$7;Q3P^YILd>1sWt$iU5Z3 zJP;jK9ZRuSig!^W{SR62BxZjEH7@d2Rv*X9YQx-+s#GTaW+;QIH8vWWqFG5I4z#sL zqJ75NwrUPjbP!W?qq4x^LB;lk%@lUjvaE~#w9jVJ+$v4&FFj-Yud zP!BCZu!$lGzI!eB5bzJdG`X(Gs`Bkkca9AU!o?09)^Qd9KYC=0`#I*2WJ{4V{UJH@ zlWU(b&z|!Ma@F1r*1Uu6y;V8+Bk_u07WAy&|1y=B@I)hy?+HR-Ofm_xT-yQU+JLUp zT8G)SJaHL;9yQ^8j(hF*Kh~|}&}}LAs5Ck?hn7EdU`nB%Tc@a#<2h)=ugfB`p21`s z(@qt?0xK|my^^_bKi@o40k6R`PDQh9wN3up{vLUDF2fn!aUu~l5r^mfxQb4}rBN!P z)j%APmy7E^Wl2mcP$A|?|wt9Pv$5J=VTL}BpR+7?HAMP95)s5QOHsd>$@>-!eA*g{z_-|mi_l2bhIl5q&aAfc+fj5+Yv$qK`lAD`$Gi}6RUGWtC6FG{4Mi4`$I zNtP`1O%~={JM~C*DUr09zBnTn7!nlZ6Z6~n;vj;MQ>kwtpPS;}B7gG2M$+A$SsNbY zS6KWBj+wf@<_Hb+1)f#n=);lP>{}OS+k5lxxM z>b!p>Z(5T(!)t=DuL}QqeNN-9d?m($uwu@#&?(0HwqJg%zWalUe+mLzy zu^eP-Uzsh3zCQf1DhtEaDm$L)yDX87d$ryno&rw|7a}m^yC8g9LCXkxGrs1K}uG?h|N|mBR7)-oET$1R9o?q#-ng(y2z8!UB@u6{B(h38SIcuR4v$gHvHXd;8;!k+Z7P=KpWSKadl;Ql{W!au8C~7t4Q8p=^D>+Uf}EP_=ZKF5Xun?)d!jDkes0<0jJf)DN2 zbJQRh;MGr|C~gK#qO8umMYHa?WD_IuEJ#iq+w4(Wx>CSH5+9y8#6F!p4*qG_OfIT* zs~1*;i@qO`!@uX|C<~#|hFZ75Fyw%T^Y5EXe3Dh^p~g+YQ&$ebDF0su=GoNoj*eXE zw=k}9%``Qw%BZy3G!qhvc&iHF{eM`g+V_i{r3o$nxyl+k6OC;v^3m}^B?6)=x{yQ} z9;SUM9lF#*kzpYkvfuc$5`)hy_XU-kQbvQXb+3Qv*W6B{SGz({qeo~gU}WXd0%_P| zMLUQODiyiqC(}1n*q1=xB*P*)hOwM&U9lh&b57d6`? zmpZtmddaUaY}(=?-$Zg*Y5G%vElh>ognNb3?j%gn9gL#g%@mO=4aZqmkeT4r(1tvF z&~^&yu-R8tjM-yE;q-28{UMW~6|&T!`;>*cCh1 z2z1VIj5>7v=p3^3_hi`793#a;2E0ztIA@og^R>E2Z7YCXQx2LUyzB(dSt{0gCym=M z&2rug*pakcppq1S3QgySrJp`H=P7;7RVt1iwZ>I>P3n3#^NV6D?;xc0%dya{v8lJS zKcDUGRn({YJTOD)Jd9aa`Xz;9G&FL3PvQ(sSr=s0;ZUT-7hp<15h<#ws{BSIJJN3h zfJ$Dp8eBj#%GEq?w010_O!dY^6zYj!W)2@JwrwmVAKEMngdgENE)zERGl!+ZD9+neVWKIfQ37nZL-zZr{3M~G6=m))1T2Wwk zl7s$jA3Sr?ZvkPa7~Kbmos?%K6g!uMKP8S`(RvRDWG8t(0Fs?#^<6^QN#WLkWhXmq zk%Z$%vr|f09nQ{R`@I0#8TDHSqMd6tco0lGS54LgYUij^J*=Heo^|2c)eGc7w$p@S zyUsHas3uNv*cvUj(!%VftgkW7NS4AR;V0R(1X(uNu|?X; zD{EXdjc8=N2O{(nWxOUVBCLSqD=*zkf&#i5?SC;Wpj7FSxPY#iri${KpaGqX_|1XIes5>cLxPfH`%K!)ZxRjv-H^J`+|P)CqBa} z^+z^h!Bkuz7$JBo?sS6$Kz0~54sk9Ho4|O6>DEVzm=l!tz!fVV5e&k3oFWF+F`n@& zIrydA%r%0I+hGXb=0{j@STc*W-b!417PrvoUjse$|6Q|27&2fM{HT<_?F*TH_p>&0j^WXG{kblo)-Fk z%8xoMuts*`mE?VJ@M3SSo^Xc>efaV$6k9C=)UoM@KM44v@|v|me^lMP0sdnJhcy5| zR#0C90%R5S>H2;|fxN#_unY{OW6EzhA|40{vX-3}3bIkvJYbN`xK{V} zW$+-I@$~>gw&3i7gskQ5#e{4*-hFi1cC%WL$Yu(ufQhUXq82BznFx=zK7uZKKo_OHz7N#J;t03`cG0q3R{&nr?6@=W=}*gm_BBcO z!a;YgB;+T^TF-OH@2&qgLY|cDJ3MA1k~BPVJIuOx5S~Wk>Or}C~e+eBudi?_{Lb2-YNIvj``AyM(J<8RpBUg z%1!Vn*QD6BAyP{D8$wdvOTSnel(Gw(eR60DQR$H99xy7)?%h@>m1--u3QVO- zJ3lp0rPSK0NR>{-Jz`Z>VpR^m4OXQxFP8zUG$a4k1Xt;j=sxf&U3~5zu(FE#@{pD8 z_#$nOaSx!CPW`QfTG_M~OXF5nh>&CBiYU(=&uyo11J_JkWntlHemKCPLPlRDvs^vEXv1}#F!=PBU7U}1L zu`I$y+5%as9jOP&vP8KZmZeSJ17=y4e>pfyn_Xi(ODTY)_k$u@+V!u6v@9w9Ck3^% z6;lf;SyIf;4lC*CIuDHdX-nWlwk)+vdu&Uak00E!#O%9=x2&og-=5Xf>8C@utkQ@N z;<83Zk06(|V|Qs_M_cvnH+_%Tj_bpAtkLO@2=1s3ukQ=pu^dC!9N%$}XIMttI>8-b zQNU-(YemZW@_cut6;Unb^n<&Q{9Jrkq_e2@Sr~`&d|r%XsUCLHUwmYE!;9}_rgaTN z_^DtBKecCAeBTHAO*m#Souce;_#O;VI!18@r)--{p9tS9ow)f<(Zf~Is92}UJkMCJ zro~n~Y{&UbWPM7v$LesR)&%izc%mN0KOCT_ryh@pqP2*kKF!@Dq^Ji`bcEt8j8RmL zC`v>r6H-(@H6Y7ev`v>GJ`|HSeS;@(^i7Fz(UPv}K!J9CP;XHI!k{$GcTa*&z|1^5- zEWhprczlD>-Wbn!)7@)MjALkar80LjI3>GoJu?=)6iq{tr3>&k(P{hO^7xmN(beT& zSt83H72?TntLal!u_HO1!|-Bsa&;kiSVC8`l;rgEFNP zR|11@qYF-}q)JpkM1^FukSiPCL5sr-k~(697pv44y3VK4@DdtgkLEI7a6^WBY;czz z?^S&uI(Uf1bJ_HL;O^~WfuHultKLEHc{f1UA&k5G``z>Mfy4L|m0PQfl! zI|{mvNB}J)M&~RUJEFf}3?M@U#gn4`qUDuYAbWy5no>tn@{CG!bd}T6ThBU6>mwqA zk~F-93~q*Zja}D)q1J1SUHyD#qiy#6nSwOXERPEqzje*A$;^&yNWcx#)LCjjSJPx7{j_rZVd zc^W~4dCCEm?Y%IDq)l1%LxL&D5tx!XVifMAMo zP;4r7E8q^tPcs>K8jjh(nZPijyr>RBQ7H}NCrQyQ1Mq?I0>tP}5uT(HHjAa$##tEY z;>`uZtR^Ts0jCnG>wGc{ra4SuoFM@}6|(a?N(aYC_~+$!*9%n>p2-``=Fy_F52HWJkrv4cCP!&IqugmnAH$%3sgR>7E# z&`aG!=0vwuoxJktu-S@07S4HVbFV0!6x`KzYFQ!V(aHoUqsDwZ1yGkY#sS;!Q37t# zQUj8hPBcO31gCROm31f<%r3rA;odIc`rzf>9`k8g4EkXIKgAn|H1y9XLeXdukBNrv zuZ(@x--TC`j(4%}uq8}>EOx~rrTtEA8dzjFEXi;1RJjqhWG$`*Q0?3FS^&-ZX>c)s zCep)U-50a*{e#_G`^fJM?Y`)%Yk<2SSuI}$cVDPwU3l=Wj`|>Y@Xo5N2@u{P?secR;t?eFcK*;#(>8r^T2pOfdh^ZeZE`py&moI9rEg1Zi}+M3Wv@d%Hw4c`9y~sF$MldWmK-JYFv$3fEmPp*c8LuIq^zoZKL`$@_?rd01yO9S2$E>k z*Aa|wcIdN($`vg#jjk8GJ-U2ynZrbP3;^LTV-XfIKzRowJkp+Dx(GA+k0Ow>C;ofL zwp9NI>{Gi*%3s@jbobDtZ88ipc!PKlk;+DzA&DYD_foR9GNAfy7DkBQ^*CpAro7xW zBxOL58b}PipZdKDjbSoM1emWqCN|pGKAZl9v5ecGx{H~r4(i#e)B*P;X#OhcObxQqlz#tfncL)Y7*FxFH zDNazDS(=%NV$#g0(1$E)_ISr3*UVzwQ?$iD8YMj48-PX3?dmq*6-H+C1q(JGn%U2K z1z4rugmFMSM{zvC6OegoC6A&LEpyF_+6UTf_oodMQCyU!gGKA{Y%blUqFDU<>kh+~}6NzkOnCde7x zwg`dbvA38gi{x?x9-1(Z17cz2IPP%?IDCUvj1i~wl1vwx=a;eDAB(I*uvHQ?KqQl+ zhsseTFd6Dpua8sZj&ldctq8RI9h zkRu3$3nvs$(p+RhP~nX3(pD%H3r5;0xps>HznH~1EjQls z5-E;QpAwEUBw-F(&_4b|w^_uv^uuJp?yRC*T(5z+FB7MIa1y&q6c^~KqtEPKxZc?%2dDzMppFm>ew@Zoh zcZtrrxw( zPRylFzjF+w*LI1i6hJc@kWL7<#B@cu%)@w~=Jc~L2C;&QU`7l(Y-4aoBomIxVh!Ly z3{=VT;#0{~Cu<`?Ft+g1du=f}gP)v?g{M_tcPe-qG}(~b+yqyrqw?&PsjY;NDT|1` z7|{=f?crH@YyvRPX58sZz@=eY5;1sZD9&g%K-y@KpEzbWK@|U@CLbXieOSy$W0Yp$ zgwZAXFjJrT1eS^TA`jo5I8~m$aKG^;;gbZo_d2G4`jfG;g1Pna+1=p8#-55PD~W+*MBC8bObP)W7fX^$ysO6A6sw8=Myl$0V@b96yUnk+3uNsB^jL`jo)8Bo%q z|1f}(rciD?NlP#vo@AMn15VOKONWzO6%|spJr7HR(>~bmy?E8z(_ta`o%I$hn$S|5w3i1tJVaNA zNAVE;R_G`%TJ+nt=qS(Jrqct1qnLaj6dT24{b0~2C0o^lk}4123R{(Sk@Z2Q7F|6E z$rZb_<{c&(7_j|chK;R9#7;(8q@^}f%`nN7BSqfL&Q5wYZ_DBN?r3n%&mSe;ql6+Z z*!Dpu!ebawk{!2CgWB7JbSlH+VLHv(&F{ADEw^Pm>;?J+=Lyeg6LGqFv<0Q7PIJaH zG`{KHpatoJIo*Qn%oi-e?pL%hA_&-5z6M6Jjv6|xH@yETd*zXPB-K0Nu6%N*_Aq7%e!gjbTc^`WllHfY_*Bg z&BUoloURq3HgCF_2#$a4=l%Jq^}WGAa0_}xIV z6t>oqh%DtnRYQLnJQfd=CE!>ru@W4Jm^5y>Y4~6+_C>@^bL&xkIy$#r%4I7OK376w39Cf8_z%dNiKy^iqp zF25pW_Xv-fD~=n-FbR9}U{gyR(Cq~wZ;ja?N_ngY@pgG5!f6b+5Sl$=sQ?NU-N*k5 zV}Y2gg~&=_EesZ21Vx~J>W~t!Y5EpMOaS!<%mjb6e^T+Q+#U?fG!Fh*A3WP5&De4( z>N2(&lE)Atg0!eTFUhV5j02OeL8N(=Q^f4}h~>GvsH9Ys-7 z?E%0h$YUN^$$}z_a9&PU;rZx|Ouv$uxpXP*+Am!bE`OfDY}N;2%WgbR;k>}Z0EPO@ zXDsJPo}Tr!`@J-KVTgn8*H%byFxO<`4vrd2p(tTn3B{)W0WAbgoJQ7xCgh5ifyViv ztOAYYgIWX{-*0FQXi|J1mVhSEH?smX8J4sFJj3>WR)0<0?`q}ON7lDn^))FTa>aM{ zq3?gS|F#Rg2;dOcjHq#OnMd-jb#W=rvdjJ^cbLdA$*6?|2+@Xqut2$b7i^=Hy=X(} zmobZhOL>NO&&#(dT%#r2l62K&+?1ffBr1>a%rBRn5KZ<*zP)BfO3VOY=X9u)d*#xD z5u&4mIlhkg1@Fp$M4yth&tt$oc8%M{;V>+LC2X1-T^)E^{X_lJ72-;*I-X4 zJ;7-o9L)7cQTd`D00^BT83G?lQ`KYGD`+3B6(8mEIZPLQ0~0GI8H~pWeEtk*1)gwr zJ@x$S*ADplRbFzhQ40_mr(wdQ3YMT)+?+3onp!_YbDS>Th0~eAmn;7-rYxc{=IoOX zbWQ$ny~q$*scrrY_V@NIKD$+X=kU|&Y%KhJ;DmuwZy(E;AT81&0 z=gexK^VC6|h0%4sSTDg!jAc1?q9xw`iRGPTL`zfWV)eY8?^m=qE^^83-e-%AoK z34{?O8F&HaVVq~yEnfxRiIK&85{H=sn$u}J}x4g+so)- zvb}xMX?fpX34LkbRWxPtb2ZWREKG@&av%df9C42Lj_I+Pz-|X8HV_JMl zzMpu{azAYs`Dsr0jY&5S`gG7=BFfX$|M!+T(o}s9l-tpQv60zR!9AP!y5pxjXU zAIuopk%?(M1&#E<$1nih{9~W}_ZRR5jPne1gAV9`?&RR3B)kowIre1Z>e+V2@IZvB<@cOKEMkL6h794$4k7*d+@x&LXeP z%3R$UriSSRr*j~Rb59#JlNk_QKxh76>G05i{kLL-0_G^6qb!_@q_JBZ2H*~+F)g#r zAOsmn3p$WJtFtP7tiPd^CB`Yl+^&*{p^?Dkn(7eIK2VEPqrXu35}pL2qFi;+z1oh%@*}T(!pzLd6yNDz71k z*?N74)0-Xu=W2cxSm^{nAfnE>!!C-{MI#?|A|J((Ue1zTdVWcZlOH{2No3AzPXswS ziT+C_&sZE;zy_;#6+cDuSF~VlSv&zZXwjGjwRy!gIw2G9BO50l`MM*reDo?*2u1SA zB>cprp^Ys5Y%GavC)%nABq>TzECMDtC6xv;q05dA@|hyGl2X|=Orac?-~d5SEFy*~ z`$iw?!6=!*o;ln%^mD#}6`uZYKf(`&=_JB;yW<&5Gs4mJcDX0EN5(TWhrNFg9IwP< zZ*On!<@4w4zk7Ro)_?c+5B3lKZU6a;m;2A3J$wG_;NSN4U%q^;ZmhZ~>v*KQ{ zP9J<`D?kUP<5`%Yah9h@J=MM^SsKPu_C0?dW)XXF$!}rRKUan5=B>li2h}s}NQQns z;M+`jM+x{yG8hLi!ZG>?a0)&Om?v8PV?i0kIi>u!PEowG13Fsa4i8)Tx+ChBXERs5 zG`*Ph8We!ZbZ$1xgX$VO)GK6W)0y#5ljIuX2*HB3kG?79dxAg$3Aw{*po2V9Db)vG zi*Gx!uulxDpiuAV1KVmCp9?EPzu=O9p`hDhGW3Rp}Q&p zm2Wbgg+YK~t1bX^Sa<4(m1DrIE-L8Cmn;}S8Ftp@L#s_K~0DBG=gF~q9j}CBSmq* zhGd6CA^lgW1b==OQWfm`-oj5E27%&v|2_^g%Hx-?Oy4sRfttw(=o69%{nuK?H9Y}i zin9Nzo4iEdZZ&)HS-<7v~ zj775sqt&PBHU!3wvoeCzO^1Q>`X)u)W!M-yD;2?KBHxF3ftl^EPGTlu42_FsJ9VbI z2yJYjVb>Z~43Q$TTZYsJD1%`{?x%?qW0|T~<}c9^Dw{0k_pyVR0aSq#{|NjSZ zm;Q7=r~g;Rc$3}pi>u>NFZ-0O!lT;%d+>5^?^VhF`~2Y1|N9WX!*_$rD{wwIJMM$e zpF!`C_JiIzoFnk{>jr=O+wtY-wX|4;2P1HE?^!U6o5bfd1K@A=Pn2*p!XX;l?XyOjWNl>@fi+^T(+-Y zH?9<+8Kjg@To4LlP<#mH^h+>^B5?-{zqgowA;IjRIB=3D*@`BH4ZBId?>KT?ahb246rN#sSsdb6RHrAVIY%_NaiY^{$DxharZU((qu2d4GXy(q^w8Onk)30bfhfE| z(LxydfsJHq!&gQegP);N#0%>QL10m)q`u2}CV^v@0u>0+I89H1divrZ2Th<>5M4*Ph_Zdo8$r($TrfN{MI z1CDQc3!^Y7&dG4Bor4v@d%g9yv^^9`|CHSt{j=!Rn)}l{($t1Q<+#^xSmUq|9FGtM z;5Ou_oow~DX_#oMY;@BJQ|!?vn2ro~i|6@>hjB0r1=?l8m^M!;!T7{9(=-LK*L3dg zk=t=klU%Sn!gCl>+eKY318^KIihyCl=R*2smzo1ed$j{5VM;QgB72C)iBr~WM}$&` zdX8rpH`S>EN%;CzyUUwUT?V`oOt0`7-=f}zIek{Ns<(wmgCLShK<&?lH z!%2c}H$}{Ze*N?u-J8O+n3xf%c(@ z(3yqyU3*Z1ZkLWBYuM1zuqZFOcQKo7f=ib{`y;4Kvvwa|Yszxxc9HCf(tx@*{guq= zW)|mztLQ;ApdvZGXB{{V>~A~1MAvy}bvPUo>t6FVHqLQ|`d}2sV+79i!dh0z4xjIs zE1IQ`u!XX@`ix~#BF^ztQNvW`R-v`gc39KYAg9JR-w)wDBQmQ~>`XKlu)_o)eN&%} zme1|VCDV4M7M?Tztjs*C!d#Nup7V>N;}0i8Yrn(pR9@1cFt;*chUVmNdw=vu2D6;> zU=XBqo64SvKfZRhOCk*~F0U-1)*%i_(3r1Ilz%LA_O&B@p`>viQ|^X!&k;{Vlh8Hx ziPD8_M&18pPz(yApP9bsCVh<~Eu3Uv4i_MUHwZv5L3a`tOQkOAl)=eRB;6@DTTcZg z{0=h-mdrX8KiUINjUD^#vd2Srjk~~8VY@E`ZpG4>B$_4ayuz5O4fTa?Yl2FtSRxbtyQu3eOu-d8;? z)cQj0?|qNU^zzH}(w*}sTDq%`n7)@$;aIqFSm|cZ(1*e2J^@c0JPoj_YQdPX@fgZrlrD*ABP#&>aI1J1X|3V18 zRtJSnz-<>7hLQ9i$=JXX@;;fSFhF2iv#6eU$w_-b^EcD)&M}A)$C1l9y&Z91Ev+H_ zi2qfDlMeUgI60$h{owoxSZ_A|dhs5dA0Hoqs|zqZzI=Oec?JgO z;QjEI%fZnxczbclf)2$rIs$|9Bk=ph<*%m~1NP0EV{mwRJh(bO^7O-R9fth)`$oT- z`2P|Kj<}eJlR|)yrouALIWY;`jOU?w>afak5Cm=_~`ko!!9{ z?SPYb+}jupkN#ixG#sOtpzcXPC&EdH(mogr2Z!&Dy9d3!jX&@5X@2+5;5MB1`Fs~f zh=rKWsdC3N)CWbejZ2i}X)JF~NstUD=8Fq8PB>9IJMrsttU!ydh|0AVFpeiD3yDZ~ z_SYrG+E$tK=}aSh4Wr^Q|9e}X7rV7GtMkBm;nfneo?4jXR<2GVKiHCcGMRkF-fjEp zB`>jAPqhqc_fjh>os?TiT|IrYy1pK>YUP^y%(bO-AmA7|9;~lJYBt^K-BC9XS8cW< z1`rBP7%_=mDPTCkIo-!p&JY@gr>s}m+!Yn$i800(dL`+fEXl>3JUoNY-HGcO*rmd4 zGykSrr#P5U)ukcJCQU+_ct!iXI6CDJuf4M3tfN)+v8K8SAZUJz(nCB?AT`+k@_N7b zyt}sp{%61Us=L<#y+fG5>o5wl5Ru-m`85($dcTC3lt$8HyH(IZpE49PMeN@0U!x4} z7c7~DY?T*+hVis_^PemW=vMzisHTmY__ZTcNyFlTk)cmfNvVt^QKzc?=gaDdw_3Gc z3O%;bMw&Ap24sPTA`+EnQ)?Fr%InlTqm945iU=P&h8pO8$hGO#pTRuCzn~bU3`KXV zlw-rb`xKHajHjH%cDaBaBq<7Qi&zV``DZn4)k}mn#2OLCQ?c0FA(=k4WKtnK7FY6n zQUvIN{%bJCFhXREDr#F(PhH(Q@vc_;!ZXwXTUinr1@)OlcC7M;-Eo>V^Cz{^aso3I zJIUNB)M|7LJEhY@l$u>^%XXaD-LVI@opmzu&iIapNWB;fI42G=4aEFohqz6Sun7s{H63L!Tyw(sjv$884t@Hx}Qz z8Z@HhubzMhk=XJQ;F!!H)w)cygyS)XL&qQ|728i%dcX^tE0YmOtrrvhP3sy8^}We@ z;2|1|JZ(qMQ{+41ADu=-+GGPcto|7g@qkLIC719dKUgtJ}4utL=>n!S{i;0D{Yy!fnP(_7hh?b=>KDYk2T56d5^^=qoouKBff!N6D+ zf6ZZ1>8ewuylpJ)^g~6j(&+Yo*3<+ykfPUYjH|6+p`GP+f~s1E&d@x`78NRJzgLs+ zBP#Eb?`gaXJ#p;DN~hE2&dXlrOHJwe$kmu7B5P^7k_M_N*^+ z6i<2zw!#SrGya%t?`+^~hSIx`Ao_GF92}%TCTFxA?Jz|d)56;n&!vH{jgBV~ib4N1 z*pjp8{!7q1Me#J7ZG$f$j5A~Uc!ID0!HP#1-{cAC-0pWkM{OL=RkR8F=Qhg^wpR#7 z!Ut=K&fU-#RA$F01|^N@nmppYz&uE2egPp3?J+Mf>`?a=HD( z3Baj49>sK0_e=`F)JKdnuw_nY&d;`OrByR2Y0k}xiCwU;)$1%)-zsWCa&D;=7MU+c!> zT=+e20t}Qp{ef?lD@Eq`P8TYJX;uisG0z*8Az_|PxQ%B#Pr?WR7)9!SLpr-)hWQy! z*#-23z$w~c%fgrzoWL;hE-iL!kaCF%I)u(s?3~5<1}5zGpW>O_O-%Z|3@13k)5R!B z5eyD-OtKV)aYl^QbtM)CocP+PmX8>?VYNOESyZ6}iPKa(?3CMz7W@YeW6=3~+|i15 zwQw(0R(=fB0{!>+x54TA;}Q66aC&kyxH`Ew@BclfW`O$W3+qhvRuK42)J?=zDSUCh zNOS=)+n;0v{Q92++={c7MxC{)Gg;=*mUZ;=Kl{D?mrYN8%9}YaW5$=s+6Uf3YM3s;CV9f3tOK4oaD@dDs6}B1BvKg> zOU<3xa1)d$BO$b6TqN;YE4pLXohJ&HRo1RUmrka|R=i<9_OB?O7W92!9=w)Isl4r? z4Sl3U$1V^t1&2~qIXoYO=95vkoDIj~^T_}vA&P<(^?r3al4luB7mBF7B)Cq%ODEXI zF}UM|dzm9}tr;}lCC!VwGOtcY4qc0Blzrsb^=jwibl8*tiv;?jV8L!GpQ^)ty=1SZ zsgAhTwaXvXHIj6HZd~-~X)08@nNmeO6`qL3KyFg^?kg{ybSe9}-(TJ(nf zi%H5jegXf?afbYenxB8#Nco!hZ{-s1E#Q3F2=MCo@4Xk#_gDuh2YtXxoxx;djxrd)4E8qwP;<&^$05vNq?}a! zhADR1!~i&4j0b9+zw2>pGz~gn3vkaFzwG>!y)L{k{44%c5A_5Ne0S@#f`4kwfBMbE z&B5S-6Aix1pn-s5a+Hl$oTK%@moBpdHo<#>(k?a3qmWtvjE#9d*LR&x@`8uPIiBv7 zU9Fxb-I|&jb>)>hjst2tx@xllM4*AGh#*WI>5JO+P(2pQqBxjp6QK+BYSUP+S8q z_dvO5$S|a=4VX_i#sTW?^%|F-As9r6koBRcw*p=%7yW0B(|lgiRDkc|E}Ud2?asp} z3JDrx+F_b#u2g^$8&FzjIw_mw1cnj5MQJw+=LqNSmagR`say#nHkSmZFp5yrC5w2x zWPK!!5hLN5d=$s}*~jSo>z#f)q?cZg-L={%BQyS#o4OXin*AU8l%=p6g(O>H16Z^F z+dFvm!ruQKyn5XKJ;-mJ`#*CnXI+P1#ZHG9zqzFS9aUx~+~cra^RH(7OFN)Tm-l67 zfSU1t@bXz{{J(hd>T&!(#BW{W-|5j25!1E)9NEi$c2|z>q|ps5Ei|oU8!Jm(KQ^dw z28jSb{fqwVim7*wQkLGW+h(*efRX#Ws%Uyra}R8SP#C8wJ)0g$ z(3rMewn$JPDB!ORAVHf?hJA33W7Kp zl#P=vtA&W_qec1_0GESxtIG)lVo_7nEdvW30Fc3Sin1XStPr)4ddzytGImvKYGQA+ z9TJ(O4W0AY0Gw7%7ju}6XL4>>*NpK1^MC#NA7!)dYR5p;>;L|<=LZ)4&%yq)SC8xe zgZ%Dw{cnDv!~5CKzW)D+M>$CtPd}sx24Rc{`4HhTjCy2Noa_Ai?sXXN^80@1gTMU^ zbSJ<9b^P%5&bqUyi0iNvhJDLC}E^bm!0O-yD)58pt4E)`dH*Bq8?4v{~q7DQgrvDQjpkJ2BeHDtO z6`>K!SYyk47*E+B9Dp{QfWLvxlmFWRUGz`T**|#R0e}2A$Yv-OpP=y!gU(erM*+Zj z){&1tg&Ejqe@sH1l2@b9ldXLxb`i<@Fm&_j_8mMFYMk7MO=to&qSMfQWYVM?;! zaT>gSvc*1DqXK*ZbV~@j@jmzh;N1;)`k8|iJ=y>7uTQsYhaByh`b))%mpZ)|9Gx^N zcs3Ya9bX<@{C>XFIBvFYqeH#eZ+HgzXGf~3y&L)7CjqOMecSn9bbNkwa(;ZOCWa5^ z@6X;GUpAQ^IxZTA1E#XhYEy%o^zr3YiMX5@oL~HU{8y(mjV1*}>8DspVM>r1U!(`` zZqx|d4U=8)`R&E~^P>+Z!`J(~e!H|YtLN-i3Hc_?<1kRKF5jP@9Lab8z8fZA=$Bt) zAt6vW0b7d2>-}x@0)Ug@>nHpF4bhjiG^xM47#X%sVynoQ@*2*b|7#4UA9l7g_6?7t=W+D> z%%kUf+DR-uS}m8@2N(yAflJ0|m}DP{M_FFsTANW^u{=;>+ z3lo*+y2J@k_4&`smwV5i+vh*89?yRs=C|hjpD9Cz%w9e(rwin9whi_yM4oo};YQ}G z?UpGe7CFv^#ySuK9q?$9M+9XC?m5d$nuCBwOCT(^iRwu!MQ281n zb!1MFqUmf~XFQGyc3`cmMK!D%{h-y**A_1e^RrdA@;1*%jBu@iL}1AIdZN%u?O4uf z%98+QXq2TeL(_#((%-FE)a)F^h1lYI-U=E1E1X9)oZNj}c@NFfE7P@^F^e5YS&X27r8CNaI6@Yn>`sqTHySrOjw5Zc?jZ!;EA36~k~N`Mk(% z=hHwqz5!dRrdwjO*}D>bp!Wt6G=$jVsKX< zK2GY(4WVUcgnOx%oBT2rlg3&}Cf|KfJ-5B#Zr2$m*&qrbL0aXthmEb&s^-<1cp{nq z(-hQbSZ|M%;7Es@WZAVz%mTbJcpkd!NQ)TgsCyo?5z|E6GHiI?<+b#K?f0~0A)T{B!w3l2ZKuS#3vy~6)Wyv%NB`yDiqX)DPnkR$^`0wj@)!Nva|F`?e7_$ zZ#pk!;hN>vDBh#&F%D2;!D-=}JHFTOvGoGO!k5FnZNXBC)cjLQd7os300+Lb{RF7O-9p#&I;u|`H6MwXp zo>MSbqNi|ENZ1soVSM9sK9oyo!vdxAFlOWNmlTfC5TzlrxqP0C$`1;<3U5T)Hp_G> zJ!Opkn5pcv#l+>WJ@b%SnbwX5XYYE6dRgvb{?gUgGMnHN`<2bKFO^+9+S99zh7FF(z3!KEnZWi!H!-R%;Q9kp%c@(2$?K*WyA6uA#vgnKetQlU}Kvm?%~wb;owA z={Euj7uYVzV48K!zmzFZ*SsjcwYl;+{LRVL`QYs2!_o1Z_rDk=0LL{J^LZM>bOAaH zkQ#I*Fe0b}wzRBsK4AywI-l0`qHXtFUdY7btuBv;rzeLD-v7hd#nG`_ILl|PlNp?z zUi|*y_-uIfR~0i>U&9!8Kxd(EHH@oXJfgdT^qqsoT{I_1-ca&3j1Z~Tj1gbwu953f zN$$K90UE^xMO3AON3#MT<)`DZkauzsq;TY4^R@Qt{snT2y>$ z-u&WfjM8B7J~p**bvpWRd_H({dfcE}u^z=bmn&AVS+DX$7rG@IUR+*z#qya0LoElt zW{_&E2Jf%leK!Rtm>_}kIyzB$}@Ytt`5)2jXRbp{m!)@_Bb4>sV?1^uDVho`Qov(gl@9l z1}i<(Kw1i!+`Dd|@6v}hoJrNdaP=EKJg&(mz_V>-4(JiJQS)S&;%jU45$(--_E2Sp zt8XN9DLotRmFuzP+MW}m9&$^*-F#-q#>oheZ%}6U-oygXsp*%#mOT{#(vGH$^jB+a zTa)GLjcds1Ze6n~h9=qZ2aJwT1gpY@OeT(x?1oF~+;%3##O<`>zfEuvBfv3eL4@Ne zNX~MZ<3;0szhht{s2KNRsd zo+O4^xvMnWdXQhrqz}g^PmOnL9Of3&)yKIhse7PXwOMAQTWr=b)Gd;gW4+-xv`DT# z5G{i17>O3i?_(&I^QY=1UurNm9HA*9I8Vp6r${}n3dSwIZRy&-#Zf*-XE=|2wyEKx zv~fNAl~T z^HcGnj<5Ioih0@b{qd(H^~ykBHk89nr$+mHSK6wP*;^EJQD!^v^#;x62@79sMH*$} zT_??Ko>UOB-?n!kiX3U}ZoO7=(+}-0=(KndM+*fbtCf@uAc|;&i(_>wG}X9>yVdEs@n!2%cJcAr&!%hWJ|0dx8{ytgr!5W- zbv*4n5&dG#Dd9xmS3LC`Ydr;jn2GuF=K!uiQNKpQda^Z!8Sv2BwnzvJg5t-Df8dl+ z`q^9PK+=;Ym`#0?r%el-;AFs`4 z{ve*|Hh$=z#964DHTUN&^m19*U0CBm6cHj}fX0?VxP~)WMYcYN$&-2YBt|G8Tq8r2 z&O<`vjf2s+=fqb>&xNLB?6>J}Q2yeCSB6 za<{g{biHkE5nrn1mEb;oI2_%)3v`pBR1=?fx#P6=etT%t`oY^eF;SftQz#An6KsJD zkFqq3r(ml>PHzWJ^LRks6O@AOZP0;vhCAi0?|6pqV$i(=AHx82^N)S@-(SENFwQg3 z4L}EUKzDNRap_}5S2VB2x59(ruaML8;TZE1@=J>I#Jb74o%kM8;vpKS{(Pi4H_%b+ znxB=Fn$9WF62h$Mu%^s$DT}U(%-Z829*^`N`bfXtg7PiNMXS*jvCE4!S&{_7=IfB~ z&Vx?J7OL4gWDiV3D@hvOh7p>gz+pnGX`v7H{3A^WbALyR7K1gWO$*9P%?zb)*CGlV z>F+SfMhnt*`j}zDI%37H%2A}rs3<+)!Z?!rePLNDi^CM%1!OBeZUKr}{KQx}!vX4p zy;m<@lmsjVeYKFR^_`JT1Z%souiexOusVZ%aWvNcP0Im>Wu~S?lkpPaE^j7pI5Gv;lI#nNX=s*_F3@jsx!o5{$ZusCx)^WB zsl|lp2mbEDPP|xmSpUr%+8Bu1UcteC4el3ca_fd(Kkw=0o;fEianC?S{h=E{ymZ-% zJKxPm$tQhj>eUg#0e~#Uk(y4{xgC%Bu3}z%X=hK6e?a4Z9b6U*>y{WC|z_9KxD zr_yOzvl#i9*DQo3h+OUZmvtOYI+-;>F>Y+h>MZEs9x?6e-xW{SUMG#=O0}{i5)I!Q zN01cg%o^h=p+ILE;cFNbW%%C?BlffN`bX`b-}-K{$KU<`n%)1GkYtH_|KzXw{=dD0 zS1(>z_y6r3yn6X~|KCIWKCk!wKNtr!w>QzQMDm1XTLsL5mJ^j079fmAewPoh?)6L9 z%iY`kYm~u#aZ}&W{`m2RKG$C4hq!qUMiIUn%A?R@GKLYO)dvi^bOQhpF2W6_G>=dp zJUz=vcA3Wm@{~WN2Awjgx?mnU?*yrgMN!N29DZ8n;~6H|$?&j{n?5*4*&R-A%!k91 zqvC;n3M`+=(8^1UGj<5IAQ_tL@Bf*HDGH8KoE&Q7O>U7hG5%TJqYZU!cr@^K~ z2s#bp{F5Oz6L}CXsMK^uiO?Ly8H`v1kRPpv#u;uGJXL3DPvsNtHCBI0&yjlI+>bx4 zG3Xku|F`4&TmPT!y|VBB-8*>kc>nK%{O)7@_g?4A7q|$=s8i+r);)h)jU4H99(Uah z$yW0!N0Q}vs4K7r)g;)Q(N!SH}fl1+)>-YmGn)WNZu+uwBP99(LeOl{hHZ-;?~9`ZNM7)@8!$q z&n)|IfB)I@NBi#~e)nPj>DCyb-^3`=jJ0V-4W#Vl^YT_HkF#yCw{3fTZl#w;T%Yym z+gZj0Du;&1VXa#)HJ&17bL!>SXLz=g#%X@8?#D9f)_6gdW?i;O+!yYNs z$4%wdXnZ5hbA$Slx%pgepugvV^UfV!9qDHK4CBUilkhmo>E9>AdW9UyqHyT6 zV9<0MB)=qxW!Mdj+or9DRh*sQFVA1U|I_(uEgQ3H<|}V8?Fsf|NX#kvWVoKI?p%yo zNUuRbsQ~zK($#OCNIZ9yNY051)GT9=Xv5Mq7W%}{WJT0gxRw*iwy$t3ND7&i$ntqr zU47r`agNQ0H*oNd^C;SI29eZuv=lPYjPh&iT#|To-*Su%?OO9SdM*{s<_^nh$5e|z zJLf&^%UkUa^<)PALMrr`+xUzF%W%6#B^-Q zL<#?CQHqi%9J8$$ow%#r3bj51!G8nh8D?pO=JP9jgPe!JmiSelQxTk=2|F#5lQtD{+`@De(J6KJ?nC@v|lVAV^wN@HTHkZgVlM;#j-nqYWshG@A;k`|GU4xxA$oO zKg4g%_P-pXqTiIW+PO)8uD>>{e#2X0QYnfFKS_!5wm$%l8jgZHh7|h zn(7~PNq8w2eA=6?7D#+8 zXBgmYhEln+pe;(O*|opz$kMg#-_?scn5g0w8~NPkWMpAy*sOrnU5oslZ_{n}-Bwji z_v9A?Y29)~lq5g(T6aZhQ=$F{V{ItNJ{ZQOF8C95w$J4ok1FPs;=74)Ia|YSYPQ?l(^U+x$MqSY%4)oGS*HHGs5=~JtcAa8sjCCT_ zcU3M+mtSRBSUjx%3-TV!D`#)lD7w+*feCx%CDKe^{~SMl)1RD>lN8TUHbXf9WSqhT5ir52;g@JMH#fNyu6BBqR2of_b@PF`NxAvFQ2OK> z%ny}fuVJ2OPyff7FIu$W!^|741X@Ak>zqGY8KPo?bzhdKB;Upqee?~oUyc7S39eU2 z{1?Ca_^(%{|8M{0tLF!g{=bL#-IM>1_8T{PkHgt!;sbe{eG2C1C?si~(0$>XJeZ>F z(GB=RxB(pg3<)PYmPHUA!vfo_zs7y^o>A!gy9@;`qdUn)U5{nd?}> z>gInO%yArMIK4momlp@6^PjzEFP}Zm{}1u|hVfqs4$eg1@`Qkit{2AB-WaC{v%#@@ zt6{zg0_$7@DMHNK@igE9Y*H9V;w;RRcu;kkNjwB zAFVvs!*LuWIE;&k6W5K&^)1D6U2k>AhkW96xm14Xb5U0i;clR-aE@@UMY0%=>jd%8 zSVEc^j&W-5l(mO-k~qI#LXH%%@f(HlR3jvw(ub8{Og=)T^UEcr zMB+A&E;sOtC%mbbq|9UZbjsQjFJ+I*nC&0V;ao?pTw=falWkree=Gm$_J8W^C(WaK z!hbs0FUS8Kym*ZNdywC^-2bV*bxHfyl6ydd$oI1kH0$=G>;+A!?{z;|!|JEs6HYah z>aOF8)atGZ1h)06HSshDBVBz7-sAfHQ~YYye-VF5c449dQCnL9)$9MuR|osAZ2X63 z`;X^;5AwT*^}ivaLmf_J%X34L!3<6Eh@i}Oc&NF7gd`ks+?PtA~G?~hd7Tjk6&TE&`6T;O4vy2 z_7*e%OVZqj?RuoYQAc8i(C*b0t}4gfrrjBWL4-(~5npAKN>TD8fEgNPDa_DR>}VtHf#vG`=DEe0MBM@ChIs-+(Pu(=9e3fG0h9J#Fs|Bxne;8R!&W zGK09Y&6e;%YmGSXTc@!k66;aBUo7KeSddZW3grjiY`hVkPezvAusE$4*$sF;WRG8NPB`88zX z(?K|gQ#8z@XvA8daD&@(Sm|il87A2v3L!zpA+vh88f>eJi^l`@pUqE!wQgfyK32+f zBW3|!9Xt=6mZU`ubObqL+%yrGlpye&czJ?#1z;Xq9hxHh={9^7mS43}(-1QqM34|F zi+0Fszj9k4B?6^G+NKQ*4UlD~3k{)p^=_%?H|&!}>V^_Uja)j~E9DcP@NnRuxXUJ6 zB%WDOkQ=6mpp4Ps22n>j9Xid-F8}S#Y>vvpbxW?1yie(49H7Rc)53MK>jb&r0tx5_ zEgF@+L5pJ7+Mqly>Z@VXp+X6dN*AB&PuDYK3_k0d$}=3H)Lw+OhwBku=dw=O6CB~` zVw9u^28TE%Sqk;Q9$FJmk#*I}C&Bt^NoFub!xWDZpVj%XU$Nr3UOU%^8bXcb8P8CV zM<_MdDC4o4zwzPHYf}&teUDCm>XDPL z+tKRmT`y5D{gG-`T5u4;X^cr0j?Zv_T+j{PZW4tPG+vA&^bX@2E4xy?TTg$nSoxOf zgWABnW_hlXt@qMlr<$7E{yw_ZJAlU3(`wSBd1;$Kez3EAOIeHr%~mZXu6QUbi<4Tv z%r=L%!a60=9?_w{dmYBR*O1Kaq2XXUU2#RXxKM)YXfj4;&7vB#S86FHi`7isvE6Ps z$#$>9EQa$?dfs+P2Ggu-{#Do+buEnITbnIk7~Y&*oe$1VJ{%ptdH;)10sy83u}Gvb zOcw%826Wh!^&NHtfVm0;=sKU)bfj%xcDt16^7!av^x^V&czSX;xH`Ew|8RD3bnF(+ zc9xgvoDD`-$Cn@8U5u`bQl5ENg4v#N93p4uHaQP$gVE^si_4?>$tlJi z&{^od2$*LxrKk!~G;JH7G$@)AG=zlQ;WT&~MyQ1JVYa-i%!jupr=A(DV@&@%nv0)z zh}f=fBKUP0bg}#6=j$Qv3cGl}HIRPfkMsT&EiTcd{I=ps7XD$$r>y^O(4yi~*^a+5 z_gAwa{L@s=Ga?(!XIH1A569<&H>bx9MkyPhY^=(0ltrZFAl1L9m5ffaji<;qlbB?s z@fy6pdiUY*^yK*bYP75>=(KXk;QQKeK0Lm>su<;tUXexQ5T#i~SJ%k@di>X=s8^3A zUH(CP`U8*rj@}Z?hAbJ6&e5^qM*IKR`}gj~Z6tpjp1=JnFluLFXIt{6Z}atR&#q%T zX`gAk{n+lz?n$yXOhOXI6u}UX-AcQk*Zw=Wkst|@AVsO=jCtlv+7toQ2bV&js!&x* z(c!zRv;Fh^lZ(cL9ln!|HC$%(%ydyRxq>RYAQHo)@a`uV7q+`Dj#-)d9gkbpCtKs3 zVr%5!r1EEJZ!R3Diu~Q7zYb1{LoA&tPGDr+62da=ZgsWohtvj_lPPzR_B7h-byt+- z;uC@j^(HXYp@rO^l`CX{N=s?}yWmInX>=Boo7_62#xEUdmx?WRpkguUEKx_!jby{B zyrdZFH!y$da(uIGb}+yhO6?<@ z1(WGaVS zag6Ag1orz1*$VST@>LEY4yG|`Qf0nKzDo2db+gisRf7y9+aFtA=5&_wrE*%_if}l( z(llKK#Dl>V4E-yewsBmKp{k#oFUoTSeO$6C|k-`YV2fn=IUIH<(UxWx;`89_1w147*Ub^i{_`cdR=+HA}!p|e0fKL z=>(mSX;>y^W^6FI9u{7RXCk;vz5T{oyBwa1YAqkkqmj%i_Z;D5^@B}RMY1^`GFZ`+ z<>xZzO%zj1845kVOmEII!F=?iey}@lx>QibjV%=%eTw2zD)^7Cl-Mh(>0x<}Y&4MK zSLF8*%NrrhL1U9hc>Xu4I$vdT6`pL|Lovfc>_LWH*PJAP7tEL7T28+5`7Xz*sQJW z?fQlX87Qf1GgrkB7kHeH>6NS*#h+^v86<3gGn;+sJ_GvwG*sQ&G%vxIFRg{U$Kh4v z>^LKbZ2$f7ewCreEoxC&?MMG}_Tl{U==|!RN8ew)Kfbs;I=$LIJUlXGIh zf7eOTO2=I++?kGhDVpRadgDKazAz)!EKFZm-pbti!fF*_;+TPbc5VM2i_Gc+% zU5w7C$1JI`v(*&BGu5=(@yO?DZ#Di2>191)(Rj;=(2vruT$JC%>C;>dUQ$P`LcFOq z6V<6RRi~lfzy@ICg2gx-fsG0}OXqMr4fp9siej+233_nKNUwMV_QvEs1pRYxjeXFc zUhj$j{s(~;$-*kUW`uBw{OeHmQL@vUd;lfAxdXzE3(vfViy zI=(gb)!3{46% zZXVN`R_>G_uuRBOm#VtK%ZISl@lq{No2|!+HOF6x<+fIYyk&k`0kqW7tNheyZi5r# zfyHtW(hWP+G%me0N1!R3idH6iK|aw*q?9r}bR!{O*4fOz6OeUciOTnwUg zcC0=A%93TG2R2w#yoFFsQzq3!(ie53W)gOe_zO%zc?iogYL^lc+5H%WhbTY{+3&45 zwQW?Qdz-(y@L(`+wXzPQv-DiJOUvot@JSXnGvCnNjv7IgXVBL0nqH9EoDiUVwg{tw zm<`>fcu_ZR%t;e8P4yxlhh!Em*@seX)S_zHKzp?MLPDaFdq8DXl>sO) zEHfNE08rcn<06PP_j6_IY0+$tm1lOgaL-gZkkJ_YHbpdlKBtVtS{YQw#LHT*+d>Kf zn2lsZofv?utvLnCc9#mxHuxgH5It-bOy72o%4l&eTse}|=nuRA(li9P(QqYIpf?K0 z4Ghwc+i%m17N zJ}suo>p1r#pPXjS$3!kMWsf8cEUUi`{sDE!Y>`3X(&N7A@|hq%D=k>LRU zE~Zs&?-am+677Wi&=jv_Cm4;HN1!e#NhLkYpH72!f+i%MwH&{RD7@-Jn1%S2N3nz$ z>p*rVF}uotDpOZ08L&qFd;N0fRZjlfdHHhtN&Z{LvjF*TG5Npmc9i(05~DncYc0h! zi}qY$8`$-VSClY-PUh zy(iHB9tJS7BvuZrgm) zIBZI`wM03&dA{Y={n8paiP)^PU|!9DWsz?2+L?5tlCReP zQeAou!x5skkuZOk?m~9sKwaJK)3WQDRhEe3Glxz&(BJAco)oSeoV1Bj3d@R8Bs`4w zGg(J-FDu)&Rxk$zX3{t7Pu-~Bt6O*8BQkf(wPl%kQQr(88_6Eg?*lJJkf9}M2~?wNjdR22h^|W&Z&gM#Phh(-fCjYPyzUnt`>9maKdo42xX z*cG?q6Boul_%<^ciZ$pWaz=c+25jDueei8We0>!);w3Sn^5Z)c-80yxjQF)qA;K4l=xXEV);Ceo%F4!h_sMDRkNG(4|2H`FaX4x(2GpJZUcM^$ z|Gj+ubpBh)^Z54v@8xuS5(8FS3?Kng4t9FS-2-xHr)*4OU|;siKsP%=?24a5H#WiN#0_&yC@+lO_SSdOEcR>` z@i)7@wd55qd36Wlx9c0o8xzo5|E$aY-~WBNx;Q%j>GbjI!&3Q;Lq157pu6g)J~friHi0tobs?tbQr1Afqxm9S-p) zDXjF0PRv=8cruD5rv5f0m9twbL2fOqe|~qgfB63B;zF;Pd|i@5RrL5fRas`9=tY@n zx`xacv3PbR zVK|e0yS||rI_Ryx`*3l2x_@%iOL>s^JU`do_FT^${V{@mfG8cfNg!Xo4CtLVFh)T+ zVI7hQ#GzO+Yarq9A?U5^6dspH=coJcuTJ(aE|1QyIFusam)|BRs>-evMmJa3wF^2# zuBL(buil?BduC=hOWV!T*DLIGYTHLwzfDOzon#m~9s*3SZU_kw46kO0CL?h9{^IKB zbpQMJM~6Mj5|edZ;c!T(CLvPhrLmQY77yMZU+sUqeD}8Z%X&6hQI9WU zIqOvH{6$micH-<}^;ueQf+@IDR|^xzHW#f*S>8uGc8#-&`hbcxY{cQCMi zqPLs=55IvPz4FO@*fTjMi}7fL;;RV^r!cr0LL87g6nC>WbZx6YgiBf&xD5=4Ep-m1o=9<0HgQ1khCW11r63Mu;gR zYM%?9{hL{z@ALDlqCfb+bl7!`R-(0Ad$}Xk{TK%b^yJ#KmjJuqmAOhQd<-4p({G^P zz($L54*-X36Kp3JkEayH(Dw}o`y>~DR82I9e4ane%1p4ii6d45`1M!tm%o(ceC@4o z{3kzwTFQOtZT5;)tHVHT3%T!d4cTfD?MbB`@W#lyBw^Go&m?t=eNR<~VGFv5CB0rp8UY&kC`Tppb(8VNY`Y7BdO;b@?sCye(7nHY^_Rt9nrA9=0YV#EisS;ImRfy!`TQ zvsO2I`Q}PHysXVvbF?YB%@1T6`XGwY9VSz%W$g9OWgYNkFZs<*?H7Q|v?wJfCMpX1XXKD^ziVB?!P#&VEpX0N2a&z9FeZ~yw`x&4=&U%wbj+t$Y=_1Vj0 zd$**)wZftZ=9zWd9z(#<;2H$lHC46!p?hhG?PjC=miaZkfbQA1uZ*Lb8K$vEatfpSd z?Kv%K<_n(`H2$)~gb@OVqvzlrV#d2|NMdj=0@J8yHjp-qoqWO&G2#E5 zH5q_!z|PL*W{EK*rRXxAiP0lKs=k6*qNXUe4@|vFjOa9AZ`U_UbZ47u*78bp_(AJJ zWHqMtLcS@sZl1vOlQomP-PzpC4Md16^ET7rn1X2pLUP|L%)DH*P{pn_9ZH0)HBw}G zNs$-U+bJrzVR915m*yYkYzh@J_m;TYh5SC3v5cdkkhn8b$cq{kw|txbrX`I!KS(PI zlftF+=`S+WN&9IJ{Qd9Fz+@5ix(~yUOhXU#1utAr40T;pi6cP6#~5(qUtM4Z~Nmj7{dwu0S8Eo zrP1wah5oo7iO*~}4&Pm!?VsD|NO8fY87MD>_;xm%kuks54`2OAG|}H zA%cg8+K;t7P?W_|^y(Wj>=iUJe9nIlu%XHT*|2D-jibRO$g4(G# z@N%!=by{f3m9mY7tR;#GLmua16XNrc4vBq0(;~`5+ygy_WnUoMp|s|c_F0@s@$y3e zN16B#_So;mZxungXz%4y*_f7Pk;`Lr^a*(f6F);x)o0bgCaN0CW!giZkY~@Csz2jX zgk%2szkgL*cz#ZZI<$Hu=5mz1NJ5;-^OiV3Ez0pQ=TlhyG3Qr_=izF3p@5a}2oYpF zxnu(HHKv$OYKBK>wa;%|(3EI$;tGx&GAd;Kp4dwK>gV2Bz1oo@}%)JR2}lo0>e z+WO^}tzUlmLsvMw8VW0ZGea8a{ok|iexcv3f99P82H%NOf%vx~^Ggp5p`PhqECT_3KQj<= z+xYgE@Y~+{e~WW|Lz;}1_=35@miqag0v-T~P)KP2=os!K3`OyiT@_K_OR`tZ;Z~H) z>nH!Bf`3t_Z%Q4FGGA4A9A#^Jay?ox*P~>qd@awT1-a#jy65qNv7Nh@>3<>|e69lG z-HMGM!`IS&bN6Zhzy6w(&kKBN*m6x8gF9)~R#I@uPBfJcEoHQ%vST-kod zSIA=gOrC*LqB~EBw$DL;7zHZygmyO*w%L>!yBU*{?=1%W8cOX&vzDvW`mt8nAsSnY zm+m(q76O-ZAFsm%c+A#JtC=rd%ci|AyQUj)0NegzGY#mQ{J(^$U&WM-`w^rRe8d0O z6Nj+sEkEh}RBW*t>>LShEJWp?7*-AmpgZcy(=%Cmax%ldB49(EOK!}BmCs^y$GH#=Jrc*rW5841GD17frMDXd?qkdt5`Pu@38adRjK_lD zXP71xB0p^GV=xA%2b|JrJlPB*EJ z9Qyv%ZAk7@S7rxoIgWC=a)Srz5?@2EZGGTuR}>zMNMGF zYwK#etpE`tN`ku%Fcd0U8ib6K)!aiMJ+-v{ez^cRznqi&_FiEPFxjN!uH3~knn{cQ zPQCkBiKf)mkIb$@ZQ@X7RjxL24s-H9%QRziMC;zgEYqaBuUTncnN)RWbI_^&tS%dj z&1mO($Ma*dyE5M?Bq(-WtWmkpsS>SL2wh@QL|p1c{Jycvv_tM1JZ zPgC(+n~XX(>1M2My{y@-2l`R5LMfhQY^Byl6A7TFY^Bz(^hV!HZKd|w_SI*`apk`& z%${v=*{jc-){_xQuF?!~i0K%aV^gB`wvA}1>9SstnM@~}g1AhTtznhj-TQNig(MMW zHxp%?83--2*||8ubiKv#>V_pc*S=a<&y0zoF1BG$T*vZANT;05dNC65XJJ6WFeVeB zI>?y4!5xe--}}~7HyY~vRA*bX*QRFk{KrW}!$L)B+E>3lP>e+`4ifql>}(5t|Bi+8Nl+(B*9$4QK_~=t>UoIL;Z)twLp~7q=NJJH z_;@%(!srzde~`a-i5b`~XGodmk`P6*2}?~odES#V+a-;OpS8HFqKq$7*5w>cG}~~4 zYO*iw?7kUn54Hz8CgaxU)RMiZato^2c`_SLgMG$Ir=+obJHb@hKQkStEV3WoAH9{k zMy8KJOacTR06#5&{!S`XnAd$iaO&T_1=`M>W7^#uQXD1dr&G$)Ddp*u@^ngRc}g)l zGAq|T0I@jZ8R+#u4~2K2Kg|hiJudwHVb3{VuV=bCDJ}i1)b6zO$2%|mJD!D-(@!FG z@v0Vk6gq=baZy8B5_so^$diJ0I=P((GN_?9DE@tVH$OOhGYsUV+vhigsT;M6-O3Q#Nk2jQxh597~ zBKg`8NOCbm8k99wxqa-_2QKkPNvRYcv8_msc6BIiuN(8Xq$z(SV8x-KS;U)@P|(>0aiZ%YBLg_ z;-5anKYbj>@jrU}Q_y`-(tq1vr0rD!mO!Q}6pXZjoN9GI^H8J}O?~x9q?tdAe}2XM z{}9K+fZT6+V;D24CX^N`=@vy^j98!Ec{e!p2QxScnzymNy}kYV=UcPwo^2P3-ws&`Sw%_~-Y%coi`n!YewePn00k>en z69@P2ap>c4l#v|xm*Sc#*n8__U|%!t3l=m4){5UIVHCcheeGtqQQOvLZdr;7g{Zct zYRv0GxDYFRZGsr|A%lBs0PybE1CH(wnm4F&;tW|)ICIWSH;^>|0(gT0x(94p8~NLS zG8p=hgs`Yuvy$Za$_Zn?uQ{^((6`!1=AOH z3Rx7~>1`zR#e7pFs?dt%4LA^}#+%I|v_W zLk~QFo7XQ<=w$){?rW!)V_-+BEy zxBu_FdHMSF)BeAVr{n#zL$}cHbib(O|0*27ID)Nrfg1k*;`Qqnx%1!lt2aAO{C^qG0{Oqzr@$#A)Pn&R zR`VhFY)2z=6R$T;Y*PL_!p@Jsp$lksX+5ggic|Vw^8wJVNXo z4fhmW_i5&%C?K;53Rz~h4RqHjL4`qvhST5zNiU5KrqTq5=PDZ7o=sP2t}WwRRTzG9 zFPwg>3L_R{Pe~0W3RSZLCVKY-O-MY`-O^VF%X37@G)`Q{WA*1=VziSzH4%mLz7iBo z?ofO{CJ~Gg=>6x;VE09T+tP=b5#tj%9j8owQ%ULm9g5)yePlSmzl(`g+ebEtHl=Xd z$e!UVAiKh7&-e{?OiWWHe6iw#vyUxD(Tk?5K7O00voC}n}G{3n7RD$NsZ zC<)fcf3IG=d6Sd>c3-`D@g)B(<5__Gx8daPx>+s*ZZvQO+yoo^e0+`q1SuLE(~r?8 zhCV8j=|nrZAoO2K591eHk8c0;AsM=0My?(*){{&<2fd!BxPz=!NV{ zrB>C5)Q6c0-U2RkeKNk<$VoYUO@1x)n_z>H3nmh&uj9@17FBN(6o_1C!&2{^+JV%j zU@+ej4V9Q$Emc(ONpM+?6t_Ay^E9l-V9zMG`4Q22dEx4V3r0k-ZrZUV3*}ktPsu83yHLN)B z(8RG`PXPUsn786)Yolt`G1y5&y{Myl@&aCl#w=gUw`~3Ob3SH2VZTT7+K zw25Zd6ZDv*KA;T-By;DW-C)Qn<{Sx2CDp@_viQOn6n<(w00r0FLZ{^yL?4Ip7DJBY za2f-jGyT{b!aR-gZNws&6U_5Uw+cDJ9-f6I9O0OvoeUs&a7Pl8U9gbB%y5pau81Xv8c zTR?_VMgsQ;cw<5+;vY;Y0s=2*E#8<=6w0r}p^w*+o+h`x13w}r>n1}0gMb(J1uK?? zlA8E?TRrBXlplJYb8$rADxNac8KfuT3iUPzn4yUwAB$=RTppDEWO;?4?x(DI)1d4v z*nm;Q*{1O_DYj|dne9AR_0AgS-za1hurXxv<}0|zYz&@>U@cM*7TJA7d=fHc(UgJv zF$zUM7m?TQIiN)R<-rgHh*B{FDdO`^-1cH)G+Fxz##C3MS_Stw2*8ce44JY_Z6eVi zFM?y43>UC5rr;jV25V!+BD%M=HAcZ?K*w7?@u*~>S2u{Vt0;yZ!yYnO=`)SD&v|D* z`Rk7M^+(CewY3;c$Q=?CCp%u!VH{(Cp!%Ixm;S~G7^5JP-D51yt?$4EA75TV%rMLB zdu#sj04Ryseh`g?4&hn)OSX{Fz&mmeCNP{Cb38(^c31;G;j8H$hGMbF)%P5rPacYx z9xNa(nCTMtW9*FqrT_-_a7F>UCn??GbaI1YG8D`E48@!$T%^lm*QAWsj_y#LlBP*{ z4gx|Vz{X@c8Vd@c^@j9VH|C&_uHa}}L{h6zG8)HaKrHrm`(WTFZe88{ z?Cr@v<+n0qMP9r%tQ8shZjg-lE`_WijyXrd6J(`HA2hTykz0?ZEFmQqF>J$tkQi+E z_)gW3m0UE-l0Rvo#3_D(Q0F8DA=L{?#OSSAb~o9^PUAMD?WewhjS2BnkS)My-IR#; zXm+Haxe3-BDa|q0kW$$t)rY(%9oyr0T=joipVGz$xJLiC`{vC~{{H97*H8YxOL;oh z|Ji*pHo^*jjDkYXS(n#OH|S3Ej!Lhv%JRt4Jvm$*DdzCmaBiaBJ7W><8ISn}QB!{m zC+CNnBSx3r7<1BN`eF=L%NN5IvoOOEb2q>oY$ERo^uLDz3_TS0HXB+|L~}Y|-(?Jk zL+qWA0DH4)TCGJ&ue@e;ea#_>l)-2cu~~V^z$kNkrcWW+x7C=k-*yect=)qFQd%Tk zymqJFsO2k;!iDe?Kj-I5Y8wypcgd5<|H4VoyzUO-9d z>LE%SDJ8PBEJc)WZ~Ma`4l$c)Pm0XT>ej6_%tM0|i>#E$pPcz@$xTwH=A9X_;r*8S z%rH--Y0F+b6)VJz{hB7}rfaH!(3@zi6aSs&ML*9QcD2GaE3Lf&rBNxB=4IfVr%@BP zrN=O!8F#ov4{FM~Yy>1uVjawtwARWAlMb}GBr|TQD>;b8$kI&~X0dcfYqQjM)n@#1 zU7#h@I;>ImxZICoh?_3ed58I{t=5VeRJc^wqP=Qo+Y*fBv$b||6}?yIp0O29x32WN zZD0*(cd5`mhE?ah7@ie8$GQ^fjOwf9IE$pZ9uZ%uLpo43BoQZ*O09|)t7;)}Xs*)p zOd#{dTB%cV_a<$;0|if|RmNHWZ+K@nwE|95uYY`@;l-~W8^r2k*evx55nuWA5j z5*5N+6NRu4#gGtBQAXM;q>H-U!XPg6T3}^sk4ym_SH%P|ol{qOixrc}*h`nN=e|yb zF_&4axYns^gg|oTt0~IEy5ZFtIl4Ujw6pxOD7HPYpr>!+mpc8jPjPgn%7lIq(4)1p#=Cdm%)1dh4E-3q+$P;!+Zc%xJsImeD9cjMsm{7JKU`Wkma>mQ~%y70=N@UN!Rw#(e zCwo3iRw4f&&3+)^kO{U*mbuzMPgR#$jxGe#%t)LT{f6Y6D1K(d2P}sjV3u}@9T!Q<#3YipXGjhi?wV|)%7u~6D{-cqe_ThnS)rs_ zX@YLi%<1b}G)qsI4&Td9%MiLQl2F{vlxNVa)#Rd5`P+1{WZLPD%`y_8IKS^2FS{Y$ zY^6)uBNC9&>>`R0^bbf#SqyQ=GDu23=?YgF1>K>fV;G~en0QF?bD_R7b|c%*)}5iI zB4>KMG4iJYinF^@=C!^3Ou^Q>k{?p@OwOO=m9n3mUsddzcW?{iYGV}YxBn#dgu(rSO`l6y-HGDWs$Vz#Mo#Yr;CxSk&!%;{m!`=z;kuBYI=|lq!}-{q=_yViLx(cZoB+D091Co;tzbZ(JD4 zKTe!S{>7zn2eyO4yL_8+|NH*<@^t^?`0DWJ`;R~7n4stawHL-AjAx+7V%{k|5z?V2 z0~}{II}u)?W)^MQ_ra8=vLw8vQ{{4r4ULBpBUH)&9Y`4BYLZWgdr{;Y# zw^T`+pX;*-SA9CA=uD;L`2h!rR`+8jsk|MLEp@L{A1l9`Bt1~iVZavGo_#@;0k*aM zLrf+`0YSF?4>U_saAY6Ll{~Fl;{^*UHS@Vevx=g69RDFy3vLVI4+GE2sY+jGJLB^G zRJ{dI99_`wjk_!o+#$F-1b27$Ebi_Em&M)P9fAf6?(PI9xVr}X_Icl`@7}vLRj2x# znNu^nTQhUIfBo;FrMZ)jr>l4(txBB&VC|{9*?xFOt6JLbpPE z{GPDZ>q2pW-{(W?Tr_7?-?_HbW|xa;&VvlG5How5$8v12%7S`?i!y9SkUO+b{R^$~ zMqavO92iYZd#=DQpR(>sx%#uJ-x@AbE5NZMxG|eT4i)2vNrSLXE&7jwF2Y}6_h%iH zUxb*%iKd7E9?J0_?$>+iMne2NGIn!VQ=Jo=iX79csgAoc!o6~4OWoEfv@+e+keWM2 zWNHq^{xBH02-?8Zt*uop#?o7LT6!+Gwd$C2Eu|N;h|R**DsL!=TpyC6dlw=~e(Inr zmG59Edz^f*k5fvqY7+N_$1wB=;a{8Cm*LFq4ukM^t#3LJx_TGLY!T&4a+56!V``I2 zd{=stnk#+4$)!JIHj_*31QTrJRW5?u$2;v85ByiGQ_AKK9k<=;dToVc?{P2-i2URW zKNT{j{-C;U(i?QlkP%+-{UNGtnP97|SibE$O8WMGh}d;VlnY~VO&$_gP-0Kl&KH-l zvKzWE3X|Sq!9~u&2I5ln8$GP@EeYE#-jLm(l_}@3Ty8v#SWA;sK(pny_E`~GU zT8{^l8!EQ1MpGMFcWI2JURfE(GaF_HlX>=XwqmSB;$ho3EEtT*1BT&HtZsy2+ZCOd zkA{V#X105>(T(J7+d98hIt^I4jQYC7djHQ>NqI5GH7vW=DsYtANR4~(TW$IB?UKP_ zD*DE_;n!?CbaV^;K*-QPUwz!P#$ke&pE?2(L}$6CR-MMqEi8lc+#!(9Hpx_j=iu9KFm;NE1&cqZ97mcq3-HGVm&T2|A| zyzG$Nd{NP7gMiPGxU38 zSB6R}3ubo}G({nix*=%EA3zO*%fO;)+sl9?FyZc>1SZ^9M8Sl+61;uwvsUqqxI^tO z`SXkAENQT#JY(v1uyMdUp@}Ir4h#jeHDaveve1jikAV=Bl*M0})fOP+je(JSx#bw( z7BU-(G(ydG(JFW~@el9(Hxn~UH|VL>)s8UtrinB`rg+TvIZ~-MN%|2Inu%5Ov9D*9sK(+6f+>RXqoDd!Uh< zXqW!r?Q7_ytX_@`vx`dWuXNLkN}Hw-atFJ!6Q_g_#*8JR1M`zl2K@_@0)4B`Z$ziO z5#>WVu4V7V<|U;b7F#!-x!AQSQ$zi^Ct2x59`;3M@1|CN*@092DNYBqleHn$S`%OY z%KeP*%8}qj$6{F2Cw<)(V-9E_q1abnrLm;VGm&$*Q0IVL`44`lXU;zC0K@N#3Z?L6 zdYUG4f=Vkv;*)4e22iC5Sg98=K8&>73AJSjf9uPZ;-rPNeXDPjWmwKIqH%PULj6N(t&l_bGt?H?Vp3*vgrW-aO}&N>WUe zWC#h={U`pOFpb&`9`aVeJcsWGEup&1L1e)`Lkv%)0>jf;PP!-)1$aF2)>?L2fq<20(=AO%jvEiIbr3L z!o%k~VsYm9)^yw1H&ml_3hl4roNNz>F&yreF5+B#FNhP3fFI86@4Tbsd=0U%r>Cxw zp;;Jpp2ojhp&LfEG^Ik-bXr_eYnO>8nopSzcQU>xE^|yq_2-scWP})MX*Uo#oKy{p z<+Gae5)s1ylyl0J)u5B*HBzSIT1Jd>ab}7IfA$ptLw8)V?i)DQaa%fbWLNoiSy&NE zhv_=?4CG|2o=mYxiXhlDTm+{por`fcx8Ih+;6vKaQd9BXOUnlg^)A(j{g+PK&`m-E zc2N_Y&^InBM7xFxd*G+-Q0q^)#>nz+j(oX;Xf$TjWh6I{#=#lf~G~@6E_Z`(G?(~Gm zWok4h-On3q9{4R{q4wF5R7=l1r|CCsf@aqYGQ)rQ&|cgoot6dRipXK1HqF_6Rs26_ zz1G~=L0dvH^S@Ht?YdzMW^ACaO0>t7{Scmlihx)$~!VwHDlTkIziRl zV<3+m0e3pB<{6w|x7L9(k#Rm%4+W-Jp7?)K`>qb%l$|~v0+qN5p7nYFn|5hnz8^cP zsAQ~u(8J!0>#$ST+VJE1=TUxMp70{HvjEEIdm2x8Lw9C->6DsVbkQ@KFM;wYca zob_Yjal`(gPcSKh<)Zd#8BK;0OgT>WD$_i%O3m~+AEPcaPosU7f0FppmQ(~xzQBJQ^^DMuNzYsnW5&;oCdJrgS}P?hj8 zEQZcsLkEP&f4}7h$E;J`Kz6%TMGYOVbzXkXo~*0Ns{o|BF(G z9~;k~p`jUxUTkllOVKO!$l&G@>(h9+N#r9x-bJl#iuPzZGE4vKYhacSFA=H$CMAW| zo0h+)O6sEX&1nU!E>0aWy!=M0f>F0_1k;Px*Eau3R90!O`yZ35#3&lSEl&7Y?w7bU zr%WzdD{q+!iu3XcjWL`FrHdE9=D_7py5Yd6<~1a^fYX} z*D={Y0BdMMeAr@UOHu4Ck4-06m|;>E7m}*j5M^_62O;oS3~3ve=aTa9A`ggnW)=90 zw{Fu@ajC26<;%Cu+ACA)XVk0ak&uMB$lG-4zb)y;8ZzyDJqb$>7 z%q0BqONR`++S3)wjJmt&m6$%k{&j*k;4t!xZ9vc#{52K05@RPvA|>`P(CCjF08#Ps{Mf2d!UKuoB8e4Vtj~V&=Xnml{ha&e zc#V2t{#wi%y2`eya5lE21~XSs2c@{VY(d!eD6_t_yuSK_;}3})x`$5z&HP(D;=#H- zdt|a?Ah0ZL4VENqRCtGF{z{ApZ*O9S)HwSf>&G<2IX_|YHvymbf5j>aKXpSNMYN)T zkcJE515ne`nJurHv^k<8qZgcVZo(RDKU`UTe_1U<3u@}4->2kV(3F}VsoRm2X-dIT zeccX3yI*Q|kV*J#OuR+x7b#B! zNg*EN!9wD}?n{wCIrI83H|wBmlNVmGZVk*D`@)HFV&+6TezyV%lN*x+e|GUfkoKFv z$fi+JxYAAdQ?~hW^E2QA{~2*OLxGN0 zNTA3zgqHeKj6|Q%gtU+8#Zcj+6P3;{)Ur`QWsSxUb;V79sL^RD2>~U*HEZir{{TKIfVI1I2-@7epNXXC4YZl4wjg zZCv8a3wj9zQiPz0uE4_|PN~3rNEH-XG{HgJqTY}~@G7Kd;4erB-c)7;B!o+Y^p8ko zu;Qnb8YahnbPv3(t#ClwUJ+XdyqT5BySwS6PV=v?N1qVMQ!Opx3SpE?!k1Ajuo8e` zjKh8o8s2cBtlnqtN|Y|k4~X*!4l=X_a7-);0}V0;1C$s@5qQ|0rv~F-A**dl@1uK< zBJ4T~rb7gpJ&9 zH=9GXF|RqNV)6Mv1X8I-NB`BBJyk$-c_bYYKMEY3FHxxt&Yqw4Ma#;kV+a54-=JMX zW2LI$^`~FwgStmV3)bKOGC#zO4fAJXh0{&Rq*B14&FQ)QCcC9fdPevkINoS?`lLTe4vYJlF_H+Qb8#SuxnJ|@eA=l267E_x510V z2ss|bC=UjGpr~WbGV2jTmu&% zBIp&51159~$4=!%i8)~klR$}cN=g-p8@dkC9DVrBUsnfa@U<Sqer{^l}1`0jPsK+$FT?>_n_i~7s4s5&G5Y1=!w|r$M@mv zlVu9b>$HI+1kt8Auq&Ba^+Vy#xz(R~!9jW@w}5(gsj`L!8VIHd5IqnZBMLv#68aiC z67nCFUB`?&k1v!Sg^U31g2BQ>ST>`fqkV8v?w?=yHz#@x9K=0}x8gRpBouV)hp{-w z*tKh^Oao8wf!eQky8Z6~n_d&eEDgyLmi;S3pWgM?!by0DT(xCf-~ zJFl3X?>9YtcLd8&u3rkN;WaxaTQUT?Ds9;mg~QwIij*Fd^}E};82z~|OUaXTs4M7G z{8=n>SBKcL623_U8KGH>*fg=jCaCRxA8l?+VJ6~J2%Q@4eB?uM!p84d;NSk8CvF>1kOOF>ibO3VU@P$Pc$f*6RuH} zfbVZqFk|;V{0UDBJnV#Vu|D4Oi+|VarcPr^YXjg3_tA#f9x-57C`Jv{Tox*fqL$QZ zTdwh!9_KjbyqXgDRv+oOY2o8Y{ZlZ`_~DO32#At3H^!847eZWmn*_b4%72wny)vkf zr{e!z2>y=eL1U;$`xj0!l?&ocVRJz%f}?tl zZG9>Mfr%UJ5&Z|70U!-RowmXT zi#Pfy9OP0mH*oC16bP#*Y)OBw{0MZk^>Z-L#;l;nfg!1o!jt8}P%@~ZRGP7mbZB`W zz?F@MLy#0~(XxZ-_ezmzr!c=vs#t*8bpnY`TKqOv7hO&Wi60UzG%7KyV%5hsOEx}- zx=@o`y&c|%N%(uUcYZT@>~hqkd$u)U>oB<`Kf0ioafW$&e}zmwQ&iHyJ$844pz2X8 zk3E{)a|Y{*ZW$Q&_p*A$7k~yA0?Df$#YM4*mr=&?#@8z@g5k^Tt=fnkrU@O#cw1Qd zG`|7&xV6_4B10{F-1QU}Q68E*1S(26;OR{f*gJQiQEu0CS29v^`k8Q4oP9!@ini2U z1ef+n&65TzFeLc(E6WUiX>YFP1z-Mq@*~aw*BwgZZI1Co>!I)M!+2tN1J5uD;(MFD zkeNm4%MHXiJY>6c_oTYQQ*VnK8LAAZ4l=T@gq+Ng+^IyD|`KjXJtwX7pM4{j&&3BqMNeSQdO&485|*}PGvS*v)PAE$?=yRAt=8!?w24*4t7wm zy}XOBNgu5XSMi(j-FmgtUN)b!ITA+u(61$O$iyv(!1OoBF@O2t%AdPYz?p?$Gt-9xe`qOTnqTj%dcuOEm*=p zwNZ*83g^?Ug2DVfHk?xQmos6Fb8P5KJtok#7FVj&Do-@wl%Yek_v|d#&l5&%R-LD1 zYwx<1WCr^A2(O_*r$ro7dEX|GM~#$*z9=wmjPv@1I(#62JpSYdBgMzBMSE$cDyCY5 zB0Shk^V#J|{{2Z7Jx5QLMZlXBs( zth?P%c(?TOe-@ztL}8x7eSf})!v$$9u3LmzLt78o>67vDI`PT1ak4r*-9}A(eqOkV?V&rK}d=br*$2OmPK3gh5rA0tcCAa#-|`wA@lcmH<1Xwxgk6`+aTI zz7W9;jyA%b3*SqCTc5acqbvJgmO-g+GvuUH99>)6S87s&}^Htg%H9vIE6pNU7Wk=R8fi{>x)y&+b}TltjvC_v?Zh2CXU?fCxwu~aqxq*>w;V_jjy zRMf+j@P(Pe8H8?Q<}2b7agytI70ZalZ4oV~a+PLX;SUrQxtsy|ML=_kNiT*3J@Uhh zV4J{Eh|wL=_)9?~^;m+Rtj~mQSP~s^WjV`pP-+cHg7FG%*E4*dfm0N2f+Kil)vl6G zLZ~n8PbyJuD^mb3)?gmqUKC3HYttm=2rY!k)6g>+g;TB2YZTQwvM;7i(b?@`pe$iE z7ywQjV#HW!!qHCffB0@7^oELbh@uG431KcY6c^QTNifj1c=(JRW|5FGfS}+RTj>-% zqw4To#6TB_Ks6+PUTdIbzbuRo!@T_G|HoUVCQpo1T@%%+_@gP{DymSf$JfA$50DtD z_(Dh&cm8omeJ~MkAl>gB&5Lhw8zGUP?`7Ch37)N>N>Qv4&EuI~RDvYDApM;12!uJB zM}vs`gm>+@UUOkUH?1Eee1h7qOfy1g??yU}!&y?z3*M=ss?dm1J?WGDYB>l^7}i88 zj0m6rzZcO{2wS0@aBo5p+=t{>hO`yff|?pan7AY83B!x5toXr1sZzjI9%3m1k@CN^ z&Ur4bY}`s*xZW?2!~=M_LxbWj7m;T#?#q9WjSxf%#8f03y$C`D+8>cZMBuY0wi4X> z&fCzQ@lXyPWSsNI`#zr_b1;ktefLX6sG?AN8xR7|pam3GL;oETm>>;G4@EPXjqazW zu}vEGIPFUUao9Fs!o&dV8^*LT@bBVW!3oc_^8OdyZxBk6@wXvl9y?0pym3LW;KaWr z9Vl3+zNq^L42;>;$dB>AQ!NWPLFbt+0DPF+y|6&12R$VlPk)lYaDyQ^@=`DCX;<9! z#OzzPS-#Socf|#^iVgHbn7^RFM2I2OR*uRa%E(MOK@*JgsxT}R%;=;E3Gz?8HSClE z5HD=3-OTXwBoUNQ!X-GczKT;3<+vhgRRw;RBM)dYGNlvF>M+bax`)uaZD>#e5?hnV zv){ysE=fkSh-(xH-PFC}?)Kn?!_6JjDx0zqq-xPB*(R#*h%gW~dt!baUcNFf^-&xm z$0kHXaF~k&DnX;O_a{Bc?%D-fS#0v(F1xQVgLu99daXi4mM{3dVgV}Wlr!&_K{ejn zPl^@UtHF++Zd&@^#5J(MSfvls<92o$5k)Bay5W{~qQle($Al2nAqNkuI3 zbuT{<(RX|%B2bodlc(4+wsQCa6A+H?hesL`tdnPNkWhpf5s3fz0oEodB6p6}HR!C6 zFFM;w4iM)YPT8y{(uckcEW?SC2iqV9Qy8mC2GNMsc-%FMK!iPQAX)}3nW{*TMMnYH za`~tc2&egiKZH#uXCr3CBe}|>aQSM@Ch(l37H{q#>OTKb*0q2vhkF&@Gk)vR6EB-6 zp^qJXtSZCbQ8>+K6CgnGeEEqQIMHp5w$s)y zGn6Ws!f`WoXBZOGxHSwIAi|YRa;J{(wSa5r!aXkM(w8rT(_c^uNrI4B<`HIT@be$p z!w1M8t2h%iO$(|a6_z>Tk)8OX>3_STz_4M5?2u{7_%wL68-|*btt2 z{>pAmYd_h-neJ9wJ&WKLv%@z+hRBse7!pfmk%*rdVEMBXSq4Q42pyBEKBf`6xoXD` zXEavj2ofnrovjX24cie65}JLOj5I}q;ToBYuxUIHRUb6q zdPGp@d+;rewf!lY^7z1a4aNSDiiG2veMgyad%}kzy}VcUig(;eevuc>pxe~9*VOLO zOgW_(KhtrIVjbLj6N*TroOyspNbYoNuZlohgq`fP-PiR7!Ms1B+u7Jhtywzb?q9w| zho~BVH?<`is5%-q6}3_vH4@Mc21%2L?ltU2pK-&U$JIN}0bQg%_B;E?WV zhUoYutni5}g?TGV1I_okmgP?f29Y9s+~FJg=Zwxu8Bu|ikjBXee>al$WEeRP&%{I- zInHgdESBH~)hK&90-ZN$x|OcANB&wth|wA=rRW!_r?8TLv#yQhPjz8;MEIUE#2UpL z_mbanCyfYVD{K+JNvO)jhHzGnNyH9SNSuQOaZ_R>{(&6S9qv`*RLS^r2%~CE#}3mA z8-{f$0&s(EC;;_uf*R|-JtDz>fn#qA9mvx8+t$w{TBBw4U4<}s8VT4^gp3U6>;zvz z3lvJonu-s>U=a|-vp>(EeE|tfoVN4{UXW?g&;NYwH~MQbU@uyu(e<|#+_V4lo2Q=6 z;$P-J$qb%)e|rZmH>|@<(L3uSzn}?k_$bz>!R#(mHpq#BHl=}Kdw>;RVl&YiGuquU zGA(w3hHs!SI4bVixo8Ag1DJ-4j6v7GPOx*DI=i8N%;Bi(AR6csBSr1)c98(pnBdyl zLJj>lkw;K-yb=xVBxwXCZ3QZM9C8g|$V@^?&P~|=<$A(!?)5TuXmwG+LdCEl&jlNeww;cb;NjV(4lDq4B-VX2|^d#^i(EIu_ktlNN7BxI#7LUC=uMr-P&Bsha`k9 z5u(qsj_IGB2?i@Wk4L7-x-H&JUH>*m1=>O0xQmhDrfOY^CSa-hf%T1TJ2%&o2tfxh zVh$k%V>fQ(4GFFemeEn+cF+yLzX^myQCd6{F5dvrs8JjJqD9P%jqX%9gt+Z|QCbTp zwqa7tAuC9OHj>f~@W3G`s*p9nnEA$-^>-E;DfWukBs=2BC8XpH5!}v>#H95god%P! z3y~U~u6++OEk-jJWSmYP)nvkoM{OP__6k&i4ZOiyQ<~0@3?4t1Q`PG)P_##)&9Mar z5Dk-f zmH!Qvxqt_Y>9vC@P^%5ZU*@40w1ccLb=%=)fTj#bqKwR(&X5+A00%VsYQkK+#bKH{ z$Oa_HD8h`ubfV(6L}3lX6yO59iZ= z#{4LWtH>3x-o?#^bq0&W)$KNT0~&iNoH#ccwAnt|I;R}M#1npzL~2HfT}}hFc>&&2 zak=P{{y}2l;@FIg*e{r-iJhwI1oZ+hX5DQE@+bzEx4bHpN8FkmeVW%}kEha6H4F5% z8~crV@LgqTS@W7Xeo3N?yKLw{&i)il2RjQw?&czj0)|t78WY#bk+d+0u|eKveH)hg za1RoQQjD#7YjT0R3UC&M12rQz_3$#c8W9bya)or4CV*=NTG1L5A}RcrQ7cP$05X?^ zkiYmRm;=cl-dS&SCCZD30=L5`l0X5#3@`a5+pn50uL$eQOw8>jfZ_cZbP%jE1efgx z6eUs&>0PC4Mq;b4SP(%+TQnd=S4PA_JAE{RH3ymhG^LU5AsEzHZUzM6*vPr_jM22} z#yXTucQ=j&X)2l-X|>6?1s9wwWN7oKXqVb^s_B1i5|Pe6L8>k*(-4ps8Y4?9Ouge1 zv{~bwv+m1C`RF+WzfsX}L>8fl;oLZ?V}9eMvRIc1zxbq)^Az_1*K#*V4~n;ye(6#LU1Ksu!V2+zt z3u<}oXe`O0jK2!y%36OPJThE025Kt6Fk-A|T#eACWm`kg$v3-X-2UdB6DA`SVWk*U zUh*i+S1R zvsRIe8&2F9pApEs0tbo2Y*BdBMwxw5f~i^Sq^}Bx+g(-4Ew-Np*@0SGtJa5i z`9Pn5YiKfIR5dHJj^UZ_ORwv5ca-N+T=rKMSn4X!uDYO7XLJ&(;;_gm(KWwXOoYL+ zo|~3sL$A9_EHpLZwMv)UVPWS=Ze;UOUYEdgxMWPDs}TXc33qd9k>=t}kWZz>kD5Bc zafMf}HBFyh-tWuvLd9a9g;=N7;-N{XgjknGWiJHw@eqva4kC|-w+Q_0Xn<*)uWT~N zi<;CJqd5R+GtHz;aFFh5%8wu1YV6y~2+>J*+2D79cVIOB-yJs7Cl++z8!I+UCcJ(H>I}J0J z)5mFYn5@?3ug#hO|3B;9(74mf*^cy1LhYGny3V{>8avws{+qZw*ws609Y>qbF=t}o zPp5Th@?^UJ6Gpw26hHWY-64s|V%?i!YT(xJ98EXFc$c0cQ*A8QJp*yr#DR59q47zA zA+xfiPW^uJEt^rxvk`Orq`5mV9;!@;4*Zsb40m`tIn=Jj?2<9TfxDZE%mKE;ybgd# z?E>KMxP7OddB&h~VO%oG-FuDFXz1A?4x~SBP>qK&jp3|Y)53=l5IgFOEZQ|I@kbK< z`BHKge7$qJO}J0e-?zR(V z zDBuv{wK{hpPFLWO==M$200&Z7k}()M0DvJleTW3nRmB#dANpvxWYz5x9OZr|i1uSz z?6ix4v^NMry{<@aoG`*>yDiau@`!fT$)LGa*8~xxljf#&iK|af&l?mqdghmxNY2Z3 z#)^`U9H6Ej1RFiOeD;j&QU4&0;jDDv43+n1v4kZRk19U2Fb1|&O(#x@ZG55{-Naae ze9;>hZ%!$fH76(o*~hPB@Psg2C{Pr_Pa<>))9G0feG{`aR4q_T)?3Dec=SAP30Eljoo_Nuv6dL{n`wX%FVf0? zGkztIKQXWs9C?1q9dIE?pKs@0Avz;cMw6$4vHt$5;YGjDWY!oo$^yCn?2;N7aG9S^ zlK;`B{igV@L6YsZAVxZUCcAAQJ`ECkZmpcWD}*h~?xvNGhPG|CAp0#i8Hi?iAICjqRp$N^b z)o3&g3IJIPd?ARvD*r%WvYgw0!u_;h?fcukm1yI5n6m>2m2EaJRK;}IqBs*U=SARs zKS850w13tq{B{nmR4?l&UaqrK9)I$oXL`XGlwYHhqV{K_0vA!-lx;-_*~Xn^b>3#X z$1fmJ#@P5`Y>F)oR%unoW;xeSLcuzp-k)2Fe88Yr4--jI(IP-qXEdHxg3WB2t;#Di zkr`S5OzC5rq>6cCcxtW*w|kZJq;?5Rm+t|4^_HVoRZ#QboxI#U z{M~*Ac)RhcH0V#oLGYHKhz9Tx1|X)9It3EBunPr-VDsWtiOG|1$i;q{5T2ccRl)%` z=heG(eJ($*IN8y6Oak1)hl7Vmk&98lsvZ!}(iYE$1D@>A_+P9=WX|Q=la(k7L4tnp z4rB*4Xws(Go&-@sA(9yxN-6x`g(%fqBkLWU^!zNwzOYL2Stc*iS89z>Nxl&}uV_7+ z1<_JtF@uyVo%W(KbGpV$ClsQKsh8hOPdv~mRJ*1!MQ&w^^=zPIS85WyQ|yzaa8#JT zTANvy$q1&_+0(AmL`@bNs1?a*8`m(7KaP>R(x#^n&2v$jVVHM@CUB=jDIHN-G7(cOTXxdweuVZ#dG+* z`q7fgk3N=d965(u=c6B(B2I0kj4(42y^3Ypsgu0&ivQ%vZHVVM_xT^AcBY+~RMzVO zyrc)BrNmQ}_$)N|<$PZ>bo^?rD%3iAa-kyB>U0vT>X8K0Ul&&UL9*?Io9@_IS*Aw2 z^*?G7x#II`tApLMSsY0)nL*@%K~6%J&&;Nu_*ml|JgeY`bD$S%#b{Gji}w#8+lFI` zs6hln;Eff(D8E!(kOCn?UNq?}4R0h=^9u3sA&1AwSP9m`b`I_O$?_43R3@M&#Uw?s z^kD=)aGvYbjAwi}If7VV?ZtVmdB)G!^ zU!}2fsydo1$$_>Lh2n&OuMx*Qq&M+Di|B-aiJkI`U+HY5-oGUW@hKJVM5Jz?wm~hG zZ22=}lvbmhaR)L3749TcTw;?SY$Dl3F(AiwX~Tt3fn>ZfTf3hfF=}d5g>2(Lo@C^! zBK=IV%tP#A*byUE_WL7|-U=N|zN&kKILH+@;|?H16o)odxYRqMRLSv`0{3|1u+H{!KmO=EX7Y&GvU|v*&Ylvaa>cW|cx+aQwqwKB4R`CihSx9_ z7|4yvt?;Jeq{P!In5$QsY>C8%H5kYh43~X0)CO}bi|G3~4Ku57BaZ4odx_4auTB3M zg8j~TFU~`&FAHlgK8(Z4_|?pA0>3&GN%|_X=DZj->5)Q(FlDMMu!%O=gfUgS``%so z=4&r`8>y+I-B#zy=+#ooRa|}T3||_r8EtnHyv#(=qA}Dc_UOJqj=>miaXX0Ng(3;a z1zjmdccQk1aX?~Y3X_r_)-jQXR#p>qMM!&(`=!!!x*;Z!mkW-U@mFxECt&(ug&kPc z{2`%AX7ArWE9uS-_$~FV<9OYLW{&p2R`LhpA~!ADw(pD70_r56YMiXhF2O+%S{57h z@XCp1*uEk!rMWL|#`Vcx+Uk3I6!JC5K?jROb2 zL7qJul@sr4;T1Hm3?zp2?7y>eV?#!QL-&%yfPE<*=8XB~{`-}@+2O_R+7gis9}n~0AqrsSIP zYGHC1jGA~OTW@qMRHtj>ryz|me%PUz>&Jo~gT{gk78kr|#){k!k#aX^*tpxx;SN0v z(<$24oI#mRuqoYA@dCqo<{B*{c*?bns(k9DciZ4f3OZC!wg5?{cDkC&_hVhM(#{6f z)2JcYOL1(+*wDLHBy^w0;YAJ>`Yeb48kTv?w0Bjprm;&Mx zQiz?%gj?S$qj`MPiVI{@T&zi+m%h}Cd~_8*j5(3H@ptfuM4qCnqh=CWFL71599th~Dp2~j@wQ9b`d4PwYKM|L-X z9S=qpcxc;{WNYq|9mQY@jqBcJ6vk&)8OQH>#e!H4Y&)-}eqny>>@G_ymTRK`O`kF+ z#)SBEpy-Re2`7*T%2*_QAb?Y(iI*jlqDi8e=ZIPMzq&`voVSk0d5yMm28wcqhpZ2d z^Y@yatwqHuMTozR?T!vLIBQV}Td^A0aNo8^i-0w!!^V|ZY~|`yP}}!`Ws*^e2{iDq zcJ9MiW6~`H5W!o2uCWsugWH;xuG9ygS$}^?Z}s>8_-uH({Ip*mEqeZ#?19pr&eJhU zzNL(>^VoDXq}lwpzIYS4d4I0xO9=|4TE^~!Dj~AZy4v;^&VUrTE==F!J<&bOQRbl* zHDSd=v4Fe#`T1sU!tv1yRM27P(zgU8I8JB?cjocnp@`+l<+0A#OP9GCD+j%uV+0q^ zQRKtmr`~2oA0xnW-O+GThDJE|tW+N}{$7?tv@x4`B~aO*`P_$<#WzZu0Mg#^vbbP3 zG=+xSK?O(HS&7SKRh?l$8{o*n5VG~nCsZ08bpiIjaSb_%NgAEnRYj|9R_=~eAQ$#S zlO{Uu3Y0E*X+K!}WumI?b2sCEdI|wWXe+?5Il@0$fefKkTmW7qc7x>kYz)kDU(r^e zdcR_EP=kiL^^Q-2E4sU>Em>IdpT^`xg4c3+y&1vfMEIgTWKjaj1!(Zo*|mJRj@IhX z2j)>+0;_6YRkAwH3QaKN?=q-e(nl$B0Q6tzVK$U7jryrQxi;y~;rHh+^tF6Ezb)k% zB9s*!7-BYr9-z>7TPlp|9473@9y$CG3SjCyHfPV-tLigw{_*1+H26{%tXQk-YBNBg z?~`m|EIG!sU4ySRl(Ec7`SekbGW4oqi)9Nod_ECP45gbB(nQ zqu6^+LKKRoG?8P=P&6UUxYY3&jll9yfa1XoHg8^P=e*zb(l4X|AxOn{fdJ6 zMS(8KSnf=r3Kwt}MS0WJO;)~Ooj8Dzv(UgO8s$X`El3TKhRcU*bM+9VQERERFpB#p zvA+9Z0)@?R<{NA`xoh8oGdoQ%oqw27I>D8*xmk;W#+=TRVg8)v*Y$Rh4$H1+g(>O@CW6U>bWTIogaVgU5xkUVz0v$Rws*gC_K zQVea8LP{=JnKUV4?>z=d~7vHKlvIp1%UxUEI*=L;QaC|In-{0sh4DdCe4 z;(y`$4Qy+`9>!Y6Q@pCtNkWuwR86c{W}il`?IU9q(8LzdhM(gkK|VEs?s_E{7_puv zu3*5Y`l7`PIcmjOY+ZMZ2x5TKg?Kpt(IEDO$B+35arGPLpvgaSMj$sj7rU#8uH-dTXs*8=t}Ws&>CZi=pk>6(tD9Evs5 z0%i&LQKfCdtW6_3J7a$rdeA(+?{`6Ru^Khe)4o{+HSWHz72N5p5obvK3CUpJqp(f! z>HKlQyjZb1H1ONyl&)$fb(vd(emP}ErzFVYkYivTRb1;eM-ogNl--`61Ifiz6-4K# zW&gw=@^jZrw%C{le~$MHkj?O7_Z;xna67ayxhgdRGX^m&UoHX!zYR{s1x-m?| zv}LH7Xod7x3f!i0zPn$0{t(L)F4p*05$rFB&~+q5;&MK=MBHkntog<24+2-wi0VHl zJ9vu#SGGq4Yp&#-<*~aG<;N!{@h**xF=n)%*6^z4&m7iaHJjAuF|1c(~b^PHHnR^n*N8yaPv(CDuK+Pnzg#P~kYCx60_53R3 z*QsyzvGYiO08c6()tS&uZE2%I$ycKy4RN6Zm-k#ST*xXHRCKa-ecnBs47@$=S zE=@YVjK{L)0)T;MPVTxY3iX}8-qa?iM9wpw@Nvvg2;L$(hhm=~TlZh-ViunFliDe5 zIu^2{0TtmS&RLijf*olzLn=&Am(i|;3MH*%(1UTvMNV@zDv}F^>L+cjsNu8b(hrUW+(qgo76} zhzUkZWkPW%7FGKdg8V>JIyPeJmRhhhq6tsg zh6E(-hi&vzzI9Prp^jrC-I+8hcfa0kJPZqAA^`0S(s4jeM-JV< z$$v2^@`zujKhZemzUxj$8kpj2lr8Vyl5 zH8oBoi3-qBO^>@|SmdCCg;c3XY7a5p6uB8y)R)AN$bUj-jL7Ra4<}`WnS*>_n&$Y# z_e%G&8^iFCST15AmUldd_YyS)r6<($Q~?9Qo*ibMM)<{n{R9oiR8q7E^>$S7|5h-eEy<`08Tv0pY-6Gy zGNmtU;|ml=!z3nL5E)P7goCx16mFPOrR z?E-IN!MIPRbNuFOl(02>K~S{%lNSOt3e~NevEIVfsTj_p**zl1g!IL!G=5GREw#hA zhL*~q+}!S(fwF{!d6j!9CKq_#Kof7si!>jQF&I)H%piqQJ^Gd+Vlp196MUo%`FM@j zet2jR@rNSG<18^8OpfeZc5Qbf#{a77sqdhnE= z^8%qo6D#cYGft+!ybOZPI_gkdeM8jNEAR?EC=i|6dHON~wy)I6ftFiz&q#x@ApAOQ zbm_fJ(J@b9Ae_W(X7!|4DnU)VirQr|$?1&!rIG;j=migHGC;TB>Cl{b+8}JYP#>gm zKF1`#d3>z@9>6-Q6-}99_fqlMLQTXX%#klz5TtgB;ypF1IN(MbvFp?Zdz~oFj$A8E zRQ;uhEaK`^`INikN1a&L-X@OXgn@;*07G=;d7b^cmo1k3@hZ~neZwtnKiXuI8i}ry z6Af#nx$Z-8b}+`^ZJ`n_1>PS>AYvW%iDv^0Y7I(exPahQMLbpK1vO?}IL~8 zFac1Sz=vJItCQ*?^p`I#Jn!F#4?t)-FK8EScTT1p`(u4MIEn69Y>u7U}Ix<$+4+|r+nwEs(yXN=H=^h z(T+Mel}@>pb*>h4QNf+b%kmRy14EfZLTy;RP5-LSj5lSFbZHMPp9L}R;%2p9n=B~X zul6wV>tw63vz({<&tbxcJv`TY6@zI{kL9-Z9Ur*)H0grwYjC9m1+>{#rfqI5oq6xp z4PM9Rr;6pho7+q+#y_sAE}7*}q7BL_poJQat(aYvQM*i0E8rm0z-5(jC(-xO>T4t> zYo)5uP+&bSB97c}7Sp!+cxA&;tgnU|^my{(l#CKOMvojd_!}iAw=Nw|;u#Zrdr#0Y za0NLZXtlo+XJ+k`rhS8)crdBz0p?wF?k)~*@OjVb}nTJQ~>y3Pm$ zm`_IYiF-Ar2S?rM9Te3`&Bdhg_0YzlL6trRYHeWmY-@Q}Xk*btN##5NvtrjM>?1fR zIPy>pOm*hgMNCiL%+=Ab)s|>Z*p^NLE9;VaL-mshWKrE-Uz1lq!RtOBB+x#2`2Ib~ zM4aX$()qLW^@l#r0tli*w&OHRiinYp+CDtRyeGk^ND}q04hg#C!-t0+y23*6$~ny^ z)y{j!H%hHLm7n_pr%y#f4yDP7-b$k`$u`0Fez09O`l&E69C9v-mYSB=yN` zA0~4Zr%_+~zx_Zncs6A@jc85{LT?$Jgt(ozVysVow~OifG>r&dHL)) z`R@6v=evXj<6ze|(`LE%54GFf+bO+b@@+n0Z--3gZ_y?2;VyZ&|L{Y}Jip^IH}SIC z*Is&F#cDq{cf26b*sL6yuU_G|nx#QR*AzW@Oz4G@df2-Rd?mmcA)_LX!$Ju}+LUc| zFUhC$UC7f^7YqTmf^Pm=(Mx4U!7?~0#)_qmm4Kpha@G2^C2cuhwD~r;k#Y8+KGY3E=ndnvCnx$ZKh*#D z-PdcXFT37mG`v#N1fHKs{Z>Z+`qw07c@T2J0*kz({k^@tJ>8In6Ju)nn%K~~9%GW)Hy1fqU6x6=Q>bEjXBqwKO6! zQBq*WBN>qA%_XP~qR^^4!rhMBwuv3U3#@LRbO2LY5jk_boMLTK2D_IIGigvCIH01d z068~q<013BZ|oiOu48MMVtG7D-kg^{=6Fh!(qT0kCE}s%g***emdl>ZxloH!x~Tiw zMZMQ0+UzvwDef`=VFPs@Yyy5)I$sy6C(#`IkIj1!0TgdEcVCn=z$7OLji-br>cpF) z&>~CE&p0<%Pp%7y^^ej%SY@x+DfH=i`+;k4t2govmcGV54g+*=Op+4o>-n-n42rgb zX5~s+1sVE3I)8lvzT5ZC?jIeBvb9CNq2ZNc(EynuZL|vy8;={lvr-Alu7{`s6t`=` zTAb2MPPlcxQk%o71emqYDz9qD1T5cX;5bJISn%DpK7jhvP!CI~)-@(qOv!kG*ViV? zoMmLcZ|08105dJHIhWqUJhhqvT-75>1T%=eVgzk7=NudXSh@>tozCrHIl5wc#&E0t z{eTz?7JJ7+;>WqOAuovw2pBz5@>(`*<0r|bvS9fnw zWiggs_~_;Lt=~#IWA1xxqCVjnN`X-^&GZF=@1%UEw5Na(0*+k;CW%KncFY_#jv1Xw_|`5v2m`1IDZ#rE%hE5!DY9j3 z=f^L8by&a*g_J%{;kA?V;UfF=jsQ8^`&^0N15T1>J{AvkT)n56a_H z2ZNd})HWcUPDy*}A77K5vx@iipq#~k;0<67yF49RH!LpVaa{T~;*!8+s=obuD2y{t zGRIp$2;8%Rc5Iyc^@Sp)Cs8vVDpCuL*Mo6h$=NjHf|gDWdJKDMqE3*KhJl246e(U< ze&+Jnav#89|N2A*5V+Fxi>NsGx3hxEp`WsAbmArT0Jgw{q8f(;*SuJN2a@TDlIM;N zU6yqQyH2l^+QHXM*gUDbMCLqGgpE$?n!A||o#_p&nTny92wBH)Zi|#oSdyWON))s) zc9^h^XteY7YFu9(6uz(how+y?Me1if>dp3v9~0jfQ{wx1K37a7;}P+FlbuE$p%(kz z>YklavF`LqXSUxd_0o>gu+`IZ9=VT=lHKV$9l;w=m;0mxVB_c=+v0=Mg%UfPpO+@9 zPM^G~zQp%HKk8-u9X7~moH&qH-ua_NZ+a1%_0l3qI`#LzG`{FS;F6l7VWZPHjUzT} zc5bmTo!g1Ev~ufjw@w>cS(BIQus2Qf_Q_ON02Zmy?87f!_0MWg9d-0kk)y+e>g!Bt zptbQd*b5+T0iy|SCu`FL8dPDMhwAm2+p({D_U%5gGD6Foy#*M+7atxH--newYOHI0 z_k~$0b2xO~2RoX1Q~O5mXtf!!waa*3u~ITDZ;uHcAUmgL-@fec?0`DB;6yezTXe+0 zff^*2$m$dkld<|6IA-vf`RvvfIb-=X7gtDMAZ+Oy^%P&2>{V5dl3fem8){ktCryem zC6`5FKpLES=sPk+t}f5^sh z+C_~73@WKRbeSO~=ekIB;CVkOy`&1FZl|3ywWG1tUdl)peMT&O;nTf4PB`c} zcg~}Sk{GAAN&p=A$V22c7(Q5zEX9V2z}+^6hqn| zW_`$uyat55U3d2Ig4m&DR=3Ixe2+>Qk3m#|sIcCa8O^6@#TKzr~OtQRs*N^wdiYiTiyZDzo1hNQl#@OeemMM@ zyYZQ&1Hd(U_-$Y2faD$T9UZr zWdAG0#I*2$%+F>V0pJ_aHF)u$6N^-`lK|}uo(6j;CO-`hbl`W&uGM-&Dna}JjOT&@ znZim(;dgDO$G&rzv=PA#bEmJxg;q zG0>cf|9u)9^!E1rSI=KOKfZW=_VV)iMb`v{73P!(JP-45Ju8?=Iiij=1-25h31b8unS=}xiSf3pB-=rj6h)FiLilt{MvUf#U=sEx7dn;hP_Z~jlVSBf zrP)ImjD*~88et}9k(PLzn?lb!h72@D_s1KAdYp`6-UAIfSm@gtNDQJJ1T7sXq3?WE zC#F%QBh7V}fYR1tX&3FlENWHh$_B$M2B)>j@=nZyCQu7Hvl$&+Tw4R;LPS?uw4!K9 zAFWN==e4Al_BIPCA5K$7XZ0>Xnxh z^ifEix#&WvqT%T?Nv^3hiD%GpW5_0S7ITnva!%gRLl28Vao&?#qUg# zu>o{C(5KpU{jCu#2LZrx;v}c^DuygO9oz3Iq1E#ZtebnKopMN(X>9t||F{eW}LiHkt_< z=5fem55MSbnJ#>M&{eRw_I-1)2MnMcB(2?Pr4KjGn^%lRQ%3$_ZX`j~Qm`*&aRR<7 z?=k%m7hqdayiRdv_FKWy5X6>mw2eX5j0{@I85dO0G-tr9xK(46Jc>+aP+lLP7l#qq znz=5t0IJ9llioQ_ARz041vC?E2C2+#K;b`4=*xj?GXz2c8=D)KN{y?ORK}b!9tY5aba11bR>W5t-S%{8(K6%B=0dW5M1ZDZ0lL=3BbPQ^} z##v^;tV;``>1?pd7q1dsQ4Pa1u~bw_$lh!3yG2d=fvb# zDqcjbxVv`BRo!U`@;2#F+v&ZOT@G(wgVyGbC%0klAU3#2UqTrxU^=hckKw~O2T>W+ z_*jx5l{$?sB~qQ4kT|MPgpZjg09+)by6JwGWJVnxq44ag>rXz`w(_LKw&JYIL2zi- z#b6m?3*$70B*RRSLG@;2uuCX;lf*+o#T?PM;B?iVX1b{k%;;^wp#}a-O7dW7#L{pc zkRLeYX>e|>^sR=?@>l3WN1?eU9PuKJmP8${d)K4?^zlz$1B{mzT~pR-mrUsuBeD?M zWN4!|jpex{Cp)j0Nn;#g?^sx1Tzxt>hi+vlV2iwYnUXU;W78oMWdCrN9PAzJ?INF= z9a#IZk~x5eAh}?i#&W`Xa&i$s)U7a1?*1Do*J*mHDDVw~!!9^#(lI<DNH&9ZryBpdzq}hmy251)R zN%?RK-?g{4qa_!OsA^fb26%(7#H7pW;^M`AhBeR(%iV!_qBAaf0$L3d40Xox2ZUWcwfWLW`%%nmf&Sc8FykaIFS)YS4L7L`ll^hzpX`1=}({sogfnK4kt z4&c9se#T|)m!RNE_r7*}TxT||9}E*d?rCKU^Jc&m`|QBax&G&2@9Xkl*~f$Br!ujz zQRsKIdM9<_MsUs0>3YEFV*t#kXQ^u1fCSna++bxA zBWY^<+I(L?^QDoo;-5x|E$@!;E>0;Kn~7Uzw7|$f!4pvACNzzl%s$W!Xq9xv zwflIf`tNEpqplN+-t0QA1lM95&%h%<@M3I&MPV`Cy?ghrVls+TGH~o5jyZS_Dec?x zl1KaD4V;8Y=vSp>c8q;3jZ{uMh)>N0Pk?FX6DF#vM>W|3O06i4*ysR@f6N{Pv>Ul8 zgwO>IUEIJfS4%^(OD6mpB1$nx!!7P(gC!xs2b6lW87|AD;R**}%P{%DoI(-kZB_y) zVvcno9|wEE{=nHewYh4UslGWqpZuiL(JCF?JV&wsp)gr@OBvW*lvr2gh4uuyqg)$}}09#_zG)rwZ;yr_3r zP&YKm=IELQbcZ>RT6vM9+1%B1Km20WW^mf+aVOYK=r(?Sp%4-jp zp!Q`M%=UwK!MlM?^lG)usgjJ!l?syry|pyLFxde4CodjCURfR%uDgPDrlSSq(KTLh%{}l#GYNFW&<9d6Ldh#ZNfieeEJ~?PXz)l^ zvX)jDhx}bYT3kb&kWaV5g4XLJo-&=~lx{0)`HKkF(p@96HX~WR~Tac*H7QrQN?tZdI7c-?cgL z>nbtY$M<3XA5CEkOhz`9KLeAr$wTS}%^H^gC2L8|ccB`a%WG*ADUlROYZ{Pa?X_8^ zXEl6YUkjz?mKucpIGr#7Rg^%;&kc5U;YK?4Cl5no=4iZdFaR@R8x6)2P zzE!hQa)vs&jEzVqSt%76o1wN0x&Bo>Qc^Y6_vEfana&vgkLk+9NX68^W0(NJ`3?^IC%kMgQxZh<-9L721%Fde!nyYbRS~}7W ziR)}ot^TCorcf4ctd(}nm;mQQrw<+OY0M>5lagCuqJe4>#R3c985WSUX{J;c=s=;6 zrJ$UnXif8)l!Fl;ESr3L(Jkw5w3J!YclLR;poR^Luau4<+nC8n$7U%gD7ZO4b++B9!n8 z`$#P&qfy1{)&$DKWN;EJ&BYv2oMN1l?in)FeVfoR1|nuuO1ClT!5L&zzpR8@S*xQ%*omkjJvPvZt2R_8Ohb*TD14z?uttW9xqZt!9lpyrrf^8QxL30bKgfx&hbJuu3qHz+C3&u*@bNhW_ zPusPhK0SEyHDv2YGu$YC$K*yIYg-p}4LeXxErkuP=eIuq=~r!^p*>+DC2v&GXg68) zfCwOZjwZ<*${}qAa;Wk@4-1m-(8mynw+K&Qz|Bf_FM zufu~97G!EQ_8KJ%B6IFKYugT72IhS?`&9!99KrYVdB%=@l{_VWcJ%Pg`wq`A&w<)- zon6w&O!5b{COtzKJ!gO60(Up3VP8 z4)zWnk#7X2QOKu3>80B-&pN0o0edpf$Y~k|rp|DjOW5&o6yxdSd3re4h4wh3;e;7L zc8R{@B?rMC7JcgISDo(PJP^g`T&ps=K0aLOvUefFq{JbgW=Txb(2=Ee7Xc)9Rvqvm zRs_RrF#)sn*@&DofXd7qr7BSA5- zVs9@dJepS^DS>NWrb9^_vI8*?&yy->!I!!o@ zWG~@kF3mfCO2t)>rDN}k&9AwLWZ&~Oyq*tv%9!wctFe2&E%@vCW(uCYjT7)WrtN+G zgF0+>;h^>iDMV62w$PQ)!*4YJnBEimT>YgITlz%1IC`_%ihXX9y#L+dZw>zM_<7uH zj1~NU@8HRkI{!a-ynoOC@8Y*bN+qMhhPKGX`LqA_wQT60LI~a{W};7y&yP>O11THS zm8v7PdV*!*T*3R~w0H6ha`)lt_C1Tb zwci^1-yCSN_qI%k6y(|3++g|s-#>W#c(1nq5BHuty5IkI@q7Qix8p5f0qZb;o!*BJ zo~L>tvv}HvI~b+=gJoo@kQ+`|pOnqKS6I7)f|5<#{8x^ziTD0Jsn-~Bh!0#A1Jyx? zY)5gJlg<^JcSz^kmoGb{gC|ypY$vhIN#~p6R~_}=|I_JqiT~jP0{#BIj{~k8L4A^e zT}80y8RY!Gz&fUJIzAnz+&+Ge@f{|LIXo$YEUz#o;kc-k81=@hmZlP(ks%-CcWYpm0mTzm*C#qeSgn3 zK)v%(xd84n!1CJYt$d2`689nb-Cj|4s)-{fT;^EqX~i^w(K{Iud$pv9>(3pk<5bvw z$fp@kS(;mt!~6qiT>XSbMP?j7T!#U@B{hWDl#pb)@ z0XiJ@k6MVK4$%WV;NY;+-?bh`je(t=1s{J5$8%eBo3cw~hV66*-+YNw^x%I288!LE zACHXGv55b6PQ?Aq&U=uQZ|@+i$j$%b55iK0|93eEH`i7Cc2@QIj=Qhi?YlOU`gj)A z!k}(=%B{_uYD0cv#s)fY?4 z>X6C7vWPWQ2v8jZrV^XoaPi0rpyPxOX;RtC^_OlRZo?(5e5V<(59eFNoe|bLC?MfLmI*Ya-3GzDwE~Dj9J-RGFr? zhn|SCDNp6vd#`N2Hj4Hi-8o6=Se9EvllA3a7f0l>5b9qRNSPx@#oq z+Hq?l$h2O79CJqNW=mcCr4M$$lf$ zE%@^Guy%ZYdZDYytcN?A#pZ+cQMh*-DAc(~HmARZ-`*Y?zf+{m)0`&coJZui$hiz@ z!o-?bon&+a!ToSkbZT34w{pTlxO4+o8uBX(5qWU_V)f`^PuqD`;Z^s5hVFain8PPuw(_ zH<&4H?P$Hpe|>Zl%DeIGSDqs6Q~4-7e8L^rcDi7`jQ|rNl}7|*;a*Eby(uxS1;%=( z+=7p9kFTCr$}nxb(%GWV?{cj(9{DEmP)U2Acj4EBX)O!xT0Px_yJIOk7U`_vWs!u# z;P5YjcMKWnAup6k9ouYe(l|La2Z}V06Wic0I1KhMNkY}eue#9~+$ES6Mkge~#5ZLo zozD9YA3B8C;N8H~r&nOPnN~4r4iRk3-ob6Rn=R-4dpMUD!9YHIuqE+qrBRcU;EG{{ zuW1{nUp{^t$F_(V_viCqHe1#Dx<7y^G&n-v7c_mpZ#V z7H+PU;=rs_=n7<#yi1dM5X+$#GB?Sepk3g3KT0}geb`bDW;BT-I8&di0rvJt|ES@@ zQ8tn~vL;XiCoF(2t!oRsLyyOd=93`jw$j<&UWarf3kA#VKh7W+q5}m_;1g`>@9lNU z1Fr$${-=U)e**~jErbnF^qx1xitMs9A#tZ=-F{kDq=|xV)h$$!)GHG`Y?J*%)=r6T zj`h)qPc-B8iTN@hFJeqjShlul;c|Vts1qKtm0}hyB)vG-)g zf0g5%Q>b{O8!eUzSE002QtGGz57J+GoPw)s6AP}R6iuU+?~V2yywU~QPUVj}?VIoT zA3OjUHBS3Sr1NuXiojiv=dWJ9e1)lgVLxVq&*F$-#>cP_fQ54Z*6Zz*S&D=Dw_h( zG!IhJR#b>YzXwsYTYd`0`T<~I;Fgf8o#|kiT zikq@CTjk_^BtQRp5+}?rbIW6Ulj;8kQ~Y!7Bki(TY1Smj-yzqaL%Ls@i1a`Dx0(D0 z`8{u2{(JhgMgBXukN>}u-<`{Uj-4eFJhMeXQaWXA;)f(uQ#>82{p57)Dx9t@z1{Iq`!Zq=24>^0-kjvof-n3-GQ9NcccfoNc zd_+3`yLQ&Nb3SV6sAbl*!K*WA9!Z@)%if=*`oB)CZGG(=NGotPOi;}cu=~w>T*pMI zx6U)Hkb4T`Zdd36WPPGWlVrQB?B0j;oK-p(ERC2rFOmemvI&#BOEzOxHm_|-EA}tk zmHWGk-yL)p?b&siv{aC@xi1|EdHPX`EIlTffQv*m!7TU#*CU zM_3fbL?$^McYz%1RMD?tsshUIq)6l6OjH)8?t|nVHE=4>+#VNTGny1w_tKOAkv3DI zT(Z?0{NdI&d`b8eU0V3`Rg927QmTOn#b~tESD=8O#(<0!*8`4!4}u@3bDki%U9Q zN15pD;00KQr7BwT%3=|-X`Du~hxfu*Me*Qp^mspFhhNdXubw;!AG6Wka1=f|7#@zE z9zG7A9`5fw9X{RL>zUHIW4`s`(Z2uU(IaA~RK0&2{NHW3e)~&z`{zLa>p$Ip`tbhP z|3B3K*U$bhf6?#C2i={n`r_#u z#;N<~Im~ytfk7Ca|iN3q~CQQH8 zf9ZGUT(Md6PXATEpE`GLqntkNMN|NiHrDM2})(#C$$qnG1moF{|mI?OM z2k|Hlm9zyV`qXi%D?w_+xSxBk*r==&;f|&_Rm4NtE7ZF6G?IH;c0ql&o7Ib}`u+jC zR>uI7d8xcOJuOgQ44-x;zFd1*GOF=XK~^=P@_RNXm99H=MCekZcoi-bn_ug*70s(j zi1I}GG@PCwCf-IHk1E#TBzH-|9!Oos9yi);9&3m{`XFPcQ5}t!o19B8c`AH z`iX4}NK>3?S*AN|O>T%EHFJ?I&o|W=!#Qzi8kPIMHf*=@Mi1tA`k7oU{UgIE8@bEy zglimM>ah&;>1id}&V(h?Ku&bYz(t=KGg0|nb6jwaN<*i6>kkH!X3HnY86$rw0(85bg#iMEJoH7AU1CFJ$ysxO_tuw=STQVAU z8-jZKI<{tYtE{BzsIrDjJ~69ETE{c%haz@m=~~;Di&y=^tXpN-8q3w%r7as(&q2S; zF`z0gY2-tc1W%n3w;+Hj@iUwdDs={rU}2eDB?`z{SZ%O`n^e;pE@LQ8w$wT|@qS_? z0xwZhtUTd7gL=pWJ2Pcr(Lk?VAE&xtKe2FPJ>NKg2@W0|Ie~hoe2KhNMOGc!Lo#gjCB6e zA)U9Kn@@^b#Ept1nUmiNny7V+l$-*S4U}jDy+iw4jiDfyHsDk8DRXaSN~1;EbIo}>Bz)_U?(=D)xmvSUT^^3A!tK;e(qT9Y-@Q*XSsQ{57n+|A+)x@5;J zZFLLV#-gV>)Vf=zRdg~5MBUF5({I{9>k5R<8>;JR=^zczV|NFtCgZui=ck;V) z`QN(#AT8-*bIG}BXs&Wp8i$$-9pBz|?O1K2j#S`EiWlL2>X6QKZvVN=!Kc=hPo7sE z^la?;%M5d{ppT4##+dsY7a$X71J9l6>SP?xSZdS?Fvt-o9Ac#nCq0X5V)!giSwP?z zz#HW_H;f;>LriS^_OFG^weis+zYCuXX?S%_MN~Rq#Yvpc1AyQ!aXRAtHV05!`x`k% zE*R@gX`J?|MZves>~UPcX=6Fu82%EESW8@+h?BWG*{>Oy(3zUVj0u|5F)9`3cauJU zYHy}0g*F73)yG1`XUR%kEeNV~eN;bxw4l@cZo{M1+ym69zLc%Nue;%Q)U93rq^^Wz zU~ap^X%+nzHgy3lF<_?OE-KWy&J~-l#dNNm3OqOAIam(oib3dK=bo|L1!K8l^Y(Ng zXO6u|H8T7HK3%=NugVI!K9+#$A7O##%C>FUHPuR2jeS%7qFeFyZuY1~{DEef@zZzW zLKG}VBu*ptZrN84EYOPsIaY2q)5Yq&W)rw@K?KW1%w|kc7TgCVg3)MBLJ;Mnwf1D0 zE(LEj9oODUvKyl^SN9<4=xim?>uPzbdj6dKmYg~Voi6DlEFI^Q4%y#>HRNgy!H2A> z!B_sh)OlEM{RYJnze2JPaU~zxblK#3!USIGSscfb$eb&3U$z%&J-2KIEMM;;iujOE z=kM6r*VW$YOvz;VF!6>hOlg;}VBA+CnEWlV814k*r#MLn-1CiMA#=?8!*V9HL%80b z5q5^4;+ha2{7Xx2sbI!8dZuGdn-LK-jri0e4!gnSBtH3u^Mui~+SN}J1{qs&t`tim z=hGoiq?z)Hu1o7hiaNcV}{&0lEzvaSL=(Sjj=t+VyJEBtMU^OzmcFweKMkP z@-jVR*Ndk8Odkeno}yp@IURwRpK~PpT_UgI46`IjqjIP0T9FlCr+z|dTwlf6H%}h1 zG+bj~7|0!2L9$Cy?jAZ|nA5qzhE%dAj|fXcG0$?d9n_fr1%3)2GbDIANNWeA5u^|j zywLX=W)G=N!9@f)esso0ut1KAG=z|Up`CGQomDE%u&+*DAUfR&SWtcJzC2$hhrR7*uN}FMcJiKD_rNiVV z&m*!8*buR-lTgX;%pxEvS=99iIS9zPO&VsVI*VzY1C_{Ar%}lZr2*QYr^*PI!Vf_e z!2K*gq%MDTr80%m3DqAc+N#Z)X$EMKsvEXW`Y<4`fbS%8hZWV(rDuE$+f%ctCPwx0 zX`U)G7NS{APvIfHcvxY~2v9k&np+9pO4+J;rdz4wfrYGpL^>T}bEasDAU4 z>_$V`&Z~)5YIze_N{0!Hs+obzwmx$A@}eN~2PUfG++h;+)R^sbZ?pxo940F!EKA3L z(QzPZD{fpaTmuxyZ+D~Qp3PbL&82wVk{J>+ZngvBD5AHO;d3!8tz4y=93arbc5U%5 za$#q(o$zZW$hJDEj+1Oc$$qzsf1VXnCgPCncgc2ol2fJB#)Vw3lHVH%@{@ zAFwfd_X_fRD9We{?8dT$R6))H&Tq%0jv4jXLN#a~*Ax3%5hzVK&UBhO9C+DV?3O&wi?Zm3N z=5&r6_YZ1Sa3{5(m(OiY*iegJDczdYx5h(TX};q;{ItSW%?aBbZF_;3JmjzUFK##)dm&rra4I4epa%|%y!w}3DsAtqhPPKMTe41uvyFt+0>n=tAxvSHaoUl zwb?)0?%j~OR}r_FZH7sdkCuP5^pYHyX7elkYMcEAjsTS=^~`VPly%!+(vzP% zKX*EH`^B2yqNdXh*}~b}bM@Q&ZN~r0IJ-?wfEE1z;PK-|{Lj<-`agH``waX)jhL{P z9(bo@Z;-6tRmQ}GW)hV&8S>0#tI>Z*C9+HK?^-O8x5R~#YG7!~snO7`i55RURrej3 zQinXCS++beN^`)bO4)EPnHdd>iIj@Dd9Yo+;28JX;yd4Y|Gq=EbN>HHp6U;~6$^cU z%TZzYd6tmvkml-Z?F;rGc*PQ$$1`>T?fnlQth&}I%}<>!+17!+h{wuT9X(pN8k*m3 z0aHNe0o-K2O=DNxayB!j@5Qb#y&dldfRdt}5=#u(8dXhdHZ^I~nwdE8K=+Xe7P1Ir z6i9!UnvyesxJjO8{a$ZcCfW?NmsHGqG86H*r!XahNj^=s0C&FHcJQyYc7{okKw7gT zEF$3j#jmPKo!2F34Mv$fLzam%%tM{cSL3?Uv}tAEDC4aq5xW-+sg;4@u2-sz|Cjc*>V885eBVCN7P#_PKsW*G01KTl_`sW1s`*t?92 zoG1=rI{5J6=)v|?F=Sz$0CJ2)&Pl>9&E*d zYJoWbKd5v1cjHavLsgLaQTR;}ClO)kjLfJ&ryuk;rWl5~av^I-!BsRXGoAa^n!kE! zYF#;YXLtiX@mUhX(IVA9phTcjfAxf&FW_47gi7{p<5M^r{dxlW`WUWqzOc74fBT{q z+XOE-1JZ5LkKxbqu5)283tV;cQWA&DFny}y3a(tarS2xydlvuNXp1#EF0IRIHrn~d zS-}DF7Y*p3Q@w|1zhZ%7EPpxtRlRsnb4RF&8RbX~7jCB?zr|4`!zfI_W--ISOvO5d zzSH6(^6<~{p}tQbaY~HH^VX#b z{SP0=k~zseAOx!YlI8kQr}#_76K3Ogrq$6b?bFVZn0}s&6WF#&G)Nx2oBtv zQetJidH{f)KDZ6qcY@8BknDT)uzy7KpSo3*%G{>)MZTGvSG!hS54?rMo5)Bs;G|sW(j+-F6a}}p>u4)u@N{!`r zA}93V@e{RVe+=#A{`axJ&Gf%(D%6JEPz79h|F_?`|9kx8KL6{T{O(-;`w2;i&>=5! zUGQD-Bmve<$IFIHOu zM`yur<1`{2U;O-Y^p^*}BX{k0u>8?a$FI&#&;HRTugckzh~+HISwyy#4(5~!{qUi$ zo~Sk-K6H19mN8RX`x*;6pigBoCxWSIvQ$TT&>4@TCbmKRq$CqOLSS5dBOkYx_?QoHC&=mf$ z-u@<#w<_1K=bKlJFgHPo;Ez{M)|B5AOgrTn&s7VxwRcHhLyO~@Fod?y#lQxqmLr+8 z8B~_va-q-~m^jBi&UfJ%xh`@YqeCtHy+wsBd(d4r5-U{t(=j4zb%bqeJw(GFB@^d@ zjpBD}b#uk$0e)2L$%K@+!6v0LTzVbX#;nFYfLOr=3JwqIvHwtksGdavd~CYrrA7!A zC8=f$XoP;qy0vnXu$jhm7skxA5N~G{V5Q-+`K~y9ESyqPB=(VloFVVOO7lZL9>_ueuOe z5FLuC$BLDG;@+y~*>IykT56}Zb-8v&x3%zk=ay61Z0!wqYhU#B7sK?k#wxhB;l(Rr zCbk6k6(ci56t%|!wq0?2EZ$8p3a-CX~hQW4W=xP~ckh5q;S>0!P8)1xO(?)ASr`F%e9?*~Oc&%U{J?a$EV7o+=` zi7wRqAZGF7v_3P&r_uRZP`Z)EXTI0n(ITJRSm~?v)voeU5l-Tqg?S-bZ&B+2InC=m z75QYb>R9VX9kl9$1#06f&hrJTqi|kzDx~xboRuSqxq4DMuZnw%5K4zb}C(NVAw`b^iutG5o;YWFIrC?Ps+y4if!Ur(A>O)7#`~C)yWflanl8 z!z5R-rB%i_-Es}0$M(Ktxo^wL+@b|e19ESBTUXe)J=+@yU&C8b8`psQCN=@x?H}9r zrYEt%y5H3HwxE}fwY}+Xzi`{z+7_Bc67;9E(A=_~vv3Zp%rwr1x`CPIlbS@AsU&~g zrTKWfs9Ca4Zx{XC2A&nakFftirtNhCL09>IJ$cmd|9W(IAOCqLzt3p@n_v9bi`zH+ zRr0@oezPA;@{@Xg!3dwo%vVR|W=1~v`c_PQZcjJ#_^JSNV}CEVmwRuodvC9%h7UXX z-@vH#xqZDVob!vaDt%^8FC@TwKd;YYYg&2c-JYfCwhsQ)FyBPOf=>U~HYS+D+N*t2 z`%-HkA8TELPQP&5(%MFh#iHA%G+}(2?e)=?3*1+KaDT3LG5Qa;n(LbgEjRpBeq1;G z-Q50@ahZ<=Tf+#n!vAakX~X{W_|bj*-`)H^pZ(_?>E}}zfgIBOVk|)=OpDDyWt)$) z2{~hZ8pBXKf;X}bIbD2Y8km-zT1`Y&yR_|H^=oynirbr~vNUw87{k$(mUtJnkJf5f z395(9XSAj?o3&zgv6|m(zF4nq*&DZ%Vx|d2)x4rH9SOnl*?vU~l~!X0%$;(MMXY+{OB`%~!_Q(GUqYT!IB+ zp* zegaP73ad9`B~@|v4@||a^SM3l<|2ASPFL@BMOU}X@7&R{o3p%D-S!VmE(_}5G626)1oUabe~~u7 z7~3y^v)JqluRqS>iz9p*V{ZeQ>zQTov-K>p3mxt%om{cG3^Hh2>j+9tP!a!&MY_<@ z%Fdimf|)6f1jVlw+ptXq4QgQ3=Fw?$qUf&ts`&x?t#xX~G`PszzEG}S#}BM- zEN=G#YdQ%=v2=}(8==aY5LY9~ZMrskDp39?*>RCiHeXLo!mD8{Bs<>-%rC;4@06-6 zG4wH>gcWQrwxHU%EBMXOTJEcw>>U5I8nrF)opW0*wry8g@WO#N_LFl*|Kl63SDB%Z z!7e+i+Yg1!j8E--e57WEoqmxfCp_`6c&JgtaQ16s8Z0vU;QWL-)~!h)i;w-q%Z%T+ zYqlKqSe??|!T`Pje(3R`G#HgA&lv`edy;HxnSp$LMD`zb*ItQMvEw7?zqLQd*yWx) zhN)MNuk8(Ft}dR1odvR&8bH^9z2VtWhjzL65swxP@9tPd-YYia=hnhL-|y!7zk5P0 zw*sut{~tX)tn2@epX}Yo|J}*&^Z9>iby&3lMSsYex<1P8&>lAS2~S6Rdy2Vi*F`>C z*)R9o2PI4vMu~haJ*i%ZeVxc{yeOyV#EMA7iOBAV0oAr|{RtRdHzM-`R`53F^pqA;zd9;~TdBchUq1G~@*^`Zc$-BM3{ zJ@M93nXY@ce7CQj)55uQ>Lm(RZprD~ciWcIu=CIRO>?)Krlx8%dMAE$dZsB9z;)*5 z7?RZtGtfXr!6uusx_9a}%bQl_FL&Ic;7Sy!&BPoVRj1?Hoq|rO{B%tart_qE+dXUC zb3d3-8!@W3gFebCO~x!gDTH8YX;kcV>V_MdMwWAEj#0Cpn2{D?4L-W$&(qm!DqJVY z1z?mq47n`T@(`G>rnKg_WdHuD#=K%l~@^`%mxX|GW5Yk#m|W9wQZ1;wq~HBPGKkP9nvBGa6peF_VF}MJ^|? zB(lgdE^6Nz=iO}rAD#!(=%!<=i2r*0^x$!I|L;FN ze0-n(`%ZpaAR2;`&}@lf`1 zp2eZ;CD`<>rlKv?rVEzqvEW6fSPD`WN%%Mp$&lsOjHMP3{4Vgktu1o-;&0DhdEQ_! zP%^O>v5ch=OT(CHxm%rzecd0N(Ao&vCkMg1;GOZ8;WEy-nD+?}<9@Fv*f^HCnEU%d z#KS8lf|&P)I6e-qhJG_#IEQiAwncT(%}BG^Yt4mkX_t6NG%)V`G8F-fSQ6k~%V6P9F5NOC=i z!wCs#szffhZh*jw8B2IZQg*GWh!jeYM;dNWZPy%aWJ*&yW+L#sDiKx&fOG22_r;LW zER$t#SNcg1u~`oZJz`nH=Tjw&D&ZKrhd=p2I{_yb0$5{ zCu%&AvYbh>9~>P1#q+U)!{Do6?=Sd`(nFc*1OB|oSQyiU#A#OKM1~VKrSN8poKESO zz2ZDCY1V87MPB(lV|^k)?eYkTm<&Y>x>uh(gMC6wb4RI+Ri{eNN_ePrFOLxRj!v_L z^@-hGp6Bes6+^wUEdhJjzuFCM&zc~6={Qc`d0tM(tGdO0ayoXq*$?)g1p9u(hA~b3 z{XJhiIrO}&NRo4&#NkR<0okKDq1gSo{m|ZZfnfFUIJu^C`B14#77m58hhSOHAMWC< zmC_Sb^V888&(8&uEX^MxJb2$POMs{lbnX!n=M1e7%ON#NbTTK>0G(ndiYhJmdK|J{ zM*2``H=yhWo)@uU;h=knSAq@H;9TJPB_5GEFUU17l87Yn6;p2{V}!lS1toDh;$n&{ z0?!5ME)rfAD%w6yNu0`@rXkav4O!pYvSjH}+*XD0SLtO-;eWyEZxLttiMtZs7Qv}& zh=A{^eRZz5zRXz~vT|qXi{O=bGPkGLUJ1RXufRou!lUQOoC`W;Ckd5u6>a`w!X+A9 zN&s{6nkU7SkqhjIKu^2mbYy6+<9Bw6JIomzRh^FJxlt??oRUOyI4+S}t3xkN#}$Y> ze#i4@7&0k;;1OE|?lH6^Qy!HL#|z=E4D^c8=qC~9>?JIKjQ_QAu#5O#Y=aTL`bX?} zN}*ZR@42?}4anauW=i(!*Zb1Xtr&=XW-L^k=ZejN^TR=)-lWdR z>SdfR0s`UZL(tTgAsa<83+fhef!!j++7eYG<684Qn_E;WT*8DEV1?pTKPd(JTKjnt z$x<1EN(_4ua^JWjLYxw+0pBH(PZ`PMDU+&$YnsBQ9ILNUvJ>c#kZ~#FVVuPI9ESzj zZ^B|B>)24Dg<0LLl9Tr|uHd=v`|aYZ#>&lQS3(jxWQjhZXqK)2DK6p5jQ&pEJ2r99h|W?6gRRUv_}}$?`m<@1Xmf0tKuvX8hR-rKv|E8@NV8(b2v zoAY*+W8g<$7sJ||jub~4aS^JMlS_MruLHy34npy)I7vXZ16D>8rqt<%Dh;eSNr;ku z$#kyoe85m%Td1Q>XSasSqfQ4X{$Z`@nwI$b01wPYf2+EvS?3quFnD&?v3D64IdQr< zda$kZ!Z1(ZV{>EY1E0%i$ZRZeNejg1RBTJ=9+c94h?KQS6OM_T&-qqpsJ6 zg8dtzVBbZ-{_UV({}Z5Kzm5XUG{}$HSkOpGD!@W6IoS{Pf<4cB^D-r8e8#3jCdmHb zE;-mc*xN-FdUjw;+2oo^0xF17k4AAC%L$806@MJ(lVS+Q4@JD%K)NM!nitaNBR`)o zUt5L2CK5|BrN44v%u!0!Lk~l#CaeV*d$Au*XgX#R4K`@YQ144if!<@FAmm&z1uil! zXpTZ`6puy>mSx0fUI^7y6fwAa#i<^m1O>gQeW*oVuxZ$#^bAOxOO}k3Qbk3i2M`O#{SI84kO`G!sDyVeBBltMCfS4zSssV5 zqd>x)@F^d&l&O`!rgM~o)d?_R)>i1)#x#wcC}NG6&{j;inkvk0$BhzON>bEys!a`A za>ll--ja+2pAxF3hP232X3ivI>(e`D7y6SEr81-sb23t_i>7lDOIa|v{*Wl6>wTmN zRfa63BIb%gD4wlXN*i6=uOrT+8s4xhvma?XR|{E!QO*MNgxY3vr-qwGfi0K8T}6gI zO9UG+VHnjLJ{rYfbcALR4-2K)z?v=JJhOwhv%|O3c#I3&+p_=k3(5SDN+!E{o9I{R z7#GjXA?IXvsHx>g$woy&k~qBr>*?Rk*lNtcHDc#Q&P7ZU*%M6iWX602-U0mg(9gKc z{Sp*h>E73FkL%2)^@Cx;$31Mrd^Hmo)1MvqIoJO@?0pT#ns&bQ91qR^2zfUDn>xl0 ztKOQPZXA&!jkH7iaYn-lGu`YG6MJ+J?2&ENprc=Px_|Q&?M&$$$WU=#paIz4>|Mw* z*#04(W=V`Hv^hF-7lHRr-2orw6n4A<)tq&@6`{H30ZRJ4-u3l$Kmo*ni*YZ(CbIY9 z^yK;31vr>~?Rh_@36rusEQfP*v7tD2La&KpBxAvl!N)1N7I6-D&XSLEg(5GCWiH}j zkyp@TV2UMi8z{bG;*FC3YV^7319eD+WB{ps1WUBY5C>Ah2|Qz`)CDID#AcfnX?aAWF1qih_Kgr?(y zju{#A851d7!80+9C7zWujl3kD#<}K*jp+n`pzG)R-~I3Y_ZffxF8~1l|By*kH2@+P E0QLvz0{{R3 literal 0 HcmV?d00001 diff --git a/assets/bitnami/cassandra-10.9.0.tgz b/assets/bitnami/cassandra-10.9.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d1e1552dc0c7fb985533240c6ace1f904c076716 GIT binary patch literal 44177 zcmV)UK(N0biwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYef7>>)D7=5`Q{X7w6FbLxbL_n6p6q>G+iks#9Usfd?%r;1 z43Ut8m?BsJw4-fuKl}5;03bmUlqg$HySve^jU^Ho34SgsK04Me4kWE z%>U58cU$Go{gZrf95aa}Ww98x5DKuw5u0`cEM-Kxl=T9_C7n?h#V3Q0oZki-EcV%W;M$mVkvw-DkaVS-8^|Aa_jHhHyVu{2;NHT9B6cRzFF$s}mXoll3A}GRqN)Vp2G?oIf2>?Ji z;7kYwV}S(W3cnqcaCSpO8c)%TPG<<;U>e~uji_9-5W1yuhGK>Uji(Vo38S%8@Fti> zDJR|5j47JUq)f!HXUD1=uz8CHs-yOexQV+MI^AV_+5_75u$U-HhUBJ~aQ1-&vJ z6FtW1l*Tv`4wLS6#m%&JO%}I|hcI3_Gj=ixsbOT|m#8(zG?tjgggayV?(`OOvV%_I zpxZ(yo$vVE&7J z%Ikl`g6mDUv10x2Ki%7{tpB@DzpnpZ;^*z=e0Tr*|1a@*gbrD<;B-2Z z#g+dN8l4~gwewnQjh&N_#9#;TAv!oeIQ-!l^vBktN9g|(Bv2X~`aWV~94Rva&xs^l zsJG_f5y%Ryxt2jVkQZaGc1vuQGsr06d`s)IH#d{PAZjm5RHQ<1;xyjV>>8d z@q|uOt`)vi==xKQ3NX5A_%P*MX^BRki?R|m$PV?B3nKw{^w0A&ibf>hL@M<(L_#u- zr{plgLUm7*2!I&y-2xOZfvk|Nsp~dbtZpkJ0k1)v3xq*&#++jhL>FHRZR9?iFpkcZ zKo?R`>m7^IIoT51s&g8~&{|x!Q$y5lw-9>t2pxB)UHz?$`A|PrX2E=6EB;6p`t=!} z6DVLoyEV~IKeteU(9mFk84qCzE3%q97K$=&EO(70S4<=s*tir&(IRI(y%=_Zl-)@h zMe3V^=7InOa_F|0rv>$@3G_0EQVYs@Hntl2jwxeEDuYI%AJZ}6F_A>rWf*Ox$~Hki zkZ6tqoM_X95`pMM%{nBAgwb?hmRi$TzQ$t`31t3AhHwZI3`dcgfDv1e5V5f`QUux( z>A0gc0)#n%h5{A~8WK)IXwQW@M8AHnG0RU{SU?0aI zoI;AHF%yyoXwE`{XbhD#FlFwl`gx&K77{bZ406SHT>@akI`CVHv}_2~ z2|CrdBD4B#3mCQzNxW@muW4q8CO8sg8A2A=q4_IWK1~!d0khVsr|+gU17m31Cn6#w zS=J`zQ-KcDKX++O)wWI1ctT?;7bP*2c`vGx=v%EdyB-cD>C`JuCb`wEtY)KYE9040 zt>m7>Q_*wy5CCA-XvJ{$zA{@wfM92dBqBmz(x2JQkES1PZ{;-;7Q! z-xzQ?K0d&~PRj*^dp$Q_R^BJs3>K$1q$Ig4npu&P6w7Pf168D*%a zS8!47CK;zwJ84Z9;gOoPinX+N5R5mw8fTVT$)u~gTfkdqoPQOEq&4I0;yy}9Kqm`? z^CepMU%x)md;(MJ@j-Np7vixZX+FkOpvMuGM99ZGh(v-YazpWx$r+R9oCp%j#~NH= zPF!aa8@$gf5WRrK0ZG8|XlHIu`+<9p5>7gbswC{_M|KA1V>U!?o4Uz2;EDuwK-j(- zMM??wvSMO19XqV^R7fQh=QvIQM!<r18|WLt`Nc4qK1Z%i}oU z3mD71TSLIg?ir}D0TTyD?vxA1Zw2AqR1ogWQXI}{tjr2tEjm%U*tx;gYGyM6r9r_2 zUot@$#VoE?x4lFe2&H~sIe1)k(FKk}Hjfr4^Mj~qMdpcIR3Vn=qR53~WS?3?L2D<~ z#xk;_Ef9iq8mqy$DxrG?`ka2KI7-zm?t~QRk}CsA_QVPmKY{|?&S)@0IN}6{3sC-v zKns@g9K{ezZ03^c$QTFLx0r`QX$1+ERJ-hVP>Cb~j@2~9NYHr_5hOrY-^nH=;mWR5 z+WU-HdW{z_eNAgcfZ3FK^av?VQ=&puEp;g`Wxr|X+uY1O2g;9Rf#x_#ROQW;N_7G&>DNa!S4FpQ?ON8{+kpPJ>Nh4qZ zkhsuwkTgozg6<0I0ZYC#uC31!Yi3OGPh5+R4`=jI# z#WglG#SYDifQ{i>q)aL#o9E+^`9^f<35|&8qD!UtSOrHQ94`=)vx3ko))ORCsldk5 zwu=WJi}RtetBSs#qBRCqu-l}mV~ntJX+cPM$kJG%vvfWtTyd{@hGG^HFZgtR$*xH( zoC;DuP$NTdFoU|Ds%kg_5-V(u@~<_BaU5Ku3-wP;0TPF>O*o3F3})!q{6zYY zDb(_n%vl77+Qk)#yqvbsBGC;Z3UWX%hh5|VFdkn|bGnjK^iV^|pZGeZOxF=1p-{`7 zmf;E;9Q6bVSR6V`s06I9VQnnFJ^Icn7HUC3A(_yaglLk+U{wjnB3Ck}y6>K`#t;ou z0Xy(Rw7dUIX(!nj4pA7WB5KTr@b3VOR(F7gXap;R86GXz-&`IKk#Af$`6Z=lajH=~ zGPhQ>?ocTOsz7-F3f42Rf;OkPqs7gbP)a@Not)P{1bLfP*4kV~dsl1w^Se_tB2rCj zcSe1lSrWoIO~v_N`J;T7`>xhrZ_^UIGE9xSU*T&htLH!#~*(nI2qA@5CG=| zFvlP1Je{K%!3h$o=+^1MU*G?5d~p7Lbn<_Wx4Y;NM}ZQdBt$rsY>p)jK=-B-bQRO+ zs?=^wZdbP(lUuhi;wONMwFBNihP-%!qCr3(nXAVgHkNSV@Riym$L_bc?``){{*kW6Eu zRVv+Ei;@P~$?-vh-Y!xk#4xK9rPvPoyL+eK`ikzAi@q4V+|7$7G`I%#nd6U^IURP$ zDdminLFoWZ84J-gr6GybNKt_X{XRPV7A0!&I)94-#;umtL30{!srOHmM0l@Wi5)=j zNj|>Y9%D?IU$6uSi9do9hQvM0gBiUcq2q?x?e?8tEFpRg6g`%R_lmmjKitgU2i=*R zN4BeOuc}U0*B_=P7Ej~Ys-l_ghqjE_Y&$oGLK{PJ^-b2e7!PzGz$&OtsFCk66j(q57Q#Onvv} zO-pN{Ad`mZ+k=bDy=q!tg4p3{rnqPNZ?0Dv6x2gvJD?C3I$d<-A|a(` zz*9L`kt0`ecP?}7+%kS0F&t_q4`)$Cxac|1dXIFw9ibbhpa`~#$SCQda2%ow7DY6k zzJ=HBTu|ax^>ak{4GqXa5U5|EM4(fkmU)BBE3HT>oj743@ct4Ic7@FwR15S$M6nvyU~6FLdqrs%{(Dw@%F+QVVkA+h9?h>m37Jt8vbDDa}AmInCRF)j5} z9~`Vovn65SX%=T^oSv5B)H<55&<(`PoS-dF#UXmbVN>Wrnf7iYoH9=30=D?hinc+* zLh(2&(Orv+3Z_g?5yHahB%F{rXedB{3I?SKov^U5M-_%tdkld9PH^p7_$fo|hLYQ! z89F^WW&^3`Kir6g)jrB4_SAtFC6=ED+%`gwI*6NZ7W+Y6N2P4vxbPjwQ{W*nuc?&&Mp1`bgk{+8`Y+elt2$`Z+`jKZVp8 zn5V_gZXQ|nZviXypoCIkW3c*OuVX%RVfDE802u{PuS8bKt;gn?EHpAO)4)e38Jc4m z%$B2K8@eWoChcf^-KNZwHCl7xK1}y>Ta@gQ4*tiW{9xCjY3Wr|PVE3#WI>?-AqyjK z_P?7mQE?5Zu+LHsH^zTuzVG;__zu`URZ3^O=G2h$cBV84`B>9Y=@6!TNscN|BNCB7 zGVY9%sG-S5rJX!Ghw`gJ6aER7Qc}x zcc_b%0#L$=a%anN5Z+Q17v*P!E~H zW`!<+8oH4>lBcAFkcXl}r1$Y#$n-i3#;f$oyf8q9XwdJ2$!K>62q3223Kd+pSR5@7 zL||ncxcwXOaKYPxDYt0ol^=#Lc&JGB{+N&M~e%_(_0Nvjs}%GRAFx8GwD$om4Z?9M{>&~5B{7^uWK&G4&ew;@b{O3Pl9^PV3tkeI| zBh~O<2ug*H3Cltn!I3Um7HDQ&?DSSpc^VZGN3GlE(J421HA`lqmIn( zK8^%KG!8fcC!^AW0{xduv1+?WQ_CQ-gG3t4RO5>9iVeExWP%nfMIl4CI4<NLlM+-FO7zi_wgrmn< zOT)+Af{)ug?rKH`MLVaed06yM=W@{tD4QM{6#O8e19SG(crk+b27ylWGZdq24+Cx&s)s46syMIG6h89RQgl?3Xi6#EeBD`c6MUGJDb-m`DRP zn{!|z{a^*KR^fqfrS^=(5IyUwRoJEH5It4Tio`Jw%ed*Vk#hHkXulv148wVusQ9+N z+Ino%6zWPwY6_?UD>VhxkeQl-YsgL&aINB#dok2tGYqv%yb6iAOcO0RA6Rgjwwee~ zQ`F1)?z_4w>#=Ltr zAR6_xE78%Rj!-R#d3_Ez4@lKf%~~O5v9{%^pvq_bpu|OCy4%)@LZESTMPT0cMh@kz zr{-sr9R#&t%k#Qbtz7~i(Fq9_K}3FF>{=`VO=J){F*`F=TrZ?9fD&}$`zIXs*$*O! z+=LM3>`im&0|z9ikc4+kn5H9m=4m8p5|K^@SnnDaFeq)EO2X$f25a(rrSqQ`Ci_Wj zXXp;Fsy^+lI71mCa#o5PKrsZVs#gXqK~n`4j^^Gm9>u!(dygDkJ8YulFHnDJ7kqI- z`k=M&9YWH}L_`H78p8R`{*9>vf#%+rsg?`d7XqbUo$9nm>$hzxHbX!cE@7c0(_w!2 z@*oV|R@7VfY^E9Dpy0`{f%7?-QX7JXB*0bZ=6RzAEDQ@e=dp7Zq9ZDJssn<*O~a{n zR^>jC=5vXsaR(<5c?HfCXHgEvI@}^07q_yLaNN~r&CHVAGY5B3EpBiq0aCu`W3*7) zcV<_?p40ds%b9RWW8;2_v-mMZA}v$l44jZ=qchL6piOo-U}AO}v(QfmxL#9AjpL7R z;~dZ_{^)Jk9O_BqMr{^gmL}tj33;Z&sH}$b!<*41GS5`WlS!eJQX^64PY8vvum?hg zJ=$mvLVQQLkbj|a_Jgiy!>tSquahp9=?UZdTqR3LT!X<7x~iU@GcGL#6i&GXILa8? z0#&7a&RF#vP8M*CPT*gF$MorsA0RpnqEwgcHE0+z66o^v=+5;&%s-+(pZ@jE^@Cp` zbof87SJ!V9D-LzEKF34!yx#|fC=&2pvFC^R$02$?c==Mzn_r?KdfDIGZI#`tX1vBq z$4{8h8@qOJJR?Yj=71dpTVV=S4I~fxhJ#=>hQLDIVjMh)`sgyGNQm{(Ky$8byTsb7 zhu2%7ZY;fp>jutSxNel}3@Hx@M6|$wz&98U_y&Vf4vW3`_TbPH4_owvqhieFCe1Dr znc2Y_wAOqItrcZ?@m*1@>-lR$H>}1b#7ho3Sh-3P-k7|#4Z@ME%hLJ4QY$*gj*0g< z$wI<)$iGII3TSBuVGW21=kRL2m7cA#St^t~^ufly+8w3s)So)IV$%F>zScw2-Wu7l#Z`*2d3Ye!} z*3;WFF^0`7ZT8?%2~3jD?g}hB-IM!E}^v`T{Go?FW%Zb>pfD$f#9j6u7~PnF8nflG{64O>lJlu|BLm^(`?$< z;to+@5;-LCPbz)T3+kE!8zoxVgP?XiwqnNT`kazlk+L*5S4LyL(qT^9g_CF+w=Azf z2?b?ieTyR;2a3JW>*7yX>vE=4!sW^>a<$3P)W`O4)KNHf#-@pEGp2x9ElJ&CBiIeP z!10u13lH=V*%Bt*tym{b1P1SnYdLsK@gQPp*fA*ycxOU6xy4b`d&G%S76REZU?z-1 ze{FZ|GFDD3QP(dg{BzLn>i_z^-8~=K3iaw3BCw(+qnJHlY^4wBPP?Yrtnd(>>GPF( z3CthYb3Tle^61nXwUwo&9ZNN55`##0Di(&t4xnol}3 zai&(a1DT-q_Ss!K&uy}bc;Q;fZV{bzV2&3`2{lJwL!%17zOyyNgigjM%vn))eimo1 zWXR4j(0vIEzCb>EFe`WGA7RskdVZ(N-+jMvSAjK2?2k-p(|q z{1GHE6eLK&2WL)kXZy~1LM~1MsVNI0SZPe>EZii?ZuDu`4ow8a+*%Db;p`*LGwGD* z;!L#_6x6#P?)j7~#?po{lxk?GUND)U2@D~foD|iKntl!P23E!bKM)-16Sr1-;w&Lt zI^Ca{B6@kPcG|vQs+)qrUTUjr0K%U#gF-O6u^3@;>+^1FoTc!Ly!qNm3_u<8tsfc* zQanT8zREU(M#fH6B7#6J32ad{a#YM%8ik6DO=6@<%D9SgQfvwWs*bG`K4S4>X+@Ap z-fj*sfH#uGF)`@_jC3N%U@~VR0f&f^#EUNa%Z$X*?P0bsgnlr@;NtX>PDvS%zQCl*D!Uz-lY={QCPxtcYYBVav!tAt! z`$oToBQ@r@T=}go!C6Fx3UDk*p24Rv?BkD0SrGP$4^IPdFi5rHdySAj$Ikc=oy7hU zr87R|Psc^RK;N=@=Na4MI}hywZPEOol83ooDc;)lGQja&$6vCqqrYVIbA#`=2?v-l zJ{z6pbjo)=^F*}JRg(`^Ng|_=gJ{%=jIv~VqDgb-EcCW`o}HY%Q>);#toFz#8a1u! zg}&hN$JZItKPE>S`gHnR>)9;BT@>TA7Q{@?DSKV>zH4%6EN_KUAG&tsm~qcyJIKMhPv#Y9UsS3$?~tyGyXo;a!$cp z;ulSYG!P9O4F&L^N1w8g_`n}%E&J3-yXsW1iK#CL4*$ZbByZxNUi3j~E0^gnw69@> zSW>eLG8ert(c|^g>ouD;Y$WG#(^MC|jfKv-X@t_BQ|{uKKj^1eh8uv zl%7^?Cm*3I!oL3IEx04#R4H$|8h$+|d``74>QP%xN|8Nz3CQiFQFTBJkv^FUlw`Lt z;UFOOAz!mmnJX!lz(81?ZBa7kG?zU}YjPcc4rlVcx+leu=~7o=T}7$D36N{m!>J=i^F2cSV|Y)tf>YmJ;x zYm{xiNe@k``DJZATsHb92s#<+{YbhQ>ze|!>CSC7c%5v%v-&C;+WhrO<(tPjG-#cV{*LvSwa=x#zop;Bq@2+bDzLzq;XYP&q-0zw1*_;2p z$VMwpkgm5WvHlrSfd4>eEA>X=1D&okgn6j*m3nJ-({L( zhZ~*qmk1S4U>Z`{GnmLdGCAn?=gu>GZgQ~u;*`1*rEnnAZ6F8f9?HB^8-){^o|#xp zGl6udi!^be!HnI;R-*tNc*3GkZ%2eICVH>7CPRbfRRmnXx3e@>1vekv+$nd{iD; zYQXO3NCxp?A<@SPAb5`O{{;PT$9T(3dRH+-S2RSO^lAuyzek@?kV@1E+o+8?lU)-Q zqY;9nLk3eFxnmR7gN;0+6KU-J85T$cffiua_E%WYP@pZv6nzCuaR$~Y(9Bj7`Ws6j zQoxEZeK8*u>x{=Mi>?~m`PlAgDP(jbiIe@Pl$qrf=*9Y$zS&$GCEZ{)XJN5KzAIeG z5>cBMqL3M)bTQ(o4NzMWmv_$DoX8nT;lc*EYP@n{pk*Vq3e0RC<{PgPa|yRugrpN- z$c0b_z06{$UQ2as5z_ZlRhRMAH&kW!r<<#)d>vT-(kfCw%x{jAp|5j~RfhGFMq``O z-B=;T_KLS#m8zE2_F~n_eO9H~U&fRu;xBQv4q&VMi%YOnJDYBW5k(Xd?V zeKjHeElmh3F*ad1RAGHJ7fR+rg;JZ#O3?uRy7?&@fLuRQMFXIB%URI?@ZGXkWGq?E zU{Q0Pf48rNu;)mBH5_tpA0Agv@ITdhulKyaM-6?TL&P0dEiO(`|A}HBa;1FjSzL$J z(6cs_6_J+&!KR}z)?9(sNac>~$(2GncRhgFGO1b+0mqQ>P4bkqJq2`JQu{^!Mc?dP zI_vBk6VGGA*iTukRHl-#ky$`)nR0BarE0NMW{8|j(3L{*YR4!vYB_9x$rh}H*)>X6 zB?ITmoTJpRw_Pz;F=rZJn<-Zi@1eiZ*x0%bwp7?VQQQ`@+Cwzg0P_MX8ir8x8yuk% z`vqGQ+n(sjBV_fMhkgan+4T3d4GB`q>!vt=Xg$NcOE{n zmtOf)K#Q!B9>OI+{=z8BEBmdxV&${_tJQ=24ntiEyb^H;p~1gNzYEA#I$wI*m;yF; zx659!kV@f0*~`evo24Dk>>N-NJs}<*l00&rm8X4`0#1OT(KGVuLo{D>@}C9TxCz1= zkwrhgAkcA$|F^cH7SG6im0tnxa7%e4AA(!BMncog?QjKsvkEonId?i{0O%tKA`40f zeO;@CXiO%In@&68=8N{0-=&{37Bg;QD(%?1&oU21HoUcC3xAxtYsvf%Yz(z32b*>H zzBzO*F`p8dA5PK^ORV?iKd`Ym$sD_@uZx{+#T5+srH#sd_G6c;LxwCiD8!gnG)5Rr zQklXYHF$Y;P@=s(3d0((CT`W<1lf#IrqWw;dMm*~WMQ{6EX_W-KJ|sh3*#Xd5=Tk{ z@GSNZ$*g%LrDqmwEGLo{nzssHT}lmvHkeeyN9R&%3PlO@!{z1qs^k<6U^PsWfoud- zIn@QyIdSa?X_Hc6e}8|!M7&j5Eqp|Lz`Pbd(&T9+>M6XUVr}vYL%>2#3QIdP<83mE zx?yu})cr|!<7YQPe%1B?mk-Wv^@XC{#XN%h1C|Gb2AoR5a);>q%q8zmtQ@4nAntX( zpN!-ca)=@p;0V6{`YYzr(wB{`d_p~_BCWuCC?{!-h( zpU?+aO34Mq0@=I*F= zIxJS^wzSQ;{hGoZ%rd36L$^vI+x^?|!pT_$H_Hf+j;arEEEgoS?Rv!6HSDQ5F^#$* z4=3RS2Q%Wt1A^8mc^Y5$1P^+OAU(#X)q;6a0u9{kQQ#X!_32=})=$7+6-y8hOu$X3 z?utVtT=Swv)uT0L=qCuX`BLeN-uAS|BamxX-uX2T$L+7 z6EY0Rjr(Lya9oC{o)v!6IHwoHz#0N%{kMaosFcP)K0`kj&J88E5eu$y0P2RMb298c zDVN{`hn`mf7C+(6KYsqN2ul(Ni}Gt0=_?{t)sRFI&!~_f1BUK!pE9ACQjO}x`QZ)< znND`2*cKe(8BoTjL(TrfjQxkWf)Z18;d`O9a6T@pO+zuXO*P1qh_W7hqyD*ov8;Mwl--rC)2 zx0{9jkFgh8!eXWo<8fBnjMN5Cu;o=5Fej0y?Lu9*&Is} zmS0FFaTHQ<4YW@M38CMGtV6Fyz0v5kC#b>uCd=gM-cs+}nm!^jzY!e~-$nEJb@rut zHv5G>CtX_?r;>f2C7rV0N>^(O5=}aSPGb^6ezSmZNhdVGl87!kgtIwnKw!W`nrP+q z{P?s`vedFYBWCXQJ+`OG%$~On{MKrXo8ah2vJg^P`mnXgQz7AJ3Ak0B?2W?J3xt&d zQ-F1u!OB!G0e3kQ5*BV`QSh%#&2v){Wnb)`nJuxC!|0ZPTjt1rJqz8{eS4+yRCBP{z*QEKO9_KqO*h3W9@4>R6?r@Yt84+E&cZ0@x|!m z&6!)^9pRAl>htH;!TGtb#6glcg<8M<+CkrB%w`4tk7R*{uh5o~o>3YS)K)@_#a&?{ z<*v!1jkZD>NYpN_IPJ_Y6pr62SzOYw+EBHfhY#4bslAQ1QRnmL5=zb@yA-1s&&gd; zGIvY1(Ki-{){`gJ2Qr3pp^)b5c4pmGu!blzU`*f?I7uS5AR&74M3aoNm0!wM3Kb3imkc}2*B1Q%DEi<)!}BV9wE_73%GY0j>y?-@*XL-;MH zQW71GJ#3lNp*Ri|XLKqwl}V(JTXs2#L&7ttzA$G-VRbigSU4^1zAQA~pLFb6NPUfdQj6}@{4nD=AulVi7Yjc!X zO$ZasYcf0n&K-34Kd*=N^t4%!H95OY>E0DLLDzN3>n4vF+^GBcv+J&}rsq{XHSXmF zOL?Z%D^*rg+Ji?bX(Wu4>`sX^bIHssVFaXC-nJ){L}9yTeJIR07=#%Ku3bth7Lh5; zG!vntu`IGLm3L#|Z?+zA!m2{AmV(f=ch;NhsKd|)!QuqV*{jFDcBv$D@l*fj?wm** zVu=Ct=f~TS7FaSC85+XCo8)q8Qo{Hy{)d+?VjBqvjB-s$Kq>sRdt++lhM>C9AlW%Yjk zY&)b6Y81d^S=Qm5Wl$@Xcf07&uz-`9{g+703gf4rbW(SZ&L}?0I0ldj^3ko~z$xMT z5VURSQ;;JX2jzru5N-w_y%`^Mc!)mhXg8>J&Va(K$z}o&s(u8$e5yy$S$H}|9+#)3 zn#W_MIqH04sTB4MkDaFZQt2*A+3~gkD z)*a(t0ePVQ*NIWLlm+n-Ssr&2q1$wXsIR1!;uHNxi}$wrfBT-SloORW+F0TLeZK$vY03Y)zyH<$`(-}A{@Q!eI%LU$)9Fm2cc-_QlO1#t2i?}_ z{OGTp*EArpAe|Ekah*`Yhv?w^;P8jz&ThBgdeYOftM>%m(D@KzGbc16YHfHmSHulw zWQg)&tqUSk9@{9pgt+#lbD|z)65Ul)wYviNLIBR0lS z{#gIscBOM?3GOz2qZ#G}!F%r>6vg;`dy@A6ZTWMZn8SIU#7W}^wYHb_xn`-jckk<# zp!?F{2vQ25lex}MX|fX-7d{*jTgjWwS^rhtOx&VwXVp*eBNzGAKlUqVvb`oz4)vXF zvUE72bYYpzgS>{@W zUn;7u7l9{N&4%NS9X#Cy5#Z z^Ls1dG?o+8{-fypG3@?Pbh6u5{wTmV{zuVv$oCC(e^kg*?D4iohu8R)I|s*-M}X0C ze7hcy9~g~Md#7#7_$MlxCp01u0B!YkMMnndf8r?wkP3mPM2C1lwEG0psJm2RmsItP z3k|HC5xsA0-?C?0E6stN4`2#!46KYqJ-}NkXDpS@!*;c=s-PZI%t2l(yct$MqAUulL9I*1M|pS zQ~|Dc1HA;XsdlEY#&Fd*`6a~>k~18mflf6;gh1w`nt934m5aeu_kLq_8D)OvHHHYd z*;zipFYcKHg)lkb|AKeC5(?{iUyNMv6sX4Nl}81@=sp4^-MwCullt=YXb1L)Ac8I? z=8U1fbPg)HS1*XQ;#%$ane5l8WS#uN*<$GB@}XR5*0^ha!K~3~whNaCwEWvJI)}E& zf8T|>1KMZ{X?4&^D4r`O36`_2WL-IfWGdNx8JVJ|H%pf=m$%Ja;c)LlPz(2p>k?e8 zPNU!`SnlKEEf}_pEmv&!RaU8{MO&?A^t5#LG-zIJkzY`|(=Ha-c92r#tSGNupYiwh z-_43)urOf)P3poDP=lGTH}zU3Pr+mBL;~MX3}L`%;XzxPkZvSj5iysA5t;856Yp^m+_ zWD*q$ezU!ro&G2~0hjGY9)M4Z+HruMJ%z7yK1wGO`VmC^+6-Aoex!3ac`mVBCQ6~m zr5&9+YIC)U+#U3|nlar*_ZG+-C7g`JdGTz?dR$#TBlSCCYZ(cMP5yGctwTVwJ$sXv z8ngw%m2Qo$$pW&BRJHFdIzd$G$6|Y@1=rl&Qndg{WEE_IFyc54*<8c+cpIif!VrAN z+1w7OL!WOV0zW%pL*3UTp32#_aTU4b{DzG`K=FvN>oh^_n?W13v#9Lcl>=Y5 zyO2@4q@Mzek~*sQ=HX5EN3uYl(D>P2NP?pB=?<=asJed;B{O`M&UJ5=>8n;jAjXs6~&6`gCiSE`3d7ec06mlN*=?nzR@(!?6cg3Si|40lW|*DXf_wx znjzX~&`0eb>%;x4qgCifp1-Dj;HIXvq@p4#@gJ2Ce=k9coBN&m(X}VzRu8lHAZE>2 zFDvUO!NU%v>y2$F=GwVbTq5zjEMR+H&jF2xCqJRsY=At6T$c<{ed&MwLCX8S<}mf1 zWT!0Vc?zcqouWBTV7F?iYunU0Wbs6&**V2YyKZGRg&{>=6N;eqmgnDk>mNS8_>WwO znsELFp5G@BWO@8Y|LN|tekuOr`P0GI_>V90Q4G162#`*l4pFv26z}7Nn$v+pbTepO z(>NTOJ@%G8qcCjg^s0@I$FvIRSepeLenP*bOd3g>Wr_2I!|8Wjd!1dR&mL{SkY}(tg7p5e3T5uH7({&r?Wn5KZq^(bvFEF zvmtjjHfGwQ7YACYsIhfZ%40+L=T-spIyBdrJ{pckm8(P5t4}vT*7^Edub2O7AD{jQ zaVwpOihFB*`m;j+>+e3_FX?~J2G5^<)&IW4XOsG0F$xN}=m_!**rn042(3JeUpfE# zRTymY(f=x((74v_0Z*Q+W|M#Btzs~mV+Uu%g z_8?gnyXxq?tJGuI6miRYLVR=4J0~1s?Og>K0+0#;=y$|t+v#~1ZEs3_FZ6DCCKzYM z5Q$FF8Q4>eLv*GS;3ereqGEQ&Rtu+{=@t`0f}krm@TtCF?tPp7;BG z^FZGoptD%#1#MLsiE_n(r=l%pt9_V%ELI!5eCerXi`io^9GG{~c$vq!S)_iB&an(;c0&56sne6Clk>Nh(GU6Yt^cmyn@;CAxu+7aV*MZN z?G4KQ-~ImX*Y*EPd>(ZD&$d`rY5?nQwfw7U0mzdhD8XEI*koAB&0j4TuzA8_63e0I z*1Uf*&syeM&hA1OqEDSxWhZpaly3g3HANDTy=FYKlanEzTI-}-Mu0yd=stXTi|_xH>3U;F!edtcZ8 zFY)>9;=le4R%lN!*Y6~T>z_DuOP{&$L@?QO^cnf#>=60IU$A&Lf;s22MdpcIR4TYh z`A^Qb4Izq8y(krn)N3sdg6RmZ=Dfi1ln5Wr?t49wlKl^^9Qh+p=jK0R=G>ZK0KudSCBhZZY_F#W`Yv4Dfv_a|))b@7g z!6;rMdB8Uc_^j!8T`E}|sLRF4@7s$0H;yA-V*i;m@Ao$YSH=JC?^fb}2mR+??Y}Sa zc_9C|%Dsyq^?E?RjR-+~3@56Xp51ZeW4T)39<_h^D$6c~(68l#1tgB1v z{d2oRm&pG)i>YM%!R7znvqAa%_w&L2;H&)q5}ysrf7jSAM;n!&8#X&NY~}D1 zLK;uI0po;$jOmq^4g+L^o<^H^vccN1qGS0Th!s=yn`mPSa82XUx=Qf|);`;-Mj;rU z@U&7Fa2Qf0=W$ewdD+A{kX22sZPomf@5|QE!{h7Mrt& zPji&8@D#^*O6DY%o^4aldtK4oWLH#D%J=yplqMmTWF$G3WV*QDR&){8D*m!dkr_s3 z{;SU>EY#J*`J$rCIDXlLh3<6OTF32Ctm|wix)ZwY;7+OG(!q?9PFE`I?OW|350Cb? zR^v65nj%qpV8u+;+*)$;a@Vh{Hg*E9^7?v-HDf{^L=+2Bune+?_nSv9^fh%?AY*06 zWLP@;)?{hVrFwJg@JvKTHxyH-(!6YBTu7EF_JQgNs&cuyX-v)J(X;HCZezbxjtzrm&=( zE>hQ%Rd%WZII8$}+^6?r=K}mY%-<5al0}4P8~D zkBeJyg$k8}i>um8IAxs5MRwL$_zkiWOL)A;3Dk9EDMds6%@i-hXwu@A^qsuUx`Zw#W^O(z(KNP9fs6s)V|? z_?mayu7lUbvZ92332fX|#|95-K%FFq2I*FK99u5T!eM%%~a|-6SjS zKUG~~&XD41%!H)DDGR;bMQ}wej>G%Suu?+?X6-t^TgAG3^;C{n;m~*o^~N;riCO7s zC-_);^2u}9+!dG0*`QE|{DQWSWFyIGJVjeeMyVuVyF85##9Ki)+TKQOrQ5fwtpqc6 z8>1^4qE31>gumaTPbf$w>V&9`+Nd+xy(%mh4)S0uoMSojqhFAwnN9p9;epor{$m z*_hiZkROcknle?*izPB5fXm=tv*~Fa4}TR+Uqw>`p6ThQ5u2_nsMZ7b? zV}o*i^YKo`Vy!Uq>L9DoEYonikM*sPro|gfa{+9u^@BSB(GZL3rnk6I_B0|Y^AO^e0 z5h5R{M1#WP39T+b9yPQoa~#t8BumaaHL?YvAn`(LJfzD2=FK-`@ePdIpYaVwKavF+ zDTo4X{rShyHd2iJ<%h7mT9Nq1uV9`2?fvnC33rgbyTwhSuS|T&88C6)qA+BL%qBaRp!EwVnmgB znBCB)K4C1Z5oR)Id`G#Ef1z^rgRWB7YT()U%*Ls3^O7y^*%R}G?&2DGaz~1r3C*r4_yUe`u@wWV_S#;5i&Xn7B1r8@9?>Z%4-$D`$iubt(vN&a-E4Pv2j@`SJLyes)x5 zTsnt{e$l*@ql3$X!{f8d2EDMYDAEKZmV~bce|&ay{^sQD^8M)SG^gb9iuh^5)Fn(p@}9OT7g5X|B%iWmdPCpmxk+()J2LIFznby2}1g?L2i9 zH#Od8Z;p=NADh-+#E7cjx%y4+JM8`j6V>>-6BS?|(QxIDbDn z`9G`m(K66G2`Cp>Om0_U2-uw+|D`d4F3fu)2)Rt(B(id+mPPN+?@r$z|Ml|X;QgEP z%hmct5$3(n%NKZMgS{qmQub$`&O5>Y%m{-KfeLPPExa)a5fB)>`{_>Fwd^QVW0mVKItNrB7O=c=!%Aa9b>M%DUI2HgU|B z#e+T$Om9d`ggEDHT;lY|eRV%~sjsbjcytSx`8!)gzCcs*F;665Ki-`jR2#@<-<9`D zkaxcXnFGWS=0oENL!Z!;lLWQTu%tHxU2+@?*d)M#dZ4$niWU|et;W$2iSWXAP_al8 zPw6siCADWBi=Yz!iAVjBI+@yPD8+(hFd_{CBE;p46ER~^xCBtSXc^Q5( z_2Y;&UtbU$(wa%c3-2~Di%PBCV;U84^UtFa{=cJ%r2U+BDs_%g`~SW@`}^O;e|__- z_N;zhZvvI5ajzLvf_2v^R04C4IaGpluSrybwW(P&()+2NIV7Ano0vg`mhLfsT)b-b z%v{X>h38Iz68D-p1xRWNOzwxuF4nD2?-WKM1ElGT9maP^RCEC z2`3}Tk}`w&cyS3gdgDgy3m-Fj(QkCDQp3#HHY8xB!C9M{R_YFp72$A9YXNvqY*iG{ zCbYkos46vapI8I$L+55JheGB|jO3Mb+peMC#Mxq#r?;Q?`+d(r!6p%2_M=`lYuDRM zdGsu}+DhK`R@PeK{gqKUIH)mAWh6=z9ee?b%BUhOSJBg3Wd$|so2jSehxy05(o(zC za#{{vzWf5T^f(Mx(b8LG1ug5Fsi$Rro88*9)b75FmM{BzyI+8o9!KUXT6(Ljpk;kC zE7aL0k;&!2OIZp13Vx2p+h@W<@-VH}j-C6{TPG23XrHPp8jCS?R=@cq2 z+3U?5AnIM6)bE^`z3~l%0`U9nBK+#l6T2jpSMeeWv?>#4wovn5G*{PeA8fsb zT~Qr*v{c)$16W%BXHq7v+VP_Q;z10IWz9FzKP-S;r|{QZ+WM->H4;S``%JQcMMHFX z=nn*4M~ki@MoF9A-{0T=f|?+i=NFnhcVW zTCHW-N#wh72(8#nQ0)D^2b9(d{Ia92oz))8oSK{S`q#j`s~58d+;V^BQZHl;#O40T z6+Y4$n9IGTcQj>8Tb+tp)j!Rwq=SqiY(H$ z4pSM4JRG;84I{e}D``GNyZg`lXjDyDxcdHx@)ADuALKQiQ#nNY{r)LkgNIg{Tr173 zRpTg=Xhmz^tjG3C4DF>x_Bx1`+qe^oRYQBFk==mXs%V;a*2K|~RU4Ba1(<6~kzYNz zt3A6<-glOh%qOlXt|bwrlLA)!>@VdGu=mIMlq! z(Z95}!r2QYy?IUarCsN~{+klzOMH+Itp+#yZ2J1o;yo8j9GuvH^G)RzuJRo`H6WH@ zP`t7warb92C{{|s7qlc*i{p4o{O#tIic1FEQrN9`iInDgZlV;l`d?Ba%1WD%j9b5s z4<+FV+4qgQfzu5lEb===97t^+c+{RoY>cD)rT*=e7fZjh=jz`HPd_Y2 zXT0KL?J{%c$MvAr7vl25nrMFb?*EjLFiONmuK!$h|Nqnd!L#!HpMz)nU+@3?5}#i; zd;h=pNGc~-lFKMRWT%ZJRppyp4@JXQ?q!LP_;3UFBtk0zR?w#;K0I)b=?A!to<7^p zidne6>npt%j6y9=B7z0n_^7Y>udVI7`u7`i*6N7OF^yH-Owt!#3;vK{`Vz5kI*@mlJHm{$&em? zosoB((kP_y6eT#g##17?tw-o`Mg<@`C0 z!`34dld1O4ZY7*d=tmNwTPkPhKeoF%;~tBlra}oNgrkVYq}%Eqjow2#;npK`2ooE< zI~<{qa?$EesqDeO8vRyx{14uPf9-?Ww5R^DKgCVl%K?pXaGfSPL2>IzSKKD8C*3i= zZawMBdD43F|5}gGJIpCd1v)u87Oif=*#{EHR+okZ_jEbVKC~VoI-jBmi$cO%bUy9< z{slrl|1XXYj!uue^Kj#BES>*@{lV_upfvw?_nz;4o&R6r^WXo`>2wfIl8)B#4iX&9 z2s*TEfjXT(wOWtRw|Yy}3IjA@yi&H+s???e;TY~uK-$xSLMkMu<5ZFmoWEl%AQ`y1 zryhxgkYtWRB0!T>QfY?cFd`_zd`b|W>pf65f$9hcoC%>IEZ}-;!o?0sIJ==Byk>Md zL-+>M2#;w*_m?1&qX+#i287gRIBfQ&c{q*KWDeB}_JuY|Y=dGEP$*`AiE_X2$ z=`ud;ZMRyN9EW6%`L!4tamgl9+0{|6nGQhRUOtBi+Fbx!r{~KNM1^P+5E6^p5 z|B<4DB#CICyKsmlj@VQWml*bJ(@GidK_a$VT9z7m@KAtbG$v}K z%n}am<0L7yuAX#5a?{%eq2XYyn9`Z~Y=RUn=upF_vBg$sVxM!u$uB7tR1(o@bx_`4 zH0bU={jXL>19;kf(e0~W=kK&6PzEmHR&TL$C{;FFw162IPdFBmr-4j4F+&S{ZOH^k zwOW@fV|evc4>t5(&pkZ>!05ipXT;TTjd^o%{Qb%3^5Sohrm=T%eEw#1a{0#oE=`#~ zp))4Q5dDp%C?;B5igYX_l{Qsz65)W%KqnFCssQ~8hTy8y#+B|6Mx0Ct2T!wPXu(ph z$*VhUr#FD$Bw>O|#ur`moe~}&@jQvhjwN+~wd^r0w4H#Osw$cKDHfRgfrG zT{R1dAT~T#7=8n_5|TMX-zuVoX*?Z{vNOf>z(zS1A{MmB{^=ZZJSU1#f8KhOWIwi% zARrk)@Y`(J_AQb#EbSz+P}Q24a?O#z9=aJd&QG3P(&WjLA$m=PM2d3^+Xyq6uYj#o zQ&+&iZ(~}=!l`}L3rR!_pSb*LVSD)2)W{2KMpT5b;me%N*$olM&JvfZY@V=~s0ADg z!2${?;<5>(Sxdpt%?Ni|87YuaQ2l&_zK1;zhp?^ICj{oa_wxxI5uFiR4NQ~ICj<@v z^r`g;b?QE7$-Ct>0PdCExzW+;7l!$-bnB*rM=%d`%zHlhy!c+V+gGRx_dJav?b{Pq z6}TBh?GMp@J%nNT!kpuUg8S3YCAene3a-k(LIr$B&MOf7d2|5M;Q?D>yNEB0r!mSJ zj_3Nr+4N(F-FdQv0oEV?b@{}7qDDXskkV5*4arpjZ*zsDWQvHA;z(K5rX=$E^P5sc z4^)vNR~ASa85a>%W-~}EK}0DV#+zMysg@+Qh$;I)y3*)ImquG!g6h=`C)!e=MA%Rp zLFD!th`6rk;?NlPv}6c}u=XhtsaGfxA~ya&0x8gzNXH$cWhv!Wp`c_i4GAZq50g*m z>etV8h&X=dD_h+4MX$hStxp{y?#{-QTimnahI+$mJ)ZC&Vv`ucHp-Po1Y*gKpo=9Q zIRGKYCJ2gTy_d{t5EU)2F(M!~OBC@3-z&L%3|~=R0L_)&vZV$m;cQHVzK&uHwzQ7- z!sZSxy8_z+X2yji-d2b}=KHIqh!_Y8kwXJavV7($By#&CSB^5Bz9B{0A|fPd8^ZVy z!F(#N?9fcb#<8%7(0D>)Di`gaoi!-a3!ADH=t0+_mHj9$RfV_9^p=NRyH|lr zpWoxIO5}FjaSp6hj5bQ~vLRKbc!sz&jILH8ZVNs<;x!iKm5X>tr$orBYW*_ex}cqd zw|IfX4Daqg8)Dq;cDv}@n8Xas3~+s!DYc`PS3%^C7FXHqR&XSqRuC^OwS~7i;`vd} z62&#T>NQIAQP3~)`Gl@cCTC2Zb0SDwrf3QAOg(q&mnjZiFx#3Bi+E|_szDsCO{o^l zRx-mUaJdRBWe@zRE_4;dox3G`i02f?;he?@?x1-1kJ4H4$+!&hiBf27^75;^zEN~% zM5C-s0Putpgi-u(i&ArnCuN*X{Vb2XvJ?x$(?u6J4%s|fplOy;_ zw7tQuG(g;Y5b3Ix;tlo#0RwmFHziHK2(Re z)K?QJ{v|k=X&?3jBEGx-tPb@8;`x0>1#|u=zvk$R@JNn$7}V0dfH=p&wTH(qaB%%a zQML_VDTHcJFCbpL-6`|r9Gl0;-1_w85FgQb5|IKrUc|F|kMe`ESBh1R&o7P-4=#_7 zhOh-BBas)?9*szt`;1^agy67?j-7kLb#UeSh{r6hQB{hF>$Y92wK&u$IhcHrPXi?@ zW0jAR;}IdDC```p7}vTA+=v+U1Y{9#Rv=E}>ALi6g!n2$qH^CzQ5+gWLa9h7Boi8w z5KYoJ(EiH@`!t|<;gXkfIi;&eSc!pEL5RcU`0pr}DUQ%74rVka*5#ONsy_{u{L=kC zW$jQQ?nQNuKhk+RM>B#GI3kX=3Kt7)chMn^0;Nom5aCp^IhHhlO$a(cS22z1m&T@u zJNN!HMm#3BF4FE@L-)hEDdL%D)nDIwTNRV=G>+}AZRY1hTS~P9f3)6;b~Y!v+71C1 z_Jr~I3T%srubP~hC)Qsdyt7{z>t=|%*KK%~{9~APB)*}X#o#u+!JH~d1K#E_0bQEK zMHSt2>+YX55kEYwI6c7)4LcRa=*%q(gP?jyZ1+^RzK~R@UT|`?6metAJtWo*5C@MK$K@c>U{|e7L;;kGp@RkN++X`1^f4ur-fx0>N|@b8TslbAu>1Mh&2QGKt4n z12oel#FC68$C6AJUAai=bVdhMu@Xqd9ADvZ*j>=PU=Yjm7TU0Z7_eF?Qkt`62SK2I zfl*nf<03fDj!X??s%TRaf-G6MK7tvVWt9ogoG~E}B8mm6UrH*V4#Lpg)Kf4J)3>0R2&iZ@Ic0FgdW3~I z^Equipqx!j7K+En0=d7!?~$*Tn$_5YRiF++9e;}>Af}sL;QnZqViPhntFanuqNxun z-WS7FXdX=TUN!6`H4vVk(77U^sf7}#)ESFm$*S)G592rgdma77@ONYzI)6d8N&x=^b>*5*D%P zVw7-#!$TGe$uW(q?wTT+x)Rd0kW=lRXfIJcMkGjKS=Z-_^PsR=P{$_US9xu>kdOhj z4uTn)lBc91H$7-h#P^(~$>9vgQ{oN1P?{0!XX&$DQ&k)VQ2w4O(kFCv5Z&U1xLS#( zScpI_S>!dE*M!F;Qes9KsKPlYqw6DZQBQENmPxqApo=s~BG4Xj1auWX7neg#Z7~B) zA5bl>8T1v@Eb!%HQRPbmW^FVF{r;fBo0)f}`9$(fp**tieiNx~3e}=1$ZHy>AKxSu znX0KdI)?X|qnO5 z;0W8jr!~;515=Nt*8r|X(~URphMXl=ccNw?Y+ZXV6|jW(O?e1?J$U`Polo}_gHCYx zCXN;tjLGjZ;d8b2pnJhA8}#+42~2gyVg=tPH`n1!17;~#W@xTA(-X^26`7>b%qse1 zW?s1gYWJe1AVI+9$vJ0gy>Shs256efDABdoLh~YxC7qKay=QP`9fu}aUpJz2x=ep_ zK$$buCTYH|Sn|s`k>qPq)2kNeXxc=AD-pG5LU9s02;U#mIyAl4Xs@!<%|>jYZgW&t zpy{1LD{r>;#c!VIVklJQkTA*e6)o?J`6qPstiO_)g{1$rQ7Pygift6X9L=Yz(JWpj zQ0pze)WseE&t_BYKtM680Qcc!ntjKiaE*3b0&VqQ1Xm)-ACJB2(meM6K5wRkm}O{Thkrf&w% zx|zP>G7=x6bu)bvh}O;Y75AI?(e%&s4Wa3s>ApM3S12FZOn2+v4J#j-UVU@bh2dU1 zy?&t_0r`_AiC58q7R44!pUXz3;Bbppvh(>H-=op@h* z>w6uV{+YfZG`%z34dYH`fV^*ErHP4AwiBz#U|@a28aaX`*jOL(;kS&_K|x3>WwPSu1$ zlIbivuFD&89DzU1wnorYHKr3{G(pq7{ig9|pmrfc0INtyKqm{cO#n%_*#zM{e8F6? zrH@FhjC8EqBB)$a)+9P%eKgGlXe)88LsMxRhnW|pc}R+jiGty}V$8q?g*~_?kn7R3 zm!_?^QC&pSz}N()wfjQh*kt!_jHuN&dnR`U!Vvs%L|uhvQFPr zXwGSTptC?mO_2SBPH9YI2z8IM*h3%}EJX8ED1mR%Y+wr+;fW+%XB51lfgk_6H675z zAK%8fF`}Q)DgNk1&}Qe0*Tb!drdJ?27q~Xx_BTex4{t`7$lm_Cna@h6w!XHN#?p6+ zumtKvl|rh9%?S4c1Rcf@0dSw4womBldB5MU-y+axF595aL0!HcJqVH(%_X~R*(JCQ z(ERi1Ump<7!ONGc&M~nptas zK1=L|8@bj~?zFUU^CG9+y9ai0)F;=(&e?&!HGFtm z4)`Aco|f}leQQ+LKamU(#W;w~xMJ6DJ!O0hevKkMI^ZQA(BS?Ts;W7V1s8>aApf|^cfx5 z++gX{bsV`@t}aJ38lf?sqP`ALqMXDtZj6&*M0%f>K3-z6+OT6w1h%YN zUENY(*pDn~mb}W>08XlXGn#bUkB~p36Y$qkqDX{5LMm(>JNjcJMr@MAklh}1=ef~} z<-m{za3B=-h1okLqZ&PD=|gD=)YO47cZ|aYB*P*g7(I^J_^kQkzn}Tn4CNZx3v>3{;fMs4SX3 z{`~r;qzl-elqNQRN(b;2ddY^jII%^i)TDuZZrd2EOi-}=uOS2jHBJfCk5?=vv!}GL z)s$Dakfpip2RDnaj+QAIQdnJCiUF-E;+znMFV5%%!mk$O3b@ zsiGhabwHR1pq}^H?76fQ2AMmTo2wHtGrix;xwO;@nK74}E*~`8+6&I5`6BS_Tfa9qovX}6%t=*olL;#3 z%%wd$?}Brw=Ck;$6HOmJ&)1VwFMT6v!=u7T(b4N;=16zGE?Mj-S%pKHqn_bhbXx2QL zW-Sffm8Ld3A9?d+7D>f&C#u>^-Dd7&+7q_iiLQ3F$;{89aFb~hW=&?RUAUtjSdGVlO+H#+%wVnSx=~WOk}owwIht<9+U%Ow=%IGTV#X@0u~0##`Svna*L> zWM&i+Yo5#^7cp0L^D@^$7U6zZku!^A5dWMTML9GXi=B8W@MgYTU4m|OMb>PBv|h1P z>6y(I!Dna~jE)L3;7vw2mWZ+%+e-6 zWiojXN;xd+wSBBqN*zn+OofWPX3Xk-3PueSO&hAxE;1QN@p^$PIWf_pd5o~Magm1b zicmKZah%PJkX&{$OKZ)Q$!Lg-SSf_2l{5NMsGbf)HbQf?G$f6e&Mmnd>qD{rH#wfHc)bmI@OwsCT1scc=q>rG~9)?Aqk zFHghvYoOQBwR!?smOxH=fyY@w1nQFk<7PIiUj|l%@ef=d(9skqIkLMg=i7+q1)=__IytzW+Bq4F5SY7mY6$Vhbo;;GWo?u}&w3!X^!cakc3RW=_# zBm1~g#8i-E5C}RI8INm~CqFmTnN%FF zH1cUNa^4XXDGb$(6sl8A!Q>Cts2 zzd9@qr!!_m6}qd!;;ALTeRknqPC{dxS?kx7h&A}fJ3BjzSSnaTJhvShPXkUg7Cv}t?eutY|5rhHI1z;J;do5b4fDh@*FF0W^BIfi zZns-Hz3;Xje=BG_???2SNwSOn$tJ+5z^gFn3rXcf>Z9i@!4Vm;Bv#Z@jSWz2zk0-e zX0=6FQn(`}8Je;QM?b4+M>O|LeF#3XeQGQgwa3uU%k|NF34YzU)#;g(idErCGh zkJ06bCb|8bm-<$NUx8YJff+xX;&F1n{;OF3AJL;nr!;%?NFzn9pBlhTmiyj8`fR=g zozCJ(U8k##GIMe>tT=Zu3$Gu^uI(&#uN8lD06HbIC38y-7%!q)>_NJ~~Sp%n9Itpd)Njy|g=~~gTrMH+4fZ(KN z^r7b&deH$jcGqB(l1oE{(1XID(v+MupLAfFT@WrD*{oKvXt#lsMF4U-&F=tgAjVO| zDZq^`CW*2q^14!>?T32#%zc8>mnTYAQ(<7rtp}wD^ohJABsJy{(1S6N)IaT8Wy6UL zgy8@$!63)`Bw?4ko)^H5Doj0-@xxI(HlQRZNV-;|QG-@?)oSMBpdGGMYr`)@d9F~) zBQYoFOv%L!bQVXtbSuZv`B`XSY%>8X@YM~;2H^A|UFdm-De5yh0u~}R5Cw9EgT9nR zL9G}1y$ zR18Vjwp?x?<2-@EBdngmF%uahZFE7YQQb9 zkaxu;Wu=`ufSc($R9&OyMF>YGLM^H4SW$}lUlexDY*7%Xsp`Ma$u#dHgQOpprR1My zd;X^nevBpl;O~C=;A{MR@ORM%|G|2MRo4b*pHUwR@?-~fKKNh0_{|<4UiY{MUSdyP;8rNNYxX&hK2rQKEojq3a&lQZ~ zJZ}+F24<~d6cNcJ{G-4_S67t}G8PAlQ+C(vXn`_yaVlwGpL9ac+t+si3b&7TFSwR} z#);5IK{1R|#olzbq5pFG-+(<2c2_=Sr<{PScstp6>`r+pmjZlir%H+FShvzCLoq{w zIcAhvx{Sp(`5s)tkV-SQFH%WsFBLyi@6~K7FCC8;keZtr%SZrgir=Ip(AuP$VQr^C ziVTDA#v~PxdBRxv`LLnqwIr?4ddRXu2R-(es-@uIeL4b7E3Z@D}=bo zH$3lf00d4_NbammZO$2oG=yocqXDa|TqyylWqX$Xj>N@D?cnG$V^(&Qz? z{c)z~T1NqD;R}icxOtQ=;IPq3C2CO<(ivO?X|D1Q)^2N2Yd0X;I9fD;YdcqmzCsf> ze@;mtp`Y0$xgdO_tVriBK)XGZP2tK0DkP` zj02kDQbNhF$WBikM_~=8Gt!DQyQkLH&@&vJPcq{N*9NY4>~1pc^HrS2xNZ?k(fdA* zV562kRS()Yt;>*94+UBm@)q|2%)o#cC_)Vi#m3pddLyFK@}Bj)Svmn&nheDRCz|tU zab`IaCkdFGlG)ik6wYA+IGx|a(lqj;8S?|D0ZzIjb{R-kVl=^sB;x=E2&fPfBFxNw z&4wJuFsDQLu)+><8CyB5D`~%q(N1hHTpz}&4LZ`nr9@zzr3S>;31+(+}?dS-sRKk#Zf@ce90GF=EI z=uv^vM}-}yj{;aTNg1~_^`Rf@c7nDszQb>Hs&_i>w_$&1Du%n*6>Hk3@37>6f zvlHZ)F!l8cWma3gWe^-wV*?2~rU}-9658t3Q;;8%F}tu!hR#Z09APfuYTnrfO4(&G zVr=Z&+O(~Zue=CL-G*7-Z$aiiXfn^G@I#TGDPCfM`jc^{x7^uIxOujr#F+LI!k#E3 zSI+1{401hWeAxZH+fUfAt0jF<#O>~cn*kNU&xDh3B*#fdO;OO8s42cYJqgkNn59F5 zv|{JL{wlVi!l1A&BM>d`Pe+^%WC4~Ij4n)nP>#EO&MpP%9_*i-?7x0~ydU&>z24)_ zMtMP zAch<$cu<`8S^;Y#QV3T{7>PslTJc#qA_);<17V~!y`l(H#;GKx%s7K< zy+Av8cz{(IHY%ZAY%rjaQerErStEhREb1!NPslEV>m|w>)bI(Q>@|_%OpKT`&dR}r z15Gb>~>O^RN#3j!q{d)pgmYjbOJL(A%mt(@M~_8izEBmpN|5IV*5tLvan7_N5fNSe zMR(115$FdU11#^}A09M|&mnm+^mXJ7!< z)@r9b%P$3eOiVyP2MotwHHlG(QE|ijwB%0_$uyktKedu`yEEVKW5MEjteuks- zOUz@TjK2&^+Sk*j+L<$)V2)Es;Jmr82NjV4vpCzxO<5gvm0N(CCprfn3RdeX9TvO} zORPm9SY1{Xwf(q0a2x28A}cxUDE7#5!*#_Vn&0kHfY~-7IvA1Y+&CR>M3PlKB?W_h z9PVh#iJ-HwuCVMBW;Q;!ky0*|R^o2yatUWs*2Q>IO;}AykIvoJY85f+bArL=WCQd> z69B1V`{1*HC^Vp?K8dh7o5jYf1E~$Q93$flP~%P!WXQe}l41e@1Sf`XoBg_aw3KZmFjeCDPe)00f{>cll@_#Hl zRm$&B7>32c{V78`jwx=po>f04f{5HWK4>Tyf3_X=df`qGlRm|1@Sg$i{qV!t21HN9 zYVSP5VpOc`R>N4prKm(16M`Cb#^zKphmiUCy=JraM4j5`zCRNk8#yx3GBDm6dRC@b zp)GfbxtwGN|9E-kZWFKi%QGaN^3tm#q`K1RNM=4&My2-rSDhiMe5S$7qn zO43gHg2ogp+6+C<3>Ry)-8~jFZ#K|dBR{voO|-5W_~w=0`Kt&1KRkuKuMa}0jzvP` zV?;8kbCZsGO>xfMZuj!?(q);6ZX&ub z4-a0vK6w#rg_}Qm-mfVX>~imne3;foXW<`^BkdHwwG z^zhB=6ZGaMwEy~_=$FIS&o>aEz*fn}42m_W1sj7}UmWz=!Se!X`kq0A5}Xbvcu3HY zT@Vf-sqWzxPGb+QdYMz{+H}Id-2ZO!=ad)FN}JZnx}YsXWdHTY*xcOQe6q6x|GT-l zS^eMM=GOLKdOMGw^mewlcec0xve|q5bo0qy(B>*8IPW)64D~OY*B+}nxo_m>l&?{S zsWLr>j8AvbVLISgNIr>_`RyTO8QQL4#EPMLIHQIQ@1lz>4`*5a=T_L;342~#Tw&iu z`{<>yV;oO_;u%nE07RWWI!oA)M)?hae#yP93_vIJ$0&IEd=R*3e`*Z=&>OKa*+o{j zbjeg0FF+%bWQ2P`t`K?w z8cb3Uu3liL;3;#+M1`o&m3F&}-o8?NeFJ2ohtPy41!S$}m8ZWo0GJ!9s?Ygf%4tS+ zkukfxi^_`KHA&w8Zt>T~|DCH{*B)aI|KHqt@}$E5pY$H@-1Gn2_^qKrpD(eYHFR?H z{J#UEh6RUkvOb`M@1p&q{ez!Dp#{sJ?A%dL4ohMBiXR^wb`PE-$yj0niM7{VsrqYc z=>Ldwn%QGy$VuX@t$FU>md|M)(LIY=*{^N?=WdPe??qH*D6^|@gW3DPxApk(W_kZ_ zZ9aYS^nU-}#_!Xo?jx^-1uVh<9(BKb@jTTFx}f7-h#*pCwo)m60DChe^8`4(i*1rIqlj$z{^a;WJr!QZ;A~6Ot$?23Zr9!^Z~%PHYwgYe*6TFV)$ca4S1*Gz48ANhK>+{g;*#nW@514RBr zAq4K2G0n{3?P6RbbUGx7Amv^)y)4tK{-V^Y!S@W@OO~;O4X3}5B~b5tR4jn|46wW~ zdP|>bc#-=Mea<7I{PHc95fe)BBmTT;0;6|sY;-G^G!~zG#^MUwk8E^FPIB7ku9JZJ zD1568nT*9IFQ^ZR&Yhy`MWgDQCd8WWkBaF4Q>b)OeXRh6b9o; zU2xZN0s1a%*7YjU>BIVP?2^ekGBj7Buriv9bq>wHP^W`Fqm-sffkM5_GMhFGEoBm| zLs4~Si96M%DC0Dh1LWf@3(K1^|7aI|2SDZIP#eyX?^QYT;G9f1&;uQIxVzUt3{{98 zXaNVp&V1J>j%outI}1L(4##s_bn3cGX@<>o2j6^+RP^9~0~yu%#kWUBN-XMsI})+C zoV*83d3A!Yq&NSs7lefl|L-CQm$y}dW>$4~;_e4``!39+uFs+x7}OP|+``PMGUN?2 zrbQ*%ozX*!;QA&AVy3+MiV0!?5wtStb34Yr9%%)(zhg_S&h&TW(mc!muKm1izXkmN z5zg`yfLA&JnB)I{{A6>d;{We$Z*JZD|8L`WXa0Yu%#3qI-ozrbvW5~ZDluTfO$x=3 z4sr!_n6N%hN_)Bb((S`-IHOhIGz0eG{B3o+@W6%hm*VTt_F@NU?b+oaW|Y;8u#ljD zbii50S;i?uoab>qHgQZ$1)o4zPk#~*i3}H8GhL!LEcz?0oFL;1!VlOu!<-=hZ@qA< z7i{`<{iK}^!cN{Hs0_&0Lv}BEeIjwsFQc`sZQZGPRa~V+UNU}eCcYS!%r{3%BJ1h3 zaYa7DB|w&n#qebSrRgv{{{ghIRiZB9Ed7J^7etzEeVeq^S32TisIpC0hn^UdF-yh5 zd#`A}Fp7FRw@y+x%fxEYlxGfE6i>wm|5k`{FZV5mDff%pM3tHPT_B03Lr#QP5J9$e z3v#TCHqB)1EwFhpJIx7)Y_gK4a5r6z_|DY(av*51ceH<;p zZ?3Nv=>aEl#JIV{wG;|xeZD$W9vnYk6oC96(M)uHicMcOQtI6+4&M*9=VM1&K<7sTo)!%Hac+smTU z_@X-{39B%-Rl}8moTkI>#TGP~gWTE&ZD^hQ@#>c2E#bO^$CVc2;(jrfSqy+jTTc;uS$#yfw7pBYx#I}eD$c5hiB=P z&e}e|&9%;09N6qb1?}DK!Y>HZLLS_Odb$dCH#Hh!lR2tLgtZ-Re;<1LP~Hc!_mb$m zrS&D&*H!a;KQWr5k|ueB?QlEX)cFX?K7Q5BTbsR2XQIoi>EaaOIEJHJoFMrr78N` zcDQY_g_$yIK9mC);0O}4>f}PcPOlPrj~<;uwiA=tLT8=T$wehj*zlo1I(bXlv>J~d zE$F{81tlCb4>jb7c z6sRcMWiG!!5-`Z=tk^}L=ysv!{VMQ~?826MaDfvVgG_y)2H4z0yL+_|j-rt;H)}#Q za6&@pG7oKmcRJ!R!*Uc#mgi>P-1L#Jt0Cq8cny~!`~f9N44>$x!RDr42)r7Ey_UuC6-jDb8`A-ED~!|@ zpo9Eh#dt>;QdXKq?K}< z0w@090l;W*y1R$`52?+ZeS%&bAHO-)X~232&(TO6_XD%`2|qTImp+=v^Ogwt}w;#Dj%7U%~G>EL4HO9 zOcRH6zcv-=fAwzx{SOMu+@SvV^l5|sw{?I2|5kptuKziH7M(BM6fR2fm^7&$hWg-t ziWqeG^O!N|Tx>D=j~o%*8u>bU&#wjqf`ZW|o6F0IZUJ(?tm{z_OE zP-n(w%!=lfEt#wRt-G?f(f)3$)3#?9*|H_592MGmuC@?>r*K-`87`fevQ};pgjtV#>XjaDs z$OTR&x+JjirYMug>UcA@dW}De#Yo2w#DBm>y)YgJML0YHj z5K8fyf~w?#s^{H|6Pxm#rUQol0}XJJ^l@}9Ovz3zQIP<5mi}~MkD8V6Qf4|wy3 zCr_fsWU$#EL_1sk?ZMOS$I;X6-saQ()6LDU0Wci0wU;}+;N{K^%BNI5e>?l1bvS-_Jh{UqL;f;!m2oe;&bnXB!wO)Rk!Wb9$R?KeXEai}-&`c=?qbKy&;*JCC2% z{6E{<_xC?<<#+q{KmQJXYe}F|n<7w>Ds>ec__V0OlbE6ml^V+XM~9YE3-{=+&T0+S zno)9jXUgZ9lQ8qv{AJ!9F~w%>JM&ldeCo(KjdJ?T528ZQylu^xk5qv2ZCcv7yI-qu z@~^vxsSFW30##w1agYQmqg8S&>+S$~N2Yb)+M^ zBv*>6iNjKSK&eQl(~KZE&n^d`&SwlZ_UFj-;%jAc9?8}}a|ms{A@u);rGw*Y(QyNu z2r@hDO(W-OF>PjQ2MHDexXrcjd06RfNxarSpBWE%1@zuHc5~!Lgv(%zQ#^zdX%o=k zl-vOBdHV7M2|7$k?5PjvfJRF3LTZXioSGWX1~KmE-Z2>zl_K2H6sLlkfD^TDU4!KA zTE3ux+s*vNReitGT`Ms_ge;5~r>7S4#qw!q;=& z*Z&=5zEWMai2)hnvn`8shmFY%^+)wwWV7>4)y8ln4o>4@|5t|Xl-`)ZoJc>Lt7Ui3 za>`onGA-e1;!8aip^=`sM(f*Zuf`G7@|krL72nmzh2W?(a=Ops!9de&_(XHYIOtCs zJ~B5V^SSHzb=&Ho%~$c@ckM=z1+p4O&b?S+11~KMkGiXKOgID$IG)bpyrPu1&JN#c z$Y|K9DeBGZ*qGI=w34c$(i+bA#I7Q09M7(wRLH@+l+N9(0L_!5GP(YRX8I2GYCWA*PG7^QtG+&;$%y$aue?zK`}&$Ug8w$nJ0{8h+PnF>wcPI)7n9ALLbMr6l)HrplL)9l@B5P z)f6T4oFvvEVr_d)@VS%8L~L05Uu+;EqtN@AU6KpJH*`mItkgUMmjdaMQ&ZQq!gQUB zE!@*Bbvz{*t2G%DiDN9WL7iEdcFVpA!>eGY2=+2s&uDahh0~2WNlQEEGx)gwiN{GJ zztkIe79;K0A+O8imuJ=;aNR4|SIViDnJvW_$97jmpxW7NBcsI&T6-sVjMxAXYH= zPWa`C=zm)c>@(sdOK?Px|Gkg=-~Fpk3g?I$Op;`Z{+!@Mt!u3G6qszNR2%3W+DkQt zf?VVmJ_Q>S_f)3v8fv!{lyugI5Kwq~-Jt6E>l4)$PC_ygbwclOkQY*iPVy_Q4(@4j zzyWxNOREZa1MO^_tA;g4qNNl2GN%>WrnSLBcz0ch4^k5YyfD2waOUXHy_98c4r}S@ z(g0Seu+*C#cNt=vt@6($LVZd_(rEfk(qg+SRa0XzJ%=!@38IEEN0CK4b1%nepzz0A zW64_TsWx6XsBQ*K?q+cYov~wPwpziq$q}|eD##!yg1K?%UI%&zXO(%0kZdO;JH(19S!LPNv&A{ z4mkvcLvn4yNzbC1SU$^A5+V=-`b3#Z%lLJ4h`k%X{>MZ}<9y7K-+@p1I6A+?JT3yT zXhP*Q1PH#T>45Dv1%T$YzcuraoRIDq)3jSI3chA%ug3+P)|SJ)!(ZT0*Ah1_;$*5M z`z1jme4!?BK{!sT7!`{1yGfsKI-03Wp*00&zE~*5Eah5P1A< zIY5=_3*8Fhx@&Pqoyze~>S|aP=B6{8M%AyisS9X<0XzL>RiVmt&dGEkrgQF8;JFIV z(dBT?30(d2?-|Q&FqU&NZB7UB+VMB3MwVZ|r}MY>c~K!Z&?TUD_jG~h(zb2bHRVcI zwS80mqEm|YuJ@=$e1)^j#_2ovLKG}}h^8_5IP0qiIneDFIp%IQ+r|97mM3sw9C0E! zB^N|d7MuqqoZxthB2eYyh4y5TE=8YeI-$L#WH;7iF7H9)n`|ZV+j4oTYW|#FLr$G7 zzk~dQq(eFKQEwC0kf}9<7_zbjU;6jV;9;}%YZQxu63IT)EBP=_myIq*gzH1S9LH23 zA(&`T&dQDIO@udZ~R50r|W~M_!n=#@zjoCOyobE<1 zCkoIr#u9?la#!z01TwZrrVL9YrsF@) z8|!-#lfLnt&&yAQf?9$i^~nI!>_AXlDOj`v=ySGJZYGn>IKDB z4pbmdNuz=n3JbJFPni+UgdZ+d0QbxJA$IwztCcB~j)iG+8&+t@{kx0AM%oHB#7Y|E}Sp!rItmamLH&?f+%k*69 zc#uQ3yN7%qn~Z)|A5Qr0h8|Enq~6G;;h z4vGAQOn>5RtVCw6peWk%QCN|y4K-6ct;4>xHA-6th8AjQw|Xe(K#g;lIl5k+=U8Ge zWD~~DCmHfDlx}3rpandddB0}8J7KK4bn>-01G)OLi3f6Dhr0G^aUU}$53BjsT7O3U zCp$5TP_68zzMuRj3JW0!Y`@c#Go~Q}-f1CxKKS2>4?c<+(FuMHQ_S@%{r*GhTO?T6 zs@cyBXe}$>GV_+!&XwNg^lA$XcBP^6&dZ5bDtQw~iu(zP%b9`fw%&91a@!^I2liIQ zk;5dasWF@B-dYQGIc!!;SQg)c;X4pD6*n#xt_BL^x4Tku&-$!_`ck}Y$PB47ZZ-qr z7^17n@YxPaBUdRW2MCR_U0M7S$@7`4C+w1Nw5}x8ev*wa>UBE$&)1VN;WR?M4qBgN zS-sU~lP2?bzirPzdl6AulLT!akRkbatm82DljJ3p;C}Q!e0b;J0`ggXR(iRR96esN zb2o34pJSqE;q0%^NQ@?fK|(4FZPq*$US3be&Cs+M{f^TjbhP!V_ynF%fY~p#s%8aq zH1OIXnv29a$E$v6$UjRR&bpp85kxp@7UVT3-_KRNU;{B_=v`6)H?Rbv(qtjl`kYl0 zi~+iU&q7PiWjz&UoVO;3)o{)6RCC;K)T`i5s->5^_9iT8MbFi4?ds>w!@SbG?>xL& zWvdc|?T)tIqGq|(QVhtgI#yMq2+PY{@2A|L#N7-BY1+?9SGmZ$tnq~MtNFKJFO5eB zql}Xa$|j<2J7L!d7mI9m-E!V$zq8%DBz4atZadow9j}&#>$bu-QeWX~|1A>#AsNR* za%1^ldRtGoYVjYv-hKSXZT#*k|F4^W>qHY6f;<0>jMY$Jq#6_#&-3)`5otb+bs7|j zMQ2AuR)#9PQ04`|2nT;o=V9rktL~Z%g4Gi}lQ6LMSt-j~>FwU^k7gc{1JkU3WnQh5 zKOqpH)TEmE%}QCfjZS*#pSvyN`N{1f9vt% zUX}kpxv&3oJHI>N|7lEke(0gkl=2g#JnkwZe1tQhjWiLlEYDVB{t!xK7ZBgou8}v~ z3q|FNp$$@_W?dtre%@5~K1|6+4{(;vPK;6?ux?V;!b>i!g++LZ`P4pGFJ3Tx@3kRz z-v9K;N9&UPzk;Ra!%oRVAL`{OF?^XNXg$JGeQjdF9)!mv!IEB(6KEfN`I4J!e&K%d zJ80cp^woGQedU|cI_0bR%^olXgc-n1_FH#$RXt}H*7e;U3e$b$y#gq)_EYK-LwSv= zIyKvxG-}Q4J@C-lGk~~}l-X{#J1!D!h9*jivaZND9d;F_L^zV; zWDRf^sBH)TT4-n3BnhZ7OF|m~_u5~TlR7U-&<2bmd4?zwXV`}(o3FujscGHIzEsBB zoJ8`yXi2TO7>+)hOXx6QLnaD%Ub~9@b*n22$bWsZcysrEA8*#{zii&yf4B3yb@{K8 z`O#EYCxuj6lA$4yMHGzj#I`dpO_9c_JS5WW=-K`@TlCI6g>M4;aKZa>Edx73nA@oD zW|(2TQ}!agc#FABXhS|`j7y|Ai0$CZm%Rt;=aW8(WCF;s9zo~Y*329Z6;GOzpT#6) zG(I#GF!YCDsp8^${wMGihpL6n0r*A9>CZNrDuAjWRZ;kCLX#Mg^a5RAu7iGbyfN0- zFy}601u1$J?aGX&LGI0;zciJu9KSQXftdI#p&(j>`UjK$vbPtJ#>~8)pSWzkCkSe8d70O}^>>p06kbTu`DfW-8Xn&6yS(poiayhvqy1(G*#g>p@FINGUiwKR{WxM==F3WeRa#?9DnF z$xl!&)cO?>QxA-~AAI?OW}KnuV>OFICswU=u!a~nEzQXVY$1pMPf*Izz_eb3_|{5N<`71YbO6kw;v8#T7s!8w zvkiMMV!$|5u%ao-SSgR{1|lC7p6q2`o3#q93qsIZ?}zQDPdf88ipT(bYM{;Wsv-8f zx{CZ5XK?1cEK{p@pA!tzEXjhkZj<~Q24%kppJ73c6c+)rtK-V|+)Odn2pdzWJNDfK z+5S0AL9QAU`Gv*u8Ho|zdi+E!*|%Z6-2bloTfqLi#9ZyttDAsx&;NS0^S_-Z_xWFM z<#+4$-#blB2>01Unu70~B?+)@JeOc>%Z@!<6`zGCXz&w z#AsdFU{0yfFJE@m6V>L+m(B(zBiBZN` ztc`JH#!=2veQ_GDXSP?MHn<^N*do+$&jb=o24<8%jS@I5UAOAJh`ICMeE#o5D|dg- zn=c~_=K246Th;s@+r6!O|KF|rZk_*|P;r6|EGZS05%S1$NZh3uD@35rjIeD8rZ0#z z@374|Xbb=3(f;-#Z&|NjEHi=l(7c7-;pl_8LOd z)x|KsoLY=z(`H~%e9O2(YiRE|?&|rr%E(2L>o^@M*WVjV*rEs1Wi7EnsXuc^WTB39 z+e!~{|5riy5hnxsaiMO`$u!g-ReG{lO5DpPg)v-29aqLI-+KVHf^n@lJgDCNhYCd1 zED{i7)3GlNLUd7*a<+il)elkiRxWdGrZ(NyJ2MT$>(2wMaD3L^HD7=!La65R0LXEc z6<2D^_P6~u+_7oS3+=4kj0|j(k2Il}Pn~}FhmkW2as)aW@x0uRuYj3$*^P(@l z7`C4UR>AcRx37qu*bLm4oXl{esQE5n(-FsY@oq1p==EL-=dLKQ8bq!un6gk`{qA!o zF=x%IyR2zB%Wv-E?Z4^YlJ?&ibBg2sa<0HR_TST|+tvC{TaTaK+kdz6yF2^ul_I6* z&sJ{zSrYwfY(G2ER?83WEMCv*vt!(h&DVg^r7S-Cz3C256_=|>4#^+Ai-c+8k=F&(+{$}f%D(2o+oHq6NBV`3i9{eHgr zI{W)$k|i_(5^0-Gy+ys(uhb;2u2QR6Tx!^E8XFo3)Do}QIxay_o(%x$63SKb#ncF{ zr8t^%wMl1GQGB}sL#KYhY1K{$i|IO&SL%kS-nVk6uM0@K+{btJfzeX_<}H^4*FZb87!Cv9g7l{Y|cF z0sfp7b-85Iin-6P>V{j^|HINDTdn`6xA}OddjEIp$>x)L|Icmw?$H0ENa^{r|KMc! z*VQ|L44r;GP9S%-?VcbF_BDM$?oc=65UQhhIfsz>ekBf}a$hYDq1kSnau+RboViY= z%B0$zN?)5p=sA|Sk45$S*gU>1htdhL7klciB>iq~Px})&dQs4d(@#zpEp8}y{Gy%A zmhqRkP|UGKZ@~MdeGo1PU!_~ju)2Q(x0wFG-DKApHScG>GY%5{m8V>R<>q~I6^Zs$ z`Q!wV3%KM8wlvQfXId^m^tyc@hz#wZ<=TT3t3^}U&HzjEK(!XBD74f-ZMG%L1qTIVp&P2+5+E4XQH)FnF0 zB>8ri=K6k7yJR=-7rko-&z#?~{y#{sz2rsEdGTLQc53lo+uQf|KX2uChyK6m$vAAG$M7oXeH6(hb%z+5@r%kAYp+Uq{rt8U@L zj{Y}rYTb3LSBZ0eRbHh#j`Y$5cpv9=H@>F1GH-RBrd0|4`7mF_!h%k}Z66a%Vd2%j zs(-1mkL!AupwqA1x3sVmqg{2oNf*Y=Y_Ds3F7&?o#^bq~)#z_-H5Ydg=G^e6;<&E* zThjlNF(HSXEawE86aUqFTJ!&GZ{OelyPet2{Wv#-g~a5eQgCJ~KEUVM}&z?4KZ#o`Q{vt(YK*d~I6w!&R03Hv#j z25b=6ceCVLOIhC#K`MC#d7tFa#*pTlrUq&&!YWL>RjACKL0O%y7%?q1^%`3_<2dB0 zDJ3Q!7x>ELWOtnncwtQO*itpr*fWPZSGv!!e^*RNOC z)Pbehhtw%gXNEo9I>xdcuh>=POmRtyxth~zMn~85T)B(&b-S;uv!kXGF1Z9PYUK?& zLsn}ZEIgwd;T}cPU-JXe`5Xjv<@(l~LAS`=V_8jQETlqGimIN~GHoU8niOgt@dh}F ztE^s)m6X-pZR-R%pnujldABixL$w}#Bc+_L(!#XPdD0e7WN&dF4S8MLi*1SKahr~e|cDReZq zGv|}=!WKt@;#ciHY+FHjy$F7T8d#Ni_)S3+ow;AtKOlcLPR+Uo+uZG~di5f4U{z;v za}-!TNHC_tbv`bIs@#P*A4zW0h0#-j@>fCjCvvp>dKwa*5936Tqou(7D!lnlsmcOF z*NG%7VY}Ufn$KOqZ-+K|U)g2n#Gh5DZAR>z+p^uaU1q_p11}vX=Z^mEJFe%sp)`Y? zC99i-!g9{1=02`zndwfyN|%$Cc)EC~HN^Dn7sfPrWQ^dvK^tpjT1dOtZ(nBpjk{*E zQLn30=BF@#Z-5_qd?+kNh1TaR1J`>Jts9*I{kVsEJDr7BqEYR*2K_ho=Qz7u$zz#% zS$wT8p>uV#Ec9D+FExOv1A9f;QH6H4`auV6!@E0Hk@uXD$nr9 zZ?pCDUP;jx7yKq`Dlx%d~KSZu5;apo2Dt$YhG8D0cDP`x3g?^a-5D# z9dpU7CIV2WL(>&a9SsHQB$sYG7RFwSKc!GBTKy@_;|eq+DdAX>xV!i@OH=lL-uSwi znVSJ7#u7IV(H{4(fL>pSDqSKx%)MhJgK0kX=$hIUA}VM&%on=VE(-Ou8|sNKrrzdM zX6oL}-tF_})H)ZxTB2a?mK;w5w{4*fJO8}jG`G8HDyBxQcNCPTXPZI+TxWicBU#Nb z0}EsjF0(1id#CENylQ3sV#l>zuGA{EotWdJ@_pCu6#9kn)3KK@ohS9v?u*(v_k#bSvaoO2GtF)IEOJ5n3g;G+e0!CrO zpwq%!j&u`E+Pfdp52=kt{7!sG8!R0?xQ1MufDA(2V04 zJq!Y+7AbRU?}2J=xPXEJr*WvPu!1y-)pwp*1lBNdUAv}D{|`qb8Pj3PIJvftIYzNKt=6lUVWJ3`gg9NJQwZq0<=%z5D|+>_Z#vjwC(@n7yHj&y$Hwg3dWdo|LgJ7t;d!9|9I>1eg5xT z`K_U6x}v|`4KHb*D}CcYk%Q;$qxV0PWL$py+xke#Ozd{MN=k%c)Qwprx{_ry65T{M z{oN4MnrhPl&-IYANv2qeCNh+;A&pR<$V)=f91#6o=y_{v==9}ZpC5bP+1Z)WiM^O) zB#lWLQDXFNB^7r~e;}ca6Lc4Cg&)I@HeQAaDjA>dA{NozZkLlG6_QVbUKq3JobZsc zZeNeDhgU>KSgk>ltmxhYaL@Dx`hHF&Yv7!x)af*k8hn`m^!qNaBr{4cE=@Xn~qUi11 zJPBiR(ba?=lPqD=u~J5ra;&?DKiL4memcBPe#zS(S2I0f5l7d?l4f^2igsHCb>WoIQUQnr_e5c!D5SwePEzPmin z*@bh4I?h`H_H_ShH@H0;g6yV4ntt>=iHGyL)%{33bi3(=y(eKWh)JK~H0W&x{K>ZG zWs@X1VhN4r!V1V9OcB=IALSqBXI-FJJ={+&@l-ri=28xa!r4P`vdf1X`qWC<399+w z;5Cy+oCuQ2hZ-Jz-Y*J(Fz0ycAw(t7UWnO{S|d7{B4L3}btj4{bMVbLXuY`UgGIgp zMJM#UnDi$Oy8HS_u!b5v7dU>Q12kn5bjc=3j1qcI)EhwvA|EBkh^7O^$C^cGxggv{ z(uakLw)ay+Qz3C05z|?p?0RcCS-KRrR$}~RdRbHWZ(02{@0H-JQq*)^i;Q3O0VrJbdjL&=y^gij)&wR!9vWV&A*SB&<>XZK#AV6 zWHKh`M0bRsrww#Cu(am~{swY~c@3h<_YKdDsZekV6i-21YHqEB9!-ZOi2cC#JRC(t zh*vBo^T6GQmT1i4BH*|c?$SWV1jp|R7g=J2AO21~PZ>1x`aLpU zzJ9Tgaj7RONoSI?B^|x!Yo+DTcwIvdVk-z(Lx2GQdJW7lXV{!(UzFmA3bF;wWX>#I zFPx1>G7i4dWXDs}`#G7u!kN6i%B!6i;%Qx4VFTC?LiAR%Ky&^}G5oa$jg_Ztz)MHL%L zwXmzZR&esJ!4*6Yf}mM_HCVa2?ut-?`y??E3TN5kpXw!ili@!nB-eq9)%f%YC6$&9nbWl1Dg9*MPTEXFMvO9 z%{{gNv{rUhdGpWPP3WzAfN3_^>o=z_PD1%nmTab?9bqWcgpC4|AM8gXoDPZ54jb*uQ11&*f!SkVAV{W|0^=FuSZXCUrh@^2 zWf>4GCtP(E#{|w^^;EaD1_iySeP~o(@M+{jnHeA|1xW_VsKPupdPR=17jIsMhAY1t zVVT2zNjO2&xO9j)_O0UKzdSEMN1R-MH{CoG8Xr`+6P^fy&dM6e8Co}71MtwFqCS%& z{m~Z8Z`&f@=}0ZDcGkiC%YAOu`_$eQ#L{Hi3DNtX2`97toz~B(XaHx_Oez4j-T|{W z!l@#v7>ya=s4#YMpH1|>a^O1C2j`&|pkEahv>IgGs%JHrF1EuGSOffLcg?g80Jy-A z`5b7}fTv|@Qg8^AY4g`A+m8UTAnqT*u?ZSsf%-~$XFMi~pmCCoaGyvT!HxnAcf`hQ zNK&F!{t{2M9;_t5h~&OP$2VqZ>_8D~Ot|r4!qL>k?smOVXiiCrx(tEp*PWGS&S$@==t&e?$e#7LP8=|hPIign?1il`71A{HM~>*!`58A25iNinBP zF$l%8%}N=ki~DuVh)}~@mSy)NPN!-i3owdVfSpj;Z0^+brcq#vS#Xz;VPpv>1Hvt% zdd~&}3Qk987PDxgEE`y}*_-EL>-UT8-^X;Q7r48Y|1+2f5=2-K(J|Y^yh?|9@$4KV zLl@hIT7DH|FiB8C({u2i{>_f9#tdC2wwy@DDNaO}6Ty-T5-9Mt;J@2J#)J$CQ1nW7 ze{_3XWHyZ-^bNX@$Gl4OKi>*L1^Uv+>k091e@TKQOX#PjUvgu!y7~3vKYkH<} zj3#Mp0^0X89F2(WW&_!~M_b`0T2~Ex^UCl1)l;-H##10e#eIPWV0)8~5y@ctM{JxW zRGZLNbeJwe@1Ldv)|VJ|yaLtAI@1ba>3M*X-EQ~t@-oB#V#xTgo9HH@`||MM#p@FY zF#XZ+3remQ*od;<}xU3woC>l6w=ItI}mdMAXG2Dh#*?UbbvN^m-y;2}Xnc0qUw xNAQG?snD_#r?HpNF_nfR)}|AFL&wkezx&_)?+$K-j+@iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcTO2pi2fBaHr_cl0gUQl8fG zGb7W}>XkI$N!H)}JStuLHq$eJ<78pqH->I?RjG6@n z<9x)ikbIWN87Do2=oF8M7@+_55JD(I`onkA_YrwtFfO4E>IVuAP|A`k!WF9_l{uc$ zepq&}8}IMNyHQGp6z9?2Uc{f32!lkONta6x_Tn$fwD+Fu)~RroZu{ybgBkLK?{=6 zoCt*T6eT!ELxN_4qzEh8Qz8T&6Ex)Pig3iZe#}Xc;e<>{F40ImL>U_+JRWm0hH0aR zkYL$N{R#z!bc|9gF~UWW(L_%zac{zu-X>BOV$io;BTm?~M-x?9`$k;nF@}oAjF0=E z-#!*2rOlLF_Y2P6kwiur8#B>ooQ`RZGoc4SEUw4BD>A=fJcW*-$4(TqedHC_i%`K? zI!oYj!g4X265g9)noCS`!hwWt@E>2@U`}?>ah}9Igl0VRB9Ez@%!aBiuFLBl&OCHpXyY)c&=m#9rXL0jMYRmkM`o)Y;SsgdFuQ!-d#L(u0wY}-g~0f0y-u_4v?7O z{in|ckN3X#5^vT}temdIUeL^sKy7x5w@^Si%?Cw2I$?(fB$g?lMNWK_8 z+kLvX`*i>5{#Uy=Nl9-^a>B7x_Rhxs?*5Z#cR$+QzubE^c)B~-dlEnU@{8Rszj*e= z-aj_(VEFy!KYILM<7`I6eQf|1j{nEcp6orX+5b-;?>&tFkMXmK4p}khbUcyeMQ#&a zoW1xtI?)DNbexhL_5pl=4$ck^zdHg`t+%;}{$D{7SpL7w*brxGn}DZ85-!wR^Y8@> zXl*1`N}Pdpzk_ln36c{mk(^M0ZfKSvc1<{^sd`RoAMYTVC)q4jMo>79?Wo0kM8`9( zZK0Xa-;cE@(AgE^!x`twuEE!sX3AK!C0c|X=qKl9n%dESp3SoCf+U|$j2orjS8|eVavB6%kt;;LnPoe%(((Axg256aRbFrUQ6vFe5S0rGd1f9 zskHSY%VtyZNNlUhX&M8&=dzU=ppA_lLYtfDC?3c9x2og={aBgB)4BcdC7J8juQ3>{ zo12z&_$B)1zm?e;2nh^Jo$(OXnQ~VP+d}Pf%(eoZ+Ftf@HY7YJk_fxbsIP*ez{e9& z>UAGqNUnOKWUx`DILqd~|LSEghW3a@vn*4;DdHiC3UynofrEP0g?g1lg+r3fge3e0 zQ?@30K}L9%$xsWX07{{RqFDN5U<)YQ5oaM~kmv*tNhXl_M>2#{7?C*3)QHX4oTP{i zl|>Kj6Mi*7zka9@Jn-%c6#m|obns1uK6x)WegPk%12s|*8|jCZilVM5qZ=wGFr^sR zgklg7fDY2^&ly}KyUF^^1R-Qc<1dSD#Kacs;PYt2yM8)XO45fVi1 zG}ty0k88|}S(cr#j3)Dv0O~O+;CbUG)-t##NJ2+*(RCr{ip0D)mq?W{y>YuDU*c0a5RPWNEq&jvw@ii?Q>D85{N`pXFC(;_p|v zE6u>OmX30w-uY2`X%-$O7S3I%V7f6&ih78f>uNi|UC_~epux%X7Cw0!Hhj4%mHJKy zE=~(6jH18C*BE_AaDfE<1-g$dFhJ4I)AxJ3`%k9oHvzwe_Es(l{~Frqj5Em+meqU{ zur(kOYP#JXiw72%WE81`EzooPqGgrI-CL{mD}gCsUP$k_D(waCY+m9rVirCRpw zX<|Ro-myN-g~V9~1p1m3iGI0?t~egacp|467=NubusYK^%D{`Hb~{OBUFo@3<^804 z948r7LP8f%R)U)e%&Y;gUHQdCoDp-zxJ2-uTTrttpk~Dxr*e+mlZ8}cbdY82hNO1I zR_ou^*~!82>&v5`FSmBk*2Tfa$(#CVaJp}G83`-{BmB{7NcT`26C1Y zRaH*@Gb2Kh)YMh|O*u&+P6Vo?cg3aF9H6guzuJfARss}Wx6^Qgm<&x@glar(KmZ9@_`OxV)Qeagut5n-ifijT^J6Y1LLwZX`%esU+512*<_dH}m zLI0RzCa7WC ziFMi8D4xR~E-p`BSwCKb2EK6b7HB~iXs))_awvjx0P6kQvGJu3NycuR$E&oTt9S^A zL^EOcMR>@riT&(RnN|GxPOx~Yzrtx(z0`*F=g>1;hyQ%LrNOK~zRga3KXn6a%YCp_ zms~Yg+(I6w*J_6=NV)kR&M(1z(4mr9j%LFAwfrc-Y3?&v0t$6a(}Y#DBYk-d-G@AH0e# zzB`EapFS%;c)GW*9-JQhaQWTWM+fIe=WoM-cc7h-Q#K{J+%cLw$0MmvbW=uzb~N#S0Hb)?edJ@Q6InMRU8R+6WC9!u(GS^icI3*mViWZ^Kp`49;PS|uh z%S{Jx0yU8`GS&I|xnm*QV8c~nDq?@kTq9IsdJ%SAruy!XU{1JaR2MEN7E5+T@}oR0 z7|rDmJOdZo59cRt=|5F-a{u)B#UY{)0j5nBh%H!5`rXZys8SB7St6PnXH#@Dp@|Nv zuH@-Dnb<-Ve{1`*mgwxU7MyL_={ZE(Z1`9-mn2}UBK~Aji)$&BxFcphs z6tm%BhUpY6FQ+V&sAt;iX$2EASl(SH38-j$q}r-x!bGUjChmDvKkh{+)BtUW+0fV| zhnzrnz?twPC~6u(B5oO%W;LA&)d_@JK}{VO&x+5m^r8W1e6C67^v5Pdg2jp!nM3MJsdpSkW6aB~`m!Ju?Gn0qL%z#~cHhy0^3RC01j(qa%B! zSQ;BCpG}8qr$0hrRb6uhXCv@pV3IT=_;at+Qleem|FC&L%Qfy3FYA-jFD+!6r;bIm zo9CuA==YHSD(upx(^h(Mb?a7&3ee6nXZ9J#iWySDiFDG~mzAQ#PPo5NPeT8L`Wr^K z6Zi*Vt#1=T3~nvMkPl(#kvdtjsz1b|GKa z`kw7SPETJR9i0VSbsNFmp&x>t#|N#G#@2{t8i0>a3N+ICHF9?E5A1@H=ngRjlyb9r*n=EQ&^{8%e5Mc-t2tg{os94dkiJzJ!9lMId=9vvQRmn4D;4rh7ltPK;N z1sg>uYSe!ier01#X^wP|4Prc1Q`nny*xZ{Gk8@IP0{~KVe8G;>UFj8DrX`&ONm_!fAZsL>)n;uLOS$RPxS$b9Yk<4 zvHVQfnqiADl6)p4#OQ&BFuEdh_%p7|_(Tvlx<^cPDJ!&)q!4<}H@$Rk8+~hRIyJNN zDi_NGLZn2Dz9U&Nnq?-s)t_H;d=u-iF|}Hnuvmy7b1_6TPy8Q|jV6k$w>FZDWuiaD zLK1GUFs!*536aHOqD9`{M&|?;rmDb_p|?8S-#?7sU5U3wLyyZ}+PVqE`6`7Cc(Wm!&;q*H+s?*2u3rHbU+7HEUpQUP4ugH8ws(-v$DbkJN zClB~@*}PNwqVl4{oYgv2EuH<`j1)=`K3p=#HBN1-&S=^$4~EnVlbf)!Tf(J@d~mbf zR;;!bf|SR?-OO|$FaH9B0HfsNRNahaBa9h?zj?KrcRf`r7tbX7)@4#Sdrv){Vo4L7 zQ%15;WMHBijoVVrKx{D*GIM5Y&UE#T>8;)Myj639-@KsLOp*bjjtoMuFi=GqcvW!FGChes=U~r;_MZ zwv#nNOCW|Cc=~K2o4c=+5#v-;t#G4Od>81Vmtc?id)7?7(rrCvnNmtqU#m8j&G}90 z30iTXkngTUmwB*p9jS~+tJh`XF4{~v9hc>56Wvcpt9hQP9uGPS|ANKQe#|&Z>1ad% z$jIqKS^FmAyGb>7rGjexmg`~VMzlsk1GicWdmY_<1>0KLdPyxlmOgnp$i|FQIhjIb zohOx+3L)%DNrtX*MpL~#;@5(R1>t^>ceG64(IM*~>4&uHbQj}6% zb#k+djq-=FN7tG{ESzv(n*k-`Q^JelZ={1W!83<>FwSEvA3RPWyi__Ohaa>WQ}3 zLepletE64ltHo8VR3|jpTSP3aMV@ZxKwO~)-EH`;RVdr;EtRNDww`v`0llyyRjd4{ zy{A~6!3Ny(_O^FP)aDIbXF?2YPohaCXUCB zXkIbel(TdP*;#Gt^u*ikD+ATZdY||R%Ima=ZCBu@u@C%M`yHpmmfc{xo<5zO;YZh1 z%l@zmm2;F||A@IjM}VY6@@vXj4mj}Fm{VmYgs_VSe~zUKaYh`>xrfVYfjZx;!b4~% zDVvyPgo6h@D-BYo-yDAP?VGO;4qtwIe)_}f7jG`VJ3l&janUngdl-`gw6V9l;edK9 zwK8mD`0DUg6QtEEc!@KqBOk$GumsSr+Q1=7K4R3WcnT169{n5OTti#!I=wfUwT zsfKobEhW4!F*MU_eyjd8biN&#b&u&r()*AI_d#* zMO()zqooy`s$yqYS^E{lL<64#f4otjz)r&{W;WDc)!+B(QdA&CX-X0`IuFt`tf+Y& zqDmULrM9-Tlq%Jnvl%zgZU##>yyU~bExkAkknJ@1o_$>~?lc+RA)=m#^c#{%_x2w@ zfiyZRXjv09r}EI(wxSR9C*ZVoS4f%QC$E-@xJo(ds~4{?qBE9SL|IY8j$MRiXg`W_ zB5xSKqWQR=<^s_F%)1Z>G|h#9sk|^ab9&``@%qBxRJt+eBX#Xk;R>m*%we4}pcq6a z5Dv8%VnIuXQ2|7;Ig-*Weayj`l2wb7l$Zbr(t(5g)*E>-u+Wh^=ukr%e?z&b{Ph!+ z6SaeVt*pG)EGKua)lK*#(vJbw(kZtx$)~w6U}ZW#ROmo&G-cf7#vqovhA3ybD)q$Z zJP3b$>lncaoB_prt7`eyf^T`ABT6!`h8;qg+C`~xhI6DUXMo}IdC)to2=V=>O+C~z zZqH`2Z*F>-%`k(2e{h!hffu2@ulD2Jct74lo7$wJLPLzC~B;Hk~9~)Jzq=o z>xU{3x(i_-868vb7J7)`3TALQ(W3-bX|r2QSlppnm(Xh$8&?Gp^4#E5TvOBLv5Qv+ z0qMxatkXPjRZUsy4>dxj1N68}Hvj8sp3MzLfJF-pgX+yuy@Q;#h~ZeEl%(J{3PYPA zLSION0khCQ|BDHwDL7Lb2GW$et0ZYUvJS+a()>6@uV_xESVs}W)S*(8Q-&&PjnNAR zCj!X?=VOBKND_`lYPN!vjN**`5~MOConsKeX+BkpW5V_API5vhN5?Nz=iuNou{SYH zja(p)JQyWRICIUUb+8v3iDS(v%0$w>Y13Ilhf=*|d z#5rLzq4b>V&}g_DfN;313sUHy-UFa* ziwZ}qL0NEwo_G4o0cCNY4F1j5K@8WUP*4i4Bw=o`Wxn37SwJsj_mgQnF z*VfrmN8$P_X3Aa%8>Z{Wvc6ctfgROJ!d()r^e`XK)Ozm3hPxvckh`6;uYRI>7w$fw z>apX?E`Q(KQJcSmcV4N74%*G!sH1m16^lW4ku8+bYmyTI#sW^M`qkX5g}Iy+=DL`MuD9|9 z2L8F_89A1bVHat3{mp<#AV6KImeiRlRXvd}y+kfu(O174Rb$$}AQ_%tkc8!_K*#zS zO4UQP;J{O*;?lR>7!-t4mRizh@Yii=N;)NMCN0rR{pW3|jxfz;oLo*g5fhfB=o|e2 zN%v$;%3=nmK%Vl&%pMCZrVJMw2M-73*a{c=(9ntlw5P9sE-Pz*G^Aj)vU)3wP^q~b zjcNr3Xs>-!Z@PVBuPwh_rQ25MuGVkMA9rN2wCAoxwL{-si*Co>yB6(^{kMTOI9$S~ zEA`;EuKH|2$G&w3HnVkO_YL2z(s@fXSL?drr=7?z?Y1jZ?9gRbrrEK(u1vRMSFO>7 zYasozL0b@8V?TYoyP)e;yXjs_r`~(IYEMmOLbB;e$q+b%XBF!Jwsfq7uIVoL$X)## z$bl1hA@}q0gl^bZrukL)mkBNx;36E7hJ9(6uEIPdwup5`M$lWPgft zJSLH)FQQ;K)~2Y^q2jsyGS}^}yiGp^EC%qAk+5b@*cup`PEXz?(uwRye9PIaIE14cdxTD; z&OMw9Nv3G53fRM)BDm?W69X|9iOd8Ly;2&@{5i0P!q%lU%E|~Qtt)mDgIQ5zMBh&f zbrIDH=nX$qV-3{+HP?BzM6L56Q*afTNuoyK8E4?l1=yYv8_~qae1!`Anak9x(Qh-A z8yee%gMbC0+sZgi5UQ)zy)vYft+K1_l5(9a+M9+D+Bl!(%9=3&4jbW!4BalD#JF5K zd$|Hj#%S02t-wK$6PnN7pBm@YKQ+w$PCm;Zl;q#gi!P3!kaKa-eEE#r%8}3V0|EGN zzJo5R5^^7`$Lcl9&l!^|aWmhn%n(jh&p5rN85xr!kzjpfiN0ZK{e@*`LbKGKt(!v~ zKFbjnC}%m`ISL=QPUY>jB{)6Jv$>M|8$Vec=#ySEl`D=A+y@V!=!N2aZa#*T_?1~F zxWGf2QAvr2Q_hMOZJUg)n$pAXjZPGm!fL_0&4ZY+hB?YO#;X&Rc^q;nA^#~}1N6_0 z*GHFc&JTXt__u%Atki&VZ?Qy8vu1hB4Uiga+QzUwJ(vZ<{ut0`>uKQzaf$48g@n2| zI62v9Kdw=G2i1!%bg46nXBQ1fyvI)9nyh&zZX z3ofJ9sgCBkzl=JBzO9^78J31t2c;dK9o9IiXRB~KK092(sbJ{|9+J$SzGeE429n)_ z=G4adnv$EoX(HVU=3bb-=Fksp7%jk}y>r3RgFI)_AggLoaqy%`-p+fa#qtJhLZJhB zmPtO+cjm)Q+Y+6z6k+oS74XbwZqN~WYhT(>$m&f&1N2s~kx5UUV4l8RvA!aikaU)* znv!b@ad3Ss1RduvdUBSM{-%a2RexJ~BAllY&LwqELUoiXx#-vrbSG((Rzli$s+#Wc zp7)`eT5ShNNogVxSW2q>;XZ^`|E)=<9#%xFBrXLFS1+u$FHJSDw`JY7?U2hG(z}Uj zUe#jpuE<tL}PJjjg^)KQ8;MYCU+# zU^9pdwYg}gc?@a*zlIUu;+RU<4ODJ{nw>>tzF9Q)E7}(%BZ*`@XjgH2O?4UZ;TX44 zERt5TjBvA@UIxG4akDA|TtX9ihECQ%hDCi(vVvu7JijQE<$TC;A-N)}1lMnneuct! z^@<>&OW}kwAq>)@iOI!NmXGa`i;1llF*;Hs10vW;A*3s+L>U?x!>Q;ib4C3pvUQ5I zOi|(`?{C(hfyW{=_gZzbP?3aBX$}himg9t+mCga}zjjBO6OzJoG*)FHeiT^>WOe_v zJqK{VM()fanlN@H`kU&XXoB+;LV@0sWac8YRFxM=zr+N21s-wL39ReWWF=gftZfsI z?Gk)A$?$u?s)T52nvcEQr`II0b0(!wd`Y+TA}|Mf8i$!yxd)w)}y^4zGjZTUn6 zCuCZbrpKD7i#j>ij@RaDnU{@~Fm@EsOM^@m( zhJzoE00x)5F9_F{%mF7gkj%00QugZmg0mqWW^;$9>%b%=LvO*4@V0VGV%SKb8?Pbc zLfb5a*E-|Xmjb!B=uvP7gE@5X*ctU{08Xbgr;rh6*7D$hU^>erEiw{0e!hp61YFcT z^-OaiIhJHR*P9@N^%SJG3G*JdE-Q{EZy$KJe%6MWSql*vF4PC%mZcj6yQgyoQ|AwU zqHK%Gz4QEi)DTnca`+KyOLBMKU7N=r_<~z9`B4xN9A@(`ukJmj_E#%yllwc=eB}gx zud}uk|GJ8TH2=2Id%K+fO8fh~|B42xDekT^^(6Q5tA;dpSHL8?2YsiO>K?pnPIk9* zM2G{>CA?&9P=JcYs=xrhGrctc1q27dXDmf8sNgdgdg$v}Iwl=YfZMiIsUz1OXjG)b z*ucWS&6>pYfSI~z2fDzsv zp`hsF_df(5-iCuRB-5d}Jzn3g6`Vzd6>&bSGItkVXimEe!Ufz{lvu#XGy6m$J;5Nj z$#qr7ypW9JG3h%7GBT@-H;Fy(1+L4WRP#}NiY0EU$B&0Q$X{#ZVf@0PRPFTeXauHW zBc5Rc++dqoh|u5NY*&pem>y2(;J*8dlphG;9t)<_rA*=_mel2ii#s+*I9= zj6L zh3I$%U-^q2)n5B2P9-_bla5^-av#ICJ~wx#ENX3CTlxzbpfA6r9jh6f6CPB~3;}5R z$HP+nY6p8Aco@g-iTCd|P|m`0&Mq3VzGLS^cBdBr4`MtM^`@(6@a)IK*mU_FE0@}@ zZb>x3*955&wtK_G;JcZ*uv+@AX&lM^`~UqJZY zhU)|?WW~**J}QG+g(ybtU{?Nme=oebE^Q%*)i9u5f`BNaQ0+DmUJB(@BmM`6aB70m z2yvYDb{qBhfZ}xbC{9MTT@ajVz4V@un~Z2{qc+t?m5E6Cy`wcb#oPx{Q%!4VO@t;R zj+C>Z+}2mYDZQwio8QqrACT(g{ag>{1#|Rjr4AX zq|`|9)+kDiRR8b@N^UoKhv-SoH17;KshRw3P?MS|-VQOTnda@$lA7uM@sX0ODR);W zNlo8_8$^GCuvatrgFsrv!vr~&85=;kglj@n7y0lrZ?@jJjaT0ne# zT%)DxSP#=^fvn5$j2_^OJ~22We-3jWP)5tB-z|*MGH!PSVbqDuUBMSEV|H)QMN4aW zKd?p1*gilO{SQDE*|Uz{2Cm2+68#RLiUQF;5=>FR@g5||f~XOKC}`YI9Dc}1`l&+?IWZq# zht`K3vP%3Pf*kVZ#RJ^X$Ala5(eR%D)R652eN(gAuY;-EAO*0vdM?9~9Dl zfDT#}I>>78lYPw!8dUJ9!UEY~=T8z6s71K{jV0s(3g|ajMSdF?pq3WDa|oc8O5VeA@&NtQqKS_N z`*X?hXhaiq^uAzX#z_V5N0qg~Y2`P@&02;6G7pWL&+TL!3FqGHSwGvMb~zrOHPV4y zcAR8XwY6~@UMH}{hBh*95|-z>K4K9We+3$5|6O_pVB+7dR}C(b@ogwfmJ0Oz?GwhmTDO1IP5?pJa%rPDZR_-c-PJjYm1-Qy7S#YrqXqrQRBs(p$ZFZkIfB zmDK%;AUR9PS=fUhUchN9@I!X%MxLHibQ{IimN3vDuqK%=heX~GlB2&q-re2ZjUMlR z@$8Ggg^>nl^`P*a+VB{|eBjc(w~#MIj*^NiV!^|uMNniecot1ee& zOvKrc8f1$fO$5s!e1Cj~AQmHE)pOqzO=_O`Lxyq%1_7VNRjotjxLg+7RFyA`>$QoD zkEJ#>4m^L=B+kbMeXB0KMRTddi`WVzb}Fol3^PR{J4cdu92@@blRz&$6h3b07a7Cp z*Eqv@(!lV9;S|}oj_sW^>!zCZBgK7a===RgC{ZWDFCdZZ9Oq*f+uU3QlX14vsTde% z;n{w}=~$AnSsH=ikP;q^C?_{K%ley~2+3(8BSU7yc&XBnk+bT_ZmV73)85;S_5bbm z_n$N=uk>Bp)QGc;C0LS^;KSE;s&NO$k|A3VCL%MF!>OwXmUOj3hLrBI!>Fo7PH##I zB}8Q83ZhsRR!OhasBOK1Nz|A^CYGh#pWJ*djlC2m)^RerU5A3*WMp|nr7HI~eMAi8 zMd>Lh(tSFjMX(^&tKkf+=3Wq*^Z~Y*PMdCy_YQk*ugT2c+(h3IoMvjzW7Su|$I<{) zP-IXwK+I04F0B0`4)1GRvL|VRO`KGOiycSvOViG!t3b^@v9-jgc+NcX<`QXa9O)9( zgkVW`uM)efX;jBbtOGS{ZYqOPk3+Mmc3@tbW(C+y?NjWq&>xhyE9G}Jcb4D3cyrE1 zG&Zv@$9bfs91th^@tJ^Ro+zavVb_GuQ3HC|L0-+~x7!ed9T25Nl0>4DuYn@t;S@cb zqyNkZpIf)b%P$2wI6Dplde6T;I7CxAo=6=d_MaK$q?B#+!pc|m23GV|DqGc}_Wt2o zZ7Q`Ofp+@K>afHu__f~iLIXmovN_wWuS%2IFiu%w0PgzSZdK! zotcgwDtRt-;Dni=Z7&@lGm$ zJjr$9If0!3`z=zMB&m)v5!EHG2;xja{+@k9ycNz7<{Zxv8+lFG#(iWO%^g^{g9>|c zVYq6z9^1x=KYFYZX1IwHo(0(pRp z+so7noUxvKZRGAof6Z7MYihEQ*qz9^2%KXT5f_4V+{F-Ggi=%yw1Q5g-FCg|YP=LL z#Cg3NbaYFo^}z zcfmczk}eXi&obZV8(&>81VAh?d;=EehQ zIMM`-H%Q&-=%8%b`?F6}J$`<&hRo$-CV>v@9!kAHLx1R{OgND0b-I0%m5z}Q(v%Y+9ucvv169?6g$;;GY4&QHxIVQ5=A}KP zdeCf&)Q_55+oR#gdDRBF_XFvUjdOR0(j{$mJe*!tYc4v-&ozNs{3?9sGfX8c$&LQU zyWWTn9_?54;lE$6yVw$Ho&G@(ltO4|;xgMUY+KbZEC*+05N@e#x~2|f+vnEG3WUAI zavxGzPiZqjz5{SNt+RVjRaIusvAjWAQR*|6D)~GH@vFbTIXivv=J*U@JzqDP$PLnH zO6v=wv1`x^{ZGh~7H*$$OC>fN?(X$KZN*CW{_T{Jw)GB0ascBR6AfDGr#d}D1m~@u z#i5TIdu951z=Y;wP_>TtGn&wWgfc10EubeLDuTUUwKX(>^5IVRt;cMbQ89VVB%qX- zRhtNOoTq9z1!RA3S6`YJQPk{{8l)-Fc zBMqw3&zXc(@^_nia5q*EX>lRtEvBR%Kk( zEP-;M%8KiLU<_N78Q9v zd2dBU-v4b+#R6qKcqwkBz6TG*r{|$q&|DARiI44_s5HidXJV;mqN1_?4X;F{(hnYq z6&3b7@J7@n{*62l6+s@n5Wj&JqPm@U@Ic(k15q`3?%(@RUDrRl=b^r0+@IG$4OMeR zip4(et%Qc&U}TtIBTKN~+uZD#hbDfxlwMPM<-!^-%vc8F2y7>8MKy8o9+cL5D_YZP z8hL?9>=JHXuzX9}3>Ta9tgitung8V!?Vt3#2*EDEX$LNN(ii8r#Po!5P7+zB2a_J) zOV|r)e5R0w|K>J8iyCfvItFyvJl4E*gv~FEU1^9MMWZO?r=t;v486I@ZAFi2a-~EW zAUYUOvE7ctOi8Dm1_0VhyS-QT1ckV32o)C&o#P<%|3H#g2;5;m%;pCF!bh7M`Spxw zQz{eN>SjaZV0srwKn0po0jsfxhxzq`X)x0?XDk(dyJREZ!%A)mFPmnI^HhJL;YT#a zZo;V~oMOGyvE0t_(BSIPn6Xs%gdK2oaj9U+F=qffskY!|`>Yq!Jr=_w-?+dPT?Sl^@^efyGqQ2Wf ztRNf%1j}*0m1GM+We*9Ie_QQM6+$-{4O&y_9bg{is{&+n}5`nO_{P9YS z!4x~6WklG!pVjX+TKwPk0_HqiiROsU{Pmat3FjcMry}c8@S$^fhe4|W^U{SZl2t-b zBj0;3>Zm^Urw!f5{=f(yAma=Qed(bfN_Qo!9RpT$MmWq_Y8tPj?HpI|Z+(e@daV(E z0ulqHFAUXF(hcNt<*B&^)*uFXyioJ~BeAWKg24V%e@TY6d@QWFKXglVNSMNuwXP(r zvoCdz+UsgELp2Fh%`y6_TCq|EI#>jCS=P+W)P$lUXtr8@W*4>{QZku{#Drw^oXiC> z1bLY*E3-|AhE&W}${o`&m)G1RTXyAppShXKg>6sAY!$eilG%+#OBUv09zGLO<3{@| z%(fiNrVLEm$Dn{tz$_(Se)SCARB|sD<|wY7q3CYWx>z+)(S3Q(X^N1s5A(ZQ0%~cB z9g-Byx=>G0tWEWw&c*Tdj$6w|T;6Y8ZNdt4VBjjh0t@?%9T}_MF<)lYb{VujVb@m? zvzy$mO@KByVp*yo8d8=M<9=I`)8;oCIn$Q*kYwzpK|5V(wW{|c-CVtn242Tp8Tug5cew9((qm2fY%%AvgiN>Te?oJhs^B^&9Gv&$_uY*Hg|%n zGUhh$n#OfOmWQgcjS>2?(4mfl37t&JcmWTSts50p5-9^kvCMS&3U-YWRhd6WJo$e>aR7hg^VtDD$4vA?ny0D>^w6n{DajB9mx3;<-AcM=1lMb~g75UIcTAKf zrB_69nlx<-&p4Z^ip&H+wQ>j_>)Q`hsj2?eXd)lcP}XhSUl`zg~~ z2lEGR7P1r?p?}I1?z*3B60Hr~rG=v!c(CKewH zpQlN#UKQhiQX}tt5$}e3 zzr82B_FVJ5uC_N|EayF;E^g7smg7K!Wzy4lSzP)$%W?%EM>b2q@IBjDvKh8TfwGPPjqh=URQu8$iF zEKKB3S#3?{EuK)|2$PwJX$}xcBvNKYBr_3R6HZ5^+xii@A;Vabj40{mQ31CVZ1jz+ zrHlRpM)j)`Dsu~)PSs>^YM1pNGHDOno)`cViT*2o0&vFN}7^YKg>*5&&?_*g7u zP`W2j#MUaWaI%j*$HKNwhzZM5^o@Ri zqdD|hXLW6yXx9cKU&W= zSCu#R>+oH7BCGZ3^>{4p&+C!x(3jUE+_4|8N4#SnZXmADK7!}9{u_qk{^lLnL<3!D zf#K$Szh!H-hTw~fpoZS~vWBq;$<vUhR^wR;n z)t7#^Yp#H)WD%;ZC5#MVr$KX4xe{#?uBHRwjPLe>NbM8SAfq~*Ooy6v@!mFY5p$79 z$Wc%meV&uxN-2LHsY~hG(?+;wfjzOV(7Kuma6-clwk7Hy zrsj*4tFaKAbQ#kMT4^|#>bw>iZ4EsmxXT|_GTo{{0$aTWf|rJ12`zMGgwCe%{X2rS zZt+-j!m(bdzN_)OYsl)3Y@0BuJJqrkoq837$MyqqL!hmQ?5bNOrBNMsE71T3T|w8xDElwYDEqf-tAqljk*66&ekCv4`F*DEnIFWV{|;u8P|6#zpV@tQxswe zq3nSHJh4e!Zv`94w}^4{c7l2Oc4b9~WJ1zerc^+#DTHG6u@H2eL-)*CO8T4nu4eVO zl_A04Z6mfNeqtrm9XYgC7L zNKMND+6k3g&`2fY$=xl!WGPcjT>iB0EaEQo+hq=_&N`L6;MMfegMA<|tNxpR1*V`Rqxu4Md%A<#Z8pJi!_IsnO_xiZ)w zuuwANQ6u>^U1Lra2P?$ogfzYvp3-pc5Z>;kEx!JJel)*kX z!$LquZglR~ij_>G>dWO3YOG)x8_zEawV6F+xsV(K+|Z?YgY+vDzH6Tox=aUZCy_Cn zioU9n`cGuVhy*Z;63?t3c1c*>)EY|EZxAVq1;Sw-PcV(NRBh>`0?u=th%cIAd$n^t zqXM#fu+M?HHs9EDih2t^65CDQn2=*BZB!>D>FDft7>m%AqT>lG&KKc=a2r0;y))#s zf-1nBRj-F68Rj!?N0uGKd2o@~oY?zr@|M5nB7ON*Eea?pZ%jPmw-)bOXbm0!0$@$E&*pRi9~gf;|;ir6;$kc5bAOn5{n6lE+m#TLH+^Q;<*m^o)Da7 zL^yGLzQ-NGt0of$_uWO%GuTZY(IPU)kJV}?9>;L$rqtF`XcQy2b2B-T2H?;Hu)Ao4 zG25|Y0?g1q$lq!Hw&cWA;}WUSYx_i$*HQ`lFKQe(deQ*pPKY00;3rF123UZG!j6$CEn|?nIis{C z4ml0b)2C0LTCr?ycBs^KGPB=J-*?N)Ru%7>m0cHVSx$CHy+cNJD0K_F#o5@NpTy%P z0=LM-_Owl|bp!d2orUdX3UaU;)m*Nx14_c%)EX`zBcS1 zlCM`wzBUwE*0bMZjG-FIT_X%{Q|(pQ-dCXELZ;;~!*!~E6K7F=q zt@y2J;0fj58ZzVvN zP9U6R6;wg==mv9$3{f+7!tpP2xGzBndQHp?AY_g(C;1k*rl(k%JtPiPi-eqKWE(x& z+eUAj^ryCFF2MHD{x;Iy8AXcCB*H^>P0(BGBsqjxwH$TQNY%7*gnasmzSns0dF7Sr zD5b~m@HLJzoR4co&2Xzd&zLRSYC??Y82wX7PV@1<(P6kYK=vYxrKTQWJsYqwG-m+s zrtc#i1rT)M`812s(emh!%}sR3NlK+VF{XJk8)C`0juAk~1anzhKTB(wi!!n^)tJi3 zYzSV-3CX5?_+IoSC!{~c5FJ)wQL%SD-%Z~S_>>O%{rWZvvi~jm+gy^VIoW`l+gEcT(28Np3-Z7e^jel+I{A*)l70Mg`4um3kYMHh8-wlqK z?wM0uxR64JFs5I#J2D zEY~3$Q=^cn*^Uf zivO~`<1UBcOwFN8KmOZa|MtjVTou6y%yzI-3nG5rX!>t7H~W|2_U5z4!B<(svWD(sfWM#$=!{F;PORf4g~d}!iHRi9NpIoI(vm7 zq>o(V3?18Fu)Rjn?FU>KtTw39#=T)Me@$LnU zr|G7>u(5P7U_|R)D=nx6r?LOy5gf+p8__1VIuH+;rysvsB_X@l%>={;*x}}hzUfCF z_`(gPf>pb@wfIsh5;c+PIOOJI&}>;MT~+5cY(MO#xsVtlhwV#Eb(yN|xlY*#pt*a| z&Qt%6{jW|HhAYi=6{X$jTvw4xBg2GM29^d)#$RX>uo!!olhSJi>mo#FRv*x|Of64Bdd)~|J$MoETzHa){!Qtd}FNAoD3O^1Z5 z$)NBrVIRs0WzIlS%q(~JUAxOmLTVapt%a|-{#_OP2E(fM!r_3qH)y0^b>Lj1w~)Ib zrn`jsLo#2+USX-NekfpLufdEj>Xlq1LTQt3vL6eaOi0Z5xSy7colW4T7hloyhf`{6 z?k^dg;`i~C2!Y2W9?qrOGdz2;ySwX4jIx=S*fLJc9x~OfU71<#6)U9>-a`VR?oIXN z!PfR%A#?EV^9GGxt2u*ha|v959XvVIsLmEcA+di-rj~$G$FzQQe^g?-DoG{`ZGa0@ z&F0)(?j>eZ;%{Mww%@Ry{4KKGrOygkNmd!s++4|klT5^7V#`L+kTEGF$A#Hxqt9L* zeDm_)&Bf9AkH?2czM!dzF(uJwhbPBJuP@&mp1%IZ7s6>8{GsHJ3QqHc7C3`jw+1tJ zbC@OymEtIhpgL&l^DSGWja4eLN?p2E2g<1({zh zxda)`J|y)wk6Jnlr^AAi3&=J!J#dJ{#N;1Z`o<8}8ZUiZ(gT9t~u(%VQGDOlUxdZ{Wzl+VzSDa1QPT@MsO{12I5vzkhl0R!5tk9ld%R zzz66Adg^fq94~!jr_4af5|&kO5n#F9eF)+(1U4=%PBzfS#lgkN8})1T1WSWLyt@(| z>)UYI!O`N28>*_PWOG#8A9x87ZeEps%ZFY^y5?wBZa;BFj6MhJwF1^Shd*056=b>=C$D}qVydx?L2Ov;#pnPPvtdRPba)U_-9gyCs9t!YXqqTP zC3Yb3z9QFJHD%zQ9lbKu@LwH|P@*rh&=?jwCTtDuxt)r{S0vxjH_zWtVK3f5`*H0= zy8R-RZvANGdrCUpp8?dl+-?$gfXv&DQeLfonM$WyR1EE!jDT!nUUpUF%9oSq+ei*O zUPjWaOLrN`YRc4|b9IfvcbzV$(Iflam1xo}yd0pgSl4OZkF*t~_g{AC7Ore#4gBi? zDi`foivkOA!+6?sCsTd$cBR3GW}(Un`u^pGhN(r2!z`n!Wl4s@=bfS>^tQqqQruLTl#FN|wvrz-HM#UX zPnOb(ga6iQYNpbCZn%GiHB0EHomExmJN@mHw}8$nQ`0>waDkNJthYx0v-FVrr97{- z&lIX6IZ*{MpO-Mgwkp-zg1wNEAYD9~R-0T(`e>71&C70SyOoe7b}L9)Z@WdZ220rb z($-ln-u2dQ534u@>UW2kYstfV!`k#vx-_hXaCl{y-m&`Y!WQ|vj`HgtF}E(RW?UzG z)}@1?%IJyczav5v`8}XmDR}1}g!4HxH&InKbvEN7H&vxk?&ML$$(0m!&*9=h7@? z)T?FFRB~x5nKbPaTw^loZ*`YX`{HrSi+s8hUi%iG?kv{6!e<2*tKQ$UvVwx!BdUFB z@dZ9BRAS-nJzcogZ}73pe`BI$J{`dvLMGWUt|tMcz~Sxhx-})fDIvZk z9llF4{L)nTrbPH^8hqQ%;kJ0=^#FoZmVtE;$Mv4I0d0I?wB<*E8vg?TjemTY@gT~z z5n_Ci6YK6kt*iE(hA6K42m?^-cKGHRp!IS%YwuPoLs>7c{oUeNH&6Cn8%;>oOBJyO ziuG~~>#D{|_|&(?QnckN*772x<)t{wdMYi0Rkvua0jWCB z-%{Y}4hpP8SO2cm*a%hKqRbmifqI`?Jg}15|)bFn764 zYE}ltR+r%(LLo0Rrko4V4K5Rq7{d0ZOUR5Rj^u zfv6x;nCwx`pr|bzj;8@b3jRp;< z9H(CY;HDljIf2z1g3~m9X|tp@UQHPgJ=9jLW+v(Cd-g_l9>|W4UxY669fT3bdCI0? z-7S0X^M=4b%7wO83`tM`T*ps;(WjR#oBSZt9Xfbl>PWyr4Um8<9CTW6L&{M>xX@@C z>J1(T<_ss=(dClf&we}v8)iz!s$b`0eai2;G4!MzG{sj0iJ3u<4S4H_L48k_^Pp*Y ze5o*SFef)*RYsU*sxt!$KtS7yoTCJb8rM>dZI?_L(Ln_I3Nq<#74fAjYi^1q?oWxt zu@6w*L7Yt4H3=!>JVmo&%&`G6)pLXeMA0|Db50Ve89H0eb*Q!u=VpTcZ^rm+`Xf^_ zjz26eWAEyc=s!>tUF))DR5os-WeR{aNKFLh6<&8(Z7J+F~pY>zvfaK^w!Lhv7*!dJ|sK&rjaEKdnXf=!7I zFE^cFoUtL!0(Q=r@6|S8OHze~oLv!aa)sVF!D0hspyY0l7OK9vS*vhu)mWZXY;v}P zq+-XfuS2-wIi6-ELCR}}7rN`Z;l-YiY^r6C(JOdv#⪚md+%gl_R+oBioEOJr za~;Czmrue7noadGf7aqlyHpEb7SH5_V?bMcs@ZbR3Ps_2`$Y!;HpavJEjDzOuwL49wzw7Ub82E4o4lrbL1$ zVbnUHc0Tn;Z6{4*FwdeYGz9Y8eO1m}r0ELPSs0(xT%}NPkVUkE1ewx=Wh_^t1n_5c zMsZmL)p2c3*pS!*;n<~~%L$okoFa{jv;(#gc@IhO1GJ&O-P=+B-QNNKPc0845N+iO zdG)Pasd9`jB>9=efg6X)%5_yFpXdrB_xry2eNp9IHT)Xtd)Jwv#rh=!7Ef+{j}Y6_T!=3@GT^3go69td^IJ~JA7-{p+vp!Ku!nQ zy#l+dPR)eiP2JSHL^k>hX_ATl;!pZ~@m8mCP(#$kQ}9?$k<%ZQ2s+b%bmv`*~@UEwsafl zQA!huHsI+-Th%P*4HNyafj-+t|3x{?Q?(X7(J+8IeEJUALKOERp1p60&J}k?6iWpf z&JlS}l9`0G&mKa`5J_Z)#zg88QRJa(RBN9TxK}0iFg71PpeRGQDB`jeV-c*LS3d)B z4uTX0mX5OQMC6sfQh|CW{L4Ssp9V05VeTXzft? zjOz;e`VF2p*IE}hK9(0u?b4yF={DsTw)kk4Wf0docwXy}py=3^*g$c>1a>rxOZ}a6 zTrAk3%lM@>U}vc z$n#RIK}$LFz8dS+t2r1D3?!Hs0lpxkS0tM|=wa`Qv*+4YBiY;?5#W4oqk044XiAa^ z&Z(HjTKI1m_u-YCV8L>+gKm`V&sjds=19!Oa77dBy_HsI2C z*j`i*n1D2I*Z~cm>xIqCO&nryKcnioK9GA9&QIPsTypqryQwXp{9G+1{yV6# zer#%M{`i1zPBz*Xj0$+kc9m`` z+1pTkb(x8PtXdt_0?&jlcegGnyirqHk2c z2B~fGG5^~J(&eq!+?BTvV5rbk4~pu?|EDXHDLLW7?9Nc)uOU>R~{K%C4fxG6n`>J|tUmTtvyoxTqJBaq5KI_=t zzPX)!{JccR^K4`GbZ`Gom_6OwZ({~~oLew~@2l3vXSR7w_Z&P&V6yW$THf77!tpe| zQ2%Z0;vGm78K!xBrvBSZ;t^=z6+~NTeRows^B`8%Yo*Q~KA6EZ6RPS{@_gghUy-sx z-j{ipxkw*T?V=AK>Z9_rN1^k@gmzSH^+*wj{P|bK57K1Dqllq*g5?F4ljmE%#wnKA zh~o);*h2qBLoCR%Cn!qMe^D}%>X#i9jnLlq#{X3tKlrt6l?p7H%S@a7vE^-PDXPZ zP~c9913V=F4>Z%KL*D3ZRv5d+Ee*^D!OxCfH3=S~Gd+i`=hsKy9=}G1N9UKv-y9zv zTpqzw^sinV$LL>r+k5o-MXf|bqXlL`#RyPRI82V)wu2*7ZUr+SN~l(M*a(j9T20`- z4jLd%CYa{8Y=si>D>4ts9lbt0|NGhH(F=5Te*ELX*$^!FCR?PV7a)QX{Q7t>?4 zYtr?kEI-J`j8i$8q7A1Jx9rkV(HPsZ&lfNbO-5}7VsQF8$54WE3oeh#Mmr$kmMm`z zfohx?cFt4DQ=vn z7gncnVz2L|8g@J@%hoV^b>Wt!Jm~Q4=Lv;qV2uBOJ_A_ABy_f`RR)v4v)_L z9e_F`Bw@K=8Hud_E*2AGtJt6Q`n3ItJY@r^+}s%(m)QkfP+<(qDv{QBsIXlgN zrtyI#5mKw;@bvY?53kzQVSTc9uMS7~Zq!kQw!W>qH@x7je5s@9c?*?Wd!=@n(U6R( zzU88NQrvv5Q+6GJ)5(5NNh!x_K!bj>Y%66QDk{R?EZ1;4o=kP;jxK8`rQEiAc)q3#f(D}CZxt1Vu+LK zfs5Ed!LVFK2EWjl#%LGn@5VG6o6rFlW2PDf9iMr`Mb~=OYc(5Orw+sZ(cy$7SMc`e z=gXt>*9RxgeY@Rr)5czmPKO$C)dUMb;+HS5EM}qkMB5dy#$JXt>Ol;!r*AM5{aN_V zYLO2O#S=CySWa^J9B6O&n(e!)t7@0j+faXPCQxZ$@Xk(Os0Ba4vgx7+lh3Kwh;W(t zFB)@FAe>&S2ZE&DquOgSQp#ON-wCWb4g_0+I~@lYozQdOED+*vtKB-T^*I}^61d|X zjSv>cTH)45Y?Y%g$f)>Mu4@q_zq3BFQ?PWS>e-=^OvOJx|9313lISJ+pS%BtTV2$A z2R1{ z7IfN}=3`C-3^H0Y4X=7L>iKb{rCZzDu8FKQ6As%Tnr6K*`$-rjtF0vMi-=FN#`11d zU3X;#F%#!u%2*{3t|87AakwpCbdAJq{(SXV++~rqj?YJrt!)aaZR$ZEgI7!C);d^$=eB5MKL739o$!k$nh}T`@$qdChqUlKmY7$+j%$ z4`H$oVX}7>Cfgx;wuBa8=KBdruFhGO(R_S~$0Eqiuavx2CJB~A*UFUpt-(khem?q7 z760eWgk*)X=w*@J6_17ZKYP!fJl=m&!T)*k?AhJ}{?Etw`SsWS=eM5y z4d!GA9p_2hyEuFCb96!zk_!^qxsLDwIygHx{O%~)k9T{Y_w`iN{~TS@=>WiW)s_;L zzo}AgG9d%xi}jA)7Z#N#y!B55cxrlTzS1}AmK~jue+T#ZhG<20epV$NAnkwEvX>|5 z*<<*XPA_Jo5q*y~B2P?Br;(HH(B>mp9?FuOqyNlsrYfHXaB7NE-1~`W9`Kb^oK#H& z8j=Lh1ku2+FP*2=05VXLrTY2^xQ~sP>rSaakA?tFXmJm~|51=+yHzzF^UhT|im(q5sYDe2+(MO#uk;Q5b z43dSM)-zAKlU!=7@R{~!xpO_hB)dGhfM#eo#Pqky`LoKlPAHs5*SEoEoCswGZv>Cr z@tH#_Ys0K*cmenQn$!NM0q?8vjE>_I$Fo5U5A@}qeMTD%=t}NcOO{?o9_{CeU3iz1 z?$%}*Tv^h@)ace7c@Lh4X6%IlSN}c05+ECqc@qWb~9;grO-_V(tZ*nSK zA5O^E?%}vw7pJ4z)L~)6LJILxRg|`rUB*q*@c8}on}d7lIGCQPgTV|U z^e)bINs%(*pQ%tIB=mZb8^Qt?4cQj3;Uqlq1-G<@OQMbPJIYV(LtnVMC!8B5U+5>?>G zT#AZ767s>afgREzZdve}LaT{HQICvezBL8bAX3ZTQ%N^kboojlIofbT#H752eXIx2?&Q+V3KQbq^}CZ4pyQU#lriENCE}q((CuT)yL=>;>ZhhkjqfF~oDxzEd}0aRl@hmu)Od=p;BCajs-20^{CsC2 zUP&aeJm;xsQ+3QEP)zK>ieOzU;ESF7SodhZkVqB716na$z8OXTn!1T`5=ja7=(k3W z2p{KF{&}NTW=WEq8JWnB^S4Bf^YL zQq7%nbpoIhSbjgghO}e3iH^F`C(S6_l)wZeT9&FJ8HS`sM>(QegrL@IMy2*{VYknV z2{yCKSXzsEn~Z%}ZTA$*ivw1&B&=_}u!&^^RS(0kAhKNO_p=J}+#?MPr91E)WAwV(s1oON~KD(7LalI?M3kb+XVIGVmo@R*8Q8|X8l;)_A1$Ofa>7${Po}~#- zxC9&_p2jJeGDYwDggF-dli;8pnz*E$4FECyPZI#7of&`}kY~{`38J#OFRJtZG})kt zw{z-uDdN|674TvD`EC_J19QfT12r~`mP$$lP?@9ha$HH_rH=&Jl9NaL z@`QPEuwoHR{AWfl<9fuul;x4hK{+@%W;eFwSnBegwrLNFpxqdvz>U4~%QMCg)LQ~l zE5gzvAJB7VMKMr*1!~CxFC{D9(*NC#@{VA%} zr4ZRGM7MSk}7rh?nRY{4#nieJ{V%^qKeJpgW#$a&P^@x3Vs8|kVNzk;g7I9PC z->ZlV1T0_Evs+6RSwrkEaV>~L?Mi>QbDK;s!_+n21T)Rss%hJ3(n@NA`j0pkP?fHV zd@I6NvgQ%i9t|C>UY6Pp3nB>`d`)^;B1ipRK{L*<-@K5^GO=V*~rZ%(*97q z3tXTn3!yrL|CPg}uq?`;sb7CZ1AN zSTy^;1j;W2h?c)q4O;OWR061T91w+7v}LWz%CE@gOR8zrcoJl7sO0uFb|BT^&@X(m zC<{Vr;%N3zVo5JiV|Fk{_ejYA*Y}x)6mU~X)6q1D_WV*0yUaM>-Z8{GedqV(2NUS} zAzrq=L!^{5p2@x=5Hm-mcvL1>fuU3dTEsX0ipxVpwu za5KePT(v|yrMeE)o@REY_zdg`2BCbUPfSIA$RaI=`WgX(X((- z(f2jdYQjKE%qGb;WNH*Ao7+2J1)wAhGR$JSlGP~iZn4mot4(OcTun&8483V_Y{~J? zAMrqf{4Dcl*G25?oXdQ<>_f4~h94Db>r4sVa*_A20zYcdlFvjdkSxSjd6AnNd9|1K z&Ufg&qmo@jj(@s1JPwWqA?&<&gzn|5OQIw0z2h_yXQ?R6*Qqh1R#{z)HF@2Tde)Ge z_)D-QU%F(L@W(oCDAl1#e^Bw)$u2vuZgHY4M%%ORkllFg2`^EAuV*hn2Y*IXzSNOa z_@$M>=myaH&L?9aIPkqt4GS%&TK*zuFJ4YGwQ=b71URKJ+}{4RR$ip|k0tZ~+t=KY zBKUwXQMsl{!>?Nu`39lBz?IxnU4^UCM;|_2p$2{8&+EE`pA%A{rSH!C z0J4If<}Uf?yX*QPmh#~mc%9=Mn2vjR~f{{@YLKXC!~-A zsAkh`m3L8-6eey8NfX@b zfOjgUrH<)>)F=Ot9*=p@HCeAnHCs8HRcOS+NeJK`M(+urC0Iz@h_c+VLMpsFI>GaT zC8IbDyg6y7#?O*(NU0L~k)+Ecq>Iy9zOD{fS5Pcij^vlyq_21yWR|@F2l7LeFCdHm z=}trN1w@!!Q3f{6idXJF5V>;#Q9MgM$XrD!|C1uefLOJcF#$lr1&|1z>C}zFuLZgs6@QkJ3ZPx+&g;JpveXP2dSe&Ak4G0Fn(5ZmE-7|s{)aTaHg zUyb279scudbo}=0X!md^V)R2APq*0vK&!Z%z>DHZ{&eJKlWj1CnM(>OlOjW6|NFZ? z?C+laa(wXaaCr81@1!(rnR^LL5z$v3>`&uaM5A>KxYNE5_m0l?-q!R>0x#5lgtK>Y z8xwwH)7YW@0jFzuPoP`spjck5JJE7l`BYf7FXGgL!_P^KAiIuYdk3H^-xcl1FpMfr z!G(=fVaf0xr^Az@-Gj5;!C*KZpAC<8-y94T?obIASpYw(Xz)y6v>3K?5WD^xH*_Np zt8AHny1`eLVv^LJ8TX%#$EV}7gT3)-Nx1URlNFxV%!Ga@Aig(3R^O2bozjezRHqs1 z(eX(cUlY_MPBY;MR|iq34qeHiqu7U|IL%bw6f>LuL zFz^}@R0#rqjESJttTvSBwxL~YFjS@70_@ql@$hW)?#;p8Kw(ZvHwy}?GXXln~!@hx5105qJ07tTnHPgGyshWA`jH`F#B9PAB`$b3H;n}x6* zy-EX|0U7O%$NzJD@^)<2_SEUP59f-;&+lL8eZhJ5VtJR$e^+q6&C=`^39{|^X^c;` zxmm0_$J=M&-qGpsq`_h zp)(U{&9<_Z*xY;HfZz<;csMv2o_>9*OD6=)^kVfT_Lb&SP2;BS-q}oJi{q?7p>G;ila#dbVC=3lfElv-{XQ%%h z4b3jc(eTg#&d>W}y}z+s@IyE*)qRW&%r5P=Ymfzu)c)|F zQ=ed;MPTg1d9?%*s-L_YpMG;gJk3K$G=scR69Cr9O4le-S8$$}&REecAG-1o7T=8E zl=r(2=T!nY8XjUHd@#((t0Y{(d9Inu272w7o9`M~Iz9!ECOpir^)Fq*RXW#d^>UnD znN9yXKHeV=M~&8GrQgbFTJ--_SLAXmUj?Uh@=#_~y?ItyVnjqW4Fs{2c=6%_XSgH0EZV@DUBy?HF z>HK+xlT(kBNxLW!;}&M37I72C z50+Ur%c^ZKf!-CScs7A41a1mJ8iyg)XPJA6KtNM5k!fj8#DY6Hq0LU+OEJTel0xW{ zn?@vrEX}_zQX~-|V3C&fDrKQ=s50%TDn)k2@U8-2$P(4&wxR z!9~FG$+Xh3cELTJC-AO7?1~!b?eFS`eOZ+B1kj*qtAMF^(?4vhynD?K0= zs_C_AAz7kWe8Vn{cDs4AZ|ag*-?WgzT4kwy`s#(COUbKM*d3UrF}X2ME+tiETvjqy z3mjXSxTxxKxhy4J4RDJ(t?bGHX@Q>*S=|P@?C)gHxqIyfp-WPDnq~stVAhB#l~OLS zmFQW|%<5FaEF&!f(;3RZIixuo+$jVu0{kil74#s|_K-82IdLrKdCf+oxHT!H%%zUM z+RVB|<8ser+QP^r{+?I>SB;?7cDsj&lE?kh2=mr@rU(x|&fE~4C{%zSwS(*E$sliC zmcUpHsBflEl)8g9_a4YCIBV3D%R}@$p(u{1<5^ep%0%=oyPBuvy`I3#mSvh_0kI&8 z<;ZUOV%(ZYoSUZZ9M1$SHtO8(gTX9KVU&gQZ6Jx%4!sd6KDxanz*$!X1p28)NN;aJ zPx1xJV%d(aW2K`|`=U;!n|LdD=di|t*S)uy$BBj-=3mR>LthH~piGqArI#GnNqtSf1UVNyE zukx5?c>`<#g=b-Y+?`?bU=&@g$@mSJU=LCYnT23!6YO`QaM%rUjx<#tKDpDbZt;i& zD^4(!|}b64&H{ zZaP2hNuxBkCyTb>eUQXjrX^TX*Deiuv=iNmumF`y#OJ=0QP*9(6DeQQG93xRBME|C zd&S3J%LF%txqIma5C;L`v=EWLaca~Ivu6FOr<1mWro^tBrB#I1w7oYXTTix=H@gFX zCh;uv@ucUr$fpU6fMj&wxz67%G66L~GtJDSMz;_oTPi(wy}p-1OaT%*&-f)gCyaSB zXG(7#M3=zPR#uIJ&uPU9;Wi4r30 zY^$35v80FRyvLf$rBnd4hzRcjONS-3ck(+MMPbPL246?gG`r`rlvxZxlrWY^@%&$aC0+-X+U zdW&lbW$V+vhNu7_xrm!O!y9XrH5o>8m+S+d-nE=8OK>%BzS6YT(7xG}t|NqDI@bv5 zeNE-IPq5T+G&sf5`sL`2it1_W8I!i_rZ9<{m37I=rRH{ht@;IhcEh7vGCJ(iDBNGN z`ekx36TQ`xHU=GbnMved6Z~v4YlW}66-tOhySd4k!LRlomE{$)M*gz>6CS01`e9gk zreh`46>HLh0xc_`<%L6r#%UB{#Qx?hl?JyjqiQ?Nq&b zM@>Bf(BuFs(xxc3kiMd=$U*%Vgk`4_SQ;a_4bMxAlJOPyF=hzznqc&%On%9sSXz}U z8!Sr#k`X5NVd%xKqQqY-Lo#KH`qiJDz0vbHQP7lU_gw{e`z{_ZdDcJ(m@E8}JDB=}j z&;vp`)I3q(3!tV-%wOSsSveJ7@tVvtOjz#k=GRu$Y=3r>tKz=1I@t^raZNWa#mwG) z9W?Fvr}PEZ9J;KiU132J9H9EPI{Mc)F;Ks{T@~MCVb=;pCFmD50O&6J?z*;?I|Q=~ z`sQtYgPBB&piW~S_Q75TJU3Di07XIiSrkHqz%;l_7hGtBi}`jogCKk6itF51FQwA$ z3NekE4YP3No{b2j2J}aGrjJD>I}WC^Fmodq&k)!@!KB6T3kqUFGoM#1krsbO8<0=H z#Jz^#971vh^&+^OVY3to-G}oR;Cz+|%)kx7#6?VmV6J@^_Wy{&vCI8o>%wUp761Xi zI2BLgq`KogHms4HXtFKXNlgeB3<{{Kg)TC>pbY2%hNm|0J<1s_G{H;~8ALf5#pWKg z@~|jdiPUjvlsL-*XJxKhvdoyjLS5vRp3*9J4F~ZBx8(T;df+H#q@Yd3;Syd+6f(0* z?&HoGC6ubBu(0HE!Ud5!%#yZlrm9WpLRx2Mqr=#HRp%wS(Q*LIk|a(uCOX0=xj(3o z2_v^&sBsLE&nJt)zhN4a0|nB9s`j&(Jt6-rRE@3V!62K!l&wH_O;bOWDZrKRy1ee?)p#GdN8`yzO13I)kP4 zW(mAef9_7h#bKi?;mEUEg*uSWl4&9CVH ztfc8D)5OYc1f5lC{s9-rDz&euWTug6(?d5Ybh4%nrW zys0MVy33oPES^%;x`4u^5#mYGzsf5-^n-ZSi>FB(!6@Tl`iAckH_dwS1wuC zu9nl>b3rJ({we=e$z@MjfdQ<|6*a!VI99ya4I%QN0ho+Y*J^Zm)p10N6(;q5lC2C-+ajGjmQoaXD-Ne=AV%Kc~Pk%Cyb#SaEE4s=KR4di+qw z!py@*YkyfbvC=uIEG_R&u?TJP9^sfl_DdZh?v4}YsE;@t2)C3>H`qsLHFKVCKzbAl z&Sy(=h*AH*aA!q3pneAYs+iBu8mtu8HVQk#*)o#?^8H4I7GjOwrl;vguT~ zghEFj799tC{jPb*>wOvr_}>J48|{~B`*TXKy{q7f!W2;HDXnw59sO9D6yXTKp$=rh zK8ZpNFv=dQ>0%f^{Nk^rWS42aHCwYGAz+E0YBj5f>i;s?BJ{&-k zXQa4hvoidlStqv#4!-}ncM1wYKekSC!7gya7m}2KTQLX}sPEhAY@f=6TH$o&?TXie zD0!KKRaj|*Y)G5rMS^8?QY0!GdqJZ|C0zw1v*d}+ek@HGXx1VPywDRjNLn5>RAhN3 z1$(Vy_OM3wGKnN%*`k*i+70jg zM@1?VeethS*|xp?dDQj=ML?AB`t_k3WRkEjC93Aqz0AA_27pB4qb*H>*0UJe112=B z?U${M;~_bbG|Xb*x~uyAfXu}VOoGqcSsn|_%WgXqibYP5;KA=sGkFnI_k(4OOnLEu zsL@6fAUe50@d71T#c(fz)7d{mR}Gk^i8v(su}>9hKuY1R7#xyqmWw1A!wX%l1NX-7 z9c}r2OpYR$lhX2@Pc#|O122;mswFPMuvjSpL0oO_8(<9efCcXFJBWt`~-XS=}nGoub zDh%9LF=KudSvHZOXgb!0a)l8v5Pk~Ix#`$1` zGpVOB?-|pUM+@l;@kI{4ItwWLaF<{%5$$sbWs2CrTWQ%M7UH=bEMp#c5|Iu<)zx6q zbchDVD}^zxDuG3M_|z{QlZ;~FY>0Iqq)w>uXtlGH6-{G%!|*^4Y72~C{b<%a%DYlr zT2Dr@P$Hrzz-&gI&dFnV@nzJ;gi6veWq~uIg{}~IV@+s2z}laR?l?L!n2DDS*$^eC z(I$`Bgggih72v8PiKvlr0|*{c z7QVft=ZzaiL57G{l#64)-_%HCcYs^V*%7!!3BSkye{Hk&2sLEv4;^6RZXGpdgDs!7 z#8LM;vJ6O`x(FVVDGiHzfzu7%gkij(9obYDkk}7S1!^N2ozT*E$iC46cOoSm`53Uy z(PS*<8N9-Y4D{Msaur&J!QYu>lUR)ihS{bm68!`P?B z{oo3O;`TulPRCMlgIK?I4TqW{sDfv;K!g~(-QRT*^P{4A8EKf*Aq0caw=*fW^~e|5g$LH9=g4m zMlplhFUpI8S!srAeagaQ)vESnbyVgaH;LQus)uq`=7isoTQ7L(zZM&3XCD2HB?C|} z;znntqEtkON$goE9w5nh?~dfMgWi&bMrMhi)NU|bHYQNxD#N}K&=!fO?9}`rI^QmJ z4{@O#^TG*ER>Znf15?9}nw}QnB~@Ys8DSS?RmZvHnu-=(?lDE4zJ$E~g;qp&i(qPK z(}wwcqoVs89O+{5bd#mVnFnJocSBMecn)kCqg>&1`Zp%XN{Z)MRxs9$RAd zefV>F=WPCZZ)bgTFUwt!29~iu)Do=mvBc%yTp|;KY#c-BM*hS=_({_wj=kHHS8<<} z|4aDSc2izhS5ec!{MlMW%31CzSm(G?BDxdq8z`tz7Obon*^8o^KNmkP-VdrpQ2fyw z&K41sRR_c%g zHHAhlu62I85^Xk$>=xU~aSoeZt+c_m%_|&;?HPOyeoVk`pTB~5f5Ip&9R9>9j+Rk& z6|n}r{zv(Tn5yKr=&lYPQ5(ReV!=X==97=WT+#g&;>@9v9tJA<#$>Qrjf%GKUj6?l?pOmeRGhGdV4ryM%ec`3kh{f37bgb| zaU9jN)w@!-RmZ1P82B=e)xGt0cn4r7vyu+J_MrD#5|)3l_nGb@$z8S60U!MJ)2gNb zJ#Y%o-h+RwIhYEFK#XS7j$yU+JB1IhepcGse!w(B4(1_1Pzc*Nx(mFGoK{pjjBPd2 zXrWlyw5EMt)aFwADH7X#awYhGxPA(x^4Uc@;E~CqF~0h-YQ{8B3ErYXi??i^j3L-3 zLRHI1DGPONN>xFR8L7z}^Z8*5N)A+BQCNG?PO89?Bp@tu%n}7a80lcmT-uKl~3)O zM8Ruijtd$5*ioD*8Q&9{r7;z4r|N_f0gPbg<;DZ|L!#5Ae!txED0D_0g1V|gPFS_c z9klCLU*Cb6*D6U8dj6z~_K4c-F^5FakxOOFu`!ERc83**ESs&wKo&*@9k5>RFiC3I zZD7f0!7s+dk-OhNDegO__JEx&*gZujpHMZs(Vdn7YjBllW}vr29U`RKrDx`M`0{>{ z%hn3)8S8AbsuN+1jzy!Co zA3%cB52%{)UJrvP#Y9*1RLXDqEuJ`&!}ybw&FtbNw4p%qTWIh6DmbnQcNaMOPq$n! zC!0jGsMee+R#mUjOpu$+y^}d@moljEpIta1$RjMKR>%HF&W}I0JfvXKhWP&XDpmlM z+a@1Y!&0Y}QK4&h@6oAPRu7<_I0})}Kv5Q5T+q+4P9NRrC}~IVyTSL=Phg!NuYW06 z`Pg6}=c%P-!NL;7AE)VFX>(Qe=?jumJy20FkKBqcbRBGFZk=orr8O$G_qRc}SIZF< zqNee2f-Q=g;tAj!z5DrO(Gj{12i3*KFwsp1DGt*A7r!ZHBg7Mavpot1HXjX!N+h=; z4beF!I@;@;3nq+QosQ(aeOia56453{>STc=w?$M2V`43lG%Hh=vU$rHU(4<8LM>Za zWz;&khNQ~4<(MAXN;S3#DQ3zvZ>q4QNGDaanKqJSaJPYf;>5l~uq*DCT9o8;kLYHs zpNrBP_5A|TIEG0PwGPJC&hx}J2tjQ0YJpw-TOOl2#?D?WNk;msOP>Es^&2=>^Ji(L zx#+T^$o!Sc&KOyO-Fn?*VO6!G1i6v;+b>Q}4P3q=qjZz}N#Z$@9zB8NVAoF=+0!_t zpo%QvUJzyUL9$puA;#b+Pm1Zkv6{M#m8Kd2jX*EWUJaQg*t1&ZG4aYn@NrLr=seSt zOS7Q7l7>yUG; z+G`{WnJ|K>Z%k;4Ri5IDgt$^l_f-t`Of3N^ZPQf9QoPz8{GU=usLQ~#+A7XcSqTa1 z9;7@pJG(F{G=4{=#cIII%BsMtJnXc06-1T|hqb5Hrk0i!v|o0IzuKy~v)U>qmb!)<2Ov5gWJr-0-9Y{&=D-^Gq{vBE;OeK={*qy%*O`#@ ziqit&39k*S41JMwhW5=CE`GPJhaUb~K=&y4x0}hA{LY^8d;LWO6P+70bfqDONvk8c0BlX(ln%cOY9#Ew4kEl5T*%~~er~?si^)(s_(Zf6NA;lollaeQ zRluq&Jg~QYCi~}Y#`2`0SO^!xEE-4+1C4!~o@`ApC zSVt5_+U<9pwI%NV5%Wt^N;1?;)6yGghj5$7s_ikW`{InqL*^U##~0gm*G^&8Oh$da z|I%Ue1~MPE_K3N6fe^dyB4=%VeYS`x@g`yZ9b0c$V?D)oRIP5OJkOto5jQ-;)_!qn=K z{%(X6ge$E?|D_)s`?N?gInG;PGAE;ds=2 zWCGp{Obs4li4mp<_YGpt^6#ctHeq@wDLY156BKh@jT3T33*fxHsOI3zevGujNCW*z zzpM{Ny*JPC+ET#;Ra0R%Lw~k=U3=*)`LuJG!@*Qk)y-Ig5m3!k#xDM7TXi4FZj_>6 z+M9OMVV3oG^@9HmpW7AZo90vSuiEhfc)rc2;19O?%dqUf8CR1ZdShE^VkJLr1pJo1y{(ym@;0;r6eFQue{h)>sS+I`6>gAXo*LM5 z^g69opwk`&QtT5WZv6J&RR!ek8oW#B1%_=m6ZFO_TM0OcR<*q2Qkv@rE8|K5bUSrq z`mIrwk)y@ZXI(?(VZ}U463$|9(RcHCwP=+%b=g7HVa>{ zF8HcN08Yc+EtN;W`}@ejH^9K}r4_(g^-Y*Aw(Z6A55-y!PHrdUGuNm_P@ z?-)r#^Fw~`m|b-;oha;&9;YT< z4yQCC_xtHWGJ{an3h8Ts6wenTN-uo@j>zGmIfFMdtMP|WWdp%G|Ha>jDu;rMuR|LL zH3#th8SrGN`(~HG7w$C-Rli#o4m8|FD(&Yze}JR)r1}0{l4t9FxRJPQ5-rS5Ha=U% z|2W286Lex^i7#$|L)P8tKwVa@`DjjTky) zj$AE)T<1~ca6bg^X47~;s~Z5E26Z(RC;oM-gkS$bo&4wCa)(bB^P?;`NUz;Evm2W! zyIJ|I2O_xo*hNJt=T^V@kecPoR`ttXcqJa$dI4|N2S(!+qpsU_;a5^yq}NC-Xbb81 zGU4VQt(iDgZzJ?ojK`qTt|GdKh22fCH(C$8{;?XRx%3HtnE8xJ>liCqD$~*6H{ywo z?lAU0k%xUh#7^54f97gyWZrzQuiXtj)dPQy6+=6|TEKtbcj5m*`+r|=|qwb%96X? zG4<6RVpRLw{MNZ=i`=6DrEIAtb}q}^bdiWeSkj09bTHuH|ETc%9y~j&eb84mS3T$OEsHdC4JKhb*ov zA}FP6L-x`srr>nVI)uU&&rubS7LjN{`n1Hs+YBvoz4buji>@A>g|?jD8C{Uy>cg#J z*&TX}TvY3in8A@-`t`qbNlGq{l+V^K78Q7Tv7L;h{SA3aVE8O05^aFexvP6VzjAuV z(nys0P(EJ})_7vS--Cwqt^qn`t2G&=oK1%n<9b*e34C2I9_P83UEzp`Zk@8Z~>3^pfB4lf+~`(Jvb1mduP?C za4md=w4YEHPW&?IPw+NycaX~_gr=i`ZTMy8T%EkA9aEj-?t#hx?VXj)gDgl(01X== zNwjEsC2YxUeG73!fDVB$O8DK8Pj>O#6Qol};}U#vr{svD4qgs)q}wRWq7@P{&3Aey z0bV~_gs;`8*of{^hE;#VWfyR(G|o^li1H~38Dn6HrbKvjM;t_Y@z1kDN@7Wr=tkhb`rb%AfqGysR(7*b_-iQ^JYX->NvDkoee| zR$x3&`U}%gr)e~9PAKBc)OS%*HZ^v_+dv5NA3AN_g5J(obS_?If@eq>qli{-Do6ud zf&e;pmsMVO@oDqgYo=^<3bU1g<@B7ST?f0Ue9iI$kq*E6yqHHVeKk1$(KzOr15l}^ zUwn`O2wre0ix?+&DFiyQ@*j}Rtf4%TIbP-|@>w-Sh8*#(Q+yJ4%C=YnyO!nu%aFcs zOuLDM-R1Y5OFdM`*TJfTcb2}g0lZPHLJML*WpN~&!bw~%#iPbCjW>+@+G4K97AiY6 zX@2aPoJ5l7>i&6X9pg<-H34)47FJ05K`Agt#(`>Wuz2pN!~ZcP;@1CRNWO2wD(kfL z60k&zDqo{4L!p(2>c1bJCMY){Mk|4;WvMu!V%cLfO<|gq?`7#4irJ7Hdm>a35dP0_sCY@CN0=X{Z~_~$>V|JW>~zq2ewyn;^-jzN)8%Wa`08l61vUATiaX0!!V zb#m-z1seUXRll+8CH<=_yt0@+t&%~7tJ>PJ*Qum#ly&6NU)YDC4=}a?*|m&2m8qNnm(R6?qW6|1#Y{YQUWd`|QvqB;qbUj)_y3qNHDDdb zwM&TQk4CdKcc zoSi6Vn^T0X8=q6ZoQBUoG1^Bp*KBlF%^GXj zmG;}v)W;4^=0j=hO)n;-PBP3hOp&@#6aosvTkN7 zMqlhOphAo!JjT92Pkqbv9OrtjH7c!TWn=B}SlGU$s}uwLNHc+fHx-YyzeZ>SHuwI< zG~_^sT@{c;8Ew+|=u4R9wozvknPNVn-(r>@<9H(s0gEbUksu?m}uW>-8%a7PNmIG16 zc86@&s3YT52&S8z%Ru6{#-IgEU=}t`WbYIrdvT zJ=$*L>1amRO|TL-ybDK)Jp0$k(p32L(b?dm3!>l1WKQ!FM;LI_HU}a!U5h;q0o9SY zCAYv_>5ZUmz`wzW#6=bH`6R+E8%=S&x8j#Le_O)NJViG|Nv0>G5)3tzjMN9@d@ zyb-2BSk#T4+{zol_6iuE_cuD}1L`RX$FLa+?bQ0^=Fggk^W`dfNzZl|*0^Gjf_EN( zX5DFvU|yK42SG-j^BA@)nDY4%u#H+$9=v%nikzAfy@nnb5UOMnJ)K(G&s}+u!W)E$`o$&TF;w9#ag;x^2PUW9yo>uW@ zunkLSt1$Ks-bePpaaqGQiyUj8vuQN6n?34gWE9_9CwZ*0{=f+Iy?d4Gw(Qw@uCytf zEYfDW99NB}G*!9E*jmbd>+t!@$Fo#erBoNr@huUIX^7-Rz`X+~@1!wC=jL;DLTbZI z(g%ohlldl%(yR^#%c<4Z>A&*nCirXYtIe%OROhfsXx0=t;db$=FY z>KkQfir!6SYH~gxhk#M{7Vkr-!g_da#-Ic@CxxyL#<5X5qxd@6KmISmR9UD z*Ai9j#~FlF)70}!&=B2(G^TK=BeiKIYRZ9YvAMGAA8_2aZL&W*80A2VEepN16kY_? z^3_r4QnK5KT!5rKhYR$rN{;O&1(j|J-Ue?rL#ED@vTP`^P;s;!gE>#-xFSt1Rh|eiG2OK2NQEPUHf1W z^X{8ZpG;aIYg$b9YTK2BG(VPC$FmKM94}}i>c}^VTGje_r8^o%@m-1W{QGC8z#yAp zU~iP9c1&e^v@`|Ks0fH^kyQO{T3DRXTEGbW_E@mhFLln}vm&L(Fiuk~Ky{now6~;M z(8fy=4);q}7`nB`ZH}5uyMk@P3kpUtm$i&DyFKwxL_8)*9~qmeQq~r4K`#}&7@LCp zr1lf!5KW#U%a*~+NhVnPhv9^{obCuLFRn_QIo!VzS5`;-9NI=jzPf+%)CGKZuL;w`O(np@|Menx$)lV)*JlB1zPp$5` zr$r~ab--*@?M$y6qFk$8ClKkQ+eent0mQ3&2esQm(dmBu-QS~RQyivm_0^wawbdZy zytjAD=Mk_qS|<;f)vN*Z#2geIvCRA+A%}77#PC$s*jz=UJGBC<^&7|oFlK7mkIILj z!TKn%{gGPp!Odg0HvXk%AHAMZzhL}2r|8K=^0-`}e|P>4!9`p_DIdUY(5g&Fp+pq( zHMCXwSxjTqP@dPMq3H&I#w|oHdEoo(X9pCgo@$*ae~X=lplKpxxmp{ z@9&1OU%jn&It_qT!)`r8|7O6=!D{IjV>kt}v=?j=Q!Xa&!f^vriBE8xSNU`v4`3MA zPLD9K{nLNo`x;_@~$eG{RbL)D; zaJ!_xjB0`Sg{v^Cf>q>p(fR2&2bXV-7Q}P%sjdoZ7tGi_JZt{Tse0%bvAwzcJx~8y z|7m=HKU5jk&8X#j*Q5K{OLiVmw`$Psv-IP9vC#%pt64E!h7!9X^X=m-<6Tlx zZxcAoW{W!lvmyh_hns zORWyHyEQ^Z{KISPD3`S1c{>P7xdhMUxn}qMjlKt zOQF31aqSGr-*JL|8qOUlq^0VgE)>!segt}tYx{PP)Xle zbG^~6<#l~R1%vJG@V^4J!K7J%S?Y`nQtjkZ&K zV}ep-%L%7Pwj+c}&?;?*tYNCM8Z+444pm5mIw5pRDN7>>iY5D5B2Z^2@Dcj!sb3_tbgtW%yoH*2t(y*!P zk^1nv_Pji+PdsPfH(f}@R^($l2%_ji7+d7mhS;;$WL#qiqUCa$}QbV zC>tWWVJ15iS40}c9w~p&%9EM)T+o}8)pyxlT8z87l5-58N3Y=^@Wq@g-2MVzZ`u*& z15M!e?ki27B+0~m2bn*wo0|fi&ttsnX@1^a@&q*M@6DvEYRUB^&{eAKc-&fN&ZN|9 zA9d1U<|T7yXF&~cJQPqB9@FR{Q83>8qD;eVYiC9Q#RG3Y27|drZpIIKpWIa%&Xx=j zhkXg)%s*cYpAc?r5SA-lGlH zj()MK*=n5WEIP3d$J!!{(7>!VU^Ad;6T2PSFw1{G3zl5y>s^@rmQOp>p;CYQh=QGu ztHSS+HBTEdg?fUYFbaj!h3s3EHA22+ms}$jR55h8-fG$CBhUA{JOsVCdCQ_v0S=DC z_Dlrp4Q^2REShRg7Kpxb>`0&ZCRwm4F3RbLp^I#M8(^h*X-w&5Ru^GYJU@9>{NM;y znxLvPtXI?e4t3NatMvNt4!Mh8_Vjcg)_urg=BuS2V*d;1!O!9Sa@-g!I=gH6CtV}7 zC2W^sZeqH!_@brIO5kjR@w`e!qZ`;Sl0reLo%&f`!76<*ae5SHKuq1+w61lw=3)qL zL2uMXfooWHX^W1qTkWwWDZQc7UIRVyg;~lz2!IeDC{;_VP)XYmwQ1?BJh-`Tv^K>r zPmNMel*5I+dFzCA*nP~s%3V`RXr5pxI_D6z(p9x`P3TUu0;=T-0}mH!vz{I?GHTHG zBrO%vVdynK?anc=ZDoDsSSTg$Ce{)b%rf# z_n$n5-qOZCM1(-)j56{#mAEFC>tc*(zN-G*#m??`x^-Cd1zyuO`*&0Q_oesd`^&-K zkT~7#;g@DT$_$K_Mb1;x%!sxHE8x#~VSUeH&n$>PE>}*Pf;T8vEGs9S#5~qn+DiH5 z!6>)@H^djX)Gx#qAg-A$xC*7ShQ~rBU`X8lOVw-x=JX=AXCe_N<`I6ukZKTKKZ)KM z!KMOW8&gu+&&80JUifNd!Gd8UgtH}-il-pVs06E*68voKU3ez^(H(TM7wn0~CA6ln zC1cf!-{p8zv7tsx&}ZNbW=<#`FjEIm1Q7Fd!Ibvq0rDTs#^AvDrXd*Js5m=!pi_UL z<MAT>WVSsd4=h?0xkt%Gt>l6aER9_)y%f$~g$LXeU1NOp3P+ z{HA|j`3=X$59s)CN8KLKLNv^dWfc1Hni5UG8W*OP8~aczFPRg7?4w!`wF)yBL4<=- z<9~C@Zll`XQvpxerR#~DV7y?m6NK*+O%_}kE`R5Vk0~BdjqSTSQ3~mQ?`oF3E85f< z^muInc1P=uzIxLEl9}%^=v3c-BG-sfnfI7fTw$4@;R+{vFw2-Iyrgy1NDd3}Tk)F*3Ty-DMViKC<7WH604ib-1t z9bjjxmm%j!q3qc-KtcPPka8Zav}%H@%Xn2}^(`8~9B5PQ=%Nv95}BP^2v@5}4RJ>d zQEBfP%W}rh<}(m!xrr9VDY}Bvb$4bNr!u!U^(*XCDIg{<+zg1~jxRhD?Cd4tkhQ zY~q53WJPP7(_LxE#3{KaVILiegl^HqIc=h!b{8`qjy0lfGTLkoLu5JzCqPEjDq&G= zXmP!;^aGnDUCf`msP44g@%eH{nEDsnGC;{BqDHj-=E=k@uy_(=WZF6Nbl+B&~?cWUEpaKhynS&u2v0^spiStTM|<9vbSh^xp29eA?`ZT;sPlnm{Fzlj?Xata?e@=m@0O$a;xsr z2dr|)zU{UdIPm|7Aa`Bi554CthG{Xep)jkSaBHjYzrFSj9pWr@E2fZ-Z;duwaz@ zI=FGfvOmWiyHPE5VCg)14+84n3g8BQyz|XxIuzK-bS2vvjCRq6(`MW28XE(ZC zz`|L~kPo!W7|Y)TdL#f-68RAdJH(WwLd)7pR7)nSMk76G7Nd}hRgN9gl;tzKpA99h zkD*vZq?@JTO_8kg5oAm_1-*^X%N1&~Z+rpUH8+A^jXH8x8p}gCRdY}D$mAc;=^r+! zUYUOIiymAxBPD`E+qkktZ8Q(D`!i+oDwcMj4`~+-sCgn#*t>fH%DMManL<6H=#D!v zQlxm_)(g+IDJ7XCHd3-1S;b)->EyY-M~(8{?AGdV^TJC*u}^U2rBADa7))(7y$&PF zt>+0@=@LWjO4+34tGF`{Poke$L~-Gjrw>9MNx#-FVs?}3=XC-w?D5m@1av%EAKZQ3 z{QMjT z1wIk$S2vMJ25uPR7-7>P%Wq$;_tuj^B=h(V;MRWbzY(fyq;+FQ*+hQ~;(O<&9*7U2HfaO22bqBwT!PG^hKXH2u;h3`Fr-QrY=sT;gY zMChOwB1$yHqbG~2*{n!TOcdWy%;kkL@fQxSKS0UuHDH@|{I1xs*VoIXAu~OlULeXs zEcZ!MLyf;hSYHcK(=N{!YD3pz}XECYE1R^doGSlmPj{!wAfIO5hMm4x;`{E?mlG`3Yq z*`HoAqLnhMqqYjm8l{-$Re^mSCi!^-wcfU2kw%5)altKPn<>(qmKX=@J{3M)+k%p+ z`G92#xI$T=q6?zfBI+0x$+vb!OdSaW95QSj_+S?dQXXY*N_Nx!e?|@-u3j8m0`JD7 zXIoJI_AeSuR*gEzd-6YTa-{9b{9xEy+E>ARci`+lb34GjU+8A2SSc8%bh)0WM1CK| zkMMO7Ve4+k!}G(~K^ZUsv?G6|9FGz#zY{d{F+X7$QY%%e&z9|(s4flrxhM9~o|`;D z?u^Xp&oTTKW<|t$Yp{~oAL()ms(oJpkYJ~93Q4wp5~bLVJpWs5!VLBt4&eL0>dOi+ z;EphMY*|q+L}0kWaJ?#W_O@t3`vIw|4;vma2d1Lpde8-ui5^{fr1xipu+aA5$O+X( zf2N+ zM9_63zeQvXD;>w;PE8jIO@)Ex058rE$V2u-yIN?5V2Uv_7cyQ*H?Lum7Rf^<4?dxKekUjUn-CqQY4Rs*>NFhZ4^`{Sr)2rd>fM9t*EialEW zq-h5#6mH%eBWb*Fb*=AmKMX)0-WOtkc`H3c@SzUEGEoHhQy!q({z`b{%hrBl# z&z^vL-O38 zFZ5*$u7P5Rt}|LXIg5F3QoH9n6(nq|+bwA!h$yXk6wl{TD!(~3!!WjiC8JK>+7IXq zKMn2TZilNiE>0XV>maAbTU@d3yGF(THQZ`3YEWK)q_Cn@h9d~8%L4(Kq54gtTkb@c=4|gb66YE4?!s`#xQ5pDXeix-m5u+ z{d7x-*N%_x?Uw`762ALLc8qf*weSIW4d zIjbHLAaZ-g`1O_?_~?eXz|e9dH~{cdC2vpf@IkY8`9b{=(su$c|{7;7sd2+qM znEh>(hQn=H10~kw@_Y<1Q>>Je1mI2~1V1LDL@$+BFET#t`be_{6wf%lc_^3PvT;!u zqqPQgF|1Seg<2sVGV0XB)LPp8N`g1lU+D4v0lk4U(@ikbw-^2Zx5=I_ztQrbttEKT z#M8P>_563I^=^!^f1pq#bK1hUq^Dc)*ABuKzd`{Y-mpsDPxjE67zE$H?JFVP_S$rB z3IAcQi9d`TQ1WEfl4^Oqj>EG6jyN`p7*NQ#)+$T7KOgV|Pe1vRTM1;*(a5;8j@gMNu{1}Q5_XWj(F8?=+ zP$QK+8%}1b6J?6_GpQS3ccy#SNmMT~OU|SMHP#*CmVw;C(@Vg_9-Qh@NbJ#6k%t>k zCshnhaTHNd*J9ZEpKR(=X*ER3)7S~)++#q4bvw$l7AqJ0@&{O&{m0@_T1Chs6!HWb0@^P}Qu|w*PCPGj{B*k{z2@bol z)$!>>`dGhe0~~VD_wjYyvf3s0HduzHD4PNWVru=J78B)n48(H4hFOS8cwolRc<4lM z@K*ebngono^;3a#Ne~bw8ztK;!tDza@Jv0sLrMI8L|K(KS~`lRSec7%gyez+k9rPe zb3{@pjDQQSZ23K7zG#+WbU9;@kh`N}$USS%fZNm;AVGXbX*O!9h154xG>Al9PSV63 zy@Q5Ac@1fA;$xXJ(CHZ~#FX9TYR;=rE@)|TjWOYJ@p7;@yL=T3z4`K&KNXJ7#d^XD z+aEt*%?WL$4S460zTlf%Vx6r*NZ41m3epdm%(*{h&^c2!K2@8a#=#6+;BhNdWa1(` z!QH_BKr)ys=i_LTPFC(M^DLK9tFe+pgBGOia! zRu2nGB@*k)lkw%C9Z@dt=63O%qOVBa|LAs?$6-vcH|Bm)KsYlA;z?F&$NrWTP?q}N zv$3mnDW48Db!`R$$NuecyS|71?H~KOt(djF<6=l|+~@=nEN#Q~O@bJupVqxHUwNSs zZ~Cb+plVqF&x?{uz^Z}3IpAkls|E~z&TildO=5M@nrw(xJv1|vYnev~&RcsnaNT(5 zXuDb6U4r{vxwJG+Rzj;QuCQbEgQu*MpQMMs>`&q7jQ59Tqby z&H;~GPa2C{AvNm$m8$^8HkqfqmDV5Q@b1rKa_LVe0U_GUFvx19BXcR2@+^&qQz^E7 zSox~4+$@h!>mZj^))e1)@6{(CM7ZdY3RMDyk0Y#>O?Bw7rV#j^S8MFW@V9F!4$_v5@`hD~u{17LF z@I>6C80c=N-^N$t?Sx7!QswvAUOD^A{GTx8Dk&}9zJa~4b$>VaNGPE{YGjNyGzjsd zai(ej+74e%dU?J8m1clmgWawF;pknYU;Zx)fZeRL-V8TPgl_edw^e%GP9zS*N`s0g z4EN+1HS8vC&v#ERwpp9dd;0fUSxv>PuK?|D`XR2!~Ql&E2 zEgzibabX?4Ez&%)&OTY@LKgUS6IXnsBn6mA)YTw8Jk6Jwv0&wxTS@q9~l1J8!$ zOj!=B@A1VYV(bY!(^K$?Fns#_#Lu)1X5?=i5%>^vE*!pN3~u`Ga{RN{!Tou%e)>xP z_Ru;SsI0hj-L-ho=6%qA$2geef3HjaU;kA?*m2t?zgylT_F9fF!a$$=$v+be=;eNu z^pb}r#U!E-mDYNu=Pjg1m4EVI_?b_WS?@$b0ptJ_`^w|p{TYym+ZWu;?kD(dPO1uws~lmXjR2{!zh884?N#?achuG5as1=82e-EWBOKb+_cUk%YkMv&FP zy+J^qcHsx1fKNXQeAh02bw&f89Nd+oI>6T^y>vaPaYI;McG+BaBIxw3QNSWKg!(_? z?cU;?y>)F@83UEgi*v?PIDK!6y*KT6%h&kXJN$vjPsId68B}wEOCycXpP1zLLle>Z zS+x=C+@y#jG;2UDKcCS125>hN7rwCXv&k*+u=2in68;Iq#UINM-} z*V@V8#7Mnh-lTFQB%+GW_(SUaj%X+wza#QSNq z;56_zBy6&`oO6_^BKA~{+>mT5|2&5Sa$S&7(}me0(fs5NN`tA!s!~q&fs9UDY=^F>87H}X8Qm_|I?fk z=#394kd7?v|0f?Ys9f^&@vjh5TZh%b69ZRHAGf2bl)aqC9h+0rKfaKEs`2tr*vQ@Z zV7@9ZO>1bNuZ*z7I#B z1PzT9D&YQiV*=~6f2U^3Hkxj{bEQUMS-Pv=&z)y_*+k35=qug=og??jdw;otT-Ij< z(oH)xZVPheeLF60){-y&A!ct_$^_gU*Y~z-nAhze=l9`q0yDE)BzW@(n1VjC!~($m zmG$8aW;2HG(g;n^SR<#V*vSLBgotYblKkE}+p1RvP8=PkLzwNWy)m5+&y%Uo$U1)e zIOT1A!1qGH<70sfc_aV+b`MinzfEhVc>_q}y)&V6O*O0CDHu21Qk*0#C6?_at>=~n zr)+++&7jAc}V1F*o zu{l@u;^*L>Wr4s{Aclq4=N-9ew4n3)J>c(u#)G5$O7T#JU&0=rY%BmcnYMQ~_U+Vl z??}15I0$p%ce?-szS(DS`1QA+fuFi*qW2(-RJ*b1U@hz*e2`>Xnfd2S>jba`v2BFI z6+$XZLTU)x7Z8ei8u>ru=`c-s$%0x$cxs7eN;E1S5{e88Z@Wdj=uOpZ6Dqs2@_7Ki z$X{;G|7@~z4)CUS7XWs7oV-PN%S{19w=U}HE_y+Cz^Q?Co|Wc!=UF!D+wX}wQ9K(z zTT$K%^`y73PdKMCl+oV3^ND!XLi>~d#H*7#zu9D)fo$GCM}up=B0Zl@{57H&_At^( z+;-#p@7(%&4E&X<{uWjS%*9c+X=q%u^zD=#^?oUL#sx$jvr{gYG*c~e>De_YsvlE0 zU>k@el-zSiSWxE3w1Gv&ON_9h+k^ERMqYOym_?nDP01@HP9zWbcL@K(A$oWZrzyD# z+!l~$`8!9$dFJm$@0aP!@^1rXo`lqu-~YQA)a#z*(V?EBegDfKpRzec`Q_12cKcWR z2$Jw*LJAlTj1)6O@j)S{pD@D0CXx%vR@P$((F-?+W{5%@LRkCtp0~aIU&?XuRw*1~ z0jrkKbXEvD6`k`KIP9%dkNu2iM&TB1WWNZ4>HC-gdxk@oOLG?*woQVV{4cR{DtW^Y zMaU!?gfH;NCeF@xm~*kl^x0(C$DoS0{hzvs(1LF#`tx^E+z=R) zXa#<{%2(AE64a~9z@*67(j>{nph_giG^tI1DVPwcY%7ki12kwjx zp%w|X&J?0RB#Q=`s=TJj1$n|MQaGO~>q3<#wZla)ML0;j#*;x5WgJR6WNo_62U#Lw z;#)EfQ6>SI7a>HXND&V>fc6(_9Zn=+dUkjK)MfAuHH3&Wyp%r*?KV;p_U5omQRrSZ zdVNWkY`wTr9~ zlAcv+W?oWz`*nD|g$XtGsIa|3543S2^Dt$Ye|?tuQoP;>(C{V{l`a!CN-D6`@vd;* z5s;He`xh#F$31!tx4IU5I)tUGDdiVEvP`{zk*t3d?~mYyiKs}; z)^FKZUrgiZ?T076utFuuheHvm!S~%sJy`qqtCGbW-`*WUpEss_IWd~qaejFaB>a{v z)UkPXUa{6UnWp&zRb63z=lI8B|V2ho(PEE>`r#}PR}VsG7=hap0GRc$@^dl;0V;G zFY)Xe8cHNCAzLb$8bCSPbMyf>0$JkCTeweqlRI{?3jHDbaUvp!nN?CASnbq_YTtzV zs6PTYayzi{B4PHDTqgJQ7AV<@(_1Avtsa5UW4x;uKvxT4nKv4`PwultGwDaQ8gQqk z)H^ADN4F!&derhyw-%yb1Zg~3M(?E|X{-jRD``9i2Posbw_pY<-05y8${{w~XOBmllLQGyXq)#pDLsy}a>IUyp#_E#J`5T`+8Ol)#cEgwU*fqKs9C7DktybL;T8{quO2akR znDD*f;vEhMfP+6DvWTkxHC?E&1)|x=G8=ecfPRgy0T`&yTavwSFx8_F@04UE12U*O zwkjgH7J>o`M}&uxjQM;8tJ&`IqICbT%FL2*s5QLjA=s$~r_vjVVjEr_qxdHzOTq~M zy0^@-Eq3@lIHaB^Uq7Um)MVBS4X z_`JP@FZgrYZT`Ee)Qxkwf2mO?s=Q*xmdBgNj2$KLvBT@(JM=da)=Ham)Ka)_vhNy3 zEyz-0)`=iAOX-d1SIxccrNl0iLa}D~AQ!E@lbNGv{VC(axSh|O9k5CnU5SX~&Mu*| z>i2w0T;bjlq_1a@#2j9pNS2MTZl|Je!iS*E%_EfRv42^b3BCPI{ z_)bu^@j>ZV{zmB1v1R(O0fgLn(x}(3d=p@AZ^M81*_o<8`BW&C*BjJN5N{lw ztWoD+P*U5RUg%OVZns@(1rZ2JMHD|JuG4$>11B>|Fd{+YWWa53>TA6aQMg6^5p6CP z`IzV}GA71Hl0T?U{!Jd%x*2^8O4GYj*f~}bZz<*HoU3gnQ+ScQDRja?Q;GA|ZN%&t zZ?4kNx61a;%H~gP`;7>JL}Ujwi2=Ymi3uq^_1upAw7bnw50zRDM&*(!y@)!5J_)EL z4NdvAYSzsVD@ih|CO`L2JfURR;ySIZ#0;TAec1Vmf02hmwRD!SQKy+|XRHA0= z^XP$d7GSY8k@3c!x{E4MB3b^K4*)u57?qbRm%j&bi4c-Y#;yfRY)eNaH`?zE1|Ts< zQDyj-Twj5q`-i{p6%Nt8;SuAH|K#_+{Mc=YoMB*L{3HyEDEDClFI9r+B^LV{!r8Zu_o|F|bl z?P_dUPFapzxD}roJk7RFHm6_k_E*WGT$B93_=|uQ8i^)$fe46#gSO4kSkLOo2a6(4*_to$*}ehE_2^#`(MVp+sp9o9p194&PJ zU*=1T^z1dV&TR)VHmBi>j?MH}H|=V}C;t-c*H~R5+h$s7s&~l7hKb;2HARE1E>LB3 zW|=k@j2^gbh9Zd34W&Na-6o4%v|A01EsEfF3}xw`57$UL0zT8uIPsCrY;>RcT%^@v zZ4#CptR*bWP^t-+X>k&9@UT^w)$Qo6}$5@Gp4}iuOcG}7HucS>Hm1$Y@n_>6Il(fd=Ww9>M`P1Lv^CY_; z_13?>-|z47Pj{LH-FJU_BBkR`uSx5`sq4>ovxnoLG=>=#+l$O9Mhj%u#Pnm{`(%5m zIZCdWBL3-(Fh=X1-B~qy7WjC~05)B#+hGwMOS6fe+UoT8Yw=$fN+!zi-fILKjaeZf z8S@*&%*@|A3Tm8B<;(=NHxgMKqRsryzSC8^Hfz;GOeUT-ryq6$U7iBGwL9CbFarp_ zqKCo0!#Lf*yMhM(AKW&=EiZEsBN#5I$@hX^2}Dfl)u+Ey4XX6>5ApHqxkk+0>so`) z=R?WyUG&?|;gVzTf)`4tHZOtsX5I%nuR~>W!@k`&SpCSCsRMezPFP;}Jf@G!b;7f0k2Z0ykH>cnSNskcGsx7)ROT#t%*!lHjlKUe z>afjj59F9{Ge&D`kr_-A+vaf|9~~yJwD4yyJB2+?WzSjE!-ZR6CaH7XZTRlmotDBj z{8jw@^1Jj~;_AoC1X=E!(mba|aEx{A=jhK>ee`?3#-7i|P4c%r-W-cdSScwlx+HUn z6wpqLRLn1`SYf?V#*QHpVy|3_b0=AF=96S_WD{gDOVq}|Is%!a1^7eKp(K5j6hp3O zzcI&k&oE}37&m*>M57)s~Auy{cJ z!UXX2ijtk@kK(GgL;g>XJiUViJ{aFN{+RJ@EB@E{hupg}+}Qj3)N-;|0cU)U$u4;> zzh0{zdMGHQ&fb33Jj3`6;kD%Bck!d-84j*dpiIjpM1tI1d1m=t^N6^y3W<)-F6JjJ zUk1B;J0IUw+!_^?N+jwtpD+QqLP#dISGZA$yNCz;V%?)BoJD< zG53HaA_eEAG&hmrf$oi$3Jm<1rJ#!yIi;N~bSh3ZhH=?xqf{ZAk`t7vt|$@?5ihpm zlp|Pl!4Pu~{yb8UEj%Z1FCHX!ul(83hs{tuRi}_`1}GqQU1Q3`ZXK0uz=2x)--TPZ za_0$0N%9PXNWNj>4aHqUdBK%>!t$Xaghg_kl;`=Ab%l(Gk}F6mNy_MEZ2?LySi+qva|)^RRfU03u;wj`!d-Frfpzlo zqJ16zFia3fPe1nqjP>C*hcLHmfUDQn?(eO0WPhF_)fE0csEmp-L(v=co?ySC;I=#W zv<>n20`v94#u%jr4@Kc9s9LX*<`k<9*RV6h{YE2|QIPc43ZYj8_K+oy6ltT;629S- zAxKB4}4JArW9N%+{Q_e1pZ~ zw+BA331w7A%t=J^{^vlaWkuhD1p{MkvC>N4R-B{=Os9LP#jOakWh?&4O`9Z@4#ssc z+^P^r)0d!l%_~=8MD!qVRGBH#CcWbK`C&-^hm79agoP^AA25l4J?FM~in?KI_toRo6gURFY|~yedC|Z}oEx$^#PCF4&}wNf{tT<1zoBXPT-eRidS$N?az{S!h(*_b$oWQm{1twJ5@-vp{EK zneaq^biUckIx0CHfNI@ZFjio77wMx8Y0T+iZZi#RuCTfl`l#7 z$C%}9E}x8(>N4!3uD701|I~%r97Mj@zVPgDcLTz1EUc`r7*CCvhIJa!HP!;;vzakD z>X1 zM;lMoOftfTBF3qk4U2%3VxJ~XodJ7De)b5S>;?;}K&2kC<>qSP< z0J{ya-6KK~yFUi*cTg;oj1{*Ml@K;}a$pH3u|~PTnt(zp#VQq%;1e7;N54x9tB}ue zB9T5<76c%=2hv_05fcI9$tSMPx}5D%5!|xS)OK?0rV$0ZsCJt0hRhQMwMl*`5;B=v zp;B8_G-^8R&DB(#?s5jcQcsJ1dYaHci4W){(Eem<-2w z(S$btWeE?rtkuV3Pe`-iOD(EXuR;W=Da8i)ulTW@!(P3mc!sRSJxuGNN#H6-=Hwf+_h9SK%UWY>`)S%0m45`r{a;*^f}o zge)nph~eeKC3me}Y7F0Jf{qfZDgT{|OeAH=2=gtX`(=f+m=JE7xFp7}JS);fAv1etwh<5}W=uR|O5hL$$y_1-=AfVz>kf$gZTz56?pu~e0HvQBCg_6l()#Qj zK+tR=ftRY4qvn=WMWTIO$SDaFD2&jXeXI5dzG4$U8|d@s$xCMcm{KCjNbN`eW*?5#@M~M#$;q zYhepil<2Fj@2_BLQ!DVsYbC#lQ>}F4--}b};{>CI1ET?8c+5lFAiGi4`9$33oiagz zulEP=&G(DLFRJ%c*!elrDEf%)w!y3%N%;vjC<12o@v{)Hq>v9QNhw@J85~5(1vn{D z3RGnpOrH8ujA3Ef$6C|#EC=o!>ocU4{c;0_1vvBw=)@$%K9j~7q=4%N$ZW@SirYPK z9AZ3N(F}R{o!+%#IMfP_O|GFLp%RB?Pmj+be&|UT#x(?T|1!+qTGWsXyWjpyseH{# zB|2_duM#$H(Rx%Ra`;!r_uY99cg=`J(zfd@+TT!Di>7oza2gaU$%FYRb7&X%ACb5~;u4CvCO9i*eao#6j?S^

&sOWeK_zo&>m>C{XtwcmP zk8YHL;cj%-=1h)=VJ38l#nVK2hPps!73Fm{?`d7hva1F-s88y`C)iv%YOC5#G`#pUhn>OM&r&}zEqc&aq3x|J;@&rd_czn^)BGPBL z8cg2_S!4J7cc^17LGl%S z_Gp{wdfM3lz5@We0{2Zv0x4}>D9=ystLccz_=&?oG2HUiY-j!c@gjW;0|xxF8;KxF zzgJykm(#94HOv!F;YOC#NJRa`N*S3$E3DK#Mxmhv8&j+&3Jhe346o`&ex&C1y*!^m z7QLl;IGKEyH7oMA&8ZitE<_f7G-FhPTgyX}?Ul|8;~-JK&{%jVR``N281|;zX?lRh zz%7}amS1*^Y0&iLt|>P*DX9*!%?OHX$^s9S7WxTzzmE3KWg z!-0AOLA|EBFh$2yhv;bnOa@!WnlkAw$czZizMtaiOrE zrJ|x}$NWl7GEN_b=e%Cyjkyyi#S~IxP@(qi^G*27Lp-Lqc^Jh-tn7U|)r1-Ry~V%{ zWtNmu*xRz&U##qlZ`pn9!!7!$N?yYtg@}R0V|hfd7Y+-}+`AHNeW4i39Lcyx%r~2+ zpNC{Ybud-Ne9r(&cZ2bUNCm|`AA_hmh{iy+xSzU%mTggUKA~VHiJ!fi&`v!3&p(J2 zpYIy4mv#Bax+|GYw^!oLlek~hX; ziWA_8O6#ZZM~nfE`YA=Wz#Z1=H78z7`oV2O#$JXD_PsUxRyLcL-miYF%7<5+4~p{+ zTuiB_StPbw!KG*ttjinUuWSdF(;;AN5wmwTeox1>;`^@-LZ>%gTvfC+^*!w{#!lE< z9i9$SGqe?%n=s|{(PPj(n|4Zj++FG!pa1?iG?j#%^k#~NOSh>te6lQcXg=xSUiHjY zyHZ$@znD8%iG0O}S(>v^Jja$cfBb`6bW;6e)?wS5R*Y2DG`ylNn|Q<>>6oR%yxNdzbjuz@Bk^r*s#k8XD;n1TTEk7;a$I`9s^4h0XxMtQ zxf+N%%l0HOmQIq&C@Rx-v=VlXac^fdNJXT|fm7S>@N- zATHa3EINlW=&5wR+ZCI^-c|W#7e_(Xa48HOYk>&PExMds+dw7o9M_hG)LNZuIrx|B zkg&@9L7W3yp$Oa>l+4kltU~laDG#00FpyAdbPy*2y^shp>poUj`xoP5xgG!WQhfHZ z-IQ+5V&-&k^r$L+htXG?VQ+9=pS>{L*vsI$l4ZTUb*;T6TOg?1 z?wkIr-WBo~%o+s0BDj=@Z?8z@tXWMKECq=nBPPB3TE+|T-;S0g$xlO2;d$=GaXBQr z>NY+sO-?coc`tIz@J}j9@85D}>L^T!XXUlNqXWt$_!k`I>` zb*s17qpYQms{J3Ti|>$8mmrb>vG}eKV9)*~5Td7fonK{vhA~G-LLQV*5+ajCa{_?l z*JFIECA_`TkC@7(ppr4Pqr`K6x$P5VtFLKSf`});&OJ8x13nFdsp~C!+LXsX2waTt)Wo`e-K-flP3*Je<(|gvqrLe|yDGlXS6C zd|rsdc$@+bQ~Phbj7hlf;j#{GA~qx@A()G#YMBZves0)wx)V;d$a3b(_gF;f)aQl#LBk zHnWB03#rwg$6l}=ObXe6g8vwzlCS>mTNv#wolmNH{wJI2Q8o9v_1wzkq>8r_AH@s1 zTcA|9X`<0TJEvZjFCZS;U6C=mNp}WVV};XC^0mr&l~!WTQ{FVwy8-7B6)blwDF6Aq z^Zr>3R3=nN!H$Cu{kTO$K{T8+;}_CfVq>*=*nm#TPX#qH5N!}Q7d+J~0_=E#V-O|> zzss)$nNg9G&+KA~vuuBPFd0ulQG~@{4Fjn$Fvl(Qi#Gi@sXZp^RHUtA;}%>m zyLmh7zu)=<{V(Pp?t7R&%VX<0!T3b}f?8NP0o`tpHA-yOV*%sYG@5}Kf&$k5ND}@m(K}fq$*nsv<08TAuR7^ZW`_52O-9X5q^))v;(y88W_!U+bQ;yA&!Po zR(5`1)x+RNRV{pAU#Gq3s8<7eeyV`8s}i55f}YPpJ|$mQcFv?%1M~cAPMIA8%sAiC zOOAw@IGlI@iIU`MD*`2N6cPrtxg&f1jv%SnXUd@+`jUv#hd@H5 z_3>zZ@ZQ#uN>KK4z zX@-nEd(G5OA!1n7f7~Yt9p!pWK#-n#nGsnjNfun%PxzVj%Txez*&zKoY9tk&Hh}>w zlOf>^OvqK-HHa$8Yd|4;hRs~~RsuEp4a%(Pw$~EsiEpSYm@K%ls(hwYIM7}C816`8 zX2IDgX>q<#T%m?X(0F>0Qnh=m{_tU5SYcCnZec^H+oO)yD{dAZAIe%$=8=?^cNA2) zxS#SuAA(lwekb^k@X3<0P6xr5>|tiNh};V{ALqxd(m@5CSC|O42$>f#_6SX(j?1WU z$czSM;9L`~r%S~9bLq@vaw`4;(}#Bj!}>g_DgF`H#Ay0w3zR0vWnv3l6s(uARCheG zM7!H|lRNn12ra4S_H?bLbF{pcWYjSznH4^`-=?Ahlvmwl)11XQ@GLBp_)00rW#h`x zX(6w>XuSTWHSEc}$v=Nh*cp=i@cS0%WjDl@^W8%fcv{!c0pam8tU<={%No;l%)Vv0dkeDe84pS6alLe9Rs8XTbL|x(%Z$X3u6l_qk z&jCll+0$-z5nLY5Yi(amSxLxi&yp_8G9^~Awxe*f5uuwuLnydMNSb2VWDh-J8003$ zp%V~x%%Pc!<{*y92Xhh9ftUzT<$ob#m8TtPp-elAkQNq^`_=DMhgr*hA!}wwfD7n8RU=jJxQ-9FDL8Y4(=9TND2Wq=Qc@L;*-rXubpv0apsQI!3N&)jAgUf;!IgFP%%4`SR&Y1yb0)kLVl%V1n7hZ8 z$wJ^RnqqeTGDpz6Wu3>XjB%!eh*6OW6lk@OU)+-*+{k%uF{Al}cYH;SrlS^xv?LSI zh)Qffr)khgF;W@gAsnQ+SeKpe@`P(po5legT%(PyHh#;?#hFK;$C^nCElR#x)ln}j z_%KVr+glpIOUU^;%K{b->YpG3XP*$0$jhwLzIR>zlvMW^-r5%a))~Tku0M**|81^9 z3fZ!sbsynL3I2`ca9*3FkM27HDLvoOe6>C>!$J)EB?E=0EO!FWUbfa(kV{gz+_nZgYbu=Ut;|HC7HtHPEg3-4VCPn;1@!+~ zHg)m6LQHYvAD>#nLhR7Y3Sf3Hg>2>`U`I+qb5nsm+AWkG&#`SNXlpPE>}4d)3?%IG zd0UQ$%@91ob5U@=Co4(sjsi^mj9ZsQek=j|>aug)Q5Qba*LKmjyTH7;-wfBK)oGPu z^fOE!mZJCP@Zcnn_U+Q7$gqgQ^7O(PI-Ui2-B>7=2fA3ir8#_$*s5KI)|z9Em6`>Y ziqTQ7FXwrtFf$K)KX4oe8TOG)kSYwSya{h1FmAjema-x`PCknlh0bQtIWWQsi>^+= z)`P5E1FlZ#`q4i3JK#0G1Dp!|(Om#qA2}YmeqK{*s)-0g!j2p-M{DbIMqN}MX!=SP z84CW$nh1OKN0_h-qId8%AdfuhAe|H)y%JE&sX*&<{31F zy^Yei&^yKNE~tRAP_BLJdA=nrAbo2TIX%VSZGG#jGydpJDYqUf*piCM=u55NC3!G6 zc0bLaTXm&RUv7CZK(Y*>5o3LtdG%?c*nAz8!=mZMnabJx_F~XiAs82*Rc@X0=8kWj zW)SHdW`{2gE|0+W)D9b*rKWyByP=D4U=^3;T|2-vHK3uP&7AGevb^p5G!q_^1)<^D z4Arz6oOPnUfanb*v_@Mfm<)_X=m``of<&GMVG;2m?Q$S;v5$gl5 zvUwj{FsZ1r$}hvYtZXv>)+4jdtFl%vI;|`+|Btl#k4*X>X?ePQs({A&<-StkS(T?1 znN>cSnF=7Y{v)IQN2Xm=&g4^@o$jg?o>of#_bY1C{{(RVk2Lv@q&A<0e^Nzad9nM& zrm(_z(~Y&vt2Wef=k%UcPMz`1gTOXbAMmy>v$~DM=3edh*3h_w%BGOY@Ng%s^q~6G z6ac6z{muQU;_a|nPrdjwy52=AIE$fo@?;y1E!_GWq0T`|gzctEhrjJG?V(!7oC#VX zm9E!aPVoU;qctZyi=m^)jAYp-bA|S-@D!%blq=o3Z<{&|Fizka4J`of6&mNe&w~8& z$<$7Fa6sc~r+3i+qt?jmo!&3Pr&j&Adje=l<)XKS;EYP@|M=8W096*8R%V$#*F^xTOuEelOfBl9PIonc079+M ztn$mm{~jH#mK>Xc8VOD1X{E6#8le4R>h=}o(ux1EA!i~4`d1+W`z!odBo5Jy=22_ zg7n@&L&Dh zs&np>V;by+d|^U0*Lxvp+r2%nDxv>!=^+1}$S{i2J|XkVk9i_VDd?%jE}p|8CHiWH z2vhfp+A*gi%^q`0pO;`ia?31;9=@ObLUUI+Q#%0)uDIwcMt3Npa-H%F_f1kn+&Llf zc${Tp!>8aH5AfbRt3GCfAw@qy$BgbKh`oph#`dohn!9v3J(Od2V828)2{Rgh0f+3) zY2aNali!3kmt~q91+C^5RXx|zCL~gz*>W@W6y1+U{&i+uK)mu~-ZEkXbx`^ALC_FA zZ5u}&`{Z`b>+T}NQiLocxVe#fbWpHm=X+EKDmYB95AGm0`FOQB9^8W@i$|uSp~o}w zzIsLD3{QF?C15%<>%Oeyr&H59tuUZNqnCJeAlhh zY5)JO>N)oB^h-gJ$1CXtc zGPvYgcDC28uOHJsfkf9uXJs)4XrGqw1^ZNA)aRmevdA9rYbRB)4ru=|>>>^EM_0*w zG_b+S5nf<_ux-EM<{7v~U&~l`Kwnd;ecE~_+7N(NhWD=1EK<g12hx^jl@niL>m)2jF=L$#Z_;}ocmvW zr~0TJ+Ys=Rc`Qe=-;m)?B_tk<`ikT&F+^e45~S|In_ zB)?UFU(kC)pT{AR$-UMXjJ~!ax_`%_n;rh%Eq(-Zs5lj!T z?jddz?s%|by z1NL7_wYRA3cYSzCvceGiVB`C(wq|zbLqiY?`-+ulcY~=3a(~177w2t@hqq>xr20n5 zLgj-F*ZC>q?g4y%3nHKQ^uq`E)y>`Was2LqZD6i{Y7OKE@)kgHRDV4JxB!H+sQ>iK z8$b}=0>OiCACOOXH?P<6|8j2sohR;{!3?x_PZdk}<>!O<{n5kc`}hBoDfYK*<^Qt& z=Gfo3{s2V&aqe^N`D4;IH;3;^SA0pZ;=7B=up0Nr9ihd6Er1GDcd-dyy!@L|e+M;p z-B(Qt`0VzL_nt6_V3#aF-|@pkWh`ciHbi$#m32a7HG{W6zlW~o(}Ijp3F>7I3_`S} z1`N^)iBAt+6z2`A>l$(a_2N;V(#@oh$O6Tgavf-T06DT3yA`z0Zw@1H&Jl<$GwsUX zW{C2FK>HTVBSha?(^E!+{fr$oI}9(S_hx z!lv{&c}YOIO^wI#sdD?j1nz0mU>*`5VWRp#P2+zJ;RzHq^aAU8C?R|yx`wUJ^Q3hu z+nzGppO(&ckAEn+$OeCzDBca=TW}!iActFyXl1R7dP}9bI~<65yHaSN1;hp)nGcz` z80?H}Ay&gjSHpy6L+oz@b+7}~Q9ss_ZpTK}VJ44{cB=ue6OPw%1ysX$Rd>s+g02%L z{4Zrx4WpBdu%Bbtng&!yDqAZrUjfqKD5#AB^xJ}6{P%`JE-fR$0GE(OEs%>;$t}Ua zXrmeeQBf6rQWaakpI55+Nhg=bRd9$pcI+mQfytqEb$wri^z&w(hzc4EX_m<5R*z1n zKxQ1mbWIZhNKNc1uGW(rM#ve|=k@u^HdzGywj6NkUlwbRO%s1w)wEn&Y_8QzS|>?u z%gC{$!2@B}n354$i;h?Nz_XxPKH-PDNT}x{MnZzM$$5^Z$ir182ytBT2>_}RLDS8? zu6CG+IiYzwboY7m+o6qPI_4uw=erEUt?mciPdzcRTL}ByyvEz|0wUi5vNljTt>yK2%0nI1Ba7OwoF^4qW=FVMwL^LM zQYo!7HOf)NuB1v#$`y;#J9Oq;DXkNI&xV#65wsk{Jk}hEYX8ie6NG>dF%9h_wO*I2 zH#@fHSty|*(qAZcb6JwI-GB2wg}7-nj_!}?3f9iS%GBg!!GS4%qGc8l#iGk7cCW^g zlQ;@`&?v9C;{+oGq%=p)YH|hJ|1o24t!=H|wHtyU!UNc*T?Uy8z_|wSZz|VzLA$$p zUf3(`wd&B9O)5RISf!7|sARQ%#U%jv`dqLfPzDx9zH1i-=w6X4QpI(CoU-9MFU+W5YCrL`yLe=8}%wk?>pp z8ZN{0i9DrFWF{FJ>ApgjG-j2nFL}4;$;h*^XYO~L;NA41-A3vBsZ^0`uLc6C{g@x? z0smTmn~^{|Ep`z;R3jtRt=BazTuhakp5k(w0WrVMdCT95`$UDQGc^JA@3a z%H`ft72zCP3u)C^W?)!%dC5B~q$J8|YCz_4^Rt-0=65(MoA=lH{obVl5JGwp(xAF} zbdIifY5o#U5?bV4R76y!G&ymSfx=|2#HG?DcIU!E`n%hetD$Wbr8c05TtfRI zvQ0m#O97RQYjIMcrSr1nx&ha_p$s|ZbT`B<`=dto)Y=t(ItA!CZw%28}e zp7m!db-LXg+J;s0OmX=f+*t*aGY*qiKUQ$){>VMTH$g%q|`S9lFYFf4I0TF;;&UnRvMR+hbw6<<_Xctsv%N7#D4Sgi6N-~SQ3rda zwWD9Naq&D>SmUkL1xkMIkQW2t7@bO^_MI;SoDJ5j`df{T!7?pezkon&kuh`#+o9DB zB{sa3>i5&#AwP<2VVj=C5#_@IwX3q<~ zg_gcJa$qLNWr_60E4K4KAx|srAf58_=u28PqnvHOer}jM|J4Q5B#-aANZ^j92b&~l0OPC*hB-3Cu1=OLN-vDWu4J8krzVS{gu$FZNg<% z02~>t-{s%?ZQL8Vnn zE(LGYi@xgnW7Rad#@1bw*f7$89zC{Tz~yqI;ro3`v-GAu_C$)jQ7omh^1ndP+QL4` zLdtx)_Fq)hirBU3QBG+3*`~}D@@9rAEp^<9gIOwAnyBDy*jgz1E<}wbz)pLFqYG5g zu9LY;gGQnuqXe_WE-d6)LPY8EJ|k||ZNbvv(qM+T zj%lMt>CM2s-m5D*%NjCG`qb7+j@Rfn>7=)GwtcA>8`^tpZEEk|)wkPE&pNMy-RTWG?UM8au;og7SS^85-l>I*1B;nlHe z1RTYluGXp{ZF7VcKq_A4M%vIai`+eW{#LSu*EOlh1cg zq_RFM^WQc&gctD=B!Y(fMdERU3+JG zj;>bkqrN8Tx)w#%j_F^LYkDn;svXlUiWVZFW%;PD$u)gGib@^R?~bA+_^3aGjaKcL zekT+y%SU~U7mx)U)9*$_OY%{F2vk(co zM^Ota+LvTU^HJ2oidJPutJ-`kF{rJP7u}4hBoP(z{ooS`}+Iq9rME{e2se% zjz`|>n8+K(ue@I(rr!V7FO`dibkuS=V51G`DAi80kQxJsX<>+4KWpSgwxE!Pd4j96 zVC3d!J!V}!BK`ddPS6dN!{?F!Stp7l$LDF(JfzY27iqUNuD+ewGpoQ#VG3(O zk>R5!ET)q27FNewi0?24XKh&(2>bl{eL^^vj9Uw>83S#pQ;%{YDoe96USSK>7dk!a z_PTER1r&k8Il)1bq=l!pEuyhu)*gbWKs=41{MV|U`=KJp$aIYxXghDwk!g#tG#GMn zwev_90mq9+na`cVeV|B#WU|N3iAS?JX7LbA)PN+A6rm4AMkEebg&uToD2f`#S?8*$ zn|LBQ#u5cMR`in!5+cEhj0g;g1A;;-0(MO}3DID>pl8IIM8_f(HIBH-U1Mo1B#r}u z?DrOFD}C+r29e9n8l1YO8k%+ti5kCHwM5}82bF1#9_kd5(8%LM=tur z1^{dmUR3mT)RDx-YfoZ6A}%t`_&p*l;N>SaFwTuJN*qU9#06^|Ct5Z`bpu(AbbXc^ z5TGT0IBJQAIb(FfgWAoP}qfYW4E+K{>9f51^X3xlGO?j0X=_byg4zTN=-sxIO) z?wrT2W{Kn{HdyK^m5*P3%FF`y2=li!2QE%0XP8UcB0GfIbGn8>oK6OWD_JUWeP{y; zOK2d_&6va}jdipwU6!Jts$|G4aGWHODN+9pH@&XDbp;yS$7l#&uO75E!0Cy!V&672 z)4(8Ew(XWR|2gBAA2=ms`S`NBR0$kqEBEN~u{2*fuw9&azZ~e|_q7QgbP_&OCLais zr*WP>jfvm$6uAfBl=KosO|F_==cgH$^bffrv{+_VcuAL*@uN9INjSLxQK~s~cI5_G zjFFbZEI39D1FR+ocn^JbaC~%ldindo`_p#_LM`OjEOtUTIM9Lh6ik8>CM1dp2}zi@ zeTkZTPzi8M$d=I60H+n=tA(uva5$CYo{YrYEPOt2?;s(M)p977a(R4#0yW8@I`@dk zlI^K}#UASa^z%hu2Y;R&p7igMZ0;8IKb2(=ssYZQnhxZs0#&V?F)*884dXy&3wRVE zEksWjh0(TvF0gWHHceOV5+Y0it}8M{L(V3;`p*o45FMgT_46jQ4C!!4xH>M}H?|zr z7EFT6`AIx(QQx%fHwA89=EFMxcSWYnV7nsI1_??Ga5EFGTRD8taP8W!9CSS&z5q8` zx?9xOEen&aUpXNeZN*|ohDmrs+Wd);ur+Yy{Wjl$1u(rmmxHj;o|^|=JK$>iZL| zIFCuM3cTjPnG0q+rL3z{TDYs)_zTl%yE(TQzv)dJ^SN#nvz^Za4)akuA+cPIKT1m- z%3*x{p?Us3ds!{Zmnxj?UpxBe4KmBoL@x&1!AZk_s)C;|seyF`PxC$J12^>lCsY6+EeT^a^E+53^O4()BS6Mw=X8fkWtvq$w@*%DY6`l*+V@P_|e9t|?bY;zr zkIOF;UP6t_jU8>i=T=hSd$sVj;+BuCG^g7B=S0&bIwsI|sM>hd(*#)GlDo2;y#P3@6xt!y#u=I0tZutlcHdm#@Y5`oc zQp?SkZF%LEoA0?h7D;Xi+)@f9FM%wZl{an<-115sHy51mSeUrQ$}O!p@e)?9SxMpM zz%8$=a8=T#lKb463Qd)G)h_z9(0)C>5>d^`@}A1_6eXKBbyiv`W$&q=PWgtN3uklS z)=>)QF3WT$;1(`o;{i9frpP$udkR$d1187dhy?lDb-{(w$-2-( zh)i@6j|Zh2Vn#Z*6XxE8(a~GqcCdpm;y4c3#0S`pnVAjL42P5psXf4TmjE@D6i4)r z1-v2Z)^Zj~ms;!pO&L!oADGmqif25}SEA6Z(Z8WNx`y_4$x9HE#|q6550(uqX#nzs z^@b*)3&V!`78?F?ojNxHKvPsW&F3J4vNLA(j}WaY#54Y(lg{zbPXzir4^09!a?% z@^!3h*{v)OYrRco{vnhBHYU+TZ5DtDEg&#NBAW&cf=sBl@0)%ZK;Od3oO*=GL%!DDRsdAZ&042{NGpi&(696XY({ z{53y4wXIX3Z+8P?9T<8pBaR%C36yFa z4XZjBIR%9me#-ChHLwcFI35wG*xuJYoY~hBY26w!jZmOk-4kT9PwREnZqFy` z__X_V7FOdMJ$YD%EU4>q`GvgUr|Vxkdf&exRl1 zB=T7j9^>er4ra}lX1pVg4a>0~AcrM$a0urscR5YW^({3;3j;P8&{*sA;j+G2B8P8g zA|;t5a=MsES*}#P?R5J6e!ybEBGLgV7IF|q5t>Z9oam}=|LP#r?F!NrM%QT+6P}s*;pWrR%XbWCxW49ji>??J6=s51 zyHYD!*H@`BC1swEMYh|$PN$3Bn_?v39of}94)|aio9sfO*Xg2tBuK#G5ZU4-`6jw= zeS^?{*pk5C38z}^bkPVJ8{TM0d#9q-*->$}#Dhezaf0MCWF8rv6^1^UnSpFvV~_7gAyDfb+eYRNrB? zzk~WXye3>yK|;5VhP~Kk*5TufGsyxLo#3SJp9xr)Cf+(WOx}dQhOmknGDOs~w%K`fWi|BXo)h&zzi>q({`8D1# zN1eV`_2Juj^r+c{<|$&V=wG29Ut=2S%bNpAA;uVYG|nLO+nlm{oet#f9qSOYTeP2_ zb5Vdhi~~N^8ue?6AxXz==hjo@-q!1XOJ6H#H;FLSEUL_j2`wvvj{;6Y^%0JIZ+LGu0}`dZWRWLq`l9%?w5Ip>`o3x;u5LVp(d zH{S3^o-_(K0Ar}Q@{M{_7`es@CuOrV1fVD)MvRAAeV8$1#eedj>=MVJG)X*v9^m-- zbE9oT*c!RjO!UcN5TF{5@ilS6w6Ovgtl>Z5Ym9y-Q*PAu*0MpIZ}umR=mFLL)tY zo$7!%udX;soM7p4SmP3O&)))#I z5^Tp^C;EP>lzu*2x*Y<~N%g!)#P!VH>KC9EoX~HuBR)?I4g{1v$Ry z=^JV)2#4smSi+r9QBagBs)>W_k8ToSsU+pD6|cIIu}JJru%aUao%J5+3K4iNzba8o;cv z2*zYm5M4oF$XpJyQ&OLgY9D^O5|<9KmcvMu+xD9OHQYe3A=qSEG3yFrpBP;IFROhN%(|>RPh-#XOSiO$&%G+kn`SXTiVluLXCsN z6LnstUvy@Lf;Wz{cYGM%e7X`=jO&1m zX}SiZ<;NGly%{)BH22=wIgr8SoGi9*vzZYsI|Xa4kq+M|N-e(g%+-bA zN*g*!e*UQ0y`aA1{1u_3UpVCIiE2NH)PE-CE0}9l`Yr>~2CP%|lwjV_ASQ>|K!1bpi(!@fq{<{aR z2AX_lPChL$?;jisEn7_JXe<$lA#DYO5E-%3n@z-uR86i)Eca0VW3Siy4V`fs2Qhd;6#FPycc9{+A1ND%b?Ly6BDKz3^4P*Xewp*IbnBnmtcrIlDD3jtlBa=O7}Y z1NfK1;u}*{C+zPyEi>rS;a78))cV_ktB?9Sf5o__*w0tl>vZ-7;zXp85~Z^8E83R8 zkRYTMrGQ9bO>hCaNTC*RHEIt|HQDUE|K&}u*V}my|2>BP9=z%Gb}lZ}zZK#gnk^AT z!g(n|d0~ZVTd*Z&-`IHIAw=jGPTzqb|@4F&zd!M+CBY0PbznzG!< zo~!)6P*Nk#Y^|Qg>xw3DuQe0Q;%-QX!W(%V4{%C!@Q zhOdWy0Sp~89Da`@90yr}a6C@!jBziVlG)S#z?IFn@3bZ4SzW(ctN>+}ykS1k zSWl4h@3b{ctM~V}6+^Hg5fQ^78rb$nXLdv57(IWUyBj=zZd@O+pY%t4p&kG9O&vT8 zObIFD_vYK}dO2dXDAn|qKdB4vY;}1f!N_Ss-uR$awa>y9ntx-ZB*vwZigcSde|_=S zZyJo^45VlCKUb)EYmha~gI}68Ouym-9OQn0eXIQ#K>4BVkjT}9(^C z&Z;^HbCZXckS&KA)nKNib;R@iHafv^nu|MyT7E?`+PmvQFS2k8EHSfl%5a>Idgev*eTGjNu#q4I9SVbz#$Xu<0lt-v5 zkTrPFgvLYGqimNZeU!$LlF9oO%sgZhOk>T4Dw?E%{K$knI@6kcmqFX3r-KrD3PGn7 z$ZYzGt8W=?x?8UQY0w2xVcQRY>TC;pD8Bs5tKQ3RdoOygUNoaSzk`>#4jK}!-@&U~ z2kl8Wb00c7Q^W&iRcjJm4KaJC%QB}slpd!6Y``sZB#QWU{?k1;YP|XDB%VX3$F4P z02w5E9fZ_e_Rz+E{)4DCQ=yH3O(rbXC7`oH&>N_S{`_;dvf(g|BK0rbuKS{E0o+qV zZ0Mn0uVSc|r9*wYilJT=hq4NqXF67%6TzZ13-CC!a`)TQi_8FF4Zzv@7*BmTTeST; z_h~L+xVF(1d~Z!@a@CfT0Ak^shvm7pPh1eGPBKjeQ#^?ZB)FFeN9v!*A5{O4@yKo% ziyn@WG45TZ1Hxk>iBKoomtFOQypkv{^=> zig`(ur20|Gz*f;|^@dvBEh;;~Dymqgd1Li(==-U?6F|y^R1l%X^uK=n;=5j_i+(!! zduc!F_xZiNe*OB}UZ-=(eD$ObS)7@prG(7W#yZLM`+Z41%cAyBbI(1LX&Eldrl%&I z71VAsj#r7^AEk>fox-{3US>XRGD>D@vE!ADrKsY zeUET$ZHDTg2K!s2H|iC1oEB}2qlk@0TDhnfX**N?g4P-A2B1yO5^3q<)>k24&`A3`uZDhwT$KG3^LH+;ZR*Dr!|oSf=Gju zR7f^)pLiGezWptyntw;*aK>xiB*@E;ZjB2cGX{l17C=Q4tey6)V4i1TAq&KAz~X=; z68@2S-|y<+;%>siu9Ay)pV`s6I1alwmb7bs+13W7DnmjloFh!aiO|LizvQK>YHRx2 z(SP|vXzK=CIULlPTxpy^Kf2H#IM)`74$|LRXeklfHaaXb#yBfW!oqzsoihNfzoUPQ zC7pSp?l%g8!VAyXZo(1XI%i64X>r-$eOp0*6&uzUZZL`BDZ0VBfPpdl>#rHu=EM#X zsX9z8Z#d9u869*0`U6dlij1)!JD$^kA!x-!tj#lxB4_AuMIv-cN;95M-!KskRgT0j z^X6H7Xrdd)`RGm*FHT7dE}+ZFL*X|P%u$|Iq&`|OBD(Ipre@f5Ka=Yd;JoAzoK!tXI5EF z8Gf7)i9;;0#3q~=>)mqdNto%vk9>p}Dx=HUj~LLm(#+R*$-mqOVPQp{|5c}r{$gs(t@NEut~yVu)UjkG7ilZ1zC7)?B^bO zX?_u=4EUbwdV*yzKAsPp*KR5Bee1*53PR)v#e<@-()Y1q-{m1{2~&RMa%ZO4%XMqd z*gSpO#~k24@4x$bzkBfh^z`uHvU_y0|HENfL;p-a8lEx<3^XownmgkwXX3$90);;L zzkBiB*M(MoHq+WMyr{z2alo1249oEzDnzB~FFVBntFc-+PGAdX%}#Ss)>6jTaxBdi z>-u6jnh&pe)72A;SWJ3ZG4MTf+jRpB7?VPBoY-6p=uKlhz34SOQA64=&_ktzU9&4pV2EWr=GV^oFQ;g76;h763EE|eEF3yX zl#XaD(0~0G3f}`RE|RbRvv{rLq1Hl4ylJj1X`pgm*O)SvKFRnB73;vKz*)5RK6f z2ZuXo|JMtB(Vx(ms(ouN#QWi=R6ua$gbD#V12)VuiAf_RX}Kz4G?t){fCv#l0Z(HH z`e$)h9Vcjz*Jx6a6n{E(|(CGDL7r^gM1`wFjJe49Trq)39(A9A&qf_LL#KeFV)Lfx6#_dZ1SUe z(dK3yXi`{>wn%IlW5X~0lE+s2C0>vJwqpS z#I+{}I2L7k?yW`rvY-9N6nI(PM0LJpsoJ#8e@$h`lO!HSIAd&F!8kAcSOR{${jRVtQf;@x|38b$Eoe>O}GosGSXmm519G~C$RxIE-v|M=nT`tsiwztYdYp8pt+&R&l; z{*r90J#jhH!R7 zN^}O!qe1)GIuC9l8j7Cl6+YcVFW?8=WUuM0V8b~RY0jW!K(^WP_s|AxpWn?dztiw< z8yS^--9x`-)j0Hj)v;s!9hF!CPTf85FENFH1Sy)6BQ~-pgYgrI*hrM`@T1dr@6kt~ zp9{EWBO1PW`QpWI=pBuz7?ThMYO|?+(*&{DW+5~;MAh|Cx#Ay~51Or?8!^9n3a%@{S?Nox;jYlsq*e zZt2wdm?q^blb`56e>VGH9Wuc2^xV(R4}U*7`r&;4^634k0wDWii}6tp!+puvk3H9y zcUsOl(7(*W^Gy%ESBvG-9~fZ)og#&^P~H2dmM@tN**C5%6>QF=xRwm%J_aw--Yi#X zwiR{ooSXY=uuBEZT&^Kin*Cr037zMi4Tl~^p|%K%bL<3Sha^kN4#^s}H-D0UWc?MG zMgb7@kNu%Kud|tgP&`Q@B8@q*k_}j5bM9FgY~>X9@zsl0Uw2>prTg-0^z!Sy7k}CN z=Jn32SKt0-_MxtVaggn3wF7@^NT@j?J$rv~`TLS6_1hlWdj8y&-+KOh+a?LnHZw@y zAemiubvnSECnTW>R&#+*K)!{Lh3u#@q-*YLa3Tj--AIb(zfPo|8?wT$(h&T<)Lav8 zX~sqjbDvn}%@FdxXwls434g4?6tY!7{y&pG5HcZXQ*v(nE{UjLD@4!WT}d)JBf|Sb zL+%LQ|1f}LcwlEX*XVK+`;3BS5HYRmxF%&8^Kd-1nerfO9>HSTy}{F6BdY&m1rdE0 zzGUdtx4jp=7e+Rp;7^RZ6pMp&lK5ABn?+GF^mXrB^ie~kWgCSSNxY1enj8&nGCtb< z`rF+ckRWM4Ghc7_vI)JOnUKy9DGEuNL^{y7M7Rv2nA{K{^%pzn;_~CdBZes8>W#UQtWt{Dl2vx+VVu9TtmYWbgn8K8;=3g-^^z3 zp)5?>Ld?6M`=Krs0kybjMCDXpI{KonB(2bwz8&Q9 zt|yJO^RJmi)jnarC)5yOU!G&1kI3j#&C8=NY6zuBzwt5FO9X%WphP>W4&$OqVR7f%ZA=+c!9s>;McL@KzLFM{M*iO2zmn zmV{s9=tPTEqPjuu)j5$my6yX^B;{`)rR;omPeJ+*(YlV^Gt2j}}I#cWG7_R0{Lp}mu^j0tEK00)WIG;Ja+5C~aq6u|92T-2 zn+#yyGSN7s*EH1fK70TS4w7kriar|}SYZZ_X5iW$jQU=lQriS*YsZk)nN9y|-}Yzu zbrJK5W_HlU#W755|KQjyvqpX)m2u1_Bn~2NNa?$L!#gq(I}`OEfkm{FWp8#`8aup~ zj9d}3Iy5{?`RQ-+LpieE$y51`&2F*-8BS=NTS%9N#$a-Cd3;f@J!P9j?~IG%Y)84C zY;tLn!$i#*Vwm&m4BwmScqBrHUhbRc`Ls6>-zSI>0@RL!46bggSsaZxOB014D9{J# zv0)o|97iX#oe(7tQ!x>J)cu=jX_OEr*}L3_9$mR6-q)qCXGiw){a(OkbUpY z%0(5wb}6l@dMM`kEkIzHkD5e-9n+35^S;mV@_|vg%S6e=L$koDDBb6I_8Q}fzMd4@mqaDn1F=3-(4xd!iG+p1irdml z$XkHRgdh{DR%y@D$2|QP+A^GQdk0MjcG;F-P_R&>G5m-H+MK!MZt4rx|3bzgY8G)N zh!`>+kVA-avNxt7r0vOj{Fm$DtpC3kN^3`qrs|+m6qHL#rG48=Gd#x(MJyhH*2b9h zaf~qMc&g4xlaUy0z4UWmt9fkq(2-Uj-~b{^5Ju`4i^@ttPtr)zBqI4~Y0}YYQoH}n zSw#NU{ci|GfnuJ2>t`W>4_ zQ$>`!>JZZj&h{gD3QmCN`Sa8Fmxm@xYnCwAnrmj9GhD1A7)|`iXf*C1SVmB6%+44m z31zsNyCk-Pg{LJfYCs^YEUkLGY>N`My|Ho?U*EjgG*yiB%#2RK2TIMEE0Aq+8F>VSJ6QF{erZ6P@$Jv*V+K{WmWGx2*l`=EG>rw8$h+Kou@gFiR6?Nok0**`sccX)C6`@5s#!#5jWnctz#)JCWC44tr$ z4yWksgTi}+=|pErnYyg$36{YaCD-UHGcnXn(B^+O)Sw%C|Jg_ilyR=R(UB1wdmEaD zHvar`Q;lY=D%yIXGa+xDA08a1t&W2m%Tb6CBea5wbH6 zRp=Id`ZwC>Ak?$wb8w(WZ_vLSR{o{l-@D7fxO1zA#)5`q z>*K#RY`6c~*g^jS?C5`GPT%_PD;kIY+W2i-o6)vm#E?XGplo_x5crPwv(9;=)fz(L zNwPEZCHSP#Kj2=J{c6MZ%xq>q6C@fQ)A-8&C^cS0YMvYDZ|JL1!cq$Z3+mP*z_O}s z=NWnn3PH^ZSQMfQPm7^8>e+__x1w5kh=df@gQH|iZ4{gPGyrsWMHG#DF`6UAjMQMB zgS8>6#7PJyWSxaN!>xRa_SGC4KnEz%$ujL$G;iUD{bgm3wL@SxEN zF~Nb2?c7|1`V$)KtMt)Kj}sanY4=kbT0EgKoum__oxBuobaiJhC#X%r)T1GC)-&}- z)_2a%REd3K=FdJ8MC!%rLulUb|37>0-rcy3B#O`9`V?5X@5Ihnv}C&<(N1!Ij_ss9 z@oO!2XJ)fGZJ2~4#uULJK)aPr-_QO#C_D)8AyKmI?#^0gH`6A;LZMJ76bkj&|KZ1X zr)LL;?~V?x5Rn_WDQIJS#9JNoM%4wB6$hLwi0Xjn^Zt+-e z+4ZseaO-2Y;ri&V$+1`_A^;x z*x!8aqyEMnblI21b*@nq=&AlWr};Fopt-zAUk&su*eB&g-q}#0vRcRIGE%+=eup z+0mUKTqZB?)jbt26&W^KJfxe{K7lkQdD;+}z@UXpLG3;=C9mPBUU_{t4zz_3$D=;l z_Fj2ic{F)DST$JB^IA6Q0-%9h2YWX3GTH+|&@bl~YcG4f-6pa)$)adWG%k2f8Li&( z$svK}rkt7T4@L`YNiPKu&B0nk<0wLx$AgXz)Y3OCpYzuB(%rhYy=_Ar#_j z(3P9$=xP&T^h*?8r#PL;9V5qUOrnX$#xhS72Zy08)%2Z0a80z?kZxG=v_WEj>Y)<~ zfrXZGWuM!Ga-VVOJmzcL@{ne6P&~vfk-AC!*^z&C6v8qJZbQ2i+9qajNH&?*GV2Uu zd+U)H(iyABMCG*x5sp(mug+8epZ;fICf6iIy`4?8-QDhP%DBJVZFAQq+PA901&bsVCg!}Szh zQ$Cg-ZNvC>H1RD!VrmUb(E`lvGEDe%2d;xQJoL+JXEjtUNWBmR58xzJgX(~(H!s{c zoDsPybI=*QRKYxe9zpBi)v&Xkktc8WW^APdj|6m1;-Y#9whV#Gr{yWm!qqyi0j4s@APq z7|bUzPD82-P+A%)bH5HKVWN92BK7)Lnrx0nK8h;s&mNjwqylX=3vZVg#oZhNKFvzkDVs>OP{{qA<>ow;4yS~LIbWQ=s+ihn~b%ZYoJsK>x5y4^7;uE{WqP!z^D zOfbXWYlFmj#%UVjh;2dQ-dh5p;oI=volZg-@8qb+ncn)&hS+2@l^;O(i;md_7kUUv zzuoR|s{XmN^7Q<{y&g@PFJtga7l&KXyy z<_9+*>kuUt?-1WgXTVZx?Uq$I1?R8zdHBj6&`YV6L1`zqZnQubyubjS@#s>!THv8m zdZ#i}U{#SWFAQybCnSU*Hw)YG@?ukw3G?;aD3n%%ijKXOTcSO$BxoIOXA!LGQ+9>c z!Ea>4tAd{UbS>3`I3ii^d&CGQBuiE@zYI-CdOy)yJm5;|b>?WEvN zZ25}CR;%1QQ%Ad4k!HDb=)P^S|8;%MeAaPn`5VU3peiuMYqh?|{>>duOEDZuAdfPf z;+PYn%I85C5?q5xV-akFS`G>|Uc&a!Yn_PHXd6&j+BWb*s(%8;4|yd*Qxt>@CkesQ zEjXWM0h-3LyhvG(>*s80?r2<|DYJ~?7VZBk7jV(tGkzr5(sIp&bH4wL5`SS*Nl-uS^T=q<@hEeoXwKg=yqN@F@ayxSjx>dWP zGO5;XbMsb0X_qbAc};mp03_DCSqkOGH7mmX%1C{6!)BF{wF|ah`6{xCrVvH6`%d0lA5;iHwT2u1ZhN-ke?@9=zK>JN@C{=tA0X`GI9j-9Tt97i751h9!D3Hb1w^{{u9c15Rn7pvo@T=eJ07a>JwEkAnZ0@(GctQ$aY7r*EPH-X($$%@8 zrdXKQBqhV}y~7OX}*-|GPo6nOlE6vEB}CnN%t##1E?SNx3(@0e>@soUi=H@XY1nd z{A_S^d8YrCEjt};5qRPCyjQ5xVZ@XGajTT5lIAPw4#+UGyS#$PcNImrSa!{L$TMY~ zg`mDMjRGMzuN+j={$4=nN-irbjUFuMeMz+M{b^{AjzgcsjI>(&G?}L1Xw1=HeVR=F6K!|5 zchUDL#eq*Jai|z1c)> zb%qkJi`GShwtCgx_|KM(SP;x0_2`gE3p;u5lLRdAu+fK5OwcF-3WNuVKLr4K4WSMg ziNWgYE!7HP-fDqfppx@g4q%aN!nTf&_76`7hn;P&`(3N`MslOMAG@B)t1%xgX(D_F zp+=)r$*)jmdJW^zCSr8R?{G?5CTXfe9*t9IWmT2Tjbqf_8=#{>8-2ewI2vrWem=T< zefH)O{k(T^v3GiTbT~j~7ijb{%Mj0q23svk>lh-*^tl=PiWvHqckwm)Hhc?nQkICyDtJfV6D4kbWz# z$ugNhF&5j8N}d9$l-eyveU%PeD$|7P$I?Q^rh&G-_ul(fK$xF~iA=Yw_TAixPt{14 zdB`FNx7$QMiFpd4N`cbf3E1n3g=A#@_Bb##b79Z0cPzCZs+8bkDu%9)u-3g}EA$0+ z6>qkr&*~QA*uSx5NjMqhe|6w>XM4N*etT!vOX5-MhD_nQN02;cfC&!s3PgG?-kyl9 zcoWo^7D8DX<*3x2vs*>pQpMK<*n2r_waonWqyycjUd&7UX3GDF`Zp`+V~+gq?(A-t z0Sr;RqvZ`o?rVrE#o-UM{RKs>U4XZ zZtt?&?RQ`GcelM)FSoyWwf&;I^WW_+aZx_vuV(#Q=KTBjF?0R*dM|q~yM^`tqT72~ z|Bv!pL%C(a*hzeKSQ zTQkri*uDytmv00lr)l2=+(U^J3!+tQx4vd?(`vnfH7sQ90&{yopbgNR8qZzX0UV!n zQD%X<^9+g^)XY1i)l5rVzgGah3j>^_Vf{hZ2 z^59g0r5>yKyu(v{vclN&JmYt&G%7n4#3l-dh!MV7pMFeu4jSQG@h~xtm?40K^Q?g@;U`yNX2mz6mRz-b^)w+$w2p7v) z%hv}gIXI*%+l%h-lzkd!8yyvt$_+IF+PnU zIiFofQrc{{){>NT#FUVrBOmE?pVXJ&URy)DE=e?1S4&eTV_;D)Q;MFRcW_y|CV3$c z>E&)BdCXSfH5(wu?1pU_)xML^pku}g&NOmxog@u!F(-!8wv;L=Z-CWik}RW%CM6{l z#tU=C(~OAet*G8Yh*WZl@um?SnVA5d*1OBvS}`rLtH96VPYwQB1ARHKl`4IucB^z;+bM;y$G7%`P= zacuXMgHWq)c3;{b7ny%7-KT~yr(a1%h>ei@{w88%68ba}Go7Nlamba@#EAG@tOGl2 zLx)nzC8B%M5{8e-L~3m^phD&lRW1#E)D{qWo8rIQn>d(+aoZk=gd<_z0)!WLYb=kZdz)Ot9Iq3W)2G%-Wn za8`u_O7;71s6AD=Oy#TkWhw{qpvzRD0BN)&n^^1AO(Y?k9?O>bdQz)LVFrK8ma-h4 zDpk0)rd-=jtUzrU>x7`bE98oT?ZL*&;$C}P7P@t_>kh0&D6DjVHfHlAM|pV5Ne*V* zKdNc|XfnhZ(ElD8qF3;P%8?F$;af#Xqw+6wqTd38N@v#HVqAVVIY0zX(5B7y^wg66LK?4zEI3!BEi#N{=;LqnV*n#s~fkW5*1 zq%9XJGCBuqKJTOF7Stpqdr?IFLHIjC-$NQ1CjJS_DKGZ|6-lA||Jqv1{-%#!Jb%9P z!p1Yk3FI)AMV=tFHP9x9#^Ah{2Duts>`LXMzyOVnsjXlu)*D-&BE7E|Yl%Zh!*bdXRYo=2E?z5Hoa# zBS_51UH|9g zJ=mfCIRTTpOx#_ngTyno?qNo&QQGJ^^Uz=&MkNguKFHr+&% zn5Ua4&FGCi=V2`OuA=~*gmE~*5gHs`ygj^lcXS|6`sN+CvaEOwrMSSXbhV zDig)G;8>=mPq8gx9H%nXi@Ix?sP3Q>uchuSHdWmm3$br|UFo&HqqEDhP0eQl32i{^ zbvIG3w~2b&F!jH8x|`_tP7gl)y|e8g>j7uwee_Y!qKXU)K8yFF=;)lGJ>X-f`nqhP z3;3DU3StndX%ayO$Q%?|cU?#42nRt*7?Vb6w0PpI7 zPt=8OU{9$=2>z>Um`PV^v73eZiCD#Bnx#xGWSM3P?B3!-#4)>(l@;L($J1~$A}Q!6 zxp@F1Fgt~}60RyLpz5j%SOOgY7{(({f7OLM5NWPYmK(jGdzxH!A8GW7~LuQ6aNmPepX8;o!i0&Y-Om!|0Fy^B)-dO>gy#)Pr+l-?4# z7804h2WmZnZ~>c#U^j(aU-oRFt;LuY$><+%PtXval+jm7p9MtyT|r?IYy{=%e{@=47L%7)ojaP|gz=~ogz2{i(Gj5m0VHMHh>kkIYTt(OkjiJC=gC_y2f8zY zQVgNgpzs8OjBuRm(s^mfyfVHTmP-cbeoSZA@&S^2S0A;naoRSwqWUZMTGW2Ee}YaGnJZ{)mNQqWx+q$nA5u42&#Vhn8I`SAOj^%3^d+vkq3fV6>AB0c7~xss zv9Z-LT+Pks72Y@M5^m|lR5~|vc0T&Tt(?NZF0X=4jhbIUMZ2ZDnYhWnmF28tNwtQR z(3IDI&m(4i3}uWOeknt`Na`GG)uW~`pcaLDt7#sUV6@ziExS9~?!D@@5aJQ*qaFEg zjY}VGzk2nmg$&?6+7SYlKstCF*{= zbjiB#B})EW_t-HVc2s8_+1b{b1;li3lvermxp+}DZaOcKd$nxFTnj9WLmuMjfJAsY zkVigrB%h%`JVfds2;_9Wt%aG8G=$)P`0gD3S^|tZl4>~msRUe00E3xU$2vVeIgeU)>T`J&%$D<@Z+lfh05n1sv)e~I zLT`8GNa^w}!TadBSbqiD_0bD)7AO!w$Toy3M$<>zj^NBS+A<@%ZyRuO0o-D&?0#Gi zbuKeE1=N6@n}TY{&`rTLWa-8fTZpMkP+RVk#%%rkQ*pHt^&w9^m7|l|yKv6w*w)K6fyt;cm zSPQkw5mOG5QXQr-46y=K(ftxyT)3iF^;QtbO}le}RrWWqmxb!hSt?EYvH=x(iozlB zr+!3UQ+iWn>o6;DU7EX8MM_dQ_^Jy8nj#G8c@>^=|Fyf&{g=H+AyS?&<BpLYSC|^}e^K_)MdhN-M!4zN~Dr{zvhgAa8L-HnMLer^&3eQM@ z)WhYW`bky*DW1%M*D`?m5Va~s2D5_93`nm5iC!OVKYwu&O81l`6MuFm?up`@1`O#m zR!HZuy7$3AXU&2~qq$7*`pc%5IAlFxiy(;+QJn+z4_-d9h}bstw6j(pEggKA8hE zOH?fc90A6xh^9Oe0vUW{TxkhIZ}7^P9E z7YYbmL-t%o-8aYV&wyLar&T6{d7Nt>)Ms#QEj&h!!#I0?rmO(J$moa7IFmW#e}xGi z96}>wE3oUDH0dPG;yng#Jp;mLqKr(_#&Az*d_gI9L0561-MR_%Bn@xFh>S=uA9mih z5#9s`XK^$YnEa5hzWF1l{H{rlaIbK#kvwERR_UDQ_F4C3lU{wCU`Wyw66OUdP0+Ev z<+a|ZYYp)}X+}Rre6gLMr&P!;k53aae<123aYE4!6?Gj{i6nQS$cmw2r_}ta#0+xS z%zT~mN3Jke&u0F zj%G0*$b1cZzAyf|q&Fl+Ct$}_Z;*P0IJ^sEB)8tyED+Z1u6A3XjPFGuRHS#eVt9qH zd?&tWqW|eM6P=iFb#JtVgP@~|0(UqCkxjVY5#U+pF63kQXGit41x^e(R)s5!ga#_C zONNZ8z%JK>D$rj@Z50aqZAk96^j#OArNYs+WFK2<53LLiOK9LkhFSl9P}HpOGmT$; zc$s)PlrcWw?$3qRh_HGjt7UKx9p#QESNi1@3gP0+la2_c8 zWB!-~StN!_b8`xDKTODNg$8krn@Suo4dnC^=pk<@a)PsX`az=)EUMIZ`N@+@6Qc z4Vg-0KpY_PC#Prvg|25}QVfW`A=5r;yA&qdq=SF&#CSs58Zp^!E?z1e%0f*&(b&x) zR1rNzuRJzJ;?^rZ*w%Pz0y}cr%$UX&1+v2kHgI5-2q}&?*;zhG@%h4O$Uk4)%I!3cq*U>Eae*{Um^Ql8EeF3E9|FK<|R$@ z;_ed~kF@Et6F|5+^Uz^+$oWF!7n^lNalp33hA;lp(Ie_ejKtYf8cL5D#yf7N+SFo90nmXeHf4Oe6CDY!L5Fdb8L#CL~~Ph?p|-j&U5^V?~O=>%KZkO2{NJi?TGXf*z%$ z4oP9SRwf8Bz2>D8em&Qs15p@|#jc}Pr)A{P<&ioDxKwr>L<&f{6?mm8VL3lqt}{%v z0Y#u5f>Q&y29#=}J}sE%ok-5+DsnDK^2M8TIdHPGLN{=2F{k~CjF6?oLqpBc5iAuc|8tSj!n^ zg)^Ug1%`oTW=MTF`^sshlO=m>G-J@iIp*U&+7kV+E%&`P;wVc`qp2ywEVd{?ZI!Wi zCxV3m@xk{q2y7Co=XN3vRZpU7IcQpGXa$E)p}43pckw{;kV=%Azja=mTT%YXgs)yF z(xXlNm3Jea+wkGW$##S5qu%z;E=XUEs7no@|L*4_F3?20ZAcIkw!gMk0Q%XJrhu*@ zP(H|W8lZ!ar5P+(^nDhLNTchII{h**z?{q}NpS6{5`!ww5*E)?o~3H(T=;wv#(O4o z1fp}Yi4{y@Um?q|nBw>N{hK&%ucNuLcn*wK5?q7FC7_?%U2S~S>DcYUby1M=NLfOU z!}x}wpT`6ete4B@njE=#YLPG&l+xLd?@;l5RuYc2HC=&~ zyiZ6PLY)xk2NXK#MKHH>@qLogYkVC|O+{JhY7eCs(G^VL6@&zorzIES2d9J1In6T` zFLolXus;VegX6GzXD^T-X8M#QQ|K!fj)T*Ix+*q{B(K?^O}M6!_)5jXi2)0KLSpj~ zqYx(#=INA!(bU$L%@K?{6)VmKt~#T?-3d%pz8a~%4^j6Bn>rQS4`Ip*fBhWt@oUQX zDdC&wRC=bYma1@`VjcMyj#7rW#lW1H$?IUGV{T-KH`G;9O0KRFB8G1+-=XlbAdiPG zbVY}7h^|aW+NK5UCPsOs*Ja)(l!g}VsM40?5mqidF*p@76HhJf&?tBhLpJeH)#0)O zgfz}-GlC^6gB#8E)Iq&(w!N;m?e)-_TxubcaWk-cYK0W1{+QUG#jNMCTi;WsEoJ@i zoX=!p950BOCn0z&8xF(w@~vh+3nuK7aX>lCH%T3yvfVB=Btgu&t$dW??9s9V94=El z6l>t{eL^8^gdOFe2=; zxxeppyWMVQXZz)gm)}(mu2{u6??#5h%IrRKJ{9xgekYDCiV&umOAM6?0!UFX&FcUoUG|t#^OZOxf)^)b;n%65svuP*A~cmlWsJHpx$i4sdIvgz z>f5;Zjp(M^w>?`tA&LMxx}?@8}_WVklnC$ zfrHsd7DJV;DurE8pUBFjUysGXG>WG3n!r>`yHX~XE2&g%SaeW5)z12u;22(HPkB8Y-mY#9ffRsN;%xz?CHD`;y~$+O@Cqrsm|C60x0@2Lyp8n9Ewu`Qy#Zw zVxb;1Ps&|FCbn`t>X&lkuN$FpFRNk(gep+dr=U|QAI+)m-bV`c&yEHtuYBc0wI*C2 z0{fNmYRwP8cgjG5HLCg$WUL~29xgXUvLZ=cS8&=p)NEjXLaN?vIs!U-7MMkl&II9M3=p)BgC ztFBda08T%mm#Wv|&`nYdUK~epb&G=gPVv{Vk$31@+&U`e_HgN`omNim;j%N!>C?Q< znAcn@IBYVvYW7YCCpn#TIKr>!*pyC?zHYM0fsipuF$8%>VaqU9W!9v-a~f3kcuwtt z4GZ@Q0g>eqslB9~I;ae?boFA#%OL%U;UnWT`G-O0vJu6Xfi%llKS_Q0PR{2f!Q+LCF(4I;8oM zn1)PkvDg%5HbuXz=&L#9OtcY4`-RNFd#18Z7t3dqiz9+a_DXC)0 z$Ry#@gD{=1F*_aW#8YD2#<|Q+igo^WUvtGeD8q0CDD!qf_A#B9Q{AjuM@9>DX^GfK zIAx+lf2u|l%8Nu5C?W}L7CBfpNwDeEZIWIuf43ifXTDHNq}^#(ebjDms!V*!KFUxq zg(`%yRI1p8!+2z%WwF9QmMvG_I2&-EDLaa@DB46ZEp-NNH0CsbWc>`VSZg_?W4%q! zB=rzlA0^vDB<%e>5F@~GfYSg`v$OyB)8VFgiT;Yt5)uzM_HWG8l*(Jx&5Ts+ParX- zn3z4O=uaT0lU|j18(ro_oMV4ZLr%_Ozn=FXBd$H&7t(AzXTk;kkbLyjk6}IHb8Haj zZ}*!RT5OO?T{zC&stbT3TL-8avi8t6uG&WXaMoN&E;%Imibm=k4o;HXJZ(9ELql6C%e&QJR-#0GE0Jd- zETqM@iJ7-*$V!54vwKG-LAS+W4f=P*=()7nI#YU; bJXnIvWu~ld}a!w3Y*Fe!u zyQUV3O41;gj0q^Xrde##nhPZgw0)uc)YLz#N*iv=@+Q-=Qg#$ zU&H)4+t>@hQBTys&Ph56%J=bA9_gwA>%S7a3&H*v?kNR^b8Pfom(cJ92Z*G>(~7XgMyLv$0~X*QSx#WzWr79VPRJU+{#?HwSy%v-+?t8s-|K zXxb=Db;fBY2$?UmAz=K9xi*;Cc9535@ktCgvCS|)#gNB9tblf96FHjphY!e;E`44l zsXl(J`5dCA+FR-)WtXxBb*ApHG<%%TSZFvixkR;@!z`+mSv&jkuAtD*h2C`_ho+#1 zIKOJDD%)%s-Nr@pYLLpyVxKxSx-C&;{lRsx`P#$j8|=RBQHWN+{dP`J$umEw`>Cdc8Hl;N5jV{S1=A$%F(+ z=uLvPDy|Mq`I4r?l9=jLuKIsvzRSEki);nv6LA`P>|r@bHXmCaCYKkk*Vi%nI@Bt= z1ioR67J1C7bq=CMMjhpR??{zGk46)lKM&ewWG$#LW*kH8kbWt#o=1Lt{(<`9Y>TIa zY)x<&n->)mvt~Uj%9m<`PorU_1W*RQ;S2e1>BcKXc9KMp^o7CkgK1-)mNj)VBd>~HiM zzAD`?O9wA?{mOAVB6(bfx*5aLg7q7{R#(cgy|dZa>0a_{m#Xb8e|C{YHA+z8w5i+P z+*ZZy4HtVVC=p9h{Gj>Vk(|$h_!We`$yTv9MKr(ST`7M|%hzXWr!TZ+b9o!Q`tm!=$4?6GZM)_R57VMouZpiCe%>wj0~-dL;Up=(U@#_7FEdmB<-UKe!nis z@XnCogOUc{w(~J|v<~}m1N|LsTX2SAw|G9WoS6|@dxdGjU%S0OH1 zY~&$h8OeQX&t-s+NuPx7#xx@3X|Qm7r*WJ;4d^?Wntnyopbq*Gsi>NCc|6z}42~;K z`RYVI7#we19uE+S{dAh>Gd+)3ec^o`v6{O30#F{2R&Z)=Cbcc#IOAi1p9;m2b%?cN zQ9GtFX>X$T9gcZhOjJ82BxpN3ocN-zn$GNp{%E|e^uKi8d39|k7HfxvqnHG;j+31V zq)^gGkKTv_ODN`{(cr;if}+n4PaK$qVdMzTC0n6Hb7ht$Rw_RxUf*L}&eg0_6}}Oc zKdDqFKM|R+Ug38`rqc5f)ScQP7KWjLdG)wi{Vjs#rOBSM5=3)wGf;K@7@JTFZp z@<4>e(RZOPIe;9<>>-#c=lRtOI;>xCngzk~p7)U#OLt6jW!SS>q42?i>#J%g1>V(7 zjNVnb>gv&02>pfE-7*8HS&g$$X}TO$Pv#%F?c1!%a0p(n#(Yy)e)7ZF{n^}J-=npZ zD*G%$QN7CI_EpM&d{d_ksG|5uN;&muw2&sCARA5Kza*@OQV80Ep}mv}Va z&K2IvZs#*_UuG{aVLx{-SNMM(dwDf73$CnBx0hEVu<(lew0n7JAwKY4Ua^24U@!lS zy?z7{7ORaWwzmp5ifVvncy1N59QYili@Eju<>~iX{BH2@2J0)ge6!I0lm{BO70E&lJz?Uyh9(%XIhqPM%Vv%9nNmu~On_KV(MPj|7xT$||zS||TD4IDqA_OX@broAB`cUJpr zp`Z6IPLEE1Y=O-B-gwK39ks2Hxtu2CTL%^6C1|&Xv8h3QoBQKTX(l5eCX{g$g*POc zs$4KZO(qzf;U=1b6&`#Y;;A{fk(ev1BbpF@jN_0^JUM_LAiPaE38n-y8naDwM-byF zjYn`I8-YJJT;>Se*j=b1t=q=8N*o&jUi(xfL~DC!k0BfZVm!Pho94y_M~vo9#yaP} z-lXLntpsMxzTSu1xkcV0KIfPGVq?ehb|8pp{sZ9TdiXlm!H}Rm3z;BAH3ROGz9E4qgvJ zpQAQBZPyJ=_uN+X6Wi$72KocVVH^nR?TRrYgwqjQX}1F4%syK`66v9EyTGLUyU^YcIb6|M(GgB7~E~b2U5ddw2wN*KNP3~Tak&4>T>?7rfbEs79Eq#H+Je`70oI;MCX&Q+Y^83wx6aou2nFX0)B;!nnD(Q>we7V$2 zk=iC|wHdRQ0!LUAdU|$n`0nVuFrU(=Vwnl8AsyqGXUxMonVEQ|{?LT95jsD+xGbP_ ze`JK7AeXV|U8h_9*v>PSH(i<%VLi9#nIdBUnL*wXIkTq4)$HWd$Sk!-98K^PaePA% zMniIkCSja$>u_v;i;m7!%^s7LUK(A*?`N6LW=xQr1-WmduWahF+tOaph{AV`Y4(-F zc7wxs&IOng2~`fGuB|^N{*5YGbcsj0^`|~PfBC<;_MdlS5+x*M zLUmuVkJKX);a2(U_yRCwDj{o9HO^z1HCT z;Gdo2&?hk?og*mjHw;PIM|zi>+g`Wz^_E=WTVJEwaMFiVI>Rs`LO6aq5ybV! zq>u7utqa1lRO+?T6V%eUWGppgVTCV*G?4i;Y+(Sc+Nc8!N=Hn1%XA}kyoA3lDCPMP zQ})#!Mf4g+`D6L_hAqQ7GjPu_M(fp)i?uQ18?(k(6PteTQP;q|HysWjtQ{RqWMUVU z!NIzbXLD!NiayuFEE^EiI1{_AJzDW6*Z|yVo-_Q7`tf%v39v8rBcT`MWp;GYKgh$N zg5o7gvqoOt*y=`phtn8pkEEt`k(rnIvW_8U&3nFJbBlxwvY0hgOT95;%x!4qtx4V7 z`S?*C%{y~i8AZ+cq--@Q&SiOk+NXsV!b?~o-=i8WnlW5AzuqZmY8B(IPSltW#H1Em zFHUPo4cw>$8Y{C@1)U7|w)#iA5s+E}T9TpYAKOvq>4L@DPYG--IAZF;d**tPR|R>^ z#7d$%w+gObip?TP8peEx+W$vL4W2|zzJIn+&vH3DovU5|YB!p?`Mg<4T1nHDkXBu= zHz94c%TIICR)61+wDRKzA#Iw$VGl3QySk=cIZ66_rj{)wF&x_CIGA-|hSnjkWCQNq zaA*p{y%%v7}zk3izTKe-+hB9p%1bmQGsDa?a6UI(PHAR#4 z5Tc;qG27T|K`!IFkP-1z=e%VIqZG#hok-YTnPMZtVTeDZbfU>*jptcJV$}cEMC_s7 z3*;S>c*MsW=noXe?)rU3uYZH)5v4a-g4(yeHfn3Q)}9Lg+<=5~4uEhdVW>yuG1zn9 zjrS9oqCe2}i`{_u&bQ9$*AK<;_o8HsPqT>}jq^!ihURQYPDN%JPkVxsxhD_#-2^AK z;?X4G(=D4x#qwv(gyDk;z?>#^Yql5zxg?F(&R3PmRn)TJ-X;b-GD4SvV0bEqCCrW z4;eK)YNL&H;AR4|paoaFnjZw>znW>tF z`OTJ8Y34wgId7Vroy0^B+((^x+(}tj$60P#mezFU!kIZWIa!yQoT8S~Y-$Q(q~X+* zMc0C=&%BA5pL%40?e~+dm$LHnxRbK5Mzq|tEUg!PlJ&ArCrKC)DB!F8JWv>On%8_& z8RTYCyXcE)wruq=6B{=8)l|O0Ng~k7pRLdJ_q21FIeY270b8k2Rtq?1$p=ArCR`o% zmp^QmXGt{tjfOF5|4-buns%%ROw(3>j0_9@PyBZ8_|4$}z1=%LI@r5BIy>$EPb|3I zeDntz;xKB!mv7Y&RlQoFcjgLq2kp66#Y!1&&Y>>%)QE!0tMc05(}EFjou>7T<^Q~4 zB;BZQByYtt6HuU->of(kpk~d^WsEoHw8KH{gZ&Y_=Bjk$=vUcrX9| zx$z&y<;9!g$#M}ObMk-mc6LkgAG^D|Pw^j*@e_=+ng|eB*HzkX$>GO?6^WBjB?#%G z+g|G?jDvpecGS{gy?s-^y=f?1%gHm}EY{Ah3|!$suTp6163%V3j%3V%ERQbp#J4Ti zCGnNYS8t^)Koz+XP(^M56aU;t2IH1-t8;s?s|(5G3r?xzW;qy8WfF#R2Xn^qA$Pvh zQ};WioLvDB|K`en@}8%-BlOFqH-I_vzq|eNc~Snq z=yspv|6}}CDgR~2cJ8FfQ+xo)Zd9J8s<^ee31Qr{FHb9b#lN}hU)5&luv>pw0WfF% zZ}0R<>;L8M)B1mu--`9WVnsnK6;`Fbr;3){L)+8EL;h4+Up^*9SDMxqYqV=l&QT4) zR&2NLe>+1UPe=-}#I`QR#NSSQ?Q-aBSOoIW#;P<|XK=G~lv&#dONcKRPu3HiQ5O?3 ze!$m|`a)(o?I?!jeq!+=GG#;O*V$CfWz{lSW7TDVX9*1yU#(!qa$uF5TRAmW3BCG- zGQr#*>s3*`R;-b%>Rj}s58UTBcmIzGzoY4mET6xe1~6y;fAR7~asTh_Za?M!c$D7* z?f;5v&L!7aT7ca4Pwm%^W>9fN@Nt5#!zkoo32^?U+R!WYh`EkjU!2kCOR@y%-SzX> z$PyY1^j-$LjJ0V!!shluV$R%X6mm){m0C8g``B@lRxOA=R4*RGDRu+=*_`-)25gE=T7fX13Jc0 zp^6&1Cj5?&SSCN5jZ}SpGhGGJjz*sU74V5lV69X%>h@aTCH-3=Pc0-Jdb`Mtz^)O; z?|F)CcDbinR?w=xhq-#5B`XSls0@Go0;62hEDr3-W{A`L#&TI6$@AFRQRlPIv@@XV z)=n=)=w_r=clMp;jOCtxH%#f|3t`Iz5OiLkrrWr3)xeTa!1JdS$T%yZ zIcd&mP>a!WY_=p_W+Czrq$xbC6eiY#FKUHwkp~C7T$OR&RXc(SR#W-!)pA*~CVBsv-Y7)kKCOa2=XFqYa zr|Raqn@al&e1hM?6UbL4KpXZ!)AvmjHGr@(ds0vJI9CDh5@yPRO zN+?LRE#qZy?toa~C4tVRSdnXZ&M@*~5YE}}^Hd1zYwa4NSYdcL2tu)a#1J^hyX&E5Z1`L@nI z;y`Ba|Gn+)QvAnuZ)f{y|9_0%s`me7qB*SWD~ijSWnFnXZhsb=k)F>m4td8XDQ6xV zn?R4X|Jb??<1JZ?vO;mFh~iYl3Ww;IUr=X=+FJm1OE%jQU)+#s8~yq#`s-io+d$UA z8Et&5oBSu@V-g#avemI&z%rMLQUZvXh`@bvQCPlx{+T%KJV zzB}I=41PYlIQUrjK8$b3w3g0JQ_)R(i%*g*lRPcyZRa;^H)P5wjZi0?h%uPNEghEn z=8p;hZZ9nL;T3pVp8vEz=xtXw5Fty}WocxSUB;01;E6aVFe6=QQ&RwPc$w#W^C!O$@694~ZBt zy%T>-QG1_eQ4oK{(J)jI^yGa)eDTrw;fWKV`yc3XOr}r@Xd?CyPSYv68sN&643ex$oGix3|G>8x{Y0i{AfPa`{*Rvq8&JgU!Ff8rpsx6{uyPA2 z0_v0n*=)A5V6~}L7F3&BWud{=UF@dO*8N{^&Mw}ZEV^|UNBt#j-AzYayLB%DV6lx* zk@Z2h?gFFTbL%c)yxi8UNV?3{UB7f6bDi$rrWrWdvCg{ z8O=)gbw!BYchhYk2p(b6RgC;Fn=T_fOJ<(n*U+J=cu!)UP7@l&9ASnsmf;BDAtx!K z*QV^j+1b0n;lU*em>Apc>j1rQvka3|<$a0i0uE{hE)OX4)Hc1I1G2etL zv)7oB0MQtopBvtE2 zCwrIsuYcM8^<%-{P(6_~6{+OW`bMw9dO4>*iu0;Cb)s+hO=SY@y#@pq*usUINd!v-R2I>5s zpV3GQ7&RNI{K%Ags2FO&^}I$nR91JDi?!3~+)F?#TqpQRKzzOeLQSSh#rpuuXHjl3 z%clmjIm^gREj&|Vs16=XaNKv~i^&fsTk`$o$J|Oh_mCyc@(&dX$9!2L?dC+Y)={C*l1wu&mWD6P)Z|Gd9<@KM3y(2nrXq0ksxwLpI=CRNStvx5y-oI zdP#3c>;!cdhdSfC&t<1;D*si4)kDbt-4{C*@qf>s6{UexAZYPb$RUO(bG?HLN3Dzp_!Ez&w1Pgp&B?#VwDnLYN(=`$I9jp?x1MCFZhOswO+vKs6aWW#wAX z4)jIox+=q)D~^kq;vkdf3EX2(NX%s(L^qjM`TbM=tY!0ONf)KiC#MxYHUFn!i2k}h zJ-5dM2N7Y`n$Xox^c(#^e0+9G(liW+7y?hT*hepR;Gf}SkPV07d(`fd{ zSP4)4CAjsoY_jDPXmmCL>2QLcd6$ZY-uIZ1bIix6U8phJ-asDu1FMvJl~S}g@&yMxXPi7@orTA0eYE&^SFqbRki*X6 zTVS8pJ0&tjqLsz-IE-)HeY5=9I#!o%%9goQE6J(+t8juxa=$F=c!&3Na(jxz9Xotn*aLSsVI%Av^Eriig864*Argje2rFEDhX-C|WU&77B)0 z#pW^-FZGE`xf?Kp7M~`CJxYN&PYEL&zL!kjwm7NXY;ie>xx4n_g3XYJtHRj=^{{xy zG$4(UhCJ;xSlfUk%Cc~s^xB-!3IfWt-aDh6Y*IIpd2BBL4oVhV`|17I-+_PsRmy2Z z(xSR%J-i>XHuP2Cn$U=jrh_CUIM}B#<0%ef?qFWi)ARFEjg+r4QU$k>3)P6 z6Z=u#vh>P57S?|_uTSQWNsvV(bw6_+yI23!AIu#a4F<%|082@ya(Nl%HjooVCn28! z1+^8Jwm3b>BhOOA4`QYc)Oi#0%%MQuauMM2OyR(mkM75hIpif)m5_D&x=2O&EN94k|r$)sFUQ7tl(Ktu4)ywG7iw*(b^0Yp`uxnXO8LZ z8AE~(y~KQ3U9LpT5RL=4LPrPXG35DEoQ_zrU5EIECx1A9BQ&`Q!W4CqicsuAOMgu7 zV$`{)tU6L$Z)q0qu{R9Lmh@etQnBff{g~1$K_5TP#{okA%dJpnA~-PNW7I>P34U+> z9aD}v5J27bSd0@kro8Pujws`Q8`3O>RsCL25p~i>7;Rx_#Z`PQ*F4Bp~HJA=t3E#zgaTa0!?rl^QQxySGk6NA*26T1_=JrdqSpj2xl! zGlJRp=c!36chfpMMx(7$W72GQEZxqmb{Re3qN&^0Rm$EiC;h9{h{U(mEPV2>cjspZ z?@sql4hwt*O56`l^)LM!h9n9u$gundp@L6&xdD7E`BfY3J(De_FhkYsm$+tHQ1b5) zj#x#Od5K7y(@L5`e-H#K~wV$AK#hcghi^Tf^q$Hq7%K}kOEHIx1B3wUFj(G)l+*v??co0@Q+CjHltGv9Ew%VI0#`tvY$kwqHG|+;c={ z5aLlx84vvv8dO>lb1nUTR#Uel1+(`0s%j_^BSkMXTz8_l7p}`7w*oqY>2j4s2K&!F zC=B1P7{!HgnnT#7_Wh;z{Mv)(_eYnfdnZTl4i3M6^JA4_rbJX4<8-Pj$fNcUM~t-5 zy0v9V`4f=qY&3^?HtI@y+ZyD--sRrA>6?@959dQJ z)a90YdXr8rkM@6hcX?EOoOin5p?`B3PHGFD+fa{Ak1pRGADtXs&IK#Bw&PF;=LT>G z|2o}o2$xM`zcJkNi^F$&$H!;;?*>QzJ)aawO7^0N`h)QIM&uZr?w#+Sy*X`wb&M0~ zJlg>5$=*NpF?;{?pQnSl&?or4%>BO~zmHjyE_RQ9ez$*ia!ZuVHv<6ZtLzMFfW!uwzR;WV>l4<;d za_6pcnx9cuvKrWH)b|#Bx=!N|f36UW=t*`dVPIG&7nBbQPY*hkF;NiUpc+fSaYX>8dGo_eo6QO&Osk zd+WThExwqXyr+#9liS@Ruc_rodC#Tw`f%^O*$HY)aMJYjBu>}Ihi?z(YvU0e9g|x! zSN#@8y`SIhot~Zk>*VasK=g2QI$sKi^)E%i{kP2DZYMuPxM=>#QT)f-lOK-vew@#s z2GERt>uvePF!}}pNy*Rii?fr%%h!i*2JcP|FE5VvYfuG(%{X`$p)6$f&}cgv_x&i* z{9;F6Al}1H!=px$#JW$H)SqvxDUV{YerE2A6}^a+uwWPF^7)6O#YU7TK3%v^>y~%X zUhNd9_5IGgDJ*4dZRo91P499&wx$ICQ+Z;{zU^P=DziS(^W#p`lhe$Sg1fm|ZFzny zAX1wt{5Ab7Dp~W&i;bmR(XFSkj4P#-UbxR?Bx^--=|v@LT`uf~?p4+FZoXju7yD5y z<0LXivOfGoJ$ZR8a;E!?U41n_koP>rhw<%OoR-c~_qj%Q;5NKYpM9Zjtq2?V{z>Iy z$sDE2@iNtC&}09kJh9U0=>#X0lT_y5dysAaq@p0s99qpBPZdqXnB=;A_yMW@7ammQ z!$ceaE2lE1r3Bnw5Hg{1e2*ECH@ND;pmNz(c=TC*U+0jRa<1>d10SCA$~(*A$)m~z zKSP}93z%hlth*A_@bzWRvheFJ3YW9hxM@e{BU5clSwO(qeA~nwtLWn=Gcbg=BqofV zr}Vm@0!H?$dpe+1^mPwEE(f#f!L9)Lb;pGhMA9FC*+_wOqaX%SQ|Az1)SKU_~Ln;S&r8@SZl)cIQs76<5 zu3t9cvM3x9f9gl%HKjMKxM8Vx_hYX@7x!^YUS&KGBRorHgaTE*|Fgw$qsqgnlLyi| z2ZfA>@yO(ntX1rx!3^@$2jhr8J%3pI*i1^*>jyfQJZN~8+=kEMXxc|S&C2$TRT{e= zBT{Mw1A=q*TWf_cY0Rn4cU*>Em+P^SO{ai63j^ZgrJ}v6(KP@YWuz=2CN&wqD^-;= zs`8y4QiQ`v)o=>ijQN&JMuzX)f%)Q5Me64^TIWgB01J2KYz5EOf*Pj9D&S8h37;N> zX&-%fD3a#8Uo+|!w$+EBa4k~x#1>;;pG)$MIlKOhkuEqF&9>2I0ngG{>ryrMQk#F5 zJecLt=E#}t=P&ATtJw|jL6-UXY-UG5FGrUABItf(nXM!&Nfv9$MZwXNJmyugaz&_xAqbMc~6VyoS{;>362oI?u?2(cP3-YRk{Se_qYmS;e=pjA>FwMP-X z#!>!K{ylTe*RV&q+?-Y7V`VHduio5DCaL&Ss|0mopV|YFe%U;GFv3JGV36@Ea_(uY;QkZL0!F>z1AaLS#R(DH4dLO z&=c#c8uDpE`e&;T@AoGB5k zh2E5HXY*~W0BU46EXNZ4u5yIM5A)A#Z2i=x(iGxTS6lKed8kwjE_B0EfbPqAo0oh=J1Wc!m@;K?j7_xxY1t-nMc^UnV-ySs(^pYF@& zPv`$f`K{{wuY_KcnrLo?DG)@tmtr9;u=WE@d1Ie(0O(@@Xhh=uJqr~B4!6f>lknb@O-dHQI@ zTtp@VACY(vj$#t*iwAkTIE<{h5L_&n{o}_v3!GS3)do0w)qQD}whzVHK1IXSiVRWp z9W+2tDO=JU<*FRwsGuhV4l7FeEIBHvoj0QNCQFPm$dm}Rr?7oPrft+#(Auc2F3aC4 zlbT>G516T(d_;Uy$`y1k6y(3EQ22>VD=_f!3TYsLRrHUm31CgujD4(FGI5c8Ogrwc zXdlzyp7yb)ee6;9u@&xDolfUz&wARkp7yMJ?^*Xb|J9uTy)lU<;V7mlx&Ik+&iTLl zeCK81{{Q*Q=g*(c|BvxoL+6-tlEw^iisX!=yD^E;brwcJ7>`hb{Tnq$z6;d>IGyO593 ze{6W@ERLp##_**;2_+;&Q5X}i2^jqHb z@97r&S3ek!w#0w*pX@f?$^l(t|0YY&FpLOmeeJQkr1iCTjc;0Cdwi0#zW#r$HS`vz zARN7K

r=P!y!opECH9^#S#*C0r+&1;5Z}frGj}zAs=VgfQ(LYlNZC@;wd3p;-FN{f3txCl0B$3Zkl9GRCAqzQStyTx+<3&Ahd*^Sh zjs&pdz4E%^uk*K3UWoG`Nwu1x*G?u5JJA$YVmwSS<7wveEG246fuA**0I62%k{U)A zPvs=T=;fM|j1TA3t9&I~^%qz#7l%I{4K6SK1xc>AE)LJn21l1?`tQP0`3{{@PWtFy zG(#~VfmkyvyJkG(87F{L5@DZ=L4{!G%7K0bQ*c%2<4O)l2-qP>Ax@D~G^JT8$twq~ zmoJpCx2aEOUxe|h^gCrA={axyLpTF z7<0W|G*l9xAWJ3l0Vl|A#FT#h^<|iR{dFH5hm0e^B#J|rTDMogL87ZG;MF&ASjVlI zezg^lh$xn@S<_mO6a>kkB{-pbz}=zz!+QDSbI{Qf|2PDX#U{y?3&ADZ!Q z_7?#6N=Et0s^1ri)vsjlYJdm8^$1$zORW;$t9JVemEoReQ6vpt?5YIUK$KiRL_mA>vy5p8F2`TP-$!3sKZ7>Dq>_~Bib~_vl~)Z zBP;mjJ$rC3d?m2~zpew2^##5;6mJl{{*Cw?j5cb^Tqn0U%0Ofb$zX`Gu^=`eN3176 z8_Ue?^37flD0{jdwI=&Wdm~@&In?1Lb2i-ue$AH8e z2Ad&{m?c!Iuu)(HHYydim?5*c1t$4vO6zxwV@`%y#0X!2Hovr4L`c$B%v^;HPDe~_ z<9q3dJq#)un=qDs>+N6j-85$esaiEvlhDKOt+RjSo!5CgOBZ{Dt$6ltcIT2&KqK=~ zTh+4%Z<#jcDts%aeDO$Fq`X01AMvi{A+H-g4)QhU<0~8aARH0Kugc#Sk(Uki^1Q=S z#Kw60`HMcrp67Y!TxlT`PEugNQ%h_Ug+s&$-;^@VEPMfn<54B@1$pbd&5=*CD3ak* zb0{wwqC^H-J@D@jbaga5rTjc4jKoFC7LYf`5c~TrF)|5#8p+FnyK%^sBFcymh2pRPK2UTh zhL(zvToWW++=53%-jp=FS_XMj?h)pKv2YYCTV=}Rb#~J+Er`6%l_-VgmEw7%A8Yxz zF0Y;$N>XwQH^~O$h0bRyLf*|ZJX6}Ja{ix@v{A@M1gEiNdd>5>wBgPTl>FjYevmI@ zwQSXR;BVP-0E1=TV#qH-d4+r~Zi>?8Q3tRf@~e_I()1`sx-{9BMgB{ZHhRH+Y0`#= z{>^1Lsb156pzkpYeZ<2FL0KFM#A7rGqbOv=r?J2m?klhD3n9TXV}etDO)y{1uB4FP z?smI1=u53K4*7973Ckyuf<6x-kW&KVfFen zj)~8Ktx!a8K+-zodv&NQX#XCVKY-k~8*5zT<310g=J!c5l5M(mTo1@k@Ozo}U_X8zvy$lpI7(jp}P38Vy+oj8ehdeh7k+nQACuk zj3#)BCiq6~UHaXG7;-oZg~W_ZuGM4;%Fp5X34TA2X(CjKJ@*WIg5QUeY@)MNz|s`_ zUzR#%3swsPc3d1q^iG;Xaw53<_Y)R>ia#jb%F`l z+ERa@S&EJc=Ojfx!f zbJ>QDj>#>FYNX9E9iiy|XYbwn+s2KC(f-X(fg`6+tkj}>$z|&{eP6HR?fTs$_G5dq zr%$%;8X_SHYl`3kpd59b^V!c21Aqi?5@pM`)@*-Si^OFx7|aX?gBkTbV>M;<#YYDx zCr2krH?tl%t9h=_IkY^7Y<`_izKigvOzpP*I|I-E`Sbw|Rk@l$B%B3ATwi@`27ZxB zoCjjBDW`xBVKWzM2UsP(L&_ma#%-I4TL52hvMLu@B}>HaGYp?7xXzn%&*Oe1aA&<>4;`r*{&+FB+Y zi&v8A77pyQ6Z)lrS2b@9@)k4?=liFQyTCGM`%PWmf5iBxIgqMB#}Lyf<>YM4i5Rn}o{3zc?{qOFZMjE>kSlavKHjQ9he#n8 zSB)@9kp6%iFc@f&G|>o;gfAj57=(4?E%zdLW$Bl>d?Un4(W1|HWRePx{pfI zHVN7iI@(Cud4jftp$GdkvCNX%uLEU}@@1+826QHj}FZ-Od1 zT5V|O3fcmO9`Mt&qb;DL)rPiS&^{JCn5Rk57SPdZL)#!|9~VBFSZM(rtv0lcg7z^X zM4{u=BI;&_3&nF}TSBI(yBXSbo+evq4LXM6@0_K{ z{usw2QX5U-lt>-2c_t*8pphz$0w{k+K^1QLT%q&5=n~HyUfF~WF%!W&KM#$L3&LX( zAwi_1@klsPLv?-ai9W=^gA=l--leV)9chw8aOVO?Kqn>4RH#EcU;>RiNJdffEP)QQ zSQb!6fp0t)RlZ@Gxr@Oq|LCi0bG(1rGt``w=F;Oau~9UKl{TV7koPoBzZ@lQz%~gIr}3U}B9*vJof0{pGP25dI>sfQr56i~=p&0y z7?X9ZG^<$0H{8m1KGZhP(u*bGbV?&KsL55gildpD;O{b_ zdft*cYAfI8_)E{y=zx2`$99$vM1Ui69jXO7nkwHX1`5y8=m>Cv2Q;FR65)rO<$B1K zj)={M$Sq^8H>#4!gIy!p1GiN6-oNkUy4WH?8w6~U9CN1hPsoveZkt+29i}o$bnSZ_ zcf)gq&QH=<(g`t_EYI`1uy7^UB)8iO0`=>RU63Z%<16$5?(mu#$W%d6)q$iD>@iSB z?P3`-A@?GR1!-p)EIDDTjXhFrAgmj?E%;ab%-OS4V+Sv4O2;`iv4x9Q<^Vqr|7kJ~ zCM>K5FJ9D?o5$}_Vq-2khB`Vf#HVa=<>?9?vk+3>s9Gq2YCbxIuty=HLv(IGo+By{ ze1%X5Bs9SvchR|ELwSxEN9SYA7x_@E{HeLTnNx?P%b>)dBbK!HXmN67`*vPIcx@Jv zA}(B++R)TT7Lqb~AXV+r;G>B;YS3{(=A0_z=m1WNF33zNV33w?0WKcWvjjTy)Xh6* zanNA`!CH(gB9DjiGzr=q;w750_ye(`lrA074k8CUj;BeoDC#(c8*OaveZWFfIdzCf zijgLCNEQ*kgwml;;qpq47ag^WMY4oNY&1JfIKkmQi-qKv#`Dgu6*_b!q-!CkS{-_X zE`cg9cdC`Nlqoll8j~xHBwaC;Jb-LglPoy(_0d|59BHd)k4a!N<_Yj^YK?}#tI*(dgNqdF#(Htb+5++}P zKDM@@6LF|hoZ<*gb=!4u%~-g;(jdP}JWZ0tK?j)pTHxe5=+JF1^0B+SrwJW`h9szq z;x(@+$ZVC5*tFsLKS}n0NTKFwLWkOW>}SJhYYi)+L$&dka4}B}3kSZI^sVXR3h6{~ z2%{t%nAC9fyx}%RvXZCClCID(q4Ay#L)yx(6e6~!6DN47n{y3fD?JPW()ctQ2NgQ- zmmg!?8Xppq+fo3DSESw{XP1LO+d(97F!#A>$LRSm1%a@MAK~=ZS%6 ztQHf5|&r4W$tjN{>u2I$~R!bHl+4Wbg>UNpjDjKC$s1KwU(z+%frlhgd7&GxUb8Ma5> zE7|c~p>va!_VD<;2v@Q=US3V0JX8CoaleY;>uTVd8@R3k=^=vD*Q+)!?{G2B)K*G>amF$>9pn2g4r4iG@Zd6P2j=1-C9H^9|MV`aD$jjiUH z1DDCG`z;nkC)rRymi;YHAVI%fj2b}BCfQ_$1deMci%fyBIKE&74ghet5hTAXT`U=qqA4{1!(z4jO^0gX=xRA+q(Z4P8sP zPT?Zh364hv+t^~buA3^mxX~`aMZQSFV;mX1s7`mTgUeP!(&$syx^I-r?ej8Rc(Hd- zf$mLIYuxA}WFc<}R}}It-)6jF4!3!n6+QM81Rn8 z&$U3LxqQ@KCgoH+OFhfMbudzt<=iMV8Gs%MSjVrx@eFaeF3E;k&A@R8Ie$VT zB#rR`6=NY>z%35r5ZvtS2(&~7D+1DSC%Bcktl?h`a2>O-0-AO`jBWw8GF)K6 zID#gQZ;(u3WrmB~PO)?fgOyn+@`efw-nh~)I7i5$f-BV zGo2kLgabtNJxj`I&V{-Kh-%UeRUi_QaXcd6I91+EsoqcZcLW7W90pLPkMrBnQ7eeF z#`A%N6?Y5`(Vo_bCM(F60{6v~lK&H@k{rbW>HPD&21iYaK1(<{(e{;_VCf2-fAe=* z(N`-tT5{{8pu9eg$_Es65JinwhB9Sn1;8u=k!bWKzCzZ|I9GxStIoC}k#>YB&ggTY z=QJNjONjDhf@P9wK}V|B_Spto(vbsEi8Vn`)~VV(x|li7QKKZe`{XgffAq}u4PvBUtg6_L#E?kz;{mP&?|XIS?xW^?}7od9S1UE3^-10oF`!ilP%M zk|9|@z;Qz3Q3jAP4Cmkv~X;$6dC;zVTmrsG#F?2$WQPARU}-()2%&Fy6r*^p*;DAj;|y1dTGdPKDyZ2&l0*>mMBqsh5n*HLXN#~M zQ024x2B7ro6Bo2AqiD1TjmB#Cyhx{L57d~&j29gWtRKw`IUjRP2%rl?m-5?*L42}Jr#EL7|%-t2T-)zzy8t8BXBpUVv9mOPs84U=RbO^_!Wp{;aq9>CyRwc@F zeOt3;k0`adx9W^q8;C|*bM3a)=7zZL5a$}=S2naC$V^Da$qy#TomLUdNG`}sdlrIr z(9}eEz_!V`uB~@4v@@Ox=?rcKL(7|N8r*FS?ZP1S7}v3rEA*ZPnUA5Fgi}=>vUF(8 zK+)a)4LIi&I`6YY_6JnPctZQxz2&|RBGXq?F8Uha{A&if|Es<}ULKmvkXkpm>d;^k zRy(-s4lM^=53W441PgJ=cqlYEm0~+xp@U}DVOJ3xMCbjWtjYF6yA^^g4XwmSTCKGj z?35RrEs`nWE_1n~p_TZ^tqsj(F1OD{bmtXa-U5{yk26j}hY&99rZMGjYiKSTsSd7o zXbvY?$>3H#wBJ(3)5)^xv96_d>5>I3x;Z?zp=g<*wNa1%TaV|qwB(hm$NA9as>jCc zF;5-#(SFJ~iDfiH;7ptaemp+-P%7Clv|E|AyHk%FY5CUH+6~m>+9n==dRzuv;G8XWNDXis_1Fw;W$N+u2Y20}HLAyEX#bAtasAMiQjeRlbHD0w zJzPtv$2S<-t*XZrHuCSI9@nsue;4(*mDl2eG}uc2xVih(T#vnF+Nln0j=y3#hjTv2 z6^?FoL-XvBD8a$lISbA6=$`j_LbHvx5S8NdM)v1F&k^RM6oLXuhR(+%n&@-!C_4Ai zcZ?(Q1&(<)Jn#JcJYcb45%Jt|Xfo?@b2#_2hmh_KHWYdj`J*8GZA>n~zfP4vhy`@F z-!C||_sbsOnZ#2ad*0vBM<&TG`Ugv4)xZgKIuMe|RBBJ_B*Fn1vnV87R9xmEf_kZs za~-(@BTj~d!)-^&bin)X)d+(z<}!EeS54$j@I~}kukk>kfeq2OTB>iT)-rfgK}vAF zwT<_-{E!6~g!`1$1N+t}3ILQi_dQS1DIP%FB{rF;I)X@13e1rTeK3A*WH{Zm*HWoT&xK`g0Vfdq9!FvW zi8L4^tm6{Gd9d0`W@2i?(5OPSkIvk-MWJ=KQRCvG!Blj+fkF}yNgy;t&Kr& zH;Y^kQv_qxliAY^Au2Z%Y-)n4LmQ+tl06zD98PFVA@(_)Ds-?&C@!8wDD^#WFM^mB zsz5Z`Kp6dF@56hoG{Uj6C`7I_saz~)aYBWgHl0GOPPq>et$&eI34%_n`CPaecCn-AB`BDf5eUcV{P5#{HMK>kA))OpkqsIppmv6 z>YxE*IvU%1hir&qMs?6Hps$FHgztHWvCaac#>91$L*U~Iow|Zx8m}48HW+xWzE6D=mbk8Z*({$ zy{4Z}V#%Ld|Fg=Wc)~cWC&*zlB%G5_bueb3+lZ1#dkGE-Em$~cS;@#;U0-oLVf#YI5>q90a z1{`U+0{um(={t{DfTJ-J@*H6kRrCCt&2Ki(_5A5juE2zZz5))yPs2flyV?rIu}FplzgN&~CqP*t0PwLg_8LXv;%3*_HG5wHfP46(zSk zSi(8u_D7sXQS-=O-O9j0_p_1)M}lc)HwH=c@>limND-tKG>Ru*T4srpgn-_lQ(&b$ zCLvNRc`!2)$x5S_|L2$ElcVEvXq(1@hCs(ku=SxEKjADP9ONPvd8~JzGbVin1L3M! zt9MCO(28rzzg66N1MMGuJUx1Upa%+Dfh_xg9RQ-j^Lkmy9y&RC|Nijf-@iN5zrNes z`|;i3nb$*SCwuz`@Y*XzG}3#w&sNLG_{w~xFw-*TDTZBh6&9>gWj+m&AJnWAG875L zT|gbEHg~Qh%s69h76jk(s&OVD2!@_s*l$UOR3lnsLC-p)T&}r^TvS}d>@rqWE*Za2 z;^Oc72ODVbr_&7pSZ%y6(gE?&DbbqE=RBa=KiAjtol_SHBMj7bwV(_gf7(YnY=#MH z>;^hgvVI6+g2WJ|ig3N&gcer{E=8rFGgdd68+zBG8duuGXUSPQh}6nqQfH7;WDKmg zQg@EheUSxV?+@{B{Zgyt-#uqMJ=1udMxOZ-qz^_DLfKX!KHSc+Qnu1IK zfHYRiEoN~~EgWZsW!3_s_z31R?TQcmWziqRn9hm&Aefea1u_FRbIGYR1O)jks8WMn zxtee4smNzM+h!DE*q3hOnj2U7X2G#I!JYdN`+Zqp_#Q{!&Q*7BWcYUaf}KXhf0>121xDA446>8SF!uzA&qe%W~QIB zbuHI5G{s&Avs`JL6EwtC--_Fnj1v@M;^bY!)d)Af4}nV)YSk!p9IZR5R=$gY7PHp6 zs{b*G60I+)LIIm3M1uP~8W4F&NSsM3Fq_3V88hHU4228{wvoxT^E?vIxw8k#LjD4K zbkZX#SQW(ra2&@1Yi0!72~@HU=}z285@t&p>*#7~`)q-v((Xoul4)il6(R=&_!6g5 zlGy61MWmqh|FIk$0w`&@I3Qy@rHm^M@sr|lhT58EAlIYyRGGkRW;t7kDu}EPN0-xy z!_=L~b43R4aJD*TuOOW0dq`P^97BJnMCuf$CZf8MzS&AMsZ-RjBy)EMZVh+KoTn?! z!0^#`RLQ7P_a;G4p&>JEpIyel0>;oZqJm1cTB50+LA4FNp8HPTkr|SlEkM zNcwBGw;qneULnJ}n&}$OQ<&6vmT_sFgS@0HWEo>kn;ZI<+l`jlaUr3(qey8&`J5{@ zlZiX>Wej4vt{pKYqHB$!HA}ggw11;1bv+nkYBF^@vo3(V&{DJ zdZlalt)jt61glOmYq5MT9NQ<@$UXzZs8uiK=n>lP5%tIHvL{(VZ|IFlH0ePHJt{;> zgw`0)kI9Iu9nQ$y6Jls<+u!sz&HAaaav3Qc2T>XtTTvX!kBbbs9d|pV88GgA1QqFIaKQ#YhJ8s`D1C!r+Ro>&hUz$ zYSWKE=X%2S+zZ}d9@g*ewK6b27#Rs_@tH}9EY5xOkzE#oq^kPn=9yzbqOld@f!3?d zCaE$0A%IaAi_n;gZP50FlPP7XtB0d876?Z=AUiPZ`eF9fq9~43HxBk0W5&WLh=^h) zKt4p{BJ0#5R8hZL5fNiBE+wzBNw3I^@<0KQ=CS7DSy(R!@NyJJy@WMq(2~#oW*g$h zVVK#q^u2g6s`T`K;M|kM(i|T7u+P&KEe3LjLlPQWQGI2{=A}4rD)c*d2A%VwF`g=g zk0?@&@kD7NK!b1)`$7v_=TO#vah{L-&nsTl-}sxp;U0kP1WO8r?3q1M%<^J~ITYVi z7N0e|>k$bgl-i9WJIO_xA{cN^K#j^=Z#d|iQ@wqutHP%{R6)T4L*Z|Lj{qj4T zrK$KqFL9eGsr1by0En?iLIejjTJ{yX73XMz69A_WM`OcD4;Be0-H-FZf@a=BM(;e? zhJmdWNQF#MIYh<0%;#ubE5Tho`a+uKW6ZT$e-2iM+Fr`d*=`aRzN3PtaBcP5G#nAN zDBLBbo79U*EuSPD6qe1KhGk>PwRECuZ6di%!upmEn9>A{Cw3ef|6Jd5=SN1uregYK zfCc$Qm;Xh_KcS)k>HOSH+IDALQ}R4l#83K@i;3ttf^<-WRz||G&HbyGV1(<8yagf8TG!oi=mr? zwI&zDHc&2Zwr(;kb9n7v(FE-S2DJKujVl(71I7~u zm%+i}lX)>%%}41&`s`H?bw?kwLn{G`tpzqygrJle0isfnXsBc==ApHISd<+cz0a}y z%HIZB-%~_n4j>)5=WJ^8Eu1|uz9f#2WgHCiNkTB!a1Zg6aX6bNmx#qy)yg7i)QPP6 zSZcmoudtmcsAz>w=f?HQ$G@{;_4$?m%7>q74x?kTKH+cdurkuFKvfB$jfh6%M)e zmdqg2#?y6n_(w-S92^`Uob+}!U%k#(p0-N3`}tof$Nd3kmxA<*wYr|G?GI@jqDwpz z_GAe|az|s_R?R{TO9h5?ycps@+sg9^Hdc>sad2^oc_-Fm zAv(8igw6~hw}DLbo(3cq#Pjx9GUIeKmgv6%mdyU5B-~5%EoV3k*hE7w37?>jeb>?J z4u)vop~E=vt$Bq?0Un(+q?l7Ml$h?^?UnHnGG8{(C&Lo9{Y|v43Uth;PWLY!%pab? z>}uagDm3FEUjmXy9Zz=Z+r-9OcJ%sFn-!+U%EqD(n)Uc^tG~M=al4L)( z{jHb&mKWv$&34fqdT;h+jw-I!6d0S#`SL^`@zNkWU>+3ghrWldLIVuD&s0hbxf zjK=MIV>ThX$SOb1DUL@21yIeGe#kE4h~ZH5BQ|2fe(OyzzwncIS|K|4V*Jb|y>h;zW|G$f8 z4dwc7feo#p)8lvlZ_lVHy+gP)Hl&2_qP^q2{qI5H1I@W;tWt0EeHB*++&}E^zcaVI za2%q9vj8$+`>Oo^78f+J8vzJT>8-7K?r+QIw9V^@MXl^eXgx{qO9&dHJ;d@8bFW_x=m7fd#Z-05AGqzj~f(1x@K>7u*fhHdLt?Zzl@5 z!IlWmM=JkI6-J1DOM^mBike;d~eAPe)t%o#_sB=MP9n|^m z=%|A_T3&U~dPIdpop1L}I_ls5>2$lO_w}m=`uE>^y2FJ%s4Ce7pLZ#z@#r)dlQ4~F zJUSf3EPH*RZRjjkx^&On3LLd>B>r0}jVi#?B_Cv2a zk7LZk8_lC?;CAOx_n@j+q11jFRSPyv zJ^}7Kz;bK!7OHA^k^2%|Wj@ZGq95&;38nav&Z1!gqjwxe`z1fo_G3?2SYrDDnLaCARX9Xx+ljxvl zt*6Ert;O)OY`kdqZ9Xv_#)~<}+Z9;JZ+eD?{ z^+j#5CCfgWr&_>0SCg))ThHz z*OYRtnNz9DTV_mcCEC5wLxbRY6a+C>UOixfXd!}DCVlQ^^RIha!QS85ORa9}@5rS^ zJOBH(^EN%p+W!NbWP!BWo&YSc|G#>@`Lb;Pf3x}K$^L&A&%N3IWuDN{xxj6F5gJ)T zf&7#hFzzO~Vn~OX0y>J=07r$jT>j{`;TD`zs^=5~_Tl`tx}Cr8!udm9+qbRQ4jNl_ zd5Gy{H9fQv6vhXcvxHN~ke2!R*gNZCcHwKFFMPF|vxG%7nE82og_#p%G9`SUO%lur z>il)f-`?tNcB=YGGadNdtU*v2P)B#!pKc9^#9N&rTARvNjhffRRZQe1;}>S&?XYC( z950EiH#f!=`65XSry1?=WdNn|$iMgow6Rs9F5oQwl?_@V&6d7P+8QVwu^p;x(bb_R z#AL!^(R%IW*bx36iyPcS~O)2>}~OsSNM-Yl;b+z5>sxCyF`^4`h6gY#v@LI zXo(Mw?=DJ~=I9rCJoR`@SB^fMY_XOjv1%_(&0#!LE*gWt3&1f$-A})40yN%{%%fsIH5V&FNL~>nybUw z-tpn7xkcFycQ~Q8LVFZ$t^$Q7qW<#q*I0LTX#8H0Hj5>W&@l_qUMiUga71`Ztd0}B zgyO!lEIN%Xx?7O23Uk{PTp7q|JnB!kp~wQ{Rw^{1bz$YzO~)s~b?p0VO~&+TGM1SP zfh12sZXZL4Xo!od_wI$r?JX@NBJr~-i*WzydVEFOm;mbK2e}uT>y5=U8Ox6p*EZB{ z@PB)I9m>1*=od!gcGIG{r+#AA&q7bFAq>&S|WXIps_w|c5e$|Y@;D*VoVZyTLAhcl!N4Gdao!`HH z?I4t0-t}#eUIi9JqR#q;C`X)($QL;6cJpui{yWI!CK%AyuUSGGXxXMZQRBWK`iAeP zELs!#>yE!;!u6Q^L>(GS!iPA}8CoD%Qb&hx^}QD_&LFmq4i*~fxbZp-mBbMnJr@wi zev-y@v+?3ZOZ%0H4er2NSbq*?I=`<^KX3N_{Lk)-&;R%9KVN+P`mBT23+O>tNU~EM zX4*NGUnpqq^Zakw^IsiZxBcC(KP(mBEHgS2iD^Q*(*<5~sz%Y>YNwJFo(dB&4`%&N#*@Y$bY>Fcqf=oS79c*r* z-M1ANj=YdCH*0*=aYTG*GIMQ#Z`$KA!E)?NmSqOs-0Yx^&LW)s@ewXVbcU2fAym;t zdz+h`T;Nq8+`26Yx0Zl#D}%5CidpeCAY3*rRY=@nWo|z;Gg3uCx9AqCNb1Di9?lXi zLmV`r-5krkp&l}fw})&^AHAnK8f{+MWC0K+avKK;zoA&Y&bpyVk4h7COO83av?59M zYkk^!S=tM?zhewB<4mDuop2FK^G!+_Rp3GTE2A;Ex>m8^I!fUvo zUbyG@A3OsX4NiC8qR!9p@!sj_Pe&*3P7&mz)43U8J(|p#I@w#0a==2qeoKqoiS6Wf znmc`KG`hme&d)I_KY4gJG9|IeYRZY5vT*~kC@kbYo#2@w0FyLYN3)*Uw-+XWQZ==T zjvu}fu)j+=gdK7t+nbo>Iwq5XOQO|;q3^HdgYRkb>p>dSUN$eLyqOtsjUoQARLQt( z7K&8~@(QwJIi&m0RHT3FXIcFZ(ig2(|9kVMM*rJ+y8nMC&zW3jX_)qSG4nI#Alg`B!qyNY;(WOyGd+&A14uPOxG|A>-f0@>1vl%N53S7i92>dLI zvQyXwxUVg4Kjsw#QOb>E97OG|)2}3aV)9Cr+L3tVZa7_AdcEVL@nzI4SeUK9dUcR* z8*22LycC_kRd+e0AsrDRU2vQMzeSz@U6M8KnBUekR5R*Q=f#m!MN;RFqW?#s{?{p$ zEzg|;X#uW^398zIZhrX|+n6ZL(s>7owb3Dvdp1L-pzEWL5IKK656HU<>qD5+V#5XETBfaXJNYdXm#T`t z3YUruP79Q6z9f$u4|VLT77=ua*4>*)PQzUw$1+vymM~QSzt9I@i4N&r6Ib>F7FvZ3MPHu__XiOh^tX40ueL(6 z^9|no=Jo5~6&Y?0hQZ72!Orl_&a2?f&erCe!JEy^z5&o5v9MeA znNYK(e9mR#l6&F1Ic)p*$n}NjXd)K>Co7Uita?s~achy&L&PWnBU#?_5(D3`iF7@u zm%M}}$kJteKV2lvKxS}U`DW6M%QR$q#r9C?#p`^TCCXuK3ZcMjz8wd{AbJRcn&*|7 z;BskWy(FjF;fo=K-$x~nx{N7i&xwh!-Nb=azeyKLn)&2+O1-8Lk;ff5_gjuA@evBC ze)WLXs=<({2Dwm*ktn&a#ueKBnqwthg1VMhD;0j?Pkr?;cWK%9q4E9LUCX+6M{jA_ zwS!ExBgKJv_NS_O=QWn-kG%Re9dzBB?p__+S`_E2hOF@l$E0<9dyEa5ZDom&FWhv5 z^}ML4^j?`WE?W$*(m0>SXK`^ua2g5al8|PIB@?oaqqf;8)w-xKqX?xLb>79 zvGVWvGC`Z7Vi;cP4!D>odkQIFm%HQCuRV=HeJ9swK~jt=F;cu)bBeI>32Oylo8l5v z={6!zlJRC^i^Z|>V8JA`5nG4QYi$!WGobiaYQIU-yN2(OW!Cdzbt(=Ufz}fl=KwKF z96J=8O|NM`=LeLC&nrv|%BkQFWtMM8GoEE!t6ZYS9Bf_cLS~#~5^3!+alck#vGoo- z{MKa6=V?hFN~~P}&dXFa^n*;d)y+!5YNkt(;{wU;@l0Q+d{UgNvWyynHx7Z8aUBnX zEKs&qdQ@Onv+7o90vn1H2s0-3U{8yaT`{qRUw?wnF?sSu#;{C2>7i@UO?d!V^{jhv z0=g1UuAh9x($SGd2#;A!d~rb-A5Eo>_u&2pVz<9NZir!3J?@F);Do-t(>ZU@crj#i z55gxD+QK-!wSue8*PFIFSJ+_lY<%%q8=Hv3!9HN!hv3~Qqk6^j%L@lXi z)M=72wJ02CI6dJ2M_DR<8LCQjVw4~;zWoKJT%Oy9VUQUxj}8UpWnhTe{tqgdlAuK3 zUoVc0;_tugvH9$CiW8fIAK`fjox*hXzspVj3?mJe1pV1co2n>>eH?zWH%vq{vxCNh z0R8EJ?AM!;7p4<8h9z>boq_7MQ?j>N{pwle7Y6Ts;pre&>SuEjaw=Hl21)&OmY|fl z(K_gq9Z9pfK+?oVl3vD%K-04b=a&0Bo6B zCSSfMOO<3_0NNa`7XbHb0{`*nKZ(mrQx{t_Dq6?$BN1tG;W8Mj(Q#{)dvi(lQbL8z z_)>d6-J9NACx;BU&_|f_#|*{POQCxg#}XKQ%CxI7d{)W{{bS-{h`ttcAklIv_0(Rq zx)-rI3OHeaHA@}UpajyMU*2>sXW4_)$$MZw=6;9;%G9haMa*Jnh@_l<-@9a!|8jn( zvN!pth|8W*9hAMCi9=;RtCqmHkvAl8c=-x!#kM!Mipd@^F`>Z93tZ?B_s&|fD#Qyj z-!4$+K(Pu~r@ssDv`SwD;oN-qSK3?z&4PL!>b4H@e#7c3P)ms##Po06_T+-eDSetw z9jsnPR5ZQi?DON^Lt3=b1r91xn{rg@%-=jiHS4t5noArI-PaemAZ%81``Xq+q40?Q94{j@*57MKZNEz%Y`2?3Rk1&uB>%Ql z{RH3y_T!{C?D`wZh*DV=i2+j!Z=e& z#y!O5QKgm$O8xfA!)5YWJFxFw8{5(%(ADJhkwb!gW)utUmI%t`@75aM7$T*bwi0ue zGr;4@xfiOtD>`>v=P5D1hH3-#^efqWixoc6B0BtzzgPEGDxpnkeilO2Y16@p{wJK= zVx}_Q0qT`RnY2gqq~P}=Ewp!eW;ST(Nb?@s3=W3 zsc5hbVQmGpxHgF_9YACeFU#$;p%>`8N1Ed#&^=i4O!(P!kN&g!w?>Lq+eGaLa}b6+ zMv;yrqG5-JVjnPo3C*7juT?$9tsTL;2@vC~skfGPgVwwhZ@;wssY;@K%j6Ft(bqt|2 zb8aEr<5X*yDB!?Qi7y&T*eYJynmRsB2AmqnWfUf3x*DCuQr3dE5fK7|X>b}bEn}-S zL$7*WeIrpEV%VjdoEPz2@?kE@AOk3MD zIfBWGVyv>wD5Mt}W_Hu}%P!0g)>qyeSlOZ~Z**GwvcI|LLpv?wO|fBl{&W&E^(dYLw6m5Mi9y4XTapK%OC43u_;!40eJ<|{H&cdiPJg<0s(FpVN|@rcvG__QiOFB7kXE^n2U$rMR3|H|{sE17K!G4w-}mFiq( zf0{CYyOF1GRFwr&G4JrGuE?x zkVFUZ5#2*De#A6{Bc-PY6qr{AekN#FkEO3$Up^;JDXgzDB+2V^tO*G~RNxM5Za+PC z4j>JPvKn3z$;g{kIQ{8>wKSNUTxWUMdJJy|<*`h94UA$-a;bS-3{*CqUTW%?M5BXLC+(BQVZak1q5T0_Gx=K9nUG1H z%w5w$9f3~D0U#=wOrXg?f&8&u)040zqCy*Jx$F%MaJYm;bm(uxqL%Skg%jV^}+Pyq}CX39`e^ zs-jnyN+{AeoAeuh&s%6R$?Jk9sS*n)fiV*4$u{B->!Ng(B2C6-=lXt+^??mGv@3eF z#o=^WZnR>vRU{e^(d|{$QV|cI*bd~kvc=_@>A)bx zqWhq;Q^%z8FzD*Jc{|UvZB6m_Xf&s)M&WJbg0^+3dS36=Z-{cO8A-KtQyEn^!MlZh zt-93Vf3^Ct8WE$gqu=X5o>_;=Oa-z4${lx6_&V zZ~XsY2bEEP`lc__j(xztr}r_y0d3Al1mI$LhjWQJcz4>D#)w52z3kW9&;vEMC;z#e zQT8u){kb>1_~IG|s-!m{`u@J$g;u@S(~1t#0R1=N8PMNV%2dMcR9@a(J@cDF4*D5O zn#T*AZ?HJP&?4jUJ5@=}6Q_A(e6Bv%PUFv!Db7!_rFiwjbKLe%D!dc-fX@;gPpCRS zz>hiqKWTjpUrB%yn;g$wfW5ez%W3{hQay6fueTS&%S7-Gx7kv?&M@XWvkA9M6=n{>|P?xc#t9sB#+RSC-(w!lTg7k;0i(m$=b*$)p+=-+yzh??+q%1zO9t4x3(VfA?mj^O*QTD^uV zO)@q<=XUcg?Z+iI>c#W4?e?L{w&kmt-0Khc! z5&6_&D#;nvvREu;&v>o2>*DNC;*gxsK|PVyf^>OJGqDctlkGCA{u(cSuyX> zO8xi~5{=-k7v&}pzD=5#tm3~aq7!C?d$p!=BLuQHkQ#yiz~>O&_hLR5hadm7(;?Sv zs;5J}WBn6vMWd-WK^Ia;BK z*uUxFy)y9oEBjxd+dGsa_H2lk1V*a3J;FxsO08{fwO$bj(kNt{5lz5!Q*|2yj${fm z8E+)ixVe>i*~n~dz)(bF&($Yfv!Pz{ECWyvC5N|3SGh+VY7sSbkBkKh5t7^-isRK| z;aBv(?vOS+A}R5?26Ho0#tW0>&mkox%kh6)1L(KmazxMtB4vC8B6;iI8NggDyXyA% zF!wsel%vDC96;V}@UD*AtD1N{UFCzE^AK6Q=gXI|duBe%Yparhl{J$r_Uylz6m@2H z`_nToY!cjO&h?~d{z(qBIcr1@v+uAoow`PxAUugt6AT{C?W#TPX^i3K7nvUNsA#wT z1WU2R5QTRKkBucEc{3>eleL*{Tt(mk6uQ|=BO^q|tF+~?xCNnPH8g-EIeVfcf+!Us zoD6KZi~U)H8dsjuyJmQrEc^I5QFB>LDBe}3_NT8EsBp^&2PH)uZGI%6c)N%Z8kH zmfL0H0KjC}&$@$g_M`eDMoD#oI7_g?-Q?VB6Wy$qsG8_Oc}>-}F58{gw9DkbKyK6h zSqCaZS{GI{4$0X4nNCd7HJjd|^wUfw(5jrV4|nLvwFUraFb-9%kX9Y-HC{8#6sBzb zq{`;)BmX?zJ#5~oI{+Pn+B9p$&3-U5fadWN zU#?8soc*5dF~^gSo?K>NLT>$XW~d#GNFx0$H|AIgvqrP=+`YLhFAlP(F?a5^W|o)9 z--f8iDe|6ob%9wZIXa04Wm)_ul3Xx8Vh0G$9-k+<1AIIk^PA2sg$wv!jjs21KXyph zISF156eNjX5`v92&-$_zv$cAzOV}#M7c1A`jGU%fN8QU%xQ%i@HvOzJgM`)1`(7o{ z0m^29uR-!X>cvd^rs%?~q4#}e?HQ|Serr3S);fu@y&Ndew99l|kBZbBrFoW0-taU} z-;_f@%!LCW6$r-vAnpLHUqAlK_HPFc;9#lpitJ-2o7;675M9YG@R8ziKM9$B!U1}% z7=_9`d*ZRW%)W5ql+LnhjMEtI%V_KC8Q)U2((*7xwN2lWiqwZshhHVrGZt~hr)nUOpPZ9Kh-@>7WmQ)qm@qg(@@L z8XO+-so7pqI+o--KE~><8q>g5SU0)CrO|L>Ihw_&JN=unl!|MHQTQQe<@$ z^jadM*XYj+^1Lpcz!~;srK)LcIidA%zisfHpOAj^Kpmrm1_qb(f_?O`*}9CsIuimZjTN+L(1u||)>(5KNV8huwmp<9oi>%= zlK50-#xICk>e5y9xP5T;d_zePVF86R!(SuF)#Ho;~N1eLb6zq>`a=oP$@yIce_IvMp(5Lww-@- z&}3@-!yJJ#40rD-fhsLe#>TRc+N3f}%)(&r+?6)jy zF&xO!?2($Zsxjpo*O=QC?%_czNm)TGG#2~28FYH%%E+9a0vCJi_qgI9n2)z@UB%Q7Lqet7_D`wqgR4b z)Y9xITC7R=+xNWm$&`Pot@6~Xk=p@JQX2%?2zW&rlXdL?poX-XUE2E0$Bd?iRSXFK z?+78PcuCJMcKN4J|DbBj;u| z`EGEkHP&Xo4^CF#h0BBHu5^-S64yS%U|6uguY#9iT~n8z0r49))O9Gu(I7YA+d415W$< z;n`Nr?e59r?y2JXT2}x7iPC(zx=`88f*-GNn#s}40LuOBydGI@ls~SXo^Pb=>%lm_ zxU9>Y8?iPDAZ*OJx>!&B8Me!vp|HGnn~Rr4qfD2sSYosK(Xjl{UVW{*%2$1LyMA;dSGJk2HQyMPr_B(=QNl?G zBdBo$OIC;@6B|=xhxc~e0ePN))Ot7$nN9lN(lSy_qy<*4>B+7wdXZWxo7>%}ZTUt5 z_|v);F|G>UwoM_ZJ>*u`a~X;>s*!8Q);>*c58chC)>Y(#(x?#y?nC;c>7&JEv)Myl z&k-&`8MNaM3=nG*SSZIxW|f$&IuHGy@jS#r15b-5aiGk^8utnXKuSn+#F0#P(~0gX zhEia6)*&5&2+uH#7yk@qd@{*au;$<2AqB^%Mj?m;S%c_zm|5ku5LFHLqXkXAAtTP6 zERYxClxmxk7Gi~RG86^xi$!RV6Sr7cQOv%!tz;reP90LhhORgQWdBH>)LRb0Vna1< zjv0ooy=T`)Yxn5pC_$unU@Nw;XK{R-4fCd0yA734nuSRzPCiAcI%2iwAB|^Mg<5yl z5647EwjQD|mnFBD|JJyA&U*^83HCe`@tuSdMt4M*O|F!3gxex=jV3`&W=Mrr=&SV5 z9cztmq*5&F9?{w*uBrFnQB_oS#b-cWi7|8DoDz9V$g0^q4=7QcyxH7NxM=tZ1Hbx1 znmWutLy!)hATBwvSsdzql+uL1Gx$9rA-+KzpuP)uc|SV7hyd&yFDHJz(B>?y`qr8N z@hTiTa;^BXnDAn3(D^M`JqORQHN2kV*^I1e37B#9qV1Z># z-@tx4XZ6uHF|zMMS6`B#FY0IEr46o_3~I%Yu$fyvrQrWz)I7^^==gF&g3t%jpdC6< z(%}0uZi*@<8Jv*i`hPWN(v+>OqJB32Eqp2r_-h1fZRdPu##HII@H&AlDg<3i4*=N{!qqF+O z!?p(KV6@CZ)$jWT9A#$Te*>PDmlwWze!dbjfC;Nm70lIBcyZ_2T4z^sco@&zp@Aux zA?@V}O1+dLOkL-U=l67`K!tdZ%uG=kn^Wt*OsN!r!sjirk(RI_1&K}Hh& zJ|BNmNUs0|-_8t7tRT{1BsDh$Yd879y19{**+iQ&RYt+E3x?-&98FTfNegwkGEN8G zqbmb7V`SU1T~lR~hh3RH>*%rN_SD%95dpzc4vZIVCXUvtZx0r8n^y%C)-06Og}U}` z&E&+r&ci1d2}_X3tNy>gOwdg1uac}&R;DI%YgN z3M$Thl%eigfO)NWXq%lQ59bqidqwg8Nu z4e%Me@19(30+nHpQE<|gqZqm9a&g6^vS|kl1{Ncvch&DOKWet)ZicAdHz@PMQvK-b zD_sDEI~0|8aheA62$)ja_|Y34mYy^JD>$$?MHTNe2r3lk7?IE$GK*WFP=06b?*57m zyX|6eVlDX<&iwNq_bZ$soak0n0GT?FAzBPOED=(QljRqkZ|uRWmJkD`1>o4(TAALb z=oE1Feo7u=8a5=a)&#}NJDF7%@V7eQTW2EFv7r-r}un`Svc=ki=(73H!WtVjA>#d?|mSC4B#>Cu`IMkU@Cf@Z!8C-g8^3%UW&_h!T7FiHl}|uuUH{7HV=f2h>f0-0{NDs$Yq-WGuu%`%@IFz>uOPk`QQT zkJ7-6P6(5Xs@4WS~&it~w*C`EJ^?1C*jR2%c5V(!B1b{-;x)lY#A7fx=A17h!Hbok{BzJjJCKxjfFrjEc9CBj8KHjMuFKLR9) zxNAd|eYr^!ARCWtZ$8H^&cIzhZ9k{@&NwacC6%#nAD9V&hY$qFqk z+=OK@5;>;Ui}OaMrjhC+L9IHtg9M3w$r{`=MQ-TfN zV81U)ULh;r4eW`L#&RGMr_8W$zjx{#0vSx-O$voc7E~iV5H@9=nui2|aV|%bS4{S@ zedRrUmcXN}{X)^%c@Sh2$8~~#jMoQa@u0T*6bv;VR&*MhCl^NSA~=sE0F9?hFcLoa z2_~8%YSc!!CO#Vw6xr}(_-`UYn1vO;OIK4AwN8W<75z6+R~5x4+vGQvLkWHx(_S?p zj}r*utxi)-4C)Gc!XWUNS_%iGZWx)TN5uqH@k;Yihq%1kBR3)D$e((A146X9ruF(sHK^0?e=tGx4C)foExrOKd3S}+d^(PrCqJZN7p+N&<+Dx#CV!gz2;}t) zOU<6*hh_N9U)O+KEFa>kRsQ{6WI6oR5h8CYr5s%KcM9G(C0}t53A_qO3bpiI!a9#G zI+qNI7!9R)unvvzIl7W)7Q+DK^~b3%7*~W$qzsb!GrMyrHZ_@!Gzkgz2jziaDR3-o z1zfX{CPgx`CRrMoxzd~*dIwUu?OZ&aFR2A4UtH8cin#F;{mHjWXsoR$y(RDKDJEX< ze^`6{a!t~ysyp7MVs`sV7!+_ZdALxkr9Y()zeoJ&ww;V3&bc;CO}%Q~ce{CfEGoHL0%_Mhm7ch17?6jj^u;yZZ zsdg9{uGItf-Oli|0yd|qF5BPNYs{D>djVRYu8S2jgDCC(B!cm*$Hqahwb{NxygOcI zfeYUl?$kNNa633KOv@a|-xn7e1|i`{AC0-48nR;#l;@5VMLc!s9k&x+bZM_o23N%q z5x3|uXJj(t)hDNuS=^8{D-4=w$%d2vd{CTANqKdEn7I@Lh_EQsPqXFHyRB9H(L)+0 zamaB0u+q7L0l^e7@ibfk;Z5E3Gj80aG8v6w>-G={a-HjWv9Xml-qW zXJ21mCR}$}RBI;L$LX1@*gL<4lN5%Lbi0B1Y z?b{;C1pI?!4^+Wup740JB`OqflxKBhtMPm!WB06?lifv02kxUQHD?G*@*|IJ1K+d%VF_ovkznBwL2548Q7u z-rNNogQ^g0-VY@9W{M84Ua^u4veL%O{?di_u3#WgDKK2+q3dtaet_PKwZHTJx5NqF z?*fxi4=DQlwn|(E8qOc7>#J$}8HS%a>;v7-DqvVW&tGvH6F!{C9EZe+n;-$au7H04 zw*d+}KCLXhXOO8Hf(nYBG`)KEUoZv;SYZ){6X6kW3wDjsEing z;W&=+b0Rk;lNj1tn}kGz&bRBSJMiqem5|c|<70n4LlqAl!^zNLfikA04P$NH3;GK;% z7{&dTasA!&Nj^#+EiZfkQWUWJN2T;wHd6 zXrz>JTKsoM7|zeKb9)vL-W{$UZtZ(tPHxX%bFpTpKT!yYU9o1N5T&Q5pg;V&m#dqL z+v6Pyu6O7&?>ESo-Rs>JIFWMZV>kIS1&W{3uY#=?Sttr88yTH-aw!m$J-4KNM1eo7 zB-|l?-1^Cs%{9UgW+P97BnJ?w2JTWhd}y-(83)^0UA4zi_Wpp8F+laXR_*&%*=+}u+d0pL1rOTMcg0$RS_ozs6* zv^Af7fa_futm@TKF3aNad#s`&({TaE+&UH~Xw4<1)ko;pm#a7ETWYvH@& z2*6a(vyh!hkRS$gpaQra{kKsyvo~@$)`hsj*tOW_jiC0_8EYEv?=_0Z@z^+5h9}RY z&+O_TbXrFWkNz+0XKC|l{MbIq-L24F8FurU`y5Xhl`3gnuF!JtCkZ+(Di_g4r`jXd zg7#!`8W5tM0ww}SVirx9uKtM)qmwBA!> zG)=~f${r($RI-ksV3Ova%h+#-G!be^kZi{#|@LQsld>7?BMP*^PjbZZ-k+=@j5OfPQ5Upai;i@0qO2Q`ydE{{l;S z1Zp`{WHVi0iLuC1to`>``TRZwQ%Nh_#rAQQpcM~HU@}<^K8-*#EH7Ciw`1+|B1g6E z#r0XSa^s!L!D4P2(0$b@GxO`i*AMx3sKKYKrUwpu_!Q3izq5 zAwK>?v_&<&9NQ4if^w=5?k{IEsf3NzoJL-gv|gHaHf1qD!(OUP$Q);g&+^vy>5V>( zf4|;sJ>)XGT0bEqO;>rApPVP(5SSSB1NwyR{D3}w9kTuXanLydS~CQ&V#2IqE0mKO z1$1I3SE#14abroh-mDVzWMvO4G`^mdEgHye<>_#rpA~Rrzsm|cF6COlh4-sv5vyfP zDn+L*_9;p46YgM`Ze7$Fonumkmou>sBD~^>Ll&Z3UK#!7-46A8lUc`C7{W|)oC*7Gn@Yh_lZ+aFu-am zC2twlDH#9##TzGVB>s05Nub#Y#GxvRb?Dg3L332HiQMpo?M0~W2^a7-jJqO{oeWt? zR<+d>#`or8i*IkZnW|Mo$=ln9^m%-28GlWmY-GyBPaWLvzN8j9{*~xzjfin;2lcs? z^=K#PSg!}|49lVx+SGM0pwwT=Oh98Fifl>MD7JS@DQ_NtLnG%K?W`6$e1mGypuP|J z6DxdGoDdEq7Su9$&fX_Qe$6#e(16giDXAXZb_HGY`;Zy$sdPi$7}$XdHDk8D?*6>w z0C~^u<=G>V!8;?$gjC3wVLC>`O)?-!iDSXjH7Rt0#6SurT>P_YoM^MB9Z!#fWLU!{ z&NII)vh0smNk+N0QBiAizDporW8*@8yGg7^K4KC6NYt%$2vwa-2Xs%Ve`y~_QEVwN z^Rrrc@dC++ihf<9Eo8j%pmO?G&$Kj|%+ifR4KmtukUvpr*GKki3Vl=kZnNbX=cdja zxNyKyJjDGdE!X#Su9q!*fu?v!00R^)mZYAcx6Tq&Qo?Y8sD?kT?+^8pdhtKh53KLR z?vL?=KPNw?GxE>k+t^b3#C7 zFr`+~C{jLW%Wk(U#OSPDo$0|^NPB(jJbm^s9b^f4l{x!^TYtt}$#`hSJjmRv{*qrV z4$uQ=KJt}8+fBUh^a-c{Hnw~_e-NP_t`z_^pVYVpC78a#PNC@6EDj__oC zwcsh&N?Q5vVfiUfEe=9!U3>e6UQJW_FJxP%zCnT!f>Egg^=O%`pN+h`bK)n6K#@Zt z1Dw`X{*tZeYY?fWtKFWln=y7)GhG+&t-=T+B_y~Ra;+}zp~3*Vk5W>>lkJ+0zlE@v zurVv=vR`c63!ju{G|zD%7C%cNt@CwEQHjd|Tfs}T{L{@=^HEy^z4L8FYhDEp`E8|; z_OM8KY7Ff-h>5p6uMnqE$E8eOby!grzd??W_{Hfx2bqL$tImr^hhIAkTA@lzNh7gi zQ;)sMb4%vVl}qOGC8N}G-?(Ca^@#%%u!pSoV#ZU!0_`eHZ%O=35?Qg3lSJaFFoA7= zQj3=bESwl*X?d2$357B+Ij~FGUsQDy_92?2o~(cpxLA%qYRt~;T0IgyHk^y$wVHyn zgzNRTq#Ax5y)h;=?9>Y50!K_4q>qJd$;qifkmC>g`VG7kd4D;Mf^&nF7A*P{Yez$y z=w1`{cIrp}-dgCLzgIJCAMsj#Urn}H%z63q&sbS^a3LZmE2U6JHwB8v4?DxUd+=x| zvzFd$vCz~nF=#?(s-&EIPgIRayj2{P)}#HzW~0f7{usFM9Sb5dpA=;qZ9%nJPx)pM zM(%(@Qw4F~4RZ2{fUk+ZEKFlERGG~3VBo@hKJV*VcZ+UncB)xXhjt6SOO zz`(h@d}I#j3$y<0+DfRFfWA+Ta=~l!iAC?oWG?yS3_2rW zf1>~~f&SD;(=_8_T>)4Dv2Zj!@gQYGfCj*2-acT>_t_2bAnW7m3wX%gZJCB#)Jgp< ziBw(_0Fnz`M(@YO8Ri@ej5G2KHg~X)*l88z{iuf8l;P-1_vS;Ud|AT_wP5?C_r67u zXt>Y3YGg?b9Z?}I+s&tOry43o!yw|E`qwg03R6t$un^?GV9@%1z@YQq z4EN&L)hhYUROGYH&~zFpx36i6f9l|2@{|T^F+6RHMc)-A^OcYO^03?=#kgA}5+*?N z#E$vSk*))2dzWuMZ(V0_>P_o=W@G>1f((0B$|EkvTa}faaZ-{%6h+$8N`;dt96;nZ zzyia+IF{s{rp8!Ps(nlu)>UOr0j^XKBPs<4dF!|Pb!;M87ekF_`2x-waja|wClXNW z5l+=U-Sl|(SchHC=f{JvP%~aSTHWHIHp!bnXYO|o97s+{abQO(<65#mvYBf-l1ycitT zv0e=?Oay94B}Kw37|{6QIUM*sO$1M&KhDXsq!@Y@&1j~!h=nz%y>Mj1R+@%30^z;_ z^&-D(ANaS<-)?+-d$a*3`mQf`pD#ZLrWT+z-Z^TAWPo=DJ?H#OoGH&jqll|Y#-@z7 z;+RP5r}Ab#wCP}%m~z>-e52+;)YVkvJzbk7R7_M+)gkq4e&%VZ?&&)HZ(~k5K`E{P zY%V67!ktc&o)Y9%<#3>XiN-^CLR36o+KN|^t?;pt+TBITQY5L~P~uJ!HVIXj%7Wwd z5VWPSg@K#0&JPbHHu&U(c7iIq&AH&+LRx6hQc$)sa}dyeoPu{axfdWeNnNo1J^4w2 zx{=<#{ycQprkCdK_+J=^;GtgO2=hdm~n;x7@dx*vh)B$zo6MI zq_AW^|EYF}i;ZA8beP5|t2%+qW@AVsXhbqi6SWNI4O9eyvPYlC^1anbnIosB;<~& z->GngI~HB|JZfpXs-48CCc2iJSd;Qyk}=WA;NsUx(E`(g)!K@J8}2?zpQfl51uR{y zefwNOV`C(5VC;vU8`8?SRFfY%)O^j^eTkrtv%wbFO4p!wb%Lcz`Gdam=7`=ytq4F( z+MemDM+LyQdY1YG$Ud3De*$#8Zn=M+RLW5(7vNXM$sJ6oj%Y-0M9^e?7KFS+^G`QT&%I-z~auk=;ZZxyNXtxBp~s!R-ZqDMl<+M$TbhBnZEv5-bk zkL``3(YWy9&R=EI1Wol5#LY? zhX$fqbfzmmU^i8JuIAJii67q*)NwS9;6_xCpe9{lFZ7ukWu$VB1^{pJG95KGYm*eWFliVTg4TSaxuKm#+rSnal{ zSm8#WMiCEJ0fpiO^b@u<8x)(x%S2_FKtUl`ft(Acn~L66o+3E1`CP=7k2XFqkolnV zV(#AFLqC*3_7*Tq9Rus%(#V8d*3kkn*M3!liVs7b$GI=b~%{DUPKI47| z#8jlTx*(1?wl(M>G7mFxgkkQn(<&*8kJ*xWcVC&4rV3F(OMf))4pJX!s=@l>%!(a- ziBWMb-KcJAPI2(3U%+fZ@3&Lgi*3!{$r=7t2R~_N%F7kNO?Myr7 zMUn4lp|aZ+GpTT7M+>F>^?(O9p#zyB#aJr`aX);|HYO^n+go}y@ljtEcTtHXA1YSS z+t6V3S2bGetfJm#ldfI1(G|7e@{UDT3AxmE3nso5hcH9l z<;l$1%HiVLQ~PM71mpNH-uX>04kJe>g3z(%?Q{=1IQ&Ji-k$m)7j;LusRNT-YIMzT zP^C~;*03@`Jj2*^CDK^IS$6#CFAEM%jhuk(VMl37dGJoE9#Q;_yq z!d3~$vi=GS;a-nCMht!7Fy~)s{KF|x5(7x#Z^pfb1|gfj+HZ9i%Q%YP9^n60E=$DQ@I5mQ$I(zTbEy`bjuLVlHz?NH@q0o=ZStII^*={J`A1 zW5to~-80gU2tGdP!jxJiQW4Gw9QX)g2!avJl)P&UmgBThqQv43#LTQf;ScRHf_^Zd z3w>>Ev}8rb$D`@WA|u(}2uS&P-wWd~yJ)XCZ(!90VZ->`wzObtbyuZRy2xVF&SH+5 z^I32+mMs(ua)E?iN}Bh6!9&cH*<+G)x=T_fcf90PKQIB2^k8UrGg5*01mP_>!46=~ zsl<@<{AqGpsk{I;2R2IMe0p*0`_=$E!f(6sUqyPf@c(G^tgEFHoT8o}5?Uk=NHu|u zg_mIeLUf_$F~xEHB-DtIIGiEk58N*rR!A!Fcx#qKBn6FEmxR`p>soOJXb>tpQIDwR ztyE~KygX`OxFs05xCL>;A8{x(?o#p49$K~0+I{ykv-mxs88qG8?4bN`;O8jLZo;nkz#C;FP&S zg1aiu+{2lEhgeOn9x;n-OP`Al|JLj;OdnW!*n%a3njc>=bT+=2;KUpC!7W>_9P*yb z;)y!eviQP;&AAaH7EZ3uJ@>g6LqW+T2>Y_pnNG|2?S?*d{LuFy>UAqW7$$jJ8Ejai zSN?*JG=tE$t2*sdqVPBEEhL_;vAO1Pxl~Q7py97`GKed3b<#a)94NdYQd_$JWIb>F zio*iQ1KF|aP&oyeqg`9%*G(jx}gV-9jHz^}z_20~xZXb5tb z%*s;?RA{qUGZRLf4tefF`15fw{+OeQ_+NUKN$b@=#Omg{Ag4 zFKIxa@}4e(S_jhUH_LaKR^dTy&voStQ<0h))0Wt*U98lHuK*tR_C!`~EYNDwV)|%% zps!`V(SWyATcZRs*yyrmDbsLiLWy=Lj8XZq-MeN~+HHczI4vL*+3-l|n4|<&je@?Y ze9){?UCs589~q0TDJxr(Sz+%PrVrI`*{L&JZq zpaJ3;V#E$rA9@~L;a#Zi@H-%4@9^x;)MM5-nn$U=&R>iC zFD};IUZ5sj>@*?`qb_Ywm?2_hM+xu2HeBkybx%3%mzI^3W5Uri&A!R6DGil$G$3nX#}4 zPcWaG2V2DprtZDg#Ljzv{pF#pjQuac68&M<@z4iqIvjzYr7_wHaVEdkv0zVvGZN#B z&d52m_rH9}%{8xZKY3lWr7!v_Iyzr@y0@--HNV~iCXvt`*vWpY&aSfOY-U{F&7m;8 zr=8b;C02e)RbnWwQB~z;Q3Gz7`Fu6&J(NXMG7BI;_b=0naN}u^+a&(z5@nQ^ni8|NCsG zTK}d0X#d^K@6PvsmCTPOsyZp8(#jYbk*tV<(Vp05;ib4zJC#Qy(<^$hzs(fA(@)_W z-#lFMzFb4c)+WqN)OS73(BB1nmCW8@ZW7v%PbuRWk`lxK`10lG$=2m`K*B5r;uw#h zb!}^54u_H_&C1WBlQL=_8uA(XL$E|j@gwgq@D&HLg~|c=Mefs|O*EAcRYA&I;rCM- zM~EadG{am4{it|jtgd0UPGpHFY8K7ROy+*>&2OKY5-7{>3~wMNK8-1CEkgbSN(4&t zR}a|w0*)15U_pMUdIK;1uZy3QO9bAhE}YabFhXO*DdwQ1uP+m z0FP0^5?{AohUJ<=t4g8Vmt@{|`49rQSLH;fzw!kDJ$wio%-?Y`BV3T5`=Nr5Hv&z)iI2951@`iUW`e2DW(&IElWsGk7ukTX%1oZ zR0Y61EzYsFRDt~0INdh)B8H4Z1uL4MlsS1+w-Nay>0~bZnygi5OAvxK`rqvxJnyz^ z6ro1=LSviLRblM)R2BINPT|aXRiRb|pEC?oBFUh&Ws>}B0cE}jzQ=-`N+|+nSJ&R( zb2CL-BWyx51=zC_WP6u1fqhkz$SW+C&q$2%?z87|%DxWkBg}GdzH!}fS z&;RFZv6*^6(rwB4$Y zTg<)x7R!GtQn~kAh=ssO#PO<|L7V@tzgx=xvAesw_vrt-li!`oe;q1L&IR{PQpFG;%T;z52`sHHt+#BZRQX<6T6@xY9H#yNk zc_wl-$2#|S314HY`Zd=O>aH#Z`Q_B2CzCb+Md z#)K^(Xpoh}3JyGdM`S5Ls%;5EH26gje#*&^ep(95C7B26qY@-@rNq8$QW(QU)N!d# z_ud1j6^tvz;Ys=KKU5$pXOVyyo344O38IRUxY+_KS3gAATe-@$naXe*@66ONuh)iH z;rOh+tG@tKgiy810LXEc7FTNY@;7j6?%34lg|_ByK?b(zCmK`C=hi(|b*2GX*+8;t zA1mXfoF5B?TkBFWnFAMyt9uX|t!Vph2tkgb#WCf(Vg*dKw#s=n>{}o;wNvXrE)8g1 z6R%fpF_hKj-blClNnd_444frq!S)R|&xje=0@^!HX1GyQe;2Ush~uVoHu&11a%SN&VT{+nPObxF z4|X2yzdQNepZ)h*veV1&*KYk8HhnO*pBZSQg*Pf!55we<>Ax*P!v*}oZBR5+4L4(nsv2FWmJ)JyM#lxdckSkP6$KkDv{UfhA7{+vWKq>C#xa9fVcxIl!fAqXLkErl`@r2dwm4m7jX6r)Ejn**ak)7|xXC)RccfJoR>OB| zcFf83yTZ&CYW7z-s|ETkGipo8x*4;dU)K${ivNctBes73Pk-mxe);}y|6q6j(f@N7 zzkBrmNOpSp{eN&W`rG=QK$=${juXfpZL=pxp?yPNklocSIfSa@UCkk+zh8?($c5G5 z5L)cUaX~b=aax^9r9m}2l^&Wy=q1kZ0E_bXk$!wv4yAKqF7{MiN$OoIq~mEeepT>_ z1t;f=1~(Kue$~uotN2T7ELv>QTkw7SCi|i)7=5X4baggZG z9dZem+xN+pcC-iOlM^Ic!X;OTr8Z}rZn*^0tMeVZPdHQPCjV`y{J zSPSYJZkk(li7qlpzTT<1xnI;w+3ov9@7uxC@>|9K2dTBMaS^mF{_FXECH`yw+2j4s zJNezC|8IW&Uq7$k@#o}!zkjzM4DwbZzo3U(a`Tmmxtfy?zFv!q&xUl(h%X13YsY)p zP#&Yb9;3ag7Cx-#e*>r1eaCt^lJh}%mF_vxOEKVMoY(#Mnp*d~^?91sweh#(d>so5 zfPURRCK$rfvwdCvQZ0;|dY1s`1NSX0?ZjwS-EPx`aXZWF#-0ncuD;6{o|D;T0BTiO#0=2|{^$#lkpWSDV_y6wZcYpq$Q^iiV;RLcc^}%?8 z3Y?nVK}DOJ`Gl;#ZpSfHPvDijLl%e|rh%z}RO=$jt;@WwmD1ik6@{atr4P$i zS`b}S-&?I?C2%*Jd-SGMo7Gab+03stZ?QGq7oJ-BX?Yb8hkL)2i8m^~4MX$%~H?iJ06Gb+I^&=b}BY%4}0X z0#o76Ny2_f<~|$x=G~%wt)Z-MfFPB;#C$+GfpO*Ma=VZ5?4eqSpo3E*T2VKn*(GJhr=oFz;Evu!ZVIzZNc+IXVYltgy%=MgB3jp2Fb7fD~!**X8XGcXP zTyY8-)XH0QhOE~-Sb9XaB0Y+xzvKs^?GglZn+9`e1y&fKId97hd1Y;&~<*g$44QgPO#^KckQFL3ss(wH|)(*|M2AkaNje7Mm zabRUC)tJu>3`k<7qZteLgh{x8pb!{-$fK_qi@REB>s+Z3|-O?3T^GZC3<0cD!<&oZb7^@3?Mr zLn#5fXs@o{6jpOS)x)@5(0j}00+R{1$`uh>;?{}A;iCVSe2K-+O&vJIz zJC70S?)J5{g3i@dd!g5$d&v%T9oTE`9c646s~>dO)V;l8C409l#{0Iy?(esP{cmqc zD|rE0?En3Py|Vqk`+WED{@@oH}$Q{z~?a*2Z0B{`YA9>q+&rdsaE; zelo-PjZwKA^j79H8IkP8lyj04PDRfvJ8p0i<&r~7jFSJv^wdN(_~?SYN@njcw}T`b z&?syebWxbgp=zR7`|v~ZAu-X2--r)MjisYHSD4G0(-a804S`;+2S9<}{6=h6#adpV z8AlP?^nIxoNptJyiEOT=fW!hPQ6R0bf;EcSx1JdSRw!{(yQWV655^>(&{4uTS&NR@ zqW|wa+b!w;{b#%TJCFMRUHmrCDbA#f5t1v_q{|H>L4zrcBPoAV9A4rP5kY4IU5u$f zVw$FmX99^aiDQUXK@*&XW15V%5hpRu=uB^T#dDlQoeh+bk&18LQceXOM~ePOH$ZQb zc#c>CUrLlvN;ryXLV`~4^8B}Rxjl6@&|1LKju#{OL_&M0S+&xDOfF{^E41wY3FG$z?Yq;K{iP{PycUc1HHqXvZ+8PFJFmH zkaG413A0W>BZ7OX9cO=Zf|&?eM0#J5KcQ~@pS?PM`TA8biPqFd%l)rs2fNQo>wkam z;4%OAo%}Y?_o|}5Sq(qa0hjv53&|3l&N2G+M-orm$N#-G&azY-_Ih%s2*kJ-u~76f zmeNr4V%79F%~Tt*O&2`ZBhIF&6e)_)P|QX&L<5pt5t8JHsPBSKXJZ3h{QS3RxsU{e~3-JlT+$>uMA8JO zqt`g?Oh|^M`YSP4c-PoG@`VV7(>PYajBq4vzM9OHZiBoZNgOlup7A*H6cRr(b}4C_ zF*Fqfu_;G5%>#vmRKruwqA8p*`~zL^Ir>$(d(Z_={+y!YqBVMfGaR!~G0~bhLC7XO zl4OLZoC?z221TZLfJj6E02}7>Sp!#1?n#p62z5HJwJ60WDg7x%5!KVod@a1Z-A!~;0B_o=A>U1(ZY6Gj_WO!tQ=?DGiLEn$a zfa1jO@A&-rUZ;~zlv&5ux@4VNa4eER?)`oFJNr3@0Jczy{>7vyro<&2bx!;CK0DL(;!t_BW6<{m7n) z&IVFL*BF7^mFwzMN_~-$BqYVk(g(qs=ZWt4XnT>f}~@oBQnPEh`flg5N*8q z&oL9q;Zh)&p?55vP6#?zfDl01MkhnVd!FxYBfFb7uvK}UmbnoX5>J7mIc%3oTFXt3 zCL;%9&-XeV9EL=Q*DNA!=pI8$G+|K@aNLNu)6p5h(R)ra@)jmQ&_7!{JEwn=6?*vY zpS07F22C5>Q|;v&6cZUakjzfHkev&rbE$n16hPE5nuxW1pw&{FvF~FbDn+W z#1R#23z|vGC~YsCiAT~7K4-9#xrTm8=C5%ob-%+hEd4xJ0~O4agi`Wck~v6z*a+mC z#OhhTq)8JJ3V${LOKlOcl`58_x`AwDHxSBwiL#Lit@(+}b5crL!hj`WQz@z5O9T2! z$9W<_5<$TvhP4Q}Z)_ETCJ1Z9w~=5If-*WGLISwL2`tKy{90*tTm>YgOb9xlG0o~0j2yr*de&wbyoS6?+%uCKcy6ypJj^$vy8boo!!6uwRI$0^Bm z;9@rZ`U~Y3D~!AMGa5YKCrOxJ+5GaQ;|w}V<6^`?5NJ0eNoI%nBL{~{PG3p*V(X-Er6`073D7ew$+5**$0?Z2WG^Z=3G>GCj zMpFAlles?g0Y`ahqK-UoyF|+)&jXI%EHz!y6JPG&iCO5sNf0IPeDeuICtr2sQ_6UT zEHFn;wxnGcW-)whPV9V;b14o`gIhhT|B@5uWL>MsQr7k=@ic*BA`-$#Db z?bMN=e=QR9Z4&g?LxTP-kf2{CffgF*mvqE&BsCQfAr}nwgPmZf)A{vng5IzhnG6U= z{k?6pyR*BqtxV|Iu5o3fD=ZM0AksV<(u9gJi3$^cM6>a90L~A|yxL#7Au^mzh0lh5 zHYUFI3WHCC3N*ogFmBvY($rHChC&WlD=_)NemKU-hzRAdQN9fMzVH<2H3kMk#-vbS zJY^hbN{Nl=a7bWUh6HC*EV$Uk`OubS9q@UV7UW~N$xAOd}Er&UPxw*2-jXrIGUQ8)vgu_%{fVO z*NJvDXw6x*CFPcA$k_y8IW)zKEFor3GQK{&a<&1U7)z5O+04*TiY}bY5fx%e#PVG# z9bK;@&8Q+I3FeeZ0U>3!o+<5gvA>QO5wd$DvdntK$y`okfkrV3uoFs)%^sRsG!kvG z2yd4ddN1K*NVpMHzp~+wg3}S2MJ$|3%Le9b@#2~7{x;kDZ9+$Cf_oeJKmDm7euxDT zUA;{7t7N1m&x|2sXtt-hgp=MfMUS- zs28gyqWAO3i&t;XA;9$Soz5>wOoS*l%fZ|nY)FY6<0~Wu$%qpr;Aw)cIL+Y9S+HRy zNz{p`$T%HLGlx6|Cn}KLK+5F=dB^AISXDc zVQyr3R8em|NM&qo0PMYef7`Z_Fna#hr@$&bH+HWn*^cA1dNz9>$97xa6DMBVY0r7O z{n-!+NvJ7;2LSD;N$zLAKfI9u2~yOHouoB)Ph*k5U}i8F3`#c6-l)2n{hz zf}Nd!ZoA-S?B8(|p!X@ETr#5>tXq7r-P?KI+p)p#JKzZm*aXG#Jh-OZV8;RWy?_?u z5G71-;vj|L1O>aj?G8-w&xYx@yB(OO`A zjD~1Swx1=K&w>cuqL`#80vG@N8brF^0Ymf_QNSmV3mIVG4o4`S0i1x0Apj}Kk_hk# z0(XSQ5r{GbI02Y5fD(>qN-;xVgdoo-Vq0JoqxX1-W6Wn;049-;HWJ5hNT?hq;12T% zh!Ko%G6o!l6EMPb%6gp%5e%Dfp0YvT^i(e-(+&;=mF9~UHSwi?mj)q8I7)awOJf2f z*5BRU`M$riV~Pba851#J_|-6m;Z49POjrsjN_a0##+@59yCXD`eP)C`P;%M{az1qe zpkAbuOc9@;jCH0ECmiAgQLDp$KD~n!ZGn>{>~#RhXk1`E#(a_~#El>-3Fx?EO?93G zI=5<{Q-t~gmGW5ZX8mo)eeI-__z;qJ`;1YDdQ{WEy2Y{}pxLWx`l&;d9& zJ2?F5SXz~xCr`ltW+;?~(T_11!dNU5;1qF0nfR(-9!XuH?AcO@Gil;)frM}*%{ag( z(u|8^KyDGGI6~5XD_7nEI0@rS+F`aH6Gme)!sCphNSJ!U3>5Xp3Kc2pqT$1g3L^@@ zTZm&gjPnvT$PUz-bFBfl)X%dljxSJ15f{d51Q;h2j?rNZnIKQGNCMH|dk&NmgHB|d zM#Ucm>+u!~-Hwy7piTi9 znAMk|Y5=<34ggP{faBh{r~WFVK2Wd4VqrQn75{-|>hl{oMY4baZPx_9{?-8wr)7hV zG#<)1%#}5}GsHSnFM+@hgoX%kNXLkSe`G^M6T}fS^BCC3m=Lm`P&@@8OrcyJV8j3( z39$tX@l65Vf+-OyS`!`d)(G4j`AfS!{1TJWoJjK zfLz`S0<`Z5Y#=dX2y0U+QozwPjUh*}hb_=jD~VQ*6FHeg7>*OdI1a&-Lq5- zQNl(2qR=UckXDHrZTDLbNw85J_zl6{l#(IRbLUW$VX6+)E)XG*;%`$xD~AXrn?~8{ zW(HscV}_a#GQbY?znm1xMj%sknTK}WnuamZPB0cDls2^q>6n27@t6 zzX{}o8X>9%o7?`N+8xdmX9iPPH`TpT>$1YXCMMF#u$yE0rx}+6NKhpeH${Sh!hDok+eJ<-T}zPkOD$)2aAsDv5cYb#o;GQX zMT=R{HCw`DV2E#d>{|}UmFCkdj?YMp!&wOh@d2dri?@=o4=+*_;?YdIkb^}GM9ly+ z%*HtwJOb)POvVhb3CZF}C=xBELhzK&S~?GmF_?P_N-l-6!%sSpjYGQZgEvkDV_6!M zU|}CBPN~n@T9Jz4=|Ox4XY8p!zmNsYz*C{f8GpJ3P%M4PToykWy&?RJB8C$FRDoM& zqEZ_Y{U<3!f#?$y1?rX2M@8=rfZe8Q@~!laOY4vsT6Hgp39Pad*kJmPX~wwdlqpOy zSv{2cD>4ErJ3WOV+H6OgG9L4Y7#KSm))&HRCXeU`!Hp4G0C- z6s0i^C2rT!sIbcqKv7(@V_+U+d?J?Qs$NO=!;DW{TSC0)Q9}3`WbBU62;_f==}eG! zEk0k1)iUjYlW{`C@)-+52{SI(pjC!YXKK=ldLH@lIr@tsQS0n~!Vnj&1bl)5fk}{R z1Ot);BTN|&XqFiE+oTjK!6r7}Ad*I@v_C;}FeXDU9sTp;gQL^q z-ZXk5K?{;#U|RIjVm=PQbaoXL`LlsJd1m$uSAr5iOz{Yh&?OktyYexw47anY`^K}x|JQT~E6o)q`0$B=1 zluVUp$ta}6i*a~u&+twowk_Z@ zo;;-GMwGx|0Q$GW?Con?ux|^SDVRxBQ&X_eguv29^>AHaocHd{kcm08jp-KNPwRvPu39g%bk0M+7h#LLpZ2UAf|MfH%;3C{5^7n1bT3+~4F< z4mREpjt0PZW*NA4Kq*Vn554LPH`Bx!#Z$q+s;l5s^=D0qRK0a=O8v5zlwE)NLt$ra zps{(m1*VY6g>Z~uB>wI7db#sS84bFqw=v^%%KhEiV^H{iawnIE?!3?j+XNdKL!&HK z3P9-}ts&GZZL{p8$`>9boTO8#0U`N)ZP-XBRvjua9-(j+#^@(PZdh(uHMY!&P@7~5 zIm&m=lqE4lBSMi_q`(nJR4hd(&r*Yl+n5x5FM9-VF$r8K_trreieH!H1|@oS&|iT5 z1i1W$6OfYJ$ZG=Qn+iu){5Wgez1}Eb_ zjG_P~oMOZRPUH$1@h}h#us{rP`DdWp>KmFY+-kct@2fLHIqS*5E}=iPaHWJQ^G8K| zvU;v&y+upBh$m;uFncPVF%_lonF{OWT@;eH(hdft99+Og{AT7$9VIL*x zckWpbMx%VAI5wSy$*BJXDK#FDQQ$Nki0Rv+xA-yu9|KA8uPXfVH~E9z;8X^Z1{5(8 z-y-=Iy%+Nr=2v>yva1oHR~%0f<8YeFGD3$%n7-_jlvje(L;<1bWP$SfNqmqc(l{IA zs9DMquXd~eb;(pM4nrgm_QnEOornQ)GP4pDLzk+d0 z?of1Sh$6;beyfnik?fB-C`7#!N3udp#sQ*~)L;>lF*8+SGL}`s z38XOOhz1PtK*fE&e0TZ7cj_yNV`gext>?$VXm)jbZ zWUOC`et)^M-P`Uc`3Yl;68>A!FM9AS%yBJUfkQ)qd`t1rLJbo*Msy8WE!b;Sm0?yL zYRpezn%e>S0k=e9_tsE3LE+E5Q@3mEGo`P9OGpCPSzKb`P<|O#fY2YN+rxvG;oW0 zxkc>~XOMC%r-9-xg=WDeF*TKqON-$4({2mir3MRD_z8XJ*2+RkB0DDGAd0Z^!3#sg ziA~7KvZO?AYA+@b!5}QL0h$D zV{C;$)Ukb}wqxZE2>0O#pe_PZS;p~fUFXK8E@W2KJ#e5VF%|d42H={J5m%n~2{ay* z_N4282thQuRZG%7WDJiJY4s%}Lj5N=5h`B%HuwZk%$W(t`5U`K9pam%ljAn5vKzV= zew}|-epR?I00K*eT3OqOCd$HdA4G`%ROQ;$xU0z04O8Vy_A30Keud#zm(}I-8 zmN?&_nIC1T6@d8637E?GrB?WwrgbEt{QCyY2B7Qq7}`Yv{6kv!U7G||b^!_$Uz&)} zB@7)c8Sf)R_ksBdKmZgSJJnaaHdUtc>Rb{=J`8QOnja`R&ckHd4+_T`s}6@bBN-_F zRz>@5`3JZ>i{%?m6(9YbZ8zr516`+f3KD=XP>e!OD0q{1b^VOFJm14v}$qZ zBt}%*C70IU_ub`UIm%`C78vB1TS(PPX?+mn&39~0Amk#U3yViSY9gx9k2Ul1sa%r@ zj_PO~-#e)<#5=%3DEc3eRP#vCy#~9ijg3sAV47nV$PglHmEpm=mTpc`5|i=lBBcmM zha?e3KTf!iLiGixPr&}xS}K>ITEG$i2@GlhlL!Q1fk3|;m|jbU9i9T;U)-R(0oXC` zKwj@3VuCS0dM=`WkOUPqglc-1Fvu|*$-S)sI3jNdztCbPAvZF`<~xidft; z{l*I7zfWBtm~M~=Qi{+tb<{xx!CI-RL={&fiR(woBG}i&6PuNzFQ&M#FRj+kNCX%P zGsSI^aP+>V1UCm(8JK~F*?+*>FTse=00zcc?$J*dy2hcZP!1+8qd$ks^Wl%! zkCbHT;RGgQq}AUA;%duv#yFaSu_ypSS;9mzwuH`REaWkh5N`xiW1xc$nBF>(f%LKz zkZX$(4E_ELAM`9uW28cPB^9iUx{4{21T4xCp#FPul<&>RJq=-wlQ^3q_S9;~QpzQ8 z%3{oegE`HVH^;;G0Z`G8%0Z|&r}YQ`Ra)~;8q@&nY;W)QCBN9>`Xb~%uiCtiQa2Xn zQ+H?+*A_fOuW^#SSJ9jd{HnYpTS*qnLubE9;kr1Mg#gi|Z~~U3hGxkDlW|V+KbD}? z(ziqdZ%A@Z2$#55;5`)sM$3b)1?*ajwU<(Si(@oKQTx`4I*YX>H$2WvC9?K@izUoUQ~?Rjabu z*iuQkBVqu=P>>&T+0B&>a0JJKQS@-J_X}#dZaQ?xQ7#hLzL?o6~TEaOUH}=oP-p~ z?RPQRhw5L-nT*;Yi5>LCbaoZYd7SU9Xk@kk%fg93;1nlVu&4)4RMdAwz#UAu8^)Gb z%MwMe+C&-=AtN{$EATN+L>U9e^CGj$H&T(A^q`2$5(BQ2oIn9MwPi}6+!@n@Q0 z0$Iyr1;R9w<8^Aio1&>a;j#OC{}kJPD_vc=GVBHlkcO0{+sFar4wFM;VwhupX}yP} zV9HYv<6D#<#J34ahXhrDGVj6QF-4r8ZyZ`us|A|#uzS;D9RTOe(qDaNi zx4zAM&Khs>e?TMU{-LAD$=i-K)AaH?Qsn4Fc$~hQZzk)rM+dpT}U{eJ-lqHfaD8nCaQ)#JEl=f ztFsEXcCSkneQgivDh}>^vk(#vmdspZiq% zWBP@vyvF0K@>FzxcW=96uW`VJT;7_F(cItE`%KloEROadNrM>l+vc6k7$R>@!_N^4_J1sG;bW!N%{?rQNZDO$)m!&L0N6-W#~ zHwdQiy)f|-6mk_C%wFznZ*K$nbCjpLWieK!L}M% zd8p11EC_Au2yk0!#aVqkvx1aec%ZjyiVe=9?Yamrt4P_dvoZIGo<3z~cDEq7E(lX}NwTh`M@%jUw`AHo zG)?*J2vgfTQZ+B;U}_?%MGJZF!ldZn8f3ivYA7)c*Ts5Mr2O4BV~R6rGH*)}@m#Nr7Zs{pm=Zj+gbbkfBEYVni4V7p~ z=O&Yhkz`Xz7ROs4A(iIjTmdjE{CG0BE1VFLZ`_*sF>f8w9snETbXSaxgI_MTbW#i& z0g@Due*DMrmiP?*FYq=+$pweu&8E{~<&1&zdre1yy)J^m1cqlnA39D=JG^-wL_3On zz8HjZ)LC`xc3~wDd~V~?&_5-SC&01VxGD`~ai`q^irEK(&&0niUo=P7YZy--jwt^5iT(W|oij`X*EBXkv?&^RuhPg&`Im zu2X4Ty&iz?ceeNDusR_TI$Ml(8BQ*6D7L-Y8l#@`$NF9WiRe5T zLTrJS|KunRT;|r!f`+!x2tpgGio#lObnE&177fM(Mz3HDlhE60>9fqIR|qn|3|zmq zid?UkzcQLEfpH+v2!^^5#~5(%Ye6r1uRvZ>I2z$lN6YDjfjWVzuR{SRXX?NQy){84 zhO`zz&~nli6I3}NPhaJY3JfAHZ8CqI#8qeKQYZxqr2wa{0q&tCS0)Q|{Dp*m4wJDu zwojEu6>@3%>x0QE*1s$uMjS8$wjh|sS7KDYqZGy@i}LK9!3a}y2jjT^L@Zn=4tb!# zj0lzdH0%sCdcM;jbqsLMhwN0=f-A97BtWn7}!?vnc^ydiQ|m2i>UR=6wYM!7oDaUCJ%8~DQVwh*WfSlX8_))xb_8js$5g{k=i_D z*H}!Y8if_^0b~t{P&3!D$IBZa%5hppkcOEX>An!}Bg|+f4Px*ri^j^MRfJ+Kva3zA z#8xl%E_XC6JWA29){_(sdrE2Rd7`hE?f}-|D)aY|q$#qyn5`vfJFviy!W1V5`Q-_x zIKk6w3X*I(M6{nG8lr^5F{(S;qSU!eR?4`R{NgSK<-8YSVGc>z7}_nH-K`oN;rn+< z0rnKWUj|D(&aKw|qXS8XfSU8Knw3nsQ1Nmd9gODa%}2C9l+lkEQLW&il+PRZzHGZmB|A zzJ%;j4mI=gOWh;ttusuy?Dr>5a`0@5HS*IE?xARVw5TBEIssU@ClYaHwQ;l?#vQK$QY0N*h zAUW&KKviwtpM%Ps9sc53s9cGdn}=#$yjxo)ssjHuxv1`^>zB?(Wh1|8LZdmPJ*G68 zpVG*(LKaDCbU#A1dRilEiPJu@kN;vr>YVD8ZuQi!(TpERU5wiDY8|u>L$~dF&g{{m^|+Hc^RvkDD>s5 zYSF}cvsSfeaDLt@50y(bV&|^%z+5PMRf{%D`KwyCSd+o3MSG1otXj6-DvMPMTvpCw z)k;zyGg;kFCM&WU`eHI%*->~)<+!Q?u&yjub?{fnb5#d& zrA$|KKv&LnRR{RbpY6(?@R!VYRSRNm8Lw(vSS9CGEzs4nUe$tKJ?~X5=)XYbD{K9^ zQtqoJ`?N*&t1=qP=f9edNOK0PGA66!z?zTCoGe%s8)Th%u<92rkD0Lk44JU(sMAU= ztfKS(JlU{H1TUQrtA1cSU`8xIG3&^Q)uff?WX19$wU)eCZL#{gGGkeLPz&eAs-EDQ zmmSMFoZOHF%a7H4RJcl~)iSI3ZOPhlfo`Rc-$7v3U5v^>B$ptPGSUJL1CO6NYks0q{?GZeVFkHq4*D_gXs{4 zQWV7>t^kTRM(lo>Aaw+bnBEl~oiU^aRS`Bxs1Sv+v?;uu!Kk+d&JdkqrpA4BXr7e( zB}IvW_^f<77Ki~*r#&R2$(>9|mPGoHjTYppD^Kz}C0ND97Qxl#n2J6SJ)&f4^2*ua z+dz}l6IfSKa(G(#T;7gwJw!S^;6$wr79nbbZI}OkJpb3#n}gHi-%5R_0R^em-)ckKKx)}+N*I=#BX+}QZ!b4p3|Nf?yTNHK5*&_OLl$K>@N}ASrMKZ&T`!V{mZNC173C2gBgR{|tBdO? z^A64co50=Y`vVAjy23>!t!OHM3BoSQ+uFd0#Wh!34oNsJe`GvG|&;ys?I0zSZ8_5^| z6MJCfOL-sRcmQ^Gf(Q*UOoE-AfPSw$f2s>|&q%?O0XP}GAzYsAPjVlc$C+*L6{B3@ zdS(&5!So+8$EmcG5_N3BOx3#cCHW}~^X2M_CXFB@kmv*{#kWwNrcm7LmqOHYL*D8w zXMI1No$IRqKr>Z97#+5qX;&>fzN^AfIX*C7{_-Oy_9>GV4diRs1)4B*YEBQ7V*Q=4 zd^e%0_85DtS(yb5oKZ3rQ+CFrPlIwqONEV}*r8Xy%x5JTHwK{G1PDS%L0W~|ViqxA z+s+-w2IYn+q71Xe#Go?71qN|XJHBbaZAd8eQniJ3ybDpQ>Jre0QQ$5nmf9|1Q>UG) z^*@tNE_H38nzws9&wGw~e$>tnq@9g$*o!lL)c3c_DoyYr7dkr$uC+W2Ty012pvB0EX zs#nRW5`Z8GNgSh4Eie0D}OPc=+uBtxgkzsGQQH02&IoG8RG<9;Upo^@QQKB zGY<$|ij$kHq0~4gLm1EdoCo$*OW|n`@{nt`xD9Bn-8vz+3c#D$_Hm(OZ?C-)R{` zw5C{!=*Sd9w?YPFQWANZb+OWV%DfV*?<;9DEm(h)k;-kEjuj(UmIQq99Hf zmq&t|%i<(L?=fl7yzJ2SC1Voa%qgb>C55WKlFo^%DVh!uy{eH1nS8%isi?0qnRxZ% z1VPG&2zvS=|CCF1QyH$k+C`j?mjqNogUKYs!&gFHF=f zcSFV$z2{vHwb!r9*-P~6B8ADDr(c2`R3Ay?qPdsHoZlA-Y*gp0r zV5!O0vQWmC&zi)g-pllu!R0TR!Nq8a#q+m#T#9v>T&j&Ml*gq-OMlIbE?;7T3Deh0 zrkC(nUsrMoKlBw+OZWky#vzlQ};0kWfUJB9L6&W#N#vq^;%rZ^eri#C14ImhU2fe@&i0QLov*5H(H z1I=U~hH(qSSOe^j2lBZ8@VGK^pACQ{}c-;p&Zgz-N_qY+WroNDD)~-nf z#pnmKc`3=)@00Q;vo_omSkjhUL8Tw^px*>g6c zhEDbR+@ki>e$#?xoQx4G9Upo)qAU2fCw)Q^LiI6k`)_$RT?YcHs!y4@!Gk37u0S0^ ztxl|{fvXDGs97)a6`rH;GxA-Ap6ayYnnYp7RzRnONJGKz)d7Eu&|;mj&z zBUx^-L5h7HVfVdkTPD@Oc76u{0svz~`M`Knf+KQgrMv*>eM$!a4jD@LMwWi~oeW=g zb#Q<86L|R&>}*=aM`El!w|yCLHFp7E=oV3V{OS%;JNJkFst%U}`$}5%u@W|7>P!)1 zaEu1vsqqS#tyS>h1GxV1;TnAU1in$o^qg;>KFM#Gfr#8CPhC{9soG~bH`aFBCvAW#BD)( zvXAwNT4{`Gh*J`wIG^IRcXxskliWqBiY-8rSRY=>PilsQQWSD?-cT8|a!AR{Wx9Qn zO+;$~bqw?$Xcoo<-l*I#(%r{6k`^~fda8YOuq7`k0Sj2E-1RWIv(%9Rn9R(v=8Xz| zk+4t_#Zb}wW-kwXvYE0N3y;V046(cvPZK76+nQQ|5S7Oy$VhGG3RMl`*v5wW5mBJ$ zq9Z*eCyB!2R~aVvo6Jd}Tqsz7QQAjy-w~#cZA_b#UmBow%~YP}A>ZFo?*?FJ_t{?Y zUUWpISae|-3;7qI@2_&QsW@L%2})u#5P%bol4xPr$L~{$oFgLT2ITdAq7~m~0E}fc z04IsRL~;3^=c8!BLEgj<7$%ov13VpkyypHrUbcHVdFOR3O@93$2pfDh7y?m`+)Fh?QJD9Ybj^%5NZ&$Xdj@$R1>Tf)cKw zxvqd_q&+;7?(=}nAD-ov>M1vew6B*7adAFW+h?pZEQAW+F z_Z@k*NAAVwqu5qThFWfV3C@_X%%^K1SioA8SW#z5LUrhjgdi7j6Ucyla87SQwCa|5 zd`ef5dNX94c#^hETUpRsjjjofB9xS<1E4GQR9E}ew%l(ilnP16P_7iL5}&+`wDj9M zLHbHsq=404_@um;gxLB*RSQsWJ^bnxdc9l2HfIi5gl{WpV6QAL#K;gFCR z!KBnZ_3gPNR8wqM0hJ_k;f&&42jHiY95MVynfqYQIIHP}yx9u@av^?DltfZZc3F(0 z($G|B%J-*OuwbX|D}3LT@qabn-zAufHh#oa_%$OD%$Xj5Jru1j=^M!@mHyPJ`!#R8 z=0{Q%8nGAEB<=0StcM?Ue8}my6l|IPPYY$Q#qm5dq8+(4a zZj|ZT@l%#%nfjy1%-v{oy<-T#q>|x@$jvO1(i4nG93kpk1c_CTNm->MTx5nPX`1Dk zB1SlY&PGmm4zKmba2pQ$RH5I#@)Cdj|BTXc0R$BEN9 zIwNcq`eKVuH+W=`IpDrjb_4(N_zyRZWv;f)Sy_q?;skICi(r}N=M0PqO(epXvl5r*T0Fpk4h5)}b+ zpFVXib3pP2K7^725Kcf*Q3kE_z(E}AtFBeViK?NJ6-Vl@p$r32x47jn$t|LH6myOe z8O$>1$U~>Hl;A)Ba1zE@gg{rkB}tE`vEE5@e z;6KGE0dIc*mp>hYv$se81%dz!A)9nMCkY@lQr3uBglfUg4Ha_{q?(SI#z>!IHR98e z^HZOsJdd>1<@4(lQNrm=rVQ<|Npn$}B|U+j5DpYG#jQ)6%4U91oAmMuEip*skyMrH z!%F>|%XPIk@9wQbwQa&Ao+z9UaAxvjeE3j^xk*c`-EMh$;x6ccPoH{q81>j~C_ifP z*Ow_A5t-ln)2G3Q4{vVq*T>;RDa&Vl7A%%lB15Ja1u z&LuI?gktQ^NJjImFGNq#_* zc-E5owU6_b^xGr%l7K87QyA&#YJ%daGPR75za5HcPR+q)+(HJ_>T`%9;~{xks|22! zB;D#_V{KwQm3Y|^5l@S-YtaImkh=s7QB3Y~exAR5dwF$saB=a=+w-HBU##*_$Vy%s z?zTm%JZAzD;z7S}(ntn7y*wYMu@3Z69*r3Y0(loenY%B)ahRt^K}iScK!4VwB#v=1 zzJ%k#np7&rOnZyebTXAL1)(Mrbp@8`%Uc-Z2y&#VtNt|OJ|Wy494eH+FiK{h0fC&Z zMU8JvFaNAyVv-!oOPj&qWrc{_ybSAU6FpaU8Vt*=btQ0JurYTk*mTYI0=aTcb)9ri zOI^`s4^2}(v)2g@DP6E3P5xS1JqTE8#QO7dFMA&!{Z#!wR}&Pch%&K!Tu&Qw;y-ux z_n(#gKhJl!cOU&f5Al5X(Eqk`NYWX_;|T{ppWZ==w!lde_Bt15NB<07;}9hb1t)Tz z9$`cW;Na}w@TcQox3}H-wy#X3{_3x#;^{>;8sYb#8x*+7)pSrZMO967 zTM?H3_HxB%^aZQaS%7U%X@O?{+s--S8P#T<-1I08)5(cefK@W#qe`zZ6zB@u2HL7zIFi;bIFZ0iMs%REo~u*CbEMKr3_p*^)Glh1n%hUNr26}P4o5Z@VTo@s zpI{yhFO);@@H97V``_l?+fvA{@k^?#4W}@bLe*>FTe%5KapxRx%H)u%s;mn(cpA^E zXWNvv2DVh9s2ONlY~|SCOxT>KpT!iZ_Dy*y3rqDLF_5taP2%2G_NF}F6?)otv7EB! zrT500#eI7YrLxC5mT5J=YY)&VuCx}WD2#cG#!~ktmURD zY3}Sl%yB44ZjiOOJwf?Jmq8b;C#2?C+TP8FA6CEYQB{_g#Hdj4<0R#`o#)nP15 zq6&AMUIQEU>baJIo4{h2B+5IwA6T#oBWb>96=jzct|kD>i50@tUvL1-g0=K1^@q@><@Ak!4b@}_u`C4~W;$fF$$ zC*v5Iq$euFZzu|mAdVZ%ud?sbwET^RBpr{^9QA&IX)16m-c_}T+k!I$9d+Ws6%tP} zZoTYQaT5i9CpZD!|4F)5(ZJew$;+C`AeX`aNq#^tmqO{qv)*TH=7N`Tzx2@ zYcvK9wo+_Q5)T=cy?gC(`~UO zw7Ds_fb2e=K=uzb%NsNG@{OVHLMmmg{=cgKS0T#E{r zGyb3Nzt}I0|NXuF$NV1;@~m_GTT2vwdb&@aIyX3p2BkbxFvU7lc;JRyXdU5Pk5kI2 zmRHpt&MD$hOuvJU$_wd-=nJCiIEf@{Bd_u@qSi<7?~HJyYUg=FJzGLLSD`Yc#Du>A zl$uiu43*HR@Up2|I?0ly0D&j|x5Rl>)xNq@MG0HU7TX3318=l&wSg80YK6^G6pEfH z<>vxUx~~Ug;J(67X}Zf(b_l2XD+Na6u_cXZaa=;h&=(|VC0QJC5)WtR>klfl2u z_*hY8mUqy;txg5JSsn&YRmYptP+29GE5MW_%RFr*%qq7QA=}vlelJdavOc@~vZGWm zs=kFeBi0$Sr5`wP#QBR5ff8rSH>5W=(sZGs(?ZSyt4Z6l*px6euV=DcE+ns|18;3- zG#wV~+`Rn7kCM3~#hd!j>Ee8fUV^h`74yvvnr(q^5;7DNYV? z6%3=`Q!24=&g~MO2=svAHf?uFgS|y!jlc zSGersxjmrm9=6m*Tnh)VMdF+txYlz082hpAr+)rt9C9?uVun@?1Z$rEpKtH%?3Mk0 z&mZGI9_Crs{J+T5ZcA3p{C=T}Ts+R}U;n&r@?Wb9=qb9DHz5Cn87Fl18c(r*!`N5w zaROa!0?jXEeY5yLs<7gK=I!R!Mu7zdr+4Mta_HaH@ElTNZ#8$v!qAASx>*^ z@LP6T9);+jl8+{#1RC+vRg}xd%339pn|pPN26sjgLtMg9qqAGw3DiypH~~c4whoZ0 zi{o`;Zh^c{>=P29)~JiZ^KiETD#UxDAn4wpS*y}FXjYg`Ey}B+brjYq3m;$;s#FxV z->zrKIPEO2>&jp`i4iSN&DP8HAaA#_KHOWYXS33oVH zQ)FHItixb^+)XJa6!Y0(3>kA7Rr%z1Ggbij=QW|+-S(Gmw^e&BXs21i@f3MbD1Y%U z3d_}75x!)jEgNgo<0QI3VJ3N~q^KI5%-jM>oQYWU&WBdqGXg%EmDZ|;no#J)y*XgR zm-VB8uKEN=Q*_JBqj|R>Y=L72rK!1pnzD!B&z7J4Xdh@XqS{%xJ z!ohjt5r%Tt&@4G%?--&wje3jT9I+oM$x`s?6Ug)TYld1Fm34xHY~JbsY}bc~S2;@& zBN+`*DIPn2?e*6*fw9cI-MKN@K+D;wST(V7$0QT00&*N@kJytqyMUEZ0i* zKD50|rl|56u6FT~QZ?o@vlOWH<6LfG5oFiE_XoY$W)Y4{IBQ1LfxSjX8@MqZp>P() z=qEyMO4#S$)gf2@yB|v`SfZtUb~J%>rq92DuDocj z>tujZ`cGXG)GVAH-=UY|GH;Z1S-VOUU#es1I6XK&IXHTC~KhW$PjjCV0$N1~+V(`?y zL9=`kb-7Wcu`GVhG0zQ|8^6-c^3Iygd8~PNaeQ9eqh65rDQ)*5XbZ?#rVQn!WbBI; zuSF%x^SVs$(ZS`xtAmUBUUImd-`~Lz#T->h$eV4Tjw*WE|0M zYf$Y+iiNCPdflgbwh+7*EnSeZkh0d*$kM~fN7xrRw0s;|VVKoeN%BnY4>2s;cU8t6 z|MT+v;Od9h2R~la2)<_p>45L9fTzAo@E3^r+qAOz@5A@v^5FdP-PzSI2PcO5vN$L{f($U+up8_)riK$>*M3ItILzqI^EF@6BZ+sUSc_A8eDc)WUxw> zk=*_aX@#}xu#p}3EiL3`gWu!8wHrA+ZTzfrpO%g9>acIYufx--Foxy;mse9Hb>9AF zu*-L;k6eMK(n`zY=!aX|ZIzd$Y%0L^1I^gKPPFb>4(iLwalQxUk;nt_=0WlheBYKv=F;@f!Ec(W>$cwJe{L2MEC6_7W?mIcx4?*QO8DY;$IRaob#fiD=HopzA`^^WtS%<8RwXW)u>9?ET0X3t7dT6j`M;v$)XPlaEqm7z$%A1B~D8b!y$Y)?FZNZTWtw?J!Dpv@6z_ zsVoZ8W)b{!dP$&zT`XXJgk~!k5teLiAwxx!t_OY>w$K9u6Uxxmf&phrZWO4k$Trx` zb{T0(Zk6csHyi1o5)Sx}EI=jpV5eC3QBgh!0^6T27h8JDZ2!mop1-&MK4#Q-h) z>wK?Umr(oXwY#`{J-l_(`7|EIQNdF*{2GgNLjpUKM*M>;8rc~s0ksdUzkx}lzF$n2 zlVWw7JVu6iHB*BrsmRC(52r!tlmxQ7r4lD=Y|zD%vyaEBtc7sE%4tu_Ok(DE*fb^! zzjQRpI$7EKxDVcVqM$nSO1fu^pFuM}F)fw2-~Lt^#m6dMZQOVb`6ODG!>gMFMNp-p zGw=R5uKQ~tMM%=V+h9u5qD;$U)Xmvjaa`cgrdsSXCOsFf6O!HXx3 zj1W3|HiKkKjN(viT*C>A=Bdp*?&p`OtXoVxp9?TB@$Zp>4Klt9--lpFE z?&$7(cm3`U;32#s{xQ7;wZf|j$`<6(buB!c$Zo?F4 zLDyY4kz-@=H}kbw)m@eMF!TJ*;~!^p+~ZL|`$(qEkkn6&6UBAh6?W>f<(9@Y+LCHp zR)!zECDRr7Dldz1dmHKfSkw!ebV6m23Kof%-w}CGJ~F~%(HBH6J)^g@-UG}KBQ)}* zbyLYru*gZI+}7p-nY*S9+48^Y{OmKe8b(2!0 zqAbl@6~*{x74VANVaXp$TW=THIPnW>0@gH&6=r42dZ0bT_@q@&2394JW@ZJQYMH@wpD6H3OOwO}O;m&`3RzdC~5ogIFF00i3#%*Ic)G&!zE1};Y z?*!WTUuI~2ZN9IKSAEK@M`SF9XHNw~hYGDq!>-X+2DgHH5#wI;C#TkUDG%>|Oe{pu zBk=XVO*em0Dh^Om8L~tmYX%_dZGGx;PmewObRuOFE`KB5R9Jp?58#v|HQduNI0FPu z^J=Ii7%9;x_jSanNbCcj9SHkVL5-u!b9d`L!n1n=o7_L(9jGL_D27Gc%5K3j6Gj5$ z0|#L+hOR2FEY*poEiGe39fESI_nH!z$kl12clGq4Aq37Y&`V2BVWHbzDdL7FeXB1^ zr@j*g%%r1zJ|{ZA-QGpbzqZ#sZe72R19+Y}zT2M-Q!EAUryZgC$*&<2l`X9ixG60g zLAqu(gR9LA6cyt#ruD*oCW_e`E3V4skrJhS)U~r>m70DIx`og8v2KS~P2m6Oek0nU zKnJ`FKKZyj>F|_aeDkgQEPNyWAW6Qe<-ddOybFzN;C})fx*PCG5IWqiXrU@f5K2A) z$~QLRs^)S7V?A5hG6_sxM)Z_4Zep3NLOTwctJ>f8-BnRSxCPX*u!0 zf~0CXt*)rnr*Cid@9q_k+V_%g!aeo+uWFt8)Ck2*(e$m6+>cO+@s-@X#A?O(X}h_@ z121F1wqphW=%->bV39W{Nq|$V0;jglP=)_F<~=Wq;xqeCe`5vE(d9SK`mcANr);Zh zp8tZktKP3|Gp8EMdFGs;9{OWsfN_p;rtC?ih*-+36a}1jqUioo^BDgWt?ogG!4m+$ z(H_S#IND1;z=Su{hI+v+voh2XE}af2Y`ghv2TMwG+G1tBDD|ASL&E^^nJd5ksoSlu z++4b4nf#6vj{c)QfuuW%V3zg${N&>7via)c;_*JXwg2%WdZZnHFPXMsrfyhqR;2F! za*T}_PW_x_s<(90XRR;%@)WNVflO0yj0jTuf2p+9m0I*~9NkrX-7ubo|DGm)=QEJc zQcLY%Nz3=~iqYfABuP%yPW-=k>%8xZ`}#IS18B1L!h~V5Q-!NUm-E|rIPupNA2U)P zG>nZJ+a{o#cNF_6B3bO|Q5q^g|Gwx=sVvqQ6nd`dKbsQ?oF`;3D{8{Cc2(Wx@m@miMpUZFD z)rA$xvUGG{YYw9Ztj2=Iq$O+~GLzA;iBp+DX;^AY^4FjBc(xh@lNhvZX9OzKkC^0PNU1NXdf}d@>I7Nk+Srx8y!K zfi@~7G9EOWk5&6naS0Wn&#fJ_MjLQq0v}D|k_;f)1Uri8dK=+K!)W_36GUPq?aB+y z#LN|&OuSob!i|mi*Iiik*PMwVsiVP|?|@Zn{cg9sqrczucI85$XX&3)W7HvY%&)=s zU;B3`-IBpc*EG8Lt0)hwzuSHB_K{&s^&`DW4vItszpS*45^ywwa>jxr|44RmwR$?( zy4yQBew=OoBTv-YNG7Wnp2a?~r;)pi)|-%1EsC>y)c=vfT%%*$e>`THF3m65ZGuJZ z<|zZ$h_q`Pe%_WA9=`6k)5}3)`lw6P_erbc|9rK@beH1l=xNJzP2E2^NgE3-qqI(2 z+6($ig@HF`=nv&vlg8{_bLiTI9v6JWi&}gdo<^Ql?2fF6J?^o!ktCxwv?fAp&#ZSp zq?0=24$RuSf(;u|?Y6XZC~P|W&-9R*Uy4IV+5kCHi$>;(iNyzDxbY{!M6u!T4j%rN zx829yf0(Ro6YV&5I3*TsqPC082j3t}KItlKpmnI0Z$7pixyXeeSTzi_gmp2VGX|JEGI;^n^9;xZT)pMPE zdEjLL`bz&|LVGJr21nMcMDtmmN6dXUm9wi$KV^N5TWg+jQBHO362J4-7IpsJcO%wd}sGNgZK&R@#nE zH@&sZcAY*Gc!A0=mvcbzEojAP5gI9U!nNxYuJ>qq@~@Y+o^&}M);+UcT1*GD2lHNz zO|58r%+X#uENpataz1f?IpX5$nqu`Q*QWb)*BUvoo$&0>o4PVs+p%e+(@#u#C{xsMpb>4=<#2|28B5^K+jMkQYHV{AGyJ=PHEtJUqVGf(pxl zEvyvTmOM59|G!Wmo`z8xj)z$Y`YO-?+xI!wzP-!={2Lg5z4@cOUCF6&k+&+56Pe{r zD_ugpy?>FV8R9ttb0P0sLh$(Cq2|Wq27e)Y$4riq`iYdOl733w^eFpw^vF z|1;uY4cxs8_^d35ZI%6Q{)m9KadS7wDXP|aUot9nj`g55wKEbwnlr7gjt_nf=ZHwP z%W5pCcM6v4R=}pLZp5|@;(-^A8uG2Lf6TCx&ad-Y$QDdyn9^`uJLj9{C+kmr_H zkYoYiwsHAP>Kl?as%k!#kU;U=D^u3+t9$*1`0l%FWoxtQ;Cs`p<9lB)3sG0#tDEP% zeX8s}rMLQTs*-&$EB)<6D#p5+?d?6;UK~V$wqYg2fdSQGO049n;`Ty{)ctkzLlx`s zrukVdtmEFN#0GFu4|l{rOK@~?)x)`8k#if zbUgZ7k?X_M_LsQ6S*Q^AUrnAa9{5{VK^K)}Xqa7=3Y}OJ#OwbW^Bd39YQfYW2Mx=2 zf>>s!2kQi2T{f3FN70T!o(oj9FiYp?8;CLY>6y4Wnek7%GUo%Vci$MwLwaJQoNRZ< zv}rpt0s=7y0BTg-IhdG_=GqYnM^EXjt-`sD?}yx`F}l0k2`x3dWTo9owPtA^i`_vH zS8%ECMU}xc3zI1Q`t_W;`BkYW6i4ya0Ba3c-TNx~cubp0vvCAzZ8Md-+;pSbO{NHJ z2wX!1wj)4X85kc(#*K7Mro&`6Z~9WU?`^-;ufRgdp7I7Z8D+FF1kIT}^HLzX7uZ!B z!mb6asq#00W78CEN59*X&ew51oo__ZjLKV>8-u(fcVM5J!7Epp3oXT{@` z%cX%RXGMUuU0`1JW@&yo3a47AbLOhxsg=y_15vc#vrn7$4Km#GGYJ|7T%EWhTf;qK zo6%%f3!HK}rM%TE=E*7axYe6}>UvW3X&nzM+uk42ei~#jQlWmH3826J@H-4-n>wox z%yE5WT%q&Op7GL;PXKdLQS54hrczoU1{PiNeI)3&f&TaH8%s# z4lct|i5!(}B}#Rhr5sKNEBRvYF)JJ(rv{HhZKvt7 zA-IJ-nHU(~9%-Qd7+c8-TV;a8hf9`Le{HKb7wLu<{mopOxEdbm z>K@y_{|2x^EH0Xy+k#GqeXp;2$hUrfzkbz=eP0XnSVn)-R*F7+y0Rv}CGUSZo-XbB zG&a9`Nkjaw%Z?eX{9ZcW!?rX*aIdG1&;G1|$a^k%Huix3V<>g7cKcwK4r_e#0iaAk zdjWlRH@7!yE`7hR{~~z&{+W5{J7QqWLXdmW-=wwtLPBUfS4}=Bkc6aBrklsfjL351 zl=0Mvr+yeu2<4lF)XA}HJSSO#D{okE|sXpD;hP<5SA-zZ3KbC2Ee7{e6d3; zH{0tH;JV|(xA3^&*D8qA&_~W2GhB4cwBqUuikK06VE*!0E102l*o3aI^RkeC<|0*%=QoG*0>D zT~tCIviCm{+mKhVk6{zU4(UB?qOb~TIS}eRq9N!rCwDPSRm=>zg&$^Op$-T?p^h(< z;?ijp)Ajf_%>#GmE@8v3Z%ZAiA+KA)`}j?YPmmd;VD=w|6~~{7d#it&g_$-U!mjhL zO~b|J$LrtK_h27z)D+mDlw!jb^ODrB_(2`>{mA}a%F%J#+_FGf(Y>Jq$a(lY_|M&* zhsHzSueZIkr*<|to5Hw1AV(LQA1-9akCwQ)?t%9ck$)WffC&QWr9p71mTm#V`hTA} zX8EdG_{^OEF_J8xojOXXPXI{)NyvjJ;ryddo%t=vm<^8HCdwos561BI?$mWl$u5Zu z?g`Rb;uAuOHVq^rFofirU?c(d0_Mjpv=1eM9d{PS>^tzAqA-P+Q7Fa~t(KlKeAa_! zfa!?2)J#Bp4+|ko#(|twif(=@3Rr9xERr#^PN(?(d|gw&Du-L(PjJmP8%0L(-x+oZ z1CPMy_y01lf{@dM-1{LkkmHcM1JFhjTYaNaca^|`nfp5lS~7?PV%3xYlOqlSdf_O3 zB;jC}{(8T0h-vhoTMiiHV_IN|$mY=~)M6M)(0NEn<;`G7{8Qkb`{r4)ev+7h@S2>Z^$qMNf>6aH9@;=mitp26a7W!pm?j4)fT_vlF<=J12yG=ycT^9( zK$00>NkJjak+q%v2bVp;-OPG`K>uCaO0I4U4IN%X;+X(j4_Rd}AkpU#$c4W;7)QWJ z7RW54KL!NWt#V)#`AUWhP?9R^+!H$FD~5V3Mxs2t*i7#Uhh(PA6AYY7nGm@KiVHpZ ziY45k)^J34{CniYO!4{yJX-z%PtuP?AY9gtn()OaXAoR+=C@##$E@zRA~_OU$uSB} z-jVs)F%>bfGa)Dthu$(|B9PYVp`-~H!lF=xb6Kc~7c)aPk8KZE*g@${hwr0`3La zmh9|z4OZ7@qo;#)hT>R`MSe?F z)b6D&P>hBO4VhEyb2kQ#F`2uolPsQU#d+3*Hv>$_9|1Ncy|nqjRS~nEylQ$A+5aCC z@dsg7-;7C_Y%^(N+VYL*D$If7>k|t{1|@2+QU7;@;|N;}rI00Ww zVEh){eQfZ&Q1<*a*6Z}7?>tM6eB{7&DR0Q0ni2+I^6!M%QYemWLwuV&e3tGsQIH~8 z!EJLCrTLd3DkE8AN=9nRp4*r5WSe^dR*CpTol;n40`Oww$&^iZ=fG+6HbRf(1P9Vy zu5o~QkORH37>g5q;e)pS`2h=a_8W3|EC!?|Rb}o;tgLn^Rkg^}(JxU&ds>zl0(dsV z$z3rBB15u)7+hBQNZduS+6p~*Lf$n8itudNo`1h5lLyyjj!9ifA<~{-p`wvssgs&{ z-XfGN#GheaR$ig}+aOsyEvtxkb;^y5&xZUR=#Q4moTPVR6I^Xc0BHRa5!X)59`I$h z{~hbxMqadmu!ofN4JLZX$guoZRhR1fer`kF!ezPsBOtd!AauQ<#z1c-1ZR&DtC#2y zr?Yj{@ju4he7)6Q8oq71*Xuy5DJfjA=OGS|m9d{zNv3=Y1Wx8mC9n6(PT%SYo5L5j z=))B5Mk6y*vt#e2duNq&*}K`(2a2ZLqKS=s!Z2_w2AjfA4>Lxa`kv%b?D20yX_dHi zq+p4o|NSc^lKZGP>l>CO6dhW_U7dL+=FW91#Su%_MFfFCfg>Y(wA{UvlHjsib${nx zvs#Ov0faS*tyW^gEQ*oZ#;(Q&*HB7%Ay3R;;NOFsN3}M=^m;Sek2)Tv6NefVwl%B; ziz1y;W9y$s_eaSLquHgPO5Tz)1``xFPZWhUE{a>aCJ2V9$gFsXZ6vg5BhKF%0sAZ%cDh?w1Ls)M@pgi1M9C-xco zNM_FV@x|~k>s2~KlH&vviZ2hC0X*R7!|fa@;36_1Jz-nYLZeWumVP_Bi!vx?^l6|* z%KjC~BHtw-WB?mD1t}J@B!*{-8PxJ019BsU5)?nt+AF$=VNdhj|@LDjELK!S5emo*u^mcKmfggBer-Kwc zMdDWMl0P=ku7OHFZyLPru_CK;g^jeyH18U(?(zHpBCGd8qtQas-M!9;wxGl0M|a=- z&nmC!TCHI5hLGe}QZpa(!~pQU|MZeFG2~mOC;nIXIX>S#4p1JNpmDKYL-eV`W)=~x=mH1O(0+E!4s<DU`b-?f_JBoj-)HAlb*6UOX|4pP^ zO8y-_EoSTW+gE&Q5cIDh^anfln(WDkfl8PAI4{GB zIpc&%8-?~=SWus-gu_5Z`?;p%H7pk-Xi#wsjZ88?9F4tlg9V~#d|118zIKy{x^PsL_NJc9c!S zgnilr^FPSuDQh=6FBjV2my|5GihI>n#}cTPrr>LeN=5?mh0`X{FfpdR=cIXXmB$YY z**1@KDJWQOUv~A~o&$QcdrJY?JeKC-#FdApdc5M##p2RuU0uVfngO{C>;>7#F^wZGK&j)P%hnDs#_HduX%$ldN6 z_W$N*o=RS6UgtNOeeANYeWa^TuB*{ro^LGg+bE89OH6C4=Qi#B!&lD%Mn~|2XJPx* z+=KS}wB;Xi>ST zZGf%K&jR|qSbgf6{--CeAa2{P^Lm0yxWu?4!eAP|Enkvf0#k1S4&W*B6%JFcDjzBu zD@cP}oS=Nw=r;0WRcK3y=mIBK#}SNX;0VHtGQI07b!$NLGB6PxBF3~(t{_W+AdmNF z2ynzFKNf*F>yC%gRi(~-dS({q%%U|R6x2bW`h#|IEC!XYzeUQHNh|leTK1F*#`oe{DgwuLFScP{*k+ObppP(o`9oMhF+O? zff907!rt@_M4W^hjWBaT=pTszRw@GJ%vk<(mnxM~yU~<3EoY4&Ed6?=BOdcSw_woI zJ}q0AVfb!Q@KH&@P^;tpd(~t4iOrf!-j(lObw@6%@dPu3QO?5_*g+(}7W)+^>vG z>&^m<8KC&kpb69bSGN)9r)YJeL_r*p#JY1K7ojrDx;CrObsSsO5$b)Gv}05gnm@dY znH7Hr;B68iEEUpT6r*s(hVh?~9h$ULa1-z9Cn7|pOj1w3sOC=pu#mr+rj#70iWAu<=8s zXV;rAb!n}oB#o2L>m*#qQh9LyF2`!bk2TI@%9prTgQHe9osB^zb4u+kcn=q&Y8WS} z<)5Wlw^8_>sg>|)w9e2PDwqyarr6%SCxk+@U`ge0-qK~Tg-C%)J#?N^n}RBoPp8XA zsn|SfgHJ$YLvZs2LBpGg)PASExO&TIVYrIYItIunaUYBZ+bfPF(G+_LkBr9K*)-op z%Ic$_$Oz`s_4Y=(!(3W}gTuxj!`iAA0A`kR>;t4q-`0f>A+(Q>OM8q$OZg8E3?{;` zn7fVoH*&6(xzSRCafiVls=${-q;ggC=qZlNHt7u&>M8g#V|}4&eQ&~zRm-m1^rxrP z%LR*=%*i^+jFyXHEQ#9ZQdm%Qg6b^$&*$~B3;wf&8!wy4tGj0Z^c&Y%#s&=*x zK6s=5Yg2Q!!blu^{;!{+oh?ifbTzTJAnb-FUK@9)z*<^q;I_5!gSE!nA$FQ#4-=-% zst?Lq@AJ&m_aZ;%>xw-jj1#~X3^0_MQiznd96n|Y!?si`VR;t!9AKfb9cLdjVl4C) z2}l{QVv364rnpkR7}tewg-Gf7fidvu5Xlnx`1r@Sh{vDr%=_l#;x(VvIHfEM!;0Z` zLz@sX+Jr}h1<*}ZD#<7dl5p?q8zWfSa+@03e<=2^EQF7k!qXbX;&_s0(bg^dTgHuz z=s=+^Iw+d4MA8vy$sxz~Se^MxIqH|&Ak&^^$T{>z%^sGXB6<0iFB%fgj}`{V1Viye za?2%TN%fh1rQN|%G{%CnQBVvKP?*(FaEK=rf=%=-hT8r8P`8yHaI_82xBE=XkcA{T zL@H)yx6?TT!S&B4s)ne(-gAMLvM-#F{4+UNG%&7@^t*6cIdZDfaE~2UvRlw59!b0v zub41;8R+k1#^dY>21Sc{nLs?N-64fUA;Ja&MNawmK*w1|B}Ga}E>dJ82?|8KtW_z# z_W=vZHE42!PiMsn<-#7zfDIvF8wp+K%{U^wP8?4n*aJv z{Z1*VO(!pA2>V$PXvLHaF`Gu9w8J%xCBI#9=X@ljz#c=_weo)ri2SRSFiO+Qi*vy( z{2t6V*{#>HU<99BP6LHX!7FdZm67>X&IFB1InLHkCX>%pMt9oVlL!6rNIZ!A|4Qye%zPH7&a_SS=<~EHeK_K|75qb zlovltwyC~Y*~G?&esWj2XavmJ3Py1tDdOt;2^$?Ee5PWYH?UNFu2>p(attafqx?mf zO^>Of8WNVIT^MU2YH5#RMOky)|VK9D|RyhyYw0=w@1=$VB%FG@H9pjE-`-( z)&Re92Twidzl4p znW}Vr{T5qA)$js-K6F+-u*BIs{ipdJ=28k237B!Oe89t>(naBYM;${Q-^&!!x3z0E zfwfS(1-{@;C;K%Wtaul4;}}aud6~gFe4E4JVRhU;^J8!gSUt)q3mV;9J@Vjom^Zex ztBdo$o{1u5QbTkUdyC7w7hDu=L`am)RKGgitK&yyh>e`n_C zabY8E!9u%8AnhVkPdtQpbf-8b@`@F&novt@S zqYayuZh<*d5geljfhn%yli*xb+gxo$Gv5!Y$r_l^&J$}I2%ib!X}BJVq`wVf_jZ-4Og1XDk3x0Zn#aQ3b0Sm~T8`h*qPzajzbvdl7wv*4Hba{7&Vt zx$U@A z<39asHM@$4%_kLW-?3l9oUrs^FDP}%f8(W;{ii?a%S~^nsVi0gYgYZ&Tl2qWZHS!P zh%P7JbMs7AZ?Ur%fp{zLf)b$@k?6CW;_H(D;5xVH{n!s}M|k`)+e0(>zbBt6gZpVl zBC=}#{O)mxtcf;=1&rB4#T6X7)O^p4JcJfB+XUjVd<_R*t<{BZ|C{) z`(5)7B7H&krXW+NQj2aqjM?O4CO2)VY7R}p{t{I7I#osUfCgREG=1W-CM00;M!j%E z2juW*{35qZ$ivMuiKbCCY&tFCGS}p_mll1)GI-h@aFtt@_di?ve>T`_)~ILQ!WSKK zK1+t~W+Fbx#GRi7;)&b^e%pE+^dbl7QXc5Gs=?E(b3dmVY2JBtn2xxkkDTWHH5r2Q z?m_s+k1tAAJ+@23^GY+7Z((Jt>(an${Fsw9Ty{fivfUgF z(@Qn+H*S9pmY5q-We{!0OGKf_nn$tZgiuv2khSr$+%V&fBSGEP8t1>)rjwHLh94k~ znaZjv2&MZ%adZ+~j)pZw}6G zj`!nZ7cu_MRxP097-$;V^Ko!HrcXBi@gET~KH?cCod8vviK5F#Jt{&>Ok@B?%t1?u zKVL~}pA*Hfkj%r7_Au74gobH zJfaECtqE`Hnx%3(YQT_X9YayJ#Nav*19+02qE?(pN02SkrZpy}vaY5_!Lq9IJD(Xe zG#&byzj?jJ;^ljeM2ak`8XD?(L}-znhyi_b7_lj8X`Ku>2b5bwDHnvB z8chSj{LoOd_+d%repIjde7G2>8Vw8Td=ZqcCVgopX~=a^LOevxK?7z>|6N<~G(*IV zbU8z#gVD`q2FN_vwmtlC!{~mxiVen~ivvLB=jH~Y`68@s5%99i{VUc2up}7i(T3Vv z?Hy~Q=-M&yv)v+R;ORTwK=rsvzb=pGDIQ?eP zjkZ*`y8vq~j2(4Fe4_b0)V8sO$>vmAkv?@<{?9euc6gcw=LVaWd^y^-e@CG4O=WrO zBGfjk$_CA#i}ZVQ6@@CP=dxO?<^0Q5cbaxk3)<4H2E_Ke>U=rawm+9H`iphZk!ozW zVbo%`!V5!@u2lua%4JRmV;5pckqi?ZY?c^e$&m~(Ly(i}Z>zD}&Sh4&aDD3Vh|vb> z;b)!Y3+muPDjC}OBD`%6?fGJ?q&zOHRJOyHt@AYg!5X@jpJ^!Mex?~ahE!rMK}zo9 z5=v!5f7v=t6Z$bzWfRIx<{GG}tam@RQv94eNBlRg{%4%%vMMCQ*8m6()0P|`VR_EL zy^^k@Ngj62PSLoXc!2x`rkpXkj3MnFZ-;oFilZI<-)qyGpz>^_c4g2KGbpn{MPU>= zB=k^OP%2m<8{!rH-S=L&uI^f3G_#T^>eweey`ZnM;R&^zYo^ywGW}ZQfF7j^5I7%0 z(8YL&q`{Vh{9MZ(OahYBAC8f%BW)mQ{6~JP3MD;UsKH4TxAV?N28))!ppo(&gYVz(7YaYjLm}G4 z{jyXIV~Y|v?U51;I!Vy@=41KYI_%v6;eggjbjiJT6nh_=OABq*kQ|2XOA) z^pN6~g_2WS)LxUymZ|%NPdLyN2f0?o_oV#_ejK@XY{69SCS3{oLsA5-6IrM<_NVJrh%cdr$y+YJI ze4-aM6ETP-kMBTKIB3`Lzw*TZ@E4eE&Zz`Jjjm+(crkJ>0J>=bJMTS>hbrR-7Gy01Ky zI|!5Wa6zWrxI*54(@u!^Tz+=kTD7M<|6Wy2`Cwk=V_NqY@)0Q(LLJ)hKsFIhDAfB` zp-_@1u%T)3Vp~UtqdHNFtcEi;OR7t&3aPg_ae+zyyxE2AP@W>)0PFr1Ejm5k8NW-8 zUkE8rkAFv>{>$nIa6Zw1mix+iVc(-itDdtc4zx!3Bfa}DiGAqTXb}|=jkmHCBuU;Z zi-O=m?mz9{CS8>3ROv84Fxn=;lEz1RjZJc2tOjONMR=b?<~z|$|KcJcI7LvdvMF+) zLtV(j|Auxcj<=JFMeJt6#QB{kVt1^&C;>GIt25P9vkU{t?akFTM^iu2iIXV^Iwa$f zOi3LzsuSvkJj7{pB^@13BS+Caa_R82#upm!{99H8xubV~{@R-)c1J|RQ_Q6nI}C>R zVx!!O#*2X&89_)zLc4oPb-PgQqeCP=1KHt6(qQoD6rT$u=fF9I-_QO5QuGl{9f z2bwjI>c{`=obch%F6O>9?74ng-gvXAWRUkk4K{o3*fQl#2mPlsxG(qkfwTPoyxn1^ z7tY3riHJ(r&h)n_O>)Q;8o%($VE75z2oy)cg0-y!p>yg2jZP3AC#LXZKZYke-;Ta8 zcs-m2`%S0OKZ7-f z@#HcL_v6dRj~_L{DUHK(B}2*KIf4KofE;tVLh0Dnu|rU`ZZ!GB0){h zn}Y!nT~c0Mz&fUub+}7 z$`K0WQ@Cn929-(Wo!B;vD~Lapb;(g9oePSFm9bRcaYywr1yW&&nQFHIPXrRbIQ@K2 z>geD`!3e?Z0Dek&9Idn-Qr=gJTKHTUl(&I8B>yS!x_^Z!6cCDKR^S-RPZ>Z44H&)U z%5MScX_1AQbD?=g5)0?OUkyG~vnT|pk|#hxj1fk23MNNm>0XU|ziuuYXnoCNf95ta z38GYR2*wr((V={_Cb0Z`TUr;Rh!02U5Z<6deow^Xgn1HQDIt&-)>4@E@U%`xcl4wFH7@cYzEcvB?4i#SoUP}DFvEZOB}M(Jt*t6&?ngY^YPk#EvGQjelHr^B3mPJ zcBxw+jp!^Z@AGpLvxGa54g4$^50W5#fI>7mr-@-CAqDn;iw$kfCuBGDm$=1{3*BIp z#T>D6cy2=1aoZg04aY*1_?c_724(+4I{WP@bfjo#a)NDuBDYZ%SqJA#QJT zW?$+^*zrJjztxOb*-Obj2wToOS4@a1QNcCz&Ep+1ypB@X3JW`wC3-CiJpW3~r{H7G z#Klzy;@O|1ENtH3-Cc@9q9R@9o<0XM$&A8qU3_>OWGPpuseAjnfBTH&e&KB?1z)eZ zFS;kseDOp$v!H(8(p@cYy*AdXHUEboc`xTF{>iX-W6Rn z&xs0@RDvdi0h)BS-Q;7;bOp6D#!Ue;Y3^Fl1Uv}`5Uro8+KFJ+I(m+ct7;)Sz#;Ko zdO!?})z)-KjdWrQrfm`u2ZtK9e->e4U)f!%%_DEViRCrM3pW>O{bro2vj=`=@k_26 zwHqQoQ7W7IIeIPfO^n7sTCKK=9g=kW17QlQ^mSIRft1{j?GoQn>7^p)1lD|067hfOpZiZd%nWZFO45+_KmW$OT8H2UCp=UTpI)W$3P$V#3e(6GX;mpW$ zCF3J1%yaO|vyREa#kTgjc1qyd8Upv7cX~L~s&d{+&5lHR0heyMQvsGVre!L`-3YYW z3^+LjvD-y983VEq4Jop)+9W0>B$}ay4h9mmNhCr9seWb^=b{F3p5H=h;q7N8tBb+0 z9I}nyK&!rT#gs87fKibFW;{O)R73DAhj4{86}ck|J`cfX* zjw_`Mmy3v=QU5RI)yfx8<;<{65jYijJM+{wikvhOMn#EzY)Za~IA}&2i=%-oHj}Y_ zp>lkhBO`lIJ?*&IAE|9VnpxM_qgj=64;faJxc@g&~ zOGzcsQhS|uha<}ZvbHM(_z~Ut*UX@+6`4YaTS%L^5$6KtO-{1Ts27*V_t)P2>Fn$4 z@Uv;PkJm#(vR3}4S=Q>y;gV30 zJ_mi52#tj=ihicb*gmBbtiH0)Y}|a?U;7z}0_`jUg!~2k*kA^)b02I_{SF&NgsH#z zu>Qpa4ze6vOzwRq1I(Qb*>w2gdU^R-+E)n!SQ*k@BtELJNziTLjkYsPJX5eqs`jmg zJl}t`zz%T2LS?nx%G4Y9YRq_hyZv$$)~y&b1M_BP@tGE`xxGdU?F7b)&8bLaYT97- z&%%2Z{2qps)~0jB{B`IE+CfpYQBfQzS@b%}O_8-R9KC+zzy~hhAaWVb^Z|j#_bF?T zS?;1*ITUSf7~wttX}hr~tcATnl7X+ez!hy=Vlo5m&7Ae^%cu9vP;%Xe_IB2W6{ojP zu(HFj*=pk8ReO^?;9`)=Vl?Z3#F$ljn?Stuo_vigUB zZ8a(nscSU>&@u~7?J*jpPl_aDe3it}(h<3m2FqP$j#BkS`rFn8=20{6QfWe2tFwFY%P}|c8RwDF z$hy)S#o|vzFU~LK$omG;ZV&#Ks1{_$b$J&R`-DmoRRuS)R~6P3cx1Mz9nQd zF;rT~Me0~oy#s8+W;*biMHZcvr~Owu7YBbQ;tV$%=}nWIj}PSK<<;dC6|Pwmrfxo9 zl#S)r0DR#iCxuR~gR({lm%FK?2uE5t1FmyE(`j&q#MOn_zX-0%sIvbPeLI50Muj<5 zC3|bDAbzUNJb3|TLUPRxP#(iUt`2Dv9zg?_@sLSoQQ=2%fQvcb^*s;`G^+dRP9H{* zhOTy##cK+!GzN%9g7`ye9bz6^?uKM<-oH)slW!E2yXahNAy#zTHQ^+d$c!V83LJ(6 za|PEB&lo)SBpHJRM5uf4EalX7g0yQQ!Y2ZKo?sCX{u%K3EPOm8pV1i4NQPT=AfWD~ zMVaYkw%up2nAAPYjtzUr$&h|AOn<57RF~f{<)ywOzs|PQ6X~XAp35D%@>1V}NDT*Y zx)hm;X3s8lbf!LFQ&dWhLMT^Zca%1q`L(QEnrvg8h(%+7p_jBN9Z5ldY&mkQn=n{% z#z#1ye@Iandv(BJmAZcg8p!oBhH-q1C*xJn19NvwBLW7c-9^1)>B4mZimsVaN71FS zlYMvw5RkPd2g!P2Me=2BEh!;PSQ#8){at5YTO7|Fc-u+u6}5L`vm+HfzLPbbV3Z_j zJH#~bi4ZAwFkD-5qTFoJ7z7?*32bl9Rh0?t!bliYafFQ%kf>es=_GL3B*YO!`Wm5A zZp;CG*53z9nN9m?v+1C>MJ+J88jRQqmmP56$(9{wDXHlo@fw3ASMy$GPy3COhBE%=#x(e9A0{tQl=r<;D(5v^OY zO$VYkbYK+;+_{5(Vmy;cp?&ip^5q#Yji|4R2kXr+WYfSypCtb;7fY)!+R}e^)t_Ar zuyVb3j4OEuP4E>#NvP1AP1Oc7yFR%Pit(aJO1g?EQnxB|%aA{2fgrz6N#KG>{2g|$ zt}*unGQ6aa)?xUgDdsqc2=O3V-gu!ShA!c#z1)d?@+u59c1{md9wLBKiS!8_C3*sm zu-Y!*2{tOC8AaXJ0MdK*9TF(l9z%kGQLn41U^Kw)Rq`m82`bvr-ekB^Ml>?Hvc4O|;J^Rr-8739I&N+^E-4%DM@`KK*bUYl~3QMup`HNF|VXv!D#?3ys}Q9M7Gc zw#n6}V{U)pvNshTArB6eHM5Iyt{MdH0Xcryq_VFD=$~X^|qUb!TChvWeNcjD6L1tGEGyTlM&A%tVP7 zZ-rQ~f2kCEWfrKAO)1fR#^jDSUVWzQak=XOKpF}CP~SEVL($oZPo3>qzoQ_%qJf9D zU&rxM9S0rBBk3w&*ANLH2Z0CsKB&Gw(!hh*`G0))(NVGS#wPj4hadIryr3RrnB$CG z9dLrL2vr?;ycUu)Gw*Z7q1)C>k?i@QhPOr6hx?gDxzngWh27 zQxY335CZ|U+eaStRECufe1-Z%ii|GfoVbxc*UFo;xdoMM54Mc5E0S!^v5F6OTCI}+ z{YSNJ+6$+?-|N5J-~HxWt$&A96ZF#XmeB9#N-2;eI@_AAJb2_v_GbM{*iuv5M~p-I zH0=>o_N^{1Rj?8&`{E*R9}lLJ&?HTO$W$)uU}W*6zL#sFnfJA3zHjT#0gIJKBOO$H z2bjAn>G1tq(cxQ*>%#qvF1%NDwrb6&TqjQ72kq|lYL()?R*LsJO8~!@0e*ia;P=wN z@7KbQec^UOk04kkOVH~Q8&>-Tr6DdkylWW#RQL|x6~zp zAW}6B=bVnl5&Acmh4a6oz1_V7^c`o|bJ@g+oj#~-zH2MZ0I)OPp_9OMX}O5@oL#gn8?^OL?atp@CV@dNtWpoDP`RGui%Y`D zNIIWlDY;|esE2S`|I`Dh7z8+>!ZPC4Wa1ImiU?I9ZxGce*f6@roV4QTu@rd>OwoTK+===lA+*C!Vz@86xH z_ur$VcmG5`p1ga#g9rs*JNXhqJqEd86YzLCt#d+BlgIB>tBfcY`8XI&@ra-in-LDl zD|XN!4!jl=zSmKzIdq)A-0H_<&FSM<*`7V{3P4ilI_B8j-Q9h0Z~*_iyStnH-~R62 z{$KhB&tLQp_V*9=pZ{gI|9t=X?qAUEIwr6COhttGUv^iXD~sF%`B?9u9kvjX`q7B- z`5`(9h8)MCFfD}4{yx-lN$&4fqOBdG* z0&QIG6&>;Dvk`UUIE6v#I^Ss_ooHpkUZu=a2NDRC!QALdtudRBLu5{4E99|7T?tUZ zFFlW42P)>>XCo%eZ}Pyna>8KLx*~I^8gSU^YIs{+G$wvXc&m#dG6{VgkyaNCrvb!q zw7Ld`)&$ce1HmK-eE3Oo%Q5SFM)QyyBCUzEW|S zE+zaB9i1K>{{Z?OD9UL!w){rbT(DKXn0Ut29X3YyW$Aq2okt5d2NuO^bX?wA~+q*?2XL{l#9OKILg z-u97VvALBe-1_rRlR}HyiYXn76IJa2IY1k2d(@3k`-;rlsQvx>_ifZx$5$I|!@I5R z?~cye^1uJx?sQQ1>sJNzpMQ3B_FLTyvP%dSJty942!lO$$HbfZG#H(X0v3P$M%}KN zaF8&*ATVj6;39pa>`J3^n}pFTGCxFr{)wC`GDly(wvt+VOxLBATDkSL31GFW0ZOb? zjYLOB+NMU5^T;XC4f=h`B9i@8b|-;nzP=`sD-Kb=Wq#=9*Kv%wx6(Sw0XDmiY6jWG z97@fXQI2q~!$L0zpJ;-2AJSS@tlkO>7q6Mz>}}LmyJaIQs1{G*M2Cp{j^HIlGpEKJ zer+Z-9BV-03z8mH@yjBksvfCPHN7inAF+`6Y&8FoEI@jzQ?dZ|cR=OFUh%U}{A@ed~-({1K1tf@KmQw|eR4jNKIUkfM z6EaU%JZ(eG0;?=((kS~&5n*-z(*zw53YkH&KTAL%EUk^6G+r7DTSMU|F}~>VRkAQ` zwM3iGf%F_dqiLIRlomY`~c8gA4cS&Jb%y-b|K625M{|RiAmlqF@jpVVY{%xIz{l(6E z(3IDA5T^9z|M3T5qQn2I9E6M8D&1mHb$7?zH}>{zETmQ!Q3V2O$y2VeaLP=%VZqe& zM7uM7C^@(u1VdDwSNE798XQ4uJAH1)_*XNn!S=Uosr8xu*11$?`QNplx9n5v|95d1 zSASme2B60O|NO=7LDv8O^5Edn|9=~wJM;fX$&;s6oiI~Fyi7EtxKSPhI@}~t4Cydd zKu10sU_Z5&vp?En*bOUMb**L~KCHiuZs#1^aQ>L|cFZVdg3^&~8KP%d&kT(Y3SA6{ zvyf9rqKV^tR24twc~tNzg!K%j-iSm_vo#C#>re4`sg)CCG9&z$O+w5GYX3*y+3R(lv=R;?1a(c`Bus}54drAAoB6(3-C0eQ2!TBIhNMq|eH z8#D`%u&Vp|NO^qrx+wu&?kzyS)maaRG-3ONNLSKxeN;O-J<$c58qyAj)O2W0!rgU{ zP$zva&VQwS*GI-5Bx|!E!ah9ldNhrgaIsH#L#mELyny1qzbHAiFS?UDVI}4Ea!+A?%Uweuaqp}hmHn;A6?Iu=Yy?KLQ?8`*`sC_qsv_OOD;<_~zsG^3NzZ^zWa3`+70lB2=EtTZ0t@fW^zqXNG$6lw)O0eKvlXz~Zf5yp( ze1Y3;Q}r0JAzV=p%V9uYzs7Gq!pP^u9q?uve6w@rhH@F8~9 zD~?b`t*zcVaazxwT|f~~^GX0b6{0F7Mc8MfrvgoAKqu3nXf>WaYv{ky56xJxruLsj znf9OCvroI-fB&`f?9>1K`s=f=U!Szmc8Wac21QJl47P6NYY&>cy#K4c|5b0#ES>xH zm-_tA{k?;inf%X}FZNzO-v8dl=Qi(uVXliYXVcMG?epvlK&sxJ3I&QE=QmFVKnWOl zh)0Tx0a5LoR_kYhN8}K;)Dw6&8qU-=a)RAmboeS4!jUu*I+^%_)SGT zhBz8K5pxVwySr`F7R2QwivRHrk|EkdN_-ExsHWZB-F9-|C%aVu0Mk@~cDOiy_2|DSpP{~qfCVMz82?vD?^}CJP*-+QiYVRV`(?M^kdK@BY zEe}Oi)JmT&@`T@!qFz6_3#>;Ybj^aN5sJo~U7I6G&TC@Yy741w_I#%pid*YOY*0*z}Yw4YcpLL0*t`&dq1Yp!OJ$!}QzXYae z-#L17cJ}^E)l`K2sNT+s9~f89{v`W1v&pS0PENag(pOreOMTh?B|zCv@@6-gkpSUg zL^$HaemiLgG2cr)>ZM;B*H4gQp&lL8-(Kl@N%@ERTp!bkSPR(SPq}(M-g*X3SCfyQ zfx;15&zo(%tpxe5V!tlDr`=8Jkg4{1WyBIF{x#D{his;rCnE!t(pIg`eEI*5S$x*+r3Xdcgs2`gD;D3@Bbold(vB*kn z(fUs`CaN`RtLVLUHXslbjIy&iJzuP~nS#4ggMtw87y>6Q^lLRX)qV?`n;(-7f=J~i zVjPazLu=lM@QHq;G&4?wN4CLf`_hX8A9XCF8o|J9;??s=zAEX_EsIjL{w=3VAob{o zh{y)VLiiPG|L@FMW8?g)V4wo5Gn1z=$sbAWzlz>ph5WyErfqiZEJ#yu@&b73x4Qn-81M2NHUCbnw`ozHK%iH)u-&bQiQFwq z6#Cjhq)3x?4Yl=tvZ!os-#csCWQ#-82%1H<>RrpM$3=P2@>5w0@e>d<7%@(S{+g2+ zmEZS5PE74_8VniwH#Ee)Kfvyldel)pWE&U2t2M+ZchW~jM&!OgMRnz!2yap$&(cH#Gsd%WK}1F*ch&V;63)Kox)_uAXA|;aL`H0CR0T!l7AHQRtaz)#S2Zz3MaeaV z!KI9&ZSs3+@S-$~PQF!n&V-u4T6v|9*sPHJE*CQOJFIM0!t39l=w#V|2!(Pi+p#CN zn$%y_Qnqt*$fmjR>>usuE=ejgAPu7QXr1J@q0eyi;voCGnGRSrKjDpJu>zH?+V6F$ zBD*3k6;&OFCFOurkuK&TL2#d)4nVCJ3?}yHRFBeD%48kO=DS&pwp|eV|INa|ak=O? zc$lU->`f78xtKPM+Ody?0BN%lJx?;DElAgV_sV$4CCIyR>c+%%3A{5D;1S$N>wpI9 z$qkU67jMtuNipKJWCuE=u2j9$J6t3(kAP{y*xg%aWSG1ZVb3Nd6})~rmFw2iMDA_H z3);1Zsb5?<_D^bPc?=K{CB}<2Qi=IueZB1Dldy4anNcE=WP_d4_sKDGM4t^~Eg``?59LH7Nhm(QO+-v8dp z=l1n~OPSBSBV8nbH2ayBNx8$q;)beIz7|<^y{X(B)`^1yFWLW@X*;Q3^ki0~pQ+Vy z_{vDiTl;_Mu`$)70euav77=~niw8=SLcLq2pX_FoymPgs&1W` zzEe=qu#;2Ni`TKRs#|I$y7V^vz9gMYrV+g01qx{LSqE^AmN zP^@aHS!vSxNRS6nqSrWxq`mDk79uty9I3&~`@d~QAd z^Uaq~9s=+_y>^ht?@E^+E4FazCQWoHMCc1*$ei1<<@*`ooO(n`M?MW)^kN_WNhjyi z;gEho?QYrACC8jdjZ)p|0+Qde%h!yPqRkYKHsDB#` z>;`cHZ}_A3-`c4CxxGA6I40b1>icu_`xN_fT|KF%0J4r$ZD4e0AIUi+eYaat$C^o!ncN~=YCnp|)I-63gJ0`UF~E)a)q*o7hZ-e)=Ekt5zFio=EElFmQ}Zsu zY}G1%EfcC+DiXN!2g!@&u2jX133?V|8WTiLqpu>9b~-OdYoPGQ2W`n3?#VW898^~U zlf7B2Nh@|tWvex8o0vT5shVz`Le)6|zUbGLw^HG#>)ujFzR#}htU6#t5z5m-r8zQ1 z9*?LZ7L%zT(QeYnGAj`ckjo|m$UZaAZPy>lFiyeAY~!uwvIQP|v-&BGOAj(Ail8$N z?R3DWA|X-JC~4G^fDS9}B6NrC94KAW&-PSK0GND?0gp3m&cJ9w5v0iEagP-MP4< zPUiY2ur(|LbI~16q3T!K)CM%6fI+`lRme)6D>82+bgrxyc$Sel>N%V%0;zxPN5OI% zg5`?Li_3w$v;0l6k&zeBwSIeFB`@T5)e}&Muhaw2scl=ZYtk=W<@QawM<*5SogY!o z_!AC86Q^(Gg-BRlAsTq(OI5EYG0^3S9JQOx3{k(=;sP#=BTgbt$&5(Og8Lw!6YR~A z3#z==Xip~PQq--c722CBc4JKD^d3ZQU9H6Xkba&jTR*2?P*Z2G-9c@i1fyu&M*Uq_ zLnhY{V#v}KeCpqo!NYp%=QtL1Q!M*bt>n|VTsFEM6Rs}xVj5F{M8qV!SM7z&$OW50 zJzsAV3U#5L&VQ)EzDGxQ4mufvnjbO6_B%*i(NI-M62{~X$hBlEpicIL z(zL#!;dd_%NZ>Y@7$&l3mXPeAfZ2x*IOcS1umKk2#Q`FL%jaQawu7AW|3I9=DpNwF zgNXfr*n<*6oK5w;hS@`MQ!ws9jUQdH5j>E?Y2ZT2Ki9#yI4dfpWa!J2S4qd1fH@JM zr2qEG5a9y(Am;+8rh$YazH>1f+pz9ap?fA<&3H>=SkOBu>l)`iYyBy^3E)RA|>%UErj+QbQ%{8GpNoe&Pt$!c=9w#WT7xX z8}g(DVI};KQ~}a2mWSAuueMeuNjk>5gXFCY-b4$)n5ep8A=3K}Is>`m&n;1uA(zJZ z2)3sdQ+bN&<DHI2ek^~2MYU{(Mn6HD9@@M?9d{FxqW9ZzD&4qu^m8^twK zwBXBpoyghjyTI`erl}cN9}!mj{w{Jf`f+2;1BSDHRQg|5Nts5}7tV-8Ka%s6CUq zkuifBcr@d2^?G+4PY!9-Yq2J>^<^CoWdH1_w^x&V%$Pll=9_DMg9a}SJmR9H-$`>*1cHu4xz1%9HaI~_WS^V>e$CzyU?3!@2El;W=KOAG!?{w6k@1_&Nsf+p@v^@>Oe5)H>Ci8Q< zY|lV@;ZmAA3CcQ<5&3ea;xLYU|1FKc{n-BHmyZ@Lpq|x@)XPQ0(etK*+jXPbF(r}~ z*8aLdVmuuVeUcGqRd`Ceyqivnp(!!?EvJQJY3teJ6J$aH<{;H7TNTXGz;l;qHW6#C zSKFy6e@_iqm7X;fL|AGT)HO)w=So?ygP1h*uBm_wEP-gGs}L)F&Zr660Bzv2P$%c2 zo(etB2OY$!rRHR=B<=(CD%ePsjB?lBgaxhWTJ6@Xe(XGqUz%@QUv5^}$^>ECvu&5C zS@vrw8st(PE2~jB>1EE3lWvfbZd!sA?Psa0%;F()G9mp_eHQGs_UK>~ax$ZAD)P1y zwvBMnWV5T5b({UpcJG4RUB}!8+YBGCmxuGV!UK6<;l6+B<3A$C@rZ1&{!4%Fuz~<$sb|xAX~6BmeiFKhNa7nkF;v1wm?kXgFj6$mI1H-`qvR*do0Pfml9{ov2oEryn=iJLADGH}Er^|O|M_PdZAa|? z6D-gjJ1Gynqn0Bj@T1U2+b)h|ZygKv#5p5Aj_8b>L;LR6ud%t-PTWuJ4%*g;aQN=n3p%zjF6ja%6cN?bkviS63#f9_*+1`uH1I; zuSPq=6iGmZRT9b=xL^KLx~OwghSp#t#WO@wIKzCYtNChLr<&%y>|OE`}NAyI^mE z*$2!`K^yWVWIRGrf|vometq?1`)WEMZsY@Tj7QK)+p4VLknyBh^;vXLM(smGU50)W zERa(CRr^oy6+5zpssZ>_p3^rbnyL%0f@F`v@21rE5D8{zhPev*QSruDrD4`CWQHhe z70t>_=H1wvU%xb&p)9{M`~orYp-aT^i zSZ?6NyDYKM!8g_lI_>m5MDZ01oN3Yf!Ef@1Cz)`BjGB?mlnddu#_1LWii9c)lam=G zDlt=vPOk5?*bqJat9YvK6A%rMQMsO!M1-V*v*QbtZF3cq0F&kr>xWlWS0nKa%1o|b z5;65etNY!rUs1&!in>-aG_+#XQWtB8aotkiT)-BB2yh<-Ea>XiO<1lxv?>$IeMRQ| zG#^3$_oAGbnlGCGpwWl0!T2{$W`qm!qx|yl71Dp|R%tG?n`RezxiGI{#WroWS?rL> z9&kz`g^C!)$^$6kkmE6Nuf%kMuw@D941w))@fzkJcD*C<>K@P&pprmKRu-BYi~PjCo# z&Wj4Q{O~cuFeQ=s7RwD1W4!nLgdeUvK4e>-OJA z#ZL$i*fi1)zH{dLAiD9WN=V17sM}xQQN?>XXN*NvGP!Ux`_2q%6(*iglX%!h))Sr` z{l-!D0i7EaEciVQJk;*;Uw-la_T)xM*Tc4Y{^;Y;*}Ic>|2RZv3HHb%5pg5pp>1h{ zSx<$2{dy?Bk!`+y?d%|}V+Qft*XltB6;tWY5hoH&66h=sJY&?$QybJzj6%*lWsFNR zj&c^L#A!&+EPsJo(}r+i9-)Rj6DTm*)w6WvEM2Rm?N)s}V($D?C;zQj<=$r(3xNZV zriomjtw&e$~Ux*A$FuSr8F zN?ml~$7YdIY<>F)(5Y%+o#GFMn3HJ;89X*7^( zn;F3y{45AR_V>pRA&diz4djPe9aiuss$>#pU3q;u} z5)fn4F+Xa8s7FcC)dF&i|m}pZVX46JU}Ms(Kj!HO|5$ zrABXmGj2hSO>tdlYwap3uuZ>EpJG0@@>tcK22^DO$*O&k;(7F&BG-HI2z`C^!H z8mxlt8!lfFgIERaQ%+{cC@RhcEV|-YmF^}PMXmQjG`Eieqd~;Ff_@h2-tRseiJCRf z?y{ogO#kv2Z~ve_3)z3V@uIH48vF0%%l-YV{kOOOX#d^H=kDykpCmKA{%-BopJCE_ zWBVCIOD#XhSzOKPGjnXl<|`oSLKdItuZP3aXuP!1ml>?x$*Mu2aV@&newf*bO*XsUfB=o5Z zEK-I}zD0i2dukGASE5mv@BWRG(cjna1k#*(f1E%z zw&k861@?-*AbY9}IfU}$UCbe*`>(|zlpd?ZAyno?_WwuryPhN8w6-GKK? z`5$p^jH;^MPMS~B7*1^2cJ#l1Q|qo{y;73%UU`-7 zIMPco;A5QE-T0bn&%E_{n$~sj*TcMwg$08?Y#$S#(0H|%^)D5Uv8s0o2EFILrN&N- za@B2pS$z_oGND8gcHc((|h9yN?i_bh=4`YAn{_W#V|Je$4a=#| z9&xEh;>Smc1WcZY`ms0-XVsaPXSS&zj(OoORfPSD%)4yZHNRDzYbDS6ItWV1OUMT# zhSq~J-!#xrnc9Qyl*9=lDXjUV?zG zoZp%ie2eTo7UopOcLaZl}-Lx@z zQc(UZ$k8+!FTS3dh3jFQ3Uay-nD@e)Z#`9+P-vA%!W6a3J*YA65`Hta*89>fJ1hPy z!)+C@b9T#e-*#FAmrlHJoSZ%T!*^WQxuKMRtvaiV4~4~?PsL-bXql-&@1@I0op|c; zP-BQG>>E=WJTm&=+@OuMHZ7$5*e_pZ)yH15YSOFMDdSrhpf|t|BR&;|qC)9&Mu4k5 ziMF-QfWCc&`UjoHD^aL+tib<;<5|uw`{Xe~J$-y_FQ9XE)LGar(Y@pZ`W@IM&yFm# z)#?WwmQ8Q(SjpZsoAIu#u)F&#WdGZT(gI$98vFl18vB{}um1DL{J&fI++F;aHiu;! zF!To`Z|f`F9ooajK4!sicUKCR?X1cdzw!)UwaaY%IG91JNZs9CttOYu)?e>z{dl$} zDqoqVr{1|Pq)ibD`8TgK%YZ`bus2v1J2@`K`W^F#8BGMB4n}$?8dw?%ypx>Dc1(=D z5`RjfR+Rcvisuz*L;}KbM7&<}G)w*Lf8G45nZ`{6HYHT&CZ>tKRMPIF;hk&OT94yCo;{uH81# zhOK`-ZkpTOG#OJPH#+L3(KAiq0bC0|%aJTG48Z~!I*V+|^xnz(ESG(mKiP3*$(2f_ zHi%h1s&?DS4JL|Z? zffq{-Eip3w6Ejm8)u7V_dlSq)U~UIVmVlAiFz6yNmtECFvG(CF!7qV{M*OSzB`C0T z)Z_|sxpJBUPNyW$EA0VL!$1A2c$yb$@dM4+^U%|7SE@zQ+LV*L%kycp3 z8p-Ng-x&htD6y(tQ>_0xW8zQfC}5ndLC37o|97A7W%U34^XD%P9`*m*_-vt597!1? zBv+~>mj_0G22<*LQvQb6y}~0RoYoe)7*m17Gz=M!1QKK7`w*>yCOC4(G#Kq5PJA5E znLhB6?{VO@wopJuD!zGJITdsqDf(X>2fYvcIbs3ylpvvyaOBf~I4$S(`R8+aJhisa zG4Lq*aD0wD%0zOmaSFLAGGznYJ{{Pk%`hYoQQ-MxizY#4b$NJy5^4UV)sTcjtZg@)vTLayL0uzBPU!Wm9|Uj;M5 zm9*(KnJe7}wSOSK&(KH4eXp&6c+1$8q;15|R1n0b9N{ny6cSPm4>|LuaLe$Y=z`DD zC*|%z7dZH1ijI=j=om-XXQO1HHE|r5O?o7V2oE_Gq_YExO!5UH9)$teFka7san<6U z1W^o7s|81kQhY+rX4E4BVZ$lLA&JJs4+$6OdQ9Cha&aJ4F1T)h#EKd5S%?C1t+@zI zr6R9*ILEaebF`re4)BO@r`1X`VQK<6r#}5S9S|IbA{p&Uf8%&$)>Dk`k-JggYh^48LrllL;P?GsdEXXU$fS>=n&Ja)<<&T`hz> zB3w?v_BuqbVV@w=+%hVu98}s_K69n*)k27T!IRJ@hbZ1%t(LV5Yo^watMs_ECUnAR-*N zL=QF~hpnxcEp3k5N(ufnzidhRm#qF4vX&p&E796Q3Uv(;$X&UwPNmcr5eZz9>@0l| zTuUc&d#c(?rPqw**hG+YY_&whI3AH>9}7{(oBtRyp&Tv=fD!t@{ON?Cb2Sixk#^9@ z(C}Wn+ulL;H1FW3YPYq_^{9|=3gpe z>}*&^E&5h!ITT&DkVV)G0k#lO0D#^CGt8Pc=Gix?IHH7YK{Khr()PlccqHxMOCdX% z>(Q^s{3jer-S03vmi|6g1J#%zai!$BB6E=Za1h8}0&8aZBMr)cQ1G(>SZYK3wr-9jk#CCWx7wB|=Lk4Y(M2?$HTrczRUlm_&*j`Ku<1cHJ|40{o3-`FYw4G`9V z?;yb@1Vwa0gdE@+2e2tevbWOgxC%%JnGke9eHzWxw4nQq3FRV74XIj~)!j-Yc~8>{ zzVCLs#pT z+5Gyol|tGJ{RCsjakQI}1hd09dD)m1r$^`KAK#z7j(AQ~@yhZ{H=R)DTP1;wU%vwVT3hzD1&}qfqtctd zZa1M1_64TiVDH{vyg7HGFHy=STj7FuclUO$h$HkU&|iuKeVYXR^^l;y0TT4H zB+xwpyRw2k0G}k;#B?)ZgDhd%JtPJIaKf?HN}#y2b*5 z2_ns-Aq}V)6E89GM>HBw2jKjW%&WbnTOz{IRCL*}8;waR+tRJO09;qIc?~pj!izLF zNjL-wmHBIw?Pow(IPRapwFw$yfd*1}XWS!_p|Ky1@qk3sg&hSN?wC#3hy+Bg{575{ zJy@OqV-oucE#H{tv17@s9^u-H30G57v)k21p)n^(?mE$~2CX@(wj|pU4LO@2EKyUu z$O2-{B;)JTJ7)*R6Ju#I1WzM0l%fjl?)ePY8Q1*ao4 z^O!r8mJO^~_2!xFeV*-qp3sq6;NDjJ&+b%^u8Rc`9lcHTPr*nnp1~nvXtuApL zQy=*>xB~C#f0()DoR00pj;0ag6#JsbiD3SWbR~Fu@ZbGz$VAjlKv65*`_>+@2{wft z20k10R2$Njn82Lf*D{0-grwn$rmGoCO<3l0+?!iip#}G)j@jz(fVI8%Vhv zp!U%@IyrBn?~cw-&UacLPcD9V|MLazt6(n+a literal 0 HcmV?d00001 diff --git a/assets/bitnami/mysql-9.19.1.tgz b/assets/bitnami/mysql-9.19.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4b4eb0eac037195e3a17cb0dd6aab02c03150327 GIT binary patch literal 48416 zcmV)PK()UgiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYccjGpaC_aDdQ()DZjh!_myZz`ycYA-=v7N+c`r);m%*0#;#1z2+K)V%p|33RYc#!}JQq;qaJ2B5p+9H8M6;LQt6$*vvjQuO_A59?Ty&0Uw ze|dmsdwYBPU~f=S7<6a0kk5LbkeuyZ?BaET}NFn73qTXT=W@!v( zK?0{}0N&0n{`-x$+)Xw_!7ZW;lVkwC{IAzLy`67@?JvEBDT)zfNCTCus>-1;p|b%v zh8zwdLmdF{6pj%afR7yj00@9vMLe>^07N9bK~z8=VxGV$?#n`huY23Q-Gd-PLkyE( zXD6V0RZvlYKBRNraLRBR1$5ghDc%lB5FwMJZvJ%MKsm z7!CUUUOyB9gZ1-59F8Ub1VAGimWjbz6wZVhreIss5G z!Z>4s=K?Un;|YMb5XW$cW6WorDZ~kfI6>4Jyr16QL5jA(X%hB20Aw^Sa2#Vk$%Ya^ z!&GWCJNBGW{VPGvt=Q)jp}s)GW&ch-^xyP$zUl3Bes5v-{8S!${f|j_^AK&!S^u|p z_g+@k|J~i^_5U%R1%y8d@u1(QXp9-BvtXxJS)H^Tab*6^UT>!p;W1)-0N4b++&>uX zhv5+Ik9J0AZ*TvbuMhU%*WowOtKFC1gnQfD!-H2}9~>ME55m!KXK#P|>z%LR*Sp)p z2!6fu%{TkQaJMr?38Ih-rKJ0E`{i!1^D@}ox!n1Bu)8;Sx!-%Wv%UXncjudz|I>XI zI*pH-|FfEOn_6w5oO}5et9fqh0<$FCC;Rh zzXcM)5#STZ0iR$7?rtkR7Nu=UM`8sh?+A9ABW2BF?0$$~d8LjE-W+1bM29BoGb0 z=RomxkP)&qb?qkI>ZT%K^0O4@3_yVyfRsWHL>pfN?ZSRHA{3knfzG(-t)EDoP0)0 zfekq=jM6XJT3gAo4T*-`SP2gU(1VNk)EW=bOc|DkWR}8k(YEq>h7<=#sS#}%9TU+b z;7I)fk^Cv@JKqPUxX^TAY=e;q92UM1!#Ytxk?Z76{amJI`?00Bsm z*rn0`4%MsMkO!5dxn`eV1PZn@ThqTeQH+DQ>mM5WU4A`W7cb+Or-?guITx5k+EF zXlW-Tl`aW}swmhv`H&)trzqht7SjWqqfucE>*Bh!&}H?TAf@D1^iyA;R%&0!E{(zf zj9|==MD|3!0uhGegfNanFeMQJdY-Bd5r_zgMWMGOLRuJVYTa)+u{Gc~#K@sc06WtEa#GA?flNq@OTt6DZcW1&XfGIx z5lWldgmlcnq4>`-t%=&EDV&UOg89r{FVxft>sF0#m4#zGR$@gGuc^&TlWb^gqL57c z)b)n+IUKXT#nTcE(M3O5srkXzHonxWTE0$l=&2DSmI@=``b#3k5Y&rcfk0O(<-O5a*kBRWN)wNU**FJ-M?k%Z$(R8)Az2)WnW(3oU^M0Rm1eimqjDR&WQ@CxHtB#h z4&Aa3+Zf+QB{K-YLa|c4q&^=j?veBC%ft8%&e)d%`GN~D178Z6&G?sF0L4tmUoMNE zj@}V|MiD~^|5AZ-X2?yhTgg2G60&|sk`SfRmu#kSUpe#pFH(vEF(N1m)GITci;*1w zyG_;P`&7Av;~8LvRy{_5jH+7u2Gf5`GseY`OktAA>Y-d-BEzh?HnQ1{HV)a1Bup72 zK}w<^C$lezP;><;#kY{7oX7fFdHw*WX>1mUbQ#?_t*Fg{1JrPFnjtZ=Gm?Qj$&N9; zLE;NTNU!EN84)^_S_u$Z2N|nD0H+-Aj3x|xdwB7KSZ4Z!f_H~+PZgJs#oDX8O-W0Q zko;=am}1628cr}rAdJ{kR%vk%6LGt#PqvOMB_Mb^Fods z1YyQFnHD=nIgyV}LzH9RozAYzFVFA@9+Ng$l??Iekw_3tdFe3d`FSg?ok0n@TYUNm z!PdyjmT>q{bdE8M^0%_hwNJ$?4Paok5}2JkGYMU^2Kfs@8)?XU%}+<(8H;wJrwM<5 z8dz#60Y5TS0WStLALa;gh-20Rmy_H&n?R{k=QY3w zc!=TCq9Y$Mg~pxew`(u<*MfnxqIWGM?R8J+ia0?ag?u8%UyY|)6Xg&I?!4XtFlGcq zs_=Ee^Vfn+ukCf)X~bUPeF~9>v|KR~I1E7lR;aRlt>5(vMl;1SISakT3IPGEX<7%< zoyTHr@*oH9KY5lXrEj~s$yuC@aUv8orY%}oNY=157+Gu!3}<->%$0SNF{Ee6RRTG_ zMOWU5Qd6XGB%qX{&?v#9Oe$ltPVOBQ1C6D4$ry^j1W~m-g=CsSj#Zq3@&lz5-C~mE zp4A>W)#@iqxb3PJt3nOUQ^Y4El1zdXpM)@+;ADIy?8t(IUZHW;c5um?h!f1C;f0J( zVc-}`&j6&#YLMT63SN=>7P)=sl+y(SVnYOImH^0sTrI&+FrLlDFJ8D!$~OQ^XIJ9& zl>*gclL7dsz5oDT{9Au0)*r|w`8yO&2rY)aX<7@cQX!YZGY>J%XB!pMRW!@o+9n~((AXBEds2x zww+;cQ7OhjzF&PHO5oj*a6dK|x2ek7mUoQ+F7%!YOj4@=0f#cjQEFc5%2|)Et)otUZ(mMex zND#jx^ady6K8&IOC7fc!0#2lx2k|fv4X{8=UioLB+v*#dEZk}b)E$zancPDAMazc5 zS7L@%N{ZYroX&b-GLovD$J8kT6>o-plxQ!tX;7FmO1F^&OlM&->c2orW(H&wIG6=_ z8*;W-Uk2b~ARX^NtB}}VqoF}Z`k2qRu2+}of={1ho9qUs zGL$%=h>`df$+zf((A+S;(oopdh|nvscrXs9sVpM|ScK{8K1q4M?0E%R3%l}{=*M{2 zS0z+oLiuZOf1eX*jkKDTXM}R5!bo$}NqB>}4?3TwdLTs^)whsCiHloOyq4ejG_66E zYkH^f!xfBUa)+X;6w0P|4&JJ+z)2LqD58k5*Iy}$a3qJn5xuCF;z$;c$v8li5`Slr zF*6lnGL{v>38XOOhz1PtK+HcxU;lXd-PfvXVsdx&uME-IRZPaOw{;uISick_`Fdx& zx7|@(7{(YS{Fh=Zc6YZAmgr=~ErEkvfmLgk&{G2@aE$26SS>UZRbgX{S|wekFwK|r z+}JNEC6$GxnE1VBd;CkM@Rxc7B=kUiqJ!6$%1LMI&OZ|oj&NUxnnvM)KF-%)lmf56_V^uYiKEEQ_5>=O-? z8RsEL5dW>y8$Bi30eWR3W=I0jlf*_^V#2CqaKVRJ81L9~rv;%})RV zps3iXzItiXWCpIz;5EEqD65hBK=E%LinCBSK%pK~r@@^03zTD|BJsBT(^?%e^Gu`M z52`g1Wu6;FCO1xXo!Ui50KPym3OS+RT|UrtYvuC2)<%TbLc<_ci#aDTqIzM!wElkB z;TGx`mqS~$pW|(zRLh?!#e`x$lfl7KiLE00C8(6jWqjBimQgH%9kWr8;vVskph^g-al9HH=XBR0&FghZM(9&_j#q3gFfcgaN zZ*p%{=v$@fwH#T2K_XzXsUR$x(ve4(6Qq^^vACd`kllPf){s;`J4y6bTD*c19iiuY zCl^5RPM!u9<|j$@)EE4}vXRlkmJ;1H&G8Ck*q~)md9W^q-o@`sZd!$zkSo&UL?2oT z$>uOJ12fPt`!5*cGAOA0B^VJJz`%G_J)?4=YaFQx<;deQ`i-XEeCQ+gJtbLsG=a$& z=^?*BTx~_mBivvt3V=|SFfp4gp|cqadCVll8_}gP&|w-(``6`;iYx`BVK9PWt?gTZ zo~3DwR8+a7f|XHM@pF=ZMSBFO|DGP_-UI3S7W%Y2e8ax98nRfi1Wu`ad04lOjsn2b z?*pJBJ(bHz^_-r*090wsKWR_{u(Q3r{Ps;&!CRk`BrY$+{V_8b7gm-0i-Ncrps4y6{1y5T8y z?tpW!ZlKeki0&PLpSy=|-gLDrayrD6(=LQ_rBCY!cJC@|_n0{+1t|JghL}FT8RIGD zi)s?C`JxntKp>iNwcRAoV_A|*!T&n~8B?L=`7sK4NQ;v^blvQ36{ouNk((I7TYW@A z>SaQU3o*$w?%{;su<$>t7|TmpI%WjmB&0}gi;C4XRR2=WWCR6qg3p-p^~ad=Vk1!_ zvjtcdP6PsPae_q`Cx4d z1Hf*e0BHzWx{Vw_?q(=9u$7)<)-};3v9S3NW9m@bI`o9%y@4GFTLsI%)X};A3#+nx zQxjmJ>Ys@sW&POs*rGa4Fvl=HMlqZfRh)qZwf$!7{!1FiDfMr=IL`4DiLcN#^R>rkhFY6XX&&Umc%IKB4 zet;ddBklIx0I21%O#T4uYK_~)UzMLTZE}u&it{F~=AAh1*ERqan>vfbpF4RL2iao! zEDp5g1X>($%PHgmEEg^N?dLR!bda0G`zg*N8^4Ns#`-qD@?tY+G1zlw&tl+O%$&sl zwwyJK0c|;BDnMl_lj7Y%vt?%;(?u7roiAl$RR$Nnv6sne?5nH8wbFDwaBH`vRM~S! z%v6ymt%wU?;XrYqW1nM;I$QMdPD7dm>|6kw;36)%w?SCHAxZgkse)vNk&Uj-%oetr1V9GY`* zIwR3VibCIEe$~1u;E!=nNwiVK%-ax~=aLKo)a;eYzc~TuLrNGb0i*T?mtKKWlO`)f zdXJ%!I13!b5KkBNFX>!Y{k#Dl=&gVv{;g=cF8IePQq~=8%q!DIpKdezCJiEbRBJ#bwbQ^)NBT%-wB_VtQy~EVX}|g}tByY1*$ukBYTfP@xSQZ`Vp13} z5Y1$6QFVBkVUj2}p@Ekr8Vj&tos`@JG8dF=D#_w_3nZk{oRla4v%-ZXV}Zg6A^8TO zS;q6$5$yr6F-~8Kd2;yoi!GgMf<}NO1*Gr)cCsZtgMSC_Q;|-{Z#he4ZJkNYa+d;_rUNjY z1u#t=Y%4)oW>u?MO~5%4?=VS#oyljdaS(aSs*5Fi1=O@#S%hp+oMWf=n&%BdL*4SS zbygYr93>qtpwd_B{=3j5UC7wI>Y7ySMlFfn-2^2UAru(?RK{nBCh!&$s$vM$IwRL3 zppL!ih%O69fEl1D%0hRcDH<7wk%u^073E_TBi@L!%*!g1;+rf19$X^@ri`nGZXsKv ze5vMHz0Mb7wJ=-OjaGx)5U~a=P`A;npQ}RhbmB7D=!)}CUwSZ8b!*YX3Fb#d!n?yL zvYQuQ?R2Y70oE~;-sl(O4Mi{nM*14d1aB_u*;ts0aeU6 zh3Fd@I$S0w$E-wDtukXs3Qa#Z5L1*Xh6DA+`MBrb2jCq^oWZm{%|%75d*8wsCZPwP z(npzou;3pd@~+=lMa;1Vm0)dxfc?>}%880O6H|yJGFEksBW6I$YfXZo#=zP2btr4m zPw0aJc}d}DghL&!rCQl-=Q~qU*8$Eclb!9J z`rmf{Si3cI+g!pBa}x|SVXyp;L# z845FwZ}YjG2eT9@hA9fU@*T@aT47M1k!Zb=>=sj=!8pJvljlLK?93mqYhIT6$5|Fy z_Nj8d+C!U%3>&4URHLx^Jbf!$M^DP^&e%nuZxyH#*AiC`3B!+(O9{li!i%IHfCv-*rL+j zsEvk&3pETp-V)hJc(19O*Op41h-og)yBQ%9G zm2o#hAS-}52szC(omtiy@+)?SI&CMt)B4<X7>&4jnw*>@Z4)4v+*;L5PC!V#*vJ4yZHnB#6JeiwTWCAcJcT*$Y zMfRo=+H>+ZHQ?-XQ?H)EsgVjNhm)6(#w<N;$>oMQ*__tZ zb8E}zRA4_pqtn9-`_eg`tYxq!tCNfHN_m|u|Cm3sQ@O3Bb2}9+edgJnEY?~}ekWI< z`D`*g*)!}Ph%$dlNovZR?V58n&|W8ernOcdb2;ZXmDQsCl8HFHBrq0<$=6V zwxkvZDB%c;CfqNtkcYf2SW1AX~qQ8fTpNf%WE za@B-UHDEvAlu`T5bEj(6u9P&YNh5BPHmZ!r@`k zF`y~X_F+;<`6+yyWKuP4SJO#Z+l0>vrGEc}QvPwPrj%+LwiS{})ihs8E7jEe+7e6E z@Nkh@s*!hFCYP#dGJfG*wc@ z)|P6DHED)*$)>!>tT)}1M{Qmx;Z%X*Dk-PxdS_13Da&25Y}%>1mg^Ev6*6$))KeC= z)#OtJ9@W$w3ud9Jwo}bR)!5vU38|{>`cqOhw*6#tQ&p)eXQyhU>w(f#Rk89Wswzuj1Jlc8^S(Q*)IF*$T zsnwHNIp+j)N~+Q!|2bz3t%Ct|S*p&zJv=I>rYaJ!32NMQOPw_aHW)Do73jWboH?zP zb7R@xT>e!tpN2=Jv)e`7PQ7Mzjp0}6gtzP)Ck)!sXPGLhZ&y`ihomrln!AixlsJ! z@}78OIPUKgqz+#aGqnFMuQ-u&sR-gFRB%C=(W;5cBxst&h=C)uEGa;lzQ8C?L!eDb zL0qO|aJ9k;Q>>5W-vmVpOpYR<9B-9x>_q;JuY4rM8lbITwkROqipy;Zpeq;5Nbx5%___DZyl ztIUqSp;;Icc%ycxWUM&jNN&HAq^H_f;wmpG0Sj2ER9;Nv1sGAOO3jQJy-~q0LX7Lv zv$FZkUOva|PFbuAPsYM#RVgYoVN#FR)Cz>CJUd86D%p^b#W0R-Y?vPr1$r(z()c<} z6dpgz_>o_vb5c2JvHp_JWPzl^OyzlP1GJ`h?wfO_E#(8S^Ky5ucrON`I=e5dU84Mp z`dZp8a=xk(lnBjaL`lL?5-kk-l8`d`<8Ot&Fg@qGsR_%ERYaGLl_6zMQLA4Lle z^2Xn7I=Sp^_6+dJn#cEK+2Q5nd2m||?n#@m)uZ?B;%(7S=E&tQK>yD7V})E%f=0RC zl+aU27=%j3QW%!vZ)=)6BayeovqGO=rd7F-Ql&_%aW$g9(q)&Kjg}S=AE_J_@V0B=uI9+JYNb96JvQKn^ zT>JbY&?NN))>V|8v8sG7>jUoAmNN0w(R8*DQ5$TtMAvnNu)4V3I6wLR^y2dTpI7e=-=6$Z8aoXrNUiafkbr^Ive}d{%t@)?v-cOLm+y7c zeZm4ZL276}f=ts#rD8+ba+xUwGMSOs9^XD(5+*^2TAj}hao+ttOf z+RDCzGr%VB<^I6{!d|b}17|UU3<<+QpX1D@)|T4G;af@%BPKjpz~OM*3fVM^W36e{B0i-AlLu9G@NF*01f+pJ9;oUJG>{%9`n};LkyE(XD6WFsLf0@1o_@k(I*3NI(kRA%n+62dy}3$c!RH) zLX=Bxiecz^} zHDJyr$aHqDtNjhlQ~{mSD0g7lRm+QQl|Ks0cs}n{jI6?XttMJWoZ`^8OudzfR>2u1 zQ(>`ZOzyN$j%cayRDp2U1pP8!31k#KfHGba3ZNRpb*Cz($2C-a**+Lkr zB(#A++|!Ov^tufRAzG@ouv~Q^YVlYC`Zz+<#l#YoC2Z;>VzvJ7BnL}FTZqH$-p+o{ z5sCZH67k_BqH?)v_V_%q;TT?SnG2_$HeV*3xxm+(2WM_`^RnPns9OSjH3LosYO5SE zze~QB24Yp@mta?4YH#trg0>ZjCB6^9H#^&V_Du1u*UTS?*R;gvCkRz$5a$%%@>%2Z zq3N##D%jOB~2vv<1mUVfp@iScJ4g))bbm;+sJ5!Fc7x<|s>XP-WG z{d(mGPT?UPv!1yMNreT;Yg0H8D`X0pK2E9D^sBscNMc`Vn z8Dl=lhVl-QqHp>oNIJ7oaV9bVK@gHSMxokAypoxRrYPaPP}l-`pq+9ghazD#v#uwfp4ylZu;vuh zsOzC?RaR=)w%>71`EZ)HEjQIk1#63@l!S<}d?T<;!QK=n@*6weOT9uwZXc5rej3Sdn=!Sj z)^pmtKV{lHqi8IeG|%HWt4p6(ZDN7sc`e#mC5_(B_QR*qYuiROjb0neXn|}+>okRy z%#-J@zOF2Je&{RY$nyhSDMOwgk_$&eE1y&-IZ||~d@>xVu-gmgD>ye=sLYcVQkddoocmdIqMRI~_XR?r z)w%o{obug@e4EGF!vHwZIY&&uvxRZ4H=FZFdMCs=ylNnMPCM41^eY+4_#P+wi)da2 zh>}F_f6*~2BD6V?LCjFav;0biI!ZmUye+jwnC^KUET*nZp z!F0RDR1@=nwQF8MG1A1wLC+Sg@LIzqYsfoMk|=NA*(`E^+Q_I0=YDP5Q54CMk|(y# z)!*va6wAYer7@tiNON1UVR`SaS*yv}AI4&(c_=WYZd9dMswTnF?88w>@>IjGE zk@6BM8CwSE-(fy^NCqw{u@r@lZE8n}w&)>y_ol?TEmJ{N6brKuTg-Ky#mI9$vI9zG z>eL3eR7q`M0Jdpgk&2bcL2NFnYm~4m@~~8oD8|;*39a;?jFb^B&SSHX+#;%` z*qK+nlv`|IUf)32V=vp58Q!qXxAI6;j3^%{OEEYmcUJZ_VJy-CfJ257zLBN(zmnnW zuH5wMegdywgPl#Q@JI;4ecOo>SJQI=hHep+2fpthwUf~4uWG*&Od-WE8d@JK8=0og z6fp+JXaK%^D=Hm-3yfPG+}~f{-(P?F1inzH^z1L6K8Y_fvl6*WzI5@(rpilP0jY~S z8bN+C>@UyH=kTZ->Qz*IPw#X5%1E-#Hnz97w-5IA#u z5IXLwKVNjWL~%Y#ktnMIIn=u%eM5Hu?xif~LK;pmMzLsi16vlD3USMKkt$Q3rC4s2sYVVes2w z@ITwZH^1EPY#r=<>RLscFsW&`O9|m;rjJS()$pN@7X=uQ_q9{9#C*q=@&y5fNkpb# zXFCwa8VrSP0ONE5lWdA84uNVL;5>UkLGY)dnYzwfgan=b#6SXygX{`Z_~8vo#*(QI z_PluHthX{AIV5j8>FPtK+sPq$+p#A1j||aOIHZ6yhc>I^Iylp6x0%+;Z1*-fBqT;K zY3^F(iY;+ew>mu?ajC-%7Lu4I-Yw_a1!QKONT^FK9W9rg96lke*x?95lI`D6UEmIU`wqlqN#MZ0w+FV=7)Qi6zJ2 zKgBEp@4o|=Kb(NG_s9PQf&dI5n{+y-2_Q65aY4pms~NvgR`pe{YBzyt4D}Hu!(JV^ ziu6g!^I$JsULC;gqlD9$jE(BCNmD_ZB|U+fU>p=P)pM6Pl}-FzWulX})rkotPa3I% zY*yCdoad_}eYaFMb~-w|h)FC^I3ec5^S}Y3@+E7tInSG{fb`n7)?>F}&pODhW4Dfp zOey~9)4=*>n(|$|^XZcjQRrWJ1$*<--9uEfR?>D+9Js4eSEK@e1p1n<7Sa@=M2gwY zNzR$p(KEr?V=WhCo@LCqim?hQ60!rs*c#R!^%luMZmo3yc>B+b|9*3I{{H>t)!E_2 z#oynbAHV)$!{#iVIcKT)d4HcL)wcRqCv!1#n1EjyNrWc&x_d8AS1S4gfns1bS3Y&Y zM=`C@!5#>r%}(c%n9R7M4`dji@s&t=cY5GFO8`{4YA29Oi4?-b#9l+4%U93tLLSj9 zsVC9p3VnqP2m(3FMGi4P~%@WG3y%?!Kg15V6>U{nBvo5^7v8$1ex3%4$`iV$Zlt0;m`qK zx7-QUYj|Wg1SE-Pt$N|XrODiWuqB9SbR;#b4Fk`cnR^p#B!mNh87F)5rhxm7a5MlH zSlIq<0&f}3FF{svYOC`R&UBbR&tA(6A$bU+%6sOFnDk2ZN>n?FY&qAQT!8ab)Tn~B=l~p^9UlE~ z61?nfcfRVYxzhg%+~Vm#USBZ6G2*iny`GBB4JT*-OtC=U@Lj(+2TQ2aqP!)8{@POf zl$CpV_U$9!G)qEouq*$>(~E30!XH34C~%YZQjX|c?JTfnfBA1upZJ#QV09`BuYStMxJx5TS_w<%(wN$1ZA!&Y=?HV#)IaKTI%IRf9x;wMeO6rGX_UK=)LF{6FqM4L ztL=*f^JsXXDjmIbWN=QDQznNSd{X-wu59Xp4W7pH>VC0V6{uBMfv6p5ifoBjYu#cWq{>*Xd1$0{swu~4x=ovDBtc$X`4QQv zP69X z@-2m$RRLyvl4GtFRaaOyu$iy2X0Hb6U&m(kD^0M_3Xt=e?z8z!R@Z;3pdzfwO*R*J zdScU4LY+`Cr)<8%F=7o&GKW&7_7s-{OFcyr6(TB3E^vcpLWz+Ik3!A#$p#(?okhN8 zn_Hb+(-3dXjj*gZFeYJpw2(34lD_XKnVNpG==mZ>2^hT2QviUS1JF}vx;DW_fD`VF z?H6SDt1KQ9a+9T?d%M$>A-@uCuShu{|J;;YVr9mbFiQL;leDTYy}zLu_y~pvdl3rf zbE+W!Fit1%T{czJH1T5YdODh*@J3)Gx)rI*N0b9r-A1A{OJ%QtI_|6ZZR<=zeO#aQ zXkNPPrC6q>Ybq`Sq0Y|sa`h3JrZ`6OdQ1aVun3X&-6Z1}nS25&V`wM}jv$U}wd1mb z-1OfU8V(c8CT(T!7a?p(#;up#DhyHZSArAJ{okZ(6%DK%mb`4)ZT7#(Pls=QJh=cr z9lkj|KD<1A|8DTVi4coPrQMQ|WfchBH-JzD^C;{Uc^zADH6 z?eA^xKKuV4;}Lwlo*jTd-@I#Nk>sRf89pTBPY?th&%WZ^7&SK%?aA(=eXdV={_8a; zV7KAg1i+m6|8jS~od08ge}CtB{y)aE&iUUQ+W=Fn1A+(OcBgZLlW1VliFKxkL!n&` zIw~QR42WAktf1qhwQ3j6@DcngBV2pG@)T(v4NT`xQdvT1)CC(ri7aJps03AoPNr(< zL|K+F1D;r3;E8n&$uuPiO85X2H-+f#CbTxT!A{!dqH<_`k*!Mg$}T^6-5{r@h|0|# zV99AQFu>UaSq_~|tAlz#kEEMSu3elna264VxaMeTYjt5M3I#u^yM`LVNaQU}dF_%{ zt^Up?+dbk1+0E}a>gukr?lfw^r)Z)~5-9E+FD@LPA0VSmG?hH|Ojasb5vUZAoP;DE zfXkyZ{Z38eqMVf>vVKxo_m{74UOj6J^-p>I*CBT5s>?NL0Q1iOY**rc4qm=|`Mmx= z#`8eyzc-pwOhC2lJHeTbX5fp%3}Fg~IK~`TV?gt&I?B$gNVJOV{9JX0QqR|{@vASQ z^$oN@u(YJgljU}zVN32mUI!kSB~h@_3I-stXE@bR3RDcv2KA1i67>g)zBT6xZSomR~@*5$;dyTs4tY0KB^)_ZpLfPep~ zB$z*N3T<8mtH}n@QS~j%HGUjT)%k%FXA(UL#+z^QHZ;<7sjkyP-UU{ZEzd+0^+uFT z7v|T}VfO`3NR)0-ed4oZ?o81P`0nCufrC55xni(H&l=z97dL3O1-?)_i-Xro;*yV- z0B7kak^wbvM{_A7-s$gvdj5P3fg~+FCE>i)5{TtVJd_fL}x) zKO511$fs=oTZ#8nP|X^A0CVjBo!v_Q?}Jx+&*y(0JyO=$=Syog_|$@M zMxtZPXeO^+`8JEjh(B8ke+>C=_6Qp|YKoJ?{1}F;Z@=;G1Nf^|HXQ02gdcuPV5v#x zU45gTs+DHHNJ*rJd=0TzdGk3?FLQZ=t=LlAvMn6*7KwBAV_Wm}^Xk3&Q@8%>^XID> ze)^eb|LyO*EZKkCyRV+(e;?&}K>N>4VNg27=}&L44hwLZ)CZ5P0`%%OTPlmRyM?ue zMY*kJ(X=!^Y5ie!`?18he`o`;LH=_z%3_9AKM2+=|Mz!x_RH~~uXcA|Jcc-AHV z7cuQ@-m03ubSS+9nYx zx%G0j8&Q0%%;)#IaNP>wqY+LppILpU->e7g9DYlb^MeQuD)|Hw^S%*3T}65Aqar<~ zyk5*JMl`rHiWq7+!JW9>ZF_=Cxy13hakN0L2hW5=s5O$J@H{MSfC@!@ZuADtT9v** zvqJl6QC=0Tqp&Ue3&188xF~GDUC%Ud+F9T1%KC6mDJJsj#uzg8 z&dT)&K;@HP4X*&GL`%2Dg=PuIQ{+LV{Kbn&rTWr{uyBH+EJoDD!g=jKT;x<-x_wSk z5|i=lBBcmMMyH|+0g0rDZ|Po za$v=UnEpdf$~jZbI&PhoklLir#;i>}-gA#z`pI$JWZjmtPoMb3vJB#PxmC z;M1q>JcLF#i7I74Fcq^XkinGxi$%&DUI8RU}za7W#9^vNgGEs?;op>%Onj!o$getn`1fHp_0YEg8h z=DK|%CFo1}L_&{DH$zq)i(2`)xU_618*6&Cc8+=$hDFx(I=IcNd#m|z-}V~WqRQ`Z zsjHV1VW4{lL4jI7&gB*sL3R!O{-{^lF4E%?&YDqmV6U;G4cr)yP&f-?^aCL`CG7KW z>mi}k)GEZF}_360g2HeREPvQhtYnbE&V|zgJnN_0_)ab){Vw zJx@mLp1ilwLz?RtoQu8>^Y5I*1Ljfa{teB}(Wv^>o4Ch+XRD{~4Vvj?)9r^Ub!C=w z(kpDBY077np_O;mZZ>zyj~6HBwWH_-_;CESZq{0Wt1_jiFTqt$mZ28qCC}>;rSH!# z=dwy;Dih5)e#Ws~0&1M(-sZ8so!I?m?ksM``1tVh@Y}cqUD_wj0|MYhq12v27<$ zY}>YN+qP}nwmGr=blQDcel`yfgwUy2RJg<7oy(8Jsgtw z*Vrh>B1msc?+n#edM0=LJN%t;5~8xx#s2Y?A3VpcKLot3g*K6J_(U%D$F$11<-89zdW~b4irenxHe(7`l+2GOJ>6_ikQa%QEbeH6nWHb)b<*Fg#6xm0wR|=B1wS z-nVd!UFiy`=tExVmkM7K@W(lfLAz?|$smdcRZjw(*u$BgZ-5r!=E@N0+B(>Ea@`rc z0kNh-XVYV{hySLmGm8M93xxL@&L8<^C0-)D6vq4Y=o^TKKMYa?Jb;cxV3hwkg2Q)9 z8Zi<1sWVX@_$P`0=%=R%6N=Fc5z_2A!lOezq+J-7K0IOuIns7&F>kuXX*x@x!XlN6 zw)$(W0m1!aAtd?KEt}UT`PHG1@JQ`EjeGK~e!A_Tu{Ai&;6SZGww{snOKkvGBKu_W zx8-zWmY9`u>4pDYPD{~-rKASi8YleM`^@K=xjCFCX?*5`2)q~in8z(>qAiCcw2W&m z_8HASL<>b}M^xwWpy6NmY2dA((Ag{@&^ERCx`We zrxjW4{$Z6X0!9Z$lT@+2<66rOtw5a}Y4v&T%NPnVqOlWaRHeS>4qYsEr>AVRo4Fu& zriB0o%&Vb=j3eubWnv^#cPRsv-5rn>LHCmT6rhZ#PKHtOLx?#`J zBH|!-WYYE^aCreOf3tb`c)QtWtN3UsYyx!3#J!Ek*r7lkiy;d_iH5aD zNCIyI>3LRvUIdEnj8Wf}aayRW*;)+AC?GT>g{WZ?Q15ZMwp`%63 z-d)qX4i$73xyMdAcLoU6437<_mQ2~zj@YGE*NsYTASjL=(N1aw#UhTYdv-68UqCmM%;%0BS3iqkfq>NfxLeO|=uPw&y9 z^;EqzxD%LkC7V<&rCsxO7_ieRN@V-=7DOz?jAD0UUvgo?DjX5rJ7c*gKif4v*iefp zK<7L$aR)A%5@Rh|x`h2%{0xc$o}6p6CzYF><^XziXXr7cXYH?nt16zQlD9A#KMq0z zKxOLak&aoki7wN6;jO|->LM<%;;C9v8ywoe-7b!NlFB-1r~LV6#GPUwcw0U?9H)$T z@d%|V?mU?s&uxRjm8{mU70mkEfP+Fytc_2_dU9x(%wz$pdfnVvC7bvbB%#nf%2N6y z#k{nxH6!;Bb11Z+bZu>Cu^D{uq1x36x!)B~3lq$|8r)L?y$bL1WwC1?;T#yio)E*QTF-OC!d9sf$x2Nw{}901OCDa4@yD zBx|VkT;ax9On%KMf{z``{BybpP)6T^i}OzhOWz15*iInopwmtR@%tEF^7*kncn#KI zG`x@+okqjWU@ooXU|fndl_B7G?#kL`&u()M)t96 z>f0R$;ulx}CPTA1$ZFfO&p+k+o-5vyZ|}sDFW|eLWAP3r{T4LF)?=<06Y-<-Ij>3X z!&gU5K4A5d^9Hic&hwcA3Z6%CvsY?iP}{=lR$lH4Acw8bvo)YjVrUd}QI<%Cj85VY z+&)w1(kDG693Yv$YPqZ6w^RP&{Z^%DipX-q^X| zFTM@7zMFcU&vWg+S1L~4d+?9k_AkEg>%SM3-)FqzY*c-Xo)+D-jTG5bka~lU?w!L--OA-GA2gdipJe&b^4BQfO^Gy2sFe!SPd3K5Z2)7=9iAqWOf2Css z1o6O~ko72!B{LfJw07eHtA!*vc4_gDeOd-x)RtVi_F}V37kcbo_i+MsGw0Nu&J1$G z(!k*bYQQ~W!ivtzqov*#H1%Zpr)Y7gtlY3Edck9=@BK#)CtZu=(@x)2U&Hsae74h? z4}MUa=Xudbw{DX|pZW4tx0RHPxIcRy8`iUc0CL=2eojWJ2|_G;ai#^R#ESs2IWtrADrEsipL(MHux@JRhbuz4k#?qSeORfwqcSIE(mbg;bcd_oh%PB&s2zgrr58tyy4 zpEXumB6eF!^y0Glnr;CpUpuKg826Tv-(>QaTb?vh`v^eE>$ON3U^xMF_V7e^Qv%}nRQ;h^fVlG7(%BZ9F1!A!BF^uJEJ9YWkPl{MPCl40(!%sy5(hB zm*P<0j{N7{v;Ug=)BCwZ`>SNmRvNvx^E0RG^7HO%=4tz>;ln5L1o+`QN|`*Dl{-PT zcGDg|PYJK2@)kNP?iBNHdQtw7O@nFV%l-J>h??3Yx&*XIN=-2vduI?^@PI0!|L1Vn z?=+Pz;GkYAJ?!|UO4mry&Ue|z=2mlK$j9sQOgG?tJ{&&aZ158=LFo%btM$ON(Ky`L0UHp{{S;$W(3U*EuD^nECVm+sv=#S$;|gr-qwL!2v%IAMmI5CWTF5s(N;L8Wkiqo)2xg{k*{q};)U!`i{OCAobATXPbwR_YAyO_Km0IGzmWy;$8Oe*x znash^6QM9REM zX5lG7)PgYn7e*U_?8IQFy^_19tOX4D{}XcmHhUE`480~*LIR9%s;0w9(mk@qJ}RWr zcbQH2b*#VsN4%x}KjJOrN4yD151Ff$lAgj;3n=_foBRX>jKU*Y%)J)ZN(8x))yAK+ zSCoWP+g_sNQ^oSD_cq=^Eo*lx3LD;9xSH!ucEy@pw%AMA5J~aJ`d4T4cX=X;vJtw3 zIk>ep++Ot{g#H)2*s|^O##HLimG~zrHF6c?r|0s7khx!6i4xSmELEN|#}^MtYA@vD zI?xs=G!AkLUs89REYKxug+cFwSA<0J5cQM5MjpD9jEBv~@{PuRB7Wp7tTPLEmDXsk zu}~!GB)NSp7kctnH|8uIE_yq*Ek6?Tc49LEx=M8QPM?B*PhtS+!{}@K#t52Ji9`3p&3myw^9A^~2q}FIXWnv4(&5 z@H8#Kh-+ZK8fL+7s5VOZSRV}xtfFCM!czOk+_>1CZ0&ANPY-t|&%4W*ofPz#{VTq- z!;opd6h%LC7cc{|8nt;yM( z&8fLgP*u@3w#$D3%jX5UTVOoo!8b*F-cARS#mgfblj@f8=&BO$_8$17i8>ooJWl@K znn=XdO*jU$yMv?nzwo&tjm=*7XJ%>Gip@Rhl`E>8Mxx78D<^`xi=NI&fX9tx6F!^! z#S=eHy~cd$lSzeRdD~5@khv5(S>xHVLX2#lqsiIT)l(lx*Kwh%LwTjepB}<74awjh zor$FKa2G;$#jn+i6v%CuWaQNeNGw|(SP}1R*S6|=G94Cmb}NO0bX@6dgd{* zSWGWTek(0-onJc znQB-B${B^3Mg8TJM;YppsV1pEI4juSPveV=(v-(?_gr~jaKFkwsVy2_ReyJXcAl&{ z&mdPmo?Fkpy)={nE0Se{-zE7k&AjjxAUw#s<%djcfxRlFVV%3q-#4X=hO`FYHg<-1@(c}Mx3|+Bl1t`t<=R~{HH1g` zT+2RgAdwl7!zjyMYIplJzhrkSI?Q!>DY|WOzTfXw>*@5=bGE*DkGr!dW8$+w%-7t`C_Yx0f9=0{1z7J0l+{o?)F0n2jqy%z=S*Uwhj+O-OK5-4_}WKxuqDjf#jG=2r< zn|_Npq&~NL-J8 z&|Re0Lm*D-nOtDTUF=R3$wXxjal$Q}4$N=&@i>0(BW`aJaLJ~@||v=We; zm5+E=WZ*rfoA;6fb65-$0mVL%b_3);?blsfYr#Ww%)Y=}l9(pKFsS%DBZ;faO{hYN*10Mj^+d9UuHpS=d@#UCC(w$%@3wLx(308*<&U$?rkLW%)S(tr) zt5{=MUi+oBfBaAEUv$2k_GR%h4Sg}rU_}Jda0RHcTxA@?rmM!{UufmK47LeMU0)j^ z^}^p~aS0=_%TySN9=kqyjwHI%`9}ALAQ%c5zAH{NkLtGf$AEdSCkhv(4q`yuuCqNR zkS-?CaNyQir4nGFqgXQhoYn(u9Jj`)E*U*(Jc|1KsE2WIe4XbY5c~ISW*7BG#z|ni z5C6QJhaQ|-TxP%j@l=t#C&ZSWR4_elc-cCXBI)L* z!_&k`3H$en6{ZwYr2gQlIW*tN@%Q$h9}(kZdz1P7E}#8Q9{c^b=b69cNS!jkWV*p8 zTPa&RY6{n8qT~j|e1ik6xk>LBu#PXPRUs=iZbFIe`(gePO^@=p19}rpBBm;}Mn7zM z7k%RZRpuwA1NyS*q*p$ zSvOd9dkKCmg{CBA=pw?U=X#hyk!Q}AS$H|w_m#1PQvxXb?a6ybpnf|xvBQ&Rsu(V=n_I4?02`JV+A)Y!twl%QHP_>NF07~`3G7zmD8XDo= z+2U#Aokx71(_sp%dvT0^mI2lhV>Hon4++SU3RF%24jS0Cb3#>_+Xwn+{%4;Kts7)G z#3v%By^!<#5i)z|xA`MeMGJi_Rwwr9pkYnjlKP#c4tSxllZ&sMJ8A9lVDFrMAEVKB zn0Cez!|#iVs7x$cHAvFDjeFXG^`wR4@QAkxK0%7?6qDrCG$(5HWd3a~yGvnt`7RkE zW-wT#2Pw+jo+0tTggS>ucO0D8@w(6K&p^rK00<{PjF+ z^}Ix?i>b)8V+M2S_G*Nc>t(6-&A8%-i_FWf{=0v1%y~ujdvxg;6~Z(NTt?EbQQ+)Lf_0!35bX9 z@pk4xv{|dZ*~t5TWN*N`4kM}(>p|5BJpIVmj$2cg*7grwlHIlWr-xbX{>w(3ZV`jp zJi>aryM}hl{=MZ%e{5zg+2P4Ci}quS)iI^_Sp4#s)>fxf@;p;gaEeFd;@*0l5p@%f zIyQP=&%edu@H>$t_17E4ozJyy&%bZ(Rqj=vxjt&od6x+*}j9n(mV_2Jyc{qxsOGv-z_+UF1O6rF+><&$;tZ zUqx`>y7ROua4A9kLyBUd#*kuUJOi^xsF?ENT$Ccr@T!B$y*GuRfb2-P3^>zP$R@8z z&3e0$zec^o-n0r2o4Sx*IK?$w%=oC>Ub}_A6k0EbPaa>WgpmOK?WxrmVfv=%zt zfIfOm4jMc&vZXNf@CT~|N4D&dDwKsmz;BTBVoY3Q8pxXqwW-Gg{N20;dY#}3Ax2~Y zlgJlN5o+h}p0#~Dv;ZI*U%#PJ3D~dtTpXlUnF!_Gh1M?|k^MZ3Z@tuy5V5jpj z@?qE_-UGxGxF?+adl(Ulml zBR|T?jZ3(yazydkbPuw7h8Zb_OSs;*VE28NgR5}={c(8naw%?u%`Ju#b^m>IHPNNw zQS{n#Z*Fq^pGo09=Nlc&PgNE)%frd}cE^Sf=|iRD9>lZ4IXn^!h*$vNCnK6P0LMq~ zA30$b69n7?t_o%Fh#^JfOOOFQ7ymzq*xY(CQwDw%%oEPP{~tcA`~UD^-@4BT3R4e| zhBb8kcQ2_!p(FVu#1n%QDtnn?taZC&PEMX%^x;KZd?QiMdn~2cWFbGl{)5Ag;KZF7 zmpF*)1s2C{*ZQG57!F<&2+xzD`Xl{a_=Su)Ep`3Sdn6P~EJaQE?1}&-1?a~@12~yCAk7YYKN1e*Dr@Onu!w1qYQ=8XS71fF2059HH6qT4K%0>q{OHWqE zuyIFjzqA=2v(}?wllM~*iuCOT$EAE>D@iOv;4KKv_c2P!q@BA+Iz&p#Pe|rv+NgaCowL3 zFRwTRN}&+WL~x`*wjBwwgaKxLm=Zo_t22Sl#8nS%Uyt%2AKx65eA<5SFM47ufK~+* z%e|U^E(NI+CUFD)i;P$VqHQ{id{qZ~pv0=_(;CXGz2^{^%dPw6FLZB19ZsUdc5-7v z{ZSG}cou>G7Ff*?f_*V~jR46`qTU-X6O(1f#T=l36f zeptCvTnuvZVEK_$#R<5%>Bs}GODZXBpXU|8t^rt({_IR9^xQf%q$i=p)ub_Bsk_TEf6WbKwJXSL*JYl7q;+I;orbTaLr2byt%U3=#wiIJ#u*`@Oz+2ta-6MlJA)3A{ zYYO&vDUanXCV`!#Pt^b}(t8cYZqM}t^wZsLyRMvT_|dM^&_}3t!?jd)kCB#?bMJ0} zMuDV&3Q?!QHgkL^`XqaX6)0R3kR!G&mi3R>DLmvO5bgu{xfG1T;v<;!e-N$r@OdTT~L)x+2 zurUwZ^6o&VCSx)VCqDEB$H+A2rVC0mz=YM%!T{fnYSNeVI6#OP`lVmS2~ggdQf|en zMfW{U|s{kACih?AE&YC%i44#*fTAg4ob zU2aWsnF{w_5E$9M+z0CwGbhr=QVbV}gYpV68sMww=$}XWB|x3PCV(oO!EI{~dmu$? zEf9>Zd4sIE<8$|rag;zi1s;{L{m+x2QL5+FHX(#2rbtFEnJ~oOD0ZTS8r;|x8}_i# z`-t|RLwXKtvHc_Ep0Wc8U!{#G6`WL!i9YyzkRO6BI1c%51)(}QN8L?@T+VA??p>ZL<%ea)6VpPNPu0%j_RRfw!&BW>1pVk7^Mk^Z*s36bibekq)i zn~w)Ym{Fpyjwq@uKP#c-d`KpMEaql;BFJ(ths!Q~>MbrW|M@J|QgTRoDtYj%d;z_q zV_6$+u0hcz+eq{@CGgY%> zM7FE`jHoSlmewoOpHY^PP4xsCDlV;fen~Rfi(}@SnM<%O?z6D1cuPr`?@=TgPMXMt z!d2F!g3rR7AF{20X%K*N!~Vrb6A6!=Mx5*5fAvJb6V z6^0jhr$4aWLDzFNd=mp|U`>LqAxr1-ydR@U{UJK$^c_m-pL>O?2Fa&R2}6n_fCjCW zS0fI*?7R6$I`}`#2^wcH6aO>-e6EeIr|Myf&v9h)xBJw*jD)wi(UlI}TzB3+?<55B zAD5GZ4KfFjjjqS}Ye@%DjTP7Z0dA8<3)OHSN2El$Z#tlDoGmA)E+?USysfvPtAfXeh6lmO38#g9bUy7sLh_-R(^4rGlugXWWk*(pAgpb>hnb3o z$cheTb@05B8>n1Tw2ON#r}v4#0cZO^>^2}0B94XHg>LT33$>z@+Ntgsq>;>2i^97K z8nFSe&f6j80diozh)jHh8Vw@=YeSRMRC;8*S5(;f^sd59>1oZQRA3>f3Xx?=J_*rZ zI!4Q#c%&j*!(20J9Pa>!cgL&NJ}AwIr85foBrFb?7)REH`0=g5=czU1ATI-xX6xW+ zLkIQMBlyBzchg%itaba1Kc?I8Ue>cmeSKH=p16I*#0cEDardDIp^+!PMce=8zTuK$ zXPbatsmTW;-BFRF3lo#J_o*B+8AiVW+&buIP-!ah@JqAjaV6FQy1$>=vKW&#SH&ry z(^}52YzSRQ@!rPZ*rqGka;BQqF)22!{89u3Oi6wrNg8$18g9Bl;=S^8kl`z&I3dmz z=@y9LK}y@63%9KPuEj^z3QShu@DF`r6`72Btxk{jbt91!I=~-WAj}x0gR)F(LY~*> zmN;!CDhk7YbmTk7Zzr;4hQBIpCdr>NVdq$ER7y|~3@J~KopSYacHfuogW{giR;*BpkitazSVGKx^%#YM9zu_A1%!#-kHT7GZhT6B_E9N>eoP# z5B;m@MJ_iFwQhV);o}c_@K8;Nzw93!dP52CyYk&vCn*D6GRYZ2u1w`T3D1G>KuoO< zIVKF`KkO(1LTMi{oWJ-2Oo%ULxIoNru$I>jR?C4$ZODT&Gb1Qd`y38FA6mpOtg7AO zp7)0k0IRmN_?pqEwA?zk@z3G7OPV%Gxv1etgQl#|G3NuJI!E#(JV?EiRHY}S$!}vV z>|`*i&7FvrNQdZ8TW2{S%bwOzxKLh?#h_8exPWPn0p)v_8bL?emY$4M5=>OPcK{SG>XGTQ;ss zXC+3XzZdX{;s*1`vy$i<3GrkQwcwv)LsgDv4SAKnmK$^Lx;TDt+>Q~(lXFA0R#M<^ zC{>32Pp2;kZ&4{U z--vH$ev6;SJK>AoFMoNuYiCOmUM50D?6+YFXyUObG%)K1;gC_ag)l={Q$BK6iu|nO zD<(Buov=1n<48XKL!I@lC}XlnZg2-duP;>{R5*a|W*SZypQvHpyX43;wDISxwq}b1 z-=yq=YQF9Zjbiq;&f{T0c1y>6dWq_}?V{eybv!LG&zW9q?smLn9-@*|w8c+gY4oSC zP(B|w-GS4>I+8q7;^oMgWu;j(mD{;J2ulHe{HXP`6;)4WdpRYJws#s*La-8WcygJp z=)xI9Mc{bd58k0jC7JNz1!WZ)OHbCtS5ya<{Gth+>!K$(HO`976&Zn+PQF5rGSa z{>2#fwp3dpvdJ2WuP=Ty!8pnmJ&FHn1Odm;Ri`i{X~)b8{T6Z21$SG2?)KDPi9FpPd`;EKgF&Ae62amDdF<{3NMT zRB*I1(C?@OMgQEF3us%##|l6HH>;p+6&)|UQjp{ZpsZn$6diCkRrT2zwBQ+`JnX{$ zB@cX6xz%H}w?f4+&6wXKe}#T3rZi#Yq@TmX+}>wFs!gE3k@ zJ+fh!j%QNe?}d%T6kkQle1*c1elJWMy#vVNxHDIen&uEsE9ZSkPY!Z_$(5LqlbBT%?;QLC4j5&oM zn4i+WgF>F6mth)@O^Z=z8ggUbGg5O1ad8dJ6}oZLl3}B1&gUa${Dvjj&ujO@WpF~N ziZ`wVXxueW;DHD3geyC+lTfbK5J8^>$AWKJi#l;MwoS0T%)xOiL*9syrMozT z($G1nECRi9vG$KHe$Nd4`NkC{c(XhnYFp2rTTOuUKJm#2e4vo@LGM{r%?^ zV)j!X&5&-IM%C20(F0S0~>W~Sv-x>|CrPY_mQo?G;PZrywjrWfVXkZ&R7wI z$`-6B-Kgq`d;Rt>K%wMQeSI!}F8(juY})*;X)tA{-8!wd04PUP2}Nj$U_T_`9xXHx z7a1Ds0w0IPgSE`A8NP#4eUi%Rekb~AuZ}l@t;J8Br}1HA$5HG``}~3G0XAgjLUU$n zcU^rLlugEQrybNj2%qQRm8Eem;#UHu=f@bca9x@L3{=9*tqB1aP zAv|T=_q{AEp<%uZ1gy$%*yInioSwr{QU&ZvTV$d*>(C@3D=`JJcfx4VOa!DQX?_I` zg;$QKS-fZo6HW^#wE!*|Z5RGSSqnm~W!(DM>zFLE3dE#kZIujK zG9kYJCEJ26&J5&~4By2iq$MFO8QY#TYSzT^2WaW2)XcZMg1BhPM9qA?ekyBeUP~5y@)1-i7*jBeTGYRdTNKVkL5~^}!;O!#WJT^V*yZ`e=0#sw(g#t?U%p z-aqyKF85Mhu|Zz9qq3;yraEpsSUccgSi8=lx3QZkdIq+yDIn4 zsH_ZRvO(5v1u;#fKFylazJqYL^YPbWc)AC0PRROrqX%$)$xoi*^890*pm{+N589u- zQRL#AXH3}9=|29qHvnMKvtZY~^m2U@Hk5l&xp)gU_kSm?|2vuGZanOMWyyP%(@1ls z1A39$Xllct_bjcF>cG(T{JA2&ZW!}!fEdsJY^%%DxY+%wy!Se*koi>Q|B%;g(V$n_ z{phxMdB?#Dx7xyDkDhC+SnFj0=iHcY41Uw?Seg-XZIR{B0T#F;?@NDz8Esv6QuJa= z8tW}y{2YF-&+MZ?V_ZhQ`)olv2vgj05q=*%Gs%0t9773Eu5w%Dec6>aqpo zL;75ZP4K0zxIpy2_oVx!+<~}E`}c^)_mf6+>IaRWOglBq|DBv`%)i^iVZIFix$=bH zcX#9Cv{;D)gtWvDq-?vcPvF~>*=&r-rvwS6%0JZt10ITg+&BdcB2Z5P`vD*T);NaU zgjMB}mPRYwMp@h>Wz)4Vzk(o=qqYudezv)SqNp8YFDl z<1|kWL690z6_Qlv4c3MC)Qw9g1p>1uTLXL1zSr7B)BTxOx@Lx&XNKCo4R&$Uyk^a>ue*4K=X@7gHzUBkT0-JuLeeV^-juN z(KgU%u@XpZm1VgNjzSONZ_%0cmpV^VZ=lJ}?=E%dC|je4K2$MVy_?>oK9B{7$@BGH zJ9vMRx_^aGvWB3z^oIPWmZJ(DfQ5mK`ss@~h=!EKCB81tp2r1i*Urj&cRbsGXo<^k zu6S*&lXOx^&YGdS4t~+&=RwattkZ6#synPrjvpHyDV^hV$f{KpqxEbEv^)}!)C|WP zELR^m4rP~TKO4;W6?2l)v_TJm{tBW?p0x`HG0Rl)ipFUsAXl0-%~-zslV$3Y&20rpm(jIMC3~YC*ZR={)5Y^kk>I$J zH>Q78|BeBfCstA#Bq-xa#u=M!mM6m&T1jjv!{_D(?wxL2 z;3T(E6Vnv8$%n8N>hxqtR6C914?sV`!w)!G(+m zV$eq0;Cm~MuoOterSnTc5^Eo}z|}nQ2CVOYZrXQU%X=fYS=GY5HC4jRyg}r`;+=bg z^F##~ZwiPiovx9-S#*N};8_pn}jmLViMY|K2eFdPQDx)P`Q~3L7hzWb_6R zh57h^m+{K(ATdsz=eDo@!X^k9%RoqK2dNb()K)gZW)XPH0JK*5b9AyQ=D^)8AV_0~ z+Fa&&Y}p%YIk1Mp%S((pt@U{20Cfk}Sbz3;Y>EovDv17L>l<)~LgwO0{F?XF_?|XBeudmwlFtJ+=Rt2FUXjsS|b4%*xv$2Vv-6;|KUY+x#qZ4q8qiKT8k}nx^j0}i_8+F!@6k5mae_7f75)X0riUEHM42ls?r^I0xRUV?U zI8k9yVm8xd=YiFpQcYrVbuU^hx;!Bmz2epslI4$S~CU!JF6eW$R4$~=~z@kNb`GZx39 z2YgV(YCqp)oFqO|0&kwvv?sP(_A%HL*Bq~X|K}R3?-d&iPmo$DUcu7(xc_k}FP=d; zH4TEOzgw1z^7(}N_&AkMi#+xsd-G`40EjH41H=|*narvPP!S!2fq93nzt{FNSdw}< z|BQamHX0x}nQv7)dC-2GC9t`U4l|I3l02WJLkv8($t4W5#$N2aSlq@gc(O^+4VFP=dX{?c#m@16KOg{`~8TO(H*NpN_Ogq`o`ucTQX5l$TuK_xld_^?| zAB{Exx!Sp~>0d-_Gm4<{&fjrdfxc315SKU`i-x8J3p}&4eZmanKhh}DcBYtO2Cn9% zfLwm)wirQda90U{`y$;&0tL*_o-Tdy90@)LZ3co=7}F|mC>vn_WpN*YV%JITZ%k3e zq8-sl*`=&pIXgOXVp8#=(B+M~u_1kHxEkVd>nxd(Qda-1u%eau6Fjn&NlKqVWt zXfgy7YK|cR&A(S&O5$R9Uk;Eku5A5+)T5HP!8udEXJG^;i$VhU$=qz@(yz%Nm(M=% zvT8$d^L^?tvunVu&=G}&3fL50jq_r(h`gM~*j^j?Vl&&G=#shz%mKhCjQSELUy9Sd zoPAspir7ZK%usZl-=wZG|3DiOKXj?DT)bu=K*L9kn}Bzn;t>FJbKSN07pjGY5pwUJfN5yl`^3 zx!fKjbp=3Y%H@$G)J_ZJOog=&YZQW1O9x9q!KhfIx!C~_uyhwRci%?(H^m*;Z^e-0 z|3%=D=)3p>X(rhwU63u674!W&r6E+A=Erc}AX;eODs>)Tq(5R=o4c{J#i_RK6VAO{ zc+O8@=t8XuXMHOt6e_@DXKC9Oo)2btEZ~7hdMaj$t%xD!NLc9e^gD$j#aPdhIT;Q4 z<5};^yTgz9d2xCvd!t|4y^1*RcOJpo_m&34h)HdhfBsjhgQH%ZyG(;x#B1Z`2zg;pW7Lo^k zBX8p7?3!J>=ddwCsc!;W7B8;DsP~<`q9Y4txMeu^uGI5{Zj)%ySHB?8hma5Kui^Lk zs!akxYi0m~UTQ5l=i}NX4siB@LYd$OKGAG(^)ld651k8AGxlw@hYobkdV}Z+9Rajt zNY==8jZJ=d^HniiB8h?X@u1b^2chi}B;_v|y^2X|QsCi&i2A|lD_k5P#u15RE*yAM zf5xSlI=~BjH7yVV(GTI~#a7dx6kz!3(op%&B^W#LA}=TB@JLSCa*5CP3EJu)<42BA zhog+^ej{ab9hL#f<28Bm4(QIy|0&Az_~%HAna()#6Tu8@4gs!@)EpA`$_ag*zhxT@ zWpttn5t&{M6+=e@3JJN*#}TZ|sSM$r*PJz%!;}vVV7)lIHoij3>s|4aOeFd=U54@2 zOrU{$w)UHYYoH3z+^zJ#peb6bxH;PF)m@@AxoqZ^DeQdG!4KZ8ppe>Pt;Wpn~wTCwJ1-=a!Gz@Afx zf?*<|g^*6f@(UFd%W+hTb!|mPPQUF%VT?O>gQ7yHMJ|9&8-Q}f1q0cqavT`b**@eSAZ8DV~S39}v`>^q6H-UL(-80Al<1Ez96Kpc{ z7o2MIVx-or>078}Pk$2$`d?0~>29=SbD_uykx)cql^KhJg!hLMzO%~IBrDqnVzo-A zg{DokVz?UXnG0r6I37Zv#MucSu4n9ayErscl_ZuI(Gp^sRlm%>6TLmsH61yGM8BA`VPD{L;Se8TQj3pL#53*^+MsPie?}tDE=OZ8Q9L)G z9qLJ=u*@?stP66G7z(CsKB}5JGE1|GeyFNKmGCOS))9*QwE>x;0kyi*1aINT*M;nu zW_7I4rK%U3Bh{i_N2$dD@Lj_6qV`=c5z-`$JePwIX(j0=)gys;`wZnj-+pTH;5;S0 z#x%XW_-k~}Zi`gqQ%J;sjGE!c@A#DJI<8{CABN8&pQu@`DP-8!th%LI^C`pUnK-YY@lzI4#*VPH1j@Y z6*V3;$eRlykMc2HNnw5q+08FGs6S4iDmjaYx_Yp8kRIy#!l2ksRP(pP{0iu4g}imy z--WNtp-)1rh1`|^$I)_>GD`io&4DvV@6r8$>8DJSQ@T6enWiJ82r)YuREM$>hX=S5 zi1c5l%QaU$WPO|CnBuZ|xOjqK-tdFvkb1n%Slkwb?r$m2J z|5r&}*Abz&3VSGQMK#h+A*rhX-&WmH;1*6iQ<+a|yum=8Y@D7%0(4Qm%GmEXnGfut z?llVYfh-APfrFoxfeMcDl-nJWwB~Q)^40dcp6~Y_yi9^!vUGcm2iylx_|E-45d3RZ>6P?wN#zX(P%_mDZJEh4m+Jbx-^*7`~;wJud&dh z2mk(3N4%U|F<2Z6?mY9W)9HiPa*gL8PLrcTh+0i>;Q7Qu6D-h>kU%mXcBT8KHltbx zCA7fuOQn`oWy)s6lg8rpPIfLs& zw5`=*15{PSX)u9{Q#8Bu8InYC>qI$GAeKmyN0>>49#P_Z4*CEI`EZ6Rt6ej77OBK_yR7j{rebpr zb|Kd;JJymL91}KW0i8;br$(LV!|#+n?4xt7_N+Vz;4m}qj7y^rhatgSsoD{qF%Cx{ z8;SL|4*GXlfar`V6r) z4&jm=d+Z@6Bl^YY-%Hh}K4y_!ru#crGJ$e{q6zrHj?^QeG*4&5pF2R)E6domx`uNg z!uS{m^mpP}rY|VSOiWldbE%(m1j{$sMya*0QiC{gag>|*OQ`{AL|kct*i}^CvkSg0 zuw=rHkV1fcc-jTn&gvX?Wc@gzzI4l7bN6P%;=n^6 zC10-Oit9i7>d(F&u<|K;#z)#gQ+!2GdKi}+6Pb*Q^kg}qi>CK7)TtdD_XTs~7df5I zD;5ayTP&RmWp#d!-K%RXEkc(~LmbheB3oywjbqGl5D}@PE>bTnV(1cN%w-yIRfz?O z-!-yM0CZx60Kx;Qi&RoJ$}YnG1QU#?xVsviKn3zDj+jugTRV=%pGttn&M#aowGY2 z!62#POrojZQjMZ(9 zYOxUNIn#*_I++F29vAA*-o?Iq|Li_KU3B#Y^zx)oaK}IuHy`>0=#J(3!wAa2XF-Djt)pFB6VH*z?o`DH;z{?h&*i_ohCn zOC}deX$laH1o20bK`~DvduFcQy!$Dg-UBtgtyKex19%DzLW60(oVGR$eYs&p2#&`(!OVFac7T44A4E*38K zh&tP8t_K!sp_)0I|B1RJ5JalzaL(y?5~07iES&#Ma`jX6J!jZ++0;pFZqzm3b(Khh z=`i1+HMeMuZM%d z_4T!bVTcanm zWH_C3LNc8vZ$GKjM;G}x7{_=_(3s5#hjarQ`W**e2M#p#*;IiX=TH9wJ}Qx08{W#U z9)N^}(B69b*xlXTeg5<*{C9VEH~-(g-Ti|w6L(KO*40_*5=fVN%=r8e9S0+hMZ{z9r8@{2sd1>Kos=3K98xXo z4$*ACgTpZSbKlu}>g;vA^v!`obcBA={-~wO<;H}kVdM_f2bDe>Qx^?MbWKQLV#M0H zmaf4?=Aw|4q)IP>s2a|-#&$XrHYJD1m@U>xWrwH%oDLfK|>&1fEyL!{m3&MdcLcg>OypIiKt$$#r?XDxj+ z$p78_=g;%<|KR!42l;;+pDmOc%^5MYh0af3|94;8I{jmn>Q4zjL`SDbul@;EBbeXW zAf5b1UAwXk$ydjNSFd%HNIG62XD+-I@5u81TU^o5cph+K)Y;nV*nb;2r(%5%B5G}) zvi)x~m>7Iclb@U@Tvi&?@Bh91XU}%C`+t9T@5PIU{eK&uKmHgz=~Re-HUi+u;Oo~; zN4A1ybb1I!tkRd2CdSLDoLqN84pCaHb4DP?7K77>?9?|4TB7sEABYC7AA1CK6{e6hGR8Id_l6UDt=j{RaGO? zs-EwfxsO=Ld^Vo{NEVoSt5UiE_IEJLt*19rRgD+fU!t4zmO(aQ+}thfHjxQ}-b#)h z^|e3>px7dhz+D5Pihq=p`>P^ zOtyA`dbyVMw;g`9G0Et zbe$djFVyRy8x+t$8c=9&H!G&KKnqxew#hV%=GGGT@mTy;5~l=-Ap>Pfe?|+*?fFgQdJaMVPUh|HmuB)Q10eQG|>8D*bX% zb$9CSJA3=K7E-H=s1gCSq?T(foN`@mSTMEKXm`dB6^iR#Fhs4s`i2>zg$i1m_PHJB zU-h&G-{113*5~?Lda23tzw0<})u$o;@8U3le_Q$lpdtSM?D_7~eEk2}-u^@U|295% z7XPWr1kD_tNsMr)cl#t+NykL$TgzN;2l#&Qn_9-)f?)y!)0jW!JdP zsnVq1#UyC}t(FsHN>@yd(b2kC%}-VfNvRe^jDK@C3|rpuf2`bbnbuj0vU-@c+g9;s z-ygk7Ut4dvtN0MR3&@+*%_7xd98DP45Y`J#VO{n0P35bz*KH@z<=z7Gw>s*D-ZS$BQY_)p2&EQqiVXoN>`#Dt4| z!duSjB*Y6C?gxubr;bJUG8$IS+ZfQS5Y{Jh=dD4h=`A5PlW#ON4zk zek{RFYi9phGt>QJd-id+{~y2fo_zd&Uw?V>_3NW9+RjW5 zxVn!7yzYdHT^fYB@5{rXe${m+B_r!R8%KVKZYc=mAqdmEqIJpYBh zE+(ACQovn(`2~<@06$xbiy=|voKELwfyd+!w$!5;_NfOt^^NRc zcNZPLETnLxg@nFYmYoUDQ=*x5+l}re6oj_lEjN3*J65H68R5RS45*X^l)PH1ZP%4ZkBry?(L_SdT{Nngx#|6iqn0 zHY!Q>YjWE9@D`Q&SK8kx2Fxj4sM;oMn$pxs$xjtzkp9YO0I9CUS+EnOaNw2HH{Q3S zpHz2_#m^cks&C~VJc2RmIX!%dx}O4rL3WPboSnTpQxI{mA2p)0dEbJ=ETsE4x5+Iq zDW_ZA=}T?VWxniw3Q+!&KKVyxB+!rYa$p*9 zNvCXPiWM3128}TFE!O?kOr-zOp9cF6-X+_x{rBQUiT!u*aR2{SKDTcFS#cKi0E>S6 z4xZvGF+Vg1!hg~nbold(vBEM0jjFoOUd|Jn>QIGO8BL zm`%QVk;s=7HTqRqiq^kncj-tyIwm5rhhq`^5_SJ~PS@Bpzbt8}gz8-9SxSm3srzR! z__L7z*Ugp9ubnm0%(x06sA3PQ`Ndmo6Qa~x=QTjtqGMq9WQEj2ALs;LZ`n?v(hmV{ zGRxP~T(-UUcYWXA9k;V_gdoB7rOT-9vD8RlA~ zt$aJ_EfkxpvVUbR73n$6aJK#>yx;RsCca81f{xI(eKW~wxCiW*=ZeGJOl5|0gW`bx zW^QFE=sp1N$PFhmn)OKmGQ)nX-n-V(6zTF9JFjM|7v#g*H+;_VZ`kA|<7wXN`d8z; zOFe4-omp>FqWS`XUfI%ew<0DArz}zE>j06OnrvvOtM`*N%jWdGx28?D_=sAKW|6IW z*D~v2QSP<;RNjI)LE5Il7@px)Uvr{fqaK8u7zlJ4j2QY08e!ibV)sg@LqB*9F9E=< zv!7<>sA(~G2D<1XN5ST{k(RUknbsrt;R27_I1_^>>HsWM81f~!vTp&;eM$pQ4Ai;s zVCb{qVEvy* z%00TY<|^Zz7(O|CsgJ@d3MP(#=fMAWld8^JcnTr?lLq#mr$BGLgMl3N6zx&MZ}t8| zrT^a)|Iw-CD+PcW;y+KHy(q+go;`iI|9LB)+rR($5B-oMyg4KplmyaTRqxBE4`%rK zd_65Ru9kryqjTCt>;hfxXZlMh}4^*G>FKU6pp%H%Zankxh~+DVfC{~`7lBwaW(3a zq6&+X=qD@R>hNVlPEpzAn$qM_#?dzUEz@|}HH==dRP~(+)q%D0${w*My(a!FYQ)L>YL6mK+m;N^L8IGPm z&Hrw?16D0|cq3V?#AK_Fd!4Gxu82!RRp((zIUr4>i+M=Y6OP#g)Mmk8a(_;BD_vzw zHnD86n#E|_C8_`4Eu0)z$c}^OZtBzC)Z{Fe)22y#DEPi}zpy!h!H33wa3BP-Amb*1qI&t|F@Yhji2#Msq4 zXJnMV6k+!!B^A8w7|V4V=t&-IB@5cOn`vHL+4fu2v{VB`M5*&)wN&B07&&bbUhlos z^lGwHl&G3u@gtd|Ow--`M7Vw|-4t~c&ZU@dRjr|T7KAABMIXCU((T#e?VC>hgHMC~ zuW_I@dj9)#?`i)1pBD#v59hzP^0|Hc-!kTNujG~qAkBcLWD0j!3T~(>6|uB%{|K&Pyuk8<7d^Du3OSdQ}yxc=TC?QKEFRN_tMBSWby7 zO&yP7sB=m{gjEF zS-R5l>EdN;n03o6TVc6Mn@paK%45*iB?e^8rJu6TT+-<@j^G6^FhJAygcTr%BSPXj zLSq@)*o4v)5HmMhphlWxVGZj9iiMV%mnNML1bL7pdW{2kkkn@^L~KSlQjM8sJXL^R zr#?>2W2VVC1r1z+X!IE1uja_7SHw2~5#!r)g0JkiKX;7(FLn@#T&MF-c1>o4@2H08 zRGN8uTyjX)oa(nxb3)g;*up!iq{^oxQ@JKn5@8QVSWlf^nQG6zY=+k%P7&;7v>j6S zYKha02GG(Tx`7z?zwp#Am6vJ**9p>|>2g&ezqqjOLFitNeXWveQK|FI+PDv&>Q96H zub5&r^S{ylf3drlxBvH^?>^Z7xAD34{LeRELU?&Q_Z+%9&Z<-^ws7jFMKly5)CDnQ z^tLSdZbmq#9+A?K$AOEUAHYB9^gJGo=oi%OS3O0PaRP75qwZh3sQbCQJW)8AxKZr;bM#w`eYvil zv{QgsN18U!I+TxOA9Ca(x$r62l-Q>-Y1B}Kt>E2c^KLs8Xj@O!>yvX?7EVG!;`W@* z@hJPScyguHntPfaaKOC7rByk2J=*#?mjw%fM8hZM$Ani*naTpK=G_hXWaBF_G z#+giqY9*_4ld)#LU3h?bF3hy1`dx(C>P`MeCRC?XByi{Vk{7E(sfrs@@+`(QE{N<# zA4R6+^t~Kyfx;i}wI^%1CttXAQeDlM?9F0zTC-znORZtsB-4}as_oV(HJ#JJm;Ji( zRw`|E-COF&_t~|5s}5LEgi>3mYmQ7!k4F@U#WeOK+D{8vZY81ta@lkUx6jOT+s#TD z+9}b@Hr=W(Tj0Srt7~aosmK5nLEkvEuLC|7=@hk9A7ymrmb=2kOZSx1tMdYN<4$j( zsaVneYq0;-wc(BC|Lnauc>1)E|8wy0{`0MTZr%P*(ti|dX|-9SHw_DBRHaF%IoJ2w z%Z?qhWu!_4sU&5Q+D~27oz9bg)+PAln(CuBnJ)&(-Sc;$!eCK3GIBH~+-Ic#nR_BM(|e}jM!mW0%-E~w-O)`CuA_iG#F$b1>Z8%tA1fl3(H~O z;ZNsLy(O+g#Qt1r_G^MBcqWOM5sv-*j0!3FZP4dUXES9vv|zwAtA$L?Qet(LOi-rj zmwEl84V_}W1y!p#2gq}MYFj~GcOmbnmplFmYzxbbx$F$5)by(?Y7aD>0YiSdsgRdC zS7hEw=v-MZ@GK*9)N?pj1g`#d9|X&72$m}{FNXs;vEog#kdYTqwRwAAr7z_6)e}&M zFVzFjnQdFLYqBq074}WGMlX}?U2IYI_!ftu$*rKnR)E44QRc4J)T>>fm2jaK5l z&puC;$Isa-!PMFB_E6U+!8n?9(cUhsA(LweIb>N6KJ)L|-Ivf<&w>yp0Bqj3iSa`=RZ|rf6um-7fJ@@!`wG45lTCV zIO9WUf{EY!WQMyA`apdj!8zZEauF%q9}*F+6TEtnS(D4Y& z{D>*G-$CMvh6*J~7?(RB*OIMZcJdlZ&-E1zzkmLe1a6Ctp(DFzIg%X|Fk9(BU`}I$ z4Y454pCS^td>%$-JIFr&59BGV(j{a%h$Ie(J%AA6EY{~5W)I0t!MFz)KN_(SB9Nmv zaN){7*U7jzFDj*E*pr%9NylUY3nD;C|Lx-u!X@%S_64Jg138N1%*AYM!@7@!u9`~st#>%RMJffLkW@uc4^ud79v4dLXWS=ytbRj;5;g^0ULsfJPW1r&MbnOO5*i8 z2<0HBG`}^~2+gU{(W4 zJC?Mi!)vsyiaI^9Ivyn>JA8?{U6f#^Xu+5JI+e5ecY%{1Oi|OYRuNYDy-?`&Ar=V*l!Hg}Bex`?3vGNs^SCqD{^p?Y`wdicAu9C*HKr1=i1QOt(PrNKL zklEHR?Y&%e$^4PIRdH$wi99rBIo}&^!7PVC#e`+)nqhRU5tTh|oGx5pD1dLb6u4)R zs(x`P-j^UlD#Xq5fmn{{x)46A$5JX)vfu!YHnww%e;)CKl5L+|6OOi}raJP&2}XOp zp8E47o)S)7wAVx1aTpd$-DsH1&)up$1LcKFX+aZIRUl*X@8!m+IN zy!r&0kPdU0DV0YBvn=q!A(}mj4ack9Oqai98mzmX6$>IPGYfDHviEbPEZ9LzI(pYs zzzr;cXrxhyl|5(71nq#fh*>DjxoD(9_w!ySv1+L~ohylZPooMpQ5CJ+bu?i?FS^mX zHLITl50jVXyVjSRHMVj|*miH*6=s(GT8bWWrHz%hD4gsv7u(4e$VfLWLCW^Cv{hzF zlLeWO{i*pD?6r>QU=(sPqbwFh-wE4JxM;K4RmrB!erLOPLGEs1ZbNO3kJrn?MPK2b zysz-Bf12_?BF6EUY!v@xZ~w)9A^&54?;-!=Ha>TS|7+uKohv3oaOb~Nuxc)JWr6hK zc>>SwlJe77t3V1YTAvY_>ne>x=^tQ>aPVg}?qq(n&0UQkm_O0efPsZ-8I-rouP^H> z)gF?A&@9%{KW&rWAQ2!_B#-=Nw5(l5fu4Noe(HAf@r#yqm8VlavPxq`Yfl-Pb7G26hddbXqScC_d z&&?Ox=?_fZdo9VG@BZ;e7i~xE|0h_WEA}!GdPglsM&L)GkG5SL$=W&>?2&Uud>qjk zIfwH7uU`{)t(%6Qx;?b5FZ!x^%+%`Y-g?=q`Q;HXISAc>4fb0McI6{yGZXr*PK6mf z>AZzeVil)UPYfk*R28||yh$V1%-jQabQ>WjF7d!d0r%NLQcm6Ia9)!L{onY=B_Wd9sH}+&M+Ves1zlkih=j4f69V7w`FKOj1)XWq`(>G zOO58M=Q>lg7-e4w@it+RWG@<4OD~3_8+{2KIxIn=fbR=evA=C|r9uCzQ^n2R|9!Sw zeE((t!T-CR&#mi!1?EQs^*Sj)X+;c;Nt9;6=tyj}@KRi2IM< z-+bBfzFbAemJ;SB>$`l+(BB1n6U^RYZUAk_myq!YNeN;a`1)KW=hC?orX5q7FP(~d?Lw$yR6)cca{AKqKh!s1sgu(#)D)sb@$)@VVs~~w*_g@r5RI?w7K8^`W4ljp{QduGly2LTIOI4F|JGMlMC2F zkOA(afCYVBx(&-!r&i@sxv$84FUyCJz`ZCZX8Oxt0MO(^+F{I@vVG4~=yjKd37G(aKC;Hd5(@#H${6RY)T{5aMuRN?q1OV^s1hsZtAhzATh!F&z{RAyC2@m!)Mh`ga3Dpx!j?v zxqyx5e|v@VzvnL=@LzA`bL;-!2gOkc4_O@P2j4mKeGuJvTqmRxX4K^`@VMr^oHNFv zI+3Y~z&mVm_ zIy*T&`NttTOQ}a5iHI8!4{b{y%z7&H>(@j1jV$x^Yi|c>8#74WzE%%9sGLfFjyREI zl0e_`z%xd@;%tNYiBZUzr<`%=#!=1!b#WT5XI8&Jt>=btVIHA|dnN!d+1I`FWiNfJ zq#ag$P%(G@sh9s&rt;vki-o{}$MK@dpeg>hx1YoR*xx@mc!>Yq%IDVQzfKh==#^oo z^ksx3^BjP?q+o>%^x6#Dl4SanQIiI%f`jJapCsGgT;$E#_3d)=vNz1lr9{ZbONlkl zZ*roO@=WGxGU_DWCHi`_s$X*rq3r6SlUzS-bx+Wc5q{`-6@PcS(sj_(c9m&TXM&y92eSJyBY+x_zU$Z=5y;Ft2)yF zR5p;TI>yR)4)dc{xHWDSgB(~RuI@l=G!DC;O(95zXmL#bu2|Zp+FN;?4f_^I$=j)A zO}1`mT??;wZc55xYj31m`J%U94AV}FRj^~j)hl8MtC{;ukQr_imEQ#{JK|V%-pyqc zwcZQOxvdI}1(Dba`dO%Ne)ri#G^}}kmz6DN_Lqlz`+NOa!2g?KPO&#!JQUdA|Gju| zaFF-^c6T5Azgzj-o&Wb%veWDD*Y5opHvMLNKSOAx=LdUmHLuU~u^FGQWJ(wE_)LA> z9FC*O(oSElt#X$Sb9X``;zltqJw?qA$SR(1DUK%9u4Aqpsc2<|3b*l$v8cjzH>>Yky9*DZ1o#;iSw&e=@w@SR=dWUNBVM! z*X$i#Lwm4m6k7bOy4F+#ExZN@&tg_E+jkL(d zs;IZ-z?|H_3#@EvX5Y(IO^4sGqPCPQTQU3lWy5fb#D7>YX6ujt?Cm~#n!o?Mzq|MR zA^vk4pF52INOpSt{a-j4|84z2AkC}aP7uhZwmK4|hP`4e$nI)G0iojbE*22d_16** z%C=Pz5ULO3WSgi6<1_}9azs@JmAo?VGwn)6h9z}yMx`F7Iib2>z_$I?*TGag;gvC?^dy}owYtl}0 zFb;tJvLxrmviX=?PNRKOF*!k^79qJ*EHwq=bjcP>ugdoYiTcU2GHZ;$>47}N-r5=) z>x;dC@iknF+t^~<%ftk9v-dmprioZ!-ItBMRkX5d>`gcOjmO?vM`)@n=uJjw*6in0 z($Ey9u{P8aVVaGGMC)9V`@1x&$3@MOZ9Xn~*8!e}&m!?ZfYx5(B4|_o*Yl_O{I9)d zPap1o-pc0=|MS!O1AiI(_qz}K0g)Tc{DK}f6z0oM=3+rUsJ)gDpWV`u8DE*f zES>LVxAKtf^^omV^zdOv{~H9g?mE{iBRRjRsL~y0dMO5c$n(0JSW~0UTVJGUU5dYX z%*%LK(CGb+F#!p!S9{s`QfV8jMwg(`Z#=ftI*3tix@|Iqv6=0)a^ynot9zc$Rc=P# zyVYzTB21*=rt-L!{VWjw37Lq-oGcy$YRLcEdr^r0>_30F|93l|yNmyvDt6jL5Xj=x zZzd9yj;T5vl$Kd7CS>)snZQu_1TPdFvYJ>C2BxH?(hyPNT_)vi_p7;8DecX-A`Nsj z^kMl*HQ7bwy_E)5oUF3B!)QveSn14GyZOc9)qZWs-dGdFOmP(1@QR)xYatinLVFd{ z)yu{aO1j9eN6lm}8c?WZ&Q>e1+3-R=W#3YuVL9{JBQEtw^7tr`1Ctt2KNhFQS*P=g z%oYpcm>2FcAnaFU-e;q}`K?Z`RXpqKAb^sWBOj7vv>w2G(?E~fsIZ(6uT(1a6lBfm zoD);=re0|&s~?L!6{mRQON&|>lidzBWLN#pVol8&bg@W8b9$mf3YK^5lhSbZFQ{zup_OWQgYYtUeBreD?%LT1!8d@=OWiQsZ9lkQb zj)FcAM_TmfbjCa zC2JS7PaZ{TyjsLp^{|;>Z(%aqg=JN>b`jaigu6^5S7a`n5X$Bnf+r_1 zr@s?VKXlaCm{rA@na7df@vG_>ws}E$J57FrH?VSabjy+`dX2S;707R;q?yoQRk*#< zu5ObDmJb$}XMq)y1U)M3;NwD5m4pzRC&@0_dU`UW{8^BrIGQZJo|=W5#~2H8y3jDc ziD1uu(^6l7j`RbFWG^92X;x_ksocn`9Vij-P=1>vUkH~ylXG)?mi3n z|F%k6C<@Tv|37_kkoW)hU+g{H|GSmX-Q|C2cUYDIM}J6)zP_^Ep*(EtS1cIq?n>dZ zoj3WCSDxXkZk4Z}Br|9eslU6c&E$&S_SW0mUea3|ldsCsQ}0}t&P^E!#W$~W%YZ^l z*&8a$gB%wV{f>FWj3ol24#v7E8dw$zypx={?U*`y74ekRtf-8ql=mypm;{95h6*hZc5ys;blz;Z71A%Q#HU+@s#q&M{HS!%ni$m41<< z$S!$Lyq$TQaG8Ghu70;S(^N@IH~&OI!=Q`QU3OIw#oC9Tf=_|TM*Oq*6qI;6s&h4RxpI02oL)tuS2hBmnt%Lf z@wh0~k_Vcx=b^{_zBG%ZyY=#sEUu-190d+MM|xo?Yox1heP<@HFcYi#HD&g{Ga>$z zjswQYT5QY)`+xV@e$M{idv$#%Bwi;z-IEA-Pg5x>Ohe8phQ3r2GxBdxghD zIGrtYF`)v9I1Cw&1QHYC`;e`IrZ{pZG#Kw7PJA5EnO1n|_c-u6TPPr7mEXLrf(km1 z6#cKBgWd)H9I*gu$|0eUaOBf~I34Hp`R8+~o;q9T6>uqf|LPohl#7ltrqKZYR}H`8 z41ebX_+RtIWIT}nWBwGgV30O6#O_rbg4ZHCPaJU_cAhvxeARj4MANYI7 zpZ@mxtkb!?yp%R^$0H#LJQBE+XuDf##Y5d5XlNY-Jw*G?7w3z~mtlfNjL#1dbLrt= zz{!}3h|l|bj>p_9!X3&6L)E|PUUmunx-1aPCml%zO8TFpIFyEFQVfQNL;BuyKilhE z(ZD-I(gmmEw>a!fNra{OD@U%zUE=e|AA~cCeP1Or!jZJ8HJvNl26g{Qe4n8YjQd_! z4dN%puH@WC48?*V7ITEdBvD96Gd$$Xi{X^vzt9DrqmL@wgD!CJdyJ0K(&!bAu+PTn zLhH$KTs9q$AR;{ERFK{d7&7S>hxw zHN&5B0`9(`5fPnEAIbiBKq4a0p0j`O*G^wGaNvCB?EY2Nk$xzVZNQ)BA#o}85e>pP zLc*PpDTZIR(D4+H$r)o&%ClxGNcM{6Avr_>+^!Bn9uY35;CmgS*RW5JDQ-EHR5mL8 zET6g3_v#=-zTj!-lS7p3u1?3=g$-SuB_(0@RQqx_*ez>@90X$;eCc!|JZ@@MwG-j7 z-OQe|_uSd*dt^v)(BIqb^XCVhP8j?CDf6k@I98bK(Hvpb{Ap4#IqL$$>hY0(jpyRA zbeEEG$T@oqf%fR}jykoHeu6B1JUU^~DJOyi(PK3pb>1)10b$PZyn_&ph>AkgkJLEP z{u~K2=s-0hxiT5P?gwqBH+`^3HlXM^osLI_u{GU8btG7r8bu2nzt9nyvlv~o*!Pf6 zuZa9b5Q4~;h+{;95#v)OB9vYb_9CgnLdn}l0iuD3aNrW%*pM7{wi33qIc_T>__O@7 zCFj3l^|z3<{K#I3&K6Rn>k)z6mHX;cN_`QLz$NL<(g(qf^JGp>Re5RjnzkH!668E~ zIwE2mkI5?^3(>@z|ClhL0xszQBlMp6@syx*)ewS~cF^(2@Lspy-9dIYC!ngjT`hAx zD&#l?^5&o}m9&;hj|St+h`ar6r-NOW2=SJAq-nTEP!dgazLi-HHLqL9n%LX~ zY$2Ed81xpnVOF;Z&%Vjz5v6PkmPrGZb`;L!Bk2HNhS=#`w|+(DZ*eGXzr%c6`uoHT zRBeXDm6GR*%t7*lB9OlXR?qTB8dMEJjh_v{Q>&Y7Wr`(3-9q+Yw-8EViL#JMt@)A6 zlc|(*2?Wc5#ZppzkPh^<&htcq1cHJ~40{oXj_{-)i8-rEP5dV`(3yLfZ% zL|>wePqxAV@$T;J9ue>EEpbTP7W1|#F>vMMVpyBwk(5Xy#$Bm7nMjWC^~G>FgODK|SWpiTJ2RRpFmn3(IQ(i!QhJF<+ki&b~ z{R7@#ax5U+IT*%a(8H3fV26zr{M3idWI1$+4^&_V5y==cd&!@clUR9lnXuEH=%5FjRgW1M7l>K8c;DIUh3kH zX*7w45d4tLtK+3xBEnHD`fSvXCZw;U!VnXo0!{I+jGJ(jboEq*p^yY?1134xcPBU) z6QKe&DwZLCPa_3-kAZ^_F)0)n4;jaiGGaYC8WC8Q5y4T+WmBF<;OteAdY~*QXhrTr zZSq1)Bk4+0fM_I$Kax%r=AO1Ik|}%h?k7h}5gG-WVHsk4iRELQu<8rP*d zICnaI^s}4=Wd`Z6>SbX}vjZnHtP%cgu%%1)VQ_uT<_)8f9bRO)NsdFHP`SUx*nR>N z3+ny}9GjpC7HBAqcg8&;85;ZH1P@6>UD#1z;ZE3;jY&Y{%3tHTvV)}tn2;n^XvM}f zkG+!2>JhG^m~b=|o87K93Qagka@VmAHE7FOl_mL-XvEnRVM&_eMHUdFlT55n@0=ZI zPfVoC5Im01NQy2T%n=nLCZc_p%0}1wNHeN%Nq{+JQb0(VtyfA1UF_N(BSLm>M3&i) zIGD?YOox$D0e(Vmv)QDnO(Tab>c*X&46REz84+#-)kiiOQ3yIhF^{>i^lV_w>Nn49 z|MTqN^OTO&0uQ#5fA(WR`Yskk^z=5-KLum8c!q|Eq1l1vmY)R~#Xj!V9mNsj6#HVpiD3SW^yTpO;eQYMArnzQ9g14%!Qbr`+fY+lVd%5*K$RhVNeT4X zpY8V}rvG^`_&caIoqXA`GBp34f&95W5p%n%P0-?$N%p zi?(HfuKuap`&&oy&J@pq4W;x29)RslzPKcW?eDT_=u_oF8`Ytka613e4X|N^VaLm% z8eOMLAslr&FeQhB!S(gEgJFmc;h6Q2dH~=j*ic}==-Dd zM<@S6KOUdF-a&+_ zklq(5I)xk{oq}q2I_HFBIya#%6_lke@^LVZ@tB}7n-Lzs5j^2jDwM9of!Fcrltx-2 g7RYh#(ed-c=i&44xx>%@7XSeN|4|aay#Oc$0D4Eb{r~^~ literal 0 HcmV?d00001 diff --git a/assets/bitnami/postgresql-14.0.4.tgz b/assets/bitnami/postgresql-14.0.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f3d145c3c4f579e5c7fdc0140fa147809ccaa03c GIT binary patch literal 68150 zcmV)0K+eA(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwyb{jXcI110-dJ240=4WZPnv~>Q!nHH&r% zdxIIIyt{z&@K2ll?C9eQL|FnPb^x6K? zKY{%X(^2|K7>D#v`)lLMH|{I>z$hXda!exD-vYpg9EN1t^&#gW>SEIK5#@M-QP2l5 zq&z~jv{-;y9KwYc!8z)Kp^~c6f1i~WzD>r+yF-*=67|88zy5g8J@~=fe^OeQq7Xrb zG~`TPRbezGbkPULki#)#XbS*5hf~D*;P)*60PujSN0`TEC=BI8U8oNN;@=`Fu#7Q} z;2if%x&Fa{7oahQk#}(5(H~wo&7Ao}jy9dv^`wos$6u&i+oR#b! zyyzafKo7P62(gbMCU|lbLw|<6!|whTjPX0u19yj8Fpkro3d&Z1ViW}^@-brlEkl=2 z=5rEl0YFhq80M1w6C9#`uh;GQLWi(kT8P7`lq(NtYQ6MT+W&{$58V%20b)MIF_(`r z`2jonJKF`A0T=-iqX;mPP#*y@{uTM$qbQUj3_}oTK>)WAxff_AgaV2}497Ucd;wq- z$U*=|98D?ai!L}CoE{6p;t<1#?*YsKOJdPcOw>ns8i8B1V0++Kf+MyksK@A@?Ey~l zbc!gGU>PSA1t6xxM?pdn>u$}6;Mt7xnDu+6$GSe5Z((0F)V#UJx44^iWS7usPYH4l z_TaN##*mwkOiA~tPeMXjm)%XbZqeeN&_MQ)B{kWPEiYxumIu^3isBIal51NY@WX@& zDV{?dafl;CtsZ}Oeh(?y1E-PS-2xz?VMg~9^I0+$4NApPiNIDtidC0MxQ(@YoFdc{ z)Raj1Rw_9M&$|2FXIr0JhknhU!u%f+|8~PT8s`7~r_T=a^Z(PA2jAxZ$M`Iv~54Hk4MU3|Wo5929FZ$1Ye~g|_4kqZ?v*$m2|Kb_^ z-v1$Z`SkDy|JnZj_{GcbU%YrRe&J8X2hX1Ge}C{j{Ql|wIDp?D{P4r`vHx^yiXucI z7e-0vaR2bBcW~$(?q477_n-dIKX}?bcy{pp(;p7MfAPPaZ`z^uV~zhi7$%54zyhFl z{2xAj{&N3Ce*C|9{_@-Se~iyI7?5~D@pQ)BiGCZ5hR6ToohjSVI}K1I*8#K-j)q5r zHz(4H+}hp-|Cb?O*b(4$NX9S}%LF(_98o6T4yEaTo$}hbYB? zc#f=UdjLm%m;^YQ0$V@r0iQ$@JWYg^#R*85syS77rTlJfZ*QsJ!t4~(Nw~U9SK3rp zT7?;ckEI?{1~xGIP1ZKc2~(pFI-N?e!z2tx$ft<29ApC%F!@?4Sq7jqXCb9fAp@v8 z?W%8ic)BgZj-D?JF+Zb)dVK-s$RXFR3I6`iGKz(*3a4lgLY7iHvY!dNc_`F4<0#_b z9SM^;+F`o}kqtnz#af8SHA?}hW#Gbu&(hyR$e1u;LHb2t7hT&iMLGZma~z32r(nkj z4g>E?0lnXCM}UAPIs*t6N~93@3FBn05OD&0iXcZtl%{H1RB>e+TOy2?Y+Je#Dz+_s zRfEoyX^Rehz>MQ)s^m@~B@o|Xu-Nt zbPV5rMvIiXTeJW;+60j`*xv7U!DSRK1k3>3&rk&3w_@UZvEpTjFW+DxOOMvx9J0^Q zTx&7=Xss^Cxv|E}KcZY;yMOX3PU~FpF{;RV6c&ACm+Nc+^lrLlB=PR58vh$CheNurijRN~2ih<;5gk2n?b%ZYTwVi<;t%!X2H zwyv}-x|1Xf<;2F(JPxITmll_C@W_crdsZcmT|tJ8EJud{SVD_<)tU~0CJ!rzN;{*D zi6GWy*g(Ai>WzTp6z!Xu-H`Y&v>>7noWf%ihhzbcguSI^CQhODATrU8Koz*heCDuc z2MNnktTv^|mNrGQ%mOV zsQ~jR^Vv(lmJh!zbPI$*aT39Ch(LhhG$M>+AIwRBfR+`;AxD!WWQYqWS*ddpAlKA( z-*u6M8&tvH5#+{{jFDaxj71ry>cA*aCK8#?#dlLc3tNDq)E?Dn`d|V>hUy41zy|s+ zCzfsIq4yo}X$SGWMov{kzj#MG8|0%)&->En6AxagQUj1mb$ ztpNigqjKtwp^v)l8pt8Lm9100880S*m$tPhTA~`~#T4H`jyxj)Jq7>d1Dwa9nMLAN z+#Ye6$77`WjMD^(?p=@s+)JSh@vU6@GK91lfTIbab2%Xb5`mCR)1Hu0ZKjp&ZE%$E znOGnwi#F%&a#&Tiy_JbT-4@q2LtGf<9-kqP62d)W(0e5ECYUnr(WI!a*T5)cK%j)4 zSt&d!F0q2hBiu3zpiK3srIVcN&BpLshA22<3{N8f)0L0x`6>@m7hLigqW74gJwVZ1 z=w9gih-Eg&I26jscxf<`^;~1aCZI3HtVrsLF0L*(oknsu8BfaHAVNpQl-%I}1?ea# zUnAy7YVGtgU~}usd<&OzY^~U`+7>P4>PpA8yB^Mgv=*&z9e$CCUL2(F9my!E*Ow1( z(o$7;szoG^Y&9O1pek?srd)a5D(~!G-le%GE&caZ9C@FPO03&0ipN+E&?E*EO6F>i zD$=^(TA0y_%(>j#fFUEs)Mk>Yw`c+0hXIUJ-TGdz^X&L&D7dHB6J1rNJH}CP6Stu! zPmG#XF#|qidPd!vP_O*aNP#732X8a9=P`xi(P2At# z=fmFAnkk_aMZ8Coh~qi(RKI!mFzn9wJluZ$cHoWvb}@K!b$N05cH|8%&(BY<(~*|% zf;R`~h5>4Fn<95*CgSh}Fv-?T!=b zQ)mN*_-+}zYdlB)A`t@V7h~EAh+>2@4(BmbYrX(;A*+_8WL{lY8l2~D&t|VOwwgGF zJfAc5P+(&pAW8{U7&5kKNLJI#CWf>h3)75dh%_a04slsQhZ~Ec$0x(9lflvT$+0S) z&=8zz#VlrlJLRZ>V3LT5Y7fN9fhbItC%OiHV&>{Ra)#&~qTqB0U=UET;3ZV5FSD>w zcx*5zL8R+Joz}5kQeo7qM=~mZ;Y++e=isEe&&{X2BlY zlY!Dh`iB}Z=7$u1>qmTV>bTwOJXPIe9!a+9A3W4c$eK-0GZQG~{PyZh4cSQYSILG@ zg{p`C&i>i&^@I)f_r7S}KYNP)_g!#0NgYXh>DDsgGei~S%>SKtifDWPY8iW9$d)Hb z7iNCCj-)sjBap#3h8!MaXQeKW_XL=N2?+yf;A|Dj_d(fSrl?tpWhCsTU`SC&U~q=V z6jF>BP>+Qei02?oU+l>JVUHmJh$HceNz-Vn31%O3;;FQOWP3*(QfE^!CczHdl_nfX zI0*3^o4tRr#F)*&9L)(`$jSSs1uzzx+G~>w#?*!nz>aiW5ytR1TIjNI#=RDX?3#Ca< zna|K1K%0L{_^N*BzEJbl9Pt?mm@{>`ttoFX4b#?&FQ%WRgVkyL6}ltZmvn|%7K@Yt zC`Kt-Tp3b4hjft(42soLccklw-NL??ev$2~?Vzc7xCiEt$+(pe!9e`&cDtzp)dxaV z(NbiN0xBb11_ZjLK03rGC!q==P_Lz0jSeCGqsl7!I16 zqy0{138hpEUevqGb*M>90%Q z$a3;YvCMptipqS!-cnV}{Vw z4s?p{mdMvSPTw#j_nz@2dz^S<S^`xhJ=gJZWZnVh)w@Et)bf10-n7*jB=f zMyWV)YOO9E273!JDJ8T~8VZDFO*@S+55|r9V4Wx<6+4EbsfQ&p57KEe7ZYT9o=iT^ zpXV}dR&P~ss~vKvC|99XHpuK`1D�L7X(P+09*V4n`}2+e$G+(Q->oWh7f zH4BDhYNO8sZYD(~r(ob1OMpT)$iy^MzcdgGm4Q>%Ku|LlO(Fm}kkL+HOb9oXwdt;m zcU2|*4ZwVHBXHiRH(fR}c~0b8@%R7N8{??QX3kUO&j{!o6TpZtQgAfwcAP^H8WH&T zsTCWtfs-3TEgPwZ&UNu1==*Yf?@NeHF}LnKZD#8~ZRiC%!r%~d7q-lAh9ZVJzC(7{ z;BHCVd>DayLT>>KNi?l&oZQlGV00M=a>sTmn=dC_Bb2#8k_Ll`h3W_7OV8pAl}mOS zj?iN08ozA?UOP;$9o}LHn9;NdXxqme0C~bvJ2l&t7$Xy09|hy|g_s8YhsP6nzzzn>u^)fuMR)u_7dT>xb^Qh!d$$b zAt1kGkqIiyR^!yJO9w|A;BwdMTFM|@9=JU3Ea6r7T>-Efk&X@vcb&0E;YoD&4pOEM zC&~U)lV@3UjXLBLNYN=VSt1f>kAUR{vawiE)oM-l>hf|cohxJkhgl*#dLH69>^iq_bM&~JXy=@DKML>?F2F_3v$vZ@y zm!M+dpE9Bad@&$ZR%BZ^62;11=lwE%KF zMtSwA(C%Kf zcFOf!A3WVxQ-jU-J~&WMUFP+{bNMvi{ytFI2=fi-gM-p$r{Z2Ju1u!u$NuWmhZcQpvU7ttPh)^yQ@1uG$Q{ zQDT<^*FsvC1K3hhmjl{TN((@hwVghzG`ZK;uLl(}dhmQHAyu~0nKSbbw1didD7W#l z6cy@}zOu+jle5l{xLMRd|RX7n#R!w_0*W1W4no6*lObcdjQQ5R|W4@&= zYabTQNbJpF1gA*ms7>SnTAk6svU4lu4PCISh>%O*^r5D#75}OxegogMxT~WP6e9Ty z1tvscqlo-C$zc&s+M|$DVVadzjCaM3)C+1bnRGC!5q)s@{KYxe&-^$M5BBFqCIYdl zOep3Hu{`4F1K-3VhH04c5&FQ(dpnjIPZrd;3sa_{&9`Z51~Xx=DM{kN3`SF=a}10S zSLcEjjH5Z2iUPowB}}G)meARP`8;G2;;mpzm>x&40_asKnYWovpkF=#l|fJ9I7D+4 zaTv;0usrE%^(q@sE`8M;0qWn=<5cisVx7m$SF5tNO8DCcDm8(ci4=$Q(i?zco6=Vr zl$i7O57KqIR)U{THq-L;5*j#Of^u@(LT2a;N6Cjv?Uneu%Js7sC1EH~{Zop;=tLGu zeHSXiKmlA19ZjMmbr^kwcx^L4T66^r7bKE#*bb5>tOAKHy&RsH;yWCosf?U$z><|+ zvMmS(mr=M7)V<1vVsooX>n(>{`t*l}@Dt`kl|Q~2dsWTl@cS@UTLKudZa_&a!+8Li z0Q-&Jv=Hy(Wx30cFKmS&B|^=0`65QmjnkDttZG>yFQrJTbeTKs`ap~~HJ=)(PjwS; zgw%qONtJEzm-oG0qN;!FGB%IR)GnCZ2Y>Gzot<^GhIKe-$_YmHLFY;Z2g7P`Q&+3cqb}Po6OwAE4T)rE(Ky)%uVf)_J%H$<`gI%8)sy~RV2X-(%}7) zt4-$5P>_T;ntJF?g{}0UOsONsazp~u+m@EM{B7v*U=(;T;y8U`v&m_Hb*!XdD90_i zW#jq-vaG;}J`hw^IvfO+ya+u+JH)>Qg2lrewG}}j#gfV-De2|17RhOMgWa6Ql<4Wa zDwd^$>|3;`q+04Q8TX!^&1*%n!G5Chzsv8pGDEK0Z|D$t@L%#GEGK&Fwlte=O(S%Q zzWR3PLZ&G#*)<4vLQs?S`2ytlHW(Qev7{H#-3()AKZk-in^M!q8|K z*!oaU<-D+0uL$>afKgRn7BUgZEqu(M$nHp|WL>9nx)Oj#C`3Ld6kMc2P&?nR&e1k1 z$5t|ivP$wf3Dd+2*Vgw(kO#3e;(We)7KRGXz1)#rn{EqCRv0~pc18MCt!u8zr`tCOrHIc$|5 zKGeQ27z9|~>Ud{YY_r2-AKcAju8&|;C08M@ma^PoVhd9xISdELmr9bU?8N#cWC(NBe#-JPv#oOiir}GpW8n(BAi>1KDfOzSFivkPB30sWG zhwOP4$@wH8Pxio*wCVD{>22L` zW9i}8Rwo<*xQBv9I<0U~&OyT{C5NW%XJw=PcIgUr&b(P}^Qv<{WXf zFCQzUYSs9pcTP>u^6X?xvS~)0J@sdVFnuA~81Z|ABJiJ2_xJbry{CsSU%dQl1L+Y7 zP$AK5iZXU52U|SCnTLA z7=%L48XC*AYFf1~E80X_uNp~Oa)VV@bF7ZSHe?;Xkig(47{bVx%|0VA0Au|doDS7h zLz&>q^w(!r9kXwuQ(GZmzjUi|qJs2<*(=P_&5DQtEfY(4rU^D<+@`kZ3#3iAYo*7u z(XB%!b(R(#*n2uuds6hys2bC>7G6AQV0u=H=ggZY7aX1;#BH0rCP>n%Z-h}Kd5RW$3H?e~!gBpAbTiUf!XZUU^_vX`)Bl(`a$(S|#hTR7>4zi~l|pnGh;DXc*{~jGpanP}SOWsC(dGzpMV+?;Sp?k};=l^;B<3 zn^;8)1%4u}yPPsN$B^4;fecy;)Jz#n>3-Qr{dPCdtf^4f+mo3L#t3wT#_I^3*%?R~ zJRPQE>vUp0lvi~#ysf*wL?P<(dJA603aOzevE+mm3k3gZq_p1{z@X$W2`=M?K35ELQ(ijtHb{L+QAM0lnGeg{VqRq@S_P_X zMXN|Yq`m~BOh9U*RYB~-cY|d;N)BF=Kq`cIUYgHn_->&0xm*ol)vK8eZCo`cDznmwN7Ub+|RH-GqF_vOSvZg!$tni?hszOppU8B5XqQXM!>b@?YNTst)uxu7PODF)G&EOp-RL!&2J%K7$w3+n`jbh!78K5Xge0OUrL(&&L4{@|E$;T)} zyq0FQj15~@cLz!P z%%nwR-;$K(S-F|KUm2$#JM&j%dp4B*tE^?s3BW3;+Ef;>7GzcA0dq)u%w%8=;x8a0 zSjNJyJtvsM*_9K6mGPr3noZ>gt3k0wlCT=6Yh?n<{D;pu=Gu^tpLnbU|6^w#Draw-CGKW`dW+`iewSiP+O(-^yudETp>PgF5GU!|8vSoyJ^Xbdl zf!}NnvvxSwPGq(On)S1pwL`Xnlx8hk^>BI3+7a-;$<5jkv37>Dwxi=)nzPT8=FD{| zf1X@t4hnpOLxx(EpQr{J{ zRHSQih2;&k))~=in^c_>Est-7#Ar>J>r$f?&{t;sa#;EAn<1^(Uv+8Ha!mV{D6M3( z_6tsx=7x?m=S!<^*kfl*Yob1vHZ4c|mz6lJsV&9qX{F8ia`UITvs+UVwVVO*ZCi~fJVNfaHrT(C1a8)H zY=snVu4TT_JZ`0+zoKMrrSyOO8Qn^o^#!DLE2V4c9pk05yOpB-mg22}LI1XS-WtW_ zTe7zeC3~xqyJa)J)#`@YoNuKRd`tYce&V+_jQw}Z{#MG94W@uA9|oX(5;)6QwniE_ zcQ33}F1QTw`q|*B(LYd1xJrayd|tRp%D>>`aMd&~l_4%Cao=*pJzkEu${u{&L~+%E zwDD|l)h*s+%D74_>*bBB=F=Y`d0b`dHkm>0DpfXr$Q*LzJluRDxlCuTl1grQD!+_; za;wq($Vug#ta3j=|2B#3h!DB)CxbRs2|U-w8s&he_zuGmgk*|+7=j>~$H1o~`jw0g zA5H$ZZVE~VP|T6DHyG*hy8zP!QW$ZBSPCOi=a{Ax&NDcefrxMb0gGVFW`qNQCy?PH zLh9}z4SHkf--<7QBA?tLx&UL@MhRxkQ7T&M{Yu8Hx21r(S@JZZ+=vnFarl+v6X;Mh zO+rY+g_wQ|14FYnKaw>v{Wc9FOMP6XSJJLcqq&rx)j#^6^M3<~7491NVnz19!X&JQ zZ;EW06`c4{VpQZH3!W#G3Q4d|HJ76(lvRGr{L{YLSFOi8fjC6Le~~eJgM}HiIKy+y zYmk>$kVwj3nVcBaou+bPOp#SzM)_bO>Auc1xL z(s#`Q!Fj059!)r+uW*FfOrLM9ki7C5N)XH6HIqS+Y(b+;I^`rt=Sd%2Mmh^jJ-+7j z0mDKGIoA#-iT;a>drFrtjb!D#0?VOUIk&))XqL?{uoAP1IRrRY zn6O}FRI4T}SOwwAi3?V0-KLWltU|bL8Sanxh8 z^tb1yUpw*iMyz;X7y{4pLj)t>d3fSUhZ6&y+9tlk(2IqwD0fV$P(YsdTS7SUU>JHh z5X<2SMpV>@h!;b~?g*KfQ!<*yNt53ZQr}y2CJpAzFKmPnT@6U7Z z&w=;nH{PGmpX_$ysVLLgs^^Y&#^p^v^|;;>mxE+G5A)!xcP%`JIlyht}Vd7aWOJ{+KGx8<$ZhF`&`_9D=bW8x!ktUQ0<{R9?bW{GOx>fofW^B5dTNz zHV;XJ-tT5)*t-hDcLOj_7`KA6!5l`33~twn?Q;7>W0L6LJ8MU;d~d2nt4*%7%r=)z z#cBuR7NNK!Bi`-^4gf`Sa;G=Q7zh$7zC$oW;aq!&bdVt?Q5T#cc&A~ZdCV881-hJs zpz`%ed7VMZ9WRsBIG4s{TGwJPNMP3joZkUjZ4YSkyFi=X2h!g3Hv2&Nt|;BoY0(kx zmX5unlgCi9e^a`F)28?9HgFpH-L%))$!XJ2OBoB)c?Dd%3*QPuwwo;f$@X5e{aC$) zY~gaYgC*RanxQ_=o>eCixQUG@s&_s;Rpeq$a@9^n7d5O~e#U5Ji!XdQ%h$WsU-?meKkLmV;- zb^6uWh;#M~+>=Yr)`2W|6a?l_k2y&tUKI{eW&K-zYD#;(%=w_$KIm2ED6fJyN1S4x zHNjO}QDwnSOyy}fl$g_awV>0W^3)bfk^*T`ZGouT0l4rAwXy>zZ!T=qnRX=faf>oU}HLB^iA% zPib}x%tA%Wc(yT=pXR8AZC6P*jmYOcnjzB&U3u{4#mL%TCx%5W4sHMaZ19;0=7z#Xl+VR^HnS{0NaDyRb&h3d6DhN42y^~_yD z_5ryn%ofib%${}FF%6e7r@X6qVm^g{o80@fX(&Bk?zGJ&s~Ck{BUyIz!`hlmCVa^* zqk0HsRzvTDYP4L_9#N^)w0QHHZ3E3*TDjFUa3u|wZ-cGms&ReObUDm}uSL^UE=epI z3sAHeWT^$NNt$9oYd4fvZUKtK`hp~UN~9-8pGqYO7pp|&T~h~z_5k`IlNShKJiZu# z9eI%P`P1Dx6W=DUSm-*yl!bxDN@Y>We!v3gvnVl>(IU-qI0ayh?lIJ zPjh)*Abmw@wWV6;Z;LYCwzSe~}h>_@YbE6f;g2;P2Xx+6PxB zuTMwUSAV;?I66Q1XRZr0ATPGMO+o?&QcJWkVOV1+n%g|uJ zYAV<*jw^}aaM~KOD7%B_^MtDaMmS~iup~u3na|~gu)D2V9^ffryft23Tpt>|hYP@F z@bLMIK7`$Fw+n_Lf(!}OBV-<1BVmb zU7^aB!@*Rg)XOkWcg>6>_CY}WTSU8<=;uZ{`oJ76GBPF$a5(LQg99%>V+BR(*vhnZI=LWRW){tM4NFoz!3fBlAz~1x*}8PYQ)|vJ!tAZ3dunErP0NAf zLa0~ZZHOp<<8oL245TuP?0)?q#Mn=nfr7S0&jjHNq8+FQ0ZGw{f$d2F!6A}h0 zMO8o|q@Di_;apqkzKbxUEAjs_a<}*2eo^+T8ZCpFPl#rPh-)Tq-l<>+W80!;>5%`BLWR85Znf%{aXs z`IFjB%k0a6oG$bfsV>3PhrZK|x04SsqF9B??r!DN1nT0tv{0$mfqI#xp(jYm;qMo1 z&@DNuDcn$B2a}7#QAd_rokeMT)3+g3W3*}2_sqDKy8EuHX4^Dbi1;NsgG_*XSxw2c zC#i%<5NW_%B`PtK%X7++KF}>sF}YX_gG@k$P>>9%^mm$6%yiB_r~qLG(rr*Hlw8=V zBvP)t?j#9AS=h-~y#;jU%v_S+9No3I0LhakOkVM$_tp!nQw2$+(<~+ zr7WhY{~>=Traqstj4i2FHZnbX8oRHbSsfFz*!0UUI=iVbg47deA6n7gD)7tE)y3(> z>wfW_I>#7OboCo{e zgXi6S$AR$8fABc|gPc70Bvc-4CfBW$gz05<*{c#q!W8paB2NMIGA-tb;gv*~FVfDx zF`d6X3E`A&<=eQuZQ)6$t9#qMZ@tgw^G{nLr(2_vk7XRKokv~U8@l*Lnj@e`Q!hgI zo(3yVBgjK(6FimY3%qPX+OoDB&Yd{|fOvXi_B^Z!TZRYrL1%Pwb~3mIK{tRh0X;Yx zNx|F$gQL+2_~p&Xg@E8g4ns2S&LB&n-K2+4cGBv5;K|_f;^Jg*{bUzh=PFy2+%Wtv ztJ*F&IUAjTeQ^w2X^!}4Qkp4Ij zKMbp%>{>R@Jjb$ZTc*F2+i6LdOj_SLJNoJ5tdoBmAm&pXt5Y|3=5Mv>~g3r3^lyopV^Jj8b> zLX7Rn=Hf`*krAjQBZ=&tF>1M2*4D9VaC#|9Powh`y56=0#3CRkj|R?A6v>B0I4^-r zD%O%IEpXuoa}2{{6vBl`=5nf@fj~SI9V(xS?r`e1fF3(nys2x`)&l5eeFfL*=UO23 z1%}r%ir9>V0nn*f08gK+0#+y4$-s^h69ZWfb_=)IhOg>|- zDw}V9AE+(`*wZd&0$+kdfm!x;5W+e@*rDC@bW-g%JA}lTS{>W z;4P4Q`i0A}*4w30Y`<80 zQgPLi*-l;$D&+Ox`BDO_dYGNr11s3|KuO;M{(8&IW5gM#BOw(Ydi9dx8pF<6I_K`nlb_7 zM8<`90cJ8$u4IIfNfZV0fPhVu9ll{s2c_U-*pyFUZ2NJGMbxc+osSr7mtYjhwOLu4{knpv zEPFt91ThzHQ=o81Pm1X!jaNu*Z>J!f+W=A&&120_B{Oy2!4RC9FOci3Iff(I-L^_V zg7S@6YqP>96cJ|cS(u9vd*hIddvho+RXQeqB7^$mbOvMGod?@xl52=;-z-I`v4YKC zl?+L>PO1%AN+!mS0#ts>&jU8gA+mkjbT$VolFQtmD9_}m7&Lh@laah+WfvVOrGWx4 zURcs@lUJD>t%~R7ps6)@aKt!_iWxJSSZ%@=WYQ|u;}oIZ9O5XuXr+-<4C8r57s8xH7r3#!N;rqgQO)7NnAs*%j#3<134ZbNfjPQgAdy zEYF7m*!C37NJOZ<;ljkN*w3uI&U))J8){|4z^c2HLj9GDWvxO;syd^r<25;?Q^d1d z0#$$|RBMi3$ymprM)pK!Q)jSbL8j)8inRQdJSnR7HB|O6RZ!5?boIs_U}R6u1A1?E zPvv`()x=m1P>f`PC(t#@pHR>ph=EZbLs6}+w$;MQn9h=DY!YaxyD6N;RZY8Ysr3k9X=`_7N-#F z9B9tH(JFO6x2{PwgDtZY3deh4h=d{eCYd6A245gQgVU@K5Q{$A2l4cVW<_p7IQ^*M z|0wLxnBs^}Kd(?e_(9JFVvgrC4o~Qv2~EXrvx|`s4&gG7!S)RM@TKg#aM< z@|{v4pFVX&=^06=or*y>Aeql0UG&|Q2^l@h1J>K0CW!e@D}OR+>ZuE}!IN|8(%|`HO>RPoF+}`utD(2hR@Bw5RD#_^gaxtGzD0M+u*yh@0W;7{&EOm#|GfSM#&xgA99c z-djYC2?-I*(72T8y_xrlWSXUiPyT=Ue z$@ID$nT$7SzTc4exBA41j2SNyVKFIv{3$Duq8@6Zs@Rf~t(<(B78&zp75*GsmJI|H zMgf_FgMCjdrJyg&au~)l7$tK=u@4kM0H;T_mTPw!u(?uuv+<;ZgHv#IEwlqhbM>?t zZbHa){$x?`Kpq;9+e7$Y=^43LdAOrRh zZBn@UxweZM$Hzv;MUDlk{a?_iuypv_4M~b^m$eob$sm)YOYIlgfV!2fa-Pp{5TGd6 z002623R7(`QQ33hOG)Hr7RzX~6Km zRuuBWMV%u7sukNPiUMhabXbUkd{3%p=UDLdpzIC&(2-%ACGXxwm&l zw%L_A=6aP@uQD047|g<6@@iIGTDzjVazxj`lJDkdPUxcWyj}q6`n9=lU1pw30!;Gx zVnIg`_N!h?X*k?}_I*VGBNFGh;}rOm8<2jSd`4ajhHp2-i2bSph7t1|AC^!$mI`h& zY|5nD8cLZuKUNvho7I)}G_JLLu@En7A7r^Ft0=$`N7KAUODT{S^rj%b^eLv0G-aKM zW|f|+;z_)n8X{P07!PV}zm%5RO1r5zJ*4`J*t@2V%es-XUE>-C-2S=s}YoM|@9Vk~>82DdrqS zGM{UIYb(3&4M=Kp8w)%RwR2tD7hosAJ~vZBRnrXSjy@{c0pIO{-$8_^8PQdW;_^-h8K##;c4VF;T7VB9`6-Asb zn|kf!7MiMbsLVyyL4DR$@*F7wY>%so z5>UGpC;)dD%CKQ)lh_q;I}B6r6l+iJgoGiv7qi&$g-Tw*)GZ96B{&l5iJE9#J$S3p z=o>yZ5d5yskPKvn_A^5 z&l77pP7}VeY+91pGynv;Ya(YbIlI_?&I}@;Nu+yH+3a9=Il6v*buzj+IzB(WxEUUe zM!#HM9sl^gxXA zU8}lRKi7>IZi+Lds4CJt4soVayG9%j@Q-mZ;^hQh7akX|QT^xrk%)Eo=vC0o?~jXf z@3kH*rpGO;TVM6Sr-X~w#|ga_NcqtO`XmyAdy_#}4mvA=1U_%chy!)qTl*^1 zzxrR7!o|w~=Mro=sz&zLr3hg)9RE=Rkxm4$0EA&4aA!zPzdBMkX z>^EG~=)D7b=m{>{v9h$YxCOErSY?z;D$=au&n1xDD4UA`cR^j zhkrbZ_k%s$sxG_AvxEVm|9gSF?Klyl$1i(JuVqMOYa&^;a=T-v#%yNs)1If1XqXNK z>qF{U>X%(rpn?C9D4y!`fq8!uP-;7+rb}YyhFBISSfHbEfb)KPfC2}npwghl;&{YT zz^W&CzEzW4Kz-#-& z)oFRI(xI!-oy&Hn=j8Bs)(r@o|(Mjcnc$2`t~pTkn(i;{hoY7lj%QW@x}hd@oaYkth}NUSj(eZniX zLHivLQ;LK{Ck9UFR5Lvl!r@O8<3|^@@s1h6CpCvlDt=Y3-4yJOfcZ-mGgil!#*r*~B6IIr{18oq zx^qXzfq_1Vet7KwVtg-1!wzV4qTTHJ2?j%`GYiGePOvMzFtE}1dFld~NfluqTu%gZ z;_K9WVpw~ou8;*OqH@#|31zCQpx<2|ZO`Mtu-y5V*i205U^!=Z92*c(?~joMQ#ynv z$6I{5r{|t*phwcoNNiV+6`WXSo*T#h&gLt3kr_gkh>xo!6W161HS9aN!6+xQs_X&} z8x|hiR+d}n=4VyU!(ximHQf&U%=?{84itQREx%6|%+cH5MM(9!s)xn;bjRSIbs#+? z^h&In18gdxLojW!OU!SSIFZ($0U)K~#LrU%kaRiYI|vZNqoGiOe(~(}*TVAj4A5ZC z{2@~MK@WALlfBb!1WQF*&A&60sb^d}D&hqa%MFjGO5##4VH*GG-dCnibC|y$r-WMF zr{r0kT}N;SFziv~#3qb^`-0%o5y{CcvfP=t7Mn_Uy=`@sULn%L{yo9j+hAyP@WVGYVW%|xxJc4 znTRxWxBtzS+&hUY@Fqc=99Wb*s_{(8%&Z)&!GU^V5}C_rHII7aAa1rJLt9oEPI4Lr zGcn`LVow-(b|0aSfXZ)C5@TpctysD!W^X_fF+>HIs9~}yn)#1`_};V8R4k%+WAEG# z7caERUoAgqSn=e>gxzYXmWut21An?8Kp5+ojkBbP``&>d_PmxJvLZYlpl1_UiYx~+ zQ0INECJ9G(S+3b=rXPU<|7*ew7cjwsS$0+}gf-L$eL+LU6x>pg#AG;&d)BIb-`~K` z@y#-03l&LGuOt@ZD?3}47j4Os8Gl)^yHgKGd)p_d{bJb8gGJM$qwoeSG&7MjB_!&k zv_-6jz51}1QwTZnB+MdO{J;dLm@V^%Z)&^y(%$>S1F* zx!-J~V$LyPEEm|JdNeY%;1Ehi!5S{l3$b8iwCWymHrzpHN-km#M^duPm)guXP)g!| z-gZwn@N)9_6BzJVB#eYO@+;c{@|JRF*S*Q>7uWI<{La_+rBIL4vkWnH-;qei{7kk# ztNZn#LqMYz1j|_v4k8(10x|_;OKbK#`!qC>M)@~2eyZ`%9CHK>FQs)|Zdq_2mE_Op zG-{o!sMKiR9|vkz5PW}HaGozz2iZ)0_2I5CIV+8L`^3GDTpJJ(gidfi$5XXU2tJ1L|gkZ+qTd^{_jzVYY!TC`||N^y>3qa@AcQ`h@dQb@j7kad<0%1q{!!i~!*oQF+ zTN8ZquuI3lo+4Vr|h!e&C z;z$dEAB8cn37_Q!(?QGpfyXw@{Yd|&;g)Vvu=bb>if<6ZcLwDb>PxFGw_-HMlZ(e; zGh#bZ$k_ZS4Xs#Z;yp>+7bxt1puZ&Sz&U_n94hiN5-W)*j}H7%z_2ac>@IFhe^*h{ z(h<>>(p2eU9?PsmRt>iWuTQ&&0J24YDB~=fXHeDj4KObIQ zc$^2suiPlB4KqdMhnxRrkRF*-eTp>*k@sdQLuQ&v)0XB1eC4edKINj(YTw#w@G?j5OMU zGh0@28QLHq1d6OiKB&y;R}$u(azk34|06i;c8IPTqFka!H_@-Y-^qLOh&5LNM(R-R z2XY#BNMcoXnHv80$>pz}lE}cxlrY+<7x1kbDAIkyPEWE?XFZG2Utby+o znUTZS9W!xIUJp5>XZ^sS7E|$@roh6a27u%FStWOA^)%($!9p$HWCRVBe`64l_-LW* zx4#lnusNMA<~;6DkljI1PF^W1ebgx(PZ4XKn9WZRV=NNW^U(W-_ z!5`Oj2)X!PoWOSsd;-BtcF+r0eiD8cho_|tgIpf#K8$mrJ8$}sjoim8_+}e>l!rdQ zgp;08H_I3{*gv74G|s_xzNeKuI$UrG?yv)P6K%n*T<`1UmV|_uSH4AS(x?d~;v9*Vxa(HYH4?XO$`9-M68ZE`nH9<=Cmx{Kr# zqoQ-vuO%pHR}oO7Wd3Fx(Epn3FVXFlC$xlqFbNRcvFF=xzfXBQXDsGxW$XXp6rHjf zcF&~eu8%cx!DXU~w5=;RDMn_lY_{5aC}M?3`){MM&kzOPi9s1-EL_H_1eQ4rKmWaY>AIic}3 zEA31##+l%lEgGaEdqE|+_d1T0^+?)-mLA_?&D?qwx+~_hnJa)7fkIC?Igf(0r4?Oa z#%*5wRc-QcxCAYBCw@aI%pvIX@#N*^=#_z=!cs2*7ATkh+o)^~@lJgo#GbVU5ISV$ zy3BMNcX~C2Q<{C|_ImMqN}7 z3Qrpl+*ayn@pS&yWs-(rUUIY5;N8xypTzkxlD3Xj-4>a#QYhiEkT;FE=Z+eDxKA@d zTVVs2`X>Uyj}A{41168Lw;t77c%Ve0lo#YQlYUE*Fu8m7quBWi_%f~g?-^Js0t9|7 z1P%mxea)28<@($Md5290zI;738CoEBE-0Gi!7Tnwxd2OJfck5_U(Ikg%2r^lBWNlP zd#qwe!coMFqRrd}@BbXwIhF~B*44foo>|8gJ8T@T3-odt|4NQ~K#v9;YqOlEw{S#N zMknWhrD<|-GNo9xl)>aqi|18xW2z9>Jel=cEd4Fx61ST23C~xGB>J}3hZ#>Wz_l-p zg98D1krAiNPWrq-)RN+9SYkepX9_D;$q~0O%nse&l)S}H_;0-w4?&C`u&1NADhC%LUYUQ*}>O0)2AVUwKo1nJNqB>3{LMJ?+hA0}&8%d^3Ug$M@<-zyvQg z>^d-(gx<4E{u^No@B?`H2r#1~F7~pOEp?j|g z06tnPS!MvE-+;AdKwi(c%dZvDSFXG-R@d}&khl-W;>YR7P0w>G54h*d7@&gF2imMF zAiX;NOt4-pv}idpXz0QA?A@QI>Va324zbo8cs#_f1H8uXeklRsAKvpF1Mk~=BsyXr zl-q$0!m8*zqa0Zq-(&I5{=@*jjH=U9akqz9DGAS>4=opRub9VmsZdE#iDXGD z1#&AvlYbSZm-gdiknqRX*=zBax@7y-h6xQ8XsS`n-p$lhJag1y&)E;YCSms?;#Of_ zO}rX%H>=CDfkcDXP+iKqsQ^t7xO-q^Dc#d|4&a1o=>OyZa?O6&LI6_!pvG8gf?2%v z)ar7g35b`aAsDg^6C7dG;p|kF@Wgj~$@>Ky%H@z!(mHZHrN{SFste~( zF8+=@=wuG$>X*7F%nZ|XX;U~@iNq*o=`$yW__5FyZ!;$QT5eOZ43F>+^Gfq>$3ElJfO6@N4y9O(|8{4lZmhSY7oSw1|2O15U%U1}W`%FBzY zJi!d@!;V78Im#}0Ed*shrX!T(i9I#98j@9-@T%D>HT9}ivAybC78dsb^$=(}+){rd zQMl9$O^FGadgAKvn&T@KFyOgSBQ?q?4mPZo&2;WVfIXk%d0St{afRZ@jEyRUVH)p1 zJ>cPPU&F`O_Co6Ro-f{EgZR7euSZvnMNx8>Itoz{4 zVU>8vlFeA;I;D^csz@b9Y-Mk|KP#XPBG#F637fB*m;wA@7?MNX{nx33pa*7y6bEJ% zh8Y{C6`yS{TM=hdqGvr>Q#wz|mk;f!<_C21YU-E)aGSkz8wc0cWX=;JU}RO>l;vW} z?A=;~MkL`sBpH!3jB3(&hWKtxM|+INI*+q_Rq7g7d!~A?M`tx|v{$q+7e1jFiSIRC zDeHkwF2;Tn-?m7MS#N*<0Q~zoAU{WS6Sus+qtPa(01qvr*eQVa=A~qm1O$9aE z)|5gJ(Y*k-D~;kxj!SXQM;ZMDP$CR>juYd|2%sEss%qm1;>fop;tgu+@-g_T zUECuow@_q^mY<`2&eAsW2bFn>1H~l*hsaw>IY`5?0ViZ3+cF33rxMMVQ*uw5E&PN;Q@;o@<{rw5U(2E>+jf)N;d$T1mc zoOy+j&g;_M9m%Zh;=z5lB@``uJj9RRK10iS;a$>oYrlw_YVuzkcNS-8#kO;Vf8{ij zRD}T=t1e|p+bvCP9nBKARyIYB$b=cWNL8Vk1Y5)P;_HUU38w}qir~Sx18l);doq%g z5mpu2$|y=W>ALyJ3`0U&HAn)(gPmzh!6H53nXi1O67cw<*qNnP5il}X(xewxq9k(R0%H3j7%D!%Vh*>+Hz{P@u1#zBu; zRZbi@N-Au)@X*vqFoPesC&jF&W&dUFn4a)oE>Tg)bJpS>M3?0R1-GIk6@K)>QGhOj6V9_KIE|u%g0VR$Z{VX=X~VA_&*rF*SGfgRZO5Sy?Y(5Wr6Pu zefdPg-p9cq9vZhGs%+OT-*J$?-!<1(6Nycc#1k=X=8g^+ z4*K09MWN%FQE%|AeGs>?_wJ8(tPl8)ATT-*+*#1AgB$PiaEqpr-Tuit7;@Azy_10*yUGI@4x83tcwshJ7hC_iHX}e+n*MfpK(M`gLF3JCRDq zPsiuV&5~IYR{iv})^yP^!+6|?2sqS~XI;AZH@`b~3JusY9 zI~J)5Fi%{O!jtL^$hU>l$Dz5`)2Z7rSzFy>lxAX)!w6xf0H=IKV!vtd5Ljm%*Fpu% zZ(6z#^0iUL!DwrSr4v)FtD7D5^?qUE=I-q6c>DBGnh22Cs|T5{h{CeAN4*y?2GWGmG#81Ypxs;5DdoPV~F{-uOHVq+XECsCvz8efi2HcFNM7#}+~;E5Q_ zo%{YJi?Gc!j92~?$jkoxrmh^nNMP0atE&ws=GN8@=~&5*2hMwz97^K0jN!7(RXcH) z%1Aur8W$jR+cC&s=X^~mXq$bThIR`n+iJA`c~AXlC|TEBewAAy06nmS#iTqB`!Nt~ zeY-GMrXi%EufDuEOYw$v5#>ZK=NrO)=PrPBGFxd=icw62&>w{^-5uBXsY*7`u<#wg zcX~K9^?GQ}jIWTH7JMUvG2}SfN`IJ1Ze||Mk+e9?6cbY0daHte?=^cmQgV0e6ty%i zZJtpd;w3#^l0Y&+5l=o*ZpeR8FMKdV9xm1oVZ<|n<1}iduxdhK=lswT*_R2Jh@5CC z%-91>aun$q(1)n zY7foCU#W!+#%Q0)t1N3tMT4Z&B)&|o9Jo4wLoq6O3x6}_Bg?J^l%+>NGu9Ti(Zo6y z5i@>^`AYrpz-v6t!hgTXRhfo%C)>8a_N{NJ_i+Jyti+89*(we<7cXY32jZMYm$n8V;$k|py>$Am1VZ5nkK{DL%||7 z%r7(zFE48`C`HLsZ#A8GhsO|jtW+w%8WCt+?hG?CDv3YuOo_ut7oR+tmU$%r)E`DO zmPySrhhhn?-YN|U&v6WFRqr+qpn>wCo--6rFI-4 zTHi@^ti%K7#^#oGrl#f|otuU!uSG)!Gk_2dG7~yD_A<9@>IPZl65p#|d&O)~4kCb-IEcop#ttzQX zx$v-<18SDuTiChrCc&TVfr)@~k7FV4R?RWC^4^F0vF&Akr7njV=g?Ske4MU+f(Qw; z0A(vSjr8V1XqH9NZtVss&Hy=H>-wY#b8MqiB!AyC$X&&8pr!zg4&~rL=cv zo_1)Vz=_Dn#J=xEE_|QBImBFhrK%3Ud3$O`5;cAgP?#8K?w$jFm;n67+PXd zauZ%m=9=5&6oZ-WlNRD+ztI%oUV=utVx7I{r+zXshLjKD49isJfwdHT_)+0rhNH!^DEN3feS~eC77ziM`60 z5EamGXsk9GCODqxCN{?AE7$AMkS{hxI1D$)x$dO$z2n$S$e!oZJ8B$!adr6zfPNs5 zOi2+JAJf;8bN{2-b^Fmj!2Gm_D#eczR?3OfrTE1fkBr14MACATJk$8Ojn-$zT!6lgo!rz#Dr<54G_H=A>kK+1Uvu8La zeE#vSMdKBQ6qK z&HtBX3w@Uv@KN#y$OnA~-3Ov-CU(~OuP9`dk33->74Txtv*Hvi?4Y+=x3gPv4%#Wtaz;EIELxMu~6h?y#uNg>JSC$!$|Hb*Dt)=8De$rEh$cI9zx{S z0irLwF{qzFOBpmkdskd3ZcZ=@TpF?L;c5~zg%)y0W~1|&^ogzSW1W+y@vGqM3{#=f zMV8y-UkcfN>FW3TGC!<|CHD^L29`IqZHGvWm3(1K?KXe1E-t;7K5pBYYGJB%QV^sh z)lV<#{w#t`@_i+Yg;bX8X?-K9URt`7xo*Lj6J`zIx`tPrpp`&lYNFlYvO5$-2~h;^ zMv8Po@G>kJ{o*vO{C?x00s#58^X6#Cx7y5EDA%92p%yle*tH~d@PsR@BFZEjHJ|A3 zddI}zL2qF{Wc<$3^@a8L4G;+rB6HP(xVY3oekEAs7$0;TG%$;ofMO2xD!3RmT&48< zb8wGvbFy>4aew(57}~u(MnESkZuxhFt6q??23)@Oo%o8Z)06Rfm>!YpP06Nst}QDZ z6C*O2187_F!TfrZcG?Gm(G03#TQ-SY>t%LU`7CdA1tj|ZRE^&x9o*4lv$|H##T+U~ zmec>pxt5dH?S8xOq_jG8p-mUpeOz5oA35s}VKp9;R|9&a;Gnhue;CP*ax zaMfufX)*+f+k9`<2a%iG!#ev%Z1J!R2NI#7BW^#@WhT~1HF)2d$2915+F40_=TglG zShw<@*4?LUsJ%=UqcM9`1kF!oG-^25UKW-%2GC6U)i}y4ZoFw{g9A9Vx>PNcM!>X0 zlyy6q|9xsH5Hqi&raU+nQ&k-HM?WAvdK3;Oz`c(KV%te)D0OBiDlogI8lqckho2Vo zN==$J04ACH9gww}`P%794@~I%v9v*|!toC|=gn}k($lcP6tgH`h`BwhoCGX|1|Dlv zHmj9Yi`1(X-b@xHMQm$S($1ZQRbPA91v_YIv61@;o)^|7~0&7vCNI zTJXLZp+srCVqV|oVN9-R4)!C&uKDl|Z%~q_l3%1DFU)>RN$)?DkoXI&a`CxoGEsR~ z-F%S4l8%50;&`y{){QVdn>8zuOJbf03yhJeLo9Z5P`?ut`MoDsD>F**r%CdquAfT; z=hvScba>4t33iGJ)L-hfoFO?cN@Ee@oHx?Yvsp1#%yIk4ZsOaH)PDe9l^uJ{w>p1r zK@;V)pN%_q6a?T_r(lCc$@y?zm(cr^tu>R=2oQ5a@L-p#RF?GR2Pb>Z8#hQYME&)e zpcT-2fBB-o#o6I&^~@If1`GP)!$x3Tr3H`V|54>gh88=~3jwJT11?9^^0XKxsw|f% zhS@w@kJymP@%L51wiZ$r`FbvHqQs;gko?K`Fyz*(t=ZkGSg%j$7!g6?;XFeSSG@bv&g%4AX=MblXgzL7{1RD2j@i>rJ}8aq4NF!<~pYC!6r8tC)d znfl8xnwpkPha5$s<;OqciV1G3OsL+$T^4CBWv-T+`2rf=?o&q^AB`xETGu+?G77w1 zE}cz(y@48xck4H?FVEg{QaIfsQ51-5ub zaHB9TawAQk$0nf95$H{KqQ-AG_(rDCQ+iYQ3HJ50WpVv??y>StMoaG;Ozw)jP zUu|VTatT1V@diMIZrOURTx4E;27K-HK2sP-ovY;dL5cVy43qz1)r;c7m>7@Oeujhp zK@cRQ7iGtWS|Az3Wv{0n6r_jaC{L(}Z=xqPhMItDXcW`iq+tmg2lXP#xbWm$j(Lpq z@A|nkZDy|y3Kw*^#9v zWB+o7@buKgX!i;$Wtk;=F+k0GNsmBbtBb_3A57YPtkm11XaMyVx?hJ?}^0~$>Nx|%$k<*6h+BsjI;eix-@?*eYit6GBJ;| zChKX0F6qx|x`b_+md1Q7!@R{S;(=S8?m3A-olfufyTihdmS`u_LtaVXC!%qWvAnIi z2<7jlltzz#ao5X;=PL57)zrJ{ciJjg6b_=*b>Xm>U9PkTlKNlSia$Q_^*{s>yL0-H*TQvOnCEe1{R4Ns`g$n~nB36mvj|P3 z`X+p8z|~d6cxGR1Mfz(Z?~UYwWPUZrq{%=mB~b#1kn(ZqNef!iEmJ3>PWV81Ok@fUyxQVDd4R=0qp_dZS=-wR-Ei1|(J@)~?P0-#9*xbHtI~Jx0qbzs zo+VBm#ocosI0US-16^nPj=2FZaM4TNmLP!_CfX@cH=4vTBRfI&FuDDOktiyc$Vc!* zc^&Nb*2pgHlb(%Tf_IjUD=z+4nQjQJ9U(_2tOjy-ube9`XOI3%;mZ?87&N0WZeWK@ zl519d#$edkWy!h%r4ZL}k$q&B$1Q&KWNJ6n`{rpXQ`MFOL@KSars{0cas)=8)r+G^ z4`*shj!OapfgSY!Orr;9cD7ENkDy zBWceA#8RgdWv7IUjv(6g-7*YdqjO1CA5id0rcLGMwm@MqAAU(fL?=r0RO&l^Ku^7RWNSP!8?d8}Dy zufR8vJm)f8vZD5!C?O8m~mdH9DSTnIpRV5BI`q;drt;$UP$c~c!%^LcTiKWWo zK?f^yT~@auYUi$3GI}RMOAihE5>@kU38kVzh{{e3J(-=k>2e0zD`Q>7tj*#dE895E z6JF3#yw?0>INRa7Z<*84*_AO3)PK+I{p|7i^?p0@y2p0|*b=X?1-uXO@j#~W43XD- zYx{IGS)prfo6sUMp^}k2gXtorlaUzoCp6D{VPqIxVuEZ}}ueVwTG;93@% znCg#sz;EsRZ<-}ijn2t9XW=a|EUsiZCPrx%Zc#++5tcb|nPCGLrn}y-MBaVGrtEC? zTTuC!WaF|+0W@=waImDU&b$PQ)2H)Sne5@QFHPskGx|9>h{ZIpW}C}5hZor6@mdDl zmUxSJ?(qo7K80#NV&y@v?(B-G)s zD@VTqB!D_vj14mlQL9A9SRGI63sp%Er_$16ZY*a#%7jBQnu!m z8#Nr*UtFxs&hCYgdW&;ez#Q8kvB5Zr2=ZSY;~wXXO;DHPPi4o_)#_o|Bui~cENVXS zXZs2SzE*TFF!!*VfUjRu=PkDPPrSCeyxrgTYN7t+ny@*ATrW7XK0oYWXCQfC^DUN@ z-7TgP@TL{>jf+0{>5o1B7<+}Fc^lFqlS>TG)W#h6(RlLulpQ1)uE?{h-c`d@JD@hr^{B zJB~%{QUBv`>0+Ki6CT$PRwKE?J(cNQ6u7-Va`wN|>*pyA>>0=y>2K&4mPy(K^k1jd zlq(*{v&!|q1CM{v8<9JL$naDjm(@3xBPV=Lee&hvhDJ@*_wJY44rd8qA&~^8(Yk*B0&oWtCuO=?ES0rabU15f`@2R_HH!MPED4f(VC@Q>i7oJHeyx^L@5Uz?W{`8#z4THuH?&i?c}7!T`DL@^{K^4pVE z*|^G<;>dcYJfm}*b6Lq~ef*yZ6S?0hllHH#%&H`-bIvA3j;Z2lw-ZV%v??W5;-{VE z6^mm#cIIh=x0B6swfnBT4RF}WfffFLBD`Xgjs9&;Ez4!dbIj7>4Me03O6F&}N=^qF zT(dK=WKDMCHTKZqLal)JSQ)n>a3RweCE0WSX+~)S6ulm@7{zDBH&%;{Uj6Jtk~ljN z7Jo9}Y^z{S97LKz6Ca3NuE?CnqE_EAuHw&$2|Y}_p-Ar7#1K?qx=(?2vErE1UO@7K&6?P^CLvf$M5Vl^aCwvvX< z(Z%r?A>(GAXb^)@mqvgyE2_-!>RmxkNj=J>YJ;xerRNd}PLBRl`028aM+v204fIAI1A%Pn{`#Xz?yx5o;{6@69#!t_)uS;*D8Mw$r8ox zsqhtNqp?_L(E)8T!89;NUM{#f=E=_Y5ZuTz-xWO7z^=WwXRI;sP@jDceplKTu|dU1i3k)1CQccQw5fTIfE92+KLOjT5OfT~|L}zTU6-w?$XHzX8~4miM~4 zjTvs;4Zunn{&yvNL`B!>xl}tUebW6+GRgCNdyClH8&SHar5>62^rulX6Dzc5qkyRj zH&#k+DR{gpI?og+k!uCW+HXY|heSzybuQX!KH$!B{Je&Qiqz0CDGnFrm~pdpE_WnG zhb97L+M74KVyd6D*_d1jywySi!HNh~3hbXH3uB$(RGmYMU*;cY=xU21aE z#`Yn^GNuEH4*I#SFIyWIFB|8pm(#~UXs$z)_LEqsb}>N_%w;?1#V9!@C#G_#0XYxW z$O6{*RSNeZt2b6BzRs7EJ=X_sX)fe79W8IJFWdX>OF^S!xw?5e8Pf9;PdD$Uoy*7T zNl`aDBvM(Cwkm&_Qi=q}*TP)iA-}ckLOfdl4xYZoQr!=z11PqzSJ+@JUK8>kg@VWH zGuR2-5+dWt1h!SVu9hM{hrLQnC;3(iW0jkV4MHH|>aYd8G1rS@u5uwE2X=Y4b#c7E zZVw(>o!Fu~mKX^{hpzQMZK*bD1$<)!7ucPzC~?9H49&kSOCBGF!}n3*6_G%`NEjyd zucj?6^<-T}p~eMN4W%VHdJs6`+X{VlHg0d=%*=>s;DoPo%wz&s2J^a<*sZ==U*3iA z?lAJz8&eEsf$x!eXOwT#{((yRhWD|{vwMH#*i#lSFDUwH;lSB#CmUW?4i27HPA4zW z>*=e^i1eZsMCUlo*jPC^i~et5)p0!jgXc(ey=X`3KTR;S@n#hPq`3D+42jS|`vf|; z(cRO~-NW0Vm?v(jzT+ zffzh?$>r7GcJ3UNocOr8_#bv2AMCjeH&_P~DRgaxUhH|svVu#+T^ z?Q4YtF1e-`hn-94b=P07Eq}m)VZg4|VH;i|q)%J>YA(;*l}<+W>U!vOJ+p(&?mcbg z@!{c9HUW;kj*Hyl;-}HuU;R#t8XEJHo6pzR+x%6>an%I{&CnFfU6U!?Y*&2OA>#DrPN#KZgD_~@;d*@_IlDb zC%0GQiY0-vID(bxNz`3oG#kQlm2b~{Z3pS-a%nj42j4%QD!Sy{Q5Pn1A{@G8ZZx%prm7>c zSRBhvcigKXwGr7K?AqSj{R^-102Ox?B3#;LfwIQAxY}Wq;Lx5a&nS!4zs|?}UdO&| zt=Z=I0xwldrY8DS{Z*M|LXUA}rQ>Syr?+Ny`@->p_* zv8YwX@H&J*RENrrYh^`_}#U5t*gky8mNF`gU1N@3QASy7bS^@QBk$ zbE1u-RCcQ;cMI3h3b{}eYVAbtSGluKx^*i}NcyQG!-y5A%FhYd`dU196PG?7#wj?4 zDbbuZ?i_djyjaOJ(y5PSj+IH~O|*ZLPwi>8&Hj}E_VYOPoWtxL-?Gy+^R|^{l<<+RT}x`sd{;<(riMT6{7rc*olDY4`5R#P1Z$d4`s4BkD;HKY_aE7n=^pPoPVPG8TpL`1PA^v7T73Y zy3zPwEMUW2@xNGrw($R9fu%a9Z!C}!&|JTSX41PNKY`Zbqe|A7E2MpFM_8BDX(EG* z`iWwi#QeSY`_vML>(XkSyKT{tj&HK*BQ8YVo@E z2|DF@8Te_Jh_P3^0Z4INl9q5x`T8E~D_^fe6RBRZ5ZM)nbPI9j!dgQN;=HouTnGMT zB6Hexq3XT4K0%4J=4^o^<~5ShhX1)@T9y*xE-1ykAmBKxL2sD7iIZyj5r8?e`#|sK zro#qVk4`AAUhOyPum-goE<0v$EI%e}?M~M%ev7p>&m+XzwobtxZ-}gpo47y|4F~)Y zj*u24A(?v_Dhb8x!}=EmFCWDIfK%&6$+@>;3^wG2=|OK+VzYuUQo*6sz|@|L=dhmZc`-=hCv%Q$AEfSM0iLgVPqkR3oN|$p_2$x0W zMVTv$3cZCEa;wjKOVLXkI^{v%o~L$FwQCR19l(AMukT|C`Pch%?Co|-{MU=b?e-=8 z)e4;yy^C{syThNS{+IcwfVvh$LpElzW&zF?WLR&C^=tg48OkXV=lZBkfuwW1&$?5; zQ!1AldWolq(0&O0g;bY!vK=r%N@PV1m|gryub65x5T?FVMzeFMJpU`90F<3__~ld zL`@t9@~v&ZX;=Wi1&}V2Z-pG(km-9g-sUC|uay?b-CG++IVh^0Ymwr|@MAteWD*QR zOFR?nWXkDtm9YtvNOo34W#zZ%VnSO2`COIe!}xJid>gH+elGhlTlk-0f^5QSo2^uh z*M0cV$r^+GOQBKQ-k$5C4>by471xyYC2`-i*Ef7hu<(N|mSQ~ohu$?ieCxQiC* zGa5;eWQFAf9~;ZNO)P^=%JqR{60S&o)8hE~mwv3gC`KEqiYCaDHv!K7L(@BlNAi5{ z-?43D<7AVKGqIhGZF8fExv_0)W81ckjqQ!?-@HHH=lN@@t7>|#sjGXs=5_9KpAx87 z!CtTsl7e}zMwK$BJ&HQws}my;gTlM!orL}|C@<*8^WbD`oQdl2`tum<-7yEF@h=y% z(_Z=#EZ~2rySV~9^+P|lt@0q--;0$Ng066zdKLt^{pcBFDD5;h!dvaA3#l4b9(Zgk z8wZjP@e|NPWb1-~6ka1`!YR2uMT$i^Ck(pkj4z$98*qw0if^hnR|F+r_i-d569uk^ms$H{0) zMnPt+e+OF&5OY9!inm4;%Q*7iPgCdC>DUy-tOgW3&1}O+W;XF`R8u|j0uj?xuFFH?fo&b(>B#(8vI+}F89uq`oo#miS@>Wo2`X8V`V=i`3_w`uIFCmns5 z4S}m9PC?s9vLXV9HqMM?!brknS5s1TqPYZ^mg*<&Dbj!hAyU0ZtE68(b6C^IYX9!q zH;t|R&(DIyAKaLv{4ON1Rme!z|F(VxkAd|vfcQf1;E!*ttuZgR+d!x1WOLhnQ>C-7 zb3@aC@22f+RWbGiZ{VSO2lkDJTWZc9r-)-%VKCQE3k%qdfSdIdf!j$r*5lQ<>qD)k z%nJiY=ZU?SXB0)eS6E^8z~dX;_3`7%xgNSO5*q5;>6j&6i^QmTf(ea~bks_&(0u2z z<_ivGBEcHxA}ot-XkK)xmA{gol1|WM_F%5JefU4~&2piW69^2jg8En3Estl#OC>d2C#+$Ji4pKWgI3z_E})N?#;z1SE2c;xrj7x33Cj zCTWGI4`W$)rxZdqY%2`=e(5~+^k9E&w-CuQapb|2dsC+1dWYE9`@UF*G6j&tGCVs% z*R%#SERB;Oh$awv7!5&c}I}xx~M<8WGi@2a~WIqE&1f@ z@HX_!+VsN4Z|!aS*yF9{%Am```>Q9pG5>A*-(iLertZV##Ksnf$ETWOq+6~jDS%u+@}RYnc1g76;U_)r5I*2nU;Ea3@*_Gu=8{-3Zv(rd)o4Wu+jila44)RYCFjW zc+FO~^lf^-I8nXgVdd5E0ZM`$+1ph_b8;cu*~b)mx+u|jXNZxxuM`vC;>GjK8h*qP z&+&^sjzJl&d-t3k=IS>@l=^DllrPH(YVCh?iqc0LbE_XCmT(N5b93w?Mu;H>Mj^iYaXWQVysmS z#5ZLN@uHdAq_9<()==ohz>bYt&HR0IYEEo|si0STd9vnuyG#d^c{pGnmvWIY!>Zj< zp3G@#&-+wc4E~)bE{w|ecMq?09APbV2(s3SZXw~zlMQR~hMf|tXziE zyQ1X>$;DT5LXIE!0nuC>xV&FMcY86>2;kZg0F8cMy@OS!e+=K6Wdw6SK?L&`2^u^N z#uVw`T#ZQn2}~UP;F(}7k7(Hq?=_o-Oibl);-8k-9Mo@Nf!026n9mhE)K1huXtMn8 zbnQ^z#Dx7s7tilwLUKd16c;@pP!881Nl`<4N0MATRVLqVzto<1yKb%;e|&9wr~Q1} z`&dqK|8d&-!2_`V1G(02AOQL03dvnxBlT(atHOESM7{M7{`fVRV_b4 ze>0iJc?offg&qeNEX1D$DW-klhV4a0jx;|TuR-1hZ#IMlt;zqcDdhzl54{ujhi=Gw z4iYw$Mp7?!@(5VEeZLFJip+=i}t4!y?+nx(=vSIc|PI8%r66 zp(lFd3{F0?W%UTzhanpvga%h z;^X4MT!JjY97X|15X=V74{hLRs8>&KSU*|zo#%Y!?!w)IOXDaW)bh9jli1!q9oPw6 zcuInF;T5w+r?nH|LIYTR|Ak+E;I}Ij_ngpN;~lr9W@dvj*$D+W3QbY z!=N;Z9!+a*>8609`3g>UQIIH?0I#oDLlBb~M?-w(Oqowb&rBV}CT}zd29U;s1|{$j72uI! zfL1?Z-Z2JLFHUS+IenL+eSR@S6^m#@BEOdQ=y+0hZa`R`}F0cy@w$^h=bX=r(fd?8 zLEumpTYF<$4{(`c8>g^L!t34prA3?|W=Vptv6);54=vsktxXJ4;P6qd*SLwxm9;ip zu~u3yV%iX;GcS8Kvt){+FHzXsrn!{7SsQnFy1suOdJse=3wEMBI`}b@BQ{3b;YU7Z zbgrbk}@p2%iI0YBs`?N_F)BR>gnq^$vd2oi`&u)V^hEJJ6 zFxK`;K4{j!!72FQgWoIm`AgxajWEunvL5YJjd?czAlB3vhjDKuyq9700s-|VA*uk0 zfEgI81RqkH5#cG1G8Cezk`4C*C0fPX&_hxUS6?t6Ng92D4XSe@i%;qZ^{_!DoiG^w z{SZ>QwR*cFCr43rPGKd*PvO8kSQu+zMBqT$#6ajH|36G=V3$V8g7o_f)H@~PXjR$5 z=>|lZzb4~m0L36*1O+$Ol|nnTaub9dZ%bYW5aJx`Gh*ysr=Rpx1KJ&>GsG@Z^JB}C#2p-cCeB%)oZg$E%;*U3NuM3l(& z9qU_hR6&6p)y;z>{G6q)K=G5-rO$&<;Wz2XggMNKC^dLWs5O+b6E?5nS{rgE9b56~Qt|L{fTUt@nyFkc}JCU|bfgkK-C%K_h5%X21w872!XZ)~niab?Qhj)~l!RX5ZCk)P?)uqP+)z}lSM=0L%59F*& zWVS|ZR*%ZP)P4u2T(=bf&CG_0l~D(7vH_nXeK9~}To$Z9&wZKlFua&_6~9RsKhi~W z9`$or#>&*91+I|T5YpCiMMOsD5_&MOPwGLUy<8wcrgo!~J1$g&PTT?EfjF(xT7##- zZ0L&3897k%tZ=Z66~7vy+F0J>rLHb2x&H2`_o+!O>BN7oxh#iF@FA(~?C<-{RsELc zku*gISF^ZVg&zHBbnGrWWt7QP)U&j^b=^KOLrba^3V_VU#_cQ`X_w4jFJ z*n0DcS87@%EjEb}s*V0i;&K50i`4CX=SteIUz57=7#wsSRzIfR0(&i%W%rci9RI7Y zfCQyPhp3S2$j~DR#zK`drft_ zb2Gr`KPmFxpgHQt_1@dr`P&!fw}zpGSwN1uK7w{*I#@b!=`o$(l+<@fjX-nYS1vDO zE?k2k;#$%(k{&$}5e08x0j+m&Aq|CJ-`!vp^6CX?j&O1|r?G1nPH0B-JO5q`?_VElT%Ukpu&8J%;SJp;_x=A4-AvyKV2{U$u#HOt@VO0)3lp7=C|1rGufOv zEE3wy-yQ3UJxW2JpOWRa?sg*HxSCb8NMZYr(o%(-7$y_(Ku`V$M`Zi`ClhZ7h zADP^D5S)JAZ7YBcBb3jCjpl;CkPzY}4^h})R=#T`fLv&oqnI)YmAHm{XkLGprR<}Fk&b4taP%Qxq7#STT$IbZ8oXo@Ih(13k&s55@IrJK z<-daFXm}XcOr9odlT8AEg8&A4SAlBlP+%ai$kA~N4$vatEN^pRIZ=Kt59=!PP$Y)$ z-=&4d*;Ro5n4^w59&o;H`U9BSvFr2TBc-5kO=0>&S}ns3gsD*q0lId*BH!k-!(o0q zR;5QDq=OGBKn&MtH|^oYLUO+MbIaCY_S7#58C!rUMnRgsEB9X?B$ywkVifQK(Y8c@ z;w#Y?K}ZgJr>qmp;E>&yJFG>K4s*s20UeWcsw7UIMI2zDb>Q84WmzUu;rD4$l{;rd z344%OSIg=5zR4Ei=)Fb1`w)L0BY;X}2U=4~k1hMjk*YFle9sOv77$Jt!qf~ZsBCl=1ssHm89UaGs zV&mAn$Sk=FLE$;r38JJCZ>%nf18~8`-0Bap9CjsP+jgk|hd2@kiOSspuv@87sq+je z)BOpd~s=L65M=m2h*F~VYW-sp;1~YGFIrcGC z6&ME^E&!zM&K=#m?Y%_ChqwK@Gxto>dbleLeLy6Rl{&N&o%Ri?Z@kK-4YeP73 zgB;k_EUj}~D5ScyzO_s9H0{gp`qQ|r?abB`P0h8{!zg-1>LO*8G9I&V$VXdZZZ6K6 zk5%8r%h^yqeMkU{A*bm`MmiObx}nEr0#I0q;Qds>M2DT$)QEM^J3ww?Ip-uPz!egTxI{*IzaFxT%= z^L+Itve~-#p51c>a4K6D*S*(_qk!U~V8JAMe6MX*DOoO@EJH5EMlIGAUk;AtlqZU9 z$Em!Lfcer4fjR>ati?BaU+@*9{VJ*%x+4LkQ_k={V*J(&nn6?J&|v`wF2A5EqaM`T zDGy{&jP9Z{ZQFn6B|Np=9#IWFUn2?#&9v()C7YKui27%l&N+ZzI7+IBg?5s=#}bTH zlKQJf=mX_jGB^}9tUL8bfeSu{N-l+gM3sAISDC!=Ny%+M@pHS}Y{=BnxQEwNNa6;1 zp2r}rWLkiYmRyeOt3dl@!z$lb1lhOG>|6NXp$U<{{gXKVODeeOjEa+y&onZZhCmAw zAww&QveS+WoB1=gZ>D1gT(u_>W7k`8q)&H5puzmduU}V{qkF(EOo-=ni-{1w!6@UA zF-DG(Y>G0J&kBd*mv1<4##-A{m>Ehtg6X*D&Hh#?RoxhFDpZ@_Nx?ffhcx$%H}m&& zT$1}kzDk*ySbT{bx_And5{6zBID%R@{^D+bA@|IJWJcQs7b|BA$I?WOOo=^$QJ^MT=okGhm2-$H?n%bUIvD=hEsI)-_S%774JvJp zXuIW)yn_|z5&fe!?=G@k`31xCxJzzwi5q!iU`--2wFn>76u$elL z3N2sn@JKlO)!?Li+Q;=$%vq{)v&hmh14KANmH3My6!7Sv4@4usEuQZ?1q~{lQ1pQ3 z+x68ksczp`jMK{pH>D)1Nbvm#qq%4tBv3j9KvpGaS16A~Z4n#*1A;^+KO6}L2g~%= zIaIW<3}OK>3;))Rs9(s&_&4yhzugL-9=6|l8-t3Rri+akP`G|+tf_> zkS7q+evC%CM7=zkn^Qb0Ug@-ufC`4ZGl(SU2M!~aOr#X*%eqz840NU`lcSx^+A3&$ zn-+m_COldV*_cgg3!Y{&*lPXW&Wi0$PWkaPQ^=D9CpCE>CO=UZb1(-J()?r0wIg~l zOy>1U_+uX*S-Lx~Eivw(`8SdN?;z+EOtXh_&EE;TbanZoMwtjs#}mnFWF*0Z26W4M zMp>cCQlSciC?;!giSA#C!<*_YvrN{|j^@)8en-&rm*C z>-foO3H2vn=EGP06`}9=tnj0J^gs%v!0H`B^Ps#(lyXOuSLNJ^^!6)@I{WZ}F*^rs zB=oV{Br5!{$RolH5QZ0d<5ru)sev2LaI$*jQg zMo5nMh-C6o?vcb=swnwX7KC|mbJ;SpJpyGriZzI0n7EMTEJsC8E2;GKX5?>e!U)$; z9*94L1Tle!o`{+bK5dOHGI|yDmy&IW$1E9W5n%aX@&FkeBb_)}W6EL@WBwPo5$L4( za2n{PbK;{QCp~=7Qb+hkqVHF7N!~@EJ5Hl;LbM0T1i+9F2fa`VlqX?NvYg~&W+O@Pd;n*%V( zAvo;Uh)p`5E}sF;-K~0J1Zf)^`~Zn}WI8`|F&|)qtj56@wI~jcXUORN(5LYrU;k(4 zZrwXES~55-uOcJ&FZ#^@rLa42p)B$_03U56xS&{PhKTg;BY73ejcLuaw7W3e4`Wp6 zzLH9)1f~tvLJn$uu^SGQS!WM!ZXp@O7Wh#mQB`>=sE;S3S~SQHlm1%C7*+c3?@i== zWMo{BY-=Nvf&QF_E`F-&&*vhyhEOAbULuO+J38s7GMxvW5IMhWNy3BhthwO=_{b{P z!8*$U&VSkx+<}lS$PIA3L@)0NJLix!*5K^~0(tB~J z=v~7kJlA|TD_^UkWTmBCW24f-JAj6q#n+&@K4ZE zhMVcDpU4;+#Sp!0n{u+q#0Ld!rAn>orN37tmXH?)h6KrwX<=<)Fj+_?!lSSlAkiA5 zNF)}?5eey`hnfE5cPM}y+7IVga4BY&zgJFDm!Q@iTFCCJJZ)be;1;He$?T;M#R6_@ z(pKx-bs;EAc_$5-ObA@YiSc`|f-9+1q-B+=f}J9$S;jJuOZ$?4&{FFAY+kn(tC5#E zmd}T4h$a zwybp|523;nd&RDtQc0K=M07$`1#bZ1QbNU%Mq=pqsM4b#gPY2BUd%XE@;n*vinJhF zZcl{JGTqrfK`gaoj<3y7)6xLwH9-D(BKIKqxxYyrNxm-(3OJYW@CMc>7N$oUGMR}i zdAckavNJiEEIzI#1X93OC3bp8rB&*Pz!uVrqhBc@k=hk(2pAGL5}+U-ud6VH-_LV_ zQ-#c#a-#)Eajqs4Jr-3RMKTJe4DXGQt?X-fOJ zNyQrj8}!)6uC9|*vgHQ<43Dt!U&)*|ULmzB|Eu+`WtYE4V6U{T>R%ecl%`Dsg$ywz zYebYvBRJRW8SapKs1yfPf;Z0M7nAkIQYgk1^Yrw0Fe@77GO?lPkX*0C>`=$9;wkDg zf23qMt0+qt8opC{gahBj5ul+p3W~QVFa!?g4`5XGVO2>}pnNK64=%{8kmu{r<`77y z$3$I>iF@Jw#+k7~5QU1O5z@gFF0?VLz@(q9z1?BjxEPcMwgMK!rpleEjnB&3 zN;g#$Xw%O%p2)K(aD;1;&(pC1`Vdw^@5-to!*`4qH#kPz!p3LxGty8BXCIP$66|6` zbqDmdF8LjWr*ru{sJTe2+JC=E1qiZC5Gz47BKCE18H-DZoyI^Q3R|$Y!KJf@;;@9WI5SFH;m4$YA5X zHPMh8cvLZC4Iuq(w1!R?DB~?P7s;4E=1$zPA=DL`V25t(@?au~lsU`J$S zO;;=7ye0MK(}fmBrwrx7<)qvn;P7*Qc?egtkC#-Ov+)V8YdbKfG!#y7^?)3;a5+no zbrcKrrpAqp@ignd9FvJd-Jvf0yZ6`n4^Zkm$qFQEoF?BROEPW&;{Kl2A505cTj#$5 zh32ZpS&9JhTawCGhnpKTBsFs%8}+>gStds0`wAgt&m6WrjfxTMLdYU4jJ7*J?ZH~4 z(}ihJhN>Xl(TUFqxml}@Jk@*0#2BY+5#ocN9dE5&--*2-w%FzOl7w||lNSf_!@QJd zXEW>0AKcoC)C2`p1#>^Sf(AF_c!HuzSV4XR7sTVLWB%=}AXEt8w+f>ubW;5Vv2zsB zj8EB@yVzH71XoJxjCdxMQ>-ADsW3(6$WfpSY!%vrq&C_OmY_!~I+)$?%Lq8yEjA^{ z_=8$?zOh8UbUv6(7Vfk;8%VHJm99YN$CA-!BUj1;4tz<_d=-EmpEa-_f>}g!WC5qU zHL027pJK$*BSUfg%~i&6AbrR<`YI!huH_wV*bh|GH~FJCHEg`gv?6U%sxW7eb$ zw9z{hOcWfP%<7kn^JJThA2ErD;?9opvhye+zNjX=6BBi}^jDx4jr&EeCMk%HxhtX+ zUquQbF3-SEr^$&HaobKInh#Pf|7oJg1KWJt6V--Ey`0P6A-x=qzVWWi($lEQoa&^Y zbrVbMThdO8hS0o_+$iOPJ8-mJX>yME4ShVH9MPhztMl-q3!{7Kq=}zqp#o!ycm?v7 zJ-hG0Z{w$hgYEdSGtYwdqnb*!X=SfV4Y7j8PW#GM34_C?4ela#>tz$^8G`Q98orDC z zwtU5eq>EG)UZnyr;2Zs43p7nC>dLR|fJ z_S%lK!vFC50)WbJ;=+|}czoGI5=HZiOZRDpxS6o}?HIEIyxQv!ZykB%<1Xexs>bX1 z+yB~$7a`}L+!L;ccTZC$uFJmryRB2xJK8I5uAbv-Ay2>DUalDcvrGiol89O6_nu_> zjSa7*(e3m4f$V0jL=T*{Zwu2^Eh&k-)yUjScA1J5J8Nkc7ms}$15Ghr7n7aqt%0^~ zUUM!!zm6Sj|4z6T#a{gD@Z%u1wP1ANy0Bi))<5@LpWa=o?YU@j-~hJih1rtI%ZNBjKYM9+{Y`XCG+HWN~-h~7XWN-Fx9!7dmBqZ?)dJCbnHQd!w z)of_BnW*@-Z8}z+XYdX+ARlieSGQF-a6HcFMcJs3v~Rw=Yq-tpIdth?y0`9nb=4e{ z@itIrchZ8^JEP2%MH5P>!N=hd&TE&UylRz zs)6n5zqSAKzy9TQ=oO#)i|k}Bl9<3N5na^Y2{-a;*qyTuv=zwfC%v!=#**!2ZYM~) zp3J*w*qxXE`W?RXWNW<6AUmV6;NJ9gS*nfeeNZTo(>BR16g^9%7# z_bmw6FY>zwKGC6$h`Q5NdtFj@Vy*B$Ve7|KaD?u*9WG}WoGm$QI@RnR-nVa84@{i8 z^n8S-?zJDw4^ABKemqj@N1W$$VE!0x;?CWpTQFF!XzlR*1n0&vKwj~=X8MG@uihJF z1y~M|0-iHS`kX#!T~U2UR0y{wddk0U<=PoOEYlX(NGGuOJo_0bi+7iejbKe9`0>C5 zb0kANsF+sVXfuYv3;T>Y%w+WhBeb4~6*#f^Wcm%p0CmW}Oc5#E%kb>yfR161}rFJnsj zeT3VtG6((HsOX=9=g&C7V59W;vFIJ7xKTc;4!Vt~gv0EUcvMb4?Dzefewyep2fe#tiZ_QqX;Aw1a&mHgqQbvanf^P%yy?(wA4^L8-<`f<#; zd@Lv%rAV^Zu^6ujK1+AUWtwV&(_4t zs}1h-Kz@L4#lfp9N~s%jlCBAD20%LL?o-mx8+OT8$RrTBws?6W}8>m!*3i8jbYKg8da@7!uIN zsR&CsuP@}agVkrFhnpekou7kz<_)R{)T;pO#V_Pz0si(=b@1+irQf;^cbrEm+f4N; z`fzsu_1VI)W3!@ytQ_gReBDP>4z(S;2;u3sCGFfelK4|P_sf8c>^D3VrPnTn3%>+O zvZ4;2QAla&N8O&sChqT>UL{C&QlCr~H7sAxOg#l@mB->YI$^-5D7f8`|MCfw>|AB#iY zrre4k2f7ZWZZ9mB=}gZRgnpX19Z*?P7tM&QdswA+;&le15--S?9kv8~ZPg1e;?z@* zrn8R>62h-9=cydkmx28wa*W__MmPc128^6U^fiPfaPP5U)m$32E0qxSQdf&^s+qLx zLhWwO4|aDq&RPZ2LI0=2G;xO-$bTop3b!x9nB5>6tr8tLlEqFh0@j zepq~0k-oHmFRc{$pU^=x9>zWO1!kWKV z+ZFZ^YM~L`ra0CirUT5@5kQP`-EfKtd|k6#w_&vZ?2m(EnuJp;?PAp29h;2SUCc!)MYgaqV~ufJSeYXlowmmar;{gomshQbR|xa@2-T-6j9{R zLuk{>>s^u#XZU0l32ZQz5wD3>JT}~ft*oKS`(4SG%dTydlwGLw_SXu*WmI;Fg;xLZ z@94QBXucrT(v9~&xw7_tZ`%Gm8VqCv#e+TdKY2W`lU`tFpcS%OP#S!aUNpQ~R-fDr zpik*B^cz-CTk>}9Qu@>dJZDQ9o>(VW4Wl7f^#DGrU0N?8H%wWz^GQ7di}B*ViY;dx zBjq{{w1FPh@Z!_Fm>HC9se+#vl$$C>lCoT5lu3!B)aH2U zX=rZkA)PPoVw{h)3_b@sL6nt9Y1IJ+K|F@x&Yao7`Nk=~)HUoV=4e8`Q8FKiWh|O@ zxJy^ZdGFA6NwSjFTP}ejh^KA!;&^W%Ajcn`MtI1xqu{Qco0uH2WHjL5Grh_6<{fu|F|X< z7;zRRK1~VUvXjem!b;;g4Qcttu|RKlJrfvtmw1=^nEG2q{)8feug%cG5*D??ch2ht zV)PBMj3P|b9oaE&$>R2yYitHTW3=i^j!>bp;pG_IUJ1*=iKVCb%%y_WU&qAyTeX=o z+d&)N-fR2i;T_z4vf&iKmQ$!l}r>Su!IWNoE_E(`;39`5yjTZB(>3+@$bTGp zp7@6U_{eY?)NnjFI;yGyFRZ!3u9^yWlhlo>B5U4q`K@Ow(oQj5vliqm$tT^`76~-l zbL(eJ%)BZ>Dg-n5gT}&{XZjECkVgs2VjKcvc?^+m+a9WnZe&8FALJtsBT4HQInPXd z216)%+AT~J?F<$JpU<82ze{@G0YDoH!uUn6<@86RjCiBJGKUgGJe7RYPr;-owJ`3i z&DLRxo66Xg9I2QruZ!uz089VS(S|COygn>pLYD7Omfgg?i+T;Hn1ryb{e5WfcCi(#jLigBC zoybPoxiTQS4+8g4iwOVM4I=tKg{{YLOofU7)?|A{L^Dhs|Yl zQVg}BNR%|_HEH`zF-27W@qGA^b+lramH(!U-*7_62$di29mZvebt=cSut*`772e;K zG!JThDT)z_njWgY5De>jlsz$b^XLR}K)h6YJ2}R$DqE+wh9s?raRykKNr~D_FQ#(E zv9j5+iD|uKSm;Ze765N%pD8`+8qKzFcN>8 z>vLjt2394JXOVLhDK{J=<4dvf-ZDB63N=Ac+D5HJW*zH&M7P(O==rppk#S_Z!zB1J zc(XdRD;>v~pi-KF-b3Kc;ZHfzfZmPsl&`ugX(4gR~Fwf6qt2b!tn-( zAFkFTWmE9v#~ejM6a!`OY>YBFKQt9)9|5ex8kJ6%Rd96EEEJS^ZfQa8SwDAZf7s$Y zKh1YAm+higWTn=}VH~4ktNrz*2QIhCp5&Zfq@V<3Gl6lprW@I(%mz$J5j`75VWr3QRC_$X#;Ho)dz7lvRA>EUP)r~kod=sxTbS-z zeT~x%;5L;TYEqzopd}6oA3&A3O`Lm%WQl@&G3>0x)xa<0SQV{<9PwsQ7yM6{n%Wh; z)OA>jiD`IMB@iPb}Z%ul4M4cAF8+w4f#f@B|HA)-9ueDQiqDx_dbW!D<4>Qs)F>82VEuOK$4eI-uRy7hyY+8&3s=&nCL z(_3+2^+OOfH z>=0=Tm3Fk)j#f*qSNXMg?hKV1Y66T-II%*yp(1spU`wC?d#LE6q)tx**Ln@}{6d-D zHXykQd;$uYr=9vM{^*6M7y2aWy}gQaKtsRKj>EjbmF7;1EHnVrspqin_e}qhYR?Y@ zUx)nuXl{HQj$e>q5fRvS3b($1sjXN5%XHDMRqWcK%y?K~7a`qk0Wsa{Q1>q(+}|QF z_LoLo@l8L1_#ewnHEi(7C$Vj)kCgmq6QXM-6!80F0M=pCkvK^2$#_(-jpbP@nOa;7<`254{U9Equ<`L(u$DF*3J+$X;rE9pEky@tw%kRS!_ zoofVe_H?q?r{4Gzf9EP4&i8soi2xgpPEcarLvOHVlCiQ+0%`BWvAx0jEvU}Y|Chg~ zIZXENJa|rn;m;4JhVIes3U4+hxjYRtueCWre3|0 zkB}e*1RExV2c!&?ov0DL+~(KiI0)p7;*Tup)asY~p@}jkG2av#V_afS;-DoN`Za*q z7jM>V(-)gW3R@-?{J0*^-+RqIi21LN`R0kn4LsI()!u;^mb{>hxH$?`|K~tu#o^g) z?5PpbxQQrF7t{DlYUv+P_d%n2>!c8~Xn|X?PahC2Q%?3SzwF$&5F!>`It zQsF?9)sC-YhRbDi8Eth?V_1}=6;bWk?eCcoNW&o)Z-c3_PR@KHQtu9<6e2Y+5yV+s zW`m}mK{jr4O7P(*ORqjcga5~;DuFe^^h=|`g0-$#9(a=MgQ0c!Plkvw_Qu=UDID_pZCbr0m2@H?eq{Li(FOZDzC-K{>ai2d}bT_VARR zMIh-q)MU7Q*5SHHmR6K9R^lcX@Hl5H0XKckDN>^gttmz*;->?ESWA);@6|_y?Ll)U zB~@m9rZ7>4eQn`Spl}JrCuuDpLBr2;JUunryj#kgT^|oin$REh&(>YH{noNtiG+dg*0Id5l$kAnupmRuz%vo|vn85Y<_ zb2_C?@lpTQ4S26D#G!bcsNrWW2)gcygU+#!WxbP1ih&jdL2xp`6pks#$Mk}2J~0pF z%Ufr-PW;>IL2}Vb%f5T`L*UGQ*x}ik=KOj$mNEBhKks9qN6Ua!lq-)pedjv**V@(7 zapVjr6F`lDClIgBjko(rUgK5JtNSTtw(Lb~{(3V8w>uG*;l;^g`Q&IbX40bD3ZiSB z{Dzl%PYfNYuJ83x4P#wBjpyFOr%y5ADgh zPASUhXYD!A7Y0s-Ct%Wz3oG<%w^s@L&ytALV@W4B>_+j*TXxS&`ftj&? zcpy!9Zl62L_nXo_WMPFeKLlup(@8fd*Wp4GW^bOeP2xv2nleF!;M3=2g-iJ1UrUD_ zpp+)Va7Ucb&eex-NByfF=e8~6n~dQ5wGpQZTR?u2UU88=#208Nf}Tm`7AfQLIF>~| zKc?z)B8!5a4BMl}7;Q?mp&1@6Q42H9AFqqr+WAMBUldf;mHY(pc5+uQRbkAmuu%5{ zdO@`DIM$0tQbMTy$i+OPl9K_$&|3QhhL}d8IaL~wQ4ZCCRjH8nGM5_)B19ylhzT`R z#9^+jacy3m*Bm=FGRrj|DghXjpqHMiZizA$lH_Gbz835Gi*pV03!N}%(LL<km5b^%pLJa0@_*57>~f~66;kQ2En%9sIVhwg*4^S+YFP^YSUE-@OKn z^^-ig-ZFz~K?htN4WRzI6Ce17HDpz!Sg|@%-*OPY!BwP=k!K@@>rKt$D0-5NwLhB* z=Rx!m5^PNB5mzrSd4VpYmUv^EWQ`GAh#Lx2vJyy6OY5Huj*8$z6zw1}(UdF&fK)dn zQ7rd%?ZMAb%n;Qqs+DP{m(lEmO;7#gIg))M6`zfz@px*YGZfa(5BP((TWLoaSv@o} zuAs*C=utOSc|IP>HW~&x~|t*C54fIu19fl}fXPz_IGJ>eOGMYEflh?l&!0Zd2GbrRm{!#wX{I1`WTI zkt@q2!|2z_K$T2exrwO#tExYTqf*plY2;j`KM`jf!OB=9Zi`@N9O?7C=XJ7di3+Of zSw~_;NRmZbzPM3FTLnW4cztr+=b1#7=T>Z2+dAlu&lr#Ts&Q5lj8<-a&x|>aVSWa0 z$#VOprSuGi8IwyR#S`R-3ZIrBMOCi&1Ddpk_ctS6N)J=)(tL?LI`pki zJL5AYg0_yhvIAahM@~9qOPj(E7f^(AQbDbj&xZ{!v5e*kw$Jrh?mLS`+R`I+TVy-8dWNiz-C{Ao{3kU{dIF@s5mw5p@>&VL$sac&7N*aW zw3wcgwqu{uIIi3QS~ydb8%gnrLyuG){prk^T~U;xX1#;!5$ubULtQ(LT$SkwOc#9I z;X9TB&buRHPv?jC-u%C$_{LtrN30QzvMHP-@vdX_v?-4W0{;(VK%BpxOt2RRyax_K z08=e2xG|H)x?{D~HA?cxZ&YG>tJ!2vAeGC3-X$5A$y1WCa73l1>;^9OmM|Dgv5cp6 z7zE}&cODq)t1W3i87CAiStAONMtn&nHU_j1IVz}d1R}_123FFGUZ*oi4a#(E z&%*%XxspLm+}kUJA|+4Craej+vn*3AZKU8+p@~NzM)Rk`<2`Wj&!IATo8u4*39#2O zvf8KguH~0!PtqB?3z&)$t2wFCcd4QHcqmSM@|vGXszoVXddaC12I82aa&y=gFxQw3JE zxnWeV84E8yBTS*(1Cg@hk(S_cO3Wp=-vV{^n9H+?GV;vYE`tdUF`Fd^`5&Nn6-U}8 zL(av_G)(C)jS|Mty8^lF%ge(ya8*X}>&RVdUiVGux>LY<%t;*EjvY3)rf1E@0 zTulyxGF!6pC_eV-BMJ~DDS@u#-#twFyL$lINByxJmA-+<2?^9GhAG<~*%gi=mQJ*o zNvj>r8Es7VU`cg@y}#=-o}j8!NuFpUN7dIP9E*Z2YVr}|IMf!ss(r6&3r- zUe>%>h<7rONA@yORHEXz!$32%TsJf=6)ug@m#{>gGiA$Z)gmd^>vR$;TxHNFxCrvW zCu3et>QgJ+`(>it5a!BH7er3LObCIvS z67u6YA|?s4CK$|L;wZXA2@8$SpJ{5h;4ZC?BUJlVIdi`5#w7E5B*T6Y*F`Muefr?4 zo9sWhyW$6D(hK*4yZgblM)kqHxlx`R@5OR0Vnd;L-JG~-sSHwj$SvS^fl+yH`_|@$ zngXELBqagm8Wrnxa|kviebfA&^0$%;Tpo7D(Nr3qB>oIbfioKEOe$STWE5bNYUfKy zQx>v9vXTf-a|;|BXUP~65M!h=A@#?RUM*_P9V*|t0OCNiYeM3>y;Pl%$07Rl5FEMD ziNGMmmgBV$GnALNUA2kJJ70^YC_Lx@_?!SPo{Mg&@P zY?@SG%}V2>gH<{9QpVuCSuI^f*5*hH*sPeBbgT>-OgZfS#*0Tn@-$p}jB_n&<;P%B zaZs1AOaFuz{YGP&9cZ!jHy`c832TqUq)#(hiSm+P3+0x_F$=Y}h%`K?N5ooBagc$> zHOQ=7tn&n`18*^y!UiZ-S(eh?SSmsQ-w>x^-l*VyS&FIHYa)6@&`Cn#^C9hL0@H$< zm=_=#F|_4(JL@QdIN!`3y@i+cLI)XmspXdo2*~^LUf7baes5}Z2ZEbYWTe9}k>^h) zLdf7hcL>|H{E}<$uaJCh-SUf?dEJF7-hAFGzw_Zp%8AAI6%=myU1`A@(!r3VIUe&O zuwv%p$~O@o#E^{Aef5D`X$rIen$iFa87A_#jOglo3J}Lhj$3sE6_$~vAl-|{QDjhD zQ?4dw`(817`uqtpI4btGbT5KiyS6dsbP#(93%!_yq`jhh^Kcw`IL@f2-?V(k+2?Sg zo}2xOj#rB9fMp{qo128x39C`Hx31Qv)rAzR1t9sTb6cC*1b)p8Afr*kdE4BOFp>eN_p16TIjdj28KXyqeI<##cf(nm{?1o;hJq--p<{2^n4 z`W$B#RScy?AS5`FJC_^_B5BG}v6n|!Nx@1Oc*ZRw3W)o^!akc7dqsmW4ap4MP>Q!v zd&sW6jJ56Rp4e%mt=W@4C@nd%x5*&IA&f~ZuM38{TYksys1-HBzq8cDmEaI3O1CSD z{5n=f2|**qg)|umaY+k2V2i_P2o7S`#b7Og?#zTR2|Co?fl`WrH@1($Z|kT>1WF=i zuHMXsgr+E9X-as)sn(=L9wlqIS&a}_89ml2~hfcRqeqkesNy(;jQ8@Q2wb0zWAEikP1AL2TT|Ahy&Xw(n~Y z+w%soT^K}H4&q1!S?LipMPyxLj(X!!BG>Vy0RIwk<+iXN3GS5T_|TD8TcB@VeX$;-T9?o zh6YZwh|1Vit>BMi`o~y*=a&WRANXNtuzmD?NMg0&TP>{1Y#}_u8R?HBv7M}y;}$)k zy0*{|a|oGb*Ks8yB>J=Y3mZp`f=R(NWIV14sRwlJH7fyQOYBdD2vLEaoYGHADMc>V z?XPduL0s`|ec3~G#3tSr(920$ewXAez;tNWVCfE8m;yMZ=@Am6ltBCt2@wQf!;mlW zI2&G~5l*CmApb4o6s|1B2}y;1tujYgr$$!D56mNH`jAA$xu#-5Bb5$@k9%HDo?(6o zGT>C-g?I^*3=lU_ycIBGu1_?CS&Ws*zn3Pi5P@%aa`)*TyRjK=BT`q3R~7t2E!gcBO^8; zKT@Hb%x2ebIYE~~HZLwTApsB^N)$@e?(=i8r@Wjlv3k|1uq3OJwM9YRq}497kgDbb zdr36*uwLRNwarvnPGfs8%0hm6i(^si+LEP)vb3xa5@QP62YK zSa`+@HLE?A8eO>0UR7EdQ#%bQULOjkW)=ZU;$Q_zS|=IT254( z@;hfp>h-?Ng_X;J08Z&69%t+g@PGxVrBqk?05`Wg5`Uc+-e0gQB7{RBsjr})rEYD> z@meC+68uHs>!o~sDYcBtZpZ(433JrrccZ>hTx)#I*%O|OT&^0 zrOP9}jESP3YcjU}qI?tAioSZrlbLfkxi@BYtv|>#l-%a5m#y7AIhnkV-NZOy<=P-- zLgt=PqMlAgnvP{20vu13X^0bq1065g_0dTWB52BfRyr<4Whm=wyz#}c7K~GsYXX2S zo@q+oYjalf->=QF&fe;pKJb(&J5_L1_0TiN5%L)NowGQ>*>KPO1Wsj^(&%Za_Qpk@ zA!otP7V^B11S}-2I#}Kvl)y+P0rDcDDV9!Hb;#;o-rai2BC@CTj1p)xBP0H6=b!$F zWEkKS1G{ls^0c+9GKW=y#0xr1%rdGy7o_{>rRN2h2RJ0smU`Jz=i>r<^~cF7MV!?z z_i>VNWFyW(am@^rI;}J<=Wcc*X54Spq6Xs83nE{%;4M^o#^UhE`u5T^#SfIl4T0v;Wg8-Q2U5OkJkgk2SEW z*B2y-oRuPSwTAeuN;O+sE`vvyj*1PuJFx1SG%$OsC5#ws|3iB^$sh!#=L~}Pbv&pY z0HscGw8_h+N6L|mmdk@cq z090N)wP&7WLy}%oPHcZp8ix?#lcp>+G3LP6Vxndi5zusQA%uY0 zFRZR_m$nf?s7l}6&Teuh+Pu2pq&3;p!w0{zwo}73TYdEl zd|N_uS^z6jE-~>Ppp+3V((H{@UR^OUX~I$+&Y$Nm(-w1t!%%7@a;Tefk76q2f_6MM z26QN;Mu2F>Nz}Juv`vZ026}b!8qDXXTJ~2%S%(tySYqahnH0kP=(8c$6qgMGe} z(~0&q%Sbvxmok#KU?6}*Ov-Oe+aR=39^nbORG(}^#HBv6(6g+LQ?+@ z<8rcjDSgQ)i`y&aPjAeLP~Zq}skN;>#RECHdJGvulTAH)Z@Ccrh3tLB#pIZPste_~ zzL0NwN+9z!cr9$ezndWcdpUHy@(BrlRac(0UwIVhLB*ppT2Kg25aXr`$9v?|@o=uaQoYi7>Qzq_^OcI)He%rZ*F`%AOmQeboj@Y|Cd&|>{^^V1G(>UN@rEfm_i>=B+_ z8c+VVtkGW4O?dJ}3pAs18JezB<(q8UBqcK4wNmkL$Py(@l|Vr>&LFM6z>L^4uEn=p z9oNpqbNArC)Na9lv3KAfo_64;9rz)4;0h~|n$gov`?S+O?X)#J?Xt_`Avap|ng%51 z#BmN-GEM1Vn4v!hESdflZFDxa(94wJFkmA;x4O9cohub}(C_s-bQA}^zITCU9Ihau zA;qcO&Qy1{1IK=XgCWs?tRrP!LmPfa?iQ~4a(RrzU^P2er4Y^>=Wjw-PzM(nK!ih!NEYGk*GC7hj?Z6t z8-C~Sj`KDKw^?KG?M?ORi;xf^e2rL&@E}#^D>O#eDHUsJ9dXvru5n5n6Bt-PkA{g_ zk%RK0FdQRy{~R5iyXfWq`O*2h^Zw}K=aaV==>7iL+5Yjx(W`TGa)u60jt`G6j!urx z(aDc!|M(y1m!spubwnt{1(1(PDqt5AHUjf>p7BI?u3i33NN9xP!59w+8n6k0`_0P9 zJsk*%R+g^HaQr{r`(xe2q-?!1IHjH2CGXrvr_<@|Y;D1RJDpDXzunHp=AXJ-+dJK@ z&CRXN?LT$8JKgQAKcUXOjBw5~<{3`^)VXtC<-vU;k9Fhzu7gm3GcsW5bQc}P{S+Is zw}X&g!@G+2h&AjK4;&nvBu=r&r&oRw51cD9g&gL)j;G*tJTxRxLQ=;=85t!J&WPio{x}91+41xcoDrrv36Q8R z6P~_%BUsrwYy%EL<21@4YmAX|WL*V-OxOZ#&aatG6S9jUITg;NG-F?yB%hu~d>Z+` zm09(!eazwiosFHHGXLM&*m&aqkMXRaT!byKp%rv~diXz{l03X4Q0e=Wq`PSUbpPOI zkl{cWE=K5zH!`-;7V8d<+6RZ~vR9$_Bq<9B=R&$&Swa7YU(rNcHQourb5>Ry`?uzE zGGg_KMcv!exc>Dv#@m;9%(b5-x8Me|*ME0od%IIy{~O(n&F!c4{}|7wPwnSU0}EJ$ z0X%Qt+&GSC1x@H^7eerbW(g@GMgqCPknEzom~%!TXBGw(4%xx>*2VG8r%&o)E`nT1 zk-kNSkiXFv4Y+76q(O$8MF`{T)pi(I*Pxo9n-JVWlw{WDkm`+wb53wbv;66jB# zJbewooE}7#1hn>)goki>%y}>*;W(o4;7F!5lCNLE)k9#WLdZjjxdC`rWq2OpEEv9$ zx}%o4<>R3%GTlX=J|Vd8ytRI!V?j{e|P=MnPo++`j`0}nfovIkK`Z%T_#qiErrMBt}) zLDG@Atl%4(%NetGhlw+DCKkJkT)A2vWCrEr$uZGBB7Y!ALZkasBZsexaSh*UkVKpm zTb1;(Osld+p;d+N8Mx0_!Xh@9{z8^Oy;Uin0Q((ad13Sxs!Di~{Stl7vj!H;wE9v~ zciu38(OcRI5BjQ|4!;L2@B;b+7SpW**mo8decxtTCY7DQM@uJ~A>S4M9)Avl39&f+0>fiR=FrjQW|G{-$ma6 zP=*{T-C6s4d7oLmBGYxWD)ZCq?$r=O8KPCW!NF#y>eX&Xm5!~I1(ol@@$3?EzmU227AF96?El+4ovpI{e|x+0WdDDR z=Zo3@vmrqlP6s3_+_a&h_?lQlffU6ypxjMz!I1Wi0IIGov)6L@quqvGa7HQ5DhBMs z`mJR<|GZyXLt z<}Ws9iMp}Fv{#rpPDT@w9l$#B;# zqP3}P)u?$}T&c8SYT%1usdT-`qR4u2XIw#IMmWt_3}5-ZKmOGZAdTH8>VlNTzq8(g zNYkYsleT(7MqCV4y6F9(C&XmLV!rU&%gZl}qVCqClN3%8e!plkw`whlr@X>{6r!vs zgat8W*LX}+siA)fB&iFr7DSLP-GCguN2_8pK3Of8QVSH(`puUi*!qtDa_5fgcAb0K zte&v;*jxPB%l!kC66LJj;}}? z6F|NEAooKRv3O9v_HoIP;@XB58~oq*ZbNyu9{t>1q<$!O!ovfuz`ET|EbeHEa-SjuV_nm#n#F#M@m}}swrLVCJSJkO(AZk6Mktwk0Z~7e>f?u@p zi)IuCbrM*Wo00kizDQIy18+YeZQOvmla@9ZugBj!YCyJ@)1tE^^Gcs_2G!R z-wXq~xj{V=;4vq%Wk>_4BHpivjPTWEX^j51>2In;uUzJ^bZMNCw2uP<80oWd9J(^K zv+q2AegRooQ@A50lvy7ky9~~7#0Jke8qt`J#&O+jJb%8R{Yq{%+=8{R{w&P6pVlV7 zcD%p*v-SMf|GoL=^P8Jh7p)c0gFd5-oo8^XzjZ1K>z^_A$L(?Pp?6&H@Y5Lb~k>TW?Fnl!F0@J)I=CO8}V88a8& zbviC`Wl|~g$1wy$xRB@q^Vr{m@uUIoJLLqXVG0>Z9=umXx&{VL0nX`WXhv4>^c zerjf-96-fh;?GDbM)%$?Br}0?gWAL zn51k%bt*5NuPtA{<&4dFqB`Gg?sQK{bcL7hhZvQgV+NVFaE8c)#0bkg;6$fBmlr~^ zC@dtV8{w%SfS8a_CwC@O{q{=bL^655GJTbN5Mesv_X75h;}kLp*=f%M9E<*Cnk4~O zhVJKb=k`iIcu$g_cRi#L@yxua@@i)IEr$4AsgiQpEEKB}|B!4W@c}n7tq^IL3lC`)t0kvi<#w0IZ zT9QWWZ(Nn#_2zFIt)?}*$dWBUWr@(%d$EK7Jb}~l%CPA~rCqQWfQ=*1gn6hYu4o({ zapaD0lE(t%B?>U?A)F*)W(#j2acQaH0&y+VR=J%#3dN?X;;%wbk-}+#velR5+r~p3 z`>I6*?L*>Z6PaW++yZheQ^jrxQw2~yqj60C&{0`3bsr?}D1lRe=Ki<~zl-hzmL0Y5nfTe`1*D0A$ z@xGm;L}#g|ai5_-qdtzJ9uBU!JoLk9hVlfsv*f3VK5AM{oq;Y~!tGwfdhLzP{&qJcn?K;r4?8=-HtBbI z{a|aOx7mNOxgEUN>~>!CUUWKbeZlI0t-Rjqdat*(kQq|({Oz~@U4!Gd?^|mheD&9V z*?)TQec$`P*!$N9@1NhRZ~2SX^OmUb{X*qdf3t8^&`va+?Czj$5eR+wziX=c zZ{QNl{3ng=pQkY1*$M{oZ{E*7l2v{b#516#w}s z&*R5`{-iG2gga*hfs$B=t6;#VymF&0jv_libpQ0oT&-#!{Z(15B3jjp+3&dY-Bl-H z>Z|&tzMV3`X7xAqt9(9nYMn+|ZJL89A0%(Y`fy*hz5_&+)MK}6i+)V)_EDVq2ws7x zu*Ompk4HU{w)C|Ns+y0E)SV$cg0d9HJkr;}=68=y@hDQ4p~8*Z`nU_L^Dww)Ax1RL z$beLix()^6>~pS*Au*q|%ZKI{M%9?*6jhlVvp-q>R=az1e2VIVYigZKS&G)kABD#2 z!Z2FZQq3_FvIA@8r95JjLjGM$WZ^r^Y?;HWZ;*7dsX>Gi(Uxu46H86VuW~BgN*|(V zr9Jzj?cF6%r5mJiR&1@6f9ppKXFFTv@47o6)oO>I1&P&&Y_siNr_!@4ONF4S{ICQc z5F*mWG$Hb8-J%2Pe8!-Ce@;~^t`sKck!-b^MQCd^uKzzQ?HpI}j)RMnX1l#f-92%@EH-LLyygo;q z4q_5Iq5|#HK*(Ki*Sy$H)wOC0F?Mz5jP&!HBJAD-r-FO>#$w*u3d!viGohZ{%>2m} zZNHICi*11LELUEvmKxL-&8Mw_&(>aM^s2p7B&!-?{tKC+Lep*;5kWK-YKlAxPX(J_ zsM?(3#Uw;o#6290h}*K++gI)S2hSq%ze)!6Q0Ko}-L1{a`S14A`R}7Vk1zjQ!hGp| z&pHOAXit~S(;e0(Hh<$jo7Jr_ zlcJ%*9L}hsXA#x*r{_=w57YeE0bTI zS+~G+FJQk{PPHu8`D$g{r>FT@ME;kQacl8^uKfR^(=E&Y8{M5J`TsGVNB94H^)az8 zh1b?>d7Ra_t=P=T%ZsQ~h)@^UklwdN$&(35QyLP%9n*0fpq)+lla9{E{XYGOT(9Zs zk^_1Dwmj1XFa^x|mbYkEzg>hSnnl!cR!gaj?$IqI9c-=Pr`(rV$J<_8>rcL-V)z$<8H<6IQ17!oy| z=#Pe0beYBi3*p^1A+E;C2Y6w6wcs@9kgXK=Tmx(2?a~02sj$$R>~|Srn=SIsB|>>h zMdD!kP10hsDOFNqK0J#swF)A-QAd$^ITe?qBvAPAPHD25ddh_tcB-2Jlf781PG_u` znWgSw*%^l>H`Gd)40!e>l{GM-QSXT zWGNx-5vFmwcq#ab9=+@ra9WuTJBB~Uqr6L8nTVsQ*x9cM8sdo<#Dt_cDr1xj&Tl7u zerRu|B8652nEBg6!Dq=xT{Q?QG`&~ef0Uq8t+(XXs?Pz+RG-UM;MZO8J8G4Ve_~t0 z(lFPZ;na$LjYVxha}4O=*NX~eu5(4E3o)H5>js|N@Emy^&J}^sKlh2TJO*RABGdYG zAjg)yNfgrj0;`$ts0=413Bg{Hr>ShwPq5yuoR^vODUNUL0NDf6r}`*Qxt$GA1<^e z^K>clRMT?pEhM|qDsyoSB3ETA3Evg3rz+>q>DJ`b*>GFPjYvGmhA!%MU=Ep>L+~Lh zYVd`>XF3n7rC*^~KPnUj(EldxzAb)rIu?JgS@`pMilZO zpU&T8V}CEUR%S{%%ZH9PtYJ#)i1>qDA%gKgB7z=S$OHen~>qU*2Q<@KH!~w<(xpO$CN*fpRD@7Y^d*b7svYpS%PlUWmf+A6+ zk7;xgACv2*VIQi^K#VgT6CWM*LCnvXB>Q#5uV^B(Byp{B$K+a&6=0{lLn&Ne(d6aM z7KwueI);wyo&_Z9C}#Gi1BN-38?1*p+1WxQ4$^6o>E$5${BQ76xJ#Gd>A;O05QmUL zC}m@HuA$eESQIP`A;*u(*a#NL{x}XGm z$#kAa$u?j?P+lgXoZsn5kf%kc;xY%yktcSeoELHpv_?;n5zd4k zf+~Rf8GeXu{%T8Q0;NN&DhS#tjhiS2XppK3)((2pM`yryqN&A-O6XD}-iPI>*i;px zYWfsUfbs+3p^4U1V~mD8^TMo%7l9 zy};&!E~*<=TZC1<+d;k>zA3C|KvUK)QvNFoDdUVr+#ita7c%`ZWh1d=8UaPnmW%w- zzFKo7H; z&3DTWMUz&(7ONv$URM4<_Ge$-y_&~k8uHMRZ>98S)Z5t#Nq{QXe#-ddKaihqg247$ zbva{dGT>e0o6iULJO05%AtN%uuVRWuzLMWR#I8nyhOM0aOo7%g^9>_!C~bxG)~8on zptDMl3VC$0ht z=UHk-vKFyxlA<-SQ|(8|5TkCZC4U}|MbB6@I7zCdKC3jDmu}OVf$}_{w6YU4 zRUiZM@l5(*>_^dSnt}Pz{qW(vg$u}M^;yW}JWJ8`qK(^mqg;cDyo9yBJ|jLH_xlkk zF|=9Z6nHrvkLsamQ2H&Sg>OmghiEnu=NzxPg)aXnG&n0f zYs?9^#4N~bP>jzNykH$Mq3B&x4iQ)!(M)9_mhzky6O;nFfXzbgoXc7&R6p;O6RYBy zqp9S$->6l=9#lgsU)q|mq!v9_y4AC9jECl?dDnXRu)%twGGPZ%a`iH_BLL ziNY^VbG4mffdY3^9HeeN3t44inym1I;-~phu-D3>gHe)_31wqm)t#`dg!4rfyDT|x zv464EyCikbBW^v~5*^17Z-uXWvn$O!BnPHht))J#kw3r@pirco`AzS#b{U!UswlJUDrNIJv`mr5EBSYoo(s2^O2>>T{NnkDj@xKLCK46WHUD%v$t;^#v(@4}E= zw2G5tc4CxjhgFrb;$AY*8Wu@ooKE$NwfqB}H%aYx8dz2^I^p%$sWo@3MbkG)<;{GrjMJs?iPb@q5YoV2)lO&+pED22n z+-?3;OzONSK`SuwxH0V`xCK+zUooVw;(l zBuHgc9*|6}=-Ku*ed(Qg3w1pGa>01HhK{XGIMrU?^)N$!7wlC$d52S-(1v_WSehZh zL39H*H+!pVSK}TDvIvl)ErM3q*329ZB}pG75QR5mo^G4wlUvEbr+?kBJn`=W%* z0eBCf7m%7a@$%3I;fF^xh*;t87IR66}ge`74eFy~HW2`O?G^~{W>p0Vc7pPEur zmfab?fKPl9QP^6z_yev86zZ=UuvG(&6%Q~cKUS*3-sqJR(3ktLmGj2d^8D>hCDxEU z;Pg?eMn8t1`B`UUD-Eu?SuTmgVVK(0M6#+pIj zEuKTvAF;rOmYwu|7avwj?g%9@Bk!r=!fmzV)i{bIG72*#6G~)YreK|^I@4l(^z1wS zOr0kn8Y3-otu}as6r8io0m_;_iphZ~Qi%0oZ`RR>IYF6-`O7_~R+YH#-Q1uVXDISm zP2f{2J5O{z`C}y#zN-sik&8}4?SMDn^?H1_}9JrUI#6o}N001?7 za2qt=QZgYaC%=f7yL(9eRHcekW*03_^6lKb>IK`P+GdeMDSE(f@D!>e7%L8-jzSKG zB)H<^5yF-xq^8H!T9QzQFnTT>V4mmaSZnfv{5LpR*KrYjmck8IG)4(4@zdSRhU~sb>N|ktSdZQ>W-uG1v;Olv*3?34w37n zA3lWNuYQ)?b=Q^GAHCl{J3c!8X&0U4qemghNRW{btqC2>x+?VMW>>rsWo~X->qyC% zvAO$NUg#iwDx)b%i5Mn{Rg?#wFd9~|4dN$8NykH|t3GWpU;J5s|6A_L?aKgjj^i-JOKb-7?0?;ja{iCa&7CLv z-=jQ_&i|FGI6()RlJc7ojORHd?h=d@JkV!)*w#4H=QL^>Y%&h&i+_x_zYgRr%Jqx+ z<`pB%bxv@%OY)E!wfuFvH8D2zd7-Vjn~{NS z{E=)vrE#5Oe0dyvpjPv-su7-~O9^mev18 zIHfr3EoBOvqyN2lv01+VX|uEWr2jq2^X2rvH-eH5U*5a+rz!NS(f#y58#OlM^~o*tTGNi$ezlvC)y7!8o?Cyu`Z~M*8A&1<0EsjWr&^-g>Q|}~ zmuIO_EiM#nR*e;ncw&n0SvxL3P#g^aX%otA^2JmLuHkYtE3`>wR1ti;1VgJD;B?_5ejv&as3 zZ?>F!6b2T7`xeF=-E2*Jw=v`_*vvhfar7XTnD<+naGF}VqX9=Z`<0t-Y<9ZL8Y>8O z4`{r3z~xpL!d=#xy(2BNuo~*!vtdrG-z8=?7qh>~S!dGb) zQ>^Ykz$_*!*o*8gy_$CB8{;6+UvbDKSRURcSK86ODw`Z9*#aiHoGr~W#;KAE5WOt# zagurFTA6#az$rkUY;TJS8~0~>1L3Q8FKXigaNouzpql-*ZEtE2OU(OiZEp>&+|~A` zn*GXcZwp&!nk49lw9wqMp3^vnd1e}GLEXYk^PnctSt`l5J2iK=i|Q$Rc)RGAHt@`O zmbU*ve(mJ~LFf5@?QE6(zczL{Pw}6R@_a%2-}L;yU*EssuaN)!%bWdRkPqtl1wA~F znXin@<&1n#`(8|Zc1ySP_$mN%Ykx1hl_zhnCvUH+h7T+HKftK_4ZHk{-ecWD)6CV+qP(YBmSuW$tDZvif=$!%#hfm$D97P24dJOifF* zCL*I64t2M0n#m(jmT2rdUYBAfa=2we1>$Np& z7qOzGmyQkL189wE;IuVYhIW=vaiX|a69oi zBmoVHxqOrez{HNIE{jue&f4>;#5U%{*Eif1lCWQqsmJ=B{x)l0Yq-|eN03ThK;9z; z+7Qxw(^x^Rx3CfuZ`@R7kDw?{mz0=>JN0TyS^Ze#DJdl+9~Y>laBc^mZTOx| zRn`!fq?p?ot!6ZIN6VExSzovLN*g;WBH@x#&>&VmpfTir)q{mc^dQ_LFZ$LTh|cFA zAS+jw<_x+;_8LnnB4fTQL0;lv}Bvcn2&27x8;!pJDNO1X8vkhC{puCnl zzrh_?rE$1*P86-VwW<}!AGJf%rokq2d!t;vh#y$lSX}P~R&^2#DYuP}OQFh`5a%Pw zF1j#!3Q)e~WPh9um!D5X!t-Gqb8@;Am|ul8-@2+Y$Ix9o2@BY6wxF7^3;1={O71I~ z>@5GY61C0nowG|e+qR1=xUu7<{p9T4zkS2?JTsJJu(S5+`b}Xu<5PVbcht;eqhF=T zN$z;^@=&da$UR{OKV|Y?papVVX}p@=om%5#==On~84Ji+nlkn)}2T6K@TbseA8culD(4Y8;DOzM^36 zk{nGvyKF8ETYo++n#Wx#wUrf$3`lk`PE!)+ zMn%^x8*XqM8qT3OM#+AnduqZORJvfV;>kOl+D?)UVB|Usy2#b#Ko*gtz55~l5NmJ5 z@A!wfM$?g^uIf%GS&U%{UCvGtU!Zkx;kxRz-2e1q2j0 z4t=48<)o3%zV%Kcu!4!Z>NSn>zdt0=hz??wlDo>7bL9Wd_C`tm@9u2A=sd~)kMXRa zQ=ADN!v$5!`4$^SjCx}lg@XSkIJm+C!hL52T?{Ele4HdK%{byi5=G#xf<`zChBO|m zqm)EAqZ75^S+?M51_PgUxc)&u^ z{)X%cjqCsH)&Aj|SNY!W^nwnG;1cE%DK@OC7NUMhN85oKCnxgMl!oCua8 zX$(bdKm*hx*)<`t0YujG9cN_)UA+G5;hE$7_Sg>DM!~s8Vpf@V9 z_?_=%9ifL3(FXiHPe?#I{G9l|<6y11oOQqic;vmzD<-OE9Ue8i(9BD=_}F2}J};he6{Oi93=Y+tMf zyJba??RY@rkB*b!!MtW=I~g9>&2;_lj^Fh{(xW)`x*adw*>s#_97U%rqQP8P0ona2 z!m{~OQ_-AtfnfD)Kf1qH&+4BgrDzS7S=to0QegZ=dRYuPcrKpw>8UI)gkIg2ZzDnA(Q$ajQam6B5$1dzZT>W5TpC<*05kNCMdJ}c=dvLL zEv=)YzNS6bbJvmG%`t3MuB&)%NV$NMqi_n_rR3IP)1&dA0I}=2j)Q}MaQ=pcWFENt zP!f$;m^&Od!d>X-jNtHnN;7f-6Ts=e=5}^Y|3#MQ;fJ57;|PUjUc0Bt%Gb*$GAy*D zchZ^UtVu^s`buFsBwkmLh1e1TRuEtSfL;ML%<9(A?5lzwQBJlXnamlbZH3eRNXo!h z80=`OTE8OGH#iZp-)^}r_1=hqvdx49g7aLFDR6$+2*j7z>REiGaT5>{e%1p`Z5Fbn zC}u!iK{l`}2pL)-mt7HxaF0Z4hr&s+cvU%tCkg&zOpFYi&&H=u$OKksbMI%=+u0&< zU_v%;Zk)oP!z9W_?EAhlGm?0+Yl4@xT5-C6e*XUC?9hBb(zf_x%0|1^OQaAD4rl%1 zml^2Nvm-~W48@f!2=x($<+F)mmseyuv&SpTGQDVrD&8u0Y`nPv{5dQ3u?3*Dw4#cO zf8J_B@9YCiwZM)~E?%Ac*~hG)lilHfxYK#uBjQf?7Kg-(=DeNf7m^+7 zxh_!rvr^FoE%D_JR`o)^6it+@^UWs=j#+i&W5Uu5SV3~A}`o9Ojl|Ih-REbeW6t0G*ohhLD{R5*S_M)?}s=uuwRpuAgW9{ zL>>E<@$g@cK%IyJZEHeh_48u?a3 zVrr$a4#r<>bEDd(w5}i)N7I&%e*KxGWVXFi+c^ad;Do9{dBE0Np!Nnh7DN@I5d$3M z$}aA)v0PUcT))YKbKmjMTY&{B1}U@ZZxxs(n|=YTKK`S5 zu-E~H#MlZg+nA!U13|1INtG27j;6+XwabM<4J8TcI#Q+vB{|Eoq+Am9Q#L|a3{BD^ zi;3Qow5?CAoONiA4~5DQKg&>Gur3@=5#@YL_~Knk8C|U-MW{R=F-|EH3_|d1HB-vy zV%H8C;i7xZvh;ey@l;G?4n{r-&=X3F%^sRuGy-fs3+^H^)LxR3K1nsB`jz$j6pW5g zEM&o0Xf`lsvlq`~<8rcjIidqO!R;0Er#I%r3os|VrIv~M6c6O&=`mysO*R#^yyc`n zj!;D7E3lsaP4_MO^lc+{HqKZ|am3px;VhaEPk^@p|89B-i8TSO#kjUZ{vt? zo^O`DsXo{c96Q3-NHCH?N+g4)F}hA^24~Kk^)rDYC!{<}X>Xhr(4%3Z9N7f~UyhNx ze~ymMUG#GQ{OEk$d4F{A^U2!_^nU;BZ2$P;=+!woIYS30$A?E3M<>VU=;TMVfBX;h z%hB=SIwDk>^gasK$pwIP1Y5iBoD)*$T${S2QI-ZM!tr2?2Luh+grqSX!IN}Ex!fyp o96Avl(M)l~%5eN|==k~Rd3v6nFZlfb0RRC1|26AI+W>$E0Pi0-(*OVf literal 0 HcmV?d00001 diff --git a/assets/bitnami/redis-18.12.1.tgz b/assets/bitnami/redis-18.12.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..1a17c568244faae815e57c075f25aaa706d09c2a GIT binary patch literal 78943 zcmV)SK(fCdiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcR~$K#I68mxDYRwJ8s^?wvc+ z#}=8YDh*kwoRkt=CzdR zNZ=fez&V#HZ@ugM3I#VPqnIQk@Z_&AhW+6W!QhFva)x3ADN;bQ0w|i2Y%v1IkijcR z(G~!B4yTBYz#m%x01yD#gwTM_P#lXwRcQnw5?-T>Be=pWfpfg4>y3uPAVOCdCc$tR zWIr4@&;$Vi`jC>02{tssbZd`>{pa8H2R8J54{(YSh7;6Euv>fdU4Os-%!chDyc5VO zq~}`z#5hC==E>MP^_=86n#5f9QYMiVzJmoH9`)Q**$v77#Yu=bEDA!HfRH2%;)K`3$&~Jb8Kg5rcR`FPqq~42#zz7s z5ujW!B2m)cni0;N8Dl9O?ddV;hh)BmL*66(MT`9_O}4Y zv$!B;irFl`64YoZk^{J9%bjGr0NL7bk7Wq$aY9_V+%ls*{JuZj?+>>=_rm#&{Mh?{ zOv3BCz|pe*51u}&?Em}UJ$u;y@8f5QMVf?IEI?CCS+)p<{mLGqCcm>b51;jiTM?cj z%0__B;QsT2(ep68LeD3|33~SI`48V8JcHkdKSbX>-TxtcHW*wTeE0pq!NJu*IJp`= zdp`Jn_&xmo>EJ4Y-w%KI;rUhgbZd$dltIRolHUGc|7kGX4~9Qn4u2R8hoixu|7@^7 z{O;gj|NrYftP{;Ya{i00fZo*spmF~1KR^l5qiKRTl#xm*1s za4|mqpWu~L{esho>zWgcvJp5OA0E9t5lZ0JqetNXp(x~P7x+0QS1{(s1UN?wWt4wa zg~wv8klJUd##ku%yC5M90XBmSuo<+#LH2o@h-qg80QgArodjucDWWd z!P7iL5!c>wD%(#bDN^rw^avc~S%wk@;0?qvyoybY8e&JX*6b%n+ke ztz#sEQ*;zV%DX37B!DRJeFut{L3)v`X=|f&o9l*viqB#>r$T*A0L(JzfoRjKpnX&gW>G?o>fZiy;y9-aWygdcrEDovA3!9(=wWl}k8~}5B7m_47JXnDJQh6!hkQ8! zWFiZ7cR87o1>hF5nOJv~8HeMs0Ep>UfX*p;Nhp&G)?13e%>0EDhO$J6_w5WN0452^ zlaPx|hSC^^f(3nWIsp?H^R0wq)$Qd*a>dD@B)*Yb0!+Z^n6ouQa+S8xj{wW$4q-{{ zId7eFM3=J+(HV&&@Ds#wp7G5^m+-YxlWX-LGmW+Udccjq^Lm_kj!4dc{+FVVBoPHy zh}|NTfHWglh^~ZQLgdIf_LD?xgb{|*giwYGBup{*^BgM+Y ziBWbOlu=LL6*dK9q-ExXQ zFymnO5OcjU+NlsI&$Lxws$7lZEnMhRFNFPmzpvC?t?go3jM6T^6F?E$_2|9~PAe3o zc^r>PjKf8h3jPhG;-j~nRv-Nh<@Q3WeMVRLR8L~nT~WkmF_$rET^1^nR@sb|pkz*P z?R&!1t1QQ5^Ru=dXyxxBMIoLn04!8E$p-oPSW1hSWls*{TezT4IA@Eo#uPk>Aw!fs z*##)3h;v<3Kb@QrHqH=5340>JIn(0W?4;t-gM@T1BuR);VYJqhcu(F&>^({|6mW*3 zD3C>ZG8aQP0ya*G@{KTKiw%$JzAF8lZ@6W}RcXR{Nas0ae0`k5Bo{Ek3_*q>Es{ok z>UZlPgY;VTP9CX(lth8)>mKik>|Bs$_y#f*=&|3E@KJxN_J(v7H9f6p=+-t>2%oAg zO7!|)w>nCF%$yR1`cOKQHd(5RajvmeKXM?K&H*qBXP6;*iC__Bm-oS89FtoV$-^og zf%lZbB!V$X(0f2K@ZQpV-g69g^O3C=anu%?!<^0dQ9ktb+7X4-x=s;eIGF})h5~s- z66iBiK$2jBGs=Q27hK^dKUZxKXTg%PU=EGYA-%Ha3#F|BOy7~UKm#NJx+-5ehz4)& z*lOS#c%EZ!bv=S0gGof@U^ocE8O&hFm2nuSGnnLal;Kd_9PtG!AzaZj3V?I;tTOEb zrkwF|s(?#1(fN7-6QI9pyMWNm?HQ3FVc>zWT%y3)o6D0C_>HUEm_4C#TjHxnnxPv^ z^2)irkR-mm;%P$U?U@`Shqx{s7%RBHpasysgKM;YL0ViHhyu&v?)dEVjc_~DXV49+YuNCnk;H=`RuPEXrU?KNVa4b&; z;QaVUV71;AXsiMN;|#%Qp_d81=TUfrT#JDoXW4-{Ol#+lVUC`OuU`4b zO&*Yq!A>21&riN60cghE6qt3Y~#W}eFpZMMxnK(DsV3Lc% z1O8cosm3__&DR_pD1K{@k~kdgf=eXReT<` zLeZ9H=;Q+mkLFxH?U`2yWtJx(%`nM?agf1GEK!x2WE6-3Vl6{Hunhhb!>KbTUCf8_#D;QqKWExQX zZv=*e{b%#5Ua?mj3{9OoNp60HnbSRK!1RrqZG3H9ph_K8NUTGSyjTC}%^O_=q-s9` zy(^fxozSg2bmQnXI8(cnXNyu(MyxoxkGyX+V`g=zM9R_Yx|P(frBu%fL8^RX)YNE^ z#YQ97i809-m3LB{Cu;FXNhXf^!Y9nT**bV#Xma_K*FoUm>32Wq^Fu0MB5J!2Up9kJ{WGf#;&oWtuK6lPUE^ z0LmlF(GM%>Vz*}W=Nq8Nkb4iFD<#S1>9VN61Rrn%Xg(VqP zs??VvqGrAI%BcHwNg*wPUQSBg#vQ=7%IVS&J4ou%FgwcX(r`OUs|T*Q@vuwpOkRhZ zkXLzry0G{3BYC89_Icr=Rrv47+e Z=vF6_{{Qs73qAS+W&gcO72_u>-Cd^SL__ z73$LTTn4ubus~j&-x-q5@xsP}sPZ6-@f@>`N}zrFRMCjAk-A*IKuj8~7nGqnnDPoB6gBh}b2s30K|>Z(0q~l0 zGzRLrh$<5fA9Gnt`ms!4=r@jdfahr%BWbi0eV}E+<>5?_@0HJbb_hsbPCuy%5KxVb z*`)%uZX570e+1+Wwp`yO|CC{XulMCHn@}cll;RQb)f&d^m5xx@>numQWS(Rg;zMn3?tf)GP2T`+d#z4 zNJi3%wXEZU=T5H?;PXoE+FF>+0tPH$8-YPlqU6AWS~tqJ5yR!;NCn68F&TmLJmLDa zy0;gf>`v>-yyNNgnfI*jD=F4j>sghG4Vtab1I9Vf`0IyvsoS`U>Q6_A@H3GyO}r$xU=EYQDgn8~ zfCM3VuXQD@BMWeaCL}}P8Vdx{dkuYHyCBMilT2Qq+ybD4My?W`do@hN(iB5VgTz+vf-GfmSpoC=@(SQ-55+W7`903h(F`J2B z1BJ^>V2j4O`>vEkDv0AmDDbiTW8Ia<^oF16Z!o&uQ(ckNs(6MyiEYnP=B*GBKecs% z9QQ=AmD0l|yBsXyTkdBtL*tBuNQ$-a5(O8$6hOcaXfXn*{9d?`nji!i$ACZ;Cr zOGJp!Cc2@dc${zuv$^7 zL822S>cy_Uxlt@B3qr)YQFx6Ol0dNrYwyoFWZ|q6c{cKEnx4WQuT;nvQ2T^yVVY>lRx=eJ@s#fNTkhV-K<&yipZn1s8 z>wK$BzxTVsKK{OT*xnltJni;-YkM#oeM&W|+Xp$|3lyV}k<1c-rX75BmUfx__I%fb z)e+A~j54KhTw1^1y*ThanTeqMa{^jh-mSQq%=;u_r=A6c<3s&>MyJkhZ%;uDwN zw+V#|(}{3M8-ZhTM%aZq_7=>oLtVq_D51)@e|&ZU)UUNHT~?w!$Ac)LLY&pN3iAv> zBXA@w06*c3ni*?-uJPzisI+g34s~%azPEl!VvG)9-Bt?nED21 zMOR0ZxS5fOC8#g@P2SwZm@?syU$~>*s5bT8kTzS#jZh(K^skh4#1VZJid4gH-1QJA z+t*P@afCwQ#2Q65ZdGodzEn&{BVR13J0nyV~T zA=N&W>hA&_|Kj2iR#@8^a|DL_PoJ5Co+iA8WqiLsD%etD9RIpB*H+zEII_Tsq$`hs zOKRaR-8>NWRUu zDoZZ2G672w6vP5G%?oozfv4ucW7Vj{6Iw*pdtIpu=}O`oa1=v4r?z5Vz1L_YXO1GA z&%rn&HzNKYr~&KPk* zMqn?340d2$el^xTp!rpVGof)Wv~^2$h93om&32V8-~>eI#*R90=v5?i9BNtl$JQ4lRe4nvUgiAga@a5A;v<%yyKY+K%6;5C(N1IrsY)!Y8C*?9)xu#YTmWB-C9KL|`Bg;BI|FI8(pQ=R zI7cx0EyE1GNx}~6npjahV~YQc%1g-zeE&1<&==c~Zp9!;4?S2it#fvce?4-#Rk3-u zU{vS)Dl*Fe;K38yR|0Kp(uM^KNoV|rp_5sd z>=x<(az*kaa#vatxLU6hID59-%x!Xt(`KQJNU;{5&k--cB(c+vZ1U!}z$zE%kYf!p zjn-?d??9;0h>j#;3h+c&)@J0Evs`AsiNu|7r0-g}Jet#-IP|o64|F1hZ{-&u*)acUcYpvsi0?P__1Iym8 ztU0ISX4t6}tk*y}$sDVGS_I{l!}1z%asA#74ipw%5f@k&%DTRtNZW@VajpoXuGJT{ zUJ1oOQKIiu|NH4+Fc<_+_rE*%?yq*&O(#m-uhS89=g|k59_})OlL-#1`J+lK*YyFD z4GNFnPE1k$Jwm+*#B`DQRti5Kv7QGSO~6;g;0net2~j38C<#hbMwu|i{5&XkodBoq z%I)cy5x`ciWKghEIT;Aa5(lOaDIb*Wgk*EE-{f4uHn|PoE5pNkX|UTV5u|_`x7=C+ zbk@GE!(y`hxx)gs&8BCk79IBY_qn1v70k|*k4-KV-FRc1TV2941q*la!x9 zD&9n6S!?+-jxBvE>o;?r>xS5Nfbayst9%x=v+Ob}fCd)%Yo*6qCd_23*L$T~7gPyHM?R#e+6i2=vZKf_i-a=pBju z_jKH|3?oIMNW4x_m@|BXfZVH#(6%D6YbKMXC@VXKa}kQQ*+t_9XDpXeAg-kK29;*y z19pucCH{=SnGEUc&Qf*tXbrB3Ytl#gQj6j!?*U}VWvF=T9O}!_pHByahW<3)2Qrk+ zaUw+N=M08u?8N$>CJar52#W5=RHQ`9++yBQD+zNucZH>fSe& zPAsZU^T9<`>MLhvnLbn<+k{I#ETb$k{3vsSqfv;WCTo8QugD{2ClnJWMHi!drl4<4 zE0z6EoXZvEmwE)Efe?{a%L8l9PS+9Y*RtW3#L z@a19;Z3pM&jt}iQPW0?nNcJA(6o~_avagma1dQnIl-GhOR>>-zMYfaMbqB^RZN_vF zHZA;hiQ|-^gf^#+Q?=aOajLKyxT0fH_)g%BT=`7FDw<&R?@@iyJHr)|>`r5_+m66f zFZ?A^*cn83k;G2ZvsM;6ABEp!9=l@n?k|y@#(58!>@=z`GL@YsZWFoew7?cYIQ7}= z3{%!mXXl{(QWDxZ{o6!FJKt(>FFEaeJ=suFJ5Qh5)7tsy*;HP;c7kd$+gU`3Q|D{t zsHSdl#2&4W(n{^-sILfNlw~kY^8)%-nkL8_N)70Ry?SmyFSvD* z19}0jn;p;#^ls7vHm9;0dQ(}c(sgsM?eBX#y>f!U4ib7dIRgFA*GLlR2e?+2KtIT} z(**j#e(QMxi-YURi2^$a>s{pvtbxByvcMXU>tze90lI#=z#72ce!f7XRo!#KKo{@5 zW(;&ue~y%aW~P5JNdpV{UomT-ZKU+&4Xh$qC2?RKmTKz2N8mREaw`1_&Es#v63>VU z{n3M1AXN_t#t7c1H{BowP+W$EnB?lR34}Akk3O2joT97`E=Bd25`dF1Ln2v6IFnCu z$oJHRX@oeh!%%t5k1=DhvOyQ*?DBa%<0QPs3FgBup2l2|97F`%!o=x~)hthBkEPvy zLgJX*8Xst3BB8qgM*qyIs4?d#62w;!m@RhIk!4P9_4Kmy1H z=o`oY*#v#{6p-y4Dd$SF`TdXu^6qBADrq1+OMb^0aZi~bThY~~g6!0_nq-jOur^Ek zD)}J0;jKvsxddikO2}5+wK*Y|obPpTmKC$sB$3@1(vT*ym5A0nk=;mm$P}q6w`Gbn zcDiNLEjoMtGOP9-C0x`UY00=~$nKPLu?FZv(#4vji<)0wM%KmR3b-NdVo7&hBk`i8 z$GsNES^OeDd?&kyPcW0b~OH{O8w)r)Teu-ken1J%` zh+ZKDrP%}TJ_qH>yXKu|p|rI-MJK}!T;i!+<`ZopweC(x~8b~&~pblDy!z* zrLt6-que@aDt+AfrV~|auC1G?(#yDqT$PQvD#xEESEW%eS4mdsdj4%FU8RqryU17R z!*lluE1R&dp0d*KUu2yz?jUKUmw#(zt?b&1mGf3MkbEbJE9*OC6IzqH(o5_^?#fN( zuJp0^o|0GAtv+jHuk`ljZqrx#P;NSZrI%A*cmhiw&6~?$>D{yMK80n2s_+fvu&ng* zGbXWIikADyV!1R)-&PvS!fj;PM3&}6T9e7L0(rSymSylY$t&*2t*4drh|WFd{VY@9&1_j2m*sO?mhsdlx2z!h z;?r9;^-UhnTKe?OWw>nONL`A{79Kq$xon-gD<^g=vwrzQ-$QQ4&E8!f_8Yg(3 z&x@I?*&}ZHi$;z$ylAf@ty>Vn4+TQ_VR?i_`w&Ao|9ZDMf2Cie8|E;RMCa8AYk8<)#$XrB2E+A8Z#T-&>TY%IWLzoAb-Vv&)gZ z859bKPG`ycr}Bu&Aaqx|5&`-WjFNlfNNyo3Yy+vh;FaZEHG5#^2K z(IfC9W(k~QZzsh?AGkpoHTF+OYG?UXKO*5Z%K9Oh?`3;e5}3@P8E9tiF*v1rem)Bn z{R~YpW!VD!T?y?7oS*!BdU1LFHxbD4djom8Z8Ln%Dsd%eV;H}=IK6zMaFmE{MybKs z;a?@33{D$B@UPo=KF^sH3^;m3-0o9#}HXAZ-IiWwl0r zp{snV6)(jhQ8d^7f?L|%V@sO!q*RT75^zjZxgPov@JqYe;HM+-U4Os-EQrt*hDk6S z2HAnUwGks@Z$1~w4+@suN^}Jkw<+vBPo$^G6Fy3XEMW?s@I8*QC%XW})CBWAIh~vl zCfs}z_GIbfjpb4!ul4k6)Hu_$avaoc?5TVujW^;-#8jxs`m})}0Kt@ys5n>EHzyo-plribFARCJ@IQ7v}+1owAbrq#3#q34CC( z013J^fG3$wn$cf^s2&V)U{T7DrgowNGz8ydzx;8hgK8Pnr>X{*Q*=#J@AEq!*{Yy*Jdxg2e273GV9zuR6en+$opGZA83 znNOww+O#Gl66ZY*zzzZ z#X}AMGmcSwu}DH{W%oDAzL0li)#USCZ9HNN(~Z@sScSCTnnQ!|42Ko^9h@dMqDAzMZ0)jPN#9n@I^@2XWP$@OALMfTZyD%57(b*X7+3 z!~4h1ml)pI#K8Wyo*dq=cE#-QzICS&^oG*I`+={XAKnjdodofIi0fvE_e1^GQ^cEI zubd;ki=5s~lK2|%Yh;P9fw)$h_!^jN=ZUX@`z0lc-;l^2)E#qIP8HupX74Ijd>w*y zlEv4-TrXRE9n|&H#n(ap7W2i|Nbh|oj4vU+*NpKc-1n9;-i~WcKTlk1aS&c5u$4ON zR7+qh*gpBdC0M3E-s$Y$<0bJS!f&GyeqJ8mQ;45`e3yyw8x97q%Ta#*9^Gx2pBLw* zIA$#N1Cf;PNzmTk(LEtMt$Q zB95ivulOWR^$M}}q_)nRICW^MZ{n0*XeqtC@-;muQ8oK6@uGx>VJ$C8w4>YXlM?Ot zYTuOT)VZ2BB|4(@J}R*U-s+VYs$h$r((T$K!k4tosxYpMty3y0{ zxs~9HNyS!{+VnvHcqpO7+k3cRibC}wO0if(< z!oxy4DDQ$)dfLlJ7a`-n6poyI_3x25QvDw=7mQmFaj97M$(DML?g|R z&LY6iQo6U=q55`)VzcYC@2flo+<0)>{=ir^%?y|8F!+hL1D%oCTsn zf;SCBWk8ls15rU#p9i9X?TgO?(bzd@#iz}k`sNZrG_s^F6GY3%KV*VvpTFzJgDjm2 zqC&$%E{OGWL9{XT>q!P7V7x>y60sIWKh8*sGFIZuOjXlrMgu=|RafFYmt3b`-k ze(4nObY}@H5~)`&lf1%-jD91W&Bt!^v)uvF=^t?tap5SgCu9J!46T%2bZTU-WYzM8 zwmAJ+6Gc^5wfSVRBwnngdz_RK{!ukdnL|F46H33c;HE}ccZ#ZC%`&1u3KT4J zK9$`CgsP|>qIlPqFM9cUx@%m#CbqKaAghq%mJ$pDEMF5k-uH~3}GR=7R#5+wUXNf#ANq6Q2 z$i!pfWFk+R`~U{y*rta136Y>%$q~xzjKgdv^gUXu z765a^Pd>D4xOE9vl~&%q#NP@CKuMGmT;vhB!(C0IEZeyJ`$~KNHz+2eeho*u(XcTg zY9K}Y(;!?e;`QheCrjUlt*!B?Osw*CDRuv@v$H;Ww3U`oxw>BEvreXEWqmTadMaf1 z!EcA>XQyXBk33xx{wZmOLY=>&l(BZm54bTD8CmiK-as77>?Mi#{M>vtcZn)LS2g&& z+KZCbTA}U<1?N8=9?6}lqOeK~TLnbj9HxOSEvX%}C_;MFj z&U6L!B5+lENfkS(_-5^)Fva4kw7ie@dd1(4%Za8@a?5bR2stM2qTtzmXEP@oi z*|cSWD-KLn2Dr*$ZZmn`9F}`xh}X#UcISECEKic958R_i4-@MNYN`5rIaeXUuGG7d3iau z@P;J^2-gX3j815@=YmJO4yH>iC|I|*Z_mwzBq0U@tn6>))f1bQ(EVa!4H{5B1) zZy#n;?H&)aX)a!VFYDg=Shg!Zpbv1K%9u9gr)zs#aCqi6C!C@1I=Ds)Is$Wk1lgT0 zgooWPXyJGeh*ot2y0P@9*75Sr6Q6!H@za$f-V)){#^lvGe7Y6eW}~ND(bWb|cj{VA z@N_q<-q`6S&{kuoyWy<~on8X7FLb&Uch|`2Zgg~tobDiOt%1|s$Y}_iZY82MZn_%@ z4{_5S!a`oiO;^YCz;{05`jJ>~ZwaFr{NyD{C9_===~nw%zr z?PwCUt^ZyLF}WA&EvE{*3l=SMREoc*TXzY!x*+jK`7Cpozywpz`6m2uIK{6={LYY4ANf*Hw7+?dKy7}*CR;nSfi zI#IEeEu^0Qa(;peXO_!PPzIkCHx!NRFZruFnFE|VipH^M3%;)4{YHbYJ&d{M*y}O{ z^%2pPG5O*nqMQ0A1EO2{^vwlCH*usc9=e4`5Ao2gb86*q=rZfOheMZ1@Mct~jBK}z z3XdLH+o9P=i|wr}?o-TW`IT_A2}y}86+q;U%)t-DJW$&1T!W1W! zW0>OpJbGjW4%qsFqPInDP_=5b2laJzCBmx=_%bxtkYyYwjCY^>3nwaLvgIPHi7n+| zu}Lrh+LsPZfmo(*U@QnQe?X@2oAZfJX%mUm>m) zCv<|ctVl4SU9AcaN=s>XP;?(!DLOI{v-~fah@8T65lgKEt1{Om@kqQmTBN*?Q?P)z z)Zj8ne+?z_Ys;!*fml(lPL#A#V9ORVrF^nUx!y+osY&Co;};YI&5Q>Ck3gPC&r0DG zS-A5`uqL06J;=P3j?Cp-X;A*?TX1E03fXJ~)REmO&)~eshXD%qxn&~eNZ+1~toOYv zePK+ZFIQJcNi?@;lLn3!O`)h!))IjN~N77)T=cIs!izGx__Qe9nTDxI8waS||)OH!S8aUT?cz3*g zyTo=1^pWBI_l zQ6SNWG#g1Duy=X-QK|YbdLKWUNN>>dMuPW1AAI_xmFwOo@Ztp+*q|pQ8-e|~T@+Uz z`T>CQB~oPILs@1dMtp+htF@w0KA*#EF>-QZC6vJ=MBw8`z&r3*qU)RTPoH|=(~ylIHL1M z=_6PRv92d>wA9x>i?}mJtuS>-R=-yGenE?qB9^=?ePxnGE^0{8wiE{ug^r?k*JwfC zF~VTHjzIkV`TX}C@K@jwgCYGg#b5?0P)q=v33opHHbS2S2r6^{VGJn)&%qogIV-*L zRpdKyqL@z;%q-v1YRbwd(j{n&vN@Jn!=7k|XA`SuHv&g9d1c1wA-DWHOd>E9Zi*_@ zzIYQ#IUK1hA3_7<%2DAUHc<|aGNss-V5W@NCbG+avGVLFf3&^7)Oo78q;6HZ=0!qr*ilAoUV_5E%)_(rL*sw!n@yGfQuQ5WAJ~#TZUuI7RyI<6B=v*NyMDXa_o zZi1NCnS!F^l3qaWa@H}$_-`zDU^|29hfFV(C7%f z#}Nqf_apJ|&)^Rb<_rW;5A;AV*?+GwNUFqDfg)FW-s$+VHz`UkW_Y46Hn{Ri!%+I= z=|`$_(eH?YZN3T&IJAVQSPZ?DwniIti7k*x**OOTx}YJ8Yjsv(>Sly1rW2CQfvPSo zZCp(jiRdD}^8do8hn3iWJ3%NChVnULc&>uRZU~OREzA;LXGf$E6d+5f14UVzR#}Jo zGir&7@VikBOTh0^A9PS{Rta=Ke;JyeL()3xUIoyDj`zP!$8#m2Hdxxf_--s#TA>#w z>X(GFivSQ;;N73j>e!=l zigdc~!-Rxn!ayc`+p&{;W=QO$oVG2OD9?QszZ zlsJ%Vx+i~q)Z69N*&;=}t~`~?vf^E_-UxgYJ3tR+;S4hrvOGhk)M`&zhLfpiFUv8D z#fNkG3aj1RRN{xXo(vx}W!9ApZ+<9`nfi?q@SZZ5L@*`^dJjkj-m5fEy#D(FGD>m| z`R~1=dT$r>tjay5kIJ>OH_j;yK0_ysrl_q0Jrui`hCZ4-8ip)!gk+%A#Mc=jCn7Aud z&Sxs#M_7S{?r&~lCOCo4L$kd$Rb9C@cHppY4=bif;n}TS>LbJ;j_KVDkwL6O^{V)F zc7(=ZF+l?qM<@tk<_?a^+ERsHD=^+oz>Pp%W*@k#rMrQDH3^bhS8c<}QUo?5fMqbe zu8p-Y7?)d7H=f;XYNu|xclPG;l}{9z8Z&VYE|0$%U`sI!xaK4Wa8oA+Zm3fA4AC708GIZ;wxPwEI23vfBDPS*2j+l zz!T8_RbEm=7)}#H84h2QsEB3z^l9tT0GdG#2_*#}oPeSsnDdt4Fpkw5F!J4E*+M6? zgX+Rb-((w@nSWnW(lYLhU|qas9trLnqUQ93Qyj&R8IqFdKBjk%}1 z>w4hv4)_BkIEgs-p7A~d0A)t(&7tK08*y&^jO6XR&Mqq6H@sQ^^Z|uA*RKRiuJbDt zvKUMelQn{%i01qFu|lp4Br#QFBnb#&0MoQ|@1`RtUT}FkR~LR-Xtxga0|7`x4KGLz zZlUzVkI+>r{8tbJ;0n^&*4C*N+N$ppl;9iP zNxw=YH3X_CRF~CSytcM}(kEKMV*vI@%8WmkYAYYf+CvG;79t3tPiIXPvpnf@GD|Z} zN8j3WtiTU0)aO=00u87$MMVpnG?WMu#IG@xW35Owk2q@DrQOR-CE2r6*!46hbq$~! z!ko?Q4s#Khh{a&ruI9c6uIlfAZU1-Yjq@Erc(B=@E&U|69E=~0j}u=`dme7QaG4?2 z8N2Tbn24Z}T;)PQ5qjDzOa{9_x=HM4uDUwC$I!OXW;S462&ij&f zE@9fS7-R@ilF(gnivVRANv81v(0nSK>4bj(Cy?G^^~8G5WdG~|6)x60BM};tjP?59 zklGI_?25*rcx8bS8;ZjTCynb3j%0q*8yMrLxF;itbq`iJ@AWr7(&ed8`BjTG`d1;< zmig1Y(zK>Qo2Ey@+TV={-B>n`Sb89 z)!GrF9fl~)aKa{__h%ZYwdc=NF#6B52e$p=VvXNUT^(oacG}0RGBRMh%+=D`=*sDi zr$gG3{F%BGl*F*wBSm0smuffDCFgh}=k9)nYsuQwMBgf{q4ttk)(W;RiO_2W`DPEu z@(F;GdKvDP*%3 zy^s9}GAKtU&;)<#fj>m3?ZGn;M6O`)9)=`IP$(2<(b3X2FGg(G2j_VLp#4$g>d|{M zm!zB`04ad#^>E1~&5JBgR%3$fj06dSAVWfhe(~fC-Jt9VXdFQh1Sq+w43PUb2O-%3 z0_lnEW4!pFc^>FPTMz&mBa{N1h@>rxih6B7(asqT05~G)LbAI25V_8Dl#<3lLyeR{yajmbt*3EZR;L^(T+Y$s!13mVqUbHAt$YnhXA6u>gP- zPs94$yWa;#Y7Hqg6KkP3dUZNlUR^Di*QBw^ouqyR5L5l=0I)z$zt!ox!?%|&U-U{- zzgNtCGjt%Bb>5snkS?JPyM($61DBzg@|A_lZh2CIAmDSTG;MfoSkzbIU94u0z`0MM z{Tf(iX}kB&HKVypy+})Te-(AQo5p$XEV>sC7*CEbnFn44`}58(B|7)b4v%4C z(|g|5))`@F1TJtAB5-C`wxUXQ<$5Pf(IR|AY?R&E=WLTYDhtc1QkV3x=j_e#$-C2W z>AWM}R9;b`aE~&Wp*j8g;P*adkma-wqbTFYR8gk>_|)5}kTiaCepw=F6Xehog>rY| z_!GsmPd#l5rJZHWm>V{|Mm$zS!uQz6h8JZu>h2eVVp2GA=GvmW$ePTwaLT|OE&zkq z2tY7Fw>mGD30<@ygVV7Jx-(|BzHv(U4Kkf9SqPQ9+5=CV6Z_4o*F(3RMc|1ulP*rq ze?2|&Os17d>8_0hMLm_3EQ84u@m)7UAAp{G_A4=coJ{%T0|T}3_T@iv^ttlhyE_pt zc(t7J{l&}z>*}K0a;pV`_a~T;>=tIxYEnUO!oALt(VexUB}U;t?@BO+```5k{Xu{D zb%;e(ZS1fu`>s15Hs#h$dF6A}!$xgy)b-N$uuZSNO|LAR-_X|Ge8u#o%nHxO-LxQY zeA`}KQo6Ew)Ok$qeH;HGMZ|CV@Oy2Tk&=dkaE8L`b0VHXxr9?HhkDEB;HR^X^)pkw zkieRRoh!kzvq9C6E!<%sL$ZY;dZPvk8-QOgE)*keKhnN|r}S+)&0vJUj-^pOt_7#{ z1u+z~g0qv8V{rKfj8D#gdUO679G-!<AaChvUPe zmnXq~f3WqJJ-N*9{RQ0M`ADvJI7Y(7bk3O@&d>-H)wa$N%dIa$lPee(#q#eRdtD4#X*TzP?Zlfc zW;4BT!L8k$f_|{A&ty9IOnlp^>z97SW;5M#pxsHYO5vnZOA74p(dPcvs8wtCyiQ$P zi3chjqs#|eCyQxZ=dM&~IKde|$26`GRt`_yud2GMIwk{S zoECN``JW=l#a%pVCZS)5+XmRj!W}pMCTL?EOgZZ^ETTzMtOKvO%&V(Ync}ryWnAfM z)ikzPHvtsQZ%}qb<|*U~`(IxS`_F>GF8J?Z|GQw&1N|eI!YdqOh7s-ml3yVOrT;T# zni>sHoK`^(ePAdNjM%#wULgjD1xleIm+C7*aWd^+e=nkdZtNC{HOsI`K0CshG%g+( z8P_o?t<=#V+E_JwwknV0s5SGY;Nvpf$Z}!BfWpyGd7{c_YU@Ek{hV6OY?GfaV=Cv4 z!v=mH@*TSEGMF>+GfGeuEzJcaL@a$}sMl?hXy>02I&2AfbVD-MR4E4Y^OJk>^ zy|QS*sx}P5jCHdoEyd*&GUGcb%qd)J^h`U$(<79*BDP&NoRr0}4|cqLa^lY90f#iH?AKYb`B=e|Zk z|_@4Tu*9pk798@_Om*b#pbkU8E?xjQr zcCL1Xv(tjGfz?Y4dnG8VUZncA>g8Z;9pL630L!a(<(Xrp8(e1ORkMymUy8n4ZtQg` z#pMRS2Ibc@`Yl~pZuqTz!O5|#{+h$I(Nt$@)sC^&(~k_iMy0#HSyvU@$rQa|W!xME z3+}9T5;Wa%c!uUFTQsm>`Lmi%KVsr8<(Z~-qoZQ+2hFFHt4T|KoqZ6{(flFfrv8?^u=Xqb>8@^c}SK_PPzKz9hd~1siX-@+g zq+f*J%O~0aL^(%xq$5% zhbdx$3qNIKt`&T1c07(z0!A;uwq8Yt2cZ87B~v!r0e=9TFlYIAOs@VZs>g&}=PBsj z411tw4i0C=+eG}jBjSV0JA{DYEa3r=E=1x>pAX3&;OgL6ghHpSXYmh2_YdQA2G8=j z>`lX= z8=nk;qZtaXIa~SEMDkfT>E|Nfc~i+irO_YM?Q#{*oVweEMrWEe+;H6chE+hgcN2c) znaoohBLL&ryl==?7b0?gCR6bMJ*9ApcEz?3@`@9P>FfEq6!Y>>y)@>@qU4+ zc>Sj+D~pK>zt2cYVlrJ^q#1(I5lJY^AWj%{cGtB~IO)VU2DN&{AQh|4VPJ6s6Lg-Y zqOeyTD_-%R1Sg>PkECZ+4J>yrQ&%?zW`q7m^6TNNwKzpB0|-zt+|Ty7EppzionM!_%NQ*fj1S~>}9lQ5OkqwUhw&wmg5!-K9j zKh?urEnDUtsPG|_<^Abz^hB<-y^D+nWYPv99@pLVYg9t=XZIa z6IA2LXuUzO(@@QIc(jJot|nN2ns~ZEQH(-{qP}E@<^?QKz-g5U&}@9>rBRBQpF`V0 zAih~;FM1z7eE87YsfT&rhK=)iL6&NFO2HdW}maNkGwGkDN=dFZods8Ho)O5^cVSRy(na?`x` zKY8ixgRN8BZ-B1V6AMtSnnaW7QdDXt4_( z-@uqFm~}Y4FRMy2A9tjaSG^X$2}%XVKfu3o!ccui&5z%#r+nG}+t`5n3pn492Y9pp z_u%=n!9mIY`}zLx`Gf!Wef)6A-i!x$gTsP#F(AUuwhA}H5x5y{UE?Gg0a@!cOt*jWn$km+J-QmxBxeW{IRQ4eebX*rXRoxc*F3oDFl zB};8rPvFV#Ub?N2O-t*a{c>^lWbnY74Zez?1A%IB)Pq*sqm95HfzSgUfwvT80awgp z%ryXk#=V~#`EDm=#Utk)&$i00*H0I2OHZA?%1)gm5!W4kz1afF(ZFRygfmb0qV+sf zU-+^Z3@+Q0>q0x*EYzFjn-}o1jPnz#-d;FT36AW_QcLJoKNAi%CKIQMWtJ~|dnxga zsE^S?vZZyVX-IXQu4Ag|cNkO~`({Vg4|&aD)j&IsYfFQT46K*i)pgdNQqq)G#=p16 z=BdgOUzfMrgq@7bsSHIs^Y>i61LcFE-H_Na$$Wx@L?{^aJJ+8f7{!Rv&1F$vD)CCS z>c4W5R6U~FG~9O2*W@>2tP<^9;-tF3Bg#&7aa zx5Q8R{D(fU3CY-;{{Ejr3$y49Yeh3;E7 z<=93VTfwqi(<-{L(Zua*gBD|uasaejj9xS>y>pa_@NQc-7;o%lUr}o;`oq|L^7JPWS)rH#$=6zV-e8YrM)yaWZ|EAsFEVQTi?>A&mQU zR^03S$KDlA_T+m%yx{MD2f+lCk~+To>GahJ`2BbApZ{6&Hd^oT_J4!kmdR&IssT;yH={$yrYqf4~e3#UB%FgVN&A1OM>?^u}+_e)dBwD%L<0lO@JC z=wYrr%$09!u4p;<31^i3MzZL|<89H{%nI-a;739bBt!5AfVbD+$w!%_=<)EsK0VoK zopM|6;qhsgimwkZE>F&n-~4vA(md{VZsSwEIB(QU@{gWS)ADKLOJ4*^ zQucY*gNu{1%hR)yS7u>&clP%6k0<9{)`y-C#?hf*S#Q0i!4LZ6{IUXEuMFN6znuKd zOHHRm!9e;Zc2by8Waby`!`o{!!}f5x2R{Dv=Iz<>yVLQDq3qut7iLo~UX{>avOK|& z`E>sF?DSZF`;R@G{=r-Rp(`nZ@C0ld6fcH5<^uqy;}?&I{{_s~!GEbwn$bFjbK9cD z1tA~382*JuhJ<&TZg);K61fsU;Ik-N^77GO3hMOs@iEqEVtRvYUo0L`R2mWb<#46oF%X0 z>iNG$Vft!UJLlZ+FnbH0cEM~ zR+rJGdi%Kz^7s5xzWeIY+e5bsQLcq;9&6dS?T`gyTQZ#&;9&tIR0lUGDEV1 zXVq|lJYhRvP|C=&Tzt3_`C2y1R04}U_d=nah=EUdG|6L%n3MNhL?+4$tm=g~FX!Le zF0__=hwE#-&;kIaY2Qu%5R!RH5|pr!ilO+*F21yf$45Km)4#lO&^v}`PLd16dTJDP zhDo33$W)VMbjnvJC6QwJ20V3iOp$@<9b2zIj&XJnqicCJtn2+?^{{R%4hr>iDY2>@ zo(na@tpQSwA!nQMLaU5pHKr*~BgoJN%OFG3g;TR$tc2I>93=(Ws=XWqM*arpaSJBD zj2r8rTYGJ|B_`M*=nBjnC&I(&Ld8{-)8&YaGy6}2frtOjx_w8z?Jy<2w@+l^cOI-6 z(}mn>+VGLjYFVFbzi({|IU{ra#jSTqu2JIK|C{Q!GBm?PFd&AMo>^JR#SNVM$%nhz z-Z{T5F|=?p!3kyyiw~+~BjRYlca%lvI@(ZDSdmF|*hrpgf@M~*;{7$YNc~Hpf;P^O z$j4?>pdRSyLw6@V%kI>0;8?!-y2S8?>9!!=A?*o?P-nt<@O)UtT9r@gXp zboxC%E}wARk#t-Z6q6{ye?s>)sLDg z8|qaZ0UPV1czb7@kr2sMTxL)&b~oQ=-*(UfrzkAk`LKHGcgG|TbPgt2v=PZE5Ue06QWa7<#Ved#dyNm(TGq5c*&HWgKK`7+5RFlW zh0axH$!Kg)z%}_stYfndr?NxF_>WMPy}Fos{I&01QXAFUGvMM|KQ$k#B33`vF`l4s z5yt2xA=jmgar12>gI>Z^x4rIHsV<$Y8geg5_P46yU>SA14s5ehzDhqL45ta942Q2t zg#2WyWIXGQNC}Zn@UzU2C{MWxuOy_+lUzcuEU8|CtRg;93!k6O4;##;Yi_zFEF9nl z226n2Fr_x=wZ=)1QW~TnERUM~BA_yX?NJ6Z7Px;IRiJHnQF2qpD%bEIPcP37U!T4^ zKKb$O&rS^>^BSx5JWF7<06meA8uTVGrl<$Dt*CRkU`OaGpSDQRj(;sLXp;U`=O^P= zr$-{a|GU?3j!*o=m2B2Fn8R1E-u(9Ns-eF7#72esg|VOIDpaFt%dwTPCT6>hSI5%XdewPEXD*FIMG*?aA03vk8xAK-=K{ z*alw5QY;JIFKa&f50{63SVO-@SSk<3wo`Qc^4<9G{P6X~(u5Tc;Vw1H+83KU666M= zsyc1w; z_kyIx;Lr?p<-zpzl@lp9kCiF(gRLE~N}-jcrJ%`w>IU{HeOyjw(ljxAa$~#4bvXpo z99x9}`hx4Ic{RcZE7>&s@&P*sHMA0%ulYYyCN_hZ|4Jf}`S^pSk0`^vz=^n!%f zh?S)`EhW%tk;}S~eWe_vJwqGYpEfwQF3R->*P+utx^7n-PKxUf7$2h;Hn|JANIZ?o z1DCd$?Oced-)JX)9)ULr0x}0Jh)FU<8DKM*Xj_2^lu>W=rWv~7OjJ*-V3Ghb0skiR zD~v!Y4b6!5T|tu|Y=U7F4V$TU8iBGnsh`OQ(KWsQhngf*4xqZsP3Hll)u=F_5}Hj+^%BU&x!!RemO!pQ5la9!F%wH5zl^C^jh||#e5J|QafW7yk~|B` zmLgN!4h!_qyem_!aCMA*HG56 zJFcy58LN^+7eNN=QFVXyqm~7pb~L{ldz-2cZFp}H^_9q|Gtd<7;u_GORI4#_l zr_!YcS$suNfLPgpZx1M&r^0=8DbR?8dtR7qo;Cm~e_h^ysA8n8xAm5yn>Q@C;LGBh zBwm&ez{RzC$u-q^h8s=t$vQTEaEB4v*3H!00Bz!#fCd0h>HpmIO zHD9!U_KdVNBCR|AU4>#blX<1_#%$*IVwqmX4*iW73vIRL?yQBiSk^Wdwpb9AhX{^P zSW*Z#a0hF^w#P8lL|#2k5Q?be$QWgFOsRf6%uX9{Q?5`=AW${$*Hx(xR9`uorq+uN zCzu_Xn5f$B>Q;0?Lsof@O5Q3Tc|xoFqg_I}*)cBxUuonG;dT7*7`mkh1Zh#Li_N<# zILlkVYhbk6!Iw2+qBbk0VjB7v*anPTunZ?tu-!mstpI0va!B7&l!2Wc(1ST6z3S07 zoRQlE1n1yAjzEyVABlf|27iDsXCR0`5A;AV*?+(CHKWg)*TUOi!Km+$*Ye?+^Aq}W zM)I`ulJ#=r*QgTrF+lD2Bi*rqoKqyTo`hm>_5^m=8Yy6r>diRo}9&F~G5(G*1<71}HdBQU6+ zX^NP;yIL$E*kIVSg1pkoP-(jnQp8MuNhrHm&}Em88KFWD8%|Z8DqUtpr9cwn3G%OV z%Q8_MF6q8RwyNu~yJ|y6 zYkk3LPnz~FI7boA=Z*U${x^Dsxw`0Hrq5HhIL29*xGfLD(m2b~wk=z=-9*@3haLi8 zKD6o*2EsD5`ITeCSn#oBWAJ(rHo{7ZTN>$iF>G>__kOkJhiB z`)#s^pS%C5dH*k^>H6>f>7VBJ{|5WtJ%3($|L^(J=T9Hr|GST$kDGn}4<=E|>rGs; zXr78_t4L_jdZDu10+jM7-|_*acl}cFaqnh$g%}*Fm-@!##t$#_`OYF=#mjpzj>+v< zUxl8~5XJ)52#D0BTL36`5ved`d5lKj$?Kf5^E^4EPh=@q=!{AgfI0TQ3DW3`Vz%iy z{IE*n8KLZSd{ofQ3(gR`CE2xGI6gft3hY~8U8Y?t&k14T5^6yin%m$1mE#OW#~DeF ztof#oQ-`l!ZP{1I>vOJ?_fH!Ky8@x;6;ARG4%vd_!(_p!<||5!<|tt>76U-PwjMfn zxB+-#?$Vy<5@|Iye`?E-De#`hpR_1+b^HHKcyIgv)4_M;_kW*1efseJ@4fuo#r|LW zoUh#AVv?XsRk9twL`6Hf%4g&94kY~-c+_Ut!!gj*1GiB>`D!9)GlF4`m9Ez+AiF; z-Dv;8KJ?A~)aZZena0iNfGzsp!NIeqCH?PUe>i;5|L)`GF7!WJ8>75Uf?`Wqn=-B- zv4dyTqf(x*9WdA_TYPS`l}A0F^x(KO+$ulg#){pbz5t zj`%WzlL-#%AL!FyybT(ZOx2g_gZ{(*{{E`(`Qv0ss=W>BsV$#WJF%XxY}>-{Qr9lF zTAYq`XWY`JUbr1 zpaVe5`v2_d^FjIk|M}qHVg0|4pSxWDOYbF=%Z(mc#JsF$^p$Y`w_ANp@jT;lxa zUWr#C=Zji{>kYr9zEv#0zM0Zu7V?4YY!|9UQER+tMeQ7|JKLJev)^lM?ruD6r);OT zvd`GsWUB4Zd}B0s!rI+h+YQLQa@?_`wwh>bv%9Wor1jXkW{jnQo5a?byFvnEL_<_d zMp~pgZ>myQdD4t95|VfXE|10@LzzuTOgW>b%5BmRo{A^hN*K<^fQ8lVvs`O{}XGiP*|JnQd@3w7Z zVI1F|{a0WW_tx$c$uD{7KHi&quj{yt&)SZ^meaj^+CDZ+LK4;#!6hI&YMk%i{yBId z36LNOQk0@}&9i44Q^a5fzzha6gBinGVnWG2Q+ARXTT68jp|4W+{~B-eh)XhR2iTAo zB~nqp(kj=W_ilOK-#igFiTQ7^jdR8;ZTwOfkTZIk~N6K!V>%gEw)d^iboZ4C2Kb_inBQ` zQ{xBVygT+iQC;i+^jJJYy|05gfHen}IksxOoe$44H0nORAin;!u{2Wspv6>F@U9h2 ztz#WXb*;*_aAhgWOyd#jUx6>ld1YPg8bo_`d0?i!Dh1*;UgdLTQ9~SOsnq~iA+o>- zmkv$CjKL*lgq-+G1acIUDPj{eqkwubj1UDQ5*v02C)w;$6s}f0CQzKjWSu-nD=E9n zg+h}rARj8x?m$j7hyQiSiw1MJ8oAL3p#?^~OZm}A5mg7QWoe=b_$I38lWkBudHY}F z-*$KLUp@8lU*G5Ke=m3UzJId+t>Rgd{f{prd-fiSvCYg6RATH))BL=}G@eELT=>Jx zA0zf;2K*|_fR+U^#o^&S!~xejWjpS1(`gKFR-8JYO*WD4 zoqH|kn*z|~9*`7xDv2V~H-loFgGN*O;aY4NrH6hEW9a*si+329=Z-Fd2&%eie0$_; z+xs~2avY9BKO#8HB2H`-lj~B}hs7gqrER(d?ZHs0oRWb^7?9qS;%o2`KT71!bU(q~p{tf7?=z7c52j zrkT~}^XG${{YHV1jScHgd3N%}EkD)KXvs`Q#J>{ZY&whOUb-&0JgoXlxDS|3D#Z|- zMuDp4(U%H-_C`*1OUN>YPlv3%DTQ2OG8X5Db2!zrR<<~={=p6}PtU?n;ry36d*WHJ zn*2}ud&T&_7yD1~e=B*uFN)ECLC*7 zs{57_sntsrsNB|zQc^M<0(5l|yr=#95Ao#pe-&^_cVLu8o-V2dRPX<`~SXw z@%qXCw~}WG`@dsGhq^qG4gH3cL54=NfFf4rJk-oU3KN-eyzDB0cDFcTi+}UW#cCM7 z(k=H>E=Q@pP>ltl7huh;)8soiV}yDz;CiXPWI-}U)Vki(e~-v4WF>ZmZc`&A9WRs{ zscUP2L$V~zeAsM7mQU(XNeHd3t}<0wYMb^a2>Jn{O*pA57p(ad?TKKOZ8Ggg&+8?gV>-{TFSMcjmxbSs{;t^AJYFKZ7A0i*hge zeR0bV)}Czu%Cnm$x{>07Tz%0l3LeyRgHd+cksl00bVI*vG48ONQ${mF3&v=DJIPbH zm8+sIqmN|f#wm<4E|rfrLEasmO?SNH3n>7wcL%moO1FeS0GorPJni5INYMpk6VS_A z3jMgZEw=DcOs0Z!w?U7ulOA|Xc=-{~3EY46nwkZ%Emrsxxe0=S@;EfXOg8IxgkXvd z^QdCmT<=kG0pK2n*f&HwO4Vyx}3FEu*!+|;h}>dit%G2Aug8pvg09}*uqqs~9B!(9g`5m%Xj?$F%n z>pL{hPOT2#%TLQFbY&F|cvvWWuD|VuWsH8h6XlEqD9&%f+RJW`*L&#__lN{!JRe3e zg8mT+DT|>V*uyC)`J^kl$}s4TN;-itx`>H~q*Rw~zih{|{cPPIY5+Oo<4ur13s7wC zQO0X~|3<^sdy^kh{fy3^^p&+=OM?b|>2(5BUtQD(DE81|#YinlDI2Fayt5ldil1o= zg5oI-1#A8kLl0e`7z=%@)XY-ZA_JV>$~7+WN>jL=s-HhXm$oWu;uk|HOTXv3w`JDF zZ-XfPu{=^OcP-e*a2yiKuy;m$WJ}#px=aE*Lf+g9&^tozaiycl zJhywUNw=j%hpofpuKSn4tv&%blc!PQGQE6GpmglCpQ&6&3TC63QY9XWgC#+Ak8{3< zrpQ_`(q3`a-?_!%&Ml;qB}^QQ#|!T0xn4NHE~ZSt=@?Z5_ChlyaLG+m-^Sh>)_xWz+#_+?*)%oGs$@SagA3pqKd;x$M1+_`UA&loL zn+)iQlJz}N0l?e^d~`b-*DR#%vfJ$mPM61TPlnf*#}}t3M~7D@@6WH#-oHJzBbPUp z7vY>84zG?cuiw2NUKwAN$lWBF?U~F&WL^B`;M72v5X#CZ))#W(cdsn0xK~kh+u|H6 zn@yJtLK1d=ci`M2@wW}!oaLWC59qx&&_+;YCwoh#5Qn8>)e&V&#Il$V!@49d-d|o_ zpMN;};rQ~4tW0t9qHbk6fUio~RRz9$m<~@*-~avk`0V29AJ-R$!{OiGU%ssuP9f=m z-dwjuz!{sQ166^FHrhrLhfik|T|i17NbLWJ160WLVa|L)%=M2arzH}tXNZ3p+$H@T zRQ}bERDV5(CAPf&%2tS-U|Zim8kv5QNA~?UG`~cn;;$7YS!Bb4O<8~L(7d8)GLL@~ z<}WuE{=<-0!jVq$?CNxQeSCiS!|AaDmkI_IyqfS43ur?o)mzkJ#>K3&h-@OnlCHGA z4nJJIyFNNSIX=G{wjByCR*ppaz9u~%9baBmaJgkwuz((+m{lxw4gBAZ|IrG1H81J- zA2x@7Sc1Q0wfK_@aT$-x=+H2um16Yv-Sx%c<>A?|F=B7u$<7+GS-mh_)=I9x%C3mS z@Ho8x8ODX}u8U)q0pIbsReiG6&MCG|j?OB7mj33#fvPCq9mebEtT@FosNxJp)-53{ zv+h=dZ9k=k>T-U~K0BCT15^79o5UD{DO}Jnc#8s989i$DVriA1yr|YwVuFn9eiF43 zWZDWH8ub0W8jxnIJWM+CJVfc$Bt~>X0{eXh6JWkc9^?q(U>2h$AoES~AkoJx%qn@T z7GxmB{>1V!XS0+qRnX#2gv0T5g41E6dMi!J8 zRCRB%x&)s;w^r`Hj;JE%z!^DZho>ipRgNCFtVLzekN@}L{pHp1<@Mi>f4Dw98D1Tq zUmw1GdwD!8?=!joeDKY^je9Bzw^(Pb${lVZ`(c<1V@R=5X_#!?7#H)c+G`<_<&WxL zZsve(>k#G3$39B}Q+lwoW7(O-Z!&G;J3<-w{Q01jJ-q~T-Q(%T5W-_9+^kFTOqTc8 zrK8o+ziy&&*b;>*Z)yDsGj@q3IRC8h7jynqIE;#VEvR%EISbHkJVt4EEAtpt^w@!3 zxO$I~t>JFs4ktMG~veynKx`h*>!>NvQ z^t703F0_BL%(S#4Ejs_Mi=vf{yV$rh8}~{q$xZCWe++w}q1G(TURd7C!uG;y6Ji>e zfqmrVG{P=CsVUt0yP73;OgBS>d@9G}0>x8Iskjt<@W#lVa-aX8kVnO4tuOtiJY7fo zdw%7yY&gX1D82nzN^;VS&Z);NrLs*hh4f4{y>>kFIq0qCKSjN4L@X9>xe)qM_LYnA zySRLso54$9)EdN_S~F3dIa3W9`WM&&j0{$FuN|exN7@+uNWAXN>fU zM__M49zxK+1UJ|R{n^cd`0r2P5qL8O`abA^9_WwuZ|Zz!QMC)NyyGfcMmb4#BZ!6d zNA#zd%=kfZ0SZdgid9Tfy|cutNB84@J~liHAblPEZl-{*F*KoYSTpd6RhX#TGJ~te4blW>kK&ax;-dqw`~9m|1q2IGTMaOiZ97J+=}Eu#l&_L_ z8r^5kvgW=t%+R#3;udkOCB~f+3M>nv!%75#A4Nk(kx@$C-pUe zFPPG|!lc)I(%uCT&t!wOz=Fk6wp~}Y!AN4VUB32m2bU)))dZ=pP)fNT?9fL{84kxs z0mM`1<Sk{Lv6bFMx9%2H*b2ew#LyoFGXlTm6S9gDhI(-FHw`~@bVJcOBo+NFi0 z>|uh!wOTEa)p_qkBbr+q!QWw&$$;NGpT2!$Ov}da? z6eKFS2UG^CjDUi`($moc0L4u(u7X%=KUemiH8n@9yt1=JdS=D}!(#BS8KU{~Ib|eH zj6romysY=SEu@fuSt~Zwi37;mn^U4}cdbzGgERS1jIiD?d)qx#T8|6Sl|xC*{=f?$ z%~F7C9amxndgFlH!XW!d{%z3+HGDojm6H5oPig(fNd&v8{#;xC`Nj9Ud%60LuU_x( zKGlC*#q()-^`Fzkr^Qlv9oK&3YgMoLnCd0E?va*(d`DvZI|&&KE{K1qkVElP4ak3o z8jxbHgu%|1g$gu2-GDenWks?(`oX~(3HgUmh(3i zjn{n&O%lKGES4Z+oyhJq=2HDnmFDU~2dvTmUccOXmDB%TzuJ5Cr2nnrS%UtzociDQ zdrEy%g;Ac=wU+9d#m$lMx^C&J(dvXDQ~$ohTGh?avDz~iS2_*iN-QkpYNp&FY*m#M zZK76M-VbJRY#HD8P6_mXfB_6W6!*3r8k`d!U644<>7OKVzlz~#guRL~ObHxoi;8l| zikxCW>Ak`Je%pG|IBbfxwM99)dAa2_{L&jajo7@jVW2fRxk%_S-&PW0e%dhwPQ8i( zl|{V8YiHCoAYW|!rMdJHhGRr+Gok-3!-ee5fjZdj%d#hsRh5X73x`2DO1@2aJZ)S# zIawE_7?w4qNJJPP8dXPgFDv`D0$2b8z37|ur*6#e)xA6K5ysu}#Iwx2sIMoGjmq*4 zCrCuLGzsz~aZyM|t8;0$m|02~?*Wjcdc_kgh8gZ#70V zFJu2z8X#)z3h5xOm3g5VR%>Nt=y1y_$bS-aV)NCX8u`D!xBD_@|9!c?`{GIduj1)g z{-?Zl3%x|rH+1HUrUl=slXpd)sj55^EoRt$E(P%(tk;pje z3uAnOhjty_7OgA-cE#=ZG=#AazBLv@5kk^Lu840pfGs+*55A3vpIk+acuS0^{P-Tl zxB7=OicBbcN2dqi7t-{R26 z;kYw3pzi$l@>L=J@72qv^WRFIuW$eVL9WgxHDJBf01_Y-V3+K;2S85kj7>Nxp;HV4db!G@c~*k|nsDt`>1!WyV_N2NEe)LgJ$V zogAq2anJsoC7cs42KG8w0lp=4pt91He-n^#{YUpOz`h)nLDKCQv1@(~-P#79(lE>k zp}aAA)7#w3s@Su6#NX`qHquwT<@G&`-)wFnZ$dzC^Hb9H|NXzu*Tdt>pHGgCMIq+v zP2Ro-9sxx@=+T}2&h^f?w{5_Bv-#=I3Czz~H+Teo0sY@WZ_ z4FRAxJU+iVIX^z_DAAu7#q_l*i1ImG4_x$IC-YdbFv_kA&L}!oF;s8QhqlBRMh|baRr7gZ zaKBVmkOqv-MkD-DDl5HW5VPqLPiL{j)!zoCa&c=#$gPLXPw$Qo-<}>1hY8Q*VMz&9 zG2-tOFk_u0OlfpogJz6aJiiut;hQY0*eql?;H!g+P7aA$;DSd0AMU`nYNG?2dw&J! zBWB?9x8M?EGrZQ01Xg|DuBp> zjCrOiFpPK^$0P>5lM4WSKSq>-5s5*bdQrq+L}sDiD?;FduxGr^)gjv2(&+y`|7SZB z7d{D5S%AD+5kkUnA^T=?D-r0RxB2e<@ap{V?6{Z7An|#At-a~Fo;&&z1pNR}I&jlK zK7St2dvBo4f(pWVOQsNqf@L;9D&a%W+e}J$TpeGYAD&*H9S*OKFRwW%MY%7(O{u7A zyHS|kTw~WE=#X-?48(tv{mIxfjp;1y*Tk<^*z44`kFNhUBk^o%2y{FGm|ou!5+E2} z&k;>$;OcaEeSCiS!|Czco`uCEtZN*O$hAuR$H%bX5;qDW885Z1RP=asdUAdE;p*L+ z-mjZxv7#PlW4Y>8CZzy_{se3qQwaJI*t8BK==WJbL0@EG0-K*Q0@KPcpFzKWhvvqQ zNu?bAn+J<+57nHqjI(4*Hrc?f&D#AGoZk5PO*h2aba*CU7na*yI}cq4(f{!_Rj z#z+Qa5!U#626Yj#lkLEXHS$A}=ZpOBc|AYDMOCsE4Acz=q>xuF$yA+f>xhpLI}?Ov zx*u3;wizR)oTz=Sc=m7SeZJ2x!bN}ZiRp0Y8gZg^SbMo6)x!h_2=pXx+FO8q@Ji>> ziWozO{PbJsUtp_6yGMXSwheaEi^nsHV(9x?fPGpEK$<2RWIoTIW@RPV+`}MFf+5GPf+vR|ilWetK)U>BHe~Xob`bqm8#JnBd@-`|S@2f^o*dBJKB*cuw zJK&QtLcIL^ZL?mtd-?842fVD$R}1thrOl6I7WyEH(LE+Jn&{Y@pUMW{^FjKX9ox?U zhs|)xQ1a33Yz%s;&~l?0REoG7A&pE%X5OS0n79RV9V6%`$7P!kNli%US_SB-UI)yezw>$CT7kKgq2O$thb zB5QvEvO>aivJ?^x=u+ECBf_k03=zp^^i2g%mABM{>zg{p%b$CV0e%L4M9iBY3cOhy zqc9n#Z>cb|it#n<^@%Q|^q-USAK$;(su1JbIl*#dbaPMw?~~>AFT1~ees2F|@3+qy zYum=S1fIQ(Il3hsZWNfh&~F#q{Nex{TGqT;&6x2`o=q^7OLg6t_GLBpRB)z={)(B? zXk<}%Q-LCGq(Fw$mBvft@x$#LYy}8x@m;sj!Y2>m;fSI539HD z@&!Z0g8#GWG63Izy}j-25@$$;(N#Pbvqyk5eFgK>Oi}C~=ysPF(OJOWY;Kj<&bBwK z?Um~AV`2-DV07z+d{gXQKY=BW=_Yxzx4oU4h!9!Utuf%3f>{JY^3W@+yj-?WC9V@Z zlnPtxq%dVkQ5M$wDJrC4dJ@UE<{#yJ3Kcr{j=0)|{65#Qw4n- z+ghbIHhW*Nyt~7Sc5ucfeJ{W$WHi_A@Wa)+>!Z_?-FZ_v(NhaFZwr$(S#`eaxZQGk{Y}+CuIMV$n#SAI3M>V7lPa~8V@9lmae5d`ILzo=g-wdIs+et zW&_U=EP0z04oZA6aLEn)5ck%`P`=N;8@y={r%XN=^rSSKX{WXGNsJOEy0hIQg;WVt zD{v?;Yu7FiyhQMMPcI#?_K0y!_rA?KSR>5V!GV!7#}DbnH*iWPs{Ytn092Sk5gZxA zR|_89(8TiT)lq?dVFHQ4W6Kld0C^%T`Trfs?ux{jo=P@^N#m<>W@6?FFYV!uL5Jc9 z@N1R8OdHQtQ0A-BSLH0g5Ak9yhjnVF-#_|h^LIw?{7U_s($>u0?m6L|pw0eY9P9y9 z);HeWZ$+6JQ5<%}AN7s5|LS;qKVJUTeLHx=`mF!j{8YYvt^4f$&)QF4qBxS%oiSX$ zu5^2&AS^3^Z zkjbeZ>ny;z$Joe(&5_pLu-ylaPsyBH-2IaKA)KRcx_h_$P<-HMg$WCQuRe_|R8$h> zD@}3Vv1^?UQ4N*;s^YbH=o5*FtqeqLOdSnLoSda%p`;C_S4zV~dK90IidI}ew-hMm ze5-rn2_3lSf{%KsU<(r&@pS2nL@gj(M0OCn`)j6l7O_pdS`$_~ zP^pj09_Z8|W1|R3e(?^gLTg%eN4oNG`IUiv6 zE$9=)@}yX*3xT^J|ExZ535vj0M%!{15(S%^kYWm|!OR24sZ3qF)RYCJry~^Y3eePm z$#c-RS35EfvRFm#R-zEn)~9rgB(BR>$b(PRj4Vs^e^&04=ypG$GYwM5a(og)6ekHbQZa$}i5! z_upa3xXPbJoM(3GxzBRCR%+w1?Nzq<6Xr!3SfDnGXjs|2s0MLDZCH6wVHXhSpRUQQSL)EM_+=m%YVi0fC&1dBA$ z9}^lBW6Xk41~GV!bn!jrd8f57OquoAf@8C&m%}CdSWp2h7CvC9p)N!tKe^vIc5fB~ zft!-*z|94GPpy{wmx8ZIlv_Udn8^7lF42!h_{{5)`?zsdC;W zpbWipO8_7R2x1c)y~KwI4=(kMq1`5-lIHcZilp4W2R5ar^K-ZAZ)84kE4!4<=5|1JJIbbFsXkin(U=~ zHK6`pvXqMSUfkxHd>$c5y-jf!Zch^rD+l}Wl=9`O5sDVRvL#{YZ(F80WT5{FD9 zdAN=Z9AI8I4KI`oKaH2sTGHnYizb96+ zWrl;^;n5O({vwjK}N{F z3O4!s^}l>NLy_x{Z5NJ31OF|0Ut)%T7$KMU5BQ#4TwL_{J*&LAySsCK?!K>f)_pcT z-Yoy?PG>ae^0|Id?DVdCH0XUpUpo&O$g+^YiTP~mbTstb?@0=;8_2!nh?8QAzxEjD zo3%h;l9=t6K0)FL!*cj+^^f8QsVoTs1&)Cd*I-;-Tzp>cTf2m3_CBqHC~Z(!d0cIu z0iuNACZaBThEXuMj9R}?wZM9%7pZ(iU!^m)HS7#Gxm!Sh&?>hAqN8*E zNM90`X@0YhDZU19Hv-rGr|)3)M6lGpMD-4cCnwX62p0f(g$Z>BSgYZ9H3*KRztP6d@xC*q`Dnokiqwc-*xcT* zSFF$?t{XDPmjRIGONVY-LMWTo=ug9HZ<-$kWq4DmQ$2D#zR<#{teWmiu`^?w(~nK9 zgY4#p+*9~@i^TsF_Rxfh_Ds_?h2M+l0ltQ`^^F?v@ZOv4E9hzc@Y%gucl-J|`DL&8 z&OfU?cy>NzT^Q{CcDBA9l9nNco3w-3MRy9tx>Hf!9&7fnCu%JsJt>`JO9uPekg|&7 zPDm4&TI(2E=F<-REL?GpbJ@2&M$xp6~!ClUKoK?FJ&VV{tuNy&Csr-`&=?D@be;7x`T z7hnWJx-f60LI#SaO_^-R={u?x9mgvQ~Ypr+B1fKH)DS7cfJ~fcyi{2o@L@P)WNUzU!&Nct} z-R77=W)mM`i(Atr&eRNoonq{`d6+PWw@xjsW)oA=d2`SV5BHog)Pa)ayH#(0T%whA z2qU;a$J3lMX18U_g=z)xG4yygEb_-q+Slag%b#K`qGr}b(N;n1FT2%PyZ-r$Uoz|6 z`ce8*ceoMq-C>e?=SQa=%$7AOd>c~B)AJJ=6s!sxS0Q1M6QZvgGLf1*dU6LU9d0Iy zD|&D+Cyo6KRf*jseHL39hagWV(4h+h)tNI|=+dt)eF;u5Sov>H9d&T_rje{FR!^ZG zW7Q&N+qWfj*gG??A?g^f%}od=QhH$~oQR>qdfF2BHBhlpkDB>%2+4gR*dEfJ%&O#h z_0OENMa8+gVLx13W){<;gqN?Q*k1X*MHp<6~uCYbp*`6%?<0(L~%v*O$WW zrW^R^c73%zY&BM(_^*l*oBBHa z96Ru>qreZC(I!c6#sjdhvYqMV=vYK5Lx5rqic*m%u_GiU$~{b|_4us`7%EM$meMDc7c+!A2|!W!|cTXGm*7%0t6t4=i>qcH5cf zESj-1(CNEWrl4PNrZ-2l9(}gpd6A~{DnQI-Uok&47L)myz;HNtaS<%#)eG(dvA4s1 zRLBUGdT{Ffe+pXIdkmFJnJONejr#!-d&^ z93d9#jOL_2gWV6nq>Y`aItW&gnBbl{I9Sv)-Qs&Z%yQ=3`3KGB zlYfg+RIO^$L#25U>__N9v6^0tA2O5tD6Oc^Nd``Qm?=08tm8qvNwBH{uIK`349Y#o zddrM<4m9P1dY$g=ZNMw-Q>6FoZ0uTxp%aTG5*qAe>T)j|){mm(0{9u`+9UeEQ%tfu zrTgW@7{3fSM@cJTYFjrl-uo6}R53*W?~a8AJdw5dV3^2kgZ4v#_JK2065~7WM8>~V z-@qfvrOem%FV9UnZgUrIRU>B2*e3v9uzN}(56$?>q>8)7%}7%IKk0$5b5bVrNlt32WoM~>x-eDJG?g+2^`er>NPS2a;cbuy!;6ra!G7us5$}j;z9|S z@QIz48|V6{!5@K=%krM!pVZf^B)X`{Yh_|RlDE_8jfMUaLAQ;3w0^!ndOyGB*BS5)f7TxSUHh>lb9N_s!N*jORh*Y9QWIos){c;jx7GmKu%^8t3V!{O_xP-^t5i_EN zO306C^2?z9Yfi4vFtMp^fXh{64%*2l00P^K>cWomt|;OnDa2Qk887yiyD<3KbhT46 z2X*(2^~Ot9GMNl?vDMJgAw9&;>2Yyq_^-a{qN(2|JJ9}}04iaD5Q4H0)tuujB4e@<@9p>LNyUFvQmS}EFX$iO+OWU)IMR_!OY z-`8}P<~*!~mT|DISNP+e#rfW3xv?BISA*yUAy=$IcR$(JE>%qNUDj|g;2|C@TAZZ`sAT!3nIs9VQym3k=0;ca5xSO(2u@iOO}iOJO=$Z5l|aeuTW5a^ z)vXkDtlT5Uk)If}6^@m^#Qm51Tgchc>Q**})ng3wJ%%+Pw>$PPTLRhpwxJ4qk*jAs znY*aO;(nAaSnXBcb48bR-~bIXMR}OmOK>Pv3p56!mzxrx*)-QZ%Mv`3hbmN^A1VHI zK|m;$YL;z%)Pc zYlvy$l)|#>43*Y9ZSI@c>0yCz)k{SeLs8KGN3TIgVaKT7pZCh6I-;jhpQLk)siAo4 z#AfuU_%MavI2MkGq>YI4jaE1BSpivYrbK6rTr&JO?XGP5Rj^;= zS|z{R)Z=X1O5l?|b=l3aRHN^I!1X3G}PQq`=- ziBridyo!F7_jSMZ6dX$J?z zvh8|^Q1K!%m3T38pC20AbLldYcN`niAPyZy^Ba;^EBPm65lT6afppm?@z~~6_YmD& zg)_dfIvK>^CfO7{Wu_7S$~nVE4>SW%^RGs|0hFG`YrR1L>@3M->VPm&Ejq*L{H~_~ z>EFDy-v-4Ki;^1XEN*4q)X;0yC5FnWy&Cc=CV~(qqHbm)RJTUt)oS$vTPWS~wI@&@1kG{_MAAOzlRjW<0P+GKMsbTxzFvBd) zzZjw;1&g|Ut$k>~J-9dM7~&@Z!QhT>?0djAj%0V-~D!<;JW&e8h(RbSD=qdCANX{7Y-on+A>avS5<= zC9sE>FuX16jZ2`5*#=edc2dQ_F?$!eAcs});CJ4r!w5Qrm@y|*`fHPds%?{m6>?)Y zoH{bbWduY5TdI`50Je)v?=gI<+0Oq4*lkNqIIAw9PuOvyA~+8-5%IQ%wX#?;0g_|c z-e6vmWBRoN?k~EWv=poA>*n2tL%jJ58j|wfAJ)ef_HHNc8Ui#uOo_Cml=T5$W*9Nho{rinlCuFZjs0Pu&Rdhr{U__`8MCkglyf z#xrMPVnD7x?#}Vi_kR~iqxFomishusSh_n#o~F&BxP9XMuH$GDA&BUyA+7$hffrM~ z`1}6)`8P`WD6$?6w%V2TfTY*72PZ|dS|;OY48qS+8Cs*dvmH08HZAU?AAfM~a?*P0 zPFD0V=n5pM%rRu~K{f}Rp$5~k1xm8Lz_&rPH~Q+*8W}$*33K%~iimDsN?w~W^ZNl; zZQAw7$?(x*P0HiZa+|3O=qUM=)D0$kP6@V`PnL#0q3@9*{U;Wc3;iXQKZimBH(ti0 zLHv~c^Jy?SA)}jv)r0?9DKAFDV244fVIn9ju z;R{*cKDN**yJ?D5k`|%ReZW*d7NV%R{`s$T4!Bf~pz21BfC&c6UDGhUNyL)~E037c z>c`QTKuWbaQwz^^-?kL|(LOOHz^i3`1khg1l#XGhCkcUsc2EY;7I#k@(EYrTrK0)a zx*;s###rt%W#t~A(X0R{V4W3BF_1SFqa?e+2OMP|2*(j2n=@O3v+N%1rob@*@0{SU zMn)X;8@|`BB0tRyEzd-7d+9hC*XAo|F~hhh8%zcM3&3$f<^4T^H+63`3aXUxvt{Z- zc>R~$G04`Nvixu2RYCht7{jAC+Em#|%+vsj*~%5}QJ8v&tDz7Fx8oJJPT?eXCBWu+ zPjx)k?;X;>B~AgI^{X%`SybXc-7OWDvAQ3!I0j|m)tFU~$upFNEnw=tOu8^|rA$Cp z%U;sBiD099FKRbi3aENOLkRd2udEjZ^*N7$&RdX0oj`dh!AkEZ?kCtwFs*I2D5Xbl z4cUQ6mMwwdc+<<#8Y`Q^4`SsTATS+MzmRJ39P~k87~c)=e-m1o)LLS@ZlqvOw{T|h z(jL1o{TW7+f0Hn*R?88u&z4N;e#q98iGS_3uVwOFr4{?-0fBH7e%7H308E-XZ7lZ)C`Jrt5@v&`urQ7@D0Y|$B**348}}N>1QB@$v>wfR zU3m8|*za?Zavt30<1Oq{mE-lTy}9cC#}F^q>+N9*eqJ7)hUdjrRB5`f;Ky$C7v>mE zU-cLK`2BKc>hZ(J&-dx!{P6l$*KCRHNI&P}u--2B;NOsX%fJKx`Z~%W3uRTjgd--C zE~oAb_h!|Fo#68wK8KIRBd4LjgEm^mLU1nrWEiDiC))Du4sfFHcoycTeU{Gk3jUh? z8Btf)fK3lstFx!Se#d042#p*WvM!0z;cl&={s?k?hHQNUNH|lpK2)%N;8kr2L%4Kv zT-(FVgh#GZH*>JEXcS5=3~p(;GuxKG^@f9)@f+GDa{ZeCu}u;tR#G&9Y21T#7r(l% z8`E&CFF(G5vk_WjUSk){tG`(tzMLzZ0%2M4KC52+F8KbuJlkl$7S<&Hhs8<#Pmg2ETAz|+kN{d{mBhhHnE66 zs)=*pK6M#erEL|~UdODz64kI-qh7k7szFxeU7wl_JYCo*Ig?|=y0VUJLCV3BDQ`Ie zLKJ?65j@6+wb!}Fk;|O!w11S>dW2TZm^1NR@fmHkFt_GT%@=RiP5a{Q8yWw$#`H|qvn=P2)` zjs>CRlq(y~CoYgDU)@{ymv$MVUScnqv z7v+A;j45l+VzqG*3_9PsB^{oCW*Y6jN$4XMGlIW=brJ1}QwN-!QgqsKdnD>4=e%YM z`@&MZ=2we*cpHX?WW=WNkIum@*)2hZT0)q2w(^#GA$?zlc_pMnug_&0USiDc zs)6tOmOIL8KMmj^2y%(^s!B*gIRV6c(#r)-G6fdfora%$$BZUW~&%s9?il+4z!#2{kt zyi=97&JJFsW_D=??`gefv$6)4vHs0bRMR=ruyTKM8}pw=oz{J)B6Tu0u0>Bb>t2Pk z0TIOm2UGI8TsZz}(1xsBOwe^Lt6Ht5FEJr?0aUVdGMepaoxr=DgzUd3_>z6LR4Fiw zhUU1>~nef@zFR#QN%_bv}B1-v1K}+*Y8f@ib5Ae^Ts3cub|dp!MXk zx%6pu5-akI8AXTo6YvgT_Ci(=arnjD;ph%M2_FVe|&`L z#N9pj`RJ-IJZK~ctx8)c)R8fWA!@X3$x=w?1xyt0&H)<1EMj0=i=IECwhEbAExv7Q zHvjScmt{H}E8YF`yCS;68LSsKdd}~Ch2Fo17%(u?@hsS1E{vBuwTCSRE9+jqMPSLb zw&8lJ+C!v$W!J4pFa1F~?w5K$Lq%TfJ#KJI()5SfGQ&%$_V!E4*e5j{GwHR=!DlsA zo#FA}XY~7J{=t_WC!hHANlPBElW1R>SyG{0hgp&t`t7lohz;z&=6&842CGcoU)DyD z1Li>@r-jh|ZSd)gYq|T=obXaA(1*7&_sERp&ZOjczk*bw(DU*WJb=aNl_#{$|FrMGar8S#4TY-whXswY4?9cB{I zWNFSdkDoW}BvJz}C)YqnOIp(#0$4KYGc^oYMk>ZYdc$xnMbA{UzL_0{j?);eFL-w| zrQO_{g{eaqT&bdmL_2QRbI`jrFC1|FZkRH~EB%WqR#r5SvBazbp}~9!68mcgxb+pk z#a5_94*0ZdG{R*0nq2uNKKV=%hFkL|c;bPmGmBFTyiaY?IyviCnaA8}9*6O?Zdja5v{UUIlwFz(_su9@)$s!7_M4rDZ+X%#Dx#d3x<0TJL=#k~@o1%CaUrTIft zLJ38;cSLSiBj={+55OrZ(Q93nP_Cs$q%1+Qd`gdv8l#mz<=@bVUuJPRbBIo0A{Gka z`nr5cdn`E`RF#Lz@v7dsapbTgq_LnyzMpT(0Q@+g!frn2y&bNQ&NKfg=ZLr{w6Jn< zQ;Cy&>!aCQqG#J2YA$cWZ`#@Uc>H1x7e;k3UPV)%Axb^lWzk$_;2_pvYf(PrME@Z} z)7?<6xuf)3!sBV@NdYW?TXrl1evjAdi{|$Xqgz;ffNHcc*tS$z7?fTP>%XgNHLkBp ze5ZEGhF=BR%Zus5*ZsIKUhq07cPY8&7G`G0vbIENso%kqvK)k9#+Tdel@dN13a>cX zT8;Mlkw=BV8}CrgA$}o3X`K28!@-w%;3Z-IfadnLzU$rAWW0IV{iuF_r+jz7m}PYY z!x43o0wWb-00TlJ+FNj4IdMS)?=JSR=le%k9ohRqbJ}DL%HTZ0!hjL5_SA5pFSLn3 zi#hlxwZ_}@$aKe<7l;}gYPzqB{q1-BSbF%LpaV+ZD^mspT2vYyIcgy`B$rrlZ2#u( z`-DVnJ3a`>pxwS%NzuJO8TN=H8Rrq7=_d||_WtqiL!Xq46o2qP{Kxa}1h&Qj+aj0t zn1MiK)a@sGA;O~AOX$`s`#+sv*%G+B@1I{EoBus#JSHf)b=1`ab@(8E%mf$WjI@ok zH+o!tXSZl9lwy82=^i@lnb?R9-3$KGPZh+qZi1zr3H+RDA1= zIu`ugx_ktSDe9S+pIjaEAF_PYoV)y79T{Q03Z9}(j{svLseiNn=j?4l`i#{F>O)O{ z4HXLG5rCQN4KED$aST85wK6El35VGWxxO5aC`28y4B5wi*832GFMwTxNEv30pEibk z!T}5i?9Ykfp+ONKCZDyu@#4k(bzus04LWggDk_)-6OVy+AR}iM?RoP4RewGC>RtP- z7)D6q+s|G*dF*IpH`ALgFp5oFTnA>1z^1o0+8z*D5OyrHW*+wd^W8jX#GRVSapDb( z3-MS8uZ-FV9Yl%;j!lY6DjY?`_IMvd;>fEQ{!Nv6!r1gF6Bn8&YZzD<0X`5)Mma?p z5%o`t>u#8y88FCQ@Rdyv`4>`hw!J~fII4`wbQUZU3@_F(p!BU<{0yv6Y0%W<&pNB) zkC)ZfbX;6cPEGcU}(^|@5yoK_G71yatA-EeWOAJ=!K3= zx&FaD6dS85a`BWl5J9AUN5Aq7Sr~-wf8@0FfvY#{auwYq7C?*rApjAc7{P#5K`0Cj z!IG9Nf#R0*5n_QIia4wsL%rcQ6HaK#2uQLA6VM-5(%qW~L8?m=Hn)c0JXt4UsvT;t{Q8PbU?D((gQuj4_cf_ul z(rJAxCCOmNAdp94aB<_kP#9*5kxD6M|BRUQ9xir#2b&uq#in?9bH!xBgOalCZ%uIE zOuZ{dk}hheM1t9a8T#Q7AZesvZUlY_4A{erAEpE`yWsVqhW`NshGVlrhD>7GDnBc* zjJd%fTfoiesKU3XsF>PVJJ|1ES@_C-X}tSQOw9xJ4U~I()X+b62{s8e0A11Ml3T!# zgbT13``spt+C0ME_D-1Mp?}BdbNF-pM0UiB`DxN9{qx5)>n`0T^Dx;#R$>kmgVA$V zUZ_A61o5&XSJd|^=}J3!+k0Rz#>P_x5e?R z(;LFo<8X^n-mhqg%Wz7~%j8~m{NKHO+}}?Cj+F!?l??Oi^kx~;8K#?50R&kQCYVs1 z&MVM52$x0le7bpOj*GX}j zcmGYVG6yIS+_ogmlJnZ)*CoDCnk6Ef+5v<==Hw4b%)qm-*%S9&{of~@m&kq8Wr$bz zg_tnvol~(|d|lPJ^>TtCZMKCoN%?L*PM+FtHFYxbvpRv zKJf1bprBe;P5?%)x`4DO*oVXpM-m(+<8nuDq7;?$E<9!e94>25^}t8jYA2ZZ6;>lr zf*+)pDj**`twr;%C~CNzA4&9YJ&4aq2kxs=NhA;o-9LCiopj|^Ip zqWb#FkQdhQ0p|QnJ-zUpL0H^Bp*^iPTvNjU>TBTIevkxlrd&>ZWtYnkyIWZ%Mw%!KN4kjmpqkBrjHL zlV8lcT^Bre;8tN}B%+;tZZ@{5r$o`5VTs+BJKbqgXYYF*9N?2ylRsar&6?%7OxmtW9-u_jiJG~{j*|eUP8bRzJcGuv4-<5-c|b*tEX;#2I+p&O zfc=Am)3oUZs8>VbAH>Uctdq<2>lZeupE1s`sZO6med4(0?wlZa5g=Nasf6W5feQ)s z?m0s`A3)fCMKDSR;yL1vsn>GUFh%sN)Fz2@ZO_OqBh5ZZA%*lMe10PmEqNrSPMLQz zU65;#hKtSiDQ;j-{z0D>d!;?zcZaucrI)6sRyd}mDMr!jFZFq1{3^L@R3kyis5zX= zf&XY{qOB+{=nOUP`7J_>OJlm!*mlNZQ5Td=>@YrrV4-tDye-ohDj-2Ml5=i!rFTF* z#9TzwscBc6Znr!;Z2)IZ0cD1#E!?lXtfHARhS58wTC0W&qG}A}8CAvlhPJ3Bd`F9I zd_}I+yn)$eHQ&skQg)1M?_a~B`%88Sa=8GIHo@z zf-uMg4I!B~n0XQ^pE}L)V$=>yARrCe9u&iNMcJ9K#JTTCPyC_^ylis0=sj; zNQnsPzD2$8RY(VJ6BC4&%ROJ9hW6WnszN%d{CP5kOF?bjM@?zJjqn7dH3Ja`8cWkJ zx>OLRfnk)IIuXL@u%?ni(1}i=88E^lcDnfI?BEBHp6(5f$gZt(uBcL^~l3 zO090Y)e}t}mkH`V;-k^xR;qy8!n-D|_-@J@-o0BC)qF%lYG`Eyf%rXh|5iT?9FQZF zidsBFKYySPagXk|Qyi!|JXh6Va0-5Xb}|sZ@g#8}5)|oQxh1?9w=uVJlU25+!hjjE zmwO%fu$#_9)jj6{xGR2mU@20FGEH<$%Qgb3=G-y-c#Ryo?AClek5xu`dUjJFRHb&6c0>hqDdB)E$9=+9EN>q%Vd%t#%gN8>fB}nh!dtsj{SXxSPwQscKSQ*4A{FBF_ufl!A@ZgJnZn|_Irn19qb z9Zy!DW6Z)YYWy2i=D#(0s$peDQ-UygPd$T7Rg#V_*nEBM=LzcaV7aRCQ0gm~3jO#| zq98yNHu`va;}%#$cg!w6y<=qm{Ebbq5vDj;Qk*0+E*qh7UN(dkDF*AjS&Wu9{1Q!7 zCIl^tk8CtwL0@x`k%Rkc2fZ$R@5P(m@Ob8wc1}J%cY6wWl!6o2>yrRWt!IEMa@gp; zJJBNT7$ioebZ7E0a4TdDlkZSUm=6KvFHDs2B;06E6wRn0)M`Xfs7B(+!UXC$wdDwE z{9f5X#7aPr3z`AifNets5)^z6FBHNx7$W$MBk+$mUI8;t83AHag{Y$lm^l$iim~6m z1tigPXQ7hV&~DKtk&F>rYEv9R0=&WlAIsr{VEP*bNBrD0xQkJcOX;37=8emxZsqHFgXTaN4X#vy^xf-@((N!r$|JY=4cO@69EC3AgBb1iWvy!uqaDB z+n?~?ghBMS(m3eNfT2BlF;z5V+?^_KNY1Zx85Z~oPT>zap=<7(6+$MAgFzuZZDZJy zY1y}*dYX0|0?<$lJ8RkpqG4flVTiHEFV1xVdP6By{Y4RARRLhgHS{l0C=p{5SHeV@ z@h)m0Ij6Ds42)V?goFPuKyhSNGo~P)U*ZZ#Sb+85ks(Bzv=kJA_N+arC;E< z{SHBGXD}p~p{$Mo>L0q&E!+u|+2Bm!*A=IuRv79Se00q`6Hj`};1v`BktC5^pxgQW zKW&6^ux8<4VIcMhMw;JR$OuAkHMsD2voL9$8|(@3!-*29sFwz?W+1M-J9_t08=`+$ zmFW@zv{3(pD0a|SZ~t}Gi|)V*6{skQH+ZIn@O3}H2NOwiSnMRY7Op3vJmJM0+)Fv- zPY{1R0`*W054;b43Xx?Y^+ier{Da_|7z%kgf;NI5k{phvHyt`iO@o`#?{!QOH^yMz z3V|0F9&_}sH07fZR8vJoBg{Nmy_k&O%Xy*_gfoV@NP!&X{-yMFY0jP}Bpiq;K7J2O zoLh(cocKF^znBKj&2lJ)4H}D27YVUha)#f2_Jo8RS1$soM2-F?aj(ZOrOpp7DNAwb zvf_YAeeDkt<5KC93fPC<%xvnhh)t6XoTQOyfJG*)MIlT~uzBRFaVF&he`cQRVW2GG z$BzR&5jSJ6*%0;e6N0Z-f!~G_uJRHQrxK6KQ#-bgH((RT`JnCrZ;lKCc7Xeik3u4D zR~&Zpc0lf#c)~Yq^Bp=>3(mwC9efp&G|ppg6(ZYDmfbAxvraac=p4o`GEOj^iXxms zLPE-4_GvIsTcD#oLigS_+9L};G(H&^!vT_7t4&^w0FUxLXy4^eNI>y5lvL@T!?65u zx!~LP^PNk%?{S4KW&1hAM5XV$Yph?es(F&{oC}igs=b4ST{U=DN&K&bBUC&nR7F|^ z=h_{u*r5L;_nhtldn3lX#}pt;(d&C0=GcsHTe*6q+uW64Dr*T_(c>h*hI=PB@|(-$ z{O~f2>J1KtB1w-gr6j0a#gq`>zd*u_6GqVtg5d>PFPmo)lK?THkh!7u#Wmd5*VFIIXJU*X0y zABFF8gQrDPb74V(aC1mdk)E=AAf-x;+ig<;AnK%@l>xl^xIik`K}c_Ord(wTw3g_it|E;|IXu#(!vBN@9|v2g zT1}Lw0oM#kKERWe2##H3s=KtmB?o}>p;h8g9t0)}i*F-mYV%LC&!($+rC^j34qocX z2PWTdhX#F7=5PWvF+K_sHU$BQR!i_p=14PpuuL#@44*{ZUt5_!mYAWKZ!8FCa+AMK z0g+k^@@L?nu2fNPRr$b(*HC4Ukr=D9a|UIjT5psdmC`s;j^1x-(`ZS(XLc;tpkr#K zR6zv>`%~(O97Zio6(V~*cges-BpY!sK~x?Cbj>uwz%!9?)KhB5L~%H%lj12wZ;Zit zSa0>Tu_|tifV#SldvtJovx)>ThVN zY$@zV5*@M~E$U<-GVUO(oM5(PM|}Vt=4PkQDL^q4hzh5d- zZ#N;R#CC2x^q-XG{bB?PIQToE5kRyqErtgED`-a;+(MWKv!LK8<5?@Vh0ii7r+R}R zkh+a~`K1j^S4`V5AA*sH)iBejzO|bRN=2|cL&b$vsido{bg0XEMASW;gvaO-a0>ic)Hj|V^A*@R{Py{uz|JMZ zOJ7JzVo{TN7RVQtpDxg_G2CQC4)EnA<2uerBozex(+KHZ^b!GkLIfx_cB?8Ezw z@1cD$Y)dSOZ|xB~;Y;DgccQ{Rau3!?=<=OI(I@kuE^cu?0QS2Nx9ayu1?_>5ixe%prOK3IPg&Svx-jLT zzglmVy#6Vu%*0J@Gz6@T$s|Hs=q6;OB57kMK@l9Rz{It{2!z3Y6<4K`CVDBc(sC(P zKzfQo8-(~=Y6Q6%=t3g($9DZHS0z)zI60n&aqKO8E17Y(3PSJ($W?=6g|_n-k+Fa8 zU%491pzliAGK|E=+T3BhK*ibxtJp=v;EjVkH12lf0M z+oNKQliz-5gk?^V)^T_$1vLY93f7d0ZKBBJtg4>uP`aWTqO~fNPk24a7`b{}HVizZRAd(7J zC$K)`V7SuCU%K5NDRd65CKr|x>#FFlzp81k82DaD1p5r&jKLU79z2IvvW5fcR~aC$ zA2lv?H{vJsR3TvdA3ZIa~Ube#wvf@l#{7$|heqIitp+P=j9=`vr zJo{uDTK&j)%=TlX_$^Mhisdj)Z1drgoy;EvQyYnp>cWD>ni2hlJ-M%MW~(RMLaRte z+3G~Yfhl9ZB{sxB+kL&CvP90M;H70A_9wK`F*ov%oST8P&^hgvznP+_lW#P7;Wu9M zu343d>KvWmdc6R;zB%tj3bH0ihl0lzJ5XWLN}4Uk?IEG2mBL{y_G(W))=Uf$4M}y#e{!7=} z`G0Zs&cU5MPq=Vw+qP{RpV-_O8yg$jwr$(C?QHC9Y`*#a-nwQ_&XWdb6`QT)c=CPEto+l9Wuec5y#3J#CW<039cz zqZ5rbeJNuyPJ2|Bx>%Kl>!GVyl~#a>VkSvDfQOs;>9-?U;0E3JO1fq(+c>;+{Y55q zJ3g{i3f=!w#{Z=(?ZIJsy;bAzfcJ|`F6<==0$ae)xf5k4YQ4qVAzi^PEScgA>O4oF zqkov%@qeNm%286$OqhLweB`kb!_*KBEA>gZMP^u=&=8FZvW}V2_MI>%Qx1KaVmlLR zC7?WuvcN|E2n4xuszO&>%treNXG$YQvpph=B0bsahtk6Kh!1&ER!*0w5gFMQnC2og z8*Ay9vWD0Q9|eum9=MiE(xK43tb=aY6D}`;&)RxJVFnH-%G#{MT^CWD2bn}d9YK{{ zA!`pw!F(~wJaHaF-zvIjINZKN$O;KqkOu`=uqG-Dg+?aa;J>Ik=i7V^3)o=-7;L;q z(fj$~(4mef@1mHp?6?Ioh841XI5}xua^rikF^I{$!o8U8nAg#5Z&$0VfUZYCl?sNV z8*=AJ_?VUJr5DW|F$^|>QeBhkA?=j-RfwEr&)q}f@LftRlSBLDfnT)lrfM~q#_%ZK zG9sE*YVz6EVTU$kLkUKvGK0JzGZn^b8YDB0@dOPgM>isFGYFCtkc*TuJqKs%s9-i+ zEyFkQ)lkxSEy&N0nKU)KV=Y28G)lh|ksS2Q%*lhu=fT9v=ZIr`4+bfzu6pIm1Llg^ z^^7Ma`Fb$0x~3Yz|HsA!0!9r&Y$zp>S%mV~-lST0!eT%=PDwH=P^XJrv1YKSK!+yT zNMs)aRb7w=l(UHNVrhMqtwGJin}tb>jD~Q6O$n_ws+6={Fb%P&?GUNEu@@1n)0Z`A5e;qIe*C|j9@A+ua8w0o6i zETUxP8EJJwd6j3j6kt;lL}3&zCW%X)vt4b3Z*~Mp6Du7r1>p4hnWTD2`+MI>20k5X z`GM7B$|DpHFUqR=ErJr}>xplaN;49}@V1gSCgJ)m0H~DK@8rRx>*4ZG;8&mkW?~<+ z7T8Z~X#ThxofNS(V}+M02_(oaMuC|$_zYQw{9HIn*5ky`n`@*-Li8b;RY}h~cF`=g zjz>DlNzkRnKgDe#5M}4c)_Y9Rg)L%o7nH)#&VLls4p?}DvyJ}#`#*R%49^dZMG;vT zgv^J~lT1rW@UOPP)JP`u_Z~k+mLLC&N{p5t-rt)m>#Ra9k=w8#73qesI}}c>gje0S zpO^CVr7YJV&Ae(A2n0Upamsx)=E+^Yq)I!Wo-`Qj)Z8Qyrp-!pCaP7b$`TS91bZls zx#pNeL$}}>(OJu%-0*k5xpb?}(mg@*0!P7ijcuuNwSy=Lmjj+!|KeOJ290wwTV4A% zjp;2y?y*zXd4jwiY)deezU60W4V4{TWiOz<41ux(e)vL1YvRb#>!%wQRfgFDr!IZ= zO5L1@)9r`Eu9R}jwuz|?HE%BTHtqP9*PlsSNpVo?E3;QEQ?Ev|$2Bu#AKj^{mdFTF zm%4ACTetH?Ds|b4xBqm|0e?n$gjTBq&X`(SFro1#%{_dfel>YyX$`8SZc~>GeKFGD zSq&TB&WC>FwV*&lrQcX#%%EVb)xAPKp_}vH!;AFxAM6)>zkPOEpW{2Wlx5k( zZB6xB7cKVGpDn6?fn)vCX1sX?d{Z|^{MEg?qO+YZ+VoL7HNeRu;~itQ-8O4-k*mY9 zI&!L=kDgk8F~a$$K}2dIb8N=Bq})hX^+BwcMv_Z&hNm{J&gm)-Z0h9Vnn>>ob?46_ zn)H7b;nZdO+O12VHF-Xj0}k+378t!qftxzgl5(upJ7!8XCyrQUm`jhAP5dbj z+i#ZrI=`c9;;q&z(M&DnAHGQ2nU3F2;aTOO2y`lHqg&kwK=Tcsa*)k;FAuJZM84Us z%=?*iL!}vG_UZA-K@82UHq}MNoGbnC^yRXZUd!rHIn}>RpM433K%8FN`^|!pTGC-t z7r#x#OLe3+;9>eoQwzN` z?lAp13a_%RdS@H)Fnk17r_xqISp83D!7=~P+|U zNqdc>NQ}SNU_;}qEoWw4KBpn!kl1y`?$o9E z*EzM6osf}n+|v-y;f<4p&aV3yp`|CunAZ)Bg{%r7?s;Q>PM2Dc&QymX!tM zgeU4dw%gavZgT`_qUk{b0K7d6%MME%wbWFtJoI%Pqi^sBoEFI-xN#6fSE-`M7 zi-H(cS!J01eYPqH{9!z?2qFwGg=tA*8fr7%x@K{k3Mlf$b+A|W%{rjiR`A@wFc&vz zx$d;s$NMQ_!r-mp-0d~Ki>@7e<1lq31b7_4b<+?ulO}Z*J@2oZp$R@ojcC>XDkbls z>5%!Mds7u;I%0wWUXY$+BR0CU(;+#Kz;rafe2!lgQ2cs{tBK?AZ-T32!w$bn{e27IPg$@yZm^z&ccKB7=2j!)L32y${%Xc`ZZBWs!m9auvOS<*6@%%&3PLc+!Lo!oZf5s@d!p zAYcU}U9Ylh!OU%WMUap0)GoOH00!R$CU)i*-?Ph=x*M@n z64bbbJ8x7kaLRRIT65X>OFZ6*Ut;~&sXB!|Z>F}UkI5v*E}G$MJiQ<-AAB7iVe>|M z?BUDlR`L7gOnfh)_xCE47HCEOIU@W z{V}hLmU{Dl8M*&u%GWuI>p4?mJ|)60OW2-lOAL0RgyT%dz|k5@TJ(QCyyLL> zH_8Iqq&0*Z$Gt`XF?f(HPFnS_jBAiQvc?>11W}pBm(`ewEgHV7L3h7f9<3+}n-Y7I zO_DNYF5FmwO*g9&t@5{s&P+PJx6BsCThb{uh1VJ84O06 z={j1SI0gp&lx&%ajLThjwZw}x;3sVYNY*)=4z;N`rSR4fCTu8TtTX8wh|s-Cmck|8 z*lk5Kh134M$F`m;%WriW+@5hXdEGTW!@#^{9@e9(>9>(%t;*he<^?|d2T~v`WmP@Nj=@E@lDvG6T*w> zId~=m$xScOnbl#@>ANW-8e);9 zY8XKDz$d1={2~=MOz3DudjM^eO=Lvv8ss>Enp4e8kXD2(yWcb;ntmCqAJd~V`{E*plZm^NAzV%Gd|{TS*wC?C zi6vJ<59!seYh%J}$gr(jNMF*}^XAPac)NtmQ6Ho955rW` zF}T|~&zf{F!Nsu(^c8-*?hvLS7St3MJ7r6bd&R#Y8cz1A1n)vEULKRS|k^p$%|bF$X*m61Smav(`b!Tk>P zq!}_A$R<%_Ml{-rgCGQ~Vn^mcF$12wPkLRIAn=JzHo?O~_KZ;UUDct9#pfF2f#<9P z|0&Gx4Irh9C`-ceOjbt@QwPA8j8B3R-uO{;skBZywhg?PRbydw&}oTs!Lo_)!2s%S zjKO83=CPm_kb+EE-Yy_5l}2==ZQY8-RTrLYYi_@AwBSdm0P1+av5t=-L(>=9|~Ngf_(u#Bu-qA79JiL zSPnXIqJzpJ9h($vuJl_b9LDijx!Om9^b;lY_FSxQ}50mL} z*^WdK41bl?j`FQ={|)ti+(P~LZVjr$d+r^K)WE1#Qz^8>qk9>dbkV2IhB=kw;Pv%( z`Mafnk?7G!Ai0_Pg|h+28yNa|x^`O?NhPv#gA7%>-cGnNY!)1OQfvXyf~F&g7X4!Z zV$Q#>VhCe{)>%SNAlr$&{UO3}B{G^Fmc0IxvRSpI{U1w9-t2#>DS~-x2 zWV&!I_qbGNxZF-_TFiZ82eRCev!pl7rUbAo3T6kMOowWEHct0L%6fXpYj?7GvEn%Epw691ZZs=6j%6{f5}>~1+sLRfNtDgi9Bo!Z z4J~1~g_h^Ni2&P=M8?FjCSu0*vO|1nC^SpTCicA2?gE_kmAC5EJqk11J>vOptt$W4 zgBMlXx@1K#SjY4B|4gtTLqkL7IA4WiFS-?k>QfYwU*Yscyk8hfk|lKhw*5U@kr#ce zMAuD4%$6k{z99^Npx}-r9+_DIdEm`1Z-Qc~Uvn!+WBX{0V8X{*z0t_hl0!>&P1`4*3)KrO?h*! ztuO&hdXW;HB82aE3h7-JFDYf?x-JN8iZjU_bub@N4*@C##Yuws`Q_tD_=bXX;@o5% zse<>#5w?+M_6+nKJTYqyV4r+Etw7_{rF@m2CaS6>l7s`r2?w-6TD9&|Uh)7Yg6gpYu#Ld9&Eq<&+=B05)@wFQ4Sa%m<@AGnZFgqnaODw z2^;h~AML{d7Ch~*&J^j*@Q@$0*5ZO@>bAq(6!IY{R|*qV2Z>aF>PI5EZ7x?`*&A$p z(+b+0A*BL!WoSk(fc*V=4WG0o&>gbe9ZpK!48y+gfu;>&t}Jq}khx>5V6H_Meyo;X zmeBhqRkLXao@u=Nnq9(g}3eF#^KXnc_}3 zRCD_lT`i0ms9y#4A1Fy9cOaz-!y(ZsYrViKf#)J6+Z9%7>%T`RfRnv+Bbf{ZXy;8o zpUMfTe!(*ISz$~WMmyqadJduiP>nZ-0+fQ|dCE=PC!&$$sdLkE#z+9}B71TNL#2QK z1fXh$&nON%g4|tzsd4mXcYJTL7v9a#L@S*gNxzYn>chgnVfRzJ|6XbhH7#gOl*4#L ze1+=q>19KuEY%D%{g3|zbycd26)rWp)d(itQli;0tLOr}u=+_>aK@5m!QIEB7OAk3 znD8D&_|J{tY$TO#wJgK>#S2@ckmE$UX4s|ad=I!6ybr;iJoUsB!PF)GBnrhx2QBoX% zBsS3I)AZ}{dXcD9bvjsVOwz62<@KJwdtq7PHXadYgQ^%7nc!eBsc?vMn^p8|2{GB1 zlHEPdgeu%v+<9ObLTKyBh2ZC1RH(oju)Ms3B8>yB!KRsN04jM6-wg_}J5oPUDc_P9 z+Dmo(>HV@xkjE!GUT_cpoH!l_Zc!40D|924GYUlcjq zqcfzRz<3agYW9e!#zvcDITS z!YxSNuE3aXrpEO&bVa;RY7v{qsfj%%j0M86VEUiKX7ag+q*l6HJJQ5U?;CljU3f4O z3W=u!EXlNpPO$%!q+%-@26RNZ(yLNg5(g4QiO!HETl2-vVpZfewG@ObPOP?geU7wU znMH-e~MV-Hc7VQe3-i1+nR_Yvu%GzSFjuo1?oT!7|0w^hzkz+CGDJLk(KQqIgtxX46BCYH#FF$ zvL%@0j8VA?Dh~PgNh48r1JM4ZQ9n5v0laZ3h45LM8=jIu?5hgq2<%mXoGlTVr{8J+oX|BzOu-r1)rzT`04 zyUrLYgOI2$&o@|aC&d*l`yZ|#&(&b?InUJ8$FKL3Q}RI_r-uVIA(5fxW<}w50nhky zWKYKZq7Yn^@~M3n0)YGp7C{=-U)-c;6t>JgKPj@$?Z>W?hd%leqYeJiz z3kqdMSdyLpDq&tX00Bd>n53L_$XTVxOx5rgo-oNbwH^}*11UD(9*Wic*53l>Df~M5 z$`mmqpETZrggC{u%kLS49lV$_>0T8WxIYKqC@1J;*#8p@epJ1lE<0ZS#ymoBg3r~3t77eu(L}Y_+DC_(iM^FbqH+`UQ&3nL z=wHDWs{^61R`>69784?pD1%i=kA@5KAPKER1@sS= zSrO?;dNM{?WQ;}o!PX54l~crt@<;fm+htG{D9LAx7!yge~}( zG0_6XJDB-^6{V-5HH)!nS!%Sy&o^XK@WseP&mxJ3eh{mtKU+r!ctrqE4=PK6nI z51q2;Gc@;_dXG&Yh9>Fi)+O;HD(%9~J;Al}A;F7OC>4I0_1&UtbI&+T%(;iz_BY1wxo;3zcPJ8) z#p@a+{KCdR>kX}&{Vj=FGS;o=>{)Gt3B&A;ZH1-VnXx0hevosWC+168UMSWZQxG#=f{)yqd}lmmjfDkkY>RQm+98!u;TXNPV=_mOYq(QlcmFIk+SQGHPr~{|Fy?EtIUTHAn4^IK1h?FBb9{z(hnbR))_sp=x^xm zraVo%%{)8IS!wIyl1YQ?euP1w36vk53KDm$7?OgwaarkU3sdHrhE3T!i*YZ|kgHx4 zPa5FcUfneX_YqyDCH!X(mV?)<1_r-tp$xPmFuVhL5;H~&AmF%XSVNJ@eg_~UoDjPZ zXl~qYrCmAa1x`yt$p3w!GA4PGKN)NK!(CbuJ+Cy##OYx%K4m>Vw^D;mA58;1{d)zM z$0ZvX3Mn^fqWlkgF{I@787SJa^we}?z9F(;$Zxydhf50&&c%^}@`MQwIJ4m# zrM1yMDy{`Z{&bSV6>$Kloq-FRwF_AV(B^`)fvKL7UD;H+5XSPqM|O`})UK<0ArSmH zNZ&8%1v;6-H0N&;zR&znMIaI9arq>$TRxMb${0iirt5IQoYDF>jno(ZyR*eWgpL7` zn+fXVMWd5XEs}R%CI`*|jK%|Xq@e|BKWc_z3T{%Cv0U%0+D2+_q!&>>sjoobbVACiWFg?St$*?EeZ>;J*Fv zhqc@{ZLaM;b%s%YFK#~o_a8Aknsa^x>0Ks+C+RRd9XA$XOj;TgDB7h3o`L#NZqcTa zg^J|X)t^zkBm}|uq@DYbh-gobYtg&KiqPl+7hlEVm%eT+4<%!tYb@>8{8I$N2tH*6eUP>pMyAmVop&8}40ds`n(!T(Y zzx4CIZ|4{PR4{h>$XeRx_km^P!hEVr0(qvA87?5Yk9c*u&ptgrJv}*#VgRDc&vcAL zFW%bhKG&CWwbD=lX{u?vM!k^7o7lf=ZeUSAV_G}qmTDj_t6jz{GGSvNs9Zv4=; zXTr3SmJ+Kf>Pre8pk%DjQN$CYue^d%;3e2RKkw`4yF!q{RF|P8sl{h3mC8)&zbYOC z(5yisl%3KD$wzOx_wi(3U*g}_7+a+odhp5o%{>-49wT==tHX*$xf6N-%>koJE?^{^ zT{=EwIL~oax_%Dh;DvvW=ztSm6Uv6n^xH|ESq(myZUg%^z9$d^633n1#w1U+OgKpU zp?5bPzD=QO3fsD8O*lRucLA>dQrdu|y+-E^7U0eH-eGS`#&tnZ?->z5@OHL~I`CTF zd~Fbgi)aZbd6m}&$A0s5eY?W)YVGCe{KboQ^q2n*AD#g%JS3fZNuu+n?5=H}mo_Qy z(le|geBYs3GZHl;g1U7^qreAJMd@|4o}+I4}8bw0<^3>#4}B{xrVvj zKxPEC%b!C_CMDt1-yc637=o^j`{eH+UwsCM?lP$~7;9L!5txmNBSH)i-8y)y{K*p& zp&l~7ahuwAk3tl9q_+X^Ey)=kl#^YXq=c$d+577@=|{Kk&C<^O^T%g@;$W%oJ4O

?63pbacdArOUV>Ybo9#k8zId zMIR1O{AH!jCmkO0JEDTl^1bDn9xqm0D-Jy!iKREaNraRIr}BmJ3_VVJn1)b^TH2qt zE3V$Dv{L3$3ww79ig!gxup`a~sqy|bOC@HF&0rI1ed{cX%0*F1q(j3@KNK5PZEVGW zMijXE2VyyuA2;{#RK!S+a6*a?Lt6!4Qm{Hbb~%)2m&-Im_89DJn3ok>UMSEqXzKn> zq)C>sVQRmIYi= zF@t^si0CvqTAs%XYae((jlOPlUQoK_Z{lcp9~aWX{%4ezDB14P+ zJN_n~Rfp~7p$y}m@TKzCNj&|jbd4U$ZsBo!YGKjx7a1MtpxNi3)!`BSX-Lwe7M77o z@>*F1kus;N$gV(|l5E=UyyO+NSivWjzUDdnlgHtycXhpMl=@XA{W|!F^wKzD{x;JK zaO+XkH@1jz3E|z%u{OPOIZIy$!Voag}dK04uCt{8^5^Tfg=zA zbE)$u&CI0dG20b_Pmr~6iHHlA`h-VY{GM`t`Z?MeC@ph3JuABBJc4cgmmzr4&?_*=n>Wh@xy2?r3^^d{tU-md;j(Q_-n;?rk!WQ zUuTXAdR~J;hN%eNXhqVCK{m0j^4Tj(QrttUcV5p~@%M48Ww-bus#G9GqOztM@U94a&nG#gRO9mV( zjj5aP3*q2CmwqfHc3t~iQQMyN1L>0uWrY)nJgM-ETR<`4$76qHo4=u@D|%MP{~MYI zCyn&}?h_>Y+iK#ld;R){AB8;MRhz|A3Zms#MjRFN3tchFU0oE5g#Yu|7s|+Pg|9>+ zcXYDjX;43P@`@L1Kg0&O8e`GnX>ESS8I_8YtXNpY1^UfiX-n#|Q?q1*|l~I)|)m ze)uE7)HSsKdPPhJ%|Mk(FK2uXs%qomw+KIC2veA}26GGxaeQQkgMm0%X!85)$DpI+ zyQt%MBIE)(Y!oL3S*fznIaQSx18K;laXvaq7Bbru6GvIUs*BABVSiJqv65lOZ(rcj zd&T^qUnHA1ygVfOQ|ZX2=J8P!X3yd{k`#$)+Gs9gX+0V}VD1zEIHrbhQB94WdZdly zyh~ulL{kDdP>LvM(svU|#8Lo}O>E!dv(WS+V52B+R|^Uv!;&o>N8_URvzqhNK%Snp ze+3hMm=mHTwaqkUX*YE48H9z|scs+j{WqVnZuBl&|FvbH0EJ?;m zE01(dv2IAXR=|y3I?JiyJDS8u+g)hioHeHJkanKk{WcFZ60IQ-=n5|P?GF`&;3J~* zuG;{^vX3Z@@CQ)T2{tHOaP@-fYWK;Cv^?5tn@RgMKXeIQ8Wat8)&XIU;lrBXzL1FOV?r&&(j&4@sia(OO& z`gFIZnVpD(!8u?2A4>IUVT&}sF0E&|-6BxD6nZ+(ad_O1)2$1;;@KhmWTVW*z;W%> zB%98BI{#Me^q$!;EhFWrF@y7Q0c&vt1m!Gvd(i+{j__zSa^`~gknlo$R#)jQxt<8c z&_^Z5gf36)!PjD7>COWl$ivw8$W%R2Mx`iiHE$y;t!yCNnX3sOi$d@eR(ARW`;Fn) zLKL+P8Ji^)#qQHllm+BK-?2ME$JMhZ2Z;gnG)YW2(Fq#^5J=>|cvd;4?J@i*5x>qc z*0x<46$w^6V*n-|2_$;z9yF@^v$C1_sXSP*zZM56Vn5Yu9H5+tbOZ$n%`%QMbVwb? zkl?pZF;{;LZ!4Se!D*m03rCQAXhx-8$_~!Ff0HCq$t^sXy7W%eazdk8YrVKyD>Q``V9%&kw3h+boIVbAQD1N+} zjKCJsq=?+pzsr*)Z&a`L8BZUa{8vi zR2Ucs2PZ=^jt2E;vnALQ%&HqrgA({v)I2$-`e`yGu^N7Z&vtvLv7dvA;3aZDi1X$B zn2s4%-&v<|(h)hO3c!y7~E5y|45X zA>8$OFK=BON$o-|`NoLh;<;4P++48NUW5CqQ< zMEICMr$Z0zp{ctP8bg|knrK|#2CZ}J%s=J!XebxgDjlmGd)A3qSZn;7#a_zguV14_2d1;6U{&_atn~cW7i0aO{X;I2$M2h{A7@h=HZjr zTUT4n)m?45D;jCpznt{h?ffRq#(c ztKg^2_d)_-Khl#9`xD~G`xhu{xehJuZL1%uL#FRISA%0foaDHU@5ywLUDlpzB)`x0 za&vN+^tB%VT9tY%g_u!c9wl-i9G;7sIZn_h|LXqJ&E0&?J4<(x@Kj=lQ&lhd>z zs`)&E{q#egWqccQF9)>h9Klu5qliMK-Jf?{%36msv#~zjvU`LED1RFsU zec%8(1h&7Lf&MA~oYX*VO|xo6XM+BKn#MrNrTk94w>(rl#eE04>dYfXsI-h!yJujK zNZ%e8c~h}i+3i#eos10J!3ga=^V;M)+iCoMI1ccT0ig0nH+!htuJM5e9-26m)gMvP z(O^oB2P=-G&cl$unI=4c)B0tGyf)jEG&RjJ=9a;ZDF6E_ zNnQ;tF~`m0q_zk_Hn*`0L7Rvrtx{V%{S3~Pi;E5WWtp^gcZGGmpOjFa-sU0!8wEGz z4i~YNM3JAk4%q=*oxtFZc3e>5N;s?bt!HDl2(4G8JDg zOtS_qR!5VxcJ|Zrogx5h!|k9BngfT|+v;P`kP&T=E%`tpkztk^q`xu_Bq#2NO!92P zX1Fif`wichVt5zG9ZWK}NtbJa;ZOzpy7pr-2%Qxj=?anJ;&!*f|qM}8K5&p*| z{wvwEpzv)CpFmvANseu8t>MWb%U*%`sZIT};<5w5F(!XE+q zO^8N>%AJ_1d>1HCoEkk8BG#GQ$}-qtNbsd-gnbG6)tQ#gqFdk)da>Qv=6F=t79PRq z|vHnsm(#Xl)!;z`>{q;6H`+Li-S6daAu7bdUg+C5IxLy8-ixS0A zr1_qs7a)ZZ9{E>D!+&X>Iwy6e5gPZ{rTOM=O{V%(Fnd!%oq(N>%;0qHnX5B-F#jM+ z&P*#NT(W8*dGoXKR6UFJwUYzVM@LNJ{l#kSyP3JF-^4`am6b_4lds5juF3&gu_0y7 z8MC6ky(uLmA4M9u*-U_YK|j;OQ(g4rv02f`wp@5EHi3FFF9HP$TN_xV6QWQ(6|t+W zNrLDjiaKT}h->;K?3H?wq^;msnkq!`Ja<~T*jbkc7@uhUoHjoh-y+?w#B#)viJTdp zVToY9h^$|E6CW%sqX5VR!L}Gb*Q+*9*)e2acSNEnvFb1)YFaTfRQJ1vfVv##;*aBM zKHwzkM;T`oXk4c12eB68$e!=n`CtTe#eIjP%uT|fs;M7nMSn4p)+bdLaMoBzjsb8Wsy zfXCfhN4ylrVEJGw+rzu(;)NPymCzNg`X>Tc)T#JZ@62<7 zoF6Sgl}A-ba7^>c_c_rZd7elFy0~p5LB7L$O!3(p zK#3KWrcAswp_(SKgd)_az6)F)f2TPqC|W2YGV;b|ys=Wv7DYGcoGfByaLnQq;t2Gj z_=#)K&;oXFbLjGhow60 zWA!~2vv$2X6kc#q0aX{15yQfWFfJ}XWqgtZECdo4S+=euQswUjn4-uax$XwoV6q82 z!IlTH#c>u}brCL7J&j`g^mL2#xx-yOM!az5F@wy<(Kkl?4j&cTgk!Yh~o1A|@Jg@=Q#~a0NJJu@v865<9 z7Pbt^Vl2o1b!M9U&(9*J6$J+H`<~3t3Km$r z{`*4~(^(%(K4Sg1%l>!4PQGD2$n!pzA9f}7al)mX2Y920?E7Hct2ul|i`jUW`Y_RKd7v!Z-Gf^K0&*!SyckE5iXB+{@H#w{z#Q7N#0Gk-{-Hw=~Gk z5_U|HA1YxmvSX>dB;rZO96>Q#8VhUu52}*;xPNb`cy7m=TI+KzKGN{1awSWLfPn5< z10wKX(GYNMv4dD*Uwp9(rU03nI{po^I@q8!vv$>7HB@poLe`>iudj#4nMzv0Y@@W` z2t~p7-QmmdMI+{4|K4Yt(t8yY)_9%l<^JX6?AtMYnqx7_boH+Su!>r-aWQILV-IQ8 z73kzU%;@8WIzBUbDu#6kMY$~J*qO0$tyC{JXIICT&DYn%k5Ep*?8MyIzdih(-adEx zQC%LgF*{v8K8`+j$B)<^_x#+Rp9*&e;}<8L6us>4aYog|bH_#ok0pR2>@6&fW;Ud_ zG>XLb{a)1JMAT{(?fN7NL&)>vbDbL)t}kD&&(F=zIZ?np_k;KONe%WUwy~X^-Sv2( zu7 zc<%~_69$2ktp^&9{IbXnqKu42Jw|wfuxNPawuF_|<>wj8MHiR8Ja(@I@1A)zzleuF zoFxy7pRk?1veAeGb*zo|523?f$zaC9#%0L|V_<;)_=Lt84O>>N7IC%QhKiUo^|BtZ za@4(ENi@O=%28y)wsak8Q9 z@Kx5k@#);O9$+K!JaI4t&NACvcWOkeUxE}~A+gNvdznSoMB#s^D*!G25y`#iRW+LQ zv%nmkDQGgz#U=0kvc1)i{Kg-Rsg9}-`MSpE^H47N4uw?cS@_<3*(PmIP$Ck29$P=V z|GsOoKFt<_`pads?uVC6fd37o%uz-wF8TWrY;veQ;Q3bi`-S`PYMES)S>)Fl;qz7e zH$1dbGxB}*K+jC~AN*%K(UUpCciQlcjoPaZTm*`@-XrWduXO!noGO9ucgR@6YxLRg z{=Z*^pS36796r8Z>%ME2M8GyseS=@63fVE|!E^=dKvxDySBNR`>DpTc6A)x}D;|-} zyi`={L({%TFB#5XABjm;QCw|M43RzOd9tnpRB=Ur`cw24KEI|j8O}&RFA}o3P!gPb zc|AAPzCU}n^<&+01@?-*KNbgpS7Y)7q<;vK>TkFYKLiJPN|ac*)5*33eEe_mDI$29 zpI2IdV3PYEz<)nW9FOEmGORfY{R}9?-lbssC08{x#Y&#c8!Hz9!>LpnKoe+1{cC5< zo5t+!!2s$m{)71>A$g}_RtqI#G!Rqy>e}R|q2zOT?P|dcxD_FsyXUJPhV1stTmf7Jj z2{wE=XT=XX=JNqtaUU_P&URM+8$WKT*r9!ud|rdFXRd?U2V#>$Ni=3o&~aeTE|F8{g`pK460& zyGrV_*Zo=10LA`GeFLqxM(El#pUVHNVBzMxs%0&axX6ChtjtYbFZ(?e7;i;Jn6<0O z>Ds8%B-A2{)Y{(BW*$VcXX-kss0XMTBrGcZaZ(&Z;kywpecpu@$1|Gtg-(; zezNzdZ2y1s_|aGU|84v}oBbbx8)!CR(ycmVa6zn)X;NxPO#a6WygG$(u|Sr-}n84eQ&R(-h4A2 z_&wVphzz8QLmKz-ZgE+g+E$I4S6wSzxkv-vZk3AVoLVo|(`&C))!lyedgW!s{EKfu z8r$a51sP9%=cAU3W?J7SZjF?T*lwvz)9o!!NZE`hqV?I!+qYh#{YSTsQaYApi_2tv z`P;5j{=vW1LOBs3Emz9@;x?DciFdl~Mbfq7S}u@j-LN=@N9$%QUO7G3RxO$s{pRx^ zZ2iE0yY|3!TxToH>g%fAHj97z-O(}0n08-od8)Dz4K|=R*B6U$z`30AEczFwaN1-E zSAD*{r96K7yzK%8S-8RaT_5#m8s%ue(b6@1xxH08Iz2hl)nwYO9Ze(iLHi}#+r|>= zTqK+0U*osiTgD$0YV$+S835zsUwl6<85gn z5vgxKS-19&uSQqU#sst89LS?k$CMtsX)><>DXs0O9q`{iy9(xA8Tz$cq#l%Ot-}qT zz&h@N`8Iq^gp{)g$im%9M7=69wwgveF4yq!_UP(qp$yZ;JDoOtew%xp^3XGhhjQHe zyc^$gPOU7st$Ml&b;nY6EYw-U^CAg{{^4K!&Jkp!hrCcGb!@e@N#o?y9GE9Eifw~K z|IpvVBnd?uzv@P>;4Z2&}6^r=gT4c_%leR?%5H`6L6%^?|^un%zC z?PkmQ^H1Q*O>-chKG~9Zw$iA{NpQh1!q>Eo67u&$|4>(w5SYuq3)y=h6TVszDCE(_ zg06n&;lp!|$-J=|-zCo0 z_j}&oe(gPc|NlPy`tZ}I`(3hASRV3`NPdPXhMZgZwT$L--v6z+|HZ2D*NFZ4kM;4N zhX;?Imf}C39v(jZdjESHzuUb3g|W_cc6lt^Tq?zZS*g$!$Rv3eCiNheL!S$2l0QK^ zztj0i&7meaUU5 zv%S48=?WHPOxl0EhG2*;6g+`Xu&KAV*UcGTWrq7VHN*W4X1H%>Sec3@0j5}y-InT1 zT(GR$PtA^0m!Ma43sorf)D_X|AM{mkK;cf9FvG zuCCQpa2=&+64rcgv~T~dF3@%&e$r{*JjegwKFm?C>EIdZ{*ss?aA)Mj+qZAtVya&_ zk7>piQOGdkV=&KP74q|2uD6qCDfYX~gFe#|UEyK(mxPpmuesFKxY&XvgpMW4NXFdE zle>h+Aqkv9vO3#i!dPhPIooh8k9 zYKwv-bjIq$4~>EFKe-P&{P~u1=>)cD`A1F}wkBQl-s_ef0ztrN;?2eJtkh=mz$*y~ zT*U1Re4BsXX>5|v*ETmV^AB_$TAl%`9XR7kmd&CBxkIrZNhhwt>Dtok9UrwXBlckC zZ2Z-$Kt5~u!fWzUbpEY|%V!!!6DFiP9S7iNr2D^1yvBw3SxrYZP?rWTLQ-W(-M@(b zUxfO6`3M2#lMPF~r40O>i4 zc%HE&WZCIFj`1s-FuAwlFs6C)(vh@cf8(j#-)(+(&}%xgZH{bVR*nemJXc2url;1l zd@@`-(PO*1XV#fvK+N7^? zKY0|2i&e$H3PDABO$(T<-=ueY9qPze?LtIjEDB>HlbnuwfR1IX7?f73FqMyFo*hTFqvYqx!jN z*4ItB)ASRy1#^S66D1R#F`*x4Y!RvF{WN2yR7jMJIr*PtOyhV&gA1XH!DLW~LEj^- zlAjjls%bNI1~bJIAJgWxp_YsCoz{JLaZV>~l!^XByZ}qFR7Fi*SuA2Ui;__E@m?6K zC>|V+AMc0k@Ef}K&66j=V>aF!je|!Aqr>sj!^gqX!~MOdqo;d&eN#Gj!tcF&wC}xq z^oUrHiuZ5B|F;9zZ-4FW{Nn3>{V(^Q9=t#D{x9|Z^^5oGU-i5ELGNKteeu^;?d}hq zwJK;Q22Tdh^i_C6L#qgcKKy^ze(Jx1>hk%YQR4o23h=I0Fo+Mx;2&9hTdhAd>i_HP zKiakYS_Yss_MbjimGgm zlo{=5)N1^k&FpOTcRddV)4&dxO$|Ei+Cb)XdUvU%G95;VEcVvR-;HBV<&#I{_hvXi z)#`vB6^hk}Y^&{Fr|8)wGbN~MKP*KDl!$b`Oc{au?4kqedct6Qe@=BTT@)tQp=|Xt z2hnzFT>rn>*g3A^9S7x@R=d67;#|$AO@nqEQz3xbTx&f~O1*8kuGP<1`a@n}d2f7m z?cxS3lirLbbOJZh+M&TIxdGJk{N)+JGQl17K{Sp6C451NKE+OTB}lz6?&qDiY@An$ za7R;=D&&Fa&(*&5^&iZRTt=Iq)GFM)lo*L8_L#G|US8FdTMm1h4 zNUEk({K%H1&~>-G5W3VTUWI3h%(wb%P4i+BA{h&h1~b;}x#aDOcKw6j8u?%6fx6NA z-$(n8%JqMq9z6Ma|9dOH+n4_xVO~g@gft6v{lq!~q!G}x%+np#CO5>7s=3Hk=bNgG z;cy(9g!%a|4cjZc(StdjekNDT;F+P6mE2{>;VSG)Jr=&^o>rpmPFXzj#Z;FJZ2HWY ziSqBN!#IlldaQ9vw$VuKabq?p!l6+v;brIx8l=VwMj@Deq}%45z`sE16jGgB584fNXeai$CQ z6FX0==Nrifkp5~(;^>0KOIsTjb^DCb3%4riuF?O+E@3k8J3sJCwqV&Vb`;H&n5XBZ zrgWJ_x^`@d=sJNdSqEF9KP8)~Jtk|3RiFFT5_iFB2rBs_zoiA3#{rYSEt&#r`DXu5}ua*Cw z?(LW5|NVo5uk!zG{BGU<^Tmf$F#*ML5^W%dus)DE8rh0VoV>h=PK5~H0vR%VTeW<% zU|AN0Oi{;do&@B{A^bC%oz2JN=mY6`O{GhYGo~a;ywingsyUmRKdMER(K4Spa?^DH zXrZoPT>@W0?=PZT1O)$WB(RSpV`)qSM!J9PlJ0Nas{=*t!j0!~yd;0jX{`1&RB{Rc z>nqU)dWZH>jiF{PY`~}BGv?mPT6#gJ(5#Jse)V%jt|XtnOH3GsfSeSllzt20l# z9N0^d=i0dzo^CwBG8Ptk!*Mr3w$&p4S|r3h*x2PM4%PPP)QZme4F`N6@+E4^KI-5sZFhr)m!B!Ww@M4to%_9wmg1W7 z-x~QJ!-j9v|7ZW{;iE@o`Tx<=ul1jA<#+4yzjgmX)Y5Eo1>ZC%SYVaLq2^4-x7S@e z7TYM63RFqaB0NuB(w!~sKUX>Ul)CcBi^7AxjXi&pVh$Gckx{cT=03*-$i&&ebEnuk znM4bg7_|ZnasSZTva&!U0o2z1Mgk%;#`-fFCH-Pi@OuV&92eHKvK?*=f4+`b zOI(|XO!vfER zV_S1-ij}S^=cf2Yui))n?NN>Ril(XY(|6)R)LfpCC<)nzRbSn=lWq>=SbNw^7wgZO zP2j>ak};V@Y{3*}!F^DiF&ZvO0HS=@>P+V8Qt(#OaqTT6yD=(r@eGo#&Q=n>E0(7! z=g--%$*FVD?U8QGl8Kyl$^IVfAy<0{K4e7=zVPpr&cpiXS1^`%1(bb&JNdw-%O;mo zmf@wIUE@d)A-O{LRcE2pbIoDE^7ZaQ5fAd|{2e>{w%A*lD48rDCf=}yDD4vFPXh@Ih7aZiW`{-rs!RCC5R8q$fz&5&d? z3Hi(}9Cm}-Nj&l$=P{#6v8$h_3^KMzt`timma`F$g#md@*SYngM$9Sg2O4pJFhlMf zK_jh=tNlgM#@L?3e57sX>+%y3uaclheKMv|{3dzLE}Ou9u9<;?Gn+G?oQy%tmmJZ4 zmxzlf#Vkp}sN4y=RA>dOQ|3^5tuLbVyC;uW60{f?269JMGub5xcbN_t=5%hb5f$vo zBf^p(Tc*++2Q}vZ0Y8Q73<;hN!rB382q}azKG*je<_xJr!Ltx@{OF90V1XRZlK?{g zGwqB^%cN3KhJD3(kviH1tdIbt{yQgQLTl)Q8VhDMPt+{zor^ix26Z0@{bhdCjJ4Fx z6)$b5tQjUxLkW}wPH8?C6~bm%A`dRua^*16ra<}PDQ=Y0LSZItmZwMvSI!@TDuDV~dPrUR>Pls5NvBkQpm3`MH`4^r zE~;)=3-qB+-U8i;mkuc^EtiJ)2#%*FQ`HsK+ox%&NLhepH4VZ8eDR<_m~le+zzVi} zdTV8?Do?jk$9+4q!86kB5}Pwc6TZ^poX(c(0^1j+sp(j=2&eu29`QB!wz0+mgIPbK z{8tuI<}!+fKVkAmw){ThGsQBkfTD1#OZ*aFt*M#XYaI5SsZrWEFtkuZyVXNM2C9W& z<>T%a0y`P|lo4YlaC(yiHj zYdo}-=DW_rn-#W7PT1~fI}Ku%TP;OTxlzU{OB8-_o2&g48x*LUrXY3aS;;C3+hv6& z6kn~6g1yuh9ZJ%SEh0V_Ro#iYO1Nlq*s>UrSgu76z(89(Zok zvj?pHHr8p7Cl+1p5m_24w?gR`Fh{ufb2|46FI{n0XAmsk=;?%kmCp)U-U@G@t^R1` zB{>ky>R0;J4*LTf0SZmZncobTb=zRllV7^Obh~ByMayqd)2W|XBQ#&B`Zj-S=zktq zcMT4(hW;Nseq4(GIoR9#TL0&EexHHhPKnh1Dmv(@N7 zgc8{W_;)o+$*ODJ-2Bw-ksTfAi|bhUs;fuq6+`puEnsRAdH^@sZ`IgUwwx`D>ATq#rvI?> z3T8>sPKhOkY>lcaHk+C>YR^m@xUc(2GZwHAWE4n$mza_>uy9i;(?P#K%M)$-+Dj_p zeUWC-q_0*=_)|HH@4?!6>e#`*TAd7&B!SdsNoYdg{pMH2q|R*-T2CWSo+0wY8RntR z=BwAb(6nl0-zej)MG<=z4XWjV;pC$ZLWcosGEu+2^AQVV42xqdf=<}h z${Y?QOPZ6PMJHv{HZbo{C=Llr z7Gyy)boxPmV~SyzYd5mAD7cGeXJ$*!TJzU$O{pu#?hJ3hCq9iMU@b!Z14;xc^;ZMz zd;!;r$5gQIE1v>y^vVh7%VW68d1G&R{`RI8I|MH{ebTGZkKxb!uCuY123K8~OX6@D zrnx%q;M$#A>26}ZXYsF%j##DR+`6ow(atx{4*K2VJw*K#3vf00X7syyalhn_P!cop zkt#0SPCs6aqezNTm>F9{3CE(<79W!be-RJ#eFBLRVnnX{4IUu{=WKg{vSY4d z^2ro2#Ch>-)zyf-L0PE%%RQ#RZP32U*n(w({iq%eo)P`0ZdJrG zw`qBkujb}eFW453Pr>m`an zPxxHV)~+kgxZB4n@-v#ko%5zdt=hds7>*>#Ol!v^`PT%>eBpmb1v^z#1k|pc%ipb< zqO}n|izIg3brWQFFQNqas$QaQuCaV1VoDDlKT%tDH?)_pzw7?i=zo_qQz!I#D&X4t zzx~Sn-;+mQ^S|E8@7DFdpAn-79r3x;1>Z9s$3VL2WEGLN$f(<&)5(f@Id3_at7vj< zZ|r)P`fnlOaA&_&+{r{*J>v>8<7-||c?t8d~Q2MBK?k8HcRj?tkM{$8WP z<~`^xD~S~f{plEyRvls6QV-$iC&9AQjE$oYt-85jOCLWf^<+Xy++dSj8P2_qOJf$} z9zd+%843>f%d!7ZfvB8C0(@+G=A~W`EJ{+$7ElTO5M^uSCSfxba2sQ0YLK_PZeqFN zv-+++048^#T2BKY$61<()ac`H`mKqvsm}}T?A?kCZ1WFM9MNp)#IfR?24rOe%BpRw zJS*k=SV`R09u<>0a0R*g3}j>Nw7sGWft{j*G38jXyiYt^&KI z`sl0vcPqcor~kcD==A)%t!sY})!w3(C*(9Q_cWK&X4SFOk7Bgyg9f$nE$6a9bD$)=KAs4@7JrZtG|EC(l`nLMVi2=wy5^{g{s8mU20T|3k{o9V~r!8+Tty1 z$AuXbp@B)dh;o&DF%^VsD30cYHep5;MYl_H=v4!pwrzwkD_vdWt(qaq@m4PQSU}pP zK3(T5bXP1w!=Y-%zMA$ekTC!129~LAPODe!-^GyAh68TRma|1+pv}CmV9YVy*7SE3 zLr%+Xwrs{RKy0w@S2W=?^>R%Ej_LLbH{ZDAbdxhy5bAEwcyoittpLJx&Y8=RHaS=g z-)-42r_S#NJDZEycXC(r>95&QmrB;{nEU*yX1Go4KRlW6?c0C$_Z~kg$N%m>eX{q} z{&O3@&uITq==A)%|CzDLe{SChq;d7jF#@^JHd}&l+SjxNxkKHML8!XCn;C@k_ggUt z75i#12(32b6uW3J@Y|#RzC-T+y)>hcq zp6v~UuhCZ2#uoFwicLUwd$(13{$CL6SIYnL_-p*%?fgEU{pS?X=_ZUo z4yJxFmY{r2&E}xI&Gl?T&R92N7^+|3jjTgX7uQS!Q`1weiO6b~w!N!MV-p6}>{vMs9?K z?k?uLSF|J43{l>X6^p&8L186ww%UQ4H7~4&>`O8vzg~>dd9yhSV#9vqGP49Andtw`{6%K->^xu4c4a(a|+6SMFwg z+2$)_?5K!@8*V{^Sb2lSknO4mts%M*>XA47$zF)Aryw9JSC8fjyd~}#ODiH{&K2T< zSM{ovNh4}kxKRCwH$X{TVfAXHq$uv*VJxnNXM5DmUFZ!dUAfmaU2U1(xud05CwaBH z?Hxv!Mwr&1Oan@!rDN{m!>V?h+K)G||3cFn@c(=AXzxkc|L@VGCtvNqxAEJK{r5@+ z;I|5&ZYKN}QT2?h2h;u%+-*Xj|$C zN>0!$`WFjzp`*2(IiL6oQydA3Up3pXO$Fth-1!Y^V3pwL);Ur1)_zs}fc;SmnlTMF zncExX>Nb90Wn*!@7g*IvFpPw2eB5ZMtO;@bBDqalFHd2XKM8g;m($JnQ={=5?%C?4$Lf^!76#TE<_|qS5N1UM%5#Q*B7`t4~V~Bc@eeG-@bM=rHb{k|bHGr-Idqv(+p6zP!BN{gi@19tN-fIry=hnhL z-){r`-(^V~SpnAQ|Bs#?mi7OGCr`e{|J};(^Z9>iby&3lMSsMqx<1P8&>jx?m`iRX5twx{(OpG}BcVW@azdq#>ZwFHa(e;N?Jcev)@AtxjtuASR&lF*0F-Zv>tn~rgjO5avb*UMmOq3 zK7w6SPrRLYYq3n%y<2_S*Td8ZOSfF2VC|8dEj_nwE)6^X{Ca3^_t2D7jY{vtD}ra5 zLIGR{KF5%(AWT668T*?Y%Hr86+bpkInLj^qO~I8YQX9Y=8&$XK+MWDvuKe^&5T^5_ zdfUCI+;iVwP#ZC-j)P`pg(edwkLOv&lH91+?UoHUGzl%`&=jL&KQSXUtr~oE&R-;p zcQkXIBparY>oDXzSC<29f~YbV<*AJL1>LtoC)&cpwI=N@@S zvxv_HIeGpuHOKzI-h z`u&VeA|bP-x9^8MxL}zd@%{+M$KlnGFmAvT!DH4@P!K!*lFU;jXxe5lJ(@=E%je;o&Xre?exNd;JiUo^#N)mRdv53r-Adfg)!P=f-ZDd9hI$@dL z=@gN$FaYqW_dm`@jHao`d%Mt2{E#jBi0C0pW4@dzVN?mn*ggEo#{|yPG4>xNB#7ri zvP>iVX~sa^7m;M5)A5KJFH4wYg6#VThkxyO*ukOyjlcI-{6^`aO!WbOo~0~^XiTCc zol7EuDVtGvbB~S*fINqDLQHcaA@FtB3uo)8O{35wf35qU1xTBk5#ax7d%Q z6StdvfB%WU?}cm>(Zt)|^Rg$0olZKB<5M0-!P>dPVvm=EV)v)^LwnZ+g4Khg_>wNg z1Ent6d8jpe0ETw?U>9$#l%AlPpNwB~d73f768Qkv70V9_d4cJ%FO;cRC>(&7I{Q;gw)zX%H5;eu>6p$>-#f&*PB9 z(FId)1Y?AKkQpUWGUnL~Nd)o*;cgOM7Ao96N=TFlNt1x-&PHs|xo6SR#khL~!e7Lf zdusg~cK;r6wx75=(YZ$ubUh=WyXst>DylCeO9GakEPWBYcAd=aDYjQauj$Ko7eTFK zrz0fK=!6}|RETxB`Hv|VXmH6VD9Jk>&u5IBVMhdd+9fArgL_@CyGz_*UIVM@b~Vin zBcbLgNVo)ciPTy#y(pO!X596Age$4*Pz2c8!_ z68V6tc)dICJM){}aEu~6%VmKxR)CgY?p$mxzu<3J;h+DNjza~_UGu)PD4)MoWZ0Ui z+DUIU=gM@9(z`8n7`b+#A=n)Obb%$nM0dFiYb;ya>{06+(bjA^Gr5DyCJI-bN3sB4 zi`isjXTQMB|3pT)-~R4g_WL>wG;?McP~^G54M%?72+HJx% zsaQ>F7n;O&0ctFf231FE-r%MdCCQQ*Cc;XJRA*E`ukATc(3on;B{BOV|MpEYMUW{7 zOLz~oN)QT}pr#4dB4wvs(Ay@n%gup=Old8B8Ovg0mgU@Ui89x_(xB9$(r$Mf$@^AT z{JrbCH>a;wD&L>G0>r|{*zQmw%kKZGQQ<5TpG&NB;H@^keuesCMFsc%0{+t{mR@;M(S63`Qr`v2>uvm9Is_p!D zc@zA<*}$|8Hl3Xu&AsBXXw_st&>$WR{@fPvVE7$P;`{#Q?Og{0f4E)Dx|u{2ks_4` zv~wz5xA5)7aPC1+%#v};xgCcx5hIn;*Gg#)#c>Rj{X(*_Js$?jcNBHd>GXDFdC=*w z#XsB`dQT*NcYz0$qkp6+cF_56cNm=7>+mvDc>#@S4jw$Bx-ckWe!1${xg6&*5nz3n zcxwybD)^*TO5`1MzViRS|tQG8GOXCklq%z#BNuhgk|!wZg>59ERf_j0U4Y&y>)sQ3YkgT4>-Bgvz5x zrcy64+?MzYSu9JR!4EQCi9wahc>UMMRqiM>)EJ$wiHE8`x#Y(h)i0hTn_7dT=oVcC8G)BSwaALZ=YH3Yc9}TWn)w~n(1IszYa%){WTyPBlI_PVSl;d* zbK3-#LW57qyUIf(gBEeN6h0O*V2|Pqcc~J!z!XXIYq2qTFzo zaGkK@Y)#gT(-7JEHoDuwuzN|45$08(`k;2pEqZ`4>vcy;KypwH)GHxPIygsHF67O{~Y(9^R{LW zUpkEwn*Rt?ws}U|*tmUK)3Jj?DAUj$Xg|zEu*7Pb9#nUaM&1A((SVM9)Y*IHknJR5 z!)8d)mu-OE8!rRQ*!=^QWU(|QbhUNZDLm)Bok018V2>wKtG&*S0#P^)i)6pwU$57m zU=lr*FZ!_=qWfmvmjPvE0I^6H zrC1;=)C%*ITkx1CQk%U}q@febL>4w8USr4m8?~Q*etv#_e*VJGuK@r6|No<8YJ&i{ F2mtxyR~`TW literal 0 HcmV?d00001 diff --git a/assets/bitnami/spark-8.5.2.tgz b/assets/bitnami/spark-8.5.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f10694a6834c7f2b7741af54bb86fa75de453aba GIT binary patch literal 43668 zcmV)oK%BoHiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMcic9zC_10}S77AqBPrYc(96#B+1ckPl9Fg**?raR%$}Rc zvLF)OjfhQf08ny|?fcvB!ixk+@X=3O9&u&GY7!_^6$*ty0aaiTq<7u3DWtqJhqK^M z8+dxXUhl>6vHZ8!>*fDFc=7V&PY1^*FAk26j*gFx|I|A;JUTk~6XL2rt{PzaZ^_+5O9+V_YuOu|0c{qOG&ItPDg_ja9yDGCr|NW*3+P&6TQ-UpZA zm_o*B?D3eQ765n#Cy4dI#})tpv_ZC_cw~t_@QHVasA%IB^AOH(R~G6Ybxu0HwvTQx z4BH0>ZF+dv0wBO13Yh?`=xZN#dMy~?Ukx4ihbW1-|`XjD2}*%Wp@L> z3_vi&lW99bbWG?Bh8_YaoZt|FF`*!Ubb{KrgMKQ3~ZPaOefGk5~(U)4?T^ zt^XC?!{=Zy=Tj0s2SX1APy)K{w5CLGY|44W`d!mg9goaf*b`)$FAon79Vkie5IX4w zWI|Y%BBnaE>!UG@1Kx?kN$U>H9|-kjho~y8wib{X#36?`MAYi8U#}h@MbE)y=yh5E z#572oonStVZv{Sy6si7e*>cB7Og$w5wH3RZBGeU#WaYAzboO_hlg?pl4ddU|{{ivt z)&R2b)ad`-(eYtH|MyOw^#3-V1+)|KaKGE7Xo4B1^Y%ffpgpzNXOz;xap$1r;|XHC z57-nQp1kOvc-}2K86S+%@$t!DzI$;Dzw`d$zdSnpi+9}X-M)DF-HR75ZeMug+k@ki z-ggJz!S9ZGw?6#t;4gnUx%G}(6BHr}xtNr84ts}3?SsSi(ZT5Ouz%9)AN{5C;^5%r zNw4?ai~o0L9fRa6e$@EChe3?krVPN!@qcjKJ1ma>lNV3+-&USy;EY6biYHT^o#dW@ z;o$s#+OL$&)4udkDD6Pn2d9J6v!5@d_0xLx4E$e)JYjEup8|3V17Rk@8RCdC@m0S( zm%2jPUAYniY27^sA>jz{Ddd1pF#``c2mrZ9lwx1JM}^AIwILyF4qJ~s2ObH>coI|O z15QB9RQ-uUMGCuU_$;Org&e?phy!>VBqd6a?W;G}S_3{;KL>FT43S3>XVPF{oKQGH zX8~k_JjEgjM1${Spg0+1lx#^|yUA>IQxP!vS*mj;tTq?|NGWtcwDC32hW0yQoehLS zXIyaWR}#cCw8!=ZaSBG?*xZJwKG@l50r2b@xadqe>aRTJef3%xwX?aY_zRk=&#&PO z$pQwnT@(EFyD&&CBxQpcVLX#lSXR{Rz7Q)AZK;DF3H1=*!v5vpm-rUZ5OKuJGzRu! zVd;XOQ7{7@jNmN}Fvo}iJQh+57~+x}7EFmy+M4KxH%69+oJz}@$Q2caK`>7RT}{0m z*>Rn590cMoz|kxUAV*+N4hv(WO0m|Y+fdv-5=M;VcSJU;MU+mA?U)&EJWa z?^H`2HtmCt>I(qi*`K?&IP9`%@&S&6W|oLzx4IdfgX zDD9=@Y<^8R>Vr{n_O#l_A#-+>8&TFbrEY=#$0JhZh!K2K!QY!)x1#sRizT{T!p1Pb z|B^!kNcVu8@HK3}P{^?8Z0R+qB(_yR)DUtJ%DLRfa1s*6u?J>E@<4J^je!{og?zQr zLRZ8`dP>rq$bRb}3Dz$Izb7<8M9D4E%)b?7n5rY}0@1k84&rZ9KzERj!hJK@>1O(1 z39WId3OhuGAXxFW27=7(1V*x@@Rhy7b7&sOGTc$Np+cbs4vFO2h zcGgy|s^X;mgIZu3SC%xA^z1A?Q#4NfG1K_gEKNN!>(Z#)5#axP^pawuHAc(#cHn6{6KufK^GjQ}P-B%BAZWiYdb~>Gow#toBj#=6%&xP5; z5P$A4(K(zH8js>27?1#a^9%ywHHhSUXBA`MCUb{UIg41hns{^@Pt35@#LHJ=+)7O% zox#%EVa(UWwUP6IWZiMnF{}N&1#hwOc^FIB&;e6>R&hmrK3CEr2iERs@Brs*S1>y5 zbP>0>tIwyWIc z-DeR+ZP5eBZ>v{k{H8tG2X>pP$v4vLEUj5)Xw`ipt%aNwua^a;n`g0@_7RxDFqSYp zilpY(5}H_oon{0|zjZfR2(}~Qw-Z{sf)YhsJEHg=a+C;GSHVY}iJlIkW!5ZFVYwn{ zmHowOj6~N8YvzH(fe!+Fhr}0#kha=zC|&eYDUuKbWTJWjTynr;8Zz+1>F{SUv2+Oq zuTQTol~7N_{H$3f=`#q)uVz+BhscyL{u=QILhsBF`T5Oo1oS&m@^YLhg_$Jaxo9E; ze#rFL#>~j$nKDv;6qelIFrWUcYKx&}0W!Ea^#2S>Q@A({WIih)!(Ou5m)sIXRe|hm zuHJRfd(1cvC(6#6!3d1Ba0wZOAut8pN4H~w|*4pT> zL91r9Q_-#ltJ;!kQA}`gh&{0mmVF|`NJvLw%-C%xLqm|)2jBI+>m@%~AAEPLe``GY z;AQXSOBdcS=43|VkPi{P#~wQMJn?Hp?obG>#GgQa0s0f*@*568MEu0^sQ}|L^>piE zxSR$UGQ_}nVonLba!3NGzNxBBv^`VJvv#NkAr2>9==;);$B4B#k%|&=uPqv2ZNX>x zXIr<`H6&TMr5Y|j*f@n}nO>>taT)@kr1Iqq9M( z7Yh6+W1SDtjD%NcM(F$%o?)&g55W!j4g~V0&^^{*QMD44pNCPQhQ@fJ=5GexG6dv~ zt#;Nh-LNVJh%P3Y))S4Gs=!YB{QdXy9cwVAFv}X247mvJe}$BR3pw$j@E%hVN;$uW z6pJZ|DPI|r|61fG{8z9ui+R<57JM^zo1PpFPOpD?cYbzc*1`P0QtZJc* z*-wXLGy~4&%;N!*0Ph4>0x{}DPcfi;&qC@| zsdO@K3OtUY0Eqzw14#qRBd+>hqR$p%hlFIzHRA6UI~}NUm*))u(>Oe3Z<(+SYC+3l zi$UHH)(pMEVf@~x(BG8P^?4Wva%1WD1}zRRBnYEllZ8Z~F=f~!ej;Iv%Qp@Q?E|%v zl;5?GX~hLVQ7)2C8dM(~^m+&KP0}s-ceooVU%Mq_H3Zy9kaD6Trs3tt$PTtDB2ocZyn)vw zye5Qa+i(p5yYxcMh&4P8&;fYFeem1P>8n>eT9s!w zXvzsj_QB3|9CAEE+QC?|08m>9$yTlQU8n3!wl4N!hQ@IqmTjT7O|(};`3m>*TMH$2 zvfN3iXit7`+?d>1C}}Aoe%XGmuyP||s^Sm~Ipm_TA>!8Do8QTG!`C~{Y6TOhAN8=U z4d@cI$7+v6x>+}-0v&KU2?<3$z+-S@_^iv^Xa`*foC>i+zFOh1KDc3I z%x?gp;ARS`f3u(inR!#>#{mu}ZFH~pce{`=JPGC0ELIQQXVPYszYRWZ82W7(a-6)e zxt<}sY@s8&hvQl<*^PXCtSWGz4+NHG)4^hffS;F{O;8~IUqDs7%;723RH0Xk1@(+j zM~c*U>+4vJccMmj8l!uM<_>J7S^(l3CtwD-H*JKfX;mMjl7HW!c^~X#`w1PQHvE^2 zk=U`ZS7n(V+5r=mmDg!v3&y3Y*wyu&+-opGKjU3g6b z(RFWS5&ebQ?~;8|FoW-hF`b}3I6V0e`|aB>Id+?VYXL{Q6|Ls%0g8z<`2)z9ba|#$ z0NVwH&&e#B|4?Rda1xP#Oy4 z&PX@`V~B&8qP98>SbpqFVR^l{I0%-A|FsQGZG}_YOEK?0E54In6Hz%8^b($wiM<~B zh{_%^o@qWs;O;vHlCNNo@Tol02Sc+w*tgx%2@(xGM$n((5R0m9&1=hvG>Zd{qX4y& z_S22748owf3J~10!eWQ5%SfBhOUahMAVdLW0xN0 zreC|yER5P@ob9tJWXmWF@ECb>FF-#Na>w#JPsze#EI#KTIKsza*?_*U2-0M0y+#}-erAtX0dgUgMDkJxR zmq9~Utl*;qBUPyZT4w>ovys*k4bao9$yLiCXH82E+_H6398-rcMJfssQ1s6jF&!`= zcQP9e<&vp*217VOZ56eO+NK?5IffPdzabDab-pM$Fei`jbCNK|_#zT0K%cG*5WLri z;iM84YSF_a*0_69f<2V*EM|yy)L~p0FamJsQ6zWry(tVm^)Ka29(*RDz46J^@rD3% zu02~RGS8Dh+$$Vn!J-bhRA-5N0v=$Pp~b2ehl*aVw`|1<2!|5|KERzLjdxmR2AUQB~IxE0ES>7l%vwAJ73xTG`r-cda+Pu`?V)-MhFDjnJ> zs6>(!F!=-d7Fahtd8{u9$u-N9bnjR*MPOttQGgf4!dU6etaoZZUc7#Bh3$okuCA1r z-9QS`V83)534laZrW-B#_`kJXAK-fwBF5A?<#lYgr0)&vwlD**{7apNmIo|MW%ZP`XQ4@^A|W~l3LC|ll|JD{$j&sVeqvBXJLp9hR(t; z8xEd@;WivT4!A9ld%Ms8I&zMmgRPApZQ$FZC$}6_1)L&mf2*y#nD{OPx>j@-g4RH6 z7lPMNWEXUVJJ`$?#f z`a)xUQd(ea%Wu+%_U?n^XtV~J*@cVJ;0Y7dtl##*!Qs)d{YCVdqo|*3*JQt`?{ec% zpM5BPS7j&(P+x!#IST!yTDW*03EE6%J7+U;b5ykDE&u?D5QTEz=`t)UQ`pJOKkY0b z8P1y%mrX?AVrdDOmrB6JY68H?Q}-{}{bts%xZh9+bT_{qUZpHFCq#d@vR|mf1u98} zP+$~}$JkQ}R&A;z!IW&Fb_c|FHa#G|*%@B0d2JIG$xFOvB{-B>I1Ky9gOtfZV!7V+ zdplY^8&YEJ1z4M*2AmcDse(x6B&Ir!G&DPkveR{f$@F{f)4&R)P0ncR0?7chWL`BV zzGT}0#V{m2MwKyc5HHy=5O(-k$_v4*+^Yh6OyKTCCekKb>(TKkhrZyJBQ90N8d)nIsj5IWE>*qTR9tE#p5)68OHIbwTEbFwC;xkdrE1nK7?!Gs%A#SZy0Mw78TcO0;+bjA zYDDg{s#BdR=bveBR^O6ft!XFIOc>8@g$fyq)u;4s2ON_eKV`-WbSM^@=IM3KAA=WWBvo z4;n|X-7n>>R>uh2qt(O+pPGasIulzqYE@PLykWo&tXByG)=XR^4A_CeN@2itDCEO{ zvuIEx#rRClL9dhH#4L-6>8ysgdhFrQ9((c_tC*;m2LqYigc+CHe!4-DHqr-&3Xjhk zj;yI)F&w!Z${NCv%Ym;U9JvDc^5Mv}>`20PYmSjrU{@P|nTx$FJzw&L1nzz{A-Q>b zeQhDRb%56!l3Ul>$|1Rp8dyCfx2~Brgyhyzvbm7lx~4ZAl3UmO$|1S+GXE5k`8QDqu~~vLj*hcC8=r1aS?+rBILM;)_OyZ9}3g11GlG;aRJm*$nhf&IZkGmr9zIKwbvDL>;%3-$gvaNN+HKih%1L2JE1;>9Di|R zX6cY)cm1`69J|4<5_0T@xLU}u8|LaE$8NY!A;%?rS}Nq&Rd-Dx$1c#zha9`0trBwV zg12hOu?yyALXJPbsOGkHw;yqwX?fcb$C<|eog$8n^M2bA$If=2B91?6#BqI}e7=Zd zx12sj9DhwAr!^7B=2PQ{ zV{6at-z4H#Rz0;MU93Q32PdtVn4%*_8cLb486QO`^u=E!1ZRV{bs%RryjEb8-#;4; zr+Y^?REysXzE6P_V(S(J#vz>`el~auM)EH~4Tw1o@V~T;hNy=^p7d=UC>4unpy^)~ z0CnW722z^j%Hm*h-pgWySy3kB^ubBbdUK^c@H;!XSafsl+7X9t1rudM&rPUBHu&7U z?L?5V2SR<8-ejHGC)by)%k`NSY8h^+Y*kaar56jB3Gp{@sK zi6<@cl!Q2uvE`-EfGY$$L5Xof;RIcjV8uW{JTd>MVixe!YvKk_*{X*q$731lzL2cQ z<&;%dtMp55R=R1)2O`WQ20R!Da&}~>U|YQ6grd$LcWg&4fAj}VW5%sd$?8o;lmQ%q zzy2}=>Na)V>iNas`r_<#baCF1x82^POl3imib0Wg18~SVf{ARpIbhxMKYZm7Pr+{% zrbaq!LsDIYh`mlS}T?m{08n^g_Ha1d>LwRU5QrBFvMBZ9#*1X+yR` z(O(Vk4?2gHyvg)QM%U?f0b_KPl@J7=8%P{-)BKa(a$$*ZK*3{Ax< zb|a0Cp)}g!Tj?MQ*yvFdu-U^XVAID@z=jT_l#1H&2U8k=TZU1?RP9)20;5*oTp_Jd@`Lrk@$r%TndCHj*?aj?8%tK&osjrQtdsZHzH)Ji zKa8lpBGCT<210RAIS^m#(gs<{Mz-i-eAj-De%E~_Aj-Ihgw{NR49dD|td4#_w<PJs{~lGhh=Kn-KS?T-F^C3SwS>G?`s%Nl9(|=jO0^FqEhn<9cY)^QEh7<&T+8a z3rOs@BTDYEk7#?0DSCiG(0xV`;}m!|;F-NR!S z^D_1Fu1Uj2q_@lTTwvl=GCVY85-+ozS%spp8bV9*P}=rw(?nJzy3b@xCB4VtL}t%W zdc3W=v5h0^d~}hDWP))L4((v<)OW1|yJ0RoJHwE~AyyHUZSj{vm2XYOW$Ue70+5(> zk&MgEaCH zbK{X_V$~TD9}o&Ci9^3l$t~6%qhEClq*^Rr4n(0usjWv>B#wkE0haQtAyu84vU@m5 z>tp8GTn)V$;R2J4K2K9@`Ni``XO46Rx+3x#Rw6M!Bj^W+u|xtQN+PkMOary1x=7KP zqKG!%vr?UtVL|IO*H(75nv>_up)*lC*#b37JL&L}J5Vyd%G$o?Q

2#UbM`P-!JP za`K5I3GnUptJbQbqLJzf!xX1m?J1M=%e=G65R(SaC3GbttK2(ifJTr{M`FS>M+d}< zjIC=*^uguK75D-v`=UW?quQ$>y7c-fK0lFy~AF&ciinAcJWM@4U$Be^ixc8npJHW;WiH2 zRBzz8{0D3~( zQKb6^QLZClsojw7uOA5o5R7A;Pgfl|Vhr1Q!m1_UBgn+m;hO9wm`~%|jz?xz-y1#E z4ktK#FT~)sJA*h>8ZKstwkI+6QCEI%=OX+qjAuHn(Oc6W$=W>aLX^sPo~t$|o|h0{ zmr0ax%-{qi+V)v8#M)L1ruQ?ptUaxm`7%2uj9_>|lKVh%Aem}&xag7A#*D>cX_oz+ zZhY6+XQoLWFf$=YpK>9cw461KYV^?U?PnOh< zd^xm~I{omW4I+v|J_bAg!P-1vJD{U1u1=xtPntL}pmly$TWfa|_?)OH(_6`qg@ZgF zFWuRT=qsNb84AWj<*?U2{0y~=ip}) z%u+kcG*^X`G?#xS##!iy95rk;*~C0@k7#O&7ZBD;&_6 zwt-tHqK>-63|YD`yE>CiS8{t4D0vhLsi=ikmrjPz>NfT>9x#ieqafwy)RIMYO2{FJ z%-TG*KDP~6!>>_L&Ml+M)c(gVmFuN@ERXrfxt=_P8HJI|)`Cc??uAZWPv=m_OEwKBc&F;PYXL-&!|I*YF z*krVUqN8v@$r~yDrF&N95{Ue{u(idNYTDaSHPp3s#&p}x4Kn?$qX&w8GDW-*lnHYr zPe$s6v~!FoAW4)%X=75W*w?GbV=CDe)EcjoXcIl;l?K$7AJcIrPyxcWHD;yBmO>_$ zQ?gVhjZVvSv)iw45Uz4$DK_LT`&hs!o3v4NqsXcGC|xcdMLr5ShC1ySOq_MP_mhQh zllw(7Vtggm10Hh-viVXt**H@lvf`y*rU6%ShJx~Ra@&JcOp`OjrzmF9_e^=Z=ThP5 zGGJBa6uT>ulj$x;;~;HJLl6rJoqi>gSHA$bZ_Y|-0AgS=kHQG`!LAU$T}J_>v39$< zv97a>G}CrJd`K2j=5kQS)jyv;?K=6OPSmc*hX=>~0tLWZ9;vWpKEC1&Vdkq~oZ z;*_~SJVFs+-4unk3HY!kfQ9NA=ZV}vIwxM7_*AEw)wmXJN!8t& zmPiKBrP7k7RUl_`>Bv@oMceWB+{6QlezDCUFh~G{YvVSTLA|0Ug~Bvqq10!}gtwsny7Z=7|bGFs-8GtunA=J)_6v^*`n=Ae^~j%7|`d*Sq>|ss4w}|S;ikl5(+YwKuD9FQ`(gT& zSjq}jL)~cNCv9i?F$2^_ME;Ze+Jr&r>RAU>S?0S5sgg&xVVLYaFk%he)O+V+W{mvX zxiwnrhQcb^EUm;MCJ2Twi9(x86Dq9VPw%*a!lm$Yd9{dq_qLEYK>ix zY4Dr;@cW(-tgM|QS99sBuFROn^U0F~L^%#8?+s*ir38H# z>4USJD2qU5oJ>x_UcoyAF z_&J^+9bzSDdIcwTpe%YH(LRVK?`T@&T>vK^H2m*(K72@qI@n1ONLFw=paVXAYU|F~ z`2@P)=tZvw{u>|^7`RHDMv+yh_3gLDlYNWCB19gtdzfP5?Gtr` zuDC@yRyiPZmghc(laMfuy({9UCd{W#tx*DK3I!w-rhsq=(uy*P zjl6L}B?)8d#EYtdnF1)oUSyDjx@9MUDQ5NuiaAH2^lkTB_SHHP+t3SQAAue5mV_N1 z1uADlhYCBN?tncXdmQY@w>xE|nU;6-^=Lcbn|<&RggEpC_m0(0x4LI%jm^qyeyZAR z{iM%Tq{l;iCbT5d6t zNylL(Xeh(3*Kf`*-VNSdk8=E4PF5{ScQmE)Aog$nXYc>Y(%*l-E9lwX|2>H+`Lts! zaF%1V;zFCto}s+IQ0YYf{)!pqhSLX!FFUbpaa4Xs|^ z{&00U+OD~vWqS)2gQo5auo*1XOXF}I5~d=l7LYGG1MN2FbI=wNPLW(ge82k|-6OgS z{vj=ew#ssr^$Ds&De{BH#1zh|rnWJ1>utE>EokLMI)ij5?|%GXy%) zavtEMyjq~Q#ezIhkm}nv)`$iNyyw8|8v zStSU~tiw8qC(;-mjj<766Sk)@C(h;#f|rBmI&krMA@Q}`WDJSQ&=crfH2Un8z|uz2 z7Bj_bZ;HG-eQo0iPM8uiN5Oj-U>|a%`c@bF+}`S^XWdVJ|L5Hl1regG!=qqbZPe`l z^bTM4^7}t8500Mpf41>__|W~fbw;8&#gi!qzg|5+ik^eZ(Cf5@gY*Aszrr308ERk3 zBfn#eXdj#oPS1Y6XdiZZt#7-=ebN0E+~Zkag=63V2_^fzSknqk-v_2(_uJMr;xP@) z36CgAEu;(t8MG)%3#jUNPR>$D{HeJaN`7Xhl-}%+zpe?fmQJdnok>7$VUWI7zxNaH zLW{O5us$c=omj3)XxC_h8K-k#r6^>TbPVDkP=#47Ns(RFCQSU4+b|j0_7^4YEDd@I zGpRf?=eo83q>QTUiSpOdNU&VrIWr-5^uPT{9e=SLLQO1?5}+m!G~K?nfRIsxBu*ahyQ}CPp zEZf}`+a6tl?bRBK#&X4+2{%^9^c@H3N*J#`j|}@W(h5W0&FO6BQg>(Q-N8L!(KhI= z{gRUIPTL0-lO-Q&xdzUJg)GS8@*Ed%Y-;`zQvUpBSvX}bfIyOw-qkHyV)$PO?6upXfCI_z|7X8uY*uhR zNqs*YzA{IV8*bcw!l99_MYk^MP zr_*57CD{JO&IxVhOV+_Ux=F#0b{Za;O%h!_jh&HMgawEo07hF1c_%WSFPsDj%n)O6 zf>erLPZS(O9CXSiv%GI38C4n%6C+Am)y^+4k_Y_LcYBq-lbj;8rtX!XX7s|kfM$n6 z8Po^NrzGaq%bg+hk<_ zbou6W{~w{StddF}WiK}{gp7%9Q;hN!WDQmtdJePC?Kk;ap1l808D2v7b>?uk z9v5J>|F73Oe0h@d|D7D2oILsew(%&>-FiHL>W0dWJ?ovz4L4z?wA<~LW7n(pjB@rQ za@N)GxtaGBJo)i&a-z1`y|*q6P&57yPF^15$N!7t!>94Tjb~ls-_EIef6%(aq2D*D z5n40Ep$|FiC;3jY+s;Plnr=F`GC`ir_R>Fsf5wDsZ)adaE*%aT^{vA=41Gxb9k2(K zM$&g}%g?E$qH5`|QA<|=N2o@6#4f*O?#x-7ZNg5dkwE*#E-&2xW$JZ?sN56*mUMcL#t&Eiu)M)_x`tB!)PW(5`@dE;8~UX9{?1I*m&S|tkB{juwl zhR;3l^;6LQ5!61ot=WG^FOKv3zb8jWPw{_SdDdzFSsPasSCoGGl$k6X+S`K>yu|_L z7_rVYf>r`>Yy8<`>(eJa33C+1{%z(Ipr^rR~Ncoqp`k#a{;kq9C9>{1BQ4;{5pn(Jf;a+SF^wwRcz?2=wp*S=r2rml4-ud177QY&txxdRW zO5N3!ywq(nG`mOijLafP5!m^!gU;cR^UPzW$An0y-IVP7f#g2j(|bhW1iek~^{wNO zi$a5Ex^-^1krHU^534!r8(c3gO7=^BHtEH)!P_Of(2L?Py#FlPK5yr_5OMb07F`^9 z`_Dw}uFd$XxBpIF7W{w5FOQ%6e_MGrWdAvWzjL#18U)}{2F0si^wg`SU40Wqty#BV z5cpSW(`ha^9T2W-NIrw#VKFqmNOyzd%s}aFKQefdQ_*NaGLzKq`qF0m<{cxen&jf0 zH`X*%+IU7{Gn0^&Q>$b=XD`_RNhWPayZNGNW^MIE<_3bC^-xeD>GccNP|(6HqE-bw~94PIgGyJ#$=Py=FI+9QT$uBrzbS2OgsQN?lQLt!|%8XDDlCDk5x8Tl@Qk&*@D-j*rQ8E0P2rWYzzdN=J6kTf?~B zY$md=UddXF4X&12NIDbNHkM7dPpkm6)+8**rgL#wT>oLN?^~O}Xg$loy8Yk77st8v z-;0A6$4~3OZ9E%W|0UI!<>8K`D}*Y@Xy zc7?Nm3tqyy2}PmzwNE8AZb8L_M>gfy-nMTd;%iQ9#Iiev9R85_BDY<`M zF3ggiOg7)_0?)vyfCKzc-SZH{$*!Ba$|keQQ+L~(99f=@h!Rdb67<2_^Fh<1qq9M# zbrSPi5{EwUNEoU+$>gO3L|(6_gW2?*a}|iy-X@hM$8pt_tfcb>H&U@Cw^mh#uq7C9 z($8#7u6J~4^p+W2DSL9G%sks2ZK;zgeHt98SwPH8uAoK4tSt9Z6Y(nM%4Ah}G@FT& z6HE6MbBkeHeoY-~a+TeeFc?;tY99MwNamnsbBlC$*>lQ@ZnWA)mUgQpyK()eG5dMO ztd=J`e!AXXNvn@3nf13k!WOdXvtz9xg1NEjI(Si7^T_LsBvX-S+3?I^T3KZ3_+q@7)&9TrM1s`$|BjCG`#&#_Uq1Q& zw(@K?{^Lva|1EqZ|7-OBCF{~B|KExpibvxAOFDdM|DSVMKl%Tj{C`jWzbF6S*W^oh z^8Y>g|2FRbdo)vn!?RXz2|Rh$+@3YXxjN69lfR$Wv$hmU33E2(S*yls`<}Js@!15U zR`aa6SMlritkt*jC_QVBoT zOEIIkzfAw4W{A_)FY*fdJ{Id>7-Z+hRU*2YG_y>I*Q4^33gQ(XE<#`B!?%|x>gsZB z4yXvouI5{}<+QjQT*V*1^bVZ8RAnEGa3hIEAfAa2PgUbuP>hR|842{oc3QL zYS%*4mb3vgKvuE?vj$nsC1kb&*{>rlwF9-PdE{1Gmbw)!w-QHf!?qUp*FHA;Z9+*L z$vLgPut=MfE*t3!nop7Nd1kPuXO$;E|EtUhYfb-FJOB53`SV}LCr3}`zqazMdH#1^ zUgf%hvMecpD&n5U^Y_L(Z_#v4=8xpS)?=EURD#Sm5&UP2TBfT$lw4m*Bd-HvJ{1C_ zt}(x`_ZVs9wX>h~1*Ed`cCH6!=gJy0R|kCrw=a%S=vDZ{%1|k6a55IO@AMsJZ6i{$ z;XP+%Q+A+>f{&@KNMY!o2GJD0j%VPYx4&P4sc4fYSEV&+H7&hLyHEQhPfzwK&j0ef zkG}AEJNbW34)Xb5UmU)C%Kx*KXG7<|-FJMKPx^N0nnis1UE^QD)L*Nj{-Qu@XakBEk~h!kLB9ibjPcP(v+S4N zMj(d`$7{yhg1AB4L*k>xh>OBCnA`9a+8t32?A)Pwlfrjso=%b*%wF`r6y=7bHBq9Ns z%!d(0&_5#~;}qJ*Fhzfs6j@X6mLXsn18R^W#XR?N2nb}Hpc7LvkjE%agyysx&6dI>^ zwz&1*Jj`5qh1AUzh;nAdz)AbrwSOQ#WNhE0xG=X(|Jt{Sh;N-J`RIGdz~hQn9ye!2MjaP;Q-;@#kMIQ-k2>+??~AaE!RzC5YUvZAS-E}unR zvx(n{4i0y6Meop@6B2+no(XbHQP5`8OMW=OxZ7mZlSQNrJNV^ncyL%(A~`(K`Qwh|c}ZuBGaR(XI6ws%bYUwoUJTpx zAce%Y9Bc_AN7rwMqeiThP(l(>GK+ZTyI8^&Dj;u4z|I+o13%p5V2ndwj5&bbN5~Vy zd~k6E1SNQkJ;)LJGZ;6C(nKW z(0k0Kw={jmxS)*km*xVOu5mNjrCS`rQ>JGC@S>U)mg)QYR~HtlC&9dS$qW`*HkW~|UOYFFmK+^EhLeymj=d}5BRAS+>9LXnBiE3I zS?URPks{0lR~INq>qj})z#^!wf$NY?R`eO=S`h%(z;6j=&6wJtS7CE5HI{?(b&Gyr zsUDf^DmPtZa$Pk@L8lUC6=t1cqR0a0E09_PP79+{y#F_uUzDqAMWh_r$sFCM>&j60 zvkU-d#nr^o)k;I@TyUx`rxP=d!^xSsH?_16WPw~4*fX_bmTuC=D~z5}17ZmiLOm2g z|4kUoGd|Nr(6{^bSF0;FB|DimR+F3pExC(OokAhEUo)4SR&<0Fp56SuO06{_oKJF@7>^Lo{n{` z?1hBS@y84n1l;vlS9=qCW1QWgR19*HeyS`(7elwFv+ut67#?9c-dKkS&$66ubS>j- z=naEj-q-ELK*u8;nOt>zGTrUNVpJ7J-L9^#PEW^|7j>BPM1Pot_y8>{smm7(?0avp zIa^fhL+4uE9SX){Z60x=xD!4JP2P%4O zaLU1#850hJe+#$|xp!8mbgH2rAE%f5o7>~V@a6pR`uW-Y^yNiBa)f)iZD&HQLq1bC zXV)JGn11tTk`(dm+6~u=(-y}z-ERJ_uXlr223qzG0x6UK+|-y+N{<)Q>*rPOgY#LJ zi+K!cg*DBeYzgZ2xMhFlhZEZJIdJ$CX6_}#R#y+`+~=R)4h}xH*Q+L@R!J-7Fq7Vp zh`;IjsE*12dF+^9{ZCo*Sxp>u7}nG6BAG2kaH#7WRwLt)O+7tt-T&FuT#Tc%L48|X z>0xf73Uw5ct??_OOKGvVLV8&T=V6-jbWJPt)zebwxt4Eta6E8gLZm(vW!D#m_H~Uc zs#uO*2tvXefXUlB3Xs?GRt|67Svxv+d4tNbK&^>PXIpa6Or!u_lJC=_wTf~A#JOoa zIV)`6Zkik}Ni|8bgu0|>hbSHS8TQs_(Kys>zN z{nd;=4P=9=qC#R!$9?Z7TsXx7P0xONgUl;RgYb&)Y{AaW25&WVQ>^T+kPvjFuCym) z!yS;z=b>FN1WQZ(hImeZd?@Qv?^UM`=u)*P-f*kp8`JC9RO?(!P0!JEM3ezhqQTYN zEqMC)%8>U;6-pqF;#x0AJjT;*ms9zlSm(aX(a8is;Fx zAis6A4D+T5bZ29dcw8?1FP70dBX(l5h5&^SLrPLL<=dRE&2RPOn~TdcWA^*&e(&Y{ zE3bx^kih3FudJ(^@LhK&YvNm_+e*ccht#p$ydwNXohcZVY-rx`g0rWMQ-6xf^z1<9 z1k-7C$IZ6@z1GSX?lmN_;J*DHRmYnlUYol&9;CtBmzV>_S_`{9z@D*JF@Wn* zn>(%bcKH-@A*ZwAL)hb1U)7gbCZE>n5$o_|a-7iwap>Yh*m}Un_BCXRuPNppHU-n| z1e1pG&rfUd_Ox-v;!8XB-uR+~Wz=mA?;R6gVs#d45#OfQ5WJXb_=l1Q*pwB0&cV3Q zW(Qwl^PefhxA$v^6|x3juVUriYP^0q+S@)PknV~k28U~XvnL89)byHR)%rc~Qj#ywjX4g(o4Xb(bl!gIoeoZ#w zQO+cJlNMZ13K`K(8PPNfOajLM&k5tl%e67`otpp(>=mnj1@&B%vX!rDK{eGhf})&itP!B{phUW!)ZPgYO?Dk114J zkXxd!Y-t*lEpZhhQgTsfZFw4$ZBa;l#QQa0C#NTxHP}h{NYZA^9!{7Eoy+gA-K*d4 z1PHL0jqW7cc(4(KxdD@a9})r7FUThw`V~FoLOfCm{M%XJlb^3!43EZw`ElMzEO_!j zVCEF*)qm_U4V_H&TA71Bso6GEteS^AuYNL4M|>sXUK@VzZM%M6(lKiD$|>(2_z=gX z%0(T0_WW#_Ma#4CIMXr17Zvk(4gwNZ%}%WRDpss4;;rd8HHG8LZ3p}kR;=oadBp2V zi#atET@4xh8){a~mE!7Y(X&Z7)9Wv*WO$pBF={(|7e)=AOBS)Aghhg^$%*vE;?8Z& zBTdxfM0y8;+68}UD(0ils(IM72>yyI7qP9|>T|JaC5f+K+CN~a6rpqUuI2#k|KF2G zIo~z2YA$58qh!;v?Xs4QdA7epyYJoh^0c;k>b5_rnE77uy1PH4O8dS(Iy<_h{@!HI zMZ_KZcJnh>Xs_U#*g&&8*E{R=z-c@BIx-@12h3~vQevGXp+XbwuGz1~<4rAVa7E6L z8CFr|O(Oj&yqjE{zVk@_mr0vxqFBYZxei?@OWd>Q%LU|hmS=~=V_rHHOTkrfWWxcT zA+c`ATSWs00IbNfWF$E;=Gb!4GRzk;f8|_PDpXBBEZ4CAb@C!gabKkc`6M&|5<#5L z`HT##i-;T2+Hs-%dE|YAlfsM|UvUNc$oiO%SBpCp(1X=;?GW!9DBw#^szX&5igalF z3Ec;4@R5^Rcc%oHhP26!9`}X#jAKn=I2u?DJ2giU;GbG%EhV4C%Ok1pgRWzNs&55M zCrkG?AJtI*t6ayl@;?tCwiX!jc0tiA&sb@~_lH+4tm{tFWznEd?1(

q2MnG1ZzKK!JDeD@S0D}0EdBPOR`;8zaT(crl8{GS=J`7 zMf~eugh^?MEZV_PyupvkDE))p0rJY|pwTzc55$yXWZ}1oB&;*O9whDjXOKXgC^0uR z4NUCrn7pPgYk#wrQ-OkWLxz3n_NX>n=h+O)btSn@n;X{@w(F^==+~k60zQq8Rc>Nw zE!=0KN860J4Ogzp;MHMk7DqBRPgVcC_I$Y2nf9Z8t}6KTJYZVOsl)Rodovq+z1_H4kJrL2de-I;d;Z zCDgG1x}MdGLkoh7RH)DyXJb z1VJt&>Lb2r<~|*CXLhu>#O6!_h57Jg2jefTUd}MsN%>YkYvXSFF4TSXdobcYkNnQa zyW+np_5YDpVoK1UTV8G=c!g{2y4mgP{$%sSYV5yzS6FUoi_?eTbaM6U)hG*(5RdNE zAm5?fesM{ES@41WW(PJ#c?oa5wORPQSHP~g^Yd}^^mU!jc*V6Wa{3^AM$qdXd;k7P zIX!T`H-CR!&R)CW_EA~UUY@ZA?kt&zS+;$5Eqg-vDrVF~lK>eDvm9&H$kI;%fvNCj zw33RB2G1Cr5&I87BmCM1T7b46mOB9auz$R>IO7Gtt-<`t>rJw)rr{s}WWj8CIY^_}k}j;DUZ-0V9ur9V(Z=LHo& zf>QPCxNFty{>%$WG5CO(XX5|8=Wa1xy8p7OLrC7`4wmnHuUQEfCY&bfG4`p!A5Rw$ zj66aS+Kb58&qlO64bA$IQIH5CN5xYvlPduIhmeUC{c+V!70Qkni;_>H0pBChNb`DjA#TLZ$M_k{@2^HHzPw~*s0V@Wi9V7CDUV&vR@!}SkyPj*U|rQ;lk7X{@lJ?tcv>kG`u%`>-0GC z(K<5b7ql8&#Q(w*VJb`u(9rOnXKt)nI z8aaWTQB;PB#OkppwT8um4du_eL4DCO5BRdhm@T6hTYx+ z2V$=NVLv%8B8wmbOd7A5=>eM8LTGBKVCg~ycgt1O_^?P-GL6aXU$#Kh*~G*ey*GSO ziG=U|#9S{W^5&6G(rMP9)|+@ZfVt zFH&$xR##H7C)@DJU^e!=PJWp9R2XgM0M~*x5oy<&=0Fs_ez>Ht^g`?o3Al8Cq4UZW z7Yh(JDM9M$Fxj9ObdrBTrr|Tug@2oDfsAV4ca|GZERT-uIEaF7=HAF$KZ&kY(MK9apPODLzLsd4Lq9uyyW1TCNQ`?bkaCAj z&2bfwX_p_2Fji|V!EuBlYY%W7vl{QrGpmAfSmdY;RLt*^B=xKY-oOjIT>6SNfHJeLFh0eqFXl9h6p4iXW@ZwkbZuB$1| zBHit)U?Z={3oW2N|Lso`mcmAUu3e1L-7>^~vr=H8W5ZzoEQWFiIq2ULM<$Mw%#~R= zQN60jju^)pBY|Emc_O<$80a*m6_xDj^CS(g2T^hs%{I2w5TT()KK73dxb~0o!WvpA zMk|#l%;4508X%X?P~3~=B$r}VN%eD+mTp!dCgc3oFtM^&3*CWGA-UvZ9KL9oGVgUX zoG8d(Ir>A-Qm#ci&sDJ|1IJ}TW2W;_<3FkoM`T3dlBYB!Vo z)4qzZsl}e$R#EQcrFN}cty^6?(bNq(b)p%V;b^vv24Kl!56l>xb~iRY`N8$2 zvbQp+p6Ocgi^DO_-W$aTyJsAF}qL(qSi7zf}#*s0~~fY8u{ag_`oFiI3*? zQuqhaS#L%NB^IR%UFKAYiIbgOj@DQ*FMQBES|FI1?pvF;GUqHWSqQw&#g{;u3}(?> za^<2)Ew%BvDozq`L4%!ciR|eUE^xL%JmlTs_==Yti1_l%%7hn*Tv%Q_SaIm2r`&sP zJUON#4B3{d)6(|~hwwNk#2Hg*$1BLh4=bVKTPy4P4;4d-B+pgOLsRcfyummay%_aV zkwJ~+k5VMxj;<NS z3%Ji4iE_(Qdj)m+fE0n(k$mN_Mby3Uw&!;6? zs7v6l00k`di~N4ypWf!qLu;0mxCohXd%~V?TkZzqx-b;qEpOCHnY4-v4pU^*!?+1W z@I2>#=wv@rQDLwX!7HY6pF|EA%V;ppGNR*bh>aruHp43_E69p|Bz6_bL`Y+RQ>;VG zK~AR)IRK0}W0cm5&xy>Yd<)59XG)o}^G#B$M9?;5bFXt)V$BRlB0&{Wcc&JXNlsXQ z`#ZZWCS$Ri6Ch432auc~%p-vdCqN4suNX4^+HIU$k(NyXaX?0uP$HVO?-zVlimer% zEx#jvKYh>wIyO>UWHI}c{?LVhgEC-HNki&8etnDJI(tIEz+z!VP*~Siv*O_(7FX35 zpr1rhndi!DGxy{wz8Hb?3>kd!sfbt%PTvm+PS9Y#B&8StnsZ#q}8R`Al0g(P?nkPoq z5*w@Qu>fQuG)3?D5axF8A+bQ4A&j`qCL%JN?VePks*frj#Q`ad@@P+p^3kEqSKAqC$Y zTDkr(Mu($FA}gJNI?cVIxX9AU9IkrpisFnPhBrIc!R_jsL@Ivs$_O%_9n*x^c!@od zZLk)FjWZe$d8j%GdM%vBqiECd0LP~0-1x7T!U(JzUTMJsT9Nld4RW3zhf?hy@?8lu z(~`t(2$tOuHG#$istRwc2BcC)rs{oAjk1bD^f(0FztAiXR+i1Ep|p8>=5I$bLzli1 zIQVB^f-;br$t|EMe>xW$G|u~F*YIjYJ1p!6TtTY#4B?Ab$IEV(GUCxFq$3iFqxK%~ zNdC-OJ0szPB0BO`3_Iay|M(l6j9M?yrKQK{pmZMAx^0^YRMJtzb`fWQ`-H}eSu))V zoqV*B5*Od`Pva|V>#3zLTCgdRp~p=4qlYeTqk{v7Ijc8HKcU1s zQ50MJe@&BH%BBPokVl`3P;n~){eK=13@(+xfi9)lR2GQ<0+Q_tEm70@P#M&g&!`{> z*cCEA`k@7kh_Uj`CXd`gxb|1YCAO$JXY%1cN*F#?K{OdkO6bqTorKewVRMI=4{U^l zs|X}w{c97ea41tCTSKG@uUMdlR;%(Pz_i*{N|^#U#E7m#C3o62r2- zh84o((fPn3)e5usjrNg;XeZ~1a*onjj&iMRonTJa*atj;dM!N- zS;>YC&ycDmOAf|vEAl1&skxPkfVJjCHZp}-hH2uz1P8gLWx6bMz-k6{p&FaDkrV19 zM!BWv)Lddb1OmLAtaxqfJfMZgoJKc3vkOMwxEI_x773}F-=Yi?}a(3 zsC&g!ZZz8}6-d+Qh^qnC$Jn96il1_yA#H|27Woz=TDbO~MF_=zdZX%;OMbatUI6C( z0Zp2_xZU>UEmw+?v?T}D%u|koNj1r(!P(`HIP-EEqIKZUhVYOi<)x{Hu$Xl8jkRC( zpGw#{jW7#n7~2T#y2M(?S?+M^%Y>3}O?$Fw;USAHJ;b_&D0ckG6ISpn?&t#LH0W^^ zOy?i~IZHnKe4>rhC6)lJWm9lE@SV*0E7XrFk>`7pygU>u)aQr|(HblwT~nJ0Co~5@ zg}c_iHItZ?P6I%dNhiZ;zmpQ&gA99uDCwy`i;$uks*%d9b5n;V+KATAPw^NusWn?f>82+UxX zUgRNe6^fRi(h5ftlMPK}%H4*s<$(an{BzM?I2E*?c~(I@GAcIcizd-FcQVy|+DQ$Ei_8{yll0Q`G!j5cgwBeP;x=!SHwmWPR9gJl@I?kWY6qI< z$pg95{7`lLm>B8WRS+_pn=-PqxMil6sk*b0o>D3~MLHv`LS|;IX-N?2Y&ZDxpsypPl?zB8%}$}1 zH`5nU!=VJkvC+mPrH^K&j7UuxPfH(?oiv!0IHEjgG%b)-zFLn-A5xqo{FIyGH84*~j;T(egw$Ze#Y+heYNEs2ED*D+2$;tdrd*la;pZ4J%%|E9G z9aBd_D;JtRnwvr)GG#m~ZQKgn8(GaNZ$x0Nmg#9kprnS=md^LH)8irDf&VSHG9u7a z!!e$*VWpjx=8>^8svNSJ*0iklS*tNE88@?lGYSB0c z`b8wGUdr>EnkQRjN?UD971{i*9Fz-ppbU)WL%O)UwSTvef4+rR5!!L$D>kRe@E5^u zgpg*VT=<$G5h7I>+d&J_DT{7r!r_@8FU+{?#~w@7F62=b(-s8@A;^)y2J`0wK#?sl zJ6#hyXc3}Bqry<04FrS<1qS&49i3rw9s3pl-mK05PI7s+F;hIh&T{D28 zp8B>Km;(NZq#8JqVQj#`G1N9%{Bj?~&y3m+gV4I!KI$5z z5*aN6@<@d=>X?P1!^S@l87srL?x6fj;#S5x$|8K| zg=78g#SEb#jhC>0I)mHGhs%MU8xC2?GEoMVxxk$4TpVrTk3-}{O88g~u#7-Q#8};D zWw-_v+p)AL9wA}JEDU;t19^*VM7XP)UT26bucmDO^yJQD+6*ZOJMy=Hm;KIeYYaWy z?CuBJ@8ic2X*ub}oZ>k1t#?kDGT*G>xa(&3To*g|g!tf05)J?4BFlT<=YL^AA$z66 zsX0fnt~Yh4NkpkZK~4K~&{2}kJ4*{0?Ia@TiY{du%lRiY^-!24Y8pef#>;O}<%O!2 z$Pi_bAzQ=t%VNRwWYwIgo#YEc2>83`wpu>OfWdhdyhF0;+9OiWVTa(*w~}mLw)4T@ zN%nF<%(`s56(*G30g@TPXRhJ#^zf(+`MyM16_cZ4?N2r=2V6{{$C%92mTaJw3ldow zFH(mpkAW$Y+%^+d26~XT6IdYB&JNhQb65v*bwQ7ewubNva*0EdJ-cc^OYJyRese`M zF$uU42sW^^^R7Hro-nHfgJkgnn~c;)VY^fS(!o<5kD3^zP;fpSS0yBjUvM;G_Aobm zJ%&KEe87m!=$0)M^;#L7a5U-6J=r}M?n2h&4dMI`HjNdgJPM;=LF$5KKR;=j%^WRv z!kr`6ev?E^xD2{qNjA8gFxImbj>}_lhiI{8c(S$;%Ez%o7=pzs1CQn^a(_iQVQo`K z=%GdVkVH9KZUz^n z@TA!S79Ve-t?&TCIEz{lJNveU>Tf**yGcG?Gtt6F8AfFeEnm0SC|qx~l>i|C3%dE! zvocfNiHfqTjlW9?mec295ZMcUMo1^2!W;Hm?-eUCNtTLfFsw%ck(}0qH;@$~ej8U0 zTS>{1%Ee~H-G;%0q#k;z|qf(PPh&J*W7-%P!Z zGH*!}=O_C#oKxs*m++EOXduIukeZh8hti+|H}jgsJ3xGf>Qd0h4Z~qOy+IgKQbsA3GDRAN= zlCTV8B?~#VUCf`p*8`MmJH!6rr6)Llwa~lU@qcN~zTP6{g3$n`H;XE6- zmm-``@IWN-9Fr1Fj5f;YhS8=4S@}c{vU)B_cw-yqgdcvIe}ipLX=3TvA$|qFQR{$7Bvoqcl;dlRupron(aG zNjrp+&zE5aJ@I6(BC{r#68DrA-+0C*V=?l(Yjm!GB!@0#0T6Vd#EOg^ zYg})e6@GB385SL2R>>_PmIiy$4MwVEmnZDn1SAF|s+ta!=A^TuC zI208X)mYF*4rfHTzJap@#@a>$Wa%J%*(h;BhAF04zCz95xh%W}WT`#GdktxZmH~rK zD5kndi%}~zKgigXz19eKX|%FY&PC?DJMBiepe}hpSURu;8WxyRG+Tou(O||A9V3i{ zCi;ahyG!+|Q^ulLvQ@hRi&csIkfwAg1*U-7uXg4|&b-qCItHzxJ2;fI28_lvIO+%9 z*|90&EwdkL0ZfvTHs>!}MWXDglqFHRj1;lDEQ{NE5&cE5@#&0&|IzFi1Fw^$98J+f$OrYJ-l#n4?a7G6*w4StVe4_p!@R2zfkf)r2W>b*ZBK& z7B={mQ~g;#l!1aQ7st*AIiCqx;+a(e?V>tM&tjM$fTg?ms@y zL1rhQXFco7=`fNa&D?WRq{Dbw4LoFqIkAdU*zoi2@<+b{I$$hEW|C|&VkA%`slH%L z`C_!G@$|^(*#cO3WePIWtTbSw7auCjA43}UGzxDCPa_AI{vO3i;LXs03hZ-P}d|;1yxu zj8LLZU&w>n6(uCbIQ8@VaX}o4{*lMoD5W7>G%=-r8P_04h&%m(jcJVVJRyiHcjO9Ld%!872;c-eO3T9@Li3@;7aO%Ue}+qNJud`g2pxvA=51S7nV?1Aoi zx;WHmBIKcw<&FJN{47}pT^7462OkKQQ^axXaDYJld9jeY_)u>h< zFoR**PB5<>R!q$Zi~Xr>2I?$GCZ&Qwm zzN<$DRqVi0r63rQLD7fo%F1N zBD646jCqNxc&~wyE>Z3q$ zlQ+R}Dl|}e$bS{m#~9oy6-wxc^Jvy8&fkqN^scBFR6P-5CcRe(4&oif#CV+9J_+}-dpr0kKLVir@vMUJQX3&6QM=3XQ2EtrUILiiWc*Hy?k8U zzV08}+{@|^mhn7$E<*8^+y-I`h|U!>MXS}DJTV{POgwvy8C=Rv*6q9c4OVwy-GY2? zc}^_mZvLe-gX7H^)Y`??BgHr2ib_+j%HBrjhwG991_eEy#_<-w9y(O7nB~Jd4!|$4 ztOA*hJV27)K4CvSpyQ$jONq+?D zm>^`3gr;h8g;_~N_^+TJ7YH8Wy&#I*D72s}(#Mj=qP`A9gsRamxryeH{|N#!1Kuq% z2ivEeYH5}iN{6;h&Ou{WrT_y!HwBIuf;u9@lL0Y83W&`V_O*0uk}Cx2@e^ZGm`iq? z6J{MQ6+SA~Ao-x)V*8Tk`U}t1g;ER|es#nDSKza@s-imq1$M7T4H5=+C<0B(z@C4q zq!PA1rBLZ$4T}=dG#rlq+oY6E56f~Em!z3^g5k8 zwG>3+=E*+{MLLYeh7mYQSD+?4W<%|1izMnICnnE?3#Z`IqxZq#<8LXUN5(&k93$jw ztsSQ?Q_(t%kIP3AQIu-%G+-?Qh*6TrS83?Rl&#qRFoZM=ky*y~q#PE;L?d6y1IbO{_fFW?#7=rW$?J~k+t1w0y*!)J%cMr_}XRxb2(0w%&dl9RKhZtK2LSAqh=s>lT zXF^mh(>~g96d>VnSxylmqf%XI_u{j+@h*-|3PP^6GN(669H(B*R{@{!|Q3n@=gWS5T<=ELTO`f5_#{esMo4qsy! zR6^pIg&cn|ksy4cD`DIdB zfjk>&MDc(dYk1y>Qi{?|*|tmn1hoQ~|2YuL2q&5qdVWGYt$!qo`3{gQY%&+Uaz=b8 zOQ}O=l5#S&w@XtOI~W@-JSoczaz5?3nDaa(Hbm~EM%ATGDb@eBjxk@Pwr=I5XIrbX zpH`+u)^#>?o>3f%H{eOF?O$20`uvN=c#-1V?*MmmNv^3 z91h);$cc%JM@vw?5(sq)N0m>~iOteRix@&m8Yrg^4Xf#)S~9`dZlk!x_g8K$C9fg( zy+eTbZYd1d+jVYWasO&hWW#L|lHkaQHr*Q?-*|1>P756J3!8?@)38CYU8!n50)onKpTk>r!j>JhBU zh8W&#in9)BThfqvQzw1GJ{=}M?(2H+3$=M~64RxXvtGu6atk0EN)jNj;75HtWdt2= zDYk?xd(%-kPD3FD>&6O=t&p+o5(T@3+>gD5Ty;yHdB*ma`dT`yf-De5v7uTIvgQ#6 zX&Nk|VVC*X}I~gQ3+VtM*4j%lt2qEF1EyMYK85D_un`#R>Q%=@*yS9>!>pppoy@RK(+|l=$%GSr%-Gc; ziCbn9i3ev`f;E`$))N$V)dpe-K z%`}k%Ax{YJg(}&h@VHAYWgSttZ2vcX^&lhWuW_WMxQHFosw5qCT z)lH*+q0W1`etaBfHKl#o&3*4Y?2tD^mM=Ctb8>9ZqrDBOD+d3bY6(J>n?o(|(e_`P}auj-rU?B?&MY5n)hxPhO&y`TLz<7fZj*W#DHq94m3LIUBFD*}s5(%D*dvU^U!CSAm`ice<_tSd-R zMw-9}ggIo-l4CFlgv3$fDNO_=E-mc1_4LqZ2#E*6ngB=w;n=q-%_wF7NI%w0OFQas zRCaR6v0EMq+n;34Y$T>D?P zvl2zTz`X*q95T0L0?Tk}zO{CjzP|KQYY6dvhy~fB!&6$rm>VP(=^ww{gVXUZT(ff)bPxvwmRf@WFeH_hfnHGH~kIUcOsiUm*P{Wt~Lof0UIgw>N~p zwRIMjbV!8YTH0EUJN$6D%UtTcP+A)F7hl^(4tDHA0tChuE|r6ZPyOoOUmSbAzue!0 zMuXlT{4je3zOVT1wIus!!1k1G7Aa?wdh)Sz2>kgJt&)|8IJ2eqLQ$RkBh7ZG$DI&j zk8F~O|9MK_Vhb6)Jt!RdM{~o_gF<2wvvbGeyUe+X4#K%IjCTid3v~Nz3gHj;aa-Uf z;<^6(72S^fzU|94#lFfEtQP#f&M!q(CdK3Pit}rnQF?$LE;Kobl?Z-@9A5c!pAY4A z7Y!0qOTrTN0|~AW;$H~YB@5WF=73vBku(!u|E~{J@HCTHexLhD2R>97#uBH~2Cb8T zQ}O5VUlkL<0d8lEPh_JBBKdJ=aoMInNGo6Y#4+AKBq+29bA2p~A8-8fOmTM2ag9Nn z+Y)SnA45zf%WX=}4&p{AX3=@5{A>um`ipuDYdyF&+1o50Ydqye@{=`J`5U|~6x_l` zh+xaWQ|X?^w{C2e$ej3z8u3nbF#0R!zkHM~ehqp7U$LY%rpKHLB(MqIc&pm@zr*Es zGyj&!t9&K-NBm}S_`z*j2IZ`@q}eJ<^cV{&Sm$)w`?gUaXc%!7W|P?%OqLq1v?)e`Uo%2~bnt5^jaBCsNgVpH-^2YPVAfZ>^I?pt`9;Vm2`QxX^k{>_xR23l)? zxmm8%lHI+vUE4NNSw6`on442B=-#lI5I^7EKp6wyYLM%rXTqF7C-D`*6G&CtP75Eq zlEpJ03y+ECQKDdHzxW~0meY3K zHuOb!uykVG@eJRG^8S5D`T1G->GwVU)${qy;F~x7g*cyGNzj8DQ{;oJB_#q)NRB)A zmmNiL%Yvqvb_l%4 z6e_9VDYJU>zNSd<&o_7_4w;eDf#c&qEjZbch+j28AYljdmAiZQJ6>2=z?pREE1Fer-nS@qH z+D-0#|AT#4%qHGh`pZS^SATn9m_t=>3s{kv0E?prA?@! zn9!M|@TLi?VkgfLta`#3nby28$wHrRBiwUborHRF476F#7fBomeuako?4K`bM`MX9 z`mguFOM{&j_1@$tR>os-hxTFAwIN+qEyEo5A_HVjdCIDY@>Q{sl+p&AH0#&j&Mr^I z$&Du0Ir5wQy^}rinkG$1814T&IDCh>YE1fdE6Oev-6L=n%_NVfsTTaNz`b@Mc94%O z#<5^1$+~SUeL{Y$D3+adKq}hHn;=&7MooJC;D`F2v%D(3a2>4tO znFP6mCecgF!&aWJHxOS!P#WI@+jSNEf#^pzB5f}uXqg4}c?%9D8|omcG|!B-Eq*6g zLjEJLc}09?@713>lTvtT+vVXvAI$CoX;b>34Qt zs<~temrP2zuDi4O$YNG9-`M4z$Fw7tpm-ZSsL!uH9KnAK^vTc7 zS>54)784v>4XxT(4b<6OOMffx!CT6i1%};(E&2Y5a8Yhk^h{_^gjLA$BgWiAU0%BR z#{)iCHSOS_&4O1A7!1fUw57=eO9vBk)4pJFOf%i~#c?Y}2((+LS1nwsh#+Xy^e5KM zQnZU*o{x`X-G54WWfrVE0$Uriq|YFc8!7GNfkfyfmFl4h%U6suJBuVoWJ#9e>|&;q zinaFM@P6F-s=~Sf6B%IGF4v{dfmjfhstAPP{Q-io0;{ibqv=RcXN$t`;$HJ`{vyv0 zG`^FkO7n?(VOviQ(PmHRZ^ilvo`YO8>3KLMkp3LsUp#L^OEz~NCz2CW1#Rn1U zvpAeSzN=m`qp^^NhS3?ih6B;=ShTd6aA#-dV2nZpOBj$F;jG^PHQ)M~$IGF)Q~gWY zZ>VzUY<)BvmAIZP_hfQr|GIb*BWU&BZ}Xt${xNc)v&5XGhfn3iHtqd%=`On7VeM;u zK~d;0bqL0~;+aJ5-S8a_;V=ENh1O2@8CjW!%8dLA((=EnH;(A2CH&ls`RTOW5H4*z z#gU}tiMtj&B-E6|GmaoS>@7fB-24$by zc5T;FKcI4%CMQvg(+*x?CO+uJi*biL(K1~JM1NS)-B6D+1_nzMeAuOogXVB>Dy`%b z2Po*+5{JM1A&u85u`**V^7_lZkyL1yRTF+G|0g{u!q$R{G)zmFt>2_yHyoPCS0fi0PCjk?5&=;odN2!`|-R=fy$#oI-*&fu4fMbM)BUFp?~nZd zi~WE7>i_dw{jPY>ebkj-e7jP+2Nw>kO4^CRlY>Kj72eX&Dgsde|KG8n2Ct!xMDZt0 z+&@oXy^9qL6sU4bM;6}}>kqB^|1$fJb}he=0ceT+XaDijn*HbT;6DEIPJVYE|M_=Q zSyPfuiJ&Br;;O1iEo$`~a2&eaR{}HRkG3EWgurjr2{Jeyjh|?@pK` zv*w-tt9n0m;@n0#ecFqt03>h3MyfuduB@e7nzg%M%W>@2z2hVc5Ih1=VViN3C}`v2Y9&T%#GxDk#8S?ucHodgxF&08q z3cCqBk1M^c3D^4P3;iLl0p44Ot_5yLc;-)Wg2!+ptsNSik{duh&tIJ(LB|P+yjmG& z$xe0AL{qlS`P@4tqoPuTJDM$8n#+CbX(0Eu?1uVoH_JCy_WfFQE!hAOS)sf*J+-JW zhE6*RU#z_>7}a>GC{i`S;wLgkrLH?wKMEQ|GQZMiOPZIH5M{COaX2NNu1ns& zXxBgZEs_6q9;jQr|J@(#SL^>g-FuPEiMGsAZqG8%Skf_n2lHfD7z?WF9ew1*2m zF}sKw$20qAoSLeacAkPJAwe{I2(k}W4Htv7mY1~LJ)d5~aNV{gpn-cl;iFFrD_j2wV zrBv%uoiA3#z5liUmdO7KDQ+hIFO~nF_6Jq@f3UZEFaO`g@6P={Uw%lTZ23gFd>U)E zy3T54D=u;JizYf1B76&E$nb61^6iXpP9q|zBhQl%J=ueQ(&db}`Il!P?Ni4zev4`IjQ0EtNn2 zDsi#hl&Y|?Se}EJMg@_>=&Q)0osP@V5-9xfv({t{_Ea0M>{Pd4PVQlG23>Gs7Pi{J zv9aJO54GyiX%wA{$v3^d@lk5*b<;=cD2~~c8&wCWC{oESRG1@E;E9MzVlmC*jQT|* zN3BFOK_QzCA^Oae+g{F;p`QlM?5x{eK2e_xAT|{y+Wu`p=(EK5j$fDNb{Wtthn zue?J{Z2b1`xyZEf(E`5e0TEwg$xF2J<59c~PN0Y_C!T$_mFx#a9u1WoWvE@DPFj;jzAlJdJrpKsfnsf?jD z0cJT{DETZ|sjC4%rLGUF{6`Bq_3zeXt>zw}iuHwT1%BN%zoTyD`X_NEEHme(JDf(* zueGT=(E%ru;>>XJNcj7|iTn-UU zBJyF;R}bu@+XFe49yZg(^0Q_WxG;`5$v7o5A~6f@gJMo_G)Ezb^3h6XvPhSrZZ#d( z-cqs~qcWGzAnNFBCDG62@>JFQIfI6rI=h`N>ck`&XOj*Z^kEN~+(YmoD{Jtje=l?% z)>_fGa4{f?^bTuJdUFumFQ-MUrB)Ts;3zeQ54udLR?*a<>kWc4ts(y_+P2yvW5Y-$0gx>4JSeDsX5nBb(`)h`nQ8CxRA7V|x<$P}|Ozzx>c2L4xrUQmKof~Y31$nZMND}gSnwjGu$NWFwr*M-Y!P7xlJ0OlAg%D@CzSl5k zNFEBtBgpZiGd6++a+D__g#2^ujEk$JQc{M2Vk|6#&9HSG6~WN)*ndRs;rx60%(D%8#XR_FF>b2cjCE2iYnmJD?WnbsmW9wqI&x@O%*8# zm03+M;h}o*utb>Ego=UX+KTBdm96SL-AWw~?92`hQKy4!&J<1fDvt{~TdfOhUznz* zW6dI*_JckO^zv}PsvEj!<`@|M<4NN;m`wG{@t)=;+d za-x+=-UO21VN9ZOW*~E{58boe7G(awL{*$PM53A+vl;J=wqUlyWW|JS>6mGBoEbG0 zH!e1=HWkQkcdg`}^;P-xt@ybiGo;G6**p z7UVT3$LC5~u!ERX^scCY2rPkUrn3+$dCrIlS^-_bW}!Iex|Rw(&d=J3Ra4FBTv6Pw z)T-bvs->6DZB1BHi(V?-n%%d?LtAOS<2<}wVXNYV?T)tHB4)YOQuLHtWvr@15tO&N z-cPwfiMnYD(sZ7stTMA*)@VZc)$%CVD{axiDCJ~ESuX0j6LytwvC3grEtehk&vts( z#O`ItZB|>sMMNdzh(X(8RK|NZZ-eQVE5^6)&FDv>E6Bn$6fqBSN>l& z|JIp8G6XUIjf7QWVJI6Ef#)_odq|pZW1R*?V$sDOk(HqeE0lf#bA*dOr}Lon(iL}g z2Epo$o=zB8`>d4Zt@QSA@ka|U$$@CrztXR^$sgbdP-;@m{AReU+eRfl`L*+Fr&G0G ztoW_cbed<@x|(~czRBMb`dNi zG+mq+r9NO?rL4J^%#4Obc!K%dJlHN?FctUO;5*;>^Un_2&e;DeSfW4dmMrvv+Kv*z z&(auehd7g8YhSPj!6}JxMrY&<+WVhAS#_;bn4dabw5s*p05{39^q|+97Kt_k?IlH7Po$iVdlFJ2m}Jv<3t;EVV+a3Q>13EB38*nkLK^}P z+FzBEI=$~>@Z<&yuO>~4C9@%m&xpB%uPZY@*!nBLz04+ z4nBQ4e6W3)4@sEC032fxbi%e4=5VN3(wzJ(Iw_;Jp&_54-vvt~6+i6!3AW-uwoo|$ zKS@6Q(Rfq&P!*)g3ZLaPju1&^Xok6R`ceMIScPFO-N*`1)GnHxna+J{&0oGXm98AS zGrR$x_%x=#T7>)uln9jSuU@e81zamW$AbJ&`xJPiUrj(?9m7@5TYD?=x3{&}M(Tny zK-~uY82&8oI$L{ban;QVNgOW2G*?$UxOC?hx|>+r3vjjU?eKT`;z7k7p(17!Bh_5EoqqfVN0C%TVRAB~LKY@4f?Vlrh6ab6rQx*D-JC^NZ#g~!wbE$;iDKA{D7DC%0x zz|iqkD_yK1#&t`5a{)&PJiud=u*BD`S3$XU*Q$yu_a&JR%6JG4-0NauX}oFxfL=bh z4cd2{%m^3cC;9N;5a~a4t1_0kO{<%HJvXmr!M3cnIp|P{9tc`Ig_;n?i34cDkmnN; zUW$B*u%ij-?dcdTNvcB_JyH%ZkBWP&ZB-!uHBNU-T*QcRs9;4Cl(JGD)g44WNI02b zUz4>8Z3{xs*5JFnr%$@eC5li__*~D{!d1<<(^FOCr#OW>=XHr%y?cu=Opzort!XSXy)%Pcg@q;51Ri#fQ^K>WYaCSz=zLVpf+Lk()Q!4b+rvv#!w)ym_yMwfh znb_Lbs-T1Nsf_1{6S+*1=qL|7V>GHm8^lkHQqCf!j7v3+a+avTX$a43uRyI~L%1+S zs3Fb-5={Df6km?wJ1t$a>OG73?7zkI-|Z3|eCZxm-HYt?h!t1y)W;yNw#0tih;P9Xt`wta}s#zq!$EIsuYJjMsB;{-Ywa^by zwN|bZHd9+}Ys^do@^+R@tT24m-!%uo6fRWDX#nInON)>ief&+o4KX&&d7+)XTabY* z|3G7k`P_+PRd*VYl?^DXwy`o^$@#I6xGg;@CUf8da`hR=#?oo~WfuZFMF(T5v0_D^ z>TFf>Y`9S%4YgC7x?H)VO>MkBxy4e}+j~RZnm2v*%`p9}unVqjxP3>=!WO{3WMqbj zqUKn@rYnw{!rcU;sQq3G<}NER5`>i%bXlk`{`9$vShDBUQ`WSd?k#oY0JfSy+0rzDMO2q@CFoO+9TuV1K2 zT-~KswYb!#`Guy$OUL3uSWNf%MBlP{)*a4p5roX{qfQAN`2${f1&0H;kG zAq=GJK;Ebsq8e}IE?*UpcBxOtISZWyKxjEs?bz4Qegz~fzPbf4HO*-;#Qt3jIjeBM zjoETGC=9GJ?`s%yOt%gFUB{5KVmBK$F+mU5Gwc8Vh~zv#wmBvV#Zl&RH`hh-Kg}X8H8To3=grWejn+_ zcV$pIBPOt?Zc0+`miBa%XOou&t~mWzyl62)!Q+?hXts{M#GSV$GsfwbD2AMp+uO<(nl=ggHZ3$8)^l3du*^*39H?uUX>Qddx=1DYdbj50c2Tosw{I8y+yDy?H7ML&uUa99?OFcTw|bjfRz=%xpfRHKpFH5wh)Se!Y3S zUfXasHk4wfK8vz>MMKEh$hEN0-Nj<}%65c?A*%ba0NCpq6c!@qN;`17=7q&8`;rU| z*At&364Hp+;-f@POmakBEKbjJ5znh5TP{doD%_QluwRn7&qls^w}`K`l=Te|q>`62 z9}+v;2-1AhM9ly~b9~I1YL$Oo_;c6~59r*|SyMKd>$j_W>dd9thSV)DXMsN5I>x#k zZ`f4jEOAYYxt`H#K}R>VT)CU|Wt*>zv7;suuDJy*V&yFwLpG}(th}OIp&mukclJVb zIRyb(xqdVk;4N~`SXvVq3$75Cys8(qOj=R9#)XQ4DAR%xY2}!^_^_zmy7uEW?7y5u^jd`= zmiYfY+3!E8`v2`eesXXBy^G&w?7!DC0G~>Hx}ES}g{ohS?H8ugZuW)OH?#Pv5pKuW zTLb25W?A*wY8Kg6hr3cImt-!26xvogf|3)M(|?gj7dl$nne$07GsTgh_*J_N+f-2A zE}Y+>23BPqohB!W?$WR7ACNy9mu5_ZZRYk?xq1~pu&S}R*$b@hBp6ZQ8XwmJl{FzQ z2a?-#W$=_{`A(3dJe#b)pBjai&oLL|WUXm_5!QUCRAm97n|KnIpxtgkwQHC2H$!W= zuWYh&{Ld=bw!nAJZP{+yE|cKaf!Fqvb4UOB4cE)eP>R4V;?>PeVLjthb00U<%v7ge zq{&HfJXJi@C}L{$D?=JAGMaJTqK>sODWsk4w{Nrh#@(~UpjXu??JW$z8|Du^J`@I` zLdkQ6fU7f!wzbTFzCT2R{qD*;(I|G@0RJ2NbBtXs=P^XR%)YkQkh!{w7j{}?FFAm& z1A9&0QJw8#@q>=qhIdb_MDHbs@pEfopYOMZ{_nD+wX6V3^#A>*dsY2^_sP@y_`f^( zeLnv$tq#jJpy&@tUDsE#JG6&`{hTGEeqR!o?W)LUt31P_PMfZ8of))<5KDS1OU(EX=V{bvmxyDd-f+PuB!tI#24i-Lu*~_k$U>5u@@rXjWEgGA7ycoO6;C zM#WC2YPi8kWGRQH7!~`88L16w@X<=%MdRu}G?0hYw_PO$FpE za1sSl3oB5g*nQ`j0bmUhH`QyJ`jFXMXm`mjU{^Q+>{6BcS*WbUF|L@|r zg-&oLX^fCqsWx3Qj06pH8b^};rZ~LBVKq605#xsG$gv2p;tDq^)!U;{r zJBX7QXLP0+Uhy0!k++2sGFJZ0+sde*{YcUO(+$wuB%ULdz?X7LC?y=lG$DZ(yg2*q zOtL3$3q1!cML$13LlNb|3&u3-!GG2CyS_&W=XH;Xo$nhJO!;q zc#i^cm3ohYA-?n;1=%$99{qpb7Wx@;%5s5@U%V7vkaG4r2{SLC5y3sxjqYaI*B>wC1)7{6F^S{5pf1m&RPJUbHnX2e-PQxoYXhsj?nubNjxn-{^#~2%TjUB>q$-#h)FMEq3C5SrJ?A>s_AbUskUUBE?BO|oaLz` zDGJe0%*HfCLy}z)lGur;?*h-;+Ct~A{`%t7^DZtfq)hBZBqd2il8_QDcT28#p!)+3 zt&N}uXgBx}d@%kpOwf$+`2k`fJ?Ql~8B>w*xjzUZ7G4q_P}Uo&@zwBhNEkO{iC{7D zYpYkjB}9@t`Yu(6HxaB&4}dd%<@> z|6BEq)I*8v1O7ZqNl0;wXp-g`65)hQF}&GA$5T8er;KF<&YGhj(JPy${RMmF$<;cheV;$s^Sm^V;}aIsaOqqD*rPeZ zs{0fBp}p$@!Rp~re1+%Yp;VXbJS5B>f}uToxT9{Zq@Ey~ACKO!?1U3RlI)?HkGk&{ z#e^{DcPoN% z8nqUZ6UREJtLsI@?4!rsxLBQA?GPjGzWI6sI_EzG#Qs>-0?e}hr^Hv@tQ?s*>sPfC7QCR za5!$AcWIzgf}>wJ&B$BW073t?bg(n}FS5o6-~F9>o>XX-^?RbNe8XZRqf$?XlP*MO zgF0%{w@TZg;JSqzz*YdTg#ZFD=`B#hoMA1_zAX6>6=(~R$&yvNRygC2qz!zf#ZKqC z_e(N=jZ-Q69aQ_$&#f4!`bEdsU@#q3nK zkUQBegsd%5HZra?KasfwrGzCcSWYaLlC{1Rc_tW^*+x$bJ(-xu`-ziWX*fw+c$$)3Ac) zzVA1SuNo@Xmt7Hx@sPxtL*X=C{ZqAtZ&Un7POJ=E?8cveA{$s?%)KAc@X0<&LL0LA z>62Glbd<)$ii04~W=4|C4s7tUQ7cZ4&dz>$d-}q@K+3lG1836%=ONO728Xjz`ON}w zncYz<)`sF*7KG*q!|L5cdB{sLUpV5WW0_ucKpk&YI5vLz1n~2=+-nN}Yvn|h5C5{$ zgno7}F!cd@^Y;AZS&)6mN;=sME{Oa6yS*ar53X@ZylT$dWsZS2zAlEnIUY%hG-5oI zoRbNAg|7p{;SNI5EE>lk+W{%VF_G$YO_c^x9LGpXzi2wwcRpY!uWZy|r?XRmd1$b@eDcL96s2VdSRHw@UgkE^MTH#I3zZf zxWEPEGxWP)iJabH=TE4=6gXJ;sUyi77Uao3@}sWT1cJe}KrnDYFxU(T2Dbo$K@|j= zXrOoLnBz!FDnLTc85#urpznF_-zMk{n~~{|a5UK4LA(9k{*F?iXS>Ffjjpgjpn^#C zXhah#CL}6U{4vcY`4EgB5_z?~bW3D7%Z1NIel{V#whDtygbFmpzcX&kQBu`Y9)?0L zSPL-rVn3YVWK4uI*eF|ud|y}!^ce#MA!Cv#FrG4wGbO}EbTlHcEhB=noXf7Fh``;e zTI!yXpr99d4z0eb%<;bgJB)7UvB4&apPMfpJ1yP)=lIFU#dp(z6x70NCi zvRs`jXI>ZT;ymzt^iD!Si9y<|dQqFxY%eHHYlQ#kZRyrNOwQM6zGOCX!1FRT$$1Er zD)rY0+m8US!0sQxwF#PFfre6eXFMVjp>do}@Q`FQgcAi4?u1R*m?T8*{1u)nIaqRl z39+_9$2O*M?72kNh;VJigsZ9CoOX3ksKq3SUB}wgpe1M3mQ-7!5oc3`<OC8cC>R}~S;WFz zYBsQEix1Ci_qW;JZ&Nx}8{FHn|MYV~{16Kwy84*tSIJmyo>@c2&}>g*%R50vd5mJ3 zT!QuVZ)R*cX5bpJvpi#*;#l-J5iFh&Uruiq{=4U=Ok{pB6}8j7@7*3(Sxw^y!>v|+v>Wu%wrtSRuR7hodJ=c0cn)YNsW0FF9B=X=Bq<#KkWJH=DizwW4&6oI{X=)a zh8czvFQ;mFooMFo6#enf~FIG)N@73}1mv7F%!Ss92dzZvSh=N%T z=jLKVQtTLCAxTKaoG1cM6LiIC26xVajWP)$FQOvjbeLx)@R&JKf!qd?E+?pSbcT-4 zI_TNa+40$q_sjA5k8j_dqhF3rPmkW5AHO_9Z%@(lw{Kn?pC7+{bB5mjfR5h$1O0UT z=EV*oRGIWXNYW|f1nCr5d*GcBQX1Ttx|C6thA76#ILBjx#%xA-0$1>aPpMG65+{)t m(<#j~MXW6+_=>Kd?|=8d``>5${r>>~0RR84psce1jsyVB2#aDc zVQyr3R8em|NM&qo0PMYgciT47FxtQMDdu&0-^6_^$#&v2)qS$}x{lj=H%@eHC*8ey zdSZx#B*YZK1wc94B=@tw2Lpfve@T>oC27O6+gKzpm;nZZ!C)|>_$(l*e=sFN^%i6n zeRuQE_V)Jn<42G1-|g+~^1r*gkAM7b=h5EdoktHJK6?1*yX~FbM?XIP4z_Orm&%h$ zMZ|a8*KVs!+*k6DIOd8d#$!3?00cylh);R}Q7WQ6#`^&kij5f!2aphvhRju4{vsXG?wktAcszjne|x&q+xe-xeZRJ_pb;gKTHwlqN+(<_ zbbCp}0wm*l*zni`9()S4$3Jd863l1RU!37n%xe-$_nX$fK zcCg*s-R^C7Lpow4?(Xb##p42CF1vC{qi7XSS8lMg;{*Gt2rZ*=DJ)ZJu(RFU>Fqr6 z!9D5#L@c1O)LmePqr2PN?vRANcD+8|?T{qNep)b{kR~(^X&f*r2OWn|z-KcacK`%U zxMT|Zeas>{==Xd5K+6x=&k89rL4N9j#kHG#$_9P6_rCYO6H*xnmMDBx;2U5PNDMro zaaZzG1Qagm2qX?LgjBLgOhZr{rd%o@aR?%f;qPQlx+5ZK*a56Sa^{ddI5Kb{Vw0)5 zr24-Ofap$0Mv9P8c;>Aar^{*DH!8}SL3eJ0HpoB^MzMmt~zUyd!hc>0&dTuI`CW*C)eLtqaPeGb1ckgvC^NWB&U1 zk_fs5M{&^W0Hh+yv7RtBO-GuXj2#UVbP6171`c7atl3wB(!R!|#NnN}&!Z1}d!5fM zHvcqFVf~MIaB&N5tXTiIA3oZxtp9tDzODav@vI^2dB6t!zMvB(l~{CldX)vq3V?!) z-+9#A>4a=Tr5b>olHI+>gS{Xa(Y^7`m_B;6_tTTdkI0kYr|`#zyFUewwzo%*e|+-z z@#E3sU_9D+w730a=Lvc8aC;PzCp$m=v^NSKb|y5Yf+($&Z0v6DKI(4oba%GTc6SFm z4+jtTdOtnc+xzLKy`Ogfzm0FAV(DY&|C~fAmAAA3SUUfAwjXUjd|00UKkk0h|L^3v z2M0V^2vma#%l$n#9X|VK_qkCbyGJ37aUUQCus_^C`0WtY$xK_fA!w|C%n6IgD9TDSAUiN`POJpnGCzlD6rIvQ zP$f|Zm5K{8p$8F>nmp4*2*iT#6`<61kQ1^Eb^Rub)m=r9_!-5y1cHh*5rWh}^zn7j zPW^XU{T*t7E|u=B*E~vR^nu*e#2FX^x7~6?4PaxV190yi9QGzX^H&-3fqAX>2(yK& z_z$`;pI?v}#R3krUlZQ^(SbroV}k`|JisNa$ZGyr=nbgd`oJ$-Z!Q!O6RO}J>4=J$ zDk|MF1`krHdF(eD%^)BN8L@~dMkTPZ=30S{v`Y%v)mPABRc!1NwY3s<=c6W?zAR2ySB|IF!8eH_J)_CY<%CJgJ z83518h(;3j!w@3#r{X}O2r&<767dBMK~TF-&~W{V1NiW%0&_pNSs-A~hS3(f2cq0W zluAX#Gp_sCXNCjw0n8T!=0{%t=WTm zqpI8S03hoZ_}uQ5t9<^m(aEySGzu2W(fYff<9s)#H)K|w)B7?}+JN=-e!lO~gwT4K zw0RTKF-apefRn>tk511{{`L07{_)`-#l~x-nuFuC%mSq0%hRK?mll@Aqyo~_G@Ww6 z5(`t2NwKJY@qo={sX|e&DFPxi2+b0D@d!67m>I>j2*|#(v+t5DoLWmruh;9@^~^12 zOy*;=r3HqhYO7{(Q)E(UJxQZz$RidkiWunkkl=^fI&N(^O=!Tz3u`&*uCq8;^64m@ zWMJ4B%!`OmB*-aGqYy?EXsmlQ)Qo3LRk(3*D?zqPC~YT7TYR(`Wk#s7Ez4~n+_K_O zBKhKAI?8;0W|#;k*8TnHk}TwXjegDvOu~IF$fUZz1vHXWj|&z*8o%IbD5#{dx^KW0 zrpiSo6436+1KAIF9MA;qU(SfqH|EFwy+qKi9updN%`3O6<%2r_zfIHROSFjL(jXnJ zc9gXEC@+b2jdcS*OQq5yGb3?|FakmKcF8dbd@ijB|m81f711q9PIAgKaxkY7_sk8j$Gp5P< zcMqAD#gi`S2B}nh*0s<(MGOX6s|5syM9NDp!Xko+eS23(IxI?BlKHqFMf~!F&bXq- zBqkGz1AmBe6$HKq5(HGDM4RPBSgfcRlYq7&W4V>}o}1q|Npj3rbxFWjJ(v@p3#`O>@qv&S94#)ycGOoeo{n$bKs1}$@qg36@kXE;Ev zI3|h1Nx!7cwQ z3XP|QWJ_UXzs3M|I;e%XhIE0vS-a@jrt5nkh}c8gOP7x=BdhC3X@P5JbFo3V3@E?2L4KIUdUUdJ3e1 zsfC_^ioRDB3BR_UCM`sKMc=FbJxNtpO=-9Mr90+AFJ!(Dvi+Ix&|zi~>skHZtye3l zXofVFzY3lv2U8MHsNMN!9dFDcDi>1G8BBBm2(UzT4^#tFE@Yr0iEu7-heeuwwUm)o znrn^Nlq#;LOJJr+65%>XBE(ph(KO-;k(I4zMgV!&-ItZF16xuvQ5BA!0Cpe-s1SDm zYPxd(W;@gYOLAsStB_M1l@d@Xu z2)d5@{L*cp>#ZP*=!Ax=VdrIA;Y~^SGL9A+lV9>Fx0-_5dTm-HS_K|DBoAdkBD0fR z*=AGCHm&-m=3Xdx0?(OLTK^~*p^f^ezbEbbPtqXZvt%f^7Fc$vUqy(m1c|9tSjk$5 zqT)mufSw`7kH+w;6)#X=v#fT`A8ywS4WpTVZ|eEHgx`w;^tIBRIDj`B`_G?mpinII zlqq9$nvD~)!LgR6jRwK!OwSx^**ugneyL6Qz&Z+m-|y_wM&8fmFktgS@k?;Yf>78(ry!Zu|8o>v*)cmv^T4fThzmRtDP zSc%0a+nDf4AnoZH^g680HdWBPnCmnW`14) z(3r3&74&Q>sGRaBgkQ`HP}!UIz+{SMt{m8DYVBT2fprQm>K34ykr=?v?zUcC{0`L% zk=A-kL=E7v-p>~LYyf+xI2SRtoBw5uo^j!q!s%JzT2?Q9ZLYQ+v$uu1lHJ<^YQgYr zLA7N0w%}SaeFa>n_@*`6Kdj;Uy;`P!Si|%Wug3IJ5uwuL7Fpi5(1zh{(OP!*zcp1^ zkJZ~iT*>BbfV5!oHegz^cN{G8ptB}icvs0~9f|~Hqy7m}js&($sW9ixd*4pCmITdq8 zFZ=ee(ws+H7n#0kpl^*|wcbGq4-2kA-ru)}m*;%skZX1>(jUiT&ASUc?N>15ArSit z5`5Q#qe;vK4S|i}+5viiRTtn`Z#N`(`k>UU!rszVp8AlDwC!YPq+?P%_C>v*ivesDyO{3MF8L4MG2C#NnQ|);GX(m$**8~2&vsbu8)IOOWc9?{$KC7G;2ozjQ~iVJTD<=VY1co4|p6cfW`h9 zJIr{9j@0c(RBHwiC!z5G6g3kvuXqVX7IO(_-ru*z zqQwcVhezS$%@OGv2cZm?if>rLBR*N2CR%Gf;IULfL(%w~FJL}_|E)?7NK=Xgf=dYt zo(kt^4P?gSiBs;oA-ZA9#tv9ZpydOq*+l=R>nQ3PjPzF2;oZMieTV0gR@dw__C}pA z&X9+v2@UF8K+Ue&7RcOQ?C;Vv!B6J0hHQov*%KuahRhU!xvf*une{9wdbId0)DdDn z9Ylo9&g>vu1rrD~glrsZ5%XPSikKCfZ$=XxI__@2{e02rqW6Y3%x2GWQRt0 zr9r>)4wBHxby{$(=#@QFicm_fVS3(J7hV0rxry1x0{Pd%hoR@8Y`q5T=Op)g0Y7Yk ze(%Gtaf8{}efS7H#f#_`dqlF32E_J7_M=57xUye7`5B^?aBF)?+&!y+TIZC?%_~5T zUT+I)uS)eZ@TzNPx!JSktroWg-iNZ4%=_fD(6a5Z9!}xD+3@v&yKDyeZ8JN<21Ntt zXsne67SnL6aPiA%AOG#Y`de1Rx~Xk+H|i>FY;3{hlm$}=nKYi5;R3HQLn8Q`NycLq zPcmp}Y%zcb=6Vt8Fq?WmV;hRoDB6OUR~kcE0!%su9`)E@%6aC0R*mT2DxgXawBL4lU26prBSULEl zWaelDk0!Na9#S*j`^ErhUeph_hMw0N*w82^l!U(vrszw@bhZ4&{zD6Vbz;sZo14-# z2JpllZ`Sg@^-DEsb5zw0q4#?u^g`XG;~=fBZw+hNrX;^OmrANvyV`Y8fABO; z(~1p@qbDrxhsw^TdIMUjgKiH#A~?AA4uO@2#SO9lsVpXpTfEV@U-$*RV{Uk7?v5HUwx~>)FTsFGm@$cxIT!68KG^}bqd3&#jF;7kpxL!5pUC?%$IUd0 zjy1Xp+Ju0sDHRZCfhHK)LI^yj7VMN*7ZeOfgiNyq0f|9S5|~l30e}qfpHl^r&!}QE zD!1U0S`V45ob?kkY{u{kB)8Pqt}_Vb9lB-cViE$ppnpjb0dt++EoPM=vg4wrRMG-4 z|9=0HzH%1}(UE9G{UIk|NW+ZfDy}TeW15-Lu;;B<%N$%l@Q4m{AH<5rVWI5d`$S76 z7az@3=)woI4C;DY)~dk80FL6V+!W`){qZSZ2^#U!A{Kr4ix<^DJ0p8-O;xhV+ck7xADJHuN>#n@ymtJaN#TGpa&m$6l>(4pd zHMWyAH%sli{yj}5+OU0uGemr(>t|GtuDYo6Am(C*CK|j}m}x2Jc2j+Bgz#oAcMBJ7 z>e`IFQ8^j{>Q=90HWQy0KP&E>9)Vah5era}W&s=xx6Dd<$t1O2w4;c`7n$>90a#-< zSS#nzFk=H3f#PUr*Sp@NH*mV8Ej)l1JkBJS_qw4KADL6s{Z2?c@n(T09b5@;fi%{* zHEtA+t`~W*=9D3bcp7$b^BYpp9Wy~MNfh<(2`ZIff$CZ?V=lTH=aI$8Eo)hiIJedY zy1YZRo$a3a-*$iZQQhDa>NRl=wK}hrO?JEBmPw;5S|9MEp*cMjb8`j2b>j8<5EqB8 zLjyaf>v{*n4 z3y0RVTLvd+Czc%KVh6RcWjKPR(F3#7)Kl}jc)aR~SX<9%?IQ{sdS-6uJ;lZW4#UxK zBhz8>R~WrY(jdj-Jj+3uC%8N144K}LnbjOs2CcXZt-f_bT{dSzr6lUIMB?F((;ySU z-?KcBMX6sr3ACaIjkln$E@T(;oRUzg;W()VOg6Ct+mW7rU-9(X-flqN!pd0SH%h`t zZ_6E{CPJ(G$|HYjiC#F)?nhF)y<4)9X}Mc9s9Cu zpJ6!=dv2K-W|kRSo*fQP4iEOv4xbHhopjKB8d)qAB_W0@v7ZAflsW3OGR1r0!|&9h zKIIb4>n^;DiHhO6&rwoF-_>#EL_x&|7Q*gEa?sMJ~y&baL5iy3x&Rg z(~T!Ae%~KOd}N|SprlA872Qe7LfXgg-IA+^hw;n`pI5RR_sEz9l#OeJ*0-?ItA0;x zH4xyJ$%I)d$%Hy8`uAj-V94&UTVt~>=m@3Q=O`?S!ZPDqV?)Ot$mC237rP*LnUtyK z=HhR2?$lznaZRd7W*4fTpB5&0oQn)MBb1ZQSre59khE@HE@1MY3+so5@hU zq4WhK+zz8O*i$nmK3K(P#hT9QILj409Sa>THqSROm2f5Eijy@cj9K7 zTPAnxzxlE9k@vz3yAu&3YK$X#Pc^fF9SVxe18=9Y)7yFSUz_gC%gBms8HHjPOe|}! z$=a3NMqa}c3zR@=N@Cz~3BMT;7se^eKk&AaH}~pVz3UrAeA3_D-reqRKk9Gq_Sq~E ze2yeyR5QKNbxI9MSeM1!96(nSkV&m_k5=p?oTK)x@iIjP6k!-zh=j03x&@4(mQxIvn%8Hx|x-h0}PmQ!^B6v^3NWiXsem?y5=mi`co}3;1a-`L9e5<#Z z-sh9keHfk`z1}}Ngnu0V3%{6_aA~oiBNkIg6PE-d7g?yejZ=Y#Luuk^Qb%K8m`%es zz}w!jak2_Jom+;|*ey&%Y6!@)*^*EFIp)^nrER@a8isDwI+a$&k*7+s&>mVa2~!Lgtkn+#d6=o@aB{f+?D()ZGbh_PXT11?)dMcK zw3TBfR@dijNkLgy@Lvb3v|5C-4;{!LFI{_1(ufxJMIwz_ug*7Mm&g`pH@C63ER=Rb>TjeS*JhP-vA^cD(Z(v|a|{9Q}cN+nkflePG(l%b?)T=Hx_Hios6 z?)$@|JbE=A?GVKRw3&xg8OxC$yxMI{yzD>?f>8HQ){Op`f5dP+8&T$4UX|l%jk0I#rYky;=EOHRkvf z8->6`%90M<#OpGFd0d)&F6(dErYqmx7XqR?t9UQXI z(gq6*F5QHLB9qpT6`8am%m$in3-)HZAELTG zNOd8*n+a51m%gnKrg~|JXQcNEL7uVRmBKu)ab$PJK+ok3GyX0Gd(Kps=5WuM&AT?_ zbCJ1LL|9r+=~zF;62iZwC`-mZeoJwdY{%SIq$Oj4yXja<%Vk6*{?ckOl<`i1Us|+~ z@!C3VxJphG72-10&Ye6qlT#Nly3&q|u2hQ8wEN_k`SYg`rO9s~2U(2WbcHrD02ODQ zW2yuT3W}NjJ`{XL)s&_Z-FSrl0DV_lYe6&fr`3JD@_#@6XI5umok65EU%lfPtxl_H z=Ir_1d+pB8_vJ%6TcY=F_C8alexFj@>!Q!GABR@AZ!74xIc9!`RP?5%<_a;h zt)G-1EnB(sq!1hCu}>NG@3?vXY8e{E(AwQ+0iX3`8u#)mh#CnST73Cu^hkQTx3{;q zsvt?#l*S6Tmrspr+KL)dM(qmXwynqGXz|p#5MsZ&BqzFuT&h;HZq}}NjcHE&RIfJK zN%P3H)pn~$`HJl-=q;35AM1wZJRR24Vyo?G{j~-_tE4HbXt9cE4fxwsS(oGFsjD@3 z6*be$N=uD&-P|f(kFHR_ zucCs(1G%p5z1g1DYii$B9im58mdaMqvwsptYUv;@xbf>AG0Sz{*3FC zxDUfRTQ_pe*Vd4hWQ%QYF^ifndHYMC_2v0!$#^$=|4KxI%y6gG0Wo8Pe!u@N4q4y) zy|epcZ@ahM+ZpH;Pfsl|V-^CM-(AS5EPNn-k&(aR14R6iihxM^GF3_H&i>rWRr!ur z67XI?p%hUH<13uTBFe%Mwt*>8rAwnc<~ycE(j6&AfPdb~rGzt+?y1?g0uWu`(+8;j$;o5+1@akM-7ex$APi z73jLFx3%xACo|rXdB%e@J5%nHg!N|Oy@ZD|)1aQm*-11HEgDV6!n}n3^9<8Q+n5cn ztmW>4(gY@KPGg(Q$Hs8bn?o$`KwHNJ>#0DJq*oNmarsQ7*x-`=n1`j)pRFg`F#7^0 zZk}Qg-awES<-7{xMPPsy)S>f_aQXsBzbt{z0 z){ax});s1~&YdEQHOyrSZ!GwgSB)Yj6*<;Ue3h|lDZ%XemTHzM1`KoZ?TDfb^>%v zE+}AN2F)BCLgL zSGZ^@GKbUezCC~b$IQTf7F@Nj_jsp0^g*4PbtU$b#4FVK;Rkn^KcbKjg;5PIr!1o0Elnn2 zM77Rl!W7aFe)yr&`S76&Y+Siv>J$?VeWwS%+WVeX#=Sauj;1ssB@dXn94hnsl!_NG z9l7`ya5NlrI%X~5LcziFSEpx(CvT62PrrZQLI43vHsKz;j6K`nD@g}%uKx~Hl;8c0 z$NXHYc^D8zV$3D`4fPBfOgU`iC>xdU!-qP0RV3llC;8!n-YCGQPlJA6_jdEW+l{=1 z?{hi;R@8!zAk&b8q7=FW`cwsdyyj>|0?+iD`+T%;yY)dfa@NEpVZ((>%I^yof-q^Y zS=YaK`RwrR@a4(b)9)X+ew|PS-EOW?X;Q2L-OHk?>4mY&;hp4hLe%u>#)qEPevA?B z&GsKzRHRQEPVAeC zZ?yFL-&^zs-)9}UQLdUtozI!CzN$R{5E~v76h_vM>auinjScb0Tu@b7VI(l7moQ^- zs=Q2=g)lKD=F*4)nG=R*vc2rE?$^#aM^gTH4@dFvTc@Eo~@adDr!Te(c$%g*FW-C3i z-{bY9r{w|kf|7j%#ZS?{!`$s}#f*6eS(y-1(-dqx+13aQJgHREsE2O9H5=b#qpSG; zz(v~HfMwk8ctf|+9dmI>MA(i&T`c1uN<#`8_OfCyrNPAsk0KUN&d5X>@He?L ztLXo4r!-2akUf<|H`K-o{r|_kowEMFxBcVpH~s%Eo(~`TKXeXwvJh-CRq*=wk_fs5 zM{&^WoDQG;v-_L{G?uh`g!6CAs2IThaR1=9!|rZxyYoX|PhAZK=4>`Fm&I8`waj}u z)14bk=>YO#ofE23VSFS_Fs;liflj1&;DyEYgfOPpY(8L-4d~+6e74xBXna6jp$8!g z6l~zH6V5%I(=@a(iTH>_`D^og(-%wKI;_v~z}ymMBx%GJOBigs=Gw0>sS1I-GoftE zw2B8j8o=4X5aF5yzEUxd_YK7+${nMU$XrA12^xo5L9?BMZ#STbi>`(aIUDf(W)n&! z`JH!E7A+$S@Q_B)0{)$n$k-oAlHefsI=@p;B8^R)ECr7r;x^Btq}vWlv$t2Xmm;2bKba$+4<9m-_F&}<-)sWvw9;%BQ3HO%{!!US z*8;IUR_(pR_le0kQ0zPudClT1nFo321e`=v200%$Cq-$~CvC;v!T#C)^P?C0Z(k12 zPR+4tGe>(D-D*d*?uuVGhh=(v10Lu#JzHY^yLokh`~sVLODxz7a{AoBmfENV?`oGj zr%gxITwPkKKUKugN`bgi>Q_LnE7&}$+y%$k`;x0f;5^4#QI?f%oaxIQswsrY8#|7hqm8 zHRY-DUT#$J(gojf7Q@E>#2a2w+gZpFSy@-vjn4nXulJw7Iy{Bf`_GS_?VlaJd@=Z+ zShGP^h4ok@lNSfg(=Zq?A#xjZe6XHHp~fTyYfOu1D15yPt@pFVZG zpC-QX+9s45xCJ}PM~GRh`w(_ZhVK$)S=x3@eV(%X8aQPTS0ZH3cI`n>X#MO4PnR@3 zqXHE~@S4`T5)^jJIk4P{r2*NOn;vRC*esB4T=Msq_Jl3WOiTIJT`dx?A1W#4VZ-=L z8Z0(^nj5<6k+p{vGt*xesY;UjDRZXyOjFRHutqH%M{=Dt@muZk)2HT+@*d;hqsQ1m1GJLQTlpS6Cje*L+WyT9G+h1%&` z0DU!?;^&V?b<0cJejUl;!}VtH8ki+KY`X1@EKs~5ipcUAQ%mZ@h6S*JN7er#vuK@; zYD!y=-PV}J{d%3))Mm@UE@%F(QRACKN7h<)@)5|R%vKG}<~EGUpn7Gs%D`R5VYO5t>6Qt$xvWW*OXyVi>&%|rVMF+D%3bw?Ih)Fgn^xxN1r8TrQ z5u)+DJWGB)I(xByeDwC&;m@yr&87>sWjRd5L@Z!K3Elbz-jXRDzw|;nN+)IZ$=f)4 zd3>;c_V(53;mM2r2w!{fsjXDfRFQ?;I8%sJ1kX;qi} zc6K&IKgqW*ULF5@c(SCKx?}$ec+10Fv_Fw3$%7ol!eL4cViljG!huS!9yyP_D>Dw` zmLJCR*F?xtp)1b10>o9buSpsKo#lLxSI)ln~2*sTOq$($VY5UgGCV0-#EX>m@a#JJ(*tuzNYjq1aIgT z!~C14AQ9TR2-S2!gICb?Ctn@ltIoj;rm=3YIgP25L%~NhA2jdfH5G`OR$7go_3q6X zz=Kd0v_*U^^?Ia!r7E8}d2$5%8;82U23MiM5;VsC6uo`V%HxpQ6lwb2kcZ4q0*!Id4IBhJftF^u_6=tbZ2|pD_Rp_Iqdf zB$q6tLAJxZ)&WZfYMH&gfQ=y%>9c4(p#RR`ncK@4z}}ph<7&Dt+{r>k)h-X_ zo8Dc<8a6jMEZN@t0k{!nZ$bW(MhiH4(v^4|;A(tc+gYUs8Z@IPjYe=}b*OWGMbFq? zd62#8wpv=gT|GnYYW?5d{jqZYe{c6&{I5HCZf^ZAUsFd$GRv*z;BL2jB}blR zK0BYg^Zo=+W&XR6U^g}SSI_^wy@wV3e`ja=+x)+a=O*X>@*sWd=<(J3_5~&0W|9B% zYw(`MEb9_a18LU3%e4Y3l<{X0Rpr0Va@<(a#IVW}6sSmcNuc}QIIAtON?(~856t&| zjT_MZ*F&UsGjK)gbAgiOw>p}QuWt8LV}f;**?$irA|>8usNB?dC1sl6vBZ&ABfEKw zEtg>p>VipD8Z4Z#6e#fmJvZ>57n!nSjuP~n+IGuDZTzyrQL*%$nVMu4nm={nqWj@> zwhlG0o5p-+yV`8Qi_3I_Iry&W2K}MzH)$!Q|8^dwD|tZUcxG+{ZI+=W_FH4~XExwn z8HEZN03#Ay&?Zk|2h$eHI@ezLF-H70fhSxI6MJ++^TkH7|NQ}|pLPEEUhS~{#$|q_ z=kw`WOzDkm7CEB70XIIZ-!C85tnH&&645M8gh^k*0*la>HPGL;8R(Yd+$0xF%>MP{ z{%VO}psu|L)UT;3s;>Xo%2{MFSJ85ztD+JgdmP$rCwgU;NYGL7PUQc?huanT|M21CZ}R^xo?Ej2SuQf}uD%t}$mtjU z=d~<@MZgvN;I%A*--P!{;oZ(`>RY8g|6x5|%m3`>^>%w<(|-ZpGX)lpcp8Tg@HnP{ z%7Q9%ty^)!VX<&GGn)^^ePyaNXLQSlF5gX7Z(O*)+pYGRd;H!je1O(-ts6v)#;Ra4 zE@0mvM&2h83z*7yP5Kd6av&Lt<^*WWivG>5L4Smb`+KdS!;Pt?JB@9IIv7!PNoj0@ zhToSkeEDqMUcP-E%}pWec$Al}Ah-_5wK<#Fw8+y1>Pr_MoBi~wTkfxEm;L2F75y(y zihWo99}j=5za7`I$&D zdH)Jj8h~5{A3s@oR2 zf0_0!(um%O4!G+6&(6-Hvi)yw``h`?ojjjg|0|}fzoHIU0P?x?z^45FU$!n-#QK{0 z;Bp;gMN?Pte)x(sLj3|0TdwFAkvo`71WyyY#&uV+vh{)S7I>4%|7vtEzkl=14D)As zs_XwexJlpt?^^hOJbt`e$^WqX&Hi&I&n>S1bpb7!F9-X{#MZbXjOX=M4X6u?QT7w5 zRSs4sZ2W3&417f^A^-^jD&;W`X(fVA9gld$a~lF?Gp~uKl>3-xVQy^Hn}4U&^JtWc z3m5#Uu2ISUQ{%y2?ludh7eqwnDHS|88+E{&Q>8Tod%t<-l#2W}j+=LR|7+*r!}9)b zZ~Mn@`@cJRZc6^wy5pGuuYdk)T3?0GRp{FPG9mv?Y377iiltq<8aj#K3dx>HjEurVqpH5jZ(WCuwj#~g|D5-4J~fApiADru?ZUyjVEfl0Xy5UA(i0qWCJihdgZ3@ z=bl?%!&4*w@dAZSt$P>tzn#6^?Xvyv(Ze6V$^W}}Zpr_zIhAt5Lg5!*p`@?M`&3>t z>ZMXvrV``+i@EY!>clnf%HGCJ*(+gFdlYj0^>B^5v)&5WI+tLX)E21)zgE}rs{B_( z(Qz6{dSd}#R>=QHdygvm|BpX@^Z&k+=WDe8cr3cHc8EBizZ=3!oZ2F%-}WwF$lm1& zLE?&m!SY-_HUf9%&rWo$!*q~%vb}x$-=BwJ7Jyy6g zYx9$G(}g4J0=`z>6deVS(wYkm6?x=tV>AXnS$++{iIp_}knXa>H9kHS}SE?(9D z=RqbIZ)gLs(*NsW#s0JXE&u=BJbyaBhC@1g#+;Z*P)9$HT|L@rU>(P(9W&7Ww z-Q92YzdLzu`TYO7OYqmb@_r!;?pM6ds&a@)N0Z8;4tiRruQ3)1Zan8C{Fy`~4yf4J zG%Dx=Om0=F5P3z9hMTq{if?OCDi&!l5|;F1S2xoqme7#t7A}F9r-am?lY?A}$&L5f zDOy8LNIapkuJ`=!EBnze+)M`-Ymm`c@C6S|%t(tgwec~|1R0N6P-7c*^=nHm33*$8 zP~MYNYT>y*996aP1~F z8MGDNgB{jpjI|SFDR+5H)0PF7Po>xbG>C3`5nA1sTH1=$N=90naJPkIscS7xqo`F} z5N|q^vX9>c*U*)z$D6MS{q?qC>*#+K{a;10d&54!EA;<|k9Hnc&i}W+<$t)7=a&4x zYVtocl(4+!O4P^K_6n`-XzYdGE^Z~hzk^_&-(O=>@%^nI%`a(TUBBW=Qi$BeIFh}< zty}>WnuP+r@B0X&$B$?n7>K&q1+_Yk2?vpXHpzqP&Q@yl>Sb}TC5^_XY!c@z`F$R# zTCWf51gggB0nybaG(OnR+?oTj0S_PVYOmCoVz=plA{@PA&&38TIwX$n`alYLQ z3g)jm6#hXMH5dfs2K&GOt7)Iqcfi+oQhPg()&F`^8qL@w=7QdQ8!Pm`?P~t7-5)eC0DU;xmiGZBaD1u4EN5;W} z#gi?JE2P+*V)!QSJ&D84J&5VV1jc-j2s&o(X=q$b{?}#?UdGV^c#JhQN{~f?V6`kmhBKcbKSbuXrqzW$HK-)GX=z@c(!2!D}KIPbC~ZJCvPXBKSKRs7{ZCl=MwG z!QXZ60h>)=%%hNs4x3H-U%o)G^Z(><|Jm_jZx-H08%yW^&fcTl?ehL_cl%rX$Gds{ z`+s%2T_8!)HR|DhLV_u^;cB7V{adGV4}NA^>ts$6z?h3-!A_@Gk4Ydg@Px));~)o@ zbc9}-R6t0j(ZChQ*h}1HHjxuq`%qeoCy-r84(w9V8tXKE4`OS0}?hXT@QvZTDV^A!P%68pfaHW z%1xC40*w>ny02IaYD$5R$5d!o8ZN(#4J1_r5b#+-Vn!tjT}Y*_rwh#>D;>qXV3rdXD6M``T2RkW62}h(YgY#SSk`lFk5tm z*)ISO*r4ARbi$+(i|$S@>*l;oiA8pU8yG*(n3f=Rl$h5ePk0BRx;=}vN-UIW+k z#!;*?ggPA@XCw+noGYmWNi>tb@fk*=GGS_(jt~=zRbMNlgvC_Iz7mx7XN1MsN7F-_ zko!IXk2T5hgVmDsOS3U7X+(JU{o$FC=+o7sFe_jyIH({cUol72~$ zbWR0{aB{-oA$s1L9Xw7cqq*ybu)rx5^N6Y~{B>%k=TIvTTNc1`!;`<$(Wzz*Wq#Vr zzq;!-l2lMEyaB(Roeh1-;muT>+z2w@A=TWYB?yaqosJtr!)y?c7)DexmsK^e4@r`g zdQiXVg>>HEMA%->YYb=EJpj!nx#1y< zs%05}8IXv@6U)CiZ5?MI4SLwK`K;d>j>gV1qQ%T_G)|o76aIX#hFCZ`{PpPc?Bri> zU+fFnFHeuoUb^4DMED!L;EE35Up$4Fnsq{^BdM556-A7ahy-+sdX|Lq0_bxb zuJcj@=WdY@bW8<$Ln{soo(eM*hGHkW%!))4E}7zD(Su*KV0=&Xtk`nH5)dO-ExT=L zXc@j*loj!MS|=Clk$qZ_mgjm}PN_t>J|l4`?btdY$qhapmpKVwF?CVw3aO3Evh!w0 z1esCIynj5nmt;RSL7IF7xOhp^>DgCMQ=;6&a!_dqVJZxlA`h5m^Z<}RZ@+l{@WUBP ze)wSk&zWBCqsXz8v_k3}c}F*Oj$HaGW=(vWx=;O(M%40y&y*hL*YKyUl$SR=r~ATo zF9uQwV(Qe1vY(153UwuYqvS%|(J9n~@1Uv3!1RTDJr~LzV|D zkk|i5L82n5M-g@zWJjB*WRPROtt4w!1vVq zgz_|xE(PXlzyrBi#23fY?kQJ~=lUbL*5iiVdsEK<>ks{v_{4vsM?kN*)@ps8q5KQi zTLp70?@znADF_dYv@jCeyVU6to=B=Tm-L7ksA7+tYfjM`zhEIfcO_4iusUf%gkmI$ z7Qk&GsC8G%-Ps;oGQIv0hU#5q0o`mu#6j|q@e$FV+auAEM`{uAjq+KK?1!N>{A*;K zXf&dhhWSOPb}d&C`S7U;5zhjDZV~a_%5D^!CPd77`i$#Qb%Mg4%oRqR4|VG^bpu{fOzETWxPX%Z&~iC1c$+c4NbF?Qn2K=B}zbeu-!nAU8GjC+k)6lC)r zsDS3uDMZAiZi=@-Q&+ta99y7?D(_)De@#T~pdX@2?Awj!L@>>-$f6^vS8CucKch#* zTF*LY9voL^I_k}+!P}#vERngxNWY{@h-r)FQr`5@G^_ggax_h$8^v)In*Qd)vvIGr z4{2!ijy5NCP1kK#R_|2S-BsN7Q{S}VEk8eLDsZ~@OgodVu+n!H$KYDk^ z@j&1e;%&_^W=XX|JHG_8nh-o&#A7zafxb_;q)=D@B08th?GW;0`$<`qDH3v+-FI0{ zh*{!{L)M*=QoraSA(+-UNQJrKrRaO*ZUQvYlj)Jpu*5@o9~>00U~ZfUONbI_nfaRt z8OvVYkVcY^CJKNjkHL)nQ+D~~m*~45&eF2lbkq}9rvp9YKGO?!+J~TZdr-%66 z?kbH-$kjFy>k$&OsIr$>N{C3~efg@+CSeF!IvQE!n7 zutfX@0iPv9!Sx#MZ&X^0h^-8XseO}#oET%`Gh+ce&j`tmpL-FTvDG@fG4>iCUVCnB zDx%|w%H3gaWl^b~dDjr)Vw$cb#SwzV3rF#{PRkNPA~vTnm2xQfh_2jlL z*OTC&4YAl=Qs5C%J$$GkM45E$%PIK?F01>UQ}Pkc_ZsY4MMB1eMX8`?Q$gjFNA;8C zBm82DfpX>Uijs4Y}HGxJE266NIOE>h^;26bqA!h zC!~$oYLZ%aLr9ab ziW7{}7a_UzInuP%HH4fLmVlMww?as^gxoSED+xLExT1yep+bn|s@oorWrSo=`&zm^ zc&EDd#)Y09-m&OS<6dfd86kzs7_FfB0hI2Nj#Y%%0Ho;N+`=K{BMfLSSP!cOTDzNx-k@Gf6`*0jCCVF8NrU0~c^UB~_2lWRovC<#qBfQ`tEe{DsjlOM4mW)UZAs4iAb)$|Doa=Bw7shv11=Cez zT>n{*5Yt`Dyh1%fOyRqtWyv{v-qsq>vT({;WF>mSNXaJX(Aa}RO&i|)B@#$>>Fy>5 zWSP{`BXVj($+i|9`H0B7rDX{rGMLgZji`80|+Zf;^18{9DTQ%J{My`*vvLKcdU9Q%C>#}2JZvQUm1n`6k;=-%os{eq; z(E?apaDklhkhb&*Up69&N4B}v+SW%n%PZaa9BGnTiYGkclf`MGRq+EJOC<=4mz}_A zLQEwvwZN-ZLl{U?iUfj7X@X(6$Pr}5;|bWEX*a}st+KHvmJwn@cZa754O&Yr<7tD} zuBCMWHa=Sx(7GMn`dKnZysUt2d20zFkv)JXp$R@jqC)f*UrT1O?>gL`kfkG1m)>yc zeUG&Xfj|S#c%+uD7EaLZ2*LYtEr#VPgc#U9`kAnP(Dok7azeDKage!QwcS{SA?S*p z)0P&$-VwX*Ig9UTK#adu7G>;Z9MFwF&TCkU{ils4Uu3Nl<0W)Aw0wl~C%>{{TL42H8@Qa#$UM$N?Oj5Vt(eOF6E}67v3e6RIkpp>$v{lC1AZCA&pyIsxG;> zFq?`s{j~x?v;D>kA5QLzWEyqZRNtHo@6$T6is4M@l2|K8aYsRF)w?))*!}!oD9Q z2N^MAHgi)6foM$(U*~xUB#Z^0!R3?%(`Kaln7~|rJ(lfwj1_>JSm-+)Qr) zQ}eBOgzL#&3uDX0uikjUW4Zxcz{UZN-qCR5x4N2q zzqj(V9f>I=VML{@@>P|cH1e*z8;0An?zSMJl%=xPq1R4qTNI7$f=3a?oVL^acAr%- z`O3KgYaATGUQsjw`P@)AlJ0_zER38BXWKx;Qt6b>iMlP)QHh)$oN*hz5&X21ddoPW zu|4tKGPwj`N(Hq?pj4=?&4}SQ)N9R7%|SKtAScgHi{be53F5LqhIGtg8Uj&uW1Q{B zt}qg<*a;QD-+0ZPPh&->IWBY9xtqiRpQA0!s)9^*d{{FbD*bE2&uC~}n?=f-+Y;==Hc=fhPJBxuTFnXjFCK{% zeV0Bu@neq5u-`HK?}%o}XB5x#>J%i_gF=FsohScwr9INhxWdI;%JsKb###p67u06t z(S40VkzdAzj@Dum10bi;#y?hEbCyYi;g1NB;IcQjBclDBI7y@GxmjVI5NXtU>b60z z-P4wcJaKQ82$KrIamfDgC{Kcb22#Bb#m#m|6%CZ}t6Z4_VLc*Rv6B`wO?D@TK4yaa z9M4BM?>8;QWg^aM4QM4I?$&JPP&hwwaswBsQ)`Ymch*{awmqa`#&B;SuNDvU3$WQP zGuo~b67vf%-7d$$FrYbN^#-nXFXHV&e19LCh6w}9Nq1VCcue5(KM_SBWCBm#t`TUx zX^n&?TI%u_m@ASV5vE$VfcNK1Xt0tNKgq#5wA^9V11`ImnfH7-EyYX-?P>WesS#F; zOEFzSds;qA{)85^AxTU6D)N7b}0BvmrSoC4VJ27U+q&Fh~-H=>R~uP8b8N};#npi zJsLcADL>xLXF&a1E$gMw!-42N3;3)j)3}$XJki+Oj3~=LqtC&jI=Olnbp!F4wo_m2(=ZTC3G?b<)D6UE+6#WQ&ys>QLu<~mDZqTC$He+|*}<)=odzhLmSKkWzN zi%IQJpU&ZHf7%bk7n7QzJ{`r^{;W9=UqWh)zq)ApVp4`X8xw@%DfI=V2~60W#x}vL zjmpDfPzdctQ2z6q!M%Z4$C)F$j55sX!--oSFiSxoNTMf-lU3$IO77F~662lnc9y8W zz&^qoh%CHME3L@|YRsbo=}BNh0(mYpOoB+`SP#N=Q2tAaCQR8qZw^6KfRUZhnfqd< zCJ<$Z!p#FYb>W$Cid=PLPheRtsB9|n)~cH3$hWRS{x-DBa!2mw%lLe z++S%%2#PX>#gjHB4zE-5iuNAt&7=Gm*hggjd6Gu0V?kT%tGgJjM2bSnL>+`8OcTMv z8#lhr4#G9}=if&Z2cqqQ-FC4qkI5Am?7xC&Dh@>3P2ERtA9sn-R?1zTnPKy-#I?e7 z{^>V##eooY(GcojI1`7BYDYtOg9Gr#1Fhc3LBF3v?lImEc_6)4eaz;d`i14bPa-N5 zizjapjsB+B+@Eue=$uU{kP)Bzu~A`05*J#9#&ehx!SsS5vuHjnhBqUoVlrcWa|I>u z_6bwdbkqy@tnZ5CUQc}`DDBS(i~Gg;n?3l23z%`Cx94LnW<~+C0XhU7Q{iyB>870v zI}g$U7S}&jTJy9?_0p4rYt4poaec=>VA449>446sKw~=()I4}r18wJe* zcBE{p?$fzmFcKOlHmA{|hXe5P>~H`tv75B&Wx9vy*_T9oLBlOz_&eqb5-uehMMg2h z7z&6ONs@>K$jSF5m;?=a9SUiz7>VQ-$TXM&kr~1gxX2KeTb9lB_+SXK9JVY#_kmh7 zPMD?n*@BQpRO!xG#BGc_e|2fy@buwDjtAI$rj*Xt4zZ{L?v?H%XngIEn-?KfghkR^a({Ee4g1U`9L;8_!e}XqOgyDV zt1&&>C}O5k#f6@IeT;r46^X;HFo3$cZZ}^7H#?mplpInC9#5hL2927{jFHu)%qX<1 z$BSrA4^vFmpcMipxXmedHboPyOa-;6*Ye2^A*V)0S=mvH_{2=;eyL@pA`^{OnuMq) zTV@N{7`aWE^|{ySSY|QX8aH1E#Prg#AVSbR$dvRmN@+QO#a#F)n>YZ&#AW5SK(a}U zF~8z0A`Qx(KrqA`=4ljDk$Z&UiF3~k-z!8W$J(V(F->+lXB=icbf#}#hB~ZJ65<4L zVt*@3@8v@-QDM{8>(a@dn{u+~YB|=wMdJ#Q8 zKi5;R;};lc6$-a+19<-O*SF6PUmrg2Xf+ro?Esz~{`~4!BScFJg;9Hfczy-gljee0 z9wfY$Qd~Ym4w5%uesGLQdn@k^^mDfwKtQ6ZY8HwlQKC}ACs z*~ypi5FR*fz^mzw#JGTnPbQi@oDYQ_1U01#w-CB*fyYF74mGpGD)5jS9#?44aRZ}e zNEaEft6y}$Ft`7~y&Gm%B?qt{U6O_DfbqHUM_RwIkRb1jAs1=@JG&1bnejdvTg@iR z;ATj*9E?!6ydQ>QW;oS$f{94!cR@`M`g}S*Fy@0yJ=xsCAcIqW8N1=JYbK0n#4iV4 zw;8~i%pA5)boLghP7JX-4|jI(xADLjdT*WLfQl!|bZ=QFk)R}80E>et4XJc}TOkd*zu`&RWlj`fwd~+ALb0CD z0o8d_Ka-ZtC2uzAr*=jyomI~%5wY3QlMzo9ys36;uGw5<;X^ZXO~B)TCQ9}%xwwcp z31vUwq3my>m+oM%htzA>)7OFyaeQ$vC z?A_kb{=(w0YVa^UHAJte43uT4H(rRbq1;SRmI*Sy{9bWW*JqTUR%zWw9Dy}YA0L7K#JXcMu- znkvKB2Vl~+g-n*yoMy`HyHu(|1WG=xS}#n#E<6mz$&oAKB8~M@9`m>>I9Ga6v-`}< za6f(kqqjSZFj0yEo6&R6*Kc+JoQtC7tVC6>ew7lqfw6*{;xyGl?Rg&XgXB3lZV!W)4tR-JUDz2BY*c<5gt^e{ zXyFoGEDesTxV;=|WW$-@sopV6IoDM?on>kTh2X**n=3Q8R>0i% zwL09_zcDAf#a3aGvXCw@IGEt%QGd!WyNdVy>fI@gW?gKc%cM-HG|MTxN+yDYNE7B| zc+wN_5I;T8O<7dXyn%yq7;$y}xG}DA6%AEk1!y88#pwWYfQ1;+h_m<0aq*-;) z>2%?|prf3_C6PYt;%A%jN>}qUdR1%HTM#l${kSIH#PeA z9Eh%YvDxc%vyjn6j~LwvB$B)VF&{787G!N{kSOe(^#Y-=SfOo+N;ogB(&t-1;7!Cv zm-h|DG zRO_31<8Up#!~X1=pIwWvnJ}9!M$#6{$OQ#y)-0k>&76`s&Fo|OT*>HSR5~d}-_syf zMjS3Iv+1?%fX9;lJJl;VcWD;QY!<)+6tu`f#>ilHy+lepB*>OKXYj-06((IS zmh;U)!LDw1?q@HL5BAUA4);$_e}8%M?CJLpwE7UJ2qsjyxIEo%ew^=Y!8W8`m%}^B zW32=|-T2Vc>uS$@>bg^sPaE(NMnuxbkDwcFc3cDY(8E`ANRmhk*%T<-b;b7imh}y166ae8 zJcgf%oZ?{$B_U?X<{|C9lQ|N*y&XiN+=gDkW_)hdid;`8Ng_B2rf5PE&VeVsuds{b zg_Ul_H5?=}2erEYgrG9vF}^>S#Y@iT#+%&)Mas7XJ@}d1zRofHKkU8#f7>>a0J=Z( zub4->8!I&_$=}lRuJ_JO(yd?9#Amz7?lpTYL_!j4ieL#!j+*%W?eBvDK!V>y$(HTp z*4+K176}XngTY{CFc?TX0!Jnj^*Yi^$_)gePmIXQa%DB7P!DLKCR=Uq`po~ctDzc>3hhma?5)*gz=@BZ{QS{ov3&?O zYLC?323x3K;!RhWbX~6Q-S18WL>V$G7hU`MUr!`AZfwA-z@rhTLgkI;NiZ6x@Mn+3 z^S_AYeGk4(81X$ek$p{RG67q^vn9hJLG(K~i9AE~3Jq6#BuVaVoR5P2w;hVjg5`vjX9w zLqY&x10i;Rfat7NCR8aPsb&3DC@zQH?$ynF*KnKm+*8+$kqk}KQ<9VKcC1=0l-M5ArsY?xk=gj$(5r$8Q!Q((AzByW=l?BjDd zIk(~4lfQV1592{Kg4LdiUFIT?&M}}L*00G5vjfwIV90&D&+Nu&1ix$*K`7s$hR=Zh4PzL zy5s)o@p+&}Mc*jn+cerzH7P@78UVJNJb=#s#N`7Jx@mI%3KE5Kf|DLU@`?Jz@S> z09w`^Dj6+got0l(k`7akq6tIK2GPqo8%qH{@wAE=iW39jw2-SS)`s^x_ z`hhfY(TE+7sSv8oS(koV zim0_cwew#uVZ8fG9`NC&@eQTH;`!g-+28LK=l@P`cc=F_|L^1Z__6!cY7ha-2!N;E z>ubvrP+%5J4lxEuSm5ZNmu5=An z6t%c30NAkQ2VM&HC7s(~fA{8%4YpjrY}mp}>g{ij&usDU|Ja=lIM>$_>5m^B9iH6M zf~XRscO#+xi)j)>qjPUe{b?9Pqmxm@vez%=4kC+WL}8ry;B+V;x?f&O8(Zt#I!N%6 z&JW?^M{qCc9Imge{IsDy5iYcH3Ag{l%?Fkix_Y=7S_hRBW?$8cu5t(z$5jhN7G zDHL@1zQ@cjiG7bvViwUT%~(zb6iXMk4encM%f!r=ufWDQ^&fLTcwVUdrH-(w{%PJF z6bdCE<# z)~@v41R*4W22m+^^QE>3Nefck0MgPsm#)Sx$RSSFtuoWeog;T*vdI=Go-1%zk<9rx zyXr6Kbl?+2K_nC?==X|ZS_!m>rLaXOaXL4KxKl0)aS}x75Ns01ZgDbZl@8%6L@Hy4 zN^{2gUS4N5FX?<6Hc@JeL8~%D8KX_Pz~N%2>eVhsm4=O(g_Un3@yrsPs_s(gVLjhr zozIbrHvccMQB_`id2A$>Mfta}BKB8X?@?1;-$Gc>oBz)*gt-p?@3IiCZmT%;qUzz6 zyKl_tyR?wHy@;w2P&ZuVmKIK>Chu4CPgZcmE zCFOXdg>i;ar+jG=4Fz@-%YX_u$rZz3m?@y6kPS#!n9JplCJeLSf>MrA48@1>TkCf2 za}&=W^4hM3q8n(0Y|0ST%6eK@YN1ehb`lmR0ZGN*I?hKQOZNkwOfjryF!e_?b(b46 zdB3`w!z+v&r;`~?p0i0z5(@TT`|eKP>Dg8Nq?r%gP6iNF2C!w5-C2J?Q_{DKWNj*2 zb!y&}RuN6FSaPX4z8sZQozoSG_3YNPq90Nk;cmuq^iqfh(a6302DPzulFmz5^cx#2 zNi<#hK6z^(bj0OIrHihQJU*cl7V)L$US57_67~1)oux<|^YxM`3!h(>PI-lYD?;&< zq;xn9m**(6#(k1Xb^RfT6v(sPOA<(zZXk|cqgAm5p9~0DsU?bN`{rR7w!Y#2xOKyI ztIk>$t4FHc_Y!~h?eTNSFY{b(RwV=Ctsrl1uNKJ$r|Fm_!5=c4$tomVRDFG}XqgLx`b&C9c2olEQH4H758?Mmlb)exG9i& zOF_DcbQipVsU&3Po;(rJuDkoSYaPQCnajM1)VpjbeMRJP)hv6P57Q_O!mPlqyX*F3 zs)C}AUw}~*)Jc6*x)hn{G0(4Tf4si70kXrpuFk+K(8839S=*T7Euka&0e8F2tUw<> z;=0^~16*IjfO=%gse~LvqbxJPC6y<9b=e?-zwWxbDqEAf8o|cPgonhVND)jGXUi;% zuJ!ck1*TS#2`yCqKbedqB_SI<;h5NTGL7m+U1%P1|F3QTS0=^0`Pr{OwV(go-PwCq zI{*1>zkl$!|9cHUK0TaW1%`R5Rj&SWYv6zqybkD^F1!*5u%S^}EQ&!i;wo`pf-C&C z5cM*@v}C;?g)0_4Ng*94>`E_5qFo)+=41(;&Gt?SrVLbtnsvf9lIBKAnN%1-`Wp)( z40Wwi!3>llkzZ3^Ti@=P%tPg#@SjwME60dG*hCx^O%IR2ejn)!ndk8G?Ci~%Ok0NY zQC;UHvy6Gu1gVhE-_j&El3=-ZbE8K}qbt0$-$zh>Ub9r?d!;iPsjJiyYTg#L4J`Bv z7p_eRUSOfFogiFZG@;&Js@zf4B;p?CYhMf6-%S(DxMU`%R;dbQIx2xz3hT)x-QCDL z?@0D@@a{Dy8y8hxjSRm*7r!c1QX!j#VpWFx1Va*p2J3!qD$@Vyr%nIEtc7>0|2=zF z)&KSm9?$>Z%X9DgpW$bb*N&-FpLj7&jryS&5dV|MpySUo#!};8i_(A6F_opkmeG55 zIUo=fjHb1@*j}c!>715AgTfH;3ZQrYs@8JHIEs<@!4ElBXILtMs1siw{gOs@(j z$nMz)smt|V*)b0V;xdT*6At!-#Q9l( zyhH(qBOq}sMz-)4FVZgoE-=?Bu*z`qQz#}^6@L{D6)Bn)I9q**zic|xiLY8h1Vh*| zPbL|FJIIb@t~e}Fs({KTm`1_x`c#%o-G|9LO6U}@S)UZ3GZIea1+U7RB1|5w<}H}& z75T9C312e&TPAr8KJ8OoebvUhSV#5Wh4I!Unhy}Dk*zIvFJhvy%aX>Sau7+<6kS8M znokCm_3nFTO_OYOjF!S?m8tsBGV5_rzG(R=tp&Y8+;K%o&-l9bB0{@ zK9w6_vCMs6lUMdf!ler9^RC<%?hZmW=998#dV4#A-Qly{ zeec%*1laYJa|8(&CvGYH~ z`QyFwudmg&{6*(!N7VRwsdAgY8nh}{Cz?+VkJMIpL&3}t@Ll}BomF*z#G7pLpFw2) zJjMPlHZZ`Iw{IS2{I=MBXte)Z{XZ(U{5B4t7XQ!Q{s{0yBms}p7o@AGBm|K5UQL7kNwUVuO>gqwY6Q;hZU+UW_ z6Jl0>Q@_glQ>VsmlmRo_h;mW$1~!xzPzM~9Z&gzF-K;Iz$!d2`qSOU^g{s09OCXv~ z1~lpD>nZddig1#`RSe# zB%GtPxfMN6O3+rMYqk2qc*q-&_s*%C5!a(h>P$#PMz|xb0ve1fH&A+BygCOSj3Vk= zq5@vOE0#LZMX{W!Te$S4vPO05j1KdgBFxsZE9|FY+`5X$-HmKO9TQCZ;0oA3O3-2% zpghfu7Xwm*`J&~t(ecIB%Ys&Ql!_EpW5R!+b0~ne%Y^X4sW4OIR(K-B{8H6giWid* zr6G5SH=%aN6mOq(=pR09`oBs9b(j0Ud;Pug{Xft4_8#|t@8!9F{ohdLOV@AL2_VIP zx@4a2ur|4&tW?cKwm9EZr43`nA(5ZY|5CG^!WY$;5$UIMwHzL4NmI*+x-Rv+ z$yc%Yi*%!;Ik9S5&b(M|jV#R#kE*M4LK6%cFg%_4enlZ~oo>EUlhLqKQPk_lu{Nt) zVI&2h!Wb^7qDK*G+tcGGRqVph)t1i(uUJEmTVdEL!&M71yEdwvgMLw9Kv7+KRlJ@v zm`tWA-r$7_s8Bz>F%W%Mr^{pNx%wtcGdH171^CP>7FZxnifIiO2^1q+YFV0C?Rp{eH-$k9_DeplJ(kGbyY7Sv=Nki=r(YAd;$)$N` z>9)52`8LqhbFJ*6c?1+pgqo-D5-43Ifx1z)By^2~Er}&d%6LjT5o0o;DZv}uRcSdg z&6a%~h1VfY0p~Jo#esKugWZjmq@^ABgg)+nl1W%AFXaSYBuG2D$=eF~)rEBjUH1a_ zwMwd0rOs!o<32vkPn-TPx#Cvpf2;ogtk*B=|GT~ZqyB#%&%MWgzWfmD>-i()AkVJl zZeCVQ;pF5+R4PQQi(*Kx+oI%~8BLPFr$Ra=)5wE^UHmhcoKJ_t-~-rB)72%<6Dl-H zxu=V03Y_)MA5kjHV4kBcSJSo*D5b98UBXyF=PPa(J0kzq8rUaDC|(5*_SZJpzt}hL z6v+rToQB~XexH(1jH@s76zr@kR2zhj`1FY`yk)oK)U0hRe`+1b}`LG!HOeM^NIeL@ro|f zSYRo-n=Zu7NW}mz&94TY895}B;+mV`T6nuMf@Ll&K$GpR!fcCG{#GWGyHqst=3gW) zHoH#e6!E!1^SspBwYSLUfYWJMl})j}R~WRg5Sl}Rin(=ZL3ypUm5 zLJ)z+CIdWurmx#>Uz8C}&B|={Tef8iJbZKeRhl#|WSA5|oj5d)13uw7iI!bH>iSt4 z?gk4lpHpsUkrk+byPcItaZCNLP5+nYhVL@|r~hnsZ?6*nv;TPi^SwOxuK#D@Ka#W5 zvbkX0)Ern?Ds@23xjNrox9wOgBbHQ@NzZCuSnwO0a!s8q;nTB_&SJ&?658XG`ss-%8xXmv^ya| z)Gb~LzM*?B+eMmIhQmC=pVLv^C9Yh=;asfjR}{u%COR>r2?@&-m) z)vvLriD*s%-Tiu1p)7SS>3k`nb7|bba}${(ufw^dc=XSH6fE~4ST5S;c841xv7`YIN-ojCfI$^Tqr@VnGEv!dXrG#U_PC{N??C0 zLMsa;o#jKHH>?p#+d$pXp-{p2?_ow^+l6;Q7y|C|4TFTIGVc#fX`%wc)%^4&Fo~)h z6L2uTG?$hFXZc0-bfkFGhlE5vn`DHOVB~Ou1K%v zY*}Ek4G}XJ9dyj8++YL3>A@b*$V=vNs;7f!^S?1p;WkZTqyx|VfW*fXLJ6CyeGNT_ z#H3(}k2!u+#zyo&4yTcaNB$EPj7!R*Qb>lrSb3#%%m`Q!0aE&JoeY80$Oq9DVl|Bf z7TKPQp4ggopKw((pK97$n&B!pZAebye-0cmSG8=T+;c%W>TH!QHl+m z5CJc!4bxqn1*9y2a^i{AD3^s?Bdy6(6od=$$3qn;{W5t- zO!;bRWrCz*qACd9D)pNx0hke06|C*_t_x=a>e&$N!s470-{ux-e4rYONzdY#MJ^1Z;>2VGPH zR!f9YzTX2^bw4YtctCU34^satD=E`72)R3==?`@NUBV_}$;=cK!CN-CrFFID&eTq0 zvv2hsrHu_^3DLB9dnoEawS8FFx*VPtBqeCbhKyZKW3XpJH_~R%5+2PAt{U%->kE)Z zz80e)Q(so`K;~yx-o2Wi$IRG6Yrd7zpI~sX=Ti?V*M7?L$-je}FM=rcJ9Rl@YBJzm z8($%wnSq$YAOR> zOtezUn?NHn2&rGp45X*^kvW%}4w-N2Qx&I%kSM3dtmk`eE$HFUSut@~Y>kF(U{rUx zaXxSrR4~8Yjgos-d*xJz;%!Z4NSSf79udP3T~~(BW?X8eN-;TrtCa21;Gd^S)|0J} zUC{)##7cD>#$y8gPDlQHJ)O`b@Sxv;t!W%rOMOylGJmm~<_wnSUJz7Pf~E>|L_eI# zIE>>kd=;eVezf1ee`nAF^I3fodO1%M*k2a7nK#PLD3O;i=GQ0SHUCGHpM zRWLi%0Og^*2`gIBt=g>~{mglo-863-FYi{_Dg|Mit!*`^S>|mi3gt!}tE^GD#bK_( zDHbS5Hzh&p=CjaMW*NweOelV8KLvZGJURs8gw6ssm_|5XX0pqYZIk`MX77sJ z-NxLywd8quqX8x^n z$zyDfJ6zZ+{5$P5o8%}otF_dpE&4kK0u+jrGr#Fo)+{5Fp1il;+jiN1v1DCo z>C|J^*qcYGzRssj{^uv_ZoUGv$p4-F{nGiLo!-vl{Xh5fJb?Uw1o@m{C>{*0Sv4xwH7ND-uE5*aB^x$L94}6c zQf;tmQdYuCX4=A{Nko#lezBE*VDj8+P3*k=@uLk}Df@ppi&Vul1M+LykaQ3qpHfy`c4`#X8Ihst6;8K-xKC+TmYI%?zC+0cx`(G%;|$`BO2e z^Rf)B(8!Z#@H}ybeyOtgDq0tcR=w;iWxUN;B%6zx)$)Vk@JSs)#|CRMQQ-T^QS8rK zU1?kY<+kFTp8wtNRqub*qOaH$C1ei3Yq3s$ z($Q27-U?D)3csBOp${~g!Hgs_=tssI6L}1?bs$Sbk)xb`S*4GZ>Abvuid<$EEf4a|!o2Dg+oIWKutVwefZGr$RL3yJIeNe01f=>Fdug+Qp zTbxqZ=zp{O?4Z-GQFsdB3x#b)SBbIRmAA-GNQ`^Vs|vL$_>5tg6iFJbEuG|F2`F8| z{g!ZgDx?UST^)0M&&(8Mjj&0OO2D?6AltqSB3xG$iR|2B`2>7ScJ>d%kbN1}%j0v~ zr_KJmB8ixyw=w}+_y77kW&dw)=Q025y*&4B|Gkq81!Tacsk-nzVPS}(n~W9->5Lau z`3o{ya9_?DW9cH9Tno+IGs9ekxhGT~JhZ{M!n339I4WPD^GOB^eiuYO*iQ2Pz5n&* zCn;SIZF&9CyW_LhC$Im02xock!KW$pQtHE&u)&P0La(n6#T!xP`nt0XO2>?{yRYSi z4l<@PoI^rIH)*6!d5{?k{3^9k{Ui`4%$LTvFyn%RMe^V@9?xvPfm+dqCR|@ajps}- z!K9;FaYQSQQPOm)J}xm2{IDkx7!u4Y(g{x0q)Y-PLp7((6AMK?Q~nzsQC74hn%(`FE!*JX(y ztE0i%-{A;K(!`-`MCY!Kyd;NaBrylzQnjsog~_BV-gWLz<@JX4A0* zM=Z3WLW9|O##q{5Iwr;^yU=P49I^cBFe3xTRK0Gk-)_Dxu75`3Fz}E?nz~ahQHA=M zn#AQ%YBY-r1)EJ{#UqXw;x${x1q_P4K_pE^xkk^$l6`o4O7 zUk;^nst@*5T}kp=E2QITI)0h+iUB9%iv~9ozJA%vW~=y1Oe|V#(L3;dNgsrX!e{9g zQ=;zQz%3>#n3L=_t!8lAopG4xuh``hE_d&fE3Igsl~0b-bP1PSE|%JyajN7JOfSnj zoTg58t;`xda0-z}-`ldv#`=73sC*69Vm2;;_f32P3hbBddsCfQVcc)(duxDlTi=@k z`ljO@Cn%nzD^^o1YU-Y3JJT1>k z{y)sEz4}4Ww)n4uy>k3l|KQo<`OkZK9?<_cKmYGn>v#MW^1na4+YdW=r;%US!X3H! z%EVmF$%nPq;^H$Q-7w;-fXt2Ky-X;N(O!?yUR4VpXY{{;Q|qB)y$X`^v+^oEaHN-H zz{fbRhw(MFu6gV8G_7mlZ^!v278U~ivVBb0g{4RPrv9Z`7`OE)#xv7G?#Y~X43Gk;<#@5tm6NP8Ba$EUD*lL693hIR`LJr zJbOIIFW{E+3@=F|i`5%iRg$`;a=t?kupU8{1eF@S0s! zMi*D)n43AR767`X=gJ(c&)a>aogEdGaK#~LP%H1y8M0pUVCf#+iS)>e{*-Nqwo4Gy zm8(;80pEf-$Ks00n6C<9A*y;&$*7UFE2~g_i+3PNOl9?EqNJ$qe!*N^+n@DGHDV)X&EEi|91Feev_{JifApyK(kbh`F3w zR#sciBik5oR{(NJ=iH64YzYuvIYE-(59+Inj#_~kRot1r90@PKYW8948E{LMjTB}-t{$ATP?HX)yw>Rq5%fx||oyGN0VAUW&Kj5bGaV1h^F2r^snMIc- zPXWuHI6a=GNt%^uXO?*f0_w9@;EE;}Rs zti){#V&}|~&A#oT2ySe6@rs#E!2z4*VYO;S4Xaec7yIE8c_GZ-f-6~n=@9hcgtjaXe;dDo>lCBb4^;s3(#W!?>*Zs+yA@0y~p!^_wqbk{FgF^ zMHw{o2efMIOWhsIqG7Kmgv(Z0<;!k)##eTet)B%mC>6=+^^}_2&{}`Jt@X3k zmQnedG(CCGbuDe`x=_9Ix-<+B8;iZ}WxbQ*Vyx~lPnp(45bJ29Kn0PZq2N8qh0~6? zvDe^F$<>NRe@cD397Z&v2}!BnUH+J*y7s@VeOXNPO(Elxl+-uT9QUwj@``Xb z^Ntk^rgrX;cWRfIDCc1}8|X&6$d%o$xlepK^)}-&b?@Ec+1}o##=h9)D+*et)vgl!q7Rb@lY~aOQ_;4| zjvEsBndDFsqvSu)Ej3XMD_yXc(d;cr%pl1IG;$jTE^>3(lSL$JAHI*?M>-nuEB-#J zv2%H{NLiRw!{>yQWtEcgHlG1fz&0bR9Zoi~ir+-zn+;{r$cD-ADcZKAsIYC8>}x zTyUivbFpAVFqj6RFXV4byh}2o+_g5~VjOVb(>P{H%7Kq*7-F;vOi1dDgJ`r32@Oda z%+!LHzbBDzZ9qgvGQN3BIu%qLDf~Yj7v4nS99V=k1xgUp1i~PquI0Ws|K(gPPu2!J zM<#{0&(FaR5^lMpAnoG65`D`Z{E>9=U;Sb{>WY8#PdJG@I_0&x#vGw%-vo_!@Ndh+IaPs0Mx7;{kzfmu>+`y-#E6XM9H_M%IkNLFw1^E+d z=l|Ku;}<`^bSM6L+Gsidwf}5qzcl~%4tkIIzwhPQfN$lE{(3gN3I>VLH=YZQu&iVF z`Fk2pim(5*HBQr*A9lN9p>X-Q>obpcQx*pv?}oDIFN&u&M41kHu15)*#zLe>K7){r z0uKf>y`nVA5Rvs<%i7q0i&uYnab{V+{`#xXi7lVTH1cWW1yt$XVpTj;@Nk7zPS8Wx zaX+{pbi54XLCTW(AuumE>~<463V52#oxbZc?~*2Nz`6t3zHDAJiS2qU;w+?==mli$ z&tV!1MKddg=#e;htDB$ot;-sph!)NR22o`xZVcPt5gTO#p_u}eYQl);o!VABLhoCOMTp@zo^^QXAW@Skvz%;9J0 z?tu#u{V|2(yfi!~DGAvqA817!*JG0|jZ&J#Nx*4m8x@)S1yDag0Bo3zXAN9AxF=DX zA!J#&v`ED#PS`B)DF>oCMSCP+Ov9Ka9InQJHwKSHLgm8k20U0XqalkSqF0KGU@8=O z$-@<{?dYWqCL|&wnz)u#WWquNxK922!*oDN9P=F7rF!G~bk>!O?$bDA^NCPKg>o#x z<4-mOoKMds{2&4^obr?=is4Taisn8KQpzpM0nuI((UfxNyF0sITaE;<>we?*zLs@_ z9ZCfZ{COTzFCZZVQ9Mn7dt*8w_+2vnS|hPoHedT`OTHh~g*1*DO6vD5p{SMB*d&`+1HKNfI)* z0D_cCFT`R@wGkc8for5A2}E#ZhQ4YCw(^rcgl7|wcU;Tz>0oM*dmy(2E2NQq!R?n| z2y-@tD>e;%2!l&1zHmx`en=AnK{RB^M2ZNxE^u>@iht@{M zmL|t-6a;^fUp55&8%BQvjNu1!B&-dPT~`>P+!gccR7icE(#WIv%u*Y{t#s16r?R|I zdNnN9B!Zx$W$~0HWJI5bg!4Au{QH=3>2S#rOyMmHrxOb25)dGyZ8#Zf-m@Kh8_Z^2 z<5FeYO6K|j7kF~;=eS%-X)PALAQ}}gwjJBDi04txe`G#wL-!a3 z@!usuO5flB@ZgWu#?FI3=n5@-^Y_5AghA5=_f&cL2Khkx1xR`&UC7Rwb>yIL6oy06 zbps5-mI$x`NC8B81I;j_*^Fmj7UGCH>( zNQ9GeBx*~|E|CEVG2=WK1YwZQWwWUJjcJhZGBt#1p+|Qkm*ibVD}3)bPQCi7sB&}N z6(A%78mbkF#PRY~A?ADeEbO6!3yo}{RD%9JsNr0kQ5M!_a=%>Uefu(7B3CY^s)`A^HzCa=qluz25z95%>Bx*d$&y=WSbH;H|fdacoY8LLv=W;)#`$@oWoU9Sp}k z2qCkAFht!BMHvaHFsCb~G>YOd1fl)HWUlsn&{19*s3Y6nF46MHwvpqXl!`9ti7z*> zsVDj`0z}C>-@L3p6zH?He3-7Xo3jyXc$BRA5%X!@kc>A zo(|CYA(&UWOE-8*(kXY?&`HPCQC?y6i3A)b~-f`jQ?`c98`#ZItQ}6(Z1Jx-9#d-(LUXMhAseG6)q)~3{k^!5_d1c`BtK2wu zEeC!QRFGQs#ipQP{ zX7y>JyqLH(HPy3SPLv?yB*9%L%GIDWXIYk(OTsW=6Ck2%k{4M-^_rx8eQM@xBRoD9 zCPVZjg`p5#B$`9O`IPeIo0K}bnn#LJxkn?C1WX7BA+yy;DW{8B+h>%E=C#Pu^N~bz zF_1YLc`wjTC`~rAYjV;EwD}^ui^NcCNkWG-(Sqt{HXH`%bi`sl^QOYG!7*Drd1gDm z%yxg71S2`X-Hq%|XUeJL5l(qWO%wGg8p*-aeMlM1b``h$#OZJvLKsAs=so?bZd@gOo+?$rnbT$WTUPuLmkl*Y}1+T zI4M(q?sor%%bE(lw2TPNKYJ{m|3xfgyTxctOBMEE8u==q{WvDxm})TFpwAxdxINes z1#I=n?)=3PyfYzlWJ4i+kq2;k(+?hvar%2~5{H2_q4mDc zVQyr3R8em|NM&qo0PMa0ciT3yIJ!UUufSEhFLrMz$zS4h^|{^8b!@ls+1S>xmGtiG z?uj81lCY)-769$2Y2M%d4!)592~w1;IPG5Z>^2q&%nSyD!C){L+z}e36fxF6nnTKa zOSp*twBctk7z_^f_vOEX!Jz!_?#ov@f7;o9d9bs;x3|A{@TbAf-tOM3KY_uf3GqD{ z))>Un)M_ z=?!`ZL4+n4Cc(~5KzAMJgavGl;&>HUQ*OAkV*~rkfdkEMT_d=>;P9Zg-`lf6?sou) zaflKocyXwjv)dbVV2a-xp5N|vV4CJXC6G>pQj|m}2{B^BP5?rZM3~D03$zFYps0ru zIEhiz0h;9eO9udoQo=BoT{6Wn8ut6Wekjxm>)YjS3%nnDA4`}Z#W0#w@u>H!u;it3 z96K*H5(OtDiv>wmfXNGSIFrL70Gjhb{wYVWE8$0og%qc%5xMvS%mAMw(Xny#oPh;l z9Hb=8Vo1RxCbJn%W&kFUU;#%72Md_M8Csx(cK}FZ$ftxZdSFEE5S?Z*SRxJ>UZgR4 z0nja?OOhZkrDOpZ&mxp?1~>t;m`q>{LPAqQ)#wHpLt>C{@qLovI06#{GmfWO`~pm~ zBoxJ94DQf`VUAd@Gbe&$bIwyX>>JtZg=Epep=hT0!g_Z-LT7!(moe(AVc3TglJS1d zi6AC3!j~xuB=u6G^wMP3xj{=I%~IlEn#MSk^mYQtA0ZqI)(Ir8P5{!m`0pK>i2vrJ zWdU)*Ax;pLU{p`PKf8kzy#S|4*y{k0(YT;^hWR|3h^FL2N_BmwJP;YlXsE`+%F2CC z5$X$KsspuC2;^USyS;TRlPxJp{JY}Wdtkp?~ zhy6Z9Gt4+$20OjV)TD=zqvUr6y`2KISCQWb@XpKLZg00)v)>2qZf|G5x6_I63^6_g zYz}u{9t?LU;qG71ZiM!xQ*>~!_ub3gDEbbemw(xN`4>3Z8%%d!g;BIW80<`U_a|uj zYG-#aK$C;LSMVj8pw0{>h(az5sqXGzcRv{H27_1Qox$+s%i-=pZ?OCFFN2qRdprMc z_YsvtG5&91oFVol766Uoe`kMhe^9ai_h0QjjsM4Zo`EBhE-9YPxjSP%16QNt{|VkI zQ!+RewuP9r=@1-_4v*fPNTagz>>2oPhNSHPepFUR3MpJ5jwlmf^~+;9?vzDaDlw7< z{tJ*0jsTxS4)`21aEIdVg*X=GrYTWF>`=YA)Y{~Q`Z>zt_zHy-aV9M}#tDTpbQD7-nx|MK zfoSkO2a1()fPyjrDTN-0HoXSgmHlo?C>ROl$fSk(p2XP# zZLw|9I0a*9R$r!3L(uJZ0C@Hcob+Zr^;enlp?WQh>&4Pk{2N-T&*yM~WB~)(t_gnr zX9qZpmIxhTJd)FaD{6LMh()Mg0D%i5Wq->ih$e_5W~KvC%PK1I6hH)f^U7D83Q6Qd zE|f8h<7FYgYIf?${^(7!I2L~ajuyhkM_@}zyRl=XwCaVg#36ZYBP-Ei0D5QX!;RMAD=zll?Fp@(J#<3WRF3=yX1XK_s z7Q<>e=V`mfreO@V1BJy1rA;^?oiT7I{&OE}qP9VWlPOLxU%L9HSo5D&=QvsPwK6zu z?|>*NK2bC+7N=rysm)Ze#-!E7WS_$s>s!(&0rhg_|8s<;`gDdFq0XFp&lWuUTA#*sZlos!{@M4j1DWIZt08#-( z^s<=OqwNZb%092a(yw(--od3Y;34ewdOdAz7-IvoqN82_JOvE#7ar4t!&!xZG>hXA ziE+5B5FtK+RDSbTGn2Qso|?K@wZUkT&A?TPLOfjxTGb0>w*xjOne^$1CJ2#J&O^B# zGLv$?_$jTDs@@9e`qGZUvUkxejLZ~oD1yaAt=OVIA1m>Z!kdmUJa_NI6A?t@E2~jGYcxG4|m(;VAqCl`1 zMS*%{hIi4GLtx`nC@)gw8jF{JnYLmR9UAYvPgu zDJB(DTD~zeLXEyW(oK;wcWG@24}HW;a9njZ5Hg@_9QE3)Ff=p8 zn}XnwBDr3KvFwoZi}A@2oQZ*;i-Q}q1lKtUfoa@zQT(SlN&x21nbOH(s9aZQzAofN zs1ZC%2t|>yuWa&5ZOh@DEFg}{oJQiM!y;Ksb=iNTk8qL3(unav`~g!Y2TU32RD1vx zfym1bLH?%??px>w8$%ydQ+f!@Up|UzBuRoo9uxyhP5H$H5pWW~Bru~RFqFEiDp+B3w{Pr-6^v5eM|$__FpBgd z$n0lvqAhBvu)tj!sF|ym&QrPX)-hAkvu919hv2u4oS^<2C-?(Hd<#5J3F99Y@Z$%D ze?`w_*{y&w13$!3~`60#&EKH2&yDtyUo&#C1(}>frG~5YmELTUWwL;pL zB%>hA7$*x)bHNsjZebFl2uu;=8I@~$EmY&G-^{H&-1w=} zKibc5X0~mlAc{YwYt$&CUou27Vn7LLMQIsS^i~=s)y`GaH)w>BYym4ABB_4CiBY4n zc`)SCH0^;Sn8+oIG^;U+0A%1A#__cv@;V_2y6zQ?KAoDC0gU4pN?>yoQqxkDYg>&F z6+R1tHhLkcz&SL5=LJYe4y;ncHJDVXp{!@|LB)==*A7D8M?KNk4FcTpK&=^Iht-nm z#~Do59$>AAs~=q+s#g!KrUsPVkdn#~Vf-|~{7S}NFmR-37ZXE(6U=*&GLlqm#s(J$ zMcWI7IVE%fx$<0G_t^aUh4|+eEz3erS=OzlNESvP!#HF37R5_|KB6!a&?2St1v7WV z0+J9ex{hmkk|f%5rgCf{;)Iauk6X??I5!_A&X!HE&A zes9iU7z%>_>SI*?+2v|*SM|5}n3`9&y6O_$QOwavGQ$Z17fI>;YoX=)=4G$flMZdK zU}*pN)!BFihTawmt#Vz}wNX_fxLvRdfWL9fzbh|hO!Lv*6| zf%Gdg(}#1I%!FB(R9h@euIoyxuZ0X;ON`eq0OrbG(v*YiK1sQ6;>Z`J28}c?u2-Ou zi;ebJal7q?v;a?gTyUDJ};kBu31lp7`(Plqf zT$p)QZomvdcLHfQ-`O>_>M1@ttNK(6$+Fz4d2>WFSQ$g5W9^T1zT2yc@3t9gHdJ0N>rc)~96))gOweDq-yiBCP{ z(vcD(l$jVIQ0}TqS(j7@?iUaiBtm|q3F3Ez-i(*2pKkpfa8V#{Vo%LGDAN0cLvYQq z$&|zqqGExGZIZQ6Sk?2QSG)GjO~ zaV&;(0lNRpz%E*Pg}6SQaD9o?9_h8?Uk9W2%F7eVLrZc`RkTidLS^TtF#;)(redzd z-R3Ga&SlqMl30wscd~$dPwh8ao)RVcSNx~{%%U(L z(?EB8r;+e-BS}hPGFx7y6v60-BtkB6!WkIrFF<_)_O~gavSE-hJX011Q>9=?31ixk zren+Cf+RCAg*X;np_C2lffJ#SWgq}#0NNpV;PU=l2~3LuMUj{x4c+}`)px;^(1LSy z+$fnbDaC|hzLcStQgn@lAv!;|GE6ZL$~aQB!pj(nz+~x)2zya3oFEjLDkflJf~JI` zIZUFpnB+|8l1BztkWz#eGP*+!hf2H3OWBMQsdBCmy~QCq3`6m2Om0vD&ZPF$Ux5Au zxcr6_(MoB?Hh}Of;t1o1F@_8=@Usj!`DbZtNmB%>BBEj&hA@Si1$rXH$xIk5(!+%j z3pkNMC5VTC0M7z3@yb5~jY)FLB2I^oT$(va3=qB6HYX`XUkYRn#Q=flVfrBcye=ChCkgTg-bD&E`hrK{8sue@qIyL z3=v;faih9ASwrm#1c9}5v03Yqrdr?3-#Yd-bGKN2KWFpjFTnF46#orLDz|;*DS#x( zH@M`9(HZ9IWya=$E49vkjuPGjS1Q6#+T6uD+ZhT1nmu-&|5HXHx;!Y&B_z^OO*}jL!t}pBtTbD2CQ32`-#nKCA^^+c6r=JuADnYrwl0$pD%2y=`^emn*%d!C=hl5Q!)v?(A1?$(Zve74OPBF5zsI1 z4>e4)5=il81-woUXejf&h?Yso0eKIo6_g@x2wv{&o?-bWOtT@_8w_Oha&DF>>)hEN zvMg}c6Mbh9^JY9AS=%_JO?XdTR;qket=(~}3Hn9NA^2|a-9Z0fL-5`H{$6=KcI4Dt zYegp8-MkcY_k)f~R60wh#ZoV>^Oz5JA@i5PUk3T&t^`RBuwu7*L?Q;RP?$--hzv^o z*lL(J9}!_1qO$Bi^8Pc1c);fizHqON`5HD$SlsqcKK?$P*Sqb!uca&bpdy zu!b;&6C7iX5$i>iq~NWd|}wVYYKg`#o? z$`FVVB1{@1uUh#4N6hltg?tp-zW&}UzSnWSC}DF^*;ImwL-2F=@a@~KRGAK^R2jVp zz04Ah7f7Gi>$+-Frwd4ZZY6vC#`qQ`h_M&4HCX(qGmSvXvs9nmf4EXD-W!ZTjxf;3 z0)?#q%mR|5*CJ(VkHm*^_5tT3a5mFR7PCAw?!ppH`w{V4Tw-yDVSJ2YxGZ)mrA zh9g8#1iHGjrdiy50VbKwlY|+|A{ry+p{bg@kpuW?m zX)p(vCC_=!z|>AC`L_W72Ej<~YUp=n74$#B4}{)98lfnVvCgJI9xNw`({I(rp9N0Y zo1U>e1UtK8C78N9`a9yCJHCeCr7&4bLuCjKq=oCsyc->pYdo*^a=)%tUnOW&{Z%Tk zo&s|#*F#;Y!rB6Ap~TvPYN^KBf@`VBD&RWqn>AEfOlCNFQejUjY)uum_oX$Mw$!}( z%l@`ndpVG*y36^zp60Tv)f2cMXePC}i(?s!0z69CE*m#+1uv6XDPw&+}7UVK-!w$<1i z4cr!&4XA`E##0n7!x+6G2_i%4+If6_q=Aw3``mLm>CC@?EU`{XH)l`FRZK3~_nXRsAWU$-b3{431La zVz8U25Vg6*iHyQ5fqI1O_OrCHtV`wn{}m#3quh@jA4@G@eD`m&wBZ@#6V=-Uk+tV}h!b}eg zF65~JA^VhMNfb~rk>^34Jp=D`@Whdws(LLfnFCZqF(-0F9I)AUjUh8CXYrYesj zIJ9Cw&EA$#2c;ScsuxTiSQ6?M=P#l)dJEydtPDl`W$C34go>E37Z)(b(w#8yom09>kC5q~8&{V&yl-Bryn z33As+E2xg62G&I!p3@{@OtL6QDY+H)QZU67-N88SKck3oibEb~FjGREh6iSIyp)Kr zu7y^R)6Sr${x|6F?)w<%)XNhSmRM&a80ry8_);aEqe#1Nb=%;vsK zTBXu1g7niWr%Ia6pw#~s z$BIs^7pj|0h@Ux0#0kKrO|rWUm0MPp@15SxcmJsfQ3rA{v-0-18Np>)xxHqeuoPk? z7NuZ8q!hwL80ap23rKI&X)fE2FOoj#d2Mx?*GWuf{oTRtpg-8}4|e-_A#|;5qCA`< z)PiPJ08<>`Bq#s`q5-*0QRZkZ>&?L%lUh_AEHdVUE3`csua?)qEI+(v@`Yy%gfNd^ z07M=RHiz&<(-B2Uh;*vlPI2zXx_U{cT(6V(oKX40PpEBy{+(owlR;&w!YVCs|J&z6 z3`_Dz~g_ZNW8atp~>WX=;55UnrJsV#F0% z;{`}#7$P8zTqS3S@<0VnQX7$$yC1{~Pu>cUN5iFrF>LE5tCoO|RDu$p&Fgo07~xE2 zIQb~Vd7@78ORbtQM1xs|Bh;7QgHq(MMe#!S;5$~%)m`+UbrQPFRhttpY8qgd$rXRb z;0)y&{#mXn0t7N^!!cp!;VQ@R)UTk7GqWeg3TC{N;EKVPctx@ANe5?wLfbOi&ts_l8> znwU`VPB+b!MkV~hE^v)A<;kw?rTj)O(O;r#i^Z@(*F==GbKelg88|fQRaif&T|FT&CTZSABrA0JzM&%AlVvs4fD3O72#O-3PgF8<}hXi`MiNKkWMhC zkS-;BZ5+Cr2%{Q=ST&m$`o_HR!aQ(MPM57t!dT-hBrvvKBAkc*9gkU zVl2)jwo*j7>N19`>BL?8NYsto8ON+fiLWC(6^Y+~+asSfdCa_w9mfS*=Z+`|VX6@$ zmfu5Ak+i@dGVB}2^~}>#f^o)I<}S$c>o+Xh@%ar}K9^(XxmEhPPTra7B~JoICucef zs8d_?!E>|I6ypSeOs5Wm;Ca!q=hC8?W>gNxOy6d6I#s(vW<4dzSd#2HMJ894W9I0c zDv%{&B*%i0AdmkEiG0^6C(bE>GVdj!(ef zPW~>x*hPE2UZv*A`SFT+7CRbnADvu|Pk%T)Ivk(0#_O%q0Xb_LRo7(}BWE!r^W}X7 z1!Yz#Dqo*ZRY_7EWz{gx$*l^TUCz2tJ=JN$niooML0PT>b{m$9$o>5COH)(cbYN>n z)gE)(SiXN}B}epZ-PL|wqZ`ysef>1QMKI9$H`E#T0)y*9vp$sFXx1mKfGSrMf}5aV#^OmyyW>a{8q43$;y`=O#4{ z7K5_bxu{&dSjSG~hdm>amB6OTRqd@^h+_GQwy0??UdwZ#T_j zS-sg~U=;-`?f_>{=~PW}q}1j+6*#QxTr2>EcCp|z3IsF9tn>5M<`le(vcjqAMKXde zdqAmpB0+2jljmIdYh~6rJ$R&xx{ziy-Q&sudqZNbS0#BmOGu$>VVVxXVi~|Rwbp&b z8SYy7w7gU`I;-MD@OXHH0zNHewkcvN7|rLnoq zZEtR@BdoZ>u^pZk*E$;d88taV=baDcQIre>a5Em zYbmsEjcg0k+%nh<)Lzq?3zgNZ>c1S)e?6oT40XT_&W2!T$G#l$F9+&)oP9rJogf0u4q%vX)|_bdVvs_DIJ(N+4-S#$1<_0~)4XWwX+ z)AcfPxC*~D=)Bo(7L5W;1AKWx)XJn$%B5jt)5xdv6920Q!jPzxRB=V3jJ7Q+oKpo!q9ZMx_Ug$#Cs&eWP*nw`S5NJ&&=A;GK+A|jGY zW@AGv!~XW248zIS1}&1xHno4PxUg!c)-6$-0Wu;HIL3@-a@c{_Su|701R5?IsvR^m zOYG1(dk{qvJ0(;aO-cg*)={DdMyc`wCx<4@H#oxyUStc9$RzIl6wweRTv%B|_o7^+ zXiq;ya)-&}*pAAOofP8W41R0_djXfq*ohFxit5sh7EOlMXf@q#w_pf%I@RRmDyd@8 zRficTEQIoAf(>=hoKXC$&~35Gcc?KSyRTq@w!9R4lUE0$i(|WFDQeCSZGn?ZlVjiQ zLw_RvIxz5K0mkXBwZL#0uzxgqXM+31pP4Y)f7N$pB z1e8IySpS#ktw-nc0l4_Y;@)3-?Pb3USTE-Nupeio?-FFK@BKv8E$*ve%)+(-&Suv0 zrH;0i^}Rvwz+Tz!J}vCO{KCE@5TzuF3!_avdaaa7vAhbh&Qlpx3jVUQ^GX|~4f%)~ zk+siEw1LifSZ*R8f7i=W)Xa$%2p*D}Xf^aTlN7B6xOTdt)gbScxM(%ld!;baL!^?% zsJcyDmx$)28pxgl(*7gTzC+S`${*o5ChcqXx|wP2A+npyM$-cRx_N0@fLuRAO$(s+ z%T?0?@cpvZhyN>YgZA5t2NlJ1L!QE6Ul9jO6OG>g5+`8#WRsy_FqLP(B z?~}45j}&p!mUz}$bsBcChLG;m2&q=nZKZTmIVp?a9`zYheGK=@@VpkDd**sxuPvL+`n(qIFOdIvE&TV&1ihx{Zy+aht4-RfA=_r# zR%eH<$q((%5WPA_bek;EzC6*@Ows;a(Y4v4YiCSP5~Vx@F^?tpnsrV#BactXyvi{s zhf?9WDtt+fH|gbI1x9-tQLD^p)2 zNgW+uCD-Pq$0%P(RPKM3x4){tN*lx#3b(YmnBT&9iIg)w2eECFm7~a=&MT>smv`L4 z7@V3vAlJe4xoqb-|CEG8eh0F3wml>i5!NqcCm@=M=5)Kv>~c)PEKjb{hbitYqGu?H zWHhSXE<0N73Sb804$5OU%OSFT+w^5ymNL+9%x&L!whuki#-DVdcz8gjRO@<*9ZVB$lr;OUQ~`CQ<22VdAKf zBb^SZ;K40Y@+Qqa8DN$rI)bGsQo!5TGR3||t83#7JzGVGZMOiN&yD#>n%u0?0ww1C zVv;T?ESV^PRqN^2uGR)b`bQ|p?+(UnK>+E6R~(-wBMV%clwmGl;pW>O4|DEWv>+oFD$ z4MJuETW&_q9FWghJ6X$H z-hw{0rhKhXRE0x-c!)$8^4B6uHBNBt2TB&T2?ER9(oCo@NM~0{A>}yCVn_j@c!raE zlG8Bc&ua#`PGZi~#HrY1GB9eYdn)msDqh1!;(O8VRuladn3(-ugqdSKHb?VMMrGvYruen-8ALaVOZnmE!OY_QO0g9K3ck(bwB(rTq zL&r_!2&C~;d8P=LFaBx5)#nOy{=s;-JadHyb`1mDV5plktlo6wlhyaSE32Yor#Y7% zxwmz8jK=8?S%Wn~$?}LKiCR6eF*z|=gS93{WknvL1gq3EGa^rW=(flNnh)-rFUMnU(KtFNR(3aN6|+Q*t3p6K{9p|Fo%t7Jth4q()K zn2M~M=7XLH`nSr_y@ZQcM%Sy?rRaL~GPg~RQ5usafH`pt(OaE{6LQS7IbGi;=sdT84Ppq28j1*m=rH4RVK#*NyoTF=3auHR z_b4HJ1R1*{G|J(Kmmt+|>+9w$&LvEZDD%F)X2t}!7nPdgJ;?KrdaI^oV(qFf%_}84 z-~0CXPc_nKI&Y?oC=h%J432;#!4y-*1Da{uSU&9#)(@vVd)PB|ge;i_Ffc6rI!I-T z-3n%PP;jo#30QKJd+H5<{D{DZJo%LTZp2^+CQ0d2>cX;wd_?gA(xrblEL9(K&04Nx zC!cbLM^#|%n}7-cpX_SFdM#5>kt8Qw@3*}_+G5*l0ADllR9mq3O2E{b=EkH(h4aGA z?*+Wu``)Bdh5c+Lf&$)TP!fX7p!D63Sj>~THI`4cN9C#XFpjm0oguB?rDs{1^>Ss0 zr{KCY7k)1%rE4*DmS-V%4z0{lGAnD9EIpOxnMidy^dXQ5=86QRbzr4oSPQm%C(#h> z?F|l^Axhm`g=mJq0hh^`i;^m6BGgO;e$ei0(DCV%I>`CVR)w5@vMFy?bPb41f+}@* zr#54jo#i?wAf!k-31G~6;6#X<{#X?iL+0iC9- z5%%GLFKoa9upkp?GIOAXmEZ{ga6lHeVF{$A35r>yY^~HYLW{4lZ}eb2@r_PPsEgqV zwifo-gKBP&qI6w!QZbfp(9#K8@e@#}v8(mNw@d@=0Irg-*M(~h!OqU^&WT`^Pu9&pZ<40`MhUTue|pa_Ws34vMC&c z!C-K(zc2qC3x@7u_FdQ6O~ISARb1z7WOvGDV`Saw@8KDJ3bQ93$2p zf=^QSbaUByr)PxxlLdrvij$cHqTXX3%MW>_{L_@sMb}y~e11{FWAyD>c=Ad!O_jOA5njO-2n1?zWJ(*5D?&xZrNOwZf&qbTM+LcnrgVFk8lFjmE*ZX~Xffc*O$M-fVDXaS%rEtsxe%=jRP)UODUq0%ruo#sjcGn3{%>J?YL znT;|rm~~8U^H95&z7u+Bof)Q1N#&f#8Sq9xcFN@9TQ7XJmJrM6FGE_zvbqm>Y1P)+ zAc+;D>^>w$RZ-p`iRTaIAfdIghZBxwZD&Xi`vmBpg zO~CsYBrEx(3>Cc*X>Q5tHd!6or?#={hkJgJ$Z6T6#J=%1ux2uCnnd%-(_EqBnLIyx z+r{Iuaq++&^xWe2*v<2f7VU?7@Mtj}!Zk;W#~}iR8_9|L95s`XAl5*5&R0=yt&h&gS_H)-p^k&E2qk zH2aFYI2yg%5F@I#e~A%`?!ArrN{;o1cw@fERIDdfnN&YdJi;1P%{#SFFJBL%E`-i6 zgVss*)1vL>0G-UiuQ+2)6w2h;(nFW04V_}S%0P_cL}}j@yw-<~9-G5uPU-{mjT~&u zzgydZb?xtn|9}49zLD|=eTw}b6N13{=NIFXs~-QzH-uxw{?E?N&cW0E&sTbm-W*Il zb0{F8qyU5yP*jwGZZfi0XQ)+o#i<(F6{WArR`*PZzjK)67STJ3IY)_%AsBXKHXB(= za3BCU3F9n6psVkw;AyOPSG9!!wjvyIvl^*un!()F39-81n{DtLNN^Gf?(M5P)ghg+ zjiMC*8*z4iMCuBfSf>|~=PD;lfIgxy<1)c~2Y{Pwf%#ZtYLcA8Vzr%;NL^?Q)mf9}<>yT@+Bo|ThFLq8_+LXFR# z^1nlWhUf5&ZnDbrz){N7WlO_~E-D|r7VO>W0W&@d zbnh4j=uk9Yk?Ci} z8$1ISiM-)LyphiIA-FcuuE7R4nUZT^49k1}nY>I!f0Mz#D4Y|}b!bs&QQJ+`*sCfE_f%cc!{H4A5KPe>Sl}e%R`yOCAUGZAbbR@BJiUCG^%LYKt&?Pz zGB&_-yD!*n+X?KhtpGf?MfB?A^8M+NM+jOYZiy8HfmwjabZp}PRNhs)B}|Wxz{pH& zu`f^ZGS~*6KMNAnKS~jG#s60eQ_(~{niHh;NB6sdfH7P(&*T_eOW`JQHj8iWh3$ey zm1O!>APJ^~-a#6*>tJ>p_S<&ys#dLRHu!&5_2%Eo()^4B!M#pruLs_e8CDCIl67YXKorB4kh zqht~jW!6i6yvt*}t+rL-{nP?QRw&MzmGp>;#onwcac7+fa#+xohiyxPVgeaD*atzh zU9s)T37oX)EKOz2aD79MCw*qY)v66?SsL{KT+2h-)ejz|Da8q&g6^MLVBD2Lzpmiv zc4_D~Clht$eN|aCp!FbYWJh(lt%Ij;+Ph*5)ss*=rfP<&vm(#MuXhV$96^p0-AZCR zzSa93q@wFtkCHgX$!rW~h5e!Kg1S#l=f0_XL8!ToTEP0+-mIr*-N)zu{V+#yiYV*x zG~NV`X8-T*?%u(xlK=PR!QQJU|LbT~5ER8a zdFY0@IYP`dOYlnuW0gM%rm6HY^*TSvB#()7ra=x4_N04P%%maA7y^te5cpf}Db&6x zjN(WgS(29?sQgUQ%eFO9L4?|mCC`GTDBSL;W(Z9fp(#!rg>8=i787DnqczpU8KD#< z5lX_PRYf~qrFU8ejukQ9`fWZR7(K0HnjJ@MV9hbXAD5%~*|ClD)IhG~YJTpm1z#@_ z&uC&YV5Z3SAF3%&o+)lI<5|mhnay z>qdUtZtgY9aCmr|Ts!28w5=2&pzM~wjtE%Y>KbFGb^Adr1M1AE8diYzyf~IOe}Yp9 z&fG<*uhmpJ{8q}WbuZ`2rlxjTyTip#xkcp4v0nmKuw{E)5iz;)c`28&IVlUB3+X$c zfg|p9>F2J#nwFRLrF-{-&!5enh*8gNR$Mhe&8j+g_ISW|^&b^)r5A{1TJ5Z&HdJL5 zu}r$vd%BRRv%p&at5Px-R-@`yF}H8VYRm5EtYBoZG%e^ZmtH*r3I*+CC(v$&M#^OQ z;<{FE7n_6KIT|NEQ;)EsOWam%@ibl!l07rIooz#QbHle=(Ep~)0AT=#Kk?!!n@;gZ z&<(m3Cf75ZX42aTjTcA7Ia&8Bm>YYYOWI3`Bbxd|RzI?O#_1Iyj}_mO!$+`{5WW`A zw}HiD*}(SfaO6)r5?nD!mh*V+rO0rnOQDtNiqfWE0~bD3a!wl{p5`)I4)yMjl@BiCj4^phX#;0`yCzpp#&) zYo*HTnz|klG6y6rscBk|wGbVH#1UNYuxN|Xfok_d{m|%I-R?^bb+2w65!yJfnJ!hk z((84pA$@OeaL{eh!l(TT7WXOju#mHS07l2TEzcniR@9^&e3~Ic7w2 zk~165eM1aa;qZH78mtThFq*WpE!LB>+)LDE(v(H(XUs~jGOIz~P_2>FK~2|XfRb>1&9O$AxSJD=`w zar8>-KdZG520iC$vwpKs^K1bdg(@{nJ;*!E=Op9S%Wk!IM8SU%oPh2>lCD+MlJC5z zc?WV~{73Ts@a?;kEAamC?dkF1`1Im@_>V-0XkO_zd2@aXaeS{EXYvA)simU=bGyJ@ zs#pKLbl&LcXcn2$ntF@SRo0a+OnaRbPS?eVH$t+xK3f3(JGh9y6td)3zL}u zWNueRs&%D-6b*f<%UMM_14_umQWlJ4j=q$VTXQNTKU3^xpy%~D!x|Hcy#T2?35ODv zQ5jxo&b7JF~J-sc3I8 z1V8P8G2t-Qd@u$;S^iLwa3){xbmYy^me3}I=9RPrMRgME6IVMyt~_@zGJ;t}?wxu(SKJeE$33)$ZO?{NH0dVo+=*0#K@E--^h$iz{QwJ21uijQ9}T?sRT&5)JiY zzq3Fbib-nNQTNTslLlXI(_60M^FaDxO(gwq;FpYW?T^c^llS;V^-ZGc;wKsvfk4V4 zRriTmfex~kzHZ#|g#yoc?~+GDRXt1+!gY#Mbt=4g(fV*W@VaiR2wD)RgWyd7*FY%0 z2Rf@D|CteYCHEVc9PFbcECtnn?a}h@_xSX`N}8}h$tINlO8x(Gu(z{c*8h7icc1kC zV?3ME|F$akoYM+n3MV+m9II$vBVR=|eG*2^0mpd>|2)v<7}%3O-@HC&DGG=B)i)`L zbPI>yH;}VH)Q*I`)h_5Q;Dm-2z`Q)%wutNj9TCHvTRZKGI-B~?Dp%KyR@3TubKvc~ zEENmaD^4Ltv!$j||58M8@^`q1>nb$yK1XJ+Y+=R;3t^0tnY)XnBW;*7+3J@^GVrwu z-^>7-pVq(wU?an$1z*1_!h&>jEw^tWuX#x|Ecr4d*Fb+5>G$b10Kz#6Z&ggSl}x(&!*WmAbgY&ii$Lw8s-e%@ zQC9Qebcz$qmlnJAn};y;_Se0Dbfw(auOq2o{FrO4Zg zhVF-oN&gsR+7nWseHYa;sCf~fPNNQG>MLJhQQb+@9{BvZTLvR6%n^xkxOC*U28cYv zsft&%hFH>L^Z)HBxQn>(yr8mDhzX4d>M3{mg1$in<_kQ`}`IMhE z*(x&lZ8fwoKLK3sWtt_2GFK7U-UeM^Mt9v-i)V_H$U_te7Ghwed=3U6Siq0!?;Q|` z<+)7B1G+tyz?97i?>etz!uWqqNtQ_c_)+Ft4JZibj}P=PuV7DGix$tCm%^7(MJ z4pPdz$SD><4ogK?Hc`N;Fjl*7+}X>+GGo@q8Hv#2`F`DZz6PHQ=( zwVS{`wM`;kRQU=iy=#YgX@dZk1$$ju>$e8hrEY}|Xv647&0yY!#j^hWN%S*!ZK76i zwsz+7@_6-RRX;T~E#_KLj*{E5wpHrk_38Nh@a*)%@yY9VKb91zWS<=AGR})GL6=j( z(5{S%?K%PBN(rcJ@6DpO?bigvPQ-%dv#USC{{uf~^$qx)d@MTXbmuWqz#AilngnACaGU(lno2O(^+&I8+5~31tEN_pHb2y3sWB>xOunlB%{S?PK z**i4hMa}#_J{%u@7+-uCom^g>79odj2XqyU93{M4;iu0WH+aqtFHaATUpvu^mA>`N zjqd6E-YRi2Xhs*8;}7TW&R(Bf-UpjbXWm|T1@m4XUY$5`#p__y&YXK-e0O!fHY&UO zJ{X%c#1E7#hNTZcr=|ECT3(`Q^{X$)q4`8}uevl6&kb4*&BfSx&f68O66|a2w2FSn zGyS&a+~YEgwPaK^J@ATVoSYq=zHQGZd9i({`+Y4052GxAbv;a&3KuvG0d%YE0H-r9ep^x z_;7i0e0q6uG(NpJzt1=*OYAvLPst@xhcF*D7}$cR!X&S2+tt~4)J|4&NDrn*810Sp z$kS16=ozW(6%V9G`}*tYX|&ucknTl~wZ4@NGpq8|xgq=#)oI}q3Fyxc7#BhJ^?!MR&&)LIE!sMb@r9$bwRt(%02!jt6o zJuLhCADnopfZNjhSntKF%5_6Cj?StK4oy-+?+~bs@4ruLkIvlo-b;7c0PA#u8rEOF zLB3R3Z5kyff4~1#NN9;@M}}99q?!>VCI2CS{bQiiFGo(jjgOiV_=gRi68$lrqHr0; z=nWw^CDQY658D$dq1eFAgMILz&Av`~!$O60;#-u6brB^KRBpKS>0yoc;d;P^kVBcj zu^S+M%h`{KUE<9q%=Sk2kR+Qf5sYw6pHS!9COV~r?E$^w(&q1$P0;W53oX(A1v}@ZYr|6hSnBpy`c0Z`Ytn|F}ZpT1Ds^)EnBbe{uXum!j_6;Vzs))*OX{( zc_kH8#WlZOQZQDcuS!$fG~`y^^xQX&cduA0Oo6vd>z-6VMuhRx1oJC>S$nOl>vThn zZHnZ5EJ1N?dw>(ndr?y(Qej&qnBRBJ^4?My8@G%d;198jYfddT1W@ZD7U0HkveKnR zYlM|KHUCY+%YJu(SAP(``2#$fV&s)7`=D;sMzmBU2v|sAiaul%mpl0@9OEOdB%5$PK++A^ zud%Z9;=YIN45W1ahUtigSHirlcK*8k+qTp1weYT1ewcrzGWTsL2zwRW2M1%XHo_T> zP*~c9ddSep;oa-BiE?~Y4{&}t|3eGkgHAHyNPH1#Shp6b-Y{6%#MM#J!XO%g!NLB1 zi+=k;UWip5h;wr`dNWq>(Y_8&*KU{Pvr(E}y?oikiR#!dIY>*oa>c1{0P+G{`Am*t zh)X-@p?FozB4I<;LswP?zpZtTY>RcPOmTgT=@5KsF?skMO&gmn9GGj)7+*V=;vezx z<^L@1*3x;g*u(OGuFC(sw_ncx`RdidtEc>*kMVrkZ2o641>5KH%6IEo!@TJ}xCdv4 zUiW&qr_|7ool2B1Q#1q@Df}fvd7kLHo)hHmUz9OlHWn$Aj{=C%dWQiA2Xs3tI%_Q5x$TP;jAr${g5)R`L zi4HY(M4!^f|DJ3|6*j-A3j_qL$|VAzDHgw`_ZK+1^d(WZMcXQ)E5VPe zD-~sQCFS&2d}tU*TypFTEeOpM7Y9HY(wBN;L;FR{K1bndGJE`@a@nE7(Bc-+BeF;# zMWFj%JH6e#VBlFfIlXX`O;Evm$JL}LJ-kH}&d@uKWBjWWmRg?pnpWqrQe|x?nqq;4 z$BuE?5D|%UJ#^`3V}~7$-rcje!ZiE6c9qqruhdUI3cQ{4WH2^7Ui**pGz#)RBo4%|)o09NS#gWcU%CH?>M;N{>+|3Aj_h1UN@gzmZa zH`QydhdWiD|JN+;?L?P`GoE{}YLveK@{L`71J|{!M~3(IwujG2PNQmK1)A@$E8PTO zTBZLjZt&PbznJW!71P30Vp%GK>rbu9#@NtJF2i;67}p_p1kqXM&@4uNw}AmRCyXc7 zWg>yRxk)95 zu&JRke0D_#cinMhcffvw|HIw+aXRu1VZ{lwviRLo)~tRuu~6N97i_$fs|hxoPR?zC`9H|GhK@ERUHC zR;iVU5K(>x6F5Wk68(}P#)~<~ntQ4Q+Y{6FcI7ie@$?GM5)^qp%Epdk%|ITz3jX)n z4tIn*Hv!yZu5r4~)7+o#?o@ipZ82`Tv4NPRb%;pAif=_Z>XnjkJplm3*FMZigL zcXt<1ofEFRZ4}0~8zE}>AMWn%dVdziQFHseDaR`+pcFuE`8aso2FLp2G#9cBj?!`c z6@B$%^vO~C)gIsaU++f+>^9tp4`9Xme|Ps~+5da6zx(9>eU#@5t^YkI`D?;Cr75z~ z&8y+9aRT5EvAzcYrfF$13dtfR2}+#Pb5%z`eu7V@c>T%_f%}p3yL1ewUCN_4V;s@b zQO7wn?>{V`)}4)a6Yy4!#-}n{1K-tU%`%ixUM|phn zzs}p7%6un*UT+5X-xXLj|G#`y^8fGd?mYSbALrTd{BJK$wHT?iIh7M2?pG~ba*c01 z92ZHvR7WQ9Bu1~7KTw&qf9=f#7gNoa!ns{&r8!dgVE(Plkw4OAvYD;rm7#i8k~63^ z{TMGqsa*}Cr+D~Ub#L`%^@l8z*T!07xE#3TxKUSCb5fft>R?T6DVzv-@=0e2n_0GN z`i)UEbrM4d)n2jP9$(*%DIQx|zPwSh^SiTZR?q+F!NCBl=KuZj`On?K-mBfG`TsGV zN1y-g)1jpjmPU+FvOFS5f z*S4Wn>vV7JHTAp~#-?}&gko-BZW)5kmi>wNp0N&&QD{@*)zwOii*8SLyl&Hs<_YwaKd36$kIJF&$Adk`ww~9;{>vKN4)@tQ3O&%7nm{0Cr$v0F!$U!9L^Uc z0{?mExx~42jj;h8a(pW+?4S0)SP%ph$5M!?I+${of;7%%I04XT zEv6)qxidAkqd6fAf#+w2jn4sOAkw+mr5lk<{)Ivg6qp6#a}xOw5NW&vhB$~Oiiaqf z;Y8HYut5;;Ws1IMoZ@7*0*FF;UqI71V{-uGxFxAM=$^WLlL@upkeSyxt?< z1zKej@qdd4$g-|&-hJhxzw49oyFB)*c7x7Hq~dr#Sr;0~8`AvkEh=pnkll1hHRX#< zOCfg+S-#4re1f`r;tJqRIm7aMQYA2|^1i0}i^gm`q??d{n<{ro@_i_?WZp*nDES?X2yE-%i4URrCtQbtSt*RV;pQj%Eu- z>v8eq^84TL`0T%pT>57{tM~uP_y4^-*nhJB9_87*|Iab;%GdgBRW9mf3!a{oO4;8= z`jWT%T?zPaXaxQtoP6Hf{VbEpFCPj_arv%u4PeE_&|1nAV!ee-ac3n)6a`wQ!n{Gt zuH^~LQFlQ%rQ{YzD0*+qUupdoWsQWEug$OBv$PjUwurAD7(O|0ASjz>!BhVgicVSI zt%*;`+5VS3{`p@fErMZ4vSb5yK(3hocU}(mD))a3p3Z+g%JYTdf3yf4Y7x?*K*5SM zaJu-4sl3>(aj~5LQD=0^tyALLSN81Oi<;k+a|dReEClhcgpJ7!a_^TaH?^UjJsSpp z^y#oc|1U^_IiX)%|L+}C?|*-~|LKvQFX;cTJ2_R#jd-TTtR_{cmO`A&dLf~RNR`ts z&m0=a1{Z-Qxw~iTSkaKgKgUP~9d9g*um*X&ZfM~KrasfE4JSMOLo9S_;$3Tc=U-$Z znWn&)Urm`q{WYCM8cL#+;H1b3z{|#O9)rI`;WCj06T)MmI*sDwR9?vgU^7++u zq0pppmlwr&L3Hy}?_J&Gypk7h0kYP^PiOey6@h`)D?c@cASoU)Yr&} zTV(a|HB*lv8R2?3o#F)Zr7>WfmtKV4iub^%qVK(U)u)FAr8Hx0tsA^oGR!$o>+WN4 z?_m%n3v+DMB@7l^%|o?|-8jgtvD;P>n?*6v02TGy+g2uH^U2#{w_eHMjv3OIo<_V=Iie?7|c42&S>h^j-? zs{6s+93^0q;W)y{45To;fiuKiK=i44%q@8d7zs@u89#Tv)22PJpSf`g#@-GzfP7g;2_EkAb{?&N~@L~q0 zB#sd6;Ki)}`&TE$_`f_kJU%<=EuxL%XdM5$`-7dma{j;Fmj_Slzejog>py}Z05DAh zWgPxQXfzV?0D|DJoz64xT4hl%S^!K5EedryMS08spCfQbXdFFfU_lrMDM_;!QZR|h zY$kMxFx2HdoN%CyYb?Z{X$<+4&_xf7$Q`27ECx%&0mF+lMlS%mMRX|?!<3Q*U_28> zmsD8lfG7wFO$pUTTE-B-Tzr)(3``KrIG$$l3oy+Rd8rPJ!5x|~EDWQG{XRuA%s5>JJH3d6H;4+8Q0J%!=a6z%WU3HQJDsl4#qI~H3Nrf8jDqyP_##o!Kv_ZMOD6#w2Iw2>kp8#fzf6=)@kI zZ|4H9#FX|rol_2A%t$^Vs_KR}XOLoe{93iUxqYg)t8LS_G;V{tIS%JyL{aohhAE2V zu*-Rw%Au5FwD=&3399nEJQ~144j3|(9}7W(MSsc(y40dPi_SyZWPoe~K8GBHFaZ-J z1UeFet#ZEPT2<(7opq!w&aDy8qqvU<&Y^59S@Ea ze4H53U`nD#6iMDmCDG{wpb##w)7#zq&rYBK?Df9u4aBd}dmxXBiFG)l#!3>91y?h% z)Qp#+=WsHmka3!YJfo-+fJ+3UpD5<&3?@r(D-&I?GW{%sF-~TBxJe~rL|C?=(;1Uo z`-rz{07_C34AEQ~OblE*(642WU6*iNs|GhyLIL^+)wH5}CX~&~mD~#fEvHu~UYD-#eTv*q?Dvj(zwQam zh=5q(iqfiYnKc}VBFK_7qpmcmCMek?BaWs-e#aRTRj4DZ$a-h(N4*mAqF;2hzb_m{LCbVH}#ENN+dM)Kgpt_cl`YyqB zvYMGs{RqWK3xqA0mh^jMR97m>E1|PFOwoeeA_mNeuo-J2?ihfKkq|>}G)pmdR4>J{ zf;EJ+g27PX3w0V95(xm}@>-+|Sx(76TYpx;T zUMqvDhZk^$F14UvE9|;~$5Q5jEKv+JFTK~@?lq{w9c6K>yp!y@0yl@KJUq%X2_OS7 z0gzI-6mWn3X9=!OIC2z2#;$=w@0ImQ>eM2o5KuXVw%E2yuk25~I&9gW>v!i`kLi2s zO@kDyF9i3J82gRr3o-v{KlHUryfCmSj+_yAt4eNyH>%%U-dqd8F?g??;#V?*ozU(n zq#VOIUIJn$^hP5BvpEX3?y#5_A(kd;Wn$f~qsBlgQ)E*k%Cx8CA-u7@?k;b%C!P}k zBRK&I-Kq32ii+exYj={N=F{goYAiqdwJC1<-ZxHC9W`poJtm@)ukGTN@ag~ypi143 z8x?9a=3Y!f7+))D{(tt~{J(7+Nfh6o^;h62nT?gPDEY`S-u1laI8L{>b9ikh{btki zS`Z0IXj23mpya6A`Tp(S4+;mtQsb!gJR93-WWp3Ic zBqVO@DJp{o^RXD1l^ToN0mVQ=BNa#2{%0z`Qnm6JMD=n(cFQs>H&$MtW!{zxw_BEL zD~zR<9JCpaXVoOfO|w)*y6GI|EvEb&S_q8=G$@DAyuK9(D{RDp3t>RVL?o8)=OI+D z%|^Mz3nV6Z``Pn7j6Kiu(217746Fz$Qexjkbc6&+HWhcVTTu3s;Bkq7teC@i7KSR0 zx^xcZYh4O_{d0Icde0I$8i|rYErgC*T?(NIq**tFIbl%&VL*nnv7`CK#HXW$Tp@Ua z)UiAg6E*|CEu<1&6NEVdl7%qGFb`exy0Jx<8}W8{X(`{VwFp<>YS({C`&CPCH~dFI zxKv?F7r~|1nQpkA`5MUXN?2nde^Vp4kjblbbGV9pM{9g;&Znwvr3n$#Kh@qC%v!OK zzoel1oIvy*4wvlxYPjrt9ZfL}tKrJc7m=--&Ppv@vb+DIop(~%8|2`6L%D#6kTTc` zaE)YZbYn8RLWAPCS-9TfYOsoMg?JrcNw|vRX5o4jvT+Su^7R@3DZ(ZBz!L%e|F1y_ zT<6j{IDzPZB4}4gy)nMo%yDFTj*!ScRuOX&fcV!k;cDSJ^CzTYwm_P}YXeup(3nJo zLwyDd-^bIpE6Uz0G?*kwT*tr8E@-R|1j^=1zDAey56pv%KX)}aO5iF=)Eu9XcBvAj zhw8{TV@)3ffi_*ufpEeyPVP*$ehANK2G=tFm67g+rbs!E6-1J{;A}w!FP4F{frB}Y zd=j7$!O4u1&Wdmu{%xrw1D}xs3a&`=d>j?nK3My!!@9zJse&x|En+PHd=U~|cSN1{ ztMBz;pCCyBi2#fgwbNPM7*e6eudbNuO&;uuMr54;`xG4*}{ZB>}<$4PZAh zjs_8n$iQ>pf**?Wg=2|bEpaWSFS*qNPfplM#MOwt4vO&EqDt4HuV%1T!&O=dqcCGv z=uiz8Gm&&@L=!Jif>P+(8P|J?&OZZ}m?rU$OjK%K=KHgE=O;*2Qb7|Y)?=vD%opVD zWPByK-~jp#;QCllu`A$Or)u8-u3FVT57)X>`zCPd+l@=%GS?v20a63Fj+WXU&G-bs z-q_}-hYN=xyF8l4$)avGuh4;Pr~S#=wF)s{1c?N5d%8OeadcsqdMRXAXprz(DZiKF znd6-I1({&Kx8f5i4h-i`oK5JECdMBn=P#g~NRb4d@??T0iK^$I0#i%is*sPy#r0b2 z!e?6C4oc_C0U#4MWQDXTBOsN>oK8_OUlni}d`{B31V`rl!2MpoH)6)0sLTE=S~4T` zPc>X>oFC5*pzp(XRr*8~-CH55md#2>4J)73!dfFA&2h#OyzJSk6C9$+-yE!L%mf+D zLKWAo;xsgv;Fl96T1BZ(PtiTk)6&Xt$u6z~R4rU!OB_Y>Png%hXY@i?D`kE-#qQ7? zbE-_o^tdq_GM8d;4Y;bPtJI&95|-oAu^>xOZ^Tz!xa#sia!4>ScE@MNHS5y|wn1Q7nMZot4n1)>5;_KM-;4A>Z;D|bZN!;}T2F?QKqkpnv- z$tB|#=Zn~N>6L=5n?mlSbQwG)^GTo&TK3RD%!cZ^%3u@zP)Z0K6iVAy{-WX_YEigy zTb2{adm10JQ=n0!G9l zDVm**fX!RjGV|gUh$P2+ob&i=9RcO0=-zlx$&pd>1EU&laHmhn(2CGFfe`jXHY=Qs zR!_+L*>p&F=DG*c9k~%Sx3Lz3tuiO`EDmr&&JvCjGG0Iymu1LYm6NK_eW<;EJI@sw zoH7XM{RnWIU`*jpNH7ZtuRK;L>FOYaTxAJC_VZf;yD)S?1pzD)!lyI>vGfDSJ~<(r zvfzyPED9>UjmMERfMttKl+Y%~MQGJY=(kb;A1dZhoD)Mi=Sg@FdY`i#&Il;jp zizH#tsKmwQbak#jLh38zdcBWWWziUoFb!v%bQSv* z9y*ee2STl}KsXI%EK#2UiPKwPygXlMENx^%0x- z#t|Wb`9zhn2+)v>7$*~HUM*dVx@rQI=SlBm6O%#{=}%As6$oeqOL03-iK(m%cqWpA zkYYg^*ng(0Eaiir6staN3Ho&Ca*6_5Ma6wLMdJ#6h}EsZaG_5L7TV^4935;V^$n^o z7P{AWvUGJjSOA?gv&dJ*LiL?P#ah4{6*hWfECdaRUu&+HbafB}E}*&(H=eST>E8UQ z!h%LLIkclU!li(P>|+@U>)A1toYtfvYrYs)=tz-|iWy%E!8abdaC~F1D8`X5>&lHX zze^-)vCx?@A?mMzVta*7q--|nKV$gJL&uQuAV7442Il2J8m{oRXb!SbqAb4&t~)i! zV^J#gU@a253MLwhD52fEM&-(UlEWfm0m-7UR6D;y?^!_di=mCq+eM>lElRMsAdA}W zG#0SA(FIvZo&?!E>Ty^)(G8vzuuv0Kr_(xE==jn*LZph*rUR|el}+qhqK4nT~wV^K;`_70R6(kX4C4C?c&^zxMY(B=;) z(e~CR2&>j2#ljS&_oigZc+EyJSU__UAl3e^uz0q${f_3Xq!KLrc(#PoX0h<&*`1)E zu-NJMrv<5J2TOAhui}sT@%;S6IVoFT7)m7;FZ(b1O|V$DH}Y7V-5nYdi{0Iw0v1Ha zQ97tBUyD_2J(bMsrbb?hMU{PVM*JC9+1?ZKB}uOjR(7QW1acbr6J&Zqx~r8SY=}iZ z?4t^ck@$hLS$qg_3igJO+tnFKRLH_YBxH)lvbm0HxScCQ4i*RDC0>ZZQY^$m_(_fN zr?9vnJR)Hl9Fk_yQQxa_VI%CX)APInMTuD)hmhX|hp;MzsF&PYs67EIa?1{>6|m40 zwPYG?g`z^y0O^m_qVD!ZSy^z?(S5w-NDXAHM_eK3qjt}X!b=h)!dDFxfW+f z@E$SM0I~^{$BC>Lizs&yrydJFiw;C-sHVcAb{*`;>&Id>iUL61v*?tuq-=NF56kw1 z`|+BwSdF4$PUkcv{8z69!NG?pT*&EsW4Y>};aZe_d=FSaB1g~z@qBoJIBJuF&@&8CX@&-;4GCNS1MZ*8zHxiKF^XZ<8>2~i^b>m!P~d( ze-4^qA&Bp@X?((&l+v!Nt-)I8k5R0?UMCi(vnZic@><0*>L8bp&PhasIN@wama4P5 zD}7%k^DSc0ZCiTPJSvL?jc7t~_?m=xQF-Qlg^pD-6v%ew=o@T^EMjYaq`cVf7o}bn zi+K5&y^b}eEVxVX9W44K+F%xoL{+Y>N8<{a0=IXL#uXYoD~o2yVxfZo&L^CR2@9+4 zS-(-uP-5EM6&_b;@O(KIVg~Wt%dj|8&F%$@(#RqyW$9{6%JQh}w|Bv$s(4fmizZB} zjz{GXTlWKAwNejf28$+4s+33FGWaPLr93K!MH41f&ZF)GjVd0M!=ee3s^U?1fJYUN z%3;xjNmcQvyTPKAN5KWHS-gT8mGUU}+dEOCDmC*A7LC-XS{{`_Z2eCakIG=tNR2Az zQMU|!ibW}p%3#q*jjG^LcY;P0kIG=tNR6uGQFnkx6_3hb(MXM|^H)eE^ zadh-0Wg`i@}~wg&AFYT!c~kqB}Co&HZPv6@?4>T zTdBEVQWnck7d`PsyE6 z)XxeR$ukvd58%-Wy-KYC7rAT!@a&NzgwbVCyGsmeo|ehD;YnL`PY`C6G<5kF23%s2&cSTNx%o#ON!z?`{o`D&&gEo=TAOP1*bsXJV0CnjG-Q_q+R=l4a-!!z_kn z$Vt(OO!NCg@jA$zLHy+@q>ULgK<-8*4Q}$(R=?zlcOfGV`^14ojq3F~wxbmuwLI19hYs63>ysR{0)7+f`L6CN5y#{1NBT0ox8L`{^JI&W+ z`O{PsB%%2E^0F);Ijo#OmzS4Ljv+`Nqch%-d-J3;MNW`#bVkQfSsdyiq`E*D)=sDQ zREtJMe($N90J68PfbLw%6gC$+WZQs3op*s8s9!%aQKo(!m~w)uo@lxQ4b^FPI@HCS z6Yf@rtYWIBSRp4j;H!<*FVHPp?od; z0z`h@gvTo(cV5O-t|~amDl1qd-?cnVkrSp!Pe~8@lnQWkHxL%LQ@f|}v(n0)&cfoQ z?2MdKX;JTTb*_yZ9CA5XYga$tsu}kl4!&wjuU#`UT!SN}+k0vU)witDN3r}sKwE{*edGb3JG)vM{ zhLO&{Je7T{85c8XP1&;=j2fQw*J6Y=ULT#D9vvQ>AHCjFManCuk47RPIA~z6UZH_4 zMgJl4OOj=0sE+>8Fv(vfMzV|MJzV2~_^=;n!+jLs1S{`x!!^><`sC9gWKP$vi)dW z?|AYFL1sl1Gpb5R4eU+Ty}FCkwIv}dFe<6{T7}VvGjui~VTk^UJ|;Az$>M&?!7jnb zsSkS%jP9^}EE8QJp%~O-l&L4XGDi1QZnhSqO#RuFF}kPnv`aBMt2BihVRZN9Y%4Ho zoPlXc-lZG|Tpva&bMImvqw4#Ine0U=Znuckbuen2-QiwxI+SE{xIRYtOb=HGGB+H* zzGXtoV^k5Mn7UOyfFJZG4wbdJP*S(Z%07^_c|FpOGI0bt`Lm~TPggTbtwupJIU8(* zvKgm~=}pT!GR}uGASz2Z>u+5PLQ+}|0%b%jKR!$)Wf>6l8MSqBD*-2BT0bnz1++yh z(&1?tAWf3*R7oraqE>Nl624M0KczFFd7UyHg5eTE$b7450z+oi*HrMC+9|JQ!I&f| ztt?*-cP1ndQyLx2F%3&F(_~FS%G?VJ(AG*F&N*j%yD>Qi4uLI&;bs|d(glcnrI9wn=xV|F^ zr@r{6&ns#VD@>bj?aZRdh>DV?Y6(|8vrsb!7vvDODe_~^rX-n=nSgLZp6K#RD)dkf zb)&Vaaj7_KWwC1PPjSc4RWvOI_v%)u!)mEdr3qGd=vq+)th)w;K^ayJ{3^?_x+nLF zfvSjA1K-MWtnSIhQjgUV|4Kuw?%vH}+PGNdvia(tmuQ|RB|PsoGx}bk!QZyFUerV7 zVzt&BVzt=bVEt;3qnBg#Ky!*o)iIxUVFj!nXpXUxlo+dE^+0oum88g61*->|gX{_o z%I~>0!|H+NBr8dwQIFMnbClf@6I_`GeiJ#%R^C_NL=Ll+dEhsZ(`;pK@lE77yD3%= zGw0dLJaC;k&~8f&T;0O|CUT;!%q_l&9BDVh>Y?ULyV<^as5#VDwnV;(oN6nt)i;r2 ztv2+a8mkAMbM2Z~J@6cCD`U0(N^12EsJq5$Ni0thtLmtpbtASq1%3-PXI8cvzlj<& zwZTd&VfBz|(v*~ZTs6Y^KR3hjQ6dITLnZk{#Vj_DMLEdsc4^mtwWT-JB-ze(!R~-WaRZG$uXl zI~LJ|@rHhOodx17^DR2n`k*o)eU4)qjqPIU>#^x7e~1ak^1DV@t>|OQVg)%EVqANN zPenmNt9%@00l^JzjR=zx;gqQO1lvWEOh79~CgiY!!kTkjt8-nUW8Dhj1YJ(3KS{Tj z3auOxwOAxrC4tYaVWnWvKBT2*jVf`q!V7|S;cG+%B2lnL_I^{WRDttlJka45x+1!| z?}j6rj7qRPRho2F0Tm`|!f@ekv|6lg#4Va!yv%TR8i@o)K0)S7gXcP*n_|TY07av5 zo$vNkwNlwmff3+14j1wt0#D`S)x#6#UBj`F2 zzqk10?-fPvl3hC?ita@PJ<_|%pqsn;kVR$1c>!oBA>!Q6ibAWE?5pPtp#n_(txMQaLJ6>%55;;h+-3 znd!BWaP*Ow1&z{H)}pdJ`E9PRY63H99Zxv>a!b3XmcR@ujS0*Jc(EQD%XIlf)X-U@ zRcTCMSybTi*SfG+PG?O}fedQi5c?M-0uSQ>oZZr4NM0@8a26#blGImBwLA-nxyW{* z&(m}_Xk&^w#lf(HSQIXFJ|WqqG$Ilrl8{ChPnz$PW(1~CQ67<33X;-AxS83U08?_XH$fw7L`zc7GjPVr{fh1KQv#J94aNOz;%^m z*G1t&g>o0Gwa_W540>|qsL;(T){PRSj+%{3U4Ki_499T$Ssfb$W(_&{eMUJXrmxTy%TIbUP-5;+XhQsC#w#nj8Q|Qup30~|0yLM) zCHA1KXB6NNiUu)`2Kvr+Qc_hQ52gEQDU`Eh;&H~36D-6fK=o?@ z%D8H^tD#)u!Z%p)nA0id3$HqxY-zGs7FpQ!!Puw6jcYm+8tm~hD6<)2Z#@C*HRm#$ z_4U@1x|aK+m(OJ;@9C|lHN8TEm&FXG0HrDQWaKwBpOOq9T-QR)m{FX?BFs*quEj_jt*6NkMn^3)+~@ zgpGJZSeY9@zUheFbV@GBqSFjYH%_gbF0-3v?XhT(sA_v_tAs8MCpwhFR}1khzXVv< zE5w`0aRp_i5U+u9ZSz?*mo0PnPq066PW_eIEp6*Tw<|~@>1H2D>+`1l=RXGs^YKho zeq(4bA>mX7v4r8kLvI*Imli^5G%I;NYL2t7 zc56usvw!yOPEH$Dn#cQUUu8Z)i1~D{*URKC>g99(*l{I7t=8YsdzO$r^ba<(6@kQT zC=!~?66J7%qGA&k284@3W+WU1g}g!oU4$qtawL0&f@Dw#%Aa7Kr1_g<7irp~?6jMd zLB5<`HbSqIWZ#s%S$LrsLI$pV(|LEx3z&aFxJOwzu=`qB0HDOcYqg~0$3r$J$Y;|j zhSP~e9jm1I>R>tL5D?>tbt*@z6w0sc;z-hh_8NkenQTrbFKb+Y>`IY=!2j^2MbKiWedVEQLi=xL_{1)wyL0LGvKYB|PCA4eoiCt%Mz zrk)66i#gnT6N#BWk&2E%T_BdiCN}j(lSyCHuQWp?dd*ys?%P=3F%ESjqD4%3O%Q*POJ6k5jxD2LX#ltg;zfWB*8Qk>OkQ0 zDN{uB=?ooDr?Uh!@dS@W3Rb{;;puS!xMY?vE_Y%Niok*Mw#!vVUHNS{y`KOsj3|Dk z`AD`vEghwm^b=O9Z zlysz=0PYW65lL?96q`lFByL3;f{;D*c{m%xR^>@bUq0i+OE~tuv?wg&<6c7j3zGDn z^@zo=)RXaZa3|pHGl)qS$egkSLH4nk%h{nX-yDd#vJ}HM6s+C}9@GoCMTY zL@Al5>=Vi{wp!;5;W?uLz@Qk3+~ZRm&4A3zMDzk;{#ib`lCTBI=XndW{s{Dt${uAs(1~rA zsLRlAf<-Y-Ci_qR^k_n+;&cC>-jpObzzK#pg|AOKsOux=t1h~XUF5oeoI(BeAlrJd zkZs=-GLZR_^;m<>dXK~`mK(d(l2UJq7w8fz!)b!&u5RqB`nG&}XE|90v}#%BBZqD|MEMY>r{8NGX|f zH$z3yFjPak=dqx+Vt+!(Tq)9p&to{y$((kg zlh~gw%`xc+KgE~Ee%PNb%s-2b%)IPR7v`TOJu#l_@9gxSE5bfjGTJTz z4mrWW!pLh~{mX=8aWbcDCLGdsXLM8AXKF_6_By+u@v(LwWbYuTLp&|y(l;XpDHaqD zw`H&x5*IYinVh-R`~&mAQ{^-+sUVxVK0u!VwobH}C-EX;lI=%okCF))Rla19O%$_4 zk#o3^;)9MBuwSLz6(q6B1JHMB852o zSg%4`ovcocex$il*Zz_!vE77qanv<1cMZ%P&!kn?e!^DkJhh~?!6pn}1jv`c$&B^e5uST#m6X}178u)Yz&$&3?4gDL$P(|~}>PTMmj z2MUh)nbM}#E#3arRXg}-v+R_?-cHjl1-bmdL4SHF3nCClTh9Njfu%s@#6Ic0Zb8NED%kQtE2((6MHP zJ~qf_>O(46%mVwVUH*(~wUdj|YI(}lEMG}lpHZrPyNo!CUfS%N+* z^T>Yh_*spzRl3zvd$VUa1@MjDFl58t6iW^T?!unb+q>f#4T$C}nKkG+pnKDxgF-6w zQHG0D2B9f9_gM^AAWAUvTCIa1Fq(v1c86XrCsLR=Bm*jdkByX9{5xT2Od`T1#s7GI zesYFBp1u{ER{h8vNLVGp)`Mb^I?vqQ-BC1*{bYtifW;I{2pG60VcV%xG-gD7HerN` zhtjP(f-YQD%Ow_0e8vL>kL(-b%x6(TLpu}tlpPdUIZ>bA63ipD?}4bwCN!mhteXMW z*JqJW;zabc6)n0t!ktFrUQvpOp3#+^$;imgl-X!&$0=FoPT)u%(O7m;vS&7Mm`vDg zJW=zhkFcgV3UI>s0$hne4|3DUIhN{>5(qP)jtazHtJOt67;5kdPryl=5DSUagg`!P z;cs;!uhq3T7_=S{E}V6CI)k?Fz%!9O?Q)u+ImH>x%>*NCg!F=-&$4Y-c{j=h^lu~) z3HC2~Zp&V$BgfXcTm%V6T|viD4m_A#$LNKkUg)bvSfz@0Q; zd+35JVA3N(0up!#5@f+IWLF_{jKvhJh|D=2~xbd~9UL_s|?oLsH1DcqJ3 zZ|+y>KtT7NdE-wojXcmd6Y?c#L45zKqaTjnqr;=q^W!(ihX?0J@N4Vc@$u{D=ZA*} z$q(a$%i~uE{Q|2BD+yq>dZ@NoeE-vn`3nWz(fij$*g#)xGJzLlu~&-j>Dd7~IX(V#aDIe-I{Jr2 z`G}2=UmYC$ba?QeM+ft_|L_;Hm!lnVF*{v+924?BCa>rJcy;*NAOHT>x8i3UKmTL+ zf1izBvbVp-yMXc~|84v7_3-fZ;hX8`_vq|D{u=yryfc6EHaz-ccUK&IdimS`?Og=B z|9Jji=l?kg-wyxb@29Ai!UgDdrGlNFE2}c^u*HCkUGlbj7>+6J4&FpQix>J7TA$C- zNb7(Drw468Uy#MXJ;%jpOy?v*gQxZ)sxWnTNR;q}r+@^oB%CgX6GQ@%5Pis>S1DAb zM}%F*4$KhL)xq)mA5M?X&VK#z!`b=!gLg+=&?L10%)eB0?;Ou+nZybF7G#w+7(nXq zQmb(SXi_8{z1PfTN2BT*F=zsjkJsc}9jV)O<(e^bzGqG`!suLS&`lOyDsw;;;9}^2x5#cSnU@x}UogTgiz{ z1=8UHs9IS&LzYZj9AL45Bwfl2M`zGs))tb|c;HPE6}2${7AjgTsRTQoC8PpebdEXg zVz=f58Z#E4m}5WDc}A=k#gvaqZGE^f^ubiNC#%=$n2C2dR$bBrZH(L~ z63Nv9G*D1kPzD`0yrOLCfra?4b|_6|M1;@ z4j3i;&fF!837^sgk$_q!e4Ydq0=CF)M%3s~D%k81Vq6P|3qoR)Oqd|hv&bx@NJm#I zY7aroxF_k&nWKWgdDYobUOoA)x_dQ++H;4T_sSpi*?67pMqI;jLPxU#kuXm3!GUlP z;<}uT5wB;;bTfe9S31A8SGj1EIgr;4{34~SkSeeQyN&V+CrSkeyEjz|(gcp~A5 zaL%|;`&V0Yik6E}b(_j*AV-p-{d2;&8^_u^? z>s-U?>dvjH>EzRMB8bo&b1LaVfb9ZtVR918VYO5YlzXW3BeXFSWHbwvo)^rej11iH z8ZgQ<_kx=G>bA7#q){2h>o9ZM_FH-vz$3hu(hp z;n%lEpN`(PRNON#{5`drituwGi7q7AVSb>yo;gY-oYj@h18n+$A;C7w@i}}q&>=$E z-_1P$9k!;H>P!`+6+n{M$(owRQ>AvJ@yCJOj~O@*9U*EQz`RO()ieygkHy3RgliOk!*mRSv{>ULrKcjXT)qx}N9gYXhB zL<@lv2^QFND1XpBA(Sb4xres4cXr*gYe7tPUz3GjQ#16s>HMKkrHX1b_BaS~xa&(2 z@EMfZ9Mt*MHdFp>4|9BJ(ZK`8S*C%+1i4?Rf4+{=T{Sqs_lO& z+)z<-j&C(HQvul_u$nRk!eXj?G!j*#S(=%%XNkiFkY0MdK&fk8O@#aEwyq=b5;ua; zDy^k-XWYTywSW|i5NK!o-s+5Rp%=M`qnF=bz@Qp!vZcF3c6Dfba`#H*NgfbF_B)pX ziuo>Cn@=T_iaUCBP2kXtJN zPb6;~!6sj1oUOUjVv=a{T<56PpSY`Qe#@+DVQ$<34FP>l5y?h!G($CaZXl#-+>Ke# zjaWc>kIZOY97!uXpjV9tv56Z3PCuU1|}-LG$1%sDuni|Yt@pI5V&N*Oti-nms5j9td6Hj z70MdTQ90Pd-h^Ft6PD2wyAu*lyD&hP3Na%>Z4vaI=?GsHc&)b0){eLB^;@k|GG%iT zWKQ!T)EWYZX9?@7=y5nYcEcMv0iS&~^y^@ju#eFGEt!)rjdM6>Ito44$0oWYX|OzO zR;y^ib&gp)=2%+R<{naFd&r#mzm3G~Sz+{2q*)XI+#gw2QX!7H1XisQ4W64Nbw#u8Cx14NL|8Zoc z;HEtSipZsLrwDaIHzXv2h;#5Nk^l~c-p#^Poxk_Ng{AgPCsAnbVO#pb}|ER%3FPa_JJs zrT#T@qe7y#7D{)0Y9vDkRd?V5CSME}dK1FjI#~d+aUuXwsWV?YT5as5`cCntkEUmR zaLUlu-^^yD0!{I65Mimp@Q1T$oV^QZCMjWZ6K{LyJ=5PP4wyZ53ufF*mS!tnI_%49 z54&}fVP9N(*uIC}urSp8U&#TDOA^=jOW*!3_1R-&BpW0WXRcBIvdX&sIEU7 zyVstL=eIQ(&$4szeCbR)OCh@cMC?>f1SdMiN=r9;jOpI?1*sDR0!^s^Zt3tn$Kwl< zDx{Hfn!|}Iu7m~LLe>Jb^ApVY3H+W45KhLN&0=Y2MgWTI zl8BWzVv1ua^h(PQ4dA4)x~tNXMQNA%=L2Iqaw&Xh};Bqv-g@nEa(eeu5N8GH`^-ppJU-_%7>Oxg@Vr!_i<=N-7(2f`JtD%M6h@ z^VwJP`T0YH-m^KG4hctFJDX^`zun(dCg*(Hs>yOzz?796RGPyQ@6uV9wwJcnABhAf zGtp(EZZaX=n6uxApMXc%@?*1~s4#pJ3fYdbN0t^BN!Dq+F+h1}f)j@XVXc44t;S=< zP3%K@aoJih%9l$cjp`24CgMeh zCb_=SknUQ}7Lb@k0g3!Y1#eN;q_eZ7axg~;TmpBbSb@dpSiTWh5OVKdVjf6~qMqz# zQ3z=|%5L6K$W{?}=x{>(3-s9_Vij`8c(7zkR(W%@hVUq1-Ix7-r}R2g8Zu)~rOfOC zUC@+E=dYsayCd4DgvHg%zo|pr;8NrzbG>5P>#8rN>Gg1|Gl`4xcPY-L{R?Reu!a?5 zRqVGX)dL8-doX-fVt7i72j%3`p*<*t!so6mh67V`@xo56R;*mN+bGo}UHwttvfcm_ z9-62VCv_5{F5QV{SE(U7{b$T08jbf*tQy(?1~u7|nJ6>ZP_Qn~#Ai{YEYpQ%I6@s% zsB5c|;U^?E;9i=W^l+pw#~}^$h4ZYm-5}oBQ>j+8GlN;zv6LJgiG$gHCPu^6d%afc z!w}RG9q5}TcF}>>Ze641E9K8Pa6mnu+1o<;EbQkGr>{>S2JYnG>`eZ(pS@nKBkH={ zw3>y9!70C5-To79nx?r6Y%;R1ZFB_@hR=6VH|Q7;-W{ACAH06`>*81ePHY`oS_;i?qAfEf>H{MNVg!Ix}$w!a0%38)s6xrdJ zm2&q~W*K{2+#$NHhUic#Y5V}}$6 zhW>Vk=D$|swe{7GSOkhfTV)Q!am*R^CmuS{x^KA1S@#@ArkbRibI|B-I!rsjWU8$_ zkzlS<9>YiKmHNy>Z=@9yu}j3FO%>Cg9j?4zK8s9dLCGomTLaG~T;tMSOq8uOBojQR zjHBTKx%nuZnB0NLRbc0{=m3&)4mORSGTUGze&B2ttC0Hsz-uWhU00-%pEwuOoZF|D zV1tE%AspaXuYqGnxJThbA`%;1FTk0SCZd9~NJ%X}o}Zue)OAJhUqaN9o9i&0MowUs z2QT|C`@NUDyE_B-yln8Y-;=*d^YcAJmt370LJ+Y4-<-YlI0ic!&M60%vA*2t#glm8 zp7pi5P{6B^MXpZa95Z(S8)Bf7i{+BW(f`(_s$mKG+)a6Almk;Bj6%kw)o0?>RFaVN zDiciv0$(@Uz;P@(o7P#dG2iN_$+@6WfHq#+Q_7Bq4kS%pKt4Gvpc5eQPwLyBXcR!e z$Pb@>^3dS~M`N>%e)#m0viKln1-KM*iwzz-!j-ck4Z44VRGD2iLUT$kH<4f_Fjdk< zTN6WD$C{gDDB3k97aoR=x*(xFbcA_GiS;1~*)h!B4hm?Xj&SvPD+o0;jXFX)nIBcov4Dx3&Fzcl+-;jw+^lMhC{gbq=p> zjtJnHCO0AEhmB*=n{N$3A(*)bF$X8dPlR(Cv8i2*aN8j&TM6ZuJukW_bt*#eO{gQH zXzUy|>9eNBTiQ6;kOX&in8l% zT{UvX0NR0abKJ}cQ=ZN)26}K7FExf;jX7DwWM3*Ds2lG;`TS>_#qB-R<`7%d-b8Jw zl*nItlB{~B6kQLZfw)@+==oM!;@Yz&NT|)R2wassBrPIO;o8QoJ@#SCMStYx$me@S66g}H%;Xs zh5KrDW9TkCn~shRbqaa7+^Kh;ZiR5tYQc7v4EyrZ!vG?1>`*lky|>4QNAJ&$y4zm= z@2%EHMcvkgKU_HB!6?L+5KTYk#E2{-Q6-}rC6}0!Rv@)>I-Dh$=`k=-f!qd=jtjL9 z&d~8$8@)O>J3iZN{d|1>vf z(n84a#XZf>C0}f%3eFyyZ?|w9+dsFxtzB=c6{Phe_s{`)ONU(A=+056WIdq4!YQu` z9}d}=`e;a!OR1F&GjS$f3!(E&3VSIllxW7fn6Wz1^jZ@(C40!|ZBG1fi~16vk~h78 zT}CS0K4fDi%sVM)FT6M!w=T#6(%J8|x*FbA7fnbQ6W;3D3O}u`4Lodh4GJyeDJJd} zqEGLnc-REd+Cpf?!xXa0)5eziRs*0lN!jP}FQt~UheEX!t$A+6?wcgPKX>?4@qZ`H z{Ef$0!vFi*&!6Y{|Ms)~cm97D&m)wY1sOK<2%Vk0{=Z$V&2^7WnQOj>4o(gZe+0c4 z42oVwNV zokgwfsoMWWiizH@=~W~ziLb*A>i7TF_OoaG?Ec^0>ObH4zW?vy`SZ`-(^drwXu<%V z_P%~?wPY`7PN#ctHBDOU;0T$@$@M2>52ejorzDwiX_rg07`YeHoGZ$$KmWAZNZN`d zJ%#`B#Coy&L-BM7c%~;gjvNAA zq2FgLA^ErRa}ovS=Sw1~Vh?S#%!_Vu9VeIvH(E#8!R@Z28bN+ygi`Zmls%kjKixUu zQ=5$88(Pbn)w{vM*)@}!y^Y#xx7^AKs>M?{(GeoQBTo)$#?+X@+h$zDb2=oUAlY6O zy{yu!`XbY-p6{BuPgu-CHeUQhR+xI{qjUk>-(Z#-PjBW^1ut@cL{~QctDQY~H|gKn z%g_Wy?_5>xL=8ObP4ZLhkM#6|E6qW z_4g+!I=~cio#bCjK;b00jUG2%8V6f5!;dY#Xm3AVm^Sj#7in8(Cfw#Qbsgko-rKJV zlTh+yp-uMd0`_hfk`tIN3JtF>YO_5VMhd4-hI^;n)j4k2gUz~;CpvX(0SCfPe^)Aw3IjVk3qHOH$8%eBin>b% z!*aTVZyq8QJ^t@NMn!({?U9ibi|XHwMBG|U-h-yRK0%n#oB!Jj!c>RY7rnF>}fddCQEcsYJUsdZ-Xw-vmL_%Bu%V5Di4o+N96j z82@UdHQ4@+Eww(=-;qnpEdTrV^Hx0#{Qo|VZ8_p=od7KH|37=)-_85~cV0aI?*G4w z=idDP$%N>%o^E1p9g9%O8Zxvf#efbsNfkpnvI^)pWJ4Tg_HzEE+lSk*rd8Kz2JFN6 z+vs-Qp$q3v>DQj=#SBo{v&%#DDC-%ak)VJC4ROp_%qd(xwsAftTVg;3pFvp9a2AY7 z;x${d7*ck6X@8lO6J$Ck9FjS= z3mVRp`^8;Ol}7zOCdt&9#*Hn%5T>JDeC<|~fOPKI+NO;3poy2$r#eHYh>D0dHPDaAYncFVRm4=)~z!Ut8; zy7c4qEypLq6Y5`gG3MVFW0l1aDB&}Z+b1kI)0rcb?G9z|Os@Eb9ug6I_LF6E|Ll5v zMfsQj>eZ1v2=pz`!%V7+)iK4T9W_J#@B7!GylZ2>REm_Na-(^;#T{5CT?FBC!abeb z!-@zT#*=0$>UD{+5g5&+T*b%hRiEGGTE{Htn*25??cMLfH-xE?2e(mA z*WvDvlUfAv}i=n|`%&5%g8y!9nk*Hvw@+dvoZHw|{Y9j~v_8f1O^ zvKu{vxqRQM>`|JVxBchWuWf|vDgFL2uJ<_G%oPms%1Frcqr z(UABUO6bd;A;-7QB5*;}4PVoiM(E#nyd9mZ1oFpY)TU8F_z3%uMHr3PEDGAHaFEw} z`t)4ardCyXphl(2jh5h$jh_fKr4gOZqO#R^`m~|{N{Jfbz?#{A&djv`+?apvcmMX! z&ePBT@9RIGe*OBmjW#mVgRW4*&JxJq@0`jn6*TvG{@39ASCw+Q=H0JXM6WW z?)!L&ZuXMZ<3>m3)qiUUS*_5V6N`9&!g7h~= zBM5aZ&Vm~#g`=S4dt-fjr#iv;u`oG}yH5PUV}Mc5>E1qS{}P#0s%Plv^z_52%AyMU zG3IPeO;Ti&mpk3RxlQim-}2hkgYIjMF7spimk8yb_Y6|E;slX7i4cYo@SNzRfmqcn zV_}fVJ#Gu2L-kXYr*dI_z0i543Z<-(4~4ha0`{93hwMylO+{VBM5V5ha3yFx1rU3W zQslde{JKz}rJGhbQtkE1h-;wum)u7>WHZyONRU@(glXuI?n6_N{#!o{^gl=>dyD$t zix(yO-}d+W|9A4-x&G()SyTmlov0YgdU@cZj%8Fm7?@4GdJ)O}iZ8lVQHsvL0N-d zMFxg_gyUGQZ01);N}uaELtLx$mG39Lh2m0G_OHyPB0Z-W%GPh5vpz0B<~W>T$P%r+DbnOII$q6I zFYt%8Z}^$k>umvYqnJG0)VMfC*&y|Sh4?u1PgPFa#T)D9vwHCfkC zTkj`lmd)vVXHA=Ib%+{4v&vSzZ=UsiQNC&ZnJqKFL8CF_MChM6nN#_DFXqH#ji=Fw zp?^gq9EL;eUkG*R2NjlW0^BN|1Rx@W*VtC}Kw7E^V0cUUMDHV{2^F5DZ2Y}ni089mzy$j(dLfBF2m|BQ_K!;!zcJ=__+*m>r^ z*xBm87{2KDdm2D*%pSen-Ri#G-9;9q?D^Z^|82nW+h02yzj*pz|J(g%7v3Lq{|k5j z_@(>Lzv_4C51pqS`NdxwwR=2p<|<>I7&_V8*GJ(M4Xq&%c<}#i`>FR1>M*2#(#ZYu z1n{jlFpvkt;2l_ctG6F2?f)kJA01wPZ3oa2|IhBT7X|;%?)LZlpLg=y{r%4$z;CTf zcN3^*C)HI|0=QU86o;XELG<9{*j4~>kN%3RR#UAW#mYNfuw9>o>9_hX{qBTGHf!GL zzw+l(C(db<)2BU%@<8*3n)y*$#80<0xVvA=aqQQ<<0$bE`~<4P2IDB2O^1YcOeqUf z#U33ewop^TaU?=hMkcKiy};8@S7wGnG3K}n>+>+ET@fJ~C1gwrM_sSw#JT5O=eo|6 zd~HHL48yRdMqN-;VR5W{a^kJ__LsyIm0hkW4K8IIZIItHotIt1=oDL3-33e{=Zx~IIa*K2L*lV!`{^7TrZ|gqjnf#A%NT5Xg-f~ zy{$N}#m{TwA+IsLw?4aea(%*+?i5FO3@6e$pus7*0o?Qa?HSbKB0)=jKu6S7oa(G>!#J~M8j^t zRc@3dovf0PtryEH;iakJQFL`q35TEo$J3dfS7h?mnc+Jn84WuHMZJ6-OS8IVR#JA9 zS;Lx7%qpVN@yz-u6+5$ZrR~$j%YI?jEwgNe#P&2y91&jbY!C3=aYMB3XS zV=-cL!jbCCmWPgw;hjv#)Ks*!aH{gNQ1^IF_yUFWf`rB)Vr+X(@P%72b<^1YViS?X z_gX))OEM>17f_~Cspe_8BuJN>>H_yUrt4g6;Vsot#Z!{0ToYR}UAI;%Q*GIo&G0(d zDT2L>He%{uT;p_ONz&2|x&j~fKkzgx<(Fy$*D=zL8Sby_0vHASA=nW^?#}U|DwN@*Z=#wyWjQyyLj$A{`2TdEQJ8nbk`1YTNAumthmgn zn>Nv@5aC;3Lq=}PmLKMXa~crI9r-Ns(eoYnC!LDW8c00_koBZ$1HD80M2;aL7xu!ZU{m6r%A{UH<+g&#(CQEZ>UVGGse1kX zOtyuSkeK)#uXQ}i)?&9;TAjJ4=>Z4KJ6u|oz-wsh=Ug@{I1&w=n3tATOqOtqp?b;6TnlUF*OdXxQ(>kzHSQ|JR#dMIwLkP10huD^*cr zik?H5#srbW=%dKAoxYc&HBk8DleT0H_2e5j4yvnx$=xi@pfx+Dw$&Q8jh&wCP))Z^ zsp^~pU-tIKTdB0yb#JMIFl3kRtvVn@5ld;It~oL_JpoZkET*$Cq208RV^$&>A)if$ zaQn=Z+g>h|p`Q}T?BcD)av2`{a&sw-D+L)OMbI}6-Rpo)L^?%H#YY*Qx#g~~@X|fy zb?U4@-MQCUX)120|25G6)z#r!i~rerv9p`c|K8u-{$Bt2PM$m0|84k>A}cL6YviUO zzl^9f0X1j(etX%mW44VHslb&aFH-xdjoQbu^}P5*f1s9C8Q>hgfaHNzWpi7(UA);voO`3)hViTD5OX(v zznk>=wxgM{6k1SVmWzc< z%#zi*N+u}N^?qLdXho;^-HM{soCD;kKGm%tuDcL-)X5$HM6QNqU@kkuDOLR{o4SCe zGhom!R~7PH=YlL6F`Wyi0?&1Ljw*+9LE!3N`#WQ~3&wIm7Uk(c-aGy#*~st<_;mU9 zzDO(Nc2x4f%XlHC}S zIlBi@TW2c?K4r^O<@4ukmE_dfZg)^SB+)pTw9!@{){x0Hgc!1{1)uqMZSb((`UQ$b z-3-Y-Q7iexrprc`6T;P@o}FVVkVu#$_qx51>$zkzsPgshM4>L^)A@JR+26Ch<(ZPn z@?q{9mN2DFM7;5yRKdjWp`GEjhkmAEh~S)WM7c;*-XD?>t^>mL{tQ%S3RJZws0;C> zDYuj`t2Y|cv8K%caU2C~Y9~&0qm~nO(JRJ6f}?C#KTil`Y)P0jERk4Dhb$BZMm%&p0yRHjitIO$xS+Ahk|d1D9g#~(Rxmqx38m-yg2u0&?~=%GFfa_{jw~VB zL=kg^4mjp?Zm=O1s@JAnljpt%3W@d)7({vgK!sAiFb!k)R9 zjcrKxiO^rBTg`Y&Ev)L$1}7!Mq-iLDlfW)b$HGF`3`^+A1zFS%lbAe@ifzD#pdwE~ zDZev|pr(=pofbmd9y+l}!wjl(it`*OojfUxQeG$w&}MqFjIb7dxKsh$&+f?Y zlT$ju`U6Q@IlPHxfOb-K!&0PoJah_tCtNtJC^uai;{({9noSjFR4)Ul-WEFilOzT0}VQ zxBAG_=-bAc1`K8Wr1ZbMk}^wZD7-OAej|z$9_FU>l#tdrU(X{>Q_3n6q?9$2C;tb^K z%Q_y&eeJ2*tLc4AOCCn^EwsKu!{@sJ@lm1dr@Ei~JMvN?2yDMomNTX#1KxQme12*F zMf}o60V68GuV#u?zf$jiiP~lo3~c%AXBxDMm9N0OqP26Sw>-UCgTbyflc zq&f)W2}WC;j{5WcY)Uxw(N+g-%;LD%>Pn}{{Iy-RXP~|CDJ@8Xst?GRd^uHd7zbha zmL}kSZ2$7h&(2&xKC3IKmy3j>XH7eI^G3DpOr$NG{dI-JWHuUwB*)O|@RalNel{(K zro!lVoEDy=t>?uj@Pri1VWw3+E108!7Y@>sd2FgrjCbUW4rY zT*(VI5tD}AB^7W3OCXx)EW}EmGiri1KpXfhl;m91Q=!NCq=Q&B*PJdC$NfgV3NBI= zz1+7qVMQx?sdj5t-#QO%rTMn=Y8fJSMl6|7C0Y#dab7qyOxC{Ks89_m%(G&A)Y~2n@lU z|5C=PDbSY<(u?OdJ-biJPh*`1X=2g(h{)VfsTWGW02txm&*|LDymZxFok1{vqNfuE z7Cy^ldCR=rum7m_kQ|t1@hkmmgZvJG0GTHF%x^}@x@}a_lV94uwA*?AMZ<5ErBe=B zB{tu=`Z}Km{6D>1cTEYfg#T|pdsevr^WuB`pSyYPf&WJV;r7r&ohjK9BpY`X6F$MQ zP)3^YS!}b_=s$#1*#*RRRcquW_d-$jVrYrfC|K7>tDm>keH&0}qsKUo>l33C2P~SD zh47NOv9Jh_FkhG-HqsYN-Fq#Gop1m7XB%xK>^}sH^oN~{hu%}mkzx2r9HI>$C-Q3@ z3-;JMB_U4eoSZ@X?$@u@Tx+N9r*;Qz=!?E;9y4FH^=O^!)%6qpC>FrY4PCGjk8z(|yF8_#^-w1=8O|rsNDv+$2fj zy5pz23$(a(~B$Q~vM&P@qg zgOMiB5NYBJ^P|q@tLHk?wCH7DDdVjr5xW-+sihag(Urc04g;2CqJZBESFs z?{70j@AR+mP1pR`@V;Edz>W~+ChEH!W*G0B9Yym`n45$)h5;hc9L+ITK|d&;)jG`X%EzcajnnD{uP zAXyAe33CdiqUm7v>SgZTpuU}Ek8HzeqGjr&~s$~w= z5aYU~KDmG`1QFmNidfXut(%Zsb!b&Cl>34#wz6~x0oQ-4QbDQQD`Fdeq<%(_AY;(vVcYDCAh!iR#80Q{98HF59h<_nwQ-mE$ zNH0&@SV__x!sw|AfO(ppV{NDc`R{PNY3@ag7>5d0G(s`UkyM--h+_{kiGW z!2Y|$T<+5An}AEt|F#O}f6tzO&;NQS&z;+UKPzfNc*tgnF8Iz_7y|3Y<2oj72~oE{ z$K#rMIj4*zbv(JWH}}j8auueYP;>FHjhqsm9bMxnUqI(d1q;5RQGnWA{>v}HUmss7 z?z-1j<&S(@Q`i){1tYiAQ_9W%1EuT?<@ z6;l~55GN8%66sqWc+O~0oNZ7)F^V}0lrb*NILcY1E>6Ss%<2l%dTt08rU*6MGl2w? zT|G)yj?#5nx^C6)BIe$o<^11?R_^`kV+cd>4Xqm2Ttg_ky6D-pdE&W)M9_W)`I<4SROoWJ`I6^Qa#Bp}A7V_xbBQAJ6z*#ZhzKSbVJxyrSf z0=kuVW=e>+y$rC_@mYLVegP&8p<2!ZAjespUa8UB-}GB@$EG|lw6k_K8Q5lDXh<<% zIQLl9nFeHK1J0^_tc>S!e$+CzrCY^h4y<8U_rNxmg5AxA5Lgf$ipk# zy#-QIJGHFK#vQF|;q}f}*>Yyze2=&Prk@q; znbMUkKJ&fq4$qRwwT-@9U*#qr=Kh2x#7}0t^b|D@kkdTh(=3@(n~u4Dq@a}_RG5vY zj3pJOBX?f4GozODBgL-?GjjTv>7SQ=zubJS|NfN3A@zYos?aI6DE9h5P2&72Rhq?_ zhSjFArjf2(;x${x83?l20FW-BTqj>lf#52Nqd8ZbR7Mraw{tLbiWi*L?SwEhU7X~# zx*_uStz7g~0cn@}w4J@su9<|2O;t^OCG8s!VfxiAOj8+5^)vQA#gWrQ0FH!eF}WshZ)x?6PK+~Ri2 zpm39Y=1QbhHde)VYj(`Z{ky`-rfT*#xvDAnOIFn7l4UFA{(fCI+^YT`7LD0@{Xbj% zXS@0PzuPbR+u!{^ck$e#|3{M2>sSBE$@t&a?*!6x`f!{;F1FR4AO-dfeL?O}x8x8i zPVZ_CA^rVY975T?DjY)fZk%iv6>glRPNf`D)lQ{{<`8;~6FkHs|9zl;zAJ~)88H`o zimoK}ZfQ>kvt)9V(u&iMrHcwT6#RTtO=he3OI#?H*rK=K{Zc*%7la4t7SpWme}G#| zec*1gn~ZAvS?-L3M1NV7bFkdLPcA3X9+Xc`kfec2E@ey0oN>Bk1EN>$yMiQLTUKU` z9ykrici&r6Wn+E5H&DKYYcU%ezcl*G7Z;d@P zRT}hddT7>c=Tzdb%uVBLsB5@sZq+4PXOeuoOLKF-s9Cbx_lw@QgJ;RJs{aqtYp-|_ zbXok@^W8%H*Y3{u`=596+@t?*arU2Y*YEht6#H=8DOp*@8$OLJ=*Jgv{%u>haLStz^QfLv0fR@`JlW?_Z;b^2=IHH*ZugK zmdd>Kd79QG_?N?c9SaLO{kDBffI{QdzOH|%w2zy5m!Q)J?ptc?#Hd!?ZqtQvJKO8V zo(r|FzVUdjay9y!Tg~P!Ldy+rD~{{B&x-z^n2BV}$!boZCGlTdFADyjo!#&E|L*3w zKmX5(BBk4K0y$LrU_3!7Ox5n7w9U%ZBOc9E# zdqvNXvydxMp}UId>Sg^1B}3%bqh_*Kbtu#lXQLIkUH3vgW)I2Ha6R=oAU+L?knT$D5!)hE1OSgIO|J zeLXb^FNbj^$jM4zJ_v8VQ>rqZp_@b!W@fwEgKBY?@SCBv-j{XRIq_#XYO9Hzb6ZyX zwzDj_a^RKYiB zkb!HN3lH zC3!E|jQ4GY-QTmK{qKsU#$JFW_W$mSoxJ_O^SuB4{@Rgx3 zO&JQsn%B8yK(Qn24VL9jj`NAGW1cXhi2&5mSa(GuM?--+$(h@Zsj*k#Pf68^N`FfE zxB`tyL^w`J&})9pQkVT-Hoj`6anryAIKkyZRL4Cu(CbrCrAmZ*);pFln3hwIs;QkL zqLhX`yU>+(k*ClusVCk{y|q-P>)zGx_T@NL;?mBSC|J5Br;D!JHr0lme}3OIce`nF zrbeN6)Xk!2nnD3w2S3M=EHRA10vUO$Y|8B3$@?s?TbV!IaaETql}c?8b9_|ow(EED z+Ntr=F_$o%Uy7&Q^TIjz<2klBM&)+UqAb&7Op?PH=Ojvk&Ex3Pqm|&rm?Q zXnA9r^x%IL_$_bv2k*iEnja?Pp8Oy4r`VEu!_*6PI!8sW-$It*2fx zjayIuzt$u433JM30v*3T5-l(0>^I^kEsq8S_f$L1ertJi;j@7Bz9D}?)&4&{I(Yr= z$eRXh7-Px(uV*i|pXK)dvz=$(^MBvT^9a3C75&X_cuR*|>KliW99pdd^!Y~;PP0G% za{zZhh`(c!B(d1*^`w;W#H1H6U-S|dQ(yE#)$~_QP>*Dr4tTD|oXuj%QWTM)kd3L2 zh9tQpB(i|0@4Qy)(Ia&J_TOHgwpxS1KH@_jG?Cp|ulq4{dv2 zye}qRh6$Q5zSu*|r+d8~Cu1rSzUXdw0rM{i_bBTP)%a?7IV6nhvq-Rzv?LbDj=w;& zSSp&f8Gwgl`pFDG-)ddZDA+^N1gGP7IBrczf~EQ^Ay;sh*gW!u@J6#RRKbjJByGN$ zE|hMA+CP#oWawwc!=SBzc+1#@oZEz~Dc(IHN7$j0eH>&fwaHtmrpAw1?(kj^G3GU*S91Qa@8BfFj@{i?-1juHz{ zs|BJ(DLyf0a~cqVu%Q&=jzkj@#)J!WIidap`8bj)7aTXh#fmuzS&Slbsi_Ffq$00q zxIncXBihguM|e!Q*J@>nFf#zisn0*nh6Km4NPGML*?ar`wrwn5eE-&~z{;5$yK738 zousXHGxs{S+xj<&sI5_y?RzK-Q=&r96Jwjl0CJ_ z0;e-LK^KJZLTAlT5bDL}DH;MMmt7qIBE&+9<=Sfqj^#K3rnt4J#Db_;XT>BGYp)If z=mVUkF&ct=bagt`C|pq0MP5=$Ptg~n!KSPgvY$+F@}bk=aI%Q3qQl|DCNt;_Ui1b* zghm)9!C)_-FAh4LG>hYN660_ouTt3KIe?1%dH!L(*CidRr-$)-IA>4Aaw+FS$n2>M zvh%0AYS&7v6GZXT@fqRg6fu?C?Y~D zbM|#TV7oZ!16e)**-o$1iO?vs#6415f)&xIw#e-lJO*=;f%hbfBM{?TB;GKD0Q$fw z1UMNJI#VV>%?r%#B(+&6bo(#?IAI(nA=1P~XxQ1x)za3uEywV?`m!bDU(@?r!0LWr z_e5t4sHSU(c>RecT#!(WYVr1!!;DvHByQiwWaC!}`o-G6+$4-ZFLg54*#gMT@ zy7~Q-Fcokq806qb5@$06E)^jlDeZ#OvC+M5(A@=gHD_|F>UOowjW82@G7!z>bg8Vh znDlTmaX9V<-A)IFA!6(eiO?c;4`oR(BThn->nPu-=*Y;SWM;Aer8h%P_0j zTxU<5JfcEvrDw9Bm39=)!+ zNi3k>>pV}uP{OcW63ekDv2Sb_0Ve=z#&-cDGXyxEAtngChlw1N6Y;h3?5IjeNC{(j zgk#L-s#@v$O%bN7EDhmWnBLtgEO}qcNu%ygOrFOKsUK*binqhvO;9s(_BnQ%6C-!zEJ^p0w=4ir~V5d0?$%X<@UmA7c#SmUh~ znQmL5K5tbdHh%gf<=5G=w=JYtOC!o1{EJ2t_|e|L)C277?bXR;kAL9Knrw{?;=R3x z-6Gx_tguPk7V~ydV&K}_#jj$%x%7@?*1O7f3so!Vu+Wi3?o-0Rg`OgH=%6s9x@=8AYyqm#tCLq6ctPS3FgymB!eG9d3CIG zi*d*^7Lakkrzp@-VHp#_49wuKgqm=aSn8<^Lna!m9hiJ$Kb*p3f|v@}s91)0UqlM@ z7?TSGPJ~e)G$j;r<-|sKJVvrx#t8C^3Q|#oVfj0Bo#3ZwaY7G8hKT^1psq~ z;;~p%K^kelA{W`o+t)p9m4BK-p7Z`5Q3S9K=^(xBTb9HB?sNihPSKr=rt61H$pbUH z!5Kr~#`Q>Uz_zv;QVydz7!f{IAMMNb9T?$Tghbb>V4ZBgOLMnYR`&+tnAejranlIo+RCwiTli-7aR4spvv;CD6teoz@lG`R=3K3@}A`tk8;$X&pNf${Hc6qnL7Q zDl?;94HTSflF+VG9cs{?vnq?qCBc}I8Gxc`N*76j%$#ImeR|~VN_uQ6mJG>L4#vWC z!DJ3FV;N%Yt5iO^9!FYHS%?xyF%bqr*lgWXI_P459TCJt^~PkG@d%T-=*WVNq7`zT zP#SD@)6}35Y_lf5U18|CgrYH`#!&rC#$zmljGQ@WDFww7)iRwJl22Q};f!3CH42`oG#5lQ?(bNAjb&EQCb`YCqoKOs7 z)~AS(_znevy?y!LgCHf02L&str~7}kDYj{i_k&SPCVf=~1)?Rg&fso8;6(rPp#N7n zt?A^;j+LSLze1AE|5Hq32X3}zM;DGjmP9(C{V;{$6d5wRz??nW@9lwYQJ|||b$9-= zBXnm5=TZ%Y^_4mxhd25VqErt5kj&B;t0lCVIy8x1=O3B?8F45_ykOPLb-EOQywi~) z8TR|{-@orc$zqStNk3LaSpW6u(aG7ROfdaxr}Hj}5o5(FT3E?;pOS&Zs(`ds~_IJ zy8=HQUR)fWU7em>g0~mo=DB4mvrF*yJ8*dR5Ae6sv*TTWunOsYkbA3wK|GUF zd#`hekW;w{b*Z2%4nYi)Nd_kfOvoLgiQIxmbcUIlD`66KVm!lKTf|CpddqA-SN4B( zB3-|*@oVofF3A7b-y7_e^FIcAkNF=D@`Fi2v?htgc?db0$auNABC-S2)&LuV-#d12 zL@SD30LU^{^xec8jXn(rgWi5`KM%DJ0{X%wH)sEhqd+Yq5M4;tEk4}q4W3(({6RpU zJLCxqWVXs8x~AN4;1K&(Fl+47P}^0R0Pnh!9hj#1pQ_2FP3y{*^-8kfKV6FiM4ADDjY9JR{!N7YQ zA?4kP`2tds=_u`cLgNTTnOdxHX73Q270NCc$LNC&VXE{X074=haiXSAHO0h8yLu>` zf-$Bu*6U1(5TR#px`RW}O5d(EWDIfEXB>vNg_*;%iTQURUj_U7dmr`>p7qjX(z!)* znfxlc&FFieRJ9Z2g6RZ6JxD2;AwESJ>&zfd#4L!Y)#uK94M0ZYf>mpYX>?KdwL9EY zZ%LvHKkajhP+zc89*&({M+VQOlK#>~M@nDReJ$wG`H!q&SZ^Cb*uMhUW4WI4p zjb42H&5IW=MlZtgXz=X$-Zz79;5P?*qX>R8`1af9qwt`UpII1!u2=~LgZ*HC?`rRx z;ojH7XW#a|*?<1cvx8^P{%`luur>c`$G^3wvu+)Yw`-E=Zk}{AIJZL{I)>N z;mJ+jIZ2@268Jbn%MV^Nxcj&gZz)4Rg1#N9rq%~BJ#S&&VHy{2D>0RS9mG8H; zWk}m!f}elsfO1w$*VRUy&+O=$-5Iyp2$^`;cWP4;(h1^r#-)jXZd;+-5T;NrS}iR5 zT<4}96S0Oc35~XZbO8{_5`v=h$iq%~$sVcHGXx($Rrq)_O> zjphy5CK{RqCT6d6N9H+WmO>s*K}sTNLMa*-E6LludxUGI!qbr5vObJvIKiSj0^KeB z+)xH4i6F?UXMNEGhtHCF&@AD2R%8h}&A3o6Rf1u@*<-}mmh+G#Axh=B6tkZ0>uLjO zog|ZGMoN6jB-3M=a0L!c!mG+WRrz5|Wsl1Od0d+!wbS7y!oob4NcONrT3RJhtGY@7 zL>NvI!Z;39PNUvED-yrN_eCL-B3ZEQzRSUhYRGR3@urlFke)k7$mD89dHS5*(a#HL z;}D@_#~9l@_fX}yHZWv}9qIq&q%byunWD=)ZP&GF8bckdV=+Q$Q=O1b7&sLFS*14d zwW$gxW1L_-T@s8`QLugTAw?9+U9VVZ2Dq>_ zTNl@*g?8&Ffj;X%)nIe$A6C1=nc~b~3hSmiv#pv({lr9C8FtfbWY%&ane}NoSk&im zBFC8#lO)s2eT|KYU8B8l~NRlK0#5S9vOR7d(c2ux%7z*o!+T3z((>|QzkzTrTxmG81f9PopxaTQ_B|uv7{)Gmtd%|RE3!HMmGnz2) z>hSUhF;Dgh1!sqEPL-ZdgmKqmQ`S>6>ZF3jSH`E#z4IXdhuMI>5wCA#ig^#5%A?Ye z#N~9e$t9wOnzW*xM}K^~5ygKceDxGtGdLWajDB}Um5+i=QDTPU}8=G%i zNvBjL-G>?DWLE5GaiWLD((M?ur%?)!#E|tqLaS{ZjguTZcwXu*TOrA*f<0R~$?gwcdj=XK4VP+tT#H zD_3KewPF5%(8hM;lB;V=E|R50`G+;Wc_^2TBD`aj13yxOa=nTWhd5?n`=(;{Zg#vdYItgnTie*lU!&?-AELCY}DveJeG%KVh&C(P~-$RScoLFMu#_TscR!;Dd zzwlhIcO&c0i{y{shLt~~)neT9n7xp7Q zrj*`zdA|X&Z>5)UBixJ|d8`*FsDR^DeX8b8*+oL4H@g7Fj2NJ)n_^hsh;evh&+twq zwlCmwo;*#5cKba+p73zQnpa z8ePh)6b6p5T+KqNyjuAVsFW4fvHbkVDW?nQly;gW0CFHFA}|t7wI#Q;_2Hit;^sVNU~dD@*9+GaaoJ5$-h zDyLl9A8jGjDs876q{(YgLT*{^ST)wni7=aF z206-i&XgxHLSsUa%DM8#5s@+>u+xRpu8_lidl7n8uH3U3{Tq4?{H+@eI!4*Cty zuK<_tZ~{`2J9$lHd{cp`eo7cWj4@=0fx{@WPu|J{@=(1~-?mxd>nI%y62#vVdW(}u zA4XAt5>7E<0Vi^WjCdG`3Rob9xcq0J>*|{}S-jPDsoNz#s}tG3_`1|8rpzKvepTnF zA+vC3s-B(#nG}xR?Wm6u^>@DD7rvZ=YLpF`&BJ8e-_nP?12PVrssk~r79+=cGX%c} zGWhzl%HI4%{=sf>D$j%kIuXC4kCVkX#Qa*1CU!k0^je;a=5UtEGQzY(n7-_jlvfhm zL;+!cWP$RsM!ZnBZ^hXJC)agU`s%&DsEhKK2M2p9ZIzMm7IFVae3oj7ic$)gW0uy| z!F6+H@WVBXWAYwF*C~|b2QS{Jmf|D|U=&fr*vqdJJ2;Y(Ucf@sOR>6hFeZ}#QA%pK zh{=SRPhv8WpM+CLVaO2;7~+9S|9tuG>bq~$TN1~r$Mu_xkH5KAsX6g=h?SgT^8Wgt z8KU#+m`q;oX;zYnekgkM$TGRxQ=I8>9Eh6fme8%D-lg}SHEge=-O zU1uPOMx#5m2JAz|@FbCLRzf1w-@=J7@#1g8PXNW7nQ)vxu{+dhe6x0P+(uM(MfW1F zi$7Fe6)6nm;X1`y+1iLI%F1&ejS&B>a4Q~`ST$C3mV^| z70Kd0?KkGDb^T546eI{=q8NpoP;i!ab^VOFy4>0r6We?kwrY9j zB+d~DuB?CGcb9XB6E3^A;2`JRVyae4>$47TzhMh950}XmSU%NIH=>$uSTirb$uU)R zdW`Rxv=`zTU?CL!4@jzIB-*_JzpRaqOroGbfDL5Mjft)i{1~xz&r!_ zcYhNTjQOMIGWr`yQ1OK@P45y0Ic8(InKT5)Du?FQz|c-&2yM zM-q)mo4-qa85^53j%EseUE?*G)WMe2*_?$uW|HEq5NZtcET_thJ1}rNPp#FP$oNtE6O$6bNOT1V1)T+ob$|Z8jV|0O8#S@R* zhd`wpssN#qoVFtXRNI=r(xir9u(vnxYksk(^jYYC{%PIDg?d{z78bYe$ZlL)@(jJk zN%lddPcrbcijwRmnF9IxMJm_ji7W(2n#1F-*czH8hfF3G$^Tf2R@=T6DmWv_1tDDW zUZM9?3>d8s`YT|6wOoBE#dkPH6BMcC|GYQn^ocB`OYT|vmY)csmLo!RxDG}yIMH)mS8ylxT0;&4S+E(*cQfH*x5itZ} zD5$G3jPB+}2RMpj(I|Sj*lY#0(znal5;WkrLWD!`bNBG|>#jD8j(kix9S+eRiO%V+ zaSLoonqyiroe430HdEpzE$iaDZkO`p1Ho#>)t;q14rZBAMgJ!RGN#h6^8*I*jF^>c zWl{x-LuL9LO^o23J~{x^H5dsCG08OV;gsO8fR0irlkx%$nRSGdkRrL?EhhUAF>{>- z&1Ckom1V^=$O`5>&i7U{GrNFg;Z!j21}9jEsAn+dB9f!s6?tR%XIY}!t2U9wMCgb@ z5#QR97do+B0Ha?sCJW3&4G9VnV=_NPh=8IQxkCnUG@gSIg;G2+4dH2C*YIi2@6wtA zJ=NthFRzfYe(3YL3O98D;ast^tQD~WVVcSD zId}w!<@5A>mwwEP@aMq-=PFC zwhO4l{Xxu}s+O52`heReoSovisWZr{3{*A!E$d_XWXB&>QOuo-A{9s9dbjvvoM4V& ze2ii^zeFKPA_h*?GZ2Y~!c5Ai@(|imv{OW}bZh1J=kl*L$O(H)GH&QysXx~sIEFaR zD7u*czTxwF()c4-u;=F9}`EmnhS?UXi%(4Vq z44P$0wj4Igl5II~s$^wep!KlMCtYgf?0HAdpl0M8G!LB0l&;m-tB~&7HUySa$>r%U zRLbQ^wouFEiMCYC9o_P;32jLWj zw=Ml(Rr5_LKk&u{CX%4*qNc#AO4Tw$V&R9`Y*$fIH+Lz;)sXD6paifnY#2xbL06Jf zhnzH~QOW?;aU?uefD4MkRIF5mo})-F&;AZ%9&}Hhx#3f!4_d1IG5tV&yutIM@)&Y| z|Jh#0UgLmmxx6(Uqou#2_nE4FS)8RovJGO;@0n+!8--~cg8h<@Xj7*%>bCjpLPu|!l5I7!@)VnCuxM!8K!96QE6M8fkQJu% z^G$M8K2~^AxvWs{16A+SJBlHmEgN*x*k1j-0v_n?nqq^qsJkx1%f3sos*`gCz^sVl$>gqZN=UwOYv#wic0_vsY){gCF*Xi=y4=+$ z6f^?*o^46#`@fy+ir3(Ofww72E;$TucbpC@L-Z}~HJt_ax=03-*L41P3oFmB>1ZP>Ls9$d+|H0v`JafCuxtyDi>zFtGHsIgq$9745@KAUgVn>sf`zjm|7 z4OI&*)2y&~adODY`94yKlBehSF|&NE*Hv+g@#*QO|*2{j9$wI!~q$TcqXx zIAC36$PB0s{#HhODtR{4tb!-j0u(U zG~x_2d%n{kbpmkChYa?5>i_Tc_n*}%p7XWI=xbC#3Z-?>;Sp&~g>QjAq=X@`otW!L zWy~i>3Axep*o_Kq?38pt6K%nP?G>LZsmfaot-01NqSh-jIG1oM8Y5_V*Vxp~ki5<; zKP+>p{&r8#RL$M4yuEUSK=+I!s4Lb#-6J_VPS3m6dZ~CQ!QdGRGkF2K9^85EMgf#d z6;Oh9?wCyICedb1*&U`lgK>aUCJ%8~7_c9(>+qN4GX!TUuYC!bs?d~uq&834&F`FZ zzbL$L4GP~L|OKkIE z?{Y_@BBB(HY9mR}sHcp!o+tWx=?-8WuM#kiBu$y!#cVA}+ld8!7G^j(%x^1rgA+W< zW+2ICBSiZtq9IB+oS?e1Ey|orbWp~%<`~7WY2tT|_3bJqD zhgG=L<2*}RGw4)Xf7k)32*(eYaYE;>@eK14kAg8%Omk!GM1HMTj-`63kNR8|N8fx^ z$bCXDB$FC2&7e$mWte&H0yE{0tI$mOD;Jz8f4mD=4DXN+l_@V%Qz;K>1;LBeWpD8t_vgxy?d96?`oV{Q;#T5tD-z<_4?zXn~DLvI(Spf*nUv> zrlK8908Yg;{|Mn^`9|x2I9>Wg+J2t8PZ+17g{uKM725JSKshEkF2+bb8^M+ zM=5gnY=(5QytO|es8dN-Yhj&A0$T{|w7%570BEPe27Tt>PS)CY0lX7yY?24yY0ZuX z3m~2vIk!QcN{land1~O=7ZG0{=&7+CC8#HFQyRgZmTbmx~#t*W*kYx~r?nkNC#}KlXIPFn{ ze6I6D;0RTC{=(tV9FKOBfM{#2ZSENot;*wP3kT)&&pLomzW!)a#|A*58tHEU7OI*4 z>cCKK?TmKtP)#lL0YtT^VzUrYEh=0L66I;-N|o3^Q68F0 zK}EHwvji5^vc?*?s224#0!Fp0y%l6s3trX+jcTQ-kFZhq0~_U6mPg>Ie@WmdJB?*o z=qQgO)%hYT!bjEC@UIOZ9nME!ravB- z$=`G9K{NSj`oNi*lwl2crWyu308LE{Yz(5QW^~vfO^u_XB}`LIHJ>j~Q)!ynAXJl+ zM$s0m$;-~B;hH@2-%@~01(WMRHq}XJ0cex8Qdu3gsjlvN;HDz}zch4{#jy{(so-U^ z@J-cfeE?34wXXx=R9k%s#Hk$vE5JBa8K?ttYGmQFg>tI4uL|bW*fI~C6F|KJe8Ylu zvJgSket84pQ*+^6R5Ujg~4P?JaOr-j&0UPXLh^rtEh4~zd) zt^W}LYJCK#g;M<@F`(Sc?#}@Q%34Eh1_!E=&<)xkLAh)!j|EjaL?TT*o02S+c~cN4 z`FR6pWH&=Um6%!q{K?0bHZ(IBIT%n5Tg`w^_P*X{0{L|D>hP!z<>~m9YQ2kV)7fC6 zg|RhIk?t!1DZ92Zij@7%)q0g+XEa+ZbW4o8sAuNTLZ{Gg9hj`Gu7X^pK8(r&GWI?p zTt?hr66vDCB@wmk0w_cC;%|jpBDa|G7@OY7>5a2EmgP8_rLngBL&PnCx? zUrV?%QR}6?UdSeQ)$>u z9^fix!Zk50x1oC!O)%qh4t~}#@*%i5`Tq3s>f#^QXNPZ2ekt{xCKRMrf2$2`L#bu8 zDPdS{j@T8Szr8%YdaJAM6Be*3isNN?Fl03s>=viBOmH}9O<9!P#iN*xRj~%XtEOOL z5*-8`4kxXcO|v-G%lozri%)z9;F_vX+mQ@hnzVeGC=ukk$~#jA>AgXsNJ?6FcqI5A#_` z=8XX;HvxhWQjk{ZwwOf>*|u}XiD9{6iYU`;F)=8FxWF*(smC`BxD^S5Uixfl8}Cxo zrn*G*VGOv-iDkA++|*g;>i2(;O)hn9VVd`PgXcZRJU@T5&JSaqjdIwFGkw(em&z(l z$Rbxd8*$cJo~ash3nV1MLJH+sL$TECdI|`NL(u(pu=lL%H+3I4g@<%v@uq^p5;<7q zsHKqU^gE?z*N*M0&15V%>6gB%V5$Tl2tpFaC{)YLYk3xMhQ!KW%qJQe&?z^Cc0#AF2HMX&S3zG?}ajL9_%r)UOyDsm}k zEhwm2FSa=smz4%sj;40y!&%z4+)P6d)D}%C5exAcGv2yjZ-x_z&f5HiLUE;tr6ggf z#Rt4aKd3T2gG1h`^x{s-7@{@BQbfn57`hWWAVEpwY1ZXR>nZbEtiG?M&$Q(Ct9&D* z-uk=u5HD)f7{};Zm2OcGCydJ@!OdlH5}^;6w5VQoX#0{e32zsa(}|M8RA0;B#Ptl# zMu=Y5=z~PMuQe*_twipwzMLXR`3ONzU*xZH&2B2gbyT~^^AR(FnP}vd1qD8ciD=hO zbkz){d`j6^s*=eSX_u(fwjs6DE8qspZ1~(WmWdJjLL`$m7(bPkFIUxO5lt3Ww;0c4 z&GuBVOe*x2LNZxcUkS&gRc$pWCJXCo#4u@9b1MXsg?y}yU(!M=H-uhdFB#PSa|4!% z-i}yhhH-uoN`}HU>&jLw_Ae ziW-vZ0aDZuT_293hVT~zMzQoLvRp-zBK3wOn3Dz3?T}DJm=)v>6qqrgrNcj(S~;uJ zh}tcc4~8R^XLRYj1sBGLl{il!g(*%Z`Jzo9KF&FMTQCGFXLEfio;5t>n=~>dPW?+| zWLv_+(wCG+t+8`8X8yJ3ltfL1zmkzW$|s$t#7e_cS2U1B@8;17D)P-Zkr`P~WeWXD zMmp~YdQJWbxgxt4ng+r0-9hu&Jq5iFAD7l7*X&OreaHc#; zbG4&UV(<1}tKrrk#bnf z-`G!Dv>7K8#7YNy99baJygOQHs@ zDqyo_(Ok+vS?7rzbD2MPs#*-aBA3P<*cDGlY+29BM+5S9`Hw6YU&<58#h>n}1?Ql0 z3t_}HSBJ^uai^%W_AA}-Wm$GJjabhvvKVZ z0NZe~En^(|To3~{r97S+9Yj>LWi;WYh7+2_h~4ZgJ!6*0_-4!;vB2d$pVGI@4Ws4| z&;?RSE@$N&iPqCF+Ww|tg!>*QQnpIGL^rdsKrwzR7sme0hv z!p6yjA|@@CuwZhdS)E9Eo5b_)D4A7HILI&LP&0?kZV@xP)W%}SL;u2gisu^J1&goc zAq)uQjj3T4LkbAR6Pz?DL<=4p^!cnti52g1dqJJh7XGdY3ZT3>q8WN0LVZ@FR9O5q zEzW!A9Bs3mH5=z02ZQ zNhf_YRJP>7^ti5p8`9(rG;2v^u4_} zQM)v;tXPDS`B4E4dqqw(3XYip{Qav!7)l?a-eCTLWEIG)RP2eGG8SmvlMbUo6CTn z1ntwZFnOmc)LtvI(we}EL}&#=W&J8+QI&N|YZfQ&y1HJgnssWiMj6ZuTbn+9>ipZ| zukG(Wp;0Qj*@RpTuC+RI-qWeozcP}nT*uzt-rkF6&*cB^?d_HRcd&o(_49ulJbV6P z@a*8=*};o{+Z%lS;$ZM^U~i)>t@&k)L;7!fYu8n7+!ylu*a4vXMD=oa2)a|w(_z0a z`a95lPw1qt{<+oN6~*~HMWU?of7P>;k`z&n5$g`YM>#6HkcLytQOGlj@~77KjElv; z{9ZlBJeDs^pv)nV7aJ2g>#BY0{8@xpNU_Ym5Cp2X@k@~0m?TKu$!{GMxKW|oPrI7w zj8A>cT8(v?J+y$#Nom~m$tX|SNRY-7bYD>hWS9g>1{ z%%_k6`)IjN1!&bRi{zB9qxELUIC-6Ig|@b$w;Ekj97QN8wGM!;v{PN}knOtfQYa0Q z(4pKYSS3Dr1!>v0ccSTQS&@QPd*ze*VnP`D%5jTOZ!_}h7IwW`BQ|FaSw?PaSzxa& zE+xp%Lm@XK;Ew&jW}?;6ou%g5a~(p;uS76thO14q79e_EFPB&;v147`AUZlNvDdB- zYPgf{bR47d!s2j5NQ_`o>Yn=g+$K~np{NonY39;*Zgd@jpGtbf@NZ@5g9YQPrWf*R zF9pe^X5)MdLM(xGgneFRRy>v>US?dDO`vZ@*<=%kBU4;KrbOfy<*gcr*w0 z`!CuYRDh}4n1#Br=hy2-ovs}}WnGrwSjF8HjZW7)h5$?|7>Gn7iyF{tFeY(?sBaM@ zRy_vPQD>S;3`FUgo=V;9ID)r?SpKcQ8GIPLvnd}Dn<$0KHKIuYhor|)Rr^^Z8 z6v{gs{U;gn8ke)Ao3LY=r48D!j`+XFeS)U=zX3sJ{j;}MCzn0`fv;LebNqkr>%oh! ztMUK+$N2w4{EmJ&yto2qhi^`X;NwToI}%#ZlTn;cpE~O8k0%$Gr*F^f0zV4Zf+V8M z;rY3*#9^9Rg*sn-WdH*uni-duFub2)10^oL0hoai5@shtX-wuQ0$+XA>3sYc06Yf0 zAJvXjgyAG1jN|YPiHgMaPoFwhIU#vREka2_2q&QU5X@u-*3vzhufS@ng2^N-Y_ ze?d{-bDGm6cZj~Hm~)iKz1Lw!f7l0$uTxBt4$SdOJ-!mS8)=AvYGV zu4$&`u7->0f+suRcaY#D64HAn+6*L0+(xUFuyajycD_dnM8H4?N#Od?9H0;KmW^a0 zMRJ>sP{?C2L0pvxf+8PRD2mRm?-i+GpFV*g1~5%~?%7zAG5xaqnPlhCN)aTHghDVl z2oV}(6NfdMGx4w`R~&=?5~BpX{SI9Ha01TX9{&{t0T@9x?Q~8PKxm}A5wi%@ik&+u z=Bi{h9W%|5#*;AWqtayhB<1;u7hOI#%qZb>EY}#CuW=T)5CzJ!lOiAksr?Q%# zCrtK(+)Hsc1IKhl7$2Fu#W;ViD_47NuM>dq( zmK^}{82S)A*|ybBBe=HGzKl_@>X(Ul4G7u2(D{dnUN&SQwS4tQWol)bo9_K zj1$cgr{A?vmu)U}xxOe21Oc6aAmDrs0xbSQ(&)T=dWP;0eF_4F%L@Ebk?)K^T8-?$ z%uu-@1Yo}hT$z}lxH%-eO%aUxVgf}wd83s&1=EKZ-yq23#(0nds}#)mG)L@{>bmT( z?Er94ZhZBgG}-)sB=Nju>o-2mTejaGxmN^a>4d^aPgheE&y=fWl>F^TOmk`uHscmD zpjMwF6qyLg(^@0&)LdhsuKw39##70coe}Z0IQ}GRU{mrw0V5QX_qjYT-oCxMK0my? z{ORq*@ypNFcqnG2ERA&AvQ?fl0SWQ2-#0+Z!JwBTRvYiYUEhHqkhkTOrTg-UBRo9{ zN;XIzxMMv^;ut5BD>x~0gWZ&-E0= zDWXiQCs(RtLH_69#ft+s{Ku`DPVr>Q!H;j=LyC66X%hB2 zm*>ZS4_@OCB@6|p<`@zkg2VH}qaRL!{oY>ZtG;rT`d@)NJR8b+dyHem=P7zQ6T%Ir zXb4QPK%F0Nbnb!`mQ132N^!!+p!*jV{DrkMm*th4gsb@-aGE6{cyS>AiD#GDc#J=Q zZcy+hSJOew6jgQ6Z9`c8w^u4Yr!QE)odwzUEiKsWf7Q7_Jfn#@7M-FZxk*j5f~?XB zU#s*ALy@kCO}=HOke-6%Ul)Y%vV+l8p#Q~V_4f{F$+y|(Xv4STn5@me>*lQ6j)H%% zZI0^Uc2{2Q)VH|Cky^X$bq?CPQaG00E;yCM%$*@X-3y|Qo-WWz>*|z6jZE#Lc2jfz z$kkMTzb}x;&N3qLE#?!WS|`pjf(3qO z68+s9X!ZQxLag%hyseI4VG>oOM*0!#r!Nv5$tRfPaa;hJKRz_8I3aB zYahoHU8r!rkMmfO`qojlW`(PtbsU22^-asIjk49tP!+z^akIdU>1`9*D2zohzXmO- z_a4YB#jynMFlc2A;6xtnU^tn?$bgS2r2SA7977y8xL@VirK$OerX&N8(jE1_foUpu zES^=Zh+Bg*1RZnY&=nd_GHyNWR(TTze#@a({Nr`uvnXlF-m0oi>#h3s!=o>ykR%QuF)OPQ37#{XKxeKz1uFQ&3E zN6p<)dfY|Y@UO-Aw{b=1fdYkD$`ULX|NGAmUX;fF!T$5d{htT=#!E>n=U+VbjEl#4L3&z`-Ar8faKkO(_Fjub!;Z3gp-iOL-6kSylv5|qjOz_ zf&T(E$X^D_&g!A1T4|%K+25|1{obyk<{W&dF<+E}(qjJC;oE*53S4#>uwecl>_02d z|NGDP4j$+Khxl!H{;%KZs04d^mC5;TpeNXT!_PmtwoDNIQl?ViIUf;{SxOR=@S(|{ z{=(*5(`mDLFHFWm@Vi|7HE$aI4s3Gw7V>!fS-&Ohznd=*w4V+Z+5dyD_e=Kw`SXLl zNBjQ}zk6K&IXN8eCY(RLW9129-Sm&gx#BaJE7tMhT~#Y;?%5UZt6AmC@y#FNw}kz7 z5z?`*wua3#+lHkysCjqPl3VsoR7ZEtMb8{6iI zZQHhO+u1mIv)^C6x9+XF|Mg7Ibj_JFHPcT&_%MfkCSFC{CY$?gO&uY>&8_qO`uuo0 z26E*WpdDrix8`K^sY9qT3mb9OO(aBsaH)3=7Kl0I>cp;^G`l0gCg%GOasb}g@39*s6{W)&j5uFy%|neU99 zHsUQ~?HTJ~mXo-x?X9UGH_#2;AMSTJ86hM>NbgYI-;P#TnsSg_7gepgq|wG|Vk&8X z8j(2ncHT27P+1?F*0`1Em@=IQj65H)5ouE3u}8#Gx_RIH@`@m_a6_jzpxRJdI=hC> zp1iVsRe#69kIDEuiyI=jdER{EH9&smQ++W=zW8azq5=43EB`U|vE*<6vGt`)7<%}c zQ?s>yRF#L`TD}=!?wRdTzhwvyrOZg}rge_y!t6$S1nQciQBRSf@m^^l#gRWB}qCwLtYe2^1f=4$y+z_E z%l!&&v6-ce*~>7M*9;Pn=$?JC&$c@07ryi25ZM8Y8GBKxPM~Zwu3v-6x~ryjY|;!* zbM7lnSBzv`T>c?=!vBvc@iVGB$PG+tR0;ZcLFvFbWhD-^!BOA(!)e6`i$|al1qKq~ zRytfpfK{x@e9t7a&r6?-$Tf=IA`-e(&*~)?Q*rV@rT4}#7(-k(RuO#W+w*F!zW$IH zwbZV;hRVt1{6CXZj^rIk(H#rr9#2y4dS&pTj+Eq&6mm9+ZBjnMgvwbgitLEAuYsfQ@ya7R+RU^opJ=ksYZYM}D9^NF zEMmhE?wnF2zdJGu4VIWVX{u6;iAR{anKu$x2f4K+P26m*;x)ZhcZ~nPq_lb&f*H1= zeyk#FH4JUS}+PMtzOiCJtx>|;KNJW1XOh_;~!b{K}$9=aZBrLQ=rLpdJ zH-)P&guEU)@3;Fk zJnrln_oK1q{RaN7U%Y$r7X0nc%ux{%@~bG_UFf0oejX6-eu2p5?-ke85#QxQl2dcP z^`QDBN_Z3p$K>0K7dlO93o;%d_83B5SURpho?v{YF?dMODJV73M>$_$~v+~7-MMr*1~^05Hu#HHM_!4 zhIoMhyE+|tgB5tk@QWYWUUQevrzw>pp;V)Y@kh&@EOM1h)#R7iONS8H?*8aC0xsF; zI37h2Gbxa)*kh`y!?NylTbcN-xFpO*Q$*=}oY>rtFo9)H4@>Q3uzGWNy?cNCw9w#i zGW+22RU+0LH_^a>Ta`b}$^(Ki#b&P!Q_e}7f_J;{mhOix*anAQ_^+p@&q?uQR{nw8 zt?4(=$TFJ>-mL)_JGahGkvmURrviB^1NHaY&cx=LTkCuY_Azca7mU!uje`*pt7v!e z&7#JQ;9NkCL8^U%>TJ!FMn}>D?bM#VM>J9uqAtG9;$s}?#oI@x@qzj-#jN`zoy?>z zkU;!;MsuR~w`%V{R^jS&W9N(p@ji=-D_;UR^hBNS3PK1BE!TL1sBK`@^=##F(_UZMe zqw{5b?%?kFIJv$*ec9bV-Mu%287zBv__2#N*3c#Y;NQ_9QHQhA?CE81@9pLEQaI^c zzZWn7U7)HalNyx#&I&>6aZ1+miZUB!%DzL&eXr?0Jb~Cn`Nu-l{=V?0VX%{)duu^& zOHfDDrgRhw2L!XKKV=xLUdj1k-NE}UdpC^8Z!fm^>TTPe5<+DSxwlXNRCNOIZY@h>t*f}(898zCb{xPpadg!dw zg|Dj(F?dm&(=K#DQbKGC z&x&Ach)6RrV~(T$UsM>_$>cE#>Xc~q%;M^hOGs37YE2+;h%GNgA`iq%4CWw&&ze2S z=ggAbJGF%hD4I6-P61JQN@O$0sk6jb$uVH_VfVaM6!{%9X8~kRk@c5y$)xfA9 zbP`Eh^WM)ViBg|D2HVoS5Y1jM_V$)}kMn6Da-!;KItH59rDJEWskLwlV;}zhOp(nrmR+SlP0=zlztS8I^I*jl zr}Zhm!7|y1lij)tZ&mWE7~q{|7O85aQ3OOdan^H?5S4kl&lvjSEw`$N&`mKGf*I?u z*3=(}XMHy5bKmy;o?6r^rr5t&>FGol602eM9>na<4)tCwG-O6G8n@x>V`@y@L#^BQ zp=f8kL`dr6LuKFI8bLJ8{J9L-t1((!s?fkq;aX=ICaqw8@|RB>+E!pFuU77$lNuY0 zf`E{BSEEm&2dlv*p z!n?wh_xQq6yFbfSvF-h3TiUcN%3M@Wcj^3&Wd3=uCn^{HQOp?|;C{O{$P@^drO+!b zwoBa1#kDlWk^jAap)-3TIB&F~Tux6ZY4JUiqFVA@J9mWMyq2oT0FXIe=j^B5SeQ$| z-CftuvuD6EqTfc7l)m3YiDyYajr$PV9+q|Whxe?Ka!ba(GU=kYQI)d{!-pG}f(X`# z9dOcAk8_CeP~ce|4W#`2*cw|qFx)=|K>Yagpj-C9|6c+_-tFJg0t1lne}7=YmCq`_ zYy0Ppo_D&&XI1qe_5CSHc=$Bm4{bD7QkcVlUBg*87!l#9Yi|Mr4wqtDXx90Sj`MKl z6mT)wc0B>fIC?4u`7CoDb<~2xo*%vX5O4+)-4vL^;inp3G_~0@rk&Fv@afglU2*KRax}H- zTw!eLK%DC!eVv%AR!0WeC&P;E+QRHplp{0%%A4@D%ilyd`RWrFkB8s2{wqSl!}e9z z-~(>&U7}--5BzZ$l?Da zV1|t@uaRo6&LGuzfdy!!Pv0wTHI_f$X5VM=oh#1N3_l-%T|c%yTiIR5Kiy)sf-Za> z(gw6VPU$r6jS&w_NHh)+(HlHdlRO1t=xjDIjqjz0s8T|RpLmbe(v6bLIf^{Iq1Xht z`ER2M06v{t3V-9XK34ty>zk{^At_}2(|R==S0M&4&tgUG>8 z^z`eBNvaDDqIbH2Rxk3VgvCj?7NgX%>l~?4pZ~GNoJ~@Ix=q`%(oo^dmB6>Vly(kR z_*Nf1V-^U`GHnZ{3I}nQ&TOhn$+V_%orrPGVUK;!co_JB{U!-m|8}|4&Px187T1l} zAuFg~7B99d>+8le)yq2jd1PH@buI1W1~dq!=YK{M5?ZYW5}EBMEgt2fHtIU#fi#7G z>x~*N;m7I@5FO~yYG~rayg!L&t5-Bd5W^McRe*IkXr1V(jd?lfH4VX|VYEKZd!_@< z>tjTkjYoV%D9tQa>9|=I4EZ-^%y6L>z9RY#)xtrCKtSp9lf|p1`8)7ep0YCt=7A4E z`;Q|ZcpZ2hp2|oD> z24RI7-~ILRfs&8p#Ak$1)S&t}vhE;~Y1Su@*T+t7(1*h{;*)>crti+j0=d?R!bS7K z-1zA~Olth;Fn+F~t2SX-qDvS{I|C(6)!HWr@a~TI&gBznlCtEj1$g1;vL>moa;TqF z!FHkw-RuUJnT97{2W!|CtJSjiHAyN!**}g`9G(%zbOyTZAeqCk0FBtcn7sznS}lmr zfiT{R7(Rm^0g7mwwU&!6_EZ@<%SmgI+u~E%TMs${LHo)y8>_VRHF98GU~GY}Q@Yib zjatI9CoD*66RpIx8ZR_EGuGV+O;~D(NEN|J;eaFCl)UCN3zm7-1bzLR=p*V~Ibu-^ z8To{PkT3zQc9*QffQ%u9rP2@x$=JVIwYnz-<|L+obqndiVhpdr(Ee2CIk~D~fP^`% z>>MTfjS4>ybr8t_J{94_gjWkGzE5{**H;e37VtSOKpD$aUoFknhKir}yNmm?_eFLOnc50N-EA6y8HxlyrIXab1c(;}a?9bPa+)Vugrl3s( z)}`N^dD9R0$r)3}=@r9%I|`!?QuR;1Yc+_lEj4lxu&vA{=#yOKg%KNEW@x)99~r5N zJry0EW~P-btT%S5TokGI*7Up6G0S@^HvOXgZo2S<%nHFar`0ph51$KYOxH6>;#8uS*Vev4__MNL=&&~5NDlT=xdH!d_u9mmS25(P z+YfItl4XSHX}9OU&7_Pt*l*7j6~gI`Irr*uRJlO^EypbAkx#soU?*UWeJ-aTen1K= zs2tXg6P^gE!qPtyIA(Mx2v=K;96lJ@lECz6#KNS}xoAnbg`|6YdlK2aKfZIdw4>5b zKWfz&I#o5UAbXwK3zPH_`z5!^P)B}>i{>oAIcR`3*@yN1bJ(f`;<-(lHBV`U3!zkN z%%Xh1Y_6=XkG*JVh_Y(aOP6V6prREOKkYx1Xzl`U5Y#F|*Hjz)#XiPENSwkXwelRe z1Y~7&@$quCb9s3xaJA`xt3QFAKF{?V;%J<48VRkAR_^r1gP1oIgahw$ClXtFU!f zc_$~ps&$NLi^N9PMpI)xydu4=1uHBeuS6<%T>2Yk=-yL3IKI*57<2}CWpOngV|3ss zmu2datK7LT(!N3|V`sj-pYC42v@Hd1=`JoaU77cnWSgHP?IhZXxg~x458s7&@#y~l z;5(|rGSoBV^xNsDSs%m%$9P7VJ7duZ4Fjg1vI@INUUIeMGH=l;skT>PAD=&=GYdxfe=JSoNOSxuVKCo(3 zmyXYJdA?9BIqxVe)oZc?Qglz^{{9E+$kp%SoGpB*D03uPi54z)t>3!c>uN--8YUxY z5v+79a)}cc=K};&`qu52D)Ny2CWaI$^42I$BlAOSVo_fY%KNtGs7z!pF}z;azU~{u zk8#3F7%RVDW4*mGLl6G$IhvJ5W$C8xdZXM{OmGcRc6G1C7es88#Zb7sbRCYYIm*G~ zWk}l*cBGxcf@V6&f--v?5p8oW>KLn7bCLn+6dHJcEf{EfFs~EpuW%wY=-*l77vn)F z#U`&A+uCDzRwbmsg#OiRoFR9#VGJcvvKbkHmaO|J_Z5U=Tt1B&9_@dit6yDDC}7nH zb9UE2=mNENh3E$n4#3QqYT}qytw?XbX>DjDnJ41bB@_3YSAFtzn!RqfvM$Vg*+xp{ zd>mT}EOI`@G1uoJ7P%cqi&%-PV7sY%Sn}uBfc1*D@GeSo!uTM3cbR4(i*8n}^*wwy z6S8^sGCvwKdMuk5O5d!|5q1IdSV+XLitJBc+U!F9u85ZXFUW9)-;r=nw#oO#sF2c= zpzZ!KomAz>pU$4oE9&T$z$C9}rFWvdIpzO@;sh@rPp5Q~JSE8)Sr4lwQlJE~v+n={woeGJ%w0zqvV7r{@f4_sAE#~ zHIKOa=Q@iV;*iE=N4~j^({P4iKj3*MxT)QdOqAVER@7+0YskSgU+s!@DhDo`Q2G6} zS0@J4z1##PX#%_QbiU^LKi^W1H&qsFNJTW$0$XG%ODK zViM?mo}eXSl(AjIMVc;lEE^FRh#W}`tWW#yNOM^vj(6CUb}E!PgaWP+HFoHzNZ9EP zKXdod;59tbop-E8Y45dsADpKo^$3$V7wi+X zx$w#rJ1S(KW$p?t&4syFC?dyI$=SsQFQ6;IyMzwcoO8DLN@F6&?RBZQALd9loRkTIK{T*awqM zDnU;>9RiefJSkz`3t(mW|Hn<)IyqJX?ZhZU$|eZXF*mSLU-K&hsmCW^`}B&it7Lsr zkEt=(HxkxsR4fkFHHqnUHRY2tdzRCWA-V5HEqJcC?SFOHn1JHS6bPNP+``1se5#ATO z{Af2Ak8g|bX?y(sJ)3tX1y56(cV9B3DgQS%>`yl)@(AuA=Wn0^Y%@yU`Q0UJe>hU; zsfgFl1zyhE0Q(07Hkeir;1+R7xIu3GNrqGgDYF3b`V=@yb(?KKyx3~w z(8_M7G2BK2=|Y1(epPQ!;naOdc9PTCsnmjXq~8IzU~4m(nyT92yk?Rj*ULw)Tg)hy zdSLk>jX8YVM3As_8EMC=aI(CXC*vXj|L^PW+>Y+@=QAAcN1&5rzS8%z7J8)4Q7Q6` z&f#$gqa|LS8-_f^$kdRH z@%8&hJP}CAZ5U-QS%nQwkWx5wMqjTAy^S<)s?u63jk@N~YRCGaEwE3G0iObG|I^Ac z^xkf`+fT@;PP(nnPX6UJkBCpcew)5$pMr*vPQr>qg-82MAl(Mnd(~g(Ci;;cJB25_ z96)TB3;&7-jqTpXv(}clCQ0~IT2)f>_LSABpXSGhl%l@JEC0VW0_)8W{xzRQ-I_1{ zmf+$a?PvL!Jd(KJ{_yK85xugO5~jjgUj!XBETo?6{dPVl)Y7)7uRF@sI2r;${B16x ze&%K{PTrha_eE-j;<7#R(~-tKp8cH$dql-O_K!p^yU~WVsCWWu1{zgJ=l3_(qFzb# z?Eq4Ds6CRZF&?u%orkm0lNx8s>X=?M?Hz2A)I^UX9_v0igiQ37w73AdisR>^#XdGX zH?#8LXm?NF{pIe^$X*?{hQi#Y!{6_?6c(kqoyN1T)uapM91jtvaiZ?9|d1TzcO5*;!%+%jYMGYxFbP+p7#x zyYwz6QRtgOHMoMXK*aa?v->FeDtgYG;yQ?^d~HyE0&PEN#l;h8hO4np>c89_GdA_~ zpB4mClwLQ4ca&|CFAzB>@HTa55q1%3M`Z*aKf>_~;|WDUiV0FC zT2`$nS>cuj)~zU*6#TUmkG#vd5hP2xJEb2b7oR8np5JFrnfrrY1~Gao^7Cj)hsOu+>qfj*`5^g$bh99^6c%iLgY)Zh{`&EWt3VbukO&x75iWd1 z3}%q;KNS){0(om_e39zF@7$1cxY6R#M7D3cbdPX-?Ca3vyNhDNueSD}2OR!TN8H@BwyuAD`(-e$g2kWkdg@uUB4qjB)fLR>w zyJUGI%=Z7yHFfm%_MluxzbA;PFM4I0B=gSpf2!r+Xlmw_f`JWvd&U>pQ{STyp;)Nj;+*r=?JT$vRB+lLqa zXnL;9^z`%?vWWg-(nIe*-v{;Z{8xCgM?WFR`un_rxiH2Vll}tqBs+jyUMYBnGz$^% z37I2S;wFV#Vf(Z)X;1};Tw1h5RS**4bIA_F2{xPmLFai>t ztEP@d#E1$etlIpEL)92bn>=JL;0WG{t2W%oqdNq7k|U4`4EarKCLZQraB|f@|5xerX5dpnLjK2G;g?`2xs$+K~8z`aNW{ z!M)8Wv|%>$)iI35h?h$3(dv81-6^r2oL|Y21?BIbZJr)U(Qi6M23*Qi1kie*zr>DH zooVx*ey1e`P-fkeI4*6)W~d8dCjK}n=EDLbmaxq~-fPcGnN4*FGt>v^!>f^@1QBuZ z6|ni-=I8Pyv7LS`Y@+<&`jih9ug8?%lTN(>hO(;gBrlR-D-Lr^7J#=66#+yd(8Xus{foL^6ff9~$TT^yV&Xx=q3 zuYbZ$LW>GrBgOfG=ZHmkBt>Ek@$8A!CJZtNE1pm?+U`wv#^T#5mhSvw6+Pa-k`Mjf z50erfLA_H-f!jwWE|-8xk(7N$@FbJcfn=LBXu1T=6)gFS_fgI&QzSeacx za*MoKMwa=mlrRU&%&9tY7AK70eV!2gAaQi%w!rk)WdOu%UJph&=i4xdVMG9yy#Ym- zUEa%&Bto@5(dfTgA-hw6>yG}yTEn%IH^j;QpLZYLP(vYsXk(fmZz9yX!`HA+9e3Q& zr{38++IN_7myv?Y3d4UfH70D7E?Rwu6!v;be#parC3LZGTp|?D@=ool9Wd9X!)|2c zN?@w)aB|L&fhfQp`CU$RB^;X<*W_U_IfLPOKhO}#4<`fy$B5NabaK+!x@!3!;;uhl z>Mo}4+a3(-aH`7-mt}jUoMe#(y*PHSA*R z6Ud*xI`lg#e!l_Yfzz>Y7sRAw!A>v74F5Xw&4onm2y8c2xN0A-_o--#k3$&pKZFzf zEs*ylc(6h0Ak5rWlAaNe!pnGRr*rtbjk%IlW7D-b50ldwadqR6!C zfR0@0N|@?%&Nz7H63-l^SbWPxMBR}I#e5Br9Er=sk6|565)x;wpU5q#O#;h9yeIP{ zKqrn`r-DtTOfxQukafiqb}SS&g-oF(GbzR9lIbszP95x7`w41BpwqVrOr{jA2CHWD zV+)D&CbtHk%XbXSEp3yotRd{XL|hDmF+MpU_T?pq5_hxrY7xz5zqUze{KO$$RNigDGU`x#N4Iu z)Ifi=K0Py9yO?i%A)m@0{7$@fkKiU$jT;LR6{onKf5Y&qs`-G-Da-)fsMra5q@a~? zmhsv2b>b+-mO7`~`-DL8o4B6yPfZ56Zfz-x)f%$v! zt@8TfZM?demO!NW2jNZ&z?Guhg^el_*b|2Yp^(P*=r_{A-vmJzYKN`8nty*B5b~qz z-9-G$MWKBFITf3-+i^sX$monWBv7=vGSJ-wg6IZFbjkN37OT%|+&1irdlz=Kx9L|u zrz(|QY)eQm^J+D(Ot6wGR*?Ka0ctwBF?kQ=D$0Pv!9|wUZ_fE7r8BbCfKDc3WeLQWABbnrih3%n7F^8UBo>xS%)G2v=!1exV5er$jBmh^ZH&6{K z^XHFHsAmqxOv1YRgRDGeC632G_r_U+R+J7Eyhl3U6rtN8#Rk|5O@dH_UhJ0%4_ic% z>z<1g6x8!s9$j$7sc=6~MnW_kj8b&hi#>gz_KkBEyhOz|C+4CO76)(QiPoR~C=i3GNXR>GT@{rjp9!o9jf?K}3{colj8_K9%IDw9Y9+Wka^1G>wEH zxW@uZH&+B1q3$mpieyB0=|Prhlrsgv;)kMpFEyFCJ9-x-;j|(g6GI;SqYEYr>KfgAQ@em1aDYL7n`r-5tp{z>D6->}Rb>Npy)guyy3JuQ+_@own3XkGA z-L1<&IKNX6-74N)8OANyaHkr4d7B(N9ym3^d#*mRE8ZB&KCmnb95SVO4-BY3*iTyE zFwAjZmSZ6br@eQPmnpvA?IEV=eT(t{{+9h%vdbt~`~_>bgFN&*j-Zl$x=g*tIiis3 zQ6}nDU2gj-f2Q#`=Rz&U?z{|N^5Vr^5-hpo7@dL2uHKkI9O-DuKlI#Y!?eDyzsO*B zQXA+wwXDpYVg22r6JtGuc=*)t+O~hHoTwzoR zMzn(Jls@JITqGta2=a%aMbph_Lk&EIB1JAKP+vfUc?H0A%fk%QeU1DphqbIDW8kvMajdcq7`~FheidSTf3WkDS`#<( z70*)vI~&`_s{y{HtZz<;b}K(<+{S9`-LjKu!Lwtl z7gJ7l=C|i#OoPUU1df};Kf4XX{Ebp4N)*5mZm2yI^a+?(9e%MCT3_^Q6O_R&nrU~P z$S+({e2;Ysw&{~B7|2lCOfETVaP=^rqc&`FvX@y;DN7qgdB#&`*DiHmc+?H}Kt4&( z!R&2u8(Lp-nbt!3t| z=u=WX?opK;R3|dJJsfYj?0)%O$(kRGN1F)qG~8%mQuJ+X=xuO`<7HngdC6nSZ1j?> zjk!;oHto_dqU-|@cBiiT{A3E7&)yK)MWtB(SQ5YpTKHJc82xVN_3R1BrK`pzq-=bWV9pY|y{%(M!$Gf_x8dxpVKb`1#EcMtpqod`AAsptH9baG{BWI1tT ze|c@*o7cOattod~-qfqzU`v_)Bn^9C>L0pu*sblRNzc)A%v~jxWlIPbY*b?JVGqby z$9{CSczlAVAl^Y^8HL4@sw$ekl##1uaO(td5uvv80HbaiCUfoLR{FYqD6u$FgDEeJ zl$eS#{Rz+LaEBOPMXNc(EbAO}*)9MEN|GRWkI0maGG~_v@xF|w`!sOj5QqR(k~XHT zO5DG1DUmpa81X8-WirlIuq_z1G~wbjJId5;Y&`scMe+Z7w4ALl5(Ah1?I&+z3mpTr zuIoboJ4M3T3M;;lb0YN-5x3c=)T8Jq*IM+YuuO!8&G9xRbYU#o5bG@W zj|k$_OJnr_%5}AQhBjf-ro7=&QYs7$it7jWY5TAuojt$B2h^|yN_a%~Po?}Kw|;I+ ziO@e4Wf5yWhn$0MQQXxb?|fT`vG9e-5cN9RgUCG#KceJ_3};~n_ryVFNqTR*XoQJB zblnNrWAAx@8eiMh-z6HeA)_uTC5rWu{cVJ3VaH`+VE<+?wmhFUY=S_u-of%D!J}$e z1#v{?5bZ`RHJ_X=m}g}8ZO1Px1l(E^)36jyb1SJPu2b9$v6-=zhm}y6aNG1@dC1ZE zBs-oF6lo7J-=4CLA+4*BCs^FT&^IzPv?lnQ#yAY(tXT<2og*76o+dxsWN3(J5l0%^ z)QB6;?T=uNj+W3n1*m0YJcuUw>lZ}t7LqHlWXDf8^*Wj3u2qrJ1~tli-7`M^=fkV|MX1!CeC_pX0MoZYv-K80 zw4z-^0*?+7MFoo(>u-+^NwbNV*3JA4Igi$==q5m-LNKOy{#fPDpz$@jmQZy+aheWE zJURO&-NvP3NyZs3 zOVm`hlwz8yipo#&j>Db0Q`{7mZHo>t=oGxNFeu8R9a1K2m|f_*JxRUb)W23% z_eN9BudX_a=K>v4iuJpsiyXp#=eB9#$A98o64dvQ{U+eFVyCZQ@U;;9GpUht@#dzhg#hszjk9$`$@@T~1LqEQ)STOv?*#b_n?;z~@=N&F; z$l!EwLs-0Acd1B$d`9F^MrPri-@8LgP5V2AhO_do(!_}o&OgpU{^BK&V6QN$1lD*0 zc4*~Sq=Nb(ZxN}_IiM@dbw4Pq9=}hs{T^wmu21NaMCXdaA^{3fK(8WV0exZPlduBz ztKE;H8|O?YGcK_ppW?DGRVsel%m^gM9W%R zVM)_0&FF(H>CKwHyOW9*#AP}+P1qhb#i2@uX_{;AKLKS>C7 zU|OZ@+`uH2CUXSx{q4C3q-jv(G6I;~(~l;LfFaoXd)Cz@s<_uU&qvaveq<YUpV@}0(R)@nmH?4MY^ zJRk@qY5Uem9n})JgndA;tWa7Lm*FbU*zO$Pf+iJT!^oyePf2D+ zbz^`H=St&cf(_tcO=GUp3Zp>fshstBZScnIuqm<-SCihm;#%Ehwgy2)p60pnaNZzY z$yHFNX7$TJ|dOrV9Y%lReNc;+-n1md7vU&oUa!Fm!{<8b-Qicq)yYcl=Y zEBIeif-9g@XutHvtvU1ro-gw5PHc8Ar}5>OR9qo=b+kz|t`xCBn?IUN4`0LjooBh; z>FdhxWtE?JmiL{CFWz|K(431aJUz%l&sq4CN6x8l+=@@m|OtGlGN7+tHgENJ2Loyo8TpUzGwmjgwj-~}))_BQ)V*#%XV_1tiTP;m!j^w3+tkxCRE#bnBlH&ujPwVnr ztxnnVh(P7I*#bFhJ^+5Hq?BsENy)rp!&5mY=hvpJYUq?c%<1Y*T^5>CF`c+J3b0^y zeqp!nP}s?8?_E_~MfHn+nOgvaOes*EDR{C0>#YSm30!x%5@KywZ)|X-bdx7Hxloq@ z&7VBiWX^DVcioCBIg1~gL$T8`dy0wkl_;#=UCRV{D@~v1STOeA+ULvF-MQV)!#y#VVDrhduL@!-O`=0I zMlG6OD#5fY>zxEgnxbq;ZiYJx%3yQkAEDl4N0hNBmJtl26se;W15yPdry=yX?R@^) ze{0J@=f|QoWu5yDjQp2u)|!rsNtC7dR8=0fHS&`Yb<)euFz{0!L;Zr7OIl_Dp}Kw2 z^_F=`AHCb20UL{&Lx2}IiFswi!jdT4Z2@c&H3_q6zP%qmHhF8If+32v1B(Ktisf>D zmmIk2u8`L;Bp9W!&}&v*zK+ta;6M&=jQX2OYn}Ayl91PKa%aY&U*f=Rt2l$XeS*qv z2`x&tZ8L6R@H!=6Fu~GB)5UZD2|jR<8)HSZ(2=n9ee*@6{7y|0pR6DsWrLz_P+nNdrk=4#D9M}wEw0hNKw3AL66x#;Ms(tC9?(mLV`=n@F~aP zR5$Nq?pi!t#3b?@t9!Yf%n}0#S)_~u9#gt_`sW-`{xV*E5V3xe))w<|BHW{HC>KA- z15@QNR%8Px(KQs)-Czv1WZ#i5>|(d94%0rqAPRPu0SXz;=#i#XzX$|5^e~T8W%O6w zUmcW9*`z=@UpV_{OlY_OumH}Xbai_2MR#60qvV^_@$lzKt${TVI`X97np(5ru5dg0 zd~KRqN_^%Qu{ydKr@`6e`PK8LaD@}*>ZOE!6na@~)juc}p-`;$LTXt8k<|irY%8wx zqXZ|76^tSwIH29?OL!nf)XeJ<=LQFxqz+8+_9A=C=E6kb)XZ7F&lSS!Y68sg^8Q>E zCd6Y@qt#<_^xeJ$P0@{APn6O{8th+hWPr{=ZkZzt)l==JE8AcUxHw42e4SiRG*^hX zr37J)xA(!CkCucZJyKtDqrGiOicfmQ8GD{Q{v5;Qmq_el z>KpC37pqbE1=uZCVyHn!RnWWBims;p-&+RlVqt7XA3G5tOzd&;^=Fb;jdu?p5H?3j}vwk(o`vz3L&?G zGYtN9AKa0S_9!BbnV&rpA01N-7|H)T?kQon_W14eXD6ZhPtrln(IW%&e3z_ejLg(I zFR`B|_IR_u<-pFNMkkIb`CX0_KM0g4b!vp6XKBc9HO2Th*9y^fD%x+t`cfLN24#g^|87svd{Zqan*AKgiZBvFE^7|)cQm_I%A zYpsE0kAN7P>s~jwE4E!>-RT#~Yneco+-*bUr{Och=>tWTyMfj+)s{Rg9>{WjMFEHH zBAr3lQ*G_ve(4Qlp5}=e-a)^Ft3*rppp^X()c-Ae&h)J(&2Uw+q)qW#prbZSKgKsQ zhX=awjat2_gXIZkPVGiT_3FmfoH4!Rb0$C;`4&k9tC%$ZGe?yu=PV+IIHM7%j{&}! zC@-q;V3>sX4a-Hfvbx3Vq%o(n9EP1Q^)&Xm;B_5cWHNb+&>_Hdcu8N>ABGat8KtFc z8vF2$)HbgJ>FwDiV`4OQvGo-SpQr^Q757wCm}mntO;4tV-EW;&;o18k5Pt_#WY$EVA9xKnP6t6{e#;IR)jk4je0hV*;+L2H=ri*yHvxBB5Q}z z2di{l1KG4?cvf9d3ysmLrsF7&T~kO2p2?&;r=rQ`BsG82F_t%7e5!~P+f%-T%y(z; z%fQ3LN9ZMObZ2rJn^32ss=jn#>_3;MG*!GNDtfB5w@K6URb1S_1OEcU%zN zu8`-15&67d;#mnXwH>{>^{7Q_KeX1>(4a>pW+qMH|8`4`o=DAv8|f!?mZq&kny@v^ zK;%MiozzEKEFY!5vlGq(nL7Rn*W+U?oA(1P*uN*>*PQEqvn3mY)$DPLKtBxj*H<30 z1<@VxMW%FpRFd1+vvAi)=-^@7uzc27tay>XxrK0W9ZMo?EGJWD2#*l?Tt*RAU3rH7 z)$5zl+))(~V09>SANbiWoFbdeEmp@s{sBMpQ+WB29=&#-*|o@pD|2j2G8w|}Ip3g3 zsLl;&(KSVnA24sq5mkt2Ld!KExXy6dp|F%G_0_l)a4L}DNE(W8%sOb#c)gNhQlD+cJE9->QS+KQ)5=o*72XkLd- z9;J_5SQq?w3CZCM=X}wb?atIEC{SfG!aVUBp#3%x$)}n-Jb0|h+QD7h1iq;jgQry` zb@ZN-XC1?tkO=lF;Q$XpPKWPtlA?j`CrsinwiDNf{wc;hvkJ@}YcPVQ1W%wCCZdD_Hb_hJ~ayD`A@-XrId@A18_E;^Kg7JeV4H8h(8J2%!&DfL`2T_r7?;}*>G((u_qgsO27ds zh69Ne0fHOx{J1CdxMb*huNQ&)d21d8=k#7>Mp0d-0MmL>z4-4s!U&~>_hx^p+4Foe zyzyo%#1RkSgol2JKOH!7iSk)~$xHdS1hC%sj)$7$OmvI*z`hAIM1i02J*;VxD0A}& zCFV{Gu`9yDQk2`1N`WMjlL`5hi#i{=9{Omnm(gE#<(N#-nLeGTl7waO_DK~!O^Sx^ zKfEG2YIHopmq)p0ew7@ptV4BZ&?4)0pItyA2xWK(yxs8TF$nYJ%gBpgp^Z|KVdO!f zk|S^k%oBx}&gIb8s_YWL8^(^b-F|2}EvE0fC`vc3n&bSoLQFF07s@Z1A?8~&Im&uq zW^Bl*r*_+l>Az~S^nU=fKuf>G(b_c$M9hg$43RE>v}X$U-1 zm#(Qmap*zrGRk77?gTiv5D{` zw9TvkcK+e~&!wJf9EO}p{Rs>(!HhW8TM&bMXz;B-KD{Ezr3;~Hq+>?uzvR4)IT2H} z9s-xBUHGG!V@;>Ese@qN0h1a=2Yyv*KT_uza6U(?L3E7XZ<_1ul4j@dGGq>D$ET&7S#!@R)+NhQY1}cC7bAm1%F}>W8|M|_=VqE^ynfyy@V}hhuae^XEg+wIy zb17*^;7M|;5HHHpQ5^I$Y|1cBrYG{5xUuX?N@GnvVj!0dJrX6 zG*XOPI7yX9F36v!BuEQMS%9kTSaRSE6;laYNVqiP5Jp`VkbXpGq>HfH5n!RKte4P} z(PuR=w7P`dDJ9oR*TbHtnkIBGdVv}rQdq;TqTM~PX<3x_=aT#^P;<8?o?GSoe_7^AD-K%N8CKSlfdyDv~bmNo_Iha3kU znTD0t>yGtDCXm3a4$sTsUXleqby{rSObI8cb<=CV z1a!v|&9rYD>Eu_yI#kFG_lHCHTScCoTE7~z1MF5<@s?45eNM19M>KH#*dwB@(#vV_ zuBJ#ZP4tYOIS5STN<^<=b4Ue?_U5SbfWBtJS1NueB_cQ@6Kz$BH0ZjN?@UOoRB%-E zAqXMkO_nG~D_2c&5l1J#y7C2ls+U;fD#_OqvbOKNj{}3s&-YqC71`wg@{Kij?l*j}M}%|6g(?st`9O9E zT6xj6wUfHIrH%11;w&EdL`)e2I3}^wpQX?!ep_SerxYHH@o$4%ulc|GR$;r8+S(2~ z@_vm)gzPkzY+O>4FHJAp=^QCW)7j?YKyEn!3;LkMq$E%Llf)%LNM$5q2&?gu?8ahB ztMeKo!Hm&iaU{&s4X0WwLNt&%voyZHwZ=~E94e9}kUBT4k{g9|5E9Ici^B4#7Jyce zI_P_LL#_$mQM@}QIFedx;`)HoA*xIbYiy5-h|^IFOVa_;0uv^7;g0PO&k z*`0I#R)A`v=3z#ai^Oa-V;aCUPPs_*(leeiV)EKct0pt(Xl^Qh)aJjAm=4@kqVXcj zqn*xoH1LWCMM~mN*^T_(BiL6f&1JJ03(QL7#0P;8G2=#jYU>{0y7~x^m#)8>g*G7p z;n*Kc*-bxUnT6G#5`Wf*0s2&kmo)b@dw-ax+ z<>m*|P%dVmC0{&6LLC`rb255TSyireZTEoVIMxngeGUWaE396i zi}Bh>qz;P?b<@als4w6_uRN0bc=rDN#i!Gw^YfqIpS}L)S5JGzG1{#r$-EUw(5D<- zKcy9_z>kjDC|mj@<2nb<)!W$xL&F1S*V&a?3l(UFe}%=PSYQ;-LQ(2`jTjmZouQlfCmxA@SB0ZjGsImJ( z5<{Y&QbTi+gyK1@J^-iFS)LNRm6YH_9RUle$zb0ceP$0OBn;T|1cE(Y&X>}41V|dj zJ*9|@u1$NL4Nzb&jzEt{UQe{)lCBdFkHiRk3x!f>?f}ZwJ<@HS44b)KEwSJhzaB5Me z)E=(lzFhHsQJb+FFB_IkUFeNc>cquatbd8@Jg(^QStu2=sRh?X(OWlV|=9gL> z_tc_3kJPH1hXiehoLo~D3qP@0?IabmyjC2 zv2FCJTNVT>USS6bI-@@3=?R@$a}t9yGGo_fp{4j_z&XV{g6X^5K>@q5t*RX7=gE*5 z2;~j3!#H6wPHtlUU8rl-j9ZMp)uc!$T-BtW#`X8p)m7~sWKq?`&ZhLqU1%*__1-~K zEYL{qWt@Qa=jGMB_SeRDU>kyi{Ms)w7wqi|irN;-0c|x;r#9I+|5I(8AKwS)9lIt_ zuy44(gZ6g!c6XFse!Z6*?McZtHf2}G(juA?uhiiuEfyV7vLzxM#iGx~{b)-1A!m|1 zd)f=2c59=mQDJsf$==$=PwJnVI#S>;Pmg{9%468b)h2C@>}lXK9x}-+DkLTex-k2@ zKAWI{Ms;7EGea-Z_|mSMWKN-##sJYs5PvK!7R(cC(va-U`?sln@{OW$ADwG0#EQ7O zA)F){R;xHtbE4aq^nn4Xk$rvnv`27;fDHr#}l%R<4nLwXrSVV+>0(?FRA77JC zXo{~%j$3tbn*K*9+rO2g4eRioM2K5G;p;EdPLe4Au!^@rYZB@=y*~Z!t%lZIoF>O=X zlY;)(axPe>Gce_hPjEp0B}HN4X#gim=1dT1Am>X*2BzD1+FuPlFn6akBCce2`x8|h z+65Ojif))uN6{rjSz#Y)>jJXY;2>Eqtmv}5ttBOd33Y-kY`E*}Ym4K#0|gWHT2X5^ zF*`C5%{zJ133^F0zl4|uJ`p10qJ*O~PL%5>nu5RsEP?IKzN*rxxX=>@RUBdCm?CNw zeLM+VHVbhC(Wge}R2y@EpY`{_QfAYB)@(W$Y*7o0z6K+)!sQ1z@MO!LvlQ3|Ik2BE z1@=J}?B|VOA84?j_arYVv2E@>!W4Qq)Sl0=WuMxaTK?K2pM4-#`2x~S2bq1r4J{@t)=L)V0 zFd`OGR}6I1PddtSOSb7jM1cEwsyf!M%MS1$?mLY%4 z0zrO@N#KG>{4I8`ZZP)*GQ6aa)}i5(7;_v%gm@6aZ9Jn9Lzl4CUhX7*Vig*hI84VG z4-vqrMEZ0O>vZTmzJAk0HUpsMjgkFdAX^Dy?*B0$p~r zhZBxD5sggDl?|>w35S4h6M^zk)f0(lVcmL78V!0%SvO(9ryq_JZ4vU~sZdb?;q4M{ z7F1zHa(7W%!wo%KxU5Y<;J1bv0gt$D*NEz?k8l3_NMD;HJwsN@k8bC~OW3-KebsWS z@yf$VZ*p8?BA3gTLZaBeREoVa3se}Pl;}QVa>bj2DW>dkx#|Hx8VOzfb{mJG=bq==t|__ML4uh8ZYhSlTJUyJG-blznIr;| zk_?6p`Y@pmdV{%7Nn*6XxjfKrA9>VMw|;amCL}pjWONzl#Ety9R^Ft|EvRIBuw|58 z5ivBwk;#-764&W;P6G5_^|t9CjD3GFe7V2-&EK^C9a2ruOT$}27p0d{AkD;YYr1md zkuy2C9$vzdiftb;4(ZdZM^M?fIzwg2OsE?H7e)Jc6wg8v$PXe@xv+zY#gi`-Pqxv_ zhgvh=xAo_MCCa0b4l3pV%-xlA_~D)C@SVkV;bBe}-mBYNwPsYU6KBtZcJ~I2O7T!D z#e2OafZxjjzrPajds*Q38)4tmu>j^796;^Pg za5_I}b>xQeE6hP1E*z}`(Gt0nNc2bpyR>qmDV0@CuHumtSmutPEkIaE0vGeBpK2j4 z7B2S4E4a&T0-DiV>XJYZsTzlKPAAg{{fEoK`CrlA?%o0VmNV?RZ000RAJjF!b(LlS z*qPtZN#HtiXBjXKdxzX|sYfxVaMG-YvwaaqA$F(40J4L$Tts`$F4~q2y82bO_t%aI zs+SY1)I%!N{X>1vT}wKjVkx;3;i$WCI{(lesB>}Hp~ATl!MYW~QKthU{cte2xw&yL zfaowj8ThJ+7`#0>e)I19O@GhX{adH=lj5wzhd7$s_j-JMBezUE;aU-)DhvxE?F1V~ zH<*)7648_)kAaC=Ay4}5MS!|T=ji0Ti@rTNKRMs&{Cslp{rjIT(9cI_XGiZYPTriO z_h;z%{kzvE7boxEoul{Pp`&;IKtG(kd%c4Q1z$V)9728pIbk#KcsiYPLNbFV85Ptm z9T)jHn8bKO(1cwR4i_ryKsX$D9jKn8BPR>!IDdM4kJQ+JRAyH<_rvs`%Ay^BuK}(v zE-}XL?(Xi3g9G^Q?(S~>zr)?V{XY#4p1&9#?C&4!zxdPc-tLPR&;NvWH-K;9iA99@ zpLSOsE05eGd8`VhhaH5Zk~Lv`euz$jF~=&LA?BomkP#AxTDVCe(MeUlLv+2@!C{#E zx#tWIoMFdHa{?ZsBlK3geXN5Axeh_4mkUmZ^7(8+-6Ysyl!*y&I!NCjGVz>JaH?Gm zB-3ba6t2#c&B!4#Te=m?*P*TisN~JSV>f{c=Jwfy3G+_wI#*5@OgdL&4%guiJADmr zr;nz@4+-z|QAB2;k0a9Qqj4NSFi59wQ0UAsO+)KV^!tY&rL5e6eWrs@%>5LyN^ew0 zeX9Y`sPw3PqW{q@DiXpsNAdoNz(FfXQYt^QIVv=I=GfQ`nwo{{!Hci!|1O^2e;+*SREU5!0^r%;%a=|^_JXeI>=2@8r0FVE zj8`*BTz5(iQQE9?MxvNYBURdna3T3fan#(p0NeTfcXKxsbrlaf7UQW)^|FI5+V-d$ zq3#u#cTxAd_wT!?t9Gj{+J=hi-EWW1y7GVjr`zkH{+BNb=-+?u>uX(2Bgjuea0_ta zy@puYb9YL-*r&ndWD>CC=Qrwz&cu|2$ti=m?+AX@H_A9QI=8tAc}3=j==a}|b4BLp z%a=}?&W-5|`BE#lel}6CcIG#U6^A=Njt8I@!ikO%`3*r$XEUb89NxB*8jjT=@de5Ds`zD*Uey!Wl6?B9UOt;w7DRKbhvAJJ_Ru++_7PMR)2q*q60!9*Gc}h z1QcT1y68#ksj;v%6n>K6iw<9<6VpXb`XX&>QNnHxr0XFk^FH~iK!lPn3vIGr7qGXx zkdnZ3QE0gQR-5g~2vRr(G15DguCo;MLs+cad8X6Jf$hTvWqeK=n(xGfJ)e*Fr2l& z=l7W>S7g3}o~R(|!&fEDkca4r+TdWb)8CbDM}>i{l?5NKBJu1Ny`t`t!LXd~;G2iY zMNj@6*r+Hk9v>UYZBhN(+7X9~?f0N5uWuvF=*|E38)2%$|4}x=#ch>-xv09o?d}_U z`L-5PtBa@-0kz~V*IGE`hTO1VYP+M|8$VQRT#tewYWJ%L%n&WMptbEjcVqmkk=9`Q zTej5tOn+-%YO?(A+s|9|EbjkzahT*eZg&FE;QxRAV)r2D|3BD!G5qTPzl-PI{Qpr} zeBDZbWs+l8iG~dG$!$P~o1}^%9VZIt#AhSyXV!B5rQL_!u%=btY6jxN`rGJs&an;W z59!yA>BS6C*|RM}^eF2Yq18sAODb>{atb$bk~klgo{o7Q6+DKpo>A;gNaVDeGgT4C zN&CypoFKDn!jIW3#GIh+e+`|zVSl$<)K9AU!09C&g35rpYRJL$a6}?J>}JVY)wbx= zT$Wb47LZ1~9hI`>h*}ft<;t{5^KrMMmj;vu6X)t1(8ktDI+wHHS2k)%G}HPnd21wf z#CD`IP1i>r50e=SMC-Mewr@?M;lZ7=l)enIMlvPw?rrIme(;APloe~=l2Y~;cS$OZ z`h5^d*Y#^jAk(^nIA)JFRVb@pSv@4JS~M~C&HXTJ`N03V^1x-g&RRCBuT;D1E&lA= zqvP~uV9Qm-N7!9J-mI<`sR83?%D67BvJeUDK3^XxkI!DWC7{c_1?aar>*0{5Y`+lc zD!yDF)s9Y2bk?Vqw8J4aAG9ao?m9@QZ;mg{f0f^^kBr|-)@DJ3eRRq^bQDKSxY#GW zB~_;(UO;i*UzD8M7v0P3u#$3n1zKsyX)qaF??ICW;ub!rB5UKv>zj@bgsZ}2OHIc0 z*U4C9G6afv4Ey$Jn)OQA?od?E)Lm-nArYaIe9}bw=gY|zmT88tM#=dbEDMw``I&5$SmhCQr@N1|RC}Bvq2<(T`b}H(!%-9NycDr1~ z$Lo`;rmXqV)|{*Hx4BXda4#i26x`eP`dsv;q2 z5vlI)U%qq^N-pm@9erI^f&~RTlCdF)8YdI-8BV)R>SV;ma6~<>h5>!~k`yz9o=s^A ziT4#zH+)T78leB$clLGi7F|5HOM{5;F?LmXLdeC|RYg3U&a-D1kV%y5RJl+CL#11a zu+Jt>1)9--&f=hKHl96e>A%tyR4iCC>(8Q0_xJ7VkGuW<{Acgk$N%@`pU=L0dD2DO z8SWsB~|B5-2uoW0~KbZxEK-D&gpc15_m!mVM#rKg2=F^zL5j$ z?xMq2g%FOkkVSO7(@cav{2nU*3XHd;y8PsxlFNzluNg-Vt>Gq;D6 zymF8YQ5Pi4kB0gt;d>vMFCFxjstOZnYq=?^%vgGNkvsg36!p56EU+Gp&nGL0?D0-9WXRTys&&F9lBPyVo>UM)`YWRWgt``~U zPRMs6e$siK`d0kG6M#|E^zaqx{t}qXf9L4U+1dLum6#FMqbdrORL?Pq7P*xQ z%IQ`Q`bukbnIF5q1StQc#i+?O2@oDfgdRYV)&{U*<>t}KOPnGdsqyG2uWr_Z``}O|+ojiB0|5<((RiaQA z4u$H!CF+M}H~3E)gARY5F&0@DTeSWYO^Irax+;3Fn-2&C1*2+j&W@L8Z6<54)Sw_l zJb}PTvISd>P0HZX=H_Mkfgn=3i5Q2i_RtzPB7CN+Z|3@m@WeJaZC`qM;G>RZR6Q7& zO}u&$$yXI$^sAy2t$)kmQb;{IAtJKDu@HWRy8kD)*Vs6}D(R>M>)ha3Op04l_s?SR zXCeQun`@h&I}6ebTm=_YaRk-<;yt!;QR=1h8WKpO6JYmbhR#9PNAI9`+jg2f_Yks6 zX8D|xz$5%L_I>r0FfO28&0-AG=D8)AsQs0za=26dZm(ChX4@>;3{;j1ZT&8n5P&CX znqL_nZaS2SuTnzLG1|6oCRrW#fF1K(ahRi229#SA2lO{{ zD@&#BgXA4Ka5B)WPYRH0?8g|=W@~SXG5}}OBDLrL8M5Nbq#g(da|f&PTzZLT4aku)C!tKmg;@W ztgn;usO6`!7Lqy=G?*|>g#MY6Ybt*qgq)ZJ<}?^H^dD%9eSd`AE1@gx^9ZF0aO?D^ zYjf1Jm^lMObdjUd=C+ZR*ZDK8C-C9|Pudt0gJ*h5MY0cSmFQU~jZPe!2hLeYro}eK~r$yF1VTIuo|__F&k5 zdvJgfl(Oe|F2*A|NM)7m;TUu){|fSrB%Bp zmlmxu)`{Vh!&mw!yrN-Z2zUeHm`4I|Jq<_-D{__;@tv4``1I*wYCHz)zKUCWP zOZb0uw0V06P=o*H;Q7mf|7U;r_5SCbJa>Qp^Y7rdjtJEDk_<`$sjh+ppQhz5d|l`O z`@Vfa^yu^?DMeu){S`&6W>Y;%vft^7u=*rSztw-~cc)B>S@TZ+l|P?4wN9g~K9hqe z2Q+V}Zyq31?8>w>xZ7XLagwhGCqd*O_z6^nZN^a$&qjpzlF~Xl2pOG3=!W_}8W9w6 z90=dk)k$l%&hgCGHRYgkjydka`aBE@IRuCX5t)#}QP*opIQyLIVoH+NCgj6Nh{V*W z3yLaCPO?8)@m7bg8e)pdF4vR>mokpF$#0p?%dTPcimj^eOsD~@nOFLV%?jyzIgy$7 zFtd3Huirt^$*K+!3T0omV^1zMslTeJ>=wq5O$+_mFYV|qNh;GJ4Wevsz4YDKXE=Is zkbiH616C~#cq>_~L}jb@d!4Gtu82!TRmWjTIUrS}i+M;8oM&ePP@4sViTyd%y>yi_ z*~GHN&n!mUE(!hrX5rwtLUbHdx2X?%Q^Z*=rcI-E>|-H7+N?y+lU#2L(zW<`Z9L=> zZspusA+0n+p0?K#vXBVI>-K*!XTnwBc&MIuv4OcTcbymLmz zX{88zG%2Z|gla73ZJ>!f*h(g}Z+Fu?xw7vcRo8MGAR;F16 z)cVeU4~7T%`ak=-FTS4t-pOj=ZaC62_VgFre&J$ur#@$`ly(TtUljVVGL`> z!GV{q|J<;>%o{zJ73pVkwH&@OlCqGyOzm)m?MwbF9KCxc8g17U$JUOZiqDLjDE+QD zE(AvfuGM`K4+ffM$tOxOdi~M7&VY*7YOv*;(bI{iX24vNxx7i|hCFF3RG_BCN z4DH;6QWX%_Zni;HJKP2T`IoIEbXZ?K2i4c1<`^otYw>%0aI~ zA7`fYYXYaL$4jH9kp60pe0oKE;}9{nJtz3euH3m}?0>O?NaQ-5q!KK2L}yaX({M?U zZaCEiqH{vmy4b=ys-=pjBr`cDGZJABM_7|i&rG#tUq<0|h*Jb>8EuEuy;|aQqakT& z58Z-~`yY7bm&!}Efa?Tl&kVV$kY8L__rP^8VPC7HT2$&hSRME4Q~fNi|0_OOK>csj z|6lG7bNc_@%e|Lh_5Ztg?mYhU&F4^V0#M{$JIIsb)YaRHEu8vk6P*eXz6CL4_HEhn z{Wam7dPGV`9tSRZu@C>Gv-5a7rk_!_Usbx~m=mc{sxw^xQ^IUc{;*bAMsusgJ8XPS z2xz4)<6VMS!Tz5`H;ah+x6#0E5htOKU4puQ>7wqZ?(#_CgmB~7_vh%h82fTwJ*lSv zvW`@3pm%5=$uT74BDwGhHRdftF7+BJw-uC0R)-K!%z9gs>h-&G*%nShLgMzE&dE4i z7CgDqYSEsi2OL0mxU?#P*U;9}TsAB?5)Gf2mkFYM^!_IBl^RNCvh zm(-E(vm5(X9k8MZS_Xr(|cg z@m6Em0uO#!eV4|S8yO@;&^He4>wr&1N}{&gM;V^E>8`Nw(lzDu>a0NBxzk&S6f5d~ zi|haDCh_{>e}*sj5Ayln_xE?d)_=Z}=g#&2B>YG5k={0I_D#cYnXS?U)ST=4?PbS~ z**0=Z1*s%uky=k()Sb$=&n!p~}IcVq_#V#@%Oy0GWF>@Vix6 z9Zl#p35;0*4mkvcLlSMnO3xyj7&*%V;vm=t)QK{UjNn(%A?9xU_OG#swDU0`eh)qw zVfX3=b1x0RqCSo04nXi18jRUtSpaBK`&&tih!ZlHVHymwMZvcW_G(<9X<<6-JNzjf zRV{JtBKGHUXTKq6imxRS*Mws~Pf;Nyzn%1X)6q;>4lO7!&D%mIW+~CSN(hwc`c;1a z(TYy-y9Kvaa}JQ_`c$`qxb8ySQ7?D=6WAJ-fw}Aqr&RT;Y-$6VQox{Jt}5iE&J~%r z5;|8_1)gPOjw*+9Md0dR_p4yJ3&CU!@gt`>F)g;VV_( zIkRj_R!z3jRbky^zvyM6y^B4{5r4#CXyWv(dm$2*SBM54`CRwalLYAMiyV!M&2-Vc z){+D+j3Z7WPRTWqoCW7WJ}20lBNtS8uhp7N)1|0WO)IoFlkCQr%-J=Fx;k5l_aR%J zDxW`RSdvp`uiHaip9GU=+C{@%m_sJ#5Ms!(7JTO4wZX%B=@&Q_^)oE{RL$hmBwaST znG&uJ^%5FWfkeb4yVtFST+bzoL6xt!35EKQPv^f>XMfA~mKRDU%ZIsdSR#~m5OF4l zQUw#g`3Z%)4*Hq;K7w<;G36psd4EVmxDE){>(f)6DNxm%pgzQxrqWWvtlnr$Cz>}s z#Bt!USwc9~jhar>N8d8$6C7l_`guwqV@t%OVTr_iHe$XoC^vMSdM`@UoZNgUCk_Z^ z$eklF)z-M2U!~d@-;;<(+IQZRp9u8}35w(=V@&<`!8>wOh4yQ`8Av>NOdNDF1~oro zitTrhxT2xTk|d1D9grKzRzRKn4y9>*MZ<4j9FV|mF)$2dk1QeCK>@Qj9dOL)++ZUt z$cqC+0+-Lj$Semr=KqB_g;j=xNC%Pl0kH=uggA@!xrSLoa#1kuL5?4tu@O9w<2Z2P z%0Jh^xHvB=rDPb&omWZ6gn$JRprrry$r#}h`5?yvsNz6Ek({}hg>6{(snB1hOU-yo z6Ij)u4US5NNz+h*B!N|$j)jFtGAyB|S7cs0Ol0yrDzO0zf{Hu~rSi^9f+8jHdL4xJ z9CVr_4Kt`-Q=FGTDe>fPl*&S3fHvgG3c_0W;Zg-izeFBlTfW*_nI!2H>klMv#zB zeo*>fUP*}~>I-K=q94foJI-cu%S;p$$y;6I9P@nn})z7}gBTVK}kK=x}#)m}~S zVPL36+nUfc1tDqEMnC! zPQ{0k%#bSMW;r01A-b*%pVhFGN|kJK07om^xye6|c!J5c&u$1u+j6Hm^1~@c!(LDQ z`7WLjPF*zYq3t*fi>+>Tn#@n#sx<@cg-dB+C#d>>OvvXm6^C);`)_Fk?#J#gzx-^` z0`ghiO1)e}96fK_xt%wvn@}QcVXd!QB&P9r?30{8tHV>$In4?Uqd{!_^11}t+*+gtOUhQUv{4LXA-SwZ#D?h8{q|$uX`f;<$RxSwJ9&Niq&9bYdXpk#)th`3yWT&~6FZc5CAA2u%zs7&u#dBZzf9?ER=Zd2c-1#pRteWLq*&w}m zo}_1YN%?84)gVnQS|1Ua8!Gie=@$Sa9Q;|GJDHcZx~nq?=1=r=!ob33nJjOax3B6y zsy!qJp;`P&zuG3hK_Eb;Nj~$N*=6lED(T5D-Cw%hy#J!*x60BfhpZBtuTp)T&*Jhw zy=&KY2WXK0d(WTe@Bi$-_*(zxZk~IP|A9w%a_FJXl#&yqBs(B zP0pcx|I3%eTx;gMj+w8zdbD2lYJRx~Oah??u#^23on3j)*|l+fSBJt3 zo^^f%D6#TWsuDvFo&dfbuHhl9Z^O|99}QG>Qb?s0F*G4j8U>?0vDLy$v7mM;Pe`O!biKdL6ur~G z!Z&^MW6S$;6$4wFFgH=(ZAf|&aUtT@gzKTc0jeH=E z@d#SiwrX=YDC#W3GaJRJ<`(*DxC=GDj3Oi)LnK^M2yZZ=RZ5SC-!y-at%z=u_BQg!~7T z2$bfpM%elSjunrwAm0@}g}t$#Pe7j^!#2(VVThy%PHv{!Gt0D|@L3 z)s0e391g?uuC8XVapr2nO_JzY_18j6tk7}lU6$DB;2UcOoo@CVqWp*jwy@~^=vVpT zNiG~Ar)H!h6+*bJe)=VWBB8p4$;mY(>SCr8om`)3u`zo3XYo{@Cmf~zMz^j6m_g-XlTW%We(O50194i&6ufI^nZqq>90XGte>+1F&PLfe86v^D%@ z|K*Ebvqs@+fG;$(30)P$-GQniKf@uMIWH>Iirps+!<0xeU~QWu|5`wqFPv|&Ag5A_ zfZ5fv_xHq1(bfo?(MWaNwG(7_uV?`KswPo4wODSEnBu+XFXWUx4(sLXv+A?B{da@8 zT(k?AfQ{#W!@~LB!NJ%3uXpm?x&8OEVjqM@ERJ-+cg}ntL^qz)3F(CMbo&cDsi~K9 z##mG*lS_NE&&(iKVd@Dr7Z1D0D&g7FHIDKHbZ%9!;CD3eP`A&2`NjLolUpTS54)=T z(a%R`?@r$R{Scj{*dvcb#EpoDwxtbbl?wgxio8^VPtLJjv!Ai-o`kJ6W; z^sSb*TlMP}bMMc>^4|(x9(;1K5IFESuH6ip{C~r}eEyFY!`-j`zdL#ET>k4&ae|Hw z@1&IxlE`yN+$9AoM4;D3*p>v-r(BtISmhivg@2N0e{+#HtJk-S&CA{}HGA_yLn0tPWTC_27+u5`>>}GNzwfb#q1Lj`}Fqleto2Up7gN z;WX+vH)i(U1E>{@E5+eS{_a0iAj)TvfEb&ed8rAaijrir1r)A+h`hIQk!v#rbSv-7 zlrV3%39!`hS$tQ10VWNhYL)?z<19?C)ad1J`YpL*Q=S*vn!B0|Z1HF6Q_SbqJyvz5 z0a@8VvT7eI>qjgQZUb!hMi_N`}Zsn8SelkoyEoQ;?4Oh>IL9B-M87DK`C@Q}TSa!s*D&5Ux z6gA%q(cIn&j0TbD3c4)RgI|3%5)E^nUu9*}nSJv$-u_WPtJ#0Laf2(c!Tx*saz9`H z>G|{LU+up;dG62t`%&`F>u=X?{TZHoFt(pTw9@i}JBzDXeP)c!*nA}Lb=aH-6u2zSe(#Mna#uz#>)X6k8N~eV`_BewHfD;!MM8(^&IJUrzCw zt>X*?S!@7En^Bg@7gJ!kisES2)h3luMau0Q487t7r*%6a45f=iUaK1-f8WYRUlowH zrBByd3*8zbR4l4$?kj2Ef(g^FHbAB_nCdC^M{(q|*#Xz)%UPo`&<5@$oH?f3lKz%) zvw^fP1Wp2Ijbr74Kr#>$+8){@eL?n68*&I0$-9_CNPoW;hfub! z3Wrd=8zL(Uqj$HTHBAN7FYc zuUP#gd{N{@n8GHulGOi z)VSxZ&(pN7jlUV@Wh^Y{ z^l|%`0EO1Gy{vz!w2xK2OVH^9_bs({VpOYcn{;7pW_hjbxlrrsk;ikDtI>~cHru-h z6KS}qIId-%)%-sp6VZf|1}9KM{MYbh!TT6+UOLaR4uDk(y)?2^Mf=8%$8fq zCUgCEeoie|%6&+^EIKvzbmbU}cD!a+m4)Jh9J8F$s-~kAJy-T*J#6=tads3`!UdJz;;ag;{v9O>rrn`cliK?z^8C0@%VHYYN zaRZXXR#ul2C0TX%5p!`VKI@ZiHlY`kbopKzx>~cmvquY;7kQ<&?IUKFN}L*4rh+BH z+%mWMp|0Jc{^QmBznplqxe!D{{NIa%-52@zzrE-CU;V##@vO)HyOaa?Oft`AuKy~& zd@#OW0H@mR3$Iu6_^J^$Ew#cg%d*CTt`rH0(1H=;^{(1 zjh$JaIM=2)5){9x_F0Oip!`XYqd1x_KA)O}n_-LvIb8_M2jR`PN>!#5 zS|yS&L+xr0YJ$6j-wdtwzO2j6ia*P7TTSeo-Ll%ZofW~A11}sWXOI5)9oJ26C?#O) z_UiIYVKL`Zc^@lUW~$Q%>2gv#o+=({3^9d$Yf6JhMsJ)Ow6WHvg;a0*)zhrLvFEIw z^r|{#atZ_V2Kb@Jr@~NFD1FWdaJ44Uw$>TY-(I2NL9g{pl&T#o@PBE4mb1&=d5loc zZeQCA=v+Ou7j`RjFFAm&1H0tjk%zWk{h;Hj;q4VG*}Gve-nSKYf6r?6zr9OUdjT5k z|AUwNdHesx!Hci=|L)|uzxXe04$C%R=#NOz)>pbaw1VZWVALaUzMh(>Rgx7rVNE*&FkDWpwQav4VL9jj*F?T zV;(W1i2&5WM0Z64OGAM=$(h@Zsj*k#Pf68^N`FfExB^W`Ksb(wH)wy&QkVU28ecWj zxM^TK9O3dIs^cD7==JGVrAmZ5iFYhxFg0_Js;Ql0qLhc7WTGqWB1fTJQct{{dYf>W zu6tL%+M98z#HE`rQP8*~XY;<@Hr0l$e|}vwce`kErbeN6)X$=4nnD3w3qQ+|EHMnh z0vS7tEXwTK$@?sqt<0aUxT?#QN~Jc4Sw5<6*Y-O(-PHK$nM;_~FU8aD>%uwrlWUyZ z7?sOGZ)KS#6A~TAoRc7RDt5bh#|;j=L~>|}k@KIJk*cT$A6>9F!Sx5s?I6htFj5-^ zU8Lr+tC}d*KKv#4B{0#5e-^(4C6K&c5}VAz*^7!&#EFk1daXCS^miP1oh=lQiHdLDR!#*SM~ePe&q414e~wrH zUrLZrNI3FoK%9>A`ux+m+@3mH=onZMeK>oo9}?2|Lf65x(j?bD~+;dG`PBY@rXBQx*$!^7@VFI3Z`h z5;y8N)FXJH+Hv-4$GH|R^T^;4`4d{M|FbtouYY{w%)DjBXt@9N{N>*B-1^_$+y9#X z`%a!M^sTDsZ&t%wI^t5_IF|F@=^UYt-xGh9{rR8U(N7mY}CLr9PSqP}xFovkf&@%FE;&pMsU%S)*f zcRUi3z$1Z6iPpR2u6U^XgB@BsK@ZWM^V#`q;$@hi5##ei#9Vqf7;rM7BI5J@(D9gi zMYu!RV5G)Z!^0vz7Wnh_I(x12uIT9tJz%XHmLhO@qLDVX59C>3W&FiT}j$T48?*V z7ITEdBv435H9X|Zi{X^vf1?XNM<12D2VLOcUokpLTccwfVV_OXiPpq%Ts9k!AR;{E zRFK{dC^G2}h&GG@Tr>PBCt&Ui8WGXy z^pPBo2P7f_4V}IHzjXSlgMH^4XZJ7a8)=6U*$4c29uk*gAJHI;BP84@nPGUdg-&L8 zLe3bAQl2$SL9$mg56K}CV0Lv7@`!Lb1>5Toy@qvyOmoYqq_R_KXZg&PwpRxs@)^%U zpB$oOb#*${Dr^|)ENKbUQ~k@;VE3#Uau7^t@VV28@T93*)lY;cb~i(3_`(_XJu;#= z=nr@M{KbB!6UM%O%6#fJ!V1J5&k?F+)5Bz0IQdHX0pG!PLET%tQ0k;Beb!j?A2ZDj<1mS46c{VQgF3t7{T?3w6n zA%(hz2;{C@SEo|yi--g+NmrIW2yUd4IXzYFrP6Eqa%>_4DV6l``KT8Ap zM#p&~K>|U+B!;yJxo>P0fd&X`z;}>fGlC*IBSLm?g9BKU6Zy5$?6?X@2$>LcM12~~ z)v%!ZO$p^9PYtPBnAzP*CHX+p3V!eR`{nAZrpofVD?&aV5nu06I1Jl=s;2OLh<}So zq64S1@%!&6xmaP`y|-xe;(!Eha%J<&mre$0FZ5H49mmmbMiN{fCYP6uS#f%Fe*W|O zv)9QBqU8J%7_XDVyyG?DkFW5!AE8Tw~=F2nmKNoFQh2BhN^#YjGfF#u6>I_YpT$nO&$wGN1r> zv)YO+DXQ%r*h9?+o4&1$!gWnzc~TC_kAt>^q~Kh0E#*i<%Ex1yNG0Aa%>nBk>EjPe zLxYV9jXD&kswcpYg^`|2+oSy3Kr>5f_go>rt%ig4NV1x*>fT=(4`0m4&w?^UC{+mS zD0hJlGrrU1dtp}o@qi`m;dTO}Kga74Px+qqfr5(tw1EfUbEvrM0ffPv9 zh(1EGwk!vA!kV5B6H$7aC)jJX4YPG7D^=yZ00CO%dJg|ic7?3(%YDInyz?B8=P7iUrQMzrFo_uRn|Cw-ic4USVhLPt=qUQGj6Bjs#&?euo~O9Ha^hk5I{F=)w! z_b>1jEFjz3LiIa{_Mb*~a2AKYNC3M82Lx>LKg*;mQ-1Ze>)if&m<$7dQAKytEz*Si zdP3Q|FyW4R>h)i^v)7Q_;o7;Et-jZZ$8zb#8n!=EF1g`c>~|eE{OS z!vSGAx)g6J3<`;+c41f@JF8pwiA0BMV!sh;`aIwMm{@U^7;@Jaau{S8{DJ2{p6aFW zhS?$bxbfjLA~`S3D@!N%n7*z@U@In!@?yg-V=JO(^k;lu_52Jw^S%E0^F7XE z;n2JB?{m`7-qrYBrt1lk-dn5eNon6N!J^D#GaE#%$(AUPfY({q;fEhwo+gr|Tx$0%aH9MQvZQr|lI_%291wbEY0*OM|OzP7kZFAc{rA9#|1R>&$y=FBG^Rgt&ac@5{CKpweH>;(82N@IS!y zev8`a`r!QJ#Gsm0_A)7=gBB*-ZoMQ;$kO4m0OxPpLFTu=;Ml?Af39GC%B z@7>&||BPk{+1|Y(aCv#Qj{EKvpy1N$X8Kt`wYt0A?Eh)ECO9@$*^|T(Rgj9{jK==6I8g|o6W&=`8)BdceSj5xX0{~(4OPs5IMzan{mW?J zRhh7YL<9L77fwQ+c!i#)f0$urF>LD-`GKV4h!(<_e+Q1{k+RxgP6l zZ?qvsdR7p&Dc5|Jku*SK#BwmiFSMEGf1Yvmj1DF$KMhBNVsB|HOpG7Sylro6 zZGEt}1?FWA6|Nwp2M|}`H3SfI^FuCV=;2JN#M)U(XFp-*M~Oj7uB0s7W)Ms=&BCSJ z@z+mmO>`%rE+mdAp9s^O1P)$b%erEwgty=G8T3y_Fq!0h?)q>7f!F)}*Q>9yvG+Vt z3=L#6*8;As=nKfm=7iylJD%=qzSt1p_YQ5`WKdA_zOP@mAijhjNItE-FG6;8jm#V$ z*YAUagZ=spc$WlSTmO7sJU>3aW{8G%Z@z8^Ck5(uC#+ZA%V=5mXRdWkeP1kI-oJMA zfqQkGy`3+EKRdbKfvulW(sw;$%!XfDrEitZjE-M7*O%A$1Su!Leb+xHz(O9}vXOtb z;H>t*#LOiiZP>jwPz2IM2G+4C8sR}P^C#6NX6q0q9;MZ!_b6WN2M9E9sTk`*5UXpZ8kZmo=8KWlWCTkgk04t{l~Lcq^f3$60ytXG)=D;J4#ezE z4-rB?y?{4PqOK)Il$Mg3?Hn!M*69VYE4#Uvy0I&-3M6YIgeIx??4>no3Y1KP%I5lc zMTR#MTf6wpy}qldksn-V0Rm$qqQQ#ZPns2#iRI<5t_8O6yOdhB(FouhHQ~QMRs@YB z!&)Z8H&R&b5e}VJZ5u!tp@?k}d^Jp5{sQa`3ysl(MPZ2&THKAV%95DuSPSfq(j9AF z0y-JYwjh49pBMIE$ctIUNy-%Hv#Smaf;{e#@Ue~vu_=Y9SV-bh_ZXmPWa^EcgDd_a zBP%uAT}tX8ivfh`eLTU!6VJh51(at8%a3H;?yw3Cat`og!GYWc2Lm3TS=9;h3K^C} zp;78M9aRzd*HEerz|U2Of4@DpgFTe3F@oz^LT#gUK!Rn&S(m+DP!_qNF~=|PV+)$6 zP*#Z?jgXTM0#L}3ks@J7Mk@H%K2yZl%grs63Uch&h%{dj!x*1o9p7=i$3-?F%XnO;DXd*RJ77c= z$gH4FJL|*2!`=CAc6S#qJNrXbpuZ6XTfRNG2I2Dmij=;$mr)F~}63YN#hfx#=8;Lz~vk<%zI)k)($*oN8;~ zeo=?b!t^3HWq~{fl4>GizI=!t_saC+Z7j^n{cAu&k0nW*0NX_WTt3quRu|lJNvRnF zTB#)}EUWj5zfEJ7vX+F?=82lS{h8|^IMaD6R+`?rxo0eXj(=xmdhEutX|{GC0EpsX zJF+GlFH82Owxs(-q@zJW_)ink|1?SU%^UQuwF8^L`?& z8c<3An><%Znrkw^<&pQ*cuv`jGm5OOy`+Qc1=VX2_X3SnLlk1F@)G;$Ma18Ikd69L zy0u*iCpBrlcV|p|5#&zN{2WAY{6i`OMuDixMEP!35N0V(AuA9U$U6Gzh59Wrb2UuY z#KWk#o7bAXE^IM3+&(B40{?yqd(H4cm|!?1L~)Y|*>#do^u9R&5JLrT2p4b&GDDWv z0xH4MC%O#67#xvq8#q?YHc3=fHWK0QkSRcjWms-j1=Boy5N-)sNe75b0h85}izM}D z(;qlv91Bz#>z;KMFbW)E?I2zh+`MDcRn2Y=NVGf~xu+t0?iw>Gsi{lO2UmxONEc7X zII}o0M#EP-fpj(zMZN8Y@nYR&XKT_d{N)~NYOfYGJv#&O=^Vh9)1TaD$(4V$doNdd zd&WYZDE0P>YG-$+LV^W_d`Ult=Eb)>UV;i{u=p=uxGk0Go$z|LeZ|Mmq6Ykc1$B6f zDM9(B2ZA-fhaAe7kAGKMPl8%c&kCM??%ca-X_`-I1i8m4x9#K3*Vm@d^ndK8sE7CAU1iC*!oduFn7YgZ_47oDW>Fs&@{$H%u9(@<{Z*!^eHgXpwrJ zuVFT2+09|jiLm+o^NK2~(PhA`f+9o*Mw{Y+Mxd#)vlWgOFEdzvF_hfm{cl1k()eyc z*iJ$kbbT~OKXJ0}`5?j6B4B>ABqHyR8x`G7CI+{AApW+x80*Sro!`;4Rz(8=%XVxhD_6VROxOebRWw(Wm#8Ps6547QF{YeKnF zdo#c+`t)T4SdZ#U_HZ0DAhjpG7t>~SRo5?zLnoh8kC1R#EK09wVMXD&8T)Hot-W}-psPJE!8}IRHx>t1&_rWIc zuA#jjOIggDXD!|NlYd6!4+Yb}I$M&1t~YUFrnPoUd1{`nWR)*8(c;RN7l$EAFd&fJ z(-^XowCX%g^~uyj;&`Mqz{pDYke9NJf-@Q6wXD0PC1gb}HJGyNZ_sNpoSf+)Ne1;e zgGY{u!lrqzDd{aKG2(E6W|Cp!`JF0xN^v>{)qZWMAOvoEeJL6;NAe87O*xfUB2?Fm zxU<7uR37L5kWdAq+MV)WodA96|10whFA8}~nkU>6F_j zKh`ZdV$PL(qjb-xqvMK!V<5&|`@{wzv7cA;QOs=A6=>`nsS7hkKv}9lUCsSGL#m(u zy0RJSVJ373XR6@<|HbrX^r{#-sY2mI%^&kzR!)HAsTWZWy&w*fg)3154U;f2okyu1 z5Kj$h;^q|w&IDzWLWV3%(~qnNm@uo*K_#NWdBO(aSbA@n02Rkf;ZcJ;R+8pHyCQYg z24F&n;5zDSpCy0g`Hw-GmNs$o%)F$^`Dr~=^zh#E%rw6=Ft@c}iN;j<;nMC|M2yPjQgwMMYaP&?7t>l2V~LOQ`q<$#^!U zH<@XeHWfmz1!Eu{+oUDthXUo)*F2zSRiTGcUrB*>IU&sZG2i>~%^5eSP>6~30z1qq;Rim9uG6&{ zR|p?>2YESi3!q9;Y#0Wv88m{)W}brbnyPS#3`0??7|d5{Tu1J(YHlHfnRi)Kt~Otn zIVC7K1|jn4C9uE*djjiYB7}i1LC9DP^rfPF2?u$lHc8B4L!=aGo>|x_tY&)DQW!Fz z_86|mvOnakdCOTlmhopT=6O~e%Q(q8t%KCQd{=02ULn>RnF;ZkwO<5eF9I7rUMN0Z zDT}Y++qF}z)5gyxiSk$owlda*{e#H){Ds-yuU8U9J9TkMP~M+o6TbLWN0BI!Gu4Jq zotoNSrvZ36?tYKPg(>4#?rU3d<$^zkKp`Y0(<6qtaT6Q1DIgNeJJBdSivoc`42af& zY1HhP^ww?$`Km!kpqGD^5n8*O=XKz&c+_OorfFh@en8*Zou|klw68 zYaHb;s6W^oCG*$;?qpQx@Grd{k2EL!yh5!siyF01T>B zd9svqIK|w!&*}(PlnOLN4pcB1jgjaxzyK;n?9{yJFNi_Sd68c}hik!a^q3c6`|^)R z0rbGLGy-QdQHLAz+iPp(-F`$BOSo!H3+3j*MjpBfPQ-ckNl~d2Km;^BSd1geer#BY zAY?|~9dtC)lzkQo7^6OE!4O?<@~%-opaeJ}?xQc&|Ccmd^NENT>X)8k+74r~Fj&Y) z#3pPgBbw2J7W&~qz@D840)Oo+nC=UgO z+ApY@Bps-Dlmx1MR2(5w-+d0ElbPrRbE_KvmVGYa_J%nvl+06H)bEd$J%b($jzrlW zVqM&b7CL-40^BMhE=Hn{DyHPNO1~SOQj8K)2K99L9_?h?H?!u)V~z*3qU4<0BjV1A z--5Bz@`Cjcyi&KxBb8BdUG<8o~)ihiup~HzSkght|4x+NlK4^AL z8Gl~%4G%Ju8o(YiS6!pT`y{7chUa;2mvRFkFsdH+J3xjD7FzC19+tYe;Vi6Kt(KmK zLJf!2O&`AI%jhyBF6ed!Asse(TA%c1&KmoO`kSnz2;27im*+!I7>X)X#fJO@b9_xD z6_onqS;?rVw0D4GoUy35T9)@<%Syi@EgKG_*}gVpO7c}$&ii(jMmk7~Oh^fAqjmvU zv&!%eKD2-kil2l&)&|+ijWzpES}E_v{<#T$nssDJUYSfep*V+WA+93fyXAj&HX5-P zxNx7G3MrOvYV%QEwu7N?Y@1uvvER!3r(Qi{SjSS_`Ir6tA&Sh=Y6!$U07|@rKbOZ` z^3(zhJ)37jkpc{GY;#to)Juz7DBU#~tpaL&J|+UzzH)dK5$x_+Suzb1O`nusWHy(l zEJv{pG2Fgi+|q#NymvP$(svje=`Y7f82|YCp##2G0Z0f&9RNou&EU1zrv^V7=C7=@ za0IJ{bDLHHOwbroM5<22P~GSdc5jXQ=AKR7rgGEyW;Y^r7X+Br5#{AJ*a_ooQ>>U9 z>myFt|C1aLP&41(aKP06Hxp!YSMybTj*3HgoHK8lQ40IVe3PV*=|i5-*9%kYn03?W z4iBsPo2CRH;orrMz$5ftJ7Sv`>#Ui+M;{#|MwlBP4GNFqjya+A{ld7SBgZ80on zykH>_5I&~hZau}Ww{HA`ZnsZ-#~DF3)xdM%z?DBP4%oRk>@qC#^@!P0^ykOl6?yq?z5Bo!{ug%Nea5b>^>P87K}8ClWkiUO zeBLPwo^FKJ#Otz3`?1QWNaVQ0Ha8t12C7M)0pys#4ADQ#cqB?BwjQ*Box~@0Vg?Lz zw+K6Qs?l-15H#g*=m@U5>``*BVAr11`+?r7N1VRUBq_o8+5F+IAxVkccp}{hvcePQ zaV{)r#D}t@+&HrhgMV~>RtvpsXV<*hmbSX?k>)AUyMh4X6TE_yOXD#%&{s8t#FP+= zH9LN#98&%oT!x0RlpSpXMLWkr@n4&x*ip0pMn#@*3dL8Bc|^y{X4l>4S#5 z$_Tc+F}qT*B<|F^f(VsCg|_vk*U^-ZN;FS?%&dor*C87USR3{jw6DHa1MG4vqC|0R z*_26yJ>GJiFhuH%dXzMOH5wvXE(ZsAXcRd%TytH@84v5WYgQu5zGP8Q5YNTv%sL>k~$UxVf& zfqm3=@*9*h3?7BDyZJ(3TN$y}@ZL{%QBM-*no`DSW#g9``kRs8{2~((ZT;m_#+=A8 zJn->*`m3O4p!(v1MzLdKxy^w3i zSqYlpeH(GJDuT*U&DZCm^WXfeE?1|(bHr&zlt-JbCw9ljeT@knslke2tseXN(x1tY zc}plk{B6|66f~>`r{H?BDuO;7*%3n9h(}QV%@{QN%6U9v#m3`&zrs@2v)@VRl5TU% zyJ2W5{1%zLGv)KMsK*StgPq?hYkgH7MyZ1g}Alr5spu+m;Qhy;HqM@S$K+}!NK zIXU@c(61s`iJ3n65(js3l{w?IGN)E`#Tm=}OO$L8lZmzv95{qt95+x)TP^LoBdfw>`R;*@+oa^iU#J#Imi9uyk7S9wb9&9$10J@w6Rg$buu z!rMB+ZI)yi?ue&Kkgf2qcX0U|8K*K5B<%R0w1UX}naDBdoj(J90^c^oH|weq`3fIt zDh~ek)izGB@uNKTd^Olz8%Ex!wwG0hEybmMT&L&$u&r*gd;%hrY!^2BSf#ZZ+hda` z2n^3RvjRUKV4Q~8au1116|0+(QVkH%fP1`1j@z(jy4oY7k|m%O`YpzEZj+@IPK!qa zpG~yYodA&RBhNbkg%c*EQe!w}?+i?1w=e5He_YTO7uNArvMOh#(`S)w-aKy&9t?T@ z`K~HU7ZAvp^iveeuj0t3FC|(d|z|8*j$|76`Cb4COftWjk->w z5n%u-V+t;EFHQ_yS)E_IpNmY9#{#}x0b+oHcXb~sv*q1x9yXK6QiQ=Oq7Hw(&K#BE zbX(B+RJ!Ef$fz(~Riw^otnR51sKP#6rTK5kc{o$iFCnRs?^_J0wFjm@{_1PN%0NN* z=1PS~ltBn1AFC|G(zmcT>vaF;^2^ko9k?E)W&fEw+v;w6iO6C`bn^iwlg4FY!m;yC z4)mT3|Cpo;p%lpLqU{iR)>$rJMsLWE}KXeI2OW-3)^-t zTSQZ(btjw~bsrCb>ot8nc~q&9?w}U*VPPC3Y+eChz7tUKf1l;djB}D^0>wb#A;)`~ z!ginpu=S zs~hX-0T2+SbA~7;&=bDs` zF4D9RtQih5QdW>lm8SrC<^UW5{kqC1PMUc8oMJb#5HM@1Fsv*ulH zP@^Cyy?N&a&xENdgtMJ@5EG^t3hmGhGH)9Svd1=!rH z(A?Bd!9_CoXnG_WR%AX7797umu*&EC+jTcb4%3o zc_%`D80a3o{NTjGa(+6LtIt35)1k9&e7hn@#omL0*^w@4HvYT{*1wU8zYo+`NKf{- zRrze&th+5pG2Cz!%CP(Onr)r^Ai|90-v&8#s4v3>(WRqyt|?6=Rbu~pD6;0}OKa7o z-FHr|?xwR}buyp}sC&}3iwtSYfwN23TXpoOLw)9AFR&B(;~B$!QFJ{6cG;mdSflC0 ze!S`oImA|BAtQhJRyV!0@{Elaq~VWbnmSF`1UUTQBygFcN`bz@Yd9 z+Tq~B<5E+)TqYyNg`Y2PXCybv*&f4@Fmz|8@oJX_uP4ZhjG0Xc_{kfkfosRXhhNEbTAf5wnOeTu%x(q1%JHX*8lk{Y*yrDih% zR_kWRGE=!4KWL!S+#^YyEWY~6**K>)%Eeb<;8EUewW^K+Ko5h$b^E#S4{hghg{|f? z_3S*nh6CWi3M=!xV6J2b5Kuz(kW61DiPpQcV3i6l(t(v(KPy~`$nww%!1}Wf4P7S% z8r*jac-os73D{?F^~Ou5cKQ_*>zGV6{w0IAvs8YM)LS=CIZcYbmqA*hdR)jb{(yt1 zU8E$0D|X4Gg<4y=ph zfDsm>!?4X}K+(+y4oj`>A9eApbz7V~!9!$ZV=m=Bwo$VwgOTQ^`u4__-Q(6X_mUxl zihm{kDz3!-Z&0}W)e)Fc4x-C+BwTM1^X*M?P^uYEgjRXmx(1&4jrGjceIFl_tEMuu z_=m)=x9LlI>A_Xshua?J+*+0|hR!3&Oul;_|4_{N$(huP0;EnE=@yp)v{&oM? zSO3@kAD3qrm!B@c0GE|*jorj?o!vh!sy3Bd?WXs5Ko2MT;GOSrz+?OpMJzd{Q$O0L11 z*A?u(>5rBG`GyvXooTlm+;=U;!Sq??A59`Bp9ut$BBqU%F>M*t`@%p;n|8C*md7uwxu8i|BIDMHdNK`ozMGbp_;D}NS=6#CnoH)HGLuv}0W&hm%L-AcU zhXBaPVYUuZ@uIBZLbC{AHZU4mc}+5#gBXj^MHhn2vgoFrZJ$DLU{mL*I1wJG0aZ8o zro4s)F9!;sm07Xh=}LRDow*R~^e90!$clSBe=}uMthMe50*S>O0P!kxN#2{c|u{_K}{m~NL@bJc5<+oTIITUhTng8_&GtUv$5SQ1oD$^9*ar$slBP?Y5r(+oLzsEL& z4vZL_HyUVG>skH#T7%~e^A+B^%e)MVa-yM9eT)m4yH)(|d|tQ=> zmIY-6WEMRfl&i6#!bbQy`4-v{OOvQ?>_MT;MJ_-Hl?$gd!uY1n0z4uls4#qK!_JN7 z#4U_tQV}QCgG(`;D@F=sh7630WRxtf82aUW;d^5PHDu>il6+DUOO%pWlfa4;7K>w% z(nK`0m`HtjGx4R3)IQdy*B)@2AxnaDPk}X5G!KYMj3paWR5akvw$e8H-8ue)Oq_J@ zY$ooGdrD~O3~lqA>xa+*+o|_k5Q^-fQ`iPj$%#eOx`{K@xwuITF3a^1lQQxvl?!Ro z4FY`i=E>!y=i=JQwWBk#@9d0^H_)^rmDwGWj8rx}p!(Ynx2`80fQwJ?3L7hZ###l8 ze(c>HC6g?Al}R)UXEV9*?c@&Ky-IoP-Ola~tbN-xtOFWWM2 zj_0J6dQ$r(cfyJw4iG;FdgLUZv-E7`r)a(850)(Qvj58M6-1l7f8-zRf>K0nMr9)Zn)0Mb@d0# z{(uhRbLZ)rpILzlj2j@;ZoQX9j?KUU#cwy-rC6SnH!{DXgCAdL zTc2RjjZ8Wqh=zwcve($6BdP^Hs3ZOS7hWcr15`*MGq3V&~#IW6H$J?2H}%Sh9Gqk)$eCEX&%-u!NQ|iCl1* z3b%Z{q;ih|Ia0#YQj}57$-`_g;>k)4q~0CJldGu4Lwrr8i7}|3T$^m=T)b?<;hF|o zq0viu^U`TA^XYo@c{G-guccKLx6UHz9a3~GJB@R7qn7+)p-p`$+qRgvn%CVv)F~+? zW34(W>k~W7hn1qt?_hz=NO)+sgaQd)h$nJ+Uz}@%af5Yk$vfJ#h=*nAP(^-b1pn}%u0u$@w*R(R@a>U>`+lF*v8FHL$OIAsCb`Yjr zAbuqHoKQP!Hjsr2NP}YSTI$wti@bOF(Azz@o&EWZJ(&#rtUd9Ky%SH-oQ2uD>?GEj zfB$F?My;?7eea2+S(Rzr>nX_i4ceP;zqX2PLv(i$RKzhvb$y~Q&*wdHSUA&#Wy$H{ z>70t?qRuzlqUL>(@fvB}6utx#(-IpxYi;=%*WA=CtHtfyI?rwfw_TVvl5lX!&#HxD zQBh$X3|qXl7fb-ZNY=p`X@G~Kn+IJx*|v_r!Y{w;9u@@Q{dt~Ag7CYn!}(MiI`n}T z7nh1A-tn&r$isr&q+mm23z~t;$2VGWzlyPGVi}=uxtVJNj~dM_hiRfimb&sSnb8GR ze2 zF^3_a2aw+YBSrsK;#thS^$7##5VOc=kqKK@)7&bLxqU&zN|KqkfRdv$6R9=cTc~aK z#qu~afTA23!)lcEt+5YNZsI0y2urwG=Tc8okQvdVOz^v1E18vW=ck~_t*6)01sWag z$Vaf4;|WC2;0)sDJ=WD_J*g~&a^*%~ZIgbb+22x{DHVnPF=ibHWgk+gm{Y-XFsWNO zd`DhXDa#NXmXYL=k!+ll$=nqWS`WLqUX#|GnD3>wNp=EO9$+@cv53lI)C|u2D3V{K z@L)IMYFt7{$B2B7a;Om3k^6gB50MtCJOj6Gt9E2s>c4!VGeI&iS+L^Ko)J}-uk|*+ z(6&PM+R9i<)nLJQuBqFtwhaHzT|zFw-BKn^!Cp7h#^tR`nM$q8n*Fqvq1ARz<&t-t z8izJG4HU~ta1mQxUMtYN(6catZd8$(c@NWym3y*Fq$~u4#!cm>L<)CoeRXYngCNC$ z{$zOKUzl1tK`~oOoTPv9*g624V*Gw+0@Q*ad#pV~aKoU`lAb>YZ+4|l#eid{(AOA1 zP8T#G>o#Lvt>peYceOur`l{1Yg-lA*4e}xGKw(N)GLRVqg|BDh&4G1>lC?;Gr2@XE z=Cq0Sxdu12vlT--Rlo+pX~e7P;E|@81hhs_zpU2;4RfSiS{-HgxjHx4>GkaKe0qNU z?50-M$KxeZNwD;GK`~%7O|IFL*<$dDf1IKiH$i~ye)glFyD_oxu<-DYobIR3*Ym;o z3;WHC4_AAcbt_ZzegOP|wouvBYQu?Nwa7V_$f_Jy*zmVPblunJS_>of1)0WGKT@V!23 z4q}r@oRRLn*x9byr(p$m8D%&B%VW~_~Tzca>u zQ;m4OBAz{CUMIa2qY4c@4yhDLcH0{%F_#}73T?L6jCZK1mhkBNXWc7M4b4*1beC46 zV@UhL4>^}kIbzH)MzO!N+{wmw3Tp< zp0&k#9M}FPKk8l{NysPx7PY~4Uo$nu5BxK)p)pHm8=U_EvG-n@g`a$(TNg1- z3Mv1@AuS#tUDIePsZZ|ykk4}Eiaz*e?G;n>`1~FA<>BBc8}i-a```i+9%`I?)Os{C zA@7BakWRKYyWeu8T}5)hO0YHa207G1ytmQ1;=Co>zm;y?37-IX7TQq0`Ur$)B-YgA z3Py5-893CCggAO(bc5K1Bb1n?NCbFvjZo4IBBXRK6DV6>gR%7l58-laV|lTwm^x6t zIC>QoMAfJh9N*zp?jxvg@3GSvax$M>ow#^W_j-s9JtkJs^1a%;41>KDbK7sKyz|IhR$*dgt5U>+j(g0Vym@NI&HwGh*5hQs%)= zPJO@mDK8W6y@TD||9fP$TmhPBOKns>UDc=#G!bV1In!j5zvPv4$ACJuBm62#oV5B5 z`Y3cR+LRT0OI%5xvr4Q^JEPS}3>cu4J_j2t-`c4j6mV|jKs-n5_#pIbOy(at@9XMd zJ9DWyu4&ZzRIpOUhVI;xC1fD~YRlrCEDc^gK?z(?ZK%OUNT%kj%ygEx>dmU@#;kyI z-D*&~bo5@-b38$H_{?RETs=JVy#+Lfh+g#0l&APHjvnCjWj%eP-(7c;SAgB0**85k zz}P#Uxwl$Q(RARNrl02X?pp4oDNk~BOCyy%v0BT$B~SOAC5}5by3F2%`3zGj=bmJT zw0uf4%IzE=Dj~V11ZF&SbkQxzbn-F}^}&!LQOIcsHM?9yMd23a!k16_ z6uJNqQtyZ0lXT3zBfCCRRhW92`rbl|V@d_5z9e>|o6Sz^;p}zYL{P^;0U8u1g>7(_ zcC;>fv=+Yp3OMSBW5VPQXPjyrDdUB^8@m>m4wsP_@FxssJ*B~kmNZyyWpIVsr}UZm ziNn3s7K5xkMB;3|Sr}m*Jo;)s;srQIz{ji%!BcCZ((>Rwo z*$5U|vCUW&FD1XCP3r3?RI+)Bn}+G|Qin(P&rQN^#Q}k*%zu?bn~gcNLf|ATxEYIf z)Lv@A7=z@eK!!VpR%2{GFNqxeuw{G&b00m4V(vDD?Z~1TFf}L;stdTgxm~*hyz%Y^ z`X-%#-T=v0Ppj~MdR*l$SwSwVK4b;gmhEYfG_U_R%CiUvVw1>uS(=T>J=CoWYCOt- ziH=2+5+>_ao!xDlPwg6}d9!T?{kYSKl9J)Lsfc!~P|k1{gvx=lu3W{sc-%F&|FFGf z(F9%*l}j}-nttwXa|3FD-=@_+4?y0D2apS33BC4A3jI|hdxnqkXDeOg@k=dnPwvot zwTz{W=4GVo9#$9Wt$T0rYdI(M~oTCO8exG^PO9&WG57=MoJ zK5h4k8e@ltw6l|;aEkyp&Ut9A<;XOj%CCm^GnC~Pf{yX2n|xd8b{Ix|MC-i2n9R0B z&}-(QeM z80JJy+8j&C{&lh_R(`lc+DV9Aujl9QrWGgfLQ;H|w8tKbLqG)1_KEsKgkhgqzh_qZ z{cON@B9iwiu|teW=JCQe@)XE5`ZBQT=YGNmwVV6|><-MXeFlD;mE%5h`P|>}=s|Qk zmO1d{%9GvK-T&g@vBF*fd0I(1gL8&zj2NwQmi`{?UZYtc|KrnVl)?Vf`oXt$HwLUd z0meS??0o{e;2kq6XIRvh+ak<2Rsr#tBMGl%tC$cJ*wI&3oXK*`g~&6( zn^B>e`qSR8_s0y!aQo_p$p`~5D{O{NTjjeOADd^r!0lXYsc#Tdne3x`j|8y z_o)UBYdxar0cO0zZ`v)#vRdBTb@hEeYvQwVRWJ8)N7S#;^UHRP0X8YYtc1y=!=xyd zf@|(tQI!g|_nfV~@2N%t;9g_&hsSTAx__D!w^8l0Mrs8ER^pzh5vt+h#n`q?SX*Gv zneG{)tM5QS)}d3>Mhvo@CtTLK+%F#N4yLD z4kd8!a2srF?f$Z)@)w>+5@Q1zWh?O6kb=AAsjf~edc&x6@mP`wNPCyGf0N7K68W^! z)M_*)9%;_RME7%K(i*XiI7arP3okSan+(Vz^O{>%N4MJxDN257OEGYM|3cGskW>T5 z4!7iS8>u0V^IhSxs&5LeSZ0nJiOZC&aULQKcV#NdsZvz)>)}-$tg8y|=f?m0cn^ED z&_)3;C_FPBfI*Da04T{n|aNrozvjfqjT1ByX%X7G4#aHF7{zp?}^0f^Qu87fo6 z%0hnVT@`F7lW9sswqVD?*H_;)hknXUbX5OhWa^Og370l+Xgul<(|EwUB-b72!ofzG znVB!j2eOMOtwn?=6E5A+YAl!|O*bq38QE`g#usjaoKEw0{6@M#F$^zwjk4&IFXHkZ z|MsBa891OS#&E%$3)phoIVe#lHUO}=Aw8%k9&dzjlHq=u<8c`)n39yrCdACsolD=2 ze%Q9xU-J_@xu^|sARDH%WUnHlp83LSU<_)1KvUgu<3Sp_U>42sdP}~B3qufBm z)0pgTgQi9z4%25DhjT+1BOg4nL;W^w!qrzJY%hYfD^HSb?5pCPF5PlTO`o24I5TYh zw>i%h-mvji4dGmVWp*sGhiqred^$%H=;h#UAK$2KFzfv5(W_55hkPp2Xpv>XiQI(h zTeYysJUovlcFy>z^VLiewf^85RBVzZ3EcbRKOpZrO<5C>DA!nCpsxGsj^UbZOqlX7 zMl+V%f%mJvU+@aw3}yF?{GVK@nr+OCtgo;0{bJ`INfP|9f?|wV#@zE)^D^F{_&Q@i zSYaG|gMv;O_2SO@`1;-aUG1-0A3k4C`=|FzS5v-h?WGniWL9I_h>R5+f`K<=PgnQv z`jXR2BRW+OHq->R#0@N+oESnK-LJ!|VH(1Z-0U*9zY1bK-=+YbfYDojH_nsthlxk9y0{=~p_rHL3Q)^eNy;0Mh)pP9@rq+r< zwm^bWQxyW3KGR$HUpvS(Ps=(XR->k6SrgXHcTe-e&k~F~gRbJOy>_Kt^rj_9wMMog z%#LBRKi9)oQg}ZY8$)V2wO&)lP`pNJR@J<5E`9i7GVfZA z>v<=JdSJY_sb$}NK0I01m9il~n$nA>-(ivN1!;pSg~CX)1OT78Vac zbR7yX>{^1^0?%qqwiWps{a5mrQ}gTcu@pTxt?$!W)J=5{T|49LA6wP@)sQut2EH;z zl3e?5@HA&$d#TTlqk~dk*=Z3uP#XW8RVN&dZwVs{X?p(mKM7OezG(MiW)17Hb3jUc z-ngNyufV9+8+34O?Maoa|DS*%2<|^=HgepP^kT8yw->vte+KD zVmV7*U0ES`RH~NrqM}M^y9)Spuy$QUoC>xr$+SU4LyjSp{xy=r^Rh|1IY+wtEWq|C z^F5-Rw;mdB(N}YSVySzvJzz3$t#X;HJJf%}5h{l?=u8^-Y}#Rs)-7_r;;d+Osmd? z#^w2X-2611y0swlcaNXKdAEJl)UYY~SWr+Z#1&RY8`)58)YX>%zu&~M=dEI@J{}?V z0Vc0Nmr=5eIfW?>jp}I5J6{*w>(u++YXX96-)Z0jVhAPl0-ZCIF%CAdy>IX{Wio;XA}V>k)fNuWbX(VZEt0d~=2N*~>@N94FmGk^2M+OOokW4s=B(xZEv_$K&xAVVu;|UIP>pa7>nbXfZ za#$+N>g%u)-dDB!-E+jRBi`55F05FOd%_2$t&wi9IS?pzjermql7goKn(Ks>$ZL?@ zCS9lEj^_iQrFGs*noO0q7IUxhoU zxgU)uz~S-v%ErWNGVSK*^atOU<9&Tj;KTL)%#0ckDCYk4#>bV7I3Tew|5vcRp1<^= zRn-#wQ+N?et}GtRY|KreY?*pO$=@!jkC~I$YwQ(b6m(sb7@ev#5I|0>m|_@)aP%n9 zP=Ll@K&{BME=r1mDhn=bh<3Qd&m1J!>;XJ>bCSFZT3_3Q<0u@9-mQp5pK1_*^ zIus%_Kn{RO-5!QjJO_hbBkN}*2MeN(3qml?hk?aLwlk3aCBY)XkrN=LC!9QItZhLa z1!p&Z-J*$$dwTxl+tXpzTvJ;Mjsb@epQ8PO94!)22rW~BUo${RgfZt+J31~NbK2Cn ziJ)O8)AJoT ze@+SVzJ1fl4a|r7u{Q67!QZN>1~^grr;337C?JD9+^R?6uETKe>5sV zG&1{U_suzY9iutlz0I>9e~x{fLI+&bWC;l)IjYdJtg18lQ6&K|7^Eu#nO^FJv&fk1Q&RIp%)uw;nc9pON0%;lhyu(SdPM5z@)D+ zyFU;i>@Fcmrisu8cyV0Wg0?qRs z#O3u65$>ZpI(Wn^U-FY-@37r2l-&+A@yh&mvFcVLba$-u%vJeRYp&vZL2B31jYgLL z9e(N9?h#dKQ?(1efZf6?VA4_94@LSB4C@$EigF#gD{1%S{=;oimlSGO>H-z|!qG7= zp2YdOld47AOP}W{rflDh?spa(ugPUKJ9C?!J%xIN;U&8R;Ao&sNI|D_OzJ9OaW37z zwc?1&tZ-zyc)HmLZ}GZW>4WK56H19QVYE3L6=Cy;?Dlgpit{t6wo){Jn*ANPuIVS{%$(_ zqo7sXjUiXhM2NqI!R25T}Yu(85P5h>^P4$AKGBm z*w*ah!v^z_&YGqTE1U>vZR%)xfs5xI}sX33Z$}P~A zVgO|d$Ze&`?yI%cpQ}2pO4ssUs!Z1$SF<;|o`?5yjTthk{BE7EGFXO5T znn`tsr#duSALDMf+ePPkwPvv6fO9H6J+=`YB0=vtVA&Y`O; zh*Zx0_0#oq_=cqr7bz~&t%Pf?jNA1u6B5wj6scWqXTDy(3a+JvxCU47Zmkw9aHT_} zJYdx=D-vUtMWI|%8c5QnxR#cp3a)l|%9;FX7wn>=C}MXc)TsB7ijx?zm>|YcCCX(p zTnivoOaNEQE7yaoUezs>vvf@2)SMTt?`c9;+ts&R&Y^2Kp)ryr*NC8t>pVH&vyzWY~*(BFOU3ViE`^fY}8Ri~cr#y3yp{wM82)a0WMIt=a zK_`8iol{i|g|eK~${;$WTo_ymJ>BOXUGMLBP9YIEwfgZ5`~`ZQztu0-wk-aY<+;#7KXrQ+ha8QzEHx|3 z^P)#1+0kgrQoFJ|CxS?Fyqw1!jkYYcE6Z~uhxc%>8WU*Vk?B1;R+m8To(;^njlqI& zY{gmp)aX++F0;wuhQ67*&}wp&6piOZkJ;p~BfQK#PtVEW%#PjzFp9(Y}L&m}K0uNJ?i<^h)^sGMk$&s6Ob|X5WX%m9n8}B=9 z6RIlCqS4dSP3M!tgn#HN2g`c87;-@I!Xfjykz?=W;TbI}=^kVvyB zAL8K2EwadOYEw&&EJ-48XvGomNr^HQ?od`Mz#~smPH%vOT zC;7kze`mKMJLbi#^&bBiQCh4X&q<7;8KSh79D=;2arW_TVtegqP?9??PvARZssMO~ z=f)mS{<%ljF^zogO7rsYd9Ixn7x=tNbM?;5-YHBfyFB0ii^6L(U34huCxA4)0_cGm#!e6bsVqWDpq- zYAbS&gn_UE@=*A%`I)h2sXDOF1ErkpwS&9sXOOV)Igq68a4=zE)q{Q>C_6~*v!upM zatxKjIJk#4u+zUs=PZQqX|fhdpjsE5LJ-Li(IL7vAFmM=2)>p*8m|Q#rq_sZbUnsZ zx44IXJT5Q=ccgR?l4x?oDeXL4n%tYVtyd5?g@weWg}tWMfO^A1Qf3b%t34Zf)NzN0 z95-aftwKQ#kfi8_Or-(_v0vxV;we1~kV6gKta}!V9NID4P-Gr^Je8+zp)D|80FfO~2`4x_X0b>)rtz%1Ye^1O38`Ahs^%k)P^ECdnGh;6q=})3CoCQzZG_bcA*z+= zq7#28sfQ;=!ossWP^jn1%?rx-<(i!>XHi6W5r&+T2!BL06^QXrh0h&jnBzDlM4-E| z+~mUY%x@vUV=7P<(|=`PO9T;_D7f>dQ>z|CnB)Wk@uqi73ULZ*upQ|X?f@yQ;csQr zB)lLvoa)$^=a}OtBGI)ZNAbfZ2d517^$`~0jVHu|j~vE<8p7NfCu#!;L3RUu`~e|d z2h)-ozg;dI6B3##0Vlv0$`)iS`?3C~ZlM(t$1Ebe87UMfD|(w8ogBsk1{+%QQ%8=J z@Cl7UEdIiAK+fk|+TNqn*qD@Vqm)imB%cwzC9xb~`D0>pLoxWKHG)R6F%_8aOFVVt z$dVAJCNvOG*B`Vqt3UVX`hr0$*>^yIYd<-7sf-_#pB%a_ zQXorKVOHSWr|{J29d=Hu#%h?lsf1vdLWfgQxA>7hQ^uhR9*!fE)5~KYl(2AffzTvt zed-q4N?O_`E6d{K&?#@{m>fRdQ%4Sy&uy_iOBmWc)-Y^yFfCD^1}k`;I&#RZ*m2&C zriX(rIV6ndM2lHF+AL)vz)}V_bapDdohDw1YC%Ms5bT~4;RHYHqjn{}S^IIRRd=yq zlVd{T3l-gDCY#(hpu>d5bdpU_oCiM9aZ{eg!cyxg>5v0|TpKy?$EQvXucxFYujt%yrBabtqqqcbfiv-r6Z#On(O(dVu>9u8@MPCh0~WSlG+ckbb0&AAca76|_K zZ~@<3$XdTw_8s#M1)S3&V-vELGk|+^t#b#Qo?p8-C9|WTIh%5g(s}})xdF)>oMIM| z8PVDF1qGnt+5xNqCrdIoI0+&IW${tX_0l~UFmVRaK{-J|L`j_HnQzgEZJRxakkdvk z7mOp$vN-H;HmFbM&>SZfR?~8&kei}>e`s7H%+gh=yeOTlV-5$Wpx`rq%_={cv=*o5 z3n5X(sg6z&!{JXj!g1h5%!ku!hC^iPER9)1oG!sL>;lIlQe=~uhtsmDE!=IUgA@6f z5+377%l+~Vhz}=I1*LkeSjzFJkWbfTobYTjA&19xG+tb5CuFd0h*KSp!?69>4i7nAgk@f$T(_2&cmi2$g- zI^p0OyY8~7NnF!%4^Ck3d!qTomE%`qf^_Q>7Lo|uf0Jb8qy5EjIvH_NB&h=X7nPKa zLF8nW7#*@zs_f}(sMa1FhmbfVBqG%}A)?+uVlGa=Rj09qOkVRS4E0$jRo@ZMba-cp zs5_2}(P<7pLA2y5N?#Hu-Q1hYGn@uv%c}Aoz0Pw1DeE4UfkzIfmQF*?CWxhD!d1G2 z1UKS$k1VLc>70cQTFNdhdH}r2IDy9g7C@Y@5FUDM%6g%jFC3J4ZQ6MO$PwV$&U(&K zfLCO?#@$sjR6igy^L8kxBr5j9Eii{2pHWvhk|KKzwZ{vWpf4lbdpZ;m* zTXXt}V_fccy369A8d8iPJLuFJGGb+K(LniF~nNsp&=97mgX_ zJu+sM#j=j$!sMxv)6^ZCZ-p8iiFIB3Ae?mNbHXPSHtb>z*&m9YfB7sBvvbZB#g@zL zFk8qy?$Zzl#d&JlTEpJ-?$;8{?j^X+EDiBNRLm)M2f1zHP{$6@8b(sEZWHlYgTt)s zQO>A(x;is)pWDo-+eZbflUUQ`%O>}0+Es7fzh%4nh`9lo=!h|iqKel_T~}+;1}@jt zFO^!bSyyYa4ldW#FO`|Fc~?D23s>l>N^Z91o3q);tmbvKafG)fT{XZ=(6@CzeyyTf zY+hH*6-KSq<^o;KuS1?vR~rY6c?w}-JYine(baM=n0o}lT~1%+>UBw%c!cL3UGFrp zNRVBfkd)J40UgP11_F8_3?`JF0CSXZHX-SlWCD)vdHT>DUPN0mU2Uu*+07Jt!@Oe; ztsYfyXs#`lyE<1#vYVOF)rV4#Dmc_cgo=)vh+ymfWs3(2?wB zP9InoYJx*^ZK>MTIXaTv%;TkduE(Ldwq&|mNv{X5=cxMy1D_Y7_r&n>W2D@>N7p~> zmTd+-#q6#w74Y|YDTdXq&QS;LW}cT~SYhDj6;9C;;mupDQCFXKsKiBd;JICW+F=kq zVGLL7>XQv|xK;*!+TjbAQTLx|Xu`F2^=XG4Tx(aKc1S@_NWkU0`n1CZdcyt9?dk*N zR6h3{ORO{c|1uKzndVFOq(kx+tMBTw$%X963+63W-_>W6=h%~6(_5^*tIsBfvBw?M zTdcmT&n7>y$3Mwi%-yd(OzzKbbf z(J;RcOWc|_3>4rtb14TbKzSX+IC>-5R0`rT!C@rjvj+Vj(N>nRaA_Dj!focE;z%si zRY}{WMs<$6zT1q~gQ%XVAK+PGuAZ@&ri?c{TRH|0NaLKS>!J%|{{Z?#z;Obx*L1(N z`&>bgw+Z1`)?2cxi|=gQuI8@EGd(iim{Mhz%u25}^@5W-jb9LDkd}j3F67_}bJcVe z^2FZanN|jJ6Q@ccoT9ri4aNn}j#(CkXh77klJJ2tC#<2X3PHVdnR~jglCP`If)s+< zhzdmF@Ih}L*U;6dK?)|v&)7KbgXa{E^RVTDm6;mMBnJeAR0LA1QnAgg$-7`zR~1X5 zLDC0Dg`lxWaU2k2YMRbJ?6Zchasrsrcr@!2;zE^DL6SrfX(VNGB~2nCbXfU95U;vShcHT7BfC4XIfz-Yn3jHn4!;MXv--QhY6$W z%-XSrb@dN60MuvC)p8&RmA*#@T+k6YjjE)gLLjX6b$_sds!3zZw_))Wsj&oZNnG)O z-P!>a&;%!Dp(pVzY6LKb9@ z*$oRobfATNI3x>XVC)JFoA=j< z6OoW0rMD!Sc3}+OUY+#OTcFgK3QZv@bbd|}ZX*i6W0s*8x4Gb;xRWU(F0YWt0mbl4*t#)mY(J1Xm>dP^pkidi9N^-DBAUZ69 z<#t=GqX@!|DOztMjQ)9a_8Nip8t9oSxdGK@aymVm*-BaBRO_P&XSY;p-YS)lp0h?Y zKv$NT=R@6ccZw&`*J-?tY5X_z;>8tBUc695k>h9B$(+1?u!uf;Z2_RO)|H+GYOB@S z*g(fl<`l>*r3PNT2uX@*Bvjau4?3$0x)tbjGRac7m`(9W6ljGk5MA9aAeUw-<8lu6 zvRIC3is4WS0Ci;DPO&6zwOXejKSat|Jc_1>6Di!(E>hE;IxWi~!;;^_EC7rxEuxFA z#;^w!87Df;n3YL5WJF0SEkPjO6;5dYQ5Wg3I8aORNMfau&4h;ELOKM7OSR6>YH5B^ z`#v*kFp9~Y=0bpAGJ08e)KVHiv0EvMR8%oYe1vT;iftt5D5gUi;5ZN30TL+S6!1p3 zSrijqSO7!lnXVeXcY>fxomB)z8hmkzq#CW(sgp0o!Vhx-{9ou{`9b5R5!Y5tbKoKO zi)=KK9X6-!VryI0pBhPJ)H_RYDKej^v_6G=>w=h)%-b@B`mGMAv3(fc4va)czGxve zEcOTU?mYJ|?4zUT4o^i3smPrD7D5J~e4!yBqK>ScYk*meybhDx%JkFb-UON1Whrif9}}SxAI0A&uvZH|LeSr)pu9 zU4WNDKHU$nWv|n`w+tIxEqq3nZh=@~L7Nm4S0JP11MPYq%mr874cg*5w znjiegE=WB>4RW=Q-SW&TC!(pJUUMf)IWJBzSJ1DLbX2GaRKN}vBe?Z!4yeu}|4f=S zm#o<&AMcEsIjde1%wx3y!vmJ3=tGsP#iDbQhe+>I21}6KX9XllMemOBn~331^b!_| z-WEu{52X=U3Y3IlEndAXEoU!D>g3^;s(P+0V-++}Dil)pA*s%Osbd$Kz}wac7s+e$ zvE39~UGy`J!|E1QQOijKZg$RAAbDpu*{t(UinX4~<=IJC*oj$4dK;#-j$GcIl-rUl zN6I6)P;!+@WotV+8@1Dnl{-`e+g879_}eg|v6I@mNV|Yjcb6{J3A@XSs8On}=_(~+ z%c#;<4228{whbc+!&Xh-zFn8Z9F}lT&Sq=G1@M*~m9o|P$C$*LQLg9aX}VTqFdE9) zS`RDK5rs$@*Bcc0(1A=bW(2N#)=Sy5bZoR7>#Spl^wn9n)v89zJB~1&z~<~&Y=P7S z`I|CyLr9{OW}IS^SGJJvLaTyQpqp4OlPN=THp{v3%kjxJI{L?@;v>0LlhdHvYF!e= znIDSKxxa006hpFw1W`Jt+~I1zC3)OI6$CJ(0{GAl8VJjQg-J2|8h zF*&H9W>)v6+r{~llpG&Y&ay#7#F(*EC6c9~x@N1^ouQ`}bH6vl|LT>XmVbAw{&X~O zEdbG#TeQ`hC8@^j4#-4sq&lo7nIQ-#5v=YhGn=t*Z4Cp|{||5$;U&Y2{*H)Ll%w95 z-E~st^sgf~z#V9yLxsqQ&^>#Xj5rRVPml_Qp~LP@cSj5O3H}3YaLpm1I=c|$R<>jI z>>!Mb)gXohbpnC+dptrzg5?wzuoZ>ez}ktA#u1H45eA+Uo!?NvsgIWNW_oMlSo_>o z>yk}CLXsfOGx^Io)Ni#q=sKUx@ARpQ-oNJW&+}uUF}{V^Fq~zHR7PUJ5|*kg9bcmf zPP!7LIb#&Eia-NGVoeow=7jl3?tnWw_2Wr=TT{?{elN8$s9>AMNV#f$!wqeWBdJd4 z4wUm4s87%b-H@jvj_FO&BXd-LgNHZRvCnZZ_W-P~=>h-8us?N4w^A@;$?R~pA%+3OXC!_=tQ7vcR9V@Mi_mF=zwEB zRg7EAS~(HBVysk=lqEC}Jzey7y-aV&GFvJuct{cwha?WBU34bpjicvii38J5?zOWN zmPQnqTlpc&q;4pc{FM|0{j;Nfb~M6Dplq1{JKJc2ZwL}<$-tloDz-Go48^Hq-Y;6* z&ykNL$UxG`tw#ouiP(bxg6YHC7`LoxPoHB|&fZOhR%rG`S|=q{Z8L zNoL*i4Y`JAqQi!rbWA!4XMd0&-O_8U5`+1`3nQ+;h;XQXL3+tB4?GGRJT=?pcR=qL zx~`-j*5}AH4j50EWIMIm=SMI`aO%A@jddUQfx~sCa2A{OFqflHO7{TKRFG&WSswFz zD`{wT^7eH>-UCJ6pKx$UctG&#r<7SiFgxULgQi_w>M zK;my*<)!sbE6Gwdz+l&4riNan3(#a2Qk}k~EQ2dvKvwN;hfMB2)PamTA;3bw zi8t_|8XO$}3N8mlk@>Ih91=@?AxI;0j&ALxtz3bfPJl&#L-HeBhpLlhgK$yo>q+uD zE`&5|?prE}8Ouy)#azn00TyHV4+#rdY~|D{v~gw719hQ}iVAIIi%Qj*CW_dI232hy zPLl-^QnX0rK1PE6Y00SF=QN3SA94~U5Gvf7L-rI(rwRG-55Z#8Nq+qH!>2Y&+I`gK zWWsJqdmFXoUP`{{iG&0_W2)1e6gfwf;BJ5Z?OQc_Ha5^}8jx6!R_mB0Q%*Ci8CAqY@&Lc5&j z#8D!9Xb{;(@AZ48lB#e+lO&>GuawJo z4Wirnrv|_Vk~~;|mOA7yI8lM@ z0&q)%+DDh@^sQuN3Ho51?p&G)>f@qDVQ`^Nx9I38tkw?AUHgvW9c z*ulGS9JU}tnLfX%bf^25RUf$t0mO|SR@`ps7fSEyfdT^+lha8KPXK)JELdZMqwV>&v+r1V}lKkghclV&X+X{>H2Yqye zUhA!irIgB90lOl}{`$Z|t$_oQ-pPI1z}bj*TL@h_1`|?@DRB>SVldUZXSX$G6VgXU z0k=*pS~QRddA{^Qb{DII>4=S(FyA^8%x}6$JZjyLDHu=mTOEyWtAoZQN(gUtP)a6A zgj3S$pkWrnkyfi?y3mq4ocx-=oaDbhlagy2q<#ybj7J4#wL7Mks;d#u!2>1C`8DMl z*hhLN)w(T>*q3I>ug@bsjpe^(>#%4WbL9Wd-r-?c{vRCdeU<-@@ob<%V|B#P2D&_d z^?y2A(de9l@z;KK{D$^<0IkG_oU2Am?CsI8*Wxs6rF4Vm`Qr%$MRL#F8S=T>3v&$L&f)XJ^bs+;|m z?HM3@rE=(Y^`(>pNwy=KK=}}Lmv*kfXPz|2y6CEP*F9cCc zO`E#s@U@xL=vn|tB!~-D@yjAmRSgHKruPimrz~L+8%_UC79hPiXwJcR(nVfRsN=L?N7R8-3GwXsq5E3V)OL7xjNE z2BwX=#fPG-MG3n&kZucgo$qhO9cw;?zm!F3$&P}XcKbw zT0^{5E{YOP<8+AHI7zzhWXvn|(f^EJGTlbsfYg?QR%M1VM&GCf z4i-CI&$}E|8n$K@R9;2m*(J8Bx{K38Ki@%}r^rR${5!BwRbD(lHj>Mt`rBF&cNbgl zK~rAeLg?tt|Mm-Ep~L@oSqK;3t91OL>dP&6-`mr-v5;C_M0o_%lB--};Z$n!fdy03 z743`hL(RhVEErd74#2@# z!YR0&<#s;Ci7=#sXJFPd$ifjxyUoT-rIhU!@SKqoWO7URF`Fcq6V(3eZg+3Dv(v8X zC-r>L-O2%i%7EIc$=>bmfTVc0?UJ>wZ1qrcSz5&;y<_}Fcf1*ube;1BiS^yev?3o< z62omqGkR%6X*}xQd=J{#I!PCB7XQHp4T)w-KPGPtq>k8(RHo?q$P;2RVXk(~bPaLL z8m)`X_+&xIOEoBB_BUUKVf_vNuyVt`Rc9@W)mN%L_7Z>b)6p?1a-TPwReXSh1?0`@ zYLRL%OUI1UKUL7kMMyZS`ua$DeDSI&0RtW`K)=;l4=1!>`-MnXQ*(V(J32qrai$y6 z4ky%9XimbNb&ycIGcL}5wRP7=#$P3CvpB^Ogv&X~QYHc%5#Erh;{-3DxbH7YPJI@= z<*cxha(fk8Y0POn>fP=^kvYVzRH!5C+{)`4j`xJC5Ozxq#_iX^SY$8+N_htB_BkYL zgZ$ZQ?+zZjDl7mA8=jDeq?=cnNBft{$rW|R1XwTL$)iv^D7w)u7w;+d0&3Rzzx}uj z=Plj)xvPl3D=X3A0cW6ZbrFQ$65dszmx?6Dpyl^eR9>B;LD73 zQdj*k$2wtQM`$bx-utox-w>xpC%BCuEhF6}Z$MlG6~v^7$+F+w|Br6#2;JeSiqB1g zo0`&hSh=g_A$&rV#VL*Q0{h+l?vC=fchC4G7)`-#9ZW(8hfv`Fi-4HzPoF=x5z3u+ zyC!6!M2iZ$Z3y(k$%uS}+inO~OmK+U5U!|)^*ErI1@xchJahz!Tp9P58wBB zz#{b5{qDXFT%*Gbw;{gN5C;S(0`Y>{DpXmw_2R`9M43@>8A27yO~n97al}U73J5MY z$ztDVym-;@{7Nk~!ot;=e->rhpEhql>~wzkZR^E{|M&B6FFt?%rj0fo@}PT^vP%dB zg{)ioxeLvgy#HI~{#QklYv%j)m-+sm`+Eo9mF|D{4_@wnz5jiT=P~bpp{=ViXW3}1 z=DC{InF$1_<8LZcpgc!`iLM9XU?fNo7XzZobz7}>0*^=^rqnmLIHDn}sVB05ogLKw zv0}ne6cYbGdtd+EwyiAqyZ#C+?LJ$nNm;gI_xL{FyKa)+dYcbF+fB~h=4}g+kc65d zSb&nFHrc;@4+a1UeoM0ak-gS?r#B|S!C){L%nSxI`euzMI}V8lAk)wmc&8#BW1Nh= zgr)U2c6S}*2;y^+r2lvemm!=XC1C)csHX1ju9IzeB@Fv_g<*dQ4ErgDB~g3AB-jIv5;B}Gt(nGJQO6!=lMk-UE z&^gRF?C?8M)T>e(iuGuMZdkOHpk&P1joFf9zb2;5g-q}2Us-?W7_z77M)f*j8%Z-G zrAR7>ApM=u2tr-URImf3a1>O0Z>(=mR|53T#LqfilWWBvYyys&rpG79`52v_US589 zck%KPy}Gz~ccHR{!FtpMGEDMi4phk2Z()&J8J#?*zS9$}(d8aGAIlZA-m*j|{Ub9H z>Ea}u*p(M{5DSA`36lwijN>{_xT@kbH&3s13ZzoXSL8#^+_j+n!<0kfAUlhz&P=Yd zDoMN&w4Ri!y^U<}u3|qIs+qXyyy*6NX2c3Z{HE}c4%y5#D>LM0G{iKtSog81NdI5| zR?+_;LG}9dzoVlH{jdLY|NmZo_pbk0ewLWCI4#Krl?*D>56x`wKUoYq{CUAxVqI*} z`cE<@sx@*{^qx};2m}SAZg0-_muhV$m88_5AVfUHz)MqDT8&K}%gW~FW%hv}Qn^VO zhpqP5>Ng>LLL;?15xsAO{6DAAwm5edra8PyE~s)33jFdA z7jaSQrSlT9nxZpc_jHCXLDyF$p3!zdVorRVkl+|{J?8nGlPDnkd>V%8D`8wf-G;>& zXUz*sGFAI)S7m>v{@q@;Zp|*TWOG{#TA;{v5}sC-7#i2h-2WvSGCki4USP7a&(NdYp$;Zzk% zGqnmtnyFAUEcKFnSo?x682&AbyaJ#0rLNx^<6Z8f=HI#bHZAHe5a^k$Y3#GyaqNmPFN&;6tQ{_fG>Xm_`#5%flElr~ma2 z`=2hnKXv~%cK`h7{`a@~UG|{+tSi6xcA<8gzge`(Sto{1j!*Pacum995C}Z@e<%Ia zdjmy1vOj5L|9KAMZ8k8Fr)s60ru^1yKh)a)EBSwPy!oOIpcenn!Skb%|L1V;>Hg=v z{O}oh7P7@_?X(<4B}6-m-c=P+?rvJ%W14=C}*%^Dro@ z0ClCvh?I`HUP{8*=Ui91Fo}F^LOzUqNKK8Vps3R1r2CTr%lxu!C>lyS68 z{>TBZx`xp$x2nH0p*pZ;Ug;w?D`f9gL00QM%xqD@TjhkKI)J*0u?x&!;sW{IKm@1k=6kXR>=*Jo>#9g zp%gs{I`RXkNS~-`lCYiX;#Zn5_UD}oGR!JP*uA9{ho^GhdYZ_+jdVg?8%+D;O4x4{ zXt@m#kz~e;1*yh-F>=}(c(e7=(5s13QKD*$#ZP38a-f|eA^dPE%@lPM&ZU@N=(CpQ z`6NV1C|vAMh|{&j+oKNsgWoFpzfKOduJhl6{z0++&;I_=)A{ec{O(`>x0HF2;3&X6 z&_(B}1d!%6(=tnUSee{VeN@gx)|_vu)Q7d>;3&w}f1%rM?v3uuiu5zNT8>YQq%7qw zQ#)K~`+{P}p58rEjn***T(u*p<}>3a%DyZ23&By5Z-Gza!9dfj_(Vy@z#YshKGHWL z)3K}gb<^raov&i^SLH@YGGbNqoO-dm3R#*N9%WbOgm4HNusogFc||U7o$0d?xKF?O-zxgQ;*^Ee|5p9~Xt!U~|M&I}pY;Fx_}zQ_ z=c`XK)Q}(Ra?YmCHRv3*+lnom+^mUCg$Un*7&7~|Z24|RIHv)T(veRiA06()Kk4Lh zIvmnZ$Z_jRm%QLaYLx0s7toYAo0C7RRhGd#LtX8rZ3ECsUCz4%v4ZY5!pRRr{o80@ zpAjcefgL&DI>`CeS$$AACERcthI91C6o+zN1F5ILU_GhY0CZ@d$UY?IBE9e_*o4@p zGMU#M45);4cbfY&xaVT^hk67v`X;ewSgk zW|hB{3DqeTiTwFj$&2-_RK<Sm2Bvr-rSAHeN1Q*OI`QwBH{JF`7*)t4>s;K}WGXVy5 z`CfkauK%auKZ=X=w%M?68g9#Nl_sF(Qr~Z{I(E#rky|QAB`J&4dUB96nWz733h*g_ za?z{YgI;>~{9UYau&5XriH&jhSs_5?o((*=>Z+p=osr0x72uFVP&g#jHmvk4vWbzi zEFvC)Z9ttU)5HjV6&+&k#&7>V6^V8}ro`{UCj;zX-(VhO0a!Go$=m}BzNOKS9ajZ_ zrnSG7tVlQ^y$PmKFJBaV!;D__3p6cFhkb`Xqob-Nu3g08T<+{Q1dZ`b4q`?)4vQ2O zQu5nLpYJ-FDbJxL1*Uyl$i*zBT2}>ua-dI&`;S(1%HJ)ywVHE)BG+fS6~uLy;*Pq7 zFrUu{zx(ToCS_|>XHQR-Zi`9ebH+N!{_ip){vaIOhl{d1lK%Y6uz zYcj7+2lCePH_1juUcjgA%lkU3kn5@vP{${#z;kZdR;-$QrK{4q$$!z!MSGVa${yd~ zI5u(m*1Zsk%L$@UKt45nwV5Jaf03hgu^ABUYb{OS!Z_k2;grmX6bVbxjB~IQZu=grprb*W5U&;UP@yskVu$h_olT_fLyT{RQY1RW&Ebh4|7;T1uSN8$HsI=FI?c90hEW5>A0p(}`U4J!2ukQ6AKXF@cON z36q8;67$J`g~ANE1$5@Us8DkX^P!wLAebR{j=)q~<8pqLYGZs)Vmi>i^S1m%$Sox( zlAjDQ4c|p?$xYp`U+T?3j+0M`ht7te<|jG*(%XgfY1zawFLas8igbG_9{` z{QcnpiTnjRhK}r>B_=y4V)mv3jyathY=8whJU}G!`8-a{a*%!g7sM&trb~!)5UC#! z2arODv#CDUFl$II3dRG-@uM>~f(LRqjeNNB&vh^^E{aMi8TxYPRnjpfU`Yfh>A!t8 zM7Tme$i4upX(X{o&s@yHHmtiP^q1LEGv3k^S9NHElZtM#G?XAoV3lTlVIk5COK9tw z%p1E&OrA$2Hef+eQDmV^-kC{Iq$EMNgV3Ib&eNn}W~eiYixMa!p4^QxSttzBhCF#e z*oZ$|ssQPi%0q0+S6eHSBpqY@f#j{ixQP~kDN%L9%0cgY=mO+UIJZPmfn0jTr?5P= zm?~3LPoI{lA|}3atLY(ZsTW&0!K@Is2m7*Pp+wNOm;EA{?khx+0bhc7gDe!!vl|tSG65&Bef_!Emv#d|-wOn_}eAC>jIJbmEF*Rm2-y3VeOoz#e z3De>jG#m?~s^Z4k#FbEi{B|oP_biXfEl& z+l9%$On5qy?U3CNj<)4absENFjQZWK`t$8{LOAtNzl*k~aa?ZoS*OYT)u~%E&|dhI zmUe==56Fmox=?W#r(yV-Cg6T_K7RaQ(E{>WeU^H;NH}`FC~!M(l#@~-YhkUg&q$1? z!(m7Y0xar*?BkfAxqwJK%>vo!G1A(~CZmg7|?*X18M zfKAu4rh*7d&4RoJ`TMz27VID<4ZRyG;0BgJG|^dzl|E*p}h%9TG6fAt(pDQd6-t3cdUnZt85j5uvx86kdLs%W(1ya?(vpkgD}8b(L8PvLqAoui9_H-e`{wMlmNd%BG@hJ7L=h7mF-* z)v|4|KiKMBlDpfO+l;or$LrDQMwAEdmL9lqDrxOO2KFei!%e_5m{;2Vg9E4{1EB$Jl`~iUgxhBQTZ)TUZ+o+@` zADxemQ}kaf_^q;Zsxhk_&68AL=WiAHpWU`wYzJtO|9j7$7w`WZ^q=bg+|Ta;tFBEQzLV4L0r32{PaF**_as~)DPLlYz*PCRCHa#6BMOjb8oQ`^uQo>r3d+ zVMQhicwV}S{kYYYRrY^%)VQ|$zt4Be^}&&BF!n%hhyjZNl6{eOKcQ{avwF(d<3uCZP@a z6f>S6DM1W?FJDeJx38xI;wK>x$9M#-Yg>&u915N^D?f`)%BX#4$Ytnv!6GTePn^HN zSM13aDhJ>fxleyK(Nr!}1u1TY-%n{6AQH{c409FqqvDORx`x?0kp-ftSu`^A~v5h%@HJz(n#I97at1^J=$DeR4IF#&zC58F7eg_h-S zuWPZ5)B&f5x)t^@{F$9~)LrVD^@Lcu!b1dE%nI-EFp*h4^hM-SGQh-n}p3}?>E3biu$lwp_> zNd~QLljL6uDD#E)Jr?9#N)a%-y7vB_nkm{EVH27tz>b|D+qtF@?5mnYPG+%uMq-Tj zo*&97`#P+br{8UVtJr@xn9F6munE|D{?{*^{~bMl%Kv&Vzk9d;J}Blvc)+HKF8Iz_ z7=q}=qb4Dp@||vfg+~qbaxNH4nq+b%H2cg9ausHtP;>FnK~@RRuC8%ZETHpQ1q=Q_ zqX0QB|M)TZcJs56uE&llfArz>;_cbne;%WYZ1gA~3GovWplxY`S*1e1d^wg+WScKv zx;segm{D5$S`~CqF_qyQaUzFFB7MsP&lnBL)CTnvqnNWm8ROE7qnt(R;xt^(tgk?= zX+yX$MX2GP2_%?wbuX^$#kE@6Zq=tP=D~j}$bTz*x%aD&g}_n3al>ZN=Kt&O74v@_ z9_&8(|L)~?@A6-ViWBt0a86bkA&oqT#9dObLIiqagl$DIea4e1z&hukDg2X0`+ z&0RwVw&^DtQq1SpJyvz50a@8VvT7eIoa;a&vE_TlJ(bJ{bni0<&QIhU;g<46K3n zIVUsRD5|~-Sarm4Te_ReC~Cf!qPe{l7!4xT6?9psN5A^)LA1=>JGaUJ7Y(F#5TFVda zEZ)xQGkx5R%~wIvr7S-4y#|M;$#`X>uK=ssiPalPqS zfFn0r`9Y1@c)?gwV>)u{m6PkW0*>5%O_-4dW2zswe&24sHh+IX;*k2lB6Y(lw zq$Y83mTJx7T*G?PSo4T0r+CfQaSnt0XaGr@QC7(pQ)0N9;%L^@CY4b|%IyLU-SP#e zbvq#prOQNKs~e(t-^w1oDj;o3AIDk?P6H8Y7F9j>RkUA#3A3;6fJ{|5HB;>0#gVhf z4!Aa7&Ki}0Mett1nPb3Kz+1(Uvmlr?yK&4QmYDYyT{v}6Zt1`=U>~{r#ulf`tg)O@ zcZbfKJ6vwLA>3x2**nrQ3#;b4H9O|y`dwmXGd26GoYf5dmKn9BWYvt>&sTNB-P-@d zq7l25|EItE{GfRM_i*><;K~1UAHN6m|47bx`Tc)zGWy&4oj{r`ACD8r9&NoRNTGd8 zUy$9^9XW)`s=IapSZ)l?sEZcPc$LhtNx$-~krJ?*sk# zz8p%I#9ZttyOPwqR!FDQWc(`Q6$?(v7d37uc>JoK&6e?(*jTjKqIcl^Qa%V9g-7WY z)1vO*z%8aeuou~FdQIW9JL4eHUw+61T<+c{SJ=@Wl}}EPWC534CYIWqak}LK0hkeI z?o6-RyMiQcT2^L_9ypE2lkaU&Wn+E5H&DI?YcU%az~{fZD9{hod$iE9-1}VIkjVGbJJK0Y6UmVow`JuOp>p6YHsfrHB)x?e$j_^ z@U;AH?f-*(+szk2+v2|t4~p?$&ky&W?tk9P?*aXP^UMEwy?)1EF8}+(yZvC0cN+Nx zJ=~F-uSm@0oP6;0T3mcKq!lB+a>%S4?`1=IiuQVn_9|QWu%iDBoLUbZ>y?w7kIJj` zz>!{x0iWW$9>&+yy63IW)3mOQza8gQEGz)}b^DlL2n)~ls{W-)7`OE<0nkV8TUywO zQLnn)r3>S3me;L47iwL7$Q)zftaa^nZZtMSvnMg*QG&+G=;=lSw zCI8Ri;nV%U`}sYb|L0tB&RsZxET()ko}dh;dUsIP=5{_ItFOCp3{?|&DesU4;+AP( zDj-$5h*Ik^ZEu@j?NFt(H%~?8=xFJ~vXvU5i>iC8bgX#!&E^5UDdlFBl&v@O%gyWU z+KRQYrW7+}Eb{IZO(AO{m*PTu7PHyQ`w=R-D9%R%v6poyG&1KxGjO-=h31hxCP%|+ z>T^JR8j!U3D3OTC9Z?sH(|9)Rd1Yps3gVdxcey0&*JSRpp=;hX?Q1nU6<~si~<~*~;q2Vo${>0r|ARS2`!V?QF=;`h)qJ z+IP_9JQ3~itc^|)O4YJjNE+5MXt9&_fZ1wG*<`NYF3zciOSKQFn;%YtJzd+!vVhm@ zs6B`^I+i--HG(bn*N*~h_*`* z(3Q(evw?4sy~g5_%9!m6VJ@n=sby5l+NE8ny2m?^B(}1;nkdPuyI(OESB__W(#G%v~9m)cBvgx3(M57L|j;S{gVW`&`~Qe>l1HgiX%bst9l={si3@_1;0TJ ztim{)svwGP>sRFu$RCwMGp@lpcYCc~y+|Bb(OFy_1y&9c45+Z3k4up%bs@GB$!@wZ zd2(3(EXe6J881JdnuXhOoC%qVo5NWvVo>piIH*d_j^YpwU?U3OOd zS%KRcV(09Z^}g-A2(ImT={PyN_pje^-R6c;0=8+duHF=ub3RqWxTR&LfIdo>liKlA z@la!ksnIV?Y4FJCjq?s|thH$&_1k{^G^=myIcp}ps!o}n!T`Mie}K3p3`K>~=ZpYX zYZ7g1odNy*1oaQP3(rKQ+Hnj1uY_kgyX>9E2=)B-wY`MS)m3|;Q=@yy4s;#Z759!J zw$17X9oBVkuUN_6EsOD?t+0pt-PZoM_o+HBK#TotM%kSahzqC0l z+kl}zAZ1%$>F&@T7WNAk4R?2?aM>=Zd})L3)6sNYqK|_tafr-jddOKgc(f)u#QF=6pbtm1?nW{ZaZei zUX4E`Q!8ryDb@W7G$Ikt6JJcdO}R|hy=z|W?PIDPi&HF7(7GfibJuR0 zX~Wh(pBByiE}DX=QG$-#{P0XuD1d8?&vGQo5yoJF483I*Wq$1xeU__M=Fe7K-Q`N9 zQk#KUJ}Sqt{Z5{f89!Zf3DbH~KJA{B&bc>dIK43{mxJEQa!p1gc`@ajM4403af*%` z90jT5&=RBIKQTSkQ4K!2Vy~jvd(7=1$r>~=8wOov=CZGvDAqpy7=4UPG~zenV^m@3 zsLmDUa^^GzylzdPSKb4lz;Ascw#s5HEzpdE0ByOhREwm!b+Rd&YbhYHz)|2yD=cG; zZ1$~ZhJYnX+}5sHSpWCNB%IJu#5h@2$86F6cc1SS_5c1sfA>lMzmMMrI>(8WF+y^s znqRqLL})OjVIbvijQwjoBEsuzpsO(zNKE6H@kAgoCSeHCDrkZee@vs%4&o%l37zQ; zFME!optFG@GE(u)+sdh+<4Do}=z8c~6wVQg;7f@TiU~&{jfmIrUS9rsDYvK226_Pu ziQd1sL;>ZZS_&W>GH#G{FA#GzP0hbe?(QChk1* z2Kc)3%u6P5=h^@5Y@qj;Q#KXo?By%b@nX(?Cw|iLXh3jJwd3sfjyDrN3rO!P@+U03 z{x4pgzI^k_n*_`E(Q^Om`O)6in$bik#)@j}jir*n#a z`H_T^{Nw-L9w$jGj(a`1DR^Ss3z#o@35%&OdZB9itLC2#*`^Dg>k((uSc(+IQz&F3 z>Z1WkZU~7|MAUa)r?atvu3rD`C>I-M$wv|C(@*vfe=Tuez6ALcczX1Pe(=jsm6q z&(SoNie}mj(8Do(Z@QoLJJ&P{j*&FM>F5oPI}?&%ss2jL72Xv#k9;A#;WP|YFe4mE zo3AEwrQ0CqM-qk%ePBEc9EHSd#;zr86NaXOAU5R)$7!IDkZO3$SullDhJT!*LKa;h9)?|Bf`B-C(ner4q%`9<)`U@;5Zf;v}^su3&^ae7(F0y$mSENj7sHL zfrmfY5W#wSq2SX9`QcO~glmRB=LF1sK@%c69T&;|ctjE+P~Y3z|F+{Q0Q=r|-tM>R z8)=6U2?PGTjEPTih-ef~6D0gGnP7OcfzBp)L@pRhGM+U{L9$mekI69-V0Lv73W)GI z1>5Twy@YjwOmoYqq!OsKvqI)e+pB{R`GhBNNRCmux;hykSN(w_^9)Kks*XR z$MX(CG$G0h(Tu4vqQf~72I)uvkzARgulqsU*-alT(gi5GUZ)d~!PFx6KphE|NTbFA z$1ik<=4^^?*fb1KNUw=}BM3p{Q^GN#(U9?p5)o=&5cVXg!$Qg1rxBu&NO0s64QxP; zI~yrm+8no$6a0C8*^u4=1JJR&bbEJPb`{&UQPa=2s&Cg?p2rxSuM6(9tVcF@_-@Sfv3 zJILrwK+r#1JG-QRk|lch?w_>Nkp@j0+;i>a8)Oq1!?ZJ z$W4c$>jtt2TOhy&0tx`q8(@Z6-KISIDi=qTu`OsOEu*x(a3&r}JNR;goy;}#YchX> zW2yTc7h&n=sT!zY#>AJB=bFqx^20_T-$Yi=@+FPxkWl!u0a$8H#8#?Uis}Zkk=;Nj z^(D$iCbZ@!GEYe*>M$+5Hlg@fQB@gt8PK}8xzV!ks4C9FtfXnN%Eei6+Cxcw_1JG zR9RhjMJU7r66zfa$MNEyswsRI<3FY()q%6w`0Fo}UaTsQoh9>IGY?>50NG`1e^`?ZyLyDW=D-! zJBmwL5UOt&7SAT~U0#!UV~^LCXL`{N^?j=>u<^?mpkHUhKDGd|7FJY#@wcre^xi(e z)C=tGyQ^21Uh*l)*<`mkAl}`*-y`DP{tAc0i{`v-3k+Q>Ihjb0 z@b$%TID?Qfi-sZSb|A`dNTfMkGNnNjhar;MFPhBtnGZP13lnwXI6DPeo;VJ0{8pjq zf}Z$d2b*T0|0+Qgyz})Z44rh39`VPY;H@t&`(16*qqq8Am?K2lk_fe#tX=0 z=y$;)iQb9x7t~+!EH3=wNb!aRIXpma(Ct)_puZ9c`Zfvr>mfn^4oJ{1l0XX$^m9Do zIFOnOh>$CW`rfX$+v)uBE<$hFj7$cEqyGL5+S}dR-BBj=Y|pr|(G3;|Ob}@v4QWKh zm;{-LKcdNaIsoT~WM1tW-4F>*rov@IHyIOGdxgO#LIs-O-x)XVC~4}c2ty$UtQDB_ zVBa6(Xhei^*eG9ye4lv=^cn*LAz@M|Fdj3G6Q#rkbT}k1EklBnDVLyvfWXAmLCNRhS1_uSiMu>fLKkOXUw^oTRwl5Ka))E*+weeT#JX zN2lYWb53U9P1g^Fq6ZcBfTx0>-|`yCZ)jUf4WPqdjs`3ltB>|zeEWv@79csb%2@~F z&%@j+!&KfC#G-KC_0TUr5>A@^oyN~8c>u>$56T6x-UYMQ$B|^J08JRsC^L5PfKAo9 zvhey%9h`d|7yT@$pwuAkR{gDn(`?_%p*6&R^fq*B7m#x`o3~&iJG{zslf*-ySed^@ z*?tCuh3)<+V z)BiMm%RW8ZiJeRn#wiX(j}yVd8F3|gd+^_VH)bMnGgQ<}_x^4}Tx2wr9}Ge^>Zvxw zl_P;Z-PxX-F#XT{-rr$c)4`V=D?;->d=}6DCbzNue6(gqHxAG=3UomGX^j0bF<^F( zxqGzd?V@ejz|pUq?%z6+cP4laY$&BK@Bl1t^2sMLEPtO(;*cs6+H4&fgxC3(2EYah zh7~VSHG7?Ig>cg807;H}y_=gG4+DxG%6WH3l&Ltta&W)=}Ic2GjLL7~zctp^M%?OX+2%hi>6>6`<{9 literal 0 HcmV?d00001 diff --git a/assets/bitnami/zookeeper-12.8.1.tgz b/assets/bitnami/zookeeper-12.8.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..257bb21d216a6c2808cc8892a484b2ea5bed8b87 GIT binary patch literal 46028 zcmV)TK(W6ciwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POv1cN;g7I1bNiehMt@-AGxnCCakwa5wWjiloGv=(eKl%xosd z0=q#HQ4{C^(2^M2zt8?ZxOD@4A)6E>+gbIQiN$W9P$(3t3WY-94@$2QN)X%JA44XB zDV)TAS@E;AwY9aov!njq+S)4q+kLgW^_T9>%iZqIix)dDcK))}eX+gu>Mvkx)reF* zDHo9aW$WH;6+8EpJdhA7pum*yUJHN_3K-K-5JDkh6kxg;A|~(svh-46S1*MsJwG80@@u=gVPF7QCUZUGSE5D_l1)x_&;2U{(e;CGfl zH`^_kB-u{|q!pnAkqD6xBi?ISoI*O8P|^Z`p@ecQ6m^C;M!n6=U^A2xoo{A^1RSZc z?*M~pC;OC*&USDY+_fUaLxvNfUgcx_v+5Q|7`?#};s64MVhjf{+5jOUg25R7fg-@r z2y=lLphFN+GQ^{lDb{NN5J3R}BoW|<-QW;$Fr*AbmsR*(O`A~L0LN}WUqran2bYeQ9e3LRf!UV=V zAFY7jj9S-ddP`ZPNSqJ&1Y#l}CWtw-e|K^V8QK6xBn(;rq%6*n8DTL_2NKJSEA(Kr zioC>W%0fM)b1QEOhR~)&rp#-tYy`X8!Rw&gD$f6+{EumPy=oaVNB(cU*x4@1|L&`; zC;9&v&jJF3hPb!6sV6a;cDg}H#u;Yzh_^Rs}=${|_y>qP1lFm_th_VA&5A2=q z?Y}ux21@JMGw}cCD3n?m{1npxjHQ_fCrBX1jFhUP>^z6f22`Sj4m7APZ>i*0C)p& zEX@^Lq6XQXesf_Y;D-Krp2l$>g$xO<4H!Wg9HIRfa@jpiA_c^N4?HN91hPW5rmowh zU)@#&TzyvJoC7E^1CTLT0nx?RLhHNlq#<@L1v(d!TJLC_PS6@(mz~ovde+vqo$7&h zy9L0rXW%dx1^TZd<~{vd+MScBt@tyV>d&Wef>Z$u+N}wG{jCK&LaPQnX53dQ%x5)s zEad9L7}Ma)a@o)605O6D;#P&pT24{bP7XwpH>=ziOmd>2YN3Q-98Yup)fzQW;}Hzg zIF^3_fhI`|1p;e|+pR&VxYew9R2z!cZes;JEWip}_-k?~5=IBesFZ;$!*v}guVw3UK;+-HfSE24BI{NNnPz%m z2xE?BA!LE=n|}q(r=LV7q;}O<)p^sL0n#(R1|B1n%xV;}5eIwnKT9H7Ze%3#_JTu^Oe5wH3`kGSLI5Cg~ z9FMtJbrvyE3=z;E9c5tf z5a<_r!24Y zWh0?@+G>|)&%jqP(4UIh(UIcndxs--BP{~2 zwE!FmxoYB|zt=zBJWzb!IXQS~8dCq16k;6;`k%KPF`)jVmUv3~$c0%EBW*sVV(hk+ zgD|sic3bC=^IOUyko~cAn-;>Hb~PC#f?VtU4ZzU^hcuQW&A{y#3u82KB&*AL5MwUn zJW3T+sGKWiirAK{gb`yj(N-H*hW&=J{*Ym4(3TLo8}h%~8!(z+(sp~|AlIlHw$Dp+ zCCREvigJ!e#H_#>*Y@a=J(PfVbT>iv_qO@FuFF|R=5!m~VJ8UNb6xdf*OReD% zp$u`5Fm!`y%JZ(Sd$Ym=W!n8$N?AIooTmCy{WR4bdC+NUP>2y^M6-!APldO|ql+Hv zlKFfxv&Ueje(REbg|<=*s@YR2P!F8IYXo@8wAG=wA9J%%(dxm)%i&(PUk%SjIHppo6Erun1E5U)f3cVvj2!4E1!@-_tyuP^Zgfgd2pArSJ< zlwb*+fC-Lc%uz^5#MdRoA~0|bcS(;if=mn$6v~pY;Cf(tYir9jy$Ke_c!J%^zmEEgj(5@R`P3K4%YX#%QcrzR2@!y7euLP`h$w;*I`P0})qCKj12ti2FOF&0$A2L3LrlYKz~!H6Ix$E% z)GObZj@0J41m)K0f!&ucU+lVg5}54Mln8Js?b~!R(3{;3G_KZrEXvK`Vp9V&q)hdS zz=V%!=8+Nb8WFH&eHO)fj7s}nIm9wNBptW>ah<@seWmsG$sOT9(S>V!Ji}KmC5&&} zjFk3kNqGqY$7B>EV;_MDoPr6|hHmz4g0ilA9DxW&lYu6sk4O*f7O?Ci&M_sDIpt`d zz&kuiCxGkMir?h>GTUcj-LQp{;xLZst@ib3yafdWji|ud?dh%7wzm{`O%^*t49-4U zJ+M=t?-;>Eag_Rx#O~yW^-M(n4cT(2W?18$(! zi%Muja%rK9%96@+;OuhTUq?E*3&4+mPAJZ#AFoMT3c!lM7yi~61hvl!M(sbbaaev zPz;Xg2*m0yD~F0oIsk_k7iSmJS}>ka3Fi$|*vjb_U;4>)tfT<38Nv> z8?Clp!C;bXdrU_Mn1KTnDf>Oryeze5#?P7PRhmK?kx^D!6+|~UL}rMkWwoIu^BBbm z2k?es$)S@339NW>fW$3AiZ@3}(vT?U>rBGPe{=kLpu!7oKC4X;r=-6p=T1SeZ`FcB zCMC!q2vaWT1pGm15Dqh|2B2WnlmB{fdf;QHrQBkA6RUGe*)=AkPK4R_8KNUZBczbj zWn(((C|3I(lOfgbf*{blULJI>2iD}(xKCiBEhsoal4l^vZE0QN1SYyqQ>mLww|p{q z`(v`H)3eLN9{5FViivNy_O*@?xbo^<<*qhI`|54R0*<9V2nG+y%{$0A*i%kYg`#%- zA##HmB}x(9K&HYY^$I6aTSWO-DHZ1qiwn5dGM-8usP*I7nSKGZ?&^W|0J3(rD{5=` z+oJBL{S$C%$Xr2V<6o68vu;TAd13p};@t8<&!CW5CzaYZ@9))c<-*Bs%Vk@sM$qLO zWLc55)Y(8yrA=#DOncAQ?Iy0-q3eK69T>|uITC3S@Uhdd+M1ius`}ojNwrHShtk`b z>*w2f#a%grfiYFIwmr?v{0b_%C4FU*;d@S*;Kp-S@}xT5N+=Wc^+n8`%9qFe#x;jj z3TVWE0 zZ1b4|Bx^o1T6OJn`Jw3C^gaTAYdPz4Eig>5z%V{QF`V}Gk`El|cOa54fmsMDa(Z=Z zVJ3)S8d+%P>emur%#zf?u`Acb0SzIJQ-&_b4Dm6IBk-es0YvtuIWV4v(n89C_4SLT zfT@u-%R1XXJ&sm(+I4vq%$E0}=SEcsmZ}pQ<m+6KEZq7rJR2S+V#M$ zTniM4AY~f>6}{vw=VvfJ3>8HF#?M>o#HAFGrCAhW?czZX(*%c26Vg(v3mNG1{C!0!OG5(n*r4 zxEvF!>R6thbT*#@-LP^6WG@Xiv&h3Mf!Qtv6EvZ0YM`ojC<5l?@=(JhEr677=D=%Z zfO_f(sO*^<6_Aa9jvCPD^}zPa-4m?CQ<7Bv+?x0+igOxqxrR;|7E}3NpgVE@g#kAZ z)hl!-HlJ}MI%14E#V?&9WgRH1yIXBa_Na0OrGnmxT$dh=_&1e(sE0P>KQWpn`(sE( z$iyr5kx(8kKIH;Uz(^JVp(;@hTdaV|r#zI)R0-!=k}C!r34zIon-#j+WKyNHuXqSU zGzVsyB(d6!fU&}u7tz#9LWL}E)Mo|2quw`V4gjXG+QTe?sxnzBDB1%$icu;AO&fa> zqtq+&!2nU)kX@fq_p@d87r?Dq)hd_4JkE6&>NB{u79K~(n51`S#tZPPKK-yk(pYWO z{H6xDf2ay&z5?txDw;IHQnJTYSWh2`nJ9y-Xk)milw43Me9%=~=$38*Jz@9;$7qD2 z`LOe{jqpY=IwSE^V)A1?`{wtcvR;!G)xN^HMe>k`FxL8dZku&Ao3t9j1P*YF1x7rG z7)`*j-Q{(@m~9RDJ!wWijzX!<&l#1nD-hEJ&F_e*Bv&XlprWpUDv{(*lpc^XL~2UQ zuSU!OkIk~$Ie+8^bM;v*b77X>yln00#1}4*L(ry6Ar!Z$<7k_@jZLFND-VYyH1bY{Ie$MW zYR>U9i(mcmGWl_+&-kcte<7_#0L?3qsCNN4$^%cX?8hsB)y7$%0})VUPGR)G6{kaS zC089+W5}Ybg*wN>F^bYyb_?BLA?SZyWVYH1p@DG*csBIC`<>umL zjzc-9nKu@@IfN>rXXurmjnTMui!ZhHNLY(UO*)P$QE!rx0^mFYu3`361G!+E1jdwoeHcOhS=Z>MuZl0`9jm z)`06$Fl3Z-6EMsn?G z@!ot^ey3Kb##(6AQlo4gohYB1?7DS_m@olrrK@;hrq=G12@V*F;hhQ?q%1-zeZVM% z3=)A52e)G!BQ18>jr=AHrUd^hMcHmNRyjh%)TtMM%Q0d|g{z8NDrE$Y)X+>a{IoL$ zE7^P|n?}(Eg3(k5T3($)2ICmTjVub03d%5y`KCSO+;Q@TZ4MyEVJG{I()18cnq+;RHWAp)=f+QHDT01UYRm8NF3+Ye1PY zrfR`G@15jqZX)NBB%i!Fmn%-z&2>yiu#V{Q(eGu3&V}0#xfFJP7nFnYN$R{Wyy{S} z_F3BSaTrBd7Xde>PDR`%jdThbdn{L-nAwLM^?(lgHHjxfD6|b@LS-+H`=!`8gPM9# z%FEcfMpG^*Lpo4SpT+6fs5!Gqqq0nZZ5^KjvSOz*K$RO3EahTVO?kjtUNnnJczPNQO&MmfLoEVM$vr!-v5F?adG@{q|ont$~^oI9udjSJs=PIN?@`IR># z-@EYDj*}Y(*8|<{7duM&T10(nNc(p`?{R@9@@qqaWXJZOJu3kH;z?6L*AOW0CeIR-?@XShYUy04KEY%!J369H=cE(o zFp0Z`tdGSM>%+UZBrk7IbERYsj8+m2RK%r1Kli)3_?XqP--I8cpyiSAgdSsZ&A~5Y zB*ut&IT_$UM~0Xbw0UX~OeCdjHYB~rRu$3RQl|(|O|*9gWiYjkfLI|T?PEfPIan}A z^`WX*u2=*GJf^o`K&ddt(kRofSV~lcv@tbJ46A|cZ4D1%N%5zK8|)=wB6z(G6(w@{z7)1mfQ&GRcYgjecFKzUelA%1Y$ z@0`;-A@E`=;tKzBM7UZGn{Vy}i3qo=B&9I13E?<6?VGLQY?5R;C3E3sg=8&r7EX3p z@)MBCNA^OlJa}MJ4#rd0Ue1w>iWpj$}D%tR=mK)e}#4&YYPcQ-?b& z3c_5s=sS_kOTFB4W}4kIQ%gM0?`tN>(Rn4DWagO% zE6UY*f%@v@BM%KL&N}hX5X7tl4B<=N(EX9!%zsNVlMu2XZ7$ z5umu3Ka@t0fnSDvDDjxwomIsvuP* zBD77LGxC|secuSvTV)fNwzCkw5#6x%H-{6Xv^`~j(Ue3TMhE6ZEqG`A`x=L%bD*5q z1TC1JtV$YYD%l?0^*hjW+L_%|Bi#3#)t9R^bXEYbhK5=RCfoZ6O^>q|<>1*DTU#~A zJ5sHx1ECc>g)_O58Ei^bE0s_%3JeZeHHS9pU{dzFhAri4;RhH)64o?&Oko6UiLB|B z4DT~3YdaEyfq`%F_OWV&d|w4lUO+PPLKdpKVUwdSkZ2C7kZ0F@T;Y-oW12=CbMpo3 z3^7BuFpf8$F~kMKq39SeL(064Tg9IZtQpt39y#ft2V@ zAVy$plxr!+qot!Q2ZYhWiId`xq2c`qsaACz+lHc0$C5~;Ei~H=DtOPPtW(|V;3P}U zTGf?IrC0VI`ssVEurNn1VQtukJ8CW97Ob7%%59`nhzV6GXhFLoE0cbW$c1SfPxUr| zvPac{W#e+W(ni&~LkH7R?Wm6tjAF#OPk=&qWgBlyL2EM2hL)s*81wNd6>8^Z&*qho z3rfFlwo2AXv&J?Ml%cOPxUQ(DpI~Jhc^3^ZRobY1^+)r6lYrX)!H4YMJQMHSp%qx=T;qp@? z8mzy)celY2(v|s&KTF+DmZL1wr2EB`zJY_>~VzOz;SkU zf{u05w;V_rV+=zj@2FB4nOB)NY3`gxl`WoA_rivSTU7@l%RMr>xu*59_vuW*KKB!A zSVs~x!PmZ(sIyfD_dm#zzc&iMV;av%5d$kgxisa!?O}A01wfQqESE zW&@@q`wK0poIP&x9w`C}jad39Fh@gWN3tN#nFh{}UnwEFd3~MG%2~CaC)k9!EhIq1A^o+SH zXfp#ZIwm$nhdSl0`qRkyP@kh&B@?Sa{M~*ax!V}2a>&pm5z_~|Ji z<|f5Df46VBVoe#tY70>3?NZstY+_Ecv+67v9nhsI;v(T)6D8X-cSM2wlBfbjG=Z~8 zt~{G4+VJje(orw}?Y{bJR>Mq@cBfrcsomZ%nfQ!8s{x?z&rlv~D~Ie^@2q9S0sz)V$+i>;d%yH$4;1Yk8eDw8CxE}F2K8W*o`%N4zE=Xf89Oq%x1wgTD z1JrccMrdcD+L`s?&AF0X@<{Rx*F>>x8;0Jn2!RmFb+1~D%2Jkjm4_l{Bb^BXi(+&> zFIuA2wk=GO9+*r!FiCRvv=acX3c6BR@2y6&5+&MQi98!&AuYB`%)C@XR+4m^-8#q; zbUPf@pnYGAo@<}2H>6kjnCc-_MX#y{whApz&dILYJ5X%UZgv-nNz$OFOm?7PKvR;X zHJ3(|vi7C%Q*-}WRoZY@mNyxem9o2}ie~xMFulw6CC0C2{Tk-a*~Xm!o_S(Ac8=Ht z>s4IE{eee?(6zjT+5*=j>VW70eTH7qfZnQ%eKpVT@Vb%YM)YKSZ>~vbEVHktHuw^Gx?pzdXr_54wNjMvH@DgrRfb{{ty^I zox~Zo!p&dJnr(0!n7tEz5gf8h!Za4@ny@+~1ROPn+~`8FCOtQ|i8XEa;VvI*f~<2P zSyP1Fi^`fdVK1>-s0|&-oqHebMPzkXkyT$tW_e6U7{E~vbiJ#{zT4I3%-!3_X5Qqb z`n<$lUH~k6o7V!{tV`bKrS(F7qnG+!xYH|hC)VHUl_`bFo4pEyKQlX0qb}bgKhkW* zE#*v_&$n4`+zvEoAnW`BP1rhiW_W3j3W<-L)JK_x>Ni!9W(9!kbfK7H{VMIcSz_IL}L? z{&RGYE!zB^W^TwC`9jM6l-isjUe=JpHRdNsFdSByeoo{*qZ1^?DCH_DkqLcP#=i(* zq5=69n0Z;WyBvV|UR~avsRa;;lttLUys`~>XA|ak!OeYKq`8he`>wlV4uM-QxZm?^ zotXt@R-xsEXwJrp`%#;j%q~Z6&T1%`-~B=)WUd_Ce$Q&d^=M?<7)94cVW?94CD-GR~FH|X@B?t0v*y9RFdk`r<&^O)Kq)Z zR5E@kr&DKU56iO02_@3PnaL%l%p7JhrLwuRulEWH?Oa%`qjG3UddT&wrK<7GmeFl| zX#&ZV3yBI8MqGEMlgH?8iNp`&n6vl08DdJq9 ztC%OMw%|rsjMIU-tvRF&QNEe;MaS-2ZVqBP*qlHW-E~02R3(Me2?-J$OrmF1T#d8q zOPY2|V`@{m+JAMv%lvv4T}ru6VC&A%(Jv8@|wg>o8s|vXdlMNnf~HesJr|v$Do*+ks@(6%Cr#uP+=V zPTV&QP{Bkl4hwWBfo+b_m=ekiJKF0O-FKO-l-+2OPrs_E;nZD7$o@_Ts#a--SqFHT z?Na6Ny+F@n{F$b~E zNe&6v4)o<%Dc8=Q34-=QNKW%vSh!IJK!(USLPcq$LqC z=lXz9mOcsGj%kd_!{Fff-r_iW7{Fh3YWfuogIVausN&Y7%j5oLzkgh@$~PVV$4pT9f_?e?v`W|8%Skxwzp!No6 z-$EkVa-iA-p{VU?I9a1-iq33@{**;s*}rVwd9!UNCu@h}5kZl@$H`3vQn=E{_C6B_ zj!?{xMym*x>`?Ui;fV*c(2X3yxnwI`(Oj9OiI=V)lb`R=FK=tsyA{3>mOq1bNY{>Xjb*{sAv74@3AZwk{-SDf9R%kA|oI#a2#%`z0z zs=nO5${5gJ>Wl$%DSpDJpdpPHvIGp|%o6w?4eOx{g1kA$ATaCGSq4DRSgjYaX`D_d$VSsEd_GL3FpTSlY*PyKK%uFf?c&DFWVds%fp z1NUWgc?tWuy4>LZW$5y1WEPxRpHG)pBe3v{`@FimG!Y+Imsd=n2hinTaMX_^!eV!$ zN%d9{Mo|qg>z;p$Sq^*-)WyPj{_^yE5l^lkY)CoZJUzQS><8jbtf-Bxt*x!yogMY> z*49?>-&fnOcK_1ddAZx&dGTWB#m-;0x;wA7yMF;&D{6n{lX3ysU$*YuR^;X|{a&)Y>~guPU*ZBu=5$ zhYuYoiPi1;go-TmM6FbOpXoYSL;uPOcyU7QV<*i`dtE~AtoCVvU-m9ek4}GTDVg;{ z7A-3^YTF=lIZe>_9x7Rspj%q?&2;MfJRWCCQ+)zrLb(7jzDDuX{ynPv+&M1=7=f(Z)8kYGLubO(M^$JhWFx-PW+lLxZMJ?wIzrc`I9I!b139lyn99Y8B8fE4LJ@-z z61qgElka*<*=4q`gM0`4(x9n_`%lE}<3Y|TBpR-QCB4>upg&UzkI`U9+ zF_SMFVkI#6Zz;IJ*^l7z%^^5HJNPT;bie@eajSJi^gSN3NptE~7{<;_Ta(i_%iXIn zGN(2y`)E1hEhM~~avkJ6906u*Ryn^}qIU6uj zjNgQTgRg1qKxJ1|{k^2tH!nv>VdTqwx%5bj-7$m04c16SuF8>D$CJK)zBZ4;8{jVa zyXGpd|hl1ZZB?%Pc@7o^&EYO7iy7gNyK>|il zK!w4lwvIRPrxO<7xuubuA%9%&$5^polTpwaMpD7;Q6;5w>Fso*N?eo@dBAB4^gH_?Dd>8l9!~NPr2P0s*fPfMAGj!32|3IE!Pq zE;u?jclKmi>9x~EKELR6He&?zC}_P6zHzC`Z%VqL5ruCX)9f3M?fQoo?~e8>IB!Wr znqmPuoxI$K59;s+;A~<_`i}avdNAi~dKOcXHg?MUKe(*PE|P8ZwJx zBHKx9DJKDThLqhx7A-?QeiLpsCgJ=JxqbGIbhrxiKYWsPw_gQY!B)_1PB3jjEf{hN`kK*ZXrV(;E04ltABp*_s%g65#gwFq%QXx zV#Io2?|g6n&0%Ld*lK;dsb~1+x8Md(dMcI95XVRg$L}YSxZxP}KwhkMfkeu*U8^HO z9g9n!rB+#3RShW(bUqDN7^qTh&`||SOHB2Z+d^h}seWBhD)J?!ZmT_t=>W$0YyErO zm0_J3xaSyywd#|LwP(iHXZ5k>Z2G->T?6;tbU0AQ+QHF8Cw4Iz9Go3_K6gZ&)91FE zWe0-kXX2K1dn1J>O_rsN3zsnYsFzLnStwdK#6fn zRnRE|-!^}=8v&^$pd%TI@v$AVo-TN-Lxz-UfiX85-ZSTm-YUrNOspiTx2xdCrMN7T zFigY{wEta74Uxo6>OWtvXSp1n%~dY}wHpoHeBP`it)}TpNNYCOn~=6TUy)^zLeeHi<2=tO((iHUX{WK%~43+jm-Ky?Fmfgt~_+T2~29mW0r)^mTV>!%hj3* z!v_<9IZf*3Z1D_?cl>o04OR85qqTF{A0sblphT^8umZ8BZ)8(*a$aY({Aet-E@M7N za8(40SA6oruRW5~2IAg_G}-L&~1HeRHYl)}1-! z+=7c)93c}AHs7k_)4lN7%X0Ya12F2j9|^h$$JQ}qMV#tAxzb;nEkn6xOj=8f`J7r6 zocp-!Dq`M|SUecdE+8cnJFYhb@*KfijqeW8j~+S!5K95NS38Dy6{8F~|i@ z(-}}LY37z#bOtm6^1w5|(7x#mxDWN4&wwTAzxWJj23uorguD!_jGfadAju8fSuGRs|B31m%nV6M@bg^onivo z|0HdvXvaB$nU%GbLB@jrB=7c)-yZhCyS?M1gT2e6v(w%`iRAXI(nm0aIBvj~?@SlX zeYMi=%nj@g*z>oFjWOJuLw)Y45e1c7<+X=T3r@f_%IXX2f8KJ$*6R!DU2$26uPf6% z>r4++pr#~(duj`r%UWjyAm}rf_EONqTxn*{!6}Gz2vUiHkER*pWiM=gfv{0n-kflZFP@C zenqmMTI*ip`9JwK@6t1O-gq|LNt`#H^*i8&@oY91^PYdngLtp_|ElvJS(HmKg_9MW z0GX5jqx)i~c>ZIzyS4Ll{^Kzo$w;d?0ix!0m9<+6_zBdEgb6kYLVDn)+q%Xi>g8ca zEqkoDm)+mq^e9}*%QN5Xtetx^a76^YNuh18aBhP&pwArW>(O6;`FaXD%(fhqY%f5BXDBeR-b@T`8-*tkJ!5a*k=Je8q10-uE*E z@&qw;me{q$xcu#%uU!tEb%#I!SYMUp>UC~*jxtA$@C1dD@$`M7Gw#Jy89!8QmHI+w zIqevR6=CA=BFL@{oqx}!DXwoV(|4@;4DdXmk>RTqj93n=l5;DE#<@bTexgjE2*-9- zRL>QsC#zZ)J=p{Id8+h3LE@IOYkgz>3M_y*`hWM;Zc+cg+S+}}|M4i#1L=RmLg$)= z94kPp{Zsd|XBkv15ki>20gkc2CBS)2qtGkuh`E7WU!BwFYw`qH?fPXXvV=x`tIL#@ zag^30D7RgUg=F8$X@W8%;z(yRGrtb)kD2od#xcD;G`WFw6%8M$zb)tw*@&2An|^_3 zU{AsU5#jm{#x%P)w&NN)`HLQS`67D-vP&s?;O)VA)1sIA=U(gT4rl`7!YyiGfW$3A zL?=I-jZ}SpGkXi9dm4FuEyX7$fweKwsNZUVm+Z4bo?1vcba#M%0=q^W-w6g?cDbip zR?@1zg}HW~BP$9&OoqQ+fl&rDC6Rlx84xtzv0Ro%@;r9#sq@)u+8NMoX|I(c^sJ{& zbMBtzjOm`&8!|fiO4xD%1icTSsTwz7+&vXfXY#E-9#tAB0G}2!r>Wuo)BZ``vQNm& z9$A8%)?NGj8cjFAbDgomiOOFLmu!$EIPektE2ToJ8Z{*h@ceBBGTuyRPMUKX)nc?9 zn=MI~S%^FYX$mhZg^BaxtJ1QcL!d1*b?0kWW6iBZz0Lr?h;FU+lT@w$lW4G_$PfL@ z_5Z&puK#ylb)WqIkMgW?{r}wDGqA5xwr*DVE&%ySha zH9i9Ef;gwq0p=`KF?v6w(FlpBn3JzN=EU_hI5}$+&7+jsxEGusr0|7 zD)8nj{%3T8#2BTVr7^m{DKJm}ce~p~ z|NnOP$^ZW-&x-y3t~xLJON#GvHoK5)*07jlNnSJsCX`@7878A3qzq9d)i$#zgL4nW z3O5OCF2#ym!*jZkUk2f={k}|tz}?oaaf%hX2crl}^$lZxL3}UUplMr+dmO(u3unY= zniS#>n)9%H)HKpP5%eE$5;vQ7IdZRyw|snVN%r(C^Hk}7b7Na)Rp&rv>;LZdcIo`b ztCz2~pY;D@Jgd_G%bezLvacAHYnFB8X}SGHC?h+bm|)Qf5feP%b+6KS<2L9te>dUCCgEPv6&=&bGAjXJf zE@h`-_X5jYL~4QPLknd0F^usaD5`)7)a`0mfUWG+5NChV1QE_-kX(nnyA3+#9<~l9 zwH^DX16pN@ps7%aIC|~pAO833?EU3&|NZ{)(c$Uk`=1a0(Z4*qIDCJ;*YE#wc5(2j zP#=?PG_9qxS5!9B-V~E$GfSS9bhq;zwreyMl*XWgC$bM&;+76)VfLc}fZqydq57mE zEzf`6?{~MW3&&0G$3bXOx=ka~W(lS%kizGsH2fW9@$ywvjsb#JHHN ztptA-NiQ$n_Ah4=Re>N>TAYc<-V2(Bg}Y>%PsKSR$4?Av1P_Wi%34R^n1c2`P2-4s zBft=w6ZGgVL7}X4et6;?(ET@XIYv`;70^WL5JA}#+>Q~k$HMa?;p$4;%i})4+#ab8 z@{v~JqT6yrg&(^k5zR!EqegvV__^U5WEc$Aou#NJKkw0omq@ADLP1o9$%FM~C0xHE zL}!p>RpMkZM*bVTf#7E}1$_yHgSEf?++SChxIH*e=Nr@&KMOOrkRqVYSkT308w*aE zT4TYKsWlcFsP1Ajja2vlygj>kd$OqNF82CsQr%5^T&ubl0kD`NG-Q2H)m>n;d#dgd z#>=U0L(*kbcm33TRHf@kCX>eFA(gHnd!6*JO>Di0(rw(vy_N22db1LKT@j-9Rk{rX z!6PVL!^jV#bU6}fGIIt03>=yp?-3DfnovvxfE=Veg)x9bff%5J?An8~v-kbOi+6_? z?~e{leRbQV{{>(I62v&>LK+nMI!e{A$rMMXo(YRh7~+VC4Ry=x0CE%oO2GNq0T@#* z)a6aUw+YI_8bJX!CFlyBZgjYZ-}mk3YatY17O3?K4tR6czdYSLIh6G+cA&%8+XZ*S zb6XI6|Np>R@a=kM?bof&cfbAT`txdU!r8^a_s>84u-AX{{^Iat?{fdmuiL+UDmWaf z`>}R*aRC0)i&Dm^HQlkvrc9`YL~qr-J%!7 z{DbaL2sU%J3iudovXlgT{Is#~kWZ!mUtg@dvKYWQ`~R=DOYwg%cc1qEALn_D{7+T4 zTh7P>Mx=NDW2JHeyZO}Fe|00_sS>H3>F6V`{39H-drQ|ih=J))9dRoA!SxGV35bR734Rg~U#@^KgK1LnKEU)@lv}dtQ-j%@Y2>FCo+&X* z0}m!R?%VUlw{F;ldH-`Sj{grl z)&3uqo(zT|P00#!z|Qgiba%I272`jf=F(4Ju-bE!Z zm!j!r$bWOF>cQpz&hCqf^M5a&ZMeE-Aq3=s4*D;|x4WR25^YY8EZT*7 zi{3QQu#p7R5KW!Dc;4$K2-Uz@5-WxjQ>$B4^Ru$~%X`X)2CXi^Ud_6uUtd&p zu=MF+x>?5H!8$vpgtB5THs@s%&Z>mr;Zu`;PYFb2E!cErou-S>M_&?D+W!IyG)!ZT zR&xQ+Z2NzAx7+O&@BeuDl>h5-o`*R9J1;Sp%U?Cwx%#F^|0yfif_|W{%GNa*-h6Rf z%oL|Gd7h|!> z{ltE;FJ$Gj8^jonknDnBDG9;u3-u?S^wZ%G-+^|gUAeYPlL!jb7YqtCGQ;n`tIT#% zs5XmfK_))TKss_s(bt(;S(tM%Qyh&-Q}X^xmIBlotLk;Jxr!XJi(TPqYpSq*o=!Hs z3mQE|paV|8^Wf6ZF!%v-bPmNBvrIi zF(%i(-YkE1mer-5vSl{aN^&Z%g(q-?&eJ&7<158|jTUOUnKEzpq*A_)DHnS&h8%h8 zzU*aVo2OFFy3pqf*?CJ>I2>Yv#nhpVd2>H3Gq?>=bj~n)VZhV6;yO7Yt$|Jj`o~+_xWfEj#O>C3}@HOc@r_{TOmC^-*53^vPcq z)>oX@CJ)CbN@K+QYTj#q>%Y3f+`iGMkHS=8sp(X{UWWSx^gz)G7BirLwgJ}+$0s&5X`E-ekHljM+`!?Vh`sx{ckIH>ZT)s{h#CYm#N*)qL7qf4q{kYqKh zuPc!w1WDxI(9r?;8S?xsWFuZI*Fj<7%}4Jy0F&zoGtfyYj$#)|hGTk5KVl23^pZz`N{kLIvok1Jvz+ z6PWNZ6>aZzOu6{aAx(*z)pwGLpu--aw}q}1XE7A;n2ruGD;Lei%oP+f%0I%$HN-@X zUtQTh%P7vfb*U^1YEi0?ZB0~H^A={SwC;AfBa8QrAx={kqQV7E+3QLd;w&%=BB()~ z$aQW>Kx#c9*|0drWbtzq5->+9HJ-R`Yn_;m>RW6yn`(SawQi>wIYQ@W1atAvQgy!Bh_g!X{H@ZyEChuMh`e?>h!uv*}Lhbe{~8Wa#PL1C;xbVes=KwbnoP_z*owM z`_a4o%RWPl;^+bm%U=K}#FUo{sLGmOtu3e#Mm=R7Q=>u&L%LIyHFd zK$osB)X2Q4;WKl_+|7JA17SB$>@0A63>k___E8aB zp`xvYEZ@wc^!!h&3KA$lE%?O*!;{9b0%3)7%u=;#yM0yFm6)Sq6dJ5sQQQmHWsq9|ot5iyl|)wlpLSQTHdu31mX<#e8lHWdcMJ-wtUX})+&(AI{-=Drc`QdOrD>SO1@_zs9>!?EsQdam!6V6=~G(Y2B$!cJ4 zOsIE1k1UsP3xVYojXUAvPC$4~b77ovf!G0^Kuje3jF{esQstaq86+bFp5qPhTp^ee zf#U+Zefsp_Llvr@K6T^=`A6WDsOr2aQyRBVp8|dps&7T4d-A2neCD0UMxQ?QHDc>` zO_qY|Yk|qq%xNakHFzE$?p>T37HGx+ewNavv!>A8XK{r$WrUjSt@HY}_+;|(o;IFL zeshmJr2!@cunE2uGoNz>JnTwNa@zB`<6jmLC!jBe0e^IIG@n5;Kr`B{_vIIl(KirC zMt+`OoShtAzBzo`e}8g#d2zH~gQ_CfjD>d*%0g}ri?(NR-;WZ_H+Jj>;ywH{B5ou} zoc(l7{rS$CaxWHZXQp1PXhqJ11)In=pMN}BtVem`(}mk~c6k?V)lGp~-|ozv!cxZ8 zhS4h3^e*4W)|B9Xsz{94yZsAoW!5Kpe%yh23Yu9`a5p!royd;`L~1jGzowlPf=cr ztm(esP+!Xr=uR+rNN(OiR$5ElXB*vv+i*L5_J+DMBV6G7CzY=?bCfp6%T%91kNuPK z!0Mo<6PQ#EQkjGALAL#qiVJb(&}wFXs%Rqnr03Keym-!U-dPq;5m!$58RE=tz%1Kh-Ikz* zZ#Q$6gy#TY-GfdStjf;c~CbWkt>WB1cN1JEkk zxIrD zDwwd)+C8|?$E}(TSAoCJhpd4ApMenzl>BU**cXtAG^yZ2?tEDV7kVw-g9lx_YJ#)x zjk(W%+{4^*-vWFl!lX~bYb1(XbzgG~m>l4h=Gcc)_9nkljjht$zHGu}F&?6D8ph}i zrPsWuu*|pnu~(sq`vfMh@;nenB28u-1*-i1XFJCYDi^0-9!O^$gt@?El;x4EHSAS^ z8RV%yj3a*r;jmaa8{6W&g%1o!yUdQfdVqQtRw@&J17D znNywbxD356*JC4}P62n0BNW1=PJ30On*nT;k+OuK7L*m|yUOx0a|ihXl~kk;HkB8+ zjyr!$sv@}-?17!{UKA;LKk-v5dgk@6YSYR#P!Tgz&k1f?sj8$=mEUZaVu&YI-6^P< ztgg_Etm^q43+1bd)X#0OCX%=T7XHY&2A*pLHB5_Dz#mN#F+ISn2R=L$NptPjjJgH2 z`Y;r(MXH|IvhQniNxnWu>(A)vf@9H4jW#>*tev$!Rr4sd`FqLzSrKiXoY{W4TZdbX zHoON}=I67SeFAzpvg8{<_an<}BVkFhI7)YA2cbQf3+GC2C|cI!%v-B1bX>5dyF~S~%zYEpIqqxPYLr`dKBKwdk=X^;*TOvsv5kvX!-C3 z++h9m+~=vh|L-R3WS29o-~zxo_kX|G*(%=uz58Hfb*c|JVA{eQ*FxvOvR`!a78 z`*YqGSmh!u-riSB$dY}g4%@qLS8%W1%vS4>uDoyW{&yTcZ(t|Z-)bnP3F?7;eSZJw zyahmL|L%cPN>B@cBpt+D>w3mfTk8Z3wSxvhGz z+(rtKe{&is$N9O9IIuo^Syy1r5|XRA@p4h=__;Ok=Y4AIzm?qkY@a#y-|o(f;{DG% zuU@=*vi~0A`F!@@|Lq%`m$Aqm)e!sY?XL>esjk7R+r_bkGFuI-p?_6_XlJ%v+jQA6 z@G9EPK^9SV8KJ(pV+x}mU<^r!SbKd&!BZL`X#rTY(49&=5nnPm9OAGdm9DK{S<-i> z)op_{$6M`*shz-5h1es@DHT=ry?$&A(wv z38Fkov5*$n#(^@?IA&Y{450)xLS%o>K_vqR+u+6S%dB)&`sCn3zYN^uyassVJj1H^ zaM4W4h9q997xyEA)O3-gh(Hc2#WUQi@Y4c zu`?EuizTyv`c&tElM}1j0q4%Tug%l;p?J4X(J{3mM^t?S4G=WOmUc(^CWl-q*a1TttuA!2K2JF$?ZVk3H$JN7Z91)K{HO z=SgQh>8vN6b#I+@pY>n9{tw0|p5PIo46SZ?sh&CO|E-rVUKQ5=FLt^wpVt46@jL_P zPzb~b2Z91U{NQ$s2pFU|jxZU41cujegm}<;1}?{#1D+(;k{m?W)l|6l7Fcn2A#DF;UfhrAUejQ);7(F$;c;HECe z=NaF~x7M_eYzkDxZKL0Nc_YO`DgGsdVHfGNM?yFb3TgCXF?UygRPxJpV zp8x*0PNxH4l61_q76}Z;2>dUlKP$EXoz7odt!Ll|ozTMy12CklRJPSB)lL|_!4cvB zO1XgHAVwP?L_{zc<3CUY7#d+|U;;V>e%c0UYN#DFW1(`@W`wz5c#sMdNvvZWYTG7g zwSGOjktNZsgjK}kx3#el3GZ#@DM5>EjnQvioU9Aix~%A`p^8Ar0^pw)Wz3|t=n*TF@rb#-+W zQo?DBT2jvgOt^q?3?|c#G5P@wac^@|4+xufxVgd#a-csk$$i&P+mR1(7wjg<+( z!IcO7N)5qPp^YouAt_*oh^cdmf`TbcnI^C9w4K%p1VahsSWq?%z>iXB+`&mAC9@%Q z2(`>HEVLn^W%$ZD?&I}+mCUF{_Ipo~Tm^FWA&zWPMsE1cksef|t&6b4y)Cdkts zS}Ol~4jG&v$&wufxd@0+xrhE1kh%pp)zF4Rz0#V8|^C?cy&B!7B_S;LG zeEV$=9AhqkWD>(6+|1i6#X+*EE5)mC39jST)PCBGP>c*qxUA_+$O4K+b81RZ{$Hx@bm{FmyBAokV8NXGD}gpMjs$`B;axt=31N zR=t(aM{t02iYPfYO`eZHt&_pW)<@8(d%%ouvuh~0SNfE%zV-XUu=T_SFMd^mn?clW1MTzzkON2nWDHIv++Tkyz%_@Q_hZQU74Y!w zJD-%8KhM$@0i79Tjj#Los_`@{riSCW_;4=t*s*us%;18>nP4f7ao@2HxnBtDub@H=j0F?qSF)uXtZDW5Xqo2@GSo6t@^wI@NP$>)I`rnh|1U2$fXp zdL1?vQV}B;8(F3~CikI@=jpz3i#r2kg57}G8d<@Uw;ZT_;VX@eit9R1vcAAKhw=-c zgWpjol+(tj%r$fa<5Y=kDH$@NtS^X-k|WL=MH|P>?eooE6d8ZIM8zrDAiz-?JpGA*qPy35hZJL+vYyhso~=4r1?^%9I8J-UI0vJ zgut34kjhTYfttqyS%&MNS*h%WV?5XbWW5q}s|EH;?vxb^mLxi-xiL7P@h z%_Q*fx^?zb*1X==S+>|CsN&hr?8Y^tD2ps$uBqpC-f?ZrHTYIe`QnnWNcjwTyTrSi zhrBKLILOzmkFQ+hBRoP}T$Sq=k=F(7^t^>rz{ha=Vcn+;Oc02O2s)t9FZbr z3&>~75Vw9mK_MPafnMKt=C4RrihRK)sX;zMgLG6bm?MveK$X$Ak8!}qG>s#v&=!;E ziy>c7j3wkNE`WB_sMXt!vM~8a)jiul)<#4aKW6}r1V}mJpug8Y-aJtAqjPfb@-dLt z|GedLHkNXIC0tErWb^-J=={ z&hdyCUnS#uJG*J07DV3WO4LI0%J4j}udRGs(_7CRBn;iCo#YJTh1O>)Lf+3bJX6}3 z>-@hUX=9L&5oAO&z2*5_+6Zq4O4m5n74nH}rmg9Z`mIa$RcCpy81joy-XNcgo1(ON z)DA3&{Hmmlc0J0TE=~4jk^kDHjh(Pxo3s%)yuQSf>N))p`~W!)fxr_4Qi3Jo1Wa%o zV~#>fB(`e5a^P+VNuC)a$ix6av7BGYAiuq}wN-<@wkio0$9RIvE0KaduSB4rAeMy{ zL&u1W#8~ay%g*_;S+k(>D(GX7f&p>B}pQxeWV{tdka zL&yM46-P%>d_aSl-TN9cI+=~fQqMIX=EcFC1BOD%qC8xr z*s%c`Ql`d|rtefddYdh)}1rZ@ivZyl?RT5{dztD~E?`Hc{zy{>j*$?EfnStL%|Zd(ZFqEt!gQ%6iJXw^ zhHZce5o`mnlwMyIke^_pO^>6f%6o8v37)_h^barI9bUXYI?(Qe4VC3UO7W2Ch!`r8L_h-H6scjd?n1`o;2JIKm>{}Jpdr@KN>l>~^~U`B~j zOgE6J&}+S3jnuAdj;K~+%RdeL^DgrHCnY6yYN%d8a0WudbhkC^%7+deb}G^IuCj8m6)KYv_PR!~JU4Woau@ZHt#K)Acs& zvmN?{k(V_e4D$v&ulD!*PPo7#d;4`we#RaD6+IP!19PJVmf6PtI-ZI?XufAi9bBk& zB2-fLG+U3aPP9MnQ(?ARqeD+?H_zZ~x_m6{(mBFGohtb9pO4^byZhRsNEJCmTrVSY zP&qj+kNaOAEi^e^G$4n~_cx0sA3b-n$sYKX(L{2`>({U6k;7&tY)XzS&*9fcju%zr zi17^~i1Tws2dKQ^Sq;i;f_ilUC9X`#V*|g)=OefhEJbt3fe98E#s?^d)4uk7Ryn|q zbTJUga=cau8Mt?bTChabE|?J#yvip9v^{m zwSUF*sMwIIAjc5mIA!Q^%n%>bxLSyO1V8FxK-h9$9YH>VtK#-n1vz-C?t+|0j=nDT zb(5pgDlNzk`CqgDQL*`CLFo?LrM2CF`kF{0?T#vPFa#sKn5NAXtzY-6(zJDowm^<1 zns%0=El}u-edYBS)p8Ey|7tns%0={aQ#;r)ar=Or*&I3))=Kx^=%QHCq`?P$oyC1?@~l z>rv)rHuT*qzwG_iebH@SP#eQJn=B-9ka0-zji zo%`AE4+DS%-z3VG?PS+H=huxza4;AQ1~Y@f4Ea4JLJEIECgt1sB~Y3i(42%wxBu$M zvHjxZJ6cxKYse8K=>q3qksLvieqFS%cA8-bYfUp zD4rq<2^moLGqjsLO}^3^aty@}oTbVB7{?=0n@!=2NS(5ICM21lk!p?tXn#*h6>j@n zql>-h3eOx_*+dR86T!SV4^56s!ebI4L8PSdNH|$T_4hgweTaiEZj(jzA$5)9NRuRj zI~OP7&4@y|87h-vXI%Y1V1G~N?V zrVErhXRs86tqgmlU?8l4+!g*S ze&*OL)!f00KgtSK?qC<3HUtS<85WIy{2qZMgA9vA(U_*I<7)KXl%ooK_to*6D zyqR-{q|1=RkRz6~_tnzm+V<`I1nIR|NQ$&@_tXYZM=T^|_CV^huZA8?+)+c0OETwF zAtwh&QglgXN&$nid<$stB|S@!Lr>kja~6jjCK0Tq$RhUmQl6%bHph4gP?mnMtth2S zXS9RN0bj?{w6iGgID;E)Z0>!)0;rrj#8*m@CUQs?5x#`dp-@48~hx;rRl4BarJG)lo&>tcF6>>hSBahInaKM=mCUuA@A%Z6?9w8Hi)eE7Zi15)t zeHD+pCr84@ag+2UObxp!k zg2S09OLl@ejv^9WD01X~xa8oJfn6VAA&ziE3d<5XY%UO}O=$ChSV$;5~dO1?MR_PIfZl7>|`+Rvtq*So+fgnNr)vm zlN?Jjnl02wQOUq}3yBB=1oYE89n9^YYjknSpl;pIK!A&Sa_~}{dQkP`FyA5#vJ?j8 z6zTgCo~Df!j+=EIwYEF$HPT0OP++hhaDAmoewTQf zb{2;m;PPuhlbeu3!(J3)cYjY4IRp(!P?yDP9w?}6m5CB)94&jVGw3GXf& zVKGPGlIa2OE-hdYveD$Uyl7+o6^vnfG$?;2g0sXD(iIGsxAZj#~+G#e{A(c+E}aR-40ZRe0?*;1#owEXc`d z{ON!JWSlo8({BG1rG5imjXYMyOYzuho;i4#y1L(CL3EJ~g=9J2@)Qd6+r_96!@6yYjjwydSt)KNMx*00|X2ZT`5WrBxX9wdRDa0 zibi5RUgn1wPpZ}H&mwTF*rZw~`;suuBfm!?2ive#~{8Vp#j-nUft4`ObyXKzI{CIzhs6B*2}Vc? z$i9JeX|W0|psjTR7QtuxOm1V)B53OSQWB4=+XF9NJM`Lk0X z7b9ELD#EmoX~GFda;sULyx%u#3azs^n(68|Asis8_gPU+b1u{^U{q6XsDhD@jN=i3 zz^Sq^rFuWp?-4X8Nf;oRKF)8)N3Af@8qYfxR>CnfMtfQ#nyjE&3fvb{O8y55~IABV40;_@R91ZeYL@seB@wM5>1el zb*ijKmogVQX*6X_>stC0@oTyIT^bc9a7DAGu+lTvG;6R88xSXiPbj!0#R{r|<+Jnf z)xqj_b^G#Wb-w0r(D(by#X<9(7Rt^Px6IJ%DiFnBCQ}9(5*z6wdUgdB?&8oSJu-T8 zk~3@j4YY#8oRYl_1B6<7zK!UeGftg$*BP0H)k~ZO0l@AsJop-2oF4pecy@mJk6(}W z-W^;lF~EcgD(9teTV{Y3*qsdU*C)gnt&~I z+)TMW;cP9WKoX~ibA!HoGIr_&5;aGj=Al1a^C8V*^VZu8UOpD8B(I$UHkO9GfdeM*oPgL|0=Pj5B)V zC-^`r5-t(x)*dMhyHG;c<+qx$W7fjSkUeSzuKfc~6erLLjYpYexK`Y% ze$=6YS_~vf1UXLxo+J?wHkW?32-_i5KD%!~O8wtD%Z^2HL~w)(H$D-bOR(B_5>Zp zB!n3a2$ysS$E4+Og>0fHlQdQ>%5!~Jvu2MdwY#?(j9QzBMtgIuS!-)U+;oU@9q}t0 z+D~LAB;({KljKgT2xcUgWTqnvK|5#yQ68`bIXATR9)@<#Qz4zftzc+5$fm*F)zB^t zQBQE4IJrh|S&+pTnn^fQ?V(DC)(jNi?cYLjUZaaXOJsjQWsE1ZpWR#T>m)LL#pR-} z5zgOcsQbU^>*M92$&9FVgR2e=CSkRMyXnw!)b-%XLrbs_SB!^3vr{Rz(=|G179DmK z!9jH156VEcAKINTWNBz6Inrva)ljFr;B1pj33r9dJq@iSNA7HBu5h_~F`_%K=<*h+ z+NqEb-&X!Mjq+hN0cbtlgh_ z+{nv!w$^T;9@m2S0@UMLyp~gsTMg|2)MJC!iqzx(zJ=s$sY7an+o;E8Xe(2XZ$7x2 z4y{o=HbeV&RFCV2wv>9@Or3{SkL&STNcUAXhlL)eX(FN1_A=W9KY1ucLd>>j^D3UPD%jj~m%P z|9OEhAEl5KP%?BeCecKni$~FgkG^Ldkxy{UyWx2k7Z(AG1&fI1wnLLykDJ4}Up$0# zZ(vYpBl2fK`0JQlL42KRfe;JmZogj$YVVgLz_T4sb?kZHq9Z2BF8T*cVb#D1bUF}{ z%2et|>m{lT2AowDA zY}9z5$iRl^JH4xKC}Kj3%C?)1dg+3U+Ff*V&{1zP@pC9a^V;J$63NunF%$-USZXgPO$4sJx2|<-DESW7< zt@^+T+_h9{(oW+Kq3vs2@FWm?9Xfp3I&Ggs9w5xTy)M4sDRqNcL!qa5$kc zh1}s12p`>`0q15-hy$Etzs0Pt&17Y-!y?1Z5(g?@OqL8`Llyb3>#Yq)zj-L~K z`z$nN2h5tYOB;rAgLT>)nx6d`o4g4(Nv(r$t0EF>XLXQaR&d<;QsBIU%CB*{ep3K`Lo%1Dsn z(I_3}8QvrwDXes!{?PJUNQc01QePwSJ3}w)%&Y#9K)NXf{=% zC^sP0EavStkf5U&yfbljPYxtdz$xI3rfC!to);hmCxNf0&rUUgTbvP@lF0Kc(*@bf z;zp1)byb7^IX?dN?eP!4zCCz<@b;oUNpM*FM$5 z1sae5L$&~=o}?lVlA=>xFD2n@U@T71yKqRI-!(rFfpCm24v)S+zCaTq1RfE@V&_y! z=K(?&ANEd<3QZtD$F|x)BkeoXNdv}oG`9B+*$~By>ZD)5UlAJ#-}4S*T?IysiR&zf zAjcIs^#_7!x@I!lP~fRT_vr>yd$Cs`C#jIC$pnXr&Az8x$PL5S8m!-6G#*sAtF6#4lzalR?1HwS_7Kmm#}oBp*F(t6#;#8J;bjZ6sevZy+X|RZ zB-jO|-zcfO=;PD=K<#N*jGu0xr@cV^H%NJedII$(Xd9_LXt&?b#=omZ-8TS4pQr2+ zU84~v2~z)l`cDsmMMiP-hD3O#nMUlQolOrZt&p-X`)y18CUwMg_Tvi=DRoupu;*h= zgwk7f(Uym7u`B1-mu9S|Rg&ECU5?S=7zRf z6mX?Ie3YD}gGj9$CUpfl#l|3dE8oshx-YW??ENAByK@OX1UTfCuxYQz7@@tOcE4w;^bY!)d)Ag z4}nV)YSk!p9IZR5R&K=r#0*+j^*<(2qV+}9C}5L>NC=-t10t^oiL;#w+-5OO#tftp zLm@+gZDjk}MV^W0!m)v}l)oSzo$`nZSH-b_9LKT1S{Q*jflA&X-HDq?!kDD7&aS4+ zXNx42)*2ORPcsv#2st1impGM@#8y`=5(TaQkCo_j$|Pnp%h_U7A!L0zx|~lOq3&d!D++i=vegNDh2ccsL&_@T82&pWQkOV28P(P9 zo2@icIz_Fyj*dHhL66dYL6;)ZwmAj0GVm~=n4iFfCnDF$+v=B^81v* z#-KESfFx4%3)^>Jmu~GPEbPTBB>gqpTMx%!uTWuK&2)|ADNJfS%cQifL0(c8vWl?= z=7#>u?MCm}aiO5Oqey8+`IsvWgKGqTRUP(MAte+YnF1gX#Yl2>3VR+)Kuzr zW?cY#q4VMvtc?0*UKq10P(KKc^h($GTSbGD2v(hB)?@ipIKEHtk$nV#QLA3e(Id3q zBkGUYRZp^l-q0J9XwriYdQ^y%2(2-opOX<+7S71r6Jls<+u!sz&HAbFa+zH?4x%(P z%BO1OI12D@jAvi%_3o5 zI$~FaB&q6qbMwscAko-v0Wosb;_ zcKtB>YEcwNs)2)l#<;OC3L>I}39t{*w8%QO1XbLxRz$=Yj7#lT*`!zYjPgJMk>;`H z+q1Ay5D?`kjCu)c&X6Ua{mnMajl(eWYw3IO;8f}9|ABK)5=(P<b7#;wFB;>iQuv5s)fi8dCIUPN2eHreX6qcv`p+)%k^gnYtNI&% z(>KxssGVR*!I3?)M~Ycp>@dgTo66#|j(0sGfrL`KabzdC=u-p-u$mlDNaK-J%mo|< zWj#JtP6dxN9nXq5}%~okDzR*kDR!SMpR#k$NFXk9D8T|N3jndTGBwOW4x zUWeLV%HV7_2@Bs)!Be=l`du21h*}ixlF}gcVp7W|2?vE`^QvLlSavO)=vtph?vt>w z$K`wEPj zJE;u-Y^d0;2}ET!!zqNOHUP_mvlfCYg@Z1}&IWt6!O*mAgXLndH4$fJz?ysJO-AVk zL<4}ulTjBZ+yJc2WYovzF2-&S)tW*O+hDmEY~5s7;qcPm%7lXz3^bPZIP;=tz$ihA zK1OuFF`wxzC)a3|e(sC0wgDweXdwEg>958xT2pPhO2JXaJNT*NVCJKD3_MegfoTj8 zX@yoQ^~N07LBr|{Z^q)P0u(mV0HksxIn&3-L><8h3R*py5LgrlvU4Ya+vy}6+ctLb*8&0S$IZgpWN zW%P+L32SMfsBH+aCM1@r=&@l>j!7@!>^Bm~uJPs-H6wFwYCJebyW+M4t34xz;3Lg! z63RVA6SNN$(CP~|p;$By7*7~n1_zH%7R6vSAEgiJvsXRT9evCWPy!ZP4{W9gK`S!? zM5Q3nQ0=Lhht~UHNp^7jHmC9ne;asxPce}>fOPgf$EeLsID2AzMVw8Rad6Bh3Bg?B zJ;YPS;cT8Wi?VjnziCNpw(H7u;0iU6bc!HIMB~oioDtdzJQ;eC^5o)$1h*5!yK147e zW2PPMUd=$=ki9D?Eah-39CB-u%n;M&({(KT_qE##5oFBgrt0lmX&84#xQbY%edn-RlKd z1UMwGb$9?As9H<=>nMG2W7#Tel)-Mv%K8CVEQ)5)0ya`z)DpIvPv#Uja*Ie^Wc$ zbMzf&I1JcCV=oDxppN~mqt_h_(f)=G6)FWpbkdMwPQg)Px^vAd6C-5aY@qi> zBy9VeXk9hvm{*?DaOdF-xk!~XTZx8nmj?NBx+y3Uap7*n6uWTnC%&aU^!Yjg8 zYG=YDZloxU?Fr8Y5^N~1FehGiyjLKP#fduSf0|oyj5>Q~=y@aWA3A{45MkxvPfds7oO z0lmTZ>|u)SJS!}#LyrR#;dqqd5kVt1B^+)Cxu?Q74n4TgVf>So;rM@g*vGjlrbNJuQ&CT-vZf$Pw{Aug?ie)A?|Ku=Fa0DQ zd6#4cw=Q(-Nyp?zq$SL zWl8?O+}_@Ll>hhftf5@rEr_8tbawLQ|LqwyrFRIo#)g#eU9@+yxBnw3e4sfOomJ`= zeP6}Z0rwC4`)|xGFC2#`;Vgg(*uHB2zr`g@tRVo&DZRBd&;8rVIqma$6j3XCn%2MF z#YF$tJRroE$xWoe{Pn-J{o=)Das6*^ZSFjOT>tm+{P9Qsnb#l!+6aJW{m-90PeDOb zI@yJA17(IP731|p5jPlAXbQUXJx@T?$kvJgwCIiwn1`o8MX?1S> z^w1@l?V>;aK>j6}q0gVa{AxNgnWdFh?)+>|%-vh;YE-(ayKj#63y@Slsta_DeovVs z<+ti{5{LHZE26k!7j1d=MXx%KW6Z-_&7%TvxAUlbP@mXMsr@u62)0b*IpGsS@ZQ%n zmvd(C7894vnOf`})X}TuPG(R~o*ok&BJw+e5-PS&Gje#_PHOlLKoSX3gsS;v8L0Y; z0#rlqIkcB7VG$e6ej-bd-uWn>0QWbba%=JyKGpal_eXS{#W;70akOJ5l;TG^i-rk; z-U%4(m*Pa*k3C^wN$dw~lCYS>GGjS&c@7-f9pt~)hD^djQ{$jRK1q(>sl{7vRDM%O zSo8f!J{%AVB_QS33Q@Qw(LqmIPmMELOW`Nkc+u|bd}2Dt&tK$i9ZI;(fplHu7v5)I zRftgYWu;B=>&oa|5K0nQ5S4~E-)f7HtRRJR4J*BK={m_#--X4xUS>LdAmUG4Hd#l8 z=L#HFBy&E`zWEpGcF{G8X{;0|w6$3j(?+1hOrmvtPa&V;Zn-H+IF02Hb#RjS#l@I? zw2S@>NM-C$>CV~T%lpieOETL)Pe5v`NvkqL8KWn9gM-b^d{?_2RXTQ77JPggiRZTH zR&|%c2hg{SQ`;Tw!T6zJETX~8&*2qjPLRoz@O?H(Fej+<_bq>WtGC&y>L<;7;CC~CpfaG2?y^7K8W4%M zIz_TJwXHfeZ%V6}$ScM#&A{7H$$WFNB(YxInpWhKBr%+3w4;|nl*S|f@*B{`R!O>m zv-meQXh}5N`aXGUpmfA`q_Ry{N1hOq35!MRwU@VVO`@&m_s&u{NyKW&lm)Q2rBnXF ze-xpd(D{~>a=*AwQkkJY1d(Vw;zWp+1hTCgh-3F?(`?Qw2SV1WMH6e^JPgCucl_5| zcU-sYtYou#q}qLN@u%PI?dNqNTCOTSz`+vo=Jsll?l6^O#_7LwI+A5bIPde-k#hg^ zOEu~McIyaIHC4~_9Wa~1qn??{pI7k<3D>3C1L&V7HQ$(TM)#xj#3kmM=s+b57B8uFrQ+r5yvy`_glB!2eEBHF*W znOxC6Cct|6LGFd-dSkIn#_}V@wSd|U{@d3#;k+A>Xtkc&5pnG7vI}MS9qq=Nt58Rq4gEk*HyFpMIlOKNh2p`$&SCN@9P(R z{0fYr;D)KIVbZebB(z}&N4Gdaoj*Q*?jV$1-t}#gUWFE9qR#q;EJvJ-$R{}McI$8a z@dxb7O*o*>pR(GS!iPA}6I)AKBKW_H^ z`p@pOkN@}cKc9X6{G@}{3*(nMkHhFn#7@?^{6ySx8#_!E4wABer-%!FDrZD_IH9IXPjx&tP?IGX>O#HNd*z4 zzcCs^sB4u9ZlDy7!4kev{J|5z(a?1FHR}8lpX{BTeK(Nx!)WzO{lmiv=^;=rxPHrc^)7y!fmLBVL+n~VKrTAQtAtTZSH5zjF2vnt9?W1HZbbaadfsZDZQA4me+j#ZrAYV6p(QArQbpEZn%P|eiqB0 zUgM7Wbq%1JQI|R|j-FyJ zZFig2Y?~!pz{*jfo!`|G0`wG3%PYg>6O(qqT>vhPdf7D(1LBg#;h{jC2~P660C|f7 z4zEr5%i^y-q&Y1DE-=?Ju*z`qTPQA975^$+Dl#-JaJG4qeBE@Y6JNE2phL9o-b``; zcYz(tT(MiCQ~{N1l*aUTdn-$)?t|nVC3FhdtWFA$DUMQItJ`=}l*watyg5s~A|F=1 z;7f-8f<<0~&*G(S-df{b?W6YJh55EEnlBKTnXPSiFJhu{$|94{>OGrEy<|$&@BM@mn~|KxLx%nf z4RI6=aBwM14OuQxo&a~A{xr2mP0N`x&_xINI&E$nX*n&QX+41#=Xlh{nCLVjX# z>0Xmp_8k^lg$+etp9}W~5gYWkcZM&vLbCG>-u&j}%iskWZVraQ^Xyk2x6ikFZ=XL$*^r9oZx{b}9gg4r(p~?>H~;!y?mv6*ey{gGxc9GL zdjI^3d6)mteb!Z9{H0a9Cl?N_3f76`likLzW(b5n{C_9=)PDz6D)K*R?EZNI z|F`k~nDFu&JAfAWf1ba1Rq_Aqyn4L6Be^pUyxYqQN?RTbRia7~0Z_Quk-3e1- z*1j`;mCvV6oYN==W_A$egXRsj5Mx9>Q31-gX=%sqey#e+zV08!(ns(Us0!=#b|~nktzBF1zGHI7q(Tg8P|o;B^i;*QP&$qIQN|E z+!U5quWiVO6&RVRF)t{pGCA4)zB8da zaAscXBQ7iC@6|*W-own6CA@hDNhg~CB9tgtu47LvHKo7msq9qxP)#fF+?Q^2mm-w~ zNMl)q*3I7yBZlS6=jHddJ7Cpnhu4b5YE-uQeyouYO-z*&*SBZ{;N;UJt-ZXJ;7Sm>iwjW_3K-%1j zo`)r9OVYLa`P_KO8<6+TshbfuAYAq)IL0G5kv0JhZoO(HJTQ75ZwNWZsRE@FtiOf&|bf-*+AWD^)qL0G467#J-ThP3igh)oBhl2^} zbY1cGMTh>u(?b6@xuEXs{P+3R^PS51?~BLt-+OuPU;lTMc_DEeVs1NWu($D5<*?ny#WhHl+-r*|S7Zknr&F-0L zv>jW$);NM1KC^D3{JUzu5F8Z;4)`n{3^dJ}PqbtVdxKfcN9IOkHg+AqZd>g)`6{0L zs@*6uCss|*nHS5ik)^reQFV1r2#25n$J3dgR}}Kr+3veF84bG?MZJC=YqPo)W>Ntv z%;B6*>@1?%{_Ol|6}vEXwe9oCD}G_;tuSqs>8b^pm5nOrpr02QP*j)R7OPIu$t0Cf z!3z{nrG5rugl!2*UnC^(g~?^;<|b6CfS3lw26LoIF|FY|f#PIKElU&c13@7~iC*Ct zO3Ox!C5TN4M;e%|s;M3HCiHP)ixFpd3K|ClQTY_oU(HZNFG*w_BG$I&1Yf$PI5({Q zFE$X7f$#muuE><|4GoA+l$vMoQYc+S3DU0Z^0q>Ld12iJ*S*4h zrIKn{sq@9^xQ|cs(?b8(jB#`If1&>WYICcs|8H)+c+~&zOpcci^9Na+VH<^b_jzno5`KL-BTV zrVD5)obAaUHY&?t<`kuejc?Haj8a$dEnqg;phJ79`cRmQ?82vD6XKrAgM3&E*7WLIV)yvs}(Gp zj6B7z+Af`1)j3DL?(MCYQZ3X~FR8sKVps01I$%YSsNF(eb7Y!4A<;=JCTS#TFK^_S zm59bDV3PsdKC|Vv7jMb{r)Fn%$F2Kv1s?oz`&}A0Ze)-Y!Q41>uLC|6If>eCA9dp_ zO?QKZm#-@5P&_Usces=f# zIMF#+bc~F`#=85Q5FmTc27Y%6t)mg0lGvIR;E+R5I3&|Hob)WJiIuY~CO(2~K%Xd6 zX$8NI4zYLR*MCceG|tD2_+9v9fP>2`%)>kYi$+w=e8Au@G#;|ux&Y9u_O})uk`vOO zU>f&}MZwqX=ykt9)5>(XcldKU>RRH)MI6o4&VEJE7*Ew8riA0DOi`gEznk>=uA`ZX z99mIe7H zPOa+K*wjTdr+^)Py{b@_I+tYDO6XiV6?kqUb96bJO9EH_I*)?oJ_O4pnboHQIdc3> zs*#l!@af{^eVJFt?dcLwyRUVD=fbkBSvAEP(t0t$;cBhLv5s61~+(BELFo#UdA;gdsE%?H} z=LQd(rC;G#)GM&;Q$3SUvvk?$YD~C3)XQj01rm}ecAvKvN|0+7gDzk15(@PopU&Sk zuy2dd%0kIz`LOp5YlPAUBK~MssbJ#wD5G%4M;~YuAvot7QZA&<`$Ht*CLr9b&rk!? zsOmXEJ%}&OrKQ4IzcC{n8Qu&L$8pFe8R0Y-J)NkBzGEyRI4*+vFeZ?(MKWbrA~Bl` zSS0L_7l6*a7d2{5X+E?Q2Lv^N^aLk$9U;`}3%jby10iPw(E(g`;e?y$YZMuX=2a)*!aR@1dI7`jB zhFwEyQ7|4tjvte;5j>E?G!Ed(KR3a+xGXA_WY|(Wua=G(0V^UvOaJx5A;LBCLG=Y# zrLn>yJ9DuM+p_LcVZO|ln)Q}uxavb2ENi;S(@=sWfmNFKg@wp6ETN~DWHz@OY4bd4 zu>lK$iZTo3^3G0zCM5~G9zxqbI?0lT*`ZD;E=!=CcxpGwWudT0Tk;eI;avRTQUyrA zOdeuazPehOBIy{L4-{{e#!ZX>%!q0l)((2dN2efnqM0L#O5`#l-h<_7#8j1{X8Mdw z6$uHnTg?pNsebXaAec2mdB7m9n=Qg=zqN^cGyJTv;Q`B8KWY81tfZupM#3Kv`4gFa&)Gz6nVEv3c&mf_(!N?# zGqu~;?R#6Jw6SAop}Kafhk_1NJBGQv>*;xeB?dz_V(cw=QQ) zO$NO4eDnFG^Jno(2ZfC21iwZoX8M(W|4ZDlM6kG(v!5B%8fLy>S_^hMY*tK|mX1ZE z<6u-*+&G`O3M!D_?ncQytE1{wr{aB0W=NfJvmO!05M5P<&t_a|rAje5fNzxT(&V2> zo{eNZVpoKtb+uFNMadYWt!`KUd6Z5FrvcjPqV+UMs;#a~n#^B2O=||)i-6L~PSErL z8Iez?Iu2tmir!KQ?#IqAzkG0L0r{-1m0m6+M=#m}ck@PdGD_qvob`2$#5f%eBT^D* z^Tw&@a+FT$v1u^+9jArwXzS(e6J$b;=Ah83oE6N`z$=GnE)f?TuXYMu{$2n$?|N1$ zh;Y;_$ZJr%pQ~iS24c$4yP^VaU}SrytkQhP`SEU*tx^!S+uM4Bn&nnYF(^0cSY?gE zFHUn6PO(8jx)}*lx1N=*GR;6%WJ2-P;#;s+#-oE#!pW4fR8(yz>>A;s&0^Or7cKS& zTfIwi_af%Dqb>3AYI(S7D|{vO6~6SRP5g&s9FNGI<$u}QezjeR|9J88G5+H|o`=f+ z>*n7&(+q~-&VQ|7H5?eI2KmMFEIoTb>Q7^x26y@W!Jh-%FT8Zs zU6Vnue4=L(239^RWO*yReLer9xrgK+G^<~kSL@_=2m~lJDQAAOyR6$rCq4P4^Gl~w z_FuI8R$Dstm^F^(QL3-;x%`yGjTj<3wm9O$02-velSBgi_fB#CJ7oj9SPYZD9h#6KkwmUK$apndQ2=geH|x+cbQD0F?_+vSV)_`_Bwd~+utyYFjl7MQnBs4Mb zR`aW3Qs=e|ZP3V*XNWv;hW*iG^EI?CG_88sm&$mXu}HQSEvw}h!_l?5gbp3nWTJrI zD_60xHWGBhGGkAg9t*k<9S zInp?lM?{(xJ>TDEi{6=E;hUcQvE_ZahK`+0nA@oDdYqxZb9N9<-(zkQ+K^8P;}R(e zVgY>q{QAlIWjY{%jDR@SBj{Y)nw!I+|`^RS&9yl()j~QW}Mb#8WiITnGK=cw?-uVJ@7=5>fOl+L@WmdYLzW@zj(+ zIeuq&12OSQL}6K{-dP?^7Gz|I$NthkQ_`M&Zg?2Wy00{U_vu5sQ7EzjTH)M6d! z15O`xYwTnAGe7HWgwhbID|1a84#Ui@u4i!J%*_oq$)acVUrQ~q3gFzktVUykZ=4zQ zJH>N|`Xd(D(d6;qH}&F4DIB4sX5>9pLbx3`y_!IgMBl>XWJ-y?n5jf3H)mRGh@Spg zJT>PDh{njOTu&MzLJGmz*#XMBJ&MVZDRPMO;`O|vk?aIzs^%|`n0jK={od!#XwDgm zK320dbYj&C2WyCN)6$$=z!HK8@Cd~$?wQtYSgtv=suaq7NoHF`K7;`7WjV3XU-<%n z89sy!X74ze5-!M3>c`#J$oy$q6}il9TAt*ag?ZI0wnekeVTaP~0ly(qsE%QrdjNGD zvOgxlrAQ|TJC=}{o{qJWlsSaaGaUf)EI-Fu*9G$5;bgw*xpw)M@tvG=_cEkf@VeEZ0bk@%D?C zYRbM2>*eve?bE{kyTV+p(wm!r3(x)XZV6>pf^ONkJVmk-vK-{iyu<=M#94C~C_C3*&1-LJidP9!>Z;oxUM_z5RN`l%I| zOEUBIM-pXaJ%~XclcxR@Dc{_^`%N?K9cl8%w@(`-UG5~U%CHa*av-~aGnmac2d7+)T zo0EYp{X`>*`OLY;s?RhaD;r2w<6~vKl=EY*a9g-kZ05i@;_3m!#zM4v#SnrFMTcX` zcg1p;dTo{SY`C{TYHFv}fou(ERTFPkZa$Rd=H5!T`blp;85T~9S#W*B%`;*LHiz~F zCo|kAs=o_Zcf@g9y4%YrdcK#Uxw{ou4IoGWmF{rBqCPPzWm_RF0|`|no(y zQ5&uLpuucBWlT1hj@)_GDfC(cM{U10%*cU}nx7Ybzu0`8|NSXRA{qdTG!3WPq6+m3 zHHpi!)MyqL8aA88hDUm8idSqM7ceM}29R_a4fq%*20xn07cTfN}4 zYA1xHbd|^}bwiZzTe-v61*Bc+({a{9XATh>7F9F%)wFNHg!xx@K&CpJ=2PrH#gWry z2V9viXNAf@8@zAe%&}l=;N8TL(-O>z-8gm-OU(NXT{ulpZt1|WV83wpjVn%W&;jRq`(95HjDd#359K)!-1C@5U*DXmH~!bSjkw)$COI(i}o>u*3r_%HN0P z=lgOfoe_Jnr|L@5?-oMZOXc_==M@J|#up84DERrHna!5*m$+Cguto2{`=xylE(%|y zTg-^M{{Xj`{=i*ix9K&5v)CC2iT;X1F5zdTQI$D z-xEakva&KO^uQTJ9(`|Zm5tT;-az>pti)_=f%i>(0tW2Y?RztWSYqC9>U(Q|a$Db< z0sDpf-dcNTnl$LU^w6x>&S@OOA~%h*pl;x%xl@otoSGMeUT`yi5Dj;*?crO>qW3<;}v{%)_hZX%F;M98PSg(TQ{Gz-{4;<;G z8SpXA>tTFN3-`R$d74(W@h`^tCKeU|{knZjFof2#eN+EZEsWcGmjLJ&?ptc@#AsIC z?$U*EH_PkRo(sLMzVdjkdNum1o6Ytv!b}?8RUFq%pC$c22@`U}$#PDh1@T{7uPXkZ zo#&7D|L*5`IRDRyW~IAu0y$jz#dv~poSNN1d7In$gq*(a#xYb+;HA7n4v1T(fvJI1 z>mtgm%dEX?el3Qoq`m!BRKZ2q+GnggiB6AgIalq&XCob2dzhRC($mM zu3TN3bNCjyYb>d#jQOq*6{4!=wTv5CyRr+__jm`A#8p;rCQ6Fx?pMskwc}ZxbaM&4 zq@*iDT>xsu^3Lroxw*)zwQav*c4-{b0+wlDiKMj5U4EF?Zdw2FlKx*#Lb`Mzhz0R~ zFQ0F|EXV)tJl}fs|K7*58vpN&9KffFm+t2JuV&LP#`g>8G`oG__3b>qx`(@Q_Ew15 z&Mm7yYv++|47e)*xg;~;C(yP82ue<1PX9$hQ|M?RFy|A0YKtR5@vCMZwymJNo(I1{ z4Xn~QI(0!5-GyIOKOn!?4$Zm-o80Y~^Ln@GX}wVOSt+1M5SwrivJ6y&#GY#~MbUEoA zPZtlhhL|3GYf6Jh#%!E-Xk)ER3u)f=o2OZSb)z$&Z(pOW=iSybQLA>`g8ysbInFM3=dnV)xP7fJp>uWhUf5~Sy;KLL4(tv0 zjxx6M)ekys>fT+kioF*s#)r1T9`0Gv{&%;f)?R=G_W$!&J7xQS=f#W1`+xWHJY4*j zF^5$fF!TqcYU^v=9ooaf-e>V}b5jYI^|H#BRe6S=I!(5I7R+E&q~7MHQIi{b+gfdJ zTUl>yRK6xnPuIDwrA^%ssx_}m(|{6Zv$vzHcXFJMO&xQ|tR@0j$0GxZ#*T&pb&?CW z9dl!^!Jm?=6^;Is`hEo(k(h8SN!V|H&C-S2@DVHc%xFjdD zp4&FphMj*tE}HvYG$m7`0v+{=!?R7H0IoAW$C0c?n1BT`^p{zb#kEuRS>CiVf4<_H zE>~)m+78U|QFS`5-^uUf#!uH?!gPMAo_0?w=iE=GIJ+^bmV?>K3Qa~t?x&oSICm;` zI%UTVj>AlH7>QBxpV*$7s0JUMvx9j09&GgHx%K*qYHp-}!UD&k zudJ|~HS*baezOFuP~x_BO_Tobk4ZG4qnL4WYaMfe{=fNRyQKebz1({F>QVo{k7o^? zV5ww`P+X}eTx}RJ8l*G|mHbU`aEV7m_}&^iA5(!unk0-%fy9_Z5k#w?36{Z_#-k0y zNrWYxnhh`i9mk=!hGH_(@y+YnsbJzr(f`x+(QzEj5R2hUg%U~#M-h#Q@A+@eemzs$ zledQUfkV;z{WBC&E+tu)v4!F`c_7yvL z-X8k+BZ(%(pZ~c&mNF5${l3~Id@=5aED(Lk5*mnpq?`U~7-~(m>4N8a#95jsk)oLl zMQlU^G$8VdkT^p`f9HGN+8R24`?oizo_BF^p>$#|BngQ_5(ktRy<6>yy9OTY(8dY6 zi?;nw{wEtR!vvL#&vp?D=x)Ey$%qQcXT2>yWWgojK4txZ?q7GWx`ciM77G>;PmKa) z{m)REC`B`C2I%30zPH^^x4cUlhr39b;B@p3C*FietkhqHxyHN3=20(%KTM-Y2Q$Kv zwEb!_)4C1n{79mRp%08lVMinJma$7kTggx=2x2KmILQKqgi^y3&cYN<8U7bK=QH$C zyL-?%j{lXSy}UKr#}Y?uluxuFjvuf|pTv^zgi}Gf8=%PKKOhoP0KkUXeAd9#lY1D; z3?a{htwk$731?Fp5`nPg6zh&eV-h8V3v@N6!59TNRw@@9H^9Y;DT!EuVsd4;2&GDq z*F0R|+OFN&&;-YLM7ZyHMJ6nC0Q=O(pV9%rNg{G+m*y8gB-6fT^pGSGn@yB5s+405 z9{yxQ1nX&E!>2I{qEtx24a1*s0_MJ;k_gZ1A=Mv`i6jDT`P(~x@p>A-j{l9n`4|0- zvO|f20e_w)B%nA#G)_{9L@*{33~$!Z;RKJ!DPuC{S-TVzd&yZsc98(H%R?w6BH$Ek zuU+&8)(NuB9ix&epvumQSfFe#4rYnJgHk>xHxNNXEfe80=(bpkI>NJDe!p zZ?_D~{GO?S8fHQQC3!B%3?x5n1nN!f^sHXexCsf3KO2ChHjmg^70XavLoTvw2xY!R z)yRg{{6uCMDHSbYzzVTcNvaRZfW9(uo=A{bP%w#MEkf=aS4E&P!UpjTB-n%?Nhd@o z09QDMMLAMmYt4@9fP{nzK?gLVa;Ccl-ET}N7iDTF)xys1S}w`^hF0);Q@)v4uzAX{ik{gj}!cRN-`ZdpN&8MK-t9#>+ZcqgO|@q9AsBEKY#WLgAS7@ zAF=QI#?46L>27v;*_st6duL}Kj!)lYFOc>ve$Uxt*ZC0{LPNmWu=r*Ux$Nxd5gSKw zB@06R4a4%;M6t_DGMn4urQ?}y+o8E{l?OI{{tWc<*4$$YAZuww6&L@a)r8)=2bgAo z9UY$^ocZ#TEZAhXI3V8Kyx$|@&8-_861UBHyC^X5*2l##H-|$dk%o*1YUgAkJHj^? z!{H1<$t)U0pxc2c!x2&Dbj6egQ5;1`X}@SPGiN^FC@)Ra>rQ8*M9bHm4siU_Qqz{6 z_;LqN>_Y!lfhc+Bn@-SC z1dA1VuRDK0{UzVw!p|Kg-moAqpQB#b_3B8lbt4jNxg^+H4GFgHfCO7*5*VR@eojUl zhe}fc5pvGZmcQw5dfvz57#*=GnG6U=TRR(QdvkkpLz~dkZR^TLS6Co0L6mtkq%jp^ z66PlUh{|y~0OyBdUgIlW6B5f*^w_W`$E0Vx!r&930!{F5j9Yh!A})rr=FCKMG9`D%=65f}o3{Msk7Hjnn`-3}$G+aF13zs){$XU5s(;j%9MamGTY3Qak{u)hl~i-y%kw@ zJ>qz#CNf7O9|hP6rN!nBO)naSwwQ-^kr-w#;bcg-6;vPDa7e-F2+cwkq{^~^Ih((D zrrWgzV7r$z#O z_NLoC$;>}@`rpE~W`Zw0CqnbT0+!7Frna%2Vzj1b8iy#2Lle-xm*8MbESL>s?;dUY zn`m7%=$KcX?%zDcI}kVz_Ri4ZSqFW$cXoKT z;e9wf|MB?ebM#^F^mOm&{P5rm9iO88)cR-#a6u(7APWX{Rg=P=w=Aibn*E*p%=Xj^GKOP@(rq9EV;+CsZ1VSQ(E0 c6&*i6K9A4i^MKF)9{>RV|Lz}K?f_r}0RENe>Hq)$ literal 0 HcmV?d00001 diff --git a/assets/cert-manager/cert-manager-v1.14.2.tgz b/assets/cert-manager/cert-manager-v1.14.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..34035fad20335f0b78d8553d3ecf130a2f499dbd GIT binary patch literal 80729 zcmV)RK(oIeiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%dLy^7D4O4V3T$cZPczwKi_~q#+{-yjmNd5F8I6vpiL-W+ zV}jiviKq#50JJ2=@w=R7IZt*z6fTW!cJm@>FONGVnI#2GaI=NrTgBjxrE6SPdwGhHW(GiZ-Bp*hU@1-;*Op+ct$#6U&?fs}T zUnmnqkd$CuZfk^7Nw($-NjhfVlUWb_tA!9kBg)1^WP&o)L*34P=k(pdY3JbJ?C{;e z(KjdO-P7(@=iUAN|OWZ9BSqw?V*WMne6TDh1d&2$%iS8+qYyUOW*Vx zLD{&y-`VfBJ72Z;JMC3_jmFuyg;0zYPWd>Bu~I3~o#_tfh?1m-GAtA$qPAER~S#c%T=Y2OhcDQ7*j^M|idH`?EiI_=I*ZF$|S%y7I)+jg1ihJrKtC)ep+ zw}rDT_!)H%qy1JwWGrZ=;N=PWj-*o*Yl?wJT$EdzaNU7hr7;C8i21a%D5W1Q8tZ0V z6@l*~Q!ST7#GEO@)Z!NQlB0vTGyH1*O=t8rPQL0SUv=Id9(R)CuZ}wV$6pS?T5Y6K+0tMC zRKHwPOqs%z5dqDTDW+)|?Cqe)e~mdGr(`U6o=H8`7DDq271n4i-VLpqWtKb_F@fQ% zwK{iIWca1&*5-Mhr?ljEIL(QCb^%}^|L^V}9(E2Z{Qt1i-QV#4mw2|(|4Mi)dy>SO zuz&q+%7-{@wYJe28R0xt$RNcWjgMN}=w?DCq7q^B-zOj5w?|w|u~H;KBbt&3+K5vu z2)e_9;$cc8QXCBl%CM9qL6j+uW;_>2k!hA3EhzP=BqU&)+5Ep35 z1woR;f+*Kqt{c0b5QefmO(`2AI>lomp$$Ps1&P$uS}>wJ(yW=sa!+A-EB9i~Ms%DD z($09&)(i(|?4EA04Xw2^LGQ34Z9&FVDlyyB%|jROxIp9qPqUPmahv|H@-*$6f!fyy zwJlBGvTf?-&1AIDG*=D%#h`W_ES3iHKTmd@ahG)00~iVlUYfW0He6+vo(6;gVE z5>BLkhj5ah)VHH1q^OQ!L9kxAWXAB6#yCx9XgGsH8W@77DG@UA(^V59gZjIA8PNpa z!Aj|lbWPhCW$??bvHKlj6N+=G_|!LO;6=s}%6M{PEAAo6#)3$B6SQ=4`r-U^g42|+ zG3oR4j)?DWZmv4r3scqszJvxZ5&TYR4skijaKSa58te9IN(zw zHpWH~op;YW})af&iQxu9x>;uOo$rXLwpEaOtf6TJYg)~T*^X?ER~ZdnX* z+=Ii!HaZ2oM}qt#r-CHtG|ig<0vvHhG1WPyC@4^BI zGUa#Xb2r*Qf;I`$+$8BCIBvSZIT8*SG2fly8ph}(%TC0Un<3_sxZlO}w^3gs?u4K_ zB8FUQ%;Tdn_e0m1jfsBUL2Y!5?x~ufV>Bds`E=DOm&(>BnrxbWGRmI+Zn=)t4TQf$hI>_t8C+voY{VR=(r<8&{C#|xWg$L5_L}q zbHI>}k>VHtGsSw#84AnDJ;1}k$2O-S5DZ#RLqaLa#uhTuTdI7u%ic?CMl1NT?o+buaD$@ph(Fh+(R@o&0nlD3j!c!- zHZ-E^wWw)T|Ly2Yt12a*dXY$fyYyUC7!E4+-}54luLNtKv#7P*vaq#0fJ)Te)muYT zyG-yTH+x(QR~FR3Q#Ar8j`sDMALzd_!S6KPn9%X0wTeesq68 z-9gwUP9@jFlN7ceQLuP}j3;MQiX7PRH+eE9DzcRKYfUQ$rs+$rDryD|VL3;r6i0+f zL!Uu5C4%UU*V;y$X>pSvj3i~_RPQCJu$KEVY<;A6I8t;Oc>K>3z z{{)m1WQr-%L#YTa+qzrbLYxahn9^l)rc3HkR>Y51N&1k6OHl?~$}b8?rGSnBKq7RC z86p&Tkmgq)FhhHo0YlN~`iey32z6iUWx^;UA|_1XF|mTS`MiJhKVKUNo`O!_i^z0@ z24(yhSlK*klFFx)orK6#J3-5abM}QyF&Ojm3C``8mY(2rijgE479fwNR4Pr#M+7TP zwZOJ(29M2-kTQz;yW){=n`W^(ywB*f$9`^oDlvFsrE!%d2mRfT{v>AcIAdeaX zt;I3NK}4EH-`NWrPcq)TMu1~F1flA zL=vVnVlO(sD6ZvLLD1P{-^nXNpPCcG6ve4TM8y#xi#?TINSPDS+Ah>g5&CB4ge9{o z5>LaPuqQzM@uaPtbOV zm%$m#?)6e1ph}S-d;vm^C=0m~9JFG01{+#IC{3-hv<1A)>RxmOpgJ>CT8p)1xLYaI zn*9QW?S!P+C{K;f)OO*xpr-*?B5VzO3CXks&Egq)CG(+q`?|%-leL3CiDQt>46=0o%5%BHOH93hb(sd%WSdgt^5H8rDlt-*$$DqH&&L zV5_aU@oul!)emORP>Dt<9)o_taPVDkQ*c|aOah!5>fUZT6c>6{PoNCFNr}c`({7-R z{dmtbofrkD%1@Rsdg}w?R#Nsnvm#E|J#5K{V`HwCmK%07F6TypPaL65&>h7vWvSaZ zVH(Vijp;4&J!Og4DM-6%LFoqenZPpWjXUpjYZc}d4g_Ig#63;jqS}LynYTUJgf0lh zv?EidMhTD8Y=XO{?k#0W4;9C9C#=GDF-1~79#b~<$0)Dc>!E%3&RDQ|NRbC+YnAkL zr{Q=@3b#PtW=G^%>dDo`|9#c(p|3ifPR+M(a-sQo@zqF#A4i2u_X8KVM93c6cV$Xa zr5nzPCjlYWM?U;Ji7Umdk?b8!6%iyk z#qmThaHWj6Bce|ea*}1~tnyJ+wy2$hF&2a+KgpV6-(X4OQ_l2Ro3bi&|AbS}D4w32 zgde6v2^!0r_x%boS<9RMjVwV5C5mtpY}FO4lxf@E+A$7_Ck)IXGU%#}>Z&dKUfPsv z6^`Ux+_JkL_)8%c!_Z*W3>7@P?034TPtp-Oosjs}sA-ni%HnYU@8Nh#_7WyL-Mwu~ zGQkJRcGDhl(T2}$Nzzd}hHh$3gi?Xp0(AWoE{$-Z(YKJa;#^32XN533i;_fYg`I!o zM9f;y>9wmA%-l(j@3^tfhAn_8Je_%Yuf9_ax;r8a#)9V8YJ2>#$IxmN!+2usnltd$ zfIt8U5Fqd^K`Cdt`y>Y&Z)|p(KC5f0SqR6q!)c!BN2YhB=ZFOj1GA+DaH>UQU|n!j zwHCl8h2D@dEM~wcIg$hLjzO$1b}lA z1!y^|N;NEoR0%9*p)q|I*2wF+LIs?oHMAf$aPSnG(bjTO@}LAh5o5Qh+o&B3Tz>ug z-F6_b2-{}cw^`H&mxIzm5OzleXP{p#d2+0}7SQ-PyMwm3y$?kH%rzPzbc#PNZ$<76il^7`a(n5XD*EL*35Q(d8-V8V>e9P^i7kZ^SEu z%e2Ofr|pldg)fQRYx%d1=w0yyIWr}QFGlcqn$L=~4ZKydF)=S7xOQ-g!&d6HqwJhlDN5yLC_BqqIG=i3Foznu6I7PQAtt1W<=@c zC>v|R708?YwzmyG+UB+Gpbpv3m~?vDtxL|xRyZ_6Id^S2a}+@%N>Z?T@dA|-M2#sz z566hUn9WM<111?fiO_fap4<_!YZN6|ceo?g5z%LX zqkd^%(G11#pccrq?)cP3Tipo$w^h7(8^Qm)xrgzD^uZL)h28|3gdj!Iw1k3+dvlK| zVcDgwEdltgZ8XKoh~8%BuVc5ijqCFdxudZ;97##X3?QSs*|SawwD3$bR(q?|fni}` z4XA~2N^$g_vi!k}RS)Vy73N{6Wt^i*Reqo>(VO2)kZOdP(g%{DkA1hZqWOghfvI_J zdCFY&^qC=lDEv0)m~lZ`mR9s9bXuc9Eu1i9ZZ@<&5@{LT(U`KgZFx{%2aQLzDPzFU zhaF?OslKgI9#;l&OIh-KBl(_!4^Cwy--GUK*+}4C%JU87Tix9JSm3og{F;Lmkrn^( zxa8;e-ObI_k5|_p|NP(e=M*cMhNkN!RbY0;B!i)>K6gCKP{B58_0M|${Rky{XiNX- z?d_SLZ#!>0TMgsrf1ZKJ(n#depwpEEKV*7unX8-rqyBtLW<50GJQ`vF7rO*cNmv9S4STG~C%RzeFGkhhE5B@8uf>+1 zwUri6yqiR@KsP)k<~S@r*BU9`#o|>e%GoI`hE4&N^MB+xwQsF%!h*oOGj6Fpbjj_i zl2+K4JC@ahC*vs}&-$4@A_fZN&j&2ip@a@&-{CUQH4M`Ma*7}Nx8%OCpST)u(bxTm z%0t&@16y26h@Y6mipmi+jyMjMCv0|)XSN*3IR(FWhzXm(o?QZL#aUMA(m4}W?m{lA z;*}DiDXP^B5xd;)=^bH2$}7Q*zC-!@0&`jqrz~-!I>QFs;Lx zz<9Vbt~jHyc^}Qq-+2s6TSX8#;i(lLhuHh(aanP3FZN2wp{j7c?-Rh$nk%fuGKPN+ zQ$E~#+c_Q{bh>Xk@o^U)yd9AwIXaBvuSh};xL+wb=eyY2V;hez`~Ee!$D3ta}SVhs#zI6WgNp7lx0St5I=+i4+` zfs=Fjoj$_yToo^mS_sJ;4#77Lu07OkAvD4?%>@bGzSWp%`nS4(_mtggX*&UBaN(Lk znK6KZQFzF6RrsTLM&8;+l>ME=%H7|~;DA>vd+ioy6@x`g;RlUkXP|p;ZEHFGRz|J) z(KWhWUkN_dqs?WjmHEF*-mFCtjiXd?u-Yv11h%3roN$f%{C3#VN6Q%^bTKN~PYM?T zsH>qyoSkJ*j4-mGv?Fqk)C0tg16)`%<4LvHF1Y@=0+jERv`l(K;l#SQ&rLE=!Wqv! z?@d)`4b$0f;F&{<3xW3&8c&=rqIKjN1G+$C04{J5;P=ewnm(ApqgQ4G3F5hu;2vN> zS2$2vht7|>!FwvfIj7vpo~DPc#bRJl&88}YxN>Q!+OE@>Rc&hlf}#1VMz+nutw}>W zSi6DYR$k9-p;+#E*Fb?vcLT=XUrp!;n7Rs4&+#v5)NZB&Y5Ae_d(1XgG*RwUn)?;S zP%k`NOq>!Q`P&`}i!o8gxT$!ky01>fQU(|W6fku(yD`l*Z8$1HI3nPG%^7S^XLtr_ z0)}t}-T_}7cJ{;JWmxZ0j$|xwM&_#O&pou~Ue#UFDJq8*-RHT>J(dEyOF7up@*}`B zHBFcoH>P|K9Te@HEK%B)A=~nzk9WbUG}5eRu4$>pdkj233CY}OMuJc6@Dr3^g?F7} z59n<`>(z#R>@-ihjR|L5I2Ceflbo|8U~r3Ux9$deH;Dw zUu@bNBP z+;n|C=JKW;ceKJKPK4&}RGND#aM}croLpVl?NPe&>&{dmkciAU^H;8wCb#YY7=tgC zMA)5Djqv{`xNGB_kDcDZ-2Ol4AZf;7PyM>WN=mVcDvUfR!ji%-XYbDVXHqt9+u^rM zo;>ZlZV}<-2jXsA_(iuw$lc>I7l!z#G~(}wAUpbeJu?IUB#DqnYQj&a1g@exVc98U zn7u60ym)f z$Qn)sQMq8n8K1BOU>wybhz{(v6p%GV0uyOq*P+t}|zLn_TF*Bx=47h>ej=&X_Y3??KD>dX8`hOtTyZN*C1% zF1B&K!|n+h3!LQcs+T3L1 zG;g6IYJrvC>f#pIPnF08PT(uWE(l*%Zes_Xd6?C?%Fa8MI!F~>rB^(8hB$EZ9;LP7 zX^mfPgJ*5MZ*7xzEkf)0*Up2XaISqZU@UU6UB$_^&doM-v@Kk1mpR*l0-`Pg26}7^ zjN*v$S>j;K$v=;Zgn^zV76w`p4WmgT^Slu;&=Ueipmn2SG#ou^BV*J}^{KHjKF4Gm z;$t*Vbv{N0TKk%_qeB%FR9#$yW?%5fcY9?b0oHa{=MMh(o}8C;LuXAc-H-3^L$2WP z+9;XUg*{nN=NX6gCx5bDXK;55Yt;;IafRMoR6u>^i2RjZ?~Dr<<$P0a5^}-bm}|qa zqj|S1=V4;Kj<)75D;kc|b_3vS%hw6Lk+v?mx+r~fZdxdK+GtDjJMiROwAO3E#x?Xf z$mq4Q3cr%Sj#mN#TwpS#a&u7J4!~FzSf)hb1S=d>w2J}w0D9r45PE@MU3iPz#yoh` zeMGkt+yyw06Q1chqElkd-9-#90iwVB%?QobdVt|f?IbcIbJU(_INY=L5nIZ>wxKS> zUN9Wd@z?*EVKr$hZhyCRSATFa>(gT@fr_cDrI-(@gwPsy1%uWWoOg=rf)+>og+cqf zbY;-B^Es{!B2>9Js5^RJ_U|$nz1|RtW1*H#^ncnZ9g%nzr(|#2kDv`bNI%87jX&q@ zROg0tV9ic7eox08W6P@Xd}?xYs_}_(NPrXig}_C)u{;(qM|E&HdJI^e^$v;=4=cA& z*3n0-bPuHzXz)pQQ9#S~T(?nbSGsy5Wx<^k;3~hUJ9{(93!K^=Uo5+|dv3X|V|&16 zYh2q)Ot_B!ui)NZDpYZBuY4=Gf4!4?0EZ&@(U;@szF_@I?(PUJa(H)>ue!Xu_hqMd z_qN9Ez1*wMSnw-xeP0O7MhAEY+Q0?gL1<+scvoS$8@wx7afC0>w<20U!Wn*XrFwVx zMG*36u=17VAIfL;%Ju3;HB}tSYi>H*Y#Y76^<_zLOeZ#$f@3!7Pig~X&iAw+L}npw zH*~Ukj7-;*ZR<%PGSSn5WHth<5-1a`6DqT@(a#Vr6RjCAb5Y1lkC{QxMD&EPiSvOI z(ORJs(dP)B*tj@h0LAsyO^YKMHg?+JCblwhv0G`aK5HD@){mvQS~SH{<15EgY|zQA z+ToK-;LmFReh%aJb6dWj$?V*6w- z-OBAO#jNOQID__LW6X&8bec1`v1C+2x(9te-$55w==9?38kQ9&Qz{MPvHD6t6WxLh z1mUOJr;u4J@aY18S3P4idZaW~=I{&iPYX*cTu}yMX27{yxZV{jH3*6I1hcU@Z(>%m zh6#n}$YKmw*P2!;cvp%+U*N!m-FFp{;Hwa{u2d2N1W$yo&xCux#F7pa}`YVm5QEa~-1) z3fpnYK`zpP3%SCiA~>1)5nJc!9J~H$%BdkB6 zBO^_I{QhjWa>qAxZ8dU&X4bw5po_Ke|)c7m= zFz80(SBipeUX_BNn>w{Y&`s%v80b&;c@0*4C@bU%wu=!)v#w}^%mb7t8+PEcc+>$nKNnf5@QmAHZa!p#- zktkr_FXc;A5_}r^StI3c(b~qNXyZ||@hEzdM^UkxHcmxhhZ|GeFKmiCIsI^s`aHcO zqSeCjlt}oy_Xw6()P6CRS9JLtEH7wn!}7i?mRCjFzQRJ~84xL#GSozgF&}V7O=e3f z5jL@iGcHxzCPGKX<4K?7?=e+#?l7$)P@hdw6!R%5lv|Na`Q!VbT6(u3X$)V(;oSeo zhp6rRu&^L@-|KQyA}6hFBxyooO;iPc01rP_)xBjrk-N}9CioB!(^(K5zGS$CRN2-c zu1sJ6NB_u&I}#{p5tG>PZ__K!&A7d-1V(lOKupW+o=flui0P~%YbQ;OY9^6PTQPH{2?R!GU6V*do-L3hL zCTqS;XxFpRBikk_BZQFTY!`mPy;qWuX0S&bvr&OVD#M5T4s5FfPCrUo%y9>h6+ zgwBlMwu+VJKh*(4q+iJVD5SMxFm%iKy$R+>9&oJEnMoaOQi8a!p6E|ShnihM>L-*C zrCUVYI5~&jmY=TQ@1lzrqm3K&lUxbqp2E_eV8_|mJzm`I@w?yfQ&OWkY9#kAKi-`8BlV!3qmNFf(>Xpo zgnv7oPW9hzcfb3)?%~mK_weB0@Zk7&o$k^8;oI@OY3bW+HHKmQCVDTahFD`k?zMW54rZ1z7|tqX>@NKCe_AsJH!S>v5MJslZJ zU3Nm62;F^8r8N&X?H)Mftae>TVUPeN%M&XTs;mmMcBV_KRL`lM8G0T(|oyU}o zcWmPN*HNqWfrC}0AU{^aQ6%S5vy8xU-IfzN9kkY(PA>77?AZqPe$&MCSNJs0{~sqL&4`eZ%F-wIv6%jM z58k}luh9SF?$L(+zsU2`PkX;dcXZkVQaqw5(WLO}sRm0tAwBf_y`O(>=~Auphs>q^ z4v$HoI*3}fTpJ~1L>Z}sy4Dr8P`fAsx?Rg`E_G|spUkydUDB&L{-vdH7Ng?>_>)fi z`DjER&{n%>jIad$HiPtOC0!rDqR>BboSIv_ILl!8QR@d{T8HvV_o1gEy`dVSngj|1 zm^8%eFgoazPN{O~n5aarY-X9W%f2oP%I1v3ub08b9R`aj(UAv-`{+U9$}|>O31+D* zTKW%|SnuoAmn9gdJse2eN_0(9f+aDP{a8zH*B)RdC{rV}^*?3%f6A>&Yo_0I5T)tw z5&~7Ryj~fwWM#`*i_4}pE*FceDnS?22gIL#@(c6IS<;#iD0`O|PH_6(ae>(Mk13{rhpm`TGpwiy zso;~jqq|P@RdB`5=WDImn=X1&c}qGRv|oQ!T-0wfi{Ivr1!)Bq$8z z@|men;Jp3JgeVC9QBRAC0vmD^0P8bSr2UmBQn)TpAxh66jTBH>kv25eSWPUcTZMo^ zG`IdZBC%q7jdY@FG5*}dqG~31W{Od1zJY91N^NLI6>Psa0hwE&UzUng;j`+oW?{9J z=t=X+geRTF{XFvIvqq!K&XNIcLhMi%YRrbEDJ7%@Vo}H6^w-PU{p^m#;i=vH?Ns>x za{2qw*8kcs!-Y7G$oLjTCQ z^5CW;ME-$Z`K6nXbQ*934RS7CyZ5#I*#N`s;mmaD6bjCS{PWK(XS4>mL#bk$7fTV< z;Xtqj#wj1-G>Z9j%9(*66heysH=d@8%7rc0F36=jdKmk6nie{K>x*yA^wyBtvK|X& zNx*br+~Q1XFg3Bs=Jm`=MAmd-gDADWDO`tvR#WNyAWQ_@rUpWq+-iZ3=a?wX0Kk%h zA(Y}UB~xI1l$mxCD&t)0Z89N(v}$gJ=wjwSV7rlfM+Zl5S5QaVV_QHCLS2^`^S=t6 zSg3R|A8S|TlcFga<;=uQ)GK5CKb(=;cx`>UevgJY2ukIn6WW-8QS0Kv)yM0blgpc) zaftPenu|;n9+ZNQ73Ahu$c`-Ej{1$U4*eF zhXhS=0&&2@7I!rTk-<-#={XS5b`f)JlgF;%@xlIA)~~~PVWyPbk_25{%Np_s zP!0ICUA7xM*6fRcVBEjVpKaU(kvDRBhIm>Ve?la5J23r11DPn(weeMt=U;8tNMCKZRgzllnop z%SYN6mf8Og4&RjRKl`1|o1=~W=Ov!zRqJUEWfbtk~IYDWq%BO&DzTuG_NlQ=!fWoV8qP(OwH#H@uP{P zDRijYb$|{CP7nRdH_(it|8n9~rNMv({?gm*i+z^U{~-A8BYD6Q`+v84a9E-L-A?CV zL;qjmX{P@!j$wsL;w+PUo>T^LEjP6C1!<)z2U2X!($&TiHPz-Eyur9-Powp{Sb0%q z1TH+d$n?GN$P{!Q26!(T+50{C*PC0W3ZfyPAxZhYKF(+ceuqkuV0%9)Kw@=e?h}@a712%YZhQGE&5Y&^l@0a9-c13J|EWIOg0Fgz6Q1- zuZy=(3aAT0<=wv~1$Yh!KNiO8QiGK!!rQR@MJwZP*i|dkEXiD>eqmPVWsdAL+$~w9 z_e$T648h-XifDj+V5?tj|BA}J&=Hzo`8}D{%nEHSx;3&D%yQx7l6sQ4s7@mw>TfjE zcTjUbqj@PUG0Ozy5G^CcQkJoJ?vv>^)YLu#Zz^$1ib}NsO&*0jK`@X22it|b5-QQb zS)&v+(LCl_D%vVxnpHr(QhAn=y4e}M-+#=hw>68|sU9{j-(5@Z?R16_TAU>T-P;%<_1t&`9-*1PH-~ct@++|`Ec4^ z8inDoP$fJEf(ZD)nf3Qy-Zm6(C$>Cvu%Ly;X&O}~Bll+nClH`yY0pr+o!Iiw^MV$Z z^sL0}iU`V+Rr*z8*3O``?X{tHW1q`cIy`^`!Pn;oXFs+fwmXcbwzri#^8rcbo2emP z-OdVgBkZnM8nq!`S0B%Qygd1E-oH9IJrBOyoBi*CBzf)u8~imHRo~k$S6EGYUi2#P ze8s6Z1zsx8rjfcY0@MBzQJ^rDm8ukhR9<8h;bqEltu}D( zw0XYdXSx12<4KXVXK2z1uBQlIV*lGeII7(L-QRz+zrWG{zQoh4|6PzqvZ@m{7XLyk zT$8J7qaJ=q^{`Wt{OUE06`d{@aGI=F(bQoq+6q&DZM|N&9BIPN>`LrLoWJXCFDfGCb`FE7{i87-Jcn z)lqJQk!8;c{9k5m8w*kJlsv)+yfpqt_5SyM_s#K}4gY_MXC?b@y;p0-6L+vTI>@k! z^`tR)bInsy5*Wk~#}UregbU}8c>C740(a{rg<73{#nvg3;ho_&oBF| zP5+0KC6uk@54zO<^G&Bh{|^o}=f9VEJ{SF8ncB}Wif;^pZP>t5*Z@z7RqH!OuwWTl z2+gzWM*v;sL;cY*2h(It7{tZxF0|7>MisE(K8v1}=>Jok|5woe9UoTcfA`Jd{zm?P zk>@4ozgG_qiNb-7uw47m1pl{A>}x!$Y+4`hQWN1co8U^%kokrrHusMa>(P!$J+f!7 z6z#0uoUIWw*F*Kqt%^>$Bqv#RBBq5^5@#9Kzl))0oLXsO!lW}Q4`rqH>StElUX8zO z=5h-qMM|ONNr&tlPQ%PY=r4bR(C9963xRuaVR9mqK5Uxlvz$t2u9a5FsMkh2vAf~2 zV}6rqreK(NKTE$OX@sk1XzZ7fQ?5g z9}vSvad^^+Z^QYYrtQ;oCDiwARpRt+{ml@fK=rp3#$~qOt=8`^TVtZOcF|T!CH#Aj zRXl+*m2T?VHLT)Un>0C`8d@~?r~k^c#Qv2vwT_c1g%m^f5_gE1bv@tVlqPU>-$o-V zg>II*uW7Cp6j%icD-J!QD-IfG)Wy|*-u}shA`B8VE$BVYrQ%cf3a;nVC&HrLZvTSn zq~AP^d1+NrMUC{r+9F-AR&xbtxQ&eOGIGAlAoIy}(ep`6uV;qfMlk0fv(UA@>Z|_S zMs3GFx6vm_61dAyU0)ZR$)`gxi7-n!I15?1;@R$k=D1dZ==|S6@E3o(sM0=ybaL@D z2?X&y2uT%<`S$y6_h6l2KoYs?So*-IpEitxH#M>c=OUqO8JB_;mX$B|s9qLe7EBBT zfHh#yz=Kv`e~+1!@5ag~e={_swT;FCGgV38O@x(AOiVxqx!ooNm3O-hjxfcUjq+1N zk_tEdN06n3>~gug-iA2+!hH7;47a*w8#B&t=vl7+u`6kVL_S6nw9Nj0e0)^(|2jVE zZ1g`b@jOQVvouCFVTWtW{Q zfKMyY5Q4~@O)UpJsO~1QzrJncYiPUruGeZ@(EVms_j$Np6aDuGfftDXw|{g{jsMp@ z*u;N&k*7-97Y6-XEz;j3!}~3Z>GwGU`85RY{(Se3=5u4MM~K&||723^iNWUx=eLRB z_e(xa^j{?MiC$mDvxxq8kMG|&O|5P8tthdXC533`z!et-~|+~4HV&HN~QX~p}>1;3uS38a9X<(#@}ngO@w=YPqd9<5&UV3 zQ8vy~Eb1D90{Zuu3tDO?m|6=V8S{+vkdLaKnCmC9IQlpf&|TNIA@gBPoDQk5%1st^ z^P))EekCYVM4a+8pR!Wir@u?iOpuev)Yt6DRFi-Czh3=U1j#VJ-a0X{&6BOyf3pRB zBMz%wk>G=_+(S|c%EpiA^o%gNuuD_m`8vENIGHWz55BM0T}I-_q*T5pBiLkft=g2& zYd4!qB5E77*v{8%b0x@3iIjLe-)FxHF&84Ohq`MG!w1_j>8&}tp;ICio@PNa36Zg& zneiArtrkR7B8-&(DM%)WB+REE(1&0mpai-%X&)#WSBc0{VxG)2>TD zW|OGm`rYZl!2x6hn8Gz`3Rw<5-JC}A8?m%J2I2`;?xl<;WQq$Sz%#;5t}gy`(64-` zfO+erhN60-n&QY3K7^5^V@8sYD58q3zlQeaCk!%u-irLWi zyCcy+Z-Rk!_?+g-TqhqXB9KF!2-S`m0=W^YCPbJ#?j%86pb@6&F2WKegmGmIg;Ys2 z0OTK70*m|xG3%fU*sY@*$OX}OI54v?b83Ja*6?V{30K~Rwu`0&GmWNH6(}G9q->lL zlyS-c?ErTj#7&-v5ZrobF(}bAstVH9ixh3m;f2BZ(zeyOs%SL=R3HeI-dB)hM`Myb z^_tWa(&X?m??__N&!9nw=Qj2G2w`SN6@j{x2@X3q(vyB2&EsobZGckI<>dJ7ZVYWR#&( zJSFL=78pM_s5L}oTZ34Yq_xQ0hPcO82scI=ID( zJ_~^K*xQ&T?Kv@L;gpeAO3g>hYa=h@)O-s?;^Ju{H2_NMK{)@V0%i*_lAs+|X9vBa z5s6SrM?{m!*EN8S&?Se2aM<9p89m^BJmFjtO;PBWX-w7Mh404ovWxznONCN;tEue_ zabPD!Ijqdmkf>$~jd-XZ2$;BZ;^(?lk^T=V6`e{qXDuX}X|P*4sSIT2w-n14=V06b)e^@T~SbRb<*wbqTP?!Ci<2&^C@R1-PLa znv&^|2sxqI7XgOiY)(~nDwn$mCyo81itpt}}&)WCjC(BWM1DONOwJgYb{ST)cX1G4r2v!d7F}D7#=)!e4{gF?o{$9nIXdcm zRXX}2F81|b%??+q1Qy)wCR-tf~R(ld^b^yfLGc-zn9$0$k&U|(3 zaIW9)$?OvlwMu`tWM-(Hto9XraWvbKy>Pp(+W+~3Y8nFk)WB~ZOI?w*2h~h88nJoA z#T2U^8qU-_amZ=yek&o^r;D>f$^nUnCSQ}WH?C^NQ zMH3pS36a4IStlvj93KZw5j3`l~ zh>P*wL`~B@F^Z4&-*&d8b#*_C_M>ie@Q6CyeGR@p!Fc>Y-9iYEE=D{}`MvC+ziwH= z`PZ#o^w+I9;F{MkAEuB#wNs^`Yu;C3UcAL)K}hi`!3x)u^unM0DbnDVD~>ozXSNwK z_X;!nht-GUTup3iM!gff;ECrfwu>pIsg^dB0ibPZZ%U_j<}{Ne2HyoalZs5kw<>3h zq~RM)T+DB;xc7bWSZ3wkr!*E^@{vMv9Gh2+C>i67m^XC@yn-x1SU#5{z&&j@gvRf4 zD9~7P9xED)RuN@kL61AlW2~Z6^B5h5HJ7kR*I1y0hs{GGtCYg5`CEX%&4Vp)dcm?3 zXx==j3g$PD3N}OI=j#4gQqXLfC57}ZYAh0Ntj0p&UTZ8=+J23t!W~(|vW@j}xkO?M zmcb1wck8<|2`ry)FYT z;zEInN@|=*=m^gGs<2vKjGP&F*L6a*)F$((w-x6M#<8ah`e4m#OSwzL`v4Tr08Bw- zo`MOi3F_=&ovIbVCs~Pc} z!A_1RB))YTr9t7r;HuZeIHB(<8$u%m^ zmZ{HxJ=a;kiqE=-+KQ!9wYDA*DSR-~<(1sm%jwBn3En9|0KJ;|q-Awh5g&KyC(!hotU zO+CkiX)6z~T}w`;*7z+5mQS3wX=266Tti_qm!Y6!gr+#2P)3S5k%uhBtiX8d3u9Jj zM^lJm$3t0q@Z05SU0nb)PTwe8-cpu)k?H^*AwQ)Lvr3mH^o`|mdqN~zmdK*8T+O< zn=2hSJT2vf?~1ZWDlSMt*PMB;RtxF{0wTCk;>slUQ9bnYI`YzI)|8z??_z41iecp`5+k-ub5$AT6749+aUF;M?*&zgFhgI;C#4;U z6c%HmERnYa+#HuMLnmoA!RVdI>+U!oXXy;N5H}FW1C*!L{O>0o1VM)-Xnd^?J_E#! zp2n)rhuk(;T%CuGor%TYu9u(D)gT!0N$pB{#(-JqNKsm^IgMRs>iNn(jgHv*_6aO|v`oRw_7ne&`5l zFG;{8r&ukysf~M;Diiv$u%p^O8hy3F#Z??25QemR0m>$sfad4p@`5CY=+zkv+!Kb* zf{+SNXA1z(Ai?9%s*6Z2Y#Kdb1brt-qA%&m?d^+;akZ}`dm~S}SezIsw3{F9LUrlRp1+YlZ%+7X;2O@^h~ol;RuHFe9%9ctH~6Kq<& zS}k~#|MHI;uRgtO3^y2=qxyb!>z+pAD6+HwJhn26(IekGI;ql^zh9J>d(yw6VHc(1 z6-Og6^)bsB2>U}zy3Yt3geaHhFwEQ!u-0e)h6!Hj4qbN5~_Kt5T z!-;=RN8~F3Up#3F_D`5jw1RSD7BNKwDl!|z-7*`qGNCJJ1b#*xZ{rBJhiE@0;iKy} zuk=e3dAh5#rV|Y~iQL=>@hvCKY&yx=8m{l?L44_W|8Csb(wzpdZi9jIVuGs_xHY$; zySV=GZ0Iuxz+!owsOy8Aw_)20LHaIdBVhPfU_Lp%VL4HP1$Q0ZK@JDMMVANaQsH-C z%dzaF&%pfh?i_u?la+;f^YvX{rg7ek#?gQ=+;wkvn-gWv)xooc2T+K<|N4vzMYnFO zCO^u{d4Ac+dz$}}H%dZ}{qQ=M&XmEn581h``U{{xawp2qX#gZBAHPD zJ*0-nbkG*9-J4xam1<-|jo3wa01hJ_^<>J!@YR4Zj=%GD0j}+zNoPO;Qz0pR^UPP5 zvRnf%F<%CX&9X-i(&r)3(aqROHV#>$1e2nEKkUaZsUx4JhB8(_1xkhJZ@g?O?Z%x@ zsdRnW*;Axd*XRf`Q8Mf7bjv(vDn-;maxx+C$IaKpA^5v}iB-p7<$=caG)h8vjjhx{ z08y^?%Ngpc_@f0}yA|XbMOxjJ@j^ilwMvL4indHJi;ycv5v5~~@`6TD4*|U+`x4M+ ztJXPBGphnZfBaoZ`1JEvib3h-YGI;AH0vfO+Xu%n{>(T0%|u5U3?zBEL1Vzl*KLv8 z%1$lwaDe=Hp-X`#a2_rW;Ap$g=VZ6c8XNZ-&w@kMRwZ>hXBq?(*#{owY#iy!0WZBv|PzdRh7?a-`;zrPV|v z++HLs?LMH2%CNrUu!D^%J@Q0tHAS9LO9mCI$MDr*6I0wfOc)4A-b?`4*V-yP4B6otC(&`sv^J4mC2kSAcVzM@hHZh)9<*E->|F#v;jNMJ; zka1TF0qFg^Na1gl@FG9RQeCFuaS*(U9{~s-f%xrdfb}V}-PPxDyQ5Q!_OG$wVC{u% zJIHbKFI-E-a%JQ~V7LAJ-p`J=G#BA$GDw7RPMVVSDYpEL*cQm3eIc$=CW-f%&hkUS zzrjMGx5(W-pW_Y{4VZjAOolGO-pxpooflX!eV|8E$GgL zfi}O|4niMufbX_B9bfu4ZkVHW81HWO$00J>T2iKI^F)meAst9+1)c$ju#|N7am7p} zn8R`t|5(bR&YfChop!Z)vr-yJb?}0kL2sC-FP{)R#p6hW&J3%gHKBDs`(I>fqP?xU zYYn>&34r#q@xkvh?N(DkUtIFVODp*`x6F7wJXgcpw*m`^8p1w4wyMasILDSo_g5|8 zZ;x=WC0eMe6e>Xf2y-7)+B6sTk*;zz<6OW*ZhgggpB`==Nhd914u==vSz7Q9qX#u7(Pwp_H|6fnv(R{Ul1>9&1nC5#Pc>v zr<+$)Tck!#Htw2nI0%I5VQIb2g?5?S{d}zSHE?o18T+1-f2jaOj|TIh=DUr29e@{> z3iRG}x)FBu(0fnB{q{Mzwbsu7h10OU*mInzi9ztgj^}}Y1skro+9LR})4MQ`AgAk}4Bsl@IF}LMM;gLra26If?wW|c5 zH3{#Yr=YwkXb~W#1-z6WAvB;xP#%Hm&E=FAWXC;}`1^VAioB@#p#{fE`1#qhG>2l4spRtWupEUq0pbx^RCrYy&Lprx-yHW1a#NBBTP$9I&C)(@`m&@pX-+ zePYmKaOmD{0Teg;g}hsUZ?+_@-CYwX=Zy2_bSbMRYKsiaMuj0E;!K4xm2zHsIa{G` zZCtB<06Dfnq0VBgIaA4b8WOq)>UM0Z$`M9$(m)a;#Pj`muO=Snbp36^}A0l6II+ z$<4;wZkON|lfK4h|7*js93VpILJY{Wkr$0Ca|WD9FF4bBz&8ZsnhKadbdF0AV06Q- zz%Kp%Q@x@2;0IgNOCp3oUp%QTXLyKPdQ4g&!Z8`)sX>V*r2+sAriDEy@Z41a!D5u# zu)D8`6P7JIeD6=&vAD6tX;$4yNKRq zzk8M_i!f0tcmOW%*)qq3_pgdchf+#?!8<=3Lp*5Op6d=~@wgIa@`deIr)XeJi!D*x zRe~NDz1Ym4gXVs*x}@wYYVepUs8gEI>B>|=s66AIa{)mX37lL!_z@NgL<E;KDp zD8oPfkAGgHW(Ov&p`ASko|FH5to|wCy;zhE47xN}jcXu}e(Q2>0pg6pjO8|gbW1Hj zd`6f%!bSpvGu@4rQka?K9hH-0B}dC2+%^(&T@`04JduW)z5x8map5_oW1v?}LZ#>e z#e0k9I~A)+-_+%`S(ZYIvKY={SAWOZde0)LtqU|8GoWKEENw@Me=}ZLn5BHI*U>B% zCG4?7T!q3uHR~7Nr(I=v7a`Vn38qyqrmP*~GF~QsUyu52AfG$qiACnDUA2||Drfi| zhlaEBpC3%^IGSWZKh9r=P*lF*AiM-nR$O8jm}kY{i)ha2sR!VX&s+pobATGEiwp2T z48w*1M-Q5W%G#@Rls~gEqpjRPEDtU<)D|ei;^`BwlRUJHzS`0|w{<@h4ecJ~`eNYe=n8^iKI7q%w4r=l-0=4F;~Hpe1cc{WS+GDTJx@37;jZ# z<31XT2y+8DB8Xg0<-h$WFgHqg%@1Hz&bh z?Vhw@*WWa)9Q-RwN%Fq#ubND};#<9{9m#ug;cl>l6n7@>7xX8$vo7mt$A)VfOqmE% zNa#qha99%73T8G6X8jL`$Qdbu-;fPP35We0Kso5C1xEoR(qo+b4d&wxIUUezqn>CQ zWF!#g{ZUwbUCD=05{6Rv^a*!?Zo>ZX-7MnM#<(LwtwrE4u!(hvY7>N?4+W z=%uO7l5{|Yg`kTdCWa8Sb`SN57M@9qZE|~bs`*S#{65#AW=+0in&@wwYU}%ugv323 zso^wcZ;jnL!A1_iM`I?~@)i-a}7X34!;J4uS$CKjIc>He$4mM3hq_+KDz-Ewj zdt-zaz8;ii4d%hQQPKGof+H0GPoBy(q+O2@DlLd111uAZUcMvVeWXg}@@>QK4+<)e z;q6vy>rbJ`jlCIm(VLHVby7>%dfz`yxYLGe|5dce@ekle#EYh zpIwPSlOIPs`Bkl1WBdydG?1HM!-HF@f7jWXS$PQb{n9A3DASgh+Kpvr!{UkXU`eIu zHyfKAo~D+N>CTN8U5s`@feZkBeccJo=9UC1>G3#lD%k!~(#T!!h-{z+P~VVX2MYcL zzUTSSo_L+ayr?^0T*tstR5&AfQ#Qf7purY+$Pr=Z#_xvZoBvw*JK?f9TMYOb~w6=a@Ua*c}B5r6#bgnli52>EL0~h!t?qy{thzT=2Ru}p; zY2}~x;v@W~2>7n?#GX8?5A)EwEc_cW$qoc`)Uz)I;N+Gj{|MmO>Ozp6bl#1r`EX)t@j!S z-VkuCZ;k(JXg785UhA<^V$sq`9tTHnXYbz9@xKt9Zt8IpZ^`2;KWk!l4cDrcXyhJ} z2g(i5BNMEn0t+bJG~y11v1FP4Uj%qZHVpACu~m^n^r+g@xYF|Yx+UHlb!%$OT#BRU z3Vw>zK%9uyB_U!okt;oO#M>g(xKP^D5_8ntG`DmjdZbaQ)4u?*nj=A!gUTz&4Rpn3 zPVm^f5AsuIx$$sT@SaMTnkC1tHznU%E_=%G5CtLHG^j}#<34t7 za$3qV76PZ%*(f7}w6Y|r?7u++a&Ml?I@mFn{7j{bpvKXKB`y0WsWX4}{;Qw5}>Q6lDP#1N~w zg5cGpYch5{8J4k}E+WXNv%Jp8L41$kb&Fag$cCo#tbY-_%c4^jO+=M`3l)r9V|@zu$?eY*j}m58Uy?D(0Q zN<8&@6H}|-%+0>&A92bxnz&|Xd;jX^memvG(E2WDuim4d>ug1a+=uUpSN~a# zO;}Zwp21bJKl5?qve0rVjh5orD zae~k|miM4evK%H(Bt@4_c2oNt16(x0l?V@sfy|P&_cH#hBjYx_`GZy1V~AJ}a(p!j zQD(GR&XmZe)nMvY7*>edi`Da<310UiPbG?5?g{$Cj24#!$YY=G3D=x-Z}_n!XJ2bD zm>^#jbG??%u^{h4WP>T29QwPveKYFRCi~b@k!jyLD^+YYurd9VoyGHKne}SEo1lJ; zFwDKj`iGLw5}|M4B@=u{FO!oXdWa5R=;eKpq(Ti1Y%Ut|Q;NT349FS;OEJZW!hITQ zJ~|9V6_X~&`p{YffYm?&3-!6`cma4vVL$_gzT}f730;t?(j+ddhCq!Lll`kxGMpl2 zZV8vH4lf#@28lT{L)`(Dpjy-TSr9{~O0;cwnnANlvh0`bQ$NsRifWc!nb^HA8%c~5|uZ#bXBM|YB2AXO_q2PWD-J$UG^ zz9VyAZ<1QVgJ3hAZect3`@PL2%If5Fr`Dk+fK2~YvbZe0l+%aW>MJ8O#tnoSj7>gQ zvQ`wMjN*$1Ezxa})U3aZwcUYir_sSy)K<7iowM!QRA<@g<9N^!~ z3l)ylhe3pj>?Tk*(U{T1odA7dG<)hOS0XDq40lZJOtWj*j^=^G;(tc#@Xf$4%7{IL z3+Ue`d`cItNCsNEbY5(0etLdhe2KO|fQ6bhHWdJrC{?$2DzNB?adKM^e^E{(y;5^M zuc&YDd))4!`!ig+ zM>Pi2;+YKM_-^+&?puO^eXe*iGQ3$hFreEryHC~LTR+!Doan$k&#^IJq&sb%j*DA( z&^a?mlxg$p=&*c0Ig?S&-KfW;7ji&y(#Pg7Jqn#6Gr>Bt_Alij%*jpLS^)59Ip$2E zbTiC5(WmtY+CI?*P%|j(9BM!J`@c+7>vJFbQY!x8$g0;1?LVJ6lgmwef=-bI3`Gu( z+t?`1f+QW(bX*NBlrUljhfpSrBUC$~1TR{>J!q!AN4-V9va{f&=AK~(nufTu=n|_q z?E?bWgzSBoiiZ5XslcTkiY4%OiZwUETlGBMi!=%PG|bVR2;Hd&Is3j2pf6v>4jaF! zT(}Qi9n}z?#rj*gCrkvMF*xR%DPz`5@(WHIS*)h-+H?t~h9!N3JoCK@#PTna^>)J9 zqQWT~Y)6=BCg^-Jw9{6zu&+lmD-Y_q7j}k$C=+!C1Cgwqud1Vw@?!_4+Mz7DAEC&Y z2Di<1UKrDgwX4GfvF_hhGx9H_Wg!9(E2Yax4;x$!MS%F0M?o)2<^4@!K0pRc{TRaZ zG7F}hnCPh8Ik=2nBaCN>^%fQ{BL7|Df4ONh&CR>y(S<5rq=!w2W)D}((X1u+8$$~B$+ zv#H2hZ|zjQHr$}sM5nZ{U}^g1T}Dh2?MJ;BP3s(M7<=gprjInhykP)@$ z3M92@`Ml4(IszdFqt@;ftj*aS4QW$cHqPbm$R%_iWX)tfwFTFi=}Pi7_(|5`=awo5 zSI|tPHLi0}C)F+3Sp`#kek;YqDq3m17t;oshAG}7!to9BCTkR-f59voD**8yl#+W- zkD$*JGz>Bw==SWdeQ67&i#P3mnS7h^E;fi4P5Hj+5)1M_QFzX9AdR%DXwR6CW?>hE z5`S{Eyf1gm6pjbBb@ni{j_(O(un?vS6z0l%77Yz8-!++(qtqd>~6v)n$&>|J*}7^Rt2KSB*XWI?e)0dfZdqhO>a zz$)JM?h4{d7Gv`eA=R@-MO#nirBo^v81}%**f@I2igWcvjh~sukaG-2Y#yXvT`5tKOvA+IIG`Gf^$G!crFo#jO{Vv2J- zkNN6|7JvUe20C8P+wu{p4}+AmvdbhHDP~=0ozmJy7e(JE+;1TuC_$op0*nEN{2*mc z$AhjC@-!18eT})-^2;(qqTyt8s=gnJ$)CBb#U*9buveC5AOXWuV?xu%HdU8^k%aTJ ztU=SruaLVGi&wED-ycBd?WGNuz!@hq1qjgKj((X! zV1iGfE$?TmL{kuqjByB7ct?z`^Y?;j%={0f;l>xSqx5za<#?0)D76Rc##QlA<*wOA zBbmJjL3#J)0tr7#Q%iJmK;_s$^S-sFH2v8rYH#(kz{3j&e4jyC^nq@U}>LE&Mff%^UvDY6vq55qV z`pOs00SjI?Y*{xb2~SZwOvw^O{z5V*sXBK3(%IRp4N+V}w64Cu!kGJLJfRWlsI-$C zTF?6O!=9Z42tY=dRM}{nOK?lrcdNdGld|>wXJ&haM$|?V>ib18FG+JLL2@gjj42BMvTzX{XrhcYgwmH}lmM`vW=zCTT6G^!&YKa&e z8$0U;t^k_%QlIuOlOXhJ6YTSj5Lz8-t?jrGG&eQh*}HzM+-)d#Z%(aWpdiPu6xi=@ zc4|}_@Sc5E4L{O0B80vHZZF4o2wf{wa@jRkyaI257v|_S!4p&#q+UZ=1)?us)4cD_ zCsb+-PFtp0fBem}MSEcD^M_@YyPeeFK{nB5H-<1n8W z#u#>2EoxWIg^bV;gUuugA^HG<2F}rGR5D$5me@blkVkZYJn3ud6Z-3EcYc)PtVI!WKlYFjbDjC(-Nt=;-;S_^tu9-v3k|lmB$Tho5gC1=GZ_X>bdxRy{_aw< z8&K|))AZoiul1o7d&hp6_=UZs0?$D0(FQL?>y(%P= z?*%y64;H_cYkVS$w*sg^GO@JU9_I!HJjSB8BHs&3k_zgI}0pv7Ah_-3%y?{>3^44L$3121p;w ze|?)VQ+jz>yxObH3b6l!c>uJt;!~ofPzLx1rar~z2H+tM4kc>Z3oULz)`&X=#Ww5L zl`fk^Z2IT1B{Mm#T;wKsTi5aiS4q2I{n18yw#qrL%(=Ds0?trDmcnExGeMjYik5joX`IJ zmwZ-+S@NLuv3Om(=Iz*vJG>6=Hu;4{(POqL8NRb+!D(WbhupM3jXq!#0nQbgT(p-H zNE_Pg1_l`)LVFNEwn=K3)xDm4L%tE?L(6MRh&c6N<44A}7GJ~ydf_F-TkMeri}yAX-Q#&K7HTOVkeT^7zorYs zdQSR#fCGD(V9w0^S%=vRNx1AXRk!h%3Z)R|eLn5)sgQkCRz8*2C}!dab=tM6Ta}GBn~5zKdk=tDT|6~37U;q0SFM(lVP>G6*{_0fHrsoU4r|MU61HGVumESRo*OSfS-ew#@iZcO`6!@Z zBy`)xv`kR%d__PbHMHagzK2(WxtF@$Ug^YB8Z zT1h+PA6L#Qt)+H7q-=vtM$S@kBF1)ub}{-{Flff^3T_QxPticIcw_G{gMpmpJx)>I zkD43L>n1Y>Nto%DMS}yEtI(#2C6hQjRf{ zgB+qqk$L2a3Yc%$9c7^)3v;l$maNgU0c%8%-gy^W0}$PE0Cn5=m~i^N+htaelY($- zFg}-YTWk^0ZJ&)XiZ4)yA)eM;cD>ocN6frUMCb>2Cssk!6g+t*sQ;c|H!cL8InK>+ zu~e{s<^)lT@#69kc;QTMk!OxHr0%0=;nXtOQ~1)qo~fr0{jg-9s_vhTUwD9{bYRQK z8MAL((YG37R(8k=E3b!%)KBuVb0BSNmsae$_fGao)w*sZh)d&dHdByAKabeX$kIHp&gxy!erSN z(2eNQ5pS@~q>AKBfYy}rJ58FlDuYJ~^Hi$t%sO#e56?gBPhTwe2@$r4k9h} zQMhDSIdiG}txT*CfzNfpW1aZUUk_Bk26#ApvqTqh=6QT0u198uv3POlI3hY(s#+J% zlxYwpdKnzShY2slsuut`aUu_4doih@Rc{%)h0F7Q!j`PSW1i;gi>S#l@$0RD#4&1- zTz~pVrGQEsGg=x4-aUi!J7ur(@IiF`ZR~suyznJI5O*vEgJJ8Jg{&x4Cc~ zsyobClVpa*GBQo20kZmhHz9!*K=g(I{{1-t=dq@x*nmd05_H@3OltE1H3_e%jdUDT z{d~B9Bc!m7kLQag@exa!AHsmz4e$Mtzr^1x&YkW7rdq+2ZaP)nY?OD zS@qP^(3Qn!QVnnnbiXN{#>W9K8V!(kLKwU<^Oy{*&`AuDZmdJO>>L}BMnc@HMF^{# zOhRHk3ydqQV-A&q9n52}RauY;iUqv??gTHUThRZ5+xnIFCr{u;k7&j#gc>f)v(s5)}<4tyIjsdTn9g_jM3AnMDFheW`rReUB z)f7gzJZt)?=NBl^2@i#d;V3b1SJ02no5Mb9x&Z5fWm?Q{CKt%imp>8% zYdrCr zWO9NDY)l~yc#b(mmcD}$%5PJ9VOV`-VU&re!%uhVbEjdQ_a$n*wJI~59eBmjrLUUG)VHp=lY-fp-AgVxeH=5=8<;@O&{v|Ufuw_U>ke7tCgYwkZSnK zp7Ot$;1jJ?7=cGZz^XdR-`~v+%SBRD^_Lw3SXRveLUsp%tzVRngWk%N7Z3rO0k?7m z2{Gp3%pk~A`SiPh)ysTTe79F-)F7uR)=<=ocC<-D8G8FVq%4L_qA2-eZMT`vehK@ zV|bJ=o(8O(gIIp}MH;kr&^ZVf2m27?ERc@nw&_PR%v@xX!JzwwJnrNc;^npryE(S? z>F1rbZ%*qh=k?dmIrD>T7Ma3@VNUDLuh+-MyXj}R-x=jFFJ%8M|8@Rbb?1>8eC$kV zwaK`qiN#+yiQ|GeLoIwsk!>oRfxJjmp;yZc5i~ju?Ye}9>uHr}C~|DEf?0wvxVocj z;|`OhhSDE{&McYg(@IQ)(Y!X1llH__Mp>TjfSv-Pz)&Ici4`ASA)guJ@bIj`Q3?n? zo6tn?6d;qpPWKNFJg6J1F1~z4DNvt7?f8q5xfm|7tu~0YuBx0|GD^~vF2M|(#9pBY z%bj!rS-PsA%OUD2E3MOBTU>>`van)pW?mNJ4n-jL@x^Au+9);-yPDk`&d7sU`R7Kxfwei5@pe@P z=*n8cx(xhxt&(^(J13mr+O#gBE?Z-G^}5o~$~6tNpg*&z{B9Dj;SV^-fZQa z=m^DLmahSOYOs9-K)S@i&ZrcM?14#K2)l~&4C6>9eP=wf7pte@C412~c}#i1IxWmb z2hu{<0LI`Zr>bXuv;qza&_Jk&gy-$XwxOg1r{3kp5}`(O>)$$?75lZykdd8;v+B(W zTgyZbeR#Vm^BR9sLv8&_bfKwOXQkoMd(QmYpuCze-1l`TubsUZ+JzKzZ`EU5Fu^XT zGDPmXy>4{Yli4)*PPo_)4=WoE{GcMSozC#3ZmeOL4!}LZI&ZhTUDEY{=#L6W(Y&(; zlk6>FV~vX7ms#kpndD?J{x3W_KUy)KG8OJf-6tcx>1k65AwY8P9+sfsLew13xUo#& z>Uhn z%5hOmHh=C)12u+fE&8W>xfnTs9xw|T=~hHc^=#;WFFNNi(k^}juAs*x|Jx}4Hnt3u zM|z?W>Xm=x!O2GhQZ&<*+@-%MK38m-8r6U@YYK-vHlso~)bis%lC6)Yj@s90w+G>a z!>_>Cs=Wc+mgtFuLQAc7GRI&y^(n0{cqyqqmXHV-;H;dQGMLr3kcI1x3A)?*;Y8Vl z|xpq9}zVYLJ=`3=bT;S z{^888fm^lgy>K(In4N5p;p+$#qHL@XYV>eQ4$Fd7eq(acNdVu7 z*36^W%_3){dZ7G?XqPemhXqZ+TNtx)ZHcW7*94%%ig##w5 zNz5`Pm(}MdiUV+{nrz@1rz)gGFXo(v;Qk-w4iv3L)M1w#O7RXW7?{p)juFfQ8TS4o zZ2l)72F@P_ghs)?W}je&LS8@f^zn*XpEFFtHwNJ>*9PMs*)hHwVnm;#E2L90mdS`> z)#mLS%#Un`-vA@iGw;zK*lhovqu0lC%FEHb9gGK8(j}|0I9KaIUxj4O)fmEoj(@kh zZj;Bfl$2hY)lDch>wmvig`JLL2zxtDZ(7G&QFswNX zuS5zN*I7hO8>^zH%_M()7m{4PKq1Cr6c&mYB-xg7RDo zr6-ZJ_=`s&^|p)t%eyt2^6BZDCMk6tjdJxZWiww$lyyt8m1J{UM>sd))KgR~06w}JKu#6lALA3Ns49S2-|6K0Z$C(3#rn4+ zn4Qa9X3yp8?TJ=O*>AvTR16Jld&qy_^i zOdE@Tea=E_L;mc!X2$jRyD=>5j`Ay6*5h~fiih9v$g*^MSWm_w@gSxer)Y;4!8bEY zupD>{$Ooxy=A@^09&KLiR59BsTHo0^^*6ZoMr=pslLtu%4M7D5c&sbv`!x|+sWeEb zu`H1YLJy$Z{n$u&MT^%ih#Z}8$29Y10X(@&Q-z5+aG`-~*da&sEJE|P##r&!>9US8i7F>>)F=tW3$t}2Lb z2s1HDGy0dnX^!4ZE^J4@h6#H#Vl9jXc4;x4$@k|hTxZ73mEW*H1e^y^D$7Z_QLGVj zTt1v8mdGXwyUeFrkv!dJ@mY?wRca$V&GJB2M@(CclY6R_9?eo~RAtf4_6;x(s%Yo4>#DfR$}jL*yz*#vtvCGr zHBymiF^S#9yzH;YB3VCbT)_QD-Xm_ro*eNrTqToEGgN?%oRaU&&r>Mb7?nMgrrpE} z9bh75vUsg45wN`tm@Ysh8nS#KL4T%kQz%UFx6rDHfKl--luJHEizIfvD>guA}6f=Q>|b#=58{TDfz9Kl|) zSfj+s;`0S^8@s9(X|K8v0R@z#jL-w(10 z@9{CGGWC^|P*=!k>duG`f0P#o*Ip$IVUw~GBi5-@Y`Mc_rsh>3&@F!xH%RzJI1hgZ zR5%bLn;p4G6!fxu(ouVrbVq8an1*@*gmX&5P}trFf{z*n-vcwA;pdjpta7tQJs)71 z1s@R|2ENJv^A%1oD_3b4 zvU@gWSwPE*2)hJQsjPVL7uZB7>B*K(N#6>{gI5Lai@Uf8kwhjo>8IAAz+Og6O{VZl zay!7;cP~Ip2=ahR5?C_sg}1iFjB7QDHS*-9PLYL*-q0T!Mz9i-iyQQ9%->2z-FfV+aiL1%RI$n|1MH3THNbQU zRk!*JA}G?q#U5mf_Kc6p>QCUCflwcon(qcqh<_YVK|bBuB2Hs^hW~3XnL845&%2I5ib; zO;p%yfkh6fQz3Nu$-s$wV_NtM6BU^GMBM30A7})M{Fbs6anQ@`fRmSRFK_QP-#dpH zaam7OG}Y@JOWH*G{BaOz^p7Z>x?R=JxV=eeOf46nkv{s24e6nb7iBa&!yz`l#m2xjMNkQnn2u%rvg>6lrN z8S}LQW&>m}?xqp6m)S2HF`Ozp7kkVat5e+?N}Mhe$H_`7yiW2_`?C|hy1_kT)V|9Kw*NM-mwWU_!sG8dvsNDnoLJN4 zz`h_2RNd`L!R%5EerC~#-NI*XCC#hY;*ZL9NVyOSbr^Fkp6`3*&W*21+fyvYO!2E; zaDU8=YY*Va-Pgp-@3I!VW^P`Y(^-m<--`zBl`9=|MA5S84HST@7NCM-E=2*!Xvbjg z+mC`5Zh-$}s+1m%I`r_F_T=*!uTDS47z*jxgtnRFY1QlVUUrg;x9Gj`I#*Q^H?CHV zXg~SID16}Eud?Xva?L8Mfd3Nn;ltN!A?FG)m15uXt?f1E&p?t=OihDs zL$1&Jq`9$8OMQR9l^GITEH4|vs68V3 zhpviahE9U(v@R`6jBg8=1Ob4yo)jc~>fFOQCTERJFZcmvtJj%4MK@D=3y#xcx88uz z`PaA#Fq_}06y04vj73lG+#QER*jE51E{t){fiiw?F*sc;0uNUA6Zm|q*(RQ%5}eEqrJ9gqu1%a9u&``oz>GHTIJe8LZG1IEo@@FQnr6Hm61 zgbAZ7CF~g#;7g^_95j!$iHzKen8r*R5_fu%#QGV+XxV*pV>_K_Su5IFe0(7fZ9-im zVVyBSj2q2Ity(avZNfKYmIvduWxf^2q&Y<;PGkW<8##zs%4w&sw=>R%BxMBB1{YT? zPF@kF2Q!J9MUX_D9JN>sp9FfjBWRo?dL(T7Lfn3gumKLe;$@Pokjwe&r(xha|KcOg z>pBo8YK4hzTH%l27$8QH zDZnleGYAx;EA%dFjZT-r$MsTRZy(b_iwuIkNX%x}_wD(Rt)T%ItDI4=yQ6zVInu`w zcgwye{ZQQHi$UwIxYkh?o~rv0;&-V+@tT0EHB6fCzKGY;MYmkI432#$>z2B1x6g!( ztW@@wn9JztNsEDm z$4G+3-jg2NkxuBK*e~P*K^hPuMuKY>L7|td11U*g-7Qrn5H}C-(6P1^!MND{6S;+C z&1o=nGu1G>rN9)iEe`)@3kY3Rn`?rVtkgk*m(N5MQ7O3;MF-HJhaMny^98NW|S)rkc9aWqjJruw?={f3eBc`z; zJU=N?{=6D_jgeWz&{!brN=lWokxb_`rZPr+X|#K zz0#6qmyuqoV=VRCPcpuMRFywC6oXFqrltD$6x>tCJe3p|#kwlfliG zz^E{Xd=;2{CV@_hw%boCRp)2pa3Jq8;Bjr)0(sg(>M#?B*?P7?R~XM4BtuLiP>5I> z;)WIRM#ohLJ|281zaY`$-D{L!8ZYb#&eHO$=NvD-@YK=OTw=AE_3XY)RrzY@3@Fmm z+?*gd@4;Gutog#8r^{H>Kr=f}(>@}>j zsEWC{P@-0~_tCNPK;tsnzk-*jnK@sl2ZSm-4@b5sU_9-nI$c_uS-^4mPj|fwIhxtI zAYZ#hxRBR3q?~19FI6y%M?Add!*TBdt@Bt;0Xx$q0PO-X$1{=i!lD)8%jbp9g* zQUAl$J;qn=eT@RIZQE1Zp4#oSo!YkTc52(UZQHipscpCS{Qh|EbMKq8lYDYsB-tl9 z*?WE0dY}&Ma)+Tjo@%K@HqHGtxV1DHnbYz@E6ai zUVvkBv6Y)_vN2md&=m*O?t!aDgS4KQlVFSEz!ZZnB|2xvg77R51zYBf-cZ>(LgnH0 zIAMNu=4Z%6$s5n(_j@Q`bpIwR$#$`t#KqNb3bDyz}hBMWXyeGIqj&m_lm? z>p*EK#h$@ioVl^iF@tP{da52E;n1z5v+QE}tZDXe**;Hx>)a;GG3;fP z6Y;8&A+6{LbGsxM0+EDFS{gI{FTJh!8|%GqRkDCG^{;w2tkN*F}la-Lm} zrEPUyU=TPSr*^^lo}AoWCBI^xuXVkccH8ib`f&uwA+;l;`?;Sea}iWLzC}}aVR2IY9yW!<@J@hC% zDHhwH8^%x?xaECp;dTznl8CCK?dmSg0Ip1IoFNH^Q6^ArrW=D(Jc~SNX9n1+(vLIL z+WHwL3A&L&V+<-OOEY&}D#(15s%C6aTMS0sXG7A)j`Aa96jDa~0nRsg;@76p*>Z3r zofFTr{I4Kn^rVsslVGqON>%59lmc|rUwl+%H?i2n)KcqE5-^Rd^vLlt7%SlFSrT<5 zVfj}GgYbcR!!$XMd)aO1!BLL`7DNf(^6}B|_UQ5~j7p5c-I#vTcka|7SUo`Z0jB=t zg7bfuKmo5NSYHAw(uRTjL9b{2{s9>yt*Hae^8p)WHD$~UI`pb*>BO1apBfDz+)qmC z!l;*O(dhi?hdY5~Ex(f^`twqruMd_h&Y3441{|Clotwg*(8=-Uv$eIVDsQQk_&Myr zzE{BYKBf$>SL%#-DE~}9H%qD73hl9Y0rrQP2TTTJs|vp0EeY#~>=Drus+2<^0u^!J zRbe!{WFSL+nxMpJ0Gv^=r=GedY#!)ra>*U$P_o0q8MQ^gjNXS}?s)P1#&}$p-Cj)n%U0VK{ zqUfsv+XeraPaX?7qPyhcI1-8Aw~GtbcD{kcI5#gn{NHz^wX7N~CWmvzSvt`v%1 z0yh73wHq^jRb9NgER*+qPDc17?t$`UdMbtY6*(VU4Q!N1Wzl;a7P?hs=HAD|8zD zNlD8~QLkM;#adFWN;xu^ojlO^aKjX1P13x;(&|SY=i1wa3140WTTI~HCQVtmTpIP* z+9|QovzR$kq&PTk?lfdgI9ziq)#s|8p_1;JUCSS3s}5bn$5sqKPnTAda{^d?mbYGr zXBIz53)rQwNLE@_E6vN4H9b)0C8K~P4z>Wd{t>m>AL};~XL3Y*9jdMpay1GaBdV?_ zBV-(^3q5lliClE@DW@!RbN50m>CSxRJxxfr$LnB=)@!B#oLL$j*Lal|@`D$69 zV?+iJFR?Oz(j}E2%}1G;8W%~Ol1*W?vFyA6~m2>|<)gR#=0^_r)Gg*bg`n6Ya&0RSu$`rSn-o+xpE-rq@ z?!QPOb%%xGe~Ev$N6oOTLLxP*J^pq=e<%jH^bCjd_4?8R{-T3WWQkn%p+WZn^gyDy zv9O*9J`;UNDqCwm*v{FvRrdv4f?gHq=*9UCPWJy^T7KJTec8)6fP||hvMIY+zNQMx z5qDk|(Qp22yl_yvX4_nzSDRq5I>$Y202C7DdhS`4J5s+jqZXgPlcDf$2^~zO8Oh#5 zyWT{b8ALH$ftApW$=;yXsWPm<*YrNJYQiGd?fkf_fH&I*+@7~GtbDJn%3nmtFL)?r zvDb_BHgQ2)wFOPyw*`|R&g921c-v5i1YmduQJ}fG^3n0}dF}UMOzTSt?7b^p3o61m zh{~^oa&&`n%G!Yj+)Muy2qAmZg8Y5KTGGwsMn%Z^oSPREiUE>PbVLkP>AGSt68qWH z`AzNhdp)*>PAT5}!gGAGM@k3E1=iFCegiWA`TZS}L8p^f&eqq_>*J0P^85PxD_Xy5 zs$9;p!ROq=$w2!!Ij%rO6dO~Z2a>+B;@(zGIknD03Y|U}^bM{Na#aPUP!Va^#%9w2 zN6>+TV|TEBryKpZYscme%$_GV{RviQjveWnB6eP+lc}%Wq>atj#}i-}YONw81L=pO zorG`q+x^%?M#f1`x7*{=RMbG}O^PZ*PivcdCRCr9C+;=~XRz%MT7mdcHVB4-29Sw4 zuLvUUXEorjb_-%;XEcoNS~-$F=@qiT-;O{y(^!iZq?5o3xmFFZvR}%r^F`=2-J7h? z?=`9yeA72@PE$gW>mr#}@$Da%d&q8d-qvnMX4k17K;9dg1HEBvK4dy$(9EJ5Zl);LY^ z>{Ilc4`~>%T0-TW7>;Jpc-qfD%)M^(>irED3Q7cM`0RB=riflrpCM)1V2yWGyj;k# z!DkW9CbyIsbATHj-P*Wkmc9(h*ZJR1a8bPWs8`2ILLQFdOsJV3)bynMf74`)x=O^r z!V1VI9uB|Iv}^~T%i`$Na0!ebu?+Zr4*efp&4I@zTU30kFqdQzTy^#y~6|TOB zY(_M8s?NKf$tA7!#rQHZdOYgBqHvJhS$oGMyvldpQB*c1yfMSa7 zdQ`*-KDcb&YMlEN_1h*RZR3{BP~jRcXMuYY)2jY3jdDB0o6372P3M}bl_xNNxbgr> z$mlA>@H_3(UWxW7xk~*km%;SLi223_8>C-PRIYBHc5V z(^yID1$I-qj-N-M)>0*LQVh3Dh*ujqLKUx{_#6;5PA#micy3$~a)`~y-yyROVK9Qx zRhRVNiU`0=U$MU5v3*fz%6WHPSwds>y*W)NY)J<;iTTkUYsc$Y?h#3k$12JzxebMY zxeMyGXu!z07)K6bDP}-|rY!`p5R(DF-L` zERfYLow)ap$^=a{v$&`uAG6T1-*MQ#lCk-q0foq|QYy>zCiKyCu#9cXnx@YxK0Q4#NiA+HW z?C5+4yry3+I&HknXerZRwtX!VCYxJ3jWne&CL0YgTjW%)Q#i}eKE|8keG=sRHyf;B zYp$lX2@l8Mq3UWO!_xe6g8SFvNH{;5bhO3w{B@3zSS3GWq8m>139*0uCrY0R@G(#g z(xa9uNWnoTiE(Bwj?s9oidX_rVk{W9a|O~Q|4I2V?3DbNvH+0pD$i2Ti~h{W8D0Y+ z+BOZeMQ@?!EM_@(#s++Y*VP7TwgXdCQm}jY<&%PfszTa8T-=F#48@?CcUBABHHos4IW8QzlC4c$cy!tkNRr54V z-6B(l!(~U&A#nV9+d*y5e&|8OlK$p@G4xE-p1Io;QP+JcC>vgxeKP!=8x=MzMuDo-e3=`n zp$jJUAq*>~6b9VqmUJ3u+RzaD@e$w;_BzXxWhNzoPCXuZ0h^NK7mdQhx*tUzjBwuR zr{hy{)#CH0NgIRtSBe4}DmkF)jYJG0?5VU0n-AGVhT9#VWKY(~#?L3$vWsHCc(|TP z4r3rql7fxDdt(fD666adQ8G3;rWaRlNU!3-U0@ zrhbh9@}F{%j8W1gXo$odj0Dp z&CyYb(9MC$7%|Ap)9r_M>|x8$jx4@7C zJ!>zE79lkm6|e?RqkNPBDh{E<%!^Tc1#xwH5a$j25h~o9Xw^H32wza` z5W>{c#Oe9y42xx*=>X0~`tVa4`Q&W4|8#?f+yDjnYQ=$~GuPCfp)?LZoVA4OZ(Xd6$Q&XWKk5N&uUUDxEp8 z(LPWfYWypcC#`+XoBnqZhKa(C6|wE1}`^Lmfu;1Xi^><9j6i?9pM3%-A+jdCT? zff|>Lg!9M$#};Hcj~Z&amTdoF3vXJhdGn>B2$pQM;LM$`hnVMewp>&cBNr8_HQioK z1mDA$8;-WW72>D3Y-FNwJV>8)Z`470MgQO|pQGu0Rid6U4Tn{~5?jg;G?=#s>@~Hs z{Y~wY!D^QlIG?LEGZuv$wWnAUlyR~{qHGZ)E$HZIw zg-3UM6*9t4@px1ojY5bRdl*;ZC>f@8whTzIDq>s_0ZWA%%9w%$ewOU}X8NGN5C^@# z@uqSLY;889aDN&MX{e6j=9*LN-bJJB&bg1Ad&tbqMJ_>X8feHV&Oi-4HK=!sGE&sj z=-TXtsJ;@BDR}jO-|P6q_WRL$rfbELzGB27OR*DbC}LZhv?(1Gd%v3mFAoOUzx#?+ z)TJpD)OT<;jqJcW+IAW_xb(TS5IfQ4w-o7$5yzvQ9rqou*L^W^Jd>wW^i2O)PG+|^ zKH<+^{PAWXJDUSLz~t_Dac}rT?AGoG!dg_pw;Fc9vi+IQA8Ht#Z^VxWg?);QoGq%w z+Ze}Yv1L5MR#sRO-6sbYwSjPn`Y?c)>NzEjm{%Po3eO4o?S4k#Oh@iMyb*{rji;1* z?=z5m1hb299P$;2vnni4(1jPDk#2NXw?DodlXe6B3->6qGoYypJ(nqqRxKf9aVI^`P63EA{|!upkYIA3Fxhx568tUsTh6V1l6&Qp9?Q9UVJeli6r{%v;nHu#{&n!WI63U}AIsF1n82?DZ)k?^=Pw_b^1+$QjB0R9n-&v1(b z-4kJ5Iy`Z0UL!3PZ1`~K2ZTT|#KqtoTJ1CH-rbt8L*WAi)fZt%FB@y(Ll2gdZ!o$$y9H#4d$I&JaXh`&lgerd~-GCA|8ta*Pj{OKzn2&t64;&*d-vB zUw&;#CZQzaoKUyKu9*0s{QmD3E*jF#J#Qo^i! zM-D1Ak^|)Ht1$lCR!7CqW0|XH<7y`3VHppCqjRh2!sL(!^4JL#<`n%S4(>UYfflLi zEWiw>KJrGRAU;^kw&|u^m|7t+t44NqP{HT(+^MZ>+j41*`8V#)LG4=WL3Z zlgF(wICXrRo7tvOHr$bahd%#gq+Vo%(ZlFFRPD;X96C2O?*yd~HBW##(ux}*O3Mj( zeZnpGcv=NmbsnkF@YHbO#N#(rRMt{+`~G7WNOGYtG>PNfg?^OYV6DP7BTA54&j9s5 zJNq!|QOG3iP1C*m&FlN5kLva60qUOP+lpS3O5g!bni1=6H(i?qZkkYab!8GGe>hbu~fR4Ck(OPqCz$LPn z6O9%jT;jy_WcAnZ3AazO_Zsu$IxVe+A1NDB?ThB-_QM1JAZAccfS=re$_=C~h8D=s z9~u4_2ofN-Ewf4WG}9LD%daDC9IE3puMpd@cBZ&@)3f1QtG*(SZaN#G!(}0%-sHHT z;(oGz<$Kak4@>yfGJ@aS=59E5WBLdc>&}oHo8W(Q&%<-x&0bS8GeVeZZl4n_zK)1;C@?KsRARXOVwA zcTJz|3K1CpR7ws^C;e7~ij50GE4eA#m8#&ENOC*|%+9;-qpC4)?U!}`IVs|R)rDYy zH5DsYz(9k!o`)(<_K>Gn<=05hq~atrVm-qCB{HrUDZY!Kw;3KMvnql{+UGFR;~Ms} zLobulWsu+g0n~P8L(J!i)Ngq zVZRPN^WJD)LBYJ{rqk$mIf?YF%KDd`&X%a?6>75`dU_14Tj_=^^^(%M#1AEg;hjOZ zb9Gyw#plhy(JFoVWQ63`NP&A*C z+IS<$&v2f_J`)-VFb;mfz8axlo2o_i*{Q8Rpb%-O5i*k1s)XxMa3%?ME#Mmy!GEO> z@8{X9HTR-WJ`1T=eohsb?>Wou4ds&AEpRZH_RhqH}gHD3roI2(PoYAysx9h%Zf2JadHVcI=MiwjGVq= zGzF}z&8^{ccMPx}r0BVxc+tX&QJgCQPVGPEIt@Roa$$`7UmqFK6z7I(hmio#kWH2d z01eSdkA92)0u9g@0MOvp0ssxHs3TzTAq{%^ngYX&pG&7Dj#~gKs5ATj7h%Opu%teK3#my#s7^N-W zr2JGN4d0@E(V|rE`-?!_zk|8J0@eA{4UtmY?B>xW$9}9*9XqZ@1M6W;#wo+0+B{TkEO(fIyE~;`@_>~SV?Q;lh1#NC$7nKoKD;Q$UhBTxbc|~!T%j=^q zHugpxjokI*@!XrlNqdGkL~B=cMpnnc63bvJt^PxX>Ob}fR^SqTVQ+S@O4XCsj-^xd zkvz-DB>pVuiskd4ioIO78Fh&YA?5K`a z(jObf^%WKAa?5H1VV-Ij^vvt%02DkMuRbufjn$L{uzXc&oGa3L4D$PZqt54r-QAf&MMTeADqWZJSe>)lvi)Zqm8a%y*v zg{u|gdGaiP_~54YH+jvHSNmFgE(gjEb%VI(`M3)rWvRLz-#josF(OvZr{KT9Bc;bL zU-)q{aL_GOn1LWcl?H9IJ!o+be-OOo7h15&-|1$DYTY-y)gDB8`=H)1eU)FowAAlu z*1B^%J|3XAi3KnXqpJTl4TS~((*QFGFb(2z0MkI3{T-X&H`x9k(=hi8FbyFk0Mqam z`M*qqykrx1UB2(XO#|B9Lyy!nue#|JyW#^8rjl)Pwk@O)9>86a{AN zom%6_=_wBx|2!}Gr}^|3bUaa!wRn(8>Fi`51GxxGj7uYBq%ImAOjS33vOA6}F&6h} zk2N(7bm4~xMttly7?i4Wrprt+^%)etEC$Xo8w!|Y@`{xF$hK2)4i_I!Z)4%OQNg@P zzTzVUmOX_(&A^jaq9B9CL^nq%HGD8O;GOz3S4F!vy_Th}g&-@;yJ9YF6*GEzuzTo4 z=HgP!)IgV)8`aa)U`Nl1{0Xr66tKC2wN4dgN=|uPZKmKxFIJYWg}JQ$?&J4M&DL2; z-4&;9MYy;(jrmR(7y+vRVVavM?N9U|lRZ4tNKXbp4C zZw2+WnrtZhG`*b4rOfd&6V7oRsJL77C(e1A@O7NRyyTy;QNI(V1XoNC2M*&@3Z~+2 z@P;hZ5J#8MFY;e(5K`yZQBMfX@%Yihy5kXcrJS67I5g zr=lYw_$sxvDv@b6moUyPBCM4)Y41KRI!CeI&((ljFhI09jZKVojG-09`{0@qi4TF6 zZnwOn3Id8T0xymNDuqD*2Hsh@B`YY?*39cME1dJEP2D;{t6zcc6j-EKj7IpSCve8<8ill@B}(e#|monBOddt_AO zAVt2ys3bae8oJ&v&4Oa`+dh-E$pXl|E_hJ8=#Rf~dN?pNv zR+x?5&C48oR(|eNJ;#)0nXQQAE2D;qGM;lw(qjFhkj_0PtGhbkmYgKirU?5{a87nh z*1({qdUR&q)&ywEX&jf5+SUzt!JjeD$F-b|t4+j?F*a4ci|_X=Vpa zWGzVoMt?>sTZa4mmalUc zMVtCvLbD)-F%E?vH0IdQ?#S#(R_^q8cYGzAo)h|kyOOXpp$X5UlQRh1*M2-U zoq435t_d#O<75>?vBZaP@m-h+FMROpPtx#2t{@RS_3QO#&)1F23!9CFW%MUbvA$vv zGxRoiAgxbdAAav4xc1^q=%}gsrM_^P6|zn|l2#fgSjTK)9VNor4+&_1cVOw9P3>rn zbM&Bjv=FxRf-l@rX?6{ioqE#QnobYzhHD0Rhc&6OdPIvy{h*#~(}L4`*TnsT|9Xd1 zfOkOow|8LgZDG1y$^Ei{5Ab1Zo8mYWe|rC~clZHvQ}B;>An*T=cW{mU0(gfHrY?Gb zcc?#0tZPF5AMd~)4e$;priytd|9A(Ede_BMPsibxL_fzcA;qJ-%+MpzwVH_{j}!CX zL}($D-#;Zt4FZx_`PYw$3<&m25LR=F`9V%%CC|}aNiXtJ%ud&5?UhqJN@498V48C* z+#v5f5g{%-70g&|!;s12=hU#02fZMa4v&xg&`E(7UqPhE!Y$Q|U0o#9_-T;b_Mecs>UA{uK z#E{KeKC4vJut5=?;S0t(>jENYtmV^F=hB2#JdAp)$9Y$RtnUt$w9fjOwQCnDSyj-E zQ-GEg`;sI`nNJ99AajzDn5q^x)}I0(!mq`MQvhKon0jQhW`?}Z`O8RynX!n{Q*5Ae zK$-JIRNMsIN9yE@p*}P~1OjAd^&En3({!#qPf$)>XI#v&+^10Mi244audgUoab}CT zs>67^nsQvlwiKaX0_`6m#MDaEhTyvT?pAcI&6vM`gOBUO1}kuk$BC0>swL^|09C}e z2mM5}phg;JBHI=iG%3scz{WsN<07-$`VV*@CHf�ss%M9IOOxrK5i5x6B%xqKvOW zh{zi?dEk6dUE~38g2l*X7S-ZC>b4GIiKr;Cefq$=KnmUKrk(a$HzWxpYAbz*%q-{Q zEE?j3R#l+Yg1DawR?)I<@z!;x>p8z#bpYpJ_BJ)Tqo2)AhE|NUv*od6O92~-oLB=c zK^7k;wG2BH(JS8601!emsW4Y4HOMf;;I^SrPN7BpbaTUKHra-OLAuIKtHWkaL#sn` zr0>p}cinz*+YBTyMBF1ebl}0X&(Vg}KS!0jpwg#niOt2{6hseh(SIzf5U_Fzec!Ct z`iMklD`inlCr%9!LrgxihxuHyfLcO-q{Th=3-jdj2<}r;(4e&c=96kOdAHy^)GRSKMlVSMcca@;de(W} z?3(|t0?*U#r`UnJ6HvK{Zgg7gh`-aQgf;6+vqXhKoJxHknA+=Y?@R`HtsUv(mAP~@ zRN93Ml%E$v)nI1yuXn~)Xfy$Q)bR(HI6s{^6Fa7O-w z>(67BIgupNi-`|0+JAdK4%zB_jE4?ZReqoMVFoZjF#Pca=8*^jTuV?FkWyi|i`X<2 zEh#|E*Z{da>Xk|@-*X+{?jDF3d(Fjv{6#}`(Jv7<@{=Mf^+O6R8W8y|a1E$%E69Zk zP9Sk`q|^eAnk^Jov3`0=EGMGeCn6a467}<~;7P3 z+Mn8MZYskuFLnNw;Fi3u##teYQI(CdH9@XZ<>=S?9~YveOWzlVSZK>Ysc>@}e2>pa zNFC&Dm1A#og6AW6bgn7;dMRdSt@B2g1Eg~P$0NMz)4M4KwGQO98>#3;ujF~9`qQ}| zc+JP;f#}aiOd5>$=y%(BqgkoJbR?f<7AMz3JyIo@q&%B`+AerC?FALpB?qo0rYWF} z?RiX4aVB}fyY@9pd<+e3-BrO+wUZZOBs)26*b~3C|FVu8wj5t1Q@9FEDN{BlPP&>_4MG2B7v{i^nI<-ncD5>3)aCs+`ZoOErN@(Pv)J76;?E0lt6}u$q7>iY z-W&#u+$Ns9Gh05-DnlQQ%iG8vmewP5pC6U&D#Va3OWj1z8&I%m_r}pdHkf{XPhC>B zwp}xRKYNBKwnXb3bZGzyLJ1|qc%rend70uQ{f zp5Qtp+YZ097_(;toqMYr6ReWzw0`u1Nd_Ur{@P0T3;)Mq5T>dqS9*Siz|PuB+VXXM z9iojM*5U_kJNi|&(1R4P+DE8N? zMPoy;wr6*L7p8VYM!|cE_|<1Y-ZDo>DP|%>8lzX~)1X4JxZ)P=kChXu>UYs|aFwV2 zM0Dz_r4J^a1M?x6Hv1zeIgsL)^xM%6UX6oWpl=5O#^TISV4l97O{t{xVlA}}2%ys4 z%;7PItTB;lxm{l)F@hqDU}-K;e`C-09p5goZ0^M&=FE?2AmYp0u_`netB_pq`^g8P znI^anVa|RKEJFp$!X;7LXm55g9cYD@kt~f{oPE>0i_hBf(oRy#5iwt@>xt$ zjbQ9rOIg~{8Am8vKqXxz>S1)x?~;VyDv1&iEX?-c1ENjRsV@t;WVqUCFT<>%Pqb2v zAQ+Yr`-~gPxWS8|=ux_w^iBp)R1PIc5j%CQt@}~?Z4yEpEtkA`WtNO6MmR++p%W7vJh^EI#fw2Gdg=IMF$UAy zM6EZdb018>eBWpPJ8>2dIiPwzk+kC)Nfriaav_YJ#Vn zTm$ShNnYpZCH>$gz3Ciz)RcFg&$R>qgK^1~VE#aC@3EzQ<$TC}5vKkf<#S+7dxFgh z>)x2%);pNWy=~fZVO$-vEzK{EEHNjRNqQyRaQ;O2AnpSm0-hM@dEFn1fOoZHKqDMq zx&^&i6$1u)ID0(&u@LlKvmlc~wf<0y^zsQ+2WGP_o3Fh&uYpftlTXb94k_;EpJQ=| z(W$={J6eh!i{KACEn3J^J0pG+!JFcY?oe?PFsyY6icCL)8%`T1y_+1J7F>E|$7evx z-Nt*(x?V!5T`O0h-Su2QsDwB!NdqK5+rQz?7|&6O2@W=Kg6 z)ogRgIKC7DVqhReao0{9uAdOnH1JBnZjsyZylZ5>>!FSKI_&`6@{g=$cBswin+0Cq zDT?9HvATWPiZl=S$c(AZ=+AFaanevD*bTKvoqfxdv#cSGp;1XA%e^W@1|Q^eOcJ{3 z4WKWVe|XWWt|&FThOk3rdIt(`=Q85^sg7uJ{(6dGv3oIgHyy3txOztt4GdEuA?tyO zR+OuxeAkYNjIf74&q*RXc;sFgg0~kL!4{|D>15zZGkw=}08>xyqMI)S+!H&5;EL;% z1k5wWd_BTs)xSWU3~@ZlCw@oPfMnAoDFVkt26?Bf5R@m=A}?u}G>BHAY zM3yOV!GlhiJM|jKLpr;B;dtg|{y4~kl2M`I(37GqmOa_y=e+j?(4*9ns}vJ|jV_{d z#nyhykEUsSNNkc^MG3}bBT-3}OrU!Mqgz(ordp<-kQ#{?ZLUho%)Y3|d{4^qI1Xo| zt;E7dZuOi99CRYuM9Pt&iI;{GwbF4h`I2q*MW6u-WLu#DN`33=!)9-C9hHjZ_dlK} zUw>ym6N9}Ms~|(>J?{zEP-xK?YOoMlbRJ)~`hCBs>(~E~A2+BjGKPTK>H7JcL7()Y zst!&aD3jW+x+R%Alr;A^3a%+(uiGWo=C3@`u#h186l)fAI__9Av^fsqbWp*u7p(}* zCUa1Za&lzE2EW>ZWPwcXhi-vW@BL3p-{ga%pftCQY$3#(R+5l`)D#mB#rzwNJKLIHP_&k>ERDOyA5HkR)g^7Ipww`Dkrr{6 zsDzt%LJd=R6uj3vbXKqJu@kgsFkE|Fd{G=vSTH8h1pt-;Q<&qANDKTzsj?dZaF{JYWkdJi*6>lD|iRVv1Qh{qx@>XQfTHTKa z)clW8c*H@v*3jm5Y)be#gL>OLUJ}f(CWF(sEjC z5H1vttu!Cp&$%%78{vOcDM;d;tr#^W;>kCRZ=qsV9M*hI)gH^ROg{cR*th%JKdcn- zK{03g;j3sQ?`~Psi6ryK`k>E8*cV#L#vf|d5^frbI?fH#Z&nRKxpCSBCg1OauWuaA z#IKp}%>d~Z*PEEWNP%F>fSsS3_K+Mec+k`=I~^AE11n=ZCJZYYVtSMEHhy5-Nc;Kb z>BUoT0i#*edkj!0+r_7k&J@%_R%oNRi-i4Sh-zm<__g=)7EVfc{xmcql;I4y4L7OB zZSuvwG{Nmig{QZLv%_J;Tp<>PYNsew2qkG?X(s(8#FvEKzk+OT6ZEH2!ymuS7Z?Dd zw54~3DH3tq&D+(RJC!RuVf~h9FzaG3jtx6PQmH`lSO@?rz7HoVh7n~o!&m6ef;KW-H98ITWEaPP4B%o(9f=Ei#-{f$>G9!q<`i z-7gtvfU5N>g?BNYVkfwvlE2hNNlPP=FD~`PGigHY4F!jtCxEe(BrKgBK(-m9D9ZBk z<>wf=Olrk=90^{G%Zpl)#c^|<7$72KGQw!~NJcM0@kNj`RsBbC=b3->P- z5pcA%Od(qm-|87K54`vA1n&=$!d0rA(2K>oy%7jDEY3FsuggF95j+hHlXV8aF2@oIK)MKPHd$ET~hOcXi_@ zuT+x5{R@?i^mqd*;p`VP#_fYnElt_|e%D{M4LKY&w52S&2rO>d4?A`nziDKCp$%kM zc2q0UZBGpG>E4ftnQN7EnVZ-2ZnMkV)Z>F(Gx@+_UU8Amq~d#p-${;*+4^NZhOkv) zYiLF>VX3Iiz|bT@8oJZ`k&xDWtG21BO|`5nM>8! z;wKg9EEYh^kqG3AxLlvZg)qD6KX^(s|AjLZ{)IDNApeCkk0F*b{|9DnziI#5Wlj~> z*;x*ewJ7ZZ*-}n&#y<;9`7prXhM$>CxvKL!&~9X2NE3Fb1e6u|!T(rHJj#Dr%=!{TO`Q3zP7%c0nw99{K=-|PzFH;*MYNDg z6F}Ji{*r3+MU>O<(#gpHvKFoPU!$eVeNDScX7LU~Kha9Bqlq0_Ti*R__s6>k;}R#I zsY86m83$u8%Fo{Wn^k}ZC3?{m&BEI=`JH`3nB{7XRRDQ5{T!IhZJ5(A&! z7Y(|QmmxT(Wg`=jBk#vx*0=p7cOY?z?S|A8e(r)SUnDgIS%dt}e8dH5OgjtD!B$<3 z@xd2yBWDN_&3~+HDZWk4Q3^=V#_qgo$AI+o2rETajy&FQbWpYy^ z)MDw3l;yx-G*EV)nE9kQ-ZQh@Bt24ncxh4cYr)k}HYZyw%f&tiyk*IxB(>8ocNgcW z-bMsyT{#XnAcx;Lfb<5NHP=ne(S#qD6MW(tPt!Hqz5%`;8xvi*4pg^9>GusFxkf-@51A)pAtxHML$kN@1kYF!Yv-dNT&pcN&$IIY^nrf^+B|aGJ zPv^qEf#0o)R8`1jF{U_9ZUr^xwHp@0r6Q;weT>~&orK%%V_%wU&%C2A`6xI_w9O{E z7%Y%~VUz47Q!<5(mV5LlqZRPVdh$3|a5Q{{f@39CZs3%2A@~8^Cw1Keb&uPO$hWcW>pkuRxPeuGR^||luUcmZ;%B&Q{CWG>KYKiNz1E#+ z35-|ZsGlC3#H#F!B1beskK&bNu?2Q^2(+5KCbhhcB;LYJTv$>TacnmRjiDiaOt$C08(D;ff2N5vC z4u;o^EZCWiE>EU37s@*BoPA~%{iFfwNcb0e3^C)g1u-8Q{QWE3l;21!G(4UiBnX7A z3IkMR-;C>Ti&?;IWRM*$=c8Z8-RJBkON&yT?~m9qUrNc5U^~EIK^e+)*fscWyjS)( z@hUX!Bw{x7`QM_r!m$d-Y5Ho$>AdXmx8w8k2}}n3F|L2|l{g$>sSe#$&HgXzf4M>vG?_a(4JmbTX8st+0* zBfTv#=~a$KOq0k}8nvUq5DX=QB?M5Agi~Cz8C|zZLfcaiRvsl7%>M?Dd>GZjRRI4fB+CKmg5`bFV4Vz&p*>u=4xOwC7Sbk`>5W0AfwfTX^y^a;&U3((-Q6+Z zmtxuB?!YFQQVWw)F6P}RU6v;j3^WK^!9p?z5zmIT1%bk&N$0e#IYg~wV zgo04KJ{0s{GW)xbXTsB(CQtiKv$7fw1;SC}yoJ~Kszk;NJ{^4OFIOn-!#C%FwuF^6#? zGV=&G78tz`++2{AaO1g8{$|10J!1?k{4W77gt;YZr%u$@Wd5?}trIQ!&Tf~j2-BWL z0A^3e+i)JNK=b9fp>?H1&x({*qu5u_F|O4-5}Ux@rU*E}0dJYuUoNAP)npMHri8Z& z`YYzC-$xWi?YTMIifmFd|1d}NB~KTy7!Y~(Z0lh6szeA%l`mwj|BD<^0LXD%6(k9) zNO<%rYTf{=$VR{zf^xD?Hn)$?Na`p1F4mGN`=+%X`o`6YFdse0ZblRRNc)KYOeBA8 z-zVJepY)&3B&6^Ytc99&7(Qw6?DDFz>}uY>SwbniBEdED;bRJ~z~&n~okRXU;52!9 zIYYidTU8hP7Ccg-DlLAypPVe>n~zvLEej3iSfcuw{|>UUtC1H_2_3B$gGy0KoK*RL zkYn+`kfV%@15Z{8o#q6C#IOc#-%J1U&j!OOX&LcG#|*R#bFoeAMxM*gh3T9+7laSX z)Z3vVLX6%4$JzzPzM1}x<;bKlvfT1yvNn-=MDdc0=PCyh89cKFKgnXS$Q&a+W z>~zCG*U*o|n_BT6BMTxDT53K!>|aNi#-J$;6qc3tstyeixPoq)Q`+smS0B{MbN8B) zhc&YGHFqR(v?s5B@x1S@tdH^15Xc@%Xk?#?++f6EIUcUEWbS8W?5C+2TzCMVp3gaM z3{^N=H5pdSWL9Ae{EbM_^=Sf@_4q%T15?b_=SaOQb?+|Yo4olvbNr=#U+H&*28PLJE|{-M3cd&a>*$~WhW@AtDSoTasjv&M=wfjZ$icS|H* z6ZLp2&>NqfzIK-HKzV`s5A3N zMZxU@Bd?>vSGFod*ob=s5c#$q!x^O7Ed)B@suQjjLF!W#u5@X|t1mZA!v5t>xOq{%?(TA}EUHYPAsVP6U9ZW*2w zRv!aqqYL=|^D`{oCF~)45Nyb^tbfasJ9GkoC&AL*m}mq%2dN)-K3DN_;Z61f{;(!0Uf zPO@L2_C0lfi&pX|%so2Rtz2!_fslqnT6)Gl9w;xfEL<@v9e0O^hV`G|zk>Z?rf%e1 zZ0Yc%EuM6eKqm<-g48D}39woO+h&2Dq4%(;Ecy^VMp6N2j(`vtx~hWo;55ciUNO~9 zW6!j{D{~?-0Be#}-biDsP&xA_PzD&!B};ggJ&MYMqQfQ@UfyHI#E&=0ctkSyDc zwUV*ecoqs(g+e`M#Bzy(%aD&*LL(aH)bJoNEVE1-?k_dRD_}5+ANt-jH<(ih0=has zx*Kc5U@iA8PITP8vUMGI@3?ytq`pw@eoIDE#y+h2dT&*dI*FUfDPsCE#s}q_z7CoD zz*Pa0)tvKTNv*1{=$H@iT}P~Nd9cH9!ey7k3=3n|rO?@K9L}hXXsrYhFRrd)1sP|G zOXxgHRDj!+(aIvsM^tjm=jcB!-@Vl-Un~JJn*1<*O_51}njF!Jc>EKao37tbjhzw_ zlNcUe1|gqO%+0+8(TMEnQ0Hc}9GnsKM1aSd@V}CIFZeaj^xrd%Vj?k3giVoF$`1^* zZC?RElyp3V>9Xf>Qb+18{&T=8y z%)%{5aez(!Udeo*8)rdv{6Yu8sk#N)NcyTl-#-s6M7@h{P{hFdDj)Xq8|4?@X#%G|M$v7L+gzTXw z&S(Ac8zQE4mG(eosHWi@K-BZH?JyifQ7kzbIOyfeN(UcNWdYE*@#rbVs z=RkK&e9&9dEyyTiyN~qL{=JYLfr$S^)7UlelJ$nIOg<6V8qeO>jxp%1L{(NGVXG^c zR#GvoqhvC-hxXOWM@R$TWWdt52&YcbIaLM-C}N&^3E_V28JaLCBnU%Ke(mYR;ad4J zKv&G^(<8?H+sb2+M^nY?^>y*ro}?`uLZ=`PUQs)87An{Oe%h_q`|Iv>sRO+4^`0N1y7vSyc?wWaaZDwFUFj~DyTW5scm<-7Dg-FJnjFtLD$p%e>;pd|K9uG z?NN3$&2t%LZP<_UH9kPw`=&r^6OFZY#$DMqgQC9md7#ukv|vPq7~qsw35#%2?ZwE? zzoy_I?{cRbn&MoAc%B&j!bKsVYl$5a@p>IYhIPy#m*1KC)-S&K@;En7=|%#A>F88_ z9wP%sdwp9IY)0hN+{r_TxR&~H1MUYb$UW%}vkn`hWHH^dxfL1>sgkyw-24N_kZu;V zPwD~z32AABR5wM4IGoN60kcFpYFahG`A>!kp7^x##M}Mvd>9);DVU~>t*WVTgN}d` z^lLBUEY2gsf9+|RTRof|J zFDqSn){%+i?9Ezjh@28ZN^^DC<6ZJuE~~R=oK9$}?~E|9X1xkbSSKkhYyxO%ZU8Y6 z5;`i9ar)z^2^9;Km`{i#5H122uqhq7KMj|o!l$K`_s_%{Wv=$@3xKsY;k_`9F+gFA z#t;M*ps5C_VS5FrX3bSu;R(+;Y`Vkn#5y;dXBo92HPRUzARyv}_M*67Q%`qcD7zV7 zQAf!4spyh0|5Au}?JR_;EQ9TGF;q%opg*>3`X{Y@U)uv)8IxrQF){ z_R>v2fmeGUdh_$;6^asqx#EZBsS{1v?U0U# zgU}BZzV1xqV6rsM6NS(TODC4)l=mJ-U}%A;gha3uC&|2&L)*$R#kp4$h!aKTBWXC7 z)pfgB8J0a$f|NdZ>e%lWOmN@#VT6b6L$$o4n(_1`{pC8wY9$@;x6|y@@jDIjP^(x# zMzM0}(8Tde*(xJjLbYVLnCKCT2|Jyz&u3p*tzXkg{%&TY0$Fb~?Zmbw|1)KSJ08#}Qu!a`G;c{3YXfOv(t z=iS*$YFfki;VIKo=WDY^%1O!mXEUZm#|TT55G*8Q2DfL9)(a>Flj>O0eY2)7QeD>i z4!9k?ys`4QQlMG=A^e>UWo(T_;8Lf^kY^`iOfrO3kkp0>c*|k}q?++UQw|uGr(nu% z)HFboY~`)nh0%1viD>b%Rxz?MEzK3TVnF2EzQDhI8_m(Yc*{wLWrpIJhNA(gzzuo#Wn(GyFgQ_20Xy-EMhWyC`F^u@^D+qBm4f zmeyE?s8NU_RL(-s#+^2nT`lau@6dE6N^qO)tJy+l_3nil zC<^xe@A&DR*iV*+-73`ek2Om(+8k@RR0XpQd$}I0VMa!>@s&G@zp*j$+*gc3R1Xik z^3Zqcip;VEw=p5CY?Pz(cEQs0<-qOsProMwV0T7&rm=HwDwD~(vMXENX2Lo=t?6^} z4(9fTNQ~GG;T+yf#?I%>1B1iVDl9ZQsTRB1qHhUEH9T&}S9ARL74`^efH> zH}n2P-G24Gd4?&tFA0Rv;mIMI;VjedEAo~Q&$I3PLTFV5wuO z5760^L>~a?P7iYlpLHv9Ew+P5hQ?snkV_Qh+*o6H?*>4o2Iy4L6wvn@!ezaO=pO&O1A+B!?BEtN1g;qy<%;#~or!*QM{$s%H@kX(r!;(kziJz%JkvY4E%1r$^U z%uD!VLi2ad&C(y4Sv(MKdbUj0ssl(5lT;H_n+;CxsFciF~Fyy(M%qm0};! z0T~p^1?H4arWTgi2=U<_tbX>;8s2#2vXXaRxs)V3ldiJBDsTTK;WGzCKoK2m z#fZ!^6M{-_13EyD0m-P`6@c)4mhBDDDN1v9<`xZ*GS|Q9NN9sW*VmdW-iX}kvbv91 zx%3SLNE)^EJge(O!+OmQHY44(54(!>`>5myf#WJ%$PvP4`v?ocA_}suJCNZi*05L? zE6{c@18oVe2p+yevb0%m6(}cEfRRfG?SROS=J0h_n7hm-z(rf2bVb>S<`rcj;(4Gj zfg2o3f?qN-IxwpvfDp3UO#spiD>h~;bE28NG;zaJrBxLLO=U}HtIOu3ttfr9)UEVm zfw^&K+d7-NtQ0?PQK^WiaNcxI(Wy<#Z?R9inJD>mbKF7et2dg8-K#r*%zFZXoKi49 z|3K!uLLV$e9j7!iR{I3Vnl%9YPjKn7lhW2M=jlFr%cT0xtB+JDf%qjO;w_W#=K%d6 z^*MgM5kD!)mO-r7b_W1HO*M7ahI{bNZsBM$z&Nr-1v*dFg~b5U(~#;etSflR(mqI) zwS8##tA6|)SkPT_S3iLD((A^?@XCUbpy?!W7Yh5N;Z!Z5Q7%rcwX}Im(fxr(W0v5E z#3R61FwrgXASC+lof9-^!h1gD+htZx=A*^EYO_p3EvTT{gSMJsa4nm3Tr ztOahUf>Sbu4HbL^YCGe$!y&}uVgK;pU~>iC>h6o>vaUO$Eln>SclK&!D1duN2_)Bs zhbJBXnMpJw5@8uA+UbnAht?uZ$f$T4ixErBJBr%W!Fn@@2o}~s!Onus)TlI-mYAq1 z5DP0495&8%w2lw&Xel$_+`Sj{Zk(Xe8bGz>A4W{fN5B z6U_!<=cb}&zjC%#dk42=bD6L*kM-$IN!~Ge3>vR%QjMnHLE)c(;P2kA`|O6c#A`O@ zFXf9_o+Jvr^-Ek81T`;Y8Ysb$)X%s2q4MGTer-eHsSHRv6>Hp zWS#biiO@+8z-U3<;Xk!SA@^LT92bE z$ju1|12I+$q|mU7%_}sCFG7e}7g>mP4<6AO;eCx{#@)6GEeqk#+;b>|#Aoe36fR|J zuW0^bV!#zYJ7=Qp+@JeMnuouiHo8G?>$(fqQTwF0Z9NoRb^nnQJ_on{;tJ=5Vz$Y% zBP=v0h8qC*DyDgon2@(+nq%oXAWh2D_butLwxVs>rZQsN52L8OQRM-&O3W$|^(NM8 z5o;d1i%0G)%yPSTqb=TyYVrKD(=MWIYZ%d%wTx(snntu;Z6n&c#u05(>xjxos&L0# z8SYa7iMFpHLt9rwqB5}D5#)EJm4tH~C?+2=xVNd4L}g$bZ5{=U+-IVq{Dk^KbO$;^ zv~9g1+BP17i1K=kC|>oYD*l)NU%;+s7}EOwrnoX-!S5);lnZr*F)C*Nn^D^N-KZX@ zK#CRK;6%v*+Jx4qHB|3qp=;k{u2OVaD?6w_y$@vG+pnN)?>z0fBzPgBI^hD+;Pv2J z?|$U8tqBp^h+(#9qFceqyYU-90j~c<=G!$5coTGOg;T&sbvJjCfsWCx^Szk_{LBl2 zCh-T7>hPyFR|W7yjc3qa;g<~@nK1St&n%w0Ocpea*vy)pYl};T>gEvip}LI_sk#GF zYSaYRul;N5HNpa2gNT!&$Ix)^+FOG3vvm_i;?1yPmDPD+tBZ;6YQ_CyoJzXqlp6yC z@CErQX6dffqgql?v+_!SIRK^2$f;qWD2nAj=8?dNbz{ayG>%CM*7tTO$iq|Ga(Mdm zVK+dhiD3KXdJzPuG_g8$ME{@}qCzbT0(sidwu*lz*%W)qT0?V$&Wfs*9FB9IdKY^% zCKwXwPq19mJD?~J&LHKkXpg$5Z;|*=ahLR`-1`?uf>I_sDpa9Dm5pyEM3t%?Epp|n zqD3y%*L|s{wJJoLPTH|Wp(O#AA5TN#{GR~fij32$Zk~D>p}o#r;=GcBppoTSN=(My zxRTG@)E#KIq(Wtr#$`vPq6H{%X9TAL^{kb_u9ud*Hz*e zgF!ZxSkkEQ%CoifzqWh7^zV-Kw@d#9TDf5lmRu#>WwX+9@h!7cpfq(<7z1t<6|byI zL6NP<`5VOOu~iZ7sjW_#3_qrl_KOVLCmQnRKpqX1!oywV2>ibga>n=!le8G zZycVdDP(<4t+~9W)mrCh@LY@4FdvYu3)p$~-53rTPEEiTmKyD<`o&tg+amxgqHgp7 zdIebTcT5Gq2PX-;-JFzf1#h+-TM}^T{M*T<#ULJ z@`)ZyKA)f{pY0>b=Mog9dl*@%d=0Tmw)zm#J%VgmrrHYgznjO82OBE~ZPlls^C$Sq zEqT8}e}e7sy)AINyPz@Kv)SFM??C4_&{3PO*>9kuIjzc8eFQrHfKTZk(5bCEwRKoJ zwRNR*YU>qBr?ze`o!YuuI<b=*yD4`BzF{;*SuRcF{4RgQL(U%&>}Z!nqE!-!CYW`Z zBpS-Y@e=4VNvvABOcM2_%OtU&beSX`r1u5t!dyM9XD!r)x$44Pbz!bHC=cQJ3w2?x zx-eIj(mji9R=O}(8;ioH{@uTeS`d#7Sww{$A@ zE|bL9>7|0cXa!1_N#d*VTtQtXiFW0y&m<9eQGB{|601+6%PG<2l<0CwbU7uuoDvVi ztDy_d)dlAY%a`%2(go*gU%KF2jin3D)dlD3o=DayU2v`yOZObo1?O6^bU7s+l38zO z)7yC#d}$%mx||XZlGJn_1f2(gS2~*0s&qLez8Ft|PHo+(t;5o(tt+KdTdz<$wRLmp z)YjF~sjWM;b&Jxetvj`K+tR76yPOhVzP0|BrL5?3N_-WT`D@||o#6?&$dlxfM4ZSK z5w>jk?Ka0*YwwE65G#$a?pa*x^aaa#%_5w<16KE*j0q=cL<){eQi$_UQ*EHHNTXyZ zArj45jx-i(e*)V!HhdFN&|`b)GAtgiy8Rn)<4ta+YQF1Gk^s89Z`IPxi7_ye1N4T0 z5&D>&psAFZI2jHLPCTG&7_&$WBbG)alVZqj2*07^c6iJ92bxa$>h$(CM8psPJA9;h z-qpL8?@rKZ9Gfg8xgg^_F>(I~2xs&^30K0|KKek@cpv37{@=T6EOP^*y)Cgrk*4)D z$fZ5<`Y9=;OhyWGE0R1X?ny@R1xT783wk?1mo+VcteP6TyTU%dlsYQ8d1xZ6J6#c7 zB9@NnB-c+!Lo5WHr2UM=kmzB!+GekP__iVVu8CtAr;JlMKTEI>Z&yCXt*CuvjMb>x znky5E4n*WMidde?J6f6<1YteOeXL8e#JqUk1!wkpUuTy-1y{bZbU{g=S8o15outH& z<3(Lq^cQs*O6N$iY-v&kc{y|>2iK`Tx$FHt8IMUMzeBmOGN=C;hg|5_S_TgH+U*NCh z*;@7a@5aT4%|(o{#!(7rRPcTR7JWd#& z-}{~vD0)dEmd0!8J3{(i?$O^R;9P`L<9SGDqb=@!ioxO z?X%}G4|g&L=+AR&0kn^(v=?_l#p`eW`d;duclz_=mD|H|H^!L% zwDwp9#I;(dgc^?Xvjs0f-ph}t+p;9oAj0Ae6TD2OjMELZ* z!wIr#bf7*zxl0ogEK$g6stnL&o@I>7GGC6#1>+Jij?R)?NW#xA0IYcmMln|Js5J&L$N9sW}?=ibIR4%T?4w^qMlKZD(MK)59$k+@z1AP8>y8VrpXk;%a*zvo3SH} z{y@6yz+e?hQy~dnqIqmBxV9Hl;}kB3Ef_|qlrt|HZpR7-`x02K%`5yo2(Ca{jxpj5 zSZwC0l0V&~JT(UeuKR(YjFX7Opae7y({U>P+k4+&dc$2r20b4uqq$uKm7g2Pu>Aln zOhw2w>8>9}HA2(i>CrCMs+={-5emqlumEttP`+Ros~jhoCzLqtIy|{ldR@9ltK0`$ z-vL*kjdm;6$0og#ZL#Uf?vFcOFW+85#$&VH1+KxvL^B%ca~rl+TP47l#L!~sY_8Bi z%*B9w#Ir0RgNV&4TV*;;iQmX?V0CLTn_-%w+uPegsn3{MMBGfb7}$GCp|#z?^wYhF$!0 zZXgd{6*$Ec{Yb6`@9V#L9mJQwc(GMw9|@SJVn8(&ma*`NCoidj{0L$nT`+YcZQ8Sn z>hA3QYZQCUbyOv5{PlkZ&kp{GZl3zkN93aT@vEnYZM3K9x{o&w|Ad#9`|9EgTI2s%R{{nUp6Nzae2Iv$}$1t#cByxCC`uY89 zG=rFMBZ7Kru#@31!UN6s6rWRnMO-#oiroD^u}EZ>ge(5q`T)HRznb;Tr6+<9NjxU3NSbzdL(*G0<8!tqjsg z)A%58x5w%R=Sl6`R!K*gCvq*3??)`A^o;S$^l|aiIU3>U14(Ny6dOurIG59gPZ@6f zqzT~~n5~9ug~+G5ociFKvfDsNg`O0WT0zO&{xr<={1)TK!V5ziwGz&<_bgec77drA z>(|X(&$^&Rr&)$vT{I)n6sJ_o_KS6LX5J$WQTA^Io^G{#L0B-?me;6u4pa-Ur>LUV za2_wIq}TVJj2F~vs{~YYTB;@t?2#_8oElTl%D$LAR3y)wPeo#9EKiMf@_*{L8#0)j zpdQXLwcg$`o1fOVcMZLjmZPSA{<1h$&Ifkcy1@5a5DA|1d8Py1Hh{pad)d9c^*S8_ zthQ8VKnYG#CKidiF^3+G0SHP`j(=Lc!>Xm%>knjpZQk=-u-ZWB8CRX?V%AsG#u+;xGT_g zj3u`FqV4$!c=Gw-Fu@xMO>9ppk9;0hys-ro|uyCC9GBDdil6_E=%`s1V z<%ugN)0k$okuT8pxv3%oTVQ~|oGw=7f>&w7^iG!uq_f*QkwO=x<(kX-AR;_zKG46xF3T^6X= z3*KY4#?$x`xv{bZrw&tW%y`YaEL!XB0sf_cAVfYR19Yl?8PPNrWw|go1^_7cIITO& zSVAMZ+=2g&8M)_L=niEC1dG=8AAh;hJax?YBAonL03qGQvk@gJ=nml)j1#fzjBl)I zLdS_aPW;7kVpK72U-i(Q7EVYuNI_u8uI2CYQ#UtyHH=0qPh-QJALB$Y^dV)psS=BO z8E1djFVFD3w>Lm%Y?fgSUvr7>Ibze>_bp}&erdxwHHSINO^hy1k~uQ^Wg0NhhT zz{R|Z8;DZj8~g?X!f~_LT*=U`HbL0k;Avzz4_e57+VGwweCIRfIj#83GG6l;@tLLT zb)g7aQIue@@DS_8G5~qf1ak4i8=Hu-!s^{Mfq0cl!ZWU&a>4=ZINId=2qkOfw<`n zi;kKgy%fre9=>WGysCOV1MkUFBQmlSNQZ%o?#qyF$3E|vFXD`bSICXb4@!NtH$=ENFI{8}xdd*hn5nbscE`iV zqSK4>?ne6%r3=*EXqT@&=Sl06^7H%GmUoP>An^CNL{vi$Y{xWkMhBYK4}dleZw?oR zh+8^$nPu%v052{)5_!dQA<+eA(lEY@1WR?_d+@ZS7=5+Rk>Nw_V#^;|&}=Sl-z&j2267;uvsYC9#M< zxQmjzR2A~N6%qEKjk$4nHxZd-{yk)YB55p>jv9fWy-CW; z4;>7g!-<-TacXd$c7kXnvvsD!xnwi@f>@r;f`h&26ym7<R!zEMl2_cyqL-hnGbf`z=$o*6%p`Hxt%(__4@ zG}H8ds{Unm(s%g4La>NJRD>e>fm)K1?AqA3q zP3^;X-9Q@b>#9Q(gxUd=FVBv%y>mD<_EP2i7D3X=_ilJi;>O9co&zdyH&&Qto2 zys%JkE->7N+le5zm0+RCg5;Fk6wQp2V3F$V>~x(qL@d>Q%C*O$Hl%<#@kL8Gqb7Em z_TMTz=W5)U2IwcSv2Y#047J0}^?QQj`E~R8ZgRF+;Am6v0ww&+4ed;`i`n>rZ^4u+ zUFcx8REAn6J@pN|8b7NM>b0#)1uAuBuQ*NxEbWRe609nRHf-qP5YZVC63;ReF>V|x zL7-*k;0ozb1de3kr)5FhERwd8ldLSSE(v`#oran-A_ShaUGW=T+mP>khEv1|j`1iV zenm^v?fG*NwuMxL$N+2~MNA1#Gh>;-2^Jf!n~i`Y#y^nM#C>YHu=BBXQKglTV}luy zIK~nWCa&8eOkZ&(Zm||Xl&Be_JY%W0tu5q8IWT>fn$2rRh+CSPsM}cILMV70ru0RMvw6Dw2{+wPYKX1r2Kx8cc6^%N=?T zl{My#I3;5=!_kzcq`*M(F-ve7CWv(KfcU}z{%wS5^`dIS+(V(&O=;h1b{=0}@tj=m zqwDW+BH$lCr(k4vy|*D9AZb2ZbYbeFo*KKixC%^baUC<^Mf|lLu&(AAsR5O?IrM^% zJvMxBeF#;vIL>g^|InE0wUNs-rGuQ|%+%H=_5>nj+n*%kit_5;`u+Y+5rq5%;fy*z zU@`dc2e^6P9PWIeX?%jtav|C5y}8A|B#=#kvUJB%7qtLT5oife4AiY<5Cj&XYzLW$ zJbJk}%TCblZ@(c)X6hP9P%mfzFNJ7;e*b;f)*pnL0X^bIU07nNyBWME3BiI4KzU(X zJwk@`5tp*{x8M4Rrcsi|1oiZ9YMg(el%`5{M91j&-**)8Q)`6;v?r(mCTS6vOhfyf z0wMgZ_V%aZHzn=C?^%*_oLFGPPlBcp9nky;znMUto-EQ2)PA);_SH0Z5E2nnIOX2e z;~j)jIGzMd z!#fOm?90-xwMQ`QE+f%Et0&%*@t~w1)4f*iA2tf!2|8SDFgzBASw!7wCy)Bt5-2|IeqFr4Qv8 zn6NSpTE%DJ)@UXPkwxIU_P_~rES1SrE;IF4m_D+&Q2JS+eSm58*A$N@EK-Z@s>SPi zF6fKaa>8#UHV||747X|*CIY86h6cK{!B@0$Dq`sk;SzBYu}Mn*>3S2zg$6VcF0_@2 z2&YwXbHoWCWuAIH*vx)4>gEZRmg7ZiHp^2g=RKY(a)Jc}Df0c-^* znvRK4*gBns(@=vz1m{i>_8FC;(Bw)sKxZyPc%H@Pfcv-wa?^Pzx*Yv9u|;Pe|)s)xs7^{i5UhV9$WmMx=fD z>OFGyxR>t-m6Q&a^6Hl_s~EF{ji%_@#vHvyjH7FsoobsaBCZ2{w3nDgPs~?e=qe3! zYE(xx$lr@Xzy{!Q!Cr$fWG~-d`swV7$h<}j1h@SRbN8~NNxOMCg-AS{MMQ|ZUj7=| zxW#bGn>8CD-10&@0NNP)x4j!f>anpTTx$r5@LquXCZFFKj{4*W17@IQEq5>+3>)>Ob@N^q-~x_eo!@AyyUO@TvI0i)lLNDpu3yL zA`^#3*TpT*!_dOzEZsBfv0-AZyX0sN;rP;mER|y?A_5Vq$T;op|iOgG0zXEK4Ig zi0S7Ba~X9nqk$<^Ayrgluy>1ryy>HxT1T+-RacJFaNQ>1RrA{2!m(Sn=?8k&gmZDQ zvMs#pH5m*pf46g?s@tmJ&s>9&*?JN5TEDWg@fhC3jlqit=mC0{T3REj4J+~3wa1(h zEXsWAVNiRg=z>c5DL3V?uEf^VIcNE@lt6LMo-?1s>Gs%8`&Zq+5^ zDMgAm35v>Dq>NGW)&RW30J8#L&jwTd)7d!`h;uIOxvm=WxR(j1DKZXyV9n#UsTP!* zuedNfYHLQ|8rU^EVz2e>mgknPpj3psd)*gJm~=`d#R)vbw4Jus#7^9F6WRu7`?5gF zFhVOA5{-$31f2DVeGV$-P{dK|PB_8w9PI*VcK5wYn`Z zrw~|Jji$>dL_TJUV=u15Icu)7kkBn9aioOl^}_fj8)x%Jww&Z&Y`V!J@mNl@t#O(9 z=%iR2;UY(+C1XZ0V;CE^X@3g5F1nu*^dx0z-}dpuK1Nvp6@3N~2uWdZ0eBbGU@#*0^Pobu3j z7IGrjyNX7@E+k`Fo@nL*T3x3afGkQQLQ*91NS&~8o+NXtYVa+6Ju6{iP=R~8!zK+5rdCX4fhUea zt-Q`=qrN(GK4x-KCUZsnZ)i+Rx-Z|rSWA2u-A?BoK5FBEiW%d|6BbQ^QpJRigh8rn ztS9a9^pZe9LxFb9$uknYVNY75--Ugza~oQMQO%rt5zk)4trzp@r5t)OZ(humoB44A zC$8||nqvT@(TK9z!v>PMT7wx91pC%ftTUUrY7|5*p$+(s?a`T-=4qgThj^#!$7Pjbf`TC8<0?y@IG{!|HY>thye^YXhBxXHXo=(==t$JbFM~ zT>Nn229fN)@GNQS+K>oqXTwRB& z8>;a4N2-Y6{573XxrZKukwC9!8})j7dwY5Tbq#_wFX*@eymEf(n#`UXBjkE0xf)Vd zP)$gVC7I04BF$ebq84&1G|(y8fF-3AsH>gyEdh63@UD95Tb=wr`2ANlC1bJ4q+6<0 zvm2G3+@3UbU7;zk#xh-LH)QRAkik4IhU9EUJQ4U?PRFaRfs9E~3jRVBE8}^1J z`HTqnx3=VR4b10oP&zJES1j4pux=&hlXo4_zr4ZO2?{PLj@s4>cA+$gn(2}HDFmur z-8Lv)@Pmu86L`J2g$&N7m`h9R`vn#E)=g({+3E!c5q|8U$1=~7LP~*O(Kn{o(=0RM zwxV6Va+eo*lIYML0p`QELFPXC>qQ9jN$@^=e*#(wv6cvG37fnoHzZjooE00=@85h| z70PTUs4{^PIyIwvX%zkYx5FFEhrw-Fe=z@nYjB$pzcJ&SeCy)>mS)iFEuLqR3rV>3 z_;XHRH8a;W`&O~hch@K%aP9ho^(11oQNDS6@$Ti{-k!dBb$M}m_G+&UeCnulLU2s@ zE3161OhJF|6H}qI&a`<&3alWyIRojXeM9xWHK2w87WA+X@iI}(>R(D!IB%o4MnU>OV#L4rOXZv z`?_WyYJOWRYC?tNb47ggG|k_?|30*naGx?Jl%%LWn)Z(eF`W=0_f#eH|EOyE2U7*G zzyJI1C%^sXPHvTKqk+W0GrbX41_t>kIX>kRQLR_Q-VP7e0XR)3oCt9_rL%e*F>BQ3 z)#aOw-V#%#uZ_*&*a3npX}SxmnR-3jTR-08X8yC#9s{_|GUhQ0X zwBCfs{sG<%D)TX4`xEuqC+W@2+6+3wAJ157o-{l|$;$XM{84d7Q?p+fVfu4v)mxis zY4P5BFnxEMYQKfb#B|lZ_srF2s&b!`@wc8|cD_LF88_glLryf{nRq;es z?{iyUvm@Q0&(dVxdJ3U#uW1r1O#rs01@P4+G>{tmg|M}|z!%kbDv~3AvRaD~qcEcWF6j9YC%^J4t#IBCK9?Ac6*6!;R*9 z&MFV5@Gw{FI|W}ftej)NlP{OD^jGQ49ddMaK>n6-_OU{eG$4Mwy1Mw=#rt>v=fA2@ zFuIL3M-|J4z1;q|DO)t?+jrX^(fN;u^=iUuEZW*;O0j6{gx-*p2ywyLsNo)CRiwek zN9c9X(uR`;V*?$X3M|r?AVo4xIVE1+&Y-tK+u>9==#m6B6OVk4@@YPTfT)EQ-2dk& zVWZ(64xW#m9vr?nh@Kzfr+*leIDU26qLdXsCKFe}a$* z2K9qa<~9E%N$~uVL@bSs3bW=znGos=SkNl?sa#*u8DY5$8ic=O zDgRn-W$m)UR^?yU5r}Kfd`vEF3Itcp|8-*xYIrFfLo_9i#@JuBJC0?agTto>N1^@C(ZTZ&6wFM9a)LZ%W;CzYsmZ~gYm?1${2;bT!BGJ_f1ThornKBVeS3gd-nuO${ zhM+icFQ8qS;@Zp2Lc*1}c`Ud7sJ^18DrVA^y% z;DPagbAu5b7udWs(Ep6ZF%>)qmy1yzPsj$2088lq(b4g7MgBiH?&$x0loI_{_iMNB zf7binApPrOSy23oYSVhU-^NmGt9}E`ZQHpGtl9q4cnw&Fw~1MLs|DY^ReH$C=67|14$&i-uI9XW!|kiO*$OrmLM` z$!a!~wpM5w8V;``v;|D)tC!zU;4jo-H;P}+&4hh*MEH7E+d&ds&l@i1$2B^RR(OV6 zIjXjpW~HN*=UVc2{W}|hM7)wW^OxZ5xeFCqOtshU^y+|1eq&taMGfoty(nJ4t`hK%%VjPLH(keDN7kQc(c3{ulAy+@db=f z1N78O{$m46F4f8%*J|ZD>HG^RP4d6Utm6-73EAutuwP4i6TzW zFS}Y7yZhH2-&_@bkFB{oRG~ybr5nOW;sl8LFT1%QK}*NZ`>S0!I)3mOmUi@iL?Kex zUA_O8>HpE;(ZNAS|L>!$LH}D*`wFA@vqqzi4Q$Q^SVD{gi)920He<)8H}#qJTA&v> z1kg9^L3bJk`G7?%>v>_Ak_~l8pZY|7UZt7-Z$a^I%Ch(WXV0IPdnp^z ze`f?RA`*LA?6CD_0R+E#Vqc>(6(myqy2wKVoMcm68X4^8NPNNBm?lQ7N4qhLJ`g@M zKJB~hyE84k?oLpBcWsd>7vwa{PWh~G_rY0))!)Tb6lS$r7|&BlXC$0TtN!X&R@+~V z9y#Omh9+b};uAE+iBPN+W_V#gyb=*kbSB5J28qvbhDS7^kmLpZ@>hf&x#$y+_G^qH zuL@Wa&{?MLax$6QUUq_LPkprO!Zq#czabRvOUlik8E1cotVQN;K_X71`6Fhx=`H5* z>BYJFWy*v!)||!c)sN>FXW>y1xZ^P1F2i&>3`en$A^UBG0k};vC_`+>5s|?pXX#Wb50kvj-`o zH1K~ACATF2Eav~mFP^?QDD(g0qvsv}zmHN+s$u(0{*~2ld~m&3pXHzE07W)FQRCxu zZSbh_yVX}OJQ#(cB2B)^uop4LW19Lq*!!!dXPySJ2a^<~FNWj(5&*!9lxM0NE#oh} z36Z^h)YG}j)xR<0$bx|8A1igqAI&PQf@Oc5%_vcKwska@&TSw;!&a zWh7LK)2wRJ3U*a!M}zh=FXU(0_))&F>iL=0o&|=d7uPT^ZvGn0aiDu$SeHWB>U;{d<4NgT|-ga z;YcvE&9-A`Q}Xdf%J8sKcp|4Mo-b_?nb%g@Odsas?UgwX)P_w3Xy=N>2;2TZ&8e(s=lA;p(sulrsq@oQ* zE=2F@98hn9CAr1(L3J{yIvdnetd_G}-96EECR7$3khW9-3=|oO=y;AWigF>@3~WRc zZPf{sZ*^D<7(nMXeuPqTYa?|PQy;*mOJZ^alp;^FjHF^p$8yLxozPSVojy7oAO7+1 z#fxXppFSV|5l1*49UqVJ@zIEo(ee1jv(eGBXV0D<4YLoEA%J9vGpcha6q3cz%;j(H z7l=RohvWY1!{a|xaRNFTxEVDdh2DXo21;K6rST!Nlg-xR3GL*wN9g6-OG{AD<2Z** zx01vNkJt^_y9;t@r7nY5eKDo8hbMRWv+E?UyHZa&g#vcB5Q`jdJ|bw&{n#c8T$CqjFld$;0g zv?+R6c-vVaJTUYvZAgd3-9!K9hr|AMbQs*dcYa2=Yc`_8+V17(Gs9eOGdk?;^lzUX z{s!CeU@>@sCm)_nIGJEcJcvN#zYVc|BXrl@^lvD+?QmT8+YEiTgMG;y=s5ThouHoN zIq7ZDO1vTOI~;>I{pt-HP6!GEINb5G z&L^?=bJmn?5Amlwx(YA4qkAt$cY8uX*J3P;bX>U=u!jd6iim$6D8w=DUBpTqT4Bfv^?6L z26NvC+1RY0w|2=fdN5qTXW1HNR;uU@>oP`Q;kLl&rWw3#4V@PYWE)LkGY8%lLx-$z z>pU-*wHm8dtgJauwR6>{TN|WteYzXXjUN`b?auInX1EKs=b`f42N{9!(-t3)Ui?S1 zC))`Dxh($wixXWeLv0 z%yeo}MK&y-?soYK>vWfO5PrRGW1B}uVkD_7O~_6U7cM(4?0oY zACC`?9PcfTR{IYPd59h&-b#jnEr1k2mBKHe|&UUrT@=5`hPE_%m2Q`{O=7DSS<&<;ZAp&2fj4X zbj4ioi<)=&;6Ft^_|lH7mlM9!$sOc{FO9HSZun)Lb@}19o*%v?-MFh9@x;#z-{1V+ zzBq$?`Am6Pp%3z79d*l0;2n{vNf zQS2{~4$EV%At0{Y#ilZ1X~5M4#i~Z5H2uG`(c(vsmGnqfP8#9p0~?QD(-{q!S$TNB zqVCNS93v=rD5Odf2u`c-@RoLYeUWRe-EOtxfA9xcy6+i_UzfC5jr&~b*-2k*hpM0$ z0HTa$?WRzgfJHf^&0N&jI+f@NdY68WX_9kdK36rgB^kRs^Mz&z&OU#N#ZP43w0zWC zq-5@S;ApMGF3ob861!pFG#xi>Ueol0SU5_x`T`WN>0LQxoXYuGf`tgrLFJPk9Q_OZ zBWIEqFWZ^W(#fPOb_$51ng8oXv|#D@cs!;lmELKx zzufJ(k|l(f*{=8F-HvY3PZuq`eAH`<+Gz&vskFTRXCkvswVWj@+66AN|2RH;TDt!~ zJ$TyXf4-N}{{G)KslV5xYH-}zwtUI6*J6EwLf1|^u&Q=I@5lD^1IEWBbX?fY084iN zx)VAo>}D*svJ_OIL_j6urJ%|$ySX4iOZTeKUj;pOI!5Eldh~y!9X(pIfo1gn`Qh^t z{Xc&CqND%!Qtp)g-?=AI#|AzFHgHF7N-g$2^g~)Dk@`x?!3~XEJ}C=oPyg@i{qN|- z^MmsH-?M|K9sR$La&Pos%YDO}!x53#Qv8c@>&*y$N9;>vxI(oBiB#uKZ9c$BHpQjk zagwlG5?^pOrit}y-i=xGf$(8W#yC&pZu{;`3$MEqRNq}&6w3uU&9YNID>QsK%dq;p zn2N%)Rtw{KD(Q@bQ)$&-{mN?lD{0i$KpbzY$-HbEEnMu5> z|JGTQ)E`qOg(^K)YAV#^X?w%)T_f0P3d-X+c0>|mZ zswDde0$Uv(92^++;|zave+%-OruoO9GwA3vovXe?o@EInXTgcN+iqptvCsn27CLJu zVYKA`fR5`5089A))5B*K`=93r#~uH_kFqKM2gE4c#2(oskY03vwUU~(i3PJ*7&y^0 zfj9-7fzfArcid8d!KQ#G{eFKP#9XMIXle7-q30KXp6jVL*41eQDAVaSy0V4RQvTa0 z9>6mF|BH(K_tA^PF8<5Cl(pr*#Z+X)$N_7cLvGi_e+A08EieBi>$x|t|F2G1Sba09 z0RdL=bGnDX80+xe2Ks+XMpMQ<^dpvzY1?<+rm~FwKRrAw`~M#wbpHSMQc6_a?E66P zJL(%$`sQ!wzKzbyGH^=8Rj|M%ZN^+Ebf z%M$t@lPqEL8QCZX*kbyB_~P)zi?aUr>C;aBzn9|EL!4!zP;|X?Ti;Q|yQYdY!l<2Y zaRTqab(51Up%D(9!R*N94Tcj&w84RKFCyGxyN9S*MJjB6Ti z-wD^w>TaBGZSN1)>9*LFdvLaGxRH8xAw}K5SVS?BZFCx^!aC0yBh>FH7xFJuPJh(( zn?_m9PuNVt)m+Ix*sfq3e!)Rst^I-TPZ;n=TrLzOZ1S4ikYu4CQ0z{>fAeis0I;2) zcHXhg8kEXt`uA^#H<%BD%a{Hz^e)D2M*hZ(bMmb-%W9ZOuUBqufob~C$D2TStbS$Q z`eQ$1Jn-)hNCWXhYpo8lF~KtD z;@!)?y*+*N>hj|B?A6{%U3^>1gv+@<@RB~`ROkt{>28~S4OU$IW}OejO;o{!GBV~o z0q(NmO51hQh|kMi_nok@{fG)KG=H&L&HAQNX2Sa&)r9W%dsb|sN|J)HJYMVK|1EFx zn-|@+Edi?=seRkuf@r9XeLg=vep+o;2C#!C!HJxfqj9VNRo%fqR|D&UMr~Jl@P~ut zt4!z(Nr?~_oQ+5rGeRNK52O@i!v=92s)qk8eQLjOn?0i4iksJL`>8CpVYvw6K~9O< z*dMR1!hNGDl@up0NrLB>Bw}e?e{~38HmGS;9y24Hf?0jbE`$2z&P+^~_PvD-%H4?^ zl9gReIT2Hq#4S23Hz{{H)}f(R>9X7;?2;24)3vbFAl282ry_{1TONP1HzE(Fq6Fc{n&zvpaLK3ii-lGs>c)_l2uqi0o+#hXJL z7~OA}C4H-CxWScwUN`Jg%iC(PBl>Fzwx9^pkZromE@$?Q6KY;t2;@c0n&ID8gl@!& z`wlYYG?4ccT*{7jKS8BxhRs;QCiBZo5xO&$3du1IP@%EPHk6O6p21~tuUehB#?uyA z^OW!?ukaGvi1Q0iU*nTQL+w=_B08h+hf$W;f6Q`;B~2$*S-qAO$TI)Gr_W0Ee@BPM zM_v4vdntkaM{F|Db26du?px;o^~RvYUo=K&6=tq0uWKptb=rJX-dD@nz-jt-63Kpq z`(w^#Mqvw6%s5Tu81??A82(Suk8lq?UT$Br=T)lNioNpFV53wpTYv&JFUc$TteX*n z%+ZcxhR|7mii1j`5<8QI3?_|BcwVyvWIVUMY$t{9VsPE5xG}n~#i=Yexj8Iqv8*bF zsY++>U!7hRH>cXGiW%K_NV@F(8r3Zwcn|sF-AvFgYIyBS`3PN2sjz#4Senccjv|st zfo={1OfDucFil?-FN0t-W1bsHDsoN)l2a^E%F_PLp=*om6d}TZ(2t6yJL%8lF&<08 zk(`oZTr|Zu1dRwul`M5bxFj)>4BZ^==_z@$IPqo&-&*Jl>XiiMQf|Bb9@E53_??25 zJ&L=6#^lv_Od=_E^?eo56#e9A4LTeg9{n$9>Qy~KZ&|8uuu(!uDm99q>?{=Qs_zLo zPmG5CWH?;>0x^U`6}+(riX~&TQJ`6ki_H=dbv=_oU5tXQI!QQ}pPJD=(6U7S%UB#! z!ShU!nNc23$Qp*g%i=#hJ*fEq9X;*hKix}dpc5I3U%Gw&v)=b*ft`w&PUWVZ0r6c6 zlh(-YGqy-AS^Y8&Mm{z6eRar*dNZ1y-e8(29PRC`*cN~MImJb5VZ%ePcP0Z;n!<)brp}RvE6zI^>v)`R<1M< z;k-r7KzrE*jNd3={HNwhUAeEaME=_-?!PTdFe+RMq z>qWkkl5=eL2E3`VxYsMIiF=y;i(Z2kc(hpFR;;Y0wRIa% zL!oNGxJ7ccEq!~p-JePUUk~|*Opv;(OzEnwE{F+9MMrnn+zh1uHdg_wc>J~)!TNO0j}nm zXT(`Mm4xB=&p1)g;pZ1-zk=UP0L!YjH!JkY<%m-{$cYWFRE>}%F`p2r;}i9uS+8P7 z{V*|LJLkV0{a-KdlP$~W|FdV$%J!d!&%5{EdnpaiH}{jxsbRDYvpC(6jJuqQ-hbAn zub5?hj#-&L^B?#ON{`r zj0WE<#DNDA0%GwbAAS%B_==+$DKGnu;zX#Qe!h6wCUnG;;gc>@#65(H_{8xZ%n5qv z5g+QN`CtXE2UY_4@BOROmv3GTX7P5%SSbG;9zQ)kF6Dnae0q4;>3{E~JPPRV&Q3s$ zsX*8dM1$j)rHUHD4PBjXMLTtE$o+xS7*Qc|B}gGQ-nn{xiM%jF0x2m5-C#~xE}$k& zC&-cfopX~CM3eWhsUqfZ(qWW5Q}a-#-h>FI5l)i%K77PdksrAu8R8@*x22BMJe4%Z zS;i@>g3c7pA2Uu6`Iu2YAMETrdW0@GL`I^5N+Nc4`e9I>qoe-?wa%5~m?UZ?3LKD$ zWoPI6JV_AMpMd$oA3TqM5$_vHry9jXVwwoVQZ!|^YFUvHRMc!F$2;RZg=RRRa*k*k z^2`XQXhhJM47&&H<`0Ha!^vg1)`a1OM4+|-GxHs6@`Ll)$4c8f|b?&1% z%XOaBG37$qO1g$W%d=caHhXXQ>`MYsOV#8&mJf0Q6>3MvjL!%x2O~i;%+)>#NnqQ- z4jM+53=u47GDmr8hgKNCiTx{>gpw0kE>TPpq69O!YN-YK1Rjd6XY;=K;rayT9kEofgeV+6jbmu>A4Cd?qYvmulBjiN zOi;=AeCHc9wZEuij{a^dI;>Gci-G-JN#7pwSN9vbgGRP*yO3g@s9z*730wF3HzrB2 zfs&h004@!r^As^2D@l%_5t-1`Q5OH)Yg7gDk`gV{2_h9C!S*2j_QGaA$J zm~aqJ=NS=*jZGr~C|scha!O`9<-`7qLg1K1IhdBK?w1_&$iD=^@&2Ci^7JZW2b)tc z08MmJ#+lBSxN{Z|dj-gJ!if;Yk=jQRe;^2>M2X;7s%7o`qFqJOiLFn>N{h+`o{%Bc zZDCR0p(jtSX!hjE33^S1R3yV57lCr2hPnof0$vQ66;gqdNeaDak1jWJhr^yE0AR)CMZq82wVTpX4+qt59s$6c+#F z$%Q^&kRt?533u$xkXAK_ZbQWXc=ANAKc%&t?1~k{bqJJG^L?M-pdw9aNPEoLH_eI` zhP)}N!Dcf}vS;i@v1da~JYMVcECOL6SfrSCT#!Lc6;&U47~vB~B~^^|(Z@Oynd(hd z3z$ZL;2@;{YcRg=9_@f^Wrl$4c+ki=xlvLLME0}%WI59-L(4K5)ARjsnMaRMsKooz z|LFJ8>Cad1`aisS`|ADa)vK4N-~Ue4e1v`gH97qI5qk2ZL2Lfx3HtxgHRc@8uXnx+ zBPX5ge21>DuVDh;pPmPknR*f*40L2A6oPi3b9Ya$!$gmTPQXLt=c2G(9nK=<447IfwXUy)`IPqdWe={3-fp$RDi zj0MU|6`3X4E?aT^#Pt#?MfCe$jEs>i5dG0yA3l~!&XR<1F+d7DK<9jVuZ|9ARiqXz zR4X%(kyf3u!2BJGx1mgSg2-fmG8SK%Mnh!i{*~9u>DilCXH#_u(+Rm`$qnH@UR_-r z99n*)b`u5IQcGmH#mFJfXdixhRHu?t$E?MeYU&yZ{K92`Acx-!pidOeKuZxA)JmP~CT zvSXCyV>6+KL}B6JM|R{(0^&UwwyTTg92}f|5{2I5bVAh62dIypYnkpj8WAgl&X|y< zJsFgzMsQ5{tAs@1gU$*hLSbiLr`~k5;)ZZeV-2n1dKwT3Ju)I@Xrx8jg|mYyFO7f| z&JZYUY(5oF8fK6Pr!lCvg%&_>F_lQaT(FVxR#Dd}s4b>6(>gDlpgff{vC1$2C_^{` zy5m=8V`v^jM&3My)+DxT6bX|9WHmDc9wX?D5}vj0?<1Y%v(oJCY^-WZNS0-40Ha8f zsw+;i1V`%EIl?KEQ-7_4G9M^G6DIkR;5eZvsevX2}vy!gcVzG1Q3~F zA@z+`D+&WRs-=5#R;v*3ou(5563~2&6gUMuMx{z*CI85AVudIzbXoW;Uzgd;R0trKfZPoRaV zilA;}z?3{4Xg&aYVuqmt9qz*sqAAKai?yZ~q+hc|Amu2mkqjLvM0u+I1G!?o%AEtBLVTx%|fsL(gb ztV-To90(_HxZyE(L<(`;mN>r|xXL{I^$5Fkx4yM>@C zif}2sykSY6O3de|2r4g-$fGGzl9R54(OVW1tDVw!N~d{kngwviQNp4R=-R1JIHu_} zqGLmHfP)+22}9fh8mm76jX9ZNnp(B7C-GgdShbIG&Pgg&%{*2028+P&hgU9LsGLBi z6;(5u0uL>s9jj{x;Ijv&0XoAeA{6+f;;H(|gj3*kYNC(HU@}05durD($_S50Disyg z*DU?{=-L0=Q-}WyOpn~{hmO&8h+)^}URE%Mg`Q+oqitqwQied zY&I)itzu9yE52enMv%c?Q&L05M+DgbTb8>QgezmQ!?YRxc*atLiB8!dR^WZl59~Cr zyge!I_mS&V&(Ml+(UiownjjVsQAl0f;GqLcq{yWcA7*$$23BoWBg8m$8?u#v3+6^* zaBt75AJD|^l)JW%Rx51IKXN=*&#q(AE( zn4K(6=W3dzp44{f>*ETWa6W#^4g^D^(0dgKPTwr+e<5?aTIY9lT=ci2t;Hw0IUd}553o8^yj&i5A}WtJoCrF0+sD8 zG%A?a4S31aJE^Z5MN|Ebsp(qy7-x00=Au(PLpczxb5Sl}R+GG zG0D`$BaP&M72mo&-~3^IpXx|U45XM}gRsUpDR^{y6w(Z`$$G*0jYluBCk z*>}%;mR5v>&FW2W4W00y3{|x3 z+_q8@)vh{Rxqd<;ma)X>hGGDS7@*TsZIET?>csv;)7a^ngdr=SL55fA8*Rd?rjN!n zfiwTT>Z`=d{b?BEXbIKCozaCdRT6&q4!!8z6ZH6}j?nn0C6`$)zlSx56Mg7a<(E_dmYkl4_KfO4=%ros8?drXzlJKy1 z9dX2~W8SyFr->w-#Ai5~s%`Tt@EgJ}X-rPDESdXXWQmHHN$dEluG-I{rp}+Sppl>A zyQpuxk;vKUsrz+CB&U(MdVT35hk3g`ai;5PDQ^pm2~5s=m0G0=eKSZu!nSUl3KvFA z`$^O_SokqGL+xu0#7*R@gW^;i9KKgrCFqS7kzrr9bDh=A^-~Ra3MdMtkf{*R%*gsc z>Y+nP*N8p;$O)e>o%OpknXkudzGvEep=7-V>K-d!*3VYa_Zz}B9#WPL5U9l5-At2G z6u~ld8Zgz_%eR*Yhe(iQY;3QTh=D&4l(19{9_L^N5$S{D8M+#2y>>E=5r32%pYq9C zwlxK9au!#K64im{zzy6yh&Sm^M>NHJK0sFt2?BDzr?Jw#@EmN7Kd4Jkp0>VppZv)f zdwz%deI?9mZuB$2)XE8v^C9 zy*BOXd$SkcKH2Zr>RQs#duJcy zJ!4pzx?uttix?!x#> z3=2_TKaVSRNQW0q@vXQQo~aO0|hdj-%T$4!S8suwIq_JtmqIc#j% zX4eEik&kk?<4MQ5&gI(6UKalRyCA5!hCs|&rvIhR)9LHi3VZ~|iqMThDvNIk9I-NDpEXW#IUn_kM7)#igW2*-b;ZhPCA1cIAm+o?DZ zxd|07W~W9Mze?TLEpV-=m;29H z{4y1F3S=OEpmEho;N^$ZQF^Ot?58^K08J;uI2CYe&9~tr_@l3XhSVhCl+J2&1#U{3 z5bPtrs!iB#B|@zIkEnh)f%FF;DC2aF{8d}kfEb`3*)6#td|xXzu-fNc@&B`T?M-bY zN&f!Ur>HX*;ju$42?HLlZqE@65W9>$m_T^vCL9}3>Ml?%t**YV7DD&wH!ADh4;Vk@hSO)+5p72xwJo|ZHptfoT{@! z093;?xedrY1(!n`b53s)FpUt=c4FTe4&o)KgHAY8ab_Dz%Nc^I5mM0>I?ZkD9KIuQ zaNZYwr%A-dT=fm|~opf5BjBAMz0-O(gkP#O>{%qZ?wJUg2_F;A}2j6D<=t3rhP@0XY7SLYYs{`Zf{ z6FNwdp%DzvB4|^>p(GsG6Uk?l*;|s(gv}!H?Av1EBuYvg9xxU6#UZ8%cO&5szyV;@ z!Z+X%dm3Ws&|N4FRZC4oZ;U?w4folZ@X97W;yf1Ml(z48TOWRI?`Tbf``sX98F}og zqn`z$92Sv7=XayqF<@ePW(_*MO_=%kf;QOi!#Yp>~V*%tcy+)`>Av|JES0iLQ=YS-JHcbU+zhVP=lLr2Jq6h z`CMaY)t+S(olbTe_13gzJojvLB^U2Qg`khNWO#?)vN-fW~{Dw-9 zogRwAWHQDRO;hFb0>QiW)uFF?oL#EI!}}<)lmjqv=0i;HNkTY3&sd+#u`a4mo4Hdf z;+e}qM)-imQ5St`d`1v|!0|DO@x+kX>~-z>!Y>-Kgyk%uq5Qms{LX7YH&$g93KKA!IyFYirkGpv9(+!EDgZ(i43yH{n z7=8Tk^8wz)(O$nD4&@t-qhTATX?v8@xXr~CGfY_ozw*{C+xhxoe>eF0VgH~INLF{j zuQa)PBEY=d4x&kU>T-W!dK)F_cm|iqz5RRD!e^v)woiyEYoB5`8Cjgqc z;SC#{H`EzKhe58LUMbTmb#y1M5z7#2xDTc*Dn8T%IH7)kvbUbgLc9n#Qdt6}{yA`P zan&`rE9<}lN*Du;p*EFuJfPt~qZ<|A>sC%3un`2-**MX@i{GT$=qD*VLTr?C2&yZS zS)kRs7WyU{8dDDF8o!0MSh{p;R-snKWT`gmLMd)VZM4s(7$S3K@l?I+UryCFH%FW? z^1a^{GX)d_w&`oR_Zr`>8b-f2O*s@A>&Ww&4U1@Re% z%TkNa0nh!*e&>Vh0FjNz@Ty`gQ5GonT&-%Lx@07P?*N9kW=)_RPJ#qL?<|2eM2D%T zk2=l=bBuFaH|%syG$EZg8BWQ3;&q1C94dV5c+yRdnAKor>GJtYdB&MTg*{&dbx6`l zW>_m=EP`n~gEm$0w^^^pQ=GW|ESs)MEeLRaed;~e^C~r93Cmn(_PmSd7eZ2PA0P*j z;}f9>=eVf>R^Y3HkbM9E6A<>V;(H~K)+i+X&Hc$XbWKi}>=8B5@lHB8+`&NLiu7)JX zSN24Em9pq6VG+4X@DRQwmr?ju*DU@rl3aC4D<4x9+;p8S|0x@;qt7}wTic6g+-R+k zsyD~A#ELf{NA!v}A4l?Pm25V%DzkB$jJJqwH<|Oar{z2Gp-TiIO5_uY7wtPWE^p^9?>BI!VhyJRi4#E z@e8MG$!i35iJbrm1{I5hFZ#n?t%8v^3%*LlMQd3F8EfMZeO4auA!)tlLeYQY7{C zvf62`fW&>1Dt~;|gFti)0lp@>JUVw;YNE@pJ(Q4JmQyT0fLN>d2?O$$vHXjio?K?s zdUIFWu!VZ8lz^&Dm@`CkUKn|>KoXHGp1>E>v%Yx;m`et~aG*G$6{aC0`6x@QTaP3W z*t7IPKWp}mw!v#n-Ek9ke1q0!>&RT4%GxeF=+g5mdDBQPkJ6u{ok<$b+iL8f(**tP z%L!7%iW;lJn@-%uK?EV3QjNt2AFvn|NxHd%ava|of3R#v;b8z^!xFT=zX#Ue?R+@s zv=FzGfF`$%9VAn3WZ6G>rm4u4Sav5~Q2h$`*@N+XCxk?rMJbBV4b8|H$8lpvR{B7y zzZBlzvy;oKUrx`CuX-mJ|2RE5@gT4O)S^0TLT*nS{T1zYI-OQS)yuF^icuoDa>Nx( zbPDn~#cra_rl}YqyOoLeY)sH?hNBVAiLlpzIJsM*Z&kyKQp|It=RvDcvXL8rG}X9P z$>yTx+H0nAv1QIS4~1SrSnC0?@al8G_dge~+F8S1D`>rJ(p4bVXE<#j(xQZHT`UHrX?P0xhI%1qbyOotHn#6vHVnjs$r*}Z6!Lf z&Aur!-HMA=MTI}e>NS1W*5l<@^s#BRka_IkcP3@E9*?NHhOA&c>z17otlBN*0~foz z5e#jv@1X3|T}fW8qr#>q)tV~*PXw-(fvS6TK-G^60#%DRRRs-|i_bhMRrbm$P9x&~ zf|%Zra1zF(yOvLGy|sL=e5;A*;EJfTk1kqRlioH;Nu*zCe|pMW@68s1=0w81j52FpSk>~=bx;!q73&(9?H%hN)Ac73Ba zRRaZupm3%tqdDTxkVP8Da-r+uiNPFksE^3mP}c>B+#%CLihk0Ozr){q=;TZ9oxF0( z%8@N}barYV32{tA_RgjVtMw#EW1Ltq{RuP{${0_`hQm=JnTDb1ltuh4Iz2~6r^gqv z=6p1yT<(<0RSWY-d|T1!$PV@>)Hii-buctVM3R_5F%5I&JrKQ)ZIBpfHx*G&)50a~ zOuKe>k^xR`2>?3e!u3Q+Q1HF@&9PuFPt0%>TF-Ja?Q^9KjTca#~+R0lTtW;>U5I=yaT8@B- zB@3AMW&extKngVx^v-`h%HnIydzJ8<;7Fy!%STJbQWJHFg&I|hk|d0h5}>biqw!Tx zOh2<YtBdQhLd~ZcMzLN!6N;*%-nq zH0eXd_dLTlH#96eKz$R>-951uaN9pg4gINO`j=)bXCaHb=k@#@Qdza;92lu)eC4D_M zh*{D^LH`uo5=V#V6q;qW+)#+A`e-3?3AM5UOR|;XKrJiet*ZQ@k@!N=R~!>R?bI zXz2$7D`W11f%DZ`jW_FHP*QIh2ZK_h>p2*pUXHVTl)}1qG$7$!qamFlT>b&4RMzvR z9AR1NA!R%d-~=DXNa7C%I0t^nGQpgtB~>*VLpCJVS=jaPzl zw|-^)w_HZ_O}Ps>F{M%DiZjF$KpgsuiC%TWrJ9cyPl@94V z(6W6kUMw$e8+CI2#rm}YvqvQjNIY!uK^q85yv?BS#~>nNT~qajyNVzI}o{J!b@N%)lfW*g;m{HUeNco#Ulgk0~cbBlSm<$S8vaTy+{>Xz3RpDLZA`Z#=Ip`*22QGx?=M{zF( zdPef1qYeFw_0h#IhevSMJnx+w#BlvpVFfXbvTtT1Vue%G+Qfk26qR4*)SmAiEIp+) z;lye7S$j-zMnxA3ycQat-CXOAI9BVkL1D*gxAtp}JvRROpFx1yhu<&11%Ep^JGnT# zJUK=|@EJlqx_?DKEN^%Tr9eSS?nx{cL&HESKhr)`9Yo+w)F&|;HxZ6x)`%RY9~luV zvFP1Df12setQrOiRO6}TIZh&+MZCRZ8+?a6k9|)+V^|SdjmB}QH-#WW*Lp|FF@$0S zp(cKy(g3BTI={RXG|lbqJKeR*UAx;s7(|!BlOW~-R8r%XcLO*qQk>x-$sv!{FjoYD z*xl~P~;k6EobOj>;O8Db=_(-4r8DM$>}|jCFTD({Ov0wk}8P4 zS4ve8;OavU?z4MhHR8JLyh&^w4`^)SW~OSKI2`-=O>o5vS;EBy?!S<$BpObFjKl&L9$miI=LjM)bLx&N3W z;GGyoc=EPBkTb)FG2UF&zP#(!*owm;jS?ayob S`F8*S0RR72k~Dt+3<>~`s5l}3 literal 0 HcmV?d00001 diff --git a/assets/clastix/kamaji-0.14.1.tgz b/assets/clastix/kamaji-0.14.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b4c9cdd9675730b996d9311bf255118919efea52 GIT binary patch literal 69762 zcmV)Dc zVQyr3R8em|NM&qo0PMZ%b|bfyFgkySPk~{3rlmwIUHW22-*gg1QXC!kMbnb)ljZnx zgH<32s|qLsD5`09&N{DgUhh1~x3B?Jp>AXqMXB2kF|!qXJ8O@21l(S>>_>V6RgQLUXV07@fvAQ5J!ID_GX0;A* zO22Us=0^jZro}%Gf~UdZAR;mpG*$4;V1uYc7=4wEiC{z#iB36Fg2(7G#*Cm>nBgfA z!C=O9Pcx-bdAz?rrD~RqgODftVT`4s@AoYdG}N$H*4r2Oc0a*V5wVY@Buehbe9A{5 zkGUXGkh1AO)8v~*k|dZig()LK9uG!{B$&p>D8hpBKP!P*IHQWhF%C#JK*$j3O#h0m zy!cx+N#uPJ-zNCDPr;Nw6)M_k46$g~(jZPu~^)JcKKWB;$ zN)se`CPD%zuO_5gq~sXkG>vHpD{+u7kAvV)&*sP8B){Qe7wH_w8IkvN04(SKho3(^ zd|u`MpC3Hm^8be@kI)&J;4D_iECDp(!tUZ=@CaScs5Ff8?r35|)a za7Mxy3xeiYP&|%_M2e#^L8<0-5u!|SwBVUQiX>@_6_LSU@Cc1Y=z2yF%aSn>h)2?A`u;GsWS<{cVl9cvD4>zwk8sbh3F7|;Yyi9Wt^z`8oHO$5KW9vXll-6fY) zaj`f?71o4Mn#J)Yk7>9#MknztUP#x?n>i7JMta0EV!Kgzif(6I5)@ggQuA}Dfq`5y+=@yL{fbV5TjDp&{ugz`06USL0EcmZM+ z7lg}w-303B#ejzMC&9De`4GPNEAL|RnyX7eBw?zAZA|Bc5h*VPACr8~03!Jo7@%@B zgVY4mI1}W0CWxHzI66jOz;}IKe@T?7giwmr>=^CO2#(e4Pm&0VWBRk6vllQCww9yi zq5UAk8PW2<->$DO;S*(4Q5>I<7%#3!$XO(h(cys^DG`)M)vt;sglDSw{7jGBF6omn zgxwD{ff}cRU_}siOWM}hgPEj)z#gLc5{ytP_?+s!SdeUt!yCO$q~bzv=N-Gd%%a&(2uHg_?w2-jK zLp!;W{!BC>zoh1$2FPiQrF>m9LkNc^`&$?ndr5%Kq9lJ zi(Cv%}vIbs=%DYm_tk(pmyXcID zdc|R}$hR28CyXBE>dDOKfObtx^DNj-ilcOb3BIYhNOtui2=nF_w)HVO@WfXfMS@7_=44zL_? zfQH9k9DH#&+#Q(16wczmP!^pSD95gX*Fp2~?umcJAzwSQp(`U)5~+Ednh}AplYR854Wfmd z@hpz?ZOaHHT9T}YCy&rc>uFs9H$eW$Zcpq-=9*SI0Ln-h(I$Yp7Zb#|(z1=Y8W@pG zvp12EJ%kM)D$$fMeN2-GWztDRjyCyCF;_L&9bc@cQDT&J{#L9E)5!>pw?2>-fZFg5ME}1m9 zr&}&=%%xm!Q7*K=GttxPbIW~|q*i@0+#Tc|LniTV017Hl^_ zmx4!`5e}N6{wO)CfxKW7UW0fp1Q)vn6=1XM<_eKq9};1O^<}J3R_%;Ak9W~I)bm%w znX78psK(NPf8lPUxw<9aIn}eSfMR&KJ$LpHogk8=Y5|Pe!U4EB8T5?5v;TN!8rW(u zm_4MdZm=r57JVwNmmMRaf+N*3^!)H^#JD#6NYFVEdq`%fmId^1wH&yIUM;Tv=j9%{ z_|DvrrJ zR2_hPCl|8EY9@|Hp$AxC7~pf#;aUa0xwqdnP?2|9D~VWP11AWMdMl7)>=-04twU&477=f{G%* zDJAa}VG{mz^Mwp39}J)?cUQV53^P^n!OPV=*4PgYB*uNj>iDZTfWv^Yx{Xu=k=8&E zSXYjKax@y@I3DF}ME(oz^R`mk|3Az~oDv}em2S!vY{mY6cJTC|vj3kQJlXpHK1liH zm;K)j&flk)MKwhZI4uQ(-|heNpMzh189582wU!3D>JW{JA3^mM7*}$TcY<$>TcNM@ zK_8G384J<#C-5gtuCmF5zDL8+5LsA+Mf%SHAeTFK!`q^w$y9LZXL??Uca=5Rg()Q?|u zpU(ovoCpR;@YYbsv~_rvKK4W|6_lw78vdso{ihsOV3|(4ude1lOKZ-XOuav>Te6-= zm{7YqOsyD?N!&iEP^p;F>PUPdo4>82Ao>6Qrw#XNputBowS!xhxIBi7a_q7`ZT`zoYuwR=E1Btp5RZN0=+Q&`vPL|`JoRqej; z_4I-5CreSM6=fhRo34TD$CgjG<$g=+{qKiD5qH;{;EMa-^Ct(@``_mWpMSo+|2;(M zcEyTHZUhZdZn0RF-d>7oF79LHp<6V$%e5xgNe@rZ9LF?T1>ZIJkCm9Lk^q)V-vv-# z0I#XA_6yGukYj5o89xW~FE6|oej~Y4#U7#zh5D+_C*T&mhlCb4$lMt;I3p$uBdXl$ zmag=?gVItbKef*e1O^PNWCyQi4_HuNz>OQoIjyW%fY&qP%MmEI)oW=8EHBPsSJUna z6tIYoeeG?CbTm$<|1rPr)JJk>u*T+C9qnBqTR>>pF|-0)u>|tr z_gNL2=x+n$u0Y)!wLQQUVt3H70beqfWS>3VkttQ(DDKXYS|+)D^Lt@b6$Y?^1ymYV z*?>1$DwYi_>Qlw^{&-e(wl~4BR>E9w|11UT?VgSCms*E+XD+KiZiq5{*viMgKmFQE z`~4qw`bLbvEAoFFJU=|F-2a~+JUQ6j{~w}syZ?h{d&|`y)=B-=@3fEJm1nbd1n9S; z6``T-N>f5*T%IAJ30i+^!b&K2F)1u3SDT)AxODg%wmU)xaW~spi^;5mt*mB*USb)O zHcVudMX+rX^fU-Q%%IxF^tu{tetKf1jke*HZ?!F(%s6hf80?p=uAxZ@usOvZbde{2 z$gwwjtUaE34isg%O75Xr}UcQP|^IW@V_1Zo4#2I&+ZV#Kz zyP?)*tsSvG$v)=xsE)n!7HMwS!C-)qBq=r#@_A-3O+ZhnT}003J^G67j9K;h(%s^z zot*<1^mqKi^xGy&6$IB;Js>A$Q-VG-GTZSBlrcqP^aLO{Kl=jy3xv~D58M26$3G~d z;6J7Q|5|E~^WuyXdoq#jrz}LZ6k!lX9VU(Qb}yb%OM|snVdB z=#nnJLXf#8#>#emsRX3>Y~E)mqsmwqSG~qF!8BgESBjS2_NXs-GoBAf@xS9FZrlc6 zk;Mqo(UcfSN+4^_M%KQ~B64b$*rqlB-CKJTlxf_O=5c-()+?}2Os^Tcd z84G6!=fM<3MiGhQSc+EU82p7gf*N;cj`t*XndtpQBGr zky+FKX#vx^pZ(ygsPB*(cvb%Q!=p<6_oIWOqi0+F-$N8XmAdbG2wohAgB!}CJ<@F@RYd~R1vfj(GYx&t!`pyZvDj8+*8AHTh%Hx|HzOZO+wj*!jD5}|Ri~ehQaPKmhh6JT` zSOsA#c~_e|se24GuI47k0?)rKSC`}i93d>G-f&0AC8;gGj7BDp@d%PdkH(ZmBb$x* zg|~Q{^Ft#~{iQ+01V==SU@l8PxLCS2@bx^#RnRI)N0Cd|={Ido=UHu@dwIR^3ELDR z5}=As&(k6LIYDi>NVTJ%aXO0h?Px!Nzr+s<*I!r;`<`PKQ` zZ!S*He>gckee?C}>kW3V*+#?W$(xvGQP9v^RPZS%9!Wv}{O57)XN9NeLp3QuDGX&; z?&H#XKBWe&cw1%ZN-3vb_i8r0r?PYz9UiP$M`l{893$mIl~_v7cFf~7e|Y-ziPyOS zQVvh`es-@09HZ;g%XXk&9DH$51M0$j*MW9egI3Pwz8qq0QYzWzJtEd~%inccN_nT7 zfaN&3#6=$PBOg-hQPv2rni0GWs(DN0mEL8t%w!V%&1}him87LDYbK%mwbo+)=8I~m z^S&QOEE_=T@1@T!0l4>Ej+U52LK(<9UkV(O%f{z_+~7*+NITnSM*9cK&zR@XEQxqZiG ziC+;~U3(R&rN2@z?+4`fXz9I!SyKplp7=c|=X^IVcgyOR)0;#6U4wEY5|L;R{yD)kCed)< zNEG5xC`It2)a3jyGNiH$VtD#mgE=(^D>^+H?zvxXi0eofs&Kq0|L{_Oe??==3Z07+ z)4w0Mf0>7YTSjYr{>$TXAyUU>fB4#%^>w&A3!%J9T$`&mB|$;rx5sJbM2DexBBkcbOY+ zvlnkw0CF_eo!TcwyE_s26zK|~rH%jj@aXg4AUFsPhc&(dtMJ!4rT)~dp8XyZ-FYe9 zeerxcOLoaBDaAysSS-5kgC3`EG&uX%VS+W4Wcx|^aTQz5^8b%~{6os6GGfkM?*c32 z|D%Jt|JRexkGAsvLzM3F{}`)qR=9`!Uwph7`M;B-ZWiKw3+nl!`VBGGBjA9FU=i_K zHtgx7vfN9gy;n0N-xp(*|3Yh81kV5=h+g!{nMYrf!cbUuY$%K-Hde&rbk>^dofK9x zxNqwoH-vpRg@}|-xCXnr!K03WaRkVx;>D6Hq2I(?PsK-@9k>ddP8ki z#z)R{XC4_hc>PyvTft)jZC6z^BNdpb5wwB&s~X`<&FpLDl{ypZeW-YD7Q5j5`t
C`nqbHyLVJUK_C#UCcubVO3=c$57 zFS#G$eVgxiDX=b}j7|prbO}nA!Tjp{?|nhukVT#K{FLE^NqHp*H@o$C{v>!799HZ4 zKA|V^EnfIeYz8@)D-LYyBAEe?hvV<%E??PGL! zaBxum{-xkqTKQqp@U_(!uW=wv?sRP)bF1$@?PTfSPus2RU-o{rME)0KGvfd1_dlN0 z-v4-d@N_HxKScR8$p80gsqZ54o1AO^sv>_lk+MPHhtK=)-(%n$YPIaXmIMr4pebQ` z8qi3i8)CE{O0n-bRG<&0BK$oXV?j`ULe@pWWM2Flq$KhF6$&jnmTHV{$f8o~hAiq( zE0~7(MH%eKfO=5|Gct}6FU*JvrwKH&J`FD#?DA&(B~xiT1$4Df0NaYSz8zodIPhQ? zH+o|joSV#y?TCA|I|`4!P}d~%wTXk3mQpmglb@(sAAL96A5*q3!82qO4!`#*mE$N4 zrXT8eUH=(yBlLBV_qr(oy55+ty7ybYS9iNeLm!au8J-^Q+*uWRPZfyGjBWdy5=I0K zI}&#ycrt=rRoR=3zrg;i{{k$;G2NEm+kUfLW=U)7!IF|>+2y~_Dr>yGJkUyO?)x5B zTVsbCU2!UwJ&5dae4kqv3qb$YP-E2s*eu)rNZ0f7$q+h++VXh%df-;NsEj|4$3wsT z%ipd){nC8@7h@bgSp3(~(dYH}uY>2?`~O3f?)QIK6WGMR{0!SPxcNes@zj=j0mrK3KV#8fW2&WYIub22^XimRcu(@z+k+ZGB}fE|1Y`&a_11<gnhD4KxryPR&;nQK+__-`Cr3b1xH)SmuBx=gGSaS+( zIL4MV{^Fpqu|36HS?vs|*K^h5!n2snvDg6*xwq&U(Sf?W&qDYI~>p9$7=sSOEn`b0QR#WCX_2 zOvEyOF3iK%EUe-KWSiY>bSJJ%zV58(#2VE$&`r&2xlTjHZwPx)Nu%p3$5bl98WB2x zVDW?IPHa1u964`TYFEltT54CPve&9kIq$Vj@GEJG85|j)-Kr{~X%me?Y;D>89%%O9 zHkQw(>Ma)Vk+G(>w{S+)=7Fq*q9H*Gp3ctS+^Pjt-+7?EqBF%uAx}~q>H}t!@QA!f zApt3^dZN{93!(_qf4z8C2Q3*+<&3Kl=qg?u9{5IESLvsWD?A$G@P@ExG+rnoUwrZG zi$DC~$v|gNjrU(oX5B1OwB~GH zlC`-#LGV!-LPL^@Hax)JGD{oK@PD~G7UncQjWJEG-6hWG=9?u;?`&>HJkbK^*RA4AzAsM2f+W>j;^U@aB;B!^WI~v%p&h5a>&08|39x%)ui?7-q^oJe9_nnNxm(X`Bh- zZp(kgH15knep4OEWy5i~E^ONiI z(xDq&zuIpE36?e7i2H2FdYnl+LaFQM)mVr}3SsXBeky!w3Q)@lx zDkF;Wr~2B5mHQYr(7B+aM_lV)S3NsNCJ?lWg#O`2J}&iN!l2^kSUC21ZhbAC_FK^# zA9Hi}g)`*G=o^^eLriv)h*X>SJfZzvr{CdL!fuoJ?VGeNRWu7^8Zf9$$;v+4gt+@% zDeIxNKcNiA^k*U}7;bj-4TLX-TN`DqQ%2M+7dMnmTTc|qrh>@Yp|Sx&Z|*24Gkj}` z5Fh~*ET8F1o*CNLZ(rJB>=!SvRS0-r=%s?cU#vKdN)fZIGXwS<0r%GC$!P@K;G$e* zgT@uvXzrH6-<*^9O4)5}8+8=nHsGbbOpq+RwOf6)*OBP&NmBOK3=MJf3WAxCR9PI{eP?apXbk>Z}a~=NLky% zx1(Y`20vl%Mck&>aGTz(Rai`kGJaJ>?InJ| z9iC=?dLR6&b^lvaz(ef+&ujVrpFexH-Tx0#9&-QNB{eLW+x#bnX-MvgIV>@3-H|yI zPjEN!fhA9J`z)eX;lVgX+x|~Dql$}-Sb|pB|BnuyR`>tYr(65agB0ukk6DCvf>WI0 zF^#FBL zgv#stp4iQuq82J|%#LzHdRgkI$QEEC4re5>iHH48uj)|^_51>D#{88b5jahQn`}%3 zBZ|Nsw3RL%O@52Pl)u7K_EwAG(Q}94=q)kye{CaCC|-kUfAx8!L_%O*KpXyt81k{*V*~Y z^VQBBFAqT;fs(tvcL4Od8 ze-``jU-w})-Piwd|CDpKUjQ28@Fq(UJRd*!T_A7M!S8}Gz8U;3P>KGV3pySA?*AD) zLf>FPc_z`t*|{79so+|C9RxHYc;8eP{Kr8smm!bH{;%O;Yxn;vd_yz=?xl}a`~S() zs{QZiaJ&B>rbIlH$LMe8FJGO#IlcPfoAb9<7jItc>(cx%_#!wQmstMedWsP96;Yfi5U@|8krq@(&f6q<1TVqn07gCn@NU$u z%R(0nKy3aSi4$}>!$O%909v-52%hM5dKes{RPZ^Ch(u~ekj-3aWMw`wPe|o)JM176hqVjuN6~Jd$X_g!nK-!g0)R zC2SML(G4M~{#$s6QHC)3`^l@9aJ$??0;`$cu(M)U*}ao!XoxfD)F!ercVBdB9!J3_ zRaeP@qIU*yu*{jE;V7yiqVM)97!0oLR<8UEfZ*1z2UDBhwgv8{cN6Ozxfwvo z!W)s99{USrjflT1wRneasV1eZqenpn0&ig=QY;j}$;b9sBCjz34A2Q%czu>BtY%oD zTOtVi|Nr0rPq}^~!c4!g3{0Ok9h?jX1H*(7XYs<^SQJMIz9A@~j0+Uny@juS?CRD=>(QTDj{DCiGr?OF(Xzs_5;6J=3)D^`TyMValrJ+ z3=1^mjA?Qy?#@0d6ay|}EJ-iS%$iw(o~iI~IA&5y9tnAXiK=vUw~2DV?t=)Mny3xn z7zsKjqJ#$|N*robcFf0Jz{zgVGuITErh86PO(K)=a}T{*T>a0>J#@*XnhJ9DKQGaa zM_|v0&5(9YujQ1d zS&TJQoGGp^!l4$=tCZ2R`^FuzEsLcfg;~|M`W~Va^G+DZE0)GUocz$#3+0{t$2-%& zR)a&uB5kEKf6o+smR4PWD)_5d8e6LGNpfO>o7BSpxQsLCqpG|SZf7){x$PkBkMn>((o|&_|)CdDtXv389xngt$%c0vJ|8B zSBrt`1%Iou6$8TA+q4~A$bq7uZd-QA)u`!GaZ7IsQh%#3Ua z`cfx4dy4UJfpE;()KswYat7!~?D>Sr9Z_~BIq?|;!jFI(RyPgRmXFQIE$6xFX zXG*1C5;Z*jWtd_$8y*k$X9UM;_9saM#WDR^(*h*i;oeZ+NrsSad~axCHipN;zg=Hn z4*$6~wAs+lNQ@U(B;+iT!{ft)y`f1{UHYVGLU^W%Z_obeMDOwtCR`Mff1dZh7;vsp z%U^J)Z*sVNnWq4U)!i-|na}CTV_Dh?TG}tMA8*ll(05lNR^O(>lD2BtxMeqhWx1DT zM7`%W8>r|%Qr(A`u#fBPMV8R31Mh}nXL>pui$;Yqq#xdh%D$BKZ_56bgr##ZJhp$B zl*%P|^`{7id#3iGYj)VH*^z5@)U6rp%bf(LyXcGpBgP^>x{Gm@_o;#KSfYd^V9xHv1cGf@_n2L7vu|j3}UXLi77%jr?9^wLFwt(QWz2XOBrmVkq z1?pVyEb@QL522$cUmQ55q${A4%M0khE);{d1Z$6ZYyr+vUV_`0r~A8u@5@W}Ey2;Z zf-3Tcg#?ytGmLs#^SWwSqigEQZ1c%sd2So zg}|TxA;;M4Gn;!H$n4Rvl04JCx?exebBj|sEz4d>e4+W79~slNq}DUQuMlxYOeZcHwNYE=tt}(5fWYt<%A%7f z5=6>!?c*;FzBnAZ<%Vq)%Vov|D??+-A_?1gCw~^nG&a<&J$6*;<|Mww3t6C6dx@!3 zyKINbu`A>pBi`BRubFcKuM6{#Q%(ARQ&>`G#DddRZ)aTQI!niyLr}Ql+_A`mf0@Ox zId6EhR8JUyVYRf&2 zV%$G`eLYm8^eYICXpgO?>o0olwE9LnEH+vNft5SWz9M)E zr(S;gALfR+Ov{M5l7~n6vx7P47S5N)Dg`l3sFFdLX62=Jba0Rq%dJ*FAxVuVA08aM zqD^hwyD0Tu4qJN3TQv1^RO+U>Aj-1}4m+2E&S^}h7$Jwpu*dJPtcsc9EM5fY zLZOHg-(;$MXOZTRJkr~xlq1*Y%X4VScOr|^3lNc zulaNum!vk^2!udHjaSSJ&xvN>2~jhWN%RJy?znIwCW%0fbAi#itHB3&Mw1IH7H3od zJF6>6hx;l?eW@U?YVRK4u`@1=)VEyRSZ6;6-NXg?+}Q_ec=R$MvC4e)Tx%h2hSd@l zg>HEkM-DKtuD4cqrAMa;0u!VE0Wu|)VEQysQqDy=57h!CTpC-C1#9=!42);fndfl{ zYQ{ohmLSCy{$Jp;W;~!UiYR!3GL_r^xtbAiOC>?h^qt>efDUd9l+B2~H(DoBHwNqX z^;-@ism6Z&pbmH*@E z(dX6s-@&u(`@auT9_6B@Wln}w8iCrRzap|^;Z#V5Sf9_DBVaTU*00P;0(r_T9HVh2 zBBB}1*OE-KSf3F$@aTuVR-rH9CWH#RUYCoO*Zz!$U=*!n6R4&B+HD9y|D8Xo`C)K$ z^!vf@%(ZC#nY`b% zH-$hjbgz?vPX@hv*4L6?=TsqJWMEV9Vlz+*i^P;L$T$rt$_&i8m-OTCFnF3LS}jsA z2K9`9F6H*ryl>Q$GLRLCvJDLic}{k(0&1}dH!0`svF*5qz8PkWs>MERT{_Mb7ji!$a}w`MIvrsFiEBcY z39^qq(p$whImEkAOZM>ROMFr{}#l06r z^Ok^)Ahar(CJMM>a&sM{@j{U$)mm4rUu3!SWh3uGKwWIC*78afLi&F7H)K&+S~ku| zht+` z1-o)9HSqItc|R&1ff*$@9hr7m@q~sg?N)+z+;hv@5qZ@~GO9;k#rz<-oiSBtWmZF{Vz8YYD{M?V%rG7w9wP;&T75|8w@*+yuB# zO+=%LBrU9X#Rf?zyMV@xoX##5|!R7Dn*D@2<9oG zfc=4&H9@zyk&CZ7n3^(&wDE+}7~T>kD4AOi6ff*I2eT{~cn`@eoFOdDls1Y9TtMht z=?o5FTbUF9j?q(DkV{hi#n_C?7fvcc?uZa)rTAH+qA5}l3nEj_Bpt^YF zbM?4JzBszBQn8iWs$|x2NxJmDuUrwpxYL&RwzvdsW%BLmQYqWhr2}2Ir_1(q zS+k3+OuprsTduj~np>{fy^GDr8V7ySM2Es{*3nW zI6^8{+?m$5n6=x)TIk;J+0fA>HFTd$M#1v8Y~1i7yq!h#%g1}C){p;acyxawfgsD` zKaLI#4iBF`sl+)KSeEdZur4h(f?T&UMYk8l)*CJdyAlBu^Y!e#Ol-_b@Q zX1stv1Ir_MHCCpOxPp3RGt=MHzIO?nG3Rwl&+wbq_uD*6o<+h|so_$C+69%S(;A(- zpoX23%L|*nd3Pzgp|?0(>l%W#lac9!)T?!(U1JJz93_+?O|-BoWi`{*R12V8V6G6a z%MMot=dYSTcEPgSVDxJX*Q&Ffmbk4p=HtpI z70gwWQa2LZRfD<>_F56_RiB5A1b@}QZiB&EXRp4&S4V}_+w{54LISVV4x%Se&7Cgx ztTAmNN0f~aYXGy-r;!VC_WG)mInum4Y3OkF`pRY>v#EsKxotDPq3c<@Vn&cDl}Z>h zCNNAqMOIC196QG`+4J(AQ;B9+L?cjCw}Mq1z0>1~n0$8^Qz!KKHct@IIf~<=+zv^i zir27As@{C$iZ9i#rCA&sJk0J65S>6eH%Zi9DLGH2)1^>Lxo0Vpir{FOPO_6O60p3+ zjh?*iWV+TfZnB3do@aT&uoB!cYSQB`9gz!~R3*JR5J?MFI7*77$l(mLDJj21vJ|*? zh&o*o9`iXQph`J|ml15bHJeSU)$6q*HCHM}Z|nnI^RBMP{+|8HYrJgp?k(B4)_0g1 za@=xpLj+_QHjD@q{6+pHMwG5{m(7T$D+8&_BN|Jm5|+|&zWv;}b%W)|;y8lT*!%F` z5p=o~pnv&42%a1*sod2Dl|RhU%e;4ii{VleVM)sk$O>q-g$9)C@FR>L5u$9<@!A;9;`CDuq)>2pJ6Ux*| zHfF|6nIh8_^V48aYc7@eFWbt0A`d69UXXZiG-V_ryn?o~!87 z$1^63G3~MwE5jb1LOYn&;sHTOR-DtZUDhmv)nwCm7Pu+|uDR)8&t#<4@~7P(oq)of z!FvkjAI!MlP>C=@pfN-fN@DXAh)cEJ2{hctovP<-!Ei!Dw+K$m+`&mnu*w8MQ>;4q zhM*irgO^4&NiwBHd~n}_l(H;d=u4g?s*~7(tf9-~xDSRM8gyjLsBIs>v=y#D5^+$! zs}76bBEZlkkFNAmD8XEM|0+tKwQovS2PjkO?qT2ulwf6Dgxo`#oUL+<^9xW&k3Hp4 z(6A5OCH0cG>qzRw`J?%(N^c`rPzk;v_T?DYR}av5j%kcdbf~0}$>8nwTW2`Ee7sOE zzbFJoiI%|jHcUFXN1-0lhAAb7D$O#%tLlavfx{^E4 zvQjo-yo6b{AIJ7Wo8b2}$r3BIbV7_zK-A9^DUN${kI>Ae!Jy!ow<+I`cqsQn&O(wZ z_@fB<-#4Beqa5t0IKcL+_JgL;u>4^fprvY;;mcJG3E7Aw?XRctEceHzn{s(6uS5{&$$`TEAe5KYpU zCe6o;7S*Z zl3SNE<+yjp8l4gg*Ud)Ui<9340l61)EQ>e+7eQxp&67N-{9)xruzaHL_xVH1dp0}| z9D4IUAt99h;et&Ck&TnEYTuhzIg%yT*Lt2Vr>wnmbSB>uKA4Fy(Hq;gZQHh!iEV3Q z+nkB5H@0ot_Qad-XV35K?*IEo_w8HtRNX#(x=(jk)qU{8&8j}e+8ZNg$r$c!{4L2ehjmVeEV2tg}a>D@%M{V-Q+-g29myil%t^+xYHvbs? znB1fZfk5iX!(zsKC|2OwNf_IHBZHdwk5@>z^0;G!06yPi3!d%lj*s2P(TaP${q9Hp zL0aO3=VYzeyZvFk5RbkiRR>6GaRWxiOr44BT0Zs*qTF>3(l^5kO>{G>(rgP8KR0IQ zSkdoUvRWM4K2KQDI`Ncna&xd3>c$#RZk5kIjM8Ap?miFyh9nj2 zpYF&DGY3CXo1m8zarlGfEsKWCDK0{wA27w1OL|ud1k>yZO5j4y%(SDruo{Jqq9g~P zwzset8^~V-{o;Q);KMX%ojGrwoo-mJvL4NmG4dqQ%a;p5!}s(t-_HI^^5(KVq7@T` zv+_xjz~mbc?Vul3kBmQx6|ukA(lEsyq3;!cMXejr6c_6QJKem>!Z*Z@)7O zjB@KV1a~Q~Z4b)G>F)A-dmiV&sHwqIIPZhiaO_0SU4qzN)U6qt=TeJsY&U%PO+tw z!3x{LUF4F+dwTHXAv~(#et8+gzmwB{y~)@94V;o=3HxrpJ(>E|0;Iq6n-qoaOEzC9B?hF zp~zggkUTq3;Tfps#8;U2BBd6Wt0Yo1ralAeQ$sX3KO$+j5@X%WRj7NXm|z|=pfjrf z4P^gaz!tq`QRPFR`kChSa9p6AsKlBkMjDb zchkmiG;;a*T{NMcxX3Y=pwv3LbiT|vtYC*%J0hW zwbe;Pt1+Az`=g8|$S(<-*6a&h<=`0{xs2SJad23Trm5qe-+!x%&|oA8u% zz*yZ(@r(5+6)dmEfAoGmXsfq-t#=A+^1}G`XZUyMW$x-a`I#77m{~@JK6#?35Ui8x zdF(5sk?g~5z8zOEdYCkIo6qlk+aTxbBQB1>|I2RrZE?IurF_mFi3$d6h(wabNWbZ4 zWr#N*jMpR{P(&e{G-^Cl0&LxI{*v`n{Ybl@jnC)7HN51)Q%@Pvq-oc+2@1D6t8{v) z(05DIoNT0ZqWP;lz{!O41AoxF&0ooWMtdTQ;3?kRw!u~FW&r+Bz8FILz*G4#cOo>D zZAvSPa*kWA;QQ0kLeQVEzH&I&S@~0&v#tT*%QYC6OJUkbL&Wdns-=sNu;>PoQGUTw z7Up07WqRCqRPLiS%hrN8{Aoi#ikl>&OFh;GG|x{EPdh;VmSJ8B=GIGL)0JZ6OrcNK zQi@%_l_gpfu`l9&)yLOjw8Np6zoa;?V%GQw~SSVJ-)X4#+I%8T7_OnXdiUT$A5E6F+6-z zO}^A;Pk%#fH9){!3AgRKxn>*KFh9OXRu_WS%hS~>8`cVT}0pnbi=Zme|g%G7~6 zvNM1$RZM%rAmP`z9?Znd@(z=^uMUOI^k0@?rWo3dPi(9?t?tt?^~GkjCbm>>l_tHa zmgW|(=BN6I`vQw)-@mh5Hq96aoxHR_ta9v5+Km)t$K*TKsJb(27&{K8;~J>(jj+vO ztVu~3sRjuU?g$gn3@$|%3_L^bhC0Hd*x$9c6X__W59HO_BRrv9QlX)RHrV<0Y~UnZ zn&;$Zl%vLC^Xd7zZr5kNSQg+$RGyM`&if6cN+nJMfyh)oA{`j+!0d!=LAM1T^`Tek z*s0Zxhajb7EDSOdgcE&Ws&jYoH^=d91Yo+jAEvsA%cG`6;&NdB>6<(HjGAD(DO#jjtQF6O3Vxx2fS=@+0i}*_S>Rw?tI7Rq`sUf2#F@$ygPKE$!*jnWTUTaMsk_ zj8ivxl6VKLrwe&<%{#x3z3x9Wmh#oxUtF4A&kQxja9QH=uI*gaEE7%@jy3vgBvXffd;7x}bb(Q;) zL9d63&p1^qeQY0!OG#K470c)M7SQBMx&}c+MG*Z4a z+wP7pUBUhCB1dpW4Rq)Q?lSX}>?v#D-ukRH@HbmW5IfFKUF3vv#|2l%FAWw7xe$Xz zfDa?%FnW3YymyDkNvdL;la^BUlM;9#YrYrr)l4uDR<(yFIfLY?j@7(dEh?4qE;HA< zt#ZWL^H-Lw6widL+Ot7+Gg(RC(dMyqOBMIMC_AG2wzq@UvL!(wTx~IWW=M?p|OdK0J5O$sh zf2-1WR$zXdmzDeRd|n1jX8PisV_8g52l3U|ci8i^vERSp)pLT_MMOEJ0(_XWqiwJd z@gSapO5H`)q#Ql}1_iwE29x9S!#vpSp@n78n|p*(Ifo81dF4o%sh9N%BaDc-)Ka+8 z+9LhP9F`hRWP_p_&hveUiF#-M!c7q^ z*@o!0PRqvK6dUmP5)V`Vr%VEnKdg`JQWh?p{_-6^bv4uX9F_^0d3Y-47ageb0u)1tbH6cmxKaPUVRG#=oyIRg!#TDAdOV5JZJ7#nWr2 zI>bX~tn8ObmWcihyG%*-E&N|orEoC(CE>7r52Z@BG=eUk8MIt-T*tP8y({vXR>zOs?Pt*jy=+NVro=-rTn5-VPcavrEs0=iarC zd@HZ`Hol15DOJ}()~m1h3uFIZ#e4lD--)7M757oqb??%1Px3de^V>js{Qux;&Cb1d zzRd$Q{HmOG|8J>zFn&r--KX-6<8?G{nqgvb!L05n+nK~3PLH1XO{0x4`}O4NUq|Z# z4n9HCS1+ay->PMSmaf_DB$48To&6uKRBg{*G*+=%@Zfs#sGCDp4 zVKdd@Gk!s05@41sE~M2ijDFQ78oE~h9%M84dgz(Fn$wxyey5`a9|KU#^R&iea&R~d zo|=^_$;=+q1fFr>ouOdNobjjIYq)F#t#(hk5c2#qg6hq);nZe3(s@2dtnZ=dN5*|@7wptDp-(qcv@fdTS_GI8|L(I z{2vZDFO&4IXcPV|g<4fnORO2EN2R}SMK;)^vvzr*H;CqUR7$6@1`K+bmV~zDEljf; z;m>XQbIQ#Ya@qNBER3BB(S9xY_#FAU!_o|h>2J4wr{^zoc~Ot^cN-ASHa$IMNmloVk|+jl3j zl~!+)75ter)bsAmYz~V3B!Q^&t}H5H4>}txh1w8*>)B-e#F=|~egrwa_?T62Z-beR zGpGttz*0jUw)lPoD){Z-Q@}sepdc#_wJ1uh!^oW2q0e`AWwF&eek3*Zc7(SK53`Bn zLn(1*C^kJ(+}XdQ-$oGsyi`0oa$0T=d0YfN%98Hq6u^4Kr=&00XdGG$ z+Dsl>49YTfl)79){;RZ-`m$$qyE00&bMj=a(L@>*53lf<+|DGZ~aI;y!;IqozH&cUNRIldneYx%xde zoqC@Ru}6&Vk3@O4ZzclBQApV9LFE=;91I2#o;!QRv_p2cVZoKRaMrY^Iq6|KGPDvRd7`gfuhMI0-jQ%JaD|zswz3U`RwSuq%^7a;&ndM**~wAI zb}%4LLg;>aG*p#|GNnWY?95Bm-)@qJLH&5&M%w*fiA-NpU3O$Sm@eH;KUzqvNnCt1 z<$l_~NQqQ_hhq1p|K(V$eglY0!AmqlS(0}kVB3(ie(4KG)%N{(wWeT*AGjr) zgl+`)5|d1_mg!A@7br`{N_Y#0GQj0KKL~#?MD#zt+TMvh96UGTK-s)z>wzRSn{Pe# z)7-zk20d-U@1dLGcgJhS$!ri-y!6@ZXmxq(m6jPydOPy`XuNSfzxwbF_{8ay_=4Bi zKh`rVaMfLYwWc)JEsq*+qWr2lvH*6LX6{+aUb;qfXoxay@R5b&w0V0QYms=`!~L9) z+r(HYz8G;6kdbx2=b&G-ZomByY`i4EILa5kBUm-@~_m10>4txF?;1mtTANcdLl{yxr-Z*4VtZVm0ZHVGa~ph zk%(k(dOdctHF*@=uK99dt35_|1k7zAh-PkTST@s|1@cvYv4`YbeNQNTW?i}BiGg!* z_43u~a)7TMR>ReDLjBDUO`_FhJ_txfgYWxK+uKOwYxz#F18P`1uDgG||R z5z`TJ5WOaInz3sw40jcQM&YMONI1ij?JG=Hq0^b8pFN~Y2w!jQv(?>YuXe!EXpNzv zWm_9Uv)hL~H~X)9q2BBmIzGl;T}wi~-YVQ}vk$95*c?OS@~uu!`+wQ##{9Eia`gVs z==)_?1^8sIzTr5?|91I5?EgHc*yXc` zgbdae`M3=WJ#yv}a&!+>h@@by)Q&wg9D!q*| zFAG9Qb!oW`I+terg8=#G((EO`TsCkH2j4$Z^BzW~)f=}(0(@obgvcRlsvDAj&+OMV za66CAsyY>Y0Qz5_%2#Xo={59F3;m%mD@&0Sth$r@@Q4@ZG5%votSZF=qVSzD@sef& zOU~{LFYyg9IcqqxenD8diAwxkO33X^-BuVcj6;nT7^162m#Espmd?BNkXJoidwQEi zIV|XG-h2)qvKZb&kDA*}jsKR^G;1bFU!iEg4Z|F=r+ATDNi-=aF^FsNUsr>6L&EHY zat4?X-*h=-3Y}vAeBXW9q#1qt>EI`zd(GTIhuGpYzDaklnY?$`E5rvxihMMGG* zXe=YI3P*7yBWV|Rkv~86?oOl`q5%t2X)CTB#;;xj3o)bmyrtJOqgn!paQP{v-!yyq zM(&z0#TXMZ_@_x~NMCqT-aJ8MsXI6hcju3$mF^dNT%~pTweX{`ubd;51)P`Xnsei2 zrjza$!1k~WGCPDvoXOWZ2Wb2`8OyX}eBjQASf}pORz#=E!@1ST^4#AG>ec*Y6|&0)8!Te>M@X2)eg7H&ko$B z&-M}g9<(IDISM%##^o4{ruf_?CYJ&4_^j-lyIALA^n@UD&_->whPd1U z^*14}_D<*Bz)iR>W$#{b#Ra$EMT0G0j#lTNS5=<&Ij*q01=0!71N;}^_FnG#zG-aU zzzR@TV^K%yP6y#H;mMr4uJ(C!^WWrFvVcC+i=Bja_<(W}${~C=Ur02epVr^0ity)i zW2z6<-@d2}i)0sU&F+k+javCJr^wp<6oyaf^OXH{?z1B(DG;AIYF53xz)kk=-m(0Aq02VDK&+G<}BNT*Rw^6Gex6+Hn;i3WJs zj{O=71EOY(OjcJqsYJ@g)-u;SF-KYcZ+UWT9ZBNeR!Il=@mL^$y6U_jPam=#AK@{S zalrVb!d%{%ZGY8e$+bvLJw(-zYSA=d3MyZ>1kA7u5gQ%gEbe6Nc1u@UZkNDlr)18~ z6VRMnW9UPX;P|V#?0KsKw)6*(QAkg((SnZAN!df(?6|*uDz>N%7l-rNI2vOx_QWvzgeXHAU>;OHNM#Y(alHdj=f|oUo0PFA0*m2XxDuX_2Fzeh z??Ed!oBniT{q2!R=`7!aH3vbPmrq?dCD-Q>^qxG+6$_)%X{aBhwF$MZ=A*2+g<6k- zRl-XxTH-6g`A>AKBBr8V2&5I&Mc#y&?3j6gX~g~<^SfBXu$LDW-~Gup1DOtBjXc7+ zCAd^YRXS1JBCCgyZ+l+8yx4Ms3dh$ll{YM@VKQZs^$UVsgF&~9$&C3EjHE@ta)LB- zz(YHmR&#M1W;`Z-S4=R(}CuL^v%`lfboQ$N_kBsETPv>Zb|Oy<@D0O zxLxDN$>r^Oi`{t?nVuC#arg*~)jT^qng|#NVeL~b)EOi8qv6T4fX7%sk>jpPL;B+( zYqF*{s~Cm+Ak@QzFZPzOQ-&4m+IcPsJq@npM1M>2YLp`TI#Z8- zFhL_{rg0z5v71v`kFxP;4ue~jg>yz4DcOi1c8yK$dj@>S7MVHBs)+jX=Cg_41bwy^ z)ubp@x&F;&aa=XI*_@N-ot2j>z4@-IPl0-3J2aND24_jRiwrYUa!+{W#hPaLFO5kk z9&!LR)Y^gQ-nGfnG0A6gIzh*H;+tDI&)zLmhmSJtcCz}9FTvH?bM^vYj3&3v)i~s? znUXk~##?0uQ;^-bSEH@I6;#_q;AgW-q}0CEMeOL5OT)ZphKUvL0<)CqJ=5x@Z9gqa zOc^03D4%ZR;?G8K%HF#$(Ib&(hac2%6mW{3T#Yqsd^vx>p-Xd8CQOXq*(6m{Kr)vs z33l)00fP25jJTafw|jKQXEmOs{cKC;El=voZt*{QF+>%PCuQGlAMPN+dJ!+ZY z6BwMFjiZYW$seQzS>R1SW!}6W4q`E`PJ~%7lA*^ZHRbJ#Gs(QDomu1j1O0)|rE+q( z9y>$RA;_7!p|rxiu8IbtE;9SkitWr+QAWY4@>k^gj7)vN1@-!`qWZaL;I%Zhq$F`4 z&>~M~660*VhKA3Je(nvCE5Pg{lVwtRNpl5*zHbnDLO`_VR?1W_1*^ve(}Kj1Gy@#| z1U&hNIMI_DJ9%BHUyFo%eBI3qG))my5lk*1M6F8$RU%|mcIEWSlm-OAnNzDq@8jzj zhAqN7Wsr+PD7{wE}-wLlj2hNHPJ_<_71!PU&N8}KK+!78CC6}}b z6x&>l#f6qd29(-x^A)+M)oXrDQ3h*6joPBigp5aaW)W#k4;X>Jhx6G#1TH?{opIXg7!dr?k`uj1$w+OF zj}8u6l`UlI4r1(n*@$+1%XIFI`7dtK2!IYWQ|NzP zF|ST)el7uSn>CCO+K-H@c`0s{47JrdCHL8*un;{-yV#n+s%qAQKQa|W9E>=4nwiJ$ z3KkMylxHml2=c{o* z_GM^}Kd&IKc`G8xv?YJyB1|tPxg%%wG4keouV`UQ>bLR1Q-DtNqsRN0nEgp=o;(lS zM=)wYs0vRM47>#w#<|}MZ3wbmIn`fB^P(<51K6~T7-tLbLx$u_Df;v~N+9rcU#T9i zi6rqa5gC?c8E~OM&l$!a_m2P>1(w*fIHWy@s_tkaEoE3rXEgOP7;!Rhl&S|&4j9O$ z2JB8rGmgXQ92uVZM5*m#LmPQ(0IK5eHQBhnW4F#qk>*taN8$wPyskZ(6@yR=#ysx} z>@5*^MODJtHaCfr|D+!FKlOSE@c$<+_Tv6;ynakz&^nU~ zgn`MoyN==50vb*%V9@h-=e_J(yv>ZTgr<9%Nb+mR1eO~pifm8;d8?N!yS^ID=D^k? z`+nF~lG@x3$w*I$QDNZ){z#@5o&cpEK>J`$Gnf=cMd?F1GT6SXQ?5X~44DS=gT;@6 zF(4KS-BO3STIWw;A}qv%9^)|3SSZwR>*g36*IH!=Jb}$w5KQ;>nbP_u z&E+^!vP^Y0S+#h`>sptaj;CMG(47W%2Z7KEAF3Rc9TW=TtI$tDDScdjJvI?wM%6wF z;Zi7g5WS6L@6|+`F$7CFrmrCRg&L_S_XtiYYEHxVx(L@q6mTJTz|fFOjlf|Dzo2A9 zywA3pxTKOClbM=poNBi6ek_e2z3V)zGl%g{V+$I=KuCTPXAoMBrIFW< z`>$89jOyqv(8%so>=c-bv?60;yQR&@5kF=>O&UvJRA#x-gr7UlWyP;)X}4$EHMo80 zDT-=uzN7ngpSVtT>ounUr&p}k%tlk9>nhJKv*n_3UD+5p&6X57drv&+-;I&BM*;RJ zAgyY53|jU8Go=T=wK=m#E(3wPzFU5*yG-@PWb_t}I~p#H>jAO(k7>!9ui_ zW+N-g6VhXZzu)i zwCjGc*JITb0Kb@YFNfvVOy<)ND|WU=%k}D=-GYKuN9U!{TZ$XI z2SyEZJp8vj=gG{A|J3i12LZ1IdtVHJ@Uzx^ipv(rGI!magqzOT1Yj`tNT($ zCT6ll(m2ccf$^NHiE-hBuX9}@-mg;4<~cTUDEh~SkeVNqn1F;n5sJ(wt75s4$vksz z7&Q}3qPr51^cj2aEQ(Lv1ct0|Y_>d`rN2leA~huQC!PeIn#s_|YuOe0?(V~nlCGL@ z2&!5Pt@@&9Xw6g>dqZSi-Hz`Ek1~vRh%dS1&fGf3grAG6pH|yYE1H;T z{DhZ=)czM@P#E&csu&92*x(H$ZcM16%;~1*)ZDK09nqn>nf1beKXtV}9)k>PC1fCH z$o2PHMw)QF#P-6eCi0F&WVhZr$)iY)M8D#TKdk+$q~KN`0X&PgoSY^w5%>V>$h;Q?!Bbd%s;ElnE#1rrqUZ z!2dby*THJdF^!mqq^36uCx{WfVXxpsQm9Ig-_u`De}t}^{l*L4ph?%;gM*$sQ+B{Z z|4`yF>P)*=2jzcW>=2wNdggsK({;cb#?CHz9(#(V&_F|rPOhvzfE`#Q89;*6`4ah_ z7lTei4}^S6*fu58k&N*h8@JLigV3o;Rj?uH@DWKwp>aZ;&x(g*QK)5jSNC&}A(zp~S41L02RmOmd4=UPGY?tNV$+xML3{ zSai-zE`9~Zl=0N<*G}erjP-^Ov%aHYm~e;v(om2PoV}_borI|g&mSLp6k8V4P)6GV zl~V%}$E)`h1_@MCuS}L|8-}b7u4g^_w|lw2JPnPrMpODopYajSGv51ZpH+>sqGIGG zdf_m`_d_Nx=pvwrCW zw4Lj5u=4x{zUpgC{aQ=7>yg`8a}d^N@GWBH2Bm;e4Yx)aWaORU%{&t z?IZL1^7+~~5|q>l1FXWTa8{$#tmA>XZbhF0YI1O?ZkeCR(1He*kDIr*d7oalEnocn zpSuJ_CoK-$fm$11NsV!TwV06WP3?`YZWR9P=Awn#goYUu&w^WinG&URbzr~vFV*XQ zrAhydO!NrJr-&u;*u0p4fL-*MI_iNfz5uN!;tDUzXcz$(}tgXTNIbkJ{A{dND07J@#R;{R|d#gzF ziIpQWr{t2MC&N>l9#1?p2ysGFnc^utsnBk|ILq5^G__tU=3PLm(@@4lJvJp3K8GSw zR)8*D{+Zz|ach8MJ9&<6@KqtQnJLqz>CPRKdbbLvEs?X*T-%+G=T(QC^QkhGU`n^X zgHilXaBy6ZxK$3y-c)+t$SdsT2zn`5_r5f_-Q$6izS{x%tGEE1@I4` z)y>20+O2x~t-YZgHi-Tv0l|3d@$%1G+s0NT8vOj*vz!*t>T*I-Rf`5wE-%5F=Aj}` zVLG14%^&Q}0|4cEWjQD#!Ldow55WGt%GA0BsjZi5)-yMY){Bi|4F z>Ns&Fzj6pHucCyrR~`zbn;M&NuvWLR z71eMK+hi(eFVA=ol^JCU}4*u;zKs?-+$t6U%8_1YX6R`a%- z0cHRm6F#5mBr-aof6q!i654uyC_BC+oLtErPz0C+>P8Sgx3hom>KX z_*VcblKH5DhpSvZ47R@gRf)r9NWe7bo@Mss#$z<(h{eu(ViCSVOBx?Y8jTKzbaGXA zWr#t5<8DFMqZhK>)FKBp$|2d6r*qdfnXVYL5o=Jt!V}*Fwn|xs#a#0`N?ToKW(n6#GZ7M<7{n^Os7$$3bBbba z`SIgSFyh7vC_$IfwS>CDzAs#){M*5wthRj0+FHj!P6N-09Sdl;!;ieMG9YI~*&>4T1 zit41L;jpCK@va5ce4dWvcDXVk#21xG)r08pstOdI;IAca;8`7nQm=H)cb8jf3}J~x zygL{iov~_0^y{OM>0Qot0WSd9mbdG_is~6O*1J>Nbd}BTs)(R5e+ zI$?GJ7S%6 z4x@yhq>fsf7zC|PYUPK~ye%=rHq*YDuPRv{>y26olwwb2jMQ?K2t?X@a z0;^=8>01{(_tLqT$Z`~k=^bKLv>z=8l(d{%OfjvHv>}hZ7 zu1q&gRsdj*ho+!_1 zNz?w3WTDO2ogm)Em||t%z-t|(dJCO#4u*8)bFAEUcTap{Rpyo&M+bw9$MMCTs-LNi zi{8R=ed{Fq!}KIOL#4vU(PB!8nflXZdlr2eU10aZ3a5eR^^HNce{N*rM!hyv+Rpdi z9PDHcs>4n~74~Cc&&8#Q`D-|6HD|OjFcYlrFD;eD zLw1b%B->b-m3PRwsK5OXh~B+V_0ZmQzbt}CU%_ccrD%3&q}6B9v`aFpZ8S_i8J7Oe zLluBasqF<`?JI(=BaD2}zmk)_Y^8}HI%w10G+9Gk^zt9eL0HDc4<^2v)daXsNxrCju^9Cp5!42#N(V zm_l+3hWtJeLBo&rFIqSQ#*_fYiyvu7R*7jDG&e4UQAM2&oaY(8OEy;7)C#NYYIwkU zEU?869bN@ai|9~D0li~4h+(~i3wI3H+;5my>rjF4&iOLMXrDF=mqDvvI^TTBp;Su* z{b368vYZZfNV)aiNCP+i}ST4so$>)3Shnh>0;w}S# z{>s!feA{^;k$G&kfIg2kDgPQPEk^&oV`_KYwx$mCl0~_MKqYn-b-o31)Fq-dZqjsj zw&|SrB1bZzX^)bE_$T!m+t0AYe{j(A8gS|xT`jjpPKBDVS~WM5ZTgM#QbcLf6TP)x z_S&PT4PeJTLPuJnC2?;!Qm)xwWWl6a3MbuBYmXOjIH!@gA4THB{9PFq*j4Eg}TfSIkYZt z*sFkAY8crS#Bwq%4PK;7vpC6AUDWX@JpJY(4UmY$XfF@UHb8-5Vi|vc_9@ACdljoW z>gH@tr1li2{PNeg6_7x6`Zt+YRGJ%`3_c=Aw19M9nmLtzQc^M+>tG0u*#tuJU2^y$ z#P`86+HkX0D!-kLzcy>wUt#N06&xD-BjKoh1L|(SVezJICv*NRTg}Ba2h>`VW~Lj# z&_O>pJG&Y}ZD5!Xx2HdxHQNh}$eQOKym5FMCybC_@YGag@ebpT;VyS1!#pV4VR!kC zmAOy3GhkN{3!5R=J25Mkhjdn9s1qtyrsV0;(be?%(8=|{+;-8qoj5`}+}41;>m)O$ zBY^9*A;MKAGO_jHKw;H83mW!}X7mSmBZ0uxWJN_V(9zu?-~w^49>ZfiKiAlhHrOi? zGcPg-ovg}#btXvf(xd+kY`xd9J!*@9oAeKaNeN#?!3GHF#PnLZw$`-_6uuRXi{i0) zFFW(KH^`pl5S1JzZsy=-jT}u#9oj}0Tm8`Alo^>2^95K%AG?)bR~(e=GX)slHEh@E zqoq44E}FhV6*J!~;yU_jS7s#jbpbX{@L9p9|d1y!QVuODzt$Ey?TWU<# z|FxNDOotox<>7Y~+PHoiPGKGgn%)PJ$>43@F{|VSg=%rdVBZhPH{f2WLY|k@m#t z^s>3NSV=7uE*2+0?=8HVOj0W|n`Md%8c-0{v6u(R(>QN|T)Q>6qQqkr0c|leRAN%m zbzCIdwcl1Ob-A8jqZ@^pieXa`DizcfUJ^&u33`mX4Q`AR?7kVHR79Jt<&!aDJ!T#f zME9HC53?>|uz%2>)ep+G>Dy9?4%s&MzO0{j`@23JN7XRmya%C2wKk^^qMDLg+IIwfdw}hcxm&1e7n@>m7t#`(^3`k%)6q;W61K&` zAllPN)OxG6H8)|JvQm^g>`+iGFDz5=z*)f>taV7+Q*f2{Jl(R?G7E;>uUq%8z&;}1 z#-Z&WpYRTqlm>CHDLw0KgpjBh_tdw%rmSCA>La=@1728 z%F9mM&C4}Bl{okxZ`tn=K7{_D^ZyVv^(di$saFM>k|hi^^_*W-2^L45{cLoj$vn;x zzB84`s0M((s*PT4+AJx2n_!_x- zb7^-dO#dNi7!Up^Sp$bgrdLM&bjT4ze5H3#EDT=S2l{Utg*9v81+1nXuRr@rad+#>EI&l%r8-iZf=fgpHsXE z9Lk%a`skjQk2Od{(EaC3MXC)pbsyoYi?TE{B%t;*A|+flx=WZMkBnaRYCMBup5QiH z?N?z7?27${IBm+Jtybf-=UyW$aKvT&;wOaMcYquRrAYLLcr;b&*H+9*ONls}i6-^q z1S7n-cd+3deMB`5BQ)QK-iYv?p(6UbN0|Q;3vYZk1UMr4L{8))`bNBA9eot!><4JC zOb2LT-y6bz*m#Y94+H*nJ(vGEdH8;b!uyZVyhHpz{q`X6Z9`O3%kkZW4}T-0R2BXk z4rwS}!}43uIu!e@9{%3N|MU#~_;$+A_Kl_6H}njJS9v$MkXG-|BqNsIW+7WIW#k}0 zB4SgF=y5&K&Bseh-;y9ereI;S3zPh?8IF@|Nq&FdIx0oR9p=i-&E%r^oFNP8>f84f zp8-~Ls-QSs;%Kk-CnIgroVkgn+E8Votv!t0_y?hYv?pC^Zcm2=eL0xSFSs_o80}Jl@WMZ_I1cd)_wwYh-3b zi}{kKKUZ(aMQVC)mL}G)DztD<_8}UKp8lrju#tkuX>k14<(Ss~XtRyeF3te?4Rt!oq z>Lu2u5;*xMuLfN2uFw8&LwTZDWZSArN=@uOfaf6yrAXy`qxomn7IRuI92_&M(aggrl-I`4_zFH%4R&b=0*nkaWQjyOD z<_wh>b|0vRnTO)IQ~jX}Cp>AyQ3~zkYzGme`~ zT@Y%3Y}h_4nr0$6_2`93czD=FB8S9W7r6jNtRP7z*>Lg$V{j_}`62ZSDf!FEJ@13o z=S$|V|KGwY2`C#;+Z{C=z7W>f z;Rbk9ecg*%4p^u-e|ldS+y&r2@xj{JI^Zu=;$^DYXoN0{9AC{%@3D23a;+-CT+P)S zs|#KFR`OG~Jma8jm4yD)SFa?(z*Bf!RQ+&pl?B=})Y>Y-9Mqymr(E6hGbAJ)3CTKk zRNC*J7+C~UT~C7A%L@OB$rf7Kk4>YiA{HS*rOp~)p9GX3RAn*f-n7P!QidGwAZ|Ve z=HuYbNmwlM>6MZEm4v9vY0^Mi4S<8)Cpop6)45AwPG6f=VHT}6_4KI(rMsqZ@sa#- zoS_FvBykzD^68h4=M9*V@%>z#!B3`VVn~;25LKkMWj6`+i*QY}EBaNSlo^$(zDRwR zPYYp0z$q@@D11M5fiqX@sWZDG=+^L5cjF|y1(VG3#^fYErXib!Cq(p;MX_`k_}B4z z#y#qw4Y22X@(_ijOhlG9Ibl=qJ0yNG(QX28O0zpAgt&jltoV2{f*Ar~8*98gp;dxW zpTkfKWos)z37??ckABDm@*yCE^qmVqhG=jvHhn_fR;lJ70idIsX`l$L5g8Euo05k6 z%{qUVz1|E^c$e8AH9h4%+5!rKJV81`nY(XJk+^U z|7A{>Cpj*|{C_cZj=`BkTiXsM6DJefwr$(CZ5tEYwrxDIC$??d)|+!q)mPt-uI}Eo zs`sC+-M!bk?sbb{KMS%u5ib7X?$?g@qLuWhjoa0r0-F?MTJWVXmnrSsa~B&BjnS6| zskv?NR%LAf^L9)_S>=!;{pkVB|JEA&OnN9UM0ymx#Gp#+$%T?MLSVVU+843RrPUc4WGbQe+sQJwUF?W&*Y0`7k= zzf)UTz7Prf9E1Rsxlm7DPg`1eUf4f4B*m<+b{2wCWelR{b7j$1*Y;WWA-+)*D#zh( z^Qj6&B+1D7R6K2e3lm9)0L05evy=`jC??METVRgz#(%08Lm$V`&!)7BabuW;gMhVv zK&qk|FN*Fo3!!2_V>W?4e{G0{jZzhe`i9rwSo`JeE{mIt%yg@?uEi`#EzYr!g3-@@ zlVike>lH@YzfjuP2<$Wr;v%?o&2YD^w-|yJJM{&gJo4(mD4dr950~@xMEyqf^`>`J z3~@8od!(JMTeWJmleL?7r5Sh1$9EWYajRS`ZJL~)Dxt?Bu0Viy|Y%IL+Pq6mF!Dr!(tkTf10j#U^o z3xYI9d@GS%L~dd+Y$ZQd;Nb3NGkAsGJ~`_7%ynOtUbwBwAEoR(R-vp9kRrObeS#r& zg@e;lZCmW!8jo0|Hu=5{SuuOKyb<4O2}~?}zT6Rg^X~2vIp;S1T#s&F_;#I<<4v`b zb7r7Y{YiQ1u{aLZi<#^LoQ1j3`#Rus?v&mZLEBYxiERo9p-x!*D~Fb~UcN=#Xh!N4 zRR63_mxVggKWx(RQn*m5+^yyNy?-E|bRGl8Ne}jZjSQby1iNoe8w8%f}6=(5zft!y6Fn>s#== z9shY(XJS*fml8Rr(n6mlyA!l+xCOii16lUfKdwGf93!>#9Wd68ZV>5*i62wA_bghdiwo7l~k*d`}06cw_CbbRilTXF|5~Yty75 zv;L!+WY4CyAKP_uP}@UxuduhN!ZUuz29*i-PTbqd8eCJa1^k^QH)N;Z*45f1=}@Sg z-!$*{-hlbMQ%y9~jo_#k;<4QRccYdrtb(c2Bz(tcoaGntN)i1%9xp5|N4h}2i# z1b0bpR^47`oMC77%xREzL|kv?+*|zf@lpQNn)pZSyPF`5Ac+6-l!*03Vu=hd0-7Jl<8Yxdm!%l7 zf{-NRjG{}qP{$GC7rU&Vq%31ZPBhFGP+4mNiH1B3l^2Fe4Y)A52Wt6^ASXCbdo6OW zlnvX?T(K1AM4HU{nVFM}JupSypXPMj;OR?GjZo`Gzdd0>6<(h~wYnZCI(^>f6_(CW z%)B!G0w=HbCh=5TCX=EPSe=YWZG;x}pUmJ2bC~@wZYAxbqw%9(&1k|j+7mhg6pKG3 zBWpQHIWY~SIO%Gf*BW(nh(IJ5zC{_n$vS_o>ZExaCY6lBYUGfiy)EVR@c##p{orS{ ze9ZsF!t8!Puph7to9%}-i;ez)!hW_aYB%mb_*ib*$_&az><@{C{$Hl-fB4zgfA%ak zXrVPbLTdJM`%a5DKbJjuPli9Yd_T|l3Elc3&G`O9ul0yOI{z1U3;hAiT8vJhx`%#d zbC1ROiDh&KyZ(9hi_(9FO|Yw|TIWc_7OIAkot?u8yH#QLI>^%jjTlxtmj3B4<4#gE zHg2%`+VZrj(+?15Qtfa=@SQ*!CzGlXWUxx|FY1O>mSs+YzJ03B*;sRZPy z+8k2a(GZW#K9_*I5C7=HT4#5@fI2Vo48;vNQvQcPbpM|pmalfp5N9T>VKV+IXvkkW zD{%pv=}v=Cra$^^f9aJ<@i6B&Hfah@Gqp1IEg@M{h(i}>$n{!~Sm=*m6nLB;PI`D` zQe4A%dfRN;R?4AFHP$|s{)AP_iyXQG8eFRSOOvudZ`#n4!WQwPN}?sOW=xFxKvBQd zZy}(x45u<(hA9RyUo6dX-fDB>>^6_jOHht%|DpezQuPOc^%gw>Qn#&&e|$gwegtRK z!SDe?_M>5;L|UN}8~nFX)qxWKY5Y;AI^&GSqEeXldF8sMwwRNAai!6OHk6ztr~T|X zaqRYr>t(albO?0#!1TakF)FyFb?-f1BbM5hhM8GsOO?5G$C>oU0%d&yc$*T~zVbk? zVT*XI;N-KZc>K(%+xH-N--q#lrMiNG#@6mY&9P=HJhCKS=G%)hg3&!vgv!=tU`~EU zVhRUjxK!W9fIFb6TIGOlJ31v~W`V9%{FlKI7Cj(?Bl;FQnNKw2v&ZY}oo~%Z%2?>@ z1^dnr`A8Jp0H!5cK`5oEB5D#3kFC+-ZCvm8{_U8uvL; zZNP8+fHr*kQP&FPl*tp6?!v~lHADV}U#hBunxifW>w~!LqdaO&*zq#R^&N zDC6U|>r!QeBR2%VX$|kFQK^7$-`pgWp$wWc zUeTbzr{2owtX)vZdb@VJ>v8(~L}CI{3LoNGu=(*6ZT!X!;rISwtOSXMaa;egsi?+x z(wc@m4T)zc=FR=oVemw~6p!etQ||ozV@&wv@PEagQ4+vC!=dv!tIBypV>RfQNia<} zkUheXj~01QSmtKW&LZYSS_+(gI`(zl8t-u}iaUjmw3u_}OH;|PFb)E`(z@K=4>bg7 z=W8qvtlC0P*m%}U-Be0T6Wi>elIHEdSdrbCcEz4y#md)Q#qmf;$nr3;GD#~qoz@!V zW|ZSK0XU~7!OC2lnHx?4&~RGqE0I>exv4=C$002wVq!+Zi`}iqG4m2}6I%+6jt4_A zbwa$VCq!iWz}5IBv>r;`c%_l;W}Uw$P#;JI{ z691a>FF|RfIZvk--Kdr8=J0}FDN<5{8FmDhX;J}F)!XN1?&`83|Nb;R?DN_C%62xQ z(b`-SO~8w&Q2Dr$cVv=zhg+L9%k%D_BtOP>_*$ZDcEvx+PeaAnvKShgJYNA*5tJQ7} zx?T$=RqvduIG6H;SGP7GKK*44JgC;ovg-8m*o$RCmTP%tr}`bSbJW@dsUZ}rtg&dG zy%`d-MLC=*I6pRO)^*6Sl&ZGsCBC%xBA*&;t9Eg`A>gd`AFXn0a9_VE3($DpTx64h zz`+U!K`7@X`q~5HL@QVu2>(O2Wo-bISW8%1G~#3NV)}VC>rFdC;P5aZceSo=Wt8~0z%&O1Qxi3Ow*Ee^*Y?26yp9W;S#mbw{%Z;S3N zNj+I%k5xLL=ZZ#%5xG;wH6eUOP07XAX97H#mRf$h*2KOsy51=e+pu@~5e{IQh zhZ@an*}fvSs7y70(%p}it+%TmOwWe0 z`X4&ZS9nkFFWRLE*q7is0+DNN)dtq8jIlT^{2?;quylKf(FB`e2dv%s05XwO1)61m zMH7<%upLg~f^+t_sCdFtML)S{S0wVsYmPh(L4ZJEIE2k+zstZvn zH&ElI!9SD;$%PxsHS-*cUfj^o4(Ej%(E1)wM-C##(Pmegq&VSmT3D`~rxL1f+VvA6 zYdhk}<%Zi|d8)ybr_k%QGgq4`xzOtCI`M^QVm}$s#TkVv5;yMbQPNISJ0mKXU$Hby%m2>qedtu->)_UEJ9;j|He15 zTUtD}WWUS4Pg)c{Z8MkuYI)3|NT#VeN^T%1b{B(0#x#?P5|d zkX@hLQH!>qO`0!Fk^o#sH|eT+wDrW5G*bWsDLs`=Bd6N^Z+ZV>c2jn#;8oHs6W?OZ zI)#xlfQ;3XpuhG6=MW|P4oXi&lfj4cl*L`XcPwyZ3nytM&vVFD2g`|rp~vgD0hV*f zlb4)rUxtfG>wB@1(=B0FDGVOJoy=^;hfVOueC@X0l}-;MBa2v1z?jea1J%nQOMB?u zbeZ9$QDy4)l-6cgNr3^UlG-`$6Q*>TgNa}Ao~m<<)1m8bbKzGrO_@J4z)4$=8y^LSWh(ERpwZ5-rle(VQYU!P)z7Z~0@q(%- zjXo_06AiR~w)cb#r^q3+OZwWU)IYfdpcMUJn+GoA-5~sfdY{9X7m|@&y39>&R90Q)V2$!g(6>7M?6Tm*SyfBD+Ix7HcaLAX&?*8fC2UtC z(k8*;18Y&NL>-h5Fy_JN&owI5nd%dJJ%M~<4tuE(ZYZuX8l<)WgYMI&>r4G#=s1G* zfADL)=2hv^W`-tMTmC9d_3ssd1MuzdXW_*>-G-Y)Kdoc}2&W78%cdayAQ{K0Z($@x zZt^*y#0))a(+#P1DNg5semCm%eG_-CghWn{&Fxxf4Vv1RFw|NKnosr^MDHOkRt&^y z(T*Wlc)Sh*XDX4prChV{YR`FIG=b2hcJj;9H;^B%WE@*tC5zLTcM4mZQ`AHMPMUyv zE+U~x)%Koqq=V%#Lz(H)MAJ@6Yu19U>s9i(@Bf?t>*Yy->|;3V!U43!4De_yB!(*F z{X29l_N^Ln#oceeP`z~mCiiKl{Tv1s5%14__lu43Nz!Z_n8N2vocex!S>jy-DYATe zpCReUEKkv1IqcnY&#Ev#tb3kKcT)M09i^K_TOp=zJZnnb)tK&S&hMdO1miyR2z-0l zUsQZwf>j;Fg3v{`9qN0ytprIKk|d%q;K`BtkeU-}DLukgD}9c9wXx{XeXMYV#DCTn zbSrBcEVIfuws|q3aU%0uV&VITS-vQ z@Sg=|78A^S1!Km4`+Q#6EVqw-qDrjgQ<*lLqL${WJbu9Ue18UIbyyB#(|i_IwX7X0 zLY6~jPg2)`CRwhNFObW=d_8EpxWsTUBW9~~&H%pCx=b%plqh!jxN2)E3k`%{&thM8zn3TBcdyVf`b78L72{`AtPH#3c1{oR_b?sIyVKSkAOup{o z>VE-AWuk7X`9Y~BsOef4Jm=FC>9F19y6y+(aBNMePQ4I4Lu+U1?J;xN1#U5}qfR&D zKJbNHw{$rvNd_W?mR7bh&UcwmJ+7$zS~HhD4{q>kL&3VXulC>I2?j`-1%aSVcs$)Z zv{lv&G!>@(rhtjul!B3$ZfVY@Ey_;2?tRoHu3OF5qqMQrz_==bB<8D>SLrZ7S^R+O z!07!HRC7rGopy6;>}Wlh>+BOFAW2Z3QR+YyhrD$`Ha5Rz?N=GlhbXwGozxnoT3@b( zcTpnIQWBP~AF(&|U}B{_{d zU!u5rIb^9>Cs&g2E$wP?z9OOQ$XwsG=-j}y$kNDlM}g4w!B`Z>W$ZyMy(4t)Nq^(O z8?vMVEeGjtNXPxBIl|Pg@@U1Pt0YeT%Tblm+kRRff_IBpQFY_{>}!uKtZS<+7)#lX3Y=kPqI5T70!neNLaF6xFpxaKXUd$Q2BX%8qj zu_4CW?=xW;Bv{6P(#^=moKt?UT+?S_kMJ12^1Wh--ql&=hMGQ4ZAPHB4zs5aP8GlEDgmjwVK zl;+X9AV?)pELJwsb{q<8Dp>f~#U+<&D4caH0w!Tth=~Mo*C*P*4shtYe4*=TOK+S+ zEGv-LYIpNZB}W4S?OL_Gk0XFm1;|;`c0zCL)6fa=A*;_VUD70d8jRI0oAxXnx`fbO zu`v7}oZ*_8k9g6eRiw$`G)vmzqjREaK@4CVDwN6pEmULvb53;`WWMhaobz7yX`^a4 zz5u_UuNB#R_YkOrN?#XTf?|EMn#CmR#!uWF*s#8CLT6JGKnmKw#UH5098+BD=L`_v zm57F@rj%o)Toj$9h>scjE5$QS_Wa9-%g;y6K;jo;f-k^yt``QY*^bVYQo~W{-(q#@gXJ(`TI$br+|u-y8=8p-=mM00I;nbO>lT?B{Uz z^rmJXDh@V6*D2Y9db@Z!Fhhj150U8}kLAgAW8B6xvLYdvX}2_X3YdiGFI(q|&yJX$ zAhr+o-}32oXPptldUk!NjiwcO&rlh>4B7Vp|fsZg&ZkY1AT>1HOkInHtzL7AIMg*2F! zhh+s%R5s1*gUz^c!*b|K4k%?VjgnWA%b#?_RTkh7t`PzI7Yew8H^{49d~z zi2awcAdd?y!d=J6F_oroyIx;8Ycp)?pJJ0yGf$JKddh%5PW~?i(P$q1u~CUSQM@oo zUY?H0^rMI}L-?Koe;kvYlPS)ya$|}L{Z~I zW(Bl@*a0ajoqg|kmQv{`dJaZ9Gql+~E5iD%Zfbw@Uk~IU*8&r{L+3h0p+$KP^}rINcU`sOdS+dgd6B~2)G9vD&0qW2gk1iT zAhg`I}CtwhE0WQ$ypsna}M;y1ZNZIxkJU zUKxZJCoC=1``~ma;Q7pk=1G}cp*@uMx+SEDLVZ*f>@F@yRGjn}C^~F_H zA>u>j*q&T}NN90UeG+5m{Isl?>!`9ZYGaEl(PlJI%K>ypGPlK^h z5Vz38EDpiFp%*6=(q(TX8*}p;mfQxfoDJMJFfIzj;fE@rDy$^T2X^Nn5#t)2kysjw zdYQgmk)!ED+Z$_~5+{LfN*o$6?aFhBgR2<{PNl`&a0qn$%)rn*2LfSAZm1K`ov|3K z();O3vIpq;d!>%|(x8)|nyw)=Te=|ghO43OzjA<2PC5n_cjZ+zVOIk>taLA%?-}Ff zTeg(e<~uZnoX7-J3YG|(J$u?t`Xmf}kbPG{$1;~O5o}@=3|i(Vd@9H5Q|)Y~!z{vZ zbMhoSxl&f$7s5(1G&rawlcnAN_};7;{`xU0ZvMzsD4!dOp}T~IJqI}c#fr}a9gP%P4h zY(Ee&uUa1As%dpbaQHr|oLQI<-Pcn|GJ0dnAs-qE<}-a-wXy?G_`!+SK?&qDtVX}Nt#Qe#bkCv7Nws@Qq-r6FS1yjyux( zZcR9JnT!axYW#vfzasd-ebS$VN0Nh3bvv8Dv0ql}{NBPSt%Lt8Qk0nz0w0}O-9VII zO7Y{%@0>&a1GR2zN0>!C7hz?5T^Rc#umWC_7g4E0p)P%v@QfG*$tKdcEXbg7f7lzn z4N>lg6te{bYYXdHK>Q$km(VoBwi?C_yxUt-{ehfG(|sU0ufQ04OLKpfkz+#o|X5rAZM(jnF?B9}OH-QbVC2A%BXbl?b zj+EIM>J^r|Q&!R?6`Uhztf^QC>;#mmx$lwdzM0c7H5|?B&&XV-+#`34?f!6U$M1Y|PeP6wUfJ7@^;6M7}53fhb5XVf!IT+f0>X zTbpjDG|!Z z_jx8}I9sqztw~=2?}c(9@dSKw1{sot{BtpFxg~^LPK&h;y1?(XE9Gq=E&N$d{zg3) zOzh&h3-RK@q1(DWBw-jVFY?OP;9H1s_t3DADDAi2zEC-9xc-6C>k(&#VYKsyFVCEg zTE-7hn^K&C-b&ifVD&WNX)3%C!D!kiq#BLA_RssrHV`XjmkZp;Gu8Lki4ou0x9Ykk zb~L()lFs*`6`_UeiFa{20gGcrqzrgeWQ}_G^ffcxe%PltJ^qWQ5s&AMCsV{kZ_b6J z^hY*t)kmT^bV!2uUi|``Bg!<6u*+1qBEjH#I8)_0oZJGU1eQ8E+u|z_S2>F&Oea}{ zDa_4*pr~GNN0GaR+@>?>j+n-C+itAwL&fwS^~)taaxTk5UaXgo!FC_S#slK@f|WW)*}$%XG*{dw;S3xhNSkJD#Yt!g zw;PS1DsdFZ?svOhL`@ciB&`;Vs?L!a3D(POnGmvs=%*gNx8CV6A&l|EN89I7HdK8` z_1X}I{?uk`X1K!HO#0m53V&QzB%gmnq7sYyzCzt#NovCLzk@3zx2OuPNhGL04#j%y zS~0x~zl1lj5;(d7qER;Oh=}5^G*r^RH@9g@N!Q&6j{BE{_s75_6>GUN`+XEy8)|gK z-8?wgMuWidO`L|2fn0ss+g351NY#Z{_)QVR*K}#~KAiE^Q35BQ%(&}!sZU1j(l6#W zZRq8o129aV-TMM)na;qIw0KGMs5-27bKn+>ac^phx7Oq7rbK4518oFlrz$*mkK=rY zMHN|?ozL#6E4lxk!!3vxZ@r;$9~ep#cLx8M1Y6#S!G4i5z7#GE(aqzbSoC}8OU#sc zr3(BOB6PK-5A94IRUk&pqaETcgb(IoEK_V1x;nKaOml6{_d$N>%DqpOX*ZSSyjCJ+ z?aaDIsbvat-L5HCG33l5`oK<}Y+z97oxq5YUk!V}X0tvd1wzrlCBB zF*}-Rc^8z)X$P&wDxDvf?P_R8WHkpfcopf|h(m|7e?eXWrswL1RnKLKEsypR%>Jt` zr_8Nev#bQ8%wEHRmv4sV)pMWY<$=+!m%%u&p#*1MtUhyVrUBYYUC#5z&qU@1>4ow- zH(F(5on+G~Un%DIiItUI#A$Fk#A&d4#JM{y1$iFUja-O>#duGaL2Kd5;#@sx*mVMk zl%dLxm~2|2O6ZW?I#vz+lfKoR4mXpcJjse45FXM|{AgUr;N%K&kRaD)&05=CC_&ty zMgkLg@;qiW%IRhwBsyjdw5)wpOrug0rfpl2NY}W{)8U9j*yW_P60O1>cfgz!wBviq zuW|2lSr{+D){tA|5o2qN4P{vQwL8AXsto4A?D|Nj?amx%xnmBjK@sHRFW+GzfC`aK z3_Qyxahvg)M^l}m=~Cy0$pg7e<1ecr;%lwZNQk&iH5(hZO*?6-*6EzS3TF@x(79Wb z0@Bd-rdLH<2;7?WYL>0Bs){@AYLJGDilxa*3J|UoL`zT?Pd*Ag1rxA@c^fGn!+1RId zh*z}+vkBR<&#HAg+|WZTPJQ*zmFe|2;@L-%QoE>aj1&W*T`}vo6Y%Sdz3miJLuW)$x*O3HwV<;&wp$plIpvM{SJPw%ohS@(L94>_x# z>7~Pz?fOVbi<*Pr{~cVY&S{7x>oJ%{gDG6|cI3Z+ zhs}{C;ER>liNg|&w|KO;IwR`?(wTOo#*Q1Pg|*r|@!sj<`BjS+Ys=For>g(d z#4SO=xV~x?pmtxr`4pA5${;z2A|gEo_qI(m%BO@@Wfmvq)UWvfA2F&PPz@{#=`8d4 z8Alm|357V@bVUuC)G9)!#Yfla>Avn^xs0xfBipK_r z!CY7ALq@szn#N|gJlDK`A?2C@fzM}(wgy+<&SQUPax&;7+#cG@i2+=3fWiH=ShmF zv+$`E2Ub176kH3^t_1MBOdk&{>sg|y)Qp&0=~G%?{Hl^! zv&psw!T zWGj&{@KXCZmFYkE4~zLPiZ*xNkKbqATEPhO-963C5^B6%+m_dxW$$D} z?{c!@mpctDi&puik!T|-Xq*y+E*FgteAcqt=Myf={<;cx7XJv&LABX+ zv~4;7_{D5lZ7>}Kky4`ooeU}~n9At4`J!~uwQ_bzO}(4ao9Mp_m#Xb* zSIIsV(p?gMCD=C+`$tOH`ZozsFlRgvPSYbvEOJKhYXC(cIo=uw#;kyUz84~JywNKi z`32>a7ecmad%{2`aH6RmJD#{nEuC1zmv9lVT~BRy5kq^#7HLX4P6J6!1OZmd#@4M6 z?DDKd|5xTDpqgt3G9be(YF1h#%-nc(Q(A;-Om5HFsMSM|$>f+1Aw;-z9E-cOob&oq z3i5y{I__2=_`7vE{`G0~YdMFkB|U3alEKk%gr~!<)wC4pZfiaS+grZTtU-dZ070C* zWOv7YH>sWNh@Gkk%9MjMxxtWJX_NM`WxHGC?e?AfGRIdRo`CO5msQ1MS}K)LR2F7b zX#k_Q&b2=YQU_GOBqNUjud(MgSPm)#*V#|q`X|QFD-O@Oacsz zT}aV|Ko-kukBRVLEz0Q(xh<@JNlp#Wh4Jg4=*BMy7ILP-QBK{xbyx6U;p858HGx^f zv3POmE#qp+r~@89PMvxF^mR}s34zo>8qsy_ z`KjG<7Q2%7{KlP5+vxfsyeHjuAitvBG@)JHVEoJeT;X(@twni@;9l!c;lXUninO6n zu(vg@=cf45dKmkje$7-(R+zESw=YTKkL@Y!KMY+#8@xS$?mix93b`kl;#CN+_F#>@ zbm#lexAXCP@1cy+u0EjeO*7hVFb*|TkX}D)jRRNzrJ}zI6jCYwqJtWF=+x1mIFHX* zZT)>WDp4dlW%TMrHG!jJWhQ_LZ?4eT-5)|>Kv z^MdN1<1%f9D&nj|+UQBNT{gVloDs|9rdr)(Qkg>|N^7X4S=a|z;#WL48TB}1WlKY&Rg3wzzx*xdSqZKJB{ z`1OLK4x3kFT{-FVEup0vKCW$ct4*ezKUayeD=s}4ysu~qM_Ap1mba!%M&z{{DNz|m z0t$x00JlG1-=0=azuU8mqrDH3*SW69;UN@J!>xZjCxx6p{Xd-2u19nf$cImZ5mt^n z>uDUy@lylN)&4foD9TIhRw!b;K~%7wu^z8At2H7q{(8FxEhm-2KH~PK?{7{u-@gBy z@Zuya>du-32hdNvI?lr{`c)MK^QB0LRlsc1q;v3-V|E9@UD_XI*rKsPexO7ya$VzR z6M!!a*;~Utk3NYR3W{^<=7)EF*QoT*Hf~tiKzV+&6}@F}=2N+3_6EvmkTOcY=UVPR zz-MT(ZNONk_)MCW~Ob}`ApMd(RX^ui26M5oq<5eq;2fDy_BV1jZ@u)KUP;)O-=&SK_Cfe@`M6CF;%+#Bo2o z9PCOt+;{^#y``6x-P4vvJ?;Z-M>?kI_?PB%+05R3<=W&Mw9*|*H9uOotQEUDI;FYl zz`J>|Ij*-(Z?&j_0VlJWGwQSk%|o?A*L}!k8>dPpns)1^oascLRAfi9zz-B#!~R9X zf{yh*gW(`%xk|$^lOgu-8x(bPx{f%Mo~fT;IE@$?_(|%|r|6z;evF#m^2_mCK#%PT zyEAO=EtJ#r7^&jpo>y-vg8OvWCsmS1$5G-n^Zg%@dY{A!OB1JT2Vjchs}iU6jt&Qe zqxN05PD7{relWEABB*r*(+WfD{qsptwf1)q=aQp!H#T8v~4NY#4vPAc7pIsWDf#`LZ!*z;3aueYp%p{SOCI3wD(B=+GbM&+gZ2k zn!uGrHpXLscme~?*WO@GAm>{o#^9Z`ZAW$1K;Kpu##dUUyBrNa#?>q$CQRoZPU)ntjk2`@l&H zo@n^qw+N6W+@G_U@}JYxQS!;G4)CJc9xO+H=o*g2hS8{uryO|M(VxB~&SoET-(U&g zb_6AU9P7lJ9@KqjA&>3ILvMpEf6vXrqr>!{ZF4r12>l!lew}z|e?E`%k#Nj{=`?)9 z`TD3Ojl7#i*At;Tv+{*~XMU#9ih1ZEv^$<1?bbfKsj31dqpdL`Gt@`_3 zW%er~*vpZ5s&vRcv(?tb8N>33e7%Go?})zW^}G)_9UQ$o&l$Mgy?;rICj^#Nbr`EX zCRFD670ou*+Bn9w#qaRzr>^5-H5T?yW)(KVYw!szP5)FO5u02SHD_}i^!JAI)0U2c z|H@hDA3(XN{fVJr_>|a00e9-Y#mhw{HY)7L|Dx2L@!@>1CoHFnFk~;6`i@OFnBLa? z{;X`|)6)kcGcCpzT^vC(vpF(0+c{jES0pqL3Ug);Q3o}IxO;kRh7K2I0IgzsAb=UF zfwN{1vOgmlQY+Z9&6*=%qt9YQj677|209{_Z zLZRh_70ye20rj<~A}R1<`@PCt_a}wTvuhcz=myv`SjD;?atn_l_YF-=_JY3e$Cfv{ zeS-2#ANT&;#pB8vTrX0ftvcr8=}Nfj`Z-slkdkitnbO#}@Y*C%Ew29i26JoS6E3$u zFo7sHE2;H21%l5Ts>NTnq$(jGGHS$5+x1FHYba=DV~56=elaw}_ZgY7M||;~3Y-M2 z*v0Pk)NZFg9m}|r)Eeh_E-~DV2%Hj9eJ<9re0Nqzf1tn9AHu}`FYfd)9Rsi2pnpErVbw5oBa#%??Iy^Z;QqqvEVo|z%B=~3m zUYL@Pz#$_aMq|wZSwNlKD$>KMZt($9j`1tTr{0LeWm2%dxKfXU&o$#5K9xhIo=8C+-^TudXrC$sg3H+sS8FFY-$o zg>MG;^#Q#k;bjOkw4Bf@P#q*r;A~2h#Q8Ydvk0Kcr&sN|p*Qtt`@*6ECDpcN3Fkjk zG1p+PmCdIUo7M*@gwDL7x|43AZ){SUw|>PB#&rW|T?tC$@$U6Uu10SK!}6M)66ctX<6&HGXB;Hn(cF&ClCSc3u}EO z#K6)k(O@b;8b0A(w}0%fq~)SAsEv*jPwyLFLFZ#-{O7h37 z8E1*cp$Q1^UPcl^Ov|eQEGKhbgU_W0dVN>wjgEE_#OWQ-kgc=t)z|YBRW>6o0ruuh zVF`K9kI(wG5)W9yjeYA1`tq7M zTXoHKQ?As*U!8a!)}*gA^834PGdbwEtj353d-=ebpX#g8HpXiK%ld5>{PP8fax*-wSeCBuwnZEfZCHqN2NG%^eJI)a1EGqq(){ywkkjbv))AjAc{do|t z=RV^#)(sCXr(efHaNxYX0E|jvwLc`!)J%Tzh+O_VFwtZZTe}dfePuCa_3)h1^+{n7f<0z2}=jh-g&L;NQ0XFHbHtHrXgdAg+7fN#vQT}snT zMsjN8o8^o;Ecsi^atw=wz)aYIp;rB)gZhrP0zuAA!m79Yd*zNx^N{id5JOwpD@?Cf zZ|ikv@%#*3UIk~Xwc#KVW4n50-t_KcD*ltXqCG;8y3@}*peZO*J%Bh_H4Vce)kR&k zZnO`b?;a@ZC`oc5qJf`{sm`JBi(=hW8r9CO@lItsK3+{-CwG((2;ExYNo{{wC6s*& z@$azTG|!e97cENKQ|EfNuRzM=hbLb<0X%7}14rrFYK$PcWJu?-PDsaXDd^5x9Co<^ zr2*<8y7VpJeD;v#?_U5G{WJ!Z4Nc;nce%-V615pRv7(#Sf#dY} z&7rVg%^M2V33DAE@S%RmK3(qhI2`iZfK8`ct!fm59eu9c-R76cPyr>U(e3~VCSnPV zZ((r^Auv8#`q+kJMg%8y<-4#x;LD%5loufUAX^&fwkI>}Z>2_~@5@^+$6V9i;X%UvhZn1%dFsTcXUd*UYR1 z!W*(Etn6$MCrkU5@Ap;FI#4RsCk150h1vDc)LTP#Rk{NRgHd}C)U_LU@^e!+0Td$a7ycyw zp#+=momsWhMIfh!hNuYRTKLr*kW#9gT)ES+wW>{}pi_k-(!ct0%sqvyOnh=g`9j=P zbjyBqkM@a}8-5uJn~=q-xWe4zzvS+Rat(UqY~W;@OEJ%Q`aC3B0=rN3Ljr8(t&+T|?>a;>8ViGMn1~`di!A!8FPX1+@)5$r9&IIysI3u~ZFP zu$T2$`mT>%zDj!_EfI#pc33Ixeq$3Q?hM{=#)-mCs75U9LAn8WG=^>oCDz&e{Y^Z$ zy*3uxE*R&tGpFo4S`CX)1G5FsUk0cB{rMZ}_g9w-JmV7uFBBnvd-j{}|`te>IEWo0OJTu|?69@tlk<+IZeAm0FYyPDXNm0t5&AfuuDyEre@&rYIofT~(kp2|Qh2m%tlxD_0tRktVi6#d8fw1|^|cq3&W-VF%jiD$V8!=!^XkpR-(~!(wBlV~{Xg?=9G^ zx}Mq;7o97YcH@VNOt)uiSYG)L`P=>J&z zrs&9`uG_FnbFf1bDEN@!JkZpjeJ%3i^*tx1x6vh0MHh~%na|6$sR#I|DJ zv*&sFuE;W0>#hIJzqr}gPf+FiC%(MO-!#d0^u8mS7K^v8Vc?>o9J5hcK%7J6~HYa3|c6y?do5L0wo;T ziOscXuP?`m{nCB$E0~C)lbc7+5hID_v6V}&ZV8duOn*f^oGm5S4F?;f%RjmJ8Oqi+ z8x=1}o#Q``tW2b7oQ(ZBsm|CpTAI-R!(6jOnZQo!9ufM3Iqiz-K>w%h0%IUUb_c(o zUo_hvOT?}w+|StOakQzssgc1ARAdS_wOWb(%uaA4k@!d+Ckb3r-wRt4Byp>;>$Y_= z%&e%TPFY7G8;VT)x;_3}`~}GO2($8-^@<7`*W447E2QcM56dGSUMQ+G8hc5N<=Hnr z{SwvG)A;|7v@L-0O+b44tjSu;CAkO88rADKJ?%t~sdD+jr3ZG>s`ouhRGi)xElM6Qn+X#QEu#ukRYaaE6KC+0*D+4}22TLjdIZ8M>>r(@Jm)sp1`~ z0>0wCnW^9kYVk9mgHZ7q{OqgnHuA6EkN^1oHo(>J;eZYULh!RZ-iVG?#5iBW>)hyK z@a=D&e^;q%e<68jVAo)MN$j;ycU`6?T7@PyBNA5_B8&S)+EQ;u+(GAC4rEJ4P`r5W zM7ydCAATwwEk@pkEk4$MB0@Ia<Q3b&|9;iO@xMzndNO)`(`rrf zFLnhMdrZMnjc@6$<1TL2PAkV@d9X~hz(7v@hZMM0qdmiwf;~nK0iWR$MQIDQoG_uo zj+E}FteAoQrP_)xYb&RwUb8d(p9a`##-F0i#IcL~EJMDEZzb>WZIR?~b>NTOz6u;P z7Ao}nRNA-wzj^92Xo#zmgmgfJzFu+`|4`{xDm$xK=k@E+Nex|NZ9V}!%5Eo;D!;Ct zO^G(d<)(`(KH*+6U9pdMw__a3q=qWy4~Co@4~mvf#qNm*-;jD|P#L($AEzOojahKM zcsA19`hRX*w4~{txMp+fxjLkDZjsF6{`wezZ6Xs$GA1WS{%%NJNR_vxzsx&xPyG_O z3U@n~v{|7#@rSRsZ!SOpd{$1Fh*9&KP!^_^WlrO+5l8=f?7_~v=O-gfb=`U(bxeY9 ze?$J+gpT&}yST+*dzoRahVhQX7a$fO|DLy30H2*61KN)xCRh))=hMybVD!eoVKbd- zcjsY2cu9z)k)g%@U-b?P+71DYYd)>=nZI-9>!Boxs+E^(UyW(8EglhQ0t^EoVe~-4 zkGQ3#LJw$gS_h(ZnJRfb-zHIB$gH!9w8-f-wn@KQ;wU%+YVoT{E$&IQjxN4 zGRjUlA?+A+V_dX4s0N8G)p3XSI6T2yVw`X`Kd_XuId_1Cfq?c)T^vAXqYaWW#@vA{ zQf;hw@%uB4SU!PqzXf@P;P9zx*m{rTK`}_S-PmZ50ApgjR)W&`v|Ik%NnT`zPw9tO zBu7xKhbS7rSoyVYDo7|^vYGyDQLj&nopYwta_U6n!L|&Gxvga$aMa9i8|{iR;A%Zi zNPHycMe>Op+suYPxd!Zpve67Ies*dQTWwJmvM@%!ApgBkD-WU|;05yU8(G@D2`s}9 zQz>96d0JR&C%**HRyDITuStD}E!fj*=wKWshd5WW%x(qnkuHmW9M-w!9!_!ka(~LJ zU4~IvcoztO+OGKkxctoT_Vs-Hw={7|edTT%zNY5v`uoQ(pEH35`?r0W{!>^IoTH%| z_VCli*vV0n(ECpOOse+%bD2Bk3R*Lw)+xCq<};S#R5xk#AB)OvyBx+d2JiC->ttNU z*N+quqK#r>}k+z z=Cl6-wp(jsI;YI5q_GqM5$$y#jBW99$_`2NTptc{r7kwWG#7Zl&kvwKXE6pjxOEC) z2k9e*8Jq^*m9Y~UoYv6mG@nKf!sn z8d@kM(-rQ&zKvY97x2DKH9lR;MimG4B+Y64U7lch&c**ZGBUqLL)Df>HE*PcA`uFmBn8W+~+>9R2+l9vK{^k=M{RsO)7q+v>Kqj(lxCSx6v#ttymqQ&1!W(a1 zOKij6Ma31WZYWv4bx7w~;v#Ia=?57}gxHjqSqv1L?G3L_(>T`kaeXDxNyxEP>oG&H zL^Zm+FiW?o@IB?h*Sc9{2Eea2ukQHiFD?K}b6h`rAkE3D0f9DO2Z z;xMn1A)|B8sPa#=V_PoCx{G~!#|a1Wkt6%xf+y}ldKvai>^-g9w;J>qxZlMr4RCOs zZ7?@XI8XMV92S1c{pR^2UnoN%{}Sr7qPT|QV3Dt#)l56IO+Hh6s4#Usx+%mYYtM3= zOcBp4^x~IYt=E=1)TuqGPH6kZk<>8lzL;Nm3*iQK1*VN_CwmW`o@7iF#GIPPLwKY% z-VIyfjx2iBD+$Ei*J=(ixbs`qVTLwBqOmHtQfK%bxTJ1G15k@SVY?7C@|c`j59U7Q z9GT=zt^6pYdvSKDu}Fy=)H{!M;GL1vwx80%G;UjkK4DQSl$rmr#?ONyc^motHT1(P z!|Wp^m*UcHTsY24xwjbHFbNvqkX+`Y7u5Q<20F@d z=GwJqTk5S$aFeUyOyH<6kdRQ&GXe#-s7)*ibCC))bwrZ#!5y2Q;>*}5&8X42s-YOH ze+dX9iAcj-Q%lm$`@kl(Ple5!i$X@)iZ@xYmIfWTIb^7=Nd}b^IaCbn!RpMFyBQLk z9^g`GDGLdA{;7@P!yt8yxHOwk^r%Mk5;6|4>4CY8!EvSgEs*?!g5(N3;34&ok3ZY6zF9=Oicx1-R> z66Ox4RI_GP(*SURzrzaV)t;yoBJl1B(=(@`CKoRj%8&q&3(j_Wr1O!^QE&W#yeTc| z!z@GoBEX_9IC-qT7Zhs*O=(fnwYMW1xu_vK;-y#nfaEsyWxHb=CoS9HO=EMsoF zh%5MqN_LTP9qxR;ULG-v^lq-D#U?0|%3M1hSo6JtRZz+7$bNBxTIE#k(X>ii2lvN8 ze|Dc}%FbZ?Y$jFJGz7f|C@clK{T14qWN9fu(ltLt?TIa% zF8Yg3{U=gr`sO3w0@Bv@{d3$D(-iX`h`PUq{S{{6yrG-8A zjkVlR5O4ZWc{5=S=_yqRn^rVx@EB%g*CQ<6ZIZT z6}kcRy$l=Z^%jII*^B2tT;FBam_fU0@qZXan5|xSkRKzH?U?t8lR9l!+y-kmr zO5|bk8!Hd%%H|qhSfx**u;J3lrTj>gv#!-eYWwQ>5rLxPlDp;YX*DzJ!6bTjX|8W1g1A{hk5C4T&D6JnxhWt`q7Z`#A{? zho-}(Vr(FB8>VBdW>$2NlHt8wv~PO~LP7CMQbx^mug0gx&~llB^7JzTF_+A&Ik(ct zE!yXDmM!T=$>vn-_x;Zpva;viO|}PD6}#pFTofbbZzeMcZ;@b!jEU#TRPDsX6OWr$ zsTj<4G^()m(5Ph53FrC?40bS}OhAdF?rc(uTMWTH%MX=#7Xz>)qm6q}!H;ZZ+n}dGrW&+Zkmkp<`?g_nJk{ zJ6+8eW500mcjaG7SK9i={T-jiu!A>IrWYOC$1x*)XRmdqeh=Qmmpr)T`|o3;F4QMk zn~qH}Wh9;Q7F``0b`1jEL~A2iuZ_n+^H2qG#o8+VGbu?XQ19RNuFWiii>aW+xC{LwwELfy2ok=opeNGW?Ld>~q{%4JpA45=>S*7PG2!(wV>?G;1gz;ws0k+-k zN&@F0;^1T>4uXxR5UK#k_|d3RxSM^kU<*Dd)ac}`wc2oHNyPFMJmFfdv2w@V=-@H7 z@JBeT=6sQgzav&N9fEOlc{M3>d9G$nzq2PSW|sdm#w})^G`yRBOL(_*#yr_*ycRrN z6vST!lWuqwKyi=uHnbwRk`gga4IVAFSZ`uAv`#0rgOBixIAOdcDK{7%7&|%o#TjS~ zIx!EjFb^*GmAGUF`t--y2!_CVJ%!5Nv}8~7ZOwG%Qungg=uU?PYO2=G-0v=7EQFkm zV_+FDebBe1IYNRDj==vF_4vO;uozaP6g*h==&J!NrVATpA6??A)Ep=+sbAGaarTLU; z`#SEq^U~}gyq)=NFl*ujsXBd*P@Se&;7{**v4G7(xGT_KRvUiT(;0r>x?)}j)B=BT zXY9*0FW}GyjxVeDrwfZ2xAeKZOX}X3_pSQzF!)W=cN_>`_lTaC(h z+gH(vUyUwXLm(78P8v6wpZ=vskviH8oY&ZhM!)pJ<%-Cw;wRj{R-x=Z->dw3o}@cvLg#_)dQOzhD3sErs!4H*|a2PNT#kW$4| z%E`)Xsm!;QJ&227GK6g&EEi%>&$AO!I^iv1X-Lc6Y5@FH-X_tR<13cm>Vw~aE)@X~ z5d`Coj>H$rE`QtoQacv-v2q~DZ_|h=z`iz@E*JI=kb?R|i8&X{ECDi*JJ}ch_+jbY`AvL^S1kwtPx-6>K+XHH{@S@m)nO>1Xf4na6UIXx%ML|2)FJ8dF<~H zqkZl5fk|76tP7K=%YTXFJRYTEf-|gZLp*YBw~EQRZ?Kc=3`FW2UDXzN&N6>o0LiJ1 z3pQ&l^R~`^y4#A*Z&*^PzS+fzXurQf>i#hQ*7WXF``Sp5AyDGP(p8hAYbQ3J=ASjq z2($sv^Tuc9*yn17X^!;$h9l2@lmgaLuGWrDTr_HIA@rh)gEH!hEW7mt4lKx$5V*iB zB@j*_24zzMp(^q1bANQT#p{qNE5RAmPth}J)lmn1VA}=co6zkOmx*f;D?7UZ%XH^! z@MHi8ZW+1j%zB&AMD(bU$vOJI3nl}&6wA2nJUX_-JAR$xn7m5eew$;+?@UhM2;{1e1!zvFFl2=1ct&W)|2?5T3yT zM8!vxYn(yBTY|P#B%}cGjq`RBYF2?UzKp_g5c6J=Mr4I1+uj{mw>$)~`jGBefC@*< z0k9C7J!xl3_rT*%b;=9koH^}*2bk?yYP4WwJXux+|0|mM+rR?TfJ{1Xxl~;B#Z=bZ zMa-d@MvYiEvtLEFQxMfXL1tM7hkNOcCoktK9fmu2qS6YtR%{Fg_YFhbHI2Ek04EmN zdZGZl&rrm!0#s-18nyOe7a_j-^U~8*>$L@QHPGQNml(fFEq~UHLApGdhF2uDWf(LitkRpxCQA&lQiSa?SEbIhwV`?YU=G7@HPcJ*) zT$RXF=&AUF$is{wOz@z3!;BEB*n`L|6Ifv&X7D1=v?f@>`oJ}#|2T9eSOZvLjA2AE zM$nzzZFP(x|Jr(jgDWqr9l3lQLKak^)WSUS#n$Fb{j0pPg}d8B?W+bi&?%cPvZ@rhMhhu9wm@91^O59i^t7Tb+4f9qUdMZsjwlzmK1m5WgRyXVE<9l%`9m zs!J!6R#)>q5uGcF?^X>Eb2IvXDyNICy%*;o4;`By zQ}qpP@{+|1q6@Tfv=K99JNFw4V@Rt8Go?s)sO9KyX_(@J1Cul>@OtuM2n?m8MH_m9hseSo|Q)6c%=v) zHtjp=Li_sO2fh8aUMuVMc=-lxA0~n78wI^dbOcEWO79p0QB=k^>hl`|fqpd~6I>~o z6o)j6JUTA{v8z{;|D!NNEc0*js49%5xs2VdJW0W}2L@UL_DNuK4-1*YB8d|WaC10*0Yaoob-%GS1fqzR1+17?6(W31P>FHwy4E)J|%0GeTD_HmX+29h13j$tSL;z?0VOCd) zls$k89O{AK2d1H9tu7|Hph$;FzyUjNz@_R4NTHl2h@NE}Xb~J<0N)YEKPOxxbg&ZR zI~oJuc-ga^(FxU;s)6Vukoda}7-M3|aINx}|%BdhsY4d9?TOz-9 z&iW8S+#D{o4}tA$a7&hvJ_y}q{9(DYDDKSM^$tzT{3k*F;z#~6jvVK5(`&)~a;Gae zMteWJ&$XABTp%eR?l@3fs=fV^h}NSoF7L63OG4qJg3YxjA^(CB(_Ir|cyY)a)X=JC z0b#vGsz6gyLfqM!;#Hc>KSZSO9#PRsO&D2}H~|<}jiIAZq>sB4|bg5L>_R z{ueueFggko58R-OfrNth-w^Nyieqwa6vgHLb1#KJbBWn$;Mn}Ht6iqm;pZ{F<7Crwfgz zagZZ55g+IiRzh)CvnV6|8kgjoRTn=CO!P7=A;7AH0-EdRB#(mk(Ik(3l6;KHNFOB? zP~vVc2INZDqlf~HgYg$PsmzUo?rFe{HeG-#|FhxR-u>Oey6^w`JJkCawhGvF79%w4 zUBCd`0tO&{orTWCe}nHS6&Rbf%&m0*bc)=wq_@=r&^fM$DTR1-q4N*Ieefp3ZrWS zpyVW6qXn0LyK39H|BYYwkxoD{Z&qvI&)&rG0bEDX_bwTRD08S1xPe3eBz*SV$#z#M zuqIISOnozQUhRY9|7S2#ncMujUza{CKQ8gIQns9;PG+fci;WY<^EhnYQh_rIDVT8? z)gk}f*gZdK<40vZn>!7z$NL!Cp$MiGVWrvjh8zL^D%DeJ2u(a5$FBfChcZ4NB_Cwdc*N_3vj`Ukm(JI({7gaLyg*j9cqz2|7GOvv( zL}3m&1q@0fC1&>cpt6!XEuel`cxa$u?v7=>tz1IM*Sw~W$dQ0A)8d3{AgbKSU(i|q zn!#j@^=m+J86pwb)o>dY0daI7Evqx};~Lbcmd!RPWaF!-9}&SU<(AN2I_NGalZe0! z`v==ihlDGIoxvlXEZGl@#y#}r-u{b&xra@qkQfb{7nQ)ll>ACi;m*3lxYR_U2XT@) zA>y){a#p155|}*0T@GBy;1J?MTyCzW0gTgjUF%hR>3|klUIBKIITS1`yM1~2 z5#&TXF>_6=!d-K2UyZ7?>afA~3Ip4J=6MpyuiDC|3UN#u?KR>UI4&6Tv z!tKRcI$D8BxVNnrhwhR@6cqmN462XR;Nzirqb|le?rYbb4W(z;Z>Zw!=FxvnynDvg zr>8~KWT(3!RcxML5k~B4v8<=$oEnmi!OvYLUQnA7V!4g1a-IdAJ-?S@oqdm-8`3kc z-N~SZCwqr55@~81ZXumB(>Uf-2AT!fg5oD?^!Qu7*_q)3x;cKU)F#V0D)~s4=r=wj z>cA^eLmSlC=AiuPj|7Y<5dstWmUC9=GDF)EF+;WUW~l+FZ%Wk&55@iN>ibkqykc?X zqqpc>dBh_s2X5F3iBD5=Sp*7+go#|7dBpxy_kRDq;>syP#ngebu+*b|Yy(eNF**Tl zrPdO~d3B>IFXL|^Q~3U^6R-Y}8L$3R%B=?%0mI1tp-0yTS;pG_ZKL+^{vm_OcKpc1 zt;d=kqGOlnZ^PL1vtCj(Lo@rzc|yuN&uESIW0op&!H8$UNF zUG;Ay*FO722VCuzLmpE@3320BFu=P-{dW`tZQjWB*G*^S`#eO|8q&=iV2LwhOP&`5 zy7d}v)03PL(H?9^XU0y zKuUal2raK;YGXM7C+%MzpLPI{gC&m2Gce$N)Y5j6d2XH~dDShiLrTV6YIyo5l?gH7 zj<0DV6oR81WJi?w4SfSHnASo{?PAKN=A@fL)`K00kGy`pD=~+8;0sab#vklg8Q0Zv zQ|8QsP7a3chilU(1n;lqq{&jIgvd!{l_e;0CuTCL)$Dd9YE^*WEV3{`Y*fT#Wwv!R zEbHaQzVHX}tMGv4kmd&aW+Ot2bv0nW)};w$&1zVAB={(Y0A*;-Q0-Uxi7dazFMKoE zo~#q9R~$JLEG4556`>Q^vA-E9@~ceV{!)JK!hOWL09NKSY}8ua>H8`n9iio+*E$8f zqK?<9jbAe`BcOY|Rg^Nt)YIh$RqB=rxuROab3g5=HA;^X*TPDe(His?+V6sf?jPKH zhuc&2d&-A1x|?Lx);)c5t-Rg7tgUIV$ljKTlQ)@j4zI&x#1>^kY~)_7hK%LeWZ1t< zCaYP>lNEzf%PivpG(n(b02R;N|&t_4Sh-!$n~t!Dn!l zBE-tfjNQ$nh-3<{+S0nDPT91PJJPa}Co2zuF}r=UHCTKDwb~83a45G&U@RN%x)lWh zDYQuiFzvBwNtOCO8~W~uVH!_k@(@~D|Cp%A!q3x`Vz7;^T^J568X>%kU#y?>Sd%#xd`WbI9pV>C|ttOcohpS7pEyB~3d#nYs zqko)5uWjItMT^x-2H)uVS|~sDZza|1@CD9L$xw!#x+|tGLrhm%>lK8jv|XQq&c`s; zBXnim;lwlTIAcF4Xc=~tSUod@0eVhgOL>4_0cX=oWbA1LYO(c-<|aUHx+M(xToa)N z(3&wou)L<6@i`U_U1P3mNMlodT#mIki_{pgCs0`Rj`xc<)5t7kn^g&ueHPi6Ufi@_ zm({ie*QLav3`zfsz|DGfe)-CF~$ zXdvYhf9^6TQus1N3fxPvqW4UtzrsuBUrm0h-iL#H4dz4=%JyX_icOC(LDLgz%EuTX zP14|&u2uDtNQ1QJ`vv9XwUG$0(mBZcUD{(r)ePvfLR_P@JCbC3(B^JaIx2Q-NQamz zuxs@oe}`x8r{ zw^&@I=)$2YK~~A#gqRYWTQ)L@-=v%AS1#yR(xYj@hJns9>`=Qu_ouEkYlp)PyGSBFlt@mGcJGqX)o=a*<9mCge?QgWyfs2PC(ki<9YL%j@crFg+M046h3HNIv zy~|y#J{S$?E@3ZF&BmC4xw{vUMP{0xjvqI!bg{DM1(%a1S&lDi2dN;FwKdYeKk93C zJu)i$kz)JH*Tths*OPt}#$*X?23X+uT97MKo)*s3&F>Y5vdeDNnd^`u|% z3v~Q|ChMHvL?RBx6Sm$__$_cDt7$dP9_zb+%_MpB)Av(e^&yy>C&#NN-^mZ!(wS$; zCzPGvW;BcP2>0|~@L#*^gILyE@T?sPBtmKP9T_-6`CI;gb>Cl!?wk}hl%d|xuHKAh z-i#(Ln%=>cYwm@nNCf@hO7(;xUY`Le=bTlKIlTB(&B?~T*{pmvxA4pm!AD-RgPn>M zm@0d4s$W`cm(Oa4wlnz^Tm8lL)rvQO>C;3SzWyaX7sY_ zASMB`5p*%WDTT5O^^{R^66Fc-qF=y{H{l%H7{@teN%oSeO8&9$i0SwU&tEfkqeV`S z`Q|vrIFj+!pwA1+aGMe!$qDm!{$pN)kR?(^Pa_M@Q-NovMQJ7uijZir45}}4xuaId zw_T?^RLP=)+maEkCV1OdpF*rKA{u6Mr<})SKpTyN7-0}i_1Jhkddj# z#L>+<5hLD=xwVs>`jD!q>dba*p7C`j+>^G>W7s=#G5iEumZQ~SUMUwc(auj|Ubagj z5^jotSX+fVhs~K)1_w>+d_}Wa%1yZ{I&JY!1++%L`itH^_H$;78jc*@z#&2df-swl z{4=`Lmo($AIhAUzFPl<*8(LY)p{VcB5L}G+R@#i2bOypXPqX~v?___ee#sP5X~09u z%UFiQEm4WSCI=cTA*xi<4o6jIUN1qP4U)o4UY?$A7FvDx-}0zj_L$Pjn&8tz{I(2tyB`jGP-5q++1$w3<6Y1SCc8e{c9CLeUya9<8|AhB8Y`M1 zw?Srw7uyB&FVMOo$aLpm zp1$6RVC%H$3n0FZtMaw`WYT?lvq^4Remr|FABLwI+`ptT8qbyr0V#H zAd&oWV3uiO#h&lEkBAxM6r_dNCI5Ut6rQ?1(uBxc4t2dfkgngt;9%~m>aW=o7_=uLs{7&()m5rqEGChXo$ zQfv%NyG!IIt)!?@ZeY15eC-PJ<>i2#-JbQSc9WLqZ}J460wMF4B0uOY zO*kc^$J}wtqmHS1qTZk*m2SjhlX*$oD=sq?uI-m_U;DzJoK8>k^#u_|J@(G2G2B0P zjN@sGKdds!4(ra`I8XZ5_`}_c^?I-`fo-zR(za9q^{EfFml1`T52zZ$lx3fh>0`?+ z@-!@3+x6ZAZ;c?IhQ-u^4hyQ5{b5;qk;LXZ5EPpWscPF(0Z0TR<1CEXrK^CbWDF~~h-CaOXnI=_)3x;h-D zA6AZi_rJkkBVUZ7tTL$8jBx2m36e5Q&)kl-PdinF-BKd_|K(_C#3L^5fAq{jcz4wMCJy`NTHU;?o2^(P3`$VX663v#2*4x#dc z-)_2`E&@w&8`Go%i&(TF55rV^h zSkqPUF+!k0@To1kYv+&YxSvYWs@MIpzh2n3m&0u<+V$|Yr!-0H&Dc}e%InAWJgPUO zV}oR-RX6OW`T0Wu(|oQTD5X|gF|FKaGsY?!9Qc>QlOG)hi3Z2YL0T!&^0w_DktIr~ zln&KElmU~RNfi}0*}c`d+V5NH{M`%zLG`OhyCJYPC)LBf$b?6dk|8hk^4CiV$nX*d z_xbj9KC5f~1VNe9Gr&|>sBL(TV#8h=4E5@VNhQM>lRt!z!rHeRLt6;uDP~zWWj&xJ z=VYA^F2!J00bMdoL?v#9KuB0hDHsvAjsLK zZCkWYQZ$Nhoqo22Pexb}H9K#XCHgT`T3kw-MEnoNUZV4Md5ku3&ez#V<+zDn7tqa8 z%<3`ibL$dnj()i+W_Phn*Xg#?BD{|g9wNvAgPP`s_rxvri~OMd6?HL5uV$sv$HKK< zJ+J#P8qw$EtQecNwRQ5rZV^<9^>(gpg$(fLT8qW#B&aZNOZe8x7gW=ATX~KkjG3s8 z8DV8e!;iDa2vC~xT*J`y^z$~|XSzsk@r*Ge0XGfU*oXFJooPxlq4bhQ^;H+=u1v2| zyRrErIY;R3d!ocnq$5L>Q%jrBsq>#2y6X+MTm)_o2P0_hkVe#2i8A0y3M8G|!TV+H zs2zQ|$HEr}j6h_#aC*huNbUo}o<1byr^eKU-4=fCx2-h)Oj1d~39Zmu)`9{>nAO)j zb}Vt(Vu-mH)$aGVYZ}9cl&Wg&RN`_nP{l__c2w<7l4IOO!rS{(g(1V@IrTN%u937| ze@;vy!#aW;c3wh+O*umzc0n5aA<0+FM!zazT`@KNng_A}YVVoWi^NX(s}HT^7CGUck^v;8T|wp>?4)t0%y_71C$Zklwi^!@aV~!Te>P zHLM}*>|cIiZ~Cr(srm%I=qt8oV5YrYau-;A_4AlP(+6oX+1ER=_1iJ|bE??zbR$RS zC9Jfzfni9uEN!c5|MAAQ`m_f4L|;aJAU<5j)DV1gKo{K@r`PbLssI7Tt23#moBwn% zv6_qB&attz)-r5kbkTjKG*i*-vuj7tk&m=K2kzs1`AlujAg@_n7~}XT3PQ#>5-h_1 z-RZe^zp;sAZUYabDW&2lXEO2fF*;v9)j6rBVpV&Fje#;s)8ck?gXNXkSCfAjC4bsL zd%pza>Z1KrZJxm38}qi&5V*pbEK3>EaI|qd?VRe^KnUF(&OXq8o(``K-J#?mqS?JvlprmM z2cHAq;_rD^&*i+8gL(Xp9RF0Vt1kD#R|~g+Ov3Ugc+INb8AB^(xXmSYNVf*U<1T2k z`}Ov-nckvf+~5Xx=0Vp#*r%iZ%5X4bE>S#Ci_nZx{eG9%-mT}c$5_iZ@OZdhqm)rv z@}a~u&8j{1$<*ysaCxm2Dvc`5{kCZv&$XwLXcPB^%~$9@XisiaMV7A0vbj0S`nNKNHQ4ESAL%M3N_{;BSpna9aHu$mwu=O6ZPY>nMq$;?J{ilrzrkC#i_f zxTS}IAg}CoM(8kkRJyd34RHBG^H}klVKbNs7w*t}{Bg=*Fa}###EZeZ^?IBsA?0DfG5UrrJ@bEUYvDxAleO`wDT-{1#o!Rnasz0G1@LGc4 zR-()W&}AC$68lMh+$gXxuUBN$NoWq+^4!X{Uhj9kI=%5HJaWe(Yx%y!W$E5OAzwM` z%*Gl+)!C|rJzB@3(&;Lh1?w0KLila?$=Wq`-b{3s(=L*uVgpgR0&E1Og+zy^_46Rz z?P?8lSe8`f2^a&*8Hr#^0;;Rw?vcM8{l35Y@@o;21lvO9KhZb*EVGWu`6lnZ+byr< zZ?5>zH#<%Kfv?m=nl7d4c@-KVM`x<})%%vKcg8d7G0u6;j)>pxif7oU;8WUC`S<;8 z`wn)(mnW!n;*Ir{$|hO}3;Db9AV%~94m|%MkF?0xOWN(%_O*JKbMhTj)f%Ravxw(9 zx5+aKeGCP+~_DyBUs3+0_{E+u^pJ?1>pe-(dSU z483cUi02-N=hfbdZD4BG_(FH1*`nrE>?=woxqWIhG`CL|R`_>-!z>z1yCGP{zkkYN z;`kf7et7uR+~A!Oxg8Qlgu3NVB}55N`yD(rtvXM>TU8T98|>G|`gqI}-BqAcGWm@bh( zsK%ea6_s^+c&OiQRcj|Zw9ltHNt7#J4?9UJc&d1)^&DTXMi-Z%WlPflHh!;H7A1JA2ZJc?E}l1n+er5Tmq-Mo@Ufav|F`O&;;ZKDE1fB@kQkl&pBqVZ7`Xtt zk^%?kY({Cy+l(^#z*F5aC6r3tz$d3p2-wJE!6S5+!a=zS7AjcLP1INmAnyY7YLqIi zCNJ5~_^2b8glBV%d~K|qNdqV&AfKW3M|Y~4?UhMFAGVlH&D7m+!)6E$b1kvarW8#X zx*mL{;FTPlB4AQoH6djVYan-PC&Bl4R$n&!U5`OPF6C$ey;DP|la>S=<7ymdg574v z_nQn2uDgqLChzNOK>)94r(5Iw`blsRB|wQz?O#6~k*n8Tr9wpx{oU``iS?_0rOmc6 z4nwS&N<+p;HB%WG`0FMLM%bkG3QLvXq)HN=VS$3}0q#>)SgSDcn zB4mv`4Glb%nv3X`xHK1KNgz_#O)I7TQVTU^84~P5q8^pFj|}QY?FU?X4F{eYf0UXzw``uhI&HJ$9TjKOQkhj94RQp;>LNez z7vZd{*kp#tUU%&4$iGD>zTd7^KOKOj%5Q(K*DZVL@7Jxdov(A`4T<|hXXi@V<}(a? zeiMa$>11c8baM-~FD^NB9x?+M#vBKcMZ$~Ii4eTZal;EQ4=k%--}R+eWRYU;#>r@9 zY%ET$F;CArlp$&2`U&Ioo)i^#i#%~B*EE?1iZ2aS8_5PK@g(3>ZvKaH`1Z}0`>}(90%D-Y`oAUdiHN%7o^D$RwgVq!1jFiZ_)2LY=yS% zT_g%7&RVpq52EU3SvHJyv>b+2?*V)gJ}=DOD7+D2JzZX3x9lle`SD{KU$?u~eSdRS zP|lPUmmz+G<{uAgGHVgG2-B5m!T@}K>&F%MksbL>h2Gm5G;t523&G{%IGJ)Z@b-X5%cxI;_M7X#m zSzZkPCrb>p^Nk3&1eI<`T<*1;B@9DOT`dL3x|{wmD0fTd9QU}GgK9D2pru4DX_5fr zU9u@YHJ3>uAMq2pC~1~3bx9^qrf3E8FRSE+_+(N6sWPNO4s3keoX#M|Um_GI4CNI+Dcz zZWj1<7(HaQgkDP)1p<8{nS_su%Xhqcj^VPXzFOX5Zd?WOQFZ?v-1pAm)HS5RGP$Y_ zDX5bIchjoFV5tz=c69gr=IE3hef0wVxqW_ja}=s;2ChTAE4U~V=+Lki!bdW|MO%Lf z)S!)@ElZj6FMq5I53+(QI(F+sO3j>vpTIW+e z>IAU}4xjOx%^0{X#$@fER6uO3A2@@ETAuwW5Wil!SlVP}HS z670h6=-6v+p<>W*HTy{gMj-?u($i2X_(z$**i^KAFs0<9=&%o;C%hw#e;m@mpZ#z{ z8ntE=j>9+jvmb8wn2uVvuF3$uynFtlyoL0d2dx#Ca}ZXZ5?}%sph!CbgY<0_TP?e~ zxwda0o7ZWg=9baGCSsdO#u5SQ^ODLbW~e(;duq%!}%MOg2k+WQJ@UypLt@y1gGI2*sBowgHyCUXX^Dx?mDp zks~X0XmxA!5|Gh&b+e?ZAD8-z(!+ffrtylb&4bOArfu8~eN%TPrB*tn>pOYR@R;Jh z+I4`TYUQb~dh3jWCb`=Ga#!C@9E#Nu3|(<AJyAt_{&LPTKihQ7 zl3u*ho^h`#3ioh*T~#Vev?MXpEYc1NU@+3K6}zJAE~VNlrGG+VC*yF4-aZtvtvOPk zAk8jmBUD(a&7JHbaZ37_tT~IAB7!v@+A)NTcqJErp;q9ewQ7QX{Is9HqWhp;%$%m+ zm1QXy$DRBV#$82A7H7#g-nRVA$GdmevX;JwPz&M(?wJY*K4WKS_>glU!t zVAnEM_K@&1sx(<~@z%WI*g;Q-rs;xd&!CgX_pEwyOR@1YxY(IUCJDDR z)LA#edhJ}D2?$bLQnf6E6d9y1P;DU)QB;}&CH|mH!R*RWM5rRP_)@1(`XG5sMa0O8 z8AF|`m4)--8mvRe3W!ohwT)qd$TAG*rC^UtY2v2RE&HGYg+aZn3{njvF`?R2zL>^k z(8SKB!*RWsom;4h9WNttMyjOz`Bw@UP5Z#Cq-BiLlORw+la>9t6oI6 z0PQtE=pn|w5oB+ljl=?iZ4F=#V%MSSi$ztc)b|#HsN}Gc5QBn7QwnGo4w9%k3J#7a zu57gNzWW>(osR-XK|qWkgUvC~>$r1J7r1$;XK~=>dp}h5h17S3)0Zr;;D~y3?Rq2W zQBm}5RqdQBfkE`BCWV21Zndq1l$l46I4aG!$sR^pnw{X0I7<`GHNmH)%3D4qsyIBs zk;$KUI>*YNhDrksnU<8m@u>i${&2Q;y6e$VNHNhYU2y?)8R4B#ni9u)$#_ZkL!!qfge7Jt`pG5bIXZtVEsb?(7#X#1(v0Q;ry!SBH=uWsXT?=yDVp0)J7*W~G zJ5_dG_?g(BPoX5MIxEPmJK3u4FtB)=u3L5OD^{|L-0u{tG*6PkC*?J4Y5Hkt^QSM) z&wpKEX9Vm#NA{^apm(5O9MA|1vu3MxVoud+&7u$0LH(ID9r;@QxmuH4tqi>^ z=mBMGag;h-u}&{(C$LSUTFZgn4&frjLhe;52as@k&cy6?kXGR4Iv&OPWsrD!l?HJH zmY&1I!gw1RaP)d!8$veY=EYus?U0~${RhS{*q1QqxJv7neXwzXh-a;kaX18zz@&C8 z#9MWit`F5%5AAl4wg!MKRhnx7ksJuj5RST96+G#7zBiUv4zA@vC`e6<^+u-t5^WIp zq{Bxlc|u{ymf<6?T`~ZlDHxln3Yx+8hs%V(WC}!(BRD)Jhp!YQxD$)1f~^!Jwi$=1 z30EmdY%>N^Gp16I;2Qo?7oJj(+#Zzl97`#za}STZG#GQ~CxEv!2;(IbXK8D31OsUx{!vwpuUoK>LgB0|QBJ9=8*z#NcPL2it{6oF=58o9 zQ4lUsFeXtj9#JS3(T+Godxx|~3Eb(D#2>6a_8XGMdVb*Rkpnw-`U5??$#Hie#trw~ z3?{`z#e#;11%(pfhKBI$jR1E5`K_af?enyR5Z{()ZF|I`NpH6)ZF?m565h7Z+4hU= zB)dgX+4g*+PIMbcW82??!&2BDgueE`)V1NXwI49v4MA0lG}h5HwfIOl5=2p3A)iIa z?xm;QCZ0t|-HDp^BMgf}P|=nm@E$kVW-Vqj?iT9vem+8$cQx;*l5>8@f-T*f5gVppa97BZzIHenrUc zB8P3EeGQOWBZh6Ke8p(ICQ{gLx>tl$Bq3}l8Eg;{?EXn$4;`kAB7QwUm@o1WirG{p-9o?` zsZ@g)z4k++IwaN%L7$3eD?wAI<~@aRg&=5Cg9%YTSTtKN3F^M0*~;XdLupMvM6BEX zs7&!RrUf}EQuGJuJUn&j;b=?ol%)Z|7C5@nIteNE4!n)0vyp%lDYTiUw1s>WJw59b zrTxUC*bZ)Mb_eMwQgo^Hdn6nUAsY>0bKN7+=m&~@-6y%|frv$SBoz$`rTr0tRrg3D zItHtb!K%KD!KxpN)1xRKK3KJ#5Hwg3^pJt(OprlB1BpO?A%U-Lq@P0qUk^5H?LoBF zz}O(cV-PL&g)xZs0K}aiIEXf!tn&~UBYhjpUdcIsQpw#N%f5FKKd@AF1k1Dp2Y+qf zs`|dmr^=KqXc~9*F@z>Kgo6^?r>l>3t8lGIwuWfQJupx7-!A97;*Bw!O+C72NfTUF z%5;`?-3F9e+qs7Fo={n|Bve6ftV7MRSV(`qK1kF?=|+b`F9$*~S=&Z%M4S!~g+Z2YAwnP@ zy01T6qhqS6ne%KXHj6mr9XyV`uPdgr)?21u#3YZFY}LtZh=aFM-BAGt)v+yqYWTGc z;k_g}&7&8+danGg0RAcsJ%ECh8wo&U9-Zul>g8n~JKO*iKP>@oHJ}WsHH$pzlb5w- z(X`B9RTkml<;o)9+jSwR3T;VqHX!-;fBw&}#`5u&d%B|k;AhrbGga0TzvBBugLix>(E*Dc zVQyr3R8em|NM&qo0POwyd)v0QAb{?l^;ck&>`B~f(v}}dkM?nAT-!~3nmFE;)6Tw~ zP7INdgqi|a0JNi%=Kk&X!va8pFFkC>X}iU*Ut^KL!UC|cURYR&cyui|jwbPN>u7?7 z3TJql{Ov)X?d|RD7khi~@Amd~_1|7^xA(W+-u{c;-tO++?#sVz_jdR8dVfRP4~s_g zlSzfe-?s1FR<(0~k_R)!6;_lp+3z3}VTBVu4kN5oLPE;7A|ezWQ4;r2iiKiCG!~1g zOcOi{7@m?oI&xHX{B2|D>ugAZ8zLm-tdE|3bI=RF4z`~)mK7u+SP~1_qt^~j>5mS^ zO|OH~H2=A?8}5YLotVf-&{V-Y4=F??!bnCq!NY`XBAJOBdSm}qg0pcl3nI=Wm5MNh z2LF7GVyy5GOA>Y_Tw^j(DwX}Mt=rq%FvlvvLm5VV+M$td(v=bTHXKtm$%dIEBH~O# z)#bMQ^_Ty>HN{d9u@&=3ZcRx{aq;baJPcDd?o2Ud3R6ae>~{i0rkEyuG$F|}i1a#^ z|GSP9LX|<(Upn=Hl{^y>0l2OQ2K#oDJNaz(cEas&yYr<9d;Ki+_>*~qlZ?oR7Xb75 z|Nh=iZ@0?-U-q`w{QohYC+HPnL|{c?G@_dS9lu3qZ!giw@#$rV2EYmWXqeF?-cn?m zCRh>alS=0adV52JpfQn1O$Y+^1DpooF{Vr^c%9%ONl+K3X{g!1U_=qA8NA^?U6dv` zA~E6&ksBgrND#w^keX0wp+lq6C8;1OmsD{vEAdv3VFA8Bb3r6wN{dB7V!{-~iR`0~pE?L3^aKeqrc&t^Vjf)+5mIiy zXfb2P^;bS&?_*BvhZIYB%SGJRePLrVB^^CwRQ@h6#^w(&=;}&PILc+aW_-#6*x7B~&WJN3}K(R!Y!e z26PK`^4|yxg0L7;C9s%j)q}FJL^3529nExarZ}2VMo@%PJfsO#)IoXE@C8ljc%l$x zQIf^Pz`+UqZxW*k7V)iajtj)H>5vGGYs3YS0PZ;n$06#D)2zFRx*vKkqV9%nNFy)% z=;vQ70R>2Z%YTg1tONBgxxxvO^uGzB3=LABqTgO^ z*kMK~5fNcZgX1HVPG*uuI6+e~>y18WMF&2!qvSXtBWJhGKN3 zsVw}JQ+DN`=p}}kMmUosMpz=0EL#`&9 zXo7Ea5rt+%p`pf$GO8T)=)sM7{{5QqTMd(zprO-aizr8wDZ%3`BE?XcF{4Z~6y0k< za6AkAR&uOTOa*Wh0LN3)AF3vHP+}^zvL4t9U>gK}=lf_zBn+Eh#IR_RLy zKpfCQPRRfcC<-VkOJfidiszJr7`ZKVWV6&YOXYbFj2zM0#EN9VxW9NTB~7qIj3Y7{ zkq87x)2L7hvtBlg|o{V?m^J%#briB10h!vdFBAD&ZLXPeIH9|BFeQ z@R5s+I<)wd265CbFNu)~gYnQ;EIA}-S&}rHOiKCgH zU2(9K?I6dr;1c9R3LM9%2ObKW=xT~T1TYO6bYQ0sSe@75jxj9~tmqAKd;rk4c$HN& z1geI%qpDb0@ont75W1+_MKZ;a)?hRY&1JQ@ha#RaBO`9Hh_zxfvtXd0(NS@tCOjK! z)`McMH72c9LckC5{v(m00sHzxuY!OmLF$TTlXd zbdC6EB#F_jJiQ>)W5kD`w3SPmp63HjB}(X&s!gll>6MctC=yssG)Ye>qfH89$pF=i$jk;uf>;xikI)FyBomrP zNp!2VP;97aB*(p!vGgq8_j;sKd-)AMI~% zPi2`Xa#L+70b`{KNR%j{gekcR;EX}6=PVT@1w+(H9F1m4KmZiMZzYNikI*G&mb^%m zf%0(|f#I3iHH)=LTvYAVs%5H&PX3nIh3uKAg->ErYw1%QNZn~r!JU)hn#=-2EZWwx zg4b-97{al%oAR;1=_Kb{)*lg~%i>en=>Uve%r;>lb$5sn^IRZ-qifv=9W%4#6ry9t znlidM67Y8Fe}m+%39bH zJ;#*Uj!g(k1?9qH$qw>ND;K7-z=CzZq!xwX{V^?TmSKen^ww#<5ua*pdZa5RM9TKs z-tZI}fWaE&+;)MPUi{D!iK9858ziVyK-#1npCj36v#n<>8~;$XMqLvS|#MaCNKBw%j(&lo3K zzD{{;^$16XS|_unpJ8>+{VyXNDK5|f>RDaxMC;GFfUq{F)-f!n=UUR~@5YO+sdGrI z{~5j2^kr7sIj(Q$hho z9cP8W(=@XALK-Nn$S6w&#OiHlZ!ghzZ!g}ULv-}|-Qe=%A}oVD1_jF4rv+x3xu@V) zGIIjhO*NlK8H4qvZR98+SR}JDz>LL2z$~L%&FiesIOdd%D{a4%ndU;9rKYVu#A3rv zoC}UJtxx`%u_*UZm4RJJ+jmJ+Xvs$QQSZv=Ho5TPj09R|D0S+2&S&yRWQ^$vJJ~rw zib!n(jf&L_6sVPxgan#Nl>8B=Bg8lh$TZbF&iL;2jQ;aA!dXm}Hus#MFIE0K-mDSUbnQo$$ut|y{|aP8UmgKkdA?tMH#c?Y1o{R(z#zmi-ZmW0DZLcVrT#5 za`3;uygWysKuMz+Y1=sWK8Tg-rJQ!J&ms-4%>l7n#$UpXMK`y$5W&6glp$oR|1kq=5>MA!`#oM~*(4Hi^G zkU2KsnU1)PC+TPkyD7D5qk7&R{c!R2@aX&ZCugrt&raUIIs8BG2md-ddVl=x;_&kH z?ODgUra-dwQFmu=(k(6y90bK;tb5AtrCaa!cwdLLCRwgPFqj({{w81=^)T+9d7yd z@hJ!ot$^GO?FYlwNHP7}p&aP7j+vr2bYto6h93%pJ(|cES^aBr#00VMMgvNN{WovT0}slPQ`HsO2zVEb){ld_4Ps z%sh=Ov?Y$beNylQgZBhSf=lT|2!JKEi4On2auXRVMIxdi1I25hkIExI;ZkW9=I{ZT z)!3`P8^O+NyLvDnj+YIWtT1c0$-YCb6P&M2+?~FqBCS+3Xh2OuybSt#oOI zP`1#EP^Xx{ng9l&tx(Y7CS;060wQalIJFId?q?M$!A+RK(fK=24Xi7#0E-jY^|5}1 z1=E{X^J2ij%`N-6<`tzGEYfNI#`y>LdpmDv9yw-grRD1xGYB?0(QCbMw6&cIJ|v3> zLt%L>y-ik45V^AHZ@yZnf$_fUzd#|*(g50#TTfsTNPvs7VCdQ2bPzJTunxa-UCkRS zUHFw#>U9^5!M8ObI8l@0E!d5^aQ;ejGrc^up*gT`ZRE-^N$_j{9w=>uY`Z`^A}EjZ z_xq&*ydb87Uupo00_H(m=25 z_MOEYVGG4N#e+N^bs2!*5pWPGIM9lC%1R3cULF@^jrPLgC=X`I05Mw;TFhgmU`Jq# z4u2Y;)5AANaA#WbSZ)}jr)q;((0%Lc$=Q(BJR{6Z-#jgid@!4f#cqxMF}^rIGWFp- z#G~awQ3#Di8o6)@2f+O<`FEfbaFhLL|MAk%W5mOb6gl7_+o)?jA z`JBeisK{N*dgcNcCN}NC_qi8&s5@(`*(n{`@7#xlMr6ULE|dr#>Iq<|IypkIXc+#h_6OFKd; zkw-St@$&VcvY%np7!w-^*tz&)!s3)uW-ZRQBg<7Aj|vLH` zF^|AaZjJkthST_oN~FQYkj+sMk6D{I*vQGZCiFTpI+Am{RCg_|5aR+}Y4SVAYI5Z^ zFs#@Ha87VP$pOPwAC7|wkI)r3ZjPzA3Og>K$+-E3k|&uWurv^7K;uQIN*(X8<7;$o z&&^^|G~@7bdye2H%jKL6@nmS4_ zo#xoO<3TPsGIz$cjK-#SQl~yYAj>Q5wb%i6BTCz|uV|;xn~nLCkFT9O&;9bB{;O}U zJeAunscz71uifolZQ9L=+=Ca-7@kshUn&cv z)FaRW)TRYzx7?l5pSMUvF)tG?2}94v>5eAS!=DD5HUL7zh%*c5)ek3|pw<6R^fo1I zpm20;osT{uj#QQrzXeG&5{@hh<-+(}avNkB*fsIndEy^!`!7DU6Ih%}k>-FB_!^t` zq=4V3XTIta!=Zwvoqw~2dRJPeQ`KK~i%H`JwvX9XT4`5FH?+cbl4;FE;tvlScaN6d zmC7w-3-Jz{Q7w=@%k~rYw{2E*a(`|-7y7r`J;o1++Dgvi%LxJEgT_V1;8a3>!bdL@ zt7a5y&0k-kwkh<4$cYV}{4Jx=wGA!R#s+%^p(Bd2%z0d8HYJ{W)$T7BE8KW$T{Q6- z7gH1JGb>J)CIq`f6EdH7a1Lw!oGBw^&9PInhwL#B*FA8&T(~pH|IE0;(uTxB_yu@= z!9`+rr(l=NM)}%G&PS_dg7NYiG@XM)X)cZ?M36S$aEq6>+uNRYYi{0dZ|Cbbv^&qO zJip@7UOHb0-tYX5RJvYnrbwa`Wn&2uHO6~qz6|V#;`EFo0WQXv(f_uGx4O^1Y7~6^ z?3bdypO`JUU9Fs0_c#nE+^I-YLN8f%$OV`7CVFnz{v zVI_k$HNrH}Ius)xl;&{_=r2m0vIW+)+}eNn^?&T-^@o5>F*9H@@;;Kg{jDwU?Gtp8 z6J!8RARDmwToAL$-cP93*Jc}~S}V`98<$|jMPRTqBX0f<>@<6g6cb-XhHvnevEGE~ywAVDbN>FkK)&Ucfz0u3`c8}bhw;|t0Kz_)M`LJK^-n#?yO zBf_wt9D)adsmEYjB{BrD@1&ZzE-_I$(T z>wz-__0-vLHQ+s7c8%OI$HqjIB7SW&NFp5`{&1EN$fFR8h{Jg3Ig7P%;bzy7k1_X1 zG8)h^Bi`{-V-nj_+de#)ZMSLF4zo^>2JQurv}+H6gMtjt0jBsLzqVv{hReK=PTVOV&uZVFJ&j<=~)Fmt|f za0nDlyNT`=I>{T#;JDP0*NfQs@nDv)EwF`a`@1^|5MYR zZtmFD?4uVudy^a^_ZkwSl!h0S@`+KMO^3>0_IAJC-Yx*0d`PL7p<>Q4Z&k6!G3-O@7~zCNdSP@*zWFL&nj zFKU3fQXf44^ZJ=1R_<$CS97-6(oy}r+|93FzL+N_lL8^z*%t zooSBJpgkr5{4vFZ{mO?c$0;BrZz2o3!SjX8(TvhA8MrUB{$8dC-Q+YE?fR2BY#=J? zj*X7R44uLjn>h#SHcHJaqtu!M?9divV_V;(m-5ch__C_VIwVoVg&;EJEG~{7Kp+k@ zaY4LIg#4&)0jt&vgP9Y(W5Km5UD-UeAFnBk`?hzbc!KJFD#$T>4I~a@WIF7Uo)~#u z(n608E&eWKLJr*g#}>o#!dsGc%YPf*E&rU%yHi(5@8gwj^h@8_GyR!-({=CkgZQUE zkB7S1M|~$R^~3t98$H#a2WaybohLXVT7M@ZH$Od@k|{Wj7MjSLVmD1&Wi|yCm=mXv zMR1hxTbY9a``Vl$H5pMt&+N`+aYN2X2zc=F`ufKQNiqr~;1=W-sZA@{?S=c!K$w$Q z5~1eglE_OgIgUJj-kMtywPcrMMCsA6?bl-^AQ~bMZ$aKsG3Ug0$G!60Qa1ksjv^xK zN5vq5`i43qJdY9#(WxR+yC(n%LZmWww#{UgCy-3|7!ohMy|AGmHs6%7PaP}3E=auL zbgN11n5KyqsHJE&Z`aoz#D(o$FRTqB$|3)aUJg{c%qU(|qjOvu7jDYqe5vKH5d_Yw zX!5!g;^e$cZE09dLe3!m6|*s4SjQdoE)scujv0j0y$?5ocO7|%kt~mV9#*sR_@{#Z zN+JaVXaDYWAai1xnL`LTo>FFLYlI_$hGarnj80va$wSEIc`o>e8G3$tc)o!+L$5d= zCj=cOJc~6qQzI^>ohN>VBO4=XgTP!2*R!p!p8e9HIBkq(dV-FOi>L(u?O~=SKKC$j zeMC7mhQ{_yBu$RD4OQVi7zL$Q?Lg)Mf^UWDR{J&|Dtxy)^>Me4e(qY9 z*xf|k!eiV0rB-PUI`G}WY5M5lG~_%Xn00GqK2=*pC4}w_wzHs_E*&*@XhDY;c3I=E zt(I=dR-cF4GT3U#-i&WcKbGmqGDBVJkiRvss85akY?$oUo-N%2-_Y-(Io)tnW72oj z7D&-7R*DFXRrmk>ydC_Tmk-(K(K%bNZ7VtxP9qdcYa3?^lc zamv|CNZ{b}$B!ud(K-k0Sw=W^9gamBg{8yK=+h@;PLFnqEE>mW0~B8L16c&lYK79)1O%ztH>-m;MIICR# zV~_GlyX_#=SdhU#U!z-U_8JwBcv8e$TPGn>yyK@qw(dseCnolQ8C5IPoeSUs1g`Rd zREc!wve2hbosO51wP=>7aC?SL(kLfzYY8u9Vjj-iwtL@rU$3(viBtlyfdN%02*lJ6 zPBX5#|C_VlAOMMb&={LqDrd7fAAl&xzu3OHewEz)eh&*c=H$vjciAa7C?9C^uv==D zunJ_Cf+Yw%#6zz;^0!2Hn3V7YB5iAN?DpddwZLl~l?PKt#&itn#E z2we_=G)W>2{%2g-9QZ@KW_(hkGLP_}F76bvHq$E73dJ;4_K*fF zCBWOB(PYFN41_CVun9hE*i7$0bcFfpcA=olZr{mv$B>0vb-KXwx#YQlp6jLg+?>2? zF6tcSn&oY5Ekjt4ey7t5(f9bq z?c&1n>7zR>pH62dL~pP%p)i$PM1&glo{Igf+ca80fJq@EZWE>ERzyjNO{NZe zSkEMic_a~5{mv5c^6NdHFa0#@|L-RxNr{l5N*~}V*!lYZ&dc8ZentO(vAw^u*8d;l z`S@|`tIo-X)Fx0Wg{<4#JipqqjNP13FEd2L41=Ns96ArpRq~K!F&840EyIZkTf}Kq|AaAjqJG_Owaiijih3XBoP{!%Tt%a5vdaV%p(4In9`UlI;uwR>wijgspN@6!J zo8w;kx(MOi8t{>JFH=F88lmprW$<^|tw1)oEDhh%W82>=(y6%+&|TUX@w7O%{O2NJ zcUMLM#AfkMQ*&K{y;6&?cmcKB(YQO&S7*DePJ`C>Cs-D9Y55LaT7KcQuATd|y2^6$ z?-XY-f{S`M(}d^}&J{P0gMGA!(sapUVyh$T&!YMJN894>aO^?%v-|()qVD_d-9=ed z+_q$qoZF9bj>fQc)%dAMDs}APKYwZ*H9vQEIWGnGp z5S0mgKWUl@o(j0(3#Zggr{=*W(|wV;Qz}~kDh;|M(;Fg=_%zk5xckjPFWd{ZH_?9{ z^um|Hwx%!tHgCE&sp!v}e0Y**LuZ8lpXK zdUcAv>!5o{2jv11_sC$m0sqfl*xR{tzj2zjjc|ME6$Yl{g;w_5m>^Q)vw&%FHVUCi z(cDuiPuUxjRl0wG$Zv(Kt0*4Al`6j@#RstKw}HA-GWCEIX|>?Cbq%QG3iCk0l`p>| zaQTaww^-+05z_`IaBjM%W+b#ErI9KSd#_(fqFe#9eTkm?-7b*ny6bGZsN3C`10}_3 z(hjAIp4-{gMPz;%1V{{2WUzedM>l!f~M>7ShbeX#?mnS7@>L(HkLuC8vN8S5X%8r zgiC#rYQyM_xbfo8UC)u=%*&Sp2CcW2?Qv;1i3^8RIlIxH+1NPt;RK@AbM1Z)Km!2< z1~8V8%*$K}j-v^ha;7GbvvRkGVmyeA5NZ z@omLBSfVK5lAx4JN$rUkbLYNy+A>7n^ILL5#HKdGsq{)~&;ZtT+4U5VtwWl}N+Wy$ zv*j+w@RS2Zrs?-ERa)>YUSIfL#9R*rZD9<68%%Kj0Cm6e5C%G_zn-{0OnL10YG=>a zCCx_QZ?1SzZlgRR$F}8|-n0NS$a&2{mEB%rYfv^XRqf#c!f|Z>?v?R)lXo`9q}q-f z5DyhwtGCmLj4kh#+-Lv>DA`}Vx%zMQZ`~F_&z(Bzplmcw<3TPtzuE%9S+7=8(i!-4Qsz5dY!;_HKgyEUmVx=BO#x*T4O&fAr9?*T5n2Fi z^HP~R%l*t%-WkyRLi5yw5W8@VeA8fo`>jP|aA^IQcel|Ax}dgSh5V+i%1$`H&QjF9>2*=pwB2oTz%PaM1}gdcYnW4$ z&bl&BwN0Kbs(AF5TotVpR?;2e65yIT*i2w;1&0KU!NYCT;!cA|x*O4H2rUFxjq_ZR z=(sR(Xe+4K8%x*lN5)RRKkbn3D)t86y(^gzwXAeysx7)QhRuT&)q;(@&b=*!!go;V zB6P>4x`VpqduS39k%gJdaR)i|@{y_exbE5CKZH5eI#_wDQ_3=lKIa%#|6Y<`)O|V4 z+<~e_ZqSs-@J`$y$D@TKEVs04y;*8`H~OM#OS}lCEtdJRt2t2* zhs0327kXS_fOn_#)rh<16l|vJdNIJi(Ifad7l3Qj!br57v`)IX^jheM4;FNiOY%SDo$sYm$3-JUr5eNm<N_aD4V||>XNji-5_q<$EpRkq;UX)al9=0_ zjV8;bUL*Cj-r5-N%*Zjxo}mfd1dyh z%w^1Q{7r@^XA{OX)NMQvS2zWrT3DP4_gAvnUDIZL&8q*{5+k&;6ZXQLDtLv*_l4UF zcf#K8Ci+ikVf*ealuDQktqa+G`OhyM?7n_#PxJYYA&#yIi%m|=aE7P%It8-e{C96> zw|f5L<@)^hBRv&ehvL*fvs=X5^-+}YEDpzz01!@a*%-Nw$?*KGAsKT~XJ<+jjl)}Z$gr3C?{JG-8-jA8~qzPEubwKW-EXazVj1f zR=ZHfzNxNJUgBUlE7x{6ZkGV)`Gfd-H-q*DK~KMNhdI5ontP}k=OI%9S7h4^kWIH~ zaGa@$RRp|@u~vWcFY8@$t~IrF5GbfTQv(w9QEzA46Bu85ar_%R&HUfb{T|`_3V=oY z|K-cwD*xZvf3fEOkMXn^v&-48^Fsz}_XULY1pPH3Q@Mcr#)%j2W}CYUmmtC}Pxe~K ztRQ3-ikU@%rdia;qr+UhRK!OEHM#9p0GJATgBAIK*qi@xGUkG+$+VA7j*bV1@Y37? zy|e!UZabS!IWzF>Wl}POL}CVje-C6X(}E&cAMmwzWth)w4z4xIhXX5iC=5X_Sy2~u z741D6OV)(aH923k#+Km!CW*~GWWWOczq8+~=>I$0y}i9P|9_0xYpri-ln2(o56nl3=>GI#!Zx%W75LJxsL= zpIWbn`dB&G@z;>3f39b-{5Mnk8RdU(=VeX)?`*I0zdXwGXR-e*Ke?Cbmourg?(k5$ z!^)aNgv~&%Xz%@H`0XF_2-W`)!NsUWVJ@cGz=o zTwsPtFkliDFO_7VLT}BG!X+~nELx3o;6vi>yEl_3urMjaj`W|L<|01^Qo0#IK9r zT`nZ}(eWiJs z?4zH%e%!X5=B~L@*QGzL6{BMYN#}pdh*Z*+z9C|0O2T=T?k4JviPHbvViirgzpMj^ zmUtHO{~={DW%mjKUBv(QU)21+yW20<{QohYFU9}AHDt9G1Alojz!PFk1t$jP%yh>o z*S@N7#|gJ)x0OK#Y&pm7GPXx!hTYINA(kbnKcqNn;s1iOU-{6*%MFSHJa-WT3;nJ(Jpgi1?71u z4K4D&^5LZ|Z#N??Nc{|Pbj?Sj*K|r%ANA~8RVrVtV~rPug)*7J`v~sH^FG@||3pZ? zQeX)Md{s8v>#uz1l|bfrqPgzNUnt%ZaVHVSR4Oq;pFV9ZE}NfP{Pd~6sINfMGE%4T~NaGa8kbK@j1FSApA>IB4{&wP#cDP9J;F%nA4OyVrx0%lBu8Z%#^ukVyu;%K5N*3mWR+{P3t9bn|_UO|Xt$zZ+bh zT)aPi`{wZUtQ}yJU%dpftT;9tjG8MD9xLEsf&K?uVX*Uh4@Gc+{{?;_Q!8vM=HG1Ap3L_2655!*MP0_h z-}J3O|AT6dAM3YU=gl}a)bx6V{68dxAJHEC>?Qm!q(O8w%$PR+Wp&3V>Mk$JN^W0*0`n;qWoQ4OkXh z(jo$=Vc)whB@rFbXeooM0CFzKh<;ec z-f4Ml)6?}U`rGFirCigiHrB=&Oh9|Buoi!H5IztPkfElhkTop8#RHt9dbT`bw#GTP zoM=TXe2zWmhlgyiUNP$xvtBU^el$ogCybUC3CQHgFRSlOh~ z5-I)Cg_|QR5k?cvuS4_`RTG{mQy`(t+;C+<{mO?LQpB00F%cw2DHh6I-*4|m3ZZb< zDft>~w~tam0?@XTWK;j0rDK7u3$#==xFvKvQQbc3?sXeJ$0Q+&1S$CCyL~`AkXaNF z5|elnevU9rNc`upIzIo_Q+X%Ir$p2o{W*sk_2UofeFpX+2KT-LeD6UBZ^2V)ik-Y=cdx67<7--5rGU3Bmq?Gn4H%kQZ^m@G&0TWh2iq(nqLb(#L|Q zee`qp@bznZDit*?o`svmtt#hd-zc7A|0e|B)9|;?qWI6=?oM_8cmKsY|I?#9e`x#P z(coXp4`59AwQc_ZwtYSJ^TDirkM_{o>aS}6Ya@IGBYc4=SE4lZ?`gonAY^G>-F6)Q zV2MD#N7SbOoz>Mjv5kM6$j0@v%+sp>hm_HK-TF~H^Y#Compdft_6U(3a2j+HQ@*8@d5LTG)oQ=X?Ib|DY+opecPFYMoluDp0N!d6d;4Qf_ z=lxAn$5`PZmISaO-%-AwM<1BpI&A2aU#_ou>@cYVz&|wi|sV$jC zL+9=}ZFM)-C(7=bnFeU(j_GM0F40Yc)#+PzeUx&kicMhs!`}sNw*>oW2$^yN_ypO` zC}+)EZ!i?U^5J1q6z%WswUBwH*1!mj5$Nmz7^99`15aUYUbM*9lyj)*x?51 zYEz|j*Lg)_g>L-S?XpE?+FSM=rin`wt*Ks2DT7gbC2&N}iJ&|lkchKb_R)6BwyLpt zqT*)Mdh(nmuUgG&DnWRF^lKYM$8!_TY*k5rbJq_!tKs3TonSQy7skWfN}ad2x}*>C zvyaw&x~h>2B&0VE4CMJeU)}IpJ~3It)@N;9>(zfW&o9B#ndwN~HBsI9;^_>|{hMiN z-Y%+n5LR#?Gy;tHbc(A{tpVB^Qnn>0RaZh(dC`qh6pRpDb|JUELd7Njrqf&hK+$B% zW3;`uy|4EubXW6b`FuyPArGH5;@OD zu^h)oe>k56j1^C^DS4yGz2-i0o-}hTw?eb}nd)k0#A;L73`>8qyZ`fG`4AeTM2fYM zC%7&5%gcM)79g{;Y=BIQrqUkYv#O5L+`vOb-7MA6{o`y_i?T7srL)uA)8L<7;ACCe zt6HnGhzUMH7a4<{C(8~IWe78LbvvO60j=l?C7h>dNFtm`Vm7t@%WPr|dB)-rG{rR_ zg0j@w9RNGOpW^sibk1Xmp2r!{W%Wm`;~@sSR7mj>v@ucWTq~zi5vG2G6)X`}3P%$t zjm~&XPKBSx( zJp?wT0zMj{5f^}g)i-5Ws&Zr-)*7_7_9P-yO^5(o9pM3v6el)IDzdwQao@780QN%aFtWZ7jc>K2?1JBVK}-ii4WW zncGtHVU+?dWgwl&d?5Ast#Se2t_{AsuH$+}r<~V6ui(MQkKw0JcgH9QCS0n6Wj$xx z;Zh}o*7n@vbLrAy^>8fGD5Ojg!Egfa(C>&c^G6zm4U9)h)Nb6~WY&FYIE>-iU|8z$unvYqoH zG&s3*L7e*U%hR)0aJI1wLig+dJ$u^l<#!}Vn&60_ZrDZL_gZSacVVFx;IJrQl-=VX&m+0jGoDMDr&}UuU-S&ijI=%e96^`Qq zP$R`s-f}TV!0G4wa4`7k?ZvSjMZc~0?%T7u4bE2$N^P(#N#?_vCyz}b^ed+fby3$M z%hQVORev62nq$jX=TEgOwaj!MA6_1QdpJ00m~scEbjepcih9oTDoYGVZ6sH#yu?hk zsJW#P<+seN9Itu(YHsVVE)LHw(c$aY=-(|5 zOuaXQ_<4E(48YcZdwzNP_UwNBDv^#h6x{`H&5tGB!O{08$M0S*L%Q!>rp@@h0Y8VZ zzI%ItzCAqp;obRyK{-9Ue2boyJ{jOz0&?`})3dfdxAuBD(udK{m(FJQPGFYebQdQ_ z?=CL1+-vNo(5j0tGH^bBZtAO6Ilf&u*$932?)7UoBaLX30Nqzk_^lnj{^{^vgJp(r zQRgv>>v%h&Z2z(XJ>;vwEXcup0$HVjr8w;!t1c+eq!IqlZ?~^RjnqR*Sfz|qf0z3 zE9c7yM4LBu=V7E0 zX-{`QEJ`4}ekGA2l^_O3la(c7kgjuxWe&Q}ar&)z{kECt#+`96blX(VdG~GGWZ7Ib zpQ3k=S={Keql!#reOLm+5+fW&qK+xDspMKePkBuG5dF~x89FczG;}KzoU41aaZP4R zwb5Lzv5jUMp^3m2-VeWM@?sPI_ofw%s(RKQ;_&fv-i7n;_%xsYunGT6{PDdHfh;=z zz4Nki|4;AbZf|}6LP^FNo)LbL~Ymmn5ZY^>r6MAWX4}Ca+7!1MYt~;64LZ>#Ni(*GBY0c1Aors-w? zNlQz*F=R1CW06M9h?JLy%i*cZ7YL0?7UL6isI3ANamGkwd|EdYqbQS#PfZr=u%zM7 zKkDE?1Uc>j2DqspftTt4Mk_4!urm9(+EJ&10;^S2&AvUzP(zqQyp$K3CQbAj;IIE2 zaWO^M#YNp0>xVeta(`O(XLf0tUO*1Ly(Z{QLHc8bo;NipNSe?HOScQYfqG3O1~FFu z#fO!78gj0r5;*<0nXHzRNe?kg?ZLrKtV3~x<0)n6-6?o5AZStWDNz%WSw_;z*CtA( ztMD~lzQWg5iPv3g{}28&>;EZ_V=6@kTPDLS9+UeV1z({5Yi+-p|9O9VegDs+JVviS z=kakq-`~P~dxxx_FGvq>%*3smUUvgMmt=ZF#1WsSSP<0x=Aaku^n&efhhqPLU!bJuJdNc-uA zh#|a&>=mTDiMnH=^grgBQvH|7c>xtF@Nt^T#x@FmSZhdwFINHDaMB}KA>Y>$y-j&s z!@%~(cJ-G(sPVFZ|3AnDFbnwq&d&BuRsY}F-&^zl$9Vp@{C|BZOw*+>JL^kf*1~Wt z4A;*CJ?--UfiC}E!v5Rct=|8=zq_};mj93O%n$kd3}SsQcUhZte=14#070A<*#=Qn z4Nz+lo4>3#iSF~X^Zy}bF=gWia04#l|9kr{EB4>+_WJ(M$9W#y{`=OD&Dst4*OeDM zA@-b#lNWQQxPy?VMXWl-G8_I%B4x#s0W>JZ0Rrx;(#>j=^H-KA%klsFxd9jX|F)~~ zzdOAbz4iY8qdb3j{=aquHn{wK-vrztj{`(($dpo`A zZJkqeWnHvxt5UIT+o{;LZQHhOI~Cim*tVVQ*iI_;zWL96IPJD}-`3-Lm}|~4ztKlu zp9~Cowa-BOBh3}y^PG|I75K-bbR(y-kGp1z5BNv3f%dWGF>quWhROvpT6X226DBD1 zpFhKM9W8#_ID=lu#8 z7sl`e86CCZd`m|`WYM>d?m^gPI}u{GX{*fl1s225{RC`@08;q)=x+mC$zJ^Jd%b`M zlNg=WpTPfKD;$7_!uNG4L@4pHrdL*<2Il`mlQ1>k#>b|tF#}iQ)%U?0&L!1A=ATtC zuqWy<@9@tgaO=_Z`QazsK9Iq?`GeuT^WvpW+_TFkI&<(lTuA)Q{%?dusT>EPb2t#V zk?M_8E{)YJxziOCU3(4?7^drS2(DM`&$k8QU>qY4pB%CW>sNHcJv8;(HwWf2FKE0i zmdPQ4A~4M6S`{51hy#wx6U`&(lQ!i|^wtWzx{CWeCJu6XioZ z9pnQNmHK4n?O>>Cy+111U@n(O>1UQi+};U*^zX;wtvjEcmws;#XVAP5mD4AiuI9gZ z85+l)fb^YV9Yk9+bCIuqPTXC|2gD3%S-8vb*_Leaf$0b?5FbLH{@!&Hz*g^z_Z@Ti|ETr`1QgU;BTt?HVB^_g=(bldv%e>Qu=R@Pen) z{{iZQkfB}+Amhj>j~EN9jcXTh*A~rx6(&p-LMfqCKcr(t{SJ1hJPgZ-N@%|NBT{w( zIod#|gpB2uo3Ct2zqbS)Xp31Ca=?MPFH)7q=+r8mn*|V};E^_>&H{KZ8-hcxqIbh!%?V%z>2CJj()-C}Iet7#R+% zH;fyHj&{5ZbZZS(HX^=D+Xn9(r9^3cX9N2`X@ucWnf5U3o4*njGjZ!vuirl-i1Uu| zeo3zWRLj=Y-^ql=4h7$~f^4UW6k1aUpP(tQNJ#T2`G!KIOeZn4@ORf2$URcQxR2uY z^_DS-GH+U@kT8 zUI5b5pRWDy`T2m53d$D_slSFoMt``8FVABsmnh`T-k6?_#Q8KF{Y2cfz~*#w@HC z@y?OFp?iH)yIArlCp{s@I#$ZNj~-Jij5<*DV&mQD-}BWmKT(?BO*EP zP&PS}arr0m7+b;Ziu8+X8h+Mt(sfRKG!KrBDXc*5QIieX#5fnNvlujhldfatXwGkjiw~V;o7a8;N7|0~{(kj#YR3b&E@}>X@sD0D==q<@It7_J z7y`FI^+<(&*(-MoNz?rU4Ta!{X(QALQrZ*6dJ$O3VveskW|uLdS+u8m8Kd?`i_Qem z15E!}1na%izdH^B1K84R>(@JQsfVO9r~|>v(>!M;kK6igSCezts^5&by0e`#rtf$I zk=2H0)XLi6ETK~8E(vUx*%Gw4Ks#>WULXFhaA5E_Kl0nisqL_X?S3a_-5AXu{_ou1 z2g?m(F2n?o`PZfDuxaW)0iZ6t~vBaQO<8`7rhk=!EF(@0fh90MX8J$ zXh+7ctFO`C!rz*iz#S5>-GO`k_vLq>o7?lsf4S>N=nIfb*+99pZ@Zfr%nz!z6TJ_C zH~>Ss+Vllz{seq-d#-%u@7e@tjsp27l$+Ro1R zhVjzFiD)#f7x0*x1?`rBWfe+MbRGILkb<=5NV0k#QO3NO`jK2xm?RKTaCmkJ$pyD_ z@lhfY0H;*q=(X5o!`v4kUzRcKdy_iiXDzXwmaVc4u6QKME~WTeNPBLurfyD+ujl_4 zndu^s8?vj)OmXD)^7{F^y&Ri3_<6V}Q3uY&UVpg<$-k!}jN!VsypH4a<_KGaCew-1 zN<`+hU^gq0muH^6QV^)*aKMVDL8l`1f1fzBVBG~!Sji|@d!R2?1hEdpk`*@pR|%6c zX60_wzvzYW%jMGb&395p>jElc{r8$5$MM*jy>m5`RJ|M%;3|ANH0sD~a6; zYy9}NivH)PjH@T}Pu2+w2;>YF<$HrvB9`}p`{A@570v4;_dwI=h>I(gBfD6N)j_Qf zXEJ;$M*QT#c?sua&8)PxTW)0*24zU=_tM^&BqgE2i)>(zFHej5yv_#KN%MJkk9QHB zb*pQa%-`*@FQ)2zrBPh+3Wab66tNGV;4c2GlKsFG>lG_5aZyB5aZBpLe%j{QYcn4pdw z+=qefXoK(KnM6Jo+J7u;$csq$-F`lys9vxVt%zjidwkXlTW(Iyv}Wm1LB-YIs^b?L zT?u3j^@n!&It14+0r=|S%ER>6ZSN|F1dMlE4&qasWOX^NVogofLi1`>0zk)h0!jSm zoPTHIyGbrIF(rgBNxxF=pRVMV@r^P!dH}ddsvjUm&a^D?+384+r-WnV&$3GH4R zyuH{UO(>iTNqOSOvwFt^CsNAjFAi+#_tW7PI*jRmzlH`oK6f4&fIp0N6H=rr+vY?7 zb-rpIF?_z~^k?uIGhd@dI?U^bA*7Pa4;1s^3pCCGY{?0QXRWXlE+UdKwd6X~97BjP zwS*>;CP>4Qy-KfihuRB+v`FY7yvm+>r6Th7X+kE-BhYj3P8#5idr4sa$$z$9*2@-vD-ubYLl3#v+| zL#v=Er#;Kbg#|~Ai4{hSh*^)Un3dNB=q2*Y3xv#QrjyPUK1{S!h_UuUhA5?5S&qUy z;pvB`DKv_BlwAc{bhmUWwkFmJa}e>Ui%lbivIUjkL^K(RRfq>X*m4E3zFSdL;+jcQ z=d$O}C9ryI(U@&?qdHQV*tvxm)smw}3RS7I3x)~T24Uulal~TEVT?uIfb+&x-D=Kh3rU5iA4dSLaIHdrcQ9!O|1y5sVed0H7Whfzq>LXTxJt!r&GiA z>D=hDDo0wXY$`J8Stp%!LE-g{e}kYjjv}{c{h1Vgu2E2iYI`A+CFj7V?(ydMzuj+X zhcZ8CKEI`AeqZQGg5Lj(Koa?7(`S$;q?#61op^O({)J@*EQ+C%LN%d+zcfJu^>+oL zhsbX^$9d_5<13bu%0Wrnh=SrQK&1qXlVPlvE&sN!PWG-$@4tjWijqM!x$tqrm1+kh(_i^maO^#scECA{&R;Ocoxx0)>9zy zS*w!9<11i)&zY9zUcYTJR<@fydL^Rj%3o=q|Cz5=*p!cySWz>_srQiNsNoG)tKXjt zeib(iemgGo)MJfRs2i+0RT)c9(xVH;OKK5(&Fllg= z6$4k>IJ;DFkgLg07t3lUcxcO3s=L^E^>_X_+bx65O${4F#$JIWwj5iduDvzp*kbWa zr8FDr=(sGi4hQ#6(pSf)#lqAP=xxyz64z-zfmeJ_TjXPnVDBfRO^_%8G$ZEw{1U2|sWSvl(Dcwa}*^y=YwXo(*-5F| zJ=vv7=#v}yuAcx7%zqZo>DyjFiP$x}kx7`0By<``Zi{z2mUlqv{+HcIIliw&Xvm2; zrC0Q?$X~~EP!D1LhdZ7&oBt_}Uh}zq9!=(CIioBNH`-MRTbY4!cm+9B1*9@RNbxaL zP1^TRam|pl$lJ1}^&)*x@y1t(bb{v5(+yyd=TZWv|6A*o@gg*!RWf0AE?NZmmKl9|H1fD%+%s%Shr|rZB~7b@b=MY?zkYwoVZ*ebW2ur_5?RzI zGZ%)hP*T#B9qOPH154ROD$Z8xt*cL>2bo8@`Mh11GLP6e{EFaP$CA07=U9qXl*Gjn zA9Pb}vWZGPT*Cd=_6=tVezgGos?_WBx&UP38fRuDAEgCWQrQH6+;B8$S%?7P^9s+3 zKd*hAu)Vqax?hYR5IhDy?Pp5xxw*`CA|FJ3mnK^LF3lWlCA#hxK=^l~(NE4V7!al& zq{QWV?Ef3L2Jq;unW*}>4_A5f!KV?GJ=;Muq?|!Y#(mTpGgeu))Y439^w0~a)%UBv z2Ts2dq>T7XZob{G-}vwNwtp770pG8=fP+OmTuSs?jZ z1MQnnLo=;VSlqofFaJ#U>hf&zium`n2`+3B1$!-m8>8G)%r2tbt>9?W;lASFJ)7i< z12|EXN@ptHUv6L?*5CsAL^QRVoyexq%G$GGvpmy)4!591X5Au&9W&qwzK3f(hp7Va z1^{H|GHV22W^Oh6+dEJ;I|9|iwHcIywbRR&8}uw5r*W>5w$yD~hyYf+(49gNX|wqd zFoQk%kWa!jyi1MCT;^Caya9mH)}^>;i2DQXU!?xhl{51YXLO(?7>1Uykg9Kh;!iNy zd5ac6su2o(>a$UE6^M2)p_FW~j!I?*il1h;OqCfL7$xC$eE+k(ztCuSdiV}Lyc{^N zEu8E0!e88emYzYb*Voxnvh1fkTJb_&?0+zm8;KHC1iw>)FcqPPtGL3YUybnz>D zDXCGQh3p`c94b5Xcj5ZhIyKcY3(tf8Wn34bq6HDrBqcmU!hL9K?8&Rj4jheWoS79z zp^ahvH+diC;F^crjEufE_xL~V0a`Sq5+<;=*m`G8EA?9&9!WEcq2!RAOzmwy{OqpR ze}{z@8@RNv?U?qqZ5MY`INuXUsd}+Q3!kjKsi$s2MNmIK0w-0za)mLgXHFVA^a8K$1uR(qs)NTsi?w|OT@KHD_f&f;Ecb;;JPq$xR0jtqkDv2h zLiP@i^Q*tTdEK+q|3rV*@84l5@Pj}QF<(6dDG)7kK7!l?<^R!&8iYK~|1OfeO!#Zs1V+tWKy5R}eQv9IkBo>I>OHhc`f08l#3R zZf94wo0oDZGmtes-cd zv`Lqe7Ls5SRdO0{hjCY!uCc`#SMKbCDzfbxSxpEuuh9 z!jqW94=UE0wuyxQgeHO+Ll+&LtXrQSx5d_8p>yKqV$6p%W$Ni4Xc7s&&1*9=dOi38 zO#z(bB2$qf*`#A$fBSYPGI)iXBK^V`=^uVdT*w=JH<|xk?I|LKlfZ1|ctadd>I#T3-M6~^4{u-gzUOSeFj%-gZ>hHYHgYD z<_-`W(iBl5YrR!SE@+?A{f?0+ppZ&@2AnRkw3x+T!VDh!rg;ik#E%e1mUTAVK-s?7jkrF#zJ_Mvs>6>{C7 zz&LQ{mR-=-Fw{S(t>7gT!C9H^JuDEZGZ3obyA2Lt%@$&J%mjO(y2;0B^}RCMl@t4&f0&bkwJ|iNb3AO6waKBs059Z zJiw7Vzy+P%)#&PHW;x(BpS_rPg*L3O^#TCuPE)}Vl|5r)TFJAfrSkl_fwG};+i@gAmXZC%JjD<#4;EI27H8?Uq>gZwr z=%zNJ_hlBuP_y(S!$BDukW+xNVM4Q&Dn_IrrC}HEDZlyu$Gy%4iC^>qgL=W!!_#lT zudjCRZugadTt2P~R2jyWpe?=v-8H$tEHPsJx`?|iak966^{;ypa(K-JUtsi#39XLp z;kM7$^#>v`Oxrh*Z>gb9HMIwkhE;@~YG%EL?phR5)Vb=}t7WN%|J!@rn?Ebb-5D$@ zO78#B?dk2q6adBN-A8#aG8Z5%^N(~iV8esj}_MmS3>FK%$Uuc@}%H;Fm2{^mm%HC>g{r+U{ z2OabGMmC#nAt|rId(j&g&cCY`DKq#tITzs9& z+<7izJV|;xXl-a%6Z-hqn&Ve4#YHqbZ7j%(Wb|J=Jd8s&86|oL)Ll{yi@yE<>+GFt zf|w_uOm=V@N3gy7dw*VpvpbetO)Kx@imqZB_l#(W26DMG1p7vX-+&roEFX0q)iqIx zudvmC=Rzt4Pq3|e=&uQ(`-RxBQZ&&bKJO@eS?F(C$@T|weLY2q_J%pJCIoH+NR4h5 z?L3rMfwu#|Gg3~HSVuH8frDY58@Gfb#Lm;Kx5(8)YcpT`5T9Qujhq(|b^Q<91Ww6Q zFVY`IY2LGQFqbiB1m@=jn6LYooJ@o z-^-!3BelECTVh&)SvU47z$r(WDz3y$2mhz-vRW{Wt0X7bovHRi1%0(1!e_OszO!7C z7QGCQR+H}74I}iahYT{O{pD+%vLnLT{v3y)vZ;GCBsLOfqH=9%scWHWBt36KFDo&H zL5TP)m{L>*<1fv}e$aGLa|&9QU4IL=wR2AYgj+vWC=hrPqV0wThFGBJY+Tl$P+H@k3Z-zns2N1#A@SVpwxCL z#vu0j64oz5o!oq26S10yE70Jpe4Cx7jaDvgy=vtpM3Bz`@1a#Ri3fF!tmS+P_LsCg z6-Q!pE}S{){V{~>qr3+oaBlHkJ*&^)Qf+P z>{$LRi(@g^8Ygc2Nc~A=z4JRB=3$QegRn}fub5f6LTwKXk2vv4F1obh#~prAfo&)@ zcA_>qM(DKSgj09T_^*R*RHWl)$zuqt>3rCtkOvmpQ;*+rmOE@5G8`;Y6)eJNxNIr> z=lOM)ClE}*$#QJaycJ}L;+lM~bmTn>nK9JLzdh%|lloD?8yySaoqZ{RU{;9;XoC~z zJ<1l_Q;3vdb6IHf-ogSV?wOY}v}y=3?=sTMBJ`#L2*I1dOW{^F{c^(#66Hg&=dV6s z!wLKHws~Mjb!I4ZF$^+s+TLx~cF)(v6J*&om=k;A(N+#y$rwuds6+5+KnB9Fk zt#olva)+CZtxHq;t+7U8B*uY*X4Xnz{c_O!R0r6_bW1pSdi-ymqw}>MpIsX*gvN4I zE~~fB10|iq9NUHaYB5XAa4pAlywUOVS6Rsy_k+GJ_!XepR_NPj;)J*j`-u=toz6>e z*!5qn^F2){U+j80v$H!ntb7j5vC zPY5n{t=1n6<6y#?Kug*w`KjH)|5dH4}0q|ndk=0 z5)fHFvhv99KK@Cg*OtuQw5Si!l6~56Oqwmj?8|oHW5f46x`hM0RDIxcZss3f;kbO? z|Ggc5NPYP@|NDYyLdEck%}qz*1;l;5@~6=E%f!L{6kA<^|L{++RnHDOc4ZPu+!%xn^K{Ht#kw8>D$( z3DA$dW(`aCw*0gdOmf<%o(;6~^n+LKK$c6w@(BE$B*ot$o8csBMfwU_cl#ctQXjJa z`}wA01#}C`P|lbA9fiW^1goBF!D4>{f6um^RFJ!=Qy#BVQ)F{~$~19FN>e11F}3{l zKAXlpcw#>)7WP-2Q2$we=sCfS(HO9UNIm#fBmTPfz^R+Nx`M>;UvbWqcieC%;>t}a`Y5&gL?&wqY(ZBK3DYO=FVzYC;b zeU(8wZ)jzeAy-Ae>%(uz7AUu+kboeft)F+ITx}_)LjQI!y2We1dchv|DP@0M`*FN| z$6nB{9#W^&_BLH|s2l%KYPhGvBce&Bq11kkqIo5j6cVY40G&Tp*%3Z%lZDaIh5 zLJ9W?^&z5>kMj-mNDwVRKnHo?<54A#I$D&PwI?$y-6vK}lsrYE+#&^5AWhYK-Gd2N zMQt~5NAW17-Bs7c;hjLBS^cCA>PgGRvMj;fr6f`mKn^|1Bh99_d0D?gcdr%(?Gndz zvS)*{cK3T`SCNN|=i_u{d5=Lp1OcDr$(*DCW5p10Jp;Q`)>OU=@IhDSIsR)oMcj7O zj_B-yWt5lVognIo7^t`7Cb9v;%NXvu@0{`H>K`g;$Ui}Q^%`f^hJr>d&yR}Ia6OFW zhBx}g70)AQO@eN{)55zHJ%R|e%iI+`Xur}dQ)SMKM7;kDJSdDk4ko2?F1g^=^g2wF~ zT|8f6?pl11wdib!j(@LGL4ukIGX7E_xk!1qbq|&#w(lSzzl(+OjK)EsSETfj5a$*v zRcD%AtRF9gN5!oaEL5gC@QyaA=+@aR4_sQi&au+P7KGTMS$bM|`}8l`hQd?B5fhe3gh_&S@xYp|) zkw`0CoxbEUi`TwZD^y+7ez_Hd)ZTF3Pq`I1sUmPMdu8GwOuyuH_lgBhcx_dN81}C& zwz!3IlgOWfXzkJC1tijf+bOBMx6?T6Y`a!BM`%N|xDENzxtN^h*leRk6;qBRnPG!-Q{XSoH2R9o)pSeG@@sVSUFU{xqO|S<)OHIjO-@pAz zdu%cUH9O#&2_kY8=_eQ0lL$#>Nsv zC(N641HENEm58k@W3?eF1lT7df12he$ZDn4+xgSXgvHroFl3UtL?!=;stFjB0}(^d zudEvF_HOfbXnN~tf}~Iz`kc+mnp880Zqt9%cf|-*^EYC5N!w)`^R^GN3zix&+nwltRg0x}e*+WM3lj}6s+7w=fM-J4O?t6AE)b1kN2+H%m3*QklSf0eJ1=(2t09}-oJ|#gHiJ!%V>-Euf^;2I!XdSf05ty!`lqxHFI+^TForPnw zbLdL8Zo6jJWHUZKCE>?X){Len!FsC zEPcm?<0sv9XiqAe+?%;Yrr>~;3eUlan}5__%?C!^p6)$_Bg{s!MHf2<19oFX3G#d ziqZrxYn{9zSLmes>g|!wlXwkDaxZFCguv~!B=0iN*~iJ<9g-bCg&1gs4ij?^%SWdC z&T7e9YfEjdZN|6WWAp2A6wL1{G3dVlg&9i*pZ$Z%oJO1g^=J4srz}+$z9#@62cid} z&j82Xax-@SG43H##6}*;+2M;YV*CjrwUBVz3E1jv8DkIQHWRd7Lw*(|mDty7H2C?E z5BCzg9|vk1?i*)!G=h+i!&4IDRRvG#|#PL)Cz<_^%XsoUYbVp*_UV zQ54(m(iD3{X;T(rhO;BlT$1fNq&Xz(ucP_kw9}@1h}`wXL{3rO?(Ez&wm>WT6w$>< zl-qP8Pdho$nt;|A3L*vhNQo52Q1+sviuLB^W`_)=PWV(gD0Z`?i?^oV*R>n4wwtSS zrG0ILPQ$`zdt*%S)ZSA`8K=uHD}TP4^?Lg9UW`L$6so_UD*7-nV1<&#*~PmkPy8Ir zq}#CcQ7~9#GXuAJm`?TX0^*K^c9)MNIV6Ec1qV^~A8ah76v>@Lp@W))b?e+6+}X}! z8x3iD(hdTsQnc6#vaLQpcBYebK8B6LPEC4 zUkX}zEAvZUlw$x<_1uyl%!WLw z9QA$=2C?1Qpv~VjAS{q>aZD~)BsUo_~)Yp1ntpaw#d*S$0sYG$^2RG*& ztQ{VtyW=`lTmgu?cd&eHGX*`H8PqjvHLvLA6&#=JO0L`PDqxHCI>0H9H_2qBWzzbM zo5tKT-M+Zjd6TZQtD+YWs9)7<$s!4Pf~R{ob~kZ>e5aCAqjP5=Ti4aUH4YMeeli|v zCt8KfHn)>QTMyGFeP4|C61yAM&~}3g!7iSDmrC229w`!r%0(xQxqV&j5W}#Ww(L4& zJ8QT&I8wjLG-2*~5!_EF)W*Ax@5gF~)H2E^J{aNV{IR@0bFW4lD_TBWv$#PE7o`E? zo?TCc^h|n14b99Mq1<1pp+F$J3}@T6!W`zU<4Ma2B_iaFoMyvz+nB&b*B@~vC3z^Pn1#^CypV~Z<87u3R9|sT2(|orTa~S~l1Nwk zh&Jvf33)|*3-)@tJo~E89+@4Nf&hR^aboK7+gp;&T~<<-3>M;Z#_(vlP4$S~MM`7C zC$46YZmHAuTwi=C%^^CWO50&e#b@^~Wk^s<23=M*h30W-$%0$l_5u}}sY}qG4@OV) z@(tt_g;ZH`&vu}`TO>|yQ8JRbA$0^atXbm12Iyizo3y=8^%;j1d6xZex=$B|P?r&3 zCrxTYOPFKo$Bi&Y2AIJd29PUc*DOvk|9tD|WU`oFH4Zcb0rYLa0MAC7lj?Pb$yiP} z#+;RXz0t&mY>VE;%hJzAycgE^peEx(Wwh(A-axQDU_&C_r;7G~6G|*?Ew0|5gRj(B zIX2ISH1UnxkM8E)f-swnc~@URVTV?D??&rx-iny@iG-Ee1lhf7RIH?B zEqFw#A9~2RjaZvG#I#XuRln%89$zy{;Wy@g&kd8qY1}PJ`P>-fy%ja z6890@`)b=(8%|PlgqAG_{ksZjmYZTYyuzwM!;&w&mqb3M4to z3!-z?xlj|EyDW_~u6AY<`)(td4BS=e?~{>L4M(BQfFm`>uIwUQ=fx9h&u{5 zuGzdrU=yiz0?htb?a0|?i4VtBqjv<^tyR4(svJ}+VPnyCl92P6<|(E^<8w- z?y&Warcl}10(#SH3rh<}i!kVeXHbP*hD6!9-<)75ZzcX+ikM5LT*)c_;!|^I;mK)^ zmsBA1CCxgPa~W+LL~o^J3a=^n6;e2hLX#!eY?BmGKsk087D^v)IoiRXN4kvaG7uTix&mLT-#f=KgY+U!U zf^oeA>Gbcq10p<2hqE$MxkP8xt;QEV6vL??=cceoQ_zsIe>+Bf;zN$HO1m{wZ37HNBa`HIP%bfa_xm#{c@ zmKNwma(N|f=_2_jZGyvkV6Dv^YHC;Lj_l{W(rCFQaqKm>)m1Pod$ntZK-3xvdq;>P z^VcpbCEv7Do~t`V*JaO+z1k)JOw>G^FMFAvcN28i`9O{1T^oO!JiqY_)kmlBdggqV z<>I`WshiO3*=t^?vRbLMJac^~XA~(Avl&C)Yqqm=rcIAV;wMh*r*1Smi7s>r!5!Bnbk5@0Qf?CgaW%aRjcWZQxPvW{*g@wIe!yXq%-~Mz z)wI007!!u2*_}*hXYqTz!^HajUNGMOtx#8IAQCh_=OG~%1@IwHQ!DQlYDre zM;q`Z^O{JYz^WPwJ|Ki$1 zuhU21O*|pGB^DKsuy91I)YQ@8!GbZJ@y7`F2xBRN%YG^sz>FVj8b+#RIvN~5;?y7q3+f1J85J`ZUjoHC(!Z5+9CpoH=uggRV@P~X>V%~F+ zi@QfD{k?PO6{l&iGCBhyB??^~3(Z?kT`mouPMVan<$QQyki;n#WhAQX3{LAs9}rDE zSxjzz#)8gEnuHaFlJlG?B5;}UoBXQ?>5FmG>I+{Nct0qAdU<$!I6eOO`shBhvlTVF zlhdA5VXm=@#P;u7n_NaGm8#$7FJFrJl<0969S_!`%rIH^8Uw>bCwY_EsDD`y!u#(E z-j=7Ei@%+7Rx47B!|P>+$`{bxm6gnHuWFbZm$rKf1~)hSj&pK%zP~lTJbOBNpXY56 zBD_n?&CTEK;eO}FU4V4F3k$ z;e1OKOs8`Edir<(?-l{Jz1`Mo$g}Z(>1E@vB)m6So^-uYMZ!(PwVjvg!5*HvVQtFi zanlJ1CQ-$rzS^{Wv8WT#_SW2KYllspGIVVEyLaf!8MEwq2MIggaM(x0mza@0GjRGB zw}e|9hFc17NR5%gHF#pbJ`eeqACfL?f`vRImMyLkPvfOUQY>@Qn830SOb2kNfEEcK z{{5XJW)LMeYJ8p*Nr1@um*3nQr1y<359M)(&Eu#0tY2-BWMn zyd{DX^piNvyAYH)|9~2V6cht*0p-gbVG5?9LYc{*cMTX)ib0H3Wx3jONiK}cyn)o5 z8#XGBv@UgTbu8(nD(lUPP;0AVN){nQT<+_iw17{EcH}~!cx~@N4xUA=N^qQM1NY8k z#ZSz;=8sAFPD-$e4_aHg|##AkK2?2eLwKARlRHnBB-0n1BMah!aYU!SX>b7SWO<(W*4 zlB&`ze-z}QgSoI*OqUw%BB+U9X~saj=_){4H*V2a8_-&hscMaZ%@(c*nI0j4ZUj2c zZz#M9#Ricwiu)4g) zfA#(qGrmj7vH4cnfCj!?WtUj?s2b1zrWdFrch(liGYK(TIVmn;;NFTL%jbjuzbRRd zbNMQ6{6HY#*Ufx-Q{J=2%eBobz(8)Zi|6SLfKOY{OD{C_*$D;;3~+xqdt44ppc4CU zuUje&K+v!q1D)`t@LrqAS)C1_PhV9I<<}Gaod^RSTKp;UeimNs3&$<&t3ti@AXAW1 zz$X`7Sgh{{*Ix#R$Zy6QGRwfA1$xze> z8U_}>iK}=$EP!j!YFTAYAHHYs-{N7qL%Z|15L|)|Avg-@zzO`d<5T{kb{|o47a?ca zP}8nnI=g_q4yurb;ig_1R<5o@KO7Bo5BU1llq#GVFRD}m3wS1qB||h+td=dvX;A;@ zswHdXCR(tCR6(CpJNOw-3g7%89JP7}cMXt0o2MAjBo5!jzzypy{}i}@(o|Hv6Hk|` z?i?LCZ%0Gg8&}mReW!akx?sp_X-fTATxs|S{foHkx54$*WXgKJxUyR3B|Z*mc@XlF zk_G-yDVBfA^MY;jI}r(G7JV=E0yEo2h0&)f`vZop7eYfP^=+oMfvc#E zFDX6b`1Z3FS(dky#Dx9?`_+8xjhCrh9ljKnizw$m8g=r^6)i&6~J4M7zLtU%}Fi&$PS5^CcBao$SGeUMOjAv+`zNe$Jb0junjTa zk1=%-HuaMHJ)Tf&eDHNhc_M@+IdKx-cCb@T8B-Cb{kQR}F4-bo8sPgJtItDo*sI6fO- zTsaxhw&-cTBI+2}YdPU)4em5vB0TUxeC4ln%J(&=z< zL~RQ#-k7<%Hlt1kwn}aNm7)tJyy9qmr&*?=VUDcb;vh1C&L-rZol18Y-)!f#(CkRT zB^vyhPBsYCNv>NxN~m9LZoIhW*!g&TUF2`+>UX@HP|QTO$F`}D``+LAH+RDQ-#`6c zclr%(PP6*I`u7a{?d|=)pT7)x{T&|Q&g~I}uP9Q_x7k0NFR0nC{l`u;`*9t;;!*ZE z$acuZ%+;jsE`UBTn!I9G1bsqwl(<+Y&6{dYThqcAAhM@L+jvJSu%)~B9p+GpAxHyl9y2ytJXq*u}kSfC}4XPP>Y!VlT0&2kUM27_UskwK&HtJygIoSv(Qh?I!y zbo&=pYl^&Uq^MGlElyu}bbw}jdhf#TK65~|`2mG#PgSm8&n04%1cl!^&*^hI^x}!W mMTP<|`ov##v-)|xeEz;)oqk{b|NX-o$RS9B_G1_1$NvF}52q3U literal 0 HcmV?d00001 diff --git a/assets/crate/crate-operator-2.34.1.tgz b/assets/crate/crate-operator-2.34.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..51ae1de1d92afb58d2f8377f6b6034ad27f0a762 GIT binary patch literal 7838 zcmV;P9%11hiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD1dfYaW==|nW)Jn6*mSeJYm($+9>){~H^dTYuTu-r3#Q-rCyUUjNJb#`ebM#$RCl9${!qv5NJc(-7C>ElI*$dwF=B#B#%DtqQy+(efirLwQ;0!*iR(GA zgv)7U0MU5JumCpv9sK}weK2MmXecD{eHu=HgdW7vgcDEwDi?Gt>Z`fAWAZm3LLwh{%oT%6p$6Ga`rxw(bHw$;3J47)p&@dO!ouJ= zlv%X{BWDo~fkcr{T}?Mu6$4+Iq?c)dR4e~|=3d=n8y)h0eQSGrPX2FfE#?11q^cBM zR5&_)#Uh=ckV6ntvbnQ6Tp#b@#^z}B?GAaiM@Hyv?cvVu-m{&}ooCOs_cor5_rBfR z#NBU4yL%%f&$h_s_P5?>+uL-#(Rh2;nqa6JRMXPR=KAKgy}oI$?_R8bJKWeCZtXhX zZtU#sY<~Og*1uMk0;wfc`2U*tF^YRu06X}9YkhOQ%KuwCJ4^n5h-BNgwF-wgCb2KU z48K-Q%7o!qt8g);0;m82|F!?}g*|3GAX1{IWr3q>aecxOt_i0~*%BZbj1VFs1bRS2 z$zaA}4ibaNClZBYS*vh7202A|Un5A~>-Kz(#G9qc5_(U8N|F9FI>;)xBvfsARA@a9 zMl+>ng%hPsNd>v?n}X>5nD_$UJ627DN(Wwrm*fgfp{zPOR-l8&!bcKrNGMfJ2?)B3 z>cYX5cd5WG7}n%lWXLhdJ6Yb1YIFWGJ%^Z69`^1&eVK1ifFD|JEkXOG6X$5 zG6Cr{_Wg5oIZ82vx9_xKm^L(ol`?EA);RY4jx3h4B~Hdk@4S&^VR)^2esH#badi0n z^5pdBZ2#iq?DF}^$;J7_+5YL}#qrCdlh+qRSlM{CzP?hI`S9rZ>mM%PoVl24c(H$eK7^G7SG5KI@$#RSNB=xMIlDMIyL@wWc7A;F zN;T!IJN1CQIQil7#nGFi7eiP%e)auHZKku67cY)q{cw49bbhgac2Vf?)^0 zk!n_j&hI%3%%~0F<0s1!$gio3`>v}APLK6@gs!sg1l&wfPLTtFBp(oy5yX_mzNeVW z<)}tWS#$a+A!Jq2er`u9&LEzr{wX4>RA&JcZB7N5Dt|FWt$P3)*OgM0#R3h19*-ep z5(G+ZH5phmP4gI^0x=a)0hy8ju`qG~AtlaC2xS)GJdyGdahvdT_I&>UI0_bX7ezOc ztcZF0m5y6kdDV(f11j|sfE&d_*xXqU^sfK|EebX^pS`47Jp3A?=#$q9nTO}-qbnIV zZA#{=4jLfdzOyVc9@CJ@ng0Bx=c8qM*i_N~vYC1C>g3|++>syT-P`E0|JHY^_TSF# z=2HKAkaRI6;gwcxD*mXCAHgx+fLBUde){ArWy4pP8u|ZnihhJ#I5N7cDcEKI?QT@< zzuldUy(RxYMEdw~@WeX$5Gh4UR&+3J9yr#M!KY8w$B(wM9%zVFJ;_l;R>00PX%nL; zJe)Vitxz-y;CH1Lg)Z!F=|>uz$Kx^m04w$iBz0lvsYgo#d0^B$lC_{Txf%Q#6JM`S zC_6@j?^r*fsaxllss+^*0V8xtED!_>5PpnD$U~GUOsB^beNTWgV6`TOi3UprJRZ$7 zLJnV@tGr4)iU{2`$2uNEvW#IWahdj~i^Q}til~Ge>ibGJjFlZslnJeXPoV9>Z>q88 zIHuzarBz!iMP1|fK4|wvR?lB`7lz;UAJ-hl3>l^p=geR#olp#%rI!l=7jYWOF|7Q% zu>W1GRO&K~_NTJ?#}e%o237G(;^R~Uss}cq5|hg(BlNomS7**gw%Vg2vdwd1s>AQV zG4hFvu=33ctX!@v&QL4}SZDwhoq(Eb2GS||fg`47VQi>W1sb}3>@{}JF#t4X6N!cL zB5A}aP*KwF{me_DzL6+$t}+I8C>vxBXQj9#bg7*ejwBQKy-L4@>VAh`VSR)H(Dwki=(Kp%BnHdboWvzinUWqibtjjw&RSEIVL@mWWl&mq<}d11 z!JM4=QuBYK{^w!jvsr-Q-NQk;^uO($s{XgPxxHNfdyr(?b}80^M3ER=Z&+6}^oDSl z5rGw;Bp#7Od#bebFy1H4hz)$@XX5;K2x;hHC}CSsd+Ks)5itdx%u9%f)QM94TIEt& zS>iwUsY^sjj27MPrpi-a3o;L6 z(tH8IY1=ncPV;G?CH1U! z!^#IWW~#~`adw8|`L6|;VSsY#8&K&AXT^+HIIHHHBbY_{f6HDQLP%;X4`Bm9rS*Yw z-jp9Q;g+sMkjwYPGNZ?&sALWxLs>s zdY=AVsZsyqBjVmu97vb`x3Rlf_5bhfZ7%h{he#DWN{@PCJt;G*svhd^B$iXg>2I2$ zoU3QX{!Vqq13wlL`5E)^vnh=!nRaQ7Joc6BT!rsB3GjyTt06>8$aFCnuQ8MY$cV*K zznGHH^N|aPIGb=3Vt|}8E-V{JM1SBcj&v7nSXt5kObrPVtct`=Kbv^CQSvU)|5jl? z5278yjnY09T>r-ap&rMK8;?>fBn$Go=b>?Z7JH7HM()nRk%U=PAeo@l|9vXVg9buB zMf#}%BhxG2`BX!t!jl)PXA*i4kdQ{PmLH7>QwD~980Bqg%|t(jDAg#@aMFlUmxW_G z2}n|n%USpf8<`*3LvFpA-!#;tiRM>kN|>LKqHZBEl-JCU19W{tgZfX&TjrSuqp_sV zT7^u0NFs3@`y%}sG0&rd$2u^46nhhFAPWP%kICcQ5Jef<;>b%2m~pE|c?Eq6_5prC zx7_;5lND52s~FHmpMs)$FwpeuEBuc`37WbE{+ zv&BB@W0$9jl>HTJQh(0WsQ)D+p15o8qzQJ#f9!2l{C}J4>wCLP{qG@CFF$&nCYTA@ ziZm$-**W8^Qa!12W}W<_$*1d`L%yT|FyQE#L-UJcfOaT6L>*g>UZN2oAm z9Lq|!iXEIC)@}@g$Jdm!Y$hvEGvg4DFebh~TYIYGpF=d`91$Vly=@DWZ3hW_XLga9 zxw6vHeBXWwab>p%;aIn=tqF{RSGH%ftE=!@kO^AWN$8^KIMrUw2)RGgduQV4X<9=u z+|ycJU4`T1{g|@=eC84##?1GSTh{yc?{xrJRUjYw`+SugBUY$N{nUGgDs`nq zZ5*2kLsM4W4X5i6NVq#SRn>j(1#Y$G6#7-j6nVp#S$Qf7^hd)i?#U?q6*_!xL|y(} zjkW-!+OcYOOD6k=U`)A?LyaV@XIYAEUFoO$o$^ZRU{;Xjai?jWr5%ZiLy4!w_j}vU zs{5{jAlo*j^BnKftzCwnSP+oVD?+OAZ6*f<+fFfW+eET}y6r;%KWh`N1)?-V6|TZ) z9cU+UY}WiNt17FtG;)i1ph0YR%w2<#&qk$_HVlgoN|ifY$TdBIj$^Ke+CxdGFA{Eh zU7AO;LsN48$Z^>RgSuSL`M*m3jYpl_;b@>P`)_-_vj1muV{>=u|9Ozq=bWA918ok@ z4#gs;+GuUU0ys-%LO9Gd3V5t)Tgw)`sz=}~epZb+i(+|TOojLQ|&!h-b<^#l||fw zX6}uIQ;Aed_X=pIu7SbqAxO7Qz$+G_1u!w;GIN1$+WI$T5*UqJRKM}5kUtjRzA%AB z0FfVa;tz{~aR7pblh`LbKb8nUxJ=m(nfu4f54TGrpFDH!DDh7@4JGme=Ep(0f^9>| zfVwC+Zj-^o#8>SUvLuF&`S2=#Z|oc)ISnU$TTVLC(RewR zY5z^>U02($;$Vav*ccR%=qPhxoMlu%(o6#oI=#pTgDeSLX$^q&iW^gDFB;F1>?J> zEWDrr3Q2;f1kV1XOv6c7W2G`7iHwC|{ln+y=GPR7FQ=v2{$6}FN0=thwE*lLu%QTtqoq;_)RH0X2YdV;i#*E$Y*d-co%+{l|5fP~6RbwS{M6HULSeXK8Cow5;=pl!jDRrmn zbsLk0Bob35MYiUn4~OuY$F;|Jj$-!; zmjrQnY68`z(opZ~%#w^Ccf}g)0u4RA+7V7nqyP!M7Bo!R4Y0AqPzN3$SJib7YZ9e5 zg#Z8e@#CMpZ=SAw^RxHO@9OdK&x7CXwV%Cj)_zy7etxnBYah2i^~ksO*SiQT484fa zP`>8=Qfd`aMQWXIWtjTf#8shdcFg^ytg372zGM~032l>BOHM1EfTU(pgR#PC#vQf& zsd%s4!6n;OTe>f{GxhAJ7XFg|3aL&%Hx!*)!Cxca&2@6gf^{w34-2-pWEY)p4LOWC z)$mbi^$nklcy0JtkqfoCTKm@WF>%r_?7{SXc7xu*@!?s6%qVfjPg5$M(>KlubkY!&m1$;8j8^Es>rMi@?!k+%v44+zX%;Qjn|(=)&4e zy6Vybd}HtQ-oZ1RP$7AP04~9Qnt%la4w-wU4|gzy9r!+p!(-zyb%}54Zh)W4M*<#c z*ZiZWAkmz#K|&8gI+;p;mY$MpLf?&B>ro+~_ED2uI^pKj36T~`19R~M2_heLWNt*{ zbRgLv1^&@(aOYDOL(w41yJxC>WOnbeiyb{U|G2-Z&IDf@?415+&ki(P+AmI#fJVv+G;@7Kw zQ{Y5WfXWotuH`7lo-RKQ1rG@2k%AHqliT&HU{q4KQ z$%FmwTII;TUC}4I7{2&KGqPI44W^SCX|>TsQR_BZ{F3Mb(frW zKb*E)->#+#pQZZ8Bk?t_ao6{-VChO0z>mx}P9}4WaRuZ-fo-Jwy^aHdNB?0Wn=ciz|F82Ox=!<>(b3xBR_~3( zcK13MF~HltR7;4 zTt7sdUQ-_@<~s?AKl?5D6no=lvgw1zoDvtrq>EfhW`nUpHOU2Ll!L2xu$W8E^bHEP zM`qut*3c;RFl><~N!Gri*)49wX-=JeFsZ-N0KKPFSZtn#>?(=-ueskm2K{C#lTCx# zbEfT>)rwi$m;!qC#4ZwCYrcetI^{)22f9G-^q(hlWy9yz1?4^q!*=F(YWUo>sNI1D zfl|_N(q|QTKig23mC|dJQRHi_kobOa3t1C|^;k%48M6?X9$ zWue*q_w$|A=fp17*YbHpO69$JCbDDYZ@mIgcRN&HkVxaL{t7go5f4VhC!vcx1++_v z>tK^Rp}m_3MMGS0Hy*EWrf1Ku!$?h+L(k7&WIg-B2IY?l82u)frFqt)wRB{E#Mvnk z;)e0BWEC)@l`EX-(`8iG{wVaD!qe^fSQ7C9MEsRf@RE9y^fgj%mr~z4_1bmvyCY|7 zwhnMh=WkR~t@cnp7^1GR2I^?Wi(QUktodF`19l@UEuEfl5_$(1N=|Cj!glT-5%&s1 z?^s{(*^RM_DVmO@u20=IxTf*6wp+z~CS{MzvBW)K`Q9hh4TAbi(pr#!HVFcA#a6a9 zmLKHN){7BiK9V|$`Q_%Sao65_%x$v8%eYA;r+94+=k}?P3dR5U=|_m-kxyOC8Vy~@ z))uaj)A39p;~zg=fMiz~HW*wTgFzzNzZdywEG+h5|MVDMpS`$6vu)f|q|=(u2J1B+ zOh=k4Ovr5!cGD*NqI_1o5xJaNy>@-3?p~I0Z`(MEB`~wx=Q7SwM9kbe)?72_%h=ld z`8{1@cQl%z=JMzMcrYcu0u*#Ex}Bb-vPWn6H@?sku3>6D@Qq^gV< zYuUVA6{7_ttAc7W<5-OTO?P1MIP3AF_%+ctHF)pPP?KhzT1Y#oM;~FQ_an( zQ-jX1uwG-J+oj^F3${g;L-ci7eby|RP7R~ts#hRE-wuL4?d`W->nJ6d&gpNN4yT~% z4kTD`8Ahq`WP%4i5xv%#8W-5hffGURXbN1W4a&Z(dOp*E=JM`e- z^tCx#8i_m2_qwsvU?lM?Hhe=!6~h?3<4683Fdd+*cnV> z(4V<`iX1}?w??8V{uQIKm&EDK(fzQ!*c_XjsMrg{o~|)f@0VuN{OD0QnfLpFoo)tqdPRWRw65eux@n+$2xueKbM(BU3is~*Zi?i!_5_q+|2 zlX~kiBm~)zqqCm@4Ue@`C^?I^zJjI@9CL}&ZNmfZGtA-^ew21E%0on6bi0r~iv#J8 z(D80xN`qNzNX|$G2hNS7VuV0KV4j!ERn5H%Xh?%N7{XQu0$L}%ZlBBN@VNAtM0$8z z`l&_To|gO90efm2-Hw+2nqN;R%bi>-3n)?j+$(o+y&rbFW)!(+sm{@C|-Y#hRQVW!3#ZUu4;J zV{PIjARmn3y1TQpwbSIwF{jmAFMZQEjc9AQ1b##0Z5U3*5TU8A2iG-@s-9QMh2D@Al3Y+GMEXf-ybEAuema6 z6jR@$;RGV$UXck3$6AGpDHR}6`&&%W_hI6*5d=iKQyNa5=5AYkW?}xGgr2nuAx_Nx z_Qw&&G5vs^o{Zq%)*N&CFbgpaiG~O{_%uYvat_Zg&-G5JRXAWlz(RO)a1I{j!g3~5 z4)k9GzU7R5;{*LSeKDO3)SvXHxDE$-Mae-?W9p-@o;czrvYt32a%DYnWT2iIrxWYR ze_N~YhH%Pa0mp|&!g3Wy-l*{Z`tIh|lK&qftr{g6PLi>PgR?^ce@8z6efz&wWh)^~p`BoW>)4ZhzqdfQ;DI9P2_K{H6~lk}TP0X8b|=`ti)A zlIi#Q0)v9mmrUwU&GE;l#}FcVA~{e_UvKWEa)%^$nnQZ2IpnvR!{dXq!!^gUGy;NH zNL4=RK6=TiWd<_MHx8T{PdLXha`j!6d?es)>YmiHFUN(NQXMfhp2;;;V1iO96Dc zVQyr3R8em|NM&qo0POvHciT470F3Y7`V_NDcN2F_%JMC(y6Jgb+iCqIaeVBwJ$thK z#SjTeSd#=70Bx&rp7Z+w)S^-)ql6Pw#xtQ?{4k>rN6tk-{0NY+1=gx%T|Bq`R?9d zU~82?G(8Cyi2Y^j-hGt^_d9t|6j6Z$p%EW+06Zj6K*z3!gb1)pXwSn;kP*TD0Aj>M zgjsDdpYS+9Qzt?p9>5`^H~xiSK87DLvz|(L0?)J93 z)?f`zkK?t6tdk_?S z90zn-2fuEg1BnEMSIH2w2n)=?3lc6c<8Eg{B{&lyVm|2gJlOy&zfMYLVL`*vlgft?8G7^nD4xm8Jdo=FI(m&PBj08v^5@Dvg z#33TVK%xhanI@?JDdPa3N*)(9NK|P!VBUlX?1_ZoPTkycnlKNm-cmej9L_>qM@(Zp z02Ido@f2L0>k>sg_8NT5r^x@WQIKH1>J4Bv|L;G4zPnxG|GV4$=WG7|5YH1h!XuOf z0`%O&h_d3cb30Gq-Gp!;91#5L;LU4C@^K^t_F+TZI-P0F$Xcp81aQ+#6>nN+u|Ka z8ySFL3GS%I-(F+Jh>vwEL*!lI$cF%5V}{1qhvBr^JUqLSEeD%0j7J+CNUIG%zt=4v ztIib45{`jJ@I9sD06*pM{i|a*NCb^ZKt;AmbO6RzYRmvA{i@g;SHSuRhcx0?=ps+x zAm5(lfF&23%0DE)Sz+CrwUNWePaV_1y9tIXEJuihoWVp+hoCS)ksn}x6ICM+fKrd@L1rqr_k-t&E zAwWYMaP>j|X^+MrT!F&~l^fS#fH((_VFiSo15G(3;sOPM=J*O&yTYL?j}4U=RC7+o z5g<6T3!b77OMJ!D=Rih~qB|}Z8bG&O{qmDsR0HU5rH>wopaEvN)TIIV8N&^Vlo-Oj z3HFmfk(3k;7!4o}P=qy|!_5RUg@!4}Rfjweb54cH__mFimybLjmSkr1MkX*?$uhD8aw!!sP)rRh<8xrJ9%@xbg?YkC{hc- ziK*|%S?fJfbB9JF5=lYPtd=04H*z&dA<-U}Vi6n%dWCbq?%0KxQAwecft1Ef6SCxi zX*K0{01W>(Aq@LRiIhYyGWbr$5zSs7-(pWmjd?v#?OmvjDSL-m$nB2~gh+UkwAo0psI4TQrD2?AM-X#7eZ*H{nE z5*AaAM@b<2lzWS>r3bF~kSQ(Mb4Vf*CSf|AA&vx3`#r)jj(kZsG*X2*`4s~lX$isX zm4G5&eN+S`$%b#r0uZ7pL|E@)B$AAuD^|#{nSrz$hBJjBosxirL=>jTi<1Ft?`?(F zI~-4Nh#3kTE~u0d6a#-ltRf)}DVq*pukc0f%))b>?47J3x)(9D?vcARG^7~ z2;bxqf!s7kWSnS@kj{zPJ2Z9@)zXD&XaMIlkc&)rkal+=nV6bPbPGv@t`P~;{;M0x zBuB!buPH8~dJX_9rmg!5(e00U6`Ke2R@-m;Dfzto{`845?@O};WcKu zBxP`^WL9yx;p$bB%DHmvF{9VSm%^~*ZxhN>26r=&a@IA5sa_W$y_RG?lBAw+*^6vm zuOmJ|+k5-qlQHHZg)N1PL~{4{)EZF`jg)|) z^)R~m1Z(!4_N$lyH7EoWO=UIJYy~1NF!ED?%#ur`v|AL$0Ztpua8)46bi#C@fkD7v zH1fT#`=kARJo;+y`PR^XzTe;WM*Xk*yL)^4JLvgW&qsTE+xvU_qdknh-5t;WY739P z_K=6RcE0{fwQAZ-=~xM25GGvB^bm2pziZ|(-M}Ph0r3RaoL17Gt1#(WG-ip^x)H#U zN9D{*;a0MbfhGw%t4E*bcboxRQnPX&J++D9q=qgh9i+FrlQcoVcvkAYbl@HUR>cD$se`k zkk)ur6-*|SiwK3OxG#C{j}b?L@Db5WHWf?{qUjBqnsQ2^N=2kWCeJF#=(Se1vX=m5 zwauepOd}kLf&IxbEL$selxgHi)z@q?3h~B@>`C?mQuCgIAffuk6ca^}Dc;eV@nK#; zZ%VdCZ}ve$6^cJGDmj&XAa-o33S}IFR*HwlE@Ey}O}IGK-W3)WJ0zkI{;%ZZh|>etWU9!ErHr=3D(?@Xd&&yOt7-y z@>p(18R?T~EXC>$K%`qRoAtc@^e!l=Iqf-JsVO!j)gq{7p ztvY6wVf~CUA>}6XTmBrt?(WV`U9D6QRZBw)z3JwZNmcrfb6ZG$VhPAkQrWe?rDWG9 zmQdQ?{z?g}PYM#RRij*C+X%6GiFpYZG=!tmi=s%twGip@YcJIsxRgz3h=`sNj@dQQ zQ>vT7M$}N28THK#^&ym+d)1UrF^`@Kr4IzxI8!WAMI+&+!KM~mDKn91>=LR~kQ*fn zA>W7m3n0CvY58}E1A60X^P}W(H-zI&xWYIFA?1!?fTAn;T@OwfkTinMv@{6_E{vF< z*RWhDhX*zzRV;+-P7Z>g^p$5y(oi<0s4|s2uJCkIp+QNf5^8)aa3s}Y=(-+L0%9h| z>CMLzfwr>Yv=t>z6HnD;5el4C1aah+>o_AuLr22+q9?+*Cno4dVCRgH5V5IqPN{GX z4`grEvPWc0iCQKejUw5+7X46$8jXT{*(G8kcM{Jspq90*l(na}bg=9n-YK*1BXcvkcwJ}rKT&1v_i-}pAW(p+Dv>kwJ9btGh3=wb~BdPuRS+f#2 z*XAnOD6%3s+yjVse>39Sn-Sl!MsB`#vML8c;4oHGV3v<1_?nT}S^A>@7 z5~(9h?Zr`}Epk+c+9yVH)9Y0z;!lXcQk0gYY0mWY+R~C2#M&gy-Hv%Ps4)`gUX_Cr z@#TL|Z2mLR|52)uV93J*h-f4i?Fb`b^t=#rj>h;yKvnBQqKu`g3K}cisAVtZClZZ6 zD0Oilhm$fOMfNn|5+Q1h@fdrlOisAAjL7m)Fa_)rVGP=lz|M|Ht0${?6L};~}1p zY9)8S&{N(WKzAZUJm~f0!_mpHI4*x`LR-SeB+k$)wV^F{80mK``$Q;A3V> z>S`)0ylZYH`6Q_QsIyV|9|hd zoUf5HI&fb8@^NSTlVkth{`5st6Gqmo9b;CgzrC}&xBvXBueT1qJ3KmmS^n+xx4X5q zf2q9vRE49f7~fo6%z!USf}ml5>bt>WJ%}xE`|M6KIkuk^Gq`3P&!F(Kr(648XRVESy=raYVMb_a5bZlejG=}pp4Xr43-ds8SaksW zoGV(eWY&Ui3+O2d7Xb4<)K+y|Y~QbP`^Rhn^yDs)^C}rvqHcaNy4bifMR;K{n*&%& zZk3hS3V5rsi$k+4R9QVQP8O=5D$xkP9nIVinx4fv$~v4Ytjuj;rbOSWg?bUO&C{^& z&F#@zH`{w#;gY}?WiF|o{PJ;k^V8k?ZRhJ>-tWnOHMYlhdVg-4}!*YZvFe1^5TmKUneBghLgOEiC-W!5X5Gc0N%ZEvY8+>M)S6ST>tQ1k9> zbc6#e@T?^`Yrw^Obn^$?o;5BgpDo1tiZfEH7T@&SGPjGVdlOS=Q< z)U9FearEp%xA}){b)74h*oQd@&mHz>IZxz{`?E?3w5WeY%cJzF`*iC?KYwGH=Q)y< zn|E#rOEWbKy`N7+&=)Qik_~i~yHk9P+1<(Ll!`NkIgZ4#;(_J-|Hqm^YZ*PrIk;SE zpN~{*r~5@A)2{5l+1Xuy{EdUZ@sa%H@?}E?WD#wZj0F^qTitJVjHKVdCo|66W2x>TZ$q+C$-J-23x94b)WoUq@k1`X7D%b z>ig#rcIHW*S;5ce$k}rEpKk+d4k_??81UGOAC|!WsFZV$IVePBSkFdd@rRiWE11P9 zb>IewYuSEXgq6q9$E#QKAMK_>yQNgV)!+IKQR|s0hp2g+i77@XS*cLFztps^Ho;9jTtL_=AV+cI`^@I zuKbQ?amfMvq2_Xlqmr!d?+za`ODyNHu{Pvq&8!XiGvC%LiaJ2+3Z?w*`2v0`&>CaA zuGDBf{~qItFTS_-;Qq`a&?27Ntr^s#}8(&#RHCKI2txCjc}@s-MaH}+!3Oq7GNnd*kq^4tFj zr%ueMgx*#4&3E(J^=P;#m##67wIC}Klxx-W^clkR3CU9yR0x*r7mnRl*;ba6TQW+>&gn~RUY#P_sic{Itx!X~Zp;N%g zuPUOZ0zM6m8f(*%3e=jH%zMj|ap?%PRseWACz;#%_|X9}0{15!bWi1+FnkR@ed^4} zL8>BinpCC8W0Z3hGgjvYBazOdQ_WEdXe2P}6ehWZLMx?@2_71m1ZZh@CKphO6%|8R zrRX6XF01KVF7-HZq{dVpa~{Cnz6PyZu?0G6dfJ#UnC;#i#&Q3Z0=l;%af4%=d#PjiE@5|2dZJcFWlkCa__11er=gZ!wPl_q| zctj$cM)OS5!z$GdoV<);ey&a>uhM5`JDerp!W{^fL>}z#s6R<~k&H&<7P?LsOk4S; z(fhKa19kz*dQdru;J*n9RC;pBh!ym1=Vz?jR^^54L5_sO5PK-$7&r|Jd0Et$M+67H zPGhIyG-=sGZ4S>&hS;Oii!^{QkFmGmc21-up;?=1#PCiN&{w}BBFnL-q!7dbDc}vX zbI_Y=204nY{j;n#q?l{`-UjOd&)WGyjbQMi{j}yVX1LIexaS&Cx^4<*;pKwB#f(H^ z1l_-J=Wo1QYD;(8p2+I|ERdcxr*gHJEaGxL)w~)a(WR8H=G?heW%G$G56H%~{@WyC zhdY(73V9g1|L8*ZLwE7zq$LHDZFdfw#`9DGDmQkQPkIXW0et)jI!=Dm;9T8(Qz>q; zQN1=@xE2MOK_6r}{N*ak<;>)N6f>z-$dBV%G^Y?*+xB37^9JrVU`r&=>9a+LHD3i9&+nvG zHC%+>roV{ulas@A|-BCITQa<#Ti z2@w^G*RwlKL6w_pYCX|uTpW)Pl|j6_?6@;nvQ%%)9BO=p-7MU-DpklLVyZlA7;9D* z?lNZU6HmZ~YjV(i`qU{VVOIG>K7O3vWZFWdWiL*wm)+-kTVYrClcy)SR|mQgyN|xR z_dUrvsY&Mi@gv9`%*VIO_Y2)h!`%(I0}BilI7WkE?{zg8exBx^&N95nAvA%X=AyPX zz5C34mW)ufQ_LvSe*Uvo7NUUrPEKR5i%rjhq}V*x*~D0+f*MTUpAKeinT;e-VkEMf zp#MT)Fu$r+X5bDYIc1T6?bdt2W1Cif7f+M@&zQ>@4X`^!;k|5tbI$+z{r$52@A>xb z^R@l&A)Yn|GAJfLr8+hnB2S746UxZ1`XKA-E3Jn2J69y~2XLrK=bQ$(6JmjUBv76V ztXZ+ObUXO;$=LgqD9aw+2tO9IKY9Y8Vpp3x*$)8Ih2Th21)m^_cX18|Mm(7YUDVJpy& zP4er|ptC9b! zJ1!xL?=Ah$<^Ma|mHeOk`@4H<{{Ik<&D(Pht|tEtitod?H3hX?=rwG;+lDQ7*NlA? zj6I#=mj|y8-<}@6d;Q_<*}D&iCr1TVuIsxVu}p#tMPm$KT;b^^e4)|@!{9}!M!|rH zA|IYnmKJ`7{|nE|-*+JBg>rA+NZqkFHsD#L+t&$OH*{k~KtF!eCGH@JW6a>wCk1!b zY<2=%W78}fI3;|wr*?&xCaGo}Fy9>q!S}}>&VGFT`or1V*C&VnDgsqLXvwd48xZYgW>>Y2aXx(-%qS?(xYYRR z{~jN{dwc%j^~uG%r^5DnU?>-!zTpWD&`uJ!7?^-vn z!OM<{3fMY7zIglN`Qh=!0G@vQ2!j4Er%{VG?qImTiz5#{eR?`$2|o5#_@{hk$bV)V z%Dr(v+~DDa(yK*9!rAiQ_WthfUP=Go-e2GUc$lZn##8VFv^ibMkDJ+C&f?P3nJ*;g zJFPb6{*Al*+UwT23#y%MW44!uPeVi^+tVrUsjegUZ@js$neA^BPMXrrJj}#TC?LKX zSG9gIoD$ptiG+m}6ey1=E^7yb3wTy=5Xi@}QTQ?!YxU(_W8QO>KmQ`NTbE4>T4VH( z9Nid4hX;kC;Gu4PgBDgD8_}kn3o?$de<)w%2#QExq0?$X_TS*Nkxx@?WVCFOMZi7X z`?G-3t0ac*b-xQ;6S%By5cYZz0dKKXHe4x=+n`FV?1V!%L~%C*qJWPV`hd7ALGPx= z+iA(J2)OIX4{9g&u?HK_eTAp>C9mWMt7ILu%krpz2jqu@OFhzD3n|$KyU=};2qZ`} z{#oxLTFFdIc(FRvDFWJX&91}iFv0`k;cg0#`EGO)HMC9m;zmPi$~c+WA?cxnH(A#8 z0)iuu~&GSmwKf%nNlGSA$Mtsgwb-as9I>aZjYnq&G|*H1mbHTWSC-sH8lP?laQD_AVc zEtlo!zCGoq3W-6O#k}Mb6mWMB?5zZU%VKa@94^8?>PlOE)Wp-MV5lW0xgR%ay)0|E zN&}-IBcQBKBCiXzx=~lK7}R~kqWv;Mnu({n{%qJ84FW@Q3`PDy5Kqu)62jgBW3TPF z2>-GZHLI1CPMGyGWwHv{qY;USnC6&{sE-dSZ?)qiVc0)P7>ULg-URzeK%() zV|`bdMuS3}4cTUTt>+zPAuoP*G}Au5jTu(bZt1%$afPP?C@yEpD{)0=j2V(!0h~mY zj|zj8re)&+iIQ9Eea!F(v!w>>zzrtji6}?8(oJH?wMqcA9J_L0SDu4qNlNORGca*P zF+Zi^_?B>CiZv2-W6Z6bx*CfV7i-BCwM`efJL-PkU4^n&S@6h4KOPN3BsIVHPlt$4o^HZZ$9uX7 zT`z_nOCl@j1N1}~_pF#3y>GyqgwzN04_5tXWsArILN!vPp~)Y)lu5SAuQO6rXMF{x zMy^SK$Jj4_yQV=B;x{yj8c1>eZ0RPf-a^^h84{C0Ww^`rpm3C*f7kU>oP)yNh5WZs zFrCc;8i{=D#g9SaV~?ruWR#8rBU}bF@wtB`C=K)vhx=Cp6vQOLvxwbj`>=qo?3F3=1}eovrjwiOz`Ok-9vdz6;T7#I@51r3&?UL zSR5Ni*Do0j?N#NaPCv%sE`OGF{4vOBCYqia4LX-`AtP71QZENPxu<&|5^{z1M zsba3*YclLs+LRu zAMQ=C#KjNq-kn`oU*x__P;i6;G`+wcjeI_UJ)8BZl!V!*e$F%{Xn&;f6mFvAPmP9W z-!4q`xc>HBi@BAI(AF`tmji28xglcGwuvH)t#r!@eQNSwZr7@^KF#QCJnA>63pHAl zRcCR*Y#6IxZrMI&!@qR1#oa8s{aQ;PRnEQIkg)gxV=+Aiby+mOsgko*&|xL;y&Z) zY+8DKD0`nnSxr@MWAxtyXMWelK|`C*Q?~&%2IG*CeR-wq>>U6P5Ih_VgX-nKWE>;4c6)UOkEIPvlEXr%6; z!6}V2b~3(qQ8;36KC>`q6}1~fCC8(^G33V;atda+Xj^Ig;M1p*=;OyUIL9d!@@GZI zs2=+`i*;hQ=)5OW%CA2cUDa$UOzIpDor0KDE>l`osi95Qte0zTbaxfnx{cU!X6<+x z7`a8N{5DR80nt=%yMPVmNk>J`Q(ZV=fiZCmdQzLt-4j238tm@w^g_vUaapV^OBRD= zgsO@as+~+=i%VStU$@avX58Y+`;YuKLL^8SPHk5&5ed|L6GtG$xt`eaF`@&9=f?-{ zjJ zp?>Uz@h5ra^M7q)x=$E@IsAWnw_l0>vc0pl=Kl}zw7vheu=~)=TQ&{uLFr|OEVD?h zBVx63H8E@BwlvGe_DF6_Z8o$NR#zX?>CNyz+(bRk5tbR4ihDx2RwqB5Y&&S30Jv50 zLeAsr1;U5Nb9QIvi*OpLD|S2%h=A^9b710z@wbQ+Js%Yc3UklTslT+O!7Sb~%UbF} zSN?CqB?5;$yV8_3jN({sqWb3-5qArk_Uv0r29C@TSU0k)+4_s7ct56t&qUgD?`Bp1 zd~8PiNKc#nUkRM|5CG=se|x*T<^5lZ1nd3(0iH$UzgeqZk;QNOLg8AWTS?eAa|@$* zd+qmqt8*SwEw8mYk2US~vb(#Jx`7}z#zMQU>2kl5tz|y{H%CYxl6cIJzsx=`hyU+B z-`y_T|N7f&{{J9PEBjyjyKKL;P$Aa6`EH)};6;Aq z_j4#6TI$=AYY&LE2gD!917hvfa1XDB->vt;Z27NA{?BvqeD3(q{pbDX`<3|5&)4z) z9_0BrBTr??^izr{r3mC=L4W1qRk3y0=S)<)lJA2@jt*7I!nJ6Ks5#YF8z-vN*(!oX z&1>?W5u@5|S@p)Y`cP57#fVQegxsE#6JY&0%($-ETZ!16w+hh_fH=9RMa72`JTtm2-r z9Ud)b#^qpV11n6~>;c;$+$;&BWvI7#XsB;}1}6GjGuT808TD~>p1`{a;p$@^)B=>@ z5_5fH7Bq!%K^cY-2{3R9VuA$ROmLL7L&Q_A;}~EcNF=C=siMhJX9>^R--N5LINZ=A z@ZmoR7m_~!5m{3VNj@R_h%_i98Uq5KFg2A^7eIy2kgqGiA)d8^^c#I|7jVQAhPej) z;N%DhhnQg%2gV2FG0HiVqXs(oq4Qz#-jl3azxRS6o8{BcOpE-s_NLPss@0 zgL4brc8z!8mv7`ch)P3h907dO9&Gp~yWamE93Q&93FYELeRV}#UHAox@L(rfU=981 zrG+>UAyq*+H@j!EgXj5YU^m^!qXQP@sg1`jAKMSXdr==bTcZ zE{dpInU&5x>qMrAMdbU{2&5PPy7+K#^ycKW_RHD3^Mk|V+E0f+oWFhhuJY;V;PAuw z@xjrDi{pdy!yjfcw&pPvBa$r;cg%1qwcG1W>XEmzC-4(ugeDwf>Stu8Mu2Yxa4aP2 z<1T!M5d#uINFrZL2qB85lCy~k=GbiV5s)xOp0L`dI(FPkojcA*2se~nNtWtSCV6Er zb@LilT?Zs#>+WPDxd3)Uf&j3JgDZKj3-6{e@lX&T zKTjfF16)3RvTDANtPie{3V9Zt*p~HV>uO=Dt<37+wUndNZfFFrGD%yB#9TrgGa6$S zOcm%R@SgnmlowjpRsyAD3JS;*i5h&&sKB1cYPp|>g|u53pNrM3j)xq-`~Kvp?)8s# zub1XHZ+|*IKR-FDsdxPD?C{{MHJeJme|Pq>^6u>T{Nf|(u|wzI`gnGukSg?SuTQ; z83|?~i4=GGo*@sP6+_dNch&mhRYP5qg`N?rxN(3uSH|Tw(^siAi&`s%ODBbeiD?Q~ zt|sK=B(o%W(XrxaZn4v_}6d{G5N^h;m`B6;;1GItyBN0NsAK=JPVw zkrwt=UAw2wUXQ;)U)8n$k){(^88FTH7xpv0XK>xTl+PHtC|1-Eg3Sg-WYveKKAQny}xt(N|R4mu5)|C)A? z<`ij`r%nYiOS#F^sq8EDnJGJ)SYWR`OIkiN&wo;fATL0iFMkR&KmO}pIsWU~|Kow4 zIp;qgtKk7>`K4)JK6thoH?~T05$;W}p9FO${bzQ&3mr){d%dks?;q#s_|1eDKrSpxBzZG?`oRz*liC!M-&m`!^RaRg(Pg zUme3iwikOr!UbmB?f(8^i_hf$_fP$yo;mz~YwvmG{J;Nveg6L-PdonK+LHURDSgM> znybo)JM+5!W2M^o?XrXx>;K+vK=aoB{@(Ml{P(=Smj52)`4g>wOBHSBy}6KI$?ueH zG_8N5(j%kN-%A9TxBj13{r{hDulN54d1mGIF!r3;$+8-+NG;_d{aaCbP>^aoyt}+2 zQ{tW_RLu-oD0@iHLg!b{4@-Apu`G)1*8lxPfVuns^K$+_`PX{=Kg9Ey)_>Xd`@3ca zH5QQ178$>#r|MRBMf2aZ{srbj|LYj@h7)6EBH=G+3!Z2H-L0(uovpp~{{J9PX^WB* zPNH$)Dqs1&6&oVYMTwYDMt-f&?s2F|=9~tLB?v1C?~448=V8trCfh2qh#64;bg|;i zf3-E5Fz!w8e|vYUlK*SBzn1?VC zM1>&iZvofd6)Nge5YQVHxJ!@_mqKdli%oeHD$GUhu2k_zdiCRX$A@o@UVQP)04;Yz zwPk`6X_7GcM z2$-|~?{4kwm-WBh?REa22YD9X|7%l3HztSAcz=yJFiiM#NN|3Yo=;5deyQ&QUAD#Ml0?A}UgcCSpc+YLmU zgWitbDEx=hC`MxPqWjS$0*Czlm%q4@7vx-6y^>7eQ@22mB@);!lB4CPXF}!YxdfIV z%vsH4bDqC3q^pSl`!i{Gdqu>%IEYp7jMTiAmDkT7*jn%ax>phD6&J&36Sn(}*7Bf5|x7gR0#s9kDg5-igBUMv^1Tkh1 zkO;dS_vqrog^Jtz1P*B!(g=P!ya1mt-f_o7^whr^{Ej>PmG#uW>5Iv@C;v%*^6RLV zH#9`vRT8Ug8@%(S%WvY&m+lZM<6d)*`ndOdV3)=9e|~&$^yb(N{gw7Hd;Rb3ZkP4{{?5+Y{{Jw~lfpd*lXc(+ z9E5NWy@AbQ1o~3!eZ*Fef@&%9$DKCi$hWA!$bEAag1(WV?eV1hUdF^-hRP`FlNvRjO(6zF8&yToBJL zn|iQ3JAQQ`1^+KiL_Ue1XA$-BMrw&R>{?x1IevAa6Gx~Thq(Y;U-TtnV1oKX(@4~sx zj==%J?N|FB_IH6YI5>Z^ziT&YTvB9(BZXFpNSlz2@1Deam;{12hIW6N@e(d*sIrTQ3Frf5FnQYQGI%_*6bz}&ZYYv7 zCG*)BF&e5i?7s5P=f;;<0anQf5*kQ##|4tg#{|Q|1t-2J|Mf)UC`tnlhET&VubJ&%YXVTzP`2{JJ@eie0&I zfw6k0$s&{t;E+aAze_{!NZQuxyYK3%JMOL4_f)IcSCdjem2A;M^fiur$|Qq$Vs#D| z*6JxHh)Fa2cRF`AmoTrjhIdzA$JTw}u5&kV8lL7aR+-KnT>kR~^xb{;_7aM1t1tWR z&Ti$C-9KD@E9*aZZ{hEM2h~>pxvZhT?7KUA<`e9@yI&XE%Io*PD)*AsFW0H>zh5bp z*58{6f9DCD=y_J;AgAyN9Qb}^x!F9O;h1tFD4TXVmzS5FN%|6y@7tCINOwGYw;K~N zNro<=X$%=zUA3b+*D0b^{{i(-Q0@{AsaD}j{Sl~M!>bx+h&e}N{2`#@%e>yPI>!U^5du1fXM!av<`u`Y z(A=iaAyGSZX`DX_q73XQGm)FJWFT_C)fMj3r$A#~M*f}B_YrU`xtiSAB@0yf=+Ib; z1x7>}Gn&K&2-@_iF2Tzkn?&Oef?nZB?ulpCTTpK`-<*NexqT|R<0O}Xih1EuJ>^u% z>}rc?6oxvTchqF@1q9}>ag+o`2$VIn*r&4R-JnRRXQqPGvIa_UoTk&bS(3+6nTn@* z=`Kyd%lw>G3Z7i5YseEspN=tG2&MMmh!U^0n=K%S@QvM&vQBv@lH#u~kvE*m9a=VX z=|pKRMQvaQM@MhQPS(JsY+DJZmujOmz+a{ZrLqH@_m}pBqN#eR)lQ8qK9OxDTuYhn zn$!WQaadb$CM<8Ha&{V)0P#{fL!~}gYGn~kN)u3B|BEJ>Mu1Xn2aq3pf=?Cq!oEqphv+TDfA)+GBEOBE|C^1PHQEhI;EP1x9mr5}x%JU-L zPX7`3eURPi1i*&W z7#<_$2U0ntBeIliy;zN8VgF~sqS%F5rI+PUikGPkq(ZQ8^i~}V9v#0v zes>H)&d`Vkz9GM&QfPA-O&ZD?yQ$Q8_0vz}Pbs)E?J3}AL`}mmQ2|I5Rox)9fKVc6 zC_y&+K+Xi^*Q=`0KqDZDxnLL-WOhkLLI)dBP)QKqr^mtTX1UOc%MXue#7AoEnX=J9g7;-Ru^ZuB&vd^jKd5?Kt!rvl~VPhKNHg zFz|1k3C2m6dC4)wAoxYj*|bu3G6ElSl_*wF;3UA2r?o^Wb}H0GK6n!qxLeIh;%oN? zC9E0>Y?z)+rMMQct9_MfMj7$KKHUZSIdy(hVZG~2*k5}u6El2>=HDwEq^L;;a2$>W>C;r*`hJrQVTVg)_^aw^upQ1XmQER=w+4$ zTFPO$B~|KC)a^)FL~hI}NGRYm`#~bffsI8~ZKHW7!)YNmaz?X*)y>p=>F}}U^rf*^ zf{z6v0f$)64mXz0_si}Z)_!HS5J~+-Bhp;sk%G+A2dPb_Bc1Zw*gTu;NQz;Rf>MLZ z62e?tQ>r;FZ*i(LRA+u#qNUCq%(Y2Di!!aAl{MsO4cET%Q)^nyYzPJ6v0luZgYiqj zlB(fkIgDT0X`~wfKb%m?Gm$S%IsNQXD*%_9m&15;x#6ag?Y_JF^*?|{!L;0v(HK?; zcp(^K#X6N@e3bD<8Z`u_o7tV>@O%X*&jBxUyTTDbNwrfvCq3ZlX|+~uJafCtwkC^b zE;WiW-~x?n+PPE0{Z<2KywT94WqYAjLTs3@2!1)Ai@9l$We<|>bR%!`&3Z`k!w1UQS;I06k$H*>{ ziiw*oTT=%flFC($Ru)kk;|IYFnpSLr3qN&$n|vsj1;7(^6HF&ck>E=KRccGwQD#fP zZH&vEIUt_kT2z~p8fG@&)f$(ozaipye;07%Q6Kx}3W3?#l{<2#Sj71dmj}F%^kxpm zYl4+qM(k8^`j zy5A1WUjz8^%b)e1Uw%1|#ZN{`uk|tnWa!bhTV?*szbZw*bpJ*}em)CJ9%W1l_j(yB zd0%bgX*d?1QG^{ORZwNLOKos}{b$c7*WbdtL$qu*mp)3HL5BIc+Tzb$r&EAiBB*Jz zQ@1WnU->Dil;e@gBpYCXl?ZJ}szGkvR2Zx^f!K-SwlL);}{fvhbO0SHeS)m}LTtGmsa4?mNRI&&n)tt*zZT2zp0}^4tw>p#LC1A!V z(}u=WVal9LWPhd`$yqLUcXxI!%ZAyR1D|g-HW8Ex*5gf}tj3(|Q*C>_uT^<%=WVd_ zDkm*K%2&}MQ;8P;TJmDw#?~l_l)!}oi2xEQ*-oq9O5=&KM@Ga0a}X`3da97B&Pzr~ z5KQ%c{XG$HW4YXDz!mwz0UOi9BaIe@Q7#tfBNYXkE(1Qr+OtkKn0gp0IF+BdD_mAhwnwPz3l8G2g{gQ zej`@hI+PXoXG;@rMb2N5#W!nhhS_(X^I^Rmbwvi*HmzwbtHK557(Z5K!!@nVG%J=M zWH=6phvwL4Y$e~+0Ck;pJ~;IdZqMki1fifY4d{4!5i^W@sRs#$NF;d4uk8qrNQAjL zsGa6vc(|$v$YYeJuKIH!4AJey6}}ljUn=@346pFC96o$v95H1vDOLR#aU=*I5jmp+ zxX_7n@If@aK~q^sahxn^tbFtLXvpJl?0@a7?)4>R|69KDlgCu8d{3`rXMA_Txhzf= z`ZZy*4=gl#<(6~s>O#pLa%)P>TG~&KF2qe1BX|v=`d8C*!|B8s5|dP!vDTozhhwaA zBNAY_PNi&&Su<(f!DSB%ua{F!PlNFvPNT~*ghr%3y*NojHPnH4m$@Bh5goJ(RS@L+ zb8BPmVmLGqo>6}mh_fI(lZ$hqXE6vp%*63+O!ThXcqsu6F%wc1lcK^k3WzTiHb3>_ zClN$RIK)hDxjvfC2Kf#yclP(TX5OH%8Lu$|VT1HI$pTY;H;VcI7)4Kz8n0VWFB_0~f;>nzD`b4900DGm#gZ29c14#N6FBfHJE z$472E2-7npbr4gAru{LJyHP)$`m?0+c-o&T%^sCS6Xk=YR)W_weY&bM@!AS({EYhU9_ zt=9}YEQtVLV>VT>gh~$T$}XW4Lf^IVKX)W`hjlAEsxx?59M^gl&nstfd7IiiSUplQ ze8P~yv-cchz_%!j0}MkP(3@YLJu$zXgp+8Thw9M_QdP{3xi*@P4qFUr?pai&%@rL@ zRUxdNPt_he&Dt7&!zWKgBaoU^V_;H3gt9#-uh%I}l-ICg96GTipzN-W=}uYeE>->P zdd6mHlVr>=XO-KGJCM-9p%ClVMX#(>8_E#nY zc{z`IDYos8k_Uo+1lG7#Ls#>qSax!p;E^(tv%;mW4luxnlEkJ4$iBI&%NkfiTtZm{{GQdC17x)-}KBS)LVt6bc?M<1>$gnrQk^-537tx`bKqYh!KCdToM}O{HeoJ3QKen8a9lccn(G&CU_NR<1P|h5F{Y`hw21mJb-HAFkJ~GMmZ4NkiQR0r3d37m{hsW@YpW3vk6OWkbt zQ>X7JpvEduKul?1_rZ@jr>;Rz>Niw#pq@Del$MPPi`;Xahfa%F%;?qCT;sna!Mi70 zC<9c31eJm%^Aga<_U2kxdNk;@xgo3X+mw#|^#D^Gw{!w9k?Y1(2z4OJXfmF_&zRaqAhDj+nG1kn>fe<*1g%uUI zifDW1CsElq-*UCpJ`PXY5y{hglJ@=P;!qDZFIpYhXPAw9iF>~@(d~Zov$({!(A1zr zQ0vx&Wf&)>$ulf?c^$4DbxqdK>>_<+QY$P)-DQiF-M!uQO2(hZZP_i#j(YWw$)Hg+EbpuniSw# z!BFknaSM(0jQT4c=|WZu2i1o z=a!`x9?$OX&Q3uIvs=4AInof3D6_W}hw+lK)O+#h^rFZ$xjrdy`L$;$2cX+CSHe^d zxP&R5dttH2ud)CgJG!=Ma=6#a(Hit|up3z#}XpB+pV$M)dTsM@4 z>_cw)lQ*e-sW){jD=()cmn9Cf=NDSO*MKK82V6{jH;o%RaInvajri>eI%>1r`v{@mK{|$@5hemrK^satJaZ zb!MPQ%4jH0fBEmOuE}WO(8?M0k_J4Lxx~mtIzCktn$G7Y4c_=Il}x#`2vt z_$9dt8rR!W7t2HD!hsGgtL_^kPhiFepktWD6BH#OX2j#0@U-`I6P`NqpAS#9%k$IC z`4;^eDI%9E8(_KzR;r28>gbDSH$VmUwCa9%a^yB9R9j+{l5Zlg!70W*%3+%~(8u=T aT0iS&{j8tGpZ_la0RR6A*LCy&@Bsk5T85_p literal 0 HcmV?d00001 diff --git a/assets/datadog/datadog-3.53.3.tgz b/assets/datadog/datadog-3.53.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..66916e53ac77148f3ff2156a7f0da17fc4f1b877 GIT binary patch literal 160741 zcmV)IK)k;niwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwyaw9jAD2&hFdMBqjB2hCh#gho;zWoz{g%RNKd~ zyCH#9Ac;}2Py?W(=6D>judy%i{rkPsKFJqITneZQFKVgn@r)edmZ}OsB9TZW@)~1_ zV>a&%7nsZL3NMr2J^IhV!NI|sSFhmTgM)+ezlVnhhrc^~_4>`>tCufdy*m8e!Qs*C zw@1H22agX*^(Pk+^WPnO_E_b~{hj>aG-VP?%2Ls9ArxVW6E^QgSjvQSDeFaqOFE+@ z?xPHInG#<6SxiNi;8iEZOVUTjnyPBQyv?Vib4R$KEbXIb-~8#Ydw9?}cvkx{CkerV zm~IWRws1zjw;kLaws4lYKihBHt(b_2(@eqx0}2|Fw)omd;zZWOdJYEc&eu zTC$W%#%Vflbr4Pz3gOo!k(@@YC8nvwG$kCqCQD3{J`#DBF)sgC2oXXdN<&Ntmh*@} zFBWK=W#OcHIEq-F%AO!n!6Ejr!UZe@Pl+VLYdxoOkx!wS8u6IT9TuQf%dOnY?(3J` zm#tr#fdBdPSwEKl-{B-D;%N?mwfz6+_2I$WgA)ILdGPAhKl%Tc_}SY-$7F`{L?TTB zXvTPnY3}Wz2_f#`f+R~6vnXGZR39BkGL#U^Q?z89^i>1LLRlor?5M2bS1U^82$#DWFtm+E7 zZIv5(eM-#dL{3&hlBMeJ3jRhH6IeL8paR7tOV~=S4tkz3A?P$AW?p@i&@}(FkM3z2 zvwQKP<@eV|ZFmg>MQpib=_#I)M5uwxZ;~l6lNJ1uB#0Ap2DSVKee~1M3Rr@d*XG0` zcdA!T=2S?&QaxVU-z7u2ATR;dB~TrrOFSn6J&z4}N{0Sz9`P<^=x>PRUH3Z{6c>MG z`81(Xmqfga?}a_Q{zD;!q%lqBh^6-U>XrLACrVkr>$ zcf(8cae_Jky@sIYXx)A=$~nu3`N+Xt{ca#AHeY!&3cnltU`MN;ruycXMYn{%&!^_g z82PsRr`_U9#+OD=$5Qn>RYwAv;JqvAqeSl0J5)- z2UmmRi|?)npjqT0uY5{|G4N^{K zs@cBYni=MJNhIM&;#(q6#z{nCl12ovJHk<0&#K*Zs0b%mikduq$*F0Pk(B59V8>&)y&(G`pKK2j~}0oVKWyM#?~GA4XUg@EO!0@0s_msDMTDm; zm)lI`^OhL20i7A+9W@Y5=bag6%Z?qYqZ@VHh@G|Yhy_fQ&v1jk{Aie)nWWXFOU1s%!|m#;Iwnc zl6*-V&`d4}x1hUb>j9T^Nz{sO3%329rs@lp#zI4Bo&$_857v*_MCqLl`e8v}5|U|F zPY_0P_|PM8C6cmxbqcuiOYa8B%&C-# z!+Ehd6n^8Im(;`8~y)qwLhAjH-0YV+y?6B_PQ797#66KuA)sUr^)bP0fhj2;~2AeQfjI0x(js`CQFv8MN~L+*DZZ^_zg73JWmJWqaeJG4)l>J$f>$$ zU1U!43Ny&zo3?=4*md5v&lUcP=iEJ)s|=oJ(Y16B6LLoq_4J?}qG7>={2n&(nUcfD zoMm{f#W0Hzg$%v^D=o|{OJClY6G-n1bXRmIjF|YI2{|?_tb8XZM18n(ut@YGmPRC# zqNl_#JSRQfrReR!(26PBv0Df=Poa;_SxUkQn}g?E-PAiBG$9gUl&ADBxjU5fHD2Fk z**y{w%hV*)I0BB(q4{pOAknQr1Phwj`;L+Yp*={tQ)2s8?d+qNNsrk|c1u!G2#Ygj znF}Y15l00*?4hsFDZ3{;!h)cLNJ+TZM`^yC!Y^u&#VT8<{#crBSx4YMm33&gH_2yeWgJE$AG$=K`nb4+kh(V2&dNW!K7p%M6=) zhMFwT729Dm^xcQizCw(E+XY~r#EN%vfyTCj=yc zg1$N=ozs+P8slU}xRR!O3d_B_!zq#Yu$OTLvP##o9$_g)?3rcnzB?J69#6WUl|jfO zC@pdiPd`qsMwi#;gR@cTA_BUFP6vnterGeoJ2cCssgm_!!>P5<`UTY(Nd^c+&jTgf zS`lcjuhiGD>?H1~0edeDnNIX!^DJoc%#Ccu1mHeS4mGe=?ee1A)CbAyyBK|h9!l+U z@v^(s_%G{QzuvC(>$=u)%;udryIVW$&b!fZU1OXbZZq^?eCS%MfBPOO7)wq-9dUe} z^Tg7JVmA%+Aqc~|VM1La85}2w>YIB?h(6GDn=;hc%5EPoPYt11b)y#B zfewtWMxBW?C9#sk+Uf;dMfD_Ls*PHoaM}r*pQ_`@vg3r!=c@ZV!lz77x!PCf3yswa zeUJfDq!CW`5u43g2-%VP=;Zv}MF@pr z6BCIgInx@3k-717I&j?r1%_6lYD|F1Qm6(Uqm%G-taay{XGQb$+|_P+k`q$%yt5$5 zvZENP>>PCuUv`gr@JC%AFtaNIW!iM(h0cFYnQt;!eawI6qlJnpZE6VZb&L5x*>A;1bMu!2mBH2@C5 zT(KT5^^H?+bvj5-+tGzy+iMv7I#QR~NJ$D7y;gkCxO{%8Rd1s7{IGj?)IIq93wQSq zsHukE(^Qf<*N0ZG77Xvw5c`(|KE=^iQ&u0YS%&`!s>91~2Sd*U08+R^d)>{Xb|^Ye z87HS?j-%Cw$r*@Rptz*M;Tq?Xbs}?V)Iuwpp#<7g7Q(E-bHzbZ#Yq`5%4f|n;hMJ9 zf>Qz0C{{+pq<9vv+!-Yae5HgHPShQbq%nyR7Ko}RB2T1H)BruIc2g!78bGnHzKL)O zvZElgJVA27^7#VAIoD$lw4`RGQMSN>I5oIvCAO-G(jo%`jTShahu6e)Tp%P^P-!gmt`TU?ajNeGj^l=0L0!u8bQ7oP8f{b+ zZ@Z&i&-@H$wK&(4S>o(b(C&KsZD77Y-R@}rKErEB{rmCYQ4oHY;okgN9dc^icoL6uU-ct z)Za0ISJAx7TIGTm2;lI&%+r)`Sg3c5qXhH0(|!r9bOGQ#IN%U;iR=n%aZGg$S4vQP zPYH^tkep6)skJjPiD?8nE+w0T5@@THutL4nk@?;$+CB^4DHMjPICTq*k{n2<8Fqyb z3&+XK&Rh4OF;f=xluY(a1hO1loy{G4mS9kqt521XcTbW;V?-+0a!C{VS5id>kPRns z9ubr<99va#KrG#D<$rDRGPAi3{?d{qhq*bKu4S~#HH5JXX(iy?GZ0sJu6O}*l0nZCEIgx0g)qkE^R7jpjGI!UsJ>yzB z-W;oA9GNkWzNwkP(Kr2SiH!qk|OGkhNWV zhg|`ZqK?zj$z~ke5JpR!fk}|fd@EPSZsoMG0IqYii zU5(dV#^PNu&^Y;0U*6ndTLQ>>Z>nb|!lw^z<=5t~n%QhWkwM*Av}raa7r5$_D!qF1 zqIlWGOZ-=s;(Gxb-&-AumkkRvI6uF*8eE-RoKH4S%x!?3Db?+qW^%3T+nXOr@A~S0 zl(W>j-<64Na5kEZ2g9u?P8#q}sWyG7BZNk92!M4;N*sZw908uF&z61lS1N(+m@A>X zqJdaJVs$2gpl$?e&0tSmbb|3YlNbz7Yq_`iM)7C~2m$|fBj+fsiy%5Xd_0Z2SYk@rsf^%KkC)JZ}uzW68kD zU_s{#^gLzY8?2_{dHCZyMq_Zt;S_Fm&Sm%b_A+~RwO^y-ZtRt(mc0>&3hS(g%Yn$ zb*Rv=|L=F0|9isb|8C#>prePN6Az4j$mYnW><;rW3IIKXJ9uZd7a_3^cGhDyS9fl43~m>;=Q3ru z7v0PtJ%~2bd%<-D*eiLPpMlGX68Zt8D4~XB3KKkKUDxrFppVC6=%Z`sK;iQbhexl= z8iN8X#_61<$3&9Ix*eM9hkk=%_e!05Zrj@9dTaZ5Ozud+GQ$0J$W!|1TCnJr$le|} zD|Ym-9XBjEiMwGtc33rP3HAoHSuxig1)P8^wv=;@-CzzepDXADqRx6@XM?!Yh?Q;S z9!?T0=^e2&S0<5Pk{H5i^p!->Jm*}H2@Iq?S3RmPSPq2wd`#&lbj+5RrbxFiE}AKL z)#~PtH*KpF_JON6UKVrFO@lMXEKk8#^f&qv?mq7qXQ7Qbk6nMwfe*7iw=8`w>_eXi8gFPDq+|J2$XY$CNiIkXyv;Jy@HlX4#w&A53ggBH zjqx3(iDsAD{TkeqyJdae;PU+B{5zkS%LSIkr&&8`!wpG^0~uEolC02-a&nIoa2S&d z!tbe-1ozxo1==2tL0_vFOcaq!u_8FbaJtfdj9Q(<6gE;48FWzrFT0lJEQU9-QTy%5 zF@y{oOPUq~j9jleekPFmq!c@_hmJ?%%h7OfH9GF=Xjn6V*R2WoD|qOYf|iORP7)#| zimh5csw4v=k6XJ5SsU86^}aL!ZbVVa(o+`U6(taL-lQzH3x`sc zLexcq%*>?e;5jTP%O!}=hPX2pH~6R3NmBM9F!LUZ_@N znaP!9gz6~O`@nqfNw;5@$-;c|jnUoMiH}+Av^jQEPrcJY?=VeB96b6KN4FQ?tzJC) zm@WuTh2`rC&*y|U zSiba2yNQZj?5x#>J$|SXu(nNl94OchVOO;lri9>_@KI8}_6nrmAYxxFNwmNz6-#YB zEiva7LSa{Rj9-6oO0Xcu)@RAHsDXh6B4}ZVG5{{r){PbP1Zu)J2kWMHX}3KLnt=P4 zuak9b!Atv6f-$=YQwpx=|L64?&hI6ZkFx=JNSTqnqhuTyQVD+qOWiEsd z97%eIWjWX+VRN6{cXNlDVnHMA40W9gJSTx1lCZfag>)eALx_P|F&if0E_OrXpqC^y zQnn5u4X5Ce8Wk$&FEgtekawBkM@2;Ms0|!9PCGymARx}*6-`T8V=sA%NgCs>#5_-d z=@?nk`13qdH_{w79mG1Q3nWn&0Z=^N;}zs#DI7-u*k1&J1xD(1BmkLWBWHOc=_yS~ zpyxCJ=RrK4VKX{$7J~5qPC`?HGAt$GY01^2yCdZ&hkTf2+o$C#k{_ zPLRF#nt(7WT-5M$?=ZhR>>eHc{)Ly&#Pvjl@k5OZLxX}uj|W#btLMhqvdrpmwlr$2 zQN^o9^#ZCrqt1H{Dn9cE<2DT&NVYM`Xhyb=0jpfKaJKAuTDMU(_$vfj&1ntDSHm%o zW}ez)P0yVQ><@=WZ@krc44^$|8W@#=xz2G(b6-+`Z!g?5o$n)-YBP}n*>qSag}RUz zstGCfoP4O(!@!`!sN{ll6#lk2b1WPc3y#(zX#Vj;)|)qVz%*;H9ko<-*IOVv+%{{` zy%Q}}l-iAGZq{c5t~-WNY^l*MdaN633te`@pj&IR)pAT|I!_3iNRpwGR7hUr5HMeX zQowrmQ8>oIEe)N>LRU~xU;Od+np9}mr@fqob1i*Tvu|no=OP%y%TafR5<2CWQ;;uA zmPsRA1Rj6S70gDTQop0N1j>0xiHCq^K{IJ{qCx>F>Om}q12fxJkj6R^wgjq;k9`7I zs{?KiY(l3dA2&dG0?-v>`qAc^L3&`q`MZXKOJI6KS%0-Xba8b$Ml_uhA+-^aluh~w zF_~m0IS+{ly|Zcqq+}GyB9?eshhn;_S=YAcx=*`vo<*nwBlqT)<6&hy{i8nfl^NT0 z+~BQS3`Wv8V>HnIl(xeIhSXic5ww0F{iu)H2VMBD|LW!8+xG55mh5icOo2_pbL$JY z7No$uR0u!YfuhbEyOQs(uEq^3sXp6nB~^=cD+z-=?n;^=ODowtP~A%YVYiipA$MNM zCXlKt37g*O8!8ahs~z;c)#!=rG2(NH($Lkj#B*v&@7}2ku+h(PRacB z@Z$X4$#-XivB_U#o9Qv?+vudCbqSA1dbbN!yc}Ag4#=#NKuesi>bvUhVvN#KxxVlU ziPISKxX~a9uFf6?&8$b~-(P<}xD4=QTsytD;Qvy^$}x@PZuC+l+rcQ-YI4($=an4- zwE+x8331>q9>>%eQEGx*1$u7$mDF7-2v4zDrA9bfK#E%%zk@+31UezrS2tdt7^k+p zgieT~E)hMQ#~SoZdLj3$0mo#b6c3NV0UKmGi#=>|5>pXRA@O@3{jK8`nWj`;YvlC3 zhdMq(_&cPd{eDqf5l!2BVXs&1H!t7*v0Vx0Fk#M>k#T%YW0FGo6Xt!n9q`<)rb_sNWY?xAOO3J}GW*IyJlcx`bR#o5!fCRE1G4(HV;A z407EWw^)sW7iyk48hgy7XgXl8R`=&|8Ef>-IsR+nrGvp`G^4Hn*RA-52;!?*m zS~ecUKp2(|s#+#GCiD>w!4^V6TeIJbuR@lk^8$}Ko04tVmiKwTk~z9~*M($@4+-A@ z|5oUzlNCV0NUqO5s^;zX#?}-%WN9in*4f~^Yh<EDUk_HZ`GM*IuZF)x3pCb z&IebJOVS3l7oAX3C8ny3?)QowJCdnOZ%X8hCX(??(4nmB*>dL-C9!iY+>>FFI!$lPNH>iE$9z`$2@R!C0pExJ*>I+6(@ zpGbuM`#=95)QQ4DIvv!T(zG|lVsWE4q6V$6O=ar%@A)mZnD8ZI75XYqn5%E}C7SV- zKd@?T)Zq!8_DpD0&%9kX{4|>#D_RV-1dxmrGD@mbE79Z%z1Z&?xQyR5&N9rGjQi8V z$UU{QD(@0)S~XwwQJ%t%O-a0YpIi;c|0gFoIn`;J!_9Iv9HYOew>FD2`F8xSGsS|$ zTKe?}HtcANx$0&Y7iS-6$tQxKi;FXKs~)cz(6roQB%O&IN4I!R&RlheW6A^XE%?d= zK|76erdy$+D1@UX&^aqH$;#4-ZfK&}K_L(UT+I*^@iKdmWT~z*jIIHD#uD|J9m^&ew*sHx3=o}IY?v;rR(js>~$(<>!c2hzP);f93KK9M3bWCcDi*Riq16; zVkFPw^9e-Yc>DkOd;(Dgq4T2inY1l7pNmWU=}MiTBp$kx83qD(A^eFh^QFsRuPsWq z+TLS7)_b?En?5>xd3f;lX#Et;5q^e0LE57U{VOStFVr&=Cy@)nb-sl{@Q84 z+MR_%!El7Wst49{x7bG+;b?o6$TVToUVIq6j>*eIayXshw@2{|N3UN05tI1!Z1%_3 zZ;qmuvp9;54tm+`+==FTbDMvE+k61DE?Q$Fe~JcU|XD zSB`LHA?im6Q=xh>Hwwu&0lkBTMe7=a=hh>22=5J?U=5(^YHn)GXlWG9ImUJIRBxTI21oDi5GUCJAKC-buNJWO`+F=2Ut)fnu^8u)i3lf_j>@AON0|jl zmOA};i3r?_E%m}+I48-{X0^WzIp*8$%h%n5-v`x-Tv>rXLQY(d@j9lp18-XItyoN_ z5^}g^QkA$v!*pPx!={P8X`1NKLE}U%obM}Wub*uxI&s6CbzS8m9hW&Mg`SA5sSN?r zHrE+UKy#@DSt4x0i^|ijPV;T|)j<(M___1+A$O@1jcNJ)==99kk^AUtNa0rOPd zQ#lcW#HV;gxG*+1TQ#@F-k9P{ESQvpyCHxU!;-jm(}R9Rhl7khO!m=tA4cj_pq|VD zMl6d+px6R-Dk98dzdI zO-iYvZ0C*m39#&E{3_ua@*Zrrtf04n%Lm*anwQnn{hNY=TPgm{x1PaL%`Ks7_tik} zf8H&=+#IJiOjsTxTRahsnSg~UlxFDpa56r7u`Ss)0pk3dOhr+(assKYy@{bINuz~2 zyM-1Rtp+F;E;`k9)Zb-v#bhB0_~p2J~}#B79%#f$~Quw z=;gYYUOB+elJKV}ioIlW4@P&>aE){T^z5Pkxh#2}7rHq(BHc0fcHiVnH)q@7n*((A zEh3OndP$a6)dn>xExcO(zbUq`rLPj)>oH-N+@|ed-3hkb3qLS^3;JHSDV`61m^^F) z*r8{1Ir^;8(L0*xII1~3ES-Z06(f{D%UD7qN@{(i>w&c`n)d7u6W3|uF0I?AVx>g! z#DKm%JYl=d%LpflZsYq9JooDa07Y_^PZJ^*jA=VWnyg-I*m_15+8%h*U^}Qo?TkXS zmA!P%iYjov&ol(;Qn@}FNL0o zwRlcbw4`Y+i74o@GKM;tJ`3I-FqNlNNUJXQ0QR-zpbG|Dk2cqEg5#BkS{pMR0_u0} z90`CgVYxUXyb!i`hTiqC9oa4kpIdVyUD5<|t+e%quix_)l(Du3@4&dihFcs!KTHbA z-SU59gx#l5w@9A&y?`N?YW zNp&J<4z|o#>cFcMpKKm&mf$<>F7QtOW;TbrBkRG6Borvfj)5T0g{Q4mP?@&s3Vizq zNH%+S*ehd1w~S~)^Ce&t?w0T;v^eSw;g4!N4RYTbRZmejt_n{j^y(qvROkdDdh&WK zBDoA`-6YI1F z1kzue=NfE14JdfkMV@Ik#(OJ_2~YuV9TqyDS_>kH^I7n_mR4wby@^!pf^|CR`>^VAl`z2P7czbkKNE&MOM(o7Zm-AW zE~xg}f#R;ZPOiV__l)0;E`=vLCcRzf&PMLq>$Qz2P#f6hzyoXkJ+tIzGqRxPc1}ml zX5E*s456AweRLFh&FTuWgIqFAz@}L36|z{!7obSDdgs zd=U=Tu|Y!i&vFP)CFDvI<4BXRE{Uao^==iO;v;!RmYzK9`!tBd2&IK7dn)fh~f#G8d2D2NVd?29%G$EPS&Y-xzxo=PDj6|y_smP+$FKT^~ zEN&9}Rc$8O$_>)X`s-)Y2raR6nI)u1N}=;><1|hR!+PhQ#-!zC&xWM@Q9^K+wow0f&>JTKpjKpo`Bwu2LfroYv$_R z+h(nYTpG;WdM)33K!=pp`V(yOw5r8!tL|1G_W${HMFOnx%@~x@1wWf*9YB~Yx;{RWK(G9(!ABZ?jwnB!F7&ABv#U;P9vqprOtKVX#RCe z-x;}Pa8A_a5}dI8v{^;gQH?0{d*tC;ZMiZ9AXIeKUo&8qCy7x5HO#p90(vR_?4y&} zIg?{f#QGIdO(rJeLuC+e#>IE&Ir-E#_*>a{WHK9OPxJ>XB7 z6h&~b=xMKm-kuqUrt=OwQgE0I6&;p#a3?eAg1w29ii?;~g0C+}-(BnE65p&_=9rx` z3GOXdntCUkNZ~0Zp4W3^ms?TSIBj zIAr)kxq#@q@Qw#yc{LuWKvTxlk$^J7mlO^so!U5AA#qD}>TzJ7UYT(3h{^?-`6nNCa8pR2G?;Xgb&91i1DJgw^n4qv}=XIr$_#{f9c0 zB!kU;THu8&zfDYXpCdK#C`jKy%rEDZx*OTNfpuJGltf;`|-l|J5F$XktVB4#^gKa8saG-XiDX*Nw_NR81SemNO+D)Qb4&4*tAl;4RE1RarbYy)kOT$QZOVTRC)Q_o>!81oJs3a!`B)iLI-w5?4wr`PtmlB|qoQL%`b4NmgQ;$sOJwk3Lb1lt`)P-h=^{yOOV zRUOg*ggwjZ;2xQhhlZbnXm5%jYStQv1CbnME2>k+Gc_R*oO9cNRZ zgvc(sP#o;JcwyYFOAdod*sm1~)r&QzsQ(EB09`r<@xb)td!Sc4o+X%*fzuX`)d3`m ztbKMc9LLCtAmEZ(q@$V>*#p~c=Cy?wWXUPH)3H!aMy@!-hR6y__cQ~yX<9~yKhQN5 z&y7@F#Oh_7xT2zy;9I+;=&X4esPNcxb*R2Q+O~zyuRE*`&9Dry!o4w?mq6VBqdOcL zN3#sN9!SV1qFRK*URl0cP)9ZKNDa8p^d;4kKDVC0I!FSeZ~Yd`SX>yr%Ns8%#1Fmy zya&FOxPl|^yKbe;njMRMiO1X>Txd;|lPj^ux(x=_ z_#k+JM~{532~a_pCF7;oXsx_(dJ9jdW>`rJm3ydVpQUfMjJB{^J=?6#FuBcW`p!l8 zV0>cz%r|L6Dw-X0Z?hr92&bs%&RkW?qpabNWf1Q(JS?i~__=Rqj4#z0oN6Z=^M&)- zF|jbPyNYO-Qi`Gk6`UxEc(CvcxTo6MjzM@!9 z4GI9Li3DH3(54EArapylKBbalzH%qnUvk1}DVIhcofuz5JIB)4s_T$TKBp2bv1UgJ zwfVC$C1S8#*nTvd)@q%~jCMhX-intH4SG4nP#=IGaSS!{M_VEmf4jb|o&} zj|cjg$FUC8s~+bsJVB%wdI#FHH3zh7h^KP%UR1?JScqKjDystY7)}>tKpp3&LujAl zyZJs^(sUm!@uz(x@})7OyJ7kW-xZZ-gNiE7NNW8FW+7Cauw1eBVe!x923B20hD}K) zS6RVD)bE9CT|1N=#*Ctx^zAyGj9a@6o)rZ#bq1g<2M?++eDf!C*gbr0Jr7OV`B$&% z)rwUP?&Y%e6XRDnXJ(HU+XMHIGrQ)?k{GG8;-kU%tan^0 z?XKO@OfFy(eM!>0eao`;tt#|I=?sJ{`j9Ne$-1@i-Ww-%Po@jTZte9H{x#y&GMC`F zWTL9rJK&@Bjw#F$J%yrn(IVmr8nJxkL+mXG;($xe%J7 zXRi0st}Yz6Ji)jZF#T{;G8XGTu@6^_Gq9;P)eMBV~PNxL5 z7feW+wf9lmkV1POF^<|g#cI1K!E`d)2_7o!;nTN0AoLZ`;hKUd!d$>0Jkbt-Jc@@X zV%?~_uHT@l&33(NOa#4N*uv0j+WO~csS7PGJH&!E4{?%EA`0EIImc}&Vpo=zA&L3i zSa*#cF;7#^qN}SlfeQDz^FFHG z^5e|ViT1Z!5}X>V5;*yS)Gee5*i!vT#iGa^fs_((XVeS`Ojc=8$Gl+EazU0}1#Kx! zy`p!RCVBv~rXlzDucvxjXWFQ$BVn1-%iG;g@JG)SW|T%FKN%q-+SZ3T$}~d0y5_~H8nv?#tC(FgsS8W%V^;%(%JOSkX|7y z2DGjU&=!lb`D#;3aQ^Me+++?84rWgVXDi@i#Sj@n60?coRI%g*pX10VZsOg}7%t z?xU}Ny!d!|J$!#L8J%B`2b0MU7njF%a&VAy=JOVU8qd%Onys?n}}1md)0uWBt1WTY~W1DjaFEb2*(6f zfOSDfn~@jG7-3q}HIxd6Hc9tUm;4ay~T zHAtykJz$1fUUD5kSe2QE?-AD6*BFA@IB0q!CpCh5t*g9ou29!~TuQPK1HN!7X~#ZM zM}+ycktQ;hu=#3|ae`yd*7soisr$X{6$$8;rt=y+rjStGjR#39iQLyhH|P+|p#HVd zBz@3B|8*?H9Sw2EgG|$11DYDBa6xb)7dAgW{A;{RtRF$0 zOOv$_=+=MrOOF*D_R;Ituiw;+nb13u5+TMmAA7~mH5|=;k8}ceq3>0?R*)Y%JAxp? z!`A}!&>QsO0`<@#y7XKt9L^|Cj!A-76B4mB7JYQ6L*FvODcG5VrzSqmJ=RY} z4rN-d7MzF$OX5B{^lx9@^Ey;$qT2x%uEE2R5svw5!UkB0$$TwKjDsz060aeQxVdWP zS&Std0t=EX&7XC`>vsFDxG0HUF?4Uwg4%*Q9`LKiq&81oYG^*{(c#MNKe1QsCH^$Y z`J7lZ!IO`LYQdz1D50rZ3MzJ=OWlWh{O;Alj!) z`>{M|bW>i@ME9%Fzonox;nHd37R3jK6h4B>v3CDBKk*U`m_)^{NcfV@7gD!L8RV&V z>7KM9Ru5!-1f~QPiXo=6y{oic!)sSE0X}F6ymK9WZl6JgUj=i z^Y8qM**b(r4QI|cP+4Fdfu9kctk8^da*shB&a5U>_h$jHg~y3*i6gZqY;r4{u5>~y ztN9A*l~Ap51t?pt@}y>HvdU$buH8?pRU6$r#J<}Vbv<#(P+uOUk*!$Be z5)?{Z&B}(HH&Ljf^XJy4WmSKwSH%VEMr(3I2P4{;#m7|e9Ek1PJf3TBYvUWEWZc-j zMpOO1>hxBe01(65)U&sRYxB^ASKBR<(cqeNG!>^98=T*iU9fgATZ^@i`gSh5j(fVu~=WlH_!kBduB6aALGc6W& zPb-01Cjf{I!@OJq4VOrKZ?9-a)0ku=jdjvG>kdEk=s=%pb#Jg@dY zIF(yLtBJ1>;wEqrQV;~}s1{C$T+xvWR#~|zkjA-@)dbDhSeT+m*jHbV{_n};>g4>p z>*L|zy6TQo3z`vzYQWMmYZ)$1aI~<_74<+C*|8fzyZruSINAuC;RZTcl9yjpR6Li> zddDpN@BjQSSy^|Z8uQO1lYz;oi`6ocxR_6HYPFowKY+wV>7yCVYy@OnO3DYX1dU0A z{Z!csliyu@KRmtoc6W@a2wmjNW!%z3P5~ zDn-@mM2D~6yy~1DzJB}G01I$|=B0o)7vvho1f`K%FPpPiz0o%?{Z$pkfi>rHjorox zWIi6l7}2s>Cp6P|hMGfdsHr#Yl+8hbfv4K+%`0o*f%$;v%r%ZhNx zAryS4?p{Z4y9eEauDOHNW=7bU3&Fq;CPDBzsz;rd7@_NBJ}7pJwf%dYn{)@8`?l^3 ze!@k_fN>k$i9Hs)WQ?HCrWCbvOI9sI!@Wv?;EHq7Ghg1tUA!=@dybIli#0y@V z2Pa%uzac8=7tElV>%F6yr|>A!B;qjJ{Ta?o2*90n5r+{2tw?v{MHJcqIn_{!y^rq3 z!C!zQdQsKT;cJ_*4Eweo1=^ub-Q{lnb_0P#BuX$RXqhLHb`nJ);fx<3@`7Kpx36qw zzG5X5=Tgh`H?0|%F*b!mQfmojjG-y!Xo~;ZYH86xpS1dS|E&Fy=3)9nfZ)ek?*e?nYh!3lgR7hNT_5&P7HV6X?_R7Za)?9>WoG%;x4VV4bjMKOT?w zZLXgsUYUdrdwXb3B%0@#<5ViZVvy4s6>@nYyY8Q~o-I}VX~_CM+~@0f*pyqr77 zUM2XA`F8B^+eLL3PFvue1%+H31j) zgr%g^e?dEMz0)zs2NXbAJsLyDzV)eqg03oO)KldEDod+C^%tbnm5+3j6U z!=dTh_aQpV1q3J|ERe{eYiTg&cWAN2^Mv%F#burjEcoWzi!8`ZuAP(n#!dD*caJ$! zotVemJ=Q)o1qA9RA$KI{BXO_>DVa@776+?hT#K}3*ZZbasikrDqUzFn z?#`GLE=fU?rNXosAACm47+%J+ugbI+3~DO+dQU8}J4Nll;K}7^a`EwUI0_z)uPz7P zqw~>Ksik`I?d8SbcsQ6`1y3&rKe)e7#>4B=i{S_NVEF#xhoY0g$K#W$>*2-u)#b%$ z>FMQYaO@r(4~FpIdNLYZ4&Sd?022W9F%@`5CMyxiBv^IAlvQS>eKt(m zh{1*o22N91b^FmPbysZ54a3=V4cp}jD2=x%UxNe3%ZY%T>|V}`fV@H=jkyt!SE<9x zk5JRLY?R%IirrEslu=QaG{MZ?OPpZg+#-3xdUz8yKUD{MVYit>MY21>r|Mp}+DCUd zp|N_QkA84Y>}yBGeH4>vKHrC&Py6T|^K>5(&KXxCn2x>C;i7CdE9&j~xm0Fqt4y&j zSOS-Joa7J_WIc>5h_=1`8!p8s=kG2y&vF2PKz_e>lUqYR)~dY?)*&>W84~gXq};=* z=?z}^HoNVcZ=CnGK?X(U(sdCA>ZcTC@Oldh+Zc3!Hv}7?ihSJcV-EyU4LU#@Tlf{aawZAue`fy*@6!7~}N-{(@}x zAzaggba$S)j>P|NIHtc=Pk9acau=WNCi`TELoHQ2@M!Sh{Za>m)&T~~QwN#%+0I9U zuV#G6*-#pLx5FVA{I_sAl(4be@ep9+i=7WX$iH>D+@I_2N6gx-@^^E__&9hnzFUu~ zu4ftAWSa#;D<`wWq-#XFbaafCI0ilBW+UsGa#&T9v3*l#nMJzLc^~~-+nH$F`>5?( zXYJqGFsuG@Hd*_JGsoHomxCYFuhs~weh2%j`lV!1ZEwwlzu4JiaJ%u|5`4J(`D9u@ z{Pt2Af5$T_1mHJuN|iCP<2e;#o|H&kZ5|-B8;kE|$Aqh~{uUaMhi62w)usktw z{AE+b1i2&mV=;;p3UmZcD zT7eM0hh>Zm@^h;{r8c1e9G<#x1BZ5+X1D2vFTleS5ex2Z-tp6Nw8Phv2i(y(D86)Q1zw`*2)T+ zc^w|upE7SQ@}R-$6;HfX^P|467DN!6E=?CD5ll}Vn>1?3<`EZ2u%dbiT`qH}=vilH ziM_OG0f*WyMVraH|9HUDxH7@Nn-5C#4j9&~+hAn2!=FB(WL-eGReVoH~6HBF%F%S6e7@@lt%|Hp6K$x|!eUoc2Gn1#8_!|Fq^0^ZzQZV*bCzdlfzw!h z-9_rog;;9pGB8n;JT=)hro;wu?7JRyiZw4=gQjE~fxTimFdQSlBn<8;SQata1#n@@ zuhE+>SfusKKQBLB=Ym{osIRqF<2uoa7b^1%yZYu&4Sm_W#I?bHapSB_wrM5H&rGvv zx-p$TUVcpo6q@)IVjal-tFFy3R#%JTaVn|7;QlZ*NecpyAmr%Od*Wq~d#B!M%aNL~ z7uR0_)|4rG5X^Qx%DD*|F+z)~icIeu|B?b#?6yqB2=o z@J;=*hE;SlYOeB--9TLCX{zgax?H0Ei`rl{o!e0$Yp{qR?VMJv*p>AYjOq@3HH-a< zrrs4rz%AGA%a*OwIAwCN7Bs(JqC)XRVo6M`?IGi&_)uY6^9Gg*Q(@Q?Ia}L-Ixjr{ z^!P%FclX5Q06LjHs1qt2J4aL@fRl(Vmn4l#sS&9_vjorWs7jK=Nm53#DQHr9>IN&8 zpa?nYn*04?33t{`?e97J zPV>YboQfydJa+GB-9$AtPxJVXpBHBRSpTR=VrtQ{O_q4MXv!2{E`L_afvef(mKo!V zydov0>{V%kTBjQm+tkhTF|*t>_Fo+F{t&8X>>dBXD3x^fKI(Mk6I8UVulZR8?+kc_V7$cSHqG)6R4GZ&;fO1UwPBF1A=XF1H) z9L`QBO4P0T=x80Pw#m`Rk{Dg;?m#_SNzmw++Qtlx4Nx=}+te)N$xCj&Ha;5LmfU=8 zeQxS!w6@@3^(fe6Z?ZR|nu>?j&RoUAjFTDR{8wM}Fu>eywGX#J#k*0Lji32@~Ur}LHPVgzwMHD7#T6udCS=hQ6X|73Zo|UyRQoYVRhOH zP>oROK53Z@y7o+gttR$ie*lRREGP)3cSJ}!#|px}GqF_S4b^@npGZ_#!y>j^;uJzH zdQ+PAlxW}n57Wc1usUo>6#V>TEPpR+Sxo}7<6{0AtJ{VL=)Oj#d#X zRB|{D0#Y398Y!YCJf#r_yTuhXoG9zVi!`e2SW3cG;)!!^5vceUVc|pZ1(EE9KGlak zZ47y;33u8M>eRR>yM;E@FG^j6QyAT}Wn@!5l%G{U*2hoIjq|Ikr{oL3Ji_c4ja?d8|?04PUKfq{m%1My>7nL-`@ngPQP z*9;xn7WS>r3`}U#Oq@NW&KR~CDC>m)3UW``QETq#IxA`s^s4K$1m>B2gmqt3pgBp2 zuDNR?iwK(KNuoU*j3Z*<%Ft>ex7}kXYlv`d-NQYED%$m`zPy@#Rr`GUI`+-2nr2y6 z@|-g$0$?71yXoYttNy1Q#f-C|K#-}wTUN;cUPH|Z6MdAZk6W$4@pOLcTvpuk?);X3 z-7ljF(|6BQ%SWMU-a7|aioW|W0ykM`^BN7MnlFweDAJ{le& zkbps(=X)lBO+jfO{^DUNPQj7A?Oh^8}+h2(i8 zb56jQkQ1%Wx8>zT;fGgrd~$X?sSd4nrP{j~?!&Z*$Fm`@+FcObw3b?cv$2rRMA7+8 z?+)``LZ`hbVR;PKgq}U{IyAn4JqaNV;HB#-WIPiE5)Hy^4t>9xe4jotgLsFm=;49wpYCcaK-z#4q*4 zhvmAFVb=fO{qyHH@nfj4=YkS?=NDI_NmqW7k2c1^!NI|sSFe6&f~89TzIprd&70pH zzIy%U@YTzguU;Mg?%?p%%cIx7LkEur!J403NX&nC@Y!RPC--;q^V3fq#f_dbj-GcR zuFc(Vx;UdB$jTO{*B*5*nm&8+0{#4R>)4NiGB)pwYDeunQ~ZSXAf|vTRvWhjFWhGB!__jwr zWeMY2<7rT_4Hnc?e`L8;;>Uptzxl)*=?cEV_(Wa4jp#6A9Mt|)Ao3{#n_vshXfO@f zD+%HVAo)Qq_LV| z3w}=oQGe_`>JM~>!k^LQ<;7(mX}re81qX$5?v|Rl?j8}k7RX?p)O$~pM4jO@wZ$b- zo=Td)n$3yS^k>khg-){-x~+>8`4mCxs`wTIX4-b&ld!xpMJdfc-i?d`mytVbU9L6c$yHai(MMp>>?+KCM_hMw211_e5EN7Bc}fCE!`HwUzufkLJL{m% zJiVkMlxCl9`!oZg5%$whWgPze^9#ig3x6`$L!dsiLBp}J;Cp=p3;v?((@*JFO$ddR zcMD1g&7n=C;J#|0h4B3^M+{{HcP%ySJuxwqfhbn8gvO^P2RcLKFX*{BCQ(~U7#+>= zom&vlK^t{npf(uFVeu-0LU2DbswCsCUj&%_td;PMGDi0KGRAmE83S)4Wz@p8QOd{~ zq>QnZGK`#&Xdmtxky4HO!pEAGLw+5CNcL+NM8-9OhzVK2DY(wjNK=!R6n2skGFmK4 zYG}LiN5k12?3VDr*6o^)?4W7mIqf#tul=MBwMd%}>%FI-ueCrt?P0x%fYuz@0VOn_ z(;+GRs!!^09X21-<+^nQjC>PV5+n>o+%l86k_-)_^&UaGxjPs9}0(33*Jgr@U^pot_I zDp_#97*T0B0r4|T6Vz6#YNOC@c0#^(J6PMMiuxOC=6A{C=0q+C@3spo#AgvlNpK9* zJ4SwtwWtUN^7e~Ip@q7YciEo<^EyhIq!D=nZGyk5KL#1xwn5u8*9s%2g7TeFwUShO ztAu1q1ubmJg(E?==cX_FFR9) zcjEq{?4|WU_VO5<nJJTtmQHJd?g=MoN%$NNR@2K*Ke-W6+pdERSZkv$`uXRM9?3=6@3+)F0-`(Z zfz62q4Wh$mIb^+tH1&$NgR^35tm!4yWeu=Iajsn=2t*VCw-;!MS7?Fn^z0G}>3iZ_ z-6>iMT7bTbPEwNz9}68GWRO8p$yXXEiEoLQcDMExLH<(KqkB1J+d8{y$JU-}Kcc>J zjf(Q4f6)rE6+Z=eYG}02iyg-VMC#>>84*5j_u{s+_W5=9Q@3T3E*hnx^;LCQh~IQS zsq(OwGDCH^zxKFzY6qxXtNOnHnmaL7w%j4w61@swG%rE4v%%>tsxtpi<&UX~|G z@70?PV&}RN7qv>wZNA)`df_)svukj=?<=p?AT&%nu^FGm7HHWma7XMO$Pyfx>&%+O z6zg}u+Bt2W58R)&oQyrG$?Dg&m;U(2ZKT2KMa)^^*D1;Cnw6ND$TPwPR1li3Z0eIU zr@rjE+78veu7>0PlarjBl5{Q?bzfXuoPD5)shnM^V6Cq`w*RgvLuT($wk8)w>hgr< z9H)7Lxz*jPmC+M1g+=`8LfAwC$6DXMrNWHyXh9%5C*va%ne|T_UXzl2Ew+9$x^+t< z4QUac%$3RDeowEzTXR=h%jK2!?-e>vpV`M&Q(4K%@Pt-;2Y2hDH0ZvqZB$&W+8$SR zGoZqsgtz#`d}19a54l8Kvcinq50Qj_|9nG5g$Xa^b3+TGSy zXpkhRC?sgEW~w2HU9$z|aRk+$>H|Dxl4|Nn zX~R35%H-f{w#5E=Aa%uTqm_B)4z_h?$uqYuYTG{pmi%lh(`z*=$>xLDBtG(0hGLB6 zLOg!pYTXJ$Ml`htZUF$a&=5RxO6Ck;@r@5qU+H4=ij$ zFeV7PUx1mcND1fX_X_8xrxfVksc?njKu?eF7>#vDkj&KPn_FP%RJ4}UXgT6uOAiT) zZq3j|))}vA{q`F7bribg*E6~tJ*M5Jezo>W6g5m(9-|*jQgdXlrs(PF^>)37K^wWUut%1r74xe;?F11+-$cPdu0K|Wam?R&Vr?@)qYa9 zJui7YO2{2a>PZQIL0QG0O_j8818FgDo|Z?I=UbsLxTSkn92ZSDPZ?MDhYf^KPi7E_ zM{ydF$F=cp#MWLd+i<&V%mk>u&!D(E@X_bP$@uIS=OF$ZwqNlF&u$y}rMiY8t5BDe zExCmqAZBwRu@v#s*z0O=xmThG2Z7d5fAkF6za#~0ZRZS(cTec+?+`W^pZ#i3wH1~c zl|@g;)N_``McIv|)LfD(f%1(!<^|}>?B}|8 zvbp57?{%rn_LBvIeJ&%iwLG7|x){RQx+F7w;elMe4$4p|CUnUadkKkI+et zhG|M7oSPzlg%Zwc;#=y1Z4)+@&yKCB<>#MUU!j5X*)P7RiA3Br8Om2^^vP5?x4E(H zXZ5*SwuatR6ft?;+wU+<+Iqxy`i(6vZ?<#Y1ihS@x`SXFUg`38jf=An7AseS+iBJ% zv&GJwOF=8-G>SX+TVKK0H?=$M#yIUrhHj2-TvbNYt!>q~@xaUSM)I88benlh`Lrq5 zBp=m9%4}0c{R6xP3IECUtFiwk-%JYsg6SkyN0yd*O6NBW?4oN z&GYUMXL|2YBD#a|$@hA8qWc~T)V8&67mU-tYJXdkmj3Rr{o=*e6#A6+aYKfV^1xkA z`UdQ}g#04?@BjR-lHB8`!+hHNw<~$jh%uK;eo3&&;DjZlKBvNF$d9|4{Iz)L)0~~e zPd}k>h1EA^iP6tLgF{z<2uNPIe%Xy91Qpt2d%A+G>>3isbc?jcbEagpd(30QgKgz4 zH5X6C?1G}>z_N#R0sAFRbEv3nYCGT*u_Pvep8|jZ>;Q-B4;ylFW_r|G__cGK5{VDn z3f`mcAG?P}KW_Zgjn^58&2iBRe9>;j((PC+R(937syScB*rFL0`c2tjOd zi3OXAb~$FNNL{d^-bty#(GstWpPH#NUF47yK&DH4OOQ~)yyAJ)`bc13tph>?QgZ!7 zJ<6^Xjq9?mL??#JRo{$0={JvIi~ev)XiqMVFuy?@DB$_k6+uW8NW7-SKX?BSXbBIZz`z0UiPmL zHsh#nAG&*hIvbUgPBe-jjHPnv7Dll;no5(X zOETLxh*1o@zls5L7;GcmC@~4D#&y4XhPKa&z+{qjIf)3pgR=ijvWO+3JLg$cpL=Jk zmZo^s*rtX1ZIF@^?k!?2u1?43B%Ko>U8%kK<#?#`tld+&&<7Gh3LCn7zV+`1&9zWV z1ie66GGqGEGL|(cnCgQ@o(C0+DYprl3w6Tvd%Yl5Ghq=O*_nB0yaPcszg_i%oRQvwwYW$BywT4!nkZK!^!hU?C_j`S?UrlIgQ=1pt zsqwYN%_=r~<8p897hiz-PatJJmeiQ)DnCy}{eUWLt`wEI@1q5~SI0COPsTxbpT3}g zUfNTwfAc4F*gbl^kK`g3&<3tFCV!$K{;n26j3qfHHXbYVf9#{(iNut@-+@Lx%c1g9 z6vZ>&aQw71@@u$5Z-)wZv#s8zt6`yyeJ+@g*He;4izVhoG0*ka?kSTCWI{Qe-Nq>L zSQ6{v!!CIeXIb`3-?I-7-yHg6_)Aya`}O=(>pxyA@?fdj-kpdomn`j&^sc+Y%jAJ$ ztgrug@bb;!QCR=+=-}|x!9VLieu-Ybq&5L92E8!oV1n*w2Hnlak7)YnFxs;iO5+&Gcn;^>y7 zvEl`^7?#mHd+g;KhjPhN<1&Ge@mzaY09)q(^jAj&d)Ed23IE+=R3n!H_|ph zy5Q<97j|$qnv4g-hpleISOJ`N++xt8@Ais_b|X)rdIR|^!W{b zYqEKGo?928!h2tndgydqpo^kw}8`WvEY zOj3!CG!AWM7twFQ!SN$rCR-H9HI0hyUg_>YPtb26)G5qKW5#7YPj)d(S*gm}rl3lz zI=5{W=IgpgP^w-EXB zjYZ&Eq^u=$&{j-U)Gd&^j420^)s9f2udAIh+g|u6Qz?H>sGl}FH&vKUq~`>xW;RW` zqg+O%+$b%RBnHYYQ`IQtNvz&Fm`S|t?Sw+&{H2zj#5*^oB{6~8fW+oZlcwBjr4b<< zu0lubd|#i7vMMS=E;g(&w@X)@1k=m<8MwceREZ% z>ouPaBMfiPvss#2qo>dnMN=F64nlP|%T=8FF(zei9aL7lNZTM<3~0y=UQ9YW42JJ! z1N);rIAGTd#S@H)CMnS0Q&SLQyV9{ovyv)zTzTJ=k6puelWAu<>CHyN@zmG>1H2t^ z3ZrlkxlS-e&V25>rRZG_FK2^cw=@c3Qn%4yaLsXGXJ`H%t{bp^>=kz&L{jEGdCKs5xzN0C}e>;m&&Y+s@TsIvd-Q z;nlcnH*9Duf=a3l)*EOBY5*M!d%~{8i1EPgOzc_jYTRi+4;A)Sv(b$L(pURdDF1Wl zb%z5&OIg8Zf8;j+3X0``E9nQhZD{FMn46VlJE8<$>P=^K!P8#!RQ!edtGM+|^cB8* z0pOX~)R<-KGmRV+LP9|tm&U`xk~vL~=ngO6_TNbcnPOl%gW|qi8?%(ST{c>s zAkY?M##!BB>AHA-_-P{Hel@XYZ~KE9t5JvK752l$TR(s}KjjULcdn+x*~Qgh+Mf;j zmv)2Qini~pljvd{B>un;p>e;G+J0|$2GjSM#PP+P)!igH6*IfbXv)Aet6mLCpsIKR zKU{xqmF_x|VfTaGL{?(aQm9WuEgnRz!Rqce+(pH3HO8EzWE&i*od~gms$%*GKl?cG z!$nuNE+V_-VJ(+Fe)O#ZR-;Yc3iAug*g$b)?7vLM9Wj?jP# zMr}Ht=aY5p1dO@qHos!)-S>9)Ls2H%qP5?}71&nWcAfnXKCFuxIf7gauP&$iKu#HF0|M`dlW8SEL?v2yJRIh* zJ0cC$mAk|sXQBr=GFvcAkPmV74KfUG3wNjGpgrGB8o}@RZc=E21!Jdi>+!ill^|Mh zvU9S~0Pf`6ajs9!7etGmkD!}GXfvV~0PSpVN6_(xVX!&phvX;V5<(A*{|u4{d_sN# zNrQNYQxy+;_f*z=JFaI%W) zcRz_}1>gx97H0tMxWqKb1hsg&4vUQ>Z6253M(DT_t!L2-jWnO4h6k0RLuNse zwj;K9EkQ_Ghvu7x6Bw2JO&FMmJvJcPUOe;sqTHj?3LP5feO<{!3Sd$qhTsimF;4g_ z(zC!@2OXhxcqB?!bJG;AY29o1wT!ZM7)=GL$5NmbqsY~Fk#ON7@>%(YqS#r`s{*Z1 zPAYxO_Fk#DZukmBau+CC$Jm4o-r%D-K4PWr0WGs+URNbwAa~@42}F8|M{$yy0B9ZF zT{rW5cOD@stOz9YVpAM>=_XQK4MDUxiX#u-<7^?wW)fiqZdt+mn>ac{YZv*GOx2y6 z9z-~$X^>NF%X;NsAF+MUi{R3J<%dj_6NS%e@=R=Vl-*7$Hnv2)^^I%qlZ zP4&E{0KNETQ3oO^R}&a^DyS__`Eb>3bQj#bWzLlnX0mxT;0U(AAdQidi)fa7A8; zYR%nU$OrB@5yuwDSrI@&QjlbXJJ{O0=eo_kd{3^mgLTi3MyxYECvoiDY-t^ldM(gmhSjoxKnuep@xujfF(eKPBqC$y=kX;kH+2wJYd64{ zwor*OEtSVvP}_Qpm+)`=l=}ba6+Mj|0xRM_9KSq$os0i)`ttPEqyOK1JYTf_eFZbd_+Q7zFCY2;eLOP%&xTtK{gA!iSNsP8v3~T2taKsvLmFs+ zo~OyL3+FRAQ9GWLEtLY`-iCgd9BRIdX|Q+x*`lyhknG#}&j1i+983}zm%&ca;4e-< z3XX@AC&%p1&lzw6S8Ao8@Is08u508hYl*c*b5CsMF7Qw?f;3H~0fQRoET z!L9}^MeC>i8Mw$hn*8@cVW9~RVoQ+>jQ8`TPOc~U@yjgV4CAIT{mjD{4ad{jxO4f= zo=v8mu|Ck7Jm-y&-cP3^eGEHVeU0IahVU$dk)M%G=c7T?PzIyPaO=4uDR*EtR>%r! zUbR`>yyZ!;gh8y_t~(VyafMk9TOF*F%%NbAV0fzZAvcdXu*G|+#=#JwAmahL8MJ~j6*EoRX>;L5B_3J|X z=a(-Y*Z;jddi|d=@T#z&e0q@a0Grt1O0fggK0hZt%G7JhM=tEpwQkJ=XTijspPO18 zxBjLJI91=mq6~R!9wE3u(K__*zb{tqf_ks97diT!uM&bWA30HP>|nw+jSiM7F6x8{ z(||BW3u_$7Q2}l`nwt%Is$-BT4LreQ(5 z)*Fq7U3)T_b>7*R)gF6hUtbkYuRrMyKicD8YCFm55bycejcy^*`bt-I9w*3;NBoT( z?>~q5WIFDTGW5s!7*w@-zfI6M1=}5B$H{&9WiqudNN3*E_w){7@+m?$7pZ4;gEoAiLxs9|O9&Aa#>oQog5PQN*?({IL;utKzKB+%vWRvnB#c^VSH z#640zerx`skKVq`*U)$2Hc`AhE7kv|>YCjYz!m!6(^tnQdHwI%$)o=FULL*vR~>j& z0jz#|;2PkPU{)d^R)PKHbc#%{cO}K3xXpGvs(bBR_4-p9{AfHJw4MY0Vr+MMMGdc{ zv&|9tIcSlo$h5cab_&>r%0D$mScUelE|~3cdo`?MES2Gicu)qxLlhQwM1pb8^DTNbzOh-|VI3cvBy<+Oic z&n9;FYTTdxvf~`(4hj_$v~qm&VCt2g`zwQ|cu7Y`!$H5>wox!My2f;lRj5OVnzLoW+wrba`k-cA);x-c_HT^G4jkF9a zq9;XBev)7}i#1j+1o)i@k+p~>s>e~_yFSEb((#g_U|q@;CC|p!5#OKw{wt}`zuBi; z|DPX`?b@i&|GzwW^)j#je{u5SQU8A*k3s*hTn{SRf9cBu)cxO?)v@eyvYXLynKKJ7 zw5wIJa?PNLn+sRh(DR^obnS-j@hlkT7`&HU(se@Zy4iq5V&DDU^%mcj` z&|_Gx;nvi-_e+6Ywe(USc1(DzmFv*0@4{+ZQiJNXl^r9@X-#&}jj028SDG=k6|G*Z z>Gh%n((LtbR<_-bX6fr`-S(mrnny_01(AkW^s~e#cw-pMK>~52HtNCa^XTFc z4MZUfj%XpJ$eo8+zoDDU4APvocdvVWR7!1=7U653|Mq;o)y+e^!3-5y1^fWb{Pv^p zHSLVbra<<@9@}z=pOu@W}(N*Iun#xMcz7qx;;Gbua9(J?}jvaTVvM=c_b#vh1M8Z7`coJED3yJ zLqV>l7i)};@?Y+Ja5dw6=Za^|tazBZ<|2W%SOW%}c`b;nXr07s!){&?4ur$%W(agJ zhDpyyL?F6e`+;}I@~qM|CP!OKwumh+`VX`q1;v58DeC$4c7w^^?&1mg%-LEEfXZCbGG?j()k62lO$ zF{}srpPRVO73lgp@LlT$ZmQtLH-5d2-#VyHzlqdaBO!$s&TB#R!g)=IXbA%gudlI- z{Frip3eaeY4HCY`Tjta>~LijqF>oQ$kCv!`m z8KidrnP477egX z?|*|}miQ}J7yEwiVd3t3wdwxL=%LYl6Kk&Mnwx&8%>IrnKh#DZ9iqU4c8JpR%`e8q1`hQsy zaF_c3S1-=;`u~&1{LlCEJOR@s1o0Zh5r!a|gJkLBOu8d~N8*CO0V_ZBS55#hOh{Q6 z-ufsCS1?Qto`72i`Ob9!F+lJiYac<6)Qw`QQwARNeAh{!muX8e@I#O+A@Cfyib4#N z1MPK$s*$qPJYk(tfA+!t<)Co(!_Y-AQ4f732Rh7B}XRxxY4A4DPCM>DU_VYttQ!!v-6x0sfvvA5{hIVU3M;Px)cu7XgnpE z<4eps>MC`lTZ5{)dWDSyfa+$<6WVe69CD5mbZ7m`?%=9tmrmTQdg+8MR^^hl-vK87g(iQ2@3RRW4wHd>2;{XLeyv$NjE8 z!)6uiooH2sASYQf1aq)=qTnD}RFiKoeAkS26zWcdE5%Dttv+5d)JAwkNkDCo%f7b} zbfJF>Q3af|TwB~iV^QOipDdfyNd+gW7+s*)W&anK=XqgiI30{c*tYD-Z9JR~yTid` z_HI1t&g{$HXxP8ZrNre>y*Tp2#6UY0n`M&3?EhP0LpE6hHXLd-Hl=op6(kReb5F*Y z%sPE8Voi*|61?&kmQ2sKbm(od<>W2O4HL_Y+#84{*)^Yx_^|uI9t$C}zIs^%M_h;g z=kueZFJC~62)(%@aB=T0An`kJ1L%bMHCEGDh+`4Pehe8FHJU{*4jdPP)~~;|KCrbzv;~n5*z^CBB zk4GG$PBBxo_{r&Kx`V69)E*a7z3FmF<)LMcLq(N{F1dvV;~?6oNSSlytC&fL*oi&< z*zejia$u~`nB>d^l$OnHWvZEaYAdbcinqnI_*6?{&|h&4mZZqxNsbi~!p}ZV{BY5g zz;Z)}H7dAo?LkdCb1qQ^tI{-55kQ9gWk`v2os zXD5aH&nGV*?f>uPG4S>zDZeteIsT7x z`x~Cyd_t1>&HuFA+ytlY&(uK`_#t@uZ0?61o9~4Bl>N26BVZ+)7=k&lsHf-;KeqAm z2k<+<5lRlh{{~(}8v#!_DDozRrR(GCN1Li2vS*7GnpsXp2t3mqcIVz<@jY2g0K zIl!}?{kC&8n9j!bWOz01+6`M8bHPBgs3ZN|h#p`6tXSjx$2DKup8zY)e=m>E3jW_O zUq9x5yqBl!{FkacO((#IEChnTw&G9xfYW8~3dfw^Iiu)C@y6;CY1tYR5gS8by^RP* zs9`1ry5~nznA*8Zuowvb`6%^k3g?mXBQ4S6Yf=8lq3U-h#l<7t_>CBF{AXk#EB+Y; z3^WcJoKhFhLu7-EGDAgq+UaM#y&Dr8T_%J9HE91^fqiI%~gO2LV;&lEaC0871K9 z|2+g>0Q~GH-~{{&+@GJ@gE>ZZ&%e?^iZtBxD7DAK%fGdd|L-cPK0bHxXypIY8lSHy zyz326W&W4r*LnH>)$!x~&%Hdd{BIa|RsL5Lm~a&*o1Tx(!51k;lyC;keWihF2>Ykp zEoM3%uK7~6WQMYNXIIrjR#t7)a+lDCb(KQtsqvHxmT;wC@pZJKTDqKxpRQjO5&hJL z%z;bPa&#-;aV>Eg2Yl`ax)6Xw$SA6WYH9Tv#4}c7hHEP3X=WywKIFGCZg>fhLKJRe zDDM&=YItmYbnTMroU}R!xldn|$X!*6*ts85K}fZdG>43*k$7Sheco8^e8HK3(MLqr za2E8Lbkv$h$nvnqqw^O`NNO&I%vqXLPz~Bh#bgu1bC6z=3{e+BC&}oTd626XX$pHX z6t3`!sdPZmj(LUCN!BL#Z&>Jq}rRZ)8Vz7yU8##S3Q$9)`$7$cmn?6pPH z7ARBBDD>pA@q|hOpYmKNx_SH6au*o7s3t2=Qyb`}a=r8dhQ_j-0$JvPQUmxc1Ke*l zW$H$+ui|NC5%uo?F-`3GDh$g4<7

u+^YH#=|^o< zUs4U)RKbG%l%47-$`6{Ut`ZE^O7*CbA2(55`Tqe6)s^?b7^uGa{!#1HmH8htPF?vQ zq;2ZiW`=H<`e-vlwM%`p8L?SHCQ+nnr* zBmk~RJ0g?h1#-+lI>WsOP_K)@>SDBAkto0wNdbvGJ_qE&nOq<`;x`?1Y>6Bm6Xa+t zG%`YKYU<*&bX<|Hfv#?@folD))9NJ$pl-~9uM8AzFP()%{HOQ8{VzW~+5?xin#SzD zrU&OoCvvDD8ua6Fh-lH61LIE|!uHUC?*G-o>U7`#iNon={oeoik37nM!-G%;TpSnL zS({rgb_14qf!znH00U$~e?c-pV~Vz2QfPD#AaX!}NAv-ika44tK|r)f6>e$>WxxxB zhSB0(nqA3t+!)UC1vwlVnG7-kffvXG;ITN3Nfpy^CNk(Yq9h>VZ;`r7r-4Sp;>cBm zD|Wb=j!Vl~JTH(#0OpH-0sz{{i6D-A>=s(tf*caagmix)$#pAItBsvXb@-Pgd zABM-`5$PBbi^&8@FeYGt)gEl#F1avlkb{9QW&Tcn(WUSGQ236V9oNBQKwl^$iw$y! zJQfGT^WuO+GS@)6r?Ra;9+Ar?l0^E@#^M-VD0`EAFiaW?D&L4m@&d_=_!J7r5vxv1 zPg_@~Cq2=+M^Tg_PKVQCARzzAVvvYDQ3DYR!{T(b7Y5O9nTSOKpw}rKY?4Lr4gpYu zbi(Gr8}ba0SoqRv(JK~5lvn%-hXhD02AczNxil8j0Lh|Ikia+fS<;wPkYj*EW4pc; z-})^g43QQ=U6w4C51-97K#CAAHAs*S08Yd^gXm|&2AM|Rs)qnT^@9*qAz>(z!}$hX zKu28@2A}0WZH@o=XVCtCXfD6oGl2is($?Z3r|~-WJ1t{%9!$U$W8U9$;{c!xm_P#>HiyOq;b}Oc zC(9QE=rj_@n z4t5)$vRPy$Q#-DLWBl%S&IXRkby3Fl*PGlntf!`T1-PA#9q>b=}Y6V zm{9DwTs(^IobqK786W|$T4-r$W8}Wj&cu45yVXJ`F+E=*oe#-^)j@Vi4iJDPrtbD; z3++sd-K}kmP29~EnpiJfWNBjDBVWgQfo}!bTbSFrJ1#U|=5A_Z=WgP(%*4)mp{2X= zqCRsX;7|y5hdp%IQ-dN+U^^7ip$4p2dEHglp*WqM$#Ia$2tX@9&_cmc|H%GK_R z&2BFHA1W7?7mfx8TPRLblhKp;0ZQ$MO$5u63vzsko;13+^Zdi*dsD>m)?mxV{(`b` z+Hl$MK2=edcsDs*aSbqMZkebG%c1}qSs$ppLEETEK0Y&!1X73z&P!7bm z>0Q_zbpA5&6S*}g{_YGbyM>fUoVF%xm%8~7Vh>yS%?5W}T*xAKF}y^8OoOxlGI=7v z5%wEBEwz|lKPLIx;u>Q`f5vkrSEKCIK6)((m8Pa|Fh`d zVDLX|Py7$BqxC!f|0kZG3#R)Cv47)#{~Z3Oqdj>1Pj86uAMWSSzd`5i2mR|Gt^6+f zhsE`$l7Y}atzU-zY2&nTdU^wbe=x=m*kxW5BHx%1qY7*86cU) zXZ#ERI3WI~iR+2~X=~$t$N&Gt^K(ISKcVz*{O{kn{!i;imjC@Q{`ZrM|9)`opYD%> zfB0Vp{^4|RSgl@IVlVIyr>!$I@DD#2@K5Jo4E|~V81|<-Na#;{$jG1e|1R(+eg^CR ze+B>?aQ&Z-W>5SNtE>In|Nj%uPx?F&{wHc8{Q!X8d@c{bbwTkcFlNPN5b1O{5e8Te za(FZnkuIhHC4oP797;~(!W)K2UPLApB>x8beiG=z{cC|fY;VL)YhawOkF|f=zY^xd z{a3(zeZW7s@8duHE(;qf(AU?humOt3^|LB$s8C;DQV#(2^(y)|)c12x-;WmkHzR$W z+w!|2cLRZay&6XcKKL_mA71-6+6VmiqkVW>542D3dthIe)XLw`!T)r;*Yg=T{)Yp# zzjys#Z~PB>^*jFm2cDmcrTdAnf8&3@@xR~rUk`G>@xR~r-@oq}r2qe0*Z*nbdhP$! z#OeO_|Nq4ElRi&`|8-({UEn{O=+tl+1?;?xT?~qG_)I3`nY#{MV6Y6P!vl$o|L88? z{}&)1_BY7)8|3>9^8E(+{+%En_BY7)8|3Tt{0l%nY|pK}-`(kp?PH^_=D%^DZ-39g z@&8XB|2K&JzdiT=;Iy@W$N&Gx^K)T#Kf(8J{O{kn{}-z>L;z6xrvSkJ)bW4)=li!F z|2G6MOy|G;^grwm!hmqTK^HK@Ex`Y)NZ?@o|KGa)Pg}d!`G1y_zZMwmYn$&NkiovT`Re=+9{tzHuGfK1!~4C@_ct#1|8t*j?@hZ}1DyZY z8x;I~{-5~ypT`7odObivJnp-wV3+jDT}}-APX~K_JcEe;e|iDnfcT$w&;36*?ce)< z{+Z|JqUnBO?BDp`zjOT`_6N@Y`(gAC_jBN1zu5=E{(cbp!+jt6)A|<2h*B7dK{SvI zUtn+FnR2eqpfN%`R#UfExxFDmoZgTSLhV5Sg#T`Q@CV_+!IK{FVvqlhg?~c^ zUVhoSzdlO-hnD>fUFKh~>hIUBeET7A@7ERo|8~uvb{|XrvMZcmBj;F<2}{ z6F~;qkga5rXi#74h=-t1pT!h;0T!1AN8ErHkH_W`G{g-J<4J=$D-AqW$A>k!B!P!q2;S5FU* z)zk&?6be=oPtl@ab;)=lMTxiOTy{t>1gZe=#ufEHlB>vB_XIF z6AC9mGJNMJ4vW^rqw$){H0KhqcmhrjgV)i-<8XS|xhwvav#tNWXTbh13ef+?{omTU zIBk5d{ogvj&wu$x9%W@0qeKK7NEcAYiBMlkHsNUL3p|lB5U8}Hv*DY94~c63Pb{mjVhFe z15&CpV{9vv{@~kP9+-Y9ex-dLU?MbO!*)ED~3P&jmSX zDxXFMHQ)lc8p>=Ah-UNYbQ+V27QKThL2aOuRRYkpC{al^Y|(In?hkM~L}UU)4u|Lu zuqeIS0!FM2(Jz3(=kfqgcnHFWX^`OA0rA=g5caq5EHkEuT-?3|;}N+&T#e4&gJ!eH z=*}=)1Cm4}9GcCc`4V{`x}&x=I;2&G_(2MW2+zxTzn&5HxAXI7oEIuHBXENwC z9}xP&1wj!W573wt7Kb5Po55lNbQV>lXuzBY@c0}i7g)5=-VExR8Y~WAz0k@WAcLNK zDitykVy(a;bTABmB>?aoGTcw>c^vU2P;AJ3!D{U^L!!_H1M3w-;nV3btj_}(Y^ZGk z>afx37|y_jaX{F-!BsH}0Z(c{|8^`EA@nE{qB-dDMC3YNcOwZ=HD}UzT}Dw|EgAIL zmqq6@KwFT*poy_JX!y&dii{;oz!c3BK|k1#iQw|YSpWu$&*ZULG$veac6{bSt^*h3 z5GdTm92TDq72lgU0uayJlRLC6Hgz5NSzmUeZ_Cj!2;+KzbUK_0HXog{IRn^>Uv4pe zrOgmG%kFkV#9v2AKVUO{+-m&&cB50`UbbT(>mlm+-C8*$B%ed$`2$8QCJ*!zn^|iX z4NYSV$<&=_Vs=WuORz#{x)R0v23tBEnrI;;{fI zKN;%s3>p(8Ly-_?CKc+VD1gs}Ob%pVh)gn<0C>>I0GjVXfd4KA)&L|v4?vTV01`k` za2_J^B8DJ-K{2Ove~2oDPlr)68#c(a_o7jFfWV7J@&dewT!2d=iC{3YKh$eUFc&m3 z7f^>3so8P~Rr5JSZPNGOi;L1KDEWBv9zBAG#B(zra3gBIgyT{>dN>^!=&98tKY{H9_ad6YSAM5oxhv;dkQF`gFRGIfSAJ7Ddz)IUtej4}g9& zF1*@AOaTy6#X!*+{6Wh=pI@K{ z8_2T{cY0#_q9)GfgrjO+s^WqTSL4kZg5LI@>yhQ7!zlk{rSRl0x@>H`$y94=! z0ZO#7%P=upqR549fHN2lM0<1uoty@(x9r?`4ka;&Qdgm3`~hU_j!;*BHGj(c5p*xK z528|KYq6NkeP>FEPeLYnHRfPOT(l2}zYWNEybUOt5st245P0+GuRDslVqP9`pqC^4 z=R8u&N&b89%?=HHj%P^Q<9F|%*PHU0_w4uw&ab5!#jpeZKH%N3xm+U>F9IzQm*Hs}tT*u2N_>Ms9+8n0QZ`WIyowbZsV`t=% zkx?vN9Q6-Rk9srrncCR?qzk)7#nY7nF7dl#Od0Re&QtTuR)gwi02zSFIRpEQBj}19 zFFKRG#D;g^R$Ja}JQM3~@cadPIm{ivSn2pkgkLtPhmrYrYEq?~?qd1?NG3^9U~q`( zKFE8%6Ie*h`sV&9?hLN0A6xPkK|b03LMT9=;Vkgbz9Il+D=GhoZ5DqyKUW`O^TZLP z9W_aDo#NIU_`zu*)G=Jul~P$MUhV#(G%Ldp(K^{a}$9GjOT%-s=ybiy8J z((Q#mmc8}qge7r-zzG>AGkGq{^Ff>-;?%Q`r9gh!M; z7%eBHT&Ch@Cbh*~?C|Ki31`SVkk9?%x+5C<(qU6bjq3{Q=y-YWI$tGW>YEb2MMAup zlTZe72tqFYO|2pH1QsCl<;{1BBxhkeVviwX`dv=~a+F$NhjAg)ri39W2&HH5z#e~Q z`jEEu%g$q;8PR7Hav-DtS@6napr1i`b4}N(n35m!XF`1Jxv2?Rg`%Fxn|fEDGOWu< zcZ9kgfi7~pV@hUS*_Eb`tl@l)q|VWkiaNCl}W=$ed|;A9iSJ+n2kJV#yC=5 zJk*27NWET4YnoB?1NN0qoT(}a?=sRd$pHa}62?r4ga{|(=zx-2`68PrHN}&u(H}{3 z9@+9gNT?e2k^%vK8#^v`ZVLbXQ3&}630<(E+05)e* zMBV%Qi{9RwpL)B!-JKV&z|4JZ5wJMJNc#WdW%n&!8C7X^g*snmS zh*d>Dh^nd9^tq~x=$K6fg7IVGiw#P~rhwk0;(h=*kb)B!5yI=Nx@jW4;+jPvpVPTi zOLP@dJvYJaHVm>u)s9lE&gNI*>y>J}$EN#Wp*61H*}v_Ku)o8m<^yu31auAwU}T2) z6#J82CvQ$`47PBs6F8=EPEEd&xNG$ZHpO8g=rw*zW`H4|VKL#hW^F5lpIC%DLT>={ zh*YCl2mwM1FifMaZwCo+C?)tr*E&hp=H4NgqBJenW&kOI(;wv9Tl81*Hq#GX%#A-4 zTm9e@%}6J-XB+b0`|8EugiH*FGzQ|)b>AbCU-h@d6P&CQ8~mFiUmaLh<%Cl}s=kYv z)r3{)F!4j8-nq1x7raBN2gJN6(JYv#S=!VGwK$gqgJy_tMY?QN=7dc4L8oI41ajz+ zNwTGEr2|!LA4tF7xVndKk$Or|vltCU{dtQ0Q^XjYAhr(>r9>-HE{)n%)D+!&*he6s zXpBFX4#Ojp6YQgbESVgM5cU2dKC+5l>QAzuBwi`6ijIWP13WyUkYaf=vMye#)Ib$F zF=h5aCz!}-S8bib&(eWWdFR=ynP}`Z=^c`&YEzN9OqiN-MNbs* zFx%vz+I-D{F49{LWL$YJS#U>8jENnvvUt6eEd|Db6fUDk6l;NafZwK9PdYadGTPwzL^P zTZU1LI(=ib8sADS>0~;B3WZ;=rxg4fmZBKAk*w(hh8*I%Op}Q#WmLs}q?SaosQ=k{W?IF>?~-v>IvdHO*!tnU=x=~1ChkySw+~(_h1tnr ze~^)rHar&w`ETyj+Xv5|OMRSRr23CQ$h7*Odef^y;W++7$a05g<`3+<9Wr2K~7VjdeIZT<+dW$EH+X~&xkz6FCa@sBH*a)OOw013-5qHJ z;@R;mw2lXnU;5d@3KUKk3deVMKE0Z(NL!P`oAj-fL z!CS1(m5s=*Vn5zt*RipMX6|aHI1Q2fm$W?t5cud0@L4c61|ibrRUUz=G5LNHFK@KB z(|Y^Z{4nn0TH1Mlw{PEqc)g@At+-r7W(az}$SV>F)cMK)RxYt(Hmpo|7buJ0XV1X#*eF=H6V|~>>-Zn`r~lODwGmRM z+sUia>1^xOkM#e>q(|;^F+z1a5^ae~x>E0MN>eMfk+y&eY$3YwL(kg=KFM??t)KvA zN_oH#-v-W<5T>jUqPF5*5$yr6ISF2fRqFpf+>YGofO=Q~;Qen$+u|qif0U6Dht7=> zqs&aI!#0OL`mv>)^7V6breAEg0}tYvwo0=mfAH}jvbi%tbkyPqjR{4Dh)uY$5ea?Q zkQdTtGG+kfbM9@x$hJJQwN_?3GUSt&cV!(fCZ~6y?NJE@J?VWF^I4O6#m7SAa|7isL{H{l&1(USzmKf?N@&SN62H* zH)(sY4`%bOa;A?e8M!nJT*%Roi+jmro^pd#7o&0L33e%6A2^f8Dzksd>elLA7{rM~ zi6;%zm~M_CzVl4s)MW}OealWFx*tiv7erdqevm&KGiYlF11%9G98fl_5DNvxi5rDp z5ElrB__Cs16fvQTZq>8s4rB~Zd}-Y!L|ZN5$-hl!UFf@A=yM!>(Hu$HN}BivfRQoZ z22)7g=+T9^CW?bJROagSqI86IKWj8hD`15gswh}ISQ!T65e6#$cj*y{N~z%(E9|ob z-unJm-E0(9sgr0(hUEY^Xddwy^Yc+}5?OxB*c+YXRG=5A3;*hh)1_nEZ>zF-y(qj& zJF-J{Xd?pE&tCS^3%ge{=1+g<6*se&=3hZf>kO#HnnkBm?Uhel)U#_|MbgR;U8B;= z?9%PTPZ`SI)~ZNVBugsM$!vsBc^qT@T-ujM*IN_bMe_aBTCql_&GLGXyFnc}V&-gm zA0`eWb=(tAzf(7hP{BG1fu74X<59;Eit(q2%+yrr^E-Q@2gE(GOUT8{6rz|&qvBY? zey&X?k0Of|%YVoGBn7-kYSX4K$M(e}KJtwvj!U|c#wr#El=}@Bg={_|pX2Y^DPSLb zdhU|v+u(Ur_xT^uJu0VHYY)cnF*z&u(Q+eVi3Zg#(qc?CSG%>mc9Km1hF#=98tGaB z;#$*~uxV04l`fx|%{d9Fc4+YLD)@##os z_r<9R0qr5>v+r6!lZ$6^p)Dh(E!$|ZwAPAiONeV?YVRYf$-aJ{BB{8FZBGjqFQs~j zPXFW+dPaXCx=oD8#Lg@jQk;&@4zpp5Jw%GMwE}7 z492;!loP*0WPf+jpw@nk6P)Y**q zX}-0gmB*THHBVCOYWy()8G|#sSln`y3S3~(w=BnPN8DjXTlNT1wgHEP-y z2bkx2-S&*Q$dkhf0&m_^zVBKEB&%#&vOr`n;}A-bqYn*jT&F~s*b`6>RlmT;e1az2 zjieq>P-nziiLbE`r=>O40#j9!Cv6! zERO0B>p)}`rDD*!Yl=Cd7%KG<@sVy;&bADpM2M@FVOy#yD1wffg2Q)O9r`Zh$~qR$ z5ZeZKNL#kcGTJy*Ef|(|?!*}VsYzCdM99h@PdYJ=bQ`%-8Z8qJK=pZIhZt579K^px zrwk<;vx7{P%#jJD4?QLkHY?;wQxoL&tdr;{aS9c$Wrc2r66w#TTKtk)rjeSLzfwd5BafYR6e9b?`eCq< zq1dE}<4`S{q9S?5$?rpZEh8#bRZa{Yrs|v|COlQ?0@>smSGq{fi>@W@Nl%7Z8$GT! zusL5vA$?-zdfmvfmbhgC(9`wK`082JFmCK2U$j2+0OY;ON)yn5B+v~2Pq{#m+UXmMB6`bGa) zSpGLOPuKYk&GW1Ei+Yj<7TUPX%{jqiKP9;;JHz2gbj*zAMl#d(Br^c*0c#<%W~>C! zRaacTh|837pc>ObKN?ar9`VI?WQB?0U7%az6MBLfmjNfdxRE4ho*_=L!vs4glq-X5 z{jI>`D=kP{2Bvuiq{(Zu$qzu~JrjkJjWdTrQSG@Px97P@?P@7PGlxMmf{RcI zC?jNyd1B#qMUxy=t(Hwrq0g^FC?aepp6RYR{hui|W|mq7rbsx41c|{dKik$^KaWD6 zT}m-a$e#ZU88-uFfQFusxdJsh=)!=j{lQ*k3j8llU=qQ^q z625T+jrXLXqBvq%=%wB;p@#%5{u)k@72)FqPU1pRI->g^m|R)zl~*2|e9`Uy-1+h) z4)@o|4bRsBJ@EBwSMSEoSFi(KzS-Rc{|WZ&uEs**+MC&*yhtXro(>qgMN~cs3h5lH zXfDz3nN1qiOT@Ley+s90)*VIq9tBk(#nD`}Am-u+MbKZrc0}nZ3F#)=>ZL{y&ZK=! z@?9ZDX!(Y9a4j!>Gg>i{prN2{#7BXNCb--CdomR1tCyL$e5rVz>glG9&SypEJCuCW zw$InzEP8vCbGkc9Ld1OJMGJLh7V4R3(w}sFbZ53&_ZGvh$s#PB(A9&N?C>-`90l6J z?(>= zvl&(22G0-9&(4kxE}w6K%T#3xkt>G(vZ`%?qm$tg*ab&thXMof>(yw^5d*(moSzmn z0;Fbv%Gibycb{-UI-AeUhTna@4Wd8x#2;pIpKo=dxtJyA%X;9nz6c1Jd_?V>^xqww zbW%Sim{7--L=C>3LKJo=^o;pFn_ z^yu>9_+V(JDV(Q2&L$qfM50E@{6*8?R%6LZ9oba1@}a4LOZD0*1f(t={i14;S2 zh#q(5H6VKdFS&x}U&8aR;YAnmf~zV@2TJ(hVz ziX5H9Wl7dQl+~mR@vTGUf0s}<|AX|DguQ<<;xFAtRsP>MuhRMd_g=o(ZSy}o27K87 zp!0)T-OfJfXw8~f=dNCJLMJ=wpU*nmqBx%iNR(9>x74?QiW@G+h;{bC7s(#C`?{U(%7m3zs;j6{bw{xxHLnM2N>uUe zw8-y5ib{Mb#xjLz)~if3l_+fCp7>6Y?;uyAMEA*0zY@;;hyu` z2Oo3M?t2_3>;1Z6|JTf4^u|?Z_M%ZoF<&pD>QNy}vJ^#2G|9QETe(zG?Skb>Azjv% z{7q?@GvCVzpln^M*ETtsrxF1fM;9@kEtnvL-J+i*HN4n;^;1CsLlUPJNr0FTqS8(f ze#5yq7<_1GB6f=kn2DIB=3yi6-$k1ydWxyDZSttw+Dh@W&LQFud#svWY4NgX3ycWy z5cCUJmR7x39T&2zcpkRx4H%p46=8sVjwWf27GWSQR-z_q@yaQ7UF2tXuM~$m`sR}& zMk1Tj+wb7Ry*U8e4m46m6a=+lk|$pybiJLTC$NeTW%z8N!96MUUVOM!eVw( zsQsxy^2rfxi2wik;Fq3C`QO~g*v{Gc<_E3CF2bh5o(mC9encI&)Zfw|L5|vN1G8#fIxW!Nzc_p+MmV#FNsPz{r zH;NT~>F`XwzuMS!ngm%>WEWi5}Iwkk_vhJ4w*!O|xjY@$EGrb@n- zoOu(#uLF8p@eiFXAX~U3V4|bwM8W;Wgjxjw4Sl@;inoEm`S9}n#nJGpe|UO)b~We^ zhrgd+9RB>n=1n+44)*A7_7C{k};fo|7D4sp>|VhRf^xKBX$GczT}F#FWm5m;_B>ksdgDrKe$f zzZz3_HEJ_7QLgr0&{mS&E}emHm-9L3V(}M}Hex?NKSQ^OKCd@NU8O23oGbaOnWirC zZ-4F#-p6Z`S*{My+Y0(F*fbmJ1u0&b4W+LswX}dl+*4&u0edh( zjiW;_ya!nr<#sg0zJpR$*qE88_KZoiGJRfc8I9)=H1@Xf?vsYKi8#+XK6Z+06>eB% zvm0_|O#4lIYCB?UW;e6_=s1b2&^jivTql}IW7Hv|t9|{NV0>riheub(gA}{-iHlgx zot$K1n4=l{wEIVoamYi~gRV=3xFNskKfZRhGAInrFD_F^tkOLTkRypt_GdgczILLR zG_}`$%Lod1oPS0e_AH9agV|zGoqP_ZNx|OtKj;Mj-L9OBAEMcKLOWeinfyILYIY32 zQgVyZ3C-XfaCn0N1Y>juX4nroV)5T z)TE)i+Enp8v3Z6^7axxga`sQ{uIsb?Zd~rm7jY0#c~{@WzKcEsv)ydFz#i7#C%ap6 zg?r+E^on-AnoU@n!dE5mc#;f_*SK#yecF$VJS+IDAqz3M?wHU!NZoq0!ET+M+VoL9 zr~5Ug{r@})N$kCN+uQB!_V%98GS?SoQa8DrNxFp|b|FU!8&R{HDX!P@4pJZc6V{_D z0Rv(K50Q*mSYOK}TIqI@YQe zQQMaIN!poozzeJ8Bp1{J3%SInW_%)%%=&!dI3&8?vC-t;!HT!M4=??#2aVa8PAQFHffU zYG$QL2MfSy=sV!eOZiVc8_HT6CAS}p%|x_(|xFH?SF>Q!()tG0E0lKhurub zsn%tAF8UAyVPJ$D7&0V1B*AZy(VBje#K?1*G^Cd<$tnh;6rg9JXMfI@^kxO((36nyz>Q zHN{eW#RzrucsuphR-CEXHthzNA(1S(Tp%7&^`52lL75n+a@k8)P`@Xs4l+lT4y39J z>4QoBbwLPEAIP1FM@G<#KdZmxqr{Tf8wFI&QRw0gjV96By+;)f0c@J8~nMM;TN=f?}<26QOA#EW5%T4cnnGbznW4l$A+qL26j<s0q~841 zub7mr)n>(xGG}K}iPN^0a$WsT>(Y_K;S?UdoO;;|xv~1EyITDO&&$1$?Kbd_a(VnQ(~{wlG9^V6*wp}RwT5h0s2r|&A`B9xml&$?VvMqLmkm2|4qJ9Z zSkGolZHTB|H7idPE#5BK77HiqecB{Iy=j$S?QErdtw~BIX}2fHzWZ$Qz^mVge#Xk1 zuvE!zo&G9XFKna6(_j7D8V%(*?xGk#;<|2SU>Md|oRFcTMDfHL5n6wSYfPuactxp7Z(_fLNQ z+}!7a1PK?^%OmB~Q%0g@Q$%ehD?hRCQnO~K0Ir(7+;qX!lb2tu#@v~T4>O6Gouhi0 z!NA%zCKpb5j_1-x64650>=Ft#d%s{0vEF-+j6g?aKTc70XDh!{oISF$m2+Mt^GZj* zXVaBeQ2Oc{TKkmZzf?aao$)d>noLBTPn-G4imQpUpk58?6g9hgI8ATtf=ScI#F8_X z=I8b1BImTuMb*3+F0-Jzj=hxD#2SPAmF6^wT*_117%ElVQEXS~164yI+64n!EXx5c`QHHw2 zw`4#ospDs!_*m2x_t*i7wDXL4H)vi__BS+F#lJ+F>JI2mZKZoHP4|~rUEajB-fNb` znmpi4b-q|;04vUvG70#SHpVjna#A{kUK~V6&F?4B9fKVb@SMzTJA4-G^db(0T<`~2 zEOeEe;>n^F4Df)=0_-6fBi9%s0PJ%jBwOrHJi%~e(r^`?-4O-H5PRheCv5@|X}xq~ z(q=)vPUrpt0~ypS{+7G@lb!TD7Y2zl_Ed(GOK`3G_Y$z6;TE~aid!@pR^yMI>}-mH z|0LK4o&WVaR?)8IZxEGD9{~UBf9#)pI2wYF{gdOv{^jxc+5Z3fQh{fxEaZyUI8L># z1~T~(NR-M{n*V^~F%YZN3#kV%)9Lx9NP3O{m-x@QjAf=g&}6VihB%irDT9KzFj#`@ ziYda9XKaonaWgDQCZ*j}ZW^>TPWm|Exk$Zf(g^DMoNV8vZu0%1Kf0A0z}i zZ8<|6j0m5CYg7DM;(2Y=xduA;E)z_WVH*3LS2Q1L{ z@1)&19YII`kXgOB&Ni^h$yqGG7-xoteL$#-s7m=Tlvb{Hgx-`aMp=S~KpMU81jOw| z0fO|mXJU~E#eZRcqP}6o>TBC!5Kt0OER8P${1H(WB{(9k=}h&NdmN<8#Em3Yg`wFk zqT(ci6oJlv?Dh6`ySp9GJAeTkVGnbRSns!RgmmrRd&~_s33diL@(L?8mpiw6BgEle znWch2QqEMi>^&z)doPqsPHcCRbabdSNB{ZrUhh?RcN_f2UhnNvbCowkiI>MzPyg@I z9mHwZdpAExg1t3etjHiPPllkYLd}bR+WsAkM3MeJrghiLa0+<{7jOz&P))Fk!o1WO z#$h$F4GODC29PsMc|6Kt>dX?E764@64tbu+J|TmD+OdbF%@~vM=Vc%As)i?14lHAg zUVXw>nT$yk@>sTCPUVq+ZW^a1Tu3J`II$RgRN^k065mWoCv#%3lnd{?JatB-v-HVf&s9v1p zK5a<^;+WC*9ZF71d7G@n{&NZY-{?)XH;1!jEPyNGf4zA5BJKbG;`Q$9*8cY~!1ADc z5|7s@PtE)%Y(;zb@r8)|CJ18Oa@kxZ#x*q+zl7J&Ki207ZT=x6ZU4x{}%YA}8r zEvai)jcdk_h57$1TCK$PEmimEG`t_^!{C^Cv?xaNmfLQ0AyYpl5;eKRU1*8t}T!VqF2R**? zO%2*}yy6^}W)YRkueoh0>yLP{YO<7E6sAP`8PzzXd+U1gKFtGaIsQ*!*Tal2c>%28 z|GRr{GX9@$UcGGj|6@SB(JYQ_!mbN??RL9)EoM^hL1oX%xv)~+%xlS084Hr-}_dgA|klfS-N;$gx9 zEhQD^Tk1XVvyN@#*GhxA(qNe!SV{(J`K5F?!ak()!$_{wVq5_EbQ}DjvLnTE+?Ovh z{-F9DeElks`@wXNxc*@QMsHpr-?8kz3goM5fwm4ke_cw@?ItDN1a<3nIQa*hd6J4s zntA;5aS8r!a(FGR2dLuzyL)d^{QuS7>lZEme+_BJDGbYw@Gpec8tfq9?^7-hurp6W?8&=@|?ABTC0ig2z_ig(9_vP+hoB!!i zAjKZjyuXOM50$g=eZ=uNz3Ba!d@9FoJ)WQ6-6Ju2?SGZes*NkRHLPrNb&d)aAV*Ay zN*-=0*U~+ixRM|d>>B-9ULhH!b*r#&GNrga*^_C;%aF^fo|sG-l~*M~G^sbIoCg+( z2~e5N|GxLrTm6AUIzfCOKc~tw{Vj35x3B*=g;L`>;(Ja=i=YPAn?!( z`5byOOC(DaJq;O`#TD989Tjo=E|_6|AM9wn_&Q%uDY7r-k1|LRp*|MT+A%hvznQD6oAPfQ0Ff({Cv3TMQ} zoKWmfdJdt8NM5)TJs=Jejojy0$f#cn@bqo2nc=M|;jXE(rVe7zb+I@bpr_>GxVEJ< zE;}aH=}=S0Ro$r(j7FnBu{e9TLXW7Zq0}pJPdEEj(SjhhLBoy+G3`_8T zaT{CK^-n?-|9|l!&Hwja@3#3r9tBdo!-_l+OYs-PLxpz%%{(02g&1gXFL2yB$WR*e#+XStMjARa2rB3&BgQ>%SVm zeQK~I{~uxB6(U`u`u~?N-)8jxuUh&4QJ^mWf2S6{JqDiOF+e$u+0M zz6wBPB0Q-G`YPVe1`A~{YPkemkT3@6I}QnbzG3tgvhOJURAu~6u$2yFuN&;y`4j3| zF}DXvJy?SOtG7b7{1u>z|G&-n{|adN|6{70C z6q)^6+VD;EXJIIR8s}6sKXha+@kCUNuK8!zq_#+FdNQdv5{Y{A{4z4eS#f8Tebj2Y zA_-x-SF21l2KkAUY7NwErNXeEiH|~(zA`;*rEwNTlE@ZUuEwn-7SvMwU!KZPpUREB z|L?wik+J`M{ifyrj{>&2XMy+?1s+Ve@a4#8Wd}q;LbMNx`}6&!kDBlApjchvU4H*- z#ZGhk|HX^9nfw2n7w!H3QD6oApQeLTO$V##|AvW1@~lnKZNpOYr4H?6YiEos>!G1+ z7BBG(k&wrg6QAoKRM1ZTnUiBfoPF!hKa-M96ipf+x9>a6!7}GRha8PVk0IWr2)g>J zRQ(`Se*VASef=u!|MB{D>;L^YQ13o1O8p?#{6eq!g;5!T{hxtDpof@)tXATZy-2%g z{cOH;ON>nOGzu087MYw5b&+B2gH)%sJ---3CqCcrak|4G=q0l(IAj(OU%CrO zOkx7P=(Nv`Bax1UxuQ4ZH@xAL4tz-D>qC=>=zSf(D`IsYiTG zO<7{f92E8z9gne(`P`Zl{iXJOAeXJ=cajJ!mrG7xQjr`jd?GRut67Squ7YLgN|!}A z@_A5%qSfYrB8IqZOi^(MbmWmzg#O;Hy&WX2ar__{TJ7EwOP{!?Hj1KfEgbDu6@uE^ z{6=Qgt6Aj+%{4u-`ju4qq5)T3+%m0aefjLK4epIZXEpan-GOl8A)4lS*2e~iVRv=^ zQE)_O*q6<{r_ezIM6vWoBED-6rL0)uEU(#M6<)@??m!JN?XD=KfG2HdxCIe%+g~Y^8=M06H%7b!xiR5l2H#M!%5@* zDt@(O z+KU>Pbj3+W=`PqAVSk5BQ(wEz=hT-)#xFf-@|!~o8Fy-32mJ{)0VhKlFdJ-^Olz7` zMZS7qYYTK>$Vn&Li!&v6KDfp%=!Vz(^1tuF0yrU;$#y{pbjL5Q?e(;gmnqf3* zy9G;sNFBpVpPxm$sCxn4zI_XJTy(p`rn4nc$~lvBItqYH=B*ON{aBdrTmAkG4~81F zwLJ1=$HIe=+zMzGGuk(b(dNob>7?>?T7LK?t-hsHb^2MAJ8gcU?PMZ3!L`_sng`vdyg7UKw*JAM8@kGkI6vWW`mLI+fiN>3FIh9BPj( zpqR+5>OsbmkKvi0Qd*aKtz@uqGS~A0Z}V#H2&ldc*Sz}LFa4RDZv5D9&1QkFw#GfT zpyraiF{5%UICOJ&Z}q`a)L!{JSS`$vf1AFdtJQyZe0kPCJ-#|TdiUXdYTL_=qnDZb zkj`}!IM9)yT{@}NbI~ZAh%2Zs9-9X2X9gNlqQ<`Ff5wY8g2-dGe_C*tf>we8ffQ$U$9q6VhL0S z{o(NU^NYi)Uye_ThF^5HX%DfT3g?R~ndHguwXn=X@Rvl`M*|AC-_TsUN~WPaqKK+} zmdE1_+@Se>mD|ZmG8TK75}5zjg@iST5(rp@O#2rDl_J~mxk)Q#L~;! z@M_+35!Ybt?!f~8`{e5AtpD!h=<4!hSS@?a5$k}CPdd3b#d=3*jk~3V-Q~&fYH)G% z%hAQv@aW>>(Z$ul@!;2^ijg#mfj+IfP<;HZq*kU1v&>u7ndc(S@G6XgNN&W zemnZd>fPi&Y2_@1xHTX2#m@9=oML7Q`YU4AFPMV*&k_#xmPPjBWJPQ*PL@Np-iA9l ze=ntgS`r5gUCetPnfyu^mxHcPtfHfX^Ru&~10mTJ@0d(q2XUbBCA&L39 zrzvuXYM)>q4JaDp&o$9JIX*j*Y~}cW>f>njvfN#$2<=NeLw^y!?%ZA;JiTRD98DK3 zio08IcMA@KJHg%E-66QUJHcIoyGw9)cO9JI5S%mbcka3KW2&dCpYD;GUAtDVwRS%7 zhtP?o?3~<^2;?(NO7AnM;L(z>$4&3o{>`&Wfj*{g)ytbcM@o+&(Zlz*DkEnwz(aJ> z_}Swg@cHx-bZ_$+Gz_eGF8>Hs%6`%Jeb7BAqMJGer?0yW8oqs#iU>|uoOz4Tq#3kX3tV%Lnn~B zg4%A+$C61>Fs;{f$;o-ayx5}{fk}-;Xl{xkm$sWfS!1P=WFGZI$HHfUupi2J(Xt>r z7DbUtB*V0(-z?}uf=XeSq7A+xbQ8krK|L1AlqJCQp!9$4C@2aGZIqkDg zB%Oqv41Zfmq1(Khs%d0TViB)=X$+1Q!n%%CCfLi6LuoAC&SVW$T^;$aN^Goi6N&=_ zoP5T6PySxSPTKt2lXHMQB`Ov|#gLI>`nG(p+3L2@j+C$q}3|Dm~- zjGs)o=-yW|2?Ewvf6`o|cwVQV>AGNt5@=wxNl@kJYw?@S&fV2NYm>t!o46@I*GRjE zf^lNE;!&zb@^o!nIEnfX)}?t=hW;pmv<2_^IiV-R7^-dOu{FP+Do9^oImqLhV*WxZ zh&2y@H9qB$Fnwld0uBi@H-uSTXJF`Q`=X7%0TS5~QLLQ4Z?61aRtZ^|qNHxTIGVB? zFI2wnQ=$>MGm7TCX0SSOJvEAJ^?7+W|LL82$pQ#E3P)BL8NM*M|EB~ytP(LKgK1n` zKM|_dFpLlL$~l%_BqS!6gvjgnk>Vva_z9(#hZMBU)yG)t%q`K&7=#yD9lofDURD+z zr_ulcJ;7j6Ab18^h4q=w9J?5=Waz$L=!G=q5>n`)8#&RZeM8aNi`-{>SXE$mq{HO9 ze6uj74?B?+f|=&CEbn>pwlekWuVA&vrgpN-1nhUGkmJogSg+HNkNl?VqeiIbS9RuS zX3ddRHj>L5c`#uwcp)kW9YUp3APQq`vbaLn($pdVsN{P&l+^ADf??Bp7uXbj-%5`6 zknI0)NwWs9zPPChjD|3xoSAa2j9-AeQ4`~deE(GbU^;8FLZxAul8&3jhc8Rnl&wMg zVOTx)YPiDkYu)BnD0}Mb@o70mvu@$`&p(6amt7KQV$N5KLea1TypsEY5|$31uAsf_ z&fRXbR2VA9meg)rlHkSI0OVrFD*<=1OXmask)e+vv4FDqWpeeNxa{x3HV5+JU~!Yj ziH>QLF3R_5;3B`Sou(l}Bx4VQOoA;o0#x>e?H6dH8Y*H0{8{Fp&eBK0^-)GgM1$~= zE+oL2=yD0bnoHh4OaeBLh0NAwxBRb27#2C+>iY%ny{!*@KQD$~swJ0DTq~l=;%?VR zp6yJ1TUiB}sEi2?n<_)NMl1;q*~94M_@8wb#>($?_`s&ijqK{C%8}pI z5fN~I@p=Sm@t2z%;t?RQmu4!@c6H`Jiu-_d9?eWLV;$z70t_#zHN|xHuqA@1M))_#S1hz0^s_7~@?b4W-EPZubekZYhT1_iww~0jyI; zgb$H#p2VN3noVtp&6uz1l>n{NBqLHBqu#Fbz-QLN8fg#vS2c&5)9v3CwJebl^y!Kg zvmb|CD9!{Co|)|x8fe?yOryuW?4?6AWPGITWE<{do?GjcS^fJ$GbsK&JVJb5EZw|3 zLIMK4jPR}cXlp#19`e$1EVWQD-U3xrm|Z?XImo6+Mb$I^kc2)H3-d0RTnQMw@ZR%o zS{>OmTr9}b1*M2TFRdWigp7ob*=h{6x5}ov340kRv(HDasq`i_Ybn0C+Sa0<c$y6qv<2^m`w=Tuwgp?3`*!*;QL#an$hdqF z+I5Iwf(>CEf}>^hUBco6(78^*mp4k-nDl;TN5;gT!~Ssqx+;nR8B>qPoy5Ol8xnDp z;o+uMh#y2zs#*=(Ly53#$rc2;kMD9kZQCt|f1{7G#<}roT}d;p)lFk$4O+)1Bru6B zwUn}-ng7G{{8$;_rJe03d@ffzR!&FIFI-4C4`|~07|y9^Lp9aJU6K}_>t}N!nqU&+ol#1*XsU7 zGvr%YFaN%alDtA!6`Y^xA)lbp(c#Q{pR*|mCD@U5|Fx(Z@`AU4#Lr~u2zcXle&T{m z2=2T%8g4AA!=~}jbTF9F@ zooNpEUqv0R=^Vx%E84{?g3i-z9x7iuTVJbWL~=wre%+Uf@RqMs_te;{`b_4@)^!bb z(wQ(9)G{(;Tw*yUfK@@CWefPTMo0z>l)UjvX)4c4S=e7L30d133A=oSdE1 zu9mQsF7H`S<=_v6Mz2Z13*S%vbdZ`we!g?VJSaU19W}+io*-v^y>nAr){_op`g5;u zRPLW(%Ue6lKM$7|)C{pJUS*{L7S>#!_7B=!CW_WKzOuXSxt|Pg3750uJr%_V4WylQ zRe?b3jMwAq{M>15|iQUsZ$fje22P5x6esyfY4~M zWDAb!Ovt}8UwbepnFX1Ev`Say(rkg-s@-2xdK}L-*}K5XI{BBH?ZbJxKm9&E0!Q51 zhw$e?`I3L2$v9t(wC9ffq$@gLr-E?^$jXjLIR5-A*|PoWHUTldX!FkbL|&RqcMRm> zNnK}|`>___H(~R6^*?e}-`K_7cCZNxn~-^5bD8Ixrj%A*ioM&ZG>pRZs7xWB{`KVV z;II#QI##1~GwF7$VER~8ORPt)?pM&916Tp9dUT+Gd4C|I&R!!{bv$MPAFz_T)ElD4Klxn7RfZkj+v^gtBULfBv@pfQ&K#XE$E$Bu`7H149x z8#~L$m}@_r7Z4>j5mIcOr*X4)Fpp-Y1S~eO-A0KrUM*g)5AL>~7FZ-%Brw$%nM^>5 zZfX|ZS3?d3Glu()Q);lY+ESJSYZqW?8T`UQ7zNmfx@X_~8j1~z{M-F`Hl6*AfOLj> zJ;Z<|tfFLw7n}Axy!XNWlzcah+rG7~`1*V14?Xi2!5h&LbOB;JI1%M9ACeq&L%9L= z8$Jk+xf3vNVz|i3A;L(ymb=v$&a44lz;Z@(scMXg24aVi+;2PiC9@lts3^=YYTsyD zTyZ%y_aKKPR7opPm+NN^`3n%R3xgDcsqdTmx55D)myGl;3sj5nwWN-Puw~`uXnOw$ z9KZzH+_eW;>4)||yb?sSMEfM4Bd(9e_IUYu@Pecga z^UJS4m9t;J9Cv$vS`7(eqp;*_m<*J3lHmUI$Ss zX|}qwDI=i#L?Ba#-`~C6i(~^ob%)R3i8dx??R5*{9a6$JNWu8EMIwXvgDH=^KZD}^ zb)+5c#4RhH5G*zKl-9MWR>zD?zdAPv6wLEw8FkOJC|XUCIV>a^d#T!VRdeW5Pn`jU ztz;D|-j!|n$#Q>27U^lPCXfx6zBz(?9XxL2&D%8WY=>Jl?A{!P zTLYLX6;-MteOp}u=ln%?`wC^dAGNH7AFD{z-RlwT;hMvg3$=q zG&M>Pgsr(Y2!VsUIqX3-?2NEG0fv$4SrT<|>gn$IS#HPRet3_3nh_`gMdBTk+}7%Q z#dfznVSG81@vG$1{9rmJbdGjgz4x~M9S1%)mI=c{MM9vy{cfA*BQ!t;6j~kP@gx$! z`|{&Ld{b?m&o=6%_|h!=Gf(g#;Q{>0LR}n>e3Z}y2$!7efQKYy66E&3Z0IsN z9NmH2v3p-TYyxe5IUeFY!_iTbL5@a9*%g0Nx>E$+#1a2Q-%>uJeL3Mhr>6h+HLUz~ z^YEM7Rr9*o?dy;C~?kWZCYo~ zjnCjDR@w_onvl3Hr_%^Nn3Uh(J?x8*c)-}r@MHx|gRmoy@_dsg+<}_7IFN|&2o%XY8ycMb{QjclqodltgAG~JzJbrV2h|duji|o~ ze5_w>s0|Aq&fWLfFBy=@i zOBYHInKX=@66Y;p+EV0U6vv3Z2Ku`p3*i~dMJ%#R9SFf)V#9khr^Zb{@CEPx zev1Js^x2N8z@lnF={+Xr7-t^wkQ9+2p@J?E-wowwod*)G@aIkpjLkLoo;lhv z9{7t8X$6XvxY>I-`HTv5^r~p z#S>F}9qVbQLK%$UF=XB6l2_Y;U{3_8Yb6B#1zjP%p@(7J6#R}#|B;8!kM?5qcpIpc z=fEc-cqcMTjc>|F;cqp5G(HHKlyH=pWFds;g#JYvmhXFI%I5*a^yQT`NBJT?Uza94 zaHlJ8xK+&1l^$3^^es?jAC@lcul^_eAcS7P>mj~fClo8*9aLv+bTCTr-2FqAj45iV znsDud0;gRcH3?D1L0?F9pj)84U?)$aGh=G7!_^?(Pm{E?#426SfjPK;%HWUI%OQnl z^T~c2+=Gwd(Cr!{&;oKAWJORfP@%>O^l-EhzQ9REL|ZsSr(8~4t>AdZyL~5>aubvn zr?oug3wT7QkE6yf1M2nXPKdXLF`5~eCdPkBDjEeCh0Lyh4>FOZc&mI-Yt-uOu zuF?*DVdcP70o?(&WcSB|RKrio(OMWqcolygcFIu8)7Jwqm760k;yi9l!_?8hxZKW1R2=5vn; zxyteIb_pr=pp&(2knl+Iy5ttc-+B$#V+~kYm>UC6r^-(r9fIajSct3KmQR#XAkiYe^Dg0xV{$3U~JjZQ=V5zttLhpJf1XN_cWZ^NbtqttY z`PlP(RqNDWx^<*Lw)E(SOv$-4$;VHo_ONDk8-58Z;K5Y~3$4$&^yBYcKM)%*gf>zH z(H0&#S+OBNp>h;|hBvv{ggX}}kCx-^oN=6{qzTO{G57)!hec&$@Rbd8oGlM3(!ZBCH|y^rGh5Y7vIJ|8B$ zSPEx5l6{J-H-XSAr{yNKP~_@RZoWDksRfLeGqZZ6Hg1f9)@to8=P~$rEW+n8kJ$8X zJ?6*Bof%x>^_&+0w@pt$|Df#1LCvtANeZj!WvPm`Oq(hlV#O~pQA=vl&HYT@n33Kt zwn`=rRAgdx~MW5+daZbuOewq~9{%t*fxRkf13`^uv< zWxIXwLg!ayR2C{^W;0(cdCbb@q#(*wWmci(>n~ldm#t6@tNk-!S0H;Z5>ehV zpobZ5|CnDig))KFTWvhVNtQv85TBCdvg>i|!*(mWl1k7MFiazPeW8M-C~9WAq$`0J0GsEzP-@0QHV@ ziN{5ts+Vt?#BW>U>AploODg1Fm0dy6wD zZrh{?Pptz~*ofO&g%TiRd}e-z`@TDI#Y$5|5K(0&TJSBXYL5tJ4CtnkGIu$HCaDcr zShgw-Tr!qIIG3Zd%U>*m8iijhbCJW{JvPAtrvdr>{Cx4yb9jkC>T2io-k@dK;atk9 z_vw!4u86}y)(G0kT7GlHmTC}md){lqTrZOQ*n3lk>B+^On>7agxCdSe&S1D zjK^f=+l_6|tJ@zL>Hyd6IZr!S#vI2fD}X~9$YjF4FVAJvx?Up2Fp1CKVslL79#Rb0 zXN6X}PXo*sFxDPalM958wy`FEb=7N0G&QcGzjTBft-b#|rcjuf@0hG>kU4xkiQY20iUo7A5D%gT5hw4mj7W1s*)v=IgmDJJ zlI8CfYBGXRjg3;gifH2}Dxb2Sj{Ol>fcdQpX_eu-WR10u{OuCD9S-D3Hb$rq`C}i+ zc`5u(TL{z{FX#&F8pBRi9`lnc#Ngdf%QHGx_k(Fbg^L^D;^T^IoekT?$Rf)hucOck zxjiK|2lAFmB2a5CqF=%XYvG0A^b*nDfoJoMfz%aiRh{bSF3jV8;i^B9_zK1-<^=jF z5a<+oEWZcRLqVt`c$VR=xsBPubRj_}PE;jF;5n{OV#18`8J${8ciOBdCePBn`xXRO z8y$SZBgz|?^~9M0qapOBrj0?G+8oI0hqT@@#pms(iy36QV@2UF>t8AOj1pUviJ6BD zw}QW2qR3A@=m{%FKu(!0#e5G}0u%6!S!`~K0*E6s5S?PG1c`DsG z-# zO64DcDB>6vdEb}=08{BUW zJch%ifnt#+plg)n>GuQ8t!}vrsBI^HvDiWFIsCX9bdLKg(`*1k_K7MkR@Q_R)j`w5 z-L^Cbb(kd#m%1A3z0r_N4xd_NcJ=L}#s&W~*c{vo>ExfHXz#o6(PkwPDJFP+R#1FT ztvj779?dRVg@9&sl|9p#K9`aXY}?WL3-%cM-CLx-~FzRcW*|)D%D! z*9hOm3%u?sqU$=rDnpBMv9`yaXQ&P6#RLZlcM;CX*RF*j6p z#Y8B8gJ?a&DCf6cN;Mx^fx83fMS=&BL4}p@;?rr)R{PnYq~wBSdo(1Cy%_fn9q8(eKOM2LGIK9Xm-k#%XnDtv*QX^ck z(WRzi7wH<3a#8PS$5~Ndok5TF+ zJsm>&R;h1mZmg7K?sL!&i|GUlI}zk%b=ryKVD1>yc;b26yurbC5H=j(|j)vD+fn(nzn9loVLk|{g0k? zG(;(81~GOtNtTG+x7p^1tQ!qyjj8A>n#5pMVk=<{DQ=m;O6D`_2bUzhzTK+!cnTUM zYYitCCr7O|)*&bTqao_Ips!f?9$1{xL*$7zdzYmj2wMNHNr1gN+q7QEBWBHAh5m~1VNKv`XI%;H?foQUJ}3sTte>L5O1wy%mdw? z?zlpPeM<^ds2be)?U40}H6NAMHstG$Az)GG#(5|do zeoE$R@N=3T%V3Z_p_6+F*t*Zl#H*flehG|$y>Q*~TSNaog^G-{Lc=T*&oL?r@Tf1c z@U|`uQfMl+cQJQ`@d-Ju7y%vHkAByOoHbf*+mp01`eY1SW%24A)nAD}?|H#&zumt> zWA9*6&x%k=l=bpscdQzD3Jl~Tq&Bm4yqEXWEi;WsV=~xsp3TCbkJz(Y9wi-fHq?P0 zxe4Q&&wKyQs3e{Ah&!-3Z0b>N1dO_r^R$y12mdhfKaZpIZaksQ>yxJuf^o@k%oBQ-j`!d+-!v>T#HL0veniKQTqLZ{9;wYtNF7XXV`Q zcRdEVAMhXIBBDAQ+TT3UUY#cnh|=a1)#|7U+=Hmk%4fp~U$45nDq;>H-UTHlF!RCG z(Rj#O;7S7>8gA~)1m)hpAIFiw6#e`l5>q3vHG4jbt z{V_@kwy(^WB*fU)eyO+xOX?hWX5Fy7O9do0%B?(HsFW!eFn##K&cS^sL2V;Sz*R43 zu^GEki3OnT>N3cVPdQCaQB8(-5w|8s?Q7u4;UIa$RZ~@kXR~B75?pz&$!Z{T8*^w2 zY?V8(X5u=et(!Fro0(7u8E21Aou}g|q;JRxK1ULeIHYmzyM%{IhlOq{SEYIK&P4(w zgQLj}^AF_ULs0q3tt3zRU63HuI(i$4P-j^z12do=Of=X3HW5D)`4HoZ%@T;5NGk2L zm=yh7^<;E7?UOLQq-et~Bf-fkFQT7Z+K{YZBG4hQ%8RbNRMljax0gP(1{D@ku1Gsi zhN)x%uL0)=!&YCbWVSEcSeQ?VI3_`?V$`@ct=_;`S`3wx^KVpBGimGW9Ji4bQ^Y1t zjXuX0YU$1XHuG%H}?*v+n%%(#&+`jqBtvB^^-ER8kvpTD(Eu{sIK@r78 zCdl^rKb1>i*)?P5T* z-RU3eY`5*tWEdrWp?Xx>7eCQ5A}vM=Pg+_Z74h*+M2}wI)DqlNUzn<)83T33{G2`x z9FeMi+&|M@&*UIaF-d34XE zjmYay#a1*|qmh=6@3%P#S&5scQ|CuFd+<7HhyT>k;RuUJylXCLK z4V!T^#8}0~+4FYv@VNE|VhS*!g7|gEH_`M=9--RH8zGn3Vq)|6h+{NgpS7rU7_ZjG z@&!qQRf)b5ZW=)qU=$;;Ry-(KE1_~()tX7HLpov@Nc7L^*axU zXZMi6+2T{6OW`ZR+=C?Zko|^0UZW6=Phra1$n=t93RA*fV-i| zdfqY%lf2`^qdlTaA^q4z;X}`>xS9@>AC>DX$#H0PF=5w~)0E z&hr`PCAbz6!17{3g}=w3@&M7jrSHrL4T&(pvC%kcI8H=r8t>bX4=E0^2U&u2gp6qc z^QpU57h)%kw~P$!b`oD$8Ek_grRVTyX6ox1Nnr=oCpGvnf0RnjMP*>Y&eTWubjz3% zRh&ge1AN8-*Jqe9tAb@PRF)8_R*{N!8H0A3LWfrMWT+!4JR}9u8(u@N*=7LE?qit% zr219f;+=au56Q(U6n~?@w=MZ?ge^>0OY7t#m}1hJwA(niWYsWc^7hWfw`9HO_O%ozxAgv`7A$Iw6Ss9|6tQ-C) z=G4aIT1vR&m}NN6u)_4@8w3)dgiyHO+Ts8Ohb>Sr#>eNPpvz%yYEuwf-jvl7%&gzhb!1z3MosxH}|{AauFZx)q0qwj9y~k1vPoBsQ6PzHDuKEJunX zHVBV3^3q{sZ~`%6Js`_l$W~uYZ)3ClPTsRB)=naK$_7&y`;-tg``#H1v)!Mo>?^2SJfmYqSRQzc#(704lkFJ)Y7t-ST5wrTQN5ZAhGA11>2gEXe@6G#ZW2D>5@6 zfDJnrWTh-L50ICxxqOEzRGtS&2uc*WGP3TZ0=r6N2`&6KZb_wLuX%<@4yAt_VLqZf zpdGE{>y4NFY>k!fDQdLelS^`ibSV6Gj;W->HK4uM(n=sNN`WVc{IZ9aQ$Q?%ImMIv z4Zlh!onJ~4;LKPFq3Z7LtK+Gr6=?e(+2@HxTiZN~IzN!b`Ei1#fbGuO9%U5?G?|2U zpjvv4=4k2{*Hx#jFvpn9C-lwXq<_{tTx+vjbh75b44xP^IayAF2*2+m2@yi5{BvsXN0AXbq1^ zA<>*T5c$WH&0+FWXR0LG*0>UOJfM&X?3RAO=;lDJv})KJGZh%SHk@;KmwG+uKkBvMcHaB_<|M6V`oa>FE#hWZqWCR4$gUP zgzG)NAZac91*nR4P#W6h!y-380L4d%MZ;^xymkZTF1} zllI)8fhhrxHjW0M>(IY}4&L4A?xnDLI96xq^!2%ajo%~dQ2bo3>hbcEnme7Y(r|nE zf1#AciA+jNflMle9P_1p6t$7ZsMFWhpuHFL-#2{L3%~Cm&5QVm(%Djw=j^7;4}=yt zqEIbffFPtzSO9nKpR?MAWrDAv;3#q~{}S@K-q>!ffsV|pJF4p&I~)2buX9Hs%{gj0 z(y&cjcf8-Q4a|}Dp@s71704;Mb+6R=`+Rhdwcc{xY7V2 zmBUBTCOScaObfhRw0R1pgvcurMz=xZan4!Tf-f^h3$@1ec{|jJyH!62lIru!F%QW> zaA|AF2)T-8iVAkOl=y4e^b`gzK%i^>b?fEqE?=m{2fBFmaj+W|vKZSInl_wdWvDl<}9sr}zpTk;oPlJUAMHnUnuu}pu3#`k$q2YzNQ~=iP!N5s0 zcL*9Z{yen2i;yOpX{~k)UNiJFo`Rncvv06okFR$n@&+`Z+TvLIffk8zLr@it6)=GC z=5kS)oj6vZ;XrD??(Fa~>nYZnC({aH3l(}?@^oO%h>PqxGh|DoRI<4fOJ?L$ytKoa z*B4Dp1bBzrW_sz$wqy%>s1d!+8aaB5c5UclXbEGA-Z9z|<3ZB7^T%b}R-YZ*HvC9z zzt%FN+0?3Dhck8C!Fz~X0>^c4?PV8%e7ScabM*4xhG^>!yp=BmbdPcO|MSg$E z-%zOCaA!-l0uraEW%C>yTF3tk!v(VOu;JP70RF!BUcEQ$d)e9o#{}+>wN~f$Vj_=H zM^&)(DXyDU(q=(ot7b)-9 z?dCM?pA|r6f_%`g>0Z>y{`_QksPyMMK0W^H>T}9k>fQ5$!HM!?zzfPh>P`TF~eSQZnQ_Aq4p@{Ms0vJFenj7WXW! zGSUOJoL*vx2xo6Z@AZ_~^#E9V{KWkYSf3=z0a>?X)70KQ%8x=?x)Oq>eO3NdF#0kWdtMO$u#A}0 zA-gG)A2q4{wMq8k7udYFx&|^Grdl!7oUb3}WjM zdLrKGBE)hw4fBf%a7o{(;-oBlc{+~xVNSGYaxPX2?GcLOMkpdy#|V9*N~|$Oo44gD zu?NBh=lgaUT7)HatooO7s&(q9$hFKd7rewlEd+wTx>Gq3zZ$q=|0z)qWO!3~K3y%@ zB-;U}DCuyfwOV0@<~=KZU~mZ@K^1pus11OjQQfNfHw6Fh@%fZd%x{f-2E>D= zU0j>b;q(_K|IWO5rRohJz28J<0E{_uu-E^=VX zgg}a>4@An=ki+qiLAX=FAZ84Tt58&dF)GF6+NCsq`OlR;|4L3%sX!isGgwfwR?;hC zTwKs~ue#QN!e>RqS)F?n-t!}kKUJQle<73@%YR%4q)r8M6m0%QutMhiuB4aQg5ZTd ztCbNmRc-d$F_|7YZ6!QB2Aa6hr=#$^{n^vOw*Q?$(gchv1vrOb0L4>dh$~vCEFLYc z>@dxSLx?;`7H+acL*kMcBxA>y8dRn=G`MADPe#=E94XT(p*4p(HX2Si7b`IxJs73#wn(`XBy$pJ_c({nKS|U%X-ctDhi0kU>R6G zVP?irBsMU)YEDc}FawB7 zdt0EZp0GD}pkZCQ7!`wDg3A4>mQrcO1DpJS%6C2=%n}jHa?yFBS-!vECge%{Gn^FP zB?EKgw)t zJMW4jX+G@3UTsUqPw8?be4yKg4(+Zf^4vLSjlcteBHI3zm>iZ#b;2X3j@r2ynS)>s zKPItxSIm5)lSHB=R2L>Q2n(nZLy?$(9w1l&t`5z`FOLCG4wZxM_-aUE4yv5vEG9eN zn9M0UJ*p{kQg`dk_h| zp26+&_W@0&c;b!XE?O7-XHj;)WvxfUFEVJmxTvvh zJNPkNQ*2q0{!*%7O_H0XVAS3!dE3(@hRmeDp3JsG=6v&q`S@~sI2gz!3gh&<=9qap zib0(1@^v<@D_r3)AK-}7K*ic<>E0?5N-&>uc87To4J?MQ(_U<)IX@IA+=H#E`+ZP? zx-^H>GZ7 z$C(5>9DE_EEEP9F>Lg(a%C^X+$* z;#Sxh*-`tF&u)Bo?Tpbfs%@EkD#k-&_;3EivW5Zw{HShxm#;+XYh<8}HQscPEAO%@ z8)0xbGbX`hTQ4yxi)+2t=Kpz&G?M+Qk49Q21g^uy@HDIW1LSF7?V9^hF9ZoII zVVg<`R1TY^HD(K9L`fV(6HWHSnWg4Ib;{FJ3cIOBX+b4n+B6I#xhFDn;~DZnajzlK zEa@t;kn#b}DnfY`Jl0~U^t5BOy*^oJI2+5Xm45!BsLgo5Z$>tZ7=J@>b30(1=udIc zGYC_KBs^JU11WYDO*n%aV|>Nt6WJ=jlNATDSkUPzLW8TJK7c|DZ08W3Xk-Wf8G>Hp z_s%O}7F1Ut^QK61Tn{E5$)>=J{ zOgQ!V{Y*bswrvy=%Wt2%w0c1B=9SA>q;>QfJ6pbOj24X9Nu84$tRNvE2-8 zbu&NaI)flKR}{$SM8|m}cSv++^Bgj^NtPSc&S`j=JR9r~U`wo}=oktkP2Z7P6N=#s z1yV-Fe?MZvllFfX1hPUSW5rRFM!F+nALZh>IF#As%KkAsT)LyBL9e-QB8a(qN~Cv6 z6-42S$;i<7ca;8wID;)0ejBc_#<S7HI7$3rNbbd*n#?p!LX$09zLlyx?m z?3SaSsz7zmGzGZ^g`xrS7?7pbGfmq^k%BycTN#3 zBIjt72Mzv-zt%C|eXj}J`p|N-)-%I`5QB)05Ec0f8cU?&I23hAvXu;X6NPcp!@ltv zne&-eF^{Dt)0D3`QtoPc4>9!i|NZ^3qLWBp_XAeciI`>KI%4Ce(6nt^Yk~^drqTRS zFutpS{{`oWJEx67d=H7u+}$8YZJB|WJG)ZYnd&ry`aC*j>%s8vi->R-L3M+_r_tOO z4KkHxS-!HS%_WwQ@OMEvgkUk0`ZzJRJ#wit<=jblR~zOXWJiJTs(K9ARxxABnwk#a z-`9gAthmfYlPDRX5(+}_=*Kx@4jb8_mQp&O0Kk05%8{O8S2IP4{if+>o4 zk}Aj-J^$BYb=Ez%fK4flDEizfdAi#q$~;M^?t!DW57}LwMptzX?^{#cT_Di~50~!A zPw+rmN=s^(qnH;?b7nR!Y(cE~9Q>n#xd_U6dYy6$-Fh*VEYvBUYDs+09c}a8$b5+qE;CFh|I(VcpoQUpJ+@yzRXCYR?Y6GT$tyHJJ?`kPql zhpVZD&Fc$W=v#ZVanZxn=1)rT;cNxC31B4o~K`SYoJ2a#I0d+_fnB^5!I>CEnwLrJ~1^Pc^nc z+|TUl$vg?6g%!*v(~C3zrLAj$()k2F#jO2=u1z5r#a4=yBaYjEt(nj<9~Zu3{fP4; zqrb!c7nxrs0bk?c&b~U-aXZ*#=y_@}IxZ%BFIBPbfbiSnZuLO_$r!6}m*8JH>P4GjL9S z5XWKrc7JV6_$MN?d1S6pzJ(#lY=rE$k5e5!tFCrj=#j{;BMw^AuGrC#gg=~~MUkqX zD^^uPC4E-)yZC>1@n_ooZGAttgrD9u;0xIVIg;C|XE#~SGf=(amp&o}=n^kKcdp{| zpz5U-V#DC z0OBkq)4JPC#AL~4@B71)tc^Me2;MCS->8=mt<+qLQ)S@Mb7n?22wQZs^5P`>-=fB} zLa&fA5?`lUJMYO6ni1MYq({cqFJdP1L4uc^FK=g;UiEjc_pO)1%bSCPzZdtWC(CD5 zi<5^Z*Qm1ry&3**PdCH2XMnx;%ag;w$-zLv^SFjsWIDw@SS>`}&|KpsD=U7_CTh;P zCN|fF{)&`m86{e|)3mCJ4e!*T*-Ec*$&E5JUcG8n>7~d`W!$>R_jX{IsdLTu*Lvyy^Ne$_;ay3QLYDvK`ctG_^^+b+M$| z)##z4e)L~nBV80rsbIa}(?u%YDw&q4491X!a&@ZddPtt%H8V7(hI-c^bS2kSVh0ue z{2Up;B530bTuu?PG)cwrU-yJ)Nb}p+wI#bEU!ZnesXJ6Q>G`tZySUO~x-6Usf}fC~eqWwGXS|{bDv{b-A#fB#`9*@i z2h(^7=cz{Z_v$v`E1egcBEFS^zlrW8oN`zOVqQL>$J%T5FPWE+?N4A_H zGzRNfyvOVPtq|sXf2#ucHQiyfW~>C~BoMeC!!)F3#2>UUs6sLG6q}jMAs)AIk*LhJ zagkJqkrkd-|9oO+{Hy;rCH!dkivav3iosT-1|{zybSJi4pLK$PMXRl$X`f?|Pp23+ zoE%;|Yx3OBT;cNXwaong{-6I>!kH9e{UhWZUej9cm-I*6 zHS(rTCZHM^n_~%XbzhlI=z#HYuXF>)_G{YDXau7=%^ypWFs0~GB^iW`?7{dh9j{=6 zPIPdF&W;1&83`Fdd(7DgEn)&twNPBAbl!j`7;2o+Bof1T;;6H>uYjDhAp^J4EVy)V zwkGq=w5LW#vbgG?J=|1|IbmiTCC3yRC|xQC=A4TetaHv~+UcRsYRx?O_0Fhn|MP{_ z@_sK>s)P98-TBGci_@dS%hT7dihAZ04Vq%E-7QC5ne*I4lR-G_0Aj=>d0z{|dtCAF z>w9`%NJWGBE{OMHA1=@E(=fT*=g=H zw{U@scdSx>4bHl32pg2f6Hv=;)J$n!vnF$zkEAbpem-D+nu$MHm~Utue@Oojnbi%r z)XFk!d}*q(=a2Of6^ukj1gq}=C3=pv(9{YAPePHUA~QiU#j%4Pqd6Snp;3g!7Y=n7 zwSyu(2YSaW(xH?d0pYo1anFf+uqDPj!1FdY-$I0u2K*Y1v?MtkFLI6pl#uY> zH#e2pb!LLu^lNEVW@o$*I89Uj2FtX`xYZ%+X2um7x)VIP0+n`Pc)JGoPD5&D4S&c* zrOln`HlgY+*kT(2dG}A2IXqHLejo?h{~}VZq%F#wHAMn6<$6$lkFz-1up+ZJhsOhh zDd6f5sH-&emtxF{UBpSLE-VXGbyJfOIxQ!37;hQ^+5{ZnJI^PF;P=W#37Bi>|8iPK zGvLorto9U(p6oJ|(6Bc49O6~umZ(!CHiXU{ z1j3@U$Sz}gGlxZl#_51|nLU!05K0DOC=|r1^J_Y>o=?~QEa(JC`bg)k(OOKEa|eZ@mUWJblJSlvQnQt8A{7c7AEF4H+L2%~d0e<4%u=MuM3GbhhNfi} zm2q#{fz@7AjsR>q4{oQ%u63?jH!-Ma!dNd*Y=)Lvw{XTg@5j6EhrF-#(>43kA4%qi zR4PRcmx%t9^pWh%7;-_zyK3fsm8>_4Nz9Wgi4!wZt;t8Z$T*GVcE+TL#|)I29r*t) zII{f$5FH5Sw71MiYKnJb(ci`r48sONg&ObpxzIm%w?TTXk>?qs;5OFW)%dD%mJLY< zb=yv{2=rkT#cc2@C0!a`jZ!7u@II?FR6iKQq@W#hLLE`LW`bGo&+#sKbLeG;u;`Lhg+G5*#XjV6*iu;p?uf;Js7f_0-$PSpBo#f2Or}}{p!)S zoaT!8NS4E%1=r`obXY*gSDY-Q5z{XCSsN2N4}jC03}~9V*P#0@TFcEMgs(KUn^gy) zqSX#dwuaMUjjb`$%6L>m9j3J7dok7&?7o&Oy*WaV|84dyF^)qsjOob+#47$*i5CQv9jj8{v`|VPYAJIrVP0Ct_6TCr{B|}rKy*msYQ~=y_D!b0NU|!yx zos-?>PHP#LQ96p_ZB-b;N@-4pjOs%ZiiKa(EQ0tynsdk(Ffkfie?&8yAgC9d4dsZ->IJ$XNN~8-<_YlIlVZ2{p!14&yEi-Pmb&2`rPNci_62yUoQyx z?&zO~=a=Pghi7Nx&B?iH&sibg8SzKHGkF%j+iC7J{pK^jxkp;N?cE>S`+LFDXS;jP znmf;)kRO`OW|RDSdGwvhT=Sj7do(J(Yqf%BYMm4;!|(`asMY8EO+=ySPyM*7`D~A>GCLINxRrU6s5Haw?rztQyaF<5!%NlsQ>X6d2DioJw_MV<8p@0 z$FP`trZY+M{Yj<_qM_pukYRZ^}V;#Zaxc| zJI&o^`_G>3Em+?_2CZPntZt36w+z_t6}JbWjidaAiq8UlbDrj-zSYmP-z?_(+h9wr zA2nMtW>{hm)~cm%{cKY*6P$=9iORZ*RfX+TL>sXFEPlHX@*u|gOi8J_jeaqAWz)X0 z;jEXn;}Uzvq*Jr%&@)tr&N9~HA51)gvVPFmGtF>i^@?1CBE};d0!~lC=Tn(;h|?J> zgApxBlQ5wiW?i&vaurCHkJ2qNq*sjKUW?G2%?8qCtQSK7klrFqAf1y2|7p-t;2%bj z4Ojv0_u}~Qth__$)`20T`x&=>lx7qQp-g9!SWG7kQsyBHfaj9*AqZhzv7?QxLJ=9a zbX*(o`t@TQ&$*#f0bwvFmCy)8GHAc+FI?$iA|pS)`6a-NI7ZX@`OPl`Lpn@eYg*9= zyBVWbEJHU*5u))}Z-R>+8FO|GG2>d(QzEOONui;we<#1BS?17n;)9DPASX17Im=3} zbM3K?c!cThoa-et8bguc9=y&lHK3A6o`eh?NQ&4%y&i%D1&M;E=}r?ee+vY4=hoAm zXRT>Bwh1tHmQ=>17-gX%<|)5?D!0e24tRY>2`d&2P5EO8%*_}iC)m=vD3Bg3shbB( zGIlw=3)3A9QhJ(e zU}v_Ov_GsEA~<~8+5SbVqRqZZEzrOC+u2ox1RmDw_R9-OBCL~FvEp4^tRiO z<{AI6Oc&(}8z!_9s8##rWEpQ;+K;KzRDefM<|3nghFh1I5O9R7(&oBU)kYF!1nl}I zeItOJJP*obmSV_ETmb}&l~Ju!dX4{SXU1C=!-Y^pK7{xuInrTt8r87d%47~l3T_nHj%|7uN{Wtjn#3MsQJ02Sq)4~G zGWkE84F}IFd?lNk%HYVVJ}nTuWOLKA1>Yz`gX)A1Ix!DVTrcP*Vab?`X(off>A|L{ zsdQnS&q1klHIo_auA$o?$D`%sXWaC|T#S|4m8@sW*IdPCRMa|h@{75FwneaoQ}~5I zS4=sLOu0eG!GWy}mA0tEo0VX7N?qh4P0O&Bo7vo)o=g)%@L$xlE~bFZO^=Xwt>4K{ zhnI&h+N9Vl(COr0se=lF z_HR}DD>>;}tzcJs^Nef=LGgAxqQ%qIn-)KaIEWhfSX9%3_zh*ZZ6X1E>}njmBK>r5V2j z9}Zc>Y0lz_Qj1@ny*|G@e0A9-HW?i(n5i%T+pgoJy%tSa4a5s+ML z+!rq~k5e(=`E8X7I?cK7p+y(F^P4P}blNO^C>Y|7HAyTpFe}b7>rONHSMaY6>1H%h zMy(*77Q875C}%?n_wQuRQZ$yF{dbcx7a{=GI~OPCZ%&U+-oHA0dD1}(!DhN&@4S9- zT=20Cvw$5pUZE1>{>zjlREkx|g^q+ouZ`(P|NZLq<;g{mf5^9{0X12aO&n!+GGp7M zw5LA~jVJO{Z``b7h%MlE!%8TdA9&iCo3Ye5j^?CrpOv%SS9+c~WoCLyMMTz(vEtwZ z23ib^bgG_6h|s7VE&ISi;`5wf#btTI|)3sz~#fcU8Xb3AQ zq>6X8v=fWw3(F(4jZ}%F3cGHU_ygh+A@P5;Rmt(;<>B+g3;pFEWIG?G+Zc)x zSR~s>z{T0k-b3Qat zk7#&W{Sgo>`F|8k)bpeuwkcS2#EqJw!nSoZES-?vjMiGYkh_uL7H1jZus1mqyMM38 z?zBD(Y6Tp6bn;lmBBbuV=$6i%S)i_%3Rgv5F9nsN;%FJcM&a-^+K53w35#Ycp+IXm zU_)A*cLa`Q@6mAM_bx7ObNlh)qu?%v+hzcqJup6oaOMw(x8;N}@A75s0_TlZBR++XCG zn%lNVhzZgi2yxXWjo%t+#(b@^Y$>_sYxU>1Mx#>Pzh=BY$lIjhw;B)Y@tc2^S^wIj z;yY>VR_bHn`rmI>*MD>W>BIWJk7td%V5lvc%P-LH;T|xgIXOC2$}!%Z6-nI2m*@?t zPqxn!_d=@RffIbA&ob*@4u*IN-q)#^qSaWzqV?b0-K(tsy`7y0`F}5uO$VXmzRm^F zCKy8hwPAaBzWlRr{o@4}=O>59FHeGDbdx?7%Kx3+%KC5a>^-didwGsTIw5c!9-bbn zY=F}w+7?;OeO~5H#T@T3(J9P_G<^{Df2n85^{?-7x)~c-wEmy&RrUYYUTg1R{olv4 zt=~Y*GdD%^zMt9@sjI*_61i<@PtL{f3LYyS^xWct=7Z(zmMnN^$S!-iIs1v z5?OIk74iUcw;9ctxlAo0QE}rX?u>MWuqj^5jmImjiW@Em?nM6i6z)MVXGJ%hEOEit zo`J9XEVlpg4f=_;ClCI=dwFQt^B>Zj^+h&mlhdS^QJcfY zE2jzaXqwtTTftti0>h^@Bg>w$T`j%f0H8`I?Zq&G?+jK%ZKSiK?TCQ4dWXG6;4_N>rpqVFEkag84S zrMuK8N!m`fm6?dpWpq@iJ6JEDq^wP1oIh_|p5?Dit`E;0KP&S88*KqC^#APcPwoHi zJm`P-@~o|q3LjisBd0kj(nmv}+|lXw(J{$|&>45qOoU8IWwYs232zi-7+!>_Fdw+Z zxBslT{*5e?+wY6)u|b~B-s( z4|CGEVv`1G{Pg;DgEUaUG{}0)WlkE;56>Iw|NpD8u|fRLpFIHQ<4515V_(pNs**x} zzKli3V3=Nn0~U>9p7c-gvH^U30_Lkyb>Q+yti+O#we{6!a2WXHLz*#td8@q=%_moE z(k35261WEU^JnM6I*jTRnNp~o*Eq~}>1I1Ms*EOmMgpDkwbYX8M|DwstE#aiGOtbi zP0KSM{OJjVtoSn~aH;uI4Sd=8!yZ%>BZrosJ~vGMl4V1CbLU@R4(H6;Ehfy)m0H~m z(!ka6MP?2s4adZLg#AeZ)v4)Ij~u=($0Y)%K^99^ZWZZdl~%Dvsa1{dIk*Rw=cGa3 zu4F!6em>x!Oo{)6Vwj4ACApo85U*}%kVi}7-f7kh<&kZev=53~eHtVvKHQu^7PwGL z%q#=QKxWonu{L1gy-?p|8&JMp#Sm1Kfm0CR1UzhzPbA@Z(_O1sUObx25|NX23|%UQ zy-_Vn(u^m0k2Iz;#Mw%1^1W=hxSQ(E;kKl>HmSr+)FRiw2j@Bw=PR2P@)P-UByv_X zl8aQtqCfdX@t`tX10joRhL>mVcSouvR)2S-TJZN(NOg5t;MbGn-4Wz7mq3=L#@o|k zg%YRfa78Lyh6d+Q-JKEK{fH{;=?)~7!*}maP&q4Pk(|1v{(p1(FQh4jBr^*wzyhq7Y)?SHR6noM82ZapaJrcY@|DwJ- z)?F;sk8T@o!8xUTrx>hH=Wio&f+H8sUy9m+X~lFfvt@UY>R#@qhow|i%n+4kBF#9Q z(zF{l&W+4NmgK>5Q{_}Bnkr42WWzDbj>Isf86%Cqw}RH5-)u}v)Y&8uY}f`tDw2jx z7bUmHtuD)Ht5L>krMym;)wnZ6xhWo(!&EsbyC?Sb%U#Cpsp=N3w71Xgz}HN0B0o>&Z~ZRs60A9UKW927OjB4+mjwmc|rCop>9Ua<*_D7 zo{eBpK^9`kB7JpCkx+a$*!>~!4&jO*NSepOs~M%QDTZV?_gsyVoEK>ucZ1!aiD$^m zT90bxjY*t{DYkUP175NiMPMz`m^40q{@ftNWlDib`=r2v9MraNh!4$JpM7`<&n-VWqYCs;so-(TyMtWkD zL=DV76nLAPm!&khkQ^Vf0nwbsqW@UJmHER_Qa2l$n@g%6m|<2ru$E}q!A#@h`uJVb z|MB;Y&3FIT=ifI!e}2>;>m~G%Pb3!?IYjbl$AxMK$Y&n4eQkT@;aTmux&4osF&FLq z{%x`SzuVfY?*HyR*?lson#F(0bJ*(RU(4 zxxn*&m9)>==m8$<6rUo2YYm!B(mt5-krjoc-e3z<$1w|_N$Wd=Z@+-cFs1n*$c4Sy zv)OEr242-KY$&tz2Vvrw3YJExl~~mXPZ6%3evp#w;NelW;Nj9@{NU66##|Hl!0p z010D}xf+s9%-buLLi#6r=~iwoa1Ue3hw@Iq{%MrK@gMj0(Q0xzC#Ul5E|T6}D+cc) z`T1}&v~TA{mp92CZ!pB~E0y%tRH@iBL4JbkYrgFM#KZGtpPTD{aFXXP^uL|`R(1bp zZ~w`I{&z3W3i_Ypc)?V|c$kamo#83oc1fF)EmcKcKz1%8(Dg9 z3R^G`nXUclAso!8F>}|+`OSNk#$1n5k2JoQ+uzGJL>ZKdRq+DDp6#20mP|8qDlX&I z)5LWQC;G@K5QH7`1>Ug=Q4Dj4E*-@&7L^s!v+C_k>T7My{2xs)qwYQ@Hu4^fss^r}AH3scRfmsha+h-V-3a zhsk(NsEyOi2FynlE$s@VrH-K&U!SmYqclsAHr3sczqp!n3;C}%+7>GS3+4aQDgV#Y zrw{ob?&Vn}{zG42f@y^n;X^tAG~l?Lx*dbYu^S+Acy?;<7;s%b(=1#QmhQ#+DReS# z?FrFe^V&YiP5mAG!(t*!d8wYN``JRoQ0 zHaW5`GLnpjU6$G0=einPTxGIcRX^bcNjFx~3=eIR2*rrvrGu({Kvk_~UtwgoBm9lg>Ng3YmikEM} zmK2MYSnX!}>P)xNK>53f4yUU*)U#f*fBS6Z{oAPxT*!_$f2S6a^B34CySe<=@zJ-p z|68qAHUG=r{{GH`{J)Q91^eHT*dTav8OcKE+$ z2PV}t-Uczd3Vhdfru#E_V2~HOk@5BAhcuym7Wv&txyFUo32NCSo*6KS@3qU%(Yq?DzCnie@T~OQoc|;7EW!R4+JDWxsr+uhy z;ZG}92;>pobAl;@089n5iKwCy!`QkL=PEj2q>Bci1z>7YaF&98d%b zJ6@_8^C8zpD5Qj6*Qh#vb)m|FC7iNwBk)dpW-nM@uVn)G9NhE5zy-WRh@JvoLpvYm z=H9p3DDmp0a8rTcQw5g7yQ|ATO7xDv()8-UY0-hLltrh7we)sn0IO73Y7P5ch1kAv zQ|00L0?*CmKgK29-v8U$+1Z))|32A$kpK7btRVlb`xj?kv+y~t9YZ0=!?hRJI8-lm zd|TaCTe%ErX#T6%8nUkjX$&X!=R5~*r754BlwNGx*t6FuMx3LMR6%2|rE^@sxKX4t zmO8o6NS}{cV$_O}giEN24pjrm=LDm>34=w#0&<8+hv7g~t}6+2=$Y8K^*=`Xx)lfc z8&IW7!>enWMTG;N$2^||0KpGD>51DVMqD%F$DRSJQxoDw@fDcFJYq0@$P~?c@_?HR={?awaL=#=E2auilIld{*^Dk(JxDm8sjmEBrPn69^?w&?5Q z7FD`06cgAmo$@>vPEM?!xN3@lIjC0?rgf&7MO{D(44C29Yrj>#bHyf0u^q@5a0{-3 z83(Qy#4$7;Sj+vemMb=?4+(zd*qo}6y^B~?UA(|yHZ7H^2HFRh>#4MGYt~IUtH;#J zDc9I2MK4UZsCs-!)6@hCIiV2>mIK0*h<%t>>yZU|c8tWrJYf0d0 z+9;T}7Ah^*EC$SA=OT*u5L5qmZ0sN9)~amDMEWLu(U?kw6uMVr+v)S25clu%v&;wTls znrg=|w|C7lly(^laWzUwW31Sf(M=xB$=Rgm);7j_wmnx;p%Bquf{5nSNo!c1|AWPa zr<6U_YdsEYJD5?{37P#wx=;3461q95K05hRoJdH68?C_UE9=}KhJuI>T*{plMEJ<$ z6gzX4MD>hT{VW@irDw$+&jR!{3>Xauq8h?*13{~xz(I=}oidvql|MZIHOt7l;_HWTI-sPrv4MZS8Vy;-L(!UQCF7-*D*m_?|+~v|Xl$RmrQ=D&B1=eRD&T&iNFpgjF9PHr6Z@;~Dut6ICqd`6? z@gVbz>@VARq2qy;r!i5KC@ncT81;HFt6hBcNs^`pt`PNVG@Jr&PLuT!MkVDmbxC$s zs5l%>1A$ISnz1n#Bk4$Sy&{c<3hK06MnA=pi?q_OrV`$s{{Msj|DK-J&wsgRbS{tv$WcsX?QtAKB%vx$oW!xmb3<0|i*pJr zdl;O z?|<9h-F>+K?OvXh_!VuQf+oHoe@Kxi=6KNf2%g$NmB8~>pFe+YkWZvbC3~_*d_Q8Lh}cGr z1LgUM#}Q%4n2c$Lftt9wAmyIz5M6QFm4ncfr?J@WW_`B?i92~UW* ze*(ASXQn|a5`m2vIUwt1r=TeRc4)~V>N%pZX8yD7RemHDelV}9I6r2 z?aUI9>5|%82}=kz{bQ1d#Mh;lA-UPxc9q@xD>iAB=@9npSEa;Kf7O@|J$%)F@hxLx zmPz)Ddf7f8`cGY|Ol5A->LlN63o)qO7TPH7=sDz22^a}xY}C#2uIoidz775J;rY7H z&Gr9lnk78xFJS^K^#3-i{@?x9!~LK4^Q@r%zr_hBv@1rrPWYOMIEKuSv_DVnx3r?m zU()`Z^k3&fLC!yDdP90Ru-t`H0Xn*2KL>hkf+i%ei zk3Pu(-PwQAZeUiSw}T>r?BW)@Ms#_I`4Q2$LU6A6Y*LvZHo43x$7@+Jx8 z2z)y^O(I|S;;UYKr=;ijE*^x(|0d6k`M(o^vi&}!Qqm;KXss|<67L| z{-=9+R^b0SLWhwfGuy=#@kPpDn&A})Qz^ceiD4?}$Tm33Ib;$)*&r(u#9Ou%mJ7@% zN0;kz7>rR2Rwpx81H_0769a3ZwvG?!YiO}w6a7^enHt!@)S@SIXokw7uE-Qx19FV^ zUK__dQ${X}T*vyXgud6F`avHIa*MC}8Ed)uQX04@Vz(%xN|uy-|W{ zl6F}`Ds$c+wqTx{jt=>J2SaT;}JxPlhw z|4;X);{TrRJly|#KhI6{|CegEkDuSU_HU@@o6-HvKxbqq*``CK9mR=Ng&AhUxe)mb(;;&{ zHA=nKw4?a52{Ulo80psw>n}E6=GQ-GY0N_)ky*o;E-~He*D;BzlQ7dPDixe<8fg;n z)ePRTbyR|&JQ@JfrGuNCIh>-WIt!^B_vYrwFTt=e9lw0nMySE`G?MSs46TM!yTix) z&@OXnIHcZ~gM=AtW;XTJlwX1fi&|d*O?5EM$JqZVhWs)D?#^uaJCyayzBu@ciHJGYpkTReL>^>3of_P5N@;1T#2;G z!kSU)(khsNB{J zSI~S1PPvI04xEMVq{^UXyOX{(SI{xdX_v}s{YbyQFIUn9GqL^CP9*%cu%*LMJ~%08 z#c9XV#S8}&ygr#tW~;bTTqqWpsjK_F(EH%_@J%|zG#~pvz#)be+%Ubh*o+}7)+oBhVUZcF=SW+}*D(l>LbM$F6+ zEOO5{%jpL0nJ?-Joo8?SMVw~yhHx9^_vKxoU)$O84L*0{|0~MZxd0dV|62P`pOpQ7 zyUpg_L;jz8d2ZtWJHy$&_@6KC-2dkg(l_G*EMS`L0xZhh&I{=D^<}((^$1?c5$H5= z%VQulE!BDgt#ND1ySDJ+R+Z*p-pay5x1bLvXkw0!slK<`Fsk4y22a(aZnhg?y7+7p zx`z1g=#a@Y6y?!r6ge}s5}CQvRFFg2OHtEBbwcJKd)45fxzxAR41C!@qWL5HmYf?m z)9)h|@`%~g()tD|Mszk%4d*Bk{Yq!hRUXJIX!eaCfdlxO{``L`B} z$kjX^i`#P~86s-tofaz)Xtk5Y`y%xwpUF|QUY%11mU@5HMtL}M%)*&{tlID$yTzO# zu1GOAbB@hv=$8I5ce4H(F0v_|Z^bE?p*Ma(Kh53h|4WbPi*S#k=&yEDdoc$AeRz6l z&Y@f4uCa7VWh^Ict*bO$GMP!*Q&OnD$1lK1TxIoUtfZ{&{)MTyc06~--CRVk$my!B zE@GZyjLiQpET|J~o& z+pWZZK6$$LkpJgi9`7a&;Bz(I>z6O@KK>I4>6>x=0ywk1zVP{W4qxoy%lLYykhzkZ z7i-_r!&`1-zH@hGsAs8>D>jiq3T0Lr_Q>{rQFXm3=MZhQrg z@2CvyZQ|Od20z=`W{0T8;ew#mgtCXn3684F)tq=Px8!VBXn9S}?0DrMF1Po;lAjYG zCtu9dHJ3}=SqN7laPELp&IS1f0SwsQ?ZdY2Jz@(1Uw(FP=8&pyO}Pg@*FLXpcnFYc}Ct*{X_XuX})3jakN?-RssW zk>6};6?sN)t-I~5WqVsj#hazs;e{8qxTzb$^yL?oX&|Y?_suBlt=!9jzR)BWMkoQ) zNnba`6GvDD6FQ7bd9I4HVKWTsLc+{6sO$T6E^gjlKEam0|7TJESWJ&i0~67l)^{;` zTYL#UzL0i!S4d#pBPAng)w|rMXgIJFJ^KoJ9QK?`)aPqDmdea!LvvUA;xWw}OQV{i zY~hkDT`=V;M$XTNMRUK4rlNIDwO+aT+!lok5S;NjogW_mMpJhct#-d3lUgBE3_B7K%0 zjk1g-x!uccOkIXalgM(8(tT=EJ*{*to>RXHM&UgpmxbjNVi6?m_HW5=i3wKwUjCLe z$oi7^2nHK7;(*G=AT|$|dQGu4dqD?{BJ$Yxm0I+@{9YbBQpGhFP*Bh$3ci;vX%w^X zyfX-#!o;_6RAEK^KNzrh$oq-N*z$cW(EpqJJC*qVot^!s5Bop&@~n|Fnk!BPmwDpM zDzTH0?uf^c;^HX{uV|miz*{4i11^airK!krN#uaVF@!{rAM7Sc}c# zJxwBSjU=p(LA2}WBGAE#j6c;Cn&$KiM|?-@F*~x7Gj5pK_dR7Y%i3cr{AF_L1IZAg@zzGw9MQ zZ!^e;skixmdu!wk&A1pza(a9sy&%oRA1uthfJcmOW4TQH;RRzEiimChgF&e&zn5o?JjZ*X%xZYSyP48jj?}z+-XVGSPZkf$ zuYX@RH%lpT5Xb@CFtweFl!tOV#-i^v<*cbP8{i79YKqDTbo~ z!Fqw`t*w#E7ys?}-19n}j?%2Xh@~uvSQ2ukwRa_3+qylF^JA7tE|NBB1|NbCCMZK+ z#?`i0V(CuYOR@BC)fx2IrE=gsA_{zBJD!kHs`OM_3gDtCe`ER`x4bK!L~Wuhc;0_W zQ*X#}sHs+YyI)3KM$=RltzGFiFdaxT5ldq+87k#aDXZ8#{3&__ zDDw#0=Lrepk<3{p0~Ay6711!Dl5`b~YT}&%Q$dp@EN7CO6_=`=kCL1Z zSsBDM6H&m$_6Avh{>$0Iw|NpD8(IN978PF^$L84yVHzcWuG)ks$l8VRxvaNn6Ij;lELK2E$DiW6D7M{XE z)G5=+EJzR~Q#ko@kicR(qABh2c**57H4!&jUCTdp>u~W>yX_KM^{MN?o#@cPaiI9S z7UiAtQ1!ekzL?WYv3Q3EYpsKDVHVW^xipkV=f^idD7M4;$_kiXji*D}U#xK5m-TYvXVDtDFQezik4w35HN3=sIu@0VTv1Ym zA?fr+aZI2j_*f^rT@NcWSErzP<)!G9mH}8|^3aYy|13 z0#Y-8bQH%J;wd||12`7p70ZwY$vNwDnP(HCqe5TNA(NE>SdyPPhSt{XZ#x^s2+L>f zJB1x`ib~Gh6>&!b>He0-ojr5c*&VHxzl;nko)YnEExAj>E0%zB;b$GbK&YX7O=UzE zA}mpqkG@wWSOl() zeKwC6s6Ag3NApJLps(;Z;7)F*27NXFRAeM$dB)k8L0Ay)5gKQVMiUZ(WQYP+|0~4| z`#RrD8AGI@H^iei<^3pwWYc%6G5v0*u|XO!OZxesL0V1Hka;GOesTC*@qgV->32cI zTLkNG5v&WwDwaJQ>Zn`vuLv8KTSt8`qq0--S(==6N}Fb5h*q)z!UnYleONyr3(;4< zIrUe1j2zBIM*HmUwxqv~(7n5j?5`vB?r!_rQf{jBG?^>gs-9^&1!{abXT{gw*Vmk~ zGyFL~O_wPqr@AY>?i<$N?nw3ehLtRrCi675$up9OWk`?em$WBg;LL(zjFcy`h^KNL z(xVxqh>_oAiC~X&*kdF_4#X&q2!en|b4@o}*1+gx?9UNP@_1q@hb04~^QfaFsIp8n z)&83E#SVuryR&p>gucY~&le=QJ8Rmdy_y3RDB+)vcpMRyjCm%KA)b@SI0R~evW|N( z6xD}SbU911bw{gK5%|-?s2t5u>*y@wNltiz?34=(Ifqy|qo3eWv6X3Iff8dzr{6*+ zzIj>R{izP4awrJZ)x6*Zy-WK@9PkRG+nq^iV~n%WB&Y6lYM$W0Hu(H>KTSOe@$|Y|<(Z z4%F(p;c2e*ra0oYas(9l2KLFnVcCA)&&si3cgkyT_Shnp?6B1Ghez!>xR&7UbUI|l?g%}J(Z3ng+ul>&=F9dJ<= z#Cq8C(yPqh-6T=yEQhLZ@>w*0m6P;R?`*(n2$!5@h4#PhSM)r z-JIk`onr0iL+R2kAatLBt<+^0w5Q+!cO1|4#<3(K(Ff@#VuT17NoFqb*H)9+)Iv0U zA%3)A{_5`L>8w0|&h1QhGKJIg=iD~(b*Iot9DFacxM2P&`8MtTz-sdcx$gchN9jK< zU;cet{d>E4oSr{Sk@$6|4s(y)dJ2I`@5eJ=~KMUtqoj7At-%O#0L zNOKl>gs=~En8vJ4BB&K`;d##C?FC((+mb-YMfk7VvOeU!o%DI~!Siz3U(_tNlheN2 zOe<(T30i){x|}9{tLbM?c0Dg0#qpVldAJZ(Kz46JC^mm)E83i!;2eE?7+=$gd`x(+ zfJ5QzF(hHkA8%pyOv!R6e%gB_^0SOdmgJ8S9vy&G07SElPCP<*&M*bmd`L|Or+7l7 z0Xo4(i0BpI>wW^yi&%H$V6}@GNT)D>Ae)mmz?FcB#r%q?FN%oShdiT%Cq0o3F+dZu z21s`0!bPbU{ zoWDk#EyiL2>AbTG@nn*uOOd6qoEIpM_ej6C5a{qp&@1!uVDft|IfnCF8F`g3OzjgnR{MJ^TDEa&vYia zZZVNjsU@3)Vjejg(!ohzD@_ODb&WWPtsr2H00sc)HQ1bRy0tW04k9YZ7SdNN7^R!( z&BPv=P%?M0!-;PFicMb9H024fjZ$0sy-gB=ZE9hE#U{7|Ru_`0KJsK15C}i+*UUvW z=IgMat`Qg5HA1ZNs0x{M?Z2>zMWwj9ZrTf; z*!{6BBE^uAoDZ2)4P4U%7G+=6&V_0{!>!;{NXg;A;{>|}O<}-zCac&`EZfZP8YvR| zYFxp4-}mctoM^1vJi!Uk;oc~SXqqlx6{qlZO8*=&n<%B2jgKFlEqJZpe_aNDoH)%KJX*gRby=9lP}$^# zg^&fA(vaCR4+S+4UywhfNECPnjgNuid4WTRpBsw7QOTa{5#NtkC?dAu)ghvFBSf@Z zM6~V(5v?zPh*mu!OtP$B%|T@y%O^-HXa-Hsd-pmauf&)QyDTHE-7T`y+-Yvl z`iIEe`~q;D1e0pmTAi`Zs&GJ)K9iUv3bS>o??o;wz2d-J$c17NB1?sh?=KQJ^%%`Z znQAJEFsTy`brPs6=BTWmbjZ49Ab^JMgmgtdz)CwX zyj_EPry(`7nBEPBUv6_}x=qZuMMM%$HUjeQpDbhZQ{$PGc!~sQ%JrZy7HI=);E*PY zrXn&FfThCnMc7?Xc zH3{3C@Qm_WmOzu2b!H&|0*~FiqC5eO<32O{X$s3C*~$X@hX0ba<#+I}%K) z?hV5-tC1!XHID@t#VGJ_WO=Q*L&G(rz?SpiE+a$BlZ^FPX4up_(d%*WGeWUQgd=6; zz^u(*JL8@A_kz{^IC6gO^mFQ1NA1BX@As1x4tBB=S$$F!h#5}o@ zNDHQC)nh3uWIoD8#%V0KGbTkmX1)S$2mZh7r$Xj_0SM0Xw$t7+BdIA4CylWL^VJxj mKYzUA=R*J7{VS!JeRv+8hvyr7{{H{~0RR6NF`0h=mJa}%_=@oW literal 0 HcmV?d00001 diff --git a/assets/jfrog/artifactory-jcr-107.77.5.tgz b/assets/jfrog/artifactory-jcr-107.77.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..eaf2ac2e96f27567b44262c75333f3a1c2dcc313 GIT binary patch literal 166713 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMX9cpOKSIIe}Tz`zG&!?9dRWt3pcnQ6_8E_<8Dg(SK)MYaTS_A@tXO4rq?}Ghn{aVVZ-h? zW>29|DD?OC@_!43Lh|2YUvZ$L*xT1%?Ct64?JIN?ioHFBz79}0c3o)y1k{IKN8za3 zN)GPNG#f4)m0ItV(H9 z3HJ1F>ZU%d*r+?n32ag$-TO>0&;Br6r)0Kgn5NfOdfBvE2Yx;Q#%_QZdQ@`+5dW z@c-lSbb?`2g@Nq@G4r5GyyPM=GM!+yjw!$tK(Kpod@NrjUIY3*vN(4%GMP@W1ua4k zfyFvsV=R9f}G^os@COB{)qdLb|DeGbdQe*+*a1e}p=;M*aI7mtw2$%u& zNdsRd_CPk&8H50|Z9oIpB_122Nt`OK1s*R0=24RZ?5xBux_u9!?gpej@=|zgCezso z25nmnlHnk5EadTSuhUAd12m|Jej6F>J=?DtjM#S6Df(XxY#Z2^`hZlmfoNp`;X4!s z(6N9;%%FiBAqappjFpdexBw)&&ikr}&xbWObybfv`1tkqX;8__$rW?zp-ThoA=Y8R zsW>#;fHfolgK+aH11T-gyhY4;ttOFyS>XXNrSb|`%@*h zO%@rsdr0mlz(Q5*V1Z%c0T&9AZipeW+6?bDc94SU6TW?V#O6RvH{es#Kn;e32r{&7 zVnQ~Xl_oE_GpHcXK|Z3uv;&6!j2M~P+ra(>IIMultH$*4QHd*rW=$& zwy#iVgfDH}!0AqrTYGku99PNM$Fd{w=aoiw_jh~HXAN%Zjgfjsza2!@gqgz8k z)wl^ozCbQCP2yRshJ+TOjg^5FvVcMWqvKPP)3bvUvt=+2=MkWRr&Tb-Xbp*f%q0m% zN!r#QNBd-jy>^F9(4{aNH z0>7>eea2+VfQevC+R@95I#p5z>-J||k63}}k6PI>$Zkh=V{dXpXM9r}>ZE)H4jjnl zK(>mYA9#pn%U}=KAO04Qrey1^wk4Nnc0Q!DY{-hk9vP~`4E%vh4y+TrXrhLlr4`u{ zFLnGG65FDd1iF#KzFTGBdx2PyzD;M4=^=lD%Z*tvXB2r0*bLc>5DCW!w6;JSIwoIw zjI^AZhbUcf;IiEDA37EdCk9`IHVsEFx0fkG{hEhn&L4|L(>f4Wl%ki~$A2uHo$P$2 zZP1z|!+1b60uUbkv|U9&@K80iD;4ZJuz^))DmJO8&Ztk(*t@4k28YK-jE0o~8cNbh ztW(M@OpL))ZE6;}B-51>V5y5tTy093 zD(nWZkPopf#6Y$i+6XQnfEupfcsHYg^rP>Nl-9ZI!V*krGu!9@WE{9+q?gPz<=ZK!9xZtA( z+sP5_o|v2+nKAq&|ESwo;rw4H7D|cpf8W4B?}_vO@py)aQ}du7*z)|##p*g^&-()E zvklWGO=PvzW1fCu!T(u5E%!g$2Pd|Tj7@Gc8rHFDWBK)8?CUM|B=vvAf#Qkve>|Sf zwkuoe(ucTMX_H!J(6*J3DUR2nkjQ1W3JT>eWQ9_sQV({5JxWP_3CM#9vH(gwIZ!H; zdNLcph7I9ie8Yy!1~AA4zXo=Ib}<05+Py%QwP1#ql~D`*{YHVcup_WRsSvg>j42nG zG(k)q=BUtFQrE`*jC?gqLWIzBxQG=t(Ay^(7z}El)W;hrWj26O$Fu|1YqWqIU%>{D zf(CRf$VE>kn|i207KE5rwP8)@gEXzX)=*I!Nhxe-OVDtoyzlwy`iV^lv~kT5noa1s z>We=1P)OxHiFNb{kx<-Z^s>HorZR7by*|SM~;aAp!hPxnwu*X3fu4;h&rm(@L^5w z+FY^6C>e#kg(?_2`C=jO_4UoA)@&KpT(Q99=Z$l5ss?$6ZDR?@gB+M3KBAYbU-_J> zpI%zeshvK_7Yl_#7eh)_EL5)BchI8T^0{)8ctSmId+Y?sPi4>nXvs&O1MTSSwSKPM z$#AYK$4H%`kaKL8#bJt=!m0Ez?@Lk6+v`dRr9AElv4Y^h?aGM zL2!^zGICX{>!Afq0tz-6OWh2`-Nllzw2o@CWbl)c;lo-kDz1Ij2*%*_!cU$lCvUNI zTA5t@)`B>8lizBBg&ts%h6{aMVZ8Im*GP#i3$R`zJqo^7x^c+P)n~a{8cKWmd$^B|8s(|9gqiUyhJbl`Ddc}BH zJB6cZXJbk`C1a!3j@TBV1A2Kgg*7!ZVDzRm6A@gG7|t*=}T#*7;C1G5Qx^= zPAgd#jZ)Z7$tbCIHXTJXy+&V4GXu$h9G9M((=5m3N(-v)}x7FAivpVro;f>BI%X+T?Lg=pl( zXqlx+R%)XV`=z>ho#XqVC=`B_J(%M%Pq@F%ahb?$FgQl%^GPLN?*uvN=8W>T(twwnp){KHYHo> z)o7=r9jlIFT6&HCHhZ-o;in2X(3&jIRtjBN@wP0;UX9pGkx*S+vtY6*ZA&`-trU&^u$47SCHzh(*-B5iyRugLR4Yd@ z`6XlH@{RO{2Zy6rQl-|(kGIluY+6|XVI|c{sekRQ6k8W=yp`}^Qd+Zw!CGlql<`)= zbJp4gU)IX9^HMO1;l!+6QryHOv=%BWX$yu41z|f!!D9+WsfBeX+6gD8sO@$Rx6v06 zDR6^|jZJlZtJMureiZAiV3b;TN4$%h)H(2Ih_ql7Tc|YNOmwV03fUq>Xe@-1c~Ma* zJ8Z6m_-B7Zxs8Df`U-gu0b}gy-y{hKZ4jBLM$X9PHQK~ zg4(MRMYrN5uw!T%*rY~4;MuAD@ky*ptOq4&pArHuweN?59~Ca96z0-n# zV1$Ei=|teL0ZOh4O%6r%!m$9fZ3%|kwu?^~QPH&YZ^-f6Jo&@soz4O7cBEWjOwwo& zM?z9w5&ZU;!x0S{V5_w7bpy{O6wwH);e@L>%1S6%J`@Vp<1SH^EFv!lEbMU`TMuAI z{GH)2(Gs<`Smfr~tofnMKNIJ1j4M?AHiDL{cwedut12U>?7q6#AJ0u|(-DmK|( z7=y0$Gn(?qfUSVR@_w`4)VBY8XK_A zy-earxssdqh_%~57KYr#K^yjk#G7wn3X8;>=RM|ph*4U!1hAuq5iS6MIytNczvW+m z*yiTXkqew8mK@`zi~vKQCm8Yt#oZj@V-tn!4J%U|%+U&cpY1K7hY{d!!+F6>Ex57h4O9b!^r(W`Hd06Hkb~3z$zOqvFuJKL?NvE5uX3h^MAm zUrmu$oQEiKe2#qx7VE_3ivkc2*RTWalsRwZ$BIu?W6M7WlIWAzW7I6?j)RxGhKCvu zhwBr$(BqWC@WO}DKpwK2z{buzM_dIvoK76rKwWCmvEw7J3QfLA2R13E7UCW?QYrKLKjpRSLV$#das~5w5xzr z+Y2wN+wDO%98*@p68n9~mPr*L8=1aG9Bk&;EL5P)>1feo^&BpI1dhZ$V5>k!I*Jg* z@Z{5Iv2gs;+_GCy$h-75h@Ck1;jq;T zTv6oF5y<#sBhe_RLkcPgIlx0E;+(wFjI|RjLW(X8kmK8|S(A7!5!*Erc(vsx7*WXp z+n89znjH#aK%`)*=xXgloQS*Ov+Oo;^$~mtui@}0E%oo zC;yKdF7bRZF(Dt2g0hqfIh#=<9cge1qHpC4o%W8wGGzAbH zyCL6nkclXT9_FjF>S3oAy53{8_vs6NJ?#R}CJvH2qDdMR?1WN1ua>N!1|&|na<}z~ z6!PMolT9qLsZe{J0Y5n^|8-rI-C?A*F+a!4YJRi$;pHJ`e?%nWowU6n&${( z!!Sv}iA@0dVdo>6Ai))vV{m*=5FMxTs2#yEqseKiVX66O za7op#BO!{#DN%_`>M$x-iaKaSYfNr=N~#jO16!hO_7tr^ssuK!(3Zp(Vpn=RSb`Pw z8ekgfnjzs{)qu^2vn9EZNnEUCn;1V@M#|$;!o)^o;h>Qdbi^bY?AJ-SBgc=;VheA> z$#T(Ah$AE-tp-BLpcfJEDrdrTRhJlPKz&eS{bk(~=M4{;*u{u3EnV~tPlxPj87SoY zL-HiCnQx=2&5G8hP~1eKvb{L(A(<9ZIXDluxX$Di7vGIX3IPsQE ztz{4S5IZ>~H)}_DemZcPErZh<4jYUJBFAIVgu7!-Qg@EAMGG;xDW?e&oJ9R-xyi9b zfmIUyNwU5u$gKvi8klqpr{a|pTNs^$IJ%ZzR*6=tYeOCrMs^dbK1R5XFchOIx@;dd z>&!exWcs>}E1&?bMtp{CnYCyKY=uv}Tq~BLlJzt#mpmJ!V5yo|DO`Y9K%ST^zm7dC z&j#5H=f)vkgB_TeV1b}#@K`o7kgdE@nN%|9rX?JgtilXRL!Npb)vWbZAaV1MM6%2?Rhu&r40Shy! zH74bzNbr$rFXhTefYI)XNHwK5xoFw&cx+Cy%~3?x&V@^f!(&Zr+PtU(Ew@#%T{x7w zP0|peG^3-KS|&WHBu)ac3F+g99eEQV&Z?0VNDZ*du@R+w($JD?V-vIEFNdgIkc9e; zW>SjOlv$b@tF7uPlJr@NNkxtj^(wmd`ACjtQq1Dr)Cfj^5TdK4ZXZSc3F5O#;q49I zUn)c#%Gk24@#7uaM(Q#Y9r7r$khln9%RrkF*^rPfgo4yZ(UGX;Awl>}xkC7f3@ss3 zWAU8vh6wRc4T?BgEoTpT7tn8jStWo_L-?{OIocwebNWK$)^3Ct;^l>!5MR_a25caz zNi;MU`p?Rr!~>FsMPWs>s>iuV>m-kZHpmqzRW5wf)+ry@Lb z;2Lh#&#Kj==1uMfDO-TR)PMnoG37@m`T1}Aodoud=OIe@UZ0bX)Nh$}S`%=wC?sY#<1#Py_5 z@u?CuU8BjY0zvpFz6GCj0?aAJ0F%jnqX z>~2m%TSsRnMrMThz@UUNH8?#xI<#wSa2ibQnx2}R84PFBRHGN`nSJt0;DjDd+5zm^eHp3#KmbS-Cb= zzi4ee%nI7uXn?U0rL58zh81k{%kxpT^GYXh)(-*0A;9L!PQQ+b*VI%k>L$x4p0BG6 z98|M$4LK(2%7wSxxtJ<9)cmYS@9Tx2K!Js9T;T#8?_A9zl!o^fs!1O})2IA)Jbir# z?it%YhzBZa%4{q`E(whQpIXS>k8~YAtF24|BI5ua>MByQVaLQ46Kus*0ux|_P8V}O zX%19zXtNF(ijW7OC+^JIE*|dHG_d{TL6>7Q2zg8(-e5;grp8xwjlue5@5EKF*syIP z2)0IuwTNw9cQ_BIPh1z)P>#z40qb}bVmlDAyc*E122Ld0@J%qq5`+iL^voDOM8k-7 z7Wv|5N^rbDb-Ipo%y@$pOfF2ptn?QT1|)`!zY;p@xI~ za6N{%x3=m#AQf9`p}5@A&Dai;e8p7@_f+@Q`3lq6bq_MYcCyG$LgFYHB8=lx100Qy zTeLW~b{i7P-11t4D{j4NFxKO6J}>7TowG8EqJlsIc};U zZY)$qjwNc;iEX8*&Y{=foJa}RAr_sA zAi`-V%r9!xsELhXUjzYJOyedAqO z4DXTv0JE#CkdtN$UcPkq`++5qc^iL)-W7tq$I0)BcI;HPzdOqGFRD=6xRJRNA;wstqm zBcn7OA1;L#q5M!UI$(ec5r8%&z(b<6)RQVM&dUnAp_EIk;@A~s2H-omyjrcG$Ye!? ztyWiqtYX&nFjrhN9-L)+Mf~Pd8o#h^B1my~A1^Vd?p;ImOr+$1o>|8Wic?0HiTj() zX7d2p&-+cP$y?R~ytpJ1OFJ{g$tR~9go5>~KxlK>wV8oX=MlyT#P%iC=Sqynjy#5P z))-P$DB@_Rep2DuG8j|YDME(6BKMU{PNn&CzGM`5mDNb-?PL#WbC%Jylrem%?qM1$ z&`ttBO7U9>-W+W+2*tXfh+IVQ#3rzzQwv}Xff`vro|ClfliHF(z$-7g3UX-2T@ zVG-DYZGiEx1ngKZg7Kuw)Mhw5sdV<;>E9T^`P z+A`QWMcxAP(o1MjwT5LptIP&4>4pkdw8Z6>c-UsY9)>gDqyC6ZPK4elk~~ixMNGV$;9pp2?6FaqT8LhlqxE*Sf$51k)yw5th<5+q~s>~KtB_2|g!1ECBf|36h zjfV+?mbmWSqm_#QMq^2Y$Lb2DW&zp8!ntE^Zmt4pJrly=4e(l^4JfT_z}@E<5HV1R z0y*|sqQ)ge!zjavNP!?c;kYz6*DeFoTshuF6@M+CSD@R~1o=GAt&kokJozuRIyS=V_buP&BY+lrbCQ4?XX_J;C#D&Ng6U}JaI@mBVIXhC`z=O;QrJNoSoOmJ? zK&W)~n=S%#dRYIt9Kb$ka3R=-^WyZr2pZVo#wtvFYS;R@&>eepiV;VJ9T_x}cS8(= zdq^%jib*B}H&u9E5v(uf6DkPU)S~BcLev8K@w=SVd2TzqD`0;{=)vL<3fY%fVw$iS zeqGpaEHOk37)xONpzEr0LRV(c)BKFXGODf=!r6vH90YvaKx{^&dxlIIVuYEBELI2x zK4B+Dlk+WBj97r}_kqG+ziSP~k- z3RysL3Z^;W3T|Z~8ws0CfR->7+9)6Ts2bRe-LT_x6i~AwxO>!I#0RZ_&u21C0-GNV z01YZK!ID}XY>zU1TXjThn}V|^$A0$k?h}wp8*1SmAes zEe_pbt_SY#1oqUChf+g)#?lk$i6~mr6LjyI+BQ8nJhE2=ac@{%Vzmyl!7R&U)cC=l z`XktvoSkL%ruO^F!_@D&xj6tbLckNEofre>)otbMh>06#SG;qzEsbkH_{PNd1shd; zP(gLKaQ$?yYG>p|(mRbjLXiD7SpURDqX`O4Tv3?6&LV3 z$5@JI@x+hdzD@JcM?q!Bxl5_1&XioOV%wkr_wkIU<~*!L5kF}TR03>U zz$e5OBG1sMR6|nZ;naZsX(%>Z*w7Z6)XHGbcH~)L)?@s1)KR9()6g;N$OB`rLcw@o z`#3*jlfVKqz6X6&lig0$ZAZ+jVv|~T9eGyXXYljb@kyR-x_M8)&)cv<^9>H)WbpG; z!p}4KdHuvGbhCq|j~AH0!MhpXJgBg6$%u=4sl<{uujhd&aqg#xJK%~m?@S8XqxvHF zxw@&1a=%})o)z^;d8L9}HOu5{>>HUsPi}qepCtb`ako5g<&Rk^_?7a%^$rvg{J+1i zukQr^KORpf7~{z}HQNiGmeVHyIaKIBq0d;g7dTX~a2h(1>bY22)SnvtwB#*M&rqra z>P|3AcsxSxDot#V&wD7KNRlMTgQ>xpnF}YUhiAaZ^z`I(S=f>=CaF9(M>(xa$1oVG~eI(bvO=_fjpXueUxo>xvyY|A`@k#lBr`|xx}N5{dAj*goj^T>{ljsdW3Yez@NNwvZ8!H$lPz3y?p zhmY#$=m6&S>G6(^%bwHG@uHV@bo{oXqvJ()cXR}Wj*cJCb##>9+R^be_Z^4NKf9yj z5w}l`&5m?*bW9wc7(X;Vc6e<3(9VfN?EmBJ|6}8a#?>EVRQyv+E-p|Od>6H}j> znm)K~;_%LigZ%5Eu`&K1EAX)iQJ1~pwMIWVy6xaL_UWJ~Gsc1Jtlrk6H}Rquy=d%a z{`bM16E{qR9hkadYU0KT(J@x>;DqSj#7z^UpB!a7gmgOf7?i{~y{QR5F zpWsy{5ANLgiJhY70{Hl$onyS)V~56``>E$n9Nsa0c<1=R@$rM>ta}R1&YN}$2xEuG zIv(oSd1xma(Lwf!HOJrY`sZB}hk3^ik8M4)b({kfWhM@>fsY>)RmP(?tcUE)t{aEP z6vBDC9Pf$HqS{dosqmEeemZ>N^C?i4c2y1}6^j={U4=*Qa((sKTsi*@1CB z#+^G4?c8zwj`2^83m{`RupUl{j@__RHX*7X9+N#eJbwP6^T%(L)2gOyT+z(9{6 zx5szh$be7qij$w56vz?dlAsQajol!oX>8(#iJg30V;TvK9U7awamU1=9pg8Qj~^c2 zanlY)MZBv!Z{%GPpbn3ZA7=A7afs2wLk~TK9)o`0(a~|QKRq$i@r*6jOW%F?_V54i zumA9q@BP~+-u9x+PkQ>U*L>=~ZoG0dGxeRXym9NJ|H?f0+Xp^)@uRN)-7o(B5zoAP z(RkO-{{|GV`~5r5c;6eI_Jpf0`^(+`^Yy_~Pucsk;gdgb+oAWo_4U`h_c6U!%$#-M zEAIVrw(`?6|03sn?7m0-c<8Yc4=z0J<0n1;(|`MvFLeLiZ$9#@JKyw~Cw}`?|N6PF z{&2E-|7SCw{Kr}M&5c{O_wWC~KYwW7tFisv$G_zNU4HsKuUmh?wLPaj`NcOpx88a4 z^gFI@zIOggH_bhDvrFH+_v#1tK6&I>pMTo+?+?$GpIhuc~+WYh2 zrHjA#>qmd0KX}jAUvl#)XFu`t-n2g^LtNw(G$kL-#d8!DbM-uZ~p84Z2!dINB`~W;qPuf@3s&Bll$*)eB-tM)O*>x$KLjg&9~p{ z+;Q!D?!Dwop9${m`RAve{R3~?J-6-t`1nVDm4EenKXA#Ncc9xpcgnT-2R`w;cN`kJ z_|#L+{NnjPH?IEC2fp@#D@!js`Daf%IKB7o`_H@Ytp9q|zx4gBck|(e?vK3hj31pn z`9Dv(OV?Z9cys>T zYybIy3xECjn{K*l>h^!TaQ2MnUAXI%?1i7o+;ho}vhlOhoiBUB(rcb{_%DC{?djoz zAKY;HCBcWTztVld(;wgUhbzxM@5w*B|I9PDTyxV?zp#1unsZOO`yHEqJigoi*F96; zx&DE@cbBi*+O=o><9>SZq~{#|`ekQty7b()-f;EyxBceITfk?YdH=Uxdg%4vdGY^# z^0v!Q8UE0RUb5~*-@W3N&YnjvJ*n^Q>uCAS~^^_xHZfu7I*;B9~R;O~r|-gW&= z@9n>|_nL#Rx$=g&|NKP9KisnrT=CoT?|(o3xo2MUtKv_m&O7_HLsPH2`8U_R^FN3Q2v?|SR6CO-VKH+|)qzqoJffBnttA93S#e>qUkzxz#(ec!Ln{_ue} zedYC6J^#mdeB!Co|5nH>+J68a{OkMs@BP~Iws&p*(qBIG-1*Z!_mjb!UNiUI%|AZt zMW1=#-@p992TRxeC4TZ1pLyU{*_VC)v{L6SPwcXv_}}Au&VJ;*U0=TK6$7WEo{pD) ze(I?YJ*MkhPyEsNo@YJ#y(j&0`qhV*o;+>6^jX_SEu-49;7bi*_Ho&{cY z+VHJUJpW{J!BgI~?p5!q-9Pw~S9Jd1)DI4R{zK`R}S zb>3xMV=jQqqqo1I|69*Ld;AUkFM0R9AO6ZOPk!QEcW-;~yYBp4@RcXtHnC;mp-=qB z`}6rzZ(YpZb)ET>_g&R_ZQtvzxa^LnJoJs-zdz;5Th9xg`qNuqzwv=;<%vUgm1~#2 zYTH{ree$*|FF&*AjMu&+bJp31PkQarnIF7s`)TKW;RC<6ue`PM9iN*lobiIM?7sY@ zp}Rizg}Z{szw*7EKl<$S!mZ|$?tj})Uh%FUY`gREubO?%A9la{k@(g3oq>C%fBUiB z-~9GjjcecV$;tgsI`1W~An!8nd!%*$7f-(bV?TMtTTcJ_<=}wod-$UElc9%{SlnipM?e^hzAUoq6Z8etpMDBbn=Z{(I!ZFMHGUmAC)xhpXs4SG@i;eZR@<>-o|Z zA9Fr^+gs)v?|#$emzM^<*D-wf;(xyNH8yIqe(I{p|1VdFqG$ zw))kX^4qT)zW?ps(of0#Xa4Z7Cg1#b3PmmlJzl`Sp_@`}z;O<-;d^{4ob_ z|F7@76VMla^v&NpwDXGU&;OmBbY4-f4e zeD5Q^_Q`*lzv#Q~>kqD)xF&PpiW^5SI(yya@B6@r@kQrN+phZRZ?5~!FTd7x`Yip| zU%l-OqaVyX_KN%mUid1{`J3B5_lr6?>Wg0W#8Y>`G&h2HOe`@-9P z@nG8Q+@mJfPc}YpTF+vFFi2&iyNNs+OsbGxVbNLN#oJuFZ=ubzy19? z&JF0o@4q~=@Vplu`o%q0|KN_-oVxJX8+Uwn&y(K#lT)r3{pB4y9yQu`&GWu=)_bnL z;G^$;^3Rrjam(WSH~#&1KL5D)y!8DSE=+y(#}_s>(--u-|LeDSkNMws4i;~uuY3O; zUqk=&+WPFo?5nTpd&$emBbQ$Kz|$Xm%`a}j51sn=zqsMLzkmCiXUT_O^WaMcPrd%D ze|7yraL~Kw*3UlbFCM66o^{fL@ccXfGdSfRA9>$L=d9~bee1yOSO5I_^J))1<+^Jt z&-jA%%kw_=SNClEe+Q5U31@d*Y1bRyASO@*4i^?*wT?POfR*+o==^f1gQ1eLOmO*w#^;Y3Io5^%) zw^ySg1*VRCiCF$c$FnrdjALpSjkL1ET2{?$)JIliSQb%0#b_#o*a$iq0BD^o?xjIR zk;qKAremYM z>k4aRiP;Qs)fNCBF_?f2bVP$x$?xMMP}Ytc8nE#YrMlF;*uA-u3YY8u!%e{ zz#9h2;veLd*-$oRZOFl_4ph6fBo}YQ77|DRAr@E{ln-iHZ?(%TX-}6Ryd~@!n50qO zc4@p6ni9fRpDKRaqtCdqc;c^G`W#|T!Dh2B?&DXS=$NtLicD}sg!^%{yZ+@SQj}Ib z;g$hMF*9to*$iiwGlAsPnO$MHy8U8ogVnuLS~tsy7Jrs#@W=@oX}y-Hh;YEF&Wd)^ zM-(^zWMH22oK=i?)rggLxq`T}Lw3M6)6uD{_^qrt<#Y`os>z3<^W)H6CALgeJ_T6<0~}?_W;Sj&?NsMhLL-A*C7y(( z3$o(-!-UmLWhjn=Qehij0Sif28Ni?{ zFUsn}kE&lFs?VrS{Lx426A#wVkPRta#mtXZd87`JosM|G32ZwD0xDw%s&nIv2Gt0U ziaz1x<7nXp&9HfioZ%EeoVUal${zDZN_kkt<2S6-=`3zrX)@&`9@+5Z)UA1h?Z&5U{#ws65vW$tXURvN!-EFOy@WgG zuaBzaK%>e3As#eE*sTVom)c#cKJkpGHp2Z%o_bc^##e)tP}b3oGyKF7A2xr*hZ6o0 zBZ@v!{&7Y82A;iwJUP;W)m_tLhH~AeGQ~sS**Rcy^H6rG=b{;R9_J>a?PbYUeD0cF zom6xL=v)yCtjkA?2Bp0?lEH0{G# zK~-!hR&2G`8VOZw2u=2Nt+yJkha1pqu1+BBYa@{A$8ZS{IK)CnE}rU;rX-{Z1}R-w zJ<1UtiOjO%7>`68U2&K#!s(HWbRS%RldeyVrAG3+RjeJ+*cc>mQG>4HsM&T%I}{9g z-dx+9wH2OAM>L>SiqdTdqYKtYHIP)&>peo!TfOkyc0dVHdW~eZlpM&K$ZY8tklE6a zkQr@4q-J6V;4b7iY`h;;i)5-j3|X-lVl1H~P3Zn*$eT zs|fmmhbXVKhry9=6r3sO`3~~B2Zx68g~C9oxBueo#Ro3F>_1C|VzGF_{_}V|(8V(RW*ID$ zGSGFyp999gfYFz+kc%7(IVMK5oXJO7n93mas@37adbD_mK#QAOZWrvfI|Eb@$TBDv zj2@%7F%#qe$07tt1}qzdq)u4Z(m-2XD;moZ&_Z%Kr+9>1;>oN_9rR^UF!y{{G zdzcm>Bb+@EiDf*h2%s+v2{TSI7E?w_B@FfoVev9zmy#J2c;qN;&LzD)+$-Y$U(c%f zzfH{fHMX%*{EwcVVv_$C22S|@AD1V|-H#>r#x+F!GN5%>>gzA}7J5xoC=B%U^;96N zZYsfkv#(m}t(1Ba_}mO?|MiscQB0WWo%;{PMn3 z$`^X_g^ja?jpe?ca9S3OH^Y2_kqB;b-2gk?qLYVSpN_~SJm$#rr=phkYhX>eZLYD+s zM;?lW9iDf{B3P_LKa3M@5$x1X&!|}b{PJ1W=Jt&H_XFbsL51_EY0#iDkDB1XflQ`m zlM3YVdOC$agz|1EtH3@qFMUVCvA@G zWC3~DvXCR)07SQxrw26>*#^{LT75%&?v2seDPyTmdX~r;>+;~>$T4}gsA5;L1yJf* z9xCYRYU#abiO((<$q*Gu&8lHS1S}FYu2-OinP&*JD`NY!4E7(8NKC|f>IC};c6K89 zBlH)GeTy)iD5ZbUQRBlJm4>dP4)#O;7Pxf?$@$AJMh*^^9fk^ByGYzrO46=C# zIGJ{Kf*GzU<6)LrU6CGQ0eK$J`mU{@YGB*K*cvrNhQsw7De6?!l4GSS)7hEnbgDn!12s4XB zE*;j~G~24$sZrYI($dCp)(mg!EGBJaLWUnDOb8cFm>FcfoTT(kQ0sa;EFs6A%{Amc zUO;v;rw_AbZ(qPLl|#!-A1SLFxmtjY=b0Q6*gnlgUt{UdkZ&3)^r^`Ik6Fvc6{V_ai^f(kl0)xS`G_b2kaa5`C36w* zD@~bmvMErgH=Y5B7iA@}h(r!MQB%vGqr!@-L^-knR*<`P%LwF#j6TT)5Js)UMqmqM zJG+!Vc{*QWOHz&qIVHF+v>MpyhJjxv9=?ok|J_~%n%x=pf7V^mYP6?$#6~hJPbZiT zY_WZbQU)0HWqe~H1GB_%p%4RS6Z5IQ9}b zmP@eX$KT4GR6GmFt0X|xkRSWK2z|32dt+nj^IcFn77m&wlU7!bW!c+26cuS+yk`5O z{3Jo9p$YTuGIe8=%Yu(W&Qw=v1sxH@y{UA7m|YLK=+HuB#L~oVhZp2|sZz%?H56 z1;L#~{zmC&DeGp`HY-*Vqdpny-6b|Qn*xRc0qv+!#$=Fy!N%Hp$HM7_Sm7xqBSzR@ zY<5h{kbDK$S+un>lB-(?lK&xDY|vm4l%MjQ|=gCctY zm!cOvY*|9DhWw$aUAug2OX+0_c_wmvewrL8WNcEaiGvtFnyB;NDpYLoYlGzZQyA&M zS{XzK(bY(coXF-;ld8M{dwsTt@%4jYV=ot&;v%IiD9pmOvlHJ|IV%8VFr<Tb3s1Os4j0~A9>I|C)Uq%&e%UYxpQOyPe8E0;y|*L>iaoo z?4O<-8`(QJJ#kx;^kpfH52}&!XFKZf-&lq!h{z%gLHy8(}YAm+ngCqd3XWa zsD?%u@r!JgAucE~P110uJR%ZAMW$fWf#c%_lDcjtBtREdu#J7Jq+-h>ZX{F>j*Vrc z&=_U-6cP&)3xzEe^b$V!oKtcwICX8T#4S2Yv||_dt|DSkot?`RTp#7W1K8&Wcs9i3HlU5hcB*l)`>Uaa_JQJgMPAokU7Irv!X#%|xFQ$m+m%+xu#u7g*ro8lRI+9#8 zeDV7p1jt#y9&z}7r|kQvNO_>^eA#>j4pIc5;^8<5SyUbwqJ5JwBR0wWgbW~+NoGa= zJU9|Hd4X!NEQK5~pX0mtj!ayz_kzJ`Davq2Qksp>7|66;qp9_&}jnV@(d0(fffbC0~T3y#1EMT)<<3gJ3N^(Z`t+Gj32FSw1mv) z@ES&W+mogBYz}1eCj0+l9oq=(*#pj4Zw8*t_%+1rABt@@$9cxs9Ax@=l@PeZnQFPa z+a@NonIu}?SlC#Mom8NUyBCVxLS52r;|1jKWpK_5z~oMF$t9bCMF2AEB%ZyV0_tPi z29VX*45*Ee3rd@LhU4rd;ZQocG&JKw&o65)lOyg-j=Q_UPS@Jtc@MTD+a^L+$>i}6 zG^j(zvXRFdmO0m@7%X#)id%?K(I3B>$V$Rev@Xizg`HPOh^(+Y>4`5?{%g>>Dnx^d zC=z|)R40%+<&jEq%M8O;2!<`rYVAoPt}BUaGxBEar=SrE^79d;G~f~^4*mAhWxb+C zJclwkaDbJ;GO1$B^NyNz)IeEafCC3&w50(RYtPU*A~&A<}T!E|)!fp=gu}Mj>Cw0%J(qJdK@^<(Z~p-&EMYA0V3|aNq#{)3LyT z1F~5cd6)^~vcY0OzE9?sUIpf4O@{NpL$h@c(K@lMGU$_EXu$Ux?Msn!QE1^4bkdei zLj3&E38nu}n^0t~_!DHZb}|WPtrhn@h4hK;JF0osqT>jxYx_x-UsMy<@7BfLY$kS* zmdsYws*mAYpSZBeAMs5Wr?a!RA`1!SVW)T#y~vMnBVkPI*s1w-G=x3VMx@Hq0Lr!r z@zd__kNmuJ7!VnsRQR*|6!1~B2o^}aqj|y4fib+o>REGGq1Lqf=pn;vi1&D3oDpVA5^91o_CN=F) zw}^zQBQhsa2?|wY*X}4*?6El8>8fMbBT_DB$2=h@w?Ep&w7`LDK_979ld)qq;aA+d zc!6+{tU}+w?{e6h_41|&^QfsHcmhh-MtR1*tiVPd*Yk(JBCDZLkK=ln@DR&p708Ygt7zVQAIP@J>k_KNG`I5?`2&CH`kwPd17 zJ5jToxX91~%CeG+b>!@FDD*L{N_V_rGC}+qNe!|XC)h~ctByS}Wv_ZERlV!>?~jap z;?WJE+BDZ`mH1Wek=GJSwhXdtGn*E_3`WA>zyW#69!C7M%j217Tw<~dWRgg!phOpn9BZ0~ou8_E zd}gD*OO?-%6cE?3z1H>lc5zO&w@}Cm%9s&55NA_dz0p9vhs|h7gM~2o5@F#LBAGZOP1!6iM#*c^oYHEYjorP_ zvOGlTx#f+8jiqeVj*Ouc2At$;DNLCvH9k6x4-q@sYE*ltkO&SF~f31aZRWK0TfmfylquFm9itMt|Qy+_QZ?4GVseQSw+g~u~gvQ z@@^m>xOp~=FhzErhNIMm*Jce!lf95(is|u@V{zGB2rVKw^41x?Mf(A?6B&4`To}#( zP=~|Nhr`%wyW(7SG~y+dpCN(xVae=FgUgEfyhk=EC!zQ)(Yk8H> z`XRjDYf~|bs2+aM4jZCSn~$7++kC?f#x(M1iT%^2OiG`%udN-cdfY?TN~surYOU2k zK4kJnO0DoyYb~K(NU0+~w5{QL5LNNK_Q674rOAKu7h_^(by^6ohN6j|KC;`Ql*^(O z?}}2cnEF_))llp#m(0L=6Z+7`4(w8Nt6q$?(612Y@~VJ_Ao(R!YDKt8ZKjq)S)$E{ z8+GHjCOJ7(TPI_aj6?ba3>Zt?$U~NCr{?H04#ZR5&jU|L60A3WzdQqxL~223}P*_sbe3;BI;0p|ORqS0G4_CYU_ zD@^40S`s5BVeq=C5V{3~m7r%^ZsBm;pMz_o18F|a??+t^DXm4KYLGZuiEO%7AdK8Ahgw{L>{@8~Yyl66W1T+e(KJt#7M32(-zT2$|19Lr2MBWb&eJZ7GT^`0<4d@ zbasWbo#L|DLf*3Zyp5@!N4|N2u8%EU(|U^S$)5lnwrQ)iuPNYCjcq`>Esgvda~)DM zniPY9F4gvwG@%y61>5j#LL`m>D3&&+LJ)>)E$dKP9r5y`)l`hPzn_%m=)mVTn_3>K z$ggZQ3jVxoAum9zOBg?`*6t}x@1!9nt#~^e98=4yz33+WbwcLF$zoaHvZyMX z+DdDgL~|ZmZEJeT^tKWuBD+V4>()#`(kCkq!h2tFg@OQbeC%n?EaB8d`GUkG4cQPk zqJw7WE~XDd{1&Q|abh7YXhk+J2f{sf5hLx}{5mfAGhU+f$U;_!e?yyL7ZO*70I!*4Q89`}4m#cRN zV|FiLb&aLOm%BmhWpH_3tt@U$nvG(}u);zKEV)M#2y(2|fIti<5`e($nC!l^8fm#B z;1~9;9n`R+thOf|q|y(%;m392qLr6nb*A{+c%+y-fSy^$3n;H^`KkKIqYUOv8$m~^ zx z8zmLsK=9pgKr&QL3j{5;(!}H}M}?>-jvlg_h#LT8v5ARSJGM8}<)`B-;s9SW~WJHfuH{3X1ekKGWep(g-uIWdx0 ztH}Yi`B-j|ITS}zZm^tLF&_0NCG~Q?BCOb;ZEMDR@>H8(pm8x&MSS24f1Xic?28CA zAwRPXwG7VHj)%PHUQu+fw8zy?5a9+`EQ>W(O#NDtUrWpMvDChkCAoFS`+0fP6u)`r z99W-MP?EcAJJwm;1#ftSq6yK8Bb&?4x?MYMJ| zBS(JwapLadk9zkJ^2s!xG~JLm-7!s_w_<)%y2sQp^_9{c(N@<8ZzH`40ZMBivv#k> zgty%v)3tGCWcq@U>Ae??kL}eDYD|=om{7is8w(qY+11n?AG~Pq?DpxA!Qq(%h*F`@ z9>UPj$jr<#mHU>dtF=CI(d_i#-l55ft)tr#5LRk?Emgxh6C);&wPuGzRsg2qw^@-l=8WWJfcNoDSpTx=0@D=?~`PkT~%oGg7JjHBMtI1Fp3ZbFYqxn{a<87mxk7`Ar zIcwV?v(*T(Q#|=$y=u*aCaMOuLF<8UkwwR7z$KL!%CMwap3%Uzjp;f2_k%`|j+D@U znK;`R%qiVBiu(xYsE&6+8d{k)Mvl)rU`FQ9=jekL1;tiwgj=i;**M2>&ksIny;W&^ z^gbyHGKq(#2(f4IWoVf`)23s_%JPo3tK2g6sv|1*RP`yf!>W|p z=_BX4fnzWkP4KowW(`BRa4=ZDYirfcNMKj^fvy%*>iIO%pCy5}n>rYJH^gx|w;-J*qIIwi|u6}^JMSLnYQ_(9_VX@WQ@^aPC zw8+`9T;h>WXluNw5Jucr1hnpR%T*3j?do|E#3QWi_gNLQ9DOZ!cc*yw7_!0_*SBDh!s-PGBQ)tk}K}{!y!e6`R&A!c6HmX zw-v_F+Jng8zkMIt)n7>_Yh7|_E?RAx4QZjZPSk?#*#%bc?gF8QSDO~4ER+VLW#4S^ z4Fd`Pu;trWUfu$!US+F=n5-Fx8}mn7El91Bf~G9xqcaz!p&c@imdE4R349dChN@`D z8p?xTmIarCO9K+^!(v}7ubHC6R=Xx*I-)r~0&#lf>1_jSjWgQ@TFRs*xJbiHGQEb` z;!CFqK1Vz|4RdufgDrXMsL#d9u(fJ`w25z+$7s^i0IhAp(;&5(Y>izjCzdrYH3eWb zQ@YG{B||FkPREHa`qG{V(-kGqiMIFfzAgk0);q)p>pfIMOXJWt>md7lW5aqv>E)*D z=1p|@KGW+mHk^@N#ws!jw$Rn3S`V9Ap}(3G)xJt3e}`rEN^xY`6QNL^-l1@5 z1(8S|R*qb5SEwA`@M)F#F(&;KvkWA8^e?Z}VC!)vt(ZQbh7M+2tV#(%Cn1e z?x9RecuE0K#Y@QItVh)2XGsyYw5KG(mQo-3YyzpeqE5{W5RXr*Cb}gqEd&;_xE{v} zgYuKgK4c1i{ONFKRWy=m-EL*9+3;SZ&G(xtdo_vk+9P$iq&p46>wJ&918IG8rcnTFrXk z%p+^B??H!Fk+&B)Cb2|ZtIg`TW9umB1Z&I5pcYe@b3t`s*{lmuv1Ri)MCM?8Bs+s1jU=fD-TY&FDa~^p>rt`|F7n19RGA<8H7n!^1LAhn4v8+r-9QTHYS2=46 zAusQfJp1>oGfNw%N>gW+Hk~!BLKcfnKi0!#gVmg%6sD3TeO=D4rpE{eQ4j&c4@4rNaH z1kJ^4bg?xj#EvNQ6cZH{OS3Q){zSsZB-VCXP(!WvTI5R~inNnqnglmT{G-K0E^hqO4vPHe8a?~?kje3jo&6^sWc|-GcJ`kTkt`EAd(*=n zIa?cBw$0>rc7nl30uweS7KnUbfpC81dnNaPRkfy-hnwyzp9+7pszUJQz|;jpq1>nT z?XYzj{6@O$D*w?62^>ovN|mpV@WmD9%gEcd45ksZF7&XECPm~xp)nJNoKccgd>Jyp zOn9)s4(kb(QR-5iucU@UB;6|&w&76W!QGIgtBCYc^hw<9RVYdl(eD(1iOJa!J#j9s zISdEFt3*cF6gg$N9MgdF2n22_G|`JK(U*%F_DtMUb{biMV?oCZJrpe!ky{&VPKZ)j z8Rj{wPqFe@=IS%4gHbR=&N2XO3)&Nv z>S+TlRwliobkYr*xh(KdzG9O~>zlAzdSk5x#o?W6>{F1*7H=iCT=cx!;j(VCa+R+$ z-&;f)N_K`7`cJ9$5G&X9&;llb2n5J@Dyb&h#S}Ei0l5`?H;Py4oHe zii9M@6v+aRZB62{&V&5Empf1LTey(`30`!GbE&vy8jA!rHh_(djg5VId7;9t3iElj z9E7VS=hZ{+h7AWEN0F)`Og#lpLPYXl9%Q#S5&Z7QRF{yOCJ~%GRT-Z^pid(I7gxt;_bM4PO7l<& z+paevb%4_eJnA{=Ct-4xe(dp|>T{s1#%i}@0D75yS4C;pY{2&t&qs8^!(3WFQSan!ob;#W3N^2t_K9KfgH}Q|Z>v?K{>mOhV6x>K)?> z>q_q>!c^-`8VMQ(hz`d+uG$nt!qr)%!}wlDxWRXLZW3sa&(Q0fAMGE$IckrB70ccs zR+sJue4=SG`M2CTKq%JU8@~Vm4x4{x4>PltR3jbhFbxBstWzUPFSH~yd?ELtr{mUcp7F0+uPebM2XtX zMu$}(<)bkTP#pJS+PT?iv&S(YrWPnNYyO^e!DcL4E`S^~#o}3Wr%^aDnSc-?)3_dj z&16YGfP5p>{Q43c_=y%qp7E#`qVj%b#m^*OzJVR{r15kjPF`sadA8dIFu~Bzg4b|x zNS4Qpu2EJfs)z#k}0r4n}j(GC1|l%65;BfAuegVgdjW(ek9UXO@Kc7K5acog|~!u9k& z!pU)#X(btfbK`b8M`6jE|C(FaeyGRDOu z)zqp%ua@g{mN%)Y`{`l6c9F7Up?2`*LA{DfE2a54$Pz4>>Zn2hHt=`-)%RK*dHw9T zj;)&GJOQ^ukzjASQ{jpAdbNP&ljv0UKDsZ06ck_g!JmiqbKY$ z_$xR~V01w}|5_;~q!P~3d)HAA_Ot8k^!BSbF_|XOYBH6X5t#?V)Z9nRAQH_e!!$aC zBVmn_GfZ1qk)~D@$0C89pN#pwDolGcxLz2>z6zbiN@mAcwV0+(@Lb5$yi=dvdDE8O z*Z{1X@&b9k$4B#l|hzk0{z#b=7M8$qSK8h$qOy zA#tBNY{@u74+qXOk*}MdW`(I9iUOHwEQ)~_QRJ!?HD#IrBVOof;T(HjI98I7VeWz{ z8)VaRVPk9SZ=&Q~;kEA5By0rLn^y65BX1D#v^z%x7S+x&vwXqAF&&yeO9-C};TM_!A-W(l923BjkD`$m=lTMug)ka^+eho9|uA_e2+>kB5=`a>@osDlCx z34jsB6R;-ko^(4l_6HMAQr)x)UL(RE^Q;hk6e`O&Lr>k%3ipi{c?_BVxO{!_A9}XY z74_xv^@aYvl_~qvc+0F4$lyv(WcEaHAeR@qK21{$W&pYNO(f!7JJ=VgISCqw{<0A> z(ywxvpf^cVVF#$+hnVgBqP;Vjf-t+~QdfmAB4ey13~t{V2b@duf7u!sM@j>T2ngax zM44qcFgRl957NMySwe?Yr==_7v6OK9Tm<-eE= z=+jWzcc_o7+~2hjV&4PTWh49C_u4+Dz;&*=ay00}RuU%bXPU^%)k&LUrFSaRJvNq;Ii>Y`kYkbX%Fdc4zM7wHrKnt?o1| zL%GQ}4J798cANKXR>4}KvlOfgf^|AHe-^=dDb6ljq)C1Lm*VW7PMmEx_n)IUoBDhU z=FNXL*syjtq&xt7Kg991VlX7*C5*2sXqqp%;G|<5UQmpDs{C2RRy)V;#+zDhZH28( zjLULgTkdN!@-`9cVY#XO={B_{6aP8xXhz&1!MD>_4R*GzdCpjAL(840uoGotv)qlA zyU~nHDGOP)+>!otJ5tlh{~UKEGiX=l)xu5NSv!o`ds&Jjaf68n&uoMu-BD`-g|9vq zZhX?9gvT?0YId`0`?TGb#Uvn$FQ?w*x5LeyRw1aIOs>JZATKVo_#qey51TmhArBFk z_6ZU2YQLc96t*Zk+grlxfKPfpAe;=iM5SX*78@>ol|_7WoO!Gd(&1X};6?j`Y;cxa z_;L%M_3pPcsHEW|E}2G$t?=dM{`GI}^OMErxb4S1hOnTsNp>JLUNo3ZWoky#&vme5NWN5#JLTw)HZ;#;(-t1~^XGR<{58wG5a` zpzp^c#u56OBNinE$&m`B<7ZF z9yjk(eqgsym;ok914sc+1pufw=-h}8Y<-N<$O>3x=mc0~$|7zM`_~Xl+fEeA zVk(uup2(ot;q>V0?yw0KWmi~hQpYk5Lv_`D+&_uw8HPkq^$Iw{NSI}EPcxDITv*2o zXBa&+5ZjQXH#!pv6InI$QR5IV5=Jj#sW7@H{2Dr(0MExUk#Qop;U;&(i$_qp#waJ3 zR_5;_U>(E}q1Z!F8t0XXoFnh<;u_wH6}OUilCk^9$dXJ-c^eUrBGN}Y7FHtIjal^&ef&-*40h{%`M(N@oX_e%Bi;DR?X?j7nDB_5bq$n!6xd<&A zsq&SgE;olwXN4Di8Dk(rv}RfVy&wP{_%A6t{uhU!0(`Q)!UGq_um11b<4bN=%K?h$ z!$`#9L_)@s>ktB!5Hy^85~&(|4{`xtIL@6BB*YuQ`GjuKeV2eg#)v)xw?h;{aE-#y z3q#;`#qc}>K@3O;VFEUuahqc)h=U6hK;P41mdly)P{@M-ap+;ponOLuFo0NJ0n$!f zWVdH8AjUD~zxj*TqJ|DVJ%nWd&!;(;?QR#2Wt%&-r?SoO3bl6FSx#X|ly{}TN^TE? z1`uO?3kl&34EMmThohE^s;6=@$S_hOm@kb1yh~yNRbq&fSH~y+Vr1V2FJqbMUj&7@ zQDLQYCsb~7PbLxd?)ZG911R9LgR^LlNq5wncEm&LwqHDPay$d`5kEfeF~{7Mp#ZB$TVD6LyruvM&8{OLH~vt zLWMFSP>3kDn-&sNb;ZM-=U{Dj|F&CROb55I`Q0;3BFzKZ>~7n>+Yu78&cvH5c@_hk z+ud$DP%=Kx5PAW`l|_1SFtHa9ZKy0+s>suwTmiPNR{;=#?b9K+wtXdFyKDVO(h_9= zn7nkwc-qx1Mik1i-06V>na+rYSQYI~C?sqgDR5RfqC8y!#99sc zfx*A>1~8(IDtpIJyY+AY1NN8m$c8pWBPJ3&LJ4>d4BXQeIO@;AZ;sxV-!v3>fA~y` zVp%8kQaqW}bFj+)P2b8PQ1JN=y_Ou0=Rl22`h^b;`;Z^14Dm!VRt{YK;=R+GNI%FP zWF;{qNgNRJZO9Ghty%p^G=Cpv}77AIRA zYPZO8KCDnbxr*XsOor(f`RN+M#0$|4OqVs--ATW$4E~K0qr76^8tY~vM?2^|=5C0x zAkXKOZ8*BPlG|rRr@5D6evc(2WD*OF{Wv7x^7X~dhWKw={ktju-FlW*(4EJo7+gZa z4h>1$$J7ez>KaaFfp-lj89eEge#K)t$^f5x7ZMLND4N2bB$gTgbKTvO!bas}I(SJ1OTe;5m5o zXkC-g38bK`ELbJ}5RRZJG>d~~Ca6khUgWETxh$fwe|{PXQ%!>rt}f&BiqWSKvSU;Q zfb_(qDq_gRCh(ueRrxM>PBaE6ZA0juJfbTByEwD-IxT;g##|Qbv5xv4tYnz(;_&7zjeE|^OTgH z0gxxUd>KEEuMxcB+1vs6@5leyX+H)X>&Z+fV(SVLq$3Y#JYnb@C%N1yPD9DcfK;YO zLc+M;4`VOT)1gWkpJt;0{^fEGv$leN1K=+a{2{u`-y1)X?$h&jB0err- zv9qTAwdZYQ3Q!O1$AU+Sr>1U0rmnY7tvV!s;rUS zGy_MLcPcCJ6>D3hg~f&AF@?BILvoat`|?wwLbXgk8M2X5#i5-E7hC_BjhhSmzMyUt zI`QKO(aa1;8idI(=;8{bd_PM$Q`i%1|A&65odId0Kd#JvRcdNvLh6s>v0e2Dd^%f7xEK6 zb+bM$$Krc;_$T9$OkB4n;lk` zK04Invn-AsrvYw#cN+swnU1Jiu|4p=|MUOJWa$6td;LE0)z$w&8d-I*3A$@8;(Act#RZHE#bQ%4G}C3Aawti!;%t|3;`S}k zFWsb(fQJW=o)teRmDC=%JUC0=8n<*ZyAyk->>CXB_+9tO_VyO*^mpCwx=+57Kje}G zaRMVUM13}t!!*=*(KaWaca*;@1P$u8)Yj4n%=Y${4UTx7h7D~VBa{u#;nCUo(ZT-Z z(cxasqEw|7Q|>@0Vze}-V;&Qh8#!iV#^DXmWd(yhcOJpW>BUlNVA0q7yFC<`x*o=fl*61#)gYGwz*4&D*HB#D4_9Eqr{mRU?BUD z4SQMDqdUrmH{iw+LJ7e6#=cMsaNX8p!D90{r<{$QZr8D~>>{sJS(DQ=m3e-b(@+_K z7ZQv{9+n}FEtFkIm|-J!wwa#`R~RxcBy(+(CO$3GdcfouMt<$@Y;20PZ)F-ewo&4S zYGE9L9iN4U~~hq6i1HxTvH@7*?=()pU8%| z*%;3T6JwetPZ{ITta-~rhJ@%E>Ro21a1qg3Mo4G!mz>&kx9JH$D(c4*-T^vFkS&x4!B>DH7@qD7)N8T7Q=bc8o1VC7nrRkQs_p}>hi@D~RM#LZ==<)5#4 zVwa%jvP$x;f%-HsR7Lqk4gFMT;LvHUfR`wQJ?PP*qe4rH$;uyy8>RE2rmZ>>dyYXaw{8yUq+!)Cxr1} zfTBTLdeNY$F9fN?qr*0jUJpucf~$;IJKDOcS#|*YF@|HGc5WDhJglBiCw^X*T*zVn;XW1E9uu-$X70CR>4RaN`@vkz}o}AI(iTlHA)&g z0{8dM?~GUP%Zrv+xc3DCk~b}xqon2>CJ!X8>jIAe4-lAm+>;yhAiae!lBp#_XjbAW zHKWX>kQ==Mw>+(O7!O=8^1=y4K5-Kqk02ewv3ab}$w_RtJSj>m>xJgS=CFNhKj4OD zFrpYid7F6_2akxba2Do^+>NRpXVa53h<(!Wo9->5L;k1hg@_$(TI|QZ_?wHrD~twF!rkU1$7Vf}bIu)8_F5~7Se{oiB$6N z%UWrF!K!naQ>;~<;bnw;9IKIJbA`tdcRWtBzGx1N{3eNs&LIRz9Dp^={Tfk~i)6i3 z8iOP|AYUl?nP;k25lk4Nk06DZw8R@O0vFi*H_PX%dUPK1&c{l-p&L3Wzi!ewIlVl( zXwy47T^rqQx4XN&{f*4OoBMZTdv|O1n~m+A-Hq+7t?ixeH{H#R-L397p!=~ptv_Qz zJ^W2~?zZxs`$C?BI2vG&jz!!G(&l-c_@U(8m{1u60R}4JRYn%ywkljq#Rm2xoPhg# zRgUq-wJ4_56|$Rzb+88isDbXhobz$kxjSgW~VNrF z<_n#Q=zz=K@Q)ers@`Ti>G|sWi=%_{qsyz4{WnLl|0&{eE88?Z$-r(VmCnq5nKRK3N z_0pz`=|WQn*c=AsCD$`dyj#)^kq;vR#kI8!-7;;QXyFBlJUk&Z#_(UGP~o4}l__;A zvYbveE;gKG2il~f%$PuY7LErf5|GF`SYsq%E9(U#6iH|m1p<$HKf=j+1tfj625~$H zp)^)$5Bx+bN%nm|9!In=jkCg$-W}QSmJ^d?1?5y+D6n2Kx)JIl7>IJm;s!}vL*3s` zvFK;mmuG!ikNGWHIpY1$8?cStA7cz78cvj!TbTd})+^Ys1S93XHV2&(24#9)KaMDh zM3iT#+*Q}Dq|LB;n*{0>R#UkOZcc4rrDmB9;Yi6Id2~K!wmtJ>F!_x(cqMPdbqVe5 z`D@Ud06dP=B{oU@kccov%L%H=(cX+IQ0I`ZY*RC*ueMfGi}{rLjTtWc$_KFNLy{-IA?j4Y-hRb6sax_g}w)H%k$7eYtMGVSWP(>7uIF=&RP1{qpJnWtP zaqkEWm}n>GV^!j@x0;Syr(!yEM=b}`%n1W?a(a2R2aYKic@sdrYjz&&!&@*y(U@w+ zUxo+R@tO3}N!^ax*)@|&Zhq@gU#xo>+()`ZC|?|nxF6|5Om6&!1AIH(>^{d%iEAs60ke|tOL&4*) zHk*kMIBBra=VhTrozf+dro&|=EsG$tLny$``}N44seW+xaOwNrtS_r-G>TDJENvAL zvc;0gbJNW>w_P>(J&MGkvxnnbB3$ld%wo-yC~p_TZ+E%P5a5Dc%Sddb{$dA-QjLa8 z($s!8y3==#f4=#bX_d35P9srF!CEcHF~VGEl*e_(%ACs+8F+=D4Oo-hmy>I!;!!eY z=Rz($yz}FT#46ydJhHRXp;Oo1a}&RBzx}qAxp|cBy^2L0pY63iKEqf5t6&uM#!C$T zs=_ks?~czHon`mgdo3~!VnBw#^<`+>-<;L=S!cOgp&{nKIpF*6HQ-LGwbcf%y>aAc zGq~4Me>DYL7HYtt+(fvV>w?wCzyF!){_koCLv|Kw( z^8W83p7-xNkHHNZ?QvGrM~D zgJinVH$*iP3>Jj_fiMB~(q?(|aPY_23&n}jOA_9%cI#&-p!4#SwZZ0rfFAU{F@Yk! zyk_9b(G(_H-0hbe*vWiJLqxbe2^+P;lM7aspKufCuh)!O#^&7YJ|Q*Ck{{C%QDsUC zG#WA$nU4Kf<^9@w-khd1JW~NcKrzG6r??t#r$#WrD58Df{DruGAx;jOXm=VqDf_!A z0m+;lG{&EVmX7<%w?zO+XFyoN^LHrcbI1+xSU)7TmGqePubMPV>L|5BWKh5qb>^WD z1rx=QW6<%e1TsBMQ0)2F5Chq#ubMt&UuU8dS@(DbaNR+I1gatveHB&eJ|t$Kp6S+kVR`+U)roMO=h^L6j;v# zYLgp(c3>&KzQ-^f!02G#fZ_U{1GaW|w2}~0S@r@AA{ZR77i;x#-_}8dLTzLiRMswo zEQ4or&k){1n?wBodb`^&@_{VE?J3eCKf;MoqBx-!Jca~V8&aBdxS{PV0Gpk~F(7!}$o*Y6(1Ww7{1+&8zCk7=8Rq$0{+k^UXv@D9}O zP_kf?&E_1EIJ|*CSsw8lxauCuqE^Oc-l7&Z=#tM$9bIJ-Rkha_;MI4xFWsLn<7*f- z>a|hBsm8~IUX4m-TH64Nv~bnvXAn!qzgVDZ2Fk%zmugIO+HHJu^2;hUAVjT&YLc`R zY(Sh9;G31!H|Zup(`O;_DMz`aZmq~(+Gz6y^I!vHvuc`V5jLYiTPt-7b4ogF(nQnp zA7`k!AN1Kcl;%>T$vEfhR1I@i%XEx>~c1@T`M7?YK@er1OsE)B`#77|P(w z%?D3bs2?>2xpKJjg&L1j8T9&+(~XP>K|Ss8h+0j@NVd^npmHUr9IcXe8WwLlZiQgq z%?GbgwSEMPtyKNI`b*e^{j&Y|IuJB=356yJoir)roF!t*8|bKL@#1WhG9$ph4>mAg6EkkzANtlNu- z_>}8l+79XMH}91NBA@qjNviqGRhjOm^B1!B7vj`I$kRCQi-DGzkF2yIW98LD)j5sc z!d%ej;bC5qD5Z5Z_wtfN&8xPs1@qf`4)_`Z&YlC-?7CPh_gmwt;dYJ&^@Y7&U?QT; z_SJ?}_h%gxsj(OF+w>HNew<8{fq2d47$=j1)T>2qiro0iIp9DFz`3dZv_Wnl^*c&M z+PQ`k(xG@vC=8rut2Q61=P~#I1{fy5 zy#eiOu5MO8*;Hr0*uU#M|2pb}UxC{P&gy#x_}&4(KV!rf0iTzYuNT+}&__Jk`?Hp6 zdttCuQp>atqZ`(T#lv45MBn3CI6)shv#kMy{ZL%;vGOLpPPrO5sMG!>1H>0a$;zl| za>gYht`ru!KrA4umIv=t+~*}f%e7+bPqtFZ4-hh(P$1=@%SqDgWGe4)Y}F0XQhXL* z_nwPjT~FTiJ>NKI7;!tqH4@aWhNJ*uLX*Jk7eCr@BJL50Z$y;)NfWTy{_;fb%KCTb zT|e&CHkz92FQUCsP}?3)HouU@;7$FI_Hi6h7zGPyun%k7d)JrA))&&CuZuJd&Y+rg zjoJLH2;B7{uBRY>F|^~`TgsIz5ut|Azh+1=X;R33h#2x@f@2V4wtj2W+k{JlXE(3kyM8k~-TY`uuHv<*h$ya_t|tZe3un&(4i)p=!L1G_2!!?q$_Jwc5gPlu;`-h0GGr8cXb9thT?D3Q7v@8 z=$8@9zeMe>mjRNm$G>=^u(Dv95Pq}l4z~<5dmE*tEe+L9|DjAC#V2@KH za}f7cwjqAUB6CxU2pS^iPFYM3lDG4Yaizr-P1d+qP}n>Dac}v2EM7ZFg+j z-Z$?#_m2Dh`2JUo8hejgRkhZ9=3M&<(*!>)>IiV`W51ShAU0@O>unL~Fwa{;*zPW( zgNrYPz`g$nikGGk31(}MJ5rWCp2319d|<#>@GqVm5D-z+u@9NC%0|@C?`ABjSG8Q( z0ONGSlBf69x2vo3X!M504=mXMB*!tE$}5-W-k&E3faJ$S5!a!;7O*sD=A~<3)DBLC zj`TB=rzP>VL?5qxPoDs=!|+^}?9F<3XPvWEeED^5MOQ~>0d8hSuAdhGFN8TdDj`OH zJep0&3{A=dpSDV`*X}JIW!k^RDIC2VWT1xi_TMoeeq#tszwfMF+McWej-MBg-u=SG zSMO*k2=wWW-8{fiH;Q>^+{-yeu-nBH>mY|lQ&RJCRRRk#qf-`cZi+eMu|m(s65U{a z@iV6X8&Y_qMkxm7Iiq&NlC#MiYjA|b8VU6|MAR~2`vb^)*=*#pepFfanB!T z?}n^0^TEDy$(`^p#bs4l`-*b!%jwXg29Txq@z~h&Jl9uPjR{ z&b9wG(+B7v*e_4(qr#UZ0@ym8gER`u0rpcKhEwM;+Ju z@G+GUh-KzVXr>2Czd~R`3mY@;p_OQsEX(Hh3sx$Y&4ouW={k%RbasW5BmvnCcVIC|1 z`#&$sHJOEASr@WtCu{f;UYYf0jIfkcFs+D^R7rf&#(2&K3j{8}`ufczNlGmCu4(~&sd{5t3AIdjmPaSfc zRr^;=o#9@_vDo{*)&xRocyv>5uBYJVcux8ofZ+}+&G)`E25`eOec{*2?wWG{^Jl(w z7BNQuy$PYfO5?;Z;RF$9N5CH{92!L6*x~Q}XKrWP+-bWCd<9C6sJHnm;W_pIF9}CY zz4P2#-Kxr|@!tYSw+h;&;JHnPP^Q5Z{}9F(cT5?2&TxNE6=;3`W-kFA?~&XR5!9pR zsCz9vFOUBt&aU0uwAg^wFp!?+4@ukH3!w6O)0Emb4>;9_{Fu&3C%6 z$6VR2j44MzZu|dfSKnd|@kL=Udi$0}q`&ba?V}FSMZDkfyaTRhR!ju}z3oc?{;|Z~ zG3_)R>xI$OVGq?UAuT?mT@W75;B?F z?Kp&g;%pH-S-W~A^Qv!FsyXQCX-lp*Gg88ZxADbQs5PI2TopYmXNM(*RwV(ehyhsk z9FW$lE-sBN^4)Cs`{~($m%o{tud>(vmal-B#ptfD)#pW%&)6`JL&reBCB6HGK`Q$K zK8H0WO-)V4g6gljSz(*?Sx7VJs3>%nQpA+ZO>fOGP&FX%Xoe-OvTKqxDdfGX1?rqo zJOjntaDk;#sKnD{+=yq>TCx}&(xy+!!8HbN`a5qCa-+cTy5DP7NL-oCg_bZH1A|Yp zIN{lo;3so1z9ZoSi{bhoB%C1JVZNvN@o}QheVj#j5g64^r2Potc13rZ$j%A{C5(5c z3TgK2myuUgnQ|1|oO9#ojiqK;{Bx=!9! z4+e1O20Yr#k1LP&J<(IWKdE;Q=wE|<$+CEgYe?wF){jfvM55(3V8&8APwo$C6=#I~aVTB-i2Nbk?stLm%bZ-8LV=KCn`EWPIWXCiya zAcl13^FRWBtnjNv7cHJvT83K9&;f#0GK;s$o7TQ4o(@O4)z^yx3d4&2AjJ8M-_IbL z?|b$7`uM*BZ@hg12+a*8{MOKI8tHbMEB#Y@M72sisN8}_z&Md>jzb2Q@BFfm#`yB- z8FJvD#2BFLb})(RmLh-sQ-r}TM~KjOvGxh_fMlOJ+G}^y7%l~^xoD<5&3Kn1zsa7qRr`TXQ{KSR=4>Q% zl*nX*?LT#3FK&zxG(mZK?6@GBJ>Edj;D28JeVorsW;i)-Mc4xbiY9uZY7N06e%$ve zmyuGvS4z*_1=0{%XI?EVUx4)-&S$?FQuI22oelr=hTpZbTgo%w=Z$^2=WW{?CHuKI z>zzX39J)w$!^xmLjTU8H#rA+^Zkg?&h@vdd44Btj(gds-B!wC&y#xz2QDQ2A$76%D zUkG4$^~2CV65;Q|*w#B-i-J;kDL*$`tV-plJ|o{oJuIvQe`&63x|fo=s+-dA%#3QP zvJ&HWv7MkoM%Lf) z^PP8c$WrS+oN|f1_WF2H0lK6x%TDw)6{+=Ngki_;5!hi}?7y9s?5|53FPpPn_qpW4 zpVP>I-j61GKyP>b|GX}Y|B#@!&3hupr6MQab0MR{;E+PL>ZQ#uW>-J7br)~Es?%7^ zcw+8GTTIDzO=EV*G=rKvC@I>NzXGs+%Az+4Q^GQkfB6m&U7DH6{q}0dE$^1{2@u57 zHW)Kf7%L{q8@lwRBNb2t?pwSqbB!6__~YLVq(-8v5MDv?+AzZT2$KJAKw6xgU*yc* z@4(jG-LS7jb@5tx{bq4s4P!InhSf7z1l$-e8-6^O?I#Bwg{UI*k?xo_u~UQzdp7q- zIBVQbwCo|2>wrl@q9`>XFsSfCdl1_&29QK|SRUB^v^;Yl&jShr;<(??8q{!eP7$MV zf_&FzPj3W_7(O_${^S(DHzkmtntOwyqn~v@Y;ouE#rx-owTNw4?jh=AyMe<$cI~dX z5sd5RlL59ZH#z?CZoh#sjmN|nh{5Iv!M-t!*^1N@toNacRy+=MfqF$tPZnJcK2C6Q zpU8K&(&n^os4=b8B7gAL*!3JM*FdgM-Y7AruJKUyE}XfNN#|q5$E)3{u1q7>(&z zCSWCd4D?LH8!C)XEw^hh#a^Z&7^Jksh#draBrwQ+^u|yLxwsJa+Ye(1+6r}>Gn39} zR#+$=2>|WV-cO({UF+T{XsoJpT-{$6zm-t&9P&i(0~6j+*3GQwMT+rid@3u#CT)#8 z61+x)Pmw2AR+}ui+<@3$?#Faze6A$~|1jqI1McInG1KW#wf@J4cZ>kDF!9FV__^P$ zCGmV~V=b_rmB;Dd!k+4gUB|BZlc^79G}9H0M~O2X=Ug}2rYGPr0#DU{?T z)Nh&65f@M3vU&~XNd=i3^rc-qlkLu=n|ptjFE`uB@rfzR>jYVt$J%lCrSVb$=IgCh zq$nb2wT)Cq?+tn$kXarsFgYJ0R`EkAGGRL>v(zZ@mFH%#$wpS)gu!mbgFiwPIDb!r z8=Gj)J7EQ63*V+2)1I~?@+b%%CTBtmfeV0BAf8wsuk6yEM%G2sy~Ijv(yL=pJ+ew} zXxI%XCrQtL6rXWtM^x}N&sRjbm8-;wh;T4#W#?4&^I=9(6t99#m&vL1L7F)&JX#w8 zQuugK&W)lp22;W2q{3scJFb=t(3+yZ=hzH;C=m7I=h3T2ZdzhTIvI;NY|+`PySPLs zqM(E1w1ZO=I)ArN43q;MuOp3RgSgKQSR(9cDPD(k;CEXQagas#7WTimo_sFGXO3s`OnMJ=6)sw0= zXN*~*_d{3gV1#)1iV$cF*vV2n>&5jP^4OGCWZQ{W8+h z3gYC&F)ev9X2(+Pa0n2#OyV$P0{p<&R-2HxTvAdB8U}WbHt^yOK(3uzu?qvG$C4xO z8PbYnd)7w;?Z@})AyuB~+_6LZ0@7VH`@hji#X$=Qrn!1Y*4;k`K|P%(xC+S5$sHeadQ!p5Gng^Ej;z*);|fyZ+3qPWQP z`t%D zunGLau7_+GaUL8YDvC0kT0*vQz2~L4&*U+EU!v={Ca2pOt#zSWXoi$s2FDUm?FM8DgV*>s9A!iWbjXvQOZf;4^79h~$JD8jREm1;(4ycpN3k8*sG^FMafIUw=S3)Vn4 zbJf0KjSV@(&y>^`K##|uc6HnG?F_2}Yw0Mew3kwa%CZ%W8Y5iuB&ry@S1$Fe+B*!k+hS+}az9;RRQRhMH0gxi$LXak_kLKc?nT8PmCD8VV2C#>&UdL1fL7$EN5o0 zMf9;d8I70Yxc^~RNCG22qf6b*AggPaM}dB)5_M6R+@ z-uBEm!|$|=K&dLiW>G?CGJ2-1{a!IchY=LcGqp#z+zha4X2pEQ<{6oqsVJ#s(Hi?f zB!Cl+VW;ns+)Hx^dJW1HJn>M{l8dC}YL#x>&T**UZ}Q?>YPT^m*MRrBBJ~orK>@4r zfn@sLJ5*F1-Ruk_&T8Db`;J!oEp4ww?Ut&4hd4!v78wSa({wXEf24E+i)nYLt57E` z_e8VytJcQHFi?ZP5OSXB@6zUoGARlj^d_S}=z8mQkv_~MFW<^Z^-=b;C8}&uZ>bz| z)ys5{IF&k|5PUEXgpXSFO@%e_bcGwiP5L(fBktHcflnQ24_AdOj|;nP4-SZ4{3XW583c zlLQ(>Y2&m1-iF$h4SSay-QT}7H9sq%#L6x|EoP!Bc!2HW7ODO9behJa{}uMvzs^Q$ zIRXg%8@MAq8%Yk-lP9q-Nvtxw7T4Aj?0=jM&U1n|f*+fyT7TGGM$PyCGA1I65d$J4 zsvUwMm~<@8jQo;P<_rDMramUx9)Xm4Zet65KaBGe7{)_Qkzm9 zkjkdVcef-XYrbw0$sk}O>IUZ1o=48?&WtJ+Y1$uJm9^27@M7qTF0xL?bTx~a5Fry8 zV&6NJB9p6xdMv2I=q1$EH|XD2TOvqZ;wz)5T5a~cdgGYrXEANSDuT3(&zVbl>FXj7 z&%-m|)HhRAJ<=%Ln^+R+*^}u8CVu-6t`-zqxp_z~qy!WN%N4<9MpYd? zmv!0Q-1NWfey~FC(cqrJ8ge)??;7%GKxXa$R5x0hwAH4uwiFlR?#Lm&xw3!qcVd8ij(} z;`2{c$w#vfbaejQ9DHAz0{RXJG_&3aYt^r}aQ+acEf5NE-}YZpXaQIa6TmekE1PX9 zS+F)7fApp8Es((T9CQ28gpBF2ubED2`PU(W2Gd{Aac0`PckS1=hC{C$b(3xAIIKlR zZYuZD`?({!3r`{TII#M|zYh(EQgZV}>%?LJaEHXB((lzx&123$N=YlCPhBxg+%_7u z%?-1W=45_2<>pNK&VtjWC*kKMi$)=)_)Brc4rL2v@;Db)<)O6N)}+QuK>y0<)5Zt~ zLU-z`i*ru&V-w%jkr<{{tZ@wE)t~iqHG`Fv%7pfq&5HP;JkYSwCr>Br1BQIW_fMHK z;D6t%nkw?&BGc;7Suht>FB(y6kYdZ)NZcm22(CT-6Z>nrZrvU6YhDeVv|P@PD++20 zK3?3}ru=!Kgm(D?h4n1u?*0lmLrJ)iM1;!YS9_E!u3tcl3T=FJ6#}0t-B*YIKb>Ye z2L!Droql@tW<4~@;eth5B)TKGcLC+^2u5Yk9k?ip9Fm`m!72JuyEpKBIW)imXu0BR@&b?n*ad1Ow$Ovd-F!;~JHy%ONMvN51eip~+oR}4$JZjVC=%X6J} zsR~F=79O51F8f^b3nFY#Abp%SJu4WKF^E1bnc#hASGjVF%2CMP#RcrBwJ{s>piI0> zs5Sy;$|5R7)I9u$IQa*?9zJSl#b-{PcLh2bB@htbwj5uOZHeiFETlol6?-+?Dui`d zL*CY(ndlm@8Q3vZ!%Vt4GOyhFj8w0k)Sj2}v%|TaC*3FQs`UFSO46WO4=*h&2byRO zz8$ZYV#Lvf@PpZ&UnycZ1{On#tS{2UF=4FxV>3wbfBNs*^{+G`KN`7wN|o8R&bWWB zb+!R#(zDp=%9eids0(7&Uuu^V*f~G1oure~*&FJ_o-6Hgil(_{CAVqx+}m*ADoKyO z{&~~5J6LeB$Y`i&Mh9mN%!vQ-vqA#>rWsh1;h=ewbq<4le~45ywd&2vVESJ$)pu5R zx$y#N@LjXhRYUQk*`EVaW5(*#`wye*Y?k*w9SrT`r~jjXjud_)aQxpS&~gI=3^GQ+ z%i(uV(#6RP{rmRXfLW9ND$>kE{tI^Z>GNsQv=skzd5-13 zZgjxSuycXID%m$LhCoh=GS<0bycl5c-IV6PXxu^|H&9K()tRCZH@R=bu)y5e^~SB8 zVqSmz;M}rp6DVyrJUWzWi+pFnWuxGh>*Pn+Q7aSbEra2+)VueOwQz)gM<_ut9L*qlR!2SgP0Z%Gos7zADF2fcS+rbd2cgGLcN2Z4nb?ZYgG2OX`Mth zkDCl3H{<{~0kg1*(iC+9ie4j-0+$q5G4G)bM;)pFabhhJqV7*z;<$ygGw9u+ko~98 zmFoE(FpAg4wo{w|%KXoFfDo4-A)JOy4`T~Bfiw(nY@cv2VeK^5-g!YP1+@R7@1_GR zPSm;Q?gS17b6**j-UvT9ejG4a>1p2=FMN5Ht1+IZ$E`*cv#0^;e$BCQt#FlN)9R#; zGv@Q`Wsezo)Bj?aMyT~ke||i+&47pD<%@%$!oP3&`<7h8GC(Me|*Tlfb%F)Hr`?YiNdwTdf-vx~^xXhj^573kLJhs znwmvtV`ud6@h|mr#)-> zPko-IyhPfh&O@=S&d_mE>u)U5$r9pR7WsFu zm7utP?9A%=X{E{&{bVMK`eCtYQJm^ltk(nEFJldY$t{j#d2NS=k-^+TuXg*urblV2NsdYG#52KdbEm^Ms>yHnujgO zRq4_(SRQLmWs+UNUQH}mh`?n*8NNLGM3vYmm_kn#%@J00x;(z436`M~9ZZjsz;dXA znl#4-sq|U)9+w8O{m=a_$RouA8}RT$bw8W7Zn<>And7_vWmprAYx2W+*_9_6H`D&^ z%z;7Fwg6@`L%D-CV2)B+w8&mOt;bnP;*fUAl_;tOH01)}87`Ed^@WO##m17VQm zp9t^jaP~Rie#vTgX@;vFQQ3o$b)1D{6)q2J39kfdw{@x(zwHq-f#IerRSNT>bQto) z{dH4+khB~Ai4@?kSkjzwp3-iPlY@{TWb@ZJ1~h;+JPrMPaPVo{2vc-eqYLf#nPB8z3>zTAB^2Ij*2>3se`?+muN$k8uQ0eZ|I^ z0_Mo@Qu~-AQ$VX6<)#f}2SGEkPU#eYeBiA@BUg-d>opo1b@TPU{advi;mSsMBS77O zg>Cb5#MfTc!ix3WrIxJSJ-+xN5VB82rRhx{LVy+Qq^#R}D+MIZm?l)t9P02Do9MCQ z&Yh87%8jk`6isR}Y-{5T*1|9bckQDTS=#=`{!M{}17E=59@aZL;2Z zevu=I417Ib#EbK2LH)yf{UrGjSln%YTNeur@oFQ2>bLjo6Jd!6T80q1JJ3JspHV`B z5E!=cLtP4uL?$${F4$n)d7|V3wk;nf@TJ#59Gm<gm_N;qMRATI&tx3sw!j0pDNp zAF1v#W!qBUEws3(di_6Lq={+?Zb7>}#j`cIdn=fIb{o93=f)6Ce!8O2!#1nM;!5VG zY>5jZ&Hi=M^|5n_M;02?h4VWf$&dkXQPD?Nk%^DWOf7_O=#1QAQMKEDlT%&+D4XOa_Xj0wr@DBc1x0)8y{>O{Wb?1v zupe*#HWi;@+Fl18x`r0hy9W!m(jE}k(LgM!Rf{UErxQ}GZPUoPmTRwX$xj%Jnj=6j zt!Id}KrCmQSrM|7EtNlUHa$1#gYhY2B+~$*QX5mQ>MEg@zKY;X+=4hC7&6tXbXzl{ z$Eqzt5-B0fMe>@^vYI$Q%P1&*aXp!3I-u|{W?QV*8U~*LDU%1vF@vU|xM(7oi0=B6 zf6)r$(r;SVELNvn^LM0&+1BwueK(Fd_6tKJoQ#EMBD7^nW_Bd2#E`ulsN8Plbmx{8 zE8ns9SGTH~XMC!w2|G6o!5?mO&?8aU7jc~ZF84%9w!F>b7Lg>%jhhMJWO44hu(@77 zoX94S+iKekO0-Bk5b!l)_F0=FO+S(JnJrr6rlMm{I43hl29WoZ+@()=e%;w*_| zuw{#`YB=i3`gaR4=c8KM>?b^u>>H%jbCsUf>y;}O)t6*fn$5!$^9}wM*ZSeg0}{oyBk4k}=vv};u{^gaRBY3{u8fN&LAHC@b0bBska+v<(XWGw|vnGo=559*XF31IIY z_}WA*RY7yaMec1PK6L9GHOe&QcU_;Qyt_$WU7FAjaY3RY8Qhu?Ax~s*1ph#Lq5c1H zLqLDhMOq$nMC>wt8pA@d+NP3n2|+hUq_ds5lOa)M4s&LwHvY@`-A*ZCEY}B9QuNlT zDde8~XI08dWsOcfFTWoo6u7d#VyH(1qy<=^Cb7^aBXJd2Y+uZu1T+%t`I>pXX>-K=62jy3>$35+dV8m}3ry0ik=MR)zT<}$Bd@j8et%}k)*I*e z9h?ERsv@SH^-dk}aHI7`I22x@Blpi`9J!rJ#o|Mh9BLD^^zX|kM$50^pC{x5FoN!W zq!qk(*(1YLjO4oLva6hH-3(yrVrOYlrNKYrskgJfJy9Fbsg1q$AF@_DK~*4C+>)oN zQ~XL@wclZ{so93o9y3Wj7E-kwE-s1FFR{|VwJ6dtWlHn4Jg`3dSCI=|gEie>tsx1s zDdQYHsU6vGS&ru%egiqkuj*)#2}Q74-63A>UkqdSxq#F`dmpCPZjkn=9n@tGFzV(` z5EYxI;^MlY2bcmV$&zhNwlSD5+B*tF~Sr8fviB``lz~ z07(Y7tH#B|b1w_fF8nDb%$G&Y9Y%8%QF0+(ueuWNU+jul03&B(*vMI zH$ShFv*-Iy0D?T|2E(e$)#w+f2^?G4c8xiF3(%47hyPdlh|lcyXVOTRd0tN?$3SY% z?lQq?JTy&d(_`cNL23kZ#s?$kxyl8;=p~K-7Om%1xgH=Bn_IrK{i(OTv3Uu=JN9!| zS%xm(t3y7h5}|>YzI30sA`0oRzeVuayGe#KyO)B$$WdF8(q#;ejoQoikLQ%bQS|OK zzt>cui-qMX>d1N-1TSy!bEkNRHu>HDvM2g~orxds+zVn3C#Hkr)QUDCS{+9Ru+fhM zPZ`Za(pXyb-4NKD;jJcUs0%r3urb4HYpo#0kDUBIb<`PJvmfi+SqY>>o&>1Dr1;Id zyeNh9!)-g_ZhddGj+Ya)_bXi#5#`qpwcTrthI#4~;)Oy`rBz%s=Yq?jxmrwzL2|wT z@51goUER5H^>9lEa%~`qzKraUVzV9#G9{M|CDlVqzrD9r2Iza!1E(4zAer01GSVGt zjCG7G7S;+0qbki2(E~+!%Y4}Ha_z99XG&h_N^;d|3xvwdx*YvG4i#6klmNUDlEwEK z&WeucNh;8)2VdzRIs<-@RQJ0qAod~_7aa*6E*2pzQVZu+Zx{|d0s7J+}@O>*8MN0x>BnhsU<=})CTLc;5f%1!r5%J!x@02kZERyKNV%^n+ zMhvw$E1s)6?AUkV-A}WRJ1v3)wLIMZUNDku9bK zlYd$jRh#!>Zn;nEwOFT8+nLnb<3Sg3l{(dtqjk1E$u^kpj4K6p@?OYb;fS&5IkD42 zN;bT?OQs=eyzmL330&spzyFq|GRJOff@UP?yEYRoYA#}^zmr)F-wQhB<)#}?sZbbyPSrn3vXY;*e*RiK0;7KW`_L{^-rD?e=)c?JsK))!L@k5 zXFy0aI+jwo&%)P}v1G>4cit`{qV#WQ*;_i}+bGY|A!y=s?9F}K<3F5K%aY4}ImPKa z4S)aTajjEt!F!wNKc;09-C)JtA`VI4w1N0;zlP_q^UZII-Tc(Xznt<~Aycd7PZr3*erZWM^WI zh(@DOmWr(a-XkXhHX+gbwaVg_`SjdeWL_1;062{@))rpPyfc1{FiTZOZ|%02CU&j54;n! zlN%rqvQA1E422*I?f?dEu1}wv@8atFc>k(DtG=4YA7ug+y21Mj^b59+c)?JlVf_pi zubP@fzkmYB`4?vb%Q11BkhjO@`_GlNB>X!C1v`liB3!RAY3km5$o<)~e^L!ELVT&~ zd{Bf6C$D=0hz;t|uCo{TW`jdHHM|+JR*`<^vBDtid32NQa6vz*^RyY@2vFMHu8xwI zhKZ|>h9Q9$4N7p+X0$&lgck(p3E`mps{?r{p8wQWj?ny43-G`lg~H}`2j%QW7@NJq z3*V*1pVW>8!WWJm5WrT77*)U?K(%KG{&uOS2Fk+u@?Opph8=O(0qRRJVe#)r76=RX zM|>noCQ%-r(`~&a@$pR*~PLBlCZ0?BRMOnQ*#23+L>b^nKg75x-6?XXO z^Rj;DZe7{>e%aaC&_Dg)+lMMU#~t4++qqoScL~AHO1=eWyWj=fNE+Z=hkSiTJvK;)nXdA4f6f#|3c|-Oa|MM5jQ! zaFlq2JObK(!Ehj@74D#jH*@~`i}+9*T8s*V{UAw*mmi*ZNPYQs3u`ol7+u&m(nd9T zVjb*!Q5nzf{~tIqkMDHX0==``v@!J8+t928C(BWdA>u6w1sN8FPcyVoquX~`>n_g$ zDeTU`G2Y-59MVCA;#ol?n&q2R^mziLZN;CBD8W}ffH4BWgykatmr?YNhF5_M!6Q{3 zUA3i$YL4Y7SHGHyY6)hT0GC`=6G15^Gkef{rSY@wWCwv20~L4V4=hZRNWbZk*d%d= z@==kjWx5cYog`RkN{+o10d=h7b9j~_Nas#sSAc(ZqoWUa>o&y+7VjJW!k)yM-%pLf zKu(}5&t@Qdoj~o7x~vxLDQtVhy^ZE=AB%ooon< zI5kgSgV2`oZ-h^7(vl{cza0=|>Ff`8-J51F0jB|jn4k9>2W~-=zArQ0bu#5i$f6C) z)Jdvk!4b)L97Q?}nOj~h0?xC(>od;I1{?=3I~yPOQXelj$3Jm#vXIxFGdK@F%+NcM zD2Fy~#9+w1CX7g61ZpsDgT`Jm)*no`ZhqU+4u~F_WvrC~RuCS9KUfb8ltB(C!XI*t zEw(?J16qA{BW|I{)lrjhL!<*!v6Rd&CBsDS%d);sNENw6Q^9i3!JxHmoFT3yTC`~R`&{m8 zet*$oDrrQ7R*y;x;~96vl4+&*Mk80;`@Zw~ILfG&BGdKXz?523>=Y|UX)n2luhiVQ zpcv%^J-P!rjVZZJ^EY6HzQ1t_yAk%_%;+x zJh~>_23kcCJuuz-Y#IlLu%o=v5T-znH(t-!@Sq}$Sw2@pjr+rJeE$haMy4qg{j`v# zifjJ~NknES6#dg+OstkVq`C1ff=;SpU*O;xaFq=z-%K=Ip^~R>2psBgv-_pp7Ln{Q z@d@ey#0-qXe*gMA`wW(1H&aIpPrtl;rVa&*20LB-0OnLZ`h&#kw8nZ3G3wRK z_IlkprN-Lm6#hM7W;{FSmhvt`^yevu@lUB39D z;g+LRPbDJm6pPQveWeZ*#Fm)Q1&>Eb)f8AZB^!vDvozQ%RqHsB)`!%ffnpS;#}I6s z^>xeYOXJ*LN4qk1t#f53#YozQC{!bTrj?w-_A2W7n{7#t&8ESy-xjNnT1qSzQlQ!$ zid%{^X7m$FeI}UM{b5t9y++X(9>dh5DF5GFC0DLr$C05rIbwQg({-!a7TO$1fG*mt z(9=~ZgOspsdcW3r2>LCaulZ}Z)Yr5QAQ`yrjJRuc31DN(wLL!Q<=@)YSO@S7EslLd zJ_*uc4g4>f?J|$hf*gXf$ka@V{U-xeS~qBOHXXY4+z3n}Dp{>PaiA zlKM{b3fVOMC%RQC)BlEEirJ@>Jk9PJ(hvc3W@$bFBlgvT{Y@gqn@kRc6W7-FKMBd~PiGle zk_4}#7zr|}q9QHx8OHE}0JgrBoPH9G!CNs!=+B^w?+o>n(vr^$-dzsb2OdL8rL9_` z3^_?Y)sNgG;*mRm zEv#|j3JI0N6EewwSVSf?d=8UDAP0`&?V8&2u!Mq4*7EfIzJJxW@J|?-(g4PbFQIl6 zQ@iKg^FL%~gX-{Q$AwUCPm*hXSDMqQL2(J4`FMeA>$MY5uDbo|HZG*aZCDzr|7{QN z?B?3B!Z+rXF@if^duqqC`4@TpCt2oBKyPJ|D_h4H@_j4OaySq7ZRROD7e8u5y^nTQ zcp=t73_pS_Dgk%Ep!87fuVp~T)0w#={a8e&kyw#KpB{;^Hib7!IBSR0Zw-qb3yH&s z*Dfx335{hZGNL3G`6_icAUyERTCkz7Z)S(`@b}$S{eZ@fBmWb?Zw&d4fI% zeUGNZ-;g|za)s<>%H&v_#-(;+4O;* zwn4Sz+vM2v7;%`dBskciclKz_bDcnKzbxyR=hMSnlD(}g#K@B}3A@IJ3`~j-A|xSQ zB55khP8l*{0q!IW;mO9AXj5>32w@R=btO67$jG?&m7rfPFB8V$`0s z&C)Pn{olkW;L_H{mTuM${;tZOIkusAHiV9Ga@X}2@f>y`gTcMV{@W_vDqpSt53Vgm zMC=c1h!OY`)DkQS6#*f?hV?|z5x~P7@SOA4lA0h8)Yli-3M%wxXb)=m_Ic%roh7yx zOkIW)fFwZxK^S4sxy;wq){(~;T8(Ot5G&>Y=F8Ov1Uyi*j7PA(2S7b-UGMfgfCJQe zGU7O|`7OyiBD*jN@Xq$)k?U~FX~k|FvRUxjzI0uz9I)Y%R*wR{c>jsMEv0X3x#VS@%;-}5Ma6~Sr$DyA#a2Oj!y_ zDoIfA*9t7Rn8xgq;#%-N7)DJV2#%A<77=cQ$qv6Q6uCg^ zZimrM^T!5}2Q-KYKp^l}3@(L>HCMZ@+|%F>L&6vy$(RZvLyube?n!!pwYP9m-g#u0 zU*!b`z*+qb@qdCz5sY3x*5Bs8_c9BgDNd{0C6VNG6sK7QJ6K%L5WWGI-50Ld>kGzV|sT zM4~}q6^<|ysNJiAhF7T3t=zaM=*32epm1HTg^KBi$BKr|f&#YVd;I_%D{FSw0AtX{ z&%vuJ;MuT5J(S4!_9!Nu6lzvOOKpCfg*8oxRFWe4!|;NGpzTVzi&C_+7&40)`tqrr zTg2Jc-Gj7=PZTdIm)F{=N_3n#(MJZULVLqvE?5G;BNA?<9ce=xa$xqpqb4;?Ihd3n zZR8HSIpIIvJ!6y@oRCqM4cw(PoetX%Ce|(aN-de zP1CXNeS1VvCMDfm)99iWv)L8Y6UA~%BKrH6j-znuS>l*cVh_|=#O^}L zZYl&>DRXMT9LEdSh@}k$=>U{`eCwX8uaoOq@JUEtWhh^}XU;?*+Z(z}hUdRA=tC30 zEroO+%zK#dEpT%>%%LvtzmQ|@>2BncpV8KZ(b%v!xSb8D-B_EB{^dYf56p~DK=o0@ zh9QGowJ_-W`W(1NYjH9Fg(S9yJ9&Sa^AswyNo63%Lkya7mVTaELS;t$=P0GZLd?L9 zmE?m&k&0AM4M9fWzD%hF~By zi81B1`#{k`-E4z~rC@g3TbR~fGsZAWnER4L3@hz)wJ)7Sr=DA?*W`xiwD-VGDtamAH?c0EWUThob4 zbLnf^cP$VuIPsa4!KyOd8Sq|(;^{dhG=}WV?)FMxJkFi2$LM|XcVrPccumk>KCpe6 z`sDbK$hy2;N_}+z9TEtaG8GwZLfo#=f(WJ>9(%Sdp0~iFLsX1rFA?!lTIxt3lT+`! zLLqjcE@vuRqAo2vXkwTEF^CeBNZ?V@&9GZ0_E=6pVw6Z0$BPsq`5njn`)W!u&c#3l zWs0c55KbFu*UE_z6{V~}%!KFAt*Z0Bd`d)(I$H+vKo8mmdBJ_m(&uQDk9!^_V)5@p zdKGGH7$e982)g{Zo>Pc&!~X+KK(fEr3{J_;zTG@YnyuipBS8gj1Q42l50cY?y(-oe z(`~e(Mm?(664v81t2G)m*=Tn|&9SFg%5qJd`iojBR9=HxhsA1|o&;ESM}By9(|LV# zb$W6Gt;Aj*ot_`Pd~0(9yRt3THRo<9m7y*79NlfHrQ_6;0v={-e4rKR zNDa}4WoegcE0K|WNOQD|^m5v}(SvaYnz^biZ3~a57uo3@lhY15pSpyjm6?Ptm8bdvM@6xfolTMR~k!m8`K8 z57Qfy#C6k~^!rT0G11y7{N}#95&gcI#s1QsmEC>ttbB|E&^E03BF;&35AfU!hB5~^ zB>cT-rxDdd5PRP7(L9&|Q8C*&liRHwv>V;ZT@KxS@Ht>M%D4sck#KCUh{AoKJRQpH6h553FXkidp0A^bZLdth;75>vYGyIJ+7f3;vcTE$3f@tXaUd)7n$xyy76O`$O#vy^8{Rk{!m zLb%}&k9Nz9Pn#TFo{^ZQDJqs=--E)*DDo?>Oj*qd#-6YLKG(W0Y8E);j6zh>|BUe^ zNEfaxw@Z(A-E>5s+_I@=O{g@3<7A<#s7SX`RqJk*l}KYoY>_Vgbs|}I1C#jtJV|9OjAHjKolckZAPPAIC z8Ra;o)9oK#U0r;?eQdDDv%z2UA^WTI%X}03k`I~tzV;GkaA_v6Id{gz#m&xKvxmNr zF`NydD1LY>B59IJiYVM z>7FR-k%Ck@pFl^d5~mE4Zr7J)((QVvE`&a+9mju-V>P9NBJ(u8U~(ZNqlbA^&5C#H zR@J=OzxkeAbAPAZeN?#YMD^~1>8p6il1a+sIUON|YT0KSa>M0~OElCxr|>-KbCxCs z->W!qcI%*pSpUKGn-1xLe^O*7FJAAgSx}M11sm0@+$ak)p*ht+Ni137^2i;0iqh_Z*d&h=Olnh4PctLhs zpqZ;p92S>xjO7_&WW3|iTNI$H;oM{_)X(Nzkv-BY#GJ7eZi{x?s0t~qViKCd4Oz}y zPOBcd+vi68(1wP!3=5UbDz6{8)M}6DYb>eUaFZ^6ebK+xUmgcQ5J_E26A*}q3tGm? zFifLpW7GrW8Y80`xfKIMiqMqSk)&utokUc=jWkl9*G2+ zU_@PksZuq~v`#G9r4T7z-J3mL!SS`*XwGs1(KqUGumLVEq!p9J;mdWL@FNoxkc>{Q)#D8^FSuBHbZ<31NaKT$=m-Aw9usxo&U;W9i3R z03stoscnd@8;>;x?!-j8)3Aj0;WoMz>L0CrPi*z}0#4GcsE^w%-8cqTtd`}EVsJN_ zV>KIAj6+%q$uWc}fa-jl-k)jsyMsEvSJJ$xLx?G%Nit*NY6TM(2T0#JSlSJ;bFf=^ zw%}I&)ZfDWL?uV6wbpcrffT&uR`oCrT{Rh@n`gsO%_g3d!exkNBUN7dIZk;`D4|by ze*vL{`CIO4);l%Uo|2c7fwm-Sf%YQtQ9Ae6Za9-cQKhIGsL> zxwQN!aD>gfCkInX+mD@A?WfkG6kO1ECyD_Z%3^jbS;8{S57pM3JFs9fGq#zw%8c(M zVPlphEQ_b;A5~hD7bv3OvoTz`2)sJ2-C(m?ZnMygBI6_@xuo$eljMHL;~{c#71#(f z(UXd&T4^XUn%E^IP62xwC{*vQ;lQC0k7&<=Vvir$zu`#$Sx177f;&TC?8v z3wN5+e*K`)B~%r4s2rkFpoMnMGC0A=A%%=Iio2+aq96jI4!mqEaUx2%o&*{>-?QBQ z0;)idDjpN|z+&=OI6p-oU28`iltO(i3mg|eieDX}aW z3vOfY%v`z!o=V4j`>wH#=V;q1X+}F)@T5EI-SBSSIcN^S7a0%c3JC6|$@*w;15)P{j(r0dveSV+B#jz5o0bKqC7C3be3naK3b-BfIy=uw(W@0XDSk8mzyIg|b>!)#ltyU5`WbUgQ8GsZ;Bgo6LXo>r z);ISf;FTSglONootO5jgQ8ZPUe((WKkv|Xn{yZ2ht}&w?7?O*}6Oex+Hez~Qa~pCT znqP|-xr>H@eQ2XAdo+$vj2qcn?6&NFvtj;WOcvg_GODyb!S8s=2EnDHXMYfp4<-zl z?BVBaiwHpCG)H)8PuotTy$$z>RT(zNu6P*FYXPg#6lD%Z zm!@N$Aqr;hAgUb&M?ZJS8y>SvG2>g5)*tJxnC?}S;v;xV=le(m+Cg*AhZA^a`Sj^a z$>=TQD8c;kGCT!a4v!O2xtzox+Rb&UIc0awn8$!D!()1>h;OU&TKw(RhC;P(h7dyQ zxgx)3nY^B@5q&tO@sQ0+^1*#?@2+se(%uam97X_Jm*@hqaw5fe%o1{bdVORq1L@sl+ojqfoZ=dtq2aZ=$9>@i41- zYI7Jd5He;E*abHbUj7qv^n#NXrjoQueE6cLxs)XWPdXdk@>vxA>!q{CQWz*Z*K0CJdyt^(M-Z! z1h^9dexT?f5FX}enVud&kPWy>@r3DRF#KnZ^|t0wmnr^Pb(W2@+r}aq5&Ax4=t-k( zFYVH)y%B8$RBD{vCiE_u#F{s;nD=?C51}Fyqs|rFQ1KwmsNiv`(v}o*xnM4>U@rS^ zDlaFnJEUe^EZVd_rjm?#e5=T0Y&^EFINWWKAxlT@+RoYIBbG}Zmz=qC@70^lU@E(% z6SI(81)kTgt@zUoFR{ZMZENH>H^2MF)ujyLOe9MtSwge?v7mfV#(fxHA^WLYXir+c z-|FHXdOS3umM4!ATcq9)M5-lV2sc_h);k9L8HjwMfR zWG2$*Xl!&bA1I7mfDbbCvC;9^6>3AnbvBsRc(Fy0IA$~joI^7*-Uc&+=6r?l5H!Ns zl()cl69!5VXnmkbxLL1%&%0zH7?Y!#AB#e~pQ zOT;OfqnWF#=)Id8T@TwvIz31GaC6JJ5^W&X)2E4m*l^nKYh!3CCQqOKr8JR@Ow5Wk zQNkR+gKty*?EYQiu$}*UQ#}XpZf$)XhsiDRIp1C z7(G!=2V4H};OCiE8G5P~C1%5}G~Qqq6}Hy3FRj59I*m1}CU-4JTA(@arOc=NS2Wq~a8S|Eq!YSAg_Q@Qe8YzOMz}<0Ll2#Weh4$}(>8 zT6VvLwFE)@3pcP`*ua2;?gR|9DzJR!Dw9y8ZOz;RgWZXBZn&~BVo3nMVFMi+2W3NQfjcJ%cF;gvv_wF3%b>gU zC7`=yd>cV<4I0r?GC@SBT+*Bk(8G9CosH$Nu^*t+bL-QGvCz8ydePgu4tm;pmCtqE z`7@7xok&JrrlRMvwJ}G8*d&o)@N(eFa$C`i_CNntG^72p3$7x*+9=*W;_~U!vypy* zX8GaMr=)YwvAIYhAX>@X79`?6gM1CVHozYv!&N|i(4=juysDb{-N#8SrOX6}Vh?K# zL9XpiB_{?Kqfq%#%Jq=Jn|r0mA!}zFe?TFh408t{=D|1V0S8JpFhOEA=O-9pw_=24 zsN@S!Et}EqX0Q@h+ONJSJ_C<7OgA{<&xC3YgGymY7_9(?4_n$_35Ji)tvnB6%(Az*ZSDlPQFr~!8)a&Be5scPseEOZc`2l* z!qulo@oTG>*0#_g){J(F4zcFWobad6nNlb?6WI{7t`Q@Kvzn*qm@7>;C`)3f@te?` z&Uq@>5_G)S#uH2`!bX()MeiV=(~EA;KVMkj&tccsa4F_X`|q7!H5jPvumZWl6PYnnErjMd8;#-If#1lw%xrMIAD~r=$y$yy8()H5-q;M*(R7hg zt(Df%{36y7*8PyVao#}*F_$@D>WwKcFd)25PD_$ zN48Ndg|R$qxTH!I;@|E#^}p^Y(Q@k+c7Y-TW(E1S0!)yiFwqa z$1614Y>7EqTM9DP_2j+^9@0>#y%gZb-s zQANcl%mbg=qXD>5;7xB)p)F{_Sx~F1q59@hHl5Jq zna>7?YNN#x<{El)E_Bp-ETtz{#}Lg51=9R}2zh9>HnXvZ3&){UL~SX~wf6;h>i44k za0~pY4qOuz;>Jc~cEKfoIZ0Dfg{EswDoAz7rKwAva+OE(fEgzhhQ&yepMb8!xG;|O zE};*^h0$PkX5o%tK~$#^d%*^UzM45<(~F%^t)eq(ud!@&);%pMr%Q|)|^1CM?$bn=%UqNg6Quh`M~GDJoUxFH8IJ*gr?+|qqlE- zYEEI?mK(RcHeYi-FsC$7Uw1&ol8X5R@8?>{Omcfi!W%7ZNdgk60?yIsn17LPHitD$mdAV+v=*F z_x{P^BE{^wF+By^n{wmRIzB@27ZxM)0Cp^ZRk+M9aG6ibRdyp^?EdXk%RomC|D@8@ zita)=?yx2-&kO?yR_z!@z?9yKJ4Tck738c>97b17K4eqdxTVL64O1YcV$v(5n_E>> zk5w>k3dl931LKr4Y+~XLsRc_%HZGqk!<^uie5eI!xS@`P?5?t(^DFfNwH|{mUXGls zM6KgL^@4FwakY-*jHy90%fh1&D{Ali)@`vu*08CB@O-t6i+>IKafk!n0(WMD{zU(rq+p!!t3tbk_ zP#_i5^$$8XeG?_4BQg@nBxR(>VydYIi_~Z09xkOMGr#*0+7%E2zzufG%Reezx0iT3=g8+O+F)ead_ za~_3KiY4kiLee;8NzX%c)Vx9%#}3?Xd}1^hajQsAh+O58j?Gfv(s5WG1#cIYVZ#+X zplcD+Ml}%f$jV+7)9GtOAFff}k^cz@~#V_M2Z)m8MmL6r-q@6(i|VgL!gFDIk%qeQ${AmV2A z9ms*bYSWW%1h_*EX-hD>4kvTXivxS327p#@3$~+%g;2;Gno;&GJp<1QGQ6}3tvrYz z5hskYQmmr5AcjI&o@LT{Mw`WacL>kp)3p#B1 z<&(s1JzIY_(r&acDoS~v`?El?=+BHtz*PCbMhe|R&uA-aOGZwSgwBdLHsu0!?!l;R zD*4Io*~#t}P8@X7!o<@JZv^cOdg0a4PJPfLif6GcGEU-@@{!9QY}N<8&B%|n>j-;B zr9ju?j|^+7+S<@mm6eMo^2j0(Jz-NN0gA;5(ya~I18Fr2%_#88#%{3sb}6qa;CGsT z-P7qzIiapOD~FJ>uUJl$(25!KBgadDbc)(BC7rYHuTQVu>M8w`-cdiW%TH+*FN9J1 zOU1xMEUQDJ@`Op)+*Ax8w8-?o!9I{4X0w!8We=<~D~-AjGK^_Mf~%3nSW;Pi%$_QE zfTfC|T|Ap`qsMMktOstWOtVK*Z*QhrYY-I%MVf<#5GkG7cI5geyrrmL*inDOV`El3+lStyweb~scf@6NcMU@S*i4W9_>7W0Cc{g^Hj?wGRx#QWu!;TzP=U z;X~a`KN&}x!3|`X=h5lBA)?=h1PyMzw#GrQ@kY?(B~7(-mz$a{n2g9-mP5r0sN?{# zb>{I%snme#n)VM^NK=TE(G1+4k)N5T+*XNQJEaRQG4+;*g|6__a|IoIZ6g5wE7V_e zz{`yQmlEZzsA(b8qvnAFQJ)(+;<;xo`G_QFq4>(Sq1Mrd@BJHGkyevv&bYDLhGR`* zts-v*bJ#EC6xIvn3rrXFp!Jsm$q@k9a{%^Ad^UloCsT0!UlVPdfJatLdj1P1zA-Xn z?dhDd$*z7DxrbcfIHeLcl5|>@v=!-1FuV^Ak-NGh=i=V%XpceEpJGWAtYNoe4JdiE z5QlQuE=-l!WcRQJz6a&FL!<1vD>fEHnFiDgWxp#_5fyf|3tu)@(Ja@Jqtm%?fq20@ z+7i@Oys zcA&$VdlfJTt#JHnI~A`z%43_}T(Z|)kTba#_uml2GdyQVWm1cUK?B%@1wGu-R{_XbJ68Hq-^s#Izy=As~W1wiJnhi-dW;xIK z9rF`xxD3{Vk~nr3Ot`~XLeq7X2!3~^Ydq9?1=L5*;%?N~^M|n&q}J}1!yq2$Xl(Ly z9W`L)zD-APP+YnfZf@hirU1J*?N%4Z!m9fUHoSPoLXkoyLJ9^d_4zxz#}!GglIaxTaKT~ox%Fqqs!a>*p< z&8>tq=T)D+(I~vCRSm}&fGrg)Zr45?Gns}MNn10&1{GgRxg7h}p#ekIOQHG%1f{wgx? zX|h|j4J82cZOsJ-6P~bblOJH~1lG);H7QaS4f9dD>6cNjSjOYTw&RJdVM2g>ZWh2e z!Fyr5e(G*{(dN^7RAkC8avQNqC%Ld0Yv@@BX8@f#rOIt&b1;E=#RR~A7^LnQTTZ1^ z4Lu(&6`c&6G7kEI1MV4BhvkHs`eLEyA@cvcGy>@P`g+%UYOSjqytRIeeK$sPg}mZ{aZrT`*-|xmE)k#;pUFLFs&tO?X+fZ#`6c z$Z9@S46HJql{9d~bU>H5f@lOZ4(^9MXQ^Ro#i02rVEJ^+o`7gujJqmYPV@Okd9=r*gnd4oKK|4w84F zz9{qTB{yjNhCn9Ks%}jBBENE@7$cc$-;~Dw8 z!OPA0#r0_?8YTbOD1Wp07wB~5233=uVRzc5Hh{sJvINxKjdr4kZiIy^?YCUxA%l#j z`1YR4Bq(0_^r=^DM4GsFHoEobAlm7|9L|LaCGHC?A~jx~KJ^oO`V>RsOtO-x22IFQ za&0d~N_=-nl}$+a3+XUM{vLRd|FIF43URzaQ_C%zD)2!9^wJ!-GStKpLgAvx)Im>KWu`b3;BC31RAnQTnnfTIb;6u&b!VX$D^+k7Zgt^&vn2iY$W%gAGKwW1!1 zD14$8cb*Nv*DJs;vv|MVyGDAKpN3*2*jt6GzuuRZ6u_aU|A&7suUy+cq9TS z2NuXq*`OGi>b-Ccy3O)<+quLe(|c}`fx8B-TumK%tw&f_g7a^|NdzbGhN&T7C84!J z^jnfJ6XME0zJXE>_^Nkr;5;_BYz91D<>y0HYXh$O}T_c2$MnsN9cE?P@fc10hpPCVdtox2rVK9q+ zq7^xhW~fJmzH*qBPh2<%wl{l{+h&3OxH;#T3hS3tS1tkAK0zU{*7#_g^8VBv;e0a2 zM2De}IYSh4idnKjyTJggOIrvSgApp0u#Ya!j2-KRJ#M08u~xT&>R-0hR4_ujVuWQ5 zUn_v&LjM~@Syf<4Hpc&a0Y3v=+bbjA6GFc_Wa$`}b%I%oL43Z}ml83eJgYLMv9F;^ zVJdJ3OFPt`TthFvhzq9~XgeTuU-k?u(Zfh_}-D$5W~m zupVO>8JP?sH7FntVpYYF!n&B)oMH)?^K*D&(Nx9jx4 zTXTSi*ZZicjcA%~kr7MyWP}k<+Dxsw3jx3`<~(pDLbF}2(70LDlB3L0Jy;hM-dIJo zsYmSqh7SV|2wt&}!+NiN(Rc_5%C<;1w_L@#YJ1w0cEr4tUoHk;&W;kpHuKj!zk`}?9L4GJyu3NPQ@f~ zRdux>d3W^&&<<9T3mOT4y7LieNGxSWcqYBb)I;Kio{7lHHG{nq6(G7pv5M=Y9%$fg z8(%eDO$)6DjJa(ip{60NYYAbGP_czF9R#n|?W?PpJoP{aZn;Q~=>or5rL{-ZG>fBH zNOmbi3JvN)ux@HzxSOl}Ne0G)D_>RWfD1R%y-Aj&EHaIFOC>L1fQCzEC~Dn>zPUkt zxFIXFOvk$wJBJXi3nOmT=OW~Xw|^reET9wG&Mgy#0ipB-be4PWz?F}!B7MSTVP!sE zcfTlIAphm^Ec7}Qg0Sxzcqtrq)-^YJRkw<<3qJ&*6;5HN7*t=NtXa?cm65fVAZw2+ z6`__%A_t(0aTD}5f2)ljRlttTl}Jn1j%6^tNqo!l(+93{)x{tZs4EfH6%FCKB#3}D zUYQ2r-FPC?uH~opI`w|Q@-9iRx4rcrVM(7+33$Uzx<3C_5k-V`35EyQH0DE}Qz>f< z2k^-YD>zUN0zTAoLHVhvnOyBcH{3pXEG7v+?pH0_C`zUNaGI_MQUnaT<$~l3Gcx(` zm09q?yY3LRONIen$bgjZiAippoRz6%bdrmjzn*iUMAkG8hTHK|ZI!697|$BK)2@8S zR){vST1GDe+kOmdRVKVdtEFx~NJ_K8q)2rxtEk>Afj>vwUn1&DvEhZn+OB8cX2{(A z#OJ#RgBh0%;#Ls-JJ$e!MUJP0y1Yl!Qndkcb$#~g==l2L>X)0>7jI9YdTL3$w}K$x zSsu3FNOwrkXrK$nSiB;hkv&1WBhjuNH{rpX%%*U+w51Kg6?{f6k(u=G{< zwvWyADjv9&Fz{+T)#P1HmcYiDmJ4aV|8@U0>N zl~LkF1CwE*5*E8J25m1p65l## z*>yAn5WZE;N~o~K7i>hO=#y^e^y;V6tDC>QeRFgAx9h8;o8yb~^HVLHyJVt@Gxz<9 zRw4u^k`H`*a$^Ofeb4XVfsaZK%!gSuH{3mNQ*q3NGg-H{`-;#p_fTEDaxs{4Hn5Zb z3SD%3GmppG*7`A8c8r}8zYebbMMj30>VOy3vq~)+^%&6G36s64a~b(zn$^R6(4{!~ zTWJ@Y9)JrNZmtBuQPRGtiKQVd)RboRhGP1Ch5AsGAj%KvIukYa<_szN)+K9iFz~M2 z!`Lf^IU7kZ$@0LxfnM!nwT>Uj1@o^U5qDiv#JQBR zAoR`F@PSzTst7t&nINJk>zn-`UiMwKugNUwmS_NOVq-DpaFgW$`A#=`4$ubT zV%vzZB_X);w`Y`M2>M=O5<5|&6~JhgLeTdYkZYAg1^wh5BYN; z<&cLTKyX;vaR7`H^n|Ni^4DAl^KrIDJD)i#T6f7r z!a63vw7W&Rw%()3t;t1d+H`o?wdaFm1ISBYA|TsVDfoFm$c!qKTq#9vL7DPNmI0}m z?~EbEvRqE_$`L#v%8%v(WA|nT^9e;V^?pUNaq{x!-PN1TfRbHInBP0&$20jbHidD& z-ma4kjM!Q(;f5F8lTU21G`(hasJ)oF%~=d<5x!3GcIo zO@e?$2r{(s_B~U^VG<_fBQe=l^A2++ngm8{6==viYODI8xJ$U$XGnXPdlfLzDF+U- zLgtu-el0a&#>QQz$9N-X(lhbf9`^1(3hgiolvz!S&5j6IbEPXD@9l>BR+i zHp*1LSW0>bzQ4v^$al%n7>dm_qq-G`{v98W*(fs&WpG|Ip({}4#4Ha&jEp@{GYt_n zTAVuT9GTr7jc-|&bj``M@is2Knk7X?w0U6D&#_)H$0ac1RFEA{f1dpQYa(**)N|oO z_B`D4G>NH9!jdR^wrrn<)GnYnhy?aopydnmogm`2@OF1-tARoU4iuy#rE*Wc3wtgK zr9$^?X}u!ca$!_JO52mmPEb{T@3FTWD%(C3)i~Sj8e+bkGnLmW!aUl(%Kt38n!AB5 zsHAFpTAI7$%b$)t)OsnTbym+X71O99naH5I#xf%Zv7@cZK~4<~U%fm!wx^|1$GI%! zOp}dk;Tz@Jm|^n6$;)F~t5(R(Lh+A4;*IFTO;FLc+Kk08LcH-kwkp8?LWT$ z{WtmxJEs0KmNo|=_$MKh{zksoL_ z(dt#RUT@ERNsBL2V3oo!k&uIJqkpLFHT~lC>DAi~IXXWf#~0@(XV+&J=N(A(de=GK zB3GxER~IMmj`i1D@YKm!=lbgGK8!;IS$pPlcapimy<#`D? zGqG5Vr;-nbIT806lLT)Dcs_-aB0}J2Q9p~yheEVrR01`ojm*npTX26KNG7+!ii5v^Xl*g*uaJxtA2Ff}tMUf4@iLZ)#Cbx`NR8N9u`0p*SzNks7 zGf+&3xW<4aBbw0x!&JgPQImLRCbp$51z3I$(^(`1*db=_xuzx|$p+_}xIJpf#~9hr z&!=R}B!tax?9~6SO&CsF_K0{3Xp*a(W?*2bA(c#7hLi#WO*aMR>2g}HZn;AO8Ljc<{Lu#16ybgKMWl9@E zTX2c-1S6BQ4K)HWh8#UN%5E^v;&cM2u%*SoYQv~~CHncjCNEUGNh}h!Rf+>gF!;ch zJ^!Vf>VSP*Kso){sncwV-$|xSokzGNGQ}QaY7a;*X{P+;x+Z1)P3jy{lpuNl+*Wac z21aR_u^5dx7*1I0AD8K4mI@0FxmOHHFUnSf#IrkM38#?W9W482A#Z1x0)%eq83P~E zl;)2B&+IbX0l09T2u53E1bMJ7uMy9Gz?Zf(H`N3f+o}lE@deA>GLiF`IrfH_!n$&r zt>ig{dMqX|PtVqX*zoCBg)}8&$sUczEKB$U>9JJYZ+a}8Fv;&I zx#s#JqiJf{wwm-tJU7h4>K)i$T+bYnxide#-n2@su)7T6ZlSaY6&3KK=;1ZJ_t=o8 zeIokvm6zqDJy~~aS~svz-aED|`UHIZQe-^d(!0>3DbUfq)bC}Wd`vQ1pG}{F5b4Y# zO5-V4{;&Z4)z(5$X992pK09YYlq@h^?eV&8*hXMNTLQ&uX+jdxT5+wOh75fsd*@Ap$jj z9F+$3DQ}X+3^;jjS{TP4LdE_yVOgF|u~z*5V8d3KIB|LK&N z#vEJzn=z9pY88BA6pPSq3)Otbi$PhQ8L>i~18>0%Y6Tl~Nuk->pMQ5Y*h9?5P{tNq z`bI^9;_F}#ZIUsrHQ2ooy=7ZuNbeYEd3HizM~i;nRQzITx@G>$M`Iy#+!)6PjG}C` zLSQp?Wl#$p_Q>T#jK`@qH=*=BU|I7nGc~x7SLWGZalI)539;+=X2xQs6qOuKXJ7Jc zU@aQPt?UaA{)XBlG=*9?#sD1kY|BHG^<0);unV%uNkD+m1x+h?#mSi=?)6q!Sr?JB zzTSUl3#pvvnx@^RxJJQrK=seS6c~+}J>0o2nEUi#w6*jnQHpJ(!%Q4+BK~~U?$Q27cLlF!;qEpY=%3KHnbX3vM ze@x4REzxQtB|V#FN&DvAk58$MdekHD_0C;z}nf zCj&iSJw3EHB#Zf&GtIO@)z?{v`fp~T)CIx)S~8w+|$B<$(iz2ViS7=C)I*UvAm&yG*mv7I+|+fa54t#SwBgr_TD0Tm}@2D7kV0Vr#F zQpl?|RhBH#u}ZYsxXuv$hN%H(z=gmPwwA$b0Hzwlm3ReWqd7?#Roa{iz4Yc4e_A1j zQ61W8QaeYFYmcD|P1>d|A8#GDuzooW!LW&Ha*r^)~EprmK5c`TJ1=0a~ie^wvJxeAd zS2`u67|U4D{n;V&>gjRHDdR6`;0)vmO>a{=>k#|_7N^hF2B%4kVVsJs? z{2SA<78y9R0yoxN*Ok}w^@wFh4yt;+(EGfKX=c(|IU!(?u?H3h zEFKuILx}IQIAeR5yMWz@Tw4W1nfi}bk9H-wK;;e#5SS=lm^AcXFf5CXmC zn~%O0ze$5OL~Ccf<-JbEOm)Hk5GTv15}6D5#3*7avFInyNWxSsdCzQxGdlQy&-!QW zX|nrfq(OxUKuqmLOx+=HQ|(RBfCbB2n^>L=z%GLE;=N#7e#6Y! zSAMD+dajJd!?KAQKFxDg+}uq91#iguQHPv$*2&AG&RNGI_vf?g*B9@u$5i{Q3VE( zoMo}1Pp;3d-<)od^NaJ^+4-xhv-9sy-=3adZ;`jBSI4i9&aaPNp1nD{{sl;qpRz)<9Bb4uE^!PtILbdDN0+sElgReZ8bF(nSzRD5Yx-hDlC!<9gn3L zORm*(Sg>uf0rclNZs0FPZ=+I^5!fo0U2_GTU5S`GGZ~q>xn~7$YWfl|z)UcNt`Ckn#b`Vz#;E zZo9V%u3YE&d6eEaP*G4MVJYu{LI;x@NTHOwx3ELzgvPmo+wto2f!wnoK7=GayJaaB zsWu(~4A&mfLD7e=-?kwEJ~#j>D|#mz&teXxX7DOOD=_HOgKrM%M?Y#({KAZ4unYVc^di-Z;8sqcuWUu z3v_}>Zt|cf5~UGM`;*KoHy{KnB0-=Vi;N5Sz=4_C+yXk(3VPWQXJ9yII!*34T#}kP z(?Th3kYIxw40t>N2N5}f*2NkNmhtPeb%cfd{G;U-~ymL>ScP^3wP>zv9Fa3ZT*J1qL+ zJdx7hmKo16Rf<7BHseIyn)Ms^rbgND3z}*Sc$_+A{yw0_Ky7q$K>|KKKhbivDhv*O zKf1g;JwG}7+o9e<@D_~6>C}WTgrR%-H<-%3yGtU3Trc^;mIbRIEa`}BV98YDvoi zx%r(2VeJvq2NES7pw6iAP)Jp)i@+KkML88Gu=+(0yk)fDva^Itb4%`zg`ApL=Ng3f z6S9mUWhq1yGERman(Xp!_MF!%I$*dgN zXS^j|Ustp1ioT`_eEEM%#Q(dVq3=7!;`sl1yS3LU$N#r?cD}~{e~Q0v$PcfiD3-f} z<{HP?TRiB?@|UMi$;CtlKa)hn%3Sb629{QLClcx;m$L2^&sjuXvQ*py--le_KF{z@ ztw$9!DGX|tpeqlGROdEZ|*sD%u*dh>6tmpXmGY2Ys*>~m8 z;sKNCVlmo|Mb=Lz+QQv7w+-7ryt=yhe%pijYXIgO|8-c(Nu%v7D4cAX@?S~@(nTXk ztvw|_`ZDQ_sB!SuwWo!>xs-zB5awz9dw(A=xb#6+ytYH;ts^|teaTo20BvIyC2r^m z%PCLQ8u;@}?-#vOi6|<5hig!Aw_H@Fb}7Yn`1v#$FbK-L=ybM^Pqp%H>!LsfTkPJy z>4DKOP0}U9`rbG*%~8xOH)5K>)dAkrZjz@@&o8b|51&2-iU=Bc`t~@kg!QT|L!)56 zwwoVK3nk@UuMqH1vj|Dc>Z78>{6^{zqa-gO9}WxXCCxTY}6K<^s_tyL#%_9luC6t z&6R~)fH&HL>4yZYD#0ACy|Q)PXMg$_t0T3(nM(L=4Q5b-!Z2uflb-ej(^Enk>aqPOrSRDF!rG+moX7k8rE z3~bImn0J?;Q^51*R=vK6za{klm~Wd(vw5n*-2G+8ctroN@9ox$`hT-kukU@;|3AfF zRVV#JlFJEO`-WT#>?50#T!@s^YLZP9GbBK2J zG)m{c+1jmtJ^!EL?;G-l(Yu20723r^ksaTn_V|p*Nv23|!qY^#Ao8#pc`;j-XJIp+ zXl((X`O0X%1V;0@3GwUSXZc%}|I6OAR<7N&>==*ff9>|pjQ-d9%Ktyf-y*(Tg6+N21r~3C;{iphFy=?zA zoAt)m^ZzOSzS@6ZHtQjzs?PjNHsIMI`L}+!2A=9evW^edc*gTuPd`wDDy3#%aX*qMz^_^AP44+{gU>d-(X}BuyPJ4_*w*62pVh*gfe%7%!bg2dR-KYWO7hREvX8 zEFKE7ZVMXojD(ZF3;MqW@Sq#^CC!KPrx$E`*i! z$1AB)=Ow!jrbkn00}TE#vI=(qhqCo}-TW2*l|eZ4A!*d>Z~2_@aMh(z4Jwu#I>gg9 z{;V8&3u9Jvtg-{oG`uQPo_V*Ha`m}MuheUl0wE*)dg zBWIr62uY+E2Oss)&rh#!u8w{#5u$GnIkwlo=o>pCd$k_TnmOe={6jC@RbBU}ZtttdoD1=(g zw>*H2f@r5ca^Dq&SNLk9xnJ>aqpn|GL)B2fhLxayWYa_P>JR>D@hEr(uudQO`(q*! zr~hYV*@fBvS%lvHmCF5MR~k56vt-wdK1; zLdD`(WPJmh{PtUo@V=v4Y!v|!myvDD^84@bq*Ce4Sc+W4B30!2P3NwG|BdYbo96$m z@7xPPcQZX!X`Fcnep{(@J5N;<%e)fS%`Kb054>A8_3#vf?3SAt(wLy4c5>M1yg6)) zz6(~&`b^$nl#?5k4*AtpqMKHccKyd@iH{aQW zJ>Dl9-)gkpJlyn!yr(i@39=pXoIH85>5h-aU{2;eOTJa{kd2t#4Lha@yLQ!nUH+RG zDE|n?UfrZ(K(_Cw+)l+{8+N=9ri@QT`l+0ccsBUXLts)0`4|9rNWX7ilwgUy%9a#Bn7B+%(t<_+ctpN z{vuLOmCo*THS4|YrVJ~ z%yTTo!}LZnn%v}k#Ka^g z(NnTr1*t&9l_v;E2hY#p_V#iI?Qo9vXY)x6dkCgf$$(6HN2F9L`u$YUBsfF32*q-b z4f3}dBw*Ao?wFK3VYQc3vD!PC&N~~2+uPsjLtmT-FvpKI)Zw>=+l__H%X?BD-Fy}opvU@6EV`vd!5kqo=%lJhv7*K*+FnB zJ#zuQ_+}zG`9CF|r1{CW1)fuR$Uf-_3z7)zVGF1HZR5LOvY{}m;0<5W#Qn5?FYskZ z%+~@9^b^S3M{@!@HRi(Rp<$5$a{m3<`QOM`BoTQfurs46Xmw|+tA*)^kbe^tMR4vo zgdaI;Mb8;5pqhV1e|HGFEld>+7=2`#Ys41&IYVE*BrUx6Tb8Xn z<`y-xEWNOCaXp0OR1R2vS^nA@NQdP5_|kkAF8*`Je=HaOlj_C2Z}`t+@qf*|X0sgs zQ*VEb|NA6=U*o?&N1&0#2L3#v4;N#W9s9POhorGnUn8a|Ha_Kgf4cZ0`f!civJXkC zUSA=8X(k|Par{!FUVeUmUI5d6A%Lk-FJ!QM@KrbJ^))FbIfGx9U464&e_LLE-Foom zp`eU`#`;=cLgmNgbBsM=Io0S~1+AZYj!;_gb0FuReM2>$V{p;a3WO=)^*JW68vkET z{$pc-j}!k}Z|*hrX5xQa&9CzRQ~Z6E|6i#5udgHtn=8rx72}up%a8BQ6aTvf@xQ;S z^j~ewJ70zW@>u;U{J#qSs=p=WKOZ1puO%EhXCC4Q8wT{yV%JC5IXLPc!mwzdaVe<)d!G zmEuc;_5OEHKKm`&pZ9M$`7d)dPPr}qQCqPb z+#~Y8)vA~4f9%%3=Kp`1zXfu+B-K_)$osIVfXm2J4B@kmBKLr)hDL~qZnSa=B!>An z1Uw#+zyHGuwUjD#j=2FjQ#pKYpuB|s`b?e`q0J6A2MUPqFH!h^=rVIF>R0aP(}x_& z*Fr?Pb!nB{Sibru93uy3Xy2RCGMk#>91btD$T#(#VQZ8ECDrUol1@O@;An_vjBNuu%xanDF_UrK#{uy@SCWbTXt_k}?VDpZRFKJz`4Hfy>k+ zW63&sm~r~aXYnO!*o*c!tXLmza%qcaHn@n`RnZ!by6o00l|Fk~q{m&%hea?~& zgerzj)xC%nW0t*Tx#Y2`z5!bO4hh3d{kN51zo?6)FH9rAPb#N5>rYa}jGU)gCa~kV z8!DtdqSy4*`Tqx<|8uC9!kc-&;OdR35(QNh}4p+{@t7LV7q9&Ir1oAocpCXx^f^nD z0Hm$ZMArY=m-)K;J{5x-TtOJ+kH3paKAz-Jh?}vg)SHjS4(00s4iWPKwzaa)Gp5v~ z6g_(|1D{E`Of{(y6SGgkxP4NH-PeEL{AGKhBzRd^c1L_C zezhG8wryX;@1AYrT-~a}l9_*G9m`E=c6h9Q8E(QVTi|BCDo&q;P+lw}dBRcuO?Z~? zw#o0mKie(<^6+8IOEaqzE|(dj{0_jM0kl@NuVq}Wv^l}F_17KEFPEHh)>ojx;B1lY z>erub7a+~d`I*VMda)MFeARPZSQeb`ztn2v6;Bz#Z;6`^(Ud!L{O=lO?WJ#FlYbh>D0q1ma>_E!vK%^XECV}y9-tQh%)%e> ztTU#Py&Ge0?db!HC%KR>n$Nc9{x%CnO?tKBp5`=XHF{4abK4nwwOs)tnPzmv<02f% zMk040%%`fi$5M=$%%@;#KVSb3&-uWF4deFmP_WbguJ_iP*f{rGwe84{$H)fQ4o zt>HcmS$uoRBp1nxR$Wt-|LmVKo{_WUMb3ctBA~{zZU2jZ+H^H|(a<*Hvu*pagaZT- zBBAQkU_JN-p zjwMT2mUEh_f`764kr&!*c(y&~$D${))E;aeM7XD35@gX8`wV@P9X`ld@=m5#rs3T( zhogv(Ie_5A%o}8u?VTkr%udCrm?U<;JP{NOJ(eY7!L#?8Exu`{XTW&KP{-{eOPA7Y zilE)A0NVrdz{|4_xKyedmjB z2QxO{KA!1J?^R8;YIm)bOg`1}9HQl|)zuB>0-!%I1uEkqzhj}reDrgNbXw%6)>6ju zdmwDFeNW?r$i?#EBbA!Z|S{>&OeNDp74Y5iqb z)(bZOLrIDc$-Lj+QTs<6v>)Cv`>`CdtNZ$v@>R@o{?+^pOL$wB6Shk@T;@^qJSPV1-E9NK-H--iAfrgERL0ef8h3bwKI)Qk&-gV!OS7JLl$O8^=?@od}uvdBka zVaLv=QGo8h2Ka@io^1!eF7$&)Hn7Xaf10x}C@iyVy02u7&oi(KUW`W^6P_~0*t0qq zM@R&LW9UzhVHF`w6nmZLF4rF8<^PD1E=&II(-<8vThy$|(Qp zN1Od=xdD~XJ6ttb;TJzp@$2OVxgDtvbl>mrgq>!woR0NOe`M3MBGE2-&`)9EQ%le2 zM>f5(2cs|p_d{Vs|LxKv9P5dRw<2NXA^b0eF@mp`;UE7^Jhl_XE+tcZknwB)_$Yj1 zPiyc@K%{(-(R?D=>BE@IX@|ukOYjg@|AaJL{Z@UR=ibp%u_K*UP+PV zCt^f-W*Ba8(kmVa4tv$FOEMVu>W^%CNx3YYz>43i#`Qn0I_#z7cQj`|vgw?0{R344 z2fr>i@_aY`a(4#H`TLic!X?dzoqU=yEPP)vfzlJ@;mbcSDY+(T&M&ESs%s#*3P0g+ zg?q>1?<Df1OBH>!qT%l6mZ3b9(9@ zFtTT%p{0$Ebp0cFnTj6ie5~-Z0u~nfA}gl)MLE~2aJjO-eLjqeU%oic`+VA5b!$J8 z5B`18`|-T-RWn-3CI9h{!yk#i`vies?|I%n{Fz&H?#Lf>(SHp8{MR_8PZOuK=xA%a zo9Bo<0#)+X)axi+dCWuUU2{+6!)g5A?uq=qYxv9SJ2d$+aM zY?SN&HTRld>%V-8zi<8mHIRB#4cFGbA+J(8P;0N=9DRTD%k%Z=I{x$g`Fe)`?A-jK zKYfc&5d8nSeeB};=IHYB&DrtM%QvUb*Kf{`Zr0bT$PflMxU&sHiS3Yxcas1=y)y?t6+slj2>GO5` zY(B29t#wY%J7?EtKb_wEc>2rDPe*Uw>3Q5JmMNa|J9cx+rZ+>LBrLnR(UbcIGD%rt z)9-KDRIPP>>A?G)*GE^UCpSO5y1MxO-PIdZ=vWd#*W-6GT`xb`IX!-Nb$0#B%?}r6 z=RcnQ;@+@5G$T_pasHcck2=?C(I9nU?^}n|=|>%o>VN{6ZE&Iezm_(`)DS z`rYLmNJa_nuzWIpY-Q(X$48y(S7&eLE-vFSRrxEPKDNGaW|kBDa@v72f5Q4aGeysN zM#fSklQ<`8%wpc>v1uhAkR4rzz<%D0`>j6xP1>&9b<&%MFO|>geUm zv+KA2b#rtK>=777frupS^?3gFUlC3YSxAwNDuJ9`E(XEJfbv(Syq{Ww8S0^LI=^(T zPv74Ba`aXo2CPdnrK5B`ct&&58(@c;bw;GeJXl1)w`^6n&k?&k!PegQBZu4q+-D1HCQfiw$Am@`N`3ni}O<`evlnrw_S4y6Fa2w3o6?SKnKaHP3q-Kehi__dga$ z;`w^vWAK>W$mi?!U+ZgY7TnF7qnD>|p08gbyYBqgoAtFKshI~(L+V^#bJSsez5;3( z{cC+~?dakG*U#q*8*6%^q)`TyDb*7mlIW8v@o6&r}QB-bP* zJ8@FEbW2N=%|;Scl1kzut1LvUNF0Fx1Aw|z=KI^$HHUsFr9I!MN_ zMUJLqvt0|qY!dmmHLz=IG#}WXI{4RVn8I#8Tcgj^M-}zQp`WMW&8C<>n=X3^jPTlz zVQ8Ev##q=i*`LdaVt@5j+fkc1`(thD)(}%;8IpljD8RWNMp>zIeAwS>zL!9VZQS2$ z?l(>jdUdaM<)^h|lGlKYHK{-NcbqZgdLTg&!Kr)Z?2VE!rpx@uzoOHI{5U{ip6N+z zWG9Ts#eMW{Cm01d3&}pl*&){f5-5mjAw)@kN%!iAZWH*Jb<>+U^JzsG#)}S$d#V=V zUvF&Qflr4fCK4IxJ5lq-A5S7&hqnU)(JLQ!+IuIvJy_g56vo=IOxap!HmyS+2Yl~; zgY&_Tl3=`6`%CMX=!8zQ+kLn5m*aM)_pWATIOhM}zSXgi%h__>FYKA6lkN}bn)uf& zi^fTS>j57p4d;>hAG`russYkwqOpKq{&) zm=MhAL$JNzv41+a=yRE{5!Bl1yY+o5zVf5cUT%mO2)j`>FVFGYc%`+YcCWdET3`r= z<4Ka{%y3|)3M?y;e~zOn>W1+EvwDzF)((yRTe4}UZapH;C!GTV=`v2PV|&37-V;l@ zgyTdXfc#*QFX<}}MY?dzp-AtIHWcN9MXoKc)av%7JJkh(I)N3FKrtxv9oBO8vSX7e zZHd)v=6Rrm4YC;BA~V(jp4qaCVcNE>vFX&z+r{t`scQt503H3qM`T@mhp}A{#CgbfGN#bSbZ`A)bZ6 zgp96P2~r+yI#*&IVW_9Z>vPt5ve@K=pvcM0e4y$ZiwW9 z)>01BET>!eX&m4b)o?zj@gt6!>ce9sb|H00yN9C?LMm4qlaBTYi$Oyt5KG5NeDtH1;#5_Sb%l-2x%tk0rr&*59aej?)%uA|doL+z5Pm>`!j{N*0 zNypXC@x~{i?;Dja-E^_ zox0zdk(p8r3_~svzZB&bPyt*@D6#!173Ya6dWUwcg>{oy;aq~nA++d(iLiKKiZFj8 zL{qfypAANM>?1!z0nP?#cuo(GR&>KMAAA@O|HMu}{v=L7O8p_u4`Cc_D5}*? zfAZ7NKaViPRc&k{%IVWM!#Qg1?>DJzuz@LC|4V$^OS)hj*2~+<3w&{bK^_n3R-~@H zOK~=h^18Q0x0P!sN`~Dqif)ldL6Ny2b3kdmgHFpzKWFr-gWW!{S9cMO)m2+~=pCvB z_^K99qX@lv_k0_D`67BP|J4(Ynp5PJ>2nX&>&V;k(3$C?QPJB6i-fTN!O(>n`Df9r z?v*#xwwvBOhs~8AIY4|a->D#G(%VGyt9=pvM(Oj2~kn8P{Z z8OUs>xi2_$9A<;+MU)J~EV;;mP0#&oRLjFje~?5;n)UrS=+otZXsgm-H^P2e_des( zt+7`cyoadV&-nE94{yJF`{vK&SqBGu(N1^NLRjtc_#=}zMGHKQdF*duhDsBGOvWhl9XNvCMWh9 z+Vv-4?nhyUGiBEk;hY#&%x+{ZA9ZHv6Jv6cG#rMpA920xm6>;s*KtU*e0Suh_3{Q7 zI$rtC_+)2mXM5(MFUY^XMC*5SuqaQalL<~Y%3GUgw!W#Wdz`l~WQP{O?U^SnE3YhY zDC?hklp4hB$|iV#{3uIM=HJ3mS56F|j0V`8V-(?wyppHkc#H!u0%&kfhTga6I=Ad(FvE7vejf$oAz)__U_|}ARR2-UiprKnMo6*;E<@iLGhfTKRw&;J?mAU zy*~OMDruP3)m_kjYioW%^4DThKS$QC$8-si3D zE%`i)FrJ`o1~A6*k6Eddjgspwg(pb9hPt_*<{;bb9Yq$#hn}-WhyEo-J`ovA^lO-B z=r~Q_c7AIQZ5+4uHtA>GQ9h&Ng!1IjLICi$4R&S-M`Rtl{vwzB?cYZf)VG*#2hix`h&qVP02nX ztCu$>8LHq5^aTx5JVBM~0U~+|-5!Qm86bm>ax;oC$#w(Pu zbBHiQ%x@g#8ICS!paPi|G@WqI1~tF4O(_v&rBhTH=4jiJ2#ZAM`8zjN_!rlHn6u`3 zYegK$wy0_BTlAAoY0PhXromIbdsXp>Y2&d=R`Mixw|&%W{?fB0o4u%)HwNIt7s5$- z(%u3XfDhUq`tO?`8$Y$$9f&zPZ1x&sgxVwJZEl6w z03aZ^2tZ}ut9cU4(Y^|2X_5+Uzlqex%2KYsfMh_F{@Qc4A{$VI5rWF$#FMsUC% zVMa$!_S;c%jZ+H|uYC7Yv-7^)ZT8uI;hQ=V?s9a7oa1@*h;H-X;m(Xp;cLu#ME zc8kFJ^2K=5Z5+#1?VF;P*~PReZVtk5p< zWI7ljWhR|go~V*9rji*0A?ykQVmh-IgV8t%(3@|!mIKPZI!K0mw~`qq_UD*v8f?Yl zp?B{L9^^o&VLeoqdp2K|2plzk2Bko!N^*_M)bunZ;93=tSN_}F1#roc(GG;Xb9Q3m z+9NE<7hsiT>pBNlJV-Lex^=Iq1tO#qgY&ej6&Im7O@s((B&8Dsn<6eft~JzZgx)=W zQ>2W!$L{HglaX$|)|i@Unn+f5pn5 z9NFl>wqg}9N9|tI26OHcLm&1t0$3jA5$2wFBFu6FUBP7c^!oMb_PBfp?Pl-#})5XSgC z#r`GIolb;kl}hDv?8%7}HmZB>C_3l#B!J3-x{SriZW1Nal)cm>!W45;BKh!!r zZg+Z(qaIrJlky!$#^e*$H|L^-4VUfl9{-$u%gJcQ(#yHlYwxwe#zsD!6R>>;el(ay z#P*ADJj_SD0FSBnHzb4!Zgd^;0G{Vs&L(>eUJTWDAa$n>10L4i<1|p3@dVMLU--G>JrTf%1 zW^?|G>FtmVU*QyPCPE-ehOS59V1x$I6b=$-j7pp(5vC{62^`fFY6hHlqZNZuQD*~KOd88g4j#=Mhz3W#^`^iSx$zC#{TU&T!_7x zM&MFpPFAvkB%3SRUjP?sbIdG%j_LC^|3VvKoaNXLP;voJ-=TL3{+ln|7>5}To@M)5 zNg~$6`7{^9rV(1X3`(Wr;M2l~U0T~?S)d^Q5W(mT=?Ml4J}G>I2k6Z^#Y@GzI7o(> zu{l<4_BEv(H)KYj55)=b-38k&X-+cjQ(}0BX}!D=g!GnyS0*2Mo4lE}3A?bjUu$6f zouW!W8c=Y&%kgCprl>MO;sts7S@~{*jfa>{t)mZU2kpX{4%tT!=r(cUr$i29FyMxO zwn-*Hl^B>RG66eCAp2H~9Bs0mm8@-l``w%Gwrf+u!xaLy;>STH$GDOw6+VtilngWSAj^Yf znnM$xJgh*~^)RmFBV5V+F|Op{SVI!FpzqMTjT~cC@#TzdvXjLT9$bZ2 z1RO$LxH5pIu+Q8I2e*@U087v($Xb5_zJ>5kn? ze5>0CV%$IC+pO;KSlcf&BJ;~7zWtIXmzXR;Yk(e0C9#}y72D)@Z{en$FKj$bJ- zvg1eVr#o=Ux^uQp{)P|8->;;mkiJTYZn;x|l0Du3L*+Yda5HoUjv*lvQZsDxz1pl) z8shwzZ0JRlQ2XLXd}~|;Qt56`S6F|NOqcl9CK8L|3Nz#n@+mBF;51~nm>FNdp||ic zf)Zwa$RS};IA|F7WXYPw_+~^F3v3SMG4BT5#YlYm^LY zOvhHEWJu8!Dt^vap5|+l3yS8{voO7%3vWd~9jHYb7Dv~7c4kiW^*W?($dI36Gzlks zxmSGMtsFs7SYqXB_itqo75KSxoQ}g79G#BX1+w)4*rhdLmLxG!NKIEGzCf^31;aK_ z=F*C|8*sf3F4t*H<3xuzr&qOs#i-wvdMWj2JEPrwqV2vZh_(Y4iw8@-h(v?aROs)M zKaM`)XoAx!>RyHuh}tCN;FN$%$%ek&(gfJRoo5ml2qB{WmVUR{(=osM)Hpn#BFlVZ z)Ujrdf%|Sc5-9{{pOb3Yzz0K{f=O4OFyNz(VAd8jr}V>j0nr#o7N9g zB=A3$j-!xioB`y$sH7+gWBgW)C}6JV^=H}VcpX;3FeaAYyLXxrP;6kdhW6l0i(k$n zBlY9k9D-3RXbcH>)U6WBqJfl%gS9oZ$FAk!_$o}37{ao-=x1~%OBbkog#NzYM}Cy> zpTayMaDL)D18IO=;#-;0N19H4#&^A5X>E;s%Pc64$_{&6FZf5^{e2%bT^KL;j(%!n z4MX<79bkn~lI8jr>@tY+3pys+Nr?@&8DAN$rN8etjnqQRA?Ax^*_=tLE5`10Qyr z;IGUSCL)VHQ*l~oNR$lO<5wQvVzNGjekC*450mx;Q?#;bHgc@GVbafV{^=jbem*K# zbD7mnSy^d5w`XfcH91$u0b&BJ`ZQTp}FuGM~!%AuHCsBaYy2pM7UP+_t zc#`5QJD_yT>hl(HX8u=GGSy)cSNYc-JHK17ptCbRQ{pWgJOOtZ)55}P?B4(!4|zP8 zjr*V57w`SS<#fXO(Q#b4mu~oPe0c65@6~r|H(B^^+~(Y>_HZaj&&7ddo{Ewoz{Q49 zOD_a49zP??=4qKr!kOUrMi3a^5i^LpQ>6UtawqBrQ>X{+51n?e(QEFukM>KvA11S9 z!CG|N5oTE!50gvy#jq_K6r~@U^9fJmBo8m}c#>0aNfeN6Oj+Yms$l#a;~N@}fNyf5 z`is}pg^4Q9K2@HLE6-?d4oJpdzLUhCm1ZS3BS zaS2x*t?d16*B|4P%nAaemJfMhYAG6T2d`Rt_3}m-pvrX9-QdU{W8Ng*RF=)M289Sz zS@y_H)3O1{YF3mW&0jH7=#z*{56fU2)GgdKDX&yAs>f6kkqr~h2QJdk<{nyuSoZTI zV{u0ytf;KcxN`-+V?zQ_)SCwhrlSL|K$XhGoV7t4`&%?q<*9?m$raYGJChw6Ro(EC z8*D_kY8*n0KNT_0jIioVV+AKLI*^~ESFd-z`woqgX_^@_(28@MUineo`|dmR>NR=+ z|5qN2bxTAh<~&RSq5<7H*F;Yoo3t)OOrQh>!GAB&HMqnHb&0@Lrf{AH$6YB(r*TYA zxFE`!MxhhIBhBGlk2IB6S|(|D6-Ic-)-@K}qhn9aoj9=tWrHazREcbsQT9`B`6{JS z(Az{`kN{wQU9tV%YHzCnS2X?F8sb(xR%RaR#&f+$8twaGM4Akem?nSB$j+F|3;!qt zCmTO)I_KAP;kYpwgTEn5V)D_kpZa5*KK5fceku0x8S^lu)+1OF z+7!?i%Tu4Ve>8#*(_}g!cJ1A_I~9h_OrH>{K&UBHzWYvTW{A{o0S?H|sJcF7U!J|B z{i4${>;LSfycG|MjOK5EiBbAL^Gw1*IHR~esT_yfT2IWO_D*6c(&o^Fe}X0CWV;PV zn^OxckSh5|s2B+Pp=*6Y48&=gk-^i`66!hw_wHUu)=jMwvd&XVlD`-UJ=I7l->HO| zISr0N@MH{Mp$mH0^;Np53IEBX^!M-?4t3MzWZY4H+WCl zLwJ$6=8R4iC_Lo?|EGp`DGRR)^l?h|1~`Va0P%n&Jx}RD*)2;&l!x&Y8#k=!>h1@q zlA*yU2?xeyVo&v~tlfW$W_`GtJ7z^ghygrGaukjyw6qwed0Xgb)%mu~V$X{1LD9S` z58Ez2cmYOQRMPVMza_VS;_mPj4P?Dw_mWoH{kb=Pi$QC=NE4*?lwcs?sh~j)EM`;p zK4%zWFH-%4UYMKJk_15RC>~-nD%5BDh#D*K z0+G$SQ{^RuEQ!U0RSac!r}G3F!U=K-Ec71qsstIVCQO3G*una0hx7KiJWTJ+BuR6$ z+vqh8T1Sn3`=nQ=%AU2FdF=ASbkc>z@*o*z_a4GZaZaj2Kt}T_+g^w9a9&;}?V_R? zjl(W2avxwsbuPOW&px-PrUfjmp*7TmDjqzTEkhf0Ls#RsqiSSP+@z^bY$h}C5>RQ3 zv`iHX!3_|JkH-@~O~?i-ypfv+2vrqH*wm52veG*0_A0ObyiEps5#HcHo&0&XZ&%~7 zB7lcYD22ciMS>b&?h*8f1~o}-5N7P+Z3ZbDktnNK3bPKi-CFRjvCH4+_Cw_Yd9^A{ zPl)5Ic{$uUMwX^CnjG=v6cOY_61bCYvs3@`pZ{Ds`p`Q1h5p>$`j-9t&}p9>*SEL6 zFY%_^TU%SKYK-{wuzmEQEq{vahT;jKCX_QeZgvh^T_~aV=G(2(acj@<{96bTPA0eX zyl#+8ZfSg(dajfu({y0mv7tvg{5}MI28r~`cdvIU$rVnagq6At$56%PC+fGRn{_3_ zpW2f7w)Z1{2vw;}lk83dHB)asn{VI(DDC8vLuqI|Rj%~&UTThfgEml^l7RHW4zti^ zQEXe6Hud9x5s9#<^u>X^F?w6($+n|^^)mF#VFNuave&JiX> z)oCDs2(jFVGE`|G`h3&1cGD=<$j`$o*i|3<`N&QqB4hjbd%0~&QnpOTsJsDjrL;R# zf%ujSEm{m|5ma;;-NR{kg#{M0bRXd`KhJ$ga%1v?0f1FQKs)9O`j1Rl4d3Lc->3Gf zvlYyuQAtQGuZ#16^EzkG z5JJ@Jwu63d9qqM$?xMevr@LY|Gxl##GQlxZR*;I8{A7oNn1&j&D>*c}s|0(Y6R7Q- znb&j2VSMP{v?n;GVMpb=?VZZ&S6f?KGiR$~-cP-J_iCrIz4hu_wPA*He)Hz_PK79X z^(|Qh!+3a@4fm6j_xEjK3$?HBq&FVUIDjIMNlPb&qywby%XFtUjX%)`yfKBAs1ob9 z?{{fqlj30};#gET%BG}z=XgJZ@PTOzec?dSe=cCC66Iv&)+eVhL(3f}yTghh|HKGM zTLb9KQ!Yb_U;t{a9QrpXo{rCHrb&eeE~E)%qU8D;U3B=$VNX2|S?8WUR|{!GtCj*h zkQTs7SiXde&`Cm2g&fahX-!#{cICRqHVYga)mcmc{w>%{?Yx-Plva<*ZUXLuSZ-D-i6tvDbhkg5?D@G5H+J>= zi{L$?!FsCAN4-#4-8+Y{NOYbgc?O9Gp~42v2h{O!ourpcadN`SzJQp7!xWk{Vs#*j zk!)>ms1JoKM9^iHr_(_`O|gfxoq;eoszIL zKa8lah*8D?ig6yl)l$lFmUplp{7h_`W1OK8LAp9-$)MuTBt$;W~ z+h)L=b#avf%cg??#sLnhsE286TZ;XlTCJ)qFz|C7yaL^oKyA#fM~V*?=&8C8BV|T) zpOoHA+oZ8Gw;8I}K`vIf%4{B_(Bu|`o>C)>{0wMPqh-vMd7*J0Y?+*9I0fbtHH4p# z`5w-F(|#DZVyDBPpXF)Y3rVM>(ah8BSk5MrKqhhv2nGky4#J|F; z%>0v(MG=adHVRCxRHuf5AL_ zJW})^%pk9Z46_-G!btK&2s`_UpMqQP{1#;se?a3*U++*tUyl+VtwKf$h0{1DRaV{I zkKmJUcUXYhvfmU(tri5WYB8&8q#0!UFRihGclbEL6{A+hrf1zOMoU_#{G2sB_mD@% z+lSIs$b*5M?iWpyB)80EGAqQo)@^0dMZNr5c>*1=K*BrndZv0VE~Zfgo+!S~ z@bd`Pr#tbE7T6?PdaMKZ3;LaTCR~oT8?Zn}f|Uj?u@u3&6)-fHr}8cTlUTF?fx+8o zh>KPQm?QO`^ineXB*Llr?&(Kd{8km9*I!qFUO_}#%g$KwfDHtKdmd=JglEsKO)c)UY_ z1k#2$m7kq?hUh{tvKEvhBY|I=A--@C;H0%z`#?jFc{*siWI)iYyaT8nHuAVR=5b+9 zMGT#t-=^uOQAqQhg&Ev?LD#@MY_TWw!~xo70RU0mVaB`HyV$nbzXa3^INHbm&eC`nHlw2snLodZr5IZ6iT(g7LMBXA^w>eK( zRULi?NQ6Yxeh2abB!#u3WXPqRE>Efgkfp)^qd;80SWc*+45zG%D{V!03A$uQn`K19 z->MifMXHKm6`?jY;7{oy(At~rutlJ?H#<{LTxl?1H@V0U!uYZg2fJcDvG;Z^6*phT z#XSUzK3@4-`bNh!9vJ%A zN|*$vQv_nYyg`JT^u+=O#Ao(i3a;mgFtpn-e5KAZ&5p+u`zb#KBmK;j8hF%aVG&gv zx5Igs+)#j+ih8GhKB8w$TePMb+i|G=G38Sxb#*9 z*&qI6S7Af7}gm0f*lE$l;pn^wAVgb@1e%t9y(}$_|Q7~U?dQu zEKi`hdHzB~HfZcF=4^FN=ObWS0^bID8{|BzTaA^ez)0YpXBJT>XIW6dqM#?@ zn!HV|*he7+lo7f~AW6h2(7{;}v75#`Rndxr##esCtIV3irO9^9<(+2@=ZSNmDymn$ zqpfFN{d4)wsz%X@!!$t}BW3S;3B9bM z=<1Q5jp)S~y~WH^1CvxgMqV%fRdvgzw218%S9W^tjJGs#hMFzot(ad2U8ZS7N1$ar zxCb=^AQ@I`lHDVX=)xN&{gIy?`uSj_#)8jV##EkRX$QBAtth)16c5oUWe%^r{n_I; z4L*D2SD&r3=`$t!CX``dtqDWA&aqk7+sv|rwSuKPEcAJ(Sr}PeGY1SBHtG0T;!=hJ>*4vjBtDHPPMohI<&I1Xs29AK&LFO zTrsU(ga4%5jH4+dAxn_#VlSi{Ra)H{@VtO(Qye$di9;wz9=49_pbv&PKc1dP;ou`Y z+*~;1GW~kNfLW`rI9!gGbFh1^!R{?P*uA9&yZ6-xyXPD%&*Nkamprxy>>e?-mluzj zwENnl2Hfbl3zoRtPakE46L97%aJio{b9+VLhTIwEM7vAtE%Gaos{dE{s;-^hvX7YS zM_iyZcSw_N?&s5tu*d}s)`;>sZhFl2U6ou!FI1#aHD1sAF)e=)31_d_P%jNt-VbVVr84p*psca9DRqKO$80KBB~!2WOHj^X^xY zvGqb&mY}@wpFEyHvGVL=<=J87S(izMjJs#}N@rA+_ERn2ad2#Ow>U#z&}VuZNO$<$ z>F~ssg8D=EY0?GR#TkqR2V{~n=>Qdg%8X`T2CK^5@TI zfBIZr*P6V2D}EMz{7>@f*`M4W;>;fiw-#)=>i-Xw*|+HIjF6Qsu7or{(ZOfhea%x; zUL(u-E7BZT#jbD3Y=LnY_j$>89&{;~%W0d#g!7KJa^Vc+3 zmDX)AWxVox_WKq4-C#Em-+NAU?XePO-Clc9rKb(A;4j;i6J8)O<+PXQ&$TD-7`E+e!E~yN9`%hGWAFyz-Td zt~@=5=v88h1|vW92V}v4ru4hJD?eSM|9ST8^qbQiXuETE_G0GE444A@Wq>|ou-9Iw zPz6xArd|o_ILG5jl0w2SUX+4ghfMjYRG6biw{cur8vSxnz8@F- z_fPwpPX0BW{A*7(?N8h<(#*{cZ62W0veM}p4`EVzJ|mFmiRale3^Yl>4A&WmJzSB2 z^4}Hbtk>2(eG0wxTKIXry#6`<{F%HX9`fX7W%#PuPXY{#?9!t-pf}SCX={BsDD^$rLu_O4YknCPw{O`gT}F6Z8d0>1E|R zfx?W?LX2XjzflLFy<+=jZI-@n*W86B-BC*a)Em{m2;<<>KV;G1g>DP9(UJj=5zUFs zD`B8Lo?VM@6AVjpkU|yFy)bo^CKNB1tCwe=GxF>sr{J50P;CZr=AjDsu9P(QEC)rP zg|OcKT4#wWmi=6*=1)VQZhxKCZhv*8ETWl}KK-MA+~|F*%a)3KmDB<gVwbXG8N_71l|EC?QIu#i_#>UpgDRyQUp8`p(R-q`Ter;c>g$bfROvE5=1{sUpJi zw*E{jt@6Da*+-s7$>0+C7dZs_MzU@)RBskHV}t6_W9ja8TE}k68n22+qBYbgI^ze$ z;9}nkiGg;mXZbv69i9Br-)nVyo!0vkNHZqt9r>3SK|(bidz{1wAW(1TmTB=z8Sm6b1?ubogm;63d!kkm%$^CB-zY8b7oMQ3nTB2*LB`u90+b z@X^oB8VBtzdQ-j8`w6pbimS@u$Rl*}z1fLtFasRtNw#EHyEx9ZG|C83|t#%jIT;@F-*xcId1`kF!iW9Q2;gV(YVoPn^BL!LUV1@$Y1Z_~>-ybx z1J~Ic+Y`RtK-1td5eLUK@weM&Gu;hw z$3AEBAb!hUAd+o`zaqPDk4OFt+SC>d-&4l@YWsq#Zr3F6FBV5bhuc3i!m6=cg? zn4Q9{y&(gxroQQUevN6w3OZ^Z$*bCrug6ALWZ^tRgMOJ*B9vRRaACik$$D_w55BAzICWtUA;;GUsJa#`gCS!N9P(?MM`utomzJPnv2Oy zudB}lWtpaCnaLGpr3xG-&NmS&w{?zT9rdFK2SmB^)aWnyE$a5s!6(R%K$}25rW9u* zZb6|Wg*&AKf0{u~3EM!<4Iq^_3s!|GJX*RV{ryQ!l-q9gH z1#>ndKg+{G7h(;58zyZYG`hXk?pI(_ZLs%dR}0@&7}oxHS(dfGT%c-Qc#_AehFw*+ zy3nU=tEkkcRHhvqgujtxKuelDJ(t1|@6DYCmaFil`RTHpX?0o1k~VVUq2x*J_i}7$ zV@{b;0kxz3dJ5J&OyXhk+ps2-*V%jj6_^tSd2i;l@LYvG?T?pbQ2WbTlngURHXTPx zdetj9U#>N8=i+|X==o!X|Fz%C@xO~SR00%WJKC=&QO^GPd6*ym<2TaJyr|SyP|<9l z_t(-Et}7{O`|G83wWH%=b?w4ZeXb~N_yN$KlXx$=i-MEKu#0{VK#6%~h$U>I^U~hQMR? z>Ym6kL|K)vpda7z@J{CY^HYrQc#_{zHsbMM3U(gN7jHkT*OAAQ?LOy0%0;;=TlOpjF)e3yH9GA-2Wv+Pz-z%$fL0G1QKX? zr8T5|fIMQmQBY7a8E(mhu_zNe@v{v1{LTyO6FTLKN{e|UYdn($g2jyy1r3-m;|FET-T1rd~&74H-MYpZ2O178hmTc$z3^Q#AQQOq1lUi`wkgL_$m| zk*VxbM0`2s6Pi&NkUGjA4Dcj>>6ogFeEmALzYa5+-x^=|(})8@8+k(dhV<{KX*!!~4oV^sEoejbi-GR^DdJN4&IWvlv~9;!qD*1gy_FK`i255jB` z`L{a9F@oyLI3rM>!DE&wAxy@f(e-T_=TIHgkcKjCk$OcoycXs2G*$3N5A zUL!+U0izm_Mu$77tbQgJwdDuQZXvJ=sXCuR)txb6ly9I$CU;JKA%Xn15op> z>vFU^jdPs&?^#3E?j@S=dhJRcK~``DHt$fCMfLII2@jWHS##iyy>jhm4YB&vg40Gg zn&31mg>jgFq<>q>G1M6Smjor$rE= zkU1wch9$;@K?}I{#uLnnv;-)OFA{X?k11Ens?T_h%dE51kwTsk$1#X|X2kW+N> z5l3V4QI+)LxR-d?`p{`Ww0`$fx7R%Ee`*{a^jk;!?fMe%1en%Qx7Rp0Xm-d~LgdAr z(fK(3PdIr@6g6;e47uuB62Z>oQE8}wb0f%=ikgM$_5!|KA!DAw6 zfpjCPE=#UE%xcj@B85^sTS7dIy(1(T5EvQ74)Qd_SD47?Pjm~X>retu&w8z2W7h5} zi-gJAE##W5nrou_{W@6yk-;%h+?A!?~L$CLb)4;o65i4m~boihd{ z0$pY=(sAfshLZvW6vvsxixPF_}%2JXc&Q%JF%#KLRM0Hv5encx`GFJ1YmUUjN$^jSnBeSA<1tz__) zJ&(!~YZGLM^WABdCu3Hv7V;kzcHchOQ^>pA48ZN*Q^a2D5Ef35bdxb7@VL`HB%2uq z0y4xB(VHzd6PgGWFmb2dmK`kQVs$_^7pre67i-W}HhvUrR+XtjY<@pe`Y-`oLCBQ* z=R=$`d9jS^MXD4|Ivh=O+oPz}Tv_HS-sbdGq?~Q!xyjJePvZdJZ#ie2` z>fgG`fk+{>NV)`V_(I8iYr+))3d_&v#U2jM&rqY&Ywb67d+p9Al%z<#QLPEweV4Ys z??bpkT^+va)!3zJGzCgL?Mt@qOgu<|0=Pm6p2IULWn72AI z4STCk)5h1~zuEqw?!BpQ|4`jh8%^Ubzq_nM%f7E~c;8oFRkslN-)(Qx$W7%=II4F_ zZFvh*a2HnauV{;^y+?tyU0jt;EE2$nB0j2$BnJ>CnLo74Ib zS`@-^(1PN+u~G*X2R#7UVp!Xopo~!YZVoe^{_SjrAjdChxO>v+G>>{b9Wi<1G%slV zv06T!)If>7Ei^t@PG5x~xY%!4FAIOg|e>8^|?Uxxs==XBITxO zzZhRD70xuhmqdZ`>RUr4La;+C-b)6T;C=qi^}gA8Q5mzLf z)bXXDUt~2qEP%Rc0TiY`ww4_z_xK~eRU=!d%xb7?nn{-pMs~xdp&4@_8TLA(sF%@F zqPC-il1X8JA~G#CQqBr=#2QosPmb6HF&T>m+Drwn4*iT6G^ctuXY#yyU~6zds1TD{Ft`AGGyT1z9{(OHkx7&p#QiqbZEQ+!ci*%z^h zp7;IHW$FGhv?3Qi5+f}?-}iKf@_(jIc$oaV*#F73jv*>;4%2pK_hWd2f|Tl+S`>)S zmLVNSi7;H~uvj8yiyF$n9MFL?R{*UMwQ3keda5Vao^W~7zF_x5PmCz@7sSaIXB(E! zuDEFf&#p&gbglhveZ9WULVHqliMfk}=3M~nFYzrzH^6sF)Y0iF`bNI5|3CD3t@?rx zl?PkU7s>;9Mk9b+VuJhzD`gG#_G-H*-PA1Uv{ zeQV{J=0^mO+J1-#FTGL1?>12{03nPiC6B6o|*o&S9%djiI?< z@C_cI=kL(FjT~cC@rxR7QZGBZbm8YCbUnf;W-&!@fX~wcvHIy5&buOx1`e*p%&UG% z9;2gA9L@(d1@xRb`)2WE@TEk>mB)@#WMNf-QJt3WOzgA>0mkmwl6hGnzo=NYxfF=# z0Btcam75VWAWv!r1|CQ$xBb{LXSy0eYGrT6N8`&NOi^WGyfbwBmoL`%R#MLQj~H;B z#ozzzo(Z719r)hQaL|rhahCg0ME46Sg=i>iar4D2^V=;UO7bIpW!SOS1#|MP$XeyT zV~om@b@iJxPpq5Go1F&IG<&$b$tiy5PBxWh#X+u!M`usN01d+c{pBxz;h7`{XdUuU zuJb@qdc>p=nP|po7_iQDa+7yMct_*5p+rh9X>4N2XBO$z<;rYhtCp2hTnc)9ICJ10 zXzFB=*Z%h+O@=k)L-p^fygVhvNvT4o9*-^P&^X(M{+VT#E$Zeb^%srD1fSu-G!66H z+St!>oK`RKtrIkq#G4^u7-~`AoV`Mvm3U4I`f4v!!*rQHdV1bvg~YwxPP5T#9eqHZ z=08qao#r0eYjv8ty>_S7>^_Ah<1&bsHz8r!W)zzvNiFf~98Djw<*EJ8-izUUuN5>(h28WcO*iu>|>PyAx9VwB0BozFJ3On+`hx9OsZ)6OH`|3Nu72(z06${-g=7 z4RZ#*Q7`R){J>MX0ej)qy%#)UnHLUXHaxGIO&&qXEafT%b!gG}AGpx#r*Vn=PwRp{ zbl6p{;ACX-uQ zr`@{V!#wIbZK7m&C<4wk>X4DjSFg3nbvu2nGZ6`#=X06w)a83IrE7M#W{^y7;d&*G z^Na?ev0GGmf&!f7VN9bcNyFW7U=1D`TNVA__LvpDlLXi*9mdX*5f8$qw(%Hh?kHuz z;_z2q3`xx11XZZ%NRgO%wHHVftDbo^GIH~{gUE&ZK!)O^&a+BUuS)@3OrwYpY!WK= zrAfh4ffCOm!*DwD)GBU3`+LA}*}>Ta55kLZV3TNap_1t95{MrdEKQ9?AGn4-@$(#~ zFb$coEkvwJ=K#2U;!%oz~{P z9Y^d_tD*&`E`M1d_+b6oP0UAk=2^?D058N#wUjUhr65$}?*x+mzn^d6q=e+_^U+ zeCXPn(H`K9aaBi!M#zdj*Iqa(CCl%vZ|q^~tvOEmnJeFK$+mRU1?3&mEa!XU1zTgf z#pJtVE880Hg*W(u{Oe0p+4t%mTECm5VVtA#_H3Q?+=X(z%WlgbqwiPH_ZsTa$Rw4r zC9((Z;4F!*<{VnNxFDc+oXn|S#$|nv6P~&Ek&-B2H?BP7X+QWmqCA#hSi9~Nftdp` z$XdDBjy7=I&}1yfi3^>uOI{isMZOkw`joFIhk`mgo-;Q}k!^hfcnD6tK+41oZ`RNr zB5$#w@rL|j(CmqM~x5Tm|f2&eUh z5r|h96h+rkkEXo^VgqdVnr&v;r9zBgUY@l;fg-jQ&?iI|#pfFgE5BO1k+&Q@}S zx$1Hg(q3YkZ!xQj=waOfs<`dg-z;t77oL3b^q*^I^5^M``inDO)I3R1NDI`9er8&t zu1kEYTn`NADCSLr_06va)0}J!UR6*fK0GKzr@oADbO>X+RbT4I7&8kyjr&Nh4Yx zzyC2wE|HZVqZltEP}lhBm^HA$Zu06hb){6{|EPq76KDB<%B3~QqpxS{=nLfJUC(Me z)fcte`lba^L}#(}F&p_Q4ythy;A%*Z8Nvx2t`!euk6Y|LSe(bH4(^QJ-#i7Fpf0S~ zt^$&oXckO`8%=Fj#4%GKFtn(bpC#9uC~3uY4X2`95VGpp!68RJ$pyPBj`Oh_7a2UR zghC5_c*diRKKe~aNEX1wa=EOsRD`4z6T)K=H37a$*Qv`vnB{fX0_<9RRp*jFQCudA z?uo+)0f#Dh9X;gn&OMftg)JNmqeZD_c*6oC(O8IB_yv!>IPSD}o84~f=z|RBMD2Za z+-V;-JH1b6zjeTaFrfBfNK=0)-CB{^c7z9{r>CXw{y*j2@t3BmUXUEJ`b9d}It$Y4ldB&Fiv-wLT-RlzsFmZTY9{UshKCvQWZVnKK+p3|yXoC4abC06z zp>+n;SknUKygh`3sZGp%Iz-**Uoyu-7>g9D^i=<)@f(FzEcZNoObe|Tv1~bqFh>Ti z{Y+o17Rv(oo+*(nKNjFYcDoQH(F1Rn!x=SBrg2Vp?S-zwl8QNnq&P?=&Zp%&4vyf- z-KH;Pj9-|mmlQ-0xG1Gek2)9#!`CMyMhwdF{XIs979^niorIV>DDS!aO^Q`4XiKxY z)YcLCzfFry%&8+MMl9k%n9?;|4)iTDS8)x9_(AXt1TbU-#mi<(oFbql;>#6)x^?-x zjHo9fkW6md;wa&f<2&3u&uGYPqD?U-|tgmKPl zV2Bel(u?NI8XFx+>7|pbeP}!3xN))=#r}+T{mC zDo3h!8(*FceNcZ9V&fLP>ED+-JlyHH?P0lp+tEJ9JaA&Pd}N4@4z&yBHbsviY7pTID_N-iIdlA!lm*!z$Wk7v038AEzLqkag=Enh7P)a(FWOB>26u-1>GOe6V zD|e=*c#Jbpjk|5mcIhyymBUvhv7vQpsdOyQkU&rUw>)Y!fiF67HQFzC@G6EYJ-LiG zd3J7*kz38wZDr?nEEpP_8=7_nnJql%Dmvi$9oYE=Cu)kH`w>piq-SAKyqrFuB|`G} zKf!y7k5C4wGofc!IgJ>$;HwEU>Idr*o_-c&!^=&QP*N zX4K-f-9Ut_?A8-$0vYcXnm|VTd&Qm|wts5cseV=&)aoY7ANIh1k3FC-kH23lz-a-j zp&R2k-E z{FWRVx~A7@9iqcVx7Y0a*!(1?KlMvt)0ZtQo1mSB z!!TASiSQQrj?D1{N|`T!sh`!S7jqEQ%}&TJEvEs!TjooSxP~ubzcCIR*qUfcAG)Cxhja8@77miTA zRqS{flchX7*Q|H7;jy3MSTywm`-j18nv@~k6G1^JRQ6ex=NY9g1V+pBu~)wC>)G<$mw|! zg#)UYN8@tJPl4KZ(drHza<|Fa` zRu&&9+b9U-k*P*>ZCSokXLsgEW*|uHNz6T~8PC@dCjFESlrgiONI*cNKN;q#p^x-H z7K)?b>IDdLdVX#ERB>8>qL}Efjw2V$MF;}>{U$SPs(}Bv*@hS>WVq02y*MT75|Oo4 zGA>ax_FdKMXwVU|*8=6)C0AlAq+DVJ=vK+I#4_u+GZ|gt-%)lYGLnZTRvO}5v5u9* zI&w0}Z@Q@}AvN7sfkkhZ3v}iS;|X;vtD!KJj!nT8^Ar&g3I~3kq{nG;5k_G=ESi-< z^jt!$1c_rp3v(6$^0$ZeUiK=y1}&_ zox4*bIBLmWGAq-|;w|RIy|NNH5Ur^uqRhUgNVi3P-u z16lAySwWZwfUxV2EO+8k7US}E;i`tANZYrHX;`@GQ+_d=ME@7e!-v}{OWP@@9GY#O z2p5wq7V9!jBokUT#$qGG?7%~wgs0gXX3K@9hxx(1tdNuAy+*Ie%Hm2h1pVCVeMCPt zKcU9a9s&%OaekX9-S_f>zIZGg(^qkvJ9Lr!yjZ*b=4*nH!it6|!3l+toiR#=-7t!7 zk#~smQ4*l?-TukZ?os2gdAfB*_wMxT!h*x%wUvY$9u-8*7#HdB#RcKcD}0h+Eu==g zfFgHhLhpbE!?=@42N3wqZ}ge`&H0UtMsmh)M_2@R9^QT zJk6%Hs|5knonZk*J)6O1E{L;*MR@GQHEPh>+=0tjLh3!B1Z+pa>WYWkhjXKW;C~ie zuwmwb-`&x|WJ%ErPx+jOORUw#G^iY_^6%VkhHRY9wvHgqQdC5|Gjn)uoQUXkUY zuN@9qmvk~y%(37OlZ_Szblj(M4P`fH-5Q{WR{(jL5Rv&X1r=wd(jdZqd@^Z^G7*JW zg3X3=A~UEsEMd1=Kt1HSo+;OLEi@Kh*fqbnmj%0f&}~gOo7B#U^c$1uK%<7}~)>IAh0S92n6nBl8&ZNzGgC zPcER&L#*7TK)a1yr$n*Wi{g&&VcqiZV*829vRy9h*l7Q7t5!J}US(MS6^1NLe|Im_ zwa^wtNKq7q(&E11`dnwR_}-fW3@5QIwFL-fW2` zR&`6ecI4lfZN4|#@Je2-crO`T;V$f(jp6cb((#6I0CPgVy_B4i8>I5Fx5mZXlL*y;keu^a`i&pKyR{0<+Wga=3n0 z`x^(ejtZi`)nvfvi=%S)E2xT`r%;vKV-=C<-6+haP@<~R(T^hJ=hPI(*<3m{WV6Sn z;o43z?YXs1j}L-}FW)_JeE*(jCgik4->< z$AhUTNA!fW)X`SCIPad1zCQc8gw+ZmE>AkEHFB+Jl#+^+xMNa3npq)9d|Cr+RcEyQR zzImdVl|4Mx)JllI@!Z-&vnSVRQ#`v?L%QyqOahu)O1bMnFN6s4(8auz;e778J=X_8 zJ}@Vifc>OhHCp!0&HURsqQm0rI*NJ14<%lrfhecUd}K7Om~lhb-TxX$3J?-t0~vwu zprDD^HlQ%RNZ@VJ4nrHcN+RP>Qls9YGgh_nas;*S92qbSLa%i9NCV}(e*{pScaWB2 zS!sA^d@GEmWtlfu>>#UJ41@LPJPa`osztNR*9r%Y{Tsw>!$)F7Yp~W4xk-%0*OiPf z?#q`hKo$X4Vow{Q$)hUp2XLurP-(on$P_JNS+|907Sk{qJqZsN*o!N2vt`9U5=$46 zz~JmcN-bjWq7U!O=X2oAq4i3PU)Y7o|L)!%APJ@ks!774O+t|*xJ_h363j+VA_)Z+ z_KK2V?XMn55{gJ*NJ1f{7D+GtdL>CH?81};cW)1u1Zl3jM4@037iYe&8bMsAZX}8;GZRm#;VO-Xcr5Zg{5o$S5CKA z0R2prl!07DTsik}lwpLFDEC#y@Y$vcvc~n<`)x)hO8+r`ruC8T;N-D^x-PLyOvO=e zIq+RqwM2ir$u!Qb{3SPoXd2)>eBn={ocW2h8>M00D}Pt8GS^YDHdDA4rqJw%MXcT8 z%)!SOM2T*MsE)SLTNI+d)HVKxq0Bt;>Q8^#+*G24)$0<-c_!^T1NX|I2v3*dpG76lXK-uEm3hvf?Y&P~RtRTM z#L-yYyz*W1mtLpQ-)$f5w?2SGF&*bpD$3-r%x+rD)NeGjhYrgr;nKV?>}4j}yOM!j z=CXAt$AfKpw-ZaQB~KTHz#Qvm6yG`<9Xedc-z~7!m8NeB&Je#ZP)$ELL7UE2rGq~^ zKQMh#ss*sUHJkU1d%w87JyQZY*TfkVp)xmJO`UP)q%@0kQzA?pV3h+BR2=wG9CNaq z!g8OzsEAv$FT(!xm<|Jd%X5wvMp!J0^jLjF4iI+>Icl!E)-_X>YZNUEZdep#vHDOQ zAnq2*0=JLcKC;iA=N_rz`m%;O%k^aGsh&EYr_=SBf1e|2kXp@f?!K=?&njMg5W+ID#zXP$J7}I=%cacfCP_-4!?FweyQYO)IwnPbO zh18XhG_Vm~DqFpge??XYP3scPDlV3U8EX9fm}^+Y1=6}`{O{y9P_ln$gm0cwBNX`Y zmgR9yc`r^pCY+KR*;=2BCw|I<&2qLW)E4*B0NUWIWqd(SCp?9Q7K+rwQb+=hs} zM7DUlq{t97hbZ1#&VK7@{X^3J!&KjYxSa6=80!2`jUidio!UVqX&*pN#$G~=C}(-M z$FskSjI3qMr};+M0>jGo1E@Pg1!_!MU-)5Ey7#t#Z4I8v_Cfk&Ocq^9)aZ! z#GP9NixiUE7P>YHMdC5Bc5g>CwAFGnNKgJ(Wct%RArmwZhlx<#^ zp-%6mL8&;&3AOBv%pW_D{|3A0w>DLO7nYH_y1n-^9JJ%3ByRlg1lBFn^oixGN6W*) zp}Atp)B}#kG!~>wzVIBNC{LY20_MlrMn#r|+jRI%tqW@<{i;~rs)?(d_{pq$V76a` zaez8K*v2+?rHNJ|FFJW64jO~PsOrZx)LEie!T(zYa-{S5hFG68QY zY1Le2#2PyE(@S>plhGr0!U4W<6t@yns5>iED6S5rZVi7`IfnVydVGo~+QLORT<$FL zztjSH4AT5(St9(OD}vIEsWXsTkp~e*JV)MNxei(Qo=M#(6z>iSJw_`E)B?XQ_&e>SA2`gu~|p|wN}+dsNS7i!ZsS_Zbt6; zmzeCuW!h*I#(BcI7}j{Qv-yKXmuAtGqCo$9Srk2@)rRyVwB_~!TaFr{RC9NFih2%k z?uSvfoa%;6J}Pu6%VUF;IMuz1J@T|JId#8(Lt7d+F8>X4GX6fT9Q}^*Z*A$QV)V!Q za8DCPpVB8=BmRs1W~(g>a}6Q309eM5qDYuU^uzWa9Dh%X=nsy6D958ma;mK^J-S(C zovBy`lww?IMwc+G{0!L`KAC-Gt)Gv~Bwv#e9)kgXDFw_G!4$rWj*D zqF}b1Mf_-{wWCCUR5KFL9c37U?kJS~m)T`FnP^IfY^WUo9k+3uvbtayGe)PvGE&ub zdi`GeaJSLxf9&;+yNXUaYP>&a?h$yj#`?+`=@x?4)4-Bm?2NBSagQi^SE1ts^Q2Wb z%xB0`TjlnXRjKvJP@5hS>Y4<&N@p|6Ua5Ur5TrzuxT-bn`WUYHi_?)pOSpzYr zS3E=^O%LU?W9}0tASB9#x7b0kg>9+Cm4zzd9!&rL+4~ZBsJHk3L8z%$-6YyDO_XZv zYcxgntXV?HjG50cjG1XR`_^8za8oI&n--~%RFX^yEvS%?tyD@A+E9}JYZlCmu~hfo z@BO|0eeUaZ8=ucP&w0*so^zh(yw5q$897d2@5sC2&x-lU)stDt|4~%*|ER}4BEsQ- zLs$&IILQzs2^ii@I9B9=|KOvNhKFv z@iz%;jH6XcAhvj1kYG8%hPE}2#>9stXUZ}rhP?X45*d>Ww+G0(MDdFNXh4_0JI}_G z3A>`dradf~jIsYH35R*-l6gz5Dc%TKzK2+G5QsrFeD%LUih)4 z^W%MOm^QyU8UDKHxVN$mFKBU@2|oB(;AxW|_Z`{GVq;7hS)Uch1YMSoIbj@iWgm)r zlN3)41a+P&EaK zgzFudKqa97Q=TsZ3?v-N)O;wTWFs(6tk;zfy51=?qSC9iVIg(rvy@zL9KO`~kTjz(xCfF1I0aE<38_z?B zFPk*kQCId35g*gJ{{iBo?x*D=E?{2p8zm zn`6m1u%P@fXFpvcz!i04ssXcq`5^J$0IR_T6XV=5j_1_{fqK9dEx{fj;;<;BfHmBoZGW!z)!?+^ z-zxuqNcJQBVm*?Ev?a2Zh5l=Of~Uk0KHSvolD#xCx{+29wPY0({I1Cu#$b$T$2^5H@j_iF5WC+v%3V}lSwqWvHSvP8g5pYEv_YHN!_2=s&f_&Ve zXQ+FO7R;zy_$Jp<)lNl(l$KSjvo z>kt|`b{)7hk3VXe;E-TrY2Pm^4cE|WOQZ;%*FyeThk+vjPOaHW8OA*qVWaunopET6 z!u&LWi?QBtqoJp*9diopFi9UH3=AF$9nK*$1h(>7QvgpPjWVS?CXdI6QjjEXfWrAA z*nA2y)#I7z@l5nM_Hh(b#z+d%7)yeK1u?~%gqUJUWQqy1!mOUg{4q4U;NzE-oE-{R zaC+|HWmq=^D0cvo#6}9(O^GE#0DmI$2Oi>&B(m;(WRdk4nyO(qlZ|1}#FM)RSlF1_ za!*9ZzixHBi(1)?4W$@ijA=1P>H9D6L&cK;3WSRw7gzw{QQ#pzhF1gR6#*I&w-HIg zvNm!;`4d2STVOeOGNq1aaTxD_#nqI|KFZzk1jum26CGL%;K{%(1_90|U&Z)S@K=oE z#t%2H0MCwhFtHOneDTa%#~DIcK?HdH7J*L17+A~56&8l}juxhdMvk`juAWW~CiY-n zgU2Uw{?sFv9tfN-^AZ?y8Y93h9c5{_1R-FXI)uAv$F0H&UbR`lTLJEg&A-RIgQKCn zqoZt{DuY( z1dQ{QfI|yf2*d*crUG93BZ=I9qDSaXv|`9_BFA236r3JDV%Ww7jk#EYLZG~Vjo|#; zj8B9UbEW-T(SFXjXlh|)G6^u8iwk7}4$b-(&D*R{mIW{#^^yl37oaPG1n|SWaIH9S zUI|)%;QBO<+@bP{OcQK@F=3fqc6Z_9n%QA~OghWih};-s@>t%2KweC_0Mto}|~?YqXZ;d&PN_Da4CwX%mbwGP6MF`6nfNBBa}%`pBR8fK*uSZhfvsf z<#PnaGb;|^CCJJD16si~JDH?b*zoYjY;Nun|0b=NtP1`>L6hZQAW1$kd;H)y?vErg z2Q$|Hd4_DJ|0igu9(I=ekwn3Fu`%b)tm!-pW%frBN8!=D&2Eh(jzSm4om6qTb^Nf- z2nqgyg{J;hgUMQOEgCqfHWv2Q}7K&!8!^r9hcikbO5N{Gdgg`fA(R!m|OOgO@AkcwA z!s5MImx3?}jk>3R1Q2mZ6yOL1QsB@fOSwnu;SZj}P3Y-EAoxL8HP z2xJN#=?_2%BxYtZK!H$Mo2ZzH9Lx>vO^iKlY>iDkEsP-mo`xk6@T~4n<3MG~5Jw+? z1hB^&2p#~?>@ze(92SM8;DR7zB7nkTf*@E5gqcto$_3c5d_iWt1P|T4g>>Z`-L1MyF13x$Nj&8sS z24McxOs*kV*=LC5pFPnmkQis-Z^F~dB*33QV|i3#o=x^bqWq{t*4$(CVT+N4wDClV z8FKo^kr9drQ6geSQZs)I7tJ10*p8ej5{qLGjwk{#Xn17_GYs|fX4Z?`Mcd8?iKu0~w9bzAmPH2yJV zWL3+aH6fVv$U@@FIQGael9KBu&k>ms3-o)S_`fz#j5O(x7W^YUXpCY6X(3zD*?Cz# zL!jd~Oq;b?p1m)KEv&JvE;mc;Y#gCY)Tsn!99azJK7c&TCW|DNfakzoRs?T$QA8w_ z444E0C@Nb_qtmf@V)jF0Lc;v5}c1G38y@E%i9f4Jy=>lMzI3Z^3dTJlyUQO((vTt z!nMcE%ax8N|4{!OH}i1sXQiSN(MSp~qCI107nG9I&Nu*xcOu&2(41wE30i!t=Vbx`ws}NKI2q zTTN3#LsLr?q^ho=rK1UgsQzGGe(IqzhfI*_FPFt%x&I^2aI@-xS=$TIR1`&zdj}nu zy}O0o$@Cy9G$cudK%}VnVn_sUZao2y8gcd5!wQnf{;>pNL!bZZ5ezyFNt@!>=8QLV-OadaDTf8}Z!GL=XqkSIK# zIq$#%%sNkF{D7>67m0aW6~cQ3>4-XTUibqPB(EBg|JOtAf9m;h`|rRyVxvs~ zN<~c-vV1vs3B(zRWo_Yr7_VamW@655Az(5N0EiF`RWKD#!Qvop5GVpgCE*}SWQY<0 zG7=bBDF6ah2=Sp%h@L3+CHKtVdMYYv>N?7*%Bsq0db+B*>MHD@E-FYOR)waf!d{F~ z@d1!HiVuPf{iv&|LLnadVAi%8)9y;rYq2h2s%F4=EJj4Qzr9g}bcnT8B3O2*e>p&r} zLppHZ9WpAlva&K1EFVHfk+4JxnY~=c6ST+&LZ%Ri9GWJ9YzYgX!CFupp#p~r_D5Ba zL?TnSq2Li6gUhRfnW_%q9$DSJn!Z)uZpI#5Y-`CS}gGNWS$j!d1 z91RD}z8mL|<*rwFUZF@OI}7=-F?3Dk{c;9C4@JmkORM^q4ZgGu6D$1lfkH&u;AI&X zk=0_~=hdB<84rqo_WddE4R{<$9KYZF6OnLaAN7PTZwv<7qbh3!J2P7!>-=_7h4kG%h* zvdb3cAbp1I9gD3!kWwFV@81@UNc49UhV1mlaDJ^16StNpAEay^E4v1G-_GY;ifMe^wKsz+vstHRKHiVhi)vt zNEDVZW7DS1$?54TWs37?+Ia(KF}G!%lgPe)d3b8?bo(la$`i#UB!wQjG5Yy(#2&Pj zcZPS=!uu6{8m*F-3fC=JAbKI-8#JJZbjI%5+MY;bv==kg?Y}-$6>d8BGM4TZX`<+2 zEw+T77dLpPNkwMGpBu|$_wBZtAqq>dz`x&LawuPF<-8uln4}CDwK1Nm< z91n0{2<^FZVFO*_PLwacK6`1c=5aP$J*B#yfZhYJ6sliB$TGy47BQ6hpU@K&q zZkXEOY_+Mv#;W|gSX-XY3A?Cw^pl-$p446bUV2l5P=!l2-)2vjz#1&`+c%DDQuGu2)_ZUpC-3QyMJw^>V4~zTMw!E4~UTRP9Utvq356vWQy$ zzQ@gfG%EER6t>8yD2-wCEf6iGh5CzYx8X|aI#n@&9WK6z%^}7O7}dE4P5oQ4G7R3v zWnGr>bO;CqJ|}dT?vhKdJfP$M>bslglT013$%5U&$>!T$Gdz&J*3} zpx+$`&Xx+C5qLZGG3MNss?%p5cYM8fm0(_7oA9Q3i|x(x+S>r#xcB82uwrn`d$6|l z##D6xTyRLCVE&C|nErzr;<;bwp@=RS&wdd3PNj0M6QZtZ?EyQFoWCBfl?^d~+MkG2 zr~*lSR!%+ipuHuhEunRBPFe2sv^5X=Hn-XY6p1jxH6m(qmYv033tpXZq2Pj_N#14= zy_Zj-$>+~I&}=0Rqw3s`gvrcQZBuQX+KNEvCG~&oo^>^%&|XGA0(fvtcK%+?$h+U7 zpo!B`2jKm}a$?QJFP?@UU-vGdIf)+I8LriL9ucp9E)yr$6!$T z;M|82A*)rYbi1c?N9sRG`2r3I-ui<>sdMWGb}WK6@P@y;S$R zA8)O8zwj0;XrB|ZROEN%D zM2bl5AKv>0_dkZ8w76miPu>)ztt_n(f6Pd~W}HOo{! zlgWuomGhCKFA{CLbhGnkV=mM_`*yoY#Y(Ag%T>GDLsV+j4KLTqMqBN6nRx`Ep1ts; zh(+IS)eJNqUuU7=3KddB?6Jy@BlR{TjyC1I@?HPpS&Yz1hu$o&8MCOL{db2&q&S)7 zdrLh;mbM5-@0Po67S$El(LPhE|5CRHdh2q;9;;)OqzAI|+J(E8bgI~ica{x=#!MHx z_Vv=4e4#~sNwmX7-r+WtA0m)>xyz(M7PlA23b)*@wgpSBf9usEmjGi9)sWNycy3fY zNbWD13lX-2zQ5J8EvJdNLUXYczv*>iK-%t?Md!PVhc;Ng!%f(snc(j}oi zDv8rfFP3N9ZqQFs-brn3xsZ56V@LDxzba=OvAW$1xKbIS%jQA(|!M`?>CQowS?t#?Ye_LX|^4zVi=NY z3tZ@`cri(Ho5IDUa|%Iuhr)J$-IZzG>PhR3*m%`ptJ#wxcSguGg@``%K-HnSBzK z%cAnA%4_8qZ5CBDG@~D)UayGQbKP9#<@3#$(1Tx9R);Ur-Bt5o;p>hkhqqe$WIrs} zQ!_ZdH(vPjnj>GX-tH??cv)$xo4yHMWk;6?n%!WzW1~htxfM)R9>{K!TX^C_YLu5n zbp7EvgMgN)8^6f*l|_obb$sfZ{n zq5V;FOLfYFdhs(|o}IROq1QLPG}B4Tzqp`Z*1XO2vB!e4mC|NYT`iNY7e-iQ)Gg?j z-L0v|%!hmkV7jI>bU2b^y5H1fu63_(a^BNaq2xbM)b(qDu-lTfm=cGF}`k)^TWGE50}EsaLN`QW?UztCn)^D>z`V zi0!IRYn}t|>*Euwd9{v2<81HzJ)CTpUXZhdZBDOQE7uEZpE>tl!0k@ArA0Tr z-r&pDiZ*VJ4;IU+aK+a@zwuY)3dtZTQCNcaYsJqDZ%l+xO`FR;Dt+0C{S+t04F!Gs z-2J*oMLM=%Ug9+RS4tdSSU^ZHJrSvJu{ft_jq>96PlPNx?C`gn9#~d?YR?Q_|Jg-j ziM3ZCmT>LlwJ%<+gLX$vy0XfVgta|;=V(SNe3$`tf$EpzpMJC}ZU$Rr80D{QWL!V) zWkHy6Z+k&bd&;AlftINI9d`JX`Glv1{#hqby-HQ)lG(sg#`m4qk*94P#N}oAb!980 z&u=+-RG52?3^p+kvfS>PyU7-`S#*2z{;xW%o^pDH5tfX! zlR-07-nKY??r@H55myEf1e#^s?xtMxC3f`0Q?zdno_^d}I89fRm=W6<+ScKwQ;UMf z+{ta47CL{bOlPlXbKWJ#sRL&`(w{9ySU4Pp=e~2%*etp|yyTm68tF}4i$_;ZNb)NU zcg54#ds&V7^2ChmH|Jv$7s(ZPC)7!1r(>1!&(;ZFUbI!EyzoiWgM}TP9&!cV*v&>I z&7b#$Prtg7n6V8UQc<#X>IOw?OCigYBv)yoW9y2-s~&k5-})-y4(wEOX9S%6?ssf0F(auW(ZQ>C zr9`xFvSzCD=F6ABfil@4boI=eDhm`pt(jlonc%&Up?v;hO_Aui=`NTR-IwD?IkMg% zdo>q{!mxVPr(fC%+ko9M5Na^0cg2SzDv@SgB^1Mp{e}elbdp6xtKX0LTD=8Chwf{ zt}w}_NoJ=9xm-N`IIeUWaJbl3ydc=9Qf#-?nJrh&$3+}CR#5Qtc{*?}Dko%a#xhYD zR<_cDE+n+leU`gSfptRamVpm*J1f_>o{9uEKYP}jItQx=cBzt-+PtA$p>)21+cAl` z-Bk$ZuCSbtx%Jq&X`t}+?-XMHXqb^qOD;HFf_F;aESa6Y+$AobzI=OsT9I^brdRLs z5B4*Zx-z%U5(yB4Ihd!yy?R&Jt1#()Smidge7ei?ofO=s%XMLUuRFHwf8QcfEM&>p z^(7~#Uot~l6ov)wOa(LMzW#7H(sO3&n$=PTwh0G(ogUC>-9oqg>mMe&*fSVil_i}{ z>9Ug9@*njqOM>QQO?7!Ll$9=$(=S=?gw>J}?wm&XvM4)SZ)5800^5XOJ9;7`_XV+a zpMi70k^2@n6hqsD_Si1q%Z4LP1`2k2zSJf@L9N4r!7hnG_(d}r(yu?bHNKI7^}Kn1 z4885kOZqDV=N65eR`K)Eno~q!cQ3`==sfglk>%B{&u->db!bPSb4s4+(B*_Z!dDO* zpWm0de7n;@UQ-ly_wwzYTe`~bLULA_DBIh32lQWon-1?+XiReve|5^r^N#}Cgol#Z z@@=8Y#K2?G1Y&#gv(BjZbsl@I{ygs0qFV{chTH8C#k{Utba%BV?Cv=S6}J>S{j?=D z&ng3i18#RZp#O4xmlJTt+N>S5NV33;MJ@M~l|NRCF@-L?|0=oq)%r7eE1-`8Q!a>I z0J}Wzj9^X{AHK76&B@%^`(HoVY5g|3G-C9m^ zgJBF=lXY7@_DA&#dxT#oZmfgv-JTw)P!B8;y(D_|qW-t$b4~?UEHUS=ILU6?5B?!_gMwV)?5B6!+IgSQUG&ok4=vD;dv#ca<&m?4xJh>q%(LYC?o z1NY*zvj?W-(!&1!i`R-@y(qM6E0gWz2#cjbHvri`I+RX+-uWhQ z(cRSnonq_Y;I)X*^3%6FH^@th!tSQaTWl69pSi_BA4e&#%{;l| zOHPR7G!r39^}F3c^cdAAuWVM=T$4;FRSVHsDBiiWJlsVIb2);UYXdzo=3>wkJ!n}| zSH{NDGOqwdi8TGZ$hlrdO;Q2OhLOyc&wK@1TpOU<7q;@i`7@<>JNZjd7uE#yhD?>r zjyzDp;poVmq7cWex!%X_XX)hT<%CFPNSDb$tmyX+=hw2U^~&n7et^`oxMzWlsTIrw z3%#|re@(lxYME#FUhReZt?cQE2g?xShD+NSUxlIL7UU(w+N? z&>SYEg9_DAu2ITGQgsUo%o47tt#HYX)Y_45y=#r-Qs#GEt7UZyx3AXPc;0sw3@h8& zrfVy9?W?2)ExPG1^QmB$#8nuplTsIjyTNa@*Ib3u;-Q}tgY)(VosrgWfKB^Yw$B^~ zc1eU+N+LGxwmh8kzEWqCo_#M+-5StvZ0`BgjkBF8h z_+v^7(x(NjKiCy!RJ2R}#HUy#S9Fdz1PZON7P3??Q>ud{GKr~cIU;$twdO8zd5i29WNgAbeeBS&+FJ_SkqOvuD?5QP1JR@ zibSe#GCJ;1tmrk0Z0;Wm5AM~}?%fEHYrQu&Gj$&%aTTiyJq)bqQHg?8316qvHX|PA z1!bZC6i!Aznuq+p0xvS1vip+xl3dp)Wp|}>u9(hBH77tylh_Dc=SIky=m}kUFKnfy>g@|4IHt&xP2sYu2WVSrHF--rD7g=80 znv(yFc0lzi+N-3wG%F$Kq?SbmW(j{tX3K}foHsZ#>m6L;p&ksoU{8Y1!8xx#EICMs z;k4PRojYc@gdk5*U8;;%&nllzd7rR1cMWY9tN2%eo0^2Tf6WY(GZL~)F-zIBQg!Xa zmsietzCG;Kt0=KmI2m2J^U!?ZO&N26QTA>77v*ZhY;z(&M)*;I2HgFS&W< zks1*m$L@E%k!2i+H80Lt)ISF!-MgYYkn!D^*=x^jvVJ$Wdrz`X=*_?G>nYK;L67J4 z1}yAbynUKW+tsxa1!f6$lG*Zy8|9YOtP5z{_pK(>jUi>S&XPVu|4)Qa^e!epdxewH ziKzHFc#-1baw{QAbpo0aGE-Obj_B2IfxfHfafl=>ikLF>6D?6@<|(723LhIboho14 zxN!T^vyQTHO()D1nM(P%$Z0fYx2m6ttB%y^SyV8Xb5|JvsvOqPb{~mCo)KQaZ?fZRX25M=u2lcrYYnm|9Pz)Brbj}H04y| z8aqY5qz$Zr8I~n_F2Ufy(WkY^i=>#~R$IG@S&X+lvb{!c#^$NULB(6!CW0I@wZJ%syk?Q!0f$5%8&mpr71 zu_|$~x!N+TH$HA-SA5fHb04rvBGzcfhp#fzn~YY?wauGpseXHwc-&0Nd$rcfezq!a zce5-vR+uK<9e6CdYmY+eyMdBWhO)`h?e+7w>qm4i?_P+yqG&&h>3npCOHXlgJUowv z*<^jXtkVJQoOj?_&lJ7LS_6f&bA5eEOfN}X6n6Le@m=d@fr@6iJU=6EVH4AI`p$** ziH%r;GjqW90Y%Hr?l;th?XB4+oQ!U%@1#@dI}PSy4l87>?W`*K8kA`9wr^$peIXC} zHv@&z@^cRs$2Mh}!(U5p)!cEZBQtWDh{qc5?7&y$%f(AN9bTMFX}Z??3}Gpp90)BT z%veeK#i4@n@7H@rc``j|xQK(94s_E4V6CpWmZ)=9KNr#D$Wy-Bf zSPRiMFhbLDn#S8s#oqEgO__HpI}`)Dz}IK`Oml=%PZP2qo^IQcj%CuE2m2J%F+;?5 z3M_X@+l#uwy$sm4IcEyt^X_@d%>|-WB!) zuuGMr=@tKimei<71&M5p*cVrsZ0u_a$lYO}^9++^-x zo4R^YcKMBIJs09uO8ZG!E~veg8GNeXqgX3F5~#g)x@dP(ruhu8OBH2BrIx{+j}Ijf z`FS=T^9r03+7lma**c#v)wTE;#x{R3XAV;B>h!v4$~W-T{ACZK5Z=_}&!)#U(-clV zkCA`YM87YbJYS=4_8$M(rYsiOBaK;8I>GKQ^Wv1^n$F(IRhVXZ#vitzs;gR4=HVmV zs&kUr=@#{E^aqi?bZGy<_cwMp)4FCCxFwucdZW^bm6w}xE8O#%Cjz)dTeY+!Z2LisDS%&Zpli)IBgo zS)(atmP?$GSMSQI4V`Pixw%n?qAWiLi^{|! z(QHxoAWU5DjAQ;%S`o|Zad2~GH0>m-b=$SttK{DPem2*=QHA!PDm3}i+#apmcww^e zflY0dUowM(&AfVH5{HG8H4EQ$78|Vn<16)pFsAE`qO_Y=FRbE3ZcS6NB}oosGu{2( z7Ug2=h0%MDMJn8)mfUz$Gw_r?C(82W&E{y=07lx$J@f9XRf?^XYx;DxI6yqQ@G0sF ztZJ%cwlSy}|JP-ejjvtL1??O#@{V}lS_il6q4osG?X2Gw8AMeKnAT^V6C#C`1iL`# zh~okB*45LAomoctC4nD~mlT%N=kzBtI$p0V7wcbmt1C#9c%ax;Y66G(~yww`LbxeGr4(oFduNfAje9UX?_Pb06>hm7gc6)-Op! zq~1G4FL~TicQU768cPAYKp&uv*)<;t{z`4F)k}uoi&0smN+>eP=|50<=?ozwC^`?- z6V!S~FZqUOyI*nBwuT&!7ov)YJ=g!pY@GIe6~aR%TGm_Mlb}L9N+W(jSD^38QO~=i zy+{h(btp_!_j26HCwigpn<+2i>Us^(>UMOAAR!|Uk+f6p&nmBE$V|6aDOFfY^s*G?u_?4e^+iHuPjWu#RtB7PD*E=UbMd<%g%8lzMs6=mI$o=E66D*3 zPCv>2L}(n4Td{e0)`|<}s21@(CvuApMkE1!B*2 z^KBj{#kUMXiMFYha^4tEg2e}K$|q^6E@h6d%I6pFUr-T)rm4kqyFr!Sb1xXvn95Um z<}0MrQ&_tu|HCuHAW}Y}c0=bOseWzq0T{zgucW*s_Wj(}Y`p_5yFad4XzN^hV-_?i zRyg^N&AivkPcC`W)1@CSWS2qyG7zca6`Fmb$eYFpS^P|?L#5pJ?#sd2@-;^9T8h$2 zWt7d|%Yk7kkNplyB$Pi~082Q4u<(2jDkrok>$8nr^aEkO#f!{c`^ef zUv`E`GH@MNjQZtPeb3ZAYJvFti1_{exc&16Bt<3tN)YwdcC#yO+;5=ZC)S zFK1NKXWtIGm0jDkR`hYSv$9;xxifc^?dTHqqJ9zCrS0GAw?6&&MP5yJuFoFTn5GKc z@k8&fw5EzTf28l|J-;W+6WtDb^LEvW19hiW`$5^x=|~*4H)~_{J)K?AD@{=?a}w^_ z_+=X}H89K9eG2=stW_lgek1xgxbb;L#2V{r&sn{HUMabu^5L7_*8=a9r*G!9gUsf% zCqU@)`gF?51{$62uV3iZBAo!Uqe~ou$eirVPpuR?Q=p17qOSCYxrteK;~>)QIy&5N99J}T7qIcj;fyDL7VH79lqUJv`lPc%J zO;bAC>kd~i3h6g*4>G8&E6mrfe&}=!-UFAo`&ZrC7tlkGT|3u^<*I<1ZqIVHdwPU& zvcR)7!$Yg4sX)6Y^5TUP?u}*HvgOSpu%(?1*S$N)eFZl!G`EzO>BoOaAk~vb4Ag z^F;Ipubv{h)SQUa#~LT;S&IkG$WGt8{dA;)y?E+C)2_&{1%V>59}iCTEu!c=Yku2p zwC(NLxe=s5R|`YGWt2ZdUJ0L0c|Y^m^g4LY!88TY@SXjuM0VU*ds{ZfT*Hnok&#sS zJx!FpR=Df0oOQL;+QQp9!w;cew!}JhdIkg+ZLKBiewUt}bV%cr%)Wzj>6=AiqL@buAHE6}x;-w3{H=X-5Qpx)Pl)A<@@t(qDkbGp|fWY3?&ZQv@Jj7c*%w4p9QE8mQ)ukD zM{DJc)&1TB9?3_O*UI$i5;rm4Gq%5@6K)b{45?zm*^Sluy9$;KZdsl6&1p-+CG6eV zd%jFVEE8TPZ1(VKJm_de)Z54hh&N6mmU-kNa~RkKI-9!L)ygLarP{CCyg!&1Xnb9Of49*)B0j3!qVQx&Lz+cgo0@)!Z zVy*aHEv=2X&fa}>!QD#xeW{iJn)0GS!};;MGieT4D>nJva?C~VoUdWu3oqBb9fOLT zL!T***>Lz|3QnjOYnx9F-+%9bv(%-79_h0c5qmUummHv4-?gqd3Y4}8nU%;sm|~s* zzt{j?J+<*|=PaRFhw9r}ZS!*v(b#g>zZ8dF*pP@-`sUe~R{okjATz-}~?M7cq@g>)uj! zwno^^D{$r&sTggD{tHVkjxx$ zdFY_EkY&1%k}|d8f$R4$%s0Y7WxR1ck1li8hzLI~^!z|@#nHz6DD4cvp{!z21W^s>BpiW&q{r;l|#N<`o^SUG8=Qr<5 zziYHI_-n`I!X3LA3&M1xt<Xnr4zP;Hj3Nwyw%{?Z3j?yRF{qg37W-3!kDoj^Gp7x>SblsnD zjFNfGlWhYkzT#$nVYM%kgad@yw+-TsWp>@D6Ol;pI1#CkDD*DO@}o=VvD=9O$m`Q| z|F}~kd*J#paGpn}icRYDIhI}XUsnlLKwXbTDkLtB4zEq~JM@?a+fyi_E26voZp0!h zDW|Blk)8>9Eg}WfGsjZvOfDJ=S;}wI`x^40by-wlY3pZ2A1&}{+8;d+whWpmynN-< z6xIN9l;0+qZLE&7$oEcpCcf}`ZF%#0|JaQyzt(46+0eQGPR=AtCO&EV&mh zaRPKXrlDtM@JFK8Dxyv{`09%D8~dxlhtoEFd9^T9I%_2~X}55)c~Zygw`ur2GNL#B z$gPfYh;)5Tes+?G(5TFt>Acm`Bcq{f={WNG~UOkq*x$&NP+sryHTYr!;$ zyzIPLU^ly`SA4a)j}?PoeY*DL^Q+59gR=VFcQh0cd+v}sU~}8^70OUYe26phO5TfC zxtD#25$+W!B3}i6!&v68I{)J6yiMUdYMu7nIhr1+09EmM-`jHq-Ml#DVEuQxA$=OA z0E0k$zh}MgaX;<6`tvZxBG0Dxd9r=yi(|#EfO_>->()Ik(Cz_oHYcZEPOs5YIPk*z z6!zLKSJITy_hQTJo<5{3Rh2m?cIme4+mG|aFAKS4oIiO@`Wt4~;V6A#+WIE#S<)e9 zUb7sHm&%F4X4fl3uZJh=NWdy$Pd|25dNE78jTp0yE(Ib-HU)&fGgXRw{Bd^MyzFUp z*=>IC?(||2-3Ve;L222y&AE-GwY8V@(l%B*mCOzPv>IyWEKB$+3>1b^^ z{QRM>>GX#k554w@JlF=8xd2*Jrq-Cc_mK0JQniI-??s_AdK1oSsOzQR3Z6aIGjKKj z{TLgkC%7_%c7rHAy)fZZC9=DATLr%{a3-wkff#?t5r61ab!T|RDRS1fj|lr6Bh~^NdffO z5qd!Cs%op0)YO#JRUK7V>1k-`scWrNRn=2f-Sj&DI8O$D0vd}68l6E+jh$fw75WYY z0)Z?{Y>Y3gLu~zDpJn;|{P;78^Iv3aFc!~qv{Feu5Qijr14^tb5S7>=a>tGbGhzG} zEmgkrU)tIl8o$qf{Tt7cf8YTxfw(yv+S^#zn0Y`PeE{B@-68$}p7}4pxnBWGW`}7- zk^l$==?CB;SUeev2KYkm`v7KsHRe9JizEl(QOYO+39us&a1PjD0Ise&UQ!}~fU`yhZlD5GfR$X0 zrL+Qb_)sWBWfTqz;3>-f$UtQZfr7*-bMCjt67XcWn%3lUa^+Db0wiVD$@?*Lv*UV< zk$=qk4aNIV258J|1XdhF0!f+TLjsU!GF*#Syw(5(NhTsuY$<4|srwI8^+o$Bl%}ZA{zc;rCKGX3iUUBRVNn3tkuV&ef~*H& z-8;)?#+N`$@DzYVBw@(_E4~-|njah%1>ng5ndP>SI8jeoH6(MQ|8w|d4b2d5*4&E( zq4*&25H)2MUG|re_+G#kDiQ}Fkhm@qV%b^MWA)bOY z#9**^EG39N)>49qfF1m(v%F5Qr)6m|; z#?aH+(1k;d6=qEj0#(z7awUi8LDrjka$gB!ZfIg-xX#MNm@nVRRT)DCIapfQc{&?f zIC`4e+IyO~IGWho7+QH6uM?OP%nm!GH(9x<@ryxiT(N17k{VNJ7!rZi7k|D~Emc+P z@ygW_#3qlu{+G&S)tBW1PPR~WRaJj}<|in13^u_8FET))A-%9TPG|X-%lE}_oUO^0 zt@byRt**r?8}E(92kMO)g*2G18vBA9I}#xc@!p(K_h*L>sJ0mvIv$&&bLcX2 zfQbY$#hV0>x8PWjPlx|931nL}QQ}XzeP<1U;)~G}zVf~RL&S;3_85_ArTst;x zhYeQDag=MAMMBV6rWA&*nqylB{&AT@Pv8(dBq&zMZ7Nfo4$PSfl{xRV@WvB{Uk?Wm z9?8cXxo}7?0OtVUc>MCA#~(>S`IrO_O()3w-S!TwMB0*DFmKMnr)&zh>L+Q04pzw!K{&12(# zlSco33HXB$NDzMljdgJ^J0?6I?D%U{`Tq?U)c8-~g6gAyqw#UU(ervW^}iDr)crpJ z3ktxDG$+7qM$7GIkU;?jYfMnE#@_-B3Mg3pr)vB|*q{J>Ol#aiwFI!K_4C-^-&p<+ zV}n{h3Js23_88cp`rm^MjzT1%EI4#LbZ|5{sP?PipqlD$aF9db|1>zLt;vTC4y_ak z#s;~P4-a_i(EtA2y)0{%QOz;Gep-x|*iu1mK^#mi7;Ue;Shk|Fr+Z;Gfpd zVShT4g#NUC82Qus4g5{&`4#&=SpaZC{7;R4{ZCU(`#1jguROnK^Vs+wTOGy#0DY-s z3Pha?#lx_#*7Qf>aI8eikc|L|f<+;5916@NtdATpZs-y%ln)Z`4WNGmeLn{DssE>d zzEQJu&GB)*QTzY2{!W-r{r?2aCjkCYA0Pi2b8Fa-0)2vZhD}iPC@7bM{`@G^C#cpF zKz*Z8XJC{y$A^{`eo7s%kpF?f<{={G!ccP(~d!Bhp|JR29d%B9j zgD0gJ%Uhwbf=bLxhJ*bHRm{$t6F#vV>x7P{o z{g6=#?(bD<1+DrolBj{-T8vw{tSJ94WdK;G|2x>(&FTMMAGGrSW0d=4t(3 zg#q9k2Y9ZWgBuwFw)(xlmEqt1l7@e4P44kL4F8r^ysXXcub}5gGW%P8%xkdvTc73I zO3JafByx0#eL@K?(X(>cY8Y>4~2rE1}+vG(g;mL)F**DDhR_;;s!I$L)PEcMAaK(v7>R% zCG&0l?+ySraR{GB+S;Pm09}*WCgz0A&0xt_hVF0H{ z$dOtZ*a2YU{l(GSv(ctDG6(>ghcn196MP$q6M|uNzRPQY5Suv+JV-s}xMUvs7zQrt zb!J42)eLKj`79dS!!g^3Q-rqXka0xgpOP)r!LAsb0b@@KWDIe(%{X*FrFJ2nPpv;4 zS;5)c+xfh=f6xnqY3CDK+!E@^C9%3n{^&UI9CaL^e$(f=n8J<&Tt5;Rcjges_o$8o z&>Ui4tg!j`zb%YAKoh`Qy`V{bLF$K&`eq>>vwWv&zV&|{ zkGP)@by5R2&2DdRd&v(yLZ{oEgy?p9`@P*C{_dP#m3#1ipSYhI^-;tBclPuA|J9qF zmj6FSc|g{E(A(>Hc#0VB12%(uuU_{(7wzmH{P@EU`@1`D(EenyyR$zznC!ms_Tl6J zdb+I}1`#YCA zKlXR``+Gn1_FwPp@9q7t`{Vz82C!iPO}xi;Ualmj+kmcRj5e%5*;5#RNkEvedx3j*}nR6fu@*osw6l0Wf=MX2)Pt- zF`$lulGY0J!I!U{7XYL|^uc^#{(Ua)o^cHeWM6(2x7wuguV|rujaxBJD4ZhsqA0+Q ztiL;Av|3)W)d^~VnyHF96ipINEJPnA=14AFBv@{9IAz;n%o3E++?b*1wwPo%eSv%m z0Eg39;&(hW#xQVpcO3d=w*$b77hn`37f%)dCet${K6V%C=OZ+Mk^2u8i-Nt1G_8L)B8|eC;SCqW{3fRl)?odlN>Gd^lYfV zz&v6cjO7(1k}zEPRG@7ikUVeYGjuOAE>=7+4%sKR9q%3|B%TwC;oD*)YH&_S@eSn2 zF{{08M*BjJH>OW03lf1_`LN;RPe}a25K>BefP)F4b7h-B0^pOW znrLvs0gq_Fz}vy-7qK9r>sw{%MRw`k6ij%*OpG zaOQIgq=0%7U~b)_Y)&SAz9D`zM?*yCSS#qn^*5L*W=U=X^=u^m2nCB^TsHx85(PXY zIFQSB5d{PGfg#$Tuy>S1q3AvjyaV*}zGr4zvpS<>E8-i)oWoqg*bMo;dQKATBYyCy z;TLP?80+L2nk>_NL*Zw7T7hS*&NUvMZ^R?c@s2v~p*DVs%EcffiunQ@l7OSnn$4aQ zj{0(N?u^_9hORxxA(#-~6Q?}`9tkwNQ7|-!9yJuMfQfTIAY4KiBcI&nw^FYL#BVbc zfcTr}Tho?YP$Q&(E{r(o3OOe=M#*J_1i}e$XSYNyn*wZ)h!Y^%dt%GaaezD_3DN&P z6?=3GL`<+8!C+wEu|BxQ9&n=TzWnbya0lFo1IO!vE^sD$*9yEsNZ^Y!rv5@eokYIW zn!OKEFq+{B2e&iq&cF;Zz+6|U!MugowXVbhdkk!diQF;qx1sNoTjXu(qw1d|0&}#WttVD~)4dfQx`G`FDS}KCDN+Qz z1wfxMlcpyc0?<%H`vN z0Wz6v0gC2?qbnGO{v!VCmSV1$mrq>i7fAmFN@_XDKlWa4(-zlzYR{E)8miFr-J7t$Q?@D`rsv*O!Ot{XG-Quo`_A5uI+JN0}oB)u_SGlw$u@r zs?TSHX`O&P^Jee{rKZGwPf(Qo{_?o5-95#rGDhG(QnT9u0{$q0kxcuJ0&$VR1c!>F z0x`Sho1o*K;N<4elfw`@BsPz-&;pV$adIEDKuOjM=8G%qo8BPt9bK~bm~y~IBwbg9 z_;8&ppWr(Jt!s0b#=l)}=62RHuNvE9pN!4J(#7%M=K;@TDvj{e(b=Y^#U(W7HSvmLTy7NEd}lpUfFQTeBk9I=n4hzTh@(gPOb zec-WblRSsdkV6UKj#-P;U?tzltw-{}lpSKc_rEE|sZ}XkjhOb7#AqE9LJ${~%_k+A z_mf{Fs55yMSOC?}05SlTa|R9=N6-^HUUVjVNv!k0jW*Bgyb$Yd@cbG31=6hHwT$bNf*gsF4#$ zu{5-gkg~%wtyR&NW1~63+#3T(r|f|y-Cp<;+1r3lSsE7z+=y{9m*=uPAH)eFPCbh_ zIE4X&(p(JqWcq06{sw(PDp^`hc|_TR(Q-n@WhzlKsV(kdm&eylI7j}WRQHSPjsW(h z%Vv-o{}$HOLG|8tze>W?Hzj<7gm|+ckqqPzMqK=xT0`gwEI<^|i3GuP#WhP`5ih3b$>W)5Tn8S%PMvhOQhdgIO$=s10I?^f4;WHS>lgLvFHw%!! zC_9yD>q&joL^1JfQ`fyyj>Ju0b}FSUkKy<)R!TlJkJ88vz)l<%}~Hi zzom>pUZMkKNEJ@6W@FgXi*59-ec%z5c1<1InOe2mKB->02p;X(J`9}1mnjf5F3cIRw)(**z(^;w7ajTUzS0<+lBwa4#)>???)zl=i~g2U z!O1p>SAaS4)q!O-PI(Sw+IyH;Ago45sUK49-b=H3!8_#hfS4C0nuSv}OB?#27Uz;+ z&ix;Nvlc6w8~Db@5WQhN{x3snZADa4M%=!8(JVr30gK*0WbL1?(*CLXv7~Q<1q$ zn3i%!r9m0(%c13*J;%Hrrg z{2^qyqjU2I4!qPKv9`W1fkW!ft{~?$?oNK0$muuV+!+#FU;e>;CT+kng0*=v$qiBe zpih_~VPdK67JL!LTuOPal1g{tAtCzf7ap_e zPYLwiLLUY$qViNeH}z~hSVQ}wm{LsgWhX#fPz?^I=G*oQ0nrio2!s>EB7f1W{Htfc1G+;5PL}S zH-QBS{KZ-)#Xy!9ZD*_zNM^^k&^j5$f(i6Mf~@jzs2P8Q7iSq|!?7MM3SORFpG2Oc zZ_U)1V2W;`?{B}Lh;fQt?r1O*Lgkpukj%4Y@z6$c3>Pq%B5hvgfZd&*`af~)GCZ8} zSUVudmLlkFuuZ}7#D4@|B@tJ?dYV{B0N8A<9rh&Sd%FNeicrF!1QkEUddh+!B#hy) zzc4C>_?22~j+hjuWl!LG+e0_oY&O3Z)N=j$;OtsGlgP(^K9fr8-*so0u?YRKQ6Q>n z(Nswui&&$(EnBedgWcDg5>*4xLb)7hQpx_O2D$(G)xqYL0H*eoYXT35(+UM7n$Coz zm6qj|$(ipXUtS*&WnhNj4OZt$C$_8TCp+vqF}BdmUCk7y5t9Fswr2o>0NnyU4=2VT zMEb?bBTxa8`jcdNJOFG<&%SCL4p!bWsB9Ty?uMA-2 zH!Ei2I&Z5I4+=AIEl;iMSlAVvD!Y+1l0{DkLuHXC#1u7MKpXr5W%2vs1vr_Q2iC2W zb+CGM{Gaxx|Iqcd5mMLb7B%U1xAf}A@BhZ6NA7bmLUlV5u*4-@J@0NvQ!BNRHi3$A zA-V}7-`@fO$#o^Ipa5p-@qi(|1>6}SOj#ksu##R8?E$bc4fn(<4SpMK#qM-KDOLb@ z_v`VN_zC=XWu(NR`$>sWW+v5PTR89>FHdkZkKCC_aADzg>i6Y)xO|yb*TC30Jr-e7cIPbKk`l}i@>$^{ zm4ye3#<4!fnD8aLUvUObVqCBo_>KLF#S#NP5+E@ADCaDGwl@cGj2Vl@3a^(hRUnkK zm3`L{H%E1joe?jIA98`9_Z!6=y$|F;#_(UrxPTW57fk!mn<&*%_!nb>+*SUg=G8T! zJVkiv_L`Gw=lfGQMm~$bN!x=ym@gdVaUVA_a%mKLkfRY7_mb%%;|8lPMw7@F>{7Zu za3+scX8)3ZTWfY<5GM{LzBEu{8XQA>`-Q^EVG1dI%T6QOk0sy>BCTmZ$e)cFv^9jG zmIzV~C><*fLrHbw#qk-$1%e^ItY{a9RdCRaQj2aw#_%+d)?Grh)gqq!+jQo@z;j^0 zar{MdBxNgUf*=4!CVUIbAoXIU3-L^-2WhCxmG+`?gmypAXqZ-13o}$vv3#&HR>mU? zRQ&JKBNB}=!!cIa=PA7P{jVNu9BiqZ0wiO1fKO-<^BME=ac>%1e#-zI-SkwTJ>dljvO&_HocEh2a!7NiLdq4>qV$!9fd&8<(l!h;~2%{Q%q)Rs`UAtKhZV}6nXUM#g~)0Y$bVv-#B#uCRPPW)n(hy%*~ z28<)N7?aP*ckL9=2fx4c$jdG8GH(0wkN6%{(5tlv6Mam<%6+ulh*%1s`bAodDR7OU z6~Re^01SJ`g*1L^35jP-W6GvU301m&ZZ;PrqS~P)i2YEk2~B>_{4^}`>CqKJLb)xg zCEbZ%(*3AK((^8LVqkY~{~#7y4dTgyytf@`3zd%Qv0lw-;?$s&kXlYv2T4X5m)12F z2whZ~_67dJ*eqnkuaxa`?$AzJ|9z#f%ozXfa#%9lRucQSl*Cf>{;g#(oBb3CWVzo< zq_R}K#}Unvd3-w3*?n{8`> zN9dCU@{-9=-l_9B39@{vqaTko-D;ks*46l90x|*TcC`d>54;z=`y`lB#2DaIoJcNE zX;e5eo{<5$&A+H=UmRf6^&0k^c*vK-2}6I;Q@-!|2}m~CvSfkSUdAPqB3B<8+PF@M zFo`Fi9;(*BCwzjY+>PWrprFo}wUR(%A;@#fuB*(!WrB;e4HPAFX=tFPNrBnOA`3jk zxbZRm9J&Z+YBYr zpG^l@Pu0x?QC1Bc@I{LGqTN<1TJlyRi5qZ#d`%AAQvA#_P{J;i=ahQeR+1j$kn$+p z0zSS$f!K9M_QmqAkdiTK^a#|{%iVP3#GN=A2}gCd{lWrby6@;ZL-CC1y@Ad7Dk|v{v(W2C*0sbf6PQlfD!yc@7aY!{zcZ4r=PqJ^Le*jh z6>C=v^QC;JR`o^_!l7)+659pYq4A~^Ew#UZWPq^`fCPys#}n*AE@gB3Pvh0Al+zOA zVe+$d!O-HaX!W!Hv$X!NXpwF6D_Rsc8AnOAUvCw@wDRklZ?)A*PfFN|cS z?MdbU+5^@?X2VzsqAN#SzKF+^bD$d2;UFGTJRb4Ic4URA;a#8`;}d#{8J7Vk`~*mv zGtUvH*kyv96UvoAw*FS)@s$;%Ed$dc1Jd-h*(4F5@}7wz$;O#Wp=kC}klV|`D%$Y& z$K4;^s0w*AMUBT932>Z5AcsD%EId;;cN17d9%X$nS5TCsCw?;q=Yp5&09rudZS1$f z?v9osG;Hk8pF|*VvFh$Ba zBuou%`PsJS`ehvY>{5zZLiYSu#JCwS12po5%oVE9K@Wyp?Ke)8LzlEYj}?z+@Dl<| zP`7fKWSl~*MMnwBNchGPG})7eijs(Bk)P3FLLUiQ{3V(qE5gSqoFVEl>g!}6jhUe>o9{Bpz(Yvwx6>Nk3*E>7lKftct)kH{KyL0=KAIpT6 z>VTmeM5RhlNat8ZbBTY?ZPK`1Dz3flEh=cT=_s=ID5wG{ju!%gn2YZeL4W<)6}4w1 zq8n_pml;7cm-aPjy+VS}@_==4EkDs2tr$trP>>VzQDCA8?(}|4hax@L&&B1-#Pd|D zn>IS16`k)$@=e=5UwgCY?NQC?ZYhZn3y>c#)RkGN7XoB3bpmv2wwiN;p<^-zODA-t z@RA*#C5NLxJDgtG85|X<{uv>e;%9VxdVF{Zyq*W8CJzioa@x1R;b3$Oe*5M4TmaBs zZ@n30F|eyRPR&N#d<(ohe1Cp^e0ceC6I^B*TZmjS{Fl{i6C9t8j=>H%K0gu|h+nV9 z3yv80`QrUq2@oJ(7O0GEC~*%67o@ZC(royhms=qIV^{oPCimrLH=c`mdcG_Lr}agY zh)E@C_jK^~__Uk(F~x+swj^rs?WQ_N##q+PyTONd$JO18@L#!Z#1u%lT_cTE1U->) zMKXT-1&l)4T^6V3s3Kg;9@R;rsuU` zIy(M&@Zt3G>g@RP;^c5-rYW0yE(JAt)+r1CxCR!J53UC)f+iM-BiZ13Yrv^e!BD1H z*wlhzg@UA7FQUht(+1=(;1yT!;!Ak(HN5O1UUC%&Ag>yDD!7RqE4QmuyQ-OAz`0Z{ zD-F4&J(f8{${d}!b@_i^AM9lEKfK!C z-EZ?hJVyD_0igSxTFGu7boI-cSW`!@FQLLL};{j9cnkNW~48W5l|B z@I|tSZa&&x{F?=Z$;j#wiu#VZFMk-wxQY=&H2HBt=)7xjxvyK zm7-5q-+VHp96~-*-Nhr_HZ!-xYUf;%?{m$4Tj3dEA@(D zJM=?iMoP0t(D;R<_vK6cfY*zSYQzuh#_gGS zqbk;raFpF9Nce0s8tcrD9{U_cpDhLA6>q?I38UM zj?PZbuZDxs=(qP5M?ZbH@hKW3m-`Z=4k_+9i3L~L;7h57#ZMQSb{qo4O;sGcKXt$K zJjkJC1`r1ZjKiyc?SeZQMe6kda2yZ0#6z2@DJ-3UGMudWluu#h)AN)jrgA>SBxnkY z-+^N-J&m&a)tI`gQJbNOdX4vjwvu!lItPx!`2sjt{Dq{A*iSFd(G8+6o6V7h6AMR5)BX71RG-S71v4Gmu_ly;W+9=d5KqR zHCI2$hXRn0E^r*Z5WsOj$o}+!_4fVo=>;4y8%K-uK_>1ptmCC*!+#HlEN^Lu;&eiDxBwh}LI8pZx&?C_L>#f=Fo`EaW9DuW3-{uC*l*I>UWcgXk=osT z@G^B~-?$BF=(aIcyi9GL(ecH{lf#1j)41#AY~M-hefc5|A}a6d8#wULXJEFQZ5Pf;9Fzx^SQAlEU?@e!~x6|8wLd)D-n91Da3MT0W`q+aUDQrYbCs$psM2 zIAVU9i)nFZs1Ls1R=aTf`_A#_P=~Bl`Z=w_SC%{-SyAj(Wr&|*TWWthNd*}kR9Vu? zlPS5HS!vS29pE$yT=05d{u9qfG8#DOItehrF`XF2B*mQWLuG6KGlD*zVB`T9hAKT| z=QpIF%lcgOAqK+07`ZTFNP0+uUt^;+t&+sZ_n0)KmoCXF2Bf^BZH!fzZmqtQ`S(KP zZdT8Xi4>M_K{K%LWQYBqnon2UGEPHpwcZFR4)_Fg|G}Jph?Bz>3{+>EG1zRv`WSSL z4%Af3^pzmg)#L3pTU&9a=3&|Zmm!fnxm+L~QKipP??Jg3sB+mWS5WJdR0p}EN(WNa zmGr?R|GFTAXAk7=)F)%;C!f{dQYo<{_T~Yq;V5+VHH{_(?cSqGh5$CqbuN={T|FN< zVe)9IT5VPiIv@ObJ;N`7d+&)jQc=fGBrs#rZ#)L2fL~9kmSaQRI77RtJ=$23N>gv~ z>eo!l=4!KIN13xTsU&GzE4i-zr*-Kl;BX3$UO~HjhTP=&$62j?isu#HND7-|`)t~S z-Il_@8~EW2o=0=AyVIO+7G=w=oc5Jxd(~N9Vs;zO>Z8nNDm!(PnY9n&C1=@cy4*Au zH7uLwBK!(xy0qeh&9!;JtDN8Dm2XMPwbTtuQEuF>bnF$Xjr)>ZqbadhYRT!bnhKnk zCO6rrc4D#!uEy60e?y6zO&SA@L z2up3Y)P{)L)wA+c)$;9CkaW{#B)asYE`N8~3bm{}kuX zEmRkzNVue35h-U>8L5`*B5E^P#fg2Fnl(EGaNX<`rVFm0yy9jJ=FT*Hm`Tj-9M#Jl zhSshzxp1m;JXb171ca*DB@}G*e#Smxy>~ttgRaVcoT2RQW^t_~dt`UB;Jixbm5zVU zrz@|a^wl@C_9?}GseVj4<7H?xort)YHj9%L*Ar(+y9U%LS~_|->)zNUlctY}C1)(l z&zsFf!D(HHs?ixPv!J?-y_D9(8iV|m<}{65##7rED%IRkY**<+)j}cafICBXg{NU6 z;P$k!9{P-25KgZ!6JQtmg}KJY7Tke9Bf`ydbJrV-AATxnXmzUIonym8v##8aGt{NN zr2|^YH-6@ek7ZqPpBzO$jQ7R^pYStYJPtQ&ID|ekQZcb+vf9dyBBjPh5;Uud5C=^W8@lR1b_ohgk+0@sV^9gOd77jv%8|=1Y*CM;bcu9;#V&X zOxi3+?R4QUFqA>Pl5d5(Kix^s_h6VhW6xwbxfIvBe=i{m*9?*StQ?}ru$p}A=4Vq> z{1?Fi=>AvGwW>Onzd>9#djR}b@NsbZ;dlf-4o**w2A3!A&-?!s$Ok;rh%Go7AqhNR~R@JR5I%UEX015E~NWQcP~lQJlX2g4=E zuACw)dB)~Q5;wz=WK!A<<)$$Y`668_qWsb5l@bK|@$k2RRZog~|0EI6 zY0DYnU`+T7T$}3G63=U^%{9=$cbQ<49M83Nq;?bvO;%?R1^CYhfm;=zCke%KdNdfS zCTB#3JDv~$vMyMo4jQKdHcEVCw8neW#c(vV47b6>+rgoAEij)sATsrrTyYyR2}!;q4YVrhI4;*W^3IKdI|OlPXE!s8%YCjpXL6^7DX4QUtpHbGNs<5O73zRmK44`0`@_3ZP)R`r65CCN07Wux)J|TmD+OdbF%@~vM=Vc%As)naC4lHAg zUUR}%nT$ys@>s&Jrt(-oH^8Y07t$>XPAo!=_nVaKOaR*!u-HX$Ps9u~F zs(qSE#SP&0=Opr*WUhK*8l(YtDT+J{`WD8dDU*Ha~0DeNQb}RY`ytKn;zl;GU%F&9p zcGIL~qAV=_XW43{wr|Bs+4YuMrTjCMTA&1=TAZpDaW@CKk(qyeYkvCN%018j%(Jdj zC=b+}|GTeV@21cH{oPjwZ`$+!F^Y93EfWC5n)bZy@5>MOW6LTabAT5b3~WB=@m*|c z(4ONp=eRVBs9k=|Z7W%S%##(!N^(({676Ty;E?V;*OT{Y9#Hq^{}ehtX1wA8Si}E! zc3^Zu$RXlw_k>9NUCl7xd~lPLYdH0SilWu(T`nlimaW&gGu_KW*GpEdJHX zf3Npm<>bHpHvZ$Ilm_yj%F*PYfYXHx&FU!QGAR^%VY4mvr!W4$H~s6YB_5_M&@xhC zv8CPvt95K6zg8M7lm@Hhz)CVu%P*zFF%BSI9K~{_7UM$5XItPql^rRO`Rh`Gu9KE@Q`D{DaPm($_azlofO-7$ z@t*wO_BJDGbYw@DAl#*eO zS>9j9-ABsV_&(xzl3w)wOg@uiw;9hb?(UHoz4pH25P~VoGjqlCoqxe=CD?0-Vjiy{GZ-er5G7vvWB~b_USrU) z4r+HV-AzVBS#{c0A+6nmG%CsANfGoqh4|GAuQq{(l*|#Ip@;$IQW&Bd`iv!oZ?2?! zz;e&?KktaMg8nc6{$!sCZb1ifAOFKMQxnK1Xd0{BijLV8zW@r!mhdS^n zzQI14+G+WfFHd|kdg&US>`U`SMHq_zjI$ea%*RNjfzv=*>vreuHoH)qd2ma!M5b09H z7L230nTlum{*#=kVtPt0fOY);;NW%k{`Y#n_5XO3vcmgMvgQ|J%}Z2;a}r=qC=RAQ zmrz6`FWin5h{F_+`y30o=hqTE1Dk8+cxy(uTi03B1TpA&Sey;eS8{RE+IlpuIwqde zp{9`%{8(Nj? zpDcC!e{V0#|6je@Y4d+PO3CmJEAm7l#a|E~mEHw3^Kfk!ehH=3^*yxcuee%%Xz5Fw zV3#n&S~3Q|TTvRie<&FiF%nT1$zQW~JB&=V8$`#lO2km6r9>+cf|pp=e>Z;n)XEz8 z{}>0J5c5`k|KHz#lY9R^XyyM$DNXtRTeZmTG4KSB0pgt9Uyd7Rg}LatR!eG6osAE{Ou(G4BPNbZTwHLnGI#H0ru?t2~Dk-+k>Q8 zxhMZu`a@QI1*qfyZ?gWsd$0F)Tl?QfDPJl=;HE>!_sZQfRF#&qubZx_$MfRm9mx?2msJF;3BWIkIbXMC(BhWQT z2(!Ifb?PxFPNdXmpk^zThW$)^6jJk*>0vXAv#63rw!CpYZWXbh?#=(@Ne%T$y^{Wa z=gnTu{`b|Zmj6FWvCTb8#IHE;V9JHBKt`)NAW{;deNfz=?=OAS{QVA!)g|8b?0@~( zv)caO+k2C{|G(aA@BfcdR(Su@YksEJe6{z#Q3^=0=vaScEZWW`XjVV}E!B3-?}SZ9 zQ2b8V#F3yBLJ2O<@?|l$gh7EP-FoB4!m!A~zxll5fFpWi8UY*x?tA`o$k8P78R8B_(9_o^ zwnY4oS39o`_VV%HTKWG`O0)a4sP&y#-wVCI7v{+j^nU^_fj(j`vY;e2d-3a{^|Sfn zR2Z2Sy(n1ZR%UWK(p5%<3aM^mdwwy7ZgRfg<8+5%*h^wb472+Z+OG09zHC>w4r6xG6uBzm^@$3i*<&e=Of0Xd8fiSbqL!V${yCk zo{$CZ6J|KND{E(@-fNoPp+)git{+QpkRNP^kNQng;1p6#I3e*)tG7;(#aAV~0w3bc zc5Bp+l-o4f6$pULogpvs5k0pazJ#P_eO9cjtVK63)TNfkPA@ozQ#6cxUn%i5HRXvZ zcTm_{bTYvK<_l|1^q0o>fkL)Y+(|01Tp>Aq$wYFr@QKMttY#&Wx(Sw{D?JwD$QNN5 ziWbZvMGSEXOi^(cbmfs!hW_r3y&WX2ar__{T5#`)Wk5XC7)4RJ5so%gg`oB}|0J{O zHEi+;Ei^r`=8aVSvH{m!+;Y(KzI^uAHSUd6XASp9(}8f}Bbw!T*2gst!|v+-qu_|n zaUj9HqtHb|M6vWoB7tWQrK(!$EN=*~4liR~cc=!KbypNpL8^k9U^2(N3I)&%H;BJw-S&X6Z?Q`JqaWi6~3I!1)9~Qk#$DYdrT;}whOwzne1KL>uDn|Q>+hFEXV@%(^6f! zOADfFcG;+O1Yf`QZ2>w{Pka8U^ujA4nq7ZU=AS%Fb?V9%kK;Hi z#E^yB?O#_5Xin^@UG!rc#ROztqUlwCZ6;3M_pgsH&);q${$t+Mx5Mq8V)b*$FYNQL zfxB9muF44=nQzh*i+|wo66o;y>&W{iP^v+&o9n~L^CLvHQ(m`j?wJBsT$%sVs9eAH zFRvWM7}###I@Gp0=F`zgo~|t&xG1wvFwLWek&bSl78|taxD*@i9b6rGdHJ|-b#uA| zdbvG)U38hzrb0Q&Jfv0f_@gGwoBeSDj;EB^c&#f)LP9pU_AD+}6EtC#_YGO!u6}l9 zEzeSvnhi4WY&LPM{fWL8%aM&ZdKTA2Cwg(FzAU7IX*HM^?vyr{aTP^ce(MSw&HS+i zZ?1L}H1kLMXQA`Qx5LYZoL$@mS;@50;nToyhrXq;Jqa^25Dm2kJF)aMX_y-Q;H9FJa;{G%Hx5H-Ojw^r+>>G#e+1k->-R?}| zWc7aKFrE8-!ON+%sNm-P zFPW7nqm<%wG@&}{!@?Q2T0f-|HaXur{1m`|%$mJ9nb>&v{r=?zoe|EX3EH#oLipt= zT>?Lc*MsB5$=!}>$uYD7;@cZ(-tk;H*nez@MvFic>chnh-i@D=gPUuhpPij$kc}5B z9{6`u?#uwZO<=Ge%NS06o;lO*VRG-_MRM-$?7e?}`D}bMvVT}Aum(k)BSR>ni%5*$ ze}@WRMbeQAL2FwC?gY-KK>H-azuk1NBud>+DMFY;WeTZ}tOKqN!btwW8x z!i@X`gU7U|!Qx)b2mxlnB;wT|;6)f$^%+asan~Aq?I(FQLJ`W_D{xI}hOExTFg0|r z(jYcAG;lF7cC@fE@qY3!GB$9LEJSVVJ`irQvX=u5?yOAs#A@L%BZT-fcAogSXlqK`Hs10sA4!4v5R?-1S^uE)$Bg~0H zm53iEjxsa7d$ydKlu0B%MGO_R6ZlAE-jW}ZCCSLvC^ak-q7!EbT)L!+yB`S4e?h@Q zC=b{@FUmzk^vbE?=x`2nfe+P%IbmU~lH;fVn_rmx@89&FmRMjy`L+mroctJBRkZJN_BMSuw)AR?fT z;Due_Y03M8Zm4-)6bFHZ-bq(1fp9#PA(U1wjj@6inK5bVSy`nx<<$Y{+wUXBN%L;0g9yR^Y z^Bf**tg!Ued^E6Ad;5fE+-N+S5HZR%z__a1{{p$!q8~ckBo99!1o-^M*;$B%Sa zJnuuVU1`g8xA;PYqfRw1M7=+3ZeNAf*Hk`q`btx`o z(q08$tiglat)$aoWR=$QsOpzX6_GncOVJEdj0;eClBNNmyQdrix-ZQo&Qlx>=)5eh zQ&6-d!{NG6T}iAl2-db#TWh%Hg*-Nn@bXI!@Ov#sOI9AnC8;?6w1m`WH2qUpz#f+E z^ZD!K)dT0ckq1a6JkC~DI_6 zib9FOepKC@7(aL%!<44B?0mtMKDZ(EK`pf)t8(MQr7FR3M%k4q{+9*Q1MG1pGAG?F zwcj%*V}tWuh%<9pb7CIcw+50w)s6bEdA8zat|>=R5btK z*V|-L&@4!SIdEhpCLst3qZe`ESwnv+79=bIb!p$Dn>fcVI{k@BLF}i?WDA z-W~0K2&`Iw6gqmxQ*>+FsAwaO?>;*y&#_O?txqLq&I|8Ohi3)9qxm4iaUH*=#Q2m+ zmJMqJi<=sS>3I)A|B0Ho0|LJk+`ZeYfO~wBBMUCnZkx9tdAv}76!iyY!&1>8QMrRb zWipE5RfyOkcW_}S`5g}=x7)v?eog9IVNoo(6{7CM-WUYOT7fgYvXI{)3BB6VI~D{1i&5WL;=5bk z=fZ1;L!Yu?@8O|eQw5b`73Mgtntn?|nGrx4OLT<0+^NURH_gC8ssC=$At9o%MnQ+c zru%)B_XTYi%EIc)EBSmF=TOgn5HETNqs_q}Y?$nkAlgcuj6jxRpYOw8O~3-CYqJAB z*90_+e%@<_xnkW-j{M)B2VN^AzeC%XL>EV1Y)rgbnD{p_b5}@=a1I-50@+6_a1L3h zY@=rX_o*@Zc75bUx7Gi~xyjQTAAR_{Mu@+%ru&S&vIkS`@#a@PpUL)Ng%TeQ(AfSB z2Q=W-_PVj%Vv;?owAp+z}i-LSBht0Tp3Ai!)hIO|7*a_fvFo;#G%oWvEI%g zGbT36Gg*CAgtmsCnHB?l_#SjfE*(E1q|K1gUbh}Ayx=OOrG*v6+aN>Ga!7eO|B6V- zGS;9%c<^12p>)0zX2c@H9aPOc!wG!F<>zG5Ipff{V}0b@v=~@a9c_uyddKj7tj|N3 z`tj22KC_R|EO}(8?N}UQ*hWefhYdbUoxLuV21?#omN`Qd=oTNb-fHV#6ZOdzI3lYQ)Dx3+NKkYYXE?CxI z|Nk5T&Hp=EvJf_5{n~(o()wC37yLP^A_5f-KX@c5y1b#aC`s0^=9C)h5H1!kSb+L$ z(1$@L0dhCcYlNB zCJl1oIrJG+76>AbLDUcYHz_s@uH`#;x@9f5=jD6np|)0i%UjLrNEz2DMRbMXqg{5k z;6(80lu?bXaa}p4_BgC24?~(L4N=-4u%vK`Pkpc@&$c>qq}S>?i%d?l*L9`LBDd{i zlc)T9d+R$_ggcGA>CJ6DS9#_^=0uL#zEgXG6x7~!J;4bmlU#a&kX<6nxRse8s>b*S zr+vKBr^`R2TVbYW*q#u-G~xyp&ATttM|TLdI|Z-5^fptbDfmr66F4IU1oij}JPQ!S zY0lIaAWA4Wh9Xe^tKF>u=+}@Td&H;Fv3*Ko$;8u~jNW16BS+_CWyw(*=KbkVqDTZh z?BiNT-h~l4gsKgKR#&~oLNY3IQDOh_-tUL6!Qp+!W)%%d$3BWY9+IfoR}baT|(DMi!E8G-DKp;Q=4HOKmv&E6@Rf|b#-=%ES-P4NkpZX>k> zw&x7LZq|~#7O&2yuiNIg;Wtfsq4{F`Ww_fK4c`_!>g(k`JY?ZKhpYAku}aV=3KPG< zh(&o^QpLv#Onehs#j*?mf!&IXi%}xlzn$Qlf2VFuD;kklr~92YJ?ucjWL9Rq6Q$1c zL*uzGk8flw7}iT0=z+Rwo2qbE_|m1ue$NYhXn{6)0Un0SfL6jHS87@r!=2QmmC`<1 z|2A}EZT|VGvb)d~%Q0e}Ond=be4QXFlBHFMKL5D2vsd3)gkAQb zV&=9%^r}l`9%&onUBAl+?1IrWsWisd{XW~?2Q!^Q(k`RX0$Pu8IF##8N3>I_U%1LV zU>?A1Pj*W)UR!}ZeVoo}bH`Xz8YxPW)!CvK?kctJ@0yk>7b{?O{6sQiJG^A7IS5?+ z6FTT)os1I6sghKn)*{-fK-%lWlxcFRn#x(z&{`Hz#;^4lhtKfq7DtI7x^)a zbA132n|HBN9e|#pJl0odD*~tCq0##!2B4Rkz0ZD4*`*>nd&Z!pnR=nsX#@8O7f(NJ zsSWc*yGE;Bj?5Omk<(n+cb!woFP_x*lkXnKL(;Bd=)TH(-+z}^-8<9A-#eSu_r3z+ z_4mHJml?D>)Mf^H5dT8b(-U?3#dM3Mu>UbcFIb!|T>BL2ZUA)w5nzINg`@|g_5u6l zgdX>D0egi2xwwOQ{}MMLXk6#o$AI#P^gmS^N=w-=@PiibfgBm5Xf=$|#gy6`3-ONh zHpr49!X$BA&XdF~$94BZLiTeU5{pFTo$5>`Z8N>C*5rcw@gMML?@7`LiHqQ#J z>h0zm_Ck*y#>&VFZuV0~c@+tYXy<#=K%St~C=L-2AkSbI*K&r+Rsp6%~E(XYt*ZYINU25;kp*q(Kwg>s86yvt*!Oelnj<% zIft87;#yDrsq!bUl5A-``ePlzlB~=}Pq9=ZRnh!l!)1;k!pKX*mgLpEWVu32F9T10 zt7NbPf2ZC2KIxlW@S_ae?Otf`V7>lZ{`$&P|MHA#h%&|K^yf`dOuaI!zSBj2A&GEO z(-R0mO}+BH0?};=w5RTDHrAnOX*S;6RkwM6PS{|z@Mdg2mA*5u5BcEAfe0!f_g)(F z<*EH+V0P3Sn7zIIU%Pi8a73qJ5O5A4OBvKUO^!j{h>$A3gr8Beh*vJUfKpkefFgz4 z&44qBb|F=Aqx_33aAjM8#Q2Y1Af!U!FL>a(W?+Bim3!20D6U(?l~$?!Y?eptLi_+H z^tYi>1R*Nu8wEah^^hp6M4~`-)%O!=kMA2DM7m)#%ick~w|(t}`INW+z}Qatw&tHI z**x%_%Dp6ClLv~~7E-_1;<0ZPA0!MR)#zpsA5Z#=w?^t^7?28NQRIsR*vU|K= z6uFm>g0r9u z!kmYwA#j3I)rc;XUCYN z>-lZ(T22FG+c~>&?sS#|YsqtD-k~4>J>y1Wb zasBF7%e*^b?e<6qN`tCxOrctpV^O=@#3^ivV&nIt85P;~iej5W5-!Ha=dJQEz z#`0~V7h}kG*`+j%DKIDRZ(%XQ+A7echmr~cTP(<1zTDoBfyOZ%7>`ZI$cBl~r88t| zvo0ix)I%u3l}3aOK{&SC`vq~(I~=%wQt@!tL!1VY)I&)W1gC2**EfYR$05t$I`RXL z_0ipZ;$!}%7V8T}N=43LpSumy{ZsR7B}?&Jonq*Dy!!H2jQ0?2LIjo5Whp@B9xQS! z@k|w6Jf!4Nu6MCr<_%nK0*_O8;!Ir8T_?vCDY6`3H2jp!W6|DV^V!0?@3cGIb+P4d zjaM%PG1eidGR3KZ3=& zr!8TEtR1yQC|w_l*+y^K)n0SkVpe_JKYkjBFsUlbPj0CK{W=t_bLXCM>_0Z@rbGSj z?7}7XG(dk0EKPdEHxorjUU}D0DGgeqPnk63ERU?#UIjnvJ*^FWcni|Q8FvU(c_7gE z7hODW^PS*PVQy?_&>ih1>Z@dMjvVXAAMua5gvmq(L{a_}3-OfCE&s?P391iNXM)Xk z5}ViAMcNC}T+X*3Mo@M`D^ONJ}W*p8()Pg<(%Jgz^B|OwDgX|CkI$e{?sS48F zPNC3U8SqvW^wutAWaZOtP^e__+Brthr8x}1C$Ida6yYU2z(~OcrYgvV}9ic7&YSb7T(gI z+Y02TL5Nhwlw(v@=bNSDrFS!C9=K;V+!XH6-E^~+nDg$-m8oL<_}CKgF||QnH(+Dz z8-Jkcu)*K8J_tXtgy44MlW}`St~Z z=}koWP$#Qfn}oz+2s0GI+6qer6W?GVlOEH;Jt9GA-Tt$TwG$O(2M!OZL{`wr5!HeP zE(Z+%5R=lz4FkxdRFSrL9IBAv4}k7TOG8?QbEsC;z>$KW$JU^5ouGJSi+hhjY-FLp zYgqexvWd`48Q3d6A3#A@Sz#b9K}8<4Gq&{=9thr+9>REA?4duGoT`c^wGrxgUsWkl z{`E;^*r{4mh*4LI-?}F?mmy4!mkOq@WqD~wA0#rQoX@qjOZ_`4DN>c<51tr0Ia>UU zn(NgLy1KoceLXRtK=z7CjgpzDP^si~_cKX|A3AMiOHXRe4CJ{se{TQPR^#tZ63#(? zrcDTjddveCxqcua3ZCp~y0l~jkLm4-Hkl>=H&Io0hDfdU;`}R*rwC!+0f{75r9_m( z&fuGIOoHTd$#!wf1)X`>&qOfdEWG=Eioc8yMf*$rwjgu_C0D8MW&YFCHgSFk?>r9O z&WPtqM~PCa8u0%RJ_<+irvINUMkBO6e4us>Cj6$0-V?`?jbyUK|`@ zMl2%&1;Jn9O4ozt+CiRq-V1+x)}K|@4#wqK>=l#g7_85?L9fUR6}|-S=k5FVTXs8X z(s!C+F3H;{f$xW7ZettWWb$J?qR4}I*vKPa4xAi2ArUxa1_tz<(rG%_k`7jJ3$MNw z!D|q>kKQof#9qD-D*?%G5Iijxk{QNSFkq)+$CZ>)-IX!#EvyWVxcqBBc{%dTdTWw9 zC>ZQ!-c$GgT7S+g$49wakCr;Ua{*J_TM)zHICoEG!`EjQ-pfaQe+8KYT%OF>^B>|PHDKz$}*!>PQA%BBive;Kw+>ZCBSu?9yw1u>|FkRe7$*RJE@(s zWqTK{IX$T%6jtBDyIO$pUGZmma>HW0^y#G{LUA?4LLKgv^_OzrB|_H4 z=|Z@yi7f(C%10sHY}HS7r83W^S!E<0uzxz(>CQ)Vk$U;NUoZRZx}BNWkl zC1GsvOUmgW*3I~w3FfDMxSc#y$MwE`uKhAZ1T%FjMsY)Fq@#&Nt}?@rtH7_pq#q#F zW+nMr;MX%3ZNp(3C^sl`UByIe1pZ6k9O>P0Grk80qeFaZM+wsq7edJu(X;9VURw@B zO;xaNLJH|CYxAEKzM8b$ywY7>(`_u%jjkw>>h7-~^zya`dE({mnK~ZOHPea4Bn7c{ z)+H2}lLG%x3KUUS;*qunPP(g@2LWe3=|9*K$W#&Oxe%td$=sU5sp#&1bb!2nNFs5v z3DWYHr9@zogvs{58OB|c52Bfm80>HOsc(4b*dcjW55f?*@o zSZO@*9P=!OgW<>oFpZV)(r9Tjuc%sfe(V7y94|9uCl7NZq04dqK`0BRsIzE&rO1UY zTB|~$0)48yQf&Gqx8Yzia#Y@hADDc@!Q?OH3z8SQh~^iX`aIfatA{`FM7iqk_coIm z?F#frx=OKP<@+0Vw38WT1Va20ZOYNvBm{d#Fyuqe8yZm-8b2=)p@}c+y8fY0$?%;x z|6fWWSQ7q`9t$kqP_H&D?H-OWv4NQ(RRca+)gtF zg*M3@U=jxVmE}6`46m8JQxP;%@Wi|+zzv+w$h{>3=l&drkd~?8P7812ogl+CG<^0! z)UXlSD<&j9XdPRb?}6ENEcziL+&s*Il{kNT=yMD2a)bF@yUU;f5=?%q{VyJ9&H|3P z*@W5u*gO%|z*UviMy$5(M|XKghiJndGl{XMtqj+*O}wP9xCv#1D!*gAbd|1p4lO4+ zsI19zkwS5&mHHTNapTJX+(hh24Pt#H~igQoZS0wp=;wNo6J}_gU87Xw1yp0X$ zck!|Ke7Ul|L{Y0RXMQ}4H@tgqnqxC8+kRLkLbnE>C%|Wl>8D<`BPWF{0? zT~H7Jiv+N>$Qs{%gZR1xQxXeq7SYIF)0FKa0$`VH{sjQ>8W6AsrwnGtluIVWvU#^O z=^=LdBUl^B#YFNrlo zGRB=5T(P{wN`3@*+pt)e-Fra{DyzJui#Z{-Vb9Yxo2 z=$!ULQd$!cn7(Q(DJd|$VnVUGEG6`z(EMCGrr~y?LU6auO673~Iv&Pf04GE_w46}A zNJg@nY^Ag&%|)Ch7Ck+DcL15QIGT`^V*&HHR4~X9x>Wed2(Bcn`tdO(`Qe2{%JCyr zbn1SBtpV|n4t1nrEyp^^j|BQO;WOzdv<%dxv!m(=KE!69M=BTwj|gSh5r3FnNDg^2 z-OAy>;heol%B+O}y5n;hO}dyv`$A+z%EaVN#XX_aKYa`V!2eN-Wf*u{jpezqW))`@ z#ARYsrt`OKXGXAnHUDvzero7Y3?{P_V%|YRSN~O)3!f<%{vFnOOqImr@cF|_vNwB5 zB+m77v(%Ij4&EAV(nX7I@ycvi8I&o>@LN9NXKpdlrNa@?7tzMbZsE22amoyO^aG=j z&+6H`#3H=BK)PG!Lj83d(Rch^*!(D%mL-v(SRA~6t6AA!E3{T6zpuG45hJ1!@5{*m*n0m6ttC7TTL!f{@u%1v^2|Hrp0P+S%w6(KlqM_S`y{8=4)LiG_!!T;rBWo$Dxt@unilDwiBRH3_oPF75M zE!eV={h$W@HvvVLz@LN)rt`SZLSt60gxxxufEYQVHbjyuUsxYX<;0~FVuB7lEV`_` z(D>8!j?HfS-$|&i4#NAYS$tKr0~Nm<#VfGm9viqVDyUk83ypbsr>oq~K~5sl~|d*uB5Q@(Ey zY7^g=_;OEj<%>t zJw5G{Lw573g1vN^a}y2chHOYCy*YoPmU*R#0Kr{Id>HQrLHxY1@n;PPc1jptQJo0) z-)4MU5`4;!!UsRKAaD(PFqMZQ=yDg;L*LwKNb&tTsG!U?@j2`D>0~iV61=M7njzlS z^_?hIAXlSg+ZtSQ`lG%_`TnK1_e0=nAhvnc0guiM#=OjY)P?jz42hh@qia%PAgDJ@ z(O0w1Y5lWYZEpY%{0u_J+B*(>+{b*~L(wKJwQh`OAAK@{tTcb~2=A{zzje!`w_WVt zp|G|4T?Y-5jF<5`wlh`*KLun8r=T{o^_c9rF@LQ7N0k9KXLK@c(U0%OZIw$?-V3Fp zoOw!G`RW$ZlK`if6^kQ&@!GV;f*F{Ru3Bi8rG5@G6jzSepzbJI)YiVFAbBQ7UaK;z z-Oy`;6I@lh2i2J@9vYRZDTssp5*9Kxs2=S;lu$(fyCHJqtA!W-=JF z*kpFT`pFYmez>QnAT&PDM-ci;Ub{~R&X?GbL!mDx0AMM-A?^E6bYI0Vb5g=5)`TFx zYxcL*?KBggt=>|JR1_3Aw>pXv6>^NKMEwM`>RKf&DbKRdB8myH-QFzzBmvGe(peW1 zgzy~=6o}9)ANJjYHDh8+6BuOpsE?M>#cHj{2*?FYZI!2Dl<)}?-rSf5P{O!v%x*j> zTTiOcStsY>1VfkS<#I|&%J9q<^Fn>Lsolm<11RiPk>{MLE{bx2aU3z->@kw*WB%^7 zVkzgmfR#n`MVHA5GH4wbOaq|^j>5Wk5LK|QP9z&>Kn4Z)(cUZWrnn|In}SWu$9~BwvdSbcG&%q%Sp=KAvr*P(&yJLP83P@^^+rPO|EmF><_ncBq9UCbK6Z@*gxKw$5ZYaES~&1O{y@ zy;I-1OlVIrDXXHsza?2nWBRP|i#Q8o)SLXun|MsNeRqrD0v#gF!|0p{nf2J?xO_JR z@%Dw=RtUJOK|^Wo96@mufyB?)19Gos{H!zkR8_S|-&mt;HWQgGsmhHwzf{p+lCzZp zSfxVd7f91AlfkR%fOtS01DBPJsJmLRET_cecxm-E)Xf+_@{d%|3Gq!gpeN??qN%M_ z*Vr{|EX=9UAxewM!RP9{xu5*6{lSfl+ON+EP(`I^vI}PMD)znis0KPjoiBl>9iPg0 z98c72-%*7ha!0AZVlcei-%yq*F4j0Wn$LdVh4fcfr%k718=52;G%2$Ul((99?B~bp z#I0hwa%r`iJ4j4yr>f=z_7?t@qUz7$>h4qqz1cg9?A2t~U?GLlEdumq_vV?axenn% z3YF`AI!kegSnAdlkO7DH{^|32>ezN#vcI9EUXmtlQ!oC9epyKJT5duh=%Fae?4hNcIH&hgD->)IcE`V$H8wsU&|TS- zZwL2kCx`n^T)Ey&69!u&pv&B8y=5+nbap`^lmKFEq2BmjY2^g9upyPO1Dq2jf?bnC zAfTaBxIWd|b+jguwXnR+i@I6dC&?Ww)N*vSsy$z)N z%T9sZSL&7C91r8NlNinpOp{#=;*s@?rRx##-j5AMfLAtvN_8*J2^+Yt`f+$tF=MUv z!@iXlr4MotMvhcDgYHi9;d}*eeFN%=+0;y^P~U=E$kAoQ%-a*}g}LP?UZN?1URtf3 zJs?9o-e-D&45~B%zP<=Jrho~C(|?tsi33;!&dyHNkD-UK^5OYeCFPF1$LZo+!Yecs ztX@Bdwk%4r@=kR^c`Ae{el^MV+=`==MqXeRqtba@dcH#ri%h92lH z;S02@RIFnFF*kAjzy%mN1Uk*Ke;1kfZr=6^-KjE5zUf9Zd(?}Dp&2mMz~lNB9GB8pRoSvot0X5Uu02sWO;*P= zyEz@~MI&z2D(yJJWEasmt7MA?wnT86iV8{Bb4j(>AgE{3eM>)yJf9*VLCLaRkKMed z1SNzH4C8+2boE9HQ|hOMGEN#k6$3c{{rx;j1EeQCbE;Cia3v40(xnfyZZBs(mg#j) z`Bnw5sTPa^RlzJ=iPJ2vnHqirZLk39yafbo?fxFE9@a#TzE(t+s%S12$RgjQOyynN zF+_Kp&b!n@I#JF}rHe=Fux7H@q_PXJyo2Pa8U(Xm-rBjmV%3BOwak2%G=N3#k=jaM zYcu)$5o}V~G#B|zR-;=zV>P#oR_vZSf7WH$y4d|Qe8O8X_pD-7`u+_ix!6*l>><6z zqnfo=KuIg&gp7pgK4Kkf-cmo+o}O6%G@cy#kml)eX+qiV3GIzE>jA3Q??F|96-%|G zTKpIjxSWuilex*09Hpo!!VF#usLrpI4zOTVFdMMcf7|tuT9tQb z6UzF3SMwB}%6cC#-@J|EC@TFdZE`+V6Y|yEqmKF0F`~)#3!U5&a9n@~&>92+o7aPS zHv+7cLra2+LKh`}imerj5)-Oa-lw?$8x$*WCIB{Wm0xl`v#A@siHe82e}GRxfTU2oco8`_vcgGq zifNbF;1AHsMC&)zUzPkTr6$kwbj%vjYVO8n?L9NOWTOlMA-;sIHexp_Fn-&(0IQv&8E`1Lk3DM&Tjcp`extx7Cd1XCp$;sE7X+ zHKVGB|9MQ&^u8eU0#Vk|iYW^;!1kTI+@qOG9=A(csh@RHkh5wayergdlTRLhzMkxT z5<%a)(Dfy1R-Un{JAbV4pC#R*cq~`{e~qfzeFja($N#mXR>;Ou^rWK+4;Q*WQ9Iv& zbIG(fn&*L19XrKSM6M7A{!`ir%dOSS&8&ND{5cAw@Y>z6sd)ed-Wf)*1+6H?)5@n! zu&_cs?eR$VUq?ocFH?Z?3~_)1?m*}&D*_s#_UX}cQb5umCwC{O%H>7IZDo3n#Qz?@ zImj-!*#2Z!{0FWh+*qUwBFj+CXAb1H>pDQj1n`(ZmM9pk^1ta8Xj3nc@h0CBuo6wv}2W`4iFxdg2ZvAutOoqVG5s*{Oi{|HNABf7y{&`@X$ zqVty+5;sFYQ&_bQ@F$zq5js~YC{ZhzEc=C=U{}VahYJO5SjU1Z|HG_VQZlMHp8ownRN|;_4-35!OXTHalaKBo3?dI~$0}Wz z=CDCw{01;+H^1 zNlbz)WJ!k5Dy~H#Uc>0WE4)xx&tAPjw=h~QX_%>h8Y}08k8Bz_8-~q6*5EyJz~P2`NzE?z{*3JtA+@_ z>NGC~XH-p4t*@p_7~NMp&la^YE{lmiI2M7VpBd68*aGImINyr6pU6ByYd@s#44vs7_&CNiQGG%F zQ_Am6vIjo$NRU>m9Edk)d`Fv!LtZ*abyx5jb58ow7P_TlQd!)P-*?|v-x{OD_6ZIp zq@04L{j{B|#2|qf#B=JF7QpXml4-*e!1v2W5}TA~zSu7HUoyAS`9lzLP&)^rQi`gU z`sQt|*egfsV7T>=>bdzBz>BYfxGRMnY9Cy1Y~Jklr>qv{Wzd6mse;xO-u~y()oPI# z%JLxNZG7W%I}mEv)a7zC^jJ5)wkKWHRzqVas?aWbiAm87JEah60HS`0cfn$)xFM8? zsK+g|H31|>oMUmbZ%2(__+@J?fmqsTuvUcCOXzz<;W2fDI$eB&>IY1b;Rz(*@yt5i!jV<01MME8r1cLO*vcw- zZ+F^@ToZ&{IDPi=llcc|e?*M{);}C^RgbN_I>u4@NieI_MwJ18e4*n;U@)}Shb*@6 zOjX_)Zmu>iNRkHU)PZGIe3_p^@Ge3KT0M$95)&Yp8ygeU)8}ic)u)Z`YKx5?Quf!P z(|jUE22vCqsCRZ*9TATT@-XY9$b%w`@{s24En%2Ud4d^#uC zUP_zpfJxv;=?05ryk(R}R+#?^*nyuV{A(fFZ|9-OblqI(;ZxMW#>?rC3#*;eE@#ZBp)P)49gRt3!(dYt0+uFS8esXbg**PaxGWSUkIa?X)xujda(7V^f$QP zjibcNQWAyj{^>&ru_)pu#rn!ve?IF9$#|GsgtHco7xJ4!%yg7v$=3a8XBz#ce^A`eqSrX`#z{~5png91)YJ!m3v#wNWekXsi z-Q(pvZ>ihUKDMBUlht6CpHD74 z4s%5dj?u#-o>FhuOP+6}C&Dp%;$zD_t^6KBQumJoI}_kJ5xmu4WZDb?cRzl42|SMS z4Z^fx?{~Yvgi|h1yFd?ZYU;_{{U9aF2@hkvKQ8HZ@^@ARZdTNgmU*LBNzvBni3oC|Y$B9PHYp**Bkh}TDGE}?BcsaRaS{2G=93k$ zk^-L)C&u+F?^meBkd`N59LP ziKEgo6s;#88Sq%>| zA4BN%D6L6S7_R{42bK$n6UQV~tj47hs>+O{B!EwJCQ-}Od;`ZTO%Uhux6F>+4s&e{ z)$}hsa%|ID^0%7Sw6kR>)%|kAw8iwN)A>_qeT1|nlb>!#hYOQ8clVs+P+=MlTYv$O zyn0~q=boXHE=7Gse*$(1klaXST47U76FZjHbxuJ>N~C0Q@ot!2ZL+%@KH6YW^dyPk zyF3GjVDHX9q-CsI?VFCy&la$n*pAi2kZ>0zQY6ju=tF(Tjfawq;xaRa)k9$&GGXm2 zWDZQtvbF9RCXEAiZETxDDVXmkv?0kf~Sn^ zVFiD0SjL`)@8(NP$5$ytD06k9{f(A`mjG4%Wvw~3`4s^F=fqY~i_V!4y7NklQFWyn zt49%I?pSsAYUHd=rcFknc!O=$1}7SA5?RzntpfvqmU|-$wHCKlf@(J>vT-p_7+n;L zU=rkfnB>k=(Y<+9oomfKKOmU?m$GUx)8<)iHSO2i)P4Wo$O;q3~T%gRueyL(@> zE9!dX{Us0(ji|*6Fzmwr&?}a}eaS+PN1>f~6IF2m&X{fTO2_jb{Y%&{b3HT|Shg7!0!<6sVM` z?c4Nukx!PSZ^;oCbD9&O)17uUpL#Y=qQ-O9 zVk}qtJ(x5-8&`dfyVo~8>y6-ZvEo-&(8wQ*ZSqCm69nxr`?83t`v1kN1BK)fT2fRM zz~Z0Jr$zYBm(24JFPmF0L(%s~XW(BDT(Usi;Lg->k_Z7vTG;%DB&-Nnfoaj;kbuEx zXc~i={tp0`Kxn@~q0P6zk>7283W>#)*tSkxgnLFg*$zn%VNN^)fTuxS)32AkF-yHJ z>C<>aW3QrUo!A{Ze?*@pMKz{62iQ^D-$Vah{qw@HWq?IpraV^Myf~kdZQR&8k4Zds zvwmb5ptWUu-?565xW{-v+?D@?qv#U^q_v7x*42K=lgt_f%?NI)5qp)@jEVHSL}I_V z+QoG|_~Vx*jTLf=Uz+>s55crI*e}ifUz*OmerbOB($wVnXT^ky>tPmoE3z+yZ3x|$7}-VBMBz~6?QSUs&)}{x)XD)aiGn~hNkIThBz8)#ZRwbCYpei zRQobTRMAk#&r~a3`I`CYN=|;JB*Nod17@jAQVG^-_feQRFZ$3O8}FHbDA7<}6B46I z?qjdV;t+j22J(a6s|BPus`V=Ql(7xNg&GYHObDe8CWpzK->hNZx_SYQ8fuhaA;5#v z`LQxa?Uuo3D^bvX%s2_PIRiGNI{lZ#J3U7Vb6<$oT( zcK$d!ytw%J{rR!;)# zX@5mcj|*04Em>&8tho-1^y+D)~j1n>tJcU~tR@CSEdu(%V93JauiE&dpMzM>QxN8-kcCrCKECJ7 zdUIJvxaWS$Z&}ZC*XvvhDVcX%MrdadAHVUM2&%-k(#>W}u5IHy*Nnb~zYD*;=VC!I_xIowO ziUB@ZPM>pNsdgjx8pPluILP~oMAaIRdO@+g%L;2SolmJ z#e`!j$3~a3j(V;ShGMd=4~A{xIw$<=U;py$_i*=2K=fZ18$SA;Ds4fX4jT8Exs1nM zmdX+gnc3L6aH_G6RtSaxivyBKQO;K;1ntLO!a`5!0^4hLG!Mt2hhs@S`^|>mXdDW- z^~v?%qE~>SjR_}eRZ2>mlFi^M$@I6S|8j@W!lwcxpLMRH8cO-msvAmOsj&%XRX~Z| zmYfi47B9B8^QB4%Fi#IIb32ex>|p~F79JX)AhU+-Y~?@1l1}`{xc*(ur}U#^d(cwO zC1MD5?FB7yF7};kDZgWqmPTBzD>ATVmJ-45dKF1-<>Qp`xC?-nK!-_Mo z%(F-PcNu?$%<059XPD?X;GPkq6#661MQH95phXKsbqendXslh0IgUd%jK+>Qn~mk8 zb221gR;q)`IA&OT)$k&biKk$oR}#Rs0sTeL+zGg#*N0u_c40M zMtZN?yIW|dwbRN|ef%fk4vkcs?~8%4zp#WVZmapunnD4bP%|m7 zM@bZJWGu5cg~kJc$>HiCXsaajw`@f6Tf}jpEgTEgbkm@bHd>DHFxs>Tv^aD*<}I{L5oa!R?j$rUN{Z|fVlHz?h;Wn)aF=9H(qe?sfDM^~SPg!S$C>5R)jxAQ z0hB&6achheQ>NTZBbV7>jm*XXVBOFie&yD6o{FN;jzLm;m25o~avdMM2%Od-BO-p5 zn;`5_#PL|6R1Sv0WfB(G-u45hJ#QQW*kT&oPK({lxSE-XK}2I#dx2^-Qfk$~8SQ); z?S2~4zL8JYvX5RWh!oaQ7~q0T-WiR_X_$rP1J zCo>N$G9=Gkc{7<_8(A`0A(J2Uwex!M8a8uK5dvObXXY9!i$Q8uDqLBxv$3B)M?ZsV zne!?}T^wAciQ;bhMXi0+Zo-IKI*jA7=73BPgai9_<~_(i6W4jx*U&sj@7-d_f|LWf zH4`ga%C$!gs*vFhzFD_s^gfX&bDEtrr91Mf$Ix$r#fj3un}7HU66YqMpa_*lQxFF$RQSSsQph=e-}YTktzw}6hPC|Q6*VodOL7ZWB9fYY7uagw-c z&^>oqi`{An-x+MTrw&|2%L5j44X4KnU87dZ_@)9oY;DK(Vznu_eJwWnaHK*0x4pO2 zepJk^LqQpHeK=W|p8<01t{2EC%&_Y06sk%rCev44^;)^kUQ2`dJ&m;iOtD!*yo9;! zjo`VqCMq;8Jv=k+sS)c>Y=nhD{f0^y%|bChN>A1TH|;Xg+qcehW4-VDj-?H?UhTK` z_S-xD-goHq-S_ViIym@;v7VN8NjqH_ObCJesLs@XnfdLKq3^Vkb{ZF@4##-|D@_I` zMtXM$I*0)J&Z%fR--3Plcy^9Mcb+}xRqjwh6I~O6N-diV;+M4AC?s2 z1&po4)=x3Vu_UBc$Deyf`~NI{EAQ$%oU6)A#TG`qSC* z;pNG3m0zD*{(5nFc=^)>LVrE_=i&Kf@wdaXGxXu)T=nOikiS~?hyH5gEdF(;wbSxi zue{cC)ZX3S{ceBnx&QLj?(8#Bg*idcgmPn;{8pYOm zLi@}*^*`G}&uomaXWB&etQcYQ864)G9nCJjBaJv?E-GA$UdquN{(AH3X zOTlM`yg5zsQNLC1wAae_`f-q@_IHLXSv4%q9@eU(pV`?acqSMTZ4i}pcU9GDCoJ56 z^Ovn}7hE3L$h;{jG|#+WY_4qFS2|o~W$n1g-m&4-GI8jY7KhF_>Cw;DA3F!g7jSrGn6fJ zq~oL)fdi1aB8?%OlL7yw-&WushGFKg0@Ux#@!?tVhR|&TQ`Y8Zef6Uxqlhu3I@`cv zCTNgS4`BjS3e*QDgmp!ZHnws>WYji(Z9wbSk28PH4HF7TJ9AYK(S zKQuU@&%iO469`VQWo}U*JXl<{4?4)$<>W0)HytK6HW(4rSp34@^IuNrBwGcK@+g7} zin79!Sq9*hnRx@B<&ri*pWLWP(CRGbdG^P4YYVmYdxZ9m!aUpSj=$%lQ<)q8)a)UW zdd0&6_xTaX?m#uVY0vrS1q~0hLHN)oOz0nf%hqGBQb*J4vALN=Ues!dvm)&_i2ekJ z3K85NTAQ1G7LN}uMx+hl7G@rR#yvm>u(Q`p#vYbW5e&Zj=%dBb>+5URW1jK;HW-k% zV{$FF+poTRzMX4?b5!2YZiX{km}|EomYjZ`XNY2h4eQzo*lO%@qPT8b#*S&iRDeZK zNXBuW=&MT|5HQuGGK+Ponx#VX2)Ol)`<4MYaUPV)EZC4(zXEU;D=xJX>CO628Z&+- z5xl4<`S&^ETxJSsT%=w7I?{wu0C=qg-5sNAMTOLew{bsLy$`|vNu9$&#c9 zYq6Wn&B@KQJ_P?wZR>0d*xYO&^s)Ub`u_0p@XbETFAGdKIk-5stS&O#QAbrXEssww z4^LIoOZ%iHckENlHjfenPQ(>~{1n&G0)nw`mB%X>>Dq07*I4r`ZwNr}b}Xdk!YhAe zlU-V~D0D4k#A+)J!NGAJs?WZ!mL_au;eoYwZ!#}yrqW*R9;dHAwli~`Kaj&{O{`GTqp%M+x763!1I{c0Pw^pD z$018PK${PF_st{r@};;a0;moe4oB47rCGZK9S%uIu_V!0iN$Zv-k)C{zPsE{ zFcWS7S-*~HJ9acI)i#T<Sd4H(0e%`{F>U62B^>{MkNFGt$k?~8K}CYsq)f? zun5CMj+OcYz6eD6=)$-}R<<~N^XC1}pHAMMUH&`29~^5N7|yKpIreGI8F0`_tKA64 zSFTf@eQ)OmGloYI`fcrqL@ZHI6z&jqozsy?PO!qX82j70`Q`p53VAO`1VnPnaYF@9 zsff7VtmeWH9!x2m1T%-~)AIl2|Eq(#9LGwjWvJ7JZwd^`xlq#gcS4dxD@)G( zyA7EO9sui|i<9#Yr$;BB-W|R@>1Yihi*&!~&YP7-T4ni9gjE@r!@5ikE|=o1t08PBMnC6=B7NRQ1l5F=Anfu8Bpvpg6;E*k_x2N!wGQ;3!g>L#>tukD2b2_3C=@STFR}G_DzG>jpv|`srgmT&{O#92K zELfBZ)We_^d%p$Tnz5a)Gs|{v_zCP2qQmTYx^}d#9;4N2wO%}b4*#}Vt@6LE_U?(P3q3vqNn0fy9TIKWK z+S^&3|A#1R=nc`*qD_9G?H=v}LoCtJsS=KL?yOMgYkZ-tA=Sb5Y3wGX@>i7Lk(S$@ ze=!*9m+_tn&lJ{^f?4Okwfnqy{&!nD?G^ujkdlRiP<-FSg4jpeh5l>9wkr2uZgu{3 z(u?zx!{fIn{xF<1#!UXdvs>c-&v$lL=l?;<5lhAh(&6dXW2Fml9EaPCSLE}uITfYO zV`4&>4{@?$^-rqY;ryH2PP56ttn>f!d0GD7d)|7vI{yz*=1d-T*NkC7k<3)*4f7k9 zke8^K3XI0T>G<;{LZh9Ta2RIkzsMAQdTWCmWI>E-J*tpCOScO&x>lI54(~pj z7~kRi*C)Ly(S%v&|9NYtB>%Ucx1O)g|3j32S07O0C05K-#dw~mO49(F+YEDJlc|L$ z%rjo#@pyq#am(XC9nU`xLmmYCR&>LO66b&I9r(KCcKW~mM%#|J^Kc|J zW6U`J?bhDQvi)!O#mfHoAO#mK{{fby&-i#BoyI+mvlupwVwj)?PLk};w*TDUY3SQd z6WsC;y`f!>`Phv-)MH#fQqlPUAZ(lVoU^fQ&0$71{yIXAkDu|u)K7_QbRr#@$!`qU zknB(MVxAcduR#L^x$VM@kP@=%Scw2)J7Rq%GMY2Q{K`+_e&dRa!DDN`;hBjwJmb;S z@G_sKhKG7-3~nq9&(5_m#MF98tL9{gX|!MGI*m;3A>-HB(0`dB%}bJfC)!HwLYO+n zE7YBALyi-&k0QN)jZtxzzc#wA%96_x=>N6qs{FvUm6Wnt#M8u zlLbbC^|Z6N4ehIgqwDn2jX(adPdrgmqloX|1*Bc^RS!+H9@0Rf<`o$?QSLPLMo>)>h|kAKcnpf^MKB;?8qv6a zs*?@quTMaIRiX|gkJODw9FTpJ`V1ZepL|X@G09uAlxQBhBIAAZ#~%pN;C}hyB&^e3 zos27i+WA^fbH9+;PR)wrxKEI8LcSJyQsby0%HOJHBo6J@*8is6us?W{8wgSHYc_DM z{Zk#>@BZl#R1?dG=HEWoP5zSbVV1e`3GCsNUAx1EWqYMgcM~=B>A07j)0?K}M0<$* zj(jz!9n;Jlew~j>_)do;5~SFx#*;;Q)h!CWn)RNt_CWHSFzDN*$mjF#2RxK1(7%8U z6Bd(LW_uCn)D2Da&D?A6bZe*bP1Z5mKghHCG?AbGaC-uouZ22d_833}GJE#&vjGS1 zjrvXO!;-I;R|pyk->C?2!a8iA8x&KW>8{->9v*{cF_UOryDsI^-Y8c^38%5_q2^?S zxUA7W`kQFFYd0~RLv2x>HmN{N)FC&(`{yPQ=esN_BbNS3gO^~XOd8dQX9 zz(k&Acz)u(JX9@^`sJZ&PTv<~Y4o<b9nSus5L;rix-f5Nfzn9NjEB)^w z$}RLiIUq=4-Y2q<|IoaDtUG%J)KKKb+#lpTfcB98LE92d?pXJ*lz(*la4Sx!h zd^&$ymg66}aQ>LL_H8eAfZCqjLuy7@&Iogfsyaec!db#8ywc1rZk&wFLlR4WzO8Z^ zL1Xne+ud#N?aPnNGv7~v}#$A8cZ|OJWMX5)1^T7sA)FHNv$AeC? z7>1xN;s`bW`0}NR@?=WB4f~|Pf*91<*x(<^NuPXv3voN0Xp2hg?A617zI;Jl65v!2 z-7`d;F|k&!i1uQ!b!m+LzU%LrpqoM`S875W!k$vA)r$038i!3CeaLTYZeA9`eG_Kl>&CNN*4;^7vIItFQ*;$$9AM2x!E$_QuH#R^1UtfOR{PN|S zCR#5n54u5;T}bfcGlmP*51`L9Z2Q{!%&II_maG5kXqoQa?_Xx?|GVwy<@?{(i=EZ` zp9d-P>Hok&E_Hq^P1VX7KD2+mHhJbLOwAn_xYnyKk;#b+_54QTCxQE9Ut54jCd4O; zA+15Hh4v37Y-D*QVJ_HwHE=|H=rXe%!f!u<$uPlk;7gXJ_H4D9sHsymWgp(*A!(u} zq$PkRx~kV|HFNeo0b%>TAZ#xHVLO9x0u*x^O{@k#4=gtUi94;#u3E7plS{Bsya7=1 z#<}$y%Hqbrix8o$@#WEwhYXwXkZtLsHwpmOb80IQz-6(Wplyx`wAL za=_WOWx#4&10{lRTIN$e-Wi4fc-B~6%W-EdX>O}6FO^Wp@*ATu+-gj&f@_J!aahrQ z!jyk1elk(sT>H~E0Hayc{R7neCAN`zF3`#O`TO&I2(bp|(Z2L4v1#R+ z^@AQ5dA0Cm^OqQv%eyQk0U41PVI72vxOr^1bdXRd;oA_86#~SBgf=xK8QX8KNCM%X zvZPzmCU6fTOow7AV1J)-c>d#NA1w!$b7CsrEs^y0T0VJCqn`(vp}lNhOnn>d@fK73 zTd9$`nkrPAM93RRUvt0r6RUE+Wx4VnyzW_4{@dAWm+yaCdwVPS??K7}@}FaP(V>R* zV=iQFh9|@igADLb6RjgHZNQ)BjLBwZvbFM$91vX_HTCU{6)EbtadCu9PUECch2&!; zGbs+}XJh*IC%3YF307I%{+KtAxL>NJzH!uL*KS>Xk!9|tbPpCHd$m6~g@c+FwYN^r zXWA=u=310`sQEXs{Wq}>UIv9~<#mB+*W0F`C)>@GhVxkU400XAi#~J;2$9YCLg!co zFNP^dm!wgotBMlpW#Vlu_O-X_f7{u}akF^SI1i#0pmIb-=X-@(0G?WzGRC-gWV{Sr z#5i-h@iI@5i4hJEP9XD9;ak5For-@o3PbBj6`Gk}k_Q5W_H-~_>uTe4vjO{2UY7k5 zq=kWD6wkb{a=kPQo;Ky%ktZ(ZESdkC%eSHcFq8kkoUs4Ae6foE@E~Oo{|}SEM28ht zh!0QywE{=QM0N}uMXrO$;n``HW56~2OpLW!Hc-PUTHto8P3EPZrlv&o@##!;LOyM$-4&rLH( zTxFwNNRDF>+3a6=Nd7S%Mo#SK%-n&EJp?fhVfJH5`eee?ajX{3wR2pW90clTd%=;# z+$SR(r6wO;Ehj5)P9_&Q7jXLrGj7PLJOOgwN=J5K9Icbz3!PWp8E;J1s=wgX12{Xc zslAH|`R{5Y3%|q8mgOMx+kW;yx1vJ?DF*jlK~NpFQ-PX#E1MHzSijCn01BQ=PG>Zh zH9Y|qPVZ}yu}z9zd$E7n0xLw^-n)8wm( zn!|DSahid*)Rl)$3SVqzzGv?f?QyPcqzW3Fmd-H&>x&{2vDArshWd0wVk=gp0+LW8 zfH=s!u2Upjahq(csMpTY{ zfZ$si_t@P6Bd*!`>ycqqCpN_O;>%Z3#}R}1L!@ZhL)S!SClq8vIF8C|DzHvlombn+@g&4xnKeprW2Ou+{mfh z$F7)SVfL%Vgh`pHwyFzgz5;go)zWX7?p%@aTx16#2Hb(_=!gSX1pFA9E7I~Xq~(f? zt6hTMIXb7Rl;t8;O=ll)*v$+}RR{YAI@VL+;8vWQVpNZblT&Q5QSe@v>`{&Q7AJ{y z6mnc66f6gb#v%DUt<^Uf(DgnNGmo3?V)kjvoVXcBoJdZ|Nau&8J%l4pa5y%}MZ>vH zW$rSqt*XxTZo%Q*)AY4;3Q^N|EQcS8F+j>b^z912`km$mYDOgP%Rv*hTd;>r?IB#~ zpeEp}8K&@g>IJen{1X_9yaLKT(>wVrd*6w!A>4W~i?u+Inl|*OorO}*6^B7buyYp* zdEit3ciq`PioKP|lJ)eB`=4I`mS(tbZ{x?Hk+-5yx@JhS|dDZuE8{54~nAA~-H~_49z}qzw$= zFhpWJ>@sbipQGyx9jXMK(tc?B2asm)pBI>hc?@eU+*n(PNV~>wNm<=uFuUwyN#e?3`1--9o8!HB(KFNNM@^Q?v?G-? z5`Le^AIbQ8&V~w;-ROg&iTo0}JBKzG(dveUHd6Rq-h z%j`<_JPVeuX~AeZ5LFj+u~1s+=5>Xq5#th~v+`B3phNk9Fn2E>tumi5%E9+t{8 zq#E*%n11JvF?>uHiq*19n-wmuaC zce%I?^+iDG1m&x1K>FnKxxNxOjG{MGf*#!b<(HqG)j-Yv)kHUnJqXFs-n^aXG9E~I zW+n0(g(D{hX|ETN%EMP3Bxz#eYN6hx!wK-FbXo0TR1i)R7iH^Q#o=)pFm#L(PDYfa z!r|iPL|O?I#Az{)e5z~Cl1jgtNVsGX!OqruDCV>ZAn>@#lI{PJaoi`1`G2?DFDCB) zSN8u0DvQ7Wa^L7&=>0}V5f+utaV$avszUw}Cwrb7kZN0;Q(@l6V5OmQRmc1QFoMy? z>D({;Sn+bJY|Sz6Z6=zzQCW*49!zgE)kF#ubh4FoZzaEj8MshoqhwaHoYk$Pot}Sb z{?c@xA-UXsR$DDzR6|xfn-z(Fd}X=xUnY^!MqCasgZ{T(v|g6uzwYj?^1nSuS&06} zA>jgHV-$pUKbf10#R7kdjGdzghrV)#0AE+L0&OfPOWbu_U~-5O1)s3rk8;CBPWfaK z*9#kP$47H3xWEg#NkX@|&kxMuSEk zL%#_YE8=+2`~xhtzN(?$TYdTRrHO7(7Yp*@Ir6-a1S}*Q6$X^oDUCuz;t?8Qt{pY? zB{SBZpfmTcv=(~v?1l`-UUnTcdq+xLIYvtO1soxgh=N5zs1FbsN=dzD+D;2F;T>T? zzMp6cmcWT8?By{EadYZ=%U`Y6)mTT`nCPR8y0`1OU9q;8n%h~KGhoO^Zdj(?!I?WZ z^(rH~Fx7u8bh0Ko&Miu6Hs)f-*+IXV-@cm@Xf9!zPGjIJ@_qL=^}{zM<9}Ao>}EF7 z#I3#4k2e|SsF`RtW==+wTx-XSSW<2-MOhC$`0@)$mXBWSMjxBkn%uaDM1Hl z-QKk1z!WjW`QgAet1^{k#?q16zx*~%H-R3}6uYUum$hrCW>9rAix@XGjkOYv5M264 zC}y!|YR`jm_1AW#+xsgrZWr+o?(7%E#KL%GpAR#AHGcjZCnLfI`B8nje}K%NrdAQl z+^XeGzTFj~UwJLGQMl1_(4pio;@4c%)mhigp+k>D{#=!>Tb3*TUt=EAxL;BMX4-#S zW&3Zty~_XjFl7Px|7X3q2zOa3O~6;qq6i{G;{G(TKf?=C{}T77g#S8cOirWomA$z( zQyhnAJ+n+StIRU*kOz5C;^sXCyL;F3AL)7&6FTaG}esd!RcxUg$ep5#k`uXtu z-RZj@_R)DhdlV8$0!c!&u0(PtaM+hG`|2B2=gXIkEo6j^IE#I$1A6F->}ZTQQPU)G zs9#~>5u@ScYMZ#@2?Rff2$UoqQO;uRHVw|1^${rZ^zt?cWeT<(iQ~{Sqj+i*&#BpP zY!@r$@h2&t0xSfMLyjlRHcKnB>_0E}O8MV+clUOldj7AaGFHdkXF0RZ$^!J?c<2yx zWKkwh5ub+)#$2aBmd=?4ubh^0thtW%bdq*7x@Hd~12+yo>8- zpC#A#3SB1e!E`zCtfJ7Lam|~nBVD)DL)iUE5Prrv=nvjEEtT$8_5 zyA{@^w5-6wVH!!AOoYR?{Z@D`x~_nw=T@`QHy@^-X+$v}qh1yM5U$5x>UTDo- zN^b>(OcXHT*B<@pb0;xl&&#K*YCDU+%;#JAX^1(+VfX%||C#dt%e@KzzuoqWr+)wY zCzk);DwH{Xy>#i{qT-{G{q00+C4YGRb~mZtj&VOSf5nn6B=Ot!raPRn5<^jm5UhXNCgL>7W)Q_UXszHs~aL$;lQ60GRQ?oE?ML&u@TQ>uzkJNlU zv;A!KWqSK_l0-BB6seoeWR1yQzm7^&-h^7Us8F$9H8LpRsU2Lhc2t0%I2!=c#e>_t zIh??!Dh;XV_vXgQFTk)d>A$>eCDg9;373oZT#0jkl9nVBc@4 z!q@e3M+M$?`^eRImz*wg#tJgqJu2__c-#t8xXU?nInp8rtESzO4KwQeF0iw?6#XQ3 zH3xsjj=EH`YRBB~ANdp4PeT^>+1IrHv|GEA_rL9zPd)$7pV|JSQ0Dmc`uWE4O+W@4 zACCzrpKHApNCSOGJ5WB*J(+?gmv%8zkZHdZQ&6$58dK1815UAv8UxNub5dzi_2#6< zW(qpS5_hpEw-3$N4`oWaAlA2k(ukygo7vN0DhDSyt~mWcBIhv1 zu8P3$41L<{rPY~&4u|k(I=o(QMij z?n38D~tbo-EypSQ#>Ee#hKq`8wv;=0#ZC2mag=hDwBnSJg$Srg; z#&Db_rr4OON2_$B^1q_MBoY!cCQMui7Y1XNp=_JI10NFWD^SOmRVsxt(!rN=J9JkGY%mG)!a@GT(w*P$M_q zqn&2C^8eg3x)TdNvP){JXWdx8s9k9ZH1 z#1&R=M@ov~?i0r1%K0phy15IzAf+q!I-{#4(>r&x)olH0G*1CEYI=Lca;U`eH&O=jG zuXb;Q0H~z_n`JB6WM@AKvOs@nUc31fEWT+G*t__(O-#Pt*p^LE&BF!3hzUgtkK-Iw z+N&x4TyD*JQ)ux_)(*U|6PG*sQ?hdc}e4i>I0!Y zVsWq4g1oY25id*k0ADrhl)db(+lWM7t7Sywn$g>Hjju`C)w$Q7nN&MHHFFK z7o}}Li9`48EUUHL%YjK~BAI1M0Cn6qUD4QKR{j_dqe7gk{B2l`LY;G%T7|lLTqkk! z_WS|1O#Yu)ZU&eTOI$rf{k8ZUa(vG1bgmFTGmjLMq(yVNPvEehZFGGKdOhta zNz|uHIvJMPWJ6O=`|LT@&ZSunQ8x2P77|Rkf|2uab!Z;;(3GUkiQY?@&$FtK0Ku7` zV@XsqOh6dz)#ovvd3MSso!h49$xmF}6F(Ruo7nyVl7z=fRcJQRy7Q>DnajZ&HX@hv z&E#e1XyO{w%~q$5gJETbDt#i4QqD;%v%B2pL^4bqhZ*H4h2+_*92M15_I4&M9(}=iA8@C ze-j7asOp9aC@63o`hOEHYUI1`d}kMMVkI8OQ-vjnss4aOL)woSC)H!jkpEkIJ0<`B zofmsAR`)*-Qr6HJmWonAGEcpWitWUxo6;y$R6N1K748$^H`dVQfC?niBw<_%BnBjk zz$F3=u?z+@?r$MZA}s01u+98?9EXiH6qCMoqFvV}0^_WR{@aF+-pA1xu^3t^kWfN6 zifByyhJSqV=|VBN#u_>Tv_l_`E>K9hX!w09x8eU9{D$BC58sCW+b;(FZS_C38u}W7C(zq_O#bH`dSx%qdF+Iz2uS4L{-RHxkH(PeX#Y zbv@30YxpA(u#jv&A(O=t&j0zz;qluOe;C${G5!4SwO_m}#sAsad%3eZ{|{2u&}*F+ z%ASTdw9A#$a-{aS(KtjO|4E`@@#|mLZDuJ&`h78g3{%^ZB{UG*k*@m5V9A=QvjL{i zK4)p7NQ%ZB6tO-HP?yMSq6m%wM7Q%BjkPs&`R0EdpEnwvPDe@BjgTZH4oMtPVx)J) zTlY;ZO;yx_kJO^$=j@k?xzze z+b61vj}}Y?4UdT=0-fba)y~sc(jh5=m~a;Qlx=UI_18b1op1Q)7@$PzuPi5aD%lVe zn#(sAC?JZU(f~^$wiMp?A(LJV&*l|ssz23y$1LRtCz%(KIR|H)fGt5#NkpUJx!|__ z_RhBrPtSMPZ~HCXMCrIht%t%0f_f~9*tJd{*Nt>OR{_$j#RNRUG=krZ;%82>K@sqO z2v|ZuF$`(1M?h#7B*-CMLx;T{jj5yx&Km`k;^H(Uv04Daky~!iF%bc$pe3TY%MCjD zoak(Or*V?X*$o;u-t;o-_hmJ^Y22WWIq^7KDL-Z*@dfM24!S`)Q7^(seSy?ZW=+Rh z{iRi_b%Q#t^X>QV-#3k!B~P>a`tZD|{{LUijSiXy$pG`P0EznIp&?0FXqIGRO%fJb zK(^KASkfxMGDre8Ojt}}nZc7Ah&n|)se?o>$;6u6A0%*?j&OpzG@A1`O>D%iPS^aU z>Kx8KYIi+CiH*LHTD&KH>|ulNNJb!(7gg6l_@Er7L-8f zPdI0MArgP@)O}fHVQFo?UKijq_s(LLRqh8+_aG3!Ge1rG9ET)#4%YW2iZ-80bWNiO zkyxbQ0$u6h-KQfGYeV5Rfp2t|pw?)u%SWd@)X8sXG>UgD+tW86)QlzvoLwUvBLEOI zBlun@Jq?bbh8ST`HvC+oDi2V;W4AvzH|*J0?G02Ez|3hp9pe6Mf$O2Pms^)vXXK%j zo?90eb0Ian(EoI@rF8g;;wnU=PA`oj1U13lGPwf=cd~TzQ?k*crhVP`O=k-ULeR%k z+w9l%HK@ZGlN*`0pO8F-a8y33m_U+7k#_MEoyrLuv*3zwjf3c%^r?`1jEq<4J3J(! zG=U7|Yv<73s{d_gBcEaMt$iogLr%4jGxbC)i6K4Q@mN}!dd`+~TAmCK%S!?Ijg;KQ z!4-+YxbTBUJnJku_1VQ+S2E_V`FxJezJ7eGz z(#5=KPO$3bqa7_I2`47BOUxt=BbpyIMg;2hi*G6w5@=2gX&pL zm-5X}aObF(_bwE+PE>~q)AsF7gs`}Cdh4d`+@0vcti98B66*h*95}^b)ndkuLr>;5 zo(h6GmW`+y??;4l8j{Y;-78*zsQO2oX!>9cDeA{D`aQ*wTJKP)k^sh}&N$y-0JgzM zT^A;mL}_l)nQPB#k;QQO>Bszzobw5C%mvGI(sf7H_yjrYg2hFA?K4$8)EOr(A8X@a zHGOX^2cCE%S|M?k-Z(YQ!B!;oBJIJGk>+rmeRNebki1U{?SEZgvmFZajRjU+)l;vWe%W>BTgizWJJI% zi1rYUIKkl<1;80X-K3DYL3{&`=Bk>l}?YEF_3(BgldpI;+x7xnKGPm3+?1LQ@or2BM#;jA) zG#P=nQsy9Rm)0(yZttU+%U69l^^}U`!;*2_C(FB%{yI!|c^BDVhwClx`a8qiM9FDF zD&4A@XgU=tY&mE7ufMLZIdyC7Ie<-I7FqAYku91^ba zQGF8GOBi^wpa>(TvB>?YT!VC4gNoYoyT}o;=N#EH5+nvJjY6bB&`)#iFk6{|(c|Rz zl*BR`+r~jb0qK0xQ5;lhCI)MNl61Dg;eKzHmWJqaT>so7$}O#H7xyY2RA>(WI;ByF zNIasP#Y6p0f>UtR0%2X>#b7NyEF#NgC|mWkY7vG%IgQfO40VpqIE^Kuu_mXKX_s^G zm9z4Rek!&wF3b>O?Ci|9Fo#h$J0PGeHQz9QpxadIG5S541Qtq=JVuZ2CJ&?C4ff5g1~q07R)VN0d8w=7?K z{6|z=!ZPFKrR)1M$6Mn2M7n}pHdhP)KfcS0SI8l zQ;E3YEf|RbRsyVc>VQO9;OmjSmtJK5mJ>vwGv87@$}(&JN-yb!x!Hi%5H32^x%R*g z*;HZ0IF7g9)=BBi!0F|uZc1>YPJVXGqjZrSAZL9H2KHn+rMwCfA6-Bll!MbB!1nk)3L`M@a)a8e*qQ($05gsJzRAE zj%+VWqM(!em%;g!_b`Lwq4seW|1+5+@5ujj4%7e6N&kP`ClfSzr@t~2)KEMu69l#X zXUt<7_h;+$bLj7PQn6<$rE@5NcXPsVu=?7piqBaT(YSw!`$_^Zi-mBPrP92_H8qgL zeIW9gQ)*{%C)LK<8oEeGKyid9te^-6WQc|14z0S%Up#Z;HMQSBNRAV-uR5f0zkyJg zZ`ZzcwX)Tnh(_AEmI@TH080`!5F(%PFp0=M3Za!xS)<`R-kvekc~%n;Id}hcdp3`} zx8pvIKQ|f@_h)sh`;oZscGLFTFZ{L_k}k!u*KT?I#crdKq)~LnA{xwu6&AZUMp$=$ zmNm>`Zh~?2*9g}CA2olR@8Xn_-lmmo0 z$KwVSg`!U7%ZP7v$m;G1#$Mk6HM)LGT8jzBuG0vcrd(gvs!5V43} z5%r5gV)9vXjA-0re5f5Xb<_ai?uCv`s!;ea2Avqk0WqC*$$n!k!#)?W)(T+(ifFN> zmbqq=*O0Tz$X)Qp8q!lY5ShpMYsk4`%ny)>J3DioY_L{cA2}D4zPku&9UBdyZ@G^m zEW|7n{9(X^4(b7R1&R8V11Ql47NtXCugekiw1rN47R8!ga|^k{yn}cK&8B%I9#Wy; z6et|41r2lr0zsLgUj>MpUbE4_K|q9f%R({>+(W2|hAhl;p47r!80ehf@MlgXc@G;P z=znGoc0vC`78v2x546!pupG?l_sm3+>*gC77JABpP)tK-i#mGK*9zOA*L4j!3tL)% zH3TaFK(E2&gfnc0vqdMO9Bm0HDk#!|=Cp#RQ-ml2`Elv^|1KB9_WxmgX zgy=pEv%ex^eFIkIlB#~BaUBpEetlmvb+L84jttZ_v{?#H`Bg1Dqh^?yVUSPLlbX z>MeYq;NMe{1xm?xtVwXx7xP|L_B9C;+e@N?i`XB_U5#wC{mB{KygkcvMU0Un-*SsDw+kaItkIF z3`c}ZQP?&UaS4dAQmBcLXgD^JMIjtxX{!#J&8^aE9yFVP^Uq3E=ZyDQ9^e~$)IX^% zN--eo<5)Jbb4NZWj7#KnbMVdjRoW$ijG(cN3kxm_BEbR4-aO>kfINnN6D(HX9W?*& z70vSBRv#4)0 z0$WUjySNyJpK#J6+>)t}tkgbC^8farbRcKVxVCKc7;rLnF-JT(Ux&l~M{l9`XYPbtjos;tVYJi_w-2LJ&7 M|2T|dApqVE0C>@w3jhEB literal 0 HcmV?d00001 diff --git a/assets/kasten/k10-6.5.301.tgz b/assets/kasten/k10-6.5.301.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8ab7bab57b4aa12e878b7e7cb9d83e0bc6e3cdf0 GIT binary patch literal 203174 zcmV)!K#;#5iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwkb{jXcC=BN}uL3WfeQf77Dbn)SXzkhSVI+ zXO<0igCwG6qX$4sViK=)ZsXkExsqq00Cc0f(I2EF+nKR`Bqj+IP#-813WchR@n~m% ziMbrE@hbY^PX0!t(dgNeC-DE#XjK0H`0?(uAI49fJ{v#T-F@I7Y(RipV8N#ZVA_NqA+nyhY1^ zg@)OfkDm@-3`f0?h=9{X5BeGlN#g(ezyFU=lt%|xVswIIydWzQOLQ7xIcI#;TQW6) zrId--+u6B*UW&{;8YnRKhmZwgnE(1wC;S;)?fvE1Q~Y%H;^~Xo zU*=DP*^9^I>GLrT$kRCvpONwI7>}Of*^6-YWcLYq76h~Bv+()zzdW6fNJzq`PkIXy z6ON_Yr23CXkDm-i8AC=bs;H@V-9ratj?+jYEd^-KxY~<{y?f|Ak38$ANM5&oZc(I4>--mxEX%rdc&?LITYt;l(zQ9RBLJKnAGN4(=i-LRU)~EKx{>7W;4=;}s3mE_g}RPDkT~122uuEYJgoZ4VLS zcBnXwqDLrZmEnLrhzbi0sUD9|uw*O~Ju3#;=!6duday_yBNn5{hpEB>$06n+VsQ@X z)$7AY>Sy#n(A$K>Q;CC%hvsMapF0_|lOu$KfCzEILb8X>2o67RD#_b8&_oyXH?oHw zk6uyDG$IM7@j|mO``P?z4t&KQ%`m^RnehG)vBjbS(fnrY7W-RCxv7O~=>7B+9cKDX z(NHK_V^LjJ8K^mDE0l0@Nm(lFau?{||B9XrpAN@LNttE&O3wm`bY@gRs??!m87xlb zge%d`&ZLgG4;4y?#zGPtTBW6xfLZCo4A7J+Ab^1C#MP-Qb}>Uafmhj8Zkyz9KkQt+M{1I%iUWA|_-8=xRwLVg^(K3S_fHD)8(n zNWr~(Xi6laz!tT34FqG-DG*B%tq@DpN5++Txje!Ag2>Yd2bmTHND|beQHN%8P-v+= zNiB{LRQ4m&4%8@YSiqmzS_9!EL`y8u3I<8kAXfbuiNxWG#+iDwF*?i>hB|U)ZH?KWEw`+gb2>!9IqVtXM2aK3aYn$-c@q7%fxO4S*h{8q!g!85LNhGLyR&2Sjj=BFoL%xGO)j5h z=EuEzTKzBSTq4d=NsI)h8u4KdzEl9RO*UI|=ocomsRQN*SVF3G&msVtIakC9mdi@Z zMDObTp0W!Zha~#_v)+!-MLHuqCdz`OY)3|7fCJczmB#3sMoXMw5fJHEz+@vkc`A$(OR*D zR6RZ@ts@x<8KN-?lr_ob2*+wKAVI3M702^A4G;+z1WCeIG`65o*6J`^kn{XEYkBq0 zNJu#eWIr2DZ&*}R=W3Ow9Yasi8F3Hw)g=18UP!KwtZC>NhD)#vOU{6hT+=Ygj7jym z*R#w1Tq%RjplmPr!GJ63m7dq~?9q6^i4avgyoo)5HG$B*Bi-Lo#z?LcSK!e-GX`R_ zUr8Y02UsILgi;PYai-LZyN74vv z9c7Xw(##g!gI&~EJacsT?s#Hakg(T_Xh32?^!Q3sJbQvj95A&t3aPYfzE#fF#HsU6?Y*K>v`57%r?hW<&q(sS zqXV#57M!IC4Pj$9=9&ekjR>&DYK{xAc&J?Ot8MLCS~bkmcp}~jwJSY)`gHe+`}G?Z zpD`vKAm)cxY9hrB^XiwJND}MCv^xs*#%0Yw`JP4Tiey%<&k~=fQKY2mtv=Hgyl?|e zpP)8=`T4BfRm1It@eZTj5zhbf|@yT)kFGws8-b~HGR_{m9((GfWuqnM5jYevL z#-1;8!)cOG{mXdt_^JBItb>U%v`n8D&!4Mt)D8;5fv>~_jv}wg`p8-#_)6$aHv1|6 z;RvtJSY)^N1!IedOcI*6(O;c%rWS1mGGxI8;rpN+Jzwd?tjG8*<>Z{iIL>>+cl!|~ z{_hGF0epW(1WS29jI`uGOw(C*<#Tl4>vFQ-hjExN8W$i=4*cKRZbe}G5lh3v_%i=C zq34m<&nyi6Ij5S8L;;ISk*JNOG^Y7hEhOy@albvqLR>Mf>C-+N#hi*!Y}BC=|hXfE#kyZOgQ8vchCgEO+ww~t0FoU=qxLbBfy=bVA= z!HGFgRLbm8WRxmev5?rF%0Lf~t+sVLYvVmE_c9-~SZR{JF{G;LsJCpS7X|DgF^dP} zBGbCUsLG;it*TBP9~FY>m_f}RCyZSSO4bgZu?9Ubhw4w-r}IfWqBy<8k_?Rb3FlcH zMdBfFHC$rp5cd?X7deg2;O7<^>*4pc1+L5-WeS9QX#8R{Lig;1bt@EP&6I|vEK~-T zAOVX*k-<7m#nM9Aedd9Zq+;pquT&<}3kKaof=GP=e?1=QpJ3plgKQVIZ0*@Y)fq`5 z8ep-9c6$+99Ft2D?I9Y^S+8gH=_{=geRj(|G>O-_kH>J_HKo0VwK3imQ}v!+wByzE zC#Od!+ezmC2;;r7v>jXoJn&fa80 zDj}cjpP=dV7@5F>084W|r?F>R=z%&RBV(lVhh`6$9`6$_CueW8N`bSu((p>DPNIli z9aCki{rBH{_YfMOKKwB5yPqDb>CLd9!Nm0Tn(e|_s7moHWumlM2)k~G$TbzPNOU{s zVw;pYXzR=R7O!X&Wv&TDAD9Yw6_nCt7bI?&7o%bGw2h6&Vc%ENcz1S;th@g0(ZPP! z!k8-h>`-oQ8DjQpcUTfnt*ZturzU|_QqVfU=*Z6 zvK2TPjttf}Vh%xq(otM8VaNL=M!Q_autU@7W5`25dfYD$MCaGVs@uSi(*j z(Lfs4X~Y&Rtq5~f_U{YR6cJ<2XpIMr%EQCjy zknNZq9kyFL)uBh-n6HGOEIu$t_dV1fFZ<};3BIPQbY+&BZi7PW)2VvK$7sn?yV~cR zh~>FbGDf*)yYnIF5_G1UAZUYxZZt#(+RXw-M{^YHX+L8}MdZ^qN}pMeOoJXSm^r}L zY$G&ReeMc*tJI^Rc+DDBsst2mF83vfMQ3X!PpYGmDJ9(cx+$Hm$Xi3-46jOG zuZE_w}@ek^o~LY&lcn-d{1m!~Yu%|;`cMFlWtT(Qe`uw+%+s5*NG#@l7sny~Q3 zEOp$TIhWqB>Gaq|!2U43pvil}>3m&k0Mk7`p1R-7XdE8A$$+bmryoimr&R@^crqoJ z2g^OjL+k)TXig(=yk}pe*+DJ)iiQ&@-8R7X(s!y)>8k{8yEqB$;ji#JFn^obonRR( z2^ZFiQ-1^a1>oDStkDPG)y(nFv@9;hBk+nSVrty;@4#oEzw9w^6yRu|MNHYyq0tNA zJE`7mc${Lr04p0jyN%j&LK*VyU9G09Nw0?!Dx85rl0n-i z(GE>}l}kD$k8o9JPx+6>&%hCRK}d3fuP1>y9gmHFGRWfME7I1>F;F7VbA>*;D$VwT zH|7q`(dFth;rrTHd12)0dY{EX$~lSU84;3kvM;Em8+Zrm+P(5oy0OOxE9JUT;mWvv z;$APg<0ChubNt=ova=U%$?Hbw2})M#*FubtNRsM0GC2$>C z{l&1!{uUGj0lu=PbMgD0gNL;;j9EUN9&1}8=O?*Nm>`ay-H_CA=vQ6(-52ogXmmo| zh52|iS~aZV@vA~>B|EEJOYMP2M(M$Gx*{x`T3>bu3G+I6 zk`P`AbI+g_j1Wo+SVWwYU0=^bZwBwx@yb{&7vs^T`q=OF$Tgfd!$|_RKp!66h_#Sp z)qjNaM{_}$eU4d31`yGdeU+rMhz8k5&e+8uAjz`-_g>G5vns745<@78nk`5uU17ck z=lwnBlR9r^jxB(otm(Y3GAy+B6ndZwvhJBRyuZ50E_}e~7bzzKJcs)yuS)kL1h{yvo(B30UhITG7-{EO&ydq+! z7z|>DGIQI}2XV@P(FX#7zMQPsB|$6>2)ZIjk|;trii{_YaG_7h5XhWx0_THaFXI3eXvwaCdYYUj zc-W2WwhW?k^!mjV4%C_)b4(*mp{pg9L{WkhELc43^%UpcQ!d}1faVvDMTk%u&p9E# z<(jqsbk$dembqsFg%Zxs;Ips_XN9l-lg*UgEvU&J9Q@B1lSi>VJN&}fh3)sX`M_xB%P;_vq!Lj4~#>-$C>ioKm3 zB?SW`5sWW(LXPKh=kaL#m%->SJEr|3)miOFs;53F>+cfI62c`VqQ8fJht=KZGaO`} z{QdOzR7UW_+0T>xVpLk*$a(&%n(pg|8qh-!0xp@nv1c~$y}m{*eCLjDJ>4)3)zqDV zZx-ilv9KMieO%MiB0pm+BDew;RBOKwSA@{#p8NmLx=X*f({4oI(nFY#NTs^#iELO= zenGP}p}W)Ik(WV+>*ZHLjXc`sQBglwbI%PSb|jRLC6FZJ31>(d zoLtJ7YvK~$Te(wsdA1Rs-nczCU`(Ok*VY{FWYo}`F{ISH5I1Apfo%-X&w4hZ{44zu z$lg4((-4BA>quA{ra07V`-rf(4L1{Ne~IITrh@KUnQ7B(;Wr!mUHPS1#g^FL_dQOm zcJN@Ejqic(!_}UJJP-;1J{RHjC0^VR#ZKs`VYa|Tb!(h{9$kM!EOcmo11|f_q!uyH zu$;jDO)<-R>bu-1f<;>=9VAXy{XO*GrSB2yAI;w|dCG|(rM=nwUV{`;y7Q9oe(C$a z7fIdo{o6G^viGxFt?Y^Ijo5r1(U{oy%yug`*X5f4Xr4+}o>%A$mZD3sm#^-v8*nneh3G z`x}zI@LYcz9!&C?Y`C2Ap8iF((bn6HhiULOj@BnQuBv($05oXciOZ{i{&rI~JRZHG z8&My|+>qdq51@wBjR@KY7fncdwxl8sC-&8by*jEQ<=ddVcx9W^X}(ulAPT`%X{;*5 zhOMfJr(O73;jM?Y8p+h+o;P(F|ynhW}(U@g+pzS7)4WSq@t0@l6VWiPE}}92{#H zUqTe3;!xkRG_+IYn-mBW8FV9o$nq!My+ACALw!|&c-m?@v=iprkcn2WMbcc*d)5Y6N+D7s@?m*G1bk(c1$ z0)tvJEP89mIYd*9vJOm|M|gp7#NvgHk~b1s5SzaOmrOoGQq0_@sTkuGFb**AvwAD9VcPQYRACVcpZ{S^QV?Nz|Toqsp< zgLLNqvG+jdU7lnq%pd;oKzEUN@$i0&PoNM^eTR%MjPqRrz99)nZ|q)e;(IEW-?{zm zaNCza@b0+(vuCvL((vs_LkDNf%>2sk9q!j#oj>Jkqo^*);Nl?f;5Pe2=ZR*@Da*l#Yb7l zRuqz1x_E>nXXz{=V#%0~zk7mzUu@sbV(So%c{8S$gA%{< z{Hyc4%X5vJF}?C&;XBvAI@e2u5AX0fUU8s*ZW(Byc~%(f4#}MtEc+Lxv|Fq5?r44H zjPlP-?LU`p(~rIHjO|ke{yV?F9e$g#yLZR&cY1*DJpXohUMWCuciewp9_pW44qDvD zrJVS8NA_2xk^YsbUaSg!rzbUMoPQ~b_k91ZJk83Bu-|Ux#!`MNNHS$oJ-0kLgTgYp z;$P-e)a7MuX%MHFrjv|lh~5c;K3$AQ0}}90=xRw~Gol!l>(hE(@)dFr)g5d)rXX_9 zEWUSZC8W(ux1_CG({ndlk>Ez}Ob@TEP_<0OheiIh)FEG`Q`_^=B@@2GJL;elP@7(8 zM>eZV-s#Eclt_Q)O5e{_aQ%ewuZSrW)``>AjPPx6b-Q=M)|A}-dI;MIY=NxpT1B+i z^toLHn{1<7DH)S&b0ZBCH}+{%FOXX6BTX)!-7tk$<&|;~EtA6w25QqdicPSIN@hw# z=zd+e&~yK9laE53-i>mPLdGhnMhJboX6MdSW#0b`#?E@w=LML(XQjA@$|oy&Q|6 zR^44N3m~_$$<)d#a45^$zb&igjDcdpd{c7B&1g|V`TTfVqmAp(uk>h=)%MNurnxS= zZItK7)7E{`$<$5qUX2HITPN)>T#$3ZS2PBS+)8reGgHjC=_W$6FdrCo%x(N(i6LQ0 z$e;=l7P{hgoE3gUlH>WD28e_Uf@D5I6?A>N#WyVWW?6(n`o14(QAT;)D*M-*ZPA_a z&Dfv_(7*zh_|v?)NeNoj9_!Gpp0M6I!G(etA^qN?bx)U(rV3mk;p7t@ASPZz(&lSGZu-> z*FqNQrvnGOEej%1r+!~$brd5vZ+D^iVBgi6v14tD=&dcG4UoObYAQwA`f+{j6So_# zu?_I6tr*c2Nl#IQ7UXIwMbx0^m4!MG-i^JfE`+}(M718o-&=H*t=_tcf;!TDI=XBo zVTjBqPAM~g*DqZ~NxN=Jo|~+oZ3B<5HuT+Cn74Xd^B=pqOuzon=I#AwI0_fWi`@%1D0YX9&{c?vBe z{u`h&1~32X;Ek>^i&tbY!+L>mnc@f_baa;VcP_@Gq4{|juvLxDb1+YNV3iXl;Y)ks5qOV(oV{RSts|0svkxK%3rCDl==HIf}|V zM3?RH@ETVf1N~D@=JdM!Z4FKvY?LI8@J74j;k)C>ru!TY0+Q6O&l~J>T7PQr2xc}T zbH+EQ)ijCGVH^(L3BplC0}=~@@PZSdDte$`K15V0-H0r3#|S4$L<7AOF^&YA%PY(YL?>{8R;hpokb>wUluBq^M3R&TODy1>lR*mp%{U6# zRU9!K(s&>fHoQE-nGEfHnH58m{w5=>9 z^(ctVAbcb&^e@cRR2bh#nC-^X&E!+dJZSDww*o@8!Zd!feL+++?l58jj_P~@Fi4@w zsU^w=XP2-ZN{g(l(n!*6*l?mc4q8ZCdu6I-xGF#pYaz+%uJ2Cki)R|W)H*RgH<+^B zuPQG3I%rVnp2d)I1WM211Vhn#+V0Zv#x-?0DVcBzC$MQ#uF)!t4(^;{h3ux;7H8~C z6ks%RAWw;3?3L}}8=ND&N4!=kL)#o9O0ylJ512z4uR*4@u4qV5LimabQMst?CXJ@F zt20=&3VAm49)h`LVURe0?dgg}5yDZ#u3R|zywo@%;5Z>DVWB`YhPT46UkF`NIl;je z@r`QltGxH!SbU}$%EkiZ>v#7D&~EkdichLM0bq6Y@hTmQEGb#5qF9~zMv;k?p-~xn z=M!}mjdoaVQHwl{Cqh|xZSidocwZlKXZiT->C@dO-ZmLUvLVsYK^?e?Ia5Lu6@XM= z_~Q7W#~T)(G1eNrSSPTkU1*U{a0_F1LD}^4Vr}7c$NCj#Y4U{`3}fDy!x@xL$j-ks zrt_PlId8(T*Yvsi)KZf87OvNKM`1U8mJisb!W80JYqft;rk^D^HdP~TSwS0V3ZveV zO3vY;%Z?RSecHGKnAYk;%_Uj8FtN-?e*@?BWIm!g@ag;|Ud!q9{eD*g&!3X8L?7`l z3BTf05>YDu3In4{9HqXv^NmD*o<@-}xZavKDK}gJ`DtTNXJ<6*?;%Mdwg%UWHz2=E zG&||+VA~F|kr?#>>l@W;z8H^oazgBMBY}O)fl?lItJU1p8DaaN#=3;msT;>=rhRFm zQVg^D(4Wld^{rE*qjG`4k%-dvqW%7ETM)p1y6_&Vf5l|6p#$VUp-aazv}r6k4s_0u zQtbX$2o=|6RdHhN9`j2IXn&H(*yR9rXN$3rb9FHD9t--P~gig%1SU9i1H$xT%)6c;?puBjh@vrb2D(KyW zmoJ___hb1=4}hQqAk1w;2EKUy94)FqS{FM!Hr;r!+kSN$fYWB&(9<>!aG8 zU^_KB`7kxRC%Pc(^5M;=NGm;x`2p3>xrtV@My`Z@BAlUh`$%b8J2TxBG4sy34uK=Q zI%CncH$x2*Kbo8%fZTWkdiKWN^VmL|MFe3X(v`kBR01cNI*!d5Um+Z?p=p+?v1VB_ zwus0ip|{SIR{$AJPLI&*7H+&@@xU%)Wx+ptf=C>&kc8;f{wa86X+Y2<2v{0RU~U64 zr<|#Ed)q6=;A5b7Svi#+h?&4G90My^Oc2%o^x#<=uyq$t|CQ}>ew-~MxLC|y@qL&a`$8WG1;Vri*t(CZR{Iep zcZEp+u)ATBX{)5@z^$3^T_~->q^Iq9N=g$yJ#F6fRqHczo9uJ0-^%Q>u;c}d&@_EJ z7o@%Bprawc=?V+88p157?RECp))N_0#&Vj@vXPDs?gCBWjL^Dw7TYSV4I0l~K^<6j zvfzhtm@pdOiP&X~vt`#xt0^L_f;yDd)O9~5Rv8q1CGYn4( zoURR1zy0&4nR?qf$1~;Hv&^MPmV}eLS=pCU0N!n3mm7ncf@R$}^LK*qc>7q&nwdAw zv~fPCScogeZ`p3L#7QjlE|j#5y_D>^|IeZ}tLf1@L~MF8o;N+@thDcbYr#pvxN3Xr zYwOHHZuRN>T=X39LPxJ;1S}TmityVuruPlpHqGm_vq#f8<0}k#tQ1rC{@wiJBMtwf z)-`oT7S+gyTkuR7xE=gxAI}b79lh0$YgQ#Gs-3ozRq@W8YkG`CjnU1~W*vhoU&m%l zpz-bB+m+DhH2VNH^NbTVOn=3~CM1+W8Xi~P65Jvl+UU*R4Rqv0p-%%6riFH1=;PoG zg86Ht%07`W&Ird})@)>XFe!lWqh!{Q^$2bg7VFXK1(+=gs`N&)yt*5qeeIZQ69K!) zoV`@&2BrX|9E{NprX2=I_=)S8DR@ z>$KLC#itOLxb5Bbi@FPXZM~r&8^;7dHX^3;KN}8L`=SRFas;zD6c3xQJ59y%MtJQ$ zYr!i?#d33uoL(JpNjO`v+jbSa9*-bbD(m8pD>v3R3fe+a(iY%Vg6Se|eaU1Tk)=&} z%eRX5SztlO)je9z^xKR`^*Le-fi9__@Ca*Ne57a#5uXuwtm%ynC`*njHPyMkft0D2E)bD+y&?E!|cH*TO5;15^cx@8qb-B6US_UA^=y*hT`kR zDCDp?FODRs#Leyoe85JdFl^MmM!yYeiX?KN$wR4{8k zifxy2G*1PxEaVmSC6KF6d07^8iQ^FS(3^a;IS_09kFfR(+&F(oB8%g&@TfMsMyZpB zX4zV953|W=zFRBuVAHw!XwV5rqp2*b=_76tNgKmZ$rs^6W|}5y$0lL6l2o@nom%wi z?qG$JMCoLnExAD$m(goAmhqLCPLKBqmy@$Mx9`@?gb7NQB-Rr(~AOAu zYcS_kWo+5;-+wRsKqXmuR&$B9uAJ2Q9t70sg&7L{I9ESgF>!1K#G84Iq9U-XB~u3m zqKpiIFee#!16wi${=TRipf+<%Ib*0M@VL78;QPnL)#K&@^=F)!VL^jQS|6&?sQiCc zy-Ole&|BTenakd6OMu%xGcK76zTsQdobD_9b2s@;ifanO4nRPlBnt=e&{w@sIwv)k zKd=XS??%uzuAatyL)3Zv(CzIWw$hElF{c&;VYP3KZ%noh93yf~h16~q00{KV;_a}G zaaxd=a0u#v@s<(@+4AZqYjtNd@GhBd6qxu010|TM(@cUjy0bOH>fEp3E-}Y}th`!p z-BjTgervUGu6iS#BCKICwfjr!0o|oixb3VJvKu*kBx!|EyM1lQa7M$8w}JLd{BIKi zE{}Z{$0U%qArf6c{+WbhV-hupNhjKL6PS`-w8^w?{vNVHHNHJM*hi;kB;+exNbBh@!EnoCw#CMn)!KqbDm&qs=M`B%G}(+4?%ssYnV9r`u`xd`WcTL^jX*F*GxW!Z3xa zhxT=!u}P4K1o9)UyN0W;I1tyAaxgjid_U&vKdCZ}o_QOeMiG_=Lb4UuI*zHMS+BMep`T7EZ3-DnwTGqy%3p-<8t0BopF~mSV4_i^IIerYEW| z?8(qlG8FZA%C_ltj5)#Abd|199^+~u4AFtE+y`DBGo_8QM24iS<+{0b4#@TPCwPMDx_9%ye=FzpPDE&6 z?#5L3`sZ>rGUshB5z%NSq;st)?i*d_w6K=OZymR<7K%4oGh~A8(*2* zlEz1#%|ULrej6i{(d~)8eYI=O>G~XzJ&hL##|A@fUUW9c-GuvHVSfV$=n6U1Cfm(} z1KV-HI42@uacB}Sc<9iKXC@zauJQ6~$1b`~;i&W-oGc-`5y-ScvwVNuh+n4V?)H3< ztSN<$(Q3A=bvbM$1WJTDN|Y;wW09IZNXZVTnF{+PTDhho`YQ zfQg-AVQ!-Zj1t%h@G#)=)2FY0QavxGHSk`Yn}b&=RH#;vOp=<-pnfq2qrMlYC&;^h zRtMv|Z``+dTMRayy?R14xeBuo%Nl>-H{g)`QnF&4l3R$3y}olGY z950(a4rwLO#t_kiRFHWZp{pf{QJREURxf{zSNY+;_Bp~+_3{?+${sJk%QBlH@<5Ar z$3ig~44t(eM-9N-JO${J!fj7AZm|ySY2yu>P8*qg^TlywhRWt$sqE<^fjUvpBEIm1 zg9=C~m;&3+kEh+xoL z$&j`ai}nFv1bJ9%My#w609#cQ?E_TcdrM-`NVXSuyB#9wvEba0B+**i#d^jK&`TFu z#`dDwnInS4l2amX zfkHG?qkS3r+=`;NHCQJ?CY;O(=Onc1>YJu&HrtQcF8rmX zw#yW%lzgW_yUu} zcNtQLx>`6VSO!bNTMJ!Q6AWZc{P_eb5Nei*Y1JaS&WsxrV`;<&rkR#)tg`^Us?u5{ zR#P<(RKK^B;b@JwN`*u##T{s%(?Cec%OcRkbp7XHy_r=8^qZk4%;+`Xc&jRyFpEyPOHTqY7= zD{OTHJa@Jmy!A*ov`W5SYzqW0Y!=e8d5}!2yX<>7%lB}W+X-j6amdNPNKDJCuNcm9 zF&;sYPbIXq2?0IXuWp#+sy2C6zSBTWPn~TjqN1f5O_twEceq+I*kKnO$5QDD00v1Y z8xmYK66lqdm~W0k=DpKvY8q3P4emXc>O}4yTApt zY^sF~wS}=bp<)}A12Hy}(<2*tuN#Ui+@s9gS*Koz&Jm6{!QooJxbC2Fbb-jqGVPje z7(!dT%>S??P@1+fU)Tn+VOzA7Ufgu76Kdk>_HDeRv1;}j z$5cqdr!*u1<{NR<_C-Q>MjE7zlD%U5B4Rj12@5;r9Nh|B9i#o~`1Z0&Z#COSuIDO! zBiLRGOX(?*;DAgaHxDbjGP;FVSD2Wb9(9 z!<@I_{j?yMN)RHXDnbB(;OJp==wf%~uc|F6{u(Q9I5EZD%UTH%^18 zWE?NZ&p5b9H}ihH(g2WwfMx&!;Xu+$_eEIiibE!U_l@$K+Sy#PC|waGVw{L2lkRjn zX3c<%8TkQc;RoEXEBE`JUCvAV_W*NhL2g5R4FXvh@TiY*qV;%-i!>`wA5_v-cLCq7 zN^RBj?Me-Gm_uHdeIr9Y>t&1-ot2KRs1$0?+X(q)$p#|87+YEMU1(9jq}_h+45=s; zn@7W~$cpiDedr42w-cApX*K8xWrk^&h=f~%+n5>}T8v*&UqH;?E8qE|K!POwh6o)b z>Fraw6=(+%cO-DH>2oD5DX5LRUEF4j8!v66;{Hh&Heh$_%en#Tzucm}WeT@|{89^g z1E0hK^BGB(|cHT9eof@|tZW^kcJhjnkZ;&uq-LTs4<8f_S+*j49b*PRzCDMmf z=L)$Ogd`{UdJ>eKD4Sq49@Qarg0JDsU>>`x(b~`vXk`)smpgh9z|AvnG>LUzl*wPk z#BUZR)4fD~#y7BLzhqLF3bxzC98`g9z50E}nc8LVbHtZQGAkWecYvuqt7+fdio`NY zbeg+)>`b@1`BtDdj;^tD=pIO83mR{=04mjxH<15gcGxnc?n_|FgnXmR$$yb$5VMdV zTfaUPc+nnvV{iE3{h>wFxOUgbW*~F{H^)M%7KHD&C4KF3W6^-Fov0p7$zYe9hcGL| z=7^^;T+osdoMzNk_y^))^<^nnY-n@5+x{)7Au{&gS#2b`lpr<8Ja#v=tO^-efyyWe23fqH?{@Vo9#I%N1XO zQ8q2|%deKY?D}?dTWF20+%%qucf$Lgb(3{jK7JJGkd4x%2AFAAgPPhC5pLN5=K_M; z?-Zw(Q~k=J14gzfJcwaevGC(&H1X#3*B1*;7Fd!HCv>}0n3_)!%)g2PDPetc72-W- z2})KQom`+p-BCsTxPi|kVv7Zh7h4I2?c1cDU^=Fu|Dj)_zywh${1588`3Ec~U#~w)vxG9|Gzk^awRZTvYKjvQJCs3~VykkV@oZT^(HxO)O&< zfcbgzlEmc_XK3Twh9F{Tqw}Q$^A&_P)`OHn(`H#kUHF~gN}=Y;ygPcbFUBJv?@o(L zJ4^eE)ZmE51{o9QE=o=Ovkpv7k8FLdB3N%V%co=0r;eM)`f6AZiQtOq z5&{T4j(}R$<_>^qjFWv9UlJ~Ea7VN2=dk0r$b!5AXRs#j`kWQHCr4-fy(C=P^48=U zLZ$upINlhp?JuNSv90kyRUf8x#k>(9ae3d4|2|86VSRUxJWHAv^hSuYWW5>M#$Wdp z5I5elTf^OYRscvh_&moHuAVJrXCor*x3q@UjRjIG-f3yw?xtl#gC?UE7`_2 zu)BWC6=8nu{Hj!evUMx5sr5}gvFY?!C)mIJ7m~FV%S?Pd%)9knWac7a%0%c0&?|sy z#}NclJDgUZ2i?LW1b~lp?ubf}-v+!$xnlvLN^Q}iZ&?4hjYp+i|8!IT8o8E)$2js3 z6K&|=YDL~a85&F3nil$Bh(3Sm&1X>j~hm1=Q4ap(bxF^UpmOz zjJ!oqbzRSID%Ns$G&-Sev49SHw+Wcuu=}4Tg!1udRFmo6OS+9ipf~CJCysP3uamBk z&HjGh)ap`#y7AiDAfk4o&VQP9H6Crgu(l)GpD)_jzOvme(@973+=+_IQh9W>)Af_T zbGjldt+iEKj!I9S`t1w@6|p#<#mC8XpC00?mTEt#W%ySHh|hrut0pz zLA(o+EijtV3`s=f4Y6$FV_|}Nz#HLM0nv=&lCg`MA^3O`E+(7|AS;5d)+eO?bQ6SI zK^g+2lGOQbmL#}1BMJM0gviG1io31SEDbcsHB(%~KA5e@3yG!pf{4R-H)41hLMw`7 zE>4-SL4;p$ITr`M5z@7wTCq=9ct&uz{(z~x8SdjvaF>ilG+yXf7@fNp(!6bsdL1Nt z8?gZ`OahMsEV0eI`E!(#gwt4x!@EszF-vJA2h>@w`OtuHh$XJR7x0nE^*?O`9Emho zA}r88Pvc;@Mv5Rv$=8Atf!+c^83&E}`h^fU4moa3EO;ff?X=m2>W68YMdoW#XL(^E z(iJ&l5jn7@pY5(vYrH%bs!p$L3R~(73i=8GvZv10a1jo99%FPgIYFF7%}(s|B~hXa z&!sMLloCV*8b7t-{0Mjf`Gw4zs;p5+B;hMaemz?kn%L=ucGAM89R!CNmf6&X=%tbo z7Njc@OM_vImh4K&*d--bFg^*XY#yP6@*@Q0aukrIlu+n1WPupsD>1|?{2Pmh0bA`H zO-^`JwKysX`QbQY2KO13-+^t+1W#dvfH|MrU}+`E66qQjR{YtBP+o&UPgv>>LWO>OVC zrT<&X$!5!5^=MuA-bQsxKNaLa6YFGpbo)0V?@TDCbwZz*Tu?_LiDe~OtB=CEsxBI! zgtIw~2nrd|m6c;cLQp3GC-Mk3agE^A;a>}( z7C@)+Q!YA9ZBR!yV+n;WrIRf1%;H}sS<>q&*06#;9KGx^x_2Xz2K-TYngeTqRa;w`Ae4Ugw;&vt+X5HHO(9p7u_z9;g%-63;ZDdR1ReauEC(kq!h!<*AKw<#h09}w~ zv&{iSMIQDFvH@|BIcjZ?n=a|q$$540nyil+pD^6Kww5yR_fKA{*+D(yB5~CGPtE*a zlWJ+QDq}^;iO8T9NmKyqlBEE(e3uGmj&lxKqFH8BPaFC1#>2j0*l zrzfVNx4Sy3t-U@Q9EO~T+CZ?DnJ%SF_I7rF6GQ!9aT)Brcsv?4B4J1Eat)+=R9{IH zZfRL`C&ac@O(p?kB0*1Pgvk<2fhfx0&IXWG+RHmB0UL<5ki-p6(qGefQBq&}`VL29TDF8RPLjyPlH1!sOPkuwtV7?tkZ6`11pN;! z5fsNdv{%ru_?{q7h?X!ei?8K3UW7?FKLa?`ZK!mZJUw`cxM|v?drb3?UB$X0$=vN~ z-|ih`r3@c!dGc)$-4(w6Pd592sr1~@ZCUc+#9T-fE~0*Avx4Q+;3+^jyVDAtE50jC zvkS9eNuv;8!qGcVA!gdbZkEm%4{3}g(W8^=fRIoixuinhOFe>y35I7Xzp`28)DM(c zMI;31G0QLb1d)#r&MqF<9F0f%I?8h)V2M0uJRoO`$)ng_3ID>_g;!UUSz6=Ba9)$9 z&P6kTMOZ)~yILB*RPzyeufvRVy1!(QlLadKLPflU(@PqWg|&E<41Ml>?)~unukP<+ zJlc_DmB3Z%&YQRAhtr|FmbW^_Xfzrm3y00sl`{t`9?Rmz{soMr z?AKwh_lpi6u(fiR#EfqCm%U!^_umJI&e8C_(sg2JEQq0buJ`$KulF~WLh+JR*cx-% z`nWGLg=l&~3M9^=i0~mg1$zTw0rcQKsNGA2)Nw7AJUlgtY4cbIXR_wVG3@m|klDK< z1hsJ~i}z55^Y6cBv*`bgr97KUb}*~pwq!!0&!63{!!rWY9YQV9a)*>h>M#S;IEvLF zk*Zld0^*T4gda+T@`3&_byY{trI=#o$k}NuewZl zx+4cI4d?#|;~^X!71Z;xq^Vt0GnOg?=#pY3>U546M-PO#4xJ-&o%5BNiRBY<5d_ETCPwE)3!m(0d85ugEtnBQ; zobfBg3q#-?`)cvU=*4Ky5eD=9(BAhHo;-g3{K@ba6s~hfu_j@50feyJ(`5XDGA~>S zA3uIR91Taq@t(r5mTh`^YHAO%aaKe^B`-CA35PkR0f_}c4-t9*w_TOCk#3=*5vQ5o z5k1s8baDc28uKVTv|*%Xzto!?MC3?@miQ8?YON^5mkI5~!b&7yX-U>g2#3wn@z$~! z9sWF3s60|ADPSag1hG{Lz3FbYK^YB)QNkh`tb5x2CI3h%C!ssA4gj=5X#`N98Hvok zB_%c$2sJ1*HIIXB*z0{ddwYEN@y+Dq@UK5UC@kZG%LzHMSah&im4pUy)AIgRuvqN@ zf9?OSc!NVM@z5!*_uu!)h4^144iI07{{^vt5YmTveE;vC`{)mZuP)HwCAzDix5r2O ze?#iG|M=AFo!OAZPc^2E2~{)#vxBe1AWtnh!14NONjRzdUdJ-(`O0f zfh&vRQxAd?8Qgm)QG>6CYWJ+$NO3Bc!;oCNCcwb+*E=8yC*~#o73Q(h?hr%y$%6QV zW)TZ6)Ugvzr1_yUG<_lC8=B)w##JlblO-e;OFEaIKydY!QHYaIsg^?OgTaG2rtA?*`=J! z87Gg>oJiQ^^m~a2{O%mB@hZ{_z*;Auv7DNuA&d3>j85!9q}|DWQllq?qj?(Zr84Zj zWE`1i%G$enF&=?xw{Lv(z}9i0reqhO1NqGDU`R7Su!sm8j)(S4fg{_lj|QJV&pCrw zI%MA^+m$=;z;LGpy}>h~qp4>Rn?-a^f^`rP{Zxsg081RPh2!1Ge&OpxvSRXbonkRB z^-$I?+AD1nGg^xot^fp;jH_)%NM({<&bV{ij}zL2l_+3TOonXEF-_fd5}mL}7e$c* zZkx?WArTQFe8etJuz~isL-PW4vm`Z}Q#oMZz$p<*`?l1XTy1cB=*4I>Rv&c8)t(-x z=fkhQk4CenF)K8CTm@amx4yjr>(Zmpc-PaoLZSLuyIkpQLdavrF49C(QxCh>8+b*c zH>j|;Hz+W;=gvZbsUXk;vZZ`z z{jsTod9tFL+YgN$)cK0q4(3B^hjqe2~ylyxn9)6{ilUrEj=l#bTj zE8jM9CJm|76ttQv|Dst%K}KX-kRi|o88nQV-!=zVz^l1Q^R{Jfv@@B>zG>O&(TwLF*QyODihuiKh;z&iM5)2;_ZVj6iM?1cK4cG|d;(BE{JM4_uYi2{T!lQ673 zbJT##a#uaHnI|ke+?c7rSDmnNI~UP$VRXSqAJ^P@=x;hqLuaRTyXtQ??dl>>fY41S zoI|3af%>Kk8MEW3?w7`$#d%*}SydN=xy#xTP<43};dLX3E+JN(q4}lz6uqE4;+uMZZ~)IS$5BM0cZq@pAYN<; z0t)Tn2x?lzavujvGNr$flb-?FXgg>p=FXxF?&)Y#fVO<1e|lTPyYU2dUV@*~`JC{V zG$Owc9CF51FEJExR=vl=aW_~dk$z3dLjcurRz653kNQo)WO>QA08}V`xkdleN)GK! zfV|p2aEn%})=+}FYwy>^^3Zzd?%hp4n<59?UN{n@TYp=@^n+6_b%SMYyPvd`B<-rf zT3|NF@GU^ki&%CAIH@MJQO%!?R$XReoRU8mauTW@PdX`T)4h~DOOM}4d<=ktLN2|H z$N$C2QwPGo$=Lhl1aBKdn7UcgHtv1+a_UJy)=mS+VsG_^+3BwYT9^zRzooo!0Xjux zbY5#{RrG!i#AUG8L&*Ov$`Us3nYi8{N%zoSMl17CXI$Mw;}@e7+EZpo2GIF;4VcGe zD7y-Xad_LlrH^%>MwKZ&hbf`VD?bo4Bmw5SpH7rpfHC#}c`?#JYK9%x^{9A`Gj!^H zs2Sm@pGM%Mv|W9U$`-KW%DkUwM2nE?dV42@j6bub^KQBGQ$ypjV|7zFV}RqjUo8aR zcQsI7)X>FsplnB5dp}@%mp^wW7feVp7Ku%G^!SAK>{XQ=v;4U$EI{a2Hp@ui{<{v5 z3R!kxh34y1cQ1e5NCwT#mhD^m*i{b!diHY6b}oP3NU4F#KU0n2ipHCQ89&o}FF@L8 z4ozFdDvcyH4iyvot+%N)>@#TB0PiU{lqmKti)5*`rhX)@`nC!F(mbrmEw5lfQjDJv)4P^gla*IMc$Xj*Wy1AE>j#|9W>gJ^%R2;pE`(tjn|}sa!SyoV+{# zWdmqRFuf?gJv(>1f9=qXTlp)+|Cro5w-@{KL;L%m@sm+G{^!Z~@#uT}&zJc7{r8=p ze)9-t9y@tx_S;3dbpqqO~$6N%kh(CSJ;sKr;w@LfZ9DfImqR zwb(KUpj4>|vDD$9EOtUf%^0fp0R317jrRVkd#Vvkqe7^^2{JJ=$QqD;RND;mj0q+& zp6ygO_+Js$*i?V&!y&C-7}qM9;-^~F{y@Jn8lyhyXBKMK$FOR}E{VulQ;deqGEkT@ zmZ8JZV#^8_^~-{T(u`hmwmPOl_8ly|9LZI&R~m*ZOk?y15=lfQ8koX?H3ath z8k^P}_U7t5T*~JV{|cKtOQrMOuz@RLV{TlKwT|ZR&X>PUPL3^eHsHnI@GAPUynw*# zKL7(Y_)XY=(pVXNowz{fXd%&qh{SpOhiFs-`wt}9-}FQ!rz`XaifJ4w<7$)-;4W|V zg?<^a+jtd4J7I-cB}9E z5iH~%&Fab^by@k%1Stg0-<%X@<$(7_A{4{pzXtl^_E7JRw)mn25v(Jyzda2g`wKzYfz)|+Ta$bvG0GuV5kARQ<)l`M-L6uSi_e3quJ*= zP$S=i>!|_TJDX=&Y%`Qs%6zn`3@Jx~1S}2A1V&^Ai>IDRjHqly{GbK@Q3mKS+WR?#+ZCzqf zo=}y34+{sDou3SjNLjmeqLm+S+6*|y&?=LmU{sfX9F~qz`6(!yCk{hIV##&B?J{jF z%{(ZOYb6FHM2gm8X*#aim|;{BoWFuQvixm@{8d!z5p6mC?fir|D2pbsbnz;C(E>^Ed@|enKZ{BJMl-QU7uhfE3jN ztcNlkv?@D{AvY+DqAR-jVP-Qdpw-LJl3cMf)cG9uCnz9X(m7R|E#f4C_v!kb+zKbQ zIGyO_$r5aeaS~Rq6kvA404tywket#EMM`aS_8QyHAx6d|D|Gqqxga(=797- z4I4UdLr`OP(MRaVOAP0i906#eI0rxJPd^5#4GzPxA;?gZwjSG? zuQ{d>>Vuw5Y*{wBPSjyS>2H1GM#3R_t2oGFQ(egv|SWamjdBP@ii0$@{xRb|99-&d_CSv#-#&ytD)WYwU2PwxD_=Vm=C_WT3=BW1F3 z<6KpmU`=K8G9d;P43;EX4I}3sd`UQ!cu~6Kwx<bj z<{Lu&|9>C#KLV5daReTKo|ZPKz<(28ZEp%L4`%CHwA`zI?S)vaSUg-|87ys_z_3j9 zsv+#@_VZ-l9Y;s_*$i=}(SXlzFwhC#_fTJLx_ytp99}23y02Ti z&BV`CBqz4PZ1!87iPb^S3b1PV_L6W;Ljq^VG!D?SU2}|_rt>+yM*TsJecIc%$qDTk z^E8Uq=pQMLw0g%$0y7@=J`fEZ+DkQtn!P|X65v!2B-o0e*O_RTib<42p*D>m9N)Uq zs6Y=)Fww!AscNfiCAF(O^u(5^Nfk-*BS2T1L|57rjH5Z~|C<>6n-aT%WN5Hkld;U+ za^(}rP%20jzhdsiHw8>hzD$3%OnyP6Ui`&8nZ9I>51mt%^&4D_M*|Bn*Y3&?cC>2= zn8|190JA)JkS+3@VZ(LFwT|%;XWS| z#-+P)ym;~axel=?t;8%^U3G(u%nH%~{mNz^b7EYKMsNt@U`f;fkes%Mkc`AfO%DAAgvOBHhkO(lH2HW*IGwMvx-2t-IpH7Si1Tqy zBeI9Ks6*vCoGWv3JWBdEwYCB?Me|N&fF$M%l0RE<2w*7d!Cd#O5Ox5(8>;VtQ@(V> zLvb18Ev#e6xEu3DhdzJaQwJC-=5O^14%a3Q3YCmHsG15&(nV;?ddM! zm;VT3Md*IN`rD~tg8N&OLiL5-0sOzZhajz4|4qPB__q>0>sC(Ndhrbn)BkHhqDmK= z9T?mVCymON!l?h`$!@>tlJ>SWw2238(b9z(+`W=+nUqHrY|O_W?@}zw0%=#LGHdtT zjRmF&Kj{>u&QGV={?JYJSM|E~6N$=E)zSCHXLKaN!~TzyUgC)8L+jNNOVzyB&-J=_ zW0UO*AtS=}HrJ5WgQEuGWKKAV0}|TXVj3gd%erH3F81gp(L)kWcCMC0KQ+qQQGo&+ zMW)K4E^VO>r_jDvZmPGW5Mle6Y(=oG#G%^iOw?>%aP#0e?0H>1`bpay5RoV(34!dF z>bQ8dByb(>pKA}|zMVAhWwIm2vm#fT4{h7((C^A~7?hvVO1*C2*6Scfb}iWwDY?_% z#J#%>32#T#Y7sxe4+?%akL#_CB4!#2`oo6bt>-BtUi~GmP#ezSyW@$inUp9xTvCjJ zRoFX>=enLDNh3TA*eb#C8pIgBAS+BGD2Zrq0ko^L$4x|`wm433Vt??`4`AsAe#eCR zUC&MXy3I5*SF@QID4A?3{lc7Sd6KZvrV)1W?iYu&eLsKh0j56qngrWG*FDS5B?mVL zuYTXopx>`^CupYrqO-wZm8S*gG$spe4=BHNf2`^44B-j1UKy1nk1H+4j z#0y8xj8QO2lDwv+XF(xkmsD2HA*380D+4+78%n$49{Lq_NUmR+-UpNypLQ7p4roxY zwSTlI*akYXA(tsIw2R&Qb9ay&)&7p)mpdW3-nk+(A5D$ofYQY)Dug--XqtJRY%7c2 zG}=l5zz*gDXx0Li=B=v0)1!kvsPytEg-V+)nxO{pS5ptQ^uKi-(Pg9-MNtEy%1_&< zS!MVc=&-^)w_c1#4wD;fLWo}aFjZEuxwg(Co$8|a@Rfkpbzyv2iNz~1fpD7FWPRkR z&3GmB)m+wSt9U*Kjo(sE(8=^jzvekG%kk)-5WiK6mFj&mJ^Dc9(sVsK@ES?bQkhDo znHup{XO8V`1GFDeb)?$@2i>!T0u-Wz#~VI=souJqW{khZIf-#BkHUu!n;;x*7oAzA zNntvh$Y>dt{ffi_ExbiTT`Ze%Y$So1_4Z^C`t)VbWhNp~5U7_A0~wMu%Z33k)IqG! zudseIVvv703b09{h7ZkY>|tvsXDK&h;!N!-`JrfUiexT#TVI-|x%4d!g^!80Kt~~oC6#Muy<~-R zH9eUPn*|C+?5Z>E>P)XJ!6Bq@Y&5{CIpf@2teY8zV-J`XTg=<1-5{&!*2OCGcJ-NN z-iDp*vxXtQo{`qbo!ht6x(?T7t~J1^a=R$-EtXq7e{aKld!>&9VTffTK0-fwTn@HMh8%@a3Fp=woY>6BV6Nn$$ zZaaSoj>An^1-d$B8(@2hBN}2!0O4%TRkO#l6BYRH?piVNw#~@tv>lWJ?aS!aW2q|* zM|c6(_%uxPiw-If)RB%C+5V)A1E*MLcg|I>4jR_f>lah>GfU$T*{E(4!H3S-1&PrE ze1R1^eual9{zeb;8>dITEMp$r9KHH*^wK4P4V69$Pu17?eS4iiCwl1V1V*|UgPj+P z8?1wVKFR*W8`}E%Wm!l`9FY7DYzFkNhN>$1+uVyG3AMy@S^hZPR<$Xtak}M^#xDM{ zkZ4Q{C+(WJPP9asrLUhvlMqcTdAcwCGP-qwQI@4{iyxpjtbHdi-k9`Q7#S~XGh^as z40Un6mE~Wc#0GoN1_w?(k*Z&$d_L6eCJD9v4mYf&Olm5A#)3S1(r*Ow5cT0LXECvx z=7M)v$o@Igg^r&+K_m`XXm@>IT7c~qwV|O=l3iUGdZI=oJ5bVqKMIS)EC!m_lD?Hx z=7P_;@&o;?U%J-JE%2B%nvE5>i?EPD@!UA>`*jh$ss#|=8;^6TvXkG(hVZW~AT zhUeewPl2P!oR0IhHgDYdAndE<(#io zP=?wrnE%E?YG>zX=J^-p{)X8jb0e|rbTA*-)5v8}7TXE;3% zfY#w>?<_T zq~kHP@uHo=Nn(ES0e0u6Gd^kp4A%D21%X6*!|}zp^qc1ci9}uWaOj|fptp31J)LKR zdAXG5Zz^B`o!=?)+8-67x-L;pef`Yy1c%jZAXvYGS1U3^qSdkfu)w!()K+m7_~+!6 z&55158@C)5&cG2RDQU`wni?Ol~3xk|tnrI45UbYTBC`@3P zrV#s>d9?);8N{%USn%B%Ci3MA`Ga=j9!0IPJPZtq#SZWALU5p@Z)6uebstQT$Ldy! z-y{#ssNR$Nd^q~5pTF~NK7HtXzAl>`<8-DUw!F#p*%}^IwV*vQ@9%T^kxrKWdjgfBI1B7*(tFrF!3~mG1oi zw?-fDT6LTLzjk!js-MCSch2JG`mCgX`e15b?aOBE^vmS@UHPU_Hudw-8eSh;jJ8X7 z{qdxEes-v>%N{)Z=(Vp~_pQ3QxTz1l&)3b;=XI&{dC(|bU4Jk>AAI!MgXv-Ge0cEr z>%7$Z+B0g_>3VX|D}O%xc+za(`&QLi-+XG9w1xRaKQ~tst98;mKQ2$s?=JPlXssQX ztH~F8s()!LeR^wF+qpS7p6M5(_07PZem=Zu=!5p)`ojDI2OsSI;>>|xdxwLI*4<$K zZlMj@XK4QU{$tts^XhBwLu+_5x-m~b^-CWbg9~SQvzQ&APiJSH^WmyhzqxOpzw5T= zJ$rO<*8gaJJ{+C3KeWD%<{!U)ID)2W!gJ?PyS}?`U$id=hd1j{qj!1pseN`m($}rg z+5OG==zR2LRM!v67uwg^MXxma+CFa&M)TtjA3u#SI&Tk#=kM&BgZqP_+56C2l3k;njipXaC&18=QaqdObQF-3({Pqs6<$%|*}F&qt-ti&=ko{^4|F zjRw%1yB|%{>dj57fBo)mXwIC^mNS5j)@oA2B{Vo|eEzDf2lbmz?dw(v4ewjmXQ$=< z=}=^?!KE?aX4_e$QZW$JzHtZ{TRJp0fdzPtW7 z_x`;3Pn+kSiH0}MWTBgy zb?VRZ5^MKK>&v{xtZ83A+&Kp~pFVtr*YB1cMcg)!P(8n;oPF?&-Ihu zymxVPeQfj^$Da1-!^gp)-iL=Dn)<-J7@U19UoUP3?fTj9sx&)oeQDp^SSB6}kB?gC zXXfRBcRV=1S>1eUFE0urYPQJ9xYW0rU9*!oz626z<^u1p?$l{0a2N&knA zbFAlI&mb|fQnrdywl7}DMhbin0uL!-znNZ6qzUougFuqx#>9)oQKBN57#SP$%7kpu zz%5HoylG}Xi*G>l7Fc$4;L?NaJBWk*+pj>k$^L-EnUfB!N zTXBJ;3a%Xv87^6TU2VZEEiT2vTjX_*Q!9c_Y+H0HcE;9)YR)o7Y^^)|K1%&UcS0tO zcbv}DD;g7d8$#t`cS&giJ0DMDIxAK7Orix=*Vbz!Hk%0g6=_*QTCo|CPf|OQvTslH zbcL&$XROGr9=oYb?1;W+yKstVe0U0e=qElO^&@4dn6Apa114{R;g10=A2 z`9PUDkBdn9yoN}fp{^Z-Lg85JAT&D%w{0I2ZRLcqd8C4Y8?{QV30sV9v+g&L1LZ@(E?`gOa4dC5<13m!I^R z_j@w!8??E^lG7tSB`O>KC}wl1#xuV#&C<-JK>U7<; z_08q-xt>xiYp67P#8!qALh1s%!?nd+_6}61Bt{Pd7h2fxF43AEzie;o z5jWJJHj~8GzPmI{dTWBkbI;-%Fk;E5TMKZOrpax;$UI~bu0h?_=E&v1WJY+P6N{gu zGAYtYZhCu@`jLzq+Wi0G<%xc5LGWuf4_=GLaH2Ow*y8<2B31(Rxo|?pFw?C6Vz8(T zPF>x8`9y27^n%dh1}3LlVI&NOKMM>`a6_U%{LlkxlDSo>X1gxZJabL$7XC}@awU7> z5Gs#nlu%YA;dio1z^!>QZbf54rOM)Ha|7x9D*7cBuONX!7J;D!*CdF;!tvIW7X&xl zUN}(mzyz809St=%gO+YGb8+zy^1J7jaNHbkOsGc2KD{QbB!I$5b94KuHBeDr{M}zc zbN>QM%lI=mUodVJslR>Oi@vMK3Y01f6K#?SKDkU_!;KyQi}8N}$b%3DcGGGvohB#- z3^~39Q=gh8249xgV*ui0EYP6Dq-*^pXlnaZOprh9^*zY^3&j>OFbfg?F#*6yMMpSz z1zFd3kQTq~iI4jN*jH?B{H}@?7FBE`-(zJ18NDsI&?km*O2;{n1FyxT3_VKhtFV7m zJ#|Xv*Ng!R1<;yHOAAB(5X3Z>0i97)uss4jSt%B$hBsSI3YxtrhO#lQ*^9-}GQ4$h zhRj8tWWmLWX-|s2qFZDy!W;=9|M$We8|)fTaFyX`KB!Q%&>HjTm4?jzx(6=`=9?QM1JHp7nE-2MO|SW$F&{TAnBORY4_V~z;;KAB9xTiE)vUJUWHIG= z1C8;_i5hhi2hm>~0;6{eu;*(TAZ$iTCz2i9#FRWwrJH+IZx{B{So;vM{Y}z^L(M~k z#--fhqeue$=R5gO72>d(g_#{+_EqT|+x5~g?wEomU*5?q3x&{Gb>fXGNeG= zK@?hM5DTCOurEV4lVxo*N&Bew`pR+FHVrLlk_rhT zt&e|^m>_&k=7p+^WR?i2vvNkvvK@mIJFQS84>4VXn2U#T3!1KNO`tVTjZbK>L*EM$P-3Dd=3cVZNYY4e-0cEaQee4RL=N;;}ev@qpe!&4yX z#2KsZ_stb0qUWSmv0>Ci^TzwhPqF!4hum_-`uY`lJ@y$h_TY33Eqy$Lct(~3Dj1{- zvj3Nq+0V#U&%`qS0=I@s?r?#OcMSJ-L$ZD^aHB9%9)GQzgW*_nOH)Jv!6U_X{d ztn6Sv?t&jUU=FQt;iR0nwcQ2uD&Sv#g4h4T`#C-W$W`9HVqFO^YK3G|XE& zXamclCi_AY-h+@T@h*~+6~9;vM}FUD7_iyleW>};b7smi&0aXRg)EO_^^*w}I7vc+ zF)q&lSFx>$jA+tdQtB#8M$|I9+f@j=+n#WTu`3*Wz|BP5>mA?76Uie-@L zq4(m9a+;Dc*t?mguPSvi7zQRS_A*!`D@_oS2Ct_F1OFW({9g+!%~q7&!C^g zA1d+h`@|0F1GcR_kf7&rSR9pp%JGm$=o~hz4Gg@cYtbl(ah;Di3qvE+O}qN7zkIvl zb*^|28ZLk_&DYl*LbHFr1jCvZoS-;`b6##+T}v|w+i824qAGST)~mp zDSkENhQc&`(MjQ1aS->02Bh#4An2Owpb}y*;kZaQNMPkVh`|DRzXELgj3nEl8C+4H z7kb-Eaia_u*mqV~6Evw)yR~L_>d3`GC4|VS9R!H@KfrHBfqxIoF#=xC4NGrgkXt|} z$2pjfZ2Sc)M4BKM*(^sA(^Ro7aqKK1SjvNOrX$C+*9#KNhi?S=;9{K#cxRGhvpHJt zD~J%+b@e;d>MyTNKf(0q3W0JSJ40TDw+cL5fn#WM#iawtK@+(ijq>j1D9~M=7_a47 ze7>9*yeDtjI?AJaqJz2eCufOgL8!XT6E;fZ%S8PfPgG$MKvGN(|!A@nRDa*-M?o060`08fHE&tOucwjN715 zcxEq6GO#?GfTIwLPj=2qFJpCocaqrRD_T&EHs#DPquNfUmPfXFuTwJ-43|ykskE$( zNdATGS1I^2& z(EGjMIp!|vD3wa3lcOW@Z>dz0|1Fme4^IyNQ9e38DIXmk9vzqeQ7RvoPfq>;O1r3h z)3d}LbpKKM?z*Cl`l_<{=OgF;Tup%*%`GXLgw$FS- z;vO_R;9;`Um70xY?4?&4R+f`QQ%G0OTshE3#BF*+LGm381TVr zEPPIyM)4Sl>PnO5nHcT4AaNmdmK4W^pG* zVs}n|F_>-en|RkBSmV-Ldf8Jv*;L>mz}X2Zjs^G@YJu)l2%w(_xqO}mYtQ?m{BSxC0Fc)4I!(X zisrmOWGNjaLmuAYJU*28w`uzkW20D}uTXC&jp*D-jUdY8cFiDJQtFhI;{@tWdrG?` z+676woI+wGLq7-UwJUq-r=^Z~b$Q#XRM!Y4YJd~((gz3o`lm8i*Fn42Eu>G z$kQ0=KGC5Sycj#TKq`y~*u+|xG%mi`yGA4;1n_1Q?B6srgP3;m0}yTt!h+q>U>Ou{ z+;)%)J=+Dd<%Ar^+(N@Ntm&S=lK2Uz5$W0yEimB%Q7GdX0_e{rG)Z8n8PevV87Q~6 zrgoQqQaIkU<$a$fc_qKwPnK(pyIiEbiirPQG~vv~-uqI4{4d7lRM8qVO2pcFEr-~r zEB1a|T}w`n1wY#K1t-Ar%7rB4lEJ%j(dr|MzXF~tT&@IulUt?AwyRG*R1>>AwttrO zW-n@il2lluU63xVFdc6ln2M0&O zSan?6vo+hSfI+RBp6xg>+k)I2vb*BR0X-?nP=E$o^2bs=RT`Ux5 zERenQC`1OXfMaF%(_`uLSf$XLRX}l7D$Wozz1deaNs57zRDD^+G5`$A@C<0ykqOs9 z+QU+bv(G}=*ykds8v^%#c>C0Zs~U-{m3lPj5YHwyboI&YZDcG68niTLbOSTs6S@;> zSgR3qBkG<1ki&5~KZ&6p$xm197`RYgns2dKGGf$}f(WS|Z@_t{bAHtrSG(P-X01AC zcG}}wuTgKb2hHkLUqy1RxPorcU0Oxv>RA*#8mKA#bdK^E7QSHHih;tVksJgl*+4W) z*R03sJ9F)YJd^-)f4oHN9=eTw1FT3&K%ORzrJ1931qh8}1Y~QQ7&xRL1Ke+nAo8dv zAn9R8lpL+z410}n?W);m55~LXDkPY3-Z-xEji)}L zSzFg%PO#=01UsWyPitO(c-pV^nq4A8pJ8xefl~EEO6|VZ)D7b9Wa-3KwOu`L^u~>L zz1wNFpMJ0g{mGQuF=FIrZF#kxrNPzu^EDCbk7yL{(Dcz-tp{EC9L)+kFZ)2Pnf6j| zSgZ7Q)vh{2zsE+;vx?bEzspwYW+kpMvzXVWdK*Zpy|R%`V8IXZp^c{mT@M_u~=epCoyy{fz<0jeO3_g#~8udnxZh9K+>giQOF+wY> z*-kBd9TXe=Ae}cvKL&mW1_=$E+L>agybUsXL{^V#z24iQENPGpYpv=+%{? zg)tQ@QP+xh$i7_8CSc7S0Ai{+-)vRS8{_Wq>WXhqefg6#Ex~IMz!*fK(xPZ-0F-Py)hXH5=jqRqh-WLOge%G_=_RSWT_)p z)S(9#_6oU`T(rj2-pW8p0wEF1jm;#4CN3E{M=dwwJ>$#f%WAtxbb@ZDK5jJzy=JYS z+)s+(FFV#M=>4g>mwM*qnOEfV^>HRT9@o*^HHXEpQ$qLTWGXWdxp90X4n=Vo_8Qgt z=kay5Ie3-@T8N<3Lr`B|L&M`M^ft37@dWN^Xm63u>(jntX1NOTyTks)d3DgZu6_>Z ze|ymAjj9TT?P*BwhW@a$6}V}6$X!8mFMU0~>YR_S8l%S3Qf}H)6RnUL-H)XNMT?Uz z4WZhwKj^f^SJl&o%4X$hdO@T)Z)-y9(MgEJni1G zT&hD4_I=g83tecM$Q(L;12)rr-e@;^)hmCf4E#Q*RcjZGald)f7`INJtrh3ULM}9G zw&fwqt3ho>jP)goHZ-W!7*xsYpQ=SIHjTGxQm;Y({ki(6hsa*>F@3}v^po`wYf<(- zx@xwX{)$D$T(dSFb*_f3#xsep%W{dtf<^ARD*kJd3`=N3t<}M9=jd6WQFYup~ zZ)bn17V@pFvQhj5=CoS79Cn}en3V?5 z=Lf7Qv~q4gC$WsT8K|u{t{Q{qCAN-C1#00N-P1( z>mkR^KyiOi9rT}-+P()poPpBDS-;!q4}OM8=96M$FZ*1ht~+&h@IdV(`{UEAVWZn? zwg=C971JW-7&4QCK!F!S5^uu$X@Uu>@=5NzFgK@JxmW0vME~N8v>CARD)U$1`X^ApPb?-p{tP^c= z0^gK778tL9ZZTcrMsR6*?J&}2lqZd|K3|Wi?d+4A>BUKXbo-}Nzv_Fo3#W*dS|CQa zDLVf7s89ATBWiTNh3)W;7;rx7`&*Y48NmaU$?*3vz+NHOHFV@GCj{qJ$%)RW(d#wq z4Z;p;$pEHY-~%&9Z1xsT!*G%2Sps5y3KLD)2cpkdjfc(ltz4kXexn5DVp%1 z+Bk3Y#?^BGoj_v0eN>g~Sz3@H$wOK(QSMb-b6N(h}I)uGA} z;<0ApJ`+jxd7qL5M*3gUS2@0>4LY4?y2l^bwuy;}Qi^Yb1~ue*v^av8y}`YqR;@L9 z1Aixc);w=jy9q0m)cuh<$nEw<`%HhD^cq)HhvDn zeQqmp#v)~pWJCVA{8U->27=VEz97vD6n$#xlVF1?a1~o>YL4I08v7JIk-&B; zAZ~=i&twn1z{pm*2#_xeRQCZ^nNMVuhVJ_E*isrnvN*BctmP3G(?mI>N=H2 z_s-_3GKlhcTX<#c-)=;XZ>;px*HVT(rJGY~#S@6puy-Y0vYJ>Ku;d3s)c?+|%Sug_ zYBF@&hQ|De4oj&r(sLjs3`_E%N3VKTZCBHjFp(G*q>E3yR7GPm_+Q}6nBvr=8+hLL zx3g6fxn38!8cISKBGzBc{^gh$#g402zAo5p^lA;&T`g@`w9BH9fDw2=+Xb%zjCSI* zrgBzSBL+r2m#8Cq0P49f>C7v#aggW4LBe#=ls1an{%+kX-~{{%)6qcYHfnVNS1X;{YY{|57Q)G zrhu?Y`E%P)y*t61)G)um?`T($eXC|Y3L}?O&BkLMQYe_M=}sK%PbOS>OD6Wx((@S7 zquT8|fN_E`qIiDYJp0~m$hN`>5_r@3XhNgp`Aj1w<~5j~EG^wc1qUs}mf+=tW>h8I zBr%oiEN=n-7~jQ4rH?f=tb6)j5?e$?p7Lv?8@`tUKUqO9@@$E;BqdOfiZr?Z`1PH) z5l*KhSOyE8vazMx$5c^qVEe4w^M)Hf?<;kcK+v*fk-H)XRT59-IO_O3cKabynijMt zo>vjNXNQ3ua?!@+9vj?2)&>=_<_WdE|8VJ;dD&96>sgmA5h*a^bQCcGNfw~kMel>x zAgXNX=>9wOEY2<+-EW%jI=bhxJn1so)S;s~uGH+s0$O?n{GKZ=v0Eg;uZk1HD(dJy z_bUwohWsD?i#(5tMQwZ5aAD^DP~y03QLaB)b#!0UZj}Yghes@eOLR=lJWo6qjf58Y zt@K+dWz(3IS3-}ZuR)3gqRwpEQyb^SevOJ8IR*u~KVyq=-C(gNirx$@5TDycWf$-& zH!hcq`TuJ)JW&StzwKMUOKH3(WlX@wgbYlI7-(3A7pBV35Y#h758N_J=W_9}bbUYO;AwA3f(7P6805R14e1WAm?+k8k1fyr||PXNsHr9l}HG*Q%SVBmWi^*gAV zAFRbV^T^@^L>nnRphJ~JW`gC-s|Qy1z;oq0v>Rnh5)lbDZes#< zJ^nHe&N|oaMo;mfcG0<(4Il!P=L{rqj8l-VZD^$OE z)X2{<7UXsjhFK}YQerZ1Pw@8BNbKUrP9+lGPwY23dZJ*aVqZNyqG(X_4?2`e>)b6) zsNzQ-@o9;*8Ct+R?>ZV5_c5b;modhF#=)&()OQVXt{kh{`Zq>950H`DO=3kqs5YYl zIg9yq2FrMvbDPcNpBX?gPSDRO)P52az~_uT5Y+dx%J-yD;DMZ1?TjNkezNy9D3s++ zcKW;6qch6?@$!Vvyj&{s2>iG>_E#yg2#!5CEqIQ(i#kfBQt9OAi2PeBm7@QaO2^0l zC?6f4l#dP%kB-a#D3y=P<->n~(k?3B^enLl-G7w6yRK;C{w7c4po(fh1e81f?b}J= zxNs<#l0G-FFVD^&#rzKd%yu;WH_ZQoljG81bpDshCol8=DIT(9Qsh++aSJzq9i;Ka zwfF{1kOr3+0sEF*m*PsXI5oW4a#GOjMe&>%(2=05T@!k@w!0`U2z0$;LJj5Tzu`P| zoV;h-CN3HnFA*-5PmcHQ5SYOg0-g>0PVm4I8&()D#YK+odWJP+aaIfqdkE@#_AStC z*F~Dgb*eb_UNmo@D2UntPtA_wB|W4d?ANlL%FAAbR1G5~iHGxw<9g9+#!nsui=j?6 z++~7%=jQycY!ciVn*7LG%*nsiY}3}Dhx8y(klmd?P0S*=X!xHBnv4A5kWVs*hK|8J za4TR{-kTeiUIE=eM`fs_CNvg%Tp#yU+(0FdJ0FwRbZeznfLD2qlm~!GfYtpyZn!_5 zA#+inA9BPqf^CeC_-;+J7mjTq%Zrx0=Z|%tI2wGlW$XMvFb{eN>esH}p^ini5rGpN zO~BnCx%SR9b5es&BkQJ_0Ab@R0EB!pyQFdgG7$|=286@^n;Y9_>3x@>%n{sg&v zE^A(PQz^b`lm5x&_M%}j6p7M}pdv)(_L6`y^Z9&i!*Q#yv4CR) zPz8i>86AkRH*@Xf)Zh5>Lm3{tF_@LSINKWQ2A*%llbG!{v(b*yAE`82B`wPT88aJ7 z4c!(no6=S{+zOyKE97rnTuvqg7KFc0TJwmRy@j(OvwY-+?j6HLeZSp0u7JanQfVs& zCa{mmOX+1ewAe^oi(@ZH-DY;JKC|-vj%DHG*R`^MorIN-Q zB(dO+^4dav)8kg*M4#DzT25qSL2|pRx^Bpwp3VWG^8?3%pRUPdr4|=Ue=-&W6|s&S z(_Sx-6YO+PQ7r_HVu zRFYt)_F`dM1tE<@@JT3;lSyWxerY9ei0|<$e7y~r?>{h%-4lvoatno*iz3%21iD|d zXl(;lY~d7QL=Ka4#qc1UTI251VLgKf$0vBXkZgT<71SOea}_+2W_tPCjEdhPCdjF5 zPGd9xeDna74Z_0%@a)fUVMaH4Bs{2?R!N&2jJ(Zf1n*rEd5)}T{a8XNf-aFMDd9mC zBQV7?Hfmodt4{wrj57*9(jenIuBpG*$>urjE+X3QkG(pRtBUEuTH^Rl5Cd5T$u8|0 zGK>+~2sGavD9SWe$U+!*U3-GWQ9AQH=Nv^Olf#Be zsW?N>^k!e>uiI8mMW+GHIx^up*k-*GMUqFsGlP%iP1EXUxZM89p&b7MOko~g0{{Pn zf&Ue%;!kWN^n^Az5B~{Zzi|pFh%d!+9iKI?l;&havj|SxR5tL@0{esNKnkqC-Ekoh zBj>Bm3pYg2=K=TQ*_3_M|J<(m6c76eTAWcxWAi_J`L({~71J&#PxYsyWuFL8p zNvXgL1pJ`rWf^LwjH}UzWd@H2mOP~?G2>e2>Z(B@g_Gi!rClb(>dS_k6e*><#Iua_ zc8C3oM^P%&u^owyYcK3(J(;p@uhZ%f4mLB>Borzh+&#P?Rz59aarh&!WXZHkA>Lb!L9bbR-Y7iLCh)*Jn|pfLzc{ZB8rRj&tRds8=2>IV zeBzx{QbXt;SH>+8?wG~)#2e5bH`{|oZ&ZC+4PI!0zm!a&hwk8-(vO>#hujr3Q$}Od z7%E+p?GIaxo^m~TY)lAYqNS1|G@0MW<_*>X#{`#0rQ8$sw{z7PS9=-vaa(rPb_@~v&VY-tYn#ebmh^LGQe`@vi@5PiyFmGI zhu7aRZUPLoJG^l6kuF!0v2mp2;%uf&&d%RJsLG>aYilVnv*Dpd$sEjisw{HHccB=8^(+(_lDJ&6*gA%u%{^|CFTX+?PcEf*v ze0+2zl zH<%%yBM%xT2DSxe_8stM2(!-sx(G~=VNJo5ITGl51_p)&Cdjn!05SRB0pTwK+rV}2ruFJQtEw9#^@8Tgx#qW8gHfZ6?IttnT`$=({dN=`aoc{C}hw9p=L(bT}+ zCMqPW^~?b2Q550G zUGiTkLqvU~*g<4&AjlW~RAo(?f4Z0QRt z^JcRXgrdG5^91FcaJ_*dX->yL?j<|Zq=&I*V_{BZ?ECTq4$p0cT8Eh{X;8@uN6C7if8<$d-_MSC znY6I)yI&0USn5~;$qfM;!V3J&f(6jf4s>6&gCHO*phXl+{JBF41p5WsjT4tCOtVDf z)*+jdIGq$NBwGyUB%1t2CPqluF2<<3iv5HT4AFSG+crC6R9a=-*+SHAOHq~(OG+Mn z7YkBCm?d{?=6Gfaefk|NN(smLsP<=x)fz(OZX2~#-Ts{o*=+)9Mo8I~hHzUV0)Z>6oAB7NMhYwM`h8)8<+ZMhP{y7YSM| zZ=}fwvP9q{+b-4qJGQVW$&N>)-j3=pBy~dV+tKVG3(t&O@0o}Ws^5z0^dLt+l3-FZ zRu~+n2Tal&-VlLzCLO!Q#4tfnT$5tcl>B!~&wwC*#P$nqvsxun^Xx{%POkXb4!_rdG! zwxNOp#?phttLY9+X0|=glZd(*rEiQpmOG(Il;3n&PiV%E36h^M&6_uS0JJ-UMg7agLA*z{mrWHF>{u zu;(JUpbi%W;LCbIJV*R(2*Jh$*swGN;2sbRNPfZK-`GJ~fg4)nqYyTMg2CQ zX|lla$i-l>#2#2cYY9zry$67fOyp7jkZv%sgm!=ly0u-z5HbyG`YX7b8QRQm4FuTm zmPAWt-X_2JBK!_o)HB6ix?#!J5+Mb%=JqAgzYB4fpcpB#6-}O4BRR59sE{Xg4c%iyINb?5A3fiTqkEV_)d{t- zlo5NM(6wMC_dv2Ndzv+>usjwyV zH)wgfLnEr{chs?I{V$cH_TO*IhcD~@lRSYJR^rZ|2~vgaa~K|F2k}sn&l9p(i1Ny# z=9O?dt@>qB4BRur^hN%+Zx!$t+5Sk@s(!k{{5K*@R}^KH*?5!84-RK|<`72AoUA! z&FH_66B0OL87Lb;?94^Xrzm#iZ*en~=Rl0-XdM=^Lhghzof!Q3ZCN@x`{npcoBx9< zfBvs2@>t$rEVONl4*<)ydaSx(?@GeK;2^_q#CK7s-8?AT4zi$Q6jujtl&=q^*9=hj z&C8nm@L;!KY z$u=zXz@@^jv{F1jBjS`hwyi>8O=;N!Tq)jyD3YV=8n$bA>y}{|i{+vM4rnwT)?<`p zNr;Et#V)pjt)Fle&HRlRp}dj`DEnm_7V+Ic{kh=`uKFY78n^4f=_GpT^rG5scx3sn zL$vVsraM#p$g@fQmrr8%KPPWr{QsZic}PS@*Jsdcg|Js$xSmGUy@-P^89aUTc>msc zxs-Qj3n%Zu_0-;hZ!ax}OTHiNmdmM5_qW}J?fJIG-ZAtwj^5I#e9ipjUbljBlJ_dmV}nY z6#SeD(GVNf)I?R$sX*Qz$Xt^$iMKwZnd7{+Iq}d6l80AfUEPx?)W1?+alyz^eegqw=0Wobt-V*oQrq zCMOlXF96Aufl#EkaK_0Ymz6G~a>*daS&$RBk#j>bWXuuXtLV>2F(DjrqU*T;Su7AP za7YdX70VuYBq!wNcHY5n5pZscAsDd;+>@k}S~$TVjCL?G3t&KOcc69I)1DGIc^OT#nSV?&kPf( zf>{X)R1l&AeEU|MmrDiHp87p%PhH!W>=IkIFA6;H69|rgMh-p<>?`^9oLjn(s=x{R zlfdnj&&gjeOTlwJ5&546cJ}BxHrf9j#P4bRwv>yD68`KO68BrchnnklBJ(Xw0z)i zm&}=sz5m_|zE8gz4zR8N4qp6|X2IZ1VfvM<6d1fFdvnJ{7+KyviEV+P4(wZ?uPwMR zG;)~iA}m>w`9+U?P2bQ+4WT)lZF?XP4q??4yOsR6F!L6skcI5@4BG-lp_BZ_bJt@^ zlgR5+j$s|8MY5;LQvSbi+lOXRHwM0-0L2i*&y` z?+^*K0fA*(dC~@w*|0#}*5=3!R#m^3kvn!=TSFKl431b!kn7s+*k9qWrz6(|chF_5 zcMKf_(XI$R^uGni(0T3^vOFxbpVgz;mPI4iVo)v}u$F(LnP#5n2wC_{DShxrr%1k}VMQISic}-{Z($Hxy3ZYHpv@6-plPho zm{|~lljD-m<^KfU(zSqndrSL=U*P%-cbU;Ej*fHU-HrWBLP?57`(vP>7vGS<@ZT>= z!>%5A{pUth=-zv}^Z$e6<7oV+qqlG0zO4UG@sNYM23xAkH9+@{jgcN8!Qa|0H?8wm zDq^f%5JJ;D(riaqZ23BQPHQR9Jw%w2s~T|W&6rn$d}EMcfT%XX5s=uk*%P9BFJgnk zty_2!QG-B#f}CqFJ#>7SUqHt}ZVtQ-{HZ}MvDLSK>J|~|!8yEc;R;}7MU{muRInJl z^9J?{=~+z?4Ary@@yqxGqIC;b!+h#{{7r=3;eP+BhFq`OYx6vO&`ppBBmQyl4(Cl9 z>iG#Yp`{@=kFiP2MJ3bDA5#qp%vm9eJI>lT22p$N+DqqA6{CC4g?SEjnh}Pkt=Gqx{Py@| z{eOyQ!y?WHgmN(tZ$^JBl}f@DeE`RkUYN8)4st_%VOT-lpoZVxzKy9CtiY>ojjy6yve3OZo+2w@8J{8#E+!CTsM{{}|E6&b{^G7~`8@k2 zawC>)br@IygTUhvRF~e2^NW60`e@+cmxt(#8}nMsTaV z&okG=yx*2cUKXh)o-22szqQ>v=;}z%(|vPZ3UmHFe7>-;C-FDTGYdcYKk4V(n_ckh zA&T=KU2}uusNhv-P#D8KOUWJuqkW`@(FR&%&mW;?@nDVhFLmXu2qz8Hnp{LfqCT+| z(DQZg9dt6iD4r6x zIY;H5(C}N=UQ|H8adozXK^AiCK?sM$w~#r}Q6#c1^boeq6>IP2F&KoQZzDEe)maQ+%sO$~$@#{7!@})C1zVN1xp+_Bf3$K~OMN)gegN-{GFVutE zBz`iHE(XBgB#rqdNgV$acz|rWEq(0T6T^~-63m=p`yb_2N8ahkdeQFo7d+TR7DXc3 z?<@&D^$GQ;AAYJrl)RlOR*9XkK%Q%8ksYU~VJ7rKG)2Z9h=bpKXE?Nt3h84VBSIBa zR!QU0&&uhJ6O!N&%l+RNbj*~Pl5kR(&=Z;6K{(=l`hG$740(o7M!^adaY@O?HbG$( z$rnrJQF@j zQ&4QtWw|u2RlC*G=2dghZ1m$zW6FeBlX5gDQM%Qnju#NmQ|TosG7~*+Rr{A&D5n)? zB_CNUxnJ{PpT;^g?98Y*GL03o5XN2Co=BS{U#~lt;d42#FNf=qKW)^-0ojKdo&n7| zGT}M^ML!l~7}Sj?A}0t_NtNNMc?Z{63QrGy{?#S6RSG;F#dVfgB}wQ!JY*n0TwJH@+-aDsLGRD`Fj6fgcg zf0HM2|LekAXu&+zw5PNGDxVybsczDOLtLI>gu%0ot1wO}S=U z*mI#_d009C;};h~Y%vO)v=jJP1$K9yQM^ZP`MR#LGE6i@dJqSuLfskZ_X{zIb>w~B zaA{PmuDP5V7CZh9K6j~kPvm8@9xJEWt?_rhsP0(ix@X(onPDQl#vWRPU;kVhF4F6+ z?bL+L5IxF@>-L@# zKrWT`+@)2;LrhP~sg+O9e^s^Cdl+3A*780GxE)Jyi-{SLD(lj5Ote6j2hDS8n4~IS z)9i)Qb!}oXPDyl^mS-$bku`5Gi0&wD^~hhkeP`W4SFd)PY*)jAl2sla;)k{0zC~XPgHnBB{KWHLmj8w|brIev_)`Y_kAt}U zFTdFTKFvc+ZdkWh9ixf+G=xUwy&PbTj|_t)5M!(D!th62XLw!WLbSmSIC9k@oj&m5 z!UQY_UA&s~^HaJysg^26Wz^J1q<|%Jx&QvijHkv4_5~i9a)6=Yk>O2$6;kZ1LEd(<=IA_WGoyr&OaLoBB z=)M&gIQ)KVyI^qDXUo;nh4813s4h}MG>Bt>X`d(CQobkk zccT*E7~7r-fyCs&9<6rin&g)4FW|YxqDxG~K(3f$FZ#<{{^HxW;-0(>9uS2=j9J!P zaJ_;Am~@b4+!|WEu{^iD7iNP~-f#08H-(stoR3Msm*Jzn@e=mu@mq%FV&bc(NoE5g zX)<<;L`XZaVwRwrYMda|vT<69qt*W{9dW4=$-V(EX9mylMD#z`wkFV;?=bjV7X0@Z z{>M@I$n!s9NwcFm(&zud+v9S~|MRHy693^zo}UN*K`^NZYGg(o zk|tr=(<}d_d?^;uNtmU7JBZ}XUIhCunl&-Gr17kTZDpZGLRD5Bhp{P4znx)+0_jmv z%oau$i3Q3bmKRzsLg_wuO>z1X5>OiUIYQ)OX?jMDGECfXOB5;+Q5qv%7Vvms>&PVW zpmc-vQm$BBSe`GF2>M)+#%anMcG2Ht2C(#UGKM3oR=|TVtHb$otH~>=)u0v z&n|SKX(Dsz_<0hGzf8=MS~>-1G;1_|R}E@2)HlAO)@i1S5_4y%v&Cf7BP&&8Pp!2_ z!<9XZ)G% zs~9gAsArp~&WY!V3^@VGD$lc+0a zeY17#az1tSu9QYyf1QM<+q!xwo4R&gOroy*!nWsIS1n{xS3C<7sH?5bkT&=C23yx1 z&8a3pi=iW(WO}0vJ@X$dFTAXV=zy2(vd{*Bgg>9gBu_60bjra~}v3;?RXqdX7t(wSpmEYg0prl7M zB*-h$PKiIS(FjvrVvU-KN;!)}&J?;6I7OOmQs2gcE~Jbx?!0!1kkf+qRf^k~v35CA zdi`@Lt%3sfMbs=dQy^zbr+~*BSEwWYzH~W3Bg6GZEj+Z&T!g-Ep+SmyZ^gW_`WPlF zU^a*gOF2W7s&eUrJ!!#vUqh4jl0ir_c>lqkh@ay{oY}61dbaH~EpfLYgJs<&B#IOl z4TKqNOVKT+TgQ>llJKlC{$6oHxw#nOI4w>Ex+k5YR~?6i6A|B3z%LIE;EQcoAopu7 zDbp{TDp@VAp^FM0#C#jp;^89cr-AfE(aMw(#G0l18Bu5K+Inq?J$s>u*>(`U*imLo zLZv%UwwPx>TUuo9NN2(cAC;iG(RxHhwTa^o?LMcyhC2}$L$+uggw$0(dbZbQ~A#6>?oeN6vCG=e9@uU3WP#4eb)G z&usU6)R*06G8C3{;v6wKyG77j`idq4koviU>0Uj#9m42fRF{VA8hNvOzcFM4Bd2Gd7+g(7f0z8TvN+`F;@){V5(OP{n zSsp{LfT?XyBX}?8;;SgsOH%9oUR5-l6k!_3@|yJ&mhmLW_fClvfxBV&(0w>kE;Zz-;HPGy9E<%=o zVM9UBYorN5Kha+J<+5D*Md+w4c!wXyGl64*U+cpI2xFBM=VgkYmd7itxGEL>B8xm@ zE}=RFr>OwwLX7WhSFfMOc)~x?sh%uNLYI#J5Sbz{TSxaf@H%3Pn9zD1;@QN8u0HHt z?f;Bohf^vH>F7Jk)Q*F!zVJ4y1PXZ({7Ml-oXu*VihtqCzx;lW_hUkpvZwhLVk{^j zs~nTZM^S^OIf2^z`vwXSAn9t=G%~|ff}<9>=9kR&$&ExogBo(ZAesxc-6wuVx&5RH zmKgOVX40AhcG$M(Qy7FmU^e8%sFAqXpG6H8G}nu|?*14-P0a-&qL{v9E=U^pwx{;6cU7Su zxrvJZwt!dD-HL9XH^TT9{$#*A^=dakR>#b-LuQKx*`oMq+x`AkLLMoNDsz8sI25{I zLkVHRNJ+%Ad~nrI$j?8EStf?1*V_ph=*MXC?sWwaw1IB5-@oqk>f`QJwbr=kT-6)B zAmtJxw~wH!%_@?s07i+`g;@$ToorHnYnYyD?TqH7>Eyir=NJg9GB-~t=Qs4K=Vhpy zrjzp$gEk? z6SIr$39y^ev-qqbaRiZz85RIsPuPOaA+jXcz~lhLTSfO+^>Q3ivC}ym%Nvg>&SQVKO;6LYAgDcT{UUDgeVrb5{no%&Nge zwE$KMZTASeA!JotW1yJkUFgl2wxBrm3^0-iGSUUb7!O#is=6m74M|`WyxvfB2+eOA z*xLtxvD1AJKMqbN*B|{^Xsw3nHWMlqx)Umup$XE+^%KPC%oy-MeVF_=_Fjwof1sra zcMAZp$^Yx*?NQYKqjdZd|KmxXpX;K-AA5mNCYT~5-&wG{SG zgPMjMA`5=LR_4hLP<@|6h$r}UI0qCrak~^Y@%g`7?5BTZ!GDVRe;%Hkyu|-~k|!1a zY4_+(ERul=00V2K(nh!^6?7BBcoNL-9o zjL3i6F<{;^F%71(qjg||{68p{P9pOE`1t4r|LIAde*$Qd9gc^n9s}%K;`JYxYXX7} z;3A7`**v=feh=dp$*9`RQSV$3CE}j*M z_eTZf92eyc3wzKsbE51GHXJ4{XaPJr=V^iPQ9RX3i7>bwPv&U-H(&_~XdtuXl33P- z9C>aj_VPUTk=K9I(2#}E6Yu{H4&wMfM=$ulPx1(X!(Id11+N7kBr+DrA{*G!BM-TT zH7&q9EP&voq#+)fS7}ADdg$RyKZKuSfD>HU31>i_Ye17_%WYbqp7?Bs(3WS!$tyuX z1^pNrM}XIft=o^>vcU|qZo9*)oX!+FffcKh62i;nCYD{`c|QqZjMI2k zY#n)2LhySo1k%NR*#s%^c4=Zn{|-OXTP&RW zBMx(~68Qo5`YiTyWRUfPkkBgl{cI)1Pc=mkuDaUVTF+aEAIoF%-?={`!n zdGLzw9mZ@OiI-RUt+ZhtvaEgNt_b*=P`)4!*eIn7iD0fGuE#8mVNGL;a9hl-P&ydB zc^z32aG@5{uVOzg)Eb^W+re0V6n0fSDxL+nd^UDgE< z+?sF-JR5jR*P@3;_U&x}kWdG^n!x&IH24i1jCN`1W36`l-&pGzPl%)snIfDHlgJKYNl-KFMlOpLA9fPm12|i!w-mx(XHz7Zw ztN6-FHb*~6hi#T%iYb=RQwahzL3~2TsrdcLA|(l5gjF7secRp^A~*YRiG;6@-iawd z`4VBaf5d2^2-`T%E6+Q&{`c5Y1(JYUoQ!JH6ckQ zWE8M7kUTrc_qCj>d?@aV6*D3?30HxJf+K(*sEvjq21N4xPpIJK1GKpBzXsZ1|8sJ16utjB zIeB~Va{u!bk0=o6dP>YgpohY+sB~-*tc<9N6%LpJRsJPgAu>hW3Dk(lj%V>d@%x+n zPvxesa!?kO(Ri~1C(#bWpXOqQ6D(v|hd6oEcPBU>(Ol@Du@MB_DKF$N9tYenm-rS8 zt)RIiW(M(mEEl`_4^Pg%*po4B=gjjQCXng|*6bB>!}Z+%IL3N3KP_YFni9Mp0o^MW z#Z3gWtSbBqSAHv%O2t*FXd2k-6RHN#ogyzC+>@J4>LjA07?gg??Owd$&Jxe6?8Lzi zx2!YUvR%Sv?7@YD1=K3C-q2m%n1#4sm5P2jZ1b0g(`k{V2y#%YD>Vx}%7W;Hl!RNA z!p}#tE@87I4r$UswW_`{ufi0o0Nrja!&RB9~(+(w#f zita05JocsASg6-8drV7wUHJd@_oCy5e)DreUH5gS@mMOBc;+m~xs1?ocEah8qYAfc zqNP%!qA?S!;P(WI{O<8xoMbwS&@qaua?!5{7hgS;zxf);{hH6JA|Gjd zAgiZ#{FF+bx2b}B0x_a^#XFhGIbZ8D3I680(z{YlN?@ulq!W+YK+18O$bose#Lu4? z>B4+W5@ylnZkPh$Byen9qA^%!V=c4qtg)~POQMyK$rOAAAJtU_Oss&=681e0FqGRo zH8)JoltqUs^9)ce>e;zxrO4+bqkvW zMK;_ibaHA*PEhk`eEt8WF2IbD|hvk(UavFad1rv0z&q3yeW-alowrZYu!WN&*D?{SPI~ znEze^1B+vIwU*c;NLy{&^2y$e*_DhtmI=)(z}phhwq&d=0ck4p8-|Ecny-M8*w4cO%Wc~FYtf1Dg1zxaPX$wSRoIU=5Chkk}^008VD4cyu;Se1Z_ zuopObQft=j4}={Xd$-2D=o%o4_VE6m+yxbuuGxj&EG)tHRpN|=xc1UR1xL!yS`c_B zBoohP0sA-bct~(>B#B~Ids`ejN07xOa(p_h0HZLE?ww2*d$9#oIz!m1PLi45-EEaE zhD0?*9$ZWy#!$CiUr}HOgX~-!fP6mBeu=z}Wm_GRD3@iHmUaYaLB}zyDSH`$j&8x; zg;d1GQ63%}1-GGhuHm5yC}uit`bz@ZFXq?_Atu4MZ$*KaFdnE}nV7^9&b}iJptFKc zO~C+`5I~6*r&%WQ!qz2IDpjzH(#1vwmI+&Rb;Tz|5(#0*A9~+1Uf>ESABWrLnTQLCyzMS_k|xB2@(Py}ytEGNBQu&L^9$;#EBCp&N*>DZUa+jU4oP(ZZ=y?$h0oO$kN3fV3^iL7%0>@ zD7V1KTNj~(T&3I3#I`QNkW60@JT{ZL1xBH@15}pvefN#rdjlVyM#Hq#Tbc^WpXpx>FcZ9qBl9?&@niQ8k$La>+D|%WVnAMZ|8iTgLZh?N)^> zVs*O)E@nxnn{73Yb62gIaTUOnroo~H%J*Vg*Z(hvwJd}8<}OwoD)1F6YFaMR=!K?R0S{;#u&4&OBgs07uHQSWx7_E(8GM}!9;e%(7MpIhc$y>;59k(%^;_0} zexK97P86sx{aR#ueC$5a4e5J0+qk&D9Oi^b+`Z=PW_uR(kuXoQkh?s08)-3-0!r52 z(yC@B*R)zCl0nYBjZITYV>J_Ud3)1olriuDpP~|dOLJ2l-}+z#_)z~|o$3Z$D+1OL z@}H&JfA8x42F=db{qHgiH1uR;!ZoC&o;s%UNwKGF5ardbeF;O$OqSE(gNs)Ke`QDFoZ>L!|kI!WL(aE-&1C_>M zt-W=}&)8odQrE5?gg;Liqw0!v4`z_EC@Dgw@_%96iT648cHbpl6gF&E0^+i7GTF6p z%%;&M>qNoiaYNH!QJpb+m$Ddg0ppa)0p->8xbgQ?O4F=5sV!#l=g&jmn{qxDGp$Z2 z=c*d>Yb@v%X5D)3Y$-3i{{V78jlY%Ne;3QVs#7;j?&lr&7XQEf$NS~?-^YjhpX+~p zlD|Lxaqp`J6l~B65#fqt3ag?(-Ia8~h(4&EZCKw*0h6g#(5~VBAyhJ=SW0ddJXq*Y z4ShQWVwupCPa}pk2xv^sASJqx9=L7;+z9>qZf8?v!*>3&d(`MA;cNsSRNJeWf|X4|wrSlJNVfXC-a$Eez*WY|o z_W$^1fB*CO{}g}d9H6(|cZ9_+yeRQ6iVlOjB_U7Wihca83t1%0D{etp00`ya5PNZE zX(==v;pBGe+GoK3_m8 zi+!&O7|tk-R55)+8hN`@Y{z3TV6lEUXA>ruJcixGJWLjC8yoq^+ZtlY`LsH(H1Fv= zGxM*?W7f1Tj8LN_-pk!n{tT4=DOb9SCZ5f+3hcA1fyB!BcqIp8+UU-^Rh1q-0k z8?_7bt1o{_Z`4~XGw}9`t-w9}kAEaK^iS)rcOr%YY&8hUjI$^tP)iM4{_B>P z4zsq4D^c|m`5_ajz2k1wTkPOXWBnWue-7-n^C)+#n@c&|H19p2ORYYehaO?7ENy6r z_tV-@)>_oO{E`-GD1s{{O&YgNKSCJNpI+@<7RcJ7YB+T?K7Fr5>{GaGX!5la7;+zZAC6k5jr{lqEo-U4{2HoJe zkXd$ZCv1%iJ}TkJct=6Iw^-V4!zGYI+x8A9^r*iAD#GN3E#9;ge8&f7K%={? z#PwKnnfX}6j<;hH7jsu^nqFIA6eneE@Neg6G4>R%)|!DvrVH4ZH?CM^Qx!;_V5+}x zE9hgd&)|3?csF;G`}wVX*tpX&PUo_3`fVJIhIfPCJKh$oTgR3t>K)s;-+~|zhu^aJ zdRxdxxH?O&aY_M42e}!VGrxWVR$&r;ueP4`7b}(vlV_?9*oauj^CB|Ia@c55@XYrvMRB zQ3AwLt%6U2R2cn(kZO3;-Lc?1I{+pG4}$_Cs#NHj{8B`yC-6S#N~E~vA(Oi{lWvI? z-NJ0ci_yvL)L7fAo*_vVa>;`9)(O~#cbkCUt9}9~!|hh&$0D4-h~ak_+I87DZmsNC z2WSi7aYMKIIjBG+Ol=$-o7`bo)1iLAM2cln61Ffcz+00EX#*uKlXdH`*C}LRDnZYt z>p&KI-2(aCWQ?enxa#4WXN-ElAe`6CcOB5Y{U(5SnWooa9eFS)tA1?KClaV8Tz8A? z*p%mgtM)?nu0?iA?~iNH$>4)#xd7n_r5RZ3gGv;oe^zoVc*{+T?Dydt{?wSy6YVhg*4fqD#6cxX=)NI>h71z zW>!-H`Y|t-Em!af?v$Ek-_LdO(U*9)o8+$R{CtUQd5HjG@A>{Hz`Vb!1Hj(ft&v0f zi@PwUJPyxakAIC z2JV{K>|U|e9T8l*@^YBo3cK`19WAfWDakn@1lsWW zjTKK{vK3q@=CwxulHxB{Y~@~zww`qz=#8`YM|5?H+;HZHyNr6CyY=3Vuyy48OZz8& z{`m?4FCMr8Q}jmpQBoir)CMuG zt>w9;OK2rdgI%dEUD6*#Om9>-5X(I&BDPCqz299C-iL;9e4N~jHShEHpR2Lm-nf@B zowM+S2U;y5?P{ZX>L^5-zvs?ZX$k`V?u80&hy4*K;{KCd-v9Y8^8f378{2-LAt1Nq ze?F+x|9JHE!Q;>T|5N05v zJA3(16JCVy;U!1{Th9HhLx-OzdvoFUu2=Cr2g%+gLTv%CkL`-!irJj+ty0R8^7ySu z4CQAC&$lkpV?Ozo&?M1Js`5Smf|Q*XDOpfkH52^igc@3 zY<7{%Exk%9qKHZ30o!t2UDD(Qg~*n=-S498^PYuazPP;{Ir;hLU3DGY zPtBJ~H5Uio%MtC2P$q1%8?$%m+c}F#A)2PL8wR0nPusPaufNYX)`hv#m}Y?=sglh4 z8ZlqoR%0c%5Oqt0e-AZSwky1HSEwF=Y^*R-9P&;J{Rpf4I7{@usMOu@E6`YQ-L>a? z%gQqk_diDEnHqap&eu*1SKoZ0T?e{dt8`6xcbkK3+4&VuI(o^0h(jt@I7GVF^U`R67Sb_m&!-uE`^zu*vto!coDEi>l-QA-vDcE z+>W>l9X~mNuaBY6x%Il6=_B79!FygFAH>F&!N=g7%k>QN9{6KnpO-=3(+FB5=Fu<4 zGVA~Oam#t(kt*m~J~7*fjy2Nk&KJ2_^F0gFm!?3&n1?K&u2Q4R<(^MmZJha|M-OXf zx_Pu4HeCpDHOAs$#kF{N{TO%B2i!=X@;=(lrT^+xwTX<@aos8@Rom4*Wp+s`67xBa z=dI$@%(ok7bol7-@KI%a`)vu*Zk}jyGsMTW5Ff9dfAv5VSF#Ltw>hHQvZE5Jx9L{k zp2doN6)g>KCin0UR-7%A)Gw|M_T4qtwgw!VO$MOgxwtQF-kFGQ2fG=hEhf{dY^+gE zTet$qwVCobWA?L6mGft>nOCls0vd8_7frZoRe5*~!>-bKnM2f>+G_m2KG`MrmwYjF z|D-R2tyogdOKP&MfLl$--sKKQHBK@id)Ld-MLBuGmWOv+Y>uQ1E;sgjm=O9z%U~ujq^I!V?>hs@+{T1JTZ-l&x1Puq8MtQn=#zKangddU& z`nLSf4=eefzxn3#`|qdud%yh8uMM3LODIIKH0ALeb3w-@00w&`6uKxPZvaqB_m=+ULNd!smP4cG?Pq`DdX|n#$knIx+2ys zgS^nJAy`nEst!pPLNWNNLClvVX2?vY%+$chBz~c98cc)y@?gK)Xb^G{&xA~~n5HaR zb=+h$2Qq2qH8AY$V8PESo0{RMWbv1&7VjYoCFGt@MXAw_h@%xTx#hnCqbdCIR*O~o z3(36xZI~Qz$R(q(Do@C)F3hmH9Sb{TNv|}@HVFA4<0&ISwwy8v3!MoG zF)@nlz+~x?S(Zu`RGC5C9`Kkfvnb^W)SCd;OXbGpDPdHtbe|Z1Q|B=ruFAk!%+#4C0h@TO5L! z-RB5kWiE2bOjm8aqzqcpgj^dOln;;U?J0cKjTuRWG8P1 zh|oK+6q1pUu_S^x7N!8X3mOw3aMd=$nn{-iTJZUzI1+3|$Ywm&ly}R#e4Hp@(5H&) z2V#H&4LCK^ap*VrRnV?Mun`>N*la>7pty!RBZd^FY$i$!uy9zZWDuFDr=+>kf?m7h zrf0)uGZv(TB1hBA$8nsT;E=+5qv2rq{0W&X80elrD;V)9!P{0hMf) zMX*1pXCl$ESRn_espeS_i-nW5Yl9ukm-MfTr9zy62Za+qZw46Stk8lc4f5n$;spU) z0jK3zps+HeZhTJDMT>mV&K=<_FbKvBjUWWxV<8Vx(mK-kZ`n`i~`|7K&$n#O}S#Q`QC%vcrlQH?~tFQL*X}#4`STZ?hXV*-Ek);f; zL2y=}*|*rcR8m`nEB~HAQSfdteQ*q`@XVJ6(fEBmO4{qe>HC1jfrkSypx6%15aJ;Y zenXJ0M1-~T-q^3*s7L0wKYG<4k)yNWv%&L=QExIh8*YKx9kl3{Fq~tC$GnBpEut1I zn*LXWv_h^ly}pgaoX2lxLM~e*l^LtHP<$SP<%`8xp-tN#029$whB2q2MIg^kZATi5 zc(oLnTHm>DP^>^z=_7?m-)1sul}})yKW+@V^JeLyXQz;x%{L;sI`iVbX@*$>+!AvB z){u1Zr>^~l{FDdWol+i?Gdb_J+FQbwB3c7mV!m<*8;S_F)*bZY{`tw-o74VqLdKI( zZ_4K^T3j6?eU{k}o|)FUt3BsIGsKnD{RTY1B^+3! zY4T)m?{C#EdzbvJs@}VQr@ zVku0icp%pvVUd_R{1w{2eGl$>7|#2n@nAgZ50Ujj+g)n~NHi{03M!J})9V``t2z}S zTi?c%DnE*-QtMk;I#B$_O|bN@-ud-aiM7*rWd%LC7w7ag(367j8ZG<#{&?(%O_2RH zk=Aa@46$htr*8Otjk3{dmpn5zud6Wn2aUYtAnl?T2T+u8o7h5&@xj7W>*rbJS9Kz6 zD z)}#MJtNye-25{FYw@i(mYU$AR7^wU9CoHKNq~s@(#r%hyF8Hjr!)<5|L>$o6BV&8@ z>&D$AFVN)?u-@tRZKJKdp`jaTC4TL%b+Fb`zm@Ls6jW{>%H>>dM+g;S6;Fj+)ev}B zvN>02{ckCq*LRTfyMV%8gJ0W`&X3Ut8_9gXue{pfiAv=m3YT znOEER)BU{?aXmrZN~ihm72&&$*g^?#pz^({0CW4lH8|Mc5}cIIw+EmWv;sgaXx&{i z987+RqsC)ix_V-sRu9=nJYvNIria(3>z>Y*23O$FZgqD$RRE^`NWp~L^Jb512?T+1Acz6&!c!g8A;T*?2 zJz9txFn822toK9e8mRYx&|1jviOgD9n-S^Q*|=dwxU4#S!UtZ^4!YgDLq zu#Up!!oK2h*di_CC~Urr3-3s~X!Wu_!!2v4U^D)%-rC+Wj<;I%H_gp@3Mp}SP1h%X zyWgF))})6hBP0be{$F2z z{rGeJ=TGwY+5hXa|JP^#uh0HppZ&i+`+xnJ`hQiQh0C5`o~&{w|1IxXdpj4dyo2Z5 z;SUekd*bWf-t5hT_qy47ekfj(+`Fx{r-eCBa`T*GB+l54Ulj3+N|NW^aA%*heDtE* zSs<265udX3ZoX$_)NSKjR#@xWCrodV#ux1DRev-Z9QVu1)ugLIomuYYr5db~UZu6? z_LH~XwZ2n%K0yqw8;OVww;pU=r+iFb$@^PXR_!WlE4w<~y31xJ#mzQe8J<0Et>=a} z)hbc9eFgV6fUea>kd?^QcEb>8Jt|vkcgE7Smaa}|V!t+= z@ljJVNWl(!J954yJI*0vt(~^w=3y+wcb!^|r^x1=u5lLeOvLM6ueaqXZnO~$=Kloq zDRLWsZ}BPrcJ$^J(XHBgRF}WNelK{893&^7Euh)M)C&2WK|YGx`(V@CnS!~=egRhC z-TP~p0J7;{_~@7Y6z}ONCkMOckQWyJK}Y+x3EX;=>s&QI#vwM>@|_Q?kE;4(T59oL zhqC}<5Z{&#h-zc=dlj!*mDW%!ZC z*!=$Y^})fz!&3g2gM-7*?|+}n-zRtAl;AyQ^=UZ}Wdb zRM)rIVwVdIrO^vRt_Pq|wCVr`jFt?KfY+2q@Iu35avsriCghTw#q3K(zWQn)MNFR3 z`0A^#$b!m{#VjOl4aADB-Nr1E28*A+7Zb;wLak+=byyKW}40N=J|B8$VucMB%j zTHJ$KJl!+k_qY`Cl*U)xMY@dIh_gYQN)aN^24?!fXN0K`sY)eHRFMP{yHF7mO1^vP z%&a(zCwqGZ%WIn$0~s!^q1W-9CZl}PkONIE+9aXDmDYev23DNlxnxj-Q}L9kMq`)c zBa(ye;X|^k|MRt33@p^XQGn6D;UgH{2w{0R`{ytF`8aM3Z~a4-(87B<-gB)y2z&RTfPT-x=ni*qdUWUUI5wM zg}0}?h*}R`#-SSLx2-S!*n2&G+dDeykH>Fc_TRi69RJ)R|KKU1cmAskh$5dG)((m) zmN)j#EyVWk$yZ-Zc=FX(PYC4a)GIbm0?Hh~OF)Mfi7$byE@HlpurmA8UdSS59%C=B z4)!m7{`8~{-KGQLHp%3i;RJv6D{|z!1?W@B3>$z60L#&{Q$-&F{dGbmg}P$OI!C-b z*l!?7(KyuKaOs3X_lS3HyOE#BF;ju$5Gn?rplM@wcbEJ`-2XN%Sr$GpUCS4 z!^b#5%#%6(MEVyeJ^Nl~P(=;sO9)T9G@w8UidUE9Cvt@Ugtx>l8QChmrY7$UVd`52 zhG3zFH59P}1*NAEP@HPT3ck1_qzG%=X)w0j9TsRNVhUU#1Y3w-AR-IGC-w;>j&BgysXS41?sC0zxyn~1B}^3Ehytaf?nQ`U_c zg_aH+Q48lSWv*uLfEU4PKB#Bx{3{G=FF{O&o^O{7FvGE8X@^kkz!eFZds|(BKAoYqUBDi!~5}%f{uJK-kM%G%+?h0+F<0W*Ap~(d8DhyfmdA z@^Jq-uOA?wDUHP34Ky~8sbz{9v}xq(U}})-CR;no_hPCx520JUKYUX$WAhNE(ff~* z7yjKejBWM)8OpU6ToE=8O>|3}DFt4BY7b)-C+-SBvrLtf>%ZM`=n4Nc5u5sw+! zaRAyC$@a@H^KnYXX+4C=KVgrP@ghZSQxSZ)FmgQ%nMi)E1-pDEU2>sN(b#2yywuD% zUi(sH)An}DQ}fKp)@R#s2|GvU%JPy@Ge(N*ijL$A@$3S%0; zpm%B%IHj^B2196Urb6FBU^UZvt#0as*>24si1l8=&E$q6-nBZrrv0xU5f%qRW9<3S zxs?Nn6$JGH)&V`2LQ58i%rQ%qB@6R|#;EbDUCP#14Sv04=X9H+h_fO{H3j*ID zJ4F9`s+>%3WggFHX*K;dAJ$pgQuNgUZj^L2WFdt_vC_6h`{u*FTdK?@>Z~+)) zNKb#bVzF9J1|kdl@wE>dz9aqknoAJ_E^5i>S|tl6nZMBMF??0T9WHZi{|lurCzP{o z|IB>1P5*PM)Qym#-#;SO|p0a*qU4fBFIBAa(-B)WnTEc@@Fp|m);#8y% zY2jy@r3)eT_2~_c{KTqmR)u!tG-av&9ErIi*Ie-_kBR`C2v2X+h|Rf(-QCc8J$^gt zKOdY8>&5sQAWIQ4YkQRl`BN0Um z>^|pAa*^L?SR>GkNCMYPU&35KeK~?PvJm{iulM(>;LkI)*a$eu)M6dThhG;#YDrWW zcCI0TVyeHhOdW)yC6!kUa1_vGLixPF$NYUdg_aQ6=WiB)H>`Z0Eb{fH_%dY?l)eJO zlic3zpyBNh-VR2xa6waVQs;Cvcc4ZrBri10-*IxL0iK+3(Lk|oispz{?sBUWJU8XO za*LL4IEi!J!PEtF5^?W*klPRZ$BPo+l5J<4(m13tESPfa4eP^OGtb!%VeI(Hu~_O$ z&K+%QdMnRu6D+GJj8VB^p<5}Iak_+}Vvip}8UZFRiIBuW+6{44>qgMB_4wq7$+R~b zS^?R~6R*dlcXUd|Fr<%^dg1Z z6a~!uW~OnNU$Y72k|>r?2~ys4rP;WML=1*h8l;=%UNp7YI|68rD>(he6S90!z+DLT zc^DNV6wPeQ!(AQhLmFWaPSMJUPJUuW=J1`?(DdnJ5M>M=4Rc9j4VmhmBx2VrvPw}Z zOx$+?g>@rp`KB}=hA!VM#D|Xp(%l9UfZvJn5P2U$5Io#OVrK~hetjh3SgT9-F_KLs zYD^jzqZ0?=Y;b&(tI8!@H~^Aiw512YNMm{i_Iy__?IIM2CN#!18ZeK(VHWr^DQIna zV|hFiUD8ME`V(-X2SSBM*Vfw6^zE0V_E`gr6k<{GCF zKJ8c=`7vV9khPKd!7hHOAw02suR4IG^r0A!Ptb&E^2X?r`iV|?93BrXQ5>UAl5w?QA@K1Xd(*dbYOxr}k9Zj& zl^xZ?oWHiiIMu3_UtHQbeb87%6GGXWM%5`@=|`WMM&_7N8Gwq&a>VOTHP{EUCa{U( ziP8{I7`tVZ8IMw}*Z)M$>>0(cG-R42(aOFi>*m&3C{O2d3;4`4Z}-wv@@bYbpHP+w zl}?IdaVm{7(R+``Lp=_RXRtxtxI88lM*330SS#FLNT0lP(F$$-lTIhR|IJU{iQNafbkaR${$hh!6{9Hg)!)y7;_G8NkX~w5^dRA zYpFY!?FJ;^B)WGR4L&$}^6AK))gmP=GnJZ=oz`**z!AvJ0-urWCfot-g=u*pYvyIK zecQzH#ce+?99duedKb2|=TRdnY-3$>UbCv`I}Rc->gM0spWuFE@6tThoLuW{BZO76hqN%-THd3$7KA_ zTMdu(6kgJpYvhf2$O0;BT)S)wqOb|Uj#e?W?o;SkUhu%JgYN>Z#$dSw5BfA%U}`k0 zev282;0sIus2dX35%7p^h1D5xMQjE>qwwvZau#e=N8M*|wn4WApNI+&P zad99Pzc3@ub@b|BznC&ckG5lt6m1~iyn>H96a0Ak%ZUe3T+glt!{1DU=rrVAkMJmg10_qy@6m|v2q zg=47igAfnE9f$k)$k<|TcxI1!;Wbx6-f8LMLf3Wh3+Z!93~4a4c1F}OJmBWe1zr=2 z)QfrR5Xr(UaC))TOTJWOmc;?W<|*s$j1eWEu^$ae zr{WqP)Iz4@u0$=R&d^tevZuc3+Ddfe8oQ zX4ckiZO!bC7Lc*b21(>`1jIsELrr@4k&lu3c~sJD-G09eX69+9M0Y+nbOHP4d61$J zZI7%M#oDu8P5os;@Yd7385>ByI;5#Zdif9|Bk!1OtbDx7VR`OZt0JzRzdGt_c3_gr zb7fu+okKQLHptV5YTPyS4%Tm4ZT962JLXNv`Er}M4zGHFrLo)*Pd7pPL^Y{%?ZnFY zoJ*+lnN&{5+fSsDNW69uUJ%`Sf^qJ!nT*hELsMUWM|v_R9?guX!k3fH*VB_t%Ds6K zCO5Z=viZFZUliJMvbi7Ot$OTg)N@lbYqLm2o}1E`z66ys*Bo4~Z2vAN98L7U@BYqN z3i0zc+PF<)=)^NaaC&>b^HW)^SK2pPhyxLW6=tuXs_vn#wd)p>TaDFToBTwsDLfg5 zEHUOh5!*yK*sOs*%sy7%KWzbk@&#gqU7Kd0d*?g@z_}1&@;(U$_FVV%IR!?rf(;o3 z5J2Q?dF%Qb<6g1b)@cZecq^e(L$MaOemG|nCYL;hdFC2%zKK(|px0cW%cSi`RIp&0 zM@l-I@qj@71$^x)jFaZDFDvN^^pw2@);YjY0So8wCX?`z>NjFaMAxWu6hTV!Oa2IM z89~TZpxOD#z999^2hO&(a|zD&;C^pI&S1~=*Nsa!UwFxxlqutwCPyN^#+rg_6RYGI zUC_tmn#t4(XsB$14B!n>YuQ^1e@y}z%PGAqF7Q;bZk!{LaCY}WM6%j?2$PED&VyKE zIIrUMknNjL2w^4F+#kU6y^s@g7Q6sf3n3B#jV>FP zSH@c3ozmbcOD0(Ou>=*rv~`O_oWGu6uhLW>J@x?`+}{;){gz>nmV=EM+3pJ34gwicLkeBwhJ#75O^X~il2(Z92VvuELdQs*>|4llWUKgHYu;GP+~Yy(};&6hj|uX9w2xFQFS^>e+F-U6qEB~9fdOExM4AP^Q2+lJfua&dV{;Om9Rq-qlz45OZq zulJX_&EbOB)D}4zD)~v9O@NW@mPZoh zD%sx=tWF83Cjt>G9_Gmhp5gR!wT+S|lFgo6zUiHw5Go~I{qE{u|7{N9_n>)v*V0?D zi+QJ89fBWCRxmR*q=3IoQ5GKCfTg3N#$kpgn zXwhG*rWj_f5FsqlN{s|hdVJe9%Kq8`vHJ<1F}-`Blr?RP#p;qx2CRt(n+MS*pU>o-W$ z-;1dW8w)fcMJzOV7W2E*$~y%^04Ns=Ky$7Q$ij7ybvK=ay5s7hI0;1}FKp}VnMELXM~xQ5)u zyvX{W4HLujq(MkA>C+QZmqi+zmGU^*rq$ffm|59~L9xah4n3u6(IAAy*D9N;l>DwV zL-PCli?{(4Gm+D&q6&u+Ci3iR(BC12YyeF5CgVfTExYi;F zV!bf?O>-e$78R2s;oIfvt@&p+;sH(!a#<@zVlUH_m*>gaHFw6nwpJ)1i5HC&o)Yg1 z^7rGjA#Qn$CklDI$uDC_0<+FEFrRW^EsDOqVykbz*fEJ|c5n8HqPtgY)%{+HxP8lV zw@Fg&C)fJ+3mg!UVAzF8h*geJn=&mND)ebiOt!3=R9S@^+NN9QifA1fp1gqs(c2w> ze5oMmR#CaO*E$pqc7?sYcQilc;GY5tYn!-iW8ePHEOwWNzXxpp(v>Yf|84Vkb+Erj zlVn$Gx=Z$PYQSu+|FVDZ=;1-B{>$Ov{=w(^FQ4LX;$BHo>L-h{RX{o<$z&oF+nr`S zG6oa(($le=3t}ReOe9wYjWcC*iD`GJTJ5G{H&d)bR6yZns{s*XQ$$Q4G6=-xO-&49sPt1PMvP9QK=G8T%ZoDLnJ2Oe081PsHu{^OFz~a zx72_8`rzw_<^6y7c>nYMe~Q1Cz44?!B>mwrxfu6HD0Gq53GNA#ql!3`O!=&X2 zlj({`K3}8?#2ZM1#H1p7U@e9BeX{3`sn852HNX`>4B0Z)!Vmi5Pe_?(cl5xE%af9YA`F=;l&XU`_Dd!v4r44#oUXBVV5 z(hHyHc4tHKwEv=a@=Q;qM~==;&wIl+9cVV{pO5-uJ*mly-o*B7HhLG67iXivf7L(M zXn8sqBDzdpH_GuD8J%v}2;3&HVJ#HvM> zjA|V~Vj{7W1&f#mG$L%7L}JC5J430Y_?#kU&4xR_HlLu%&^-wZGd6#3&SpSLcb&l2 z?S$A&v1Y>zGULXGrB994EhM*(LN>;orX*rirJB|gDN;NVNcloBqFCB&%!EuA=+MJe z&IJu}4hyIlF{KZ_w78(Tjvyov;I{w`Iwa>fAP?&^xlA(PD6S-<_4z>A+72>Z*&=1| zc&!0i4rJ5UG#icqrVA;u`NEbWjAItL?}W?QlQJo>B!)A0ITUl%Y$TZs7F6+gZr1&f zw2nL+lR++#yTyZZV{D#Te3>0tpujw#&4$_I4iS<@dQ#V1W%$mp)T?D2ta1s}T-3<< zV5sX7;!mR4@MZzmfgy|znPx7D5c=O}PSXxrr*gXO74KbH=sXD~?Mg~HI z#j4q;d}$^R>hP>c@ES_2vM8mo=Kfc)xY=EZ8@%6)z0n>OJyFGDrc{T_cueDf8$C3^ zs-De8$gWu=61<4>$#%)64G9Iq#T$eW8n5)Fl4A?b1o}V(j6)PR;ya)*3E2`W&ZSK6 z2Tzqdms&-ap&~m6?PlYKD!k>i?zn=b0+I66U8`am@wuOPsc=ja$%Vuos@X79q7`I) zC*h@UGA)|l+&q6vb`GI5Eo8_Jgx(hQ3fmc?nb zB8CW%8Px5XnOL&{7dsU3K<~huKPk4UQ^KDomkuQ1^&2fENe<{1z5Q7RPA z(X^}e_-4cYtiQ3P%3_f+j~_d`c!9;`7lg^Uk#jdQ$;X7W2ENR7Ze^|!$Xs^P2~8Os z!jLIGkMqxgNLEHXYc^6zL$;*yN_EJ(BjulCXm1VW9kK*2W`#Xq02*0%(l<$laF*sV z5QUb%;uY30lq*dK-)EAm5U((ObYa_Xgp5Ligs(|!C_^zUw!Ex`-MJ52h_&8bA?NS_j=M8L6nh#v#laVEEp zkqmMP#g!3F1@44ds#*K5Nel88kMSxOEYP27mH1ge^8CDftRpwbmxEV7b=ebOr96L!%UcO7mm9rdk3XvxFJwbfLM zqGJajfg0+uac`lu`_^payxBXMkrKK5t7nQ~Z|W9i+HHb074lME3m$?;j+l{9WYe@` z!$WxNaOFl+3q5<|<%5F6MBi+?=Wz2BH19epwTM0-t-5{|=>d~a0mdQRtiegT#=VHk zu-VX;9ygMhGke!v9d4M8k#apL5oW9JmfGnal9mZ5bQCQao{};tA#IxZ>bqTe(LMS^ zV{T-~>Xd3}gysPnflw*BG~#G(Z}Ei0A?6>;kBYfrEPO3N&dH3w)0bPY(EXMa>T$si zn~S$YmOKWgV?GK=Vs=B8^m`#S1H<~+T}MoMRaS5oapc5sw`52C9^*H+pFMftr)23y zk7kdMn9ZO-getJa#MnV(k!>~`o3Xtj!9r-|&9lo`))TE@r89FOd1#-xd*$FEXP-U&M8vGw zfVvB+;|!9H3+Us6gwpOuI= zoG`i6+EJ+Qem=(%R0ccEMvfl58^)&d!6SY7?DSlhb_eF6K#O6q!sG4KS0Q;sZ@GW7VPUPi&Vh#(46{bN;gB&4 z3o}{gLosVM9vg{P;}3r|KFMN64i3pu#OXr$POWK`Os!snf)!g%(Fu{|0-c?aEx=}2 ztT7~0%@;LISb#gor}f?dZ*IFGOs1b3y27YlBOhJUh==BpJoPXzUFD1DlEDncO7DI| z6T5Kn{CYNV4WqE0gPp?0XjM3h$bw?wFz^nr-eJ|FigaTRAl}2!U1bTAifMtoWNd@o z^ej?&*^1P;Q)$A?K*Gf2t7r#YCS_X(FbbDe6PS~2*D<#%#1XjYb#EFMaAaeBhjSTZ zOWZ``5lYJh4*sQJImwKo&!}f=DOlKw76E5AEIntyuB-~C1iZ~wL^7&0C%swFR0(!% zRQSX0L(;#dQHJ{X`yagpRgT|;#aWr)50DmVL|8r?9--R9i1I9+Mxa_8Uc|;t{^33e z=}L7ludBQJ?78!;3>__J1E&Hl`$m&1dxx$PU@g%s)kfSHvfF8SSi$&&R@-c_AwS1l z{k3Xk5GLwZB=%Q~{xj+}T8V3RWlMSimF;8Di*>O65VlZZEFa7knhnPn%IC2VGVwY=td7-#fY9>ntnM9CIV&4A?=Je9()1HD6-Yisq#r-)jhcHs^N7=!&^bDb>V3ZGj=Rl< zw*+_$Mo+I(p@us0nB7k6S#Q)rSUd%%TTN_2s*NZH z;}@7x0J;8AI%fK&wx)(-HUqI?r*(XG+-m2$;1O1{aWA{z+B6$m>_XK@RN4gM_Mq7~ zJp88n&Efu`MeFg|F?rS-L9Nrs^sXWhZD9|)WPAZ`Ncic1xWD5(>IMuJRgW-a3srj< zc$Rw>F?<0o5!oh_Sf}W&rn2dhr{sr>No&5=H-t&M1aX$8E}Z^%Rd!XHKoE#2G>V*Q zWI?BK7 zcjpm!_=`|c!Ej9+!SK;tQ!+G{pB*{4hfc{Nc1<;HOH)}9;_wrzL*Umt|MYMF`!o30 zGa;A%^l$%%cD)TyLu@vzvknRws%T?Gb`ATT<1ONvp;42SW@dC07eAfB_R-WOKDfEL z@tn-fvUjc1$!>z_h07R&C!Hzt#Q9VZeYkF7$h?lyhcWg=k+abo%aDKDge6MH3o^7- zXQOCE{I^f6`X(y^y7%5>vk^JL&Sa}Z;x)>af{lY2G7wIbD^3hF&EKsxr&;qB%z&nL zye`30e3+l&vH{R+Q6yDXr{;nm7-yF8lN6CN>AgvdfXB2EDnp&w7JMg%ei$KAW#~AEQ z$%4-pOy*7OQJZ4?CJQ@7wBXWBdPejRftY+$)zKkp8*N>0YyRR&HM#N`c%GyiA6)hS zJ?esUBRp23~=KOF$!q5%m+l^T|6Z1L+ERL-9|=8VBT22Y;IU;49|asE4o z1fH7x>xMNZ@MeQi8F8$4SGI*$U(cO&ynBe3ONU4XIhc5il>))V5K)s&wGfv0c84-! zf*0FdmCD)Oj%t$~kd|8-WvzDC6k@}tQGMNbcH&7bF3FUw1h&xkMRhjQm5sjF+nm4W z6sMul=jn0@U7@_8X*TbZ)60zMn`8YJJ4MOc-e#j}KT}rqGNtjA%#u`JpgRxSr0R4s<2dq6tF(m2*CNVdu!%T07%XT3 znd{fcDUzvx$DyhJ3uR~A`wcqru6AeofbTqd+%}fwokwjlqZ|vIKvW_nOR5sNd7Pnrw(d>3YCl4g7L*!IMYG{NdYnAA&YiGi{7Qtf3AT{XQYj*{ zdymLClh^#3M#dz7d3#X$57xcJ119o&hXDcTV`2NE8QI(Unyi_MVZ9a_0okb1?mt1| z+Nr0mc8BQ6@7US5JLECh0S_Qj^Z;s;$IZshQIU$<9r7Epb9NImsTMqGcgVqh_s{?+ zxe(!x56RAJ6F}2!9J`ns{o?`IIVpzPoY;sO{qvy)j23pA*T~ZEnLBH`pW5CyC#vHTwKf_ zK`}Q|rjN4GB-^HT9a^QVLg(qO4xlw$<(&DNN-i?x9Mx--T)u?ty3L01MaBb);T_1x zHm$1S9tKp6e8+4}ooC2hK*IZ~A5{{ECT_}ipthHFJ?N4*n|ldWPW&{_bX+-+@9|pl zbUq(B4L2LN5HTsxu!B&cWi9OH#H{C?dzj?(S!amRdMDz=Lwd7u3)c096`r9y>9pud zgn;x`tfPq%mOW(!tOF*+ZT_&3=9E$*N}Go(wAGHb9yH%tbB4d}lB2WXv%ztHI2rU# z29q~rSO`f0=8DGq)p{0hJ;QvN%#aRMn)gbkRJ8Kcejv@l7NL3BwJmrJ@YvP+TN5K; zE{t-l0BS@KItA7lx@06|dQ1prFwe-wW?l=pr8dOjP%Wis@X7}Rg3HZ@8&S+i#IIPh z5rapd3E_!JEJ*P=9o4f1jnR$6m?tB9D`9aKSKv^~M~=%>P@(ys7A9>x#NAhG9^4an zDI$hW%>|F=&4v%iJ#kxC!`d~YOG&=L>o?YLz%nsB0lg~8q{?XQbQv^9f`cts z*o|4f+0Z1K$+T05ow;W2vBW+w8$Jx8WkjYTTy=6wtaS*{DrRvxzE_kBDk6SN5t;LA zuob$qVU!OWX;5BZ9+L&I{OBa0lEXF;c=SAim{P@&SoArM*xW?1c`OP=?350x#iGSTp+jqWN{P((;r_F|(yP&cNDfwEB@@tMUvxc;xs}A5_4EjsHqSiU%VP-SZvbRo9;^2oiQ) zA)&E|S4-F@NZJG&4Ofiete*ROhtT|H)hAUlbl^ZF7}G9fK}w`ni4Ed@(#naHDOD9Y4~KKhHs_VhG8to4cOfgGS&sAL zB)|#DC7*>L+<2j70zkdq8p*`W=x=X}moiph$2$f$AlWh|W1;0oL@L^*gZ59TT> z|0TBsKP(JQ%qFJL#R6iup}ogk_^-Za*2gY_x^4_nsej#dOa?=%(ZCsz%y1BM4d+im zLgqq3uAzAWGZ1C2Jn6mbIgDvsPFLt%2SF%cS&@=m3*B~QJl%6u8BmbBMXFA-0T}P( z=*BlzwVOT-`J9>ada&OmCxg?$ zq<>6a_eP`M(AXA^2jioY-r%%98k=?pSW<$8#Ojgxjcf9YsEWIL#crv^Bol~Od?<0g zsh)R_KAO3y(l|-wo2gaGbiv|XTi>Fzff`!NDZSP+7afw(Q7T%I{B=?D6faO8Dqw?M znC8CrH5T%&ub8?}528i2aD^{2)H4AW^m;%mSB1bM^IBy2Z-UzhO4T~0gw3>=VRTxl zZ)bucV-nGz9KQiS%rc1eiXfJkLcM73rUW@4p}fey%A%>g**&X$*IgedZ2|MB+#e9_ zW;}3h5Q@!EV+o|}*97*BHAaKF^Hh52D!H%LYVV~OqdNOfyBJ&!w~!Vm)Gk*olvS+@ zFsxj1b>&;0x@0KQ8=fvejkF_0G@fT#46rFTP}j1>e~J=OAs8?gcFB-|L!bK`m)tRq zW&=2f$w~<3DLqy#7INJ{6s1j+z_7-cW=+)k9qJ{76lzqL?l>^h$UO02jq%50!TF6{ zXWQ=*((|HctIKXS@^zaK$5n?=iTa;&53omB%<9*l`&VM-77v*+i{k<;->-Q|<7`GD z2_xuh_GScis2Fj+-+f4GY;l^B|8UelpO9x~BS@c9;mqfwvsZ)T{xRu2J$u#fG#e%h zm*&`m$r${UP6qwan4I=r_Q~)p?|Sx(^oDQ9%faxtLtek=PhRv#r2mKWQGYz{kin_$ zcid?<#*^OUVsbWmL(WFzOt*SH823A5)IaG#wxY>dA+?WgHaRnSj#_%)!En+a_J&7# ze&?gJXZ`Vba5n6nIDll_AH5nJ^~d@G!3B)Z`$vOkgQMQb$s2d~j3Hf-nOd`9mNMu= z@}lGZc<_AKA*cP((Tm=2(tA2M8BE@E$g{y@*dLDpi9N8E4~{NQdLwdvF*-lfOPLHN zC;etaBW-v#+#L*`jRwQ#CP&m-jOuSNCh}}FwyBcLoXFXz*(jxIDj@0g;N*ln?UQGt zzW$%HQ}XoU`517g+v<@n#;#ejaWT|b9E~o{_5PoYNPjds8|~`uUCdUMU(jUyLgT4- zetz;sPwMqx@?t#c4UbI@s%GO^Z*X!kGMTRWq(2^`0n(zx5{IR?QUA1m>`~i`{-{3~ zb`5zp8@(~nWa8*>J<<$_62<72q}3af!MN3IJnfAK9x2#9V~>3Gp6g|iQD0Na1c@+z z4RN4*!{cV7?p?&nI|oMI0ml#^q?3Um9rOEvUgpV#rdj>-QGYb)4Tj{nciMXnBm9Ve|Ay>16{+1JWH8hV?Z4851N+|}z#+kvX=2bb zJn17r58sf%@OUulA5A*s=xjLd|CB$@DrFjq_w}0G$5!_Ci{XX;v0vJo(M(YvpVY4*=+}PHb zOwRPK99^7VXw1Db8;vV6=p_a0Vy?GRt~xV0myfO4C}H<3=ePNZe)`57w+_;r=4E=h zeM}?QJ3YJ5u%9&>VD38a4S)-s_uc?0dMWW7dh(2Lg$elMHyh6fuk^A;gK^(pB*4Y= zDbOD#ulpyj`ef(euuV?ShLabXkDr{Jy|(%E`p=$e)V>1Kj6T(Q7D0`YG4fM)8?9sC zuxKEv;aScBV8Qm5Bp1Wu{zy;1HzqyJc`i;Sby)??)Q@_|NbT6o#$b5dKOMrghM0JI zGI)-Rr;|@HCjf6EICgQQW&;`h(_ApHck#ukJr*`Arb(F&YlWFZ#!|J7$;psKjD=m_wmkWd5f;Z+o7O?6Qw~7v_dO zLTASHyx{a~q_5iEkem(s@SO0b-y4zMvq>M%=-JWH#c0%bSugv|298~`!HyX1)p@7| z0Ca<&++vr5(5^z}Mw2GqcM1TjK133j;-WT5Q$%l+Zv(4Kq-ui@&}*XE=oK@F^@7}? z-%Fe1MTwbA@D(=&W&omMp{G>}Ekk=F=F{R#Rh+I%;c6xun-2u-#r72%P4$@L(8US) zSr~Cf9U|GT{il%4hMC=MCer$?uzUKjOP=?K{Za44d^{jSL3;3p)UC7Hq6Lu#SFyN> zSU6|-Y6`DOW~~dJc$s(W9-^)F0|K#KW;#E&X9pwGVv#~p5&0^3MA!pp*2yjO#n&@mV9`FQ=Yv78Ay+K1x=@pOXnA`7R+dTId zb6i>zznB%iZ|OD6cmTuW$~B_%H{TAtBc{rjkubplJTT&8oGl$I30AE{OT3r6&=2J@ ziE_Z-*p$riF=)5L+7j$@L@E8i!Ncw$IV$ClIiWWY#H@+ZBBRw=bnMqN{SvP*DS__F_1qlHI9SjSwl@AYv8O6 zcQv>yM*Vqj0)D`Xllt&r*l7$QtF(HTW=ty(DR2BUVa*!hS4~$ABztTrja*;w>S4eL) zi-ZU}M5RJ5JIw}rmqbDtk~Yqh&vkFIOvsp1N0?}tgbP=?5OQmj#HuNOBW8aS(HkPO2;=4x$>V@05wk(F zmbvG4W?(nXhI_p*r*LTY5~{ApmL(pUOD)eW2-Oi|Ta{%@BlK%~E<~6Y=e>wIJbbta zQs0|oB5AB_ky0)8ICm9Dzk+7dX2W<+1lA`P0+bn=ppA)iqet}=JO@%uU*?4)as)lY z7*!1xD;|SqimPj;n~iClQgRegNy(8W=vAlL@OH^A)gsuu66$N5 z6Z6L%`}SW9+^IZ2+`>0C-Fpx`2Fl}^JFyw_=-AXAj>&tx zvz!s4gs)j9fg9#{>sTsa*Ct{Z1zsC+!1EoDumc9K5JzUkU2x|^09;D&l$km0f}+e3tCXiU=MO{Jw9wxrNVOShDvq+o*Taie2uo=*y|*Wf z-bJlzNmI?$(96QT@PM~iv*Bg|@>(v5I++bvP98?+jR9L&9HiO6x&S5%P-qxU6=g;- z3>Gw==Q%v8MFccC&5if>RODfd{^GktD^*S$m{roy8$U$`k-kBS zsg-Yl1dMa^RIwj22*xu}KEHL0*0qCi3G2yf)^fUW7Vi==@OgsCOyj3G zEvtYF76A(30X~yy?!E}gs5H-qbm+^3f#*x%0zg$Oiw)*5yPf_54HXdo W&yHm```37bGpUDCYmbh}Q|dC1n?m{+ zSC;qhIG-etGELq*CG!5oJjUKD{dCoA%xD1ooV7c-#Hf{V=tzX*a~{(uuc_yP?X9)O zu|CN7X?GWV*GqY+A9jC3o| zP>0nAyWMe4T~$el+$;p<+|qIrm8rYnZP+G{Aa%)fRdghXsHuDbQG%GH3v3gi(B$Jb z!VARoDsY!0R@??n8Mzib>^2)^SB;WdZx}t0yIG#ct2IEgyJmwz7NLWv{wB;^mg)LX z*is0n-JN_tJeRuK)Uit@=S=E5Q^+}u`HwCfPob89r$HiLPpS1P1*c4#BZDf%Qm0g= ziRbq`#x3<9A3i!bEY<&ec(8x?x&Gg$`1^0qhtHdh|3V+i=HSKgNUucy|G)UpA3S*Q z`k(!O|L(zq2Y;nT&!0Z{pa1v&^8b18;K4cj!(euL`rxYv4<7uB2mkD^{^f(e)=eJ# z)q@BBjz9R%;NK4({2c)Q>;Ldq`LF-spSfT6|HEJB|JDuvxBvI)zkKlEuio&W~sk#{BF;o?e~q7|Mkl^4<7vUzaAX-CX0Xm zAOG-O^sm^z`u%+NfB(mSeDpv4pa1^9`5*rm^6w8`9e4k)|N8%U(3}4M?EMRzBuiB% zj$dSjr9Pmm?t-|8VKvAMc4g=LQQW!GUEMve?w+20&h)*PzEPRcRXLrNnKvV=yQ_y$ zR(Drjzy}EW*9AnE3%mH>FS-i8U|oMIAUhiz(z=wYK1<(D|8-M3nfAp?r{@dyAdBLeq zK1KNYa~~+Z>BpaO&G~O%{=k1d_oY)W`_A8eX8RA`|1F>ULhEP$>V5Bj$vfZse->W! zI{d}oGVmAh7fyfge&^YLBYq6M>%A}g{wGa6`6W;JsrTRa<`4XsUHzr+{SJ+PdGqQs zH$H8A??|jAI zzW>+0;_JTh?Vta_uX*e1ep0*or62q6zy7K3y9OR>|J=(z^LJN_OIzRcj^B9xkAD3G zdf$Ij{Gals#b;}uZ9VOWAN$OwpZxn@`^qa|>s8PB|G)O{Uh}ta{g?muu|N2c^Y;IE z(trB&U%vY99{y_kpI-Lz?|S72KlGuUr@!RQ5Bqx`e$Kc3hW9z)GF*S{C;#kAq)+V3 zf7p51`zP?>Z0BV^^r3J6rN4Ogzx;{M8sGK$fBin=W$*sW_insV`Ndbg?OWgUOFyQ6 z{-0m;$3Fjwm%QbZU-OY4`+@KN#NU1A2e#d<4}IBJc3%D4pZ$}M|HLCp&;RLnDr@I{ zZ0nKE8$bHaSG@4C?^=8R?q>o#J@x9B)_-sA`=yWnuOIxI|M0>WeDoQ=b^2vLVt?cn zANiv{;a~CGU;XyaR=?(#@Na+B@<+wj_%C|TU;n39o?f$0UwhhfKJkrj`<;is=f}Q; z|DJ#RnVwoaG z?|I>UXI}C72ma{2SFE4;m6!gDxBu|x|Myehz5TVH`o6dP$o*gYuJ5S5<*U7&{g3^= z_Ge%A&S(54ci$VI?}tyF{O~{g|9<{8zkU7>O3wyQ{)6ZK@+;2&(U<+s)Bfrszw!I8 z{1@xr`4x}8_AS3zS06t2$M=U{_fv2G^_{0(|MGwPcc1#q`#<}%r=FSkApfRky?g&h z|9W!vzE8jM3;*t0=Fh+I$^ZED$6oadzxsjdkN(`$N6T|x|D1pN^oQU1x;MV)IiGsP z^5y2goO$qLpZOZ=o1gK0ANrGTejj+p_rB-F>XUx>%-^4SX7#>bdF@Ak?t>Q|IODzf zO~3Xf4?pX*?|O;!ywCeD`Dg1dUhv6xpMG!kHSd|(c+$rgorU08TOa@7UpaW-B`?Jf zUp)2quWo+II`tyh==?(EU&#M)^PT_n@@M_t=l{*6{r~adFMZk47eDjvk3Hj=Kl9~J zd7bjhE0dkdJD>lb-};V^9X|4jcmJ97i6_1JsjqwWC;#W$OJL`Dzjf*_pYl2T>EC_b z{mE~h_+0ZjpDg{w^qZdg%xk~=yWjA#cR%*jhrZ#Do??8d|CqV@Kfymd_nBY(&HsDf z@BHFpZ+Y!2fAbB`KlAH$=geD{|NOzPedm99>Vx6Cp3i^f(?0yumw)IrfB5-l{EG6* zH-7iueCOY9++Tb4{Qvr2p{(o@ekq>sB@x%3}Hmtq38NdF?=KG)Y z@t?GQ7hY)J_lDn<|MrKz=`C|_+JEx>__pAomd^%KhdPa_KF7oL95)j+TNcVB$cvik!w-}u+x{UyY*oS$2o z{fU`JzV)t};k)+N#edN)WRBPHIJ|e17;rfL6Esm%d-0zp6~F&{NB-`|dkwH>qx~80 z;7pkZJTP<>h=Nj%Z`wOk7C52I&`cg=5_z7V!h4N!49pzc-5rRn=u--K?zhkme&GHo z`VaZu0Je3eybK$tB9s9R18*0dDZ8GF;%}9G+X|a!%0e0J*p3rFB%dom+d*f_Xb-ub zWkrZ8YSQ!^FW4r6-9>Ti$=Seb`ziQ!zYoJEu+EehWqwi=WKIGLGN(o#Ya%B`A9?yo zj6d-PXMhFrQ2{kt!l{7N<~bFR2FSk)GEe`l$s#ASCo(6~s`P^b7FYpot;RmnKIjXq z65!Z7MQQ(yyxPOWaE;ZIhbYZy{w9b^13)@f0I>$tK z5(v?!)9JoaU=`f&drqg}xxn{qH^gVkxvd#(QlR(N0@>K)^ zuW=G7lz^b>te&81q@v2oI0fhmrvX7VI28zrO5S3h4S`dDz>_M1u5(7uXC5 zqKtBak)0h%JoU8dBpt*8ZDNu%p@0QZ=A(}_Q8GAvQs6~S0ivXH#-u^05+#k3Ck>Up zs%x|gnM*;JIbl*J^l2I=(a9GyCJqZ4&uL6BRE<;UCspQ@Nr97rDsbAQ$Z23fS2&pv zrGtfp!1QN>NJK0K>a<={#}k9zk&Baz!K6bi{;Udg5eS?HYATaU38)(T!0ABa>2rxv zq#B$NeW|hGvM+)j%Qj(+HYxHF<*G!g2!h7=N_Z&_e0j1 zq#FXSq={M(6poL2G6+LNO%l~iae4@u;-qOo=0s68crinUAaJ@O^SYvD#vpNmD)71? z8<|1yoJJZDB`w2N3s6?jnxDT-623#sv?ife+*$+|9ys-7-RGcM^bRhS|$GbIA286;09gNm=D|RhI4K*4hL$d_=>lg&)0!&QMNVeK$vP*?x*#hW(0NYRC>3ei79^fi6iqO6dD4(MO*eFf zXNx^&eQb?T*n-3EVibz_L1x*7rQYuTjA_{4Gx^-op zGc;LKNSVw@k}Bx5P|#&v=2g;w%4xjD^KzQ2f+TT@stU4B%#dv8imI!Ch^xTsf+nO( zYl1Fuyl&{al&NfpoWvWNs81>er|_zw3Yk(v(l+|Jf{f;uc}#vq8Xea>Y5=>3X;gl zvMB2cv5qn)8D!Qc1!C+3g%=GVr~)U7imD5ff+BFLDru?!NCin1WX(vI)&#*IQpgka zm#R!Gkfdmao@qE$D(FN#@jO|a-C{%K1U_m)0RllCh9v1qy0j)J z3a1*9rpcMgs>X@BEKBO7u5+@+E22gLkfLaYrjc1ybxGz8kpYFMm@G(H)CHbY<~czZ z1zwm`G|mt;LE?2l_^r#bCTr=^njk5hA*qI{WGagUI4K6FX}qYaI-rJF<+Vvw;CNlt z43P{#kU5>12ZD73N#+Ty-F2YyoTBoAE{Y(3(QSc6%2Zubh!z(#&QN)cCz6>eCX3%7 z$_ogh#)-0Is0N)PMG-Vn27)YcIuVIXX-!ZxPUi(d)iRYeo--orAn_cpiJD|k28%@E zrAab}iXmwV5$;qmfgiFc(t)cQ#}fvN#MCLGA<0Bi6oV54UDT;a5T5FS2n1Q<6p>i# zbZJcxbxtI@L?OkhBpSLZf%K?(nG;oAmlTlCq7hn7B%Xn!$h?srQ7v6eK%y*2ngK*j z;&f3F4F;D4RS^skh>F5Vx}x$DrACoNK^6$yR5*z$KY=G!#o%=Vhyq!-v|R$~6hkpo zHC?Ky9B(LsPKoFiD=MdJk|FRS5G8>V6kgHgw3-tYnbQ?rQVP0|HPoFpbvQpwbkc6kB{$ns4sNl`aARU&|Ek|0w< z!*N#kWvC(23WHBl4{ zASybi3%np`lLpV}L<>lC96F~{?O;fpCaJ1u=s+}dj%V!(JkRk88EB@I=w@EhB|=21 zSkmb<^D+<#rX@yFOlxmZA$C^OL^-4CMOontUX%!gO;si=1&xyxvcM(< z(cnZ~)J3`uhz(RlQJo~3P0&<{woH^26$?RBIYDG{EDD^#M2OTi7(3}aMF6PVpD2r* zCJUmhP|YXmx=g1@;S5qJq)Tg}Ml67+>eY=n|Kar0!4#6w}C-u1HLvyT#o_E-4bHM_#I=afT-7h6E(yfNPpA z3hC0Cq$!*n;qg>usz_x~7SakxqHEE}EEGCuS(6l6RpMkr(RdX|y2kNL6njcFg1QB& z!6buVd%{lQgb>;$1z9BCjcSn5Q4=Ps(xf0$H7SsVnJLsYftR&RyRu3=KT##~p&6V? zSe#w(1dcJpoG#5(86)(J!i$_Bs=BOGf5A`*jsmpD1bj0vYQr3$C3imZ^*R1*oO zYcc`dvZOHQNmY46m4K|NoFoXMo*9o!{18JG_^ihvOFTgfhLCYjWS+uHf$&e%i1{)M zDP3yloG6I8K$d2zSk*aA6jfPJK&s&s5RwT{Ap(W|HI9-t>UP~7%0$EHHOKCjE zONO9oV!AYCsB4*Gk&{J5H4LEe!~Q8+PLm7>ZSg2Zd2GSP0#TNG6Sw=_)zvY`=cO5I_RU=z{cb+C{x zgj--yHe`-QMx?Z3UL%wcKtHL;oTlljVrW1n{%{{QP0eYlv?faiCrg6CYnjTT%n59! z(+v~tEvm9&WP$_vq>Wl_ipUAfDN!{7AT*H(x}vC@%^zb%)Ik-f9cYM zxP?@43N6=C#VTQ^q7!_l7zQWFysTz?c}15vp4tDjhp!M%i8)Z|%8JbKOz)-yBvooC z9Ir@%q9|Y?Rh(vMrZ^d(qDY(=fzK{86ou#XXvL)%s>o!e%RHYct|=060#sGVwjmiD zFQ}3%X8KE)b{U!~HWW^m;|{yUvcYL86?WEPT-*g5DKd!O=M|nebdaJsRl1-MTgPN0 zRa{eKq8toW5VCC$fWSg}ss0q6lc=3Z(YBDk(sGt(YPTZ!7=57s+&_i)8V?ky#JBy| z&Hun*$3d7gF+S=(M&eYpNbr=llcV~xoTK5hrxCt$9zY2ID`UmuXL8A^&@sl9>e@;9-h(K%~ zqACz1{~#&aM|PtbR)N6tq^uczl~q>9+e5*QL;7plmW5nW=0nS}-3B2+;7PUKQEbx$ zlgfSoeL5h^#=ZkPRbbO==__@|Gk4Ry2|WM&k-d?=fS@qCX!c7LNc<22Xy3hEwBSJ{ zE)$jP%S{C7v6$;weu;bzzZAx=77QA;Td8|t=(Va5Ka%3m^Q(YQci}@9IX5-SN;K-e zX;w~W*dz6Dq8_@H`1a}%9rlPy%XTXfe??_TtJNl%FWPq8f?*iFwJUyLw_q@ENkyI3 z={@pQ;Ce1f(-e`IriqW3oD5whEE4+(jk`_}nnQr9s(l^yv=bfr8PtL}Uo-T%9IA(L zF>Z7?ak4QdP3!4*cf6og3B3L6%1V|LlRPH00JcM~?_JyV+ac?Z^1Kp2%WmT;kQrO! znGpN~fIY{yz(lQ9>lIAf#V8~ifbc#?I(bdWsG*3<{RF2KQ$#_$KBY(rQKgYAWKI@! zMH6HxJzO@@T$va=4PACrcRaI=CvzS^b~Z7^uI`AY=jRNnw%Q>fF&5sQ4jfpImi#Ck ztfqAeosaIgJoZEB)#$dHJ-SFjbP!gcV>jF?aL`UTY_N{)?pEmC^4EJ5l*}sLZS#BA z{|NqT1aJqsaLR(XS@&RI;i>3|W&AI94SVh__c0XzNvfs^au5E~Bv~r(-<|j)>!M75 zT$-KRELZ7L0if*II4oDegOM9{J@L)T^|tMV=iPD@2$S7X3x*I=3|Ov$a-{;!GO+@c zN;y>x(aVO)RS*Vklqzr9R!*sHdTx#A9@1v4ZbdEPL?bY-z`*gd_{9 zdob)qnvOx$ZqR=pE=ASL$YLk@Q~W9K*w}>5RRjb23p$IQ8#c>TKxr>G0_Zo_JkJSj zKPj{=GCGldCW^63c-gV{(2}>G9%7lIHk?R6%&W5LIS%wOvU(ZPBLT~S*Fs?vwY$78 zHv-#Q_Hc&v2Je#aEMx91+mt_I))9@WlSszfw#|^jK+0+eBSQZ$g$|p zl{K>bjdVEf6?ijRSJyMA7RxPaFK+?G)d(qzQOCrl_$oe0Pe4b z9X4SE*z~@?V>`|zADVX9$$7m&@Fa4>cntJlLQfr{;pT%JPLTzO8p!QiQOV;lS<3m( z_w2*?S?1A=9ummF=v`&L$F3cWM+<{qYDwuPfmPYnNuSYd|5f{t3{~lQMzj)|wK2W$ zCF-JYxUslLT@R%hH@*F3dc0uJ)M6jHOKpcP_B;v0AvAYww~&<2sb^)!m$kXbrd(|?d=Q#AB0sAE*1PHl(3?hODoi^#sZ97iS(;L0jhjkDjYgqF--`jZR`@^NYCuvhl+|9tY5aVT^ z?HFj6^d7s!%x6@PXP1Nlb}3mVW%g4*J$)tXKdYgkW9H0$l^6^Qcbuv`N0)}n3;h>&|y&&vgGB^5|azuuh0HdzqAh^^*K~I$fpGp{R zw@w8xM5pMLi5PF2etR1u({nAn9eN>j9#mQnpFW*^o6XBSy{3`0vPLR`+VVPxUhM$} z&~5ai*jqykq!UV4+!g4D3!&XY7zH-M1!^czLxCDn4Hl@OKn*v68ZwM(yEGC|wvbux zgt2l3cM4Nv3Wk9StpF8wA5_G6B0!j4;=A2KEidS7Q_1Op6H$<>KaP}-GgwRXwzzhS z&hX8`joR37BOKLZ0XhoMQGkvDbmX;LfQ}Owsxb0Vg)S7R;_jk~;bDsF*Sz|fhv@w} zt0>sBO`^g~A~l_d$~R~bV|WbX`gP3SyK&=oq8F2Q5MzzSkzIkW_@0GhF5D{iVmDTM z!Ob#f<~TFQZ{y~4qY!iSi~d*$VfgKU(&NXdq_5j$l0Rtoa3q6f$3pG> z0YV=IAX?i6Z11U7!1e;R51_e#?FDSVXJUneP`y~7`n!wjhsFs9p|mFqJ{yNS16-b4 zTkGosA0jIj$Lui4N#dfZnpq*!mdnJMD(;Zm=8DNi~BLIHi2# z@bUn)d(*t_QLe@j&8xKBjdz+fJhfj|k1WQZc@G$fMJv}p)o}Qs2!|aFT zQJC`W5@k(BbW*i-rjy(8F=DKT?nVQO2}Cl2q8A!u}kI{rTpH$~(|@ko8g%x+Zd*lVXSF zDb<%7@}c@2=CgyKf)B91Z%U(#!;A?=wV@Q zj-9zVu~9cc8rRw=g|#WHO`f$05DvWn-HUOz6*jaY@KzY16JUf+Xy8p4+u>0Q6I7U> zqcK4zF7%d|q9XQ|d05z?V`qm>aO_PK#;T2hU$0-X>R0pgfzOa9V{Ts6R6xq0YF)A3TYEWe56;9cSamr3; zaIiNkZ=gLg3VT%8qa(FPCoV+TYnO^hVdi0Bl#ZQII>C{`-c74PhDp>5!&DfiF$~j5 zj~Dh@pCW57`>-%S$Ikqm*eG3J*4{wtBNW!Bus*}Ksh$9Fx+06OFiI!KD4oziU0)X8 zK$9dECaEwMQKh39(BjI9At})i=;K6^EP(+ccJKx>urgCqK(ilJeKG z)D3+cpDaHX90hX+zL)-$?jqSQ+xJPbi^n#IsE!CC_AMlNz(Oi^unMD?YZMVxWA|d{ zFjCM(#1QoS6`tAgvp~l*V%TecMy2)*vOi*x+E>`0qp?3HE>0NRp&~q(c~}^sV`qep zad>c)A?n?^8fb`$Gf#yf8fJ)2dQdR7Huq%eUJ;)f(7|z0%OjKA2I^(4(94Bh&eO|w z>s}2|oo^KZs=_xoAtvaA2B`W{+6L~B6cMVz03D41I&l%I*bo&Fs?5W}3LQHubb=#P zeFEm7eL6_#k2B|7OLs@U9|*mO0S&tJJh_t#vGPrBM_2ZyM2Po=39HvL|*=|>sd z%rL6$+H}%_wwn^HJ7Mel6oxQBVHD@63R9n-tKN1WkC5k1V!=bZg|?%gVm}fP@Ms$a zoweAwK-cnGo6y<4E!(y1IkwpWEA70WHoqOO)I!({Y(EzB!n75pEnVTLOxx&7YEPbR z>)p{CWZUE-)1t6#18v*w`miV0kUc(`8OPS39aq&qVVb6CnK!HbZ&E$iJ0ZHm`dJ-Q zKdVQkhGBr<-B-g)UbxhDoF}w44uf{SGB#ld9j~$N6Jl_P+;Dr(bJ{JmZP|Et8~e~i z+ii@jZ7Q+(>iGDo*BToh*q~zq>-Y((UR#jvdGma>)OLH(|1na;Bf~$BKM2?O+iBmU z5M@~V`fas8BJ;xNYy2i{l#c=vx#69)QpT88N*r#bPM|HpO>ciKUSkWe&bA49aCElT zA`Es>fcq4D*Df7r+avINWw8C(2@s0xPb7%_ zdQnJUTKgb%TO8Rc)NP)+UGl=?t8te+w^C@`?vq06roY`it=pHZK1l0Ih1M;!ZjRPn zcU#bf4SMeNc&Xfkvd2-~o{-4)@rhU8yE}({DS?AD>4=nzV(ah(D$aq?TkJv~H@$Eh zhh6|1XdByyXvj9l^05Oh>~@@#!1t$3ykDK#TF{|4rRa%QnAJP^{D)bpkm`6XSo+qEc?Zl0>c&x z_U`0v4N|a0j&W38DA*H?U^DvlR`6^3(&01%@93Sw%7CB9m%G1P(YiH`g#s^c zM<87_t<(mkrjd#?^|McYQx%pSXrdN!!yFZsRII~b+OZpMR4?a(#Y0cNSV{VHk_{ zE)0uhGPmQnVQ**WR&Es?2oS*tC4EB4r z7eNk00SQcz2X;z1t!M*rqS6CI23>aCwL$$5Bu4-JTEnuj@4&?8aBSRf+sl61XxF`v zz>2;~M1L>DBoI6}bP;u}VIQ@z7+~9NIQ?s)jJ+VtSI;*FGC9v>0C`tQj|B#4O=Q_& z7ZjP~-~KwOOJC6eGPlWp+MyS0@6(mcvNlflzu4;zWEOs3ZFX3z-;Du-+=4y^-FZ$x zGqm^6_BF2_F#%j!0iJv6G}uFC=mn?v9JUNfUKz%-1rPS?oH1E8Gw$8pDX)r6Fc{Q( zf{jAEg`)d;OF46L3ogo_Xcl<9{FlNtDO?k9bgs!z>`WL&6^Q59IpAOr35B~;xI2Zr zll|+1$9>F=1Mzq$WXKQ3_fY{cjw7F=Uk|+{KIi=g_L14ATUiw3T7kr6miGCHcxEa zkyKpucEUwC;3q4)HTrMHi)s|H%Ob6!h%@$wagb@ZART(2EEhpYaMy#7IkBo?amdoB z5glnpM)CvGCoLTVqn2HvIT^!*=yA=;=Ox3f;GkV@SdHHB+&c0b*I+`jB?33N2FBjWpnT}5Awps4)jOT8G z39YKY86cLjCzmwt56%mqg%I@|o6%i6}V&rnfP~#OT?9yq07-6*B0$nxrwEV~0g{3J6akW(=&%To6akX{zmwt4 z6#FC~ykmUWS@;w$Jp+hWUBt?uQw?+{o>8(@5NQxNAzw(KW=mEVkSjc zj3BL!va4R_>uk<__4r`1%A9U z_;GxYSQX+2|wJB8K6FO-~0oj<USn`R{PKZ*2oCfSRt(8F|0uj*LYE^kzuU-IM(P+hXhB4hqChAx?UeH zZzAIDP#*;*azpyHH1wsxTcbTy2l|4{O6tAs?&lmB%=HE%i>VChnpw_ly4^s(Z;0bJ z%<~)1^&8Lk8|D1<&%$8$Z>0Y>%mK{GQ4d!KIdC~7jE%gIKxi*P!Oj`L2OU;G+OA@~Y7H3v5|n z%K}>#*b+R^uq7zKg7wwbsi{jLf22a8hh2yRgN?rT@{RZ4`8R03E&RYdvsQJFeLe zW0K*Uo{K~1CL1q_{HF*t+d;qTZmBKEB@U{%FBQ*x7to<=P*2;zTB6(iaNd1 zlgw*|?a5@18ghDxu7=RHU|?;)z=m}PU8arX@;*R21czi1XE{I(L`+k8DwWRu&_m@@ z4?gtJ{=?sRntYxbU;H9<%;!ktqiNFE+9pQ#23uivs|(S}I}GNRU2nf4%JJEfa_B{c z<;;7&ZSJzOV%@SsVh&<)=xU9N0uN>(Zq_{*FlfxSWKX+` z*QPs*HGY3_mET|7xV*nO>#_gUh1=vPy0UU&y-f0 zrn};pHqUQeo0FGjFI*#SEgfDK7S=8wTwPlauWrsampVdoadv)p>F~0A_1gTk#lz`~ z=D7=dTjw^eS+iba^>A*#=3a12X{7@^5X^(Ay}W8Rumf+ag#-r)V(#@x!~y1R7Ma;%HiHEYR~mRvMD zb78Gzg-h$sh0WQO4K%mWyu5i{zI?@BTiRXhTo#2Zmk*uh=K9L~+H6CBbMrphY+hQr zvcA90hnLO6X=&@q48J05oV(gGC37=eUf)>aEq5u4tdMyvJ|6B*QoTKk!xc(OfMG<@Szo=+@q5tp1Uo!XA(gZj&;IA|RR_AIf zb8D+$+O+_SVMliy4STILF);zAH&=V!C{@5-gafMpBQroD=HNb_Hi<`e5p~X6B>+-@ znc(=%RRHO8u!}n2{46*Xphw$wfGn`%1+*6n`Ht5ie*bBLya=GH0v}?$?**hq3Y@F7 zD(ebdq)n9oh}-IhQ)#d->NrDwc_96(^kXuLQDb0l-rhJ^m#N_#)mYBM){5t#{xPg9 z0dEI{O+@=YKfMS7&p`lU+-^~48W8Xr(kz@EFK7Yic4*ZEw{zV=;V`h>Mrug;t>4z5 z;67%LIYuKH)@&?_y~B$i5Go+R2orP-LT?wjpn+U60yap}E156oCR7d{7U>eC`s^P} zwEIImfm<3H+QBo>+->_Cq?sky>Yuq)ADQ-!jc~%=x%pL4r*DBh@*1E%;=oam>Z}t$ zdjU~5!$z|!@U-bsqaupptmicx1Zs}g?$t55Qre*Pr+qtbt*yk1>iiCfA{M~L(b7T| z@Z3y)-BDBj*|A;J9r%*xR-z$+I>bno0dh^xLKZk%TL!Br*t1PU79sI~>Du10M@a42 znD|^)OdqxbG?vyR71xjp-7rsS(q=;XI7emDr@6|eck0*TCWf!XeyRs47*ez5*k}mZ z30r+1oSz-02(vYhoZuZE?T|q2pb(XxIvn1G4Kp)e^4#Fl3!9K*m z3=maqL@-ZBjz<$zY(^<)HeW_wgx>M@aT+XWr39ZNQo`@v-Q zy#07g#9||ub1k|_I(Rx-(1i`UT>(&3Ihlq?#zJWB0-Huk&0%(CNRvl7yy@A2qhc*h zo1wjj0K0m{3p&8@8n&CzG6Vn&fAMGs5wj~tvIYzzh#7o-mOvb@9zxp%)3XdA;F}m% zs-;^P)KI8C-42_`4Q+EIJ_lJe(GHtj9b(%gEpW&s#r@hjrUhX@E7SM7{dF~nzym9Z zVJ4iZd!B=!n}QXzA237P>Y;roXEIeu2e|3&Z{v17_Gz~5on&J#Rg9}80EP^_8B)D% z(O_ppE-7+DA%k%N1Q9{J1(4Q~FHxh(ciMLHE!%!HoX9s#nu&d!$8%&u znQbyhXf}u4%mE=vqhaq6o!IHFm3V1U!MG^!qbv-4soUTfBqff|0J5S8*3pudbUK*2 z*a+7gXtxFksY#xtXArW$NBr&>>tr3HfSS&@pV1U82WZDW$RUY6VCJ?-Na+$rZETvf z2v?FNA9$_oBRZ^`p*^8!F!9s|4B};i9RSM~?zJ?G&t#r44KQ`cG9lzL(}KsKl~x>s z$+X@;4o^Ey)Fs%r9fz>jr**q5wlSdTA2d7}pgkgPrswWBwi%93Xhgwq5I%Phk{NTr zS!Pd$hRM@IM$wDWdmMAjhrtSp>Z0Ca>lLj#Fui;pU>0-0LqJ50cG6GuFvQSX`F1cv z@1UXUdLjFXtvqWPC6jy5Q`0eI5b2;z1gwOr24N7}Pqi+F@|sisjy z?>r0^w5Wv$$&aLiG?T}ow(olZffBJqu>Kwiymp8bsnUYJkAg>tsd^-CxMI0@1b&G6 z25ZDnX4@i7rCS;`#rt@5b)klWaC&7aZ#l0lb)z7gt6;je2v%1YfQf?8-XR7!QlGZl z$K@<)%g%mkr(s0%BUboo=moHWz+w_>8GDU49Ip-?&PM^ZafnE*cB^lc1LAUh1EJI>t&@TD z^C9&TeTNP^^rFCK&+8mmMIm*AsZn4M6L@u3I_W z|6AUu^|FaI*~h8#J1n7)u9&{+%yvdhgJ3zK2QY$|na*$_((kvyhn)2=a@=vFa|8VD z%rNPo+88~K;~B0ivRgz$DudpLC4Dh^FSa^^5L#3lL|#X%8d(xKHA)BXWFKpzb|U(FaQQ_@1Zn8bVf_ATJpOn*(Svdp`n4U%LDNKje_VaD zNtS6q7|xakU=_jK`oc7*qa80mY=^*ck`T^tl`*1$JZf(P;gPYKUdxAWC(of|PpFJ? zAlba7M<#*2!-%wTL^B!@ii}&!15tzy8Y#)8!VRGrvPjBNkinXpqut%@OrQL}U4fqp z0~Q|)BB6_o?B~e zIajZ&2xe>J@KVEToIkhHft&OAl0DP5HV<&EEGH<}Nv=yX9XMH)gJiOMBL) z!mo-ON#_1b!8V{;yF z?9R7Vu5Gj~uOIkkOPMh@n!D!QihI>Iu9~iYusU}&SexSyRz-hqal^W@K5y|`>(-T} zc~gMy%<}5|62B%I>Q&xU7I}Yt{oK5=C_3ue#;&x|G7q;l<`=H6Z5?jTHfJn%e*e;y z>0tB9#?0d8(*D}ql5<(K@QP@;m)158SJ&rTS6eHKi)%Bj4bc);S}W@1^-#9fw-%N} zAFmv4g!QvRZDnI#S>c<()lJLWnm-?GoIN;1>q~1(bMw3PD;qPH=C(X*V|{#A^BzOS$=-uz!#R>ea9--*9e2#r8C7=-o?G{a`Q z&e>jkGN=ls&n_=iB#y6muG7h@=kDSvcxfrxp@A(_1yqi}Ds={;9hr9ER6#QgeO#TI zYS{F3(`zN7*F;XM!o)Gt)Vhzu0KpdVSFa&69J9IT-xBog=rCm!?1?4l`^i^<=R{5_ zWpLnH69ET7i^c~$&!Nr_Jr+i{fLsgg*|-fI`;gYKTQuru(@?AhS||)`6LY1eM@Ub| zW3&+ZO14S5iJ$cF(r&>9nySk?$P%DdQB8fPA{(+&sT+n>;SCk-Kncl$pq6$~XWt7f zTrE{V%X96}qY$(b(NNlL*HJRkmk6BB@fE(*f;QdmM*)42g54@Ogl-etsQKas1;2z$ z5OF_#)U6yiZFAQ~FE(v#dYQUG$R2g;wxAbqJAsX?7Ia@6Agc+(%qyhAPLO)R4m|9@ zJ+29@!={b)a!9%o+Ko=&rF*fR7l&RzT(W)Wgec%FlvK|=D6z6wI3jPAuwo2R8d@nW zzRW3rzVF1_?|bn~Xq>?D$Hai-=zkjLI?A&kL-oHPs;VgW>VHjC3;lm5{#fXZsQw91 zsenuIWfL^mGwYeVG@{e6aTs)>IGw|`m!RVSs;h{qrXNiUOv z-FED-!}jAm8qi?E2lkt`*`y)5C>TgvTy8tgYLv7`o11nVZyz9=z6xCcg8+7bw*#)T zMeQdq+yE`;V{mF$#}#^T{xsc}Prt)Fb_`CnyZ{jjTb>K(8fGuBE^E*Qbp%4x@`?Je zSZSJX(eP8m#^tg7>XIc4d?L~(UT{;*=QW&dvhQ8+;KQX-P=_XIg#~((2+qU=SjQ-n zCl=iVu;Mvrik@RQWufTAH}G6Q8sd`3qQwGtQ>3}ml%O_7b5T>|?J6C1#oMW1uZ1en z;f_qTREIsa&F+&D06zAk*l#yn=wp8!qiNrt4q9H&E$+yW;XJhGgnl8qJP&Ard1}AP;(qvrJ*Rgc-W^Z zxPGJ5t(Js}Q#g=Ii@XD=$WH)}L5hS{fOatlTkz0x;XbB@kj!TV25uFQ|G<4*wPCAT z6+}r^R82Q{p0AQRQ#NeT$*<4}ZlZvU2)09Sk&c#)u@oR`J#iHXB|>y9-j--0XgLVu zB;p;1r@N;aN^zZNr18Y3+BxS1_Mzv7&{_7Z>2~PR%c=t4)d|L=ZFbwEQNGed2}bp7 zw?R0LdPT5hyDKTO0cgR4Zh=w)Q8>P~yj}%mm8Qn9l10?=i1MVnN_EtPdp42b>o-bl z!Vq|b06H^t06Op;XuH7oEX&40n*!H*+iIYY!#*+}p~MrlMqUljP8V(NCW-w7Y+9a) zr$UH#@l?=uD=D}#WyTo>72m2)m3+^dO}d()T`^e#APuj}Wm3|z-RV7OJ1piZ&?0!S z?!t88z)^LXP6xx`Fn}RybZ%}`rstZ-5AoE#7wkG7v}jQnc#eYtJk{-FY9j8S)Gb_% zimFK%eZ_Ogq_6uH-5U<5gMctz4!k;Dh=i82C}fFhJ`9^xFa>>ks)?WzHd(0`gjFE% zJYOm~_8z*8_W_`{k3eS@Ik2;eOwYA&6{zG1aY?*(m=sE+a0l8>J3wpkEnmd

q&v ze2R@-vM#XML{{5D!6ZOjg9Bw8dckg)8()^_ev(bMmLjE{5+}M(;yb94^n<5L6BDJ0 zZpTa1HpX`%b}N=kC2G$Syt3AhQs_QX3`8vYjI+J?g{U%Z1q8_VF!7q$OYxV)H%L%F zc{vM>&ax*_Lm_N{{icUeyo(5IR*j+?&~-TJVsAui95-R~iJ0tVcKHxEzq90p%K@Tk zjZCLsqKl3quPDhXgJW``(nORQk!#)KDb&mdD^gWd~n+BY&<=&de((KMwyaOM%<9ik^O@IyR zT>}_oRsh3~aRU?trQsu+6B7j?u5{^PGe$dFX66EgX5z+U>`X;faJ$Ybq_UeZX9gjd z0H?f2xtxwFv-TIs`0_g>mhY15bmH+d;^$g^*qOD10kqSMV4?wSw^4CDLIn!&h#{n3 zn(DqpSU&ChPKUwn2-(tPALhfwpqD;g=;B^tz@{;_8!mugIj}t{cuC4o=+Q|6_71=( zEKLBvw@S5Cvb=qlpo!#qCVc*uEmB&)nC-w}?(`J-7#j+W(-n>%(^&M=#QtE)+}=eUDk00Bl}ZLBYu5LyR6!z2q#~0pRwpfK zzGp3aLAaC&H8wnqZ9i2`zmukByM6}DbPaR*ojdRe)JQ9-*bj@u1NL+M=zv*4D%x7Cp19Bo%>0(*X1+dnW=nsi1Jcv|REw+Lg-+h!b4*H}b zWXqWp1MW0TM@-9l3YC)vmkm7YAdq@N~ce!!&KU2bg76J z@h>MdZ+Zdp@KpDeO6HY34?c3eqJ12uDiVxbO>MLQa4NpFop7lgt;uwr9ig4N0O`9Y zLhp3%jM;98f<5RESt4E18$hGoBO+{0764*1fIeDdZeILOfM}Dp+la-L4Pm9PoC#^H zt{!|iHsMsS5ZR3?cFp%L>X?oPcS}@n#>;>#gb9#c3$(N}0g`KriDqPeeAC0>v|~ez zaO``;`m5`BzW_6&l&YKp6SiLkWq}hpiIZc-%kiPKXfipnh1RZp|Ho#4<% zc#SEM7x^h(p5nzRyG3vh%`3%~(5r+^REhh9zFo21O1FUup>%4Zd-jG_r@sME@pdZE zjbEii^ioy@Zo_sD=(7lznmy_!SKE;K*+E1tb0$-!akKpuLkCx&N!@$0=F5G$i>*Gk zdqBR>qXsqxo*QjE?CS9por&tNQKcWB%V83MV{d@2zY1c>PpjCR@%*l!}2YDc0Cn0ilm6&>%54Hp+ji3!e4i*z*L7e>Nc zhvqJFt*$Ib4Mh4JJC*o6Yi|v<{@NH-VEQP_#00n$bQwqZX5@F>$I9Upr7%{cC32~Y z)J5uhT)l_X5>s?t*S`X~r`oI8d8~v^;>0GiJ&_y=&6)C27U)g@K<}@OW7($Pt^$GQ zTkLBqip2_|zG#!80MXRev8oefv*cMQc1$9l9zg1Pu#+OA!z?NA<9ZgVB(`>{G*KcY ztF#~$B3|>H=!&gd?K6p)X2gDqV3e=|U8@o%T~Hv_{TkU3;$ZF2dyzXiB!E+hKy7Nu zAx?D6>DwTUHBMttgeOxIFzTL?3*FGJ#3h8__;ZS9zUO$24p{YxUkhrUi^G777vEx# znOHCKpGp`tUBR^JirH;CVjg?WdQNrRWu;}=%sHpQUXTP$@R4w`hi1}6H;~6@q#EnI zYljI^?NS$~k-K0uvX05i#Jpz#Zt6rq3qhB<0u*2ZXjv?+ruT3)!^xyxI)+l}X*b$( z=qr6`DHD7+=#-M3)GBzi4LgJ%4cMxCj$us2_@+XuRtYb0NZ)`#BUIhqpJ50y zE@r2tE4Fo}r-bRRq?El?@q)&g`!B7Wr5@}9@k5%(QnBdqzcVjP8uGkd8}&9sX14+@ zixk>Mqr9m~J8SdOMlku6siT zft{qm(On`8Kg37#dgYc~IAuEya6J~4_S$a9j%uYg+b9Ig&S}&O6~BotnR~RjLLAkI zON?IjIUZETlCaMNTD79nINh*k%MUvh%ML26-DsmTifwg0a3=bx152Qdi4+ewUxaVY z+3lVJi^yP$G1XmnTgu-v^Fb}{IT2Tl_a+FUqYnO}XQ2cptsrP^26l)pxzu08_8}rB z?yOB)>&JjQwhJBmFp5BvCbEO__smLkHYfrjk-O*x3u(Yd{N8rGVkK82MHfIWZzN&V zd?$FK8`q@1JF&Vs7v0d~e);dCB;^3wt!f$-c0-Dg1{$drA}u8-ZqH1Idtx^>EfF@R zG9FFMB=ZKlPBjY5n=%?WZCT&h=aFapL#p>w;DCow1aJxljCF+ymE;>z)lhzHk3z&*$ZA9(^jys`o76Pw`PN_A$eRmdy zup2^Pcl-kjh7frBq{XJ~XLL<~FbV+-0S;jh(yQtye^T?(^+_wyfk+lo3)*fB@Bs|! zb{N2*L+?50izBe8IBhyZY1%vzGnCBX5$;kscAXG5Rd3@?-8)F_RSBFVu)V5uEP3SC zV|E0|tz|JBrc=x&l+|AuTgjPT%Wu=&!3dX6#SG~UNvE)S9PLfucT|uC;Iy!d*vEY- zH}sv|?&>bA)Q%T_^HJ^ma5=QBYVv~=6;L~OX>*Bgc0}9hG;RgV09gbkK?gGjlt?!- zKWV)eUoVUiS+tI~f4W4sy(rPQAf7Bw3u+_00QWLi1a zd^M|ySy++0lCOm0b~Aetq`8Zz6H!@-R#{9{>Pd>w2{4OxY?tNnLFUKT5kLpXY*Un+ zta?!Iq&N4X04$-I9d)&LB5poHudb~ickdCZu<3E%_!2>IDuc7@&^?5<>3D66#vN%; z$9AtFGe&{9V!NS7JQZA_4NskpsE!i`%0b)ZaI;JhJ^ghV2B9KaUw|X6K<}2Fh{su_ zIJbRl{ml}q;QsuFy<1AWmvhxZ$jL(O)v1Lkh@2`m$s9`2=eMoCrNy8 zJ<>;;Mz82DC)-MkVRQwQEAcg{jBxrT-tvnIx$gH;Vv~`(X9pg0B;x~}X+T*=R78O1 z=3vQ*3DOWdu1p|&A^}XPvki~XW48fs!q99ID@kujzPMT??+RRUEZzk+Y_WTfL}dU795S`Gn{4y2^Tu5b9~9qdgK`{O_p0piW9E>G9y*xiWz5%)@l=jolII18~G zIwwugojNvgpq%iqjVlP^up;#29@^H_l@Whc+^*AKY3tw+wW?9?QRmf!{^}6g%aajB z5(i)yLX+<3Q2QD0qOghScx~zn5!ORcZ`%&d28gPf&~cEJlD3s-Q=Q%9PCAgeWJh7g zBj|*%p6=zIiaDOntE3$3Ppf3Srnln4ecWYqyH%$d)D{zCQvY-`GSUa-IT8Qul}ihA z+tVvcx02GCG_pB2vwePcZfWiO+STo~OBd&sw&%|;%vHhE9t?=anu?UkRDVusc9y2- z-H<8r=FXnKv{VI&R78VNIM8;9l0yt+lVwaa7L6>#(FtaB;*14qB+0vK@4Km>ZmNlt z0LNLn0M@-dI_?(SCAc@BTe9(d-82VNv&U}P58P5I-p?o9u%9!dKR27JABoe60^*MJ zXi8{VxlT97EVqp_*}tQMN=ZLc$>pJ`Y8B|)Q+om@7*i9--P?l!LwJ=vp<+h)oGZw+ zA}^o|l!;#fAdcj*E13Xr92b9#o%j29QRjiUFv@MBX#?Fd0PbgQOh9{M(X*@5iwh5w z?tG%bTC`ahU*181RV-Mfyvx9pW@INNA{Mb0lFGBHQY7jna(6Yq1zO+Y4?yQnisjRct(uRjZQKfaZuI~#GfX$)Xvr#XI`v`Hs1 zN6%!$EQ<7XqqtGnErOa`$>v zb~IVFSReMySC1ylpE7Ws`bg>R_jt#YsES<8!j*Id23Zso$^3WxIS?aU{ zu0$27eTuuRBwdzRbSKJASzyPV6RAt>)1(u!Xl4~#6cl2VVjmULO^@ge_KZz&d_n!K zY z=Kx(Awjllmy^|hzwcW3i>htnJx zlNs3!r+DwujBY+2G4`g18Lf%@MEN^y98BRR43IUIJYsQYrh7*)A-(*@UVj4?;II`q zU9b|S)2Z3{*w~IM2$0EAKV`7_5Ca6Q)Od^_Iz?^UBf^%zY z%ke%y$%z}H?Ia$a@8NJYgxw4!bb!n*)p3+HPI_2|m_@^Ur`;glM#pP|eMpab(7W@P zivxjUW18b!iYlfA#IhTKZ8j_QcD?Q(maODM7dg@Mm?Ng+nY-O56X0qTQ=)c}sAqPB zp7j9Y?0>MnvM@=Aa6GpW1@D-9vj-j90*AIwf93;EvQ`Px()o>UDs&$;4R^u><+p75 z%O)IHuyqwr%CrMV1}1Q@?EgEGj0m$+mDOx~L~kL5!0Xl1Kj^dvDs_HjXTe&S(7!44pHv z`?VzR>Em-U&$w+T?ROkU$9B?Zp4`4NO~Mk#6u~ASJ8s+ex8Dbag&+woTB0P~;)lc{ zfkI&`R26EGFV67*hSgB`iLW7M_{f|gVJBi8XZyNwL!5wudo^zayEfZ8Qh>n%P5!M3 zP%;kn;t^CQyL!Ys5!v3fa3;y%#7_&P+{DYrN7NBPyg)pBe(sMR`n;JwKzV7@xFMm> z$^Gb|e-k8>^~DRLL~5D7w?U2ffOeK?ZHxIIJ@f;=znNn{A-BEJ5U-yr!kO1VxD_4b zKKbgVKf@HY`JC`U$QRFUxDOnwm+j4sjhB{koLLHsurmlz`*)6kw8N9W43;7Y4(h}m zl>$+qwky7iZ8%`1Mbt$_RUjQhCk^7m`t{xHgpF7)I zB?T)MypBWcLbQPF_K^;OALItrFA73pghL=JTlv)(5su*ngBTj(sC-{>K zGM7c1k`buH_r+hJddn4(4g!U$47;O!L=)WSe@T+#iKx4fFEC42l}VriW23W3)t6I| z5!)>!SF8Qw9K}nphXd0;8)-1GtOOMt2gSXp(&P+q;*VKzfm0E>-nt3-VjGAv2+Sn@ z_kaJ_Qi|d`oPZUymjo=39uc`h(vu_R2cnD}VJk&OF^O=*_LY=mDJ0`ayK&s6%=K<< zD2+!WH+c{-1dA*C@ey4;KB6G`3gNh=Z^N&X?XSnT)Hg_ zg<;zpx={qKpDQihied}(3zI2KOJ(^IVfd@QX8A4=soLbO;LWCbwIX9-X%>nkgMQ#^ zt`munQpQKo<~uit(EDW2Nx8zlUt|l-#g_7D!tR)}SZ>q@eERa;Ka|gfM@A-J);IcI z#T|~=G~PKw7e0%;?nY!)~JF)FbuA>vw2#f``-!&7_Gkx-d}!I;;SJ7$S)f4 z8c9Hx%dLZ#aspl&({*A_rDE1zzRWHXX%GaDA5hL|AMs%~9JC9JxH-oc!srW1>Y8l)hBPIeZ99+-4a6AdprD8#}UhDtMVue0v5X0Q=lL!X0Z_O zF6(+7u<0yd1xg529O>{u9AvB7@XED2n!9_`om!=LGvSZ$?%A>|eJjCn1 z)s~@g5^(k@>#mxTTzQ`zL}=v3+9tyz(H%~t^Gy&12)qke?YV1a3CX$R@gAt6K?Hhb zaIlp@dia<(e}uEep}$wllG4jfJ?4Hr`4IEp)+3*IY5Zd0yw`QdY$zi^bXP>jlmlK6we|X1 z5lJS+mwnk_-jPPIa(pQIG#EsEF3p&qL`GfkXioM4_4Ne1{ys?ts`8i(`(^RUA#H4z z0LJ_uk_5ji&~TbHs|gy}zP#a8+-J6`8wVYuy0EMl?QjV?fQUh9Z?WGe$-s?*-?j7( zABB4(7c{ajwA0-RIz2k*&1;ouI`&o@5QiZMr4UhuL4XZ$VIi#hz@*xD;|?RE5Cxp_ z!QBU(P%z*8tG@Bc#gJJkPPXwy5WK!%)G}m7x0oZ&FcbyKe5sVnDs!&VHuLS#AL20P zq6CY>4CgG9KN)^Xe1!DjrkQ4CGo<>e6ROQX+*dfXHitGD6kbD_5~%@D<8N_Xyvq87 zTtUL6)Q}Z?@rn*9((Xz{Z{zTDV~(W3gAUyoAs6_GD_*$GC+@1$C1nL&320Y3w4>lC z5xEfnVCJu~R*!Ids*QD&?G9BLjy)OEMYf=RKDFgiyTi#fp|~HC!GL${b?RG&5c>2< zMgaWvSL22ly++RH0cNS4=E7W&UcTrx+S}ffFUA!2DGe1^Db(=Y)Mp_@uZ=lDh|;i6 zZ-cmhhm+vuA@}t+ zy{|V~>~zHDv(7o77XN2|ehZR=t6q@x?obZ@%gMV!IqH|R$_;$%xyserBVmX=mbEWb z)@I6SQz%%)MKE8nRK~dhWt%T9i}|Y&3L@p?fO%~e++nGfpn|~%^Aw6)hC=L8rZ?NJ zjw2CeFw}7(oiJ88>l9nBjz41pjsO9u+_t(moYE-=E5-QicR5cvRj7_rV|u z{4NBN7cHc2m7ATd-Og6dsj@B@Xdx0wHWW!dxJc@!2=1>ds1S`r)YvUl*xe}iYy65K z{Z}DB3EfbGfseDe!0EPGthuXnSBHM~baM9Q z{W|*P;QVYI9iN}SKVL_O=O>pZhXU%p}W~uKv6P|A`!w$@GYDyD_AG&B^8R+pF5`53avrpgtu=x7K1!e{N5gUiF8i$moT zeJz10Nw8VjRO*?`?2$Mk1ezAplbrf#<$xLq#Ug zoz`n>T|2fUpeT~ZiBhuaS1SVQ1u$qjj-N!`49CbtWS2sGu>d}JA$Fti0ePW{0V=m0 zCz8re%hj9E3{beYL9zE=Xf*bQXc!Fmi7Vx;Fu28Ndv8Pc9Ib8+*I;wpU{_2!ADW0n zZD}U_<3&YBI4JSiEOZD$qAmnnlnRssYgv3**K88+H8{V?;1~q7o$2OzAY(Li?=W(a zH19`b%-jKnQwnY_`CP{?uP3*CM9}%gW%td=*}4kZDdQ3i$-OX{gC+%H=-v$&Rqn6} zR!P79mbQ?c0_(W%QS6~r8hC$Qs~C^H?2sKtKHOo8?G^dv>PRpc`U$Eo*BF2E;rvua z;oR?bVbHip0D*qM5)W?7vKM8_9;quJD4KV0O-VRr7}R%w!Vq(k1X*Sru4angFjzLY9d5r z-SiODbi<|K$Zf{95_R~i199?}9ky9WSzBs2TR*eJ%~(kz2m#5cBwfE_!Sg9Q%Pc?@ zZ%9HGSKQQ#<-xiN>aj1CzNf-yCI}Nx8(->wF4kFjeS7RfD0H(AI zF+WZ@%F-ciNJ3wt527G8WhS&bjv$fFl_Xei02V*1LCmF?36iDmp1W)mn>Vbf&Nt-ZuFqW+IRVk}wJb1>d}&jBCEi?#xB+8k;wL&KQ_%6P4s1rQQ)E4b{`&tK}MC36jomsrAb^{S;hNZfb` z(XP}a{>upb006W?Bd6%N(pQ~QgYqUJBQCAd3vhTFC-@3fOMp~{{D2N6gAY|zI>vTQ zgVtx(!Gbso!-!!<-Xe93ou0o~^4m*(yOQ75HUrs&JaCkTygTaZRE9swvQ6m~v~OO9 zW_)S1-H|+*IrRq>l`JkDD+Os%Y>x&-l0g8zMTXitjSeM?K_OwGn&%DD)5v7@G$z7I z%LdahJ5x|0aLYV=xkn>XJ z+<-klnW6}^nOtG`Da}K$(BQr;!J>f-VO%sc5hAo#+N4rMww>=l8=0cKR7w7U*yJUP zv}BQHRY{sIvolH$8qlobgF&tqsh>0ndvhhFS*ww%GUM}VVqD1@=n0gmQ28s2~bRcX_h}V1E8XY%y{@q5;gt7 zZ#|o&Jqn-0XaUCumOfM=j@Dt2KJqC0vhio zynuG@os1jEw(%YC0}A0KN3i4wmK?#7BhVaynelxFp1_R2Ff(VMiPc z)ba*rX`G6N+(DsN_51$25Kt$YYR%8%L1IiNy}U? z4r=hAjl+*qXDq1Jwg5(dGm>x@SS5MAM8%bzJ7$D>ZWu&^Qr2n|MCX}G5IiV-wF|FA zM&`rbhkfMiZ8*j|nJ-MS4f4({QF*9m%tf`5ABYn<;L4#w)=vE^l=GYldYG+W1(dl1 z*{{Jqk{KH-iqoNsR#p6ILEX$eSoT_}7Y7tFlVu%*_wIvmLcrzuX<9OC0k8e@$LsC(eGvKN zzRkDY>&>knH$K1G{jmV&-TR~CeU-0YS zC1f_Ts+{DW|q*eGr1*Ft(-w0~AQelbB+G>U zp3gI3S=q)EWdl*SQ0|4Wt&{GFRZubxMi!SNMKQ}^81qwrroUa-JelT@cnzGI(5IIN zr>8H)&3Y5}C=~+toDlX#8v&%w!iDZaHe@q5cTD_)LSoITQTmxshGbfNndm&9B)`0J zoCJiAo(S#5o0l()9HC(3VI=sjKIYPst>{H}6j9t04FvH|DE|5s!p2mA{m4?6`EYsUxL-Bk=A4 zWdY1sY7&|TDBT=M?tO^)YU14!(;muLD!LB!5;w-F5V)b`5)K>U zotY*!I6bI*;&r^lryU>PnFD7TF#yRxHorKnjNrW8bO<_PoS|lR61#Vs|G3-eY;JZo zR`@~H7Hd}Inl%=&NH<_2Ph)O0K zOOBmaji-%WWV29Y?C}c3Ibn!s8+t*Vdzv&`RWz@nt<-1f4>trur76{ti+_0|VLC1(rrm2`nfsiAC>4FxtLgudrOfF>hX|-z> z?S{<-TjFDtTN>_9IYU5cFo@)l)qpQHQs_p+$8CMKK=A*T$X%iOYGkLrBq0_yt<$%y z)9PdcCUEAAwcW^XGu?>J=9|6}120-SxVZ@;&WjXLL8~&Rvf!VU+^{wiiUNE)CVrcb zPj|(Y2msn{#DcbZqYziWjWLwTaNQ6BhA|9hjXw@?vMzF{IDC)aIt@h}=F(fL!&u^^ zEycAo_F;Q84p|U~xUE}C^CYjN%}YjIo~vnLr`0MDnUxjv5AaFI(jOgoN|FTF+yRL= zrOOfry>U7sDT&-)nnVN?-2@?sol+Nj-)ZHuWb5c5CD;I0b*v(@9g*lIQ`t|H##7v$ zNWUGa)s$(dFNYXOY$3k4&g9-fzkm*1gdC75!-1f2;+2LZlINR%mT3UY! z)}Vw5Q~Ef$7@%Fjxed%PMj}|A*#%)%>_!hr8^dY-i{DX5EuN@ z1Q%;|@}+U%)zY~(pvp+37zS@3F9{e<0$1Fvkx1!QV39$jCqiV5mUVC~O0X+$#s+EV zn3Wau)0ja}QZDk+b##wKW)h>IVxnNhsv9!VA31merF2NwMb98PBi}3cIOE+U8ZJzd zoSD4S90XCs>4j(MXeq}8xXpt!-g?r30n{rUvO~+ji}0&_R<)`I#{M*oDJ}z~5=c;y zKv*X~Q}$TLc{eJw(Ie+-T{AAM5betp&iupB=r{;yR1gT=;HBAk6| zWdjMq=9WL!AyScT7b{Jkf~Mxe+xYe$SZ$WAdWl# z+fjeFwSpx7W@l%6f-W*58GD>%1oZ8D;F*V&lw(Q0XJ(O_4hHd0d}{X5e;=M4om)G{ zh~6bqj|&rPQUkS>XWZm+@%&n`ds|x4;_~UeoA?kp-(>-)A|E)DW$c%GaCw#~kwju@ zwAtC*Mn1umb3*!PDCVV<;k;$WN`8|5B%3@mTT}~qOflqixEY5Rn5FT;50%HZ{}8#O zz(XT93U0WxgYE)XbzbB^dk20~>j z#-C$C)9`}&(!q?Cr!NXR=!BX2p6ds7^WSN$w77T(QRUK5!Hi@8aqg3hWuwxXU?gHF z8a5@IEzoyG_;c(=um)Pq!?se)#<2>|Y6wE=&58ow*5CpE11XaQcQ|}l=feh>*#Zi- z0K%^?n=qOw&Z7AsuD4cnVt;ujr?i#Wy9FvG@+Fk40wr>ETGsE9Y5vOspWDq1nYvm} zgc7)E_w4=U@kNJyX0x@iv9YnSx3dHPZ)|Mj|KHu)ef5{ko!!07o$c+N-OayjZ0>Eo z+W8CGm{%vOo-t)^@|TU7+sb$DJ9#!c=q+Z#km#imSsKXN2Z|H){QMFkQ0kzQe3?r# zy!{qGMLB)wl0w?&7>R$oQt7L;$flMRH4o^*JT)dH-WaTs!V4(hCN zSZx9s7-E+VUptQ-PT)HQ_(lXx1GtkV_YQh~es<6k63GcryX|9-_!#{c!rqXyTCJ@P zs2Xw!LS>v|A!T774ou+13^ddo61;zYR+{HD6f$RKL0v6m+JFs%NEv(qH!TL=HoC@$ zpy%gKg9+%+JFla-bg;#0i4f&w(aE3TB1KxZT?dhG$_GDgtfM%@F2%w@8yf-Wjga~v z4JTMeVg-im>guY6N+MSBMR!2?n%qYl#+$byyO4Z!lm2cQ`8!*1v^x|t&lNXrZREW4 z+_)cM)`#%5azmcf;EC)>S-~OhG(4j7zjH8bHDLZn6nHz*um`(7Z zDLn?O;?eR-ZN5-|xqY9c3M45c-@6YKd5KGh9q9ENkmScqMXpgxX5FyXL?6yiS1FiI z%JF@CY@@`D2Dl`?yqI&OLhACxtl#mvBFuaX{uI&Y`8Q5pn6XDboP!?m}+AyM=FLL#;QLJy;w5}5AHyqpr(|H%#A$iqqH+=xieCk&0;2gD$8FS^0^XcRl@F^{L4o*;h`~-YKQZ=58~&SYndJXB1L$=?C5HXX|%6`LqT>s9BnGOs#Chbl=KR) z^_Ef{o3uX=C*_7Dpgee?Mhb0peh!D#Bzy9^FKnP@f zFNy`{1WHP{H%2H2Q9tHc6%%1}jgwIjf$buycua`%?6onUbLamn<-fk*Lpm%DXKABa z{@dK%*xSgQ~4%koX_X!~kUQ5tzLB2G-k_~Co?0oN`vQk}v@ZVp=!U$>AoB5N)l%A(APO9DS{d|j^)`t76N;RX8#@}xTBe*T zA~VpW#Z)Qrf>Zd{t?W6fs#2B&(V(&>|Ha}kE%G8oBIU&kRq_z^h?Siu#?am3hjsKq z*gH=!ZrLFd)#3Xmj?XQAK+n&=woGBfGD&8=Kh8Lp9^&Pru6BeOHAGfcYjo(+f8qyK z#}Nt|XH67SBQDZa@@l+ytBm}M%jdGr6N>okMhtDO$-P-z70q!?9hPRqv<%6auv77{ z4dn8OajI27t7V|HDk)os%f6ykhrd8;Ry5@@TqQ~Q7}!6&0Zi5aQ1=H^%sT`M0I8GH zZWLS$as>SrG#RupjwbbLA%C6aQB3+W>jF^oSZIMF{@Ew@5toV5IMB31hcbcdUqJ(O z9YkFm-61*zyKIKqczl!6o@&&ys+GyQjdF?^xtQW?nbEBuB&Zz&(=N05cEF4_145IT zDyoBCSTJcYJsQI_%;gJXpluLn+Pr;iUgV4F5x4CXk@MEFSH?-`tjSZ^8z&)Z)7u;L z|FjTlx1}jVTYB`Oy$$(cP_b0m(!5umCX)xwv?F-Rg`Q0jGO~_3rW#K>CxKd zQlukW%bzJ`9X?A|*tyE-d~3X9JxCI00G3GyrHhOBnzo`!HwJIype=3WCn#gIlC9Ld zEtdvfc`NYMXhfE74Bp7&n>NxrKlylYdECBy|Igzyb3U@AOB&%24#m1@i|gt9BKR*Z zl2OcFf4F?p{?RcOU}n?4@Z%oe<@>LZ<48@6xto0cWmRxywr%Z{#lX|vNh738cAyJPX<7LvM6r)vcH3># z`2n@t-M=E*b<%Rqe&>hv>>P91q+AZ9 zh<0R$nn-22Kih)u$q4spKwu7h3Ryo#KvLmfN3!SCLng2^O@KCAX>e?5yr^7j%}Zw) zWWeAMG#ygQK*gXY$>7A#Xep~Ii`dz=GrCFb(s<4(L>(i$Awn`NciNxADJ1+?8-mN| z(lc?hVfY(D$;Ro{;PMf(8$!!gOTmd7;S=e#cOjyeIJ)b+ebc`< zKKyWga`~_R(aFWZPp8NIle3e{lY`U#!O^>uv;N`v@xkTE`?IxdWt#!VS~YwDuXk{9 z@yq-3qkjL*$?5S#Re-w}#v71>+kSoVgs%5?aO9yU^xK#)Y{>YT!pfX41*$Ghihy<5 zGT@3qu>dM4OjE;?yb3e-XO4P_49{7Undj%0&TG7{^j4V)@&I^Ij(TxjeQka9@|o{b zeg9(^rOwbs_5IJ*=FU#u{_oYs-p2C&XAuwR4ex@{KB%>Bf)I0F;`N9Ri#NpkiYe^= z&^rDct7~G@jT%-@r&Y>4ii`Dj`W4RU&LLET!%QoN-I0z3g`N;g#*v5iw&BlUbTPiU z2|gpI?G)8}-5*-1y}HUnHV(rF^xN1CMUHDXjsfpZ>lZ9wLwUwq0C5{#W6vE^3@%ir z3!1RP3vehCy@8vsazYO%T9uv~(qa#CfXCQd>$Fa8P$H}a1Q2Z*A)*_=yMSea8A9AJ zKwe^7IQN9t@&*+G&&f~UFMw>6MQbl&U=#1IqJ4E?yxKsx!(Hlj$@m0(!luD;G-xYI|#otoM zLQfEY!1XY4{*Qy4zBBC>%5QKTUquE9Dn-2*JIJ~;v&A|xk6DgB)R_5}z>16&WG)D8 z-z)zpSfp72*l#cDdwq#1o1y10<#hw#v>9)uawIq&Gml0FNXa%3&R@cPBBgdRmuwr_VziSzh~I9qUz2N>cFx*k3V!_$D_#0`=24?1)^KR6b!j$;VuMLg_6M-dT` zcg=5KKL{yI&5Lw?LpDnha8DB>BF9Z$8dk_xViL7CbKNxN$GvSuUK`a_7#>=xDZ|5T zkI#x!YNC~wiE%mab(jUdT$S}}ON5$KL)LWK=C|(hF*j#khNpxG&qYYx`w{}-D(!@_ zMi9OqoZSu>)kdk1tT!TzbH&PDfwm%ipPH@milSNt7nLef)Vc6Nw!8ltt%ii$j$`E9 zZ92#i>JrCt;F=b=Yjp?mnz67|Tk4ItfRiubCdRS38WoP7)x?ebgD@VtXX6pt*;s3; zsnIiWj@dYgRB*e5#7O{BkJin@ahzPcUd3R-=d?=ZtbNfrG~y|C4tgiD6z%-%Qsjub z=ACTk_D3omfHVAh!?FcFzq;NvX6|MMOFzjlDQ}pH9V$zd3>N5F>qbm^*ay+T==~a6 zrFe9Q6Y$|qFmnF>8f|tq|FgZpg#r^G7hEMoB^#{e2F%(7%9$fggJ*WMD_YAJMH>6LOOTvwz_HSJ>sWr=Z7p?YvQTN zR_CKPWy?^tYMP40=QU3;@s9$UjNuOFr?Ef4mGs_Hx^%{r6>(*qY)2=o)O4am=#}o> zX17;_o1Yq8xN1Ulp^4@qxY4nl0*WXT9#yquE}$1sG#y|3o8_FeQAIAoR+FJ>H0d}N zfl%ZN9m2K&+N$nJu4>v1lAzVfuB1KZ9bw5Ba}o{oedZw$Ggn6Oe{4qa*Crju*k!}Z zhj^0l>&YsA{Be6jl99_~Xv*F=lu=4(2c1Om7~*QI`hmxJ5kf#Xa`HtT)OpmwaPl9Y z*J`-_3?R+YYBvef=vLU=ta>E!TqZs#;x!1#wHp>7qQV=KndS4s9%B6d21b75#-D^u z(ytJC_Xhmeo?+j%Q7T}|@eus+D%?E^qcM)q+M3iz<|&!73Q^aUb@s&OOi6Q>LlHOS zeuyEGnaE0Hq*s#HqmmmRx+)Ne40u&x1|wpU2`%ZN0jnTnyn%?R`>#c?5B+r_6Mk)_ zVz&rKrpcYz>T8H0GL;L5)jFronq?l8K=4@MY<^0i*# zy4B9uP`%J_|A`+cZ2SG!=&F@@z29m}im225IQB|TlM9FEEa@-;mrz$Zli)Y z!b#xu3IElgJh^3VgJSOQ;{>~Y69i<6JCBT-myR&2Da_mFMfmpV2R@Eiz#jVL6~+DN(6#w;5;5qBbRU$cfzMMcZFqGZJ#L&G z%{QV?76VTJxt4=rTFS46ILfrgd0pS%lt>k;ipn=`5Xx)78{}M=v>Uzr5BgFCN9BCY zHP%t&j2NkDoE->RU5v;9{&txZ`Jl+G4W@0{;#wD+T7XN*eUq`Z@$`G+J7zLDN&}GA`JuY zJ;+DuP|gH8M!-;qzZ1V`MiQ!V;m<^_=R9^kl)W@>c1%9pmYm9d6<#z%5f`juMn?SI zMWzJ!YwcU2vnfLeUhf_M%X-P2i&iEuEd(%oOg&aRHQve@=thnw{@qOZG#OOWQ8l76 zI{x!>OaI7>K&D6)etsmg>quBK)y@n(E~KSG;9^q9Riy%u75ljgcgq#gX)L~|8Iyq% zGi@go8mhd3KCqg!05bPEhyr#1f3DfV7;=9pEVB#;c$EGwfvRQrQkZFpOlnXeCuh=@ z(tYa?o6S~@F~Ay<`-o$$ze;gjDSUXLw#Q4gg)@>m>Q$ymQ!!xbvCh?Z<1*jcu(prVxa4*Lfkx?8(@b+tri zoE9p07=P2fb8J3|K{iEahJM*#rs+FPT~LPhWUE;yJ1PxNSw`>nkj*nO8=4Xv;$Zpf zU+r`KXXaqaG~LlLF>^y|EeDY?k!F3{DDS4&WK7Zo`w~!^M`^lo5SfJGc%|uJ2(lmr zV9me7;VmXMF~}1YDZ!8-6;PEWtf+R*3l7!CYA#%X>V@(KZl?w2Lf{l! z?U_kW8WFj&dXo{l^43eqL0Od|NvJMaMf9pWH#On=7J54|5iEmSB!r3>p-&D(JE22I zCPGah86tAppexm(MyfoV)jIv#-;e}`+MiJuGcPS|4Z7l>U+pBQ*pd0uA)TkWQMi^O zLO8lJX=|kA80pfT(kFmsdf^*iA8p|%rolxg8!jTHa59X@GN`G<#wPJA2L4$C&p|b+ zn;WPq*i7AQe$kV*2?98}n*I?@uPcwVL z@8E>ZFZ_&XCT2(sp>=6%Ck{)O_-FmoETeKciz4cmbx9Y`|9MDL?ponA>TU>y@bfz2L(J%-k!ZbKkgr#o*y3^{j1+Qe}8yy?@(3J^ol6lgGzW>M(h0r8D>D{pr#1d0{>> zM;*l7paF@3XwcPHyE#DT#~1HEoF7&UtQ}XyFJ^JI&aj~3AEMy5F@6(-7(4@tUHWi# z@;@JrA$rBx!Mo!N>td_hVO2|vVmI-I8Ar4%2GDHpz&aS5Q_>-F3#{MdxZDQuWk^5b zB)EAfVsi1%lV1Pw^rHXq`26I}zouUGl_+>g5Hm~Lhvz4~%PE>HZ7>Y(aD*xCCFEKU zTIS`vSX0#^C!;~3$?V(tw>f8#s>}t&xoStKKq^f9j67VU9yEY}KJsVqFGh}~q&dZp&>DaH#-fG4YO>GD< z6*Ht^Em@%@D^y&7i)4h1W&I7YL7WSkmI+FG)R+azRrz)pAOo?*us>A|&X4)gt<22& zr1*ZLj8Dyan+M~QVQ18Z+4sWIELCRnZRu+=ZhBcy$F><%LAF~Ot1D-C3+Uy|4?1cy z)Y>~66gjm3)LzdPX3X@8etvG{-zlqRd(f+llXk`*T%c?72`|IWo++v{0JI={{~TZA zpIq@WG9gZyv&5O((5FdJ=ACq9su@!)e2+7xf;3oXEfc%5dgdy)U`{N~aY$UtK>!Q> z+;$3;5^fIY!}+NlmYr$nz1KRq30WUtD!9ymlS`REv(WR>L&oGtoL>$u4}W&dNqH

LjKOUd=FHhbbzyDAmxD~vWbxfyZ zO##*+1WoyN<|m8K*P5Th)05+~%W3B)Kc-9N*q>K9_C4E^6@3`fTXw@WM(A=T)X``N zOEt|>O=DS9i?s^V4S(b68Uxe$sB8>?6IhOA>wG(^8xyld*^O1SIH?L};YmT~V1icg zxcwfqLZ-{(pX4UC*=UG0cECAxNR?2wbo&QqXYVgTuKzN#GLeF+sVQPjN@ts_y;N&0 z)mlrn)`V)U$rV(Yb7V0}syr(-v7)Mk7n@ZXQjJ#~;jB}N*o%Hi#Z}!n&%mrtr@&g! zyfsi{EpXnd6rbHC(o3X5yVXdfv96}N9rNXsT}^!_t=3DG!5Amj zku9Akms+yQmAG`CETJ(es`FBmEqyG}(#P`q(QwVz%W`rRmxX}LLBUl6aVBTf$#qUm zpw*$YR4px4OH0+#94w|XyKgRLQ(5A_D793MbD2UfW#@fnS8!BfR(lN9t2nG>zpQSm zX0T^DPo~vQEok-{>8BPrdy|`7)eiR3?&{C1ocaRMB+3nDl4 z8=^Ag!+dl+%McRF5E4}zW1d=_hM<>0CT0jVW(>v5x*ZFwrDkWT*;#6K7NFTN_TF6d zIwt8~j8-SdsZ6ZXv2!}J>I5pWsySTh^a0kAUs9J-GsM%M9n)RIA^(#zvtzAAOC2X4BSG zjM2=RnhD^}LzSc9FGi75-rW4uII@kIl{gC5@5wYr;rtD$XEaLlcf0zE>Y%0mWvPEz z>R;xdf6?S&F4~urW-mtflHoZf*1Xs_mRY6v3XCerbDaclDfcBcE|mj2Edx89w&jb@ zQUguPLS|`lElcIVE_Ez_ULA{E7}IH3Gy|XNS29|Y&f(BaSm(@0wmhqLq?uM^8f}P0 z)sW5AACzR~Pv0Bpik=_D@kg9c5ko=e=(i|O=AtxNTn{GJv82Jvv&xm+ym@3aa#M)% z=e{nQ&Gnrt&6l1G)SB@mv~0uNPXhxt8R!kq|1N9WEH{0_8FHYbr(b+6deAhzybfs} z1(uxh##j4kANp>b)wG&O@UQhK01QS(p#=f`t&01wq>Vp>?vLEKB6B?O^!!&bJAKyS z6$++#F!r`PJDxLH{^L;ae_4TIcon+r}59Uk$U*rChY|rLOxE`(F>y_KTNE} zbGq6WWzd5gv`P}RI&>))pkxi_-;_koTH*Cg5MpP|B1ER(+niV{WJ{JxVd%SQ{cf&) zH&q;W0ITAtJ0(S|V?M=;l4%lK=bal{Cv5c=KTx1flqBpRjE8RRxOJu+uUef@U6*pH zZdIul=9jXiR^3s{8e8Sm`g0a|XAL<*y&#qsdVK8u;0>{N%WHe%B;oWut%2x}j6)w? zV>EOlA9JeeQmLUpKXeNNEy#RZ6qu0ZGZ4*>c6RR)`E4=3s_ncS_n@cIM8h|CJGr%S4AS5NTOyHBhEEdj&4kikf0Jr(X^xI0cP%9$c%WrV7CKicxPg3&q$x_P);3C2S%Ttwu)Z zOX%Y!LaW4U4SgwNta9WmGP$@Zs}RVAFkUK#8zT4wGIWlJ*(CEC`eo_LM?>>6zphMx z=oGqxlCB(&V)k$pB=hY|uJxECMHQ7nA!FkANW#u??PxU`|ClAIB6DGfxyb-C{@JV- zCxj7?g!}07uvgydfKVF5M#F99#bu5E=f;2T%-+D*pR|DwN1_44c1^X^dwFGMw z%k7&0hkoH=8{Ucuq|9Ywm;nvy>ziBHTdD5pw|R~K=QF%0Z|{4Yzj>KqXi6u}b?dO5 zoLyWVoSyc3ryt&)oLy88m#5Tpl_OR)0@eXA&7T`w_K#Scp91TGcz4;G&lYafvVB6K zie*3Mc48jwxvkz=Q7>7FQ!GMxGaLCh!AUu*`1Vcz{P^tX`26JTtuiOEm;?HurvZ)CWR0%xrgyKE@*=oN5J z-@h#w(>8(|l7XEL3b$v>P|0*=>%a?c%bX@=1%vw9ZCkai({RG`S0d z8|*!JA^w?=Tbg!DzRfga(5;TLj+m-@bF}U&Kv(7@LR6P+DD*oSLc4|1=;Kyc5%KW_ z4zb4wXm8Em`>j$uYvH;#H$fCI(Eg~u_gjrdxfV7fF$u}w;UeY>=8!~`C2k;9MWr8S z=?xg}$|=L9O~&v_%H zbo~Sjj||!mKU0!lvT%MZA>f4{#?hR&Ix5`L70VSb?rLmhrdp!>1Z!IXPSLmgd1|-X zf{8TP#q#elOCBCgF0;n{>}QGJ;WF}@tx=7R=jDws4FmWr*as&f#$|N{^QJ? z{#7d?a)6<3WBuP+W^3?yXwuiAOUpa^f-;p9ysP_ zwFU?E#s(A2iV@BHD=ods&?t6`g~t8UKBZr&Z#4mX%gi1c_s@t~wul}!vY${xk@5`% zW;=6tUnvR{pzuc?rSFI@3mGpK!-C6$xf3Vk-`Hc8fIgWn>S8w8KZQ|H0%Y3qXi(jX zM*|ytUe6ABl6e-4P*HBmV4$Wx%loK7XwFpG0c1vFNNC2oL;X%iKo5W}TBc+vjPPV* znTMif!ZO(*15uZ*f;$}p)6lS{Y&LVP6~I?$q%y0eslunA@{)i4W%>M}pWDrit~YcO zMzv`l!=pHK8Kzw?98-pqgoGH3IHzo5V`F1uZ)XSo-`Lp5|G%}dx%ZdNo!!07o$c+N z-OayjY`%K6yYm;cG3UNopD|@_@|TU7+sb$DJ9#V;eRA!3Qq3qF5lmws_^7X~{k7}| zL5RevIVT}LABUK(Ss;ulKGw&KE)J6NZ4mkU$avdw<3PG8?<1(~j@ghT!SA30?%e)J zI|1q5ZMH_3xty!!v>rlr86Lg`u|X7YGJMBQ34wKWx_n7ijTdPX7Di^raym4ZWYX=| zDqe+FNRRb%(n#Q`6BgOQjHxAw=WE|6d^vQ94MJvd0P!Rcn z$LSwpLySCm#bKR@=f z=l|B`_U7jD{9nYgkn`Vms{bSw)O3gYG)Jgh!QU`zK*!hr#vYSb)MCUggc;z0=W(I2 zRjmo7nZjq;dm%k(>&6c8=V3|@pE}TiNTb$O!R5N?Hd|Sth7>&nT^WJQ1138iT06AtTfwZ8sR5m4% z0+Oq8b~|seG6L?T(9jxsLf3mcIP%QSq&Mg;MdSuN4CsEhJH+9rLx)|TcvR4_z9L`! z!8q`7*Y!M1X%G$i&}tX4VL;J+5Qd0E;RCuS2}D15AY*jH|Ay}X3RbV{`$()tMo_@a zi~EAIl(Hm<21gCYITwwla-hW^mklv`vS@lG0Amo1cvE)#>v7J6Mfol;HdnI_<@@9f8*75{`}wG+}T*3|BHAm=k!FH zxe^l(>&dLm|Nd}_T8qiagp7k44eJO9_(%D;F#Mo#Ds7(Y=fBzhpXK(ae*YKv|IJt1 zyRVk}e-Tekj?eSxlWpY*Z02X;tG^{O(P-n&zE8i@Q@Q^QyX=2c61AtK2etRVySusb ze`{xZZ@K>$@jO=fF+4t&O5(M_TCD)*OiL`z4LRq5=49r@gkKI$||3V`)XWZ02`SU}h{!4-D*w*t@0UkyIAhw_IKh7CCb0 zc$9Ci!lgRboLx4}G_L~9bS~xicYbmy25$tXMz(di-DEZq0NR{bKPFmSiv6V zgt@qxEwS+C9||xRYH&>;V)d`iz_EBi^K)T7VF%6W5bjMS#xh{4*|iEaf4Adn?6I)J|4$;!Fc?iq&#bl%D_WMftBh_OziHACSO6gln zd<%_U${t_(spS8`oUc7{qu>TpMyC}5>h%AcMf;!Kt)>0XLY~J*o2S})VThQj0}4K5 zQa!lboZtCVx&MdQ^+QZ)TLq(>jsVo`|IMx4!v5#Qm-~MK4=6P$1D$;sP=*}JsDm6s z_ILO@@r&|bhIyai&!g6gG+54Zg4Vz(rOE`;|9GuQfR%zq!7v5{Y^F0FS6%ueT~{hb zOqxlb^!CviiEu&8o>&N#P4P+5w&D;!UPt<$DBgaYM!;V(fnV^crvI@!o8^aiYUuy= z&eldw|GT%jx8(m8^2|p6D^!Phl58WJe0`;5B<&Q0`)85_zjL`Y>=FM!g2%~MQ3<9q9fwk)brUJ&FUjr;UrJtbTL^&YZMg!77fA#lRXNebDMhFT%|@CS;_re zUnwmkD`A!d9?je(+bW8rG$N>)>QGyrmFLo%SZYUr>l!n6Gm|_>V0dtc6L)|=uppFvQKe&H>ymA5Q{ZN-Wzlt`9pjrjCnOqY1upP#5_J6zEOa5;Wk8p`mJEt@aOpWv1TyOAmNnyT-^quYKWY_z)y7Rg0 z&q7|{)qk$xN<)Bb*(PQI_8QX|3FINo*JL1{PN>F!pne9wVS9q+eXX`G$in%Gwg#1# z{gYkpS9kEsU5Zw;OT8iX$01I#*S4A0!o#^!o=&H}l|uXoqp8BTd9>$^lYl)Ol8E8Y z+2HBshpFR*Ho##>C_4xPmttc&jhA1t?KlYtbTf1*%?@|rQ%$(-+P2_VCmx4kA#)FW z>ZM<@U6$8_<~q)&ZpbHK$i}s@VykTuGI8ls1#!kmp~w-K?Yv0vAfPOHF#Qe&A-Q%# zH3sr~8VJ5>j5N5m(V>E9Vyj7qF3Qw_*J7WfSXL!-Qy9dA222RG5_}PrHYzE2En|wkLqAqHf1{`dv0Zkp(Oz_D$8Fbo*`rL+pOLJ z=^PZ@{M%+I+B<8cO3n`6&zG0Ie((MHWv;clB#@R7u_WlLS#%P}I}-6NQ_Q-VMfLa$ z%-`M}U!I>FUfA&!0a)sGRJn^znH*?KP?*K8B2A%zVLn-5icf9I!aeIInYm-L^+%Mu zv$<2%pjmNJ>s@(K#vY+6773NJDw|sku)8xd+2=Qnk>l zq;3;WA%WX${j5PEpOsB^FPEFG5``JKLNj-ps9pcSoxqNG)PA==()V(+I zu&HI$XyIfcqW_6Cw)1@^(f>|s4p4Xhzq_6H|K8kK#{XW-^H_}kVpjq;Ruz6j7yonC zBu{4tU=v>dXl4P{3;gM4sq6y3eC;*9&aVJ5$>n}Im_Nu>|70CRi?~>x5~ZeQ0CnKM zW21lxy7o=XW-B$1x_Dg#U{$yC=zQI|l7qb5^j<|9|(@WEktXTA)q#T&Xxm6jn8;9Mw|i5eK1xo0zu;|90rkGVKS^QC0R-v%MW zi=tyVOU4-aGZL|5HQLx9VJpZDLvoM&hys@%jy1zuO5Jw1trY9SQLkxHMch^pbHiH^ zuH2ZE%GM3qIt?{tWInWXNi@H4*e_Ai#8vcK4V)wq3|S^H3NcOVEa#m* z8>bXY>h5&oxF?%6u65IwmDYU?JhPkgS3BS4IkbGf&NIdNKa%!J^V0uqZ*Fho^?%zt zOa0$Mo+%B~@&d736I>wnNP-FNcx2SgAO8~2oVb8VP}eMhpr}~}0&JKkgJK?OnH+@^ zu_YNQzjz)+b!%!?MX?Py@?#Q2D$K`}rkax>9YhQ#cdkB8)$i;{YPmXU-URg$H^!I2 z2$Qis>N77Z8yk{H9l`q$njGE=>(;u#Q7G`zY0E?0gilJ*=jEsCIt!@?%de{I7yAuW zEi;XLf?-Vt(LgUtf;_r(*rQkRJ}> z;DlZ<{;@Pgtb!59g0|GK3f{#y22Fsx6G|Q7>VVUdicK2pxomj(5I1i`Rj>l*Y^p-J zl84nbBnbuug5jHx(N^Sf2S--ZkwKye41%q&>Y%LxeAAWSQjS-lw(`c;yw|_&JW|z4 ztUJ{eu~h;{hjKc0dd^||RafS!$y3AANOxD_%aS%Fd{kuGA1=noQZFi!`&c=6Lk(QJ zHS>K5@&%xg{M#(wT3J=$*RCEzra6`jqmmC)TkT4pj6=a5Mn0*Seuf;yD*k`Fmpy4iA*v2#o@lv+?Lq3)ApEPrt z)ZRD$)an1X_VV}t8{1pEOZjgRPmb-$nd{ka^}nd~+c&`Yf8+VP3Px*{a~P!N*eGYE zTjvpzTMSvvfQENm0&Z$s!KQ(?Cc@OT=6g(2V^#vV4vBYrbarvBE&kG8PiOR(8}9-b zLqxJ-1jW%4V&wnQ6dTL3v({!LtzjDYmB|uYCH4qa4mcHyugWNVLbJu%83c39y(V)Vk&k&I{u>3ZjEMHwaT*i}|M1z_J-^ z_w$Fy%|Xw+D~11sva&8I{bHXw`me%F&7uRSv;W`S&D;NNZf)!>>Hi`gi~WCc?RuS< z#>XmASLe`;-RmF>Sb%Bgpm!qaI_>=IQsjuG(Y@P*=mgy!=OV?T5sa-^j{M=Tg& z_4{RW@Un&hejnw*zqASPY9>EWd=SS6$tV>i+&Fgm@3dt;7mfO5?MNed_KsNL+4LSs za2JGlfc<@R*DY{IymgV|9E_UesXjSo8<84_rIKJq4nVOw3Ul!)czVEz$++pFX*d?%l*c=$)hhRMs8#5n6|2dHm~;P$so-=^*fzC%wb$i{8nR zF-+s=fPSD@p6AJ!AN?=S`P+l&;UygSr$IFST>gC=#~~i!h`Hh0gp6aFDf(_q859>? zfO}NUE3BY5B)JZJv@>ccf`j9yC-X3)8eTT9VFB$gQr~dSk4k)nkt_uBMF2%H?+@Yqcr$E7v8sW zkR-UAQB(fy1cJK>J0m|glEka6C-U=<9d+%X%HM8^IrSPAfo-^I!PC9m@z3n|nKikHHy z=-&Bg)u>1VAA4@n@m)H+CT`->LfD412y^9OSXw3y$Acg$eg_nQo8c39J`S-=y`DFs z{qou*e(bw(AmvPPjDLEGKQkNwte3yalU^PCsz_d?8DLfR4ky>DoG3e{I0r|nK+vc9 zrTS~hMftZer?x@-I&r=iCYZBMc~WtYehfZdel>U{$KOO z5DjKw1M2R7xAXCTHebEkSo(i0ox&D(_FMs;uo$nnPH(k-#iZN`d80x?p z*%kRY&MO_SjNn>c^sx}Epy8aDV*B{|-`L}#a~owsJIK6%m4J&W1gD+$KRMB!<5Nlh z#aZ6Q(cMf^U=97>*nPE|r~f;zmh#_1o*bdU(Vd7CAW}i*&j2H!3;#S_AQv3nEtb%W zsAlhD_qQ=_33P4Vm8SQrWgM*jma9suABm;4(9u#eKTrZ3xy*Hn^7*$#0sq`j4gH@k;BW4!q5s>vo7;u> zFH8OZVxAoTXNl+g2r0G+VLJB2+#~#c0~hvRB5d!3fqKor6=q{=W_tA!EArq5l*gv| zh4!BU(+eHb*I7fWV2)-jxF!|D4FUmA9r{=6Aw(W5JHDsH^?!0hH}Y`em^hgqs?Z9J zatgQXyXH6WHkfdcUjz%UXM=nJs`YcQRVy}Nex1s=BUJ%06%@ca1ruP8rK8aR2c8ihf?YV0B`={G zku0{RNC%Rsl1n?QKGtBE={sBj9e<7qg{t|KAB{+7p``|Kwg2#uw43mMu29%c%?8%# z|6c9x!vw`Y5z~lzM49BKW{Q``e0{w;fw{POA zq{;rDIN*Eksk8rjmDm4mZS1^S`u{HEvG4zHBI0}T8g$yA?%z}x_o=8{MX2@)vSXok zO+&Uf4$}Tb!m@vrKgUC#3m?8fMEB`KxPKEt+ZPq4 zz54uTF2gtDkj{1qSabgG>~7}$zh1rCTjqaR$OC*mWf1x~3@AemWz<2=g`D~e%pCqs zFN8GmwbD7NB|E0rsFk~lo5`tc=+bhpGLHS)THdY9jbmzXBPm|rg@XD^-r^|^Ai;4M zcrMLakI9!d1<4%gXFd*Voyo`$yM8F5%qi-$uTBy@nfwWJL8>N3u#joEJ|Sqy$d~0T zmioH<{PD*dV(*rYM_pl3of(?dI0+(#UUV+y0CawGDTa8mPFI^?1DST#01-NLw|4jF zcw{1?n@H`-+yAB{YERmvz5YZfP_M0_wBv-_1wKwDMnpGk0alBPVU)l6?btxfX2vj^ z359*80Ce*?F${<5Mn4yY?sj~QJr>#nNAR`5+#r%spgV`0ap~maH`{jYL7sk2y>%7& zETt|n@vSs3C(Bw6L@0KbIzOwCl`>kM)``PQ`jr-NGaYNo99u2kv}KN}js08^D)`$X zi_a};>UUdyCs5}X3r!T_8J5H{ELjO=JpJNL+P7%XH{nys|1&;g@NbU1Pu51Q{oih0 z|F^ljv9aX;7xCn%5})fgi95pgB)P54>U^jI-Arc)%p04Avo7#X&Jc&A4jp!fgxos& z2v#f|19dAFX!|(C47Y`+p|g*iYkWfz+=h>E|@`ViKACTlZ>Md9qyy2 zHURktM-(}i{NJCk8?vE;9woIIC*f-cvNd$O^<&v}N`upED(Gzm-Z_&%{ z|BKMimzTZnqdfe#o?ouX);=NU1#i(ouU{i)Yh%Mf!Uga<@{NkMCx7ZldkO#zT8R=liAqvjiIXGaUmn#UYt&K-1_T{M0Fl4>FnA>m{blNiDmUaYE+& zG^PKuxB}GB|Bbz!0{!3JS=#?DPh6ObppvbGIyrH=B^AC{1pWQcXqC3T6@6DO6(oA&D6N z%#`_E=H*l_y4ldR!N?upPCO1nVTF|1YYswk?S`U2&-f02@^339K3~*9tA5}ysy2>YO#c+TZ+vnUF^NmPK-o2LWZt1A0Qz?5kvHiy2K+@#p8R0nuJGCNy9K3h&nx zX6`_G5onzGx>By?PIdLPXbQt4qmj#r8F}OR<)|b4eSXl&&Y3AG1u2-Wk5b z$x=G|1|AFl*WssPFo;Nk=hH@={I|QEkN>~3x3|3iU&yn9dM;x)i6~+OiCIVYLmZ*& zaS%dYtl0H#-2tYZ)(W~D1{CggAqWE<;xI&66t)K`G z;Iu)jae{Ax&)63S)L+*+h*Kp*BB;qxLNQKI7(}?!>KtA4FBnO1YXu#W(TGIo!W0s}uOx?TYdV`FHF6FK5T+7vBX@ zv+V!#(0j3(*AQH&kA}grXBr^!w~|D`c~@)bP`eK zhM~v+aF4H%cCO$gL8Q4upJd%%SEZq%Vgg7q=&rR|D=X+NX6PKp1f4`Tq}95*y7EXw zNr+qgltG*&L$2>5Src(U)POVy*l>K^2}qZhZ;PdB)E&pZ%P@!AYV|KLMxXRIffWa) z#5|vP6n?-zeO{=$hHglrcr)Y^Zwy8&pcC&y7vxZ=6oGPxE(r?62azO!zZIkm@(2p{ z7x*M}HF{{v7gzhmF;HOAQff5RD2VQ@te_83P=?G{ed-E17CsvweH@46f%naVf~=Aj z7cE{w_6IRC2_BI$@hMFVP5&en>i3=;s zjgazZK~jd`2a}5;e2+%%ze$4bgw~0!1M)Th6%8<24TD>Z?lwDHoo&?qJG$HI zY;-o(GPx~W#!*Qy3Mg`;RuJ)?xGcC1F}hB$d&{wq@FI)>!I2w{-4MAR$V`C#3c4g{ zhl59}2a%7qJDXdb%{4xL0o8cPM5I(~w7YgWbgsGPVkjK5Yv?wpc=t-Za)>FIrGfCNL${RIXPv}Z{s$SLi z|7<+E#tGjQ5x6?lmA~4o1zI*<=&CM-|5e&fkNC*fWzi^zg3)+{(tP}RyrLkS2D5U! zGO7Nr%J6bO1773EirE*yD^)FDneF88N=wQXCG~EY;2%s&TIwCF$F3 z{`STV!f}ExhY6-b68g?Q_}N_{xv@DX(4dD;=v)$c z#l)v3Vzca^{Fz@dU?;pN(yH7#=;%r$zwZR3DRvo*lp46Sa*C1G7}sHxW7(&`i@Afk zT2JWx9Zr(KmrS&h-2eb$?f~5n2{8NO#1E*+fyc3;m#bIr#+0FJ%(*<^JFnJwC#F01 z%udi@ZP(S{(xHo13D9ykT&pTS2fSjfkguI|UQ{}v)b!)()pH|0f9kT{Uo-Lg^y^e3Ch1%z1b7vl69#-*c9%8F%U`i%TzO_S!Hb`q zl`x)6*;L^Kp<+t$(t)lgLoS0CKQx--1tEj)LHJZC1{7h4aO-Qle%zRS9#sUligmA! z1x_mfF%rSw_6bd4Pl{XyFC${H9nKRv@O?qR%#g=70S-ad%40YqohZg)E@k*mA`x!d zoH`h{lJZxalbChgtFXxx^JrQ3I@q!muUU?FOLY6Pd6ZUQriDfY0pt8oB_G@jFQE&m zWIGPWl#!9rn$$v{4_;m!t$7kb6Z!g*W%X>H^z3-eV;-}?@h#wXb-MG?cAw&T^Dud#1lFc2Ba=hbt>72 zCv*kgsgn;A;FS*}UqMR`d_NGZsYXa#dft!($*jtT1==8qg($Em?q>U^aKa=q^8u=k<+4v$Fk zp#6rxkOg58Yk zOBpRUxRg6k*3MdKUxU{y;|28YBnsG}X4uO4g@74+ow|jWyp~dRaXjaRR~=5Gor?m? zS%q4Yo!1zzkHSFM2JQ*TkHVTl%Jg8AjC~YD7EXD}HJ0LaTE|>j_$$7)z{bXnf*YJ; zlII}XdqeDxL!4A9+6ub1+aD>?Rne-jpH! zGJZVzE^{;GXX4-ULA)#YzDvdLrB%@CRea}N@uU07h)jO926(}z$)5sVH2A#=uZ!UK zEM9udywD9sh4NRM8*hWT%%d3`Jr7XKqiICd`*;W}o`4|c(V}~sc%2o;D;Ey-DvMWP z9_z+yCZhs-klP}>C)6|6l~fmv%B@5=?K;P<|4R}u{66ws zHiy?N^vlHSCWzcH_}zXSmEo0E%9p?Tgq&s-terx6jSxiBx}qN)npjDn~=5{x(_C>X^Fxr2V)kYvQA zwiynIs_t;Qe9HO!jBU_`dJ9KAM>a(-i#D2_yl}?#a7gZ>BbT{V2P+ISjKMncN%WF& znFUKKOzt^5Gz?8dP?!K+F{h=#oR%r{MBY>d$TjSDPbvIR?~`lys~B%GYSSa zysV}b^>}5?EM_&P$lz6>PAKBV<)wlq0sRe0UBc8S#iWA4K?pZ63>zW=xDS++pNWFu z=&s?hA`ey^-318|Qu&>m1VY&#yOavUXJt4xt3Vvxfm7|9gcNw&JYH6eZW1y=ZaS1= z9dytI7WZ8Ty%XdUk0KJGPshA9d8ugAOG4@i;?Zt`Z*anoq3!@jIN_(WslIgMpnJF3 z*?iSq!O`8Fn}}xHcbjdGBv`nZz_G}XkC_{Uw1W+iN3f9yn<${B}BVmNscYPmgO@px(?A_oLrr3?@`;b$4 zhg;|b{aU^F^lP>kI@*1OrIw`^X|->mBj-5saZvJtNW)vCo2-_T9+uvn23tX?JBzgJ{rZL)>O@*uEJ@AUUk9 zHKjMQ^Bi?~BYhe~w^i39|HdA(nA1?+J?n^crZI0zby{LVgnNJa>N4)6O`AI~5P|&; ztUA@@XVT>YULTFH1JmFoWt%UASG5u_gV$RdUIiI?7QDn(K2&*98rV&Wm@?9nPYs+- zv|{2li`}Hsk#4V^=bgKMJ>x(n1jc&=Fw0Bv$s*K77vdrReZ92Y9-1&q! z;j6g8olg-jRe6p`rFVBMxCtt6Rm$|SsZ+%>8Uf>d`y*{r_7LK=bwsjtC`;h_c@@k+JP{KFf(?iYotY`O znZL1Cs0Gg8^yr|6+%X&Chy`A$ImnE+aF*7H5P64lPfXv7! zyn?VQ>xc~lia`1iuI)pNZt;UC*oK0gjNk|W#3pIJxnR_4Y-ncGf7KcsrtKI`fMvHf zS-fW1^tA?uR=gS*AI^GFl1aT;sQ~B^zsW$&4X-9<1PZT)R+@9ct5@f*Bik_z2~yjS z)OkmlsA#+<^i0g)6$Urhd+vtX8FRg1d+0`fh?BO)vW@R>#JVd!z6l~;i88ogX}gi%juT87 ziB&DSrUqyx3lL%FQg!K~21r@**e+UZ<*$AlyARbDFIE&vy70Wbo=$_^ames&iPK z@oq)oRcoY~;-!mLL!Zx(#$M+!$ejDRAK?pH!GGq6IE;x$|%#dY& zp$}&#|MTG(@`s-tygR0#;)D*!bNIPnh|NVO~1AySGDBE$` zKG8Y5jY$v~ybWdsGoJxcKq5m2b&Nj^GC)#EwUgH+TS^r0$b_ZWj76?qMWbLS5@Jw% zuX#FmZPy|pi!4le95Ohdz>bZ^(Up>FVer5(&=7c%2b(}}yN;2&<^dy;(Zru??M2l9 zCk_n)IYgu|Idnj%7KBIk?EFxqu#OrK1F9}pAW2v~bINC^bbtv+Qz7Rf3j>SmWKH<_ zv3w3CJ6W>psDfLwiz-!MpSv+_9oShNMK}v~{x38|`GSCmJzTjl^ZAssV7t0(tCNXc z7(f>Yk5p;(nRG5qq(@#Wz3`e#)HCcGHQCp5?#~M?aY>Ra0@Vc?oiLI~7I@@1eJBYH zr6948co&iiP4AK%ym$eBB8fZ#WjQLY_zoAeb)$DpQ-A)FrE}q|`ws-4s75oyLB6+|KOMX|{JuJJd?nk30A98J29GH z^Bq0oR559A%dj5j9s3!1bw0`GR>XIsvy4 zDFT?$^tc$i zv|IjmxF1!zOdF6};UaGbWi4x{Drm+PvPfQcT`zA%mq=#ZPUi=592jy$GNTcfm`Xw| z-~2#wCQ_fs?n&Iqk8CAfQxWFf{6Joa8TV;O@Ns@Vnn9aE(#Vp{{01t{O1c6r)rxu! z>-9qIJ3r-DN+eAMp;v+jI#@kqX1(F90}D#jtz{2gNf+PZ1W{)J8{2T~ zA|c>~q$qxSd=n$>O1cU$6Ca3KzilWtPVMAEsQ{m1KjK1?-zH+AG#+`DCYhgRiAyYw zpt%}N1<^>3sj~%$G#}zn0yZ~b4woId>$`VDuj8iv)k?AVMSR=@Uk# zJTmJW1`2#PxfX+O5sTMt$ZTf}FpH)_$u!%R6Zi%+MP?ISAdBDtn6uW!0QUDRb>|cp zLc%O|amQ{pb*fhRzn%8)Q2VE|05p#yU_4j%@4-ZhFiUlQ4MhQD;lSbm;qZ?6>U~ic zRjTMrq*{U1JMT91)oRfdHM%r$_pe6hBs3_}?vU3h)19^Hv!l~j2QQDd;jfc}v$LOG zpFZEd6HU7?>@}8@`!}Vy+H0NaT-2Q%!S3$VXY0{+8!NHv7Bke#^&RWq^>W**plz;yxn@drhx>q{cO!3clt|0-w#saKA*_;hotMA>{$(GZhPNP@VaFw=` z&5rc_oohL(>3pg!(of@He)jUs3Govauqfp;lwRkHshqA%vg8NW4poPAU9zPyms+}j zf_maq#SzuR(N}+UAS|aVrcz#uBxs}UMs%5qkuLMs3fj=?U2U{36S?j@LdEVx*2a5u zoLh&~4s+W)gh*7ExrLI0RWt0+)nRULMptoek*-xUj7ts!n-6?nWKrtTEEQnNskzfQ z$WoDG0U1ziieHjcT(ZcyRk)jMAC|7hAOf3RKo?yVL-1jJf?DW8Lwx-unnpG+4^&g_ zcRF6p@gSA)S`piDH(3u1T~T9TgOepf69#MqCAe*b9foLMD}HLHR|BD7KI7BIS;G4$ z!a|e@FZ3PD1%cEdP4vEDvfinQ!?=rG0744Vg~fV?V*a)t}GsLuoO=jIs-< zawDISvcv+UW|AFgrmJdcIO()(MoA*jpW4j5W!UNk8Gu|B+rMql|A0&~B|o8_foCL4 zKDCT2fKN>KHQa}7POXSJOPE))3St=_t;X!vtKdWgXWB7d=Y7}&9jCCMw$C!2OJIG_? zIp_&CNiiBy^z~#wCQBFeLaQtVD7>!M?I>X-vn~OU4qeo7?o4Jf=Ge5Xz^-pl`{Qi*&Vu1wz@u)D*rbg|2y}(l>+( zY@wcglN^!)f%OBTQmuA9fg7h&t329IxM^zHx+?Lzb#%2w?%pzLw~4L_ zDry~FZIQdTWWaWhn~cHD2B+6W4@e6Sk>3cF=u+dgd2z}@MkVv|3$2zUzNBOjcqt;a zep}=rgtFJg7g!vu-*t3FC90QUh+Ow> z3{HkFNDX;KYj0q`7uRG8_f%0DF3CwgO!_)g`U$lG0w2i5PCLfxI&?K>7W+U>jH9C4 zd~@yOVz^*w!u>Vnv|75PKWFtOrw`-|-nk|l-7Zq9&cq^J^E7S2^;?UsG}LfbHS4RI z3ThGx|I%79%pIDg>kbTbhORcl;fp+%iemvb>pmBWoQ3x~-=AoE?Luq)JgT+xhA)`N z(vl>hpXz%==js~Q8<%RtOjczA>3G*&T8(rm-E6`_9#xc2CE>t3oabUv0tv_`l1$iC zB+RZi&rsMIZmNzZT*ap~l)=S#{;mUMJeo0y3Ea zM-X8^PBA11;SmH$m=XgEhHE#r$s|Gq*>qOQ9k2AiSo_w(Mwio4Og` z{)5hc$)c;l6;1F&D^Y$EGFKgK^<*~U-8VwqSE>Dzpxzh9rg#@tghZ>XG=~{izw17Q zH`owu@I&oncEKX5C-Vj?t%$@&+Q}^a85f}WJ}H@PnXubN^LrsvqCf0Npe1vaP*XRW z2^TPVHQCPE$TZ&(AJVF>MdrhYH&~lGCwy%RsAkb-9ciXa=Bhi17Bb@+=)=lry4l!U z5~QpmbCoW)g3KzjuI!m4#XF?Q(p>>-lKJ)M>(-lr7BW+s%vgF-Ahvxp4Y_Mh|INsx zaeR`9RQRGU()%C?(8b*;My8yF)+oL98U-hh6-BCKYC-d?F3a18Jgq=BvGJJ3m|#q` zdZc|Ch7;;vg0E~lnK#(!ZNQ-)3Wz9m>$Da!bj48JXbZJzgda#`mB12_8X|&7tq@)^ z7I!9dm8MujX2jBKkzAtG>Om$boe%pW=bMzga*KhlEM%bL(L`iXK+=Rxr`$*BOhh4i z?wSi3Ctt6;A>XVa^GH+KflQI5MLJWlg323eu5G}P=tpDoZ|S64H6pG_Fx7F=Zyv+OmD$bAs;@3vWsHea{)bi(8?SNykO6DsB_Nk#CaEFfG zfj(D09Y2ugI+G-LJrO_T7Rwt(*cVZRxmDMbggen+!=>uR|DEF3Jk0}}@{RR@9Jm+P zU{p455xxMw4b{R?kDYKKWTo1|tGSkMv9i>lv9=SeevQ@8&keJ$t;CU=-8BT^7w{d? zwbfnixno#2a!^5gM0;J!Y-PiR)z{pzk_Rds|3D6$j0sQ#jK%=vWUnQVg!*yUOb6P< z&Z#xy|pAo1OjikRFWq2X*}5j@l(Dlk4*ERk@B!W6MP z-p(Tu2qx7QvbhMVxxomU)yjMJL$9~7u|YI)xt(utmsIj!uLt2|=G1)bJ;DggiMV3D z-o?emk}krYlR9MFBRZFn`WGRASWq5~iN00g(adAmnCFWH6iI|g&$A>Plm1^fV=WtR z$?FGFcsOqt{ ze%|86#YJ(H#FSK$iNUbAsl0leO^fvmPX)O!8Nx0+M%*xY9quy_Qz zXf9(V9(*ejLVHa$+9+5z5(?AZgGQ#7Ywx0%(BD&gha6*0C8vYEH^AMf`X8CHYqEe4 zS2qJwP)N(9Ra1{V1IDL5lw!e%-o9oB#vzTgO_0KOb8&4w*{MI*?KsOnZ$?eJ9&2P2 zs)5{t3!f44s}#|geCQdj{=S!U_`Vaa(;xSoH=gG?e{B$TMuaS7P#qw0f%kjq3%BZ& zry=W)N&igs+dAmAr_VnE5MRx2nb6A;U5eo*Eh`oV&;jWJ(PmSLB_t>6jR!zd49} zv2cNsc6I4l#M0wnOw8X#d(WTbSO;V0+8{)M>YnsA?n)tQA8*9=@jue}*h z=h-BaEb&F8_C5@w`g@pPa}F0&rYvzsw=`Y)xFpXG&W;}M6}J3y7d}f%xjN0Nh=@&s z2w(TjeQW}MU{U@WL zv=PqezhSCkQJO4s@&e`yi~^G2tiV}dy(f$q2c)Nh1YBNvz2hnRXJJJgM@O=hpp#bK zI2>p2wyqJ~JE%Kv5DKMvV<7P0c-cYd_4I>-lVb!Q(!PQkPf!gbR4tSo4G}>8oGs{> z{L`$nrO1*QRDyFoq{H`dB7S9lI#8?m<8YGD$e%Mge2@Pc@ZjSR>L0#W|AD{tuz#aP z+ZLD_T5%= zLRnb@zNU;he|c^ z*WGVbBkDh<89Q*WLroTuA|zoC7aDW+M=QoR#`0~e?W^l^GUH2qRggPuYZl#$MWBQB z^Wp%1p{67ZUBrhH`bPmNMh|kz5=lgcp}Zo}0(OsTGXl+H{CU)Z(CR_3GOlLlgLEz= zb1727$92Nfltn!}5D~NzbR*wqQWoNYJaUNW9A@*Cs?y2`3!nltY9ktS&xJ!zG-5Oh zH2O{8^?C;+VZK-_SQMcC%%u@`MC7zYV&=^9HsC9egaw&zv~HW|qyVO=#;RAWNzGZ7 zB=Xt-_v#hvNEF4n% zR;j`BvwH=REpEP3LM~I>CpNL9NStN0t=4Qdo9h!)FAx^g?Vn!b{vj*(PZ=AqegpMz z0~u1C-9tL;9wi&-7&?!R5D^FqT|{hG;!PaJd_rQvDJn19ME zA5Ncdynk9F;y0eW@;yDD9teBgQPPxpcIHfrvs3^`*yU7c7sGQ8WTFZ4sp2#4fSJ=) zFI5sJfO`)cj)eR&hn&EZ*MK^Jb5Bl(8e+&_N@K-b5>C^6&Dz_QRFDOYz`;!|Fo)IT zu|G5jlhdg35l#>NI56U*+Y>RRWUBdXan2h)L9_{8uBumC5m<$p|0}+Kwz!kBt!CQ#^w-k}-hWVKlF(wbs-o`9B zJ5nQlLLWR(PaoQnzt()KdN84qDdKRPU42^0a3KOU>N-CI3_SjGsIMP}013Yw_|*Js znuVcL$%4Ln9kb|AM3Eem5!tW|;%eX9`$w_laS$?Ha<`?VFQVurefNS-nPMF7Ik-KK;u-YZmQCs z^&p^Y-*^bVe8!Ez6UhuY9hWKI8WvgJhBgm5`*NUhxzx$ARj>oOTg2UUu(x`3`>JMJ zZIFNB{@gZKTERC3hlTtbkDTffJ$FNXm(Y05Q`T0YGg@komTEE^ch;dMJaLKI8J?2l z-Yu0viJCUqJVTXSB;;8lu4N9i|MqyR(kNCn##-_=xzf}`G9x_jG!9*E&=kq+I3PPp zzXE;Mzy#{g;dO4VvOV}l@u0FLqX4V+_2}zS^((_6ESuR@Eoag;XxUH8w`v=dzXN{P z@{I<(FMMO!Rj;($P+%Nt-b5x;av$<%>w@s$AWP>pE#`&oQCt4%Z9T2dmu3{oU!GJ) zrwJm6JsfA8hC+?PcN#B8H6T`Bc=}){-jssWn)lPOze$lA}UYPqNieV zXol=v%vrcF!KN2zl%r_@9#WR4QndqUrDKfjyB5TABo3Pxq%j>^D{iYrOk*>Z1D>%JNw4?$r?hSa}=zcU_;?UZAY z4Z?Uj*9wG4X6M}A<7^O-Kh`RZQaxWMGh{Pdo|{{}oZCtk1?LG{@F-A$&$M$j8{ri@Uoa`@jJcxn21KS@oMo|2;&!H8!~p!mW|y*#V^SAH2FIvB*VWW4 zI}qvv}aubFK4LL0%i$y{8sD0%TmGlFCg726I^ni(^LD)o*cA&!%n~_NADn}IQ}^e**nust_ivHG zG=j?qoEmt0EE4kXgO@LK44-p|>h1wwaVPo?FDRhWrppO{%tz4fv&tR!D0 zs@9&~>`|Trt_T%jKDJpNoR3{O$fQy&e7(Y$+ctmL;-Fy~EeCf!8yoDsHM6TL?>fm? z9Iz5|<85W0;qcvg{CIcotFK3c$NP`>27CK~Klplg-yeKE30Sa4gD1Peqx?WsyU+(& zw#4U(C+jhKJ_O*WZKhg7+Sl;r&GlI&u*7<9xkVB-%R-ujOP~ThM-0EYFzsKMU925l zOW>-8z3aE&!0I9A2Yxn7=pAkFC6kPY0bU6ipJC8o6kGLN z2RF569QQWaI_$;epI<=Tz2lo{Qmv_!(Zvof#sN%RZuHcCTJ~gtqQkt9{(86j*SpoP zA9erwQSs}7Flp9Pa}C<%viYlWm3ASnS7-6F9x?j>w}Devb-U}5Cs49w!y}_QQ&PK8 zPVKvd`HWv_$vr^L%_j)`%Ys!=e2s~NuFsp>$2h6b>zdAXaf-Aj)3Yss2zx}pt&|GA-trAuv|tCK8K84+W}8^ z07p(M_)_aIYHUIDRID0gQRtcZM*RUdM8+_dLE`^y^v#BhMj~Q`*Z@4W#1%`F3WjGP zl!j@K&}mUj3D*m1yLL-~eT^on0Xy~I9I0~*h90`lqJU&EUgQ@B$0*!|_=m!V z)4HmKUe^l$cO^h|cZP`MzcFjDF;41S8uFB`duHGl-?8)pw30cEf)FwQ zD8W`{({*7sJgcN`Is1PHoZ|Dpbd zc{6Vt-3-UWp%VmSD*I+@8&S6lE}f}RQke0cgmcWxMT(aA8^8J1!=nQJX=2#C;%5ni^*=yxfH4_9*jf2aCfOiiGxlyw`ii)I&xZY2M)9vr@9$gX zsG-ZRrHvK}*j2AB@F|aKs!#Z24CNbWf1cyigYChVw1T=_2!58Za7iqZjWww|4tG4_ z+NPmtRU)9Y%i!mnbp%16ViOwyqw$TG44##z7E#37$lwy*+d?aD&v^=M%YujXi_aWkU=r z{jd^So(1hJ6$za&avY^BnNpvT&BL?fExV=bHa{hYXU8N+l(Fofn&qe|<>=+rz)zS7{{zuk&9nh1ASYoq8yrV^hD)L*GfDn_PS`@E ztN_@;qgn0zwc`&CC!v^_$b!?OgXb@gyhX5)WYK^}14L7FCbfX3P?Z7fDlhe_09MfJ zJzM7fL3Q{pfi~Gdv@T^9~9J{8FG>jx!{8*0PeT+?L_v<8zZbV1Rl z*ND;;>Qh0)1bl&M7($Wb6RAu0jN3B#x5x~tvktx?7fJyKxVw)ZFD~#vOPzFlKq462 zayTll@tDW(OFez(uIZ~PsuD7%=P_f69Fv@ef$7@#$>_^Thr5PZpl_b0EP zpC6xmER>?bm1To`&S(gHF&AHbJ~S3DXFcDdjnQZ{dc3y> z{~e7+<^PU$_D6r&+1r1-v-jxH-u}*CMmvwc+THsL8Qoz&8-JNhY4VrRt=lSh?ho?Y zATJn(PjZP`JLakb7Avzvr^-G&R*YJr311RAql)<#(y&$R@CA+cbNBPhul`rR|JB(s zFz8OV<^n7B|IW_nQE~t8jz*7nzU=?|_?bzDz!(u6L@7UT9uY8qu_R%^^GpfFXa1Z8 znG&0iXOXavk07ZV+#s8)6IGk8=?zO3?mbB8Vm=iwNES5p=P%q#fBU0x?3Ha`D1heC zL@AT$%FhY`NN!w*h(#!7OK{NH(@C)Rr8yOa!=)J#%J>s0!y@Rg`WQF zj#}f;G!D#-hNbJE6o#bu!Cc4`oaI0F68`eL#jl0`=hz*;N)g@S6j;IkclW;9De?cE zo&B%A@c;Yx6~TNQI}9?J#d1KeSv{=J201X9jVBqHt$9G)z;dz*`{(?eM{$GHHbLbBA_C-(X;kDT6_!CxrA-OYWoUUh{s= zgO<147tx^zMWWhDW)r$O+9ta@JKJP;e}9|oY}GYs#@B_P{~I{~|Ju6pWgJXgt+?LjQfs$ozDMTDuAo(Kacmz=l^JT^!Us9e;>bFoc|WRP4(B_1{w6W zo%ZcxYcp3t2qtKr+UxdK$G_P9Hopve=yb#QtCgGq(Vb;X9@-!vxSpNz&_?<|u*9+E zP-n~+Q6N=kO}{Y8>ACi!E?j@*QJT&}^rUr^w|Esq=g{fLr{Xs)`yVbGtyemF58Q|q ztlIzkkIVL--Tg;j_W!;7V3H5bBv&t%AHIK2xOO)%BD6Qn!Vsi7aO-?%oNzHVV2y9O zA=M5cKX?tuWsbEOi4>ePsS(fFZ^2efAJ#u)9L@C{l``Pe{cWG{=bi3EP~vq zhm&o+}e7XEPb2F?z5L#P{M;0L`F+lxv;Xs)0mDP}3+ukz`|X5L1872D{#kL@S>ez)55-Ij{K@|QWU}u++I#H9(X4mLmVn}>_K<`8F>pq=rxvN* zfDgZUy5sFU@kWEu!`^~&9mN9`um$Den9Mkhl5E1o|DCA^Ix(7dU^4IW;=j>oE;*am zls2#O!V8`V8PY3nPJ`d(oL$v?^*(u6Vje`6t2CcJ>@={lsIwDRl~ud?-0tey z(z#37u!dEkHVTPY5GA6Q@0@*4vFXo!eE#8o_441{`2Cw-tNgdK`}oo0-Lm|*zx&1i z_g;P*0985&X*A2|j16>1HhF+fDo^!Fz`yY7WrI9-!S{7q-~6cPxjE4Oeem+d0KpJa zom|R;8vKwZj9k%#t5a8MB$Su}3LcM4*nAEP)9WP@>VugY;?T5RsuzpkjQLr@(`9Y| zE(HUj75gL$LyaX09x)qMs_f%kN1TPB4qfd-IN@`E(J-M|2fhz+(+EhWSWKHlKdy5Ax6Tfuf5*JMz2__EC<9FdP!`|qlSZV<#zJ^Bj&x^*dVWC zNbC(+VY5`g4V#i3oQ%5%C&w<-v}Zm&&cTw!6-yExun1%66j7e7?yNxf8*#~WtOvk# zOP1;yN!u58W;Qm66S=N4Sf_%}G=&5rkY(1v)>6`yh+eXk>U#m`{l*4)iPDA4Z{;-P z7KYNFygqw_6_dB8FVqLcOn9~Wh=^H2Q<2m@Q-}9ZNhm{q5flYLz{|&sAuLgIZLiUF zUXvb-_}kML2Au}q>Te7TRi0->!UrIGLZTB5420FN=n6CAv*?N^0uyT&c9z;!4vZv< zR314*`~=BTLM5y(m!q3Hacp#YoYW)C5kN>RT$bX!N=Q>}2_aE;Rv% zbE|>}IW%sr()=f*OC{*9*aziRuKj4}Y)r03-s7*lJe$Bza~6?+&zMX#lq_z?n%Rc7` z9$#zJiq1O?6>6uCu2nYFRrVptT~6~Y?yMe!*R>_8fDjsgH*ktr2Mas98%4*Hw)#s> z7^bI2bU@s&cd3>`Y+}pii8o#^_?M~Y5UVLnd!-JGX=ZMY;e^7AXY-LgoyNmqG4KYk zW|Y=Gm}NX*LnUlvDRVHm+{wvrw}GTw!r0hwZ4DYKrowrk7K1UNis&=vW^xAdQnmlN zgUF>MjgpKdz0OhxoRY=2&{Q|^1J7Z}2qlN;c5o^}MmE)iI1iq2z{J|Z@&nTgn>=(t zt_?Ufp~U&ZV6+%OHVcF*$?I1y{%uBhV}rbUHnwQ`*BamttHMzJNJOW4F5jNMcqqwc zf2bAZ{uUVkPyxV)%~%SDtcdiNx*r1oB!UcMJY*VJTGI?JQi;&{(U&6IHn~odECK*9 z4JUx?8>U(xW_n)L55)cjy=2naiUiOm28ad$xh}5ff&>E2NkCT6^c`68B>HY$(xaKFZrseLb?7z3oDJrL95>CZ?J`HSE3i&EaTQdS4iKI%f~K>$iUS8shvS zJ+E~$R-`0HFtz9~r-mb8Au~yN5QrV&*Ni>SBMu0OlGmLPEnt=7&ODx)8ZBHq0@@b8 znuv6c!YNs>WX1x_Tw$bxLZ#*UiW|H*!TLk8>8usU%&O=gxQl1YBd-`!2Li8Rm#BTA z7-7>U!ye}Z0PBSd4W-}O=Q!>fb=P7SNiqOPISt5epCZtDk#|D{Kd|NSM_3V<>GuZ) znU7sW-wSgZ{{W0YbHDQkw*2M-=Nqw)3~d!M%nJx~oj7NR@nuF~5>e#f`Rh}J2M>S= zzCOs(Ip9R8!@wXGi(-!M6)hvM6r{>>o7OEGp%qH)VzI&>zzV51X3}71N2a_)shHW zs=%DSPWKCM<3yyw7vY$^IXrRR6wm#-k<}uKU3G7?spUts>I_OEQ6@E>sDXF|$hvZ^ zEz7A`|Csz;ZGeGxF`0#8LcPcGU%x*!Wa zo2Mic;!AGN^@*>r8!yXYhPH#;qd;c@N5LM{MJ>+XpPpFK65Djd zhVff0XcXAv6#q0D)W$}YIjaLffPN5CDPK9Vb>)R)*ui61i?1(ubSa5C$bA5gy`D2j z)xaY(uWFd~EH$FEGyqW(MtJlq^HYW-qj@zJ!NUfV(KezD7+ht!j8ghe4din`Fe7l| zujRg<4o+Vkzxr;h@rTufs|k*z&Fup+lb$Jg$>SLL$PZsj?7W)es~vCWkvFp96RY$* z*V{HW0Alv-=?jC+N>dGERs|4S&4s{{y~19!L3z~*ah zkJ{=H-MP1?FWeRJE^kfuS@lvkQrMOo8{{Qjsxen$B8czW9~!|^wSqUHk`>!Z99 zs9i24*&0()E>T%n&Cw@f<5%BV)kfPc``@!L6geWEQ(?c-CgPU1 zv}t`>&W=uB9lSg;trZNP8})Y2jYhNQM#1Xoq_i|vS~x&nC`npO0T~n(E2C?eWogqw z$!*mkJnNL$gL`u@Wi-ta_LR;TV1nXHiC~)^JoOTmDuGW#-h#dxqj@apc;skH+|XGz%>mAzF5SH zky!9yq)-y~g~m5TxM@09dR8cAWb>zk7hCldl&UtzFHP|psEldLK|`%MYjbw>?OD$l z2p!X6{VIdj@MwX=ggK6XrW11&EfGpO$=5q{Af^CUtEvG}24xm4)LBpa6wR)lwRjqd z$k;BFOo!E4b7zkbl#uP6#P{ObFtWFzm#WM|>l2vEpb zl=4s=d|072QexU`BC@*r)H{&@{*i2^5bk}Hzzr!73MOQH!$njkZDXUsp$W{Oj!ddi zw~H{_CD3gIdOe3Vnct|XXFsV&+GzbLnoMwBofc0Sbw$RzYf&vl)0FzRRsbRKW0sza z={W%2!0TUyR*BqNr&0zj?*+eN5tDMLMxVpK&M<$g67wg_ImETFsGS?GI2baZ!e@~88B7|f zP}PU&+@CZ5QsVXDgnf@q)?AAA)n_8%zri5&%a^15XN)E+AqUS6pC8eQAF!R>M|=A< zqFI|(=Uz$a;VWH773(^VczRf{F7b$`oQC{2l#pW)6sjtI;H=_S0)H%BM&#TexeU_wh5b&hebcN+OxB2!qs_r67Ju|ed`nGzH)q4F_ zrq|v@)lyy2>+5NCuH2ext&+KFGS1vA1t21#_l*Q2qW%ouqBdiMeVZTHBu}wAhXJhC z3YRsudS=uLaO%||)2R25ZKZLRT}1V!0dvvv)ff+IYpxx$+?&Np=xExtHvn9c_wT(^ zG=O`mk&hn-@86efN_NhS{EP*$5g6$_nOdn7YVUY6W&N>+xv>nV-sJ7t*ia1Q)$2C| zVEi#hVcrX4m&}bPH7yo3-h>*zAjOQUD<`jfGyf+j>T?kWrWmA^*{bXp*Ncb{Cm)Ns zkOAnZnpTZ6ZIk5VVykucuy+w^qQ4c1drkVyQ?ldjd<|-@HrV7EG&2+pv>YF@1Wr!J z+JXgK!;(p`Y|irH{qZCev*GS&cQhRB4M)2}zEI~Ig9Brbia|PO1Jf#v`G7}*yn=zE zb-1A^j zurAb8KkPzU*%W|fg4M(toKDR( zjmHzw%1S{t(`Ykr(Ph5plH`#QwwIXaCuf;}_?nB18Z{NY=FR*3p?lDv2^RUO*&^!C zH_I4!8(c!Fjeq&I-7NN-H{c;f86Y5{GC@8wLK}EPbqzng%UMbZwIPsZe zgPfcWOW@6mvtoZ8@0ayXPIn2UVR-?Rk2&p&qfd%7lunPFL{a%wSp5p>X3WRP2p!<@nDp(XVZZ1076!3+_1AaOh?xWLl~4_ekR=)`5mQ59CMSy{tmuqH zV0N{lObf6@zt$SpAzws3i&HtwYa6gD4(6*NR5YMbFvv+5T5U3?s<6tz(%8Rb%Ut3y z9)n}jKl)Eb!w=vKA*%`x{5OBhrc>spW72;mG-xvWZ~_q2&VyG1k(1fxj`tWC#8zSS zTBU_p1cXY-XJC`PgCWDp2C)brj?Ipi`okhQJJ)fleGQClidq!zVljihOk@mRxW0(g z8qcRXVN>tsQ>|+sVC@5^_F*rFem;Y@hxtoKyE+lUb1st%&Xi|a0Io+m@u{V-+sGftk zK?q|oUl7S7pOGC;?QpU=VJY1*RkU<6rSeh^lPnrIu}s!n!Ul0L8E#k-U?rJZ!d$yc zO?@+&V{$zG9^c`}xUOvxp&{HGrOdDpmTcoSMPH^Ox$Jx0rVD#wY~o7%N4FQJGm9)t zc^tBVZ7H9@jl6j{CBWahWEbrsd!s@EjD47a^WKTA#h4imL&_IUUD|^i(mOBWbotz9 z?rpBwO%7RZUL7|zQr;Qkdh5Gn7>x+b$spdPGzEbp51Y_-RsG@&&(pGtR>Of0hU@B3 z=o^iNIxh+$A6)a2bS^L-kp(t8`H_f(1j~pnxbNh*PuBNN%|~Q_BT{rvMbcg>%5o6= zQ$_}P$GZ<+H$7zSdhKAt3UNLC$*IP^ZoE3ECSby~sx^pha`NM$ z73$2|w8EYC?9>a?=&uuzMS+%OjoTvSi<_-DOfU)gkR3e(IkRIwQD3iLx#YhU1X1<( zn0);mU%x7o8xZuA&pmuz30t$w@1k4EZ$YR=fO{Bsuwg0 zXcCZIV<6g=hrY?5C!ifQ*DGI?B0MaH`YPb6&gp)4mQ*Jzn=1Qs@t zW45%jRez`wBh^-0u6!ZUgL=YPZY`k;VN3ykm`EVYoQOI zT9?G7J0os`#xYG6BDv#gCG&l;i0``ArS#L#R%-r1bZegZz@uS2FK3nl%M=Sv5;5f% zq9MoR;ol#wSBpN8oLa`@A?Bbp@A4YW;O14-Si@W@I~~)r>56Z!~q~Ps%*3 zSJ3&YO0Z_%x(FzxdGrc(Jt@IsL4dqZXAHBv>e|4{t?i!RF+@XVMplQ$V8%x^33%z> zdYM(n5gc8MK)^%r(h_296|a+kB`i>S-ZBq5bvR^gT3izn?<&rc6;2wPa#kxR>v<(g3~hO1RY zk;J$w=}2MpVnSyliqcr&6|@R$vX(29Al53s}7CHqfw>62}?K#DVUXGzf$0h zaY)>&y!sY1JHDAGOwL6ZjLD-)nX?S+QcfAQ3(W{L(O7t2B5`NGT;NUaGg*FBPhz1+ zJ%xHgphTl>JgyENG5IdtCXo;7wd7_%X}uHdjS_Hsm+!!at@%x0LYkG|PY2a!Z?EoZ;OT{@IXfJ>GN<^nZq|R*tJpL{bS?m^`79Xueo(qd& z{Q6pvQM8y_gRv9|1Lx7W9V$o9ikrL+dWv2U$0r2~s0ougJ|Q~Lo5^ChVf7R=`hk0K zyuOiBdlwCKZWA8O%(LN!4OQfE+4T&bAD=jIK1!~AMnf9;ws+;n2-AEDU}@H|qfRH1 zXaKbt!pSRRMnrF$Lo!>6wLO*WlB%x&9KP++z# z7lT`1tNi4B@mcZc z#$;3n=LB<*f*Rl>j8G~%G1khH zu?Pq%n|NZ(66!N8zFJ))fB&6&T@t$=jcUYIxKMGFVfch>nkyU=%#KsXAfS0?p9FL% z9dnfadQAE|`$50b$is3glK;j$a%RJ#vq(v-d);n_BM`D~kf_iUTIdA3bXo^6w( zXI`bLGq~sMBQ#~38?^Cd1N^`&WDqMS$tLbL=b+V&QV?<#ix5U}tEWBzZ)uCI*tIbo z4Td}99KG8&Hgv<%1e9rc#QMAPf*0%*{j@hWdRQD=()1{%){P#6u&Eutb<8Yg9j>v^ z7di6{f}g;?&!gEn#I_BM#os>hmWxmyHXCH7&RGWv1~<^L&f71ok05+mbQy$N^Rmy; zUXtU1uy=7XCRt3LJ|&~Vo2f{~WPee37TPK>L!2PNKWB%~{ zd-4El_qe8&eEg`m+pl6moVV)Fj~~gLO1#br#C4?Mg^Vq7pDcKksdMsSnbK^rph`V^ zXaaG_9Y>ku} zGGq+7yN?@`TVHLpTk#WF4z)@ zHh8s`DDBZ+V1-U+e-)GS3aq;0Hk!wmPlKt(-D2bnOR4*g-W;Yx`>E~hSM_vHnzSC zD6*jO1xXnE8ze?>zx47UKXV5J#v|``JC*ERETo1^)a4bCED9j?s0Aa?OVrUEoGU>T zKmnt~%+-ah;R4b9)M&#S-4EkR4nY=|jM-~Y4R2xEr&0=^gAS&p^EzTI5t(s|vDKN) zrIx;qaJc}!ccEi1l#-)`2p-Ks=8T1Nxg`y%f~xbHg`paz?++RZdo{c6p%cqQW3EU0 zVb5->{QbEM>bD~L71+_~ITtkMX3@mst8owzYpOcyA@m)Z54Xv$nM{p47|xp7LjYP$ zQsLAJLv`Whd_o(~p;EVb7|J&<&dA@$1S5%4K*|KL1idf~+CWiN0jvu@&1k4Mwo_}q z4(c~~9zJ84LqVZa`_`$h$dQbdGcW$PeCQPOR;=9C3kq@)DVf!&(E(sY0Ea@;PRFh7 z5xi=09*|^_3HETR1-|sYWA*4^C_H~I#F_xMJDdFWJSo#>b@Zo`8D}^f23`!0U03bWEOWLWOD2Z}vI5%AFd*qc!LBcB%*!Y#2 zzX+6-SporU3F6P9JxnRH(}c=2$^0}+iWC~Ir~@p4-Az~yy`of*+{hZZ-drAl8u>IT zRJgi}OOi#tSg0zDk6@@&ZtS~Tne%TRVPDSWC6CXc!et?gJkk659QO5%)&zX%GL0V? zi*u~c7PemG1FA4EAYkXn1Dsmn$fZGG0ZG(1aIQPd8trJ#Nl1eLX4y1V<%6nE zw|ef4w@2s3{`d3w`GTeN+}V~k+-;jwU+Tu7P~Ce&`MDYuDD_K0WJ9rG?4GuU=ox!A zHvRjryvqM7u=%FL45GmvemRT2oJC*GqAzFBAM-5gEPJa3)9c3W4Zk%yTpiD?IRZqW zkBIY4?;l$=nmE2y-|Cy8^Yc>GaY%h|dmFou0|w$vUiss_y+`XFO^UASp`!ayB9&A~ z)f(=3Ow)NAy+a!F;nfbLaFfFaJ3|CiHi_9fokatm23K5)bAX%`Hx)9(!1-3^DNySbO>rU& zSYqqBxx9rgP?=07dTFdNhppcAo5&&If1Z3tV@C0BBW>dzCK|CS+~4DK2Hk zcxrZHci{qO_!fM8wY9d@h_>^q#$DR|O+;*~?dGCl@~PfmyurjU_Bup|l{jLOxsoWd zFf9aFH<~=fmjyNxsxGLsc->qi;P2$3xJiX^R8s*WkV0Yj%%N1QV5O72yXb+uBXWCw%BaU$Y`)0BnF)_x^)asE$> zZvIWnl)z0{j)U&rjYSrg9&%np%e>qQ-AI!^usiFaWhrwJiNqcWx%(oy<+ao;&7sEP znQz8(C+#~I=eVZUGjkS1wmYTcT!-<;xBiK9+vsiWCSSZ%iV<_?G?y?F94pXN1Sw$Kw5Oc0eJ=nQJiW(&5HEvgKI#ES5!tM>bH#awJ+r{JT-f}F0 zCUJg^ZaeB_t;iON>#E%LUzq=eN(=_knH2%il7y=MBtOJ>><4n$HG-cOxdB=LZ>G-`dbAV-7kBvLM&m~ix{k15rm^?ZY!16HS zn34FNh19>Cht4X%bJdYP}F%x$ubIAiqx9iK6u`W&f0 zE4r{E45ugS@t9ZyEBQ+$dgM-TGZfuz+-2L=_vI$z9@JrNh0!_EOwtyUq*({LI6!SK zQmmS@Cp)9vi&bGN0OfMG!bL2CJLBI<*81F61086%pKE~?gsi8bHY=ZKiE`0y>|Aqzen3MJ#EEa<}9KhtfE5k#xE zHXzVp7?k$CoEXt2fGZuAc;p~5iOF1`Du}YOpQO~kO!yT`a-e9e79n)NHT2-*Sji}u z22IOPS}Mt>>-Q}W*InH@jYgu>*|rxn;!}Wpw|P&%=P)8PN$3)H^h;C7=1d-t4|*7A%zwo2v@yBb z(GM?q6pV9h$9zZAfTq;!9zD`_IhNto2GF>E?S81!b`Rj0O-0<>&@GyvJuxLRoA`68 z7M%lHd8nRvOS%XFl+s;`>VpA%kp}>(`9o|ufUra;J;`c=;vC{NvU|E5&RMv?N~M7x z=h09IpnVVMP?_{nvHr&lo%q@2Bxl`$*!;f@w` zGNC>$(pbhvmDh~`=kN*G%1#n~#X~k@N7AQ=uG=sPjw8)yodVaPr#J!5o67LJ)ZfwI zZ;;oqkyW*0PcgHcetJ+gA=dcl6#bO`^5y6JE_X)NWiZ6G=7BYbdcR5$-KLGvXf%4f zw+H_njYg&aJ{~>V+x^SV-u~mAy+@Ds_ILg=+IjrdM8uONzr*R@;mZY4?{+PVC zdTGB#mM#>itJ1#wxLvA93oa{b*eD(};1b@zx zdvEg|d&(Ddw#KQ}x@BzXj$6l;5BQA9)f=Wl&8joj{8|Per#TBlwE2BrIuaHO$y1Sh zW;#+j`-B9vmS}$4wvr>dxJ&V@?Z`H!+dJffw~z)CIGEoi;p!8wsn=ZufugCoSq>;M zqe>Np`={n=%A~sW6fNdAs{eR5EmszJ}?3#T$tl%}wFcT`- z+tU}fkVtDP)sWbyA_U>@wf4il<3_|{L8A@~V~x@9ji-en`Bj^)aznCJ6DKsC-+8^a zlM_0%qW#^!4e3mFpVl>IAkSWQ6Q13z36oF#&Z}KvmblTpvPGOOpYvv`^C!4GdBGQa z4YTN{yg@;+K<8(E!K2F#i(xGZ;jZo4>>XRgA??DZ*I8Yw4Z1h4)*5bKfFs$bY+;4L z^kxH|CKMP_*J>Mf2v6B!#pdX;;ybQuMfLYWrs^d4RHJen@$}G~3!k8Vw8(ra>N}a( zZ&~}@Ry+&Egm$p*-3_N^S2WBpw8F%P-H%zd6qI(ajp}H(-^bxJ7cxBvIhA+3j#Rzc zyZMe!yY^e8J6@n2Z;S3^d8~0ObVpYUoo|2cq`fY;JomEZc{EFyyf-rn?VtrTHGQLj z{tWl@E5xo!i?_b1S2D-_+*&J6c0Vn}Z5nl@pKk*I5~>#_tyUKIB&{ zVp5(YV#2<~1S@am36paXb}+&;xD@P;(cE&>Hr=q*1qf^b+|1?F3|K1KRnB;jdb_xL+{~HdPk%mhneu3M7*f8tABG>^qcpHk%5|$Py3*XObhx{9%x-Hbr74?c z;TcOi-9X%Jj`_heyjeSDpsMye_)Q*ZRePZ>f*x0Ah zj}itE%FT|imFm~?PGbv^vQt(Q@8o;z#R3%DhRO4hvdfnMd{eWQaZ zVMGB-to!(XuS7+X#(g~$0zqQd$ZG%!?mYvg%NMv$h)p1Tp?%WNSj}m zSTns<)y7$$l1>UNX|+VQzx};f)j~moXEdade}6mBZSxFdqEi~p*0(+1sPT1{#oZj6 zl1U}*9IW!TuC#g=Mn%ceQy-$cRc`pFFj$9}i&L0=)W^MP-E9Y)MHauc+_59)upXi1TP^_a>1hXK0SitEB`qQS;}5VXQ{-0 z-V-Y?Hht#PHSVZCZFs&+MM7un?!z5rn$VQZ?(NF>_oFSOetahUOO}GPy$U+uW;aYJ zOBOtWL;1Ue`k(anFBKt6x_YOqaqX0fScGD>Jc|=XgF_LiCByGJmME3MLe+v*0M*Vk#4JZ!h>d^mCy^Ut)Nft85 zB67D21M@Q6u?tQi>&bmBG&Mly)7m*`Z26Dp8mlAL{00E6Mv6XFPdjTWH_=l1CM(T) zdd)hsV16AnlYTL2&CTfQG8cspyU$B)duwTv_UjvJm3ix!#OFpIliLhep^}>oT`e8! zET{6Xn_7AEFS?h$GX?ji%0lBQDuz!NhA?$36W2k6-eAwEpVzf28`Z zOb%bYesgr@rSH;Pw9%gbW9RYy{^(2okI(dbGiT%^&y$BdnfNq<)Q{katW$VH`serW ziT9&U4g*C!eMoqYb(VbmXtGD=xxSyjI)lV)WSWQtV>@WJzb|43ZI5ORWqNKDc6zwo>u$G;N!>Mw~9EC zr4rL-Geg`qrU%5)d3*X|Q*IHOFh%o#Bs7|_rrIF_oP7M)(|J`C+3HXAA&Ub0&rmAj zd*A6K;ng{Ld-{S*mL$odNR4MYXOa;O0tdMeZ306%XJLq>@u|sEB}xC42+(@oG>3{i zDzjo<7*T%qGlFLo#D284U7lflc#327>%5MHJI?{ zRjd4Y^otj1T0ZtoCMQYOn*Xg5mB%L~8dVGOMwEgeu833`R3<&0@RGqZ{l~{X5a7=R z(G&YXlQDi^M=hV(!aTfie3d%Pg<`>Da-5O{U6PbuGD69eU6TcmvXn_kqowBFt(F|0 z=tTTBYRj`{kRImzR$ys=?b99oxE(s_TLyncTE>fq&3X}Dq$ zbY1x&>C-s&^1QoQ^hkQKg@#SNan-0UH#Bxk9}HhkbL~uZ`@`kpC{Cf8_V>j zQzz6=45lKvrb$2^m@y$wMo&gAo9!8nSQ_1OguFcvO00R~u7A2lLdZ`Cr>~A*eK#g2 zdA2CRB?-6$QvT2X`9H90A-P^CB*T+a4H~(gvxpETbAe_2mzFM_#bHLYY7B?UO;WM{xU_NzL#Ele=2M$T+^2$F4 zNo4%=25SiJykG=dG@1JLKCAZfsn+hFM$2iLvp=F{^Qq?h&NZMd1 z?}vXUS9~!hlBHzIL#Eis(}fxqf6m6_??c!V!@u{A-o-Qu;OqgxS4>d~RIA79>2d?5 z=JBYGQ4I0|pa*(~@Ff^UjQJsQz)Hynk|tT?lgE$XpL}taO{e@F=@0VC)J`3sIx+lv z?+|>hkR&8hQGCS`sWvW^N_PZZ)Dli0HmjX{D3~`HCp=20r2khr_^a#}yMh1yQ8)O3 zBrFaUC+h#BPx|Nmn|BFA$Utt$DQl-%EEXd27D`~y=#@}yz42?@aIiY}eKlViE7!Qf zfJs|tvWQPP3+g*X>d&}0@2 zCd=YjXfL_?k7Amn12OF~_G%Eo%3yX1cK@aAJ(MA-_%~gI^(s<66Sd>1Z$m?8EE~wu zB?~J{w^%=N)tU0vq^iRzw##N*+yO& zG2HD?K2>{OtszM!%%_=TM2ZC?KiE!aa{^~!AeHV+LcZWB3zSlj&bcI;nsI5e;TQ9;e{n3tC4nlg;m>PdSsG)2x-)Hxo8v@4n?xK>Aldj|NYE`N#kMuUGm*1a(N9UMFlK4a(K1Vq+oO-DZ+GoG2HL1(Dtw> zUIn%hrVH|D=3Rb`qWUeVj71RGgbWi%$k0w}O$LWriWRFV%=y8|u`VRN@2Mnx92w|A zv6s$^=3VF%o3NDD48u)_B$-gZW(?r*&3cNTX6alc{5RZ`&h!;~)n2x3Jlejz;~_HM zZPigSZ^{FOY=uw3ys)`qylR*E7TJ_+amA8Dv53`K+5hG#+3|Lsc<;cZS`}&vyv^I% z(uAmAr#*$mj7j+hG&`f-q0vI=!X%eIX75rKLDRKgt(sdtHS8W%T_j|)mi)Y*iug3im|AkMTyNZ6 zoSdeW`*r7)yW()H8#a@3u)}bjnDm5y)?w0OeAy1G?~n+^fJ`NHD;eF~G@8gRVwpO(exrW9fd$Dcx^*{P+Ro2LLp5tJF z$3xLjhgVKkW#dz@sDoxW6^Wl`!%(ZS=CVq0FV;RSwwYStwpyh%;uPB-RGiG5jv4yv znw9ElkoihJrzGSuRg2GgoeHuL5l=i(+sqMUT4(3jODG})i^dh@nO>zVxiJy~QjeIx!`il|U?+cv6h zeQ7;Ual=0K*bmVXC$Q7%7 zN?_idXI_?s-%R8*Y{eGkxDtkX=KG8(i@1iZe>d4Q}w&?py10=KK>Pjw zXm@vSzj*(@JKEph`*Qz(AHNmn>n2;o>9YGVyQMGZjFdbsMyyn<4q%wSu1~}`jU8TkFploF|=2AA4tTbfJG_U!=2xH$6dMO0I~pKXIv+NR1!DZ=!jLefTERW zcv8s#sgKzKp)rR%OuFX-lIzLvz^48(?_&{|6jjg)XISuxB@lns9~^wXtmAx0MDug zjVptr-p*KR|EQONW`;epAiP`uf~V@=yF**ccb$^*Y37HlZ5aL*W&L(Q277Zd-wOYZDmn({j9$NN6tQpyDUm_UajuVI?GMc z)^{bTzc}ss_Q~zBArh8QQv^$ZcHAWAZ@(V~011%bL$d6&-R2L8MdC3427`HFhUX9_ z4!Ry81*;n!4PYu-ZaicgRBnM$3Ka9+>M>>{cHm)HOx}_+37I(zW~kA$GC-)#i)}O| zcf|Wo@^sSw)y869@pRDtCyysjs`1~ROz-5sTX{77_fv7jEWgI7abock@QbM-(5Czi z&}CKEae>v9$On<(=Z3FW?wfX$XcMArCI-hbyBzU^rYR94D?sTC z4bO1Q$xti77!#n}D)eGn_jOLL_RzfxIUBa}OA4+K;oT^`pd|YId1lXtuJ;M)IobF4 z47c}V#gec0^vMX$;6+%gAk$ORb#hhrG9<4fl*DyP|TDa^j^jI zpE(NQ)BjF0>`yGsLo== zs;{%`3X2>_TWOI~va;%(#XU4ZZk{5x2 zGIB;g{Pgx!IV%W!bWYS4O%2wnUR!Q?ECTA(XLy8^PVq$ZmgxP-iDWrXtd%Lau3xO_ z2KQbII^UgPt2hn?aJc7$q-%AavPgYC!D(uLpzOq4n(GVKEr2BF$`4LK8|?)gwybS$ zxBBgkDm00MPg0hNlO$iwN#+^O@SDju4~I>?HhVU7|NW(WSe;bb`^^#kx1|2Rl4m%M>8&$X67ZWU9?u(*?r7Q3|HkFN8!LJng zuw`cB_-DlZK8-X>PFq(e->^=BrzDiHauSnJuuQ>iU1*(I4r%=_^_Js#q9D_`?z!)h zt^W2L+)s7s3o4iX2P!4Vt5d<7^-m88gmqP-%wM9 zq8z>@IJ$g)@EGOzqPQ z4eOZdYhdUR6RTJhE=iQfBy;<8UVHniR`m5%^E00Y(}$x;+cmZCsjvbdI4dP($*ST6 z$iFsey`srE*!_O%Q4YktV@Nl&i-!N1(D)z2T}x+Et1y!sBe5WIWiMX^P?ZiGOz?`2 zbqm|();K*^@+>>#DxFcyHMlKPlC_~*O8H1-SF5#Q`wdZy~F` zR$TG9wk+yJXtmxzDGE=Ww)#)t*{a8!V&;@`>X!3$)UNCHAF>zIUfY7=@NOIxUAj!q{kiI{mEq12~L|--n zw*;$O$0_feyPI{g+3Zrd(hAjxaE3|E~Nb*L&ZN2;Jx0wLfQs$WMugf_#=^SBMzKijK7uJkE zx(aVads?b{sfJyCfHERTA{=>LJ@O#e?it`$QI-q@RY^_yHMPbH6)hao-)khZ1t3m; zZw08{Tnode$X{?qV_%!|E zY2hp;K}_cv&M4tZO0Y~ny2MFQqP3mEP}I~8Z$0d7H3Dpz25z}8Yud+O?Z#MhpSIB} z5tY-Jv0RXmD&|}EW{IjN1ar(uOaJ79AX$QABR2J^-Od!0<@&JMkfO137Fj0hc5q~S z)c2~f#RqKIV(BTYoKYx03Ip3E})GV{=kJQT--45vIp1JSPHby{v1&074eGQ95yQu*qr=8a760zsv4L6sI>b& zuH%uvHxET@BFV)Z*CxY2HUq-6FZGFk*84KXRblWF7e-T zXZqO1-utrNoR_h-TdXx`scjl`UkCyJtBQD7Vbr`YzZ5;_vt1nItX5c?AULh1*CPl{ zTW;}9G=#;8`Ik{8n`X4o+}X}`L}^Q->vIIDwo__+s|vPenfC`NF<`Om)Mft}l+(?_ z+(2jVvCRLer{Ea8@c$C)+~7>o)7;Qia|0E!UxEF_tn&>V5sgTQGoQPSqq~v_u!rvP zl!R#Z46W6Sy^$L2D#mAtgICs2cjY;y;eHZ)yk`%8;u*f@Jhx^~HPX>UheoOLqFHV8 zMupueYg#WI^JA27V>i*^4!)xq7yqVW`Gcx5@Q=@`SU(nuk2a*ufEOklMIUS*tjZUk z1*BHH?t9g1-Vzp(W9>LxLSVmbvA;N#Hv~Yg(Lqcxw|NxnWlQ&V)eU=(60S}tXN{lh zyIRero}yZ>etlGmHxZ{s!qh;N)*G;3G0Cc)#n#J~LEBX~oNjz}CZ%@kxG`^9`YkGL zJlBGyEM|+V<5Zq^&soAnhN*K{H5S=;{!x)qp0eco42Q1Dz(+w^E0paj&eypU*T!M% zrDzHB@Lk4MijKI{xd;N`o{nWun0g){U)Tur`LicSoW~)cxpqN_*Sb#8bh^~eEOk-R z9i@8rroqn8HgVn)Y!gYKojY9WdM?OH^%PAu7E5jc z>?U!d9a;Kdc=_AM(J8{pAYBTMt0l~P)sk29)56o;942mQjc$G#I>oEXW%jm$kFFAx+P{^ z5?o@e>u%*!eDEDSUDX?fGN0Hr@|;?KoeR!)PwUfl{~JikXoVAcM!4V`T?Frl|2COC zt=#|KpFZ5bi~n{j&&Q9I6BiczwOMaTKt`jH30D)Kd-?#n3-0*Wc)IrglHe#NoR9cL zxM>uK&iMb+>i(ZRemcF||F`ipn(sSfKNL|P^+nXqI1YBB2CV|z8q%TVK7U7BjbXgD z6WC#m5ynM8%JoJQn=9{)1KA+9#K<&%tsoOR=I`Or4838Alo>2%Pa{_>g)pIf(gue~ z@3{5VYuAx7&6r>zi)ZNF^CP2K!`Xs}iX-V73$u88^t>v+7~mIK8g2qSw7Jm;rju_b z(~X9Zu&C0Pd9xna)pk63)$-<#8)u|r8#M+Msl~JV(&X^J-P3jco5Y9L2>{h`{y&;N z-LI6LQ;;aZ7G-bSwr$(CZQr(S+ct08wr$(CZBD=UBIb8uKCAvJvmztcIs5EA?CWuV z81vJUJR)Z`S-xS~L+vi-%PxMFH=Px3GV=+c%u~iuVp#(KIgKqd9_F_c8a0ZIKv8q)W&B=ToP<5HB; ze$V7Df9m(o*?@$~51+Tk$j{EW(%QF28M6x72B<`?WLe>PTIykYx6)bMh=LB z|F+enij2;L@W17u^LTH*;R7u{FGMFpAm)fMT%0ne~{t#q)lIjMB@ z+#I`n_W2ya)UjjGTfS5~xWsBN{>g44iJw9bFWfSQ^@QQQb=fSsXx`b507Fateb^}4 zqpOZMktOs?6zm=6M;KdvHvThj#~|v0&iY_Q^S~s$48k zcPR`26tC5-_*6_)cwKXcJmhq3zZ^Xq^G8$jLLtBoVZ&U%jWR(b&VU}7qXNK7vy315Uzjcv zg^Qw{_s7&F?&B3)w_MvkzonV-XTML-vGZRU_e17tjgv>J0ZC?IiTFQ$BHGfXDEcbb zaEmI6=WDHuQ6^>CT)?X5c08-@<&f&^Iz$&zqMoCmR7jabi`E_GQop)^?TSlnhn8fj z=i<{1@kqQ4%|yNRm+_qoX;&JSSxj@Nj_IGMA*1RPM?>CRsUNOv>5A{2*qrU7pN`~` zBv;L{M&96Q#^!fl4k_4r>ELOsXwj(%ZF%C=^L5Xn_Gg+%m~^|CE0~xO&z0$R*BMuf zGDC`gKazqX*`lL&t}EfGf99{hF%u-Vm_n~L$w(IyxE^RY0)?20BwYk8#vSX7FurhB z<99zTaphV0F+FfDgr|FW6qc~2ImqasR4Ypj$dkMOIGGOrEb!?(?!3Zn7yjG~oE2pJ z+#HPk=jScitM}J^y4w1hgR$}08d3V1*u0(ddu&@gK;63L$*~+&zXGDFelC@*%;e3f zAnxYOMilqg;(Y$xix&mC5P?&!tzetB9wB7J_Kq~n3Oe%JaE^g zbYWt1l$yLYXn@dspj8L!iX|)$$QxaLN0_w8Mjh8k-la;JM3pf?>ORlU3TvUvbarm5 zLhN(rCDRZDj>mpxH=Z*~q)MmhD1nWhuCu;cOG_jS8fm)OW2qq~)6V$k1Figk|X=tp+8RiYFzjUl`HvR`I<5M`R^8(KD^Sg%e=L61CC=_f&`o$K&=p2L`b=G znY2}D?QDP*m#3~+cZ|rBM`Tdn>)p%Jl2t$@@R(L0n*zi9+(F9(ewFlv<~hf1TgXU? z7NvGKhk1Sh?_?bQ<1FTcesz#YKqDp%5ca6l2xy>UR;CLzdrbkCPFx4Dm@)N0DBtHJ z9SNx5n~EBTjS<4Ot?@RSA{tkwbGAXPI4QmXFsrL4K*RR(q=nO0dJh;c`to<^tFIWQ zPwsXQtw8P?hS2rvF>qw|Hf_I9X{;?ZRi23+@?!M>s5{M-bUjom;HmO#nV0;hzgyQ} zf)$@zqd=lv;_6mob-ut7p{CNWbTI&r7qsp)YA%WaT;*CbP1U7(l(^H=x4=KuH6-LR zKoWkRW@Phk+Omf=PjPNVE&5g_@N8htNZsD`M@`~3;HGTWH>LM?-87FejYsu@H zDkJMb$ByfqHk6m3FNPp`gckGLRPewT+I52V0wwDc?aA}B8*;d3wcyE-zJoTe`oBQFzHhNY#A!>^*Yj1xh2M$N zmCJXSEc~sCl@s-qePu*!oHgzU<^BCR<7|NnuZ-lsG{CEkRlCN?0;2nxTQ0gzK0lro z=uY!r@}?UxY$__FOY4R>6>Tm(s=$o>&=G!H&(!kU<$MK4c5YWov5M{t-VCA(JxaU$;>%j63O!9zl*oIG} za;f2Ye?65#!gMZ%2mDSeiSNctCnfmT1dbj?#u{+4u6<=5?f=4XO$oTi|6tfM`<<0y z5I`5Nt{R4H=%*~HLqqIS*)Q`7eEzZ37JnF8sp?5-(HgUu3$lYPySOkd`+2sFf55ZodMrXzVvy^p zF{x@$!e+&Tz`xi(E!SLXQ5Cn0!cyf2bc6nP;kZiO(7^HLzZ)Lkd}*1DGd=d|Lfx19M<-{cb61iFFLT@KbNr!qJYmVfO1R&*-x z?`j|4w5fj`xX+xX3s=By-67I8e~w0WvM1_!d5)11uaK5u={`K3Q6Mh{qdnX!^wj@^ zQra*r2P}b`=e9WX2I@EM)TSiFl?efR4RTl4UH}rrUWKMr0@P(Ovh`EIX-(%BfQN1v z4u1hSm%{!1pIx?AV(^FPDw%6*b&LP{Mvc>tVDTrYY>X)JVEPQx$h_-V(T>ndE393Y zDA6^l1v4@u)Py6lj}(PB2Ptbn zm@maj?m~YK9k2(H9W$-#b(@`R)wXJ1$oI~7?U&WNEY8|0mn-z}-u7gaOXByLWycA>9_=otHtTaaJ%tQOL^U`8bnHC5>;)ajC(kzAt(}B=>*z>y8iBy zXpE!A43O#BJ48q=a<2ft3T50Sdvv5U@oYtE?{v8mF z1^S_C3do^SR#dRYQ_%5hA6es~STGTy$OXS_cIKLVsiU~k${Oi}r;gR&b|ak^X>tvu zW3gv3kmu#kC1wu0)>HqPU>Bm=GN!IvxS^r>0cx*J0^)jn5nM=WkN0H;VI{Q+0ev~i zz}k*uIp^lMH7na z3L47nMhlMu$lxvFuzHVX49T@*RZQ3{+}!1S0yNk9cOdoX(^?vo<{EG8dcD!j75BCwdG9*UF7RE)5hEQa}A05yGi0rc~;sHwfnqxd`N?JOiP!4c~i~7aS95?*XWPe7pLJ6787{L8je$=8rtK~g~x?WdTo^Yw;}ZU^@#9bNzD+xO#scjzLuk8)iS@9N`c?t9^EVf@?o(Z~bs=i)!# zu1x)*f7|_eHxXC_Pw_8$^0^{0{Ek&5|?xj zLs{5ky3qw@|rrt{>^!Jxqgt?0zlgFNg8Qu8SLh zdp!|G#kt96N=b*xCI4#xdq%e>y9ELLNWTX-!VnNy8Q53Xi-FIXrGfUYc=0GfzZPgt zx1vVJH)$#A#^D=A8fJ_zw%fThWr=4p2B-&e3V!KIuAOj;ty9M>RDyV{T{`s|$TBD1L-NWtfc>8`tx4l%W+Lxo;F!UI+ZSQlF&k?>>ltpd{;Z&0S zP&4tQ9)LznlE9Nv`KW(;rP3!I>5zK1%uZ<-dNUR+jI396Yf7r{!Eny50o&R9O^TCp5|zNd zO0PLz4rrAe!zCnyc6phN5P7_Wd;=}v)Z8N;sY|M2OgakZl!?Qg4oPR^v8RvE zOv+u@CmoD{xKG(V{h|}d8OosM(EG_&5STROCyhaLF)ws0NGup5W668p0^91kJ1+R=j>*L zoB_}F`E;XHczk>~QED7-i^FEwBanp&__W>lba z9x3k$6SV`V*rwC3nv;t8>mdu@BMJQNM{ABPRKy|hdKncIAS}>^9((w=Q{_`9+YtA( zO<+MEQ5v2r&`0)i;S@N(dOuD$WI=OJIduKrCQR?lLZpCdI>El_vpOU91$I0jG2?xE z3aU2ANWFIQW12HxZLYN~aZCU9K5(>F;7CClDZsAzkJqt2WQl2#@M*wbr**Qy6^ecg zf8)3kI8^1FZ-*-b_hXE{6OyO+$9fFT0gaoy$vBd@ASbvJvkz*ar_lZSf0)#p;n9n0SgU!GEU4pEpjFRY?9uC`aY^n}{^01< zVZ$@iO{XF8DY@+*Bw|jWP6p3|j*2Ku3dX~WvxHXVuCE7+OXRyq2uY!+p<>+C0k{3J zfQ#2hC>_c)?8Y92fD);!Af#o-972?$YKukeB%JvS6et*6zK9YfI3|c0WlAZM$|@!K z3{Q+25Z*rxa2S%4(3GKNIWdg+4Q-WH^Z;!$gkr!-iCPIUxr+GOzpV_cA$e0Wj;1oz z`?U{HWFMPWLPe=-6_^uZJhg{|2O!myLrGdLiMHlWRM*fPKmSuel#pF#RkR%JP$(X? z8Nq)inB^GI{XVY90v^(;Pr*5Xr0;1~|9Vc9L>52^yIsqsY=4W$t)?TdVI1t}>5ZmU zm79KCmTqz(z6h%%djlG1==>OzfUwO3UuBmOusPbt4CYB>lG@O>i}ZfC1f}fGo5x1?qvLJv zjq8Q!j(a0@@vys)V5GbYV*gPt*ZCJaf9_NAxk$bTGA|uzM@{3x+u$Gbdxc)7H^xy) zdGJCb?epj=5w)Pe~mUlF>6mDnHqJEuK@O!twfK9O-B$irxu+G zaYXw+6L*K+DibIEOQpv@&!k712mqL6TN*Fb^IYZ4-k;gw)MO=9RVkT`%ZGjGahpSk zP{XcF0akO-poQjkd=|Km?9PNAQVCXi ziqx`KW@epa>F7R{#2xX-yMIE5r^%>6Q^8R2e z*yEAXl4{FvV@ImrFQmwF5s6R1WignH5pQvX86M#i=J7f&7$#gIi!cMF_hz^*wfuIn zWfc`@$&D*7%J89x4%rg4IZW>!EhR``cqjDwgk=H6nla1iyU_$=42d=LvTE4>_~Q^FEw;|R1)yoVW)=Ngz2;)#hJ zx_0Q{_iEQQRYaD|=ipBzws4Qk^OtpP^TLFgfeRU%a2J{NWRdvIvRUveH~^>yfL3x; zf-Tw5p}U(P>NjVHumb`KBUXzDIh&u#dkrIt>76(^l1cgyq{a(rPryez0%4Juy)nJW z(UrC$_gyS?_!$9`Ezj4C^qn47mIn0L*{^K^N~THOG;IJs;Hz%@>0H)zE%nr|l$(Ql z8lu@oQ+w;le37X=HAm{n5GNpC;Q5I*cnUZBFc;W8{xpMna@`P&ELUE7+EH>m79Jb@ zU0y@ykJ607assWe*{cFNA5RD+&!Pf+Yyh#R7Z``V>^EYK(4VsT&5e`LJ_)?ALRy=b z+LC|ZwSWImx=I@HP0GG6>{i0%dQ?v*i;7VDfD(5HuSGZUlG8{RkRy`>c zT+A!iiSvJH%#d{NLSJEv?Od#EqKgj$W0%2dY!`(vJ&S+Fbn3x1n5tP`vHXtiI@|$9 z3MvS*d;xV%)Z#$zMK=ISmgQZh#G?}J*$;xPkKNpNpj^WkzX!Gh*-&ArUjY7`nCUqV zo*@P|H3$)avts3{ePcKHOHr0i>)uw#Q0GNmgq=@OyZHnhDrH#?#9?<}1vG>LUZP?@ zq;A@~PFxgB4dzO~<65f&%MYRNvSfHJ!uOg>Hnym5+RR%+|CG)WR@>_U zO;rht1TTw2gM7(Z5ngt=FOSczL0mkpL|m_f3BYURF`Kc=W28)D(cEX&N9C9zOoKlhl_R=0k(kI^tQ}9f(m;}d zUt^I!fDT?nrbgA#Z`KkhKv*NE z=24rnJuGoOVnszuG?wlx>Oy~H|CBkdL@Q5`nMmKoyN%YOBnK&B8Fhgi0g{so3%c0< z9-FAiQ2kkhy*3XmgBs;9fFw*i?y_8&FqdPGd7ex|vxv_#Yyl8c+QN2Kj=~lP`VkNNV@@-!6#`Q zUFH^<;2FodOQ&wPUF5dwLCmhg|K4PgP6ksK2nn@H`?$E9^-?RdZ6&l zc6$%{aQXh^xnPN+u@?wyk6mdyln({#-X|a#X0E$~VIhR?k<+oBXSB}0^ixEw!fBkAwmiu=5fLZt>~$zmw&dt8qo04#MCDX~ zsUFMZkXQD(YNfg9&)rTH;@g{paXPouV^n56AxQ0uj77wu*2BNuZ|=u9GsKGny#zk* zWh>l@5tN@0xrvc}ViOXgpk0I&9v`OU-CAWIcZcN1e&1V3tRWjnaJwa$I1tA&xhfcM zbdNYrOB_|N_VM_Tyi(k)Px4fD5!meT5U3(Z30GQBqxdLo8x#JAssqzy|6!=nM8%@e z^npo&99&|LI2=XQp*-l|4$dFs7f?^bz+Q_}df~T&XfGii;8bj9vjM#;?j={{Xest1 zPc~Q04ZDrTtJlN5O7YDKQq4?|dgz%v5+M1k8Jm!fud5$FpO1S)K9rtopga53z)dS> zIut;)O0rD?#crjs=8>1q9OEK+4KwSi*sg;8ts7p+#frwf3J_yZYp9tXlS}th*FSD9 z3TroyOt*&o$|=O|AHG~uF?Cb3^667^Y=C5Sf{KHg%^|&iI?2YcY-!3Le0_M;0ya|t zy`V)(!W=$*Ut>%0DwaI*hfbZ@a6G8+S)F`^tw|)xL%|idcd2|o1DuRdPGtwtF{;-L zeGA#tO$2ys)|_?3Aotz97^i^$A7BohTJUoLr8zOgUWWWSp^x$)Pmsd5EVQ$y(AMOW#Q5|dO+VU-f2b6_S|Dd zjmc@xWBe8SCc4Y_ZN^I2i~y-O4WuyEz}NL%7Gqk6050xKXj;6qnl^C z8KX+hZY=>QQ18RadYpLM1zT#JSDh0~w_?5-k6d(hu7lmRg&=VC3S5%oWb$7R$Q#Lw z)@8*%cTO$*8sNonM~~d9RuvSH+SbwoZrX39&dlpwE(d$+gC)-RCKF`@m%Us2BBJbK zH@Y}jYWIq3VFzhC_YODZThss(hYaGhcGL(@TNQ@L<45d3NK9gI;zLz9a^iT+E&#J-gc8!;;n-aM-`A?8;mM2P z_;@caObPgZ65FQKtLlT?adfk0PO{ZmD<_ANT#lM*k;)%09EubmwcPGfM54m%$!Q%% z+J8DdK|QeUnli(q8G@bqq4!Ha;GR4~P<=Jd4NEN~a3T@WW_nkgW(t_tvQ=YHbQV-T z`2igkOdOSl%w*T`4kmkIHPUFT?zQ3`SLX@cq9IvTE8RAYN=+ z2N2ty$}~k7vDgu`a@Xd3yUV!^i)d=L*(gPWb5n-FditzH@ja{QNY($uCE`LXmJ==OPAj@ ze0K6f^p{2YC^&E_J@CQKQNbj)Zvi~?CZa!|CGi9qfGZaqa8RkO#*W8rbCFds1wrY1 zj}QI4^X0zQJeY@Z*y3&9=i|+~?zr=PE?Fpvz25)X99B|b5{I~l4kdk;lom>`V-y0T zfK4@O#FO?4PH^NE`sY+@fpRHlZWk*+JcnF0%U5%Tv>)Wrxr&#>+s@>~0P*|}IMH8m zwrJe%)<%8>G>pW>B|+`{OZBeDp%!^I9bkR);7fhh?H zbNqX11X}N0oRx!2V-!&Uaqco$U!+UJU<^2h;bd?vjf_F7R)O93(~Z{`o7d}+SUhoP zH%nWmo_fEbZ?xSUEJ~I^;pOMf3RAiVg0x`l%b#1^X`fIdw30sBw4M^_(CcT95A7Z# zi<#7=;9C_{mY&S$NiKdbNC{z=nP$9P?!+DY;E2Dg9%3vvOp(W81T^#$dQgQDi*m)n z&S01oCI>W;PieM^Z+79|w^r0qhWBsh{VVi$;VK?~<_bn!AAeYLaEQ^IkPnRF4?yOu z&Y-uH@>p}+3Ck{X(KI^@%yn>J0w9nf?6oAF_5J+b>-T$8FkMSAA^OiUNo?S0DymV{MJ0>HP`1xX7n9+ z$n*cUo#e}w0gXde9|w~T#^e|EQ247zFmkKwu|tA3B~daxexsqgA>iWimcw)1=H>9K z0Oj_iUJ;lJ3tG}(WChXHDVp%}k&4$nIGC1To5$-1a$IP5tx$Kk ztW=p_!a@)LeY7d=GC0R8A2*hTm}1~%PGP}f7^ zg?SZ0H=EiQzd&ddC?Ridhs+NGEBEPrXkdB=;I)tguMikI5~*Ab7ty`i`>s`t5{CE( zeaRho)LrsB&r|ZTD}yI3GbPBO{LId6DE$VJJOy{c-msH?ObQ?^re^s&(mS8!ekK9a z8YoD$+GS2XuCB@Ib$gETX)QjXH4IE1LXc!$7rLAABBz~GZ;}2~!A2d=vgrWJ3oY62 zCEQDW|D8(d&nI14d!G;>M*7?EeRTaBH4~VPBNDgO-+e4tLgCqR;d$=hYN7IGoL4h< zoX;)tBwcpC4kXF+yeH{THY#YNyVlU){3{y;j)#lG;t~z0Q(r;@u4z>~rmnkJRZ+W$ zINnueKB$agC`KbD$U<9t&nEs@cdGsdrE2@6ZiB;~d#W&pRAV`>ps5=8slbyQcCThV z-<#`|ME#MU|NFEz+L@S!#PmN&P<==t4Syj=2~--plUt!x@5u4~unHvcL$XTUd`!an zPJmQJ7M;Ev{~nlSg(AXOks}u!t(<)TY%H>ME~Vf!iE7eUlySmhX2l&rE5`U8a4;nM z$)Fw9I4cE!&$DQ%lCb>GAGI-@$AW1PR6UdsG3Q9^{Hq40%xnePgF~V5M!12jWF3jP zyke`(OVE|i^8H4C3Q+Ay=Uie%XC|HbFfLGr81ZM-u0(Q0*PF^+=qQcq zZS5KE`ER~ZG0KL_40m;U`iA-bQSE1BbY}E*H~LF{;H4L+1o|;Xr7JC~kZLOoKXi-< zkh*89_0>YgWTHE+i^eg>%z6DW-aJ z%=%$SGO*$k45eq8Zj#?KU@4c-SO6(rCy2bWpo8n2<_qDr`c02)s_I6Lz@PBJ=N zO9OMLrFvWfYvD4#xxsP3c^q3YV9z)`<8bdsfUhR>Vm)GSIu`<7#gtI!053_r!s_|JrUrhpbDXRo1Plf5ii^efx-3Sj8o@wDcXT+lZYMjuf5tWSigla!_&afkdC4P_x7xqA-^9m-}^-5gF-7 z*Xo)tn0k-ExJ`4#ZVdWgu5EQXmbLy{LAbWQY%dQd1O%I!djmFhxP*fMQwsS3Nu{K8 z@T`M2z__l#h?@)&r5uT44T4DJ?(n2|rGss$07s798lT$9Mj`E9lGKS!DOQ=<3Tb5pc4AmwNh2Ng&k4m}E4Nn{Xw;F2}A zU7g9O1BE%Jj1xc-Xc~vCJz;qLpQr&5fD};E@P<+l?D07@&L)9I1p1}#kaK!^G`@v( zLc8K!arL9X_F7f;669%p{Ldn4PH|u!a#V~()?9T5tvcwZEVGtBiRIsVhvU3jSrH!C zjdq801y`38<;7nna~Q?;IS2(l=}7)mYL>pH5O;sRs(}qv4d`J^0SpP{!2~18wJO>8rM2&TzO)Bw;L8PGDs&rA_KA8V)IyANa1;!yT~T=u_{43wfFUVkXO{gV4w;)}ps z_hZ6_@lFmI=prO$S92*jrR<}^q|_W$`CQCz;+})g1#>ABqv$-3N#KroA=W8(0X?ZW zzHl`<<8gm&5EQVM^~={w=u0ncb?RtJ$DYbf;L>EMw}pto@BfH}xb@5WmNhxO6UOzm zh_65go>iy)Qo)JlMU?-QGLO}jPwc^CPt{tYA=)g(jRf$GjNPP#Fia4=y}W@(cnW&< zdRk}h6-Y7aF}hUG5$*Ot;|Rxx!`W#PNBU-0%$=U5@f%}lDe3_h%)(Hw;*U}+PNWU) z5yYr6V?0*}7m#P><)!~o5mBRFx{?&(`S9>%JlkRBD>*w2FnYWkpT~KusCWb#NI-;M zipro`mz;k~4ic;>?r%m9Jt1Q+BHJx;{Mi;Wvo4N^B7u#{n-rg}Y_I5b{e|-L2k$`B z?&$8YHSB~(EE&nBe;}#Kep0{E||E+pM-uwng^_@6^{rvlnUK8z_eqZ=52GI85ejzMp3j~POw96tOt_m(N@J$ zizD061;lEd9%SnmhXcY47RKEkX|RcN z!U|>Wu3U{g#Z}gBmD;KZOBHFPpvW7>PC`ZW3ucDCcQ_d@5chRBQ*l;?c?n3C0Co{k z%K1g{wjwxFvr%5pDfuNX;L}L?|&b1 zWUg<%wnuNJ&mAr=*cSdKthf^(%WunoDKx_hAv1$!_fC~k*JTj_5oypBoX%f!_v5J| z&4;NscjI)qZIS@!paLaRS_Ng;)3YD_Hk^?!BCaFhSO`khN2yz2BcGT=U%{%$B| zh3G}BQS3WIo1Pk?0DdIfvi|GntZ>%ito5+TLA4|tKf_4*yuMA9Rlj;J7+*?Aoq9d|bhHh zSS*fYF6H%<^FUday?yszL)*;PPCKpw@v7zHdmo#$^li1gWt$^>aGPy66H1p_0sUlA z?toeC(mS{H)>_fOd@o(ZTd@Rc7b@=g!}x?>jIt#|Cc)DEjX#tKcSJvcMOe@bS@r@; zP8a^iOcjY#O>=m@ak6&_+^a|65l0%rW_Z5o?jm{lj2W(kEo6^+KussO48P*pesTS( zUwbjEYfA4OQR3gR9Z(QMOT_M9BtyZWDTOHwv`A@fZ1Izj0tBi33faSSCRC)X$AeW! zk&_VhpM^cBNB(88P&)ki1lSGpHAp*|{&Iil7WkwYL%Fyn#Ai;Wn@|*kq*^23NWg8A zjejjqpf+axp7M@bKwA>yFgyy$lOSW?R&}vqjquSHFMKsCH0L70Iyn3R zYDTT0A;At^<&gY5;msCh*@Y`A!p~RyJYxZ604)mVx{HnezI7q(w2ksepFxpB^87pK zl_4fIAQo+BrA!UZ^U{e4%mpZs?=Xe&X1USs)Ct;;+fhDJ<5kwR$C`7HV#i099hEIWVBP0#K?(!71F8N2J3C zax4F_D=KSjp386ozwqU`b@R_fgfC13ZMsE9rG)B_wV>$fDrkr$eKdufSy)o$496Qy z>S2l!N+i7jg8AW2d~B#0g{DQ{gr|siC@ggDg(V1ni1-x@%~(84X%|jflKvKMjn*Zj~2G%LV|)!U0}V z6U{9X648D2`&%_iBnC2^gaw$%ze6QYq9ykJ=7d9-l%IxT>yBsCYyh)U*Iic{8b<+H z;O&G%gOy^@+jGf^uf&>jDNtfT6IzvRr!zu!cI2l+GO|hMyL9wQ^tDgL$G(YC1SxsR zn~Hl0!|@q8KBkY&B?U|L@<}#Z5fL1Eu7V#EcDJdzexx>=Po(DwcjIZ!q~EUN`6ewm z1sj!+ZXk5bRbCo%LDjt!hWjWYE!X;odU#9GdM$>VBV2j4e-Ylc3=pPK+azrweD;OE z4~KWaw(z2_Z_3P;US`IYq|L#uiF}g5KMiCuwK(?hu$Wbs@LeyWsyP^UJTxm1$6r+7 zs!@ZNn^Xop^^uqQz-;6NoS`(gFP!oM5v!L3=-fvRo)#d*+ECe8mwh5mt)*PCD0a%{ zaJblxxssoy2``f&YJG+r*xt0_Im1(6JxRrn@tkJ1GmclA?$;0$8!ehyP4&d-EJGhI zg(C?&OXeA|V0w6}@x(h7ef*-?ceh@?yKICsVR+jq8YN-hX+{{>BMGyL=>x0>w4e;u z@${)~yfK7bCU%>G6|Y=Q@6va+q_xHwOKW$o|3It>rDL9kiM*)f5FF9YvCHy-G=XYv z?v%qe?e}jdJ{*)5LdV_d#ue+=TxDE4W6!F16=XcPm-Hl-H@CeA$J(`a@sMFguuvzN z_C-)GPgQOkUf|@tWaw(?y0lu;SDA{Z9@P=Z-liA=`2wk^}udQW#D?5~&awZ4z1}7FldfDog z%M#PsB5usMblz{9>v2yINW+XohbSWk_3#ks|3ggw&_H)Q6flC{YXqN|M5Ugb1Z3JL6aLEtEP}zD9#qU2MOa z@o422ST?5gxBr{fNxDA!i1C2flL@S3R65G-@Y+$(17?t$fI%>;*eI*8hL3Svk%`H_ zyI{4AS2suS@Z=ol1h0@}JDPqCTpCgJO3R`VSlG+K1~7sIuN})}%qDVUrr=Bsx!wI%H)&(%ndAl=ERwvoN)>i8_9j>C&-N-Opd!v$chL z#Pvt=y8RIdAbSnjQLJYQ157%HEc_Gf0jlIzZw-JV?lb+YlvyZv)63ZhMw`fX~BUuE5C~XQ%$%yW}V*`QEZ^ z<1AV2yztZxzU$Yt?3Y2b))+kuaU;M~Pa*RdTO4FwmFG0Z$m3DX`Ws)cGCh}JTwoyB zOx~lycwa>%_c$TyMkc=rf!y8h3Mf*wn9XlbCf`bO4IIJc-{0AVM1BnnDOceNIF!x5 zmmN<>EN{h8Up7NJ=NWC)nniuU1KnB9ENOiA#65{wJS3~OZD`|kR|TNoZ|I73nq+yh z>=l-Gn!`D=@=V-~kh;-b-R%5n+uZW<=+w+;WXo3Fl(pF{k6kC7E3D(m{84$cSb5ZM zdNkUDYDen5qU!JXaP$&#Q#4lK;|9E1l<5mqreyKD4Mf4XSaC?o(6LBy zHECl{b}D!Hno=898SF^v&&g4 znMxC}3_Q|j=crrWCQ{p}!>{^ak>bRV$X7fKQ~u9O7Wj>R^WFkP*%KS)z}#@fIga$d zKU1YWpW2o^YK;;3%b4oB%NOnZ*HuTEYcR+2=8ibTb^l<4?BC-GyjOL-L}F#PA%=ashm1=Y7&v@ivPE!1kgBS_8XQKZa zO@;4nTD{Hm2uYLm%npmb=d-B83_}IJf36Sz5b+LaMkX#>Ri|6UB8_>{apU;;l`|in zBkIBUYC!3_-Zc-#DA!5^O{l?7yIHydU$J^-|9D#moi58t985Y(duU%%On9g(w(<)l zig>SVKg9(l@ zaZys{aV)kgfE+>kzEbp|r43gJTQep0{R01nSvyz`i@U6|o75BpA)a{J#U{a5LdMqT z6bl!EE!lLEF^_N%6e*Vo0_rQLszkwP$|l~I_ZPfacEoKo^QwcBn*ctdl&d5|CxXoABeh8RAg2z`}`Ykez}|xwm(R_lz`2=8MMwYOZf8!kQC1IdtF9 zQp=bQ@vwQK@4o1$PdO|TV!2b>Hcy7W$s;@l$xt|B%*3x;6Q{GxTd*hH!{~sV7d{_V zc5kV_AsugBE7W-b#@J=}N;UQo{Y4H3an!qWu_HIgBeDM>bErfgU%~mmg9XqbRytx7 zf!yVB1shTKr*MBepGL!`3O3431wMxU@uvDzwqjiXZc_DnVLghVt-L^Qc(t!UiLRU_ zZJx(L(^fh7sv;iPTHkA7Cw<80nS>OgMzfv-R6(K!6=YQ)FM@ghEo@|Hw?n!+*%1G3 zj~Vd*3bNEmQl`N&=##wCKti*j0G!D1c*crR=_c@91FACU)7=(4p2tnq-@FdY% zmrBWYwdJU>$D?J#wdRpObeVPo+9a*^(c&I!+4WURzRoP}V$Etwo&+xqE4#M;-+YNIOW1O25OO$LHk3 z+InsYr%ESX@~=0m+q(nsIVR-KsDrFq{*FknjO+aW1Ij=(zt5kc1o--+dk|T1_N-PK ze3WEagv!zZ_>!u(OCi#aA7w}Ps&z#y%kYmM5lLi!v+?-jN7WUyi#~t;_)#@h_MnOm zs(;3u$UZ`o^k8Uw?S}=(=Bf&K7eagFLn>v1H$T33d2;mQ+jr0IJvh(jBor}P5P?Rc zB5ehdLrB6nj|dt%Vf~6CLlmITpV5e+UpY%8(9eb+1D=vFfD6U%C%**dp1|j!xf{Tn zTQ+g+Rl~a#cn^;%&_asVt-uT%paho-EOH(cp_}D9{p0fx01B53R(LiZ-_u~t?iKUd zur&7FmbT?V2uUh6Lx%#b@D&pHoFI(O$R%3QBo`KoWjCpB*vJ#u7~KN<@cb{9qYx+P zvPki&#wi&&YrEXPHY)Io5RESTF7W+wfsbFl{rT{@XN{r7O+e`h0~(DACGqg%$Kl71 zdPhH?Nkl#%gAw)>AG4j&WEVDU0J~Q0&EaPco|L1T$?aWPewcv9UHx3$=sG;=v8|7O zd~x#T;PuPO9HuPVbeqIzh|@HXtz`)j1hTrzQqNl3P}TS9RcXS7oI_bXcuQh}ISIf4 z_4DUp~#FDUawj$_X1cE!pSAKlE<-zwtaTXli19##hh2O#+iw0 z{N88M<>{*bz6S%CJ?p=!C5**Xs79&>nS#@Kxh8OFMiX&{hX27w|G|fqwp6G6am@dx zgL&4H%Dr+yG7c%qOQm(OWf1t6b}cOwE!VX=9($_Q-#_avKcS4Iu{?T*e;=aZ$#DJ6 z#8xYoC@^^kn5vM1b4lV=z?bR}nKhsMdT4>_yrGb}|DgR3P3e(}e6PoRkfvtXpFa=k z%#vOPfF(em&~G^tq%!7uEd@d}nqR4k26s$E1>c+*cj11sRvp~P3x~v}mT4^6L{DAA zCb}cAx0er#t0dl^d#!VDcFw^!P2|Zf7HEf^%0cm*S9sM2jBGi55XT2wKZxS`_Lo0Ye=54l*SbjjTac|GpjmZxjB%Fd+w5c-2D!=-~gS z)9KR+|Nm%m$N%5XQ$cpMw6-F*Bn~rlF&&)KB$}0;Km(&um<IH+8G(E#Z)as~=E zfWuoYE>8YWD4|J25`i9-N?pYVIN;m%G$>~o<;va!`!BqTo0`>R29-pl;|R8N7y~mQ zPNAz+JVT#!^Y;{_l5J)yDk=jgZK5SW8eCKHQ+a@W{5*8VP*thlJ119r=$=ZQW$EEd zhYDQ*N}|u7XXw+Ym?mAXZIbS^FMr-=6Z&tsmVVT~lm74TKdRFIhfk&t@96(+JpC+r z_ayCpqviZw)E#Q^ix52METU7@)!WBQBYpL;$NF zrD?l-OemeQ#5>y}s-HOy&q)%^DtY42H8-_Qf6dS%J(_=;P7 zu5tdSB+CdG{yI2;F8j}9TDAW?e)4$#?)<-vM^kZ}MAakuh-7c|@)~ZSLi;==%*kKS zp1R+URjVjf)KmIJtCGgB=kWd$qKPOJCHD-VZ7fDnSof~Vw1QRES)1$e3d^r37u~$c zsJ5#%WCOt1KeHXM=pMQUW5^RhV>8J>Z%4>wp(F*~m?gVsXt+Jt#uH>Df79|TSaYoR z%9=J$*N3aSXE9%2m(3Wpr-LcFlD1J8A>3O;VyCZ7had5GQsW(A9c=!wv2(j>4+spC z*bGaB=aY|@SM07<8@$C(A(vaKG$!94W#o*0un{Hj7kmL}@?ECFWwTI~)v`86DmO-@ zRS)ZhT=q+(v8;N}%L& zOP0FnqyMB(O^djO65NG!bQ2ijNB&+AqqwZsk7u>vQy!zzl^=% z?)hUqoACc>H1DnZ`&&2vKY6-e<^T7ePVV^sTX`y498bih-deh+x;IM+*^`>Br)^Qndi&Q>m29&AHE*K5LApsn=l-8gs`CHz(VhMG zR-V4zI9|#2*eSivj`leR-I!IlGN>=EsK>cra3$NFzjy4MB#s)st>Bgvq}SO0+tUB- zKYd!;|4$xI@Am&~JZtIyuA`-^E8c4TX#dBxRA_w|hEWY+Z%4IO8H%JV4&7|mm358m z-VN%|wxC6GmVG@1S98@36dl}YuX!1cobD3jWWqS3W>yZ}Yxus*~3PUEn_f7a0d zYn=bR9e_H{|A$YXJgoZvNS5I4{J({#jj#W*B6>3;Z`owJxpj|&hquiyE)|%AOB4}($vu$}+g-`{^+)&D$td>8-eb{^xW{oL9m9$%`;CbEe=PE$TEDSnxc z9 zhrrNBc^oST84L94m)ROa@?0*cTCp}Wd3nbWC0t#zEXx$Ht_5|irzPX!Af}kxT0`rl zO)0M1mz@FAm5+|Snz!rr$8`p{%yp7-UfVKpW2=fyc6LUYfU(3^^P;2*`pvAVaSzb- zRyHI_1?ZL>TLoREptS2$O4!bLCP?#(Jfq1%r`My&;&73$;`K{N2PK&UtES}9tu%wq zE^kg}iE8eQPFB9UM~PjGU2djOG@VQ;vm*O6lTWf$ebTnEa-D0}Z}o0- z{aQ&&no*WfarM0J`CR+di^MpsH)c|`gxIDc+a;k^%3!Ihguks4 z*^b@f&7C+S0Ll9>p`r+ROw0bRL0)d-Dg^quC!HKyV`{50Q>G>Npj)RiiXvj z?xS``Y5Cx6!RxJQFNp_B%q4kih3_C+aFb|fbVg$W5gM4-U8gz(nI+LEqFGVBN>xW_ zG_uM)8xs*aYMa_HYNK^zlr_Lp=|e_&CdCX7SmpO;wYZ|+Oul(I9*tFzz96YK#d_01SJKejZjZ#;W#rP1W0}1MFG|xdJJ70O#cwB6< zCWYFs>6ooT={aROPL=W$`BV)V>BRACJz;9?IR{GH!C&U`GX$I;7ES>d1#gPpRd(t8E{{O6o^wThx^B9nKgtGvEWDgE*$4_HZ*btYQ4 zefO+$oBB?x+Swbx+3P)?tOE5@b6kzww8k;I9b=jUs#3lOIJzL2pqz|!B>iXa?>$g> zy!*>c2UvLSGk4Y7iXq=|(a;1A=1Gr6+6Uh;a8IT6FIiVxFs_)T8)gd#EmM*bl09p> zR2fu17$x@grmT4;8xW*z0t8vv98pJ2@6e%*YlGj;soe}`=H-99UV_M$)D&YR`O&IM z#AADQ7HHf1+%Ya!4B-u6ccWh0IDB1}_V2B9S(?sURxYL&Bq5w1Wo%A5Sreyp%fXWo z9MS&Gy2V@D?JEKF;rN?*S}!;1zl*$02Do)cJ3CkzQ2ea0&6CzO6BVFjq2gz~B+ut% zIsKzvO0M6JNvv5z^Q$M#GT>?sq-Fm43J;qI3tJHm>UuAq&TB(+g3c=0q1|fVipmk2xK;Cx5Rrm2-NV@}!)t5&lc*k+Ign93i)ccBq&4}2z{=TApP@>XR zDn%g4Rffbx0fjctV@y}ZW?i_rRZafLyA^HQF+w;D3Fog_L~60qsv2VpB&(Lau_pHL zyu{sP)2*z#0?@UFSlw~@JE>U^y#-Z6U@E9pctC!G`21ZJ9e%?8pb&F7w3@BPnWz_U z8d4*q%@;|09X69&vP#9(3!2T)$Iq^t&6oC*`l~*h`2PvH8{l6lMJFVLWcSUUfF1Wg zrjsYt_^(eMO`qKP|J}w@Axuu1;Lb4MM=bI<`3?K}fmJYQcq49q?uh;{j(=5Cp`nSF z3nDZ@)T-5a&adX|gMMjrap?VhS@ixd`aP)B(EIy6=e{Mg8#I{_xh;fIx4t14B)f~p z`4@cp)Bj*e;uQr)lQsM3ivRKWaW((%^wH$;9sR$JX9pc&AxNfDkE`WHmrIhMc}`=< zsgmOG94`nD20Q58l5)iJ6tr!KFG(DuMa<^PbB892J(Q6c3wl8y4xaTMC(&RBC1jy8 z3_nou&`6}n_5aun5J>DSftnH|l#&d^G$FwtcyWAkELcVcJ4olH`uX`WifG0M!Gel0 z{Hwqp1oPjsG5l*@EEi+>kNL?jl5yG49Eaz53c2t2;H!XNrh~77IX)kJ6^NDmn`Lw{ z`0D=-cF@l_qb%p>@Wo3$2-1xGN70=kOgW!UPEF$BOY1MQiubvHu@Ec~ss1lgAJ5_`h3ucF=*X(i$9a*mdtqWC$oj5exGbNfe{> z%Y&s5DW8qUPN8wcLX9#sS&Ttc5H1Ss&IbQL@0P^r6D@HP#e}PDDI9UhZq2Vy7*qL| zm0MO)o^XjUM`B3^|3F7Y_uz?5vH%?lNcGH7h%-oE7Lh2|4M-xi$XK2la)dIL3!UD4 zHTZ{0xwzUxEJHu0{Ckp6BH%0oE~rjPy(Wxgi@ zy)CWmhshZm3{Fo^LzZwB6Uf7dGLkZcqX?C2HIh7J4&JBrg)Bcxg1XG-a%E*pBSjOe zR`WE%g2)~RgOg)I(EHQk<7tT`CLJK4hx`HmoXAq+UC6?1jLr_01t&1b!-NYQ#|Rt* z>cgY@^ZU0iU%fmyehJBffAJ31)!kZ9D-~p(Y2@BkfLy&@`CH zNiVQxg;VYDR(7QKPsmo|U+HQ^qbtsmakczzDGH)X%uUwLB3I~p2baO2P*o(Ew=1i- z@q_lh6B!}n6{g8JTt(yNPIiOA%MT*MW=ckqA(P@J%nJwAtjeu>K{2X2JXt41Y4(-0 zFku3a5(_$yRkBo-05>D}yhO}|T%u;!B(r%&GDEoEYvt{==4BqUd7pWKGQooFBAOtU zMGA}+K3C~8ahhf<%_yW7j(*L#kke%#B_9N7n$ZC8>eQF^5t1UFBFa(1P|Ol}dTM5z zL;>VufA6hmkz?0k9yS3?B1u9r&N)pMBb?H4MAD3?V|TR3X+*|5I{GjK`W{_O_xE?z zS@qnemxBRpz2`X>Y(;<9r>ol4=v#6o#S2Z-X|ib8l{66{;xm(AJVb21xD6pMdt%gG;AZoPZ9^R(`Nc~*?z-u!4qL`FkCR*t&sME~x# z|LpHqiHP`({9I44(^ER)CoNVg^bV2KpdX|foMtdoB* zLS<_M$x;?pp^?%t%#gqt{VkyL3@_>GpQ}73oSg{?Nnvt>BGa$GnUu9wILS%;&nzd4 zfaFEVm3&c_itq)E{yF&&g~5sxg(4=RaG?IKk8n`EmGk z?!>vxXI=W=o9VNjcKZMD$)j5Q$Nk6CyZG<7^6a1&`VNkkO3qm3+4I4m#E#=I!*UM; zd#H@mU@=}$F0!jx@s}1qRg@d8rS#Dg51I`S+ChhBC{H*MAlF`?zw28jT=yrhCpTHV0Ihswy>E zsqB=>#trPXUt_=Cev-2kp<7<+YGb&^uLPO0ymYDyo^y4HXG)=_tir>iBo|Yj zP62VO-HJ$(0J!5k7Z-$as7eb$tBPI{F(w}opVC$MOlGu{Was_2GM4HxXLtk+>qw>9 zizGWUeaKGnatrt~5)kfgE0M|iwP8A{jVBktxu|nA~ zSAvLhR#iM>ZVf^h6OFJ1cP^v>pI$H0QaBc@gyi zQpRPf`*%skjH-FHg>2F{7_lq{Y_v3D?sU1-Yl(d*S;ax&ncHS;@AO}wxFb?gv+yT# zTG2u=CKJeNV4>EIkz<-m7DYbP)xIA1$5XJ%g<*q{2K|^+S~if)>*9<@VI0-Hj>xt^ z`}=4{fD?>1zgFwoh>kn1#LVdLo}I{Lv22m@1i?C?rSRxPK7IyW=&_%C6H-*+^&74^ zZ(tmuM$?31Lvz=@7K=M2ZVmcJOWSO$Gt)w3f7=2MnSii4H2k#=Rwq&rsTsQ7Vqy#h z%p95{3vxF=DmbZ0Mbr1>LR9Z15p!j$j>Lz^z=y86-LL8JOVmtziZG(-(6V|Yzb4_# z{{Yr``rYy4V8n>|Y9tS+c!pi1dMh(9*jEDTvJYIs-LC#XVj|!3vUI-zkp2~u(Ogp< zAoxPRsV6rw*Tgv+@dBuj5`?RJzBxU{dT$|folExAG<+)bCcYH&Dz>=9x>jU6Y-R_> zg2d!>UcgA}!F-(06{~1A;{_=zelAJDnC2ZZ`SIoRf16?FV{d^7^gGvc$rRb)<0dAK zjA>dAh;z+qG&_=Zhe0_}5%^yTqPt9#*o}xT859a9;5f@j$*LL0fIYCGQTcyrC+;qx zCI4q7=A|UO0PuqVT0+jIVxDK3Rslx5&~);bc>z|Txcm?#u`rSQk{5;{*VONT)>A`8 z;YaKd7?RgLe-uwrQ858t&%HNB4Dl`ici#yxvA1E)()E&EgD~v@2hN{Zpf8a6?$K$|x-|^24iFCxjJQDR`mCj+0LG ztg)Qw-r& z9NKPiWtGb~<>i!Bv7B?oWCu$IT7Ctl+&vQgxkPt~2G1p=-zR5q4}0lCJ?QPO;5?x5 zr^LB|VQ~IoK3e5|>)g_bq z+)||YzdpZI^MVLX5zcuf3S65&{Bo{T&J1*i&OK*~^nw>$k9nfm%B7f-Opps&)Or(C zn-}KR6VMwAy%O|E0O9An(1q~M8Z4u969veU#V5+@ZbeEyCC$ZHPlF=1E*%* zD05jiM$Krth^$0VKS_POgK2#A{EVcmQhdx)Akuma-m^;?H9UAxP(+^7bh}l#T_9G? z+SuN4Si<|WBCoAS4@JIqW=t=nJ}sdNp^=i0NXJ@{zhw7p2uJ8T0&fUbpy!w}6cdbG z*8qz`R$@gNy>p~F2O9~FOC!-yCvI5HdlsB=tyh8z1Z;KC0Q%G#CcxRg0ONltVvEPOtHV3TOKNAFn%9is-|meI4Qcn$FJfel5vC}{?Y9t3 zsZwOGy593bvFe=q+L}!QAIJFE85?V2r-iB*&Oi*wl%~Rk(;?uOOp8Tj4wi9Lc@ECBrm3qH%>)&raXt3-YTr*vsSB5&e_KU4YBI-0OMDsMF{AcKR-3Jwft z0qRztUm!mkW5s5#uorIR^=uhWYxocwML2$e5W4zb|61iXzPME(*;54{6G~1*My!xc zOt7`?>moAK!lRcuqBV{PsVMX|k%JN-Lux!H{+oAEzaIrrV9lYg>)_eNl7jw}A`6Sy z&)0!tpOz)9W_G_^6Hv)geH6Q1n3pnDc}P?G#I)lg046jqr?e4f8I-FmJE?>|^JIbbjjnA zpFzQ9Xz)J7jDK1vuDFlMftQ8#CQ#MGz(Cn5{ftiCm@PNn0u}MC_1n2o`si2P8DqR# zN#7A=vu;aC^cnwHf+})I9vmGV-nZ|5lC1Kt#+_weisDoV<$#%eW|lk-58j!a;<`6i zE;UNNT0eBH+M%zh8(OFt(o{hA@TB7BJZBU3RHihiXg+55Zc0nM=5$Lht3+wN^^c!F zhhcpwGG;|TJ&?dyq~sG&;H=YqeNr=Y>z^fo0{Ixc%Crib&$YLK|eh`I`<}IbRc?O7t(D$H%v*Gcth>|8_ zxuBV5o%l~|e7;X*3vccm^sONsTiaWyaEz_>5m*4b#F5q!dBH3$0f-8`EZan*QZ z(^#^SqLL^#di%h3bHwcBhx0{;Qko1^Tr#Q4vkx>?rWT6antBaHMJhI7AFOk^wAUd( z2>=ZGzZIAGqhe$>SEwXrAJTj-`8i7>1bl2O`Foz_*c;`t?g6rduib+urr4?u1XMq; zjljF(_w2HvJFpjcc+ZSl;JY&FTM~(FC*(V?U)M!VUk$;QMChY29Q)zy>&{IG1^O*q zoD6UQy8U&Y&&dM~gJ}@>0yn1?W<9{+@Xg5~Jmx zksW*GNbWvz2+K#W-+wD(fD`ZE^M4ojk|cR^Pj9_PuW4Dn(Z6@^>Yg1F$%{$Ov_NgI zi%fsus?~Re7gA~J=a8Yrr5l3LT;bGAsqTto=d5D7zV0e5boE)_SskK}Sbg*6?yg-d zC>7NgJ&IFnbamDsq4_9&P|7relgcYIEH4vMW*rb4{0No-ic zuSNWcM?p9Va{EqX<}VjdP~pW{no~aO{$$>YEOQdW2qXsg0spXuh4zE_t;_3uU+H?fSUU*|$md}XeZ%-^7oGe5jEW?w+KLhyezWk7qoVtBAKR4JNHan7PXd8$_rFD9@E zu@X|cl1kJK#&Ph;8Y}n^750qd3oTGUjHqM}?h~*dWEn1c167|IBOlc?M9X*;qq3l8 z&I6V=_Yhfg*GGL6S3^5Bh)XfA%!fK92ZY|A9gQvM*m0JT9b-qd3pPuk9g-42 zod;l>V=k&|R!Qax#_<%3sep^o#9Q)2Hb|`%RG*@n99T(cPv^M_Mi7AQ4<=`}%^G{s z#KmtNped#f3Wv|e7V=B4Hx8K=))@&k#miSRW7Wj6Ry)`M$R;#rhu6)WchH`Emxzj7 z(pm1fU4TGMqP>o8`!Dv`u}E+TV6d1V)?i2zpf0v@GHw{_7pc%`TG-CO(CM;jXfF(3vX&A4x zO;_rMD|NG#meC5{>lktJ{kQJ!4IJu?5N<+4@+8asiMAf|pk}mCWYz$JyfAl%oqk5%OtBF_0VPqRe#}^b zBJhh z@7LeI3@p_Bz(L-Yl;)_Iaxz(s&2}(DTkS+-$F5SBZv`657z%)5dnpRMMbxm3=?zk4 zQ_Rns-UVXx3rkhvEhfF?5Cml=J7D;UWXn<%-yje`=UR(gF>Gho_y}3a1$7)I++P4F zF&oIekd3qE(D3m%C=&;VjJnOICwf52HC~IRLa#X^E+%%ZqHSn7hZT(**BBgvP??gEAzihG1X-#LE3XE;6{)H%3Fg%FiaJX{%slT`e@_fCDi7 zK+JVrFdBB&OOZuHmpR5Fj!n(qSoSl0@{0vy?P}XRx}*ZUtful$Kx=AQL2{z#Bk| z!VK=03<}F|!*E$MTJSMg%{wGO&N2?0=r{Gk77D0bE18^b3*&7+wz%0F%OLi4pM=q~ z`vK;G*A6slK8F>JNqG$KNDr1$&)$jK>>(5{1$ps{5%5EcdRHuog3#72+FfNaFSrWb zLxV$|M^Cq4%;n##v_sgk+dQ`h)*Q4_%tBN$SqUXZ^Reb)480&tpO3+?l}s50 z(cQtzK*R0iuT&IrKJyKXE<Hn?|hUxSi=)@YRJBJV|umZT|n@89zOn|MBc z9DGC0`D_SEvoX(^x-8kFnI4vO%7)~d!RODBE)_lfP})Ezp=%hdl_WCdVym`X#I|}Q z_65V_-(Zep$+a%&bmgCjs^ vs4-e0DY;kNF2kjAnspqND#tR3F=mDcgpoVVC6B zIn6OvF)d5zL=ydrA#^CObQ`)ul8jhN=aLaAW;Ia%|gtR~wr=d>=o$>Dh4!qn0!O-9?~nqRiSrHyY`gKYD8c zSvZ;)_o@5V6@^WIX#g6(**sS~_Jso52@Etb8^JBG2{pMc6*Izj+?5Bjb$u6%N4&CB z#~?NqJa#0m_pa z_DJt-Zwm_lPkYxeqLQaJ6wW$m+vIVdKSws`IP_$=@{ndaoM1k@re6TY$*dhJd{H{;N%LbLH|A|ZMtPx*nJ(^q}&MtCX z_mAxEZg(l4LUoZlN|^R<`NC*JfbjW6y7@?vGp3}Y@S$g{>~J3?t#Pb>PY?j!WBF~5 z$s7ZhYRIA(dRW_B$qh`gV&E06Kh&J0msa%t%KCliy}Y_w!-v=bX!#be2Gw-%b+Fo= zzYBoX>E`#Mno-UBn(-*fv!a}X#$_ktsUkgGk&a)R*qA|;9!Wl$>>p_h-sj!5_Dvh6 zop(&yy^{(pn!Ek6Aets=z1gj$sAj*C9eu9(ajeCd-i(&7(Yomk#0VH`Ui9%ZY}=Rw zyV7u@b}HjAPk1Xc=+X&zHDx$hHd5JwyZ^OEuT%JgFNvJe4oVb`p$&&gT1FL)#1sabh>RgqN63lLn5jWv*U8%7JV}RjmZ$Oe zR#T?oB?sx;sY^bQI!JdO*x)WTszpQF@X|lhXD>7c#%t($^o&L{i*-8J)(N>zK0s`J zfDJcCi&u^b4YKTG(i#4PeE#e(Zcgh4Q2eYvAb~E`ayq=YZig3Xg%)uY?Scs+if8~Q zqOw6MV=(>*Kw%8@MaCF`j*OTGj4e`;56P>?C*i!+G)dNg-R({Xp|eR}zGlBpJ~`#h zw|n32uaAyrv$tIK5B^+%|D(N85FC9`R-o1S-ySsi|Nh?X{r`e9FcU8pzmAE$LC@EV6xvTK5rV z$ZBEu>j)3TIWR%0Nm!itUd@C8~L*{k-tpRFs{aH0*W2X-9AKM-Cqm#j1iFW>0>6^7iHNi>K}b!C(R3S7J5{UJ~?cFlvz2d-Tw^Bq|A#3ACF! zJ2`&*1=_<9N#WSk))#>sYjtuNj-Jb#Mw&z1F0p*`8rZt^@MTQmSg+AXA3p}mx>+kc zZ~2gfO*rlt^eEWfLHSSQ7r_hCyVqNZR$~!$#`J79kA*OXr;J^Q*$|m-IE(RW%vC2= zU4b7Lpce3{W%zYMydsh-25lKO*ECKxve*I)Y-F-F0m**XbbqY>Di1tcpAh+tax(QfT`$0hvhv_KmFPOeue+q2=Y>td9BgK^ z)%5w9TlH3YE*U%Qt}{_!kk(BQF|~SV%@P{tm|$OcAU#=OrxTty1Atb2+0(LqZyj3H zxqjMcET%!ONi#yd4W}#T=d55-o>XGQ!gH7I!atd+AH_;ssZ&OCHT|vr$>G{{&_S&M zr}-0>)5|lxbu&36M?nFF*$F$o>1EG1M)IbxYe|SU=3&r)kF?UU^?VJt@Amh|a!1Jp zsf@xlTj{4dyeSufS&T^7>(w#{Y3V$gNsje&ta)5-G_msVzNq}xM|l`g7Gr3qm}XhU zqdeWN-29E;bkSw+_I6 z^k@71@7Z>Y%zq&TShfF;4(~Vj|AW25+x>qN&+5DQrkk&G{KA9K)xExI^50kY>p(Y! zA4~e{oHe|#hU9KTn`DLx*FX9E`R*Uii*@_`zfR;Id{)K(d9c^?|9`N*f9wBsBhSa{ zi~r-J%3=&4q!RTYKOrG8Po-zw6aS)`7sv7^$qXZ`<~bXZyD#Qao$4& zpWKxXb#paH%|vi~OeC9~v+A*!m9%1{_jj_N>>nk2@m{YB6G&DSrUSo=vvl`OEnHip z4Evy10W)jM`OsTFhxpy*8Gtig-ev~}KJ@zTTrzlRYeFmq44%GyFx#)aZ~iRLwbB12 zF~C>q|BhPmzaQS-|KH5>hob*qI%fDbY~bo~!>`b~59tkgE4qVvUqe{$YYFUqOSON8 z&-U~`FnC@O0DKkwKiqHGf9xII(*GNI)-M-ApeIJeqjzERn6Hh*$HEQcO|UZZKm$F_DVbJ z#(CT&I}i`B*V_eT?lhYVvk!sldUw}4D6D;`@WG>2gZFj@F2PSdynQqMPe*+FZP?MB zE87*`3G_v4ceTkln$*>)yfoCQKJcZiQhdx)O%V8`0Q0(E=S(WyiH?}HEk#oef|;e> zo0^&ljy8)M^4g}?J-vE*_ek%8s&v|WW8G7{0Sh8+W!ANk?8L}H*#d(~6u*ek+U<`F zv^Ek3(B>#)l+8pT+4?i(Re~BiElb&jk%zklPA*x*btB~gZ;q9V%yE^~;(%PC{alM% z>mreHnTm5(T`t*Fb;z4z2J}@Fisq%rAQEdzb5^a5qpiY=Nf&yHz;BMIG5cMA^yzY)1wlxbgbLT8Jv+MaWXSP(h$uAj4-|;pO*L_F4dDa~x)KePk;p z7i=^Y;yqINxd~3N_QK9)T>0)xOih_8>vT3f9F zdkf@5cEyp=05)&8)Do&xtWapBljfAqu7pT8#H(X=tw?QykH|7-fjR;U)U{En~CY#WwrqD)>!HBOhut8jn4Waz!G#C5Vye$!TvfIie3?;5YpzD zNE=LOdlU?aZQ4dX-PIa*y1q?YH`(DfS+t9mX$Wf@OhiQ|nm}$M2%1_;d3PQ1=9rz+ zoM&G{=vdM47CixSPnDwSbfaV3I>X!ozBYashVstp$i?mR$&?k!(4wWtDe;~a6+7qb zqJ|f$(0XsWKsU8h3sx6i@zOM9QZ8$u9d+%_nt|+F`;U9Ru@tv@h@gx?w6fJpC&06Y zCMc&M{>bS(Z`vQPC>8WPocLQGl@-s`^#3ao|C?vk{qOyj|KHL5TmO%nc^dlvWfuU= z>w!*%eDe~(>HhDumH)fVEKeIL^1WjIy3B&EN$uXLM&Hs-$lWaPG2XzmH2L)_n5$hD zu-ZicdVw!%uj!WJtdSPlB5iMp)H$^4UTxpGpdI+eFns?jrAUYy{;Ld3o z6?MkD=qkM^(nZ}p5JOq@IwF_oFXZ#*UKB(vkK4H<+Mzx+iG|W-M`eo_B4c4#5&OFn zcD-<8Y!!GrY@9&@j~**yvBaGL*Vh`C&EmT+?8YWwmPD9wm0zwm@+)gLg1#(>hi<1K z7c~2h=Cnvz_3Xs#?%KQVh1#muTM~S|tI`=9O;6!AsNHP%)rKcBDN0kGRb=>RL*T}# z1#36QX))%D(^wi03q3wBMG@GbboASmZB^|W+OTx5?&BldF?+TPkaPdmDDQXvTv`63 zD5PJ-{(JwR<^OrGzke(L-Ne&PLe0s`Dgc&*0Ii+xzLa0i6+Bn2=(n(_SX}J{Ht5)NU zmse@uExZQ#MD@~hKI0)HZX?)Wy-So?u1jt=)Pt+GUI#G-U5JMD25mtL9i!CB7PdHc z?26Eb>)>TUgh4bmK&zHL{My6BI_v9toMD$AdG*BdLb2+c<{nA=rl!nUqvmpbW!K2U za(#t)`F#7e*Q=1|gt0LuklN{|Di{R&W>x#P+_o(vWBfs>^1wG9yj<0OP;^@qrlPPb z&Z7{#9Kzl0cCc|_pE6*FyqE+nv_92S@iimHtpmFwm+QtDS6#SP+hbW>Gk%ybGu$nh zKy%eL32SZKsLCb!Y5R8Ft4#;Q!@7>)7%^J0>XmrUitl+Ij7#IgssUO6rvsl={33vK zW>b2!aXM?Hzgxgdx(8;7ioOv9-ZBKkU~YNBEl;@R3Aa4qmM8ovc|!Y&@MiQsSJ3|{ z>6}dCrNJOp-T&;h;=et3c$@$6W}c7j_-~z;(Oq_-&1<1G%{4oefwi^t$I}d&zzCro zJ=l))dMkXt;LU`oc2!zJV1cX0%v{fn#vy_Zv=aXSll|NHI)CQp8tMN+XMmOW{|_7a zKM(f~?(f~w|C@Ne0{!nY*Z*^{fh*YfU&j#KMgzTlHhs3I|L3eyJZ%JL={y6hvj5*} z#eaMFVDC2m|BXDM|JRD>&Ox{yPuF|9J{6^15ho%$_AA0vy<>1>Z5y_miEZ1qHL-2m zwllG9+qSKVolI=oW`B9!Z|_~Te|OcY?q2tgwXW+p&eI`Y?es*>AyoEr6YNahPz15m zx~AesA+0m2NT1e7Xpqvf-0nN;4%c%7v5f=9jK!%cD^y6vsODz6Q^|I(`?_^njCRt4 zXcWWHjSidQri94sjE%dX(bRg+O$E0?6B|*f1;P7NQWmy_w&6K6djvUbG!+yD(Bo#8 z-rJFNTjLI5F|2EJx@#Mp?bVDR+loe$sv($G#VvuL%(~g){Gln&$w+#@QqBNAJkT#?p{MKL~)ATJ?Womq-p2X0qigkMUmPZi{Kr8iv;{GH%K zITr&2!9ry5AwV%9Zav20Xck5|@g4cxYR6(A1rlJ(&Sc>Z)3md|UZ$oTBP$MURR z5kUP-Q(WjtPjqv55j*HI2>oPcUa3MA7BmoCb@m5zWOrMp-I(l(T=Cyck{`3EoF)~i zdSNH&Y-B_D_cMW`4C+U|lU_OJfzqTAX)FN0$NPmIEd-S-ij{yEjRveh6aCd{^!=w& zy1kPWy`(lSVjw9hAQbf=5+T2EvsgR2u+2O=VdXmOrrI}U?2HhlBADQIR$JGiUV5aE zxKq%leMW>kthgxu*Po43lE|z%(chG2Q&*_0-qX`3D`oO|{J;6U-~Tr)vgaPnH{Kn; zaFnCCmtAeq+O6Z@`C7lxWj5+)m)KqgA0%vWqLt}D8!GVrQXWWq@z!&B!Sx2Nt}tS8 zoFSbLc?|qwXajX!ETPmWAT3aeOjb6{h@*#s0eU3Fnk)b&)iOn#Vy|%B+G}Whs6FJ~ zVxT|+3+*cZQ1I71Xbv+_e*v4Uxt7f9-c5qupGa^dGZUfi>Fjb?KulGNpnPvjPfA9w zed!LL%r3RT6#anm{A~#RTwFlVjT!axJ)x8v{BSPXx)e5DTlw3DVzm9zbRs=P(bi1cD?qwLB)s@X4 zcv-&a{(>dr!}!3j;ISEmDn7z_Dn&G!WT3$nFlp$XK$t)PI7thM-}|+ZR?GWlJck>% zPH~Wf!T-$CkAp4cJ@uP=F>XD%KE|l;xT3)hqFrEl;x5!v27&=FftT-gE?oxYNOl?; zQoZ1oj)qMJ^maok{{o>8X|G~@{Tqr}O5Rh76bE8BhTpam(t}Djkxj#OTq4y^KJ5Z= zp)`)X*FoSae@({UAV-T=b`+dZOldw|9;K_}ApaAjBW-Yc>YipOaI>DW!zB&|={=wn zzwIdAZQbvk7Jow@VItL0S0fN*;rn`xub8QKu->`rX&3ky^jSw!FkY%IG-%jg&}jTJ z3m~ND8@5C4L8jM4Cc$LB!-pE=WZpbtcL!bLI!RWzul1FFhEHYq5HL5LadWhy^uz$= z@fK%G2%RepWmzf7P(YJA?PfhAPJL23t) z@rg96>X&SO_QsIU5HhAQ#b>cUQ~47}_>{%9Nr($Z?a7di)WcDYT3Tleenk%!H0PQ;G)f9MNvOE_%7V7gE8({8$PY z7UWTs+5Esd3Jnq@V=v+*NQ5dAWg~FBi;M6r&~_!=@p%~bD;idDV!xua<$oJYL6lk` zUPM*@E<#meN-){}d&r^YSmI&QI77dBkkDlp#eqW{&5aJ3GT)I?^D#c~Wpb064T#OX zI_00pyI}S|dIa1K%m3i#E+@ETgm(TL4h4!8V8z%0jRb0fWi+;7 z)%$Q9(YAfkGdGJy<=*B~sXQrCvU_j(HCPhtX#LJ>?1Dpa2LdVhrU4w?m@f<;(J+bw zsDY!eB~3A}J9}2Fn%GE2BsYO7E&s;-ukD+J_+6&`=XL7qZOT=vWmb^wnjkco6S^>EPji`;;PF1&jW6G@DfzM6YXXKA!|Db zj}rW`{C1|$sWR1Mc&3^WpCDazF^kz^O#Hmg63yrB`O>&1^3o&p&=|LdnQ*kA9S<+- z$u7HS#bWX`2n{L-v_o&&B|*Thba=LsFmfs)SbEus4s{Q^4=-loarT@Q@VioabF(va z{*`Ze5N0B$T1T|9o}4DyB$v9(Hp!0)F@@n1$C$ED-IjTyBrz_|wMZv5cNdL`73GcTe@B);o1>mdjCqB?j9jUXCDo^at5)Yy zg~rxDfT-z;sgMEvVc}9hACRA zu1bLW%*N##cD%R zdk-!?(s6F>$?#z^X377BaNW0y^o(*AQ?ODxNL!i0$LldrG!|ch{foJF$phTWhNN1I zUEo&#<>k51t6u+MB4m%vbpCkZq*da`*1`u!hXS7%w2_5ScA zg>z;eRc7z#JsouAjFqcU zAc$h)oXX~2htDm{^9Pd>EI@pAFq%QP1HA^jeW$@V=tXOD2Qtv zah1&ax?2D3R{J@|oVsKznvHqP2W#6eJesRVn9fGTFJxUbxw=qFCFf>W%Tmmf$pd-& z3C?0XNprbwv|(^~1v1UFJ;dG4ohepK<^Iv5w$zR=(|22Oi)#x}o$#BlbV$BzHee}} z2PEBq3+;h-QJHrIrFxv$21HK=*70;B$0)zu@R_u-8X;7Q{1CP7FDcg@bk#%9;VtEwFgq9WNp&cXo=`U=JzRLi>D4ocWiXF` zVk3=C(AWM!2qsq)|TEGDFFjvqttM*3hdy(>sb7=GjgAxO*Tu zC!iQK3sGx7IIv*u+>X@xzK z$bnjw+4_ows^_g?6@@g9d4({B3rVJ-ee@dMVIWC&IUV1@w;+6CP?#AK`emRh+hcx7 zOZ}uK)BLDt7@kh;4r*j(5g!C>t1!C!3`Yo^hG*OSRT4_V+LiH2<_;q|l37PEm#w-@ z_8&p~dW%tVd`*D^igvbALjto$58R+5t~M4ZIq9O56}So@=;jbvt-nVpDl5_2I-QvFxp7vuntC5Mxr}S zQCn6-V{%+A|8VvqhGM@w1sfHn2GxMcah;Y!HkzaAh)F3R&m5f&iV!?*Il9qLU9)LZ zL#LYmU};*kAO=rgT*W-pf}T<+x@$R_#U}TKBRP@wkX*pb*`&?PwT%l|e!>3T3YbPW z-mr}-RHKJiy7AZLvq2n6&mPat@u@61-tH$WWm@WOB5qNH2y%>T$W$z}gDn!rGj&)P zbG7pCLCoAmH)gtIEOpgFH$mx6hqWTLnQMb%h<|!ILnNjiSkER2L@UbR0y9usTKDKc zLzbbgT#y{lFuTF_*lUT{HjADh&lqR{brZ^`!671oM&F7H1tX6MQVDB>(!iuqVo$FZ zS~1d8pe-d^@xI#q&X2?FGf#7C`+M@yu$?$f5)Val1aZ0a&_tfsFA7GFL%%hnUc2DVFUD0=B{bP zYpsIGU71q()w7FZ%>gX2KvI0OO$RsuJAg00sp)Vs6Z#p_GzV7sPWc=kqauMqw^>M7 z<>Ore{?5$4mCe5wgmaun+_XPDefgtx#c6f&G8m?bQhPV_dPVw(pd`gr1~-`=tiO$Q ztY4QbX-5t11C$g5qu4VGHhm~iln;n-<}*7p&1@3X2hf)NlK?i(rBTZv zHWEbWg@}2inw&y+Y6JJJoCbDsS1SJ-+CUsez!yKEc8%Na*b|^IK^@Z$9sh{WU@2-Y z(;$UyrazwnTM;n7Nhm8$XP|jpKU~8HG9BMjK0mxn2t5=XNa5&Paio2Q`pq{-mP;lp*7f5fv%#vG=mhU<6wAPe;V6UkBOihfANl%vRQzv)`%Id|O^z zX!{w@Ya@5RLw@99lS9_&@-Gx*yb^ip%vJ_~k#NIrywSh$fuboyeM z!DH>6tWK-%QuG3&!wil=^W(2h2L9z5kFvX^SM!R`uvS+x91ZR@SX=c78^}dAmgKCn z**c^Px{@Byu)JD^1U1p)bK-L%{RhbYTO_D^4w9Q|47b=# z?7B0D)9d@}wRVnY^o)RCay56A#!x3B?purXiF0t#B@rSoyQinOz1s>8`|S@~(u z1)D$vlX;|7HXRlP^B|bKb22C>aQoi5ES^+oSztvu;PWMyn~Ss$sfy+RKJSn7wWu;h zl^9A9$@8K91H>#M0D;3M7y{7^mYK`RG?bpohlt7FXa98RGw%A9;u&PCz~(bpv8k@` zc%{^z?A2c-v~f6#cm)OW$AKf5?2umDnWimNL(Ig-Quk9eT1jJ1_#?Jpsw{PnV`?&1 z#H^-hQGZ&o5V_y;$gSo{LR9|hG>gB7b@Xs-g})!#NGamQnNCVsybI?3zMDWV z_qe}|sCxu{Np3*tq8X6Gs}_TzM{8tRU4obisO9#r6N@{zvU{Y^Ft`sPgOJ^TVe|&I zG^3{PH$-uZ`PZNAUFKQ ztNn1&Wunm&9>4V=d%S!n?ozzDjj?mX_yc(x@r2>sMDNbX>A0UaC?5a#X%T@o2Sl$F zeXvopLa)J!{EI@?iI8{v#latne|Pld(&?0S32~=dF&MGx9xKsY^nzsO4+{OD7!}v@ z1sC|3VjgJoz$ueuY6JWRd^nMA6uZlKJ0(-}YDqJj)@xk&webIuX5 zqoJ3R6t77mB0c9pg=>;1AE&Y~;BMTCHmE95mix@saZ}%Rf33}J3Y*^?21N&>;8+j3 z4u?&p$*wKXNaJK0ZoXOGs?hrXO2r)9e&&CI0~tK;8--KTWqc@&eTn3jvG=)WM_?U^8p%k?7Oa^jqA?G2Mr6m0ehU9< zJ5GZ~#VkO}P*|Wf(pV5);5l82tgnvue(E8x<`Prbk_A68I~sk<)m$ z_u~|>QE_^yOfT|gneDTl;hUH@6Q+gm zekiY?{qQHw0Kj8T*c?4#X~*`v zWNh=f4ugF(md|r$R`ZuwPYUJ$_r!D-$``O)b@ItWWKX7=jGSmL+_<5LK=@bLbVHHf zXTOCRQBtdGh2Ry`^!H=Q;|e}2@jS|HOWMX@E z{ww|W{D=jkqXHqlCfH~Lv8ihtVVz^}L9dwAyiIX)eOs(+RdRFoPzMs4nWB5M$pMer zV#b}zIb!|EqJZIXKI{N|m?Rk!tMQR90S4AF^$3&YsHh!UbYKzJw&4PTMd4th0qbS5 zwUiQ!jm=W0>r>$p+Vzd*mC-6NgIe2e5OUojaJN<1Ke#aW5g5KAPlp~wrrVG<5`9Kq zkkbeMQXl{MS&C6m)lCN&>68VUA4ddtp!!N!e~6zA$T7^_TI7p*3U=^R7$WwKRyYWW zaTwHIL6l~gSwl{mP~)Q!NDiFB9&y(^#ppU<&5=tUw#ouf^8pO4WRzX8tlx8juJa%-lBrW9)2xP+rD z;d#W=1Kw&_&i{Do#7prNd5C8rsNnP~mYC4y1aQ+N(EWM0wAdu#qaeMmkpkE|-4h%F z08V#rcb5SG^4u>_AqV#T{s6ea(}hg?)7iwebU!D|jJdN=eW?X+%gq%pK{IXE8nv_% zsCc_rlpmkt{_$!&uB;A!Yi*w5O~vxKS_0Qwx<||7F=QSR8w*>4c8oy@l}vR}yeBS# zRuj6{o51J&$Z@KoK91Q7wz+wn0#&y>w5vsz1|<1M)6Rf zcI$X!HVo9WKDr35l1~Oa$VWVtX89QScWh<5ZMf%W8p?mtEp&(Gwi;N1=tl&Z!^#uh3R&ce z=vN{?R$@V^=HXG~|0vqn6q^_@OpyJB4_Sp%l*vVR(qr;Fmvo+iR&A1QD{!}s7jxL= zJo%@qqSXDq{WS0Gqp~1%2#Xh5BEojt<$lu&m)1Ugtc$NOFF&+${Q0V*`t8kQ>N!rG zQSM|&S$=fC^F1)X{lk#oe1F$`y8i%TaY6QDTzPPN#I{q;rBt8)pBwV4K4O4lei4C8 zL!2$z%%FxefeHghdoYER>v>qv(AbFa*HcR{RdkRDACl^HR5CATF#p>ntX+)+!!=vt z5@BcD{C-d;`XhS}Y2S=xtk`)oEfn|dXB3gmj}`*csr;W7!nOn+_P2i@ttWVQ8B?ys z0Lau9q@9#!B<^s0l0{c7iHt7#ntZ;=@pohMK?nI5GbWPfLi*3%8PIeaiT4|xxs1J{C-c>V(@?MgR!^3FP45mOC-%=3eG}MU{Z{q$ z^G_?CYrOn~JEV=1#RWwq%IHDM~$}ib}i2G(jjPNF# zQ)Qy;#$K);5>EaWVZ$VU5Q$2o`xIgYVwi+{^jnDbW4mI?7y&X=5-vmoY08UALx2N zG3vVMGM2A(LOGBoB3EJSB=fV!U>m$>C>P_M)JTZWD;6XiXph@KpR|V$)Y^*tUpAHy)LJzHd+KfXh5@`(g(L)Zcy6*Fdoy`tzFb#rZT8VquNAg7&sxk-&=H zRhq^Ng5!(N#a&ysX3zZ?sQGhVEy(IUgiFIVtO2awD(k?z-Xe`|Ha(b^W`Zl&WqaJC zQUYNmsVFcs3PRP3^vwcycoDsOwkr!7m2J%Jo<>Usb4^k-L1}56GSI5{$!vvU|HydI zmyGAU(S$#?<#s7+{+=zA$9KpUSK|JTWsJZvU2ZLVC$PBJ4DgrF-K&xIsP2nJFHa0C zfsGw=Ovyw)Pvi|!%=#x-de}Zv;my$+g$i($D&V6C{M7Q)rtVW)3E*J=Oc`4nbU~zf z09>*?^zm(O`28$z`XWXZM6^sy!oJSgct|p}d;%(uZQ7n&9tP)tL;x$d^M3POt@E@ti>1wb<~Vq$=_Il-?s#N7=c8|tXtX4XPr=~3Az zjTsKTK$p*#(ZeD1y^(hKwE0&g0OH+a9!!=^0jiGx2SB|X;D;=T zv%B%LKYYuX2i!QoEv@#mCEoj&+1RWgow51;$QjK8bDLyaQQ1t6{acwY6rJ}vjb$Tr zx@ngA9hDXyyX{IhzzcTiz{S2peE)>yY*rOkOhxza*ygp{n4LP0gns@BDL{_>bE1jE z{i~0?Tv9dpgy*WvLDMIznJ@uywX6q_&`FFc8j4>@HZ~ zwpj}o8pKJ=-^_GpWti0ki=x$3khdI7D|n!-UlR&V^n~WxqI#s&pe#35nJ?S_@Snzj z*$0eEJ|0_+zLmfL(x$_`Q4=R<8;v7a^k+QQLP;CJ#oJ6<5M5_2b{ASty9fUf9>YXG zb453)ZlR{tp^4m4n;7kkLf3yAPx(efB@&jPjV$#fI5_!+~tQKKgoH zx5Q&?n-F{(G-k$bsv?kbtG0IXuWF@ui4+sks8B0eMK-As`Amavuw3z7+?~mjN|(x$ z$~pww$dhDDWkq92KwXFuLK|=jOuu%Sts2Kvhj;e%HSg=hzjpEV@zUz4{u1I%0sRo2 zLy;K|t|8z6@@1IM-|SFHcTiI2N`qmOYyjW5%8B#a%g6jAj9^x;$H%Sl!|e6W*vHaM z!0u-Dz>2s_%I$LCE2t&jwxx;ENVjKQNT}_XSk9}!dHuV_J~<1C`p2?XI87TZA30^* z1LqmgI;(UeY9UL_<{()|l-Cvv4SAjXN_3Y9t`AL?xCT6jI##%+MdH2}k zK-F0FX7}x;N$*4WP#HYF`=};P`#7lT8=O7F#K@YXx=h z9WT&W4{uvBG9>}idp zzr-oU$70=CcWsJBc!i`O;7|0_Y_t-sYw$pkG1o~BxhVO`+A$!>oe)xJagrsx0-}Z4 zV~t`LWGiZ=1yy0tfLM%`I>;;8sL{KV@7uxN`nqY{LwE7+!dn4yE1_HQZ~4l#2I?Fv zwHDB7z0e{qNBF(CniI33q3@$@`M?XyxJ-rIJR|<(V6kOh&RCs3i@gB4#jD~fV24pL zO4F4pjAgXQ9qO9Ds94J8Ic=6@_;3BA2G63VwhJ=reDjKC#H2%{iVF950s3gI)**V5 zbW?Mh#CVVKz3}=cXX17LS@)&9AM_uP-@x6rlf(uRq`fb1owX+@6TN*g!UlW?Q@U>S zf!3;Ru)4OoRiGX_44pa-viz*b(N!2Xy5hsey>3_fE(7+IsVx8=YA{sVv}yk1%OxSM zPU2>{x(5nQryhq}uO{`r>)%w&F0tUGt?5mqS~h({m2uVipGI%@lt!e^?GhZYE21cz z^LbH2cW$7m|LaX?H5jiieC4a+gfh7OQa9QfE3)tVu_n|cNgwahPcG;ED_rK%L6i*; zlY^|kVnn9w(xpurhQmQqQg!kEnY+D-4lW2=PNOu>KgT}?lJoR@^SvoRNcU@}bL_Z=L;ZmH1Wr;2vG~>0(Ylvx?%vWJuMp>+RV=bz%N3Nm@)v7`1MLez zEWe#G)>gLY7Fw4`1je*WeJN3M0wsZh22Yv*i!;SHi!Hj=aYN2q zGp%3NL(ca~uyucoo1w2l;Aqc>xwBWL(^|BLGKfEX#~L`dooYa{s9iJC3c_hcL9C3vu`juez+#$gsKa+y_U+n=pu7E7wf%IpO0NDBoz>9%>Uk3nz z;Bx2shoZy&+>xQMni1AyPX?1A(v#7u?PeHy_k)Joo57AXPSst!c)?+@#IJYTM8%z0 zYVB-i(br9#`sE2tI2~sm@}(Mic^TUMj~!XjE|1|=C*>O=pcEY+=m!aectOZ~1PlZf z4Qapsr$x9D7t-y5{MtIJJ%NGX2>#uq$NC{5Ivgyc#DtT5BMi%9LP7yQqJBWMrFhmG zOyE>zZ*t<$DO1g-_F`4KFs|l{M3U6`c_7ZuvK7$eO*7Y6&x`Od)IbTlr4%kmF!g&C z`sR#nbXEwe2*j&(nJEy#ibSIeua8`8bpfuuWqBZyC^X;vTRT$df}Xv^g4@T?Ef2}u z>W1CzORwqZC#i}t*Pwm^hk?URduX)$TP^@?LdDuje_7W84&}Wc)Q^PX80GIY0Q;fip zE;whh3{_s?@V|c|!H-bn7BZs4(J*j|X=F)~{~RhJ#&yk0eOG!L zwo$J|HKC?`G>*6PTY5e+BBJ&K)z?DIy3x9GIWqOW-q`jxv5rGC6*(k(bi|^K2uOZhP7x zkvdJ}bWA~^LLYCvaat(VG`)gUy#i7Pc!_~Y*gI^tT_L%3$L zb}?I&g3(XyR&;UCJ0QDbY2r+dSj3V^32>~H#AY2LOR1aAqZgR5MiIR|<_WNJ-ze6E zUTIWB#vN0;ko7oqBEwh+25WCT&xNAB=oLHh-RrkW-6Ff~PjDIaJ~#IG)Sh)vf3>wT zPtN#P&G>mk&;k0sHa_Dx9#~KNa%RBL^J0Gr*cbBlIiFSOJ~5*C8SFgd#@Fz zCU4H7PqO!7yh-LH)Lr$9Vq)Li){s;zp~|HRG%C!x@)4qQ7#|_5L)B|6JysZ7aFcS> z5<9V9x1|#VqpR`P$aq2&Od#Y+Y8FDM+Pb6z|3E+6Qt&+=AZNi%`FA4*0(6>8tVHGX z7g3t+5WHQr|9!Mgtp1d=vEBJuA*0&5ep?^?lpK2i_G$n-F}&92emI`xQ!8e*v!xye z44JLT$jfrLo?xDPTG4#yFtGHFD^KHaR}%U$t*ua>OKA5O$ALaIrviu{7yd5h`+d`Z zjw5H;N52Y$-JhcjFsSqV_V#dTcmMA!YhD64Hb&m;-Bf4!hq!uMUv_Q=pX{G`9zU{b z+}^F@gHvMtnnd;dE~2L~9MQW1yY?;-4z1gl*SmZ<1l+(Ny62MY#&-59L@sGWBem7%t}6J{q@mnzEccGkt9R%GRd2c(%^7d?994j{weU zRJjY?s8~5PM9P^>$4mxGU$ctJ0O$5T_bdRwELQ-~G*LP`V^4RjY@c?i!ECfL7%>+6 zr3Hx+9|jRF=WvXA>x@y%KWwVZvs;`nr7hCo%}SFRx%QJ$O=I|KW~@22j+zcbSdMSP zDBw;?Q`UjNfN>0^--Lm!M0THTT6XmZ2#=sHZL4N*oU)o5agZU)`Slvz{1IfeBV<1C zt1IjDAsWLLcC)L7segk$ZL6d8Vp0h{dK~8Zi9&_oC&zv13u*cCv3siA$j~YMb{c(s zmA?_O2@fD&N}G2lNkrW$hC}lT*q;AZ6b87z{x`I|5X-K>T13#-_m3E}-Z*831Dn4e z(ibJxm)Z|g{b9t7b?SF1@2LmNn~x;BGb_z}%=J@`9nno$WS@xSL*SECu8HOI&{xR! zmZ7HeQ=IX9SP_kEyoFE3YwY5GM140&kN|Ac29VFg=l8s0%`mlYX)prtw*%_We(vDQ ze*@b8eyd}Wj9z4PLYZ1&R3L-f@wkSHiB#2Ppc)v<1{FsLRN{+phQZAIf9swr5FbJrKb`Vf@TgnCafB>7 z)MzOhgBT-88hO+&Zo9`jEm9~lTeK5OsX+-b)0A{IOY1vNSc*7Gc4hQ0EF6ZvO|&n}j}QV4igJ-17cm!S!9PS7NjM`y3?BZhp)+^}yR z?|;a-9KLmSp;}qT+voe^*+bc=x%^HqukYQX>pOWc{p}Oa`7P^92%GrG>Aze_A{YzO3k=3vE>zHJl#=Di z#78QcaxnBiS&%>+sls5l4TfAriDWIcJiKad+bKF_A4kQ7gu1lne5eNMnNG-~;6=-Y z?7QkOP(LiUVjeCzK{KQ){~MyHd8C@ui=9pc78eIc!Anw)$qhd26HiQeQRU54umcuy zx&ikW7C%cTM4ac>KK!k`XhNgXcmSvQ5|=p!2udB#G7Ta6DHflE;CBSlt^o&8U1_zE zG2Jh{NUn?p=Th%rX;6pzVCTch3??b7r1AzSRXduGNXOb)|2TBJ#r4b4Y})KiIyXQQ z6EW?tyU6gUz+&f$ztP>b`n(@|S0Og1U27BK z{a^N*s4m8FRwJ`GL-vRLCdL9mzHU!6i!Kx~W+Gg}QcgahC6NG2?iQcvIGk9#?@H|E z6E6wF{{j5R312(BfjS>VqZ27&?WA14p%q5#EsTer)$?loo+&J zSg)_^tffw7g=(5m9|tb2>TG< zoMuLoZuTFkZ7@f{?TiigR3t9>vfv4WG#di>5}NplK+gyoF&3N?=tfeogj$I@@$GzZ zd&Gl@%;0>&Ya%+U!Z1Qc;8f?A9LA7I=vEtJuvNjNoJVJsdE&2{3{$Us>Jf03N(e)P z3k2GICRcp_u`lyX%w4tQae}+*ohKXjZ}~R?02&0VnIultqo22U%_~7z+p{0XLwXKZ z^f^7P-_{OKc%Y6kgkS2D@5jG9*B3vov_&Y@%RoJN0d6gr((c{`Nay zXKe9Scy4r=Nw%ht@`Q?p6esaV_rSdqY+U(&iE=WrvtMMVEW5>_L9k}QX%Q9t6w5wzSyq2yWYc7UK#9a+(^=Sv{r2JdgyjzY?r z!>_S=sB(bQ z|DP(~eOAHn7+lC!i_Tt*yfEg_p^3w!sz|0K=~e)iADjthj390g=03q9L6tz;1EX@z zWF{VgiT}mBGvA2Y%YscwXuZ7YE8*1x-!6s7MIbr6q{9UCE3(2f_otlEZWd36#M+<{ zmr^4%B%TFf%@0EqXtk$S7`(5INW*lks*vdICmEY9O;^AZ>I{XCJVZf+S(Mjaqy~>V zzo$Qx+AKAoojg8z^`M10T74w42lyw(e;);DCC9g7& zF=J$?ImNd`!^_IoaRP|`6Nvif4`tTV1F6T&YjmHE?j?F=x9dt;q&ZXk?*J%D!@coE z3020OzQy(c6D1KQ(?{G{tN7aXiwv5s3^M_i`yXbgfLWwe0vOSI=;6VMnqw2MbVA1` z&XbT?x0OSU^da(UYi5AGFTMTHX$H3I)CQPpmf@RD81@Z@%FDKNFxp8s@^CcT1WGt0 zGdw_shG*5s>9Q(VdzwRz)BG442P)_Cpj2@_skPq{DrbZefYNm(J~(bBQAwLGT@=A(;ku;V%i5`x1OU!r&o#b0uK%^h|E#(Z-Go5Bpt+lnmB%?;K-keAo4HWUB+ z!*U@HcJF7G|3?W$#q9e0t6lER{xW=q`N*_(r%g(2*xya1Ic|%5( zLZ*MuR$-i*geCv%qs}+B20@EzGy7GPj84c<4R-FKC&P;>$a%0v!qoT371BTG2@1jX zn@HGE?KONB#cYZAgL3iBj(Jw;YI~B%k73L)Ajw2ePZd}m*@lV4kT(~{UN{NoI*&^f zDj-UXNYj8wGnm!XPzGi#-$4p2VG*~*fE1w^GZ2ORStA`~3ew_nF`jaoFK7ckbDdON zx0ICWBqG|=DzmXFnL*15FG1l+m2^@lmc8>-9n) z?8g%<1aVN>-!@WJi=pc$t<*)Ngb5EpBwt#jRZ?Kxof~;5xmTB3{S6&FOCt{<MCwrH2JD-Udz+okoB0W)n`?D*D5_VSxPS9vTc>->rqDzzrr)Jg( zMeICeSVSOFkfu_U$TdRZG>&|{>k)Dz!QB96_6*24*b1}0JQc4UO5Vw@gH`OF@ zx2_R55=*w|wrm#GD{dyM2Mj?k&I>UU* z3(yJ2N{WS5f=q=G|LO$pc(N%SI*!DzphEb)gg6jH#KibPOM#UD8uN3|;P*nSIBEj8 z_|T%GqeRx%s25>f*US%pvknUNFL9U`7WF@YNw#72TD`Ee6o_+viY$~Lf>r{pDUTrY ztH*2GL62WUi+wgCRaT{HrD<7C0l7O*vBPP17awP;;rTbMCVgxO-K`qrqSjd7~mM@nSqThqX-9)x? zK}f}-`UYE;IA0-4H&dBXl&i`wU%gJok@8R<{-A~(oywlM7<~9{VxR_s6(>0caheT3 zL=^!&e2Tb0P7LDm&SjQ8&OUV_?{(0ogp)AJ z9Hd9DgDs`YMsfl^A6!|uH73w{)VmDVF`OOZO+>;MB z8M#iGUR0>=vcvd7`J0?xP(8*nF-DIlJGuEQx{t8?HQt!Myg&XH$I=YU4AMcV{#YMB^PFq<-zScCn1c90UZ7RhMT-=BS3R|td!k!L@Q_s?& za)o)eANmw-zExjkzeHU>XYnyn$#%KP4P~M!ZtNYUHw9%_A{5Mz#ax03T8?E&N#P<> zOlh4K2A221`_x5&c7{HY_eKc9h2NA&E?GALckX(h@L+DkZm8Y`BX;u612+h&&gv%9 zdsgF9RYF4_eczll5a!btqsr<}wiutB=j8=Q?sozFt*(nGi)Gjp^SomGq-U%#k>rJ< zZk27|A{nZ9HA7=0KcBkmYa{$lWzo%9obc;&=V$TkWSN)zaQ=Aq(hFP2;E}v|A6r{X z!t*SjO)6A4_w2hYn`vi|5O^I!<;j_dEs5e{=od!?UM1|_e_9TSr_>#?1j>Z^x1+Cc z2L##Acu-m8vPdNDNM|&96m`0G8}`WHys~((Zlh&i``=r)9Vn!6C)%90@fMhgk7|wX zqg(Z3j&;p%+h!;=i5RmiUPE$9uM!5MqDXbSf=YUQ`cY{5LuE-Z*%>vb>BL1_r!b(#jf< z5$98(_QLgaWb(`l0i@N4N2MbDf`g_lVhfiJl5M)MkS00FY5RazhB8PC^%g{37!9f9 zHXKP?xE8QP)(+T%pRN2}Ng?s7S$D5lr|?pV6IPlS;7qR88nYCW<{-+0u+VlWzrZt& z|0ZJ|Tuh4=(}&Ff5OW@5l#)`3c`&?Qv{Fkay8X^1sI3#Ny|{?8l40P$oVsC&T-v+v zTryxjYG2}JC&ATEllkH5EC_P zunzJ!c!Ey$vJfNjubVq@a{v|lBZYO^8O|934E86?BDT;o(%g|U?wPifYWzvfs*0H! zVnRKvulG9AW?{Balsk2pY+(L__xR8jyLO%nvu8pyr*^QX+*-R3D;zO$SzG8)r>ce) z&c6#ASe=EsjE(q!lWd;8)8l2`g1&ih(1H;aO36XL-a`yD#v(y1-!>60h+exTA$e*LB@$*ToEjR&7(Mm0UxBfOMXwzMUVrr=<(lt@48dY*A?do@8 zNX8w}y=0}Ln|?GnKjbnEmOhwMo-<+NO>ofw2FW^Abc zC$JGu?jv<{>3HfUS)tXrccSo7@fA($V5?fW)HT|&to9-ND0oi0_qGZX6S?Q@HP64xmOVUCQ$jMxY{Xk_n{sf28kVK$t^HiS=428T^)Lpf%OR9~xw5zpN+gem7f@gV`s_Yh{ zS)7(yVj8Vg2F|hpn$2;R{TZzsA7cMkMt?hhdv!Vt_-DSfj#csBULEc^_J1!951-<{ zJ<78mKyU)FLoM@N^vmTNahlhfcSQbPD3Sh=tG(tb25XLiqmhw0%asb;GO#CYX=$-PN^2pw^TC*TW07M z%)%SX+HToQAcO>k8K5(9ewa(Xfzg=Up;??3T$!ti#cLOd&Mx$|fnTaZku>1h5?6rb{D1%8@W8eIfBEY0DgM)=JooqgXXsWO@Wq*P z94AC<%cGeXmT*c2=vg23cK?}o`Z?3Wylt@rYbEehI$s^DSL{2#Obo}=K$@t-uG4hF zHoZq*#2FwB(W?Xa8PA5rcpQHghfs&{%f_BpEc0cgCmG{L8{x0hU={tE&wT*m>)i8Mph7aTD|JL>A^5}jwPqoG)r&%5Y7c3F0 z#Fntp5J({)lkA-*L}mPOblXcx9@SRUCj-E9pcI+{MWc)=;+| z*DM+>8qKX0umy4o`?vf3hHKr9(>0TLF&DKGIRm}C=h{;F0ln91uJ-F`|8L)AZkv}9 zRQTc>R@ktB+b{P8vmm!U1KUb4_-VcLXf(`7C`Y``tXt8qg-E6iP&|(1fJjw0Cy)pP z%^agv<~o3%4MFdlFgGjZH+VEc6;&U{_7#M+O!exjRV^>tK_}3+dQ~@S<2Bf^bX@Q% zDBZEq*RO-xXO1Tp$YGNx&?(Emuzam+C6$iYXc0W1ahBC7NP0V12U)H}iD)kSI4`lD zw9n`R3b%mX%MmaALX|6H&DC<>e5<3QI|8wGR;%LUBc$J7ls;nB*1P$^nXKh_S@jzS zHMarg!>SgPC9Kng%9Q0Ud`j*@rfj+>7MaQG3=Qr952)7lVzpO|vN}*!J!XMe7xDI% zty##JbY>$$vyI)rvb-vlm2<&{w3?4vBR$rDL@EW_4l^P_#err6YHc|ViSM=_(FUbz z?*S0ewI{(wtz2OHFWbDxF<^rlT?Z22_O-R$vUFvErgLnmH7wW3F}ry8`bu9=434Vk z>yH1<;>D@SPDLx3Qogjd3J0w1EQiD`tWpzs=esl&)2K<}pHf0vR;q1jCU1DxNNWVd z7IIkiZtUI#L$zU7D<(n>z^Rpgtlrr+NOjSqDbWIPMakMLClhRynkC;B`v1-De@ffw zWznEk#s7P`@8W;Ida?I}|MMu1MK%^vAQ!k#L3k|=9w znrDrfbQ}`##F&PaWm(LMvl|3qgPI_N;gn!zI z?zpvCo1;Q;Yxz}3tJ+(H(qc9ud8LR8MOo`Tv(LM=#+|ooN+o(wyIQN-Ms35igrZ4f za3Px}>r${kwQ%+b&t~#p^_F~*6u9dAf4JxRe;n=~JlTIf%Hzm?75jw;$T5rUA1rC+ z+)nhJwFb-j7dYNzwtS*Uj}Ja*zD%eO&;EM$<&HwHxhcl2Z($p7l59|MNnyu0PEhA< z3ifL^y51W^b9Cbj$c^zGHX%ZSPJ=k}jRZ5t^X_{pIjoq1(&w*oTbXHQR&!Y}@v6~c zsQngeOg!V9&K{^4`G!nwGy0!JqZTj#tLXpU{)?Lb->a8T^#3s)_r|9o^2PdGz_r%0 zXn%tZ)_=O*_^}kX4fjk<)4BN4@{eANPtW5&8`6I(@>F&kF5m?#<^P)g_weA={uBLw zj7QOboJMG8*(G3awNXGN|MH9bp379sb>c;nNx^cxXRWG#a|LLNE|j+Vt6SS3i~phQ zt`=;mi7(Zrtjx6X3|F_(vcl3-a_o@bz?r92&Yr%Xt;hALnTIqaT53jCZD41qJ&9w% zXGib{eVZ(6RgLlQ;J&<)y>CYU^|@%H`@iR}_G8at;yDHx^UZFn`$ z2;6Z&Tp%Z0gB3%=Uqr=~E7EehU57aOlThml($b%kNZ&U)7X}6_OIBuKXEi88oW%F{ zM#Z(%o)N@^ohfF`0U??fW3N|h(K$^C>LQ&|UqrYog6oT+#o;FwO>j_!3R5f0fe%wr zX;xSTHkD}OjMdAoppbc$d%`e|@}?{F<%J{U!~G28Zf>yo$I^!_(S~IeJ(!KEV1Jnnov((y9}&*9q7$EHPO7PcxmWdzmj|^D1>aZm&xI^PSO}uoAy7^IzySxUm@Ur1X1w z6!PuF&S?dCptdA9E5<9d0n864rZv|iBe`bMGdj`o9W8kUTI zOHZB#PZ)O^HlB!TjZ5OW*b~)YL!cY8mLY+A&#;C8ftBkaMg*!)&87rsf%nbkMg@(t z+Az(vAVH|X(4f+&w&n&;zBhle=OOZ6FeS+>o}@G$Sr-loYMpx!gtB!FvA;*!P>s&rdIhP#DCK zEn}#A^3xwZ;m-4r{eO9SeDd>YFpFB&v10$fJb3BiKRkc+bpQJ}PuE6kwsDF**y=Ju z`-oD`c#boMu#F@AA#>r2+n^WsP#HD~(G+3yq1+{=m`aT2o`H=n48q}upGYz*F>+P> z@17=CNQTMI1J6576-XUU?AG5@?;Ma&Bc!v8rX=MIVa8|} z1JWxj&Jt(=+C~z{AhA$nsPszLO*>Y0-lS~P{cMtBkR}#&9}*CE%0ImR>G<;MBl3M! zmp!p|#?`Hr=~lP3i>@eo9_$5so(GLZ#}{V?!D5OT8WED}dI19E_Bmn{33`MM0Hu@= z@dW@lQ+kJJ8hG9b4L^}wMgc|~Peeih!+>NmYVcf~ZE+bo7!X&`Xl|klr}QrHJpCD3 ziEzRMF~FIaa-fRx91rtdDhSYsFpjbuhdd57p{)%Vtdwh!^x7otOSM417oef^0}gSL z%y%{R{S0RSW*;*!7$%Y2Q-jJZzkPFp+~?>Y==}7(=eK;kDam6lhOb)2GKd6EF8x}) z6}SlRgNbshC;DS^!Ro7rv#hB%%@7Bk2EbXFT0_JpNsaJCYRrAm>K$&p4ed*v4_nbJ_=C=^AKYH!REZ z`IJb;@5{N?#5GPQy+DvZMhI{j!zxEf3G@qGB_bTh35kG`3cj<8ZUOktEWvGtK1iT` zAZs6Yg1+@{Z&xhDyhshUsEv?ZB8}E&fKBNgk_D|j)_=6H{q#INPtViyZ}j|s00030 M|8<8&jsQ>-0LtumlK=n! literal 0 HcmV?d00001 diff --git a/assets/kasten/k10-6.5.401.tgz b/assets/kasten/k10-6.5.401.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3fa3b7142b2b1e0e283c626dca2a9c953ff1ca32 GIT binary patch literal 204022 zcmV)eK&HPRiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwyb{jXcD2(TCJ_UYs_OYFxNl}(>qct<@V|KU&cOnJ*^?*m|H))h{{Qady=UL;K6(0V_sQPglc$sKCcC>&pYMH#CU-NP z;$I>p=HE?jJysdHKgb`BA||nk}fFm_fd?wj0kr& z^QnjfydFh3B>U*~?!?*ZGMSUn72$%iXdm7G``^&+c=!2uGMe0Xw&x@uSP%pCa(6Po zG5y*0zj{2tah!g9HhwyOGVn=EBA-MaC1QUtLLQ5JDxtxW;{}fJm_&FU5PyJ>hHJhb zAjC<`1eJ`h_tAm|WPfL8yyL0mA$GD>DFV;OyW>f5jF_{K$Q4P%SP*_icxAM#MazJN zhUu7(pN?OQCj*}dkJDHW`Wg#KqW}B9|Bq0VM~7Hqbc!RqBq50;It#E|Fdhz8Oif@V zWi0l0b}pfpBJ+TH3XJ{1XPy{mzkU!(K)juRE!jwaJ-XbTjOIZ?M%ODU$vBRdgAmh5 zVj2++bSELE!M-Am#Gd?rQgA69^f$+E2N`p(3ap&$4!-p2`1k+I^nbv-%ext)MgLFs zo;|MU|7VkL`u}tMmDOdFMjQ@Z%CAMM6+2n&MVCa#eI!=+@zZDfe|h#4Kb^mL`eOc< z#Zzzo;xT#pd>4D<=>q%D$nM@Qo;=0#7ykUo-V^f7^XAXz{`2R5dAgVopZHIo43;D! z980xH4IfV)KN(FPk0yV)m`wH`Pxg18jh{Z-+uM8c`03;Sclb@G6#mruzrsO6#N8Qy z&Fla1^XJbdrS<=K^5mQS_gVh#p+mC3Ng$Dy0<>UU?ZxB4J#?|60#Si5`p5M2WTZ?8 zEG6;5Qc(>Ki5Fl_&=uxX894$;hUNstSP0@H8cBxMEa6C!Fb=RJVmuh|IrhNRtC{i;EhA6ByI4vM#3HrJB;^ z?gY^gFNqkdPHW`hNYRO15zeXalL+8Rh6Ip#jWF2v)Jp=)5hqJ3aKL7BnLMBP1l_cu5WdEW{h&$Y1kc z{XN%5@n14D91UIFhQmkbdPThz@~O~b@2?{qQcvxIS5)nEG+O51C6Sp0dXQt=L&Ufp zDoTRj5sFx4IA9N=!a_r;$0Ove7)wRZia|O$;bVjzEaS(BMQHkdrm(<~kGYRnltFs+ z`sk7R8T}9RHYU+bV(;>y`5FF~pN!eb5yGBFgg9kB*+=ID`|mlGq6_*f*+-8j zuc&4kk%ZG|sacr*Y<@KdzT%H&m|xgjIDZJ(a#?|BelvE9{jH?j)WS9Ne)@`zQ~joB zC={)+s4lA%)Pl1R#hhGGmI%At1^VmX(3A1g@vc%*W?8<{vp^!58&!}fbtqX1i<1T6 zO0?56X-?e73ME7%Aqn=a($Y%6tn_gTXhszfKtOfk>eLnGG4ePQ0wwX1W1omeh54QR ze2@a70yLjb0-`j$TKAk7rD~)-Bsfy7(*C|WXHtOzCS(fedPM_b22=tHWV1vn@a!o_ z!M%HEMkJ!Z7PWQ_1Y^=E5GxXdh{ft7=YNo#1p(m|5PTg=mVWfHSj`#c z{(P~>eJOFM^ndmZxk>*`LMjAK)h|NiibOI)hujb^ku2-H;4G3P%4TO5pZ!cDD$@_J zob88894T4nBgt4${W|@^E_M4k)h6lAg4av-!N(+Iks#S<*=Z#GD&1hzLC1ax`$zi8 ztdjKe)tu8vk|hWK7>;R%D&}*%B%b1hmnTX{B&Xg;P@j0%ehs2?mIT2}ttdOo+#C&o zCE=0Y=+)nf322J$z5JhtZta8*OMam7)w9(6 zxOY#h{}o+G#91PVk-$VFJ|4iA3P8HarfUxU#Dq3=!2AG9NVOhV1VA%qia5q{RcRUP zU41xEc0tY|iGKT}w=GoPbI&;rurfl_Y$KnuIgQjj13V`|VTxqEZ?+6=s-4V=bQ~Zg1F>JURxBY^ zkM~OJNQQidXoNgvO|k{Tk=hH0mndz;@nS(eMEoT|lJJm57Bos*9r;Ugk^N>Zui-iI zDJPyBro-tCi;C)8t@5;E=qct#+($z-iQ!=2lbd5}8s-ec6=4~cc#y3KWwNVn#BP~IGiyy0L#k^pQS zWs=3x%og2)UDQ}S3v~4EWNKOve=rEBMFbO2h0V|sAgQ8NjN5v|qv~PXiNbo+Vq zXH4dRm>*uLi4;35s$X&FDrD*`(RSmGZ=SJ}5Q zy$HlXYGLTl8P#MU3Rql;SZyq&G0nGXA!&C={@XJw#5LoZK7;(3QE7ax4goNpQd$44 zb=Ju0tV^=~=KxG&k%WXRBCBSx=HmWe%|AX+|L`nEsw}$Js_Hc7qe3tpGpO0)gt2Qu$=bnF)}ROGQ2kN+bUtcF6sK2Ml94e#;XI3j zKs*Gl`YSAR#6837Wk#cO__>9~diVovfh#jdnF9Vk+I=yZpnG=0x)t)$W=g|S<|_kB z5RXN^NMW5NVr8N1J##>b6R~pkS1Oa~1%vJ(L8Lx`zuukbpJ3qQ!*mz5Y#rD`)j5d+ z>S3{u_67l4o{%dN>?0a2*kEAw=_{=gU3SYoG>z7okH>I4Z%R82Yh%1Crs_StXveGR zPtT4~x|1yajXoJn&)=j& zDj}a9oTAz61ew4C4@+}Cr;%e?=z%&RBV(lVhh`6$og5G@r{{09N`bSu((p>DPJ@75 zpHOA1{r5iy_YfMPA^fmA%zt{UrZ>ledQ;QeX|{{pLRE@qC1a({eAsn;L~f{nMWWk5 z7u%%NL0ezew|Gs1AazYB`oL7ctDuxFyChM=ycqSHr)_LJ4*R~E#=G+qWZm^|j}H&h z7RFT3XNPig%Mi0)qx`v4cq}HyXr9H`BS?@K!!?~AK{r60{41f{V3`QD+81n$j&88B zd-u^W=4?R&qC*OX=>cC^yhB0M!v27@b{nF57b{|Z1u-)Y9yJCL;LDfN5yKU>fF~ zSjL5En-=<=fu*NA>VG4t6zvL&JcyJ+wjW}12<-5+QC;}SQxh=mAC|X|gl;rOhuX~oM@MrM9B4mdM@8h)HcFpak4%FeE|@vM z*K{K^SAF>v@>Z!wL-Cq5s#FOm+Dz_C5Gx(Cec%FG0~^x?)d5)QxlM&r0a600R*JrR zQDXLbcXD53t)Xv9q)K0NiSX7oDDLZ->*!#bCut%`@vgM^b9v{3i`LhvqYfG61}X-^ zz-T0_G)lErgj1{Kw0u=@WlAC6MJt5TkA+TwkK~GpOLIQdj7x9WY<7}I!2U41r18&$)5W^f0H%9!GRuEAr;&g7 zCIzlOp1m)9oK>}r;>nC)?ydH7?&cgIgcdXaFMj$(lAij~uc$wjGT#Q+Uiwb;DSZ{g z)fp$gJxLaR2j*`wyHhN^72(2~gz9euzW{vum9-$@yP7%vk(R~f?gU&cikKSr>^pEk z=r0Ehybd@xU;$GGxo`9WIAW^TBn}VTz{AR*Pp`K2b8!)wt)Ny@+GH@mF%`Lid=dw2 zZ9(dA4ZU8cXUAqn#^q|P19SIhI}QdkQop`7e&U(Arg8bVAbLYttutcoc=QF25|op? z?_b|v>S1kLP!=F(NF9FF5k+ye*r*QRHJPs%yPV}*oUw76y_l%+au=J{uF-o;>JNaE z5u8~cyqHWT4+lCzj(RigNBj|cmkICywj}Mtv)=PF<{yB?re}p}ew}9L$!e2RI5@lL zYh0!JWPL&xL{gA~$Kenh_F`oYy2p_u{0ayAXt*~4DdxsuC2YtD*z{?XKuE$Y;t)3G zILV?0Xh=IWwRFTYN2Md$vhME#sIj zGslvViE|=Y0D%I2BnATzUp)&i<%#0h0gFszuVIOE^?-Pme>`9@T*Fp>G0e8Vc?EHT zuk4Yb`28STO3`uhr8P%(d?rLCfGC8IB<^6av2^)05 z?yEv;C4ph4Q1`(TrBwC>4GBx+K6>(0Pezd{{Zi`&9m7*>sWz1Ko5w)c74a_5Nz960 z3yGyDenl4Ij0w94i*RG+pA+n_-(xD%Uv||m##eoaCAP-Gk3m9WWh;oIk`P`CbHAb% zj1Wo+SU_?o+M%9@-nV{MOUoEom%EcI^>H{DkQ+E>`_mZAmLWVg5^EtzIDCZkM{_Zo zevX(=Mi9xBeibM4fO_di&e-M1Bk^kZ&%q!UUshU2B!UneHCvES8e+bNON)ECPwJeV zI`ja7GW@f?$_CP2W9We{$$DVc@IiQ)UUb3vL?oOD@R%N)zAgdQ@bsCY0u1PN!Eq$0 zd`;GGvg?@QZ|Tj};3|BNIjjkZg_WaI8Yzhz4B*;G{g?==_fBWWsbbT&YU+1u3LX3E zv?SLriBAlN>yBpBkBj;>-86CH>rE4;3_CPj-3*7Q&)+?yBu!i6*I1xAOCsNTHp~74 z@Oa_K&x}KTm^W&=a@hjTk@U8|VGa<92o|foKbH*cTw%V$lgN03#7;2?#tdcVwxfLu z$_zAqa*z3N{~wTrMDqYgmuhkOJ_J9Y;Y!MQe`g1%H`f0ZSKj`M$CF8Us`t=TcLVA2 z$raqeK#Yn;T#JphJ85J-r&JnLPDNdrW5rx)ziZ5Wq&8kG>6`{suFaL#^%%V;5a7&7 z$gT)tkw?%qL6QUk!a-m>kc10;poakNm=ie4j0Y(Ps6Z=ropaTgpy_-(yJZkvpw};E zaQ4^aSYR4x3SF&HubE~YJ`IP;Tr>A; zpiun9IeZpY;e`0+KiORA-GZ7NfR92MEXR>O=KRFirR`Ua|IfYu5Z;P}c>IfC(RSY$ zG`|1Xn>^lqT7Lhr_xSmr#Bd+|22wucbL^#`-2L?TR0is_%1)b^>o8DRMY$nT(h`f%cbpL?Zld%7Wp}2 z0l^ippkjuFxFUo;4f6m0q`M4@J5DbGmmb3SL@E_lPh`W2@(Y@c3EiCrkDLrLTra;0 zYUI%-kBWvF3o_6{wY$}!q_1-8Fd7cs_%uIMY8JgtZ=CMnebcZ_JiUI4er8VV$Q;+z z|ApjOof>*cXg!!amRB%d8wFMw<+IsABSYUC>6FZJ38zRIobr@0*Tf~hw{oZO@~ju1 z-sF4sU`(Okm)0El$*7_GF{ISH5I19;Yi$hB&w6@M{*`_SWG@TaX$Zm5btEheQyl8G zeMDH?hMNg>u)@(&Q$hEw%(Q8?@SBbOuKd!hVoU5Fx*jK1J2|*V7CJP)0ha@2Qj3^pSh>LdzL;e__4R8Iz@n{_ z4iY8da3B45>3f8R$BQ>io^c{bX>T^a*C2(I?z|#=So;2-MN$u3|IV8q>HFD@R`%5P zMr^SNXhdv$X1kS}>GD26nwPtM)^T^M0mA=t1GPzwGN?*@Kwd1S4^sL+EMnc0jk$N9 z8!_@MeK3Hu``o@1EpN%qtXvj16+pEDx;sbHx7xR4Xz`tQJ$GxV026_Wk=}a3KFg`X z2B6KV(YP|3(03UxsM&x)uJdU#o1BKa~RwW63k;=ez- z|H%11AC5UDTy5Ovm43~Wd+UN9qX%TXL^ZGP-H+~@37@^Vza`lV&-FLq!8Dsm&*hZ$ zbT6u2TW>QSror1NSfApks_OFqph5FaTwVqA*W0q;@#GclMSU2vC&3{fKn2` zG+x9_9683Vzp2X{Qc~UBsT=|&Q@Qhs?%394_|8VA#n`*VpwufBnIIy6Ir=Db z38y!r3&unH#_;|FGojQ8IL_RJ4}Z760)Vl-3V68lS3^HYXa4v72RiTaG)-at@b?G0 zi^R)^_gj1dg|Ol~WPD+qZxZkoNkDRI_i7X06S?}v?XQR1t^|U2$Ne82qkWTxuSXg> zIAd-n0A-)VH=ciao|m$MZo>Thg?a&4A4WIG&mU0=TB%-4xq63dt~}JY)%O*xK1i^8 zhs+1~-#GsDa6JFK^zQh6m>cCA_rE6Yn`GH{$$B%yzc=4o=uB?zkiz8V&rDmJ(*5oT zd}K!W_onh6OLOVG{ddT7fd7r-UlGSm_KrK`xf$Ub*S{XF+xi=K$Mu(Hgl}B`dbr-< ze!bQCQ@%$2=JP4im_}6Ij=(yf4OGDSM%|uqW4F^;g&?YL`s$18t71u(JACa{7-wS% z=msXs+bD?60;*a+DrU0AL68=tL7W7T_gaUKP!=gZ%0kv2pUjixBP2OX<^d5a#w4Tz zk2wtqPx+6qK-VM)x{>|v3I1)deLahs)+ zFBLw#!{>O#f&RT^poQjXVXQkOcUG|MPfY22te$?0si!pDFO) z`2F?p+mzkCJC4881AOE8*TeHl&49b({?Fy1{=Ma(#eH1LFn@Pse^nak&rJ1VRq#7K zspZD`Q&D{2`gi4NR#t?4yO|qH`Kchulu3Eq^5jexh=PiLsZ&vxm$lVAa>X=r$%w}2 zognDr)l!jY4g%8ZtK?c+|6d@ zztua_qZ=z!EmLt}kv%QVk+0IJ?fK}63D@Brbh{^*@KP(;juXOWk?Yw(vy!2plu5 zo9l0%n&z4Z-!|o3+tSPnJ&7)GEGjw9D*C2a_(KL_ggr<;K2-XksyJ3S=ImxYhC%r_ ztqZDpo0NASJjO2da@zoiDYvaUbCyItXLH(+`tqMnjs;L&?k<=GkXzYg%G(t!MnI9RBsV@c#f+P7A~XxLfl5zUM#4G zh`%IAW+PNV*QZ;2!y;#vMJS~2`k@wOl+|ytf6dtz^E1938x#Q=Sdb_FEURu(f>yQ1 zI&`ZitaDDV;R+#FoF&U@+FH0CGZnrz$|3DE1$}aJ92V2Ww_AgUBO)Dy`)~pkW)UtI>-?;*8#M}jAf#|;$(nvoYIM{7j5Q#eV`y#8O z7`eIKh2nyJS8K+O)fdsNEukLB-extGB5mEczIKV*E!S8N{Aw#kbVbrpRG|gAno1Eh zC^}`K4uo@KZ>kI7t_e}C2l3AqU1h77_EAvBx=%-!&D8gi86{WB%-!{KS5eZgo08`y zE$rIBLC;e1CEIxdCbP(E9+w2<~Zaz3KiVa zZs--l)tUP zsmDf1k^uMGC6C^nO#AM0*z-tSyFPER&uRUs!6TU2oGcjcQLAYhp`*wjy%U6^fO;en z1mPtoKvncW!F-6QQn~?I;vn}M6vSR~97*+SBA`&F1)9PQ*A8Y$2~P zClH;$1qu@Z4muDXllBTFE_(F_eLF;IEd1YnRtl~YTU9%mQ79!iU>gh?RjCTuuW z9Y-yst-Uf;GYkt5#9Bxa-u2ySeeq1Ams%(0<_1%?`*p=dUk42ezOx8YjzH;I9AhZ{ zPTO5N&bX#7CnXb3kqd0<%Qaes(ZQWltdQL_+v1FK69pKJ9LQ4Q7kj0*mWLGHZL`f@HmbMikUAEjo_{D>lZ?oRF1K?L42dy`zr5!dyCIZL+LF*u6}oa z0PR*EulS_O5dc9(P)R&7PZKeXeyM2*B0Lf zf%o+xcb1ROo<7}s;%t*rBpnhRAJ&1Zm@_3rQ2|H=hAWN_dc0xLIb*HSi**8v+JzRm z1h+7D7nDsuC)O5DcdTD=mc*Z#!7%2nIh;c2gzVyTW4gFKnu{hJ2Th-=Pc0>hws5_^ zH}SjavuwaN6{ZkRTdVz(GW{$eXHzxemKL;;rZDQ3RB{FvU3ILu>e9v?z_eB$YA(sz zg^6WGx*OzPPi7;k1E0=c;|b;Mr3W7V9Ja72(&MN+L?-UtwT$g@eQuciv0% z7fBE(gX^t%lXA-ykexP0b#_L>{_c}FU~6!_I0N#_M6;7l54Pa)^X2Yj zCnLm8Hxk^O&Iw_43joe{PVYOG60ow{*^=GvDgD#b9X5B(}nX;{R<|`o(_=zgf1P=(5A8E*wZ;jO0oN2AXHqNRmF+5d(4ZG`la5^ zBOG3mNFKhKZTGgrjGO{*o49QVTW#&Mow8x8==Bkf*Sixq`kKC?bMT8@_-ECJMU6&V zj$|(;lZl&XdEn{IkDX#82`h?O4T75CIiDHO@3LvBD*)e+E!i_g9 z8rfy6EcjB*dw>L>SGfREr>D5_#BL z>4Uh2A}knTi9N?+g;rER1_C#k^SKAMOX6j!6*M%nLe%RbR&AT=E4I``n86_CuBmxVHx_!J|pZP_f&B1|;XIF%qk=tWn;- zCY)T52uEAj3DaNUZW~~?X@pYS(k===w(g^<)j>eXU18z@>~5H(+A1zOaBC)f7fP!z z=~;W8lG4P_&YCxU)%x7rCcB*LTbX?tmb`=!nx=2(g0$BhbTkAwU1MQZgP#Vqy-pw7 zIwC{LSk97pI@0msU7#s)Bed?F#kNXogT~9RpbjiMUGk&Ij~R{bMC?+=*)oU34%Uf> zx)-=LZO4>%MouO6E_FOvRCg)^gr|phiRbjN8)l}pC+QVIhp^c*zD5CC(kO$_goUNe z-AG_%W+?+Zsk^4`YB$ocZ;D!yU6QEITc8ypOZ=ng>Td7^=;$cAqMSuxXLauE=EfnW z7lAmacL8iT`?F)PKo8WBctJhflEOk+tg4Uk48xOxT-S!FZ~y#hrrvhWaZI`PEORB| z72)J=R`%5lfOlKi<;I|eeEA6}AT5u9GuG(&WZJk@ltv;O}i=G2s=;)LTk3}L0 z3E#FcePH0WY2I8rdo*1z9%9I2rI@<^SM!e#)c<>}YwDaVtC0^|@Jt!F9sFn?&W~Ol zztxXx!jcr#PCJ)X@y?uUdW=|&(aq6j9fP5(V>2euc>DKuB{VwC-h<6N<%A8>51HSD zgfd9|lge9yE#je#-t^r-M@|&_G$3JGXy=7K4&EY|zecL;6A9yt$ob2fjVuQy1rTnO z%o?&D!A-(q9a_BrvqeFb-e{IrcO$ef9dm6WVEfG3Nri4;3Q)?y7!FGawFo0>637}J z&k9rO7K1Y*xg2Vt8&cmeZdjyS&rQo&kS?Bddv6b6VCbVx5&kisg?41~Dw-EtwTT=2 z6_z;#e1_Mx9^uWk<2musPgs^TcPno0ZXI-`Cf|WhYfV{n262g--d(?_yP((B8}ia| zOaNpfVmkk`;c&GtdO#sZFpGTgunD`fM67Ow*WR-hyy8Tx`eT&q)d827vyg4uRq%Ru z0=ZII7k^y2vA$8z7Lt-S4~H?P%c%7wlW|0rHsuZ9D%xj(1szxSXg$?$b0XE}fGq{O zqJqLBtab5`qAf&xPT;YoGd7?sIeDq6&h-uC+(m4GNVx=Y%;2b^2dYB@RCG5Oc`VIc zaOOTtAB?i)3ArLcPcG1C!5o}8VM`PMxLP(8UoQq}hZ5a&^o_Y@?Dyi?#!s3Ekou{l zG0ddYB@OtoE}B9R(dW+(q9g9gvuw84w53wPtobOmS<2BY709ZPSJah2u0G{uS2GEbM>$dAhCwHnL#TFhoA z2ZYP%`J3(gKxVTOaH=B(z445C{wBMEdOt(cgH!07bF1rj62@1RXKVYzbDR{S3EEZq zG?6P3Nt-UA>Wr*ieZ{OuxB#bJp~FQiBn3U8^$BY*=T&8F+40~1Ec`$v2_37s#M-=^ z)cGC+)aiv83jH`&KU*CV zGTkUJbqfZHF;%CT7;ALrYlPLgU%_2rjy+jwtQE2wIb0-Zg;2YF^<+4se(!CdJrn=in1IXUfJG7U-O&<8&u=lA@*s4^DQ7j* zIw4$$36I5hSuGi8YzApP{lyq=dF-~7>syT8RhwGDHf%TZvm z0X1{szA1Xv{yYdU4euDg)YkQ2urA9BTIN?3*3VrmsBXxaJfxoqyV#ZW)bW@@KkbK; z&I*e>l5o7qqgl!%S@=m4vyl$qNcbEahJiY=H$D9!FAe9nE^Roe2GON@-Kb zSgJiV9Z>!(eAhU4WcoA+QU?yFNGvhinc~JB#Fmk09xyPbKKt0)lbikG@xmz0u zP}bwPqh(!K8v_U)EfjRqeNln+#a$X&73)wWZEmN|iH@52G!YWf$O{rbOIrKx{NxeJ znW>MA<@5;IO>@US*^PXZak7OTkb3aYKBc}LQFa{}T1tkZ9#7de-HtJ*_=bi_h@8F0 z=+In%YJsN$?V=S+T5bIWCt?Mj1al#Ax92*T{J9?0I5316x9c&k7Qz@E>dJlK@_{vx2rlfI^r$5Ne)^B5kGTNT#+gH2hoUYFi z>ChP1_vFw<9XMYZVp_# z8mAYlG(|x1l1*-r7U^2KbM2p9!FJL63VEgb;gk)To?v||G|PASjrgS+|8CD(sjljS zTM?}k#(m+8O>tpotIQru?^eqj%NJs5t_as5H72Epr@a6W?Mkh6<-3}HIWjbt0){y3voxzHCj%X(`p8Z1P8$yEm#uy2ut+w-QoO!LM*yt)%9H1gH9VA3po)Ib9q*Id$nZ(Ef`luIx^$g6CEzc z4yO-gS_#w}B6^SrvPc4Sy&@4xVjs)uMY!>>Km2o_BODb#w}@BzkON-X*>stQTC_VB z%}HVC4E{K10G7|$fIceR_EqB+>(HJy-muxMk;%7T9LHv;bl#OJr!Eqx69p~e3(r}o zfb@z9u>Im>)(y?sC5?YpN0IfNqpODMa`Y)<)-L`%&Q%rQ%|`{LViYa!lrR@3GZb?s zna3O^bP3t_D{!vpLYF)tkC58b_jh)b0HkFyj9rv-mJp5>%sd&GuXR2;Ln3Tai^6r- z80AOMGlwBWZjADcP>F1F8u^Fir!wdcY;L9NEQ7OiXFuUtscjZ6R1+#z#7D~5d|>VD zhnZ4s8K{*aXYcR!yje(F^ilKRV<-I6p3Y;u1+^t2d>)r%B~7kPIa~kQp`vG7Vcapj zlnl-Y=3Y5y8nxK%sCw!U0LPWq)`h#BW745(TlFAiv^teR7k;<$995Qq8ZSF0ONO+a zShNoSBgjcxGh$_p0NARcXdj>g-&r1v2C}`--FAqi$AWW190zM{7wZ`}KrdbH8SASV z7SP1EXP9o3NZfhp?uZue@^Ye?W~|0++Fb}Tm6FqWVqakDl^@2Kr;Z2`NluB_0)?or zM*BSU$?&3)snC6204{6o!V)W%1U?FJZ1r2BD<7f-C4sNIxo^LmbTkVHZ*kmCL-4c3W}F((VcIq|K!`l_j#&h|sP3x95@?J|Wb zi3p19If%fL`W1W?mz>b5<^N}7J(+F>putU&8$+OUkyEBM%y500g#iTR+cs(sPlW* zw@%X6W+|!C$EF+6J6nt?7bfuo&kE*hl=Q9%n!-`YqKLpLX)YqS`Uh>0^ zm#giaMm%^GXc?HgqZvnl)+07R4bnyJIpx&D9^q2UQdkJ>YnRT0X}*>d($6SQaa=2tX^Z@I zC@zG7L+p`4NhtB;jLE{!IFT#Hsa&@Utg|#xd2faiqABuC@|o}P`h`GufeUKcR0|tw z3uAFi#U?5TVr-^o$2Rm{Hxy~ON13_vPQ4IaARKUl{k495-a+H&Vwsg?+BNesgtj=D z|9(ZFOmAhrunnZcwrDH8xaq=$wnlM`j8fA+jvPM)$BEnsE~xu zs82l1dvVqFMM8H*8l;Vqy=MF}VAw}7^E>5V-3VMAquuIwdl|Mjnr$Q3GnL*8w$s8= zdP>CDBQwZT#LBLWZsFAxC|&9gXAG@&SF=yQEr+jIw7|O17%NH$swiRQv-5Tg4xke} zCqZLgu)2$ox*UIP1j-NFWiw|B6hLcz)vusr6oS&z*DLC+9FjnV5f{H86ut9EYYN;- zPKqG<2}!B14X^(L3PTB#TSSaZ4t|J zG^_!xPK>eC`2$HMKCg#mera}=Gv*(Fd#AD}Hms|XZdoz&t>-8x3V((B`Bu8d67xk` z?`*zK_rYN^4pV0-iY+3NuXWLaO}+vJ_I-UB(Hk#a`DYWG%+w6B>q$|S#48dK4v!KV z3^BWq&8|#z=OtEFtrE!)APemzt%G?t)>ysOZHzHdo_nL(sq54OVW%?H9Zu+iNV;(W z!N*~ZqJ@ZPUH<8sAa6yyOY`7@6F6ho`5J>kN1x0I;v{5OEk}=A19uW6PQ=Po&Nz-F z;a51=kScoVY|Z&nDWpm4(C z@=dFS_cE!{US_)xI$0VGsnmM*vVO?!JFNwNt1zQZ$fqNXtDc>x*`$&S^3U&{qDud7bmMgUYu-;s2zZH zAZbT}4w^n!a$$l}xcen+#@WgOHj3=uWBCfZ-~g-J3tBt0Kh5IZ5=C1;eXfPuKw5qpTP@>`8i+f0y2F_v@JE9yVWP4p%HlLV`quW3gf~ zKZ$D0cE!enOkJ5{b?FAW@qLJa_cMT-S!kP(T7y6q2ILW7oam!t%dPBr(Mrr$4e0{D zor||Ka68OlONMUV&YiFOA>Tv*v^9ITVM;x1-OiByNE>CR)v$rVyEVA~E}LgJwbRoA z-VV?|t|i>MBs*Hc9pU`DF6{1h+m@jI=@#{tDf|btkTIX*CGl8Lx%F%}*-U3-dON~b z9HvUOlcO|kZO{rPA&btyKU-&lxh}SHvh#TN*SqeF?0XkZ*{*X8iKA zEQ5&o1Vws4lnA_R5BIe}g^=>VB5H1v*T^P4&I4|KexX_re$bY4ze|ur1G;vidNd`2 zUD7PWtPoouo2VmfWJL@zE5NF zJ|_vY(77$q%muI`k=(oTqr7Qr-oDHii;Z@YJb=dC@J7{GGWZ$H6eZV3~ zZZ<2`Q-V=8EwXr<=D27RP_-$vMpteUO~pImOrg ze0X(Z@(a1_~{guTx1(4p?Yu72#{ISklxsn*RVf?@kMZPG9u z)6kt^qfubIAQA3NR^2t5h0(68N2V#lOJ&{$Y>7mW@VIvFZSzOXo;1`&=u!Lbgj}*u zOX!Sj6$YP5jdyU`eA3vIFxKgf`ZLltR;HSw&s= z9b@TAt%o+)tuA*bK;E5}jVi6Tfz;rLMg|%4z*Lwp9Z1T7uM~O#bD-uT&1Rr={;6wD zr77l6FA$CkF?=m%du=3aNWGTxqXVQacuwEX&}^^cnnxYv0JX1u)OG!%ZaM(D^ngLE zecijL(g34%siV65VcRisoO>ybsg1<%v!hPWj?FWK+I=-^(qnfucG5W!ENFN?*YdW( zkLunwSio8KW^0-GRCw%)lyZQ%o;dJ!7&hJ4^z7Ic`7MGaQ4&^eZ!7bLhSmD?|7_tY z+#HjBSFk6hPaQW;bby2)62V356};SWxWj5$o4LVe5snX7bVazh#ZBd&o5MNxT^ix& z@)NH8>F`F;eVgfwWZe8(wiVkNKWsH4L|4ok0g^oL+wnhO zaaHYq4&+(fyr6p_&f;}Hw2jyL3m|TM$XmnR`lQ>?_v$Z*wup89;>O5hZ%iF9TCuZb z=syFB+GtGc-fxJc6N(#6=T@?bZD4o(mW%Q%_~KQm41ViYVryENLcX)viLPw5{nRA2 zrGm}FR+x8dLXy-)!jy^75uj55)s7tBG6bka6>`QH&QQtntl$a2<+ zll^fMk4kBP-u^XmBMFai;2DL?a87-K%$VrK1a$)3 z<#3SW$1UF`WHNk5ZxFHpdfZQK<*9)gd4s0~bv?hTh~vG<l7ysE7U(yI9K zxXhw0x z*yZgIeB6hNF()HPN2beU3#mWd2H{qah5(5qb-tSw@h;Cv%swL_(lNW@KGQk!ku=aC z$zyR5yI{5=FC>=YGa?S--HPF52(2iRg*aovhSGk<Mxyv!MZDA4^<)HRB>v-v6`-a3m6Mg|I*eJc+#38YzMxC0|QU1bPbuWgIl>>lZ@c z$mh5FG{@B@uGxogn;GLVdDB{SOL+_>c%PUdb@H zm;dI2n$$>r9EJF1l-BlFbkwA=nNG3IkGfz%z^*l!FcLIc1_XI4%&{j4e}wLb_t67| zfT8(A#5lUYGGDG(!o|ZeIx^=WL?bUqe4^~wP_=x#s@;8b;+&tAY&j}dbrs3W-N{uY z7Bv%1xOaa)Lq{)X)|`jty6{Y+X+caa$=cp+OaIq|lYYxy^=MuA&PH`hKM^)q_jGo= z{Tq>YCX~}Up-)W`)?=SUvQj0%MPa5NqK?uSU!M_yA|_Eph!5(-<3v6}hc!d!4E?71 zRO<~EW6Pi)Q(i%rHm;afIFXf7thKzc?|v*MFNsf@)pN72T~EP2ipmI-!R_LD*G+VG zqjrcrE>}L|i|8(-c<}1|@ymxc46D_tSQOSS1C$cTt3is+os!3t`i*Z(THU4T9L~}U z-fs1TyLbGIFAZ9}d>89Dt?W{rKM3#pepb;-1M=8E%K%gzb`A$8c1GFW1=cG9 zQG_J&OpVFoLt|%Aot8K9wYc@dJj#{H=?K0`mqF9#Udcl^Uf>A#Q_{Lmujlx-PiF__ z9VgkYn~w{TL#TIC?lMNl3sbhn{sNn$+D+#K;VVo7HB{R!Ng|K0Q?Nwd+C14Km@^a-*7QGgk0ZIGLG zOLcAxFJF`OapR78`;xB8ygfL5t!AfIdx=LTjdsxBS`Ae6w2=E^kuwtH#13~CFoQriw8gD%J6l^_RReh0D3@$ zzv50%g=ZJt(9Cz~gklfne-*yRJx@(PpQ*H6pU(0lBilH@~k^w%_6meiO2K4Lx@1q2IH`6*830re_hbH*-59*I+b z@;|G))`_VWjpH~lk<|8X%+jWIGwaYdt6!fch(Z5DO9aJ{4r~?FFGka6N%3OFW$~?e z??o8$7~;VtrA?aQ^pw1W1d4Ntx;q8s9y|77#` zm`cYD)rOVEPR(^p;Tq-_HZNFC4W0so(;FQ>cfoayX?k7ct!Ur_OgMUHY2-{>*v*nT z<35eBBzkmm;}PNuBv(}ETbW1DFvjpm;}Y`M#F2o#jdPM`Wv=*L|Nq(Zz1{D2pFDlG`($tL$Z`}Aor_yKMK1y-^?YDFm!+)@Z zr*lb9g%#XZOi1+UQ@-o?oWOL)P(Q!iA>n~KNdYyEBXvThY8H=xcqH=ShY}$#$FsDj2vBxZItLprd2<8lakcm#OR4v7Yr#_i5V)RVFe#CkHJJ7yt63F`Qc!)QhsD zsV!VHmMZJ(iee?|bb%O057gno!Zqi>F^=g)AP%^!`Q2}qz>&;>1MSD^N%PdoRV#MR?;qXR}K4EsOgK$$*#j9yX`;$sfK z_XRrouZyGeH`5bze5RM-{s5tm>XhKg04<3`;>xq{-bUm`qR}XG9h9f7zy0(HjTpM7 zKKVG9Mn2@IqG~Cd02#H|-<_Wf&`0CRnH`<~e0*^9!A|DG@mUQ;KGw@yUi2;)B0}PM zK*b8dO;%)bzDuU2VzXvt^RXy@RA-P7M@oUEWaxylGV(_Y#;+AG41ss-gTWV*7nA** zFqrSh_Ohw)+VIn-kA}aXaC0XlYmcV4PYBC>O~%hC^CBQPpj+rbz**|_L=UwNot}b^$h^n)Z3L&; zFZCt|!7!4c6~2N>vLS`gE|VD%E0KVuCD|Y*95&CKtC&UT=*O8t<&i>30VDn+2y0U4 z&Gym_%4j%@Vir(uJTHe117O6epZ^PddZ?KOg9_I>5|Mz`z zDgKuU!Nb?$e?b@?MAKm&-T&vOA^IKR>q|6xiSF;*NB4h25KD@_fAHqzL-gtX!;gcH z_*x)}LxaDL#WMsL=}$1(;rG9#SbrL#k!hm_LVrDbdvbj652Swk`^UlH+(rw2tTAm& zl%Nrq9egcDSyIFij@H*J!b#otI*d@ymqyD`j>$?ljL4-J-mBdBD6&b>@ZRaCYMLOvEg1 z$Kv&Ih?nFn2?DJO#6$F;TeCW%os*DV;h;#c6$wJLpd|3o$0o2J(F&_|OCnorx=4`8 zc=z!bbW6lgz@jC@2gQ_Vqx2&!!ux2w_&G;f=D2Ssu7l2sno6&hNLns3Gp3>1&(4#` z6g_$Puv&cc@6g+i~vP%ZG z5ySI1z#j3no23felwtWe&U2>Y`LB5X|KO7ajlc*JV;KkAIb$}T{~u4DO`ey||4%1R zzMcO+%inLm?fifam``%A0B|Ci+AusE1nV(6e2d<^y+B8Y#}{Mt!wx8bogYxK#)>}R zn`9{vsqR7Ya>50i89=_ZZ&WAMTo5c1PS7I2OEFejX4bt`5J?B7Hfeb7~N2cd{SU=rQ4Fkwki_j0Z0nN9KjFcI{s7PC&KW=QVm@ z>$p%;vI{T=`8?mjkYq3C}32~Lu}45P2F|=8ox*vMUet-{br<)2#63aVizaaK>O{` zyg=PFKTLlrdkh>nB|>T6mO7KG4Q?O3m`rxn2OaOVuLl~q@T>2m(Hv;Z3e6r@L6`BZ zZ*Rcn=}~CB=V)A^Q2ng)Tp9Esi&oI=tcn>v`+BD%T#(AYtpuc+-{ zKD2gN$D9ZvbG__0ORlaTHOyX0iDQGoU_C>Rb zf@H+DB8aCef@l~uzx4-Kz^l1Q^R{KK(^HvAziH~`Qz6qH>O&(TwLF*QyODihuiK)F zz&iM*Z`VU2F%29Lc6|LyJ8kll(BE{JM4@Yb5(NldCSh26o>K#Pmgm(&n|Z?0!;P5= zeANk?eCHxMc^F;r(Z{v?JoGmmrlAwV=DX@|`gYADP=L@)C~}8HLj(0q7c!>DPu(wx zI*apxzOt$=2y>UUA)xB=D8lPT5M9HrIz#hI_bEC-ImE61By|8tescPo4wFjaCC7e& zAg7ag8mt!ku2Z~cXr*oIw+jlNW$ILSFs(w#9z<9kof&3T1bIfrNkl%oF58b`H>1VUkfZGcPf^_R|OX$AO)$8rC%x(A6wwkzIHCPMG1{vN0^sI_%SAf%M zJ{i^g*(B^T8{?Gxv5*c>^?1@rQJe0iyj6PqPU2$#92U~p^&bDHT#7gl{yt+Llyj@~ zhA_(~DC^z(=;h3j`>UM>kU-w*4YSi<3$!%JFMdsU;{wdpbI~cKp;giQITBai{s1BO zw7PU%3IAt}JzziYreE<@Qr;0xf9@rN z=4Q+GEq&~&hX6f$Ic7VTKlf5<;POvZqaV_!FPPnDn(qZjz2?xgRfI_(sd1>7*l)ef zHFolj@)aDwrhL)SsLWnTzAL>fmMV>85^Gt}oQWg{YtlywvB@@$Tg5xS4F`GTz?&9Yt3^ zV|_w%-af;-?P%&$U3SqbT7b59jE= zE~f7;e)@2J^grJn%`QItbTmCYI&VbPz?>#>)c_Fw(;b=;_5yxy&kKb4V(}lP_#czl zXM3?f-?hL0*?ltEE5-jj+1-8qE&k_o{QdUZ&JREQfM!Q0M+X;g&(X>B$D@-O`r(Hk z1_-@*dvT;=;{-8r2?3syK%f=j1U>kOk5JMb!K=qWpfCA=QSoJZq$AD-jriDiu;HwYS| zPoD-xBKIrd=J^oTFRFXLhQE^j*MV|djQ#wsP5>J)rcoi(-vpVM8Ke!!zp8D&>n4O43}?PFLKvMVAo))b>*)ASdnf~240Xt8C5i~423VQEG$ISWsyki#4n zPL5=%*eMO;5Yq_#jzk<#35h%`js~X4!5Ra5U5!m^4tsNT9(l@V5dQ|7JWFKmyKw_o zL~m|flC_TJ@6MNhOixcNb9(UNA2v zRGlW4eCm!Aw>*I*k>_n)ba|epKJ_FTDt4>yhXE|)@6GB;A$3{#%>*d~&flIC=jDL+ zMj{l$w~i(YOyu^KTgpT`MHiZCXifL5<5M z!!68}CR1fW14%gXv*`hMQ$u3s2T1t_XGV3 zXK0nlP%x^?KaNYssO%J!&J+7SB9Y`e*>{;XmSzqV$c++%5+X%wu{52$*_dKf5}dz* zJF@(3h5S`i>k(}^{_XsLI4FxIvCQLDoLj{fE=|3`BF@ifbDOvv1s&r#4XC6=1-NhD8X_t=?F!2SC$^jrirA3YX%Sl0DT^9~fg{XNa5q>z5ta#F2l z)rSy^%TD}K4Y$WG823(iR`lYu&7g&Iy3sAzrvW&5c&dKs$H$!?5QL>EI?S=4o_>c) zg-I7v-SnXq7Z5FQ3Q!eVH90V%?&f1VF9f{ zik9SxoxV;cc`!vD;gT+>+H4Ug0lZJw@8m)p+q!UKkR?m7`OS%6y;6YLjXkV@ra&@E z=O|KYqqEo8b~$3COtM0k{hkS8qhle5`pOiiVzGIo$qAxi96-iB;+uSShvcRXGoRcj zViz!CyvXJ>$x6zS!q0(^J|>@NBUeSd}F{E{I6O%&(g zC;jPrPqo3mziS9G)@1ozTP^y7rA-Q8DT}Rl?akK$(*O-Y&&IYQnq0@~FroCfzHuY| z7`;^-WRWSnWRf8mWX5(RVza_H^26lBqnB`$l-<;{s%Q}_KnjcrH2)?+Taq9*H}w`= zfRVXawP0Cpr8&tYL)uxBrpjdK_3p$shhq@919%la(9is?r2&Dy5eRF{og$B0)F~a`)gX z!l}f|(j~V&tw4hy9E;Ts#8vF)lC_$P@KH5=>+d$-5E}mfhiLc#nB# zoA_#bQ|ov%U)Q3Qzxvl+h%jW)IKOIph%=2we2%@5&Njb~hHBFtIt1qECborj^QGZT{7gl1A{%&Sztx#oa|l`iRxRIN z5zeVk;Ov-09(uNCj*+uuv7k3-II6Kv2M0Dep&et91i>2pE5U(Q?>LTO#^b?zqM<{3 zsm4&V7idmAoCtyh3kiCiiiRoIL`mRl(+I-xtt*WR^uPoY9ln{Vw#rsgyUIgHY>Apw zktE*(bhSxzrA@&&TA<;7h|zy2u`5W12D>pC%j_+eU6BkWf>iM<=3abLz|`c+bZ5)t zmqhBtU(A!~O6K@5cgnJUgUj8?$U@AtyE24x+O-7ChiD_iH>INB^ z6{HdRh0Q-?#JJp@h|JJ|CnTJD;zNw(Y9H;Gj|G3&u=o&fSOp@y6;T5~a@qkxG7uj$ zIrJM48bN*^@?)WcVo8b(5FxP>VTD# zhT@fg+5I{(s&2Z4soZk1PoC_Rr&o-5v*YHiq1<#H(8wn@IbGd+S)0EJe3%FHaBOdV zio=%|lyfZ=GMjI4Mg{f(C%(TUHYm^zX^H&o3w_kvPcN===|r@$sLTW9uDQ&-U25fX zsLKmjt=dM|rqcW!NjB3_1zLYL;F+q=vpI%IB z_*y$)hz*OD!fk~#fN+}cmI)qK2$^#rz{gadWi6H6b;wvz44M5o#uJr7+%V>y(nzCA#KHh%M3=x&!Dfl-`P%9N0^_(qk}k z1IY??`%* zhJH?B1|ztChI|a;hmBW2RdCKI977dM`4VD;$7%kUbtM!BX1((tInCD8yP3kMXlQmG z3fMR1WJ!hWGl+A!xv7}btTNmT%&{VWZoS-{+t_$N!ODtZCDTLF!ChKEIZN_V%ujbN58^!bG(D*gs1f9-~ z^=qC(vmB2P3-MdESgGEpv*Y(vu1weCL#L4hEtRQcnyC@DI&*Ai>mi-aXcHWC&k_ny zh!P%excH@d=kq7ITU?L`NAlQz_^=7W@n+GPWttSG(?>?jxExd@7HHut8k)zl8OKHv zm|1U52BA-1_FQHn5(R-`{VYho9>-2p;D3JCiiopqO3qx{Q7O>AjBY)ay3%lfmvD_w{aC-~paMZ1>1dhmPs%vR z73=KIx$4zH!65L5i{!JKZPTYd129%U}Qu2Efd3^sfIpyl+n$&Z@P@9yh5O51Ek6dW1mAwQHGz^{GqNh|^s^s+D39nKyX8&I`wjNIPg_n#*dc!YTd-_J zv#6P-I4fi68lx%i1D56KJ~C{L^iv0LBU%emXSDaBr}Y9XLGVi z5=MM`ldpLe^$G*mHc=*#K8P%G(7SDd&8xf-=;0!TeViQad|8Gta*$_czQQ znH!M>_>tSL)PqJ6u;&p6jU-=$3t4@giEUlw9mDB)5d4WP{TJ|x6g_sh{t&}_ii8-7 z12hHafFgqfiyg}7fAd?8NOk*^JkI!U=>hLcVqc+wCLNEVjTh|{P7?Er53oBoo$*l< zV6e8AE(j#j8;&o&rQbXsNF?f_heHP?1iht8?CCrk%*&-be^UVq==@HR*Z!yw)pdz- z>g#8oCpfHT1Ht+QyjqbV60MH)hXuZVrM8Nzz&|IiY)f8#lCFTPCrl1e=FZK%BFrkTEpvOi_vxouRokL&(99Eb=iZ5AH4Q;>%LVt z7dQ2x_vyM>`m`>UJ`EbBtLyj1r-Kh(doVq0oevK_eVLb9UwTH(I$ci=dgV`tA5NML zeBY`%>zj}5lD05E>*wZbVzo}1=f~yA`Q4?y7_GGfb2a&FPxa4@rB83oYCAUv$20w6 zw7wbG(@%#t4SmoaTwj=<;o!a9Uz|DcOYd-S(YhPVe_LpS_8FRgy8lpi{<`|od*2$~ zjBd=+kNwj7#^AzP-YjMZ=;PU0=X|(o)oLkFv>u+{uX~@( z^OogUm!;mSbue5H79$HTZcfl(v}_G;JpJJ4{(9IpCqw-RTC+1a$0hyq>EYFZ`B(qk zyc?W<_;Niu9o-CP$D_q>i<^s{t)GudpBA(J@cjMh$QlixId?yprq!F9R{#39yP-LA zK3UEHHd?Dm4VTd1tnulKwjR`PKDMu0B{aNmU7wwn`=hfD!^5-B!|R^$$ujRgl=V-a zKA&|4ho^_|+PiGc9o#Eb9mN;C9^lI{Z{Us zoqGL`XQ$mk=~CE}GH(E1MabewyRS;N$?G-4Ow`YRE8Sd|b}<9jt$yjQ)6YBuO?1&S zwZ-vl(ztg%9gLRR!H~|pJA2x^;IpVV=$HNX&7)6Wrt8-AhvTd3_ltJD>b2{QqnldU z_%t{*t_IWl*5^~>=CgKqGng$pAM9!K+%wVe#+fX1Q?pL}Szco8K52cPm)iB}L8m^y zZ+&UpcjjjwhwI*0NCFfwmGx4hQDr**4VDzygh&8xxmOQ+uST8l=xP10!P&fv_o_=;Ed{n)jBy@@O?V7~T7`>Qmnvd^$M3 z7<|6zw-@?CUwGI0p!cDDF+1ulM&-fT&4=OP{9t6g|AZR%ok64A^Ce9C%sK5}jNDI) zv$lTNI39kSoww)Cd4DnbI2q_)J}h)^FdRA8qxT1W>+EK9rmb6M+lKR-#<1MGMxQ?& zYX|R72OryKt)X5T4fKzfYp*#tpO0~J8gY#-`rRx9t@9--;O3{z4yJt-txMBb2J1+RZ=j4m3h>tTD@Dw!5q{5I+xvY1}o4 z7wFh}o8fpA=H=3u-pC+NQ|tMt>TpJix;wy z0^fnaLyFjMrk4|GLVWumkR-V=@nUh5s7NM8#>TudAzL(X%aRjsn%U3d8_>K3mK`0q z^dS2V;$Z*w3(#${f8gVc`YCY&FuN`YMl%6o=G#0>tmX-XmA~^`S{#NZEMT%`Rry;S z7~HVT(VAYq7#N_1Lo^u! z_8^MQg8oW$f(tQIKD2bGHJZybf#X>n8@1@Di^y;N)y=m zcpB4LnPAUE>h9Wli#VJ2X$0xi@tu?@+YpcDl197K>POU*se865H_}JZEaB*XH07Dc ze}+O6r+}L2WTb6N_#@^+_EI;q`zbVUKR-kZ#jdT_NbEup6fe1@V%kWX#7{|0k+N@3 z^mK)*nrE!Ytv9>LPZU&r&vxMyokDHCbSOBepZI*#kCdSjN~+8|VDcu&sDQ0`Wr@yVff6z@B}wK8mIz#Kut2Yy4GyhMVe=> zsa?;1iCwN_PaIt6I-MOL6xS(s>(TvW(q8yjx)f<%mu4L}}* zFv*)%d+9VmF<{8`2AKNPEHU`J#2y3KCu4yI?IvC8FF{k=r(%NqVXyB&=6@@;h=IL` z_^1g0XDT|v!7IqRzJs**ZD@Sl7r?$^bK`eaw6LgR8~Gk98_4K}fx!zg9924&f*g1) zCS~YqVqb;*qw1+sGQVaFcq@ROU0PZg5{n=Tx(o=AqUP-pXx2)xI5oW4a#GOjMKP3( zdCgudmX_hIi!)>{@+1o`PE31J^cCGAdlBX+@~UxhOo_n-&oTGH7&PpfTyQ1hXj$rR z_tP;jAyIh@5r>4xaD~e-aS)c}wTq_c{>-p+kX!v;%K!Gq|Mx%tQ;7V?Z7wL?4wAZx zIgV>Pu0h}#9fMOq{J@y{7;hy15@v`f$;3TMCa>CUvb4Bx0Wru~$h))MxnWHU^Ir)V z?y8*I2d^<&tb7r+D0L<KO}^+pGc=-|W>1(=b_=mk2cLzBV>N z0Ag%REvlSB(+ogG;bHFR>9q6lP%B z))ct_FCAZ)kzk<+sB83RDS~=V*)CNx3I9AeO&G2I7kQYz5?)C>^4}-(M9P)S4nJAe zMw7IUYOk*xcWu+qk|wE;AkzBy7l{eN=VV@}%1CC3kUA@8#4Ot}NU_rjMe-2SHHf)D z8MmP6+SUYG^VImA21`_sAX38fswj_mnc?xJZfM?q?Ce!>KDS|o1srn8Up?u8n+K-_ za0U$%^VLB*%80in1~HS5?C1w{G6hmLaXKhAe*$iiv|@!NOWjC^ORQk-qwcqa!?hE? ze+o+;topqEFrc5$jp*sGypqU-Bo7yvVTNURkAti7a~3i{RE6ncuv9UM#I*U%SX5zh z1^!eVaVQ;iDq5KGuHiY5rs9lM_xt9G649kntJpAVqIu)}EwyqZpuj&xOD-kVb+%1KqZM_Q2B8k?X7OI#<|f`{Y3W3AB$*WNm1hpCXkv zsxrd1$=R8G%G67z=wLsVMy%{$KMqk5I4BRTaN(q!xV7B{^eW)re}UKk#``%w0?1X~ zzG7VoFr1AkV&*)_{BaTK`mhgWolDJ?Sf+rzGsyIAiD{gaysWK|%?|(ex1gHm@C+Ut zpHyA;eDw2(sO3Y zGR!|Pn}AT(S6W16q8JA`gAehG#(EjU4O3dxm==*0!GA*wQf zMuMM$iS5mVnErsB0)>ZCnN;RYtYjKnu--6m%OMvLqE#cj)0 zRT=+Kwz7-y=%y>3nIgB?h0+|Ye*v#n+&wOOosX#*xwM=V-+*9u8(iYp1s$!5x~&zb zcDYdgwL-X;gO;8nS8yb@kY5eCp)gHfbW-?Y9K?m90bBe82)gDvsDv0yI4;r+5_tR$ zVz5BoF96#Buqd^@0Su z;u}FexL9Wb-kIdsY>w9Z3L?aHUHwkA`paw6cQ8G=LLjNf&X8B(tpX3{;TYOnap?eZ z&_u4cAczERjsijEiSb&V#jnhX!L9O^t)o1;Cpwrbe{z<17KC!#JYl0m{+Ou$;E5`X zsF$0g?1sh$7@;6mUccFB0n?sN83a(`sUX>$8)(r`9tw(fHU?T0ScyTLMqX?}B73Qm z7#WAkL&MC+h4mmbm~k643eW7NNd}f@6YwBn@yX6v>1C|$?@kh1d_@bY(WaakW>nkB z)bhwy?{#V>f^oFzJe8KUv7D%dYcBVw(IfE|f(5*%NKDxHf;f+vRn9i7>>FSHVeBLg zegZpxN_^(!l4$HQFPB2}gM#On$vLw>rBbPMa&$!gEtN|0zva@~!}7^b<)h=1^3mbp z(Q)agQu(-i^7bcC+C}A?o+b96`%~%3bwwNZ4|yUpCLeUZXp~0X9f)&>;M76v0H~(` zPwD?b#t*vp0yD9PC;0?ra@>);Nn|S2UL{X)C!rHJWK>1;=ZiXvB>9OvsDdaJTK?qLVXFd>d50M@4Fxja{%|NCzqfh*URgM`>yCMoT6VRwG;E_qFJEE zUPTs0RU->)F1kUGA&x{Hw;+;Fs)I}2@bV5}LEhH~-W8Fj6+_e0;=_YnAe>ICekRH` zsy-IPW{?3(^l*xF$`w~(!^0}4qB-vmSxN`VkcW3Tj}ImOZBnmeY!u7$6~+yv5uGxr z5ky(qt{EgtN}aOumq5K~PidD#yC6x6FC<2?^mCA2yRxT#TIy&x1 zo1F%hem}zZBwUJEeB)?05dJ$xp2pDki4Lv2#n{OOQei~ECf35Faq-RGH6jr~fH$MT z9!x_si0LBV;B#9C7VMY?OQCS{wu4;g*)EtZC*-)n-*g++bkAQ&`~=iUa_xu~hH!x> zl=Tb&^w$!aBrur2>kZ8uxjiwpEBuSXF{dr>`!vZb`Q3i9Tw~njBJEW~{O6(xXEyfU zl?vp4F*c`))}T=$)|wcL9j`RHV(-V*wdC|z@Doj6Z~`p1Tu4GL8N4kQtv<5&E8ywE zDi7GvpvYRZ2m(u0K;3?sH$0! zj@yWBcGoplhKZ)Afi*~_Lb<|P6hm)t6p8@{s_LB#tK;odUJB0>H2g&wyqfnQ$GXJuH~=U0t!wcEXF)~bVMr#-Iq8udnd(5zndRV3$%E9e&8rB!5pltsZ^fZC}~ z=O~Y1;WM_a7$RXB$w73S4Meka&3c@^GuK{31p=k>60LjaHZCk^k(7WuO&UuxN9zg@ z8pjC8);2L}O+k*XurYkiqe9T6$GlN;w0bk_HO958W}`hA?~<>Cpgd{4nyVziSR*8l z4SfrirZqFIm4imR`ZBHbNbF_5l^c4X->CH(gO}O5cDZaC$_5X>UpC#ZnW#&PP6^|gEi<+rdf{>BR^})tMx1muGU|!iBNw;qj-m= zkJf5E=*pL9R?vCb2WriTr`>kQ9Zv0z zJ3NM(hA*FTb z-V8pC&l>eck8XMz?ds`OLoq@ttmF-(#G^((nv`Z;p&ZG#G})sWXPwl_;J1%%LUpL* z6+dISdU_9ttHrnHEb#RfX3dVO9(waa8i#*&1Zb~1g#exui}wsyF_Zb9FY zh1^Y{uUqZ+uRFaR>RDUR=dg&s>T~3P)JCu0>|`9`^g_P{opd6ZRmZI{O`wqBLq)VJ zcF`Q44V>26)v!Nk^v2n{d`AQ`%1Cc3xfxiMyb>=$;_+gIkFhgoQF*LYyVcX?Rddj6 zD9?OJ99Xd?;Y?blDkG`m1;q1IdP$1RM2}n5{$&=*X~o&e7c0Ez^atbqsFqZZU^=wj zJ)m4oe^4DX&W2Z;_H(I7$_eN03N0jokl|@#)a(t$qtKj`!t<9f4~$aP`?n2Tb|CJxvA zgv+rUvGSUiOW3nrwgZdbkAC|hxUh9(5*l=kk=xoC~4y_JEI1VSQ!7Mn>3?Q1e}j+%|e zd&ZZ|m(_NY=mgzPecWmcdd*rtxt|onU-nv6(ED9=FLis%Gnd1c>*GvxJg%d+YYq#b zsKmv|$y8<_a^v_&9E##F>@}+OPvh%qbMPVyv=E-ChoHW`hK9#i=xt_E;tAaI&@Khs zVm84F^1H+S#d&qmxUPN*=YM<9=#8ohh3$Dr?}pB%v=z8%dB|NsGrHw@T)ex?ojC3{ z>y28qH*Pgro!+N$ukm5n=)c%-Ob*VMa_97jkb2wmr`8>QSIh~6|2>T}v8a8I9y(Xe zR`dJdjSygPC(L=$p!t5-!UGtJJW1a@Ty@UJSB+8QdF7;OPffH!X`(P1-%!ytVz<kZVhDW zN@B^EF0n{mAP@Q*4uY>w{2)~4hMjh8*y|BPu6DIMu65e%*zVHXe1ZhONd6iLc9YiReYhJy(S~Pm*B?ZK!p+$}5@YZ$Qm<474TnY=C_i^s`a5 zsRgxu^Th{F4I5d9OSjhjd|n&ZtBqEtJ?=Jo&CW9)&y`E(wK_x#+v+0M zu#*(2^V;~b(ddp_)sN$9?FIHJKAo2U!9YI02stfyU!?)Fk||{bzRY>2Pbj01pK+?q znUq(kiKC?Pu~8ciIz6&?@TF*HnAM7BcP(o$Lj7$6a%=WdY0D##>kk-V=M!jnFS!Wt zX0+gaE!YZiEpPM6u&Hg|i;|Sq%&j!1O%3MT+3%`_d~2(06hDDEt=2Aw-50&oIfdGM z>G12E6k0jAUy@kH+YHp!8&{3N%Mx2hCi1e-deP}zz9^*^wmr{4XYHa^}C2~9eBKw_r zx%A$iwBWr+aQfl7Pxx7=KhH_DU7S)Z@R)KdT1je_H(KDzx=s$caz+l5m^ODzzS z{}dhneAFj-| zdV{co`jm_sz2+GQ&&cdUxFe=;qPxq9X=s;deP+AoqyD2gvszq37Zp5+`I_G{l19a- zbzSv$6rC1dk;bj&Gn@7kat9K%Dc7NCFliBY%5HO9@3gAV+@1i5Eu|5kA(~3~c#0;x zuQtvby>a#2-w9oGRAwg9ff6edPLbu++kN#JQXoE;-i(Tis{bpM5IRMwLzUarW1Uib zCX(v&J|zi^^uMI9a(qo2bUH6|k3X<&6BC2T6i+G*YRL6yaRmH+gELjFT5I$M{!aL; zdETma6ILpz`y+Lb+wG0k;Qln}HLe=fej~Mx9x@TcsF3Vv6LiJduuV?K#xLO}#BC+c zSkU{C>^2mapDG`MK#&^NXQX+7qR*^>)E4g|M_a=|bCNqCKdDX8W*Q*~P)j)c zO!fy3O!}pZ0Qs^&bsrEl>sFm^ZEb-mNw0{(j%GAT0`lI`VW76>+#FWCOj zlJY5y&tgZZ9025A@Ws2I+zIZW{o8c?OShccL&ln|6fe;m##HoyY*&n7*qH)D#ZFbs zd@0-Qby|(VMPt}c(-9?yvPdn4hKRC29X0dl-q~DL22mbw3$Kj*+l|Qajg_AITFS7e zbgE3PcmgpR_O7H$Rud~@5BVBG)Y~mAk3&@!W;Tv{#VOMHYt<9GE-N)zs>#r88yfR1 zIxMBiNY8RGj2O(8cjhtREY&rrs}*RMrZNijy}=Bs=qMrq)4 zo#K0`8+hLL_rX;Yxn38!8cG5}BW7dG{^gih(~hfGz7pAO^lA;&B`@usXkR}h1jq^9 zCtn3|EQoKd3R6Q3Y#Md2q<9+v@bSK+Y_G_Y)3TQqN0sIv;lzbAR`CR4Ln9krLV{ea z-~vpN*oLl2TVhosbaY>hAcE}g2j$!%=q+7@v(fy`_9V$wK6;0mT4dOOTbEce>KXGA z4rGDwVT&liM^|+VgLLgz$;qPFJCE#%2pICd0`R{fKoq6dA_)LtrbwXPbhbt!iUf1s z%VT=nDNNagUk9~pPX`tV5~gpS(nfJ!(5m=%H7U8`!t#n@x{YWCYLs(YA^VmO2534X zXzhMtRjuD_#&K#FY^R)O8&?wZB!N*R8VSZG33-BxEQgTRMNscp=DI?{>TN>qNtSg< z{YY{|PvIn9reH-&`E%P)y*t61)G)umC$uZbzE!gx1?A1DX5%prDPq;ubSDn>XA`cx zB@=sT>3Iz48SnNTz&ODeQ9QqHo;|f2vaN7}1m1M8n$ReDKGUeFc@5?#OG`IV!9feL zC3rcZ8C3~4NlfKB%Ui%d#<#yw>0?a|>z@9X#9va8r~De}hNn{CCoAYho-L7Rt7N&=`54~{U8 zU7N_1rUf>O=T(F^+hOpVT(ohy#|FTWwLyifc}8vTKU_LyUba;2deLP|1T@V!9YyF; zk_9Ms(fi;vh$>q;x_^S6#o48!`%Uv*NB4Y|C*4AuI&@TLGn&0vKufQH-*d$!c8erH zU~yttMIGJeexZR9k^jSg!9;J7{!>`Pg_-+9+TO|9rh_azGj2Uq&3>-po8Zr;MIw}G z5F=pUf{uf%zMu6M0K))mv|eCf8c|sYR}Fz!y+UUoD{wh__92*JaDZi6Vw4XlnvQBXggv7P*;II^PlQ!{Y_)*j9S8ucsenTn>QQXP zqh)R}9g=%caahWNvqd{|=6T{hKqP9|uccp0DQ6v7r??Cl9kadHN#iBPu3&fYCqOuEkl^eA@#{B;^8xwKq@_*a6ewWfvj>>SqkBJ7H z6b#s~3@=QTpCPDc2n@Vs0PdHJnN3Kr5YlneGQ2R$1!<{I4hgQulgh!gh4{zuP}&b^ z(XDyTmx*niuF)uieJ6^V4Gero)UmK?t}w(n^T^@^yf`U6phJ}eUG>-X#MzRyM@4lo zg}^{W$mGP1sUJ6A6Q*O9xw|=`3nA$A_8EUdQ%_E4*WKJ3doM(#1m6MybT*H|d)oSyv5?55f_!{n>$#dDEG}hV>~V zXz5H{s3Um-r3Ua#56TO5J^nHe&N|oaMo;mfcG0<(4S?OHRmDS$+zKd{N+s!A*5JY0 zjQkv9L2lcjuR4fS$}kD8h+YB{gk8Ao>fWbbQG=+>R= z^mnmGXO#c+p?<=BJMg6EjKsH0RWl}?V1$iJmhDf(}zbbS0% z`RMqhd~|qtbX@wWR6Z`34}JorT~xm5Sz-^mKb4+bSF~~ekSB7QMb#t{7bE}m>q+6b za3q*XzcjHwo}E96`5&PA?P&UMnEwYS$ECyQ{4bS{f6V{qc*wd+;fOuNtv3O7kj7Ww z;u|nQ8eCG#ftlwyxKb=m4R5xb6f}ELJSWDXBrbZ_gx;;~E{Y2hJ;pJihVt`YaUMEO z-m`5J7Y&S;2p7vI$9s1O%-{+E&jx-ccwmVQD~wp?BFA<;!1wWYcmDM>uRSDfjKu4I1lAYL2wG~<3mIQJ^1k z#OsIco{#vJPO}$|Z6V8xmb~YWb)PsI|GZ`E{M0ZHdI;**uHm7MMfMtjXDCg;eS^7* z&(wEPgHD6nrm7$!3WMVu!;|t0uUAYy7Q(9^!#8|qKe2xABxqL2bUUr=+ zzG{>H$>sK8tFR&qm^C)pHJEfG#BONB3n4mMq}w3B zLOP;re0vxj@Zz9;#Bkhl9t6eSE=^N#bLH}j?@c*H^v??TJ33C{;_(s%2Vn+{eQt!q zpAst#}giYheBdQTij5MysSn`9EW}MXAwK17=g& z>V{hZ^!kPTjf>04gka_H7fO>KF|)UDHe{C1<9TgMe}cv32D#lQsiF?lJy z42KpQiEDA}1*zN2X4_|0-run-oILx>A>dO5=s4K1JzqBwZd@(ATp+iptH)>fJvKVS zwQ&I5De^F%Sp1+vlsIxEPRsVd>lws8L*h$zVSk^Cf7M5E96W@99DVs+h{7TJlFwT> zJ}2*esTVuUCJIk*=3Zbcdy-E*Z77v~Iicjgf#(_vQJm#dW3mfBDYI14c!MMse63zv z$ZvYw4kWueLI!VMUH7`5Yq$&{wLRV{4LXTP30C{oO+0A&i-daLG9`11@yGpm4ZqVZ`@ui zY^xxokqABs1#&XUOw=!}1P<{%eub~M0rUL_h5@ZYF-)$i@N!Y)`h-CDYZfqdz=|!L zLX60XbFLVkmQ$16eLAdX@Zk6aFBg(QFt36d4P>r@2eVEuf16S9Ys5}DmCb3427r$q zpfXf=cmSUL2`A;V%2B4rDKBoDtD>zwP~+TvbdL))L2ef*8m$NOo!bkYS9-mZDjY zvUWP2BGo@~K*bzBBEB60JCx^WLQ$r%LKecf>)I0}j?$UuIp-)MnH)A$O2rw1rZ@W{ zf8DlnDmo2l){zO1HT5)#r#R@Mv z{lU0DswLHDBbr5U+NLs;j~3V;R0mWi zdem{DPjlob9BbercBpvHG%Mf<;Q{ zF7YfQz1?B|;!%_eb!+9CfE_>n(D%8G+nOrajm$`MO!FG3YgGFB_UF+5{erYI9Ey`xocc zLF2mmi8W+=)jVqqn$NtGN@@uG2!X2~No_GWL<7Ru%=#8q+tHBE`@RyP)^w1q# zQ~Gh!@{qfNX3A)c8bhUPvi)JJ(NnG`JHRPPB}Hg5zmLrus*y%%rOR@&eV#qq(Kn(t zNSB|Zb)pineTb3_DuQWf$ij$T*CheIh)U>n<8<7tH`;^d;M2I*IO{d~7c7EQ(*7mx z^69v?zSO)ttG&qn9TPYim2ywi-_BKITZ79bP|S+ywZ5cX;9CBVDd0W8+B4#o0`moSnacP?bl;*49#DX2U~^$W2o| z5JYjgOizK;8~Gq-%x*+kNGugCZ|7shQ5k1OZr%J>?NsB-=N(w=QdlAq2PJMj{nPCU zw{SfQ?S}vPPDcv+f7bEz0%;dM02};&j!JLeM(zJkj!Qr6|DWUW2lw6uG9Bas&jwTE z`RZuk2tWqG-e87+jy!0X7}yq=*>}L3A|=>1H|Ni zk9!UXtN zqG!>{8&T}Hl1Hlqh6nCu$nuLZEbKwkq%esy=z0X@&_z0!K@SN23IS>ILd>kpM zw9p=L(bT}+CMqPW^~?&SfW*(;!m%8ZRf{wTUe0^*$)?gMFD2 zl^rLYF{C56AE_CeTJhVsfqk)p#Q7{D^`;b(Xp;QM=EbX*g^Ex|K5(AjJU~;*4|$dY zul>b2Q550GLGX z)X23>lZ|Z`T6)!VX0W|nfMbQN(D&il6hBK4W3a_J5I8vTM8sO8jl4VCorhHmFJr-F z=zc9zd8)(v1X9IqYg$aLv^L2}ch$0#Qa83QN_=7~V=;S^+9)R6RSOf#+}J*uY$0sS zv-{e`6YRprE{3>Q33>8b;fa%|;wB^62d4v1EH5mm_(pV)dIG^=DN^D5lK2TF>w*4} zXQe%z9q}@0VNbhX4E9*+fCI@50UKfu{KFy&(D)B@U$uisAuQ@e6mk5e;|>J-1>21i zmnj6fMC8`t$dfpo6jCHxeDWlk{6;2*QP?hiuDXi-gg6b+SkT)xJ7dIUW!>4rFKh0fc)Ht0Bv!Y7XG3~UMJh$R<4 zt;B@T3N1E8 zrZ8sZSy1AP1BaH*gBisMdWPk^5M9DI#%X3Hpa{f`bgROjeB_9NR9Z>n_nmQT=nh=! z2@yK^1DCpiEDcqF)V_@}SWpNVIGy_A z#B&I~%oc>IGe*b_l|9_F1~UV9sk-zyVY=nXgK9t^F02fd-Ddgs)O1E zxT>BuuKM83n>Tv^v^#@F1q^108ZfXsXD~x90}NBu*(!Nd~U0Ve3y zb`e9!G_2__;BIDUGru(uV8dGyEtz?n{OpVHJ7`hQ6np80H51~SG(N^Jq&~lc3iIUz zxfb&LwcjrKD+24Y_($UYVrl44*3dmbx|1!bIxs9+tRNt$=}HTEkQ%Q12@K0$RsNhI zb5WE9%L8Td*J7BzNID%CALzedi!_Olf?0F>lIYJu+$AVRifl!bC)P-g>=P>F30*_? z*bq*4!p=v}_u}XtrciZ4tt@54-X}RdZ&|=)mOS2rvT28S3g z+8jmmL&9EKCjM`F=N{6Ku|hgUzi^jkn1sMDRzQ#tJ9g;k9YH>2(licYlJz$?>Wt1yiJxP_Y26mh(u|X-gt)mVrlWe{)kuZIN553 z4zY|4N@bvYtbQ66MIcE1f?PBD@8g67j#viDMi4u55%VdEUHMzwOyxNc<2hP~g{+V} zp-d+RzkXYmj?R8L{?g|Epvs^BYl=LUHy8_T+u{SjvaKGgZrHn$a4eam|#B5Y9Ybx>vJ5vH8!TF?Tcd$+Kbpmk*Dk@n4TlPRc*#|8qR#(4G6ePy`s} z3+l}f2={}a+HEp3gd+PF*ptsl^RQ%y72FgABMBF%5flnRGsD=Z;j1uEgp&{n)v#2N zPy-o3vcyG1Ub5GSZVp)Ms@%i$Gdg=5-wcYT@@?VE&;qOg%ruva*ll(8A#O{Ai-v03af0pMV5glEhL9Z3U zUUlJm8ddiq4!&gY^wHz}d*|g+-kmL+yaU%$dk4O~v>Yz^zO`E}r#ju=b{D>zye2u= zTs%ZoXb2GIpbvwXNeUc=3narh5D2mzm(L#P_xbN2hfRc>9QZ@{4BaUv-wscXOC{a^ z_(LFnpHD>o2UnB3TmUx6|HJaz;~4(S+qXaD|8qP9MUmsbU=R)fB3UrGYQ78sAu%~A zu)P^_!&i8z%>cxEf<2?3D#uaqb1FnbY*@1ljLq$jTC!$iUP$C~(yd`;qxy`lIDlhLVDS+A`^iF|ofd zgw+7A0`!i`I|6aaD-&ZM_E?&nRQSFCBvS@Lk>0`?Cx={Cx{S&tgB)i;PT)q)4atx( zM|iKIzaqtiaKwqO=K^H0K)ApmITTbZd*G3rkel0i2fszYxh;lZ#3FD{l1^&j1cNZz z!N@Ft0kPeIE&{>OAcJfMS7@)yv0VhQlsdsQ+tQ#H0Sw(7y?kGtBU9XO*)urSHGJ5FOy_*W$cfDwy`v?@@c|+P-9$*t&gD;DMh& za0E1R@L^zI$+zd+(uGt7PS~FWZm)b!{`#>Lywnqs|7l=nkFH~r{og@s|Nr*rhyCC4 zJl~Q0kGL-evY)+|WE8yw3*-&}CKbq=W3Thw+?W>e-@%SF9%a{}kYr489~;i@4evr^o!vD+xqX|#lL744Bix`U&u;u%3K1`msb#xJ_q+2Bkx&~DShkfXZ6KKq3)F3Gj@)2X^?Mn)W5=~MgfYV4 zh_wW{uI-Nf6%Knka$Rr-UB-IH&_NLGiqJ#!dRe!w{{Q?S;hyK{~8DunMGUkke8=!Heqs#)X}O) zHIn}p2BD?<+>r*_93cmq#tMy@1tB;&E(u-!FW@a*3)r`}w14;ouFr6n8NK4@I49oS z*v}-Cq-eB11`2xd4H*po{X=Qk)g!O}+=vR@d(U_Ne{g&pjsJA?_U*}!_5V2@a!}V` zOO?3>=-#n0(gP&;TifNPb^c04jI|3wXqrcw?Ffr4UnkFLEd{!V2vc%Z11`N8^Gc9! z3=#|w)h0Ls5_>j#LUiv%Y;d@B3r`|y5a=(EbM2*vjt}z-=s3vDf!BdQHOM8l`t~o~ zB0@blhu1A!0j#X3vap2;7K3-*zs5Pgo`(;*3G!gXKMvmEylF!{KY=E+H00(nHi@~YWZL;{sv&_nD`auUSsTY7YR_GJ z={%}pbnm$^&!KMf#AFL^Y^K&rpf!6d-Uk&FuVczwItqW0N|0RoLx?BRNhfEc*(9LCLX?P(+B1H zzf0qCqqMIKyC zAjVL)UF!c$;~M z4){VewLD&F6@OT8r#c6Ev$5l%TjQR@i7plWWMBB_kf^ai?8;)EoI!%7PJPA$lQU?V z_8rp4eu1`Yd?BQbDO`-;R(YRiu8DcSEs?w|QcXNp?mmBOyLZslk)Egf=DZZ<{3(3C zu(2ocH_S5&KlwlD=iHlJ@arLp^B-MvgX5^+RcKHc!#zvM9tER)q=(T4T4c{3p=R-5 zjrA{e<*f)O4b+-kL_?xJu@%tsb?+T?GQBGz3X!U#P5HBvs%iis&Oyu8ky!yB&$>LT zYkRh4n-y}Y)fYz3sbT4cHI+F><(|;+Ti0GxK)-Qywu3RRUt~=&J?S}PFNt%HMGc%Q`9gMdLf!3 zV-Li^@17VAZKFc^SjUJ^1(j9Oc=WS!y5oc-c*Ju5HwGOuC8i{t6ejdUW_J*dc%Qys zkUc|QAe2$CLPcCs^07@&SVc0lYfi9v6tG?8h{S5QnHazd=_zAjco8^d%~?u{EoW>{ zK!N5eXwFiEx)RG+poQ(OvlT5^%AXn=r;OUbPbEZp7Mt{=bQGFK&vPS8Z~fRo)PgeAdY9kM`;R*ExIh1#?jn$+ST$E|ArG7IIj;;iH&YbEz)I1(ljQ4l=Q4aQ z2lnM~J@TiGx;P;FP{T8zSw|*Z2cYQ3f((PY@l50dVJfLITs80D8cX5n!S}zq#I{O- z$D_E;607`$fiZN~Yz-;=SUR42>EL}iM!#FFHH6v|ME0$LOkE+V z$@?yu2weFr1j=<<-Th|!{Hl>mLV&ywEu&xS3EQspYgv*d(&M~z%B(5AE)N$O6BLYGV0Chd0i-@sx0L9O68BARWT_ZCFetq6j!Ap*;9;(WmJNw zjc+*Vqm=rGVjv6$xrVKW-=4T4s0b(U$j?Q1%Hs0FCFmud$o;PiZ=nVASks=*{;Pa) zP>$n&9R9ffeU2x37o=(2081g}>F5w+Qv_&lVl?HNZDG%ahUH=D0E}N;2(iT|aMDiT zV-?ulc}DRbx#jD+#>z0!6zM@6m#tW`pbgtWbP5`-7+H;py6%R2zDW_IGJ^xkJ zTJK?WWmwDmAmDZ^!7V0cM5?Sy$1%|YSspacsbP|;d`+_#PS>@G#W*F=U0R;8KtGqv<2VK3|ZIZuvpcL|lGTs^e!eeml(HL6<%5aIAo{Rf!Z7q9becMr{!ZA@+xZug`KHlTx>K^ zRwYa|O{S+=3DtQfmcwy*CR+$*c5u#;_dAs@+Tob2ED1z%jPh6atCKgFRa9(lyB~ z+uy)*jYXH3h=E)&$6oZ8xBSJ|uf;uiPdgwAgBY`{x!`&Q2{7p(&A2tRcw>2Pd1K24 zr@VRQH*N|s895)5fG@*Ged8r;w&S-9%f-Z3Pm|0BMABsJ7KxB{V#O>$H`O>ns%7J} z6i2K7TRN{&C6avuejEV2#1ql~T-%yJYrezaZ&~o)WB4CO<&z)ypU?6Tge4Mpjre;S z7%VZ;foFqTXqW^9+E;u;>?PwCXvp<9&@6Ns1zJKL3tk3Yv}f5K4S($!zL+GpiO>Q~ zHok=7RM>Fya;e}~U*O~MoNk#!jJV{)UH!I)h$&FU^g(#4Z0UO!0xT-e^3whI*hilK z5lfmK)sa5`58j@f#QZ;xNdf_z!|fMNlI%>X0-E)1F@WFXbDqh)%*R{o6q# zZ}uYCf6=Uo$t8_vC2T7TH4>__>Nt!|VfyV1I}}Kdiek1fx=1Wg4zaw@auG`R!E1`s zmym$cu+I@97faJKYLsE(hFhXgk%-b5>9T;w3tLAfi3g<{te0}d;==NLnMBa%iZo7B z-mr`QCNqGgmn#?0>e*GkW?S0Qb&=)uE$Gy2i*+ZK_6>6EbN03-WyLew6S9*NkYG?6 z3&TThA+a*K>0z>K7EGU4faAQ35fjT3W9__LszVRn36r9U?!XES7wt);DE=4iI_xPIqRFPYnSt>t9PX|>iX*>Jl)pS zOWD-5>tYghN>l&-a}AdUqiza*$}J3i6=}fu|=Fs`i71)=%x`KO&gppXDXTgab?^h&xp8UCRVVJ z@+8*NUE&!#ETs8y)AEqJf@ZdAoF$$ylm(tqjtMPps}l<0u`uQR#DPrfz_v}?R2y{8 zV`)^2U2Ew<&#Vg z?Ja#WZ74yhR!)^kV~tW3T(cc=>;Fi)X!gxS(R7(8VnX5ZH1Ps9Q^ivz(N)97qqIMGxwS{nCATY9#8O`z#&#F8Nk8H#)o1pyX2VhIa( zVah}*TJS#H=5UpH+dj%#*amtR8?tZJh$l#k?TdXx!_)NevTJ$X1f~d*|yiT#NCPvwso73C{kQBkY=#0 zMYou4Jx4xE!n4Zwd&LRo=3<27xHuK)o^*;{bsQFsM0`^LKR-Nx&$eNK+%LJLOh0d` zWVN`4E-H8s^KD#} zWy^~2YCr&WVwvI$W7=JxhWMxBxL~i4>l!+8mXkTRUE=S$%ZX`dmuP)vyXT|6>_d~G zu%r{~h{@V5g5J_sG#LQZ_jRqpsbd!_(StnxSuxy2>_$N*ExlPmNB5#x)bq5OwnsEA@^s?ddc`9bvayhIPwhGv3XXUx7iDdIW?yp=vIGnq3YuOcO$hpl z_QKDX<#R60Q~b3&UTMWuspuD3K zd}q6Q{WQiC{)tZYWN8w*g#3rd6oJ_~y3c{v5nIND*6R?@CN^~SVee}HdlWmIQej9( z-%+M^9Ax!{w^=1n$cx}tiXh@_R{Lc98(04A_j|k_6RMOw)l4x(1{Qiuk zs~fI_JK@cc&m)cOC%MG7r}nUSRiPibDUAQNfLGJqig=$l!uS^cWB@<)YBxcq$IQM% zW{Za3qWEds{r*)#9x06~bAN6)6z^a|31PxWNyHs}aMe%9&p(SGaaH%}?&H}tCKWvH8`lk*ZKJX`i4sa%3jPqqShN;$vdqFdy;NFTDs zWh+dXO)Qy!@Ne14LZ0n=S;~!xcJ;A4%6&e{sNDtg;isg6_J`$|07hG)`CL9Vie7_3#jkhD-LA zj)_2yq$=LRm7&>I!Lg<}{w}gi1@E!9HW4mp7zd||lJ6HyMHj^i_&d+Mg&0AFbL5d> zGC4UymZmtLRBJpcpu|UWR|e3`s=-9H09FcZ_XxTnG*(<=pxEhM=*^h6pg0{3u$Tw} z(*?yc4_K_Kx+f(KNnjMb-cWQH0>Ct|w-5eiw*Vl1Y@AH4Kl-!KS`E`}CR8kRCsZm! zAf%D&Cy3FRF|dOA(D@s9$;JIY(9(pv1pwIO|8?^ADC+-FIzIa0|M48p_jOU>kG()x z5=;@2?<^4eIWjuEdoL$W5{kbp-B*%+c?!m3gu=Q{TrB;t75o&H=?u+Af7a zeE#ni`{}1F_)jta&%=|GAMt;mM9j zo`kmnpi~2E&}5b)s_zMaQ^^2K{;#vnb(~K|?(rjwuT+?K5FYeFwOQ5&3UB2F!aVronV}v<_^L{|DvLNksl1A0Pej z|9zI{UjUk9=iwo$#{m15c>M?FmVlrGxX2<~DbKEe-^2I?dA!m>SlwTeJ{0gu1Anmi zZq(=uU;1MWRNj$28F($6ppd-(#yODlmyP_wULjX`iMOxH=GT=a>({S){{qAW$Zxv_ z38(=*(>gpk20C05UaX*L=!Umu;cj6-_7qvQYK(xq1|ya4lj0(^1y$AB?{X5;a=(Cn zwf!z&6S-{LL=|#9k*>ZmwUA!(D~Zw z5dw$32DS@c3qC|-ERaPuu!Tn+at&)*fOl8`!AVI&JT$M;iemN9! zfIQcLCd-!Fv_L)c*$$yC&xn&(f`AJ8F*I5LuM=ChAGrY&er{TYp1I+fn=BudBQNO4 z!jF~Y`5#&SFLr(ON1pA^{}0QDKhFQ3u zFCCCum2)6RWsh>lm0M^*0A|CwwR1w5#;sgzUOICQz|YOmdFpI1Q3r;Zl{0>6vJ z5_`Z!3ust?(+n{%ZENcP>-l?Fp2`17ZJ#L89i*5>L80_OsqjBm!|-Ov1-gM*dbyli z*ItmlvMRg3m@YB<7UAYQ&s`$FX8Ly|KW|e(cD8jS&?R2o@<*Xaw#sz_D4opOL*kT z(WXNqMfJ~gc9iMZNJ*Y_dc+TovYi>p2Hc*B6-OnpI)fnZTWhq5hdlA~9mTOn?8GCg zeM5a=VE?C!rUv$?qi|vVD`uBqlmQXck(!9d{oD#Wrjt8Qr@Za%F`cB6)QZPXtEa(2%17smzx`@YqYECWNMSB4FH8gH-k>=qF zXxkRrY~}|Df@6_5!gK`;g1ga3SVu=Re3b@ImzHkQ0@+Y_ zrLhA-Qd$6!&fLvhcK8N<&((U3>Y(BCWZ13yzj(lN=osvl3;dpYBfgHX^N+v=kw+y2 zzvn_AUF?@lkP>f~CPwt{@H4%|!nr@(L-^%34@3PYtDJzw*|16wxS^r}Z{AeKjooxlv^}q7r+qcJ2{qN|9{nzt6RKp6x z{8ioswvxa8`u1%UeI+o(^m7Q|Tk_x)-#d)iIub9h^lNFuJY-q>$XyZeHKBY#9U^dh2^?mezus2mG>Mt-v_zprD59gbV9~lx|YY1V_a%AhgTS;Kr)2U%isR+pP!TNoS zg$(?4msZ#Yx{rHd5%Di@Macn%XqtKG7~e;CkO>E;Qy2Mc(V=5t;rwLlUU_7f z@U936sX7K!iCZ2h0Hr3xegx5$aFy^kL@ zbaSqst}6lV;1k6}R0mHP2viT8Khw|phg(fvPYdmXOu43A(}b2?=owJUi~uymqhH2YXlw*QcghR-i^l=;%O$=ALn~-5iJ3t>AIrtA{=<{A&-P?Y+d1<*hY6&*fi-)D z+;BbjKaQ~;%}>i%x~2rXN5JrkMR60sEUOCt#+6@7rBZQKDw+oN`h=^ZU?RUXM16c;8{PJldcZNCc3 z*2BT!A|iWKscB@43YA)m08f$Tnxgv(7>|AFHWupj%O2AbUl;zr{k`b8q2K(RP}hB( zX*`ySC7wA8axNn@oSks`buC7FGR*w;7_=e*oL$rs23P^b$j%9h+TbI9pDc{Ci<=JF{!XYG?J`-@;!W zIZht4YH;0BKv85a=QL^6b8^ULhxPUUm(q(_{XadqJlfyiFYV^##-&zgrg!7=^6z!f z4Hhp!YBXsAFGJ(pe2H4EzW=j0T|eubuRnC4%a^~}zqR`R1EvAHEB^cO(@OrA$KQU* z|MFS>K6C!B56&20r;z*9ilWd~X}2~d{;DJqgFC031FZCAO|mdA+1Q6B+p@X9Ov){r zaLc9Ja>=&VB?SB7@3m>h^!J5iVAWh*r{_39Y^!WuF5i})ZL64T z%geO2F3*;qWy|H*`p`sSRpR>RbN=7R|IK^r1Ka_3#eW{|m-Bx-ee~o@{O4!+L-$pi z5ib>aoS`8Aq7oL6nULgWpGc-s7wC!JtoJtvCqkt&{@xD_D6;na{T|+ex|xj5X}ZWE z2rUwC2}Fu4W!kqzD6F5nJq6~!F5+QLcq25bJnh}X=v>P9U6_uZN9=MG?y~pE zRu6lX3$ zJTPr>BgiRD5+2XZmwD3Bd!Tn&0C6Xk=Vl}K8hR^v%AS$Et;|io782m^wagb@t$^Qt z+w&%q*Yhk6<~NBw+jnUJcq;7C^c-Me0yt^^m~Az^e0A$*S{UFVp!SuZ? z1(uMP;=%Wp%cXio4xZ%d^FpW;sjBsjH5=q~dC9|P6@&7#P~pT|$Wy#IfeKj&D5UR6#+q6t41_It-D+_x>$)-=Y#@4fSZ z(ue=q_e3QTPr+BFMatC>z1HBgmyelyfNMy1fhn{uK}r%gn=K|}T9;sC>Ea$ROzR>H z6lxrlJ7DCki%>$Y((PwrTL5rCkG~gTNT#m{9-GPB0i)2`0V>P-zWYY*y@3zUBN4IZ zJPx%8%;KQgT9&~Fa~CTP75Iu3 zHa-VS*_ynd_dm~`O{wC+)*Dt3#y@6L%Bz^t;5tis2;DfZ=kV7zJ!UE8(H%V`Q>l<_ zE9k|xTY+cq_4T(E^g`3EfCn@VSX2Ytkz^f3*YBOxTOM-b48G0`Ymfff5_=yCkj-Uel4;+KK794hV(t0ZCup$X%Yh zjkK6Z0i|T`XjQY5Yg(-m$sp(6#-^#Hv6>0Fyu0Z%${6^7Pf>}!qq(VCZ+$QVe5n7R zPIUvW6#?rA`5#j4e{gkwgJ$RJ{`VOM8u~drp8-7O9kN2??DfGuq)50>rn2t+hSS{& z=&ebHh@-j}SbuaV1Kx`waSKMK+L=--chjt!#}~5w zsu*cGSv#&4ctG3N=6h*$?bv% z3;n5~Z>K;k6PogA#IObdjma6LL>JNn*KL3sp?}})Y^rS7&VP1~8r>wEjo^c7do@$A za!g$-5`aS*nKD-_W+o)8_VvL&8L^POqABr9oY|?jK1mst-|eq-{=qHmp&dZ(ivM`} z?YEWs@85p=<@|q+KXeYz+wMEU;ul_&_*X@T!QGOOr*FkR{?>&o66O`RAS?ica&U;f zIJ2~_RBGK73UJH`2fkwF=DC>OC*MQGGgZU2MFYsMBrb|21$)#7h&9!DV_W~%^`jTY zx1NI#TnyfT2vC2<<|b0}mtWTSNPp!yM{nzZ3ciOGKSSfJmIBQ8k=88lQetB6bAXE&l=o-G!N* zyK&=oqpomq{n4Hap_z?2-TvYJ17R5_xvOdl{M#8|U9{c#HQQCR>yTPT8A9qMTpy7w z5Mx4GOQMsZTs27ft6i?OG8wbl$YGF`yNym7@Uo2o$a1XKNm zTR|UteFn!H!MnMe+|QTxVdGxQIGxMB>9=t-8r~0n?|56VZXH{qsCR7Veg}d;9KK}n z&9;z_bccR?vj*-~EcZqw3-*U+x@MM}*sf_(-1X{_HO<^+Z*ySFed;&SP9RfEI^)vX z30#;~_nCm}vv~puRq9sAbxhMVJ2$QFGXd9UJ8}b4dx7S_(-dC1tr5?=`1}WFXalW# z`d>H?O&aabM42e}!VGrxWVR$&r;ueP4`7b}(vlV_?9*oauj^CB|8Kt)55@XYrvMRB zQ3AwLt%A>jR2coEkZO3;{juOXI{+pG4}$_Cs#NHj{9Z(;C-5QYN~E~qA(Oi{lWvI? z-NJ0ci_yv5)L7fAo*_vVa>;`9&I#Ct_nUyl89Dm7r(S zbs!79?tpx5GDg%(T=j6xGe$jN5YB7nyAEjHeiOj^Ow;SIjyxEYRX;ZA6N_LE7HcV> z*limVT=~$>BvXrtz5~WtlBboZ`C${UcM^w7{;?JSJyfqrbfx2lk;#Z*ukuDeBc zY|8ULtG$rDZ;_qS`{NpP`GDK)4a)i*>2L154)3v)(#-wOJKLtKYJV64HetX&jems2 zmJ)n@iWS?#U6eH(t)UgQwGKp8QYiJrU)J{bZh6;nj?Tj-1ck6A<H zT{qm!IOaO+KJ?{W0sKL?Goo!R?1#Igiy$}5_0!);_q{`+kR}^cCHVQDO-+JD-T!jg z%xWq?Kjp=;*xhq+EZ`4aDUliYWmUoMd?FA+fO1K%G7m=AY#0N4k+HF9YG zbQi{y$Km8JjUdo$=8J%fp) zvEu1#wt_3gyw>PnQvBtbt=x;z*0Zhyy>a&bh^|hN8_xW2pHa_qx8A!EwvL>CZ~w$E zf1mcR?EmYh#{XRPKb}6R)c<($;(;qLMQ@cKB?ZDkZ4l$y zTAo|FgjV7-*tP1?CH+~%^j38PvD}j)V!Kq<``s1ceQX%Vr^(G&^FIIZxf zISWsCpw$x6t~RQtjzXmQ2kv~8rXb+&L8#zv*q?wR9zMzC!=L{m|G(L{vF#5T0&-XW z=YvZ9kH=3B9)IEgpX2XA>VJGyEKcV~654e8P@6cWk*lDwu@Hyt#opKT$`hSl(uA+= z?BzpEcoD+KmmmpjIrmG44nI-$=ECn?ui|?SlD$ua+5%u7+ZDkTvpGLlrIaP*@uf)& zPwCB(uIo z%vX2SSjjC!-4fwHKn<4d3a{K3sz)FjE6fy!yw^fM!74w^68$eKb$9#ZM#$J~5wG+eDH(zKsfo|6-T@&8j<{(>ke$A7PUUDGfkjfPf5wiE?p}WKj zg2vxW5Sr^zd(+fhw(BO>_UBQI;)c7#`*q!=^2xYMVP+*Z^HC&T1nklJMoRWKz*-x( zBkn@S&raa$W9V~kz3yiE#5YIqftSZevGHZ_DLChHJ;Qte{#e-OWzhFDf)H9jWoOSRj$_j$b$5>DbO(HAq%Lh)aY`#=Mz^OXa4x{quQBn z9_^M*7eZW*v3OWt-hZ z-Trsg0>Q-z5Q5G@rpm$K+&|{O_xshCzmNMXzW?3|c^wHF4m6GOboGLT3_}S&CK>cy z`JW$E@;`t3?U(o8&-3?T`Jdk!Iw6)&h+=8V<2mMnjz!wYvp<^*&xL$|HWOfXe#>WF z9wuGQV`@_eR-4i+boGZDjV~hHds|IhIU=bw55pl4Dw2| zhG0QusyZZH2*u#51~Fffm?1NnGE)O1llXx2Dnqd~|;JQFg_Vw$pO)p3*2 z9LS`Z*TAs1g9SgUY-)z1lEq)ATD*rWl#qKq6{SWyB92zX4tWq7>W4}W>Lx$s5b$wm&%RHQ^KfP={`%Ya#V>}qf56ClF(SB3np=O zy$JR*{Sq@hKV9Zlaqh?{99Ll$e?Xz7&40dBP&*yQLoOBiSxg7{n>*wm1YcyW7P* z(Xhi}^XQ?9_YA6&?h_qpAD#W1~(Wkg{K~r+eqX@`>DwQwS;t(dKl~ql) zLQ}F>CJ|RS$qpP)Z&yh|rPBML2b3%h!DW#M88WH2gS}58!BewXIPf%z#I4dDwK!l- zRVs+MVN&vtc@)Fr{NTAAAfYD3=?XHGH{a~#)4J4CSTZ?hXE#iOk);f;L2y=} z*|*sHR8m`nEB~HAQSfdteQ*q`@XVJ6(fEBmO4{qe>HC1jfrkSypx6%15aJ;YenXJ0 zM1-~T-q^3*s7L0wKYG(2k)yNWi^0o_QExIh8*YKx9kl3{Fq~tC$GnBpEut1In*LXW zv_h^lyT$BjXE-Yi}8>=bgd`9>sHXI|Vl%`i)VTSCq+4M`V& z>e^q(uX(`TDdjOalk;w?y(MfZqBXE3<|}uwp@?8>-9bO@pP!t)JM9lAWIP%5CjFQ1 z>PS;hqs#(xEq$CynzH$dv{12bjTnY%wAPF|>`&gFjb0CiFUk4Y$>3<~F-mj!tC}k>rA?cEV?ocA^H6x9l_l~xOFQ+shEobYkU&8ByeR4iJ zJMB+i^)JTcxHsvI&n`ws{jIl%rqopGYv?nce}s?=|2VbshlUox2L-=LtIJSZ@>dw!huDaCeQZv z{;YP{`{d86dhfatmezmYTr=&uGMC7EG|OWbqmy<%=#NUo$26s7wxs9EmuwKHOy1C_ zMOp{Te6H;hZ>nA#df$(G<5$nmdZXj*_u8bGz^%6E^>(=CJF|!u+3CLE5mVilEOpFp zF9*42`r7|O%K2993Lf$<%O_C1(QqP{3$bLEuH9t zkZX^yNK7663hm#$2lqV;=l#)mFrM^>$oin|uC)Rr8kZ^s70K}F^$n0!or;jHZ(~Z8 zA4OED^{p%&DE{*%So&A*{Q9cI+UdKpf}Y%qbGi)lq#(RT%l^JU9{Xt%WPeShwc9d7 zY#PL=8-8D-Y_!@X&y3CMDvbV7BX2oKyXeIM6lL5dw$NgHurSs7c~<#Voe0~?NzR_` zO{>UT=dv&VS<8AGI{CEd$$p!V#eZh`nJZVBES|o>Y42s9oL`)rka7QL)SryKLs(ax zWy4Qe*)5(HUaZgLAC|A+x634pB2#<;NFPwR{y>!gdNn%h;JIM3x*xZI?4!+k^nYyC zpSH&U?mOj{snJs{9l9O^b>IGqB~^oz{7SNz|CG}OpVfA_3(bLu1DbkdY_ERZxSQk! zx;z5bJKer(w6!-hbR(_Aul=V8RxBpv%gZ(YRN$Grh0BS)i0Mvrk-8I9(@Bg}4QC zM-9XJFr==5`Tz*6h5UiYtcA51k&c~>`=d95?d^3gn?&v~ta-p1cj2{0g=z=uC~Pk5 zYaWL!(lU<1=F7P7jeDb6W+++>&8sgM)6&Bl0Ve43kW?{?-D0*Xc^X znv&W1qr#W$bzAI3bMEkm2kbrb zb#HI>=D~a2Y&|~|uSxFR*4op;oF}hM9)u7HSck@yWR!OhY+H?EKTkl%m zsXU(`2G@;5#D-fBwysk?rmy7vS(R10%G%1VPIvCInMrZ8jaPE*4mx1bgiYUQ<~VX4d=K%*x&WG+ZYG1PZ{a0>OQP{bI*wu zJr_@V=ewi+$yx9C_b|}ns+Kg_l`Il8EEsD&)Vp?<*zR|JC@D|-17A$a{xd#mY6dCT zVedxH_hiR8WURH*R@^*{rTD&6tML@sywf$#BA$tO-Rt$XJjIPRg2DWsU_M1|6o+#}$J*BtV~;y>zW-!*|dk8+)>=BGHs=32h@f%Q>Ue@sg)KIm{3U~D{+ zg_au+;vdK-2V~!ecFZwAH@Lc(7Joz+ovkN-UuPW$cs|6)Ym)&+e zm?p`QRR`~w#Rs}-8D-k2axv5n+pRbOu5%gkm};xMun%z>+S*~Y;A?t+#n&k$7G(NH zMA@>$1pPra>op}XMaRwU91DFf%!VI(^W~ZBfBWC{!T#Q;-#b3-cbDNO8e{YO-_wJq zPal`^zZ@Jq-v9Fc_c{LlL|#J;(ytXT$^1dD+i3jYe!4!`|N9Okf_=8P7m7f2v2tmb zi@i4Cick{Ll#+Hv=hR@|?!k-+V(B zRE8{OA#rOUR&?z)Cc;fGQ^vfmm>H-;W+IBjE!f<3GnobWwlx!395#MfFv-^99?atD zo&mqdrHH3AzV0s4Wz!@(+@r)Ood2QDrusMB#_vJikMLH!)s?|#aTSt z+bdXJ+r${iaB&U2jvq7`<&%aSXll_W2@S5b24pg@;snnngBqNQr%W{(yCffx9CQyK zkzM_tr)Dv*Q2Ry!M*D`3V0a^h<>BmKzV7Gq2qKY%-MJ9+h(W2SoZ?tK=P}!Ji+M;I zTR*>;{Lp(l&L>E3Z80mDUYq=IEfSUgKIiEoo5FAT9_;Bh?OlxS3?Fy_WOot%YbHmy}QN{Ac{;h@B z{&(`tHxr(G^UX5?`8oB9&69vK2k;8ep+({=Agha*uOqC?{_9>3X#^CfTCsvJ?g=Tv8h09uEq8|nnu(YKR|vrtVwj`XQBG-K>fY(jRm?!pF}xR3 zeE6U7z;Q{41=l+@+I>I!zM?&8ml*g%Z z@QPLE6!AC2Re5vqf798lyAUcJVl;PQ+yx_kJCcY{ktJP`OyPNmMaYPW1Fs#1y=Os| z3b|lREN=>==>V?;iBuEeQ6F*1u|jdeE~cF~&DcXbe#^!<^DgG@>mrz56S zDR!jzIHrkOh*Tl@EI9xVTuZ2wrjNwYctDhGOhjVRDJm@i5k`ZBYe@rhY#wbpkC!ZF zk_V_4Zat$p_98dX?UPN;rU<-qJ~rp%2TY)t^Li6;6>cnTSj`9ZjGcdlVeKV|snGN7k^yEoRxIrhiXFHjA(Q-ug}IDrZ@t{Z4HMaR zJzi$(+vVJ*x-xUgK&S8WZ(e@^$ndCuY*WUgh9fmyhi{s`VTc|#5Em)|@fX{4-f zWbQh2ss=$CBa>B9>a0lvaFwnSoD8Zl zxJJn^Q-uaM&|9O`L0GJT5L`8`)&#;{<)VqP(GiHG6*I%Q@{2CFkmaQ*^^k}AFM0g{ z0ZnNn=5C;|flMt^)SyixR|ivrTsPU;QGOItwRs5L;=|#aiW!@SFpWNZl)UioreSQW z4rD!yNJ|&u#0yA!%r0Hj8-7$c_Whu1L0D zf1Qt0GEVCuO#TUboQxMKYMYAS!-bLSVaP=C8!g!7GwG5Gg^I>53*?n%#_`&hBAd3i zTb`O{PPRVVj!W1%I%jUr;0|2UWJJ0XU?Sw503jiH4F1mBfHdAgKGf&>CeyrG%xXs{ zK{a=|VW5{hxp}Ig^-)5<8l3CTDobEumXmm_(^v^MB*gYuvw`{&`qU&x&U<~>P&PlZ z9?Jo>IZkrkd(ZI^U0V%KGgxOY3pu*uYQcFSmT-m!$7CX|S&ZsZb$;L(ow7JY5eSB@ zHz>duZ^y>_o?Nq)2EHSmS|=p@o~OBLd&hpg&7cNu<)W+BiHBaJp%un7fI;unC~!(; zOALn4*i41Kg}`d2^;+H33A5drK@jV`gqz6?MZ9Zuc1`f$W9M|6qlmL2NH>=x(Qr5R%Xx6A@A>(LJ=aY~Mp}6(MV4p)_6q{vAUj0=d#apF zZ)G0OXlXV5HRFu4sk6Tfj$xO)Z}b9rj7IVTLhqRM>0I{XFcBOzUpIHp4$sW*Zq5cn zDGjcP^`BigPVd+Uk3D-q%5NAsc8=hX$}k^iEhsxXT>cthPI??1LvR5YWk^qdxMs0h zPX;0j`|*tr8@?m`_=Zan11@UG=td*@*uBaAFp6{+$Cb;(;JFbeZ*pR$DEqMEBL&j+XG?6^x`ZgE$o_L|XWnX6Zsm zeSLa^BR{dKn^mD5IZaurKSyG&$PHI~%A+CxC&JTPHDYrvVs|(6-i|Lv{g;EYVZ9h% z17s;eW^J!hM8w!pL3Wi8KC+{cmkM%)0`!$H;_g}_i;<{RyKW4GbtIyQf!*hvNiOmm z4Qm9N5lP^h=}VXks4qvbMizoU_-=o{3jRD(i;aMjOfA-deDt&kQcI%3uyYLw6jS}3 zW$GXtEvdX_fTMse6UyfWKIZS!DYS&hK7X?aykX`0WRb5o#g{3Ip!5|Gp5*p!2MuqB z@NO`Yg$tT`lRBrXxdSy~A$g@~{+^RF4e;cQiw25yQ#41sa+h13;H4?|m0PrY!%3X$ z4yG=clZboggWP`LKVFmomux%Zl*S>IVZoGRZ&)ARnt9HC3S-Alj>S@6a_(qb(_49N zn_yW*VT{TR3*AbwjMEhq6?^gs(g-klMT8^{(r$>WS~r50t;Z)vOs2ij&3w{SCsg;Z%S81v?N^b{Cpcg6JrYK0`5Yv&%>w~p=f4X z9`5>JAJPbeaEew&bn+83GKcT9hNe#+gD7M0XqZbHYsgghBoVt|kyVOPVdB0ED6AV% z%QvL~F?9KMAwGT-knT2+0Q^pjhscKzg5cpM5<5#6@arQH$68%_h>>h6QDf4$7@ar> zXM^LTTvaaN!U2#Bqb)rEMjF#Iu;;saX&0eDG@&uB(SUjM4YR3ow+Ko7uA*0;CZ(F~&4&o2)RE zgvDyXXKB>{sXQ)QU<-BI-;`?P;6S91W+ILG$aFQjG z>9Y({7>6y5w^vnnEvFAOsM`s{#Pxuh zk-Jw6lXE1V-*rXiFx|gOFpJ>a_I|B4$X+>A9xE1Pk{$H`rXXo1VVxy2IYb1=arEBlxxOe_Bat4egnM$cl z&rzG52;EncB{4tP!&w@^l5e7Q+)S}q7U5eH~*H7Z%XdJ-Vr>a*%p?4c5 zIHwW5Ct1V%F=Eh=wNW&{7=NW9JhRNUI)J70p%{-(&~9pkA6|qF4`N(_-vv5YOisr2 zIIu9s*F1Tn&&tZczUM)z3|~7M?Cs=aY#d%8?x`h#7E;xkp#^{pziB5SO9uF;19HSzXakXF}Tpl}CylCgtVlk2* z@iIaxJF15{e`|+v`dlr)xUzHlsIjWoNL;uJ*IX%|c4``#V@72FdMV2huRqmbA8e_> zCW)S z6DpnP$l_EQ52gN*3Bzln0oIgL#=h!)!Ax&?i3r6akn!&yqjb z#~vnqB-k=gJ>Z@4+cegN3moofsPuZb?G9^s;-| zTWhI1nC%86;3T^D8Vx=;dh+SWp4B2HEi;vxk)5h^1;7!=?E>Gf>?Yg;?S*N1AZzAj zv3=LX^2KdGFC1B4{dyO+G$K+XDr{rYbFR9o=&%kVF&YGZus^~5$lj-Uyh~B^4n?5$ zQmU@io=a-Dn}~4Nh4JiJP`d`yUfbDRtf1=}qr+uOW^qqxX44|i$ie>peuuPX3aqLv z{NlF_>*%`f=3Num{hIM)789y|C082ioj{!*0=geO0N7a$^TimU0y&A>Sk(h}zLp+z z&X&&g&^%50icU2g;#Tt1Nc@CmAx{a~Uf{tJIA$oal{Aly~6hqN%-THcO$7KA- zTMdu(6kgMqYvhf2$O0;B{K;$!qOb|Uj#e?WK3nL`UU2)ZgYTld#$YZ5xBWC&U_Lgh zev282;0w$;s2dX35%7q=%>Y=+Snp<)aN}BCo}0{9IhL zG5B2vvdhIt}CgY4nE{c1K9NSYXYYDOPLP`B`&-`T= zrtHoA%7<{}pOd>rs}Cz$KQ>rKjYZVpuoN2vfgr{C)X$?(uJyx~T>!Ce954G}EJC)c zd5lay6w?I|_a5>Sp?lqUTg)%X)WUJ;4?&0r;GV;MdSq-dH$1aPz3_%BA@8;HaiQxv z_=QBkC5AMZS>q)tE*@}mkpr)ZMe0TGb%yT=S>A3wZgDU0p1vNs^)tIEMaZWY&7gKRz84_oysGKIgpQb0a~3&*>I0MB7#^5Yp6*NKk_kBKaWbn zu)FVnjM%l`COSNN#|P5lnqz)p&G{%y@U0eR+~q9!;X1Va$e~s zLdC1YU}-FODb!8S=uu5iT|2RIX6h2^d?u9>^7a#{q(rZsgclCDo?x7+m&piiK{WM^ z0!UBh#G~yJ?E>Yr`StW<(~EDOgvm0lqHO-4!xx3NoNOLOc&i?}8lB&i|Jp24k(Z{( zr!PU}%rys>E8G8;6OJbOfA9XAGe6?zZM1QlkkN@}hT!z}{NN|$TCcQkG&=_(2Gh=7 zK~>#DU2E4ZCO1W^y*Bxk+)#Lj3|V4qgd(;neXv;ry|I0)es}@~0ObqB2)j06LigSo z6M%Ce#N$4+_UQqBCQL4Q z4D-x2;(QaQY(a0hK<7`}kEme5G>?>YHsb+-OcMBnRv0JEVONb^ddgk{>v7&6wF zFTCVT@|ST;lOqw|V0FZ`DPr>6H0Zc;!(?g&G*q@h2JnWcwd}2hza|xq<&<7N8hHO$ zH_nkrIJ^HKB3W%cgh{G%??J4wal<&l7TJvaEJj;k$2vUU2^XJaoPYFs$o8QrgaDap z78Bt4Uhs@L3tlL$g%F8=MpuoiYx4xqozmbsOD0&tvIG^sv=x{{oIlB6uhLW>Kk)$@ z+}{^+{gz?4nS+hF4gy2_XV3swhPZ75JDqVil2(Z92VvuELd<&6hj||9Mo3xFQEn^mkcm%HF{foAI%CZTv5tue~i;hJLa%^#*z&Bnd^3xtv3U zPBp$3;#OnkhO=83jDSuYfmFEbvpJsw`_&gwE# z4AQgy$^Yh3PiI$u++EW5yUyQoVhgdkr$uTl8#EHug`X0|<9Woq*tDyw<<->=g!Cd} z+i*KyEv~Kze7z8vRBd9zdek%WbbqPa94?4W(vedFo2lo(@ZM;tx}N>&?e4!ATh4d` z^0y68xjxv3FRmI_H_NwFvTjP1Wi+R}M!K=|ttb2DRClRx#H+>?ivzg=Eu@=BzNB*X znn9G}(em1*6sgYh==8PCE~4REDCSU{BP8;=kY-~}<&@5ui8dCp8&bBcgeIF-TLdK^ z9w1Mzz`bTHIi>G=K^|iYvB`!$Y3?GdTY9b;6-cIOeWZx-<~D5$k7QZ_dc$S<=2Ug< zwcpL+nPlu|pY0t(nZ$g*@-w69vhXJV=2W5E5}4a&QvA$fbDP;}&dA5{Jv^c4>r&j{z8)?&4U}YRVPcpEamwTkjq->S2KkBfcShwwUEPk! zW8+79UdT4}XkTp_@qxVwzy{!5?>1F|-5jgwF6sOK5K}ET_;+I{KZ>af$O|-KM=UfMEc3hF zWU{nI8!;mX`*=eYbG_xv7=l|yLZpM(V&#<(*Kn9$=-*V1t-f0WGy%CNLl%VzI1X6+qAO>i%vDrI@;Wbko??#7a`T-iG78gd&mPV0X*OrX-U1|h|CTF*#b zer{}5%8+H7R=)9J&uTikBxJ2GnhWvr)0pHF-!E5} z=AYe&2RJdv60R7Dy&PU%1}$r6-5K}VTET_%Xf#rIO1v+~e~izDxaBdPD75 zn9rwynW_tGQS|bft-k+i$E5t(z1=5@?q0K1_eUk-_8rUJCjGmgw(R?_a6m+YVHYOV zSUC`H%CxYm&~ZC4dB|##kQF2bo5-FkqIGt7f(H^rmwo{9wSshJMP=WL8Bmhhl}z{E z_55Uxe*_fPHgS2}zW+C~*j*m}J7D`E>wjDy?C;Se+12{tl6{&QFq`YY>>oUSbWp1Q za(KA^rT)uj`J1@6g_Qcq;%pU=4oNbZ2*q}%8IO#a!M%@k?D>N51SS*7RY6Zn8C_!9 z9jaElso2dF>kt)Ccn|8p#cECBd6^hgA@__WtOHK4#x{mVXzaKYCe@Xg`T6%sbz@#1 z?ElYy|G$N=cLRtJ3-otV&|rZD&9yeACBeC!J&FhnIR%ZN)liK8^90bPnS|>2BZpjJ z@P_VY8~`2aeZij<1X7){}EL}eO5ip;Vo z+Eob)QkgAL#ev+ttBylQ0eu}pvs5f;iiozz&z}-HWSK=N-!*BY%x)UIkwn}w3E{|W zYM!JZ`Uhn78HM8eFSKfal_yX`HG9kjd4f)x2FeBAC>q2(c^Ew?EmNZd)*sP z`a{wm9+Qi4e?(3ONB!ZrPkJv${r+ixIB7PTST(F4hZx{ytL60OlA*8w%CN0xL*3U? zmfkWJn+iG|GKhn2htOu@m__uKN=A-^OoTB;?6k05tBp6nN@QfGWd>vRTc%PvjksD^ zvm=vB)of&O$fQvoY?nfTkFl7gFr)@@TzD7Qp^AiH$qYeLxovlv4ZH?zmK=QtgE0ns zz@S)GL&WHSpp2Y=G5R)HA!I@WXek3jYlcb76DHFYk$k>L6^J*G28l^U_Q1vnui|9S z8&jdNMrwd7fEco6tc4#m6j6J5&h^y_;S&+P&8K~Km@BEI(XK#lmXT9UW@MVV_ot?jfe+-7>N$=!jFnmeK z*@#?>^}qBi@t8ClzuDaRq@Mv1wCF1(r;ySppJ`7~n(;>a#F*)y#PJ6@taB}jl**NZ>^e4quUA^B2 zU2@!iF&GXegR|inzd0bS9%ionnT6o4DPq+kOGdR0ATg0x%7R7A0~!&wOd_#j%$=cB zQhbCEvu4AcUz<-*W$4rc<^!9*H)k^-rMpgGA$CG+rdYFK2AOeVYSE`g>lTvRrxY7* zPE!&ws!~nsi4-Xw38Z|X7*Q;3HfBPm3v`3wD(8X*Ifn&QjF{2~Us_zyTt^U+2zc#> z1|5=f9FT|gnOr6ra1>XP(RxatY;6abu56Jqc=FW%EeEohWSR}f0MmsO*?eJ35yml# z+;_sI&q#aG$lc<>B``LR6TZxjEKp#c z&}PHzafb*=BR#1bt}?XFFZF5}2is9XH5WB(vZ!+jt$Sge|j%9m#HpbpQ91h1jQDvMGYYwmv? zi`(6WxW)U;SjFs7(GyiXW=eI)jK?$%xY0ustm@fpgzSbzBEgF|pKOy9f} zDiA48-L)#F5uf`xkP62%kz7dZp_&atC0aq&cM@LuCexz%&CT<#Wakh{(?W*qKVPnBYjGg5&_5RA%5gw$C=zZMl#4H6jw$x6}S^-sb=lpkrw1F9^+kP zx5*+x*=-A1#BZ1p>)m$byi~8Q+2G0-xy*CR4OdnT0qWJmnXAugJG3MU{e`s7QB3fZ zMUNa!`eE2yCh=yo%{qiT7mR7dI?YB=n{d~a0mdQRtiegT#wmx(u-VX;9ygMhGke!v9d4M8k#apL5oW9J zmfGnal9ma>a}+HZo{};tA#IxZ>bqTeF){i?V{T+fu#{?Pgyvxlflw(r0^(?HZ}Ei0 zA*KS$kBYfrEPO3N&dH3w*Oyzc(EXMa>T$sin~S$YmOKWgV?GK=Vs=ZG^hY5z1H<~+ zT}MoMRaS5oapc5sw`52C9^*H+pFMft-DBxSk7kdMn9ZO-getJa#MnV(k!>~`o3Xtj z!9r-|&9lo`))TE@r89FOd1#-xd*$E}XP-U&M8vGwfVvB+;|!9H3+Us6gwpO=o+Fc~OLo!aOOmmZRmk=;DD+2&; z7GN)4*2BWBZ@GW7VPUPi&Vh#(46{bN;gGxv3o}_4IWcQCo*0Q%;}3r|p1fj44i3pu z#OXr$uApg^Os!snf)!g%(N&J+0-c?aEx=}2tT7~0%@;LISb#gor}f?dZ*IFGOn#hO zy24mkBOl$+h==BpJoPXzUFD1DlEDncO7DI|6T5Ix@Ol7eK$yQaaSfxe{%xJY#%NVI zipYXu;V|$Hus%%Hql$E64j|sc&|PH-lZt79yku;H-SjL{dD)88IsItD%s|4#Jg8^~ zTqb2(2QUhk;S!jWZPzikD|p|#m~U?y7jR@_eTQ=yWJ}yc%tqdJ4X9K4K zE&EoJD|?Tw5@0RSEY-%T7_!@Gd00WO{#M&;upvLkT>Z6bWe_InS0wgVjQ%s~E?S9e zc4bR?0hR4j(2I2g{us7UVJsib7Mcym7s}_cI%8+))KjlayxFLkIUxqWnui*;S)q-> zC@o{=RJnfVF9Q#gyEHphb=ZCECOPs1rY<3U6hCa<=l75-BbPgB zwNC%3#fIza%LP8{Q1sFWV6kBSM%pbYg zplQlXIUPBBPpzQq@q0F73PD^E=C z}bETt7Io;wmFFNE&3*`ep zWuVI8+@ieZ9~y#T&BlU}ntQo?QYv#sG=M-=aV<3)J zpw2mKY-M1RG9ZgmRjL<-few|!)NVGazt~_gc*V0bAKsH+ z$qdojL3xbU*!>;A!TVFh~E_5baZP5rbYgPQl>v68t&<9Z-O;OuSAIt7G*bAhbL? zt9!>(&dNs3yNkZ2H2s831(Ht@>Bld6qh{mq$zk{K@Y~&Q_YWTL(Du$j8}3^g7}0wQ z4-+DWq!-c5)cxW&JmNGabdJuVdY>=4<8HIzt;xVJaYUPDYSCKLrrF3X-Gy^pGH2)h zJ0<%BRRvmWHXeURj=C?pqb@l(>>eH*lAR+vAB*`m0D_+nw8Cqh9FA#9+xEO-J^iTJ z=;?JT)KEtrv)gIC=#5$ki>KgptBFlWwGqW&`~p)7AlE-i$4uYU*3@v!W*|1~w2se? zTkU)oJi=-=9%L6>n`UE+U8ov~N}E939yA+=hu?O;J={OEXgxkVCNFv;sC62d-cJf%)p=u8U&vMTqhA+S+BHLsV>lEG9R5o4ml>C%2 zY0cOAhA=UK5S?i1!s&lkWmlyM1c8`BqsW;?7Q_vww(}*}<=;f+= zqnmUCv21s3AzAA#;hqun46J^uC+dmFPO?;WcOHR9|Nj5m^)^5avDvWBIw)kQqKy&R zHSBkew}@+oMoli4nbA>P)NuyeM^l$B;P&>`b22x}-nC9Ay9p-cEn^Ixbf(M`=TkxS z;ku0>2|7w2#@H7{&PH!6L;h_OmM9%B$k0}ujiMFt-#)Pbo2&@v-g}eH;o}55lj9MI z*C<;GHV$UUKsZsZI5E&Pf4|n8X3bkL1De|Lx&%-0VSb9s20*h-T~g5r7u0*5tFapv zAGz~f>r0tHJRV~8{*3qD^knK!XVZHiHbEbJ7~f=f3^4bejc zBH2+@M~A3wv~|6$`HL&n7z}%p!PyXhIsn2&0}_ZT zH7wQG;@2~%oIiEU8H0Nao;;Di^k*~U{C5m#FE#tu4Qou`%?6_~;#hjFYzwcxo;&M! z_Yg0a4v`Ep7x5U2_JNBbq9&VaAuRFj4rRs!FSfZVm9x7Y)h0V2Ew?nvTJ5f>iH1+3 z`nvJ##FJWFk||pWY@zRq>TISf8zZi_Ie*V7PD7*5)8!JnLU}{eY~ClQml@MH$NDXH zijudz%|_LJrmX78!5o zi|EDxYgvc6EY|pQo;dbSSTdG^kd?c+DNpb4rq%&3ycvg-BP3xdVwuNeO5kK1HMIo2A1s6$Fvu^uee8Fta84SDFls zF_7l2&SA4*>~5C&D=yjy*oPWu*#hhb#(Yq)S%G0-nWSh!3q+jqI79nv-J5jPeuO41 zsQQ_TX2W^(IC*THJ7LNAl?Y|iQX!$GQbcC=9+Pn znvI>KA{Dng^5dnEqK!Ikc0j1p#e~GA;KRYk)5|DfTr0vb}={l#{;r+QVg{@ zu@N=;=R*w`E$lWMkfq-{kPcOv z_e!QzwDQz`AkD%Sp?TT0EqD#^*p=Q}6C+_RjB>01YD5q^1=bn5WF%yIObBK$&&bAR zUJJOTHpJmjEv0Di$_E32%k736QOrohuUWGZgGZnV;fYBsNbxxx)w2bS(T&5HCnI|+ zVM!BLYf#Haj>}X~q4}Q{CT%>#{a0%q+!J^yB9Lqlyx#rvHv+_@9oi-}Z%aJJZ3w6t zzC1^+iVl`!XWBORQ%lu^9=TvUqdaZ`Y(saAfYgSVyqLM_pUp-p@FcC>x7?i!m0@&; zfQqkKG~@PZiKghatFc)SV5L?tWx$nf=a6p1J@y(-D1%4qC#88k+$!!{9k z^gM!?QpJ&2^f`~%+(fZ?F>P4SNp*?ux@#ggyx0*fuR_GKahV3`2H)D_h{yK9l*d}W zk=M)wwVc))>cf=hK2EGIv0Q znGI$|Yn*#jE%`TN*cy#VO{i%HtS9KcnOjucYP25B0~VT!&G4p;?kZJKc22RVGxu4q zTF<7u&LHQ+Wt>LAkE(2b1(&lp)Po}BuQ3-k8!dE}4;EC;S*sMxp#S$>mt2f{FZ<-U zH|Z5T!ZF+(oUgNG7CEOJI-g56hoBTAfM<%%S+k+EJf%|12WgHouyz`)erDLJJi`ti zIlj~f6)<7rzY>w+!N^1RdGNXe{E@67~s_Ho->26=OK7=lUgSfwR$=Tase>8qII43nle}RYlIj;oP##c_p(<##mro$VzCIA1`BRXPxsZ@+XkNe!M42m3dhdD;V;Yy!6?)e} z5DHjUq+~Zjw_O=e_gqy56y$D^s?%%$#ydH>@r~7O2|i5usLz2FHo*&SugUJ=r?%*j z)(bP5d283R^0D1))Sw&etHM0wWB1(Ut|+V9D;Zr`JK*i<%(BLGc+GKls%F}btNAir z5zOsnNQtRbBngW;V1si$XXd;f?03n@;B+wQACtGe(Wo~xwuR%t_~@iJIPH(drriM+ zVqhV$dSrg%n*1WF;_hCtTWT@M1R@q6N}O-1=iQ@^W^Sr9PEz@1YLzlwuz1&2g(z*H zhSqXQul3ADhh%h=idH0lUDQ0q3)F{V)L<8;xvzbVg}m!4rY_WjXi+U(;foCQOuz-b z9?;5FA@In&7FqtA;5LF%wN5EvGc9HqomT4GnV`s+L^LSJZ@>?;3}U?^h~=eFRlXlieE&uZUw*9S^lz&tAV2SmFW4_q6BVl&iO0xA17fqi3*(V*@;m0r3^ z?yI%hdnv}K&i>Ob2A9Jvq{Ruf%T)_yRqFx_E0TsII!X%i(dtjwiZ z6SaPadI=$g%Fd-b4$L$%Pdr#-{P9?Deq-0!_Pd1iyy)5LvYU;3-6q6w)ge@({^#5S z>`@l8`t|4jm6*B3L#E8)xB$!dYhKbgn^8!@2>P1689^N?Mx5_=ACVecoTlXeI_jTK z$cwWPq|d2v=JV0no56AanDm~Xz3F$F4U>gSbL_!n41P){gZ^ktPJ6HWWO$Z$J$pfV z!*}HMV0hdiZ(sE%ulgg>|F82=e?0Dx!KvTfV6 z@@zD=sglf`$l0jbD5YvDAnEPkX9zSu358jG1OQb zjV{jh{-2FVe>6H9?dtAb%vP0O&}95dg{0iYCP!;k4+A$X5&R~aB?v+ znXdYzKOUn2(xSu?ho!es|FnPXQQNEjs6QBX4S6;jy)n^b;^=Ta(hP_a#psr#)f>t&HqUsK8ii7e2S(lj#}FW-lYt=} z^ZS8b=E;SoS^e`-e>CY0hUB<++ItBk>mAbPqkiw`6%ypQ50SCtX|u6Yvhud|4%*-U zLUx>r)b0>680v-g-)O>t{qGOpkl@NRG3Xhd^pT*4@5o?yJQ($lCLMBgHXQf=^8&}| zkp6%5PtQ+!qjw!VPx`yT@CYUX$4}Gf$pDg`ndLx(lM5gfpn$XS1eD&6{wJ(U(9FteQH+}MYc=mQ^iTM0%JRac2k+T<&o9qahj{3dv*|7Kgy=XL?tTE>15r=H8f%#uXX#k^*)y*IOx9 zotd1=$JT6=uzQyC+x$d7e`k(c2Wd|8GQHeBrjhHNo?U3zFPaT7cb)eJz=h6x?|>A& zlz0w3c}BRx1pM)vjhBNrdRe2vxNk2K;9~j|=ns>({gXF+vU70QCZ}h^$t%srPfpI> z+I)Kb7cVqw-+*aGpXxk|phn3U`Kh~&*0FC`G!WJBEaw2QV0%lFi{Wv9q^I8-lb+^0 z7blattb%6hM?GYucI;+jFg)&`4&houOgujsyhO&+$)}hTfHx5wyEsy_fsFonE*RLm z_~O(a3mdh+&9*fgTkad#ZrhrTd+ZyWy+^fNyh|$A81Sav@a0ACWj=$m;bhbsy~9bA zQW;vg0x+hj`#GZ5PI%YvjY#js zq>pFx?C9uXH0ryom;Gh~$FA96M~wFBJk$aJy1`HGu**ScS0QtwNfYlo1%Oo_A_+`M zPMf4DqPNPofz>5awLu8zHPLMJiW$UuLGIA+rA_jp#7rjmikkv608z2f(<+6Qp}i6F zX>q11PS>SyHIt3a2ZHuu`wESwddzX?;)MJxj5wnXk!;ugQ^;n+%&=Qf=GkwSlmV|oU?p2h1Vpr)&)mNFg+<@E%_R<{m5j*k^oLoAVoH@;{pQLVQ&ew`h>ZR}Ifg$~cp+{v{Rv z64DhWZShmHASFP$z-A+440S^5C5uH^bSJIlEBHPJ)98Xa7D!4pdqL9n#Xg@?f0l{p8JbAF0F}Q%nIMP^crS7fZ=iF8qxWiZwKBH zQ)SFZnBV{&81XUA7F?ACYdxYR-pgI+hjN)jIpA+>3cL6iwA*2A3HCXnlz!mgQTLD> zm2$|O&|3&%)iYDVk+zaD^!6qKq)$v%R&IG?+N+VXHVAj;ThL+ z&p>M>MGuo37GuH~$RC#)$HDTfp>mBiaMp&q8eA5m{=7Efh@ zi688X1{A1(j)|o=+RHV^zo9k@RwDTgg$faDMs2nY>#l5ApUIZ0|0!mhZ26Xc9$|?u za!P+>nQuC@!T^TNFl8&q_>(yLWCWnQX!X}W`n&?BB2aP8|TTFy1^}# zouV@UmU8S6MrFGADWlgWfuMU;Yc>L!!AUgk(YaHm#)i;%(jV-qK+_y2_6 z{*}C8vGK_L505Zy8j%`a&hd$zfona6NqAA?a3n0PrY831h(>%SWX!1}OtehGg)3bM zxiv~+)s%k`vww-`Esrxtshy9%UVL9=PIVLT@S z>yrxs$_!1=#zeZ&qk0OS1F5Dj^TH81f}UZFss@X7g26MzRo~Lh#xzbTIf|&HwigVAJ4qBp}*o=8}Y-$h3F9L{aea!j5k}+AJ@1_u=fi-)f0g8rLnZ2D09Rr<*Cj2 z!w@zt^mhqTZAO}kqpb1u@S+vMQrb-K?FplIQR`aLRC6`-vT!dv;4Ri{xLJU_mP?{e zW&@U!hY@;Xz!nw^8Ov?lLS(x$(yG{-oKc~*n6d)u9}S* z4S=7sb|;q@wK5JJiI9BGV;bc(^<1#MwbnS+2N^%@?t<@nDKGV-?qA4rQ>>_;?_Isr zYO5MS_)PwO&f`qxF0xbhf7yEzI7zmuPPiWkNd9;_E(3#uc+Fzz#>%MJm*n-6s;sK+ z>aMD;uC=?~d(^ubaWgZzA|v8OL{?T-)5fjw7+#&eTnLH8z5tcp<2S<$YMqGygx$BXq`1i-S69Gpz@F@#Ai zJN65x4~r-EsmXX#S3eR0?S@0|+`_mCdO>X9qhp(m3*mF#Sxwp`}RinqP4;4KT_po~jU5zUYM>iZG16g!~ zC{8h2@h#KYM`3%8fJUR!9goD8y3DI%o5-sp58F(~t3%s7h>zp>)XSi=!J~RTfYGi} zvMDpVBLn(A3S#$)_A>EWi)ce3IS9}_4MyL!PK|FUq+yuI&#I?5#&KXG%y;^gXZa`b z+2zo>4npYy^QD-pbP!7{{wmahj%0vHTRzmpr3Z z@;i0__e-`vK`V*snMK`;Fz|0!by~scVzB@cAKFl0*19d(e%LMDX-?rMQyjxi#dYKA zaccR3XGZSP{oH+1eQ6ObQ$57co=$~by}xkZRLr*f3yZ(@+{-6UJmK*Rv(xL1C;auL z2dr;K-+X_)_KClKNc_oSM$H(f92ErSEc zjz53@`3tXj=lN&7<%_R+M@@a=?>%S#4`=yrdfWHTEdJxfGoO6Vho%4c`d7XDE49lP zf8l!;xBtrr{^=QS=zMYK4IlsN%%}h5^dEn!@@oHcPdV{<<*Voa!#Dlm|NhWVzUdeL z_Iv;7gZs~V_`zT7e8b;;;5WbF+rIG~U;dGAdE4uLTDkm$PyLVI`rHp*0gtwR;pJcW z`%Bt|?eBc&Z$JCTzkLF||G!J_&p6Zk)0HnapZvy0zwr6TfAm{lc?oR4>KXsQ-uU%Tf&fBr9D{r3<38}pxE{POR8<%d7=k=j#U_?Cy~X?pYV#knUi^Ux|6sQB;vfCUOMc}qp8mBz^+oM_U;oYT*IxXdzkJ{3 zo1|ZU)!V=4&A;*!>X-lJ`G4%PpLyY1Kl?2o|A`;|zR&#q%RaPYZ-3~<2Nyn3csh9eC!YDMuUPn_ zulv0x|JBET`=hV?nvIuz!y~VK>+e+MhtB@-eZjZ=%sYOo_T;Ny|8M{Pb6@zt7oYs3 z(-R+N-~6=qw150>CTCB4{*_<(ci%m~@Vv+W(^DRO)i3?VhsrT%!+PhJN?#-Xr>%GW^UI(12Vefz7uvt}u_wHE`Kw=e z&!_Hv>d$@s6JIC&>gr^t^sZ{_OvJM*-BH^}8qk z@`+zEpYnZI?VtXxi7z#t@!7&(OuzX_PrdT1zyF*Uzvs~>J@}kIdZP9O_fdWAe}aE} z=2O4=JOB5@@BQ+lZ+-16f9DO)KK)x}=k!}w{``S&eb;||(gVS}pUr;blRx&e7k~6M zfB5Ble_eXzo4)UFU-l21_f?)g|G&QTJI?>%Pkm+ot?r|z{y)F|@P|A1zOnkGy0Q0m z?YBPL_`p4%{%PaKzUd_|{mHufJugz<^@^4M@Yz%EeDB<^%s=J6xBUChzW&99iu%rT zXM(ps`!zo!c+Y#&5C1p+Z@yD`-nrI^H~hZ%cR%`_Z=HK{`|rfQ2%htK)!{WL=+y80&BcHH8~^;{&-~mUY&`l0-~F%dW53dV;deh; z;NJPOSKs}xcHh#Mr0;mf>+gO4!;2jH{C}!G@lW1RfBs+o?oWU9?O%P>Xa3KXzk12z z=AQW8@|V%ur5}0PslWcVKm0j<`+Ghk-S=dyaDM42`&|w6x_|f8dsgfpp81Zy`M$?t z%d#-HJo{5K4}Z@cHN$u8)5U+`Eo7EccNl-~Ffrh8{KqN0BKP7yh0ovrd|N*E`FnM+ zXQK9uvwynC0v2eh40ui|MmO!9E^-W4q-Z7!GVv_SPWgNFVg$@A)7~A3t;kaXc7(?zZbYNlmH5ApYs*Rs&* zBHBZ?V;CW#3aiu|%kg%wV0Td*eR9TgT5bY<-RHuf0gThdC6S%vIgt^-qR7bM*9y<@ z;a8S?f0aOmq%bnTxmiXAxB~olQDn*AipVn}eIha<$x6ORV38(}+A8!r zX@eA?4aanC7fBD+8qh@%J0?U?u1sqwj@XWUfIO#o|9w-qbBVsz!wbtDuX(x{U)X+9 zR2eG5lYk4qol3Tq0IT3W*ReWv#|Exr+JS$%s7jbdkq zA^I-KA!URUl?9#0H#yk*qOV_@hF*OMh@`B-@xZ$|TPUgsTG1!f^`aE9ND~iHrh59&;RKEMdLMh;&G# z_(y``o9{oC%1J7fi>fdwDqvC4CPhXB6-j2KNtxk*Br?JzZd>9pe>jE%ivq(r-7;$)SP zSdrB6n1Xbf$DM{2KCoyc;l7<<=D*`X4l9OFXCC62BBE$2d#_}mLIF3;zkyRx*)dzv$ zWR6ueQA>4#WfWWiFDNNSlq5!0MM30L4V5@C*=qlzZm)Wu35=}DyuxWRsPvU%1WuNC zNdZY3SVrPynPYhsBq&a#E++byNUm@qBdV&v%W5(?$+)<^L}G%#)R1tDstKYds6;Vo ztSHNxFe$MN%PX29%S1=99M8%;p2UnSsl31nK$aL*mJ~@qH>HD4r?M=^l%)b$&#Q+ z>E;zxMpHyZ!f7HS2r{RVL{1e|k(F@;GNZ5x%Zf>^a)Q7}vdoDpHbbJOO0p^gEUp}@ zatfDBt#GQqu&So2LMpSyGXkqAygDgqjKs>C%%xH_p3y{E;Y6bUFlu5c>Pu#_9AIyi=>tWUP5vW&uMtSqM$ilQ+ZuPT~2 z$q76oioB>w*gA@gpy5%UXEmVn-6p>R{32+#7Xo8?h z$D*qA19ds>+B8EAa{eK$4_rih@T~Rt1sOcnTE4WIQ27UgcPv znPoVY=U8r1QW%X_IDu6G=C>+}il`)0E1V!PnjmYkl*-Iw;3R2`qOiOytAH3{nN=ob zj$u_<(RkbePGnSS9x&G71d+wGcISc2GLp=4D$j%LNw*D_2vb!>!djeD7)@ps7E5L# z8Bcxr1ufl+yh*C<@#WQo&wz)KP%sFKVIgc?cUIg!I~Q(^?7{5Td{6^&Ijz;k%wl6oOi>t!)0z|%J|C3#h2WB~)N zNsLT2nH4x5@T$V_lBV(eq%1Rn#H$)s%Df^oqNGWJkeq=$cI+gqv@p+Pj+I%7BSR!p z%bG|f9)UtFMl!R&G6HUzo0J7cqgFVPs7MSea+-`yb|P8D`i)go+z*ju1ceoO6)Pv6 zRd}A$057SG%CQ`$OlmBnVl5z$eyEH}w1XxviXh9prUG758J5<|u`I(%xTC35teaUu z6)+KrWI-jv%!+`=m=+sJKB>KV3ENp-;l-4y=S7LpSYE&oHjx?6{LqGoDx=7Xh%3f; zDXbVXQ07z?Q^5%gkJYp=$zfMjlz3GDsZ^PfB}u@e#9Uc#? zjf^02j7;5?ZmJ+~jEpChK>DL{JTLI6R90p*mQz&)EGCjA4ci4-k|nSx@Eju(44F)> z2%N?UEGwv5GFiYwKxH>E<&&v0!>WR&i7Hr3CMSS%B3V=zK@&Az;z6Rl1n5l=mjup< zt_(=#Wrmd%o>f&)NhS-7tSO?*%Rmr#hNtL}=NXMvBvHY<6B&u3II z5y*5Q5}B++lo=W81vS-PBDG80Vj?-!6&34YB7I5MKu{${#JFBeaY>aKzMrGr)Rb?K zNbU|+C7GNUSrzMj;#4K2pi5jzlDb_PkW3<5sw7Z>?k0C9xgZIQ8hWXM!e|PoY61|j z1Fk44&m~hUf+8_uh{qF|i6RwwkxMEdfy_lMHBm^XMMaQER)G;UNnvFms0zbUQS3=o zFzV)r1`{-l?J+yC6M|`*m_;b22qkWsJ}>63a6jFRP+T`~^+cSZt9cR$#;kGsc`srAmw{OQM8R z6IH~Vu80_Pi-JU*Cs}4SSpcFUGXlr)YN|gX_Cqw8W78goD6kkUXk5xY5m^E+Im|y^ z!RAZTgk-9wGCaqt9G;qqWLaeto|i>V0*Q(fKuE+u1q)0H9#uq*V^m2HSS6V(adY~W=jD*Kl zNG4ZAUSL#;SvYL#NVG!~Ifhp-{39lr7bH$o36mv?kP@jCQQ;VgxH8GS*gp*oq{Og_ zBnb)-HG$zMjv+vt$A}E`M`HMJR`N2VaRRI0%vifoZ;_WV+)@-Ch?;_}DRGB+j7@lr zRl#Dm5N?AdQ4<*w84;3>c?DB~0sW*RGK!+glBNI=`@?@#J z7gw19=?PakR+B-!x@)gs3hWB*?&epOsivQ$d2}MCzi1 zZ5@@3L~=zEv2xI4j!V~p0Rj!_CEAl%Mj&=3LEB>XOv{*_iPehuYxsryxo^tftKXk* zCBErTcmIbUbS&gEy6+!$8>9CB3X0OZ|AXbEeE-Mo_%J~OHBqVR7#(o606-P$yLHcL z*+z+Mn<#?`RKx#!egS|eMGyr1v*y@AsRo;-)hUDLMt5vN+XpM2^V~^r7Fl~JFm*Ty zd}#Y6A9-f&`GsqRLfEPe_o~nv)NZXt8m&6}CBFd;r(Fgt;N5-l&#PDANp=#1|7ZA9 zg9!A^15^f_;O@ssZDiIPK^br?i_;q6Pf@0MoIT{#EZknhGz?_pG#46%Y1c6c9E-E{ z_F{)@Fe$Y?=#mZ@rtey?QwAovmcCTA9DO(08ppEF9@!dh3vd#pi|l?W1A!ev0BO6o zi6-1HMQOa0F5Ezn9E-V{<`>Uq@JpinYC^AW+NG)!1WvOY@*_?T9JdVEWD_p5k#$|8 zEQP)98)oTLiakOPC#r#6if*qS(O{3LG)=n{@|Tx})LL%f@gj9cHE5dFo4e$CW)pe? zr&QQzmE0p=2DW3PBuycSNt)P@$#K_Z%p$&@(5UGIp&10ovfS5TPd(wGpFuV7^A$~< z%bTyyl6Kbi3W(zA&Pc6EC+JwK-rwbcqRiIMR3G+@DM zIORv_U^%H%$ar-7<4<*)WAD3NBo z)8_Y%e=z>5d$0y=IAuV;QFWka_*3B#%jhq2#dqu*Zeu9^6J$l<#2);o2qK^3zuWP_ z^P)&zE=|vE7RzL+08q3{KPZ;L1ECvsHTKPl)s|@m3wE&#xXEs+0R!k03|K6KVyOhq zP_Y7~QZbPYk;{gPWe|8Rlt^!wMnz-+>IDU%t#YT@HVKR6zk+2_iA^eSpf-Us$lXg!M;@@5R-cN`%NDINp zE|6Rvsx25q(h>t3eoHiF24u*J779jN)~SCy^aQeIN%Ddh%cmH}7R|3Qs^(M|R(giXR8@ zRL*|BXC6e)Qjf0nkbpZz?kaN~dhKA;Tj=#ti&M8StV+*L@{H{EUo#JISEZh3SSz7f z(7g|H4X3?Aju#9XTHl5Ca?2uN{2|=o3RfKyF$C z(oZkN2@O%KdkEQm48np3trl+0Zdq2((`&uihc)0KV_5Yn+go|+_d|uOCrML_-A&Il z5anf`?HFj6)E>J;&1aa9WtX@Cb}61FMfxhBp0?uopVrXO(lbUs^d}=-Lx5T;gPT-_ zG)$Aufala=)Fg%!+4v;ZIw`6m0rO3}ZlRuv9WUsgGS~W;a!7_41Ea3tz_`>vUQd>N zmq?i3YM%69fKHMt6McV2cUwC?(jD9IcLFDX)&o-Wp;M>QrRliLlWQ7rE$cWVsH|*& zuxJl3fOfqf#oicVz>N^PqNYGUTnNl2@{wmEKSvEYYRFMTqQV?CW?F3;|y98 zxh<~MBqMyiaHBFd+z3Xsn1hZSbmX8T2OU}U=Ah#khAOmdRH1S?s<^YLVtAP1>J_JY z`ayEP&KmOeOdYE*9ZOB;!QwR%#26mKxO&y6<*r@3ndrsjZNyk(ab%ZcORi)15f^S0 zd(j)K9q)RXGjo)gyl`A5}!Z)E9jR)y|D0`lGQ^lT)%S5*ORHBeYd> zy8A*=|48r7OyIK{KzFvY8RDKITfC#VuY)YhY2QlVHxgNL<0HRA#db>1Op-=TBsF^? zb!T9aykmC{5+9c9LauDcrzc%v%8W#dWDEHKXR~;v0HXv=BY#!1uGJp_GplD;5#rwaAmmb-&&0~tG5Ord36)vcBv zAn){p#b96w|;lgY>!Xum(O6mgACgJP-J_w?E*?HjY4 zDv`pV!UJtk>CW1qjBp^hjiHC5Vt<4l`y-8Me*_`7Ke_!m6#MgC4;E|Cw2<*49ojmw ztm9&b<_Xog5egsXM(D^Hp^3Ta8CB4ZqajkqHAJ~1lpCU9hREMFU3Y{jIu6!mjrJoq zH{rwF+#ES`b8Mq-oG`Ank#cL3TbnFv;~_tAJajk4-BxMW^1xeegpPp`I;Md)Zfu7~ z&P`Bmf)2+79lOw5Y>M*OTk2tMhmM>bI>xa#o*UB^@%buHZi|N6qT?QYiw({Vgx`+F zRyLv5yZCaWbbO4` zF%8u9?cy6~lK9*t4zEIOfjlun`F?umYoo++hObb6b3gyVdUqia#NqZSG{H5ijZe5w%~!;L_6WD z*bfB+Jkmm5XFW15&^Dar7PNM6%66?dmZ^8ZYAfs2<~QS&8pzi@(~ZPDH*L9TOJ+DM z(>D5&+T&;2dRO!Y*)}oXX_4Eufwt{tec0n`$ZpNfj3aB%j;iXP&~;rm^y}6B*QuVX zodDft{Vb2EpXEbS!_Y(U&a2^NCs=M-)?->52VN^%8S5~BmQ&wxF)@CC>|kflv06>E zW0?N#j_*Pp?X-Mk>=22~R>wzIy;f-Vz$WPv*zg~t>a_{Unm5a)Q%$=U{U0GkJTm-q z>p{4}-c0=tfhfc3S8uBR5j!umzRIuDM!Cq-ksaJ#E2WKTrTF1i>KNJ*zu~mkqdB$+ zt8|&52S=xKEkSP=d48XQ@7krKYf7Z@L~hC9@6g6gnUM|Zgm zIy#o+u7&vBWrGpgQ_V3xO@Az4{3}k?zgq$RIj8F9=srjH{SD;kKC{_7i|)DJdjSS6 z66EmyZh-d#OwaMh_Pur|2lhw7sNB84zW21sAib&Nz@DZ*7J$9w)a#~w*9PwwY4>t? zpTqn926A|x+3cN#_kBlM2AL@#hxc~_ydP|Ujz7ZBus*j03BOfL%Q+txlv-R4KOa&?=fZkL_l=xW?$$1desxBDd5y2)R6PV4qMt)S-2xW4CKz@4%XQfWXO>kmggl zlFgOu?b+5gNXbgMlBMank{zOCEvJ6mbnGG}Iajf{ioH!c;0CGK{QP>D{#a14(aTxx zMifim*pg$|T*2O%y<3A6Y`(`hOwSeUu|}{d{dyz#HF@c9l7YAN&S7l5V{~QB6E7Uw zwkOHNc4lIqWMbR4ZJ*e-ZB3k<*tTs>GReGo{`Xz$ez{+2uj<~t`q#a&s;Uc?ef0Ok z*WUDcKIIsV&G^am zRL?$MAT}wl=P}0iTKG~^27T~xIdG6s zTUUZmuuUhL*fQn>kJ7jwh8;DJl;@_DRO@SjiF2V zIc9P_XUi0d6n4NM*YBVOqH2wY!@y}on5%GK$5Jh!1lbw=uK7xd4MOAnOf~;*t`vlt z0e;?2TG87uB@rjw!%5>;G5ZZ#))_$jH7wlgnjJZ&Gxm1mRseg_UAWFG+k5CdY1XNv zWtS|-zzS=yxEZLIqGl%q(z#i+5O%1#kO@Ii=9A$;q68VnqnQkdfQ@KQz*6=Zn(2>P zvS{mljf_GjHBn2`Y&K@d(g0=8r!`S`ffOqvDDCiqm z5VcGkUbA;9t}u)kIIA2wESC%q<9A5M!bM0i7+tr`7U2&xDv^I5T7xXUD?tr2h8cdn zw#=Qq=7GUGv(+Q#XKMLZ>`SEtr?&1wx_4j$&wbYz1v#m}&jLcDC?yNB?f9=?I z@JmcknwgGDb{Z3Y0(Yz=>Hr=>RzFPxri}H5J z-&uAf@AxYZ)b5B?EFi<7AL5|?4VIJ}`nJN6cv6^!>p4 zvEUxKO`B&PN0BG!a^Qn9LGmL{eQxU3^V;H`mqpN}$cNh09y-r)n0x%>Ptln9PY1i~ zx#ruNU5<)B5}Llpv`t=QI2|OZJA5n{jh|+7ptTDWKKTRrMf7xPLFguO@B4OR{hU#* z>j?H*-WCIR6c1BVZpnXB9)>^xw+#C#&_T?HAyIJ_K&o?_X2KH^A7eW4047aB7I{AXUrRB!BnjEs*;#|b$vxN@kEOd;@;w+l50`NY ztQ1iAtJ^jkEVB9tJW)l|-7tX4y9lIVtkKFFDB^BqM*(=0o+td z!3(}-N=kkGM$CW$BJ)`^aq)-fiGf#Nbx~RfJuaf=M4^&$z1wglu!>z)IbN{RdI# z3nFU#A^3j~!T*E!KjsVK|9cau9@G*Q!4v>1jxj$h zAdxsK#pZm-nz$|C8ABD9fMi1xm!KmV{6FT=9~dr~HYznD-L+7ZJSx@KfL|pb;Y4Ia zmGKfEvo2nE%=+JBHjX)DeRRsA#AP2FqzK2r851S&l%hnnJXDO{L*9-o5A`P|j}{dR z=uQU*Z$i3MfF9f?}cTlNCg%_9w6gLqhgDnX=8m2linNpYH`zN1YGl z@5XQ)v7Fx32Rbv8bWXuy$=4=D0hw#JLww0fUYE#&>ukUJ*Xq~NuO$?1?S@K?ktR|K zc+#w4SPfmAjJwuw)P#7w!0>W8C-dMSVo0x&SN=_91w#BLG|@gXqhy*PU^xqy&_obq zG@%P1gzGbz%8MB(tew1~%y})(-(L+p(HOSNjrW*$AqQi_s%7*X}f` z6WtOhm<#1<^un@`IUP-YEnuxK5Uw^R7-?aON>;HplZbe zwM<_us@qlh98yYJN8xm0V{~E>bWPn2x_6f%PE~u^6IeIGVd^C$>PHX^k>d=Jo!UpD zjbf3EO-CCfxcR7f*aVVOj+UR^95f-(8N)mO6OH5ZLJLA+m}8$!h))rf=qsL=H>P=5 z(!ZkWaFhw=Ia;#MuG}C$ev<=tSZ3@6R_q0K?2{i>ej)^K^(K7ou)wk~N($-_ANHBX zvvA#$AbORp$ia56Wnbfn=7z`QSkVZ5LMk;e#Md|}x3A_q)t;P!UfyN4W^&JW)K^d^ zSGuO;Ys6H+%e{d&kQSN&t*J{7hP%G?S?MH&;a*|1B0Xy+HAb=xS?F@5DCC}nqAoW<0Ts(KLx zQ_U>W0!TkNb2XT;u3l>Ke)^Y#Bw4<0Q zgHirv;S^$wbb6Io83is^O^FS;=+dC8u*$+G-nqY!l4a3kZ&Zt01D6rnwoA48tJyFq zO7>roq!#Gn5sc4iX(i0O#?_{WbYy62g?IxspP0FO=su53#om)7XR@NE<40pWNxmGF zI5=%8@`Q~2QY@C&ohCp3Y$IEoK^%J;ivhQ76JjCTb9Gr0YUe$VHJO}tn-lvrjfV6YEfr)cA+(RGx8~Z)-1c>k_fK!w~X$W zU&sgX9QzDj<-mGNI{9y{O+Q}^?hYYQf2{hQ^2_htC?7=Ymjl<3B7LZ&334`8PxXq} zCvDuwwHhQ0{pQ@(zv;zHr(!|U$T5_Tca;8?or!W?K&j`A7%HgZoOWhN5A`cL7m71V zGKwbIQaY(rHS`C-pZwFSrfeT*!Q{UE&$E7FG2yC+@cWPDa8pe+9P#@!)3xp1Y+6Se z9>qjnMKrNU!G0&AnL8RV?+IENA1yzy9?VNX+tNmd@qGt_4GErkv%&j(2Vz5S=rI8 zzO|)WXOHPQ$G>AX??3ar&q2Jl%(@xZ463Wo^8_1u>)oq*nXae3QD2vwz>{@5XK(9V zPNtluN60e07VeMp=8OGj7sHl?jvUPsU8O>CW&`+jjd$B+Hbqo>&2`(+>F zjzP|^N!`;>nWEC_CiOM>(tp(D3AVNQx;;d(UM#Ml9Is=)XO|#W5x2KY4lve~kn)`1 z(y`aj^~$UZy0fhOSaCybWzIR+TW)l9wEiQbx@v>(92mN6-1&MXdxGNd2k{uGx0$*X zw@xl^#dD&T%aW8SojtDFd1C(l@_zV=eg1j=ubJrv5?8@eyMc|v^vLF4trY%I`2U|Ftw$6)s+%_J10lpxN~+}2lnN_+LUBW@Rjq( z@_c`z!PLN(!Jd=kL6!Cf+8R6TMOLhQOGmF^wj~Eyua~K_b6P0uM9x&xiCIBCZ`H;F zp={T6%D3q~1Lseq=GK+gwszZK?cBBQ!|PhD5jFu9CW5ZofN8sFLg&Ob8yNbmYVEab z?H-MmG-kq7$L)3_hKqs5STpnK8tzyF&q2O6&aTeLV=hA6Hk_g8w9TiZt&(Z++%A{9 zJ}VpB>gl?fWnLcco5Grr&?8yGD`c+ra#A_OjWn}WRlA4Fqf(|*?f&tRV>avh31nZl z&%Yxh=X$Pg&Tct53u;V!Wr*%xh1-Rw%l{6wNNoOPpx9`I?~FKn%s3|wy`1{%C8p^7 z+W{&FJRc1}@d)lJr-NBLrz~|makAJF28`4X@&m)L>E-0)0?uk$axp?NRuLTy@L#1~ ze(kc?UnyLyQu4>~AxeM;KpBki_*o+h-4k6FqG+T;(+ECFO+3bfTLC4tSmUjEi7#LB z20)0Aooo&TH*LhID^dZ@873uwz=z^W2rxz6EeAUI=TPJ_5Hm`#f2>ceH)|zo^WoG} zFjvOuwBeH}IF~vx;?s+vD?Se=8V8!Czo8er2QU=u@k1?%X8|mDCE#+Pf>#eys7thQ zq&?@%Z5&l#p_ZmIS@#{_iqPu&mR`WIZ#N}TxVq7E3SJ5ULHY+zH@I(2oU5FY@FlKv;w~&Vc$I=U6Ld0dcO;Vl_7v>; zux>$RNe>Jo)bz=#OkNSI8L=VrMx(dgjf%jRmZxOp*#_{3t$MlE9P-SC42f zi7KlP^|P{|RR3-^_Jo)y2)K6MX<+D5e^@zl5(N zU@S9R79c>KL=1(D7r^xxcuiioUTD(|IZJ0vi+<60=8p&R5<&a!tt2J#i$x z^kKBo3YgjE{znFJxKGzddc_4~7b{woJUeJ)6WG!p7(F)@qi`FVjat+|q>BjlG^TuyQ zy~V?jIpH!55e(_fgObc^gRFm(qydbP)Kkn^WFz8<-=W|PoV0^wBpmG&c(f{HFNAtt z@HSbGs0%Oc?1%$B+w9}OR(QPVP*`CR9#NfUlP!lW=n_&Y zKo;Vxbt)g60wYm30$RXuT`Dvr#IJ(_(?qAE(1TEv@gTm~I%knb)T$dE|KcXin7~*e z4Uvh$ta5*qYd%=?imaAj@d@zqNNuh>iL>JTEC=aHSQU*Q)X~t1=l(h{U;|wpvKAh# zMMs~nib~xt3ZvLnB;6-aHwe~Zc;ZE?iA;zm9a+cEbk824;amX3KnPKhbq>Zd8$BOw zwnl+Gel}bf1_)ewp=7j_!vik%SWjce@c3*1+@O4yoi#F>i0(gjXkl9$ZKJFJ(2yC*U0D zUvh!kh51(M$e9r5Oz+K=yvFAmV#dA-AV#a^I6o#?j?B5%i7drIk9i>CA0LPp*+Lj4 z`|jog^W}+MkCN8hKG(k}F41lz+{7y+<@%R_Hz*$FM`5G!WD+u|=a7rURZOYHuqdbV z&tR&zfXodT>JnMJh6d?*5uM1g?h}rMIH|VU@aOcx{vk|4mWVV~H!znrhq{sipOJ&h zBrs)I1xz_6PR38X=EN9dmW)F}(4OT4LKc+mLL-Z}ZerVn(E_Z=J1o3{mj!Bc*7Yjq z#A5IrJo0xul!23HNC6`p9?`3@Sr*U630elcRO52vA4qCwD!8pUnspA_foCbuy9?>T zKcU1_q$oecP(_h?GVEd4AKeJnTQO(VZA>*M9N6KdOrmW)8rw8kd$u*KaRWwEV##Ws zBMjNyxaM%^rkzYWs*RJ^ivSxBmq}n!5hcb52i9jZLdd6dSuEn zQDdgh3_Eo6#wSu9XFW=Mb|PAc_Fc4-n8(ndsf-75`Ipe9fe{w%5Y#lu{dz7w*-xSZ zj_)of2BiKl)}X;%jg=ar>wh&iYF=w%RhI{gBC&R~RP3e9{4F`;3uGFRXW+?XR;9{1 za8K`mTXN$cF_-QtXPaQX{7ZoOiqtqeL;tXgs7H*s_{n^3BWZ-NBZ?|^xPs6Q;Zs+! z$^<(K8i_F)pjnK_;H)1!0bl`!={}QM^X?J99!L{*2AS1eC15&Pu19Vp8IX+mi%d#= ztq@fD(?!2&W%vF84RL-pWw89O*5beN zpL@YZ1aB=2AR%2zJAWPDs=%^}aD4ePn0);H&5?bM^1{pm@=g&0O-DHM_HjH#VVoB3 zz*~nMm$EaFuB4-1^E6@-_-M@AiIhow)ru5=pT+pGaN-gzrh&9_u#w3oN`|n%P%WsA zSU~wpQwhh{kMen!GfboM(7Et6+U@WjhoAZ-?*Eu)WNm)`yKwVid;ZtxwP2+(GvCv- zk%kj=j(;)!oa$2VJGa&2W4WZYmFRYsyWQ~|A=pFp4`!{`TT!q4G^b=O^m+g7@yBNy zFaOqWhtN;$ZniDGO!rF}=Z#Ju%anzzELhxgdEdQDD_Fa!cihR0)P|ND^~_~EIpa`U z{nbteCgMry4eBm`L$}h7_TTI6^*@MpH1aT0`8KaZpPY~H``w%^d;IFVTO7CE1JhQ@ zHn6?d=C5pD*m`-LGxWFFTdCY)can`VFKuPp(zfWB#}Un$Z=*%EunrRzbH8ms zh|Xy*RnN!!BY#VqTm6{Ir*rw67B>&MW(drgbiSle-5tI4&G_!emy02`gpm!w}XF2r>AkPyS?G&9AGK2V{>`#T=i_K+*Q4C{kgtrYVQl& z(m&YhC;=SIk97Cj+2f_9p17i{v(sBYOkDESjiqVoY8h?C#x_07W7v;fWOWT#DgRvE z&erel{_R`OxslF#`R6%Qc42$DWGbVi=IHrtv(Yty`>*PDJ#)1^Nww`HH#4_-TI#ZS zW>$B99hdr1G-05HjSVx?Lv62DJ-*6}L(0;Wr)7$*M_L<_xwl{chCq{l09Wct+R3qd zRT`H$)1)o`$gza?hF%UU6JwLAowUZ$Ob&N@#`4?Wp!(Jyy}lV;w0f&b8-#y9&!0DW zKkrlc{O|gB^lhDRk>1%5XSgO?kR`SBf3~%`9&e6k`YLX=nx{U|#~#)EQT=njd_MoS z+!4&VVPS)q#hztea}-3X}wm7-&^e(>Q`Ne?Et-9g(X3aV6N=S-MsJ)Y>(v6wB+rN-a=aE zj?Z4=JTW+AQLa;HGvssOB2`m48a{j#m<4k+99f9LRHBV@lcOg04>k`)a-D)efC`Kl zu#dnIW&k@Q)jUO*5>BUAfK!!Q+HuQrq;N$@tx0T{Rdp%s0+u8Qa9O7(?8Rc{y0-)2 zGIh&hihp?recE}a05tWGpe=UT^@0RP6b>GOB^sreM&-qkNDZ)oyv*=J)H((qGvtz9 zoTDnxfaFlz&FGxLB0!-Qq>h^pI-^hLv!nK!ACzr^zp$vJTaND+E}^=xs-dzfRH?Me zR5aqmU&;><112GMl`psn3^L=&j{y%K5!KruyW3bNnoxs z-^R}c2v@>Q|9ZfH{yLXrY#-&wcbsLJ(}R&tgJ{~m%Qm4eeG2NktCw94QwtCn5psN9 z42A$ihfqGMvC@yAl@w$o?#t#toOY@;|NV^{8#3U4x2&OEu{#;GTop0zlooBFmG%*XBE}rmOIAom&RaW<= zoRheEv%=>(?n027Ok}nG25Nu_Bt93xX>xF6I-mS4mM0kaxzK(gr30CX#^nKkcX6lX zgwr}$Mlo$O_@lroxID5>Nz!^Oq7EeB^lkUB_B;*L|3}$G_lIVf*X0kMH5Y-9?>2l~ zWX|b0`2e+ic>3d&PkRm^*z9;I$Evl+iHAn}EG@dGsKy zADM_%10@s18{f**?sKT=Lc{r$)-aHt50|?X5Ww1h6OQF+;yJm zLUdVL{JbTrwQeyb|Jgn536Tuu0%%O=$b#tx`E7gmPAqc*-ykJ_nOwCFHA5r|5BJ4o!1226@vT#jC->jz}kZC``o z22B`RoH@Lg8~*OUzE*uM!zP_$58-4J@g|>8CQy40A%W_3<~O=r^G-;DY-eXfEuuPh-yG}YT(gy(+^Z@b5LYUX?n8grqgLf$@v23*CCe}y* zO%VVry+UK9ia2t+xe@+vuNom(q`+|2`~^tF{I65KQe>S`7P%d3^j$4md{-=%-_eiZ z@OK(Ddxa#Gu5-tB-3_F{fWf(s3b41X&*YUxS@?Fg5=nj}nOemhx^^HdAvdRJW?>_g z5QZLZG*5};`hxdtv&CczrL=?pVA$ADV9z;Qj!W1bBq~h#cE@kMGhhuR_ifoau+5rx zmQ4D~AdGYWx5AE68B-B5)NWrZT?IIJS_KS+^&R8{t=CHuK^?x+=PG~0L|<@%fp#g% zL=2X|mlIyewj%q|S2E8%gz@1RCU6i^JHqV>1;7rU(JiJZ5Z#vJuUEtLVc7hFbTP`X zhaw^5tA!V=JS_w}j}YH~m>`M7D%3Z`o`lwM$Ims!bHk%4n+wgM64|$bVwh!31jndk zWeeuzBQP~-92r%jHtxz0Ffl_T?FJ`?xFp;u+}Lptp^avYx*NCSlt6q+P+~~;F|0Y| zLg^Wc5CVsMKb|u!3Qi?235Uu_ali5ovp-5}D1u$&Z#np2)lfhrnNgm?xDd;;tzGO9 zy%4he4FfzQ^!UIrET-ld42zm*Q!bt1f{H0Y^qVFr1FRXpEGagnPJ+!QQ0w{ZMY_b# zBc|U%CW0FrktSlfhv1)f@k$(EdGAXd)MY{n6E8BnS%gX~cuFlkK9-?rzAA1OCd18g z@RK(R#PL~g`Cf;D{ps(9&4Qb`O=d#@m@v?bmYBwO7mF7nK>8#63upQhFT8nxm#`Nl zot(lO1@;aa_~7YS71Y!Bl`jmdhofZ@;BnY{P!Ly-c5WqGn4)w z;4rFTf0_U0ta4{TWw-9d|3E{Of8j_LPGEjE5e>U)3Ke1A^2lwzwDezVP$#Bo&;Vj` z`y8eOmftE4;CK2-DO-)@g=!cqzi9{H9oBgq=UNuwP;vp0S-Qyvy8Kz%8`DO zw4pZ74;c7k*VAUr5Tr{7d|~?OU|B<5Ftf5#U{Rz+2yk#R1Co5yeD@H&izVSeJWGqv zOhl~H2Ev>7WtH?{dsWM@p=;{AxgIdNfF${H9r@4<%MaOh|21Tz3HSb1KE;3E@0J6|U>=~Dc-C^x8h;Sqf7VADqVMB=a9?kL4puJ|>80!6tjK86Tty0n-g>3@S zoeRpZ)+V%A5-E6Ya>jECgiBH01=~W;+h5vQ1xjoi^ROP=SQ6{OXhwpjGaD~`*8`ik z8A^Iqh#8wH%U;79r1L};|HOi0xpVwqga?ljXm z8oZ`s%#hhH0dw6^DXO8u5O$@rLeIp+W4@871L%p0U&dQ^z6*fjq@DK4wc0#zWx!yJ z+sU&o5@(_e-F@&t4X>9+3;9~velx@lhsCEw()5@(ECKs$P%E&z{PBCxEfI5P@c@zq zv@N?uhz202iv{nmg%Y&MOkt`Q%TAWb+XtIO~qdKL5}SuAx^g2aTRUd1*WG6%M8 z?l&pczX_)I6&?NCW^$NY&Vuy0N*unvF1NkqR&nm^L0yi+lQdK$%V^S?x8eW2fu&L4>g77mbL>!R*$Q%*R%vX zy&!R!<8yr|WFw(a&2$sQP+t#S`t3qjoY3jDTL22d>%j*= z3ZPR9c`?N=4nRfJF^*&=yxk#>qLwmZzJcO=;-vgtiEmEcu)cp|qv;DdOBGHq_K^4r znQGk64mr^+(T5l|3vUh&1@n$|+YWpep_I2rKdHNDWmQ*x0iCeM+rz&rWfX?lZiMjsYbf&w7f|&CudpmUIdi3_WxPP zfwMMqsgx_SdS{18)equxyt&I}em-O3dp|t~{}cuir2lZZblCeUUmJGnlJ1{F`*Es+ zk^=Yh9tQN6p4>|(v4MzKOGW$FB5>k;FOUp(O$@hC@X%F?(ekFci@x=!NNWP(3Z^mA zZD>89@+Dn;?`|99z^a&xcd%J36;AA@N87DhenYWwI_{()Tt4Glg_UD|H6?taKOy-o zU0|Gz6`aXKcf|0w@(+vrW zm%2a!mCRA_R61eKFcs>xffzEyNSj|Zopv{wGcg_xy^deaV|Y2X6@OGt+305|tIV&U zRz-w;YB;ouPoyh2w|c8Xy+e5z_+6@jUs>r+r=xtwi-33udKy;R$)pN+JT3)LsGC7* zA(ouOqhLS#N<+36Y<0(K9W?gnGbHNEN^d_Id#m2-&l0lg&cmciS+BP9c+W>(Ti!W` zw3IMIrITzZZ($;iJJir5L5>6J&OiYf$~g_hR{SBU7Fpfq*i9Jg0@oNs=M0$KokzTvDbXHR(5clnV&iLA*Y3O##?qWb622o<}7er0HN#i{+2jH~^B%LmPt z8aQm}2DrZ^w#0az!4^Y3p6?Yi2P(PL{^1Z$S7Z}p)MblZ5d5yRs2{EcFnQfi3b=xil^?#Nk~V3ytN zcl=WI!ly9A97CI`i$LW$1tJXyMpD_kfCurh-a|avFzG5d0_|Mr}*?2d9{>vJ9^pF@bw44p{8o7RrZznKG+_*ZNVr)gU?qkqKha2B1OP z3uk%oFSRp}M3h=4H9nsDU_;x6l)to^k>rcV6pH){{ND@2% z{1);Q`mmC3AaAJM#dluGgDf#@u{)I*+y|_u65nI?BHkP2Z6A(NMmPk+WPmZY6!&T!i`P#9)Th$@p0Rgolw ziPD=e`zwJ?>2>dhk5C|@m3I-Y6}ZXBkN(so=U_Kyk9C$-QI9c@I5YyTMIPAH9*&-7 z!7vEA^n-juR(2O~M_BV-^|sW+kLeRP=erw$-RQS%mU@h;cA76~hLcDWYQWM>l7XlB zS@^A&CE@IoX^0Dd&AasEmn0kCYz9=as+brQj~h&Cc6uN7+`%~Bz$k`L3ZL#R9FZ5{ zEe_HnOl#s{>fwX6sZOf#zVRIwi(%5XcdU5#0mZLP5!EjrFMOA%=H*u$s!zlrD&^f8p|tx>;Gleb@v6qOcY#H;EANCc+XfB(GFsxZBxSRbZP01=w1@ z*(0ywpk1Nrxtm(qbTf+FDW4@bWxwars7Dp*Mr_UU)&^BC&ILjar-w84hUAkbx99eR zm$JHA4wYTDRUR_henpf`IjwrFdhnL^3WPlGn@A<}f#E^@qM_#-@{_2dbur+RkA4+N ze?n8yE){o!4AFG8&;&_IZCJIJ%iBARB1gz|7yfc);p?xavF@Ou1k${yVgR4)tBSj+ z+x7=qcT8QXG{5neBh!uW{Hv%pZ$}<*X87c$dn6bX60W&0E^c zvtq3nE>jhPz`f=Qc$1qe;W&!!c@p*c!H?`J5SIvZK4Nl%K6pOqxUo7LxB(vZ8v*al z%T?j@hoVt?Tci!)X(_k^sjIQTJV9)(ZmynIcdx@cH$ioHbm-g>F_eaQQ0PJzlAMKv zmlA~udJSu*JQImZVQts`uZZq!JBQNc!qIgD#3~~v?>j1?!0B1nd=l`}9Uc+xoAuw3 zp*Bbp*@tbh>x%YgY8Mv;b!fG?qwQ=)!ak9m36hR{v0IgmHGB%U5wZ@m##usDh%UXW zoLxEwiUhCBAJ>Y%Gv&*2KWDc9*C!$GtU|CN4Z|urQ#`~F^XOXCZn(-M27QMjX)#QA z=e1hK->O+ecn^ezHC}R5mJ{GGokCQ`WR(VOUns8a8K_eDu5#-MX0mvL`XKHS5+`ov zqQ0wPXJm$cN79y8sB;ucNwL8SL2P*~i2Z0BvV`r$GNXF_Zq=q+z)lUgjn%rl^INp+X9f%l#}4%SI!6ZnDXM3b=c_HWJmrLEnu z*wDrQx>v-ykuW{(x8p>2xBjyxj8vFC{2pYY=gU~e0-m;uw}ZCc1YiJdddH6>g(=nM z&wQFoV#YHnysd1>e2t1~rR+#M>ox3ZHFA;jwdA@P64nW7bWc|5T=lv3WY27a8x7OY z4)@ULyM=jGnr^D>%l_qOSB^0uIZubDFfg9~4s!O9GV_>aDrG2dKVT<}Et+B<@Gf7q>n`3xl$^U512*1*BET}Y;CCl;f)UCQJ=UyqQj(QyeZV{1)ZBoOZzFZ(~Y{jPx`e0RsMPt zM44g-mzg#)4+}c@TaNbO?O zo~W}3-^c=rsJhcX+^b+6i-nDjWx|)2d?a(3tkc7#lV2jc#A(>Y6r^E=9@b78 z)yo(|J2vTi)a`Fwy1Pc3T`8bHs3xCS*=~J8lVi5A;Q|_bGkDzFZbuv#%~jkR2fq zuAjQmFGqYXq#$4rIquphgvO{;qQjMmou6*q1sZ$o_T&=xBJ;38?U5&Oapi--9)TXO zj~sYEku=yL1MYRI9A!oF65j6yce$i2_;#6_F)~cw^x~{;z-^N(Z6E%S{zQWCpPgyQ zi{H?*j#!$(Hk`EX+loSQ%JcDDuxAms<)X1cyC0rHegPUjb#L7~T}_T+$kLa$Z^AF zW!PsC;}^^#-II_F|7#oj6s&5ETRM~m#5ssBhgu?tok-+LJ**q_Wmq_PB85cE4E#oR1MqJ?}RxN%y0{6eI4hCN5#bV)UsAVI_2kq-6TRMgD+|gJ% z1}c+uZg;}384=#I!%b3sp7?)`Dn;#kX9r+6r$Jeg2~aqNhR{e(qKKjM52!`O7-Q_w zZlx(Dmc&O;UX3_rmDakOi(0agbd5pAk!$Fz#l@Yz-JwG#;L7_{Q;52Zq${~c5HAWV zD6E{GeRpp*mmho}-5s#aphw!+2E|f1eCSwLs8MN`>z&FOs*NAYw(r&bwYt|8P->ah z?a%t{(?V@z_#G#TYEXEWz83Q?UTIx&`u1SKsN@KrKG*D<-bfQ-P;m_U@$ps(YI8gKZ?pOPmih7^5f&u74wz-P-yyC`<#gZbZOeKGs92a=(kX>x?(-~Uq#`BM1<|O?P;={lgWpWe?&;y%mQ>eqn+ga-LVkbIqH#Gi42b_xeQgv2;%V^4rsldR=L zo-g-z)B68)_;^#RGR4bGsNveca>jK1DI|swTo9%2XLfyBu)^C*uE}8p=nry-f65yt zxtvA#!vvcUMoBEH+77z2i!RzlSymcHweRCE*JAr*(WvG9PI;c%mUoqf+q%4}S0g}q$aE;%V>*mj)x7>ErT(NnD>4KL(CkVp=v2!3iIU#p) z+{WA;pP~DWFwv<0bn*At-lrzn-$u`7F#Tk44Ys(PM$yP!ccY=LZj`x4WC1#Sc*d(P zwEBI@t3oAod)6C>po5cAGh&^WvY-fYQxUteHIDuQOLAtldXG8{FbcND>X<3)2=5n< zj7uv-fmxfgR~uF=`bJ{ps!u;L%L9-1Zqiw0My0-K4vS9E)zCP0E9DZ0x#xo^1`cr( z)cm};)D&{Kd8dJDGDil{!^X23MJ8w?7d477lOY_Y;zudUc#k6@6RcJK{deR z6c5|(%w-s=z{h+XKd8``-Q&){+*}gUtDRYMCY4(Xo?<*f zK|%lNPoU4^<6(Vd3XKcXR`V~9vDTD8GdFVjR5ZnBkd2@A?qbqY9C`q~nk_~cZSH1B zV7Q$ws*(sbdG^EQq-hr|IcWt?u%`~}8PB9ILO@M1qvM*S6rX|Uq@Q-2&%WthbjO3< zN=`8)I(%W*2tPIPZBTj5@(O_h+gR^c{e=f0M|O&_C~JN{3jvFz#J?f-^B_s*M$~e9 z>eZ(gX}07Pnlp=EICVtxBW~~plb__$w_Q-kWtvTy`3b}kgnDDXnW|enrxr^crh@k2 z(zD=VNaJ47AK=nqc36LFi``#ATZ9?;hQEKwyIY?=p6>c6R>{pZtc(ZnAPLikMzDQ{ zTHVFP+3ZA>tMui*E;b=53{d>h{vLpdaGd3<%Kf7QkIi~`Z27lC5ch6Orm&exH19r= zsAB%4x>5%N`-zM#`vyrcI*Kv1OtGVd!!*U8q~o$72`S>Q*F2R=w6Tt^V4Y~lH&)o1 z-C{x5khA!E0udPRC(h`w^#aWy0S1$4SoLnSx{DOLn>w2pVQ?OyGZhkv%IOGPN1uXD z(||3P<4OtBck9zk(Jr+DVqVEe5F;!YyT7fL;J{S{+j2rHzls^pvzQ$2T+rV?9gL~# zg7S87!@==L;nl{>>^p2Bv*D-|5W97~R@_6U-<(EJS!AymaE~)@@5Pztwx4r7SPMLa zENS}@3c{{Rg$a}%m9j8HXpvzbnId3cc;M|wo%HR4K%}qe);<`o%>N{~#}2<0F}W?HEI4+iyH10(tp0qD){aNgc?zm_4|iJCm*2)7 zPv{L%wc9nGNvT~Xffv0jDfKOA=1P*!(&-;(4qA&Up_oRd-SF|#oYad|M3bh0owO?J z7sRoGAIJA$Q78Zb6eDyqE2mnk_NCyBK_?YXmb46_Dz`1ZL-mcSD89<)nMI+teX!c!5W45~lMOd>>l;zW;jshvq9 zTH?hmDA6Sj-AIXv|2o z>j-1F$($|B`hn{isqbzVTrzHiK1ZeS@$tX?n(E_`=F!3baP>Qi^x;k;uh9yU-4VW9 zV0cn;6Bzx}?u$|EdQTA9KY~K+S_gvRBT**qLZY1L1SvX03Bq(z+TJ2UA=JZ6q%>r0 z!n4(xYa~12VPUcG!b;g?L6+5jvbEoc|I(2ZQn5BjtwaXMp=nfX+tq(c+mRLJGRJ)r1t;A}L4)q8=Dy7-ThQ z&YZ`wn^+4rcYa6eTuZ2a#kBC_<`Y5$1{!Az-3i0&6rPtfX%KqFxzP=Jc2hkux&az!plHk3<&7mFO zjd<0Kg771K#>2tnG=cSBcW2Vf6F*(e$50`c$!9WQttQt2<0Y|>lgVaf=0Olvx$OjR_kzGAb(N2)JNV{4^I zYv1=VVnLF2Y_I^Qp;<|8sS1~HK)u}C(@Qn9GeY&jZ^?%6Wy{?U*CHc<=SgyYpileY z@do|<(^7%~%j1EHZZ+%k@z!uf#6ZW+)j&RL0vNF=ex8(`YbKArO1m&5ScBmx#26B&Hoc3;i`}7-CFt zXqgy8-Xww`cEGtaC#-+#SFG+WsB?|H{4`9qKS4XrcKD)R9ro`bBfkwms+5s4yC!db zh_kvFJtRP`f=sv9c=|z_UlubzhMS7)!Es_BzpvnmkTv(@2$e(dPuno14vEaRKf#Fb zg*@c7Fn3r+STLyNerXksDL|T0bP}i>*61Kbm@tcb8cZAEngL&?ES8of(#KHQXKF|1p&dL)Wi-xR zrkHxPmbuaG#DP--Vc6oAU5FrbRtc-d*5n_hFx7kldhuRfwW_B5mT`}oOlUL=r_qkf z$r=6AQfO!77+n1Uqo?r_KDkW~sJYrhs!wgizhGd=B9vvP?P}^dBEk1`DZp0Urms*7J`D`>0({oVF>MoIL(>B;y`T56z54yexLKbZ z2vX7#)Ja(VMbf0lITyyfYQ8%w#d17u8?5(Cp`Hjk)vE9MYmhcCdhBhK}HW+6E} z*@!s-myq*ub{_h#zTfQfLVH^wxWA@*791hX2zS7LlA-H4LeT>ahS95eAcoOT@pn#k z;UD3UoSk8!G#Ep;f6b;&;hThuG1@z%4p&%!h_Sp>XGn#%(G&irIRi99JjLzEt^Pj% z%Rn^0hWsH*E5Ft=o}GZ)A`<%Of?vUKEZK@;BgOzom-e3nnv&!}pwREh@Qn~u9l|29 z4KXGu=BD{F7I#h_-nSX_Jo|8cj&H7b9Q+Fu(HQYxcV`D{eI&#svj6cn(o1O>DUMutB zfI@n*tb_2Q`@o$LaCv^3mdIMbYX5w7bw2p{?d8=zazwU9+4jZp+0pUE$=U0{!Nu## zebjD8q)pw(zagJC+ih_Z+8)M}&35}^5c%X|n{B(7{jDE+pI+?#Sb+29?a}eR%-1jT zvZ0gLXKyc#2Mm+T0q}sAM#8e?rvwyH^P}aJP(RGf66&>)TS9wV zkzE3s$>*0~Gh$?zK*F20m}3ITSRy4^Ce-(Qo(ap!)~3h|MBPHU7u>c^xF=RYF&vC6 zE=Q7Lmc!8IrvOcTyR>;SEg^RZN8xjQ~uA|I!$(cYGT^c3O;l&Xnw9?HOEE=^KK`KO~gk*^)z(^;dT}uKiQK^hA z5fP)tI86dingwV4-aZ<0B$*t7)^(XA&>Q2E5`c!^ItKEBrn&N55$dy*vBOT#SWj1ckNFuZZSJCy)BiwY<>ylj<= z30gxZ5%OFr%)wHl8(hX=b4??C}c3IY|*wHuRi2pDWs=kd2gZ zk^>-kc{W&p>>b8&D+|0;kW!FT1qhDPq_!?P)4zhq2a;J3-H=J-qcm}EZv&5g0P8tD z!hn`9oi7@wdcvc{7!@w#ED*H2xnW($!;Ti6Oi?kO z0wG5Nvjxp*g~(qIm|TkN({k4=+YOruw#3IWw=~?JGKPTCU>J!bs{voErO=ItkK5{O zf#Clwp1VT!Rm)C&MMBJNT4!%trPVP5CNSnKZM%`*PE{i+n{W1t4?J(_;Py6%7%x&p z1+9yi%A9|ea>K@4D01-anD}irKHW7}AOL8)Q5v-68;Q95t&O2bhU!#8qjV;5P#dSilah%2rAS0T(QOcd*eP_eA3LplmTVP0 zqy!t_s*Yu3wj&ZfPi6KKsqy5uC&F(>Xf;I|>Z=h(0$YghtuncH&@Z4v=OG6~%5WfP zjCf@siNyKFp&9Lg#0$DysmaZ<$7+-?Nu@qcECy(ob8bUDj1do(r+0yy6}!;`QU;}K zYiK=>8}cztgNRQOYj8u2a*(6+WrHlrWw?p?p&5A>flAi6GLsjV9gn4Egzp!9#%i0! zpV(;`q?xytq*>@d&jto;i~0m=TwXDJ5Nx$}iNi-uTpWqj=t&EA5z(q8x#$WE0*b}~ zh3q;ck&ET=NvssH9L|X^lprqnr*SS;@8oms!mFinZ9tVVPcaPMKwc80I0;;Sw?-nV zTY*Iek)8+L1KEwiMy)Tgwb22%B5{*n~($wp}bWc@nbZ?OYj}O{--1VZYu>z{>{$L_7q)AiD2xp$q1<1_rTK+DTsv{cYqEOc^Jnj)r1hN)gUmWUOQ-=})4`L%l`0 zkS7#FPKVn`c!|?2UihK(*!CYHcN}_)*YlXlR3;L6VP9B6MLi?5#IN)LPPXj*%I z)G!A4zAxj_-35`qk0j%8DTCty^~I@crhchPWX4v=z803)yTg&svk48oSftc^1KxXy z5d+)I@&FUAQt~n8ye%WF8Mz5W-bq&ATz+q@F+m0==@~i2?j81JB2O?O;6WXcOaiPf zY;yr0MdY>-_U?~+ zhY(dR3l*Fa0}$gr$wV|NtO>?EhN5Ou!q@_JSA;*sZUk$f)jVt~#pxuL;aN37NWNK< z;M)p3;C~=wvfv(v51VY*ATwJ)!4`n~^_dByQ^{F0AH>bpno8_1?&PGl5_@+*rFg!C zl2sr@j!w(^T`kio?}^maY9ge-O}l4ruZ}M}>8EtQHhR5YZ*OM@{_pjA`TuwK zc3=FZzq7m7-`U>Y+3o$M*Wc^E*!~OZEvl1M&xEFK@|WJ+ZRI=nojm;xdW}2Ehyh| z#|(stKCAE|>jhZ1lQ3lP9Msuhu-XJNFvM;;dg(lN7=iB;;A;^yHQ^yHw= zh$kmN?Y56S;$!sR2zw*aYPGgHplZk^2o-UTxs-){I52@1)6kH2NbvsYNot<6P{@p# z1$8x-X@hhWMAG03xM@E4w$ar_1U)@<8caZk-g_O%rGqV2i-#yLi%$Lo7b(KB?IwtP zT|W4+w~68qyA*Q=ZL9^L*Fx%pG@M`&i4_>K>+9w`o|NeJb zgpO3nA^8Wra%%x@<;c9A}?|2r~|!z z1(N(Em62=YlG)U(HPO3^({&1_lVW@yAKNH#qaiMdFVE*3$&k8iF{^j1E)O%`f5I9yHUSOH;Ra!oafMF zkmG>o@WA_22khmA!;*V$?M3YqW6VL&olXEFM-@8G`C{m{-*>V|w2MkyF8iI~8 z5ldTc&y7>--kW|{KQ@@v=f*l4Hj;9Ov$+rAr{^2S z4u6&*ykB;7wfQvKSHU4CJ16H3YP3Jk-yVT2RBm`cQ#1AagvfE@xMSYCuu?C}s`Hwg z#acj|BM)kJE-)NzGP$Z#y1}IM3b56dk{z42KM*J7mL#A&cqT^*ZS$0p1p>_fY;AYY zDH#S)cC(?_IN&R2ieuCldTDT{NVr^E!V9)qf&?=GR2E=@Yd}*Rd01x<))xH;hzNlb z%gNd6eRQ5R4aOo|DD(gN*S`WG5b?bz=A08KDdFB2p&Uf@=x0?-xY0FE#z6$Oi>Tt! zAuh7l+I%jY|F4w)2AmJ+q;WV;8`bh(f4jHW%gcXzyIU*yZyC?yWA}#^dMzw$g{A|t zM6tcnLO*l`LE*Zpj6Cs@M{epma0b{&m{rNa$r-?W#xo1-zeF9dpH%M?LQ;4wK({&h zQuIbRLq0ua+4UbE(QhP(kh7^ZAa;$OkqUioWqj^49OCgN|L?sUvL=Jb$Dd?NSyzH6 zaQJDZ(ZBV(Ao5Qra>j1#C@337Iax$xpvj8KQv3y@@Go2DIV!8tGzp?%Wli=gjl-1s zaV|Z?%ST=A2t8_us4Um$$ff_n53-KK6*SHUFD6Hvr>kVuSnt+T@^2=ei#nfC#AY{2 z(bk68o5fYp9M{ZYX--VbkemxU84p`SE{_06C9^ z7ARt$eeyA4GEo)>ns(?&ByjyJXn<~lsEea}L`PtkouW3L+-9_=8g)~(GF`V(PB9}E zQ*4$Q-}ym;+A%QgBAagq%xDb|ip*3|9rVnCNrUN87-nHEpJ@YagFv(9?PK#SUsR2_ zZLjd0x0by!NkV5soXXxL2~nHg-J<`eg;2XKOc~n3qZjS<#D}r_30}%K#=$S9AU%ma; z@tHm!X6cef7=%N) zKKruHIWya~c1m)WI~#clqecb)hrtEqM7GuSG7_hkP|ik-s@b1xu`CC3D zIZZS7tI2EE-8j%gQEPJr^a4FSb)|_u`>JCg-?O33>Z!Nvr9hzl^wgJKX+J%6<(Z=4 zY44;KQpOzU0#jO6{xhQ3N6)+MHtPI<+U@RN5$!rzIcLA~!>0K{A5R0Iv)LU!x2?7! zT4CVf3al)LmaR|;`p+I8okxeKx{bJ+?FsH1B;TK*+4yKH(2WA|&hGjA;sN!zHmc!sc;^R~m%qHdI2sIIotz#|RRy?vZoC0Gxb4>$pV7_U4vswZ z8U1HMQmo1NMqz2rmjRWRCPl!iY#DILpjZGE6sDQsNnVAS`!h$qc!p=wWajCqrScl@ zOTCp*K^y?j%26+_tFNuEUOkI_s_%a^qtrRtsJ{Q%>hJ92?f+i%c3-USf0prp-tayc z?}J+FHV84}C0>r%uy`Z9FPXyb53S=*vAibM-Kb&pbXuj%BfnU0XJ6r*?i@ljILwq{ z*d41_Q0OyClS$;Ey>0k27++3qZ-Y(T|JVlYx?@h*A>4n?q8Q{ME zviXE&II2%t5lJlEjn#B*$$C@8!lCW zO4LT-ZhRH93Z=3s&38o~W&XDive0J;K;U{9IseN+&cK;<3*|SsimxJq1eKy*j2&cM znr5+%$YYkH4>e}KC9ooG1?dYy+4qV+3KnTr0QTF9`d(jQn$FR4nDV*-aM~$rrE(+~ z9&?X|0iI4fqC4Fq8jf$xa+v3(; zKIZ1!%kY#C?zsr5d!IufT&bOq)(G79gR$E|N|jM6BN>ec|%*+vMu?BU%-i%a1-O$ zT#X7x&wAoU{y`Xz+_T9T?esR9YHHL>T;Oz)L^8NtLgFLs zVuy+nC4&We*18cB9`->r)Ox>x)+rv};{<%T6O5dHyhQy@|G(NjCKTuZncylQO4(o| zH(=H#P|h4_7Cg<-u4pYcEyX#-pHdw0JK4of;?Hc6Fab0~=fp<`BIGhoDyDT5yR)u; zEu?ezeyf|ceop+X?fj6LwWgjLvpO5S8C!;`Rnt@~zNmSMiGLK(WCC|MKTZ50uB7*t z(xo#dt%xh@m>r$6Qqzgzp;x;1{qA`YZhmT1;i?Hyg{GQ|;8w+U3Mir}_o%8Ra{;}C zqS^T3|5(mR8&zZ?Y&99GMw3or9tcIeP$6s^pe^g3-fAPHKp>`K;i){!)sU`C>W zzRx`beCEn1{*TQl{>HT97`y4{>LH$H{LV#{KmNGABFWfIMQFoXYU_{f!kKt#Z+3NsiUlZec?A>$Q9Ox=IUgMFy4Q>s~lyC!mu?9iq8Ha8l!`-7?R5CLLO-tR#p-Mk1 z89?Y3A{a(ANP~Nf?(l;ahM|0|m$+`V4I8Rw3huw~1BGqB{}NrdjMw|Ewy=o#0HW`W zOR=+w93}bwsuiH)G%o)rqC&6&eCP&u_@T522-pKFBql6!Q{d9Zph)PufDXimC@(f7 zWEeuHczmmYSdhhn5HP%1!O(3~5Jxx(ya8dq8k8q@soS8K`}-upuHOU!k>buH18Wnz!0<-l|c>% za83@`=5>d-L$@ndVo9Bk_{MkdOIKYJMUR4BBWOO zklV{*YEGh{&YiDqv+*5l>MFJ(W#|}hG#H|JZ;~W9O5eCK)Yq^n6cy(%iP9kACkBMB z&6g91K~IGHpg;|Lo?>CctLmt6W9(?Y5p}X?cml|c91Pu3em%sI(H`S1Tn0yFe9aA3QRK83sac#I2w7c>$cBQ5rr7m64qE4KvmM98 z)ZQ;?-)zBJ9~rrR3ZrEQD$dd7P30y>XSAw87vGt0^k0vE2D7(n`>&Yz^E&_6*?;wS zwt71S|Ns7r-pc-K8Bd8aO&4iW@ZN)bqz+|FprZv0b=W)piyD$pjSIgKxt{UZ`B3)4 zyxGzDa9eUJ`&D?+5QSf`PEs;v?=FoJ;IFlBiOwbsAy~aP>@Vvjb1qsL$FvZ@>@o9L z?bLWH8_=~JPwcy%@@YD#x}$1DMRfe9rwagk!oj-9v9M5A#gD% zw*m0V^*_J zc2pXkvW(vCA)9BS8JZFt;$Zo!U+oL^r*SYDO?OmG%-oP#%RyvJq*&iJ%DX8x8Ivr* zz5tZvQJQTWcqU;uUTHQMoGb_dSn=<0c#Di)dE^~~%QsIHjXY7F5)5fl0hL+8ifZS) z;81<6=E4=oUPy1?c2-~^1Wv+Lo|*Kd5s@paHyxoXZ@rWplvOE`gzA!2M6bGYGZVgV zp|?{L!7{i-LMVw5`rtsc6FPE4BGd$uAtI*@x>6Ntq{_otuG7E&9SLBl{Rwq(>Sd*^ zL025~tDOWDJF<8>r1CU33fEFZ2uJriZH<&1BV4*O`UKE)FMRFmqb(f8EV!s-!$qVd zPMQ&!ftpNgtP{Ut;GYff9F(Kl@1d$-Gj+51MNir$2;k_RbvtvO6iY%Mi?+D2Q8}6U zQ+8!J(W+E9F{Jz&+4aMM&@$nMdUB* zk}jVAi;xaYj-k$Amq|<1YjY?I;Uy$u&BP?L^mKefz9sGa+%GN0PeRLaZ^LBfLw*j_ zraqeuAm@bxd8*T>u;{+nNn}|Aaw!iZlHh}o?VX47goxY+1w2k(pS`^}9vqxr93LG0 zdvJd7_VD=f^7yEL6Ich8;Ub~EIllV&ZL#j@$>o)kD|&kH)A6aT=OrED=^oATutsXo z%fEM3V9G+Cy2;VLptb4&rXmfJ8ww?5eBX9H5Ki%eU_?4l4%Mj;rJsORZEOwH}OV>Bbtc;G<$wv z9Sp`PsSvpZ)^B=T?t=I#r0;PO+&&aBx%}73`QYmGa`686;^fu8XI}M{D0oQ_r&apZ|RkS`0_>9Bdn32<-kFBj4 zvOhWJrOn)I?3b~(nz2MP8$!&)3@KPER%pcv6&K(#86j<1e?x2#og0dbpW`S~5 zz8wZgLu@(hPgR49V}4XCbF)4fzTYV0Q?uR{!T1>LjJz=WURauy%51SMeNDzqE$i9X zHjOHXc1vS*)FDL>0Z%KPp$krY1M2GdSy6i8~)%N zU7JsM8FuzeQKbQ(IpO=)9F76bVMw`R#)RWoK{!k-wn&Xx*A`~ z)wtSdwaG$wW{!84#}_pzJnFKF6p+6-{=Wd1O{Lj|yu~WF)BG2H$eC(t#+vJTJ`7vV z62@nKZW@qU;mV&o{7_64(wR`4{0r+$h?C_kaTYf8SyGfmCtaCo#$*fM0Tm=`*h{XjCiEB9sV8LJ5PN7o5%>cc-IJLvFGY#i&l}>I-)(4mhCNtpVN+i%M z^t|+t(K!<5mxHUrpB;Tt9t)8W4&8{2!oxly7H#Onko9{2ZR19G_jyIzRa_T`9-@yvnif z*`BQE!uR6k6 zrxdXl{gR5Sx^bR^S)WaTwWN7#pvYR{yj3f-8cdtnow{4Fm1^rxpxRPPq(ZyZNTji@ zrn(*T<&<4beJ8EfOO?SGr`D0JoF`XWvdWdXa-J-qF&V0hQk1QHEYZrx^83+nE!N9& zdKH(2fGj}4RReJ@XVmF+PEDZIp|nyhtyD`Z)zShiri|UU5VI+h_%BN>mE&Ay&`a5Q zpZOIWm6+8YL-i^SYuPWWo2nV?dCrqrwNp!)y+-<}CC=XTCReqCy|TOdGb^XQKs1SR zgQ#L4i79nGtJn}LO;5#|TE&K_4EeAa9nUI+#43bD)y7z)R;MB8Rgj4}LXBxdF}H5V z0&At&S!s4wnw=$RcC@{>5WS90`j?~C$#E)E>vZg#&b&H-N~~%QmpXlbwd9x7<}SVpdYq-qSOXo-(q?RW{Y}jfue3LRUhU173MpmT=y5n12GPuV8&Q3wwOMIx^6P1t zIvd&QH?FafXf8%yBca)}H5Fqtx29$axQkHbDEP}!U{wX8!EGhA!{qRE~a&@?;@OljZeb zY8^`!yxdf-Q8U+ft~6VEB2cU0Nod)Ixt|&aZZcFGp8Z|cwq9=b zh7EF{qNiVeEqc&2y}Sx(9|e}2^4eGXX&?G-Y-(C{B-qz_6aYp_#-RlP^{tBgu%wMY zgzk^sxFT~r@bv6gF+08K@CpU9Jo1Io`E>W|Dkr|ixNGvfsyIa&`W&_YrqlQvZDbz4 zwn=*ihmenxP4rAF$qo~1@tm&qSsC=;7Oj&6t&d#F1SnC%`Hhmu*(kie4MOZ}ScJ$7 ze47z#iEPPIDGYr#tKZGl?`DeQ4q#Orb*H3=b%4Je>x8Y};Rg!TiIOBe z2;-4kJ8qpB$E#K+RM(|ks#{s=nf|40sa1E>vc}dKwfW$p(Kh#f;WR9= zG}9kEi$!J5)gPH@0M$at-YWZc%=>X5I;ZVc;V zk;|jdw7yEFDg8>FZT5Ags^Ex;AAHP|}s-ahyIJ1<7JNlWRRDNl`_mQOKD1=Ojtba_uNJ z8vAIHRGzu8le)VrAl4dgr(Rsv_LHE$ppS_w?Jm#{csf zUX-`@JOl`)&=qA>U=R-oWx=hG)mKWzuT=}ZEa|`oydmEjPb#Il2<8QZ7QrK2N3hKzssRk_2BT} z^z^5L!++J7HJQx_yw1gW%us65)oJ^d?@b*(m-*Y8(yOA^uLkD_S3h44jt;I4EZtro zVnzJ54A)WMY;DoOuM5Vsjo^l4Xs3f5u9XTl1YJdC1@w!z?@umI-kzPD zy`HTJO(be^Ri&M;? znfC)=29{YGVwFZprX@X&?pcQgja)as@GT+FeOnE>k$+#j+Y%r4?S#@qKpO>4?sK%> zyjiw_Xb=>ltc#6XucN{^x}QQuGzN6aA>fzm=HW)-G$4^1a+)iDX$RV^YiM?x<7m6M zY-fDZvN5f*5m}z;-7-z?!r&Hr4_=6WCghH0-4bt&W;D9hk=7A2b#H;zeFf;!oP>+& zq78|D#~`#@D2qOBg%uGWU*ZsZDFN-R{(HYwif1ic_x3i3f)unr^6&jtqfxGfosyV@ zWcY9yvjuZVBAO;{AXG)AALr>!No(SG=uk^GW{^J57CFZ|Gs=DgKW;hwHou6S`* zV=FV$5@jb?+X`@ozU9wTyVVvEt6*6-;(+~^Ldx${4nsFk+_=YnoaxiQZbd{4Fw||V|JyLO2AhW_eI2>9ytB_}DwBddK6ZaV z5lKf(JQQ{l=7ifuBd;vf8VI5{cubOqyt)R9`x`lCW9$c$@jl|E3pBC{G7Wymr@=VT z*R^~lOaLmGU2QEZtk9!{iL2VCRR#i;#sT?(s53p7y0<2?KlPzeXJb%jU(mRJdIrQV z)W_*e6za_rX6DBvgOasA&5=-Ra8Pe-FvYBB(agWn(yI)OVz*dm+&|@0`jz@t6R@|; z?4fc0w3ubf=wT!K2{{xQ-%wz-jl26wQJ?^YJ>n>RLwr$4d$AlATpY}uI3d4bFSP{p zF}kRV*<}9=MnMT+wB^yDx)qNGHu$Wb9r85u%o(Ag++<)Nr{3g!s_X!a(HIeG zSa-EQJxCZY=XqluTGAI~WjE=_eJLKtp_^jb^}-2FagvY_gAwP9ZS;D*-rmj*{NL;K z^8au3`g?!r@9ggNceb~8c6)#6^VI@90)h% zeFU}LNjf4)@H^;$J9j_QPC&Z%{ni+#F5{{ht%p!unul*eY~TePgYVcWA+WAWmoLbw z_9AP-!pQ7cPKV}_Ot$@6#jDT?>9KxJ8VNjg!a}`(p0Kv|Teh3r2IzlT+}PRc#=+}^ zOk%o^J~+;=Xbm|I3L-!782v-(2qTXq7#*CSpdl-myG=qL98c=Dsk13PY^d`q6uigD z4HO#UlzoK&9qf-VpedAj)C{GI*I4D#m!0h;7auxkos;1+fok_#0*o=;Y=% z?4{z0nvd8eHv>HIJSH@@sx_h1D12t#3#myfk9n+_BDUC&2?LoTM^@0eRWNlqrl)ZY zQ~sWbY05EP^0cp5Xn#7v-X#@mOo#YsNMZ z6PXW?qlXg63JObQT@ooExh`h6^BPMd;7$e&ZJ^KSW^V^ap5B@42HmBI+=7Pz-S2is zI2?EAsOuAtaymAU3fki>6lq&<0V9H)Y4a z9%myg%6EaWzM6T!yefRlmoZ>mhO=0}C8(Dzm+a54NBsYT7iBq!ox873gspu!E}z?)E=P!atUyD@#3FR) zhF+vXF>)(aBBmy!UZRx48*-c@$DqM#OX%yCfMQ(wb8`$ixY626L900b`?8t zq!!(GAzN6a3trkn;Y+KRoAxg9dO614zUjngOsG3a3H97Ch=$sPWs`zKQ$I)Grx-hGhJO z-W{Ecg|f)L<-y1lBgf<4R#b8$0UV&N@56ksmY;08y;>R)ZZv3NnVb73)I2leUT?oB1e zGGMCNV4!o8{n#)nPXUiMj_xzRWx4(AV5VDtcat0JrD2EtpF}vtU^FE>v)U@GXj$H_ zGP-e)KYV5;9`fudrEf9uEi`&1dwl7qlK%&DzV_ISf?G^eI;#*+r~mI4?SFQ+R`x$j zc^)5ao@#HoA!4QuDEN>G_26oAe&6@}8H{o^0#LL6`&+w({lB-flK+?T zfKrpDptBDHnj(j$)Ip9W`#bC%|3%p^&AdmSzBH*u> zz%Tez)Bo6=&+>ymHS~XbXRDXf|L*noR{Y;mp84p1h3YU*l5J#@t*@+%pq-p>|4fqL zcP6)n=fpn{;BoR*RKji?=OpX$mUF?_qu9ZX~iI-sT+w-t7=m6mq!7N>=mRUr}~BOI|$r)}~17%vYKp8wMqlQ!zC+c;wy(MA*>CU;BEn zp{iO{O!1$X!>r{0%D0GUh##Rf zRrt1u_Pj|Fqz{KAO7SN%c)I>!=6InEa2OGq9)y8Qu{NFB%P-k>oCE~A8M>63!(I4P z6K=btdl}&;Xmp)Sv8%7F6jzDkc zS%QZFO_K-R?_d~`8#k0=AiigT;H$<+fop3WDu^bwnsnqMqYk|0`y|7%Dw&(aASN_O zxlmi4@QxQw-648<`X{Gmb%i;GPOe*dd2pGC7jQ8xTeQ`APQt)@sNe^(CC-bY=JV%~ z@z~9`EMA()8y^d?T^m4RYuntu6&=p+9h6U(T-+^H)EqJh=B<5X2g|Z4+acL=D+>%Q z36N1){wn^A(lmZ;>K%~ELD9{>ZHA(~vs$WTbMSt?x;h`6zrDE1wN{q|(lR2J1bsD& zP5^mBBDQ6USvO5okI%sT?alGk#mV8N9bX=RrEW)+yXch3fwlyNCUzBR3N;M#$qF-k zYEu^OSvSet9hlZ#BT~Udv>k-!xj9_ij3l zb3?*ME~hj~$MG#~-uXi6HvSY6xXstk8YJ>r*+lnpx!EdFn1d_SbGPvddImSG)#|X` zb6}9mx5n$_vaZeCdo2%}Tvm-1ju8?4Ppq+B>@$u2cUE(Ny8Hj#?Y#eYzqgA2y`1N< z82`nt1a7P<{Dv<67pzI1%?`jOy#CS50<0JKv(Hl51%CP3YkZww0b-iV{c0OOBiOfU`q7vc0HN$%P)XxEyv zf_47?yD$3r_r)dFJH*#FF6p)=n6VgY+aCCYUPUA)RFqrP)@>;<|I*;Yo3^nfAwBxwJ zE&5|FPSIj1+3~kQ$ndi07&ggRO8$&Q>{yOA)=1bIa>I~(M1Dkp%MT}t;Vq?ZyW3WZ z_3r4rX;Des)==t(cRXCVHYt^@YqWJ1YMPS8(9#vr{KjR2Y54zHy?|@@|E*px&;R#d zY^~z|F6Ei?)Rar2MEAQGKiu!i9$1dZm$M6&Eqnp{;G*|#LtKlv}r_RP1#ge)^-8eoM&1%=W*~?1nz6PGz&H1aHZ}S{lJzwXU;rt&9 zd!ZmtfRyH;wkvxL;Av8I><<_lrgCkL3rL&etxCx(>q0h?C z*7Y=`JS@Mgu3qdnRJF`C@(G4D8AL<1EVWlNq3|2Ifw>S~D>RJx{&6Hxqimm+ao@)M&YwG8X0aU~P?e_L|^6}q$FIMq?mh$A8 zC^6%b)swM)o{0|!ad1K}Q}(emMXZDoh=R7%uoB+oBnC}@xD(18;p%|Xl8Q|lJ9pF3 z)kEC85m~_soUy4AuX(S3+j%6bl~{MmD`KkzkPYQ*?DT@e_{**=RFfx%r;+Zi#Fr&&iuR9o#zpG-o|VwDiW z5uqtXS;d^|pHWI#2eO~KcWlu&Xq2XLc8A6Gq;aLC`mArxf=i3-{;5|iR`Bp?XF`ZU zUUD~AVnj-*XRf#;ECsl>!dAQxx^cZbocFjaV4@#Fh1)hkMT=f$Wn{*DKz1#>MJSq# zZ)7$voqpSI`wITF8fIq=@X%Ul+N5Q37m;b#Exh(>3g({z^EKbc75gmH2sGR!OWT+_ zAzsOLf5@j&{u5?S)7tyypE~{j)?WVpzqh@$vy%Uo@#NT^oVlL;R{x7yzkLIY|2Lk$ zt6;QNIfp@Jj*W6wx^*5gxy4{=1{A#G5^yuy3N{VAH5I11HQ!^F8nY6>O-Q`EqqEBk zW$~BwdN!lK+;|tjXd;poBPfnOqm=v~nqgyEcGlV{$!h2Zer2-6R*5}Al><)2;;S+W zpVDlxb_T&*^Y~MWlgQO9F7ig=vzZ#!UR8Qw09LlSa2$2B^eGMlFMvBSpl`GogP?&m zW`o(Za+b4>MniIIvy4ngi1$%~UB70Tt(ea*^;GhIG4cI?CX<-azMF|Z#4{y=t>ORr zTie@t`_J9p%KmdHPmX-Y#6MCq{u9i2p8K=WKTEYT4e)uf=%0>H)U~d8gY&{Tj)Umn z-VMS`*P_2EHLz?3+x_$|a&yp)cct*ZP*&CzrC;t-NB?D*sd;n&b@uTMn1{+2q;rZrkBnm#s*_ zZv0%nk+I9vi#Q>_VK2qLdgIYR{ms(_tDipk7=3gT|KR*210b{Rr0=11NS4RGjtEVK z7A_kE_VVQX(0p-za-G~=GGRym^9%O&AbNNX2mWagO+J->pTu#9$2dye z@O45aF*S<5na~u9^De+Ws^S&a&?}PM1U_AF1Jx8yS|OWhYLc|S3!vB15NQ*4(oTo%v7KM_udlnzisul_VW4P zwtD^5`M-?Ea{kYitP}sIJTaIP-+RtRnTz1LjiP<8qM2-iY?gYm?Zq@5X_UGx;(8;W_@4;s{_p|5cpy^5B<6@+!>$%d+=4 zxsl~~*$KrtI6?)2KGZMOUrR2^zl}My4dMsK`4z1p$3a2l2Oc{CKqmG`g3-bG373oW z0Zkq27#aJ`vgERomTk6WY%|H!2wPCT zOwos5TPvAOENS;ze)e|Fx9IrZE<0|7_>_Pkg=n>5q4| zcSPKDNna@Q0M+q-{TDCt`kxoQmH)?5o=gj|UdRgW`r{x{H#~eNY?wvZ(eV1! z;PUwJ-Nnh(zXu0LZ%)nz=LeUUzr4LT8Vp{YoE}eArKa%F$t7e#JUKhLIypEMl@BkD z53Ww$o^5QHI+M_MWBU~r|6=y6V5YJNYWGKCX)ScL)XWc*07q`>Iz{>X+oFJf?x%+S z&ld1E_ten;?cM%%A^yus|G%6k$NyR4`94C5Z9-BNdt%`ce!qbW`!5l;cgjG$df*DZ zu?;=FdWjWza0|*~-TXrNPl4%$is|cYpmi`uvliSCis1%~u*bsD?&Mq`ti71u043kb70*wh=Xke%nlbkD6w#*VjxRk`L}^7%=7}Y(SqXE7 zzjOzl5g&qGID#cFp&F4WwjoIe5~-3)J1aldU}*Fmu7Hj|#e_oDe9DhTq_facgSgs% z_(<9Sp+H{0P53{TD{Nu`C8-3*2KzSXY zbAw-oW0R;JZTJ1|Z4i`*fk#rwg{e^ziCmKA?JiqdbB7 zMX~9^hc6J(efALU-$c;%Wrb<4KL1lU#kZ4?&UXn|bN=t__VfNacfeA!L!SrOr_<*$Ks3t=v`ITux;pmzH~#G3+-s@@{2r z98--O$?*Cv6x3hx7Ef{j368_SbE#=PCSKYUBnzaU`8cd~CL<&4`XP@pC#loEJW14K zvM0<1shS$WLZ;#RgrFrOUzW32=; zh-%mZtQHr|D1ZIiv4NP+jA1?#3j0g}=;m{x84lHrel7~#-Q)&)X=o1|!PZ9V29byY z-8p28OD7+{*|uvB^7M1&tt-iADRqg7Z>4!TS=MqOLb3bI`B{#vkkRtAjvrpaue5-h z?pRyq*lO{nEpt?D?B|M5!QU2Hd~Q)wzuWRVfjYlfXrd6$uq2jY$x6`U=@)O(zD0w+ zDW6LIKV>rp|K`a1bZyky|Lx}WfBl^oFIN2jGM*e&Vsrf}amV;0N$zU1Iv>hFH?tW6 zv&LrOtP8x8Gs5AxLr2{aA$QI`f)z_AK;4Q3+CC0(ird`N(Ah`M4ZbA_Zo@~o@(4(@ z3BLdc_Ob8G#nH>5NhVQ;j`q>#HURl2Llikz?BAcU8>S-%Jql_wNy3*7WNYYl>&LR| z#zA+)L9_$}kNEiIv-OWdoT4@)Z^cPF!89fj#q3SYSR~YLr$VvzUp@9C2{2`J@7d!d z37^o`KmOiFpOO3V4n6PwzX<(&b#>l-6o>!T)AJ3{+6Ux3V=X%9M30d&dl>X1-3Q$A;dwV+t`oFugvj1Jm^H_{ZS53T2Jp`8N4lpwX z`A!J_^5|B>{r@H7|7>sd^6@`j?5_NOmh&{d|7++4eop+k7_x=tZdnpM*d5|dJPAW?g_PNA4nuO|hP=SJ_8kD_ z-&Ra~zNmxN{lH6+!xp6@)}~V|Rf^%pw0_7D@v)haQ-3qRpR;>=8$>}WT$<&t5(hKs zR5oQBDG70++d*kBrtX2V#x%gfQB-ERqX63}~7>pwCE{eU&V2KBI{& z{`Azr!uvIaQ+Fu52o%n2T}jt+r@DGpG=t%h@z`ZV@`KYQaoW9cQ`)@= zBKX7EL{1w*q@-Bi`JsGKhwo z;8&Ig_ZS@PwD)f0x7JXEhj7}U^*F(|!6)qV1M06E9mJ>-A`#SND4`f9C=4RpX?2b+ z2bU>HaBB@6lJS^C=>6d(@`Hr7I>R9C!oM8-R_EsTqznJb7o%a9{Ud+U`>2}%x^ca` zNsMlT5YyHV9r`hD{m{8_?^-`}(sA7S;s0x`q4#bQkO@U6N5{0)xu+iSajPTlmRp^` z$8MLGPsnerx4)bnUtE3{M9s4QFOCn6-W+$v{-WBb-2eT({`Pi0{_9S!zq0>a%Cm-E z^Jzyv<8X|?qQ2Go0i8rNb;FQn0QiV+kaDhIB!Q>7Lmx!lU)P19qGSR{GVE@&T5D_Q zHBQk5jtM%6Zb_?keSPhbh>{Su*eQb;ONLzEN1`TTfT#v(7^I`gO(!5-R=&-bs#bRr z`)-OE+*WIFi81=1zHzJ=Fe&Ew#G~*7{u!`B-3@e063Lq(pLi26S^=H-0J$=_ z?M`1u@CC2)3ieARd@mmOL=!fUydvMDn}EW#F4-wr?Ha`{lb2GQppPy^31<7mZ>7Yn zAVtCJ4m!DIy+Qq<$x?c;lY`oBQT?+r}tetb>BVUz8 z;~)yglQGKj@#pc1f^Zhh%JDK%{a=^i<$eOZCXp4hFMwC3TE5oX$>EiivO}K_uk5_M zOcOW7!-o=3Y=6n3h>EgR(9!iHa?*zwJNwAFAaIz!12)D%PgVE=USV*LBTVUeLT+$n zX>=-zA}A}VS=svMcrljgHBOy<^oSfL!7(It?~+aAFyYVHN87z#4?Q6#h=Me5!y_EJ z50}^@kx!j{wAb52j_@qW-fpwEw{8$l5_~mEFddQ5clN>0?iz`W%{YMuJ^YL=WYI=F zoV9~b*ML_}XMGERfiU>Kp8_*6%1o*k4w^D74IgcU_fm0JfLUGwDkoq#mO&cH~j zflDiA7%7c$9Y#5peFnTzcUV{JGkSZElO*s36D?&o0Dw|=h(3-8F#G((52((8$FZcB z>(_54G(|UBsfS?HNhW6HIYbK@jTj5*JeC+g8I%MAk>^o*S|Glb7}WhK|>VUuPOILFbGR;8k>v z8}KRFUDPZuf1M_i$}_78UhL$ogz;IIO(jkcDy9@K73g|8Y25L@^d~DZ_UX@o>}n)WNuwl)q-2#JuZXhE1-RN6Wfb!IrIf&2zk4qT83v zqp$+gEi@_!7~_X3`QT=Faa~9y+i^IdDH%(xNiFon;N{iPn$J9FB3oagteVY}b30y( zm`5`>z6IQ8*1YTc2{u^9lt6rXbR+7b_25=s5wTgF0liYZ^x*fJAPs@b$SuR~@Z{)% zaxY2jiy$a~;*ABbX^%1XOa0_Tc)n z&Yg_cby;^#d`5@dfYe2@P9+=h8C`>S>h!||c;&;$SJ2V}-w!xzsu1Frp0^}HBCE1y z0WVr|X~Qgp(r z)Ipzb9wlB4&K`-6arWGU;SO?>{P{B{jhA?RYiEzdD|XXS4UekE%kyxYVxM2*SK!s1 zLs_chbydaJXLtc4Pj0KxVtAc{eZkbo8F;~ds#dZU#*5Vfo6i!wJ~$wbxA7-;9Ea?D z^W4x`#3p6L?c7aAWf*73LQxn(pdxXCV;lifjqh>t0DTZAxiRJ-bRKhick_S=%DfWU9O ze)oQ>v)3I?0v~rp&%4^*?ydh#ha@sjcj!AtyKt})E;;u=C$sDs`d{F|}t>I#h=g__JE?hz^a$4k`j^nYa7 zI!+C?Lgy$gnv)Zj&UstMV6YS<(U(#r~!KK`Rw02fX`x?CF884uBCsB|dDu%6`UkFl- zuamd%g4dF&E{5l#@T$X!w{uxwIjc}>vhy0_^`09D+rWKB;v=`F5HdX&C1W22k%d#9 zagAkooz^i|7XFH@EwHh1qu>_jnB)b>_TC8llMpABinfBT?e0g4R8_RjZ79-_8%eQj zCh1wj%MxU?Y~8=37^&i^FbZdDi>B;&^xf1o%Fo5W=Yx1x@O@X3-^;3?_3QZFyJkoC zwHBHDdIRu+Pt!jIylC)y6<(LY? z7LP;V^Jvk%O});F811^iuK!CC zr1)**;l_llh*y>Ds^OKs&msaFQfv;ddFYpp*KH8FVeq^CI4Z*{tCTN){Q)^5vJatU-81p#-m{Yb&*&IL8bR*a$r#7s12-K!e}C91^kZS;MJG4srDFAG z1TH(sMRan5{2)=+EQM__=cX*+6-1m(wi5o&=)@$c0R^)sAtG#=$UAv`N<1o zTn|U&V|3)EZq>mG!wh4viF^`0Pnpbu1r;VA89OuzV&tX>+@mHj`V3xK3&E?x{^B!Y zMcW=L+XiG5e+TW)^b_1~$B`rWN&gnPwLA8dDf}Rj3n+crkgYph-Y~M?#k{ z^GPwSU~mw^4NQtPkpSEWO3Keg!Ekin@K_NCD~|4igm9_+-c16o?2lbax#6=k9Gh1l zj_$#!_Eka(yloyYD@L~o86!6vO1=&{=o0h$u7mRvIve} zZh~)d!j7Tt5Jxy+r?alUbmO3V-|zHabk}fnfA1!|+4g~+4MN&M zhq>ck4xJnaHU!)a?FH}bij06bAd_7}7+ON|mT8II70G!Dz0vdG7j2uH+08pL$qM*bj8 z0`HD?*CsTGhV68O+i4uOZzmB*4jUUy>5b?-LtWfRp9axg)iud)*h?+uG?aDEIwGA} z%-b@Z7M~FA-e11Dv^#0t<_-)*V88$W?7e??+cvT{zJKdg;IX?m_O3e7|JlPwqM`q6_OxD8!KxA{nPwHpCTbbVJx*Mbgx7rJmOAK5%99sDK{Q^rK{*@1J3 zR(!hd;x}n+xmat zUd0{md=}}lAFq+9;_goIF>k$9X{O74TwDH5BCZRhJ~c_|n$MxSc{Cpro8nHcovvjA z_MSX*MUCmF(f4(&bS)9U-ut4Kli1D06be$Z7{EJdc1V{4rb?EW_1{}Q@IaC@<1?Dg zTW|XBN>^RfX#-tQ)Yr$I*~ea(!8;ikx{^HZq;oD1a@rQ=P)A5}oI^kk<5=8C!Z=tc zX+mh0(YY48-ytqh5mfPk%s}wI`bzetn#XK=hluhwQe|-cyajF`A!336*Z_VI+?jLx z`5TuiwICThe|C6EXs)I#Q9NvP2f5=dTut`KrW5$})LB%ILvu&_*HVYWq8%>?u<6#O zOxImD{Zfa+TDm$oAKvw%q?CHI)c|lRqAmlqHoCgF5m>r9dTFkOuG3}lI;I`pk)ZJX zD1vvai;AOb#mK}GT`?cCa303&dm$PXXJSksrYM=}vevEVTv-&5G-KyVq~zyg^nh%& zyeTTLDdeR9|ezZcehfet0iEyO4qW0)jOUoCAv;q;#I43Eelw^ z}?`7_jJa z1(Jl*Gsk>_N(Y#L3>9)J@;Gw1PR@j19LpC_vXdpdjw-k{yIiCS>~puKtphu&qX=ig z&HtsLs8|pXv4<-+Wg#DP7VRu9+r`PmF7%-bgeSVR{!Dt8CNdzev|f0_CF&XOjh^hA zDG#TmmbfHYo`C8CjgA<}C5r-bq8>;>V<|`~B;JK6Vd$Nc!{^W8Pb85ipe!fl72n~4 zwr=!ps0ybqn3@W2-M=UJL^qlvCR)T43stc>O<11{$WMB9e>!}9^!?(XMuJfD&R%x! z;Bq*BetdjNxWaM}Q>i;uY<`%cgvgk&6lUe|uI8vBiLk#=>t$`9?1516LOI8!=Mx!& z(8v=QTwpRgg-u*)1~U?B3hn8C+-86?77H4^IeT7a#^35=G|yr!R2TNrib9Fs!Zk8W zqEzri?I7^iwYXx0jx{Ty-a@s(mU=fCltl1HnhL3g4|jKW0eglgG6Mca+=AlA$>B6C7z)-2-!V=kF8|rqpZ&7kF1UQvX(BJ6ama=W?ZaY+An`M+>b@NY#WeU;j(B4Wi4l@Drv?GWRaro zx?bLiE|E>Ro6h&-B(mg)Y(f(*F_nZ~zQuv$O{6)I{gb$pAK6m6#v(4d`JOx%6CTo- z;N#+aw1YN*q>&Yy`7KnOrF2DH>J{}2*6XF-ccJ3fS|nA1&}+dX6RaLHyWa5DfkhSS zRD3gRDvedOt4wH{^3{#pRTVIgz7ntZNc+|?dut^I0xc23$m5}i zW5}ECQ@WKW0MSv`o(WmQ>d}DBC6P>R8)*(A_N|U(LIh!v4%93iRIZ=fdsW;iSl#mV z)Q1;Z++$j;fECLVU!72b2!p6+P8g|pV%Ike6!>m(BL?3g7O&foxz1Q%7DI)WX?7eZ z2rX!e%txj`p1=VxWvz<=?C-hq=M)!0#vFEW$8I)ts#f{GoA&Qf`;=-JTLCw z!;utmu1tOnO#x)#z~TVm@Ro)8eOVXPs^~;0qrjS-cNh9&~8Fw?6gR zd9>ZdO6)tvt;JOA({&4bu}@DYF~%0Z_2AvweB6=L)kTsJ?_?`RwB9iHr#;z`(sr`Bk-ooktzb2sPqmr)I1c9LFJ7OLFk=x*6sNHa zI$ul`bmfv|Kd^SFI;880&8@lA(FGLL6Q?Uqs2Pq8{Z|LV3c6A%<&DUqHrj4Qm#rA- zvVSe14ZYs=M(Z+>tIi`->`!EEyhq2m^+@e7x6MO{M0J^4DA`{&!ya87=Js}UmFE`e zS~kPD}zdAuJbfF=>{u0d~n^y;_srI#wS93hb!gwu-ZCFp%14~!Z7}(%ti7>VxN(;7K8mmyWx`8y$8t#^bx0GvubHfODsHA1L8zEi_dqyE z&p>-NqG8L5^l7)K`$+`ko;^K0YH`}WfB9C-QawcM=PXA-X6G**kFQ|+! zjlCf=$$Q)<__zM^DSjv&CYV)rAysY?GE$XTfYe;FW5aZHEe$7~k0vf&f>hSx zH>SL`

H1uv=<~b$M$S`o7)n4pPtscNluI&+@n_z@c=b;W99I2)wWY{qjHm(m437 zzY1O60al7ptkfe@NGtC>_%i)?O=gF6`+gehF^c&&lp1aR2cLf zxpJAVRPU@W3 z-jmDgz2MPpfdXsjst+A&q|1vQ3(Dp15;Rt(t0hFMhOX8qt-GR0h?^u9GNH7;t}Vz_*%i)Q1heCufeEiSg1AT>rG6)HA&I zvj;^-I-S_13%izn0 z!Rm<+Tj^Se->svoEpqpcQM*laEuf;-(bX2Ydq)QB_PEU$+-z`qRrY{%@DRm~P=zi% zUR#%EEM`=)pt#U#N#aW?27wnM(d)NG9zrO4Q+$TS(HlI?#7qlHxg;WG8PzZD;`d!g zS5m#D^XPIN#_NF!iCm(38OO+V*JE(9bU|v!Yg&5)`@Og!W4NbER6HlA#W0!cOc`d> z1qi$+mwW9PtElgq)3sf>p!%4xN9$#BZ*O-}F0IlS{tHl|&q zRG*1ux~59C;QFmZmx>LXRn7WZOa(QHMR?_`81@d$(X|Exou#YIaQM8)rQ%tD?Yb{S zB5&cnD)uMZUc1m*KaYCtyyi0|a#fKe%u{oZ=v`godgD@$n9Zt8ARX_jORJGCt(%Ql z%##J>Q%gAT4(GX?lt2RVi6kR778!HvEwB`JhMTIR30Lu14P|gKUcBo-8BZomVgk6; z>B<=1%zn?MmQ|{#{r*_J%x5D8*%3q>kuwYlLU;s0GN#4AQu)ihJEX=o*l0<_GS+qk z749~eQ9ysz&&+rJN%3 zi=f_@$EJK2R)$1dSZN+JUi_~66y9P(w80Oxli3A}sGiJQth6!`A89AE@@HCt=KH8* zwq?R@8_n;9RK$GPkw8c0GNGn!G&3$>@@lf3wUKGRBO#a3Z%L4{jLc=a+!8Vunf1b+$rRopjpqIeSdq-HcE4)9 z8E7F>(QLxhX^GhO(X`~QIQ_RHlcwouCX@(8U8MJ66rqc|SB#7~i=9z=h<)B8@_L#aP;z%w?Kl4Vej3HzK=2sWpI1P$nPtWx+QodFdAe zUs=dN$CHuBlZdE{j>kMi=}aUsdhXf_882V2yd~ePA@kT!*?~-vt1_KRETQt2nrjK^~{97jJR*i^j6HIlS^jnA?ZOOjxIlp(Au(oX9_nhFn!opk9ecyA2@A6jYWYY1` ztIAu%E!gE~GpkWryM1ct2i&3Kx1i5ePsjJkv2%J2Jf-2)4b7q>F-xi9BOaHziRkX0_^`ec$VCZf+8TT<+!@ z+$FXA*XuzznLRZh2M;j9$Y#^sJ zV^LG#DgpjDG!8*2Tm8`e*|+w4NdDg3m(B#jqBFEO&u}HkrOgm_8CZ|)BCWKa!u)cl zcWGO@+##2tSqtFc$9$fg0kYA-phU9(Ea`kt;g2Qik;W`_`p7$mQ z0`IR)qR)t!DF)R6A{ThSSHAG8R$RqwV@Nj6b-$g1&c=>kDCdzbLPue=xBu`_`K38K zHil%+J^ldy3UjH%Y_YGKF0hh1g8)Tpi#Tk5rXrq!=ri}qA_B|!u*11-})3jd6$JWI&`cmC?7SwZm}_PQ57!)-CW zOrKK89zP;12}Q&rT&r6wm;~fImStRR_YO(IZb(WqI%A4uWJ)C&F_x6QMDr{Lt`SnH zSqM*l3Vh~wx;rU*J|6^+Aj25;*cF};Jjiw2>PDjEZU2gl0|La%2Y9G;#a z_>l1xGj53SOEd8+3sqmQ<`08WMw4*L zu7%JUQPY;O?pY`@q#J-bS9 zA#vF{WV+$M?|-YCF2>7jOdKlR#NYS7)s5)?*k;_o!49=qM9PqaJzQwa+aIkM-x$lc zqqncA&&!N2%~e6+ux(g$FBOpq+AoR&{Dq#9IQ9`AD(D|2q!=^Eie-|B97B0UVg&3S zHD&}_#Q5{11)(*7U}ap*-Un(bB=afK!pBXapsTYtnO;XBm2BYBrN*B4t@TCo`U9(2oL$$5T}b)I6-qlfh`p ze?-}2NUryKS3HS^1^7sB#uU}Zrarsy&_lN_Cw3Pbi5RP)Ip!Adaff7MZ=+``yZTC2 z#El_&-|rFfa}Wf-xU;OhQyd&p`&OyJ^K*Lzku7e&Q(`U^?h}_-Qe@t;+Rh@2sasQB|`=^QxSigaKxPdIG-tHkCc8`_~OblH>-be!xAQ{ms2iw}|S#&Jx zE8;^z83+cur-EM3pw8&yTq`enS`k}CSMK9o@x)z;f%2gEjCng4wgPPJXa|nsC2(U# z)x0z?R=?)5;S&#?Mr(KmGv;6NI)u~bo8Vv0i1b z681S2+QsnP1DR;VLaOHA|JG8Q|W-h9fb*Dj+BD<1XuAiq~hR{dCfgMu8^T@Ge4p(oxg%DyeE6 zFXkkjkZ9zUak_+>r)=m(&pig+VK(pE7r({*Xf!-{^l-l@B3U*h(Wsv>8i^#H1FndB z4c)_!I`Fi)!ldpqE`X2{R zz77ubKOR5%I(WPTMW5{LdbQ~`Wk_QdjS6EN{x-?KMnc5j7}L0(LfBO-;;OXoy$lhB znM0S-gKKMrrT1v1CcAMb9csc8m*|}lXi4tvTq~5QX_KvURLMm~o@U}k7C`%NPPP{s#j1u_ zOVK9RnwrQaghzqFp(_lUBAc8@vU>q3UL`GEd5b|f6g7Dxl zSJRpni^A@xt$y{Uo>uQmI||h=PZvk0mST_|eH^SQqY=yO38G&g6>k@6o6+pb2%WG_ z{4Mi>z6H%Dg=IN0pK|%kH{3#9Gn#&bK2{QKN*1st6v;J%WIIZr`4x-+%Bn8<5gZ?$ z!MAeM*q!Cr!Ny*&w^6)Tv4r`tw@>BAKk5D-9Ym!#Zm z`M0QbU-glPps*ri8eYNQIgf^J%CX2MVO&j(0wJ==1$Xy2n?w|kjY^|c&sW(5*$kH# z_ExXpwvr{$MaE`4iL|2Po|}NWylzBK9Z_T6mV<&@7`c9glSW^CU6!x_PACL6vmM(`an6*uf! zi{v(;qBMR5F;^-!3^o)qlb0_dTaqz!pxO?4J(y9q5b)s2P3*Vhe`ad}9@!4gf2at= zt;?PAjs<5m&Z>`Xj2NB=vs^K)c>_P70BLXoc%znOlV>8#XDmTyf({HkVQ*EDWmhuQ z&(nf`_wAd$8$`G(>X$e?42K|NrcBH^_SzgR=%{EVP%l^H4#JYV@_wCgTex+%UPbJh z#Uf>y9Ow@&z`kkvb5ZWVcF_B`$YC16+)S`iB&`D!n(}HOFgVZkI|)K)qFuP9W+=5UE(I zOX)qn16K5e;dU`Kl(x57HkOqXt3=n@Gn+jra=?|LBJ9U5%Y*l^F9+FFs->@&7<1d^ z4_oXvOrzuAzGq{Dy|-p|P32uD8H)o}Vqv^pm}fYA_Z~mqfAr;7yZy%pk013P9YkUO ztNnwp|J5jB(IXmty&pX+4phAhLy%=Fe6D=5o}lML1b*6fstu%l4R79BomB!$tml^7 zBx932rdd1(D$sMp@|#QB{-xc;#?iF`u4>u4c?%A#0djueXOoPMiq!>vZAP5drx}1r zaDZ~O14b1Y$DT~Ez57?;cDuc}qLg}7Rs<L zP4W{PO@+83Z_b_@u)Q%iU{RH_=;XaoQ-k9wOolXNBoaA}u11p~O6|>0z*9?HvrMaCcosrwnDzvn7R8uwv!Hfrw-ngdXr>!*Q~zCoVeFkl zW?tYl%+R@z>xCI<8Buz=ja?f!4z@$Mts~pvA~047MU7?Ar2KU!`tZ^^IYJaAivn`2 z&oLN!=srs#lBal)Um6^%aF^mAN*m7Tst$VHDE!}50M-2&B9i~koWaIAsdH(`)4J}B zHCS2(MJ@x#93Ong)Fo&oQ<_9EWB|~Dt<1+`Zn@h`NCh(|(QE#DJi)>5&yi+q#jtVH zjE(tQvSruzcCUAm5RpX)x?KOE`Gy6PU{R28KK2|832&PkZdFqp1j4Q0{&@Z*n;wB8H4rTM{s~48GNy~^qX9= ze#R#3?T~C};x>9N?8h;R|Jn-vv0aTCy824GXrYK*_u2xVim0aggiqE`zKQndDNa4u z9$ZN$sJn#_<{69U#39)@le*_{#}jUB8irOa0!p_GelA#7#4>qn%W#Q53^ofs8L@2J zm^%T(*YmRli5HL%oRmgn*ch$$ zGtJdB07M`jUI_iyFU9gDPwe`|xYP@-AANCgq5J!8z*IOeO%C*z7o~az?wb!q1%~>S zE5Q;UtP@2k4-o|RxcnQjfTVV63hId0^M1d-qF0k9pl`_O137(cv4?WvtCaqhvx-BK z>-CWQ3nu@YYVV5|(3_JajPrEgiZ#2kXrkEB6o1HXRx|lh~Yv%oWxdSK|5C>qZ39>62-DH4H?-wIzQQVTe@!Z zQ*v~ELZVEI`vhVkGNv-lu8TEfoBH|i_dH|d2R0`^f{FOl)a!8yh!g=v0flXE`*4Nc z4<+woQ;s3@sV=wOdCJNaf)K+N#yQIq+j8BYf+{7sRalUsO4UIqd7#-k7w%GJp%P+* zi$kR{KFSsIlpw6l4$+Z0yk>LPbF1wnB4VfcDCTmCojzmZVMUdrSJ(Y8V>bK`L}xwI z7NCHf#`&awl9(B;h?>kM`TIFzGoe@su!Sd++WBk89~_KgF|v^bXUB)nUK|IrXfw-` zK2Q3Hrsz#-2~A;925_sq(yJ0!L9h38Uib&q;k!h}WCPL8v>GCgVin+ifIotCLCq!j zk~&NfEA%0e-}A|o99~l%Qxl!7&$K)N?ZFQqI4Xk94 z>QJ*>?@(;04SRD#=RMFGY^u;1MW0?PN-t2a1Q8?f1*UNfMNUqoDc!Sf%jDl8x2Vo0 z_=a3+1sve+K76>m!~;!v>G*&|Ft`Q{?-QC^Y$B!Pte|L9xtN-2IJJ|i(-lK!ZdygJId~~q;x81$R zU+zEr8`)iBKO29!R5bhB?w#AJcJ5E|+a%8!hEH;dT07>d0~Rau%%sXbI?;?;q6uFT zI-#2Rm(s8;*x^eW@2BqP=U@G=e*f#Uqi@lj?#u<2?Ek&J-G}AMfuR6eL=!0{)zZ&O0Z4vahe$;%CUbD%9aA3X8S5jW zPB3DMR;u}3B!#E)4daukg1{1^TcM}_s-xC8G>rput6}LnD5W7Oe=rqNfwTOlUc#S$ zclfpN{{p+?S1FP^oB~Vu|Nf&d_bU84-{>A(2LuveNuuM&VHV}GfV@Q%bj>~T{ znoeH}5i6c<49RZkC9nM?=E+sfB2H<-;+p4(^73PWE%kNzwVKCf0J5tx9+je#n)=LT zGEXMW%dB~n6o=`ld^gU-Ow*8voBrczWtujWFz+^6t4(=$#j?f9Gd9kcoL<;uX3(dN z1G&*or53n!yOlAqC|}R=*=)W9=IbO1|NY-W{B+e7=c^Io>QgiBHT^oB|94aXm)Ux$MCx%0vvrr_F)Sb2c!YHR_#*eym{Z&M1dJoZ) z)>GcnWe}YMuOAF7OhD^{><{~tWA+JE*B9)8~c_ws{DKC+X%c(MH8 z-8;gKyMYy z`0V86cNd3e-<=Ohzi-aS{v^$J`u!W8MB=6|`S0w>-u_p+Z@)bFs`BBBSI>@z_P!rr zKT7nKD1163Pe-HCs7FW%$Q}#&Ia|DA*vpaPo;u%U?@M<~hiQ%y&dfZRv6;x``0NFD zwq7PH-yAG{a-cu>)DvF$wd{WfY8|q>-2gA!|GQQBfA7ovFTeb}|L^1HO)`WvA%59) zxUkVbHKCt>ALUoG|Ca%buiVDc{lB|k)&IYI{MrBGUViUBd}<0l|32l<+y6z*fWeV| za#y!6_gk|6AL_%teEuKoKi>Pi|L@~hi87*@;$s?uyE7Mqn1?KpY)B4M8ctb%KiI7+ zlw3)B$7k&Zu!6|BkB(Zx&hcETy<8Qcn9cHptNCEc;#nUTW~tscsZ<%GGjfXH@}2AU z{#lOc*zeIa_5KVVeHHBXB9>~MCkeUM3;HA!35M60FlL08$}B`q5dh-71l__Wf+)zV z>#s>B0e%&wo)_qG!I!~5%7k3yBL?X`SbxS;#zVP4&SH_Z5_J&l9aO3EYDz@J`s^)2 zH!aZCRB){nJ_`09wNRMmayp@k-Oza(eO|G(Qnw#y;vy!)jHgIkVIxQUkOD4)$hlN( zhJj&x1{rXzdNayR6c1FuW|YT6 zGT}7I@(~yRccLGd#AwEW$-XO!|4x&s(%ClG6$6n~-es1v;rbF)IQ8 z!mF1}^2`U{H)(x~qoU{MK>PRMi|2g=Lr^BUQ~))EG0hmcrWx0#t~5v}DFqZfp4hPY z0v4v%%SJQ=Gd0Aa8M{<37122h^Ng!`VF0cK1ECfBG>>D0B?=xfn@+0Sz`Kq#k7EN%28IM?kv2>cKz*To%qWiVDVkXuD;JPJKrbg2Cg`1hpP2xqan+(=U5ULa;5P>YS z9=4X2u0-;JDQfNop!b`bvbdEqkXsl^fBNeDHC9aCoITeclr!Pg>LVg$8C4>y zeWnlZftFAP;Vdc(fPj~e8ADj6=h|JPo4h7H81Xk}&n-F)zBS)i7^))Aii8h9_Jl+y z1{esdVaYXS#%IYj&jcpcF6}J6tvnb>6sZDog!l=PDMBTzFXa3rr96{6SbN5(0mrp* z&m}PDz+3@Y7qenhoxgf<{Nv%7dFt})Nik#a&r0#r!}If>UY$KFm;W{sCUjsE6g{Nj z2R3)%z?;UM0&AJgz0h;}>Wa;WWr%kB2Awi!?3SaSI&tWB#u#7kl!5x}Y>bZGRZ0_*N(Qj2o53@;`Ik#14@OUhG6laU|VQ$%HJj3H_g<8>hr=ddQ^wG7-hPtXgB!$aq zvBkaBgYdep#3CSs!QYL%BF@3W&F*H|@uaQ(iW7$IsTCa%H|(u4a)?W8**x*q>jnR^ z^&DX}rDt#!z=utkf1{;< zXcK)zgMeHYH&a0(0p}zjD;W9?9eEOcw{B>nN;N4#@FZeH*sP@DCh-P!$Hy@>ek3rUtG0e}70FJDVsSf=NdX~v0^H=-r1a@?6GV_TzxYezua@>e6FrYM|}8OtUt!ps#`Iw)0It*^Yn z%M)xqBwOBE@yx86{=UC>wgd8#F?}HLMeGv2FEk@;+GN<{f&gH>aG{~~TlXBt-JtF| z>>^3}04Zkx+1*nFS}*f%sNe@SAN&X_0yF*oz##LnkLY`8Pvd|6z~^c z4Eq8CT}R#-VttuWm_!sgc>d}P;lU$dg0Bv9H3gg~eHd88Vo}b~y`*IXmV#7Se$%F9 zE3`tXeJob`V|e{#uovumU(#&icZ~E&zn`1yr6=a(-P`{%*bR1rz2VopU+-25>oR?V zPx53J%Iyxn+Wl&;R1Seu?B4)ARBp8*f>tW9r?1!j(%Uo>N`xXFlGjJ4-kb8dUpKNw zL~*O`wK28)h*q6`MI_3l!4tI*uK-zBt+i!2mFpjpf9MU+H!dcVSd3`gVHp(b5AnZk ze|?{0SEldA*5M1I|1o^{+V9C_+eepV#wSxnVj-?1rmWFNp{2^K!HswCNbsXEm?4|4 z?RrpXTjaxsVb`y;w)5e`hH29*t6t;qn%Qla@~l<}$AYI3w(Eobg#pUfHXEI0*6ubH zbBUqtpztU#nZQx72X)bi^Y^DGRZ?l{Fitp>HZxyYRLfgnIXh^dq> zJ=uEUg=g5oW7vqV&v|ksi9X0f0FJ$xGDy|H6Ev?HnD$&*QCeDns1YMP`IUu=A<1Z7 zO-1ye!DO_9Xag2kS^%&2o%qBSdS2*lo0|YJ`{wMq#b%|-z?hZnTNWPF=2i)` zoIlQEhjvR1CjNu|4I2gQtzub1<9?pS4=gW{gc2F&C^?lfZ0W%gxdc>S{h6i*#TKb_ zXF-6{s~2TQO!Ys90)$j3~oz|OG#n9&5qaF|M-z{07wa{3lZU)l%oMguBd_oY#VosHtz@rzd%-<=&F zzdm{Sol|X$?Q-LL7RRDM#PcfLSZEV*OIzA>J}u|RXD<(59NX4PhR@AkgG z_4HC&S}QFaAkVcVEyjQhii(xhHSDr3KAgAaVagE`~^Ff@Iui7m7h>7-ci z(1DZ!T&=DKL>ZJ>j8Nx1?G>6`184EH5|OoCXqgVHb>_|9n!^D1L_mz_eZCzexX7ufa_Z-5|cTF#jK&wPi4gHzO`0p@C z8`aCvji-!eEF*_ckDeXVQ5dnk{fCbZYDBX(tMo+X)mB$e=PI-u3=Fu2r0>nU%5_#TlOfBL>_bfL$;O1S@sdtn+D8B z%hzMvudTUu%nEN7C!wQh*WCbcN#4B+&d>lJ=te$#=)Zecu_?JZv+^?*#71DGi)3n* zQmDP-&6M-U8WhGdoO+wLYjaaGke9Ds6M*r@9EC+MtX;A&p47Bh)_5~&{em4KMqi1(nzFuam8QJUlYUV_U(-6+G!*h=0>vQ-O<#=rG_jvr!(fFvdq-dg zxOrSX4>x~ItB!AW^R#BivG)>nMO7^OGz6>*J=G7okXChATkwV`uPSq)j~YdRuMc1n zUS0N%81f|H1*f&;8QRTX-bKN3Vl7Um;hNUti5O+2B%2wu8Mx@O-*ZWd$OzX<%=1&Q zOh9}sL`H*}ieB^feeuvgXwU?U{M2p{{pag>3cL+2A@#<;`pRt<_swhY5I+S=nHvja z8Tz%kDT7!ZR6tlZH@Sm+VYN`kbCmjSwEA`U93AWnMKaZ8Wgjx`F{BvG5z|7 z8-)=KuUHb5UD}``+#OQJ{miVC#WFbYxn%upWO%Oh=`xu^)H*25_&3&y!2@RuyJEE)A=P2b zsl*KA;zrslN|q>yrcnZqb)Zjcv29U@!d)(A(U*x#!3#GOiC*KyRA+1)+1kJ|B6`MUmcyCyG>^db$Rs{>6m}a~&1}Kbd60@o4kA~rbOV|$wpN?^g8*Fi+c$~H zA`>$U{I*GEJULu=x=Hc`)%f|Th>pzw;gukSG1xDN|9dn3gx3t`y~ zUQ=vHC9${eU8Qd(Ihf@Oltt)oXF0wZ&B*54Q zIXLf~x>~H6;V7nj=GA39xFNmsELHPoR&#H2&2DnY^7HEWsga7#Sl8RoC&Ow)U`__{ zPEiE{M-et*?5gI)Ii9Cg7p;Z^9}L%vLt$<-X8OD+iF|O)OVm_gJ|YKfcKRa`8Hwfz zo$=7iZ=bF1omz}YA4jC@o{FTs(3BM*_-BkpV32*4glzThF3RNbqB!1t@VeXl3Wdr1)0e-Fu5-|^L}vbh04Kdl=`V~6(i*MIqszNs(@ zCCEm9qwcef4V%K&-1o`F{pIfFpuRk@3gMRLF0f5N9E7F-h?*o~p*gT15bk;e>Bx6T zI2A%#uMT(5TkP(DkgZ9&uXWGEpU!nJXcEyZB8A34$ag;+@95X$Kgg?;CFhEUSKFl< z!xA||Js_)3jCG&ZoS|-BaPgW_m|OB+3(vl}-Dob zjjkbkVD(5@D$C;PsykUWWtlQ(Hu3YRY}O=G0hP@75D&FX1i0~~;>U08#kBuTpS(l$ z$Mf^p@wA_lWXFWb4$03XV%Ovs@}XsbUwX&DorV?Mu6$=@l#|eK$3tS1*Hl)iZ+*35 z(y)2=+9LKaft246$Wmp{&-Fv!%gDH#z)!C${1svAe06ConbVh#{3B8eEWy(Zc zhEKqzpSvK_m0B&^^vc5l*$iGF+`@vX1ywu`kil1>&W){?kF^vlq9P*6=pR~(E#ae7 z5B3#RSX3yqmerT0DWhcgiq>LCb-n4e)CW+lE8^1Hh})!TO0${B)?BS*VJK$lx@(=w zP{poN`wwDT3+x90jnip0vlLjSSah0+F~<-MIV2DM@nE%D%!%aHG9(W$2d#Zq)My8{ zsIn&GRc(z~o+v(JMU|f7NzMy3Mz8RUf%M>0_g!#Ud)F`+M^ktm z1JJu^8QJUiSi50ld%MdSS>fJj>nfg9d04Nc^DQdDhJBkNpp+KTE7bR-1djy)@;;p~ z%<^h#11q<&dxFOhjhP);6B>gVAN3^QrGM*XRvkz1bS(k_577%ph_zL`$|9DrNb7m? zBIwlPkhN)XZAiSYI7?PKXk#r7uvf{slK4*qJ}aNeq+r&L#EsK6GzHFe(yM)kWK7F3ieIyM9u(>_+U5QktSnL%#>e8CRSTM~ z$-!nZrZ}W9qJ1}_{vxa!PJfnbMztKSwkV2Z)?LX&3ZoYjIvZJM9X(cb?%=`DQLn=& zpiR%SMvABif$^T(R{M^azC_=tKG0E^`Ba#m>vKkdPt|dCokQvKaLV-g@%`)9r#(`1 z5I#A<9zD|?8j^>*3k6PD#z9EItQ-dm1zuZ+#77ISzQxRrucsN4QxQi)@^GQdc@B0d zuZ-S>b_AMeEWNLgxOY%3@VfAstiGxzu~ej zUZt&Z?RSrAH|KFVvQ6_vAGCdQ0fK$g2VvjaH?ZxS72x(R-+>L=@SDhnG;6I3&#lPw zEwB-!l581waIl&j|8TyIM+8Q`k)xLg^ z(7})@6YHUsmj~qJlpLKrJA-+k(Tt;O_6-|NA(Bn=XZ^Lg>9!+06;i!KOnsj*p;NQ> z((?`2FM8tl}GpT;!YWh8Xh;jK;@sP%`K7yh|TDidg1e?@iB)Gb|t-KXCbRZE6SBS(HJf zM|e{-S(WSvB|n}X5;6Lfg{taIFZt@Jz(L&A2k8%iu>$k#Rs7(EZ4-$q5d5u61}y& z{SJ5OP|Dl9eJub44}(X}>_f9~%1R{?xfjUmFfg0bruQ}X@Ls{$Jctq*U>$+X$760i zh)S89Ha&3KBofN^ajBV+|^1e(n9>9*x^!;pka%lh;8{ zF$?14v}6IbVNxfj!~}XXSq?W`JO!R=%#Pz?a0~2|pQ2BpND|G1&VrDVxaE*n&%$aWy`~>!Wo=h$vwryZ7{_aUIpT*{| z*(4Kv&U#QVxPeYg-hSzP1mVlF%OKQRlzoQwk^&Eey-l+r$y4&=3E3^Z8H;R44rZli zvAY8+o@qXM%`)KcsfodIuPXTh{I5zd<`3SzBVS{U^z8WP@b&RC^6dEA z!#B@glOGSCzd7C^c>*>^_Exh{uHw0#8GSkc7A>sI9g-pz5*TC`rr6HAe@}GALXkxu zWz}U+b!pjE9{KBTon5bKre_zd>3TW9)=H@{L&i|J`}je*_0=wxs~vgh;!~!XoVpQ) z>uDX=>$VjsGd2^~EV8luT)G>4i)vitf~}C~f>&#aG9K+ER_Jy1S24O+fOU7v8E^`! zAK`~4uGfF4AIBo3u~v$QRv*S=_OQ%tUDPxj2?*)taZ#-+`nMrQ8V+1_aC4AL@JUK( zhMt5aZVo`U_?d@`OtyHy0*IJLZoC7c*miO8loYP?g+#~<_OD)P5g(6Prp2TRfRt(3 z5$WpmI$};ZJL{;nQ0e#G6cGtAaC$bt#?^NTMP@X;BpHK$gTx5#mq9V)=l+1ecof}k zr;@!*g*1?fro1MSB@v_^bzlT$iF%rYcO{4dC}5P>xw>>UTq3%k9&LDI`e9wkA;{v2 zF?S7W;4N(XR7w$Y(7}v!UPp{0BDZcat~$H9^wKvGE|c?&~@IhIM&1T{b57lpk~)S@M4*0%FSp$=(%lGyuXl9{Z>T30yjE6?}EnOEZTT{ zJq`k5O?77jguX-b;STvVm&&?>;jHOB1fbPK39nWds>`6@6UKNBmHN%YP`-YCPX2?8 zFp^jSQYL^Un1yN42Fj`mU|obNr?J`CUaiGCsNdv8_>5x?C52A!Td%q@N3vGVqWFIl zL#LUyX63G4P>{1k%dB3F9snZ(IFy?9I__+b;8j!bfGkgJu!mPISl$dLB(KzzWj9>1 z9S6s!D>cR-RO$?fy^W&MTLm>NuhM_jEwFEjxmB?=5B)_KQaCkDqU0=3Y}{$ZiePpi zMXb|7NP{p_UOk}k!jZ1oFof@F^%M}L0KACB>BY z%Z0q+=>=3cFJ+M@W?x^xzP{C(fG>Tf@dIONf%VzK*2{cA7X}6d>>PQ3S1TO3G>RM` ziT(!8b&px29nCulX%xXM+osBVu${hQP|fL9&%N>X=)&6ne!jSvF-0%DZRx_@cF5vO z(-;)0dv7Vf(4zvSekqA;C^iiJ)7BC_VQ+`FfB#uj`JW{=-*lKkG}wdBXVK@g=<`|h z`7HW#o<*HyZ@pl8-Ppb5w^oO%qOX$Wp_ zLmzU$LcGcAaQNua!&Q$aP1oX~V){`bl`N2IG~A1ns%aa&1Df)|^&X^flY=kz1_-EZ z6SH+Xi~1pruDKN1=R@i9q4fDs`g|z;zjY`XUQ^!7pcH}Y6pXM)p!S$4$nX2`pWfGp z2DTrKiWLrXh@2HS6*9!g`_|+s(CZaVaUzabX7kR%JIF7hIh^69Q|6xlW$xN~Gz=f@ zef_9%K6oo%;JOn8K&xupt3r`6A#1ZuaVc{q2ag{<{Cw0``*BZ4{lFgL{=$9%@9bQ- z8vrFBS1W>%f#?-;3u&I7nKFG?XS(+5<{;F*vv_~;8WY2~>kt!G;)zN2N}|ldj1b`5Xo?hH4%kfSx}ehXb#s}3e~`=a zGQox}hvb!JuBO@IatRRO(Dw$TeZ;u9;?YOQ5Owg_beh~0#Ig3KEt13V08wQe5oP{@CfnUD%V)^*Pr zV$@$2qSB@HD=OXEwa}~C#v-+;fh$ggBA1p&T>7{eT((szGPPK#KBn*n44qazamu+1!tKg!C#sA_*u7!@=H|9-`*@t)TTVsPB+jqUZBMB(bhPD~>gc^uk~v^O9IN{y&ZQha%bvGN6&+K8tRjMYmN&H&|=kTzg7m}&T{#q7SY#yBvV0l<^%u0MuV;WwK#9MM~Fs}X#)(!bK{gwefE) zYklggfetj>&$Yl3LRQmIo0ZQ_+UuR^{R3#HtI;bmRj0-3k9fNJxND8`Kex7iKJ0%> z`{UjI*T1~m+j;b1IQ*~ecY8ZueyF}^(Fh;>{Kft+!!Pz8tgH|JQAcI#XWehDqW^F3 z{)_GHcdh;ZVt-gthP(FtcH+#ERejG2yr$;Qr@Vs-eFyE?!iTQbVmhU=-r?z#0e<>> z0KQ`pi{5`rdCa2sM?%YZibY*``zN}sv4ZI0tqllt7zSm0FGp6iiQr0yWdS)%Y+^DW zs0yO2+$V~LR~f%%SpgJ{)gpurxP~5{o@f~b)1Vpo$w(!|bp5gA;kxUcWkT_1S@sVl z%l@HmP3~C|zMs32&r;}TDb&^SSql9ug?^SoS8DMuCWUUAu=)aIt%BWCf?owNrA?P* zgc7MTxU~@={n$7z8bySX_k@nMsEO&+J-{|O>}^_U6`S{N&8#835LHVA^=fKE+{(?y zi@1d4svn zc77M`Cz@-k-YV2r=-nxlyI9X6H{I^=*jC%D48PvnJJ2igP%jCL4Rot1W|^vnW5CO6 z!6Opom^;(Ju1SbV^KwS?Hm#Dx6Y~Aw&<8pMhquBv$pWQX?59zVqB*+CA&M9L$AqT1 zMQHH*YAGF>^;sSIDEy^Y4i^djx&6Pc#%KLFBv1s@j@(uZD-XI;1ZBPuHHjdi(~_KiWJG}*RiG~r`_e0OjP|V->S&>J|BxT=vi5Ox-d7b z#II$pHaGpvQO+%P@8i@&i5{({cMD@y?!%fEbT*(JA{W z{q6J5`(5qrE-r%suC)NHIW+iHisUYB?C$RFK7RBF{=2)oTlw$f-G`6%|F-w&;PKw0 zhYuee?EYz2SmM#^jtJ1yvuv4kX2rf%& z*eSnlAkMuvOsMu{srr!+F{8=GLa7fsi?w=U(ej#W3GdngS56CFttCorqISR78P}=W zH;YeeJHH_H-Pafxsj&Mn0BQ=$TE?NCBB-R0Oz*QnBO!NhvT@;dZc+E9JwbiTt z%V!NJEX`d>N5@eimyb(q`I)ySW-3!YB&r|w3BZFb$gSy^gbv((&V$X%x(dk3ES zaf}w(h=%tyz=d)BQw-^9E8Vjr{{eSx%|tF*$?t7i7wzz$z$VpUdTZDEU6~f-tNq9v z*rjQ_ohcPFaICxM)TD;(yv#Z+W8duCVFj;Xh8a=G-kd$ZgG5?Wse!~k6EO&XuZ$n| zni~*37b!S?bR+ZOWbN+*(_D_XS~_!{1Glsp7R-B!7TbQZ%|MyF!`CE^W>_-VpvH+ zShro9y=AjBrd`YUAa3uSfEi5sZ-fqBEMu8!9t+ru@aK&azHb<8g z-*H`Qs=pUf>674Njmk;F)sa0HK0^Iyk@;BEcQUcxvG(;=Jc-4KcChZPhf}j_8s`{V zVdKN@$E;cjO1sxaO|;t|<8Yb^sSaaK<(k)#uGe@sulclVzeQT}0_}KPw3g+u!mZGn zt`<7q{;Z|FF1I}QvgUa*$(X!1GYajX1vE8%tAYLm_w-A|u7wuwd{eJwj{CW_)|~8q zT1wkA>V<~x#A>LTzQ%g)W8<%~GM0_s9rk_9uUW#RJk7+2eTxZJUQaV7ry}lPglTkz zTH2NtVmXbUvAD+QyvBA;S;paNN+eMS_ICS*Aaqj7dl|gfOT?wyHPL#5e=93TA|iIq zViqdV-O|yiX6JvZP~yM0g9|44g@{)1K4{ZVUE$?=>O#F;+&ymR%<-2$pSe^#nHYszEYYUf6OUe2M-)OYanTk1@%f4_XJHS{q| z!^=H^nyUXpDwTH{;7qOmsxi&jn7>{7?QWWJ0T+xhmGWayEk^8nMx%9`tfAs_0BBk- z#Tla!zc1aW+}KA{j>-*vOzo)L(nnU0%8h*-{U~D)q1^2Fx={UU-f3(m6gy)zK|Tu= zudqL`+MhDs#dBw+dI7iONXwdQALwNc-nTlKGN$##HYdkh@(EMzd7B)3%c`%r-`vv~(##(+3Wc*kS{y!AR*zBWuZ^EBL0Xr4hJsGF(-AZCS@J>$eN8`QsOA|n^ zIyt?c*_)i59<4lWON@A{M&5ND;RSM*j&QPZP%oRKV z|4+sd)OxRQ?;-&4h=nv;#Zzw;ZN^mp8vIff`w_5>*4%`mnab1C)+m=hwFP+G)vB}5 z?49^r+R5y)-ZqVk-A8EjE_}1#yW}l zO%yDzpWI?_+;^)U^b2HmKJe|Y!-%;?Zle|~P}o@*a1?ebxx7@Dwb4<1aOFS7`uwbX zb!jUV(F+KaoUugRr$=yl9X?|*Q|wi8t|b2Ro>+Og>GP1Ta7X=d!}FyQ8J)28hdWA@ zQN(H2ygo{R8`DUi08K?mIKhDot(#uGS{zsqR&QE&g0h*{RvJ7tAyCnZu5 zi^=>v%@~c2M531rUw15#lF?|ry41B^jv&hBdq3l(L@O*Fw_+bTO`-gT|Ks ze6F!3Vl8X{&}yXUWA(JNrg9rCWy5BrSxv85WfttOqh_*EPFiz2y1L9o>BH{xQrq52 z+NAsXmRe=eIwtYC)yL#6!&R!}c0*T7$12OI`s=1v-u{d3rPrq5-j=!DK}yY7D6;4y zo`z8E9jfdiaTxHZFszS3zoWd+06^5O_O7kCa`*3o(2fDM(AJ$a;QPZArMVIiHgR5B z9k0a|`y`lnP3yRa|Nr50zK_;lef|$+?#krg<*V1n=Ye{w?$Abi{*S%K2M4>K^M8Dz z-|HzOr$wGT!708kj>O@T{}s!v~u^y2$nY?BzKm zW+UTF%pe~hhiuvzF}_;E-n)0iF1(UvW?CBOaSVKp1mweqK$CKYj>duWG}bTVbr_gB zgII(#?&+HOxJtQ+D|^uE=^iCjrco6Rh7JD462N9WDi^DVheXvQ?neUi~+ z!kTJ_2ypV@L(k+@(PZmC^@l8p+&^QfiSK=9l7uhL$(yt1WHcvPo+Nra)s#s_3~3U!1-=d;R2#t*d;*LKTw< zQ>5Q7vIREH1L+I$s}xB})%3~6yFjKa40NsX=iOg|#L)6#!)9`lWTpAvu26Y$TA@+5 zAa6w}2;!PZtwH57FbOXiJTrfM*Z=~;sUT)zzc6GBzi^{g%xq~Mo_oGZ9p*x_;2}9t zWJc#i(JMwM8M7NQ<4LZVgfv=u?)_@X$*D=i@1nK>cQ*c8wb2k-23`>tem8|#_p>4ygklU|TK z?8+M(R>hHXStXtK=jp3w7cUQA99M=b6;aofACnE5ra_T+IN)NSKYXHjW)jAER36D< z_;waQwAo{yR2w88K5R5@Gn>y7>c)*_d(){CdMNs1k=@WNB45}sAz$x)z3a2tp5=&@ z(XB?vy91%Znm5<|Gc^)IemXpRdGhkRAvrCwMG-DZ#3hjOfBw(^fn5v9^Vdk*X?Aqm++FAXBN;54B<1Z)EESZy|t{~KXQmS!x}6G7-$v5Z`OCCOf}fAG(MZ zy=HL>0uVlP`xfR?Z$;cn;rPNM=|WzI7a)lYpWI>%!JQY3V2dVG-`*$HUOv{^{mW=M zEpzr~)NDT1e6L*t`dEanUsJmMfwNq3TFx=nr7N|Yf>#^kolwkDk+4KPDGkB>Yeahu zGPf_Id@C|C6B#2s8H;QNa+ekb>~!+IesyZ^tKvRJEu zflA}swz2g7|I3G!`~NQ=AAI@w{{KFH@7@jmL9Y31NF-Ba%wwk6$dj2KmT=03n?3e>A7=$UeTt>*Ehj#2cB0-y&5NAM*WMXdQD@xV&Sd!n*D z3CZJ!@J~KF&&Ol_mTdHk%Jfd{qdGD8NAC!Hu8<@oQd4}*GO0H%m0EWMUDOdyAU3O= zd?;8nnPxmuW3usg+5fxTD0c(@{iA8{J;_)aYfiNB&keG1v2pt@VF($>4FzTGREyb6 zB*9Dz3m#9(<6oW3>&RlWzi?ZlMsdT@+I2KJ*o;UQIe9Dy_IvCSpRz~t!sW?Kih z;o8npSX}ir-S0JANv+t$MQ6i5(h6Ld&E^%jl$|w|`vY>dR<=}kyxooQHS)e&H`R$B ze#aE7AS;e#Y$mSt!bmgLH#ow+_T9czu8NwF5JJit2TkdS$6RqH1Fu;pv2SH;!rp$% zlZb3w|GeA(`j>zH@Bapse{3wTXuF}iXH4Z8TAXQ`W+KfvY_61B3N&*mk^r}N*DF`l zP*GICf+Gjldrb;PHqni6jdwzmx-`qybsVKHk`z6H(RsCQ_zRJt_Dm5Lfr$$N64cF(({`DEBo+xw+~*DRa#E?{cAXVyH`x7hoU-$xm=U?< zV7qQTT(vk&JNN6gckT+}7@9Vdb8wC6IyLDD|EklZ+4!m+R^K5ZtQ;~W(=B;)bJJ)% zyNs4(CCgpw=C%&fDslYwJ2fLS zXJDrPp=P;!o6KU#pJS9#F68EOJ`0AXETe)I>y3lAeSu1Y89Z0O%dI9)q!|rx26}T< zgp(O3uWZITPrZO#svQt%bjvP%QdTREGU(5*jAp34Uvt-T>V8B#PpN=X9%*)m_FOU| za^l^WyCP4ap+|ej>44dJp*y8Sv@hjubl%qXquv;9R|e1P%Ta!{ zGv|YSj$qxLchRg!(IdH&i0~U|&x*8-KH8=80M*w*-vcZyw$@6V5u7Yp2>5)L>i}7O zs>>i>E?))cN7Ev}$Lbm=nBEe|SD_Vv`r!poP*%-{dO=dd?=M?fV>5+F(DJR1VoBGRq&skzpR6#40sDg7+3~iwqCthvf7R<+u zoTpt5GSFZ7s@)FtRDJ;qPyd%hKOYvAcT*w?8kZ%Fd8&OuvLt6T6XhE@4fcl?+nfrD zR!wnUn;iLdOoaVg(i-~%%q|8)w7zva2i(8@hiteN8Bj*_;%MRlTxP zo7x%QyayS}&NS$s&R)CyFl*axg6!V=xMQ24Ui$=?+qT^`oOfpDg4?BHN&Hi;Pmh&ihh} zF(a`955rP&MnOHN-e|y@0 zkpJ%G(fB`%#TB#s2It0zC5*u5eS@G)`OkotRb9^nR#ze)M1fxzzFwJcx^=8gYy(Uy z#H>cpbtz~Yq--VzrzyMc@Qmg;5gjK$=>WAyIOU|Rm0*ksP;ObhnAUw=k;OiGG?%mC zD!-)Q3K8Co(hEwWPoD2_@ zQjN5-y6Q9fXu9p&8~u0IE=TaxxiAQUs;Oj=)?!{<%XeDTZ{D4rrdX{?WlL42Z)rbD zt)%TnL2$BWFO;5i%}%f)*bl*zVekX_00*G3$4I9!87vzWK(qHA@>k=ULQ!W$b??7k ze+p|oM998sY__blUfavMQBB5RXUYwFuVVZUJcaO5AhtW9h4i~)kCje~P`NDI&6qG) zU7g&$J^yz!2GxMQaT;q)fva1erQ|>1?90D?Hs@bs0$s0D;!RUQ;wivFMwMYzX)dIV zj++nLo0DhtkDb1i#SeDkTj9LO?s)@j%(K%UN>rRJs^dAhQsIpCo_b-V+<>wyY| zPur`M(Wk;KTJ8pu%p-i{;p-Uza_tXlWih+zn=HH9MP5&r;v%nPWz|;}58wp7cZ_iAk_9a3WE6kQBTIC})X%D^jkDx+P-_NMeAxb6j+bS=QwwE{Nb=-@8SNhuXNK z8{;T0goQICxFE%aU{@sD3Lez7;2M|Q1_mm~h<^C#>~%RS2yApN)EA8nHmY7*Zb=ql z>(pnsgOpD3Li3jB{l$f3IWL@*v0T?L&UAx$uhYAb&#+S*#{xLqD?;*(8qZmxK40KG zcRx^eVVvgH?bkhYNzPTcI~F&(3)o(=wriW!-`%KUlQ{SyXN9=PX44@l0>f#4)BEPI z-PCHcWy9*fzqAy${j*B`S0?7S(*Z1({|}FPPo7o%zmNI{5Ay$gJQ~$YZm}A4xXd{0 zMHp>V-L7^_aCEsZZ3#zL5H@TofjPmi6#8&wW@Gqg#Qk-EG)qo*u1@~UIt8ASSoW2Z zl*ED+s^5-7>%cKcTi>a-9M4nLGo9<6hn#Hnw-;c3s!PwQT>2lVlpq(c>68ZDb3^5p zS?rnYm#U2U3;Oh_U};LT@lSbz1sR}hmZmp1 z0f`OS#n-FiD94&cn6sp|+ks?Ncl^>_Ux8At=GQ?5n0!)iw`{fbzpk=%!QolA^>s#} zwR%h1AX#EWa5xGL?G}_3R4lA9eF>)aX@J`Gof-nr4v2}>T@+79GD}I}x9PnOwpXnf zYO7{v-jDi+o!&AxweP8L0w8!RC1uH~;snsYzS4S4vn#mw`)!SKAnu(*x}iPP{(DB# zf3)`;olUL6Kyr-4>5(scg(`rmwB_xDp!it7VcY&TPS2I3WhY#vGpd;eFUyqV9Oxyb zLa1^T)Y`Da8xnL4Cm9tl4D;+D8S1@Xf>uLNeDS%qEb2w7w;qzosKvpP;J z+EP|nPH9W>+G&gq;eJ`tdRCLk*6%r;;xUO5IwoBBFyM=i0#?E)NX|Hw6cc^=^dFnl zv^{87hT$K#JL%Y9lbQmLL%s6#0=iSDvouv^a~pOqw-p0zRidmkg0frKSn$a+Kt5EK zmHQuE)lcK?RR5s9y=pUn3t#0Vk3gpbmRBU{B(!+mB_i&s0aSoJ(o+4!tVq$|Icn?Z zb^U{9Q7`I6{lPcAZ+hKMw}4T%>)i?6!v(cEfd-#j$Mayb|IVF;qcvtija=2}%!>56 zqqguGZdz1T^`|1OH@5r&Y#EA@nDMw6^H5*QdotNqU!A^Wpf|N74XZk!5}LfEMX($0 zW-)P9*XY91146R7UxQ@xyW8~ZBU*bpO(6Ob2zUurkB(Q~qr2NRvfb=Cu&qU=529wM zdHYG7!zOtH&T!RfQAAaBv!e=nB@hB$NQS&%+iI&-Jz|vw7uw89j@=| z@-}LHS`L)IPS-2rlZEWhdPzPTmgV%1dZ}_MWHIyWjyI2U_`}oWh6>wgyEw1zl=o^r zskTnskn^EZ?Pg% zuFW&RuA(d%396EstOsg?6|xY{>F+g^xuip!{=T$Bb#O}4qr;_T{Qw6nFeloUDk9Rd$rHTnuoNFL5ZlG#)8cR>8N6%Wp9?K*6hI$bF!p; z@JLQ)~UUmDJaXW!)8N@#+9?k3Q@lYN3KQvS~WJ9wh7~+&eO}sdB3{QqeRh>x|%BIeQEQZ=5WuRYPlq zwEDVX1!M=$;d6Zsn-vIbNPZwVA$56GjZ1%2+WipM@g&?@03$Y`WIM;T2@KCd19+NI zL2>$$qoVwNQhS7z=$IB_af0p_Hj;4Qiys8hFiZH#nE*i5Vq?42rK1vA1lofYKW zq#%64(quKD?JP1|he^zvRgbv5RY;%R0CqW9>q$0d&+h4Z1Ic zfd5rR0<17I33(YIx+(wjk zG`b-}kSd%~<6Bj*HOss|NQnW9$x2=JpFug@Jj^Y0_JN!EKlK!xgBAW?Vx1d|N!Gk> zSXFZi6>?aC{l#wQ8#p4GkQf&sa~n^0B{#r6dc<=Qqrr2u5g7L%HQuWjnqf~j(thRZp!tRtcotNJAW0G-mZ=%B; zd`Al|{z=8;2UVpN9-mXOP8RG(x2Me=w^uj{Ke#qnl`o+ikXr4!?bTZIma&AKYs2BP z2kzS?_b*=MEju9B=s2aAyF7~Xa!K=U)h%03GOj3;x5h8DuU7L_kFB;=yCE#an~+l@ zVroE2n+;g7loVCVV&~eHAW!d)yj(wFu2!kxGP{LK5ujdoDjKkJTu_VmHcLkd&JmO<#8wA3q zj%84odLE!q*a-CLQy@oNz#yQxwnfAnxl=Szmm1Adj*|W;)w{P1_YBJ>E=a+)kpz}= zhZ9}T?{=x|Fy9*~=^fkP+^PM|s;yV@ zNHLxI6CKM}Z<}dIy&)S;4%4Y7CL34z%oGHu>q}Y;R!hvfB$&iF?r!B{KZFR+s_KnG zSxD^a1gO?u$HDpGS^BK<{|1!Onc|F&2p4=SNAMN#-+H}g760#p{^7wx{I`2~Zf+_R z7Z&`DS#OCzI-QOQR}-N}ngBfncl>KStIq#~;3OrSclbQsHVVYb`2YRt`R^S)>ph(R z`*<3!?^nituu&hiBkIaH4lYo$ts=ZMq{9+_{uQtq!+70IV22GxnA(7pn~f$lF7J&4 z*&?|0_vCbd-m*-}434pgTZ8Q+}icpH>Au9CRohU0ebi1 z)M(alF(#s7NV>tojL%MAROJ`b`EilQ+jJgaZZ(2_@0(tKt0818skCL@Y}V~6oPb`n z^!)MTjI20DjX_0f@$9}dI{cS=R?&Zx`0zFXpjOcTC;ev!)%Z_OpFZ&a_wt01jahY< z_RErw^oQe|p6JY(Xz)CoKsAtBvj*q9A;oDU(B_<|s~a(iL01AVGl&L&I%)R6wWd6Amh6KitVmb%5fyD-Y`NTuW)sO;C`UFom_qn)iIN~q#hKpbwRe2 zHTjZiPNAjY#)2tXkqt1WcgRYv)PmWL5e-$p2i|inM<;Jat8vlYnBb0|(`^~dTk(}Q zW&Glm7@}dU)%?n;OVzg_#%MVNZ(ejb<0Y3g2H1pg;RU0Aq(g2%s?gVz3)Jp9VJE>*cOwwOljmt6#Z+FMI12^76#o7q@XYT$tfmAQ$N8jk&6^YnkZN zajfpR{xLV3XWd$L{_|vb>jY3M&VRpmbX3j%^z0%3@BKUtW*#hgNqI2?LzZu6$=JCE zFv47(49~TZI-Am(;28jc+8RcCU5payM+06ttrz_ZV3*Gw&e^rnHw#)8s-}ec(wp_+ zx$|cw{^$AU#{UOTo*q{9zrFsG2mF5@&&~4uujXBI#&bu6yk+Y1DpBw&lxW_sb_YoQ zZX*3R`5n}!Zn>%vHG3I6sp+CD7h2FcP05%fWjt(1FL-J`yy7uVvC4Pil^}_`ZidNx z{Njfn|M~WDtKw+TL65Cr>|^sLXzpph8e2vCLRlEwpTsI&6JT5)mjOVUq77E~P&EIEvo{}la1Ww(o@w(`n85dAoEgZ~|_)X`sdw?WlDVjK_r9+HF~k~r!;+;=zxC-as|BuK z*VqTz3kGieoNBw|H%L~uNp+py#C@gHyR<9WBm+g(2{ht&wU!ZPsV`9tnqu$1rJ1Cm zaspM?YOmMpTL@a)zh|t3ohis~Gr~)Srb#ut-c+c7vF){2*>iGtl`HO{SQp3=JGPA` zzr5coe{V9~wbVcxq%B-U{|lCqp<2$Z`G8gW-+r%Owf}zd>>>Z(y*#D7vlL5fDl{tC z^nY@e9T$ZPo!9AfniaXANO0A)k4kmz8A}bC@W}QSY*$U-O8v7Sg@f zu}Kq?0=s;d%*wq@iaIa z=vBWv-yaQdTX&y8^)KV$qdT&WQ;%QtZvA*}A!98cn04(@jX0h@0aubxos|-Z-CH{L z{K=`_3eJl)wt`!|ac);EBE!kIIK^394%mOUY}EDITQz(R!q6FLHtSt*zxoEJk7Ak> z0i)mb+K}9gr1}7)s-*BX=a!yb0kiWvbLP^pH}rdIs1@*XYHsqjE@Lj3&*LTLwy@m< zZRiWO0^cVIRl!gswDk~XwayaES(V@`H^qfCY059`@y34md~2}KUT8qXR-h7ANG%`_P+-Q5Bi^bc>;&NR8^FL?vypi3Ms&7 zL~g0i30z8StzWr?8Q&U`NnoayODMNZ8U9(4g-Zgmv}2)R-epI(fd4OWGk-tNO8mcN z%qRC*j{gsz^$%+LpWeaI1OC5{XZ!dsIL~>vBmrfOjRL`}V+*%N)D$1>2CwDr{PunM zz*P0p-FEdDtfHvtM*d6s|Aj5r1#PhtCp0Dzi#O91W06OznQQuu9p zufy7eO2trHHN@AC`iGrfyJGJCpC!VJzNbR}S$0N4V+Go+8Wsb6)qL)2nqBcdFgsdZ z4t+#|okJRrJ=FetM$><^_sS;g6}zn*eVV<68c@PUl)OQ6%Xkw0Is)PzR2&Iug@`j`Y%ope@~Q|KM5Fi+WLi@J;WV z9;8~9qi)x`6VBP%mZNkbAyAXQj)`PViCTW;6g;ld0xsxx8pv%#@6RF%rzF9PI0w8{qnQnQ7gWMaCbBF zpUs_UZ3mmOEa5)rb@?vEV{Wo*p>>o5!HVv*R1Z^ado^hcf?SQJpkx>oY$ixY6??us zdG~h9QW*7Ps0Z2?B@#RtmL(xEbD%Q~ptkAEx$YV7YKS>mf-a0vsF76GslA*ZD9f$G z*;caDH>qcfV16|>``9`)HkdYu9}tWSX}*M-4c7`bD_Jd?5zZlXeVvwuy?<@af2j2; zluAs+JpI0!wa!g(*h~^Y*2T%9S~av*NNbE6RzP;}96s0QuvunjL-GT`38{;SYFzrG zQmBXcjVIyO0{Ey29ojjrO<;Hy8o<+x3X0R0B*lv*$xHoxaN<;|0?b$CLG?j3WI@$q zq*KCXVr^jWRQW2H5vJ*^Anzsx;S-i7s{wsisZoWmMhG6X{B{VzgXI_BMx$#f z=3hp8>uDL44bmzx)v<|@GJ#dcwEaZBZL}M3g=q}avn$clZZJLkx;@z2+gqvO-A)8Y zt^#bDDlB`5v zS<!k?t(5l9F1)C~7;-g+0QrRbamW5=E9OWZqS0${@K_&!Z&*-i1f+M?1(tEM-qVAySfD68i#Ln-^x zN&~@JqpP)O$kr!o{SH~1vC)qu)gCH-^etcS^vF<7nK(IsI`9Cu1*WzB~Wc34%tQHv1L z6LcQJF#H9cRq-F@IsWYV|DGN`t;K)n^&jFt+{Y8fGjmc18sqeMCK!)#YTZx$=;q54 zK4D#%W@8d0;Mz~Q7d|ResL~XL0UWL1)EM;hJJo= zjuKk%Ry3xf3;(L_x1!C}8shkBmZK3(32%KB@$0+bC%jNZRU*(^bC)j@y3ruj@rRPh~~WeJ?`vU;4wBdCbK$kf7A(2%QKNvos~K;Al!jL1PYSNVIx!R**#VJse?y#&k|HL^DB(IZpXLB6FP1 zq$mS91rhm>7b+4h-$x1Md5RZYr4A%~mI@At3dJ~+#Cbd>1(H-ZDt+w}qu@0lp= zXvR$*#P>gtbXv9{$$7*ldj^-IDMV5#qE>51?f_Dd-)59kL3pdxL1l}mAN9ZaTdRX4 zJaia6`y15wo(ObSI)t8NBi3qNUS4V!rIu_D6(nZ}CkZM?*ooP6I)h8b`tZw-5|>YA zLpdK3Qb!>u2dd)hWQ(oV#W^A9z5S-TR2zCXVKIjv@Xv)T+TBAVRu~6Rl(2XP=`X>j z?g9pSl5v646oDgat934L0UI4?)?7Qa_Mb+*eVF!gef9FgycUF)^M`1LSdowd=&c5? zZI~qsyok^#+~1*iLgFj5V6y^U%06F8(h6UOWF*P7uC4l8pML}V{n@M6ua3`OUA#Sh z^Xix2YB;OlPO3R#`b6(|zxU9Pr0iNwl(Pi7(UtSB%dN2lFG)@$dn{S$R_oh^Wu`@W z$}}{N%Glxi@*ok#SF8OqkX!pboMyfK%U#W9lYIWMPs>7r zp-YIMbs2f5r0n_1gHje<IK%I1V4SxC;ZLkwaz%~?h= zNoqM~F~!30@3N#ii_kZSi)iSoGDq+x!1iP1_-)B`hA+v2+y`?lq{kC7#nG>vWv$jR zdVg7ef7#Fh!EzdNvmNG5TPVgTkirIIe`iO`Lqe@bb}G`+yn z^s)qi5f{ZQ7PA6sWn+SNX+$ERn;2!}8jUDPlYR45c`b-VPWBNIakRIOrYxbO1quyL zH8jQ945w1IDo`=Y6g5G5NMn*Ar*G&Vfysl7OfoKeDVJ1z0yZwCm(~+v$^63a<5T27*N+gnrdZimy?Ikn;2dsL#uxpK8vXjy)g7_j6 z_yfA8X$qBw1mV$$#DXMIxfoC6Vw@@duFf&H^xU9+)QftEji8+iml|C_)Kwgl#Bf?u zoa<0q!2|Itola@8;4JG_%kQZPdhcynFj7xC*BuN)j}u7+tOt;_DLOg1|CJ>VpN9)L*VWEYGkY_^QM{5??m= z&T!WIs4!>=WF>uVeybT8rfj&*3_+P_%=SDvV2ZEQM#Onuu)L6j72)L985bZ3>YkD% zbL;HPL$x#2{yXyaU!Ci@uq?DFSTd8l5hG4=thjtr^RgNRNMi;#*w?_937W+Q^A9{E ztAh)*z#d^txhNI``&XHu(vjZ=sNT~6_p1=^$p~Q-&$wVygRX$?u>!q#eS$_11_PME z5<+B{zS_9*Bfv!K zse;m)+PIfza#xl&W%UlDQ&NmrF;(kAIZ`M_9!0=-F`jXPzWT~hH3){dU^yDiGGKdX zHvZ}>G|L249K2y~sN&#d_k49hWtG*Q+h2FF)e4$v?we_LNTN2Fn&3H6^Q!bWu*f4O zc@CwpLWg<*zAnVd_-?w{j>Vg`P};02|U4<&ga(02`Q++W8$|}pLoSM zB%R?xwxzaywTEU-LSJRA_x66$=&ybWwq=xCsus@k`fwYzM%k9pSFNfAY;+bAsO26i zCH%@2V(Rcqe6nD($8+N8e@pze=CR9&)!7EIB2n1=vY2JZ+ySElVqc8bfpb zd*=M#0Z&_Q)oaX4Zh5#+eA}Oj* zaw~WYirid*dI!KcEBO&8IG3LlnfiQ0il{kyZw{iYWLWS9_6k7Wy{6Y`Vn?vfL9e$5 zj0TY+JQl!pBy8WHP09Y4PM6dCZweJSS7w>g!6;pmDD}B@-o9K@#Q$x)r?&mvNmKw3NL!0brC7UC^F=1bkkeR-HSrSg6Dyy*D@(*lY|xOa^B%DRC3G|*1<7I}*ZVC45e}=PRaI17T0o#D^;?wGM6JC( zLJ3J|44cZ-+O286JP?3ry)_`yA%R!QkDcmEGd)voFi=B9dweR{RdQ*D#s$+*wzQ+OYE|zf0SMJtiH>h%3Ws7Ltq=Z z<{{+?);o=(UASv-kMlnA?wZy89#AC@pVW*@%sQJ35Th33W;?^JuC>+yb!EvzSmTNa z{p|EO>LGOx?DxqW6v3L!4nEf*@r@5|b4(-{-P)9yE4A0E_qmAX7H zd&rtPDHj+toRWA;aZ#CW>58F^VDkwf5yE z;t|gC2Cc49!Z~`R{RZ7{Kv)Z__4S&6<1YC(Q4irH;o7`Gd2%ZQ0~jM5pwh_4S>PQaU7~4Q`)rHHdxMFT+;I>Ih3&jk~h4kFPaXAJhfH_r1 z%G}UezX3Pn4E7-UpeM=HU?W$bXRrFq8YEa?Iff}#!~}#>PYVU7&H>SvO`He>ltu1T zNktOZq!IduO$%BRypN2kMa?!`8jj2B8++w0MbHRYb%@h)!s15bSx~V!$66Vqbf=rf zIWRv`+d`{(#DpwB7BAK0a-Y6Zh9BsS>4My{d^Xi{sqiAsYAaq>Z5chj#52Bu9ZQqT zNK!YeQZyrAZhg5f>ZD!~lGhf~C=o249kg2gNLh}N8X1;tS_3xpQllk{E?9=hoD_>v ziGYTL(?nCUyo!JJ5vNm{Vyl<+SqgLagwW;XrQ{}B$lFfJFHIwkGBu}Lt7L$l9rPx)a&J$VU$A$>9Qk8q6Hg-LuQ55OF6pRZA!+h+ZS&bERRIW%fOxgyYX5$8>I?%H&EZ7Cu*6qY4ypEU$k>-SG zO`z@=a3Q%O3$QT~Nf=U+AVui}-$!%GsVFzlV~*ZCo8p(R-C+N5RLOx*)YS+quI zy_wd=H7{&PCOpRSpj2ylwy7}E_gWUZPyjdN&AeVze(m^>_h3-(%b{QJrpZj#0zeuw5Ufp%5foRJhOOzG)qhBtXOc>ce(GfF%Vl;LbsYpV`!)3-UxjsrCY_} z@0Xi($K`@rJHRotb_|q$2ij5}E3BMm5NGUO>SrT*S8exqe?QsEsJKZG9jrw7RvNZ z9TB5m)Qv~rT4mitI1#g4wJmp!5f}}lo8tmci68~KEQUCaR6EbLVHD_7!185b)gDyx zwknmrrj_c(-DpirnIW_-3>Rn{;se#?G9y2aZf+c@>(eLQ3)khU^o3YfPYRlsR^Y`` z5DYNN3(~RDYGn*jtMw1`)mQIm{?%6l^k14}dj>a#ow@v~qmNO+QlhK)1_!quXqF72# zjjo_VIQKLn0@LeVWgN3mOpmp$q?vzP3SGS1vs)H|=|ed^kCnUCoF%?CreQq3e6(~l z+Prq_;W)@==|IepQ$yGR-{NsWI7jbZpBq#1QrU>plwI@k?5fi&J61?CNai?|8};4m za}>+v7{L`YN4q2%N9etL*IDM}`YRD!;P|TRmfYL3cN6|@t}%T;=B6Z`;EeKV1%H&> z@w?aO`)EW9E;KeWy_cN(6U6Hi!h3y17TTE8 zaV=8tA9JKq3Sdcj%S()ea4L81gmD4=-8a2=H@-GAad(WBPMFy^%KxG6XXx;kr9Or# zNQx}Vy*L6})BS+X+%#GtE4rqy_<;oE24*uTJ6copjpo6um_|poFy#im+oS}+ORDZ1 z?1X{+Va%p$^aRe2M_+Xn6Yk$|hvnwhRJFRv+|G&A>6#n;H@L%WY(;NO%f@B-1D#(% zg{^9}AcL4BSSIg+&XXXIlrsmgk`VqL6apEEt#ks!0vT!{vEF~qhC~@sTXBB4KrBla z5Xv+c`VP!Ofjj5Gt<7LaX(H*6#(Vlt#tCS5g2vol6}kY zgR0Q5T$No{j!2JO8>cE-K}EEAZ6vI6OKyc!>XV zA5TTiASK8Vj!pEHl*T0EWPpxy98XB+AnJt*WmkNFKI&lAD%hXW;GTm>qA{A)KW}Ig z;)QygAGAsv-2v)H&!S#SspoQaeQ>OdS<8!AM=JAnacjb4PnR1B$Ql=R-?y&F;+ho+ zAGA6ZU@oq1b?i-YOCoKZBuG{wQ%utV8dIDVvms^wF_td?tD889_FGx}cbrW)C6hpD z^QkOcFeW(85>XJs|08Ey5Edn*tU(GY1Z`zilH?D_29xe=Hbr8QlL5jx7?l7?otxEq z5`owBm)`RaPx)+z{~acCjW(9!|HG$8PoGxt|FdULAMpQuJUi&6R#iAE)W+yHCITb` zaQm<0H?KSDmP0bc%3VRii&M$I&2d2`>tn7*a?H7rh(Thp8jYxB{liQ5@ZV;5q1?h< zukZ@mDX|qoJIEwAP+VQ<;c-1-yj00hj&5#HUeHX8P<#IGyp1Bo&m5P|9}pE*;IY0) z&SzYZYWp z<)D91Fm?3!ey`OUr)-GfdKpZSCM32m|_fe;lvN6P@Qn8?*nlU%b8RyD@v>4lK<`GEW6Hm(T>}zckq@G~!-)WUk?I#o<~q2n+H%5!SJIje(9Ne- z%gx4O(r4_Te-dRBlrBoENicU5%-)$8GF9H^z*Rm&DN$An#;h`C8ILKOX(bwpCk#AT zwEA?$t*I=i6lf;TF(+Vmk;Q}?3e4}Aye5zMqLUBHml&v>4FQ#M)IN<4%H?*b3S?0?rD@BECJwAIpR z%0ob)07Xd2KrfUo|Kzk~v%dFxJsYS0)O{s!C%n*QmA?mB(Yi+jXO3g(FCR3JiB3dMy!@=Fzk!{Qe@CQOaAD^8ZfBX8?KrvFSRyonKH#*Ku zt~MV_-oXwxgH+T4sknif^uUWD<}^N@K_*2t5krCtQoLhVB>N67 zFSI^gr;63c6_7s=r=N;+07fYK))v?jxxl4yiM?w!cDs?Qt1qG0X)YxRvnAiC(b>>H zE&%hcWZ0cP9t(lviCP+C-J{*!V@U+d;MEa2GqHkQYx9HX@F?mjGC5>(;`JQ^^f#64 za2e#s(C0xhJH}bXu#!k`kF&rR6Fb}TISPBcqf^3WAQ*6G1q_za>mQZ6I&@tAX^2u~ zI?pu1-ql18c5}N778S*;AdJIyo%h>&^{gi4lAQymq>@^JB^&{~(b0N#AOsT0WLAzc zHg_CqR`7zl+aQTI-@I&NfO@uRz1h8{aoHlU#gm$K8SD^(u30lR z8l83lVwWPCp}MOBM+ectGrb8ja!m@ad(hHay-P_pmg1uA9hh6(R~IEkeGNU>uCqGw z>OJ)qVjI-EyMs%3OgNpK&l1dT*-!f2UoVBzM2BC(Dgt>RMx&2sR6pvTUrJ+u{kD((yzn zF%klv!sh+|zXsEO*=t4XlzkS~tw+GInoc&dK0D~G;c?^|tM()%RK6J|xSpXSMt9|U zT!LYW<&>fT#CPnIn_DXRycBd>s%$N}whma;VOSR$yB0;&0NCah+!WHuGpd6%;^A&%;` zE<))8ITI6B(BJ)l28ve)%M};E=aeBE5z{#y5wDl(#Jg{t@%$)@9#~=Hr?c0$;Kjbg zaMb{yeI^Ha;K-5)wB1tDC1b~n@54eH^&RxTIf~Frh%d!8(%_bhu=@JI%6by8YU@PH zfC!u!B&9BSDaUI=i87%7lRQQl@UWcc|NFoHkG>f(h|I{BCX`temO6KkmN>O`Pcsaq zqoo>0sQFqho^?7eqb3Ze3G+C6FUW*D4m>FL(fKTn2}ww@ zXAat{tj=Ty2u}dx#w?Qp81G)Q;woi0;a%AU`A;XMBN8v-lyrCG&wPS4CorO^AjO&L zm@|U!KqGxd5`Bd1twFiedIQ-zDIL35&J{ZR@BtO3a&Y2CegiI-m1}ktAjvacx;|)P zU*IWsv4PgyywEWRC1ua^6ppyjXK0sw%W8zkTE#g8CkeL-f2$hOQsszTBPm@ZxJX!6OJKFwr{h6oPnDCOF3ai`z!0aCOtQiN$E&R*De3;z}}jjG4PpG5jk22 z>{;w@CEiW(ho3TwL;GAkVVoU4Js|(yz`;;Zf zjKKKF_`ufUI+YU!aGTa(M89hxl=J*m#VjD_`Eg~rTguSK3DKr-H|Tji%jz-}44Vl~ zlQM#hGBel*8-do2iRh%<=LiRLpO%&16w|Q-T5|3yg|&`x!niPgCN23x-`*SdF69bO z%CdREB>q4rFCBL%`Q`NFWm)NsI#b$C>@f#Bb>&{EwhG$q?n!~OE30~7>I z*kJsPK?haa3ov^GZf3%+AruXq8gQt!9=-aN;d595ap!8yfikrKzqA~WO@Mf>jI1Z? z?^p7Vof`WqlR2nRoqNkNvX6dXT)bn}I7;E&Z>bUuKo$UGFO&x=1S02%DI*9FZ!-(b zim@ekTm~Ldhije9tiv&NRT3fI-GM3Un2{^p3%olmUk$1Q0qTFuIUQ#Rqp?IXa5F!G z&?F1cbSAUZMjC7F?6k~BWpAN%x5wrsyg??BZt@ZmeV$t|Cy>%zzkUUQ6lK43Ed}db zYuVnBV#>=;66HX8`tLx1aX+Y!S7b4;nrd(quM|PZsC)+KB&&Tisj#Z=C2YkdcjSKV z0OZz=8zRR9eKe^hecKKx68=}CD@yY65I#(r|46?Mvv47Q(=Z*~>Qp||8g>kNn zl;)l@CurNqMS4aN3~X5N<_2OB@=84XmWHo&{?_K+kl$Z9cp9fT$r>ZbCtC_ z3af&ePw%D<>PH9BVe|wdV&Ed45c?(L{fN)w$Skq;8`Y+yy3lkHB^i%Y-H6XdBl@AW zW6UotC@@0H5+=Cb#IU6YsD04(ijXAZJ^$>x2T!v6_L2Z$G+7J_nwU)}ae!NTprh24 zo00K>=+GL18o8lpV6uOvy}e&0_E z%7D8`G3SunQZ5-wxRG6UP+l#f&8ofI$C5}`vtKz_-;P$zW2d9D+_NG|D8J$Y3m#F0 z-8u<@$SlwQ-`xUFKcHj{?9Y zy9TZrHWk71ZZXT;NMe;yXj*CSse$I}f%o|;&jbv+Sy&TPS_paF*}~?J~&fZ-T6C}9cA$PTIXSDSN{@+;UuHtMY%^H+AkFp zr$*D0v&0^MzpxfNcF=1&Cm9&^7HkOnDAjLHO$c{eEtpRhC;pu-jdCiZ(G zlmdSY02A9B2ll>NgD;zcxWlA=<(uD*b9o?GBmdVu5xc)S(-Asc;$uJ*d&kXztK$XHUCvnUjmi z2OJBqNhdBKV@qdWXs+9$9AN%BPJxaN)Q_{6_-;X^#<7fH*RUEf&djZ&ZJAfsFu^^X*)U5kF$pMok5v(?*7enkMpxMH8SSFm0?k&pK(kF+fLBU$ zUHTyS(>tXZo#NEF-Y^Lk^vpZCC$YqR(4(JEk981gxP`?+$ej&a0YoqxnnuDu(*V^8 z4{Jo-uS6 zKaNJ=Mxqd#{L|(nQ%aDwL?&%>JE7Wr1IAqPLn(nyO^Ptbh!At@7TWUjh}mP%fjAXA z6??b2amBo%Su!YNs9BA4XXCw|79?`w?Dpn zbsmWiVo4h-;=ddoJv*rQ{~sM3_8bD<6$XBo;YQ?(|xmc>CkaR~M&0p1phiXxGGI8xw&#ozhb8=Eh!? zpmt+40$aX~BJ}AK>M-;xXIYNL3nA;oG%3ft8 zC#RKh$jbcgM?(df!a%sdV#Xt@-ftd_G_R#ts}yuF zPDxLkjriD|X+Dop=X$GEd|a;L`Kz;^PhJET62RYj8Mo=3xAu>3%#x?hd`8-NQm#JD zKRvE3d^xPa%}s4RVdS4aHS7iJxVpx1KK=0}gv6~(9%#$%;1Hy!-H?Q6eSiv9AeoU( zc_e4(OsDw(ecz`~?ZyM>-3T~GuKhFQ1kel6KY%Q8QGf7Fzt=Nnx)AupL9`|#hnzOq zH{e8%NTcqR>#H& zEbT>grdx>J(CVO98J`tScY}IJ|ph9L+LqR>4xD9ELep zYT(Pu%a+Ot0vchQQ@H$=JRxeg(J$KKs}z{phCp<;IlS6CdQOU=69sZi1azcahA&O| z)pJ|^?_xsIoD@6~d1EN3<@{g&;HcND@PAMH{RjT(z(cW=eF7W?-*GEnTjoZ3$PR=pz!v zEQ`_8L->Cxo6UJV(7f??fNraA|^B24%V**nlh8v_Fq*idF2^0nWnJL=C1dPDy1!+*I#C+R<3b% zZ0@wHzm0R?M^H^k7Nh;QHfmqAH$P-5)|N5{*r3a*g6gx$f8l9bcEG9Upb*yxLVmU`umOI0=_#>>0vm6n z>XdbYbE4FBo32^2z_4pyBDWe`BaK6zKhb=-8ypjvR2;7i0O*fcr9G}XZx;q{0WLz*Nci_lM8 zcOX)6AHm_C;G|s@rhVYLaJ_9eMxqJOSEo_kf9HdL=l=oNd|5@mQ77g1u3hZqaWD5O zAOs#)U-?4`)6_tJO_#o0Pn|90bb8CR_#z9j#+={tgs;yBsj!v7Kn_|jsAB>q+T$D2 zQaMTx*Fu^?>cSz-NTOXUHWWX!o+N+_YIZVJwz#o?yDT1QQ2k$zPxMks1Zjo|w6*?# zb&bw_4BP=22o9B1XJeDH+s#~NpGs-2D~6%9dG^0Y3V^!fE+*GXzL%U*;lOIQt`D#yb{$7PU{)L)2km%+U@E;xIa_&lgD`A=Q zW2{xo!~oeqCco>ijpwGbK8|uCYiux)IZM7giYg-*t%aqQ6~8Y;RnA)-NtNFo5Y%Ty zP+wYqd)w!>`u}Qn!%!P5^Z)dYD*FFtz5daI{{KE6jS+E{pk4A?so5zLdx9nLp7%9) zVW`U~1x#sL1(3XmJ<-+IN>SBsX>%*Jht60^ycEbAXl?u}xR!QL*Y|HQ#+4vat91K_ zGMXhM6X*$Owane2gd->G(eimv9jIP3Rsw9PIjG-0+6zO7eN~V-CD+`!P?Vswy&TjH zHB+7GC9UuonAWNgSgTuWU=P0ZCVqIfe(n(eyGd-lHdf*P!~UU<{||eIM-TVE_wxL~ z@V`!H?U8{yMCA@m+1Re5CHMFl89~qnjdPa_uVsyi9qLxSKarJZoV?O*>9S0vo2!bt z0>`aJ=b&~?6d?7R8iOBlV#9_)mlaXjUmd-5DmK$yCIz)i@KBrqRkW60Mb>pR zZ2`yzm*xZ_*>K0X9jUMrubsiHJDj?OK-u_H)p$6an@dUp1sZ0g61fWs)#G+;FdfJu z`GJXv=Y?$!879m-S73nR{qPGcH5xizF$eKX&&vnzt-rqwMFE@ zcOsjalu-^=Qn$)wPCdUSF2-JFd==Fq$6^xY1&c@gxr!Pke}s$i1-GU6f_sH3Y_g9!W&%^a6q# z$PZolq1GpF8!vq=Te&8~NaY~wXlJA6?;q{{@Z<^?4^XF0>GCgzNx7tQrd1Te2gYsC9lK{}FS(3pJ z!L)LXE%X3>uL*v*+IIz;4k{mzvYyt`boHru<_0UP2pHNmN^bh#Y&Pt2bw&H=iY)fg zBNZ}r@Vwld*}Q%REaxk0HBOQIuHZSAmn%C}-t{hDdc`1kRl&hAyvG{+zI+J(|dYSZ~hVo(iC~r$m*<*{Hgt+OM^ujbl@(N4nLwX5TEM z17(Dhn;SICb5g7rwJKf(6O4<}xL*RLs{kwUR2o5f<*GpH0azO0REt(YRim~v0`d#` zVCqq6%4g|u^DF-4&s$}<|0)NrVc6T9xC*da9k~ju?ay2V&@B#K1=6xpS7SlT&@+|O zS-FiZt8dF~&fNfGL6)E?&Dg$+o)f4U8xRwSuM0& zZHP*I#){H@D6omD-oUbMLpUSb|(N}mUB@MJbhk^ z9aHD-yS3UdeH|Ncr6U`8{`J>ie_bo75PfGvQ}Vn^MBJ^cfiBQ>%E7h%Ml5C+<`Q14 zxg$=cWmgCO$}Yc1SSplyo}iVs2dM2d8T9)5ScW=S0^Ydfefrd0F$Tv=@6)Hjioybq z(Wg)U!6*3O=;^A$YKZOXX|E|4|3o9N4W^3Ef{N1hw4OB_taiGSuD20l?HqcQI}?Ia zG5Ni{rq-rG(_%z?6=TW&mN#`nDHU`FR?GTFOGV|Qb&uF4!m#7bv;x+Ka`Mt1-ulL9 zRks@(Xd1;jl(^(By<0=i(QJhyT6sNQO+e)}yXNJu=NY$wcV0v9_s~bQ#&x`xuE;sf z&U?Qwq$sKsJUw~2#InHVvav;M0-Fsag4GrbHVH^srpya+r!9G@I&86ON{+j0&q>lz zma1g#*t#{Hzi3e7H!Er_8(-g7N-CDbD;rjDEv@es-CU2=pu<|);wofuEA`MiV$!nS zmGw-iHPGAk+Lv{@3vuIL(!%fVlq7UE9iTTRqWW!n_@|oHupVfgZrXGwem_@L+-6?u zN}zQ*sH*wBD^sj&(Z@|Lw$_%6R!!r^R{g5AN;{tS>TT`6t=PG>{dceT?67YC{q*UB z{r7!5mAzbsZLPTRShMg~ro>;;^U&Ll6tBI{&?A&#M04N6!u)&i{QpH#gM{?d8poo2b+2 zKuEw`GU1Pq3J~}g34ib}|J?Tc>pa0K?QsJSu*(1Upx3XS|HG%fhx30QPlf*L+ zc6sIH#%)XZDyqL#V7WZin%b9jH(JGn-Z8=7$cedOemqUTy$iSl$V1F&d^~f(+gEq( z{2gqc;DQw3&91I}oqkk5-A8{!TDyX^ukNFLFRqYt-|W7=kA5)OqGOVve&0vSa8dG8 zkvjWbzqzYD4^edI*lEGMxvLf?EMvtxIwf4-se89p`EaN0`5c07OXJQvYDZD@cghmT zMRv~XyK1W-z(CQ=br^SE-p5{4Sz*pXJ*j=VReuz_{euwsfybXI@85M;b*Nhc9MM#e z;!Nex^gu$`k>wD*$_`A(xOYYpT0pF@O*>ktzXcU6@RYlBQ2yR>-v4#=5x18AdEQwS z19+AGx7RzY>VKd1ALRdgd2Y)1kD=I)-n*RVue2s$H+q3{JftZVlBMPo52sVd%{L)+S;rW8k9pnFC z4B(abfBlO7_psl8@?igSFV7dn|92ZF_>RcHolt?>hYG&!c*-EYl0-Cw@x7f&{q`5L z4^-$&KX-utmsozPX9fO0cv7?fI663b@__&Eh^JgC1Km^~dIo@usjZ@`6d~LlXN& zS=-y63A@g&agiLKo|Kj3Uf_ac+GXNJis{sTHBJulh3Dp_!(gZofG^51S@$ldz-ehe z(?L_34Un;-o#GDz^z`WH@JNbTv+S7v#EHIr+d-$KfV^9frQ7)LA;DxxwQvPvqMTZe zFh|!UO(OsxrNRMvd?vvjXN$*hrTLm>vk#_$cN5C>89uGC$)q8>8bq zKQ5-MKm`^P*@X$t(D^HX)!f!B&r>obnZT(QO5LJwW?VpVHP>JdYBgzQXW&FKTq=X7 z9O_uYiR@*hH_)Z_~C!q9;*Rlcpa(rrn!=}60M}J!cf+{TmwI~BCdA18uU<|^LAB-7Zv8Lf&#nf_yc56xMJn-$eEP)tV zZM27WGbYe3NTs#XnJ%}thn##0=54S)=Hn8Z4V3}85kmRdvt+78PG8d#)VGJdy)EjK z2W9NP=yON(AL|4~TgiX5{GSKUo;-W-|GSrGP5o~r50(B}&GlJj56nf=mR!Qxi6d{p zFWiaIM>E4<6L;Mm-%yYARcULRz+a(|U-uX6YsCPZ*k1=IoQeM-|L2y^9pV3_K7cFm z|C57WRsMT+bnxr}|KG>c?Eg32#`$l0ThBjDIli>_-yg#DZ~6!H`q)m{@+kRaZ_`Xf+j&I-5lmy-0 zLR!A(H!3J^hX zS_=3%1nDnv*;EfWsX6l+QV!2%L1H$YlB~>1=)T#Q7c({m`T_{5I~fd=JCfnk?1#6F zdBWEmg@jbFG$qMdJs&{e1mK0r2NQQ6CtsRsRotbPmFUW{~Ac;D% z|F#z)$d1M`s42UIa#Em_W+ZAwFV8Q|1uIBv2fbj^Da+8$FV0ay3*L&xRCM8A)%{j9 z{JrSHzvjhc+?D^BpM0KmOF%;$U(IqfqAB66uOfb(x4w#o_^S0)B&K=mtN+#7K|kYy zvKdDwFJJLiq^;Xq5lsm0s&WPU_0Na_wmbi4uZ~~7c@<5Qwc1#5{+~X1R`vfm>^*(( z|G$@K2c6nQMsHa{&@02ywVW?z<0Xo8F68W#klh9A$hLO>PbBtgRk`s(e;|AVeb zk&%?|qw9hSK{7-$^gUDOJx^!ju@nq+Z4^reD;BKaQL6=L1~wrYGA6hvaLy5S`}*GN z>@T}Ib>5hY$!rMs3eJ9(yZ6G3VGkw1a&RIL%MeEI|I_NeEgVlBzK67nvv$G|6N29V zK+>ry&IjGDB#058>=|r{rZ~f6QbeuR&JOyX2y|BFG&{*gto8SQ>vWJHA4Ezs(Mc$W z*$||d(u}2Syg;4KKU$ZUmodvYOG!&MfeMl{gp&k0XH)Y3Ge}8fdK3B>>8YU%I@?ia z+<~gNAlYK8b#YDzdT+ng#@S6+%;5+8b0G_L_h5I(2Ia;`SUdxl6YzAssEk)hg)qdO z9dwd$fzuSdkbP>^22J(n_h+wOzdAmDb@BH2&8uI6Q_zUB+;J(3@R>?C^vmv!`AxI& z9vYIAT}Kz*9Ow?LoCaNP#Z1T%|CG_?W1eNBd20dlJ)N1cxD zQEgLe@T#J4mylJNEYfz^r6){7q}2|bfbbz(OlnzK8bo!Zy%=mQg+m0)l0n~ zl)DJVSaBi|qn2*)uiZY*0P5I@OL!eIA&S;^)R{3jNfMg~y<>nnvw)5EFkzk zno~|iiOU~z^nR|C9&)~Z*^Ro+&%J%Q$%0#7*$E-UUktc<4z7KCmCTNU>#yAD}Z3cN&cIOl$ zj4pjk$x9$JDF{wXoGZwZ zTQY-I{*V2OJMB6* zD<^?SNJ32!ECJe9-Q2(ZyD)eVd`Xo2NV`Ag4~b0TF#rZLgPFn1Iayq?EQ08s?t9|kBB{@PlGRHI?p(({lmX9g>*Hpfcy;wQRek+QHvy5^WWsC`qlSqm+{9h^Kg0LVeLdpG3GAac1YVw^s8f$U)*O(f0^Ao3OEM;BF67RyS z(0=eFc;Fs?+Gi8`-%aW(p5^p^f4{;0`}86H%l$lk^h)0X(8v5T!F1Q%+J7lW82$I* z+c*A%WpgY9iNJa)3%nv>j5C5Ra7N{^8_ddMf>O*mi4aW$Qzv2TLKt`+7@;m`L=Xm2 zg=m7(7>5M0NeeIl=NFu&qc2(m1!T>*+mBGM*U+wDi05N2sK^C@CO|Qj$FXt>ll|F) zt7jZcmNyEXVQ$M&(Q@&fB~HWkb-87@_cj8rEMqDfq2F@6kX*Kf@*>nnbb=Bl5GMi^ zyisZGlmfaC*p!NyL?G@@p<9H~JdRBSfTPJfCXO@0Nh0J}->2&42})Unsu%O>*9OtY zPoC$VDS$C(MZ?i?aikdjW3PJTP_O#VRs4hfz2VSY9}|O+p35G5uZXzf%@TaG{ZM;To1X za~2j&ZgU!u5NA88jY@sFON{i*4s$Wv*BV#(K??24QNORXX+B7IzD{xeV)T#UKla_v zdCEmb@ce}~h{r6%@r-dXvKv*GYx~ZCiFBnKN15xV?Ch2kvn5nsgI=|zoEmGi5` zJV&*At)~1JNsehDIq_U@2LIEa4$#xdJGh zF-hbMN6k6O0wspvn9DsDW(0Er8vP_BTC>l=+QAZ+u2H6=w=|*W z`IrPq8w(?bE^$&CiBm04v`MCH;eysLeFG!-Z4Oh);X~xDx zDdQzY__4^qrZUhC{K1UiSj-mYwae9!A%?F=j2EXQWJ$y&B=AkBn^W#!0TvAQtDc}Mn99_-`L}JC2s27OOSRO}GR8iqFq|l{)*>OmLT1kmg@{~wWX+toH z@oMRh95FA6bW>8+k&W$I(V3$uNk|3`AB8u8k!7viZL|Ua? zk%~ZV(pJOF^j!>bA{zg4iVoj=4|{-Sge!+sHbH~OAQxiJ)kOv+1S`bRzs^8zJ(`=a zxpG8$$wN;AB6% z!bCP!UR1qs0ZjD>B~zMQH5L>x_i-oz+>*GwrMvx!aREmq)hT)_>8LzQs`FPQ1%8bO za#A%4I1tJuu&|Ysc0t7Em?of3Q;na!IjyXgdT)ZH%ys8;oG3=8H?=&gmX3N({~~sJ zSKL&sLmTHU0gRRcEm%x4b26~lKqeCsiV=FpPQw|Aa?R)vGA<$`^!kc&!C~8j3#F3g z)w$o<%W%-)oKAsv%F-uh_qKQ)IolVkh01}1vIKUqd}VXm!WkhWpe}r=96$B|qF>~W z$aJnbFt|d1YnBkCiz6JfWGW?L?MPb4>boeSlL^V-c%fpJL*(p)kcdP;tVm|s*+rZt zAwhhGrMQVO`cge6d_g$O7!X6K!coKs2O@kd(V3Ol}Ok?HR7i%0t5b_k99XbP9h&C zg8Jr-XMX4dd>@^$RQVzER1Os6a*<&wC22FOYr!TtUCeOA2ePXC#}~Q}U-jWTeGEMF z@f5zjEIyg@@@uoFC@6mxEZ?$$@*9j7>O|S(IA=sW?SnUJ5-6Noqs1vzDW?RHVuHvP z>b&*S+1YU+K!MZ&YPic84QCR`Cq#rZLq3#ncV?P^^1Jr5WX{sNXojsW)!dwMJ@V+J zL^inOSr}z37p4Nj0&#&e;j19}l1Eh_@0sp;YG6O$IF=HH@%M8qX$HVN0o@zd@^GXy zk~ZkV-jHhsYeILx?C1y`O1uSZf*1<&++Wh~0g3-&!&8*}qvVj)T2n44L-VsYr)n}y zS4!d6?>q4=>U`b+0m7Jp0!C}SyMU~(>a~yFPqe;sE!;Cso8X1i=(Z_hZiAwi#v(VW zd{vDSa-+4Y1hY7>3;2O+5{)@WI^2#r9b|g7#)^G8w>0#LK#579_cu2wW{!(9HR=!tvMD*4PUR1iVXKX%cfE`%10u3+AiE-0><2pcUIuLbbYnqhpKc ztpRI*(^Pr-a^)Fke7Yp+Rbc!{QOzg`uzEmp3{>XOy=FpVtM*@ymBy^V%};4n-hUQ7fk(g%A(J3n@W!O zlbH@BkV(P*|5u*v|Je>6?>y4)L=lrqMGuf|*z#cTlgltdkBolVETjJFc}iiTO_e}G zggJm6v*;D&Sq?h%@AGI%1W-1#J*Uax1*WlN=z}@F`jBAr=Z;s>s|d*haAQ;8DlE%6 z`kb_0P7#eXqYOk!t7P!NHfk^poeC+yP8Yy1Jg)yLEM_M}_2Jd5ELsh6G|_4wm+1qH zs-irN$&uLFNE>e;sgi92gqvO9emu?L3KZ~X#4;2u5M$m-J?M;BSo3guLqqASz~0umK~8@srWN^n zg!X@=-K(DpmfytJ*~2qvk7y*1=YFYH2gt zvZ^i;=R6zm8P3Q6N^r}|lv=TZ%z#VKc=m~sIN$D)BPZHg%QMI~fY zoynFJE9S*bC3y;%=R%PdawP{ShXY2wnUs@-6#Ie72z(BQ(vU=;Z1eP(Z5j$?RWw6& z%q3;u9qnojYFCR|iQrk-QnlY=G^a_SC1%lDZQwK=q4@%*>0i;yaTEW)BKq6A_h+w9 z192sm_OUAd+q37xivQn}=g%MFzun8T7eH_VxkDZIUG(APjXcd8O}x1_Xf6s?qDC7- zj}t0dmVl&=wL)OyP;r!`Tz7pfTY6M2B_NhBzrNPdl}3Ys4!U)HT`vtfwuZ>?F$aB( zR`qf>Nlbf=8gd|opP?b7#6L6^@bAVKyesdmZ zCm{mw^dDb)06;inMm&F{!5BTVQ`fQzZyayCWh;RYk`!iyj^z1aq4)+y6LN{>G|7c_ zSCz=?Hi?dojak8*^8y>n3?XE0pkC@D2|;R{k^?$OzvWIQzX*|kxxq4R70Yz``sC-M zmklcgjdxk6^}8=E?bfwfQP>|0iH2u0&Th{{a(UN3M%}Z@vKRfKW^r|G49C{H4-JArpJF>!@dBbGI&`+3S|O<3&{*pa}g!QRT~j#~xm^NU1DW(BIZ zISksge(!>EI!}ZA{RoCKdeI%H3mEOBs79(>$g3g6y1=CwO~eHC{)7Af!F!dqRHxl{ zSo6;k4myh~X@-e_gn7wOs7iqyqWdC4C9}e{fw^<8eiwOYv=ssM{@z2q&%L#2iXK~) z0NU#tC7;dC<7vur)_}gv8Q3ahbh{~PZi{fZ)7Et2Af1atHeHPV(VD-j)WC8)F>UHA zC0*xCS2L+j{NXP8&%NNeKa@nwjl(awux=&zkqQUFEMZ4IawSLtvHAxWdt)N-Uaxv4 ztMvLmn|G!MSc{;_k{y4F&0 z5gWCo2eg-EO$m}*jMm94S7eE3Zu>ARay^+lqZ>5tBziAqyto&tuQJxITJG6z_3Y>s zf!JJDE9b{Y$hEB*Zs{&v@tb(9uVI2@kOO{pBr)1TXDK|xm zHaB@wq2YSK2HjR~vAS5Jy$-Zjk3|s25bti;num-nXE!2%ZT$w8)zzh(nk^gB0UveF z^jJ$IQfk<}Fe3|;F3{Y7T00kqU2@^|uD{;Wu&Z>~O z)-DZ^uY6aoVkT>n{G*VNmbL17nkftK8fC43*g*~}+s3Y|$xz+2t0fnqhQz6*Kb+CI zK1g-Zq^VGgxT0n4m5T|!O3jjQ2mSxe>_3I?^s;DBtK$DX-K*yRe)eSekpJgi9*1nS zQlM($KApl#r|+^TP>LbkB}3j4jb202tLy z+q7zc+LWzFaQ|e_&FH^TOf3%uxPty496UX!+W(&qAL9Sr%X8hylkbreMM4U!Ym#8M z33=3)O)PUGdZfXCvzJr0$=%PCEfi)A6+%~=R_)ltQ?zqHZ>uNsJMwJ}bNbwq6=iiWz-}X^aK?wrv#U?LVpHvVjQG|mKQ z&57%IxpM9wb)Wp=DFXIXdOveLNtZ!iikoxi@Y;|&)!v-VQKGoD`Z}al?JYt{J|B~; z)Wor-to4z(=iM4`@4A6fiXPOh*RrJ@v2dKs{IZ)CZ9>h<{N58Zjq_ojQ*$5 zxI-F%RrG(j_oR0J@7a?F`hOo!)#B3-`C@%8Q1#YwXn%tb*1x;n_`Vdk4R)rcA7SNGC#!qSv# zY?I&MGEb+PJH|d+kLy!&4{0d0)QzkRU~j2ENyUTDjo=UZHr3Xu9_jCJeR(B&zZv~E z=b{_g|Ms5^Yxciq5Ay&0JlZ>rzhgh?G)kuz;n^Z3VB>if{pAp1_?HT6H0U?@^ac8Fn z(L0t9)JLYIF+@}`LKwqPd-#dA1rExo!Ze0e(ue7&G%LIUn_6`9jMdvNWg+uQcEXTG zS(6EUdE*HAV4s27%>dg!9DUdlZCF~;gSolf)=-@p;gkHT3jDhuA2WGR*gh*?L`J0~HpM3LU_pR`Mee=0Z3|OiE8&>nbKi@xiIRD+t(@dx8 zx6GHZd0o02x7RKI_0DKbxf1V|`M2I0ys;SYp!9oq)N?EJU+2Tvkp3U+J+J!zKR*~g z*#Gb4X{P@=6@%*r>N0@FES-ZYThNW%v3aLW)HXw?W_4&H*&S=%$*FGHalt^6I6>}e z#J^jevi|CZ?4vYpbEGucQebt>sXMS$H<6mcm zxj}=KL@TCRHUG*@y0Gb8OobxfOT)F&4KDQ7=EzC+QcP7T2h5V;Sg+5v;kXHgOr=sT zlJ>ezv96=3&Zgg*-T@!-E>oT2R+(wTC+L`Sxe_#Z%H?XxYh<`2ozU1uxz%e z@5fN>`h0$C?)UKAQ2r~j<1DcOtd#$rJg?sWeER(0LH@gsry_W)clXmN`0wt-)A90W z)pveva35}Yb{^&Z-tt^CIKoBYy`H)IZr|M8si1LH8Td9G z_vSD5Y$E>!GZN3~G+`O()W-_>Z}{|C)&6tvuRIrRdGOhWXCFtjurzoNs_kt-E1Nc{g z?*-%EvjO~TUd*Ng`H%UNUnGN~p)n56^Auv=bMJA$FH`SvFvjQJ<3P+)@A3ch`sinz zQI>Ob^y)SDf;3~ll2CX7jR+p7avA&8^ZMxhFYjKToI+y|N4AKe?x|1TdciBtCj0;7 z_2H|xuY-Biv5yt||LMWgYW|1)XAkz@`+53qwq`d^u?JgSMQ9&0Cb-CO$`N++NPkSL z>5IE$FWx~#*eJvjgwe-hm)K@XF`jp9+UVS7IQ;k%iRVR*Tpj;=$B-+e!enQG=N%?G zNga+|=)aWh6ki}G(3qISr@M&HSRO}c!E$s-`OIW*frJM|%2hFwBXDN%y-q>hn9#XB zWA#n|S@(Y=0-Y2AM~{*T^Sm!#zJx5{EG7`=T%JZ5!cpW5#}CTtKc8i(!H&vssIrBj$W6W-e1<_D zskGn-Vx`uHr?ZBmk0-C+ygodA4JmLwH4e6gM!E2pQXzlZ?w9`FL1PlLO9_`M?E8*=6|YG{YcGv<)8$km{0ueEHMi$=N65`?@c8Vcm+Wp;hHp z!`eq@4DAQQVCZ=OEIK?svKcI9n4>WviRl+opj_-D&XA->=m4^m5+c7q0?ve8B9;W6 z_lkw*BvVmmXzq`E!1Nc(=y!9+BFo8_r9E)LyEK0|krIWNVSyr*J{N}~$FUjusGUst6g9WJ zK9lNK(gS-Q5Vx0bZ=C*a#2rP7zE^9b`6o@LE!&tTB4Yy(mOcXw?1x2rzL*ik_i zxw9(~G0PL1Thz^vTx1%ptpJ~~OQafFd#=B=u>B`|mY)A`OfsS6=t04u*6m}J|L?)x ze&zhPxA$QGyPv0GK){)x6C9c&LQF%Fa56%NDGq1E-w%dOg_3hVLVsxMhEnn?a;0t| zXoYf~#Us>kBx>Bn?%|~5d%W)z^3e!g41@h=!O)8c4>Jk`YJ|>a1RXl4i)J{9Vi24O zsI4U98!u28Q~AqD#K{rQ!x_TB%{=6ujXB9KY!C7cCS=vpJTB-2vvDls4w)m`#}OTKbM_ z9xz2aQClizSupg6TizVgBEyD{$Q;ucy!x0R=lci$n#vavP-}VB--^Ns=7h}uB{H0F zDgvCQwygSep2snsdFqu*NIYwM@RwsliTrpvReP~kp3SDU7d#J!55#?=r#t<3nD?4} zET{kb2Yb(}`oFy=Paf`n-pkWRazXtVC(|5HiLc1q2t5LCN&G^uy80{lm9xa_qgVPg zs>LvQpmtHk8VV>!82$I*+c*A%Wpga#>0&}-5G!abY zNw(fbf##y` z$%{OM`p9GjRR^g;OK>@3yvUQN&skcZV;N!KAz2s<%$`l-1E~w-`Qp%eGMD+H%KfA= zscy09+Zn;p`y^hd^Q2c#h$Z23)3riB z)g-a-vfoGb^uDaLo`pB|<&5g2^F{6+ll)eljA8z~T8nCNaV{84OZn~<_#T^~l zk5pm;xg~KDX;@$nWI5SISZ5FBXi5^20p=C<0kc$=fLH-V&SM{)N(`>2Tcb${bx_Kp zru=J88Py-G0>C4A`37#D{z#hkeNo~9$zvl;SDO<6WE?#!yG-h{CrW+9G? z=6hqDx$jJK!vLmZRcjfUGeIiNnU@WDfBGnN0{xoCqKu_Q!-sF)z;8oZP8btENRqSQ zg3Rq60*%%OF1f5)X8r0NOJt35xe`8j1z|oW5(VU3RtS7051(L&CR9)y)8AFOAxsdB$L1h#$r`p5IpBfbvMHts6<3F5(?WKa78oD>KJP|;^aZ(N1`Jtt2+$? z^}D#n;?)zob*knBd#)42*xZ6BVimkJF%CS_&Oe6#I4FW2*kpN68p09udO)N(r&E|X zbabrTIZSq7xKvL$a)Wv-3q627egg3%i5Gfpm5ZHRx=MTmFk~oo-qEq54RoT+r&v+; z3Ckp@H{nD>dtX05Z?!Cub7G{8A_~9@69hmJL37F9Q<9Um?Zyk;?gGK0tLPG4+{qNC5T^M=_xR1P!8_0 z0ufZ-uSmkA$V?~76mEtd5l%BD$7d`T#M!qQp2*b}4A#yEvW?_SYMyi{B_?};O!lId z0;->>+D3BL+e5+PVzsVT-9(-f>$NtyVZ}GIzCmR#RU?g)RAPjZDNU{#3yPTgIE1z( zNtf+ID1YMztOEI$PEMLRE7c3Chw=AIRHi7R!rvcBj&9AF##X1}rW?MC{F0ok>;PIC z@I`ESx&^gwx^9DX#U@E?>SLhSz$NB5mDm6~rD=EAXf9=z5Y!Oao6MRV4-m%jmI+fJ37{P>J#KylW&}BZ3sPA$10-yF^q?Jlq+mzz+!^j=^0H zef{cRU!zC5wm$rR{Tj5^dj;#Hynp-9g>K1=xe1tJp=S7kpf7&8!!OVdPE(R-3%G2E zB$38&)x!w&+_h7(mIkNjK#}}t892ICRds}V1?u(GoU2?G+C4`$WX1t`HuS)qo#dlI zQ4x|vEUUD1Z)qw7=V(}DEijo=$l04y6p~DU(Oi(4uB2tWw$08*Y_-czot@q58R!&` ziuAs3#zVbF1N2gPLBXO3HdTj3;K*_uexc6jyIq!dTLYzS-W$sxD(wutHyZj2(xp2? z)m1`SGg^9uJG?n&{UXP&<~t+G!Wn^(Ddk!%V;Gf8ag3K|R4Ek^xo3biVvexH2p&?F zt91=$%*Y9H0&-3=Ek1)E2TkMxa{{h+Nl3H{9tTq?OAtveXvPvSxvEu(sSx@cXF=Ju zc8s?)p^_^F@-Qt$v4~k|%#6gTmM7YttB%l23Vbw~LhG@VeRmO#ew8>WW@IiqNQjgM zakc;tU+tr$lvH^ZFVHx{FgIXp-zuhhE6|P3X~AZ~G#{b8;c#vgKx7WOwY~lC-cmip z;+BF_qgvr$|1I^(DRY5ByV-6*ps~4XjjrsNMF=N?`Zl9&h!gOnFtcJ$^Ge`NV;sue z-o(bZao6CIG)QpdnFMqok*h;RJaC7C_>X*?p6; zNcL;aX{Kj1&IL*sn&vpei69{Ur5U@R5s55V8k`xOq1;d`d2UrYJCkMjzsSPn zEv1Tj9F!a9QMqfUKsk36Ra1i1E~H(^Gh);)VMr!<2V!9T@^#9#~rt(rjuUz)+M}4 zS@gz{I9D%)!2FyKvOMt}+v&jW6F-f{1Fs=Yyyb;+eDxv07nsIsg4C?fX>#bk^R&y3 zqN?_Sm{NOKVZdmS`%au^r0$TRQ+3k}fs$1fI+{o_NfU6!uHBCNPxsY7Z4GU}>G{2; zO1<8$R>5mp!%?(I@SKK<7IMlG&G4YLJkb!KZP&p~9$s}vNgl_$k}g#{1OBSz`o1i^ zE15sD3TndvY`-J}o~WdBx3!TRO;c!PADs{!{gP2Z-X|afa{4x(H|YggXlRErntsB!%M^h{~x(T9^aHMZRBVP$TcG`@3o z=sYU>Wk~@1j7VNiGAX5~S96@6z{`=Pm~h}z{>QeAu31h26SqN$4{KYVM_6$7emiPjwL!yC8>-wJ_9JCF= zoT%){2yjCkt5g+>70m*IJc0VtoJM32vU!>d;@eZ&z|2Vbh-~!ag_8kvw2mTPUH(_D z0H(R0op)N^a~%YrjL`*@oda^74fqUaWKbzowel~A(>Yw1{Zh2utE9NGYh=KGom@0P z{lokB78-3O{r>R8gHRu3D`P<=tER?$ol|fpaoeVoOw5UG+s?$cZQHgrv2EM7F|lpi z&VTcM@4@cYR_#gmL7#Sa{px<6>$)52>#c1s_3eX+TnY<)bXa-T5ljw@1WHJYkU|qI zRp(C--v=S)n;EH^2nBy(Ir9gSp{zo7An8-<6Fn%?=+6DCK(WQ%p<4Zk7O6_028IzZ zbC5kSv@8q*pKj78K@&D!M8(=jrS$+6%<@oD-sGkGc*}d6tR1bQu`S5v%{Mu4aG_TyQuGbbIGUoIN&{tRf zPBoknOxy~;4xaqdaa2=5Q64H%TPnYZjZy2Nag_3XgVTLO%MgL?tE=bPO=}fZTEotd zUAA3!@{w?na7P%({V2GUUAZ0hIWp(nT#>X^V)W!)TLT8m#nH73uBrUpR-0k^V4~qF zLYcy%8y5v3J9D+LFD=aYr(1CQ%BLd9DJzzV@P+VkF61S5vbk>2^Gf6bcqhTOJ*CsiVueys%f;D3F{8HTeIr@3h6t8&ZZ>&0 z^o8VYN5C4YwiccALorx}zMscu|353YHmlp#Iid%ayk;Arbg32aPg> zNitc&unD5tRY1`*F_5W1axACY)j{96kj4{nFaR1z^r}QNY4vHlMVUjUsM*+tUtxu6 z=32{QVzsV)sT#v&_SRr+t^*YTu&uw7W{kw*nvtH#ly+dL2Ph085dMN}o3`?8<&kgO z_xL3}z`h8VM3Fjt)3Rkg;eTFav*`;{4xFC>bk`Gwh z-u~uz1l*n7aR1E)82RaO^%9@F{CoT3=IiwGXXlO257rGY*{m%P>W_Vwwa7Xv#2w;C zFaA5=<$?Um=oE19P&yj>{hCVvsoDo@%a=_7yvp7u6Hd0^sN4wW=9lVYvl+3xO*2di zzU1H0mMJ_!LagbscUsb^^(Gm;Vq}D5dezILYc3|65o`_5K85m+gLndQvb}HK0;Mv> z4L8os$HpJs6Zye z_yJV3QJk`gfD313<)gD$nwu1dk~>!os|#Pf6iTD<`4B-kx;UGXJZ2Ju59{^+ zkr#WzlIG2-A#ofjOy7J#RHughLuZIa^*f911&b`hj4>lP)F~sebtj7iDNtoM_eJOJ zm#TkG0=zI>P~ZdVY|EXvwu6YD3tC=Cy^kPG5(g%B1uAA;M5fu1 z>4^QTPW?cTSSQmosL;mkOx&$AC{uwP{sU;-3*J#Vv&no#Fr z6N*%tS~)#OKQ`EM%p{u|40=(~HqPC49t48Y>_V(Y{)+zS@u=;LQw@r>g|6m;_|N)D zmI$J(5=Otxpcah5I<7vskUFC9b4tG!nxsp!kX+&$uI7+n@#tKNK**OZg!mYqa7cPV|>Q33QchCHe zgv!RISAh`6=5!7+?XV_Vg+aeH>WQi9Nxe(Vtd~%2wWx#pntsZCoJz`Q3P*n{4)Kq) z+#;0-%RSm@FACZ^JN{8Kc@MblU zNh0f4`JwEb3sn>^*t8;8Pb2-3BniDOQs>N-`%$)q9?vMDG~8%}xHox>`-R+htQ(Xm zM1jFzaP82M+KnuAdJB$ny9tY{V6xj!7&cA3r|dE}SAVEaMRhXqW5vt9%uC;VOq%nT zB!mA56-rHZA*kt{FLSASjRvp2*nTs|ZW)TKnbU;6unn`->L|S7K6i$+!!}k)qXO@q zc)@iM`TaoCP6%RC?Ru`s7M|d=q7zf_bYZhi@0edLsLdyfjwp&Vb4W zD&yI8X*EE^x+h7ZH4>6ohq~oe)D=j=t}hV@7z~%RYqoZ{Pp*> zO5>l(b%#dP@~i?QTo`#OYIE{5Mf2>9_2WrZs|bCEBNBoR?(T!v#IbUYA z^ZCt9%qa`Dr<%Y@PZO``W^or^HLS7zBH({5(c@Y9J}ta?9W|uKu}m zd@|IKi3KuLG37YnwiPy(4B&dv`{-&_eyGW=V;2cTTDOcP??sYnQb-x{l83pLM8+0d z;%`x%U&S@)eA>P~q!^=fP{=wdIvKpV|5lw4Z=bnP#}t6%ay56^SfkXK0+X9a3=r*0f7EG(*5=gnHG9>~}`c@|?V0b1T7K$LZ{m4UvscXd16HDC!U5S59F2= zKGMG#Do0+lykibKid}1Ypx*&%F1j@{)BMaWQd!r$+!yHBt%5#=ZN)lu3GSp}>4Zz- zkc$ebbS@P0Y@IH=q1k9L)JNaDR>z&Jtz+pC(HQ|smm<7cp8c@Xq(l5>mAD@xfNcF{ zsh&FTBGPtCcXD(&b=IwPcqHw*MnI!Ri9*zT^sO{^Sd;lU&8`B`t_l4?7W;WlAwZMh zUL-kaSVS{l+Up@C-YUz5*>9N8JQmh$qno5t>eaj(-F*N>F?0UBk|ACJQ$WMc7N~{6 zbGU&1SVxUA+At|BztgvMm$%@}xukCF^_x0O22?w!PeWNr!KHoV9R4t>n8tKr*e`y` zh{={sFlmfyn%gNF9L$jyT0Z3_BL%1}HsTZH{H_yFe4I<7$Ll{OO%?b4#bqnrZkAaQ7Pb8{vgJUu(+Ze?W)rtllVzemSk#+Bf%G@wa{o2ZN9xraMUxW$O{%k6DeGOW$?NZ1^=~F zyvp3T;x?sP>ssM%0s2xDHeT4vvzKmQDssvqO34qdZYis7&MslZriXIV1$z>s&?V&3 zAvUNwV$S=eU2TBsn7X2@W^n#37^;!DYCPqz5ln%*kH0xS252x4y$}9QNu?)CYyV^x zJu??fUpD3|!`0~^`xMAV_bALe*;<>yDJ3T{b#Lx^Ng@3i#1o?$pVP`Ja46a0D1!3% z`gxX+`2MU6PqCAIO+iUqg@3_@UTTX`2J%$I6}Dm?)pLg5Rf~yQ<8M`aqS5reE*#Cr zBD)#s_;Z7$>4A4&?H}hDWXipG_MfV9kkqAZ5#{Jh`D&U;*dfdS#Bv|H_ka>m?a2?SJPyDKvDLr1-Cw>hpDYM! zghzQp2lsB*63K4?_8e8;e)e^}FReeLwA`ydoE+}=&abU|-`|ZVGl0-gHy&4aM>_lG z*1hPD3ixaK`%AD>v4RGaT@*!i;BkQcy{M$RMh*#=Dp#wdAMbrlt&cD{#Vh70=U#v- zIs(g=mTT&G}Gr^*jm4-sGr4FJLlh-F!qKHd7 z77T5@%9=c#$ES;@X3MHm0o11oJ|kIU{Co+|S>~SSKQImL6(HLovv}>2M{B!VA8NIH z_`Q6bUU%jnJot(7LqFuhy-#Kf$T%U1L6#Wklcd3ybvz#Q>`LvJ*{Rwz64c}0ZI?bJ zByjuu*MnOn{c9-itMpFbu5J_L627u!$G+jAQ%5o4%K7<;;Rj2oD6Zu*1ZbyiE;mp(RqiH6R^?cLOq z2*|S?m3kG}I%1=^El+nJYPmbOJw7_=gGnNpwuu-|_8H&}%`}98{Hksm=fm@C%1>LK zDjD{KC-SNYvf|PV4L*JY4N_Smr|}w)i}2&8o%vGpy{tlCfB$5T`Q@6C$V!a-iXYK= zS0@Dg@o=rviwD5x@cKOy0JcV*eEzsc(VcpOVmgztkR@RBq)l2tnHdM;A@~=-<9XHA zD%!u5Rpb&brI${=K`tUrHT|QH91CKF))mwt&@y%F{E_D1iyM3VpL^f=IXji&j?hD? z>zh_y<}xnFUxLaT^15Sqhx{B^iNB==M%J?O01Yf^dQAl+F&ssw;LR1BMM^O(qcGS> zy!}q%p}7h6lve+C5^v)Re_PZPh(w&K{P-|Tl-NmDJ+&IKcWNjc{8 zO0BMr`urqN9q1{-qt-NNc~rZuRKV}IgOCby`%z(K^9<$#x=owqil7JVy|~pTV=NfP z`urM1*nMjCnxwGD`L5$AG`NzIYZ=CGI?Bf3plb{6}$<9j25k3 zDY&L9fSMKf*p^+kd}I{W$#@Y{B;;LHF1*cnjZ>zi|IH0L`z3?DDs-O%%Pou`dL+6# zX#R*)_AYHiS$-gB@PJq+5`xbl#*+$Tf7j5?esi}}tGKV_QIX3=DmtRC*vvPi@FJR~4oK)JJ0p_|)qS>rir-G`XKTc#oy=H2$P9ND zkm?w~%gbwq`W}$D7xd}JCkM8+G~W@q8ORYeJDlStn`o}=4&otN$Z-E#v%hTOoe04K zj}rt8yKhdNwj~RIkTgp|6u~bCU0jp!OLDjKnT6s6<0x_)^uvxPb|YiS7#vmD7!1bM z86zh>PBDL&2QQz``5_jiNYUEViHhnMg>?ZKKbE%AU2I^0j^9=Ch`dTU9~b#wok#KF zX~)Og5TTG7Akw*&TH?nryHbf2Ej9^+_0-<$MyM}#MJe|4-h}U)8@}>+K#-Z&2f`zO zH^(-mODw^)cj4qyb`jU|?(c7&Q=9^&rKQfx;^ZE-i1FFK`=Xkcw#Oo1r*1<|H1<0g z7q>~l#9Q)%3G4DI6%b$Rruum8RL?0~q`$Q~6jC%02=`ZP^(9SxqRl+0>JQ}~Md4`6Gqe1|;G-T2<&L!FG@o`2yI|D2=p1owwRrIuzb zNZX-y2JY2QvLVWU&n|?dZsMDHvvS=phu5p)rSC@tHm8h3u8=H(pLi)uUmFij)l{1w zy!V;%y!hptrP-2HUHbS}mNeRce(wuEoNRzf5)YFfo{*Z}z#bU;{Zw_K)&m$tqS?ycYqH%f{R1-!R6%kr9 zry@rqWlfvk-SQfrNES4eyp~D9+LV_HnJA&_q>N3{SVB54N?>JZcU9)HvKl6PpH%A& zRa`1W$E6|SThI0BN@XP?+Cosep^LpRuoj}ta`Uk#DbCLN#4aDe^y8nO6JYVV6s?tpPOI=C%ncCHg16dfBUT z053T_t9~~}XXnui?hSuvlXcC+*f}A#(pB1+%Is>&M%(r6NjrJ`%r3J?NLfD{0$Ym+ zy8FL-X}@;9A5NOT0GDUC20!ww#+2_HGR=;T{p#h|XFqMJkYy45TPsK}zKZ4vc@h)K zxv8U$1{Gp2=P<4&t=WR)6rVp}YF4_x8?&fxE6ce!N5@8%6xYG0n``#Ruod)8#DcPBbvRAWGntQvZ1276KuP4l9 zH!LsO@5a#Y9e;qEE0AVC03nBuyX+mnjEa)OWRkLY9dZ!o+naYg z3FQsrAjeFmKDLj@<>jHB&`LFez$LJuNU}}V%StbVNL=80HzaDg>Tt;PRe|W73EU9< z)l3Hmn#mQK^pJTO!c@BU{Mrmxf1X|1y}OAd_BjrC8qNMnmh88{X2# z_iaVHozin{iX*f9Nl{pa{KIH!imH_t#$Nkf-#yW~2{QG_&IS=Lo91v-sZSN_lMRplHkV{F7m ztCGdHYa^)?yMW1ZF~mhplJ-}#GfHiK$dru|?NZ%)bBZKaBo;g;4x7Oew=UbaYoeb7 z2k{=~%*lI&iG^kBUJZ>WO4eCBOwVW*|NVmQk!1;r>>Pgh% z4uKk@n-y9dS|1_9qXXXPgun=J_q$2cNE{X&x^lI8W_lOa=udgIP9x34sv3J>$MQmy zg9C=rKb`9QhxuX@_N&P$e+^#zY&Oen+jaaE%-x2DMCG$)FEU#jm5A};Yy}d1n%ku= zin2goW=pFs;8Ra(>;w{+4yTyvz#2vQ4i_p?Z8IL^qBoVCIpd0ji#cOY7MV1kFRXb1 ziM_sZN)u=DDSeC7*3w2{R<{vF)t(M9VurRAH49M=dL={jxCh_GLjAVcY3Jo=^@A~xUgi6c%O`M^0h8r zi`IHa>Xn*}^R1J2T2fjIQ4P`IeUq(+_UCfs2+HQ|42dPqp%&D39i;OjSl5phdb=^f zK^)Ua(m?Hq;}&RRZd!D^n<5qv4i9`%jzwjQYctdW z@bhF4>9|O`YE#wrHm~M21ucG-j7K-?6>0sS!JjXq_!iex$rkDA6&VXTe70|Bnrn%0 zj3(kU+_c3rx#E57CEJl6TsWAtS;hvVc`jv|!pgsNKJ3+lEEW?^A9Y7>aX<3g=ruMd zfKOheBe0DpLxj5st`4=HPIoM~qCS+)DsHui{AzU>B(}O81Ur?;kMgffyX~-Gji@G- z-jP6ckT#TPh)S=nU&#^uZ?vJw8^hjjeZqqx_dEJV`Ivg9YuI0tJ)#?6h?4nozWXT zA6~ASUFhF|_)Ng_U_Z7R_(;C)`$Yl%vE)2t9nV=`8Ca~q5$$^0r4FF<1G zB*;m~dSdf_cXx9w0|(i1#JKuvSsMO9-M7K8=)Cx#MV{8f?IU|8yeEMW#mbg|OMd{o0FM*%LGh zKNn6(!#5K%kfMrsG*u#4R&%6aoHstYjJ0bp2DJKgqdg}_<`zv106occFbi)9$$!tl zBp^>lF|iYq3na=Pkwy{`aptb4QvTB0v|d2v{T$CS?y zF;F9`wj!hA9~XR{@s!Ak{pq*(}dy}aCH}tqRhGo*fk~EI=Vdd$zZror`6&}K+ zTP<U*h&~XhSbz%&6s1wt6&g+XgzXUvTK3Ry=b^=DPwBku=Jy2g`vS+eicCl-nXYWaET}@I>L{mP)LOEyg|oxyK?+UBlSD5>GS++B zlEZbXv19R~m|_xh19E#6(Wf6jP{S9KWR{@#=UaJw159sl*! z8(SJ1Q~#SpseE+lzF-nlVwR(n@laX9!9Aul7(y36dx}DgM^0cP^fhXTF=NEKipR~I zX-fn%qCO8Dbbpug#sSI0Cn>Icf}yK=KR;eP{sPd9Ou$j!2x=)ACojo_vJecadwc%) zP_B=8_bz@?{Qh=C8EHP!tuHwY^sTb%)&Kfp4Ft$QZ#?7wHu^q9AI~#4j~aa73E6bp z^uoEFT=c?;x@&*o`0ezTY2tkT=i5&g|0{}l!Z9XBxBFN(&h%0Z37S3+vHzC}k5R8@ zKNy0BFnCTXxiW>t*^DG(=M5lnC9HP42mW|&-KT05AeZx}{2H*g5Crk|Q@O&+<*cH) zO&F&0QqLdi&xG>hmP-_dlFV)S$xpmlFp{9*h|nyP^2eQl#K06p^Rwe$tM0|wG2^ki){Bs>N%2XG=V@4h2qY+iOFWEy~Qp~Rp5DTFhN>!HO{ ztiXvAu}rDwU^xaerNCrwdtZMk6+4np7;A_M1~4HZdH#qakp)U7)}{pckJCmvPt{{~ zRp`(_AR9- z3ACMXdQiLsc9Z|~{qZ3M$U;+pC@>l1yc|uY#*tDQ3wuezA1+O>;Gu# zi5nJ^kT-k#>43BzS7Yh_e}NDbal?6F5YI8b-Q1amMSX|{d+b6dsL8+?hOxq67@Sc^ z9MJQ@!uN;K#1%VT{G6Up!AFAr8JjL`eLx z#Dn^hxIeww4-ukIJnTOPzZ`6x(-2G&Nc@izh7v9G0S$^0m<>q?>`m2-7Ebd2#zAcU zi-QRMe{c{mA2uVaoScsmg>Pe8CW?`!h(3CmC83T(xZTVx?Y$IzznRa3hlUy3~@ z4z!9$0;}s03cK%Y^o_9Sn0|}}6XeNUUUy=4pO+6QlXb~ZDo8qy?Le2k{8Yte2Rce& z#bDwfA#`JHQ3w>Wf0FvFLsdd?1!x;){|T5O*&$N%AX&&1)Hv+kcUf{Pdq%3mzY(2d zunAD5mLT&$bu>zb<5%tCnIVgedX~aC-TyeP1Z7hLlC+`b*$RPomr_fbV&hQmU7O0SknJd-70CnpCr&m%oV8cebYpWK!}^v;(zmR^qyBW z8xY3&1{hxm3VZ!2AW?>V9upF`@(~j^=6q|+(ZbK!@JPA#8>jYeW51b+7&9M(m{4%b zKHaIj;`{hmde!^*ki)zG;RluK{dT2iq2QRt@cnXYEmWCJHrqa-;Mf4n{@~^bN;UNz(bxU6BIO*v6VNz>GXsBtLc<=Nb;?g zl4!y2sO3nfhf+-BEl}tOS6jf4hO9+lNCf@osgqZ5=3V?1`(F&S-Lbg~Pi8j2qV9!d z)o+*M<*iBzzzyRw-I(=_&*P=|7tjW9z9Ibn=>8uOVgFod0@Nhdv-d9Qssom(`nADt zgyeWEnh~W5krs?Kz4zDhf=zQ;6XZV@{LBdXyj&T1JbS`@?av@zIy*@F0{uWd!Js*o z05aaeceV3P6t0XeqkRtIERul-%RRo?Q90cm$7($97n7e6+Wixc9abY_j2O@YrVuky zsj7>B5f$3G^!QMe@%io8+)-30Gm!RDjR*-;Ui%=2X==E9StN3BBP{*z%seYFIZJA9 z5vMH2CZBKImv;3bVO)VNE^YDWfw^aGyapkYO%UD+sxrE*IhHV?Gj8iHApP2>NnUS* zHO(n@R&Cn`hw|U&+{mf>Q6vNZ+V#VA;%EvH>p36|q)GZp`jP*ZbmyD^CrF?m!_Io3 zM_?XFBBRE$nEoZB1aS)9;#VV(4965eL|eVE5GwF_yQpZ#z znV_L(R-KJR$^8QM;T-~4_vM_j_Jn^A{2H^=*QCWICg(UFdWe))^K#tRo9?4VFM%_~ zdNk4&U$gFzCo^xAfHDx~Y&v^tzS~nq$InMDa8wy9*%6q~XeU+2$xnxlAWh{UR_sXV zW!RM)*>{f`bgIn@jG5Nn`jfv&Ft$Bw6*Jh(p48owukDXHy8Xy+AdM?iuCFR5oH10v zJFDv$a$+GZI`*;z`@XPaah^zGjEGU=&1ZV9_(n%W1WV#+9^yB_p?1D#J)sbe91(*2 zBmGIZXboVfY|dBYQmtrbDDlm&$P&v@xfu9<%<6KXB06vzya}x{nS!0Ps6$*j3O|C@ z-lw5LR>6i^8Nqzn(nxW7S-dbl&{Ix;6dWod2Z`H>f0yLM=o6 zX%{1R{z7%m4;$XUh$|3G-$9v1g&)b8H$RuRp4e)pAKn*@&|>@Ao@GP6kbc=s@09_D zi4t0+!3fb1QxVG|q{HmkG_(c*d&D{?{=07rl;os%01|d`nqYE*Q?H#?VdQ#r_H1D8 z`Xa^kDQi&z6Ui{LH&*8<;_EVy4uGqAIQ$q)osJ^>Qjx-wzf*=ooUE4aGtgrwld7SB z*r@sR_a2(D$XM^qCwxnd9ceG(;=fJzR+6TZ7jBV$v`p61PXu&J&cRj=f+DQ%@(`{ z!4XB2lwd2R(nqj1FaG3XglP@2m-PFmp5rKtZ0@_;gqF8}Ie8#HPvsv@mLU6`LB5Mx zF)PO!A)OidQP7$}n7Viav}`3KvWL(Mq#w-t99ii8yCI69?P>F)XgF>k8t8qM`ge}K z)_$O|(JPh`oo6SPJcKv6p*x6%YycM82%^j#>BOXsb2H=*4mE5+XTgvg1W+n2Ga{6h zC`m>`d_TLq#E2)6#FPPDZ<&wKW<^4NdjTnsE2nc!0-)8uVEShV9RwG_U{01!9FL&t z4zl@QDO3=UEH+#$^d;I)$avD^TkpP&ge@tpP(&R*X~m$Q>&x?EMKNau_aaagh8YqZ z>A?ndlLtiVs6c*94*9g}W8a!=aX#uCOb{LWiZ5V}d*>(#xc`y@*Yy2WvdM$|l~s9x zgqrhLzBg93AHK6LAMel=-5xLQ*2uUvpnRWz--()my2+trEN#-C+zb?B^_lUnYehYY zvJ<(nB5YCr5CsF@$uI6H-wC1}!>2wLsM@h)j7LsH{gX=HJ93%_2Zg1lqMD&lMeDkz z{MselB;I$CgbbXa`zQ)*eNZxs{w4u010yAr6%GS4MigXk0Tj}ZME)_P9}vQ6%bml> z@np;*^&;0P0ZeiX99jmseTj4LelsEX+|R>z{2r810`WgEL`Ww8ry-TFwDSd8md?fB z#}qQ;VP_erw=asq3KCM@W!v$inTA6r#*hcL0R_-?+o#sc@W?Qbn(8)agk}R`Jg;5=%{6^C;kN9D&UJ}RW3FsU z)&=-S!((OeGR8pJx5)8x0Uv>{80Zuy6%>PWFi6S*nTd?MCZSPwBAS56#Hm7?JPJ-6 zhQ`9BoKjRg9O0lY7WwRghG5W8_huEW09+zt;CBL*%TJpPdNpBfFd{*D`%-!OoIbgw z{B7c#Y(MEpmlS-lGeFWv%zJEq5N~}lf)^Xcm41qB)17+5>|D|6}GNr$GLUarUo6@T5ylBWO@KoI9_xZluuwB&FU+{aLqW!Y-8d>iv~D$_Q; zewjm1&Q>HX6gCQE#u((3KsgjG&VNBzR4gWNZL88Dg5mG&51L_UvxS4`qeA5iRN`Wn zq1qNs+?Q6#T26-PEWQ_A0Ab=NtJ>|$0SKAh!_Z*L)NSf$rLlGl7wqIjpso!a$L;(;%=GC=JX(WVFc1fgocMa{mpcp8CjEs zgRDTwD;?$Yq{w{M2@DzcLa@?OTPONCU*wF5y09w)&xDy%!M#?7j#RQolh3(wJ>RYz+j8mWy(JKH&zgh5 zN~H9d62dV$;x&D?4OcQbZYo1Jpc*b;j)BDYroX z2o`Zvua694xRtbEtcn;ff~TO}egD!#Q<%>|P$sT}gwi%_hN6K5GLz+b)wS`hQTnE`T zomF5Wj3H_^nHaHSugy?nr>n7~Fo{=_T~*41l@3YTwWNdrRkDRZfmPJ)rF03nPdaUh zZv4THPI%q4#0~;LZ~tSAd_4Hz$*^=#*%=w(C8t!CEKt9=!rhr-WE?^8LdTVqU`kSu zZKIK^v8QmRC3TcKXVu4?7)#PlpFG-36Y@vmXFmVdYLNFc2Ay)sPZ~O;igJ>r7vC)p zMUW{Tm~O=JtkzB;mZ#a%irr17Yq11^Uvl#%PP%%{qM_>eWz?tSYFZ4oy|23yC%)w7 z-$Va+(NKn0Nw$i^=)n?d#FyoB)h^Kta$w3f4OO$g>2@UW5;!5}iUE%CCl^{cBcElO z8CG+f^HC*g4yanRU7xc9RL4?!Mq*E}p!w6O$woTH{2~M_t@qXa=hU8$>u1;cntcf_ zaBHDv+l`Lzkl~x)cVj&sk4q$*Xdzw1Z}U&YlSki@HdGLqj^wGaZ`atMR6h%*nT44q zY+xL0JiLlNED~A6=X$fswO>vC&v#R^QJjc`h)I#!zH(STod`Wd>E zl(H1Dx8hb=NYO7mu?&2fo08qFg5-16_kK(nj*u zAvCHD%AKiJI|6w+410!JTa2KlLyVhNMp%;p16KIWebkZ88t?*7PXfZ{n5#w4puvWF2Cd^h0w z55{~;oG9}TNk6^tpzl&SNsKU$OiLkUQYq{fyer{??U9I2aig8-vE}5+hc+^dIB$PS z^qMFblZG;i!#)SS8{oi9L438+(7*VQtq?NjE+T!WFb6DA+eps$3gDLlD2f;#Kn73; zzSMNUn_8($#NfbT0tVAHnQLQpr7rWwQR3uP6qD$Nwa>tPcHWG$P$Pe%9!DvmSSs-U zsPAWT2yXF7;srgoDtK5uMU<7$X?!ZxDPbh9d3HS-EB%*Rc(sKcmYS5<>h(QJ_>w3& z#V>cgSM0-WPpeGy!xVyBn(^o0UuoKX#RGv|@civ!*pySd5}Ke!?oobG{u(rwcfWTh z6R$>8)}v?Nm)%Kp&MQX&M3H`*t<11)bv$5jn*kCK95RI zqdcI_NVK+8uS~Zt9k;YvMyO5awxjmD#~os7>U&sqq`)L~HtzHFz1=lb{W zcH?|qHk^nJCK#fMG$b!3lk{eqP@WABq?`z8wjF3onn4nvt(H;=X*)zl8&glAVkRlo zXY3rX@ke?N>d$$@h9(@Mynp(+7`}@2!=#cL1c?3v%_%jJj-0=aiHF?ilt=q_zexmn zGx_&LYO-0$t#Mz9SaO`l(QEU`0c#==XGQ!#N8WK3QK z8&G|1(v0)h3V8VH73kNDps0{<1EFA{{nH|L%pAmRpVH^#(~soP78b=%?bTptILClF zULjXqvKO(sRu)K{fn=RT6T_23#;ShN?YI5IiWQX}8Yj(bYX?PfqYPM|M@GoKca*W& zCXJk93MWxQ^M%!?#TTl;$`<@Bd>T0Xh3haXJG=nfePf?&&pvWuF*_~0<`J5o;^ zUdr=sbGHU3gwQC>)*>7_Nvn7+(<$j!U^$FXq^q(_fS#A6vmnx1s%L$klwpck+52u* zCVC@cs8f5do^HoWzz2&c7&Or*`Ae+h+53s1$G+o%wB~gqD2(?fuoT^J0unMQG{&)L z0fwStVni05hPPOdTOIoE`;hR0GS1NYL%ce5$p!*MFMf4Nrd`a8?!%e@#^_?K7!uPW zf0W0c&W$>f7pbTau5AkKWv1{s()tW^={O%Wr_~}~r5Sf3i3!a9LwgMryAQ;Z=pA** z)eSFx(V6W;j?^w!@%+oitoZaKuR~n>ae2qLY>rqwq**Be6u>asYlBF)_%Sz9Q!`;_ z>22-Ewj&XO|c4{&7Q<(d5iAjrkKzRqZQ(6ng1MnO0V2b1i~Cte{( zV^VBVk}iF%y(xkBORA#xApRRRAWTDgIt5W|#%lG-@011i82!o^0v@zac36JVL!}t; zs%o3}J}7RZ*T>q9MNyB%KB@Rt70OBSDUKGpZAh%T%`RnJ@CW1ULa??agh^O> zi^6CL1cM!0)|rKg2-UjmHI>M!O)&vpuv$w)L_Jhbk9z@b)SfyG7ixz^l6Zt10Ah}d zV5rmI=I%K#51>U+W5rwDe=r-J^SKg+IIvU_f@S*AY);+k#Ppd106*1gg+mmD(5B#rD7nC2@^h};pPEZ z0o!a)y|+1>xHf35KT}j(gqq(2_BpO2pt%$j_BN6OJOQRaL@Bq8QO`7AV-JFakO6mx z=1p3F*1OG3*qZ?ArmWw^Yow9-4%q`?Qkyi5U|IfNgEP6fSrZ=jj7R+B4OSSK)IEdq z9@;h<&DQOG)W{S4y%C&9=qnt>v&nuSA}x_-yN7X~5h>`ElTwfIprQvub+i3`N~-vG ze<^jrQw&yizo^0~R2||IBzWwoo+C`t zv<&ibE}1uvM`!5mH67Da2G;uACSY(Sg)vCwA8pRbN-=qUPw|-MIBb+8OLcnp5>Kz2BWyZlerh;oYPA~;WVc9^|=3l*Uy#Xl%ssS=q_%A>T(?PMm4d}p&Av$x6X zZTG3Rc% zNO>>nM@^;uIHakTNFoZ)b;tDytg;rOQDb<^?_#;p_InJSPY)DLf~1u&Y!GyW zi1(8)_cIQ#f^Y;`XQnJgvzOJ^v#RGB!2IayubGrrh`ZreYahS(-w+rAnSr{n@O!Dk_h;1;=Xphx97T z?`f$sy1c7f^^|3*w*k+Z__wWA|9dju*ArkdR`2<_tp*Zi)*Zk%e*nnEyWR)bofs6* zgbyk*7xSyyAAI|~_7H*nYPLV~w}*I4(!gRI*GGnDHg4dT9UGC(@V7y3*5i|y^f(`U zO;uH@+RX@ZCRrrS^_Nu4g5cUL=7Pr39F_8e$n7p;Wati6onvNU`OB8f>>^l@K%TUL zq%ZWS@HA#HOW=aH z!IQyuMz;Omwd$JPr-sp2>9Z&jho_2i-tns)`TIK`-qkgr^A>II}Nz?54>iC9eCI2D!Ynpi!N zlHrpoNJe7ms6wr~D1=&1!D=$%fbm)-X?g?@Tfv>i2Ud_rm1W%IhCbsptvEf;?eA=`>8-nXP(t8Fj1nO zM2ju%!nJrBf7~Zjb)dSSZC|&6o#m$%UWt0j1tip}39*d5zxmmF+cV9d0QSb|z7JIK zJR~73G7h>kc>fhsSl!-EqJl#zdwHS{Os8i@c~ees;3AjW&@q0dE>F9j1Yi@G>J zd-Mg$qYz1Q+bH7;kQi&KxRhH@#7zTw6PqdOCoiLoOP61I!1M4JeRy*t4QoA@eBLS{ z33WQ+81zt@-BS8b;I9P5z`gG_vZW0oE2gJjJWWI~JabP#%*xEz=~VNj^_7(?8}MTV zYtlMZ$DftrnoKq{S{*kVYA22?R>1*BCNmij89SAKM?yuLJOp~lHx(Wbxt@qxb>4{y z6;Zw=-zSi#5h`r#$-F$ohZfAQ{BplYBT~klL5r%@x3&Sn*O{3{!)$RjX~QkLRH$pc zFTuiM38b{=a+Mc<#OQtRfoH2ohbv;RcNnm99MMjCRkU{yR4o@N($Q{zU`0_o)vox8ht!5dY*~r)Exy0EgY<+eQ{y$B)TIwG0wPvKDeX zc2|V1U<~v8JWHlfK6l|N`~nO0D3;QZx`07cEdEwM30`dn9jY}zLG&0#!Sw~6x?w&6 z$5MiVMklm6 zV6c3M8(=aViv8F`8>B;ZgGw4rAPvz?%7X_F9;kZ>eb=D3I!!Q?(y6-#`$Apai^jTU zu56824E>|pfBF)pX0&J?>Cjb^by%xxUIv|3F2i}quUUIGv-(u5KNjN3kkK-FOuV~& z1u&1!O5v~MFR8t7DzVK~Wph$l?U3#=x+;HbiLDaYko;~*v`L!lg4VV{X_n+-i}F2* z^OmO4orJr-mun~Cf80s@I7c_`C#g+dGOZK+Jc8ywV4R<)P0JQ zgU6PMl#sHPB9&Zyij~5(mTBY|u9iaOJpIb7h`}mzP!*=t%1;%&F5G<)C2KxVi5f?6 zN&m{R?d^?bveZ`V$^(YUvYo!`V=UzvWi)kny|G1yEsccrFW04)?J_B+Q#I;st@X;Z z(k^eZLX8DB)sF{Zs8K(6m{2=M!!PpmxBsRQBSe^s8YA!~|BvxlxBosl93AfLzqj$+ z+%TIA#R5viCBak9^E`*&;`3R|F6wsI@rzs zZ9L6)@w%I@aQvbNq4mAKl>OhW`*lz^h2PWQ{R(PcSQBtp(%nA!WO2or3<_^AcpVFc=%R>I4v<&vf2=f1|md3t;4lI_pl z9-zSSJVz1>B|FjDt1Y0Q_%vhq$hWiQnbkzjX>S#Dd%h}CZL3U>>=hH8t^6R-ie9%CGsBjJnqO&XQPoV~nGp%_9>>9}LRp3om(g;t~g`k#i=CdY5~G~xe@ zM>_t);px$MxBhSAxiNe~AEP{5rFhBwX%)_4!7y-%=YjtyNP{Vg2w<9jcK(zt=DGiC zkOP;F{NdGjcy7{hjgy2(u0{^ACYiz_7|T7v3t-Zc$0s^!T6=8AlHAaEp z?*Qz;dcL1$4f&sh{O-Ep4A^x38;y1R*OSxJo&I+#kLCPFwp6rZ^)p~w`A?)ZUIbJ^ zCN``l--S?D^KC+;Z$c`Yi>203T`@rFDVT+8m>_9}u22N$Fq}|l2S>Z~^}t=Ko4VVA zcM(PV&$^4dHW@1!*YF=W&-mrj^GE87^QVu?7uhO4%m2tBTL`mN1SjC`vsGTaz+avx z@rxuW?vfSrHx#cvD(Og?v-p~PU!^HN*Th8-u@I?Nl6UFbAfA^u=zHMjB%7j;L>y<~ z__HJ_z#J3ug}vkw#S>6E+AV{R6L4~Te0b~taG6tZ!L1g`{fKZQ{fr`*U*`o}^5*?2 z4kEkfR-QH1|2*|14A}nnzvF{b^Zs`i|9v~pEwBIGFk`)chux+BM!>M1A z$YMPDof7?2ZnJ-{rjRA_e?cO>teaCP>4D(TCCK6O3TBUzWg27rUe|+qZype0; zgaoUS!-3zWy>$1r0@tRcfgcMPlb+@2O6aXJhWK6m41gd`&!dBrb?DXIRSwBZo|9lH zQ1JBrV79kCZ@!mjWAeWS1H4iHcWmH)pYHDexAS~c^8ZU?hWA+p*2fKBqx2Heo5ZcK zgL-cO)_Wts-aD!N6+Zptzhv;-007=3{}0E8{m1BdC;zwdv^1^%(#YSc_57`0ziid^ zL^U!iT{kD-(?1DmWhLQiA- zYbcr&3apph*NU2n9Brx#Dz#0oTs(T*`@sDW6tjiDU-VW@87R+Q15y^V;1eqw-t8@CtMNs@&qmX}l;E0kytX3!E9^zwV1xh9e6 z&ckwrk8JV$1Dr0B^!4Ovp@!GYu* zgxa&wYN~0pdoY)TYqks~(7oIg?@;ps#s#&~nMDCwuEmI*;`*Fzl&L=aBw;8lP^ZKK zwKYrh7Q#NyY;=2Zw_XD!VUJRIB&Ln;*(Acfxx(!^OX4EK?6ltk)Ucyb?86x)`+k)a z!I~V&l)7`0b1q;j2Uru*L`!~gI2Xy^a2ok!FE z*IfYU*8^6CynYEFbpLlu<^MpB^3+L@Un=G|Wfrs{wYyb~-qTJ<+$^9=dIMu<^3^Mt z^)3sbauGni!0XD>-BN@#Ql%|Ye@i55)3&|ZzO!2!DxUuGpQ9i&UjaAB|HJW-F8_~C zj&}AxTX`ywok-Vy7oOBsQyneTE+6+7vn)sjRz&$8uQ)mRrb0kja^5xZAS}oqbmkaF zMOM5ETk0yL3)MZ4LRq;MnrVDa3eL-%6%wpxQ9G-}UD4n4&1Cxgxi8H4bnp}STYX_+&<5fSh7K})LW!Avf7$fPVK5bKDmk6(+?o$XlIo7l|O6m{{p&6U&sD? zd|>#09*jr3{oghoy9i|`FRlQnfdEy`cVEgcXARGlHT_nqo2Dz&LrwNdxCC3oi*3ZZ z(0Hv0eX#=r`o^EN<^Pgx6MM`5@#y66z>xpPJN@rgp31YZzckN7@*2QC;|=R9$zYQE zvt&8cR|a;7_)atlMtmeobCqZ~bU&<|>}3dj`4BJS-WyPwjm5QaOzK!LS0DV9Oi2|; zd-KDlYX_Wj>v-gZ+SiJnhUEs7-5oim1pcO}e4egv$#h}-wJ6eqvT*5TQ~6TTzAP+~n2)%U1?lC4+}-x0O$YW1 zNR~qs&!rNKPiiPW9WkyAZA&cI&KzepUbFsOW*g>@2F#Ra3k{&zG)?4OoeM3Zocd{( z<%(Bb8>FPQiRPHXAcNV<Gm+J~kFs-R=xr)j;AC|&T79wtv0TKKz)wZz^q zH7a@y1fDMlY=POW3A;66wP4_<|1OM&h zbQk||JI{@Y|7N|6w%LX1*Fr7LH7&|OWh{Mrnn4DPAluOs+Y#4o@cklh=CClc1}Om+ zSRXU9og0l{ggVgX^bcaPzr)x0o}UfM|4L_o#{2(ME&k`>=-}{lC;zwc+=BeKnd^Ta z%fK2o{+nom9UAEF>H74S|5q?8&`bkov7P~%?Egmw{@dxvXovs5l}GmfYCw0E;Cf2A z?heXOlzc>-C*fH+BG?LIKtEf_v1Q^<8>R2Uh(He4s;D09jhDe$vRuMAgjvpa^W_`s zMReT_G(QSZIBuGKmc&JXVwjyXJQd;H%RfBt8d0v)fwZWiz<3C`gR-QlvwUo?WHIzT zh6bvMBW5aRVTXQE)KFcC^%nD7ubE3~ zE5deSDwHigRu37TZEG8RzEQhiC+7=TSd9c|s>cFs&Zcsta;v-GYB`x!X&4l2dee;Z zn~w5gw^jT8pRW5qe*vQfW^oRR1kjEJ z9~LkM(-n$Hz_~P-y$j|r_nkfPa)ELZLXSjE&lfO?z&uK()IJNv^ZVp-tw2{0q(QNe z-Uo5$?1320$sri*ry0CNA7Mzv+CK(9_&tuUK@yXkm?ecym!C8Fco* zqhz^EV({mq3lO3#clpl-6{o_D1y0j z&(A-k&OLt`ymRjP#WHp7{jakJ{tPmdta9-5@sr%~(=5RUZO2C;42Cpami+ZCO3AMC z|HYHD$IqVl%dkTk4fFr_;7FhUh_Q;=&72j`w1~^Zw<$efxHn#CZ}y2d_gQgJ}YSFqC|?J$yV`#i+OjoF&^wpYe&3 zA*STf5ie1t`zBnXBvdwj&>6&Y@2cDsMMsVf8WtJ>KUf|Jf;|Wu!l@gBgKgkNrf>_iZ#aMNFiPg#1?q4b zCDS3}+dJ?_!$-fKJ^$s&Z@>TIFGJdE%iu5EcMIyVp2VckAQgCl~)Rzf9hvSMeG84zS2Oeihn!=E84M|~SbX^^Qefq~CNHTyAycr-9_5BKEFdR7d zfCLTr4qk%~0sf2|KE#bFuCJYYrTWg6P=YJQJ@QDFVU9xv{38NbhyLc>NoE@O30~q| zFO#|`o>$BT6c<@CB!l4%nHPJrlAc#AARS8Hl+g2#pf~Wr%Y<|?mPkdR+j?#BKZKWs4A)D)TdJ(PfYTS#9AVTj^*rP3(#9L^IPGlKwvN6 zjO^a&jCiZjd+URru0alqLVPuV7ODB++xwuv@|upV4=9QlNI%*C<4n|Kvs6No!+>CA zpU)FAYeUp9W0|w#kZxJBC|uh3>agNAvp literal 0 HcmV?d00001 diff --git a/assets/kong/kong-2.35.1.tgz b/assets/kong/kong-2.35.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9d96cab99e381a8ec7d79e3ee0f09d03810ac18a GIT binary patch literal 204741 zcmV)0K+eA(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcTjVzKD4c)a{uDYU`wZlV-3!a& zFHzg-ZY^%hv1FLuNxu90sC2R9OJ5jfHu-JXeKKInC8<;@Rh8;;$Fgbvc!moRE$}@3 z>|^{427|$ig9G??Fc{ST-P=2S{@LEa;fuY4=g$ug_dgr#?e9H*@fjL?l+o0FN-l8m z+2Diws!#5B@`JOC2`nhf_^^jij0H~FG>WkhDTyfS$D|N+LP;`2IW9y-iq>Wc<#~!1 zVTR{qh+ea7ie6zs9`K^Ic|lTwInm7}5%zFSzb6H!EE}Tx{T|M9`)BYxIt+RV$w`)w zET)7Hdm)NhmQVo=a>m89ApGYvA{id1B!PC3BLA z-i*mn%!J7Ku-}(6o&6leY~JtDSi&-I`11(Q@xNGxA2_^E*h7{wobU+tXqiztDALEA z6T$oP>rlQ4X%>emE~X^PvuSURX(lkuNC8M9b4=4A5(Lk~yRZ2Fss>;&WZs2iCVI|- za8?$vLbVy>l!{q7hT+L2HmDN?A${4gc>v#A9PUTY52L-_znj$m_-XlZ_51+>ec$^#z4&&!94)+Fl@HP3G?2VJXubw~0`(N+x zA0&7(Ns@7IN-|PlAf3UwF?(K(rU*GKQ4G&)o4_-uHAMPD~wg2T;hvDF>;b0K_ z!FoD>VE^Cav?Tna34lxY|K9$Whx>#2{y!Kz|6~7uik~fXLMFIO1yV$SCaeJQ?HNbk zk#vsK+0c{i;uIGI-Q$8v5sM?i(3qfH3M2`lnP6za$^r>8&r>W2k9u3ZEi@vr7B9C@ zh)zhJvW1k4q&SJ^M392R8;}`m&x~Ak%ra51G$lp7#g*n%h?nCKxKh2v8_HvnrZ^+4 z%lA+D11Rj6{FC-01!dih6zSy-m;WNPg-$^@Myx;yiY+LY9*J3TKkidjN-5zQnrxCE0kp;{v>1di_z zFN+C|HThwKppl2r8#&pbqIthJPtByp{=?lbwX)wJbXoFs~@l*pxi zb+vKy{?}e-_mZs1J5gYR+zRQ2FViee%LF)cjmk9D5>lz97Q>*+vzYe_G9d-YV$!$L zmeVZ6Iql!?MSEZMw`|Yh{azTe0+43Lb<8Sl6sCxbjHw&wrwGwGo>q^CaDu>45zVNm z!!c0gyO?DfiiV*dx-e#pi=&icPAmYL4^gnU|7A3Y2GL%iLCA&@v@_md!kE;Ka2iz4 z#<(!g6h2SLgk}U*=ANbHoG5bu5Ez#yBYMD+@fU>4ovv3!oq7d(x2RSSIw?6R6v*Uz z1oCv^SDJ&G>7o?!s zw4Y#s!(7TV+;-QiXm^MLwUqMgzs(CWq3;xRpoA8P(|<{j>bayBSO)p@oX)8jqW!}c zZ>SpaJa2v|=6Ty!d#`A33tirmqM(W5jycCMu_7f>@|h)z`sqV-1I0MGLqB@6XyE}s z^BnlNUWz$hpo|I0_Y%Ts0R;IlBN-~WJx>&L%n?Rb?OjL^7TypAoNR4FV7d?y)Hnj(^kf)XwlLNW?eW(g_KPZ7!Pe^Q56fipf~ z#T-a=t|Wc<&rh!}FJ9e#@l$ULk?fupEQ76BX$aNITlTG%jL<@19nDBVjPy3gBA(f! zl}nZZ$5)s65tP?)%EtXUmRkcJL~_=VCaa!*&dHN4a%`~bfarU8LOA6NMvfC@U&bj) zh`=wZxrI zZzZEuutAt+W;02gz^5o<#axL3L?{YxF@A4JSxq(=laxI~=qy9(6i;{IB+~enJ4Uv; zcjiPvo>?HN>dAK`<>W!WiFzcv9|Cg~c#OH+ENn6fEN4@MRZ58sWX1wp^cAcWq(Ix2 z9-c?<{%Z$~NsQ&OAe(F5qUS3O$Os?236Do|uyQ&HgQ*x$)#o7KLlem$IPiL<)dUW> z+nCLBEa*5Tfz*ux@=l)8T&`Il8ymnGc>sVXqw`Q=Akh=+A^pqkB*piv7<%9(hO#Nm z-rdT>hZMJY!D7OtB!Ytd05~ywx46Zze0rO*=@9i3a^L47VWs5ja5}7fKP~B!Hu4a{ z=`GHeHiChWqF{ypniPfYXT@tdjLs&`D7xFgximz5=k)6L4ExfXNfNjewc?TsHkX?W z7$1#YPQ+bfg*=NBMtJs2SVaW*m+nwACQdZW4wfeOg;?Y?mb}w2DE&pAmQyPCc>($W zDN@3@eJWUQ3n|=tus-bG~=vpIZCCuTMYaBG|-F5|*N z6m%?ii~QQOlt3%3OTet#r>oeI)cSCqrwgO9Dv4G0CuMC{4f?#N=OQ0Y8W zLXre~M;7orPASR6t+^57;us#t!JIRkz)5)w$HW_)%hee{e-b=kwiSDF97|Lzf%zS` zhYtyJmV_2d&F2$3o#PzzE&T$gX?RB#A)q77F)esVvk+IUL(D6Xp)<(P4pOppKqdP7 zKN`C%#+j6MEjHNuAs4obPXRZRz#{VR-uxvevdI01c zU?`o}7h;}qbi(30Dfvs~4rs2rkuV1{oLxPo{?)E5?v#x{;HkMtmMpwx_=9KluYduC zQ+tiQEsuhY*=eB*yQ_ z2;j&$gE(zAMON_;^Z|GYMftVP4RCEJ#?8DdnPA^Z`ELGOtEksowL&wQBjAEYwS> zr#1xLN`10+m@Gjl<${2{&y$0pvFgIpTqPWrR1GL&gR`9|832rAR=1#%xhkG4DPMjw zXIvOo=!!JnXt*ASwLnV=&~7F^GvWtK^9{Ha6iSWuB^@KuDG3n9)N4_##Udv|biopG zrIgZ?;p7{f;w&b`af-Rd{S9--sI~aQc9fpwEedNHCJH0c_v^Q=*mv z7oda!!@;16D5y-`f4!P zQ>I_D(Q40?aRZ}FueP?H%K;k0w&YWW%q3~amkx1A80PCCdcHsSYG7>3m4u;ZSE;qT zN~;M9QgX0;1iL60^{{O>gYj8q`bBc68od&=&xTQ)X{WsaL|e- z^W30G;9^PyNT{|axq9$G^Th_A*_E4fQl_r0;pTj#0Si*hX{L>0nPkwX=ify7rP1xQ z@%aY2w@WzqNK1Hd@ciQ}A^fd8h4y=9@Q$(k_y}oNvKULjQ?WIPXo=)|Qm8k^emEoO z$Rb+_XK1`I)DdcNPaXy+)CPEv$KYhsOO3D;&)_giP#{ts#f1ne?s;|kCL~$R{7so9DM8yEO%WFb&89o%ld}mLGchyD^KJz}*;^`Gf%-yCOw9_}#@c*WNwpWo zrdNqBiW1G~qAdtKLT?p0YQ-2V&Qc14o0JNx07qh$O%ym*3U2HScVBU&ZH;o2x(|P2 z_RakvK$ZfbqJ7;s>f&JL22q|g7y8}<&YSa*SwXp62A`54fG8Hid?Rg~i()npMam7< zH5QEd6CPVzsBQ#e`@~|*Ia%~&P~)g^LFZV^B2DsQHbi}c4JqErN0LL}%(kbMt|jq5 z!}kPX6thAeh%8IM+#^4eTQ)-5XL4FnE{73}v_{xJeTQSwzXJVq$98`Mhj{xZ4bg}T zEK1%b3u$p*GXN>aNJ%8aDcsgZ=uAizKwDN770Cm>VC8fMQmtf*FAbvW!bIrGNn ztT*-!W?yIPdzy7V`gCb_s<)h$?d2|}pq``sXwTT5c$vdN0fg*A;D(m9UZqTZz@`c^ zmt0C+u)}4l+@z+Pt}Rrb@S*1D^$Bkw;Eu4PTb4DH zHN@>LWmjo@@`c2~7jO#PoR5Ii5=OX(O*!~Ll1+fdDU0uVTh75JPYP{c1&G?;q^++d zG;H_mE&{WJTAG{`6IRT7iZki+=N_jtQAbol3lfV|n?Tf{D=VTpVs6eyp_Kr#X>SXx zCY10iak>yHEP&?=|UN5VK5R!0Z8uJ8es(XK#Q7^x7-|GDGv)N{~{y* zqV0G_;ya~`R=SNE%RNm<@r zd&|8xi}B|CNf^x81UW|l5VSJ5OHEMSc~4lHvIoGeGkC}Fss^(Wr;@4~$r8(}0$^6V zkAM^xjPvkcEFfcA~WrWQ-zB6VdaHOhg`k`Oh%(Sid(e3WDco`{wv+r&6AP zIVd3l2|Co6?}R$Cxnd(EvjKf=v*mVV0lRv z8J@!htug-Ki4=qcxSe>5tai7;f|^12^BC%N@+5o29SIR5(v1J6XkB6hLV0Nyl)LpUF>wg;- z)^&wsYRw_b#N)>Z$nDCMqd#w;wz&!z+Sa!(BvG8sdhFscyC*vzO+j1P@lz^rP2?y| zUf(}gZqZg~N7ob#P|~ikYSB zcD-5M^XtX=!fE=+RcPfNwB|ZA5fB15coH-Kq~8rHF^A#WtCK^_9 zdeuns_WFlNM}=99W~*T*+U7eABT<7q9TU-IA^E!920-S0uDxXB0l=%UFy-4~=jbRQ zp?6QWvQx92oP}SykGjA&DQ?|PT4=Rb7al6tCM7`lcIC4xbzHhuoU^N8!^|W_!)2zX zEp)8J+H|q&3&X%*wH&JCdhNoTE|g@fh#n((ET%-cse>kFM5EpodLviXnn8SUI72wi zXBbTg7V?0_;Gyk^*L%_aV1*A~%(9r|Kr{+;n5iHWnoZ5K{+4GR;GyKl;herBm4yau z2E4Zgl1I~*$EpTe3Q;JP$Q1>iOlYihrpiCBA(C?|h4+k^{jlq zVUyhx-w8a?wrbI|-=6%&HEli-kiP~*nTjJ%8 zG-(dt{a6P=E4M$Q+d~X;Z%efU^FB>U$QN9Yx%IZG+~xIswezhL$?k-Twz;0u%qoOW$&WkTYNxJ)J4M1MXqB z9+SOd{5@AQ7^2z>?mBNjc9c>#f(QW}6+;pOR|RgWU}Zxu$cBYW)PkzhCn7cyeE+@r z1=7s@+P4vqeo%uAvePkxXf!%^ePe)>z99%dKm~k(rZP){VyeGvN3pzLH6R-ei zlE93R$0jH*vsjc$KUV<(KSe+7z}Qq!9Ob+uUieR4a#ka-(cxRZh%ZuJJp%VRc;tVi z`CiTBWEU3wla09%5`-tJ>4SUTtEj+}C-Z`YWj-x%;%2Wv+eMkFJ2v-enL`vrUXZuy zlPV>Mg~zy9AK-*$l+P4U#zhnAQ7s#T32t&={F9AQ&Jso3wMb=7Yz7r`P|gXT*=!6H zh*)A!;^~YF$^eV6%Q;rEkoK}^N#CG7%FMm7a<0k?a&JU9xhN{WG-i@8gc8VWsT`4k z9Z}i66kpY-T<;v`psweqXkY~Tt)ky4M>CS<;7F2L3eQ*;Lf#;K;HWP-)uhgC)cY$c zE^`GA!b{ztH67OAo%gt4Wv1=1a%D`m0VyZ_lZ}sBB>9G@BgG3gnLxZcNOc*@hz^zA zMgLo(6?U=>B-I`?CYTs`5LBR%$&zR~HJh~{n6pe%h;sUqq!8FIf}svNvUwI2a|GSi z{)JGSmqWBS7|iXHIhn)ZRE6myz!Tw(?+#l&+uQ$2efImzEV6}O6Ozlm=TxOu;lv$d zB|q66lpvfcAzXWY%hO)Ls;IjH@s#;XbkzSdUb_;Lv~coG2mzvVB{Hg;2W!zaidy~h zL1A0clalbVIvmL^BmW!7>#5%rRBs?s=3=u|Up3RfAeLxuDT8JD?>`k!(h*(h}p9KrbGR=yY1_7Jm$Tj8sEBS-Xc^Msfw^0_WNCJ zl#(;_p4H%b?;OLk`!Ga7-)6aZIyO+>Pv*4vy<{5t2>Cu%rmuU_{!D_AX0Ok{XMK)~ z1Z+NcA=&Xj))M9b(RH$b%uN zRb7)Ny{#$}NEPkw?v$w4$Sv0vL0|)Xn<2g~$+X0u%TG-7?!Z_Unzj%!$C;q9jpLQW z*1tm_aAJ(bJgRgFV>HrG#{{KhB2bxeA|f#80uMLd-Zl+|2@-a~gKZ$O3M|^yAdS!j z*NwGXXcT1Rod_h9NE^ziRlRLov7MTRXeP+2F$`h0nls43)jCkI%#au*LuICu@g(SZ zv}cVf8tks0YXe#Y`pUW)>5Pl1y`k69)+dz5l8P3c&eVoiKs?h?PPKvDZGvmBde!}t z$@UZU+&ihD7S>I(gx=Gn#A)>r%;*6Od6O#arAE!Jx?n_HNhdBC8zWW=y~ zdHQq6thi;oz^_>f7rN5|XTl_x5X?2J1`bskCASm6Nh*?|c&iivhXlknim*xCls@lhK{wQ(UEi%Rh#Qhv+tXnqSL zUwBz3&kWzFr&a~o?fRReW3!u=-b`p{V0rM;Yf4eCe@AS(JlPd+FclH0(pu`T-65;= zA;$FUBoL|YnEezY-rcj}569mfUA#Jdb85^f5@x6)r@ZEnbfmTQ9a;1$9r{U=*&JV9 z++1ItpPyb=DQ#TQ^a-=afL*f6(V}L4^ZyP}a9S2DC;e|okMGh9p}q+~DqC8^1I9gDbi%0GWw#SxXr^K=qcwzvv)oOY5p9G~ zhlX?V3pyvP6gpqAT!X!VNvCX_SiB}fv^VJWd>=xaKxeCA{ylS=*)tezdkz$PU;Wok z4PxC?*ZY9r$!zmRMrza%ERcdS%!dRy+9oR?;$`Y640B#Aw z>&>hne8$pbi1u6#={$c9c2}Ix^=1V5z<&o5`n?*GRf_qH#G+MKYtT2AlA&yluFFg! z6ul}~nLp#`?4-I~t7`;#$!Cx>u1bBY1#u*p;*Ny^2hh$=j5gQR`O(#x;}YA|E!+gK zb$YK~5vjur)L@3*j!;3Slx1LvVM(dPK6eaG3X!^kUq#?5AiGZNiLdVCTyFb<$^+3( zPNy3qWpqd52Ce$Z*DnSZ&*|a_)Qm%6J9g{+M=?XMChH4ZL#iz!e(wJntaU8o`w>_)Ygb1iR zpaCcYwHXq~&2U?$iU=4hwyuB1&Dq`D7{)*`G!wF!V7$CA&Ml~ujle;Zu~d0kb0Yh7 z+m5uvrYRI&?W&R=uoy!&V2f7YNrCFl0g`(+Q47;|N9SyMjZz9O zNyc{tZENp?%D+L!lhvZ}Crk=cupTN`lG7)y6hvog4!)XcgDk3!Hb9fQ18v>Pa+=Cg zFkbxT(GfS&nS2Ce|H?`_btM`Yj!}!qm?>HCb&%;>O>xJ|0Nys!z8E;HoLTvx&f}c3^)jh)T5k zz%;37|CVhhdESmr+OPBkUG~sLfbv}BHl0bPtSyl5)#ME|-h5KWmCb&FwC6S#t?cth zeb^eW0ObYtQ3D?V-fo-)S^3ne} z*Q@U3j&XhEom}m@GMp(6=_YJ9uPS8ruTPIo-ke7B1hV=3aCCifcJXTHm^GDw+D=4` zqcV(QRNyROb6ENZRwQ6=?kQbYvLEe4#CNqxVO$V=#~tIjy>`}$XyiKO!$nbV%Yptb zPiag=y6Bj`TPah|-LI6{|Muwr@MxZFfvc9(4|ph8$OSG$2oBZZjHGkp{S-dTNERB5 zg_MUSCrS7)!y-&rNW+BndKE%j^YX|OPKg&%FLjE3%12d#cm2q@c2jZ720Ho++B-l} z?gnR_rFr_5KU@E+!{^UIS4r=+&Cy&WY51fv8E?A@cz29TFR!}aJE$)9_MS(3d(j|F z$e7|R+}jI_{Xws0gMsg@hFIYU1&0UE_diO}hhrO)ArD4f8n%E$Yg6mW_q3h%T$!z9 z{na%G5$0_83D&0gNuCWq>ARIP{iwxQ3{LbcNNMQ>!zZ5 zsj?c~{12mq+>?~$q|j|w^FL_z2dVugNX@R^GJ1Re>nEc(n|H69znSu7BIPS-&B-9y zPHbvXbwMbNLE~(Owcd)9SyoGvy2ioWI_fA*wSMim77aCa{cTl>EodU~Bgl};YS=z$ zSG@;J#hDTJx6lumR;jM6Vhxo*Oi|MaT}qkvfhujjAkTEg5|j{} zq%6KuGe2{SP9ljGbMtcYO*Lrj2ZEY0Rh3g+-%}Te2VVK-K*≠`P{7?L!wAk%Q0% zR){K{X)6G!BDX3F0`RUGiSM`{08!nKx0Lcy%O!hL?pkazp)tj2l~D&?T9*MBg}#)k zyfp1YP}dHZl{o2bp)yZ&f^{s&bkS3PkMy7RmP`emU$Zo&+4L>6Q60Na%w5(TzZ;ds zRBq$F!Qf9p_4sXOGp!9#AYVDgDw`iwVcuS})g72@Cdb|uk{bhZ==@XCAB3!9jxr+Y z1{aH6t@&E+9hXJAK;uIB`aux&v+73gS=4J@5PJ7}>T*y0Zm;!T={4|f^g3GhwrZEE zmCG&!K{an&z57;k+p2P3t4r6wab!`?)y1fP;o5oK+IHF6cGcQ`(b{&+3hUzBgx99n zxFugQ!{6fEfB~0z+tmD*sy>#Tog33x%}+mdXQ<#E`{>-O0gTuc%sNb9Yps4b`uqg%<+6e$PG_s!+v|U^-zZ zc}L>vQW36PI2aOBg4@WVAs*yY+WDDCMvT#*=kYH1LQ@L=wLQ;JoDZdz} z^2jU6Q?6W$TR#FPGnbNbuu0*AY{D4lPdO*&&u3vMNBeT`@EN3iA%fTYMpN0jUT<|Q zG1-5PAF@i4a~y`MGQ81~FW{E^C!FCdNl6jPH7mjTwiH)G^c<+|Xd=&Nu`rX+Mcg6i zZL@(^mnnS(1Dq2xmXQ7y*1d!{OG2Cp8k#4)Eo6Q*Rnl%)&Qdm&B7tPLP`O?d7%C4p zM~SwrpyJ^BuP@PFwD$~l%jYK!>LNQ&}6QE7mpmY82qG|#dzE3@PZ?BBYg!?`Zp zw`2f*T|V;)L5+L4L(deG%b1SqP|l>d6pY7M3Sd@6tS*8xx;Pq% z3W_?VsT&%1PjPR{bg`*wx&tb&ND-4vNbLdwJXD#}i60ZKz0Xal4rgrr`+ceY z`A^0~U?{`5th=F(N3KCAH)S#1Gp};BYu=EjL+W@f6I;SsJqQ7K%AV@tbDhuMVXreXJGlcen{ zx01d6eN_9tw_>F0tYbymXip{ff+rU&lOQc1PGY$LR|S(Rr9BB1S5yA5C)SuA;~bA^ zN(D8PnG{Ba3DME{d9UXLgQJs+QA^SSSEo!eZp=42LhoBzaG~Cq^a3W~j|#2e>OqKt zy+O1$7)0{FO4)QAeX7{)EMbDXRi7mXQtdgxMLZ++0~7Ve@8ifAs8bf>RKM?f-uA5I zA;DaPdyzzLDM)1U&GmZPCi#YCR7!Ncc1O~Y*9uT~Rj|2yS#rd3DS@)0)vdp>Jm~_k zQw$*W*`?DXnDh_IJ*UcTp{}=$xf5-h*kNodfN8@y*vofz5huitv)aga#k%Wk<#u|Z znO^96IkX;KfYy7QNBmswveGEL9~Auq-e(L}P87 zRR{XH*C3Ql)UC&iWvnpLa5a3jB-aE0(`@?DZUE}s^5eP|-mvL3ZL(++`wpeo3dAN8 zsTqB9bPPs}(VLsA8pBW-iK}=*y~ULz2V5R2>$~Fg%CgbZ0-#OI?ku#`2;jzxWcNYU zO2v&X|;BT5pl<31{Pb8wWDb73h5_xO z9PWQX{xTPd{_(bYN$hodsOYz5RpN7zZwS#_WG6#3j9yA{b5s1OWhwd7Tol2lDe{JMEhxh90;qa?39ng|& zlyv*-S@oFnbcixQqxF8+ZM@TrtipG?VfL z^N=dO45Kit3ZX4w4AVIpRk3 zYtYG7{Gl1hbyvUV9ORo;m#d+8jRJFneeEezFEO|8xQqQaD>1h*mJSZuE54fNzvD7+ zzm0OR#%t}5aktkH*%) z!HW)-{NfLm{1hzNc&7isk=NwNSfvB_K&Fh2uFgIoV?Me%`%h=i8sqCQ=z|Uheej>f zpx4IO!NHduO!~_|nDo;zX`ItP`1BflTHhB6BHxOl-Sc4s9%?*lEWqD6D;15)fQm%x ztgv1BGS6FB4Xlj5Y(BecKf$Vdkor(3Ycl*QPl z8{y?xHJL9$UXEclm8-?BB|m-Puc}Mgi^e;$uvH!4wkZ>k@YRe^&qG(fawlOP`7_|A zh}Umv^p|4@>~cqM9>M5wPQN$R82p?x&dtlciW#`0Suz9`pjpKgTu7-I6M+*fu!(z6 zSgD*B;Bo9YuRy%QZOk%W&PieRD#S4WRPW=@erG@6!y(8#hl{HI#pTWEC=&0)Q}!_! z3T{A{^H>IXK3)0gXsDxxxmF|gAeYj zKDpn?&kZw~k&K_Uy+KtG5~Suws>4M1u=oDG-1s)@U*J}L4N&yGa$HuKIY8$A_1E5a zm!q4PpKnVsBNi!|5`p-AjKZ)gUHJYzGW4ip?CrY%Md;UGTUt!YG?lGX1D)X`Wayuq zWs+OHeD*$4F-(ywFGTu)`}^P@5zT*nw$r=1y#BY1FDG#X`Dx^En6z)%E4y ze!M-qdinW#iLYOWpTCzQ|FsvFMT$N*uY0}AEOs2s?CwxILKl{jTV$$(s^IFGBnW~* zK$a9Ln3iVKp4?!=PQQVrB}|Mf0l?*b-Cd}=>-XdwKYzeQ2F_5!m#WBvoN@2{`%n_l z_6+maWMPS>5qf|EEuSC75aAK*!1v~JR;&gQ`4CV5Yqs-<4_)16ry58##g|Y&G)tUE zffPePe&khlqm_L{DpAEcEnP`i7ZA4oXVCAQ-76_Ja&k+zbtfgFC2hQpel&gn5H1Y& z`M#f>Nzz0fkP+N!u_J*+pxFoR?`DZ%P_wMpffLr8|W38Y+&Gi5aR* z118uqew-zJIm5>I-K;IP^1ItRR8{)!=H{w@b3TgJSx^=Fr5R{K@`5PZ2n{j<2QMxi z7$hfT&eV&okNKmZSGoR9PTyRj?~l&ko{rGl(do%Y?!9+2vvt5HG}XlgW>7DKWN40y zJGpQwmUqtT88Od3L_|GxhP zx~KCYNKBIZNhRW?ls0fYBSZ8>AC8v(7rkTSglKXVNRfPjelBsUGB@Kq*S5(Yh&;+N zmBC%07tbN147bNB_@F!2nII8OC`om?EJ$r)9Q`Rr+d5Og$;C*vrMiybPSk_p0V`3( zJ(~K2IU3EVqidaD*Vg{B$6ckNw4SG44?54(3ixXPQc6t&%JB>rLcwr{cWH8@{h}}| zaVvkN^HDjO(03>Zo037Z(@LANG83%9@a6g=s1JENFK8wvDEJc(|HOkDA{6{3qu#N- zn87uA>YfioBvq5CkHnpd`dyn6(J!bVc`BDY_^$v3x4{P@c1{F7*OxG|1%^pll*boKp-`AGm*I$E{FLcR*aJ;B}qa&_5KC{(v z7&}~^GE$5x32;1`iT5mPnTi4TQR-{5ZH|F zN!m89mXYZ{RDzEBQ0p!V>a&L90xZX}Z@gZMQrG)5)@EfVWQ9YJ9yRiv9rb1CIPW5xLDZvxga3#lJ z-u;3E`w`DmhvDq)`xvlvQ3JDT`980&-{&7~0lkH&p#km%DyoG)x5>|XtpTMwX5YJ? zPB2YTkd%6h?ECpgbeb zI0{ruXi(9sNV!FXB3Mg?%c%%|E4Z zJKQ$?midb6n64qmYuBe^@27Z_zSQh{{8Is9%CM@$1-r+NXq!sa?z2^CoEbZEXc(niL8}OQ9)l0gYEIS=;DTsp-bBbfN0{q@C8QyCLsX zey6i5{fYCSHdUI#L>phIxzXJ3C2aO-t5BKFr9j~i$GbDu(5o_CT>_R$nE;Gke&2Eg zt29Sfeml?q+CQn_0A>Xo!fm9v|_?D#@O1M*80ygl&&J9BY2 zaF&pFyXbQ@-qTDJ3)s=>?}pf;5UZ!@eH0i31-?)U!@HF*IT2l-G$+s{Gj*vh?syGd zt7pnLQxeLyHN^qaBh&qkLY5qMndI6(PM`NJ)ah=BH8w*lgfD#C6 zCDaX)yjg{6t2%VL{sD5MGBK;fi2hOHy;8j{`Kq-SQ=#U{--8mH3N=5wZGsDy5x|>K zq%=-#1dU-Q&2KbL?F+rI&HmfbV(w5JnajUcsmooS9PA0guP-lN-HuMLzdt)Zy*)o0 z-JD+N6gj;2ie#jqF%pcaDyBAG7QRw$oa&oh_2}s2&Dn*0L_{2QNYN_ZFK`a<&&v$- z$#WG6==xatEa@mo3h=?)h6cePg8v05`1^495A9Y7-}JvgBR02J0vshwCF#;Rjs^G_ zj#C!jafBgX-Y()yKUbAp;L02u<|7`Ubm)|zfO13y;&`H*%A|OzZ0D5!&%l(Z$xxu( zmmY|1V}U`_9#U=qHGw7c_q8vxgg&oU$W#|FaCt*xv8v6S6p~wekNuwYht?GtP;Pdw zzZjLj@=on@eJE5w!fsCPjU~{Z1So2LBga|MN$sXZMaG0%e*RMjQdkXllu&Pb~NqbuDWeErpzh-Qf{olixT$1*}^ z85aa6yS-|k=`3FogBf`+!-vQz^5DcmD#WOws*nm6#$C`U&2VZGc-AVhaH_({Yu)^U{>f;Df?X8s zIAD~`Vmp-saY5{$f!DbY|0N38WD>Ltr>*tUdti0SUtZtbzB#%YX|bSpOUsu#%A64#G$?#7}AZbs$IA~e|cKkP zAl>>$tI2G1bA5XB#+N|5EU=)3oquErvP~Im*>xRUe|?_sfAUzayMpI#&T&C{hSK~* zpo>>$7k|^*uaOp{An^9&N=M$~>I_ARinEweE?7ZhoT7qYZsXha&t)UfhH{jYI1Tf% z$QdWQzzrb$LmtA$VlTOe&K6=)d2)sxhzondikObmg)V5RB!FswP;CWES;qxzbW~M_ z(V$+HwBjywHEM2(Lz2Y!%$Q`{M&7YnFL>XYMC%W_@Jm&;_U8C1stXnE76xzSn&yVJ z4_Q|R*wzfib_Kg)r{0(SVh3zULH)${?^icCWY<5((avx9(0!5<*T(g03g14v`Y%Z& z|5Xuh%;saZ)5RJ+X@!8r#(1T4A-%zNcRb%84-*bY=4fFSs8#dnf-#w zjQ)(8sBI2OLtKGpyRxXubMP9354~kg1eg(Fl)Jp+>XuL*vwKo3I&cmkM)$GfK&ESm zotQ6OXWV8OWTUm?f!F|56A|>GF{jy4P7Nm;zHIrf-l+Tg3+#sorU2aU}8lQKK7$Qw|NTdlxLs;eR;BxSS zLP+mYQLz&rHBq9usxMar5(Ii8Dp9=07+uGg>TI#OWr9Z_RV~*Ho04=EAy7|i18ldK z-U?7V5*n9=j;)uI`8_F)**wPuLBU_pe)P4J3~Ps!D#%CgiN5_0mW&q4Hyev@lO|uO z$y98nmRl`zO4=bE6u{-MR6Y7ULMKE(5i2Cu^C<_~Ku?RGvFgRW1bkn)40SY<1K(g( z% zmOgy%sghzVW2pUu7>t3=as2lBd{+wB6H+DDyfRHgIyjqf0ShEKny9L6DD_p{X!U3&NSe|q$waEsh5-?1DVqw8 z*h8lJKn0oNLTbLcincE-YrdY94q|}~~)@{@e z66yzSi-`0t*%(IW0^f858$nhAlXKEpO1;^h!JP+9)Cu!I#xut5y0BzSpVb#Xs1G_K zW@^cMs?S2xQOoUbeIiDJRM}mDEKITm9Uknk4#7~FTdRjTAXVxjW$Wl9feK2Pm*bT3 zS?D=bD&t|n-Yskp*|4TuJ3LlpW@?0-RaR3E&`Y$9M4m4D+COq#I@qqAzbnq|ZRdb@ zByR0^(;XXzc6RE+c5<(D$MrQ2YN+29n)q^wl9%vvvP^~|(yzLUia{@9B zKwuf{hWvm@>CJ&dL68baVXO?ZwfX)6vxt5ct|%RR+zVWg<;3AonAj z<;Ry7-=4jC0G2>$zk7Wo3DV#AYY@;1`_!fkV)XrSgFRLTwiJkI&CeFK%v+Pp@xozdbuY4N%Z0BJQiW2;NtP{cujh zm=vN9T^nimgL-^@`s2DC-jPM!2;N3{uP-kyPLFTaIe1p$`c9?SY#Jc`J+_?JI@>2- zWbtp#UP^&`15SauJfP{qBW5dGPS zmqL5Zq1!>$VYxR{w`lopl)L11^y9_x?dgTw94Bq!(i$MH-(K9Dy*a&ob$$8v3M7tY zquT`X(aDLFlANR1sBOz-71KS=>33Q$^F)@5kNgfe zuKapb#f$~On*zfYJwZ^U;CucNx{|-`Y>d+SsP`1E3QcJZo{Tx&sjZHL3#(dl(KI$is8_`Kw#sB0zfTVl+Xa|@E)JJT)moIt#l z`US$!9Ngbycxg!9K?N9Q)km$WfEg@+fKj!Z861Qhza8CNz5$eIodi`Ku8k#?z(s57 zAC4{s?sOBRRY+)zMSr>i9~L8TPOo2`qN9rwbbWepqL6^TIlnx9-8OMH&r>3Zo-=sh zNX`18pn_ENT&+xFbY?`gL_{i2(y3Iky-uup-mR<4zE0pl@;yt-IpM34&NRO;`$)&E zZ}iPtX`1fck%g!$A5$Z9G?~zMVM3vL>^v8X6RM*WIQqN16jx-=5GSvQ5z@ zeT#X%d8cBYH+p>UhSIpQ(vpnArC?B*Vbn}^v*TsmU71Q~y<9#@zU#(KXVRUh+OqvG z(1~)@diDCWl1Y^h=lx!^|2*0|45xP_+WUGi*g+2jWyF*b0kd*mkkDMB<+u>Wny6tR z%+Ui$!Ebs*h_13DN1336#igwo0tp2`T1Ru1lwh#N0)0o)IZ8-QvV65dzsw{(7-@PUe%q*6WV(9F7r(6t^J^a^g~!?j$|pMSMCsD*IUG>^Z& z+>7=H(I6ZIC_2VD9@CTxN_h0T92=3|X3YaYdBOe(+JL5Gi1oE4u3A>NiohrDa;mNm zMkHog!iVVji@}%ny~@9!(kUr$v8fhP0fB_{Zr+kRvKXQmOYy0Z%c1sI$AFe&5*Cb! z(0LuAggs;rxJZt!&X)8BM&xTU@v~smqV3&R@PV$QqQmYhlWb$a?i=5?L6_B5NcVFP zY`DX`S!w)LNN-z)CW;&A)s5;i>zGwT+;V(swriAlbake2%cJiwM}bu9ZP8yyDHWh9 zbD4ZgCo1~FGx^jGF|VDDZ*v7qhl4G>)zF`Uv0?c#tq-P&nATCNYl26NS=ICUz!5t@ z)*P>&Dt&|TDwEC!j@JRwJzkOtQsf2om5rr~pi7-TVin-a4_*cbO84IKXR8E=meh|n zald)@fT=i}<0+|LZ6f)MF`tDJMmS+bXgcblI%EG(aL8P0y35HcSyW#nzANPh-|j|`96|I?pO+f5Psy^A3s+KLRG$!V@Ml0e2KPk z;_MDDhp1g7^b1PCp?6L*w71jIT&Jg8tE~cEYg_aGo{F|1?=}5OgQNMFPD@tS+%|^F z!Cyx{vPpZUR6EPv_V;R9yPoH1+gxItp)r(7iGup=i1KD{olTu!+j6{yN(=O2RhKW= z@=dnJx9!eUZR@>~=vRGPm;Kh{mK`Z{qt1j9-5YMXQ*pg2%VxK?W^uI>NZSFp`R%ZC zCP&s=SI@fx{To81NbCgFpCa zT)8`!UGuKq(+z?!H>vCDpmpEk*t>-YT34vm+7~ycbW93O8E>FcnXB0SyO846QtiHn z?jckVoLpwP_0FO^@-yPES++fBY1V4b!!P;?KT&n zU<=p1zV5SJ0QUR(OXa)a8!hZ0SJ^h4p}&9c_6ToVFtxssqpgE_P*m05w)OG1xgi0{ zPUlD-Y4!PUfZ2@@>tyX-3yGWQ21^GOd6Ra0F?9`nE$o|u`jAf1eY5T=cPSPBhQY0n z5jA1i$dJ$Hi*w3_jq?x2zz36HZC+u6Ff^np2wy*N39~K2Z~2BXN7Ux6Rg0^Y_;n%A&P2CifZnG%2FRfZy7E~;b zRY@(Cw7BllVIu)Ye(PpxZIa#FyvM%xXm%e!-gWcAenoPPmfsd^9=NBxd{F-uvcue5 zo?PlYCsLt6CP6Qv;Oz-(d{v9Ur)t zY%=*XDlxFDrV>aaWa)iRB`1}2w^|v%j9`kW6 zfPGm@*UaO8^|@STsjhjIv9ik=?MbwK2mqeJF9sDcSP?-2>pV5v1^sQ z)(S~WaK7-jk(Ap`JCBol;jB+6m)q-_;Dly`>*U5Wnj|DM#roy3mlP~l>H8o}w>)BL zLDB^rX7T`rqZOlsjLYfNq&Ef^PL)A|sxz5rM^kyOX3qpliGXAmra-Z9QvQ8+b8}^~ ze=G3W0x>Z&(BTzSno*bYI8D88CIun?(os&;$WV?!C}25JUIIEB;z&=nff2#b(Z!E? z8u~3ac?HLWJGoKobrd?+4Fwv|6@ajA8inZ zhNT7K73h1EzSG<`%T?!fu2385cc(Dt2cOB;-a({Zza|TN5VcwJka8534^GIxsGzp>^(uv){`CetJdwX^wRS(TDJ99KA2CA(YuFX`AF}x;E>b<;D z*v;5&g2|j^w@#jmMv#s^MI8~iq0smAIX_f)7%gbJnGq?K(1K;40_*JcIp$ocW>N?I zvpS@768f0U3BnUW3VAp{ejGb8P~NEgKPTx#o_i{T?t~R8r4Jsnd#Je#723KoU_V`Y zkM~{4J=B|)pm9Lr`P-x0tE1!BN3TwAua0iM3$(%ee@1DE|EzxP(~JuE`_I7|AXPz; zqvPY#(dhR4@|6Ucko!It2`e2pgcSgED(NmbXpA|H*MO#C;XhzFqno3fw<8~d&CR~X zL{6`-FRyDolcLxZ5swF>F!1>AH3F6bSbgfYWIXNa@b%fT#BtVP4F+k>yApJPE=lO! z`hHnD@5Zt1RPwS3x^2-Vd&An98KpI2H{pRvVZOKjCFEn-Q%TJC{?SMRvIh3t>OBq3 zGVQLcP|a7$7VVd;t=F@wvQs$RTBipYo$J&=IcT_a zdR?qs`45}HT5I1mgYLy|J3W1$Et52~Ei1_?VwGrbOZC;3h_toWRT%?aJpuYU`_R4` z2w5THuaMTfT$eizR8`DH)uiwXCcSUVvDqSni#Q)SK-x-jd4+mfhJqUD^%_uvpe_{q zBY$b@m(*U=A$2A8bboiIT_*We*UZc0aWgkCJ11WU{P@Y&Agwcb4+P{d_hC8(Q(T1E zq=;Vg9W?NY82G?n*7RU+7~RUGQz0s-L0r9Ev@W{leoIF30 z^yc*Z^v&tb_1ed`-mrqCWKKk}=t}VGOs*M0v8Je3GpVdk+UtrUFt9a^56%YM2t3ZI z#Zd!G8Z{jRyZ(f~yByurJGM}5!g(K&-NO(muZFPxAg-=2Z!V87<+6d7Wqsw`(Af`w z+W^~ILBAW@IHw7FXaINoSSonCx&rK-7=+QNt$j=8 zn5O&|yn-Lm$Mxye`H#0Zm+SUZkUU-73bx5&tTi3A>Ko6->tXd|yk0h&3#_QyU3V|? zKeujI8}#5GsjZOZ!Me$qeG^w!gW7cXK-&vr`P_i&>HY->|VaS z!kj;_BKZKWTXBAT;}5`T4YJ0ee!A{~rm{+(-ku!Y90h7b&G}WotGd;vSz=O=o>nm#+O5>MlD3u@ zXl7|!$N2F|^R0$;#{zSL)Yq~pU%jd^0|%BV5CzWd&I=cAKHYRvtT}eQinUF!&U7mJ zcLo=_@fs>>y*DGsGFr@2-^|;w7PWZM3ZI>8eE#;;*+q**)kMTbJN175J;~<1)betw zIuwGV;5KE`06uFRxL{S6(#YimAnu@G%vjnubNu=vk~06qRgvM6oAQb18JkR=fj7N! z{*KTORLoc@5Xc047yWqj=3G^Miy0}jKfLlh7Ytz}`zAO8#}){AgSG{M>iSf;llXtS zFZ;~($wuk*VYNSQV*Sms=x<5@PmnDCH<~5?iPGcuzv#W9_bOO|g4Zi97V`YQ#|4%2 z`chG1j%mSnkphiy6;p)d9)m+Y>YaL?y6SrlC4@OE1W6E1^BEo!L1UbzT{YdE;a8V0 zu;OxIt7mH6@5q9KgSYJBNW!=5OVdK0mhl~mG>l(#Y-Z@RD#?x1JsiUS(@o&6w&B-R z+hC6KzpE|&4+wLa;FzHIzXtUr4?1*6`&I)?CmN{b2zEPB9RyA+f*TuYUDE>_kJr+3 zy-T;p*3@&_CA<1mDK9PO$P<9*^yF(#9#BalVOt6Tn=jXJawp!R%JW-hbV5m@BduB* z6eMSy3RWz3Hjme`U}|Vm(y_4-3I=Q*__>Pb(t+`hN`T<$FUw-WsyWv4A#^4%sCoN8 zX(|I`k_kX60FwovFGqQ6))M}T_$)weLHHk@r`ZpG@w#3k#C}evDxz%tX!{y%CnPUO ztkY!TB9mH@cOz*YdX6IMoj&?>3&kH@#m;_OW%{s>wjT)1oOku^~Kr6t05FY zGY#ub5X(RY|2O-;4IQ{S6UTF-`qp?j_(hxiFIw;AJ!HDO#C0sGZF&8sRhYRP!&f3K=xGI$D`kSNUYbFmzR*Jk7P!?ZcL1VSTY=UGHRFtyKw&WB6{2r*I zw#Oz2BMAYq0v)RhO8MuG3USftVLK`!BOJ#%$WhEl@3kFPRmC9WG0RC(kw2nB|Q@)MOmV%U>th((I-K#rmRBFM>10x6p+M7308 z?W;cf#Tdu`vmld~b4;_R1lrf7^eW)J@7M#mCk4!?fE+6sLl1Z%u`xAu$06}ao>GCv zL_83ZA$@bKQcf7uCcQ$g8z+LR8qZV};aBNcBJ?&-u!_J1?CI)v9C4E4LcNjNgNEHR zD})N5Cz`2MrG@#R3V-U1XQ~mVBDB!YJK7Qj|2*1znkaaCKZ=l}qA9+#Ji0oX5G=}q z+{!iMJ5U93szWco#W79@RKyQ-c08O@D7UAN4w}W~7z<`S861j;3vz8+->1rQ(1v`U zb*!3fnJbsGT#798vH1S5K0gAA_oKZh+Cxu($?_!JoSdwgpA{zanqW0G(X zG^a(f1TtOKrcuM2Gx+tO-jfDM6(;T=XDvt>YjCSoYuW}TXUQWeqz#%5HvjNpX`c9` zLsJkpBhC-l7n%g)6mu>Q@Hr8r;Gc%$nf>@_JNsm)mG3lqKMg)@XPnsPLRwLb8Kg5kDbq2pf?vCRKWE1ia24d3Pu?b zx{76V_Z3$W!(hzb4|YBX$e0Mc_kl2ioi;I|^NS`Lb<t4gTjrgryZ)ix5yxdsF zc5cSnFrj};^Z65){_b&^K30x+Oixd@Yd5qxsP*}T8nWNxqx6(^yYa^~Y~q|&YF8%* zQI1IFA?yk&w4%0_>GKagtW_rh)8D6%M!fDGC1$l+n9WV+W{1j$9m$*EY`F^oE(PN; zPH8r66dzba@Nz!y-|uU02LGYwWUv`LNv7>U;fEE`W*@wePADh z!C>&>-~j#|3+ zU-ilTPJZ6EBx>EDsK6RwY37uPNg<9&0pSUObNa~VugRkE7`HaY&8D^FIU5%9*G7`6 zcwd}(5e_{16OZ_P9H8x*_qK^~tm^k`_yLO0PNTV%_tk4>O0vHx$&Qay%dpynF%Ho4 z7l#8MTe|&-PBW4KmgJx_DI9{`=<_(+QJ+cRVPgSas^25{qp=R=?Q0$H<}6tsMfDR z1vSuk^{8;`n3^AUk4XP|N3&#zzSqdlrh3mEyVfS_&%Q!uH2bU|Q_6+0R9Q7ZcIQ@4 zTG8GM_SxV&U!?!_*Pf}zB(?K3!!{~nZoiX6>3wCJwY zxKTkGoMlXvI?~CcoCiZcV#5Y2mSjcUwUwP92(wa!Mr_CxsGm0IsypM7-r#&_W2qd3 zN6NtM8aUtA6Zx+(V!JLQl0qqDHHyaLYMold@`H|fY&sZ0=Y*A#VX!RG81$dHaco|9 zZ2V6W3xBk8EaKVeySz~8eKf6wssIdo$V}NPU3rQXLv+E!S*D+=awbFlSBPdLl~|r& znwAA=tLe3RhTg|&ijbhi6yDAncUd%qxHW8t1X>s+Gyz2+J%y@uG2_MUbsnik&sdG3~zh4CN$M6nE} zQ|)WKuBZS0Q;wizS=+4TEvwwQ&KvGU_cFX?G|Mg`x@b>b8Q%c5Vz@R)hf6HA0dEA< zWhL87xXgxNrzsob^o;Y86dm>ID7<_OSnXJ{6ngBoc}ypx63j#$;JJGH7{FHry~l#Q zCW{W(xoxl+c%72SpvAokfd2<5x+W>XoJ6Xc*Mw?eg7(5DOUlQ& z2L8qlnwMO>fm)y2^4AkW@?(}Sy64leZ>xf%HM}%?4YYKrwxP-i?p(@wwC;Qzw83g- zL0nNjvQ{~wyDrSmr@@;V&!Z5hK7C@$txXk^B;>ACynoXV# zb0#UyV{oUxeM;=Pzk41<9EzF~;=_o}BVMWc7TBBcLn-Yc1AE!Rs`@-Oc=Uj@-`yz1Ht z;Mb08gsKNk_)g&=*A~&jlL--A*2L=Ycf%tRP^pQ){3^?Ebgn?WawJJX$#a= za4kaMD%dTbtUY>HlwGf%HvBlCn+}M7_#bxv)b)Qj0Ya4?`>8AdEA;=p!Hc^8-{FhF zANv0%`Kd`p3CUBon3GII+F#fciau6KdQe#O4wPNZof70>N>yvyXp0hpQrt4@_)UF!(xo%&|cGi$XT$$ z|9kL!f6wRt`-8nN2Y>MYPx0f}f4liP)Pqxb^wx;d32O{iRn9BLj1}}>b)QMadaqf! z-VN`+k5V$S~>*l)fgQtu4@0)FewG|R!$Jy@Y;~tw{2{SOp!T}^{ai_w6cGg&p%G1U7O4Zd76l2HpeHk) zFIh$`$e(@tcF7VF(;^9%8VHy`2Mq%W+$!BO)U8p3<{PyN#w5`8;hoLfiU0O+qn@(6 zl^!(w<%ZCpFOB{A;KBPippC0j(yCvP@7RJTebnYK=tRogPfjfMfpNa<4AwH`#+*90d=_rgRjZ6pht#*)^B1)fH*PemAva zwmn*gx@nAcd)SgZ>5@GEsrNVYk9qig-~zPVx4r|9-0dfv{BIs}^1m^%OcN!2__g@v z3DbVu>8?!R$;(xp{Z}UVrQv^tv;WOQ&;B$Nw`L92`{bf0M}z{=>6;Ahd)hGN*BTdU*!uKXdA%PVqU}T~hgutvAa( zWXEg5D^0fln!LSBV;=H6UK7dkJ+c&u$jI%I=In-L-%1E+(MA1ggV~ny>pxej59xLO z6I;-5ZL0|`X%fXeSp?+t@{H&PfHo2?$>&7mpNY0&?vYuM6KI@fjL;Y`en^@z$r7X5 zgV|L5jPWfInXO5_d6!d zyGvQ9zKn&GM9j+xu4*M`G_rk2flCs`w7@mUSrSQ@w;6N9qvTsVbZz|uJTsaQcE=@@ z^D@f_*rvFErW4hzS~>q5Dav*M`KD^KOUK$}=G+4i(17o_e>2!W1uA)|iR783k!AR% z$_PBbi4E=Uke$sf@9ZEW)G4&VrmW&pVLyo81_x%1A2~-2c=yF8TB@MP=hcB#p}jOgD?b$&!Hw*A z@By`Y)*2eD9PNvM7R}9-zz85DJXo@L70BhjKGQvru(}NhVr6Qmu6t!PZstuZu@NLr zEm0E%)xZntH0+UYX6u|GAl&ynW-|C87BjLFW|7=~4f24lxl6t=4*=GgI!aoae(@sz zV}C00pBMk}#nON7k^hE=2cug4&+u^gBL6+d=XZ-Od|wFA{f^%%>`j_V1B=rfVuS^g zB_a%=E_nuDT^YxZHofWJ?3+(R%X!{}LDD9FwU#UFR_V=?;c~XLRYS!oPt1dY-G$J1 zET+C=I@!^PtvlqKZaX9$6KLI#u%25d{sPbiLH|~4a&o?0UZtDH;ZaZpVrOQy3(rTfKUe9Gq6dXP%a9%cM zeGu0y>6QZ%H?~oUklFm8qAw0gLw&A`6;)(GKiH%AWG`3!_pqA#{q{5%ZN;cY>L?Fe zm*~;aoTNOXc7d4Y>2S%yYgw%Jb>uNVfio_j+2(jgxunC%fh<-nrro>}ru|ez4OG%R zxSh~$d-tnQ+4l2{OC;V_se+h6 z94OdsJ}b`m9k~K zX~spy^EE^?y)O-^_R|U3@ut)C=FUC6etDAXx~RJ$9_*~xJaD9`Ux8yhnT^?zZhNeL zBs`p>`(6bbn|*idX@aP+AT8n;K|#E`3qM`BU;JxT@xX6x!~xhi$MD8&Yk8fjIT3oe z3C~Zl96!svNGR+*j2X>(GN&=?rQDh~~D9g5Y8Ceewvdpp@`$N#f; zlg&$CeDm&?_dk5TxP1Hl`Tx70@<_U0S#q>iOPWWW8wC zs8T)sIx9x_CgxN!S>}%V%afLi>9^B3Og*NJLrP@zs@kv0Vu5|ICKKH|?L-UBr9KRh zUW1%%pSKtGXiINljs8{1{Wi1FrX%2mXWI@oo`rk(jn6cB#6p@i-J9(jU4L=gc0Zn@ z7~Y{#5dL|2#yw;@5uefa@%d{L?3mA4xDI3HhSPW$>~kBZWbyM#TVH}QL1330nj`9-x2aw?rHA}hYiHAYNs+bs^XA)4T{XW|rGTUnKCtofY+J)T zmXBS+ULMN_EF<8$J#ZD(I}cvO%`biNHAFy|#&cN0ifLR#c%sz;dfl{NLGPspEaAOx zeWf*QI)~*Y+_ZwNkD=@6p^NyyV|d?7PhP^Z3WwdvJY#g#bk6V>#M4l+=B|kv+4*pK zu|opWb(idXJiCBG%|(=2VW5YAEE`v>VZmFhZ=2w&j}If}dN~rlF(ux72^@0r&L&*S z_TaUAAj!M;tuMZk26e1yDJzI%jcci&X}y?!f9+S(f9nCudH-u)Vm&v5{@u6u29B(e zAebMwt-gMy)ykJTYrpiR*B-F;E#CX$huQSmbeJEooUISD-`~Sm^nr)@{@1>|Oo`~0 z&4PIe`LbCuhez58m0nK|5G%d69wJ!Y``Xu9$wu+K?LxMf&|PN_UdxBd==Z(#l~$6b zeA}^9Ki|KgH02LiPut}~*VMlF;B~#{&9At&n-6O1rG4OWHN8G&bsu$Tx4-zc1g)IK zY{l}dSyit+)I#*iA1Zs5hwxw_to-`JrLi{eKY8^lUp?IoR<^Cy-z+4{AbWsCzm^-R z+1j@_F8wO!4SAzmil_&h{FyPoVdXY!mSpdNO|8_mn=CId*3(pReEnrSC#F1 znn%|)s58Nmh=@6PCz6G`ED$zR&MEQDsB_2*@!S#So2C)jr|TZ8-|JX&{^1yLV(8-7WQ_pNhylYonDKJtURcCL*fTm{cGC+om~{ z-fA(8oMkHwvhzbmLw3P3E~2Jz(5+8y+_BhH8uRxk_N(#Lcg4NaVgg8$wnY8v2dax+ zNfz2pts39{{TUNwD)}GmF3;%CG~sh5^DhMedr$svf6zau)_?CGOkVOop5ycT?-e65 zoPb|2$)DIHE|RA)*)kqmf0KjBOaAY(d_XhT$iE~P zkYouS51uU44J{Il0Kp<6G7TRZ5mDrlM@&O|ENP}OTz*H)0=T;8KK^YJtjztPp(RL% z-FwhFY8ABiZwCARAUq@o)#NSDmkzI@>Fph|Q+l85Y=yz~9&N&mFd#bjqfEGW*k8#v z4L}o5g_a;_ktyvE;H*f1wBfRbXyfg%-^hmDt|3)8N_P)>g%4QLG|EUYnS7h$X#MfD z9n0^nFfx9(5E=CbtN7+kCr8UZ{(BpWT(vq*jU0RXD^E`we_;Ehn&hZkY?T)7%W034 z(p;?g38}+-OAk3_U;Xn1G!8x${=ec2Z6fQXLgqb<81*zs;2!>ecz8Ih@c+Yu!|@CM ze~wT4%!J0k4|`k!bzDB;X=#@i1j73(^5^AR@f%<=|0QN5DnLn5LWb%|wNywYjEE#& z6UE%fQiyB$|8!oFE5=U9GS5?avcJFJ`LdY7{Z>!y1ILp4X%WZ!hoggGiDu7e9xff7 z{x30mOignCiuBxCJS!MExi2ew^B`;32}X2K3w%O${5N-M5A+Zzu9xa;lARe;A?#so zdnG3-Ev*%&@s81NV)kUtVmQK#hSy>~|B0`7C8Wpo=Rc!WzpZ!^n@&cnQ$e075r6v# zs$o%XF=!KbK?B0ZgLbsB(N55R$;=I)1TT5@FM0KU*SvbQg}9e4Fi7S~ zVE?NZj%R*r$Qo|gu5voFwGs2=n!?b&eAv%}qNz4c!3(O|(8D%n)F#$wW7n0Cqepaq zf0)q5&dbq4ZTij_gxMJy@JsSN<#Ca*C&d#TJSm>&pc+q9b24qQ|77gTn1AlA|2Y^8 zs`j7pi~r|&K3~rMld*p}^N+hB|G3tlO=G;*_~TxDg6#*mzX+p1{V&bLZ)$kh!__(o zw>?qq<2&f$M&I!Lu>YF){7F%H!XZ{S5!s5y@tUx^R7e&Po{$^tPaU#7B6$)r!gC^*qKGv_ z`hq1agV$($OV^TQMFNE$vDaQNU$TtpS4hHcSVm@y&}2-Z#}hBwxf*v~lOf2C+N4q)McYuL!3FkoQ#nD@HcSKE2Uvl>yk%Am^dHtFTOVA_ z5cXm;{gOu0`ht^ZvX(aY{9-13F_XTSNngyQFJ{sgGil46`{SEQ|B20`f4rExnGm_m zGx{%NCVdIJd$E)LBiKp*!AzzV`(GN(o*n;Z*stY(jt<6y7yI9He15NDyGCbRW<{!Q z;CDr|V0nWLu%`Mozy@{6Zp_FoPux>}749w>bWMwM%44$gR=vlQ1-Yn?0qtP^`zK_e z0|bfJIY~2i!;)N*R78d{ND>v9`cZpoY8#qTvwYN)e3Kg5 zf}BmQVGvI)qW?@tOf639iYISwD38J73;p`vRPcz~ylz(2{dM06=-tPJR>n~J?*36U zG*KSMBdXMIT47JLzqh>eKN$CV`8@Sg<^M8$e*S+rtj7P34h~=N|DNUJb99d)8I2dE z>XNx*D;6N~nkE>)i)y2-c+MtEWiOTKQ{6Pb8w{w;^Nziu@>^`~+r1)HZ%D%*_Y9+E z!EcY{^Eii1gZHM)u_^-u5bysnx|{`99uf^8>z|oyMnfe!Ek&jg@@lY2r-)d8DPs0_ zJ|$TZqwd%vH03{JqDZ|0-+0xN}B@3BJLl}!t3_}QcNv9!V z=VvOhut20vwR-xMM(OJ*Zre*UW)Kq1j60WlRL~;?`fScGECmA{4f-w^$B0v3!%@0h znmF0{k3lf(2mM}uhm_GV-xV{anLwcbUz6S}2S69&BdC7GCr%zt_iMooW%aY-vJW0i z#PfB^PPR9Sr0!o-wXM6U(7#UKK~x zBS$6S?J2_O!wJ&n$b@P{%98IKR2>f<|_msz7_rSwGg=b+o7&3O^W$b~Acc}}!8?RfmD(vZ)& z+O*^o`Q0t_zfD`l`Lvd!6Pggs1$ z#TpnXB+K?l%<^xg&Z5d0QGH^2Oa|ojzMmqbXnNyvL6Aqolx=*&H>z3ni&})89dDUf zmcL_b?`!>iqP{XG1uy8o$w1zOJ7l*SF6j&B9t{bpYGc8Y(>J;aebRQw=wQ+>4?;hB z#TN;SV5Djc36IHc%q9HQ#n)83-ayU7{)GPy;E&q;%&+R-HV+OLk=!m>zGNApcC#SV zgDm(BOF%CnG|m`}*1GscppF2~p~!{Vz(O*@a|!zg8>N&0DE;B3e>w7^rfX}OKm`;0 z{vQ6}e!P!z1>J6`LWb9M?M(cM?9L9x5eu{iuh^+3Di zy(hM22l(0^sV1Xi9?OoIgkD6L$LwItlF+*}nDd6KReRzcSOC8GiqSvddeM7Ui|Vzi z(uMukSH}AntrrZGE)|JhR_dvieoKd@%t2Aq{}lZG5sV zuyz!m$t?KyzTo$KTG0O|dw}kZ|2nARKOGJxqZj)B9G@>i|2L8S=cD#7ME;LVT^{Wk}sDFVR!)))g|etd=~0NvFKhxkKs z2)%nx<`CwN)iXB+)bMV8aJM^pY)>wgaphSm75!^!By{_`xK2h)ECK$NpA&A4Ru zFbOJT-t3HNIwqi{bz1FNu|y)cVEB(t#l_hfeAj@>gcjK3T6xS#$%JplM#`rohS z{~sJ4j9=*gb9|nQ{%;}v+bI9@k^L8%{|Bb|Ux?uU(^LEUXDj{B#NA_kzW(Pv`ae3T z+J6oXCNK2=Sw2s)|KI^>r0noZGhv6Ho`bHdj$TOc*C)Yhou5vD;aI%bXP)`9js6!= z`bBuaBmBSP7yQrX`8A0Ur^_|fZ|S}Fs8=tdp~PF!JZm2p{$ z+k_F)?w#Mi5WvQLL-jEzo2pbaKi=3$r5qPaqEzt2Am`;YTd@2>Wcdk^In4`%E0p1q ztuzo;rvdE0(mzjfmfg_U4A}g=ZDp(P{9eZR-`?R;B!)ei7rd{$qCXF6b;a_GhnEbN zlP3$?cI}6g`}d^YSOfaSzB zim9VjJ{%#==jC|(U5|(T<2Nyb$>0*2@|^E&T`)_xuIiZK9@uCT)M!27=U&`#Jd{0s zL{7+#THu|>f|76F1w54g=K9~XSou-|+eqf`|E%C}75Oh`GROb+eiO4VR0Q~5{eM)K z|Hd!zAJ6j97p%zupiV*65Z9Q3cp;(&8EvP58uj308RK0O{Nv7&#j8Lrp_=K=2~jUt zfn`gnpK5`$-nLPMMHcV)CHYQ>`U?Ij_tigb*|pV*CeevkdC&V*{Rt}P$^L#*H=Yxv z`m>QE19=nL@a0&9G~QPY&Umu(<!F|5-lIO#dx$E33>jO;LlG@x;=eO$5d~SE44@EJ;|t%oxxAwqJfC6f2^fnK|ljL(>3h@xhZbGq64P;GfVLj3^Vi2t|BCKAc{_H@$(Q^e~!HO5&KnR9Qrrwvn%6wWb8KMIqTufPRKr@JBwto{3}>{WS;S~ zm(qM`l?1bHMjMT(lvu-9y{FibE5`s_!0a&1mww>|XtQz(@Tm{5au*q!^E>;)jE2|D z=Q*~Hvj0`vb#for^U^njB*kjRvc_Y#pgFsx>!4}(W-O;>3xB}pV0GH=BQQpFp?6Bx z3w3?B#CmJ4dDzpV>AAnENq))ZZ6vtT z8rgfOUIHV4Uy)Vcz|zS_l667zW##gz4`3Oeke&UKr0QKwH^zI%*>Dr>Qvb_IclUoP z@?WiHbx(#FPoD+^e~e+_kt1YzM)kR83EA58zPr1j>#exGZX@Nve?7YKKzD(5a4}Jlc@8GBy53*w!10F z0W3mf&Ht+#kYAE`O+*53sv(h-DG@7SK_@u7`h1m(jCEd-Q?Xi!g#3DXMIxTbPO#wl zKKvJl-w9@a%l6^F=8NTGU;W4YDQ}W}*N~Diij>TG%w*?vAaB#o>tIH&JFkO$m3ChL zf1Ow4SDJBANOFGmR(66k6Th)A?*u$zbRVC~#BZHn{`~&!<<%cbwt)M8`s17TKfL|v zmmh*v^cDKpdjE(0VZWCDGwcs0FZcgBKCj5>k|qlli$$mN>J|Bz=&D#zr}JLq>gtj; z%LDjv7>p*tK>hO-`Ci@KPUkiGuw*2Siv>@}lEv!ECW6EwS+I;qmP>%7)(-&UGEkR9 zdCGfP9KN!CW=@@)Ohe;PHp{G zlFRSjoTAPG40fv8{8edjQ*wHFMs|53a~j7iB0`ZM7~s3}(+;r(%>MIFWE2d7eiui3 zeB5%d$HzEUZ@qAQl&rXvYIUb9x%oa5t0~D?60uAzi(0Z35-BB_XJXYM9yF`SG_tL&l8N1O#irtGC8e3AC|jW- z5z76X%4@kFLTg3FdZ~zdc9iw+=X|lE>HaJC1C8U}HCy*!`n{C$O!j!vqweV*m9EL2 zH>;kV74F*6Var`RI_!2{ae3pd_T>vUHDonUcI$1|MHf^swzMI2?Nu9abj#J-;K=DHF3|VJj5o0*>#L z&cVX7p6X+*7GuR1X5tqjGHZX>mNpy?y&+Y}>PN{)2&5UVWLV57#=^km^vrUBvxrUA z3X?@9iWDKrd4j|Mc|eB0P8+hnry-5lv_rgI4ag;%vrNtN)4TK2SCi2;LhNo=uRao- zmTI8eA+SIhgJEQhN|Eqnp;zeOsO1VB9C<6GN!PiOwQiWYTv9C*NR2d(#Vwh>7YUm> z!#JEr`&Tbtr_9*&&1M}8+74yV)o--j-h-jK!QU0Dltp-v4L8XJ83hwPf=OG7Fae5i zg~B&7GIuBqu|nZ`NhO&vmMFS_XV@N9@|&31lP-hKYjVbA8q+nQKQFOdI6zcw~oACz9?5KmsC5gC%Usb!m(wIl;I(gUsTS=z+Pt9$t8FT7tC>s{& zGw}`~GyscZb8EhT#z-ax*Xuwq;1eBh?_5#{tS$-spMqG(BDDu_{4dakaD z8l;xrdszN8axW0`jbi(3m5PjJ>kc6i&mabZGie`DGli{ki*3kgTS;y(00IsYBWfE~ z93s0noRVpt#?vm!6*6U^=6F*KEK`i}mm8L4JYrMRcU#e7V6~9papR?aO@0PWs|crF zyIkN|YPwlUp3<&}D;A0*lJ?%V9MX|94-AhQjXTZP*lG*caGLcH&R6VzCh zg!}&Q`gU14PCXVC>a~R3cEC@pBuaR}RBQQGG2aEdLvu4y3j*dp%YRgS*(C-E4qm@J4!hpbo1Ye!#LC z7J9(uLS{6kNeD`Iybu}Bmn)L1`+s_QCIj;6W4g$caJm*n2H)K~iCHXW`zy*5^92}{ zKVJNB`R43xu!>$4AhO6_E_z`WNhM#vnu(NU@fwy>iWM`K7_+}EDbCT+z@Dpv zVB%ddFj&4TRHu;3A~J zN@t8lJW-2kvI%iD*)7XTMh}U1uoKckqTs}(Ea3Q3lF%#@w}eFtMnXja$oU*Dwl*Hm zh2qvgvoZ!LTPJFT{#z6vu|PkgU_?yMf%l_FL5INr%mN@6nP-$FQ8qTf&f)ZULL^Hm zRM0%L3bHyFYf<2Bgq%8U57DYk#%?&fC7)EYuzrQ6sfyrbMF>~*>11^{Jm`0WW(xUH zos^}wG}C=Ng!@pma9Z9jw~J{eW=xXV+Hsq>_;K4Pqo4@C7(bfNtHs+nYXGmTZmp51!`{j zk^#lxVxJ{ygtM6Kt1I4H6g*=4=2m`IZOMIgleFCzRZ^boGr@XhD?Quqe~FpYy!d_# zM2SX7&jN8YX{m1?P5RCb5N%NWhrwWA$rpIZdgKRF3l!u{5 zRx#-ivZPrQ3J4HTd;kO?oX4o8rQv9FYzfeK6Q{o{5->@EOit*6sw)K4xu=*u@M)d$ ztaiu?7ey_LC*Hlq@wFA!k3d)_RpvP^XAkLLzaSpvZ=O0ym&MRx7PvcPb0Kd?BJM zt*fGG3xt`B{k32+*F}R(t&B)8nS7gfFv=M#l)kw**QapUR%jiL%te)+NqSYpIZtCo zmO^UTC68s*4rqjTO=YK=F&o`w&~^+1CpeoBF-y0!pgbLn)K%#BA~xeR=?wY`8{g<70m@X!T&(c2RNMt3b+(r+yV6#T8Vqad4A6(|-lJ(v!2ttl3w>*31~_Ru zz=>V5jdt-%wh}i?@$#rhBAVn#%~O_XZCDzyv1jxNU%r!MiZvspVTcgS9+9ahs+pex-9VJ#{ar z!!l#8S~?I;^m?ccVKI#{gC}IUo@G4h5V8^x(}p4_Icv0rPp^*pZAnDm8CmXeVfbq? zh2+a3y--5gln4_KqBK05eMl2ECvV4YI8{u;CcOJC1muH&xRRW5jC;GKSp;TKnsXpT z>piu_o+r-}1qyvY?KnG4?U-;jAd-M8mXnQF2k1>a;`oQpC&*sHKhk@YqIM4Ewbpgf~Sl zR$x$7S1OVEsH#Dj&|rN$CD92lYIExM-zc~V3v)QV9kOLdKM3tzAw1s$OXGAiD#$gq z8t4(4An-pamCO>dmfZXBc;u}{llB{mEK_sH`HIP$uAoNqilQ){0f8n{E>GV~)r@_D zp-0lvKy!FJ@J7=5deTR2SckOPGP2uZ7fP#dC~(^dqr)RBI1G*(mw&45y*;(EQ!--^ z8z71#2fnzVSrmggWxnmm=s`~L5K3mq$YD!0;qdU-8|Q}2xvKhkv{y!gYTE-}V8G@eh0%`aTj>x2iI7I2 z^uy!KP`-dEU~p){0}c;c>XCz5&E54=Uyk|E9&qyErz;(pr9=tu#@np-3c;z~z|IEGJ^FLlqG>iO4)N z_tl6^AdAZ-vJ0n2R=qDq-DARNG{0?gC;?{ADX7yij{|>4X4E%4LBCLu(^O}KQyb-R)N*A zsjtXKG{`L(Sqfp}rmu?`>%{GbaNQsDi&SWliTndoq zd^MWTe88Iw6lGaBaJHcr|Kxf3PiZl|*+B-ppK`BlDT1_r=B+0z8u@VT--)5cP} zup+yy5zFyaGw!xWWr9aVB;V$C%P0wBMzfyGY0P>lkHARp;(mbYfdkTTH7DF@$Doce z^}-%CRcg!a$Bx^Vou+CPeiRx1n;K4hA)+^WIe_4Mc0ka|U|BqGvl&KPC3igbhEa{+ zSDRtO+R@>bV$2vY0~A-InG)l5kRp1TQR^;A{AOHjkK1_QjjO8bHpi9tN-FH&=72!+ z+#aD)OLO)1EUThcPPNvb*?L3kfg5#I0+nSay-ovU#yzjbWn%`cDyV~&et7rRSl}i3 z&p(lYQZ;c&M=kA^hogzNq?>^eBgIH-0$q zVkDb4rlxv@G$9%L4Rk1bi`%Fz?;VZ25M@nXY{-KHNdco8xUX_@ zGYpP`fyw#0-%p@N)K*{{^>Lo+HssE_+<chtYip*awlGsU3yst?$UGK#^? zjvBvGgp3YwR@<<)>}KfL&7?->PhF-^RVKH-eQia~1vu=d7zpq;_(Jmpuq+$WABvS) zDVzrcH>h<;7G&HXD>}!86>O$W-kdqlB&s#;2HF?E!!%X%AGB2h1_#{$IT|o;V;h|E z`IO9J5ndCK>GVl`KVbL#To=21Rd#eHkRIgfVNg`?-Lvm{vE~kH^n6Yd$WQl}2#nEd zy2>-qk3xh>V=RDS73jJ3=+tz^-vy`L{prTEYlnB=1GePIMB%5kxy!wL!8QmeE*8 zGy)eoy*$&FTrivf0E-{9h~bwuzBcImw-!-*%x`avzA*bqk=m+qqc(GyNu*KM7mgEqqZ(9iP zhpx3zX$`kx-C49*SJ&Yp~Ur2+A&LXmSZG{6q@=R zwUmSoj)q=dC4{*;?REcVIMr#(yPsYiw6z2u93FR@NLporE1vLTr7-~&DUuk&56@zN zO2TgAwatD2{;Y!xLFQDvSqX;%q+}(*ia7-II5$I>QHcmFs#TtA+1WFSd%=CXei|So z1kq@1G7GwT6^>e(NDhvUU=_|2HGavWQvB$OtwgpqF-oYF#C*jyw4M!KOa*N1@CV)d zaZAbX;J9!1fO=u^>Om9PVi@54HbNjtZDs5Ja3jr~*3_%1$$Zl(wCY$(dl-2_u8*YA z95F5tb`M?lm>!~@7zD$~zni1qc8QMq-HxH1HU+&FN~!}5&Biqc9DYKAyG7mEo;&Uc zq>o1PYIxXplFqjHCKdsU>8)(0vMg9ux_wCE%rqd-K!?PwAV#h1Ki>WHYSK2;VRAg| z`Z1Y`CAhRQrBs4!3SK6Q9-vyeKu_VGdCob9!H#=DGrD46GB8?{)>Wm%^MTDp3}O1z zUT8*wWS2=sK53?*)Mc6!mi>Kso)t8l76@0*g$YFNTedU|4(!Hm%T89y=^`%BV}^hC zWGGT_MVpu_5Z%ygb!*F802YP587;&nI5=|uK&Ode@CduhGx`fy_>pQLMJ6;t37*Dq z3BCL$X?%@n8D{ayrMJLPTG&6$P$o7nX<(y=d=npwJiXFpCGa^!MJVl4%!yKLl)xV| zmn!n<)j5o#e@JJMRgJd4DEUU@{G>%Cu7BV1LTH?B883RYS4j4`i3aCl) zTcbZ*FHVctOFOJ_*Qr_4oMkJXzzl!LXvi*D#)0Aj2SY{c-TCRaK8I9XnMj_541AXz zqHmRTrllaP&-Ce2OnA=(%4vjZJ?wG&)f}6o>Ba=JO+nog(^31wGxnTDQ-iW-6Bt#q zS{6fNT_Um-jh)d306fq`ZuaJWUBK?m#B;^)zcHV|!+|{G8LHZLJR^01d|k2Sy+P53m8t@Nd}W;844C?<6Nd$D)W zeTTr{y`HL=O}L&qXje(SXbXqR4FKI%oZsIm}8E> z_msz&33d+PdQ(Ga+wUWW3pei#hNRx&Jv5<5HFOZ~E`zNCP8p$jPQz;=i)>CqLv>q# zE!c5cgIi;G6hy~ju6B{!QW%+%)_KB6xD=}t4al=hT$drFJH!t!3~V2Lx3?Y@J7Y05 z5;&Zgy2l>n)5&p5Q}g8b5QLSVmGb)Ty#{Oa0v@ehipBt-b9rV|1URL^2GO?O6rK^^ zzT$Ty9jx3@6Cx8V@TRrp3D_$xF3GFO@x-h^OPj&u*x3x~InUTN#0Q~jYekuL%J#Hg zrj@WIy0e}F_8{B}iCZ603Ih$MnwEjEYfGLrcliI>zyTbX43dFcfZiFJfI zK>Rz19K6js!du(WQN;zbu6`7f($u_Ukuo$KB_>T1r_<6#H94MmyT2vz@yIz4HBpC{ zQwnK`Ht64%*DDF|*37hIoePtnB8yoMw_J1ffP7zMKu02$Qy%LqUmL;mNz*%HZ-SJy zFAy?#1e(={CDSJm%HlPK_2?Z?TX=%ibag6LVB{{IqXP$$#(k7PC4_>tCM>dyB{_IT znPf>GkdFx%j^Q2M1s>{8F%7R}rxJvnF&cHAU~F@N4X}+oS@gnANt5V#J$B7azjYT~ zyGdB2#*Dr-4kNci61X?Yvp?^j&@)q#L@^I;#QJB1GfGf=W+X^_7!)|j3803wD8@iG>>p2YV zX11N~L4QMUeiYQy@b{@{zNG_aaxlQNf|uC!peRS#Qvvo}k0$642B4-&i78u6JX-e! z3F>BgYUbUROCL;1CbhH)*9ue+)JOKMOHU~y_B*rOZE->;hvROW?CQ}bDfsmA?VAs8 zacJAk%0z%Y$)rBP_8B}Zbx&iy(5Oo$B1Pj?Y`3IpYxSgsi9lc1p>f$Mu{WdhIS)xD z3M@#V=5a1_F1`h{Ua{6@RAbV^zdXa6dH79{FGa@x26J_hL~3YlGuK1Zq8eo{Q{rH1kAS^lU-IsLW}Sb3@mz**ZfoL|lxw7N)}t zqot>KGC8m^DWnd-|6F>qV)t5_G;+zORUva9Ko4cqc>M)L!$XTJVddgeBNs#Po)SZc5RSM zHtx!dD+bTaKI9o=`zxv_sQt-JwyQIUKW$J10O3Nv2CX|XvCorvMiG0Y$e7pYKIlg z)u;z;CHKLRrExZ3`aWl4$$c~o4)>~r771q1N57b#(}D={9`;X_WuIaQnL*=Mgupn| zc+w22kXwn~RvT-Z2Yo@gBc`hLR zPlVSDGeaS(ASqIizitFqn$n8L6nw|Cn60E=&H!X;D&0`pUWEQpZ9hy*z^Tq(#SCX_ zOwueq7v$pn%#O00^FU*aeSx90-I6|PqGu-TzByi7B;-dHuZ(!QN9O!arv_qD!7Ydc zJnsPYp6uFd4&)m<|`;Z0bgAdajX$?sMM_5 zRobXsv3}bt*4Mni$YM+`t(NV_+FJoBLKAU4CK$SHtLgR+y&F|EWZO+GtKU|PPRKhe zA-E_p4G8PUp%9)stV!cucBgaK9t$-0RpkMf+%)+9rutCLP=I-Pcu>=x!R-264^&24>? zjNS&gCQ5jPboV5$El*9l53@+_qX=Rvd-uG6e2|Wz=Pgtj*2yP1N(hV@%^WdR!$B_!=!YQ^Tje} z333Ay+T$77Fijf*4e{K8w}nib>d8*+L|byv@ey*-?_-{(EV39flEh-cLp1gRfkEz2 zqCC3rQ{_v@-!eV{Gn|%2qVdtB+x3huew4iis4LrW-0?C>fbFs+r5_&+beA$0nMV&B zNQ9PKeQKhq)yA0pQUovBR*c=LaMHeso$`*`g-JX!(Ev4CjO$;Ci}Elz)G8ddUHC)i zLmSt8Xr8U$-T5gTc8j~73opC8Z#8VisVOm-T8)(#p22#s;gdeK@1`rurIwO7K0RGSMm zl#?qm^U2&hlLGC<4^Iua0|IW8IQ`R?Q`bi7>8ve^L+q7$=^2u$tr!`b$ABlaPzOG-x4Y|1Cat2JqRwI-A9hS0E|{UScnc>+q#E}+R` zKL3fYxV_hHjlpAW46fM*m@7Zl%t?^CxKMJ_aa#^Lu5-{yFX9WHWA*_Q9ECa(icME+ z5aYJBWX9u>XHkaLg8(;Mk>UMM-+A)7QOWHdw$$*(lOwMiT8Z+~DihC_AUA$1$+Xv# zEbl47X=<@N&?E^iE1PguPDnG31Y0Q23NCHEEaL-5$4A@fxJHH7q0PAJ+v^xgFu0|V>xUTDASEFMnwDson!}%}o$>rPs^YQ%h?b(S%Xrk3LU!}+K z910X+Cb+Tuf=qA2JK&f_8k)LJP0L}wPWaG7Y$faj<@WDImszw`sr(+&ZoBdF(LM?PC4teBCV zVQY*RfY2qQk;XdWD@Jw!Eu4eC0I^+))>~Yda%h3<>b&b5BFHO*(NuErQb>x#rYr<# z{D$Roo4&Cuqp?4;%s3DCjT6z>q8rb{_iDjS431+u5>+uU-blMVy1D_8LVK#LGyrFq zx)W>+6iWU;eU7mRxd*CZCZPY5AjqGL5&eyC9$j1Gil7%A>hM}lV5l1jWOyZitGggIb>pU2P^PrXS z-G}9oIsl#Q{&IEI)!Bm+H3G8htnpoECj!Rh0h5+32j(E=Lc^!yB-)x#$NeMi0nuy; z{Yk!u=|(ds&4@NcTYD^_L&zW)4q<9oMF5!&@Ef`PT`~v`;YA?PdnM}GWMqSMh=kp^ zl~DT(^-__2C3p-lSkiF3z}R72)=4Es&Md3Bn|fJ?ZO_I~oefQ3S~@w#gJX}tG+djC z#`)yXx+^w@2nk~kY|0=?qM)7>TEs47q^Sj_67`(%espf zzV3i3EDV#H$r)uUkz7GRYfL?{owik&hAv`cxH*d1*~V;K#fsj2Ost|dwV|jww~0j7 z>q%zd_N*%J9$c!mwn4xWR#a0QOiM)56;J%WT*W2i^(#gb2egy1GHxeLylhR+5Q^iG zc}BS>3IK9(lhd|@lBwf| zuoxY*Jc*-&gG~~qS8~7{@KIZM+R-7BM6B-|MNr@kn4B|7@VN(ljtTC+q%65w@_A0i z!CjeY+Yz)RcB4Zic4gO~e?r0H10vho_a83*`{I}L_aDl*^q58hX$=x3 zVV+DGC^Ng3lHTa>Xj?F^wTv`W-K`*P!fe}ay>={U7pjGiqviB8tYQcG4W8@4cGi-A zjE;_Lwy%0^S#-pr4NMC_&g|Oc;@Cs4{AP5#!tF*||Ig@XY=(N~d$mfiG9J3kHPeZL zCbq@FiUEmfOAB<2^=V8qKIbg*1AyikW2Q)hQqWA>Elr-I12lQQy-U@3e*5mqs~J}{ z1WE@aU=MOzGU>TY9#8|K6tb?%0Pd9o)={K|DpmFS-L|gvXn^Ju@8R9-t- zF`tv~c#>yy4JMFONRE|h?LgXI_A#nU7iZrQ4k@#;VNp%1ZNr#Hli|jD=`M|-Vk?oT z(Q8@FgYUMJX-g)@?o9W$387$=8LQYmsVPE37cLhceXWj}F=Kza5Lr%RLW_K9 zS!p}(mC_}81Hfn7MyTI6{{lpoPuyHm1tJd_$gkVRm>E~=~?yGO&k(BVHT5osXc3SjK+ zr&q(aDJsJWs(IVP@OPW4IDlZI7EwLUA{4{VM0m|I@?$Y0yAgUVv{-{+ z-(U-oN{Zx3!J=+p@j!g&Hr)z#VTGY}wa`V$kXwycauEjGH8;Q5Jh^)FUe*oy1}Ogr zK@^$tm7!U|V<%0utzbAB47(-)YKu5kAhOaum_v4B+jefy7~Dc z7W-*r?<%Dw)NvXHBdknXea_P=^(%&Z!b^eb)X#NyK{xjTPwA_XW~?W3k&>9tS-1{k zrJsAr6vM-o8r1M`(CuQVC~^^}M3^W#$Y!kSg`Ok;mb%s&Fnj>dLVmvsdX`%7V`g$XAo5TXSHFY(+ zb)P2h7JgNOgM~3OumD4j({ev5QJXQnyaM2}2vR{{yk_^>+Lwk$6SsT*?m%>(nP@5c zS1m}%sUGuE1CV3GSO$p<+@wPnWXrNby05`5?j9L&|)!0y@DVmFp z)r`?Joj^T6XQT+oxpv3ut0aL815O)=$ur2XMokg0HcdOO4I|n!UAqHLn;wZb=4v6H zD}PvJY0|ariUHwVN*oVr)yyPILdC1C?r3!!psNA0g=!c{Q?my>_olh zs`za#ztkj`mev-bn3)x~0=ddl_|IorC>{iNK9_W3RTn%U!{E-wn2H-_E@DS*1X^c{|?Lo_`bT z2Sy<2S%K6k?>L)@)3FU0ZEhn1mCR8VGmXti=M9NC>Y!CR0OLv=m+I*omgWM!OmMo* z_Oxdd-LY6~4FiNJP!Bx~=S=n*c3~&Bz4|(Up+?;fFKR$jf+FF6EnG%crKAxa5)?cY zU$={0%7$@lUN^HxK1pV>3|!g=mZEV+!G{?a$4@pc=0ayC*&t7Uo!$$pVNw?-g(_TG zJi$ne#wD|itZl8k;Y2G(?zq~FyS%1pJ)K_4)K-NK`;sW|944yF;U~XxxI2^Ga$Ds(GhUy z1dX(=CE}=Y{9hmq3fVwU=b|djgJnG+$h}NMdh`?r>fsvokgF-Ngp`xTAV$-YJamB~ zW3SNYas?zE8w29U4Rc@D)ZQwVp_i1V12o}^3Q%_uib_k>h(U$ppW3tAR>GT1>f)(p zr(VK6=x(L@QzRFQg#%O>w#6|Sjt0))v=L&zF*dkvFF{i|c({8sPI9gHwfx816s}VS;7ITmROGNE91_hC! zLk=kk(==yExF%7d69a(W!SYdgE%%5?NvISYGqoIa0UaF{u16tt2^B~ZqYIrrf#Lx^ zVPHqq)jN8~seiVlsI72Npai*rM8)}$keO?2!yL=Zt(6;`VVgIO%gX)Y# z)mob+lbG$OZM^-k6mMUOD)#K_&TXm=B&Ovs4LomwXW^hKE%Yu_hfX7G%PRBvXxxj= z=r$Lb64{De^bEq~nRixZG`x0h129kE9kJWr(it)wdd`r+wg{6=EM*Y%waQb8CD#h1 zr|O_95am##KAmPPQkoo%tK}>Ma^Y&+g9pP`>6{m1(=;Dd4##AI^z_Wj3E?vE@(a;b z>Oe`f-q$d()5|k5Tf^Ol%XQ*I7Dp^*Il~M~lUWEp>`){(EQ7ODZck!R&8N`ypaEi@ zv=|Ay%Q3hI67uCfCdUKn-il>C*PR78Q7dNa@b;*E7SbNHEQwBJ%-!>R%)1(F1EKFs zdRD{2Eh*ZvrZi21av}yc9rb4G6KGUJSatU-m;o39s>_7hh9PLLU!#Zb_3Lsx0%|pQ zD;(2_1x&%US&QATC`IN%Th(aF?sAq$j1GEpac+Fq<)T$+j6?m^zKW3+27DFXen1LU zhd7l-P0OWIX`(S`3-CTT-k3q(u9npR-F#)`5wcM{+0sSLA%3wb-tM3jY&?gKeBeqP z5ZU!yM}}+6Dh$FggnVje+cKqna6GDJpPagY2hZVxX!@qGrATbmSC^v#avV=0D}xcV zU3zuvd}emTsZFDS+6)F%McM#8lNw~%XVj6=`c2TyjjvE{lnvvzrUPn4pR1G`FFjKs%5-3* zQ^p$Efy}Dr)hI^?>=DMnrl&R+ zZcvdsluXscri9(Gu*ea2r1MJ>V*WnFH*6RSI;)s0^M6-MXWocr+F zzJ8+zV!{3^thC>gLL}V|Abc;^vy4ZW)MPxkuJZ@<FsN_jRfewK_s;SxDh_!>OQ!4s{x!AscLpAGGF(4P2h|r~_V|h)bq48FjiZ8F|KC*!>-0m&?B66wIFPYJsP`t*54Q|a=_x0n{xe{`v$gF)Ae#1way zEZT9lrP~M11-|{8TQ;U{zO*RrmF}lox3;?o36h&?=y@(9zB15hJsahq<3`Y+FYN(p zOKK;Z3BN5`!xPXC%fwa8$&@8GRVmWWy{!U#FtW7%uytakQqfK?&w7e5wUgJN^$i7Z z!Yq=|lr7TW@im}*h9~a39kqIx_2%=H2DG z9rsU1*R-gJy1KC*Hf1!}8=8T-P{A8B=`I%F-w|6o;kFXyXl&040A_#iQvZz07!2J; zhr}QS@V-NJDpRx1Kww}+EghNC@ot)ux=q6d7t1Mc2W|bVn@N4&PQER19Ss|W&AOZ^ zO~%tWKsy|AvZ3vG_n(JyN3hZ!z-2(mm8T2L&QY_IMOks z9vUb$gC}U`+?KQtZ88&<#`&B>p*^U}AZ0vt@pcgKu*%b^i>-s6TBc_YhKC-IGx>Oa zRtYXGmq)PYu&r@vbhO#WyfIR-yu$%x-rUd_>7U)WwpU@$FF{p1jD%?^eXhhJZ6|Fv zOoRPh8H2McDiZUMC6XCGr>z2@4YYPe+g=ARXk;Upbwf!!Z9UexnPpgAJ%+Y*jE@gD zRcf<^G>yj4Sae4lO-=GkQze4qmg3;?@dg=Mmw?jI$7Ye+R_7S#>KqvIS}M)x1(zTS z2qn{%m)DKPeqcmpp~u>aj1lWM#N~=u%E0g+uT4Hd#oTX4-^`u}S0qqZmP%|y>34t|b zP?-%#%>v;&ylkQ!+@=z&f2AQZ!~BHaZN_uvM~s5xS&sID;hWJlIPt8tRf5}b8vKe= zPpgjxYHb45?=MNbz7!(=-j2wW1P)%mHk;E{8tad1QC6t5h!_D)dY*L^4yp~DF*(nV zJC)6>0Q-)(3^SI}BwUjj%WoM=%9hinGh*d)LpfRsFvq_9(qJCbW^bLN+@K}3b*K&c zm7*B+ND-b8KiI&`q$Ni8eqN~=N=r6) z?B`(D4SE(d8N-^b^lxyLfodu?0fp2-k%ub38bTSwF1X}-1kpkCA1n`p?xW8m#Px3S zdo`)@ia5YKmXyn!r82OMZQ#m|6#DsNHn+s5Z6?MMBHBTmDE*FV+luCjx_$5+KILZc zp;93+lv|Ba8ocCQB#wpXoH^hKo)Ajrg@)Titd`fW$xjXA?hrq1Px|g_KPSlpW;FwG zViBfPk{NSZIz-6}Cg>8RnOG;FSZQ8o?CIDUZBo__VT{{;L{*8JG2k({C7y>^DG5t) z>qYKk(0ZM^9JV~fhh@dmPo>(VzaIG@p9#C|kcNsS>Kr(~G6v}YwNg%IEa{Evv`fs0}gV$64rmk82MDr>rs-z zR|*5`AN6~^-mpLH_eaA?wJ>P!3!N>uR=q^rntHo%)_~)KSF-NE>1CqGol$3AKthp@ zO~7N-Qg}PuTE|;`0clnBnj7Twr*jvKVtQ>U%pYzN<}1nzyz{NBL#nh*x73w{u5NiA zF460#+WihoxVloa@XnqIB1ek}PfYCy4}W6`IfYo01!EYq=3{_p^CbfvfCHod#48W` zDqnKhQ;%b@+a8xaN2d+5J8DTLj)q(6Q0inoU&uOz)HRPDwXMf>wArkQoYaLpHKZl_ z`nWkeEe#DNuu5B{r$qA+_(C0`TD%G*xOx~Frt_BKwDz8RMt2Wl2V?`{vi+bl4Z5Qj zx20BkG%^_BZBZkS#=db!6gjeq1|%UJEPN^otRIwnN&Ib*N{@Fr7+0O3j4R2H zA3j{{56Lb~qCGNO6B`b^M;4bCrxr235S>P zAqx!D78j_RM`7dMZNT+4H4H+FbOP^%f+twk#SID}i`pUXDNUM% zs|AcmHqnYFpV^A?SQ@9f`hF$CYw{-|=5wG?S3iHauqHv%ReEworyhacHi!T##F|~cT@sIAouse!i|FT zj!`|DV?l(GC;4=BU0^7O;%Ga->*U=KVWbNobe}DbaN8?B99@ z859vd6{{I+hION>!=nQT_J|fDtB@!x4+HGg%t)PK6f)nj^(C86&H4ZnqeNYmnBn6* ztf5NvgHfl`LtrW$nc>p!unYt988H}!Ma%;I((RJxraqX*=Xhe+sqJT|`q4s)=4L0_ z*qkvEu`s3@sWi-Nl`E001M;1&f9_Q=EQduSvXbp-(CHWhRCPw?tYSf0#YyU%!p;#m z3-itnPxP5~4MNPC#lJ8k=yy7Z28)MOosGz$z#4z&6du(?s~?OGg2^=Ke2>Xq+~IkDKUWkGw&6xy6l{ZaZsE&2g#1~z)ZqB|cvzW~y2R=z>swoiM~C@XOihbI3%3*~lN-qJVFQ^=Dg(J< zIhm?c^A>7<8fI>Rt1rRNr_&}h*ssHb*UQ=IK^5fT4lL7MjSZo8I7I(;FXDrdPI!VwpwfTmy4u8T!CGxc!IqJA9i}=mo(=q{x=^x6{8CD zA=k$m!Y@#SlBuG^H)>C4oG&qdPTIwA9vYKx?@aV=mge|-VVvB8&_yAo%qQ4FT^$o`YWKXupby+4DK0BwZdXdC4D@1hdLFn54EzafaPKrt;OMYhAz=m| z&BHE$v-V$NR*fB&-T+F+XG5lA;{Yal0PoqYtwQQu7wc4Xc$^J4M;n^^W;~6Yi&Fzf3Ii)G)COd)rh$$7Mm^Wz zr6I?Kvd(Q;%j zu-sA+*=o$FMA@RGDR?MnG3)d^NVwm`O#5m=#%~PFq-v^3c{Q$wQpgfDWox~Z%Tz>4 zojG?fZeB%gT{jYT)~x4V>0JZNeM{GfWvwmWcJ>+!C^lRoNU9o!;)^HRbUUpL0dV>yf=oF@XSN1HtD}dE z<$%kahpGdJS;o?vn3Aq^E5geY zE%zHo=%v9jKVx&i5l}kL1`=7)h&#lC_2O{QRI`;5=WSZ5wKJ_*>89QW*&Ar=H`?hF zv7Q4NH$-7*EMQd@YBHm!T4&-Xzabo~uW!0ZsIwMm!q61C;GUE&xj};v5d=|%i7(Kb zg&3<~6i(>^@2U(9pq_ILD9+ro#zQLvTf-6jTn${P{(3`KsTLL?Dx0k6Z%|A*%YDTb zdxUpPavkO?i#b+n#W}3#HM0=W>br#A@C8sDyY!7N_#QdMumUI*fk=0&G+&?b%v6p< zU&(&HO0^CH{O_Y0ZrLtYfjS83#G!bWm~L9xg-sEBc1T^q$B zO?*5WWqX+ZTV4vUC^MW&tb=R8sK2w-9RN5+W6d~v?bGy+=VxTl@B2^>(&z0nw*3Fu z`}gLykt=@~&)@wjy5#!(EO`m&VvlE{%}kX>_DuAR$JSc*Oy$u|nIO?55rJqf8j#G5 z^WLB8bLk5JQuHmGZ#}D2WlW&aefoZ`pOf7dx^{BLuSJ9KYx6k6m;W^8NJ5XRYImJQH_|SD{dpZk8&)KC}?fw1t64G2GOTU1xEu2)5(}P^9W&vpdecbYRl9^(fP+|p1KI&jI!MhHW^02-J zXc@CBHK%1I=LifpQtum8LzV+)ghATz2+JS?w4QCK84s9R%~TC04mh>(b7U5)t;56X zU*Eto;}ycdOJPMs&^O^)n{8RpJ@yC&gYsT-FpHk`W|bS-l4&GC0L)F1JcUb~ z(eWFz_Yz%6sR(VEmg(?cS*C4;Ze=p7>kN*Gg*FXXun?ULuU@+S+0DOhIe1rP(?vR* zGJ-IE$(6DL;($T;AQ}S^#tTeLfOE@3S(4;PaGLBuyH~kjc!#N6=~Y{LbQ3(gvQ_b} ztqbJ1O|dNOqGzu=pPbIoEj&C8_t{F#6%8uld>4)BxIs~WY()xf@TC;pq7I@#Am)AdkKlLE&F(+4w&keRf;j&i!BV_dxz+Spf8+J2N*bm;cc!gObm_ zT^I*KJX2;>kOi$Nno^BWM_3p%=3urqRAVfcfGn&hrCJge?E^~40?wKC7^=XVUCT_) zYGu6g(j{dEkU|JmWCf)Vfey4*pjrV(-3$c5e%-Fli9)NKy#y=vyAZ3)m^)pQI}MUS ztz%d`Mg39GK&fU8c(;Wz3$5);bbrS&W8fa}V8#8Is)W=%$?Dc5wF3QPp4hQWcqBP4+Z>EU z?0F9Q#irMnR9?)4U9Glc9xWz0o@tFN2m4^Uv><@j$15eu&oB}$ zJru2c;){^7nbsjWM`OFra40N4VaP3s7SpK^MMEtS0owz1gKaEu5TKza(%CmaffS+tUGCZ! ziJf`ieH~D=;+e(6jWV#a(z(l_cbp;I*CX_p9g^qlbegto(3oYHVqNQ+dh;BTQL>7e^bS8#@Gyg|ypMV8BoaIal* zP!`!-Zb+B>yFao55+gTOv~G;YI4w+9FecHth(u&^c)6~0BN*okLRT_VgwUDxlMspy zJmh!w`%Z;Gt&ysL77Sn|Ccv~V(-7+i3Q+auE+L+{9`3u-@_u4qkaJNz+@jjE7f7D- zGMYKV9<7dvZW_I$J@WUz+bcxZax)YT%m1K==3@O&RxY-=go#%l&gg+m{_ziyB#FpY z1-X=+%G+acQ&jnB_l#JoCbI|7sgQ67oXWrd-D}SGz=J$)=4G~2doq>(_y>Ig+S8%$ z+)GzHh_0~>O1a0LEDNn~_D;hE-hZFqp_yQMkiAn{&k4L^UBw7~nRYq_`BX@P?Zfu| z{`bU%gCdc30MKX0Qu#qv=m8?1Sc+|NRpl_EaGv<1m=tiJu#xCWg&tgeO;`6^L$ZZa zm;tvoZQ88t7ER?Dq{^Xo5K5lLXGFok%hoiaR<{bZ<&ZI;F6Kp*m60xOV9!9*{GAiNw;IghIR>Fnag^Jk|lSggP) za*sR%lb2_|JjctjL-QUiEZD1-{8RgX>15}RVVR&~c$%h|Vnf)6%O$2az-0^;c0HZ8 zH88xH9N$~_7+j$W1Ck5|9&{xa99&|d#`X-1hdY(e6lT@8R}l1b+~J4*rYCX-Qeg3+ zx;U6Y(P)H)vbWlKm~g?!Ic!T(;UPv^z_i(BqkD~4-?JZ+NjAMWPKM_Oh#1NcA1SZ-6T~7)quvBV%Yx%y12|GNoX{%B_o;Z z>S5!J{!#4w7@d16^zPLpdv|!YooD0xLAJ z2IxkL+T18bKZd~~`^@~5myC?ii0o`fVUd~enBuJ0#I~@x6uM3BI}~<;+T2W-rKZ3f zTee-1rqkE~3IZ$;)i9V8Hwa;#ND<_|Y&7`@#N;=NTDS9s8~4=CHQJAZv>|kne~&14 zU2Qj+Hw`g;c>wSZ9_kax@K02>6vv{HP z>c?z)^J+GO+`?cQEiovMgF6F`v(e5V0}Lcqd8?`hGrXzy1-Uh2We6i^TjcZH-aLTG z4EkjkU%~eWuC!iC5`)##K0A@iqG}tk!(32?wV8nN>zj~jB&ZNS|@QQ1@z5QU34(vd#vgu7WSJV}9 z^m_B+-=DqychEshGP4j1R$j;~&oOdvV;FT%7}+!-LKz;u20f`vTm(f@WlP1@3Hheu ze-3Ux*O#>dNy-$^?+2^!_kk^Ofi3*L|A5+pr*EsmJ#VY<%};0lVJn(t|ApUoe2#zL zf6&3UgHnMo@QSbQ2ObzKq5J#*TS|HUY{mWRlK2aV-LN~!*e|H(uUm{a zr3Lo;{(~ByB=m&J#hym!Df;{VgBT|ZAJZ3C2q40k&A?oOV-n;W`hEX_p#tdHn`Bjv zDNZOM5!K>S7KO$eSH+fuM)>`oeNwI8_a6j_vfO-~tGWUB5nQm-;HNKxmCIF`RSH^< zEju_8wnzd+fP_AfvRiB0DgvY6wpxg0_T!ZoRioyf4plbmf+TasRFJ|J%JJ10IT8*6xL zRE-f+DwoLr7}#+h=7pUHHh&?1fiRQd?-Gnb;k~1l`Zh>|nV6|wsXSDQ+xHQcL6ZsWuDmk1n5d5Dlrta> zTKIkc0jJoCU%_xUNf0 zikC%!XA-Y%ev!ZnK97DpJGTeUB%8W=+%ZJZOI-H(GAqi%t6$z++WihVW6NfBfGixR z<8;Y5Wf9#mD_6qu6Hp?)YU~EB=USdW>u@c0lh$*cO!E$Nf``lfnD<*v`XRU>a+Pef z{cP}1sP0NB@K{->as@*QKNI^Cv1_9BX8GYjDmhM%zx}sVzJeq>$kDNznsdv?3_QU{ z4!%`L`C83Hm~y=Y%mJ$%$i! zq=w33CDeGiW{1mhmt^|FmtZTj;_Pu0kLN|}VD$%5cHq;>0Z{CgRprj7FR+fJLi`{f zJ$h5D9z8mRR4)X}LR$`HZnS||CIEYGg-szYIjwh=qg0ME=qIgca*#g|9C3kj-c9Hw zE@nhh=gmkObqkk$mLq0+R#IGh41Z2azCgq0yme0<5>-Eb7D1sPf)--t0>$VU!nT93 z>d<&e&Su$g4r}|-Rn`;+y|`p^r)6~c%84rV9cR=1sH>Mk|E~MD?rXYCcfW2eo%^UD z$jSqGZB!#OIrd8Sp}0Q2V*@mP1fOIhtZ7%OMzJ=PZx&!E#?VuY#q>V#wX)klReU@U z%Ksv3gp_xMS@1a9yB(Z%yvO=PA<70?^IY4iX;-Nbud1o?+Gn&d8`X@+iW&O*g=bEb zAh)v-z~U`>EKl!--^Q@n?%1;vBzM@6J`d<3L+n2PDVq+axM})I9U<6GpUFirUzBSv z&Dh?p3N-~KmC>{2E@Q*eG^^0r7+o#|xLj22a)OSS-ez`}t<6Ycg2MtedthsBjY_6? z%AA#@J*Xx{l?8~Ph;2l=6k7$Ul}sPM#l_ubwGz?Q1gpfS&QIao43|u{TGcv3TV9ai zen5;tb6$)ala+R&;5ZEf71I#G#NnJ`MiM&!+&MemNvUpC8R<^hROUTVPALGBhJfbG z&Vj=#&^7$mUhbKS9pQ(tst*ebvq#0@sI_ML>>Jhd8Xk5cjOmUGz^DQ2rvpyaTnoXTDlh=q?nqf3-EbDLLE9Y6G?y_~FjbSd5)uW(w@HLV`;Sk2G z|D4r`$nG6@ehGE!shdhiZ{__2P%-gKwi5f}d{ScfXT?07@{93-U1nr}>=dG?a43OZ zj(|(O(4`XbW(Bu__?8@OaC{K1CQ51`)R4-BnaU`i5M8sg&N4*fpdEzPGE+%nRFl|i zS`N_g{oyKW7Ke>K><>24PUxtDxG}Wdw-eJ8O^Z&SnRj97FAm}mghw>=QT@_o*>ZDZ z9CYj=GYd?M*VOE07i^I@dF++RI;?^->dkLQp+w29zDWix3b}-~rY{jeW z&Q4Cx?o4dtHRS?(XuR(Y*&uc_uWxi=@J8PQ0X`;<-W0h^U(|WPA%hA29q2w40)nNI zqcwyF#02mz3W^S$GtlV@(4B(pBletl7(vK%y*j)hrLf$mY0$LaX!&1lF}*3*Ufv5l zxPuCf;Bz>#{sgE=s3Gu9TP?UTKjk`EaV?L%F&s4Yh@RD~Nu^dCf8-?^IdF zBNmgi!@%`Yk<-v^8@Na`>~tAphC&A;XWNl?K7tY&zv6%p*b|!%PI-zD=|0VMCsyT`rwHIH@Q(fslB~ z;97uHg=!Ix#Y-T1__)dDV-e;TCeJYhF#(dP>Ue2z!z`SDqz)dCpKMZz#TPkb_YVZP zi3(9gZAY6s%>wNyOf|1N+uifm&kWD?06vU!x(B@m3>$G?g?V>da|hae3QQof(ua7YK1GLUyzkO1cKz^-W&Q>itR^ z0)AqvwsY0>8x4Dq52D|}aiXf*6p@3_ussg5mgA1z?w2FPBP+|D%B*Y_6yXBC)ySdQ z(I^^A!ru0J_E1eD%&IJ$p-VPux~Pi(LZ^AMSC{Jm7#Uc{Y8~!6h!*n7M1wt)Yu`|Yrshu9H`1uN+q86{ zxqzXfk-1j5Q;t6$IEMjQ$FX-`Z442v|S2_C_QwU6nD3bwLk zW3(8fvTj63qqZ!-Iuh#jh>igJ4|4dj|HOor;}Jw*;*V@qj5%t9fo-Gg4=w}}0eB$X zEi(pSe>oDPRxT-ACJ5RC0nll4lX!@{0s1;&C+oH{n4>sA(UdLX2#fF;#(s_E-}J=t z>6$SJs5(PyY2&^Weqv6=aq4n~;Jy#dgCs{4~ z8UXdiKmlzUE`f8IiW5(joo0KGMAR*_g3`|IL?;jyk-C*mpaM(SFYlrCv8NSya)>M+ zNP+VC;}_7ii6{j5CC6-x5@MTCSq4W(9LZ9tJAz1N;f(UI;ms`o*hlu4phK;oZC*JA zCop{^+Mp`|`T@Ar7^!cI(k{!4l^}L~LO>xM=Vk%v!8)9+x zAOo{PHn#!|hU5}nkl-|&h*e1y_N}|EQM0zha8ul;Zs+*c&8ZNNhO+!y1{bi^k;`rC za_nfs06>2Uc~lcvVY1ZMw5pYXW6r>N{=SkpOtO;VmO092%1fHaUFl7+W$1ELr zSC_=YRs+e2Lq$o=?ez4!Cr_S?H+OQ?PRhb8-VsTgdx?mol4&1FmCjQ+c8&EYqMRAS zP4km7GiDrw!BMMWJSi+C2c`<{55!_|Hoid2+hsCmMcJtOU6ajsX_@3}2;|(}@@ChX zZ8TYC8U}C-=aUSLFLX}ztau1JhM?jhiZ%&>_Es4@B#bj)dDAt+Pmpn#S9Mz{mcxPPKwf*&eqSec~V$&=6lR?S-P4z{!E`m0+eKe%#n&?%Kf* zIW{DcTVY4piiH)G?hn)%Nf5)@z~1Gk##H(9Y=voz$j)dDASE2zdhLdjdRZAqc-;hEYV$=Iuk*W5gNYf#7(*W(+A2 zQ~{tDopF2#@NR8IA^T|$3(#F0r_APd~pre0IqZXTbsiD@CPBOxfZw{lf(eYpn6EC+=uD9!+U5 z0Sd>D*_vbm|M|X0aAG_7eYbZ3r09L2j6ol~R=$58;P^M1l0`v*;K(A{HOO^Any?@b zRDp^-0HvH^c4(j10M(qSyoe;0!1j*~P>|oLNcuyBedhA2x;+(A*1A-u+?99G6(PA* zSgNP;P&Ly-tRFXFRPA9?8avXR&)(gr^-iC<+4!lg?Y3F!S_MaN;2sl?MaKZfMgrWn z457JR;g#aln2xOohK}mB!{G$PrUr((DZ3sN^umc3myqE6yQ8CTV)uyPxu6Dz{T%`( z51pOi1a=vq5cm>?0`%$w)FH)Ii1fAp#as+^suj@hI{<=tDB`?3+J&%- zXD_e3h!Ek#V6JcH&%s8?gbcn#H9yQNldN>kq3?%?BNjM#q!Bv4Q@Dn4e8|nA)2Uar z z9Upq$`_K#bW5J7-{g*Z%WyCUrQ@02XB5~KzaK(0N%L_(a`x45mbqm&1hYlYE zYmb~2By4fS)N!`UdW4qla4^z{f$EwUMv}8_Vr~hjMY!C2QAPL?frFzLG|3nAKHBNc zLJ9m3Z2GBmYn&zkjbYpY?;ty3*A3V82J)1mjDH=@{dw5_J(Cmdk3(AvR&w~j0Z6R? z2PDI^Cbhw6p8mK-y*`z`s)PqBz~uubgd~8GT(GN$OS!0nA!rF<tleg;Zw{XKN#5JYjOZ9`?Ls=2~! z=D&2DGn{D#=%MU*YtA8-wF0vVm^nZX4Fw^ovV*y$BibH(`VQmz^bER`ibVcM z0M|JKj%P4dAQ1S}FKf=*>yx5)hogY>l|eOw9hp)_CezeNyxJ4jj{&pJCI0?Txl8ELW^n1tKLEAqg13T?Gu zoI=BEM&xIZe-wCy+%;iNX@PJeNRRaX<6n#j1!w3ktI&jI_F$A|Fuz)o7kesh& zVMI3;d#Q1Qg6HIw9mclj+eZ8nZdV+%ShY_#QW(r*i&31Dm9OrUd}mirH80oif*2r} zRr~G4GD7VN++2c1iVIly1x%a~U~xxqrM6Co+TT|8@`p~^k-+s$c7lRg!p9FycddD? zT`*1~?-*8T%5;e%W{(D5f4FikWD1dX5g!bp{=h$R_Sjp!H&+DRj zXna<3yZ{mQ-s79(dYKg!>IPBlb3r(z);B6o+Lds4*RW{vitGtB%2{1;le#rL3u5~$ zIHg}a(!__?2U+G^cStt) z6ho`=mfH-kPI=Fnz8OlkI}K8(R3U}EyG9oo-`#IE8y}6_wYN& z$L3t}o!*~9u=r>0dEPE`QRJEl)gks>P**BnSi&#@4M_3QJo{-=%GO55>IRSW)?XXY z*h|;S7`WvZ+X zOLgFb>QJ(B>&I>(R6X<-0l>S+D0!=8ZNZ!$Hwz-N9n$MemTI0&*K(p3*=+&Xd5|-y zkK^r5r4FQYkftm+W*oXStMc(3MNqTW_}bUv$=l6nWm&~iXE{7#r{_c0?BM~#lc)@$ zYO@gNEpX)~m1Aq~d8F)8V=^BQGHm;$YGi>XMU^WwwkC)&5FjUY$H^+FcC4{$d-da zk8GBJM5Dv*vL6N!3I55m3^X1gau|RyyHZV^RR;a>M6q-+5ifNP?l8{A1Rx;98D!H% zp>8Ro`oOZXI?8teD?C{-16pI*LIVc8*>Pjg#yj>Slgi;elT|Dl{q{J@ewFro1NOT->w`c4F&%C z1Wt{XE1fftQ@5Bs3LyVBWs2^2*=Bbp&6e4J>k3`vZyYL{Jq_n=k*hl$|kB1@@o=L@&e#j}0I< z{(X?ol$q8ATs)hLee|EL7cnKGr{aT5?){Uy6#9g};d+6nE?~)EkI$f$yiq-JP2fjy!1WHcCO$})sA3yY1g`UZFzlI` zqVZo|z5MyzSgvX{E8gGN)2&3Q>h`BvFSmbu$>4^=(b%BY_OOv2yYxn_w@lz>q6S0n zyC1)9E6k5CBdmr!z+~8AOg0fk5aU~k^3ndg5QU1f&me3kq5>e&&c|oLnd#7>_B;36&m4DNdvmrvG?U-#N_~VG(d`1LBO)%jyC^O=Z zU$M6js6x?>yQ%b-AgY&SlSY)24jZ79_hKy9| z=w|ogA$D5val~z&xt)pH z$j^L`zuD%CFU`whMRk+GT@4$r_y3II{o*r}}c~2RR;ZqNd-KzgoGm6X;x&%5OKQMD7RR z)7^Mo4k-VCncBNqEMRPcZ0P-jW2kaqV0!>%dK5yZQ6O;UA;U;}$)7}UQDQ#|5+6zO zLWDxj`49qLI*?#K0L8r#-ZSxla-BflW^_41&*QGs*$7ZTxto}+xG4aLrpnWRC*UPgb#+i!VJCy-nUg=+!lEYI3L*eQ<#D-f;kc!6z@Qt3xVKP6mN}c z8xKQH9(kZr*0WRbh<#G+zuJ6t>3*Pxs{I!uVnJbaSM~qQRt5ZG&(+}HE`|XfqM2?i z1piBt_q6j81MQloc-UtESI8++)nrZi&#Ks-WtKVHrZudB!pb|?_ZHtMwB4ESo-h6h1= zH1?G24+g0l2X6A_#T5jE01&^chI@E_P2N)S=EW7cH;Xul{m6TifR}y-iy3m8UCn2cqFk{o%8c;MV5~s&qcFz8M>6U@LT@yTg5$aTI(EZvm)F~8m(oPJ3*~;G z>UBfER&MykvUsm@`R4rc(0=_wXZep=X|J2wX>ku=;@a|yAfGD`RZ|8V0bffKH9)e z;DFMvPFWO6+^NA?z`rPMyHZxMp=Y3mm-h7kvIF)Jlr6MrHc|FxZJPf%$^r(lSHl^5 zqy)|~6v@B&vmGcKU;p0M7>1MuAfv-I@ZPjHbLEe1l-E%P9l2Y)UIv;_N3zxhc#cb!6dN;o! z$~YMEau>?(Df|(CJ5W{zT?D|yZVmkc!5WJO$fX_vy~`J+3=@vLMt?D`0ky1wyA?Ss zonJhA4IwL#2or)+{geatbVzp37<&Kh6jC-YOCRKG1!+YC)l?B+pA=Jhap_b;yI)&7 zj2R2x7ng$@?1Qu~Y|AJ_i=zz+g7$Z5h{U9|RcWE5jeRnuDn6jqa zaGtRlfUw%!-qf`;O!OFEzNDDI9H}(p%{J(d*Z~_%s~>{=I6es^K&iy&DFkg%4?u6B z9SU>X1hY9{9vq~s%qD7J*gR!eAPudnSVFm{;79)L zK-q?|>Qi=4!7oV}8ha4uo0|s|2k|P($VSGTfVC#OM>f&7gyTRq1;=bS6?^a%Skt}6 zS>CD|@fsj5R9ws;cIT>_mjbn&fj=PEx)<6S|w{2(2EHTCJBYXCTo!~uXpLV^rT0qL}E z;NbV6rvVvZU1>xIZpN#~E7x-U1D?Zs}9N!a!IU zS;8FK|u<>Ft~TX-unabdKB+ znVHDTW>!Gz;hhdm-=nX|9DLT_7Rzx^Xg3=&|9xE^Si|k^mh0^Ii`|ks#tJ;>Sb=UYBU+1qB z$wKGKzd%17Y2(M~(FUE8E3{kWj<56n?mDj>4(M^Y(Of(aLg2Vjc0oOWn=DN?NNC6I z?otRMU9!BWlrfjJo@`(JF5;!zN#kp=_s2cee2u@IyIU5wYPa5Q>n_*wKh)dZyBoy8 z-(Tko3?y&#d``Z$0Q`26m}Xt74)|LtuUr;H#z4PrEAY$pXnT2!QPX4#2@n^4-+xdO zE<+OIG9*DM6l6ajy!ZXx-60ssclU~*_cvt(k7dx?BHIv?^Tq#mp4}b7oP3?!UD8Po z_hml}20wrG^3Cg4FJ3%<{f^?FHam!Y#^27}-64R=*ZFkwM!c+hhv8@|g$!M|q8%yPMVXU8mxMd_jOL10344 zENopZ=CS){|9z0xzu#X7!gV5`neBDH=;O~oED?at{O0j-!UDxis^zNrGSSMLN!ziz zSxz_DZ)&p8`ev(R>~9N&c_E|JHo*N6R4Ugd@36YB(zzkhc9e*E-JNAc+16?xEbD{( zv%ZsURja9Sm15AwUC?~d*(G}PTJ&!HEay36lBr^h3VP;BH; z3jg~8-QA_oV0Sm(M*V1E>PhHfUqpC=M%fTqlmDzyMZk%a)+?}c=O_l?O{C8ZXEbn4sB;& z_3z8fZeW5$p85GNl1+E#XL5os(YKAQ$sE~B*OU6E48*5**Kr6}ssv=9pw6>Am;LwT zo>MpdSml$cM~ zP;OI?iuPb>xgIMk*XqAoWg6o%hZ~~&3kqkSKHh{tdZnhi$~!JR!Pt$nRe{LNz0G#)ZXbknOPv&n<#0Tsg|uZI@qu%DPYa*?_vzh5 z^v&TqqwZqCPwn&OX1;278PB)S)z5V{RhOzRbUv_@$yXE^oa^8-Ik(@*6@0iG3ZjRV z@c&H8Vy33+X{i$6g$^Is|0Ku&*NJ+srY+{EwqqCoBd&BVKgh@TGfTF+lyCW2VE|`; zy;JaBjCsVaMmg6Z_d7|(48(q4ciZBa(ciD<`8)piCmmorU;Mr9GXDXdG-s>g%6X1| zkUt06jDt);++WbNOfrgx4pQLYoBxXjA&Wcj@5?}^guiKrA|!clMEwMG6Jo>NDQzC8ee&-k4-5Xt1YTDcvBrJm+EzP=`E^1vB#<`bm%J1jE zz-=S)bz9kcTmD?@_VYq3d!+5Sn7O+(QUZirJljy`AlVO%Y^&nGS|y8IRhDB_^_OES zcKh4;dgAV8tK!f1gaP>O+Lg;r7ut4Kieb%uf(=SW{<&RfxJoPKhi1ZUXK7D5NROZ`Z&rDVwUKJ0E; zOjTvJfKml}*U8h8zVb0+mV>qj)z5e=8Od3NChH+vS5dhUTI&4M`~Oj5xIKtNPt^M& zhBkOCJ4VvE#KzFtV8jIR)oC1}^qrmTT>rH0S|TnZ{R-9jmhzw{LwXhi4%)Gr<(?jX zvDN%p-8F+-*9s1UTk!Bkt>r2!>d*-}mFI*q4Y|`5qicpk30NseCn(fsx}GYTxuMCa z!iR>c+|u10@7=-K%?8gZaIyZ^>*_~zSA-1BseI5ZRMKUB5_(U5-jI7qRksc*M*IX0 znNz)7LAEtcH~_$nMcUY>wUi$pL4JeuGJTTR7t#M)PDfc{xQ`c)8)7!5H<`8-rbD#TgE*x{!> zgS(xBQz2!~<ggmnx!7_?&T~$E{!x(K>N`sbt)O` z-N@I^&z}AAJYD9$@26e#cK7Ze6}onL6|Ozd6qpiz-%ry+dK7%)5xmGyNaRqeYg_|8 zMEJkz_95!EdkG%m?l2lye0K0IfsHeid#AVDAQ{WWY$#{RCVfnZ6HPJBryERbLQ=+Z z&NB?jvT}tgDwT6$-2NhT$_&5O-oAcegp~V^3-M0i3$1hTh#ChzLV%Qf_UxC7m+#)b zelZ^0>Gm}Ito{RT>V4hM*HyM8D^sb#2rT6ZvJTJcQJfew%&TNC1T4rjdZ$ zcY*J{S2nONYF1`*L!g@4E>lXVYcD}v=M>aRBPV2V9yJ^tKcDW$(8jgw5xg=Y86Eqd8v)S*-#-&V@Dec`fXkgH{vfz7jY2 zNnV+R(-@EC`HKr!NF)*ylBPWgZ~*$pzSy_?Stac)a+{TQbcWXOX|(EpK6~^0x3j;# zdv%6nVff@(MqT;)^M^YEvLFroz5anAX}Q9KsAYDiyyu zPt&X!$*fxIO3Ay0#vGP}J`)AHf`d>2v_%Ljw3FPmJ#gBm808(aWxU~Sg`;S53??z^ zpIcj$7{O7MihHyXk^ckxq1t7V%kiJWQ|Sk=4p&LGDv}$uwjv`Y(95h;x#Ne^%zx{- zqc@t3_;}9fy9%fpZ922>(`eWM5Oh}W`h6JKPGmOE3c9h|jor7Dw+Zc8WfcDRzoE=K z)r+yP?wH@wBWH>VvW+7*;Io~7%18}96(53(m!Pc}(w{orsje+=2>-;-HYO+7k*G}> z3<9E-MfF-``MPUC{~&)Us$$tLWz{YxswTi0C=-Bbsk?GbIM+F*&hV*sF?Rq5D-e)I zfmk{exjn5jW10IALUK36K=b9Ma-Wne-EELNnd5{0knclW;N!g?It}bZl*^acn<4bo zbNLzNrfiBIJ@cFL48%$PhU`-wV#~Mx(8zJxPofTtdx}f6Rt#WX7{r)1fl+JMJrZOd z><~qJBq+du;FF@tU5Z;GLi_xVpFdKYJc_=S`_N7!waM@2YdQJsL=>@|XOsq(0PtlW z@|sGxrh}z^NZWyt4C4&wz3IFEi0cpqrX>5XtLXU~eFK04Zl%SqWdrZs$7GF*GE0BV zn(7ecHezfh?F`olvXbJJ44gRmdwLnPn8{Mj8aXMm>Lv!588RH)Gg5)y^spCocRD}v z?}PmNKkg-}QD)HW=qAcx652siCcMdKq@x6hOV6Sx-upP-6*G zaIhsqR@kWqz>?1|-@f&^`!7{JRaKMC!C4Fn$lw{Wa&)k9Cn-BWMAxVCRaLIhz*Wqg zINwVh5++YPygeaQwCLGHHQCA7_T{^y@xVG!OKi_#BigFzeHLM$X%!$-h|pUBV!^=?`SJ75HSU{37|;{a@C z4R(m+C!)T1wEh+#rzWeLcC`&%fQX`!Uk*WF+enc&@wSgI8F!7uC;!ps1fXH|t#0bA z9i6TJb)Bru1}|$kcV;sy$8AT2d8u=CxY9Y7F20DL|K=so=#?(@e0{aDJM>&v_UtGk zC;Jbq|CbAWCn38%AV9(woZ*Yl=xk}%FhzNi@_IuLwgZgy!g9JF1Hc%;gi@AsnHf{e ztFLp``Ezt*5PHn7dQ{iXJ%T^Tq1}Rc1@n7C;x`fn3DWGKed6C%qF&qs-}*tm=tAFq zECnofydN;{tLqsjJ_irnw)r7ZHFqFGbkgPwrxrmt7_b0+Ve>FW^H zgTfv-JiiEe1LxE*MZLK9O?S-alC?8Mphb+oJlAFE;U}*zd!%r7$lW+a%n)o@v&2w6 z2|asox5%2LFiDmSytdl{L2nCfA9u4$L_}XHjMX#Kh05C!aX0ZhiEuV<06!vU_;5N0 z#Fw4cs@WQ{`ayz1R?e-kL?0M*V?lkb(@J_7q0y3aDmmTZR9X2rt8ze6O1E4}M)=SkaRBPm`m1QP2vfG0rwc!No5Csk%w{h;65AteSXDdwD(|`TRe;?%d@sSz2 zfI37CnQZ}Yr$%4T!6Ex(q6VM#i5kjz@S#h@7fOt@VBy9SaZkzzm z{N_9JS-viE%S=9c^intK^wA@BCeAoSLXL;6{9qlM6csG8Qr{7rzmfa$PxAQa z`Ip(+iW_!pb7hKJ{Lj-4U=fPaZ!$Kv&7EG+I;&LvxxtmEE8>?k4_W+)ZiW z^2GJSUN+TnDj&$Yg>P%En+?4aQckl~HYrL_D`IR+mglGP`sMRC?|!^^`Rv`*^Vh## zoIn3vNL%5VfoRxMdBne8>gu)D%_#<#@zb|P)wU3X)cEOmv+&&CIM!5+*~^!GkBVxd z+bYK_A8cd!OS{aZfB+QJ6x#b*XRB4MS2bi^yYud=7?^K4Qx3zKL68b1-4~o-j~gp0 z^4Z}0`$EtXy2~n;Bf!;K`TYHujHI8zUsmiUVrvoPm!ztwkLb~Z|6VGyfZAY2+)O|4 z$?!Vm;=yraBjWM3lY7%HGb_i?Se)`$=R$I-!PFGFnr3xc!1xyW5L1k)3vBk%uA5W2 z_ox>xrTUR-YL^(b9D>w>TmpIq1N`Np&P32AXsvDa4?D@!QW=G&A&9NY(Plq}FpV)R zyiW^S`>Cy)g{qgjRwL-}nEdc=$6-zfaA*z^KxT58t%xi3E?ELc1o~^(k-1X~`R&KS zNK1RaV_r_US?`OcQ`PP1hO_qpq$ib^Kg(5S%$=@tbh^$sGBt>-!I-<%{9Oyjg00;> z;;%U{4`=(QS})xbNmc$utzWBI@K{PaU15dvXK%SvxzeVY*ASXxpUsQv{X4rARsC*N z>nS+9pUS-xTFO5GAZ#bhl*QN}>mJ9eO&4kkN4dD}my)>-QNFryq7(@leR7Zr@q>Ky z=uNSD^ypOnl>$FFxQ)-v%~s*B5iE#rmKOz+?w zc(r+&jb18b<6QbdI}7aAmF2ne_L#tF53^!cXhV8{W=< z<+5)Jbw{zlK}i=+3&R?4yz%)^=|)=tyGm@-sM!j30Mx_%1CBSsHYzZ zJJ`%*<~klAh$OvIjlGe%hJol4JC6OZ-Bcv06pR zZLd@q8&lXhov2dZ0oxLM`+~4ZFr+ScL8(z*t9fCXdTp!U$Be{Tc_6RBNmGvbE*TD^ z{C)pHJ;|mAfjY+?-V%JNi>#EUwTA~rPsle5xHs)I(TwIJJkAO$xJ>nOsj8e@f$Y78 zy9VM)&4P#L^^a%gBlJVITY(ZFB!@LT#(2T|u146vApKkaM97WmYU2U`w_=Na#b@`HhM2Ss-%-o#MoDB5w5*j~u`nMv`gAg&3K`FIR)J$@?u+!IBbF#(hC3DF zN_+270Kh7iR^qTcbi54;Bj;A4z>}T{5Suz_I}Rk9I;K z-#*(6-vBQ9K|IguvQREXjp5A^bjpcLu!L7xLGE(CD|Ug}0=b6$1?4h1)vGl}H5o?f zKnZu+;Lu;8Q(Y?KZBjHN8pg78hoEU--GPgAMye#d6(*Tkh?{nzrcKEw0Wqy`mlads zD3f3@F=$efSSB~I=i>MD?ECbPd;T}0E4)DhwZF@X**#rHEY^ohygPHaAjxe$;PxTI zELUF`7yLq18rz^(X%`i0FL0gOJ*VLog)kS?h`{wdxX9`3t?BHgfXn`xcT3_VJ%MGZ zXsxt_1YO+Pk?vJj<-#wbRa=(StyDgGL@TMqEoC=RrS4R{X*Z;g9sy7TA6l?FYBg2G zt;+2f0d!l2hSE~cQQpsyqD4EwLs_iadb-HG0>O7Om1l5lmwG-&&cl;ZtEMj0Ek#A1 zU0&F^6Cf1*=bzx2y(a9W{O1qyKYx(V^P-WLwYH1N{szzvwN4=#hkdtcdGcrp65Q@x z$k?aEjdFKED`ZO&>id5J2b@1>WdTF_D+-#=L%kXAH{=}{`QZG9WITdH~tndIq|BUVC(_3qbg~Ge9_`S`_5K=L$6OWH|AbJR@2t;9=TyJO}Sxy_z zeu(iWdxKkh_BAs2_OzlrddPd1YX>AghS(fpXU8H4>AzRH;M~wKmGLyD@}dzwAT^V& zg9xr^Tso;<06Ci&xNTH;3qxK@01sH#kI?#p2<=flURX3#m%!Q@~8nq^PB&3O77D-)Rpt_i%8p?={=Hay9`#QvBL zi?N&pC>-_#fDJwYd>QD!7`xBLy%V4hDPhlqgFt8rv=4Fm&w2#+d;vCZyJo}l0gVr! zh=H@Azi@>kh13s4lgig>sZo^>9$~H|@TYW92Mbscws` zt9P(BaLlE!H!299z#kElITEA95s z7KAu=##dKfayv>NKmE56>|IXHrC*F8G208ridsD4%3I%%fz0*DXhRW}a_^oB#P0`pA zdN$h|?cp-#4-)*Dod5ak<9L>Z8?oM$0 z!7dcz7hi_t9rPnaS%PyL=|+YpC@QjTJb;2w66`b;iGOdULH0~!B_Lc*6v2$4>IyE(j@?NJ)C9Oo5gNei5Yfk;;;i@y_eoKSNaJI# zx-=XH*8Mp3pyTvtJI0$y;FV!7JFnsfdt!QRJ~)kCvvRtKr; zUeKM|%9FYZ_1T{BbHigg&{!F(l`u;);>O zy2Vp=(KwZ8qXE_*V4lDy!P5BdmsjV1`CeB9@Ku)j4kzc(ANJ5^G`xcCn>-tI+rSjt zwqX`h`BFD(Bp3Ql-Ku(o23hPOXwz6-%;J7l7R`D?U91VNc_`~!(EKsrY;^acXbyKA z!;8THvUUl*FUEFIoYO$4B{j@{^@h;4Gfu^ZPh9}X0EkysbsEIk1L=yTCKL3~iD@DN za)WoRQAUo>-oE+sSdK4WoL#&eqZn$t%{>lOl)U?Eei@7$R3l%!`uXDJm|)j{Oxx3U z&3dIyWoh}XF>LWcuWksEVQkws4jwZG$jiFUs?Lv)>`!$&Mcv!AZ$oe!egn^oX3dFEY(ui zYuTD?4pvAz78Tpi5rxLf2C4JWz($-mnWNW^m~I=zPB)~XnXG$wiQ)L&$I>p^2_B_I zH4VlN@WbCMdQR$ozg6~v0Bi@M@Ko;EaoJh>W{RLf9 z?#q3Z&Qq*;v7XdL?i|1{V+}(-3eC)L0wnSC1Dv(Sp15qG^Gh;VC^VWNyoq2OEa{|B zBbr8%X^OK&(Q8yL2zY)fB)MatR$zGMoWsIdJ=gO5nLH;uE#7aqASP{5Hc3&ztW5xS zkl<$J{+PX_{;Ld7l=*r(uya}IMi86@dn*JMUk|Nog%KjdvPVQv52FKI6WX#wcMTU> z4-8qYut7VkO@TLzn5gDXsVY)au<;v(;(49r%B1o~%c$WI0=IhxXV{)uS5t7*wls-G z)k{O3qlhkIuu~4+N&X)_F%rZ2fqmm~OD5U$M&)n@2_nIy;rVG8hG2ZPuBHSh{3Dpj z|E%@RIe`R?Wv)sEy}O1im=GCOsDSCo>bXv)d0MM1Zx#v;fkGdu>d=5b;t;ez^R~#< zAs@@{5T4*bXf}3KMU!~gDxzmqtAqwEdTF~&z1dbqR=Qq--W2XMJB<%b^u-wavrcKm z1II72Ygy)ad|4|TB`nQi;T<|0I3)?RNv;N2SqeLya<#x54&*_e%4ga^+f&)wtS)qG z{Jc7R>u|scSat zL&$t5@5Xc?0nb-EyOo&g<+24Z410{Agz>U#LnzF&HQ`-&;B4dMOQ2VZ=l~7hwVi-L zK4hWF?9t(z5Mz0*|X>AGXE-V9334UJ$>>7{(E$E6#w`5=$psi9RK0?$v01rpFDp2#`%j5<9@QO9@!#2HAhA#|IVwWZ+ENab&fqEwDCV-<04bnN$8QJG$rcC*lTB9nJn zjpFhIQQDO~-E-(gCo5!_wHb`9%tcwIrfJO~GZ3i|FLgsEYkT%uX3s4O6485u0YX8> z<(PL35@CQf5K)e2P>ZS>19n3vB~_ZgcP@l(tS$WlNra#q40y1t0Wcc$9p092y3GiY z$m`)Xj~)?04}af(z|2=%GMVW*$;vX}k_Wcdll0_idi4ALgOih|NA%?QkND*HkM7B1 zdh(c`e1{LdhV+l{SE&9hJRBdt_`FbdTl3W$0-Q8ddmBUwheJjQxgab6i+h9 zY1pF+&!jdxWeA7fdi9 zo65-s%El>XF9-XGa`Uzh&Wfrqi?Me&#r##EGwXul5-8cSEt_IhDwI75h2O}1=V>QE zg@Aeh+YvMZ!Ou$P%8V$05KQO?US}z;G4CFPh`MF*H!DY4+FceI^aG^z1HMz6*9>x} zylRSyAHZ62>8u_YwaV-@!igIy@Tz;iPJrNpRQ#EAxj61l9?w=Q^ra%@$WrGjw9EnB zR-g`se9|_;os`%9Bn(XRq+Fq;BxXfzwj|7>P(KHy{7E}N_= zAZ&GgkP3m(TxHE7jY5s1 z8$y8p5(G=>3L-Yx_RaUyB%9uhd_0-F4r>;!$>5-Z&q3BfdG?bIo(GQ;)6VD0G%9zp zzHRcrGAGv^55$i%$MD8G^fLnbN#~Ce2Uc{LE9`y9UGY%aJqhxnyW^`|tw3pR8JY_U zl)hDf@sm|+5(Y;sikBtGuX0*ubunApE8QM6pay`V(llyGx@Nxji_pU`P$K9$DuS^O zZ=o-iOH~!<6BH&$s%u8M_3Hz7TV9w|37Pd|nbmV8C#9a=NIesP6+<=^j6|Iks?6=- zSuB?=urgyG1>LMyl*=q{$+^r5<9yDGzCP%0dg9bBnW0&+JaQiI2?QOoRlsX{+p4_taedl6Fuft_rbRj9^+quegxC3F0KiNTFS)S?@OWZOR8 z0Le`7u+-UIibG>JBr&eN3khrwf1(ZeLv$-m>)ae-#AL$TB*_&5m+A_wEAAV*xuk{sdZ~s*k6WtY^qvJ0`Wmk$4B;5K#+xu;S1dR z#}LFI7R7vlskHg>4pe(yHyI)skUBR^Z+S2x+sY*}b52X;c{SNqr81Zl*Wqu4{y83n zSylN;7Zt_Gh#1KER7hzD{%6&oHNsvKr;?;L_QMEbedl%w2WD`(=Y2Hl_O7Ku*kO04 zYe+JVXrFLaCyrT`gb^4E_dZU82G`r;^f8^Du9V9lQnv&p0VNli=|qybsHlLGixXA(Mdf3;$^A?Fd4|tvk*`!USMc-Zom`R zFYqN=?b#BtmUng0C@|OC{j+{n)B!QbUHg~|=mkfoxi2XuW`BIxEK$f7W4Kq|A#BLu z7)|k>B6ORvo7V0w(_(%@FfY5ffNqbL+B70e!fb*~Q~1C*MrZ)90gm0bq*5~Jn?OpX zEOVGUCJTDx#{!jrOS{IS8^i7pS~~_@=&@&XU2Fs*5)!8VRaLHEYu)_hhMEzB;O<}t zy~rtwR`6q5!H?4;X10veSXfpI{V;$dx+b9(7$#j~z^>k+G}Jv!YM!y+QyH z;CJI#M7*5sA(K^W(bZp@RG#ya*Dgh@dcUg44csz+Cg7po%bABaa>2Y)Uk9ZP=7hy9 zSb;ZJTeqb$y#K$m+uzEBR0*Kvh64{iwv-jvjRfv}6hxKX$KQDYjrRh%qUKS}5BqgP zc3O^=>b?X=SydW^ag`pfhHOa$E_EJ%hKf-q!jGiUDEblOlTFD$PutENP0=8D?*}0+ zSw0UnjDf6(BZ1nHp~_O9ZdN#dV|(UDEk?XtcPMi2&PMIi<-qbL(LhTb(To3t|FIQ} z7*f%@*!>_vWw<1;#CI>xet8Z)=x`3mG)?guc^%lfx`flxM~|PFBR=i0kRtlDup+99 zXawgra0x@E910>|S+G@%UeA?jgjW_}OdcQSDfHVO@eI)hiGhlsWz6}CZl*rTj@6KPGU0v}9MUO8I!`VPVR?I|2OS`wUV2yBWWN>-* z_t)kxK(F>)`ZWCxlu5_waeDj>$zXgJgihGuy#`*s-J8}m<%}0^0x3*vDhBGV>*M3} z+w>^O)uhO(lmF(AN7JX1quCR6^zHG}f7Vl$%#6e9vx**p1O~{tKDJHtp_iTzdOLZ%AqvEbb`{;?^$99qign>6x2UrI}eRu z-(06Kb~pXtct(nR*17(^f50)5!j4rmue>9}hWx7rSd zw)5;so0Wj42r_Xv8f)pxqi zO#tM=OU&EzBF!r-1~K5i`aPkLgR3J1#LO`oKYHRl`hf`twpN5FqAoG5{fa^ZeBd^v zLkBz(N725I1Tm@+u>#$xD%{EdtrL(OIOma{86a9kMk!?1dXsj*eA2flCVlJ9VbnsS zB8R7eK0*c9#kmBNecI7F)4&VVvWGCq=BW`)yycjdS=!hZ?O zoPm`a`qfrVQ96b0sn z!On-ca?puVCJ{kOEHLjLr|&^z2CKP~=Y1*WaEyEA#5;VLMy<@L5I@<~ zGLox4e;k^agEIiv6s%{w{Oq{uQpJ)HO{M*Uw+Rc^5G8 zzdnC`b@A%u4^&04&eJ1$<^hKO^w(E!U%v~bp{vWY^XK?+|K$%}R$|1Ysjl*o4E)2R zIGX;5e_q$4n>i@iPx_oiIlEzD{8L8cr=qgkXC!NtxR|oRrANS<0gL`+#wO_Mz3b=Y z^WXl*){b|!iES<%s5%N2KY`aodx>ym)lAa^&n}UU z1k`OS&P^I3d;b=4)!?-NAvBiFwIT=NCxOSmsxr&n-4#`??+Aqwy(1bO95IC#fI#rC z;5k}(FlH>fQ46r18OzpZb}$5nv9*l9j$A zZ#*+lPY`|yZj+9MX13M4-(fmh)<^aOeUR;TdM}`jbYDe7tR-k%sG_zSIrT%w$q&At zK>+m|4p_vXRAf(R?TEm46Fcjjow7y_xUK|N$moVLsxe~hooUilt;n-A5`e-I+B9(y z(z}F8KVU6rtgVnUYn#?F*orh=9`cY6%fRu@N|}Ax&Cx!K(kk$+)0ySa_{2C0q2r4t zn8l7so+7|EFX7NK2vc^K)fj6mo#Ye#|WP+fcHx6LkLi8N`*c@zi7IEq9#02NMzwXs0=JyuXvT$0JCjpG{dO8^kx<9#2%0 z9ghU~L}3I%a9tdyCx{}dtGleu)2RO25GSL!LDIes# zRx7!;R85xJ#gv-GA;~ImyYD%SG_)*25XPz{Xxt41$78}H_IP;2_5-!+K~G&UG={<% zX1x^7+<_P2H;vTiX%!R z+ykrsTDKz95;4|S-Lg98y}O}|>gKH=`3-^|R4&@e1$C#9g)L<4D3VAz*Bm}doFyJ$ z?*Cu*-gLQ9Y;6~;-?|DS>vYtveNr|ED=Y0UcAu~$&|nFhX(5r{4jTcs5Mu(8C7pdD z`ZoIZ`bs)ji%~*@Go6Dg;YU?kEY>`{>m8ma4LE|wSX5BLJeY@4i%#3*G)^{~TKtbV zSO;6jV6MsTyZ`csO=F+Q5L(_8U$4cgPZ-GxeO8g>IrY_yb~z)2M|2Y4i50xb(WN%t z;NI85?Ff*>yEZ;1;Q8EdmmJUWxdz=s)9tgC#&n@`cc*i6SPfX9+so9t9x6|n=z$FR zv8B-0;hC5BDoy;C(od7VMOi}sdCO4XdgnvM(G*|HngKny77$>wm^#WScmBsW^#pF) zR!qI7I9sxJ<{q8-tGG@Ee2$=@qtiBSE^KHLn*HGDtMDOr?#KQT@Ce)M7oo%R(^%>} z%<=(4F4Lh~gX<6KcvpsvP_1C0spY8DCl%Eq=|`x)cWMhKRi!>aCF(=o_`U-(`><81 zE2MeNJWP|5JZE_K-24pzn<9qjM4y$j_`=WM7gkLXZwjtdh(mjf2>J?Z;{R777RDj( zx|X-Bl(IJGa(IX?$ch!q!N>~*f%l#AF@&6qQM=K-2D+^uulPfDD~P97q7a2qpHNTg zBJ}&zB>0cS1*bIscmqptm-6=)h%<9So#ObQNECw8S6_LSp&B7l)15vZWllb+dsH%W zM(KsbeSE}Ph7k$-fu_ec_Ij?5pdUjtxr6AaQLJP$fWJ@IsOR9$^FCSzp8`lJ z04+%)WsMQ83ZqBrPj37V#nI}p z81#1vY7+#(9;;dS}J0rMj}}+A-aI#UcnoEmlP#P z8FZjNKnZKm*EZf0kpnd` zet9iCq=t z4|LX7La5+Orfwo#Bga?QGt}UG*|=Yl_vtP7917YoI&&r#CS~q1Sq7;AJI*Lc5d2X~ z%?`T*mb)}X*RE97inqvGjgOaXY6FUrZIz4$1n%XrTfmlc#q-Rt^jaboL1V>kTzF3U zg7zgh55x_{xM*4h$)~l_Pm`ej+_zW~lYUjJ{S*5X;~YY~>Wq~Aci3RXs=JSMP1hh6 zlokX2)r(+q^@0>q&$#jajIxISH~zvII0jzQsw`9MfmIh{z6J zJyPKutyoKcQq*6mdijl#HQA5&pigS)lj1uGos@ za5QA6gF8yW2#of}yen+%sT$~Mz24_TL@mQHp@lu?f)feIXm6+`1f!@ovK8>?`nH1N z-!K#@9|PN?k&f1ky*(=uC3s`ARH)6F0GJyqXuNlf&x-_1E_YGQ z^82rtBMTmm8rlmIU+6Nvi)2V^TQ`{u{xEGxQXX_n&3r##WipSI*u`fTAs$9gxj`6Q zVV~Z?kIoSLC%S69`*#h)LWJ{Hj}s!|6l^zfEyIjwAVPfndp)#*82PuBhG)Tr6}sg$ zib^d1IvKdD^78YUOOQ&-L5{*uExUbcR^G56WYCSB@5im+Ib_>=}>on`G)@|~T0p6J=m zu-2BZ%zG?Q61t+ef1}aOFZ=h2&u&Z%3B5O=6O#fNm0WNAJ~2l`or7wWxVRP_vJ&p3 zT=}uh0oEX?Z&E}J%N2t7q_k*(N7pc4S3`tdplBL$!HQkRB^^WNwK)DZ>Ir0*%dc`J zgGAi7r(&*OgI==A*6-+gdzHEj7ALjm>zNlU+-{ORI_CinZH7TwxyOZ-&N_%V2fv%@ zGb8F)$fO5%ue`Y|CksQ@5E#UdT#|LT!6o2x1=&5tVEYt9sUaf@j3P>0>afKD7?W6` ziel=||04fPt}zg}u@)>I9}U$&U^}Q*aB(8oxs_){^AADNqcs@27{(HL4k5CZ8d!?G zzh&3V&dlGVMS$!zC>|h#Rb*eMHnQWI{)x|H-tCqKQnRotX6Bs!cG?D z1gAKJ>iM53rbE6W5M|(h{+WOXCd;)}7&^4Z3%mmmJ8^5y!*JT1jDd6o2D+W3p_Av9 zvD9GL-#!T_8f+3o}(T>Cc=lL1}IX_()P|@RN>=W`N8d}5T$TI{#74dG(Y|s$&PM` zLb9IM>K|S?@6*G4o5d$*;lL8f0((G0&zQwSwZ&bRiinG0gB;Q0`;8Ucg;qA42e$lJMlQ?aUP6%$D?hh&%fIih;zw*}W( z>VB97pzO&sh|Z@^8Ge02eDhVl(2l+eks2&5D+vs};;qX>gydIL4zM zpjdpgU#ILupI}2GIc#gV+g#^mTMGUqX87NSWV1f}@G*_Jb+AuK@Zc#p1^Oz~9j%_d z-!AcB70!Q0Wks_Grb-fJY5q)|OW-)gqYu5gkl42MoOJp79V3-Ss*Ez6iGKyISQG*hrSm@>;I$|s<7y1Mw7n(?ZtEJcV%(s50DZ6vFOwAX%wfsJX+L#M% z-JPu^QK>25m0?-6`}peuQq{ga?mp+;XSoRoP@aoN&39{JL5`}CwoyCe50s<-IN2je z@w~I*N{9=pPuEv)E@iGk@hZ1%B;E;(=z7d#_Bo}w9ri4l?xhoE)xzA4Oke`a0#b}TGghTh!KhJh- z>Ih6McgRMQ=u-*|1pO|McnX~czUuITAYz3u9!1l14RIM7VXz}P6!|pbJ!K27F^4jS zK2IH}vD^-ZP8T;Q{s^55i^ojDM3Ljqy}s)wLia!7-FKZb!5d{DhuQMn0>rHqM(9tt zc=8N}+a2&a{$D##nJ@7CLVAR}ksx)1vXrObyp$3YDFD+r?wnz6pJ<1lt+KoDOwkIo zQ<(r)dqJUR7>F0b9^nwdxxO#1=)!1h16apmyx~J=P~X9#Gis?=5X^XIwQq@#vDyAp zt_xEnjjvo*yLcbF@o}kAz%m>Y(Y+f%7!>=r#0ZqoDnoS<;*d_R0C@2VU@fA0pm>Fc zfvfaHh1jP(utPbn}<(?eB@M@Z}F=L-@`t7Wf;e`N?;gnx> z8^Z}4uh;7hyn*AFMDtHrQqJq%a8l%ej_-Qjwk``FGZb9h&wOyR98Hk7nIStloR3iK#b3v?BDy?SR zdx>v9(h`Mw5Y~Wl-}sJ+`D21&94TS z-ma1ci>W8Y)RAsD<7nRB38~{5g4TwRDWQwSkXPQqvSMNK0W+Lh!HKcp900Y#kgpzz zGrNM`vtoo0D?f=gjptqFH3=6)9t_%27LGcLtwX_j>aJj@PCEsh7HcISH{0UxhYK|VN%83IJUz|VgwG`aXbj#EI;4Jj4--jO>A0VzWoUuD?io=&b zAwpHvH@uhC;&N{-b~?C@vd>NXTTlDe=(dG_H{$Ow5JGM>d~ zJws~P2h3NXMGQt=Kg6T;aE5i<#njU4ITyYnELtt^vRCvr*;hQWuw<_wE?W#2;YJsm z*t6{_o1*VCC5^Ie^e(|Gh`OMcj}C%#Xqg)vLNjHKns$<**(d>m4EaVJLSc|D; zs92O)ax9{hu8%1-2zwCo1V+Ls!f-gXt+71yp~PoD)-ZF)oxGFXGSNcM#W*Ks&%#Y2 zC$GXoE~cT5AzH{kpjJ7r;f?FQttp0T$5{2XO(>ED2*vQ^wImcUv4Oo}AQtSWFTIYZ zGMTsCIq?$O!W#UqM8BC_Y>{R(j(V&?olbH!$@$e~Wc5WvTukhD(%6R@$hij~4wWnb z11~jV=P>h0xbo0UOkiw_5z`q1byVuoQ1TIFhJzeIa;ku!_7BfDYy{qL>*)?ZGakb~ zGctfo`gZh4K!f172v`>0=JU$}x#+=YM;KBSGw2n}A!v8XDMyJYPtxMBQzrw@O0lc0>sAyxdnDM!hbwu=z`H9IfaZh*xhZ1 zxgJpusnsK9j8dF6ipr>=Fuov+j$;GHYbsjGWs*Xglvz6C)e)2+-7cK#Kn!&M3L|hF zPsv%KH$#G@rzH@%cZdWs?;F1tCAn6Ec@z>S4hLHwWyq{KkYxkK-xQ19j&X^3d$-8R z;|YbZrh~NE@rV^8+~WATt#y#9x(Xx`SpTt>#(-_R4?uq}6k5L1W5s~5vUUZYuAUu) z9Zs2_T~BxF@ot^2VHgdat-f4S%Alu}+J12Bs3|#8sojf8LDndq{n2G5iO+ctv)Kk6 z(6d0x^8|kb3uitIUQG=`dtBYm(6mIXNkM!fKq}ABeR{I;UXn2!p5bW5($E$;xh)d` z<5iLW0mCw(5zVpar%Y0ee?!KJSRmYLBC-%XqmA5OIK?w9mT@0a|7~Q<(aNCL&`uO1 z5-*&sQ!(XjiT8{6ZoU&HkijoaBMBe5rKD0vtOY2BX(b%3$XPAgWnw4PB+@F{5`(MS zKjCG_*zSh_PK>B=IpeaHH*0ONpu9)@zSJFfo_vbtlx3)4fVocU*zko)0s5K^&TQ@X zIAFUT^-W>>+WOSwY2&c=SzL=PX9cM+qyf6(4a?K^Hfg}WiTZ`#|FHB z$A;A!hJ8Z5n~Cv3MRL@aHthw3T3A9Efi&?sY0Q00tAUPpD8#|<(A3F*#C+G%gJ`Uv z*D*>0KS`&0fooxJikzR_KXXBVup^_DgY3}-Eo*8tc%M*|K(9h2CkTZ#3=t@0Rt@CQ z72|b4X(V;((SsQl7@Dpsevon5#J|+A9I}5RxTTzMF`L|{JijumJ0f603~?|pr({%f z2L9YXWAD^P^Ai8~XCkd%lt}A4*sytV1DP-KK(_T57WFthZ0PHHVyM`~y!^A4530-& zaX{HULG*i8)_FA6my$bY{n09c1l>eGSP+AavX# zG*8}vHU!B{cAOY5ym(L}#?3gKGBzP+-RWvI%Y6zmve5XD$oc{!F0Y6WSNO#lPGWtA zzQwSA{p6p<>){m!4ahln zn|Ea(yiuBWu;-tAci}~M!)MpGwAkDAXjvUfxb8=V-DSg(BXn5&%YR;B|G@vk@jv4j zr%8$*fdtRQi98$6G#E0a^2m#(&u$hl6uJE%Jei6LAwi`;O)rq=*?0M6D2LpBfAD zb%cecw>soan|jSWr1(oNLKzD}NEZV`$cz9(!L!hvKe`{O`g5V|J43dFFY^$v;Lpj zf3WjM*FB#qel%gQ{~)TRvQU(rL=`+ z=U^7}Xi9{=++83E=SaALz1qV+wC%JF!rCg=5b1C-rYZF5gCe zcX(gRHQv&r)JBLYLEQ)vq#oEOic{>7{I0Njf6IpyZeQQfev^d4L+JiA787xN6~M~^ zG^mK`I{`G@by0wmQQxMbObAE*NPVpX1lW|}#Ma_?#g4wzE!WedliCjzD+W|V@F!c) zvakY8>Jb$-3zVoSdxjPKHhO z@LAU#tS1O}JPdh={*^oMVE%=(4s8~{CvLEDsCEsDx?dRb>0uamV$?%d*vE^Di@X?{ z`!$;LeJ2iOd0*^4)TsEP0JUg-EI=n$x2U>l@GWX_P|L+OSZib=%dMICtU>qBEo{2r z%bFe?##^WNR$5rkI9>_`pyqoA#|ilBcK;;5XW{o(*r$KjvS`;WaiLfqzrR2<9OVPD zRbU)Q8#S?9ePv80(XuV>4DRkeIDFXP4uiY9ySu~S?(Q(~;qLD4?t{BKk8|I-dCB{= zcS$&~!JrBPo*PvgE(Wk$49Kd^4q#jgUgdhMzBI%a$U*!}T9f=!FEG zGW9`=Y(0+~RQrS|ww7lQI0M;;XI4Y6gdkXtalctEn=ccNDPa>AcRmn`Lz)NEB++%K z?qoKpyO>hRGdmqvsEf#-ewldn3nOeTwYfK_2Si%`m2?yP$o-3F<>5a@E@}>GHhA)6 zk7*Pp9I0OwtyvDB9Qv&_6K1K)q;+W(IqQHvy)J4)#w$oU)W{k8zx9Ry2-cS8NxK84 z-2L&ixXH)}V@+^Ko&L}V`#zD&@rtb**4zFs?^u$I zMRrBhwq1JI_lN@=YV%(6uIINk7+p{!?_KZo@Hsl7@Z{k=iBJ*~?M^8iUdyYhNTZ<2 z#H$@;_u*k{Q|jw0g8Rq04Ku2qB&HDTx_!%kC}2~?T9;6U4!MQ10J&4A9QgJdS z)C)l%)x;@+T^eVz%+u#(3R+dz({jN~q?+BQS=m&tJ$AXsU6O5PnL;)3CU zGbUacjE`P_GM{s#G4GK{1xy%N>V)9+y!~|q`UcItfvg9ak((PBe2=K%x<6s51>k)9 zb7va4B06fna0jTkT)LufVC-hBNgC3m*B#I`?m0Nrmv8hd7 zISK+B5{cPltMW_w>K`0*zKPWc35dHfVsBN^pE5lvw)gC%{FL1W>QP~e=V1rM<<-?= zQvL)FS`SHl*E?#w)r2}LHXjp9y4?u)!#7A+Sl3^G7`w0T*`CquKaq#fdx7MP8PVJJ z1+yK*e*M?W)nk|SFhYZ0h+n65O?XdYIosnh7maJB$IIG(%-W8=U_TB57a|utA_klq z^4CL8+fRIchkwG+_>QP6YacqkZ&d`xpdp_e7Y&a{uJ>j*OClw3RlHqHgWGWTF^zo6`i1`qJfwwHb)?*|!RJ04caJj653+5t zq_o8{WJ%~Z((|f-thajzuK$_etyTMV^u&U^u_moX$YPk3ObM1F~C*=cCGgfBJw*MTH`j+8L^RAQ;b5s+~1N@OAp#R1jpy6nmxgPE7+Ac^n%0k!W98+ zmt3tm6n~d%&hg7S`^z}dTJ`Ab$=!GOb(aXV#2OC?L0V3*G~Y{so1Zx8Dslgny97uu z7}ME~>J=Vp*c7yObzBmIPy#8D&JRXEMxEBmMambPS3QiaVAi;8u%H*-Wob+E+c|Oh z{$qD`a4$t-VrQ_L+~lb#ediQv6|&uWF=Uo`DI1!oF36yihqZdVR+j;}+&byue{y|8dx%k-=BVVmjZ z!g7w`Gqe?oW^ejw7)5u+>+7Ob5$$%KVgx1+_kf@^^Ur>9Y$44u=08>kypm-?7l9hr z!6^`Lrv%MRfZ=JC@tJI76Q3$tU`V0HD<1b;!pGO=FO7uWj}MP?$0HmZ0LyJDYlk~z zw&f*90%hc;77M0Dq_dlSNHJU$+P@d`w&mWuz34Jca7WC*5YXzPxhJRA5{?p z7f)Sz?T~C`h!FlY&oYrSp7~>9{pNGKq<Je#UQE*$hY(O9t~snKJjI@#`a)+&Bxrp4)|TlMXXh0suc zq2S-NBY&E}9!_IC=HD3n-N!2O&DV}o(zfDA9+tip>gQ+sgA{!j!m+{d1hyo+ypYX(`?1c|vok(- zj;iE%j_Pd+k-u9|8$dbH#p;3;<9hUJfIPVhgpIt=sA`>E=h0}M>$GM`_H!N!rv19z zaoqk|%`xfz3JMzM_xQa6bvxb58)?N4RCiX2J(P{#QuuQyX??K$LV1V5NOZ=HdG)GKV7`g0XwqSNyy>1h6bQRXT*{L^Z>Q8sBJ)e3cSk@YOO(80e?>63939GU)v_gz(lOz&u<(O!5Hc`*5?j2iAJ6FR0%+{7XmY!|QB#KEe)3R5!0Bk?wl? zYGZhqZ`_RPZmQ9Kv+b~ac`C&csk+rFABoz${vwy<=d59ucqyD?x%xVl>#Tf7S9iPZ zwzgaOTf0@hn~*^jR?b&7t5yCx*6UI0E;h;gTla6e#FNMLn@;EPP5F%v0yjKarwIOH zBD~T^LqoLgx1n)rwW(%paRuh5!n1ZX?h`WK2bAHPrx~ zKIWN|OLEp@rnN+@SudM?fKy=Z0>fj8H|f;YK!ZB)9qx>u#nwGcp5@8g2q%_%;B=KS z+Oumatg4w`@cy`hW!2*?TtO?AYCzxavXlOt@}q<4@#^nj(ZlOE2KYt#=wcLLukWWq zgwe10+{SeGpns^jhSBsTAJNoZMM!AtCLO;YPuKIq-mN=VzCBr0eA9gkpQQ*sNP*Al^mLYDF`AH6x9RhHZOf*(J(wit-`YqYZGcB*OK;>cB~-|!kgW`1WU`8nt0 zD!RvO9*6@^ov>F_fETyU8hM0|-Cxt+a}501{~VgrZ}->d`Dbm|SxzkGluJ*`@B3LANhkeZZ*!2`MROf@ zo8tR%^vHa>YxC7iw!0$xYojMqZbU^!1g-E#*C_}OR&M6SSiMm{3Bi|qSxmFbN1 z4dabD&|`pmNl9tLkHJ|*{VnDK>{rSX$NSr1U(X9HFPhUco}XyKLEy&}|&;{Dgax%ir)q=kdtBlOvz{ zWAilt@T^@qHs1dOiZP|^rj^@#4WtW>b@A=u#{f&)xSRoQxN*bRIbFmE5xiZwNoqLI z#ff`KQT*_GQw)3TZjOE3wb0ya@pVR}RFHsG*Ic~w@+35PAvm_Q9+qnv*wUW9B7Bn> z-uiWRN8)5UMAH3W;i25;h6G6i5AZMWlR=*EuAn@tkX^#|KXEBNb1hj_n^DQXDNb~G zo39f>0w&l%_QR`6-c44b4lNS%8aGO~V#31Rm#=#s)z3xl}#8? zX^84|gnK=jB(JGYm#J-s!dc*&DyAu1V<n;3mE3#&qOnoGDTw_IHH4yajNyZ`*H zZ2MhP0rcJ*V@rdb>Q z;N8>3F1ue~^M`c(wCEs=@Mli<$@V6A#Myk}zDaTh!*52pgU7d!5)<;8>XZuFr3u8o ziXi4G3W}|8ph508Q(cGZaAcH8@?DT?@?PQ{(G&_%>O>&jt@ZZA8_Pft5$+cMJO*8s z%@3-OP%JPzHYCxKF9KozS(%M&aIb`Jz|z+YWlB<)98n70<9NYlA?W7z&B-7!hl6kC zZLBcCJ44@vL6%SB$k@CJGn&c-glkR)-6JkYU1<&TlFCOOr_-?Z?fG!iZN5=II0Gx zAx$asU9Zao_9st!0cUhy9N2Cn|R9Y8uOLM@BT z{aYx1v9U+KPqkttVy;=E!6X5V@aMclDD_8L$*6xFae1hog zseQt^@-P3ivo}1a`T_6!KI9RThfnW}XyN3$03bULM9lsD`D@GPJtX;EP{$L7@7(Nc zwYuWF$Wnh2M)~`%>#K98;$N3fPpDnhCBJzebxynu31b=?j2ov1 z@FaGoc$x1P6u+fppVw-|@2lknKr@0kt6{c9v3pEzwIXkOif&CcdE#l$agoJ1A{g{I zJf{6mbmvX4*^AhNfublD>?C`?2pH5f`G zI_gNP-?>KUD*mO&eR{HtR4`OHMlDunZ>_gprte~iPnXZ{XDSV;MqXWs{M4HI!c}{# zNY|Tniu%I%iln~nM)hMKiH!Jq@Z!yl5dKJH?fx|6ks3T|d(#;_(!6O^^{&FmwHiFi z@S^>-eE#y!&R;Ttk-1Bi9=M+VIYtk}II4M;uX`@{x3Mu zo@qDA4~N8J@Iq5lb?_pC7o+*?v#6W?qDaZ1U3H_%D<@*T(J*r5OIe@@quFZk!m~0s z;%(RcaXavBH_}#zQQ)hpg@V>L{Gv%^1NHj_c92%yK*eYt_~ zhhf!?TCef{Dw^h?RM&bUQp)yXfcIg^pZ0$2v>yh={FVO^t`AWESD;E(ahO+4?Kwq# zR?-Hevt5hGY^pqt$b2l~R@-QR&i&ruIn94Y%;sb4pQkQh$(O~dOvO>L9M_kXV781m1LC>hr`mU@hUpmjTI(5&6dU|{<;#&P7S@^V z`IOOe5Cw04(-8&Nn(a|#tHD6D76s4rqQzbLJ^+jZ-v^*}_*=c6{=c?JmH#-MyX6G{ zk2R#n{~l{3mKK<8=H928#5mJ>E=A77Fn9WqZFTv=vu;{|* zJlXv=eJFa)XV=Ub8XFV6aQExco(C`Y3DY4K$5siq?-R;aca}~mE69GtIXW`32z_$p ztC%3MdE#$tVm`8=COqm*8ySrUG=n8YzBZYiG+pLVOK#1p>@&Ni!Z%YH5@fatsuNnK z=!qg{gK|8{=+P*Um>s)_!fD5YeK|ugW6)e95d}t|Kf|9X#)A<7HU7ua4b-^?s=guq z&ib~5xx8hPqg6@-blc^s74`7v&C@CFeCvlFtwrJ96YWsGuR$l1_N`I>QvJ5abGMR0 zR!IbWdwGvVptq1hZY>93(Aa-F!(Sf#XM>~_52jZ5$w>ye#d;u2h!n;Cf;@uUVdrXJ8=>)wLNjXRBomW85;PRFtCNTyA*IkV4! z$yETw;4tB=5r0 zTVpk{tiB}At13b7tteVT3lIg3JcNj_x}!9UI%J~(P1g5sfod{yj8-u+gqGam+bl|M z;PguLLe+WqK6ve*(FVytZ2#ZL;z=$*usY3*U7E*i3 zqLue^0lheYnVc)5@VZ!RKDYEjTC?Nvyj+4)JX%tz;1A@ofqQmNT%hn<9ggQ-7S8xU z9;@RqJ6VX^d@Vb28zFPND!Li!ZBhewo%w1Vde6rVI_YYhFIPAj;C4}y2j%%$-hnsI`Se{_d2u5%=s zW;ULqW1;4~f1!B{M&ZNOX)Q$k9*ikdI%^VjAcwT2KL$+}R-s3)^S`aAu3|wZu&QdQ ziX~-I`d;fMwlhx#@R~gu>9jgsIo$EkrtrhZ;UVV<1WIz^#a8b^B^l|Ar(BGAn}`xl zrOH{cJx0hJ>yTIXg%*Nwx>`YO%fge>J^jMHU_SB#c{lSeo5mh{a2bW9=<>nJ(!HI# zk$kPF2DnyN31$K&^zs?3Lt0Q=h(b4jD$75C(j3Wh=ukBA99jPj)FU>AHGHyaMu#C7 z+ksj)=n>2~|MQCb9s?UI3TMqgrd$TdUmX~SxYe!}5v4dvIa+-;WaQ9Iro0Mc0VA6^$Ymn2VlQxv(XflFUtbIVOMe8Pry8@5;AIoHB zA~M5S#9X>)X(Uv8r>vZ2H?X@5MXi+PC6pkZ_Tw(}wHNlB`u#9}PZHV|Jr8es%|=_^ z5xDW8@vDnn`U!>Sc+E%Z!;K^Z5#KY1{@qEqdmi={(X6HV#9%v%Y-l$lIxpE9CY~xG zFlcW0vjTs>18}nyo+qow>s&l*3oImOv3zKYiu+C=aan8|HR7#c4|^0O)>Lp+uUspC z)tfdXjxb;{5iB7P0Q0#F$*e~K=CyPGK)S9bg<|G@$(+j@zhy=OXl)gm)pj_VNHNalffzm0jt z;4pBY>t_?q;P%YH(IVY6pEm%TZR{+Vo? z>ufH{k;eEG|#*?1xS7HTiq)xIab*P|x0svv1s#c|L|ivZ*B z;ow5&IL%V*vckoR+D=#sw}dJm%n6#oxR=L?(W{s7P_rU#um}y@!({*+z zX4R^}LuOjuic9RPC7nQ5h09Q^{>Su4LEV>{O3G}XeA#0HGoDNj98LhYG#sCRgA8#yn93UUZ>uMYjV;VZQ;B8rxSt{%7c|s`*-_$r)w5Yyu zpSm-OXFnvKK(b;ssOu9KB5AZxdx<{RZt%?%n*aq0{f#O##z=WG$lf1<5pwr{3afhR z)|SxMpn_7Ox>3y{6t1Qs$Z2Lban(30se-V#tF&hgaHvijA|a&zJd?iHCq}E!8Sv}a z;fP|;xKB$=<1!EK8#p|yG)H7-(vUJ;F}nHGG&eWO0m18fawfYr$WxpSCLSqbS)!bk z1cnQMbqX>iq#b2WK8U4RHAetE2xqrMtf28cz>R0|SF%uk7q!aBjHdGyW2;gM%B@fQ zlF99$n1`|W!NlokRHy27tC>P6-MO4`=YJ^vOi^`zz}3B*kyX6;H^!B-Se0+7qi8jh z(uwpR>to)a0^6?(ZAPx~b&&V{k_&$dqeg%!J-jgQJMTZn;RthE=UE%L0uE!2bE!NN zJ7b4gZV(pV)g7J;nn?XA|6c8eO$=geaT0bzT1z~Q0^EerEeWIFdyu~|x!24^m`J66 zEY*$72!&;CMg;LB+wP8u=}6A8(yY`cTZbmG6DPH zL?MZ2;7g_kF5xt|SPsEJOpf%Ge=+Xi9CHDN0FFrkuSFI=VE|F_4v$q zVv=PprGWw;ld{;w^@UDJIp^q`xGr?rMB7i`IOY>%FT{@jaFXF~j5bh}1)f{PEM>Ts zH=0}d#8^+hlx+oa7#{}=|B0%Ql2yq6DT`_6JHvAi4D|w~n)tau=t2?;okAUIlb%PD z{lF{GB;hcD2$|KcVn4GKB`rx@R$_<-p5HrZ_abe_owDqiYURl1K{JaxXx-y3G{-6k zf;M}QBO2eDxmMTD4MY@wxOwalm39Jh_Nit4oWLfW!8#SwksI2Q$mf%!1OeL6OQA#m zl#9JCZ)nrUYnY56N);BO5Y4dty-vi~a;aY_oq9pStU<%!RT!~gNiKHRcV>>sDi0Zo zC2CV;3x#Gv;K&OE6|}S!v2bMtJ58W~f|Ap5G!fxy|< z*qp^-9=h7_ilF}|d_)G@Q0Vx#6$h!=y@aKd04~s3+=@2EwIV%(4WlYE;Y6XCjc*U8 z6&#mz3dJ^&ERDiEIM>6W!8#Mur@nPaJX%_*sAaH*+5M0wh3Rw#5fTZewIA`hN~*5l zl|K4SR+p56_mT#zY7$bYo?W4Rm!Y+MT_h848eO;Jz9hyA+}tyNW=$pqEGz#{Iuumm z`eX6%WTDT*13W6y=AH*}GYG}68$cX9>NKnr#*xI#oSMZCIH^&oih8|@AX+cw5G8~+ zI>GeHqai1%`E$BIfY!-P4;Ue4<##H+4!W;~${Ey33C4iTjZh$)vOE?lelM>{@Np*~FL$nA)$Fvp~$Kd!bq zD?U{D_zwaQGX6UF`Vk?jFgf+_e13N9a4nSy(>LzWOWjbI>;Pi?T3YZnS5%D2}te@%{m{|PNm(^S!f7q7oJ%As8$Nyoae%~sa9akJcRgW zGGk)SaA_LFl8a$xLt{Qm*erRz(1KN2vm*Wf!{2PD{}=u~zd0JH+sRA-JiWhd{we5N ze(Q_54IkTEigCS+;k=oR*#H%Lv;9y%Y>T z{F_X&AuxPt%IbVk(7|YKvmTr1o4MN*RX-l;nQ=b7LE&CCj5<3GgMgccj|dbNf1-D@ zIn(p#eI2x|`34CbI=A}z=lRCvlZoXdl&U!V!}e;7*>rhH^*Cs$++51mzspRtghnqX zq*z_>IX9Xc3Wl{;q?A=VSgH(x)?5cp34kr#GiG*XFf$+-{W=zLb7EUgm8 z*944EzvyPMCcNwwkCNN2xtsi=vMWn+b)I$@q3Aio)ic??*5@pZk@n}mUW}HndOkXb zFKB2rnxntd$K8WagrU>2nyXzV5SOliBEU#o|J{eyp>Ba@ z=lXgkV_xnG^94SAJg%Y*32n_bm+lCxK@1~J`?NFHcN%=X-|7=0BQe!9cOM@$^qtRd zzPlY7eYuosc$~KJJX<$s|@nwro&LPjw zJESOK_ywNH)@cBdtLZC2!(KG!BGW@}2>2=-E@IYZ7*apETQoBvyc2!+snGwKVjN~p zc{vrpH>x*9>#2{{{{!~|ZqOH}+KesljprA}oe`tIoziDM>;oq$W=K@QA}O7mTKuB2 zG5d;#rQ%9O(R5DYC`OI89??mip-oDJ-z8(#oqD{7Zb#K%v$YA;pZ1OdMq(MR+P;Sf zqJ}+a;Ip8#Q{}TDo$pKp(Y-q?2EX|rlIBfNj`9-SZBR-MbheeH^BbB{tmaT*Rn?*} zC&cvf%k|2jgkG`+K~rua!uw09uey$=%&Uh%mRPCU@acouAk3HO`PmRrWfRX|3`ul2 zD)RR?3-lQ#(BSY33UuRk!UhoW z`zYUWzalFpdL|?;MvGGSm^^d=bc7FBk zgNNpS!OD_X*dmzb!%GGaGcuR86l`$5V^>_c9boKJ= z5xVVQvM2HAqW8~#&Wri=uJYlG#eQJms_)bDWRkf-QWEgd8^>c%JUBA)>((W-TX_Yx z8d6^sR|-j(ByJaq1ZtosMoWpLjs4kl$75$gk$7NkKZ&EmqM_DyQ)@nolRJ`a0xD5FSdzwJP5P)VGlo>Li5z0h}b~v;w`2f z8u!O9ti&D{BCO+`eZ#oixN&wlzL|Q@ic+shKU>y1dp{WE)Glbc4A1f}{oHQfme(M+ zEgQFY23DcD9-!LzzR}!^M;-hc&Y2U3;%)uZu)j}GRGwW+b~W=@Yg*^`-atS3(z6PA zw?HtcqnrINucsR<)mvzn6Ox&ZT%cKZRTY0(5IdRtX7OdUp1j%SEbp>?U(f63Q($$< z+vBcBS8Ll>9&DkzSW`%c{#;okvGc`2V+p?yqsP-T_Inux?3GD1cc-3G>;?<|V5qzRiKA+gm z5iy6qnDE&MO?x(E@OBo|wS4Lm50!rz*J^aXnIKmk3d(Z>tDE_NdP^8ommSsB9Q>Ue zT7U26$HfL)x-j2ZI}c7c$W^SWUmh0ImX|Kax4sTe)GU^LITwBg zh2o=NqS^djfC`*Fwbv)UE#TF6&^$m+cUa*F2W51uGGrl8?Q_6117IR83yJT07zVNm zMH&v8YS{+U72|ns43Ua2(6EhIM{3*M9pSVQski`ATRek z%2d@_%A6CAwwGo$%yB@+=#Sc{l4Jk2Y;q~@R^ZlWBXEiimz`kWkxjash%4(At7}Q2 zA3G>BV{VfKLXO_CzbEVkV-{ux;T)Asw@G^IhkQm8dpLe(6KnGQCI=)ha7*%W;m38D zM03Hx1Om(*0F7Xz$2CS5P%sG9&aH$@j3zbt;GhWR7psMAU_RqY+S2(g=^{_zmHeRn z8LAt(QH8s7wrtJUuvISXupnX?IQ}45_$Q4;MVm&U7MVR*_*|BSJhhpid7ZUPc9T6r zW49?#2v$`4GKsjo6CPt$BYP9eP!T`<1uz?{mP|Z7pI*d}fuL5Jxza~*Fm06* z+qHnnO+~i;NYzXm^ZsMI-$g&kwc6!5eFE{U@>veSs-*A5#Ha(z80AG@0?8QA?gv6C zHEi@P8hFjL{ikv9xilgYIODy5DQrzL$w_>n-PSU&+{#B$WkG^gQeYuul^o)Z@B*_f zv>YEz!bqZ-P!R_nJ%$p3`W$WMD3;TjQS`P`)3SjU_QJIU5oiHQp#Xi6NUy{7T}_e> zkez`zP_$f>plJR14}+kZ`xtj{@|Z-KGa*#92^hTxarZwJt}89c#xb>~9UC(;KIeO6 zwAL~r*8!=21ipt|a5JP1=VlbJF@=(gJE3v0InWql8*!*&+?(P>(AZOh#RCA3UNITx`fBb1Y%DvrsJ>Bc5hCn%oZaha6l zWfR$jav~{=%BUvPTyBpl95XPU0;XxSgace;uAx|mORF_Ipv^rNx(`uZrJ`KRx$@wt)~linK)QN*2U z=Nw@ndG}dw*d{xBZyLeACh=a}lL(amZhvn!@}S^=5w>B|(ZRP?&Z-Fu#y|Zr*$l+Q zw)LlpsAFzSdr-#rCggICj8`RD{y|d$9!iSw+NVt+5Tt+qV_2#L|9F9w=Ap-aZ=@bJ zPHQi#L^RXr;DKTayEhu}cnPu!h8pLSObDp70S5n;Mn0@B?g?w|)81eFDSN|aH0C6o zhU`qe#tM~&+3(CojCPwAZ<;?xZ0)+mA{vlWTe)sbE~_sIr`EosQPesaY#c~qZX?#> zQjsy4qOZ$lx3ued5cTII4UK%*3XJtYMBC@^kp34*M+n<8#N+~m0FrHM3`G;cC6qO` zAiIuYv*tAKuV;Fk)Lg-^egFN&2HO=Qi415&4-N-<$(jJa`4(?NSh;E5G&a$ODT7wSHyljcTs?+KU6SlN% zMx0czk@sHrPgM_cOr*|goJ`4G`F>+mQslwdfwAcg2-?vG7W0;_YufF_nrF;L@0gOa zxG9h^iWfNNQ$3TY7 za|2Fy9Pde)HR*E_>sNJ>P=y$YrqNWQvlZ)(8=OlEU50kpI{N3Q^)l3Ww#imw_riG? zHX$G4lKuHP6*y{Y=_ou@kV_$00>OG7HIkAqMYz?(sO4WG9)+@3S;Sl^*<3I$Hzb&e z0iHne+9K8jWf_(zYPdtY88D8VLZ_h_O98zwkhEThJti>sv%#Z+YhwbtSbX#NhmmaM zs@PdwFi6Kujo_0mZLqcKj+v>Lon~M{!Y3y+W^pa`>yjpFhW9=iXJ&?YK{>pyPQ-Tl1&VWE z1>+=5DrE~2HPHefJcIPfnWs53&!U-@Z802fc?&wjmws^ELX8w~)o_tzNjRmaC9rx) zF;~h2<}{`Ir2X=cEOj-`N7$a0qsV+*_RyMmQZA-SYt-Fia=w+yZ#5_g2~lA-vugIUpD17 zZCAt4zEmlSj?ZJV+=C0*+G#Xy3HaMffRmBqZy~U^W05eNjTJPH3=MMo05KY@R0PUWiT$h<2#L5mmbH1KLcgVRucCD>1&$eC#Y_gcDECgxwgvfqwuJc z_Uh$0LxV3R>H{-?ZJD0YF*tZ>%BlU zM##`Tu*I%x@nu4)gnKgqFRSvm4psZ1_yJIowU37pV@mp2xB-s}PIj~W(6A(G4VdreH4!x%_aDOZQPdn-32bp9;pR;Qra-`9Mt&%hRZ6ZCwM{Bwn)R;X|2;d!gU_Qx`ZNgEqVsUP7KhJXdx#L zxjK&zWWP|fnq7LuU(L8v=!CQxnE{VQ!BI=jC=k-gpx=7Wb34{Td;386aOveR&&1&W85S%R!M2&z#II|=*{h!Vb6wc5PSN^N45NHeBI+l0);dJLQdO(yZ4Sgn7)bkp&Z4Yt&o4M z^$*QDY};TfJ1(0UgnEkyoE~Jf_;jX$;F;_tYmuqr_=O~YHqDcmC1v^xRaSNjT5V2> z`9fO@&jA!iXf}~7vJFacCg~X%{<}T%RSt$%Q>W-y+|&{Yhe!jX>j^h{gN1xNI6`E{ zFuZG>WMk0>4cw>94iRhj4J8QeO!#0^s{+@4Ek~v1a1PEKnhy69S%N31nR}u9#&mi} zfG`RxA_8Ueg>-DD_*>c;7CB+t;GKXisFe4f12GnP4q6iJRD51>^&CEWQbMw-S+^>* z%3~Q^DK?)vn5xEf^wIC{!dT=M$4sz$WK^TFXE{%IwNDF;e2Tb4-9XLOXkQ1%-WR!X z3zBXgEHj*aGHr&aiW7y#3emcH31kBkK1$>@VU9%D58$26^&}rdVb4;o(oE6&d1IorZkt}^z!eu3vIsykGFcn*Kt*eEdgzY zq*UCu?M^SXH=w8PqX3lbBA~lF_7#xUYGCi@r)&R0dWI~`0Ekrdmc#+X>=XU`x%1_K zzy129_YE<=i)pj*BV&c5 zhH11>qX(rEy0m9IM17~>u#^&rd2!=5@EcLR7cR1sEtUWCMI2aZ@HW@Xb*i}{T3BVY zr(^asNGL8tADKY|D?i=6jR;BW-N~p+om)n~b8dcg*#b&*F+!l<@Lg(a^6O~jm)mk7 z13!B5oswHWR`gvW>gn{@>v@G1P<=~gRrNF3ZhSS9Xi>$XV!UL69)WLLCpg3w0YSEu zkSO1ceyAnJS0eAaBaa&3>^$wb-1M2uS*Uk@noj{+-(w;qWeogJ7<3j+%FOG4=5kHI6re59Nlga=EmapfI796|Gz_%>y$ zg5DHXXR4SbEdvn;9;J7LHHB|VsV(g2^0g6Aqd->&vE_&bKuR4kkYD%aY{ApJeu%zrzkx5x97_Pg!DFG;Cbkk<4b~ z@Hk>NlXmyA1ZsoV9T^%rS_HnlMnt~Y9QN2&+31%QQ1&4*qPrU~%`kq%y zLFy|%fE4j8SWiLx-<{K_r?BtL%155B+}tLk44);AoP2hL#W!>r=AGuk99Z9?7S^9M z+S8p0cVd6yyL5#{MwG1!N{3$31M@|hu<$%uqeDqs2a4`!{Ck7IL zINgc~;Y$J&012OiVuuj()8aV6wLG<~KwoAWI%rsou;qPpk>&7?TvuLf%Z3BbE-_F`AMR)kvk4iQ72SC&uyz<8^h?RU|KL#gHbhXs zmr!t!Li=u)oOyXu3Yi?7aKRRXEwD`uK|(f@3U3@N9yk&@!DP>OZ|Rf0BlWsRi{5D~ zW8{FvQ`W~KQ%N1rD*L1I+ey4Alc8nPs2XTaXd9g=bIyB^`A7j53|F#4#qpzrOP^q) zU2bH?QL4pys#xdCABo&Ms2->IYU4S!)hDYR7+iTR@BYlGxnoyMr=z7bC+MoZ(-oVL zRetTp(}dRnh{DHy0GD?yU|_1|1w1}L(joV!zy;%CmwclhxyRR0-D7vjWB#emj=(nX z0g~3IK&N2N&FVu^Dy$xvyH}TZ;{4*P(8b%7f?u-OBL1u^!&FagSx&LW6yon2!p94& zOK8ktYbYAj((pFCuFs`3++Pm|m#-pFa9*SK;4CKd1xe(#$3rv3UqG3~>Q+l{Bqw zshua+zS8(O3Rg!#iF(u3elT05V{gV8A6fe_d?LnA#(|f$iCfgS1?sa?`rubg9ao@2 z;S>-eKdmb~=K@_k7jf*3M-@lV4leE0b4wz!=)RL7hc8x6AlXN$1mO-oHa5!6V>uaY z*7Pu2N6&ccs`S5K)b})mgD~G6h&X=-jBgv0h*SL^*4{BZv!;Fbe3FiB+qP}nR>!u{ zv2EM7)v;~cNykp+?&p1H@A>azj`=iSQnjj5E9*wqs`}M=UYEam?MW>^iO%4e0k88D zxP&>V`ngi(nGPmB$?4ddBSUDx9EP1$aR9ngWmLTXph`!W6uRP>Z@O|{rYxFB@q2i7OqnxcGM$uNw&S1gl%3@7RD$tj$D^?C=aQfo zKYpT5Nn=Se%-?Kd7;#D9B- z5dQl+q4V;Tcz~X8k&oW6Z}i)5Qwi~pUU9%kA~8giDmFgCFa5#qOe)~pKmuQcLHGnZ z4);1UtFLT9-|XoCT@zqf%P zE&^}(JuiqI;s4$QI=zE#h5%#U6J|+ab?22#2>$*-z^nK<0eA^#e=p?UD`?^bTnVe@ zifGYgnj?`3e|xCjaVI8`&$F6YVy*zDaNOxhd`VPyznV}WZAn(NZz2y7(jzvWEnj@Y zPhu!zx~fj@3y0%M18iK*+NQ5J+kdtCor)E^R{yhQU_<|0xoG_5S<~nSP zr?Vk!%RAFojsvqkli1a1(6%QN`ETu>1eECS;TLkvN!S+7tq!1b@q!Mb;vkhoVIz2dQJ_&YwC{Bpba$9Rns8wc-CT=o2Ab0E7O;ER<|KBqd83 z!aNJXYipQn-k^*6E)$5_&SiB$LOzY52A5eSAepu53L5VlXFud$^pKrgmJy(Cyj+AM zXl!h#qiS4%D*;=Oub49`X%m9_Fx5&5+sd(?BZn$UB2c)M`sNu(ObKAnH7s|QRo)YI zk(TO>8$Xtpqw{$$#uB)&6F_QHno1}%i;NYs1RPnn4`DoIl8q%vF(k930rJ-&O$P(; z%!bU_B7rGu?ttP&jd%l&cBMc^E1+{E-b<$;f7vM3G3;LO&I10 zPJ&O~u)U<5`QrkO)lM;7!DJ2tP}Sgq01MF$$eg7kK>bQu-2=$IB~7~B@PalRmH?Sx(hK^&hCgx_K4jg{>_Peb@8rn*`Wz$r{ zYhgx3k~ob~-cwX`(MOi-WUB`xj{r2HjI{}DAt?GRkU-03xv6I)hEUP6j%ewpL&QY_ z3IIY!(^_U90ran$DK^zrbXp)QD?+m;z%_y_7Q{)#<>+MvO2<+ul&nJqWZJA_^AskN zZAdlf?en{uN!|YQRcc2)CKaSZKVLTX&alXT zCahnmu3W8DLZgn3Pl9P=tVA_s2vhi=5iL5j%`$YTrpi95_+Cnp*>Gpbf{6xB?R(m-k>-*&~!@U`Z*Lb|j(9 zCR|kBRdFRjN;6QaPIcr`C$JnyN@FzWDPL2Ev}nX!*$o-yTEI&wN#at&#~D}LwXuSh zXd}wXgQIoFy=wc@s|v4{MsD>mAx8$~qfyhLY(S%uU&7@F&E~&ks3vnkkD-VTVQ5Wy zQ?&Fhz^R%XYK|@mC6r6!#>4m+Rv{_H8yIB&G*N~m;G`XsEoZhz@gbm8b&ydkm|`6N zKr@Tl6}YD5H|J&k4^>36<6cX9AsQYskgT#t=|NGIL?ahIux7c9Bj zDB74p!B8{jLPaBzxTqJ(m%TR<=W4gcT+`tZIxSPtVfU6a6;+$+Pth8xG#l_F3Urie z)7Dx!O{ew*3RN|u^S>}!(P_{~L)E@~e7yB)=|-0KP~yteAe2bEh^vW|4eL!^&JDeZi@seYQ^O@#UPcuG5>ma)+4{eK&0ac9F-LR!1W~ERj z!pV-QZhR(Hk(${E3@sZEfJK{ylXUqPy%N!}h88?jMU`hP{26F<#dlvlPnAU<^RL3*ti@{uf0{ z1rE&~az%;Cng|ktGFL4WSLBc5={4F_B8krZMbT9N6s?-tnHwO@ssYJ0 zif}|?8h9~BTBWQ>&1j(6YE_I!_`byl8n~>>?h z)=C`7y@9t+W-||H$nTai&Uxmas+=XY5V$-afP`c30xakX&eQ>AE@`0L$P`0`w6>h^ zB%r;tcP>*ZA{LVpSM}zd%z!+)3iDz4Wwa>iG~;CN1kar5=p3SDRxGj%MB0`!sPXwh zT%~S9uJXkd92#ZJnmH*T+PRdb5&=Cu2$183mvvQ38$kxJImvtjjUt`klEca3dM4)E zEub6Trc!F?N;x1?cS0^r?JPCR=J7^g2`cIkkw&0aG)t9GKU+*{%AHvvfRPwIk0D}I zB629`(y-N9JR4*go9jj9NQVPtKSQqJ$Lr+wWXeBjR*I3#nFO%3q0wqNqL#oW+gQ=1 zJh5XQ$u1;jnuw8{73s%SuwiVf;jl#HZQx2a-5>JSQT5^|Lk0%WtQkc6O}!;mM6`NP zn>;(gB(o7AA{0S7$`Z0jIH0CeyUa@FT>Z}^3*5C!YzijBTY-fg{Vh{{-nI`0ksfsm zy4p9>rh%q88dk|fI$29)P5Y3R1aQt;9M@}oHYJLfXc3e(hb<13mC zC2MEr^FTynmT6j;tdpnOX?r4;;#%PMZ@b%zoSf25gCs{{yC z<#mlfIpT^^zZIlI4iyLwK`Pto9=3Tf;#}prm8wgI29WCpxF-5v z-K*CwZ85M-!SJI?Uu5g{tOGttM8-c-3#goZm6Vl?Q}zJNTE)wb?XFSPP!u!A7XvD7dagW@1fy0i0}Qm( zl#{^aIB!8z4%k#2%|m0w09wD*>TND-B;pBeRMSG$0gvQePIYVGo1OJ2@pH~ewv1T0@&-v^|w*E?e z-2bOmMV(zFvceG-AOy5b);=oESt~fUH|nHXq|G4~3u1x)A@{|mid{&Avc6-O*p7%L zrH;EW6LqAhyL{o$wo-_VM!2z^)L31xTs19N&$DvA{CrfMgV-$CnxBfPsQU*5)xP9f zT4gE4zJO|DU#PJOjaY%BE@{Z1N(NliK?_@(jJCt1eP+^Fxz=8G3<+H|m)>DNuE-j- zl&Xn1nw#`U6NR;t+8hc+TeROY6|}*Id8%SS`ijZg6Sm`UpC;eg!|;KCW^}xd%=5<> zDaitfhURSu$-u(?oepOvgXmbWap#)NIk1%zA$5#Bh4OVBhFV*XCP*8SW27r=oS`p%L|Git{>;6<7XXe(IN z3ed77RY9{fVhYjeU*EQ_dp;`^NEaQDkOvZkQN!T~2VM=M) zaIpE*buG}0Mu<2n+gejb06tG>F_ep|8)sp&!4j_G>bV~TV$j?3(gQ}IW?59w=N&^a zk9_1vx?^H1zlb}Sr?_GGLhThxJ|VJM*nn)&V;rI!J34tQC5phM3v1y)74k$EL5SeQfh-uyD8>5L%WH5_LnTfO(tValOD=EjX z3xc-}M=TEK`2c&dUu|I-o>1O+DnZwaIu`#IXCqJZ!se(fdt>W-qz!a-# zYMLV}?BlH}X&aGL4DF&6vTh*P*PwCM^PZs$wG&vO)fLri%!9EKUyc$9!$wSEu&v(x zkOM^;s?$kqEDnC~p+HVCX5>}G*`pGDg%Z^aOpxTENjm`&yv>l5fXe>?YWEr-!vil8 z3q5&`w&5|bE0O5b$LOs{U(D4aRnvw3WNGOB(xL5PV}*3v6)Z_Qi377oOQ zq3$7^>dYiWL7=sqwJ5koB6`kf)^0Ds9LUw0GjDnlMcctDX4rq7Js{=UY$VKIRoT9h zJ~biqd&80Ef-w!&#i1*cdsUUcH#cpTXx0XhBaRFKFbx1ZR|lIi9DQ@(%d0Q;WLD(Arqgt!Dh$I-ZwAYEFaA+!a8f*#nH5Q zLdf~sWSN>eMoJ>-t13Z6QX@?{IS(x`*w`{@xLnqO3Oj#jHv?jHHyv%uqE((BUK$15 z-f~>gCa~VjC1c(rrVBQ;6`4R;W~!~4LbRidbuf69#i!!1etfCK&;3ju7eRJ?IbgHg*=C~0*7J;>Uz*eI|#UivWVaWgq5E(xP z<(qCKdBp;u=7^?p&W3?UbE8AIp}WRq5@{aJcR*Z1r(dm-Hsxjsbd5fssTu3gMg$W% zMYLKVO%tL77e8l9yE3j)nmjiQNUIBJS*%W@AZp}k2aQC}*uu6A`cZ>BhW{~QFaxYF zPrZVu{4yhqSA!ipp~K?owLBwhm`(7^&awCgFm=37Y1%r>6=gg6)2gb~*Np1&WZ}(I zjvAk$4n>Pe*7AkfNkc8tOtx=ri|SR7Be)<|$v+j_{T zO}%D|*LTu`AG+C0ZQY%?5~XZC2xde8s?b?AFkL}L3@??0VH9En8RceLhNAVL^*<5> zO8(~Oye4?duRTlHfLUGXWVu=vWZu~7tSSCW2kRM1a}604kbN1Xl~QrdA&_3rQYcA1 z0%`c6luoEy5gN|Lp@E^~WI*95m~H}Xbh4}v&OTnDqLLzGb;K_(DE_-uTU~On>0QiK zlUy?OFdzeKyMBeYA7<1z!j!D>MncVHN$p=@arVVC$sBlT%+i+bJj~x}^TU(wtA`a0 zQ`6i-K#JJvqL6ltlR~+SkFN2!+IMk9r8xP?g9#9PE5K+LrZv!sfQaG*529@KJjtG)vr*DeW>C_-Qc@*qF}9fU?t>?qP6`` z+5mvzG&N^DoIp`Ns5;ma1D!DML$R%tVG_Mm!g5qhCB6XyhqiUvr*)t z{kY9ZLRB}~Qu{ohVytMmOf(uHoQip{+)q?T^;DX4k@-b=^t$|6<# zgHxkUWpuxr*!Z@2qHd`wezD!6ZRdBK; z#NmX#u-0h*BURMS-vW0nR0t`BsMI0WRyp%=GOA3GRcje;$N40zznN%}X&tKg%UV{- zI5)E>_mz7nc%2sWs@5)}$kWZXi=+k$zOqRx*t^!2JzmxDMx(|QWdv5z)zk|lmS_Nx zYzo2lCzH!7NYk?>Sdxf-Hp1r>ZAp+y#fwIwpl$xJ@<^78j|0L>!IbI(Y+vTRaE%(w z#6V&OkYERhBu_QHt;SlQ3Fj-Xp3N2twdz-&I!A=^7yTIs>cj7^L;tqOn#CZ(u^T9M z!boIq-QAM^VJ^t({8{B+*wJ#rH4Ax@!r${s5sAq*XKknhOII09Ha17%4~L;uS69NS ze+>Bv`O&rdOY@$Bj&8*iEt@~|4~%~}^C?Hw3M6uwGb3`@0dO@`m5GJL9E;zwiA@C(*%ErOTTIv++s^j%$SM`aV=~Vv%4qs)u+AsW(+raN{Wcsbm51}M#c9C`!D)oro-N9Uwf(Pi3 zUK8QOc@hZ!Z|E;e&Cux1xQ7`*_3sn)Z6LhbPQoYl7M#v8E6`bMVvVnbP-1|D!kC`e zqC1v@m{Tjysx#)&+)z?S!_{?{!0JNx#^>F)IFoLFw-KoHqK11tAvc^5rr*}Ub%`kt zS!}B*R~vLGyik*2;{Jy;w4K+v1##h-qSk#>Ph3+J&dSc?a%9l8ISbS>7Pc56*1h-T zZ9iCkMI!S|s9+Quadgdg^k%t}bD;Av*13m+VaXnMGTlc8# z@cGvsZ4-}h)Q^9V!JKM_Kn3VhoxgBDS}I=-J`9iXI_lLPs<}Ye%mDB8=O4NoccYwh z*ru^Gr;KH-8cyc`zwwUA+3vhukdnzo?=!#9%m&1Pblm_0i7lXK=;Z}E@Lc3$X}&GhfgAR8H8 z0~goYBsoowY^7+O{HS_VtdTmX$=LZqep34%$WI;4fqhZ54P=EUi)f`s?scqG^D{j= zldUiub-FrQtcJW%qK_5A=kWW$YByVra4EScb$ zG^}5`;!hJ~^LpM(BuluCX4IjqR+vGLAu^q!tkIVA$Mbw^Tx{NRjz-JV`i5HQoc@XZ z5UzZth}Vh4GMQcJMl&^M-;vF+b_Y(A>!(_-BB{(sXxlpnl-7-iyiEMHvh z<1j;AOQ}l|-{3H*Pq>G`!35;oz$uSph_s%e@E8RJez*(CLWmm*FW~hCR`&S&1 zcRa755jJiN6-k!_4KFNVz*PPZ&B8Mp+6g!0Pn%kdpv8ZKY%{rfMm?fJweu zImUch`5J833rt&iUuk}X#l`^@iL5oRp?13-N4wifb(OOyo&C0ZdEJt9>@*UI!&y0! zOZ?}PMd+3o61M&k5mqz8<9qn9`wC%*U;P=^$i-OChEtRVqUt;F)5%Tz<7Bt?)l%Ui ztV_VL{o>D!-SvWU4EFDeKX2Xk`rRi^ICJt;Px-17ss)LyeKGFetDUvHo9v?_+ugI1 za|<=-df)u&%OD@9pZA{aV>MszwcbqWVv%S3sed6ZJC3ZSY_3+KhIMp1N{v zH$2Me~}CX&NT z8gx}aqBPt8p;?LNm)gy=4uAekvgPA4$9=k_dq#Cu;)2Kb2(r|k;mZBTdo)xtm53wK z%Yj3t!fJycddZU=bv}RovucN2Y+cfa-722}RP2R4zGzrJ{Qn?d0r@}WD-+JgeLedWUJyQBvbt-3{Gq(w zUnI}k=!s3p^$_!~g6})_$e)D`XbeUGjypJNHCuCHAF14;SL7k&=)@rMN25I!X0#c% z5d~PoaaOK5aBF>QgoEI?cBQ^_Gm&e{4ZWWJ@5v9k0HDT8rxv^#meG1^Ou{DSjCNYL zqm{}4YSyK!v$knYeogLTnUK2OPFs!9TTP&a&2nbY9@ibKZU?J-Zc6L<@M)+_=bVM# zz7Z(dU#f(?np(!HDNOuoz0BlHkKLq!@8`7?wn7D|KYdfKaK8S8J9kfPBGW_oKv>&( zXt8Vuv%mhZ^80X4Z$xy^nR>-+*58Pd<@q&N@i1{7@Y&&~1g=A**>YgHws6JDo7qYP z&hw7XaC~vC?9GY51&@@4Sn#P%1z z)`*$fU7|_`8o(WA@#Nz2Ndjsmme(;eo13d(c50qu#bIdR^U=M#bkb9V5P+`!ERV&| z$J`=43K=Mt4U%tV=exYSFfOn%bsad9kx=QimI-&$Iv8IWQiy3aiPAqdX5V1d-`yHF zr64)?D!uLghfh_HLG$qsUO+ZRs!waxYUy&CylY9y0iJlN$wxL*F>eQ-A95cSRrgJ)^bYDx-&+s75{Dujf*jUi$SJPZOhA=;iRdWi}1LUBO$ zrep8dY^^~qP$s_qG3aBz$~Nc|r|L53^Q#RW;aTwd4)Iygb?s)vMoZ3pTi~*UvysSk z;nP_$EjVyhc1MZNh@E%*`+k}>2%L!L4^y}kLMNpV0%Aa#3TzMo5eOn-7=+*?EzsXW z1j2|;^JX~bt%V^s@I`r!^-pLoSk6Rl#-4{ihsr(l%)SC|KMDA4nJx0ZqAU&OZCS}A z{9s{5#^*h+2x9EHM{}=057}Vh8yK#A_}(yLtflD`LM+w3Vt1A5AEink{~v&{z8UNE z34XAEO4T%A3^@hvZ5a{X(##UgzT)S;G|0Z9PasgByGr9jq`OKlLY6lrPer(V4LM^8 zA>9%?HYa4q2tq2=zLKa;MVK_IL-`lS#cS$`l27IWkkRr7R3YMRd4Zm|cZGh19YQYE zzVfF98RWjQsCPw}{NqFx@V0dW0pF7RrSo9vn}fRRV7X^GWzIKikf6pdIS8K_c3=&S z*ixah3h!Y3J#wY~lKbA2uzgtHzHcomw8*gUN8)*Yzr%|QemTNG(M_9NxICikmH{C| zH|%}ecgnU6g+FvCT^Ap_x~UjC&_lo1t*|44lT}?%paBO$^>vP^u||d_sh@Il59-pY zhEC*~J7Wuc!u^kp4F$Vz?`H+TzY2HX?5MuUp=-X^8mT-!@TV)_vsEavh@eW{)Avvm zReV4u2@U94;2_e3`*47d_k#!w;DDSU(k3YP?|!wzi_9oYdODB2-O_7PnDRzw;*(1Eh}O!&Ro8-wKM;vh(Cy{mH*b2{qOTn+1p zN*nGgwH>768E0cJ^Xs!BR>Ch5LwoHMhU+G%K`Pxok&I4NqUMNj8;#8kom< zduk1-4`QrH{y2_Xcu{x45{KJ=KNELD5VzfH-~63_Z~ap9vsSCOi+AX_L*>L_H#UHK zGF?M5gsweG!)xn}*h$_j16irZs+6DM$S;KJ_LcH%jnZx7W!vWp2|Mkprp3afdICbH zb%C%w`HXs|wPUhSMlEyedH^%TQrz9SL!@K^=Co#%-_f{s09U5?gw#JpW{du0qq%vQd}iydTb+3;2=2=057 zzsWNeX{@x+Md_Z#H_{foE!R+ z@{7fl+|MSnx~B%hp{VB0dF*#z--^OQIDgdh$cL)R6GC8mwFEENcYj>m*bxDtr-g1j z)RNRcJm(+=gH^L{M!&2BX{LxznO1~H~O>aKq#7Jw$`is=igu&8K zn{{mrXeycJ*^N^!VUzb}53sLheutWsKbMbRs4mguzlhZmULtY~&^=v)g*Q5V9pU3= z4myHbQcXKPpw7}e4_c5mswhLc^k?MndsaMA+SPiHZ?+ySCB$R7)$PHoXU2POKg;y; z7!FuL+P{S*F^!`4KaT{1qnmw?j;KPa;5v2ls+$iuT_koJI(&9J&(D zqWafBILlgN1M4MiuM^ogRNUZDs)?i`9mPIN_dJu&*__ z@DJ$t@J5Fc%-+z%ouV~atTO2ztH@MEo2-gy)zT%N%c}jLe?5<>-rTcZ$=xwzKN>U$ zo51qP?b{sy$zgWX4^PU2NTv8~l4Xvv$E2RE7&Ni?fQLwTkeRf>#mPh`myTb#bAZ;K zCP52|Jk1-|ZApSp%M2SNPhqn2o1JvGkHk4uTzLRfmtPzaqoD1F>zJ02A7U zm1F?5it{=k7OBZv%I7F!^y*ADTU29L)vUE`kTbI^Go~m7nzMv&;{n;yY0W?tjoH zAmF}PK=Uj7#I9m(jvU#3Z&W%ww1$`ZBlwCiv(2rDRnF5_LO)%6N#fcgb)UtCt^ir)5BP0Un= z1_2EJ(icMb5GcJ7w!d$tr_@Yuze_TN()~|!ugbg7k}uBbBXCkr%>!r!k4iT*&S__J zk3g|}leEg4Z8g8-nLU~i`6_fnPWPu@Q_M`&A$d6qE!Ca+!sW&JnZaK0kl{ z^z47*GQ4>8SI+oI0&M`~q`52xzs#&tuGxHM)?o+#NcYP|l3>wb&ctN=1Td51Hu4cevg=+D{ zPYH=S$^V^?ip8T3MYw_i=A(;<;1HxK0xgQGYL7*r7Y`N8yQ5`QapZZodv$!WsGREC zt)Wx*E64wE&Cqir9lWit_uM4$vRbTaAau>#vbR)gWZl&dHim%Fz8vt`W&x-6jtRxc z0oUry==({ug)Q`Zo?gPo%|g{I7PBpQtfs7~iDi!gTwt2E^5!gLPkLEvg-|gx_{hVS z#*{7kfH2bvwfY9Ny>6-B&Q%*>8F-2d#Fm~Svaw}n{D~P~W@#dJZhz;fNHZLN)&;#Z z&e1UeFmgdYldyAzhec7YyW#t3!>-qtZH-q-+(MMA1ZyQWc0v!vnH>fXzg8F{Xh=vz z#JBllPnF3YXT)y&XzBZaqv!j3$T7aH{D1PlDcRyX0RPjZR{lTupY8wPe_3^u+lkoI zIQTJ91P_UGau(elT*RE~$(Eh)=jN=kIr=Ou!_5A)Fjy5%fl0QF<~ zWaYf~#vp0vsI6mnJ0F}!6g9r8>Fv4#gvXNqHmAcw$3d;RiCxzi`K@yPhVw+D!RGXd z|NS{q>j3-y584~a`{UM5EN$>pj~o;E`V@*;Y)bhi#_<)5s4rfo-)169$^%x)+8s+_ zHhpzSObHjV54>G4F3-sQ#aS(?>X<@lpZV15N0HGQ=}2ty8fu#7h(+b?rkvUIiQ)ox;}dk z<8^TQm40H^NWWL!pcXUSF>bs=`YR_Kb{Q?8f8pQS>W5 zI#eQv6>?!CC~v!GV+yq?k^WF0)Wi_5?B|?I8Rm6IFk9h;k7^j2n_yV{>H6!}9_bEk zbxt8#0N+!H_D5=Yq#ywOMGD=4mq!ke9chrbDqE(%Qx8ZFk>z(r%npwX&PqXml$(N8 zg8!HOp{%i}W4!*?_ykl=xzn5|J;0Wq?Kl+2#ptS{G+DN3bKv#7=KQE%=YJ+xZ-nu7 zbKx9$qOE(ZNLD#z`@9!5I!LK=>Hr9pHr#`C%L#mZJxci3|HM|MI+GGNka7P%7~r~_ znDLtWi-UnwFC@=6RaDMb>n5h23P#qx=6;9A#$IlTmafyhf>hcj4ddV|&L|1KGfwXO9{?p1K zcM0=3<(JbivT`HY@qXU8L_RQRCo^pJA4}GX{a;H~FkheM=Fbbm@gm_3+2Dtj%zrr- zpKTtn8ikBM;+HH*`E6qTt<0%I;QG<%%R#^ET#%%fHy19PyypBJ#Nae|p>nLYSHn*p zh#i41o17N$#eagMx=vOIu4KRJz$`pwt^%8AuR=ZH!>|x}q4OR|`S3l_1ZIF!B{@2? zOq*qdn{k4ge3_Ijfv9=j)^J?2;l?xF`EXw>auN^;W*2_Yakrb|Gipr5tj zVNJW_mGnfjt*R+zR|++5+VB{K?{o3S`)U!PMI|K)p~ z-+%dDIM;j@jA1_@g;Cr=BXCK(vKf^36=3>(uzVa_&>~4Lro2&fUr=#XDlvDae}si` z(Wlf@+0R|&o$0+5k?kssa2lMNC;+B&zm5d;S|}$HCphk{|B2UXURpnvjr5TMF9?xK zhL$_J)ryVa%&)aS=HS4)Q|He=^RgRgbU-FR0X|35+71Qc;Nm4}Ev^SAGyF<*Yj?on zm-8gAa^^|Rh4Y)+a;Y_4AGwl^FV0M?X=MS`wP$|6*ISij1qOxTTVcB>i{YnG(sC*J z0ON0ut`=PNz~@YyF-3J=^@;Qe$mn;KaE(LoR}de3%g1m#4r0Bfe71TRGn9C)s&AR; zJTA?xc_!D#>~+Z5nZCgKsh3DIKMASwL>|g)-jsXP6gTe^YTA|EEm`^r^J`%xHJou- zDBYRn&AAUlkD$%k;%l({L^M)%DP{Ah2ZrfrN^W3>n$SH^1W4ho`LP&%Zx4P4wxX zQ#NfpP+obs#!&~JiYKr5`5qZ9s}p{UcS-rglld7-Uo5fXv0Izj{JvW)-ywf@yq3`! z;k8+>iA3jW*K?Jp?Our1bH5Lg=XWyHjwo}%B!lw(Ea`8CFIv?8c!xe`y&m$E4$E+% z-|Ri}8js1+Divk=O}u4j4%U6q3O05nVb+o9B=&-Sb-avV>yP?hpLQ{wzrA8^ zZQj7Cc|_UN8AkvC@M>z8e{O0Bz`nx+QmA!)k&wOnE5DQu5q1vGQ25eYBLcJDkW( z55u9SoDd`kc0Z(0C+7jBF6jYz9O*70GlZ@6MQP4AmAT}O(u1vA{4}jyAfpCj-~$I= z+e48gMvBZ(Zv15kZI$&DM#F+xA$$1=LgUbEKUDM%ie9I;=|J(&6?BI0X9(|Ki+m<;Qg#k2ZR!s9J?Q2{4G1=<*lRx zyIIe-%-^=dJm^Cl>{tnvuItTuyNh7k4uO67*t%^%kwQtIFta=ATXq;^877alP+8cW0Jo4(D`ck^NPs=4F zru(4ybVQG~PD?Hn;{ERxhutE=1Bo_qq(u>J;VOfPHc3cO_P|8jBws(Th&H>Td7p+M zn3;a-ofk0Nit)`F7_|sPU+#?qcOsmfEU~S2stUBMX4)_cQ;w3opElkf>>XnK8Uy`Y zY+3VAc`jTt=f{lk-_D=qM)3?4x>3+PDsU^y(xCAS^^`oth3XbIL5u!x?>H4+w{X5& zS)tAews|fv3W1f4admW6bA0oYgV6Fi1nEQ-uh1BRRER=DUY*r9e-zpMvZGZ~m* zzX=xpT<)dnOwZV0=2W-iPce806u1_i)F@Ag&**|L3C!r8wnOu};gUUU2Iq7F-sAr^ zn4reybj~`hDAwFZ|BmP7XaE;~+8xE?AtUs%H-?Y-hY2LEci zXj(2I3WWUaIikb=+r%w3is#+hGKz<@7D)VeSdI?Uzvnqw59DUZ>gciHD5SpEHuh<^ z!rpdFiH^{6v9`*bv3(0|^>Q`4@1{vNo&Fl+(rJKBy9T3P&~sz!)k5yJO1la%Ec`+?awLdnpmY`sr$0A@nyF?zp$VC!w^IWxLju1R1P>U@&GU{`90qPJv4ISv~Y$tYMQqdE7 zkAu`(6_0-7r2#K1O_j+W^ijDV$P?>d-u681j~qhUO0M!`r+C~Jt#8k*-B_gbF_qc< zV0!j#YMtwQxdrzhd;0nn|FJlyK8LMNmDlO9L04P^0hU*@^co1}v$4}Y;65H1RE{-W zuWt3~E;80OYIFrBqklJ=OgZW+XE_Ik19oj%YZhCK9L7hGX0YOOue6_#yhG&NE#Ze$ z|G=I%^k5z-@oA0jyaEycr}6f93i@3k`u=M=?{;Kj-!_TxHMrtGgStESO1c0+#(pbQ zJxg5zeFvDj;o1gW*8UfNi4P>+0*`9{&|cXayIV+d9;bWz&vqdC=AU2i))+$HKGPBS zbx?Yif5{7tQ!V&Radb+mrGD8uJyO+|PSP7|GrZ~zFgSp>&?}rFUm+#;XkW-Hy*)7= z2mNo;d94TQoB32vO-*jm-`rl$m~Z#U=P5Wp{6>9r#z_ zaIh8ZKiv5Z?5~!N62aFzDX!qtnlJ8fpL)G2ayjx14f73!-H?oilKENG6zcu_IzPWZ zzt!nb03P`7mG91r@@GG{ug;aDpl`23*t~WO6&LjP=hkA40Zc>rnplg0Bgv&)`tSF= z!OkkAAJ9VZ)L$L+L;l=}B`x(pqRM0*X{H+aJ-%7N3=q(>9z6qkLgUOs)B3)SnyOGMm{fJBF%vEA0xPB(|vndKF47fv8p()B+nhkpTfQP~D5 zg`vD46&n5*S@E+@waY5MVNmGGrda6x-u`ORn}OQk;g<^~e+j^UIABxvC#bQl4O235 z8%9Z6chZIT&h5LrUgtj72{7fiq7qG>%3^g0??mgsSXaN5| zDN+Z5v~G4=5de$$r+xltWGxN36OI0(yL^39+y2g6u-O31(>Ki@X5=rNe;S4-&kAWw zS4EVA99Y|`*fL1O6G6BP%=-gig?AJJJ6{+y@K03|S!4HgRM{F&KRAQTAY`%xM{?-M zW%87&7Duy6?Y(fE=#VgX3o=Ne3@3uNG1}1e9^yDn&7fs3(fO)>VD?xdw{!lU5BjhtU4Bu(MR>&2lzk- zb3M?w*$$}JMDee&9&ehUaKl0V0EE>Rv=22g#AAa{?M@WH^-%gxWSY<8sO$K(&YR8;!C)<32iAIgD439iZ^SieXWI{G7z_#@eirRsG&iKL24316OI zd6NGqVOpA0-;wLhj}xe^hTu7a2yuYkcd~9{;@>?-w~Gkl^YCJxtHP9)S<14kI)+>W zf(KSQ9oB<0rA*OgVD`dun=uUeJ=`P47{wF*bWFz|V|)YEgz=>)0U89cSBRE22Ii>N zXjpDPxeiVd;al#2SsGt>tnAyJ8*YAkUfP^q1LdcZ{U<^&)@b%5?w8SQA;tp*m=B#M z`A{Ceq^cdJ(%0wjPVHf2l@m*>)SMGxzR3cFpvJa?SHp2*;tg3$ov(MzUim0*he~J- zLz9nBfR07%e=DjM?@&ZT(Vg+ZI;<=J53`acoi8j4#)x{Gwq@ejrnIa|vq&7wAF81f zKx+Uc75a;f)=>U`lvGH~Jd&Ik$AUZd&8bl$P?`rKs)h)c<`kT^PwSsV%3p8c#H1m% zlge|pRMt0skZ6*nP=id?xbw!P*~U-CBN(FH!5>Y@NM7~o;}~WhLGK9W!=*D77fV0M zGPG}B5o&4oo4aN7Hj+}RZUbc~D;o+irh-p1n~|5XBBv=A9)IgZL)p;FN!y9dUXU}7 zpw<0u{J-dWtEjk|a9b3I;O-XO-QC^Y-Jx-BJh($3xCeKFy9NpF?(Xi;hkx&L-|l%? zRkK#D8e>V1uKK=NbAnQC?*cE@b7}>}<@I3E6rxSkpni7S*27ULCdd9)FNqRip$(Bm zQ^?f$Tnd)m%BoOnBE3csg=5gUj-}|fbzhS7GIU=OJgCV!TlEp-$UYNM?f{ltaMmN& zuQeL+h5wg?xkfjjEYJAomoX7|9mtJ;9%Kf-SPR3+(Aq2+Q4Lg z|6ddV!+X-fhqC!bsj=<*{RO9+%m6Ii`Gt8|@m?4l+6A$E+*Ev|C)&)Vs+dGa1|+#B z*ASq!{O8j+;MEdbR%qq2dXD-p@v4YIgy}tTp1~H(&R#qgvx_95-c3yuB(i3UZqOoB z4eU-t5ywq+N94bUS3btPE2aKc%_9-1SUYrD(=_UzapN8_D!pCnXy4ReKY4c^RT$tf z4Np{9qHFH|D5HN>=_RyZPce?MR3j2e-chz;^UgtrpERJWEa96hbC46nOJJbHt946d z66k4&fduy!B=xy90^&cD-v`CL_avE;vpEQ~I9n`7A`&E-n%5NmPm4r&obC`vCOnQn zw`J{{a|buLqf7QO-fI>}z!Fjvd9ULeZ)_>WK1)2|UkuBhgaL0vlE3xu7HV-V<)WFY z)22wXw`8R+gJa)IefBx>(h+#kNu@*B88MRr`9p%y5VJLqpdg3gL|9n|%f zJZT^@a|FRu?u6mtMUrTmk zYsQ_DZcb|O0{-E>utc&5?5EyoP1^rAGrWLLx_eONruJ227RLKe4M*kDcSs>momUSl zO>0VRrE+|bm}$yp)Vcqam*GI$)Puo(B^MfSEJ5}1zj8Q9KR$9R5`PG~)`3hp5(v+~ zurj-B;*Sq)=en)bOb6Qo$_)F1RG<5k`tbpTxHOA=kC1T&?aA6dD)}N1ICwIoE1;fR z)=$t7x+)#<8%UdO1O)mbE_4|BM}vB-2>NdGgb49Oad$lGgF>Mg#38?;Ocp%zhD))R zEI*GiI8HFAKN{4vGTm}W&nQ^pG&+jv`VyM8A5X7AZKe86(iM`Pr(b{aZzL|-S9@mwDSd>q=D`4*xqF&wK!C9k zq;&k*l~Egc0Y841-VXdf&`b}B!C4XO6!owYsdX;O4_ttmKJIc3pS0I6%^l+Vz6PCG zmjNw8HKK_j3MknvlBW7z%ewVX@ zux9U|(Z_Q{iuYiWcFZYX-(dJ>eYM$rhqaxnZ1 z(=kEQIV6zcKlbM^GzLuC)_HBG@M-c<;c46*zX-n%r}^;GcOQDMHI{gjGWU%|I^wEl zR_}u(eLPRN1mhC00+0g`0|)gsB;-2!rRUf^U7S504&<1QaA5?i@@e>vaL+~C$Zk|x z$zdi;(kcHpJWuuZrAu~_Q225|sMP2r(_lZc!PV_$+%X7KLg472r+dZ*v2@`s<9N{B ze^|sWlRV-)k<)agPD@a~-wwWZsxs_ALhsVx ze`njuMmQK2E$J}Qx9{fFZc|4#TjfJnJjCCKK9d4%9*8NE?NxsWv@2M4k0w*Qj#|}x z>6J+@{$IVa6GzmV_e`avWsJ%k>@B~2StUEmsll{?#fNVt1pJ57OKXaxR+#IlHOW%X zKEaGaoY6o2KTd!)`v2tweDA6%O7a$fL2t+-p8alFzb>O3a^g9di=$$)QZO1F*tSx& zWw<3Bup0ClOom@2hL#8Hln+eU2kTegFOn@7T;-4KBASJw`eU%+-VUBV z-#f-Hr0Py0uY3$=2@<-1xoI5+hkChj;*wdbkl9E5g<7@e#Bd?yXVh27S?;ZSIdjuY zY2s<1Pc7OsmGkKF2Gw(T%npd5nh_?Fp&IY0Wi0A)cu5K&B^ojpIWe>-Rf%1Rl`D)S zT**Db$^Up>P^RQ?Z)`=lAKpnWXvaBvTo7H#G$g^BU+e08Zip_lWB+v2<2aG4@j|q( z!U@XP8Vht6v`O=MD=#(zEyko~NddcI$je#`*Zma^e?W!u#pg?EJ|D<9dfmAhnBS`T z1GIU53v^%)ZH~Zd1nC-6jDRnh;U`eI8DAtm^lX%t_S9Lz>Q(Y4K!3j;=wX={%CG2H zCQ&yD4QKDqH6WP_4}1@U#ttQxV)(;zT{|J|n0$-MP#qTEu{V&@8_k;Z3Kdqh72ZU8raPq9spd=CqTu}RAK-UHxpNy0f6#VHL9^2R+Zr?&B#*%)h!1=8f7a0)jq zbx0a&$MwmmbF4FQEns+I`-4i_l|gK3!S&EpY)?p&4Ex1WP;@Io&wrO-GE&>4Op### zPjY8`DUixqC8x^K7O&$~=>qE5TBLf}>V0TfQ2GBEES`1Yd3(le&$VwWdKtKdYcrPL zKoX;7^t4DRnZ`Xa&9;~IG?+9%Xao3ZdRr#|VZA1+>>^ZBcvA7`FaHG8>SfTbaX9D{_C(qEe= zQVFF#A@F%^b&Qhp?T8p*q5gA;e_+*4K_tMd%?+-22IS42JKEOEE#8ydI6}1sHo(<* zP8{+405(9?PbT}G3KcvCGw(a?nakD2A7k^L&46SRgG^2QA;Xs+wp8VVCRa{I8p8lrCz?aqB#!f$N;xj8M0bLm(Tgn>vHbv1T*#%&e^HujL9y` zPx7Bu2aO-~4chB`pqEUJZvW2-4Psj!_4rpj-p{jt>3=7XLdHqP13_NzvPyRwCB_MT z0q+RUVfhYotVQOV28aiH5MjeSsKV_%t)>+o&CmVp;^*q|I8_P!HIt7dSH4Oy(+|AJ zO6aO4gjw)dWY;=HhKYI3D)I$KM9tT#9Z%B?w@G_T5R3?#^A=aG!0v9{anV^9Ygh>1s;IP21YDS0*x2GYUe}Ysd zp;z&_J7P#i>45w@iSYH|{QJHx_qff)=}}{qh(!^c=DUtKAYYnU#Bl0QCivu8re=6hfkO1M0H_pu86|%s?8=@XOlnFk69d3O!d<0LS zmjAbmc=(>WR5W&`3Z0YkKjl{s_KxS58tDVa6=C20`|-Z}{ivEwf6dMAS6(M$L4C0e z3|V_4=3u-opG((#>v-BsjM801+{e`k7iVq?bo^Ps^B`>ozo>($Y*^b4L}c3YRv zQOBN_E%XI~Q`nRqxBpB{sk*{|V?(~m5C6;k(JrjNeqMBvS-e$tPmr^sc*0HhAywM@ zE1+oBN#iw6u4e{MFeRXf-IwM=>VNutq<%1~$PqgDL<$uP& z6V3AJw)~}g$YRDVvc+%W#UH|EPM|bZv;4g;T>9l_Qt={{D4#ts-`Y(cJwX?gpEb z7s}TNz<1jJpkezfQ}iz*lZ?yr+1DJYLCZZ4AX6@8&VuRto=<&M;H!>?Q`4rcE89JX z&hi^sM?bESOh04S!YevtckDz5@VAIUFzkMCTZQwV9Ec6E;qmpGOJ{?CY}S{~;inMt z{cH$h9(BxhmLY3HI_~KB%I9i{byC4tcGxx!Vy}Jj4L^O56@34?@1;2Ci@$$LuK@kycv&RlSY}}>+&Fu!JD&u|*iiuYOZn(M9+`sGI-s zN`j@AyM=5YBT~vZH0g+<_PZ~Kp&RJ4_fMWnPblSR+qv%O8}G#k(p;F813Tly=+L3X zlobEwM5spmwg4c@sZ)5>xRsQ?)4Z?5#Pg2Tf=UO@{>^ua_I}7+gO5z9)&l%8L-|%U z+kU8!{|Dr|v$58d9!-Y994Q8W)ToNEtcm~YG_*5nhB$Yr90M19`;kAo8r}mb^X8OS z`$XE+(J#8~T^Guy{F`6B0LYbcr*s28a^%&0ZVmObf&)CrAM(={!r z{CK=0<}C1?I!Ytn9rOTttvwG*2aUdeI5W$E+)#@V1Yu6XhdVoZH!?3{eeNM(lrrEk zpzYtEhzGOOQN;4TX5=Uv{KcD+uy!`izKcIWot-X@=;z9!G*?Q3!+7Lzq{ZxOxM)sF-O zci%Qoj`%$AKU*=W$0o|R6OMj0SI}=QK6EQkbZ;Up#v3d>e;hnOlG~EGmn+<{^M1=f zoM4mi!iaa}JHBcY&&iADQ#(+_{0fn^Fj7+7{Rn~*ni7>X!?p6vc&WNB@`?&Jnn2`r zojet<3Hp9Wc^n;bG=w^eOBRjJxi#cxxXWefGYzxvS4Md1==-BYL>QqvuHWZ3M2$CF z+~Y~eI&cTXi{**L9y$!cyxB*G@dgy9x4tyg3!!2yFK~u$-a%-P^UVp zP?G<>Me38yw%f|7JkPMP0)U+ZiW!|1ep5`QsPd7G{u2@L(UKwMfg(k2snj=&iHXVR zUHT>a#l)d|abgLKuS6fbTUXX@VX(08o}R)--n$JZ{zLa`3&6iG8!$4ErLHHa$05fO z^rNGqXQ#%lsnYjBc$rS$Umb)J?*F)QC=kN}(HB@}yuS3gACMeT#g9!j9}cE&+QHm! z^xhv^IK&aJZ$g&f5)_s`BBDTMpH4d~2%BWkeum?0SH$ugSzsOfgXKoEJMbO?R^m$i z#JSJVRfCJd$eV6A89?2Ql^4}!0Ogta{q7pD%~)6+5r{J8IknOyY;4Meu7bmCG^olt z!9imMtIPqsc{1u@_DBCL{ho`}-sZFww1v3NeLBH%VEeHf%q8b6?^tB?N65eB`CzPi!0*k44KsrEQtI5(S*-sGA zKLJ!*)0zzG8U6VW#L7Bd<-Zfd6Ugf<=yl;8bL}5={F2yqO-#ZZ{W!{V;!abGd9P@Yxp~7^Xn)O$z zIQi%zd@>BxM%?nT;~=Lb-XrConXk;3KyuS(;(=vSr+HDy(1UctF}S=9lIAa>h7cZ$ zqNe$fA~bGO=<*rjv4;|^IIVn)m)*ZLNUI;=0@!@wx(-N0MT}$gre#ta1%vd3>rWIu z&XskUF{@+41^wKd%{9o3o2eF}sfS342X6(lJA8>xmZ~QR;-fO%)uM~ou#>Lkv}~|^ zAN6cpd}di`;mDoZRsn8hMhF9nd&GPnqtmS8<$rutu>3gzZsc7s9SvqJSXns5&C7(k zg}mu^oSHMdqDf29d-`S`nmIhC5FIfL#2nS#^ecL9G;Sefi&-)k01Y#d(?}X=?g&lq2oUzcW9n%yz5m?aAZu)|4&o5<5>a|m z1;d9*S`&S}mA;&Ijo5-C9oK$S+cs^LDwh3EYTXBFy_Ol3;pXBc4r5$H?NUOL6E{&Q zxgOSPT9N(p5*-X2xh!jsHewFLPbE)p=(6tGWiiF%P^4sl($#8AFyo}OTMS0UZq9n_ zeiTIrzZRN>zCnEE48C(fS>1Y0z5;|OGI#R8(`7|=oZfA9VRWJ0igraOI?Qj;h}jKX(OE5%-TcuBFl?231{sbWB(;#?vRtY z=OL$jd_((VvS#G5x=3xRTq>+V;}o%5%E3B z*>O_XIts`Z9UEm1ByH}jksH-DwlOO52qhDVt1#%J>Z#1|02s=openN2v$+{`cjI=Z zD-q~Y!kf4%y;6$DW3prw;Y#Jq*-b8h8x`CXXB7b*@r#gNy^6zyzuN;0>&aBD9*TKL z8Zah}%iL&05#->vdT_p!l--B)Ey-ot4;B(PbmEskr58Fs%NiwAT|QvWB@7GxCZtqY zDH!Od5>mES8!^MqI`FDdd91WuMj7-_{#k6do$ZoJIlC~@-?r30kNLHMPe-QwMDxhC z(Kcf1<8*{S_N#h#vCDI?lAk|KZ9%7lH)SZ?;=xd5Pf(?)xE1?*xGJr{Ld=QkqCIOa_P*9-h-LAF_#O_S0?c$-`386;kor zbVcQbwsngr3)qP6)^&D#OOuR83sN}?Hl$CGCbl(3cSpXOS!Zf_KbLxHFD+fln@sI_ za9~`AaXdx?)K;^FRZU3$$a&GxE3ald^C%YSv!d2+t$e z#I*wy6?wwi8=e@RG;GcB`KhO9hYKx|>CTQP!SmV{RbghRs|JExb97K&Wtl) z{@fGPxZS0R#{LiE1s%O zRq>pE8v>SNZ>sS}U$N4OTpm(xt#ygNkguxdm#cOg2H$|l!JB^^d;96}6TJ&LPsK!n zq-Hw(f=njQt{=^smr8~}xz;>ULsyeV*dAJ`gVe@KHAl2qSJys;Y-KQO_O>DZSagN^ z+l~mM90$b#(U;$lZ??8yG9jP^%Oos=enOLe*gS`^YfsE#`0xk7+XYF=#T#(0+HU*dmTKdsv~U3 zoKqwqH>Y`1D5|+fb$N?hQQHUoJe($$^CUh_NJ)ChoK&BH0_Y(d?$vMAn(RG6vP^ae zDQR9?S%lrlp__pq7s$lFDYpZKGf&E$y7R?3)?C2ftT0z4k}afa+BWI^c3Zb-Y~Ro; z&p6YX_J+c@Wzr{QTz=X>#rs$8PazjB0YS!|VP8~@N#&I6w5~S6Mwq?jrVX-%Q96yB{GLMq&5B#`!ZcK6ZM5M9@~wbM>&nlO zC_we;zgsD9c8v?zg`KcNgB@7TJ}JY!2@`=fF~(dhyASH7;&~Bmu(9<`#FcjXWq;Cf zpnbX3{g;g!vf+X4_Sky9orY#NN(r(Ezi9mEde-xc=vVTk3kP#i|2llcyF$I?f&_7zb zX_lT7;IC>ICSAY0j5H5~sQJ4ddeN!GYtY8-q`d6#&@76Yt6l|3@iX{vY9xg?F7112_sr7IdSS56TD$E2fw+xd2i@Ge zu;&_vhDep2>?whP?R)o`<983XcTe>7b0p*s?LNbbTD^Fir>;QGL{`IRMjHfwLv*PI z#G}^|Vem5+#i{JDD&+VWk0Z7O^KGTiS<-+N(NOLeC>IA1YO;q-wJ=i{sL=1Qc%R{BT^M1gzOFTaW$PX zP3#`1HERh5oF4Ob!SJGoH&-8WOtzii#AHY_XVv)7+Y`$$z6?C7qh{On@Mo`5BU!_9 zmG(+MPBwbgGGm+Cw}iMW{rTE)is>rk*m8A84K!L>n4MAQ^OciUJ~^f(5-ct%b-z!E z&;9>x%xQ<2a=>#gvkaOGuOf{GP^ujXRCat&CJw!;8`|Lo3IDOo|G{9iQIF_;Uiz+n zDTg~b6g3j#Z{Y&)a1f@s;G(D9CDhffq_u8L<$97zmP8tTND#O6&g!ld)lPk>G@WpY zP433jC$6AZPHmg9L3}Y4xJ+W;D(SR|I=3iarA78GoL$+-7YJTRkAujISfE6K`1XdYqQYSJA`M?a|h9$(%HK%@_m1?7Pn@jj3h|uRK4R(I!(X*H4$K}~ z_tlw8)2W4t2XQnJ#FSUdR#;SDETA zB>hHWIdqxt5=iS6@vp?v3mR`T>U;sKE~Vr$8vC54d2_}$aS1!!n5t$+w#xLxeB!4j zId0QywW_r4WcpYmt^?o6s6 z=GH{|78g*9tfOkXTF2Q4Kpv3_bufa?(G1i$INvETrAMw(JMTUSO9dY zF59#0;}ahrFQJGhoHKhhxH5AgJm%^em>m6KfN1dhC269>2=N&&Y0}!QWnqm+Q`4MM zeH<{T+p?--Qc5t8@^=x2_u_SfFWREx`;U0Wf#$AUIxWrSizbx=B+3N8+(KGEqG-C;s&o6%d^_~c)A#CdWsB!(^y5YFMlQWprtLez0`}n ziUHdY^Mh-q)wOW&TNpYVIi?{v*wZ+07{VsD@cDZxKw=}{q-=-n)q$2vMJODCU22mJ&e4n`L-)jy zVp*d{AIr%FH5g@v-iOBFwQT9nx_3dd^$2jh{smH!=HtEfnhOJH}!WCt_ z_7E4Lofe4=;Kr239>Q5Ggu>R`<5)0`0?4!^A#cOkE-tO}?Xj+;DU3?vRp|J6(#C;< z3O!rF!MuR}Z)&gYb~gh5*x%`tNe6bkCmqS=K4-^{e99^g>AOrOOwl_p$NWx1B0Z?{ zlE15*w(GU_m%mH?bVF6n*swHX^&%)c&*_}~I<(7ar(5f;z3mpTiD_WT-JrV=W!WC$ z7Keua5#Kbw_9*8LjodgGAzJOvshJXH!dPqaZ@01jP|2ZyuEO7XAI>QVAn}@>x8)Lt zTH)Yfccwh|7^@lanRku5qW)q$9pJ-h~l)@Z5ei_FA-D|M+C%=5@iE=?FY`5@u( zUD!RffR3}Gg`lHgEu5LBS)dLObW_<I6*!-G298DyYUKvd^2I%vg`DucW?Yw zX6F&c*`GA$q`(zT(Oe~>3L8AXbL6UT9Cs*ZtflRg$YG)h?6u3Wx72CMdHdC@(*AC> ze;ZBVR=|>5b>9*I7`$uv`&0pm&|X0=gxIR<%xo;!=h(qzS1UB;FrQQR!8PdZh*A@7 z9;eyP(gaslQQNDSAU>&yRrZ%K)~Dyhn{)XzOB{N$52>;AG8SX_U8-iW=?(dbWhGLx z92&Y;aZyZ@oyt6KZec6UmA_ru4n*wyN2ED!GoR8RPNx8R1&hA!_F_ZIVU%l&$Q{c5 z7&p$8a~+X^L}U#)e6m6?xhZp3;xfOoRcyE&zwML2vWBC$Vn&M2z^-8?O)r{Ex03Gk zUSEC4o89}&Wv-qDt@_xs&~+nfh`aRSOuxK3jEvf-oNk?zvk*JDzOT|QA*^#ZGTu}! zek*Oi58oArIliDm_hVFW3q<3Pk}%PBZDqlzEjQ7TSw`=3T;;uQ^Ajk`4sETae%MLs zBBt%-z;f`Gy?L`HawxvSM%?Hzj~{mtQ4R?t-_+|rm4h(s6P>*FoNvJK()32LWQ1bs z`C8gu7~S;Aba9mc9LeeB^sA!0$hA)j+GcVc93+<`-}Bka%DD(Du&I@Gje|PX78p91 z>btozUk2WO^(n58VmQ}?h-T?P1#LeQ1amt|N@GA9*^hOio@idk5l-=hE&Mf8Bm}p& zq$dibs0ys@Yh%gt911^0T=H7@wv^3n5q5zR7FUn1_i^g%SULA-LhD*bwUqz8Et6U+ zwfm5v7E|^{(r6xrp%Y`Za>rlZn4CBSt+urtK!c%W0B2`0rsT~}IMrIfNQ17g?V;;N zMPOdu`lGl;O7ZwU3*H)TdWTA^1#PT?1${vjK=V`3th#JTapB#+DArOb<7sh_tkIdK^Q!Jc2byGP)7f|=hD9{_Qs=E;rPo}uA<-{p_uG~>bIvU`u|MN!_ zB~1~X!^xuw`Qr1Msyx97po0^@sWAQCCA5u|ulN3QGIY8X)6vED!n_|+_w8^mo`MxRM>?B%~ zNU!T*gHJ6*$(>WBEmwfs(PQ|E!_b9MW96W%LLlmW|I1Kgp^Q-=j-i{Y8lNP>U~gjN zlz{v}FQ+Vo@>Yz;=35sq%;{`#0l$GvI7vHq>`T=ZU9g}?6WZDv!R|UvZI4s4d2Lpz zlV~;Iqh_o;D6R&|sQVKJJJ=5I?PXjU9h7R}58L?I`-dt>5DTRH@fPsDr1_zU2YOJ< z#cBIyBAOhU6Lqo!Ezx~ZO|+kkkG-Q*06*5=C;_Ajr;p!qU2Ig+f@9kCtIJ510X+yq z+b$+NTpx{eewqu=g0e2hrLg9}*)@C)Ev8GKK^4tkN)v}y4{V?_ZlB3f&^y8(I5ctE z(C?V&)WLA0U*zGxKnsX{U;&;_->V0d6|+%dc)ANt&5I2g4cXSu-q_1a?xug0@|QzP z@{AKKwxAbs@2&;X*;Z@+HN}hM4|$pNP!Kt$6xO~J%{3&uL~1LOG;}Qna5Nx^hQ|j~ zq_tKHavjo=|1Sr`%c;~{)p>9e8g)G>1c{~>!nruX>SZ{{;dZkt83e{*h#8I&%uR_J zOLNOlvpH=$em8W+0x?7O`xLyIR4TCGz{DNWRI-p>7KOrjJyyY_B@tfP`T8n@k=JAwi&wf0;c1-6_0du84_dEPnfU{7 zvTbL#+JPB?K?^~I^ZzaVee(c#6P8%r>wSZuZrYCGgi(G2!9d159}H;!)7h^^nqK^b zLx*J&k$W*g#vDruPg4h(F*rRZEz^kcl^zcAek&!F7_Y5wxLu2KRs8LRD99A}FWvMu z*}yKUqZcwXUiQ?yqS11b2n!LeP1$O@?O9<^Ah>t%N?Zz-iCr@GWHO03iGU+1&8TRF z4tGDV*IkzLf8RqsF8n(3k-A(H;6nkr1 zM9cddVcm^E9ir?(Uhf}OXsAo1A0QNl0RjvjZf>WAnYWgS!!8DyD_}Lj`l-j&#deo> z;8Fl{CsAX)7;a&H7_lOb=+GY=Wc=-JS!3CpnwXKB0=#Kk{^tkrPHl;J(Cf_IF+pd~ zddDLlWzGE?V@XV(!+MzK?|HaCL5{9O&hk_MwUURPtq?-{^~i7ZJq=V zSGj?$KMdO!T^V(MjlQ+U(89&-E1@mO9y@V+GxpQ?6a(WS4ZH{5-*zA7-Hjvu4$&VL z7Vd$Df3`o9m!qXIh?lgNoTPW8DtiRF3>Y{woLR_g^NoDhn;y!l3~uvB%TGYS4B!eX z74%%r@c%^_Uq1v6#B#$ff0|+Y;k^*=GG#P(w6k;7^_Hrv1p*#6=AF2yfy|%IKnC>- zv!8d0xz@9w_(}&n|F}lvA~5iX`Uw^>#}S6E-ojIaz4S^OG}84sEtoDdM?tU0=rY>^ za0n=KQ9QOCu_aYpAtnc)q9x+OjmU2TF*O37!FHp_V|syMje&ovFd&q_V3-(Rq=PDl z!c?cMcDxmPhL@J0v=235nE+5e>CE!@0jw zeLqq>o#;XpB*??Dyd`E1Nc;#E^XRo}gsYn!rVRYYS4<}hmfbC(Y)CI;HubbkBnp>M7NJp*#z-!9V1JgVdL4hT)SHny^VCW92? zgODq8ryj_g{WuMOak`y&lV)}nx&NeH`Cw|5za*<1AsiQo;+_+v&Uq)RbBf$MJ$yLp zdtmH;n&9^@ck^owp7`7*w4{T>_#t8DG9i)zs2lq_J)?=SSv zsa<>hH@I;*+|+&le68KW6ek9#zmu}&&6}PyE70yEpxzvI34qZy1H{;5!Ew1G?tEs? zjPL0ZeFVz4-10t5e+UQd*pFeRhAz^hl1wU!$r_iT5^jJhohlx}J z3-r9YGSWEe{4cgv3oI3;(IrJIRr2DqOgya)LBHW7gwxIzOW1`C%FXfdxYbeMH6htUBQlXIY>?$T5>uibYCAv~(S(L5Zu8+1Vs zv?gW#!=mHSZ@=6Bn6_zVataYrwG6g|1TFSx3f7)M=b#`@?e0f#ylJG66NzuyNnXJA z3r(a#qZ{0~ir(Q;mulA_WN9@n*_jy@gA{nkjY0jQe9Ao73po7GQ%L?Gymh$NSm|uX zv~f6STtp1~&HnIov0N2YR`A)b40}hlWm9y0nYb|^OVsQUMAqg&!3_$s4m)^%7wU&V z7|vPwc<(@a{@d|}h2}}Sdspi!4ckci0mncpjz9}&mNs)Xu$xkMY<-EJ?zb>zgO4(DsVoh+ zZ_Cu)TLHL^X<+2z?j))rI5(`3q*JNy{r4BOMl*66Y-H zn3ZbR$tP_J7(646A*lWj(7ox%^tkm$jD0ocUM;LcdWVu^%kYc#`{aTq&$%1M0)we&-#=Y0VoNs)F+(ax+dz+UKDS9Ge zUvxCgEP6<&1mQ3cFnMvHB4rF z!Nj5;VnA;pH?ovqbUdA?L;mRryr?(S&-d9Q9G%`x^1p5%{<2uZz%!u;6{fI02oMDO zuNPx-`_mGHfY{Y*5P{y}q@*sJSwEpAP z3{TEX8X$BlU##|`%86ZNcKk>dtFpZolW`){Qd77$myh$iO3&1DY`|jtL7`&BgwK9f zR4`HWf|e8Z3gtdyz;?!xwKHfwei>Qn>B&9&hjPoQ;`&jrBP1yWJ=A$bkVB*5lo5~P z>L_yk?qxY~5N;qpe|Sbju6#~%8h_7RSRqEWjJ>dFI3#V?(##qjUugF9G-bU&dMSXduS}2+DAW5yp=VyGBmw|}ft+!|7!*LlX!>+eLuMeQk!L9eZJe;q&B|^|1srStq zNm|BRPossPM>AFxIOXl&6ONUSr*W{ zN&UQKr+-|p*jb`Ugjw)$laI-*%roVk2{|g6>%ZvDpxgT}_0Gl&7ezEiax8I5 z|4^Dyn%;CK^L#KvwoV+DUc;+~cTdZ?-YX9a6(V?v@$n*5XD<>P9Fp|UW20Vn1*1+% z$Kw{1F2VGAHV|E~7|lOK3~XIvwx^mdD}l6;H_T2P3eX|s)Jq*K=1&44w9x%-5=dmc zC#?Ei<*pGEkwNd8c%~`U5j-o+(Pce2YiQ*!;u_n6V8kXZA z)G-?L2qnyAtB$%DAnGtv-U(t2aX|(H%49@B2@p9JBWg|Jnrw+0X2S;j=E-n}1q8&o&a$ zzA=j#y`Lcuu~T#wNH>#rbf3)i7b^8|a1kco$A9BBKauPTkPTa2sT?s8(}+VWY)%39 z2CWGMVg(_{lXvQ*OLQEmP*$v_&bafM85=*(c) zU?mi6TeCHWm}|vb(0LaC9b27MoJH#1`l)RtkwnVj`k~-(NuZL-f9|)W$AzvH`@gotzwXH+P7&0Quy6*BuRTuk`~iWYD_4q*aRr1&GL)T!D;vt1mB8*i73a{ zTa%e<$1LAi)>Je%P5udS_ffy+2&W*_kD~|)rNq=;{-pT+YZaR0#qnDH`8V)H{SbHZ zJYVOJ&zVMYOuy$ihZvGi(P4$R$XNeeXA~un1{x(RaUX z1!<0M!v7~<^_Vv5s?Sdu=$CNRNM)sjNTOb(Bm+9gh(;70-{DGa>L*lZ9Eam=V^(sU zz2}4rfy@CURGr{cG=7MTj3_8l$`8yVQSlmLa3-keDJ9gyd?`ZKi;!{4in55SzCZj+ zbRB%*XT-qJiRzvbGwzE?pNKvn%u#L7mad0rVTSAUcGLmf_ycpug^y=;sxD?xI!ERN z`31OYeos955m|-*fKEPgY^ee}8S(4Kp9mHdespvIZV;I>EfC_CCGV)byhAx)sL|$% z#A#xfWChXCF!lE%Kt(`d`5;R4#$yx^N~Ix=Z| zWFAJd)tYd5_|M!#)u<%9q{6#dwC69&nAZN{g0oDopnxN`7VmU@8Vm11bKsAy&p4m7 z`iGtl9trcELtU1*YE6VfxO7jMy3012_#!1Mv?*pU?Y}Zo<%%B{;t8^TF=-0LYEg;+ z)w*ff<%ScfkuaBJW*e9Yd?gc-tK{ST}7UH`ylP=K)Y=d%HHdSrTTdGxT zokv3qQp1nN<7Z2;t^WXi&rA%lcYi4;2w zyfq-_FT4#5ZENgVR)|v*x z2Qe=)-XBI&w^Ywffrbj>Yz=3`rf`)++^>Lts7!H6|8B}U58(KgVQgnIEEdA%ikM4d z(H{Q}_eZST1C3p8J1EjOh91{Uv;*TP^uow(vVRCrK4!x}xQ$MY!3y#F>UgK1j355z zm^RA;_KoUy!(s1ovn535laD=b2+0xW-c#hZKO?QCb_+c{FCT6$qLzdqMELqy1fwZG zeho}LYNi4hdKmz2p`T_i-Nl`hq#23nv~Xw^*xl0A80AqnSmr_jdel~Q#TT3dnkSTa zZ1dtzucrzB255ze%`7IfT<&mWZls2smsjGpz$+eMy>+cdyJ zi#y4j>~Aw&F4_-yI@Yb3OtmvSnuY_kFR+4P*GK@tlgg<*%`u>lSWu-z5m}-rWn4bk zVvB9Ui-{pnnC>^c*EfcN>%{a=noQ#{9N|Ht^m$g4aYX&w+nq^$%n(enT*?tP;Tq#J zivNeHcL2`h`@%nyOfs?Uys@2$Z9AFRwryi#+cqY)ZQHi_?tFi{|J|+Xy47{g?W(Ts z+o^Le~1h#EeM=>NGE#GHhZiwMTtr}Oxy(+PlVLIEWD$--kpGjdzN2&~~dD2&A~ zfknhv@@&6QP}`hBd-qn)kzu5@&{^*U(eit{48CjqdaBLy8r}|8UJ0#_-oGj{`M*=% z9%6UCpL+Pzn~t*U|IQ$kU+0u6S-K~`su$}A=rZxt2|rSE%Ao8OA6hk>7$%^_op#V69vNoxsjnN1G07opV?$mVYx!RVP5TX77ia=2Nl}WW# zB_H=(l71+w1p&m)%j&;Et$!^5*SngXm%JeHxS77B;&)N8Tsf&V$nfMx*4Fi>ZhT2 z>eYWRlutQ(ojoW#zczY&zgj_ll_LT`An)WJH?YS+Uyex$zu)b~ZTvppZ=^nJd&u~| zo@@1XbO?Na8#}kN%sihXJv3TByFU-?dcJ5Lu3Kh|PYi($-DiLnjjFn%?!rvz>&oo7 z_AT|fU;6j<%xym%8@PBK70eKt{~C#1W`p2*b5(Nm*8VonCOLo+bA<|YJp}e10g+p93Q7BSGi8)1w_-r^lBcpQp#!7IQA+ z5w;~+?U-9xUyoH2TDfSupUL|%J;HTYXrg-ds#p5>v7(#TRi@Yu9}gm%DS}k|>I&lz zA1;Q=bUIubpT2IXa%#6J(^>QB%3MxTW^!kfRN0)xETzuJhy2AX6f6z@OStCDr#syy z{nu^af9->67N?(%{8a355$Ap`=XnOz^EjTvI8P71SWM&TJcyTLw&9Fvx_ZpnMx$97sw5%9mYv!|{hAYQ zv=slWC*CUYH=rkJT;iJ}Mg6|8iEX;W$-%>FNs z5@v6*VYm<2yPpXZ`+EimVID232 z%)rT+H1$Dcu0^W5MC(E_jma4p##8ym<|*3PD|06)G}=j|-Hgv-Xt&~vxf`6tQ?5tn z@za4x*Q1l8QvW43J*3A>Vvr*1ZuM)x~4HR(1G@ZX`UNSsw9WA zye7(4{vd7wzfgy3&(cZo{$jd(`Co02kNc1}ltQrRX_(IfUF4&@eciuRc8jPQZwy7N zX~%RDeV`*vHi^d^q=`OZ*jWD+ix>hexvqKWLK?n^YkEc97IqUX3}DEiJ?z5q|8diq zyW##-(r&;XxxjUx#8Rw?bZo&!fc^k=_gK9Q*Vs=J3`8U5i>XcRA;+HcBN_kYfH&(R z4?}B=Wd(`rAyVeIy@wq!q&x|!1khXhx)Ynn%`u%=y7smB~Y{My;A{zQYH(DXU0N@&|e;j@FF=Ru)_*KkkxD=t<;auBhye`1L&w%hK zffSl!n}D+}0v-fTBDt2Wm;k`8!v4XNZ^Hx+#xyCwq2e)ls=YKQ08&5{*5;eXbH~u( z9H+(bqki>gbP$`qw-A}yR+9pjNTs&$hcmuBJAHZrhH)ObNI~<$k<`kfx3Qt8XiY5lGWF-*zbHM4K3 zx1TXILwjQ(W0+qEk#LAPn=e0`uz9zJO+K+Ye?fytouc_@;Q+noqxy0rJwxvI%A6@v z;D7J=+JRuMLz0;xI6Qz57vi?a(mDf-+@&o)BSdL`zEPJjf8J~^1w-c+aMBDhUU8JcrzCkOt3u4Z}NzU@!+92ee9gPK4R z1r!>7BBK;T6-C_{2M%(&{U-jw-`W_Le~oJS<~^jKm=k$~AAv{s9g7D{s5N}^9D5{? z3>G?^gITI|MbDwN?@T_t;<}SV)#^7Y_yB(A0@+Ci_<1Za6aeyaVoh6{FA-7OExnVYAhvzoapiN%6>p)n$No=WT(l{meksyU)Gt~kf4_u_{$&4 z4&JMR{Jy*% z(+lxKK7I#E%Z*WQPqx(!=rf!hs#r{S-ASVyP6^W`fj?X}1EBfQ=g(v>FqLgTq!(H4;EwPtUvGfMUUC zdShVjkd+HdTNjtBL7r214`GKNY$FG3i_5|XG{0}eMp?XEN~o&q&`_4=$FTF4=wRB% z(pUPb{}E(KP_oK=&k6IaFzYwJz#OqXw!pSE=0AS7N7TM2y_A~kULFW=N%fU4SUx3psb?95 z-NfbPKQ^Eq9?93)wI=n}&eQ)Q054UEr6mY`&1~tT?Hl}#J7`54o*==3JKdHQ@a`MM z40zLp^lcg~Ea6T1Rf%>p3R011mG~t6F2p(F#zXp!(Z=NONT1hicV@s{&&#E<_44x^NzD~^{CQ=-GDGCkJ0zQib zZsL=FNHTwX?DhcXi^aKyOpA8;GFM~9!zo)hn;bTBc1#GT`*+G&l85qLuwmP8ym>~J zRqHh!7!$L>Hl#80l8_gFxh-e1dW*-%j2t6w>72zOUFV&XEG-l9tf?`lngvde7>-=G z5tqYunZFv{ES@d0g1!7cr=IwI#t8W}ZWDBnl&n0s3DV|^vFh$@01sy+{dA7%A2hsH z!$yER++N=E;DQ+oLj%Jwhf8w4?c1s&&RF{fy4YGpyopcne~6QYnK7+|++VF61;=PY zIn66hqsXw0Kq($pQ5MkK za2gJ#|3vp{O-6%7%_66xuj_7eT_5`l+9=Uzdxnt}@ppV&tD{+W)rJ|Zty^}#@`+r> za-Ts+=;N(U;A^azx_Q6dll2`Wo!z#iLJRMUH%z3Keen~t(5jQeM zJ1pQ%qc&-O-oc$};vF;QIYf1E!p+Z5%w)~#jHVs9jdPnZ7u|dkl=4#Ws}|W<#@!^1 z`jo~JOnrw44Np!(u@JEeGd3$@nw!FT*_p>yZxJr^&Mf}&F-NSxBfZ>K+M7uGK&t+BoYUq+{d%!8FzIVr|!+`a85lIq^7q{@rr1e z%gU=bdE`Oz@~fhC2H)z2|=XKMJv;cRj_}HImonLZyFn0GNoA6qs9= z9vQ!ehR}n%gdXty|_28Ds`x#M|ma@dT3 z8ll8f)5Szusy#psDa9tG775588CU~47!0(H-M816?OE|S>5eslKOJ3IcoDqUx|^ZV zF&v)214tYM96;lOdshY^!6kLCe0=PbuN>XeanqbZRh`>->7M^W-fo=JAd71V$A z!G5O)IvmrAb&j1G%W241VQ8ZUR}18~LKqi=nGvQd!-ETBubAx&&5T>go87VH=d&5!bHQ z<8*9tbg^(aI1F1UQNVwSuWaG$i@)K#a3!U;C~F64KHq^2KM|ywvbcdp%%OZ*&;+dh zbaC+(TSx3h+yz_!v{CcsP-aPX9F}aI(6mx3=NzIQ0WHqVK*(GYkQt`UKmz}|*Qzb?@ao@{-LcR}U)LG!(Ud4C_h zbVl8Hq;5aZcVgZf@?rjjec3%8vo)*;@w&NgZ1pBrKJ4lhF*UD&(8c+7E0>ja^`~;u?-sMB`RU@Qf?~|y?mK_PkG%et*V_Fxjj>^M zaAc2WW%5hAH<$cwg=BWTcVzE$ZxOUjyZc@|B_8kAbiYlmE9!fK>7XA&C@kZ)GqFl$UoBY3m~GS#P0k{{Mj+ zyuGIy18C3&?KCbhmP2I?B|*CFGFksJ)gCZDe+rql%ds}5+21uW6L~3Ss4_12ARX24#??5HheO$$aw)VnYqe@{RN@P)+ z-?-yr2K9E>Vlq5<%WO?GXnU;(lvM2|LS^co2_)i_NrYkr!uYGU6dlh1S=^U>ls)(0Wy za5r4QN1M{ypml)r?+l}z4hkDqkSbXkip3LA!Bl&(8fAWbF!xRM-^#K!C-5mk? z(Allw%x8HzV@QhJt=QszQ7*+F0<>*mgM`W~gZRfYQ+KhNX)tb?guVx-VJ+wMFa4^Hv&cruXjEH1 zT$r&`v*)dLF_Ze1R8v-V$zP4|&Tj?vgwo7{BAkA@$4}RC z2eov-1uL3#ysOEB{$jE^!T^h~bUI?lTkK4+Hqj(4kv36M`Ty-qW86{5^7{~Dh2c8!?93znb7yWF^DBaX(6d zq+PNU^Es#S_TqX%Er~d0#wndb)$eUxB7>qUA)_JLgkG;akCrghXf!qVLKmaeCRcy&7)63+BJ@CqMc*Hd2y{dACAx&1$j1_fstIvoA>iuZu()@tM$NP zy{=Epb%nh=9o zL*YsGRolWpWZ1_sr{pyvh084yI?!P}ac;%vF!25O^K8!e>Ynsjxek+%w-$!v{mq)yt{nJ`$KokO$4} z399p~{;KyNip7*xjK^;XLc&IvR*ia?<~&ZdH=?btNt!&!D7)_`!u95b@#=ZM!&s^* ze~$-y%&Qd4_0j&Dld6I~yOWMmJ=;eI?$d0V?TZaf;k(Ls1hRqh?b5zQwt)gOccZ1T zSnJNUk(Z?M*Mkd+0np#mJ$h6LamMD2Vt!zYZVPB%;a=ny6C9Tz4i3KEjskEn>^@9F z8MI9y6w%B|E#sB1AL|oM>W(n;jFk38JGxz3CxSYJ5tvL;yXbldt- zlSWJ$M@iN}D^*x`bl=eK+U{N+)f`*z+V1&6@j%^XBbHZej-|U&NfIGJfdmK;5p+Xg zNuaneU&BJgjO!$3#}3IcQh^_`5Plq1waHgHIl`}AL9e^>t)V_X4|ei0*^x!upRgp5 z{-rpsF!M5;X8$gq-HT|fJ}Q`+Xo&P}pwI?)l1$qz|J$N;aS8ma1?sT19MZr0eXjt; zVh3}lQTlw7(=9OeG(5!lrp@C7YXYT;KMLR;lo;NY7g|G|XL6$9g#trZ1*1v(+mwEW zB)vGzk4mG$W=``_(R4U2e2k3U-5D_14pAh3Pffb^5$`_-7rWSD(mwj44mbBecNFX} zcl7NfZ585o2y-#87-FN2MO$(0Wz0$)$Svnr zptR@qJc^{<>(t420V1|qJ)^qcVGM;XpVENx4IN?MpXfNm$P@*vd-$y+m>)mCFTKSu z_^B2^&_@f{%7I@yR^<`jjn^!8O9Yok+{KKwr>m&WFm*LIzc1tjRXd|=Q{()j$*W7i z0V%&JpS}J-&*mL=Ev>5SB^&)-*nwHj`=myTa%bMo!>Kq##z7sU!D$PqQJ6q?rb^^) z3ey>2qHYU@=!!71)+eAgR?m$+-sO4dq$O!LCK7->gX_}N`xd`it?6fy5(J^}Ca_L5 z+ysj@AlOM<@5w=Vc}#b(xP&h=vF<2R#Jy5eMawZ+v{#!*J<-}!^S!L-xiChBVMCmG*#igKt`osS$p(Kzg4u#y@V;Fpegc9O-hzx zj`n1GbssuA##cijlc;Xn5tY*JKPqvYH-E6B61wpB{Jr3e%S=q;sC9K^ zBFQ2*RT2jrw&*~E1o>D~o+H|rbxVr)PVEI*P4^TD@c5p|;{005An$pa5TtO`haZxK zsM~BI-9Mw?UBVIgwwa@opH?E7!~Qhb911gky5G94$RYg#iftjx3(I+XxsCa(h51YL zj|Z7dE_Rn9f(Wr&_PqI4cY8opNoP6%m#Cuu*R15|hh^EUR(kT{5;yxz&)6SMLtb=i z^!c2aO77fRZ`Hm$MO-nYr7GWz=#*NQ9qpI=_zfiM+`LBCW8(@D-FQT%{brK5Xb4`28F$Q z5lR(MVv=4wam6?0JXCtnK1HZoQiuJ`M2N^bLMt&SKzK53evqP{o0pd=n4%G+A&Kc} zJh&iY7rYLbl{UGcBy$sMj}kuhfHIz##ihKDFZINNz8_`$v=9361OeMFxFAz-*H2wBR`*FA`xH+Sl6+rTrMi^6`Xm+c0R9d^chC3ms z4B=pKI-^_#F!n)#v+ZvIGQr9xIZrbvqBsq}-srfHu z$;@O|w(1EcDh+-hL|R#reE0g2S!KoK+$dI0GA=!CjHScadE=i03BvSBN(G;kCQ6cf zvh`l+g3rj(srXE%3H$ViXSasHPT^$_5^7IfJ9Ow}OYa#@KPQr*ku787H~QnS>V;fe z>)9%5A0$gJ=9j`{{I1S*YfOgPNZ!xq%fKiCI}(&_($%gVXSX&qMXOB>j_|{(9;5yF z)u4#l6zblptNSBx*LWWh0*Ou}vkcmK{k8TJM^!orJYp2`yTFwfs~~gMjkuNvie1DA zBTeMDId5xQ$3B`dWAH$4E>kgq<2Mx~)mTYVA|lL^!8-{X7=L_27Ci9L;)k;1)nwkd z39v_OR;W`Fvr8eJ33;}1LedyQsZk+kD^TUUUd|+xh^9{VyB}aDv&LfB$YfdqGT2Ox zEq%$vj&ZoNiwD8pAejc)u*kDEpsM2qM81Kf3?KtA=-{kl1Cm={<}Om4=`!tUjMWf} zCQ22m^}tJuWF0y$zIq<3wFTyJ0?XNMWBD$EVMZIfdc_T!2Th@ffhNDm-Jkcp8&IXy z#Ogd(I&yK#-Oc&25*ahadt__7$x3%7OhJP;r2qc-~fHO&ie zXDfW8Dc|j7E)DTtmUSdb+V23E^47U5+-L5;VMXn7DXFJN>^JriRWne&VsH+H`B%Ye zt<@SUbthhQ!Hwl5x*ZM1+1gg7#niTD>s-MXj`J&IL6Q(#@7m z`O(^T(P#Z);li7SzN3q1TMOB;60~vAclEUU>{<7?_Wy+h8?XKsRN(!WE?)mWT?z7g zP0I1Yk^68Aau_VS($mYz>FGY5>Vj`(!h-urAufJ)n?%O(J)nQ}_dfeWCI{ac@KbM#o9>op^n~Tg{`zHQVWn1J zcf9J3m!I5Ls11p}h};)^4J(Rrr{*6jy?3%Cyby1_XZ zKu6S%g6GMR2cQxreQEyZcHXC}m|{;0t_EO>qq4{f?_J{~iD5tfowBE(8=m`4YrG3$ zS@sPI`f8sKx;O{3yQFw=`YnBI58}~uFR_B@4KoNozVrD)bL;d#iA--r8XSfHV>x&i ze7`kvaA^!K%#uUz07+hww#JnO>4wCY{toqs$oYKg3n^PyrvQ?WB-&PQi(@zUM;J~y z;^AOsks$1NGu4yGL3UvV5r*(*nW=xg;qNt}9J=B9n{srmUw+b3my%|$N(%Zw1$c44 z<*53BmItU2j=j<{e|@pwW5q@Pwkj_ApBNNaqM!)SFy-Pz@@<{#*Lj!znR7qeSZH~e zlci}P$%sZV`XFrci#P@;wQWS090)ADXJX&@gJi>!XJWq^tTrWQ=9%yi-iV&_MVAR7 zoi|TTxSqgVJ-eE3(t4i{rRr*pY^;A!*M`i&@9i8r&FV^pz~T*>NbMn@#OE}-z~4&* ze)-FT1#i!a7&D8&W>7=?!Hcyd&W|8$1b;(CQyl(u0Kplu=J<`#=t^triHf%wr4j8! z^fsE$l&&y01K|jm$d^6=pJTigo)>0^j_EV+s~AVanJ;CF@L`9>NLRn49|@1u{UtiM zBrB7EW$W{`Dx(PEyiXA;V3b5RiGX?4=1iP4_~0{0X^0*kA+Y{oo<$Bd!V2FtIm38o zAO%WHB`wG{da|5DNiVNpEyt;41dTFBaqgCVyriYq>J7lWP^mu4NO+pal!NKC?bvUj z@$J}`R{vbILTZhI7*~H@bSmKh#JVej4t-XrGirz3Jz*dzbA+Yi7SSS~vuLQQz_c}i zp5qh-W+^is566qh0P;_D%rB69=qh$2KfJankN34810*wQaT7-H>kb8PN@8!2Off*% ziaDLb(|a-d3ujD;8K7!Ig#pU<#2>^0m0J+F4kq-A!aK9S0d=vTl8~VGy~clU4Y|kw zyN!7k+L1_2%Yvu)&W$5_T|Pt(mtKc75Q5PtXzmnYFWG2tGYxZ)=UHOiMF{@m0sh1{ z8RR&ALzprL!HqDsuKVQ{scRHwyi+2_m_$lWXh>SYHCzA*hgH;^|->mlj!21QILZ83#>EAPjHHE{TsN=n!UpxBtkN1?NKrc?LEbAw~ znY&9Ui&w3&lx~tfylmyvd|amQY%Q(1(&~t`a<(MTzL8aVl=xBc?c`fg84A>$CkKDu z=duYnV7yGhl+UR&{TlxzyywkFf*l9PV-^SehgUBi1*p#<*zq(1*GoFCzMq`otP1m3 z$?pEo5pdBnj@vbvj3Fcj^gucUg`{ERqYi$2UWQsDpeQpXebu9vEoO~BP zm-QQi3$5S4`1fnx(Y)hynp+(d=6%l9(mJQ*=D9o|KNlZQ{R*(}Zm-Y2<2(1@ZZvDW zk|u6SDtjtAxtzhxB}a(r{Pct2TUTX4kDLQ!Z-W_~w#l&h$82^Q)bv641SQ0{C@+^Vj zis?hg5i)z>Dx*+IQ+dNWWpOu7h2-LQoT3yG(TsFy)m)GNAU5L)Py zltD4gX^>b+dttEE<;hGZ4mF+5SVL@xna|@quLdjto@m=YfvD3ZcQQnKGQUuIV??G- znVB|{i^5c^HN~Bd8y%UY5@Js2<3`2VKOj@0ours-|c;U#$5yPeqqYf z2zv$Vdw#gNrRA^QBe6BE3;T>0;cm&KKT_rjer2j($0Pa%E}0)eKQo@6<_Opxbok4O zm)*pN@k#S!kmFa<#QUWV3m$j>Zbv#ACaMUiHu|xMLDvHEL(rK**?&-sr zOsQKQ`CgWFmfTw<+K%XI*NCzs1-m&8*%$BFvIN^$=&clIu3mS!*s9k_u63x__wQHi?mEpRx@Jt5- z#seGAcqrwH86#RDRgPTe>*G3L@Y~p+OAdQy3C&WF>q+>R&;jcs*#6Z*cx zf=$^HjW5hkMb5rILdh(flt!{M=X5gk0;=_+Ift03!7p7)(a-gDP$B!~(4`vy8xcLq~wtVaRv7RF~=!n_U-Xvo6%sWN{ zhFYBo6n)8=hK6GJN0e8aj8GJhDOgjyiy55Hg**lvdX;^>&+y&2A$VQaN*LTYjG3w8 zv2G9qB#GSCAbPV|0n;l|V6G$AUlJ@ZU6Pq0r@V6xWH1X=mIdYIDP}p%ER&Win&_Y| z4j|HUgtd8;C!a_y#=(<(QmV_@DGUME9vTECXsJ(25^F|BiZ8n0k;sK98oO#DR>(g* zW^obP*O!!d0I@$?+Q#=ie#5 zo?_orPvT8t-b~Dr+xY*mIG*e|MVy71;}|hCmc$qu_Q0s}5K7X`V*D<2&z)wX=sFZ8 zS(2mRrsCPs=CS6+MC51l!OC0LF*96_grhSp#mdE4Xgr^6pM2z@O3wiU#e37DGf%{L zlq{8~u4s6o^=J#wxNmSy2@l%h4`e3)dEc=Za5ycke}-%((^<%-9-@IXO5*QJSz)$u;Z>1)PkB|SWfM`5C zfN|@Ln<)ZpXUL58i21yZ1iXgOB5wN4;O#_@OJg_mSp^y85yi6Uz?%@BI_H<@e%4aFt^^(| zX`?C>DzDh0ybW7LRrW9jJ@Y;Gh}c19i28ht>=ysTpM3`X=2>MZD)pL$(3jHzvk#XVj8Ea5!+!Nj@yoGB4u93CRrAqi?vCSS0?c|a}$wN zbdUY8MPXEaN{Gn4ZSx-cCE0xbm;h}9ah6A!vq~!3<9nJ!2w!2lMU9Xi#52{J*EncT z8DA-dR*4OtU!tN@o(dDy)dCfPZ;c8?`*8dUpAX z%~c6nh0}TeBZJ%L2t*2gZv=n9F+i$I&k9a&*>dq0cPPhwW+<}ww{o;GH=VAWiF(1R z)|ai*66`1&0>sitU~F~7Dj(qi)dG;p%?5?SGEsX1zN`;;a(inWw*Z7ki23{8W9HG@ zB@RbVd;_rI5@vZ1N2%}u2*TJ-HGykWUJzM+`kb^W()rCamJomAswt6%YyQ>Tp>2Pv{#)=UZ{4A}*)Z`c|pYK6$`o#;(k`+!jV^ zoo`tjtWPXoDCm$b&|no8!Rtrm@0mZm$Z4Yl6+JFU%oF)NiNR#6T`iWvOcc1VD)&tM zy7$eK2tlMufu?4bi&)U)5@`d4jmnSwb7ZT7LDZfJfw6WKVn}fm*U<$v$uE+n?(>}C zRatVOD)BQ|Cdi{w7-V*UkN{s~&AD(r6RyPMLO0@zA1?&)4#)`r&JWCfq<8t zX9eYV>mP9iLVKQw#UQ`HdwZ!PRjIJANPBnrCSk81ip+Je1E&Sdv`toy;H;q zq>XUm;$hewOE+hwvayqvdVEienU!X6Usi)Q5(`8SqqQa`A4)Y1IE6~=7s{QQD`xeZ zp4}(vH#ARvc||z_#0!g&{%Pk471J;-{yg8QxVKWr7MeGFGp{W=z-`nT;K9Ja{`=0b zpHIq&CNMoLsrfZI@sDF*!)h?Id#aOqwfF1_`tJby(s%D=_q&o#-#=O*e9yCgJ;#^* zCfuv4H_U$nA;ZMqUJ)Tjf)1|U{bI}@ec%C^Q>QcfaLe=5RgH~`jn&Q3f4R7!7B!A9 zXfbM)MuWK!(f?e@XfWGi50-C_g!jeL=_?Q8=}PqDOS&!G&g(BJ_2bfYZ}gYOt!VgVQ;Y zu~oGu;CvI%awi=Lms^Cr|2Evn=TpT|PTGRe(z{>zbANCzW}X`dzy6@x<6}+#amLsD z;U_8brMhmO07OKLxqsmwpu$UD{WU-MjExgP>|%# zh;DVJU&5<-* z90jHyV_}B`{TYvpQm_ka<;w$?K|^1j>uJ-|Cwu#?Po$qJJkZj~Y)7dL?--$jV^B|$ z`_Carz3<2HaN0XhiT+R8b)xK*TLGFSqDx*4zXjP^=f9>$q75~CQmsZ%PdUm2NX)Lx*1Cw#V!6v@B;e4XjkKo6rQcSojLA;1SJL86iig`?i~nK%^+e!!=7PUtB9Qs3<*EK|_VPtXTf-Xrf}!?}#LjMyp4liA9~){M`8V+X$YJ~2>(%kU(X@6Cqyzd% zeb=`0&w~mWd&EcnVqspy{QK_*?{K8ELU$|PIF-NMHU1jxSpHB{MkUnDg&!g*fiuSh zV>1|LMG#H{-5b*+9*a=cow@LrqQh-|2V%F9^V3$vFfTlKc%-Ih?axnXi)X)Z`Fo+{K0U7dF!bE?*XD;sJ z5#&vL-vqJ9KNo(gg@^|h2|zi7hv%MwfrCERFaD8*ynm)jK27ZJtDR#HH@z78lI;0M zbdcjXl(B@+HKp>d3q6XZ$tMdSEk{6Uy>}e>hc|vZATI~D?HjO>2mTZI(Dk^r{b;*e z@)D8dp7VwA%F>ll4aZ+s&b@*0N!Wk2=RXrh!39JNqk#DK>*NLU&om|j`61tcV@KCJ z`NkbS>pU;SKC}k<2@6_P!+RIGhB)D3_z=xu>Bio4>-&s!IKe*FnqHu~hI- z2;5L|05@8En&9ith+}W&N3#_$>m-PA^tlsRsN=GF_LsjkpQf$@_HruRJ6FUBZJZ|R zlZc@tKcJQ4VMP#v=Lfh`-gP^f8c@SA+q^}Gx^MA^v0~?u%dryw8!!SXln8P|w?vTC z*xAYl#>C_a`A0|-vq~0>7Y^-#ABWaCy*E`p9Z#`cGP##+>bD|eGShg^dT&y?&tv^id^;N zwD?_4GZ=j__WL65Z=4^jhQ__>+w@!=fyx48*Gtz6zE#Ks>gbeTk5I=sYeSg#Fd{Z9 zF~E@Zk51re+Kr5y%wRe=q-L<_3&7`a%KjTEv3JCX|28osWFP0! z90f)gHpX|4IyfJmi;Gn&|7j6^Jr;OX*rUvE{Grb;L$JmtW$4F6Rv(@|gMxz^+sK;g zZXxr#mZdPumn;Kc5}{c)F%2nyQ<1O%ee+I74i#dMl+`qvvY+IY%mS|| zPe9xxVy-M4@H5V(c?r2JAQU@pWMm`<`8Z{G!B>1{Xs_<2bo=(Uag)^Y%}-$K1HNg_ z80e4|3*_S2Uiaf)Xtdb2VLTPQDLZ&m277xnecgRE7TG*Vg`~Kye>pOih|wkZ=QHs^ zfeEzOMd%?#eYtgaJp9wOSAVfT7Ql{8;PZBWcq%W>&}DR)y^GqyLI#L%=$9wo3hL_% zV8P>n9BCOSoSV~kzHM;3y}$j}b09GY*zuu3KVs%by$l?$&zZwNdZ>=J#A z6Nd~RnxHhci%RKm=G5yUoGWWFLIa^y`qWm6tqy@5b4Ys}!v##UfT*7PTVuUe32r?~<8F$mNwGzt zm8uBe?_xM3`d|B00ab1=8@Lbncn+K_rqIx+q}P$IYdMyq;6!7FGy&2$Y@|e45X5laoXBgD?Y%U444S@r%hb~HSs;G)I`N5uY6 z8ypP%w5?r10N_WZJn5fPw)@Fr;B7-_lUiwdwX6u+4e0k7c%C|l2|d=JBk$Y| zP>_t>;~zVnt-WVjU6MGja1irp)lO_|{yqu035(z4oY^OxX=Ye@tStLI&RC#OYmF9- zsKL(y8THxpD-ss1qB~hx3bP#7+@umz6Zs&BQ=b}*@RcczL`_x0iS;3Yg~TZfEBn`9 z))>1HG`H#9IHM@;g5c9>A1-pGrI4h?IBa1B0vC6>LdvFpq;%dtvwxtjlNDOk?i`S4 znX#p^+B}K09?30`pfJ&xW5M)qi5#e!p{;pJ%w`D02VAWhZWTbJ?e}su5Bf642FBUQ zRC!L4NUTs~w#A60KNB{-`ajO6JE zmQF!}hM!zhQTI3gX^zw!Z3}|0+xLaV^~B>KPXq@SC{UCc>^UgR6dy@(nxu&Acy(lu zW6GrtVtuN=A;dpLMzAw?t(+5E3NVSdfjMB}RR0}_$}IUq3EgXP;Lw~*2xc|?lRba!@MzR{y{ln* z;+Qlpeo}u5OsJq;%z?+`Gzn-{eC+PBltL)?IV+Fxi=DZpj(V8%snArz;dJaba^x7P z^3vpd{kZk{yazwMqT@3vkBN^_4A@`}-#yy;JYx?XBQZ0zBM&i;?2=1&whxKxWVSdljnVSrCclD1Z7X`C-lzJi}Z8{ zbPfh%_&iZ-LBLH)oWGwivNvsYX-p1#zs6h@nJh#UKKX%jhH4tooluE%k_GYz_?W2O zDnw^Oi^RvS#T$r4<`=+1-)%)U`CLp8{wVEjU)tjE)%7Cql z1D@b6uxl58RBXrW6yju_)}uaFqBjpy;nVRxlw4ikFsl=3w@T8l)-5YX{)50pgHXs! zPI-sK$2{Q4tsspftJRmoWstjBtx*sU&`3A8xFMm90|9%aR?!UNtv;T+Q!GS8nBf#N zfTmxDmF?(g`nT$eD@EUR=3TRTUqmI1=ZEn5zm9Zq4vpUI)IFMyk$>I(Torxc_#EH`)t6if-6{6a~juP^pwJlg3 zxduDx?2_>uaq59>T3xUHz(|Zv8S|$h!daddnT@+t`O`yhlNpI0eMa_COy->FYJ*K7 z9gG7CS;mEe#TS{gZ8^b2APX^Nqq?GYs)sJ8A>7IOlX4A)5Hb0w^j($%Q)zcNadtUX`YHKd;^tahTs#QS6;w=Dws0FCO`@ z;?oFCVmcSAUZ5s|NJ}*5{&bcg95AZHZV~MQh!=P`GO0E}ug*`eIQ8V&q9@Aq#(wDC zMQ!lOBcoGcyE52=U`b_anA|u#r8cvuvT9IJRpYj4#p4E1dm<&_3K({Z3bvwht*|q6 zO7(2k*D6h08CxjbKUA%6{D3g@8X^~%3Q^F1OyHvoe85R3oH%fZNciB#G=w+^%G%P{ zY%J)8Sf-GO-I<>dH%Vh+65D#e`z~`RdWUFi@w|7Sk}=DVP*$8bb!~80%bSCLv>2@c z1V+znm$zaxYl}I?haOvm?kuJuP1zZp&;0}hTjMR9)%^riAw6^&1oV-3@&GnM?`X*R zqmXj$AT_`7`!V(t!heIhOXl9ElgYbEbi#CgleH~r!O)v@J|;0A$ymJ-k!v_(gRnLx z#wI}Yh9+c$&OigjdEgYbUA~jykRysc)k@C{hw-lLcv4~`1!ojDjbjofeHrV`5##1O z;-EK6=E2UlKb$!?e|>ZI-SyiyZ-2OP&fdO$eR-=_T7C#JC&F@ajL@KxfP4t#-@rGN zM$&jMLg}C%7@4FZ6%zIyaOi>_E-R%HIA{fr4S9s-i#y|;r2{nlZ>p5yx)3O|h2GDs zHnOj4(ecsYfjA*~ev%=#Q|ef|?3n>`pnhnoJK$9>pwsW9mn(Wjrz&id@_c1w70yIJ zK&||gbpkqde6Z7uGfgPp+5RT0*2( zen_ssxeVQ^%LG2H0hS*U>4%1Pr2#!>pPU;olI)eiyY=VfpEM*$|Di-*4w0{Lmf(5B z#39o2AuNzFQ!)*&JsYg|_Q)DZsx(=Z%|f2eX1ekm8Api3F^xqF8CfJGqigCy1LViT zHX{iFqGV1v4i%&oFfV$3admxhc6xhpE{dmdfG#Ct=DWay(EMODN%=;#k0POp-~I9>uaAXZIiJXg!-{0$^k@xx-5(uoZeM=Qb16P_O)&)+ObdtS*4E%F!O z`k}WxTtD<$z|}{T6~IT2m9s|l3SCp0D58<6y1B5E5dpdV!lW1Y^U5GRiiyHs@_+gK zDXS1Y7SGC6b@S8^Xx-r?iI=2>sCk+su|G}|QcH8$%ES-2NU%yf-$2!x^=cu5vcD24 z!~WqZKhq|;$!?8KIaJZKJS&Sq6mR4K2-b^7#mR_&|DQl~JHlcCv^yhnqLjICcxLYu zL_SzIWpqr$K|^M;@)`0-6cZOG#QXpL-~XpTx+GwVjaE|5D1&Z@)+{Gf9_=A$BnjPk z5y^gZc)b$OVz)UdH;GDd7sZM2TF?G2eM74P=18U zt~7bg(pGM`$mCtcB%s)P<&R?=`-CC!n$H0K9tHZtE?g5kjBr2+;hz{tMV%&?Bh-zi zApSsqZxS3^H(eR|M zc7~<-r>uK;a(u+8$!2q5plTn*_3ONxMdnem;M3&+KEsBhI+fS;2uc^s3<`G!S!2xq zCwb+o(?00?GERdL|12pfWhUNgGLI(WG$;?%@PQYV!Wa}lE#502ji9?pj3*P{)$(hzVFm|;(}aGjyfTpb z3!-1nG2d9=rj!H|hxyZxcmhW=?2tM^n}DiX<4l^wH^9Qr{Ak8m)lV}56W*{W7d-w2 z6OBPRB&rff1Q=scV}`{5ilf4d>& zf8z%PM1-@f4xDa7R8D4OZU@O)LQVCj-ig?<<|LU>kEvZt_c-fKd57ab_m=;m##!VZ zHamY!9;j3!z4BRRl9T}`8Y>!9xr+Tcju$!mphSGs)JD_n`m580L5E}5#A`$*)} z*+&7v9{;!3>uClmT`on@(#Gs4J0*yNU0@*=4;MDVzY|y5>7Bv%*Em{1(0Q#t1l0#%*<0_EUMvCMp-r^%Dko!-Flp)m)? z({#=^NbObz@AGb5s?Xx9uyHl*76s2?EP0 zG^R9Bm8Iw|gm+Oz|3+xOxZ`c!i7!1i8=>E_ul(Qt(I5L^pUted#GO&pJ*S9KE~NP3 zwAZzKA!I}7*AK18kS(0t5^C8=v2<>W{-E#5+k01ntZupW;7KuC{?i6uw95q!$XsHG z-;9LJPy7dBnjr3#^v%T~dZh6^!T}AZm7Rmz>;^)YQ6T5NQ`vpkbk(HHEfQ@z#t*9R zi3>_ah}l>&v$Z8ci>0enwiWG~CV%bPEn0^uPD_xKeUu*vBs>ueJiCw>6J=u`dSm^8 zZ;nFiAzes}Ohw`p!S^&IlGLk6z2f?Aqm5v(NGLCr37}h;5DcafFq4I>R)(Q6Vk+G*B{}r5-Z&G>rmATRx>}2xu)kXL zgqtOr)V3{uf5*ke+ZjRdM`n~DOm=0PQfq0o(FQnNSl!Ab{7VA|w`YJ?p>jpY=!9M! zM%#75UW_lohaYjwq>mDer`SBp3~QJUKuXI*mXLZ2;& zlAR=k$ZR% zk=Uo6f_nwO)&iLLb3)TZLA(_|*8(}gevroGb`}#hqk)IM5id}p->d?brQkh~fxQtg z8o@#qXyav780C_Y8==F2*cwc_kI+!OwTU-EA|FY<|08rF#K2q!Mrc^tZ9UyfC#?N- zwHcdhVYw-5S8fBpanddivc#xB!@MmzuoC&pvl0gD#!9=C{@6 ztp$C#S!-5phTS-0mjl;gwk`*-*mA2xomEk%`2JLZmB#lbV^Trmt-tF5Av=_GKEk0XDRLW3EHlwzW2w zY1sr;*>2!Zh`VqD@*So3tW5b=U;uDv5_iiar!OCq35^Lqsp1JgvP#^uz20mr!>Ob- z6>ve_Eee?yF6LXxvWCO4OXpDvp0_fJL%(8cke_>^9XRFcm$LCzB&yom6@1mHo-{ZR z4Z%C&DJz7HHsnTWt`+{KeG{CmnaJRHcO6`iUj75GJTVuTKkPhR^f;c%4l7lXMP zc8?z%)7VcI`~;Mc_sJ&CDNMqISLA(CKH3p5H7F?CF6@d5H`m0i8O(%1GJPcedwH(O z98tp`HD9ete2~yM=N%07X;Ci4k4HXTzJZ7t+h|43O0aPno(gAY_>VzVUB$RrE`?D= zVGY`(aSpE;WyxvaV@9m|8Kv)vsK?YzE))_#YR15&p-ZBK^=0%V=7c19r18BUPW#yN z91)fYkW6iBK^AMM zRCi>?8#4aR_sN(}T2YjXGgQHZUN!dxCTU$KG?==EO!Q@I`RGZ@HJJ~jRMqZ8#O#4k zAV~$)5SFDx0>s32{nn!)3u&LyqT3*&lSEu6&2a3!YsXi!HSNxbmqK6@@*wUm`xs(0 zz*-KeNBTQ{n2;ELD|{RrdJYZ~U%xTQWc9z=V1^Sk@mo^MZ0mPOvH~GSh+|nPb@Ep7 zQ|KxB!T(!8n7_V8Ab64kxB-3f^~J=Z~*S}zdm#8_M!4GUXZc318T`}K@)U*0lT zjb$Mc1>EEK$qN_`y(P;!mD?2ud_w}_CNze8PijNnBt?w_F7Oiu4RWHI97Ul~iEBaw z?PYsw{QV4r&!zMP20BARBX8hUIb{vOvD|2V2oj=+hZ z!W8EHo#H!ZLSaW_8Qm&qQc1-q_9+~b0?Zg(?Ow?@NCYxBB6tw&&KgDU0>DaXMedd) zhGu_Ykd71w35i3T5Trkg?4YR25*pukmx{~=aY1~Ml~-oQ%TB)YG)Vj?AdYS+J55=* zRrVku@!St#o_-r+mt0x;X|1O&m%l`_IE^sj_jSESuxnX85x4nwb?PDc`)Bpa%eCK5ROr=h3`^H1Vmvs5ctC22Ya3` zGiyDV727EMOjoUZ%k?%ZG8^^^=+$DDb00HWszitR9&y1A$n(tBtURgKw~M~v zyw8f%sG2Ak0YQ#p5%MwfuYp?@2>xk&&waWwqF#!CoLK=KR9hLM>gM<+e_ft_GRmdGVP^-~trV!}QAeBD7DzZw*|<)*EyReSTHg0UB^)jPRR>m}1(#%l+@T$0XI zCq=amY<7y$YN%~P$lLbeMlkq7xEy8Z%OzxywhxS0Bg%+v1nkZzWimkhm?V#cgy_$Q zgTY|n93H$pdHI(H)I*tb)k0r4o0D}FtoCRA5*4m|*WckZhOHHbRgYXX zXy^vqlu-5p&Kxo*%#2_!AdIO2VrACxy6Oljnn)U-8c|wO$tkN@&I|=rU|oBGkvI49 z3exDJvC3V4c_jizXA>VnkeRu5-)T1kBEmgb$?vVI35C3qF=v1@1leqZQ$&FV4X~h%ZS+OPDZ%P$s5+oE1?&P9~7%mU27p+!?nI+gxSi3Y=~p# zC`9bOLGWk5RfhQ$C^-Tp$B)d;m-a=ottBSO4M4xf;grC(78AyZjMRo>A}rL^p-%l-LA?2 z8JbI15_e?!SmjNN4hMsp4oR4G5>=#fuvJM_Mu95H$|#b*;Vx+r;-;9*3QO>-AJ43L zUbu;FXjl2Y2H2mMx?x`ZcqWxK_Ifhv)$AQ+TXTNgyTZu~tVSX%BizYgA8NKkDdHiV z`J;h)w$cbbpOV3vs=Ce6kTNZhX6aa?%+j$~i&Qub8rUaPG=&nXfXY~teuzBsVET#( zyCW`5UHu5NU1^N+0+lp#8w>nf(b!5L$cIj54@5@#z>2vgdSdV?k4*fKc>7jTL7}+% zv-#>TMje^Wq3d+Zs&%{j=yB$|GnGq*A#cIQ#1&pzd=ZMXnSz&w5(~6z7^dxU-YT04 z(;(PKAuTiqrz_;Mj1Pda9>jhXUQQXh>DEcyLuhvz9U#u{f4bS1k!oW;U>T%uzrWb$ zpV7agw-E_%671gF`KyX~7@LMp?8>jHN5sgT3Uf^UB0p}{PzfnFtE@zS2VE2F{S^BN zc^kTIm;uDKF(=Kn*ovB)=QT&@%WwTQ{j3q`VMDh$T08mOY(UZ z_b&PZCJXImvdVm7PCjXUCN9Y!VtG}{D!sSKi8#wB?Iu$P5UwnC!_lWYi%!UFt2%3`AM>ea28;ggMs&2{83j32YQdE;fPk@g`c zij8ffPvl9t8Hdh{($DSES=pZr`E{1{tl6`(601$QceX&Q!okx*?K!-u zpS!cCMcI`-KFjFQwwX;ie%3UxhWBR;)U{kdYv8W!2U-LBckc|ElPOmA2wiSQKb2!> zT_fvwht|Pe&qcHj^7?+FbNKVex%iq zfA`L$wha0F9;GGiKetYG=n~Pc*IUs`2K`Gp*J>tF>LK_FB!iw}R_x zQ_FSEtA*w(eKIXl{_Fa%7RRg3ku^uOtt)GZ>irXTX0||VJNDc@txeeH99wh9 ze_F1sO?@f)x0ZJ2)Aew*cef@t*PH;gb#yIpbS+GoHr}pl5_V00R}1BqPOnch6;^h8 z&2?ex`?|XCt1W7*tZ{v*gDvi zuCe8f{GOd-i#9Az<{?|6nq109whGmaIm%kAsI9B4&41SMmo07nU&3S7qT#x3v*l#` z^c`o5(|aB7+1j~W=Ra$(z!f}b?bWbRH`-FrpOG(ZDgK|oLv3ldJ^`=VQoNQ{$u8|& zTiWc_!?uAy|FUkjjnif8Yr7#|+p2lDtix?BZ>V*-EyZB#ce}pdZ5zUVuFkiH9Jhx1 zt*xeM<%63wyuKH1b@NZ;id)&>C-0A2iTNk&lv|DSQl7cF8MpP#eLmmZ$`O2C2i@w4 zv~e%p>K<>>RkyO0_55|K>GXSW+O6!}#yoeW-I6?J7#dt&>eTa;om9jNaDilJrxTiW zY+qdKQ+`WTCRZAkQpDsfzN_HP374u_6I{W-MOm~P#h`y8snUPdf)4SVun4=^_2bWU z{CDCezo6GN^b;EMS))to!ILwz$2TRWuPfCq3Lek=JnE4!Q5knL#9m|odo6GTE6W<} zBJe<18Lumi7u-?y)G*2BE3Nc%%8CLdjkN%1jL=-;Y$;s|6^(^qwqVeqEo`%jmN73w zE`Km|od(26t`0BZU0#N?hs7+ZQre2m;cXZ!zKQ8PKVfAJ6sLhSlAq)Int0zJ35YGk z=k+Hsog;9pPkc8GaExf|PyMjBE}k{B|4qe|7x?>3AHNeSQLT#4#JkiJS)2ugirMJ% zU$g97uaVnjdu#W!bPZimkA1Z63FY+K9h1%+yhPS9xkp%xveY`?>V&m$${JImObIiv z7i%3uu$Qguq5dNOsOAYJ4Hfu;-Gmsvd<#X+AnPd)Y-7!`s+JAnTP-`VWUW_7U$9iu zL_Gz8BKKW)jp(Z#{+QSlWs91bWr`hZb22co$UOI-f|=Fe`=lH#*R^M4YBfFHJZIZL zHD2_txmR`vF3dP+>p1FA> zuAF<)@Q%VwP%xD-zFrP+hb9vH3D*n2~)R@y|jtW7Hp^ zvl$MjV*1cW2nQ2-XbO&YQl}YZdJ0j0m+cAlW<>ok;lC1!USzIb(!uTpqM@)bCo+ZxDj-#%CG?0g z9~8>%;j1dGT1fD;HE3RT*PqYR1gM|jDTCY2n7DL4hX7c6ts3?GDPc+Lc4cvS>-UHk zh|Tc9@yQ6|Ua!|fR{_C{aHhfMt#8coeQ}AO>_26bzZF!cP0nh2jU!0%?Xa45-sS!4DY|()3-x5uzI!ij!8~Qf0sTURQ-r}AS zB&r#G4AnjYI_?P#JQ8!E#iJqI^fmic3#fb;xuC;AjY&WsOQ_QpRwa2?aPqcy)pnlV zhF|x@(Gun|$l0p-@irCTS2rVaw}9M;D1lr}S(2td0|IHOA2|vb(0Jmf8j%ueYv;)T`bqu`z`t(d3q&O(;jhh7`jnyei zZjU(f;aHG2V^@<*Fl>XJ8)dX}3;cc{@i<>%st`~w0-tFT3sm@qn-7;FWSKUMN83~h zIS)L%bYKtp&KQ`8MQU7rni1fMe5(*|gw43DERWylr_<{KGvW4U`H$}jVMj$8^_?x1Bwjn{B5B;2}FRvw@}TeSpPda$yA@*`3!XiJ}^>~`dlC~x8P zOh+Xf7vq4`s_Rv!qasvw3eXWsHhuC@249XbE#>KF&>IeW)(Pm~V0!|3o)b`RLWnI? zaiMcC^)kJW8BU#$JUSAV^Wb9#JAzga7`$WX z1z%e{5TR&#rxcUMZuF0o@F~~5xp;MPc8k28hrvM$o!-FU?W42Pn+x>QcNcFs1Q#bb zpwr$AGY##IkAxqPDcRN4_tA^9w{PBDoZY_IL$|rg1}1mR|EE!H4_&;vxj+MS@#dUk zz`x#&7kuaV=KAgH3Lpqf*<(2J0Pb9p@_;-rx*26(;oP;`$U0it(zmBSe0$N*(vAPmLQ9+y z09l7kx93Ox8bEK8W(fF;W#hhIRcxw=5wi5uH`;Y{yH&1^r7`7|hu+nil7*B7_fmuEMc!YblC7p)sY&ewO`3M2k3A=`EsNxquw|5<8zFEuLgGI(D(I3Y0=iE;@_7;UnBH=Il#4|-j{=1JK%je*pCzI{`taz zt6s;eN4Z~N^2SdT>b?U0I#KQ`K&}_yz5?j_vF$4W|Ng_;tB$W2(SC(F{1jpBOJT1b z(Y_SiI>GEq0j?Xzz7*(331L5c#t`=Qx&B$B*V|1$ci?)v_2-LOUy!~I_0B34ZnQZ>iqVcm)zM#v0|M1T8`P!lxMJgjMu#K6m=ku6MYOFKXR}L31N1#E-FgCXZi30 zXCf4t)WPMW1Wf6^6&N6*9w$Id)6jEbI`*|o>W?yls0u%z=+u@X#u`&J>6?9Q6BZ!f zSMy?2o0b-$z-04DCeLs@pShejLci4%B%ud3h$d3zeX24$*5G*8m>c8BR6`YuL=ZKr z`|Gc$CurEKUkV>SNHwB?_}hrYILR(=rI%do0+eMM)}bt=Wj=ZFn``GogRtDFbra1?OJM~ea~^Pj zF4Z46kxu7|B3TH0F+sfY3l>Ac>e84{*3YJnLnRUWh)lt&SH!fshew(pzt7d1>PR7`y^`xQ1J z;QPU7er9EXR0Pu?9vUx<*>0j&>EB&NbLGlnEFM2(2@Z=sxlN?jxol@RPD=CG76)O+ zc$eoTsD)#9MYm!CC_^lkYw@>Ga|#w5MFGV3W^ggUROTYZS8P`n4XGslPDS(L^|gV- zYx7MDRQzyCSe_0Au`VANfTq5hqYp;o~}On5;_ z`>6!SQ<7v+$b`WY7N>~6)3LM(3(bwr#7?!68GR||eqH_=d{HQ@D-nJ}6y$g{#VpuI zjP8q&!{TabUxZ76YJ4qwBq9(71@#p3r!nfC@r6-;!&}X+cEnLhNy>mU@DgoC5Lun8 z+IH{R^C{1&DL$KISih1W6fc;6qnASxlt~i!%JAE(;JAqkKz%E zrgui-`MUs5f0gjR;&Nyd`(ZLc-G5`sR-ub_{m>0kkDzX;QD+zR_PAvF0rk=0$zXu~ zf`(?h6TUqR=jN-R%vXt#2NHvL@5X-OyErhv7sPE{&$>uA`UbQ1*I!X1_UOY0%i@Wl z08gh}ZXGW;08W=b3KsI=LzkDH(KI%lJ!J>d`5ecKk?o6_;j=toc{`}A3jeTu)N@b6 zsS;f?g;$~>#d7pcjhO=P12a?w?=)I#C|x1`r^Hx1n|LF z_ZAFYazf*ISKRREcLw|7Fp6n*AOu)ILn4yx7#!uD*gQY%OT5!$R)(+9UmM@kG?|ew zQT)l0^6QZap=)G8V(%JOtA|IOoC{J!*ot!-$eo;!u12o$?pr5`$T}n2)R*rPnx_Xt!n3;(duDe&0;&knb;mRRh2MfN5 zcT)@Urqj7Nx5S z13yg2G|$mA1`u9bgZR|9m_mGkbvBw+My`q``4NS<4p~~KTEU-OE$uTCEMq5n^U=l<(lV#Tl(&1-;s5*4PRm)L|5NustpDci?Zr(md7rGV zV`|X<9UQ$J7WIEeTm9d2JZImXUf-fOr>`$Y=+|H61zr!%H6K27#Md7$u5T{izA+2@ z$k!eXd70CztFjWOQDhYAeDQ_yZ5~4g2{4g*ocV!_gvaY3pP@0~QoTo_fG&uKzWAck z`Sn+ai}}j3$Mf+tq%85>*VM~y_da~++-gAlkUb_O%mDcz$||Bc1l~Oj0_n4ZX83`~ z8X~8G2L_HR00;kD!=w)+evJJjAt6M*8+AHHDm%b7cT!LsIq2EyGhaRWi5$`iXIG(bNHp>Clw%PesCe%`iA|bNJc!9`!$dnUKfh70o zn7B!RrX&$194EUIY)Wq(IXby zfJesZ)I!a~jK6G&RpO&R^HqZ0euHkmyFgcO&;NoP2lZ)`XzLHLZCQ+zgh{-BU8%=r zs6Y0@{ur}ar*j!18hb*oqJ%WL7PK9&ax9Z@WhZ2005#(}!1R~IqoH)1hCPlXpH(Da zg3P9hO576*^)B(ygD;XmS=WRaJj)7CUKC2b*MtTEedKHY{EhIpW+KclUs--=WrUVp zt!P7~8@DecdsRc)V-Kz}QSAlP#eqz-(T6-6Mhr~Nfyh7fk}(A|TgV1d)u3sJq-&$9 z^TJw~k`TBd{QXCv!2{3H(O0DiX%#CVq58`C&TdE(v`gkuvM>Sd?V;U}SfDk$?p{Ws zG@12^_ZWcMEd{OsE7sHYc?I>bj~tB8;K^Y7?)aD7uFfL5SjmonCmHc`q(9XV0^tyB#4Uu1&a%LxcTMtJs2o)AXlT>jXH z;QP{$YK9Z2qr{8uib747OW9he!4K3I5;Tcp;O&qKSL|PKVFF>JFVB%-wy(yiMIeL^ zA3h+D5)q6Vk~DSe7Ym3LCE>RXv8rSxv60^YB~lD^-^gUY-2&oP_GUFUlC8aYdwy|u zd6i>kBGo~=cm)%*3;;CY4<537X>t zO88pFXhI&*+z->la8t8#9$#L`i)~x~fd+dp=yL4kF!NJD zcZCU^^<2&A_6MrZZOZG6^(~pGnh3nh&V5=10sy(9`&Y@=TPe|R_;p4j^TgTcYU;a30u9M7-6 z_P;<6{(J=CnkRlhIMe-V&dK7=$OwJW7fZDNMMpc(C`QD&<^ugA#eqoUgri9KEfoT5 ziBxgoB8_!^A}EQ|5Hy}RK_`cxwr6NeT%0n37@ZR{X0CwglfV-}SiyN-rCawI+8v8@ zlv0JrrFSlz?)5r=Jzw_11FC`dJDL8gwXRR7`W(~YPk(-s zPA2|))O9lafFV0Z;_G*c<4sA*%;Ioj)oL8%p zs^UUm1#(@JB#lFrFgPM{G5$0MUfUn zdKo@m1e+EPugx>nh|Jy8&&Vul_Ll#In{0dbmXCe|QTA4+ir!jrx!HX!F|tcMLx!<2 z=o!V~Zcf!PrI@x=DkTx?_ODpHQu?SRgz0tCf*9EewmmU)6YYtit60P^nktqmrBV@2 zC6&I--?E8otom)ryy|LC5YVXm;Z&~2Qc1Uqc9SSr64D>{>Is%B?zCySO*@rGi^faRxsEpG(V=lBi23t9S+EK`6}VL=NOJ>nEL8)g z^QIY!(-zM)u*$d5Et?QsyPi3z@-wxje!B??-i%93MJWGCPr^Kg8=QUx&`VCdLj9Ge zTq7p6lcvN%q5X`3D01y53@`o><_nFLsYU6j%CKtM+e5qLAI-%qE2g?}D+5$qHoX?y zVX1kaBeaR)2Bv-EaL!Rc@CCq!4nqF-r3MCQ8DG(hi zt0$pbGs54g+G&qVp_&1wiwK`2XG_4yFZ(y^{VIkmf$=v1wE9Wq(SYb=!A?G&W~!W>7Hrz}-c zEtWG?qul|gx_Y}~jvaY$8KvzCj7n3Zl2=t}x4|Mz+N>FY5?c)cK-P4z1_5}w!Q|{= zQv;v>8cn|&<1@3!p4b^02W1acvcO=ebAAbl$omAMf^J~eDo|%j&)$oC&DCac5lqY3 ztT2DdX%5sUwMV!anBXj%`CNHRsm_bUGnOVth~8RvN-8(U)_kP<-&uO z^RZXwr&p$jS{+>j4@bQu(D|v0GTgl%dY4Rx_Rw@vHTSHed*N#XH_x{M?6BBG{*CE^ zyyB$H@(F@JvhqD>1#ekl;TXP49fhky*4eQ~eG7 zBc%zE=Biz9%u)ENl`(2wXJ!*0F&4NaPO4xf0Xrkw9G9`+o-7*53PqkWgO#S;&djvT zjZF8ITmm2al>DpVGPgeM>Pf*V`-J4^{%V*2uS1T^7}&B6SH4F%ixM*@JP`3`g-4hS}f`0o=Rw*fN7i}_@qw~lQ2*N>tlm#*JLkL~Q{BRl&G$)MVDcJ{} z;_`wM><9HbOWxvHFJ=jh@udv53Z-9g1VP!ecctstZUoqvwf(*($&7l|2C#lB5sRuJ za&d&FiSe>q>^m>`cj||z`?s)b6m_%-`6Mgr7XEnp>W7OP^yBHP%k$IQ%eQYv ze+&73tE>D5l3daNx_1JQ}`8P)Ni(M3Wh$ zUP=;}L6EQ0!_g9xqAkox6mEAhw~56I;q z(qgrVEN}B0Rr9x&DE=F3bD>;E<$JPdPwD)%@`j0hZ-TcJ7UhKgUgEwQvA-va=cV`A z=`s`h^eLydiyLNkdvfH-dUmR*x;mw-xTMFwe6_Ek}HX+E8~@KjMtj$H}!^*t>*i`F$ZS!QdWdHO<=}l zPSqgEqmUm?#V{H)tKc}Sn&a5iu2Us`Y;Uyf^W0CP|0j8$#Mt3y&fWsgS8@TZ_x~IW zh9}2)|Id??!PfutIUbO5AlQN88ZhAJ5H}IDf{s(>RM8k)(2gKz>w7+Sr?-!O8rQ$f zsVoj#4uPN-OLBsS^?z{mGQa*0UcMY|*Z*@oB{G~G@hcedOjBfB?BzOQ* zXHF9A;RKI5B9S6AVp>=LYHhRjb*yZRRiQ{aMqdo36ai@Gw& zX^l^K3CBjI;b1L*1{X&q!DlnWTliUunwczIM65MZ5N-lhvw;SD4QyFNTt4;@^=?%5 zUFgvqC+_T3^Dr6Z?2$SVZ3&inyNFbhNe5j_W!iZ$xkhEFrcr^NtQnbH0}R`lRMr~%O>29F{rO=i_gHP4(zw5_Y`WQQ zv(2u`H?rv#W0Jdc9?_75$w*l{Zg=O+?apfER9IEHMdL$LTS>#o2>s@)Pwn#d+IOR} z10_~(q8HP<*%+%HY_0<(?X~a4?`zB3KE~5}|IZnmFCz#v?Ek~#;X!WyKN<|S`JbQV zX}|xMn2K*i4p`rpV=EB+3kd}DfyA*7*>N_#$(MUJ)S~#=?~JYazil_a)GpA(|Bnjs zKaUR%UvByTb3A1>W2H_9<&IMojtQIC7glvz_$a%Gnu03U6W%bwb?}!# zUD=N$i-?Sn&Sum>h!F@0eL9)&Q^;auy2R#N&y_9R&hvF#)s`r&f7UjXt7MIVVKw5& zWjsrg$T25AlJ+4rO^B#m^Gq-l^%5LUNpc0Xb6{C!G_r!7&2qZft(;KywBG+MJJ97M zfQJ45 zA8s6>)htS@k*lyN9Uh^QIL6h1p&N;6Q=u?3pQ-;QLaX(>!gjet;LOF9$w{2$$BXJ6 zuKmtbvp8A+X}fM(fLeP=t%U9;u-aC_`$-n!a-;Nd*XWYCKGpKA4F~nqE4Nib$I8XD z&X_gr{5D<1Q!4_*1ba_S^py$zr0yF_w*N2d)zSWGeg2n9o;eNugvLuL02 z!-GM={^w-4jsNm2&#xx<68~|WDebZ(cvIn;}BiIYz+PqhK;8JDN$ioS_Nn)IkskC{r z---2@GX<`wUhjYZbcdLh>t1c85&?s~@ns$b$I%txthf&ur|BCAZy=%=K>W9z}LKKI4bhawqq0&m0>fAqiuO-~gcA z%6NXC{de#pK@xoF;ch49$w^xz9#tryP*o^Y5r4zb7F%8oy>db`Ok!~;GkNs;sQTsnYhDMOjLANCOPj^>NC^m5~nl@qRC zf{mT&YXN6y6bFF{o!r=k03}uwq*I+ik#R|uOv-X- zULWeD{e~bXnUgZ0BokXKhD!K!6`_(u#AgY3d>NIjE#2IRB8IqZM{SH<(ACAdrDx@@ z?L{XSD#x3K&uVgg7(?Qt#sG@Kbr9MOD)9QEAn3|;3k^!&p{1TYtWkMYv<$3j#I6yO%C0bDu;1KXR zX263C)nk*?t6c}})Xorg&r#SB(eG8XW3XKW09eRBq@46I!7vCPqe?Ndn;Kf|#-349Hn;zaeMK=qZWHq_*$?Ch=t{p8m!06xqK5~In6mh2P z10`{!vJ9__xwv~27cV2pFJZ#mGN5W}2?24U#r`Y*(1AdA_ zzfE(Xw-Edw;&X5SdJFj3{H;-uX<^%Ona2n;0zX)INsyzM!ht64bU$*HcgZ5|)=?53x#k{d) zxhrJX`xRHsb-}wgt8T?g7V+=y#aT|UP0Upb9I5grH6?3$S&l^&zm80nYBKW_){mft zD%Gs?XQ(y_*U80_J|{cD1~B^aGyB80>9e~0Sr`WkkP!>Ea|s@nxLUWps&c*s7u_}f z(X|q{%@84SAyuRCCW8}$jY+~1y|rnPT^fO=*Kqr#lcrm=eXaZQS1LC^fu6nA&)=(; z%4dxej?*)_N&N%Ec0W*uYF%YM;twqn?;B-A9PmzA|HPt=vtp2=C@E%ya%>Cz)MKN+ z5;WL8$^C<&2Tn}8zDi$`*0hXmhQ8H~n8}x^ql+*lYa1i$^YTJ8oJmSgWk8WnRQPA+ zP|0sOtIsdbW+=HtEhLugwjw0E-Nq)qkGTz3*SCce8@OGcF?+c9I5{|cPasnz>0jO* zy4lg4LpRNvowI?Pv*fBu)12tE%I`s$PvEXAsCv%WRA|jT_-774UY_%|$XJZ2mgL zl{DdzqjmF{7%-%d1v{)Za}O>WtY*1toEQUM&%g{ih9>`8%HKMrY zKgX@!Cy+cA_TIOCeNx7;9Slayi#BXT&s1bb_#Ca1374Ab;>6C%0zfYpr(m)jrwkv$ z6Q`Y1`#lTxsqqg5Ybiks^jGqLOB`Os>w_pcJW13AH zK57Qm0MO)cS+&_z>b;u~Iyt_x7_G)p2i>ia&YOb^n0{MXBm|@L}(IXsPX0rfnaQ@U0|gdv8ty3!rURC!qjK;ah{iy zj2PsiWUG8^_`O&0gdVz3H2=~>jxJVgmKXq%`glH03qh+D>^vP0wob+tFx4kHkuCCv zutut;C0**S{Ds;owl5QIJ2+o&AG&d3C`1%LS|3w=K5FfesI#kP`jG-}M<;JZ#@*?h zI`<>@xcIC#u1^PV;Xe0f=pG`4wvqm{3JopEmADx`;hKAtP+;+(Pa-9?c>j|O<)@gf zTuS@cPv~8|DbDD9bmpjbK>JIS*T2m_ReIj<=NLh5A1RVg_}%kGTY#-fALAgXn2ec^ zlI{}ye)uKJwEvjvvVx9sXX~2S;pEd2ROtB+r)5*a(JPs%hc724ZoE$?hepPl0D@nf z$?wa^VvfRpSVB?lLdaE@7mvo_iV22)QJx-ElLI>)=ng$RW03Llz1Uw+pedXv{EWfr z)evh0MnRZe$8OAKek_&OFZy+IYR*Sg$%J@KSh|lMLQ@{G&9&s3)e^*|AzzhWSdro( z($Ue%g#2fjKT5jHEyo2B-7S!gyKLg+#HgO#Vlh>B%?HrPFZ1>j;ZU{~W2c%HW0Fh% zqf(`_JUy2PTz2#KA=RI+?d0X*d-YAhq&bqB>xJ5hHgRys`Kz9=e~J_sJ6yaBb`dh8 zF4frL~=zqqC8j6Ez%&L@tdPjH!oy z=ZKq4JhX$*s2;wb1EoqnY!Hy64T!OwlJRZ9(aK^y;XDlA=O`Q@kVi*8$=QVsMo;ON zGXVdq&nnaRogMQ8$6bBIqWld#rQ|N+kfoarNrNfl zPcF#knu{|h=lV+o7v~c=`lN^&&ZsMw3U%BTFp{=}Wpq5%Hx7$TPK&vI2*UM0Cny5GP#<{LdXE)NLr|*;-TnJ>!bEPp z!{w}cb8P~Zb-JpR7(opE-PD(qMO9IQuV?CttnzOQadY849PR90w1Ljw7oqEP^)B4h zr$#hU9LD@S@XmMbYScmFema1;l-zMk(I$?u7$R#2T(|Ak2eHovHh zpHS*XIxD;ITweO2)5&-`L?`>GKH^N3x1JXPDN8!w&)2c)0p1GkL znRBPp#`}y)ga@cyown?k=~IJrXbvS1sUWg{n;*a)(7y8mc9);oW~d{!RxPy#D0r?e z=qJqhP)`)F?^&5mfUz8oQHxoaKO0rxXfv~&GA>hxyM~$}1!vM4JEUb_4Q}i9SH%T4 zOw`H2*~+fss(`P{H{-Z9Cyhi9R0PVhOX?5Vv;P+UNh`G2Mw1?ispVgGUPl32eCJy( zUz)UB1zCUp(L8&pvR~T1*DF8izyE`7w`}u_5g}R3Zyu}CuP3D&`O~4g)1^Vf9=baI zw{U$9Sq=8SSwFqXA=XeW zsnbPAT)ivL^4R(E%ceTZ*O{#bO;W=Blslt*E96zNxp*-0i_cIvr4#1P-4)5HaU=JD zWkliL^aV!}*&e}gjKAjW z!L;TNBVOpq`UYK`xs%=#KIb#sULjB4htDZ>{JXDs7Pb%= zM*;}`wzh0P@GaZ-8`EK<2k)A&_iKNyc1Eqhuf9=Vy~Qb^gUqP$v~1d?R%2iLc_F!@ zbxK{R)|ynMWjiD8l~)tX-4ZT)lvNG z&}idIUZ~tK#5qpPok9aq(C}$7%9%1daqyS&*xI>uWl8hbtaiO&yK+fV;AIDke|q*& zBj>0kKP^6nY)TgWM=dt5v#A7PeqR;)s9Uap^F;kovFeW+p+4HgIta_SEW?2?(gXBtm55%71|0W_a37)!@7 zQ0sJD5O{9O;y)9?Z-&tY3LsaHvO`R(No$T(e3l?Qa`Fus(JXt*RmG72T9<6>QO*Y` z(5=k#KRF<&&+FyKW{)anuE;2iZmPzDx&VR#LkE;PT?QzXzhFi=v&MnwBiaK?}u7uOZ|9QTkNc{MHB4cAi_F%=+LcgoDrK>)_Ts zYbD;b+RhNN7`*>9t(l%2N+cOGeb%v!$t55x0_0>o-@ZMbFJEtWB>}s9J~@HcyYH^H zK)ai#&G*1>mvM);>r3eJ_u+lJ;~m_sQ+i+$jR|l{pi{l6ir;E_*8>BjPNsv6?fDcq z284d0V3j*w#n41EGt$?1R@;(EAg5f9^}`>MfdvG1$Tdf> zs|L^a(Db$`4NTJ!A?B5Qg;kimp95y1$L?2kZ4#UV=>&{`O+^&?18 zvt#lLkNO$n>Kb6*^??1Q)EvssulHxyEQH_poA=f*qjG`*PAG}nqD%xgNG{g z>x;}Qh63wfin$Ty34X9%KvB>bYs$793F6B*Pftx8_`sjl?6YJ)Sg^T&;uGLl8xrKi zCzH1*@%~Z$PN-}$KQ^=}c5Wz0x|F|Y= ze#Ch?4$@1ysSr2SAbxF|0Bu_@$z>QHP6*|)y?-y z?M~d%0Qwq~2@P=&$cM2Q?n#{%#-2s!oS36O5BiuptCdR_Hmc2Za7I@7t-_E~cbiOL zp9Fd!LP)b$Hi2-M17Zf{4701Vrl)n-T8ivh2GhIQ*|x*##O+gKQXQAK_5(8$st6TS zV=Io3{n!RWiVYW@r18c{UGzT1#F#3A8kS+>rzJRnb*!kZHJ~x!+~!BAq)IA&X)f|` z`s&IdMlmzJP7y*ADP=NO#>U%IP)mONcrTp0ayhJq73Ei*>3@uC-s4eeNAMpmnfE+@ z{IqO8Nv~{^bJg3vZ}y&^d>%7Dv>>tW7Kj4BasFFjHO1-DM+1V=l@;m=lrxC*nEBew*Br}t^3ej?51M3D{eZFl!~%c+EOV+ zD;~y?$DaAfBZ%@BXUHetAciq|!7SZ)>L)GUyjF_+Njghd(7J-;@7K)BlRIV0YSOQ! zRsjT7XlrMr%N}2uC#Qn=DT?rd%!Oqy9nNiQsN`^QUI%UMy9a z=Jt|bL`dm_865f_V7JhM*9tHLjDnO(W|>~RuZ7>NchFt{W>dhjo=Fde?nSCj1k z5Jj@}btT6mjb#iXtu1tQ#+V-_6goyhbRP>>z;9u=^;{f&MUt#!6^OKj*EN0$v;}N; zT>xe8KFWXXR10_o>-&R5@@zChL@L z!prHheob0`m;nBI3R5P}=JlPTxLs881*ENBb#1D{9^Y?_rQiBmL#Rc6F5dy!whupj zw{SarfPKK6J@t3E9PbY3Qnq1SckUk=1xfcE?cqFq_T|^*o9H?#pQ5Xs#7|kAM=qiE zBU5sb4bur?w)f`4KvhSu%6ed@_q+Dj$8~$Nt_{(Robx z0Tj)YPT;q<e4^}#J(&CC5r?0A0?MVeEc#1X!seO)eLY`ztATi3JZ`l>p3(gkAWQAy zsfHzG&n6sTa3H=4T>Z~DzbIP^Lf~O+BK25iI4-nDTEeiEskyZGRPjL^e7jsFb3T#J z*W8F>oM3i>OnN2{s;`wxehlZ6WK-s16WMPXCA5e$>~xg%v1R*pj21%?Y0b)iMi{C3 z8udJuJ!oRr_^Bp>fyZQXMIg-vCJ+3(jf%Pqq2P=lqn4;uPi#L?9s=$FDN%`|>e`tJ zZ$jk8yQl<3{Nlj2XRo)KSsF*w&M!T24qjbAV0nBS3;xzRTxO^RYgmkqNk|^3F^QHu zR*g(J)<=324M5|fq~MTBEuAVqui?vC5f6RwB%_GBZtsEDfNk`BzAm3t-<%6Txc1qE3z3>%llb2^zlGPYdj1KkF<=|7)`vsIUqH25hAI#7Reyg?a zyoOul%%9BDBQ{NG_)g(O;X*b_(5=v_CWkeuHB56>i(!L*kvMQ1;W*OGQ^GH}OifD4 zSj!BbtYon*`nV^csywIvVW?%v2c)~bCtc7b$QEM5Ta7^FgkZ2vgzjZ>q1>_|I7r-= zgX-$V|KPRM1u$N^J05J-y8Z2zExJ}UGC7Fhj)eBT$iT(^Bp?(b9y!j{bf>Ir|9y;` z(ckZSt=^#)YZ7CvzaL~-C!r)iEyE%o90Pbhh$TL-9uijA`hdg9-U5TlCT|K(C((P& z$A(H07@evxuKOrIkcpm@#%4Yax)tyv62it{a&O(rGd5Qx1%FF9qH=VJoqhpG0`%PR zZD76%6GD1S>w?H{Nal5@lOze9G4e!&2W0D2Z;X{1Kb$g%Be3@B7#b0sgWteEZR$U8 z9Ecn{FkmWOmV+2ccr6g}DK=n4+m#`60gYP6wA69LBL)b>flEW3dRah(xsRt2Ozh*Q7bEut*oV*Y+07YGg?FNzKI9 z+1J7uTaJy8DL2Z93B5zc=f2 z=Oq!{^AW@SPY^n=cQ2I7@zFM*wfU3FBag0o7a^}3@Xc8Suuhc!QLO+rz9*ku+9e>V z9rx!jTW`mzg!hk4S7({Ph(!-4YyG5k$j;MU>(&d?yhLhBHU)KUu61AadqlhU=k8cZ|KD&ToC{bl&)sYR z3O5C2v)^p_pEXPp4BQ9 zB92H(>lxh+Z2Eo8AjHk7NGAUoJZHV&!XEuK-IOGascH))04e56E9nGVM}st4|D)>? zH~#odZE~>JF_kEictg$8wz|B!I*m`YUmZYB(626zHN3@f`zN`k7NWvAF5z6fS=~cH zqv<&@L8!6Wy(eq40n`&59oYaV8mfDSl7Zv7x)QQW<5DvfS8%gst@XM4@Md7=`avB%_W!^MxAEXb~sZ`M=~iDS~RI|MP%%Yho=^MBbx zaPbW_AXA0b+#sPCath)skKgwcl1H&BrNWa{yC(9&7=7MGr;LM7{J#YRScAKEOXpIH z6Qj!1JQSnv>|VN1kJZHY(r?4xwBqpY?B!^9z8>wF-er6MGpU8Bv*f=D!d@I_;;2Wi z*3CyMEWH6f?p67f*XJ;0&UCEq$1^O6p8Szj_UXGz# z8q?!zpk0$d-xD-;N>P{y&GnluXjA*Rh9#Y2+M;g&VHV>kaz{}0^fTuSrS<>T28{n? zK;GaxXRtlmZ|GshD=xK_KFDwLTC`wSug*4r+u$ zIwQe!8kKa1tePHj2HO}N+zG8u$ncUVrf(OnfNvu@^Px3WB2r=IH5erKbj&Pjx=qHm~&tjSAI!w4PysEwyLU}Z4Be?EDVxfSYF(`oj>&0f|e}0@M;!2w-LSZTAR9Kni9C5Q9n;m1*KYy z*e2t?=LVp>6GMlDcr$eqBpN)VU)VC_g1z<)X&@}JePYcxEzHBNS$onr@-us8=B}nI zpsmKRiWbrDI>iD^M=}wPrk^T-^+_HB&zdr7!&Fw_{gU=-$r`SPGJYyL}8RGTnIFSc!W64W7nQ zqIBZFL`o+CTL1viecpZ5eMNA9EBBN3Y@=aoWkl2S%Hw~NX5O?6+)2@nj%>E9+&&l5PMy~ zvQT!UlCrry_ON7>ha~n9ho0RS=AMeUE zGTdspA>-5>@BONK!@m^Iv40}c>cK_s+}tMJ>e@cLbam;Td$g!izxck*#kcwENH?p$ zkt?SS{75!;eZE}_n8T1it^@Jf(GK0_@lJJQdmYfdEML3BPb2v`d(ygd;)#|%0KGYn zjC@86#||3NWs>Gk8ZHnPN5@+WEyogvu)rjM>{~ojo@f-#06--J7dY%m(pPkDX}WY}U|itpZB3Q$|BH?WsDl zZ+0&7YDZ?iN@o7<4RRks2M23AAIMZ7vbt!bZsKL{<<|U%3p>dAa-V#2VNbyS=EBi) znF9Y07v7WqA1*w_@&Dq&q^{pwn99+{xcX-*sP0hM`PHXo7DPANyAC+UFdR*qydl*N zy5w}aOARW!YMmzL@8-GU^Jsi^KFkYZB%9yp{Bv&>0w4?2v{1jaC%4wemNHrvj8$dl zwQ$|-e$YF>ygxRSX=hI+7il=ED=AZ@AF1OdCqY z_H?J~t&^eIQqGqdt2sN)n(g}<6xCTD%)qOWP1e!TTs9G#{WI+jBIqGmn8ZIznaT`CkY~Dx~}tHtM_xx)~@pvcE4mKxoE|;46B;p`24mS;vJ<()+s)uYNw~9g#Zf zn{ePiN$v<%^^}2+#DN+PTB9Mk57lZT$!U|=nt!NJ_YMaao>HcuRvE3q@JAcI;=+jc z|8U+qxo^%JC@*tv+L|;bb;ej%$uMOA74t91d|77O#=N7_Mm0;K^dl3c42VsfyzGKS zzL2@Jn3J)mo8|fsCui%&++Vfu!|xNf^K0d%;cEG6YH=$y4<~X2yA3} z-6BZ!>Nr!gZ`A6TlFF9Nie(#)?XHq)mu58PM4=#|(-Nszm-AT1m8tF#3sKsOL#OZ) z0`Vpo@8$sYiUE0WLjXq}OaQ5Wh1^wzc^mh?RvbuGY0&kj6!k|UqaZ}m3*g2YANsrb z1P%bJbr;hMuwzHl^a5M(gG{MMV#MuB0NP2eUcwD(`%a?}Z+lB$$0zX%^y1^xnB@H|pr*wW-n~EOA zH7181=9iN6A%{AJv~X6?ILXtDERsUl{Qc7*2xZX$td4u$=4N>Zw!7MPk6!|-w>x}R zf!}j=_YTCI9t2)Ie{CBCyc-E=VV^;XNyP9}}u znABzp@y6E!5`v$#EaXzzpUn5lfpU{?jBY-pV9X=<8CT4v zr9T|C%vYP#n)9y4x?C;WF*B|o@23|P)?&Ps7F|Tza$)y-@b{D7o48FAdu*)No7&83 zEq(DUmR0W;&V5PvEl+%W&Gdjg++G=rKtPwL>r4JOTT0L!M>~1siO7w=O!ROS0ZWws zunMV4iH0U-?*%)e|om?ZU zzDPRVzMpkKzQK7XAW%TsACqB61i_3B3I;!)u2BQk*z+!<^981)6yu&F??pAKV)u$p z5ca&r?GEXH@?03nXo?&vTWn8GM6tS6(lTY*-M2X{P#0LFG7fy)Om|l5!TACnN&5r4 zdA;tRg1@`DuZ}1Qu^^CBC5&?Q9evHAxa(W>_081I^41o;$zeFdT5G4pP5PJiTiDu8 z2B$wrifBo#FW3 zL6pS?q9#(OOb}PqaP#a_sS+ELkAA&hrk_nrYBkQR4NJ8>y3c* zLN9sMykahX2%Sf~MUwS{R|M&(XD(DenGD|_)BxXN6(1y4@9v8Ru5)hQY@Ortk8OkQ z={)~eLLI$Q-HoJyUgsB(tQy$udkgePC->!HEO=E*_M_^iD^O)|0hY~F>m2k1bpu5= z+8h)uoI`2ZIxr@iLA5S&83Tk|WONg_&`qvEkKf8mo^h!`8b5NNE1HWCb7g>hUXE%t zz%CB2U7+mk!Z~o63@%_Nx7|brI2-u=i9#>5Yp17r=3WE8)#00x$b?!)u{rXC&{BTz zS+U9Yq0^E{+)qB6de{imo?;xwCizt_;@qp8?^ILF<5cG$&&kNlSxaT^MzCANk>xqZ zD1knXix|yXTv>k@!uX{LNKW>J#sVB@Tf)K|rr~04Hz)pSmJcE}*ir>pHNm0j(Gaa& z1l8^wbb3gDm2TD1G318-%O{+uIVgy$h9*qSR*SF7Fs<&-%e^Ky?TxaK-QG*<+Dok$ zemNEBE&KlKYc|lE<9frRX{^XHLP1A$DF{Ew7#NW}m9N|0@{r*vdC>iZ3klB+4=Zy1 zEKdyV^l`nRJqA91J!W8j0wuCl^&mLJn2r3$(`0b6*PL`&BlV9SmZ zAd$qUAb=HINYGSBBe245YJjPyUp|O~SF91U;5iS%=hScH{Is^1cC^uf;Sp%0)ahQ} z%4Og~xa~4hW|I8Yfi%%M*HUUnP8ZZS!Nt9)U-X-@aAH<8J6{ zz?S!O-B-@u>o%}p`5Y8WgeU7>ebWCH$OGQF?@6HPL>yyzVf+r3c${gmaJ&rr*jxZn}ujQ2kSS4%(4QvgF9Exeryd?rBr7Dl2va8EG^<2d(Y?ShRHRo1 zjLgdW(>tB8ixbee(%`#o*KYw-?EM`H3F#^PM_&D=%yGIP0S#fNp;$UoJf*K6x;wxoaEr6GIZQZ3m!C~GOW_VGBh9wvM}S3OFo>THNKHF` zf!{$ZjPbeo1vgMa3z{io?}tG^rUaw)4Lm)rOa<`{v!}{ccit|1@pPRzo12@_Mvm}^ z$Uq`~f#qHY4%U$aS?!V0bx+U3DjD$uzBH8wi1z7Wlz2+{Qpu=wNZ!uEs$_*^!U@KM zzVqnd+OC48BKKhz(;I*U$hz+xf-$Dv)JkMJHBD0rz6+u`4kT|v@^x@~L^wh5I-m}uH*xXB785+EjHrYx7i|g}UF-wsG$T9)J#s7fYL4=e zqcwB|IicJ1AlStCAsf^IPAU`ukacA&9B-&7@LsN5r1fId6tU1nK2F#EI*hs7$0%rl zz5?v11-{f4sVK_cV=Jsh{~l~|H+T*Oe32h|#ieBhEU_FZr_TJSdH+5fc{r1y34eG& z@{0QcEVrCEWBE0jR6Ox}84U0T|7NC6AG<@$eSzU~#pX8OfiIPQKoWpA3jmmGjXDbJA z+A@AFER=-V%EbV+CXMdm;?u&uyE5#tJuL zW|T_lh*5&d%|qE04Qm{5Kj#5VJ;>M9AwIO>Th@QyGzIv!FNk#t&(fW` ze9D&yYy&h6#f(Rp{KS4zYD+*3kLoF}tzoXeDLf=mmB>orlm%$2JVf!Dbe7IcG*!4_ zWT-k0!3o=CKz=EpZLvz7+|*@Y{S;}rSlNIR7<=%{pyWN8JL(T7tWvYyc9JVOEJ8ra5R0 zAukvg;}s(*S|Oq=0Tvfl=zDRH&CQ9zZ~LzJ`gf6eZfAKyH3q^NvYA zs+|6NQ&^wv!}p)3cpkn_44nb}=!ZxQ<05%ptR5~Al57gA`om>kaqnUCBl@EAd%@u3 z3`y0NIrW&7KQ&;%7`^9+B)K(-pNsV3`4fH7@x35dNHfKb%1y6{dDJQ_!GjiolnAnz-eVnUa}glebOLWQnrs4jLRcd4IpePiv1|?^(j4vQBoD^!(+EAj74Xqi-|sR_Z$7$7qoT9rLF7nLbq4xS+#_<`l*ZWuC>1A*^8*Q| z&2QYC&QSNWB59YeC7p6ZKKRz74LAR3wod=IIo_lZx6F))?K1%Cpw2?j%MmV=eXEox z!^)WH*C7;|OGi;$HPVZmdxNitI+hXt9B1Gjaer4*?7uk?@wxuuMTSQ2cC0dp11BD4 z1DcmMdP91R?X@^fJc6KkWk}v$_-2Le;V3DHT2G`-O+W3n5RC$@0(%-6*yDqqv!!zVZK_ocG)xKLQMXg&lp-Uoi#5Tg%rEa=4n@qfkF5O%tB@~ozo+1_=N?BT!9|bwk20H zwZ460a}Q&qn<6s+W<0R4N2B$>>iuo-iP1h z+u8qH1`NL!I}MbsM{q9vypFD1@343@t*B@sE+{X8d)En4E_*GV5j5?wCJIAXvDune zY%dVKpgDHc(N{z6=-WCTzz#VUms*dxR`J37Pm1|xnD4ZBX+}uCR5EG+oOu+{CKP`T z2OOJY>7$M`Cqy_L|FvILy!gL@`Tx5BSF9tLg ze@J^5$l*VwVY$&wm&tZokx}*|ce=8}8EJCjfu6jhGeE&8>w`CThx|&m+Gn#mUAvgK zn+$v1-uXf}BwR3=q?biKT`hbdx;-9Oy#F47*QuN)qe0wU3PJt7Wok&q){q1F!^D~3 zS^F3|;XGJ??|Bt{Wll(<{%r%IvEGAVs`GavjX&h0CWKKn$c|~r%*1AtSiIBySCs^n zH5uoi?T5J}Htt(vB1e~8@rQ-%UwD7C#>Ecq%A6mG;rJF5iZ`=fL~}T@^WLI&g`mgi zvIbX)wFClp>T&`_aG-Wj_9JdK?W2rsDZ{S~`4h41JO4B$3!a3P*CVLSwI&XRs=-9d zuYHrtVTQb71Z`q6b+aet6B)N~mA5PzyO=Uda4weOL~3eoUHpL3e2A3&;3}qhD2aa^ z7^4rn%h+3Ze}bcXIK84$mTbqp8=I=*HmLpq0)%^3XqJ3_tBEfIho^IOWeQn9=gl= zy9(ze)tdET!zIU^ zabIl8eA<~9!lx8|Z%gI~r16SZ9@zG>74s-1h=#D2dlY3$%3`5Q{r|+69oT{i4*<*d zPJKmWy}A7o84-XHQ#XAQ1H!Bsh9;Lld0Yq`KROZ8i$JA)6B@@PJhTt znTIGdWon-t{F>er=`vu)dQuaRD1;qSC=N}Eg5-!s!Qe0$VUqpw^wta+UmFY4Ln($8 z^K`pf>{PfXDbVDZMVzQ*dqUXLiO=q`UX5c4qso<~jQvoQyYwSS>d54x^Jat)eEKn$FT*q^E~q}KN*Qn#uYyoR}-qsy2?g?J%WyCzZcpnsKmn$b5_*Z!KbigeErc`KPu68xi6^KP&iSJ4=;t~F z4MB-bM_^N4a$;&bmUjdly@PP}dW@0ps1&#Z(6r0&=kN{#L%hBt}u#bqd zCm0{@3Jv*{$p&_$DiB$oB-(D*2>%E|I1!zkglMg$paa*|(xEZ0vm2}Ek->eq&Iu#l z4t9V*%c+Q?k9WptX(SN&F(u7id6MfJtA#0u4!FY^Q4J5=u$BD|tjX(#%V92@`;urX zWHnR8Vo183N-6Irat|8NrM%2y8s?`2^xxOL78ccC8vwkygz;|G0$4*F~v&Mcw5B2Cu z?C%{--S9ekNzxzR-2n`qyY3!Cef(+ zFEEVwP!Jh8Imd`Qm??dT5%iM2rP;iW(|#hcd3L?9YQ#GD&^K=lGF1P6 z3Ug|LDk$#E z*X4FF;jwiv53h`4#clRGgj7ecpu&sMzh=V#0Ng9Nt=2Yl=+==#$U>3>WhRJp-txU% zsG}whK$&2GsG=bAK%RdN|D2Pu5Y+hCBq(Eu=~$A9p)7G1Nr+<<*uial?pa-4q|r?I zb4zr=EDW>^SVBU+K~9&ueM=O1Uh^rL@ zV+iaQPXVh-&0viG8AHv$3_U`jxm+l*+JI|b*=exkw8lFZbk zVc)INmzUivsVa!!C3=+RT%6mPxcsiPf>4=EMKA#JdszGAT@7QlH$cfSdct4XJ}~_~ zgbJ7HLvwv!4%X-1Pb}I_Z$(Te*tg2UZ0DUdwJqLSeX(su1Ee}45IHaemcrOW3ji&D z3X5#Uk|H`lAU2|@PkWl4k;ZO=d$!Ch^nmX}+F4b7v+Ka8i$69%zX{ZY>OUL4(%1mg3Jd_zC^`{fP+dTq zC%ctXB*#dGVSVE$tcFVNoe^1p0YG2~kzlt=vj_r^bemW+FAWuIu7cwu^g{So>1k;9 zcD4y|0A<8BmF-*XjQK4C0^8~nD?2FcM!Z5Mdqt0o&KooznH$5}gZ)&nr2VJoQcQ1ACi5StEH%8%)3@OT8bfBE2uD_>5B64|vV zx618#L+rB-hj#lzna{u@I7^Qno(z25bxRyr$yth!HPja?(~P}Sm^L_2mMX9#<2cJR zE+GdZw`IOrT!(fz2&STB*1Z0p{aeNOOU|RE@9jV3I23}G$s-RE21|3(-nNqN$PY0y zg7z(>-W+q}@t7iWL@2YHSl9G#cUy-&(?CD_*k_ed$e!S-4uB>|eWmEcR)~ToXNsmX z%f>=emoj8DG#0>nw000Qpuu%Zni)hiL_;B^R2<3bgrd{RxxXE^qw;GD8AMi(!{xwZ z^C7t^Wt}`CTMm$sBD_L~j7o*L6p`&l$yf=Y)hM#XP#LR|r8y$cIbKEvk>?yVBZJ7s zB4?zNXTvue$}JWZh&-?G85M{;uNWE?h&-=A8Wo558abhHQ*kx6!nT@o zt>+wEqY9B{6=9Fmkk!KZfBZJ7MqHb(Q)T+MeRF23q3%yZ}$TN$- zQI5zn3&K&3$TN$?QI5zn3&)Yw*`IMt4hJI7Gcbn(k>?qmBd3q77^1_m18yNmM{`6r z8>eIA`}-=0Y$904HV`Qf)=`JZsu4T3A#PPh?8qSUoWpk1A@XcucjS!N&o_WaGen+2 z6psudtwVXFOZq8-c{I1iKSewb*Dy3ZXlSk>KIfnwSrKKkkv-NJ{4zuu?(A!a_sFf8 z4L{8h*;I^=O_O33L^c=bWAoUwL!?!-kIYosdc2S3$J4Dte&i6@a?p>;kRMs^ptf;8 zvPb{hj{MP_BCUgeZ*^sg3~RL}Y6*Kw5Y{tQ7_%w~1^%5J+>bwRS9!?c&lL zk+lPYY#ot?Q|mcL139FkdAjUqraM`U}^L)t^V79v{; zA+ixH+E1;m#1YvPMH(*l=NwGLiO6$|DB?uqIffN+BJvz#i#QQkIlzdu({CZfNc+Y9 z9HWdl5qXZGMrtYYT;h$CQDg%_M>f7-+9UEDBabveM4j6sr4qOC?DY2h&N zj02IBBJ$j#k(46x+(MF+BeHs2lH8KnSa6Kh5P5FFNy;hm%p#POQ{U`Z(=&oF9{xE!;>s6kjY1N%@loC|M~aN!xfKU-U_VQd2mz$zCdv zHX1}Nv>Jc6NHmGJlz*!+P{xzYf$RctiaoXp(&fksR;wEZI}s%d#OEkpClquGpc)_> z!UbXx^lA^+?RL*eh&iEx)h6|UVb=Qmy)Pt7mYl{L*;s}*;sjtHg&a?p$|))tmv7Pr z+nqnA?5qM=>D1g5O$V}(yjQj|nxh0wd33+}0c$0)I20-YyNUxO&$btkE|oZW83xNA zDOuDjnz{`@<3L|SS-?Bw%*P=8U8Gd4Bw8%$Pbpad8Qh9vFAg9DgyI9O5~8$QdNcd|99dh6tY5fo)~sl`XN3&f+OloFW-E|& zEZj}3+1wzkzic-`S;xX%bIoo5Psg&|2(pfa+hWZY5Zl^Qi7c{k^-;JSk}yP`G!k5s z6Mc45<^`bFEXprgAB93{Br%^6A#reZ_9I>}>?3uhN1eXx0rc5Jkus?qUyQ+yJTZOu zrod+#BU`>^ZDh;XZfU!2%1Wfa)MHat>ATucFhX>J<;eisjMDoxXt-q&H`h^czXol# z90oOqm37e~X(Qdv+EH!a9JN5bxjed*3z0m?*l?i_X7V1Swwy<)^=W1EX4#b|P==Tc zLD#2fh8d?N?%pcMhlP=9rWaXrUbX{FJ1an5kC;!qJ4E}KIL?pD5sL^DYM2wXHi(&a zwt$#9meK$A*c=7sWTp%;4ri4&qnaYd;SB8H#Ukc%>T)<^@+h4mk1Q549O;TShevRG zaM1J71jDd*aL}V~O-PMO#C$wMtRhBiQ^Zs|<{13}E&-dv!*}nGAnf=1eJ~0TWC((advN1a!$AE6a${{SwKSV{FT8}k$gi`N?oR$m{i^&&$z7V;L_0H ze2}BmmY$sXgHE7VvpVd$Ls=4BkpM{@N&N8x4t*TXz>e5%Fg4*K#v?J=9tgeL(z#e} zok&b*Ljy))zqtBgFqBpc>E6lE6FAnppfMtlN|C~%#v}oc;Fmd)yAmgQ&I5H_L+`cP z*aLnUTwR=Ad^jq81DF9HMHG2*!QjyL3%x(+A07Z{sg&Y(9Kw5u1FcKT&+n4Y8Jega z^IV^kuCr%8@vd2JSplnASDtjMtnN(Bu$HId^3DV009uE-(iNKW%?oDbRuVJ%3HVLy zBLL)6o+lWb7z{RPA1Swml!9Mn1!)8RCafTq#ltwF_6((OUEo*SI+}yO8C!>t;QI#$ z{fuqn@X)qxWWletXyn2Fa@LCy@T=_>%}0MTc8hWwMFsff)(ORVOn|B_n;|MK5e4v- z7^nBPDslW6O>v0q%b{8VH2y;y1;0csFM!`9zYs{TzqH6JG+KFsXfyf^!v6vH6$=-9 z=}p~lfN2p7TZRZMyHwEze9Ii79b)-fuqW*`0^b?wuQm7=B)lSo-);(g-QMO#ze&0s zd-7Ce+^I&Xe$>|nza;WIc-lNWWf>7_!7qvT4xTo~_$3kD!PDl?DU0In0KZAf9Gml0X3g0U>uJGxnk34p;XE791=3>fH%X6E z#(B1t!=wf0X_6GDl=Ex}{?$jnjP*QeHk=lmr%3{w3eK}F@SAd;CTVYM&Qp>3W>X?h z8#_;vWH&XOXXE)iS}ffrDQ?O*&$jZAtO|aq$n&(hZC0K8r6SMMX0$2GVN(ZwsmSxR zd2CvYev{NS_Ib=xWUpyqC~1c>a@Mp4zdB8g4gOPPs%Znh*;iClsYQvot<1)m z>`%tlmO7KH9zyF8-2TVGU%qQ5FxNXOC1>_cveH!Uy^XsziBmIm$5G0v0+SH^)*N)R4}5e{bw=sFZpis)s8C=~VTz;7(?XTeWyX5|l*tczng zCz=8#J9_I%f^l9UbxM~sQFFT3e(oFaamW$9FJ2oG>WcaTAO{a~?9G!gPE)YR;Ya?u z9$Tw}uK>`pz0=02Qo1Pwfo2hO|iVPOpX$H8AQcDleg#?$xkSA z$<8cl_$IWMga{+xt_Ix_X7r|MRT z)Jq{b*-h8-3fq+h{)&A6A7mmyE6)AAldHM_tNlPZq%*|R0H7)g9aI|3KgdMY#G&QP zRKZ27P}iru&#E4}|*PE5D&g|CGgL{fJmW7e!B^ue{=Hp{ebH>$-v1*Ra{ z9`I3s1Ro2R#rv@g?2LY9yJ|g6RID6@s~Am+da5CS`JRAHu;?OclNblQheH7U1rD)H znSt-caFBojJOzm_vK-rQzx@T$5QnpGzXf9z8&*cX&?GTy80(BpBm^OPFmp*Ej6>jw z*(9SBM-<&-63cKKI@O_>Z4Z!X^u<0&Njy`subiEF&h)`)Xm|@ldw>MKj0q>3d|61SOS}WBal++ZV-mRTL~C+xUn>9I#Gj zpwrLbdlW4900jR%I6nhZYyu&ulmb{A6Llu7B+G1?DMYj4h?0Bk%aGAndYel+8O|a> zDq|C6Orkf{-S(Go5tJ@}F_o@y^zFAt;J-;M;V~1`m_R>S?fiYm`mx*Tym|$OnJg%R zteI(+4B4w!ufQjruLb-(2B#Sh*pwzd@mOC|LsBL^bK9SjhaM;Uap)r|6al}dQ?m3# z8$GM!Zl`l9nG55TgtK62yVn{?Dd&VMR-Yh+AImrxwlkm(KY~IQQ=~IHrThW-1SvMA z*^AB%jy;)Q0#8%34u>-VmC7I^7Al_u2z)%9A}U%^-lCn(4{89^tTr@-auqAyB3n?4 zhuO!Hf>p?3_hO-_3trM31I2vk*_Q2g4*PfMib|#S(6C9|s|#aDoHO#YC3j zDf^0!%7~7Cl?zhGAX3Z@ivLN*mKx&Zxazku^|d`?I-LPm!YqkEfbLPSCw@|?RVR%A zGWiGcjO{>50(xyFy@=H{A$(o{C<$pPSCEfTgsApS#lK1zOplPFT!&V(D$-jHSH6rS zfezVzm@F!1S6U!3 zoHDQv(i9e85HMoEkz0a*`aw(#H_k+NEfWrycJ@>)FEuZgE&H8}{Afuq0`Wj!IK1WxWM5k;QZ?!`xAuPh^kp7Jv9 zm<7EZ1z4@LPUo6{1@TS1JX^Xji&4r55_}^N?Ir1F?ACLOSGj~+vZi$-A(cg8=f98L*c=zFB07OJe>O-z|Nc`)pj&(T87 zNeKW;0(Mb+FSJB+Eu~^FxJ#~U?c;DtA>%amcubMCvF&I0%f4c6J=tYXkL&)frfOQN zFKU5(5Y2Ap6R3WP{hSHmQnh#vBOxzirez-`*)VXM#CoBpps9Cx@OwPe{x(6&13; z3YsUdWj+Z7AwgXXpv2!?7_dp;z%rWsG=XK%_dA`_Fd0fcjTr(&-lt=VOC{Y(4JrgC zRf(2m&S9iCX2CD!`9yDWR%kXav>6g2A@&<#Hb)ViNIf+QWlyv|IM)n-M4 zn3@*4!-f+h3uV&72Brr%ohnke;WIKIU?^l*>X$EILn?}g*x7IUY<{~Z{`qHcD>n}LXMgtVt)B4e(u5UMPSO7QY~1NwpN$OY_^OO&-nE9`1IC}G-e zLCinH*jeB1<3}7I8Jyt=4ATmdFN)XY75|EsC3Wx6vaEi`(tG6~{fH^!d*%kX(g7qs za&;;+5-b$AKI%vt*zN7DM?yvdB!3EF!sCHyNw+dXA)?sJj75(Jtf#;CdO~dJiFUv5 z?~77>k2+rqq;jvJC~II5$Xw4+xRU-$$q!!tBc&BWj93^fd5oXP0VPq#(&OZag>deDWfbfNeaQT?9e~N=3q)t+ew&L zc4o0%sf}=@Huu4CEX|Bi2(3L8s8U&nocp6Ca@x|TvJbuc?mrIS>#!y2SV?p7>7Pb$m7U2EL7(z z?R3;0p)|G3mCZ~lPa21EQE5Jv_@%&1Sl%6(b{U3tJLYtsP!N#WOaNuPpmx(O#3w?_ zy~j|o;xv`2Vx#t6IL3=8SZd8*iyDbH74$r!hF_~KR#bnL! z${qdhQ3se@txWvglP79NvVW~nh!=8(%b)hA^zA6QyLkwERuBu&UF1wI{zA#o!zUTQ-7{FI&{ zrEAtY1tC>U7Q4&fY$2TEeZLKGw_%Z;i2N{P{uAc#a2`PZIUCyK&+bx>`BO`0^*;lk=l~A#-_mv;tJ-z;ktvikn08rH zqvGY)UgO?X!}0RI^JmAf{JA(*g;yOH1@bUGI$nv2cK%^gaU4&2o|yxWxmSm};%YtS zrz$8;-wck))JsmI`CKdxbq)t6C?F4dnHaa12r6^7gjP@GKKO||2oY!xuy~>?A4pzu zC>NnIN_#5Kc`ld(WZ(e>LDnE4#S>S1rmee>JQS>anZs!!FA%7$O>!1>Xe3yGXLLq= zJZ#ovqQ#Ub17e&kv!!$ZFo)mYbHup#(J??D^qZGGY*02|!Waf*3Gt(%=kl_}o{MGk zC49)?1TqDiKdI=qtYop*d`UScPn8Wmj29C`ZKln|)adECfkUw`GQ{?r$G3{Cg_B>8 zNCz!h70Y8vA5W*)iv!*VgAl;f`U)P*gt3lRY%`6LIPx2mnA&P4naQI{G@x}!!6Io& z3OYwqTE`yXa<2ftaazbkU4ubj4ndN2D0k#EOWqS1JQ*hx6&zz^);le+q(T}4T5fbF zJC&JNHC71}{Z6Nt_)n&wRbr<}c5#PLq(n&BwMPkK)>*V=fE4U0G@%K_V15{$?18~A zW95CZz#$ewU%z9-vrlR0y1(zdN+;_sU@A3)W}wQ%mE>Slc?^BbB+=}|fr+9C1EHB{ zQAh%gL+KEc92!m`4&=;UhMrc}Lw{mYy+{!;2&BIW=4{UhXL1?Q?1`1kzOUjkB^I_s z2}}>YHZnJiwKdrilqH8Sh26lsC0w(gDZl6PT z$M%i?5~4k=3hn#I3m`>34M0zU`bzl=_m(8?P0$R7yNOd!X&ygLbPxw^7R*L(dvP|(PoDwRpOC=+J1B2j3W=AtK zFKOy1b=fg?N8PwpC^<;$hKTnkh{Jw%ptD2x{lEU!)k$mq);$tG7*TFFf9oFot!tt5 zx9-3H-Bk?u7qJm#heD6El_sj5w49>p@o zE(H3X@iY$1Qc>&eSRbK#(y^UCAQXb){$kF;LLYoOma!1Qr5HdAgLJ6~-l78~3Knyd z@DIJSXfrU#HQp>q3^oblrf=^3hqZ4%L-=jS9JhNYv5w)+WQc84bJqml25P7bo zSFWDbiRoIhSV0#WYvqM#znoi^HT|knFXb4A*a2cU+JjYWmMp`hF6cqHd8g}G3J7Hy3`0u+g=A^rqFJR79BrDsii_)iy zvH3!Yb$xHXAb$3%IpkD3(unxqFaY&kQY|$bhZFnYT`*hw;N4WQPsac2zy7NalWVDo zSSNF%{fLDmn0MxZ6B6?r5Q(AEI^rm?$2o)pkAxnIILkTbK*sPa>_x=y2|;iFmFcYq zL%#<@j(g_KZoktRFnP|9Dn;4jXp_N62!A{;k&FFV9$x77_S7%C3nhTal%NULsWzgQ z%%@aFTr5hgkU3}Kq6n$#8f>xH3$&N-b!vCeI-aCoM0|6zSjHUXw|nV_kmJHfLe+PH zP41(mhN{i(nvz&B$T=Zm_H{Z{vqC#``3MGTohw`bqLfg<`2wg#2F*IZVbc8`B#JWl zB-bX-_6lY(_EClJmy!hn;{_Z_Rf7C*i*CO#7;VGwh*I@QERbmK4wC9Q;p@M9cpL4qqQ0n!)aLbU7bL zFKLPGAcEc;nHK(k_P({dZ5vy3KJ!=L(&>qnTC`+4&Wz{y+~YXu)T?dmYrDys)AZI5 z2}!6af(0Nsn#A|F--QEP|{^WN4 z?nv1g&ZVHCPBU2DqML+$(vEl%hgdpdCZd{d!jpzwq5(3Hm$ncHC=GAwQUG#wtt~Ki zu)TeAbK^k?rAO#!J5;6E_KzpWZ{Je*wL!uF+hYJsvn+JuIgS z#wd&tb-I9~Ni3utrwfMDNNPx(t{JH#K+#G>QC-DGeKp%2CyH-#XrqXs*6y zT1M=y_OKm3kI?}L)jT@0>})?Y**-mMdK#_&mLq!ndkrAy;r>_{=bjs^XKgsV1_3LQk5i*@M7OT zoCvh|V{`ysY~S8Gjwt4wBY8^(yzL0|Z<}Kb}Q2@~YMo4Y*)4 zz&;1=HJZD?{qFSC1+Lm@T(B8p#)13#=-d_m{*T+~fbQ+BBcb{HxogzDH9d$bvAp`F zD0m}XLoWO=3Z@~BMknerL%n`09gBp7BduUnB^3GSK-+LlAos^_)e+rD%j)TZYcxLq zpFaa>&3}7qS>6#Hv_{C&)@wD)gN%uu7!{SC;huJB&9o%?5nX^U;EyTcDF0PdM^Rv2 z-yl31^8?U#%!h7q9;Nnum3b5m-0eK79z+$h9W|du(ZYp}0d|S#Br!$)iso{`?5!|y z$(#vhcY&+8jDcvgcbWGLIJqL((Usv4PAHNF?% zUao+azI{8VVsAblF$r?(p-(0;iBQCoxsVB}eiB5hf|I$xd#^t)K zKrq98mH+_`4pWN*7kKH1q-+5QtBM>`2NVHaerZmzE|}Udp1jXD+@5mdB<=D*PVQ!Y zE>zSjZ<0Z;#$pG20TEVqeEnXQO*KJBgo8~qiTT_@S|?u=#1uz-2wWJ)IdhGq(gFB} zxi;nt-C6537Z%NK;%y+pii#)d)$2H-%1st|E=DHt2MD?@=ImFs2*C&Qp99}1dtpEJi_WbX| zI0^UER0FX1{NL~Iyxhy5|6lFzKb`;Y<5}YTZ$*{0ZEJOaqbhdH5RO=J^!-t~t>Iy^ zb7}_#n}6~j?KbR!3rcmZVv=R8zs;8D9oumJkk|B zVi{I9xwtddO#xoBtE2SB}QcHjD z`mb{1UnlB(N}}J%pdr#s>HDOufe_G|p~@6pA9_+(oQ4>(Dl|q?fA8Lj3dS*8E20>O z91W)-YrIU^HSQBtdgu>0rXp}H>>aWs>3NC6RM-PwL;;d>gz-0@%fvk2=r;t z0)MNM9*l8H_N`D?QFDD*J32ejd3GA&4#wD2XpX|(I#8&?v9_nb%DU@A4Th&IIPIEF1G(%rV`O!S-f4l6LXQ^1vm97m(=*^VqygWN)eDzw&CZay6h za5_aMkh%0km&TtaOfhC)*W3NpbB@3boU0rT$iJ>AeFK%bCyuxbwk}QaIS!KoyWXzX zQ=SFc6SZhYV|h!*0#D)>W&@D9pKotn01_it&$v(turRaxmSI6D8lg{8u`B&R5exts zN;T}T8U}EC3kJxCQ-)N_I2t8p{MSfX$eOY^0{^+|?TXz;#&49a5w1*`HiSNs7#Wgj z6u8Qj#&cf0xRjx`DVmU(Ob&odkZuk`GJ4LW5C3EumCeSB7Y&7K9lO|qHNy`UX57!4 zvtN4Mzx~>I@yq|c{q@D|?K2l_X3zt^08TDsj8&jD^`ad~K8vXBp><{dj!#?tukzq( zZu|9@di$^4{$4+)|J~W&d$Rw(m#3NjS1$9HI{k_y0kzOfjq99tB~|xuNg&`%Ywr=ILMPtCf7;w+Yj;< zDTaLPagv0j>GfRT>d2+$$2&MdE^vn!g@LT1igtTFH{G8L5ccm1!hQ<~`w4^vP&BV< zAHk$~R)oYJR&v!=G9yJ4bh4M)LMAvjcEd@kA?Zu1<4fjy16`oEf-W#MJ@BIdfDEnD zIw&{OsU@hCIkv>+qvJ73(!<;&1{zaxV>U_Auek{Ag5%^@+TWQD7p8r(D|f{@l&05r zc~r@Z_umPQ1I+Bolo{j7aW?fZvk5=M>FgG1ncj7<213-I>* z{PbL<@sa$flL{I4a4NBo@^6mGRs00ixm(@op%x`GFWryDWRGd^ax_Dc4sk<~of}By ziLygLP2gM*K!i}B1T#KHbMy9EJD(OZKmlJyNm>io-%Y7>*tA`MO|li~&nn>JU_DOC z+Z*ZNyNdj}GW>WqnHOE&xEL=n#BXwyw7o>8Sdk#VsDMoOeP#Xhtnq0p|Ea7jYnA`@ z_Ioc2@?UT7N&dT!r-l4yXX#!r z!I9bzvh8ps z-0otJ`LLv+l2O~88^gSB*!DL}{O9IImY*LBnoQrdib74YIuO-~B(nrhD#L-w!wWV8 z6jLPA&>hI=7FlYeC<+ign}(sP#f&njvw#WWw0Mpc5^=kd8~R(--*!4FuVgJ>nlMfV zDob>=-U~vO;0c`O>C+|??e1Wcp^c+%V%u2g;Sj)BhVIS0^-761``W4zJ-mAR+cemGn^8de=r;YvZKXjl~Fo6EG zpj{NHAc|0G;CwQPA(si-lN@-Kf$-7UiMf4Zw(7UIn`jc#y(E0EQ?6=FsQ#+|(%;Sq z<>@#5S6)APW@#g>HWNjpSCJ1*C4ALw+qFeMN$u^Eh?Vdfv&}8a|vm< zJK6Y2RILClOipt8v2NcF4r^}0%WTj}FT@E2o9K^B<7L)LononK(<0S@HS=o0wn-uV zt`ZYj-{s8aug~>2>2zGxph|~yU?1}YtDP|5s;P7feHhQ5QUEfR>>5?3K^*aHYn}Al zFeH%g@8!Rn?j)%eJNzO@tYlAHY#DH-ObR#^8@9F#5bJ;t?k?vs0`fjXreHS_gBvUi z<~I6Fx8kbZwvJ?r)ht5WEU}RJYikRcf{Ba_+q&3TLm_85D+@ie;}9|?SDTgad6H|b zC0>iw7aJh8NAI0uH$kqCDDO^S1V{2lLSJZE!P4aFDU)vEQG^1=&W)&Z#3z{rG-B-P z&N&*Uk-hBRl4!V7F>l)%$=e&rgm&#_>L*vU{gY~1Yy*h#^i*cGRH2PC>$ElS#V4-? zy_#D}wN#BE`vJ{CrfD~i2%Q~3U4>Aw%r~l5Q#|YM$V1kJ{sg%ldwKh_7^Ae6|Fx^` zI`#kket##g|9`pv>Ph~;kEezH-;(8J;uS~(LEBaheMSj~_#JS#&6OE3k@#_Aa|WooXo(x_5$A*~yL-cXA7mfdfJ>}(H2{Wgk- zFEYsv^bv5sb%FbvyZoSFg1F%{4CmmFDGc!ti-SoV%fWii2c%k;<+XY)&$$|E5Xc^X@{Fm71^^`5n(W85&zK)ktDwZ{Z%N3NDFvX+|%A*U&D; zxhPmTNE$jZ9}`;X=3Ed91sdVqK0-c=v_(K;dbQw8(4kt%Zk-9NnYXP0%u`{eHPvq$ zVq1Jdt|h`GPx1V#q{Zr^w4%mzcot!rs8FICt%^>|X}dgCQk8kHgV`AB$ro;X#kl|` zn^~+*7jVqNQfpwF1U=cVnzByb?lsForC(QOrP5Z{%~D4)o1JAl< zQ-k5>EJb3|4W{qIx$ zkNbIA$p6Xpuc86HZ7$e14XtFhN^_xlq5WIR)Xv#5VoQ}9iC8}rx46Ka%#)vsE_icI zb-~-ri|xesG*5 zthYuIA(@(z+^8D`%+12DZU>ET%%)7OsxFTcs~w{ARG;qd(&DLb@0{MOsrr#EVHudc@@=~) z`c)RS0ZlPrhF>lSZ1HQBLO`?!l zFJ#qv_Lg&*(5PtO;7|p4&#-L?*JQ)Y7WgJxBWrwEY*F<16O3bH3~$*-3Rn&Sjso;) zQLSeQ(A6f6wajLksOPoBfs;@`5vLf@t( zv-+Y(nr3;YFbc>dL7ZwvO(*Dr*Mx)!M%ku5jFI%%<-MBU9bXgbwil!!UG z`A|w6xiCxLSq5>C=C4ztjnO@^=|Jnw>->{Jx8R`c$PDZ>kZ!0t%!$gvs*}uV4{6y^ zmYW6f_QmF)7&zI53RJ2VsLhihfF&d>`XbZFPLV3NaYK6syU&@fnNovM=q0eKdj-f# zx=CZVNMcV?$*R5}V~G5+^^+o4MENQjib4pL{SyO~ZN>v-z|+G|3TqlLl=XuWQS$rf zl;ec9uye_VW|i(#Zh&ObMw9=e25CmQVxi9T3J^Zm}*!` z`8w-cIr&WsOsU~4JB*9k3VwB77>x!P7)+$EpF@BO)-*7tv$P&h*C^#APl_Y3)7 z#OJ5`zk7Jv$A7V-30x>@0Mh5DbnVvU;)?>Q<4F>pOJ0hXXydH{O@qPYx=N3D`h$c~ zDt@iTz0AjMF)mA9qpRKb3)SqrUD+NF7gt(%Ng~(jVlDk?6a67Cf-*%qIn}b+zwI*0 z>G7lc(X}HY*fK?3T_wbnLsmJOr;X(CJ#E+jG%7>$9iV3Y@9p4$Qi(TYa@WLJ5ELD!AD<6+T^TiJT zQkFf;uCnRP67|VH;Uw&o*M3A1K-%)Z(gd#8|D)F{#DCt~f3p9&m!}2)D`$Qjsd)L) zm6j7Q5@&gHvex%{)hmD^AAMChLR|Cx;v>BYdaU2dI$iU!;kr=KadNtzL29gi%3+rM zU6Qxa>^-C=Qz!Zq6UucaSJlAn?cuY{>*)abJe0^WN(akq_w(m+17r0y)y(K94Emf7 zx&-{rNF)}=L-(^(dwZgUa{9l$y>-DCFn|p0?}4riN0(R7yq@AP04SP)8Kmk8O&OR# zWp`gYb2%)iX){wXnRk=R;QG19HD#$lm5=uF`K2D!P=Qy zczKhUOQ^qE@l>JVRAVJZqpz~88T8!L_D1ubzIJl0%5uNqr-R>RPUYOyLQ+i6X3|r^ zX2)u$TXIPgE3b=Y;S@t9@x}w$2nr z0oY756Rt5lc7YYpyQ8Cj=3{ezQTM>#;V1xZmwx;heEaMR8^fKK`viZY(p@}l zA^#>%%k|%~ZQ1_Khm64}ps;2$s9FDC_WJv|_5bC5|LOkkUY-`~zqSHG;MmN28W}H5 z83d_HQ&>px)x=IJrKqIAD&>#~{F)eY8AJZ;iJ_VKN7lncms2Jm>0nJTbc(dyhp~fC zpia~utgE3_{Td6iGV63NF-}i=GH!E_rF97vX!XDwb?Q4%ktZ4l$&2%Sk}#v}IHVJQ{POaw9b7 z^S5wut7R1vIb^|d^#IF8E!Y_ao0o!UQB2+pIBiq$R^HFf=(}^42#cC*+|arvUUP0b zly-A(R=4s=Z$25Ood&aDs|u@U#0+c!?lU?^vGP@zd6#LtSH-)rhFA053g`A#U?hk{ zR?uOAA3gWkgQ%JFJeQSCXZFjJiRaU^()n)!DTcwIRux!t{(H5*laK%Sa%cbP{C6+U zGUvaa#Js*mJo!lv=+#brrjNTh^Oc~q)rrs4*UiBxA1{6A%e7U0 zFI8(6tXsl_ZE2enOr{fF++0jTK zZ9-Yb8Mi=iWhdmUVWgc4EdxWRXyCqXC4|9r5y@*+L*(u4?cu8gLiXz8TD;&cKtcsm zRa0L{`36Lo*17{UmBF+aV}BM!PLmyQZMvK_3Ik2xUP75;nk{K>8AVRRX4b66F@tC^ z?@Ow1s#;l5fn%C|vZ8KLeDl{a_DZkZvh!e{o5)P}Jt>aAHZC-}F;%%)=Y zS2?RG_%$ZPwHj}N=Ytl}=GEPudZpb-U?p`OC+tD7C zPL3hoKqZ$hOLfXPU9thutMXljcsB_vy+#e32INWi)>PP7pYBZxUxT$A8ympAj7~r| z`*rKy^dMTy`?9*XidI(Dz3FBjx$dp8hNen_zDo_wn$J0vW2jTpSPZphct`{{^cK3SGhgQwp%d?XHPsabRcLc4o|9V--|NFAH^W^_|FV9l?zxl=g`EmV< zzf3lXhgbW_LEfq5m+aw=)O>klwo~%S+G|nq*)1(;@s$B)X?ribl_zVjCu^_b314#b zpFpYg(6(NgmGe<)l^)pAOA+9co!7(YnripF^=X>cwei=(yvzwpHu`nznB))|&-SwV zrP4N5)h@|KAGvO+u@a+Nbh}Fx#@(>j%9;zsS6{h3SGgGd)y-ye6=AX(K5jd%WuH~_ zKWX{JN}wA1ul{~P|FhqF^8dS^XBqv^nVR>zPy$&b^=LFfDNNPsptQ_tIw7mCyHO04 zBe<1z$ZBH6Ffb)8m8yu6(`8cLK7Q4=Dpq^*mZgf0nm(+v(gN$E^4>}nD_(Z9c|dJS zu~;c)tB?7`;??Kc65d!-h?yc3S@nv>kTsF5sL-CpboR1(gpw}u^RWQgZ50X&iL=oR z+^u?H@yH&NqG37lIY2%RP?Fyc3BbgTsFMY0I2Y}CMPi#WM>jm4z2a8fvqJ9=+FF@( zt!1?LV7jLI9kiV$qP{(Aqf>~gO!eD>K=Yl{8_brUluaP>&HS8Nu$1eNI@#eYI8Rsh z(YE0=tE#LawxpQllvWEGT2XUlPuAmBUm0abK_qNB1r=iD9V$cCdpu}7qB~hV(xN{n z7oznmh?JF!ths=0fz4xaL1fJ4bSkS+5?feZZYjx%yI(OCmyTzB ztDBAJmMdMp)taW(yx!Tp#mg^wrDxl(m|QByR6{ZqBoXJ>+@^;`1Q?2%upI6iPsvhn}*;_zn zGqtR$)=VQ?X>gZmxWKs*bC2AywZ!#rPZX9lz5k;rARK>0I6M^ip-KcAX}>tUQSbk+*YN1@HPG8d*8TE&tugY9Y!YBF{Kzv)`b zeOZ;AWq+2Vwgt9xcFAhpc6JG_?6|d^oZb7^ueh#LL#YLJ(OzA?DYR2QmAA3t$xJo+ zC{<2s$5Xi^%|T3!zA>hyMn-R(cX-BHn-o&L?N?8;s$gxk$=sSTNsIN3BPRd zIWrh#N}e+dxZ+8$sbvQ6Ux%Q-*J(TxrDDel^k3SZrR=hI9GFM0Kg>HrH zB|6Y)L6_V+^3X08Kk%@sdz)hgdDk%GL!Y0%_GgvzzrE8f(gM_+|M&KH^XLEl{{E|{ z^Z$K3%N+mpaafd*2mJvmp7oXNF3U^CJ|@wy*At7&W?tk=lK#q9Zq->oF=o&rQn%OB zVsb@q{q^?NPkL)2@>NNCD(!J8ZpwyGOo5!61`u1Dy%}Y>lH+o$(^_+4BoPU9G}2As z$dXXJIh=$UZ^!hoSD{Zy#fnOON_oEwj8KFq@mDK>K=AVDVo)?$3BtbI_0`R=s6=IP%ZXG@o z#q}y6pny@}iBnig8tLp??+gM9n0OrLnnv=!H%8$Ek0L_RGJVtmo)ls0$p5{UJNf*- zz5RawN&df&X9Ju;E>MRD7u}Zsniu2Iw)n^V$!5`Z z+Ry;{*V9;@eVFsYV>hw$!W+PA=Y_{7vGd~pIUC?Tq?k+@IC=AyIbKZ3@5twlhXVw+ zRXIw2cf1+%Nr1M$BCSLt{y%?v^ya6x-XvJAkH!4I-+R@6mF55bt5+1LP=KmPsAx#L`2T?xtB2~dop z07X7VT6!0I>w#`h?(Kny^GbEC@> z6mf z1G(b=^22n1U>viwwQK#x3(#y^kxYQ%kjy7SI26LFYF_?HhCov0v1%Vjzz?U4BdST~ zj3RmbW|$-9I9(w6qY>hWfxg%O+qX_vHL&aLc)f2`9dRy1q78vX1coFG$&DB{hl3Ew zD_3=^V6X>g5Qp-cJ}hbK*Jza{BR+|dJWK_6I7Cv=Wyn{D7SZhnI2sOdggF*~ei2ZK zoeu{n;&_M=1@`j=yg|&TSe~pvNRqc!O1zc$^ zfeEI(hy>!eM~3_gd;#Z(PiX`o5HEoErja^VXGUCxt}o!qHc9^O^wib531(Dv?(3s- zSN!`wZs!Ut1Z50qkO4)!xNlHm5*VZuuo9ENK(Z}yemT$ccUgd|Y zXJ4$498z)ax0YjbBfF{g7(c{fjWjMhcnHi5z10K2OrF~r;vG-WiFc*80-y;4RKn>~ z68%mFUb<^vmB9()n39-csRd1n%3aB{u*AH#fHU3u@}M?_(`w-k;ba_gG@OPE*`8}cdUnJr%1ZN}wM^jFi55qd~q3!yq^=aZXk_Fbl$&@J!R<|ee z3?+{)vve=q^>)8)hs$a>r3m$wQbJn^Pj@agt?Oxh7HZaN3;FHN1-ErQcLS)+3P{qK zH;qRW1}ODbP&asD?K|P%28SU)5t~Y%j8d1A5uTw)sjhF3e50Ba5+zhx2oIbL!Bu)^ zs7U^mexB4(2ESrzyRlftW zM;pzJClffTKg!&fZeZ!Bjz{iGrLgp4Q!bWsqW)JZNs4_1Dbg8E!w|@lQUh3=0Zluy z$T=b0O%6TAV2O{B>I=BWq59d?7GMa0UrtQ5UpF^o8A=H6Bu2-K)2R#{=z)>}#M3ZT zJ_+oqbO3LNe~qZ3L2!;nm~lD>+Ku5IoFE1^0~Ax_Lym$2u|a`s7ZgPSqGxGG07r}? z7<6(&Pne~0^!=^sZ#$h7H`%}-S7ie)K(+kvO>mXeS&SvBR<`~@maP!#Y|>8K@eo_~ z{jD}@d)ldH9%6IQCNHC_ls}b8i zQEYs4c9KZS?WWyuEmMaTV~9qGo4h+C(%@_WsjC-b(d91&G_x#n$j6uS z7+qNdJfk?`%y^RM14gV18Z)ru${z)5;H8oy$0L6hAyrTGaR?a`JNs1?QgN=}T9Ny2 zf>a+-{*$^vJV$>_5#y;`RX}QT4iL4v`r;A5C?Z_D`UpO`{P6-XJc@KVJjA}-rsd5X z;^x}U@T*-tVSnpog;-`Zi)q1HnHszNIqELQty2&7Sznj^7Xs9%5+DL9h|Tq(W1$71Ar428(&gl21rGsP8~ z`Pnj8ixfIiQf($4u8T63zvfyOWz^AxvbsS!Ws_mS079#flBhukXaS+L!+{Nog@dZG0~knYPi?Y{!!VRf@N;It+6)3YwS~J&RZDgi zhf}tkEV+m?_33jlZ?4FbU*V~%<+FHUS#d%63eQ(9ADbJLVZFUBTF0;adZ?}N7tf6m zr3#_KOQflMoD9AAiT&$hI+Xs*?qr_)v~?j;8TK|)|JTh8(;(B)I7-xF>!7{@`mWJD zxyVV-r`;{CQHu+@mC%<&6PCxSPu}z|~fh!TYTFl|i!UyYCj??YJG_hA0~Gu?zY=;4)50 zG)eQIXOvxKt`SYl1PEe^X40fR z@gg&*HRx0IJy46ja!ahQ=`s5-Clrp*`fM;CX474t<>tfedKqF?Q{wp{WVU+V*3au{ z15&k;Qfn;4G{#ZnqwnVF@!iuZ+|lP!qW;;R4#$pT_ExEP5g@i8Z5sLSQi zohla=WR&RblGs61T@hLlVa<Vj9Wtx5KG4$sGaZwJyb$< zS$!Uq!m<>@LlBXuYf9V0C<@irXx`5bPKwfH!_%wQ`_%V;2^0T^H&=Vad;5JqOSnEf zyyWoE{Xe3|URY{Ea@d#84T8+vCDCQ%vPQw7yl9nBG*@~z+tOFR;#{AEjL4qnPa@z$ zCUtG|)VguYay?YWh@;ddVoYw#wrOpp9=H&PnfG>Rsb4oYOt=*}&JL)VzigbNtFrks zMXG~?ffEj>-diAGV<-ezWm_q83QLpAB#=&<`CCtPt*d6JdX!Jy{N+L{F@5zZ9ffUj zsa<<09{eD~$2wJ4owIJ+s=EeLgbmGVwvNnsdBsm$bAX@HdNynsil;4s$~ zLJW{dM_8JZsY1Y%A)ukqrzUd)sL*sr>rvhOWgj!i3TS~rXHm%#bJbC|$!U-MYE=aFbcR+m{sD{o$} zf%CwkNz}kT^wy`KxZllBs$xDs8sTVEuZL-%b6H6(QmaU4aA;rYTyInLjmC;cNf_d2 zbO}dd=hw&ra6qP9ht<&~0EZ*F$S3|hSMB|KoQ(}|5hEYN5MYTx=8w??GRu=pG?j)g zqS~kBzyW~IV{{-I#L>tBAV{a{z&OH~;#PQ4<(GsR2#NFoasWV|;3N*w0SII*4-?0+ zA~Dr;b)J-zgq(U#*)8jcP2153N1q&r!%+HJ(o^G{P~v3f4~rz#ZQLs z2tT8Up@=_M@MuG^6d*_`oI3zuj#NC`#gLkCtl=Cm19YSs0c4nhZ=AF?)11*6eQ6Z|VnFB<~?6|=tqtmy~#OgI}r4P8T|LvU>X>%KVUES*xM z7EdM*hbj-O+h)&3g21EW=sR(F-CakU{}>adLieTsa`2vn(+SF6oNs}Xp`ksu>uv$N zn|Cs5nd|DXRsm)LP6mRxK&Y?cj4@2a!j^&9?YfQweIGIQ6A4fqxJR-in2;b%U0Dft zrlWHNgAWvQbSfu+;eXY3c7gweTJ-SOe_+RnAs^SZd#2+>57LPYGA$*c<`$8&Assd8 z8=2`)c-;UNVsi-C01^Wd=nZ+(WObX+Y}N`aC0iM!u4a^WJZED(W^4iN!A|D7^=mZ$ z3C1ywIATy|~&MkWYwJV8t} za04UBlp|4FISEj8uOAb}unZ$HSKVqeXiQli8_Y{*cOzZNw>7Th`);>e9?4K+W%)3M zK)X_?9SX*A^QvkJPh&8!4&pE!vFCX@ zU^R+n2ab^>O=!upql=3Vr{`~+RLGo}i{AssmOT|JW$LnF_R9iv*_O6R$nh#G&&mvc z&vXoO`?*H*g*{$dG0vNIXfB|W6nVF|5`WHy9ROdVHOEm|=C9)>kWs>G277mU`S!x& zpVT_#lZcTJt&(b_*Sp_jBfb6-=|&pn8>vk(w{qeUIX5Rmu_6r#^~KIfSaRQ^wmTI; zL#$acQU*e5DT5)RoMom>$5qw-8bHXuU^3VF17y(k+*BR9?p6+)hpsDW{&}uw!>I20 z4xSlS|4lTJi}YR{t=>ua4t=odiwMSMv@s?D zeXr;B9OswQ2)rXRG#MZY`ny|Tr?=DF(lL~Fi~}yXfzoGmA`eJI9AP#_LF%tP!hAd( z$XLOGcy$cn4aOm#vMw2R`51L|Z1Bz&;A70d1pZE_9j8gTQZX@LEyARJtYa9B5EJ`j zh*cb3@jZ=ltGP@b5jYXc0--TUoHEkzvO@&QaURgfkQRt9BnPk;0r=f#T;(&kYEeuF3iSjQqpI)6wW3IF@W3&-h#Gh=_Q zUo(Xc%54)^Las@Vxlb1llU=9X^k5#1|IlNtid#fQavnp`29DcUVono6RFfbrd zIPZAim+uipi-TU9VAp~KV2t&klrdRHo_l>537QJPgh(u>t(ge$=O6|%9T|{dX_7M^dC`#V4_rOzS)xPDf8RtIR`_raKUH} zFk@51ns=#Wbj?MYPMMD)NHIx5nkMl8Aj{Sc2x6jpvtSu+gwb5gV+uw(3S}ps!c^55NVOc?K`fT(%iw%Thll9J*w%!ew0x?&8nzwT_O%ZdKEyDfLKAF+=jagsbH z@mwX8{STkS^S_JTYsYYlN$?3ZbaQYoMdiPK8!^yihTL59D$omw_coKvHJdxYE z=UnLEFsAcFdoNY7*asnuMpHOKU_@p}T@u8IPB2p&B#Z(l#1m}dQxt~deMN~!o}Q=Y V>3Q(y{|5j7|Npc!2f6^f768BTVL<=@ literal 0 HcmV?d00001 diff --git a/assets/kubecost/cost-analyzer-1.108.1.tgz b/assets/kubecost/cost-analyzer-1.108.1.tgz index 9cb7cd4860148fd4f0bfc1046b67990312e0f713..08406224a5e171803c2b8539f0f73b1dda9ccd63 100644 GIT binary patch delta 152321 zcmV(?K-a(Djtbb03XnX1{eIgxk}wL--?|E{+`CD7O-k}t61~&&K923AJ?+>Y%kE6i z>>Le5LK4Ol!3Ib<>W}l=%Q(;N?UkG#ssIqAC|P#gnd$Sicc){MV4(mM3WfTNgvtY& z(q!=ilbxd}m3g?Jv*dSA_|xrny9axF@Nc)vFfK#IhDWbesW*+!Tm~pXqt+g=3Jzz-y(#{oR4XgPm58=MJM6ut?HAX zT7(c1kd)3?pL{K5ETaXLIZebQjA))G zOhb*B?uE0sPckZh^OVWPW-(V;LKgw{`i+6w*i^EFQN>Kt3Qf0Y#=m7!agp}Pe5XaT z%>CI5d)-%IuNAY5r7=q*&Q!k@kVvF4&!NdA5hI#}6G_K3r6Eh{C}DAnn7J^|TZBlK z3B_|E7kx733F~({VJFi2Np;FrbKCX*-3xm!!=1*?GAU+%ET6JME%jHvx~I!ZL$B9f z*j>?UKBcKx?hzl~)0=Bl_S6k`UWeUQ%v2i($px8-RQInbAQ43j>#V{Sk2Gvcfrg?2#4MCFjiyX$BB4t6)=9)fsE#Aj zES!Z-b;zIg?=`BASrrgch!l7)_t#vS7OV(=i#-L@}R#2ar3SBqS9%8R;HWPLqViBnZd{ zDpQ_L`s5883&}K7Nhds=kbKIO<|{c*C)*^0gMmm!W6eT}G-guenz8up9QTMtq$&qk z$8;LdG!7z>j`^gJ%s%Zzh04V&&|`x^jlYi#FY0$XmAw^|;}3B9!kCR|k>sJ8M|%A1 zBb{Y`2_rO)B~yxsF`?e9Y4jtJrYy=yE<$peMoAGf-69u}NXT>3EfLa<=LI>Pq(ZV- zFJEQG0o^Sis+`>ZXL_zh^8#Mg$2Jp8xVb>YkVuGj)w4k z!Q^7ViH)s7m`jG5pXJQ>q(1?C?~gUK_vUW;1Z5sJX33X1(v2^FplOd5&?c5KqHNR zPnxqd4sp7 zzlFi)o6=Pk|0kj2i(F3`5%56s44P%h0)9ynf5A9Ynr90cGYPMw zDQ9y=)FO?hQl$I`xE2tR!k6Y)AfrS?w?M;8X}UJD?Y%tR%5jYh9X^i5jPmq+Sr!Yd z^u2;%n%4%vdXA@}DbpRaHEp*w6#a{1ncHM6B#^cNrbR-YiY(ABum`n-J6&$BLVs7KKw#u{Q-kCt=asng8llpGTQr#J$ zl958`^X=WyC3#QfEz7fnMvR=CUz3C@efEXqj8U1AnLb5n?v9Q~q)H?#1X(+r2rh@Z5fZSb_af6Pp_sl{(izK{R5%@m)L@cd`$&?o2sX|0D;9~_Oy4Tw7w|=Y&J+HF*SCr! z%@{$ELWM0uP0%f@*!#l*vE*|mK^*GLa5X#urlVM1WI>UdR{%Z;^a6NyS0m-{8J)1Oygh!^p4_r<62YC! z6N;D?-ht+k_tk!f7>@2qf^~kOk&Ve{;l>og7ZFVo z1x#Qpu+E$+1D}6>4+-B{3f&P68N8gQT;TCB?M=wPu4E7 zWsv=OH{1(*xMIKtsxyv=;k+Atfts<0e zB{@At)^<3fKZx{yex^o|seKC3N;VTY8{SEtFA?fSXgq>MyZfCxA#YViBc?jPcfX&; zfA|Gycfcp#?p-$0?cw`N;;_I0;kqDpn!51nde)7ghmllYIw^uEgv173Q}J2{;mBtQRL=~>_Ru25AT zYB?JykNo^|6DH5r$P88r)%yZP1l>tTW25qp$e5&mxsWQD6g*}fR4{b(B}(6)BDhw7 zK1Dwg(p)q;TUrJag&s=aH%=#kWOF7Ja~!%{^Og5wWb5AOTi)TMPoa-IjXLm4P^6jU zbDpq?xr)@dKR_v&;1}@s&~0cW6=?_v$=SXPHSb=mdJEDWuBbUdU`{hn2QC>(?DbAT zU~Tw+77!M4atfE#F=w(*zR(B^aXXm<3lOgCEMm6Xsa2MY>^;2iwtJzN#EI3vm0W-- zbth!pC)r)BH+?E}*HLL#(yiQ{rwNmwb+d;Tv@@-)*w`I2%i1{j)G7_&k0TVIOB}6i zabxXLmGkO#_jOnAFwniwWE+nk&5{$I-i~O0bgLXB+=7FIMzXez|*jc@DH4^*i1 zYZRREWKo@KqXX`C-nifXyyB-B7wD6CgDuf{udW%LsV0Oz>Ywlq--Kd3<`L3_c{JKt ziALu%jl_(n69e~w_`c_n6iSS90?0LEeyAUw%qUO1)gmO&7aN{&mgfJxZOqfqHW^Qs84t#ABA?sOhn3N8;{_|T336nm5> z3t%|NP)9{PVTR0!NWC|Iw>|vb`#d1|B4d5~S?y_?h>$a@vN#57SKn3SyjN@@iZ29eG&+gqcUcW04p!!9bOQoyXKbLW|mNtyjDAu-%eg1dzOCVCVdcUlHqWzt2 zH+=OA(EYtMZ?JBpcyC1JT`ZUab*Pr;AJKo& zFh%S5gdLy(Tpi%cM{nw9Up`wqfRY)Sp$JdM-30m(WBJ4(IKJe)9b_zx$nWl0Nd*DhmhhB? z?d%6Zf<+}OQbHC(qfxgrJLlfe!>%Zi+#2M!4cXMJC7SEQ2BXsTPUoC|mX zj0=^>vJWFKz*lP?V#f69U7f}n!NT4?;94Ya2)>uVUHZ=71zNfXAg=fTyYR?hQ;^-250%+COZiro{Vz9$~hv~v;DMfu!v4hi;V z(I;)kCdvk2*f~a%)(t=bu9FuIAP|A4lVHA6!+;R0;^~ui{|S>v4kdr^G=2mHO{rWa zALue!tf8IHLMP?U_$O1!zkN1Ru>d!umz@TB+3D_dgI+J_^{%_!KK%b*w(;Rk(0zTq zv)kW)-QR!xmsK=nE^H4crYVn?X$d$?GbLG91eWGpGBbj;%;>Lw1JAE9Nrip5P4ND@ zAZ(W93qqx&i&m?83>_gV&DS?Nd>(rAfN$<+IeM090f$vTc$$x$>Kbby%Ds8OlMD|X zf6xLM=>M!WvV&W>OfTc+HChr3d|nIAs#KAZuMwJY+vJH@@jw5-{(Q%E!(j~$CT}F8 zx3RcOmpLQ6|D)jgRYFHB>1$kM%5tWL-s;uJ9UU$}GX6yf9?;U@Kf6HejqI_~@Y3P) zFtK%OnL};Wxzth@TNMH@uX}B>MIs?3e^Z%AV{l@o*hv41-FV>~O*ZK;?G^a$Q zp{9XM#D`wY68Z6GbJyW?Rx{a4q32WoH$a}gTB-4zmn*b?MOvY zIcuqi*~v#Rd&#A#1MjcF(NWEJiJXg=5&Kn0uJr=Db+5c6BW4$-oV%3ecS7E3#;ex% z>DJ$T5?~}+lZ6pD0hg1$5g-C?fs^17Gbc#R^{AE{O02-uH!M@kd8|pZefVL}HVhNp zwc3RW7*%;-)DSmUr;|Do95-L7KSV~W=IGOPR7N25i2)EGfB+?*06o3*WDE}9pAnws zY=Z6;Fc*bllAvmH#?l;S_Ug^y(UXl5Fe8{0ZD=!NIn^S-U~SvLHq#=OR|my)`b%h*Dytghco&^8$rnv@qr<#5atDgVA;$%1h7fdZMp*Z0FI zr{|8G9$$v!!q|qbmp}4d=%vH}P}kRy)8n_3+!HwqySce^{0EPzEpnKXAQT);M@;6p zXZ)R}2|0+EgcZMirEK8R-IPf4YN zc^g}Ie!a+88xADE=g@w;O$2h*yORMGJp$ablRy<73V_M59WD==#U@XaXcZ(hwgwvI znn7#S^t6e5%H$naEF?E2Nv8~g$IGe1j>AtP)(1=+cGqsT1dpRexg<(BOY_s?lfV@& ze|tJLeC{baUL}F)sWH-IBX>ni>?1=k9ut3y(x&dqpi|y9FHVn-OxQt4E}S2qW)g*h z$mlWA{fGXn0C~aF5@8bzFcn1-TSW-ooH$Ejf>KCgy!nsN`vqfeV-puC>76$=eLeV? zGpUbI_e3$8u(|7Ho+gnMmDy7X9uq#Y(T*oo2HXQ6;=t&|bdX@x6HG6~rFRqqEK!okCY=ulZGZC|- zqZgyvkGmHaGVvpmcv^}%8U-sL8riTK8GteXSCN=AxmY{M@Qx)(aGQ#|v?DT>fATU# z1Ax*vX;gHdKy+>*9Q+m`>Xv60slG45h4Nc14*N&e zdup9_#m^A}wUt5B3J9>~CbZc}f21~b$27)%EH%0{J3U6^|0x2IM;)+jpI$P8K^q1r zMZ#2tmaQa%`9ko9K_^tNn!QRrQzWB{M9>%{O>g_^%QfNYSdi!NJxWO6OQr89gho;* zWiBfDq7=wq)bTTCSux>->+9>w;pNrEpTFCN-v{;&jq>>g{zX_i=TfAgRGL%C z^{gnPmek;!l|qH&dXaHtaUh=X)c;!H^i zV+3!(F~8k5k5uhhDiDOxc)G}Dls8nrwdE+e4KIVNND?c^wVdkIf2Me;;9@krCPuDp zqPOiQJr}jzZmo-{-qJFZq$lYdQ#4q7&flG$|9NR)i);)NPToN z7@Q1-hd0+3*Ei=UEu>0oO6;|*oLW~`Z{2UFa*J<_dPWAen(HVlbPwH`wPViM3^Lrc z_xIm(yKxde{5T#kYWX%@RaAACdVwHivf#78mm6p?V_TZNiJgdw1-c}lqZGs-OP8o-BuOlgwNT- zF}7cQ7K91m+5BKd<{5LsfaC@;v>q? zg(^qmPtQ|*#wv8`O&N>L6$t%|@y-K|85nj7BC5@x20~i7X)xR#LmKO#UjKEs+tc5{ zWvCefyt)U*uIA%zSG_k;@R(Bubiu|unPeiyBM=1ve>UTI0-~o(sWY~L^qvW4v@ptS zhZCAAHApRtF~ujT%OIie1~h`W5`D(UED}YQSmi<$5aGFE$yiV1*WymgCfjD`d8zoo ziKC-C!(oAx0D~AObW(??Wg0y;{n(DhT#-U|ewlf~LqIpbtht4h7AF1H1-q|l^NpH) z+p}=3f1(U9(IUtm!8SLnr?YjmAJUz+FOWZ~uGz&u2>$VK38#V?=}q&7VO1Z8Zx?Tj*ht ze~W}k8E*ynQYP zI7;@@rDS6!y$9#wW5v7U{=UrU^oOPI zOva}2^V+v%cBem71O>de@E8|r zhK{*ER^MPVaiWyKK*lR=;C7aVa2Xj!lEpk9<|3zwUK{wn)`oq|SgM$5G;^F?6#2#Y z2yYWw2r)eWWZA{)O~I2Gf6WTU$GVJmh-fs`t?sCt9qHd!eW>Uhw9Ebn1AJz_a}#h? zq<$AC*JsWlPb1FqWNEfwa&*J7o>6^KBqQVeXR;;ZhkC*X`t?aosety091|*zdxo6f7K_idn>V-ib6gT z9sTKge7=Sj6@>I7)hBzeS7LO>*zF@RGMN@uVTAozA(<<(zl&}_s=!oY38R`4$%0Wp z1@0Ym!pQU8mpxcGGq4ZPQDtEIk?NEEU1w>Io$I$J*AVKoJ|JS0;tNa0L0L?K<;j)V z)SA2bX=%5}TSjw@e{wF!oU=Q$p@e{(hi?H;NfOKxFxtd@!D zwMB|kAPS`u5PU3NXkf6M2Es(1^N@w03rYly)r-(Y2b7MTZ9OS%ycXvaavkWqh#p>w z(L=nP8O#$ymA=3w{MK4JbCHQeOcvxh3nw8|JlHl8%?oGN)mM4&j5Y{cWb_z}Jm)SF zP1*U0k4T@ifAx1^RRXo$1iG7Ti&d==;0VZ0` zeIq0pEqsd_oeK`vp;5wSpzYDZ1e>vB0ii2_ifF>ff3?kDzg5*<8uw0e2YO@76feNI z-;DMegtu*K%6!VzzgfUkGURR^G9Cuo0Lj$7FkG&@8YW_*whitk86iH>Bx@dnAv;Qh zV%B%&gFb??($qeq{}7V!nO+^^0jTeAfC{(=DIwB-bJHDF*7T$y{r8N1^v)%Hp(-R4 z4e<0Ue}#fmSSL28ORVCEe+3H;FHepATVJ{G%Qap)QK@DClT^z) zrkw;(KV|@E2%q|&EjP^*70?KD7;w(E>T0ZCsEdr|Q%w}@PWx}}!8L>>oz61!R0a$N z##920rb78axV5yspecqM5Xvrzr!msaedo!BPlG)1+?&0wwl?Xn$Rk_Vqy3+df}&l$ zf8ax6Ohf6YJzGc3ASpZfIA(K}hzxc{R>({!hUNxMuvLNHg$^mF3b};P<>eg_vr#c| zBScluUboxrx@S3+6P8~#ym6TNFI!t$KEKI%VuD9Ou+A6691zxvWaLF<^3?ip8kr#% z`m906$?1$vnAuWAk}N4u^k;MP zTZ8JZqO67|RmJcYfvPzE7-6$)V{T^S1gHp|Q=Wjx;HPW8KWNK<3oM{;7PmY;(h#`S zz(bOXM7!bU-e7Al@s6hi?sE-uZ21K7JZ4ej5{^HV+~^)&gj}e~gPJ*zf!$gn(N^7@Qn#e6x1uyz zP(IOm(yH$emx;lhqE(f?Irc5PaD38^U9V=#YT_HI-gnzJAz03R+p}yS1l%EL!PU4W zY@Cx(LetxAQe-NZjF!b`5?2gLf21aNg}afMJntxtm^tiW=GV%w&0PWD7@gxeh9INv z)pvwT{TGd6jaj-lK?dM_Y7C0hhBlK70i$|_rTVhRP;7xAcnN+LoiS&HFCiM$68y=> zMm=fQLtjZeJCVNk2(QRsnHh46lz)`&7i5c+N$xRf!Gp$?SANReJbhyDf6@;~WugUi z*D1SmO9JT^RDNi_xi>|~s`-O3WJ<_Hz;hWrqO4>KB%)X{wk5{=%!SCCGJP#DT&Uu$O3?Yau0ydu zG|Or_j;0c?Yq2zRT)NLMf7Lc5&TSY->`{m|RP`+ze8T8g!1OZClzzXqfMlOsA6?df zSqF&MR!n0XEVE=Pmpsbt9BT0^#VRdcZsgSy2>cudj~1AfT&lITMgA8=L7`Ootw@R) zQ{F9bZk{v{x90X+TP^=XJlL9Gz86KBF9Rkse7+HQgn_qKckRx!e}t)WmPX9NT;c{s z$m1z0Wg$yd{^*jW)}Z2g&JjI5zl#6B`eb+K9oHwoXkh*fyYOJi$MRg{t}YYSQ3d}W z=gKl;G*#8OjM78?j%O?;qJW&=nTUaGsLb)4Gguy>MAr`5MwR5ktP;v+o~vE;B;Nwv zKjpJZRoXK3v{#z8f0SE|++Fv#@cc0_$AvMvonE$T`@_H5m`AAUg-7>wM2KQwEIhPw z&5GmXJ-r2es5EnLio%wuaH)+L(dLMVM> zJYV%2o|i=h4MMf3EtlO2f}w<5%0Gds@4Az1ulow680SHje~5Gv&M(@*OeYW0Kj05icE!}pl#S{F^MJ3kTKpJv$#-t53 zK1~%g8VMyEwBOr#&&|`SnQGJT%F6wZWms%Zf0F`^f~N0kvsdoA@bl9#kegB4yJ*J7Lx%DxKafR z#*`;4E}i2`M<1`OMCH>~EjMC=xfMMLe@vV{a1&U&^4ew+Izsx$H-|^H?2RiEDjJU{ z<499Zs^a?c>Q(oXjK&KSH}cKk{k&&Iqi`cvC@P~V&smh~TkEZw1*IgV+YNG>GcW$9 zfnId8K)9}fRkZ|a1YXU?=Y48I(f9$P=Hcs?90a;AO?zZ|0D<51JaPkL2B zvMRr_lsmLX=#TcvS8Y5o+uQo&f62dUYmn`qy&m!X(1^Q3#d6c_1N(`x!gUe}sXN&O z!cY2rHjn)2fbX1^!pv|94gY?&Jk2!`(tG=T!3t*9a%m}N^yAQ+iNlP^p<-!lobqgw zElX>9Pgk-*Z%k_XOOqk9)EbgXrV!#KU^u$G@ugt@6Wfq|%w(UaV)k6if3eTYNsh8& z2pNQi3Kb0KHT|P&@o!(X+duzxfA+T*FIsggzuCXN@R4zWYskAErVT zvvoMo`Q$l&1R|Fg$L(#>G&5whASJNvOvKxcCRZU|I;}S#0qCttWAJk z?UIv~4euSG2`s1qsC`wxg4iEVZfnDV-G1CKKY5g-11*t(i&$U8#^Uphy>x>5{^M))Mm!6xbpo`y^(1e}TQIcUT}4_|a-PXL3Py zyEX^6?movZOb`Cu{Zd$;AgGZlOg^`YelAq?lI5%C+hd>XrT1`>$W_ z?(e(|3{HVrf13dObq@Vwv*!M9w6XRUGe?z&iGPLiGDxJLZ8ct-#Mi!pQW%r`B;agm zlF~sfV6RfO;y;v;Q&v;UUCIjImDXf#pr#pOWAw=l!3z7XYODpj(*^x+)eD}G@``7I zXuMR2;K^?Y+9%a*6I}#hme$<~Y<@07rGcj*oL*v#f7{XN@s&v~Y0}746EDIXnOt@> zbvl2;w=JKy{H4~PjrRc$y(MN&D(IJ{rPGxBMWk+rCZslqNzQ}AzktdQ?OGK;FL%P;0phb$ z9qMcS=9NR$U%xAePNNJYAslQ}OJ0mqY3FDn5=lYK861ZrVD&6Auj zR4j}+laHz>SKQKPG{fMb%&r6xlE7k=^Clob4VL}6O%etns~sVcTA$l2!Y`8?Fl{uB zjh+BK1V--I$Rg$Xamd-_YV5d%+Yg0&y14^rCcEoO>@0GPJy)@VYDmUW!mYfQuKtdb zy)Z{0!rp#ZZ457WN_oN<4nHkF*pp@l+uEwfT$N!o6|4V!lO!=L0hyCgF+CGaS#%45 z(!SeJQ`9%aN=Dg0M7NWnF&%$IjLM0xS2?Xt;>yHKtt~If>T#J=vT{+@jc#l{i?0tM z)LP#r-spRe=Fa~?PD)SXoHNviUZ+RYx?nuGS`+ zfPkmNxJU*JF4Gz-3=sh5_iN)4s!Y)oEo4bX6Qay#WW=U)&PAd3n<{@{t=JusLAe=) zo>K{A0DcRum@EBqwme5aUmps2vV2`=X?mW~kAp%^81~|x-J~vZwS3d8R9)|_51a*( zLm1`fl^NDXt|!fr6SnqwwYW$J9LwB!DgAz0#_gOeY(r{-~^g#ZBd)|0h5E+ta^A403k<9{a7!APo_-e zB$F&+F-s#)a%rq`>|WF=9fNSx*m|=X$R1=@wzMkhHP%*{;ra=!%gM-3UU@Finq!{K? z>j;UkY@#9>hvX0#j)H>|6O5zFD$Ll3X=pY?2`-xc^!ZsLR8Gg^&_BV;VKmw?s|Vzk zR~Z_Df;CM;0`**SHfQ9>CS-#lh2%|{WQymQV%I7Q5uAUa6O*FU);V1YQ4h&s?JjD+ zKvRVQW{W$8YjVT+me=YT1d@A;kbh9N&MntiSFu$tX~fe>M<1X(4Mgg-`4$st^odI* zODcJxnsRMc(`u~9r~#1LE)h?=Pue^kL*d}kZ_@+>4Ui*P(e;6>!#un~zGhhibu{y| z(095u@W+3nCq{qg74+~+rb=Cw0o>z?1OS46L(9!h|E5n`(%LTuH9h^-B?2$jV5YtJHdzc9Q?3ijpzcyCP%ZW4hjcTF^w zSwpc`IfXnQv7EkuT3bZ%bdoU4Fv?Ri{ird3`(uBS5IVsEplC=BG1R8=kSLbM;Ml`+ zMPk<#=EVfHzvUI9Lf_#-^0t8FrY6miA~U+M87DOy$ui2pcj!MbOv9C{@Jg&KSJirG zM0$y;#=hnK*>5OMwFRX{$QT67)MQ4}g5-aIH@`P<6;`r-?)%;s8Qv;SUEEW9x7$_i zrh|XITr{l9Z&bH9hv@DB?j5oK1I{gDS^3G=T+g|mntF>|7HV3JfqSM(iusx)GlCV` z>_#+Qf%sfxBE_twMP}kDFcgTo1m2j&6biUhat5SO?FGWLlLguB-j4Jc>D$O6kt8h2 zH43)gpojOhSJ%hx3q4CovP5mR;s{evG|qqKZUm1k z<#tRcKO`NMdhA$80WL&jfLThx=fSkQE@T>uyR>EIto*J~VqE2XW~1h!^7DB&?Cpl# z^%>Lu<+QrGE0FX3fK;zgD!OE80(q`%*{2s}a$ck9f(SuOom{y!Zq?k-Tz*%q!VP~` z%p#$fo!2>tz=pqKy4hip*u~gdD$caL2x}`fz1;1!yfj0W5)5U!s;EoBSa{LqsR_Su zq&F%i?h=kUru*bfOl-!Pj@gQOLhq=<_M(;R>0t~yf7^bAAzBb`$fNuK3|Nhu((4}Q6F!?#^w z9r)$v*3{~{xuz48wiGBxp)S;j#h8No9okXfK@cn%@SG9d9xRG9x-APy+X)X>b-|6m z;tHYgl;|EjRj(M2nLY+r!RV8B!JqAq%NX)&F1fPA%2t>@R+U*Xe#c~W13UAqngzAcp8>P z5_!ThnospPYf3?YSLEfl1S)YuWd$RXQOUpnP-G+$(pD~C?x|1Oqe3l4;v+a}4eTmX zxG+PO=>+{?jzx6KBpxW+1k!($OXGqTPK!|(!~06%Qv=!7e5v%_bOk4?!`IvU&H0ky zXl_j;9n+K|Q!GQ?K>K5R@DjO|UWA^BuFU5%Ws)sHQqz&3GJXu8lAmvp_Yj&4?cX8N zkU+;?56NYj94%8>L;VeZOy)M`Jqj0emXx)oAcz<9FCmQ2oE=T!$0ifQ>a(!|4NtE=mYb}+;mQc()tfT@{6h&xV}6XH#_K)Q*zc3e zi@|m6b%`cs)4XgRqTkTX?oPP7A9ic)^ws*bnhQbkm_^hGI386s9{2cc%Q}K+HfvnB zF?EFTYAC_Lwx3aXYy5xK3a&>iaHN5`%>f-wP>|{7NJ2|M9cafsFY_rq+gkRFjBKSuzVCUu6e^*H!1$%a?2IQXl{f^Qjbhp0J@x z7|YNEwnWi5DE$!2`Ml)`L)sn-5iVv4ik4aquvuA6#vq7+FgbrXVNW~2z@eK&O+i00((?k?1$ zio~q{y8F88CR}%{*VTf9QWgLH+~((dq1Wl(pJVm@7pnj7&-LOBHTQp^%2hLHw?lI7 zCW$MOGL65!x?z6;gmHAznCE^uym{ExxiP;Qp zb&#G0?0~tXpcNCT(_)%L@42Xvp`U>St8$=g@?d}W4Ir@sZ%}!lsj}w47O^y!Gy(bK zPiN%#jj0-Ri0-y1V#aohT2bW%au!e_n;AQPQ|pCQ6;$3<34GZ`K#Iuoq|`Q4QD{t-tq%HPt4pv zR&T5)2Bv72j?s8LFI*;t7K+Mz@NO%a0@TPvQ{mv*rS>)*tg(Rv%ZeyTHlZ?3 zAOvHqd8e!PY-WXv^r*I$9irwB~0afX3lVx z6F$pml#@B9Rhquk$8VIA!^_jKwbgoX^|t0RX)0`K=rAw^16z?`{Mb~y#IS#V;BD^a znZ z#ak;Jw;rDGqH==>XR*GZyW_XDYCVy9;aHf<|bOX!hiz6eBrrd)N*S_ zl0p1FO%w@?qZ^oObUQudvKW#xvxOE9$h&NHT&M|zkKHqUTLxYQYLtI60VK6NtUP_O zaG}1%eqwDQ+jpgAjh&%D1zbCzH>6p`v%`OLc@-Y7=CFNEe}eC#f3Z7pfE z;S-uJ2+!Hfkk8TOO`q(%3Jr~_OyuxrFMM@?kFE~i_sMS9eO4 zCS!_aIvF}&X*mjgP4%&^C)h;`0;_{M5e#H_lPDRkD-lhiB7yR~Rw4_rk4u3%L}LZj zl4zg&)pw)Xw%i;dXW{HJp%Ga3>~9_uvMyrYC-4@$Lob0gs`d!toJDT!{o0TgxE>j| zQlzRNFfvVIuhD-VNpZ!LBP-BbW+FdBrFFu`ELubft33Y}eFsmXok1o*)j7!u^Ti}9 z{0HCKB8s>&^iCO#);DZ{tO9G{e{=HP>G4vFOP5@pjOi`2x#sm|Hwpox3zTLNzygEj zH`J%FG?I%<^H6e;Pno>qij`rZo<-I0M}62U*Z;t=G>d;)Ch}vN(<>9YY{HX+UhVxG zxG48w$^y-~f-z%ppmqbJXR0>8lx)mD_BHLm8+~HXODX=rq8#qI`@7xU-Ix2X4t8F? zY#aJM{4gL!FL-+Fr8+o-ugTHP72zr*@7%(}Jk6+H=Zr2ir^K(zE)i{`)Kk0tPKVy9 z0N(`|BV&K`1c8rH;HIHn!fKu(cy(+%_xtAWsF2Y(9pWFuoT=Pve2sxbZU3#;%?BZG zC+Kb3HVT4vtz`L~ZK6daJ!@Q%XQu5l4GHJuQqRfZ)j8-hG2^S7|K85--u}VMSFgcN zd#J^_+f>}8`s6CtKp^-aKoyE9duwL7W8hg!k}ZE)l}4=UO0UY2b0P&^Gl{Z+ceqZX zEHLD1)XNZ;W*#{*&_Uh5~FirAs-Wzs%hexm94qxsa zz3qP;5BK*E_78#egJtbK%`%=&T%ibSIo7D^%bQ6U59eW-d8{ynRAQ$1L?5$dP7l8f zxmA|0IA{pL9CXIS*M`50ypS_Gb1(EC=6TFADsz22xVJIOa`V=3fA`A#Z7b}RcOKV* zrE~MPG?-WOz4uAmD_h`NwNZhCg9!e{YS1@ZMxQdH@m&`;)uKlQN*7k|xe%zMG=KfDSg7S&t z{truX@d)w$&&tMj7EKVUV(UNm+Sz_>#m7G#5XF z_?U2@XSZze46ZA1Z2O&3r9{Nb9Dm%!5IqAlo}uI@ir9Q+xS+Wmp8Wan{pH!o@bKv9 z;^zE%sL!zav-89EC!YLiEqP__3><%bRkVzZOMPl)#@sqkBsSl<^U#2MPtyYA4=rfh zQD#zPOy+pEp-M629k%4dk%%=mH-lphL5#;d;$9J8{n5?fc$*yF9B-31S7+Pg=hGCgNxyA@8Dnv(&?gXs0nZm`FCEO@nl-;ILa>w`GnjiYEk-gO@zK_xN$*?5PI55_O! z;AL+-3ie(`uY%FbgM;8ze6UM2 zGM09r-HgeIr8%82_lD3cOSth{L8%Ffma>V+VaFazJHPdC0X{vCdRMw0-43*=Er69hD5l~>M??NLx@y^Aa*fss6Q#AMo{>yPVo zX1Em0_moN&JGX3Q=GsY4#z=+DN*DNT>n`Mi>#%qQ#Ebpcw$+_MS?T}Uwj%a_Z5!)9 zPbclN_lr4`Q$}OcHy%EfsiENZ6?@_t=#QC1-IDQjin+=qA3^prIurVTI}`4K>AGx( zu*)^$Rk?C&W3r@{W&~&p%MC)HDx#?-DXVJ1(k~D}HfBtb=dl;FV=~f;w5kDr0XHzT zu{$AttColovmc`!p3OKaFv|d7BUl(Kf-NXQ{`xn_euAoO`#D^{+-(aieyPX-YUowL zL|~?J8GIPg6jEt`dMI^&Mr)IqLzb3vTdzMfw@59ae!~_}k2cGa1sT~SBtrW24z23n z);)wlVG5&m?E>OhgH^ja=TQyemMz@<(A6n6PoPNW7>Fl9Z@bw04DWhkY}v(+m_138 zaukeuyF2?kyL)Z&v$3f%uXo7vXCsxj39XkT1Gjm$C}(_R>RU5^qe2F|^CdW+wL418 zSO-~WC!_haQ^Qg3iRW;Hl&M)tTwaivMTyPf2(EoJwInx>+j002HJ&Vb6HVHLt z*%>og#1t1PlP`>qzW&DMU*`N!x7#n*t@M3tK|2PulpTw~hbqn16TM-UhZQ zJiQ!k&J^bNja|Fr)qK`!ZIK`#hf>l->GJT+D?PrHkD0lD)8ZYjwS@(7`=v{M0kI?Y zG>5=GTgXviW#9|A8Q6;YAo3FUoY zmO1aoY!D(yAHDceplAfhV*C&H8|Cl#^^{}6Ax7$6~+xwjx^ycX$6__jkR${e#}#?(W|H?(e$2 z{r&F#?@0Fv`o8z4P&t*q>wa=y^}+p0ep;>I!9T4Ze+(1^#!pIFTXt(Ip%2uuxys)3-UY>;cj z%E_C-(cp9~B${Qa1K`SxZtaQ`-zIG~QbDA+=R;(A!EOwHf>i$fuSke49JaV`2+pgE8nq9HSLdha@A~B8oanc6y%PUPPR|F|hi7Mp*QXcfh#-_ zD{?v@S0{hEIlVeLCf66_{o(oHyAyJGay2*|T%Vj@lW#B1Zr+~^LUML;cy&(RUtFDk zkgrd!P9E>*ZIA81Jiu!Tn4#FM3XE)F?@L>mWFY1!u8-l$G}PDICnGZ}5Ny*Y?@tGV z)AM)r(SP{*^yur#98@Ro*D@o_giJI~%X2M?SLWvbtjS4Z7_Rqgt91!+*%+`)_Jf|Q z^#S)#w^wtar3furyPBA-58yN4s+nwm(^73Zj+SG`2;GO3hQSB0uo44%b%ftcK(iy z$ViGi1(i*|#&R@1MG%Z~`~Q<~IlF_1aKFB*ZvCzRonpQ^@;>(~!W!Vsa@arXXO;Xn zoU$ZiQiXYzd}<%-<-gti?p|H~JJ@}>_nZ9pIevcpvGXOF^I0GLO?krfeebK8o|b6J z`sB+FaJtTyt&@+LwLAF%mk<(v8n#Tkz@|&DZD!oaLD>dG86&oU)yPUcx~0A4lb=W~ zi!>q!yYMTY4T|xYe()sJiN_&&-sRI55ETRgrO zmnU#lCwSG@EBp9PSf1SEJW;FqV0jW0y1~P`KpH)=noA3=o)dv)8BlM3*!sW_I<(Jq zADWW2(2QAYl$bHE#0}E?n6t#3qFz=OaLjpbVn~k92fD2-s`MgkosNmbV-SJ3x+$=A zj9t_fNHMmaTb+qM)z^u<;4Guytdjb zG%iBAAt8kP_@le|c|zGLb?%E*P+=H#eo=$pHovqt0K+%wh7`+C!PK3w;uKdy&;xMFfvnIoEikZ#=W8?lr}jC~!94QF93 zh+lp_I$yR-KrUpJFgi6GHk5M)37^5Y88WK-9+<+!fPkJl6S2BiiNJQBvdSAqTaMy{fqHjT}eq;BVfbB6Py<+5}OAJV@EazhuY#Mpc{Q|mcBX{ z>kdLso$BX*&Z8!B&**2d6+{Ewdn19itC!K&aaJ8Legbz%8ZpxT&o*ffKS7sW!&z;H zG-fbH&{LMoLN)Eci$1ByFipdST}-nqtY!j4!8{H|i+;tlYtDvsl25r$>bNa;gU)-a zk@Q5OCmNUysqHUWtbe(QsGO>gnw2IK*ROq6N6HB*!Y&SGntaMmZ5kd(GW)`R=xs>MB!ICzIgQ`&+ZcSM=66 z+x}jD#L>{q3>@9B-3b=WO;68<3~QtF^HJk}eaxx$Sj<<7(~rXZp$Fn)v2K)jABFLQ zj?%}X+bobi3f~Qm;?-x^#^hXgD|j@z_d?ykXz;i()SVHYWC%?_ml@C%%L|DS&NR!U z$Rr1EI~V!~W@C5S-piHBmL-Ua&Z`zY^!r};dehLMs*;Da*~grvP_U^p?~Pbad&`P{ zv08Wk*C%x6!ierS#cwvNm68h^nBM)?8_#ZU@3G@m(UiqS!qZ83`$}QJ=f<=AwB0`4 zoEtGBgNji1yF_DatRJ=Eod4mgUbq)@x5@8&;mglU+K=wei|+je<~$Rzt@63yyk{b| z#k(Fn_q%59d)?1F`H$}pC#9jUHS->S6;kmzq%6ppwD*??vbAACEI)rAO$kr4B8TVC z!}$wLZJrWQ6}SZBXn*vS1TSf63&UVm?R5wCpiS&q#_M8#CfGc zuIVbo#Ql_{Oyw-rUAHh*I9QZe3>UgYh+C8FmOL}*F`kiIwt$a$4pkTRoewg923W*lpO@ic`jCz<`0CWMd2HZKQctfq-#CUb(FbIEhekFcNkEu7|WAc1T)i-QmJ7}BvXuqg5Zh-lf z`6RS6SO;$DzSf}!qOk`FbJhOw=QjBXvci2wX9;O&xiYfNEXH%lYu}!?-PmMXgMZNk z?2Do9Rk2*Jm0lP?WZjUKthsAIEic{%uI`;LTR^jJoK+s7*?rsioSjE+evV$7EeI|~w=w=_TDGt8`2C`KZxAT7(fphB2>v%JplLC^O_ z8_0d=_7Uc`T|p2JBZAPZKR_&l&`l3NkzD*yfo*Ygu*cG~=T2$XiSPMai}vIsd} z!f4E72SYne2@ozJ3lk(a`w}u{vQiGDbvI=Yx5{%bM|>HzYS@?S8Q8ltN4VbETyx21 z%JDroB$A|6=^CmbZg3Mo{NEarFjN!)50gbyBY$ss!k~!U$!gpztaf`gmp>b0N@`V7jzeaM=)VIS+`zk7ST zFO%m~Ljj4CD^(g8=Jm9yuVwpW+1mjkta3?nHd!Db%&d0BlU-FXB(O}E@4)z_bSno> zExxW2eLdEgjakDcmf zZ5q&ja*s!6H-qbws}-GrHgtn2anx{jadSL8x)@v!uTI`xoeaJn>TZT#U))>`n)}!^ zx>2&RJ|nJZ&b}6f^mXLqz~&!bHNzfWf4Vuj`fm8)^!)hZ!|?d;Vx;cM3q-2qLD3uuP`Uov8>k9jS@MdbH`KmE$0p^x1R!xOJHq+^fmTMI7 zeoQ;$XTFr;<6@On#$xvM_4VcO^6KKx-`zXgK2$9}!EZNm$wF*F>o&toH+pi=8tcI$ z(N>$_tsaT^y}-{e9)Wf$;NMj+Q}GCFSHNtrt<-NSS`rZ1{Y+$|g9Sr~JCn!%JicBsNCQa2-2f};!8Bw9*vA#HZ1Z$r>5{cg|oBq$k z?0+`jkV!4Gp%L(&`XAkw`@Nd|Z*OORr~8}z?{oY-(*9>YqiK9kf}l@GMp7$wWXl}+ zO*gkNuCeueCR^hY+pA5OUuhb8T(X<3U~_wzKaaKlS9W84t3GsBe!_PAB(r~M=zq9He-H6M8-Du;Q}~=-wp$f7acu7H? zQ#oO|r$qj2LdpjF|8bk%`?+WT_ju-`o9d|9_4j?;wBfyNE*8rWe&`W&WoZ zwptmpqbJ1<|>`M>_{H~#-Qe*QK1|7vg2fg!#D zyZ5r!SjONJ?s&nc90jFE>3Y4Ui{e24(DDF#*eQ3f%jzm;Q7?_cs)n1miq=yySg(Vl zg!0+7(ulQ*_2e+l z2b-&wUC+j@ZmhAP52ze!gXe~1-xo|(y(`SepW68qg2wJw&0U3A!)Kps?#iB@cG4c( zZDqRd=RqZ$&*_Yt`3p=ylPro+v z!I4OF_R;ehsl8a%A8rnRvtc~Gb0$a*^|?!EJ{EGOz*|;L`PeCsUToC3hQo`84{USb z_YJTH@sp=~1)Nn__?EMKV;kUG7}zA3kjlb+o^qFa3kENpqxsvvaJRjaVGBIKZaW z$z9$@K6dxBFw?!me6Vt_)qQ0*a+f#Yo1Dt;X}#o<-9V+mlBjXtzVns!tA<<|0hmP#k zr(#9uh`q5qNRRJ-f820Ysh@+5{vgFk!?^XlrJ=Co!Xb0$-o3{9S5QyOQ; zngdW@p&jAlz&UrJZ{|Chag?{3>>7RBNI`{q-BV5wOrNlzt9zNPhZy7#L{ za-znzR7p&MK98!YW+DUcqPkV5Zt)Egzj5(KSJ|#0l~(;36A_>SBy1i78{>Z zy9{w~CZl$Lr+@W&dOf;OQ@iG`Q)dSUHa4KW#2!6s9Uq?lbO2rJfD&jRPkF0FON{E5 zoWv_iy{q=Ci=Ku-Yb;`54Sdgo*1OmYV{$p@77;+!4tU#n#_m-c$fW?!L9I8rP+#!j zH%o@2!MlF9H=4GG{ps7D#`C_`?*9eH_ub!r8@`@@UcR~R-T&;M(MykF`@^Z-T>ts| z>d#;8+Z!LZ$r6Frogo+!%dngUXb<}=$|4IC=6`^$<-Y)y2hc|s89_Sz83H^AoWr6c z3W@f)VbzDVz<6P!XC9bYwjBU(Jku-U`>P%gd)MOuFMB-5ZI8{adx)=dPC0!|tmoV+ zB1sm1(3+y!dZj53w|rZZ|9lVn^DqI1^NfNp_k~LkrT1X9HkM!sZ&5HkEeAlR`tzWq z%tPQu31FbITYvGG4lEv^OYjWN?0de`#dL|to#mm1Rtjca)clke*e=WFrMp>H`r4 zPqE7T0OtCCpPtJ1KbozVd;h;(JcR;{WH|K65lPssufUP}ExM1j&0_Tfwu=GeTn6)@ zEBpfal_i09H^1hUkz6w61jv232QK`uMo&CSEN9UT@Dp%iG1Jb#-*w(tFlB4O5KQ@A zcY1^Fr%YP$L;f?1 zkr48|9)2ym3gpQD!)Eh1egAuZ|7RzUB$h+6DD@`;OgHNJ;0)k>E3b?GHi2 zyOrbVJDos#v*rv4I3{Df6U>gMu3a;7h4-O+9Iwd&@o@9On`;N&Ld%9TJ9-}kh!;Ur zajZ|Er!+w9+UH&6$Q((W;A0SDMr~A!m@#G9$~1b3OI{|3n$C8k4m+Lp?~0&Xp^sYI zF_m6bPNMh1hws6!YmWlYM#u$!b4<`}!cW%cU+7P>e}ft;6JIO=vAYteSq`@w`JeZf zboWp4$zA`YkWW>VfV}uGC#n0tM<=br{rbO)r^5Q5*y9BvJY$=d6R$}x_IJ40rxwJh zv!5p_)9xPa{Qqk$O#aO*Kza6`vz8` z3y>%Fy{P#|IcTu~$cxBPJBwNZEa!ZwCOWo-9GV0UK+O&8LZu;z1|UEwa=iEd*~znQ{hx&hM)i5Tg*nU^J$L42j?c3% z$+}c<{(Byx)fWFk`5#j2|KZF1`oEJ$v#k5{&R_h6QX8)Pf_xBIO(7=YCLhV7FV2ko z6<-{&BFp`Qi;rUSUq}H{K?vl||CjRoKYuwq+Ry);JnESpr9jD*0dmQ0?Eq37mzD)m z(~mK*qSrCLwg0A(N;I*64?I!@lz22yk-kOD?2*T(q{i^`jY!r))W4&I_aBZ^Y$xvOX zT64q4@UBz?1N< z$1@&fE)@*54r(qoy#pIB`1$`WA~WIZA__EA2e#$KKkgtkmQr&CT8lQ|UWL{)+ltT4 zjr(WU&j#|p@F7r+{6Bj6@@$z)<|FM%NH;A6J1Vj?!t6l=OwGrSeNq>4B3FNvY z)uk0gkm#{I7o>S8%cb2|_07~H+eN9C;qvPu3u=c=6#w$aIQoHZkwfF3L8syuVFMr5 zm_qS2OWWsm8UViC+ zYIzq3nuwfZ+s1c@^a88x*?%uOYT2st0mZ{mqdKUJDU@V1FeawuNc&+WUD*^@cKF#3 z3C}7`Q_u}KLIGPyaT*VD9QiUiDF>}M^uR#8f0g|M>U5N?EHymF$&R-t+Wl- z6nh4=EoY&_fXNf=P-wf@49kZTU@J(tEDeLMeHWXi<&ibJ?J`@Ni+^nlJ`mV}=eScc zWU829Lr=q*)%wn5QqFV`1XnfHpC2L=)c^SXj}>$u;QsGXGZp{u=;(BR|6?alm9zR{ zaXUWG`J4KbQb=5o2-m7E{TFtkFcNW1?gY1j4qPBo4_9Cw8vX3xAY)vF)RCp%;`Fuux|?gPXPvH)(wjAje(H2ftaAo*6cZ7Uqr*n?wG}dz zS*v$36b#mA|l>I-C_Ur$S9)IB|FX6NY7s#Pf&P{%+nSam( zepQ?dKGdoTqBV6KgL@(hrc@MKLCo*ouvOo1fz2J(%ppvyzn}Ce-qUr8tj-(ZR&Mbw z1}A@o*X*VRl!FzPpYABP(n8~5IYCiwseNO2H8-MYW4ZaBgmS`xUPR#B2*??{9oAKG z_fPt$5`Rf5(e-hz6?}R9SheKqBx65$nwHFMhejb$ADJ*UYCswU6pJ=2w$v= z3Se6PJcRazr1z_Gy6GxqG%2O7+p>7vKtyI^`q|@dYfeXONavWWyaslW<1MW@O=q?9 zkg;Y_vav(aM|!5%$mK(ofMnpWwqncmt7BIVlYhK+03d6p?Ol6_oPk!e*-E|-t^g!H z%oT4_3`3BwozfvY3_k;H`wrfF5i02z>Q%k@!`%C_bVwhe7%q>CtH_}oCXZatW=wlb zXV#B$jwiE?XIInD_Yk)w_NW?_Fm9m~S)Io*Od=7i+Wv+Ue6CZg6KE|Ew#&S-P9|2t=C-?<=lM66o*?*QjFuRWiMSwBE0J{|6HA~7al>ZTUD8mVp zXKxl$82?g>v(vJ`j3VBew9jY1fLbks90i&MiR=ZLt)pV?yTAnK8Se6(QrGMC` zPX%zupT5NtZmas1%ubz%e7T)2ZiZ&@?x(}$m8#Hi`OhG1sZ>{`)@ti(_l)`)e9Rn) zcS9Nl1>*?tIqPT+1z+oD?*cehX@XB3NRDZv<&>bT6NQ(;TQj-x0=_kibe-HvTJSk+ojx6bn z2wNph9vZ5>QRz_pTkVr7*nTE`%EeU9riLbL^7iPFkBVl_M6*U4JXxbh=a(*}a)hn|C=9hkrS5&h%M=ejT{DUmV~h*{87t7XUS-(?Xxe0%Q#{LzKy9z^ z$N=S>NwlOJ@+=L*uV)adR0D2|)F+{qxb8@`3M@&*#=UK>EYGvB(}`|;RjZ|yOLnsbac38cGZqsz-UQpIuoh9=!_kMm^*N6%)5!Up)qh|Ad&%>T;vM#Z ztBgVk=Nyh<=tsNuC|+?2$6lz3qS=y(_lITa+Gv}b(Nr;-WOnJnF;_M&o2a(Mg6Jb9 zkb7Gu^t$gs&;Jq}(LMKGBmhXqn+YKK=hB~c?h36kF-E?oVUW*U*YXk`;t35!F2&rh zQ_etXSPB1hN#|h~`G50$c~dabr^_mM1%1*|4znr1iDSq7;+m1#8lqa?sM1#v3i{Os!oP6MA(%j`6Y_i*}T0<`Yg0 z=B(}_vhwP4>!WT-VW5`y&gnu5`zyGRx}VNlpIt*ehyj$@+JC#B;g4A>p27tx(O@IG z(2%T^ihmFTQ}{x)4%2Na5qVIFlV~kY)?f3MwI4yPZutK{m|4z&v0Pyj)JNdu%a`Eb z7LtQt6$Jn5e*sMib5{FrxrZsbRBAL0*D(`Nxf*hb*A7kX^tJ0bNIWaQ@{sM}#imoV z-5q^&f;t;-segcy&$J$6An7&Md?H@#;p9up0F75x`f53l%%JHCi9nmGD5OQaC;rp>h(J`YuJog>d-U^ z^1NTpaxnI#y^yCk0`*~y$bG{l_)lcex@G>72ZxvJn|~58d40L}C|dCHOY$XKimzcVKk*$LDu^sEt%>wM@Bkbuh z-T?B|pgh73X8)=II=DQZN`OlKXBi1poN|YfLNJnALrk)=ZX`Ko6R~W(F>Ava3 ztX}sSE%8cC=CrclS0-qYJaN}m=LORMme`{Os(<^%iZV69Hkv}BXpBX%g`^O^N+8NX z^&$HbAo1!<4K~mMipW=Z=hfNtucxKEUe?NODMYMhGG09SJe^3XEPUz!fSe&yE5rzePNJ>g%83lZ|h)T zxPSGPdw?9uFXylPP4Gbo;H=eX>L>Sp0`4c^RwiI_mFNtv&ik*Y=lzSGa+x?l)QC7V zu=23D5w)rd&uR0groM9Tsx#>Jy3@Bk#dw|*ypk1qFZ5Op()A>tbaKkb)h!Bc9-J}8 zS?QuLY8OHOVU8^^grqM*YJ|tvm%Y)n-+z7dJuyv|U%%h+^H=wVPUP1sYav5r0Gn zHX*EH+{g5iHd%PtyEcV#ql2T{AC|LNXCke=nq3fC{e^64XRYGgQZ|6?ZuCovpz5}k z!eFWyTgqAesIQDBI2xq)qdzyBM~Uw)!4w$D0 zy{(!%v|9t^a0#ZGbeM}|F-+wS`O*dLLN*YMjT6}dQDz|U`C4W>?)p9IqLA#4= zct1u4c1(4&93|q4%JOV=5wWmY8ginV1ab~7dri<}Nszb1wpkpiT(k6^H3>aogH}_q zvYGk;iI_xti!@9EPSlb?mY`u0s$8+W-JwL#f=rWhiFL?OtwZ^U>ksQc<$uM{0Qqq= zfZ|M??;hk6e-fmSI%6mFDMV6uKa4Yh!by@3jof(B<&rlcI$mmsmxik+m$u`dibePEkhZYABh>hourgu4)n99{uFIZc+%mmcl zE7brcN8CV!riFuM0L#5D6@Mn6a3xJ}h${6nVk{I1_aG0Y$h>jAhaSZ2@CCWy6I7j0 zty$S9Vv>iY=H_^bTDl9{p!lV2RcCXnY($)57p03_+Roy(?0TD$P8ozDuiv@R7C_O6 z3)|t)Tsoz1T!VtQ!Luo&DE?`ad*EW9FPz^9=(gp>AUvDb#JVtfcCbQ zWm7SUF~?!6vzVnR?1Z_fv*t_tqBjbCDK6W?=~er(r|nU3@PEb7bVUU$2hrhZ(7o=I zMzu&21;^BNi;d`TSb98jKv%ILd3a7Q(F&9M3u|R**Z9|i%iiTh|FS>H#j+Iqf@A7= zi1Nu+Y;4El-efxJ4F?sNwqRSuFlU><4)%&bjPdVW46eJ=&R|@u6RK{MX}GAya*NCo zL>RZ<^|}>_P!+VTVwf)oUc2W^oO*>&e?1yp52xpogmj&M^wOi){%~qH*MI)L`tw)& z_NE5D2a_cNuRB99-MfD z{q}`MjZAERQIwH}%jt;`iMjLauswNGpkXD5?yJ1&=1g6)b8$VM^hQ31rM!15Q7KDX zQ5*S&1kWuy5hFOz6fH$GV6{_|&~99JYev$~eq0l6l=C$5x4l26mxJr8Nd`ZZ3dXH% z`5_K;EN6i{I>hF6zpLwM|LS#bJedv$-RX6|@RqxOK!dt{cD1hX`)z|;M2Kakca-re z`P!E~gLl2rsNd~PFZyG>@?We^Qp;t!Rb&&t!W6OGrwtc-bU~0ZmT0n%mxD=f`hL`( z^s-GQHA>c~mJeju9*^G-MtbUJqRZ^|F7&)ROezjTGW`U*vLBrIyn>!(wAXYQFG4!i ztTTOo)gJdd)Ase`&GdTQ8|hRtwaSw1;19GRABrKJp}{CoRrhN6{tM`jlAB8LfsnJm z8ZUHTeI8yYj(AmmNcL16P>clG(kt_ae? z=%umUSge*AHeUwqbl9pQyuBe42xmFW(G-mwZ!Gs6BGx>me#WZQxYxNJ^`_&u{o(Xo zZ`408vpIKs0e@!)2QOPcpB^8-JU#sR5FIyvdI{%0nJ3Mchj5OLkKoMw|Kp>dk6#`h z2KKs!ha5`SrTde^11_cIS_2@ArwnoxNa3E#3aO)QC&B&CmiG_k%SZ z%sbrF-5&P4mRHW*C&X`XJ(&*9r-H%$G7@1W8AFP3Ab%h@BzP4_qFzb2q)4T0ci!}- z@7trx3M`w%><*Gu2O3LMcIJ%R@A_A-Hyjtg^)bA)oP}2jiQeR5GXxN|E6&suoKbLX z$bXTAZ_cT$VuzHy29>+K=40^cy7RUd`Z8#+NZppgGZrnCM_H2N%2e~&sdDe@yw~lG z+LK;)I)9!FM!k}qh*~^I-XAO9BjIL41gbZ=h<^mL{Xx1O2&l3QluesNH(X+^Ah{1a zk&DrA)W2+x{@4L#1eq2=1|1)9rq9Q1)a&*~z0PF%s@-{eJ$yji)*iZC+tdn%t@}zV zz^_Lm7IG+9Y5Lv3OQ-bVP0otzPj^01N;`|B1b>{*swk9lCD$y#QQ@u@*W>nU^)Xd2 zxHpz#_B~LWVQkm*2z6|{Hm|)@@YQnNilL~L|KJjC8Jyalr;6QF5+?>lkCP63jnSbL zmvFK$Z^QAl_j~8!y4#B#V#*%@^L`jnC%oQA!(N+c7}&%5-BSCn>~tErx0!v$8@4BJ zrhmgx@4Wwe)>>iCO3$uQZ#=lTX1ls^uQRynmfyX{8ia@Kb#RjpJEm$^b<}KTYD1Up z-=~7N)^FE6e|vB};tn{M{j2Lqh7WfphAa4S7}=tKTO)GcUGp1(mzJ}pNQG|e_&6Ki zZo7Z+MQz!D}KR=f6^6 zcl>iEcJF(=w`uJBx7D$GkI;>To&QRO-N{iVcIW+zUVz)C>iM~oaeFNRx|5%KLjmfO z<9ldGosW9sH&cIOma~-R@K=MNIYHiX1Sw)msDNv>T0PQN1gGF{z&o1X7p_{p?_YHX z@3S?Qysj{(hWD0Z;yYheDcqCawDrKtlaqXT0nkO;?3D1_$aXN^;*tKNO5{(3DT+&9Kv~A*h(C)r#Uv+xjaCPAe zAFwv$ z7suM=iZxq*^24}FUV~k93){Cm32r!ycT41iO|vN7?AlxK5jrNoj*mT{OB8|z6fPE) zvk*!are2T$Aw*I|_@~jwvtNn@$>y=#Pxq5;si2 zon_kqvT)tNg`Ni{Z`xObNV^2kOGkwSfMS3g&*y(O*BDrq#-2ATFf>^p#`$XxnSACX z9h_Bs4#3=o3t(d8F%PLFyhQ*y_W;i4$e;i_fG#Z$%+M0vT9_m+g8pz&)gxRd`jSIZ zn5U$F>U?Rs9$n<>g_SYnP2?;*8LjX&N4zz8v`pQWl-l%H-SOah)aeOF110xVEBKLT z#E4G>L?j5j)8E+);>D_aB_~?vuX9#KaYRZK&09b-xad=nc**$!Ci9f6^igUtw)K_& zvjY~qZiH+EJ=6%UCDi%g@a(fu=>581p&=K4XP&82jt_Bc&x6`*uc63r_s!3Q2M80E z$IpX)w^LarvdZj^$l&Utf7P45YhU!c?aUFAG-e(#?8b5jj%_)J-HUk#ZOeojU(pRh zUu_unF!mw4%<Wn5HgUw8Yxt4?ovJ?a-kK@YTOEF6Dqyw?}k*WuZ`4m-chlo2fZhEJL?6^&GM zvu2Qdbo$+MOjb}U^{(2NJ?2z17+tmt(lZNg;Yq=6K2NL_!fP#Z?3yOKj5eM0FMEUQ z!kc2bh3bA`K2>;svSq+7fnb4{l8hZkuiEA1ZZ^M(3Y0$ZX`)1l zIHMfv-gr2;8uzBXtIp_;;iNq7+gRTcnFWN4hCFOes0g5s6cGp7Q+@yy1{IlF<_qxL z-;n4b1V#JZD9%yFnONuxm&;`pFs&wVigc)2e>RViv4&$ek2|1<@iMm5ICrFDZD1iq9f$mmH|ERAD~r#%4`?T_AYX5 zeD8OmpfHLnG;B6F(b#NQKhoCfa!5F4Z5Ms{M2mZ_$Dal-U-3u+Rg{}U%LX->2?Dx% zAiwPyKV)lY%?!%UT66FmeaQ9H<9s6C{dfUtH6_27?MNE5-<4ZvTV~0=JS8EEDu^a9 zLsTrD#jOm|Jzr4p+;V7t4F3g4AA0G#?k(}!X7pKm$m9o8Sy=rCXq7P)r36W5iHsXh zW$E{&q8W#*B#5qw!;cC4&fcMCw+O7DiGW2}WXJq@{*)lkAHcI;K;Y;nN5V`_y*Rpd z)?^8Q>V`Pr)}UBfFRzPUyW1O0&j%M5gZJCJ$Wralebl??wa2|$oJg#afi_#gi2@N6 zgBMzG)%x9_t3^${F_>G(HZ?l}=vqOJtsLLi-#IuG^CZ0H#oVL9Zy&SmCGPc#*A$YvOn%8s5!pmVfzX&9?J+V>- z|GfTufqCS0xU15T%Pf?ihg=6enTuS8TPPX14sKur6-0_6sD~Tu|`bMozkdzt+6~&A3ANrDH?SyHdn+jO!&^Ny>aRm}2|XdRY01hHAxLByLqY z*hFJwBZFeWE-Su0d!k}Ffth|P(;me(;y1nprV(Clw>3DQ`;tarknm0Ab`&S~3TuC$ zMX65=WNA^iE>{`r=kgc5NODi_{?WdGt3#V`rhi24e;^{_B= zmB?zN*=#mXkB`~E&1O^nw|RPW`d#bzMqz(yxmKJD<C3c`=u2gSlb?msq#{q5#))DO6-Q#M=#*In_`L zI|q>B)&Kq|_-~3I7YP6FL<&#wv3)nXGjjo_$&5=j-C5SoK z_J??$_S>yvHdbDJjvdOKTa~5mptsU=_YTeK&~@wiD1Kbhm90fYeD7m(fG|zIz;vE` zL4_C00C+GHj{W!>?{<-BlA@24AGt*s%inC|n2<UZBGiI*GC4XyyzX8Q# zN_=JQZvZK_UVu0fVnlpaHH`N0smP%7Z~#G-x{aY(pFtZs1|oT)fsb0kxcH=k4`jUZ zMMa9C9+%I=^jL{$5k%wIf_iZk#v4^(ESNYVNJ;ZXCgLZ$AyytYnHF3)*rP1Qm~^%z zezUx8{Ax;*$i7DR<_&ySs~D^LR?^{|#S%{#Sg}0h;D?$1;ipBjSN$aCCU{uVi&$to?^&pqjdHfxt=g7##43M$?n#aWH;SJ7KKnUs8nx zYH=Fy`?+!5c###DJz;goi@}jWJovE=7wDH}O@ZrygqpwMod)Mk;2_@qh7Vipr{UFh zfai17cNXpPHgNE5HGf*FG9IE4!q{SI=5`(fv0O?vHu-_196hY zgjTU=KJkv4g~(SL5l5wY>HN+GGs@LP+8ea`(7mF{4Z0WjhaLMSB31-D1|FJi$U`alp#POSP?mdps**@SBmX`-`|q>j zEoJD{1+m@@#%XN7aKwMpvIV-9EMGQUq(FfcM&pUi#WjmX7z7vd(ffuMCl$q*Wk;qN zhh^|?Olc66Cmiey0mw^+o~lAj@@A9qk*ZIQDYdZuMhJor--yU)d{n<-Rs%(EPO;4v z*VdJnJ4)16D*LTNW$;-^TnNg0G&TMo_`e6w>6$nuzH|N#Hg8w((tkK&*x3JOj^ucoxJ*{Z}~vmxwO0={*C_UiT(Hg5kCQzrlF&Bk1-ndXwId zU@&Cay<_+fVd<2}Dhc$2ATL&B`)h!7yD}9HD;K6;xX{|7+V%nFcXvlDihS1j&$Bf1 zJa7E);wd!u7Voj-|aeDhi z2FK0gTwOGyc=%bhK>L%T%=)}@!l&0ghVmohkBO^n3PsRipnI-4TBBR3i z^i7db2Z`%t(5_#P`aTj&4VbQp^{-5|&>v5q5MLS(;5C2!hM6FF`c&jtI!W}Ph$z8x z9R9>UWGSzOjTa#b-!K)GkltXAf~Ty9OYBiuek<=JRo#gQmaa8jDrG==@>yPcO_#`_ z%-CwG78vDy)#9OjlW6&+ilb((EGH8`d8_k1U>S`-m`Nf!=zsp(c=Q6qd9=P1KZGZV z0Wa-2T&{m_@ge<-Qqh)T2Vu?V2Vvcqw{Q^JEeNyb!4(4j+QD+LEK!`_C~mN(ydA2w z7Yb==AJ}qux(mypzL70j4)u+Q^HTJK5r+927W!Fi$a3WGS@0oQkPY#k{Qz6}Cqaw*vwE920;(!j)??JLWxJ zgFEO@utd-W=6dC-n(}3}i!F!7kv#>F!AwcCXrkGAap3ysA285Cw-P>hQJbF1G_C^6 zjhp+)_;8c)sd5s1GZPU=+R0IWE2MMo z{EUA$cH-SoPy1r#9!Q2o)(PaW0x z-&*MI5l=0K-&aqwObU7H)e4gP$4sOE#XX%Mxj&%TW$7{=KfOX!ziqm~HN^(@w_mgj z(JHS)Vte1>$m`8FpLKRrHhFv%^r#@UN=|=(L^I#+I4=lv)n`as9A(zXw>!oZQ)tT~ zCh)>KX|_P^|IGeF*w03p;=Q%Yl0&of@W?Tlfvxd>4rc#RE7iVf&F7!5b>?Jf;yZcA zyh9Xrv!tfm`UY9vgSVEm@D2h)^Vs^!au)9nAKm(@!E;Zsa3mh>z99$SZ;*njYxIAQ zgH{n{-!fI0&8W1ZwPOMaNbYH+RM;LJu{f4{YEc%E@39lhM{-ZA(#I>Ghgjdn(M%S# zcCuwsH}_4BJG*1&9e5Pd^<$hL3H-i63I)54M@N|euWy$k2XF=*6FbO!kI9XV;UipL z^r-IXCJe@-H#z80{)Xweb_^R@D`bE2Y%Gs=_Q{BT!!+~1*cbS&Yk4=1mtYAjzhP?0 z36HqR^U;z`jqW!{KZ0CLsP~wiM$;&M%XIQQ^!RM(3GBXQ>X^6CF_8Iq2^1js4b$lH zo&z)K<4?va;)PgoJpoaj(UP2Io)Ox=gI>^*31;^pkNgNc3>=)q$z_R$JaC5yVpj+)g3JcX3hXnA z-@=bdCi4#dbB^&ZGa-%4_u$U5Z7@TCQ#L?n zv8#ql%R~d>E}?_WQJ7v?qE|4?EWsOiCZ|_>mh3`aC{%TW>fnKg%_eyEsiv$_I|DUJ z)~NQ60)dQxgn2OM(DpPyb0ZigMzyQVi}4`iDK?ecYoYKK#!!M*a`b;TNbjN^`1q{% zF`aS7SjqT()epZ1YG!vi3sV$f8<*Un%-$GjawO#LmkKpo zVgI=U;(Zpv6`lc`aDJAMF5qXZ#pzqw;C&A~i$(E+wgo*F*DttGtEZ!}k*s=Piv8!E z<(T;HmzQ7vzE2a2IX5J3WS;45ZRIHwAecW%*_y&>L)(@TUI~BM`~+m=4F695_cr^ z*74EN@yXG5&BLQ+>*zbsEZo8d&)TDqeAnE#ExB`F$Rj5k<%DL5z0{wg=@AxrI$zs1 zOTT^g3$Pr+UYmai)DrxY$i5ua3qo(^R251kY6s{HAzgZYbs0^UeNYvj_+mm+gMEuC zLDzcM@{6*GC=Ln_GTDJHoLRO-E#x)Y!+wx6)oZ+g9;i8p-eGcMIg7^4PhP{q2e+-- z3-H`SE0#uiJf=p#iAYbsIF;rw)CIp!JYbAmisAqq`M;n@=a zeC|18DP1FWWAe`llXst`(!qy0y`KPJ!x^%@v-k`^&1(i;t*~>!3j53!=ej!<18Uw` zbeZBF-h_WxjN(67_BI`uMACUBOz1e6vXv|VEW9`?(2mfG=OW`wH>C|5dR{!H!Rt== z_Dr-MDC=ZoFAj>+aBL{2gI|n5XMyx30jPr|_Gr-6L>=~CTmkD0NANfJu*MWAL+xAjdpQyaZu*Z27e~Nk!Q%0cBWVLetel0Mu~n^T0|X^*F6a zWpy?i|Epry1|Nq$%9*HX6?Stq>)a;nfYcd9JUZTSgVk(f^vK$Flx+ z(ma1W-Rpn5cr@FgA;IR_pke-3g*vD%*$6mAtSB!3x2<4}=LIgIt6t?p3v?~Xd9|qd zL^~_!Zl)1bR0u+}17sThcJmB8`}7G={HuqZl7scnKhGkWP#5Gw{hxmxjQ+*uf1u{o z{kP?%K<@lMJe21DY3t>F|F@Gzn$-cJJ4`{7QOtVrduk`BE64eznk-Op-shR*yluwl zXW;KAqUN2^X$hESdhcYaE1xR!-^Jz%I~K)cEAzi~df1ZZ|IzWulX#VI88c?83f@}| zMdTLRXP~tTH|7R`E}HNYmNSz9mQe!M;geLBi2*Z{-j*E!472=}5CH*6lMR?H5wqM8 zi|fZD)@r6UKm0+??OBscm@|Jl!KQTzP7-K#(FyF~ zIlW}b@Gq>DMOBEu9$fY=FZ!2#^%#`}t8rq{G9`kpVAwBNMdf83k-mS|9!@U@SN+Lg zq^E{pw$N6dyczYzZw41?V&>vVmjroBY*!hR242&1%SO2!99&O^*Ci;J(?*^vQdL^p zblF)V<7PMp@X5^HG{N;G)j zAew^X%>ZqpyE9w`__?x^n7ENqPo{(^(kD`~8FH)IEiT>S$hzkcW&lvFLpV zI~09P`2V@Yy0vVyKxRT^E2`{{laQ-vy)qDa0ng}JWa@a%_sr z`MOp_v$DQq6GcwA7(}jy2Y#Je&f*Y)k_I;+|La*YUXKfFUsx>aT4|pL!@Ku>MTDQdG z0B+5{5(^hRB1krnIwmM}EFfMxEY+3li&t6&AP-c0m@gZIc6p7h#4sq#$>lnqwkd1e z83Z3Qg$q~4L4j}1b!*(9QgJ~uEbu)6@CW)`~yISgIrZQ1#c>kf|~Mk zX7cvim(7#+i|T)jQ}lYsHW2d5e)o(=D2m_phn?^pLC_pH z_WcNBc3AA)dlapruWP66U3-WLa_+)C@?W)``zLenHNk6F@x?=!F84yni#qihfA;EKt1y`v9vUaGoLI;1rLi|KHsHjI~Z}!6__)nH-hy98U9GAm{UYnmcx2|29UY%X+kmomb_#LKmjUC zu>=FV+#RwOOLpV9`2>JF%Qg*2%+P<7-RAmwk4Ov3f6Fu~27f9L|Fd;^BJ2N$FORd^ zoh1VS%CiBX5&;3LlN6%zf91)MbpHGD=yZSnyOT$nF9fYHMem74kt+Iw@VOB(LeX;C zU=h%Dz4-D@H)5xa+{gp&-0eYfc+;j>9=RArFOhYDV5VYSv*Ze4jTQVjUXukn1FiVY zwF7UVW%Ct|zYnfhiXd{cBgiQVB<#c(|0w~hq;&NtqJ_cL(jg7`e+$d8XeSk%KaQpt zit@Vm!LIv-1s~RQ0DdJteyx5GjQ`9f*sOp01fDiJOGs#=?YaSHi~g}iMlAxXj+CDr zE58avl|Q~df_|cw?ERYvWiJl*a5T8=P2Tjb$J23d^sYCW_O80aLH}wZxh8Ak$OAE& z=v#EJ2q_PWT>X+lf5D|8FfTG;o#Wv|>L|!`8O0k(bC%!PfODv|LY@I_bf8!>W@yU7c?2Vp1W(&o|RBOJvO=7>P zi2TXN ze5xHv9}Wk1zJx7)hR#`@DC8Y8X5-j zyi07N=s0zRpvjJy2M!AWoyTxN$N=U=#@i9!T!mCEQUBAYcvNEhSa7TU!y0*1j2)ga z%OXNVVG%MBvHn5{$|U@2A`nN1jpl1Be`Kee{Bd8H+w%U|(o<~x_u$HYu=wB2lcQAp z@1xfK{AVYRB$<3dEB0yr>m9}a_M3V<@xNKedHnBZ?7Zby4?FT`J^O;g0T!MAx5%s$ z#N3%mM*+;6|EEW?{pa}bbRYk9C(kEkQV>S(5hu4o94Ja{C>^3mfg-1+!vzX0e?E?o zfr*Ks7Zj=iBhm0`<;M=RuY&WRJHuCu0G&PmTg~H?|KH)um;3xrJ9!G-mlQ+*Cb^d) z37kU*UXL#FO0t=F30*ge0P5w(j>2m*IAscIZW@~ux^7y~K-b+=z-&Vy$-l{}8pFbo zw-uGE#3EIJ!FLWKQ#-!oE4<)Wf4(+{TJ`p?3Nl4-C88Vuu8wU2<~ETvkqZf3A%}`6 z%WtbAu7JNy^n*a$BJPP-)e)B=Zxd_e+*$-X@~Ed?SI1t}!Zv#liLWX8ND*Rr;dwdKVnI6P7IN&9)DW=>VcGjkc zX1`GP(6FES^H#K-2klvSa_J#;*Yw{vkQiBQZk22ht+1o(n(pfcMANso)ddTi>cuMc zeuITd)y6hE!FNrnZm7O&f4V!%?TYU2!oizj0|ToS|1O4lqJB~2KDV9bp`POQKg&S% zAcy|8&;L&4_)o{jM|=C8j%#-B{ zaC$5^|Eu``=FI=2bpFR9|MPzS@8AjMKXgp+Ty*e*3*^uj$#>lNf6hOYkKs`=FaM5( zKw1V0PIBp+mQoq*)k+QMY_XzmuF!Q(b*K{k=!E4;j*rU8GsKhLy8(fCNE9)|n^dOu zBnm&`I~jVV**sE(Ug57(%R{JAvg|Mo^pO%c3=hdm`88%3 zoz4k%C~{0W6T8@ve|b+7&jDk7(^h(&VUZkKq5g@3>1AUS zAw1;yV!b_|TaHEVlh{Zf{Rzo(uME@MIUPJ|tq@+*F*2}Ye|k!=eCx*Nvk^29UN%Wq zS8_^`7PWFF)x#_7pf5qSEA*7o|AGiR+m8SA@}(UA-~a98QP0s!PH4SQ2ntjT z#WYR;`I191NyAY*6jNTsVxgGA=%kUV!i(Omk!+ z0x2@b!EGw0*^QAw5Ct#zy}YnFVK_G%OR;g1_t7LD2>EIkaq0>k)#< z8JH{)cox@q1}qPFhyscu_rPZYkY^1rWV08nSzvYGVL+FV0=h&%7`gD=9~jU9YsdPq zM)p0hfBYF~&F_J~)ByvpEN21c1g`*HT3+a>(x^%EbSt6qMY3*X1+B-@NQ9khN)VP% z@t&tRcq&%3rPZ`9FQxP zIc)xU00yinlmu%RI{-mr3I1n^>=jtM3j$5_e?LEhIVLRAJp=^B>p=wAFWvB#2QD`2 z1oq0d`AV@xDiAXQSyaU&}ZQIuql4y#Z$M2tD%`eXK97qTHi7|r|VsS zjNc9#M@2-W{Kukb<;m$FSbhb}B26(ox$z)TDBNTuJ0ulMv0*$A!39-wCP4LzAN&Bm zpA5Q#Gq8d;2)MWZ34S<8;LJ3ZuH{RtfAF;`(?i&hFpmWwEXe}+wt)#a8rJo&AsP4bKF+vU-ZNC2G!;czkW!EXhck z71H@s3RhLNtH(00AuG(*Qm)U{+9;M0Mw6~0v+adJl4KRAxpAvn0$Wvc(v$#`f6?uX zR5ZnU6G7n;%hR+Gd_7A5k{8SrtmqW(u>3HK>OdrJ#=3PKWUcKWU*XWUAY>L%bwa%? zJq*5iz;jTQ$D8XEm%hG{T95QghX1VmIzw*qx`pH*xFB|rDo7ACeK{XI8Nus~0+HInY~m=&yHfZI)jUgUS~3W)4RBwzH47x z_r^NW7j~0hxwo7}gQ4J!f5P9I1=F^XLEj*I#lJqL-oNejhSN8Fe^wTz> zKP&G)SEuBIw0n=D)sWziT4oD};mu?+oDN5W-~Y&+N+Q%Hr7rvHnxwMXg`oX1Q`axF zbR8a3gQlC|LTA`xC*`+pcza?ptC^Wf9Van{}DW8&{>2Z z<$=eo4q1O=b%X9h`=xdQ_~m#Tnv&Xm!NCuJ+bEU@QhRAEk#WOM7jB_#napGxpEEE^ zxrLuM$crudxmS~e<0=foVTzvPdhE7Hp+$(I`S zTs(z@t|dW}vtA~_e=^VnQ*2=S3`{!1yxoEn!A~rkv8{?~X*MS*`?gql3)vt`orQ~S zQ*8U%S?q)AKf=q0YZ(TvRKj6J=v-B;P351T`(*XYc#53==V$oLe)9ak4x94%fAe%7 z|7SPP1{;CL=sJ*fP3em{BoB`(6;ABx1yQxkrIuRJ88{6_f4(eG{eVBufqyTjAJe0g z|A^Z4HMQ)`y}xqh|I4F8+5flI+~Y@bSiU(2zc*_pF5!{0Ln@juq zD4HtZ>*G;>rCJ0EEfTb(zeeu0G8U{QH{A&uV5=h zJ#6y4JR>pk+^^Qg4WfGI4qsNySeb|Od?TaHoT8+=(UoP$3?_qf4RB%*OSCYfAXvenk)(Ome@AW zz+qFYZd**6d7>Cpy+4@F7p#&WSiVg>)=qYO3=p%`PR{_MW*_nZ;B#-Nzpy9Y{?E6n}mm>hmvza-jmhKMnpYk8b`4mVQix^WUl|z;oh%9JLN* z{r~Xvz!A+Mnw`2jDTJv;@`;4MxBSPr!UlxJ>(D5p^9jzkk%s67A?H>;BPfEZ1+wsM&p+Cwyf712* z-i1ex(IhB(^e9Ie44?D?WUJr-Wd42aSS>Ae)Tf%@Tk^?KV7I|V@A%Ga(WA+t7wmNE zi@)7_CycuajKqP3LFvzgwO4Q+$Sa|hf1H1md7LjD_UE}J6hBJW3}%so^@lisj_#Vi z%Byb9GLNn|pG{@%o~IA8qZXCdf6%L3QO#oeUiw(Oy8aQFU39OV5RqBYUufC3J?f2}lV?AGr} zgT&qoYyW7^e-?(zwB=3wKEfyG{P(zZd@P^;?DK!@=uum)Lh9@CdlYi~SkGoGi(IJg zgkSkj#zbe}Zze{*XQ9}6gmilEYd7q;D6k}X0IuoM|7P%GB+Hp&vI;_0dx5Rwdoa6a z5mH#A4fZa8Xd%f_WpPxj9ieFBN{jp%`GPg7{kBuP%?LxZG%~e0Wuo_e~e3Bh8-{gZ;98o z$xnE|Eg~~WEsl5)!rnr}1N<&yIP~V4`2BH-W$=E{wabAAsGU7Y5Wv8z6(WWO?J08T z)L($7%TWL3u69-wUR=s@5<>|H;Ij$A_LC>%|hRAh|)r*Xeu?V&eiS za4>+21wjkWNW9w-e++CGYXat&@bLV+8x6oihIxP>16jAoWapmNYK2S-Qe^wQ8{z#u zpjaY!*p&u&&yO}mG!vg51&AP|z$07V+o`-Y%dr(VE@mkn8x<%w3 ztSo0u5g)>YH91>|P9sEu!H<5&tjXKS5yNqQsMtn+DpiAgX^SPnfse#Z?@t$l=# zFXGYafB%8AE~FG1OJvr4nOhGQ^X=w;Zyle?{$IyOhx`1`J9%XNpOamc+c$EIwoGI| zQlLn~gx-=ZOJ2Fs(YB+K!?~JeBj|Br(x);ek%QG#z+B;aRia|TIy@f=25PNZZ2lCCeL>~8yHe4x$2obeGjPzSf4Yu+!xEJC8h?5|kNjQt8)}^U3Si?k zqM)WIR*PZ&B>CwV`ulTF+pRr$@;{wsMLo8Jc%m;b^&z>-Tqp8P*)$@hOxPg{q3`M--=Az zj91Gct!&RI{{ubgq z|8JgX*I!A3n1^h2VONd?UgSZgg}PyQ4rmz2^OzlNo<%^>APk5szXGyUa`p zKz5^7Jvn5g<#lpEcNHNs@~;3 zdHSD&=p80EezDT~{_x55|7fN1e;yt0?|<&(`3m>{ilb`<6Ys47UyU^&Aa6$`ul_tx zSNPks4CKjw`7mX*wy71x0@%*||C8gC|6i-Q-~aFA`6hqle}#(8>QOE-W-xmgmpDdJy2&Mx-7@mfep0Z=M{tQu6&J)Q9yTlicy~QD|0y zWPvEpaQJ_d|N0A@``=Zb|67g!dVJE7=l}7^KK|2gp54#?h@l8tSRUmWZyGm0c?}E4 z3A5ip+cF`woW*-C3_4;WafQr?7*+`Ka2o)@&XYi-u=yOu&#q1Zf|` zbZGsBg9$gZlC_P5`~=vIQu%;?gIZ_QYfpN$A3=ZZdf4^<0&$L2=vuD{Uc0;`bX`yS z8jKwOe%lhi#%U(~Z*eaYAUp%Res6!M1!0pcfxwQYw{o~p=F<0j& zm%qF4eGlKix0k<~?|Xl}TiNhk^W^Z4zph5+`^&%HuiUHO{v7==Iv@Rt7Vg!kXCF;k zqw}ll*7du|`PJ-y_0R0vWv|tH|GRzl|FQSx{Y~pyzxesPuR_=C^K96sNi%eyeJ=NR zJEW!1i3|k_+@RP>BI;PiveTx(^V)wO4YuVeb4vmHd=9&@H7qSjOJ7NAK-aBu^Rj+< z+A7md)p!lBFP&!V>{Y!~yS;2(?ip1BUmd)93*R2TJb!n8)kn?4&3)5;-}v$hzO9+% z_sz4n@X~(Qw64CKmJiGC@6I6PJbLvCULT&n85oZKw(mej|J~mHo6Ez)`t{*nvvjuC zYWDYocoSI(^N)y?JL3Ta{OP=*wRJ>hM+5sGU{OW&NUYWK6A_ zRyp6_w%#{?4_{t=xok8m#yfQMst*VKH}&S#>rTzx(`#opugmt`>l;$(ynJUSw|;tEbKZ}(_gmI~b@i;eS87;S$MuGL-K?3W{%a@lImt}I-y6o5AU!T54gZ}xO zceY)Bd-mm|N~-l*ea|ot_fAdw_)Yn^a(-l%FH5#-lax`;f4O}3X5;Mo)$p>}KRtc->UF1i_3Cx0R(d};95rfmpQdFI<(Dy zM&%Z_npfuA1}&YL{nN`Mw`Q1EcgWfuU5)4sdfPWoFVE`rmsj;x^AZ|mbMw?Xy*WQP z``W3Pr1|dh4jo>Vn}frn{p<3HQQIDNj^0-~*rl*_b*R^F*3Vnp@2<+1UyQp~b>q%>%>KuQ!g*FJHZBTwb}IU2+TG9$Jm^+2!TY#_+7vfAzk4d}F+Pf7h&kzN)=F zxT>F3FJHBejJMF*t2bVr-krVMyK1~O_uhZGJgb-LU)~;G4d0hGN{!l8>Ahuo^;-XK zA3ra>J?g(d{c_kpe`i>Y%fn5hby(G}OLuQdmj`w0lISmA-Muxh25-LXy?#?R_Rf#W z@UnJgq2}e@Ny$BFeR(x#zN?>q*5B6OG|E@B@vimy>Wf}J{jyhWR$twn)=Jy^Sjgad zYom5tJ3DNd^;h+4^We>8{ZPp6((5!mfdF&V(Ga5>WkqERs#q#1Hc+kGMY>COz!|Z` zy6)luBAy#Wz}UzF`ac`U&G}5m|2%}32-ALNN)G2Yv+ z5swL(v1w-mVMS;aoZIlLm$rddpqXD{BZyd=c7mF!wXv)dQlB=``GRy;i2|NVXjFsX zXZO#2KQqmL8FXsN`~UJ*!vE*`M(+RfVV<=4pQ0MX-|thLrqHzyZP>vk53^X@y*Tz) z*Wyb^fhI-{m9tK#xOiKC2sZm#T+WP59nlY(Iu|tUK2*a|MI_mU9MU{y@f4Db@qk8h zDq)dll4&f7XHn#Wr&Eiyu0saz;lO;x4+=E!-M>Idxf6o69gDvloM*5~#9{Z3 zQ2klXb35p(haF@9tzjb_cSisMzMBt{6}5>R@{@*FU}-}up2?4Y!YOag!r!4L?F?mP zvnqlWrzB4NJm(9Fq%ZPnXJtA9qvfQ~SV_>B{^z{&f1>>Nulnac{hcKLE7h%P{QiHv zQqApuALNORciG#@sc&*ENTi7`3V$hqC&A8(>?@cc6_Y@d?uleH+;kb8BIFWeDx&T| z;b);xSb4JY1e~3JH)}g!MMS~u64N9%*y@3OL1&$q2-wJx8&wh7m00G;kF?7JfkH}g z&q9VDE0z@}8w$c13c3ioo`ZOd%#ny5Y7rN75P*h(3?Avy8u>XX=!|@IG+&*!9Bii^`z0!gu_0CfG9vsORlr#3=gg&H%h!C-V;aPf+#`PS_AU77(`^aFW zWq( z)r%FohK87b$DMslJ(a>F5hQ&8?L~%EjFu>&OQOubPUBKj;Wd*V)J2v%B&Ih&x(V?h z`*Zju2u++eJlRjVY-I5TjAzVZjrCLTWkSiH0+KB1%Lp0&{_ja085>sPrx&_)k;NB^ z%xMPEfUx}q9Xs>nJPOkN>?r|lJF`hl#-grgPHa?vO4}#5bHd13c0)Ts*0gcw5bF!+ zgyaW5etQ3SE}=R!vDM2Wo$R^f=l|uN}qrhl>jr4>jB;YJi*&OvVd+PXfXf_ z!*r{E;06H;F@)JiK%5GV7}|8ufD94O44n>JnVnHcH+V|1r6ZQPkIVt^EFKr#Gy(g+ zBd|FI*aB`Jy5OtQvd_|6I&kfXmI92@tqK}^XyjVwKHEL9h*uUF5lQa?a!RvJv138AEd+>vKXlsI zP{)X0TeDR^J2-!Pmd(?#qCBIpgWAQ(`TNt_Su?e?IcJq$&C&V!(MhendvS4cyuaH# zK0j;k*J}s0v*z*cNh4WfFo@TDlbvfM0vaWmzu!JNKWd-UE^8-a*`J({Ch47^Au_@D z(5nTuxYn%n15bI%Q;(U<&@{3@r8KOk|i#XRf$UjMXL!t7ba9YDy2e2bVOz}+s!xo zNY)521%w~DKofM34n2zatrOeBlWxj2)!#HyRM)d~ksZ4uU-5tfw~wi;qUi4&)w`}6 zY?_gBZ0NWcn&t=)2XsAu_6N2wdxh^1=s=1LKrDVjVLON-OGk`8w~r_SF+A{u-@3Vd zgdL&wfZb71`R+GZdREHZJ7wFt%{*TG?)W)-4zW>?-Ee%Nn#rltlvidu#3ed0cR+Lh zV#S}>%1l&^=;X`jmSaxf&u?6Tf8f)QcXVLiqb?bMx;)ka2dK+`2L`eDX;*M3p`+Nw z5r?Pk$pac*s9$DSWJ*^jE)9#ZOUR}6R8O47#Hz5un+rjIoJ(T+f~}rsLMKVH=tk3X z_?S<9j=e6WaxR)GPrIa&ob z2wj__Pb)E&u#Q|Be_b>)u_mOhI3h{q;bbOFC|~y+2U)X!Gm)dP19D>>&)&Bdx^)|V z{w5xza%JI`1r(mf4t&%H8U_}N>cyC@n^@P_K_N+L*~bU-v#Mp^FQZ!a&tj8WHn#XG zYkC7K0ZtokcyE|dkAbM}V2+Y@1XyHwB;HD2UD(5RsN%$+C}uqW4~o@)hHl+p0h^Hy z){Wt{RJMKL^l)J+Utk8WBs2|5e&d#DCma z&-MQw=E<C#F(&CP3i!eXFNIFI9|_?V*)d}HKO<2&i~$&j`}-&fRYfGPP9 zt75sz+e>&R&VS$Mr{W@Ex%%JLN~Ii+|Gi!*ZRGQR{~?}?X)Uco#!P&fqKIzUraq!5 zP8{%*I1_UOIv5cniD$}*74eK+-ymtJSGnm1FmoQLJSroe#BFCL_eCp29`$lFLtOdW zT3?SY)&EAK56HurFH52zs946aDdB$NQ~2bcp35%P6`kYo|z@bdpYy?(sW#mgrX5$UC03OIs8< zJD{Wz8u3OmP4053RF1xvx>u18-ITYf{qa)?a1cM{@^Aik%^MgT!B4zkNwp|al8?J$ zNjLUOyD}4d9${Xp?4YNxkqr~;6i2t`hJ%NHjFm~_RYkQkU@?Nmxn+(bN1bY`c3s!O z9nVc30??$LYgCD3f?cZ?YjJe2fYdvv%v-1|Zvc@BqL+agucq3x%#@+n)9rM+{Bh9J z?ZP!0No)A|I52D7?7=P?#QL=WuF+_wf?uOi;;xSjY|ll7Ax1aI34)RYIs#gp5Z|MJ zSEe$-yq)Dw-OQokcY#v#eRRVlGJ**(#a5WB+&5wcF1<}0C97Aoi}wY*^BmL=cPrz2 zgQqOWYnV{Yb9wzSnUswA5zLS@5~E`_IU7rmV1eQnp{RYR*09E1?9S)XtQ z3yT$8sfxpUGeVEn^3K&}d&< z1zJI8|E_hgwWjw6!~lgl*xK3>DvxraY3k*1x^D1{`U=*V_GLlDe! z66-%PRZyVJR#&%`U{30jR6Glxn7ZgRhnRL;E4Q>UgQOdCHab!0v28zpwh*Nk4(Y^H z4f?KYAH`9X4`9~%2%2vHF8*QXxF74nJj!Z0;WA5S;7cSyoOFMCT|ip7wXky zlxD$gE<}e0jB_Dn*5}yj zHFz_p>f?CL7xnYYQlFfk z9UdRW4c4+MPA%efYp*73-)hbJ@qVMtMpou{dMeDirh=8v6kI9uF?jiGLf?!4nLuX0 zg=GP?vgLcN{nxb&a@8ebE#VV7wfNdQ*7|l}pL%w9-mabP?w!;Qe->tm_`|oTvAQIM zKd$4U1b;G!+uz-PS-T(V_MzTK(~>t~h}KSzo9&D9gZA#(*?E)Cmxdf`a}zzl?nOk6 zAcaEN;~U(7u4lBBfH&raThCxHKl zl@DGwPQkDYhGB>*>BbB zwX^-~MLLTje!Mb(w{JY;jP{8oj5_o*awbZ?WYGJstW*h~_aMdkuIKi{B`Tw32Yc<=fDn}ggFQEo>;x;~BMsOn)ocN_G4o`C!Ih%L0sqUt-OPs83o>{6z z4AhWD31NQq?E(tuvk>AE(+?gSW>;Q55E-z`U0Enl$bT~@0TciH*|t!B;xo1VpMME6 zAQpDXe@sDOCfNU0);B6~``_|L9{=S*p8K%>o7(VihAeXUor=*ne@?Y-6-&rrjjdi$ zCk`UCsFT53+<%iSB;C$%dPB7b^xHJcN*&`=mciK!mxz-}%pf*qau|e!@cjb`HI}6Q zPoG%CkyeDNp$zw7F@)w0C=cW-syom|O%dI7e+QIHei>4KCR#A}7Nokinq?u4F+r4E zN4$HnrQS&;KJ9?0W!-XD_!wbM8cELl!~~#;1<)8X3zlvtItwCE{`^hR$;|8j z93g-wum9!P`d?k&%+X&2BK3nF)UIl&#yx6lfhn ze@t!mQl7;D!rZPLe{Wv{xI3M%2j9=FV$YrIcX`AWvH6}6yhJL9TBgraLZ&+eNmg>` zN@l93{A5j_jUAw|v8kmb2o!UdrAU#!hy@{D<32m%SZXPX!bvr3)#2wtg-`7!G;8+7 z{h0o#hZ7Ume}WBtvGD(s{eNw4#pC~Pe{7ZW_5UHBn0RHqt%x^%qo>} z4kU~hQ~q9B|4*F%{$YE82Qr&W1WcO$TU+t@U#)Iz=JWp{p2QWk=VHZ(f4xIr z!BZ1i$)s$?Jp-lqyw09hk*l3zm`ASLLKS{@KJ5qvwUvmMP|a^N;Pa3>ESFwWvDM?wR3nrEn;6;@s3vRv5AXmx1=}IF zqj_9@MxF`tzr3FC|5srmA)o&bfAFO1M)BUiV4a^L2oh(xPIl&r1RfWC2{^+DdqD2L7w}R|MR+OUGgdr#diFxNG&Ak z*fbf3ChOWMO3WPYL8Apke;rkhjn0_e8CFceFX#cFwQZBM$pkkVfs`>jr zbN&+pnFVb195m;tZ}?1@|LdjoQf&U0tL0KY{~zKR?`2GMe{lOSDPbT8{0x7wNz5-` zc3xy1sjBll$friqf6dOSq>AL0j)NiDqg?ghbJjoeUy*O!F0W>lm{-67@v|ZDhai z>qiN36Zuq-dr@9>{E$G(QZZ%YqBxeg1NG~aK&En4NE+pZvLG6$J&}+Dzf7Axt}7LZ z$e!igYg|jm6Mr@xsq*7Rs1Kh;*BDRLf2!J3{>Uc_fB(w`y1>5Ef=%t>{Cj|j=l@%A z{9h?=uIKpwA)eUEDZ72&Un<6YPP5_~4-ajAnCs)WwF~YTmV3(<$GqC48tr(FnKNV^ zRgBR{NfeQ#l@d?561@SK^}r)C19=J28-#g~=%#uu!tJkz*hIZZSapUA&P3hHTWFf( z1{p62f8{6ZYOKu+-uHzcJv~GmY%#oWP#52FJ_MRDYqmplZG0)>52#*9hez~6UnXrG zj#kPmnv|Qbd+b-hjSKYvX@IRr@VFhYxv^2*kU9k?*z#`Gh*>7u0d>#XrMs5A;qh$S zL<3~G(B#pv=-A|;%lL7r{6Jgd(j=l^6~N#BfBZeKIn>XVTluq`XS(&@Atst108G;V zs%|9K|7s<-|9+5Xx$FPKF4|59>P4t3AStI-Vo|OWbFpiO_$vIMCq}VTnZ)7F1hyqk zc>u@`^%~g=%Cm(6fHn>nse*C}w-SkZAdIpNKllj;dKj@pL*#U10*|kwg`!}rs_ra1pAm*W1P z*4Hb!|Az;8VuCp45++OD-&lg9CAdY?%%m9mhZq-FU?Qf_C*5g*AF zp4QFnS7}^b5AI8895KI(|D>rVVXiRzdpud|KX=R?X#Pqc(0m_QkQ>42QNX12zp@qA z|J_(GRr2-!A)YKp4?NmV%prT|4*pr_=iS#e3C(-PevEkhuS=7gXUdka=gyp+S$j2V zaE}Y%JAf|1DK_WJ-7H3?$D&)DY^V~gW&%`M`bKfeMuwY2ZikY-OqbnZ)eq^E&sj-!d()yC z``k65+a=C`7Kx24+Q(hR0s1tFV^lnwudUNpFu9qrGMCa98D&kUdyzZ?n*WL+#rlam z!$7XN2lZ>u-t+Wpy#nZZe(eUO*jP!qIK$${i@rmS|3JB=^_I; zf6zrnL(13X5;<-0lL=+@@*0;+;ly&|(>*qR-9EHPsQ>oVLg1-8veEfW4S5DM5fwm7 z4e~y*O_B<>&Y|@9_!-9jxSLgY#9f70wvcNUIy{Yp0_qYg0vM>IOB+ts>>aRPDXHIL zjx8qBkWK%z!X4eZ4ixJ-jTbZHIuR)Wpckz#08+E%>szyFw3%eMa2grn@2GWUT&>c{XND{U| z!Q3iDd@V=6b|E%B2Q~W+qJ3f-JD^f3#rdRqlZ}8>Fb>qrEP(CXy*sd~m4)JLvI(8B+Z?oO;096)Wq>sBSkHlk~ zXpLPfxR-!&%!{&RGFMVIzH^S8prkP*q&rhq8J%%T5I(BkGscv)hFmkX zywsDP?Ba}0f~WJr48gD^%Oc z>`lsUbkcLynkVhUh0q!ZtG;w z!4@*ovme$DYW3Y_?LhWie<~-JKxSBvBzWqvku2e&etf!Hf4_v1>a~O8dTqbi-rL=O z-MW~%q>Qb1k;cjMS>bh7&Uyv0~>etCRQtG9PAj@z$m?=wo;J-&mD z(ZRbn7f0>Wm#x}p+d}m%>Jszordjg7yc>LZWe%@3@B}pb2psKSe}D@I>)7gn-HT&z zjYh?0A5;DT+L*lnm;!WbBi%&?a0%!j&_@p9TWU;&l8X2uPLo+#JwkdW`kR6dHceT0 z@$ZF&bIlqqOD40TW)Q_OY6I*kWQVd+#J?zhonmAr$_P9+R8p+L=3<%}_idp9R4c*7 z3W~|ER3T?Z4L7*K_~x z5Ayuh`X4jjKdM(qMcqNrO*kTt8@Bs)Fu$O|*vzst#-PQ#e~9OfJs!g|oBY3@_^;JU zT>e)}rQH9=gFL^r{EtQ-ib?T#1oi@wdTuH0E8B!RdD%tzX~wuS5%GkyAfS+z9wEuq z?Lyj(W#SS?jd>(rFX8-r+`^H2tzY7kCI4MSUAorpBhy9>ExPvXVV{C$g8VO)H)Hmn z<*i)*`+=Tsf8W;r0Yg040Tj8Qi%rA?#ESuAi{3{&;GZ>r&ugGAwh++#*<55}L&K_(4l`!HTet;k+YJa z>_L&PlYxEV5GDitqd@_d>YnA|0Xh)6Zu}E>%YR0!Iw7v&MlJN#56UH}gTmiQ&mC3& zrSGsGRK%O8;#dH}5OoVae^x-K@&ip9TWIb2Io&B2E1Sh_zYS?xENYa8FxCM8x)Q7- zJPS1(e_{tFjEt1slN0~o)HKP>gd@pp6)n~etiV`vh)qOC)I|e@Neu78F!E6W ztaY%pMujyiR|N^a6!hTF|5FHPqC@?KmZB|RhzK+7zk>`&?-Ou@T$k+-bkA|vfO;+Y zD(rcSVQL3an^+XR`0J_eIVLF36A=(=ZSAjbe{`t-*x4>^mqdijwVto!NuPx!=)_>T zd9{Ci^UM1IzJo7cL6Ln`65}rT0JOi@TMZP@S2iTTr~d|SA6e?4B;DXC~KoR0peYim#id{6Wa!%%e zI0zWXh1jHkSm34)6&b2S3mAka91)LG5NWePbdLw?;k16}BS)#xAUaL7mpEcI*In?z zMR4$c)dZiO4j?vNvXl5Ch=r75VGmYZS!oi$t;0+c3^C;FUuAHDQ`jYJH5THZf3K&- zm6gw*Khr+nfC0}IoGujnBK*og!BYM%h+B?AfaJhO20#i9vI+3p8PM6oZr|$^Fbp(y>_H&K3Vr6C5 zbdh607Y~s+S_RM${lbSJqm8lwe=`DI>`<5Y8f87nSm@aX+rdQH!JESh30gjN+mr%C z(SpD;bnC7L{ljSEGb37Ug7^L((K@E#Y{V4!AX<|og+0Lbf8L@an-O-nuwx?b#DfBHj%<#A$LUl78?d1R2gpSZ<^9Ka znj-go@rRutINMO1;3lN6c+U@vK0TF*7?IC{^4WIEL@we7OQb7~k2tw9`O3<7aN*Mh zmiBxH2Z-tp=B{6sSM0JLMxJ2pjQLi+7w+M?mqM5K%uC+)mG9uQe{UY^5GD+e7ntyU zp1<>syJEAu%4QkIHn*7aedR?^jW1$~;KL~cAK2=WK&U1$gYHq63<`|QXT^CbljMD7 zyX={p$GN4jiIG>}+v0-s*IqO*otbqiw}ik4ACg6fa7wPgzK9g?Z!MW4T!SP+l<#M4 zHTcYlo0VNta4RslS(u^h@1P+U_-J8)9Z2BzfQxCaO-mOWFS9(~!RK#3=9oBfZc*e6 zky8wfNrcVAtW%SZEjHL!)rltx7fZcV-+|yFs0xU>0CymAudG|vOw8gI#dot5{ymeI z>o5ZcpR1F~>nDHD<&8PkuuN{vE~}#CB*)g{5LuGE<;X3I7^rq@6USYMXWzjYF%Uqq zq{qZ5a9`XCM0bzk(E(d z6L*yoAHi}c$y*M$Y>)PP&_y?JvnJgDRZGx1my9vp3oxo9k2$3o;Su&egDrD%aH$g%GM zlT>SkNArIygtvTd>Atbz!lNtX7B7>lp)6YF5}&1T%Z6@$(NX1-<8zCbxr`#0`FsbT zKWJ;(r-f!>pHO$%++t<&%dKS;yR3(CD{9?q5*?ZoxfkJLE-9sacfRc@f|3RbfsGhXc$6E&g~;0tMpm-z|TT! z;y7-_Vh~SR#dok9WR$i~kBMjZ#Vxr2)ID>?JD**Cc@Ic8&JtN7;Gv3UCwM6jYqMvX z^X-4C$H}d^m^F@D=;t$QDcp)gT3-xGs8XJoCeq!2Y0zZYhGPl;l5wh=YMH+f=AR#h zEJMl*ZrQ}}<8jZ=IE7mfe7FdTOud~Jaqic`Gsyz6kpo@gtaVJ%SsOs=B4_PD)g4@e zHZBf~CpIypx?`v+)|~5Ll$?|`u@8l6Tn7n#ElT2S^G|gQOm#9u4l+Pzq%v|z&q8Zr zj9W^$`+3I~A6ryyr;t%?S$11`nFB;9!cyIVHUeKrXU+;|C2xV9PmEilVf96LmgIld z<6u)j-U8eTwryQECbw1g~n-%+uIRl*8U7Kq?xFDajBj>8fKVtQlY{;P}#?h3*qm z{YWi%zLmx;+~qbaH_&nwA;yKhpa6eJe{JA%)X~3x#QB*m4kO|@fZQyiD!mZ56wiQ5 zJ3F85WLe4YEt+Tb=Idud5mK-|VSj8x^Eo=9yF|Qsa zBWIs0x8pm}T+gPigW!OB3_g5wa5itj%Xz+o&pH{{p35zufQy^~WqqoOP<{o<*6+X^ z>vIOT2Eudr{QSz~7BBgy^J{-0Zt23`)P4}We6fKwj$5)S5C%&B8LV4~ThemHhh2-Z zY8hgdx05ITRD!B$#i1jQ*j zK|^G&tb{LJNt($%0BkYnMiB+XVXK4u!4vTWq{~Bi6Ur9o8wb0t&`FoY&?0COp{gG# zS8Q<^pH^d5lwA|{e1=5sWj^8V!l#SxAu%)b_j3*fuIZm{pL&Xp?FttrMVu^al00TrR>>C>A?Fs^=rR3*Vjq|h5tHR0~ zP}lKv*JFEQLE|c~_OtCEmw`Kx%ECHY1$}P-t%8G~!OIrux%Gb}cdy4Lj~MblXXb`> zi9gkrkjqWZV+k5HJ_)oP4O?BJt!geFAZHNcELxjT-+`fO9e+SmOg6Fv>%`S^BB>U-@)f8 z>IBDUhhS1&YE^&Qv*}g@At9THPo$M50XA~joB>?Dg}WHyLXZH9`wS`sw%|O0IRYQ9 zv1LrK(koEhqiZbTGrs9`3_fj1)PF)Tt#sW@Et?6VHExw$kTgyzS?+&DyL=EJ#QA4N z*=O)^#be-|M`RnyFlgKee9E@1$)$(_RO}T+sffC3Y`cHCGb|S?8^v<@|I$9JY;5jS zDqCGxF6(G(9l@pD2R64D-B#i7lI+9y8zuH-D4aNsngw{Q$ax(uon#M&=*=! z^Iz~ELf(Hzic{jSD@BK8Kk=JA@JtumCgNLr3Is<);3yrs;Q#P9GL#fIL?KI-)jD0EI7OtQ3FwDa;H0?fIU*YAmY2XkO?f4+FV4KiF!P^_+Tq7s`lhr2( zMy{k#b{6+?pwgV)qa5J`M>SOPhAq7X*|cOcA7+0XJn;>9p#?-#BR}9aU#f`b1d_z| z9Gg%Cf=NBV7UQr%bjtpgp$esSua86582PuwzB@3Vtq8YU1&U3!s!n#OAW9V#h^tp| zM7YM0#~Qj77KLt)+ECL3H$*Ci487m*?BOtr^gT z{~mu_8`uE_Tl@@4`EQVtRs-Kb!hJ*`9P<$L5j0FhX|Q9EFijNJsPa%eHgVj*4Ta3= zrkgUnCcNRCk4MHQI(Hxx5B-(wA)cX!EaYHa^#Bu@_-Z+z zP++SS_mc7=QNfFB=B+#d+!G@2#mJhf3hzQ;eE*FX?w}wXnD8mbwhIO5^ymwXZykSL zWV&K_!8!m$68XE{loTnBq)h}3KhH zCB>mz%%2*j901tJD#%MX#R~`5UXp*hO>CK<#PkF$!z%EX^7;|?kWW6MQ7Kgbwgba&r2R>AI_=O9ts(f)-R zQ;@C{Ktpsa1;i@Y4jO>#=hTMg5>5)@+NtV#R+qsuBgsR$QYI zcuH(B@Sd#{Kn+rCj-=Otpmp2>h^y*vi0o^=QmBukz|#*Vf{w+9cIHVy=+aEM#^tJz zz9+Mb`uSYxfZcBr!f;RUl6OvdL;USZRUP(fb8CI0^n9~a*(`1IuO_yx z!)9qF9-=dHqcT9Vp@mEu3@e|LS%W8NYq)V#dqfVLzrKape+10%(`j9dOhfF;qJ>M% zH5%_yU5=b@kvP8^Th%x%&_u3_3fx2*>#Ec9ACdkPU?P865WK~dD`m3MB2z(ryfC58 z7dVyxdM=44>Og1L#63%$ibmG*q zw{Nk*$9jJ`_KicF2EJoW-H3f-lLZ|ppd_ui{vefAkENOR$;}0;kaEVNAxh9nZD^f& zCZ8rL4AQ6z^=oYP(n#q!#Iw0D(-LeQsJ%IsNVo4G+9#$#{ZW*t$S;g^yRot|r^5i+ zHnvg)Ur=B6tb-lCpG=HH>LQye>y-b*DOTpS)^mRlvJwnpBM+J$tIhIEGxqgIJo&f^ z9Au0u{&^{0c;xq|Ocr_;Uu!f2>79{_X!-&{hRAWSfdr=$^04P%<7%+geHJB3=zTD< zTs%N+iX4ohe9$mk8-_5s%m!Z$q3-e-8(9Z$V>!{D_w8K&zL8 zqwE9f9vea~Cq_*;H(czBHTwY5YrvPJ@SE&()>_%v6{Rb4B$Xqn97+8lNXkGu9zcKI ztn!o)Yk;lz@Xle^tgy>Qj*cvs|9n{F6?riRdadWs>$ikn)Eh*hmq%d_WkRn-U=~;d zGXlM(;Jil%^9m0H^I9%8@ts(8bF`PEy&UbO(VU~b9PPy__3>X}#Zm=Q-89O$)w`ydtWr+v-aL$~py^cveO$83x&J%#KP?b5h7T2c=&cBXgFU+p$D&Ghb>tQVUh z$0kUzNF9iK@A5Gq_x~yUPAGrkC8G2?Y0$(JYA1~uS<4IqCc=qe6iq?8Dq$Kfv<&DN zm(uaZ8(vN-i^B0%S!}$?C2%8U2!2(o&qp8Y!mL{)bxHiF`D@}w?MM0|xa{%DR_G-U z)+M#{F%ECo<072C@mn5Mi|=K8h|CK0+=8N}Sd`UGZd`j^_-pak+^&DvYiky{DQx+> z3(Y0+ofgSvWBnS1M;JbH+CCIgai_Ksj(e?KQhrp`ALT*#_lEL!S^ZHhsbBix-xcNW zveeiA^rykPHujUyaMe9#%2yj(iMD-kyfEL|5F+?TH*^QwOi7k0w0!s)_Fx^vbY zze&fT8L?jie_v4Si+^vU(8T-?IEY-cU^{pKol(I;E=x$~6A2UMe|2MXD?0xxmCfA$ z!^1q|CI|O389!2V8KSA;X;?zW{|Y3HQWz85kFlbzk_{0 z7Z_r6BivXBR~sYZsg5>CSNMD98GIiZs)qsJgOY3VB)fl_b zk{@xaGqc!^deGltHFFmg(vue(LzMeVIIcH#SEc7q;aG`#yNJ2J=UxpQ-0Mqs@O=cR z?=qnXj=R!J;58c2|M;G@v2@@OrEHbESrs*feWw0Q`VL|}$@f4qzE54c650VJ-Y^32 zfb|6O9pitoE#Ye56&6U>LqJ3m02HB}z$aQVMwj&FRDgk>IL|@;+chTCJ5ay&>@`kO zL9(jg`!`wRhcGi;du#iy<{lV;Pm$pkQz;`&jBj#o-$WIu{ zI_k!eSmtOohz;TUEOrT?aEQX;8>KVcUD^)09r=GRqU~bL<6a0)1pzzhWh8w{h=h`) zkSi83knc|-qb%VBPJ9g6&6D1`$g!Z=7SUFAf<5ySuuSoi!!mzrS@K-~x?eL|*cQmp(-_V4{kPZ0ol?a!n#zdph zZ)tx3HE;(9{MjFH?@8bq8QQi(YzGUkixCMZWva{q2k?$qg&Wi<1f{9ppMV}AJrfng za+i??-g!<&lApco2Tu(DiC*`I_>vrejKzQD%0_uBvHvTVa{nI>^4ydE53LY*+yRAx zdieJk9C=LZK*K;(cd+fBY;%C+uT$J_FcW_&aYtU_>?_UpM$bYnKiIWA(_9_zaARvV z;csJO<9TVbQrh0Gl*D;j%-=?qZw=`wm9^lEaGb)RRM2=Hr3yQUhAr{iC#*RQQBmUjY>>oqp}{;*qGK}eQTV?MxYJ>ooj>KsOo=x z{?VxND)2Pt#zu2^sf}*kbTvR7>V4G214KMm878t9P2%i9{krE6FR5K7zWX<=DW9Uc z7TS}__O`yh8M%>V)2mY5S_S3G_9|E}t%6eV`F3QAJu%kTVKwm46EZ0}`=ggeVWLoz zy`sE~Ofv3~#vB31vjC6TM7m)Aq6L5c1CB0Qe0xGc2U27JV)-ru&5;raCv*--i(%EF z3Wdm{k6MibWr#tq7t_5Qz+0c45#K)A09*bC^)>BBeckxI?kjhRFnr@uoI>Xs@s3hp z#1x84)z~!HoG=S2iK3bCW#jH#s!qj+Zp^KNqHGcwqiK^zXuUPX*e|EOAESQ-HVpIl)#<;;hgvvygC9ZZOX`13r zH^MxdP`8Vtw{`x@LlUTHY8$10E8iWI%){ShX5r00h4vV>2bXPL{Lb0Gj6Pf2jeQ_N zhB3TjlJS~r1r>-Ih|y@3^z?UR(&R7J6m765SAd&(BQHro`o+3wM!Z5;~D<8Qv0dht=y zZSSMD%C>VZ`$Zh|QIqOnEbBAy4=;-squXA)PdvvQwV5=GrrN5Oz(0TBX}R#1N6`VM z{LEmjTq->S|M4l}rS#@2<)bx^Y8rK6VmSn0nObY$+cy#PFQKJ2oiduLfvfg79{5_` z(K}f7q0z_P#4HXV0b8^7iK3brtp5~SJrl9f5Psu=N1d|I)hWxrj-RrGt3AJ%a<&Gl zBa|WIwLoZUDiOkR9TPxM*%br9OO{sKB35|Sb}miBES8?XvBB$9Yk+}mH{p<^K+GX z@JYfRY)*i(o&%H|pyU8$T7bfUgFQ?_hA_y6h_MmEhXBsRlLUX5M(FBim6L{Go`H|n ze?D4_poCqZs{TL5IhI68sw0N9dj0`_ab*apIdilZS;#>Sea1i^$+H~$_}~5z?9=cD z4DQI7;$biz74}FC6M=pH5J^cokj?@~o5Y3YB5<@^`D5{D1ZJecQGq?zH&(&M zy7+&o7)72u#Rik{Ta{J7QkII_TTyVTmpAnC);)sLeHrL<|Dpvvii9em8e|k0c!&)V z=~Bks6lNY5EyW}`Ma59OcN{)7qMQt8r1WcfABZ-lknw*2fOb6wXsaNa9(9 zdwtHB^7E2?tIY^>C*Lk&dWPc6$PX<3M5J^b|YLMGAmnz*V@~qDUu} z5%?wbVatbdY4GV;47~6H{{h5O0S$l2s#{teyv#NB4})DGiDMN3J{h@lnE4NzD0ASc zIYEUP{MFS`rJf^>3`()ckzzkHbR_qHL`4_|J~;1VB>& z(vZf1QI3m(%+uha>ioD!2?z^v+>_&;9QVwFdm61%c?3j^c8EiKgwXbd-xQ~PYal3W zZs74dfer;;NM|xM#}>aOwn&8$_1#l`tTLqh&%l3tF-HhN=4lW@T>Epz zgry&nL@dptOI8kY{sfQ{oR8#4XCb7sz35rUc8+BH!g3^&Bbk|zjDH6->v>29Kv@L| zg0&8j|i=dxh{fZ{_u!OB2DTgIF#`rTZ#^g&H?hKWq0KlXH72Z%K8lf^!L7-pl zQQ^VT^bBnE0ymEG^D09ufhu;6TBbrR6RppdeLz#0tizqdnjF^Tux5<08i+!hm?E!k zLOf_=t4q=qeff6<%`h1AAFk0dO-fcR15woCf1ZS0pbA92LFH(uXAkZJE2kh z;(tDB|8LDe!?h1|_{sPH3wNJBlndLR{`#n`h8o5UJ*{yy<)6))G1VqeXIrjTA^6>WLt~rO11fmVAHq z!>1{HGlqGYIFBs$a~q{i84iCl4X#82H>HGG)!?v~vWA3#+7i(d;cePmY^BB0%CPez zE=*gvL~xDF1&OU|GzDy-n|NgBGzgXeC6Q&_ht9BaM4*V+&h*#t(>I%4)qL)5X0n!% z*0MlPnDfkGF7x42nuL!T#Y}XfCn<{A%cO)Y)@UC(Jc43urzYdsmE!ZP?XMl!;?@=( zG?TIO{WRQ9b4b7~yu~p&CW1-OSW6V|!91Lu@?P#kVyV-2n}J|R31>Zmx8p1JPUDT4 z#W0Yu_@kt-52UvTDN2kRAp#T0g$&eUphRiW#JyQaEbX&yyGNJd2>~E~-p4{8S2@X8 z=u@v-@`YZ$$`|_JdE9>O9$-aRChX%_(9>PfR%3du=jAPMgW;n0Jm3f3cT!X!X!1K)PLuTu>f78}GD( z75q<1(bKr`n6bh%U?JUqkNECJegW?uGXWJ<>^u&nlHoZnhblQ#S&+;es!V_?SeuwE&l-ZS3pCV)#&_&_u@c#Y#_l48b!odM} z`EqA4*rBo2CQX-r9e`{dWZAE-iyWcn9+i^WOA1iMa~~T9vZDDIatS5LM9~v;S*p@Q z-hI<`pHShSx&JJ0&_T|U`Y#^&G4Hz>`VKsa>y$6peJbjhz7tQ;An(KlI&tqYbRviD zc@NIlgZq!62lLLGvGe>b{m+FkM~Xkjyys?`b_YKfy!-}#-Imo43a{6S|E%3FpI2g} zO@B)K5J$qHWzw{#qM4_D5zAfvaf-kWQyv9QaR8Vxo@Zv}PdspbOsw6TjkSwh6g)_? zgN983I+SagixvPMt;abN!GAtlPr%VdOAxq77l@+#OPXI{u6(o}cG&EX73raw3Uyfn z82!p6fdegn$_Px77c42_^$PeEuI1;^Ae<|t@YHwt6Ayh8%7$5|zLivW){o&fKkj(q zQC#MyI5c?tH~P^N_}qSQ`Sydhw>YeLl&S&`W~#9`;?0#{e_723xpHQVf&J;nK%;f~ zl*hN>gImVAZF4*lFiFO@k$xvWYRK)EK59QcY?cOppE4#4W6RS`2F>_CdU}hT zmrRuN9Yc9jymm)oZWvI`Qq6_Eu=h1Z*GuyfZeFwjaviKwEvVZ?1KWfywt7LEG!s)- z8Bc0|OFizDDmFOT+cw`j{}EUp>3-iM46i5BIe|-TRj8IYTXVOsa zFS)MG?7B9WU01m>reT$(*Jfl_W-Pg`t?asgww7I2d3{X7)|XvdwUk{O`?lQLw#U@A z9jh()Te-#1zIwSuN$k?lCc`CL6PsO6r$JIZaHRSWa(*! z1_3saCn)h{|J&5Uv{+itkfrR)tU^*e)!kbz#G!e6weO7Dd266bAoJ>o?`p z_?|kfl-XUS89J-Hx2j4A)5UZ`YtLuFb05bnb7 ztrIF^dZ98?H&h<9AI7vVXq|z&&@kEc&3X}lKUe;x$sFJ38|f8J7j>|KJsWfHYi8l_RwwYYI(|TRES$q2g|1w$wF}s z5p4DX&&1@W5Fkw7`7pWBBH3)LU-QcZnORaF>{iryplv8t2<4LUqpJQ;uZ1>$l)uaB zk7`N%qMXAhU_SudpZqr90ct1bXLc=W!JBHqYAuy@^@nn4qrmeJv_`ppNB9kiCO7W> zIoE4B)&tk>{w|#-^Z2Ej_UgQ4yga(Px)X1Q!O1|SwDM!+U-|R%AJ&HjXhCyyhnzLp znFZw(ruc;tYq2^?rBZ2geVzXvw^S-c|6AGGs%~uktGvFkSzfPJ*Eg#FDwVfNmGYMq z5COyi_m|la0j&gF8|229iV*=K0hX7o5dkOxkC)aF0VoAO67PN_mje<3MFAR@NfH4$ z7GFH-;_k>#ki0%54n~&iuY_8kIQWj2m=Xai0k@aL5&cRTZb63>0chI}xy1v%&;il~ z(n46MxTuN^IVks&X>}BzgP@ zM!5D!f6*l8-X`L2e-_@E%6+fQv}6F3;p%s6)zuVGG;76A^zw#Y-g+SPC5>Yr4tZ4* z$SbK|xw#1NdS1B~-1XZ4Bibi7O@BI{@cY9w_z+EZ3Y}}@&@omR3G5agF`+l%Lfl zu8)-!bh4@;zgYc;jnO%g)B<2hK|rxDOrGw6Fp+~O zV-!EZ@ed_aK+=%L!BLKlQj+A@D4HV2MpIY($6=%Dl-P(%x$Sa}e0~Gu(`cQ_>oH=q ze?vTyxE7njOkoWKh0P5>er@offQ-82+hao*_1#l`>N2Fl1a=6q8H*qAlfgrd5ORbt zN6k4xcmRZuv_n|z^rVzyh~ET5gwR1M>E96N8e6?KMZOk`1qWO!{Nnt8t^7d__Kv*> z)M>{Qv9z0Dpn_RdZ9KsWte`4~t z&@s*S{WuZJG0ekanBT{i%S3KlMp|SDiMBn8jJXZAz<)r(`by~Hs4*2^{Le@2|E(El zxb}e#KN%lj;qKFia$)<^UmvyA&_IjZf8};_OX`MXXv-P8;g?3h6HeKDQ?^HV(l!<# zHyQ{2^&|T;$Gkb_4f5oeH^;p5e`DT_C1c)+uFG@G`x|54$LAtqam>3QG<|$5xmRfV z+at)v!9AkKdvkwKyR~`nvSA$N@sJfDqCO`R2TyUkl=NDY*$K9zPxIjq#lCh8a z5#6;Sn%v&9*EiU3FY)Yf2K3V%*Xd=fAPVmPbf8C2)AlO4Gy)=1) zX8@K!X}>e#*iiEr4IA+n)uc~k>O%cGr8ep! z+eXF-w$d6n)3rpt5zIG&`9|;&>{9ZLV7?K|H-h;_aALHn-()8^!_MwA}lufTjiQ^{r9~_0Z{e2_0 zxDQ%Sy^Z{lc0=w!yRQ;+3vY1(LI)SXco4e=lG}v@iNT&A!jn$7+({TY%mnyR_xXBNf4qHNdpJxzetb+a zlN*Dlf6CZc{(s)^u@9BQ$2?S4Qi^;SFIH)nun8AdtC8QViUJ)`7Y#mYt1}$m|1;C2 z=`+w7Jyngi#1)4K;u8E3Hj~;&=Qrv6cv$!(ovsZ(l2ygtfI?YS8GE$MR(KuU(LX*u zj=A87ISc^)5n_h+{ln?Mefy@IFHNljH)aWVDED(qnt!{g_gVi0S8P+pafYc&5`a`Di7^=2Xf&{FTb_x~-y#d)6*(@)4Y7HTV$5 zj9eNvG7eTVb(eEX$K28}CBE!@hJFuZ<{;@=-huu9&)%Omw~b?aaKCXNiKV2EFWr%4tk2St@M?1rcs(tKwo?Xm}|9gt{!U3-1b%?gJ*qNAz$k<#qicg+TwCH*kH() zvk8VFjNCZzLD0jeZCOoe=sN(b7U{;J3hSFS=GHO`^1V`4tyZT@zE{bfY?MYHQdLvGXQRa7AbVD<=%mpvOn8!9}cdp2r1iag~dzSzQTo8(D7A?!^a z-XeUaXN#Wt7!=5@<7%>|%G2&E$XG3=W_%p-Y?G=d^ohkd&bJ3|O#F-8>%m@c182Kh zDEj8?+RgR=!>+F?Bd%WUtZBhvuYdCRS__GF!qqYK4zKf}R0kW?vZX9)L)uYH+tg*~ zmgCs^SnwIz#<;1)ox5UZvj`>#R5^AW!oJeo@XC1n)@%>H7ko*#(BECnyu6i`3cL^+2QVXV+hzxDl$MisuK7g+}z_uhW8E zZKKjQDm|gJb)#)mdSBl_GgYIxq5FEXJ>WT}pu6cUfi+FXA zQE%l{(=c$lsiL-b<&*sT*?$Eg2S3Tmf8~>8`Vk5}Xro;|<$n4*9D?<@SG)4TmBAi# zWz+z^@XE^m3~LenU|F+-gD)5SdiN{N6P)hRm)iq z87q~1ll+3QHS*5|n}qC;w5{P@ZM7~<JC3juJ%4Nbz z3)HbW0i#Na4bIW<EYz4eDw)ftbq1;ZOrF?;Zl0fsj)mGZCzJKYLVu;gc^$D(FFWSZLA$AF zKpkkCXmh7`%1|ezZ)oGNv$g=JwHAWjj{RLnLOqR0s5y^mbc7U`@pP~d6;+AAD|Ire zOsHw1qRu6wM$r#R$3{&u5>XBVpHI&7uqPbiq;L*cc`VbM)*$QIC&fvpb>&LP^Ye6{ z(sZN@U|PSQyMMMTX}gl1P};h&b|qY9dNvz^-p`j~RBCpXy`Sr4zj|KS7F|766~&05 zv5KRtEY`pk7Fjq{h=mVPbKa1#uXi^^;+t~V1Ee;>e#p9Az@qK5Va#ZR zIId!YP)t=z*@>#@R1UYo0?}Tc1wt#83jrfc9&e6fdGXsR_y~)dk)B-ERC#ihRVP;i zKda0%6EdeBERJ7KH*2aq-F)HF&6(xXATGG%>d9qI>(6XK+;#2yua{@q8t~kWfO@g6 z@c3r+>wh&>2o~wQt><`>Nq3c!R%b(BrHkMu=8?*6hP{{syfd#JR$`Ty?U>eAs4)*{ zk$J0OwzkA*y6|zA)Y!i&h}v!N9D8^GN-c0)2I*PSZi`dEp9?tX#AYUm)(L#ZoaFLbGr)CZp?PK(BwtXS$1j~ zvMo~67Jr5(Y=SxxAAhDU77DKs#u@KFU0fC#b%=iXfS$t1<*c#vM{{{kA5Y^vEo{V3 zrhgQK4&Gu!)xldc2XE=K*NrwJ>9f~oHQoB`Rk-hIO|CwBeVX&C&t9M4q;Bfjt3I9E z{BzfNq8#7k@c-hpE< zzh#aU{Vgr} z^XpplFH`hm19Gb7lAL~BpRDjMHWX$NMnpM&c>H#-QY!%NQ7|g(<#PoMgMVF+tMy}t zOCwLO43rGaD}#-G#<4Sdu=M)OZBen-<2=m>z)nX0FJ>fwIW`M&;V4tVFVe_t&hAK$VU@;*=UlKG7 zJ(#$DpBs_kxp5-Q>w{XfN`K^!k%#O=$?jahShLkI4-ZOX#%OcdjI$$BaouD#rqheB zB5(U}h##90$PPzhV}R>*6rIn+aZMW8q_K@39nWTx^O^Cl5sL0ho@>NE-0*AUUEce) zx@NEvw zh5YOJm~rEbGb&~qmZmd;!zItAVqD`!R%td1&)m4#G#dv;2XdvteAKjg_BA?oQp4rX zs&aheM_6fQ70=zkxi#D6n=fgdab}D8Sfr_ye4ds*%f*q79c#romY=$DQ{1o)OD8yO zn{|3G&n8c;e9yvXwSPFcF~h4gqw*6sa6ZfT;p7$U!Hb+KxONd5NoRVNAeT`pa0LWPc9AC>Ww-fJV}8keeqg z>3SdC6;2i_PaW6MeD>&H#Ju##Y!dE}KejM>Q7|M%(A#>mog2E0B%qg#!tX=Z{(+6q z*;8o1s?Zv!16BLoG zC1RObF^35|xU$I)a9)zE?IyFDQI<7s5&ChNz=#}$?*Q=lC;bsWdGeP(P_%E4;v^W> z!^pK=zu&Oqn?=0CG)?oM-Nyf#rYZkx9(J04vf7;ktAE{UwL7gpnO3LMYW)eAi+K5@ z&nQk{^e1!fcgcg>lFvKe`Qi>yoWNmNdrvckzCWvdMtwK%YbSAx5}X``Yy8D0zNNcH>Ahb^<7N*$|aHCp3;9^Obl zj;R(~GaK#pn4dz+G;6hfI7|Td=mt36Qf=SzeKPHeF*Ax9w;CmhuIWd9tP@Ed3NAqHyP|x)4zthW(_ng ztA7TXolXr{{ONOshEMY0fIov14@HTxbejX?!F2$mJg#Sl;TMcvW0d}#J`O*rH}cXe4Lm*rIc_46*MI2yD8Yx|N1dZ1awUS{AkQ6#brIrg(k*HZg2y4{#pDV3e|vKk~c`x#DaOZ=wC89|a@7 zpoNk4->7oMbA&2SM1?ZBRgyzYD59IgZjsML7pm+g#YB+nQG|I}9B;W}pwWk;zJKVx zWenjRqfIJ*xCYl}4T9T@>R>;2clZFW$pjW0XV@KBxJR*gH2#=(QQ;4Uy}@`_p{BszNA$z9$kEBGCnW^UE{)yBOWIq@~yEuf= z505yGaopQ;Jx>%nEvp7B>!=2-qvLdEu#SYyqc>97Zm=I8{~Yp|X1Z4$w||5O&_&97 zj^xV#ZzZQVAFoJRm2aCsIKi*2P`CIth<>v zSC_f)d3DAFQ{(lkE2DnyRi9IxJ<3rIzQ(1yise5diWB5{VMl%jNHE?Wl)1JkrWfKAj zJtSXz65t#{l@n~9LDlv9UaA3dVh8U#{E9u|S1fKFzhVQNmG-BKi#0Q(PFk<{#*fVO zP0hQ!y-DK_a+4zalm;bLK*`aZprolmi3TMalvD;K#MwTFCU!WYWq&_nWCy;(yw8_~ zL>|92afmyGA46ylTp!_X*g=Hihbqr_2KeIi;%fn1XaMnK0ffd16|jPJFeg}OX|SNd zf(8p!z{2kCZk8J@H;XePL4-ojwPE~_H<6T$6OjUz-a!OzP%342&AmPF7m&Y-GqUF| z;Vv%bEtzSbjmJT;8-F3EOLF*jV|##{k%ydz?9Q2Aya(!_5-q#%2D%=$yDXEc@(eDY zxRj_7g3kRS2%3UN&7F(l&iRmZ29}%CfMx4w3bbt1S}Lsk)z8)o_)OkV8Wet@zRIX@O z+w8NxO_uH|$sY47XevqG(UKf!N&d7Xd3#Pt-qDg=OL8sAE1!@p$0KITWbhZ9WlalV zEriR3u#k89Y0F^QOJ!Oae4u6UiexarUIbbaKLts=eqWVNA>-oai*Btx(>5)+wd58` zCCwzd54GslqJJA`(LJ5$p3$#!ljP`AQ-R@4Ukgz!L}wDBvg75nLi9)r(G>|%Ek3tg zd}>$0#kmS@ndW|yIkfH4#1?x`2!CirUSp6sFi3M=kG5ltK{N)@7-UfxL_6279Dc}U zm>wQL{(A8EXsp~k^8A2GStUVb9l^3Hf+aNsr_MFentv5QkSc?wAeF`8l*(z#k_2^g zlI!`=7(p$`XpTgR%7dif(@FeAozhNOm5@tHt;m4)ZWt!_iXWwI|Ba$R(M0MPO3zXj zF*Krdl$Xjxd+He5*mcl9XdOacxaO71vf)TgXDGH6F}vzoiFu7NB}7vdNfb&XHpd~R zDj1@?LVsde^}~|dhvk(IRdo;5TMAy$>F@X9jd$%eUhj*W2rE4{4pfy@QB>DZ99Kbc zN;|t-^^9EhK6i((PaVW-nIZniQQU33PFsU6XRptn&b-PmKAp|z!Cw8?os@K@uPFK5 z^dgq#y)33opC>njEST{Gya5jnC0+*L@e%z0(|=|*y!3+jMv}3TuAh8vrxNi8=0v5U z==qp-DSsvNckD*!Un3MJG4BCsha=AY(GDU+qYtKG2+>=TWcQ#mkK2|o#TDUI^shL< zlZdNsb5m9hwce_sR&&aUsO*EPo&g0(2~FpsXQ5K%l;p&_D^Jf78lEa?*s2UxzlkaP ze}5**prEU!*DnWdub{-{De_tR74T=kSf7Kqin^o5F#e3hy1&}s%RZ)u0#9n9ktZ-RXfq%4YfsQM4nsv4Ch9&m1unLMbQpF0XHR<{X zbdz;@hkxis>pU~(*PBP@k&TlRbsp=uuo8%ZW35iX(VEJW)l~k6sw%IxL{}NYyXo`c z5+$RcxH#z_`%6?mo`mL6UGbQ#chKn~&ra8H*GU)gGF6eOb&=9&tohZEdG(Q}r+;=- z41Lp@#|)asIhR;^X5~W`qgwl5x0hggF`yi*3)4^3JvOAD&q?>7ii0&-O*o!bOK3Gq zw1noWwS>Yc$AZ*^4blaysdNFscVJy=zD~n1Xh@Jj+#SWpp_si| zN*WZ!Zk!-LA&;>==ng9$tdj_OuzwGfJ+Wa3Z8y1JZEsd_wy*4E1_(<5{&Zdd&DElt zGdKPLzDjwmRe)w@#Nzsnd*eDI=sj)3B4>UE8;e=iW-sO4qn;UPS)9RC#63$hn6|AF zDAbx83P~5Wz4YnXOEo9J0q&+=dEtC(fA8T4Sa2=~PEKo|u! zienT5+F|g1|C6@hEfo*H4L86prm-;oKPgolp>y@jGq|G7?0*ui?`&l6PS7w+x!&(rsjv+_j|D>+yF#Ev4i<$8jgd!y zkLo;+_58bdl{%@P$T2CIllrS}7Yc6bTtBLS{`|m%2iLA|dm{&(U@$K&JT>bX!;zP` ziiu|tNVx#x-yMXkqB%cu<6k2br2wD2tV`DVZXP@$M%863V+mLLNPi3xN~hq58-9(v z%X{BeZI@(QKSp-WO!8Y-C%s=pdK7~Nj;?} zhwfyiD%_@IFJ{4%7=K|BI~4+OXX7W1xu@W&Fbak!8K68YyqNU*Xy z%mbS9;OXGD-fT0ikOfEww}$Y$(6xVH8y)>M?S7Zp2YA)Z=x|;vyhXui@n5WA{&$D_ z+v2~pOumKFU7OtBmP3a8osGdAqAoWr6W_u=_<(;f|CXFc>3!9PB;^nfCLLUrrMOOa;P^7-8GFk)!Oo(0r5YUptRGf6||oebOzg z4t?m||AC_Yegu2ahjps0qIm!FyOXo?ca5Pl$2&~ZG!NQs{I6-6^1sc4cJohGyK`W* zTdj7d^(WIhIDc$*{shbgj|nNF1p>>VRzQR^*x|+um;>1T#tOmLk_rglL3I)gIqsOpl>6P3}6DFhqEXF zYOIbyGC;t|-UVDABm*}F5ekFG&d!(eRsbUe7>hcf7k@+`83Zu`x6n^qzYmfCcmZ^Z zZ%6_FeSq%V7~dy%w1EeF3U3fh;+>t3K|=eUJ}B_L`*c$q1Wx*bK1u+z?Gd)Xr&Ni- zZiMW>x7~~swik>X5Jtg`>!1i+yPoIz{k@cANdQJM!Vk_S;N;?c16*WMIHy#EpjS_~ zXSS)5UVqupC%r;(;tunEjN)`~_9#w*AqXSaPQL~b2>dfNguWy9D;+{iNghV-5JvYP z97SPD(x4|(k^an~qkx_l+=3f7cCTH}P3{Sm)8DYZj$-7b9FvVR34k3Tn2_P)9cUOh z$fI4LChF64EKE$~9l#E#ZiEQ`5a9_u;YT3TrGL^_T_f-f`S999&iCCxl7#V_{e35} z;|7Cp4Lca_V;=ClI`o~o9r!)BKZ?*kbZ%0{$S+~pwol(y$MhE4_6QT5(|&&@y>)hW z{>fff&yH*A*kkCQj8boQcK-R#f9_0-o!+V9i@q~Cx$%yXnAkwbOd9Y5U%mt#8n<=1y#FLNy-i-^4_>W+qkVmop}dVa{K>?vx3SzG9h`mRro zPZbI&ZD*NrxYzCg;jE|IMIK5OjojhM=ysXxC=Qf6c}!P8{z9U-6fQHu{318xs(*}e z+~_o#>a0EENZ^(Z-Y*VY^MtMIlj;$`kdv%JF{BI$5He^H8X z7-JDnP^_7n%&#z{^E@PB7;;-M&sMH5`qM+J)*7KCyVMtqi=*n<;ak%OrG zATgs8g=lJ0l-?$rf24imH#Z(Z&;0{|`(PAtJ{uJ6Qg|K)4)D+o@*2dXpztj;dTwk( z?{@^F%LGQrdEjHGEKC8T@1q3oJICfhi(H9dIQWwJMv&X^q%(V*2V z%RsT?lrUbte3a%m%5|j%_<1g~g6uDOlcf+H=1_ZVg zpTSP;4LC{yVFjf>LZ0_26qm4qweU}c#z*Nvt{;cUP700%axZC~OcfjRo;M|QfY;a~ z2Fb&S6C@>xBOiG{9HotZgny7PJqYloX3mqLWYptd5OIExipL+B^23Gi-*;3k{DKaY z0pfC>$c}=F%$13R>w7HD<*st}>OAy!JQIXb5TYn?3tcL9i+jK0#-Rt*o!~A1r|M2r zn-%h^k?$sB-$BkV?E9~mXS2U0^R*uHrsm8~C+oaHmi5d};a1z2UVj#UK6x?HyULbi zS-B>WLz=^Te*Se9zqqiq&=)JNelJ{; z?;5i$)t0;K;B!szlA2Glz~?n?K{OWoGwI3__aPG2yNx^0y1B&;M;pN^rx#yWz$Z9K zmS&SF*d$eQm%$ekr+bEGaZn8p1k3qYxvy632nUjP*k7NJl zL3N7k$X6=_%O7z@zDlw3X5rZb*TL1ZSWvVa<4p=6iaa~Mr_!U71 zKUont`SyOiE!9!Q-jfzi2#hrpjN=G$xcZxXf|<2PC`2$hb0cK4)0rFYSa(u*dg)Qy zq*D)k$GDRZP=B!VbD{9NS3Usnrr!;2P}EJ_A(}mzW4;6Y^zSR<75$1c4Zzcj8Gt`&G|606_#sA$Sc;unZm;llgTbbAJ@~$|*zd<&BmymD+Bm2$0VM z;SKAY+kLW3`HUifCJS`~A7Brs*yXcUVjnf;)HP<;aw*S8eTj-H0R=eWAq0>E@ffW* zEV>NHZ0!JrU&S&HjHNU8yxPD`tjPGe=;P%OdMHUy-S%J{yY>uc%y({lic&sAj=D@z zep}iVmVYp&P_dBS^nv*`sTwalXk*u+vP11_7@edV2EE6WMRf#kFIjv!F5V~I&~rWS z6G|;Yi&%34?H_!cKiAfef)OqlcT&_dhWvbv?PIQgGBzr_h&?Rm^`vK& zuB~#<2$IM_^b^wF66HFVKqzcBDNJjrAH@`E+TpZnTCwgOQN!9(t6_@FXSimvXDir; zs(&VIzrqfB!VMw6p8q^G{ET!vVV<)6sG`i8CNGK9osC%#jy!R1B%4di>V#A z0?ltG?w*pF^5=k*o#^+S$cdl5RKEEU0;k&)1mgLAjs!x|JcJ z0K!e&&rfH;uTjlng-nOs;tiUuHA<^a}GK`#o1z^q%Glap4$v=XM3Fs+1XB`o`_<5cQk zS{-R{JgNz zmX2+IF=N}15lxNGH%^aS0wh1Z_?jVDAlJt$2jq%^73Aqggl=4xD7B_4U(q_MRVrUG zrep>E%I7zprG&*yg(_$&W<`D@z>B>?-Y03JnL5w%DibQ><}B4Y-?EBS%YU`8GgX=) zU6{iOLSceP5Z-}$uJ1A&UPx=+&6aByx5d0YLP&-*W1e<_rjwX}zIqA{5U5t3y}j}< z`F-g!fxZJH=QkL+@Y+Kpqq>sHIbSvB<0}eGIy|dQO#i-uRPUS4wx!nLM@|m!fmJhf z_UaX|^zPq&#_J>?(tcUr-d$w^%H6nSCgo!;%Y|af2Pa-oG00?nEDxi#^---H4m+pl>fQaG=C3t{^wPE9(4X^ zp-+p=|J-U=+m!!V=Vk^vH}lxs%+qI8-sBw0!mhT0G|JkeK)6BlD6pQAO94I9SKP|{ z2`s5?ll=))JofY)3bgZp@O`rLfP?HMIB_3y&q$?!#akY#Wgo)(doxF=&(nQC^6e;4 zN#QV+%$62$nAL{w=6ZNybo$0(WSyX>bQizt`_MD7sf!nXMdl-L_@t|8BYb&n+Mhr zf6Zxt`$>K89nSSBJh+xACdRC_?+txk)iv zehJfNpMOb~^w+W2Mx@_{MIPFL=fN;8D);4-YG0B9|=jp8B8Gf zLM3(#c74=`iF<>98w1pjP#lAFq3snn=!hV})#ixSr(`;f^V2^hQ%&ttJtN~>tD2HD z(}!n^J3JdM;q=UEOG3-CCI~I7L}+FAJ)N_%*njo=a%uIdhh`GMjDsPt^l5 z`2?)nE$qot9(L8XXC~`lmbpZ0oyyXBE{mDT35lMW)z0%UpkBFina0c-Gi%KJY%sHi z#(&!fjaw2l7O?UdY~0k)SVQB?$v;7nkCLCRjFk41Ds`+1Vrdw?To}Ef)4ob%{hpFw z1L3uFM12G(;&ln!@k58}uci^M^nl|8Xl;*M7jIa?(3W5G) zNLo?Rii%cLw4$OF6|JZMt*Fd&AX1{K9BEBOYbq-TsLb-N6_w|$sLaO)8>FYCoqw;Y zr6`Kd=TQ)|rd?QI5qX{RAZwjD<$)l3^5hf+W@EW2R0X2>)D(HUQX(#Tnz#+5WS+QQ zO55MKTpZkp^Ib#U9kW4mx0G#;Uj67#IOAHu3gs39i`+aDPiE$vdqYPfXk9RM8hDu7fKUM zZ(YitO@6_?@h$)H)0J`Y=}f+KWjyZf;UUzg8$xCi%g4f0Pn@nZg@0oY?8;A91{vs; zQA^kKPgi(Jr=3~DVE43}M>VE?wk)AkO_kL*c)C440;-5C$2sI2(~G^MUbP5^R%5gp z!|u^)Og(pAzJf#F*ypW0qzIb8q{t}Dzco!r|l~RIKIVy2WWUWf! zrakJlN4;{MxL#_H`s#ybJ8Jouvpe`VXMa!fuFs{6>Q$@tuz#O+4Wz89=KfdRF65#9 zra7$2p2U2V+19!APc@E~?_{c!z$H%61H#f~`x zQfNqz+{L9X4y7<(WHH@!5o&AJ75=x1*M3$ic0peI#O)e zAsGab`+rA@Vm;B;?2K&mNx3TLI={yIQ(W)`B5V{FTww$Og6&-z<{gDSde1!8r6< zelF3pB81%x=)vF+-W7tq$$hWzKUkOIRJ1GOF&ocbjXdMZV2P@(jO@}YD^8~Crg zjlb+&8R@sZD}N8X28S(E;B`XE2Hr`j-AHqT;i*KS_AygQkX#ji0WnrNg}sDNOt8P zPUvI7!@5f!AV4qWYpeAN10@1=U>K%9%E6JcM^nKi^_znTj6(1lm?;dB&?5f-Yk$x% z+aQH@e@Xv0<8-Fo($l#a(`g+R;xe8K*u5k(yvb-c?HUMrfGBw2FS%h)<6w=0H4dH? z2Olj62b&rPYaBcS4t@##J^q6?`U&^^```c0AecVVoZsY^cK_wOk7p_EDZrgPPt;;I z`&4P$?Q$j(q%(Q`?)=l|-!pw>?0@Ao*e5leScA=% zJYB`lRjK_FB+y%!O1qw{T2(Yqt!QdRlYZ8b*GNulBv+)BJzY!c(OO!8+;|1Dcy=*s z$`wHKNZLUpqTgHqE5P<#xcbT$W#|k-ajbl+Dz=J=Ri3tZ(gsre(Q*rvk$+}0^*ycmzw0kvgj;~d2Sn(Y@ialo|~qGelA!5H|G_=Ut@0D zdg{_wj=9y+S4&^~SxZrmNq^#34lgJZzuNz9+r;loYGYP_00vf0$)a?8Z!1P2(`?|%i_H)tikLCbOX zS&WQkaV9h9uF!KKDf|{^2|sbeHH_jywQ~o?gAd5>lX_&Pa2=^`pAQ4zM6{N0;TKxs zjTh48JLi$Ka|%19%8TN-(2IfVILN;w(<=`UkAqV}iY1~9c+*#8b&?=1F{_qJOwsxq&_MA_2DwK?v!^Te<$6N_wPX8H?T`$>?`d1DA| zq~dy9&#v&66!nD2`QZA+4lhPq8fWCgxj?7z4B^urFHPIwihl_a)k{3$Qz&FY;UDR^ zYv$c}DnCk+R8_qzpH8j_HTOhL@8qMWvScbFWhEz7!KQg8GlB^MvmSMiE991kPGoI0 z;j}m->|~1uA-bA3z%I`O3uF{roNd{YEXJ&YDNq!z;eHc6p+BR3A%VSo)SUvao0ws* zIQ{zr-h??Arhh2FXv6~;DQbAIgzu&-xw{O^xxVAxxXvh7;vWlu5365!2kzjVD+%As zGU5&e-As)sGVGwxTkqi=8Y9y3sg4Kf(8O5``fp*33bRY_jv*yU;`%mm&Cc{%`EY;oIgD`ke$^m&g*XF)n5wrlH0XO^^)=XxcZ4w^<+Xm zT0eQlddaIOLDzG=1Vyo2fK5^R4ev41p;uOx=x6#Eo`Wk@V};HjuxF_JS5lmao`AzJ zR2dmYgI5bC6vFf5A52@4cuZMfdEli(mky`PUpB53aN>@s0*o6M z`#w7uhJl}QL)lC7I~M!q2ze;osmk8V+86s)%rRxJ#ElD{PXveM^O-g-_I(ZtVU!HV zO(=KEV&5Iyjw@kJS{Kc|egf@ryi3~ow`PAUi+^UrFsy-eou&E(W&9eTyhzHx)<8OM zHIUP>2JqmhN+R@UVHLEY=VcYT8?OzejYZhbpHv}NV+ye%0lZAA5b{kcRfq~uB3r5# zSjB&IiL=@6<=6AE3J6u0vg)bn_w@dHd>z2+S@r2UH>^4p9 zRe#kIuF|Ti`-19pb(QL5umA7fZu-~We)XlG&<+yV$CDQSosrQHTT2>*QmtIWC`Mlh z$WfXGOIF+No?dO!ueNCx+8GMH;6B|+X@4Ut&QM+&E<0y z=Dx&-&rqcP{BlE*8I^fD>&`;<`^I1XFMnBNyWjrjr|+-#8n36{<+q>9Wg?fbeBm}F z$*0wnC-EP*n5r{iNrvl%ZE$)0;;eIQZt%ZV%BVNn)$6G5@ZIk+yDM)KFglzm(=xd) zE&hweWn|;Cvk9r%T6_^ z96Ee|SziS5m6V*v78zVPIR<|QvR#gC!QMa42k%enE;Z~;Q&?Vqw&Ek!|IZYZMV9}c zQ2)Qvw3;os{(n=~|6k4LVdsTd{{La;#S3b0|F-ku#f$X&ix+v#f2&3=@bIos?H}L4 zD*Y3vg)b4Y$X(#-`XJ^jw=?x*vCr^B!VZ#4AjB{oMdD1VeOPHy^? zC@&ap!QMRhQc4m0Sa}XbxJ_>81%7hr{*g9Yrum=rYUZ~@d1FAvl>T{Zys-}G-*;rp z>7Vz;8xv0lc|b8~f5sA+LYRCn1VUte4q+dWE*+5z5egAZj5q$s^Y|-gZiH+)**CQ3 zu^j~|{>on$4}#lY5p+_7!GB%Fpq38L4m{&cld(ODZQ~8Wq4|LDAy{ELu#=kc#<&Qa zY(BVfudKuDa`u394C!KMwmUV@X_NoV#xYwCti5B_fOXicf%HDJaeT<#@Y1$AwslA* zof3~sIbw&=#_zxX{(JrWync2De*N{$aQG&UvySF*oK1Eqoeny7{(n-&;fBFq{u+7w zr4S|wiqgqoNB&t8f3lqs0GD>8e;=9hFz8~BlgRaRW+%~uV!etN*(??2<@3q;a^|Jk zI;;V!d0Yc+Gri%c%FHcrqHe|g=ru1#|qM1p!p?Uua;(!N^&)R=vz{(N#i zFR|xGgKMMx&nu$+POc(k&gvo@CvLFDRAFYBLFA_^<5l)W3V$fe^P0W}R=y-MzdnQL ziR>~_f(00z#kl9H@e8h)MK0`RXVZ-CqMNDl@Bmn^NC^wdC*(xII8ibzPavThQ6=x- zGE#AV-Gx-N3K}k&dUI0ht%AL>;vR-Y6$pIoa^Us^J(L<-Q~gh}DnRc(c4PM22>Nk4 zT5+u8dI-sZMt?qFwkXK0J9HK|-!5=O|GeW&1XJ1tj)^^C8oR(^tpIJ>Z(;?&zPDA4 z03X?kc%C4~FART~=>6iiQ}B^DF+3|;D-*FS09{trn!u?Cxgk6&;`1qgRzvf2(|by! zwx&Xu3!rg-vR&&*5qO=}mYu0!dbN^&V{><9f~T0q>whoh3A4E02^qb>f>U~NsQKTL zhEZ))I0g|H1kJ{&{)y0UWsSZ~(OXpAAE(6ZsGvEI!pA}L>}B9L{I*ndxx*zub0K5F z!w!cVNy-B5DSWyD%gnDK`L+otT|DqSz4!_k6Q&#!1`fc{dB{n>CIbYpRvh&5>h&O1 z0dbQD<9`GUf>FdY0G#E(ssj9*?Hu`Y2ZF~O2~u#6GbQFMkv$COA>ggRH z{6!UUtgceCFBPeoqVP_s?SnlH7oz=(Sbisalgj2HL>o`oL&t511))9bPWc%oZooE& zY#&Jix>4+Y2|{3*>8=v*v0aiK3_q|HNWzG@HAqx!lV5%`cvy%X&Q~IBWI@AtTOl#7 znSY~-{R8u94$o)+F^eC@mxx0NcTZt^V0!_@I^VfY&@f_gC1i8Qf_SNbBmVO|Sj<9t zIi!0h-hy{8{zBe86--_2yE!(x7idpIi}@WDU;2P4UQUpaI?|An?6=0Bt)M z`AH0VK?JBg^X>tOZa@zHJ?(12%_zMVMd=2>jhKjIGZ)7aB^46-AeYcqQz@aXBklcxIPzfP-k|M32f4)IC2PiM>?~7~+?+?9T5cPb zm7h1_jn2rwuOBmHdeqYb4NVOiM9`4^Eu#jE5}K<)3Cj`uP1DqJe-q^X94-itdsqJc zm7gl~e&8VXfO9m&ZfCT*LRBq%oUorH)rV-PlmF`Fr#I(3tw11qQL0W1_ zy*ZLPg1w$=r?M9M4hTjG2zrv(tzkKhQzPOwM8xy0n+#kZxXBEH)>?p|<+Sr=duM`n zey|X^%Ppo%>`EbBtJ2N+Ek~>7n{@)9)XjaAq*A&YAse|j^vrWM{d{@a`P8cUU+chK zm_lAtT)ks(AZ@^`9otSeww;Y_Y_hSvvF%Kpjg5_M+uYdN*tV^c=Y7xletf^DYO1Dc zs_weGukJ>zuVM`884imf3bnlf#EvvSwcDVp(cpc^gCH&iE$D*LEIJT(OKniU`TAaG zpiKT3ra}#nk3^lc*`xfugs4Pbe@q;GzI2Y0WE0`bE<86^=ndKj- zgQo-brM5y);(hnFjeF7()a5(glDPpJT}`g0WF5QV*^|;FNKC%F#)lh_{P7Ms!IKrA zUFZv3_r=;|d91kIunHV|NkgT{(aS3Sm{9BI8>SxHNgG!6l{pG9!@~If{Dl&TH}!W; zHaGK);N71WRjYUFFN3l&jccYAnxXqrn`-SAhcUGHUHsrKR>&DM%=b_shVRnwr^UYX zOJm-~NZj_yIT3-?ZOH~0{OKzt>XrZJF}=qiN){z5z8VGWr|ZJ0tW@8-H7q&Hf4QRx zFvX*N%eA~BIW9@>)^(<@Et)~UfX~zQ+^>eeK#ZO&$-M2K*z7{ z{68Ac=|>R5Bo%!3Nd*{6@1}ZJ%f@Z4K?VUC&?F4r2NPMRY?@dd2=SWBkQogNONZEFeMHTh#w=tzI~eN*=?HA)Pu7VRY2)I$eLBk(o6(K$Hm7Ch>uw9nE+!_@qkL|u(v zHW`|!hn6(uHNz=FMsfz!VMyUB*!3{7f4)h-7*t>bv1`3tF3cnO5iUB816#Icnt|6b z<{Cx<%Vp$!?(h__L34tv*+0^FaP;$e6K4zojb(juUFNPq=S|Aj{=O0F?u1D=+<@*R zenzih;fL5W2XX@DkBC3ZNSPJi_H^-Sq@WCTdEjh~(caRs18ZzVuYMZ0X?jx0Ls<6| zWKo3!QR^*P=bSh$`(gf-nM0W_#q0~&Gy+N=`i_jQcz>mJimjR5UN&K$fmOBFp7`5O ztsk<7pSlBwhR`4^pjUfoUYd*sB>r!Ep2$A&q#BxM!sEmhkS3Jd6H^f=LC_gaa;@qm}{Y_K04dZ{MxwmDG}=F2WkI$@)@T-OXr@(rQ;eXL&|{(n4Nj$Qs6S`p$ZWsThLf$#Cu0)i~#MFU5z zwTPXYsFC)gPq#foCZ#MR1u7$Vq@_yoqjKR%?TAyI!bA?BhRvGn3ttt zq&1uz-=H0wf-&ou@gZN@T8lu@Z}hWKBd-q{+kSCzW1GenwqHnB%?V<8q82* zNIlV`TykNTjDjAZQPyg#_QWz6x|f$zK%AyX6p1@URV}^0c|VNL91&&U2NA|VOx++n z@`|~X3K)2FyinIMo&;6a>SL(VHXu;|v!VBO(OXg$YRf(J+$cs_v31m6(;d!p(D|!c zrQo0CtkA|C-%l2%=Dh$wMg=MLoIHGcL@p(Vf98|Xz0v`QIu#E8<3wEZ?nvq9vE-^h zM5|U5RU3aYl!<})#xTF2iun2q=`av_TT(Rfk2c462?u33#0awPhr(}mr^Lq= zbQ+2mB!Te_XJV_kl#M|uYsbqaa|p9)QpD4=$IRWgrkHpIwg942YW5-jAz_!x0zq;4 z_M*dfNsGeqwi|tj$DXe}dYWqN+L{>|#z5E7{cDzrc4l&MeDa*JKlPtgNllw8C3oJ| zoaMjqrmWzFS2Wo2t}oR~lbCmIKD;8#672|++w9-QmFMqSEVnvos=R+@xs*Uz+hI^q zpR^&_=IhU438W0rWr*)yk3w%&^ghxNoqZ|Mi;wNq2Hix4(`Zj#Lb}v~=iKTKzX9Xs z4jJEO?Iouun3s3bX{PdQ{nads3WY4m2JShjg~~jM`nP8vZJk~?W}h7o94TyJ$1nEd z9&A=a)7T^`i9?N1K+f1?0X_>t%~o1N6J*M`$5GjM-z*}j7krRIK*qO?Rmn0U?C1bW z55vRe`_+n?0ivncKZEBvc}m~e(LYC<=YwmYRgHAstdT(aCP@&C$lu-h zJf9q@Uopea3c}vPVbAXy_RcW1!H5IvSrpQN@ zY`Eeez}66-n}ksLi%*e)4Eg?x#Wv9|+bdako~=YsI&i*nhTUR5tooN`Dl8(sy=CQKCx6=;Y9I z7CzQg+mme0aQswuLeG204d_Ht`se(|u%I7 zPCb3uHP6D+;f|9y7g6CLY}Hjs-oO{2@0pdhNHrv%4D$|4s_zbc(%O}7G0`GJCY|4u zj;{ARJfi`u@b{QB03X|B5+0?PBQ{8h*)}PwmaO;xcpClScro}@^-_sx#hT6Tr$wf; z*A^9Y9jn2Bjsi92Vb4E5WugOCcS2dEo~TvK^+*@X9u^?4&I2TPIrBN26K0wn(%;^1*-G{5=XS znKApH&HtGg_^X9z@rsR5bGscXoN>3-&iBaIdF9j-JslPOoL#{nveWt0ext@$;Dm$4 z);I?NkVRev%jFV1-ok;C1Bd#a%7#x4F!@A;Ri{_6CNXzGx;=SlRd`M$bx~{`emWYH|Ej}NQ zE_Jh77TAMU#-MQNSOi%%qR5Ql?iCWi{W_RBx$T1>uO?=MBrwyA0hTx9kQ8dwLI znTLoZae*x?OaLPHdhp2t->PP>*7BmKl4ztYfYV2men0>5`2KQEa{tv?_HxcMdn3~4 z<>u6*mYij|pwQ?qd3n8M%m(-?u@4dp6co})k=HKu#Y!yKDZkin`s?f}gqv`>e5hHM z_c_dm_g?4|e=8}s?u;F)w-R@H^Iu_QGsFKJr znG{J^{mMN3e8PiOJrhYKrb1hgb+4Atd zIL0PQLA=~SZ>BWrKc8x$y+u!BA0qU@WJ`0rAXel8(2|oT%=+&R)BVxT`j*KO0Li3K zoYyFbr+Y$bim*uE)wkw=%E| z(fy~=scfC%Ar73b4Ob`qyA!0Snk7cSSBqfoRSgI*r*=)yK_v^xo>%Nq>H3-0Z>n`OnbV{D`d!|1emE}U8E*A-A zXV{H=uY{U=N_wkRjHFg0CE=qQ;eff+$~I``@2rQT3nH5MhAJ0B3=_Xo6}XrYc!Cb7Dm#VlkC#O|#HaO$;rv|UU7h35YC$NYFT=kVb@;RzlWx|>T`m`-On ze(4Gux+-u3v45}2{m&lSVKvfrrgQK80Q}M~kFZR)=P~hZtac<>&rC0lpUA5f#cK=o ztS-@dyc_43_%it)A!7{#{UBm4V>bu_H;iv~JZl_r zmt=dq)FQ`S|8BvWjz%7CX%s@~?_fgBN37tA*RTi)sHhR*Zb2_^pG!EIlii5f;LPHZ zt5}~5HB5ugHRYVsz}$S1*BJj00DeI3TOwX8dpy0b2Is4lj3QRxrz{M>?Qk!fXd{pVS?GNuDR zv~g}HCEb+)wu+FXdhxb$TvLHl%^^1oDRwVG2kpd-@yCX}^*4s6g*Ql8epop-COPkWm?qLveb6K)&p9Q2Sli9 zFtLktpTl^RCNwjV z4UmksA=Q1iJD$`co?N}AJoT8KkQ8CN`bhY$Lw()9%AB>rt_aF&zE+2~=6EnDC=`@~ zZoKCBtra%hN%U`sDE5X13vN5U2(QY#g_TYx*J8dfAZY142}mOQwE&|(Z4^XPi>UQ-GypH!WP(>Q2=2qK zpIbw|%YVmr@?)@8n9{D0&%jor87cj~NYk$Q^k42W&VUQVZo!82QZF+;MTxMbp-A-> zC+mdWGj7)JjwPi2aXN2JoZelj14uRUknXUTkmmw9>aN6v5JM|Jynbk5K8wc17mpuqA8;{ zw-p*PJL(6%PK}m0Ynop_?^eE?(W^@eBcs zYo*Q!vOtpT-}+EGxMPNB-4ze+~0 zY+CCBWb-{ZDMHCNeS0f=w|Wt_C(Z^hT}s{M@3zjV-z;6*j2h~?D@fk+`#);xy0uJQ zqofP|lZM1;yArAjLHxB9DPqP59b@^)y>#j`-v@}#a}!(wJ0iYul@=Mt0zVRQzkxx+ zLic&tWMCKkj=sJ=-Ta*4d1EGTw^L&rTJc!ZbYnq(|MT)?e!_x>GJPr!@d{@qAEmY8 zOh3H{5}a=REc^V*n5O^G{WQbO4kZBj3nr8R|J|(7FNpO|!dMzj1li$0>q|jEY+DX4 z9VK~6eZG-=+h`Idn2Ad;9Dq436Ar)M-?P%h$Aur88sEnrER1Mqge?E&<$^1!CG_g` z<418tP+T}hVe`nsA_VWZ^0ee{!>oC@{G3g>kGuh>RnD%2Pa}RwVPoOs{>HaC;#Dvv z@kci9NDN=StXa4tN{Pyb|x=AA}G== zENNOc&e~s)jXO=(?}_T7?4FD_8FM|Ctv9pvT8@H2gfeI<&HOk+ zRl0hm*~#>beAKEn@``Y(v7&Nbqi8cvO?=z9m3gHt$KV42A!XNnf#31aG^{XW){0lb zBIT8$qBo3XCgi`eJ%A>I2R;+Y|Au>9c9}jph=hm4$6cW{u8Qmx+Hg^LgT+cKV6Jp%AO+=1REq#D13OR1dqK&Gdu#_hk~ z+(S9woC$8`xSLX1UBVp{x5dv4g{!If%bhJ|xM&A#BW(yszrkVE)u|#@*SeJVWHcK@v`t2#WC2v#eShiZ2I5c zX5ccolZV%T`*GR15Z`f1N<4f(-LW$vJbfps;L4hwK6-W8O;HE5_Ke~2#Tp)!)8lA) zz+<3^?IL_wJNjEFVTYL)Ziv=@@uB7a;zRH7oCQ`7;HSt<@1?&pE-gh;aLdue^}QKs ztYzb?52xs-neQZg7N@M8dbn&GzJ;~|730yATx~Eu)WH!6r(5zBL3B>W;U131X6Wcx zo6$C(?vrJMRyyM90)*)5lPy{tyIMH0qeJAJx>*Om6Gac|RzbxF$!KV1$xes95^1(8 zx8si2K6c18gQs3Sn4{I#p=E|!_Lp&%M{KJsvC&K|+SDJ6B5P;lqRWGmY~&??BGhIF7wv2>1o#^3cs%uIo} zWJCc?u;fy$kZ10SU>b3+QsE!VzZ*i;#GryDUCB5htCN}6<_iphTINvSH)t*Beux(S+kkO&VH7e zG-p;J{PEteT07-I(#puNC@tK%(Nwj;2G&6zN;+e9kM^CSeGB8hV26_>f3=~(5@Y+Q zm8Bc!N|KImDHZSEf6wYxd?P!dmS-_FsnG}!F9waHfKxAR<3OLB_f#tdvRwWb#%tGS zQtj;2*_}5R*19*uLk70k4d&l%%L{kS}s!br7TbH`4IIQTTEHU8nJZB0HEMnOZ-S zf=(aiWwpYm@}Ak68-P(wO0$;JskdJJe5B{PtJQIepDA({yT`bvzzUkE-+772N$$7d zDl1FeRGHZ_MowVwp6IdD+-nO@IpDTJ1Dn^}J+NTX%wR!e`R5t&PrG3w?;dMEqG6*> zt+UYHQl+Q`-||0&>ZAb5$^D2X+P|+S_n4TDhukE~W9p*Ero{6jVJ_m4NAi_7ZE_he41=wDK7VVXTeXu*k6%X)5-357M%5Jut zHkDN28s_T?RNU8_6=iD{{UIG*Hu=~v?5uWr*l@;EvElhIsAj_(ivg8DxRGgEW^g@874 ze^Q`X98OvjYl8ibL)ku3C_FNX_AYbNnGyYnm)X%bFb=+&Uo3u%#v+kT$4MY0e=9G4 zs~5Pg&JKJp`c)9j3@1%I9E3YTs$oj$wHNe3m>N=BASaR~Vw^o}y)Ls?gx zSfJ>QpOUC(iPDnxwOV`^3D#`;;@aM#iUvSULR?S}{f_wyYD!`i@`zMjV_mR{-C%$v z7m27TkgO+QB}|8IJdc%%LayEgq3RKx#EnW(+f0u`WrMZw{THkPl=;&pUpCQ*%~(SR zp{n}(S4qXMZ&Z`^@KWL0Uy9iX!|QdA3;te&k1|E~M50vMW3sQsS4G8|xdiLKx>Mi{ zJ02>f5#gr$tEB?#hsjeWqQr1m`eWhU|HGt6EF71y8GVnZw_nFzNT=iW#v%Wwqr&;m zo@qctk0QksWV;BVY93w9I}GJLAGFok;61Z_+Fmq$GovBbE>rx1G#84X@Ll0&)?fTV-sG0-QfA zJYY4IZ8Z#({ylqW?AKpmBvi{+8!(8(%yO&wt7RT2XF6ArR`OP=yUlveCVIwC){aUw znrO|UBLrts43){-lq#1pk|mWL&}Fi!7RxPI!c1HKRui3{TCg1cUQWVeQua?2E9L7^ zyh_6nLA&yZN@cB$m$3QV^^ z$EkU4`F-25^v@7eL~T9GQL_YpC91TwIynznY4&G&beWUC5^)L!+}1KXQkle#3-imd z6s73G0f%ug@oOBE*JQ1RN*hDs2cHQyf)c$ozER#@%t13Tkc9w#_Ghh4BTp!_(#Ozb zZ*OjMum|WY5>OE2B$0c#!Yuqrg>atpCLN4i%6DnzkOo--f#|COA30x6Og5nW3KZX$x&H5GTvurKF zY>d*d``LVs#iJrAyAsYE%WQj@(HJIS+fh)zEkFj3^50aF2ivLhOeN*mFH)n052Pvy z@BQJs4-@ow64HIlaaNI=J?>t9#;$htuJlK2M_U>Tvesb1YR1ZJI6!ahpHw)LexpNC+RS2XXxD$-1nilM2 zboNE5MJ95`c)>*fOA+wGFrYXYNsJ3|_u9y2kv4e=+uNiI4*Q_1 z+pDFfn{lkks6Dy;s+(Z7FZHEjF*LF>B_l8(6zxe>Os%Alz-*j z9`a9pNOSC>PbV20Z&}a$mrrh-Mh`v~4&L$>t;)%gq4}?{+$@HWfeMy!vlv5IEL`BA zW@LJtwqM5;7pr!hImRYL;vX(n&D8W?5mDIPK0Y-bQ&Rlku7Au6?t<(`%mVn zW3v55zIZ3@C&)xnV#+KOEVy$GzYstk`xN@|v+z!yE$x?}>@}fN`;GhY1->0zuQ11K zhJa1I4=zL7%Nftm)%v?se5W^UHber(5bv!y>H9rJA(0pAw|-8A^z*6VAJptl56Aa= z%W0cTlq;9i9sP7mKD_Q_j=>J$eq(08{X0F}m2$`zgZ&g=r1)CuKp1t{IC{~KpGJn=Yj28<$5sQlKGdfI zx|o{r@JEQ~DBmN@X6bxyYIbJS`Ch^$^{+4^i()s!fR13Czxx#KHi_L0h zJQYj#Oo_U7zp{0|C-A~{Tmm@b2m(~M9lMhj1Kd;l8Spg$e7R5IULQNHhe>^2148LB zbWolHLhVd~fr_J5OQ_@Nbu+GW~KdFM=6~mC>Tr%Ap}=;_p2(y9FbTAJ@zn~fK;Dm5B0%O8$48&@T#tFFUz z9D)JYDwMod^b+)TiY=>+2AJ*Gj z4g7thi`odcd9|vy(H~#G&DpFzqbEOH<^EIN?k#U2ayzcbq?}BF6nw2I5|}OZhiW1s zS%XTR>?DGg{VG4_vNoR((|1ZTq$0%>b^o)|>#3^6;;Mr^rLyAA1yk9OlpcQ%g>Yf~ zoNcq5h>N}S7I<6zDA9j<3%3XLqI654XM1^Ajr#Gjz;>_CcIlgKx!(KI2d+C2(~#=1 zsY4<0#*^w6;Rf%W?AeZ8G|veQ+^FX7GRXt$vADX%#$=gm8myXQ-@L9r-&ZDKC#%m- z^>?*p>19VLl2g3}atr)9GLRpB&r5~qTcFY&& zs?eBuH5Lay2~`d_+4Jo;t#ZGrT$(>{5Wr7=fn3+*t3KoTB@OldOz3o*Xa*giMd)6$ zzKLUP3kc|Mo>ki=juMQzBFk`+Ba4g0jF{lWJkJKrCuWPvsbdojfYGr)bs@17g=2PA zMjF>*upI&IXvSTnEC;5XM9t#o>H7-oPqwZqnw8bKmjH#x{7Hz3OTVM+Qnjsy8Yg}E zx8xO)j|H*CB=b77A739dhB#LF3*9VJt!^X*U`k(W#@Jb_sVs58-0G` zyF8&aTQ>A{^=&CkPlDFS5@`JrZqgz4^q-T zF0-SRxE=Y4XqrgA7wNh1*}-w{a|&y9s!$E>7EW`Mmi4m#J@07mr}ds2izR z&7qjsc#Y)k^8_~0Pi4txvb|^rub0*y;38s`S5Q%IJUgMBpm_M1=M*DWJOiNO2*U(Cke7^XQaIyLMIHzrM+S_5HtC1w0-lp+%q3wA+ zSXqF?{Hg|jvLWs&|8AP7O{3PH85N(?&`AiB%@ca8w%XvUfOzsSf8#Y&QN`8*fMKQ} ztTg6zkjRV9t;HE-t+KS={NqGqTE>#=w#Gi8$OZgaE2=6(?d-I4LaOnY*E< zWouRMvi`Da2J8vnOUdOe6S1G?nso&MZW2W^KKC=1kFTrg=}&gun@sP#OBZ&PpEfnE zjr>b%OG|4jPuf7u^V#y2-E?;~=(ravqtr|DN9HT7!UdhjSvayb2!T5wZJZVl6I~kn z#%~AeZZAC>n<4281Jy`WL_h4E+tAi=Dv68D?ju?h4o2cg*jMF=_|S=-YX)=fmI1|V zL<2#hK*}1(48@ZBb1DAn0wn7!9%quKKqc?GC(+C8N`*ixOfa-Z9BgySZW?P@no%wV?d_FP z)O}I}$Exb11`{k4`$^0Zbs<5XVKf(}1^%;)Gxl#k z8YWjbe+bKoT+9P;IpvIlDDh`}aPPDwa?R%^%`#q-D*E+)67UCMEf%!!0#|ak(U^WW^7+xBMtk)3;~tTPk)-d6A;a$+TsRX{n*#JxSyn>qQf3XUy9j zQ1yoU&eQuv?AjA$M6m0Yf`v^adlYjuP?5Y;rk(Ky6Z;o}28nSBoJSdHYN$(Uz$UZC zA9oF8jVAyF!EKY465WBDc_+o&CigC?n`l`bl?_3iG6|m%agOsak2Pa?&r?tbW&260 zEqL6@ft)Ji&Wui1&cV}Gqjp<1dYAK-Z>W=Y-#gmE2N1XCQ>b!HpVv1QiSdQUA?#^U zWKWJUJuRnlS-2BxIxZv6iiSkU%=WIwel9nsdPM_rKY6GdL&YbP@#<~YZy8rMJ`>PBA zBjqQ9Mvj7T)d6_7P=lj&T~!DLbmBM7$kVS1xC!*H z-)9{~oG0nfK+28S?QmOm*QO^%zBWB)2=A9WwjaB}P+HP6#<0UOMalj-!P9zFtG@p5 z+7!_m9}@6EoMLdD2}Ov3&RA)b2Dn~K9;L|7ne~NW%ImXL%G|z($ANT_p@#W14(I?H z!Pi`c-dO@iLP;gPSn-Ja7*g>S6y0ya$IaoU)~YPZs>3X!0Zd7HHzroIv@zYd z)MW)6?6;H;I}Q{dBFgnx4%Buc9Bh_9N+<}X^mH5SxJg;8yiApwVv7ycR`$j9I7RtP zTUDO-YoE#;pX$7kj~FxeQp||l$X{miGd&hf1ZkQl>5i^It2EK=<>zZ)rP=Dh>*xJ_ zRPW%)$0teFBycy`-{L0!RIm`gH%?VWbAcAhBOylT^2ge{!9;{|LO!A5b% z7|87=qF-rH&ZlIpd1E_6oxV>THfhKJ&h^b7YMaD-EnpNQuh7wOpQciw$V z!NnYoF#=25`fksKn@zeMnXee+ zYhr;4)qxsGgV5~>Gc4e6#5Py=sKe$fpxy{?Y!ir`Lb+mj-o5P8-rVih)_%J)li<{M z{6P7Z&qeYCLkh{{H`F~Clb!a1E5NmRRoNEaJZsNZ3L5M(UP!oy1}Hl~=&=CNgNY&P zH~y%WByx3=@Ai5$y#hfD`y%@U?ttrHBsd8AE8cvt2C-o1z z)tW(e58qc(Tasq?J4j{N;Q=Q|Z-n<{c$U{g{&t{h7>n`lZ@|;{Z(U9)!ZVrdx9|q7 z6T+Xar9}mM{-YX0G`Ml8?B0;D`HyV3dHIWyNxKpiw}xV2!%8Rg=>|f(VHiO_LD(Pn z=JjB=9Di8QYY~|A6hw@vMrv&3vhe+8f;IGInrxV3yZ0lZv!wUYPqe91cQ1Tp2UNcM_E~d&bt&@kNvYL z#pFV!(*d4A=DL-jQA4>Psqv7oXBuRAAAZwvYoRJD^8t@)Z_71Uob{gF%%O)Uh&z<7 z^T*~i{~T2NDxr>=WKIs__^1K|OcQ!@+2*7sBl92T!PTyKF$hF7ffp-Kh6s3v;z zT@rMA18*pYzfc>Cu0m>Z z%F#yF2Z?W^>fpja=3_G2wH0HsxFgLuTn3h&15TL~MTY!wY-O_@OX0xM&QF98iBR*T@8+#Z1Wki3oSFxR|-sS3YKK_l* zXp!jQo+0rcG9Jgx<7Ugv)Z0y$`E;}h)rVZDj6(y(Sa!Y2R}#`L;m_3%&(aO9AHbW( zK6K$t6^n-`Cb*^x-bqXp)Lj60LZS_DW{nA#s^0C#;o(}P$Logg#^0T-J+8@*sL=T) z_~T*@)Y|`T6KLwxP5wGDlHNXv6&N$(EoRA?_e#Vq&>wd}L@8(loR?0Q&EfkG-#^q8 z90g0RzPR4cB@Z9>m)q5Rq8Ma1!1Yl9`Qf8fSxBgtXE24*2&SG%tOJ*+mqwm4JVG7DNIw0T14n>_IG5(CEEo| z5DeeYnl)5oI#n{G5qg+#w<2TK}0Doi0+ug-No&9+}5jC;!4E#Rqy$4F*OO9TXmEwE78E{qRe@$Du7^vGG zOyx7y=cpQ+Z?~?DaF|}C6CKO_QS`11r%J8%2%ub07AWCaPdN8dIJT16=nWkTtqg)3 z((2>+rFb+o|C2VKli|%Bc*El~>}7r#`SjK5Yq_8JCv-bDE6d&TT0Sf9^8~U^hNswP zp{^v>(pB|m3`~6CaIi>!Q(57Y1*|-!AeYJEO;^)T{DJ8GTsZ7Q@LR=>Am4cYqI-%y z)`bCka;!Ih8SHgUCod0<$Yp#%C;sZyn4U%R(;He&peosqZoLEuKm*R(cCxkyt z(9+V9zofI)|6y`!$fle?wZolvmyklo9sCwjGGs#k$x$vV=ZGuvJgbb$jjIL;rG;D( zr^M>nO%l2dGF$)RNnqcbvk){&T#CGIp258gGR6SbXMkK9jz^ysU5sOnMw*>*(uVE~ z`^qSy*d)|+XUiiWNc^Fg0L8&943{G(^jx!_#MFziL|?ET!CH*ojG1q0X+EmDpQ!E? zZ1kz4!0=Iwy*395z4No?E?Ue$_$|Bl<)6gJN44P6n$~}3n`7&#!~=9CRGVQqHmoE8 zkDbVYoA`dS@LqhN;GmE@z3Sp;fH;pO=MYRQL5Gky>UjV#xx&EyY7jL zt_jR6y$Nav*}_NdiS1KE5HA0a_FbEPWQYt}fE?DR^~k`&@6j4XLG9x52m7zg2J5L> zoYVIh8IS?)`BnT$H4rolH-#K?GfFB^)@qoImXKWM*nZn$5~#SMTmiUa#6>c;i)xoL zw9TYlh-K+64Ao?mke-%#xjIPe?2MaF2vM-4Jrm| zpfnVMD0uje>{2bGtOR~E*icl^$nHz5u6S1R+w*+E1c*P9eOeXDE1MD-YI2329yH2EjZJp58%afpd~JpmfT&IExH3M!?ByQTU##i{n*0^KR@eX_^Klt}cGLA&T@`uxkaDOCKpDT3TZa zvV-((cfY(Fc5g1oGq31uBhS}opv#+lD{`}8?`I^IO)M4auF z7s0J)VarfLyUmM^SuHVAcO39H0n>;KpG%Zc6EEREXlq8yJ#Wknyo9eZVKme4d5?F^ zdn^bm92!YHXnJ)N)$adDeo(b!tw|*NsgC0qwUMF*#wliNJBO$_^(63Yc~+EcU7_() zY>lkTy49wGzHo_}#<6|z;|EDnqQC)w!X^u$lni@%aF9TqHqz`E4GZ6L*ozqq+xpjB zYN_$x(ddd}AtgBy>1Zv1$s)VqgP;2V!|XudDi{jtqW@i-qWy#-93~&CgE6~h`Z*4! zhVJUYR*osYs=kDW=hCREzIje=MLyEHI)RG(PI>af5o>6^x6Z*DC&}_+vm`X&)vlH? z!LpU+LOjlOgI~%ySmG1_75x?w^c*m0@VL;voA91L7s$Wv|2>lmzmDsTKfj2VYbind zE)NBmu-(!_EU`ZO@iR& zKFd)lUx^6uv#5fTwxZby_BR81g9k7dnwpa+WmZ{dW}PX72Sul6hS(=L$$OT%U2}qF zFl9DR9*ZBMdXKaN?-z4bhg;^2mpung$M%z^!OMe+;#pK@daX_vTu4rILPVe+!USuz zqZKr;An~MA-%H#q34Zj{wmF01RoKc(c;o2d+1z-i1mda)II;d9ZPfw5jamG~M_I!| z+=b;?%BShem(VCY2D-Wf$HAVL1@lnJdTV~k8%*%?%9rp^lpT5Mg=0F+(TEf6qw*DF zxvZL=*md0K9WCw9+lk{} zyc^twgozG79|ms1f{g>%1`7?1x5UR>{pAyIk>|eO&3_q|r!BxS>to4^YHgPAXn7fq zW}dObr%7a*_&8xrST+`?3so80tm1PSyQ5tsmTEPZlCJ0cEV1M&j>}V>U_2`P*Vbs8 zj*DT-!VJd>7k0Q1eKf3fguz|z_uNrD?2HA~a9D2<4|}3HJ52|O)=9A+=vW*)rpRu_ zG-=%s=bQ`bb{hg&r$>8^w=E|C$7xi)^KGZ1~r4SJ(S~TG=H=DbtLPNE%z{WLKo@Nd6 zlB!q4F}?bp%Tfe52U6L&A!p;=VpaVNN=j8#gBcK7ozP^l6E0nSh}GU~d3Qz>NH8*z z50gz6n`Y^alsb#NmQp)ek)c3^+l_(te_i>VRTxfSBVzvBJB1wfvM$1)UUrkLe(`>J zzNz>Uq81H|Xn{ER`?-4*A!b9p|C@T14o(Dq=qmHL7Y-6|l?rF95%i$X{pZK*6>H>C z>P?l&=sUh8G8UPTYm$aZO6S)qjJv0y;}WK~z~O_%qQ1H?0Swcl z#*@aJF|=>iPdD_SH4IIKgk9Anrn36%lW0%Vz|Ber=r*ItpbmWlcNrU8 zG>{|}cmiF9u(vf-$$}4)sBbrc;*YKz1cGJe?LA$CC>{+SlY zK5`6ALz&WRa=|bnkc}jo@Utg$oNp;q8AXg2Rg|IPioxk+l1WkOL{E1L4pPZ8@;%LQ zB*^}{dQ{M%s>`&()+MhL)Dfq)#qOMhkQiO37FqJe#%n04xu=^Gl2WK!)o|zr_CoM2 zvE>3iN{)qto{`RE3Yxq@mB)Mo=ipCK$uc~8m8a?w&Aho8eV9LJ$Z0weGzar>GnBvCMapyP;7uJkiXl92Y+5Ci&6U$r63}An2~B|*wye^& zvVX-J!usvO13)st_SjX7w`XBIE_xb0%<5`R5-~P1n(%#YGKRBvtVf<~ zNkCIuVBOrliirO};($-c1wE;`x_zHebbo>sVVpSytbY-Ce^3|#mq)VS`1O#cKcFsc z;1;SY(AO|CkOZ_=tASU?zN0`xF~O}mCGYW)S5Zc#Ph%;*4h5ZR{g?rcGK8B0=KR!X zQ3czUlz&3O$AN`0oX>=m4|b3&0?$UH@I5^F@w+v6{oNY8{O&1ARJn$!n?pbckbmi} zZ@v7k(r12BX)F*4nADrH=Ta*Na(V`Q#*&Y|Pr`JT(`}sqVeC8%5MzpF3~*cJCM+@di&zr8wek^kSb!Lzde$A9Mb`bz)z z5YNK!fd$_PeRPY)1dI z=+r01T3K0H$C|u7GvX6!uUgIHDeS3Llx{|Xyabwz zm1kKh!)M>3f!kCp(AAq&b?NmDYTo$# z7x6!)spdVsRJ~pK^X}I`3-Et```Jd>{$qQ4<^T5}4@pAn4s|(bktDG{x4Zprzg0*( zB3b{4l0aE+un75nJRWE`5C?D>@{B~`A6O!k44l$3preh6>pEdmCx6_N-fi8OidN{$ zZp@dITy@8xm}KV}r>T!8SYYfYvqR0lQzF^ro-(5Bh0}2_VqQxZl)_=Cg~9@5Fb#_~4?bTU?<=2KocjWYit zr2q0IhhHe03iYXFw10j$>XwyIyc`%f-MTrpF3p$+-NCc&`u#AZbI-pM{QfR|EV%#O z-qt?8_7K(tnUd9e#!+VQ)f7B-9mv za);SKU)3nQq<5$fAlb8!M0+$Mvt#PBIN(FrMn@Z^wX!caZv`a=V3Az3Qq49h;Qx-3&+!Bu&W-*eG}1RI)58raB#+ z`-8(Y<7hcQC4X^-ZK&l6jI?Zhz;wOT*bwu2BVs}Lg^BW+rPNCpdax)=+LKf9a712` zhL;3QjK?7t>8#h%*2Nv1upXcBhw@-LJ5nVJ;pAJb@-?J!^>gljH=nKJs}X;x@^#4< zt$W;5MmS>LlYg4Ui3qw7&Rd;M2Y(J(06V$)U#kNN3wFw$Rvlxa zC{KWEF4*c+-Lg6=>=suprFzR)|3~HIt=!qERur*J@GzjR^AkLI#YkZCp_$rGyRvnb z>iQ50)xcFKCPpD>>RYd~ys~!Lr1@ZG2}MG$yzSEb+7d#6eWgoVq?;@Xy;i5Qj1S!N zeyt0rzzhE`mYn5(P2tQ;roiWp`^#2u?bzq+t97Bz}v8< z?N-suzXR4W46C7c*P!2@s-H%GI#_@HI+U++73<>Sayy{SpZ1zVqhc1IInOv&@%0v? zA7{s)vP#`Ng)Hv1IyGS(IvqI4y{2y2r_W-aVtl7cbsZmz}9wEfP$_SkV~# zQ-8fUB%EKdG{9V{EFLHNH-hvXM;meyp--Zq7$YypBATuN?T)+9mXo_^cb8dqMQpLt z5WN>QdUojVG>b$i&%W(P0lAZR{6=wPNLWNlfX0_$%5d-543%76MHmZaIVE7RV2;Zz z`ct=Pe3>6D%|A#sgcz;7>tLQw$?-K;hJPxWXE0s_nyv+bv9+V_FjZ$EH})zSr=v^> zqa+g(5bT1+d=04ZKhbmCPlnNE>n3+Mmos4B)O+y!xiYjA$4Z(D0a2n7Bnxw9cRj|7i^6lOLdYxh{$a*|AxrMq7c7n~S6Z6K8l;a6 z=vX>F2y8VNu?QnmJ$_tVIeA>n8|~A$MAFC>5PR1yINv!}E*FLL$yIRm}+nR6$>%KxS9?Y}%_Vywg)c zQwx4fHEn+>azHp-&{?;z;Q2!9eQa0Jo(Mri4!&_rg&VQndbh~aADBoZuS;u@(R+LCs@>&jr%<(V*gS1)6`K)Fj zTuNk?65_63Lx1-$hI1w+-F$b*A)qyY=HiETZ3K~jqsfI51?*tD|K<{6AJu1oqn)2m z|IhK;H^tS-M^j!WLqTcN5voXkh8NRKEAFW1 zAE$Q$i@{l@e506{=eR{iB#cmffF{wQGK|6olpjSvlCEIW2tv8F(9%e;^>ViIs}Tjt zQ?>T$r&3lr&62_wwWChaZLYY6w#U-$M^IF@{)tWvW@GQ!Tz_F<45t$sNuj4JlBj^e zsR?jLT?kq1;h4N2bnRSi68$@zo{ntIldavX6g!j*ujej>>y$&I1c8=}A{QT(YopnjmbH?du#KsuP?1g5%)z@EsQ4ApeO{;a3 zv+oONPiMF&nn7&quc%#n0oxnf`bEa+Dd&-CR!al&@SKW>!wW~62H-q8J_l3wU-tT+o<+lu3-wzO_sEr7LF zWI7I=i9*GqKzE8;ffiuq3NSq}O?riIl_Vdxn}3|MV$00V6jxdWHzX}y;J9&VZl>K# zSm2p}wO*1^I!)9OH!o2!Z)4gz+QN4GPinn+_h;_?zhPQs0YuA%3nEQ(^AG#5MuQeZ{T%=U*aI^p5iJTsi@HhhG0!s+%V zcwRt#7Et(ap#FrlTI(u7)ytxe*SI;FYtze+D2~bjfWC9=;`{4sDYX=(nY}m1O8$56 zOc9P+E3bgF#3Z{-5JENJhYwQxF~c&Kkbg$Z!o0%peZ#%)n!TT;DZD#+^@Kl_NPO7( z@WIpmrR9e4qEI&rhU1b0l<#CU8VBl6pb@9KSy?8yU0E5tZuZPbmDMu5dAqlNdieI}W?!H`VLw}Yw zo8*yj{rNBb-?}D}>UG;(c=Kfz_i1%_2ZyD>$)@?OhKRmLa&%k}k;!8ls5k`jo&Is% zHe>K7%&h1mJ(A%g3o*N-1^By$1M}BF@%aY=ostB(pg>?muWWp6<0DisML0M#cRiOR zjO3oqL;d^@%kZdP<<1{CODU!~dw=S20smb3O9Jw0nbmt-SiR%@qn{3TYZh?nUT=!> z9)B<^8#z!jhgB|em|Q=8S~#qa@?j2}5Sr(l;KFiS%ZfJCFLvp?83*eUKoS-#yP+d! zlO%bu1Z38HHcePeWAVb7SFDnSwHuE{!Fk&r1~b~F1}UfNjaYg`(f}TrIe#llu>wxC zf3`Nd@QRJYI9G&O`iTUC3!1>dn#)KEt2Av5M7V{mha*%4n*z?&xl0i`_x zpbK*zx5fLMwX>d|n@{^x&wrBqzpJvmaUYA~KW_C)`Cr!u>su@P{|9+KeCYihF2m^% ze%h@5k#8BK5TE`pW*aaxj(nPyfJw;J%t*3e{Y$HjeoWeNj+xpdqyIq zCnJfvvFo;ermA%;FJvEb797s0PclwbJgOgy)+#C zh*5S5nA*V2#e}6$c{XQ(u~fTpIxe);-`XkyK0->9NOCXj|7t_~w0-;YR6g&e)GN({ zFS-W2Y1*g7VqKjy(a3clKG@CmM60xG*~6zz?P>O~xHn2Iw}15?75S#Nk(v$gxv}`| zpC#$P)+eMaqBnO3TIBz|{%os6|JMgA{olhpMeUN#gJRB?BT|$OZF)|8b5yUdTNhy* zSgZUa7SWb#p@oG>CMGNm|3F=S_u@IK`!5GABb_-3YLwG-k__v`#(x46nuY>nQn)2d5D*Oql<2IC=0tnGE+^KJGPYp}Ht+)7d3uO=Z+#LU(%S~{jgs_Y7|Hj5<3IA_w4K`Nz{~?}Fg#W)&o8)$6;8xgB zZ_B?f72z4iQpAaSpjPC#z{aXz63xJ^W7zGat(LSpZKEb_$#u|SG^-rJZK)hsQZ#1^ zt;oYIpMPcXzs*2oSqsk^OE01X3-SMYIsf<8#>NW&Kge@S{6B}$yuNOgf{JKdU`)za zEdLEzeif{@VA{0|HZ~wGoKtO)T6UpY zJoZ%(2{ri=l{Buj*ogHa`tSk%&B7SkYwfy{1uEhCGr>p4Z0pelovpzm8{$hhIK?z-n-P{hQW++tz4Ar)%n;pGYJd)J^Bga{LI_*YLvrl0|KSS}TYW zK!03gVyxIap*dB|EEGfxwbfPCNY2`zfM(w9hEr*n)5qSIp zepM$~N}4hCg{K4D!FJz%nv(bU+JAZX1GIO1pC)3c@((CK;GR5&ZKuqx@~!mLNh_E9 zZ#2B2;>Ej@@4e@yo}QatIvnQpwcO_U3;8?0(XWkJK$6gnu8`MP@PX^=o(Ul!zq(zT z_r-qg+hXSf=M?qKA#vU*9$UAO^9XQ#{Si0~;4%OBYde4cYkT<1|6BX*?|Vz=Xu_}D;FL~;l|mrC1m$W^bU`1pm%sw zr+0X?Sn=?vPV)fZcrn{c8GlvYowR}Ajo1vm>?Jlrk@yntX#>mTL`uG?u%FFjWFbvi zsdn%ESr-4>uz$Bu0MEz&>)V_Cvj6Yk*|Syt=LdOiqyHsI!h04^=b?;OTHsG&*O5?P z2dUN()E%9Od8r!bg(M-E_2rcVv>SkJAuzZJ+}_GHIL^4L5#DnIAAgP@rt?a+3$fs> z{yKHv4k6B>s7yc1yfgru?FdlZKsSWO5}Tt&!J&^+9y(O5MzMz70t+gAgjny8=LZY{klG@(uaCQTt)Grc(5jjfZYyWmGmZaAVfy!zhNbg|>TJT&mHoavarO ziXr8le(F+Q%gUuCD}OgovsA9On#2J-DQh(&B1SBo@-9ng%qQVU81(yesluf(JiYlW zmT!E~1WPU68NLneG>xKhp(~+b@}bm4jd8YBUCm{-R-NK5j6+dQ>JE;~yL4WgW?k=gN&~8Wk&hGFWH}secjkw9tQoB-3Y?1ZDE?Psj6U^dp+0)tlL{uG(xo9Q1FJf z7d4SJ>e4xs7YBn>FRri%e%(94t*h}u)Ae83&41lB(OrCXara}`ghzX2)8J+yy;SfP z_JQ|2i9G2{eWsl`Q>iUKXGY73iSV%e>zoeF#O?}Nx6vhmTkzE?ML)PXcU_s`{WB6( z76MiZr_Zc#QV#~MZD1}Y znSYiWC774rpC0e;zB@WN`JdCBz1IhCPTw8Z3m)I6Y&tA`FzNGtq%-ZsUVd(Jsa<|9 z=uD@L^fF#TF3saV+&Mn}`R&o(7dHo+<#?&ZOo8g#)(XCXJ18ySdypuwD=z3e6dH2diJ0FwJIk&Db$$ypa z*s_y7I&a)fDSfl{jgF$`-nk-9SR7m2Z#T!QOI(TrEFqQFX^!X0p?8@Y2*fmB%oI!(lEFHCiME*G%g;=870uA%4a7HaxmUQ2LSgjpNvrFL)K z?Y3=^E@0_JxPe?eUnZ_Y2<79Q|1O^~z4cyWmQ-2Pc~QBsgq25u^DJrqZ-24_-6HzS zLjSLgjg5-^|N8bS{{MqKxAgxir=hYD;Uz+Qqgj=Cgdne>l}m>#6)t~Mldi^tN4j5B zl{tmYaL|3*7A8sf(?Ax(fK!DVl3kLJ^DqiUNO^bX@Id=E@a_+ULp!G8ilrA}JkBFj zwxQUpO014U(^wnbTf0g73h0GW994Ymee?1`End6IMzFI zLsvjK zCB8!zIx(&rHmUiPO2fByJ-s7;QZ$nD@;4?C z&$3JiEM{dY{(7AHKAR@iFRDwTWJ0>djM^lM*cA;9Q#J}C#K(LHj|1jk(6m$CdG5RRK3ghg3^Y<)CB08n9AdyZ$(o}TBRap3@@5Wf-h%xbf z7*Rgsf=eQe>h36E(ISxzdX)$_>X@p=G)T+ z%6giRs(+F?`<{J%d7N=tXhTa>7$trY%zyifA;~}Sa|8T;^TdDpS&08P%lg0d!HWNX znCA<^|0ZYPiVT#K=`E80&!pVDX|6pdZ(w8Az}w^uTm^#uDxM|rzfvXMQUX|n|JR>A zE8G7J2CMu}5Axh8|C6%y`?3-CL#Ss|_{+Bm`F}m5HqLVH>Qzuh;OloBT~g1tH)-q_ z^%$jV6D)qHom;eSr{I58ZQPb_?jXPIuW2kLaj+956Y?gT!e)P7GwyACDUDL26}B~c zt{QEtTaLvYuB4B9dzQxk${O#J*njq`_f2_YsDqQ6)Ak;Dz!I+ORoVf!gO!Mo?$f+o3;qKLLqm9CjezA2*W*`Kxk z=cU3QKIFj>jD2n61YR)`d`BV@`!sF4gRJRCSgXCJg>@P;qba_tZMUvk9UYxl?-;dp zMreCCjQ=A_&2vLGZ~_0<->%qyuFF>|{_g>v+vfi-sDJ&8 zK6nA2XcUU~nE(GF?JsYm1znEE{fwgR-1C35zq9vxzdH@?*2nzwzrMM-UONAS?e)RR z|L;Mb4!l&04L{Im3V3*0t-r%T%ms-e4q`&#ik|0j1j2X>%90X((RF`&q7xsR^T5(^ z?`f;m>A=aW|K20oiJNZ zzQz5j#3T7rA7DIla5kNJ`o-CB-T*ug%jd0 zlvhxFp2#VxtO=0PDZ8W`%+!Ch*37asjfSW!aTOYke&*BnyEAP~7eS|ZU zb?K~Wu5Zxk3fKracD@icXM={O7Q+V4su`5dimm4vx@_8}`J*Z1Us`@-IGRG7pwd8I z>2IJy|8Ocq7?0NEl@)J(;AGPgoSRhcM{F^%>|DcY_v{ zrgcQsw@*K<>oXipDSmNzg^DX)3WVG+nzpsvZx3Pf*}8;?GOt&^uYYT|0gk2|{Q0ch zI;MpICpz@p=Odhz!XGcY1D(+bGOn*>MkC0$3s25oXI#KJg@3+)t!}^DKYLmo%~p4# zdyDhwj3$p_-2fX|KzlmPZxhZAMsJunOev>vW#Jc%##Kbr)cxoZ6$1x7LNv9aBh31sy_6^l`^Avkd-Qi z0{Bu^3Vq|N%{Z{Z%>6V#7cP`h8%FcXZ+9P!r~yo2G$*f)b${?A&4SjqdAHG6YuP5s zuzUEf_nJ;6g)(KWV?r+qr=j4*(cERF+~|X~*zXMssM$3mmO{b;$=-+K80mVY{GCSQ z1Qe`asS{gZnK9jQrA+L^M*e!ogj=+{)`HR81vWK)PDOn4j#DS3n)clU!O$m#V(j-q z`8#31vKLH+qklLK|DaOxsE!C@x|Q36vqAr5cnj!MVdJ`ZojI@}F_>>~_|vY0jILJ$ zn>dVavs6{sl-zvIa2HEv<|eSYuhBS8QfIdH!@PiYx`Ju5xOm4iRTBWcxQj7l8xY{x zIRqgJuVPZSvCU}O?K|){ZkpCQI<*tw6`!DavR9?nsefE;6nV_Z)zD_f=XQxk<p zr>Pn5RDT5uH0AHM#Z|oSrUpL3p^itcW*9Ldr${0ekCnE}s6y{$G){!YdXj2%Zq$Ot z&1+IEf2U1V%_?%Xcr?0-%}T-VeKhrp^%3%%vU0J)DawD%ZQj>t@=&^GZtG5j-IR`K ziWpl=h%l#zJ7IS3IvOXRQ~kctyYw-KBn_t|oqx?`o$olB8Z*u!**KYKeY-?R4x!iQ z+d(f9k(}9(wr4O3Bf17+5^_MKH6fQuZ+<~%svw$)o^=Z-$2Am%I_#K(=hfcM;Ucl( zj&!U+2F+V{G;vFaqj%+03z^<)WYI&(AulBr-@|B{!}6YiqcsTBC52KX!BrSg;FP5P z1b=yY=UkCEkW`8HGSo}+o^zcsmE_GJt}=(+G#V6S&dgjf&AvU=a(hkXfk(pNjDk;C z76p2rmeA6*tkOPEEHLlh--?)Puw6I_l zav|}7O8}8XYASec(U5|rS)g;mY3rMB)VIC7^04*IH%_Ldlq8c-P<#o%((yqsziTv& zp{dYFPaYSlJgQ}ts|gVt$bTgXBYE1)L2w6D9!dxP!9^Oz<24(#?w^+Mn#vl4aHLDL zzWJth3blI-;stn>{mh3`^!#U(0HQ-62x zwA7($XsFsS{e`jkrvyKQK^LyVD6*L@1XIfb1LOS06YAp$!^(Ee3V$R2CuC`aud*~6 zf<9Lf^GSpujGyyE7ZUSmDU*%a%bV`5`@xq!v;=98^+&RFzM zP`JAngdBI(IpLuXBoh-XhCg>QF{$*F7sQds{)#o;)s4@oWfOiCY8{p#Q9DXR?hZ=` z6G{S_a;zjj?&jZ0Eq_f(dZFn7?g94*ye99F14wYYjj>|LwcV3#XG)TP!YHIspwR{H zsdL1?mlT;9!9bE)BnMm=MnS$pRE90dUwaCZePfUvo)e3v+Jo+(ZN7?#<2qo}`qImv z<&1ZBX)2u04%Bfh45I`Xq*EL@js0{ciAEQzqR9#UKcxYRh<}?-+TCuq?Yxdc8jCrf zexx(^%Vmy;3u}YHH*q^5Hl#r)3K-I2;dcjWpt6MA5GEuflB3UUk@>Jst^IG3vMCi4 zn(>~proMIPM|>8>f7#wH+5bM<+*-wdevqfce32xvKi9j1XWjKyklT3<;n403$&eEx zkvTTOD4B&*w13kHB^#{iMz=L#k|~h%jt_gz9_xmz*9v{vy!n`ttL``ylk8lcX35pl zSaf|hb+@L|f+{N;ni9#^_Xy{-u#rzAHfElGzO{9JzU6OhZg-P-+?tY53k(?kgic8q z4PhLTIL*#O_OG#gA^Wwwr~Q@}|AWL69@0roY4fS2et+h}X<0_gvy;}7D9w^YG!;`4 zlQB&f7Ir#VSTy64F%k5N%odi7SwK(edla=B29XC>#y>qSh@jq-iZt|jE63P_Zoj+! z7sIh%^0Ns4t2@EF5rDb)f3Uv&Y;&`W|DUa|@c)B6={domuj-aq^M9?R9A94+(P|pY zETL`dVSg4yN=M6wtxldX7e9JQ7Db*?%eGNbw1-L&DEdpO>u6LS<*p1}<1m1{oPGb8 z!zhcQ8T_7+2t_Td-EDO`tzxUF1aPsZQVJ9%3MRcuOZnFBYaF+rsDnEflvJ193km^r zIxc0^H{?aHIrrYCYbxz3y^a*p5PUm7AH%`X@qbR?lILndW5`fzbVR32Q203w1!{w| zD6}&rf3O%{Bb)+fD5@hjumF6xZner#?R4N^q_)Lc0pv_fQ= zXMd9IXd>7+4>BIYWxu<=)l~`Zb93+^xaQn-!%5PRq4~bCV=@D(d>BHzty^%cE*j=W z(s4GG$IPz9dy$fzbgWkxn>mr9($OnOQaTFXgB18Cp+7O2dEJ!OEgH3D7v6C?$|9?2 zC0t#xJoc{Wxpm$5vNU>ZGQ>$vl1JHCb$`p5k}hSXOOl36GMllgCdZ@Hr(DRbh2p$m zMg>IhzH5dBjDkxG>OS(I*uj&xiGt2kgrl6?yQ5bQ{Py4Hz3Dm2S(;9Y3oMyiRlTCh z`L_S<#`0@YXI`Z0e$P^MdeH8G0SN*i$c3FMRh7Gl`|+i-hE3fbyXH5ts7B3PHh*qv zXyY8j5ekd*uCA#s(B>E#SsSCS8JTM+G=yJ%Q&=p|N{XLRGtBiTP(wJxL{vR0d>x1` z|E^8haPjOrC+Ck~*;w3LrK38ux)T0V=JRxWwaqxJf!joxV=!l}n1aW+2l$eN4Iv(f@%x6N zBH|wL<`=G+~Br1BPu8B0BY;Gy{jzA>HG~vM1c&4K9A=6fJ0fZx4 zKja3S?hsU(#T)|yc*P|R*ngCSu~sFR68XzsnTat}DjZ%&`X-mu-D?= z)3>G}mmH*|*~lvDw4(Y7)UG5Fy1=mRnl(gV9%5ca7on@nfxW-m(HF7=c2N0T$PmbR zsE0nF{N)zz1(#ZQF+x|Qj_z59*&87B7fq}WSr!h9c|0f zyzH8KyK{3)$&8~f^2kWNUDml%Wu8@Y=u+aidZ5fufS)$D#v5j)otKp(ISCE72uF03 ztLjQwwV2O)K8t;t2>c^ofu3^B@Ddhyvf-XVZq9%Tn+Q|nw=d`{r|c||C0ROz_P!JV zKkmN|x!`#LR96h4jeq~q@JoptOp0 z!Q&^F8;FzK2viH8(i`Q?Xc1Z#H~HOaDYM~Js|XM;=c*mK?j;4fWf&C3k-u~Nbnp&+ z7L#e{gSG0QW`8{S4qv#zbGUgrtzECcE0og>Nwj!GNq}04x3Pb-nIcG+cl!C7+yc$q+K5VQ6Qo6_Yl@!hJQC|0Yu8n4x7W1jqKyT3^$>*d*l90|jiuKUN8j*N9v|IRoJG+Z#H`XC+KWJF zX9UXp&7Ux4jJ&M=!a0InfG6W*9as!IKOf6kkT@V|06Cij@bbs~HPi?GFL;~K_*fAC z;;Fk5oqxh`h7uq*S`(eF0p!W8TN1TVbtzeB2>+YShB z>|AlCES;ecyaaRvQ|HFCVU%LZa7y*}n5zSqHy(0SmLl#ioEk^Vp*cfG!CP|JDl;eC zA=5i`f>{SnXcRg8tFeqF#-Pc^6(~<#w~Z}?F@G171gcC_Ee9issOp{2sxX?dOj~>A z*0wre5jRqFV>_m~;tg|>vh%V&NKi7}(EwEvVHuW=Rvvlr*Y#j6ij#87Alzn{TLpPG zbDaW8@rzs}a(?DowT$?0$ZG2}$&$G?5nnw0&KYO*Qm0;4FU%n+I*sH7?qhHrldSii zn}5~GjPJYE8TUnG8#RC2B@^@CAK$E%y1d1;`Ilvjx6XuIO@!=l>2NHFkVo~H3c15| zIILZDmq%$}j?oymatdNXVi>>^PAQzzh+RE3d(y3{WdWWyUgfYgR?+wrx#hDgD35eC!z|aI->9VEQW_#Tcu5WuDiIFl6Wce914x*Z z@v(nuO3H!!u%pl>xVKu>L$%m`rFR~&b7P`ogG<`os$lz?^2wnbpDX5+R6)=Cb$@qd zm7pDHjHCj0v~DQ0$b*;(>e-+ny?o2sq?l{X8mTAe@A=suITZBc{2%gcHy6?0Lj_Sywb7Q8k z{cU%kU(GXADBmv6nSg6-P`rk*1_w*DrxhPYSPE&iIVF4Tg{ia47qn_Gz>6*InsTMv zYWKdnqVKmQs@K-4KsRuTlz(roH4QL(e}4PbOY8bww16bu2T`!jy{2o157=x_=UFu^m*E@d-(l z%^Y6Y$5dRg^rE2W!gl4?H|pbU+de$lt8e%4V6V_-v8f>DI$W)(6U5x05Y5$nAEsRV z9E!;gYM8YR&9l@jlw44I8Cy+x&U(d0bA&kPK3mQ@bEVl^Y4-k%n!OUPxQ*Gdj&!T6 zv#pJasj0lukLyglU4N_Ys@-bSnP19=xv?EYazsoV6Ik2E5Bgi9sjB2iB}l!%T+o+z z0iIs=#Cvh-vq+h6*ixq7A@nXu+Ka;T8k|%^`is4!EFoi}eDdUIPuQ-3ORKejx5=mB zqm`27C2D8lxRllKE=?`e8r9aC9~D<+Wq-7k{ZWOmKb!&5oPUeQD!Vb~=5gMw+uVkR zWj*58YVlN@rDfoCpy~f*Ir$qe=soDJ*ZVbU=&k-@<#nC*y1%scx_RNt>g#;`jt;v& zR|RdP-NLmn_fsNiP+Q`ucFoq3UF_>T1B3&qT-z8BEVHwWrqY;Y{+ksXN-;4U$wpLLn=bm@9&UN*IN7+KlIHt%da%-u; zPnOi;p1On6+Pq=i()+ALu9a}J-ranzwLJ@@o1`+LTXBLb&#`4Z$2uK&O=joXj0M>o z*YCjW%-q4O#+R(JZ)$^7TeH><{13~tRnJTZLNo@3QGa+r(emaB!&ebV$(4JfJ|%HD zqFi)a`7QdCl9*#9T+C3J_|yl=Mh_R`M&^tNt$Vq|(td4CeTFU9y0`!O?di*-{r!`J zH!t-qd9$=F5eyRAHCUmy>EKM&c09CbZGn6t^G)65}W3) z4HB8ocz^EFqrV`BX~Q2$^mA!YCUWrKM`Uah7~>g0{NzR9i25@>N8rvkGK0mAmaRp ze}8OU!W`AJdf`Sz(T-s%sjIy#`GH-*2>CaRONjVLL~LDaKYgptI^szJ>p;{L$!iZ$)&WNbs&?(^mmQhDHrppa%!=|Vt#30YhoTBp+x zYX(^whh(Btp(qK9#b2Ei9p_JR*>h%EzC$Z@&5nMGE~O-0?D2?_pkBi9#i6M$j_zXV*6P|>x`{jKg_Js^Nhu^x zsS_v1w|6~Fj?9j(Xl~uAw&l|*fa=D2Tcyz4#rUgusY@6?q<6Xk@BRCwt9C!FM|z{5 zb9MXN-r2ditnCqA=ZwZ<yt6l%89jlk0?#=wFmu`0%=W5Ngelc#9?7}Ma#d?9>&TUL#T`BCh7!_auz6l%7md$|o!e zhOkj7bDW{L;glJ)zyhgh42AE-ArwB>R4aJ0}1su$b5|2(}v8J`DECzDUE{z``f7+xv>1dO5&4kLa8apY3o?SmMvxEXr1pnO|JT#dT0Gk)m?v)x8?n~^M5ZkRji)SKaXqt z4V>Wh{8a8=7#|((0wz9Zu}cV5nk#wUr1b1Fyope%eYB_|)D;&vPc;Yc+y7YMo|Z9!a1G9*u>u9wu+%{V1Krg{r= zI|%3dOZoW_zaCSc#R12_2-W6Mo=vHol5AEr2v3XzT}~`055!;#0y5(cGpTD2p*`3N z+O1Y8K}A6k>U_Jo+v1n6R_=5PGo0sO=%zrLS959SLbpM1Tz?ClzR@;>cKsYt6O-I-z9+dBK9#*2A(EVsXsuWRMAU&hxB>i=i& zU%Q*gwZw6_-;O_p#$g7+!DTyF@C-AP4s@Ta0Xi$tebzi2eoomX+trjy)g?J09e6(b zf9X~wsieBtjt&X5>jlJB($>~(YinOOw;|~PM+|?D`Um^_2Z#GV^!EDwqr)FSuW?ID zJPXQR{m@&vEwgjq$a8z!0pSD~iJ`;-0-Y~kTJNm!`HbAHOohOt&$qWGFmbwhit{-0 z8Hx>^!;3d>nadP+-VhpMrjQj3-k^1RnTvu-kwXiDx%@s;gFoRkgpbaz7q1@SUErsX;@kl#GXRr7 zY`5Jv)5H0B`_{t=9D5Whe&74x$>@V$+PNyJ(fsckSe~65IP&mE z%U~K3IA=)mtBjWge4y{dk1uV8z<7qF^Zo;Y#^6CVYWd7+^YBUu#86`{C}|#mGXm!R z4Iuu1N6NHK;I;Ix%fhLuV8PkBjKLvU=3MnI^!ngh#4O+umlv2GKFSJvsE#JS8rK}l z>t^%#u$52b+m{!=ot;|dvUcl@n%3t1;jNr*HBN@y#&qVxe5EXs>mX2 zv_b9tdH&0b;hU4!FOA_!P*8W}N1*K|$#d6#xaEWOBr|(@UhF6%>|egLojYj`iO=G9 z(vp1dNQ7(QNqgIwp!C{L1Mon08!-1dlalg3TlTZh6;HyX!#nGK1VjM9KTa;*oW1#Z zkbAxJNHNkV=U@NzU)dIA`tAr}$d5_pD9-}&Q9e+Em@5ZnQ06~N5Q`?7ONBg8_NWkl z*V$|5zGjaoVDVr^+j2Ij{Xwk63*BnzN%czq^TbWH5wkd^|U|e7?Z5 zpJj~r8qBf^bpyPz+T7Y$Wff?1PFW30R?aBf+F4f6r%cmbu*tS*y{BBVdr5qMcT95m ztb8{-vU^51!y>!ezdH`OnvOPLkZbMUug)KM5nb- zhfZFAIf8qqtR@T6o3YjY9R4D`qdo(YF5)pb+Gl@;^S6u1B>V*0og5h5wH?j?cOSP- zSu|&k5=W9^EQ131!o7QRlOxWJK+4f)1@k78G>pjvwEqov{tdVFZt%Z zy`?ZL%vUzu1E(&7E&k7c;Ex3&um+BnK2;-04`r5)^EJ1!t22~^IvW|z@>bnLTBx^) zVbw$nHHK6xzmef|x9A>9tl^@K0#?R2};|=&@;Ya+a_LGG1AYSVqkRSW3JfVkwKRwcL7T^V=IaI^< zaDiC}qkwyRGrtusRb|fGj|2xJglo(=JAvcfayBNv-bzkGk&DTX8S^E}I1AKbW#|=F z{&>K;HF#d10aWnJF2Nj%&V6LKYHu4OXfk#hvq;pNK*x+ibwHUnMUeUY)16R6iou!>ix4Oo+x_n)% z@0~8;6&hV_8S7~<@6!s__~z2pYc1(qx#gw5)m3Y|W!&kCU9!Q|R%_Ap|30nQf+e+O ztr}&VtJGEQTV0>}ZRAc@X5*$-Ta&74{64KlyMoWMBy9zMo$Io+@VB}+E#iecU7^dh zS8JJGK(a`=HG~rB4ERYXW%Co1f;?hL`5IEn*2Ad^nl8FP#AU+r<<7vtXVZFb<7Z%<^QFSb?1F_>y&8J1GS-j!j`rQwq9 z$s;AZm3(J7h9?{#J#RFTh?5V^>liW=o*S4|0|0=3+uQ7XepIO?RBVZM>$MiEdQ^F+ z8tt~lAMGVTu6csYtNQYjWJ0PnQ3Xjs!^tWU43$inT|Tk$q?LnR^Teq)*5xNng;Hz6 zw2N}X$#Td*N+zm!Enj((+#uIHLF!Fv>G@HB)S4cZ7jHN_4iifEvD#=!sxWA_Ub!Irdt2p_c6r+epKXa8?xqZ}%uSEQ(@w&lvn=uSMSg!{FS1x(^1FE%4MmdbE0~V5LJJJF z+RPeWeq5$^w~8AQ0PjC!G+ZI)>`(dE*IvfkXUS)E`acTeAdIIa$3P|hKR7bz|IzV( zVQ)+SH}QNE^#4b`#O~oSfET0R;h2X2?EsGWTa7hl2$nZcDY){0V97J*r=khI^nPm5 zJ$V5q6eD@sl#F)^fZ}nx%7|=_hi~dxmj1KAr*l84=Kibc|K4%mTF8Cc576B`6)&7w=9w0?rz~o$qx<*{vMte^+-6!nOO#; z2oW%N4!lg1!s84)_y}*FfCoIE8vSk=wV%QWV&1BlJ6el*rA^_d*UZzq?LGeIKfN3O zzvt0|wk*rbefcr~pILMU^nd<5l8t@Nr9!t~+Tb(L$40+8sIV-MELHVOMp3$;qOZjmE#}reU34&v-xFg8~U9~!5xH09uIpP?}3@mOpQc>cRDMQqg#4*3APvG>1 zmz2K-${A8#t>i!e*@%lFQ6{*59H|5aCrU6Vagzdiiqi@V4Hy}oPeGTL0cbm;1sc`ct-`n#@5-y* zt4qf;4N)4Bo72e0SnpHeQ%S#UU@U#h5;iI8rc*(3athO_2uG;q(w;Ma4|*rQ>^t52 z2!{lvjD0IFOZ+M8lhMZcB8o&Zi>lU=tf&D9##aL^w@ou9*kie5UdC7Y5NIPSSXAvZ z;JJ$Vciw_gqA-6t-1A>v4A0JOFzGdBV0-}F@>vLO%*VLr6brD*=Pb#Mh*OlHKx^Gk z_3Vxm(T=#sdy_DN&%2O+jJy0r*ELt-9u`LMO<`4Wh$8Eo$D;Z;H-s5+a!z+B#oq=} z26Xd-E0~fH!;Xl$_58sjKFYg;qvNM)^73WY$VocIw&wE%^4zf&tSh06u8e#Pf4z8R zYwa42Jei@Uvq&T77+PT{m?&>qtTl7;Giq~=QZnGdL-X$`^n);eh8UlxXax1TGeVM| zAu$&!&#~mDfp8Lj;s|#;U6ysy1Yko1fG`e8=tnPL|vN?~x8KXml}K=L4W@H!B#ikt*T1Po1(&);0j* z#i%JbQN;juTOKoioM-l8G8{gJC1lxhav6Q6g`A{A=@c!Oqid9+OYxUDy5Ys-uj+ke zZ17AZdI2Nk2hNc7mX5A?va8=qv8crfltQTB3~JPE$SKr-=;R#iM;?oC2!l=#rqA7b zu+vFdgNy`=aDM&0W3T7+y#9dFsM>^%f~iZ5O1pa>sFS*XU9?pB#u;dAj%<$k)>n4D z`6a*LnqyOdk&VKh;~G|W1ji_VZ^bP;$3}fyd0J>7D({4)_arslO-d0B~#3ScEn{K*}>p{8V{=m1$_BpiOc3ZJlrrc0sazlE+;FT>jdP3*?{Oh=kKy>{Srf3KwuSy zq?{S4(}DcAj*&4&6--~LjG`oZe~y<~>NN60;}Xj9c)zJydd22Gg_wl#ltC10aLI~m zUU>Fp$2RMWFdcx~f}l&&H~l5lO-t&3WJvQG+W$&_{r`TyZ|Z*z4*T2upBs7Z(Eh73 zD-~C8^W*A`@PN0wuRjo?Tv@7#`yDV~un^lWL69vRcZLKzDkyu5o%OSB=0#Os56$87 zj0Dgezx_hFHn0HKRh&6;;yDPNt$e$N3(fCHX%+CPf7oSZV)xWZM599v^Mv|8L~EL;g<> zMxru)b25a%=`cTQEyBCH}W*6|1L|i7a>j; z3B6zaxCo}Xg(s+e|IK0xwF{?2_9=5sbrp~o&y1_*C&hUY!EgS&nERi8jk8>CC8iga z$&(cHLot9V^kS$T)DMQV! zGii7gMsNy)0hss^i&5c65xPE?A70|IA2D!wi4^{^2vZomNKvA$G=$k_gUW zO#Da(7%&&cDFx(ZH@tZm4?u3nJoi5h zz|rC1{$UG%3Fc1g8*Nlh;{`&5`Ayzn0_S21914jvovGjJ zf{hJ>lOlq~C>nrwr_zU(_~{gqb6qppXnOdve+}{M9KtkLe)4XA%psm75T;sJ6tC7Q zoLEt9x^!{=YKmiXG5l4I$M61G?fhSl{r6$v{69GC9dFP7O+0JT|E~K;7t3q4Q``dN z>mS?#srqNNUg0i|=SHV;oz7+FHV3X8a#3ARPT(SPx z`;{0xi}OY^o(@#{>GBq06d2&;n`-RLx=mO4_rOI~brM5N&yN$$?bmo&XB`xvXk8;W zNoh1H0frVU3e>(6{&zM0Po&AIU;``ozuw`ong8Rccf7TK|J%rOhw`7gx%JBUMHxi> z>%?=c8<@Qg_jFH%%ggS6A>hEUMgZ9I{og-0I6f@o|JmE_|BXENN&YJm=Sm8Y*Z2;? zx$2I9s|Zl&rs;GAb-7*kg_pdfs2@g5qMO6Hd69RcFPb* zAWWY(WD6b$I`AL{U%q(DRF)%U>!>}1m+j>?%C3CwU6kFOE+-Hsgl(AJZJ6DAA7)p5 zwT-g-7mBhQp|Kya2teB?yW1$c+bFy1jk3E$klVk1K#$)&4pU`zgpe>l~@MryQFFb^sgE&g@S=Rj8eM|J_4UYx+QukXBh^^qgV4V*U zY^TzfMXPLjwA2Bj-D9mDEy`RNv3J+%-Qt*X)2_rop_1#@q62?#&YqU1zW$G%!yWjE z-X39p+6jC(M{zCnUzPr^-#a`o^?&`NZTyFgJj>gE()I9CEQiL?-SXw*%H_xk=(@i$ z1oG^V1;tOru~P%gidLgq3rlMwH7H*vxuk|dl?JhFwiZd?6Zlq37pcFioGAmux>84K zZ7iuqEQ7H|HDcwmdRnz>6BLvhBD)GZ6^6inrL)u^HPczztCpg$vhGlA)2=(zsYZ-d ztu=kJS2~m9tX6Q>b z-5J7!@=;@ZF?@rwQuqcJl#Q<0SAxR0)Eb61%Q;HYyp@HN(QKI=tTm{m@zL1=yT(U< z^w6$rZJ-P)T#rbHA%y{;M#;u#XTdVPu;!prjA-BU*a54 ziV}ay7#dg0c?lH(cfDnF&hF7WmGb?6`!RgqfY830W@+KbvK8GB>iO9V9U_ZmwhXjo zq~=ZlP38AGFSC@2!wq63WL8melmc2sv0zZ$nV@Yt85apRw6b>kTUtLax*C}+rx9f+ z&>Hf)RW4Z{y%IWBj$f6^CfBQ2F}$zN3fpJx&$9AgG)_8rTrUVK0TX-<`%KTB7h%eE zTj$YY8ph^lo!81!U`7+~wqOw;?OjuWFQ}I=e7t1|jWiZ&55{cFLB4Ws9+(fZ} zHHd5h%6N?C$$5$!aCp&i8k0eFE!!dzDYk`G)sslvd zbobPOOCmm4T_nhl#;?7Lmw%R}|4jnGSH*wn9Twuh9UpJ$|3;p#8vk8?btSZ_6XnP6 zAwYb&{%)Om#IgYKrb?%2fcOUW?|FcDd6+C40$#bPR>pu=uBC;t%imLrapsHn&NBIw zb|=;3J1&85K{AxdaLQ_AQlD+G`nwHQuVo2P1L)`!E^OhGvUg!#@ zBRpWI$@_;347Hl9O@19;X7siP(I%f&=>Lev@2@-tD(U}WA^-D#VQ*{yyOC$(^uO_? zy(aAz$t3ROg}fGVMiCStA(R7YwLVBXUowa-ycqos$Ap~=*3fH91WB{VN}B~q+tU6` zJF`*p?tUYGkw zozB&Y|6N_PrbYaJvhlwwfz*xvZJ)1Z@xN=rSOJN(#s6NSrIq4;>qggw5a3pHYKH)C zYzL`E%WiHLT{P6zVvy(7*|*JOaM$zB5-e#k_O-PKh1l0yi?HwOS&{#%6#%?~|Fgya z-rL*qe;ax3@cwVc|JDlMas2P~xZK{w)%Knd(E9s7S>V}!)F<%Tzmb6pYbt@NPqR;|Et#+nrkF7!DA{-W-Ml7B~l&Tk5o0OXYC5(u{|BW zy=OW4pNC1RqX4R)|HlV~`~PA8V4MGEBhT{s9~Dn6qJ)o z^v?MBxGlhKgW1#oyb4AxH(JL0`+i9lg%yG=f`n}tW(eoZD_hfxG@^?cCs9aVg_wYL zSJ5}|a7zr2Ntj~7%jeNM2~na8COk}k2B#+KX3-4X)elAz9qYxaqg((}C{g$fen(-< zkTtGhBY*r6#(|kK)6BlE(UZbWPTBri>D-XlL3yW$1b-~3lp`cEi8*n}B~u+;PTWxiY4_A*_PctPqyI@T zsvG>Jj{Vo3dH>r#>~G`0Y~)#w{y#y%ix8)agmT$GE`li}D?|=#7fy-nQ)Zp&Dj+W( z88?{)?lTcw*Lkt_lVI+D`Ze}{ulz8g1L#z@+s0h4YI7c2@>H=QeYCat`u3kC>3@Uh zuhsIu{bMu#;jSB?MrJ%xAO%o$N0+|@W9n#OjmU;SQ%cD3rHmW=AUj9S_Z zo~lLRJbR(P*oHs7yYQzhpzb!LX`^S!^Z%+|<`4c*C?nqTq_PsUf05C)SW3| z!om!RmAa4MAE4c7H;1t+E!Fc^!j!pfxXfCL)V5F4kuD?!wuk;H19mKhRs8{s0$>@ZC+Je#8gv9FGuT5g_^|Rdh-z559_4$9aXWsu0 z4z}{&%{+JO|5ZQypUn_wmBY3?_}`rwf7IwzS>(Tx@^0iea-`SjSgojkl@;q9bIZp3 ztAbHCWnZTSEcF`Y%d2KHV7a^zh9cX~V%k7ZaZ>TqrijCr0swXztgGS1ML=^x7`St1^(Q z(EoMi|LOO81^e&bR{pb*=bqF5WkbK+%`tFS0pECQ_b=9eTjil~&zRZm)A(sl|K;IZ z-vFS3{vRF}^8f4~9dG@AH}Whm|2JrVN7b>;6LMn~%rbEQas|^gg=$g4g*6ts>6ST#Spu>D588FG_7zLhX(kF{3Cvw+)GcfW04%p;YS?5pXCF+<-2i zZ;oRM{h*?GR;ym?IwILR@*|iM+%`D8M=>IDBlD$yy1T3Y_L#*U&Z0I=#f?f?==9qB zzihG7zkZVoUJoIr#BGxm=!Wswom;Gf?EbAnYP5#caS)aoieK`T09ZD9?piXPar^d5 zyK(_I_ix9sNSM#`+i~hAkdwqrcbG(#B{>nY_@nAdvEN)Bb}p+$o$w6+4G_uzdV6H*o(5VbZAa1O@!_&`%OO0wqB% z`L16#CSx>DPz+;Y!AG5*b+wwCZVdAt4nstLjU2PW!vvPB96dm*I&>lGGQe$>qI-{j z+iM)hEc)dzK`9x=i}?tq#g15-3sRJnn7uXqJHNFzzW+4~{mq{8``_N-Uf+!WebC>^ z|2Fg7#r;n;;TEMZ@d=zPqPL1;@Er#Wx1*Z_E5v%Pur4bFuwq`>uX$s&2P$viCtMZm zp)7uQc9*FL9iA3W;3hN3OF5oVI87tggdyQejOBT{olUcI%icg?c(%p$y(lpW8 z28;tOF1e%KrDKPe04NyGTb7e8{C;@=etShri1HO;|Hl#P|Y6$PXN+OU_Fz6UJS1Lqu>_zm&9IE8cra{fh8^@0B$h zMuV?}S35X7kL%9#&oJl&Vfwra$+*iKD3nWCbDc#RJ!e7Ry50WXvDfo@UVrec_pE2z zj`{tJh0&$}6u8y0(6Tji2eImJ3la3H5a2E;FT&J{hB~x#cxs?fus4t;jSX9Zm>L4S z7->n8B_lAi-dK?r%r^L2SFC4$C#qEt+*oEpllz8G-LY&sb<5&pt|E7Y_QL5AO>j7k zVQ>mllIdD(ArTddyhLp+>^mbf7)RYPr1#AEO^5#BC2(%k$wIrki%2i<+?~E+Z1SG) ziKq-x?;?t7+sx-&Z@3vDIhEh}q?HW*gZf7rI{=Hvo6$d7$OvR$oda5bE{~k=912=Y z{;FK6%B!^={pE+bC|hxGYo!_<(pp{Tf$X|UU+F!7@l_em7GJ5k9;%6hEk{fdixd(V z(~F7iU=vQ89>KvVFX@qR4xihubyiT$Be(>ax7_!$EaeD2XTMI$q?PjY$n-WfxOOx7 zjgsX?&tPNCa%0PE7~ zxxt&xnz;O?DXmsH*B!a6TyWfJtla0a40~32&A8w9hN^BZahgS^~R+&v@tyl3xs6%z3h*zgGx)-H1;FtIUA@VxJbK&2ml^uY7uh+MU zK`K^_^R(1QNC-`t38$&mk9;yg=^T3~fia$i6QY>*)hKL#;ILaUyl$SO2Jos58W5XJ zyc@H+SX3>^S+W^|Gt5*49;TH8eR{ULVCX__L%injXsU-zni80Wlx3w z@BYz&ng4Hp|9ETvy^-fG?7vN2_?;*Jb;l`i<^9cW)s0jBnw=_U`+Y!<{dYHsO=~Et zWks?|eiHuHr!|;0%Q{jAD`1~9JC%aP{db;F*ckJs;bcpy-?6!WZ6&m}3SVV`WqI4V z^SGvegTAdFJ9Zsz1tnREjZS=n35vyn6T3|N)HHXoqzHVrGWuYYD$j6izEV%4z^dpdc?Ogud@dQ}wdQ&*L3Nwv`Fnnv)Bi@PpV?DE z|M!l2CjCD=>~HfwY~jD7INNH7GN| z)udqCG}fDJ)Ro4X53B1kzGgnG`T5@{^)q{_&j0;=Gyl`xVQ(w{+sN~k<9{`@{3~x{ zV=1Ct?JcQcyxYXk)y&1+D*-FgK|9BPp>8H>Q5jT+druvNb%7&wrs$?aZJbMD+~8s^q_i$EN+)VgKNGd;V|Y*?|35o!FoC z6GdBqW=nC&^S2V#2F!hG_OL8@bd7o?9a(}2$Y?-AZa~Ql{RYLbc^crdo?7jHJ!+%_ z?$u5QT%~rk2HC%_$J4U(e~tFP2mK>6|J(ll;r9Nwk!P*+e>IA}WY+(Z>R*R$*U0m4 zFS=gpyh?h11HW3C{mbf9USRN&`TR?&*G=Vb&PB5<{*|?tYItqA`x~`!XKDLOtnHf~ z(QeOw4m(DH0a(5%!^o^v%gb7SR-Rs*pPIg@a#W^iGOjr)49rqP)9*bKAq8q6y4(O+ zt6D}W`>C>0x6Z_&wyS|_(TJiLk_#R!-W+qKgr_H~Nl?(qeblNwqAg*htFaL=?3Ilp z{W#XbOuDBPLrjm{6V2)0cv-$33-ztG(cJ2pnW)=Bq6=t*TdkXdoBPFo^==>eEX)6k z#80)Z0Tujz@3?6HeZ0Sw|7_&BYxz%})*z2Jkr{fF-4|p+<*$+avpg3=JtJ|7-*rf4 zRijaU-QjRNHP>P6)CVo2CvLv~l~cB+44{1f@AVIReRKcs9d7ggZsfTq@?SqmaGn7E zZC<01Ab1V(-wlcnN*H#31))ey$WyBek(rg}z~Im~r1ZsxH%h(s+-R9NFUv4wo zh-WRCZMIosTq9G;Et4JlUk&CZjsfKi>yDpNR#9u zdyUL&>LeF&&Ww>&3GVkqbnOh2qdH$@^J-Xj3m3B&{v}kyZ z{>Xa6)})}OC#*neDSy~T<8JytYn4~8THMak{O8j-le>^@g?Z3A1KQ{Gj!2atBrX(DH`_ajQAUyV?5~nd=6e%PM z*b|mvzX@39D9FKm6&ul_(b84oH?)xAP8=6-QpdQ>uw_t(tu4&wIB_i6(3u2Lt6NO9 zpn`b;lL+0+VN6VGkL3)=7D?a}nJbgQ;cw`nYP;fD7EfLQdlt;0D+L)qph{ACQt=CFRn}vEx(@}_tYM@Kfa9-jL3~q0`kDG0i$6Xr;$3_%| zYo1S4^xvDoXdX^ul)|NHOqKor;ohN6|NF;BM|)fPzlmoDocn~pG{%4+z$Y49&tMEj zi!frb%@Tk7(Vs%>wRXU}S%_J*Hk1+!@C-%~poa#3H_Qy<=@XE`$S2_yWP$+Yy&ngy z9T3AQoJ%aa$cUwZRkg*Hm}f4|o|IPRPKzt`_=_x~oI9dMpacB}P1|MB6`jF1Emx?R-{ z5OsH-03W((Me}4qD5>}fE#iQG?eDz$I37<}MIg4#6A)tH10L=WGq+G- z3kv2a4hc#rDE`?4X9SE<6u~jUU=B$djxm^|XfA{^ixdWekHWwwU>aV*7=$r_>6IVh zCjegg(SlxJSX@T{KP4&mcf?OX5aJ~AZ!izv2=O8!m=P*4_G5aEPp2>i^e85np4b?F z%^__!2pI_rF+d}B`UaGEjvzBm^IEN)9q{hef4sQ(k5=pQ@>1BDv>pI@mVz+G#E&9? z2|cfs(WPZs-LsgaC|HbXBdr!Axol&C5kdr$)KBR6)tM_0Wb7M2F|G8!nPV)kH0X9U zU)f#h-47O62DW_vcNop{HfS$AJlmCj2LqTh^Y)Z?{5*vz{9_T~kU-pObwJ)C=zIHr z#6^ z^9Kfbao2Rbqb;KOoGuDJm{{2{bWkZ0N+0F$h5U2b2pcuw< zzhjKXp-&_ekuMKET@kCGtP;6@M6>zZ^FFm&%I_pD9K$yap4L&V2$#a6;LCJ~D$hY)vha zY3c`Jw0>njXmv(*lN4StR*1KHC4+yrTH;Cxo_Rgs2LYu~v<<|P7SLAtRtG4hgqQtE z@lZzpEx*aMbS{$?T3`sqbep0HNEdNT(ec%){1QZW9c3UtKFv2GJ731BpU^t+6NO0! zFN}d7BQk?&R`PllMo^)Ddzg|4-pvV00rbZ+WodgRVG<}@>i4lrFkfIg!~jD=N8yql z5|>`9b;4#)uDC<5_e7n}1>KwaO7%GVEo-0&$kzxx^4OsP<+ukv@#O^5F$gh>nM${h zPeMBSY|khl`m~8NLQB%sJfFij;L9oRCOx`k3u03}p>NoN<0H&}W3J`|hA&J+z%@!g zdf+YO^Zs6GnJ)Ocn}JCqiLxJd#5UYzvqVu%`Ps?Ha|-Fjog#FD7AZhcz($6x?H%y) zlRr-)WqZ@x2Gt(PPv0gq=eHxXeFvP!wEx;4B6x4PdJ7PNdeS zB!{oSj}RsWgh9Z6x9tQ)5xNfJ>7do>d*Ih>qZiuDh#q($wp+FhPz>M|OmA{x3Puoz zfuNR&xv!o89L~eYPbKltjw&#M5xO3Raz- z9x-jgzfk6c`y6)!_s0qg0ul&+fPaZm0AGr|ZEZ7I;MvrFC-B<8v3}?MNlbea!;qvv`24_GwCS#&gx#w?Guq7oiMHtfzsL>3=*$R$ zJSPs5W6*8<$AT_)dFp9YlXr_Bb#LYVI7b0^EiM~Zp$`_xbo8wk{deDITxM@E?KY@{DfA%3K=D)2Q(vpNqi5cDI613i|V!5Nc*L448>>@}|fW^&)qZIr{i_=hkZm?4(X7%_SY_*XVy!L6PjrXTMomsP1fW`}! zWPnkBdfLjv zc*16pu`HApsH%2B`q`M$h2!Il@YB7hDq)Nm78*qeQJ1$j0BuUV+m-?%ajc;DwgSu~ zz5TTJwAU8u6iOBtP53{w0CS2kB?AF>Og#h*y-&Pg=RB8=F&D~myA+du@GEl3&!IJ(Vm4d2+)F( zL8cSIoWz}~>xJLBGL8bUE3k6k%oZ1Ytz16Ev2<=QKS1o;FwH2UID}fQb6FdF1}_+Y zLE_f}`im89b>ss+gHFftt97Zd2pNC<8JtZR8}I~(&@yT{@L6!&Ms>=k(YjjMOwGf^ z37>&h#{^-zwUvNlMS)GMt&T*CCXi=mL~jJ@7aFaY$;>)Xj>-%m+SeFYjpf{%FYi=o4EaAg{E4^l|kj@xJ5jJ z_x^(k&uSJ*VJaI>gP9+INYtP#Pzu3h5k*|$6=HCCd#kCXnJuAICRQWx<;$gikl7N# zZ_4ye%Dm7R2bQGpie4yG>6ZgbCQukb3S|mom@-KYoxQ?DaZG+n(VUN)TpO%UXaam; zODI_Zc6C?yj7%#pR*#rdPUcRG*`9>cCtsy|VU$hryTT=FLa&Cbzno)>kS}iM8Yu9Z z9t2G7#+fa6!)^{?Y`_!s8Il=)&Rssdo=N&BA73CVBE`9l5NjiH#tUW)I;YZXDA?`G z1z6!C3M5Oy)NKJRn=-?aZcZKt#tkgrt64~q5|EUxxPj5HY}wg2w}ux>IK~E0RAz6P z1{HHL0Zd@bCY#^ewH9ehrhxfZ3@3|--+<&Nx)9%w7nq`g;5TZ}0G;a}s9AB{SqN1bt2yUS#qUGbrt&sBFvw7*+E zIHY8<-o1KjtmsGock=p`1ET5(LP65sa*`>#r8PmhH6P<}8Z*s_brC2I6&XBAQV3_1 z`Bw-YF=a>!u`0s;ujhS#@5q6ubeNz(86LRX>g${Ogd3)fL8%?VNQJc{sQ{JKhluEU*a(=EQ~ULGib(WD3q|UqD#7G zSyZKYwCZ**6Pb=#OLFdtho9S%wQf_a0?)t4j7~m-%PuWi*%A)_EUr99Bg_K(Gq~LQ zIjn}O7%kU@|5hlIxTW)FaJh&vEb`lxd70|AC#nEpNLRBt;fhHcdAk?|Vag~flVH_p zlprx#_LZPTC}SOe(d7@6%MUDE4;M(dC}e)>3xaPzQrKz63cjub)SWSvjZFf_;pB!> zaHS7|J>}v64nVnR-F~?QpN*!}7<8A+>JW!13_!e?k6>CDcZqY6+7?YoHQKnqlng4- zJsA;)e!$sl#gKp!7utb&7S+yqf>gx86K7l@Jf5plzoY?wOkqIj-ITH$1reB751`-HU0OKG*p_nK7X@$0N9*(|1 zRtjL5$m=t>d|D7d6e86XfE8oe*^l|my`~5O1-Ud?I^2MN2T?c=T^Dx4EtkSP0f^9#OL%AJcJhsjSvU&QBw=JiowIXFh$%rOB ziUmI6ZrRae-yVXvxUcXxQDkvYl4F!LU7) zKRb!|E0BfvcP*1AQjT`{2F36apcGu5Mj?y|A8h{G(J;A5*rsOD|4s5O@h3>~+n*_D zx$X*th+dqg4Efyq0La&DHG?*7s67Df3&c#6xEj0-%w^8hvR*-wQ6fXruautw6cz&7 z`_^TDbp zPcDQ%ddh_G4FYP`YM@*!UniucA&@RJtdC@@I45CmOQu6`CKz^7b) zjGvN4!n_0*(1a-WC4Ji&)7KpaqPQ)M5(V6B+t3ZwwhKoKd^19y9FWC6ssbst5w~1% zfYP^36~yvgqr=zc+yq>6%8T}gp0qvG>9^o)i{$}cj5@+N6ieGzOR?P0SZ6`G{j_2p zD>N@-G-s|D(rJsN5O(K2WvaWvnW5N!%C0J^QH>_cv<9?XM_NuRXN*=qh;crPdW|5) z%9IJl|EDm;_tQH=VvdfL04%l3(eTnmKwxHB6dqJTtJI5 z(B)yRRijx6d^L@x3H}b%0u@augCv^?CwzQ>EDD5xy|{LylZwSQLu+@9YHz(iHW9J0 zX52Dj4U~55>mZ5;z8?qj$j{Ax2a2oGA}KDFrm!ic)9HX#OPH(Uu1a&u%xRsi*(JRO zQMHPCh2+l))e!dDaW0qkTH!LPDx{%ypp1-4ndq~Aujc}_X2Ee~8+Ro*wl-`Cj_pHL zXOv74t{sw7hFeOIOsf6wOx;){ccJ1EfK?i#xbKv~Rf;J`s#;mHm1@aoHcc2t?;3%V3rBk=npJ*ho9{A`_`$Sz!mD9BXaj3d zRvSc{<)95zX60uCQZ(|jc5*2jKefH@!o<%uG{VBqHnx=pe%ijS;FQ${9DK40t`VDT zz_u@^yX6hlme$CksbH&r4N+|4U{a@bv-ef7SL5zg=mm2{wY$~UiW;JIj1?7ipxRPx zvqkF&RhTV0+FaUzvAk`4{Wom8f_himFg9zi%$l*ZUCo%WS(_zhjipUWtHx%n>GqA~ z4H)K)%^ETd9dpye(nhU@j?G#&Ode}CTw?NA3_wxW?on&ecK6kPh^hPLt5ay@;%gpw zHDuiywX1hURa-I5jcnlTcTkOibQ>Gl02Vf`0?aazgLQzp&6=0Rp=D=wyJVh?jbs? zxagxN-4qMgO#UH%uWP$pmcemfF|$f0aB;b;hAOX^dtU#DX~3~P(_%en<(EusrW>R{ z0aF>!-Byf8A|qHZpE%*doj3W@TfolBJoi>tk4TX>DFPmI3EEJGjib%~9bJP7qm?m< zZWJ$h8EkHJlllKqZgK7cD$<%sm=TJnU=for0=@((NHWWRfQDJfCyAZ_{ zxXP$^BIJ{SAdkSoIJHaRYsg=LYx)jMpidSlG)_21g#bzY7$<(po5GNvsF)eaVF1QJ zIlnI>{#r|vFEkorp+oAolfp3!ugY3-2`9?dW>G|e&2*0qpiNkMNJ@O$EO#O!DxD~t z!12vEg6$6m{IfVDe|e%NE*S`kDnq7(-e1Jy8Sv?{!C?SZzh_D3v60K~awS)6tmSsR zT)_!jC9qd^IsxOWFh%?xe&wej9WrcotXkh#1nkl|mgHZlGu3vDqboZ~B}BUucrpJ+ zO>pYHp$uGINCg;mJkkY(HTa^JHM)!!dI7Ui2W@%Yl?W<}f4#0Dt~B7fZ@~sgRWns71jWTfcQ*NFu?2?|6c_Tv zttv#sdM3C_mt(U$#?~w$ECIWka4DYv5Jf~kRv+ButbDd-b$JD(AAnta9G|_iOkT|kVRZr-iDMEK4p?Z zCs?ue*+{_c+m;l2E-U7a^_q&C| zc6o}IwPJOCUlVLYT3rLG<|CV}cSSE!gi&e~Xkh71(xfbX;Dg`JPXHSI4#%W$6_m6l zzdwLSe=ua>Rh67w0Hs184(Bm>l1HobN9am=is|P3av;B^Q@be?D-0m6r&qFUF2}Md zRV-O#IBxZl0nyMbxiKo&FBwqRtXe98epgy0qe*%*%=RY>ddkQoV;p>(NeJmcy%9yh zBc6yUpv;E}kE@mh`*A6&T(b6i#pWw1L>Xbge+}K{b&z!(=B*vfb!Tprofy*jRPn%Q-7muo$q_4*DZ zDwZ0yV}z-sMQ@+p_lhl3N}i+XdHaiy%SJv9dp2{?vsF7 zt2-6!Yk8kEIXg_}Va%%jocd#U4%3jy08kt__|9__0Hqq3(t03a6)E`ro_6;Uf9Xmn ztVi6J*pGHquuMdim18u$e;DLsU5TN?FnaU?CMg{Ij4QOss9Cx^GmehhYYvf_Ce#4P zO&F@-$uw6(o`9hYWyCqi))Ucu<*3Gl)HoxFa<&8JxM3Cso{e-!zjlr$8K z1!5uxCI5rC_hfl#c-kr>VIT`ju-^W6CTdnA-ZLe);s5dcGmOrwdjI!Ir4NskAG<9j z|3;SXYrcp`NcS2`oy5`ti_B{wrlUZ@@gnlm=!Q0wX`l0KVVt~-V1(i+8w`|#6sJKZ zuNC45%P_GX?r8npVX2Q=e>)ONzr)(%9~C;oGO#c#c=8oloc{u#!@mxIA2XS_cx{5; zYX*L=7I-#i>s$r&r)4~p*IGYBj@2D*6RKxJxj>YR`*8s1UqUUUIwYE+JbyvZ+-Cy8 zh)W2hNhiF9A(VmK8*P6itlWb(>?iKCal6A9%X-acbO=L2~op8 zp~%a39g7@-xjhlve;zGO&lF-UQSmHAi|I_9pGri+(sNTXHpT(DE2t8q;*VGgxA=x9 z>cULg$CCgR;~`$|W-FN~Az3*wjC#Twkf6ZR5~Mo%qjNT;z2ULEmhX;2iAp;ncOvh? z4ofeb+0?YoCVU#RETK_^u5rGj`5vcurF8GYD?g&kl$qnuf7zIXW0q9<5%i{>i02c* zDYAy?`5h8W{PD+bR&00o2}n3O(^s*Yp-ddWJ^^z$p80Wz=LX%#Q@Oo+_4WyvgefM1 zI!U}C@L3L!e^>Dai65r<`Od}9k09P<Pi9?$x+KCLeE~Wh%515xKf)VM$;&)xaud99O0)V;8O%jx!~-7XFzf2mIf~2yzu*mV0t^!)3|-cnlLF?pYZWCVIA{ zPdnZn&n5yw(rj$1_Hlbo|(lZvKR+3?-*rG1P^9C!0bqLgSB1w9)JJdPfHb?EhY` zXa3*YKidDHe{guzKiJuxo<8db{!wo->F-TO z!RTPpA5F%+y@SJNlY`Om;UPR2w=xU<0od#9^*X)%PXFn<{?ozX@!;^8*X#8TkNU^Y z{(s-g&Rx&bX#Z2zW{Ebc_W$1DL1F*zA8q&lCLVqNwOn#8D3AZvcH`c`Q?>uao8oHdo-+Av9gE;%O>XI{ ze#=ji>}TJ5<{h?zJX!MqoC$v4626!v7Uw50#LwRB1r{N!7I79by5i(V{X z^grnWPCdBDO3vwvmXp*9i8DpD`6wBTR_XjNzyB5SN5vYe*#Aez$H(UWKi=D({~LLK zc4Yo_Rq1C5dfv*{#9I+=l!>5Nc!z;;J4oR)#3a4(K0ak~U(4#TvKPdkQYz#<^PaW< z$YV?lfEqBO)nZaKnQWg4)0q1&leTcT0vm<$G4M4LYmu&=89=mlGO?Sk)xk4A4VaZ| ziZBNMDV>w0E#H4}%luqbJX(Yi>4b5AYllG!LOe#yqg6yZXioQb1V%9EFl;EL+sQPN zeoSdCOhYC&jXy<2(5AemVrVk}w_jQ40u&(*+-Qq}Ruh}k6=i_smQ0@PPK*fK3v|9k zr$Q_f-U8`ppZmAxD>buplA11mc{(xB7jObo7)y&*W;!)Tsg$#0Rj!I(2OKt z1|x+N+l`>6j{ybPVbD5B8eY*IAt?*JHLx$|izpHjUtecQBKm*MZ}XpCo=dN9kIDVmPKGX1y?P@R&rZ!eIx9b}~O3 z&ySLs@99klS^9a3CL*an9)O3BA2xv@G};P`0eBdo@kf}-ZxWsy&>Y|hl3MW6MNGmu z%mGqrr#TR5i$~C?bP=C_;9oIJ2jJ-NaQ~nMzy$xCqD3NK(DnSrjKQi!9H_J67Z|1; z9$kTjqsA=4L5SjROAUCy3IEPc?yVt=8kTK0TO7KIngd}}iZc9~@@?fKuYM&SGILuFEYP+bh4L!a z1|InG#j7fwZDvs(UyY>)v=^bV9}RAAff`0F97B(P`G0=-(p5Wr!|gxl)CE9zq5Bvl z5oI^vC+3Epq==x=Vgk6Xh;~u*`GlFJFeiMNdO5s+oyMH$7%|HiyqM<=jI`)pA;B=3 z(1u1gSx8J__r|OZx!53r+?I=dr#Sd3kTLVS&1T2jDvN49>!AO`8H^~;;E}{C3a+64 zd&hf!ru_G~ceuBu|C@MjZ@Z7dRX86o84|r1lA8oRpVMI(&)@(&?tb~wqNQ3dKP6IP zs!FH0pGQlS>rg%>jNN3b4LW&2#_)JtlgKU_l4jA88C%1WrN(1$w9ozw=WiF2N%#r0 zJ2@~I2kdW->Zvs1l5J4>dISDg_)$0sVL&f`%&Ze$>mQIqXXOcPgLVjm5ghvq3;{-S z?Wkj2pM)?9_$k2{czM4HF?clMR`@U8yrpHCF?#~XyI$*T0;CHA10n=nGV>>w)aCI) zq+7eskQdn28Rh&ek%JRXvVoN!v%!^RoCRu)euQ&K4_HqI&+AXHf@d};9EuhkG{;qc zd)pYnBn@LS0quXooqxk^1KNYQHcYYPTz_jz(cCq5_taYRt4pKbxMo@}CcHIRK>z?{ zNaXZ93WX7M1!J=70xi5{^?^1TX^TJFwSYKB^MuESX0a6Vt)$+yM6}rea`SoSdDY1a zDc5=s#+17lg_Kj_=Uia$Q2$P8M=)6Mv zd)04!4C5fv^>vvNV%hykNF;Pw;HzV^v@*8V_I%t@0A z+e|oX!On_GR$=9)g%H@%@JN7vDYh=^tlD-iZ??1!KM@$yC5b6mKS{6+l^n#%$S6nR z(%9rMRz)Whve#S@S@~5PcFFQBc*w6|Jhh?Zg0w1znKGero^p4bl5L%VTNSUS+h`qI zNKu^BTqsJ7RU0qW(Ad^XFb`QgIbpw`o{vRTDYB(4tct#(UZ^*8d4-jKo7Oc{miB8c zT?5R@Sh0ZPHOGRMU9~~G2CgOs_R8xU=z(|?t~QwE>Xa^p-;{l}!MKCLQ9L+);utB13%d5rjM1AqCV zoe7(#B%3&g+Vu{icIAQ6wwx%gTI%`LwjW?^b8=PhI!9E0naGX;n`;{`-sva@1g=JM<)c?iO6GwS5M zKE>e=jIZ*6l~B)rc`rCmV@OvQAd9-^v+Kp9-c2%sL|T-RR$HdpZ11M1Y{m$c#3*w zmb6!YrDm*&fL&=<)~;PESF^c-^0KU@f`-z~Rpl-N2E6RUbLG~cmCgmwI>;)npF&Si z@ch9e$$#&f-;~z#QjAOARhpHRvb(4ZqorWXzIl0!twKE^1kj4-LB7D3FN4Bo;!iUH z6nzqus+Z+Xeq}mWqet;43a?-cF+NYx2&y-Ki5Vfu&yeVsi-g@Ox-;lUWcH{2sR$c@ zFb+xRM=xOH--zr;18}GmAmJRM1+jcfp&x{eF}o9#OnqFInMS=(=UVTgbRw^ji6#2I za&e4|aiR!fWYiN&16k?1(jGOAOWuSQ-Nn+3R;zAPO0<-`B{hVKr6ILWNju-H#%UdY z`X9<833&}S$}`kJRsO$yGyeO2f3Mfu>VG!z)YJc;`U#I67((owoSz9D1@`{#V<0Rs zyI1`YB!0hpZiXLg+l9P(A@x91)lNEap*Siuu@0rtU(^1ea$bB>7GEugFM&|0B1+Qm zDvaP%4OJ(@5D7D`ha%HY%aESS;`HTz+4-sd;{5DI{vsDT^Z4b92oAu**9%N8=$AJr zzCegIfZ?k!UVPHZu`(y|4g0=GM1~VT5(a5jkUUbG2=pY5o*nQLN=IS9q7aIhj446{ zOer8Q6DrTccmVp@0YCRY@hEGDO4zlHHcC07U*hP74iZbmb%P0<%i%Q+;BWtbjQpOT zwVeMrDdgN!+o-bt>mQr;f4#$P{P)c~wa$M(4r(0STaVy1nF7-Nw47J4ZWsM9_Y!%i z+e3r*4^5^$guIY2g{IH@hYJj~nmmvxv+Hk&;PxcApU)l8|AGy8rTzD@k^g6Zuix9o z|J%rOZ|MKlB77ak!1}DhmuNkIw+yETgu^y`>FfDg?8CRmkMXR7{>uQ9u2e8p^1uB< zOZ>kr|G$x^zWsMbw8fU*+G&4(cG`w;57_J~^)x_oCYfmyK6Kl<&HcZP1_PTmwplRl_@l(p=5hTNYa)gK+qU}MFa5e^t_d8 z{oIjwi=pFW0htLWJNdHAI2LGnVPiCT)?-E8>S$5Vwj(x}nSsaBc%fcfUr)Nl|C+XG za~b#c$ag$zJpV-~%OV?4DgW#DP5IwJe|!FKkcVe#wbYMe|xk08hldGccsW2 z81q`wg=On&`yD)Mr2is+*IIM>f7~9~w-#!q;;BRo$6Cd^UzHIH5d?Jkv; zQBiV90>u+lNiZqWRT<;6elg}+=s&?(mfMcS0-#d=W9EO_@ArFu+x#CJc^d0~tVZl> z3J_GV1K^ulTVLPX$#5UpKS#5@ENfBey( zLhQA6z`I$9na=}C2?lruqXHIAufwJW5hH z2|vMrr}g~TT@U;cM>hb)tR_VXBrpY07(=h+y?8r(OHc}bTRY$s&F3fvzn#7XL73u} zHw{Ub{mapBd80qmF8f!$m`%I%ANdns#oZjx$RB@PBrNwKZawz!b<%qL|FQS(-EG@i zqWJG`eG2@Po@vq((vtj0kM3mFO`Y__>n5qkPJ3q7xo5=?2}!K^DnQ9rlgwwo3ojA` z!KY-|Nyx5$mC7Wru>ouV8~bU`;Pv1KI|<^!5C1cG1b&0qi&g}jy?jLm^hQrNrh)Cb z2p;fqIQsod+yJ_-|6l&`?$yO*lQ!zs|M*bP|8;nD+{gdj%LC&W)5Dov_vYRzq^orq z4J?pA?ENwR@o%Gn1p>T6ivdP!58X5?d*A))pJq>g_w}D<(ynczdi_t1kBaC2Xx!ib z_VPS3$X~!~>^yHu5D%e=!#np5$xVpNUL9!ft$F5i@6q3-ZssRmJfgy6LhC3MyK7n(H zVSo~Ugh7Mn6L^V;gFP05s7Zx}4~5H9s5U7)_%yZJJS~gg4ct$IPvA-qFmhEnChwPs zM=1eHNRlK1@yhqX97jRNvHoKPH}qo6m6ir-$&IzdI)RHSbPZT1aIrnQDcq~|*#4V+ z+yDm^>n!$5^;n-Vj2Wuj8GjpORjkkE@1o>?93z6lq#AdIwG5oqsGH#3DwrV*qInt) zct==|o3zghQ>;z$vN8ytz$Id-psy0VLRa(`tsX!YAIaYU1_-z?fdD!LB7 zuvV;pOKX1uYP4XUI~uyK%;cVB=x&eo$Inekgki0kX4jAPDJv}`l8i#)*k^m6K=`SW zjFU-jd5F7RW35D9sIB)2{9{S^Nem*)WX(L=IU8mQN2c>@*uIK&OS;yL(5rVo4Qsx7 znW;PA7Vd2kmRR%U-56^{tlnU(&*sd3df+J#g7|-9V}0?{i_=W4whye0)}kf#%dpPF zxCg8$hgq?QoN?U=K?(RbiMdBaPZ)_ysj`$mH^aKcW5Qau;JnI1zl@RN%{PJa$|$4|3aBNKci2O!0^D5b(B)Xik*hk_054>J+aG-` z{qS3`SD(Pg&yBhVG72#Ub~kqW6L`h9x)d{q*J|8k8P@GrqcMPd3D!Kg{Mkz|kMQmo zkx$_2iD!@jWSGPv%Aa-8B~#=B=N$S37xphvHs`3+F_kf3{rE^th*J^PISV$?O3O$SR=`TK~Nz9fHXw{y$rAr z?@iZbd#oGfYPgcn#VNx!z4FWsDNMU5)@@H2W2%QzPF2M^OAOH#%iUssEwV&ZaH=ZS zGVjE;IB$t{mWQIrSSz_L?scq{EEi?~d90Px8C#;g71pWMdb#XL!8*&!u{DWog>_k4 zjw>V9rHMbzmQAHv(5GU}lC$iDvbVz8oTcTe1nZJ4FkQN_ zQ>+W)UWxS<{n=)?x5AnjWY*>H@XVE=h!Boep zYEdx5T1|_z9p+nNt!755qiZeW(!J4jO@5`TJl1uIoLY3Fy^5nYpHtb+SCajyYa5^KCkCv4@7oyn9v-9pcd~?GL=L$3 zVOdny=1-mf?|3rF+kcNwj*ol$@4Y-);5Hb?>7OHe@;7@la5J;!DR|E)19${LX7m!x zffEIB6tYuO-PGA@y0Lp<5&;O7-eT!*09-@Qr>ENh$UTZ@kKxAMtB{H4=y|}oHsHV* zI$pAQ3T~Evp0kwTxl)cG82E?~<~KF~Ac>~m&N>(^TE?9ez9>QL@V1|0wLj*X`_iZo&0fHd`VZ;?)HUs(Ym-nxxtaUV> zdya=fX9I2!NZ>UBJoeb}9!3d0f@j`hfiNQ$cJe=Y%Gx1+ z+)xHO$qM=gXo0s_vig2>gYZ*;)`-@RRtxUi6^O1o@=~?rJy_t_xn$kEWRTv_u1&!x zH(ptD*(`v|Y;Z^((pz|YD$7w?o^WUvC`K@$oD0Hh=(9m1o6wOyYBN7_t_hf-8lbbqz*AlpwJ7&<$;f*7=E+eJSXFc?u2#J{c*ViwH-n#0wFTR`JaHUN$G1Vm?9< z3x^>&BiaD_dbtT5Q!m~`3o!Tm1YruuM{DHUEUNe74gJkI3|8`m>jHF}U1aVg z%geQF;sst1rH!FwvDXkU$aD6Kfgh&uU%~_mIZkRw$pK5`nJIRJA>MEY8kf7(F*NA5 zvU%y@0bt*LV{mx5mrO^+-=6x=3uG8Vre=F50-Zz{S+usr(GW$%Y)!#plG`Q}W^ozl&JfM;cV1YWVxRBRb}wK#H9qw_3s4fyz(&yL8`GzI9E zt)g@QIXKlqxfG_FBOnDV;8Ff@D#z9^`FT5NKEfG)*LPMtiV z!3E+nsR5s4F7uQofqaav?%)*i1btC3~Ta;a&#mOXxn*s3I*2A6a_}QjpmKcxzHX4i4GSricn5i(G z4ce1GRtRr6sBB)-fyr{hYF4i$)l5r2H+WT5b7KUwu&(m$BPQTp#nLJ&-OCFAMS;pm zEyGq1g2f=&jFp^%aN&iwB}EgTSkPhYCFLZCWnGJ5vYdk9!7vSf?MjjqRTfDx{gn9f zoZ}4wOQuN<9bz;w+K7;=wT@VVlOIU_g(r&CXYA?uud28#aY|z{IC15(@8qjW$y- zyhfX$=!HBJr(pQ%j}`Pky}I>CLWX(%f0%LTl;r1g znDE8f<l4w*S$q z@oWQNnB8}O=~Wi-nV^^d7-H!A$bSk(Ktu;6fM3c91#>3qO~K@7IVic0W6Del@kc7Q z5G&??ff?FFq02PePdU#U-Gn5;2nGOQ9AV0MO3?>xIDoeo9O5~`7aYtK9P`$hXn=v? z8+_sgh^N5^k6GptKoW=(_Wp^K_pqYYTnw9`uK~P&Wkdc3g$uf0j>@_!M^!4Y#Uf_9 zkaRHVnA2uugZBSbnm8AQJQ7U7_((Jqkpy7mFu#7^k8Y65#Z!z~#)z!^z)7>LvKH4I&{gx4tjHWpQX(QS;Jgr0F;xKch7*^RSY(}bN*CEv~w zejO18JS}4SENJ>=w)#Z>^WzUrxsr?(E{qi~s!yYV41lA6F;K%acWaFyPCV#mge5si zy4F|_V_D=wT7<5)fbJcHxnX>J&G zc^Uur`u+R!6g@896`y21lI_9Wd%AT%Bx-H&QFx;xqpG{DpE|P%BB} zGA~?|uYE7P5I9W1L{feB>QG6LczXWpuZic2h{op#)6J5J?T$xEvA2wUt16jMYvjI6 zt;By~R^lanF_bLr6Kx>y!WUAD&W`GT0N(x@riyjo!0`Jdv#augm7l;6MJr;1(`6J9 z1fr0Mk3kL=AACkTd5E-Ye;JhUA^pYj8@O10MORC@DI=U*Dv*amvp}6s;%)`%Mwq)1 zsB_T!5U5wSv=@PTB?b>hpst^&y+FN#K)n|R^}?W9VG!jipp$$H;vg>GF z7p)SdCf%`Cgp%j??B#Q|AAHX*VJJb^&e(l%^oXPPoaF*wGx_5Dj4`#po@G%8Y`#@8 zp$8GxNwffu&%#!R3!)G}KvpwPs8;Oqc7tXY^gG8cMfQ>zeS$c{8TvkW{r>G6;CtaU5tbmXhmpfc5d3=aCXM*@ z>zN!tG~*(-IdqT>UND0haa^YH7a&GLK$CUz0C0AYm({ybIas`k05wB@OS%D55?Lcm zSY*T74Hx5(1bZguu$SE%=SRAWWo=AA7OXvO$dW@ z2r0otbBbbd_=s^Lc^(IsUixY8kw8VxqrBO&dp}BSAj7o*?2+rKjN_OrJ-%lOz;ugY z*^adF@Io%61#c{Fthv)xg{T$&Nh+X7bg4lVh41vrK zX1?;DavLqq{XL}!y-(+mb%@Q~+JoRdhG_0xYv{5Q;T$GQ-p(bRNZCcPV@O+Sf9`32DZ zeMJ&Ry^l$PVsHSCpU~mBVXKlm97S`!Z)c82D{g5olp+h5pc}a1)XgPh0lfXdYk#2p zjlW{_U=WW9;R=&~08$e4!bQf|Ju>l(UJ&DGM*Cr*a3PI{JwjH99E?Zf;{msVLNDK4 zUeLDJbk+k8T`$~_sKfB`-DT?SwaJt`L;>(pepXJs^4gw@9Eb^coCsDsjj_k#$^S3p>>B}(F|#YA$Ud=C!3pK+ z0t5oMp%ar?lXrL>dC-TS%6e*->IdCzNI3p`+qQ(e)~3 zdnq5#l%b;+Z~^(l0>_U1A#q~+-^DomhyCxV|J8rkWbI@On3VprtT~$GALa)~Ly~Wj zEIE+$<=`oQgk;tqeV7C?=`{RIn@oGaJi3Izr;Np=qEmy-)9h4YIt&^0IVGer47h~) zEsQf%F3=n!vdr{oNdz#mFoG@ze)*D*mkrL?;l!F2Od8pQ4qa#d3_91QMl&tjG2iia zYTwz*m3z7Jy~&k(334w%ZY)8jf4^tLe?~cEy45g$)Oes}&*=rty`Z@lH1~q$UeMeN zntMU>HiBmGO}aAZ=Unf~@I|s;W@{C(d`o-c1$Q%aHkONgxM4T2!%;BG>_{;R zqBVzqtrUMrOHXN0*5>Qz1~B~&6Fx8r2!=PRFYj#STyv?olwb33QX`kQBx=bTOzO=A z-coExyS`@Y7o!A)^xZ}J^#a~Z!T86?v0H|Z0$Bk%29J;Fy>XQw@?;Nq9tWM!oPft; zu#8rCA2^PeDvq^I!-7mHA`8luq$Y@v*^y>{9>QE2@>1G2tHNF;S*FY>|5zpmZZ3Q} z6(^>YtnqVz)?#;2y8q|y@%l|&+u*fpQ3KJI7ywncwIj)vlkZwiw$)UyWpZ2=a5?YV z#(DWs!F~Brr3W+T7c(bj(Qv_ynUynmG8b;LDtolMyKD*6-P~p+@O|88Yueh&jkX4V zhX-?~EiSJ9R@=!Rxy)*}zv}i^-Ttb}uezL%GhYkpR8PEat?sEg$7IqYy3tMON6@94 zAY?26Yg+`I5l1s?nbpni1Hx~p4UE*ZLMR%Q&DEC%W|ZfIgcbF@5P`%?{Pd(xCEa^c z>-;$Saa1il5OcI6wN4qdCVHLnx(`NwvC~TxDjm}sTsin8-@%PTP|r3OjsnjvVD6S> zHv`=b$1Y&+gJG|3%D}HTWWuZA?wh+s zD=PQevxm>;?(_E6z$i~r(~jWGdzOL~jzI15OUvPcOJ!&F9`N7+M)H z7Rv4O=K)9Wl;=Q8b>m>Z^8F2o^<`6`Y7uc4KEG?2BU2mQaru>)=s4P=jpwWo?B!l!F!+!d_`J^g%rUSvD*lL2V z4A=}M~ikqQNBUo2J#C}0Iv~$AS*258%p~ej)+Hq z7drmRMQPrU>P4GY&9B_=7Jf8?K3z>b?}!aX*~hFs<@;DnrSQmBr&1%8#{xye&LP{C z1oD`yX5eH39{VU%+I<2(0gwMrqn;-!b`5vx(!t@(KF3TuFbaL(rR*o^PNQ-4Kxz8( z=Wm(CuY8*Ee_T#~YGsOrR!O0%`M>dKd~%}ke}_H)x2NahN0n>fyMZm1m=HMdm82FE zRTlN~km=fQ#*)p6t`iFo)OF+Ek5pz^C-& z8FOG#lgp`pNfqo#NnB?F>qam;nlMGzTsCVb*{t!cpcii*wL)(vMRdST|I|lq_?tmRjaG4yk?8F(-x(bmBN5!c2_%XNj2|F zi|5Sky0llyT;}b?)EQLYE1Z_H=PRw`e)iJ1hxW9R|4Ac~mKot|^uI@w!?7m+n;adU z^zy%bJgww^Fm%ggfF=e?l1mPb1-^rSvG>~;OrLYcBB#APg)y9YzL$82*e}k{gwTrE zuOR`$5G6MezV^a}ef=XBb&ZD_*yoIOU_e!&q^T;~kSGS-TArZ<^5*LrVkOhovkL3O(sAXqSZhi}5h)yE9UR=9-acvo&o14B=AT=muu1)2Cb3$E{ zw6#IgPF{{9UMnITRRkjHsBm)ibF|c;@x&M8nna+JMKh8L$ zPvDPLlvFY98Y6C#oIG{YsY^?L=IhU(b1kx6s<)b)b+CN4+&R^USuktwfG}|`?}{#2 zNG(@(GL%(AQF_B`+jRji6`(Zlr-5{H%7y-lu+OIz{~t%Lo4WqZnCoAYyFd;9Kbbr` z()j=5(aE!(|KG>cnE$uhT>uPTq6T<1TzAZL9gNA>`T6uyYW7!FK(f?->2AYW>hmIk zyJW9>UKV`!U~LZ+g8(z1XrkVnA2UNc?~Pm(-8O?FDYJ@iHA2d}QFDwmN9cw)86f4c z+OzS4Y3_R|;+;IL&VRx5?O6Ud86WBPf0Lt0fBx^~xdZ#Z)bvlB77t8nC5gC~T779J zeQx@y&8WMd77R7XvP0 zBzBg*#KQ2#1kId(7p5W1>8V`qRnf|+qQs@5+@Zp>6w-=jkBX8JYiL|=u+DD@p}jXn zjW0!+Cxvk)tGy^{eJDyiC?s4xu}cwZaW@%cuq)g!vPHFjjUPsd zQ5^cRtsza}Q_G2EMQvl2pREDdX>y?4rcj-@ZRK&(yqO)i+ca>t$tLc8ylvXaf8({&R{2}6{~e!< z5B2ze&nCTp|HodQcJ^Nt0^s_?%n+rn@j13dUF9^%94gLDC3P*fQCz+4Vb(-$Ed?3S zaS$PIBNwGw%L@eEe_$^`zl1DGaMwW**?yQrLCWW{H{Fl!BHX-*ddfnw{;1gww(g6v zY06B6Tl63&)5$Rcg*=GH9k^-qz% z$_CV(|3_op{^w{i>hFJhdAj@m=uAMFmN=h*sf=e3B;|z*n`d-l$(?jgLICLviN0n- zq7uS?>2lWp9?eAN$Ab3zOSR-t2==nr1xB@*=D&iVWlkr}9$HcC$@IfU4yk04(v-!S z<JV8~xNy8vB4Q;P?DAJOBS!A-w4t{=3fp_h?i& z{|`rpz5VZAo=*3FMh^S6{$)+}NA^7(*=+QG3kNnQgKqw}hJ!!{w@ag6!M}!4qBRFs zNkkmTOl2Xj)CV}IYq!38s3&IaTSAB{%5V(pZg@GfxdRGIMd`m|Ju0dJiRa5-6j z3IM!-A#iu@Ls`85-dd?as-b!SZ&ORuJP_lGrN>~UEoxRQXO=pwGG;WkB+kw^dQ@?x z6;Y%ZVcZCzJqkByb`h--Br<0e3~ABK#`L=tvjRm73IICc@ai@}ID~!$8b}nW!lVGE z6EeK^YXn_{ji_)8tR*X9L_`D89t~!H>;CfHB{Rof8}Q)9@Wi#;kXTrhD&k^*(;b8?wR>t%}g8V z%RxA~ECg~jW5E1Oj4d|=S?U9SV!+n-)+j`Toa1Pg3zJGo?e9nnZOQ|Z9#{uU1pQ>W z$$!+<2L?xvZDz|VnFFH>hmgp;ja)PZN0U*_Og6jKmJPYV4W(|5ihckU80#T{0bLEE z@*A~LZ|5$De~%6WyvaSe3y2%b-8u`1yV_n{1#;_Udq;sjN>Bf^)Bnve-3vmuf2|_0 zM*nv_nH21QPL7Xz{og*G?)tx<1vT7*9x$cEULkm&3c++5%nF{AKz6GkG=SZQrZ8=` zi^edm{B>&%+Y`iYREY+_y-LwIA0^|qGaX~LO7^5{OdH(4&M|Ge*FEk~_n6VFoQ#L5 zgv@x5yzsJI8=0-P&VhyM=}uLof2AneOl6l~1Osb@{pT#T&%r?_^DBm9ser$|2Gn9g zA)Ca$my`>9(>}9uMrm&WWB_k1Om_uDtQcWSIGdKk4&dztFMp2k1utFS1pnJd;UZa9 z!v0VC;tea;6lx4H^nK)eB&Y{{o)xZ!j}eKZkRZ!}&JtO)IhL3@q*PbIf4cBmr?k>r zc>A-gQmbA5xk!fZu@}cE=MA7js5;_x7Rjq@B*S5I)@Oe&_>A61o;6!2g zL1^LGUcpm$+4SRS6o$y5hs=9ZN^T}eXM^>D>q|{=WD%|~ErFBx0t4N~$Vq5_5-(gCf1&Uqr=mm&oB-Z_NJmC6xdFUA%Z&%AuJs{C_(PU!tXTaV z;nxu{wp{|Cx^jt#K27`BjK;V?`e)BCU8 zSF}5m4q6oRM$};k$<=SLdl)xO)3(9i>FMAo=@Rcxq^`FB-d=ite-^U1XN5m_2@0|` zMhlTMlL85!vr_7xzyBmOhz)J7d168I^ZZHfx(<|4u)lfB> z-P`uAXHJ{mr@lFpf9*lGxc2JloQ4TF38@LcxjDcjT`JWj_$%mAS57L*snHOt> z;Q}e`WOkNXf9!=;=%1edx=Y-hc-0;8u3>f`?9=J|_re86gxH&AK_F_*|D%(!9{=%Z zG#>Tm|2`hevIgB_K$-b~3OR_R91ZMubXy;T>2sbTAs6nqIz@bllA8!$)7|3wM}9z! zhZ@-DOe9c9A#bY6ma`Niwr`m+EJK~CDJ_|{rd2?Q#&VOjUDMcx5Id73X#i<`#if%T4kcwCm*USHx>`NNZWg z04@h6Hw?{DN#t}Sz7pQr-~m%po$@!!h$JRQ8umUfVP$;FC!q+cH>Dy5(Vi|BG?ftm zO_Y-Re*>?4E)8wf`CPwv_jQ*YX2Oz5>|wGj%BRKlucxkjO@D-4AMO@F=H?LGf6Id-qn^Jp1AO z8MzHT-h#+G1z`n8$I??krVg zfATQS-G}mYI{#ayfvG$HPevnM{x_cV`Cs<(>{$PIcWGd@7F9KoU$jmP)8~bGkjMSj zNn#Rtzi$9PNw4H-_+h`jY)4z*>S#< zR5;zKszY9!hZu8yoAbYE8kpMq|1|67{bGzB+ zZe^GIknC}HX@+aIIc;r#dq0M^9qnx^`&?~l+m?l4Nm2|f3}>2pHs%4aF(U0v&!Fs! zLCLKNl|d=8C#IrZ8Iv5WJuoJ@fA+dFCJanV#w6EtbH>D6?JH+Ya-F^>#w3SBTgIeN z`MwzwEsvP!L2Jgum|v_tV^TY|cgL6*2BL;Bsp|7XbpdK4|7+>?lRkC&zsbo&xBq>1 z+{^#=^4yK=?;G{^>D_$p$nMu{5p)M$Jv;H{*_jv5&b)WNOs}1XaYBCGe@~n9zopwx z`qZ5NM@NP8e{wjP^ymLRo*mi$+_B$Jjw9d3-G}q&t=)Vo^M>{3{l3oo+~jq4>pAsT zBtiJ>d;owWe^0@?C`8R%WK1_b)ip-BI+nY}h(ZtBHKxf#wDyEy^7H*{8A7{IrS0r} z{=Ue);Er7U+PL=Z+NE#jf3AGrjtgHCBKb-@_ICSp;QyPt{iRQx{O|CY&i@}iJM82C z?B%%|`QO9#_v;-1?p3vH-l}`AzH(Lk{X6sR+KI1s-g_WVv-6*LE^;95C;_aK|Bc7b zbot+LZ~woarr-byf+gSZ>fTn^+N3FjJZ z9J`T@^-T4b{B+{~TS@?H}H8i>6_@J^qG=YJAmWM$^I?F4`|@jniaM|%F>!_nlp zKmYgfG(P`x*DOj7r6IjU+@?azrtJ=G+GKxZ-`9~%N56PrGcxFAgl{?sG;l9=BA1n{ z05(PJ;!TQAr!0|uc5sdF#Rz_TMxoJMy{*6QpJ>bZ74(ry*^ERrXZWK=ciT@|*J*1saT=GTb+sT9Wl-zag_#Y?UKBQW$&D$n(+xi- z=oUgI+85$r7^5i|CU}L0#v+`_92S(yf0LVX0gD)W5%!YJY2H_y4}tb6KLVzjLsN?YI8m5DFGN`3@j2bf`;9_F zqW}5E*ekl@MTD}~bh%CopA)!H=0O=pgMgIRh|`Zba>onBz1otexcbJj=sLGt4?jOx zLo8WOQ$ask*gje#|9OFY{Alrpe#v3YDpA6+pzC5pf5`KZ&HkG%8fD-3`zc`3yzauB%Q^y$V41jTIQo6i7h0YRPdVl7&7uFv8 zY&rD1MZ7;zakL5m@(pS`r4a{bxeBk(qsTX+z`j~>6!|3>=+)aJKnMI1VGof@7{oq$ z;{{$)e?UZ;9Ks4)gq5~@TD*u?8Psj?dkb$*qtIDljKci#C_yoRx0aLDsKT-UyFH?0 z6FNWnk#qfWh1ot|#BdWj){GXhTv4WolL<_FWLPVgo6xBmF^&qus&bf0fVIa8-6j~m zzzdQusUIPFVdLp*Y*o=00cB6uLL;S{|9L^9e^l7S3b3?j26eEEp$t&C)`Mk~55cQ& zt&G5Uqykz;{whFkDZg##w%8|mA*H>5mOp2KB9!e@DS#1le+m7~lm$+zA$#P{iMI%m zdx~&!%0Rt^vCgnr*-f=m{UX+c_y-Qc2{{Nh7X4wzC{W6i)r^-mf6n^ILQYjtmBgJM zf3PJ8=_hW@rjKxPX^7@Rn<`8W?V{3Z$uO3Ktej4*r!s1=7R$v?7kUoyA?U|!?b=`HUin~B3ZV= zOS@CPB^2jCh-%(OE}DX)$*6pKnzdogjQ6()>HO7T0I< t(nkN2#(&>w{D<-A@KCq^m>iC`_=5sf0s*AAPKE*r0SE(H&i()z769@T5jg+= delta 152357 zcmV)7K*zt>jtbw73XnX1eShP)ktho1Z+!}^JbSu()}$oAcI(;6bKJJ4#~HWnSoU-# z*<1x8Aqg=>Z~#(n&CC6rk8#h}+fQ88(^TX%=OR`879mvTd`zQ!T8u(2ItfqjRG<9Z zB7~5Dq;$smZw=JOrej9)LTZ5RUc0e{WC^2+8DJHvZ_$i@ z$E4yS?UVUVi)NYovlsTduftv|W*JLkmPVYZek&l6NMoKulSv{*Gzlk?j%i9mmeNte z;ubNpWuCVPkt`F6=Rz*}WXu!R?{vaWq<5U^l&$8r>;Jn=7xoUroyN{GDP}C6vO+EO zSH60n%SuD9*Iw9N(Q7`XsaWn2A3xBWYgG2s4R_vz-B!$0BzcBC9g%NXG9&Pj2AmVc zaz%>Ft^YQ;a+CZ49e<;S<^sellr)W|Oll&bO83@D#6+l$BjYTcw3^6fUMG@&^j?0- zPnG}AX;Lut+y}r~{@*(|Jlx-{@&CP@{onZiXZgXcty%vT`B9{r$df|lOooYwXhL2V ziV=|}3&O`_Aqq)OE(Sy~IcJi@f~oXHP7*$6gr_8*GNR~=0e>Vy6|sBhRf~9xsShWI zVIzH#%Yy0d&&Fg-6UF=;PVRY@+AMra&MrW6rlLcLkj z=tm+=S(KApgybxZk|JihMJ^(dke8-gBBUG7D{?kTg=Dc_zRHXPx?6fqSyV_ixa0cN z<73Uc^(vSZ(M`AAI+n{3O<8mY3x0DxAo@ht_*Tvo4S(T>g2}~z$vKbMTdH_;ROHhE zizLf0fThMG1%Ht(>?BV}BpJ;aG0!I~Ws*l_!yqlu34*Z{vp^pH)uP=_?pH?1T z9SsH_F0W6T&|y?Ec_Z#v>LWCZTu%?;wa^Bm(?AfJPdhG-qiX=vI!t`#=3e!tapf zo3kC7e{EWa&^i+`C%^ncwg^pq+SF^0Uy*7jgr#vNc$#l(qKo->%p^;5q9?`M!%iaD zh)%qz-XfpAENh8{{AUmZEX|oDBaI88MLyMi#eXc#IZYHv_#F&B-;}PZ_&*a>d3|4w z$BN~BvO6VPlF;syfy&Vb37GIneL#i zX@9$|q3B;6%iJboA%V0FFfI5IIudgh!uOdJ9~YJJA&1nTxTSJC0R}5YkuyERaC};1 z^QjcYWJ-9h;5g+Ga~r3%Rh}ge&IB@-Qy3|p)b~@C>dpw2j1)?rZ|{z;$a^a9Se_*` zV&wGVh9q3+vo9p)jLMYE^eIYncXUJ|RevI3AxP5UM2Lz0L(Dp}5>ChPu9EF!#VFxX z`8P}T9+^ZLP)s8?1N`3sd~yt8`+J(w35$u@QLrXg{?Rg-Whk;-vl*L>kbpJ47nxoO z#q`CJ&REW*!s#%i2J2+668>G|p665YH+z?xW%icym0sSz8R3WA(-iiU7K+}zzkec% zCF3AwSt1rp-!_tjMX+gJUb9HdX8O(;zk)Avp70;NzEvb?#t4cODr^~Qf^K2O-d}AK zo)fOfluxFKJ{ufJA0p1&3q@kCa>+*p?%J_8V+ei4GS`<^0WJ_{O{^ZSr3m0M6;; ztM+^++}#hmfnKlg!j)R!L2QZFP zv+3Ot4ubbopUME2h-i{1U;<+y@2LdBF@J1F?*ltL zWNJk5Sbqb1$-a(hPDfN3<~NyTSHS;_>Zd_0AvjBYvUZUzgY3_{;a=Fo6$3U`{FcNXPmai4sDd4GF7yt=;p!|CzO@a)7tiZq`!Ey>vlvbLic{ZXV3Gc}4# z?Nf+WvYE))@LuwKiBLB};|V0%-S6BBd8aZOG1d7`_xoA=`(KfE2Ym9~-c=*r9=*RJ z4htL*&dUcqEfs-TGeDZDpd3J0sNkNdJlF{-Oc=daz!q1Ik!HLz?|*eFQ*VY{dFBRe zC5#3<6`#!a?Cz3m0_r7)k$JvFXcRG}hIdTU^6~NMU@-jl^m|Qe9|q(IUh3O~Ymd?- zwjZ1xU!UH1?NLarw3i}bLn_lgxxPF<9Ufg@n6~-_p)z$XGbupRN3O0fzdk!ZHSNq} zr2qGP#(~B@f*3kwNq?!$Td{X%MUwL%XQ@7Kt>g%B@F*Lw+#S|4{TQIv&TLKpe_N?A z{R%eM-!uaF#K#kR`Cf}qi4r7bxV@Cutp`yHYG2jwUsbsckVFPksu$EeLKa`b`WtjC zI`~vVO0&fu~-=1lg< z7aD;fZYOhK0m7A?Ma*_Pv&xc@y@&VRb}tl@II;S-k_%9!?uCr|B)gCGrcZ_LIx6i- zx|Q4WG+`37ZuankcBa)e8@pp>SsMqRTBQN}af||ViGQP&EpDw{s&Zbv>Avae9R|7= znr!3oqgiso)4LIk?v#UsTX2xj=O@+9-^=)1HfeMv=je;|tEUI&3bim!tTld?a zR{S*M0(}y1uq8V0)eWOF)r8PT{S)5fn^26$JVKf7!)Hdh4slX zsA!4#+cgDj6e?Y4UKK&M^^L#Coz6o`!R6r#AKDRsVvq7<0SpHj>Zph(%#b+|srTk@ zwuirYp9dsgWUOyLtNm;dRb-kUY4(OqG*gHQDSvr7xy@plGY=TiQW8^Bk;Hwn-(3P$ zE}m62!UFmzs|vV#p2p(7PhuG45;#eEaiu+-OeC97H0QaISDK7@l54hfSDJLom*PHU z@>rxf)r+?peKBWJ@|dY*>LNxvQh}?<2w*o5POZhx$|jA(50e(Cj76H~*}a>_>vshL zRDZuJbE$MS`^Pel*3yP?8pYanvCsczehEa%R_~Wpw7=8shOd7Gx_^-74c3hm?~Ta3 ziv?4l4%IS!mXk=${h7M98=c%Uc9$$j0UMsY#6NNSBl@ozrf40Xumd!Js{=fI@}_?A z<%_igD4C%ditu#YO`xAJmQNgl<4fM#L4U^5m>f@OI$?NrG@z(-Bh#jQ8{q@V5}NZl zLqCPNo)S8rR1mODZb~xlhC5w&dnJWF1%QZ~K#r(l2~Sx_-WLkA>l3gpNYMF{phsRt zG}X^jn1(rf)i{N{nACo@3~eg%-~a3XiU0e5{qJr4%k;nh*Z-~nun2rGfOfmFdw-ir zHs=D&x%%a{HBXEd=Eavr4|NwkuM}Xf)NWSIz~z0LFz%WZ8$27htWTY2_99 z`j00UsNag1ruWMI0#ye2lo6U`VWVoYqC=xeBJRt9<$|Ds##(6no(;6;lTHm5X=^-> z5`BvS<-TN^6}(ihj3$WdWr11f;48J!WeR`?oV7^nsfDo(V>63Q<8IwK^B~0=(egXwesaz%>=rUQXp`Fh{C*{ug z2UE(weKu0D05_zUod$Z@>F#ucUN7kNZo1t*{QsY~@!?L;eRH$3+uwiF-+%MxRWxNT zY>$(#4i|qfe+AF4F-e7exJ~f>x*%+pEOodJG*Y&DS?Nd>(uBfamRJIeM09 z0f$vTc$$x$>Kbby%Ds8S!C+USRqoYHYLd=<#@<>cZ14WqURs@aPSc3RztRF3=>MoS zvV&W>Oowsv8Z8M1KCcC5RjNqI*9gtHZSqX4_#c0NV1K^jy5X<}2a~sw(YsjOr^}oX z-v2>x{VJg&mh?3)GG#eaLvQtJRf86i>(R)nAg2F*&>mUlBrCjF*q?(Y@~n1ZoFWPavb`CYkdV`no}auP}4vr;v+9+ ziTr=`i@ED?I;)xNrO@-K{~Msqx-=u4YeK`X^~Hxph2;6-Sfn}onB%BrkshfFkzNat z`woOG(zo9$WB4}1$LsWUk>-5HPCWJVSiO^?$n>4J+biKVKD<@>7VMsxPf?#_T~{sv zpZ8qNXdX>9or*N4JY{mwGzhrsURmSjsfsgbV)QDd09x8U{il-A_%clvy1TD=!qh_L zZ01cwL^C?#3C|%U3a25KA}a~{==>aa?NyU@5H1x@zz+{X00ggHk4r{m0hXrS{<#0V`+eOhdCwh2k!g1Q90z36m@l z88_)iFnh_RsRQq?!SQj;cZpnxm=XI`NN)53yLGR;BqL@QrkuN!<@Z9~X~wJ8_vzN( zd=g-sS(AJbI02uNwGki!?tqim5i=)P&Go3397?Rf)i*3t%z3Oyvwieo&^8Pc-L=|< z3K&&+VAK$|*JqP45*#-@sXs(UtLEs_bzDXu^oaowAbsfX7>8+(eaan5-=l~6m4iTV>#6#z+i3Lz&6t&$7RZh7&m-Lgd{x9 z-kTS<*XNVh5+Hx$o7XbbXmyQbIZLvR1=fiU((m`)?;gsxSKS{5m%X#^&whA&b+tIV z`glHgJ>S7G(=5~5uk2vSi=~bCmkcQ796u`Z=?$MTQRIEn+uQ4sEs_@CAFn5ar-f!@ znzj7l!;NDiKyvWCWHFa4$~PL;dp3t_fbG+huGaRaVz;CTN?C3QfujqH;K9ij@CQuw+3v`apq9;OqP0l+$xZ z&Q7jEa%pVC*2^FHF7#4j0I2Kh$l1x)lhYG9RlmKxa{LF6sV#Dp`lqX21$X;!1WvOI zqX#rA&|qBWctK)mBo{Cj$4ut9XZ)R}2|0+EgcZMgt!&`Z{gg>KU&zP(?i*sl`y(wh z08a-OO8^Z*&s~#Y6ch`xMH3e3T~M|O?%0!n6iES&lgbnx5VOcw8xADE=g5A$O$2h* z`;+(-Jpw$ilQ$I}3W&+D9WD==#U=}rUlk-YE(RLqnn7#S^t6e5%H%y)EF`xjNv8~g z$IGe1j>AtP)<;YncGqsT1dpRexg<(BOY^gnleZNve+N1>eC|0qUL}F)sWH-IBX>ni z>?1=k9uxl>rA^(JL8rWJUY?yCo3MkBTsl8K%_Is1ksIQT6>)E&<* zQ+;2A3*~oO9QKuD##n}0ULbY-h1E5u69moETna6?!MR+SaRIjAdKYhOqzYpvm8s&>i{EM)3&ZS5}sWhjO>se7oEvdmdD}@Tl%_8H-;y^s% zssFXY>%)}J^(ijdJ?J$H4efr)qp1d#Nv1F5l|4Q4_%WK3yoL1haac;Oiw@y%_lBoZHakmjNmOe=C|ACk*YmQ1%fadPZ!yY z@`mcSwj3q5;bo8&Nn!=LmQ$VDe-tkjT#TmI#K^Tx^tSz^=c2aTt#vWgTUv&a^faAg ziUy0%#k;eMKMhYWZmz$-x;(qM8Gg9D{`M3CsgF+wgVVwA==SFF=Jw*Wg;Z%xiM_U! zQ|s#Lt%vPYZt;y#&&a@5a~)-c?x8!gcFY-@LH@e-{{DMzH%`K5JoomCfBnjSw&j1g zvwwhJZjlqzyi-7ur}`Yuq!=-0CHZzKV~E=*VT+WXUFokHQmnuep7Na21fU5pr!R5HV~P~~X+>3OQpScOi#DPys@0->KV z-g&?=1H(>1M70^zKu9Y$4TjreNMoP;92gph_|@U4Q2IaPF_UVj_>YVbvftae`~THi zK?6d_-paT3>z(}r_dcO=!iMI8IfXOG!P+ASd#2%($E%ZxCd-^-L3^hZ5R}aA0)qLFTs`n-e9&^fo zF4%Y{lT5^T1fn3oe`Xv{K=hO;b;dT3-ZSBh7Dk!va6(h12C0QHruZav86@=GfJP8k zqR;r4MWVN>GNAR4n8cDvyY zyZh#xcVe-Xz^|5Pa@k2^X{F3!SgC!0nc9$K^kNnIK4;qa@LrBsBJN+=Togv1w%qYj z8W(8c9l@noWF4r`{#TWbwydbL(=8>Wt!5!<3q34ye~~b0<8p+w=bVbBEG`n`oRf-} z*^4UWsSQ`D3FjqqgKW?uQk_Vo5Zl$M-1R$DX$BT#A`UcY%z@xx(kFlUtBtC0?wEJX zyZ-qulBYiuH2L}TBUib9b+Y0p{Odhu<1xgUw=cv1N6CJ^l5EVR_uxXDeq>RRvzNW_ z0Cx2&e*{6tV=WFXtScI^>u%Se<_c5>2jO;pj|XejEyXY*ADn5|w;Q31>%ugmvCk6< z#Vk3S^a^+q)MY2jQ_ShEFm+Gqwt~tiMW|B63_PB!mb8-B6cRfjNL9mEHOF(=xoPs} zvvRzif@=mIr97P=4d6T3@N{d7TuCnAf{{?AfAop*iBze{F*7iOOfojhFwcp780n6z z3tqKrbKP4rL`~=emaqs`)jR|t@<^I-wUkSe)GzOKn4vFZkqqg*>d<=?h>@Ok^yXW@ z6G%jac~knB)@ALT&nWpa)hctR0MA^?VPp?4$R-3Y^-ULi);3GTWC7@JKy|Ju{|IvN ze>tA&XE4(Lq4%oK>8#)XPZ~v{Nb}$Kbpvn^g^chXQfEi+G0jmf4Bg^MVXm~`&PbKQ zCt7Z;>O0CQuUvkQJ`9Fsrluj}Sn=+-|5;{q`u);(CSz0idF|UWyVLJ0f`Vi6rR7KO zV!X_{3mqVgdDd!oPyd7{1uv9#*JugKea zV_il&L^PV}R`*oSj`i=WK2&rL+GYQP0X{R|xe2%~QooDSn{(%orx9m)vNT&TIlAFk zmAl96%#Gue{yLp|XG{ra?~RKWdXW@UD>1rf z?CyyenM@0-Fv9+aWtG+qWS(=boTKlVGAZQYVMVaoGA?KMkrv>HUf%L{8Cy%(OZG7|aXY2eTq1v(J7FNeDbxUlhVd(aZVxEfxe6A;iVWo#LJn%JTX-13tYnQtfey-nMlNB zL0+qUGE-LXy$Kx2Vy%;BXxpC2R)T9xY6; z8A}!rx)P{}CXC$JfBf}ZRqds5?r(FG;1xzJF?&cxm zVXzI5Ox+8^<;tsJA|`6v;BJx;;v-G6<}nzuqeLiXeP=%CBPc6P?KAp!Aqk)9)iEA` z`VI%EfP0VpyDLk8L|GSnh9X z?eUcvk1+SVUTf}oq`k*eqy5WRd{*K7nQcC`JFb7@3CR&;wbwM{?q|(*=@HafaVGec zgY#|@PF3Kp6X%!jhUcf>ot`_gFqes3+Jr^b#$R7vzdyRExBj~lDGnqmV~uz^fl3?J ziOuN}t2ko8e}bc{Gh_eOS1$Z=jh9YTsu{o})$)#MCjr!t82}o>r~YTlP4h$rGy)w4 zoU^UE8tYf;BBS|K6Ggkz{;PX%17S&LvkX0z0fT`tl|ZAZP<{|@Ep0Dois1%?vPwLY9iX2^v;tB?XpL)o}UBb-PL4|1s?KQPB2 z#C|}Df48t@acK127#B%$Hlq_}wp5WMO9~YI+1&irpt`FltKmsiF}y{fDvm!!*eu(a zo7p%4DnjR!Cm=HT>6#x7+A`n*3n-k$Esu{h1a39(kfb8fZn(KO*xF0H<2ix*T*KU3 zC3~SSiZ1Op7I3k21D;D}pJgIeK|t;qIxNu?fBPn`B#3clN@Kk^8V*W&8*nC%S=6|M z;}0b_dVm)p7pn50W)5Uvx0Xn>RX3;9Eh+1*C`}fWPqd!2>N~_`VsNKuRi$r^eakK! zpR{AwtJ$)e_(rPt-L_2#mUG|sEE@;`cL-W=HEszT=VX-7^lqCJnaU-jW$~HB6@wC~ zf5~0pZX_npJ4z#F4ttpSwK8mTR{%Ih=Xil3$f$eu9pO^{MdMgwmM%__0XUx;gCez| z%_Kv>s9s^IzU(m+TVM!Yf?q{v%vs?}h(@&pfAX7JShTJ0M zAEo;R*&=07uhADM3+OcAnb{vb@b zQd_ja@&_(ORoil1h^>NMX+Hu;Ww2nWOW6S47CE(N4R~c*hHO~ywf_v65;76+Tt<&5 zE7<~xD3*+Ei7`KOA@Zh7UkeNus(7msbbhYuQ0x!QvYL*gsetQREDar(?(<8ve+`Lq z8wL`45~2+?d&>r&F!~iRy^J%Z->)qo*(W#0S2bYP0pg7n)7S>fESbtBk8(SQTKr0} zN{g2pdG!PWKZn7i1!g6eYHe+i{|Ql0D3yLEl48b`cMF`GCk@1{x&78w%l{A$wkDYG zMUm#qfXNJ>Zv-A;;H}kNyE83ef2y3N5wkFtxPcM!c#29{$WoO*xn!v|sJNbUL{HDJ z;yo(^3HMZElLFt?jO5YgISN(?PWl=$cP%Uc9Ww(N0C?S{f zPoV0%?qu8RzD6m=d5|R{f1Lz5lQR<6>ZO8?{z|A^a}_UKKJ}AVBs^lNVlA)YQyI>Qyq2 z;#3V)JdCOZY|Me^=Z0KU?8z{v3s>*SeTKa1#nFpa{Veb9uAG*@NPKup)jwV?zGYmY zcnc(1)2AIiG0s)>f2Lam*QRuZh5rG^R4C3^3A^+kvpG||?(hcVmh3OXp>8zv(9A@P zuZJ|t{1;pdt+DK{El*mCFxK;qvCMlc*@S)UljR~MpNfN?@kjJu$s*Mv#-Y;6UT0$~ zQ=Oe4+0ST(KHXZph__vIX`$fiD}yp2Q{+AX)_TVl{VO>u7*N z0ljakUoH1yW*~HG@%l`b6+2vL@r-6I!_Vt3v@0w}`(2az-?tm>_jcZM^R#NF+Vs1! za{p5q7Ms(ge}JQ)>ATwOm3zKiw^~7yEpn=*3QHkIen8EbB_Bgr>rV|MfRaW_QfdD& zO~8s7&L~9Il=i^h(re6?q@4D|=$`AEE%MLkC#p@ibX?2cxH6%l@rW{xH07i!t}m}%bw9~yyfASi-wxi- zdsZ|GH*$rdGMe(7MY+DU-laMrAg4L=;(r?GMK=qSZfC#6h8E>=qOw9wCp2gG zbaf@kO=%C0Ebs|6Gw+>ei&@gwLJ%fw!y@`Ye_(aCd~7s~VE8SA6}=mf(f=CRpsXwF z>GCztDj-zY~wn___W=s=#Ajnut9$FbxV!nkEZb9@UQizPKbHo zOnbxd%VFuU_4A77!_gvV>gVvwAv!(|HEsN?R~00y@+(WZLwkh&WS@N1#uKx>txul( zf2+0z+5W}r5#JAuxI0uVH{Cw6pC~I_Cy|i4lT9G}tlwwz$e#}Q&S@#k442UG?-$F{ zToWO^w?7oDU}i0smU2cv4$YZ3%$OW1md3^@&ovq-X={mLq-cy z0^80+yzOXm72>7SdIJ)G-pVz6ctF*UIeY^rA*+fiQ4MEttCBXo$&+AH4Q|cA{XpXT zt2$H|Z8af#8K$r-uF24k|H3((uU0;L$7;%=GV z&C1*k!S5P|W^`gUtQSM?t*TBDTYMg`XkffCA!XGp^O=Z^AN`F74Q{*Ge~n3g>)lMa z=qM8&ZsH;^H=vl&+;}@pSWYq?-LaSynf0A%RHIp)+`zX7Vi>UV^MD{k2Gox^=|*DC zmi70fy;eWn_7e=E0}X|QlT+s5q36R`XK|1*$?r{+=yG^`>D_iC>3GZ|axNwlC|(OG zH}JBSm}j8C78%(mG1Cj|e?`5+0-?ZX)giSB!)?YEF0l}kX2_PP$NQp=Rs&O207S3HPO0s1V zJXod!DR3ZJL8&bA)CnTRv@%w%RZmc_?7!K6bGW;|a~K$$0<$&&fB5Sh`Nw9>{oiO~ z?JZ`GDi0I?3gu;xNI~0byf%rieFdd3CizLg+0rDXgId5|rE0~0EF-6^rk1;u6}~I2 z$=pCqGsMQ|lN*8+_FdIj3wEaq`roP-JR#*3&jitUsSv@F-w?DI2*NC_yA#;_ zT!u;mPeVAn!Wg&Xf3uTolU&lIk*OwLggG*~>}cwA{)TT`K5zL;tv?&@10H%y%$!uv zFHK8lDfzQV-40O@%z%Cx6z!}X3Fbwxmm3EJ_qD}<#TsRvLM)ffJHXRG|LI?S&xOb! z*S)dfVp8k&+0n%jIlG$g5%A)qNpOX3)wUhEW)rS*zvN#)f7-pB!?3IWuk+fkr38S^ zd3r~{j_hCzDy5M1_Xlsno&7z4&^z!!T$$wOu6s;~$y0Lu^>NU9(|cWk({*SND3)b5 z3?w*|dBPYDKP^Alvt|d|+N#G~m0>g$tN%lj z9Wg8co0Cd0Jrhq^bO(XbzS~e!)HlRRM%h3_caxei9e+TK%89R6Ijv6O%EU~qEicLH zNtsl#a#7ZeZf!n`Z;l|;THhw#>U)po&i{j)mY&8rXR@`m3K#!4hlJ8*o%91 zo4Ux=@=dc+b-lMfa27}oVU(ZOW>_1!o-{{J*xKjS;vyYzEOY0j^!sTUx3d}!ebTMH z>HAXW5hkZ|3LwvI$4WH~oS&E)GJSFv1wW|3B!BB$uJ38|=`P=c6KJZnMQz>(Ob%kR z>ft>Agd8pPW4#bQnKG4=OtOf@ER8(LrLoGfdr_-&48l=k>&)XMn@c$deP{yGAz^S7l#G)FYA1L0&||PH#tYid zUbovVy&jwkY`1G&XSdvOZQT*ekcCw1~e}@qB=4~+l4F(e4A`Qyb|B855r2D z20bVZ4hmC&sX(ugVwg{@BP7DIiHc|(k|SU^3Jy+8Fpe&(Fk>U8q1g~6xM=#*=Vysf zIUSEf{{%0G(P+o49*|pJWoQTr)-(+X)N{$%oRMRjkPU_ulDB1&DV}4BU8^iaaDRqQ zOo~!l=X5DVJtRl9yQuvFO%(>1E$$Sq$qnaQUaMyiNbW5{{!ZCCw_Iag#a6kb5l<%_ zeSq>b5UJPZJ4~d}CoY*RspN%f%C%WdtFa=Z20&`NL_F<2Y4dapg@a4KO%o6_K#pKV z*GIAr^Y9w^nq>{t(aiHg-|5!CpMQ*=8U3Bt(8I5pDs@=~aE~hz00{mKEjK&;w;Jn` zqiDI}bl+N4<@_OkUu~icywl>TnR1)96dKRIFh2d3F zur~+5duw8FlL%b7Yof8t8j8KjDdgpd<@6QQ+9HallZ0W0QJ$LVM~wm8AAggC&9dg_W$I z`@Z)@hPTQy7x&cO?RHhW>3?7^7Y*z38`Uk&A-a2jdxtE*fOE%KR(|pg*K_Wtrrsh~ zg_>4l;9jVbV!mO?j9`T}yAe%SAU+qFNHJ?^k(qc33>oB=6Rdx0?R zWI=YjcO!j9`ZlsiBngXhje@N==;3|i)%CIaLeEl?EK!@SIKmVZjeoPb8^I$>dAr~W z!L3wDJh6D!P8YK|HthOJxg8VA4@pO*9y=CNfC~{BV3tzwc`)s63Yo^@K5dyfE5B=$ z7*{!;*{Hdw{CwUGd%IzGea7^EI<2nm3gmo0Ak{0BiY{52Kwc_a_UToboY!c&AVLsR zCs%HbTQxT{m){kuaDRgpvq&gr=XDMuu;H(nZg!L;b}_b=iZd-Q!rDqrhr7L&muARP zf}u=T6?G{X3oqI{HQ^VI^hU+RUBWTPbf27yiOo3EFIOHC9IaQG6mbz@nt!9*RYz)>o?!@opmVAs z$+Mg=DFp=f!7tZt__iyo1Hb&-np#~qH*|v1mI4JS)P)+c7*lY+Lp$m_2!bU8o-?A` zgGG@>cV!`IJK^D~F1Qg`Tp<*m65WHR>J{TL)5qW{7=7|C_>=u{8AJY+ORg-jvK6L} zRb^I|ORUu0gnt|FlQ;o4HdMK1LX}q*L0MhprH+7?RpPopsd}?9w#+nLd_5?62~T-` zJQerp3C$_oQB7)lJPpeti9BH$&8PaDHKicHEAr|)0+qO-vVxJxsAOOOC^8ZWX)Bj6 z_tYotQK1$i@ev%g26h!GT$mxtbb@{`CnCCI5)YJZ0)J`BrEx(Er^P6Y;eDm>sex>3 zzEpZ|x`LC{;p^@F=6uO;G`A*_j%iAfDV8B`p#8Buc!}IfFG9~mSLXAXGRc-8sp&{i z89xP3$P;Dc z{;q_hF+WC803FxDW6m^#9EHI!gr+s~-HGk<<-1_FHFCuWzF#OxU~a*G)`y}rJ@ z9^QO&eR*?pemWeSpPpXX%0$&%lKUWXbrlJIPsaQsQ)|ONs!2qrESUw6ud)Nd>#Fnm z@NlhN3Iu>*K9wTR6E;){V;P#jmM9trr5|EBpRakskhaG{go{~%qNSDtY*tp2F$iKH zOn(ke*wYR$aNqhW`G%KO_-zqTa+t}t=2$E*JxbU%=u6-RtXVrGh!y#;kV$CbJs_rb zn{Y%}-%T9{qB*(0zYq1OA~EZ~>AvZ@3D+I#b+zE2RK>r)wE6j7>2><|msq|3mFoZd zOTBnQ&HZ1ga@7pl?T}o!N#cs6OyjSwZhx2nVO-)Qixl$rQ|Ou8UZ1y!9ev1CUK%N_ zoNxXbYT_EIVq|h2xfErUf`%e>jC0=W{)aVNnL+k9AEF&uYuR2}PjLVURC3YbV!V)y zjI=1H1tP5Fa-TY($|%yqMh6bh$_i&Ay;l&Iue&c4JGuw`awUp{TkZ8x8auwTbblLk zfbh^ICT}Uoe?~K7iMuq%0cgzq{$Vh%`2lbm2G!}Qs2={A?vE{~uM?YWM5j0BdvJPl-p6Thmse0EX@som4DwPrRI6&V7AapDMM1TOkOK>a zH5^#4?&)lVK8O{#rrc7N&;>DBuz$8pwNx!+x{}JCQt(3L$aiw%L=7Z9=2GQww7HNM zaG0u3|F*5qq`8)2{)ipYJZ(T1{GF{4%M1L%HL-4<7;^>sp7qm&Ov}_+<&aNiunPsj zip(xXiFgGaW>jLwVm5s;oJ%MJ&xFO+Y^R<2gBbYpMnvp}Q@Ln6cfWR#bU~oCQ?KX2wq5R{OpwrviC>Hoa@9K9o0Tw>P}Mb; zyJUrbp0((g#XN46Z^KO^o_}!EWO68_%Oax`5mBTWIU;dowbCe3R0;0vq)*yq{;GCE zr{I-n!x_-ExBLLl6EioE)f?-HfhpRhV|3#*u~2!g8KeJc3_IBFTVOZF^|dnj7ND6* z98(!f=Ze~{tAOHVz|Bk&bgvH~^<~CR)>1CqO~HG4a39l&pAmPtCx3`jBD=f0Zvs?e zmu1IbnLH8(q57VuvA9R&hFb~>!6y)pf%1Unf?DR*3ztcug`zSayxU5q05vkvR5*Bc zsl81HYiuCFvLZ^7O{k0$2*DU@-s!46n_1x^JuY%F9-n~Z(%$Lr>;%1T(0hFYwLbdY zZrJU1|J+2RpX}cAEPt*&V34rj9(L>5xaPET{+W5ts@^{p8{1KA%WQgjd@!$B)hd|T zZiJaHuI%&5i3e(Ejk+Gn-%ykasDjZLtO)uvDY5UVjDW!{_*$Q@g# zPQ+x6ku9j+qb*nniCh~3F^`YPs7T|4Rb5jo8V^_;{2CDVY=1Nr;?7*)O%aHQz6I!g z^2JZbN5i+b7boYZzqky%jiujIPEO}6&B;*_^V}=`hU^g(uA1Z`Fh-igo0fLTgw0vf z+Oqllv7Q@E2~#R9IT6n3&2P_8Zs!#A6_&j9TB3`x@CwzoY?!u5wgr0{O6HGH z7wF)dczQ)LeWaT6*3FPn(39J<)|NFLLL073sxhbbG9sB>B?HNUzdfsEhe3CFDaP7zAQE8 z<(h93WrE+Ke~y0AsYnA;@zx5*t;Z+4sN5jJS*$PU?)YtOc^bI3wGbYex+XTF$Ent= zxrtV;FrWZ1UwAGVwcOf~WDvhk6GZ~!=mzE*-A)g=EQaLFY@x*i@-AB)7it3GWA{wo zmVsA+8h@os07)$mD^Fi6T&QocpIBSS_Fbu2V`nJPID6<_N|Y*Kw5}c+Re;XH9${%D zG*J|a$-ZvszSUQjKKcH`bxuF*9hiT=s)B|nFkns8E4Sv_08q?R?Ve@eSXDk-qJp;% zQNgI03Jgs{k?kwVBe0K^u3j^d=F_Ask_=Khl!gDq=VjSqo z*MByGcBw&c$J8CFsBO21$(Ul9PKM4`T8=_rQ+=%K33kzf!0Mn*1Opk~Bua+sN<@>W zNT7VLmB>Qu<4T|o(O5yXB-$r`@!hDlEjNeASvb2)Xav?h`>V%uYlFl}FGNH`}~dQOh6FF>D( z8DHJ}_jY#o_74tUzX3b#krwOjQgNT^ldD_up^FGF0KdF0rf&1*D?GN%>4V~Ywvw+kaN%Zi)@ns+c+ z<}SWti}3GCq+U^We+&V|V`y{jH>ORwWF|6l?MG#^ zwoe=nM~Dx9RyMY?Xo64`TmQM&&h~3Fj;)_e+sdxAh}X8y zL<}vBVe$6*-170VzJDXtQgf_=GK8C zvH8xOhX&kxnie2`XhGYKGLs@>GRM0ORf-|+uq7XkMXa&89h_(gVm#&%_lf}Pk8TGi z+vMo>WShLbKHnzCMVN!Vn+#6B1zF<9LNaqYS;6IYfIgA-(y$XGEYCs5Y7*bX))ngmQ#m;; z^q9z3g4cih-6-h2If&!kIEwb; zUH9=ZR1(vljd$4iV0;({hrRJA*gK3~2cyG-gWz?1uuFSy;!(GE=svq)DaFqYcgA$Q zJ01szbax!=?Y}t;M&0;La5(CYcDlXMXlIw!dMhP(Ex?1g@DCE+HBOiMh(Ezh{6L@Y z2f@*wuY+#4yNiFvL(G-2v;*yCOhzot>4dpAgl1X7jo%7NO;EIyO+*em_M{5JT*S)v z<`^~OkPfh?G&lpTuJd+o8k2#3tEw}hptGnLEW!-%GkN(0nGsWX3Co6H=tw4B>|{h_%io`5RYz{|o?W4IhaZSsa z*7#r?n8NN^OkT1{sA4d5LO2oHtUK@pNj7Br|yo^a0Y8o+<3D9@%aWbOa0RBzdZWGuPC_!D?5^{ag z#wWdP{CCIvyW93Quub9VUR(( zU3*4MNwz+D-EIA@>8Il3-Eq{}xwyPJ9fbMEyz#5Y{dBwC?!n&P?@ZCX`oDj>`v<$f z>+S9DcXtlE2YbEWb$k2!-QMp=_Zj+r@TX8YmA~tLa$ohq{fqpxTEU}#T0i|1kT1A8 z{dPe5Uy+wk2_3mb82Y@Ly zn=^SVW|=;U+rR&+7w+r^-8O$&2`_xdbMxyfVj*6AcOi1j(+FVMEXx<P`1eSAXl|(Vu=I;qjEpJhU_X%P-)EHG+Sv)de_LU~ri6 zjb?GEyVf_cm-jynZ|8a?{)3!d3~r9j&yQ}-E-%RC z*W~o=AUGbJk(2AQ?@q7D*??T1{_*zg`t*d{T$1-k7f0_-$<^ug;B0VndT~R(yF9;r ze>w=s`RUR11$lpYeM*16IlVr8x}&!}wgdA3uPI=LVs|PqvW2}bZDo>yn4`EphAY!h zUvHm`%&b7LO`p6!8w}1a-qlC{;hVGLZz^+8oxFdQ8DS=5qIp_gYEis0H~(i%P8!2- zyhj;g?qT;g`R{Z5{Pa`jOETxP zKKh&Tgz5XQL=JZ0S3VmQ<1zn8+Cd4dWXEOamE5c=I7B4Vxy^Z^R`tR1Bq(%)$8~`;dTce97F<0i z0?jg@-mri5fgyBgpX)v}C2OG>v(_jvV_u0Hr1>#ti8)2RtSsP|^U}nSoLmfaTU%7= zRoFTk6N$$l0&#UyVCxvWs4J9$ZWPoebTHUHu)WH&(#{JXyB%d;x?N@4tZcB+#A^}J z{_zD2qW{(AJKMw4%?CoM$P6W}m8XwJFq1sZ$E1J#?<)9r)viIqejiKFO~0>ULTi`E z&k6nYL(8?c@$=5ir}D_gdGRx}t(_IG;e(U1uI)3=iPzOL%}9BKEYHV!T%LHgtU6pC z+x=5dofXHAuJF~<(QyaVld-8CagRr)Jjvh!Ry)J+BofjuC~E7d7-sX( zdEtN6|1|ksR&GKsZPePg2GB;09zK#b_~cV|^-_MD`eHtMTmOHrqfa46$QFv0{U;Hn z|NS$NW(A$in?8z6*MIm-#OinQ87S#rxx2=brb2IqE-xN&-cDDs@&pu~_ZolPfB9)n=h_5z-9_A>^l@+|ADu%2ug!U#)@)!>IF%8vM5TrM(f575BBZ z`|zQuSg!a~xsp9)s#aYUy{UR+uTPuGPwC`=sb1dKo6hsmx-b24J?_I5le5Yk(S(0= z<96SOr95Hm>tJj+3u{6A`t#BGvSk8tA*+PZsoAihoHI!H48F~fQQh~z6eb1)^wgP% z)q@&mFX8NCPLN8~@dwV!(%4ha2mUCbVkr~#rrqjajOXe~O2Qfe8y=qEyik$YJV+Qj zvN<@^7B>Oi=yS95)wx)A5PIrVKX-o~HIaKpKZ~s(8tB0r3AA0kjJ}Su>VWYxxJ%NA zk@kPINqhJSy6hUxYBQuUgE4}hvSb#jX$M~PNkxWf8ZPW&nq^@%6CeuaaWGo+E2dp@ zHms9;%6(GDZMhqC-dl~NClWo=z-&luf5~F~>rF)ERDIH{G?}>m)n}#DgFb(0O6r!l zfA#6`M5ZUr$CB0XUuZ%am>}eI+?WeO>;D5-4b8HCwMyKEx1Hq~@<+7+rwU#76~HUI z_jdPYU9VsVWxuY$Cby3Dovt}U%l=AeD?9X6D9_NNUmNM+%f+X4*sR=8rm}Ud=>sZ` z=flL)nmmBWvQ`8|d5k-&vJZbRYRek@ZMsKVMw@Swdq!fBzR1Zv#W2p58(QCBY-L>E z+;7w5nNlX8p@A|NUV7XSgV=Z;HLx{*5F2r|5+xVOv5NIo?mC}QP6X0kbGKZ+yRD_V z$`sYfB>43H)@<<=y*19Zzn7nIG&C~##yiy_8bQNOaeo9iNau(~ZTbL>wEJ`ef3tb|_ok?~}UYPV4FUTER zz{fm?s*C#02N{2I;1fMuo)*j^Z1NViW;F9Z^1cu=jU@XxWC4_t_dX>f?UUK^(xA%m2k3B2DKm)K$XY(*7->ZqyfdY_Uzg zz(g{xJsJiB@(B$y*n@<*YX9_0oBRw};l8J{gfz5V8QEqQ z<0a&^Z_nFqY_hGvziI;Z#ZdRESgzMfFAN~EZb(bk+%=$<7jFYs_s*9spjkK0Dv!`? zKmrrjPilY3x*=&yt-KZFeSw^`SW_BP^RyC1$0QXo=1Yd11qseunxF6)X4WbcBN0`Q zmStT~AxynlUg!6q=X;|K|L58T<>hIx#SDw_#PY*Nz$rx4b>1gxCtQsUmNt@s#JN;YNr;myy@3?z*IYH z+MAD)K2#%rU-N`P5xLXVxLH{3_Nrc7&^Y^nyo3}Ft9!(((U`jnQ`fvA?e-GmdtAqQ zj4vnPSCyCZ_=@x%fV&Rtx(_iq*{ZM8rDBH(r4Nexn{PNEg zul(E3^Zu-g|1Q;QK^gQJl!5z@HF3i}*2jPM_I3}G;8a5#nWQ|8wFI!IL0~E{VsqOm zthsG9tq6EV^JseRlRs4!0nL+ERWLZHOqcJ#_@#6!2Tv|QPWI>Nb=iCE^s-Auu##L( zWscgLJ~@KwP+no;s$1$xs$1#7ijYj@#QsB*zEw8@9vYMPRURjS@jV(3{ljxMQ~jFg z8DP5D<}8j&Vk#E;exUIxNpnnjLfV++@)(mmR!o1Htu3c0!Luzsh}5o^zUX&ocji=fO!3nW z%acyE^tC@-G`@t&sZd6#I*7(y^mIXuY$&WfFqU6q1W!8kH<3Wrjb+_;jmWcf-n@y9 zFE746dpEo~y7{Kow<&&5>30(?>l2pr^yYl{_V)PO)0-jU(~L@ci8ir{570IP^+&r& zRkxXT`01PM>wnXe)9a&~)05%g=JNXVkz;T@cB-4TX+X<89-rS1ZceXPbOzec4W`6V z!};ay$?*7ca5KC<{rdWJ@Xb(nGyLZA_Il9V$EMMZl8yBlaZPjfjVPqABPRzo|M03A z_VD`S?dkRR!w+W{Czl_FCr96ZB3j@T_yNk)pU{OOK7U$=k3j4C_Tu@Fl11vFRARL2 zBeb-vE9}FYsgdTZ#;66DJGNLg75>;vrz={nQNa5#?U0}ON{Ww*RaO~`**7;gSHr98 z%Rhbp;B5O)wfF?T-O42ku?4N$3^U#6*+FZp2Tw#>ZGyLYBH|AMzqot?+NpqlSHVoh z6R=$Yvwy+1QopHaNpxV!fw-^hZ#7J>{F_J@SZe z)5;aE;%~T8$?-6p<@-`IJ`do}yt z-cE1tH~Zh`_<5rJ&wNJH_<;mLpOB2CR_w@@Ir5usZed(w>-kK!#wE5_n=rr9H1xP+ zH(SBx_DFMnjE#8RllK2(jQ<<#|AW1q+Wz0!Klsi5|5<*XYX7h7#`;!$?5_NT?f6M% z|9{fZ|9Ff39^!#E{Pr=X@Hx9`w<>DnX7%xsf;^{k!g5cE{Mm$*4fg-jHof=r!2a*` zb`NX&zq{W({B8e#jvwzJf9bo3Le{2N)n{e?r&r|VYL4-WY?RLIxwy%ye375bPFALl zcqBhr6F2+p3}vsGq3Fk(T)Utq!gg3_aOynRzm*THc@`RvAW6^%@=#(&a| zejC2qCxt?m?*&wU{tIbeGa7%8JZG0_#M;Dqav0}>%~i{;XJc14*4WSoR1USlb3?Kp z3Z|;w73Skl?fe=+WB04(uEMP0v(GhmWzWw$X;1C8GF=bzpc2l>$Uxe7rsL5+Zn7P= zpL@EOI$oM^r|N$mXZ9uj^oh>wOMmeGiJjRWreB-+;8>(N`{?4>yO|FdpAI z6C{WF+$A(03prEZEvu${?372ZHfmhM;nm{@wmI;J23Ujm$y2@p&MGW?%h`jm4G-j4 ze<--&3zjEuX>?a)=uTxkk@{aX1QtGvQ`4GGmz_zT%cXxshYddazgC#W!+#j8_n>d` zE_bf3I@&+Xm;O%Kq&d>rIaba_ERIE2;JSh?5gzOoy+ z%Ny`bPUR1@UUJE9pweJT)Ocv$`O5lLL#~YS8K(HrbGwG6{yIoM1bj83k8>z~gzNEd zu_M35j{FuovRUlNUggC`jWgtNO&7fk!8ASle}CEg_wKfBW>FmO zzi&PTmYQ{v^i;CsYwPE9?^ltOM2&5!lAN^rS^H>1BqXt>2nK}gxM|O4|1AQ%fFQt| zWW`Cuwc1!DFc@G4gTY`h)8(q|3c9JNFR?2r?cco!Sy8>6hw3;t^kq%Ys&ntpg zvJ3{njoVA;zD4&VG=EPQ5Nzz5;K(0##aM%8vGFOj%Mb@=GHQ4FSFfknqYE{)YyLWQ zesEx81KLaM(eu{v;ptBY(6tUIfd=xFw_3EssD8;wyrR^*YQMbbX&AJ|A_msL_dIC5 zi_I`5mxFE*0c7ofx1DF~UbTT-3h*4%dXo$F1s{I1WH=hU>wkB9qiK8CpT6yBJnw7m z{$Fr>-~Ii!;p^$;o9o{F&kh=$c@*0pPVMIU&)-*n{%YUe__$4$2)ynL!H`&n zUJ>74^?2C39)Ayb+2cWOdu(>yLwucc%IRxjJ?B;tNwR>}6xG%%O?kNG+nW66d(fYU z2{4>z6ok1iT!JXQ2dlNQ1WR~}g6U~F05a8|2PI`50zXOs1C`zSi^p_e@c>hz>Fzce`r@X*+SvD`-&9c(hK81Z(dVlH5zlT}k_T@(RJxjDR9Q7~T zqd&sip5Y>c9B)l{NLpYy3*@i+Jia9Ky!FbL!BK0#CDsa(d$!kO0VVxfT;bNBp1wV* zy?^@IFv^^3VKNT+ed(K$pYeWV*v{MQmpyjV^s0T?8xPx^o_@Vj`cgar`%7{AOK}x1 ze?5Y$aDSiu0^CDhdlUULwf=v$HG?x4-T1me_jP`XRo(|M*Z=$URKEYwY#r_W|90^d z3N(`8&?iSEVYj{lNA9=iKGrsi)eqP%29R?Z%!jV<3*=Xp1m4~JnpZ}0$&?cy_u(G6 z@WUEC@hGvJMK{1tz=_37I|qN)d1Jwptp!6c<$rtK=?%J{T4wDW)bgXi=|->iqYRu+ zWuc9V4Gf{@-C^R(60Ry`r$Z0_{@h%@f5JyA|L?r5$o}t&$p6&+zt-X5{{HVyp2sHt z@4RnX_TPDx3ZD%5&n!kl$oG2qwd^X8BmWPZ&EwSl@00!g zpMRY^l2{JOu8`Q_r^ebt?K^f)AtjwFM}p6^KLic$R*t9dbOPQ zcFo8Y-iPvWye138!_5b8t{r#_EgR14=zS0%UIbCau|9#G(g3k*pLdlbb0l$sk3ozX zwNWi%#*}3%)958Gd6^(;I@^sp>~z|{D}RD+g+6L+$5eV%If>p2AHD~_u00Ao8zC3W zF+sNpKUtrDp+C+34Qi}Re6a+??n;EpE3hRGjj~9sWjBQ#@ye7Ta-{E4PS`eeoex9gIyL+_r|F5+$`8Trw<$u|K zj+;la{paMgxu5^LcpjVm$7j3odgd9#a{Wox?|xerAW!UjQS*;-&|(9S7m=fO9<>Bm z&iPVJbZiSbGzlDlnj6@KN<$J2N&-BJ9O%#z&?c+`$14Ey&)z^)?8%Y;i98Nfmw-I^ ze|jXx|2#ZA-rN6o@_hPq@B{P5U4J3E#3sOVDHoIF0Ta0d8IU3~%F4UNC4)<^z(X%s zKB_Dl973B}xZk4t%GE=4wgUE{ZJ_*;rJ8P!X4O(5r&_-Le>KHWmRZ7N8U(9C3NEK` zCCCwTC}BqwEDu{GewpKu&%7$>fv|hV{83pB{z}8}Ol<`C ztn@E9|IJ(I7|5&>#4fs)69BpM|FkL3|Fgrxlel71f3uT){P&$a>S^s@YRxT!o4Ff| z`hqG@VP=DPYWu(x6FP3A`aIsk9A=E3J99I~=h>HJT`D;LJrB`pi+`c~52^M4@NB>S z@8r=e>ps2n7k{DDhAY1y9|TrYh>5t#N3!UPGb4Y+7e}nfa{u7squBfxQovLY0=e`5 zOrHNIe}_l=`M;A#J+q?}D7i8~F1f88K#JqivOsG3ama)8Ovx1rsUh6uKA`CQXJKCI z1ly=SvmDcM7R5b*a_0YGE0zE4Bfoatl+ zjRsuPB_=`ahsMoMEKGAG14h_JFF6;L^9+8te=Kfg=DI%%f{;njwO$jvb~C#D1c12L z8+FoKvrrU47=5LG6#$!!VzF_o*XtRsP1ZaaswO@kZ8mn5rfe-`+WR65jQA#-q%of}z$y&Bdm7VB-Zp|G!0K zCVX8)frje9w!HYq9i+xmYOX+Q(FWYB(3)mj@wvHi|LpqNK>im#1j>>BM`vdz^8Jsq z)4l)4PM+K#deRaQNsO<03E0*~fUhL!e|02~>ylKLRuDm=$MRf|=AkT?c4O5yQ;%#H zrCNr|uZt|G9X3(?%OB(D2f9TLjeiE6ieH2cd{|=&#n&utpFg4ob|~@Ln|Q*CyRs+? z{3kRU#V+S@&J7z{EB$8y`;e;ztR2(ER)~1{rT?krT_9*8@(SBFzC)xJSZ&XLf6-CP zR+SGZ9)=p#L1j##B%^^bF)c^h4=d@)rns`h&wfaFR%x1oZom-=*g}fac#z}B2f{mu zR@g}t3o|&PO4QIGI}1LlIh^A_tye&YXSB#f#0L=97_$n!puB*EI?EZ{v~{>i z>sy%tDI`nrQjjv_fw_KXIF{h_0>l+?(DStN2F3*6peUqF__9v@x61g@LU{>exw3<4 z9lEYJD%UV)y^oehEoafOp|vUkJ6gnwlr?9=cfE9Z zAE)P{4KwU}9Jj6!8V1HF%3z&UJZU6}b6)$ca@Be$A;)?wd&+GRe=U#YXxpLU4OH>u zQY7F_C1b|XPgC_8+;$-llR#gzKspA;j6HzdwqRah#oiwwA%N&Y-H%FWCKF@VqH`K)AHvbv@ayRUzO8MS1F@ODRteJ z#p4DdG8@y+9(P-FI$}dQ$7JO-u!|gTY0YUmtDT38HH(ss9g05EbHzq3AF2c-1Any@ zTdrRnyKdhbK-j}6A`Uu5vd0bpY4&^X;!3=qZ$Njy9q)yh3dPISO381k=xurFz9{eEG?9ai35uIf$=M?!7&?Rz$U!XU+ z05g_tf7t`G`)E)E7!wSzO95W9r0hcZAAyH5oG^LzW-*2FFSR&3Eep&j;;l*heEtil z)iTIYpjnW}UXa;ZI?ZiCxZ)BZuId4|@R=9QiRTUi&wV{ms&C2c)QQNK+v(zF zXcq5&I$U0<3JsV448oR5byaGuw!U`HsIS4t%#nCEq)|{XjsTytj^*Rnp|4q1qdj4#mIKKB9Mj~@A`Xy!~bYqY_WHF|V@`4T*k6N^xIcsO!B`kW7~ zxad~-ARmuBK1ku0#RNHpHyBQK*~e22e_$k$!$L)OllqE2QtTE?6}-Y8!8Kj#-Z#8V z@!-=nqgXM<$N-SB0&VM6mQ8@BO_n*uv&;z8_6m;-P|le|OS&P?(lGpb2BAtd;KoRO z5^9O-j#R6_l2mNm+vdvhJPSLW=*CyIS}H1(sGZI8cWAc6_$Kr@Ekji$QHx_xf1S3f zZv}`ef7{kX^We(P`CNd6tXMX!_}4nOy;dVrMk~cS+CYv$?%74E4k8(b2)}SWE?hSd zsi^xFYPKNuCJMo1tGGV$aoKv3rOM)-(`Z4|!}Gap6*nwZ-xjlEH(L;QcCk2PF=69P zu#F095yd?meb`%{^Vl+toX=VPfAznYJntypVIR24D3ox{;TVQ~v}=#z6{m3Qg_ z0Fr+${b}c}&?*yS6p$43vhI@K2X?9(IvGf8Uok1tWdB ztb$k2CoSbLn*y9TcFZrX8L6!ys`ZU3eHEdQ-~aR7v3MSjo3qEp-tq;EY7DM`vP~8b z$L&ktauHW0qesfr+I2CZSFgq~UY29gjxx=B!l}WW)m=nZUVUzT)Ga9t)Dqu0T}WYn z1s78H(|PN&Yp4e?fHGTqfA=%|F>A$BxIiTuY(y6tlC@It4`N^nU#Qk$x=ke_4=QmI zt;NauYu>W{ICB7G$qVg?Z4$7rsz_s z(KKAgOhDyo$R%DoG_}*$uIC`}to+JDwucv+PSJLE^wA0GY`moce@Z^ndW?aj*I4t3 zc(I3*FD(N!URmj@iR{t3f9MVtVcHsu$Papr^k2$$XA2%2s@bls|M)c@^~r%D*2yf zBv5h69ZCwpNNNo+(FV~-PKUoi6u}~V2!f{NAkQDf8A=LGe}8aa%e(l{CVWso@av`w z#tfMxuC{fHDmJl1(5B1$Mhg2sDuRQEgX~$0+hdu!X({bli+9IGg|l3^icBsFW2>UL zpa*HnM;zp>#tL&v9`Ja$Z%7R~+phfb;U00nK zOaoYAj~1xze-|st)CAjT3W=gI7R45lLij3yC`Q>et8+EjKno}$U*VlsXVbr) zmhO64E4QT(v6_{?{knHGnO+P!?ThJfFq){AlUjk6Hc?9UT1Xn1FQ9q?h%DK^hi52)DeggN5PNe^>4Sawxx?zw$T12O)s-R->t( z-1`Z*pMYDLfXP*&Gq`%ye?5KGzvwBKi33E9h(iM_4~rX7tGe)C^i39*^X&tlPSFQ>(2&!^$m!f9Sv_gjJ0Dm|oH*3om=urciElaCG~_ zau(}Mq_tPG3nHt(kS*=3Rh(PO2C&_Yen}Bj-PTeVOf_RmIjbM_mC*!8gY5rsg9PTL|jo>o~|hDpGQS~AEIG)zL3 zE0(uAln7doX>u;H4jHO-C?9eCVg0APe;67dKaK`aoQd<@gM8vof)rBc?1VmrNDA+V zaVAhWN%EnQ8&A4i@+L&bOAYbTaP{QUcKlP(2mzpAlz@yuIzZGeNhu*J!x!zBkt3Lk z#s~oA!Wrby;vfRC@%+*BF6Rn8LI~2-svZ7=0+qM6f0|SloAUKlO_73&cg6)%P~a-7YBWP$(bp;7(cF8a zp!gNmOkDG-mOwe@`e+Jc?Y-4pgfnWEz&HEGC@6DTH4Ebcl}jM4yP=vIUHO)3-k?7C z{FSewYKr7_PJJact9OZern*-1MM35b%)It9DsEw{CASEz=LUgu=s;Zue_xN0R7_&baoFlCW@!pLVJ_;d`O?1V zjY40F%l2@3)xPX$dsG~Je=#&&Q31`!vBECs*dn0g+fe6kfA+wr(JnT~qHK?SBQ*j6#j z*(R`qy&@1}{5uze>+ZBO7#Hh=svBh*E~>HIBC`Y$#_e~#Zbc##6>X~+<_m(??kgrv zy+WwJ9u2OC(^r#xbe(^6=22{aIJKMWKYw5S`Kx_BcH=k-n*5kl%=hxjeJ9b=a!v_5gcfWmLeLk+Nnus zH?F%iBk5;9u8B6vc^diK-XGJ;!S&T7gC9x-V3eq;do_Ij1@uSBO{Mri$k|_w7rHM$4=)r)yedB=d$tRH*h-%s zjwcW#h)nPea`I16{K4zBN4?Q>GI-m&`g~(o1ZiRP(%5b+R?7^VFN1bEY*i87-jE4| zvmEAVipCr_mirD7Yo1a+V^wP0>s*g|)A8H>aQdz{>c1+pF?W0cf9D4WXRV)4kB`qz z4}U&H$IYM4;QS}^qzK*EKxkP{Jg?XJ-V#GvPsPDAX#;wu|#EO&ba-q zfAxC9aq(Lp!&}Q)c$JXoO)fS=08zW*OijTV1=oiB7g_k`oZ2dONZD&pxyx%l1~0EW zZ+oFHg9eM#Z7Dos(NcMoB{{B4HJ_a-_r6~By1h|*((6vgf0MzeSF#gPiwDX3W954! z+-!(I^(Ghbk6^YxNY?`aRhEIWX_M%NORNA<0H=W z`M8aG-TtW8nM_}{J8!Rt4~W~^LziotTEVb&Uup&T^=QOG4h1VszZ-bzls>%4S#ka8 z&L>J~XOWbEfAd)tg;K8Mnguv2+|}ZG+m#B>i?d#R+zKWvuo5F4=%3R zu5R4x46eH6cki(V;bD6n+~mWKsoGT?HJh2*&}IAgso<^k+jY<19$b&O1I}gt>Uxsl z!<~uY3Vs|$w&>s1h}?JA{6^rV<*X@Eq1!q>&c?Uf?qB>7h^Pq7Zu^hwqu7O(ea~c7 zh+Y@oL91~4xs{38o5A%cjhg?qI&N?9nn=j`uTR&XKO5ZU13fQ?=8o~cfP7pxF^49 z>w&YAi+p(kFME>)eL{b$SL0sAUCo*rgZZ49!&0s0i9v@8QGbcbV^6VYp2!R&JX=D? z=^*-I*OEO;G!mq7NgH|6wu$dSyZf$v)#-J^)rBv7!14eDa|G#{Ab{s{M34z)_uy?X zgxtGgVcjAR+~YL}5Riadj%O{F)B||#mm;h>aS%mb9BY>=)@*;t592C%4R+BjY~S)E zxZyC~Es+y8&7yR(Yj43v=$HUIKK6hvQ3x7PxL8=uLMU07dO-q&5J?r`pGF_ge<=ne z9oiv03wmxjCi*CVtnnLqbsjw{d|i8?C<#~aFYMIs&@87M3nnH5)a@~qyi)F1!S-~{ z^rfKd?a>dlK|O!?K|-ZJ2cqY&&rlwsKQd-Z+%N@qmTd#b!gT`|dLEd(XqJwk+bk* zw8GaM@z&(gGId*0YSUkJ$Ajxprzac@l-yIT;76VjBR&xjks$C+e`hm@7pv}-oM@fD z&RG@35h+nLZvoBVqEAKQCFcv6%u}+`N2$fw)>r<|4_NTJ5wa2VP$RgOQ0Ifgv(HAM z_v?OzhFpJ~d8SG^KE$zo71U;X4Mm2#Z+<2`K$x&RejfC@oysziRc3cY23HsTtKRfo z`=Z}%XO5VpG4qIFHAmrWk=t7InaQY_eHG|}%)9=2*WCgWS@2Y*-V@@@L z(Pg_JJ+t5zo)qln^Tb*qyw)Peu4%H%XwymmvNyOcyeXDjs6KfkH>!-;a4~p2xSquB zQ-yygTL$bB2o{Jb$=Gr9vRz*8X7ih~WuyvPRirH zjrA>&SwOgG$iwD@iU9gZ5pkeBSJhf=Z$y0tI2rk>#W5+In?cJ^B^W=`MW^S zMC9NVwrzZe2v|Z7%%F$-EfOH;!`dQf<)Z>-XpRZuhGxrIq-F09pf|Yykv|&fDNS{L zIerlX1P=m@#CWk3)72WWqlGTVi-y^CBM-}_xCD2(C?4Vw*4G&UR7kF>SA z91@OM+eKeK(c+%#@u$JdS3HtH73Jp8vO!H|f`ING$Zvbb57`=8GlR0T)*L)XA96kQ zIG>1jKVE=ZP08O!+!zN zhhF-wdrQ2w8GY6sGWo$&7FPcOT4hW{DM8X%BICwWS^9mcXvQHc38HJ_@M8kMvv=s( zEdncOB4AM#*)e~fKPAZX2k`tC5IFkDkuZ}}FOIIAHCY0nx*-m@H7Hir%j=@o?)FC0 zSA&a-!Tar9WT|%OKI&cc+T&YZP9#>zK%1@LM1cs3!3!<8YW;4|)uN`}7|bnXo0=T~ zbgdvq@;SI|DGIR4JO@CS_kmeEvO8Qdu+Q$oyGH49D851I2$ZU1Xp03w3rMjxi(1(G z_w7k<^lFnAgFJuwYBac1bExTLX5~!tV)^tH>AIyeSn&QNgg`nebsp-O+0ZjG!g9!Y zoy*LXo@grKkj*eCl^s2eK=G`!Av@8PEAfz+G)Dd!`5G=P=OfE`lTjH_U1{zS!c0yF(o zrag*n#BY2HOe4J9ZfkHp_a%+MAmN+J?I=#}71n=1k3x#(YkQ1n$``V@eVaAN_3Dld zt<@x8lVFtUk(DLx4cF0xy!t^@qM(51A|o!$)4W__6D2hEIv62nveU|eV<4RxmAXC> zq@QN2Es7HHeR}2;g_0CVAgLwB$P@HojlAR*BnNSMg$OXnLDTvRX|`oLa7TxY=4&fa zLm_`-6Rr{|bNd8$E$>D!ee;_+S~L}5OA4`#Iok!tn6vR#ct#KBk#UVV8$Sr&B*atj zL-_N%{qrq72_@nnR4%*&$^OM7ieVD05%m>x>tSK$Dv{Mjv)OE(9v`!Ro6V;DZ}ar% z^t;ya$w~9@ta*Ce`mT9+a&&m|9cb=i0M?Vvg&+Y3lkbHX0UnbGhDCqRj!)$I-#XjR z|D8M~&I3iIQ}nQf3*=DA>z2pa;~#>m;jK}2c&B$F5K8$ou$~q@@-2=}+4o{%ca3rT z@`9m1=yyB7fR2yx4AUi;q3|+qO;U%1KT8X=#BoFwIkl0P0=#{8VfY;U%|I^xvfQb^ z;j|0@u=6kOS@V71HpYKG1LPRkw44Q)V*;2x$f4mS=pcEB3Fy6x*tP7F=FNC##( zQE<(Z!STUIZLTb5Y9nVsm*B*o9>OP=;ExtE0s81#1ew6Wb#^G?|G``_flI7ge^G#I zx)drh9OCVU%baScg`ERP@#=qn6#O^Ej|+tVcOr$S`0-D83q5~>ST0q5{#ef`papE3 z`bJmKvF6C5`Vz#PYx_eyPy6lGF&itdKF1E_&aKK)chFmDx_gIab?CbFd=x(}>B`n3 zBEI*rIY5{uUtl^#c|Qe$ zPAjVYLXkMkD%F^OFcU}p+($ptxGhxs*Avw?G=`B7^#A;$zexIXv)TGrO4vRCTp!Lq z(vYrL0KwcrU4?N5i9NMD?8rmb((8^xh+{u5xgB?n+Z6nnVB2`AVyho%8 zN*Xb=Px-*|NujNiM}>Ho5>hh_>nh%@1Y?^qsAoqiepPEBa?gX4oCSe%=)i_6hE0k_ zF!-7tH>tK>tC9-lkFL5x-q5BlsE74+gIAo%HHdM!%ae3w6X8j=-8Ht+zsUNSh!ru4 z+>Dv)amjyL;BP?jm=a%E`x`)ttrsAUgcuQ@RSlzkd@3^NJRCq!rEX(r)@RU$j)6#? zXyBukFfKl+-~$=2d{L2NsK@0qF+EmdS_IKJwxC{Ih4DsJ7z-wj2vX9#k%{<;Zitn~ zO{N7G4)!REF(#cYiQg=*8~+;eJPUIFKBbaOsN;Wluzlcjv~uaa=9WQbqKOx2241ag zYSjY~TNm)o8DO!8C5HGc9^%x&p*-ecvl1RtcD6hHSA3FyG3Cx&cXxO3YaUOD{lDSs z&;N?AIzZE$F4v!`zKfj{DSC;_?xq?GCxLNySf z*4#4u6~%v&ZmS13M#CWVU%D#O8+5Oza)a&#{$acJCPeLs&W`vPuFyA;^nW+5Q?J-L6c9!^(x}7cR86sJ4B8 z`Q6b$j39WECq_~>WmN^Wm~Q>lEG}*}h1FtHTlljH zwrX;%j963ZXq?_Yk->5EI9C_VC?0-REztg?D6>BAobc&&kD>g?c;s{IS-vd#!pO)_ z-jgvwMrO(RvdE|~K7CVU)Is8U8MN!yqrQ&>Qv;@JV*M*qE%e9JC&ZV=19(k;zhNdw zo<0>hmQE5qC?ZPm9EU%#4_V4-y~Xosp6=aE6d5mPu}W$4_HPc5N48y4*H+} zHXgkIaUQKN#Sh_0V!%s#4wvhHTYO0WqExh{*g;q``axJX<}DnAb_>F+d2oe*zjm-3 zEK3yUH;NmqDQ|~r?S(>`+6T5Ap68?qevdlr01 z7Gy)bXFtGJK8nEtQLsWQOz!;#=9Z1XoTTzqIS844X_uh6^$|eZ4zJ{Yg4un-+3i38 zKgR^1k8tJM%#L}F*WeC16f6;Rfw^9}s-}Ed?PANJab!;cWH3__Et+VyUL3eS`Uebj z(5-|IUeu=^LPx)>B6{{i z)o+__a80p+{p}YmL$u24kl5b0IP!Y)&1an*l}#RB1wATAt&$UeAkoaXJI)INUG*8# z7Dt&i^6ic>#T44IhzY!~PMR%H`#-b)5cacCrg(4dvgFV#Jv?$uW?*alpM%+d)JnB) zTJ!nmYn?e6n)puMG4BwC-7Kl;w!T4@_u#GNEWCrj&^)&OvYf@c!$-HiYVh1sEF6hP zyKl(B_Zy_3>KgrjssE;<0V)E%Ws%ka>65S@_e*pQ=|J0(vKh)6Y4!?r_nTu-!h#%4?R8`dIGy|nL6ez zbPQxZUIGOOe#10+yeCm948LJ2EeKw_kCs9VyRV))-*cxH%L9;Q1GS(H4Co<1F<3&! zv=K;-$iX>(C!6Kyu1`039%LUvJgh$^oo9sh@1Pg7WP;g!$Rj@j4+94$adKJWArIUk zg4h*8iy*VXvI6^z;GfVIWp2_Leo+Z1G7YbF~pgMTq zVY3OIeX1#|)XqVTk~OORqd*`dAYmTNIkY_u(A)@yiBat;^I|;6c#2Ks_F5>sg)x+% zl^nf)4br=)2R=UQeN1PZF;+5uU$q3vBN0KfwPin&t+t9r0fOH+kz8nz$4nz1zi*mE zmP65k@D&7oWOo@JExFRT?nxI8hx2$`40B26eDj`$;&7Ne0K}I;y8zj*ns}@-cW8+QdLG?B+8Sqs8$nw2f+iv+mVH&3N-&#zW;Ql$zOH&cYN$*v2Jy zD6=<4nj8ta`=vt7R@i^;fOwyUaD`{UCY+xoqzm{NYjOHkHhA9y&tg&hplv~q#q|p= z)avPIY$U55m}38VXE`Rm`{nHG-}h-^G3SQFjm$H>t*ty|0tE9XDO*!GZD`w4!Yd(v zo1cJ;oZ;W;AHVN)=s^4aFGLQ)+_~OC;(gt676f@-J^bFdhbub+YVv6|o6XbXWA<;e z*_8i1I&GeP*E&8qX&#<6Pmf#QH4l%P&9m=7vv3O=JZq0a@?CS|w&c!zA&;DFloOgI z_ELX}rbk%h>3nV5EdBQRFTipPdu<|rP)qPnBKvYwF9^MvQ&lLHs2!j)gmmfo)nznY z_CZyA;)@AQ4fZXn1YPT0%P-0%qBtl#$Yck)aAw&SwUF0n5BovRRIl*{dZ6YYdWXr4 z4QI&q&f_xxHLn?XwZhH? zE9^5{oa^pb45)c$(PfHzcoSlOF^d0S+1qqr5=rNkFrnjM%2u)fu<+u%Ks!P!o{Nlg z-IO+L=y~y&2CqBe+jG%+psbUTy*MaN!?B^94t_BLodwdD1fUL<*rP#L6Lr{oaRsb1 z9KqkXR_*lJfRcu7Lrmf zp+E%V9LRyhr#b@|G%Y7T34|P^yO~B%Q6UJ?4v=a1+s$+E?9(Se@vk0sN)FaP|2&IiLS2v# z^?&|(F!~pp|ACrU_urP60=e`5@KBonr>)cd{%b zHCdqIyw5YqdE1Q9&%xhMM9n*+(-JVv^xnx-S3Xtdzl+Tkb}Wj?R_1@}^spt*|D)s9 zlW>)A8FOZ;3f@}|MdTLR=b*I;H|7R`E}HNYmUEN&l~Drb>61*Bi63)tg&p*S+c;VO z>H*h_3s^L?+A&SK;k5)3Qfy%R9JBP65CH*8lLeS95%b&;i|fZD)@r6UKm0+??Rk?! zm@|JXf>%i|i@AktbA;xy?*)55WEMSNax@%lGQSH=zXqd;vR|9*NadC$qxP#;{m%4a z@cMQC>h-jD)qZ)=>y~bp5;&h*#syw1EN7v>z!yd@icVk;&*>#ghJRtLEUH5M_29C1 zdC|Y@tH-D;Sd9~lmMIZ*1;c*HDk?AQi1dHG_HcSRxav;^BRw?)vxT;Lm6DZ_q^l|w!%c`^s_qhOB(auOp+tiR4x%YI&b)45$DsroH~N2S zbIYcPq${Vsl%!{HIGu%Yyx%{FPTf;jsE+2f2zkg@6N}z=utU+ug#VvQtXs=Q3uGo# zwxY`JI0?C$)++;%7x0XpMW()RECXIi9ftu?bF65x3m?X>RX}80jxEdvA?Xnu&?x!o z9MrTeE5Ov!Dp2;e%vTM<jflJ%6keX^S@A^x(RSr0?RF(+ zYdW7>jztBPIefFxrj(1-%Hc{k+i$UaS zc;MHm%C~0sL^1q%XGc|Ib?T`Ty}z>tt{L-^HUAv4M?6e*nM>G}z7A(7Gia2XJftl~}mo5kazn)GQ9@py65Jk+%GQdluc_i31IQiwHXWw&G+~yW3EuS6!0_Y9>?EXADHw-`4pb;z6B@2!XaN}YeE=Az(>TMmpzvJy}Gi&n15 zUf^-$C-L5r6jq6bV@?rSSq|&BC^ zd~Sq{P_&#jSOj!kFTT9fjo4`;H}ZfxcYBZ=-n1!}M=nOuOJrRjn5kITEV)8hV+B8s z*JOdtK`VZ9?Z8`T*?fiL?}ICrB8c4V2y%)72|F>ye@ehADP28^Xkl=*bVx(~f5LJs z+DQfHkE1DuqP*^Xu+fM1D^U#lMk<3D!^HtU~0fv1hm5)#^IyKcbQqJM0W zQH#K;Bjsnu%C7=Z<&UqApr5EEd;cav*^9$H91SjelQ+HV@pRl9z3Yvpy{qnU(7&2U zuF0A>@<5Cx`WD?QLdt_8SHGlCe{g9C%!^D|=Xf}gItnsfM)5|{oaJ{m;2dhLkY_*} z9Vk}J4|XV(&eF5-&f3=AJB(s0wjUoJiSL?j{es?Yo_u)pC0b>zwhMv zO!{B)@~-4tnAZD5`SO@lJ4sWLQy?bfb+{rX0>ZnpycTaov)6gkdPDk`o&RKQ7f<{f zJbCv&4o_0?e~(-H`@cJRf24^U6IyY9L&y%xnV5x>DO|8Y)_KK8Yg-kqE?J;za`*(0 zQVHTy%H!uv3@;5w@qF-k6^mvT)WcQKI|h1KNKGlByzHNipMvt=bL#}#s8KfcD|_~$um&!5x*bgdv*8~FD# z^pPTm@xZhHev(Ln`0r;fHp7^Ej5RF83*90zV+Gb8O4MS*$D^{9BglSXc-W_${GVBl z>FZZpjsMd+JU&b5fB#2&{eLIV*Cqd7a{hdhJmILe5ENYsm$vb}<<$57G=+fA&-saydR7^0js$m@+G) zjJm8Xo{0UdEhR*O)|Qd-N&0I3vmc)A#rora3d;XmqpZeZ|EJYD+ROi4 zJhDLc1*b=mLwR(1@o-NJVI-G}LqOWlTB(i%(=~+SK%s@_&@oefm$6e=!=sR*`Pv=} zp(-p}jJWEo$R&v0Cja5_khy`4BH(0UrEP63L5 ze}LfC&@hnaU1AeO$EhO(O?JdQa99B7JcbKG1~4x&-j4X@Dx_+O`ky|>&mkNd*hmiNz=o?`322Uqrk z#s6-e9HruaA2s*qKRbCO$>bASu}||~?LLke{qBiOiT>Dpim7MiH27zKX#yf6`cRv8NOl!=WHa#+x^5H!)XR?@h1X_q$`sVxG&U)8-L#;AuDhv#*@i-r zf0I=;hJ_<g`_@WQyQQL^u9j9oq!VZ6a$T z7ZSQc4i!=BQ8VUCf3NgwFq|PQBS?Dj=iddZT27%UsLpv zBH}<>?1=7b_5NhEx6N(^@dTBfQh%%7C2d<OW{d#C1Z| z9sT$1tW6KiexdH6VL$cft!O(B+OzQF(nIR5>A!CvF|yj+D%l`fVMo_B-Pa9>rf+Yn z3l=uji&g6V1`Cy{jcs;<@0wKIP<`2Se|MJK72V&3gEz$n239NnT@3X^{i4WyZad9G zJ;m*RmVxR)4*hMP|DDS5pN@|Y_x8V?Jn}(b!jHSblbC63`jVe`sbjwlJ;t|W$4~jP zNCU8$C(9S$^jL2GSMvePng2(M{Eug6`}6;uJi+{jjtQQN4t{Wf9Qq>pjvL?ke~0oh zJWA%}-?0!#%Rs?NE`8HdDx%12vtg!9j1XkQUZtJ zA$cjk#tfs=D}o)098=E3E_P%df0RiE<$I1ksE4_Bg-zrmT6>Xn`c%-)35tS5bSge9 z3NogPf0Dy+rCzu?U~U4CNDvhRMW2;!s_6~}zD=4>y5WYdr3%^8Y#yum=2(Y{9y4s2 zM#iUIVWwdS4|%>=Z_nqJW6}F0Hqu9bLbBW|!}NAe2aj4Sgx7S84D6Vme-bR;y7BpJ z1Pz3jO_J4>oKmDkt(-~q@CrNVOHl0!J*D)&Ai~bJ<3F99$?-pqkDL4b-%cL&9KGa( z)(eH8K*dl@;{=c|ITVvL9K}O1ipVXr z&p~Sy-X1UrbkT$h$aBzYe};iyT}YSb;9!L)u?#ONy+l5}mXx}>h?i1NIe-yj6tSFz za0?~%>0BH*VMu<;Q8u#LC#sf7^)@5^8>fRlM^R5WaWeQbH)3=(_5C#03Zaw#rUe%c z_NZle1tPp>KRNz?r$|9fVu!M^DJjKCNv7#-lrgeEaRTM6^f)eD~mH|B;Kfiz&uF&(-(957q5dKOn35!(9 zQ0+h8gV)Gm^Unh?U`?SUSi9H(2pUW9KTBk zhPOO$u~{d`7pW8x#!mz~=GA(Ih-H8y@HhCd#uNz=x>M_QFtJ^1w&N~H6|&dolvW_- zF9@(x2Di@;hGDp~4t6N|C>SZE59;XM1pw+bjUdaPe3xJw2x(vy)3nkjI8_gPfGUK9 z#yVDD84(yEe>9auftE6}&;fz5P${!$AUPrm=J_Ut)!?e^r?t!iI!-EC69i7QnwnVO{%g z2^AefCx<8UV5VS2r*MbmhgnnyB5^a;t?M9bZ3p=ZhqeVF zvxuq_>SgI+@XZ6BgQ`5~1I;%}Y8Bdae?OnAm ze|zI$yVKLNr8WX=Rs+Mq#YO+>^|XIA>5bmCFLJqF6xuFND3A$ zFzR2nM}K7Tzu2VZb>m+{Vyz&#S8YEM=-1LowA4$wSSLzmFICdBqu8y^;Nqg!nM~jG zE-t6<+85Wou}<`b-Q-v9EoaeSD0rjrf464Av~6V2H^^S`uaBwsZ+pGr^iAKNm4zvL zgOD53_KoGw%KOjNDfuAn-lJ$WB>1D2*}`FXGnovh!_naPKXRv%2z5!R%l^71scd#3 zXur(V^$Tqsw2$>T3+*i6UJ=B-EX+58el@6qxP#fhI-m}&g0BW>29pu!ED(5le}nFS z1Wy@s7U4&E;Bl)%*56p&p!?8%sht3RIo^h*q;_9$@B`pBiY0>7UK&ee-0;(dTWDJ* zGug)H49rsQViQ=NU%{r!d)cN@QN$-;_==|GAkXKJ8A_@tKIgoajY`ouF-Phz`D5sc zboM0qQlp-Wr;yOKBxrKh%OqF^f0|&54Q!u-NoSb1TaY67iDfgkRZ%U?<|Jj`7AtQd z8)T`oaItNQZC^W!eNg>Jc=>QG!@!kFIIIYrtE#oB{PT04tbQ3!k@Nrj44>Igp8wZj zQ$GK1p6=uS?B>~EBk&kq2ePgyeKCjR;c=zHiCw)Qs+PIbQY$(Gr@_dVe+8-^@aH-3 z@8$GkdUWz1QMd#8yHmSa&1+FfMB`{;&VD=B$gL@bt@e~W)TNqqDt&zhjg zk|1x1ZSx!)HpS|;b&DQ-H}d^hLf^4S?M`@(WmrgySVd0@T1AT+KqD!VXZ-{jUKpD! z{h;9T54Pi1p|lsLoGl`c0Cq?|9kwTL)TaaqG_p>`DvwETaxr~*-Fe%aWFFbqQfKxl z4^8D^Ug={NVPCP+e>0XRib2);gXw(1D*1us+r(q-WXHz1f$8OF@82N`^1Kx(iWYBS-Te5wQFhv zy8vs02n4 z_rJ(15N8yZbfc;V8uIbCX>gFu-=z8ZOHv$@)%W?-;)B*wFJ*+*1x#dM~Dio^RT!hZVCtiSl10tU8*$?Ap^x ze}l$u{jM}f?7gt|kM{g$VYp0N-o)=Cd~(izk6Xvb^7+p`|HqCVwdE?LzAnE?*fPxlDxDQMwqT*e_^;{cH!F5&_k!k zb>tY>L?-xkJh%!KV4-@D9~Io7`v&V0_fs~ouigZ)-VunxPz7pSBZ3fsPv+Hpi|)_C z)AsA$)nwYc>I}NQ?(}W%k0-*&1z91$ep)^>6NKXGP(~r7R~glz;#}n-FY2c@k3*0T+56T@t)rEWrwr8$^7a z&gURDE|3BT1GrcawBU@yyB)#6e}=IpV2%k7&(FKj06b)v2M98db&E`P?rE)7$h06u zw$Hl}-roa?C4z@tX@K|qXj4R!H-@6x;U&!}wN?=wJn+532kCOv}3gb>QI@0;WZn-gXbL z!v@>N2DHK4vJv0#MzxaM0_xy3#tR#Tj;+2dV{D{gISs?{@kzdnrAa8xL~#=iT$mw( zsnq_s@KF2|gL}Lt0J`ktf0d0Wbj)zx3P4uEy7wESjW`%&R=fCh|;Z*9(eIcwc{@2`IL;3h+sID^D>pYW31$h)p{K|1 zxZ$a_kMQwDJX-xfe{j}?ltN>P%(^dg>%n5a-Td#Z<5SuH>-ea(&;PuWN7ny2*;ToH zBgbgVLJ1RMxt64UJ9w#P!Dq|8kSWN}Y6|Pq$DkiKm+s;Cm z!b35Xtj)MysXFJN)~dzkPr=w1RF1nV6%Biwlh--}2YssRf7mxHL20k?r|0v?-*vyC z#w%X|Y`jJk)D*>PG0dMNKm9^~f9`3!wI@&hM--`tiO|Zg0r~R(M3Vm}hpoN;?@pet zQ2xt|x|jT4pX8TltQGyLa+}KjCtr{BuOk1~)UvI=7<~$^0lD)3OxFKTTZeo3zmw-H zmj5E7?$>~?e|HTK=$yL_$YsCzeL!*fFWdtxxdi0N|C5${|M&E?dAgVXyLi4r`LAKr z{Sxr?Edgp$Ygd7c;@|2*P+b1U0fg(}<%Bw#&n?43j&Yy04&=)J6G{FbHCrcVd-=bM z=PQ)|Wm$K>9(*q3EQU+el%T>dj2;Q7P1f2{u>pUM88r^l!J^WU93U!nXL z7_%9&;kJA31d;9-Rp07~;%Z$1g|6iZ@muRe&{;G0&;V(QT2q(!y1wMx?irLON%0AHV80dwOHKVhKmUWio8_;2I(AeB8V`0P%{2u z9v_HYI*f*(EQ9)8)YCA3gS9eATY@CI0J{PR50P6$8gaBw4UtL_K!890U^+lfCYJj1 zTUGCJpFI7~LG%uj8^2iTeSi4m`hT?K{GZ21$NT%AJ9)ms{lDVqTEWD7Yrt1y4G75F z5y`7R57ZU@HZ22r@?SnoS*>kqMX><3bN~P3IOYG>YVP;{J9)l;3HhJN#QTNdt62y# z>0I=TP*LkEUK(`rKZ*+r&6VZ(v#%ZmxU~_f2a#pBBmbKx$E}q7Ki!}I?d18S&UDib zsosf*t`gxH#q(u&U^!7p@H;eHVtiBQwgXw*ri}+e&e~*_TD?%s$`%`lRU!3ZJ;)?? ze0&s|RUla)$}=2){^Y;@0_XmBmFNFfNG)gao(qGHm`Ge9Ga`l+f;`*?K(O;95Giavhw-y(*>$4cHN0Dc z>oP&w$1ojQf8k)l4XtEtBOyNlcB522;NPIu8THzeUhPMJP`e&>{l7q*V->pAYl7D< zF9}`OlfDKc$G_jU#IJFhN&j2iiv$SIz^>ohA8J9^Bnvr|4`+yQu%5@kyz>RFSW+Re z`NNZQ)((O}MK#qCQWg^#@a5VuZNVZOzES2qD*_^IWR5{zjGOdg-0F<3&0iGnnjjw-w`IFziBY)+Q*&L1D zU%MBxmisGw^Iv~XZeEQ>*LQD!vtPY5o9>6vdwTU-(|+^Y;^{XTE@YkD5`@h^j zu8k9O_3GsEcNf0z;rsXY@>lbH@2__&8@_9v9RBgw)yRB*`PciEd-dC&qd!KkM!%wk zdo}9WN0Zj*)zx+D`rYK!)qm{u&+Oa($KIRwH?3>^;^*(a3SG0$vtgem&Cr4Nx!m9F zkd{IxGPF?O2E|qqQO7ctoi+uY*Z%uxuq{uSDFy8FIqb&Pu(TvCeI>2ov{tTNy*1C! zO{?6ztY4nC%Cu88Uc;M9r`bAtRWH@&c>ZQ!IQmuJfsFq9z5O?rhlll> z!@XwdY_HYq?=@TIt2Z}iR-<(Kntglo)*iMhulCUAz5ey#tEN#qtD?*LMdQe*G%A&iy$op}b0gIAx8m-WNOpx-bm8^hP5?b21vJbicb zeErHY>TjAg=iOVo_2&N4ZQPjN_2pr8|HiGK-qf6TqwW2cb$?SmtL~K=*7b3{;odZB zrm0``>&U#UoK`lhtJdwXac~V!Th|w`Qo3vHyJo#~c-y$T8(qG)22l+=dAWCW zcv(9?yuNI;%AYUazS%gtc{RLj_D@gWzIxqhUcY)>s+Hai4o8g|-FWlaywg7$_w~Uc zd{?<0?pu47{_^_BD4p%Wm)9@fwN5LS_q!V{>$KV|oqsvT+kUmts_(U0hx?tXIW$Uc z?aftr|GKns)i`{0Sa0<=-(1x#`0~yDm1(^0RE|gIZ;xL$5BukxqciVnaQ7KDFGtsh z#_P`E&FK8Cee>r2a`XDAe3m|s?)F=)!`gMlIDB(+cwk)i&-7OB{@tKYFL&*u*Y{?< zb!eN7%6}bhHLuO91}&YL{nN`Mw`Q2v_sH5EU61H3y6T&!muL0*%j{8geKGbWs>*uZQx7X#%&&K_$ zx^ZZHxx8vQuvNbAjJC_h)maH0U0yWruTS7$`+t?*x^!A*Z{ywDepx@dySp5eUc;N~ zIy|~|&&>L}>xzAMHE`Y5N5J%gdvU;aREw>Rt8t)_D2uzFB=$ zyMH>kuAfyeU$u^mD`@T28!u1q&))7`H?GXRcb_lM>ZSVUtHbNzyV6FfQM)d^vrMmE z>)-F==cTKo{=3u9hyC-nhSj({+%#H;RsE)P|E6?#P`56L{_@rRm3cjQ^Lg*}o3gQY zepH5+wQCDCFZWJL?n&$Ot3mT^{j`2ne}B^`U(?3h*6ZufdinJ8UbR_$b$?nbZSP|t zgX^u0+Hvjduw~X?)o;v$H<$H8A-hYj)AR%a%uz=}jBb?`l`W`ZsifFIwQd*bF5LlV z#1iYeiwB5!ZV&-uBMa#NY#=x1Ga3K$5MCmj%bY4;llK4X>v8?x%2qW$|9y}rhJVF) zZ@)%7CS=B@oehK)p;d5h!!KUi23~kYtPp zG?G&Zi#(G|V@W)VA{RWJTC8;)GI$3E<}-d!pn-4x1xm`D5VY-B{N><0gZ&{wK2jwP zyMKi0&vKsIL0>%VAOmO(8|k<^0ub=se2}cDP2`ZDG`s>!8(Q&9eiTl5bAJ~84mD|K zC?lIy5v({RapLDWUr;1{kykq_(-9agCxymJg2wbe=bir(<-dQ`KlkbHB>7*dZdK#= z|Lc`XZvXorPi(x)-d0Y1lWRdDO?*-KO9?y)c3xy(!33$81e$bDB%|S`%jgs#mmpIS zbq@+Z3x&eUla(jn?7Ugq0e>qZ3TBs>Cb`8{59|v%>%>IBMvmO5iqNjaGDm)-T^xl$Irj z{zOB>qrCDS%W9@blt%h=G>s!7r8?!BB6w#JL*cGXjPQqF!WWOYP<uplGNfX(LR(oAVJN81-%(kE8>1hl9Gn1Ngm@DAV!uKLIVx{090 z04xmCt%6$wEPuohW*-4@Dl}qf(?J6=L_9NeI&5WjMj_qcDaDqKSmr)52f(vF4*_Kk`OM)vgF$#@HEQ zp~~A}7Ac!_wiB2iTkm1ZV6*NqL2P28I_k1gd=8Fj)qe^A$qmE&ZJ=Iw)=~hedqn^i zVbOHE#CWI96r)Z74D3&AdBmf^nG41DLd?#yTb*bozAH?%1Tl1D5Qd;(Y*zNv!J8_%P) zC<+ID7lEX@TXKoA9ZVeTj`$r!ctZ-fqnp^L9iS;!64RBXrPB!bi4nwBaHI|b)yR37 z4FDd%Ui981NhD8`$aLYErmtB!IeVB|ElBJpPk)*4SGuo|Ev0VIhz98Z7_gidTx)S{ z2%WXaXJieNWnP>gw9j@=Yf2$QM);va20O}20J<2NhFmQZ??s*dMBu0;v#Q3$?*0#` zkBg~9rDx{{wdFOC&5NQ%48DU-)U|)oYBX#0_VGcyvdD-?dKZvWnr(_53z}^qK>VT8 z#(#!7M*P~Et@_!)`PErAPsfV#jKU6T7boZMPHSh))Y9ghRem)`=jTT!wf64C#mVvh zZu9v3ti4~a9n{X6$GazuWR1ZfUh_?MZjcCQlw|&X`{ewneNwxuos4CFazdJD+S#juWB66*e=|>{! z>_cWLhUOXyjoYQ|68QdoZ9oiUrqQ{-fARLxzW$Sz_2c^NI|Y@wA?o`c30;z>)ExIk7VE)5i|CiGmGQ0=Ic3Kh{2nbB-F z-|Qnx1(q#uX!} zcHHD^zdY(X{waL)=@MrE-5tQT@dXzvNZWsqW&DtG9b_Xo56Q^#20P%rMJ%)m42aFq zD!4`H#vFZIiLr!r-P`vRd6v9$PKrOibA z$Bp$||Nmj03|s6AhZvqNt;EyZyrw5C1{#I)IBtrMIr_jiMm{yZlU|<;X)E+?MZE@? zk`J*emaDwIglFRX_kDgUE)tfj|6Q$A%JKN$>y=VDpZ^c>WPeO+X&o|V;>#38bjLRJ z5k+z0fTzTnm?O}^h!{ycQ%l z%HP)ddUUD&HxiZjsg)DPvTrUk<=t|?*NMIN!|%hFc59v00`a7~=zFPq75UIjd7IiFKa~In@nbIk=6~0`g~1X0#0!>Giy|fY zxGR=)W52X3GqL9p=B3IGdI}raFtJW?bbD?%c*t0pG=E-IR67F}BWRpk<|uO1skUm@ zbsgOC+~gquP1?Cel}IMowQ8{zM+XZ?y@SfUh05{<5UC(~8JO{Es!hvG8HzpKPN&Ns z2R+>`+@O)PhM$iEv)0WX?4m)eUkl&{jbuIC`q6rpv4LC zJ$hv-6MxLxS^m_`92$NXC^i3xZkR+yFaf663UihFMy$Z4w~3=<^@?`!zJT|hgBs#) zWqfb&lm&SW6RLSGuRkV}k}*Gm8Ind~bj(JF_T=<4i~*JWeK{VoM!|x-9GiXap}@qcuyl+T&a)=hRxBD_b4ThNqv%vXW9v=a`dZor`_y3 zi1vwT?0`zC^w1J}@-YyYd=!*cl|0xS)@m&+}2F9#Y&@Hj(_#F@%a|*y3`|+h0jL7wC5vB7@>*R(CNkGO~U3v zy_$^DEV#{uNV2As{ZIj9q@8+DB`;R*TnFwtX(D6l)hR3^ykLnhPZ@+p?Bvvryr`d_ z)|xMCtwy_1t6$dY?b_MF#rbi>RtjVrm;teV3k8zbXp~}W2Ga4y*gada1b=>F5Sp1u zqmzQ~n`Yjj;aj<#w+`C7N42wN`*rPITGL~e8-9t>J8gEM_1eXGy?K0gB>6jC*>%MF z99z8xZ{}2e9IyGJetvm;P^-6hFOIWYrR^Ty!^Y^~?VF3E_UX%3ZM1En`WAJG`DN2A zd7s}7KEE=DH=498IoiJf7k>`cvDE{+7ssJd2xMJUd{k@b)TVhLW}fGZ>BM3B80Jsv zlk<#yQ*bBE8*Xgd-WVHfY;(hnZEb8#Y;$AVw(V@PaW-}~Hh(Ao?^K=ZbJbOIG1Xl& z)!h%?=WQI^D{Sl6Rv#{x=(0Os3_jPX))LyZZ(1FjAW~Ee(OOokyGajZF#Ajl%vCtf ztgmCtQ*ZI9Z3cCuiqv$7SAFpjEyXeLp48q#`KLOIGP~Z~__sT0t$%$!bxk9w*L~M@)Y_S!xy3m#AHPzvf$r+ATsTFKcZisEi96D@X4kE5&oyhXJmW`lSwgP8qo26usTIcLXB$VrwbCPwa$!F3 zZ?94EXYY^NX2RMymbJ9zm+PHB4MrJWrFs(VT*QL0c#zA!q=bf{*;3~9rvhM2NLMc4 zG{m!gsx6GBX=F(xq`<#dN!oN3{>2n&F9uu}8a7`Rg@wH5wZQq)m!$j}*-E^PRp+Yt-ATQIlG%?n@~jRbQ+0`O42Z zF}`~Vx8P<*be3_%ahpuYc?^T^5mN^3G8e7bH{(^|)%&hO*^+s+72apNiof|135Fu||&KO^>XLEld-qQ%Gu7jS_ zzCs!srA=W$nFE3E_GZ3?7_A_t+M{a&lKp4&2SAnZV>(^}rB{{p<#4uqsoEHxr>cID z;dDqO7{`@OGwRhoF{Ef6|GRzJgTG&u(9`}<}|pz{(`6$ z3ooD62PPW1g@3K5>|LJQfVr36-fzFQ|M=IQ^v)dDM!~to9+)N#tvq?>DLdv8Mm8>s zqBkyopPX9--&7CD!O7X23>9E}(SSuak6TYRWV2ymK_tf{q0C(#TFv{WTXt3cH`si- zr;T($=-$D2_eHTTp9SXwXaLntS9`pHVy0t!fOjCAhFV|Co?$m;>$u$A>7Tdd>8RdT zB<0@K4Mk$IB(sw$J;N!rWGW#&m_=2)?wN-Cnlqu_HQUk_Yl=`+r|HGjrEp?t3#*KI z79{-MaB^?j5(x9C7g*8X4wyQ`08csuEvfr_XjBrW_B-Y=7I|2?%c~3YPR*)Fw_~n4(m{ydep3+%Ud%J$ZA@l7SWQ4DV!tJw`V=z4 zAUxKSW1*mYexLlj7L03*isu*@9}=gqgLxbJ7O#zT>tGc_OtDOeMbl{zIEi7YA>Y0o zN8IG>7`xF&+A`(`h+ao$@xRH`0EENdpuo=tYGl$ysd{eP37da%Dv#ohfvU!D z&!xxx$g$eb1p{H6z&vy;kB1~foJ-w((5`oq8PmDDO{jl4;NA}6D=>K(195IX0wZPC zqKQR%-)1Q1+CC_^M%PeUHkju=6x=@)nyo76y|8#vtpzxlSxqjO9NSvtEu4w9ytFAz z5cqa$g>0j^9?~U0ShinMgpy_exs;)2`{LwD5Ui(P(Od4a!daq50By^jg@iS^%xK9t zH;2~pcV**42UG$kvePmrz}98t-%On`f}hMR-Z+1Re>8k6VhC$2Cfo9OxQb4PD$JLW zn`OM|ip+?;3w%cwkEW72UMhx_LTi+0UEk?bqqA6@PHf~5s{YBoRj&GuiBYw%D16oq zl_)qhD0hq>GkhzM7p5JMY60Kn3zar(q%ewV0)=$Q4rYS{7pg#rfbRQ^#qP7B6?+dz zXZ8_5z2zVKu%BR9_)_~CF)?j zB~896e;V|A{GR!VZ!rVO*WnEb*LnS|I?c3 z9%**rzqVLNpcm2)ez~%8iMdvLFRc(bi1TT<>eU7E5dZNpt^8r0>4p8}@zIMt3QD;# zryKpmhC}M#SI=KRR9Fw4Gq9IEJS=YqbxC`x^&Cd)HgsCJ4;QHyEk~WFvdGWMjH4xG z3&I(zlRXAfj*Qjk<3U*xw>QnX2&+w_%F%KD9 zAuT||+d%(!^95_SIYVi zjmh@+#~}VmJrJqeZ#P~g7SSKzGCa)~QBK*vqV)KNGzEuTAcft^ zmdEs!a+t8dnjG7tv6EHXQl$St8YTaH>R05R8w~$KKv7DG>EV-d?+lI87t-!cX;2H` z03~T4Vq5%`)9HF7`DD<+=fQA#DCze}?9Y;tfgXqY-l5aLd-P146<_dfi?4r`)Pm(z z`9yIhdu<4C8X!<;JhKg5a9~HnPw*k*I+KIMa!>Yq{|)l^2))}x-u61tU4X27yAxjl zk9ZpDa1&;uhW+=rn=GspBJ1t)(f&>! zQ+d|!OBX|V=zg8cu}C$A9SX$J*t{Rbu0l>5oIqw=LLxd*atk2*YWmP<*?s9HT&$k< z`QMQ?`5Q8>1=D$qq$3ExdGUO7RS><+sVAi*0iDh7AEq~a`Pa^FaikxkL9nq0@dT46 z=MXvl?8Ft7a8iGaLqk|0UYQQ|Beh34t07^BI$=G($Q~1SZ`Z|#5euQwt^H5s2f6@= z{Z-9s$^LgU+13>(&m#67IE37ecmc_P;&cd;vNk!u8--J<*|mh4@ns4<1y zlItEA?XEi~akh2qCux$CxRnDaI8 zw9f%eM_6x5dAY_DQA%w*)i^bK6$Gf9+2?99cQ{j0&!2|5OdM5Fb#_}R$M{}k%$;Lc z2uBS`;+*f*?1K4b46)MZOfN5;F#Ot>(oB~-iHdG0S?HF|0iOnj`=H-cVb zEG|7?kZ*kJF1x@oaJbTETv+mAnRkvkT|V>CEaXG9NF+<>c&kwhi(L`|h=5~?Lh^$% zr--bUr}5whFV7gc5(ne<>k|^fUOQ54sy~3YHTl&a;?-lHl2CrgjBtd!Vi?cd6>1r1 zog*bLpEo2EU}Kt|f44@IQD^KMB5{tSD7b3`HaL>nd@(YO%>#;NZSo&`)=``!tFaP5 zdnfin7dG-fYa}Y&F*_V91)#52f&1R^4~Zue1#ScpH~vtS(szpW_tv)X$p)L$@925x zV_ei&y!|Wo)InNQia&%5mQwwS{J9$sh)TTW!7@<8QUHOAm#qdqU)WO{1~DIeTI=eChd+H3%lxR`Ct=9?y=kNddqb{| z`%q$)EuDdmaEnLkyV5)!#(XwiW%La97dX{k?eteS&ZLykkZT(XjMK?!D zn*N1n!%)K&40HE}see5acwff|N**^po>zCSmH*?`M{x0hI_iPlKNKhr)Mi|~Cpi6YlbDbsu^=w8pfsGtL)ugL| z158rVGMiwV*=usT3%MpN-Zqa|E>rn@aI5qKn7@AiS8s5{X?0~gHblffSw*#hZGN$9 zbR+X-22zsb$k?l-F!=9Rq*EP~g#`ar_v(ns+^_XJcDHQVUY=j{+Ud#bsf=t)`BbB5 zaSpEG-mmRkuRGdu@@l>NZW=Rk_woytEv|ne_VeXtclcJ1ZNe8B`7-J>8O_Gpj<( zYl{+iMas4@w8WmKIK<$zPh-3?VCkfjqCcJ7vS3hFD49I@FKwK~Tr?Ml6#}!q4)6XP zLh9XlZVw|##&7W)4s2pFtQf|v(>AO;+7>jO}MDG zNSnxHeVx5guK~Ra&n^SCHXwg;l7C>4x^u(S#t^&1{`C@l-=Aqad;}xezAEI+X{2Oi}x<|9Pujd8}Pr!QF$d!Rr zch)6{bU#Ap9%g+V(YQ#M%2ik%IY6Z~1UwL*@;h5S+MVt|tqV|?c}3kWqJBIlRFdHn z8ak#muJn*6y*%F6;{cZw@bNnjOwM)I=^Bg}PLJy&qVqtAQau|@!?6&@>kRfF@sG&P zWzkV=1!&%V1(kkRLCx{AJ}$fiI#-B+OzkXX5_(Pu0SZtLi76>LaWNhNI9O-wKMb%`OS)R#; zY=yg1eXt+8hQBrkl_@Yr>c8EqJrZGJ9Y?^0H@7@2YXH1|dM|C$TI48154C4CZi;3H zFkFo5HoDe&dtMHFVYm8@Sn|et=p!6)yI|K0{#C;u93v89Z0`Y(t#OR^PPy16#ONUo z_#%qh#ooIf-EagXy?SR}=E~hP;_fTZ`Px{$kJ8BiTs>XQamU!=tC3#)r_!sijiYjv zwlyH`3LI=p;2tr6OneH?fbJG=2W zhsIf$2nuOm)K*29(P2F-5@|6X8fgGCHhh#WylIuJV>IaAL3`^lq419-S~m5X98rD7 z8MDVF1@}|0bzqz#ELtY>s*Df%kf>~Z9V|ml6$kwGl2HkKD4x?pEgN?~-9L;L0>tZC zV0mG8Vxm+r*D}|>&))*^J1&ABx}RB|Asv7_#3V&7?6eIDNd^tO3iWi3bo|e#_0l!+ zSCzy8O!!-}L>+Q*ZW3i9E&+c>QT9@fiEcOB){mCUnD?03Y}u3Hzj+<{#3F^A@46<{ znp&&h^!7F9hQ&-{)xkN$d#}jHEDLQvGeL!M`TiVqOKK^y;dr(5yM0x5yE?2B4NO)1 z%UKMj+(dST^tZiI1oU<7X)0VjbGsWP)f9WuVM^|&e_v0xN>h684O^cO#0ZHGp3mv> zYV1>4Wkjh{f;PzUOE8?=2}!{jst(%rQ=ytMpRjfb6=~)Yft7Km8$&w^MpLrA2jtZZ zS2AV5HYEN)lPsgjlK$KNCdygq?9T+b@sI$0CrHi)TVm+HA;^lw`>B>TRG5jygLk0d zgTWzjh*Q_EGQtwWYI_+V6e!opTr)}uD+Jv)EUJd$S|r*yC2&H7*nO=d@?aQEmP!~D zhiHIeSb!A?i1`IUDsGclR0q4V3Fx?(vJar(y2%e^dnl33But}Uac9#TLUOungSC(4 zcY*K}Rrh;XKI$-`EC?epH-hi5FP{T`kCw8bQ{HGP39f%nACq`9jBpvgMyJuBHqd&8 zVfN|ho6oV|22=jqzi~f#6REc}IEGo3&AK(wI)LioC!Ig(efZ^aeS+(19N>y`g~Nmy zLzI6KoZj*r)vI6CGi!`C$>fuN?zy2T8^L9jxcW#AK(%$1AyZ5GCGuD%2Lmm6*tpx3 zEOR4RulF!Dy|yAbZyvpx>{384_tHch(1kqeJE58-hIOy%O%B8F=<+#3s_jbbe7NJ zZl!e!9is~!p&B?eS}GqO#UcDxc{+p{5>>2UaVhM8t_Cfx=g)`soL{B0BtNx_GyK?y z^}&>sboLbzGPfdWceM66K*IP9iqD`Y{L$JcsfS3w=?Dm z{`Y|;ffl@ObApm|Y9V_%H+v|?ZmXq2k}>8u+`ml0P}o3yLH|WC@IWcCmB?i4ir>!IH3eL zObs6hN~vWb{$}sZeRAmf!8je=Hs5aMLJ)OrgJAc0vM&dViqO^F=k$)?kL&pBteol!`=$ zk9^Thwu!Jb1QwT5-VBxo2B}5q52Z@_pk=8L?G%OlTMr1H8Smh*1GJ8pzRbiRRiZ%~ zJ{H1;R0>7vI0r`B3p*Au{M8m7MALS%BL&wgp6!73!_meZb!5N^@|d9S3HVD^*yQUa z&;P2tk%%b#m))Z4cJ(0b(cfi{G2sgYNrk0bVA@R`r*{d@R*hHIMn;s@UR#KtU}Ne) zwRF+_a9%L|L4*~>UjX?Rj6?$j$5{L+r{)MrGak7wmEwxX`>)K51P$>UqJY8!O_ zYgFFYpLHwrBR?koB*stef9}hS_9#_$Gk6iR(-Ml>-~Mlwd%Jxe#+YIie4!O=f(Fm! z+721WUyG-CT?kS>z+lxcU2P1GZ8#lfAq?mpM`5{qsK_=~A# zt;K0P!od`bi^P_cSLrT?RSxPmI4jRXZC?n~4T3FX>;zCaq4$~ks+D@!%C5ki&L~uN zSg2c#H@t+~0c?|X7V=gvlz*a#%vJAsiOy6LKDO>Jf}V2QIKwdW`Gb&1GCkPEC08O> z6`a%jG1KBa|MVb=3i5v?BIPI6@VX6TfVV)zvb<{@3$iZ8{RuqMvDz5WvukuhWYR!4 z)?GnF@V{Gz5tJZ)f0fG0UD^Fgkpnq)PEj$B=qPuM1hh3Zsz%|#wV~-STl}ipP0%&_ zT;t0OV%iY>_gIDKKDyoc&%LTKe&Z(WJ!DQOKD9%lJobtpCNjX}s(iLpTWuwt%<}6h zhXgSNTI4Xx@e@yzov4(&8exYon4ZJ>sFy)kLInnwC6!$#EB5AO0(ee=enNGz(ujIK z<2{-xAkVnZpR~cNv!1QWHD^DbKN#~Pnqs}dtrze1RGH1`q1}nE2Y343_LLV6rET;x zW*gSx7N;xgi14W>Dd4<)0|KFK3}0!fv;yuxBhU67WvX7#%)y3?KWuikR^IM95#a5` z*-d4BQ#gn1pTs59+-v(%31O6Xm)qYF()NW3(C}GlrmY-tlv}z^l3M1rlUe9Qva9Cz zgm8CBbPJC+*tmo4Lg5H=|h#>3#h} zRnqhzMffCRBcB&{#)k-I(Qt^tFF>n;4TYKiw6ci zgz~Gj9|$@V1QQ+*D;Nx&eqimnNdF+906NKC@x&BZZvoi*m6Du2aY9}-Bvwe(^ zvM{8t!pQ?9#?cS3BW=ok@9XO|WJ=nyeqM{*La$BqRbAk&#ER|$EnGMpH8<8mt0+$R zZJ6bZRfRw19%1I_x#0-9Y!h;H6rCQuY;VHJLC)rOmT6C_KjGUq_W4uul=qT^f%V^Y zi(l3%4tK%l-I`>}o3v90hXA)SZ zy={fs=@V;+>oYeoeC|}Q=5S|x67(Sd`Y|pPhpzXG?2}RO-NDBVj(V|Jy;vaAP67?1 zA>v6~+X};wGHe>ZZ&9Z$ikuk=9;j=Z%@Z|5oWcA>dG!IKGXllX4KXaxF@hnum-&5k zdm&Z)od#<`cKPq0hIBIRJ@s*DnZ2UKgAa|SNmy{vEWkL~7lKrsA7;~2yd@tgXe6eu z)OI~XH}YwS&-wo)!-BAuxdWMU=t%1Mx#_>{Z%PmdLI6xb7c~ zUn6YJiSfF)kBwr$b~qeSF(8KfM*1Ncnz$Q!ybXXZ*PioT%&EJxCHb@KS%y0YrkzPb zJvBp1{)U|~bop>16B!o}lZxZmVrtWRc*|uG?hgSCFHrqsDOeLTyZR_<84KRYlv&$l zp|YEG#jRwSskVoM(Lppl;4Dr4;nw@G8;5e(*IB}eD>){Zk-}fg0oWB|BF^ydt6OYp z`Arx1j>iO)pqdqT*uzHb9k)v1`f>HeaTILv@&X9Qd-_`D9xC3rW#H&I}S{VqO)sH&30kOI?y2^I^%ws}`yMW2e^BVoELg~s1o zbiW%wR0F)z&@iDJ?=B0d?)8Vvpn2LG>+T4?^ih4Dj z%W5et*L@0Eg(vU8xyC_fUOb1O-mV_~iFYBPG0Yc0M@z=>80WS$lnxe*vjO1-g=g z(SucWa3|ND+87Edq8XX$s2YotU5M;&sw9@K0t-mhvqrI$mW07eRILuZuuB+-AMp zXrxknhYcdIA|+2V`-`kId&S)1Q-&pZ0!`f`VhAc|Mu=Szg5)5Zkw(K@lb_)3Z2HCM z@>l`>5w)Pe-zwap_2UmJf$?<93WK^&A-!_E?JzPyK3$I>DPDwugX*haSo;l!J*^Z)sE96t^19K^iRS%j%nkXw|A#p>?^|Z~R7pvFx`N&NXjYQ2(39O~B zQ&Gz3R6*Os^HGEV@}kyOfR{_BT99Oa-(4tTzkaJXQrPq@K38(O2GcGPVDUJIFMCP#XNV(~mm z<{H|nQCl>sRIYHLOXVkW-=DXy)l&$oT9E93qMg4U*Jn7#&0$V}} zrJAMo`<~Bie!YA5AqizK4UcgQ^)PC;{n0JFW?noPdnSmut*rkMvjCy6-%-}5P*h*T zD*z%nQ3R(>gzo2)Z&#saU}D4GA4SAG^$9S6&pS%=C_r%m+!Qt%O*2&fHSYAShw|+T z%z8l&-@4aZ<*X}>UWB9mT{-$>Nun8hTFoRhskERnJ;J`r-fGSkk~Bm&CCmzS_QT16 z1cx5AIZA{P+=o5HMmL%{Sl^Y$4Mb_aGkJT5APX){*4q>9a$E`6oJ#&9%w#+k2LEC; zeGgk+<;6G+G%4D#Xoe)S;~*;ss#}YlO|d_7$QZ>->XmI7R;EeH&XVU$hoq+(o(Z2% z*Nb=j$EqWr#ubQ5_!$+g$E2k25W~#1)Thut1->*`5dZs(t1>21!Ch6;Dt)8*Ue8wB zoD&qEVu(iQId`Y|Gu0xazIJPGeDudQnThW8tQ>GXK-nu~-Z0nrq+N(FeHpDQzJLqI zCLSAvOvRlYA0_}xh)XqL9itHavlxlGWfJ>fSWj)nQr;mM!^}B=$TX@NE|8lql3iHb zQ2gL4$9?i|ipxXaogqhAs(|XqSro@~wC@HokRn*+%cM?kU}V}HUt%+}#I`Vf>J)0j zm^^{yAvRlFxnWtQ)FF)Dj)eK-mvLY9?age-!VHvd@K+kct_ z9mMy3e0)ToU*v|8Y6MkZG}0=IUIrx`?1BT0FY zHZDz!)X?gsQ**41kZ*<=hCdHY8p3X~$Ljh)I$ww2OM8K!HDc7EwAn ziX#dP4RA51z8wBLV3l@}%O4H)!bhQLxW{YP5FFW1jS{yQ@d`;V1KLV)Q81i3dMWqj z(dI=QM&XLIk@7{IwAdJy%pH5t_7C|I#@(lK@*tB_##H+F(-P&8>d(s7Y10%ZZJMoD zulRE7jK~d@;e>}_u^C#zf}7biKZZXnD5niSSW3iC^GG_PXo|U3?0C#gOi$=cOD)qz zhJPn|h1aupdw*EB=3AAx&zg3xAn|aDL`s|rZ+NH0fwzMccictMSS=h>zrJj&azqIY_)I ztoWcs9q8ps?wvf1vzB?EM+Mc;0%^rPA5y)@Nb_`i_Qp)s{h8MN)=Vj`_fl=d3oS?~ z`njoauNU}jk9_P<)}8a*aCPH*uqbF&MOAeV`gXpnXW6p*-;n0;HRR^(&^vb2VY{wU zE``<~z5u%q2E6(JqMk8!u<0HN6i$Un;Jf>$2u{!lTHDaB-G4AZy?zSK>=bFebbuw; znCEne%g-EQe}H#&Z)*z&P)6m&xI@s#i^6_&Tm^PRa>hDPU5i-Q-Z-7W)rxO0*171J zIvDhXPF3>iuE6&qlp->m%xJm4Q4@!m5Bb5r`HIxDd~^dbqL{Zr+hk7Df#=)cE|SoQ z?TqBvid6EyK#MWc)yHqOYMjm>RMgw(OfsUfoPO{%@K>5@$wqbi-1D3zbubUM!8>>u zwQA3SiF?|LzeX3nCCb?MA;L;1+$XgRXkSI}@kxXK$RbcnS~ZRB1zDQ(VbbUmPM{YUrp!6^MaU6{h3*j_rr_8+ygdZ@W47EX@ZSa{Gka$ zLJ{?}GezbbmK=nx#NS*Z-cTOibq&LRS38)H>;8-mFXde$)7!bswz%>&EhB;PL6xl; zPx_}aF-(6(()%*TB^mtWwJxPD?Kf0CGiA(oDgppui&J`P(u(@FNXi#1J8hdQdMPzNFu;J%P$3E;962km(;jm!r~B{%%IF#quf>mmJx z{e&<4o@xtn{7KODMAi~E*<%o{4{`}}%sqOvCAcy`Lz7Go6&zgwOexq6BG+;pPj5a` z6&wce+vSISwqO3GbSeBk(zwhm13g|5c)4XM!ELm*La~*M=RrrS~ z#biDx;nyK{WRig40R#S>K-3KL<4Gv(P`m>NGU7Q1X%W`JAKeruK?sAV#sdb(-7SM@ z5L>^;PJP5M3B)+J2Q?^kGYBwaBzud&|MU?PU0DEq-82CnSS zB2k~WF}9s@DOz%g9{}MMd?&AlHmN5`;Bm==FXQ*nK+4bhM&tFDbXU#^j132r!a#UX zJ@irAl=2Glh(CgT2F)P^j1nu+mW2Uv{RyK@C>%)QuCVJLDT(XvRskotlz}DtoLUO1ND@=?gN+E^7q$=*0?4D`i6*ob+d` zF)>!iORXbTwos>NbM35S)fJmZq%rih5Q@%rwj5z;YsWJR8jyeTH>DK#g@*v=6e9}n z-&8Xsf9$K{rqwzYxx^YpaXx%N^e zE0`v}#Ojcw0^~^rjY3{lSkwsLRv9KH$Efy5tftT%_z|yuDHI_-uxM`!Z66m5x6)v_ zkV(LhrCzel5zz%Wh#vVj;i&_}6-wd!FJ+6|N}+gnUaWs7!9R&q{Oj{Vd>yY!5 za;D6nWkt0${2OFWDk9*CMQk`Ri?lRRJkNebnoFTCYu}?Hs0rMbl_=vb}|J(pIGRzbMu(vZE6s?{G1D z{Gof*&2D%*d!mzTTf2>-v#`nIWwRQ%3AX4-jQgWMUO$PnBGDF*jnbCKN2tXy%7oEs z%M9D9=Dd-(mkLOQ=jHFF;6HxLB|SnY<|)-g}kPJlYidRsYK@Y!rHO9irMIXq0<25ulZE9g0_<720O0K_dTV5&J-a z$TOBdi+4=vnQB4`S|<(kCD`=uC&pLhM;a*{ASpMZsGB8)uxgJnn8TJckK^2aYEHG z4=~|Q63C`Syu6q*!Jkyuj04?*7V^)Y<2?)J08~ekJua(&nB(F8F_%;?&x@HB9@w2@ z-d9JjNaAA(=)SMp^twNli!dkQ-V$Hx4t(1=o}L(C^gRMVV8-SCp}nSyOw}m*hXk)- z{mk)0^^st?(HlHdZ($0_JXe3R@?`o&6CVFaaOO6tQWjZTVe_*T?@=*Dgsi-9E&a6i z0|XyOcgSItIn_PiETlXj^60>J&swNV73ORtIkV11N2g1>~!z=5<<(xQi%8`f7W{IT9Ut7+v14E*% zPHt`OGH8@rxZVX+nwxkB$>DVd=22xRQV)NBVSwcUAjaTlq@0Qx(dJk6?-)(_q}cq7 zcoN4GrlzDvdLc9J`KciDssf>Io(%)OH782U&DQ!!Bzb8LEX5@cCK8#v;p3Uy0AG;Z zLnoBM4Cnn3?8`7>l<>>Q=4v0xt_-cbU|PHa2&JAqQ^-?=vH7H!RP$3KmMkU(^UCFy zc4mweP;8tu*+(>y#q$;96EwKUNt)^xznnz&ymbbe<3&HCE?cHkf2m9jpz|(!#e>DP znaBWh^tT8Cgd>)DIPbFOX#K8*0MaH!8=JQbz^ z=V{|wz%;!VkKa<+7m$?`eBD{V>cJoElFyRDd2NrGFF^|HO^4B-2*^|c2CA$bR^+tA z284e`97kL+pEI@08(W#JJfq{5FzHgXNgf6cEq%*?Xqo%T-{4FDCFh?w)^H(au_8y{ zcLVktg`-YtvCnYV*U6A)j4gg}(B4WfiI!ajuIN_ULmwOKnD*z}jmK<+_OFfl1V;)b zaa)TQo2Qe^=^AT6cP@4r=^CRAb) z5!M#fr0ajO*Pcrc%P6*vHi)Ph<15d81Q(?|RNE+8CezC=D6lFWSfWO*d7 z|8vqgE&R18xRIp4)6u*1dSuENZ%p$|S!D%wemw~5%Sa4bK*YW%44O5oQbCjD?j|Eu z>VsD6yKveDJUAKf5gsB~#v?d)!D;b#=(#38VK=8nbmmK((vT|*F28K^OL&NWRqtT zG_1drzbHlue&R;wB;t8x+qHnAekDXFp}03$+AL0TC?RFAALw9*kL8+~X`UV}YRU4XMd=BlX-k{>*Y_e@;NTbHYS>nBL z33*K-H0JV0X^!78vy|OUV>4Zd7HCqs+CJLFO(U+;3bJOl6xEb8RATO5iA&^^%{5ef zqvOqlaYHHxJKZlgvA-)K!oqGJOlJ2RhK;Caa_9kWU=6PEX1yKEPQf|eYM+VFbi&xP zzP5N{k%uN@Uy`XXB^2k(%4JbK9~G8;MMHqYkH#($SRT34UXT6Ju1oV{zALI4)gHsg z@-mZ`@B9)$U6{DXL*1iu5kwtF0^A0u7eb*VQ+)O#Gq98Z(S; zUjy|zX)QRG!fx`JR3QXIP`yyf--ArL!8Y?Vb1%VPhOH;&j_+DT%&zxNuqU2H zze(~^GBjv%_OAR|Z+*?0V25CNXtAD11MU+p9t8%j zyeP6U+k&4f{~iv%1XdGQ1(&mBcUnY|7??*F_GM~m=G`P*RqMP3tAEKcu~sE}-e>mI z-828GUlgzx9*#T)hkf8jjePKtc(yiGW8=K)n!;d0pswZhQ_{_Buy@JkDO*kb}bIdK#3^6?eF$^Ahzca~472hLiP4rCBb3oHKCP2pW`kw~~ zr*Z#oWXK3~YO2@qH;Y{Ma0b{3`Rlz4zbLF4@g~p|JG=bS9XH`JZ_q1_{>~V4KA@tF z%gH~%#XDuvq&LnseJ2KpUKcZFzZhkbGwq7PIr1p zrkiCmnGh<+rBDB>q@^wt+<8U11fRm%t(0C)NRPUPYO;pgG$X8coDSISjGW~aiO9~) zi8uV&yv^1a?Vy)9gzsIoI0_o*l@_|NxxVm4trQcn(I!emN& z?_*}SW_~j+`l0Hwpo6_g(|qnQI8N^X3u7l8IJA;WpI;l+3AUU|_D^PkQ;g-PZVadV zbDUTV!A>&I%0GazWl?}|V$1Aas=3HddBzB#|I-=3dQ&july@_0I=W-|Uw1v(+9zR5>4YZ4c$lsC2a%#ea~=u-+n)wVx>aJ78= z(BE32{m~+ud3FG#Oz0HfjHIEUfe(SZr!Am?S3_;!?JuPTqk~g`XQY*)gVTaPrpbDysb{sp+PU0MIcbR);0&KH>%jo0 zgSdD~JHY@a2Cqwl#RR8d;41sc2ZwBn>n^V^s@5KRRA^8-`LP=`QlhEWe-SjC67*p# zJ+$;Q?)}3sO$`&A2hO0^Y0>TK-8(G>6FeH>$L6i0eHF{cQBWEK7C0j~W11!wxEylp zP`;f=7#8>^6mK6)tHT1v2ZTtHg$$T!Su|Rl)p81Nqyi>LH=$v5HZWi`wr59pEu41J z{A5xAer_)RRouv58;f~T=*PUKeg07quH~gu@7`oVBKDRU;$gbbX=Zsmfif~TPw3GO z=LrQeGu;Y9TOW*F>?yDM=~m-lw1bP6D;1S=d6r9&xyJ{{-Cg&>z_A>`s36fz1$DfJ zO0SbM`u2U-jhMr-J!G_H?gr=kiO;|#>cX}d$KOu`8ZS2LL9UIHe8U~$|pnP&FXNyysQ^qKC}iyXF;-=x>@h?FecKgLDkbE#lOeq-^#WpwNcp+Nnd zb&*drKzj#J&}b?k1>TiqV5nul`A8Y-Qq3T^8MdDf>>aTfuUAl1+JxBj>+d8+h+}13 zM2crzx7DW#EwSNhTUJh?Nsji9euN6Y6~&>2>_2jwAdG`ge69iP031v0H@#>SrDF2PA;8q#=qc6;uAS3kX_*?5BkXn;%`C zetV!IK9X*wA+D2xUh=9#VYD|s7+N!RRJf?bbY|v|dpRI-93~Dk8w3WDTI#{te{)~e zlCI|R98R;^$J2~<@f>E8-r6zZ-+p(|%Q4y9!n+j|#6^!X*@VtN*)thO4Jqjr2(%@7 z69(>{1~*9mT-cIyF%m!&goTYE2veh8k)ezZCaGKE2XH|F!C={SCx)Z=@svvG``46n z8(agV+k{4}R2uK((#-BL@tu-zP6{UkJMcOg!L_CQ7@{QbS7@|8O!4D7apE08)gS?b5Zww6Q@@o`a>u`)+HuPh)XzHoGnlzKzSRzY9^yUVRznqtz#+kUPGBS@tD&JARtO28; z0ac-R>oO0rupa2D6oSlq$^Aww_u;%qNx5&-%xx;0w}>@&dl!FDb;*kS##f|#<1Vz( z73}O+&vb0tu08I`Gj%7~6?z7dIg5X*=2rPKb0qA+&^(#MT?{j!{mW0*&*v(BHsw+8^L@d_y~3>`9?6`2<98Xd?Pq9+SG5d6P$5F=i963(ft*ec}J(- z(!G!G_3Ef6k>~qVGa#|oQ!jiYdp$x-7u#{%O8d}3M#`pFqr`C&`wx!7+y1^0Tige& zf2ZC?eown0cc9%@iMfM!I02!93t&8mT?5JOLW0C#PmpoNHiCC(0@Mr#gnF+R?{CuE zgA}EV1ckD!tDVdWX`gX;(W+7h(kP9;(8N6}xq%w9@7LMdW=-Irf4RLo?4{m)@f)pS zZ}RB>0S5qefB)_~0YnCHNw`dd4y4FnmpvK*4gvF*Od0`w1bg@HU6;)o0U!Y?m+l$? zh<_i^e^FnuAn!l*lT^WLie89gnPl%KbU1%@@8(^*aMw2DKz{0O6?Yj~-70|dtQ~rB z>7NtkUAwGVyZ_i`E#Cv@{kyFGP3(k!cK>EOrU%pYw12H9wx&~$g(sbExsxz*mt;CN~C8|CF(@{C~aSV;?Gqk9nx9q!jruUaZnCVG}N_RwKVz z6$Lt?E*gB$R%bZA|7WI4(`TSFda4?2i7O5f#3lG6Y$mml&TrEB@v!hoI$aySC##CR z0fn-vGWKYht?)XyqknvS9CN`Da~J^pBg72t`-jti`}$QmUz%D6Zp;$!Q10iJG=Fzf z@3a01uGpryZIhRG;aHe%B+9E=^&GODR)_I(( z@l2;<^1(`s&8d`m_%%Hn!nr!nk7cz~xcMb!>He&5?BMK`e<%>s7-t)(6Vrq?q&;~ z+wpZJLLAaFo^ttwu;mB*LEsdQ-9eimLt9e z(`^+^+_QFRlaJsutHFmbX5`ZF|7Y*do7={*y>Wd0jjNvbfXn30wKI}TYVneqo~Il; z-JN>k#1khyzrJy<1|}hiHx$VsDKG7x=e2)}SV#Z_C2E&!sH!^_L6N}00nX}-L4D}M@ep#52#!G3XNbyq_Hg>N{R&xn#zz{Sxq`S4Q>m}FLu zksbIBi;l^HzP@#a-}hEDWZaR(nRX}5IM#Kllu=&I=t+0x0&H`|^qkVjqSK47v5w}M z7|p}^ILI@*=(w9PyuM8#J{rkZM6%7p*^z8(qq1&jD5{|-D3{RirhiWn3C5z>9529- zbZ7sMpRNqo@lXavuuW!&qnhVW2R+5vR{F|0(YO#w#@b}P^wn^0!`ov-! z=i7rfCjQ0l^~%W-UdEcgsDb%~J5qBccBJ*BdZ5wwv+FNU z+z8cB#q)#4LL>U|*J;77woz#tm7Y-Ay3sZ&y{~VenX1v;(0#qx9`GDf(B1Twz?!Dx zkY$(!%H~n$v#%*#p@ z@450jEXeJfBjx_$s^zSQjFn2hNq)iD8u{mfO+t1^+SYKdwpy2_@j)#?D;^u}MI*eQ zXT;ayoqu85>Qdu$UJiK^#=5;-x3R{Y_Eued;8a<49%b92Up+5ui>{ukiekjjSjACR7Hi-Ni!2-}#KMQDx@V_XS@6&v?{0#V>|Xi%BqC}q z59qZAzN{pEsIqlLbn4lD>P{0@lp;_;i4S_Lf)q~R@%iL@d8+&h_pXcDu-KPfoLz!0-=@4g@6$zk2goLy!h=D ze1t{KNKY37Jz57RRrrn>AIQZoY8o=FIYG5Eoo>_2jaq^=Gyq z?z;B<*UK|)4S4QGK)qO3czm<^^?#Zw1dDXu)^j|`q`OKdL5Pvjp}*=~Pbh9DjMXr=Gh7 zG4nKDXCDF^dVn(BlC05BG%UZ830C0-R$_xC=JFfo)JgSYhA>qZ-q^x5mPnr?meD%|(9CRd-m zKFxX6XRl9iQaAPNRiDmn{<-TsQI7g-o&I3MPhgjn)&lHa`FW)lCHf~7c6g-t)4#8b z#_KqC8n3fcE9FnQaE=<_pRjl316ulL!tYo~pvdhHl3n>36M9|KF>l;rmR&I}&-C)% zz~!wyW@e4_^ia|z@4zvbad#9Whfl0NnZt0ftX>Q&S_~TzN~{K~?8N*c>o@ofcO0Ci zJ&(0d(KJ3qGv}5nIe#6c#Xh+EwNsIHDq6Nv5iTiYsc|8#L(1;fxE5|!+)|715m1^ZYunUb_({# z-7-eoqRE|BBPEyYmHZy3vXx7bX$eU`Q~M!5Q#rWW>`<0zjT1C{N}&nqp+2JIHi&+x zYzEJ>-u#S`-!jLF{+1T~`E@P&mnr(O0XbE3Nlw46PgZyr8w#@sBcdEXJbpV^sTBbC zC>Ry?^0|VB!GA8u)%vl+rIDvs21*9zmBB_oLlq=wu$T~`F9{lk9!y-n&yC3N+&B^D^+7FKC4chA$U}CbWOpuLtl4UqhXXPQxmww%NFGE-k zjRnW=xx2( z&JA5g641*=;rF3y|G-A*>?t&0Rq7%eZI>Ay#YJOu1gBBU6u!2^uNIGRjgIim62G=g zu~o3%HHB|h=6m`*AGkY2UDYBV|5oue2Y=#g#JBQvPQUW7&Ny_$vE)50%)=i6w#*yX zQE(e)A!)f?_0${135rP860yvzn8Sn}T-oFYI4?=oc9U7nD9akR2>rNBU__3>cK~?& zlm3XGJo(EXDB8D2aS{ycVdUDb-*4FQ%_81mnx=WsZsUJV)0F=;4?E32S?x~8Y=0h_ z2W{(5rq$^*5B~(rMZA2{XA~ze`ja{LyX3)b$>*K#d~t^;PT(-Cy{DN%-=Eb!qrMyX zwUanT2~Li}HU8`(&&j@jxern897aD-auK;U`ZX9u-hGYQu>a3a(`+8qO{;DmfM)AW ztNo_k0bjqI)@q};j$oYBn>9ahP=9TR5}1mIMk>^5{kG#b?mQUvQLWSHbZTQBr275m z!XP%uk_ZnzdR#9Hsv?{2SMCVZ#oF`#AohRx=xi z!XkL%fC z_ywaExt#lX;JZl>#o+&qu2JNp1jQgzCm9HGh+QK3w3mE;f;iszdzw&&7!u<^?&^C3?}e`Ib(55QS=S7 z1K%g658<9K#Nr_kFAU9hE)HSz!y}Gk9QXEI&lAN?%c=p(I;sKd=s4XOtRrFb=#5mi8|=r& zKZiV~neJ7`Eq~zwbdmC&Bl$AGTgfTT$174+<=Z9@PVj3h)GfXZq93l`@5YFw&dzQj z)pBcL;B-?q#q|bWon_+a)nzVxUY#+))Oh{s%BW#EN5o^-4Z4FMPVz^53><`SVo%P> z^6mrN$wD<=u0U>oy$g5gQRQ=A!BI_!s29yX6Mwzb_)s*_RFK>cs7`_yo z(Tsym4IG=?v}f^Y*@OT>56Ksw1UQFKZ5Th~O(bRGM5KVFcMyRa zluFrMb8ip)1>~>djO_VKxQmN?<<8e^zMt{iZk{rI>*d8Ef z^|SQ?KGV6-Sb0jUtY}h!<#GAot7GNz9Pldw%VH?(0-#vd8=ino5#)v?K>wl0Pj;-kwvEceEtel3Yvj z$|q#Y@rc)7Qkhl;A7~l8A{h*@7lD?#Knj?{-@*pYrbP|72r?gX6CFGJ)D>C4{8-~ff z;zw!Qf1@Z+G?6-n(zBFB42>uq<)t#wo;t=hb{+H&T8EGqu6gCMY&cTW8H#O1%&xjt zVqRlR3DHzV5`_|p&2fmS3Wg}JkbhWK{jj9=VR_|4Roz4NmV#Gw`ulx&<6V1=*Zblo z!b*>g165^J6xB5p$5l|A($4NyJtLRB&)p&HQwQ-{W{CfB6n7i1)7GHN+3WMCGq3WC zPiHfFuvb5JCncTfD@uMhy@;iGFN-PD=gAEr3uZh4Z@|MtiI)L*d<6ghw11fmFTEhX zkz}l->nESvsYLvNIZ>%7dOoII%3sO+9lH_w*9gT)%zHrE;fQm8w1WuI=!0n(LiCm- z**)mY+pMQxmDCnx`^~-_VD=4vfihP!S1^gK>*5@FuqVA|Mj6b6| z@J2L~YeC>EYmzd#-jt-V^(N%`8N#{u0%XC!u*%S3D-`9dx?Lv(q))b<#z=OjTrR zU8FP`YkqZPUVY^0sec_6L*KOKF@xrD&Lx(fS^1E~sMbE%?IoCA3@8Wd!t@h$j}7VP zbJ9Ji;$Tfy6OO0V5?aj?Eupz;EunDAu^=^JgLDCFDqTSE9axtduwKw^nI?Emtim2j zx;KG08WLm>cSkXDC}yvgk_JVw8z;z5$YX2|y2FYG>m-66?0*AgPiz=M+fD9Q+nZIK z?JIkk0m4#%Kb;pqbG7K^%#DA5uToxX6`+|JvADkD-nh;PdQTg%$eEwP#$uMW*-Lr% zsAmRR7H2ROanI5WrfsVP3bp2jLefQTFMWFU(hcy$kR366l-vfsFyA-{s~5G z56}?OV)a>Mu@NWtWc4_Zu5KfN{e0dHJBS(C46bN1yMILMI~&=%6EqA{uJ`*@Dr`f~ zW5H0yt`KOEgGFINW8@LwqdL!HJ^wCVrB3Q6a!g9*r2eYgg@T(p*N-ZoKR+XwHw^_}2(UDZnQ$>yov;n+K1GQFR&1 zSi;pl5`Tk)(kb}ihF>G^^4_;q+a=i+c|s(xk0&|)JL{1lwiddcUQ^#p_f0Z3u3;3T zFXTbW(42W#?g{Y^hk9maATBUSbI`NnpbRU|z5%f(Xzno@ub&t9r0Ubmj5AridPZC{ z86FjUHy9r|s0T-0Qcvm0p*xwW3b!fQi&-!wMt_*ZPK5y6+4zZL?kTt`jDjIb251y7 zg?HHOa-9=!da7zY60GbF^MK|&csjVPH``1rWC7B_ts(p_bnPG5Mn`{5yWeH@0bX@8 zI-C~^Z&5H>{1gHIDyfh%(>qs4{l37FTww# zf(-mZCLf%^cyJxS$ccA$UcLmMZcudNqT8Jvc4rM--vcTKYru`c^~iTTIExaX#_AX(0|cDxUBLB0GH_!Mp)hFd?0hM21u#N@v8V%jL4O32 zK@cNw3;o3P`ydH`7eJ@@h9m&c2k6d?@qKbf8+gE{@CLyo-r4yWB((48g96{XPdBwe z;G{3;qXav^u<-%ClB1Yi^+{NQW? zPA=Xzz(pp7b4o=Bdi8XBW}7PMm46L=(km1v?lAAiC{71wkK!a4f-rLJ^lK1-z&}Gn z=sR-1(jml@m4SF&a>CYTG3g~&kEx2)G_uBQ`!o)=00qlV4Mu_ka5uVT!egraIDt~>|H3Hv| z53fDseBT`;Nf^J`-**B#ZZHVfu!G?~<^j*EL*J>}f!}lcqX_Lo=O$&0{1TRJ`}A#f zOmDGmk1)|W?e}NWTW4qIpX_z@?6{_mJ%;|tDD`G%=b!)l=g!2~>76RR=sT068>Bbc zy||kUq992;M7QfhsVf(2f)s&T)!WoIOdP5 z)HkByedOJa8~>9h3jXF)LB6Duzf8)TP{C|$|^1st+nUef( zwwni9{;%Yds!2w->-yn{^DM|5hcf%tW%uIqr}KATetq}#GS?!qh}esw?r1nDwj(#B z=ZAdCo}wn0wT0fO@A~BURH2a4c9t23d+iPo&U(6Caf;W8u4FLFb!%6}NgjZUMf&e}7M1a9fz{o=4y@3k6c!yNzK5cNNdgOY^dtb6-2!=q>z*s&20$4N7^@jbK?>8+&>Vw4@ME^vq8}=h38@5 z01w?DuR%--3g1Gb=f*blen&96Okk9p2R?Sn!W1z2K1%Sub8H^8$dw3&gD;tH1i1}Q zIFfTJW3R#5sQIwmKV10!eMi;8FX%uSATIZb>?o+nT$xC?zQ^KR?kZ=m&O?94GeH;yA&L^W(4}Ix zxc5759C}dQ3EuL5s_sO!Ss||)`ED}y9pwDNzW;i8Hv3yLU+Xb%YR>$0vd$Z1S#i@ad)BpSZj!R9ev9JjCM$&W z7_{p;%UH*hIZ5dAIQDNIRHw*}e6>Qb{1Ip5s}w757M?wD9b7$&1x3p--lPChUWHK+ z-G3b@%);1S{A*UMAs+Ik@m>%lg$Xw7VB{yCgWEztH^>a-vE;~#-A0{}jUOgXpAnCS z{M?HsWOZm8*TwXPUlDZhlNEuJZ|}$3QXN(7J!#>Dz*s}UIF2BPtG~%7m|1&-LIjgD zH$pZ$ow?zTbti?VmmalEI`zPJj63-N1%Ep~7Ye_7yI0HxggBVz!CNG1OUDbE!eBEZlT^C!XZ9U-hg55JX@Ug4e(V%iw`AnO`R|M}Kjz zoHF!Y-e@UPsqJQp0Qo!+-muQO-6zYG&nN6$|N2ADCa0s`0{uHg+v4JJi00(MhUd(0fc- zR7ddklEs(f;(gK$J=gO-ktA}8pZ6o^xQI&(DAy^V3!E;J0@}^87AYtse~h8{X|<9{S_uUV#w zQZIt^C2+zKa*EKhQj~^|Zi;=4L+F1Td7hlOh&3nB{=vujb8Y=77~z6(Cq+GD$j|54 zKIZx-W23^0*u#QePkL7A+A8;qAc-7AKOyZcQLb|dgu-T%!nBt9QB0wx9ZsvJ73UEH$TYN#U`oLaUmf%F0#fIZX5;Q43 zmu5P{YE?lvkJXE;hFQNx3A8p<|8d+TmvgolV9dc}c+2_1i zf|{rJe2tkNl>3RVTNx4xAl$?atq@6#S|QR3kyePbLd1WYtPn{qhHKG?tWJqabf8tD zXRQ*6rv_CD#jQa(>VG^}-AID7^J_;XwJ5etGn!rdDJ`J3sS41tS$HXo8ZmuG*1YnB z(X(q-pHI%WO|!bllJny{Bkm9Zhyyv@7+fQq$%W;kXaJIB4qz=6^rB!0%(}%nIcX(K zD`8p*(@L0D!m`ggPNfc})xnx2H3yH6wGQ@dbuh~`uY3SrgMWB51lRYI(IMD%eLF%h zmQS+AWVL#bOL?!t&kHMU>DcxcGqw#G(bVXC7Wwg*luc6efrS;T@>w`Yyxag|z0~Y`J!ETg=-dgk(rF=4lsb zI*AGBtEb=qfokR1+ba)~->JPQ^PG!R!GE7Q$Q0o49P4D_9-rlSTIiBk zKcO~pH3`dtF+cvdN-c=2nnBf45Chk7kW@cze0>OA6Jl~rh%6a$oztdL#plm}cbwW4 z5(yJf!#1I^#MtB}t~Lbzev8l#oW2n=;LhW^Gw5#jXS)2)d6Mmlsh{y@eE#QF^U!KZ z`JY=&vwx}cKd<8Rpz}WqeOhe(=T^horu@%3H#5+=naAd4o<6JcCg)HVcC{6xQPv&> z!VRKFf%TMJ3h1G};#THQU`cJ8>`$QLv8U%ypq&SV?~|Pe9Aq!SiTjv)Mk)m?-ttf_ z`w-sWn>k8-p6&yZZ%2Vj3ikn%&-Sw_#{snz27fdA4#cD3ZduW%2UhCsr+@#~t5lo) zuNrXBjccR-`02_>hG8$hGHSqee!4RDW&hXzVph5TQuwU02hVa6zO2)3)~CYZ_QXiP zlkunCtRAQv{{UEK6?D5LdzotFrjeUQZqEz3WvM~seNg*|E*0ic$0huAwMb96Fb3*9 z`+o!`8tN6xcq*XYJg|=VYfb|!7lJD{4p!Dz1S`K5JQOv$)aX*9OTJB`ON}lyx?GeU z@mLKmI~rU*PjG30dJ*!ue&C?E+lvrd0l=hhBe6Y;ecjA>a#M|w?#IAE8aAppUc*KW z8@V-jRT)24u4#sk#SRue5*P;{wic8t`HGjh<84$Rf>1U zk<8>h<6@t6th0`Fo-vNDY}ct8O1F@>=Cy<{Z%?eUGT>~hxTNg#X-ssjO1LbVuTsgk zV5VBoNH>uUR})2y|6NKT<=B|X4j(0{<0rZJNs3Dt06Iw$Xb+GB(!~S#>?>@$@PFU_ zdibxm{d0UA9gxTp|7X;}}FB#hte?>m7VH&`Tp!w!b~7>;>f z9r{k)#-|>m2<=1XCdFv^B}|)rCVyGdU&mq_k$xK%d1wco2gA6i+?QJ-dCs1(tTyg` zZm{Hfr?9YmBqRlAFoEC;mDn-Z^-&)t?hOKN3{XEpaSYOhwpZMsBZ351nW#uqRJ>*j3w}nXH3Z<`S)SDog9REM_JrBzk66JI}*_ zdgab#8Z&FmtTFSm!OR*OZ+{;&Zb{Hsz{+E=aZ^KM4UID={{%%oN`AUBQrb_d)Uhgv zrD61PVf2Ph`zn$3drE>0gxAuM$7vMAF^Ev#4SWE72iW++AAyfRJi7K#5`*C=PQWz+ z*qH}8;Kqd@86ZGTHqK$#09XDcLT|v8|JUW8p}eG0&h`8CB!a!3YkyO4-*atpI`ub0 zs}owC(CWmKR423v{t4+B6HV}CRqeH&q4kU+;Kcjf0ug5o#Bhi{V|c_rKE3+ifsgWQ z+JL`Nn#X1{!bT`51p1R9X+=dVDq2y|ii%cLw4wsEqB7HgNQtI$q%{?-sjM8JGRwPG zRGzn@G9Mpoke-ruzJIEgq9{6_M?uV*c42`<?ydE$C0ZGYo(ad0EfcMW-W%m&TfQnopkzgs5tL}E`McjXt48*~_y zk2Y=N-qjeZ>4fDN95?N>E&n5Ls1q)a$vni+uZjnwtOo zXMFyjX6NvrE#?2Q%#N=Azmm^`PS*02leH``Yf2Nlk8Nqrl!_@+KBIq)P%1C$BsDFU zEQLTg03!rO{wPKch)|588^SF*d5U(3&<+t<+nOCBT7L&v2FrJBsY`_Rd{~(0!!o=c z4yF}RB~hSx5z|?G9;9^(AKRaW2N>Gt>ts3Ni) z=a6$uFZPal)gl~PjnQfhyGN@r`FOM%!#_)_G0RtDBv`x%Ek^d;o~*?js@0eSt;XaJ zes*fiOj=9?6U3=9b~vJXOpNTncbEfkxkv9fH-F$#L~?{XNOMK9@48SFP5= zet+6Ekg}?p`(Jgtkcax4=CCSz67x}JTj$b0)rdC4$y9s#Yfpde=|3}{mqW*`+>;BZ zpSMBu!}a^!7)`1cJLU{Xp&>nT7niy?l)`+G#dOz2sI6I7_}?mC`&p^j1$pfgw`=g3 z>i^(f=5}3h+AsIemc8~T7m5}AzcJU~w0}%>PSKs!@0)$b`+pxESXM{$|F#ZW?E~%q zy^7D0{J$lCZtgbi#Xb49C3$ftC}Ibt)t10-J3LJ99)wZwzZlhk z(~GYFM?Cf28{`8I#tE?a!r_bdCE!jg%ZvuqvRDa^FPyNdPR~T1#8PJ@0XKR>gn#0Z zC$o4yF%0fdL|&R_yFcL;9ZRUaMOykm{zltOmAvc~@% z#fjU?j)Dxs5zXJn&K%2hen`8D33;({*_VWYU<3L^** zbe9N&D$LVrPL?ms)8j+)-P?oK(dm)ZJTu3fyWQdAkVq*_xua!#!Uk{p(z!77yuhZ; zh1d6BHw>JbA2?|5%1?jr8U#Mr#TNkfh3R^zm+bDbhryeEH(fN{6pZ8h@PAVW!6@?X zyQvuYW|0I>>B9>T#-Z2pbBU%EA?#*A4+e+ut`O`^?t6v*!MYTuqFot}*?9J9T8@pY(*$o z#mY0Bv6i2qo#4Gu@UkkL5`Th+2apmMJU*7_h$rLE|Ax%@%&uU~T zi1Af|GGcN``p?YxCW1qaZ@62Y1iqmW92*RAG?0gm_a8r98I9L*>@;5I5?}Sx8sLAH z!VC&PR5vq761n|BvMc{^LLUnr)?NAl0eUH4Tdh|ZC=sXw!!Z3(4vv&PnhGwd-yB3> z6oS{lOkt3O7V-aIgMWtE1}U`rOZvYVr!(!Ap3cpfPV2A`m+@S{?j@PwO-8$E*Few% zM8N}p$qjoN2WuRxaqz4-_-H{m*wi>!l{3gG& z`!C;pJWFX$0q*2^q878+r%Kyymot$doyqfe=bt|Rp6M%Nr+*V%e);tIqvF`d>8;HqP2tzzt9qIypS&6Igg~BQ`jk0UKGcLUJP8vLH;F~UU`6c9GntTED>eE zo4z8eYo77AQ1}4esjj-dDmUx^=Q)%zPvR35#edz(4eXH@3Aj}VLP#&(%Jt_|(jyhi zSaf82J`Zx#0t9*}O1?0FAy%-;`xTx8V{Pl9~T8$)O#71!f>c7?a3s3%0u2iGrlcrn`2I3pj<1v-Ui2%q+NY1$4~ zOn-=|Ug8m-LLn0h|47GOGw;Sz`B9Rjs_I?&baF+gxhHaZCm%hPB~uwGD>Gc6laPAfw>oY|EZxF=iD^fueW~_nYVm z{TcNO3GC&g?i6_4#0-1I>E9plCd|PwMSlTCBObs=QNx2Jd^csu-DP0T^&R)dbw;@o z|5yNgSpCX7a0l;PN%&@#5qBu)W@=24VF!iYdJpf=7?GAwbv#IiCeC8ee+y$&m|cQ* z3@J$x*SCplcBa=VUr^wf`yw@==k|RWT4}&t1l$E%#Vm-s+0u|(L+;Im+!IgLHGfnS zmhWbxZatf`&gN=>ca<7JBB)m2?njNVHxOa-hmRU$R|47O{OP%Y?5t*SUUw_6{!*xy z+^$WkmyF-X)lZbFClm6~`pGlaOI}3@x}NJLD2n9*Y>L`%c#n||y|S`IKhwwX99*dy zD|7~dJwxTclHx@41RRE;;%JVwD1QktZTaDh93Su>yjn1!5S}OhVA_(zW6A={11}xA zbU0o9vT>z=6L(A%VBEOa_u0WP4E&TE%3hk^vDi09$V2H)RrX%izSy^7jwyR3Zd~wu zA~-Cc&$Mx|?{iQHqhvU4Lb+QO`|jX&TnTH^x@hk86KId)UDD3KHTzpxG=Ce0VGX3~ zEY&Y4s(+Snl~z^V7gVRKt5hd@{eSm%)4%rit1ktGc96h6p0xPy zjEsiZTGAktYULV6G5SJ4j?y$(vf6g{^lF=awN10o&QRzD_vua=&%MxuO2$t1;L59m z>&qfm$JG39Z3O>oE}yF~_a#1jh9dRnmm8AIsLaz@cNVhWH~#W}$$ui-{q{dUeSf{z zcs>0tzx`Y;6S;)t3%4mrKCPxaiT}98RGk4!GF&fggUjm|XPsknga55kM!ngtUPpb0 z?|zrrU3r^;(cw&)mdSl-@n0-1BO9NcO-R+&;)@7doQ1N<{cX{j&EMG=+#%`~Z58Ej z;U9d!KbU_@PNeh;mwy!C(Bb>b`XZ38q~tud$l$`sG59l(?Q(1j_Wp4`cz;rNsbO!L z!t(mF6(6zwf2N=;vi$#q`v0A#)ojW2|C_r0|7t!DJ1@lY{|`GaUQm1cx1AR+UZme& zyvS?*TQzclhj)c)|M(78>7PI?e2Iuf?gCfezpT7JzK_VkvVY3{_!c6K_+t7mUc7kR zdGX@=&Wp#|&I_?-gK+|~J3$hF0rEm{>m~z!F9gtc06W75dFto%m0VGNIv%6%qa+1v zM+b*3{9UNRZ>E>hZS@%ckr(5)I-Qo)F^`)~%j~3W)Jx^t&d!VP>33FlKb;Re9flov zqoGePu{nA{p?{2Va?__odBJcC_U6HtQi|Zm%5x~fZE`~|@RLjTkF?n`&HtoVGruLu z8v`Xb1>4;p2P>5h+ zyzxh#$6q;fBV^ObzM(yj?I=j`SN^(q5ZwNXppzmD?tdx z%?E@J!3xuXoz#ps#zo*{^TCCCWgTXhvj?PONEbu1-Kl|2oBU@sj@fcx?H#iQtixsv zr1zPP<3sL-m$uchtwS>Dlz3#y5j%`Fe*gXV-|Oe+^|LeZ>#uKy!#8o9bu^FTY_dz~ zbkMQ$mwz%2Hw^yr*T~~9g)m7_luiaa^3R(1lkJQExU?hv`^c1sK^J?RM6RDRJBc0? z>s7qSW~neQpHI%0GcV27VGUT#;~Hq2=?zC!W^REKmD3vQVc_N45?ZUN>W_xk*zPY- z)j>9m${a(|(~Ga*Kc6O1Y5ejROe3q5)F%rdHGlOS982lvN#rkX>As;RFmZ#G2~7Mf z#*vo>13phGQ&v7*04rDBi*Y{mXHD(16;d0=TnIXUf$j!7CMzNR%j=$XZJN^{64X0t zx9l~L_T2)Y#_T)w=ach!i9J6WTpR6wUJ>ngaup$SRu|zoaf3Cc3NyVJ||0ebhb8?)a=(2vv6ien|$Lr4xZ@_zxdML}-ep|iO8c7Y@M=N)Gvn9?qAOza8M z*aa4A1!&WL6Dt7ry{&2l_{dho^8`75Vff2L?-#$Ff{(n3;aSmInTTZp=(4ib1WrB3 z4dGc4pHKO-8k(n@-cusAH5I~K0FC>T?OIQY!0WWO>`VpItCjp4o4YF$JjFC#e}5@Y zn8p20$mj(YoYIR!&Ht7(jB2C8F^ISzXf{suPlSFeYxHf3-lFRMI3;FB1 z>|r<$0mpT@lNWyxXCDwQxW0IS1k7<~&otcte-Dctl+X8Qih*1;;L;0Nx-EdkWhF+Y2bx`ObBMh7pS^ zA)7lE#7hMn@t^0xViwZNA>BLi7QB1$7xM0@VCrh$&9TwFKzkZm%Zfn;`e+a6x$7yYlz1{8XX$0|&7OoTDLjJEPSVs%qimg#9F`K14&MR3GPVuwXH* zbVr&Xrp48w<$v@H(o#$6&5_g*?Dbqbm9@}!Krl)`(38Y&4a;eq8WFc4BA##EWZ?S1 zO=b|Z)&c}Ar=2(3I}^0?gN4XlZZTzIR|@G`m2S>&Ia)Q}tP=pGZtkNbmD1e^*~q=2 zXP&d^=gZU1r&i7XS_kgJ6!Myin00kA1V&DL{5W)zCx1fE`rp!2y<>Y=T^Fw1#!h3~ zw#~+AY}-bo)!4Re+qTuHv2A42jTTdAWIpg(A1EV+;vw^36d5C1nqd)@?(K$qW z!D@;Ym(g0g{_6)>Cw_!urrnOK5j8uG)0?W%lzcSr3VZPOSjfP>5W}xAo}#6YCCU9wla$$_y=Q3^o>gZlO#vt%kPiNi(Te4W`1qggadW z8ow0uWS^umqvJ}BtgC3>RSJVkA5NQ+qyM&%Ik%=~y-d50H(Ch=XKV3SmTF7Sf?)6B zn|vW$KdyJdSs$_0?nEE2nzTlsSQi+w5r~MS^RI%o6fyO&HHkS$qs~9T9>P$mza+j+ z#cmu8gd5K|b_5{Wk9<3-N`^F~MJY*`@e%uMJ@>cw341*^0^zlP?1T8&@0zXXm3@T( zT~7Qt(^+-o$6Mu@!-@z(U9fR9$?>0Sy@?6eBja_#%N+?J=5POVGR1E#z2OGf;P?e& z&riJKQGzt@EF9 zBcH2H{~(hxK9}maxj!$dzb4*qA<%y)me$4{zr#ZBQ7m~L#iRC)86p}&7?{X;C&{Z< ztqTU`IVX6h5f9{~I(b-G+If&4r8%xsWi z!lW9TcgN0k-DOV;6(JNCaGn0{O;NK8A%X|bgLz>z-+Z``d-?ag=d$%(A>bj`3Dg^B zKbg^Hncde!n6@ca^!ho}fSpc!I@0FoJxV`7X($_#pI$mrlDtr=2tzW_QPEVfV$H_= z0{$fgR^K#X5||@ZN}9ABT=hNdWu#96C>eUDZtratp*^@)IiUd8?2_I{uq_M(_ z*u#vSV+;a0UmMzL)O31@Qchf&D{NszGU&2hQt&E3M^h_GMU93RYNPdC&bY?E?pz3?NA40=IeNp~6?o1~#^T~jHtdvt(3q1ZfT;eb5s@I%7&%lp@jHA0 zj=Z@k47P-tPzo^&a+~x$?g<CWd@?$~1u&#OhB zJMlt&6)Q0L?C%W`-3dhTR{yHZZv0Oqf>FEw&t4cw@v2pDfk+_L=rx4^lbN2nBZQCk z=)S-#k)AFMMVu`C3FI#s4W{mH{~!o}GXxE@zf+m>iwyb7GhjCQ#|4&7 zLYMa%Eb(51=l@fLbtVLmp2O1+SE6nSU3BD>De2Is{EIWLtALIhrH++Z@y@84?xbDC z8FX!2vhNP;n@3U)G_Rp)qV4tBQ(R$7=&@nsVJM(i%tUzA+GYe9)wHY#ITr z3OIbms%wRt`NUX7Eg4Y`j;p*8t9sw1CJ-w|k~)a-Y**&%biQ+7;p)LtsstWveeQag zYN`=Am%sd6BCh%k=?Q8e-->{Y2{UR3Oq=A7bT|p*TFZ~0;;~9mPMGXHi9qNKj{W|p z%kv=>L+PE`qqbrM^GAAaB3z}hIoWO~HP-JEvnUbYMgAuF*A(;8%aX=u zqe^dHy>k(;Ja;{yo!N3{@ZR!qg<6W-Bc@M8Qijp>b zC-8nNGWD}j(hQ*%gs4KpsBAGG6r-WnbeIi;?G&M*-xD4*ibtN@m$0IrR&z>4u9q_r zN>;`&&1Mj))O1J<2Q^jGZi)nN619>XR#P!s$(`N?3|XPU*od8X<8t^wV)pLnb6iB} zS@b1YI_zs{p3ubcJI6K#&74wkcf3Dqg)QCJK>Dr9%Q3*))C6lx%YLfj`mcbY0qKZvS@hbGg=u9?AcB z?&JA2eZMYaHKc+qiQTxKaV4z0SAa$-rY)xl{JEo3vW@^DV`eX%anY@-yW{Te9SK~* zCw`_*Ak|#%l4A3V@_YXn?Dm;m8!k-S(quv3BWv^%S{x5hbVOZ47f2B5`YCI|{ng59O9G`LdaW=P=zjnvk%(0`Eg^6~hN18kV#?`^ zJj9gqw~-5X@TBYEQOOE7uheSGz!PUW)A;>09SxF!i07ZK77^5lfP(d}swaT10l3T8 z-{TP`_gE80(|LAGx|wxf;pJ~y)xbB988AJqfv7lefNz+@X2kh9j76l!ea>zzB!inq zAwxK}vy0^Tc_&}%ngq0db@3UaQM0hv@r#t@LEe44g+1Ubx37%x&TwRa5G92E z=7RjA?z^Vfg}`y}vX}Nl|G^Y2)&1j-jm%!KIwdo93=}K2f^$8_o~d902!}bR%bT^^ zyT0k~Ji;8@2S8mDROsW*<(SrW%#?xp#9uj-w@Ai54CX+ewP_l-m<#|omJQqj1RN#dJBaZOE90ZnpI23?$WXcMf+xAwgg55&!_if+-1C*YXGu8GoGnJ!R1qb2fb z+suI2Fh6oyd8JTES#}{w$$=rO(m5=qG5Q=UiR}Y#;1}MqFGMO^5T>Lvi%E8+j7b$J zpN2(=>F{eobO`fveUlQ&;24AJ`cn*|2wV$Oia#_ z^oz*+7AujRipL*Bbpt>f^9W5<1h&M|y}a7;BP2lyWYpEnJz)KO*y8E2wAB7#-QMN$ ztLwb^zUfO3G`aks*ZunxeR~c@#ZT55MSLx497a!6U8zk+$9aa1Kz)BzQC#e=ujEi4H|y!en0i*Pm$%H1=0;ereCVv!1rM7|B<`7e2#|0T0HP$ z#Yw&7s@^Zn?=MpAK?pms^{fO|x)GGKNYxa0ZQliVBWSHC17dIpy zpGyA9o=cnxQVwM7Oh_efjdQ8`+_fTAu7x#-%c0DKJzz_%hR+=$JQvU-J@|rkz37(6 ztv*wy1D_fA+y5T*7^dM8{}|uaWk^y%DjF5p_|_NnV1Yb$w-gqrp`>{rWg!-1L{N z{`;aeqPn-eYqJ#eknQ&~M?e)kgW-f-fr4Mfk?`mD9aIb=+~O8#RB!kBO9&3ilOjv^ z3#w$qlog;IX@%BsgV;KlWD3_B5(zrbP#~!^8AYxRQ(F07xi8HpwGw_+#J|MrvA)lk zk#ZWN=Ii868l%fGL}EsmUMqdwXPVrbQBvw~R6MI3J@9Is=kZ*BO<0PVffiKJUqbN(}-MarMi{>y>}rUng@m%A+M z$QLkBpT?7tv&!9i4~+-x-NdBL){o{((&|pQ{K(@yQ~xUoRqwoh07y{~bx=*aFpFgH zL(ftWrQ0Jr?t^Ma10Ev26N!kr{yh|W-=-4hBG*0$S7g)c!X^ymkCD7sZ@iZ-ZxPGA zyqFQ|R!Uuq9FaJgo@8EHR(?{`P8>pyW>~+3ayJAr7ilCv)A{XTS*5 zI^(82cDYy(2Na#WjUM${tz<_{*diZr^T7!z;|(4)bUI(s`yZ>-Z|n8X`{L>l;d zBl&GbtRp$EDOh(L+b@ZBMaNv`Ko!1fPQxzeQLIiE^WxRbkl^N#Ra0d+YPmaS41 zI6I~f^EZ0bH+&~3GsHC8#J`@ZRuU5$sE&ti zU-~ithr{ATIeCUIziLPMThVDag`sSuDcYzyFyf1y!2}P%w(KNOgRMG+eq3dm@?2qtx2Zrld-gtHqu{}^ zIUnbC+q|WAi$Quv%DCRiNT-f0K}^_r_kF!4>TCwmI!x5gwq11kBT0-KeY}KuclSPWhn?}r58qW1^N~BcRisAOQddq zi#Q8)1%$rz2YLkZk2}FQ7$5pn_K5Fb*X9!cemqcuHQO@Vd&lgEX6{dnq^v=_-wF2Z5lW{;e53LXguLC4)_(D=-;q&9qr-fED(vqf5U z`5|=Ui-R51AZ*Qjaj@`z{ACNDK^#je#ONLQRxNqkV-@y+MGDC<$cD{osz6kX3W=9c zI8xC7yZLcG1_Rtml0^+R;@zxQU|(FsMIiiuxOH04E0#d5AqY7gLvlL zCq-49pvvzanTx(epROdR(LhH4OJY1XV=9f3YW(0A9&)4|;;)U?)4^(wT>5mg<9N5S z6Y&4x<%0Y@WsA>0lFQedH~f0jqBx=>clq|ta9g~tFh*$BDj(Ckw>z1)2A`DvdxR`Z z;hp=%XxZ9Q>x&LZH08w)PG4f}9$5q3lS0NvL8j*%&et5ycST?6SOC_(6f5g{fiU}y zHK;|KZ*GQ0E=rkWqGBwhq5}kj#lb&}wME1b#vEI(-pbzfNtns4&6x|ARA-Z~@E`-* zl9l7I*|Cqhpu6b*u_4RU6*ltNv@=9ljM68$wj>ZRTd_o5de0G|hnO>mN!JGq|At_> zMfe+f+pU7MC?R%0!PFWGmlPN3u+c#`hM0S3xElEUd3x0!bJnHNifeV~V75Leb7yuE zt^P>?huifgk9P^?qM2uPU?{kI`srNZFH-s;KhN8M;QXGg;)U<}?FZ~PS^DLS1rX#h zV>x=OBHE}7jKh<77~vB?(~6WB?Ww3Ru48I7Rj7moG-_o)kcNsr0TI+{^=8Xn&`=6y z9uiU}L!YI-PV))khTwuIv$rgv-0K^vD);w^J4zqcqr zRmtgT;=rON{n1;A6D0GRx49Zd;Qu}e51ai5ds0rIxyb5}B@?vq!BXPI92#hYy2O3ijyZ9R^D12`AKu z7NhS!JSZi9tv~4Fw!8i=^wF$qxyn)QWqT zruXq3n+l$xA{W*%zgxm=QwKz3E}U~*5LC#TdnB~QAe?z~lNfCER=|{;l362@OSkR`~e4^tB9|;;2y58u$9JOs2M_gZhZ4IZb z*`}BS_&{Cr+G#zV=-OVc8O9;n>QoC2u^rc!<9rfLPT zLSXr!nAowa99qY;LJHOUy0xH&PO>XYpkAE%#*ftM0}Tv zN-tOC&r^$BH4#a5Fj|-`E2Hkk)AYW}RgPWl@bxZpm(k|hwOoj>G7zLDh+lL5okpUF zkUDM)iHa3nP#_UqL9qGt?6#O@86SM?=+Im=!yKBof z_o*Gqp*|kY1czrjCPy6DR`y?FtV4TpTC9YOdW(+UB6?i+_F4nnp+F%&(<3jhk(G>^P?=gc;x#-jDBj6RS*e;Q6*I9YqA)u1S3;MdB(+j7?NWDO*ObKIErYzXX{-ZDaJ_43MHer zM8RjWt=li916B;U^>`-SqT3No%h#h6RwTeyyRGP2e^1-&e}s+q=X~a9D@gz#Y8ubt zb`@I6iS4jbirPwT9#zHwdIUM=WqMp{p6}>6!J^>6qB$X+$R>4MTz5K#s;p6-5=7lz zAty%mA7ATjh6*ifDgRwpmf=+vpu+WzDp^iSOlKY>XAdvEaMy9-ntNDUZ05L;6lXsG z4I=6edD7aIo_nthdlCm0wg#Y6k(y|*&d)5#^fG}^F|(J=xcSVt%H&-3j6B1O(|0_4 zx%Y|-6sGJapE0BS!lV2kKfhQQ!b5soEP5X$sV^alDQmcXYU)`m%8REy_D~!%^lz9* zZ{m8BYF*lPx*(ABku1eH@oNWdMe$OhEz6Cr!8sO~wYKBc^Bq-5On?)mB_EfB9~m+w zumWp?r=zbf)>d!EPlJ((-S}DE$i_9aRwvK=nYvQ&WJ0=l@?MCw4{})mbSTJg$*YZ>-5`4*U z8ZP)Vjs*krzi7O9lelzfdXS%qyclONzm-F)dLBqp{@&tN)Z#4l_gKX7)UCAzY)5DX z_-uhirmUmK+qqePETyt^g=Jqq>#YVuLfSBWmb(D@8nT(6E@;`1nV%|$fR6Tun&HIS z!&^1?WBK0_9h3&EJ|{<{r7CFd$J1L`_PYtEZe)z*6D<8?hqbEP4!QHpa+Y=&?ar%- zDx9R=MrNn!A!*@7h0L}_!;?j)q_#wwf?TI&sYuP#xv>P*q6X$cZ|4iuE9ZsM!_8GnEO~;Ow&!X z`r<1Snd+W2( z&IX@o}QI{e-+pRGZBuejM%x4 zPtOc2O;z62$7%Z)^oiW5LIxac_uRcV=x#nI&AI*G-EoH=4@=YT_C?dAJ9FG-Y4$-9+ck*-bp1+;(gc2 zo0un*W_q8_qq&o>hRq}pJ?n?W5A+!Xa|k6gj6p&L6PM8-8kapm#g;a-|U86EAv#|(3Yzp?I9)WL$acjlE{j4bHdJd zisxgTu-A@*u(xinO@3;Key0GpB+rfz(8{GMe zP_G@Pd3efN*)>Uw%U<#L%7~S%P1YyB$57F~IE;x2^o=BJv+xz%IQhTd{4muKO4r$T_vTzS{QU%^Sd(2rDmXcYH;9hFIrX`i;``#+@RvXv~_sb z;A)O2NBnTu2TI<}s@(ephsC;f#^n7#@g@vx4Lx&GbjD!tAaV8jv zCM&qx6(e;&u^@oUnwhnJj4@d!NQ{>%!}mwrg(S!EeXnITp>EYP0Lt9i!Y;vkPMY}}^r+Kb;0 zu9g{tr-OcXuutqZ=k_>tJ3M^Homan;vew5dhYw$|N$Ce1Mfg_X$7?oz^@`lna{jH~ zW{gG)<~rkKt=nTHm{--fJwYv_<^G$w|J#dkVmHtLK>%)&mx;CRa-VB@7rd*$;;)Zo z#?Rf~m36O-!TZ6#t%2Hna%l5Go@)0)h5$GE?skHW=an$GAhgRjm7A#$QCmBtnI9S_ z_|LatQ8=o=+w;f0?{ zrehlNcN+aU5@PeS=?il@X7wO71~->g!Wx>!m+U|rpwM+7%;a-N;~@>cb!SQK?Ilc4 z@A?$cHu~mVXXU;UtsQ~J^&Qq^31`JDd2&w<ma`rcy9B0EJiZg`Wy??lVqfU zCjV@R)5rhiXOY-eE>I+=UnF*{+?C?YyolR|I%_(9Q*}E(`eyIw2sO;w>5QyjRX4h3 zC@H;Se1oXxq&(!aJyw%kSgPU}S{2B`VF=`Bl z`h2dH8k3VEQSJR#Bp?%mCuCFL^P}BVtf|lVyIR83sadVxS;EtI9G2pqfxaP zEc5nIJ%2!Iu<{~S)85X`qzNe5TWm3eSF6}A#ySXN)26acj24WI=1!xZ~$+2 zSlI$-RxLY=SI@L-noLZeQu)n>s~`WYS23I(d5<1xcwk4LUF8l==(Cm5W_X?cjwhIe ziWqn$&1_L99!TEiku8SKhrHy$z`s!*d7hR04BWhpB|0tC5Pb$N@w;ejv3VILO=xJm zbq1AFpkN`n0)DbNy-qxyKqAPV@B*Jr0w);!-Cw9BYjmA#JfiE})hOQQUgmviqJ6Vi z)2*iKN>J^VgwAw>LoF1k8{uGmXB{NFaN{D7>VC2}+iT(IDSTd!!&rQ2d0B#jBS~iQ zW=Qu9=x%cIyR~|KS$bMT9*=VjB_q$4r?k+AKlJA#W{cZagLow_{7{Ci0XX5k0}s6g zOBo@bYhc0>8C#Gc1ST1~Sq<#Tm?}sicp~H(m{4`sbd8sFk6*jVV-3h~c^mBiI6aTG zD6ZgqhHogeteGPr(5T*hsL%d+*-pseZr!X&rNQ^2VQ>7MfjC^`BjkoYP1BB`5hnz6 z4X^R;ulVL9LE>9KazLb~1Jg?!uctVLj=^>7{&Vo7B1p4Fj#xuRU93cG`-eZ~7Y2XU z_DDteR*OWG8V1_Y?5fia!o6%(4Wv{{M6|9<4%;Zanm(hzcctU0sGeF4z3PSjXlygk zSg%<_ekjLDT7Vxv2`Y3A0oZ0;$kHlAQFtPz9s3<=Rt7YR6RmIdfpPLjxGrlU4cCxEhB$;@1y6!whj{eQYm#n<15GLDMAuh^qFZdHQa9GVYS@CUSw1PHO*Ld+@svT^0(<4Al7Aat zQ<0)=sHo=aWC61-2^_*uo~zgd8C&ES8jE>y_$}m zylsW}f^gcg{edZS+ufYe4S5kA+4VZO?YNZL4e6V9U}w6f_{}lN(15|Vf7Q0%mVrzE zD{a_U?NwtdYAK@dTb%%ASi-r?QyL<(pLmqb77z9-5Kkq^(Bpr9v8ACVwq$2kGH%g* z@_DsR_WC#tlr$$Nt^TvtY5sUvA^81^4>{ia0aDiUD3xJ*Gc(r0S~_-IAN3}S*10x- z%>iWqEM%0BdzsMUx)15TA<|1?$K8e?^yWPDCxE9iB&a64y;JV`71@m_D-eoKi7cyB z_jb7v-@)a+N6mi|rwt_BlN2@mF+@m?3ZsR*f!7nSgWS&*m>|W9pW=9lkX0r^bA9-u zMWWw5f1@%D&sQjlCb9R7l@5`1%{*MV?kFtE2%wStRaYiXnX^1=N|A-!Tkxp3x=}b)4D|dn!2@*$w-=aoESxeteh@gT* zhGfj0MSX*o1efrGMF@@tYf9C3eCmuI-o~c?)r=D1$&zSe} zB5}x?^g?D?Y+Pp^q&d~;M1_+4^=hY*#Y6;`Hj7kpQ_l*{Z0q+1!b)M8b$zD%BGL~! z^(B%|*CQ)!^>V3-brQSt11g7*cqkN>ux@bsj9^t_7kedOabg@`NFiSM_mH6hRMVoF zCE^MtB81>T7mII=+Jit@Uhom>4g%8){-JV zrfAOzNjpA5TbQY5FfXF~M$Er170LBW7enrRYSv3OL4{R#ZX|urlR;`~wJk&$FE^xr zX}ecnu>(j#QoqT88%pwZ3d^5!v62TPCp~7yuHUJf??v$XU{SxKJ59#|&{B|v4>cpL za~8y=5~!SUMp?fEa06NGp$6pJC9o)=|3v;Zh`TiM0H-b5U!h3$p^F&XyMTwKJnNQM zr>0h({;n_qVktFAgk_gucwZtE-~DI1gH6i5TuAUJVK5_X-y(qP)s_c#M*nCYkH9D@ znY=hinWfoC1y-h!!K!W_a9IyEr`C;6i8!RAi7hND`wiNQrB!n^Itbaz^~(gz0%myb@%#W#PKq3=m1=k*{uNdKh`#SS;D?)Kxawdp3p1 z>*}45{R^=J8K+hnWR_RxUBAz{&q|2A%l-nKI&#BD&|PA3B^bZn2$R8d^87g^)5F61 z^rN%~7x)Wj^nT|%@HLg{tXClH@zXN+I*YgsAG+u(J3AcU%N`^)Q4m#<7ws6Q;5at= zcn5%*d+T=h&+e|SS)i%y^DA!dmZ0;N@gft2-=dN9_Z_7_smxJGfI>N1)E36o$DfCM zAsnAqJ4s>EtOTgubz!3^63ltdeK6i6==(wnj!p2)UJu~5l`d&+vp4?lSbTOExU`FRmfvvw zEg;g~{CY5m#+S|Lx@{4;mXGNAw4~#6+-!q!+5EEU7mNpPJY-P52^rmmk(*LAv=6vYh#O&Z4Y5zE{9U8iM^!ELu1?P!1Ar@p#1SQy%*`D*97 zd2xQ3d2!LOeaUA8So_76C9>ASQd6aYi+kqI)x#W5+|ajxgf83E_XY z(V`tJr=4}H$CW5IvZ48#KUSw%blhUB3bE5@um@64;!yHs7O( z0`Cf(WmV2~@E7T`@+5<)+TlRcs9S)6@U%PSO3@|e7^gG|38^CGnFPdbf94uhmkmRf z6Pxk{Uk*6kGPc=v2~W}y5d-5Q+i?x{P8Ai7@7wWC;&VM?0Gm~sme;DH=C`$ay@&7x zO*~I;h+tZCjZ?D5Dk#bK&W6Ma=i)A_(+Pj~fwZo3WI%Y5pI-YBbJM%EeGm9O6@3#g z1l%~o`^A)JKJQ*zxwwY@sN+Hq%?6e4FJGATlzyN^irL6pSB*m7Q(m*G4^mQWgtXw5 z^Z3K1edHM%XCy!dz2I6Y@>JrE^Tfd;P`T>iF-cBqdQ1f~(LpHYWIdI(jA+0}=YzDJ zP$vUt&~BF?fvB$0guw?#y zrRv>-yA7_9jPh#guloTWIVBk~_L1PyU!PVTb@aAFM5sR+=jJs>D=6d^FBiO}Gxqq~ zKknmZ)Y-mJmtXFGj(fD&kMXDA0-6C~5Og|xxdmrd8oLwf=r=py+O_o}op6&!5iK$O zyk}ln&+0*>FkZ8SQz3Br(Efh$ZT&c7=j?40YNARLTYij#p-g(w>3j7a#R5bm!}#mY z)%nJ8dgjur>jP!5S9aa;4A*Z=iGz@+HMf__e;fyIZg}@a1BQv-CEpLZ)KN(z)lPjv zLhNQfo4R$&IOI?OK=)aww8Khf=Z8Mor@+Wp&W&*zD>NLJrNX~~cg~() zl3|E=4<79Q`mTO=cQ3@RAyU7&U(O1+>JnsqygeKZ@AhW`>+kdaoq*+o*%;V67d-ev zvW3VgmI(62zN|CLg^mJ!$9)y@;wakXi*;L0GQMQr#(qvQH+N?op9Ql(*IL6H{7@>E z-+BJR&h}IBqzG!0mJ9f|z)d1rjxp8p4Kul>^Oi|?gTq53`R*%q87;EyVH3PtHqb$r zucDKbwTyp2$)a3;&YVZrN8_O$74wBGY|GYLwH@5pA>iqh-_8Arc+K1Lf#~ub&3jW( ziaDj4%s(s*PO}o>Y;5xF_g@qA21__PUNxT9p$YF>l1wU=uxgcSuv<3ynF5b7NR?vG zI`2y=Z`o0vr>m!$#F{O2Y4u=QnDzsM;6sh16wolk>AZn zIs0kmukscg{QD03@@BjbFJcHeuKFh%5q^`~Pe_p?ow$Z%BOIRz~vjakZ5zOQ%EI+ z4y8@}N=&)QLWc%hZ35pxbgi!&&SqqAdF>K_Ix5S#90+oW?+MV91Wg?`WGNu&feoGt z2hKZ9hJR(?Wn0TKZY-;Ron@bv4u0PGd2(+F;=&|t#6r=Ae6px-{-a#^yoXHpNBaOm zD3aT4je!}<9GoKeSo^=Zx8%k?YRW!1qV!x(MsNYciZ1UA>IM0(P7yJyy|Butv-C$m z#kz1kV$uk6os{S2V}vNdtaJ8hwR=(!Ie(VN&z~eGu+Bxi4-~8;#4p#3g(PX*3>!7? zkAJ7ZyqS+|cfpV5UCYJ9F*hBGhL*mcGUb=RL4pKZj9g_=5#!n&Oj8+WK-lw_Lsul! z2v!j3~aLa_S*94G&jprvCJ>GU*N@aV)AMod){%2of&`+Ucg zGe(VN3Lr_Tg)=PMbG5mzDsZIPS?$5=SWpmf9?-g5g6a@@Ts2$wsVZhcvfIPFyWhyW zVkz1q60cCJ+mUk?GsR^K0TTVs7^>B$VzXd<7>PhMsM$!ihWQ=c%j~96f%?laM{8Mw z{H-}3sTf2ttso)aGU!j}F{A+;fRa==1{h%vrSb|Q!}i91dQfXD&`^IqWEomngI&tG zE)k+;i08Alqy>D4mJW#<$bb^!ew1$#JiO|hgXK@6eF*Z6b8Ra(8F(y-vz&p{iE4yV z>priK(lg>VGRw1^*kij@_k}a&3Q4rl;yvzFZzjOtFL3+)Yetjq# zwzh}5c85+N{QSx5!j<-=C;tKGI!P5lG6&kF4t#!$$K|VP6LpFVk{HV*0KGjdl8E5P zLRJ7zs1Z5bn0S9xl!2W$DRBvCAKLi(pqJ&_pg1iZ@rde*jkLwTj~tO@^`HF_TW{*0 zXAjq63fo^(h0I8%;4c<{I-xg=r=N<9iQ(j_C6d~eObu6^{Lf$sr);UQO29v(D$ms) z|8#M_zqt z*wrmF z4Vz4Pqr`c8dpg$u%~pdexS&-UkbMy()3F{#5!@8!TO-{PDGWz&u6mt3{3`<7e9QBA z=JUV%h{F3fSuET9{rOtO7+|iK&e*41u65R@LV5MrQDSyH&e$;9fFK81N_4!kV&_Ct zZ139#W1u7r0dxOIO)@6FA3>_ItkWDS<)AF4A&FQQ(;XeqR@YXr@zk=&YoJ4+lT|}D z<^{v^mf7_Z0f~6Gf|SD4$-S%e0W3E$Bf8ks0X)sX2x-2gO0|wIZCz--8Yy#XEG0C& zj-m}kjJzomN@xA-CzSU6rvMX$oY;VsXpiE>SuoskX^foSlP2SV;O)X$@@Y4&6rp_< zih0twaW;Sv9Ywu>Hs3r1V-K|+X0k4fP9aY1?3HJPHYWR>1e*yNPWk|BajkwgpiC(* ztm?2(orxn;@lFB1*U3_$*{0}Yi00Bnu03it#b&s%dyIx|Ap_^cI8}qPSfOr?Qtl|5GMmj~DP=RaT1!F)oUw<6lM3@`ahdIC@i= zM&-9#lUmk-`^d8VMvS7hQMvjYi@zF+9A>i>s-A7od)$jnlfEoL6x&}*YnOEDIe3`B zvLGjHD$Rv6KV8d8t<$Ddp>1@~e8T(~cir=lsERDAR!i~&2$`HK}iYNg_h-Opn!Co5-ZatR=#u4S*-V9 zKfjLv*D8uV_9WwREH)#Dg;e?2iT3jySZy_jd$ue*>aR z8H2>kKNI6uNZ}d!L!ziIHH+4!b5(oJOlES?R<18>sTfU|K#bKwRa{qK3CMzrG01~; zdJmm!vt8d^(Ej>fIYtLYv+=oZ9YVWs2#v_bHpYD_j86AkI!eTe=FZ8*P&y_Ng_Dda zNM%|`YJTA5g^h!}p-+)yyu{@Z6am(#;(zaxe^CeI(TjgO_V~SSewdPdjxR30jD36xWr4dk z58Xd{CiR6njtKl}w)TQ|CEf8Sh>`tvh%Ub08q+e+zgnyc85KAXsKm??f&mPmkzpWP zNhwdR{4JW@va-*DKEDm6cPoLuJ~Pq!Nwioy@H7htbx8CxQcJ3EjgSkq(An=c1nDi$ znQDQjmP<`Sf{gm08G(A~8d@E9vJKgxFd?1Ls#KO5)~^(ns>&9V7(LpeYzUMpl*}Zs zIrM-?(XkOiYn}~LrpKQT1qPrcQ?slXmf*NaXcSpan^Ici|FdacTCls&=40aAjxt82 zJ)0mLH#Z(*!kgC1r9!II^E|PPj{|Q(H+jlB-!a7-tZc;zF8#ZXYW;m?d*Q(-tMKKY z#_(wGh}BVG1WnX3^6D5ULCZkPNqX4{r`b8tyMkR8X=HewzC0;0Co9mg!~ZB*;1-&m zIJ00s0{+GyL7D9!R4nEV`R!{9cxZqc7US4V@`unw@;VZdr&{-zL$3)q0~uBiC6lC{ zP^lG0{K{CnhQ~jv>h1Heg+be)*r%>`VLFKO5RMBNYV|`UCdRUArTZHs9%lFJ#}oA| z`U{@DkYTPk@{s-A`vovGG}N3EN8z79u!rG~X#Gl+C=G=6#zbg^(6&PG-cks1y88>N z>SbHo%C=vjXkMk55{8TP`WB!TdBH#Z9{|KaJHHxC*I=>+!5Unx!K~|mSz<5Q@C$Ea zVgt;uOog7z5G>AxoL3j}^$fe0zu@htZ1e?B7V*spG= zmv3M07B`c!#3@hg<=ege@7}$v6rGabGGMWYDGgo>j452n6{l>K;o4Jlw^UqSWFea7 zZtu)C%thR5@;;nqQ^)v5HV{%SwBol0pUB!5N7RKYEr_sZ#uI3~WVB56(}dluY3y4Uo*GGYmu!(OnkD z6dCCgvyZ;Dcdw})$PbhRG_?iR&F!m*_zxrw_=H^0lbWmB_X$NOe^?R5nNz^}7m@b| zg&}ZxB>RnD4{7=X>e2>op}GQn4Ko8tKx?%ccy;VM3N#cG+^SRZ9xr(nWmNh!mg4JB z(5cps8Q>^GxH(|XPmLB;ux&~CClq`fSQx|kOi1})2gxGvY%~hr!;>GsTZ7l%t-;Ih zo}xsRYnZw@1attIfA0F$%kL_E<|mcL0+E18y(xPxwQ?Y*XTWDH`RMy3OlLXWHVVZ; z18AL#CaZdPe5puvps~po`%7hAZe~ut8c!8ETopQTrFz%K} zhWO>Ld0G)7NYUJ(YzCpM&2p|p{xs%K*t93xC=+*{G3gduXaSy{S8pHG3s{^IeF|)6gm6dg@$=fp{KB4xi z)jXcUo?1oeW+ccehst$|M$0_ZItalwzpUQe-HAIB(&~O zmxC5b68m$z+wb;Ug|s7*^^YhCl=TLSknhLifrbNd0GA=pNEH5oB|^!-DJ=s!+L*Ym z6E=0ie?95l){UuXg}&^@d`ZbwcN~gIcAjyX`gno`#(pw8)ciXol3ng8Bg$Sl9rq$O zW~U-0F;7TJV{y9K@4xRR@fdG`>?Hr+p!>Yr_xi1=6zPnf-2*x$VKjt4NIc;oo&0Mo ze`7!=V-;#X<%QEI^DjdBFJE%_g|ewopIS!ie}|)PSqa6`jbo7#LC3Qp9I;4pJD9zJ%JLG+P|goic8+9Uo{*P@ zeFC@a9HtpZ%lRpZe=}@DEmvTqW$Oc`>!rqqnAaN-3&Jl4c42h-V+Dp?38-)fbwA&sk_ zbN{>fY#m>X_)C?qOTK6Y>?)2J3HEG!tb@A6@v}6-5%Zq>(=1Lz(1mc`>U27Af5-yZ z$<6;-9Y|QPQ}(p#7!yT#0$g*!R;TKg)lp%$xN<4gTgLi7DkpE{&Q7(Wh-HF@0d<|9 z;K?gS0+SET)PCBPt+Q0uhft^nu0k;}3PDrfdY$E!waX^W2Qy135_;urm*&@&5DM%o zUD_huWKrm~I-O;F;GXwuT|ga|f48}QjMbV|cf`B+Ef!qwH1g4Zo#2cPQ#uOYSG)}+ zJ@$-E=rZ1hZiNNjhBa-sie~;Du#RC^4ZXVt{r*(_H2TxQ`t#SJe3h$M7Z;b?0d4-Y z*BlxZvjEL`#<7a8w;266I|h|i>gFkAaj(^>3G2}5z)9{kb;~||7W)*lf26rr2R(`M zBr6qoxnmaY-m;&T?8Auv_d5jD2;yKl_g=?n9&lJB7NOPV$$^zZN?5B**E?DTH)=>l z$!~V1bFHz~1gq2Sbl2cx>^eKEeXgxj@Te4X#^9gof5jo;{EDRk=2B(xIMKfmr0+P|kdp{~5(UK=c|jJ@bPZ^C z+=aHB+(o;)%(5$Di=Bq(y{OT%Lw~1PBtm)iZ9fXgoxI~WiX%h9B2of0z6?`_d(UR5 zpHyvg~b6K}xu&VhI3|6;>7WffOhzuq#TSe#r*aSy8EzlG5Y8ojynjz~#xW2`T zvT+!5jI44+Vqxque^s0d0#V43n74F6XV5`7PD6jAaTe6%H0 zUu56;eXCgvCq8Kz$HR8u(T6-v6Ac)5y^ zfqGR4n%V)^%*g7b*R{pFNtTS)z zvuy&S=5=idraObvFwcloI&dagm@~WUFx`hSL7h3OQyNdQi2qJRujbke0vTbZ{ z+as1zwKIocU*$*CJ(LL0BRZlf@-%|wajbW3fJ%23e_f>8b+bVE1}n)r=7X}LM8cBS zav)@mhY1*@%}UN^H3Q*NBD0hbcl{dryN5BHGcoDryF(5EtpPL_KeTHji2NH(E|e%> z2h;sGmk|4?J_8)>{CxUY@{!lvR+6WSbCbF@{2p+SI4Tzlm*Iale5Ul6?hsO zeU_yvWraH0!A-g(X7OywvReNRjTKK-ZZ6mle?q}h`&OaR*OEDVn~uA<_^(9Mfx+mm~L8eM@9cQy%Sgr&NAg2#l$?vEixiugz5t{i4K)v6gHszC<2mn1)D|? z%B_W#MvASMvz1?sC{UiNwO2otveIdm6uzh(b&76t#Wl1&mUcgaqO$c*bZRggd(Y+y ze+y$cozO@MJzbGR1q@D2fII3!$YKx2t06F~6 zj0mOJ+%x4_oVuu(#8%ES%(oT>OolhvTnWUe-ealVGhqw_(es%s?8$XH>!K}#+r1U+ z&QxnS935^1g#8jy$QR74zJ zIMOr#=g}#@2$R!GnueoU>FaqI2d6dI@3p1&HlK?7+19e5mi*s6Zb;eO;thF0XB^HX;Leb1I5UcYrkyG0sqGH6 z{Oz+SGGV4{5D;Dna7hEDK~s+Ra*wJl9mal?N%0xwKKW`2VXS58l*-!Zr=j>?t~ey^ z6HNp}7!A?PW=p~a-F{^+K8YU-e;Zs>urWn$21k`=SFPbN*IW?_n{wDn$9&NVljEx9 zFTyJ+UswuAF+L~uO*!~gIa@|e;MnIQthFN3ap+7GDi#I0Q``!)05eyB>4|C5D}1XY`MBNWf1DLtW_G5y z(ki$iY4HNbjZ1Sg?PkIP&jhUXl9bYEqK>$EiHdm})7H@zw%dPF>&?4AbMOBR)53ca zhaY#vdvTjS7TEu6ZkF%=*ZUjWtN1Su@(jB0k_r`3QD_0_wAX!hZwxC#=<4R|%?K7InPF&Cy(&UWP<*R1N_2onsf@ zUtde9r6|qpy*XC$zk6qjaMW6P1)L=&*=>RlssTTIkm8RSmbrv9e_|Hq6^8E{?tRzn z{VYx4-O;Nj{Ha9Z!`6onp7t*-H;fmBx>+zBmmHvcC#%soP=5lAIMpRz>Z@P_=yyl2 zB+DSBUg7K)?Rf07>6F9)FI*1r35}wmo~~xNIJDpB0H*EA%HVagXGW^5mf_9Yz5Ua} zw?`*09zAjQokA&;bf9e0$HIY=W+vdWXFSEE$tHV1uEDcUJ&2KeC^gWWJ zgFj(rMIY&r3?EsD*(EK&-!&YVzXpoWKM?4YB*+B?0wa25 z<7*oqp@J#G!J)b9xg=pE_jDfW=YLp+NA)Uq{=ivEG0oXie~%0J=h9yikXOsB-s8gR z9q%9gbg)~qfJ^s!QiqN_5N4E$7Kkpp9Ie7DOn41Ln6azu)u#f-oAOC^p7PTf3<5ZDE)KX)%B!E(j z_HpTl6oWzzf~M0jCV~cCnDe+T-sh~H_59p?+NXM!f8_sNmF125SQP(pt6$3hx;|Ln zTG{_U$n)Vt@9%IKPKOxxWfVqKV)++S2^LJ|@%J7gw%*@c`|lHjt&EiivYO~5($eKT z6UffuaD~6U{42>K0bS)=f|(v&O#W8KZikN`(k%92djtOrr^m|ux$WhR$+PJx)Y$ub z%S3Fne|<>mF@xVT5-B|yNz{#9xAikstz&s1`;fEXa87-aajN1`{aCbCQSm^O5(KT{ zjA=^9;fdDrYncEwhY9tcc3TG{NEJmN1Z_?p4MZGC z!F;q3HDwwLECq7OF_<5ZaQMR)%de_4P74Xue@Zd=ryXnI?TrVRq+u*Z(Ed;E{U>ji zT2uYrWS=$tUD$ul!lFZrvQxm+25v4UEQQLmISY)X+Ktn3p{@SbRuS+KQkq1Pdujhy z8``Js+n=ZMc`v12X&!vhHQ-ItJ}nmO>ZFNAuKV!8ZmuUEKD*nVQKgW>hil6&r#ifIcOQ_%t=tAoTigx zST8Q;0--jaAgO35s_~~St4Z;&F55H~f0)oT6d04jEn$LyXgHumXJs@e+Vgcev5u6n z1^XW|ji3u3A&dhW3)n2lipEQD2@%+H4x(8TmgZtO_R44BR?~-A>wSNvqQ~YSNZm z2OUPU$`Ra_%7GsBeKh{grRq9<0ZLyQvn`3oz6v6tCSRhG#+4Quv0g+UKES_O7(;ulU01R|C0u_d_~@8z zJ-VQ?HF%^vVumk}&b&9x%ZCqG4X&?$(;9Hw8ja|5P5tu|iDZMi>0DWk zAL05MUf5r9FD; z3?CaPXu;sRG`gJ*cK+b{#uaypzKC-Om=J{qFj=f8D+EBUnN06T|uj&q7x-K)`vm$d_J0(k{6O(3t#q!#Q>qVU=U zb@j9l08xh#tS;{8_aL?gXS>rk7grFB$j|gi8kF38kPFWIXfwrnqCB93SNR+ zOp76y0jS)JCB`)`Tv}J?H1~&p+4JOpUg3mTy0; ze8|$M{q(8jkg_xak6*yA>Lg1^Gp4@qbbve9?%PjO@*ZD1fA4;P_Kxq_uSOebJI(Q!@Rzh+dO|Ef9E&)wJ{4w61ve9 z^7;xsaDCk~Aq3=Cw@dTB*spzC?0n#yqMkV<&O60p>o#&80j{q<0;d5y<{y7;=kI@Q z4}bZ8Yrp-yfBX`DZRbNNH1liwM&r;8l@_)W_Jh?r*8|ecU+J9`7?LRlSH&*dqALO~E{^_O!;n5BB4v*^e4v!Wq9v;4%w@27t320g4;whR|4IbJQp}^l{2VhpN>m z*05V(L8Xrn>mBlZp@yQc2a6%d^MZw~SQ$;eA)hyDKg`xtik`CZ&~2=Y%4P;`%-Vby z#Zb1;c5jPIHQH5 zBpeBYexEK?xHN{RH=o7wjW3#Dsl_|Px1pV;Q8X@eB{WPvl)9)f&bF$nxy;t8Q{07d zD9TCQ!7;cn8YHh2=ttL98Q$H&HDosE=CPCD`g*uT1wqDkUQTa^PB^6{TFIj?xp)dp zf7FK|{LDM!EAb8*nAVmO&hIov$;(>n9uC1!FsWc3bKWUMBBv` z)tRfI@Hl~-mx4s8x{Xy{U%Yl4I*$6hfs|B+i?;qZ(ADX5tJr$Fb2@%m#9#NWbr{F{vC=9yh z$SpW(w>e^8<Vo2{L`?ImH8+*&cpntL(LAbRoO!GBW6)bbF z2OEKPdy9%jh_)LF-q7}J<+$^M*3f{s#@SZ1;C!ML!v@>TawdLo`XgM(v9+rQd)1jHzT_Ni>x+HK5 zzFMW|2RG-gD>J-*Mxx3>z)IotnH5gz!N9c*Or^SlDfMJ|r$eT%OdDb$m+B=c6U=AP z5KeXvYx{GP=`{AI(=IR5e{!P)^YZ)C9mnv#!JYhdHjbv$HzavJ=*)?=3uj2y5HydKh@6m;LY*L z&Z}3ahp*nfJa}`w{49OLpnSrKy4juF8CH&3Rr`V2O9~l2<^bXNfAz`Xr`o7D7?Csc zxf@iD_7iT)+l{z!J31`Me18HOUpB3g!=jhzlcQg-9&_zhBO!72NFgz4MMF~sqDk~z z3%?5V=CocrxKg_Os#c>=pjo3)&f8yYs90iNOO7jDwUIfxm5Oq}O$42HQb-S7Z;LbU zUb$%JWAZuY))gkXfASq$cCtt3jk_tOZ`QuiQPkW!SHua6V~hLk=6H39OL2fDq|!Rg z@mx9dE;FbxBJM6cNDZ%+63VM!a5X0;)atVB+(^%{2u_cxTW z?dGC?H`%d+`j)8qq2$Ea(Bh34hX&37!_b!zwx@`e%~e;yf9FX_*;a;UQLvgLB-KiV zc_Ma|&0Xg=cL(6hR~66}T6UA8!^dUAv=%RrDr-QeiJ0w$sZP)30@ho6*R;$v^nBey zP5;Yl3GRw8YeT)%?ybAswk^^HEWHRfkc;Qb#B~Uve7y7D5!$uM(Mxh8P@9rEPXx|3j z{ef_3$5dRg^dgMMd4$R~6q{9vRM4}W-hk^eJ^ON ze4X8r8mB8?jspe9dPk0YZ4ssZshl=ywsvG~^{e7%sZ68qMn#%474OY2q+#&Fco_%< z{2GJ7a!E;|G5K4Kkzp|@92P}!sL3iQf3b*&*I)So=s48#MqU_{8hhEq5#zDgK|9&t z9Ue-bf9C>A;pJiI3Mi+rZ$A5?_J-jvdWS49e|A{Ph^t*gZ!xBG!jt`aXVYSnnop@T zd~4U!JMt$*BRMaBV-oQ!%Y?vUR;J>w$EokLX=44Nx+F>_q+86WO`?ch(cmy;qcB2z z%!lweVEzS7dxg-hOEsr!IL!^AzPW~Fe#hxflI*0@Toq4}gvj4{&vLDonn#+&BAn7< zf6q&`S3i;3_KG$R)*&}Z!^<$DV>h8Xj`Gla*ylcpNHOSbs*>yndnrrY!(@W)?!0={ zDkfNl>HkM#M?KD*RnqYb`@WdG}t*j$Sc)p0_9i9O}$YfMm~1= z^5Af{_~P(j&zW5o@9=k=Y8Pb5#SP){f02B<6VD!_kMgT9&fYhF&ypmfQyL2r=>#NA zMMqqPg>U+9j3tg36W@ms_e_qO0^naJB<5{Gs8XcbqY&a2-6uB%PBkvgFuM;W@N;(5Mie}SPt zRS~?Z=eAMK3->jT2h3YoA^oLeasN_MWgwLll1CR z@Zs~z<6MXT__t!dJzb!zrwOSlf2p(Y+2@zX8K;Fdv_yqb;updEx4#&Y{1ZPn!2dT- z{HLFV_at5x*KslM-G70cZ%DtQB+H>*-Hf9aHP0qkoAn32+ zSrY#%RpKorfJOL!{n@j!{m-Dk%K!8r&z~>d!-*q+@P&9c^@3MpTZNod#){Lk_#z{ zXe(9enyKWQBC4MKS?hmZD*WL?9vs2g*EUYz6(hlSBqFg-)3!Uvntp_}+G|=^r!g~{ z;=9^*>#Eh!(RuZbQCoLJ;<34JY5H2{H@UFIg~`G!=dciZa{_|sf0FdQplM8^gF`(P z=f%9yyY=RzSau>H81EC|Ctfl7L9$%1gSt=zf}~?AoahA#nLfez&W#)K4GYk;Q6418 zFg2W}SQmTx)bW`zFXe!nDirvma!mN8@#kEexZ=P5G|$cWKcdt;H)I1B@PGa7iv8#M z_WCOS(}O&>&HrCefBPAI@B%*3C=~B8|NleUU*1Lwx*U)D8AaQ<=l^JbXYciXcN*NS zkNM|+eRFfYbp8k1>w}g5--A3Ic&Qc}exT75@bI)+e}{vZ3lc>f#Du~XJ;CpcCq6dkfu-Z#(^jj~fsz zWkIZ{2OxWsL(l^|VYZ%pi~CiHNAjmWz0KN)4JtFA zdI627p!nHoG0$>SI}}|hub}!okyBJz6CkBic1byyssCuLnPriL#WWTi2OhU$j9f3WJdaB3=sM5bbjv|1nGkfdZv1x=y;`3QTI`)P=Ia~sN(%d7YRH+?>~ zK6;Cu#U<`m-l^I82xlhi(pl47-=NbKun}_Xd?9Sk1`SOuh7FumGbo)EThB9e*|bgb zM^nhZwEW0$G=(@prGdQC-#~@_;Z%q)9?t{MM>zWce{G3fUQ*E>!Ut$4L`>R4Xk&Wc z2_=!hWFk^rYb!YnuAv>qp$JK|MximvpMF}`XE>Tt{NnNo6<53z2)SW2ZELyT9>V6cbqNt= zUax*%f7fmU98Ed+^I5rdObY`}bm+OyM>s2mKVEhRI-?O}TwlwKMv!qAo}9hTxPWsC z|9k;k-F~-!_Ov>ht?owm7U$C$O&-O%0XDLL_H>%xCY&9N-Y{{PQcmN_!Y>+)tB9zn z`_UyTx-6=BnnzqAabSa)`)PnKTqvV9jOLf$?mik(1DL{SPF@}B zf8a@)1+8!MZlkf*vQ3m>_wZfsHJwTdWy)H|gkBU*L&1xqxywqq(Fbd>-y0TCvuj2y zg@gr?y${DR()CLDJB`K(C|JKzC$_*cW4hx?nb?Vq{Pm6rw`h5-1*5qOY-;?RiumRo zr%p&U?Yjwrp-&3M*zbk%cfx*UFPI8Pe{mfCL8atT9TCQKE4K+}gZ|6#7SO4}#&z*J zb6`VaFyG+tr(FpdU9Sc(Qo1=D76 z@s4MzCIEVI7h}jaAi%S82tpKI#iVXyo6)q}ci?Z_G_7@XYA3=gK0)(juS%^`f8XZa zR*J@#^Xh(t{r4gzK;z3WWeT}mk~CC2PeQolLFJ}q0f)Qen?mT`I@q8}nvH-Uha9Jx zUq=(GCsQraOi7%PD4K!N%?A+1xSm{Awo2)zCJMVen;5^C%bA>0AVHvJB`diz*DJ4v zT8{X4RvPM#&0=hVz$5=oQ#0PFe+m?6%HM5^t9ac_4Sa+{9gkeiFk(bbkwh#WD{Yxk zh2G0(oCu5cB-QBLs0EFi*Q8qhPMfNlRpe~(Xmk~um4e^eIB zysy#Zp>)sO)}08uDIL)iF}9cxVNMTs!tCC4G)_LJ`hBB!>0=H_8cs<%f1ArX-*GfG zW}HQ`aWc{Rc8QQ2La)!agI**eIkO>c&tMcrbPdELlRRs zYbXkJ*f9sstG%7WMPkJr=~#mdnz!y~;+7Cc@5-qbGQHQxqKA@0UP>yyhtV{L@eQ7k6fW2oofK5&=mIuyU*pxClo-GBNd=z&D zjv7rh@xxtE&hhJ$L&*dMG!`L=coWLuaF%hJo*^jDj77YQeOjFke;g}NmG)+vvvs!x^N;#pBKL(!k_4SL3eF*RkL^Gq(-4+ zsyVPs;5Qaiy@o^y^+06bqcB!oH=mgIGW4Rv)=xkiL zTT$Yn0i4fl4nx?Te<(9V&3BfXnzA^QB6WZb$O4Kppg{poNSPaVf1po8(1jgHsn4cU z8V8CJgxE>O5e#`pQr^iMTayqWF{Cuee5}SsFwG(nCJ}Y}3}XqaQd4rBvNWZ!h-T;; zk)$l4X*7drn5H<7{9txl`|ruL(5!B1h?l{&hBcNksWHLkf7qI*n=ho+c8zXK|9SfO zAq=b&%f)k^*TnRML-^>m0DkFqyT93+@#3k-^YqR=7N*!&d@Rc7@)Mm4U@>q(QjsNH zc*iwn;}m9O8maEqaOkK`G050K`aX$KCS*Z43Te=7Ih)PQ!GMVb1Qo-hl+{>x1kC4M z*USSQh(f$qe-2q(%oNw5suw5Pya{nH2mSQEcD8A}d25>z`QHA<*?n8 zNhYD7_!5AnGe!8=q6l zCj2VYIxIt?c9e+R9hML#lms;8SV?}|&A*jef0~l?Lem4>1MU%cP2M91kl=P3W5tkb zyC>VulqCOzQAndeqYKa`9yWMWvc^!o`7IQxRNN4Vs%N!9G)&_%b;&wu8NP|!mFr>x8?+(;JWeK?~yfOXvQaFBIp&FEi4D?)ijn_Lfh8Ee=LfWj+PHwojhYMe)N(oiae#3ZKI-S50xTN^p{fC z(WpGiT^YK@VE}nK`~ES9Q5Hor_&p;LidtB^+v;>$#a2-X;9^gu6evs-OnQ};@~z$1 zIBr2v2X`(gsV=)06awgUT*|6%$ctWc?!8UdRN7T~9Vw(C_;!9ihJ&Nyf1Sc5&((y+ zkfGM-h)$WH@N*gp)COr$XlF|PU@^Q#I0ep7R7Y-L0r+s;YL%hd>A=BAZHu)6$d!a3 zCF65y{B3A}HQWuQHXT^+1O*f&{vS~VH|3${IwlMu&Z4NL`Y-gFs{v82)ZM9_S)iwL z>*5wRmGOs(Rcs8|hjJIreFxVmC_>|N1w>$>k{Y4q4+h?ATokFv4qf0i>PUCK(ABn_El zHe*#yjz_6axsY26#d*Pu3W(r+*9;371(z1oedIy0gC}nj1)Zk|M>)B7N3R_C?Z3}^ z({q-yG@TR|STeV&dPSAN;jl|{j+qKy{-s;9wan%*VT_We&QVN6mexV9r`G z1&?tL@FfWwLOc%R_YFlw#69B6sXvyJdc0s%ISNzvL51l_RP;(+6KOoz+*0lxfk=>P z!hxyrOhw~Ermf@x2uHSl$PGB%A*eKqIR*sqic1=>e<=xLtx7N@@|V3b6Jw}WN>q|V zv_?(w{s%Romo%MWuf@HmZ%sokIY>#fkyX@bMfDY^T}dQ#fnnV>Yly%+#Jq|wLRXms zdw;j1FJuYqpz^tpA&~RPOR2iDsg_Y8Z!%83d^q#ht>RE(O5d1zx$7pP@~XL{Cg%Y? z9256Mf5e^1ILS3T+Lonx*){cc=jND_8Ao5_k&$}4taGQzJger=rNnXdK$)QcKW%J{ zH_S{sFDplK5*lt1j_4>?)s?bpF`xH*7W*_2_(#41J>{C=B`ok{!##uCoBvUCXTeJKEb++0(WQILGg$$f6hAPL=~v#%bz}voN5jT=P_vCJ7}gtvLQc4nKz$ zeA@fP6g9t##r8s;W{9u8%Yrc#)>lTANS9qii4G)F0{E|=|#J{-0%hA7u*^rNIpSXeAqonJ!8k?*`D$l zb)ev(FqDHV=So{ZX%*{&$4@Rd5GT12s1`t_H_DsQBD5@S^1IbiX2Ypg5g=a9RXcLs zOA2($Fer>8f9Lq=;2rubCezRdYt=!`e|Yj8zHo!*aPxFpyIz4;D5o2eXz_@W0JRiv zWB+C|MUXDbm)xXb3mWArq%{i~7HC9J6b-xO{n9NiU%u+vQfLjGqYPm(^vDvZb2?%v zHBLB&e>-Pc9B5MPxL+AAcInxnoCPUk!sTt$iFHIUynen(yFC1(Ktkp3A*{a)e{a;v zv2x}DRCd%suA2SnAMUGvI(0Zj%Z;|zuB+B=uW8Xm8w>F2AqeBK(_R)EORp!6zTv4n zKDw(oi=s7%S*1I)7lF{u2$cDoKVi%md0G91a|F8pPsYhQuo!lJK9;i}aX``layAFx z<&XPos1N*K@HV0Gu^|4%Q+Fjge}&-;B|vVpCOTaM$dg;QBx&W&lqD8-cFlR|hU{Jmjb>MciLF zHI9};bB2zBx8$%@W=^<6rg!QDvksilD028$V;M_~L6eUwP@cMO8(Rote=aBqRGFw+ z4n`7D)jOe8VKifzw)V`eZFRsRZlvhOc1&}{8|EZs=Vg76pk%tE0jeazGAtdfJo4hN z>%m$SC*_twxXm!P3i52`It7&C7r98}{LHm#8S&qc)z)c}C39^ezIghbGtTOzPQ9#N zm_t%@8p#XX$KX09S?@hJf2)%j-*>As?u*DaYW}!OCg#6CzF8}Ed5dfFFUuBhoe8;` z2-)G%;aCtMkLocMa);}1Si9;jkJ7*#qcLvf6vTwYFn}kVQaGm(yLxK&q+3FG=MCORc3A1Jc0;sbtU)ftTRC?fQ;6S-g5WT3FUJ7%kf7A>*VGEUG2@77^ zUd+YL+ccml4J0Ewvy`MD&rc``BFUB8P&*3i%8?^-%V$|o9_ea^S*}07QAxq2G(>Xn zk{l*fA{@#mwr?5-kT5CZWB=5Ylmq!;N1;t{Z?&q2YO(!F?>u7X#ze;km$bW8!S*%f zlS4T^SIjA?f}Z#5f9}dEK|9bGNd@j`-B4(e2Qd@Wvq3|8`Ifaw_pD}9^^xm#{3IK~ zpr32+rWjUa2pj9KL;bRt@^o>nmeF4+I^yeiUds~yQXDXoG~1->hC#nS$ltwT@eyOf z5moTD&O&9&jtXyDc9ohbi?c7~Pbc2H!*Jc_KE2mnI(Lssed)saQ##!O-R+wMTWnrEm`zFnR(0oT}|cnxC>4wh(7D?W^{6w+#QO7_|d zQ)ibiXw_bT7hBpj=H>*1i^egF3~I9X4RnUlbrJ6)#vJ%f6>SMFLcho#DiY7_paCkR*Oim zcqV*zlZ_x8>Ui9g*70u>8cmJKvPda4Jev;RUDK&DG1Zrn=MmK*j~WaT%NC)9DHWAB zH?wnee`e^%X9yVa&MzmyGgV>^iCh?qDgu(pjK z^tVP+RmqV`ka~f+pfB+PJiY9R_u|xNkuu@1rA)s==v|Vu7lr3FIH`v87kf!rLdHb- zpJaq ze`)P?^TL`N3ff4!g==B%r$o}Aw!~BInyn?f*w=Xm2nSNRwlN@BW@i~q zt*3eVFdmzCy^d+vB&g(N4LNF0msd5He=zH3)iop4L+$Xl1Fams7xlAkt)fuQJ@0Cr z>*@uMvW1p$Op#UO)>46=EUCpkbqA-ldBeJ;_gRTtE8%9nyZKyedlpDHNo7R0;sjTo zW6OAsbvp2x%+9qL3$i(`-+|egxr14aFIi>Z)CQ@xX009gAC_sWo|z7WXbcRafAE5$ z<;@j_uOg6=EB8iyO5$)tx#+g?Tl6U@{n4vQ9sSlKm9xld>%o!0{_i~A){o0!P z3|p>sZ~yh%)0ap4`zHr)Ug~c-=k)`PB9@1GaT;t_`cytfbNV!0zB}GOdb9I--}Hu^ zeV?-F(Dtue`;pEhHqBofBr=`xf83=03vwo3{>oSYoO&f$UHvi5L|ve;J}4U;Wo z{sf3sCt?6I_1&Bon;Gn)5oiB9SNArc~Wns!piRYU6&;k;w_=lp($}lQ#s#w9`u|)%Pf6dQ}LsMTI-Nn+a z)wQ#96L-=JDRoGbQb?XsCr*xU?|PaXnH^ox+`3h5%coTU)s6MGN};)n@mKLumoR=v z?{o#;`}a#%?S5L1^hQ7D>h`(4vvYG>pWWkm&d_e-_T1du!}&ft#B!16vxAN742YOu zVyA!#nobctU~F*7e-9)n)$Yrhb5ppT2!CRD#zfa2Li-R!y7ph)rMh`fd}hCDjbE1V ztFGTtMhl5^`b7TJCcn|@CS#eKjOtcfxl^y)shbG;gZWffyZ%!;gs@7K4 zkt^%SKcjWz%I~>GPqu`A=NIl84ONwhbuF%9(3FxOjFl2FfGE7A_yZ$LnA;HuXhdc< z3xc}zTH+Wge*r6(rsOfSmp9IP)2n9(1*J(;AGPgoQTVWU#!I74y6DKlt+1ya)(3g3%ED153PL7_<90Ge0wi}DoT zs=&h<6F9P$$yiU~~%IG7nF9-YQwO>0wG4CI_$8b3h(v`KZ+ z(I)Ad36*0tdMSUsVC9@qFAIKk`rsocLXK04e5OnlB_mk_EnSMt0`>Dgy^6QNYg6B0A- z{hrY@)Cwiph#`kHXP`9XLI2zSz;aQ!OTT*W3Xmx35tnI!C(aL}lzAaH<Tdh)pih?54`F3-+#V=p2-02i%IM2b*O@TD8=F-lEZiC>s ze->_c*A+Ls!1&hb{jPZ*>St0h0_t>B7!{SLb(kyVecJv1+56Y-CUPxt9PYQ{PoZ&` zfpBoy&J{ev%%lU|Cu@Mt3Ur?}4~L&qcFA@%bO!e-C?m$GxM2 z{tvyqe*dWd1L!qwX^Ce+*{dIVE4O8K?i+b-Z#y8I03$J!SU{ljufg<}GuX;?5gFL(CMig25ZKZf~<>Q=qM!SfVAF{;CZ; z@a2m~QBhN1u?r;qfUm}$f7D(xPm30XTpR`&Axa&NpD1!@K`@u!XKL^#oQCkx`Ss$} zBfJaz6jGc!AZ3ON4(Ke*5BTz>C49Uo+Vm%_2;(68Gr|=4*3Uv)QJj-sFJ6JsO=jpq zW)Ra8bw2mw0LwT0Qkqr#hbG?KM!)RcOEH58s+@!zy2%RqD_6Z7RGnS$5hPAcf-w;%;{!$ni2%=jr z=W;YOzap=*Uz69-@csTd9xb6&ZN5i^xXxbJn<7fpUkbsgSAU3``c>!15=%A<^uptB zusHra>Jdm%l)#kScql0=9bSFc=of55nqE@R-tZyS5})_8>_4WZO$pHVaduFWm`MT3i_03x(hbh zHm&!ROLi}b?|+U-E}xa}hDUbK=w?`Ccl&q8Ay?DU1`Kko-TT$~V-?G<$R76{yq9{C z{v?Cch4BQXbD?yNE&jt#z*UGtGHBUDy_M=+@5@tP|2v$)h~5-Dl0?ngDA)h)?e`Cl z4gK$4?{IIc|J}rMd)s{suEP0%xdu(b2vXwld`^dDJb!}&@VLwNNB42-<)?(DwG_!t zq=yt+GhR!S>xk&I7V6N+3ou7;@08VKL3%T`+MmN;q<7S3K+;7#21ons&v5>BF`0y) zK)aIzqr0}l8Q|{Y)+vkT%u(Vxx;yRN6>tZVvm`U@%+!cRX<4v z&J!{x?X8qk+d+Z!f+Fgr2teYi?Xv-PV<5(#p)iAKNc^dR!&~9wRuc_P`VlFJ(7QrB zjut^ld2RFr|8A{i>8!UDhK2dcrhDMjWw6En8Grn-Km^vn(bA`CBob4~p4lasL(#d93|H-KV+2jcPJ{L!t_@Qx6W8Cy z@+mAERW1Hi)=w>_q;xe|OFEZUdFgw&&VNc5N*O!0%7S#R$rT%1ZM7DI7u+kFS76{u zm#wq3bLm#s_*R#%i}k(JCA>nTt1V+a4d#7X!5ZIOx_Yf8oh!Gz^tZZdZMTd&U9n3x zxY}whn*QIX6B?-})M{%|RgK@L)o54nS(c=&pnr2+ zmKOe27pFzMaHlJDx%O%;(+fxzDYu4DBAo$038id)f>Mx2EGb_@O1T_@wumsCU%~Vg z%@ewE+yB}3o^^U{;GO!3KMJFegb;glt&7Uu&mobRXoCmZ@DqVCW(kL{`XfmEzA@Ov z=KkLb&G|_}8>$-M`eQ1?%v20%R)1_eq7@@5oPv4&?+Rv7bquaKvj6qG?;Uh{Pr!fn zz2nUe@zTwSeunYX`}mY8+t)bW2?}J=={jR>G5)JP?)zfg`@PK${POLIEcC^;syGHy zZ7jo5irBj{?71{t(mi>kWVe#<49D<<1ElATCK7S-p?MuchQf0LvuXeUaDRK7ozIUd zwS7E>mG2n`G65*tWN(&VH||< zwB#75r2hv;2K_%eK7Tma(*I37-vs^tkuR}(cnsjh=yy2gAwWBTBmP!njTwUF4O9xQ zJRn%|%=xKkf-k+FT69ldzzM}jo;D@p-2$L^+^#Yr+vDMzdX}aCEb!^vPpY~9YWlx- z+&B6EUca}c|C@O3fc`(CB_6?fLT>B@`Qmx)CsLhF>DO+JDt|wvX#SQZ^4r}l94Yz1 zA;I6n^P(OJ=QuOVfD|DD2G4<)iBfo+fd?Pq%@go|=ToEKEu;2R7(vWi6>~>xF|V{K z{Pdc6dbhpD|NN(S&$(3S_DdUl2Kw0OR|gfA z1(Kzze#t1Rmw&cL%37Z#>AzwTQGEbZ#DCsDIP979e{b)2OaC|V+y(uQ5pl%t%JUh> z(nUJ%BC8G~97a|-;eU~p_+}|TPT-hgDlX6fuR8- z!}BS~bR`O=^og|DT4CWm&0$vdlTWo)zN%ZiN?Cg_4#XS2I7=6RNI8~Dr*IBNdp!Vc zXS6`0db?E^*Wz7y)q8d6n5H30LvnK(`55bcDts#Gmko@iZ&|`7W!-ctNKQ^+Iu+pv z)m++h=6^x&#Fu@idmrJDpp>z1CGYks{g=_jqp-M(}wTl7DfRzv#N=O5DT32)-$-Dh^R(ee+mU zALoWJBTmlg4yE|pK+1q_esBd-5@Og9QMaByc*I9}cW`w4R83yK%o;gKr`XnfzCfNk z)`E2-<) z0POeloTuR&q6M*kR+MTL2Vzz-KjQm)`Uvx!hp(B{gE^#p35e{L{3BvTbdk=OxDQl3CU=hx*zjy5Qyq?z|P#RU6&`~gTsZnWn?*nyGw||S4 zD&IH*jm?qGG2i;it~bBr7hH2}3NW%!*mGRN%8uX|1@Nu7W#`zaZ!1p=4MgRgu=L&} zOgv6eOyDP?UU#$))mLc)&`MYl6v5QIHY+bHu~7l6go!_yP%c0r%JNMm4q4S2mv+7> zEVnP$rV%(dP+aKSHPeLXdo?>4Tz}(X)u4bcUo3IioQH=SMkc^tLeAx6g>#*Nd@vgj zz32R0cCBAxNDBz8!jP0RBXv5E|JE@w#;AhnE0s}{MDNe>GE1FCerQ}mSsw2`Y5JzWgt}=-{f`W3UPJp|sek|9@Apmp z&%t4ToBwko&mG!-Rc58)3T}Q}y%8SpcK7uMLX;~@HF3WK1`HNr+a(CHh2zeUU`GXI zkFm3U*3G=A>g%C7T%Met385bL{_bO!SF52OvlU`=N;rEi(S~s4tkDoFnYCtAD7vCb z`q{};bZ2~g6#ZP;(I!XJH-GgvO>{RlAiAPSJ37{-*)RvA=%jBLosue{pg48hI zlx|X(zE^Tqg|ruPNFOZHhzg)^$nVa*!Vu={m`E6ZdrR-@0)@}ucNE49Swo04@_)x4VH}teQH5&p ziBri~QCgML9Idp>2~gxxs`d?$ONd1E_X&y2{b6U1w&pnB!?Ps+r^lqI-~ub{KaWiN z|HI>>ZT$a@Ja@?d>A^@;#;=aKk2{o!V)64vEu)JqSs ziK3706tUos1($M+?0+Glb6j%Kbw^iFc2q^+_O!X%XG!{>1fzO){~zkm|DJjO-#_YY z>HkKa=JelXN%kVd=^~-`s~;D^G`H{sweP=KY@v4Hl*m41uBom9^5U6s_57qbFCzHO zpBHog)30%s%dN!p!ZJB}U16}fmcz$}_R-ce?4CZ$(*Ht?w11M*po0GI9qyU*|LAD{ za7+I;@hn0AYZ7rrh`Z-zM1;2GC{aCyErD6ff-2OxN|ZS zs4GogR!&~MYJVA;`VM%QDYGBSH&%sb_EjnYvlm=X`%t0?gTEupOkwg!96p(yGus|+ z9V5;}i#d#5c3B(P8Nx)|Z}ZWiFVD|j=r7LBPnGdo#3%Sy48SPbeLQ0q}!BBq#>Vg>gy& zdD#tb9>xQZ8#2%RPXlmtc({Mq0$_r<)A~jmmD6~E5Mh3kH<-Y=m{eEvlkb3^S@!(D z8n5mCw|8)`SGfP}Z{t607G5{S)dtsah%+LgQMM4`Tu3Z>+h~Bo zKlOIXRraLp}2T_$FSk?L8?|+%`Uyk;Uw(-9<@@&ff%f%d6&tDNi ztEQEZ3OZYlE1kKO5I1H&)Tqx9_0N$V&wlq&h zX)-+{BoT)~B28!N_qt$X!{DTdpfQRD;N7Y8p(TDgh2&h`d25w*Wz>YT zbFo;I7qu6Q3dA|qwI&$(!H<6A$K!k;^nZ8Nqfvyh0upc8b^3xy&Wq@%Uv=B=2jehE zD;*}vTM}`|IVe}GKlXkl2G8QW(Tt}9m43Rsg%||}c=@IpJF{-nRsKD2kyV|<5YzMH zM05K!Ue;L$1t?nA$W2ljjY@!_#fk#8?}YzdjsFvAaw^!s3jVKmcx>kXIO-j5?SKC^ z^4y{Pr*3Y&GJa78QU5ye9P0*VufsjvQ{nQm`(Fq+Fsu;(wtWBh4-SqG3;BQcw)=l0 z&wY~rip05+0^~KmgK)08Bj73m)cYG6HbKE__HhnlB7-^Ak;Ymof^E##S`k;*9~r0a zePkQzbsOqcX=5Ae)duq$2=%Is;D60LDpb5b5nb1yZnI$#F~l_%wpM=S!+Hp=cc%I-GG?s}u_E)nGRFMklEc9qlg z&SS(jve?&-z^mMQ<(-t{OWnFIOv@*99T8{?W;^^@zuOBB;pQNYQhb&*zjogey?Mi9 zLB7=e76f7|crRGzLj>EY^kva1n;tE7fN1wvt4E767e?&ewR*QWrrfkEF;J-F`nBl5 z-slKqg9^Dl%-Tz7wXAv^XVN-F> z$mmmdue_z0S)lrQ&ddSP7X`R2-#%R#7Y%RCgw5n@+|>!VRsg zo&J{A&x@``X3J?r849$9{BD&?)<>^|j+NtArLxKODpm~dtFyxPS^KlB{1=Ur4j$JF z0$Aby)j#Z+`F}qS4)?b4|2Fa{P92XbBKyiC!9xj*@hqGWo)oP6RzE9FQH)9IhcUtJ z-P}M@%9bOaOi((<3K+VORO+YHvPqel4oa0WyD-aq$z1p~i0@k_ewD(M0qFNydWhTL zR9?UYpTj=WbLT~va^2Q>w3vpm`B~?+ve)PAa%#TJxPPeZl@b%y71~sMRpZ5Sk60ND zwxvX3HNJ=#vKco~EMN^HTYxeiqj_?kqDjbdigiG`h)Fny-2hJfMMPQ(Q_;zeUG^hM z(eH3fV9;7%A)o31(Kp>ab>NbS4^|fm@}u!<@8ad3W$AyD0Pt1uUwVgy_;1HYTl&9| z=c~qlSASgzt?ESi@p}jmU#`Dfryj8^K)k8aX&NBDLH&CkAYL9O%Z7kgZmN|r;FW7> zq3rVa)MA|Z;=Qv>KBe7BHTjN9;9HOkWip(y8ky8*8?63rgVk$U0@Oe{8ZZTv%fRXT zv~}7(#b;UmFGW$!=zn$cf12_C5BmGZTmEko&wpz1AC_R+PzoN2%UxZjLIP&wO_2>a zOBMtK3>AMtW+)B+Wc-AZJe{+47bt>j?{kAX`1e^|)> ze1CAfwg277vvK<0_|jgJc8g>Z_wqtsi#VeQijWY>fwWp5B%LoA#1>wReurbi&IN1e zwIzb2S!AWnf~0L}|E8X0>3@>|;Fa><#{ag@SF`xvHDRoP#Mp}={D>}79fH$^-RHJ1#w~H5x^+Ji#u>#arD z_w}sE|J4crUcvv_;(zb$ZTY{AJa>5iH{*Y6h3`22_j+7z@8W8E&j@J!{huuGY=7z# zc>g;|Mt)(}= z3dFcC2}Md1i6&)dbG3`$Z*$cPHx$qV$aH{3{ldO*^@}L9z)-85sb9(zFeRPSS=9F* zwnDk@`B|C%*H8jg(*J{k{pU9S|9^&_Z-M^XR6F@!gy>?hi~s$j{fIilIkdcD(L_5LE-*?*gx3j|Jlg1y#B{V`)h~)%GZx8 z{#RDw-jV%Pf^C^$8*NEcN>Zp4v!+;liyH*=QhT{nMj#bHF(FXNiosg!FMnJT^~+jo zUE#h|;7dmPDgm*^U|&^>+DIA1fvp$?tH_6xjo#96sj8sdX;>Xq8d#(m3MssSd)mOg5ELJQ^ocDTU_FrE<^X zGik@vQUQmY5Sqpt()h6z!VQ(dSp}zMB15_AuYyOjD5ut%HTcJs_J6c9Vv}8m%E?+x*WPdhSmCuU%fmdQs&>6x@T9i%!^0kKRqRyf9fQC4Dk2RdqkMh@~H> z27!)Ckj-{5LxHiFEPoh)t9sVQykw_#)Qp&$8HVvRSA?`pPZ(PvMvExDTdoZjq@z|t ztYp@jQ6X1kYb6EcaNA%uH2|-Ik;{#iG5@|_l0{*KV2dDO8-^LeIrGZa z^dgPuV#Y}nl2;)npxssUO+4HZ!($SrnDFv>^iD#Q=z<9klYhafiMm-d19$ay{BQr*%>Q_Fxb^?v%=1;_zkW~QT{m+^lm~Y;j)$hPUF%oB zSD{_4I;kb2x-O%ZHiM^XQ8>?D=r6Y6Pwy`LDGR8(4QblwS@Qh9s+akLKb7bIf$9Ib zf4IMu|9@@dS-<`FG8PF+y%>>YH2+RV@^jnipq=YY5MD(eRSK-sp!wU=P5I+7#P~G| zstwnQ!;;svFdB7dN|>-PLt>@wBlrhsciPQi>`F`Z{FN|eZW}JMmLj$7({!W@NrCO5 ze@a1eZb`V%(Lv=%7G5{R)CSft)Hd9iDRT#LE`RD3eQh#2;h(l(G&Uiz`u1y+*n9mf zcm6kt{#SkeAMKg<|AT|A{C6|Y-THsk5C3N~#98IAEf4;8XT~2jdQ}$rucW*i`HdXu zH9A%+>R)BWddJ+dG5@My)D8J(ov3CJ|LTEQ9)-2V`)l6NO5y%yge1~&%#5;EWv*8m z>VHp*w8tGa>IK%TrCxW&)wAJT2&?zi1QByKTdiaer$lfLQ-U3CE`!=Yz7Wm* zdhtrdN{(LJ1$k8lauxc&uKYj!e$V9p4v)9;pN%~Coc=Ex`t5Fxfx8O$##_68v47qw z4~=`q%x<5?PjmV&58wI*02TEA@VJowXaDGU>;JovXL2G4<)jZJw#Cf+PFXp%xx8F*;`KFh&{fAE(o z!Z-6M^M&M7$YkFP17jBWXYg4H#(zHpl7{oQi^(MX1ls?M+qnq*NSSmElvpMHJTXH` zq;QT19A2lPjK05A70t6+^;*{v$<~n{!Ia>(!QnlM5s@32FMrkDUH!Mm zEcS2~wP`ADRLVl9*XI9ai=F=Un_TdE2r(sYo2)=LjK}WWVjX1nZxvFbHLQ+iZfPU3fsGGZO7Mf26b-hYPibYSfh`+5Nxh1NS&SuC6NCezMWk%p-qFwm>7pt#>BKA8=Z z+z`8AbxQ<+lrNp)2zLONwhRS30p1UXl*h!Fu)!cMrnD=lPBKm9Om=zu-uw>=v z0b13e3sIK=ZmSgCdw<+s<2Yu~FNX>A~c>_P;s$dUg@x!ybOhxGMY#G&!8g5otSHN%qcYn!P;r7~V3=>|mke-^% zlC@WS0=1IvPP~$)iOx1)9B6UL9qle1JG=xy!Fb-XoNVFu%LDM+D_TO7uNZs1pb~J+ z8N2kI#UVM(Vxs3&LhXIYinKu~E=$Y8v_)b!5X~gU7cfG8;5c1!UTT>z?xGtag1h>q zr1e_y-b?CNgnxgptl2Ocd?mcv!Qpvaccy=aK_>{)=Uqs~UEV;UT*{j3EYj#X3;NdW z_VGJ==E7?`JHGHU*%-t(JwBt(iNBRexKEpjU+ecS(5>rdBl6p{2u9 z1BHUUfh=ik*b>Cl5a7i~OOh-ZftmHjio9U9!QZ-KJ%2kW(43XU=ar^baqAbE8fc z+TC45dV%Ne^c7>1_k>SGWsrIoQB>PzKIeMF%?Qb<{LUw>Wbhxmenhii2A#)$owk>N*c(*H!vT?*WXj%6PW; zO3n39O&n}FVv1O#kieK;Ol$|6aN6_;4n}!NkA!ph+;*+Af^r_gCCI$xzMpjw!r`B# z2o=FONk&JQJb05ZvccqEZJVQjU*eOQ1wvJH5q}-xH5}14F^ZrUg`?C@Lx?#8r^xL@ ziD6cv6iz1PbHTx-G)}!l{1o|4)~pU6WM2m(A45alul7T_a4{yeIKbB0HVRaSHB~$N zby6m+l&43gx2eIko5^pKEH`=v8*7#u+wN0wJyR-~V`!$tse<*6mp8#o{4iRi@ZBth zcz=eXpc>FmMhz1pUa;T<4IsWXYUmJ~X1uCBd$uG}tInT>>}u1efm&hqG&t*+JPly^ z+||9YWy|8byPZ`xk}b{+-gMT)QKye)UgD`+&Keb8T-L$Y+$*MoOU2{^p zW@+hq4o#GO9O`7Gs~Q#~CtYDgY9UfTADywvY$|KLiYG!HstZNDI-SwID5U|v#1{yW z*CCz@|1PcU0Q7skzD*2Lv1**Br9MJJXv$1DO|5?9lL<=a*h2}7@hqGW#k8+RVSfXM z-HPFL^BgsRS9Q>U*lgn6nAOFiY9TI@gwRs8Y5qZJkJu>npjoMgI-0xsGpHqJf z&tV!eXIK}%Us@rDTS!Q_oYZ<1iFM|tpfi=r0<;`$Rs3lc2F3Zdx>krJidsfBtK`&O zyE2uc)$XLE%MM=JVHHp-C+#X3DSw>}xsy@Wud=qmvtPHEDgKKvtrqCYl1wQ2Dx8Of z+hO*>wsotjJ8y$FhN@%P8kV4;MV8GGFw0gjr(ZTB@MUjF<(%_O)YBJUE~}B>ODrkY zsybS$+NhEwW(68`ujaLF=_}g?&~{z5$`=c_sMoRL?{YJtBm!Rk4m|h@3x8+*Lt4im zdHZbiX>9-9EcGvYD*S)gJa=LLZR*1BJo&FXPJt`$Z+5G0obuP~ zR59D{1A6SgyGd+XLs=~=l2!7P@V7p#!K_)WGHGduSZT;A>>u@V5$x>`|;u}m*EEb&DW!k5vxr-%5;Ioy{ z2cuMZhGX-!GQZ_HkA-Hq@D>2>qvlA2tPVr*3V2VmH)}}C39Y`1*3IT@DPBL3^X6IN z#{6Hi)X(gxivQI+EX035+UsxmzfC-M$^Y3iK;MT1(5oD5>p9}rk$?8NrsJKF@!6Gc zxwp-i^%r~^)Bk3vpV?DM{|os)_YMxX_y3JNE7Sk)JoU5dq*&(}P?GSuWRTaI>$wEg zZJOur`Dsr78>N0`PX+zoJMNkE|M0N4&Hu2GXPf_dP5Gbi@}MZs`kbE;O%p!Xs(DAb zo<%lhTbk#Gr+@$DAAfHiT2eh{>cuR*b9wS-X}e&_2F-p-wS3+5&|OHz;v}`WfI3r2 z*R%&;#x$YWX3^B3%mi1Hf^E}SZ?aKW8f!kRuFLqE`LO2af1}jT?5R5c_xH{GPkV>G zt^98z&sUEB)zI>p%gII43!Z*9re@H9UEg+8@2gMJXzGX$%W{~jKj_Fsqn zgZ=IKzlmo9_Fr{kf7VYFZ2_7s#U;<*N?02(_o>;#vgFY<>Xme42__(;0S&nUB{TFJ z6vO6efXjMnwSV`hkq)?5I~{P9+SM9l|Gpki%hLZf+W#K(kIejU`}>F6``<>MwbK99 zDEg9F|4XWW9lBj3&%eFsda3g&>HQ7-YGw8>t5bP_!As`zFR5NPmA^R`&9eAc)?TXN zwdL+_)W)5q?Ju#mZ+b+#J^wlE7zGAk`KAmbvsNuHYkygJdU1Yg`liZJnWo9O=BO|* zOASrG_e_KosDbEm17xjg8Kvx}%1Yfj6NlQa2ChXTiegAEc(izP%#{+Jo~$N8K_~Z7 ztM-VtgpsbsM#QjJHjeb;SPL`ho>mMoJ#tSpr+?#R`F1SSx7tQ?t7m4SZVQPnpb>7h zZVGPh7k}5gedMz&|1T0h)w%{$@c+HzqW$;r{#O38k>{@EKY3b%Jl;fR=uviGkO`H) zM)J?{TnzP$#3_E)A(>T;M)`Gz!|~Kyhp|&1w2Yp(`Tkc<*_twd^8LTpKkW6*{l9m( z&HuZR=bp%a{UpJ80{FLijYfjtHOPNAC_X4**nbs-A~hjTtu91nR-OZcL*J0n7aNXy z%L$h6S6ZqB1+Q5u!8weHjQCbAnYL6Btn@bPRQYOOe#I}DhiaX1)2em$+oV@Dl3s1| zOKtN@ZSzZ&4Q=!MQbkf$GpUp#TJD{P;@&3Qu@1$u33n`A-R9c?f3bW!+tfB+CAH00 z%YQ9nUwn6)S0{hD&1@r{wPd#0W{q);OevR>4e;0JXtv2k%6fWVGiz*T1Zmx2t7tDJbUo zvrhNuey>#8DV5Tq;Whdr>kV6zf|{PN0;Q$=VH=IR>Hn-%Ucn1m>wxYHt&G1B5qM30 z(IsR-HGVQ0ue@+)`EM2b}AttJUE=j|Ai90a3 zz3o13woM*)Z6F*QQ53FuK2_0wZw8}zIE_&Xm!>gQ_Wy@_hdTZ5A0HhaZR!6eo*i)R z69Us11A+jbXmCA)F&Hhvh{ZNb{P9PB3bEJP0qo45y592amYw2?pFs{$F=Jz+|^5W;H2FAb}}}!Weoj@5S5U zTY^&9+5x9%K1VV5?er}O!W6f>X-K;4Uygpu8~vGf*}w9|Y}%#&$e;Ks?&g3-{`lh} z0h2I-xb@h>*GcQKH}XHW9)Ejep0pnS|64oYH$M&00)w*`FL8^WkH5n)X?bA){Vp$; zqTgGsU;gpt<;B}?i6^Yu{}(S$Uc7$k&4U%%DBb`4Uhm+zZ|?tI?_j(CH}UL%^K7zP zt@rtl507SqBzVy6s&;^=yZZ$A;QeWY76Ev}H~J}>CksMJ#ZPDv2Y+mT=hesYc)}_I zv2C7!5Cb3ZaEF+=g$i3xFh_AnP)b4Z&mK4`|u)s2~<@>+GXr8x0d*R{Pu75ljz?_-4r@Z6mDNNxX zix7td;#R8z@)kkg+y5IU_di17gOl?!3m zU6?$6JOC_>799c6Z!G5dk_``Sim$<6 zj;AwZBAJMMdGP6qSOsO3$bTi8&EKB)snt?`U-4@ZeGg_n z26I1PAX$(Ef;cS@>-~uoCIOD|7^RF~Vj0goa5{tIj{q$QLtq|G`MiSZA`BpSKZ7ZB z?b`s2wL^H%>vb~#-Q8B}S4`IcngEg$hwCtkKnyu8;&&w4awrH`h8g`#F^b_en4om- z6EK1k%76Be8N6X@YLQG+KMS4!~A>j6IqD2<|R zAeOX%w#v6UKq)1>>`#h^GWu`%O{S%DnY7RXLolY>6iq<7h+~S5uU6%kAiC=)1Nrf3 zz7g5^GEV)3)`6cWOgeaB4Ez|88BDX1*RwE!3V+?hltl1uPEZPU1vX-qcsB$JuXL15H4_M(B~p4h<;B zJ@APyCzy^wh*`{3x_x{S($QyoMgh^MO`H*0lCI|Y9L51(PI))!(JfmLo9YRD!xkJL zVSgTTH7789VIl&qQTovXZy}%e_e#rj!PngkOd3g){jejp;VzpcifYQwPDY+nNH6Xb zp&PVF0g3`PGHh+{fR~^Ac@inxlTHg>%td)H^RMXkF7%4;J*bWzo3|d0br??vtybRyzh)b~&}K&Tzzeb6 zvTcB30Iy(rlM_=gf;bEWwM@)?^#tH>9!7pDiHCMnff0<*^`O=I7fQ$fMWvC0*1rIG z#LLLmS^*aLnw3)DdN=ckX%qg1GAG>UxFfhfR#*^_K==dvON;{eQtWMOo5=#trhh(x z*Zz(5JMSm|B&~1RuS{>@MQH3txsCMz9PjmJvZm1w%&`Z`Q09G-Nio?EcJ%ceuNRF+xE4@C_p@h zeD~AinZQm8eaU=#trh@)&3~cOe18}{&*Oja%0pUNeCmKj8u1W9+V-bScl{*nUiF#L zZVpJaMgRXrZV*OiMiAsVahM!~ZsR`|bg|1*PotW=Tl}bdEBD7a3czb|*|-XQp!iK{ z3^^mxzMaXFEE+4Lu$2VKY4E|7pN5d!(0R_e@Jw*Yg00{uwDMKRC^0>t8GlLQdoWGm zn5bG*uf-;xo}PkvyrwKD9;e|5f*HD|`!{13L4pD-ZY~_9;6GZNhVpZRoiZ`2$4^Qf zGs%C7x@@G!e%uNW@C8FDWy6=WnW`Y>-jkMsk zPcv=2KlSO%nzaHnUa%wsjDOP8p1w~Z(*g`Rz=mg#hK2EKM~A%2I`uy9`Va?q(5Mam zuGea*rw^S5Wl-|;`^1Ixe4MT38;%4yp{b7L*J!oe1V6?o?eb{LYne6o6fUmHTG4xae!;@+pp`bA$N-V&8^o zMiIp!)M}l}+Tb&I!G8!6zZTG6tZ1tvAMhD;I+kCpON~Xy`0LN$Y{J-pCqRUjQOkkP zg5x%-Q$CH>)yigS9xhJ!4755X2-B^t1RN_06c4!1d=|Ua@QFXI1Wf!Xg?QET_Ih5= z4kvexs{}`jioALh?AhcEBIhZ@FeWDK%z=ageaFZxeF1Q^n12GFP>yyyQ?Ezj%;2Up zFre^Fn8K|{LX=KOlu4)yvMqQC#-{_SLZM2(99S}e!U$3*Qy9aPNpk4y6()*f z@>7cDeB9*PV0}Up;0s$q$qKNmyTWH=T6wX0#GG<6cVf);B%D6^D%}gCY>M9%E?EBtOxG_

=1kHgj zBqZ!od4KYcx8UT}k6G)dC?+Y2BADj9X}*~{IGkc{8j{&!MEMW@8h89?)Db=EjI-KZ zChP2q58ZsOx;vu%-SWX9C6o2;)mvjlKl;Cu*RLE9RYwpClKz&HOxZ213CgYc7>CoC zX-=$*Kyj$Z;8Bu7IHSzJLhy(wLsE!U5%zyQ?|*wo4n(EH1O>|Q$Q>vwSd?VnwK7Jw zY`D&SSeWpP*_ zMlOqIH&tTPC?A)sKHvZVPa5Um9?MLF3teH-iDCo13YZIX;>-6J&=3BRh6Mf+k6~e9 zlz*8)Ge$$9goPDd(ml(fD$S!+w|kk$bj(_kb5}h4+@7p;n_?As{yk=N@)=xqY0=7- zaQJ6&HC)ALxi0*-LYc%Zoj-%iMT}vQ->%HdRJT1*1qegBn#~DU zOxnoX#V80wkzYf1q4`VBvbWK*B{K^HX0Cd;^lgPBT{U zbseDYjHzsF5;zVgH=KeieGu#^7YA?v%0=t;%O&`1G^NI%yJS{}I80#x;>COf)55q* zoQu@9XiBQl#s#KiP>Jrzh&c2E&R#2q1eCbY4$QNtcFq%|A`YH7;|k&NT%GzQ4S!$? z14<`v%9^qz@iA9ZfketmnK6oW=1a2cC<|O-p#etRx9o2VheY&ql?Yl)t+`=9G2bHlz}>(q3igCPyBovYx_7r@k2s^ zLBfR~=$dl%voHZZ<$q%Qlq?eFCAfelM7b~N+s>H2?l2I=ZE2J!;AY!~Zm70hI9lMF z5&GnSEcQ_qNU@E$<%$E8zHO=?mhT!JzBcD3;F?ojv_JHu?V(P;1!r3<5Ab5t5yqid z+P+$f<%Y&O3(D=M74ul3c^RWQbH$KOTO@_BJNGG5-4)IZ#eY_IRZ)#)6S(tqmp?SS;XP!6wrC+KtQI4@ic6c39cI6Y`oDc~#)ltHkIK+BJU z0=o8dKm$ADtAFbnr60AWt;1phMm+Pm69iYN#=MqdI^bCOtb1oK8iGGRdr=L#N^4nY z#-_H^AT|=QTYBLFT9kn<4{NO&%}U^_X*5mncc>PqXi6C**-SX$;{#+-AO!5iwIiKW zEVdb1yK7W?>;18bh>bPlmJw^9v}0cfQ9SVdIFLtvZht;dT$L6{aj7(gO(~sD2eewk zTpf2+npuk*~={1O|Rn#jae^#i5u-A@rxwO{`mr+$A4YdPhWK_yTpY?k^7pOH0 zjw{=^E5Wg~VMB0iAF4W|WQuU@keo8yQi5bs?SE(L#v-{36_)_4(jdisrwp!AOgU23 z%95>AOMe!bO699j-^NkeVL45HtAGn`vJ9%^CHr2Fv64j~Iwx5MtDKM22HwF&+MySj zNDa#p<3SZ(4ckE*Sc9_KAlfVkZJ;tMKO2yuk)O4bOWF9T?R^&}ezu_z7Jjy|tu*k{ z_H_lPtTy1_lT~ny*kl8?eL3ANZ>YAkMixy4TYqhcVjBmOI<1?%uY$cAcdtS(m@BH? zt+rOw5UpdZsHg+gmTH?VT1TkDY|+u?(guv>ZR_j5VcQkdyV{1aS$k#HjHT^r#*EF{ zEHP^=ZBkk_Hfv3{Z!B-XFmG(ukZI_cn;w=nYBh9h*0N#pShL|0lgDBJin?}>T8p;3 zuYX2N-8WyILMs(;1Uy(_BPifL|S182X3Y7C^?*vJOZxPIF3DZhN$fUfz% zSk=T`-4|``8rMbJcx9Kx-m}6P=(sD|z_@RUD!^5ZebSLX_INw)i{{0TC#U+oQrry9 zP%WxLr?|IOmAi5e(P70!A3f=&Sh!~L4}W=G+vTzhj{Az4RWgB#%VjlGdBxoG`bSIy zj_sKi>p?5OWMVVjAO#AT%7E^+VmuNV!Gih32^a3X$)DZ=c2?%Ox4L>nio8h?@R&=` zhB9m%ZT|1*8cZ0ij7fB(c*)CPbEBKg|BrHua~DvN)=a{TP&@^Tn1m7VB}hS%S$_sJ z%tA&{h&@~YDT3LBD6YU&M!gdup9} z+h(~F8Bys(;RKFv#u03PFyNoXA%DpeHF3#6NK_dzCG`Fx9?t-;Kv2JcPnQi21E~5v zOFEB@Tz;1;xng52x8vmsPS`4ey|U8@7+-}c;`i_?KMm=SVY6e^`o8P+5QM zbq#T)0oQ#CHb5FTUUga=KF%euoQ}>0#7y|o8>XKW(i>l*wuuC*|BT6y<3LceTNr-3IfI= zkZLg_E>8eeLB5*$M7vsZixtboB-MWsMQ4juWVC@C(K&`CBE<4m%A|*`)?9+a@|H?u zhOUMz;==Maq@?gElN36^x`l-0;N9{;S5sA@!SeQ8j?m7I-Gw|b=XF+e-;vy&NN2@n z_ft7Y#o2$DqC#C zfSnlv8c;PK*=)TldXXZGQlmfvOLvkcW$6PS z{C0i<(CBwKCWWh@q&4~d0X%<#Aq%gn_{6#{WMkI9ofTBSciSJG2VH|LiF`8A!| zO`%v}0C7FNl4Wx_mQAT*$s)sXtCtLjhGxl)QMrD}fVyVYQVI0C(kdBE(wkwnKUvUI zMkX2K;Nwg}NC)bTC<-3&L`(r?K1_IAwItY&OIhWTwcjf?Ur8a#2m^m^=r*r|tm`mu z?O?7ubEE9kpcxRS7w4ze6Bs2h=AjW$9Pkkk$`aWG?G>$Vr6UUT@?oZs7!=yXlhWzc zah21|u9Lf5>+!7DcOX%*)EEY`OvVruF?B4YoKLyn{E>A?G2}6B0ZIMIBph=YqB^7m z0VETd2~JA}%oRVeRX~4Hf{3U`5%~v`yGytP6%b+w7+nklIQCOr*WjnA&-sfuOcF?h zjEqGq78O)7&R8@XcdU`2RkgWd3{J*lCc-wNkvg@!wENbG6FvuINGzN!WIksis%Rx# zf*6-eFJjq7y}eaqRcr8NHcarv)>(Q6GY&vRp0DVzS-e4~3oU=yI$jCCy7Ps0$_GF* zOE2%dTC_pO?H-0or%T~hcUXg8-dWWOqP(v*}8iqZcqq;n-(fp-o23 z(&d?PbktsRh|Dyh20(7YPz_I}xf=2WT*Wv)jS-Y7y{aJA#n7-qvGc2Hik8YSL|o;} zs&KWYW6dZEKSu-Ywuqc`!Shy>f_u+O0+Hf^3ATChb>@GvU~LTbG#Z#+GymQ_QMnP0 zy>QqqdLO;yVe;On-*W~Gd~UU*RE?$h$`TzYslYBf9m=(Rgg4KblKK6U?9UIEnH>pB z@1^D$y!60ND3z1SvP>8pl{)m}`TkLl=fpS>ilgufMmJA@5B~4u^($^Z z#gb28HUNL2$p56Ip+cRrebj&2kx=>_))xP$&>5D2g<-*yugK#3 z7XTgpbpZUB$;8EL6Z~E?@O!nuvpHMmDxg0tJsZjeqGa5U13>>0 zY9ZAj(G=zR3xei869`6JLLf~#d7c)N|GmuS-(#6H=YG6kRWT%sgrh{)k<8*K({|+) zNwt4>eJR0VuFOx3@~VxG!HamW~oV1(nKr zoN1F;D6<3(NeVlep48}rXWi#4JCp<@H~Zz|j@VQwiXfYGftU7S#AjE0XPcbv$@em0 z75?xj`?I^tL@`W=8vY4IUcT#CM1gIDf@p3m?$xI2!%86mr6W)LX1)i25)zKfFvnlNj zkL9&|cN9ug+7Y=Ec^7tAdg08brgb*q)0kxmjUsf7^Bv9iIK?Zadlz2$5nZOt9EX3- z#v~lGq|%R|H}yn3p9oHoHB8U%kYM7EKX$WXySq<7!pWJwiq#Bd;sEvun8WeRk3&2+ z=tiE(?cJ-lPrxKhF%i^B;the%a)A81iZ@97FwM_*E`ELl@h&4j*CC#Xv4D@U(SsW8R-7oF!m}CYeq7HwF)O2_qK206^w$q^~K2Lly>k`x@5%%Z{(CJWS zOMU$j-f&8O7LTJvW)(}}Kjg_?o^X@dJTI_Ra%SdgPbBv0itpm0`IStihvbss+LTM> z5aJYMkRRL}3_THrr58UO=^|`wJSb|i|FX1|EPR-RS;II_7JV(^d}O>^ILUtshj}(` zrAcN2n4j&+jtj2NrcBFJ2Id5=WTxxKqMB|_r0e)v9~F~X$d$9{D4Cro81Ipr~;F6=wm6nYUF ze_W!CUa!|XIyhke_j*0^|K9%5{tx|w!^7U*aqsA$|3h!D-{0&1mw!J3Wq)4(;PB|# z@!`SI(`Ws_Kk7{;{k_R37#&Rdqsh3pcX0S@axgkRJcI}1R%XFJ0DHZ?UZ=O;=|6qf ze>ylk9vnXNdcEG^QUCba|L=R*x$Aiv?SIPJEYU{Q{@*)1DD40Jz3u+r#G~*37UhIW zNPx15+jJK{=E-|kr3`?wDSuo*Jt*iMUO-o_U9@AWzmj0B3^Vw}dZdiN*N|%=mctDM2_B zaCahj1tXdJx-~J{R736_Jr}YrGH-IS{)?;Y>VFL zge?oL4Cj6r4Z!aR!~gNqIm85cF(fS@sNW=9#N$~Q&rn{N_-Xiu7miYY7S8`?zK9@3 z6T+^EvKlMWfBLMK*P<5-82wMWfKv}HvXXQ9qU9vDLgGwOZ9Yl{qg6Wp%kO_h{86#S zD)#@;@$s>_|Bv^!=YRi3o*kKgT~+#7f}XeXHSt!28)YIW7T#fC+zwJW4KYb?ypK( z4w}=w9f1)HIt&|1>2@-Wq#sjS3)7IvjiW56g6JLnD}^9NOt%(BA-Mt5g`fH{fe?Ew z3R^;@^O#8(nM$YClKmWjeyb(aGPGQRQZfKfdrx~U0PG4jU) zhG(4sF)bjzN-?Xh(c*yKW*YPB8D!S`J`<_srvOEW12@{Dpw-0Y zbVV6pxh0b)yAvbA_5z)6(Wwy2gttIC+UNf5`AW?!oqwdJOP)>)^aY&26von`m6=Y> zQ7Yx^Sk)^s4LIGe6f`3Vn88Tl#C9X7>0>|vb{Moyl7?4wM@Y&-Zw>6r`67yh1bG17 ze`qOmigrWr1_NDq&Q}F}mD|NAONf5RRT_NZ0Wd=`N@Xdru6B0n#oD$|BO~B81$9v| zT4NNCVShr;X9l@TM=SHg5bs($JFS8fnPp!Ww~`dc+a1j0=XKz?<0pxq&QZEnpcsxR ziCHhq8$2eFs&Lo=qMgjo#`B|O=6iY*LY97>qKQcAj|br4jeTQY`0hQPZ#Y{Gh*X0aDKejIf2$PC?<5~YDtza1?NxZ$xV97J2X18+Wf-1W!@ z=YNGz1q5*}CuD3_Yo{2^fRRbsd=@rgj3PcePM#9{n1|3}S|nMwwWHRi?2A}{UMqi3 z*QKh852rEHwQ?W6oX%y*p70<)aZ&s`8s#qnAI?#X*&!ldW&R8KJDFNHe=|dA_$NKE zq67tg<`kG05b9s3Af&a-+zeCZq?Ns!FMkL#khq4U8A2bmg`mL6j;Oq*s~|+&t>dFYjKy z^~fjUxMNn_|NHy_>y!TcCzf3xCJZWB#9C zzI4?N-*Ed6I&}dMUg$msNkrKV_=&lpCn+Lmw3q;{E23Q#eLi7kDa;8Urd|#&V5c!> zI!4U$1uy1#10yZES4c37CbXf^O%@VU*u61pLoPOmAh+dW-zg5h3S`XuZnN3(w#uTK z&pPP;a0VmFGk7Giih?WX|9{@`o+Hj94+uQDAa23u6Ool`+hU6xJ&*yYl z#xpnokGo&Kv}mc;%TI}vn5xn#?&r}Gxrm(2XhC3Shc5b4(LGvo!fbw)WqOXT2$lWbt+$82zA8E1i7qaWcM(gW6$ z!SnhPtl*gq3WuTv2Y=0R)!sHnFiFFhOhEhJaOdA}+ko~Ut_@QxIoIFXQZ#ps-95F| z{OZ!^H?Eo1iwSQHRuBL{84@`?k3wNYUBQ^_x-&;mk4%yl$=k{DuZZX;3W zM#L{eTv-F7xqpXeeEG84>LJ9UOv^W-2eM`n0qzUTw6A?Kp0z(v6m!z#!Zs7mTClUCl2ur_X(0r*G=Dr2V2Z7aI;*yw%bP8&!%qap zbV*_g)=v^_LnQ~XGBV1MxHL97j8)OegzPm}L{@&)hF!9J3m)=o7*A~|xgf2IVWv!| zoTuC!r(|1a;8w+}={8!&7E%-^H5ZCfW7Wn>H8i&M63jyuPfpk`sOMu5Rf=qB3#+29 zs2A!DU4LF-<)(EFm8Jb!OVhvv0NPicjvXfN@vMNdy_5^F;1uEKDxeKNx z!;%AAfU`1URuhbJcDx)zE5O=ls-iabXA?o&J$=?J|5L;2WNlR2e;n%azy1DxueX)| zZQ}V#@;?z=Ybyp^S`3IHcmXFY7Mmc2C3DaMpeTY}vSqyBMmvL6M*!9R6PAUm+1xiY zfPeW;iSq`YbDzlw=d;wwWWQ2Idrjk=yDTbJkn*L4t#K{k z%+&nNa;uPEh*-A3cam5#Hw|TEKn7EciL&_V6KTVMB%R$x13_rF6uVku(=k!G|fUXz^WA zT6R_}%v_!wB@aQEZAP8E*QYrAf$>#7uoCL|FE55~PF}xM!WJ^0{hv}aS7R9hZk{M^ z2Zi_NKA8QKqv#Gb|C#QGN9)EXADGVq8emdoQySZ_L3Z?@(oxIlb67vPx6vaW1 zuWBoWvSxDAgqmQb1wt86X>nkHth6gAfvK1d)I(IY5GaGI7y;A+oa_2az~&16dO)3e z{E{}D8vA-p=8E}}Hga`)J)l)f!?rAHD9cMAsv7cofXfx(B~6vN41d8oFi!Oxs)rmZ_NQ0dr`QOQ1W{$ICU>sHNJC*fhXp?by`4wVSE}T^E$9 zu`Pk9DrFl1Hg&JnZI}wzy3J{N)zW4(WokX}QfFEMS1L;D0u=htQiwtcS`(zI>nsDS zDmUwb)^wPqz%@l>J@8ff$bXXds?>}%5wI)m%G$MSf%S_fIh^;75x3Z6fBB>C@M^PAFoUW#$)yGpaNQg#=WVYC#C**7nbu~n!i zgaBIcJjfUL@?}u?O#EpkfTB-=QuVUj$*)Z3YV;`nMBx>TA;#w^8h=6cCNU!<`56-Z za*?oGMRx}Mh|K=fKNVpE5XK=1{pbaZ{2P%SX#ftD0wkP6v>=vmDfEM|F=lsylBti& zGSjFR>RjtxluqO|GOX&@_ISK6b-amky|qPtj{(Q4IgN{N<| zx1@$pu{5OCDQV}M)qgmxL;pj0Bq6WiMtO!BsLKDhZ^nP$@Ar=nw)&qYRYTRuFhs(P>!HZ>(=w#zvVS;zd3JuPzc@d8k-x}= z&OCnkB7y_(@bvh{p!{X>&!4U;28!7W?q+ z@nbyep#L(!q$?FnmHco2&=UV|%l~iWsc-+C5pA)hw|3g!pPjZL+ygedN<9sb963GF zI~FN|9%_b_g_;j-hL!d(c11BHFKKksR{ArD)$STiO1UFXN7J^%&81(&d}RtvX(-vA z5t6j!2!9YXM$rJgJ3VjZT0eIr-eTxDSwLpO$xgm3GmZtCUf38-p7mH!w>nzXv+alt zW@g~AG+wCJ*4LA6@xP{R+FZuHJ@OsT8qa?b%Cg7?RLcMQeN+B-(A%E>8+jV}|GGnp zmN5#F_ut;^z6PIE^j#@32gbbCbYa>0+I|Pm8h`1($hFp-{vY>D`;Xqi;Wq#OMxI9W zUt#j)WIL=j@|?Wh7^M*LRNv;w@S2y}-Xy=`O|tZkmrb*oC((Y%tW#0Hdpa&-oADD~ z?g-D5fC+OHe$As7LAy((WmJ@0l0fkURT4~!bXCUqtY3_|7Wz+cmgTl%u>h#l|Csro z_J8}m<8A(rjXaI@KUO35H3bMN*a7fOt*x)`?PR!*_Y{jY0h4*LOt@vSF4>zYB*m(J z!XkEC3<<26!0QAN%o^J&cb0$dg#H^A09Ew=uwT&sAM9`Kzc=#SJNj?41K1t|U*{ND z&YD0oBUok9w)O;f|13}cJ-UL!X^c`>(SJq-{qG(24g24{gQKndXEV!gHZ&g5gPG3dKgcifD}eP39le? zgjC-9anRZUF`P1@0UjkOoP?iXz|(sE>#hfWiK82UVpfx)1QM8nD2$=k@?N|hzJDbs zg{>WMiso|^gWpcyf*?$B%bSLz%l_r)x4hAxX_x&gU(BXm`j7mHuj20i$KJblw{2^Q z;=jN3DezNzrb$moOY$Q;IR3ynA(V*`$rS^*=t;^M4&49ry8n z_wv9v#`JJz*S)#73h8QHMgt2Z5PN@&fBf5MV1WRy&|-km+Cw+Z%HDUs`hTa{(|!G? znY3%$s9yh*l$-f@A zP0s$r9t<8mlHjE;qG-Ea;!#R~5|Si|K)mvOFvn5QajgGX!416_bETz$T5@A8u}jKw+dzmgJ_J!g8M@nJ{qb{C5@A@YrrGsl zeacD;i6oW2eiDNSGg&jwcFu;G!jb9x z8n&-u-IA_#BlPN>Ps5t8US{eJxP^OLgeBH|c{j#d5vw;C>wmL3vmST~gdqOk*jQiu z^x`yAtL+18qqS&B{W7fcFzx|s%3)UQA!l57LQn$!O=9j5(Gy1EQmQQF&&{xI@tCmI zEjX|8&@W@;c=L_mMcBzMqcXCP&25@j;a>goU#<3#QeRR7lrjn_gaT?w3Y`}-SS3)Q5a;*RPuXb4H6NA)TH0y2!v=g1MZadcL zDb`4`U=UPD03c0~KraI<#Cy|q*&gdgxf-q{baBeCO|Lw&LkiPwignvl#+d4%lv7o) z&Jshk#eZ_QSc@zX6`ZPywah!QEzVnFo#mluGS*6Ni+dewCCh~wKptx)b;g!xZ-sSg zwO%fJQn1eQa%@c^TVY+6mgCBZb!p;{_MO-Y>on0vqp{9%hurU2SMDDLtar43Y>l;& zvZTRkRP&(R=W49XesZN_U7cj5RX^I@c7cX=mVZj6$%d_@XSvr6n`Kj}7WAoDv*av0 zq3o@&HfL$MD#5xW3rv@8>=f(5xL0Dm#kg;WwIP4ZRXNtC>@?jF-xli@8#cR+KY$He zNq^H|!&Y3f21Jd3S zYk!_$sM!@P%~^EMS1{GFs#+AxuvXI|ZHM`mSgVgZa_xO8uHU6WtwDvxztBBvJJ zXs_a^&F56M^OabUc5fwi9Lsge&VCXw2P59zFu)`Kb(VF&|}rAP8sB0?jU539h0 zuIDLq5XA^X`u>iv)?NLTOZtoSQ);-dgntQeU; zsJ+pG0qgXZQlyY~X;QD7CBo^ZEox>0RW6!NtC&@yZ&`cSjj#v+eSK#rL>e|L<`+tc6 z>-#pwy@$tW|D7yh7?A_+eOMONwfR%$|2v*c^7h~3ljEb_{(CQv7Pt+@ar)=Tp8U-o z4cyGEc?#Y$$^ae#kQu#1bKpcl9EI%ER5x|@nr`e~m_z`ArMFo68vxhP^Xcg}0CJDw z*<-kI_bOx}I(i;(t_?UahK`qPo_~UyrROXqc&?Nq2nIePg!zpP07#;kqJ(ZeLOCb( zuuuf?_P}#!XQaV8hBr1hT3-=_nW;mVF#C1B5G*f}OCo?ILHOVX&4`zv1G-y#&H*14 z%a0b(hxy9)ZL(eruF>Wu!Y*@`;k5^r5+-$E0cn69KrhQAZvhlQ&z}M>oPS6Edj`Wl zq38I~%B2XUZnZzL_u!O%81Pr3jWlk81q=rHdWX!Vlvc%WOYRI9Avp*F!dj!3`=;pr zY4cR=|7-5lzx4r7z5gE{AB{BspYgNNxR3w2mxrf%Wf51TABEgXvP}Yj1TLmvJ+coc z_VECKSjj1?TJbYKnseQbh=0DkK=W+F%?BZHBZnL~QRtvJVL!5K?m-;6mb6QB!72d6`;(b5c?k*#SR&t*mU&+2 zqFdlVXNl|q;D4Udzb?H$(G*OMM{j>Jf}&knVT{6ro_D?e5c`M#jFJ@&kqg!yq=&E28kJ`+SoNEGRD7ir>1ayXdW?h3(5G4q#J#<4GqIG_vWq)4^dY*#AfKNt>=OV(< zD)B-@q*XlgzL(93rkIaV#KK`n&WJX^zFuxZ$JC2A(E`jpKS7uR^3fXkHjC=Lctd}4 z4uh3^;kp3bCKv(~u00%a1Fbd09;I7`7+XqoCDCH9!u1sV^Ixp4jD-H`-EZt~0NAlH z<^Q9vv?d^4tbe$WMLJqg(DHIEn|Og2L}_DaS?o2$3-X-(V&I1<{Fg9+LXMLfQgXl& zd1i_oVTd=}fyU)-bqo!tKvAG_Qp>Q_gJ3a8He)5HAY6FiZAsC@Cl+)Vdr3LTVOiH=m@KDY zcz-ZVL%WhBMU_QTOg|;QJm+|Wz!EA=eyp$?nI$$?EAdHIPy_o&!p>E(8FMm7$&xOj z)?`U5NwQ=BYRPiage)1T3bN!om`F}`c3w@a1z^pI)lhXiVl4pdPORT1xw0cL78)bX zn}&sl&b{FvWhQLOXpKcW>@1hJ5>Yuz{(sGj<};&87JwVdPX$j4oOneU>(MBXZvqss z%kua{uyv`SeZJDzROyJ<;p|{U&w0&Rf>IB{fH+I!u6S^aNZ6+FC>YS=YqRs!n!93H z^oC909x(A~iiE;@U!%lQ`eOzCPp@u0l8|AZ{~u-?Iwkq}9Dg~< z6b#=*m%LBt(>X?Sgq0WXqF1-bStaQ4*ggSK=x?43^TT9hcQdDwM&q#}2wRJl=b{7J zaf>r;bVx*7s!Ne12nP9_HYR*=b~*Hq7#<2_`BSu>_wMAfjYr@=+2-{#X7XwmoTm2$ zwyVkaMezs2{4(~vgzbOyYCPKj7=LE>U3!&8d?x7SKZY3kKJuS}5fITq3E-DKHd8xG*@ z1&4T!@C64m1;@N~CK_O1_y(VN0pe-!!DE)W1ds&cguQEel8PVjP78F@e`x zc>6O(WEs*U42%Pg&N-ypP=5se`^DQgEO?$!|8Va`l7iqk=5GUBB9&`|N8kC`^U-u5 z)|RNxK5Nl=Gz|F(U^rF-c*_NA$KweT*QKw{5)=?FJ_6j>hOM{ph;=U`zxUXSV}wgv z@LZqb9`Y^Zy%(Tpl}y3kM*QfLXud|!ML7LD2?pXceGNmGEa5duzkiKIRdgF8C!uGY z7p|1gM0VpW*EC`0Q^~h;gkML50Z)sVJ`0+DnXNw2|NQuaQ?4Xqg$rZFi|W&8AOqki zU<}kS&D~mKh!YR`8DU9IlCCut#8?*jkQSkNcV5Q-y?+1xJVlR-cf}`Jk7RprH#r=``)=fLe6QS64p%4J z;*HeGw)l*{K7XNH7t~79xXcR|OPx)Ec=jQ!DYGn3Z@*UkoKn`$QWEyzqt8qJOiaI)JyohN)s5I57M^ z$?U4UVC5$;MA3@a;B*;91c4}I;$x75#Rs3!P97rd+Fu4Gd`N$>{01(TU(wZ)ZpsKJ zmkQ+J&@52rlek-fx)J7X1nM00J_PEOE$v01UWvhj5vc1YYA;alAW-jxLA@}jRv1LN z3g{%?f;fnacYn-QEo{j#exB}801^Nte+|6QrOa4_0raDAAN$Med3_t#SFv zBXG&Y0-I=+$}zaVgxq{7%%UuZJxDj$h)3k5^+V`K zi)h785X-tjGaE;%1X(;40gqtW<@5(K|qyh$T|{dy(`5Y4#AZ4Mn|gBQ$TMjV%E`~`@S5YS}ZJOG>>5(2{Pzltk7D6BgO-OLH=>d>NY_*guXU7GAxw1 z3bQ>BESd0w-$&TpdK1DR9YRVl(VU`K96n;4NS?>RrI&u%dn8bi^C)k&?B0(O8^~~N z0DI(mD&sgNOONlF0x;cTShgc=JiL$#>3DQgX@CEWkqE}b8FSV{o85#sWpP|A{^9w5 zSwBbk24WYvmLPWCDnlUigPE`Vr`$%1bAL}MLhsW#WF2C2xAq`-k0F|S*BZL)L^y}Z zlDBh7CsKA%>=@FPnxN1nDJ8KfkC7`Wn{C;&_Xgy%{O8+c8^RvqZhAmlw3{HJ$aqL)Qy8Bu)wine@L9z{&z7B|6%`o>VNegHd#9v z116>aENhM?`G@(z(U9buBufq?eSbN43L%;GM;|7EOgare(EG|!@Sjl*nSX9I3^g8T z*>ie9b1!J_1 zX0EPWdcoZc zosH!pA8yzU>~Iu}GCNX?f`4euVJpR7($Z5}l(qRfx&chT!-Nk^0)pX<>dQM@IoDh& zF6GxeoYctWEs0vP29tVofwvSJ(yp)B`o$b4TlWjE>Y?&OF1zgU%wsBs5RB&H@RO!LY`NhnMSu|X5V`k+Hp3H@ttjZqk?k-yb zbvL(J349;-*_yWYa(|<(!QsK&X^V@iztwi~M=rD4?XSB1Rky$D@~bZAc;3z)lQ+08(A!?6q4`(W6sn=9)_1fTPe6Ul>Lxza6N5T(Kgel zD0X?@a>)9s`0w)KMh+-zaA_yENvAey@_(@3x%lss(d1~<$A90)(`^1fERi20Ozb4? zkP4t?{tpk2_4yx<`}{Bac|LwT_yMfFV9L_D%sn5`Gk^4XK!?RyqAB>{;PdAJEj4&` z8$%YOjpwc6#tg!h${vVv7C*WX7;++F`L%|?%04o|h0SvdF>g`(H=bvLmQ1A_pXf~@ zbim0W`{@OjtNGl!1w$(X#zMJ${ygC5o$?%Lscsz1SH8ai^m55O+W?GXhPXZW2jb9K z`GmGXJAXmI3^{N`5Fk;2!2d}PMc&=HhkTbin~)eLF4VVA+xgIIr3BHl`a;M z9EZ*+n_EFBycFZ8%IB9A8kY7(9c=zvWNreVnEnYm2n_!^1j7%*cB`r3a!NUVu{>}T z@PLMta^+fMg8;R%`30EP;pN$Kw7?iV_901t3(4{cuz-)k$9X7E?r6~tD9Seo+(3Te z34h=<0%V0nd_!rU!x8Za@IuF5xhTyWQoU%?s`-`s-NKJ%(5I`3=N+-ZDEpYTr+goa zsT3aB>Qri^@>rl~*g0gol0Y7l)eM|Wz+)eUO1n?MC*bk_Y1H#X#jfE_T{<|N+2@#P z2S%X}yp;VU-Dxzg9w<$J{`@Vo_?1sH{(q0lNv%w=&?+fZHUBprjZaQA{_n8o|Mv8J z{HSsbd^fPg5)%RkzLL~p!s=D|uBH)$aZC=@N8nQ*lYNgK3(^j)K+JwYEV% z_C1n-@4%3^IebD}16f*72E#6-_vEF7$b#E?#j%~2bCjYWwiXTpfF<$+n=JX_Fn{CB zPwKQru`Mqo2@Fl>me&bj2p7n;W}AF1DI+Vbm}caowK!|=BF*b);0{UwrE@Wr8tsoC zxzJCe1YP?IK7aoB5hT%n!@vhNJ3L%^KpgQ8@;Cs1?$Ff$RnZ-*l9zbpS_zeA1aPta z)02Ig8RqbsTAQlT4)~OwJYx<_YJYM$HK~FMWTa(`r0T; zgpFhVV;;8Bm|Q3PgRmFqQ@~yE~c9v2ReEvKwd`{pZMItwlGP7c#MwWI_ zB}Npkr==UIG(alQTbLs_Z3qB>!lXzM(88qM-$ONm2yt*r3#NN{u&MNcC)RIe&}Vx~gV1uuiIACdWXP9XpzJT~xY4M!7U6=MsnajMrm^y>%dxg_d_I#z4+|OPb_t2hJ@;_-r z(lR4_jsEv&ayZuHf0LubNiYA~$J0vw2Sc|^254fSB)R0^SbyL<7<<2s!Sp$2EOOe* zQy9aU=X;5Vi2dUHObD%r{TdQ53{i3u;cG8k*w;UDQP+5=fql+c2L@CXN}8&&4T)mV zt>qa?AaA~|AyzVNO{;)z6BM$hawUa`j0;iE_(<+wf?9SK<>t2_hUg@s>&3OZ7uS~Y zxw+{}1yX}j=6~8$J}1;QNn0BE(T(RRS+@&RqLO*^4-&HluqW|WukD2jklYhFjWWN3kI@coGrFyH$SqIB! z%binwm<6-;4hR$H@~-HTh17CoCqr2^6s0%3wp|zSQUOZyei}$Or(Ec-2>X0m@&9q; zx~c2mjJf_bxeL_r|C7nHBaQz*9-SQa{Qo|l#{9q4?gC)&5;ef9;ksj{>tIa2&d;Zx zQnSCZ0)LXFPInv5QlA$Q+$DS6^RnQ(2Wxwv7zCL4L=*Mq{FoWqd2i&R=(ZUYNtsoA zs}WM(jhbVmIYKwY$p9&j)t-$XOmp8$5%1(_b^Z&cZ^!b#$@oaO|C=05`tyG;&mGwR zrKW%4w0K}rD@nw?)apw+>2uRpZAN82>=g?EOMf^YH`4vbI7%WX@~7basdOsliCg&n zS1~ZiSsdh#&F;jpo2l+L&OyC>;E`@0*q_v2%+u`rPvgRNasa5Y{~td)((nI=hm+p_ zcP~$;^Iwp|ejNZrqrC^fJ*kvr7;XK~ki@V%AAlmnJvaf#M!zmEfaa67wI4tcP+e-1=~18#P8LIp4h)OKtp}CS3vs4=Xjqpf3-8`} zp}q4$mJLA}fd}Wkka8G1abK`9?m>N5;+2rDPLo?gBd3Han%#j<0t3KOG`Jpqez1mE za_r__7IMp&daGxYDWaU_C$Y2iB^HJ^CVyz=yf6)69tRCU9tRB}j+YG~j+aG<$_U8} zD&_&y^QqAlEK_TJliCv0Ni@V7ngI(c-tPLl)WHihzxLSkIAltPAa z?9!;oL`o(;QeqMsS=fEn+mGW-DZjKszngMT5xvo!INdaFZYz(Q=FRND-KK%FO*V1& z<89MU{u{5Iw#wgn{qOi>e5l9&dw(|R{Xh2dw6p)J5CGR7W`-zrjnAMEy6=1_5N zDyeI+jpFKU53?q6YbnTpj)Mq!8@VXeT3#UN{sVgn`Xyvhg1Zii$o9h|3Q|6oz3F~* z7vbhj)KeCc^+(NiuytRQO;ctn+@c3LnNE%oDC9vj?!Zl>2i~)iwB7#S&3^!>-u~xU zxBoeQ*4zK=<+%&}-);?nI_dpNxw_s2=z*I6)oHADX9Q$00V*`E-a!4hUl%_1sET@L!V=`#wxLq3k3jQ^W60JG7N+RMwW@3}KVKiC^^Ga1V!a2dvm&Rl?o9C@fg>``6x}k7> z*tKEWg^{qJ^}9C_<_+!DK$th#n+Na4JeZTB9Q*q=4lbDSayB4u_-HiZ6>F!|gm-~s zr^31~TMYxjZZ&K}vdeBW zHd#BxF4Xsdr>eg5Uhrmi){lJXLS;Hg0edOMdajwomCmyfHosD(WAwA<8=6XqZ%#k& zyus9*xVB|x_DWE9@2eVFNz{FQGi9)T?<$$XOmXbth1`eq0Z2syLROOSrsGtDqNQWD)$rF zc6I6g6gf&)aL>&DYG&Fwrt1^ zZYXtgRP+O=z*r9n+^CIuJ9jz!dvqA!P43BEK-^gF)>%N@)%M~lkXtX?I|}qsditlG z{%?-yUVjj}Z54qv`o94u4cPMI$)sTab8c%E*itM^4G07Y)=roQ6(Ax_bNr>e3Xpa&UB2~D%q2+F>P@F zI>)r>UiY{|-D5_xaxxyK5;EgK^1{nS~g=`Z0UQ#abP5aEs8Ku1ikO924Fx?dpv0{WR;cQwCJAk(r zy!<)B7rbZb-(D#w=k)R&*c~-a@K1L*tLV_#@I!k2H z=2&9tkWznL1?$3VozhBg;qA||O09PJ=OP)t$6g$xoHu|9q3Vd&VdTZBpDaakR<#Zi zUfbgG!{<3!rsw+TgA;|}2cd;$dj(J3Wz&zRQ5YhJ9y0GuDY=;>oekCpt}ivgkwv(| zv;WrV_uoQe`9Z~}PyAsrdPdGY|`ZVohGaBOp>7PBnkh{Bbug%jKkMUNz zzN#A?ZjZi>de@~=q7bTWUeWGMI%rYM8&QWHBv-$|?qS?CP1^>4r>BFXq)WU%k-FXj zczb{8{aMK3o)!M!B`C<&7%hB8-xO=Cq3^j;oGrl1cZJ=ACDZM5`;N_*DU8@cqfdK-UDyGl>H(YWVFr<>-zoHBQ=>}~-10V};* z4^){xxxp~(Os`zqRzuZjc5mCeo;huLpZexZ{wow0bc_F2ssOGmXVRSMO5?1^!Fs||w{m|4 z^6Ql5&Lj6lN^`w7`RmgrOJxb0;rA@g(gm8!kuF*o(Dwx^1JEVWyO|yWFTAK%?W)wR z)DR%xZCemo4FQ5HxVVP8it|u_@E}!h*=7IN#PhvB8AEW6u!F)xiE?NO*}#RkVhkix z&Hv0eNQdgC$oRE)M78RLjUyq*InZ7#H;RzcMY@qV4qIszZWhr zBE;S_3j$Gd{vVx;_4toRqtQ`+{_o?lENjp`29%i(sE~t5%F)1nN4NDcm_Fwj5^~{w zt5d{>D7lI7HQg<)f8+<$c&LGW&O`!*6!NC3Y&lCYV*8dE!!p#Fn$nVKYg&H=beo`% zHI*wV0@m=O?u?J*&iNlpNHcmS=zf`?TJceCJ*5UbqF%Mw&r~&Mg;!=WQgLqQU~Umu zwcI4HLAy@genq@ChqRV;4B&ELa>LLZl|)WQ;w#~;4IVHx)hU0oj7VZ~q+###5?02y zd=iSFdQ&Q55bf!5K~ot4&_sVJxj*pA=hDztozL})cVBneVJ0k@#2zNgqI_Cx|C-v9 z3v^k?+ImcAVO@(x-@RuXXA2;-f(~c~oof`jy24OM(Dc{4-QM#LlVca&0uZi(8N#(4 z)wLTR4ark>GW69WR+>d+%kdH5Q$0`Xp)f3shjN4H#Q(>U>v{yQV!D5!&sOdNRXT#y z#(y2@{Qt@ENzec9<=GGKA4l%Xlwf}11Y?jIRx{i&v&>}tz0S&~p9XU4DJvkk>2&pp zd>};x??STJv&*{+6u$=-6e)K)A`>r4NTqne=-{B^1tz<&;PQQXUF=#yGsMJ zwWz9z{GxSYm_9GegFNoHP7;&I`+WoWNqV)fmk!A~GO*iw4CiytQJs#ApXzX_fS034 z#kA3o{-*XmYfO4$%8v7;q{8V=RUPu;Jj9su+noPR)4lJ}ZvgZVbzjxn@LlGIVJ&_6;TP^XNlc^p>X0g?5!^muOq-|8`QOs)H+|~m|N8y^ z_@ux8@8{X#{$Kn3f!h1_r~JKUk-2B<-bO~fTNv|hWyJf18t?W-yI<_n=KODI_M1M{ z=l^(gGSScf$@qVy&;PcUX9xDb=DUAy@B2{geS0(C`)7hcS&;GeR=vBl=H0gy?~bf@ zyIAdZwATG5t#o&5o!iYmcPqQxhh&etOEX-v&1q``-1{-S?PzaX+2?9Y+qNtWOOj$> zVK~#&voQ~VjS*>YdIn`*3`%ZIs0>PxJuwyS%9!L}?SX$W$+g#=F=1d@GA6mEn=>Zn zYF{~HlI!$6F(x@2+A=1E%Je-1m&(6GfcILhF zWqR#Aj1zzI>wemt|1I5q(x>M9KRPO$|C7VHPoUvq>NSXD`p)$p0R;zhCbFaIdOm^H$w^^_8pQ@86kk*G_!B^WFn_ znw|f|bCCmaM+sn^{BJydrpy11d;930DA z{ezVOsvJo#1>C#Q!)v9_jgi4@Z-6fBx^|X?*_Yu33~EN<(^yxJ`waP1_yXw8{R+zON&jj(+jL zW@OOK2;X!NXy9J#L@p~?0c?uc#hVnLPFW)R?BE*TixK?xj6$QidRu?pKhduH)c}7l z6ATly5aJLb{;HfOl^Wz(BSu--D(EAZvKfhL&hST#?zW$_uG7|N;xsNv>uNzJ%AnS- z3o{#(y(nz%k{eTCryG7w&@F^av@gWLFh)}_Oz;W~jYT+zeRTefhBPthi0bwtI z3v|Bn{Y&O)tPG6)CG`?5`l=Uzr1XC?0VX%)0v0j$BJ3rb)4Z=Z9|G-DegsT4ho%+* zaH24QUWl;5<8!)|_Zx+VME~=Ru~&4*iwI?}>2jSGJ|}RY%!4wH1_3Fr5vLz>f{__I)_|f7G{gT6)RicDtLDzr9h>+(a zoBcO!M1BIm0>@50096U30f=V5^D<5p&b@^-_k8sH042@=e{m4aen(Eir;ah!835zb zq;z?E3Y{go^#06kFRVTG*>dQ2i+F#c;%F5BN+S-=aur^mN0Dztfqk{&DDq1% z(5tscfDZU2!X6@*Fo=Eh#tVPEq=1MrIfNCq2rF&*w0IG(GN{|&_ZHrsMxnF97=`)e zQG#LsZ!IUQQH5mzc6&t0CUk!CBj@_%3bTE_h~Xx5tQjq0xuQ%FCli?V$gox}H=$EC zVjLBQRpl_10BesGx=k>AffpoSQa?iU!p76r*s7v00?MAQg+@v@|MP!>Myarg6<}%6 z4C-JRLm8lOtq02}AA(omS{Z@yNCmWx{8fP7QhwXeZLv@CLP~o9Eq~4eMJU^+QUD|9 z{u26|DGQubL-xp@6K@eB_Y~pel!1B+W1V5MvYTqB`bDe>@edq?6LJu2Ec(NaQJ|D3 zs~InC{+#uZg`BFQDv5tPJzz@^(ofu)O&{Up(h$vsHdUA$+C`<+l3^?dSvj3rPi53# zEtZR!I@7`>;D=#B^sh4$Kn`ra)!=o6fBc^}FInr;9{Bz;%*nKnF zb}Mq^hiUz?Yy`5|MY3##mv*OoODN8P5Y@bmTr>qolTrEfG;71yC4tu#qJ45!PiH%FC^qDohxYn!a!x zCgfA*OMS20&CM8ch_BD)rH%e4jsL#W_z&aJ;h}E-F*zK!@q+?Y0s*+UM}`6k0SGY? JHah?s762fXmWcoW diff --git a/assets/kubecost/cost-analyzer-2.0.2.tgz b/assets/kubecost/cost-analyzer-2.0.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..661892e11fe63a4a2805adebdb92a5811877ecdf GIT binary patch literal 141408 zcmV(*K;FL}iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{dK*V_IGVrl6dho{m9)zNKh0+NvXukP@ z$u?A$IZXTUp#*NPy3G^KiPlu@ZqB;U;NW}|Iv7V z{7+>3DUsOrr&5~Ae;R*uU(Lb&gZ!aIAvD!o6l&5Vgi6ilG}X&$HsoTI^WsWP$lrQ| z5R#CBuGoZpEmo|g3kDAfsboGOORY;a8I7*5uZLIFjG1jUOvS24NJ=%$#bTIJt#f9e zrp)xhSvDahmAYWEvsuPfnbS>zy?$e%b~c?esw-&#_V@dpEhNhsRm=jb?fM=q`L|3e zE{X|RAM|Kh`kx2G@$jIRF_lVQYIt-=zGnG~q~@p)y`-8brWL75kK!IVlVZj6l2vMt z&>|x*B%RZO5-rF|6kH1!aW1M1P*KAkPYrB0jdofR=tK=AEz%{EW*k(R-bT4t2sQFE zT^5U8*T~lOadfPI{rso^lH~aH1yM|{nIxHDs<@{~&ex3ag6Jh9imn(y zB2*E#K_B!8DgBw40Oeo>o#p1pYFRPU{pp;{X|7m&e8@G=b5aORW~K+FX`Zu;BnkPB z%7Pb*33zt8M3o{UDdvz3JLCpdk>jLm74>!DhwX8i0u zU6nZ_G|MDYiikO((X1KtQ&AKw)kKRSIW5w>%9v@PMJjS~-*!uc^y7IzP8WrcEHlej zn{hyQVCIyim1GxJ+)zC}-%M~7?24GCdww0ma->U^UcrK2zPuoYq8oezwif*N6_c9_ zCf7V=<*VWpQBER{^Z26~mv6#OCs>_q1zm5gde?DGXHnB-|_m=pn>B$-RGO6ELg zU%kCJIe&fl>ZJDY?C|2^yEo^@UFa|>nYrM{;daf;e*!|L+QHz%)qJwg_E z1>Csz-Br=K@!{i4tSB#Dx5<5C``EUz>}v~P_s&r1l9>+rW+(Lx6!QJ)m(XFjAyw*GpEI&Ipx^RLanS7e{C06_r;^mpM%tIeC3aa;^-G z7?PKa%7Uy6wV~P{u~ZaFS|-d~yW5!z)_Q1v`BtsmiL{#B*--_G>}`x$ctBJM6rCH zWUS1^h8dP8&sl1?DRTdurDC;WMaHrR@P+0%{~_vIrIMD6An8@Zp50B*Ev(q9vpvE! z;fgHzVwrD<3?O5OICJ+D$+*&z&niGb%%d4Y=v$V#xx7l#^eU5l%_LkKqZO`3MCeC~ z>8ebs!oC9VNn#ctG#c95fUoF+4J9juG7RG8tN!AO4Hqe}ebME?%r(cNCw=l?w*ai^ z;;a7pVEFLyaGaQhJ4g)tald1$?V$ZLw-komj+Z#Pv!O%adx74XW4`*3jq53h{e1!B zII)M`U$4NREQQjOFUMa#9vP%Bmn^<9oAkmUn~~YZk7)>Bq%_YJ5P`Xn*HpsBv1G@b z12;S*YDDqOd;@36z0RnnGpa1{Tdc}6pnq0GY8+&I2(vUHI~Umz$jN#^N9QM(QF~+(Ywe}T*_6s+LeAg3JeeMzzqW173qob#Tb5E7c5p(@&fh#g zeR*Qr*~hs5U-1=(J@$TMmT1ZHpi0vx=`E|~V0^~yX3=#4wu z?0?rNx;2t9Xx~MLe05A7Qu8fGT10R5+##V3#pPt#WOZSL2N`Ty<~;vDQM+D?lg~tN`yk!;PRVxB^WHSgpo16hwo--|9Ma|^xaMLL3iBvnyLzUDbwSW%=w z{Q*iKg1>>^Q-7dwt4ORQNbLdxsR z9Qs0-uG64@HLd)ar#X|Lop6^Iw6m?w+1y_V$CkafA$Xz|rv*Z=L?Oc3(Xm zKOLJB21-ww@8R`hNOI1Ls~JtNl!t^z@FJ(_)pu;R6yoY_tP?g5)KHn%$T;K8qDGg_ z05E#y|MeeR{&eF4eUfOf0i9RslF^mwLg>BuGrYz(LouK86!(OEG&|Ue#^|(2#fldT z3-<%@eZ^BLl$dJ*$aQ0WXda%dD9@wSA|x?_4KFz>^uI+Lxz>Va8OKh~cecfjppT1c zX1K5kIRaG{vA=y&z(%3UgX%g9vS%dzN;{PyaKYj7g%8~b%#&lv^9>LjB&f40TQIxL zi728s?_3Y>qR$heHzk|6&l-OQL{+7sM~1v%6GIfzN=jZV-j*5FECNOhm&DXk>L)&^&i` zi){C)K!ECJB`&qDR)1f@(Q6$Tcev*Ql-9abUj9uj$Qo(^I_wgqle?;>4n;&7<}T287|TZv!PBMa?M2Coj2ta#v0!+2bfBnABikmtP4R(b zIn{j4&{(=QQ$p8^8Un7#W!T2!;lUW*o=IVD0ocS{AZJvuoEL0JUR4UT>kH8B8(EVU zB-tnTQ(Bnk1x&-5J?Nam{fspJ4D8-i#d05}A`vw$9s zGyk@fY|RCjz0Au!BIa`=OwBg-$;U3$o}>8@wvD6oHKVy+l8e*`Guu{hiH#cLx4Z%< zl5Go>dgB~ZW*jsSpYC}bueM&(&HgUTUV}~vpVxX+ahH$HHaD_aJj_VB4WAuzx+sLw zJna~6=3j0bu0NVwkqYHxu-C21N;5R_lZ0?KiPd&hAsJ1VruEjjfEPfxP>C!jF!HJ_ z^9`Xz?G<_ce~w?Hek)~Wzt`joR2k?cBeX1sovO*24vpryxDEr;f}n!NS!m*(EwoQz z{xmR#v2m)cldyKGp4$bQD7t1DIWl-2=0=JE<-TNw6x>%2tR{$?Wr0~3;VX43VG4jJ z;S2bEjz4eIL>m4J=1p02Vv~zG+fG~e_SCB2BDjXt(p=|kLi#6melB3B*gdi8dlGG$ zz7`qXgy)V*uxFbI>3cE}8h~Nv7@ch=S9+0Ig{V;BD=#5T2k5GKG0>p*|B$ik$nrULHK0JbpTP{PaJ!?I|m;efVZt@~pj=fWma| zB}d)#dY{R}Z-V z{UTRSdoSRynio&^wNqbX!$kQvA8;|amFR`DT1vB}bxhcM?TsDDkNwu_WNTWaEc=-j z$U^^nt&tnt)@Ax4>t3T4V-V9?aO$Iq1iD6O$z79AM2i3Z7xpiAU3Xm8;9&AhGJ2JX z>!M8=;r+i0ZeHbd#`1~5MHWmmHH}uUvE9+(0yyKJWy1qn2K+D15Jw}sD>vM_d_IhA z9keObph=}#T?}d)z`ow^lL1MEluVVP$iUf?Vk7fU>?ZOU592TbuJaYhsHQ{|L$e1; zksU_9{p81=tgOT7s$sI1!px`nZ-O@KU`BXpHX43y1Rs`GlIzWpC^UPoan!OZ4%KT> zoC~322SSz_>G#YUzU}Z)oIbA#%~$L=Qa{ht3n{A7$h_nI0JrnuTVX(uerI9 zq_k~=LLHs=L8ETnn!!!QHT3qyWAMWRS7|}sl&rW|^0_AW-yEGia9Up#9PGeP8r8z6 zG!P{#l=-CFy(x52^Iq^BIn4vOdxnG426BWxx3q|mJU1T=!*Q+ea8Sx*S^U^JyEHx= z5U_FvXBt|TYACL?F9-nr$N zvXv++t#1Duq3 zP8Vi;;GbNxz*NfIk5##lG_z-yl7d|m8{UNerXoY;Fota)b6U;psCi@v=T&?l{5sf1Cb z6RT@^dwx10>Y*8Snxtx-fG3dcZVFEKbeO6&SQ89I=b5?unfVZJ6SYRiwIj(gTq89h z7C?dk5@hcZbZ0Y@adG(SCEnXa*J7?AT-(h5fS5APB(+^CFKD1deO%0!Ov9oRBni;<8 zO#xfH{Us5S@T`1gU%WkkNmkYjNA!ElWdV zLI*8ZojwX_CG3=!_)(>omwd%Ur6*+n(W5aLkfMSh05ci9s0_6>=l9>gyY!S2wj6vf zS;i$x^{s}rK7f$KN&_ED^L$3rD}#y$W2x`l+$z}AVwrJPqzn$m_OZ=2hJjm~4KIql z5NJk~GicZe+9R{dY~>A68t&4n;NMp)-w=+DUcmUoMh&>i&D@dGkDCN-X!_@tSQoTN;`ieG)HTx`_!l1aEk$@|CSr^LqkriL>Lw-A5^&hAQ6Gx=~Q zm!eS2TvreSgS#+e4vlZvrVESWDhX|pE4JB+k71<@8iu4%r9{f%CISaR^S*1u4Q!~7 zUYn42$3bhv)lS+%|Qd9(iy3Gr^N9|Uoi9?h4 z!IEINeY-ymHl33ZpmRv*&=Sr`e;OCTYZoMtOt^nzI2kODya z3T@0nWL#OU&oFT?$;iq0*|cWY6}@70r%BJdSaF~gf)?RGm15vPVCUBoCA?czMD$GO zmz$FH;j#vN4&AqVMBuG+y%dTOmc#w0$dalc*e|IjAfGbB@tM{JH!H{SB4F|@JnF&` z-%O%cW^(&5XZ_|=Rh3M_l=WLHVdPlDb>6TTu339MEK_M+m04y+1aktb0 zG3B?J^ADH|*I|3mEVHrrts#T807i^$YC;D-iuRqkA}npoxKp$#>xD~HDoT8-mu!U@ z0cfh>xHD=fE)jak(UBuhu=>FCM6pM?SeRK703+TA@Z!A19wTfo&Q>xXtwhH1ky(s-KVC6X$vh5C z<3(Tr4GNBVwtRCvGz9r0u2QjPa-B4nuCrXESIVO4 z7z9{z8{6)=b*J!HX4sG0jegBej}iI53qus`4mh@-o-=|$TLLIW&QxtLJ5B}@Yajzl z7u2kp6Ep8AQqoN>Xa-z(bbQaB9h$8%7vw&Cj~o&>(;4}V&{PVgtPrO+L0Eav#LwPk z-Iy`OENUt+{xB3z?|6X%S*xpG0gttHiFdPC(Ym>X+cImPf^~{U^6TcE+S~b-v*P)p z0oVudM*jNp@@#r`{^mdavm^T@23RTC+H@43=~YCJ(ViG79jsa$^v5+- z-}UwNP)Nq}d;{EM&S#R!%?NDXPC=fS6O}B)=;;?9x z5D3C*gMDZ_@*8T>8~B~vhnGoNuW6`Wi zyf+{QG|PtMR1<|fnA!MiVPt0rd@MwfxUD*4OSXYF{ zhf|k=NvuK^z_3#(Mzgc`G_|TNXy+6REeMWBHmg6Jgr4{*hXrC zOd)%(B|RzDm>b3IgV!%kU;oGS+_ z?dy{sQUhnh-|sv5plK%>+-xBBht68lt?c1UMrm1@9>y!@K(JyfAo;vhc$2HVVDzk))t( z1e$G>HNhhav3nc>$EUMOng7h^Osc8kKQKbbX4|G^H1znw#gUpD7fu$-YB%rDcl1Va%vKyZ4|Gurb_|!nA~Gw^HrBx6aYA#r0cn_Erud@psauRpMpFpr zGQ3sBQc;z;Q|i=Vl_m7T1O++_NVy$`uISQzO$E4hy(57z7y58xRdIX~t$A zyRlf&bm%WyJ5P8CnC52KJR5%B^&`eqF9)^^t-fv z1p(!SixX=IMS-|Mx?+*4Q7Q@usvOmHEF-E60ZU4eB?dGmABixTkU#&$g|m4-=qnb9 z-LY@-$@dk_|90}8D;E@=(k=F6? zW(v+3xN`GifqMYo$&ROk0XdUgfPj%xrOb`-k-O4t$I`+~O3B!&!~{d`VQM;ZzOVJJ zt(d)Ih-RZ-u$-l^s`eo;k%!WbtEYT+vPlp?F*W9prE*BG)relJM9j>rqZ{o8o$DpRWBqh0-D)M9_B7DNaF=Bd&D}6-Yx^017N->oS=RPNiaQ4jZ=r2 z|IlkS;dC{b{DG#as0#hZiD>|y*^sh4LhAJJ73LSy!tPtVDXd5fe#BHMd}8?4x}GUa zc}@5|{O)2JQlw2GxlttJ{vo7N`(x`nn<_1Q-uO18Rr_O&QSd}QSlrAhMq$ zIBdwC@eL6eFXVQ2s58P9`wyVdsPh9KqRzN@^Xg>!?cw?9;j@=bjfD~`Hud+!T~!w@ zn=VcW19maEF}Mkzf?P9ACCj*;YN2UvmKnZpv|;Z{Rw!m0t^6e+D*a}Dgo26TXYBQH z()J*HR`EPT%aDze2oXyuO_!$CHI=I)^Y8e>^Qws3o?O24j-v(xrt{XYVU(uf+)RxT z9?8r)shVF{A%W@K%-n@}ebP`g;F-q32G6{VZj=Y@aj-kX46he)WMlImr%Av#74zAB za|uRya33HhkWU6sIktDeG2N&MdAh$9o297a9nmqL?#Ab9Xi-DRJW><#=;>CBt{JlMjG8S)HjDx)Ad8q|egEMX`>=3!VBbMUwSk#OYC;}A z^j81O$6-Xg4xwHX1Z+oOX;?l_Lh%Tu^K*MT4aKYFh&H2$jpY|DV>uS4yqt2f}Bjm7xq5iHNJZG8pbF;_8QZ)DY0-x5q>j8uF9P4|S)mU?OjRrbV z=|s$(0>$Roz|8)POYl~}+|S-xeq%r%_&OxsnYo~AzQD|iddd9rq~e$k8bcNm_P)%8 zWHOG1bGq23LlMZIa6y1H40nxdMEKmAWM(`EQ6zTR<|^_Ou=)|?Us3WTxhNJe50=N9 z6(4v%1zMyGVm&Ov4jD5B%P4yZt*b5ri4mEQzWHugXYE}#iRos~Vby4acx`+8 zLkN)Wns;-yk9^#mrdoM=8%1b*U(rJIoFy}=tY-Q9ib>9J)~q87Fn9zbZv){C+JHf; zCuEhB7v|c1d9ac%mM*Nd+Ne=7@Ia`4m&9GK%#qtdV<0UGk zIU|=#S_tPQ9jS$_FE_acg*=R13-DIyMtcXsdoJ0op%?$`08`2EiinVjFxUe~w&IDs zDuT?Ni-p>=xZCuq_{eNo`xrbk(p)I!oWZ^`_jnn6M^^N&LK40*t7BbSjc^R8fWMm( zqWEV&-Dz!2PdW-3tmymbayOD{B_%6riYvRFdc?H;KL+(9*UoV4k8f*6i?u`_U`P9M zrycDB4QY{n@*l>OwhiZB*qGK(9>k*LkQ_pt4zq{6;M?tJF@p*_-lt^i;3B!o>tMWa z_43V&>C2OEPhR?MVMQw~T?)2(IW7Qfu#c9sVH4cPj6(KYQkfaWy=K!@;Y{8_uH&Q(HFP!7R8+iU6vf2J-< zs+VR{^hf=__y?B|XnDFS(e)lMxUe=TXtWe6PAkwzL=GZ12$IOV^T3J3dWx z9{KA>T@7y2U!~JGkoj*y`oD*yI{mul1XBIlosMeBUAq~?4KHM5Y|U~}!pSHrSqjB$ zz-dAnQc;LJ^*W|ANXF1U5gD6R3qL~Cu{|1($7BCYQ@LRJtmBQxG=A9w5#+7rxebR0 zW?pZIy&#-h)GUfKH~ca>C0m|B3v*ZD4hR;=c~zu1kp>=QheUc{uR#d(vhl1AhfZgt zx;BOsRi3vrQ|7a^{a1%hv}Of>Cv}bcfI!`>c#LpZ_AuML^=egwt|`xfWr!2d-yET7 z!6gpRaFz8UI?@rP*+E0{8b^D}!+ndR-J%_z5_n8CtW+!6JrJc_ApD_`dMZ}^(B|Loy)aV9UgjA?bgSsh@h23jy z(O%O|)ihDky zXQj}1<)h>(QrS=#m-4{PKO~n?`p|xJV*;dY^XJw5zIIVEKLt6*C)kp`B zLX>dOtK0(KfSkB{2V9OFakk|6Jbs1*3JD6h<)hn~<8on(D3;I7s?t0sab8xWQ>76R zEJdohViWZ2Z|YOrA6k|TeMeV~+?`n3eH>y#S`{vd_lbusb|*v;txnM7V@AIPW|U7W zIJLVnq7!m?bk+doyiA@tmW|zFnI%(N@>IJyG^|*GHK?M@@7pI3xt{^~H;CRt=JQ*T zS1YC>VQ+1pbnIJ0wFiS<{2|_7T`*sXs?cq~WQEUf1s-9zTgOV*rC}tMW<|;z%+^7- zyc{o3_X_Ft^qp(cI^&b?StEL8r4;{xO~}K87u*o{*@gW%9K(Z_kLqioeL*=alneT6 z?+UbHv{3bUq7d0}%}bUMQ9-eSQe?0rsMIK2TP%-|aqB02t1 znr^^9pK6Xy3`3azvu~R!vB_w+0qqW`0tV`si~6LPVjEtpqoyZf|-_?~lJUf@QrDbqLhMi#hCmo6rl=hdnzyYGm(< zivgl>$)0$-goo(Kft%8vc^jaihBc#ve|}GaL<#!h93u`37ri^^kp^VtQrAVf;hnlO z8c8p@W4vR|NzJkFh7Zb0Ef-X?Yr45rdvvM0Ra5KNRI7T(q;no~Q`mAGgwJf8vbRHk zbIke0VU0h6jf8yLIaC=WP~8xeX=wXt)O&2!cfZ*B$w`}--AovQoJ|~C-Uq+WxD(Vi&m0z+yPp78QG(xi!8NQy< zvW#DFF?IIEzw{!eGR1iBE5^#`v1AMOenQ%nsy-G6Gvgo7e=U_@uTF_T0<)~==`n8m z6)iEoz!2_i&qtV73X|j|AvaIzKLDz6#Wv*V<=czPlk=&s1Zc}4Qy;bLd=pNO4WDvV zv!{4oCb*D0BQe_cYwl(i(v;gPvgj!EY)fIf%nZ}I<@xoS%aaL$4#ku}2ZQcg^{?8! z*cljlOG0xdL)j*uUSLJbUT-Uv_iA4_#kSoRD-s?(pM-%xHQSU*Z#1@tM`^QMi%lcp zEW=yK9XkQ;6<8q2s%>wBCJ@sYPxLYLhuM|xo|p@KQ!nW}YKUTnfm=+-`e69z>2TjZ zDkDF{)A?(m&m>c<&>p+8gl6XC4?3C6JfIY)29*9(mRM+w+&Gu(PRGYDiBP-(IEI8P{`F1 z#iguh!RJirVOV$bIf!oNGgx3=Gy}{dtEtt|0Dm!T-~~P~%J4^N=hqY0(DNk6C$HX2 zU!0$uT%Nvu;ok-&@z*TRMF_fyfc884M(4AgeY>vTUYwl2K74f&dWBA(OR<_nm{^$K zu+2G}*IxK~xf`2gruGh$;;#0qC1mRm+W}nH^PI-~3!E9Cc1h0XEZwBO7Sv!6zlCfQ z31r>RDU^iOQsk|)C8iYzBFNX6lK@P_xVimttQ){ol`aWYq1%k*45fX(0(pirm$kRs zc_yUlO*(P*phF+d2T-eQHY`Mvi}VUIoz{oAc4>|mQhK?npS-anJMzbiW zt9Fa+Vw9*{RNx#|W9q#7j$H?xl?zaSswm_Xt}2_;$Qg zr+C=~y9?!;7Rox#$IE23h$^A}hU&l;XoMi}>x1Da2k9 zh-}%h11vH(PGIbyVCFs90)NXK2ECdSimfGgUgbI1*|{P={y02m;QKl>9sTrE^5c&~ zOyJ}MWWSCsmm)TF-N4L;di#xb))-GAS)ph{-NSrb` zKAfHX1}UQE-Ul6cn{s<=ImyIXW9+VI-Je}ys~tW*q0jAIMT*j9H*NESTk;R^1Z*}A zK0Wu$EZn;tl1-C$Yevigsn@-^5vYsxv}e@i76fmf@VzTI?1KRL+(QT{(wg|7-%fl; zt-01+{FtS%R^Q*W2#;e@7mdbxB9V+~CRadn487o({GVy>KVqKZbz(J-PFvx9nfhlS zU-u*MC+M3<_0rnSA*TW|bWCngVy^KbLBg<^T0mEBHLNyH!*3&kp7gHV`!HU-GwawD zlQpYn{#`UhGn!u6R9M7Yq9Yyggea9KE(K>-D>S}UiX{QDTkV(2mlyT1hmSs(tT*>d z?5P?I^L6@LE5z$vRo&=nj%&Z4JXLK!LU$@mr`G5kf6z`efsK#3k`)ltXH~Xf-W9>Gv%Kv(`_QmaDKa(6 zJYZGBylnT`UFpg`T+#P$3-5kw1qr`t7-}J3#l-h2A$_(P`($ zRxPpoc5_z^+jbqdDZB~p?As%M_qi+2-+?nW7t;GtIo5V2sv`3YK+S!q-@nTsLChgi z2wmsk+<}jzAh5XJp$o--Xx-eAbJiUo+VE*|o1@>oPPo5qI}GptL+jZe?>e_FNFO%2hNceNQ`3QS?eJYxGi0QN+!(rh>*>-0 z4_pBCwwA~dJHDszyoNqpIyQ5~v`$*2r9iESy@)2!QGCf)T-R-Q+a0evnJd*`E4m7@ zk{u;kn{wN36hKT1Xjq0k7y@Ht!qX;BuA`To{@}M7W>a{sACAMENsZoCvO@@R++bvU zt!qAksUjDeYO@P2n8uXpPy*x#J?PJd$|ph zTB9yRcCGLB++nR%ypdl|#j30{OT3G3V_mwEQO3yvqI3a|$KzNL=h6i{-amNd?ciOB zEN}6(8`rl?YM#;@Wa-073!oZ~ns)BtMkJ^;yHNk_NK3{>D+90`$zfixV(kbKAWQdD{mMvGM^L@c-jfKh~V&eNz8 z_yFQC?Mq~>@3k~^_aZHuEiRqf3dfE6dCR5T%&3#-rHk4pqR-N;0RT z9u2&6951`f4)E^uEMj*EWMp|pb6TX0vBobhfI6K+9iK=q*}N>>(|X(oc`XVzux7|f z7_Uuvw>UpL0^ewJ5~I5xqvZ^#2o0QaI=56HKo62%qV0ZU6G8KU)!-h~9Fn!2CC< zuA%l3j?|Hl$ClCF;1Csy%AdWmKg=sTI9qpB4}bU}tJLK~?7n_3WR%!XK>i&H9Kf`+ z*_7)Gdt$S`+|>R5MjxPf0)A;(@?>K&o=aD~^%tIp&~a-DIy|glR!~YZEHjEpouM7EaS*G-o5RM722=|L z;uAc&ql-8kAV!wwti9)hyY>#Bt{RoNn>$y4+6nAez!0!t)97NPkv$s@j}>cB;CQQ&nAr`0P*h*`Er>d<%c7 zwsikXx>D78|6k)pb(>McG~dmQ>NenS=RsAwC4OaoRJR%B-Cd||1AV*qRNZ;%Hn2YX zP5piSrf#!FpIxRvu)oDj{UY8{yZw-wEYU5!pa$fU<$0~{o^Vb!&fsF!r8yD42Y?a# z;N*F`C7Bx{*PS)4YtA;JvaUSDaRN|rohr*8?}ijW)+2Sn`Jm?SHvmL3aMWTX^Eh67AksD#VN*N3T-u7?m;|!>Bs7F{$C(A8-ez^IEk-a#utM7cL@;%6E2xXv&cr#~tb7s{ zo026a;{&2{nqEz5$)}afC*+=2hD(+*zV->t2q9684aC|t@eKmNR?ge-_ zOS>Yj&T_OGW-JSawEyhQ#U)mQBX7@N_DIOnch1aiwHZun8DB|Lf1Wi*af#H`rCiF4CVEYZU-;8R73!4ZWT8Oc-Q4_v&z;zz}s}64~u2k9S7dN)%9j%?kR;nrj|nJ#5#ixD3tS0BD9!HXu_4M zSTd(PXIZeshKj?{qSQX^b)|E!k*r$tZYR=uV$dz+QF#$ckR1%ih898wey*J_qEFSY zK#dgO_O{WzSSM7+6I69-Nzox9?GxnUGfc{y=WIthJ|)*9 z{a#N~k)w-1)Go@px2AHG^I7Nmc2M_bUs9BGfz`T+!TVD9)QP`bioTCY#&^MVP#ic1 z3D6s~XT;n0y(7hLZ<_kDe|D$2lRHg|M*s5uG&?L??Hi;-TfhV-v>M!F;65(c zCkfcU5oJdzn}&sdcxR#d$UQTP{3rRX=SuIetv;dQ;9yI<@A!6>gKpEo_ybG_yEn)! z14qXSLofx?uf^f;YO*`#Yq>jo0kvoVd+HLOw@Y zY+cNM$UuuN`(dXL7Z3ik2zMtDu14Q~Wdd9Sw_AyCoepmQ@X}E{6Q8}RxvRhl}{&_jGyjr7fe1TUk0AfTZH|zM3-MO>L>2} ze@)QOEe8D&F+aC}e!GyLm|yvoMf}`ijCT+Cxdrgs#{1j?)aP)Yzi+tDEtcqWw2z^# zx0tA3AlL_UibYPYF6u#b=I*U?1b3)T2O=IX7E`G9hm^nm3_NRnDLnK$RUrW0Sr|`k zt{&yz5Ue0Li5~cP{LubbTo<(#hBB6NLaLH{^%WU6-p!5hVSQc0)41GVcxq;I%_R6a zmtOJaU$(fv_{)r`RPqvSulIiZk^IJ1clJ4ne)`Gmn!kz}iQbx@KmA0ORFN5D1VF0iBxlokII+0RT*bz!lMko?hZfzkNmHg~P%@?$?MMXPm?uWwtEq4N9L)CcNbF4jxJCSBG5+8cY;|+iAB9waj9*&g|;;jk?; zhuhgqK13uCEoyMzneX2XXnL!Nz*O7o#zIS_uhR0Z_%W`sl%7+a4+MMlYGX=0(7Ek(}cnl zuBZa?=7ggVM~C3;UihsZ z!6$}^nL9!NA;ClPT4-P>nn-T_4t;KUq1i%$T}W!5y{>{hl5U&X|g~3 zV)*d)weJrxpP;>|8dT^I=`bESB%WFAYa4lQ_Aw@N7J0^`Sr4esZr&Bl0BAs$zfwX= zdzTpdO;ZTmZqnlD)r5>_$w%vbur8?4Z}umT_Mbi)K^o7Iy@F~V1GV7AToCXU?+6}E zg=9i?21tNww;DZp_%MQL@33u)g7?~lxJ$3Wen_@p?VXgD&{o(H) zbTTve-h6G-2IV~xrfFGCD@7Mzl9cP zrkGmm@l-KAoozHzQ4{O5G_@g=QzoU5ZAh+}mb6eSu5W7Rz?C$;Vp>fzDaw*%H^aT@ z13M%fcXKdiM$);O>ZKG~=Pa9IKJhl5uI0A(bG4<5xtfA?X=~p*Aad9|)461<^Tnq_ z;^QZvxscG)&CA!_>=zlkDp?A{f+&pE8@qA3zx~vsm5gTU1}MAxnycxxQpDJ(O`pZ;%4gX5V3^!23$&!?Z%=M z*~j(&SqlFLkitI;-=Br=&%*a-;kyR%v+(^{IQ-QJhd;keX!RyjG|*0!rrNO2EJN<_ z0a8z{Z1?84nnRVBOS+2}jBe_Sm^XpjC(4?IcTzXga0z;paJSp^deJp!;WRWmmU#P6 zhdA$mWhBU47-#^t%hN4J<9Fm;SESIp33+44jqN;eO-rg>4K6S%8EW><9P)R&ff|IdnGf}j{FbbQ(j@0s%plFMxX!z9 zKfQB>!D_tZa2L*IcegP%Pn})=o!iLoLX8xI*>12x>NZ$&moXc91x#|d!yu(X;}(l* zrkUCDQ$ov9ic)f_S-u(G$R}DLiQlUC?nqfZfDa(AH(jUQtt^}M;$`@`SW0@S?t>Eh!O^FuZ7i%&95=JajDxJ#&P(|m-{LG5vD za1Q_VXTaT@w~xd8hTE$9((A(A-_&~@m;TKI5mJBLK(=!VIEFv}Ka;=w{=xl!olO2K z`~8D|{g?aZuU)tEZ}um@Irv0Oj~oA1zULO4iHltMm}%;QcjsNX>!9BOnGePT6gAuU zwYwrBYSQB`p^G=X4T=|k`w%7lR)ywGD!|3IKCP-Vyla8psYSno)!+{L(&M8SucpsW zr^hGXPG6k8oxZ(1efhVLmS76b;dUwD4w?EiO2FV&YML>{CCjE*QFH1-U9&CCZ8OPe zwy{k@cc3G7$)4M95yEZXPkn3ywlr*sZGt(O@UcI+5jj=OSMdzMA@MrhNCJ!B+m7t& z2PC$Y&Q(ID{v>YTBfw5Dc76rZ+7+L+uYEJC@@GDUj?UjEBAOX(f6%J7FM~W zigh;uuli`3yWhLWqp1rSnp!vITJHilN_!q6khSL?6vi#xqDgZycQX!CyD7R{K zOB{Ujo3QX_NNFmyBNICsqTYQ+3s;etW#-T;zi&iVJ2mFFxGpTK3P0PM#2sy>|RehO^k_;LYfq$+gy*&2;q#%Glgh3yp7-W*YL zvvs_9#a4&zrs;nDT(T{1F3kwyS37TOXd&sUjXk`tJvPf)uG5$|Dc7|Yj`37B-qsz* zsLn(C{*O(Vf2+!!R!mF_(sXDh19Ab08ptdc=@m&58`ws;FY;axUU^Qr5}M(znDina_k=+9ZC5(DT*T4l87(!Flcxvc{SkcH@73Jn;aL}pI=DTTI_P9n z?*-C0{9QNCSbJ`_#qf8vRl5z9|It19s*hW(zelQq>#zC-WdEnzu$dp&Pg+*K6LTH) zf4bcr*Rf4^uwLQPxYwTMhE^nc`+dbK78#FfAFk;8se%m&ei&25iVWg>$B_oi?lnWa zBGu*xY&G*G#6#fb z+eD(}UMaFYzbCgL9(aQeBmljwYk2dCY~x)=`%_`Ot^c1B^&7Fff!AuCp9{M7DI0Ee zhRg=4^PxY&f2UWx$o~1OzR%z1Cb|^a1M<7Z1k@D}q2Y}KRETc_K;x@804@F#Wj5|Z z7=GAGn-QydYnX4&&N(kVq&P(_G#Q=Y=(^ zbSNw5)3C!o&Jm%bSR*>PP< z{_3vm)n;v;Lk2sSdn4>An^jTmIrBP0!~KP|$zmdc1uK|@cPBOPH1IdH*67+mAoUFj zQlFq|1ro&v0$2%JiTHWsY*i|AoWZbO)!NI$m=(kClhjk*_Ev0 zpFgVxK4vUpKq1gsVJ6lL6RV*s1fCbt4;JU@goxyfLG@E`#= z%t-fe?Bln4glO!-_7Kv)49J;~8hcbslbO&;HoP~p=rV(%ZJ#Ujr||2qm`^go zGxS8wNmhaLUVYolm>H0)3L=U)KfjqJR|sss=UrVqVTO7FX4Vy76yO0?=s-dYu-uR) z$NQ^06lr+;^zqX#9zH(!BC$9nc5MwI;88l;)b}XfM=|;#kJxEJ z{!VcO+lrx%M8AinB zb`jKGM-#_?bI5z(qeHqtz0YEQ# zaYbGVb8H=qi<&jseE;O>@Zj+yfUy5025~0&+VDKSdo0Dq3v&MaDA|9y|78u%*rQ=S zK6eKOQhRE-33|L&Rjzq*_@9x}dJWJQ2gCg*h|fWNs87wCFFmU9`kjLg{8OzUYSbf_ z?M)$y%}O|KE|nr=6oU132V{?2L*O9BC@z4a&zQbutgr+f4ne#RJsek{#BhRpo-YLG zP^raokkQt{9%?1b$dSSAQ_e>rio_Wr2-*TL!-GK#F@P(-5PBH`DPW2^5j=IUKFwlT zV0QkuubFM&;Q;Uy_!{tL3}B;L&yDC1#}}!_GkT>hpdKJz_SjfU+apz^JWgiQeL+TL~g0fyD^( zCJ1%Qe&5AwJTSP7gv8x?-=zS4;3$0iQUFl&iYcG`8Dl{@M%@}`{l@Ulj-6B5$g1i# zWWQ1gqe}0`8B&2#hgV4&zvN{j@oY@=4jy4s=cO82E`(U*EJ<@wWj@pV1XBmwY*d&m z5V=DeoCEx!y>gv{ChTGaM*y7fqvh}G^vK=U4ez{oY5Ii!3) zEobD;jvKiBP{~g>cK{8iZaa1kxz3*J*j0*2m#8fGCtD7LP;yN-5aWYYY+Vi8=2}@< z4agke-$dT`H>V&T#`MYc?oKNl)nRjE#2Yv9nMg@rGo`%;ZtWzrcROCd!~Nm@@SuMS za0j;l_jtH}@a1s-@vz<)ULFK~!j^~a%;JoJcDG32{7KU{gIc4Vx*6u9mbV$kvmpp(JA&sPD2^>EKqyP?D+yN!7uhbSbT1=6ofB zmvIi>flrqjQUkX15xuRSx6)g8Ezy$ETrZE7EWJ9DVisjp9zY2!UNEKLO~@#x)AB;3 zS1xlj9EliNQ^h9Jg+3XTuP>vBG1BCIbXA1 z4@P0)y9&aFNqke}n{y%bbMH6e^eTfvsEK&&oeS%Nau2gIW zHVmt5utG06$oqQ9RwZP>BVdUHCQCA!6X)qcW^75a=9LBx!L%r; z)(}FAbsR)NmRxBe4X12C`S)T5cMxbC9Q>rHB*6MbQTrdsd9$fjIa}#LWFk%U|-pWN(FevIMzE*G1O;?c#53R{|?gmxk3>%Qn zL{=|Hxf@iIk&DLXZ+!xl0(S4R9_i!~+PTI%Z(e)Bc3->gEB9bLZs6+Jf!m;JhTXwF z{EVm$(A?#3hr`7}vIQ`Q9E#AHbD~n3Gr|ouG>hZypZ+UeXwcF3Y~?95U1U^K#jw!E zNJxbBeZ}MkDjE#Qp(Z8P&D!gVwKvdQxn&T1V{1Tk<(M0KJ|D&$MHt2;x{+Toy%ZVA z7`k9HMV8{aF=SWKen^fg307;Dyn#xzNc9yj7C9?L)+hI^Kw4)|&P4Wr^dn#EKDqA_ zR3NnoecK*oZ^#B=-6}@cR5Ljj*SW91 zL3o5NYA_wPMZBjSHx(%=>!aTzpfGQ?fkcP}UgcO=eSq?Sc9dbpoc0TXt>5z%1Y46Y z-=q0}|G=DeAI7LOnek%blH5Q}m;n*9zZ#@%WX#aI8UVMqXOl9@?(fa%%P7zB(KBzup!y@)yMzkKsz`ts!4lb41CGHefOviir*rspSz$J5KN&0oME?T1(2ou6Kw zY#;Ws+zFZREyZpASK9|-;menvc)oEpDHHJbV_5r9NUeNkuW%~`P85iuW2Z=F zWE)X}a95&jUg0&6wEQ&Ym^fjIDh2Rc zl4;4=nvtViRM`>CCDn9Do^1jHr6J`W!t?%+_0&s7R7Ovxn9&4O4;%Is`vrotJ~&p5 zfR}3OP;o@>HOkhrbEv7qygBHp#7&1?^A+=^>>;i!GQNa#-y&W2$nKkD+g-BrHu-nT7EIa{YrgJnq}tIM;sebg z0Kbqm!;=76m){Mt+b>mFBT)3=Ls(oQABON#T2F!f)!Nk`fR^UYN}Us|8Wx9F{g_{ zD9uwv?$4N}4@~1jyJg9mvuh(*BaKEI2x!FfoX~|ip3XIJNKRIr_ha%2Lt5)zBs3gnRFC z>`z*vG96r7)-*S~=6J07T?9TXnv*DC_&A5?zzPnlvI3WsE5^$3$=9Gp-$X3L04l;; zf!Z$JJr#D$*DPO=Z?S@m-3hiUVa`HT8W~qpsjG5`@ZjQFg&N^zBPg!<8gskL70N3{ z$TbH}REuT4ArHq_Gjqyfub))pIZL%c0WqlIeHj+rU!G=`^1QX%T;^A%$k&&bXR-2u ztLPM*A-JtZmYbE@{r&N(-%wKb55})}zneAa^`g^hi)4}`m(vkdr{{dJ)Z~KyfPuJ~ zZ+BTqL#Kkc@(^ z;btlpiC!}QJgNA|2KKnW6U0Led`M!V-G*|SeR%8;pG2-)$Ud(&Num5#Ni;CzMKZZL zuZpJY4sjkMW_iYBOnztn7ki3ZD}serMKJ*lf=ig^(=U z_Swr?T$7cH+(g)qqn9O>bk%6S;)P%RLvy)53Q2}<*fs8iyF>pg+cAzpC_oSJvX6jP zLCMf)sBk}Aa!5aTFg|#cjQ5lA!R7wr$@tM^{P;ibMQ!axnr>dNw-#JzK z$mN@ukbCjRUI>I)IIFD*uF5rVwiEK`%Vq63mFbde25ER3K;5Q$t9j0Uup;<)_+_n$ zS!S$6Q*(IEhd-rZbfUM@{*SeK# zFagUFd!N=emE&q#+iF0FujL+}y2RJxKK4=To_}@+)1P?^PD)T`Qfm?}f^T?{O(KVi zEzMs0Sf?Z_RAPn&Mk^WGd#V>xLUS~XP=lx9;rMbqp7=ZmpqkosAgmO42^%!tm7w>b ztN29^Q+gs+?(XvCvZE+0!$IA*b_5EITG<^vuZ)`9hozVWa6b*C|e|ZWO-GvJ@FOSD0dFe8Pt~?zK*V$dX?_> zp_)~T1iR`Hl8eQW2OVkeo>65a04c!mNkBuP(P6ceBCAq;=pMz6FXuRff2V7Tg-!_; ztTFte`Nz2*zUvCBN4B3k?`q%8CG}~HH=;75XR8^@(3bH6U8i5q#?ew^M0>6L5(hF%z;sMnbTq^X=WY5$J`{pIef7yD|3cG`)U) z5oif7xIS8n>*APd3Z`4a3I%tiA$ICm&{V>pymq>!2;W_7;-PX+e=FhD<=Se3!p&Hu^@j$@j^T$BX$rZ!Wx^%COx(-he9q!G+Xh)tb!Frqk8hA zK@$}EdPK8gts>E*;f7)nVPqj_$-PQ1_+EB^AW<@vD5sH|tXdK!6rgH_c*9G`k7P&d zuh$47y7lk4U2D+r{)5imZ)$J2vih#N#R~uYRSCaK9Ym+Z1Qmc4Yq!O0xa&@Zk_;z%o*hoz7nieTMF4 zzMi@>j^-O{BHI`yfJ#X>X7_n5+XYrfahW}c{q2(ktY}dI6r_Ne(+hiAX}<)F?8k96 z|JBAuIDf-7_!`u9KKjEtmpT=XwL?pxo`m8~*zhLM*@xYLH@J0oAY5h=%8u&hyT1!pf+Tp86*qk*TwRSt0vj8^#>U3RzEB*) zL-J=#hROv|5gD@i1)bPrzhu;~-ASAGr#T+13M}I&z#`qyR2Yd`GT{aDub`Wb$aas{ zQ7B{tp~-!5iJ|?PM|c&r_xTkC4mbqhL<~gM?HIh^O1S#v#|GN6xWZqF7xMc4_$76P zc$U0qs#0k$_SocMuI9|B1Tb&P6}PO&MO$l){|ro07bi6!rf*WX6QOE~UjtgkE?>sR zlE!(KNN7Ej=6c`*^}hnt0V^zQKmn7xaGoXX?XI~wk+7Ab+AzvuuCR>~J1vplJ_b&N z2A(BBIlm(^rP5|Yw=AE5a6KE+rPB~6HK8q_oob75B_|f4&auyu8Y{9BvIve;XQvK+uoNL3fmrP0-B%1);042svsv$$YvOHJ5+6u=yJ9yKfl zMVTrWBdlqF29V+gqY4#sp-AT83;4Bpys5_~P)cgg_|VA=+r{nnoxB^D2|xKgxzYjU zW}MqY@rZTQzI+`mSt88v0HDZXD8C8tiV0$hRML?ukHp4EcR1RS6<$l1Yi4p5DtZ$B znVSi7iE=wplDXK@npYI4#=4HRV9-F|v1WmkW>kELB1@$GliyVq&LwL@3rJW#CJy_T zJeG+V9p7Cq92(|@|CK<~b{2tSEsfcFHggf%0et8oSC$YMST441`8U>*q&Fd-3CDt9 z2TBDY@=2Y-Gw=&dNG2zV8p^xQOq@Or<4TABTVO&Xu>BtaM3xu|MB{Bqev_R@swuQu z3RzYb6Epvub3!F1G!7PhTUBw)v1=1f^js;#1SB%g@jLE<(nBuFn!gg>Y&#KiP*qG@ zspr3pG$jxGT<|CuJHf)!x})rLM;JIOuBCq_qQXpgBH>u9-{3WyH0XwyZzR&b0cj>B zMLjg&8mAl!uMV}up|t0tKu*j7MMnH$Y>#<7HZw$_5(8J;DDy0JLlKPBAzgSVBGYSE_z(x! zdj>jjJ!R~~;u4WPkVBnBW}6r#i3*L*Bl$mFEeBNf?|3xqUsI(Zf(Erj;__uXF?U=G zM#f2qs}iZ^uOS)7KSTilMxBq-zmEsk*%^#+%g$xIhg|kLL(oa)w^sK*zClU9H;0EX zj4v(tmWMsT9-EHmsH;GLqWkn5IxamGMKFk%8yVsrDb!QXhJG``E0<;8yo0V|$JdF= zCixzVPg%=SdBZ*>vg35^r@pbJCX&sP9Y?Hs*>aMjKM&auC2WxR2F~5~Z4pN^;xEXg zPnXCgf@3rC-4sjU!6!)#WyB=8C4yl_%edc7-rWit3b$Tl+ey-V>KTD&5O{UrkUEFY z(gUH+$S*ka^>2$CD^1 z!tpO6`KJ@gAe{Vc@r#`NUy>pvO=%%T9w7lSyoF7|+*v5Ch!=ktlIHGEFvB65ifE&+ zq=>@4|Lb2&Y774zhX*ESQt%2iRvS81TniuH$WZ0ND{y{tE?=!fGz~*nfCs8g!8CG1 z@G5a$0U!)rH9d3Y`^@p|sqGOo){gz^Z{Y!6zoMQL2e$QUwZXxH{9)l$BeQ14R}<}; zNiBkdN-H2-MY|$?0%{LXh&v@(0P-rmp<^Qp2K?y5 z?Fx>%K6LmcoklZY2=&7XHAhTJ69PBwB8qrgrqeY5o$0VKa5P0ZgNtZ-W3dP zIkj^LJOVhU>-a)c{rrLZ#VPT^LKKNX0_JEm7)>YdMuW-Z(wvSjO>;=jlH~l%^qk@f z^^BfaTOlz1512cjP*@n}JK+RlERnl1=wa#53BxrC4_{tfaD4RYL~2?xjg|q9A{R|V z7a_k5q>l$b2pmQ$KPld3?m=0X$;&Z)`NnY(J8{f0Zf;gCGif3+x9~S-UdQqPEA&1w zU~$~Y(espHUt!`E@~$@XqC$qr3VZilKFdWj#{(|KO%ma|%nbi=oK+EF z-{3%AuB!@qhcbLix##R-9jNDs(h z)0nc(JjNjqc#oxfcY{O>&S~Qo2AKvdYbmQL`TJK zC<4|NF?k#;rYz&RY4cck;x*$!SJ3gmAXqe|RT=k~BT!Y_6glZUlRcYxwgjFB2+RV< zqoO0Vp2PQ^yzSx6l}&A+x@TPfa%&m%?r#s?hg1R}?XN@Bxu@>xDCHD#4Ogh+*;2!k zaS4%N*qtJ2h+eOf?V7u53C3!rE>4L!)cH6bi&SxJ6voNXN%$juZN4K^yDhv&GJ%cM zzG;F9W-rKKU@hAKuI%$u>YSI1p3+ea(I4%~wo={w4(FmF14ZuMvuAtqg*mwtx_4<1 z%waImapic<3bLFAcpf|GhCl=%W}0k$C>Tns3*<#iT^olgQJSO9a-@!M52Pvw2`%X= zxCi1-{5CZQtcW>6w|s{h^o&oy3|hBqU$heAY~j_61(cPE4WEH7Uac?>h{JE~X(~vn zQsJfw1?@(d*Oua<8qLcD3{{Da) zRnl#o8i|v=oQ&`#MQEfhp7 zG95cNKmvx^Vun8UXl8_N2h7%2*agSz8jBoj|oL?tf@HK_r2H!t) zJJZ)U*S$-V`t+GRC^8O&{+iJsbq+W0kQaf@+IAw~J3ew9k4!neR-)$6WLa6%mzI++ zjNNLf9nKyL62x_wENV{}(MT>f3!&(&d}u}B&VfmHkRc&JD*~Nizq$8p?-_S=7IB`y zERG5wQ!x1fp1Ej6#mc3#SQ;!Gml_TXB>Y?y?0*0 zh$@tMq|;hM%FS|w)k-KvRUA1KV;C`32Ejam;vk^+=&avtb8%_z_I8NB@VB&!d|p=EjIc+&>QFQtic=;MgKJ8ix^=kG?Ht2Q`kwtiH~ z(08ro`5Axrmee`_@uYdCLZWYvk7EmHE>e-ItyBK)ckCgas>x(_W8|xhr$qBNDXEx=-4DpX z2)C)|g*40tKV2{)GYl>OxkBnxD9i~_D5;Fu(D*pIWGW=rnImgs@#}N>fvXKo>v-&A zW_Yvk*SyZcUnk!1!g7Y-eaKI1@6m>FlTNp5j>qrKpZdLQk=RxU%;7DPW<}59u#zIe zopN`|{At+b3-YXB;}d=h2GJ4)_fCAztJBOA`5=_-E7r>bHy=km7{L+GKf-g27)R*> zuj%QcO$W{(yv>*+WEj{%Bi)`+7iIR_S_jtLo3bC%2!)Yadcq7d8tP}Y zrH?qcT`()|2G?zhQ4-7JUKAnX6&X4w1kZU{W;wz}W=KY+GrE??c3+u>qvMm)v-69W zKT;p84iO4(JsOK4RHg#61`LBKGI;b=KG=sGo>27C+v+f)5rGnsXyXX3fMo@G1{Rh- zR?V6$pPMuZJ&J0JCV8K@Xsz#;HUvsj%z&BH ze$LD#Qde8L24~LVAB2ovJJchEkU@_{*KLCtdq)-5&4uMp#S8R_$W7C`qiO4?)BW+y z^y0Mp=BPJ4J3Bw?uswn5zOSI~JKjQw!a|QljWo&ekDIa5Ju@~em-hB3bQaX?Fi!Lu zryvDFF_gOn0l<>)ay5K|{t|*kgy2ekAwR?i8~HGZ$j%`@+sKc^XTCAWZ~S*dVj<5? zvIz3-#OK&AP8goZQn4~A&dA?j!4=iiwucd1@OY+tm{!n_3$a8zEP*6HgK;~@)NqMB z-$i)vG6MPdY+qbU7E6y=Q7x8u7y7=a#0j;q5-+1n9XAmztQ8k)B&FE4xc&gvx z>7G`MgRnC`=jfo{6A9CxO|=f<17(E5po9niXCZl;5@rk}CS7 zh9TnYgl(zTrc3W^8aLw}0fFap$8w-6o#sicn{n>|bZ&YF;PvS80CYRO1JHf<<^XiB ze>woY_wNsYc{4fyZ(k1&K)*LS0R8LH0r>myrvq?3cz*zfm)8eiY`$mG#_#I@@vTcp zH#cJz4?!F>jtv(@@vU(TCb2vYl&y5RsGB-}oe!MVdE&E5~V%C}+w~l7B;}e)}FBbTT zyiWy+KTFmpNDYV#&|3#&#Zxl98XKMecVx6$trNa$*iOjrohS|aD6o(h!3C0E0Q7y= z;T8l;vSQb3Xn`ZTe0xb4;(ADa=UZ%SX3EQ}%7;GH9mn>}x{h)9+{Ho;2N6_p06H|S zo~j;aDkYvvl^g;@Qn*{R;Zi4?1hO<~qP?5~O>l|e9Rf2Kdbe=~*~I;w#FQ;>?I(WW zsm3wXNxGCs68QlsCCLmx^j;`wZ`%~M9)g|-oV6!OikD>;2(ne--oQqjhGmk`SwcSA zQnC`3RkT9&V%>-&oMH zEISAh6T`K&q#<&-u4YAVny91A9H9`ru$AbRJR3dslFIgdc3@*ST2kCkh3aQvsraoI zS~*da%(fvU4t`~E#Y(opzy3{gpE13;s83I8@^D74)jS+guuX7{BcAA%0VACi6)ori z7eUGa)*kxg)06-rFIONfL}do0rZ{yH8TLKekbV&^vH>%ZgA4}%#bIj1MT6^D$deuo zEQMhseOghS9vC6ZNDu_bE!xNvC0m9u!Q(Yc@5|zal4`b6jU5j0TriFYmOqh@v}MeW zPL9uxPfi=)GhJ-)$B1;pC56ecIAS6;L(B_d1UZ6#jP?#99Ft%Jl z!9I`KL+S{7)$-xu7rNuvr(d#e#i@*64=k~3i^Df#fsPlU1z!$I)Kq>w%BxXq_}QH` z2l;qMOD4tr!jh;e(CA41B4tx<5*@ofP^nlZlxGc#Xvks_u(qh92E8TnxCJQ(^oI9SWf@0T?k^B32aLpBB^g;%EDD9KcjOAmcqBNe(^tX|kh|(b@ z-Jy7pH)PwRnPPczQ*|2oB=B@zHVUa31P-VPj|~Dy#2MB&&q741PLg2GE_AqWj=84OuY3x#S< z%RuCJMk+tcKuqJ3DG*^o>0b&bRXi6Mqm>%qcm)OCXZiQP4-|SK!fXk}WRF+`k=4cs zm6wKNXXb=fWEW=qkSi*(mj>4omsCVy_@3<+$*M$HB-=d(Mf{u%9{@t*TVdoA;XnKn_Y6bd|o_|8D~A zrUO^aMKY5{)55D<@UkcDx3&{-9WAHpz#%26HyHUlQ;Pbai(>SLz8r-neT+YywSJsh zD4^EK92N4;5G4%qF&F*Z>g1h4-X$u2)>AqEi>GOHyafuQA+~R*E`;B|3Y#o;j=kyk z*zK|B{I*8!2K0M0U;y7|1L60=eL%$#;&~`yeG$R&{rE~87!JtRPk!GWH;!1=V=m zASNXdCB7@sf$52pePc#G10VjjM*LM0v|ie7gV&w0d44(_o86H)A*K6aoCqaMAOo+zK6U9Ibm}X_mF>MI@wu3 zN|Vo>VIRDP)-CevCK$34H35z8Q=t=*vGpS?Oy(g7R~Sc2#kF92w+~VD?s#wSjmY-A zc4MPrX96uj>7PIE?M;@*I{-ZQ0VPFlf=c%$x`}10G3CuYnt@q> z??V(c_x3p9&}bImSSE;~`fy3k5hj~25lOk=*<`^?SWH02vx#Vm118}?-$yV2+%q-8 zzA*o}={NWG-ccJ#p!#?M=F$8AfDeRr2{}vxye4Av5@V|Ndb_4Kb5VZ$`beo^aNvK! zmitvbdHcT_G~}^u6z=~=$0uiJ>HYuwv~}`r|9^_-;o4 zI3e|MM86e*O=RrP;8q>;TCHU8{Zjpj6Z>nLNqv-UC`D;hr^b!P%xKG+V=0^!Xday| zPw4{j!X}Sj`Pkfk(ZO9cf$f70>(A)4GbHzLw zA&>UJ_gQ{v$1KB$M7al;!-7FNK-C;nsO3JI4I&~n!{s5BlG@4Svc^&KsP(dW)Yzw2 ztsy=D0gBdvM{k{ifL@A+G*1ePE5UL$5rk>DXjQNz62lVT6JdebV!0bB_@+c<#(CJZ zd>=+35#C?87~iga(15-l9^M@_Ktma{hEAYrH1?Bxg{=Pf^L6;6?2@HX2CFImrl2HOkbD{4#5oj2V1Ri2| zXe-lJn^M~Js4bI5PmkM$%{g~b=8~GV|4~8mbvIighI5s zLqQj>e6rLV|L4^aIn)>}@V}4QAB|M&SqxRi`Lp-4*HO*6;w;z7N(1*a@5Gv(NtuOI z9E9~}?==$$*uv&F)XLKSB#(B#h*Oe{Toj>SnES#w-b|W5do%*0biB_wu*!sS%BA%# z&Z$}Aj`s;2*=OJD-e%vW-z0ylzxW2CIsK9q#r`LvAGMCppV7Zrx`W7g`SR%a=)86D zQsJ#cCX%vNM56`lH>nZizLa2$%mz#7 zas!_Kt76s2n>jk(H~=r=F=yE)_M33!%Mst#6Pa6fG zI>{VKx>xGu@N}Gu{ZwgA2K&tje>mPxk$Ox+Eb%voVZ?DEfJp?4c0D5d^s_fsOtlk^ z-Ac>}@Pbj>VdrXi`1WdeNQdJPMb z8N<1{iO@1NQe##}P$V)JsL56o|B3^JeL7+6>di5OVD7R!bnYK7s--ERgnXvNGg{)!#jN`FnQnynVWcsyXD^XPS_OAXo>@aE56YzeB;IaNT1 z&cdT%M!ZOk<^o;i{uV~+MK1y0{Mn=Tzp>MQghFOON;mC=Lv?S+vke+xQzRte8}LnE zW#j}6Ui}URRAHU4m}P3~8FC$T$GbtW7t7_S)%qK?Vuum+fu>_1MUNz;KU)%bB5KrW zCuk^uCW_oQj!Ug>kXg7dCr(kB%#Xp^W6^>5orS@YbTq*juedcSGZ&Y3a@^hAMJ!q} z8C(jU9zC=>okoj8<1Fo0!MK;kSjYy{;-10@S%^ONLGl%H2y?tO62A9Lc>dJ<+3R92 zq*enfe3zC-lbk)#$e&Jf>TbqIfuTm2#M-l2W_a4QCl_br6zjpKaOKz6Qxb@+pNX5oQws2av{T!*KQ_Gn106?4KR1(NbG`VG90_l&vP%I1Db z@0HpL@>O10{XvOVvKb@Mn{laQKXaszx|M{V<39NOInk-CrF4a!rP0X@mCj_kCR~BBX59GFVK3Of z|K1~iWpwi0jK>0xh$MYSsJgrfOlB#`LZHPCDl?=6Cg;`&e;*I7S+)$8DkIKo?KtmeYle#wWTlDB2i6Eq}ZP)d#zDuyps?JDBYJ) zaE_}+?RwNDMkiI~G(h)$9Sj-*JL6j-w-}KGRd|tT1>ao^K>6BF@}B+de)_X_!<7UX z!%yLRM^G%}Z9gaxsmjO2sW33{>3}ZZVc?L1E4YUNJ&!nZF#Mn#enIED2h8_l7Puy2 zUXJ7)A#n5c*yxV?zz&={7Cn$;Wq$571IRfl;nqX*-#{KccyqFNG8_Nry>Sum{sDK?h5ek!HVM;_i{9*3{ z%YmYI%HzuyvH6t3sdNLTZk9CWT$a7ZdZh~7UA3lESlhO2jYFX4qQpYz4Evn;!{$2} z64E~8as^QCe;JhaE09C@U=Zy;mx46n=0ST!0f7ZK``33K1dGiZl z$}lOK-sgV{pU0XT=FN(O_>IW%n3?+LdQ6@-wi}QAT+4_w>1N5;{NxK~UNyf3y^GWl zV8XhQSvDGR8ETx%4RNVdD*8i83Xc=;2Z(~TXMyt*`lquRujg~;6TJ!6VXU!8(zl$r z*59@jO9bV~YlKZ68Hw#1L6LhCIc}KO28vu`O$uz^1UW%lkRGb@T2YGBYln;WB2s_= z$dr}8t)a`rb?CG7dCk3#h(V|2Bhm(;Fmlkh;F`!MIGZjN%pK%%b6=YGSmZ`^LhyoT zQ0rZfNm&}<#YfhDbFV*-O^^u?Y4brznnx#!6L!(?W-tVhnK(0SOUOPp>Qz{-yno{# zCAEt(xdkc>yc@=lzNejNzpB3C6g=g4FenM09OIgJTN^>aJ^vOOe+yH5pSN3=s&hD4 zJVmwx7ak5H#|n!lNGbTHY_5vR?simE{OhlI?T9GsGCLr}$ZX3;a~NsO=3gYeM-*P% z+}|D@$#S>GCdIUCB9q6Pw?-$+;Oh@h%*BP5hswVh7siQOd6_VpIp&n{$~gIJlhthI zF3h-S@mCJ0QlWBoT%pQiR=S$}mZfCehPkRs{eNCVk0D3sq99_iq_!eTwf+uBGl5R^ zqP57hxZ;k8Rc+)6DCw`N@A>l!<70>C3SVO1>J0*yyWB^p6w3lw&Hrqdt* zG~!0mZ?F6qR|r-kc@#obH}*ondNCpcJHuGLL?rJ-Vz@HanaoRfoyRbf#hN^(Tzml_ zk1mR=m*+USp9j@r_g=|GpMu}ue>5rq$vJT36LQ%&Xp981HC4RpRm|ypo;RuvX)PsI zT0>j(y$D9dQ78oQ<;UajhdrL3geK$SnhFslJ#r9$>j=|mt#>HcBw|To9_E@l@%h-+ zcqOIuYpf;OP#u=Z>row5Sh7LH>U3u28YeZYwOw)3VCCweVzcBA9)mNNlBhKmsJL6u zn~{Vppg>}gv8#h)x;`DyO4a$)C&!|QJ1a^mH902a=?b{ki;{Bt;SJfOP z11S7KBNb8Stp93&#`F;y!W7P7HKdsj5(Ay`j7n_Uy6)0d41K?uOrFU^KHHdW+6m8o zZu3yIDaY$1ja#-E7B(jzNoAkjQO86sk#;6v!Iv8dWjEYvOfu^HztDha=$lz8RwZy+ z`agh*pzo&~87nC)v*T0JCsDL18;zk=J00zyNd;ULwdmto)E`_zotk_&gdx;@RlZo;8_EOCyH8R@Pw4<#umn~Sgo;yjpFI))%&8oXwoo-dy-?r*+ z{ar_g_rs%{4IU*5ZPn}awigHYsEU6g7|BB-m|Nj2H$mon#4R1)(6GMD2sQ!*1Fk+Jt2;CbyoiQmE+@XYJW29?YUWvg*3k+(hnVJaXVx(8g}pkMsraPCB6jn&q}5 zWUT`lCV%d@5eme%Z_#XeEJc}`Xc2nA@%(i}-@jD7;el4<3h@Fest49I6 zLjemFC+vqE>YoOhcOVd$xEpXEIMn;b!=6DP^1|HHjyKf|Xv7%^JmzD%g8m-M2~Txk z$fk0Ti}5YbTMV9a3&-c+7Hw!{C!%I^L{y@7bhJwBDaa7!en5LG=&O~K8hGVI+*Qb< zIc9uO7rMZi&!yF}6SBC@Jj}8f^T3H%K;=DAklITNHB7qSrG`QjY|NIvzoW4&@1*5# zKz|3~H;-s@i#7+~dzQyXmKXMk-$y=qdFy!gU@l4-NuM_K8!gsYK|dK9QYAkTmULNdDV$bOs)O2Q#Pg+jD=m}R-qNvJ31ePHz)j;=8p|DB;N7)dM&%`BPNX0MaWUwt;-m@rtSXsnD^(%$;)?&n$XqA-J{6g7+4kd@ zdDboIYohd&J5d>p|CtU;UpHMR#n7js=-RD5j+T`(&{svp>e;L+DeLM~q36PSUx=um zl#(?E-KQew?V7Gb(4`tEWV>DlRJJ(z@cT zQnlgjyjZq^zT+8G_x$Z=P=!)=1`|?8%^A!QM61nUR@~X;4CX`M@eHb)&ejvC0I55F zDpRUCefoW=+U#X`;VvgH7x<3nj!V2-Pn&Swt~X;`DylhI8Bw^}JgFksE~iKbH+Ob+ za<}_7fOF`L!7xeR>hjm$Lj8#GDU@~7g>r@4+=4rhX62Nn8~abw^44}~76bL= zoSCy!^e4M9?~s=z(g5t1p(SQ1;SNM87X=gE95vK6cz*hn$#aPdvH&H*gmT_mWEjorshT40R97bj%On;0;h>-R{06d__HJ2%7E$c5#gM3#*YU3FD%hX2Ak@y z-~tKL8UUP?v}>tVPd8Q+R-EO#5IRdzK)-{}pW8}_ER=_&wS2=ycgV#)i?qspV>`aD zYk6S>O$W=I5J!hRvZ#$*!*dqP$lbK*B8f8TFe~Hk2iP_q9>DiGsAQ%w(?$W7^`RG& zK!Bj_cqj~q0iK~`N`d4zM#al0^4}s((g64{TDHOA51Ea5JX)JHs*pOJSvfAWT4g6gV`Iz!qQ=bp=2k7<{q}P`JddT@z-yx@J=7BoEiF z%hDdSLC3v^n{W>R7%ajz_*df|Mktu$d$;lLJvN*n8*sr#Bg;3S@9^=K{9~9LctC@y zV+*@&FzF6C9`{bPEK0KbDGDF~6soq&f^nr;QmShK;t|p7uwz*%3;d2oIKHB1f#e9p zQIL5w;gENEMG6lYS>D0mQ2koOGvfqoJRb;)6!C zb2n{j)}1s*ew0g0GH^Lfu;h4&RFi~_BodeKR3$vURgFQJ5dki0CfZff4Lrob+jC=A z+q2;ZVNCvF8_%cx^wcPXVb5~rLw7)Eg6cndiw3URDM6y^YBC$t8y+yJ%{P@AU>nBzdg zik6PI2!ZR|A{v=FSRvbi5i)3JX@0DbCQ^311Sd+vx1FJ zh^vc&NYB$rK_f0`SSX0faLKDu0VNxWYBKSQ7NfYFaf>!p5Yp7BfRD(1JRTKrQ%2RpV^@F@>T@~xVj zK}zOA&tHbD0oNgWXQi>vsZe8VkayQk3kxsuulV_a8GVXS;6ZoFz1(?BtEpq}Co{ig zA@HL89+PBN(9cK^-OHQt#2iigJ>Grl{8eIkTZ&mV(x`%PHGJO$c-59}ZEVJ_p#L6i zMrhtv+~=fo?KU{D=N4@;XcYHTa}4+uq6G@_h<`Hbbo29 zB@UzZ(dqH|%R}fphfx466gG;uO?PnprvG+2>`dMz;U)(1*-Geyu1>R8)gLRzQ@8C(+fh=c)xwFlmJpNA~jr5_Q&q+w1j8z~|j z-1Mfy(cnYBXO5fMdG`O!n8i!j3OZ|81n{p&wh zzy965yKPWu3W2xXAs7aZMf2tl`_u)QN?GIs^c|X^!wKVz9W25M^N{qY>#%Y~!322% zYk~2?MbASpb6l4LZ$8&<95i7MP3)aVnC~W&A?f!&f6C<+DilJk^sk%1O@kuerat-j zXix;Ju@0>wU||trp$@aHpj{8@Am(BEZyJb)>)?|DQkyqXrHJX>DGL88nhjYkquBT| zXT@hA&WcWsAtJJoAD}4OfYsVsvP8CQp*S9Z?2t>(ycFUA2gFrw&hIRb4!xNpM;JJB zH%z&Jqa_ONoe(uM+~)O7_q{opGTzE(=%Fkha~1uIo;#z+J;XGFJUthq=0-?qY5i&u zgrrVK0U~<##_XA+&cy6Z$CJUxOm=SvP=}-bRcG|mly9VhEh8^nGwlqSF>*#`OgRKF z4A=CQRW<_rz*)gyLyxE-;2Di(G%IO}7e~PwHF7X{Y7B~GMEN@>;Qr%L2(t?zGMo87^9GQI9xnd4!nYi2ojHkDR=(SOkIb#wOc>^#!KBXRv$0dYL>R+&ccia~%&&@GbH_K-aM;7uW}X#22WnB9$Qa zQ=?Rstybs17Is~h95hT-dXdfV7}wiZEABTfXf07z+#g(Cnq4wF^ z$2&V_#ptp|#k^`pkj!6t0Jl0-*3{65?vFcHdE#M~wEDeaRsvV|T+)zZ`&azbe>1ww zv^Si-8;mE#AfWG$FpiY!x*ox`?I6!WH=};KmCjACZ(euJ>CLEL(o_~m1#O8FzP-G; z8S<=!>DI}&DIHiL5SI~=251pcq|qVG_Iqz=w%Lrh)wwdK{oeG=V06_f8Fw9=!bQ!8 zFj`KW6~gOGBov6%m|uhXonVq{pEp>kVZ4lHylB$8M19;8?4gf>_2$JRn0Cc8bxrZIunMH(#rjPm2p$U(iV+b zoc-{xVJ?z74%BHZx5_uOlp1C!U(_n4j!{ZX;a}7|<&3`A!aOAxzg-!sccdDrLR0m34{Q*{88H`3kH|VzmP=n=w|XY)jZgk^7n+--}R1k!!F+ z{-Z5nbeQ2_`~3fP>-~K^xCYr%Wx5*6>OTzdugHq}z09#PlQ_C$M0Dl#S7qB@T|8of z^VE9v^l_CG1oaon<1}-1baY%ZR#84qUXD;j(a3x=GRN4Z26IR;x%+QCn#nPwW>| z-~Nxk<=g2c-|p`Cc5%g5`-V?FQd8HO@pvGkOV3@npnjU(!tp+FGl>=Svz|y{h!fFm zwX#VFSMI)~p%zxDe&V>E-TD`mQ9bZ@5K^ z@Q;!j?1X`h+&az4B}@KBWVwCt zYMq~+(tlg6R{GzIg?O2J^K?ub!CMv5joUVi&X6R-9=6 zI)|z~=sR4O)CSP^!^69yy<5k#+n^_x&z`U|B}XJFEGV(X^YR6=()3=o@Vb`CR6_Bf zO9YZk*`)E5(TJd&$3ok7$S6UVRRPURov0&H+M^s79!jLk&m3W^* zK~^<2S={(JYdnky+h1%LplIWxHW(phJiiCz$n%Dk$sv!MzyWB|ZD};vc}0tpd?@v_ z@aj%U!L+%5Yc!l{R!{|?iWb6|qm15;mdm(T=dPdJ zOuSr5qnfl7&fBRTKn490L!Q)9O>8q^uzG!j zgSxmsQfs-ZK`*NN#6y{;%)=kR#EHlOEUVM!29XwC`7m;3E@G^jnPnS3CSq6^LDy|c zfF0MR-hhDW3~gq0?1TXMOSD1(bPwopil#jxCnhej0SJa4nt;k->4DF^YaoyCLTiJE z&*__!G`rOZo`sjj+RY@jmgU6{TP4bdnEs;37OCr*42(YjZ}m7wQ&Z)(&<`9OIMHUC zI%$1Rt-4-9#t^T&E)2t57E}%=Yq6?_oSQf&A>bOy!BfD|%L-LrXmzMs4W5T>G!}vI zB@FfLBSf3J$VAvhj8`b6tGs+dRN#E>cnN|PZ?;52`{$p168_J8>gj*DFm3SoM-`Po zCHkM%#o19x|8shLeD+QM^At}V;}&J_(HZ$^V_8)KoIRrfntUtPqevCXI8n5^8l~VE z_(Teo49`ssm~w(;L>bwf>LKTSwp4|5H5bO^SL^ zLhnXWmnW1EI_yKt14xM%=(nPku4<7%LnMM^zN5)?onG{H*Y_h9_Ew8pD6C?|Wql1L zSC2BCWTVS{mxqli#%O-p1}%cY0!4~xT8XSxVf}Bn=#{5r{U4p2o}|`)>+I;_+xmZs z=dZo~6A9mU$p8`&A|Js43Nq5~oCTcfS-`2P9Z?i@2`4L^Q(wxw0s0OLuaIu{rM}&l zS^Y?rW9K8{xz&?=zCGVn+PQ<*YSB{RpC0GUAuN&=&XcVp8_>9ckgA< z1l22J7Bb}u+bC>hZjbprVO7O<+<0%s?--jZj9AB+^7vq{ zep{n3N?arH%E|a2^%@>Au&n9qs67LH7Rf-3q{%L660tNz;oN>$i(sZ{J z`nbjuRJt1*8zm%re$g5>HX3-}Y;3ArD~7sA@&G)_(>V<@=bBfT9q8l zM_#ye=8<9xT%m9ZhyD5;s}8)ZgDHrQ9`YPGd042lT558Yl_e_MT$P6S1*$u6<@s#f@y*uRx=*bK9wsMzfwLyRvx7Y4DqE z*wdQwRhx#Sbp?CJ;-$-kDT+vEdJzizzzGo-h~j|h^~Wef^2G*pYD}M;&shr=eX(rV zS5OjxId4L82&JHvY8@?%(hRCaYTgFtvSuq{Ul462gSnlxz&cPfi#)-lDq>BfMhs9ZRu^qQ!hNH$-+# z+AC5F5oZQQHYk+N5{tXeDBvX)6;r6H(6%0i`12&*b*SKayWo3-sXYuifK zdtZT#?VoO0`!x2n)$ToW@Bdt924_%OeBPoBXT$aH0L$z@je>g_kU0ERPulV z+03PRZa&oNlN)m+MEq*?IoZVkN{m6NT#&sWWG0IW?LOYjGr>hmZUdPe$H0fbt z1&+7qar_jVs1HyZ{9&-h__A*BA(*oJg6S>VOdY$?290tDvAof19HfD>rL45EWdlPP zhW9ui{DuV-s+MH;&!+lsk9czV|9!X<-v3<{{(qW||8R7C^3DGLNuIBb|KErI(Y*gY z+=}mOMor=Q_ujA0J(4{6D_M|9O%p#g@gi zYdE&})Le(Cb5AWjGTeFVa5sfI3f}PJ?fGgk@~mMu(8r`tKOc)EoZh#)EgzapBCB?|GaW6~s1%Gzs*yT8gJOJkePbNS4Dtawk*0=1o## zM*UT&8B_PXLJ&ELel$ZT!F*xWmQK%XXu_#Wd>j#4zT?@6;O64-62q>1cn1Ey4kHk{ z2>D=+0~A~RGfY-1NEZ0NK!cWvt=A~Eu)x}&;do4|MLvHs&Hp-|()~Z>^1Y1^Q0D)6 zc5#u8|M$)R>xrH%_W#5gk8|*XV_J#7c0SjC!b4j=Q~z_kvY+nBUH`wYmBs%!4N#f> z=d_ja|2ez(=Ku2~&)25^A!IjR&q6D3sF_f|_n)N!3e~<>RsU!QEmi=9aylAq*%AN^ z==-&r=u&HpBya#4KGzG?hNLQ#6nGKxpcmDEHlY<5UL4HlZwjhvPYM4|SnF=P1(fms z^OJP^pX1}RZ~Ffyc^)1Pf1o+aSIj#f&$+eRn#XW~dHg>UvGfbd|HrNL`Tywrto4omKgIJ9$JXB}NdEqo zL41qYV}cdsiTBBvy-#^DAh6*>w_R=lijO`l@HU~KDa=1;d;rqh#?M{@G#cO!Fgrg* zo|W+}ENea)!b)lAO@LQPT<8eN0V=~mqXzkpm%;zcCzt=L@1^p01%2P~7KY3_RB1aX z)Bm1l^gpL(XW#5UpXAxK{)dK$VbpTPh$WZX%Ww@E9^Xh&T%#_J-(C0ou!bq2m#*Bx@p=ANI@wfQ|6z!t?Kb}^`~PWX|37Jc+y9^B$=TM)e3x(jN~uTg z{0e_iNKL~g;wHb6OLFU~%yt$!s2z!prPbp2nX*Z9_U&B#(Y& z%fR)eJRn_iS0{iB#btRxs_CzTA7ocbDO1P{;ZvRis;++;k(@??F=mcuJKmzYC1}a| zKR(Lj|2aE3|7QRBBu{EpGt%Q)yS#5r7caWlbrH+koLcELq!3(3OB^`AvulOhmozG; zqSuUy>UoBIxhy_));d`QBQ&Smzwf*a@Y*lv_8tInuOHRPa6S7KSrHGEthKKN zRl*V#hG(oYj)q|rn6^6eWJIG(p4t(D_P}#D>Pg|558G?f-f9&Hnp|o;)Lld}jTSP5l>34P~-| zv7NAx;qT=;{r2oFSi2$_fneWZ8|(>>yXViDUuQayx&azKw!=dgFPQz;9SUa3*M*E= zX8_j;;~z9OeX6+%t;qv;xJ7F@$BI9j8oxbH{XByISH1));r}P6C#Pxuzl-y4_8(93 zJj6-dDs2IhWBiZa0(Nx}U^_{6AK`pG#nn?gh{Dlhey(tH!OK&pvF#62U)d>2w++|d z7imOUY@_%W8Dsf_=AVgw@=nDsL<7IAaRk-ZG%pMpQ44!fK*&1?l^u8GL;>^`YO^v| z3JXMSxzJhVe^#&;RIOm`**YXE6%$$8H8{9pTV|uE_yP^u`S9A`q&8)KF!#Y*S?Q!+X;g; zbq1WR?ZqwzA1LI&lKe>hg^EO`nB~GSL_6#|TeAArb?bUN$@uHPy5GrDQT}88e=F#J zf%p$6txWvalaupr{(n#MY;#v%EpF4FbN{BlrSt>5LeUbf!(>Qred*t^C!+|(HJK6I z3VLvX0z>S;ZLo|YzkPUEFfK~#DvV}4R!#lzkT2n#)l~dJGAKSgB;tYp+4w3h9>#X~ zWjm{}wh}1Kf3v-uRhYyn=;3c^7+mtH?_>pJ zkgP>ZtoE0t`X|G&2BlY+Tm^@Gn$~(?Oz3nowaQM(6alVi_^2T{rB1NH~a4=c~VRz)xhl0N?Ch0{9r2OnV>pM6{BsZ?am$(d(@sitr!b*5hgQ(;il5h z7KI=K=~$BG;2#(BOq;k|O@7Rkmx=tx+3ih30pmf7UjgZWXT((f; zWav^S>rioiM|!vH1dx;CX6vmZh)Ux*{m57n75V?8fzGiB^&gATl-@G_%(UEWMwZbpG9&m$Thp3&8WOn zGxKj=wfyxia9iRq(xW0GZKfjfKPu6Dtk+vY4~Io~3N)gXuYf}v9LD* zAvVvJW1bKrWxjcHa>?Y(f#+`ab!d1C$NNNwx9Xf|YXIOxXcZ>QQ{#BF;Z>TMD&+BD zv}}ukP8KPjWZ~W=0t1fuO0?3fAnxxS42)py>4zR@s0CU}R9ZR*)x#f@niCAL9|63M z0G0SHlnZP@Fzb&I&~9Sh&~s?m^eX}nOi&F@JS3Yb;op+4KMK%*#E zd4*;{BDF>S~-ynGEBD2kQ7IV_(hDB~}qEOY- zXnsY46m<~T1~1VgxQ>>2@0(#ErzK0IpjfpvRsf)2GvC!K&74ZbLzLBxmJ~124@GWR zd1Qc={Uln-8}cGyjnuP(NGnm@TA5EuEp-b|)vB<&R~z?^y>i0P!CqH7!)#YeHw!gt z7t{Pbnk_ND73O$#W>q_>)iKz9Zgt-(Om6zyt`=GdS8mDY3R6gn70(s>YA_}5cGFbQ zO0|wQk!J-P>O|8;L4i((6gJ|*hJ}JHj}euct%$vi1eoH}0zp15Ya~gkF773bRzzJ~ z1QwqbL@8re#8TXBfx4WIA=wQdb%vxk5GYFf%86SF6SOr3qey8=!BG#;f~}3h3b2bR z%QV%E=Lqbbb0F;4R>|k0{*v!CuX(C>m;g^Bma(j17z$&_br|6ln{R>kezIsWpJe@^ z>GU2&dj(BZo0GyWeR0gSji+^wyCOmKDGDGnQ*-aq`KjN zRO3pELJ=6T%!F2Bmy&Cdn-E>nrKpi@#;_*~D`5|u5{9VrbGgN421fRNTL-VAeObm_ zG6Ohq@mXFxXQXz9XiYomVzRMkUmL}wZOFHy84Z+OQjHk5zXIW?xE7L8xb}S2?Kni35*r6qW>R>sdf2BtA^Iy%m_sYPUq^-M&T)e3rc8~m#gE*l4+VOZq< zhcm}Jw3aJu17id(E-t{~9Sjcn9s&N>{{lHB>{;XAX=F1)yj7!FxamP)8|D>Wdr{_u zoV(qD#IqumhxF{Lww;-$t;RZ!e-@*VDxmFou5}hjT4=TQR7V9i71^bkV*!NBz+5RSs z(27;jZsf?jOLmKq%)7~CI311#|NJRIuXhA$@=Z1) zcASrH5#X>K;V>WLM?k(F)JNFE^j|$d57)<23s6h{G+w!mQtnZb2}-Ut#6hl$eR4Vc z0i=Jscmf1%$3r0*#2HF5O)|J|(?>_47Ckf$N!^Ujlp>SF)phRBmQ5@XbfaZ?Bb7}E zHK7C4K@Oe8-D!Guvs^lK79UQlGUs&RZFq837&~Rf6^$@6_Sm3oH_o@r&IO*31&wOL zU_vTYM)2uG((Gnt7=+Lguk_QL6&6V404QY2>^4vfKK? z3Yrc+6jwq=hYQO$R{kOKBIdfi!Zvab1%UQZvz5QNzb(LT3vee3Fu6-~2iI@Mki zm!@``I7E>pDU>U0XjFm5wj0lR>t!pyvU%Md^vvG$y{Q?`HvwLy1^Q6fKJ#QA$tRn- zPF~Q;(8uzYR*b9sqBl4s54G)xAtbNkGb22{xiUx7e($UAk%hf*y+VQE*h+ys&0o1^ zUQ*wtl2Q#`obV&5T8=8&sZKh3DVsfYRjjHr0;a%th=qF1i1VE)VCF$nTSmWuhK=r! zi~SYy$Sil4Fo>ER-!H-=vm3=*kl{ItW#n$!G^|LJZFReT`2n_#hX?R|A%c1Pb6&dz z{n)-mAn!{AtZGz7<&RFV2#Zf=8X+bRPTo1No@Tlb>0Ec`ipb_WIj2t0y7f})tiRg> zeN9%gy-uYvnC+A*^|X5t5jqnT4YKFXA6u=H#CJcy5w@_~29xeE2kM;L%N7Ivu~h+Z zMyaA%9z&7jQcoSZM*!_`DJq$4=!j(Fu~LT|jB`~qxnz`7gzBaB?UkiWkNJE0qkdK$ z&xsu9_K*uVV`O2^*2i+uBCe^NUadX~9BkKyoT!!pIfstB4$x#7pm2#@yE@c#&Dv+v zB=m%?SwD+gtE0c*Bqq_`;T$FbCu*fZ)|kU2)O5xA`h^<){e`OK8vBr?+lR^#&%a-P zD2q!0%41Ui&D}RUC8RIu1D;5x4WeL;GKggG{<8P~iUl4Unsnnydp_2LYSouBd0Dvm z)0NxthpKS}K*iVs1%q^mBDdyDr6jMf!IYxx&{i=>0H_zwpk!DNC5T5ag`D1%xZc#O zso#5c;DQ761}EDAN{+aNf+)Mra|W>9>soOFDp$&h4zW%Bf*=c3;yt8?QYGHF-j^Q4 z;`jxn@e_2N&}~1(D3-h3=D3d6sFmlj4XS%>>pELnrL^ZIzQZ}*()+dR{e3*R-p`dT z3jK%k3AMQ1V`p6(z@e<$rI8vy)o2a7A@0&?%DNbXitf+FGovZ~@EFHuwNGj1=k&LV zJ5fo|+~Gg0PyrGAzD0 zZ%BJm<`gOGoZh3dsCNlB$-Gv}*-W7WVOjeH6?ZV!DFcgK8;}6bp$GFi_;%EJ)4A?U z&FjwVOS6~ionmd3=MBW+^Mg3^32NxDuXB)=b}>e#R)veGltE2Rbx7vYxoWv49j$Pb zS5F#=n3q@651q>!bF3fkBHt^=jZhE|Hp5}3OP1z7>xu-oMT?_zX^w;m##LuHz3yC@ zxjm{5z8adoD#?`~IvfppH{IH(R%xQ*nEHOT5giU|k7o(!ZS+_no<~<`g@etdvvP8U zg|~w%^XjsH)t{7NSqpx}F%3f$vBg$xY{z4BG98)2!4^bYv8`&D)6--ZhgBfP_;)V{ zH@#_hFs{}KT{r49TvcAXLw1cx7p5oRhlS~F;i{I8bLdw1mZA^oT$MI8mkvVijl&gdqjs{oeCW@xn#VLojn_ zP7(sVSzk}KBjt9^c0G7|X-+%C;bp(une+$O)9%RZnb(tk=Q2kWO`K`8A(QLLnsSPn z-R`h6c~_xfEr{Ohvg-CsU$c98GoF|uLSY%h;jLz=NaE3J9ESm(J8mNM5|=g|O;}^S zot4sVT=x;O-&c0+Bv005QvG}Lr|H$;=6X^<54EC-=eGPME~XrBfx>8r?VEltuc!U% zx8`^<9S(Zan|=;M&2CT?8qDlbkLn6@tsC5-AaLyLsWjec-xA(4_+XAk{hm3!?2q#g z5Y_sWYPn9gDoBc%?8($sp5MK^hM{A15&_k6`rUgyecc)NyVK6ix6|8~vVN zY*-I+LoHNCyg&@lqO0%O@Z(>kPs7f5{Bbbq?VctO3{XImV3+H#$>5otkvW=92Jg-5 zKX2@+AgzpE7Taxy&he<_8XDg^{s$B|^UUTEGs3aiy&0L)@%#R8`oSFa-&B^@tF*f% zKNM%B@UC*fGL84m*qnC9AEXqVBmG9fI!}lum8VKoUOi6&MM90qvBIg#mY zhiA9beP>QTc1BlQkZcmOdl;;`&|0FpD`(vK(7%5B$Z;X9kKvu;EyAskFejIfLjXnY zmMb*_XT+Ts$crL;OYUtnC!}3^!w?K!-*n%b;x;n}i;T|(p3yLiEIdm(AjQ*ppS&@9 z=BP6at=4 zS^HWx!$=58Ai+&)?hSyU!Y(9l#+|pOwx@h>ZynF>hoCXT*lpw^)OGRNz6mqY5$km; zhN2g;x%XThoH}8s3$9WVCkiDWr#$ew3*oX$L^>_hu4g6!7has7)D)(=Z| zA~Zi)?%GB}u6OG9YMpZ)>AOe>Z`hf0kcDS(HSx*ZFDtQS3p--B4a7(CfjC4!0kV z3Nd>(xEW6Yh1k96 zUz!}Z$BMyk9GAM}q5MNhsVFWi7Q2J%ZvV31*+$oqL9D|}87=Htj_c6TdIX9$V{>|Q z{rb|p?wQQ&XKTc6LUiNJT;$nA+QVVAEwjxHxK&oR30FZLNI}>)V`Oo0E@&(fjR?3HXvm*C@Kj!R?mk@Y2AXrJ*^u zkD^%`o^uzV^Fnk!CX{A*n9kim*M{ocF1BV#xXx{X?&RvDxO5YJ@^KJlLr{ngy}x;F zQUg?>Ya9-GTQBrfn+3eH_Jv0Qn;L$oi*R1jth!8|2;xloCR~Z0_q$u3y;txP6}P+C zv(`a?JWF@{KFdYrX40Jw-n;M7PYTEevm!TGxC!yPv9Bo!SMYc28TV*bQjP}hNCV81@U*m2PpRjIdG?RB zpyz9Yp1{tdic9jK-|N;^dnPJV8@9pqW&hfoe&}5GdsMcr%IlZ|^R43#JlF9MwcGmu zUB`wwciDyeQ;AUcxCjsN9oJRK{Zhe@^?SqV&FHdR9wdl3wtvOF`)@{W z36RkDM;J#MaJrFzYuiDdg$fMmIyb$(dEGUqH=}+<6!L*q_0}U}6TZE?xe+?eJnTrB zDV?xl3&bp8Y8u(n41_`===6JUaIk{8S2@?6E0bPE3`SR-it||nxALN(!C5BG3gLAw za?~c88p}>6{VQ{DQ(2rzx3K-1*F*ve^ z+SBHsxsAO6!K5qNrV7gfOSvoc(wJ%vOQ*eVYt{Nt9DY{n4!DCNv+dBMnuyeuvF9iz zlIu4EcH6M6I3yr3+oi2Q)wIQIvcrkAQJlbBGdkgEDh(qiogAAIWxDG$R58v14kPmp zc~RI|+xcNEn6vT+^LjF#5}~Zbb2+g#lLN0{X{fLo*Jc6n~f zYd`EL)s1ZF&(3xul2z;~*G;x#Pn7OPbmTF~ZZe_IDP(v6-I2& zE|U7O$g*{7ha+SCNpO^G!jdx73p3@^O+;G?y(D1(p^(R6P%Cpz7J=#+3j{euD?dd; zYPi4jS9zhfaJ)}6T46zD6j_I~AT_9M+J{9nSt|5P0Yff20J z(UMu+I~W-0Z}pB7lA9VNQIjU2@*FjJ(35#;(r_y!s>uVLNmf&d@XKcQFPC;G2lE|I zYf<*0$IWU<2BHf4;$t?SKQRT-!-IIEI|IEyzkwIr`V2JSViBMPjBwDjk?-Qo6^fSF zZh+=KXoQZpaFLJg#{PCEBTXx^ixYlYY$P(iy{y3eJ2A9hAzJ7YspPfKYlM!CEEsfa zVxv3L={hOGOV;kLI&rD)%l(FF*%bjH{Y4O4b_349klU^#t4udDs$mBc(kv~IofTei z5rG#j^0F0(l(G+$oPXj=*M(tttqH0S*GsmN+^zLss;MgsQF$+i3aY(G7`%GeMq}h6 zE5gdPqxv?P092D1@nxO%BJ3h&4z3W5@^ZJW!TFr*5ek8bH@ohYk6pajjD50ycd-{n z0dx|X#d3>miHY*(ciTJ(LOT=$7#`|Rw>-|fv4XxK%2JJbVH>Sht95>QO8;%OTFHNp zj?a!xFTOiEJv%=-Jvli&zxb|oe0JQr_ztwT>QT*S9Y!$tuJ!1)(w+N@Jf#|zm}9Ct zwz~Dw-8QuyGe<4Whk|`tHQ}N;3YxMR3SPFka=fXFyhXGGXJid2 zpZoxSa*z$sC*KK>4Lod6y$Jb(-s_Pa^^R z3XM7TB6d@%Ep-pWRZe&B(aeCpZX&J5DTtw9O1e-&IqvQ)5&66)8H8H7Zf$(;CExlkbW*P}ND)4;^09}! zDDxq}VQAQR1s%`usd|Sm%(Wjz0fH+UA^Cwbx?Fxv3Q2ZYRH`}u%}!|hnMFh4`Btg+ z-+MY0RSYA+=s$mM=CQl>kFD0xe`lEO7l2FPd`=B1O>SO3s4L;kR;AoF1DmM0%b`8_ zLPL9^8``u90J9iL<}EENlRm=9sp2KA7}`TQu=1(Mty4A&@mWsHW){|Ue5T`LTQH~> zCpvo7OCjl=C-V*cf9$>cciOo2D1LtKU!gD4yV{&p2#`l-IQQJoN)wW%O@Q)9+RW#C zxWX3T##kO%B&D6+zx}%``60{l3kXdcyw*&EEp2USOIur8`%$q)_n=?|{cJ?Bag%B% zOI1?A?9o+M$QoMNo}%p6Pa3@ZlRN=2&UbnI;B+E9izy$*m>>;0JknLd@u09B=(omj8KiupP%G?d1B_QO6$_=BeaQ??~&UIIm# zbjZlycn8Xn25M^$-GCDdJCwPvd2>Sb&2Ub_Umar1Ac-llJn$Z2W;R_USm~t(;!%)i zHaDr^=lm=SXl0C`*nz0#Ds=!~i)2#_p{R%So0aewGPT?AU%_jFG37U;_xJbVYwn4| z{$Ft=(tm|&X{hVNDS|p8fQ9KQd)yk7W^;#@3A*Ec9H{g!S(lw|Y0zUB@-dfHtOaWR z4JhtW;xYH8#E!ApdrtB=k;$mnvchbIA9;_)o=fmsPlCI$3Qs09~Pl+Xu}Bt z2i1MBtIZvXXTyW)zBhhBJHC(pzhi|2YH=EH`{1x{xNQj$ry}S0EFYj0;=wOvI6?oe zmK3<|N~pO<$RR<0&5=XFZg`;dAGUoCebah?$79uZ<|lpUSqz| z&84l0Cx#U*M9E?}HcaGz=W}AP|LuZZagl|DR!z}t;_X#)k*_c!mP(dMG9VMsZ1&-V zh{t&gv<;cRthh;m96L;c zc@t;XHgp_jebLxu=sn@hNkuWHE0Jl&VQIV@L+W`2`h%Uq0C`E@{3CQ4*sE6AJW}<^ z(xn#G-v~kQ;TsVr8XwgsJk>y6b7XedN=ejJpte%juho@d3nX?S2=Bqt_cHE^BWlo`Z@`9&>@I|rmk!j-la+??v!+HT;{PP8X%);1$n#ZM{~jQ@NyOZ7Ghw=g zbL}mvV;^9qo%h6`$elX>)re1?mz96+JO{haYhXkWyv<@GF)gjCf|^a&ey`?dw+V&S zY%{U&4`Xc0@wFmsO(~;sdb>mh`_=tSSu~}%|5>#`yNja8{=9L*M+B@u=g9GXWE15_ z3tKKj`Wb1-@ZQogLQAI8`3Y&M&_z8dS|&l_Vj48dgYLPD1d|Geb7K4}RZ4Wn)1}5w zIT7%jKH-_5w$e_!{EbrHDg8AemPS-H+7cPZ-l_yK{|kx$G(I!1l*ksKnJj(tH5g;_>Gs6?zw?v>1NBJk3%m zH9WITM2iq@>3v9S?it+3rEn>v4!+&Om0mK zAK~_rjOvzd!eBgll|wShPneE#OEaM{Lpsl}{diZOjOY`lnft}O!1pJHbNhG+7Qylf zQ%g=_&sCm}mTYQtxAc<+1aPedh%3^&SN$Lj-&XL>Et-*@!g3;uzSkX(eI$8 zA^q_Z$V2c6)9CTuEXFW=!c>|NJhvY$g&20fJavBKMoNYQpzogrH0U5eF_=P2HxY=A z$Zms^&9IoOlESg6!c*0_5W-=76*Yzu+P{a6*OCrK3xAHh0uBZij^bpqkp2$1M+5yt+)TyeC1 zd2W+LkH@FW@$hy~nhU2c0bL)POH=~8grQcfHVt_%5@=*KbMQZX_nE-8qG=+D4Jm1zI6 z^vowz{v@)CvlU+Ck@y*;mpHOp+Wjo@OB~rP?S3u^CJE&&9e+X@CKc}|O;Mhr_t82d zsPTM)6tfV$$K=+q9Ah$lgvx&jzb%CxsTZ&k%O^-JGJ@I}yRd$ABnnY`f^?w>&K@60 z7*14b8 zn!7Owci&KSFJ*3dvuVR>7aY9W%u#v(#^Trom2{swW7% z@tAZxAyzVezbpmwkcgns+%O-BT3kgV55Xr+BpVu!M8r_j$i?qTlgO|rnh+lJ9DQMd zWgjiM;<#=}=MRVVc;dZflFoYaVc*2z@N!@M9JKS0{bh-#$O{;!H$a<*piAxr_De6UG_f;B7~8}_dnzic-+*JxY!d-!8qfh_ zO#FN;$rDZcwR!aePpSX9H!L0B|NHf?uWD1U-P8oVzI+l~1T>;0)UYP$$*+Zi+r<(sEG`ydn3l>||MM*eNz7UMjPd6Ce)Yhe?*h1N-j@w)Lfpyef3Gay%*@?JwOXwn?(egItJSLf zZ~b8Z^*?I+2Zy!&y}kXz*Z-*2_p0^!KS1?Cd+t4RheGm?>dI}&o%=~1NkH%j4a(l~ zjeiQ{2EWMj@!T|9aE3tR-@vdmbFL#$ip-yiTf~Ah^adDR!vW)kq!o zUX(}53`g)c_-l@-AWg+Y7l-Lh!fu7XV`CPnOXeoZz&wH!$Gwq&787*?*VBIMWNN)&mG1e9Tc35{3x0Z`2@ zk3BuLTF_Ke;%AV5^6mdKM2Vp}WsS*--+Z?0naE4{GURBa;*nOh zN9bcF9w=75_&s(KNGiwY%W}LxHS>PVBIj+hiQWKzKNH2-luk>)5|;Nymb&s;X8qe( zpJB_On5<>}*ADA7dHwGlY|sB2dD7N@&gGv`%*Og9pDp=Iim*kN;Y~aDB(7nCu)EA= z;c2`R08mR62@F6)!q+owT9g3s%bKLIfx2$E=W1wPNC){;hLi>&{n*bBj4v_2s#g2+)_o#*Z(CkxeVZs|}07~Y_dv912kvnKMKyBuqb~OTR)aSP_4N$B4 zz9anbxa$c^LFp-Ssp>Wq zCTfhmi5pQ?s(B^BGeoCo?(`T}+EM5<(}qUX5W_E(L#t~24OHS|)Knq*w8P_SY{*}F1FK%GL&?b&))RmwnkdR^xn+?!E?yxr$k_n=nkG}X73W#3 zeW8c`e2XDw%-{rd=BCLl`UPC%FCmp=1YgG#nP570 zuxV(E*rJT|loJee5QM1g_JRCn@jNe&*H1_N5>_ zy?gUCj6+q#ZeS1)!$M^>kcg0jv^g>8;uu>LeTkR?+QhgsOf*4yMD)xnwD+Qrmy_OQ zAo2#D(z8Gd>5rv1S7JAHK$L)&)F%25o3G1&NLOkbm<>YI0@$Nb^b>bv$ql9y7lG1` zm#%2w-!z7G#J8CTOp$UqB|wTzMC3!Q@UoG0!5{(%j$OYe9=kG**yFKb8B`FN{WmKe zt~pzcY7la=igKRSuldGCjUrq_IX3zEd^wRtv$8H{6IqVG83b04yKbFQ#^&IIk_I=z z|I2ASJ{cF*zOY%86S;jB3}@lEaAG^iW4jlBDo-)}zs*jrMK1ud?*H9ylKy{hZ-1-* z-^8QlW1b=-`2v6!sJOG_$XA7l*8yDh-x3RFyHpjr9}r#23Za?qsg$^bW`PPX>Sc|} zCjGt&41+?iT&(kP<#K|lf?z+UFwaW4F_6`_nO6p!KlK+jN;J?=b;WZ#>ds9hI7Rus zeVNjkaxthNHrEM|zu?{UeXz*fjJP%yMUY}~1u$^IunPo!Er{Oyd?8n2ufqy|fbZV{ zNHKm}mQLQArAI+c`7zTO{*ZxC8HYb4|6gYRFXsK7$No>=|LX_!t^dbHp4ImMBnyBP zkLjpPkP2N#)`GK4cXh<21NVEG^RW$Yvp;A@llKtsXqP&O4xFK243xv@Od&yfIT*j# zSO&*X-;FJH67|}$gm#Jy5i_d}Z4ZO{*qMzjWYGrjG*x1!>$1D-F5tsUR1)| zo$jRf@DgbrF!luU`a*}WwS_wp@NDh%xRyzQPkx-jBfY|gJ_S05b^E(h_Qy2Ry&tik zZJ%OKq5a?SRAX4P%Z{e4$NsNcJE+C%|EdRD`~QtR-@@pjFDu8;h9ko?sDYfyQRm#- z&z;I!=zx-cNm9W!vYe?grhH@Hm98g_vE@(#4U0OZ9q`g;vJ(@JpjmO}*BFzTBY<(| zlBm-ZYN-qk*+sP|ZX{tAI3gtBw-%E`|3;w!YSm}ZH1T~WxHCHTZ&bX?Blh_%cIb&g zu9&8~W6mdrC4Y`uI|Z*h?2sY9JU?jw785OeciuVn-w_1$wq-857_%E$XW>vZ3%<^+ zBWK_s#_YKXch`M&WG$YJ9hU4<@x?(GhBf~pT$jlO=C+s48k#&~s1l0i?(rRh#|Dd7 zQU+vhQDcU7z0LZWa2rq#bj$3AP4H)=QKYk9fmZ(+OZ&&mdp-5cz92XIY9tAVjb$vy z!qeN2UdT&6`S`!f@Clw54gBRjS^R(hQ0D)&{r$r&|KG$@fdBIeAT$52`!*+^5BPVU z!o0a8majy{sR{e3e+I^|@& zZc{%Zz>C}C=LBQQZVr6jz&g&uI{jVt6?%aNq~vFA01-wAMKk4IJWT~oz zUj@@BFWPYwj%FIjqUR?rl#&d_|LC&cS4rk-9LFyPi>-V-cPO55hYXeVYblI8sBBRQ z$MS5eUZt8NW`T~xJd|NYP2EaxPN#$Jg%XbUEefP$;)!8(y&&C5Rpmkw4Bc=ve22&) zslHf1s_X8ONI$_dXjsa+VgaeHb8Fab%QP&+rpy&I4V~?j>Tyget(0H8#o^WIz>SEe2W&qaDas=^UyNJ2GU=# zLc!d0&u=CxF+xBi2vVdM$K#gcAK<{H5VlJg&Qfi=Z}Yb=w6|&iRS&ASdY$mnGm-}5 zM@LXymO^ghw}|^@7OWi!be*(Q75w{0ujb-UPX12}&9Ej*ZUO21zjkmCi~q4#+uO!} z+{lxg|F6h|#Q76pLhQrO#Du&~v4n>mj(*5PmZ}~-a_0l1v7@#N06ER*iCyt2dLS$W zvLtcGRr-0{8Td#ZcLuqTN&@pYpt#4PC9D}o$Hr8^)BCwJu0FU2!?$~M>Eqfxx?CDh z7tDi>seq^VbEPqTP<+oq`k$>p`?H6hr)SZ5x(cp7xQD}+XM_##KoDgJbi({;ZBP6`bDfdKx zEQ<^LIw$CjVVZ_D>9Td;V-)|A3oj+Wm9Xp0M~+4en;O^(iKzILAHNvLl@L4*udYJW z{FnKW62Pp4P9Iq?hK~O-KRN=KmC$LA$B3NFi7T2*NJT&8M=b_&X$EaLY&rW_`M>kA z+_3Vp?OSMqsR1d{Pb5s@UvlB31i0e%b*_g2afDYzwj~e5vWReBkKhm;Y?t!;Tqr4k zt%g_o4v{H>dK4@FZ2_DFK#3SlD0pci3%m?A@jRf}T6XsehdMhupc*-|voL>4Llf>_ z!`_P}g4D;)guC=LG|Qq@rM2pZvszuEagP~H4zXf=%bt{fXh zhrKF*iw|NoM6NNpWd=)8WP;ZP5E4Nxi_{FdC+-ehAac}gc_>9+=E5jiMP=We51)xW zk4ORj?_5X-m6sh4A4Eh1h`cO>Ns<8Y6WBcEz5n%nv&r1dpZLjpvh08A2Xg+W{r&pZ z{(B>jv|d6&E9`fK>_FThpScs}E?6P+tm56dsfuV2EwF5IzzC2+2?C{9Q$IQ}pfnu$ z^8sd6%$tTH8LoofA<%k4yqiau7VpVCIr;ycRygZV_+;__!@ZdOXKiom|GAMzW-Tr= zbttkZ_f8i>0Es4ya=Fk2#DvC76*wqfBNi^OBNbt=WW%FXf&~5$#vSqdjE#aRC3X3h z>eZ*Jqy9i+Y#Rcd0YzA|Mo2$ zl`toUcfbAD968icX0(aT_ka+AfkG-G##a=fOvJk>0I^rERL=~5I%PzA+w7qsAOCmY z%zQBa&+5Tm-2bz7u;u@oc%=2<5?UdEyRSFo|LHdMc>F(E$GQLK3nurzbFd|k){CFm z96ay(ze9SNAQsKCuoZaL`j5+h`}Nmb|DTOK-;_Zi7`?lk+zNJ}D77MY2rR|LnHDz} z7g~HACgYKXk<2Jm14e@3P2?YsXa8rX`ei);GyFfQ`!W4r{q^hZ`EMgnZvPLjppaTU zNhwa?7+P@9y~rxbR^lbJ?Z5-X$+jKDbKSEX^lGl^n*wb+&S;=*ugYN7A&_L>WT?h4 zx96pz@-n_CDlquoLS$%$mpsA?ez&qZ)MamfRFElxGZEeJ_wv|AV6GEc9odl38M3H| zvix>=#1-(@iN5EEDdHY^wLIc7*cXmwXn_}1ng^wzEDIgXo?+4 z`nr67QrcT*w>*1tWvA5NmhVzxTWjqQwkW}-nbfDG&nt8*rNxI>`KoTIzpc&-a&%~w zE_pHKlwDGPTfR$)ZLN88G4X;iAyuCeKd-diB(}KrJzmu(#fKGl{Ri!bxKF6Mll*-> zd(%TtKVSApn11TdYms&yv}X>56piPmgVbG1{=NdoNNaPgWP@mit)#9ceO-ZQ$?dIm z!@|0Hvx>c6VWU#DvCdBLQlxYK6b^p&qH97r7s;r+KI+ zzy8nAP}z&2zV7?K!@ZdO-`4(PGmm`H7YTG<;X$ktb^5(X>0;M@i6Qkjs>hF6P)Gx? zn*GF2V9Hi({V!(&ma+c#>ie)FmbF&>(yV33Uy2)W9sW|wDJN2ZXlvjP67R`a^MM@SOq=LRs0z3XCc_C}M6s6Otmk2?Q#4UD2NR}W#dWrs04|A!7b>t#i+KHMP zDrjeUMZ<#rn}{u3a`A6+c;MIzI|-N_0VEPcHGzW9O5@0&gTj?%#E!{-DTZs8h8o(2 zmwHf|Gq2Ti=CzDQ!WcWqaXIDDcx+e(T|_A@eRStI3un=ZpOBK^QDcVioc550E!|Oq z<)@*B7siD*;OF*>R#y&wo)#0AZmfrLl8whIE&X~=A^FequvxeN*X!4@{D1qk?fGvb zkD8%eazZC_Ft5Opu2{VYke}HVOB#;+u2@+W^SNRnOSiFMg`$ofq*D?_ohi0_@y<&g z$ltTDW_QqRfZEKrS=R`(QJ-`32B=m2Y`iw4(+1d`AxaF*2})0qORp)Vwy@c&PSk!+ zIe;!=6fvxc;QJ8!)DQ2<+^zGouepIIP4RNPUah=w(7^e_`mL;&I&5)*xvfKrfP(>@Ldt^t3j^a{>jMp1 zU~U|uqG^RH=t9)@eNTbC21K(woPc;PPj{+1j{Z<=s+IINt_IkZl?obQ++RkIOF6^F!Z=fRn=m zE>O&UOc+g`zEn%X9u(653e!Uv` z7-pV}C_t7&G&Z^+?w(tvJ`!4Yi|_su{MK)uv>RXsZxOKX{tNtbSEvsF+lWsLcOm+( zH9z0DFw%ZQ!t@k?K;p{0e~LV)^dAY8BszfzI_VUho96ipPLLQ=o6EL zs!phP&xgS`3wQ>q@_6$t@zUKcooL%>TZ8+|+&Ueukhz0o*K=RmjTIya>TSzhGyn@6 zt8664-kH`WqGn>Ff~v`VkaZUy;~@F`@<&1GnmP`_D|&ts_;l?=NfD05@x`FmZ+3_0 zCsMEOAd3noMuS-5&?>d6oEItao{~GXTz^gpo;9Qoz?*iL(0-2=T{Mmt5DuZM;K(1A zzAXXGgz@n^ciKE@c8~halVPvl?lyrbZxOOX+P*d1Rk`?4oszG477j(T4#8g%C!0SE zZ~Ohuu+wdS{FJ$rM5t3rZT8oIm`R}BGDF)fw06)g*1a^e(||j95O>lrUkQ4vy$s?O zX8$GuweT|dCIC&DWL~Q8TeNruo-^oT_VcJZ{w@hw_h1!EX{w$eUKuzHl_RSZvpF6FQ~aj3gzPCVI^Gv_Yiew&4j zQlM?KO_^ATBBx^D-84#CaW!TffMGclS}Nj7^>Vh7*VZG;-XMTar_jPqkDZcuo~C3o z1D7d|Seb{jFDQhV;-vV*?JCx5wUTB|k$X|B&4vQo$l~*%ZJCNIYR~wwe*qXSKx1qS zj1ZVRNawuIg#oxu0AR~pl(O$sBdj~O4M(0@s@Aq$Pcj^QR&MbNI7^I`CwQE zHK2KdOt=XANAg9;?)?=EXR5{1&H3FjocF#WS9QEI- zFB&3fq+P5nJtocm#qiDG_U7grM1nyhB*;`9E9#v#Rz#NB)QEYgzxlx6S{!nJ16_ zXO%!Nf-Ym#7%!p=WL~XLJQj))N^ZS(DNuZu)Eaz2YcESDQmlx>M{ygNxc)sG#ucNbNKeylR>4de*()hXc=SVP-lhRKYRVx>vH~= zYIVQ9UH_YSxC`e5g%W^E_%=HvF_F1kF8g=*?iP6NfRaOrVNC=rClh6DSB`xSV!?jG z&o6y(cSk7a%eUL>;ve!Pt^YA5NP{e;>qEzXsO?qd^E4=W;j>uwY~XWx#~ON+0q18O|wYs@G^3ydNXImVz+JnU;M_+uqG?t^d)pPdLO6uqRIA%r88U7nS0&| z=N9un7|-dPpjSNRjt%J)I8!_~budDnTjQL#4YLi;-P7ilj))6Zc2EG)#Y(j0&AAR| zU#+EFo>9%t_DndaR;xKL&|*9{N@4%1tf=EcQP1gzxR~-myg$AizB%eOhl6f{Gvt&~ zo9O`Z`*}A0sQyvi6+`kx8@+6wG%uJF>(N;=1^tpc4R=kfL6gia4$z5TV5MJGMdiC6 ztfrRyifnerjk_){cht5H)R1 z2(qZT00fx^asakofqTSdVqj1JDHDn-Q7k!<_l9XkQHu!Q?k-RXK1BrYAf}lpY#U$E zg)uYu=5T2|ii^`<g!tU{^xL;|9>;jy7j-S*os88nd?ajw4CZUDTU4w zs@DX!$;1>jvH^)84vPjP?DZP>VAA@ZXf`vET*dCge=^qperRx_KaElfd)+MeO(eMm8elTzZf$0f4E>?k=fv%gO$?3qi_Yzee}m+r)_4{nfXjao(F|w~ zkwu5@S!Fo&vn+95X$0}7r7RaA6psL2_WEbfLMpm4rsL2l!Sl%!%pkc%#68QpGl-1~ zq`<-eP9_9R_(bB}4q#wSn{#=di`}dn6~KdXIe;Jy8FxqrkRV{pW=J<6MW#D<1H6B8 zh3_cA{jOBNHS@}fpvfCUL2dtfY)Fk+Ku5>0G#{eFTAz3^zeC*F%@lN(3p*k#00dJ6 z2^}FwedjMeMRZ_T00Nh*lc2gci~MORpvWQ(3-d0ZOl;=ePZ41_BQ`NuP<+DybCVh~ zHc-#}w%oxu4h|d6+~!kLfbH$M4X?^Sfo?drpbQ*5L*YpVV15o^+EFkLPE$dx=xhOH zaE9^3M82@%@-jA!6jLr?!gHo

%Za>|hpiEYM0cf;pp+m(H9&CD;|_Sxy};e8Y|lrgq46A#l?lcZ z@#yBvXNa8Z0UJ7Qw|aw17O&Ao<}{15iF3xkB=Bd9X*kqhUwoeUCCJ>0@N^G|K^8qkzwpkv;jGhLuI?`a&Zga?vX2O)!e>8Ej(gViATXwYzQCDn zvXeOySC|L=uv&JQj?jnit#f~k{{~8tC0_CyM|X%Uz|64b6!9U9T%n{h(P4myH~7Kt zaBA{)GT3mKA1Kg{?i~ucS+4&Vuc|D1xPQfO1!~(6AV0;EDF1uLx{y++O_5%9d2ZR; z%-5U$yLNaWpa1vwYOlBQ|0W(;{^w*@<#r7WqYWKtkmM**(V;VC+ma)ej)Z$ot`eL* zc3581mkCDS9)Kn0cgZmz*WVAd{0La&ceQ&X>{+XqX^y)Hw$ex8O6;?hE``()=6% zJnq9CA|v*Gf@tX#DBVM6zB|NV_SJOY{+}X*7Sqc7g3P)QGxSox1;d!r4#pq8$XaE(3OPhlgK8}QL;dwu{@=*6GXF2EV9&wzma_HR;O4+Pl(6&J=6quKn}hd* zLHdjh3zS}!(rQF@3IDrc84d9Fvt-XMcc1wZyTd67^@A|KfBJ4+-@pGS(4Koxk%?xn z_&-O5bBl!Lu{5$yN7L9wiiy;aV21-ymg|{8)u4^e({a*2r@^|6DGmR2s zChf=}zU6rG3S$gJlh?$CMa`LL(H7rfg_7~PjbbOTeB^{o)a^VOJh90XSk{=Nh`GC+-Y7jpB-$S2!RB+hu9^eQ>-^Yr`_v^ zLO{?|pP?M7GJ$d5Hc2V_UbLC@|)mt)myvx-ZC-Ng=^P}GYxD~|G(Y2Lv}}owTrAf z;Bea^2T@Q)^Ral5nzw%-mwRp=C=oaeLdBL#&2DvrfU?b|q9z;g-?tHGxk{K8%f@7{va5winsh<16q{8l$C!(90-TIMTL zF8MEQ3WYou|@l?E3O~MZ>dQXdAoX z$nA#p`S^hE-**YRGhAli>_(gP-$&aG-bNd*39D?^Up&IQZ{GyS;dTeUfBzdeNCz*R zzyG@wzW?u1{C*ANwyg7CsP*&IvP;;2W!iu3A4=!HgL?g7d;Z(Rv$g+{j;Hc8-&%fc zEx%kDB04P+O}|v-R<-?l_JG>V;{1P34b!`S%ee<+^8Z8m{^zh(-}?V;*JX`)R@qb~O zZ)N^1kN0z)#28;9Z%--yNMwHT$gT1Z)$7Y@_|Cjl{Jk7VPf6My4bQ<}% zzN+BkVffOMpa0ufUyl9f;Qw;`?}Pf@R{y_|XUqR3{x47SE&JcHf0m3v&&B;!0NMOsw*NVJy|>N(zmaFl|7HG9@T@#SmNuP1a=T^!TlVjJ)rPYonfu3! zJ!a-#g#SBbw>L}01Ign5_1OLI-rnIh{?kUDZ!5+B$m1p+cMo6Eceq?GuRYqxbMXDU zIL9S-(FX}c@>~^&P%HZb zlN3p)z)JBzo&>L&a{6>RsF6J2krF&UqhkMkBnOu5v(_hb{|`J^mJa}#zW>)>AH??m z>OpOMw!bmyFpt$}=-bgf8HOt<5 zAq-4`p~)N^hZ0E9WWgcx%}aq_$UAyog-|#$#=t^(YLvRzG!1JquysgL5XX{;ZyUgx zo2D#w`Tg_;M3{nsRj&|wxWMS-m^{gn64Z6Woe9w7)QQ%JsVx&Kg|gxAa+9%eZpt}o zWBo{;rfe9*sT#vd(q$?e^`|ZfGmr{N1(wM^kR%LgQ>4#LM4|&9dCgVPSv3=7OI52# zn-haBSh%+@RA@K)Ar$wMG|>_u1xW)zEp}_-g_JZQ9b+R+pD}DS~a#%*GT|~7oFrYHxXX!rzfH=qG^GNdtxtBCC6DOw#THvJq zJgn8DFk(#HeeSS1pP@^aJ33LQVK!ivWgkSInOmX5qUz@w38}g>AMwiS;z~RmiV2*c zG(@C$jdH6=3(yra9f~XsRXoI^V-&$ywf^z|P>z16HJ4$cFO5Zs zHOCaCbD@G47R&OO0MakOWgemYw0;H>zcg8bgG6L9c3USn>Ervh5U45*{ ztCzpGnlJx6V23^QV?B*6y<`>6jM^3S#c-%$O*jWh8I0a#zw=NNcL~gdkw~4mF4hk? zU01_Aak>hkPQFZe$hu3Sop551_c=j15~MjTJxknx6mtk!ckT$Pdg^_Wc_JTL<+vt} zYDz0gWKH7^S;%oZ1dmXfD_o>tvRcO7=!{$dqb1WI3VBeIfu$&n67|;>)=|$hgbEuK z-zFGfr5OXLjl9NV!!oF_|NC#&)dIyPBC>ss@Umb#z6wTRBoI691Ux)CPmA;I0+tK_ z6gXt7)aQ#EAa1yIzF2saag>(+_VG$KYOrA|u5vk!7QtM=m+w-_ooo_G_ba0$Q z#?_9BabxEgs7 z4e(7iA}Hs-(92^pkghvX;E`YZu`1*B{IlcMUU}_63SMny={Rx|Wr_2B`q^H^NMv>p z{+8FGHzhBz?iCeY#IB2hm=E?R^MA?m|1hixL5{P$^G6Q<&;9+F|3`Hj|93Ob%Kjfo z_GI3?5&bybqR(A^)$$~lG=3k}@N``rOsFXCL{wlwVXs}L!4nGm=&=0fvQMdn=shO4 zhBc|&{_a!^9Qv@F^LlCrmas33BRqO%l@v0WfiFVxiA*Y+=)015pz#5$%|9liQ`Gma zpnSkn3>M`Y?(Q_m`cO%%S!+JDrScmR;OiE{QJf*kLIY-%~BR1h!R z6%mm-%brN-PH=HGNjs!lsPB9J#C(gz_2!n6YmcCIi!5E1cD*&7q8*XeT=a2Sfl^~N zpN;&W7$P@G8T6lZKQH=Z?f)Kcbc+>^`{qBH@!wwWN&El)-r@ds|KG%;W}#0w{+mDX zg}~>EC9sVKm%Gj{7!A&w5y#?;NR9`cRQORuhRfprayZ=C+@wa33w}NM-(S~b`Cn?a zE&t!hv*rJp{6BRGY&U|Zyb+{Mjl40U6}2|EHDvPtJ8dQ1-#>Ej|9v_Cd+l|tzRmx* zk!M}{KbNWJxm9{;VVeJPC>CKRVBsCrh19PZXC^I*hcIv=zbd3wi*QUodIt|-c8PT) z1g=x7o+3zu)j}ndN;?+SZ$-U|2>NS|1l^l=g_&(tYJ5e}cD$NGT!t(VQiVA4{l(Nm zS^S@?C|BD8viSdAeP8DPhxKjz=Z!oo^M56G=2y1ACOhWguG%*IYmNd@Ftj38vKaPx z;4trq(cwO_v?!lSI7hK+9nVhE#hE0BhN$ef9}@u zOKt#3N-uAvQY-9uwtIZ% z3@Rt@dwyljFUso&KT}NCS}$yU~|MF}=dM0~EWp8NmmK`j60VeR!c|MNy3Y5DqOKk})591vY~;h$1GJA+U1 zA@LrKrWoI{X~wSDBdaUExP*I)sDzPxE$){~xfqW~bX;=V-``UJ=s*|0h+)6GuOHM( z=i#2^)_*Yr(2VuJe^8Ux|Ng<=R{yh+XY=bnm{0^w43Ht~oQ{ zHal}(T){Jf2^;2+DBpQNu=UJiDQrCl!2#0i1ih;`cN#Y>8AHRI6XeI{JD*sX@UvZD zqR-g{wgWG1@Fyr8cbiB3X6Y3u4LT?8Umy%Q4sGL%;JM99LfdwvuinVm^>nW{c=zU}YF>5sn)Oe&dK)(J{nh8LGpe?X>$lSZtlC(+zP%q< zZ}#+Rw|hOXFGe-{9ejK9xqo}w?GEnWe=twq=vDi#?lo)p1$c6`w*eD~qDW%a6;@7-@7 zKH7JK`nxyi^PB0->ASw(Z0(_|Zl`yq*L(G=`G@)+XQS(8y?y+L^{IdQ_U7|duV2?c zqO*5XIGcXx_HW*gn)Hp3#3|%i`+oRp+XPzYeaZ-A}id@6l}9{_xSZyVtGH7khZG+w8v4&C@rR zrhWdQc3y9vnYF8`P4#N`(@j(Vd_8O4Bdc{as!dNuXXkgg4+pK=cXwC)>E-3e zckf62n|JT4&FZJw>7v(k4nBM~zi6NJuie=x{8YccJGS0f+S{8mz1n&M-`>3aG`Or^ zeLXrDSeJYKYK!O}r+d9Y_sw8%dOX@Q@AN8dez>k3-&7B-d#CSCyMyWBhwH8d-+uUd zZR+nw_47sh9jpMYt64`Up~YB)#Bz;iw;#S<9p0SPTIzN5<#;eS zZQj)N(+{_&C;HX2r41%uKh37j)scPn{;Sy?oZ4ou{>2#dZ_MkSQ*D{k%d0cm)Xkf( z$U0iwES!6EJvA?{THWs3o9>{01@)SFcxheUw@+Gsjp`=uf4usNPH$@c+3DHwZS6vD z{&6=t`&1tp)PaMWQ>}Tw-yZz&@uqh5S^xU3tDowBU0n|d9Mry!7JtsA$=U3L0j zZ!X~Mk9XSOiVV!j!KaVYns)Z(%hjy<9^T$`;n@vsncYt}b^FWpjMBkX%Nf1ZFRpI2 zFTK-uH~ri09Xhp7VfEeH_cimddwqKFVWxl3Kbrfa>jR^IqMO?7!Fl`Y-G|=Q4ILff zFYx-*>eX6TS7!%zt?KmMr@ixg{q3i({k?b1>yw*qYwzma;7q@U)|+nc?d8|j$2T{< zYxB*g&sVK(wfp({^ycnU^`P2o-c&zX=DgdSemypRuU?-`KV5!4owh&fR`2TcP#>J` zX}8s{AF5X;UF!;KZ{K~rHg9GhKEHYYp{BoSpVi=1^TtB`t2Y-_dNKI?Zr1m7~tNzr$AELI;%i>~Xx6r#VLDOF203mt%L!8h(A+^uen9$mV;>GY;n@?vI0c8)?RP0U%%} z`Y?!cDRYFP;l)(bPE`pKI72ju)E)i~jnWIiNFJ&*1BxWT{AZhODnSlb;guh-p%@$m zj`j3F1uNYoW%7UD)l<;^LXBy*yjW8+XlHB#8T`M#w+KvVqA!PfHN1rz2N+TIc_m&?zJ`>d*HVmWk9EFIrlW7TmaBk8^5&tFM6$K5A{KqUOuQ*$Sd*WEcmd`Qwv^%xWE1H}v(}&DS!Vw) zss&2l|Lc2uG5fFm`quwUzF3$)*#sjf<;VLgY9ywx)d~(cF*FO? zYpqHB&M;7d@B zHbuG%E&0o?Lm{2>0(Xdv1Sk_kgTGC~34h!}s!fAmoXo*bJMwXE>*7ZpnTY*VcJ0NB z;7@diEb4d^OX?;sq(VI(PH9LeniI?vf_E0yh0(RK9{%tl{58iEimz?c(Ab0wC%z*L z^vs}4UW|g>MRx`hEglo46oV9;tyh^+5-w3h*MymGPQ$pSFxEkQ1|AcdMF&s*9DYHT zZev578^ZMDIW*XIkTfnJePCAWtY3m{6GHtw=dTx8gp{UL`tpLdgp%;hWkqN_HytDl zn`+hR5Y4a^DdsJ!;9cPXUiT6i1yxn#A=vtiM~J*KC&@I=-!>3tAq%CU-g{!jG!r^b;-X%n z?n3jix{Jw+DKOav`g&VymOSKuB23%P>W6ajv5vT%hmf@b&* zvC5E)+zpH@LcGCC$FMZyR-Phr2IiJwITV^EaR2k%8XRC)fKDL=tsWQ~#GyNJm3CZ& zk10zkOz?|@{*Tc4&(c3V!wJy{F?cBrXJiP)u?<#HibkcF2>Qmbba&M~CP@^V$V>X< zk6=o#o&gY-tC#PCGY_vL%0PLf0_qeKIfp3UVM->dyMcxDI|+8DA9%i7R$CVM9#8@) znk>91M%Z+@|A6fp{z{m^FTFXLpa!UgZw3~;gNEs@H2*!fujq;(V$KaSmlItGJxIOp zOCK)3f(Kb3f%}+|MpkGBq~s^Jv3?XfuLs2=4(&by-_(i7e+Nmi*L@O!xcPCM7uv+Y zEC;$61&Y^=eTpW5&j%|ZZMBepQ{bGdtV^M{=r8cnomB0#j8M$paQBQ6_$vO0sD)4Oj(bgl0a?_IQCjjjzv+S#r*$3&=;-`UIv=FmZ3Q1>K zI^M|VNG??$W~Y5JY#m)T1t1A29LEMSbw!Fn_MW%tuWz>NCpOjV934MEdyM_Y8f~>t zn(OPJyWE)%dP~*8pSN4X<8Je$ z+3KGkUG(BD29tQ#_YA#73l_;VKKRGOi}u;@qIuQ4NFDz8f;92u0^K1~NEuc#tT8UB zx^R3vd_Q>8>>VFnG`qv&cCSCYY@akQhMlAS+jzq)DaP)ukRifj)|DjMh#V;hvJiL$ z3ON2z{i6!Lf8U*99mVsr9Ul*mk1rk}f|=W-JG1zaHGBL|nx{vDi~g|N?492YL(@SeRSx>tW*f`P?PKnawCufV>%E%rb&4Gt`w(>( zUw&Q2-Okr2eZ_}5JMU-+s*n&C%RriU!;I&0OGxY(?~IUQN0=sx1_j0y;V14{ygx-= zi@? zxLuz?7Zu^V-{A(JWR8*z9&$$g$}?MqxH%iVsq;?>@jz7ps}Pw4Yb+k4$Byy=(No-e znH2^n*Lr5xiojRb^t_8Ga6ES?o`J5XlmRD*WhFMS#dK9duv_UkZn$EN#jSQ@>J%8!05zMGF?+DriW6{L`A(?xj( z!vfew)=}sDYOg1K@TWZYkPu$m1lx#E14)T##q)Fqh%_)B*6OTX93DT5Dn5@fnL*kB zI;5yfjY!&2{wNZRtpzSYHiFBbjI8;r0sgeGgR&mG$bw|*EYUX zkx?xJSra;x>z$Nim_0}t@U=N1$SOXFOa?r`_ttrF+FIxf?fLcl#!NXXEB7qG@KVyE zi4W9ugKw&x6w+n3l{zUrR0j6>$?`)rupf4y2KJ8{CK0w_v0c`j&#ahm+N0sEUqU-N zax`KvDXGDQMYoP8Z>e_|_i@k1TwhV)E1vy>r1o3r3k^1~f_S)O3@@ePl!{{zTO&!> zfPuX%GGJ~O!-Y@6M;SlsXMb|rf6kxVlQPqHvkiTk@Q9HhhogW82y%H7l#m0n248<{Fam2G~1jZ#1 z2gw~lnTO~4k?)YaR@(u!^Xrnjrbp$#8`JM5j=nNZeO8!w5Euw5<8Q?p@kDaMVT)@XLugv-xlfeGzmVWNsZf1C}JHDk2&&k;qfKR;|{e z?>(ck$cM4wt&$!;6aj*m2GBRjI5O{Ha66HC^QH7CQpINm@!Kc0qrd7dlb?BbXbC~N zkTXU`SV41)sP;l9#+^Hy@!%DL-D)t*2dub$GW!Ah3BTdL4qeSP%EMkQf= z1S>>^Vsy?%r*?Mv0&_q_|Ja)kNwZ+Zu}rPL^i*K8>)fJf!VN%@(dYBf2#cm2!r}~29CkBsf7ffbfFL=jtL;=Eogxc%2>y&TdVaFA?om&xyWz3S-0}VX zhQ5Q|6nA7Dg)JqAR;V%LB5^66VXw+E-N=R|=CGD0DD#Aj&G~E?YPm~>mn0fXDfW^x zaQP2Q40U1#m7 zSvymFZ=FC2&t=PYl^uI}4fU{jP)2iSF~VQcW`D$gEq>mQG+qf^#)8v$tuCEK@N5Px zy#f9#In&ZBP%3Ng|93}*wX02MSO?`Uc>Ve{x9#;7T1m81P#eK#tW*$rWIOnHsl>x5 zkk8XOyeSfQyi2SjGsn)z%CRZR=o=S_;cs2oorp_L=sPQzoOk&1zXJA>LTzd3MGDO<*5O3g)sT`SPk{Cv{Nqr3mWRU-mtmmv#<|~7QvbmX3{4)LvCGd!-7*y`PFoY3a%E_By0-_P8SCNpNZu_#?f7=}NhP`I@ zs@WYjTPL0NdBpJ%Bzubj;K!c4g!X&1P&kePwRDquE{#KAT9MFa)bk)K`|*sHof^K& zYI|@pJUVN(`os6lPpYmiqM^+2?oW-EGNp z)H*xvfDSPCfYyCX=kUOiWsjct2Hgunn>ujg+D$M2g7=!#p! zZY+<85`6Qc+xubQY~DI;51Xx{Hy6#5m4}4?;X9~VW2_h-O6Dk0ERc{pK01Eed>HJG zp*BT%(aV^k&CB!tu+u&n9<^HSK3gw6Z>}wk^vs~0i0O#}SLRimJeDq2fphtss?{aum^Oxo-IK6jfS2gcN;fWVVW!P?Ad;-4#_Kyo6yzgCtyBhG+0z8_Pj+vh= zQ;P$`VrA+=;L>$WK2ETlmBeFQg z7Wa|TROn=KKHsV;jA8MY3)K^!-$2LEj^=b4Zczz6J9#sFbJROO9v%()Z-;|kvnvJZ z0O_KaEl~uWeYCu;5CoB z&F-+@e&1~UxUtKFv@m*cY?mE6!(vwxsCR4FSBMznL^1ok)oUIPy3Jwl{ds42)$E?1 z=H?A~+ReL*CLTI`IU+?|R|L!f83&I#soJr?fTCql+vSfHBuaSTe+H4~0ai7S>VE^J59?i*Hx(Stx=?-jGcXj0PODz%YU& z;LAj-Lgp zc+>Ba&%WhrifxO6fj6xUYf{lLLD;Eic(yBtHuHd}{Y>*aDsC{OS&?m58mT0Q!vYtA zSr8MDm0V7PlpucSEN%c3w;Y;c3lqa*#Nbf_sY=-v{9dD_iun&)ra9( z-b4YjKw4tdw<5cuGzc7W7cuf0mUzDu`_uqY&&u^~*Aikxg%VjFnP8Up;;z0@0+p0i zuy#M;BI1Sc=PxR16yE=f27k!4|JS7be{cVFeY^i};&}}F|MO6T)MIQJH2w{k9*r#W z9POmaF5?F;-F^Gq0i_YfW~n%o9a%tFI?Cy<9c#iE=Zp2>2cQ=G`Qvo=^i>g`|AN9x zq=9H;f@L5ihQsjCicei{Fhz|$-sRFp1C-pkSyB`TOnTR46rtY4g7p4!I9pkkT8oKs z+<;q*g}V~)+!1t>R-YW=_o-?cGWUOM=$dCixy;`Gk38|;4(0ey^@G>j{J$G{B=+i3 zTVQYOdQQAxbH9hKi7YBK*Z+n$5s{)!kj)eG-GJ)c7P|u~WEZzzP4<;D%(+BEfM>ey0IjV=PX8I7BRla0F9eW4*K{i6wLW zJ8)(`@cw^rD6jweVRak-bt8}LJ`ZPRl8Su!-IzgzQ42R=wW#J=>9KCvQeVU)7=f04 zWZF~Mn$N&q-OoZKpT~YQ$s>qZ{6 zog<@u$0fc(5Qvq@WEg2dpYw0%!j#O(8Ki*D6?Y;xz~78da8ot#EigWBdFvE0+Jjmm8@ zIX{WS?~6mmWOD8@H)Cut>wI5M! z*P0mC7v{NI(FK(FSO&=+ur(GwDueANq_0$h2<&|uu_l+D?7`?HhJqCZ9mzbH+qFar zD0jgh&5*XwMxQ+U{|crb?8(&sRu5zMKil))W}c0l|8km4ta;y$U3P~YJI+^CyHo5E zJZqy%xZX~yrntzKgo->D)yvaAas9L4eTFq5Xvtfj@X1*Jd)2C}|E=xSw)a09dD7z( za`Feak68r+M&MU??k-}c?rr=#Ni8d`^PrxX;y$^mP%2W}L&p^X9k+Tq(l#rms@z|2 zTeR%@tYlf@e-@(mnB1zaxz2fAHAf6b&EEW?$)Ju2Jo+$~7< zT#Ae^>8-}BpK?uPE$S!cz0PntONJ0P980epgR;vL(<|ZoCj|hsqCyfLor<4juEVh=T&St#5C{KtS zP0QZdh{2Z+t=`(^>r!S7QsEKQZWTGFJuVgZ_zV}k$nF%5olFo(bQoo}dmfii5bmj3 zwr!t0Pm=uS?OkQ}dtm&(gzw)!a_E0+RoVYoyKQ656UXzn&YAa64STvRUy=ez?Q{H_Q6wkvwC!jlJNK8i+;Ryh zl88V6K>?EG<-YdssRck4P*@34lnmT+9T7_{Pc6@IZB+w=b$jVDSU*HM;A8r_3~2kYVMt z;}^?DI5{v{6IuZH27EL{pWhI+0kpyMi;KY>{NHo?sTRG<-uwQY<;Rcs+tZ9m^w;lN z%9}17-drq8QBtm0C*NP9JK>gIb@%_o7N|M{DBk~v+dIRw{%^du)A@g` zdKm{WK$Flu7rn^Rn|CE!qKCAFM~Ajjd|s&|!gq3ScDV#rm9;;wF#htf8%Dv?^P^Ix zMv^7q=O>Ri9e?)pTUtWFeqU^8Rk5jZy7}Y;mhwHX+U`_wat?gu(K2lg)_A^V^7vQl zJ)11jr!_j8kxOJ+fgF?HQL0^XCjj$%LcS~umu}0c%d3{8Witeprk78JHkIF%s*^(^ zlv1!(fWs=iRh6jdu_`BGzhtiyj4&!RByD~e8z5Hc1$~w5KQ6Wc*S|}pFf9HofYVf} z`ivQ2^)`57Iz6$>Orn~`kej8;dFkAwRX)Oia6p{W{Uol4yt0~cXMaDre3j0qw}RlR zgwcnXY#&nX+003O(2ufiPb?d~pjMph##V(9 zL5$v?y;fCxi>~5W*!|GAs}NaPoEU*CxvR`4nKDp5&=1BbgWg6-7%OeQXkvY4ZQtr| zk*e;}WvSX!E&F1?MCt0sg-I*(0bXg&%JQU*JclBCG1c3&1-2sNUYw|nC*>WwUQ57R{0TWR0)D&^ZOSxN;&{b-*5w|?`R$}r_UWZ=Ka1;E2M0ITI+0W4M%$eeV`A9hh#@=vcr-R8*GDxL|BJyF~{>H!>IEYT^qsO zi;63a^Ij1>R0*D5oux^ol^(yV9!BNl^O7N)oRz+YgdGNs%ImOzIo4E%WUBIV!zQ<>qirrTl_;Mv)D?|T5|L@fG;rs>f7;&ByZlcpxmM2q`2=EOMv3uPWPESM0?I-Pw7M&|$-I)_1g65ge+d>qd`pR3 zLneZzx1VhVyA*9HZV}J_n%kB{oZ6Rlczsbp)){fG?y9^0d*)T`AP{ByzrL%d> zf`W1}66W+TBCYLB4a-GReRf-geYcx*1vQNE|80kFFKKZ*r9L(sGqLtm!l3L<<+ZJ~%EqrCVu%?tqV)!lCYddlZ%k6Mu z5D@P-HPL_(#Z5f~Z(RqeqrnQ%XEGsQYY`x$Is!S7WyL_TvBW zDW7h_jV9AgEUzrTeC1(wq4_hkp<^UOlke4{T(-D&ns!c)(`V3`M!|;ip2|i~PYuiT z>zL;iSIR@?u~PHG3DNs)p+$w&U_F2c>UgcN${g2B)fC;S)#h|D3oN9^090%A7b8qq z-;w0`lDb)Q`eX`}U$Z zmh@$*KKc#Lja@9jE*4-H3$Tj?m=_CBqTt=!&V0C*asJxX^QszT(>}zl(P^wDy&&eG zL#Alx1eOh+)ne;piw`!7+TtPPzo-drp7QUbrpn_Wc4M-h?n z$rjsf(uH*)8M}~-Rf7P5hY*rcywycy>>@JOh{$NW2DE7eh%O>y7m=}x$oP;WGByZ( z_`}94d?+yjTM7PmlX$4Ti!?ovaf>W4O$NW^V1yalJ$5bCwT*=w%GtIf5oz3#W%`fF zElIf-MK@(9Bi_b#T#d@cj>qpPbzPInDR5w`Ql2C|P&%*)@Zj?2jJn-I-ir;hr!O#eIF-Ans_jra5}|L01sR_wpY z40*{XNJTyF37tl=7Pn#rNeaS@vaUKCsZipArr=TyjkV2EDfg3TPHIA#hPdJwhMoxn zbS~wKlke3Tzf@^U$Q>tDx44?PsJIr@#HCYkzs9=uT(hbtLf&_|3Sm$|Q!N$RSW~So zrLbWO>xRWTOLfEY#^hkp#DQG#tz4{=TSCT3zsjh$p`9)*aaG!BsUdYmiqgl`MTm;e znu`n-h1C=hdN7!g5{(Idu{CpXK%kzXehuH@_$_>gGkWC;^M`!PBR1w~rBd3;DrAhz z*GcKJi$e}_2X!@iGNe&!^f(FBdiNU2zD)4>^w*6Pm`aUY>#A?F)(-$g)wR&Zs*-N0$W|oVnUyOGwAHIylxNEVZL#R|a#xg`eI-Xw zULs}7F16nXonbIrz8bEIf-PAYtRUa@;FN;3yqc3Y#0KPl*TgEJ5+RQx<;r?c@-b*k z%J)Lyrmzs2S8)33L@xaF)ycvIFQ}ZzEo%Ygi44vb)kWo()>ac+(nS@PxrnYOwe!#T zrYf@%9&ulKSIq+ozfWFmZL2TdoQhgQzKEVHg}04bTCkTEH?>T+mZ-Xvja{yfP;L3I zYj}NZ)CvMx;{P|?8D-?ZUH+dHU4m23v%xX+;FV=tfraqk==2qr-QvM-5CbjRn+C3j z96Ylo0gKDObuMpO$F73|A6ia;wavtyG?FdbFqpXh91F#e`6Mp5O{Ep8O3F-?N1~KD zuaU6>VO~>f1ez|A$wtzRLon1gpl!Rir@nP#*=UN)CCsv&+5^dY(<)b)ZcP!OBt$!<~DlzB{pK&YM2)LnpB2 zXv;(s7}~*x!07t%{!f2+zWWz40%UH4mhfcH&ySU$`XlOHZF&tn_&eJ|*mSMB}3 zK>(i@d<&nvoCr~hjd|4Au^Ss?yXX?ZJA`qk`j6Rk^I@t@k#Ki2GW-S|)C zh16Glv=INPw7drKpVY(LIQ~<`;@WB2GU7iqsC1$DPqOg5CrD}EsT!&v6+DO@%OlYGnos{BgivQ{a0BR8bXK%a9|F@E>wfG-O z3|JxlkM!M=pgW?y#)DRhb=% z?Wk*YD1KYr=rH?LbDP6#S(Qx=Ynj|hTx1C`G%ALu5ChlP)(xr?p(65#A`9xXqK`n6 z)`J#zQv=#9x*GUy7@$6Lt=2MORe+Emzm*!8>-G#mJDA;NEs~Trcf1J&pQ+64JQa0w zVr>kIV{HuOSQ|BCh&;#QIRdRbU}N-yrNoaU1N72Wg!(Hbz56Z zu5n)Ou97a3dh5$OlR<91Ee_34+)OF8Eep}Ga1o_p8S>BExsKNTE<4zgubT2d%bEHW zvwkL5iTr=GGu%zf|AyP0{BI>!Yw~}U46y7l$tP1fWA{^^N!;iuotzb=@GjCFT>0pgPa;L#axI8@GnSc!Ifbg_7c)Cm*Hdr4G~STF!KEy^kd$##ij?N(MBl zS{JaNDJw3Kv^BAwSufG9AKGaP?8pZI(PfnYmM4tQ*stcf)3B>N!oK`Q)=@)+0`POd(Rn(z($1&wRu znCSqW>5%r)BF&sTg@q)&o!B6xfk5?19@u;Y0=vni4l+hlYE<&jjS6b=f4(buRQOjF z1(ezUkH+J){(rpJ+5fNPS_%K>vxbR`b2Wqo9Ph1IKn+X%g?T}Xd@Euro@<^r4aHJN zMaOrt$arlcgmdp_8^JC`Q;HkJ1AOJSB@x~AW%+ww6gobZ&GZ3YHTQqdysCHh`>DeI zuj^_1uhD4K<$qhr)w=zM=b9%L_Ct>x2!0ODsgT+!wc#@qk?iuP*-zWr>s#N&=kW7; z2i`!-CS9vy2B9L1T#Cwgwjpy+wSPBb$KCC;Km1j9|G%l_`OB_S`QLWh{%&b>T&OGQ1FCpXtD2v2pzdTwkMC-R z|LS;uSMmQ&Qabi7eQXWzAJ z9{)=9f7_$&wETB(uRH&(KJvt6nIvz0>Y#$aTPTT))kH;PUTgmkx_kS+^UlTTf!>hlL z5pYhRgsK2Ez?G~v!A!ggs3gnt3{9vqjqlY3)ZG9e%UqjL;fLQzALdnK|BtXkZ3B>! z{eO2n%-DZyclke8bG4%XN$vf8QA0lWg1drmlxe;<^JM_X(fez%`B&SO6Ft{c-*uU< zSxlzN0a92CXx#Qlj2#6+IRxJ#lB2)bO|k8Fb369nVPi~{7_>3@W5eDA-y&tlHxT&N z{5+gYtj|EZaI{31u`5gvsZ>6r;M_|)NBd~*2I%tEx1!ifeGvLKa|FsMf_?K(@(Jg# zf=j(Mz1hxoOZb|;A$BJx>7%M2S?UOFQFp1Fz+w^EX65LIDwTPLV4BcAf@bwb(E_Tq zNp4;|{bK zQJbO<$dVh-Q#+qC`~)Ap!b++&-xcY=1t+{4USJXR^1tGV4}kXdyH+|aa+iI-eCkkN z!E?ih9%B1ztaA43Iv=skP2EzV8LkhW<&`QWYLAnA)2S&`=S#&tC`A_PgX{1L`3?#YzQpDwW7(2}P#=(U z$06`sGrk+xn7=B%X~4^gMPA*yf&P{sI$M~bZ7NoFuP<=viz%7Nebs&pG~tY-TQzEy)HTY0Us_e z2`ai2#w$iAAEmfVQzSMt$Mr3`putiZUL)kys@!u;_V^Ndp1J`A0rl8!(soM>cka0k zasowr#NlbH*2KQ(GU?%^<&s}lIitcthgF+Ia(E42GI*}FNYXfZ-lgaI z!KD+q>(vKCAmbf2;bbtLN=eurf~;1xqg$H&j= z(W2vN)F4oF`r9SMh~`x+9v)g

YeF3+CT`8l9H)l}!QZqe@+S9T_a=){Goe3Q%3% znl^$+7nGH8o++NDs<7`>1Hb2#p@?9;V8HH-)~Uj%Q&GSx#|q*Mmtw?F>3+4Dt|~A) z-4zpF6}~&a`LRml4B0L;bNF5YiWdw6&O65=fakna(5AYf!wZV49!b2kkmiBKON*`? zXPm_arxqc|?3amhra!ShSu8J8jkh``amBH4-fPMy<{IqPVF?x zGAT=_qLxIzXaX)F0(xN}v$D1@2e=cWAZePmAw6LEv9gOeggwF5)IsJk@`G4=r-}zB zW>H_LASo<2-3TzYw+!S5cx!&wCw~k)G*5jK$J@?-B}$(hB}`6}KoML$>J%HE(jek_ z+m={2&F(B$+;~wJB(+Zs$s;^FopXxPvNeqRaH!|eCB(ixffyisouhMBP+*%f= zugtLdXVsar^g(k*EESW>bSs?yZ{*%0=cXdwb8f_N|K(eeD$z(`+k6xthn$;K%!_-3 z4+3mnC2tM_YmQ!&99EU3<}%-EO+05l=2e@CtuIxZnJqbY+v;&0fLYRTSr06aF#%26QVL7o7G_M?7b@vrdGr!m{ z7t2*aOQqB23SyK}CW*a^Tu>?OEgS)5L8@)CCfF6JaX+bj7RnqGrBETEMdoK|sst&1b1`jD>Dg_)Phd5Ayx4J7A%A@=gkg!b9>qi`*EIYg zY$Vwot)g~8Dx}6vR<7o;Ok_Y`r3$IE-Dba6s>Hr7FPB^6Y;JmvBC?cbRT8=k-H3Vj$f6s0VX!7s8lZkoI={e1<4hXDC=%b`vG)rST;MZV>l)s8@g-zHUL zQu-~d{Afw>5xY{!;JSsf6}-9(vX?ccaK+sJ#5OHMcTH?)X8;Mp0H$?rB>E zEc=ReRvbG!i(<|f{jHo_@+A{ zC-0?Y5cu-$&MQ%YMFDdzNs=5Utrx%p8WY?D_CI-?7y^dq3vt}eAGb9UxuhnCt zFYawqdB_aebAjI$oEC}=x>Th|9j%t*I91#aklr|2nQW58>ooONaT4V8ZDCp!r$y$* z0-3u2FbCU(awVt6vPPO@#g|nwBzFLFov-TnuTkn}dX>fh-rG&%zwvlyyTgC0xR#0k zlxd$S=38>w=S3KFJE*0NWX~1-YEyZh^Rg`K!iFr2fA#g>DD^MBO4t8R+W&tz(mVhE zm0WH5|KD5c-@NtS=1Q)X@V9^xt>*eIXm!0bzcto>lhm*DDp~)dot;r;{df7_R&%Xo z{Ey~J)5=xfN4D6!su!2bEH_8&Iz%U_o*6cmBn^_n<{IwS&Ieniq$Q++t=NJ3Szz-D zZY2S1oxEb4Sd#ty1w z@YE}3@GKMZC}SwM$Xsgg|LyDlw|B?s{Es8O%m22TYgzk$YuotZS-%TPy7$exUY>9D zSM6@e?dq{{!_3}ApVv8`;KlQK7nIZ>m3Mjw8)xw@Eojl^EF*V!t?E{hw!6SCs4l;+ zr|MG{40!tGZqv#JygOQ13BG+=bHV*K)9CAOmTS1@;34SzQT&N zF^b(B7RJGqCI&{BK#wEI^DK3<@|KV(N}3GPkHQ@Lse&`<_3uSoR2%=-OZ`r-GWm}_ z%-DZyZ+H3MR&w2s{71|H&p+mgL6?;Ky$uycaiHXCwk4!}w^lH#L73u`4=ZvYCarRE z)jfHCuD6J~yOwy>*#8Bv(PsYt(Rj3-k^k$R{m*KywU++LiyWP?A*b zSR}N~7PBza?U)NkpLNV{|mD@fO% z=yjK^L84ukt)WV($|iRy5Y{sV!a8IdD4o75OU01f>@py%Gy_7HN1#fnO43z@c=2G| zKb-3V%d4od_E@nCEWbEmy1?@M`z42!Uns78tAXX08d<(!VEIu~L$@k{<*STsDx&=A z0?Jo2O-;uU@4|=|e7~k)#Jh;v@$S>b9q!@|uSsW?7I#>TIef1(Z8;H#?Ah$u8r!Vcl&s(>s z7k|?+O2>VW%4sM1gVaMg281wHsq6yn$Ac)?k3g@kla(!KC{O=p&2bKZtqcCu>0d4WKwCyKjM}@_jjLJe%IR*&8Rwv)#Kna)Pu`Rx?A-&@*8W z<*cLSusZ|*#s*L0uMn9w12RX% z(}hM2_-DwT5AbYj=DOF1fV?AlINo=MyGy!?*Z&p7meFU5=!W30Lj2F+&Nzkt^z9D+ zt>)_Y`#FIwT~iT(SDX-)ogPyTiz!4_u$|-v<0asbDidY5(0A@Nat^@++88k`5I{fn ztayuVkiU_Wr4=K?aOd8s?~*+*5;rh^?z7MdtT{Si{GLAYL+1#;b!j4A!Nil^evgq) zlkn=vJ)W6&9Nmm_^^Vvb*+xA&MiYwkBl^(qxJ4qgJN-(WzV3NKp|@BwH~$z2Wf(cffBfRFzR z1T*A_k`q#x_Nyy2oQKWl;@Xg@+6Le}q{6mIXb(i|5A@jzKw>mR4*;3+e}NV`Is`75 zpum_Vb*1V!<9!0R5QC>t4>Q#zX{aYw$NAUslKKDH%cGMwF9&n8)jEp#|MpNH?WXYm zcs%a>e^+unNtXC;$esgZ2K``Tbe%(VBn`OtW81cE+nRWiOl+fL+fF97J+W=uwr%Un zdl%oio4cw-*P{BIuBv{1e?0q}6Ma2>#;71y#)jA!4Z)Z_1CPC-C*!fxBTr$7%}us; zc96`1oExu8rien2M3h2Z$68pAB?4^7egu!fg-t8|ut!x!;8hAmijHUVQd)z3t3VgT z!+3rwZOfohNH&Y1T28^0KGdoJN%JWGM`_1hi>c{vN|> zB)B9I0?Bsz;a)|ei>-F#e06f{9Z7)*LBNi`CB1g{>$w{)diW>!45EXvw7C3Y{2_30 zueJ5Lx%`^oZRw;&w@Cp3O@KWV+leOMF$G9m+#CV#K2{GP(7a))&1*?yW~5xpM2%(g#{ zzZ<{t@V%I0UBB9JP8kKJhu8Oc&E*lE*ykdnqe(N?q#&2z>#jY3(yg^m(9pc-H3XPh zEK{S%h=~)>4ASr#cnjlNj+5Rg(0U?F;k_aSAUoZ>q}ETy;wmO*1l~le3fAK2#HM|x z=rR&w8P5>~NLV4cDOmPHeiWM8SNgvp6V_i48O67E!eH@QGfmfihd|S=lQTrLMU>S{ zR527SBEv~xSR1%H>To1qtedr z80p}Ss8U;tXJWL*o1_;zNJqd>x3fT@|az#s62;{i{S z8)|X&B(hZ*ZTrVHseoDc1PWvp0KKNh5ayK`ZpStWj>iUPaLP%guX?X~(=ffgM0Jbd zv|^_y#HetqEZOtPaam=S$lz&D76b&Epq|_YIe2Qo@G1-o1Ej1nCF&0Z1=T% zp_i3mY_2WWI_z+_drGwVmr9NTpDp_k+WG6osG4@&MSCo?e>Duk^@MVQd1*`yL~}0E znKFsswcHC>93ACajJw?n#H+YmUMX4r=1eZr6ez;5P*fm8pv|-y<~zYen=1!W!^~CV zii|I4a33$iXzE&^{>TWBqJUFvASOrL^A5VG_J{QXvB$ru*3nr84l%wT>=6~{S$Igi z8t=!~@8jJF`uB5XwR zB{x6AEL>?$mCCQ^ThoT!tqjwYFi!8jxsWLpA1^EhiA-MITZC!k! zjnX3cet$A~KIw91vC*MGXsPfoOcMddR_8l?Rlczg8$26pf413>o(SL{p2_QnrKIjj zKY(gt8BgtjHaQbgsG>A3-0Xj@cYpB80`%_CtlZK@XUPtRzU_x)#RY(#2`C<=OAEjT z=@<)hqV2-i3m0Et`4#Dey++69JV?{!U+^M&MO`n?riIbS1TUle~=BQ-=|bGl`uhBN@P0&97_F17H10UbIWb}d+y}i7u+wj$ZEP4fXyaC@w)hxN`&!#Z zaA&adrlsEG*~lKsCG@ovZob_J&TqxUnd4S9`fCowF(j-?wH!mX-amLB^;2YFFaK#U zoJ{c?4}1cH0zf*ewIc!8(=Ly5Q9-JeXwc04nmcNgtPJr|w2cX%oFZb?YZI9$hG@5_ z6IaHc?+ft^^fC^p;Ej)?*MYqqKx_08dpF~rAA%(2X|7pOXp+>qt7BX>2wT(oI~WL0 z=<%}@LYMttjqN=K*K1+vAdgEE)MVX)CL+t=q?VuN=$A}xAIwvwN?9LdlU-41W1lyz zcoSr;-7jx0e+2E7pPu`v>VFf?^QV%NR{olN6Z<_uzz0sa0IR8lm!)xZ;f#RN*p#}(byQ4F%g1{_H~-nthJU!-qqMH71BO|pNsJTjzQmIuF@+zV|SI$sjIJ~=6^fOMDXcwazxRc zR1s`eX3St01AF0mfHtP+jE1fND&ba6!ws7lrg<^((AjyXemBY^pkD@ePtn2j%feq2 zB}?m-1tCrTN(w%=WupGvM3PIR+omeKGIN>zz=jckT_D zRdzcGyHlM^xw0#7K&}+)wA$*oE(2MfbG(M5de)7&%l$y zY3BeSzXH3&^Z=AQ5U=VC6mV}#%>jO^h4+RxKpl>0WnHQayn84-kILD$sJQZ^0a6}m z3arM{f+iaRX@NVwVp?0cZS%9GWsF%Fh;NcO$B*K2)w*Ai3xen1HjBPYCG~WzKK7s7 zaHC z76#KHt_MZbEWLOJa3x_#Jn2~C^?nfSk047zSCdbt-`U?^Pb#tQdmwl(dB{Nr))Q+h z1&cm+UT8>w;VlO`(8nISOwp2SQuDdG)%S(|XbEi6$k1P}?|)juuU9(XJZHTV=28PC zq8UIg73(v@D;^tq(n&8BaZlfD^$4FHXWMtD^18fBui+5#&$}NwMRk@va0mgHioA%q z(}tdL38?!6)5U5+%VFq#ur^#=SO^bYc5n}{HY)F5)PIL-@;)F0ewU(lc)Y_>RmlF6 zS^qbLyn^tGFdN)(I|WW~H<}K-&=DNspO=vfi-)sZMEHI_hk3z!v%BUXS442Y<5GBS zWEIgo5}ENZbDH6_+Ey3)F7&$%nQEK@cNXIj@A94_IcZ|L`=1^%l>YiF3IG?| z%oaz0XS?F|*181Lud1i!=!#B!$L*k_8=38G{Oj1~kdf3Ab6?j6M*#a)t4Lezclc%J zNR!1vVX3Fm@SFEiY*CZ{)y${c7#6TlPCPP71Z5>_fSaOl4mbAmukm5V27iprT)`C| z-)$x8Hmlz$c;`SK1SW=#3#M?XbuV`7{Z1b#mzM^Z-}dC{DBmVVqR2Dk=n8{~tAC zp;DwI1M;SgZoLhUgzO0=E{LXz7$^)YVZ2WC5#L7g)OZckKsXN4QSm&o&mr{**8C4w zl^bw2jH0jOQK26|-~J%x_UPYgGKtXbz%8Hr5*gMX!=C%)qmdrel;w5;Fi=KxyMPiO z>63>hq<}*C2=|99p)ym<7Gt#e%dK;tWD}wHYZ} z3HVUdA#!rO?Z65D+@{!`L@Nc_o6>=O2xI)aQA@HhzWl|BXZ}m<;TqXw%*e*1nFPy2d5O#NPYWt6oFc^V03q(oBs8v3F+(`R5m;UlQYIlAZe z^qt@(>4R0$ak<+lTKdC2ze6z4I#2SO5As`n{W3&&JL}-Ly^F(CYOAPi{ND8N4h>tC zQje#7^i>b*vJtACV*#SBi1n)LMgjX3{v!jT*e21t7cC2yNX%(#GOC{$p*5IysQjgN zVpjLwfxBF0 zQBr*^2nVLMLZ(-^Pkc>*eA?Iv6$2Us$oKD+lX)U;Z=UV94ocilDfq@&%(nJfv+S<; zlrzLIPvsB6TqWPhE{k0&z8Bbbd01z(`|nx-f|9*&L|2#Q$NvoeZ*9PS6c9T6V0soa z5|d4UT>Jn;rK4D`!~z#|O_!UoS%lu2l#O2vUG~@?(tzW5&pllJTX*xc1LhP53SqKt z*rNJQJtG6L;CI$>)s05DWo{RnWy-_1dD<7bYyVlm3g{2$B*3zTfuAv7coWSHr#SeY z>Zq@MA&8vMxx!<|o-yxGFH>>E!m1}dmfxRMDhdV8M3M1*Sy7pXp03h9$*@#D=o-p@ z^xfF0wi;;&KwE4G4~94Y4$oBp$F|d^OtlF0Ys!l9GOHTSPojS$C*Pu(fD%4%}*MCIMzc6!c)_OEXMi66>u*8=IW3I=P| z?AGRzLJ>LWNL$6?%9X&W^_k*vF<~Nj$eEU=%(8N7m2G(bwloXux~aigI%{L5d*tla zrtpG4iDgtY6IpV~CWj26+z))?O1571-meu1y0iDjrUZLH?ixEPvq`qKHC2sev2h8+ zNNMgf2+}t4=Ido8+w;|!zjsLMOJBVCby^^ zGvAWk&&CRuM*6sr#)#IR0Aw34bl0pnt6UFqt4^XZg0l8tOI!*=*g|Ve2i{m~A%;zW zPK5?;rA(5}o$&SJB;2@P8k5rd(Ng7{=?cA)sQoH-jMk%h#X#D&0?p{xIaGV1d8w z{@m4I5;}7pN-$@USg7ew&XP-X1sn62W9-6nGL4(=Q+5lH=F+O|L3{Chp)B7#TFvEN zZ#Q=hWqp3>Fr*ZpP4p<;0sYcVv(}rMNH?|tQ|obi3J6*wtu?x@G@Q*@Ck z7gfgp`z9Qh7!GHJV9^|cPQ0|?FgM>GsN-yq66yuY4gA@vc|g8N<)^!j|KO200~_jy z?GcP6uf*`631;d~uZVim7;wLYaP+7ScE1IgY~yX9-7M;fzji*8T|W8WLAN|$IPz)E zp$U|IW&N~gs{qVXbOsW;$Berw{N`{#vedgLMO|wLV#c<$ZRo{TC)gRIk@!?!8*=}p z9%1OP=@l}>KI`p1uR@Sjqyj#cWc|Bs>Ukld8jsWFhJ?*}Vg`=_ z)w*NcR?>Pq=!>16v8k~D+&l!g8iRg9h$DI(*2Y>#|se)H;sp#&zJYS!-`I6b~U`67sNYuwQntVgdR_ar&I&* z&mxg78?cw{9+5VlU4K8j4@cLO6_)Ki`l%n|hrb!mTCJVycMS?MqPS-owxLS2dgR%8O3)8JdI0RAYh{U7jHy{-E}ze@kInJ=@n%UoU0brS z;Kb3tMRi*>VG5yMzM?r6@}BR1#dY|jxMxszJ0Nc+;B68l44waVi(=GZthwyDjyYC= z!X5J=!TVvsIfyJlU&heNmCHI8^}U!a`O4X%t$0s2AI)^1^HLEp?wM+dqLZMpz>c#CS;HmA zwgsk}w{mM^%QOxuW&h9#1KS^4K!A-)a-B*qNM@s5L1=QA*kQzqF%G@Oaz6lhxot8@ z!A%d64TsH+u{RYY4!JaB&8?_8Yi!catqh$hp6F#=?jt1c6`e$L&U8yS<$_)5^#TksH6hx`EA$ho)2+LV zw?3zSQO>Dw9xl;SWfXCj|KOIhL;Q?)(Zx>?T0e71vylWL+B%m+kMcYj`#icRnyN@x zT=HNO(>FXH0e|4A%G99IJY>rm$Z%%=eWt^Vhbi7-=Y+81R<2ZyIsx*w*GSw9a|_iKfneK z$<&VkY(8%Z?)5o_GG_cwwH&)348v_NOzVDROl9eBJmfK})!#pZ%w$A-=PT%P^@d-u z^k$Z%EVzHooc57ZF1lKbPv`f@&z0+kG11kn{%tU7)jSL~$74e@GoIAQ!e8|D38{fH zoYaTnZR}#iXt}KS((fZQJGGcp0%SeN`L%cYTsVQ-wKu^nF6zKT-pqL)34v!`09(TG zCL-~iQQ*$zL4xo8vr=d~oOKhqFxm5hJgqXQUVm>PEua*ec>U&p6A^M%!KuKw+&KS? z#DT4vF+ZWcAoZs`&@vYrEG@VnmLg41v;e;BcjF*TJ_5u*F9UYC@W{hsR?0oH14|Z; z{BXTL-s%TNgdx3QauG}ZgnH+j2|_(_BOZfY-FPKQvmhWp0s4_bynT?Q>eV4Ep4R=@ z`VB%Yc;w~{(rHqUpt(%f(L_;W)$GM!NWMKmQibw`U9Z(Q26%43#Bu{Z&VVc+rOtuo zTy23a#dl5s5B+;e(59t3RQ=iOy!vt!MkwiH)vRJET zII#?t5e?wnO?luodzhJGn;e%qH;g~?*yIxcy=MU{c7NMem)Sl$rF1U*x62v3P@hps zFdzvoB*m7;i8}*7Fd$JsTG+2X8izHgX* z3YWW9LIlKDsDxIT`|h_18$4Q|Ie2-{0tC!KLiJwp{i7BsDJW>3jrrYdglD#1{^RRy z0CJp_E(I5v2vo}Kk-G3&Gx%N~4ruH!7!R0RFKO%!f)<~QbzTs%nWSB*#v#PKpwaUn z0`UN$x-gW*`S}t#r6+zs7|c16SSS$=aTpjE(_$*x-_!~53*q7m3qQ2GMw@e342NVB zvHBq!2CLQS#YZWlPIXZ!5sg$$DH8Yeak>gnZb6Wd@IzAkxj#^+cyu(d+$V8zsv4oj zJY*`kqhdU{ZFg~aesiGM2adab^tFG*XQoBfXQ_h8gM6ui$nl3>n3*J6{~rBlo__g2 zLN1_kMtb%rAQPga!%vIE68t?PCt6c%G07u@&rpWpziN3Gl%X3FJ#rf9bFq`w0j@R0 zf$aGIr~zuAEDh4wcQ_mkM=8my_KP8153PQtP*Jatjpk){6lKYN)Yn5{OfiQ%=vE+A zh$4u5kUW+3OpoaGR6e)Wu$SG?&P$ zYiOz&!dWSqTIgve%RjddO*;fUAqz;Q5g8ix`nO+*$V?NFKn&6TvawZLfDeSjjCpZ& zJgbScfb*$HaC;K)R?vi)6>Uu_6?%4n-uQy7K{Uw=(GJz+z7)2i@Xcn^Ue1QU!_9;ANw^2qO z9$7jP9sLfa&Eim()>juN_&6op7CmM!t1_2Hbci7Gk78j2a;P!T&#&BMk4ij*%ykNXk*}7h%yJ9xk#kPxvWgS>^QP&e`R#hubD2X@zqIC`&=~Mps+EFZ@O?<3 z*&YCkJ(q&34%nFS$H~Yav>=o_DVp?}x+oTbl^=j#2gbC5c>Rs>O9@nv7;}=s7uap) z@j}tl$!%tsS&zj(sl-4lTwlZi7B(4ZLV$2#0`!_z;li<%mT6h8vN>|b`zT`14sl7v;t-z`x{j_x`WDFci zUMHq>w#e`Qz#ugrrp|UD zAjQ_=wrY-F9r*N)lVUY>*dv*Dvb%LPYV+6?rmN}5bil*|_R>^;)1=crCh)nQ_QQnZ z(?o#KLIF7*IocR*74*1gNxeJr&oSgvX-GHk$NUDu4@f_H;0MB-@~9HKiG@9eetCT0 zx7r~Q?TLs;WJ5Hl)aI(l;usFr^4Kd50G$J#^AVQb5rs^EFwMZMM|1H6m#1H>XTB|X zadsce4I2`7xXR#f`aswgG{i%WvHhth?;XV4>VKk#hDD!Y-Qmk^%=@Qtm?bd4%q#HB zTH>b#L(-VFt~ZkWJdzH-77QMjl`Ygat}-(lE2RCx1u(o60{u#}2*UMCLJ!rtvw;cq zNIavUry1_wpfjZT)hbg>ro{&350)gFpsXz+j+RME&pfyy=T{#i?IF04ChqZtUXtx6 z6c5UKlnO)*4RZHzmyV3)Xc|vNrFnM3$^M0*cQjGJmHtOL_hzO@vbiBh&6;m;fkX6e zRmDN+_{>G&Okasq8CBVG5Rkkcvit9_&E@`l&8EF-w=~zNV9AR0o|aXs%8IeOsW3={npIIWm@NM(<<({ zsX~?T%J!fRl%Cd>=e9t%BV1B}aMZ6BF!IT#ZnZ5r$TycMU775KO*U+r`#40OPLKmQ zFp4V1@v0h-L-SxsKaS>Qr=Ki}Hcy9xG&DINQWG0h+g zowcJx3F{D{zqHa`N`6-sH%O_MD#{YR-@IsFai+V)^?!_NZ_B&rV?2ce_>&#Qc%4*k z&X%QUo&=E@(J>3NHjAVJh?hOe9R!nL!n+08&||{4Uam0#*f6y?xNt@7Di7R6npIp; zBKsTzqj&a!32~#ud;Pk2X)B$V!%(a+0vB7Bb7t8l+A1a>->J<40+nIsLhHyKNFi-E zMs#0Diz2*z+oHF_8kjjy4p_h!!+!5Z3y@YZ4E5)%-59kyI<@+>$+Jx_qKa!!H+;aA zEQ{SOs-pR~fu3Z?Zwdm-`!iRw)LC5^%0=ldVfr-36VUw^LgR{g+vryH9Q% zo$b#F0vq#^?SjCamGT%mU}|rIr?AUOR~w+MFU3&!!|?hImjfJ7)Mc77H}3xf(nrIX zO!fnO2tUsHp`D0Mo=p%U@WhiLi2#HDHbZuK9HQJhAtm|^5TjgNJoHnQ=fyX!sZI%A zTmiNh=sZ*TbC{*A_3q1;B=)yS@2Ko~*ne813?PvOAw|so<4tY6@)Knhq$+xyp zIYsasF+v~YP})qQO^`=3{wiQ2PnWz@LR?!tX`K*GUP zLX)B>WCg$Q(G<}quD-Uo+Kxr-o*2}E#HwY0bJ%Ew1mH-J@1CXrTs&AY!|fZ~3`V)R zt4r`683^9F?lZzDj+jh&WBEbri6a~Zg)_5FPPB(|Bk;0`)KIOGd02)dRyxGJOl905 z=U{NHbr-aw=5=s%j<#{4uS|XZ?4ia&lvUGz>udZk$vL>Da~zpIKDfCAytj@1><5+N z1XxT7=@Q0^m?L~z&38I4U@h18mmQMf0NMC55lFS@PEjRt*oObhhx%ghdzgc`|J`Vu z*uxG?QP-PLM~e!(dQ^KZ_s^mYCFXg4A3aUX%r^3^L2Q?*^Nzn!_5hoi^621C|M>$l z!hr&PUQJJ`ML8MaEv-ObUe+e|{;{E$*C6gT>vNY`g*3>k=SWR%7K0Q6S$$E2=7#oM zKkdbufgej}VUrMzLpc-;Tph=w(wG5>4}?NTK}Wj!I;#y}t1U4;q1|flAA`XX$*I=*uDgo+ zxg}uXZXuX|w=od_pXE9~|6bj<(O#NKQ1}Yim^zRig1ehXLQs&Ylz&;}GLGG=Sn3ur)qv=AE6=;!e0mP?${OUQQl6oseulBoje60X^XBLW0=bmdhz7d{ zJC!o&Od5#>x6>E&bt0gU z)EFkyz%jl72#h4}Tp3(0atpxlr(?F9W{{~YA@H3pa!Frm^Y#G?EG`?@HAbQM%iz3f zlZBs2=db2$OPJqnGZ53v9FWsSPRhx1ZIA;fmW3NfBje4*^*evsqLL{0r(QTCY7*By zb8>zZCbk)uO5;P6@b5}ed*X1=lhheb>a2aD^H$x?09d;i!Dm2jtmD}UppK>%-pysA zQZUyjU|ukWa~Yk#L{4ie?wB+x69^Ov56l~I{>F8Ji$n_a!_EY?9LG-lc!4)WQ`1_) zLg4YKVs%f2+|M2n5*Y~-ubW}VLJI;Bl3Yu@=oMejL;*-g$@VQEf*eck~ZjOB-| zgkZ@-hcIamM=I!pm;rl}QS+8zkR+1$AvvZyGzfhs7bPwQrdd zvmsKJz%^tu-J#1tDVzenjj>B8GTI9+m48-Ba*2|5i$Uhyh0GN%^fzb zvzqw5Bm~@1JExUWhe1I+4jlCX38xfZESHgEWTKq=XS)`U33f(QzQ0P5zX2*MAod2) zz$5(-gdiha`%YS%LG~^WAu>9)OpgAY{>fQmgn;RtJW(io5pzYyP$V@!q&gp{NNI%! z1W`T|xOgE*+d|*-x8-Ek&H<`AL;Iaf&ET9b9}zC!5Aaq=+kqpt3ke&scssOjCL!_a z%sJS{ypAlv<$3-?oPz4wpkOw}q>Dvu&i;X7P>sB-OFM92UH%W!EP@L3~2t~z)p zXC-L_3MIcRSV-%`R-h$tK1AI}QvGme)WR7z;|4>5$e;Gn{Sy$!jB~Dk8evL^HKk3- ztkI-Xx5NAaLiy^;NWo4XnE@g^esj4;2)X}&a;dbxFi__4=qST9LJia+4G3ZxQ=$W8 zvn}F@$h@!(jX7LaK)!*nuW3yqNsm;2cEkVQGwxol_-8jycWZJ8amHHR5EGv{m^O(? zr1t8P;+z^(-1M{p$s_4&eSZi3QFQkylU=BLhS645GP9k<$sNMIfZ;^D4>1YGa0jf& z{3Ge8a^7iyWZW^OtXQlptnbZTy<|elC^gZKdBVXkP8yYuY1fU!A~*(HQZ&pIib=Z; zuY(Pk2W(95k1yETpu`KXAt_zR!H}%5gN}I+1DnXl@4*=;1t=@S+UzztC>;tgYE%&v zm<#BgxlV)%SL7=Kx^Q)@U4((aSFjE*PmrnYPal_ubJ@H5ixc?L)?F9jp?0EurMO#T zL-AWDhD?SorH?-TAx;lTD7Y;EvC#aD#LwJb{O32d8wT~ z^J4~BR7+5@{uGD*^w2lg9~=VTkg1dKFwWBla;g-C@kl4+cn_gzN4%@{7Gb#363)O2 zzmgr}J?aQFl4SC4{atTP#xA^{rA2K05p^Gea0z8h$`rP^F@Kr@4WWJVPO>fhchIOM z%0B##tQF#d8}6y}tMY)Qt1d!_H`W~@{-fY)^1xJqji3s96wbjH~OMO%s6a0z9H zPAn%Eoaxgyin$_PAOvg*1K{PUH-&3>p-mj?3<={jdQR^iW;+cAq$IUqv(@>?~aR(4ky- zahn6zq>zo!EjjCnA3885bfN)lJ*i?zp#w>t(P`YxpW2Oqio&ZgJ_BgkH`5zFV zHVv4m<6D%s4R({D>M;L37VcD%&)85|mcTEBp7{>nx1NatBQbVakWr@mEY7aUIe)j> z4F=rv$H^x)0Eh$?%(kz%7kyxajMrhp!l>ExbmW?+xAigj$)xoBTgB?uuNojaD!5z1 z-a4l8rCUa`Olt1;D9JPbIwH!%RqJIeM%EE89~pA3yeoMY_Uq`#4l4a2D$Qr;DZW81 zwL#^K3%f1fkrmvA0ocdW`mUExs)-#q2eUCjsY%AcXnQKJxv$2Fng;O#z&r+In}uaD zo^ktKmCDk#H&uit$Hs#i24XDsX3lic^4` z9K}^jb1V+$m)9x*&b>SzY)~*R=sGlZY2q0oa(8^VIGOaGnEFvEBv}poY_d99^vnpV zt=nJ%zaV!>c1EWMjj}m?za+j=S`NU*e$r*O+%cHC|%dLlZbMN<7;&-QIMMB;L*XopWfq|J|#u zDx$TfQ>oFATT=x6R(ShWezMPtm-`yLR6*S3t1D~K23>WP9WJjWH`x2PWx$tgbAW)Q zlp-r4^pD(}rT0sAC5Hx2@ zI(ThhSdHH=t;tJO$~ljGYPG*-n(PmCSTM^c#j48D(MPRX>eQKW$ODPbf_iyS+mG(5 z8-}#>h6R^(hO@90*l`nJDOovbvF{bx`P2HcxThVYC*f@g259)J+GWa|DKw10mU|Bo z7>;LeN5`8fy}ks1?NTLs+5(diM5^Y^`7ofUu>!NdknPRoKM=y4g)Wrhcxt`6wn-C| z1<^%o5-?E4JCf*sI>NMgoZ=Dj<#?*jTD!gK&lvn}ZNBA%TNIR6!sZk1^713i3U4bvzOw=c)0oau*Me24-LOj^aAS@D>UUS{!>1 z|5V7M?<_s0)9aD+wMI&gQ#~>8bGnAJI2Fn`WA*pr2v(auZDEeyL>+EVu|!;+d_C>+{uD=K`!AN#?bPx$)YQh-PoGjwCXo)OM70>;uO7_ zs;2N!bzi{;$F6u?Kzk?V#9gozB20_jH}t$&d+EkXfX#=2uTw@vmhotvu?I z4_vBwK9rjLpos6G$`_v53#?6q?LpBp1deiXSqm%CHAOhBOE#x*X6w)FT5OLnAC=2f zowC|AL{PBuQv72;IU8rkOqVZ~&9s22wKQRFXS>H;gtCCZt59kS*6|p_T4S}x!(ZYP z_ol&r3sl+$0eQGzG|fCjjDNS;9KPzg1GpaIp*L_3KymkgF3$9Axefeoj>Zn8B6e&d zq5mR0KoU#hREoto3FZ;BJbT~YkCS4Gz^i_J=+Bf(3V!~3-_m`a^ktz1XRmwYrGVHp5%-~T6|x5yrk5ipvPtuT->zM@=iYb5;i(j)jqiz-c&HfUZf8+vWI2q%epZ*uVt<38fCT71GU zxvRUU%6j&t3N0`1MY&2+9l!06p&AgSXTlqGv?lk6^}KxR^wj4MgRaw7s6@Niqc+a@ ze7iR_d(r8?Sr;2hWT;w9^>MvY-x2N|%en;7;3jaXQEu7p9W&`0BR)~F2N6%g!|f2h zFTgclJxI-zb{!o=EPJ+SNttLr2g1d0ijuh%_32QHeB^B!sb;|>r(wIqBK_R!&FI9F z#bCf=lDSgIq^(TBUAU53Z5^{!gf!8XVbWVo;2I>g5A+B;s)hD>^8*q(hDGPU^vZ)7 zqB5f+OhKrtXLUCQZS!%V$YNY*!%o|%W<)cXdftV7G?v`n-Xx$V$i+85G4~E_F0M$J z<8Z2JcC+DcuEA%?wm_$3vHa}?$wdvD^mp5l_w)*bge4#FgNig;&3lH5SHm@(x=&fc26f@C8 zNj-1GJB;ud&Vkc`U=3~ZmwDVKtXZVH7`-vD_jL>-?JZ$B9e#YY2Z4a|c?&u+7!Cg3 zrgWlk1jG#&uSb1H!3WG|#M8pDrfok{B0_1fk2qiV3P_ANqC&{5B9y(NI7A*+d2Jo? z@BXq2ekkaHr#mvF&Ad8vCY0O#M{bSmFMGJHzKhXP+>H~Z!`|PfS=#U)|5)ab6S$iU zn!YyylCd<1&8aO;-V(1XgV+fhwtxc3XTsHhv~wKS>uCiZi=J2punUZHm_^PCz3Ky@ znc`a)&LI<$&EF1d3^;EzzrdE6V^m34Gxd*d2>v{ZQLCk`Fz`H@I81Daxl)}cCJ|qv3;F%Z#It4xUiJ7Q}TIiH~d&!_RJj zcFBHuD9@rp(RsH0JkK9Cp)O3nTnR6E@{eOJaH4 zvAE)1G2dC$h*UP;`K8#ud8%9VOt8G;(zZOzU6pn9h>UR7cBadFx$$ZKg&1IJ?O*8Q%$7BULe(%3;9e9kD5qMm?B=cIfGc^lp2%Uk6uv6wM(-o-< z^19@N!6%!dGZ|46j}07z>q*+smk|l?n2K^XOs5r z-`0hf);L7Z3rkl?)Y8e)c)=-*3gDro^*LPQn3d`}-Ti@eK3EfRjiOa(jr+M!%uzf8 zL>t#g{dLHoiUhLseIF~QXx8YR%7C@K-Ym6#@)YZ&kBE@EUnL~xTx8vr>%`x=UVz5g zypXq=u-P!;V3|JAPVwH#bG-^<2tm`X*N{x#Qp~z9`{B2Qcl>ibit`c>V}}V7=1&Iv zras29T&5=`!_fWeAI+mm6-G$wASA8Ri@3z#299j_t?$ZVdL9-Yob^*A(qp^kI-XCX z@~~7IdyYg=ERBYs^bim_q;S9nf*j4Wqrxcq5}QHfB}x?}_lsq_w0ch77`fWODCCG~ zHF|jeL>Mr9lnZUtlLro`qEhCUxkHI-VM%us!a$?(e8cM;x~sd?%W6bUuQU zGx|w${^!qjgeRqZed2A}lWW*Vd!_@smyP?i_xr~b^Mb`VDgKY$NV_#BNlPkYzl{~k zG^WYE`?NpA$m0zK4WXj>!~XX}WvOe@5Sz-;TJ(uqTzGf(Lz;j!SH45T?gHQq&~-4Y z`cP47mL$RY-x1sYCWH3=83k73%>EyU)@ zt9IRvt_OdB?X4I04{0SA#!+6pCx?i()xN_{=v z2mUa}NXLgp`dVVH+Q8cLjrp{NT{5Ly{Kt8uJz1q4tz98ycBc~Lyp~P(78(j^L-8YpeG&h=e_pqGSQfF(%;G8IGb_S+1}hL{$6zE|J3ugGkcf^c$&Gk z@DtcwUwsz-WCofZbNsd>4o%dDv&`7po~*m_GxUEE;*xqdY%hm;dt*io zh3;SWU*g|LB#9%sR-@1ig(^fWzZ=c3-8kh+)Y{kMQ?{aCh=P<~@LzU|Ihxr1(= z)5nlNrE6d7(qTQ_Z;CtXXWN*}Tt@4@!0wuJI;LTm*u!njn0dS{z9=hqIzk(#|{Y`};)J9$LcCs)a~E?%5#oBC=KT(n*>OVLbHZW`Bu7T&TS^ej6MKO zhMmQa*)Sh|SFrCVbV(p(%1SfnV|aCgqgx9+fi)#&r+9Q_^oRY6-y*+{AWAbZyjY~U z49tsKl*tmJ*eoKO*ovnh2>a@M>o|yRf`#ri&8Y+GhK<6#dBhx^Y!*E~PJSL$^c0=v>#Bx|MBeGW= zjHLqjA{8x1l4U@*l4BZ=SEj7WwoM|OWY?C-TYT&K*OoKA#3%}#9lye|<@P++yd=|< z<{Nl=60@VH=Lz$9dJ-|F!SkmVT95KM#vU&%_j2aqASvRlYa;qmRC1h_cMH%)X0q`L z32Lh){B=#CF50B;Dx3QXhH8>Wy)5=AwNevZ(PU9sfC$$;(Dj0ODH)?_yE{E_pbNtu z`=`YN0vJ6~w)o7!*@G%0*d&6gj+6=?>5&l}Gj2{4B9G||=fQt@5JX!$JVTB4 zSQvL;p#uvYSf~OPo;`aO$3{!U;*pTRN1kmN5PwY`v5<|WNP%*1*9SL`5iU&30;uMf*{IOoS~TnU^ev?7$P8^{evRL3T=6F8gG#i#gg4N#soZ6m zR85cI@`=ld>LY00wLwq<9=qAu*6dsiNylJ$R0k{%_iLc#VQ;L$%I}?cy?`@579Ccu ziIo+PRA9L%9(;AIoF4;zMPONWg>4Zk=OW?dVdZfOD{rT;a$4E9Qv{XuEL7g^pmGP5 zJE&YyuD0H~zIEpAD$b6@6;z9p?{u6Tbe#Ngaq{g2Ir&b<$vaNoaq`L*|clvSj;Ix%WT^_vK@!%ElU_h-1I!^o;IPv}4s_bMUF0Mc8?vBs= zS;x6M&Ml=%YQ(ztI@aB>ZqTvrdaS#lUFSOS(Z_ZKhBwoWiFQo15fe=tUe;xz`yCTq z5fkm$=L2V-ovC1Zrh*Ub4AK?` z>5S`F4nNXqn7)1mN%i3ScWve3kslAJ=nvJC1HSC+ez z%cqCK6r&!MnV#<#FzOVK7D%MXJjfD09pQKCkao(fghEhiMFhN;b1%44d_Ik^x2Kla|dt&JRA96kTWpF%&=X95{)Y_lZcPUc)1(%rcy zBpgV3p816wM^wqShH|NOB)Z{UmIENDO5aFK{kJvND{s>-5Ro~z*Q^1Ssq9pj-g5MMWn`12RM z-+m@)S>MvvXT58y@}u_$3tF(x{_HMOI;$ZnzMG%Ks<@ZMkm)yx4Us3zZ~(jL+qViU z19W|j{w1pQ@*N-gt8 zkHtiJAIt*~uC=6$?x9W|>TcnPXJoJ9fARzl5wdPuM^?>h{ans!_2xW?nQc(ZPoQK= z<(}SXKMR>E=iE-fuJ(Rb?BRat9&XOetbTGs_WvS1^o$W z(6?CJlDwnMF+V1p1*wYUS|IqPIY~8L@8zkp$w%s?<21ktyI*A=-)OEQr*&rF2&kDt5 z8Az)x=%h5KW~zk|ZgHN4TTslA>Sjn?&y~L=7iQ88yVD0P^DG=+?`B#MALA zsybxI`!%LXeahvh{Fl~UoN~Dubmwk4+`S+`QOrETIpIi67`@qeUu*Dgl^^~&dH{N{ zniq!u%T&cN8Hmee_t50th>WpHR&P9un>@Lax5vlob~h6|%+9^(F|N0*X(eseMJm5@ z(~O;vaU`HV9L|zq8wY`QhH9=ljusiS=o}~~fnXSWS=5rUX9Q2ywG)QR4!D|nsjDXo=vq)z&w^!c$XG&th z;LE}K@~*FD&Lgf@odKDyQ#vHBlaM%qa~ge&gOjV!D?^tOE!rEA;2|6`{~tZ0rdwN> zx+p7etnj8>n^lo=@Y8&Cko%6{$KrYx1|Z8ZsD_{)4uTA?yf^~VJ=DWfVNYFsz|qyD+GAA!PJIK;u#A0*xw#(023+)~mi;Ty-V_YMwU zx5xes#^`i9ot>>M__x#Ptd@;a~BnW$63L1E^D;%xH#ABgH%~p5;OMMi@?1K6vMrSk#XgFLGTb3}C zasnNj1K2xy(?&;z3THbN6CAVzde%r)&dS4~oE6~-9cS}MxmcW+@`R016jM+9$zsI9 z12V>;pP!dl0#{oe#dM70D-@-1B({_d^1G-$^VKSF5U@*hK{-960Zp#tE{kvUTvJYb z0WoHs2}52?a3Yrv7--CV5~wLC74^PYizXA<1i%25#zex8B%U~MK0-#85<{I4^ofM{ zEFk{p)lrf}e0O8RXC7~B7Ow5F@dm&^5VUaUw>%aO=rE1R2KFxmU}Qx=+cwl_E!c0j zZcPHwp_=!xoUPwze9^YFQQ-!y%*JI_V!BzdwBa;kVZxPckXOc*GtRWyhvZxEIq%y&u{kdy0~vsf&Vi zNJII2S|X6DdL0?Z8n%I)x1N5V1VjiLnZZ-D-`BLGxKQimQQUxRKqkNep` zg2TyI7KbxujKh#6SWC}SAJxuM8YFMRoF>Cj1iA{w>NA4+)CG-lJy2L~2v+Jy)TAB@ z-MDR?b=2#2*HLeKdmVMxN*=VEd)Y3aKcT&V#0hs*aPg27G-5yq^FbKlEjRH-dtpfo zqUwi4vrmdeE8mLBW_k5b4sZNUd5Q!22SHaXjV+rE#qBEgJYqfy$OQ@7Ql(I0Ti6^> z?&09?1ji={j*~+cf>9RiKyw(91n|zw&d#PRiE%XgU~D5~GdOgukIPx5H3ND<-njuQ zPOA3Ys`B|zsnPp&XTi#Uc13m+b z7?NKGPe?9Eoczfz$lB@VFeW6-b%bnHvt`LpvFgbK#FiaoN%t>0`OclcKR3#1>)fydf_bG7v;Di%6W%!jy{Bvc~r*j{;mi30w2OUp|T1 zPDKuthBTQthJ3&9u0Ea|EIx{{wVp6iZ{gnMJ#Wivy>KtqZJRL5;^)&ZqiR)kC9CG8 zKJy&%J1Hu2#gt2Kt^6tM&0I4niR?UeDx3Kme#42Zc-?KU`+WMq1=OMjE-C$7D9g8+ zfR@&87wf>gCR$PI6XW=Nk0?m_Vjs(?+#(*5ZoQ8Y1Kl^Ycv1QwKxO~v;~l^W1j(ww zWDYP9LhfzA#nhvcmcI2_&3~o$9{|c<{b^&w(s-@rJs&KX9NZ_EoJ1_yIC_na_YP|i zd9Wbz`aVHK<`1laq zcchUooxxfDg{9=1$ydHp=zBzc$eyL0qVqo9G67PSg|WoDo0X`AL0|lvN!Gx}wrYI9 zSW-CPrpMASIcApyhi+sPOp7j@ilomw$I*GA(y+hSyL1Zek0h2o=Y4j zf4-WmOZCfq?`4fe1STp9CP9RJT>U-&f@$hw5)qsn(3p7ob>_l))}7{_Uis8E?bQQX zOnUi11wFsz3cq?9B7`r7eRe_OenQ7&@nDV_26*-F)8~qr z8~vA4W#WrofBLE4hn!NM*G@y}OP!5sjbnXW?Mv-E-9n|bbt^`jnC?Su+?p#DVpZ;@ zkN4nZJo~#ob%a=q(g;069dsKoFd_2mRNyG$$~j%{^N3afRk_}*#6doDgl~2aE$m|= zI%L_2))LY<<`77o7M8F~O%hM!f&BRo6z?eeD zLe=Q4wreV@JPNP}rbShc+GjZ46B34M)5(+S7+;=f|8hv)muoPfLGWG%kt_Lp7-OFj zD==U_Pl3AN>XH<=T@$saWQUws5asn3^pBE9_971~7WPJ*NW=oH;YtWLdxJzdmgHLh zEg$no)j>QSm7i@pSI0dZkORt-n4alK6_r*5Vh}v#30ZJxCKY8fBp1cG@(73T(jdqO zF4ENr_ReiTf2(d7vlJ4>?G@#Wv3;Hs=a|W#8jK19>CV_-kn5}RZdF@G$UqLRoltEp zQ7v;h8wF~U!m(D`QOqHxJ)c)hE9SkEV%XN)VpvJ!Gsu}7cqQPYL=%m#z(CJw5ZMUz zj3ola7v!q9ddR8(C#6wrENGNYlWxB%(iw!tWF6y>BtuvC~?n9M-e41o*&T}1% zEjAfn3?Wk3EE(HwoeR$AR=EDu?U;a4i!;CrBtXz?@Z{tOH{yf8SsQwNz47gvSrq(b z)^&Z2R^d2u3!E<@Tk3>3MaYV{Iz8yv!vb9JO(-f*azMSD+;Mjx`7H$9a{^P=4-(*{ z)}QMW#Lu#AH9$14d{!o%9etGHc7$xB{Y!05##tK+@H$0k`Fnc(~oXM~Ok!r;hBIXWW{ z$wkMbXd@YA4uO=41~D6>POEDfIn_c~EriuVSS^IrLYVovk5{Rkd1bI(Mb5#OFKZd> zhn2y)oz7{9&@;r-F*>`N&K;sv8hSCoJpYn4A*$84d@Ap|u=4_;O{{HWIcs|$E1H`- ze{gc-EwJSKM;{Fbi}LyLsu}WPVA>BE{DMVokNpQv> z0~%7zhZn+{_sw>|kdpZpW)X;N4fU|4W(c5QUrj3_Q5*+$C_J7AQ z#b*JL5!Fj~IfJX-&EQHgCfhcsO%4Bk2cg~{I@nffhp#OIH9>iZ;@ zKW=hm^asSL0|2Ye?J!9x+_?aC4d9(MtyP1psyxHq+*72Y3;^$i(|Jj+-a^pX5w!4oh z{&O9h8P&0wC&p%;KdSOWj-l*ewL1u-Tw4@44P1+Y?)PL;pdR&0nreH3Zm#Yj+Y^+* z*!O2pP#X_8e@{0a@QHT|M%*v0J_Hr$+M0*iq7MOn?`2%-k7+)Tv+XGCQi=IM$By=M zSB3-SR2VI6JHXTNYE{ywZ#vc6tA9WJNl3F#*O5;ys7La@9$ zw|{-AwQ^5OY*uy0i@b#2)@!$(Q{i!Ys;A%HV30o)aHRoY0m%>** zIJUBNM{MQCf`wwuUDn)X&0X4cHFsHamo;~}EIs1Oa^`ZoW-fnB=CX@gMV60-%qP4* zhzYp^22+hDeS4NW+`|0iLsdr7cg!a>+gJwiHQQLTjaFUFHrCI{rF-;4J|`EHj1_#~ zX3Yown0(+JDj6S&lJBnGjz2n4iD&SLF8Dh?U!Td}89bTgIFo#zYhUNu*Lgudx+<(Q zt1I17{F?8@h57OLDwjH(Jt`=vdVQMUU0X(6mJL^e@+}#tmbB7`2!?m#MGXJmiX-Jj zpUG|8OS1N#wEQO(U!obHy(Gcji1+&R_$e~-%lFMlq`;fBEIHsouqyb%=6G=L4YG(6z;1vkv3#6m{uF6pD8S@*_CKm-pMUR2ROm#gQD0R zt%hWX6M8`q<%kSp!Z{KbZLNr)W625LZH(ypm8=fq{QW*+I>H7Wt@h?d}{SsAIlzPRAv>h_$NFZ#=u0d&<;+l zxj#req8Pe94S~gw+B;>*G%2K6Wx!(S6p!UM5%W)**PnJ|de9Bj?ew-_Tt6AfkH8w{635i3JygF@)y`Pq;YDuM*RPLNX)tdKOQ2DV1m7BrA1Cmq39Xq>A84tFa7i&f=0%H!s+D6!o9LCm$Nj?Kl9KZ;8)(ar z-x9!fNvnN`K}7C9md%a9P%z?Cj-)#K{WXx4TLsD-*;*1fE_>Av1UNg30Owsm;eZAS zi3`V80xSC5e0@hee!pYepF!;{Xj&^+ie%vsjtNS`loKDtgp>F} zLQ5Syr8bDD4I)h4JsU)9?f?zWw|Jx`5w+#R(kvft!|GvYUJ_N|1)3!>UBu=gcW*II z-myg72OG+2!w7qm?$!fUKd(-kNAC~vMW@Z{wKZ5mYrZ8IomjROEqX$@PQi|S(-Nz=BMSgyspLrG>yC8&g>3bRCATT0w& zi~8E4zVw`|S=JWyvoBg>)ao^x7WT;I_i5Jk8I>s;>TWIU=e+|0RLi0Nr+y#Xto}nY zSj}4!+g@gm&ZK{?6+I9m)7sL%w)C$p{TGJwYS!^l;^e~X=Ov5JX*le2GA&!|gg2lP z3F+D@yw%H5O3as;O!vMv>e1XQ_;(hoeUmD7Nml#P>>3>_`5(PDX4eIy{b~#Cyw(2n zM6s^@H$V-9WolW1?xJ?z`e(BJ_w$`@ciXl9?mpk#eqP&u-^I@@*?;Hkxvgfk75DUJ zw`9egkXS#Ic6YY6yWQ>XPUm^&#&+Fz7|{-v8C;<#X8!=L2JIhxMBwo>q!%Pa0p*Jgt*?Kj(*ohk&j{y@j%y_!J| zbE}+xW}F;$K@x_)9^eEUa|jFXmOmYPwqZ@qC`Dqts>*+)JfQ>gM4WrRYOj&#usF#QgP;`DE=h6dyc8 zEJUkNfWQ`}ACN(^x~4nB7sI}|G=0I0Lp$ho#L_sp>I*XRsVf6KiOvfhgX?v^UnyzD z1k4Q7!{8WyEjWA2c0a*CAWK;y+G+FJtY>Xq_Ho+OfvQfMrs$`x5WK7g_MfZmKd+rO z#b0Zu;Tn2|o^N(sm>QUeI|GHV$~7Obj>f=O8_@IR#t^qLiFt$ z5}S*zuPbE4y~*!?V{Lra>~346-gy|@xAk@z%}Q``?{Rs5#+>*9qQpGG)By>ol*~(S z3ki7SH3w63Ff|9WAP2LvBo1b$=3r_LW@#LZ(!OR)j8wknSQ$6Cr21!J{wBubn!mA{ zd>8zU^5A&DEKbe6)Z9zWy)4MRbbHHTUwYk|eW}@(#n~6}k0kRX=9DKSOfFcEj)@mw zI_}eOz`pT>#dt`-v+n=AI&HR}aqhRDWfZ^c({*HjCfE$cfRr`XEJ;jP{~2m`wvb@$ z{w)5t;Bks+)yMfTjX`bqQVDnBv(mDleM#NI0gcltRgjoIQy zRqJkV=OB?d$-~!&?~ng(QGb#WK z{G$rBA6SBerHQon6IE*#3A7e8Ye7@}+(%rad|0D=M%uikYehcVZY@AQcmcBbcCl#4 z6{O-wdMtLi-;4m4Fxxlct4~9hhAu!9C(^fB$yPD2%J)s4Y6U6$)N~6~ZOy}^Tbnb| zt>-n}dSrB~pt2F=Ge*dxV>~1>h*uUD2Glf}hqer92ZSf{CGJz!A2FVYrt4a@1InJ$ zrVxXqmd8@@oHolpHq}PovxaP{DLc-S&cd2+tfR^+sGO;1swrolOD4d*n-buU+(KL5 zJN3=`+}6~$roQlVFG)S7k>9*~K^6I}?e88N`CUkCGzkchlY!tzlpNjM0^c|Js;N{> zrPR-Zq*5yRGE-ik`1aD=1WUOc_DE^FlbF_Y?)9>P$hCzzeEVUJK}d6 zPl-z2~g`eA&A1ueEzvI>LJK7kPd_MZ6>FjfZ%|{$p_6~ zxEZXnc||1l1UZ1bEAI9~20Q@}DYtzxWO?zlViNi!hRC+fLBOngB5&_|hdyVO5%x$K z)I&bI!YG34iHQG}hQ$dlM_QVstfD!%C|kn)lVKr%eg3IiFkTm2^Ily1 z{uYq1#fFt6U~KXcj!SZQ=z#B?Jmv0dW{!qFy`X-Y3Gvqjh7ZKAYyw~LSDGWfMl(Xk zj%-%WQyAW%L~gypU&#cLmK`-8iKV%x$c8^-P70?h`JHAiNRlo5!g2RDYnHoaxgRdeJ@r++X4RbQ`>?t0`ZO0k&AVZ|XUP%d zGSww~_jS!-KR^!KetfK%?3tKs`Tq2yG1(?(ah7*0%l=Zxm%Oz;EnhN>XXQ`KWlxsd zr}8H+m@oM*QqT=(kdTIED} zQOVPst|{G!dD9P@?RX2n*kZwyM0i2|gLzXDPe==#UwGxxbC1*2gH1{WoX`nbfT41^ z<9Tcxu~0xm)u366<&GSafCx-gHLk8-?x+AURYOAMlFyUiarJqM%H@vdlL*Jjc+!Dd zO_n=0yPTB5TGlQbdcy>JlVDfY+oPJ_OOs~fC|XD2o(cIv0scBtuqe~Ot|M`7>nPjD zbp(r3B8fAfrDf2@L0~d;x1Tjjbu11#|E?0bHs>HKIR?*A6}f%$QWYrzRM3{$6Rg57 zeQ9jAdh+pbq5z@>ryDt%F*8h?=`01`xBvWK@{+B7`rlWdpRKi@&5z|DKa}S;xdP-1%}Td?UP*Zx z{8^W2b^xr1aJ@7Hm*p=ulhbDd|IU&|y|*=c9`%Mj{l3<_+B$*ewx!DKcC0@(?LWF! zL^eA*n-i*S(@rAXwKSAH>-Vn8+5B0rfsRSPsH>)t#*=tdy*qbM@eEst%e%$>3MnG9+`u{2U|F?VH z-ex}kf3ME}e>Xqh8c*Ex|KA!8E?De{xZBeJJR6aEtPd4k(9&j8@j|J&CR7LuXo+wtPxpy&CoAN~SEnv+9 zMPf&w+x!{2?6zz$U}17X{}9#PPUk;Wsj*v9urZQr62D$Hce^|4_pfrz;@7L@ZU>G- zc2Er3Z$JWe2)6Huvk_*_5grmbr5CawCK16&b2m(bz%DtUG4a%4U#OXLFJ^-O%7)`3 zcKI8@zThydQebM;@;nwacY7M_3HO@2k`K)m1dm{a;{YSI=5F(d`Q|(;Ax3#^FwzuSeo%Tz89d!M6XB~B)_tueU*J;0eZZ%l(y4zm&xjb~WdGg4KevEGZ z{qKMOd+YG9b#Q=w`)zkT-sRj(H1p%^=^}9)YVCHBf$(P2F8&w?c2R_rgv8=7^pn4- zvR}5%20&^@_4|uXei`br^CYHW2JF&%(9Kuz#GF#$T#ok+Z|7Wko6px#xA$@#ZFNM0 z7qgt)5)UfdYmmdx%Fh*hUB0VfIz9uvzq6}8@swBQge~1a`iTDX``lFJzx)CAs9U+! zdrR1AWjQ!;r+>^%{y;17M)?LyGuZqFOFN56+pC-bf6QH0puE2XP@WYRLp<~!dbbbm zaJRwd!jbt4``*;gWEES#ayICmbvpBKBxLYnYty@jt$n=&R%3BYeY|&g)6Kp)H+XM* z|H~cieIpYQjIp}Qj!QGx=3H)OMj`U*wE2_yBj-?-#Wj6~y4jU5c707LC+cD;1UqcB z@o~>Y<0n=!i;URkjZMwIyJn`%Z{Lufl}urw;6%PCH1|pY*4`i|8_`VG!Btyj*>x8} z(U$DtvUl%>JN0u3c$wrL&8`w4pzLHs2aX)7l&wPk%V`yGaK$Ot-^MuPVzusCWqE|< zgGRPseJNzqhC0QEuNQcse*J2x2*YJ#bGXC zkB8IsTHn0^vF&CRYTgtzQvAYc6DTeX-b9KNh>pLf+7g};iFNlvEW<7;u~ei z0;?B0TtT;!m63e2DO|ey;JJVF5osV45EC&Ufp;G9#h=NDAdrgLAj@8lga`;#0pjO3yN&i8%)jrc5CfTLV1*axR?8&0*aAAV03cZ_IDmDgPGEp-tIR$6EFgf62LLO~ z2Lo^><3t0{V5K4fSY10&0Bq2nh^-SAov(H~>s1MCmJy@L!g_ga%!K4GWgf@nS!yKeqa&m zb_7=8YZ^=Hhv9Gf21++#>kdj0yJKHJ>U5lILa>m^&rZCx4Sv-o_Mwv&>Ab z(gULwoX%q8l!uczjNa@VhR4ECnz}zGHX~d0T|eE}a@1^8c#;&9D>Y(}v_zjz67r%n zXO^w7GsH`fN1g3JiEw1FcS0g@5{vK#%~_r|1SANgSNf=2U;@Vcm_VR=K(#h2P{kee z%D4kB9j5_K=mmKk+(AZhY|3gNO}}O4D7R%%S5CK^-EQ{Y2#Btk{eAyDgOQ`YFQ%ba zGYu}&V1CbY4ZtPz?uJXa9m3!1bZWZ)5a|95Oc1WuPQ#7UPzdxP^NH@@kc`3XOl4P? zRSKU(?59!nF&URq^-1OiOD5B$=15b>w0m1>I=uk3tSR-wq0})R45%k)Ee?Ie(gd+V zj_j@jorcheP)8(rzNE>BhKME$5Zdk%2(2ZZ_qG~Sr1PDn&|T{?8M2#m>AEY~+(tRI zX#TKX07_-^kR*ai_haG_dZFGt7n9F#PdcAlH2+Hr(WMFG>t&nSDo=)>w-cTp$29p) z_Ota@frIao7kVc*61{m}Ybi=Ojh`bvw=Uv=zhC@F9L@pd=O`xF=fL4y#xx;PZy-3C zhtA~K+Jxy`&WoDMskxkc<#GnRFK^g)LXZE_k{IJYSeyax1K#>hwzBnCK*M**+W_vb z8Jn81S(LF+QAbReF#UX)j{px|JUafn4*&i{MI9I0uS35-dD6`5JhQOxaxgpSdqo5q zLzZ)1O}))_XUFWU_G^-*_K~OyuQe$8@b`~Cx?l&h&d^&HWKG$2tKrMXFP(rq7i}!9 z!?QUbx{=oGW6~FnDcqDn`jmZn-tN69Yzq|5uq#KeQTfJ1bL@;ggR&`9?2Gl;Eo{qX zySH7~7ATxyTe65D_MXIeJnNR&qn8a|u_e}Lx3DFh_Rfo)USU&I@odmizBADrTjS26 zd>R$o<9vE68`Rk<*`ChUESuv-lCXD2)tn?a^l|LZzERn1%BEAfN#?U#*rIm#d0~gz zI{eU-4LUiPusK=fw0*IrP%?*#UCBPW4P4VHVw%n@TXI0T*Dl!^f)LrYT7B8*2w&wU?qd{N0KEPDNt18>s`xyRh23 zU%Hh}s9$3RZ@TGwF~JG(zd2#yjWv5F&zLB9h9&Eo0tnjL+^{61V!Zarr|Ftt=VSM3 z=Gd@x&PuIVzF9*F9Xg6Hl$i*=Ime1`v!13&!IPUn`Sr=&oGkIqOmMBz?NnZJqye~) zZpMb|(tyGabeF{vwqabU*pPLHvarGhs757VZGW1JFl_BlF1oM_+7MaThU#2YVHYk@ z4lq%(bkk9B*WD<>xyX$&d@#rbGIlV84wi9rLB^FOO{=+%8VnyPx5VtQ%Yq043Y7tb z#V^KYQ-uzOGKHa<+xnNT`AvokhB7Vt_Vh1Z2uAr?PS%MK{Hdxt)5(tM#B?Xa0mE-v z&Gy_k(~x6XTOlI=H_u{r$))pa_70-ahGU_oWi!zd0s%L1(#itGa>`o<-vHN@1qSXm zt{e9q(zO1W<0lvYSH6qwGoJ940)rce|D6*5cdNU#)6K{K?e=!+_`i4Y^R0o98vuBE z&OH+g*a;v%J>SDnh6pZA_TWYkE{&^^hj0&d!x|=&;;(*$w2Yhi=jD|=74e!2Y)9x zhLG`xEQGYwuw}VW$*NFhDVJ#`-OSz1fL@SykO0%{tO=8>K-T1n_gE0%h!@j8R3~7! z;rh}{LKS??C3XAsK>_9Z`nOjb0S1WXczf!(W1W!kN`7T?UZ4R1cfjm?Wkdj7kOOhX%%A){#WGqF3CQcKU zZ*+#^y?_qGaW3({-lP~`p6KkUU@4GmFrY#3KEfVNu8P=2UK*bgD|5YI^m1(ka+Hrp zxxKQp{+H~LlM1-J{(}CIOUWXCu5(ieXh`0OGl^J$H6{{;xR6^=l>RNBwO`f2^RSHY zm1WFVbpo@H1Im+_o~fs;;&L^_tDz^(nUC1zkxs^6dbm8o;kz^l3fcN~eS*DnJBh7T z2LVN7!so)Sj_t#oILGY4P(x8+Al(@o403%{UM&?9ri?b(38*V>Fg}CF#R3@eghct| zt*DSC64^MSIgAMj3matR;(=Eyx9&RMe9{0h@h5fvqLc63`TKL_7RsbUH29b>_&sZXm zx6?q}x3_x8s-)Sa$;mC?<1`!wx!me1Jyq^HT^BaRn0-{`2CrmqrzbR>PyI(3YY!1g^ohrZ^2zb=0ACd{_Q(RaEK7dBU%C0m zqhFOjfBo?sV{7_3l81AQO57?+G`D}gKNoLs2{XMH1i(landF3yiLwH!dF7f{u6gB} zS1xu|^U7rdd>6d(W{y{OnCA)1ahOE9t;s0eJ$%>}%tF@N@PK6PDP7|b&d4Ql42GHC<@YsYFDGJDi*MdtexYUA6 zEx6QzOD(vl7Pa6a3ub&asgPV=)RN1OE4j?cv(BYK&xtNtKVQMM)`H88AYgI9<*|Xl zBavFf`ev0`8mb@5M^mz(&6r$J>9i*qqx!4|+Uxm!W)@o3S?K6j3>#U1TwWc!XMQh4SJ!ws?>rHEl%ROq{ z>fiNB>>9`4)+)_>ZnIr1^SjOVvBdW_w@J%6sEGL$CnRd_m<`sI z#D60=FLCEnyRiou9?SOPr+yy?K{>2X_noXD`cp{0GX@#ZkQ%8OvNXytYOC4CJ6@5~ zZeY&ia@qw{qs)OAot-dXGQ-qu%BsWb{ElOa&jKRjRg`Yg((tO12)0YW@1OSY%Z5HH z)Pz-QK+vYtB>-~2K$r`T0(Jab6-#*SWN5xcs4c^*OMu%Yt@g%%-g}&Y{wUF`NrF4& zw5y-@u7MifD!k{Y?UEpU*{gmaaNk)3?(YH$O}r%c*h*kUpS%2Ges)SlOHxySf3xrd zGH{O;0cGqS1i^crYbb;0JxGS{u|LxRe9*V7Oh&TN0<4jW|67qYWQQ+7hbD?mwsV>Q zw#ovX$d)FQjnrN?F9|t^fCVscb}acP7ypI%q-BKyx_RuE|Ck#8WvAEeZs+2^ z?DV#Kb^MpR`1#g&;)Z{zh`wuLzI4kX@VU`jbo{a~moz}fFS81)C@ob%TI@(}74cc@ z=xtU=lw1_CLK=hSFeHhfAu3E-E(%FU6bZZmagJ$1RD_e=?)LWc-q!Yu7ro8rFGQUc z7$2e;>sTM3Oo|8(dn59JjtNVhpxy9L^fUI(hcQb---$#IbxP397n_ie&6VEEm)@3% zBMh6^+kC!`y1kd{Xsff1I_(!P%|@>HTU&S&!{(?+(NmL6`C#7W)ej!Yc`hiQt~|u?Igqqm;)0UA63^AQm(AT5>Q^^+R;S^n zsMHxMjhZ(*p|Ye0>H+fuKwP&_R){{Xpcfb-lrW@>1e|DqT|4$)?n6)?SAE!PJjsRr z9^v9GF#Uwy-0u9Ru8WD=7XB`63QIb~ zQ87}x3h;SWxh@kIsQd`bw^Ad_mJ6XWok5n`p|H*NTYZ+8K*kk>RM6Z+J=VBcKA!RfYxDsi zY{AD110PUR1|KYH?lxad0u3EJwj4U3_MN;}_+r>}Q~A_*`u_3si)uW*S>x#%Pd^Mi zee&_Jn37l`>0B~m8P&NAN3Wp`B>IucK<1Oaz>O*IdsrIleT#{_;;&Ada){IBIuiH# z)hXEiz=JyTolfru~WDF?j(0{`bHCy>)olIygYT{kA(E@AB-r<#V~J)5v8Z6h%fgX{D^A z;rYkd$zm7bBq6al3vD%--3=$lpqjs(B<4jYzYKj*lbD7XtV{cI^@QtPeLOj6mJvvO zF1K?i)r{1HV_V`WmGBwP_J5$2TVKA(Do;gjlV$3_N!y!KxBO`P3>++4*`I5#!*qNm zvti7?*T>|aDX|i|{D`}~cW1l(7Q*ZQ$b0?so$U1?8P`~3~)Pr(8}vO z+wB^Q{IcY|ZdlUaRGE3k7p<&?;9HgEv{-ob{=kZ6P_1D7)Y}^A{NTEEnGg(S0lL^^ z0k@O7O_hoFOCiwO0cjK$6Yx`9m4ZIL81~r(iTgqf&n)G#1#A6pKbFXX+ZtgnN-cG; z$71P3r9aN^Ubb;Ljd5<5*4EK!cxr@))8_hV^QSKSBR#K9o2%_Vubnp6PD2)>G(yi% z=QO;NUEZ6v%kGX&RM6iAteu9pvk&FsRwcA8ANDF=BbESu0{Yx@uwl^D*pRr6ZVa%u zbyTlQ&?OzKPzufNVKXZ`8PS2GUNP_K(o`Bn%-6XH6UY+8;;}nTSsr0&S#3Q`D6}q{ zen-zA89h{LbaQwrh{cl|J%p4#b}Z{9L~FV(vtM&BA+{=y`bH5~zl78;ArIjt7KoBdXAJgF|Srt_#BeOeG^#mWMVMxQF-Pz2~CpY128neBr95J7x zV>!o%{iLGZe7+-^V~$^nLywTg^eUc<1dZv|M5ZP(4~WQor?27r%Eqh4-uH#QzXt)K z+s$F`mo@UPk@v$u-ZPoCmh=8O#{PaV_5RVvM}nolSCiK7g1;`H=x&XpYaIQUaP+LM z2ls=fkM|BA37Rfvrs0)(Um@9V4eLB1l(UVBeauI1NjOYK;+|z?B;RairTL~Vu;Pt3 zKa40x;KYmspm8*!JYg~QaDc4n0BFEs2r({>zpc71cv*|GI2H$O%}`tsqp=rQHMjB- zM7xtA+HNnyv^JvMwt5&5Ivgb#v;g8&$dmGS#CCEpk!aOuIH1FDkAINsurH?|v`&Eu zVq+JMs83#xqvWbsEMtk=rDOaxS3pCz092MIV7zM=7l|9Ez7BewSv4pNTQgIu^uSoy zY68d-oI^)4ic5hK3M|E)EuH&}Bg&Vt0&vn)2rEwpHfBeM~~1 z#6;k=LBRB-m+0qx77p2&5x8jO?-YdGcDm*Xi6Y{^1w5av`T_d#j`DzFX{2+dn*C^Y zJ2RkXH_)kI+-+oFzL(Kd9A zTXLZ%0DwS$ztT`0JQRxFd+Ze5{GKQ2K*BfghJ@b^Rqh#CwI<53siSk61-ocA5l_z;^*zJcCYp5)+Tm3u0$I`F0=D``pz2FD*ouCa|xU?HlBbsops- zQZ|Mhk7?^#e-)UuusJ_ZR$1SKyLl(~483_@D=td;ho2)pw`yVr-l67O?uKtUp!^)g z1p6HLmdltXglCF~2hO_K%8Kc{%k!Fdsd<-sLZ*y_LXw>RH@3nfJ*49?5`@GXmd5d74w0doijiWRnZJ7%b z2L-#4dA_wzcq-?mF^pEP*lA%Li=#X&=p-?ABV`*F$~2)+WOBpkJD|!{9vJy=KPEg4 z5=&Js^S~HWCX*BPA^yNKhOu zvW_rI^-?%{RC4&Jc>1V#{J8{|E)+nj85;m{iEP}{M!Dlg&C-)~CQ+8IGMD5*W}Ja5 ztxfybWot(g17*g?E}K?sooEKWQPb;d>Z;Lrb6cCCn%9-)runTqR=;fPU%KYE&5kM4 z6sf0w=|Yl<&vI&lL9lLAMR%r?9n*>FuD4}=(=6?C-%LY}Wi4E0(`ia1s+A4QC(eU# zmK*1ZOrq0#_wj%Jw)y<+SYlt3E~neLZrpb=llo`wA22B&?6$H5K9 zn4JHoyScryna}^T)$7#xf9~REWd*(d8Zk~lrJ~LraS~rp4{X5C2*RF6I43?57!|QJ z5u!e{SIOJZ>RX2WpK&0hp;&*t)^4n7AYe9?={eB>+QRr)1DE6AOq z`o8T2nDbo}4r%zcv|$qP7WT$u7eUtZraKRWBAkqN(T4i%1FYx>Oye5}jTld0jtI4o zH^On!B46=13P?L(9uCAFh@L)uZital3vuGbBzcF$fX)Z4B;c}<)$NK*1Xtd7Lt912 zsjeUd?wowL0iStMx{JD<&RG5_4GnftxA)?ZiXt64V3y_r9Dta~tpR;v#C(J~r^9ee z!o&d>J{4jhHJW7OC<`|lD-BU{0tGCVAh5E6KCnRLiCT0_kA)tI68L36hpFssBf&Hj znA&e8W(a`Z>`!@YVvM~3B%!=o?i6Gvt%&(8vG$D>tcHPU;V_{sT_Pr?e>Z#c8mqa5tMx_?vvCT!^5s z*xg10`(qk@fV4m~5O?2^8yI#_p7+-z#)yO$G-d#M z=t8CF;f)n^Kn64N?FJFsFTXp4E)7<1L9<=eduu=gqA@uPE}?XTB;JOafU31= zf#wrSI*AGP--p4K6n0@p1Qbic9i&4Va&*N~bcsW8f;_=NKz#YY6HpGsyrCLellJK_ zrrxM^mY$sjL=qUVX;t-lMqa?Yb5$e8-q+x34#Ok~L{ZExs88Yot`Rq)t=hL)JT&)0 zAw&33h(0tNZmgINIoyU7^hMC#FXp&5E^xdN(6bHI<3{$u#$WUtAP(7IMF*z#NKa1_ zOjBbf4jj57i8!K4UABw5vdFYkP4wA6RXFZxLy>G258wFaGc;g9kg8Y zt~o`eNNMo|C)xJN6qdVab7!Zg%VHuSa~GMSOk*N=LERT@=rI|P7>IGg5cw(Vx-v5U2`@G7QYMNR6MMi45YfynpAOPBxqT zIce1Y_F(S_?WM_xgbDSe5=GGw#d=80E^y(11p&Jh9FU?*EYwilrXkIsSSMEnf;qr6 z0MRGGae}CP442Nnf62ug_-7@Og0P8Rq2~As4y7gQo2nKx1Fz7|=8h^zIq7pA=x!A!BQ8%r2{?LXNdgFQ z9`yM+jrtcPrh}_o?HLXIz8{LgQ|iC^PrlC5S3(5g>%RADe8u9S_{C%6X6`PW9DXRd z3pwy!p9!}4I9U!@i;f!Ne@g^N(cN@_JSSHieGwb?1qjC%E!0#&rda0*^@)dLB|CU5 z5Tdt+(E%Nf1&xq96cLXODDkEA4?_TqN|07>AwKXjP&7s~RB}K}#McSEAc_Uzl1TnD zrQ&;>pnzbWnAL2HeE|bKF^Y%7r-_mo1V1t)K+s@T5svYgBqZh~OvbuJqNO2}#aVE< za&b&_jE6+(Z(RFIs-!O9JW6Dd0hi`L^utr_-MoeUkw__*EM_3Y#w$a8AlsVoweCFS)6rZv#d@x&*6qBrehpmRiOvP z8_*Dqab$3=$HEH|CsKeF=t4g9-vl8DR>wj>yGnzob_kfKGB!QIa-!?3GBor;62gnDXb-iUbT{Q-;nY2@QX0IKgER=P&_7cgNE$D`Zd>m-s#mzFI3RH{#vvY(SRo60p`rjL+(6)s`TDEi z9;Y^qQa&2ugk0jQDJ>;yI;9apD=U^%u2qF6?j~6p<+lE4-zX@3*uK5LouD_zCwq2d zbU7lSQnVkFF-r&n%{AaeNyzrb_zxDML)a(Znu;7Kugh-acXee2y%{J=4QIyIn=u79TZs!iEOhBP;v0SpUv(P{T~+MUTfSjlvvm@;t<&EtfgP@zKd$j)&=3Tr+bPUy~T`#Y1(%(9MStK_8FbA{kdpu)b26uEj#xl~Qi#M`BPB4bs3! zgIK*SKW$x-v$odjw9+_usyT5m><`kR9G0_;<+{KzWvO6(lsf3+@mtAk@kD@@R0=Tt z#EgNPzk&v8e5Id(d9>vKtM4PZJ8Q6yVsRgj-&*_k`fE0ten7yX8N@x{Gt7znT(Mm6 z)+uDv-Itx0o3o!u*+Yr^_7~86Nn>MJt?wfY+)6)++1D%Q5MS#jlZnHgIPVaG*}cV= z2sN{kw}=U^5!2oyl)Ub|sTE%->_z9FD#{-#Bw{ssM5avl1saVB5FgNPQjWfTYabIK z4U)DP?E1R(?OR(~8@BCn+n(-C`vJ)2awyn$ft*WQNet@YlxK=E7ss@WSOSci>@;CQ zctArE5-?@Q){3;8r=g~FTAJAdx7Gw`aklxpAVEXZ9p%K#EY^z8V7&wCqnb zMFvw-_ujvetuirEURw20nJBFLEA7T&4eTz;?Oo997BBgxna#^nv8bn0W|g5ZY5w6X zPoSc=mf_B%o&*|~+$kVIrU(bf#rnfTg$UIHhmYvMd{4RFPJ0T{S|-DQ2({cJ_1PHH zu;fXAm_#H5;3O9$zLIKF2lm?XnVWL`#0{+CC5z9+Wt56^ zbCN*le9gKm)(|%H2$TdiLRU|E&&=%4uy;;Ef7cWs-H`-n&VyD=e8?kRY;y!QSScs1 zY&w(A?ZexXf))~5&rQATbIUBF^qJVC#uA)iPFxvC>BU&4SNiR<`q&lqw%2x$*+!fw zMj3cyWy6xO&MQUcS#}2oQAy51$=N?;#R1w}1|pGyd@w(f+#)(&j`@&AZg~SH4MgYU zY8N%n$yG+#StMGrco#Ka3jy$7ufI~B@T>u7EOwEyn>WQ|Fd&{l?eEx$vQzoj5oorp zf_LooSK_4!S?#uW5DSB=wWhssmL-|XqPzB0Gi}iX!!j+c6s*gnm?#F*Mpmk+YiOmL z9Z(*pfUkZ|{UJ#ZCrLuXp*qBwZNLON5HyN!M9k+KzUh{mxkkm&Dz&O({PkmqFE9#snWn#}Et6VN(Vhuqc58_=Qkz0)CF=s$PaHSGRc3BhH%f#S&B-`Qt`2Bi zN|`mMT10^G>|Gp4i7rCq=MLS{3<~4G-jm`7$(k?2E<*6&{hjn!H`+oN7r|6L( zP-kSoVuIur8vgB!rJ=7#v29JLxY(Ij2XYpQ8B1*5M(NHo5e&5b^YqK<9}WqXW|F;M z>0G^-oGF4+EZe!F3FlwzqQ6?-Z~}(o%~rGQvu1N$i7v{xi5D+{e1y>brJ=T7S+(>H zYvTH-p}@5Yg{&|fJX9iTRwNjnWF2`U#<+e^)%pwT3bqki9Y#IGLbUg{6R`>$`Z)Gc z#^xaO>wmvq2Yuk5(EEslCkgh>*X)yU?Ou1qhRk&)Khw|`lN2|%>_{Y_s#b^a{_>YX z*d7IG_~&G`Bj{GJXf3XW zYN;}7p2bI7ra@mM{VF0WfoJdcf|W%qi;y(BQ5>R*r=t*t+3 z;~*O0wmS@%))D_GW&@?j;k)SRv#0a*qOh3N%PxBAGw++*~wGxZp! zVM50w>(b)V(Mf_6aaB(U*dN9u3aE$oAh>eN+fJ-chd#1a=_rrXXPQ|qzrR6F!6h|B zV)B9w%I$Rsxb3ro9(NH)?Z0F0(O~SlbMOX#sK^BJN1;A zhI?Fk9CbULZdUe=g~yB~mZ$>7zs4+$thNKEq+w2}nzA^aiby+vzBzIju4TgMQlWGr zj0z@#a$u9*9ElT&3Fp#eFnc$3wQXuq0v&0MNa>_!bY@*Kud6i5>%5`-&5`mEgrl&0 zcGUsoi%$U3k8wC8nQktB6XnJTW=0lmb~>GoYRQGfvS;*D?^q}onD?`7tgN6z7Se>p z+MldwoT{9{@XJ^zry@!@T<(6ER~j%P{A;ThysI27Ij;KC&KPZ9@e~MJgUe zob#U0p`{;yf8-ly{)1V1(sl@@E6WyPnl(a8YfSAjIhGp8pmS}e@VwjZsiH}S3i;RN z2@9}|4cuoKV{kA-e@gM8g(XUg-AUQ&fW{V-PwCY>fV(~I>vp-Qv)wzQ)Tf__D<3ZlGd z-$!o_%KJTfbKvypcIAg0N!5Y=#t*r^X^Q#zg~mMj8%;*P$!V5$G|8aRX*uQVSxg!Q zIBvL|W_Y99em&KkS)UlV;)0tOIMN+@kR-Wuj--H_O#SW$32zW zOlKxDodRLMJ3E~T?{h_VW5NU7q{pd=9qs1TZI9J3$X%u3b0uqw{$v>5xes&+D&AhF zL|ePvnXcn4Q}T9ZR`OOKd|u0&&EHb>b|z|SwNU81o^mh7ksWca_`;wA392|g`PU7- z1+zewR%o^qPfx?4F56hq9k+C=ydoKtjI(QGbC~sBRkA?!K#BUYt8}PK(bAgU3VPSf zL9NsWtz7WP8!~DC4e^NpE$M%5NG-tB4Sc&MO>03XtsJ?Q!cDKe^|IZaMY@R!Gg^of ztR1Xoaj;rhL5KM2Oj&yXn`4{jYsk#}uu5F63UE^zmCjgyuAslOR2jcq$sBsd4lkhR zL`E-zC2v6FL?6G-FunKtwhe@R+OnGEHa0JobR@RKb2$l;h?UjD1 z?y%un4_+U>@Be!I`t^r5?|xNv8RzvI2?8d^%0<6x7RHpWI1|RyLw-DYef)0k@Ug~VDmB6N1u|^`}E1r42s2bof1#(p<4M71V$^;JnmjDkSC_e5QnFju*nPDhnrbQVTbL&W` zw=krTq}>sZ3HHl19FzEod9@{PLYicZj*7*SP#n-dh>lw0bme}a@z}Hp+E&``)MSmN zyO_DRvVLan;zoKQsSc@93W-~qan~E3c@nAe_qB9I6TdBLTW(hYR5sT|l|mB_<41Ak z7JGb`PTX>Pm+!tU`@LPq?MipxBKR!s6I|Wby*ma^nA#%V!PVW}or|zVET=gLTiD2~ zKqUh}K1oPC2J|4K;Uy%FVxqi!73U^#J5Icj<{7hO0!^7sp!uVF9#_M}J-Z(({4#_4 zaXCn7EhMbzmfVhYJoNe{W0seUBB<3~$FQ-?jho?8}|c{dnenXYoN+ zOzVU3KAw4Ti?|@q+n+7DlftqZ{ zJW4|t{eHBE*x5gbm*f@n=ANr(elg`$l|swL!AvXh$T&>al{S@y2%oVF?JmdHs#GT{ z$|PMep<=FD&t+~Npe#zv#<#L6MKB85$)_{gI+n0yGZ{G=AN7?gkM@;vpZ1laSNk-l z#N~LsPd8O8-q7#IgM1EOakV~`PIh>Fv@erBvCt-jK*5o?Z$f(Z7`#NN)N43oy!FqN z#8fGiL?@aYmfV5dl)Igm3RqmvcUf)=kRa+|n`uF-)*o6a^GX2a+Ip7iNgTKC$6Axe z!Vr=kF*`Ps;!Q;92wxCsETaX#3ra3^PwH()$cB>Ju^5D7*~!FBPy;Co;!=_UNqXRU zNj}{SW9&i7Uz*uLSoOb(>LaK2#8I3hTB?h$sNmURhfuMk?43RX)tyb6NaJzO0vf ze~d4i)E&N?+ov+^;oJrGANhH^?9d)fT5yDm4U>ArQf zF1FUies{Xq62aBuEOm^maE+YFHmD%Q-jY>NwG8rI8wAa;(1r35%+T*Fra(3m{9x>XW?0)I zmOwLfJ3SY{44u^0KX+^WGsBVmxOP7?Y|brO{50|bm@`)u5+)G3Z)L?v7W)egNFgt8 z`)aJ*E|m+WCE6e!VDG$-Bie@y-A|QHDJCAF7b>)X#L!Y%skXMI8>s56EA`y9YgM2Y z1ey(r7~ucCV(C-6QXF9D_XS@VT(}mnF-sE@p>Y_qH0obs3J(F?Db0K?x5q}8E+<$y z<(NbSC)TH%BiQkx&b@ToWu4maMrJ#}ODvUKR%!vCOgK&&4*TGEx}gu)l)w=y=TEsM zTzd@YgL|X$oAQQM~$FKMIKD<6a2d{tG z`}p<)`hD;1$Jgs94Z)U#d=;W2O@b?NG6H2?u`~vcYrc*maFvsWHiaYB=WeT4j)})& z|5l(bhOQm3%N5yhx6GxN4Aam6tCsFMm}_|~ApL>HffA%`r}Xk}i|tBx9+vns3D_k{ zE}5J(#Obh>t@*T=jM;@wItt+}G)a;v|B(pp5K8642kz2URt= zR>rm{B53iUa=Nz*MX{4=xzjLIV^90m=b{F%SjfNNu4$oB79x!PJ4<4#1lP9d4wU&R z2jlt($MQkX>R;uqm!DZV?9nQ1lQu+*kmy*(8ePkjK4GT!&)%#F_D0&2%cp|@i3L5! zX)+>VLOr<_HL{tc>C;+>Qq}5Hms$kO?X{~WEJS0H#MI;Hf@1UfEc*KbO~yF-f?@){ z!<#nfY1@sGqkWo5U!dXUEf4z_l(YD0!y>FIy}ya9AbMrsS}rg`Tkv7A6lDB$^baA2 zC^lFEtk`gf4v!LM_4-A8{iU4&l{X?{QqZYAJe=u=w}L4>BRD28O4vD3ktO8js`nc| z_wo*bLA)fzfr0|7R}%VGc7h^AWDi3Ik{tU4amZG8F8H1i=}4S4|5LVg5U=)jo<%b#2i5WJKai%E`JUW2#g6 z!pEhJg4Ao7cfBm9lhx^8GC=BcUm=FSW@noOTou}Q!NYy^BzuA5jW`Xpn|V$vpza;^ zJi#7sc)0DwiPaBC0)YPo5QDcq9f;ef&?+avpvCD>hzTrKrl;9;-QQEN;&drZ!qEO6 zgengWNL#%l!F~+%H3xgxHhRYrUVUF9grtVGK{IabmJ}rx3bn5M!Rish6a& zJ3|N#CE#-e;f+`b!hRN~hKACip=c37Y`L{0K==yW)JiB~8MJvJ6yXbCBxp|S;T z+nrgz(@?IZ&(CSphYsx+pyEf~>ptA;gwZ7iwY5JMXz9pK{KDJa+S+t_md_1+tvvr!F)u+|KbNf|H&s-a zsyd5)gp<*v`R32lJ<1JD#52H_HT{VvkzXC^!%F&nRK6Hvgwyw;w4ZW3Bz-O|!}XudY170!2fcN3Ct8(lKJyHOi z{val#v|@RaxcLU;4-!V2ethN4?quyeA|5OYQWF$v6yTJ9yX@7*1p9nSFO$a_a2X`5 zs+aOX6b9-m^3@mQ$S}d-`;#w^JvBct9fV*1(?snxirM>9O2jxCba3WY- z;!6&04Ui#3!WLtTn<#Ef5RGs(yJkr2iOo!y=wT`ytRyT&I{yI_85u!V4&4@&QhnqU zD+&i2*P1Mso1*+^z(ilrY0*+Ho4_;lr7VfUmtFK;U=KBH#@>u@qW!nv6-J<@FXHBY znbf7A<6m~c;%h_|6{1qc^sD@wJ=!50m$U$Us3VqTLvWpPsMR1hPgGEx8sn-L-K z7Iesv)59%f}FsBqeFtL&~ij({&)BDpVwCZYj^k5 z|MS{^{XeVXpK6l&Q+M~L-V!(yz2*w$WCj*O`%NvnF=c%%2zk}lckXG-IRnsslrvL{ zO@UeB+U={e1rH**`+v=&=dRQVPSc_dtHxB?!mO^)^+ZMV0*dzqRE`JxzaI8~dDB05 z{d@n{qmTWMAKtwER~Evj50>KUD1aXHeN4tI6w?v>XUh9N;WQ?GKTOAGB<^cBXuqPl zY8DghU#TY9aG++@VStLYvWHpg`^K9=wiFD7YBIpo%+TCa3t94fmAwOSIgDD=5{T@2 zHIO>}Y!VffQkl+TGPw^86%rB(Ej=7zk0w{uHIv3MZKe#uLh0Hqt1_E+C6<_OtnUkr zRA12ub5h;}Ozy31F0a>~M1AcF)K^x{&gcxdL3JOjE}e4ImGnfKp-Fx-CpRwcYDIg! zl$jdMI0w^w+APc+f>2HxO-yJgRoN3-=tvaA7nhzJxM99?YsBB|GE{6Q{8Ra`hO(EbT0c0bV#=({B(iFPn6pDSy&(*_{ z$Nqoz-n6@I9LpcB*ZLH9=$fgd+ma<&wqs3aW*pn8&Z#W!IH@}GRO-=zNJwIvB3K0J zC2r4W{~s(Q!Bw($+0Z%N6_X&Ai;IijU2rk>92{V){7vplx!D$dnti2y%R@2mXn@B( z3v&d;-OJ+Tkgt)@4U#`|qmk42CS(e%Bth!UDPlWY!HW-gd=l+6#joG`xa7?jHUjlk zXLE=Xpq75w#N^hC)CC-*$&U3Ad+2mV0DbfZ$(%1_AcvEh)U#(+EoLL@7i>^Gc{o z-$CY8pWLc<{3;!)71bv411PqLs`{efaaF$)*Vgo-Aa@V>XskrGj|l@yUHF|Ts=fB@ z?H}@0K2mo_;$tOFH;LMhVtwS;W%7-kV#~%(sWK2Nc7G_fXSF{*hMss@S({q0yuv7m zJ~zZ-eRC&<|B4P-H7niYR_lPV;|b#j;R=db$-#b*RY&;CYhqhqg?zIJWFWpYs46!n z?nKE)Y#08%ccR{v#&cOD_OR&iYvk?hhr-gwFI<#y-TXhFMQ2hRSlG>oIkR-P%s=9( zkBtf6tiMLrN2F+LnYEgfIY}0TB=HwNlPIq&`KT64&Tuz!Nt(n#)gSav{~{YvPwnSrW*gG#GR#$X0zEm>~#2lo6TnCzXz@6{{9cG&cR`;v%lXt zJo=&8ZXUJve}LxVhnxR}3{3veoV%^;;I`yNGC$EJbNh2P~adLQqm zMnANj;GJu9p|zVlwNQY>vWx4GZ-P6IJyT2Us_#SFVy}lj8Xy-L@v8@=cCmmBVR%-a zk8G>pscjPXlsLp^_4>m;dePj4cB{1u?Sq3|XuVWAV6e@Tl~a?-{D(X&r zK^Z*3LTXSPot(ILhLky}mjN0wO8@@HZZVzcs85h@6_cX0m^d}b1S~IZC}+|Pew>&+ z#FiaoNNEggY9i-Q*w^?Yxlt)$c*w;Ljrl7gX&D#AgHARvb!sFB{dk{z{t#1TH?BKPj}Pe9 z9*1K%z4!{J#K-WJq9KNB3g~*s57A>9U@LCN7}(gc#NL zj0HJ32ymTeRCY+OgqEY|A&22#A{J8)|C&k;Q-$TMnNH- z>^^3d%*%@i(Xaw23`n+6ANePa%>NXzh4R|+(amLW$2pI22+n>#upQ@gJ#;F5d|Oc=cN3n;~y5D&3y6;p`uSIo}E@2~CeMmia$_&sF0zy|h?->60$6mc4R zi2Q7C+0)-_i!Zfy<{fvGUE1H-P!BTic&6Ypo9Q6^P&SbpZnR!x)0KUuBXV=WJ#%GK zOFiU%3?05;_Ye67mn{(>e!Xx}U-*GvE@6!vUB~KlR`xQ8GFH=wi*gM`m65?9Q&;KI z8Y9oM-6Cl`w%sfnDt#zl)u>O269zfvqyhG*vY|%5>?jnuVGMnY-5k*%O6(?6!KB|k zWQ$id;4AX2pn92`SE)Sp_aCKX4PCw|W~No$#UkgvpnOhN4}IIZAZaoiY^5A2b+9d^ zr7RueHa%ko7bLm5`DSt4iT_S-SE6@b8Vx~8grtQ$a?Jd^8e?>;@?e^`ESq``x{G8P zhgzuuo+@nnBw*q{Re-J8_fdaR&iE8mh^1Pp%Mq(`c%P}4_`FTFS1J>iqoL=7L)-mT z1Y)xfjvJlEQL+#hvMz=3)9|d^w zF_drqHEA{H% zUVk$#KAn9tc2keO84poEe*dx8V?B@aMf~ydB}6a#ckm+V=WddOa~C{fDeb&W(`7*X zG2-kH*keWj-^S^wi12qF;tI=2Q1VXnF$Xo`H*b*{a0%5)y%sC*ZQQMUh5Qc>aDN|< z?BQYW{@x=N|8G3LhX;7UClki#HZxdZ7!wSlOn$nMj|UtJXSOmf+_@4^v)&#m9zL>^)BY3TJIYi}Oe=|%k{ATR39fJKqeEf*jQodO7YelXNu?#XxAXx!y z0hICoBG}E3^oUH|K5~b7%~fTwH+lJ+Y*1`LN~minQr8XyzRv431^P_HZmcf3wrdI# ztw|@7X%WQ{1F4MpS{X~f)XJDv#o$%afna zm!WbkhqHOetq!)k zaW1Ika9bU!_^s$XL8UWE^VSjn-byY-)>{f2(t68U^_HC1s7!G=(u#{#T#EBx%n_ki;0E%DB^*H01|-FidC%TgRA6oY zTU~&#XRZDetGHW=M?Q+Hr<(Ovv#Av^9n+`vutX1Qy?P#cn2zaNfNtht z-(=!owfb4suhi<4=x4`TKYM2SS*zJ(2=Xrs@0_B&0&rdJD#y}P#kvkcz z*JKl{6Kr3LYd3r>ZcvW~WAH@5C|T+Iuf*dB&soU75}&4WM;HM=!4;^$pdxdJ8T!5u zcPS|$vTWf(@FuV zWdWvAen?$Y-NtO!bV3WWQRb*1MR@*slsZHM zt5xd>#b1OBR=IT!eqV{WUEC^3vZFrUNckYbD;Bb5)Y#)GmQAMkf)>nziLoKer=^$A zTF}bG6Hp6GH<3X5lp;3A%AAOjqE;4+lQxTL8?uBa12q2MBwHNQUJ@N*AeAAP+|=8V z;4}gvpBbsoJlnj&i5;HtjfLHG-=YD=`lD*KFj`F|9&2Cyqm`Isj05H0E%lH6rut@- z{JX9EyCoCl{Sgg@X{iePO>9N2_)x7_ZKd5&|4>fH99e3AqrRl*_?@_Xp87typ>mld zO6Uc#KuOLSUv%^$m8DbY3XwcQK|RUvNo`v9h}9M)u47%3Gn{dQ@fA=1$Jwp+pp&FN zhhJs>*O@cErhnD>Upq&Khn;l(*VbXHt@FRGin+@%>OEkncJTKRp)-qywsry zIyB)qg^26W1fBc!`6e5B=DA-*2<-G3V3*-;*Lhwa9i6K)yQa8$;h9}GEQ9OR%sm?~ zrLvCd)U8vdZv7CYZdESQ(79VPFSRnIl_{-EX=O_J>D;aGbk(Wnkh?XjGc78EtIpK= z+%%=-C1hpXu)w6O^Yd^~RLN6JzWR6tYY}>s&anzwb(&9g(z%MX?zCRrN$W|E)RT0M z)reGErX@YWqp-8&SkJfkaYcvw|O)}N3)YC`joGQrhkrnNn zbjxxXE+rM{vrPG^Q+qyv<*+HKJ#`AtRa0j}mZVPA3C|-{rzlmCno|^*l$mpp`TsKc zAAK^e_pxh^#>l@~Q2NK}{Ewa1{=v~0mr!;bGB>bVg_eryT!Ozmqs!r7Ou9#O7=DL;Zga9m;!gQIXreK7m9|hhQ16>abpje`i zwVrix}{_sXRfm`a+tT)OH9fvzQKQvpDW9@h*{p|D1+U_HeolPsTG;29(-=5Ju|*5}^QRQkB`+De zFIq_4bDV312H5kk_1<>#1Dfboikv-(2H0bJoYk}40lEJt>A(J_y!&SC3J(E49sXk? zySvBDq{)-4OCmUeIcuAoGf22W2$j4TGtx1)tnO$bRNX*-=WnbG?h@5TNAZ$!6)lfVGNp^w^=o z762!X+8R!1I57*H;F*zLLLEGxn3&QY4Uix7Bn;rGWLF3-ri2hDL%iWw;j5S0Ts1zJ z2_IO275dWVv-aIrqXdl-)`t>WhYNrSt>%%&2^uHNixVRIgUJ_O&p|Zk`Pd=I>e0~T zD1wLX1!(MP5HUN5c#miRmx7{$&;cRn;4>$+#uge|JYj6HF`k@PITjNJ{3M@nr6=c| zJH#|d+X^4)%t`ulIts;RX6&@y9=$qksVhjlgn)p@_9yNbHFge~uMRtHwcH1E3uaPL z^Pv6app`91WIjg$kC=FITjR%+n+SfkeF zfG-WLHVs;3J$JJ}tM;MBRvKF^4qG8Ju&;3sc^)6g2BIvEGftxZJy)Q0!sn@g4jOG~ zw58FOLDATAFx?Y42_K+WxUC`3#zCN*TXGf*)Y1@0L!g-;5Kq=vY-1AgBLYH}O!D$* zH1vCW{KqWWS*8w_t_Dkq7Fvbo~{CzKFOy^VnBQj8!1OV*x7OKU?*8FtoKX#=p* zx-C;mp)ctI$0w(qS0@^`&4k;UOT=xtGi--5;I_2~oon1SGj1!Eu3W^h@Ap2S+s0q^ zGQdajWrgtD7(18{Wt(UHlCt`-Xii$a%!04C1jKQxS7!7Yy=hyQ#&2uKZyKI$nprJ( zCU6#b)>$_^)3N?f&8j8@OwaT&3bxj!b}D-RXbi>&-y`0lSd7v?} z#>k5>I@(m;jny03!%^=B1=t@W|LXDhEPci{Q@KNK=Bayqu?pf-a(M+mqvCwtrbIp*S^;2`m9Rvzs=C1Venn|8LBzv*<2aNk@!H2xqM zzo7n)oTrSPBiwHv>T|%b@gDzn{{Fxz@bW8-m$wx!7jHzd$DfIgG&-~$=M8qq%@=-4 z16%r8j?YneqeBA5w#)OvV$p156P98dTRoG6Zm=xdw9EqZ7icw`%|}zE z;=1uik&Ep$#REJoybR?LEP`$~l|{14b4e_+*=kgBM*TB#hm-OvY7J@@4a&l%Jr?)r zVn}`$oj*|7OFIvso8cTbQAGK<*VbLbDsRqaERtP|d@Sb6zrdT%Ns&HWO`< zTQah9iHp~cnAQ*Mo|jc_YGkKD+Yj4BQGgf42(1Z>z}iD*QG2uULTjzO@I}&Z zrR=cT@tMD!ya&ES{-cyQTB*=}{^fL2YZQytD3n6?iYT`5m^6IS4{5-0m&clK*hI?Z z-Mk=wQ2VC!lugr9a$yFuDJpBv2dfp8C#I;F#P>rkUbfcC%plQeGK?+O86tE40NGCH z^(2jgzgL>H0z!a9uX{d7Wha4c*};dl4&_z%CwjX zCgY1`j$D0fo|yz)u6DVcElGd{*yV-?GYrUJ@DxOu91)!I5v_KX&X==#M%cXKm`3Co zeFDpfV}N*Aa4Ltj+Sz)$?AfxggP-7RoylRXcD8=rXgePd7`X6B-@#)YF#zQ%sE!!W z_Px!u@8wuhTjDk?%=1;Q7gL<~S^H6JZHRk9hB#H7-BL)WO3}?Qz^xO#Db&!|O=CBW z-Sio34auMklI4OpXMtq<`|E~e`Uv*Z#AFML-kS@dO^L%a_)=XeIs;BJ3LP1z(H9se z4qN^KwxE9(V1b_A9=|zx^)?T~)`!uQLZ2@$`I}eA&9}|AMsFL3-twVsv%oi<_FRLv z#ep}Drs80Pbs5#BJ>_7Jv5YP#wVgSLt~L~n+TXW_f|vI9c__HqCqA+fDB7Y3O9r&s zqPSg{cHL-IW718-q**6#=U@g%+CEx0Ce;?jrvyqBi=w!2(MK*fz|Cz`EISiCp~aaG z1+N0rak*V|6A8d`HEh1MeHtk7O1p4!J%mz1X>hpmD_erdRWL3wie~Kd`o0#8A2oi2 zjl+*wkMvCVaewVspKJX1r12xS(Q!A&lJF@Q0gLaPbIIuWSwmRfuCnp!; z5EIck_)1aAfgl%{Pi~CILFJ+_)1&h@?L#&1Otuu%p*04<0>;jpx2-qnbJ)ejMM%X| z#Sb1=`$1Lh>sAJoLQ#lpr*m}v=5&o}LWwxrYW1PHMD-!Jj`wHK9uC*7Jm|>TS#^iv z9W}mra<9IZ0m70cD>l0|-8X4sN_#%0wuRlGH^yV)-wD(7y!TB$Hec7}Wd)uu@8-;* zp(U`W;4aRz5+SJD8)4)rhWr&%>kID$uucH$L>cLZgb|AdC;>Vn#oVAh#P-QbqRpLK zPHoP`w?S`cu7x}w@ofMe(Z>H*AVDa*Icyk()+tap~fKxDWDJ5pH*^bo|;U54&n;TaGDK2KqJ&u`Tml zP0sN;6J+a5fNVOPOk=C+12JQC+Z$MGfjO;8n8U2+VuWb{< znN3Xwb?#(9H zg`S1xIi#46B3}ov*l;v)iQNFc3QAABeNQ8aLLT0@9aAFdjVV@it*@ZA#uXY@JaJsHF|MDZ{Ot^48%@sGSG#^pA9=Pr)E*zm&~YO$ zRc^WuXMj|#=Gw1q)0k=nm?}k<<=n*~GQ39crRVV8%z58$yW}p8>b7RRj3b}IYPCo% z`e5VH9N!r*yo-jeq1=2>ZvF5`!#E9PHpkI4Ba~VD#bO%DJS8YY`7TF$_}0YOiqAUr z9D8gB3(S+bN|13b$0F~!g7<7J^9M&ypr9n26?%?sq5${UKxu%+-jRN!& zQGlf0KS_V%&5j==vEh^vdzzFD8dMbW^9oZhXjGAUzI|TgSNSaN;v&xdM6OqPk^d25 z{|?UGq3tf@uHAKCvy`L83e%X0bJKFu{bG+XP!GES*e+mXj(~}kUDjz3uCU}=o$YKo zC;F?-40y7w4bK`+F2eAPxs>ev$wX$)3VnY4&mR`DEQ z*9wk<_@RS)L!X3R&knGFU9>m0DaF=Y9%_K~;j+)6gMkkU#7LHg&nDk`RI*uC&Ie}8 zMj+q;vYpVM+cfjJ^5z+b>d-#@9;GW9X^HNP3s5N$aurg1!;7w zKG*12qvNG}xo3mN`x+i=c)VbEJgrf3&C#1vA~gXoAsW;(HDI16lwgH{48V^uoCa*L zY`~_$+Qxx3)%%{>cUJ6tKW^ptO5CrMWI{=t@5QrNhC5*r_Jl{^PnZUS!c;gE(i~ZW zN1+0fLOCv-dJdripF$}{g({p16<8H2@G6vG)*PYAuxp;8SquwRI2OuS8Vc|%6ku8? z;BJUHyj|MMDu@g5Qh0S(u-E7NSqOKb67oVR?1fV33#FR{R6t-Tg~55M6v1IAg~U({ zi(xV}hH7{WQ$S>>fXPq}m7x+Y!z9QIRj?UKp)*W?&rk-TAtQ023QD^qum`p&EzA_V zvmYeO*)(A~91WFN8YbguD8khD_sGG1Fh(vKVm}iM01Ls>P=TqT7*~S=8$g8)P=T?b z0%t=N)`lv)4Jpk1QQ-r)#BQ*cfq_L(8z#eTsDRv147*_(=nXkJR1CqP7=}X?6o(2p z4yBMBswHh6n&*d*hv-nWmaA|uRAFJLz{60EiJ=s}XUANH1vY6Ig|AA-QMz99a33ll zKUBf~bVFqtkjBm$J8uYf&OTcVc0SVB88mj@O6<&q$m|gTC7Gobh|hC2ZqWFAJMsBB zV>S59{?H(O<3W1voIGfZt}(jC=o+Ih8>6=lmjcp@PH=0Gu0i@1fOH21*fsCwj23B4 zgVnQ5&6)&Oo7JBRY=18}LPPeAhwKFmsqwnT>l&|XyuR{yl;e5f`hkY)pyB$4!u3-4 ztinvHT;M%tGBa2wcs^0bq>*zaa!%0-k_*K(dfs^StPS28Ku0e%fYtz7eYl38l(_-) zu?Enf0rZ9f=xQUhJl}65>k@JQk=Tgx8XNW^A@9^DbbMpmuE%mzexZv90@&pVq<;#7vW}Q`wm7Wa4n>Oh%i77`s+q zC-e6&UoPMh``5|^nEE!E8KyLIn@sXzo3k=DQxBGVRm^ezVx-AQ8TS)5*GU<5QpP!w zGLC}4>-qT45Yr%^mT}hT_jO+-GeWNA9^cBG-2hHA@)YO`n1E;tjZQQ=cZh2Uh4HEL+6q2Y46siC2UhEM)(mD#Z2 zp~i;K02?m<#^+^0Lygw>Z!KsoeKEhb=xNyYykXnM_?}zMW{$J?c7B*_b4AW)AA2~t zIqGMhgr2g)n8d@@uPBR2lcE{uM6rX-AWsecGQhXIp*bN;*re42CG=Q_{?k-klaD2Sq!CMdN zw;8)H(yZHRPh8OX`;jJt_l~|8aXY|!EO%2lOFTWZeQZVxf3(%&c;oEXB{!o>X&h-M zkJe0flgeKI-!~)KaK0H2-`trsmMQg;cr#g_Qc?m9tI6)50?lyCXrJDxmo)*Cuc6Oj z-W6(v3CX*8QfOsRD}&4F=B6owT4T@}L)?w!YYeFev#Sh;+TOoSDuY%IR;?WHv1}PC zWv$U?>Z4H6XqpZhiY^X{TG+J5h?|p}CCr>V!KYzrc|TVNQ#Z(G@hZo49Fnw})hFhv zjA!ox9An_tVROIL>AY%pn(h5exeHeByNriqRh#G~y0+aRoq8jU%2#Zr+VPPtpw$@I z4mBn(6^?WLn5@OLn#Wp=*&;ROah{J^MSCav3R`dPKIdj@o8|tNC{fzOqCG4#(q4O5 zw1-7|SPHxN+*DVsnrPJ|?#5a?EHmjQ$~4+-izP=|8K@0e|;%8yvASDis+T?ef6EoJJ&3dsd?EM zpdsfF`VTpP43SdYr#vewE(NS0hw>t%_=~8j5UwtrXHT+u)MIY_vDZV6vs_kfm$7PQ zW0;Xs^Pa;g74129eo+^uJCN?eRsa6qBP0u^g>?)m0?cxleJ&2vx=EIPC z?m&QN!zDNMb|=D;MnL34BlVqUn^#2-{@I<<$|4{QIi zg<3~0a_+uke~+KcXY_B}p|P{5Hk!?5^RUz5|7|v#ng6y9n+NS5TAhQ#R%d^|b9nSa zv(-5|I{X2ei|RntFQftTe`wC#R(5b(@{4D@TLajEpRtR5jXV@pxAL7c}tM4pYSjLosJjt!D3mD}=cW2dZi3S@+HACcwhhj|Cu8)TxN!c5I73M4B}KUaMW9ELg$w&2DNMw~b8F&bhD$hBaEoiUgrD)$AT=@}z9vbX+~#nRnwJt%vst_hP=G&hA4Jta ze#sQAlED`C9CF8(Zk@7k>cYoC`RuTod>03pf_ywtrpBY=B9)0zqjVBpv%<#XX(8Fp z$84jsiL25e#}V*3RV+=1GaO)lY`d7k%?P^?5b*JsTw@@Pm4gBbPbU1>I*?Lx`2(H? zMV$)BQ;edjSUlm0q~Q#TO4^5OQK`vLR2ffHp~qzFEhfZc$yvRDPXt<%NnHfJ6keMT zc)b#^YnE;ax8tdUD1BV_iaty;gz`OG2?f)yw!RDY09+CP#Q~R+a(JnhjEX%bp%O1| zDm{DbvXH`=WBe>t&SS}4p%Y{lO5tK*W5r`HxZ|4w<=Zj!uxSr$Y$+SWucv%xz{mnJ z5Q~XDckvAn7iUNBU7Lk8%5HZbiG|_()+2t9+w~L@xx~UzsfsP*qf)F`G|27GB7EFZ zB&eT(h47fT6bIAq5z*RL>zN=1Z4;lEJm+|3aH2~EW4jbzLG;;X4K_QkCl2<556DHs zs%b^6)L4|NnAS{XQz}DIN7b(@W+l~^xwoiXmrFJ&wbfN_Q(2;@8`XpfTE=!&P5jiR zl}M9zvfX6qs}8SJ>f7IQVk@(?MfL!-w#qGXw&4};Vfl@vV2tAlW1M|wE8WGWCQE); zvn{>CZE!MuRDFr0@VCDO5AW|kowr=5aAY_HI7K5*Zj2=1#pSB3DaJ2?f!S1MSk zB%IpBRK0fQ2l|=Sv?ghoL;4c53d{FH}Hw$V80$Xv_VIYX`|Zz-)tQm9j5*N?e>1Vsr~<}`0f1LUf*{2`iPEd zHMTw0F#*r^@BrCPt!5A4cc^~{cpZ6ZYFNnBo)jF&N+6(`auou`lm##}pckhEW?|S+>ug(;D%xOQ{1x?D`ZzorHmSv&We43g1Dy z*?AQg^YNchXS-FMy-F9%d}~r4>NM>C6O6snkFRfVe?-VtU0URRypOy8(4g0*5jSyr z&^(4ZZ^%M-6b_nAsN>sUU^^K8_QLaRHyD7yYQ|=8;shVj7{5OIc-hS~@$ZyZ42Ig4 z@e=B`o9m`MbSDqU4~i-Ln`k%kCVY8+376RPaUjUe=PiigH5IP{heEo;Y`McXzA4n} ztXVKpjT`Yx);S~9R|D#9W}vm&`Nz{wXXj_V)05XfzUU*04?FO;^nl=B5cp8H;HPiy zPcI`T9Dvbi?1^IwJUmHdNQDAlJxfqPDJsScK(PgN8-Dr;exm>LS zV6S`iXXU@>avcq^8!RpaY=ZnhI67)&;=c~|I|o|+ui{tRNxa>D=(=p-Ackw>9w!ToytG6KS)#E_7ogX^Y4LaVF{`X2fvMZ_>zgG{5uLI|_%p$i%6)Cu1` z>bzX7Cj5u&!=#FWAr5^sKrSkI3yie4chQ3#Ijy1`jnqLC1{ejQkCoXD2w-=_6ezAZ zM*ejiyAt>;kFgunc0}NlEY2QH;+onH@F7bY$-jQVcPe?RsKXzfQoC^0#cp=tlWW_; zzMzadsmi+e%9CG3v{S0^kdMYVz&`E5y$H<~-+bcLh^Mt|0w0!3dNcr1SWR9?WT}wG{qLcV+&e`Hj*5!*6|riOIe?QbTXYA+OaO76J1!CU|HS!f7^A=(vDs!12gGs6 zjhuVLB)!s{IN%UZ&F{S)E7ViE=@Co3?jg@hEF%EO6vmG$j6LNsKXK6oxW5N^G7*E3 z!Zi(bpJ1}ZfCfA~)Ie@FU1>v>T;GL*=BOqH9Y4IZzvC{nezpa#GS)ot6Y@xFVI!bc zzcIGmdfy@DRXsYz)P?q_uq3)ID@m~#`gU-4%EZWR5H;k7?g{-!+|PsrDbD6EzEbS- z%e`7jH-$+3z@5lxX6!;r01C@#OxZE};zIB|4$M8V&gD^m#d?ISPp)&9u^!PW<#@92 zPpq-+o_MxuGZ!L-Q2^O4le;yw^BKV-8s>3&(L0;SUU#pXjs14xpceP8h_)5fEv7F3 z^3@fd?n)i%b%zWa4!*|DYYX?oq4I{$KNBgh_t+BIQ(h@{V;&}c***uBp3#l@$y-p7*<=ke&dX7JW0%XBG9GMi$@u4JKU6G=|pqrTY3oiIt&EsY}^WD(*%&PLOOnEiD zyX2FIvSKw9FB?hd2@A%{M&rbz6(XSO`;^qAVP8B}ybklOUy1*V^}n&V$OAwV^uOlO z;bB()Yqs~b{qGX`4m%(AN_)8dBSd-3Oi>JyFsHeNP7oWE8zG^lP_Sjy_4L)@5 z$G@F?xaj@%>GLm_7bmCZy?1B-B{$nK3Gi>e9boB9>Bc7`kVorD6^)SAZ!it&?S|0R z&<$;vWIUmjJ>=PY*R4I#Q16DdBsZ1ebtm3Ud7hCj#BJ1S)E@rYx!_7ut*8KSC8i70 z^)k^1(r2bv-O914E}Z;!S(gv$#KpA?TvmZfGG`$6c&=MTkSdXFqPCuGwub&}XU)F;2-JK;v(fsX`!7Q>W4L#hUBHX>(jqozy zIcgr4l16~D_|18>(IRWIfSPKt$ZaGb6_T8}BI#6-wIXi&Oqd|xm&*^Fg;HUyFaG=G z(#;EsP~0jb!~H!pK4S+XiW_XJfrp2Ju}rWxtXoX!-;#dC`#;aXS@(R~WHNqU2r$Y2 z-#pCve~w!E{Qqixa*j{wb;?dHg&D*3+$hCm!q?C5y0CYR{Jlgd((Anpx0v)AV26L| z$o=aB@__h2_q%(0BB|XT6LSS$N~>FJcL(F-w@V|o#R)8KgtU$k4eG7v4euGR{>o&1 zst1@K9Od=)M4mI=u^m8gjU3w&ZrQJ&-^m(GdVOM=n9@@pTi6Y3#ALdxp)P8uBVIx} z3fQK^58sIpG%?aK^5mA0_}1e$P&g&h ziz%(TJCsJ$S|X!HNmZ)hAUoT7CwN-FLivxcXk8vSckO`qb8Z3?^1rm&``P%fX6r!P ze^&BK^sYzwk!vOUMpQh#aTJO3GGRWiD4#`;GiBkDCqg5>aN-8Uky)E5&yc#q-E~|= zyTW&daIX@Nm0_P4=YNLC`418fHTFx{m&!dB?ue_i-^fPLk` zM{<6P%`m_(T8%^QZhL9eYG}ao``wBD?Ld5DLhLdW5M1~+;a&{~QSQs_V+bj>pnq48 zSjQt4n??RbN$i9iLQAl8s#Q^128$CH$N)YHC))*aZ1WC$EcMGcN<+LTafgfQc&3Pf zgN9%a;EsggVxf}DfM%g^$J%?GlY!QD#2+%5DG$ZB>aE7{QKMPxl9zs>Nts2Wk{3J~ zIUfL=I5+5ya^ql1hi1Atrir(}^ujI}t>)N>b-Xe084n#Ce2|ALb{u^2ch7000ggCC=r`2m?<94{kW_W1r1A4~AsCb^hf& z4;ytvQUabCC$t?)o(c%qBsSUq$xs5YknP;@&tAAB03VxVJjSktt(T(ZGgja-AU=-n zP&h+(vPuw85cqVU&dv)gPo zWFMz~F($D61@LW3?CqIbr${Mv5Lz_70>8FoN?Y$9$jWZw-!$9c!t zP*}dp*fxfpoORi^_~6*=SjV+m`b0IirE@7LO-+*Hm@o;5GzAKQ@{^CD&+rU`-JJa7 z#*L!F0Ezn8L?YKEL9_wzV4s}`ESr2w;x;MH0?FYc6Gx|y2E)e}-X3EPSJS-dDS8%1NBM1r#w5{HS`IKkAI@zl6c?o zNf^Y3rcC5GckC$}qem=Sufq+75xVBNb$HX#KFq#mGc`i4$nIBEceHT0ot@kJB2(-|EwT6U-~tiZbD=)k z;Z{}ts3y+`MT;Z5Tq?X*97IT8)Vs6OSUFBa>TY}-EuX1)}Qml#HVs>b6yn$;FEc zpb+~$qnuyUvp4a+-S*7B-&G=n8+Q-Y!PCQIA}J<@sntaIB2y$*s*y> z-HxXHF6|7R#qy3B%oVw&3%;Amy{foYVF%8UIf_}1j!5WOQbxpKeT=R)bWVE07`5YP$By0aO zb_lY%nc#$OO%8TvN6CC9G#~k4-REB>aX(^%WNWaGW7%EoH%lt7s7?uVQbUE3veQ+g zW+6;1+Q%+iDF9>(O5~GR$j!!4tIl}%HdEEaQd8PQ)!W5(;xH?Po;-I2 zRm$W8twfQAl`52v;gT{gw%blIeL91B#g=m?pdeD)a+;_#g`P_l?g_r$In z+7{k3$=C}6T#qIFUR+DOlc;;ZG~U-*jj^#GX#_HtEkC~;aA&e8wr=a#)BhFPfBC7$ zkv&+@8L&z5KkfZyHvXr*-_rKqRs0h8v;!9o3I@a(2Nl%hgu`pFHgHE4|>wr_+mu8#jOAW z^2W@W3vc0ia@;}^eWSM1h(s1s?2=726G;R+Q8F9kDt-LSK5E1tWt1MCf7-It$C0v_ z`EW;u5JvlT19={8kSnXxz_%QpHB2&&>yth~{t+iWH(aFZjQe{jBiliSwzL1TnX}y> z5z}!R-ZP#K?h*%4U=ff1N;Xi>x36sn4>4`TFxpJ0mJ;(>((x#=%hS_LV#0I=z=lwS z;%QI4WROfwOhUWVk-y3|p>0IaLtbUXbTG zwy-B4$5EysbRA5&UU?^VU-oaC8>M1`&u~CL+FS zwVgCo#o@E;s*)ypSrP;>Ydb0Yy_02%qLXV%WuhE0 zEHEklr?ub8`hPnI`uz7wez}9E*&xo8Z&XT>w7x)S7aZFSZ!?b6T2;Z!!R>r2rJt5t z79Z2qN*yH@rm@qtmTY(@nP*7?rL&OjpVEq9yTf-wm&A{SMI&~JC-p@={(@tW6#eSr zT;=(#=VP9SC-Xiw&tylLDWw{0-nqG#V%2A>W|a$CDUkuw&(pdYTmSS=|MXA)Du4ek P00960tc^fb0J;(YHnDc zVQyr3R8em|NM&qo0PMZ{d)v0MD7t>uUxCG@Cw8wTznyHIo3pngtBFq?Tc72$XYH*cH+xeY%g!9n!hd{@ zXKQO~>tJsW{@vQzD*n5@y?^kJ?Y;ej?Y-UIy@O}}*xKIN-aGgQ+WIWLDLjdgIR3}h zo!cr7?i+b9V_afMITPI$LOzx_!RzO7LKCy=T7IK zv(*ZS@M9WDcy)+glW>N7h1_V&VLV6{NU=$0ctXVHD8?*+Z|#szc$<-%j<}w*uE_j`$ARd! z+DMT2n)(FIh?ut8$TvNSpeHj-nZ%Tl7|N0vrePQ1L`cdyKE4Ub{J$pZrRrV_Aw4zv zyHBzjzvHW9)CuO|&nrr9sQ>4GU2!&<{*kK&g`6^3bw;mvi02*sFS)L&&8V+Gww(2m z^GNk4ibCoGPPMM{>+_|t{qZS2K>x3Cm=N*V4uEF*f3Us1TcZDa+gp$H{~?}9$VWI- zq#uZw`U9cwP`ize$QUP~L@}9AA>%oaP#lJugdPLQgVMG@7kL5quSl#Yqo$o+2JT`? zP+&kxJjp}T1at%4OsPLbR0082bk9R~P^L4e)?oIw(XL*mCo zig&86YDJNLOM0>I^Mpx(58@i!Vf6*r#3h{`9EvPVrH>cT2DC2~*T9gTi!>|_z;*7nGCNU03Iy&2^ zDTElgLA~=MfktG^V}cT09<9+a!fcLiNK6n_XG@UyB*?m>DjK4U_!vgM-a?2lJPOqr z4}Ec#tY%83#A@UmU=Gd19_oojal#m76V*Z6VK@ys0Qh1`1sYQls$PX58Y#SpV&Y>- z0z?_YXq?C-CdhCA8z_Q*)q0_hM%YfVTT8E5K!qAAV8vAN2UE_kM2m67EWB2KchMM! zf|RSqM9~Uq5A8M_+GsRKJ`Vjvjgd_dhAH-^#J>{BEaf`{^r>Y)oH5bZdR zPh06C?p4W7h45wK=KK-Ch%44YjJC=bBj%NXnWUG(8o z3R3f80~GQJ3duDIyNIh!jS(M@Hz*tPjev}jNeihWC%S~E-g}iWcp{@js$DtlTJi-w z-VDg~rjP+oq=t0{B?nN@D+8PHfQYm+e{x1P^z^k5eCr}lz04}E2^mv1Sx+HA9Yn|J zLd=p-QuVfl;A1zfd&a`KCPkE?ck0_aXrzVERUlqLyN5v#6CrY)JxyjK5~~iz1Q;%% z{?2&ZK?faA7?0KNS15rK$%T(Y)f+18j&Gr~dKYb{z~4|tXUPn)v=Kpk&H@1lt;sZC zdN@aZOknFqJV0W~lQ2+wIwm;KX9ksO4Ms%ao}d9yJ;K+RhN=UKCd?>1SEYx#i7who z`*E0wCz`J$0pe=H4C#4yM52(-72du}F|vgeMKP}(2sz|i2zkJR9LR_Vm9Sp(SS_r? zAsX-i9XiwOb2g@vB-Xqza+kn4XdMcp7o`EDJtAZBM?zyFpsT;WAu^`E076XS-_|N+ z8M~$1f=g_u%{>Wq7HKD0sz}ZuYL=r_jmhQxEUhiz=e{U;vR~yXm4CcQy0^+F@mMp`;L&oD|q7R9>h8!Kb^ zQR2MQ9d}D11JW5u?km0~F`f|TGYl^!AUsg#Qb>Hs;|2j4)=CL}JRn0;Tz4ZwD#h|~ z(M2I;$@{d03m%f#?6Jl0WmZ}r-LU75sE8Ag=wBv5IswIvqiGPrK!k#{3K~J3Ds(O) zWr5r!EG1DIR{^_8ppJVr3cUvrIPsyZZ)qQT4$lYjtdY&K&%wYZwQ@CWfyI4ZKcSl+A#1hNIY|K z7?^}SR@p~Q0a2SO<+4*`)vSd+HMyo-8O879pg`^Z`$(OiR?Fo+ZFEKEptR`Z(OK=m zLRo}(q)?Q{U3AP!AGH`=Y(O{i^uq_c2#UX&;f{jup$_`=>FKgv0%n@|_uQ?{x#qJw zN+fCQ&cjScJI7zUy^%cPA)m~DQvJzK&6EoXE0)n7T^5N*u_C~H$QV;4_97bHuMn9Mgd0x%nJ^njt+EC?!(BF*uOzs9{XCkTgdG zOhixfImZJBh|42Oj+Ag^sBI0X!fgVAgM`o2G$pW2g&$+pnx`hht1J@1TzmTm&$o=Q z1C1RHjuB=7diC}gQ8rQJ90?-Tb`Tx(R?EJ04BPPrGmts-daDit92bPqeJGhx$s{nS ztLMV9dmY#>(2B!w92@P+PtOH9Hhr)Qt@%UUqJSn;Q-_1&M&`pn>4jJbB{)+?gh6CO z1w#^RJxRLPp|7#aMp6gLDIh|z0hH25*hS`tQ|=9p)STFvbr!NyT3IFflp0V{w=SyX z@6D`8ANx~y3z`C!Rsp&SattUGrubUzAfLxE5fNvBqI6JAVQ2@f9ordzeheex(=qio z`|q(YHwQ5p)A#FX4=wj3Vbx&Il57W(Q-6bL|<~gZp=A(}*2rZ@7?RF1gRcJRUi)YzNbg7MU7dG>Id>1&SZ7_N(4l;)+IkLs+!8 z%E~uHO!eNqqLKR1gHlRlPSqbpXgHC4#uFyZ7>)k>f?p8^6Y58u9F7qxwDG4bbqNYY~%tr-$xB7O zQ?NO0-Dyb=DLJ~qRN4!WF;~-YMZ?gpY{Y{OdV{YB5{i=s71MVpi2_AhCGho{Tfjk3 z=q51fB%V$HYfWZ_rD%Ux=?3 zD}|%)-&or)K1yPkCCuL6>rx^G2pZ@`<1jsjmp9mm>1y}U2}3?H))=ey1+5vlN|aY@ z5U4DvuvaS<2(S@ROnee(m534o6hbI6Vvda<)pyp-Vm9P;1KFL|;xxR(f*kB2!hEiP z_YRRUoADL0t%2@BEeD3nk_C-^r^lJK`!Zocn6+7w%~rsu{KRLRHD~Dc#l>KFy9E!a zkZNysA~JJFUOqT+Fr$hK2_g=XxMjmD`rwC@Fxexq6crQy9crun%ec(b^QvpE4fTbg zfUDwDi*N=)HdHvGW|5o&cVu`lDm1-b0S4o&y$DXC#S&8!&9IX9j3~m#T7j3{*}_gv z+gPpl>KrkRIzlS63Ju`&2!v)-Wz{(Okd3{ndTM)X;l-8)wcUdK@+UB&kK5%N+b)VH z?g4>p+$@ESQhiQq#{CA16jJWMhGWvfNky`chL$`OGkc1qo38gc~KTA=;st8s}A^_Uhb(V+UI1t zUi0FxC{I>cgIU9dV{2ri)yG;2OMiCJ@%WU>f#%T4wE-%MNyG(}Jf0gV#s2K-yMVSI zc{ME~i6mZFu&ke>v>;&ifawR$0|iIXPyZ87r^|3$xoC&fHi=gN4%1IL;8X*nn06p&5=~ zO+c_llvP37(Cf{OP>m=HDKprU+AH+{-Wwc=F8USy)`F3?&CNWNXzM2R7o=O%CPkY> z`kPf{VuFJ+7S4@$Z{FIAGV>GVz_;NP|CoI&e1^((2(5c-G1%#$eU)`6!)#|#MTX>! z6Z*9wIn2;7hw09url?-AnC464Vwy6A#cUyaEobEZYaG%5JJ;Gpl#LT}Q;4G|oGbYU zXkA**!b`6=KnE~NXb7qmKM|78(knuSB#*2>WzPOHU+z!$^E?%?4KNAXIjY z4n9veElL}uJpp}9{-)nCHv_XuE!R)Ekf%i6@c0T0=~N@myX@e%X3lE!YqL#r5QBY> z)we5=6-)=58<`F|CqAFe2n!5QK+?fw<3T(xod%MkT{8m@yWhwYnYKFo!~-rjCDd&Ey-D(BF7@?Ih= zt#(Y?TxvySQQsedstaoNbVZ|4OxU3~@?Ntk2ECO zraCp7Wi+*xO>gKFo&piYvo>25_j5UD8V2&Gs(4_nGtJLJ zogvY~w(Y9=0gd72U7eVW$RipXvf?wksqi2Xn~ca#Pz7W}Sq{L6G7aDw$D1J?0gw@8 zRdsU)h*p45FHcjaowmK3RlSuga@FgcP1&$$Q>H+!Y(&;zL*~FM8jY2Sn8I}D z#-z%U6RuE7lb0Iv8>gq#Z*4@Z-&zHu4C}rmo6D$IRZ-#zYA^5pP^z!^aYJwQ^>ChN zFEHtL=u|!x`qI#7@hL-+2;Bi0)5(OyU|=T%9fbtN*oV!nCmOC^LOdTTI-Eomro2i_ z2DgRNW3)!zMp}6kfq^SAw;ho^0qq9JNt0dEx5UXi<|B2;>KRfY;SE<-rMBAuXq?RT73ez z7cwhRdjNO`5??-fGT9y8zZE1_xR$v2u1Vm-fPEXC%@EG8n!Vr+yTstxkzn(N>^WH1Na4=FdMgag}IRDj*;WHwpwy`DY=6;E69_&?8O-p4<<@dLD9&f*$ z+wZ-tN8gu6-g%+9TgnXWI5o6g-TKV2@+=#EDI&XF zS5w@Fnc8AW5Un|W$76iWWArXB8opB`xnjI`5;3bqwGW%(AHbcW|#NOu{|- zRROd|->OI7s;|tq%1B(<@uQ#5=REaBvE=SP`?9`M%V{~X30gtdjq(bI{ex%EOF9R5 zc^frJ)}y;2KV04r#+SgP;eQm9{DrgyEzGrTMc_Mb(rUnti1?^~)TcNFR$ z1;j@I@tYD5A6%ofj5z8>uhIq{t4gE&qA;4dd!lbb67An!5bZCJLw6qK&`b{P-@h2z zf0RPqIe3ijfzYD_`q!60$-@btciCNEK=dSEo8(Cz19&a=+G*Gi3OGe)Hp zr|fnAAGE4I9hc9P5W&H&+=52 z(^_w%bf*O^wcotB^~-BC6-86Kl1j~3t%|%A+bb-|4W5Iiu95Ov2u<|c!@;quQ0wK) zPVN568^x)momo*z#+Zo+$BKCd3th8*ZXg@mL#SzeMoiq))Vx>QRnSPL$GI8JrWH;} zWn=Y{!)e}y!8)F2^YO|yE{G9;iAD(egoZ*r(uX>JWtPXEU6E> zJ|Noega8_jwS%TUAN)graXbbaT+geVBSj);NCItgnRdikpAoSLK>}d^MhXEFW^@9k zh7R6hW&rH=Zf29DUw~d?1AM7&c>f!9~ACoZDIIZJL+bHGVq5kR5 z)uXsL8D73QJL*@eN^Je%>9IN940^m1A{30iGv04nnl`0}!;|5uCFF~mJ~|#AzC7t) z>Pop|E;fg04DO(3b8XHrkbq@`6LT+re6Cr_7f_BDIszG8(akG(2BX>XzJUP;80F=EcpBf zDWjMtlH^~990yuws?bj=DRe>$Wvu4heFvu)+^C=```RgWZ{5uOyP z%NYB`axor{sUIowZ8S0J^Ow$U@%Suy;B>Q!5wUrCcF`YpFaZ7j(DwY$H!UC95k zd$9kQ|K&lR4^ka8ul_Bjb*fSgbQFhmFNt{>n5m$;sc2^;a3%;pS8~~ zWs_gD*q0NbJftIHYR4-bZp@ZP4XWqtE>jB!+E_f*d@}2w2zk=X>UL7)>4^B)241o4 zah48GgVYx#X*^;b!GaOB?l_*KK;H&xi++tgF`4mexa$khj83M~75ud*c1>97CaZc2 z>MkwYQ`tcly#lT+*+=s<&4y}d%)^l1XcL3k470$*#kHCzJ@=@2%A2OOoy~sRjJ%z< zW>^tp1d$th5j3`NSrCl0-F}KLJ#eYEm*wC!LCsZS@BB!tYh{Se38dyBU0OABvqWUk zRRCn_6+m=OA!=p3n?~faX@nHP@F9_nxnSlgsBEpUKc(cFqzk6TwRpjdg4Cd?9|r=p z+l-spR-MbJfU92UWO@nJ({|ha*ft+=L_d5$gaxX|#}qxZuX}skvSdafYGorzDD2pX zs%vW1Y%!lv`(YhO(tYED-MT4CfW(__cRlabq$k_<5-#8}Pa8b8)-7onwI~JZ!0o=< zfXqY7EMV3oC~w+Uuh<49a68Q~rj8RcgKnCqPFeugvRK(Fp55xH*Iy@fW9v92)sm>y z)r)`sCx!$2OCRtHo&x`OIVE94V$qS&{iOnI=Kpqg4xa56_`kjV{q0Bo?;)NKA2xqL z*L2o}>#;EniJV8|g*qg#KP6rC!{(L( zCS8s*W#aIRoY~m6ACZg`=A(mM_><0t$#_iPBd_ft1Iun*=$d6&(i>rWHl-a@Un!Gm zzz(ZBzM*nj*ZC~JY&L|FCw}^+vP0ZW?xi~O4j_+tJj0qSy+h-K`PzA(cOIP%Rav<7iHN`6X&sMK zMiYQ!!R`PH;2o9u`vXvjs?M93-&3uGqOKrc92J_q}L;FT4UQ-RSZgy86!?#yLx=2$J3FHe8><4P6S% zH|mxYie&3q9EUr_`ft1EKZ5Br_6hR-9}jt#-f9%9*p0l}9jp;fbC~wTEc@`OH3UT;_-w|RjkZv|=k-TD9Eb`krkg+qx@BS4 z(1(t0tnkrVq?{Ol9f#x=M(;8b9q4-5`Y+9t{^7%d>L1Y`374cW17(Oa%^7 zrexWgURBNDFmHodGl#{Yw=3J%cKQt(go--$Zam*(_oT`%_~~(TPklxUoowt;+h?@A z(qVChbA8C)&o=iaTCFoKT?c58js!iqBJ&OOM5_zBFVK@pD&}}38T?iC9PEL{4U}q} zy3;}!QJqyrUYY#$_H$4er44k_xYDN3O3Q8i|LTWZB|A9t{ zMBj_jK(y{0Nshk%qXWSlD+<9^#ABTeO6mrQf29ORWBP->7e6>Pz(yYXQ$$%nuW68g zS(eGH+3{K^!Yx66e13NNrhj_TGM+II`Ob2-UcR`trn>mopuc?SpWeRgpP%+G`oqiNzlIn6HD-G<;+mnmq|2{kIU&8-hot(WqJh?nPIy&zUhxrw% z0-a{SIW!i-`Ex$k)X@M|rhk6<`e=CBKRtYT(m!%A3C#BjNOU+jww2ENhewxZrzih% zs_1O2i?HMH=*{tPczkwhK@HB%FBXrjB1pAEI=ub8y^{z6A6#nq|sNXw0hpl&beA++1JbrWds%gLFn6I^f`Vx6m z|EjqD1RlpzwA@2a)@!?%_UHKY_~Ns5#@@wNcc`FK&+26{SXY|bmv4_xE{;zxk4}e| zCugr-9iP4`;e6dDYeb2|+tDs#{F>j){T~nCo?Hwshd&(;F5mQruP=M&{lkmnv(v>p z%Z7;V6q8ogF0(NhUH}&eUH!u3%0iac1=O%~fYd{(7sBg0pon*x63@xoSL&2Q10m1c z%7+k+s0j(uZa$AHTUy~@s%yxeQ7g|%WiGv@2|9dx@%plNa@;??fGHX-Nnf3w>o%eD zVzZ*#m<1qFG#s^>arM^G8jtITS;!veqQKI1bZCL~21GU|`cFrzgos zy2h$;XNg4serNF#WEshpT>z)X;^~L~sp&XBJG)R6c!lXOm{_F4b)>(r4Nfml&U%L@ zug``Tm&cm>I9Kx~uS=cHzV-ku(j$j6TH<&;Jv-`ODz4+giXkWc^9uHM zIbO9InquY-2LlJ%0+n3T`08x|S79dlF9$!~dX#x6jtij@NiTmsJg+}`%e}AiOI&>@ zF9$#VIJ_JjUc6qi+0Oo_2u!8C9%7<#hmBj z>WvQ0&t9D$z8PK)&)%N*`m2n!?9EusRk?<%IVjdyv6(n1qI}dpxj3vBMOWZi3MWaL z`f!<}L7kMqM*rMDKmM^S-`3vhG+8dxrPj8prTU>%Cgjcp--Y!=RjoDWuH7DJwYTkc zcg5u)r|zaDb(l7?UQ#83P~Ijxy{O6vBSKIJ6u({%v!_xg0WB5<6LxFXUuyHki>GOq zpJq*)@fEv4mhJ_)zfNR-X_aE7#_E@|^PlppwYMo}5wI`bGD^m@1Iy?btruuz*~~pQ zr`7Qs6u0#|5aaLDC-0$US-q^wGp(!av2RUPS;@QJNxuL3^qyaf;^9$DdSn57km4r|i>+Z1wx$!IOE^evHB;7%mT)hU=s0f+?NRb!eYS$@^f6|N+6|E>_xKks| zyS#CQ7S6!o?Yp)>Z&x25rF{OEv2(#Vb0JceX}T02WkDxO4J`DDxEKGgg8!e-sBx~H z;ixmmv-|J@ToC_Zdv~iC|6%`NYyZ*z?;)NKWgll(Z@X5@>$wU~pypSU1znV;&2Qm| z{%md9ueVz>B5{Bv?zU_M_XVogEZe%1e7A7%&K#w9%Y+*iRVFH#8F&YMM2xb4Fp2h5 zHQOl&NURh8n&4*n?8#Yf2neVIVT5!JXvCQ|4`U|VxX zOVCdC&Q55CTyuwlPjv8;dsMtgWrwy^CCs)ik;( z)@kH{j(fSoqv#sYbb5%0_+5xz?M5Gl(BUQ9NgGCUJb?7h3+5be6grOU8LPA(0j66uCor1R&ye_hN!}1QR0r!O> zWP)39p#C$~ZNlqZv8V-+0i0A226{aA7j}pf+iAGiG_nbP`&*ImJ=5IUCu; z74~(z4OjjO)e7$uLE14f@t|L%*;=v!it0nZzldj5DA|aVGkjIfR-}4(MM%`1aGk`m_!;82E$Vp<%|rEcuP!Y@nfh(- zR8pg*?E3Q4NUv!~Cb<-R4P#n#eOliZ7?8M4f0v8KuLK#*9P1PTX|A+Z zNg*){lHpk6Sq`MDpj@<# z3JE&1k`+WD6LA(&fomQnGxA2UpoO$%ZJlDnl}NfdqQ%T;COavk?Ga_| zfX0hJ5$OXcMr0?b1;&Uh0lO{T%6Foi?W5Sfn2YvUv@1$f3@3`YUkOEhZI`}QKrk1A z^+2w1+%6Z;aAF?eiAm@Bk_I%^artprnz<5QWe6;1#ffk`nSIqLlN0#f3LU1-(!Sp5 zai_#rS7V178#IwWWT4SHeR?J6GOnxuI;BTB9mlF@)^2RFVu>4;cLA(A{B6SB1t1Gp zT8FOvp_U}ve56^=8-<_SUy>k55y+{53Lp;s;|H2)v zz7ELeOI%(5|JiSJOVXwr0ArAZp@|Nm$`;>Qb-mUecXTh>*}yt^*|OR)qup-jrVe%# zPUMuwCKXiY>bZ{kW+&C;<38shxz&t@&Sk?2QxzwnKEK)sM-=jiiZ1%q^R!G~Vzt^@ zM+v{KNj!2s=uF8=!!hZgYrx#@+-akb3Yq@6!P1|W6}ER~!Z=zx8;9|CKz&^FO+O^RI>WU(dFl74QG| z9`pY^%mX)_$qe^QXiC(5QKU>!F8W+0OORQ8tw zMIV7WeTQ^{8!A%88Mgtnt;b#73XG3+2=}%hz0)8JAVI*&V7zI*g37EjpXr3I=^ebA zT(Ib-ma{`QYP8H(t*KOD#HNPp?f1k)MbGB2`=VlI^U*dT&SJW@x$E;%q|vmPa7<|n z5IQD3V#Oi6EGiWtGGljKM4Iw=Z-q0?WGDnt&^Gj+pj~DXHcb66HH5UT)65PS7kqR} zq##Sn`T1;t%k)2sp87EMUwhlzyE`TOuYG^1y}e3)xbDK!F`7uU782G}erJEzwaYRNVr2(k@BteU#5kJq7?KM! zsO(R1jD1OB;knFH&WOPoKujj&{TnR(Df0fmUvc}-t@eNXw)Sh={Plx)L|NeKU zvB3HdPiod6Hx!tW+bM*GtLe4w5`46I!`xrB1VXd zEO9L1r&?vupkY=6!^_Q$qXjQSVJJjoScC#afAAa~Na9fKgd`3JI2JWt(^Vejg%va# zTfyrHe@bR*lg5!R%pNU$NcW@dNz2xTgMyqA>BVkVn*~k7!I|A<^P!41`_Nm@`PM;DrA`g-Fn6CoOCd`%L|Z7ig~|*o={0E=RJdK`?O{AZQW^0s3ZL6(dg^skC861MK&Yx(lX0Zh z#iPP}D<9`LkzDu~tf_NX6ETTG>SIwKfy9<5N&5)RC_5)Os5UjtQLKDHU0dXQN9ue; zhDkgz-XW;MYh-JYe+#N~6)7jLC^@*OXT>x)iyT<)+3lpL4`1YU;;8dt0u0p|(|f81 zDU#jtX|H4`+Q$8TrLLLe)1r-8U;!-E%YxNHy}L|xf}Q(!oLPB~rxxt4%T3wLIJZB? zkSE(QMYnIDRT+h7t;*|T9X&y-_?hGcU>@<1Pv*lYCOGJErZyyHGUt9$Q{*naTES(Y zu&}H64y^3BQP|0_28rZgU6sFPyx>=aHN=!}sI~0cEbo1EKmJE~y!c#>NK-E4skT$C zpFXFM(|ofxN^PjarfT_)(s8{Gq=v0^1TVE!dkx+yGdeNp_fh)X#aYDd-BMm7jgB!T zXq~9WIc7!E_ri71Ep6aS7Um6SLdFKy*iUAsK(+O6kN~RGal#_wW9xco zKy)ew(r9q5K`&u#p0=PFfN~?q8kf6;e=1JgQhqC7Nedf*6yBChcH8ZcPudVF;ss@6 zUiz##p7xlAY*p)ux*;_0^kw>6>T8p8X&v;(Bl~to_7^;` zYYEBYVOM;EYK8{i^xhT{%R~|L;CQfr zi6}bOrX8pNCy^(Hks;zP+%-PIHMnC0eWCis%@zn%lGrvyR5DKYPBI z=L+dHsqw9sbVhh0Q<-x+zY-+!k*6n*g}CrQ7k&HS+Ety zSt~i1dFwq;Ej`Z$OKh6DGzC?ItH=Rx zi`7~T<^J?jkD9qh&DtRfx7Ek?B% z%B@FKXL{Z+ovkoxfe@mS%tV!{*am&AtC)4IqC^{FuioG|I2;^TKyPZbNq?=Mf|F=nF-O^LEdsMx zB25D-7pgIkyS*&Bgp8*v=4T-T)?j?Iu<@#ZocGhATFIvb?hZ3r$I{mgAddfSfQ z+kRO=?p$8xydT6`*rEF2E-i5`Cv7eVD|6;>c%$eUd((N4s z!7PgZd2mpS|M_h9;4%K!gFMT~D1|TTat#y5%Nrvbt`_aqtp{nE50= z9+>{;-mTi3Du}u1xmzcPpwBy3OD)RXb-xxu!roVN>Ja_#p;JAs^oL`y*fy4At4*V- zlOZ9FqCsk`xFR4^Z#Df!1EzVWJRk!e%hhNKGqtjQ*f*<=s0^vZ=@=z~J`y2}kUAGj z{?IG?Fqg_UIZLNOjXy)Y)bja1jqtrj|6Uyb^I)qO|7~w)@7d$|{}4|T5v>VmV1icm zaD+!Rq>>WRIUF3D(_M64V}U%U?&kH5SL6VS-`$ur_2srbC-jQuAYSvB{>hod;eZE+ zrZ9=W+OQO9zEIW83mi{~Os_wx;%%t+rI;JHkf3cOiA9kp+%9#ke%2<3nq2$3QdK}r=Tbz%GV}&--%1*qVA=x``-DmBinOq$W*DV|{WDSX z)t@r`r)&}vA@1=ESVaH#w@dM#xAzYo>HkAKP4wSlLX8w>vSBIgFUHG1)-_j_>uxW| zHHTZUBPj`HmGWOj#D#Jk-n)^1(;+8!Zmr{?>3Xq-?t_!RVai1V2W-KpQm%e)DrKt5 zjIf-#85&CIfvNyT1=AGu`=U|!bZcIuBBy>v*uNtAWP=7LmeL?XB z#EW}wAY0ktt0CsMc*^v@9I{p`i*J7*ETaG0`vv;Hv$eau^GN?6;>iN|-bww}5OBF( z_ouMRIU*W8&6WuY?Ih_bM!8(fEmuZrZnGXjj8kUEnboN3JqS7x!Ybg zi(eYuAD_ZgP5%o4v+sBUETI2e&vv(p^nd@^WBmUId6uUC#^7wVFz@$D`y0a0-b}?ypr@27bS0}XP{T~IR2iE`Y?p5f2_aFEFLp*x_*M|8#q9RTr zB_F>`f(el;>wzPPma}=iT~Yz3U()@$0<;m4xB(=5cIiMG7d+wt3erKL5sXS8924+9 z$WkYa<~lFbwFZv(7!{lsimK>AdAh!OHFPo5Z=K{@g$nt)x-VZ%nBYg2bGfHX|L;Bh z?*jV2y}Px)TcrPc+mHO;gFK%h!|#I;v1Xlb-ZQHduX-iTZ{g9cLd;mn=1m1Z#6mdeVqUwmIwmn;KAFVWo$aZVQOpxr zofiASC;N`$-_)@JOVdz%pN-o6(y)RxBdQ#O&v_h}pyCU952wlP(5G^N3R9i$b-H>h zQX_Jm?$2iQh#I$1Eqrs8YiTUmotRUp;nRi8>P%?gy>M=^gtPx0#Fx1q>sX9B!AWr#A)l1q$vAgZt0^wgU*~0ECY&#n35l71%Y)nj zq#1yke6#|=wh zj`cQ{68lqy&Fz3d8k=+j-U|{n;|Y$aq6tjv=9*7vKM|78?1#H{c2zmRF!iN|7GQ`% zghni>f@wOOBN*Qy$j*u-Q7f!Nd!P{+^OztiL_*mF%`Q%c$T)UZPj@1xgh}cz!x2Ff zF}bGXritaan<)5_vVgM5myif~NQ}v>ovDV-x2*ZBE5@$gRgsL;8D}KXN-YVxl~L|; z`jK0#)ji1TpHFjhTd6)1w7>jOS>MZoZs7qt`kfMo0ur~!JZ^_{Ob{s7DQBjPKm#5K zL>Ur%Ml^>w%Q&W6oR(EXH2t|H*4__k`HaYWI|B4=Ql4+ww(;><{FLv1?#JibeHPsR z@9u0B{lE9OcOU(~9^^5X_zf2*pUsK;_Qw8q&j$?jZ$)2kQSaStBfF$&r_rq(zH>j9 z^W+vK-|Y&IVJG)QT`H5DWAIeUs0d&?2SAl*X90p5fh^}JELL(2PS+xhBBYwTm2dFU zpbAUn%*{?|Zp0FkBOZ8m#63<=6|4$WZpbXtkjCDf-Mzits>!vPZt_#Co$&56Nlwk8 ztv1xkBsv-TJUhsZaE8+uRn47nAUx0S?r5p{xk237pM4dxp1nt-@UP`5^MAET#c$n4 zGyk`ra z^3mq=tvwvj>NjKWsy7lJqo=a3_Q;?A;AIGYF(qksm0y#AC6g5;FY81Wls zG=-f7Ammj4KvV#fIg!Yg3OeXwN(H*Xb96({6(JFnx5+9;MBWg>(Chxm82bk64&!kJH<)Wt?mo;&c0H@ME;FaxBCJ`F=Z01RUX>w$V4%OJiB#u4AUF4#$oW7fIZKot1XB#ygAfQPe!E?C~(xM3Q zNS$#!?xIsJkKJ4oprwLNLOuyG7n00OZ%w3Tn19=_#lA8w>hGoS4a+T;E6?6G%!A3v zY8I;vOGSD6dK-t)6mPfHQtGQMdmV{T{f!D0IphaW(+TKsCPxzhNY9r$(}mJLBu$ z8HFV)?U1i&bJXmFY8yw?WVMJIEEiFo^&+aXODuiJ*(RcTBT!Ur2#P99IZ>6pC#tcj zM9tQusMews)f!}?CbQ88BR_Q-U3*G*0G-cM0)&GA?96a@u28tjt+0xot**?q6foVt zW+MS|@%XN!uRa=)hX12m+>Y$)B$K&jbf!DC1U`=2=~k?4q^1RPHR)|2PsR!Prirnh zfVP>B6-ckK&q2*p_nzo&YVy;>3aCPld!S|yaIoj8>{8xU8rAQSE;5+^i0@w#-yLcD zb^`Oy+BEonMCR)h*jFMdn-1|uDft`Nj@C;3s}=$(BxLpKsDIMGo2XE7N<(*(AS%3( zvX7181^JpJj;}ztKn1ryWKFEAJk=gh6|zto$*A9h3nJEL=W`L@;|b$2c_hJ~iv(Y9 zTPxfz&K51Nlg!b`1>BO0s&Hp_Zlw5%@*PrT#kK(Xtw;p z?s^3^iKR9&!XsJyM)B2+RIv)m)`rAb3YT>-xfKz*230F!jg&F=A$@KN_J2C$K|3?& zxeqsx1@XVOcMpp3zYg~IALD;N$Wx4w(3tVTCZ#DQq*+Z-p&PloIzq!)oN7lZk!Ld3 zJ2B>ANZI5q_)}(7`Ta17C!~wEvp2cGh+7Ur&Si1FYBD9EG!j!zgJ~+oh0Hj$*4Pgk zMloF+OB75WoD~K*MQ0l1uu~dFUP*}>9d021Y;l4j9=KuKigR9-WN}Ha8&s9+Ei5pH zS~NZ*t#_b^`veMB;*v#NPc8583Kd%8T; zfeB9}pQ(CzSK14HMOf8dZ7RQb2^bGjMlkPtQ)Ca-bXUyut(HBsjEcL^VUc@Ty~R}b zl4D*q+0RX~dLRU1#lnnvJj3!>ef7{rvC@q$UQG>J1c$?10LhRk%$u~#XwcA8Cjf1nJ%hSU*{oF^x+y5BzS-0>3 zp)n<4kY?P25-1zI5tXj_&@!v*+Hj{puZF_WI`+mp>k#R8AMjFY#uauuUVUZrWqgkJ>)o z)TW&E%^e+H9O|Zy&JT}IFE5U(@uG@s1&WMc&|*gT+7`~=o+|K{7iT~9PcH|D7q6Ed zk}I{ExyG7EZbCqsWttzHpZ%YIU0(caP%}VJ56fK}98W}X55-BbwRSt?lXgh1N%*2X zOCg_}s86mRAZ26j&n_qh!Zf|XE?Knk3dQBJ+Vi5CDA%&Gf+gHWB{8r}m zHq}Wy_lh5(k^lIQt?k?gqldVd#zahc7 zoWT0)e(s}4e4hy6wvhX7Y?IR3yUtfN68g1H!uCVWfmH{%2X0XwFl8D}jB6eyGxA1l zE75H=3nYvA75%gklpI)P%kn$BurRsH2UDb7-uxOP&R96_A{i$+eMi1u8eq=XwC&>p zu;$J?l(xAORV~X|)X-S=Rj`T-8Ej(@kuUehMxsb;XwFnTn&zN>%KuCH9owJNW@*-Y|=_ zxp_~?Vdi#O&cIkXkcXcx0wIu zG5*g(J=OZ(zfb1(ht@@Z{WuI#L zf4@247SaEmgZ)SP|An4H{ivJeF@P8B|DEl< z?V|nH*3RDJ{(p#P;r?F`$*Saqkc;XjraTD)_Ee%cVc^EmhX&BilrZ&WMr z!Al%s=9Bn%U?wT|uBnx(+BwyCMMUI!Xi+YvZIs4Mz32_B5sedNHoNbwiQ-!|BX0cO zx`IoF>RnLlE+JmiWBOLHUB59k$lvxUod3o?y$uHH_ay-=(*JDjmE!*&?Cn0D{}1t0 z9jG;V^41opXllJIHm|ogU+IrMg;&)f=9;RTL)r!6p49f*c!urKWO$U2#QM_Gc20Cs zlYq2@m&J#CfSCXV)g7lpE4dzEP9914U;Qc2f0HBiejR`o`TsoI-73m|&vqaEe;(v1 zFy?0cKeGdnY31$$lL7QaU4ZPAt>yz{Yki$gK-mJ_!3)R$xxE{Zoue8*pmgFN-Vvw) z@0RlfO8fpWu0XcAuiqEQS@X~743r@_TE!d4-Rrk-2eQ>4)E_8Y`_JVNq*EIJlvgqK z$slhHZvNGrjm)_2&D+S%(>=Qzxi;jF z?naO9Mre_{Q6_pU_BZ6rL)KP0)*>D%VPC%8FAI1x)vg!MF1FCA|uj&U>L;vs90cfHB&$BZ9-+uJ}d61{z z|Kq6NA02=m(gEnfkD&$^pe7{vQa(U-ejc5G?)Ryo|M%(uw9x-&w`l*rzjv_pNdF(= zSU=ABLAPA{bxn{ubu6K$Nm2h&*J@WO7OTom2}Pt zXnj#RAu$VZ$QjX=uM0eej@c3}L#lfY+?5=Nies)J7We5wQ~-USK17RX;;o#Bic|4< zy@-mf)w&TC3$Ex#v`qCC9EpnHR`(>@PN%5Clc;i5DqV?+C71LiT2$>W&P3Uf|L9Hh zRXv6CKjK2R0}>KR+I~ndOQJRzMdSAG{Pqf=1?T^>y`uhSXKQco@%(>~$0atEZZB%} z?a{Z6)}Ww!^XoI}e0IMu{+fid*PLI82A+VhYZ`N=T0@?rW?5g)2=J4#d8ay^qL?x{ zM&9=##Z^VKQiS!;S|veRzmr%~)tMCz?$YV&O-VTGi0S5(^DD25JZBGj6Fl~o=G89%4^gHWkRQ7fhIamBw3&CtC$*D$J!E^@G0IJdQa zFw6VcES~AxJKI#+`c|fdg!g|WL=ng)H(r%$c#(Chxm8#Jb|kVZlhnmyxV^iwj!8;W6Lh)P9Hi9nK@V#sI> zI_MYj^qQavm&hamrfh-?W+Kkgg01h+%S0k_O&F3>EP)j?Dg60ZoAcOeRG3W78>(r= zun9CGK28LIZlQn^0VY9Hd`(b9Vv`A4br6G7j%^oVHlOjBsP-?WBnB=K-4HWqMo8d{ z%633-Rm8{4eo&oN+=lKdL0R;T)^h4EXWM?mdara4UzK?I_fmW1G3i@gw@O7;s}2ialNd=OR}HW~tJ*Z>8CZMfwsU~1lv76k^d;0xe<2Kc7{yUx z!oGQpQJz2i@~WZ&a{X;JMWuB?k1C=st0G!H?2Yc|imIJPO-_+Y+s7z!JV)?VEWIx) z#Olq4LXKSAtt}?;1bzCnoK6Aim6QZ}45imUr)TCb8r^&DiCH1!-|h5mT+YIhu0as1 zvuhIH#8eWi6pIsfDBcPZd+1<)e|K-au=aJzruD_zrdukOwznEJOZx|_sg{-k_m|V3 zeCtnz{>Lcs+L7WE+UenbdlR5V`k!ad3ikgy+uM8lkNTg7cwGHYl_m$>#&pNA+#zwy z<2OVIJOQPJSJeg;ND$dU|KbUnB|@SZW(f|%x#8NNd%&y!<0j@pl3B)f>NDR)!O&mZ z4paJXPsR!Pw}&)uh75vJHbFc_Ni>OZV2z6XDUPM*njQhTjF;`cKx-lAS4o7t>unEt z=_e0)UIq8No-Z(J8<(DbVkng3?WFb9$T28-LQ zG4s4y128)Qi&S8BQ&v)MO^8hYhDG=?ny$au@;{I|%$?P5UKwUb^Hr$9a#;1Z)q|x7 zCj6L2@=+1?w^xK&iT10~ggt7L?yOC6Dy^ti1R7C#n^N#9E1@zyuQXjV_D6Cam9>_z zmKAnT)xG(EJWKt&F8Y8xL#5#FT8XTiN@VK4r;EZ8Rp@`TK%DIwKMura^#9u4+1uMM z`F|Ze`hPvhV}$RuyhAiBd@l~f8GEa-A@zPPdw|{5&ns1speJA+(|w`28H0x#E@!if zPne6p->4cOofCU>)bV8P?XOCdNcj(+Gat)l%qr;)7U>o~qJ+^u{u(L<7fJupC{eFm zXd@3tl)RUO>3Cmyc5BrQej+5F*$)AMd?~2`PC=7U@Y{-VPF)FP07`!ve>IehhO#6SWO37~HQhXqZL?IO5U$ihdIf5q znCOl{Pmts&rz0BE7D57Flj8Kb6Qw@A@Sdz0w+{6_X&X}??@ak`s@Rdl@TYe+7Rr&I6xQ(~2Ipvp2gtuA}yJl?u ziz0I!UM_=`l{mR1($%9}EkZl{PE5TG@bUSqPqzO*&))yX68nFDw{ZWry|cT&`?&uf;`t5@ zu#_ZbE(L&4%cF#bpu>u=e}yMRXeW0nY^Dr>#FT^~L}1ogA1Iq_pqPYM(rW@)%$)a_ z1+DK8BNGr$(OMLfF?~-0E!+Ncy@M1}f;fYks!J#$F$yUoomS^)csZ0jCav#KkI!bD zp`Uw06wp|-Iuj~4;s3h(tVNj9xMrIfpb_@3k_e4yNJQ(0j<|_h zKXgX;s`W!h&eY#LrjynW|9|T{^fQhrPXszX>Wfy#WG8HOXh86$E*|sWTb*m+^MGuA z3w#6Y|MULg(VKo}7JQyIn)m;~v+b>e!v5dh-+Ijd^B~W!|NQm0Um?Rv$S3?a^LG-5 zzqMM2=rsvv+9d*wxwaOB2pK(nvyb3vzt#HZuNM%*8%K}W{qVzUJ|mG5(|`B@{lB)636;}i)baTYgskZw@X!BhwZ2ot zM@iAG)<^UcnWK+L%^~`Tj!X_|^_P}{6nXvF`q);F{=fYv_ZR$XeMHqkl|CXNV@3Wy zqIX`v{VNiyVe4Lb@0^CyDhfq#7-|#&C4)ev1|**3U^5yjU>6YfL<3YsaQ51sf`nsR8qTc_FtMF%HA?N~?FT|C)P%kJ^*7b_VGy8q#ZvDe+Dm9Wjv%gGFad&Cw0q9jSdDB)&bSRYz1sCpDIuf%WcJi;P-6O$E_AKe8?B3uDcsKxSEVL&Fe_Afir8d@y{b3}G}*WD*m_ zs}L;628!TcwXCS#?4{l=xR7nWYq4XSIcvYb~;JyWO$QQr+k~p{Roh6~9x>ga^RUlqLGlxL{xm(J^2VNhjC}rrK0`m^(0TqG8 zHm#^4Fn|Nw3czVH8YUi0g8BF(%L9W6f59Rno70ABcj?DG$5+0X=c4nxo25a zFgIaUd2_g5fyE*L;%d4LA$^zSlYN(NoN{v!5AN8`fCo(tROJ|Mrm4D=llT`6cz_Nw zIF?0-$sY-giGY6m`o<)PRVN6EGmb9DY*~`m7IY#uO-@QzhY)3Ej zDG+e>G|ifc@|k=$^1rv$j)TqKJjgVWZ^|Kj@GSm#-47lp|GS$T(YZBuL zamL|wpKon=avrJT?)y)l(%0t}@TcGE23R{f#V4e_EeJ@GT^3Uu+1CRy6>aP+^fsARLD4*KLrf-7ieg4eUw!?=OB(?&gP;Ha6u5Pr^FsSNe@-D~GqUGKL~zp1UuBOda} z{3n2)@9~ri2{ZC(!?Tu(+gn?oe*2_PE4#K)hNc+HvNDqc$&AskVp zxq?(8RqW*ZhzsCoTqXNUvBCS0O=ZIgEIHm!~Gx#~2HsgINkcL;+n$$Wo2LX*e`SAd-(9Ro_t8cD; z1?xCwFN*n0O;iHJN^uol*V{jMzU6Hcz6n3Zz@dO2Uy0S094TRuv!y#%OmJCoW*-}+ z&`-|=vI#d+&K2%P8kGV97Gs&HZVgHYXwfa z>20Ls8i~R-Z;yh8W>HqA4odA>!jinfkwOqt*fq4RB!niTdPx_s>A9U!-xpNBC}Hri zogHX?7!jY2sjpQx*q`cqILZ)aX*)poK|})W3B$`0>N1l@HyCfD&4&dg&k5q@$iKFB_z&SuQg>tXn9(U02hDxmz+&_4} zVW9jeDuCT%B9KGRz2rWG~qY!FK}S4fuHOu+?U%p4sLjLHLq z!Ori zX2ZX$iMv(TnrX_RQC#BCr6&c7uNMp{$Vh=sS9QrQR5KO(Wu~IGp*u4b)g6n9^x>9$ zTDCcpkT<_)CUK-m=fHl>?GvYEJKSoTV{fNA;)+IZh?w?_ufzh0Srymh!V(3m!B#-3 z^(SBtns;Nn;8%n-leWg1YCZj^liMK#^p()*DlM&5z~|W>ZAuHGEttr9U1K8qX~VO2 zyXvbSC5j)~+M0PArJ|qe7{VMoptf*@9-fYgKled%P~2|=9-!>IAW}`bKx^h61MVQT z9~VYZOooz2aE-H}2~{H0r^8={=z8-8 z@@j3XSe6{!U@Gl3-I%MfUQr#tP^Y;FI_M3)B1p&j;l{63XT6|fkmGO=6b4Zxf`+1_ zWxKGWZ;eXKn`aIZxKc`QgD_QODij?*mK*TL6`7-7)d}Zg^-@n5+^MUfy7%#8lgqP8jluv5Q!`e`^L_ z6ceG?Sx_rO^h;=4=NpNMPXet)xHci0z$i)|l0mAAUc7Qu$e5dumkA5Ps>yhX1v%J5 zg!x=G**k>6DyB~%)*4(Zs%gY<;kKYF-|11;^d=K}?*ZkiRztCmoT1kj7lYxVF8CoO zO!i1D#p=ic%mp8#PDEzze3khJ9L%U<1cQi!%EnxyFVWTXYHgW0gV$DyeJ+4SHa*WI z^J7gQfV?YQ1h!P`_K7r{>kD;$Y(P1{(Tp>8E|_i5)*8Z6?70E3lmc0`qB?I{q6}1P z%Qi$}Sur^m2BwSHk|RDIlXywUS7hD*Sbf#9Og%WoPV@lhR$Ix!Dppf1%`%n977!0- z&+^X zcIAz7&v=?&D*%)P^~yEF(k*|DYYZwB70v0Co{EzBOfj;(f zCJM*a%*NKLhU<7{7Hm~OX^;b{UDwGk``54T3%9udzG6Z)S5LJ;! zlmuFjVeE$hdU;{25tLa5u&Vli`s})Eda_|QclP@yGPgg_C#R#=vo3M4Y7 zMeR04Md*!IJ3!mDiD{QI=3(n250(07p+-U z(inYTF;^?R9dvY|LJh@`;+G6QYoWBoX!#W*;)7KHZe+;NWJRgC(Sgr-Cf^Zx#l=P2 z8)Rg>1Q^JAPQr>Y6Bs3GmZaL=g2!!`r^vacU&@9&`03Lp#;RCdA8pHM9y}1SSgC8# zN<~dDMjwdcvGejLeg4WbmMKa4+TOexL z%z%iv$H}@j218EN7+%qYXd7dP(G=|ujEPYvt&=+Kus=udPQaL#;8>mARPfJBaE7n+ zXd8~^>fgN$>*kQHSsEBJI%Y(^q@tmXAu`&H7~NF|BF}aik>l7fe0t(`fU5PF3eY(( zi#8{et+siI#co0;(C&n?mF6atwKSz(pjBo-!yWVUN=voGMHNjbqeFJC>T5R}SG982 zGH^O;8aS!GOT!~Zy$zXG8W=WRENQR0S2d};on*ywzhN6aGS{TJ{FP5kBQDsL(P9VM zfosuD2VO0|R24=JjuB;(w28iZF?-pQg8BBTu`R|V!OJuCBIIei^(>VSGOZIc5?0EP zB$*zn6m&Kt0*uA7j7}1Qgj!405S7)TSEENY&L52Kc#=-H4-|FNjw#y*s}3wX+vPHE zA8ap(mMAJ=HMCSk`vWtpG^T1^XLc^ON%lZdX}FNm zMhOn6;8}*c6+%T9Yq}KeIQSIVK4O6>JEu+9_GC}HQo%2!rwC7CfH#C$OQ%d4!3K`N zhaP7LnzWb2_T%joV;0QGDP~;jY5+ODv8Yk|w3vN)SQ=n!LCApulfSC3eg!c3s4<-( z?XlJm@9#Af#LxC0ck7aCHJ?8%G|7g=tSXNSKMbn|SdeU9%%-*+ccD+Vojan{BRXqj%Cmhq61i z!)uOX1D0)enpwr5t=Uc8NKCy4Er$9PGuNt7ShKB)CEUuQ)f>#NVfp4}PTV7rcvx{> zpW;g{(5Je9<5T^SxUTfWwzFX|PhsP1B{jvP<|*#!Z0JV))cQKPSr@h900r-~+w@K| zycDecExDi7PWBD@os~E5#$3+8TD3Z#8}m4;TucXri;2dd$SRqvB~LhZ7blPnOB1R#-qmwWZbza())Xil`^po@8sY@v zB~2i|3I4NX7S~`u+ge+j`)q0K&X~`(iG8uWCuxYmdh{XBs_KyL@7gpQAOh?D*62jq zG%&q=_UKZyc&_>BIvjR23Y#Uit1YhM-g{iWmgIi0)@0+H_3h6*En4lb1eTllAoFrOA!6 z((BH|hlwWlgoh?8kMUh_(5s`kCH|S*Is05o|I=${5Xq#lGAL35wiy`Io9v1ITW{ss zju##IzuGOaDpS!}8e0snI&+29nw(HYyXdZ|-Pv$sjhgwz>JWVV_=T~pT5ZbCw+%4Wvc9YwYEBS+(0cv5f8-44I_Uql93Vr;Yx*hNtjv%{F#h(@T=TFEk8bF+t&FiNE9-!q)R??yb+gWI_4nYm zY(*U_ov5yz#IZ0&>)2&N0~ekE+BSx!vOqItNV}GoCP)g*vJ?vi2({-x`(P~KJvluF zH?&nV`;&KP=ZEi(jz1c?!MnOkl=Vu(Ndd5|v#lDw*%Ym;JXHVy-~^uPsalf@6*Wy`;giizn0uC{%HsV|^RvX)5eCb~bY<6Evn6N0xkXN*KT4Z&eUX@RgH z2dMaT2W^7~_wpTQm46-K^1ol@NwU2<9Mi(t*_*R>t(3bZ4S}kupEI-RpRz2;82w}% zSI4W}bjC}mxgTpcqefT`^)l%g1S_p}ggJ0)6TIhFqkjAf`B9Fv1EiJ9Yco#}%4J(y zht|yuQeI%8<9Cr5T~e&IIiDgCXP5w%B$^L>1q6iFzt6xd)0=DhYB#R+k z&d!#}B?0$DZNZNKfl0DJF^}>hir&vZLXN#i#6OQ={4YsDBxSR$t-}nZSiAlIs6Kp< z>6D}zR+k@+s(;h;veC7AM$9`;Sh)M|r7WYbsi|;A&p{F++9D>CZocBVOZ=M)P7b zRPdT|)n2kolJHdB!mTaEOGi5WrJ@K1b4nt#aD*~_VSv@vFZw4CKL~9AWmhqA9^L7myhDYn@%lNbZczP-l73r#=;A^hx{ED+;RqTM)z- zR2FwS6kO+Z)iu_z`Sk-etuCIrxI60Db9Mc#jv5AsQAQUu!2)DR z$#j&_8B=hF09~G!>P_RqZK+Fv*5g7?y+s-1k=AmJgh=(0j*X=Mf*^^r3-n11W>=eQ zG_>fSO6~+`1|(Bbl)cPRR0dBOZ*7$+&JK`O*&Fh(yH&}BR{wRB=97d*Bb;SKX5;M1 z7%%W&IKx+2k**8A8(lsgr);)WlJ~M92vC#FcVix9yKwS8PDmy{rUFNjMkL$SUi=^J zh58tmkJ#>3JK^tWUh}do4KY#x8dBFd-QAVTD7EWoA^c<&@ ze3pcPN#gk8k6h?m?pX;1Tc&2hZtkkEX}YtNKD9c5zBaFcGFxJ}u%u6zof_Tg3|7V6BxO;1GIjk2;qC(XGl%D^-hKumLVhwf!GjJ{Usb_n`D8(*&LU+3xHX$S0y+S; z91ue!ZdN#9=m;-Ja)dK-%X_7EB^#+taN4Z}$>u)01*nS0Fh1QDdPQ6$GJ7Pgf(S zWr&PgyProDpa@4*T#`}FE*QUJBgp2T9e}0KR_B=Eo48UdlU(2#F@L%1xAs1k7W`*T z$}~5$0RY&K|MvHuK562=7km3p1OB^>a-Z>E^B`^(0NU11RqIUvSo?7m05(R}M1ZxQ zO9c4N#)pkJ2m)*LxIS(me?)->o0-Opw+uB7c9c{$uvJE55@AtJr1G)^&>28y0G)RN zI&T5c)d>i|yR66r0GY^A?b=cLTS8RB<~FPnS6kZYhboE?LH*_rjWM3sdX=I5l5qya ztw!1~Ys8Lk?l?lAZ&~fI(dEBooI#i0Bs{uMcY-sb^)|X!?fD2kuBygrKYbI|MIHV2 zUmAmXrS1q^%W~FmZ)}nf>v_K5m!yS&l_lcovK;!#9kr$7+?9o=P6L0RHiumW3_ziE?J6Y%Q@GjwrF5_-dHv;!|z|Q!2tj* zcN)RUyHJ)N;6bn&n&O?Py$~k#ioPx8T~H^qv(d@YZVRZea2!|9C_2-9%=ObfA&6uV zR%|e+m$uCxb)UG}>zYet6J@up)d=yl_0MXDT7Kvt%GDpS5V(1&3?6eKj%Sss!}QU% z+%nWaGuum`nSo{wk08*@yQP_}9|d{gYFU;4DOLhfI8m0-*<4;<063`seYzt5+kYPP zzqeBEvHWlKAZ}Cu_|i6iqML7s0GmIr2mx1y*N_4>f4^ZlV35lNxm=LT1!eF}DuX4K zdDf>6h6;s3SpTb-YtZ}N!_tHQHevb)Wyt^M#s1?4{(JU(Z!h4#+bCZG{<|sQ*M<1H zpb2YZ+oC}PQ@DI ze0;5Orh;-ot_{& zQ}P0hUspJS=GYp1LF4D(1QcLXfK355{hnb{gQ5m$@ck&O_zyDCQTB_Dl5 zJLMkZzve;QDExb+8b7g(H_%`G#})9`7+3@Q)qf4pFF?Nl{Q~s+Jwv}bISt6~K9yDc zHzzoe^Jq?@iw#)-4C22hP5IyR{k<0f|J_Ep$M~;y5H||`UPH@As^tdqtNgM8`>Nw< zV7|&v0q_OD7XV)Xe7|SFSD~T-?cMLPivQGc)k*&nKHCTa?8kr4_xJXmH}T)oApg6a za*y#};~;Jn0V;xh2yMUNvjzsN{kDPv>!WJmz}k-+u?cP3^hqpcM1COCv6_e>j(WY$ z?N0z6wmRN~z9v;W9ZkL~e+o8#0ni3Oi@q>Gd)pYWMnyYNV0UyenR9GA^P&@(;I_eBfRh0>jE(nWzYV@q7Ust+JY0?>wp)B=d zLlg3i9%u1R)R%P1+v1_Lb#0PSm=xIs9@xy>pc6^^{*T(COLY~#pz?T;$|Xds@mPEN>gfd5o+F%a zo)GLxXVL`IHSQ^T@MHD%{EWVWgwSt~&t89pzWV<3?EJ&=;oFa|-=Cd(9PBl=6FzYt zeosiJ)iP34yywkdt^aSCGl5@YwtYc?+D4-~aH{HgANs;b)yry7DF~VdPd_AGQjeug z`tG=JSAt4O7?RxSgW|;Q%0+6P!*RmhR(wI(8^UIa)!+A6Nyj~P-_Oq2PHnwA?ITYK zJ0}TQ5Gfppd~G9N8q|jwdS7iu?dD9ep$5iw#l9+w-@}BZX7pT1>3V?fu;>LvnAtFX zDE(~#IxoOwAkTti!)H*J0_2p>g4;9Tg>BZsHJ+GeErj8XW!8Q8d@zh3ewpytah=w? zW#904so8OXudGCi3!o|IZ%z?rOC#XIndxGpI7L^y){;j}k-U+##0vgd{A*N`!|YBH zKG|Jh%6992SI^aMj3pi|cubP`Genmx%7n7{^Sd- z$B^h_{KLAmZw;Mpcd;VdH7@b7mG<&!!r3g)>7Vx z2ef(nG?%#`D9_-y(U>qvr~MZ@5Lq^w`3@|S5DsBKRhj5IJFhiUr zVCxUrXCM~`SacnrPnG@rwA0(sr+gwG-98rl>j@P^E*O z#vHhW;a75GGdB&?8m1Y}58i^Z6Bv50M8E}&OFZjcfU1$R8-wIH1)sBaj%S&^Xp*Ch zBN`Lm90y4Dxx@LZ|9uzXX zLmtS(-bN&~#V12#I#v6~S=$9YuYMhY>Gp&mLgkzY=m{q}MXt3l<^o+(A#Eh(k9XSr>_Dw9#=HT`NP@Q82jFZ#4sT-Oh^p# z`%4VdLUqd$a>ca&d^@gBoekGqqBi9E6miCMR`54eUAj#PM~)ipTEnZR(-NN|f}=Sy z?=yl2S`nN?ebz4qxth~xj;`i}A@VsQBqp&rT|i8#Eh@Uh(S$^NLEz0p4;e>N;OUe` zy`89COcH)YVwBJef*40pE`*{}m7gf9_L=EHrSoM*Bb@Zh0vp4m0><~K=Ob5b?E-%; zx8aoYWKhHCYvFJ{C#n~^$QOv^iwO~s_^9XDGQ4@GYgpv>q4?TO}UU@ ziikLi$QYdwY2K1DJ!@vpL?j571Ywk@J5mm9u%G78hiq|-`G|rOPaeA{rT}=%Rw!=0 z)Hd$cH?2I?aAnW}$Avm2Pctb9UJNg!-jF+6zf%IQ#|Hx;Zf6Zs-Dw55*u!2~(Y2Nl zovV`$G!e*7nkH0T2J^(&Gpj483&A)Wy*@ub9qhr-z&qQhTizioaFURue~ZkaA6~oq zZno}L%t;2aeYIyx^@-h@d$9CUIGFrweC456z3|2dsj~RPi{7^4cd&#`%5t8|gc9+R zNPR;$1+U&W+AZOgi6~HqSfC3MJTk_d@si<%LM8(*Z%iZ+3(6EtyP6Y-+LI{+Rc`B? zt4lXH@e!19YVZ%2hv_6A)yhF#E`3><};fxb{#rn=UPfucEy6mafq z(-k;Qa7K=Q(Vd>tezh`MlR~IIkfaM^nStRXsTqREMeEkbCV&)9bWQc^pL6vuH!@N7 zvB(oi^_yu_qva7+74*G_r9=*?8_z~ozcD_nsfD$wtGBh}) zVh95@ee6Ze)i@<0B240$lQrHtrq-`?N2u({#JS)r7ipR^19daHpa~ZGWj0sVsW)}4 z%NBPu2Z$x25($#12Tt+(6&j#5_CUjcGml0=$ra_fn)5`FvN>5A4i0*ajdyY4=p~kCM2zfdRbS5q$>uzX z4Q?v_t?qlJ-X+DVZ>K(*@9ucz6rLBofQOHpPt3V}o|?A}oP@MFkU52E^Awh+Z|GUH z#hgvMk(EyB=c>mzXlZ)7D(UuDM-L4Zv=30nLD31N?JdKVLtCYA>#4+3R`f7`DYMa~r-b z_md$mVl7cLdv0&Nb7v)W7-{N2ezAA>L?0K)B~ID~QYFjO?HH+2Jr6XqYOhsl)fi9p zg!{}+-vn2GMIZjm7I#+HmfEGio8zQ+wJv;Eg44E+jcQwrhu<{ z=r&Gn3yP5(Y@9)}Q56hyZHaS#EAYHHI4z^#Q-slsUJ_O?j584SyDcJug~W=27p!EB zAktDM<;dUJavP_>%MWL!t!)ikfdTvw!?p1lg-9%T02*3bgy^^J&j#%AHeWB6Ag609e z1M&DHM~XK^$Lx|Xkszr;0&%iLk+u&rs!SWw#3QYABJ(@1oR1zr%ap@Az{WZp10AJs1LA&cQ2>l^IO zOJ<7M0#qzqWn%Y`FdG5r2P|()-Ed}Ptg4SrMS~S@YL#M(F06fHa3yWm?qp(4Y}>YN z+qOM%Cbpf4Z95a&+_7y=jD7Mv@ArOnew?3YSM9FdcdvVO@9M6*Ypv_L*6J;%ah4jK zr-rK-|K-wrsfisrdiN?GmWq{;fc1MlKqZcUiWD5Kb37eD-o>qFV5AhBM5$1BfkML* z5uNR2BQ5qunv(*mihu_(WgcpknbVsH;+O0afs^N$9F}BzN$^#Y`tzeP*NC|aXr=GclV9Q3g4Vd!lhZp@1R9*r_#8^FFBz?o zX|MBNNs`isGzS^R$U^x1Lx^z8O~TUYwtqt4Sf|cm@6+_$!6>wR%7H-@qzc*zfB;75-tjPcRYJ?e0I|nna+MM4+MbT1K%)`JjBLNiiRs-WORX z>IxFP!f9d+3F3>Zhf@tM^3}Pf4f7N|ON7vy>FmaRLj+At&&OHhwVYIlr9ZqZ&wv9N z@IB{4@gAd6=DU@~IqxQBS8DT$kn1ofC;v}ovgyPVG$xjiV7!0A1qnn9@rx5K-naMm zzKaYfd5qZPh8Ef%EW)!&Vu)74bZFxBkylAGNC8nvT=STCHp};K zjC3AgQL|96^sS**#Oc;W1iH-vU>{hfe6R@?`5{7XKLnTD;-Oa$P2b3>z0zv z3wqJ=+dXfOJwYYAN}U~wEU0p3`L(_8_?9_gidLrWm&G%2 zye81kf=+W8995gEK)1)L=bfu5V8)mnb_=4k!EvF~+L>938qvJkDyrPpAeWzr#K2@s zw%(OSql|Q6q`beE0jb$HBg+{2+|sa2!~w5F00fdrLrtS9GJf&~PS%B^T)whLOB}}@ z?Qra;tOf~jbp2$Yt4v4h_KgfE$|$l;U9i<}G^GZluLTXkIn`l+=AyDz#N*j*jwA&e zR39)yC@9UknB#|+!GI%33zRrTg$%ddE!u`F>j_*KK}BrvEh8dx1&iw2kQ0$QLq*^U z6SuOV3loRMk8V=rLq@_~$3wo?wa!7kGSb+stZ)&3rKe_MNPaBS7!cF)aw2g#DVD@-iW^D~i|1;}<4MiGZoz$-@Wt_ts&y=rn3!VP!;mfmNdsuh< zmu=$)EaWtzMRTX$zXw}V{_9p_yo+S=UuPZ4!vCDDx$Db2<)9WG?USB2(!W<|zxjTY zjQwTw&!HIPf5-612DPe_|MgN`v+lb<7Q$KC^55%PQ}4DcHV$vpruv#B^Pm5b`k#4< zUneQ}vU~X2b)O*})av>q{-3GmvP56IkWT9Bo#$s|%~2@=XCwKRVe|pWaVZp0~TYx{iSSp6~Cs0+#~5 zk3PWDBnpMxp6Al8k5Y!5?q`ao*8ERznH(wFPpj)SUp9)TkmNbbrVy1^P$aB)lPu+- zhkCd=;1EG0(_v@Yo6fhxIi(z_?q@^#8yV(exSa56@B~f1$;ixKO6)aYY*Cy^ffUe4 zU+C9X1Qnv<;rbRSzHQ}b`Wv6DOh0$=rh zg^iZ-=qt+FImqrFUUvgYjcd7`nib<$i;~VjnhNe&1FS}vnAu51DcfPyG7VUW`q_kv zpQw`FC}Px(m>)88?nu9h`x1W{g`|>eQv6Z#z5~}M&L`vL zs%$D1(PJICO@$4l{Cx+?s4|1#{?kHrjm4(w^UxV1mLU5eG0K*MJdJd9>clo!jI}gT zG%{j!hzhSyG~L__|apQpCrj9fdlu^G9=qzx#|O13uQD2)59YM)*F!mQUim%7-CxwQ7`M%m(M?fuamWWhuQiJ1wOrBJ%D3TUqHs~#cAU& zpnc(n%lk5KI1Xe`ttuo%RfSKD$beUfdfp1ADXewXG9}Xi58E25gyFJsSc2LqEMX~0 z&H=3Y8-#6jEWj9*7vgEwuQ6q81##$7J&9e>JL~H7A!N5M^7D zc!*6r)ZCSS0x)CR(hDj@erOlzgBJy*mif(ELv}uHJ!|UTTA5JC4m>dV4WiIP$b~F1 zx$&yPW2iXb3-g1A7|0@fNs02s^4I2whUG+4r9cyBlXEu2iCOVNH+9e3wkO&r7%K}^ z87Pyfj_-u|iI<(>X9=C#qnAB+JNfx($SwT z%MN$cnSvNLe`Jqcl)0~m+h?)J7p>K{Ek{D?Wnf`1pR+u(;RzD=g~Y_YUf8AVF2;R> zw0y)&R&7R0qk#Fq*^45Sc`5sb9n9glLHh)0Y4%E1ZNRei04uC`>+p*kIf8@jc*z-G zHf;>0iI8I|=t5j~cF`(=7c3C?{Zjyo$J_4ex?F+X{{~d)n)qy}k(-J>fd4cU)3=^= zGi<3Z`Wi}$OC6W}CtT0UU*7_p$ z1e$42>0*btAZPCNYl6@e3xZ~VaR@E1O)v>$Z5Cc)37i<))^$S+1B#h(&wgcBeA^zx zS{KC>j5>gwZiEXwzf5wcDok`yEHX*piBq`EXC@z?Axv+8<7QRHYzVb>AG8nv~3 zV7lyQvKeyYNyi)^kDr53kSN;9OjGwwZ6c)AKy&zuTd62-?ihuEtbt; ze=p;bmxH%q`h~5Q75J^1K(O=;%|1gpJ3!Yk)FQ8qqvwvQA1#JLP(G>jm8UbWBi&ub z6n*bGn3JCwTPFWB1(0$ z5u~tcp}{(8b4d{Zlj3f-$YKxbbed**>!o!^*bWZ$%JjOnJbZ=D4PLoHzDPBM+soTHFK~vKmkZ)Kos2pm#ZZ9&S+Ld5#(Yg zE79UN6o{;TlRRSmXTLx=S9H?Ih6VXBaJ<+$&IfqLE8JE^2Sx254?8Z(M4w-1sA#0}py# zg`jn*bo1@+6bF8>2HAZWu>&~2&$=!(Y@c%kz9KOqx0(g|J{+$ym;SDEHT1>u?eVZp znz<@2(GG9@Xg9kBa48h*-BcDsxo#cO;empcA0?~A9i9nUEo0ZKAY~~LV10?vbCpX~ zJ<$eMb>Ne|$$sSZRzD%{IF++Y*D2G>Xnn@C*ZSKJU}?+cSF*%7l?)LqNY&#`10{tD zQ`4HZ(_MwI^bVq0(9U_%icMXrL)Zy86kP`~tmtJz>>*ZWNqd2RXbEQN<9L5xZ4_;( zG7iwzA$4NfjeCu9NHbn47qvmZ#^r${mM4S!WwE0&D*2;w3le;YwVwNTL{Ga=7zmd6 z3udsDrUh`j+s>B_7hoz@h-U(V5O@!V6iN}XtHqP)*>36~MAF$DCe<(ZXMw8EvCZNv z^Y0IlucqORng_~8wM^V|>sDxZ)(S*&zp}L;-7nO<*mB;+UsEe);qJ1v8u63tU$ z?rj}W1?g_L0Yfo@u#QAStDKrxo%k*Rb>sEsvPJZ7mH`WM;9Blkp*eF^?8Q6=JM4c! zLd9@yqRyMeT^a>k8aQR@lSS)5|Mn1k{+;QG#s4_n9UyoT2j1Na2)tXt0dF4)1^8Y8 zpZmE4d|uBtBiCDg-hN*1EWUrw<7f?ZPy9b#ZzP=G8%;>!zUKD0!CBI=Ft$d)pvPpC z^D;5yOp(T5z{sESK2LEV;x?%dIkhx}Z;f+BQ*Fn1CSQtYiIJw<5ENgSX+*V3d=-#P zth%Zhu+w=l<_vtgh4QPL-ySAfM67#4)DB#8gHb3kJ7=vV`&+K~fEVJpFU{@ZLUp1l zfWsiQK^64hh%V>ott z`LRal7REnU>3335vI{JS4B0tyhQ|dxe{DVnN0xa@p+{~xIQwXc_YM}7I_^szl~fu` zF1t}x6l*;p6Y*q5Rb%XT<=xV4!U?9w<*~m*u`xF*sGmDX5%J1z;=^czfw_AhxQw$X zr-!Eslbi&SP~EsnlT=q9wqH0xFIDJB26I4+iI0c)G08zL{gl~*?U&wUaP*H-dW6cyW%qK47dJ+Qp=VL~ zVA_Hc&@o@XMRJWCVZD^>F7zFftxVay5b9gbYNM*wXDYfzECw#B+hZP$-5(*X*Y%^sN~{dr4%8wcJC-SG2#MD@n>er z2S~rXhidCJ@4+wQsL>4ZlFN;fqXHiItrAos4{>82a$;y?0=Y$RB(rsfurA&QcYvhv zFB)0D3-d>wG#;WVx;mrylgSPBkQMlq(uN3GJl0CH1V%5sPMfhb*4|@pX_naS*)rYT zwck6`dUY zY5G!IaXpUtP-~%VC}lq3uUBRb$VJJNda(UG|6Y1_U9I=7TKxQ`SpG=f$k1;J-(FWDFf(yD# z6LykYOe?qoF8`q<5o_IV_;80A&51#`=ycTFg;W7n5GUqEn2xiUu5fb|ea5t7lFchL zAD6JY;tf?JwaadCvMkz6oHH2d0T16D;f5S&zg8hzb;Z*=0ClUap@wXt*(9QFAxO^( z_~(0QT}Bo`9z~o1FL1wOq6nHaqK7QnQvIWYre)0-psqnTwlWSi+}MDSRr_ky(~rfN zpzWDi>MQdc8MOz#CFHuc1x-ik-yr%H*X)cD+9Z7A|Neg8W=72_0&G~oq?kgDGi06J zq(;4YQ{vSdx~_UeSRMI;H<&y$WS*~xdHs+R%|BN~$l3YnG+Uj_2|**wgW>_g?R;J= z)hG9-O?+(~iNC4i(72tzG?bTHw@RgNpO^Ui)+aHXZb(jG&sG7HMBy`gxPftW_U@)W z;w0s7Ew)y*3O62ziny91Fnm15Cw4pN^pHI=@CYRFMqJoQQlk2TRNsTXCZ+t1wx&D0 zzj?Kkb^z6w4@N~S$h(G~r?%sGv}OqKCjtD}PYnEz!{e|cfyb})*XelYxRwU^-mbI7 zFFCr_7T>TaZR)yJtXhc?XUh+zYA(9XL z9q2DU^O>a|lEp$Ww!3wLGZE8y!rwDa0LvYgk_nFBuNfcAMq7X2ZBnBT@;!LT1wia*d z<2ctJH|3}I`~7m%BP)-FvM%FT7atl?1BwR&71IO?DjdCjDl;^s-x185zRvd8m>R%Y47v%s6uNTKA_+ zD`%qOdw**5TF}CHk*LAuJHwChFvOFW|IpYuSabmC=HpiH-S?GV$rzj)I?~vui{o%- zmX}wvL96b^jgG+?{Ei+lc}q6d)TBuC(4RS zn)vh`wEeEPk)xoIvv;Rp>!;zc)rPI4_#GELyef>kn_r3B@M8Vb$V0aY@BA7>sJSXS zI|n$9usohCdpS|4t$jB0DF4xJ69D79gaJb#TWc<dIvAcEW$=rIZ$p2~OHyKf zg-P3dAk$~OZ56E4f3Hb*NEQ=886w&Y5;Vo0MSBVJZLy?YP@aT!q6=a`7t7_xxo+xj zW2%Y0LEY5Docav2+wk^`*HQ$<QP-2LZ(MO_i zt@{{_TNJ@mmKVf1ZB=pgh};6&&DdJi7cz7TQ-YCdt-uu%ZBf@T@(uH`~G}>ucU*(j+i^MK_D~aZAqYi z3eis;692v#U!$JCH>|7HQ7>e&Z{#~^^>-VFO|^*TG{LJdMlJSalj484E8-G85iWn}2(y&OYB-0Gsge0Gp`BtD+Y62-vj{RMgpe9Gn5 z@AGHK5%}?Z%|6aI;@=$9<^=bQtu3Hj-MZ5|UR$kM$K8U?tNF4@wd4<=!HJ(mQn&-B z83xJ>uTrJngBBHLpq1+mTMLKEo~6(QIWDjPN@NnJ zK%x?^1~bn~78k8pbbgDt(7PCdgeseM&<*Gn4Q)sYPwH20 z_{B|p{!J5!UcRWQYwR4QOFWpB+)~d%{;GqonqHx9LOBNGrS-{DGCGqcRo??#>qLV?|s8npXyC zP79YamD1YYX2aE5shaE_#_FTElLLw8rW<|g_%n#m-b?Z9gu(|xNXZqYt4lJrWGxE!Dkk<)kZedwAxvzRbA9gR zmt8x2X{{&n5O*1W*oROkb5gJ6)(uwOI*#^J;~EbbQ^90A=zu?7+k3j+9T}%Ng^#)c zRTtTZ`W=M|-nt6v?7(1!Yq^oif*&jaLPR&&rr0xXx?9gqNCl#bC7)v zhq@S|07jia0u%L)5Uldf*ge4dSdc0_))y-fKY9*&g0$~ez8dL7Ne)H-A#iyR5nA&D zn)~_^Tp5qCD`cWRRy3d8T|N*|}Vi%;WJ^hPdX4REsh*GXI*0=A?>2wUpj| z#Fu$S9V3e)P zm+eS@tgG0L%lz=vyvYEXjd|mz=vsV)74)OruXr)pT7_ezQ9!SgI>}6ksnUzV`$Xtj z*+#3{DD^g6cyL5$Tj&SuXS%sZBAnI@$I`7Sj424jCa(o6&6+EAp^P)Ni{tA(YIF2L z$Cvt{RC5O$q(C|6=l&XBn@Qqw?2Wnl_So+}MEbm|V;7+YE(Ncjl^po|&an}3y8C-1 zGdk|+r0>!cq7A!)34TyT+4!^Y_h9QQEfgvoR|*(fW49tKU+8>g{r9aS(}KI*)%xp= zEsYO_*Lrj%B?#j3^e->m)z{_q}5- z#!IBbvoAoymcb>Y0=1Y=)3&)lU@Nc-M7-*g8HZQQ81=aSthHjQZVpjFY(%g z$;W%yj51HYOZ9z(Kmg~FfPo(efxAtc+6b!IX9xF*)mELz>*Lwd zzen$>TJQguH13`i+JF=tiK?1SzYNf>W&c5P2p$6|zc5&`2!ho^=`rsouO4%?hU`^m z*g4pRBqeR%#gOlv4bC!!9#uEqj8o!k!qPT|V!YFZP-n(dm4kyjGL-coIO+H3?i^As zZ&bG{_7B0xH-OB+o38uHp~vpV665mva#csECK+3<@WK7?Uhz#6k#*O(=G$=WCj;G) zKI(h+-1`%|ycQ`GdqhJPyK7@V>2OTo<=`oK=XHniZ3|W{IFZ_=0}hFT8*!%e+8*bM zEar>isPydku5csc2$u1gWj0#Qz;K;Y^p;ck!UQ}NvfLf%CRBQQ zQJ^R(#J!xKm1_&PgbW>8_mWq6xqag&&#ISc?sa~&Xx7lOzcbhvi}N5BiIM?3VpC== z-wd|%Vwq*J2esbzr>$pKyvA;UBDmi_+iO)?Rt;+8jJ`^ znELV_%&R4^xtPN?Xs)IX@xSv5pr?fAjmT#Xj^a52V!>j(D?C7Lq9{i zq-u^KP4Uzw1su%*hk?wKORLYc9@^H4jBRvtNl$xAEDOXk>J{TR;?8pLJQR5u}Gu(;#Xsi}1!_m}<3$ ze)=KddGS~?H{^E7%WLNd2!Y-0mu+dhta!O_Lq>D;9%-6%!y~}bd#yTC>gkbf7LKEk zY1ZyR<9EKxvnoGc@$TV>p_gCoUT+jnbNjG)y=5}xb-r!5O&=pyG1>@xilJZr+jpy( zL*$PO6zhQ9#?@or%P))qEy6CK8Q|w>Sz?@W93~gh=LHPE?&`Hl#L@Hn@#(AF?5R6! zEl8v_fB06YT!%!1s=X!!p|#~7E;l2)HUC@&%uNkue13?fUWEgR%{uaTW`b@F^m*3} zVt{uSFO7)6L-ujsIG{5A;FN@aInlEC1;(3>_d%MmYG&}_e)kH2$YL7e1DU9A{nz&e zPu#a&m37bun#n+&IyjxdPA)W^f#^sk`~}&#Td+Ni$-wq=z)M~OWgFZ%X>A39R@^10 zX}ZRIv)(IwIri3AMah82u60TXUhBeenchj*Zr-ph3Z_9_1h4Xi997XQSEy7RQ|!}S z@>@kx0=ncP=k#wPSDBce;9EBn={F{Oo~efRjc%^}&` zht%coL*}L-q8&E$g}=e)1>;F{#zq=Ou;cpl>}fOPw<57Ha}b#tRpo#%xR{zJ@U9?n zSeMIPFVFk3j;=zQ?*X!SRjOHhf!OY3Em6W-c_deoHSybM=mSThWlch^QtIdDajZpG zHL39B-IZpVdTOacDbLo2Lf{W)6!g}$DfU@O<262w!%%vQr+~dnQnn)VT6BWP;d-g2 zaR|?{ZJW#I>5UPN83Cml`qq+~+SHh`tI8p7t4-BcK*QDd?d*ykZT7OqTJ#^wss~aA zdUBv=2G4U7%~`^mlaT5>P7eXN>@;QQ{wP6!1W!5tO>ajVb0~nbTvD+0t!t9lN#yM6 z##kRt`!IY(D!7?z0t3Qq&NA4>UK-&xbSJ?rl^kkot5EzoEVGS}=+>QP!o2?VxV6^P zbB_i^2FrIpm8IlO^B9GQI;5-D)njw6iuSDDq3=liu_jGlWYdMAv|cP8oZykYGL`LQER*6M{b`noKZY)#?g$Wd3=)c%~fNt8=6TzTfMUzUJ&cga62tJ?QcaU+?Hgi-xrp)!U|<* zDQ7m@4b=W7zWFrL%RMG+uI~{JJeA1jF#GGgo2qnpoPIka@RV9R&wU+lv)=SNh0yNl z8Xom^18=GN*m*uduyq0uc@RvhCsnYyLAO+OF`w_0x|tEQY(&)brN*4&+G=^jzPll| z=>8`uCN zqWj`J=ga1*wNJX2Ul}wL9)iS9d1|wY(_&ODuaWBRqkX#5hoCXFXqPS|;ac%ltU zO?Q}le7N}_cBXb3HeS@}443>)UVb_QqnVf&Su|#XhOTa}hg-ae0HVX>&%V_&0MgpF z|GTKm+Lr{K23|Zs`Kq$<$Eo?~ad?q74?Ajat(ImtVW9ZQfohjvplL=Q*_l4b?;3=U zRE^(altRHoYiXIYpIb>5g6RPNYXQH8AjVhjK9oeC>IYZE1_=r3g+3yZ3#0DfZ^p$g zw#O(_^}PwC#3H(RkcE&t$EBU~N`U|YXqH+8^X8eZSGo@D!k@b9Y6Ywo36u4JKy=vC zEo-^Rx549qhl5s{#P$DI#>qFh(}s_l{zbInP?yTKK#Cf z)*w+|E>W_dpnye>LHWNMNI1bg)js4$_853l|j(I@2iazzV*-={7tEr{0?Vc8|b2RH^k802ZmtN z*INY7glo+;9rC~32Tc^39I9Y)FJ5p%I-Y#y8oP|S(eU3_f52C;pJ}*c%N+C+D?Iwd z9*w#*tNIe4R-E1%?utTNti`+a;Lo>p%5J#bp zd@sACk*R4h<6*ajvwj!*0>MAsW}Ca`Ez=3JjnijL2GQN^NT9=&oxD>;gdR$BT*Nur zIZ76#e+F4W@Qi*2<1+Mhdvh0Bx3?g-md65cNy4?>Qzt1EqyO}*1Y*~o0Sd-AOpK!x z*Feu2^!-h{e<|8n@7@yBU z=s_!tgfx~`wR4#pmk^m88fY64)mwY(MOZvrp9X-3HzE?}L5n}p5Y=M%plAv(0G73X zhr&l*lUlzteU&{mX1_!7d(4dFxJGE@tNLoKVU<#mQkA3_%5@9EEP_#Q+sTfl*h@s^ zM|3CMkDU`PBCWm_1AE#5?9uz*xr(XX3h2HLkT+qn)Q>)03Z#&NPmkH3fijRmYGDIUTE?V*8bHtiA!Y zd{)DCM||!-9if?H9Izbjcj00CDX}W%1VPS8!n7A^_WC)1!xtYp_lDWk>@IvnQaW8n zcyhBT6W=)v*E8Fg116*d@0|7)ep}# zksNo_yQW&MkoeNB>PV5ATEK_xhvi`$k^iehSJSb7DQ#h6`-bG>Q~vw4w?YoD))=rG z`0hCh^usyKIre8j*c)!_$vsKkt$oQ^&bE2VLP6uN&7(uu4|H=qbAh(zaBN`}D!H?Jm2FLtr7}TS6 zJT|=|e(KCGz{}XSnZ_wkK!|pB?|VkWk)x7A)zOX8JA#$Jel`1Gmgf1C;f$sDf>{e} zQ>F6pRi&3gffQYo28!E#?D$NNXv!f)FT>Muq0aPZsS*}4fsd`K ze1O%5L8{UuWbq-9)qILRU1=b(#1*7iXQafp3pPtvUz!2yDit#6G+%nWm`p3496&K| zJ@e7AVo!I`{7}1zors@(p4Z~0Im2CLCKAEQ8VnqB zq_j+dPtWp@GDf`=AXA!5qaFX6koaco!5@BuLhteZ{?~K z`b|i~1$$}^_xHv31L+tTi7zSD@;e&;(qxAj%bNqGJM%C1X@whuv3b?YTq9oH@h@tu$ zu{3225>3DAiQJF=g8xVT#a?Hgqj6RRy zF;DY}P$n+XrNy1OLL)d$VGYI-#56G94QUll)&Zw(Pg!$z!P5Xz#R`Oo@^xX z-XC*+j8`H}P3Z;uTQuX-jinNcb%w>cO>{NOn+d&OBTJ@m0ZSY0Cfc6(8`=3wQ5MA^ zf)u5G`I%>P>%9WW870*1CGYdnRT$p(G3k;>#~6zP6SiF;4{XrA;Z=HLNR5tv%XL*v*Nm?gt3&BVg#Ry7AZf?cA7hfLxiXZWZm zflhQ$BU-~GFcO%iE!L74gGj>3L*EQ$5r@^qET`Q}IC&}@@|qvfivwwLR%xi_?NGMd zY9_&*;#lj4W9IVnyX(@{@gLe9{*ag+@`Ez8StLEZclE?2cfhR)9drr!FPALQ%?V{q z=L5%tLj^UsD@cOy$IAz@RJ*~>MYc;t5W^KY8*ZWb`t;hc)e#(V=ICbR476Q1>BF> z_GGcjbSu0IR*J6#HoN(nz#pifXubnB#EQb@`uuf~Y3t;M<;}m+0R_WT&a{k4!O?T; zDZ_JthUTPmk!74T8PS`vdQZO!xXf7!$dE$@adIAm^%3pl_HluWE0(4(9jG5WvI+e( zS^3Zz&O*Z{!D4|sljFWLGWMux(=Pq6iVL?^W&y)fzD)ry%K1?BbBAQELd6hrGmrm# zo;E3W##E<?jOW7x>a zICfe^@FN_Rc2LX8Oe2SBMyq#5l8Z`vn}N@0@gn;O3wc&JGL?lWu~N*1aBm((lxhV? z>w>{GdzPPvGjPSQu;%aJI)#YoGTGKw5EHY>g+B+HLMf1~$SN?&NmgMPn{-O8Ua(#L z@DE;ERal_E)5yc$x3o_s5rNGr3F>=C+LLt_dn^k_4#dZ%%go&P=bpyRnrcz=08Zy& zl7TfSW$MgUGT;}4dmoNzvqW%>^IpRkgLlOfq2aAuj`)uTsYno(l?I$E7IezV9s$|rRTG{_L_9T` z`tKwDK0dx4k6zITu-qo|&!79(z}gQt$gYpif%R*FUIBi7_tP0ZxWE4IBQ_jF3s7BC zL&O*r9i8PNB++o=uX$BJ{@D;vKM5ZYBtPJjQJx1ibn9OgX7T*<>k}VkE3fJ&y^z*6 z|MNCXF~UE_4s^TLU}nCGOOR&1*N{S5Kr-rcjOTmEadVFH8vjbQ{8#f|hRlWjL~a~o z0^MT4QbJNCwT5DsIxl18ol^AGVfdtnfNEJ65b5{uMp+oRX%F$lv|5NJYZ@DyU%)aG z+O1*;%*^gv-=#u>)ngYZWD4`5y&FlEzliv3XKj@skj>V5owBgsd(Fo~)E_f26l|0T z`Y=MU+YS_rGp(4qZG`E6nFh)dHAJuzdq1GDLUec61aiJ zQw8y;ERRZMi?`-n!MNpOZKI9_AJg5JB@A{e$eoYRH);|&ABNQ4ZYoc4@%+@o|4=e3 zhNx5z3W002fddbv2_zdbWV2g5Z1M}LZJE&Fdlu%oRO=_n`l5sX=?`Q~Y(J*(T6jk` zUN9bS5WmSLV(P*B-d|BXEVm-+gWU!RjB4xyJ@t-=vmFr2TG(pOQ&n`Uq#9#&K{SbQ zgJQx7i)@G<7Uc-~>|bU44hmqUp??wdB`_LAT?jVlh|spCc^dc8tcl#^=lzblN_+>F zDwafn*8qz?CpPR^c(z-P$u3SK;~M~GuqeF02CmF=HGm?cAAwnrIxafsF`doz-ibMOA6Hl(mDf9${Ink3RPj4_f+lK7e-R^{0VdK<7ulrMBXi|^ox)MI0n08aZKgf1(zJC=4=t+8;; zBnKG@iToBWcmcYL6u_87m**gi>}MwF3d&?%s8TA#bf<;B17(H`+iGbIh37vU#Y$vY z-*Dh*W!~LUU@ge-*mNSO7GmkmB!$vV%Cxq9o?E`|xK%|f zdV>r*moe7Qbf+QGm(u|E=ej#gaSK3Pc3&|I7X+wM8Arm7DJ81z@xU+-5X++${;0~r z5C7deD&_`8=jC$haG_yO`@93Ars;~q*q$UaLXX>_@n@Ne6hu4c2PwF{Uc|uo2)GCp zK%hkTM9ryV%vyd6@;ubjj$xtQOBlR?mcW8HsCky5TF>@}rG`si2bUZkbN}1A;xW)0 zX-thrX}ZZMf}gpW>TnqL7|Xm}@ljh;uiinAG~Wdk5+3Vj&TW)^EUl{GGyo zu$^WD{OcD@&OntFf~W4lO{R0Bc15ADbepLv2lqh*cGw_G%rt(dk45NcM%vgERzd?Z z^=c+89b;7eL4S!dWgsi8@j&m|Uo?{MQ6rn^tp97vTeqZveI^y3lMOnKG4O-!}V zYxH&$8s>1EpJX#Tv<#8qZNP>nwR$g>njy**w$HR$T4um`7cgZDirTpA?GK57ocFC- z>FM5&E1!054U>5slXG00ZojjqtzhwvwnVMC1M#*@IoMrd79opuKs31C$i!j5rM%=K z^RnAK@+mXv;hB_@YV~XqZ<%(rz%8`1wDzL%O#Ra*n0N1qvVxQ z6LJyrCjQ<-bY%Qf=cy(M{0Wxi?_>T6SHyUU^f*$HMNyy(OtgFi(n+Q^@C$GjPy)%E z+ z!{Rewa3>}7@?+Kjh(7Q4mh$+%4ND9jvo!UzN&E5AL-1A0)mME6*ah@)xc-WeegBD& zfh~|u`!C(w!UH!WUV#oDA~xaM!WegXa}_$sru%5b@ElIa=2fME2&vYx|A?fFI9uqgBIG@f)EGr&>DGh zNntQ$L=@~#<`A5{hO<9$6mQh`84fZbvR_e zVPgYo<)?gO6y{!Vd{1Ov4IMY?Xb;7@)f zaw=S6J+m*?SHtGLG$xQST`6NY_z##M>{KRj`1GBQN1suidc6-bzF#@P zwUfV3H%S9Pz8<8?P0Y@(ma}jsD@GMk|FErJa>_;KyF|dtv-XOPkzAI&a#Y{MTq|&D z#)Rgs>FI3g`=lM$% z1;ZoGqXENLxl4$*+I7mOjnB%jf_wI05FR_K%?JXE@O|S1Ix&3}Bnzsw=1A(FxK;gu zYMOO0jbxf3AD>nI($ZccsYccDpJo|J=o|$+YrAXS)_9mUv5|Cg>Y5hgvq6Ez{F(z` zF?G*$aZzF}O`JdnE^R=L!8u^`WC@QSJt zL9vlG%w{WemuK?bxsWyPX{cztz8%21fF+3OglIEURsI9)_%8mtGusVW)}S%T-=u=_ zN*hNoL`2zC%RUC^x=$p9w8H{UagUqmiM|Ck@^^ka`Bu#0(^b2wtN#;SBcj~F0s;Rz z))YjopmSvqz&qCVXjpCDO>CHZ%EDC}p~j{`x8H40{}jonjWimXsihZ zH0gPt%of9y!g1_j16FPUR7F!wkWBg9jON(1%}x_Czk8;)SH zPzT8Ck$VeAPUCtlEsZ$SEN!7rcDP)Ut1|)J8+}Xt^)KiUB)V2`Xp^=~uKBY%?bHp< zQKN%7xST+*TgL^R4afCg8KYx#rT5Uf#q{+gvWt{6FisIDP4XEv9uH+!&#ESNytU=j z;cJr>s2WcCiX_PhE}xmLW56xSCXm{FRI1u4qfQstgwK1u&XARE`^=;JI|} zf#-6@y?c-Xvn<6zt#fxL)mi}BiyZJy!R>UZSOvEC1opG5#*jMyHv?NYx1Mz9rV)-J zl67?k#<@@r9qM{(Oo_6Y=UxjP?fo%Pt<-f* zh$K5`LL!`Jg;|8Yx*25ip-k$Oc!-fJx9}-tsm2&n13nk(4K|cPwH^tAB`G*L(2Q*_ zNH!lyRdw53?hR8&=eMwUNxWXU_tp2uWWiT#n0>Ge{U4f?TMm)KK}bA8A6&rj2$dr4 z?&7@4PPnfH@$o78{PL`n=~0IM=i%Eo#(vr*6f?j(q1nj|8LGS4p}MfHPDgJpWvUaW zZ7O!o>+|zd-C~clL>s#6YQ3$MvEeDxA02VVj0xmh%>a*5X}r!4WgMKnpr79H1lPPW~|rNyX%T*Y(qCEqp>}>21NG{i?`OWnlb2$ zb-=T%4p{6@e|T%O#edMS#{Tn1%C#wu`t)b#<#UX)du<^c;4SS-F|P8dPD{E?6xthJ+{ZTRKka%=E2=#hP5bD)R5b6b?UJ&Z7lrKl9=jt%-m>GC;5<3tPzM{e* zZ}4Fpe?z8R40n7O$A{BlQxd571`l=}q>5c-gHlC%LY-xb1^DYVu(Gv!*W`C1{&QOl z6ilpw9IvAUIbM+C1vy@j3-;FJp0k@kn2Q$r$gDqGPJ_g~VDM9#HD?#`e zY{7ypSX&9=ysolAah?fJ|C(p++5HC4!w+SX{RU%|ioFfi!>9!}Qy(|e>ShE}vmhpH zD?v;c#Dqai7{r98{7%J$*A^aCpW0w;76d*);G;_r_|!@e_}r|unc%r3wd}9gR{VTe zY0{OKGULCQ*WfoL+zPg0&2neLrNzMdZA|=htwgQebNT<-yVm74a_pSnc?x7^C*#SA z5=EL)*8e=VXT~Xe?2_f($=*C*H%MaL-C%X2MQSRQ%4_8H@+2u-`hEdGH7UwE=ZDK; zqj78C;KR9&+T!ImNJ_*?;^QVw~@;YP5cUm+*u zy-<7p$K1eafb5T^{ExHgbT+N!f4rDYrjY;f5On1EA4>~y@a&IQn3Ff6ZuxsP`D6a9 zHTPrDE5%zXnIH3qkoYm<{E+w&5-&x) zEgQ1vb^bBgLQjD#BF3%8W}_y_n9OFgIh9@uDxoK3XFl_iGx^h*I+xBWQ*|cZl>dCv zehz0v#M@7@ef_}D2N&hMPZOzebXMa?%t;VkRHr99n&%|1+Fm&`XDlGtY{|x=oT2T| zZ}G=mgA(j%TM8yc#fU`+Thxe3gGNLg2No~6nbje*BG@OfW#M}4g%v?RsrR+@2ljm> z(%>swTOgfFLow_`P0lU@M>`B2DdCTOVQcfsyY@om$< zZx^%m(He6Bf}f$k{{@eJ8;}0*FJJ%en}7ZG-+uqs(dpkm{dIdW{;&W3+wXtpT(6^j zTbUee-3DpV-jb|LBUHMM*}mdpbEnA3A+MkiZ!^iO%Yw4CS*udTs!u?^QHa;0&*au= z|2R)*vsu;s5Sz{YGD?WmS&fU+TWECir<20O;SX^w=C=-`k^&&yo^H>^b8%jGH#vRzI zwO7k-2H1jruFgT_3!*1JSraLi5}PGW@RA_PrNO22rzj>cTQRmSN(iyIQh}HI*d^cD z&gUUEq05Oj%4g21aFm9_aslh2+}n@v==z08b|gw1N_3Q&j3#F~G{yl%NX2po%=Nhlhy0s>(>&w{i;%=MhmSOH<8Li0VSUr&*8yy<72VPD+F^Q3R@m;7bRQPkiUzUE zR%9VEHhXNDEVZ*zW}aaU_e{3i<;wbHe5QEx?okyjhv2f-4q)G{XlE<$^3d-B3;LjA zmz}po#oa3b+`B3S?p^&Qz`d(V;NAu9UEtmY?p==VT?lbzIB>5S80dn5E*R+M-30?( zFwkuf80dn5F4)wS32f?01U7XJ&4Ph0Fq0YqGbs@;6NhHOK)08`K)02^7OaoJ7OX^I z3kC+dV4zzN80Z31&Ip)tKRqO-3V4w>Ix?rG-z(9A$A%KDI z5g6!p#es&1&qqKV@t+BgDH$aAvoZej#rR^4)G{SLxG1?H;WSbMI;cO_GG2Suvi2XZ z-oMB%OZBlyRk^(2io>i|ektqGY0!HL+L}n`H6}Lk%wGCUcyS*AC_;*}g!N zS!iQQvWxot`%<6ej7JEEER7_0$T=L{K$zT+rsC=TFq7Q^?nHNp;m*fnMRVi(nq_94TM`C2U(Sh>BE5B6f7)$)` z_jBN0HCpI6d$Yr`<>cM0h}p|mOjEi}cua68)`M;MC~mgW8zQs(f*mx!lp6btgC0q1{)V=iAMBbfg!nWnpWFNJmFTdpA$( ziY2^z7dc^+EA@^#DKp+L_7$z)^o?WkaGDUQ=HYR#ZJ!{r#o;s%))FM5H^24rM)Gxabh%h9EZtx#3aE4OcATAEX+uVRhCd z*ZKabTzM6YtYhL+5A#fo>{E|pPNa*g=u=W!=t|9KaoB8D^5c}E6{s&|yoy<#*KSv^ ze28`kwt8QOEQhPn55& z@zUkJtiAU!WijQH*uCs{l`y$n6y)xFv2&+(^#+#ucg?q?!ZkB+Yl>kOEY@2mGcjZ# z%w&2lm0dONuG(&n+V&Uv zQNisjuM7?WG0d0q%9;2UZ=Y)|*ItjuQag2}PoZy9=t1-^+u1D2Fp94Kf-u*Rr!W|n?I_J2PEdgJR;3k>h3sIiHAFt*OzM`>s4xXn3LvHR(GZCF)_zr$s`<7oWubtSa~zNbuP^gLjVd-n zQ;DjTs}(h=v8@*@O62*&gWD5@eA7g19E@h$tv+GYc$CrPi4@{#J+4?|x!TuGfvY_N zG@?dWO(tg?2lP%;2$S$h`32)txP&MYalG*!tPK*`Xlzm_HWGHAqzg1_0K(IP7gx&D- zR2Jsl@5cD;nbdBgFv-QT%WR3G$G#HrcjQ8Etb`%Iz@30Drw3WiIh?Zznt~|r5OYBEFLhltz zv@Cr^WIT;mTfs?_{`^qo_nyxk8hIa+1>Npr)i~rBsH}lMW^$;?CoHiM+Z9k@Hp7q5 zMT%_&EA}A3E@1?9?b<&`sI*f?33+Oy3@#|yQ%sjj9X=q7KGR2Z(F7LRjq;pn!?3M|AJV(BDxVM=urfJrI@m;^8hV3Mvr117QU5@3@2l`j#KxSFwBLJ&Jk z_nIX;dY)M&>zHE*#};ekFSB2MImzOIyozHMpD025Nr8r*Znr1sg$kDc1ExV5lN0nR zx?#6hn3F(hg3M9)ugD@zi2p$%kQ4M1=j-WvmhgJb;=x%0Im%0pY~lSn zq*8%c=;goP$#0XCe|j$#wo4OY6qO3n%AeOU_Q>DN`{a3$uoH>!8tI>&%*NvrG#gJ( z5aHgb@$j^ET$ugxi?K|3br=iF#bZ&bSX;)z)dgZKUSF9OohdC$W9g1{YxQ1bSv$O; zR=vXuKU#c)>Yi{YuD6WC8*)dvlxIdXGOF%3hthI88q0q*8;`%TDK#~fvb;OpkFSU! zS5g&1z8J()L{u}JqezIidOvA%v!PGqxAg|P%QRQt0MeiT zV=_Izyr}2@m|k8${*Ob@k>~#?7UJL;K(1euU}H52NcN~T4@ll6wRK(c3$3jnGa+H2|+4VKtd2m2m%Q~AR$Qp6cU2mb3%~z6L+^PA=R89 zE%ojzOGums-K)b^40k0ek=I&Gqa+UsE^w@@AK~>n&`v!Vc`Tf3-H~LhY&{AD*y|BP zW++C?lyo>Ra80BDE{S>~QyL_>c3M+IK9#JHi=H%#3btZ_pVX#IvQZC5QoTvyWwuAu zQ;Fx909%G8Bx^J}FWZ~$&awBIME(_7SZL?1Jy|Q$_I=(&etX@lNGwsqg2fvg+c^en zb-9hHovRmwjMl(kBXXiUR^w35vS|(@TRFk^2 zOfF#AvP#qh)edUZNb#j^Rs9G+QV{ih5 zHiRx$))7H+j~d%W71D@?Y4{9{od#eVPtb9|E}O#MslmqaVpN9Cy(O&%WNvhneXH(! zmARo1Zw>Qhnk6u2>>4YWGlDteP9p(xMlfdtbH=vHz?>1x8T-}?m^uRWQ-}Shia|S! z`KQ7Db9ynIP3!iblgSwDKMz62ZvUAr#No|9Rn79(n)Ro8(r)~z`=i)d)%G*55KKQM zf$1lheuC-eBQ*Wg0qk8ZKgEYLn4tV1zHN`aiTcX-Yhhxro3Onbl`^Q+-RQIF&-hLz z?#qW?5^T`!s72rAN5Hpt5CIm>>=x-PTrP$$>J`^y5w(mKQVOCR^OwO=frNOgg4*oyb5$Ftr+Si~Oi2=v3O)IM z|MR~I3h08UToq!vk~MBM%&(IDobPo`<4XMSJ>~hiYHLI~D%4n`oZ2@2SWd)~M=E71 z;f+V=jabFkdQZhRiSn?=>5WYGmZxS>8)JUU8wpt?8duGzEEqJAA1DsX@5>Ba`gLRb zGFdc|$pX~^IjOE0-50Sy?st3Y@3Y@EwCmy#&@?XAP;KoPTQ9Gz zwzZShOA{mo4dSWgQmMZ$ZV+bv{_d*WxQ>2XZhcs;UP_WXGn%VeuNcKbU;6>s)1vuM zZ=fT|Sbgc>AYhxE$BRiLTPkya@fC`gS^<<>SUI_{`C^i%V^iQZ%Q?2PSfF+vz-97l zQ=U1G>8xaH5>qBK3n}2kr4ccXiI`ilEz~YRGUQr zq#la5sQ}C}CS`A9RGESY1WUD03BUyef2Ps$vHw<_ zu<8J-4g^*mI}QP?I*uSn)#DA20PztjRX}_Mh>rmA5gPNPuYd6R2e1D}==CqyptH|^rwu|wD4^=E zD2`o?0d+vqJJ~%wM=T>u!Jgeyh zC5pX7n2SRQZDd0omDY9^=4g{yVE!Xbxa_lLcj#lZU@=c4%t>&I{4|r}bykfN7A1&m z*8$e1nCR{Emse;!{=-Ndel%K+GE-5p6<0XZ%i;25b=0q>aKT~}vCR%9Tb0lDPRyYk z>;nBp*Pm&0B5(0NTOt_IQBkn=bP2qiv!j!pKhFIZ?evbDSvozfN*tY{RFq zmce7WEpsvRDf)rMh-`7V4#3^{LL8)NYDNfl*Yl(y1wVWACn{zbDV7_Ph31a&f*irVOK2S z^4qRitR#k#7ZV>ni5OaAzDmrR*F}t%q115@?wx*TH6=!2l}%jjk(jl+35QUX4O;W3 zcNONjH!hXoH>agh`tH?k=3n2mY&Ao8h8QQoD1YtQ)9Lx8;nk2vZ%DKhmn>6|^+8uc zHdA+94zf^BC1$19pXE{8TSRZi-ZGU>cUNVEI{vL!w;IC!mUY)Xx2;?H=oMFq|40mq zZg(D;U7R(5fBycp*@B^Tt68PsOb3G? zvW3_F`Q+c{)c(skW8xo4L}JVdQVk(3)x0+(RXQ#;-?Kg^j|VFm$DCQPMb5bTd+lzpYiyco>I2#Sjp1Sn#3N7 zI9|$IUm<;z0vc`GzhF}KDL8^JuEX7u7(w4|M{4Gz@$6apbcw zull=FbS*UklmtFnq>-oG%&_!fPuFV_qkx8#OL5YQAkH}MJBKpfOZ=ky;xt#1BpM|g zM;)VdA{*QvtJmuMXs=oG(n(3G%(kNKlo1A}B?C$b6;eD2e(&Bk77;{Vo z6sdYpl(|reh4j?d=9<;H|MjyByIP}UDTR>oXn+iJgSKZZnZ_0HVEap`o5i( z3UE^vorp6vV);HP4EOZ@Q7}erfL9Yjan8AD~_c;SLMc4+n$*(E@sK7-@BYZ> zwUWd6h3AicHOu}VONWt&WsM2Qf|rUzDw_pk8#MBQ)Hgf1S&O}FQeao+v~2Ef{<;o* zv6D2Etev{sGRVpGZrOEJSD3>T`m4nfE7|5IOx`|t%4ZM@Ihkk1=_LDe!{K0>wLDt1-(7pfKl-y!fF0^gyGz<20T z`VO^l;DR8NX#3+YE0ZYpOz|8mBmVZe^6$u)I7V}_!Z(z~dBC^)?%XSCt`GWI*C3FU zG4%5wV4L0&FGVG8@=zXkSxt?W9eLiZK-DXHs}cRam^^mm$*fJMu;Nqo)aXPFbk zLdrAGH&3yWk>o6X*M;$Dw7V5v+M&m-IEtq#s3~pr{~T1-%la__d)20@n2~n4vPJ*B&-W5ui?J@_Xg%GdQ!uC`2)au zfb{_D0oHrWSTEwctO(#o;*=__M%&lgn`(|D8`S0skF>jv4>yg*Ytu%VW!y zfS>rS3Hns?b;PIN2eb!h56~WLR4 zP5j4cNLV_Y_SXXcjVE>a-*f`bMlDj>!CqfY!6vvi>FFBb7% z>i!=WQ}F*i3>`oI(+hDQ(65LM*g$>qQ5WD-U24aAv91$f9>6?+c>wbsJIs@e6cFCA zQYZdXNzd;M|BV6v9fXb_|LKLe5Bzs6s&2=B@=+K5Q(bDue_YoI_z& zMhf`vSgDEsbmj_{@;OT*e*g$*#D5oc|BuV_bFlwA2puv0Yb?Y;A>bcX?eBE$H56ET z+5m#}zSXc`?J>YXfP(-B0S-Q9I9TJTfC!I+n)vTG77?D;_iuU%59mv{yVTfZordJ8SI8+|yO8S58_b;mr#c zq+yhIw!&ORkL1`izxzkRqW74uo}p7Q6{n(Y{iv9=f9~M@fHDDP0?GuG`Q@U_f`Q*3 zz(fxzxm_Rr8!7~#3I9DEpEvwJ&cXlVAoL*c-+n>>7QCW83Si@T4<_u01=uKH1rPzI z0Zap!1~Bb0z%&R7c)!$+|7bL%0MIP|Yvli(UV!}XAavyTuULqKL%-KimjqBhX@z@v zhgy&xjX(%!dmsY31at}L642$o(52?#AO$o~Fa8@y0BDr|O=flZ-vz{fISf4v{I@>= zpym_Z62NMKK1|pn1FV(+As_;n1~3g^8o;y`_FE9h1oux}_;0Y}Z#MoP)4Ko1#bgZr z9|xhM$A9|+e%*+#59;+`JV^Ma2#_5hJ3w}i9@&9n_W@8l{u?m)n+5)xT-5zPo?e`T z{`Vksq00960Exi140Nw}y DROiN& literal 0 HcmV?d00001 diff --git a/assets/loft/loft-3.3.4.tgz b/assets/loft/loft-3.3.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..21921937437639da99a30335171a4f78228bb15b GIT binary patch literal 6226 zcmV-Y7_H|YiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$bKADE{mfsnSMKR)Ga)6}veRm&cdn1)_ITx8K2wFHw&)j*~RThr}Wmiv_UQ7Zza3r>cK4CqhL_lBHj~k1`kx z21lcj`F}7NwErLOj}E>Vjt-B8ql1Idqrn%0;r?(m`T_>;g_>3=q$1*r!8^Cr?%XF* z2xD9kMLCn>03arcqIAzf zCKxVINXpq5{{G+J52OA4aPap|V1X$Ti4Ldc)PUslxv#z04-%BIpt&-?uP`nI!bw_4 zg#xbTL{K(+2v?X+!z&aE8Y5hg3}sGYgiFB}RAZuS281Q>oC;NtGyso626L`ko-38h zalfxAh~zw=v2M;km3sK%$h|Z`{gltR`76|aMRG98hZwR%aFLJ`G0GaY>)=Rs|rBrimarV(FbM%BES zlodiZR)JdPI0lmEDUA&y1|@$SL3|P+X6J5u`A|Ic13+U235M_rLBPGBQcEX14R- zMYj>J9{e49Tu1Y+J+5%gxm1?UC|f36tEEV#NdO+^BqdUgfz2p;Wf(xs$I#aknwp;1 z`tG;}Kw>P=p$%0k%|oa9&ZI0*j3GrOLu9d7<|@>hDWv92um{)YR}gbHrL#g9!r>)V zb082GQt=G5A!O`?8(ao^@PynTNNsS~$<%EFzM@h|$OYA1=8oGn-)o{C27AEO9K}m2 zZ8bB+IZy0zV_eTS=zi(SS}>`=b$Df}J9--n^^=|nmC7g<+5o%3W%L(&ukI`bpgb6{Pl*0dj5 z9&qCu?72VQ219~VQlu(0f-XW7{IQwse)&R79G?=TvG5 zPvDp1C+Fdmi;O5Oo2N9z$e@W+A`litP|a>e6iv{`Urc~9#bL<{0SdD`B?@J<(mGH% zhS@w8+Je_aj9fIHB! zo$&>GrD*yIm(Or&pLkiFElbAG#Yj@G05t*6^_c!3c;+a1hQ>|?lJSBmEor;fov=_R z8fFYbQ_ro5^;Jrn9YEl31xn>aZH5^a%Q5U99zCH}s^-NQ_6LJ307z*@+mNFlYjC~& zUULW+JS{TKTyvsomV)UKCYlSn2z0f^@bCY0p|jQ3A~n2QqK&z8gB;c;rmjPMW(PWB0F{N~Yn-DeLufanY;46j9tRIro(&(ws+0}tUFKDhc zTG?HaQ^TU#`xXopO6^G3%%p||))Yc@1B=A5<+`S!b!;Dx8wSX#UFTHsGoIqu{|LQ_ z*H$yO(^lzP72RP|dN~(pFsI^c?Rr(|+}vId>M~ICI5mSsF-?F@T|M~zdrz_J%{rUG zuj`A->e8?tG!~d3Q=HcCL5R7kX~ z+8Vo#(evXs95{ivVFY&_!|kKE%Q#+Ym8j-eNbsStC!A5m1)S84V86!Q%T6Bol~0U0 zQZ9T�=FX7itXO4!#{!7JPurHmHR6oimaX=~?#E@+A~OaNs}Qaii`MDSdiuEZoK6Pi**jqw`l zCM6IFjI&U1t^(iEiEU_ATY#=}ET3_%D*xOJ-2+4N14x?2q94kxVRUAV5pA}^u{Pvf z)%p;xiSG3$DWCK+qGf&G)U5}byfy4eaY~_K)GO_0>D6e2Dewgvb6BFQWWy29EkTx1 zs8zc!aWd!prlvQnHGxUsUUjHG&-~hASE7hjp;d$vEM~eXv*B&`%+5f}6aBZIf5}sX zJvgz$h*Ud#@T=quxbW{aYvTf4?6nO&h6E?Y?4f!25Kss%f?V*Vh@HcCdofWnNu@d8 zzj%6mdKIZx>ed?AzW*~g7!F(Uzk{RE@IL-`7v*|R*o}7Tj2hLtjijk&^~!70nh4&! ziGtu4?fbc18Er&q`zSGx&+Nk*>@|lJiC~a%fj}m_P|mD2kPktLlhw-vBu{qG+f9Jbc~=y0@uzy9x{ynfw( z01KLpL83B&Ahpc#`%Di@JjXFS=)ZXr1R5+jvHlS$Er@B6rc3y(AgS3Q29oDSCPcx% zP%Bgx8+Zjr2gY!aFu|B;gIe+o;iu9aHMOiGCV>dFK?NTRpc1~G*d2(+7griq3n-am z{7n>`O-qSnkT};~I!nboqsj(YC#X%GL>pAZ5bvlpeSG~o)E%P?p=S(64WQrmAat*D zL7AG`*VR*GiTS%RNSavFwhOnkU1)1{t!cUGS6?(}pi_vfwbKHNocn44%Q^a*vN$c0 z)lNm$PU6*DtYE9GBf6}kSz7Qk%u~W} zT{k>7Ghu6}NN|z!fPl^#9@h!Qfv1-$iMOv}*ogRo~Q@!|9p|hH+KFmFWa;-ZV0{NKV}rj&bgz zn{TBSHj80!Ls>G0CR}BI$la1vxhTe(`71lHYpeZ020}Ev3*6L2IBb%os+a1NXZTbgUldf-4^LbPU%gmu4bU6Iy@U zK`A@f<$UTX^@^v(^KU=9Hqv%K$6Mz3yU}QLmvda3-`bxaT7JK4Y3ctMg>u_lef!@n z*a6$}zlZz#E&YFVbau2Qc$rTI2< z>aS_Ndbwvd{=F1+nVOA=T1{>;Cpbr)V%aGVE-L@Iw*6fS>UJKht=u}k)j=C+S9xm! zJCLrS=1=wA{qPn*({|5@is$Dw9(fxs*<#S^*CtJ}sbA~4lNQXxD{!{76bNoMNPo@~ zqR$e;29UQ27^xP*g+jk|?th_D_k8fL+Mq{9B^*Z^o zu~Islt5<8b**UtNVa-UR$S5;)e-tFfOB9qRR~U1a$T1B4RIYC9bPaCT_D^k?eIjgk z|9x_8=b-wRJ9Muun7$?~sYa@n3)k_?Te;sfYuN<7#;@*LHEs&)@e$3WHM_X1tDc)a zouq_jb;H@1&NN#$#!Ute4MA(y+h$TQ%hmER6(;*=%~+NR$K|wnjLw%T@wH>F^;l}z zGoEEc>*#;mt;mPaGjP5CG|)6CD6<~d?+v=WuG+?+-I}Z6s0D3m#I6ngR)gfbt6i4n zEcuaXqziUclbh-d2UV1)v-d4rp-TbVg!8*P%4YrWCAq<3V^6*td^cD(tIdq?8kL*i z+Ww<1E2-nYXd-_^)m#xS33HAlRrBAQuewHmN@!XLyq*h`bDkz+*ss5)j4Ddf$C#33 zDeDfKi?mY=c23ZmN43#tW#sP)*fnmex%+>qfkUYqEbUt;_Nkg<5Hzih@R2iN@)+-6_k)Fn~Wb)q=H$Avcrx)9EiCm`Zyur>o1&F0w8n{qUE#U}Nyp&^Ur3trmzVws#c6qfqJGxKmiifr z=6X#8&)X|FgyZw`-3TtvRWxV9JpNgts66)a@sBp&V7(__LSArYk8G4@y4HAP+aJ`G zv+=q%zKt4Zq$=2QPqyY6l|DqTuC5Ih?X3{0omqO7SA z|D>zA68g_HrFe>>9a^b9>}s%HXG@zOIvW1@mDc``+eCEkZFoDmfLr(fAGPoQd2~3u zKmT(l<Xo(<5~bg5r&`UNyIqH7iE*BLbgc1KFp zYOpGAN2eM|Rn_A=NvitL?El%9Zux(^SHW$O{|CdP_Wr;AaWDVxqO=5*pZ}V3<{-X| zPHK)-bbNW{B&Ur2NhI_bs+U~cXlK4m>+ZXo&3dgQvM$)5F6p)bPf(FzeJjxFE!W)U z>@(j*R&E1-Mwtq}^Y4_gu#$9OE*vRwSGUaQ$;t(PwG0K4Bvk%#hu-L5e=z9nSXUz3 zSeJ`g|0PZ&k8e28*QArooizPon?7y4se(uzREGCQyMpbCnUZ>mb3#t zje{KZ(zv>)S&YfF@)Up-*#yNH8hbzM!aUn3x>(n~d++y0SDR{O618V%C2C*Zp=ep7 z5iHrtCG{(hI)K{&@cSImkGr(&zkCtj{x!hc&;Pgc{|}BH-P?b6Qk=~A6RA3FJFSc! zTy~}A{D~aWGAXB>UjG)UkgZVUYSk4j+@XUz!{+r7sol2aXsKPl)fIx>h@p&;j=Dks zTWvzJ8)Ns<(*I&Y;=a3gLhuwPlqK3We54 z&ISFw`-J{Ub%*OeENiUWB&g2Vmv_8=dJ&WlrUQz}uNW)y{glR*jLQk%pv^WUkM9!a z(u>|DI<3rjS2V4C2T=v>#wMpO31TgGeds0dS(ldlx32pwyMWvLztK_K{~H}Vx|jcV zQdT6Kxn6hkEhXl@`i){=xUVSug@fxYp}%^HZ&l*g63dz&e^?t!UJLoLgsB@pJUh5c zm0{HpaqRU6OpZp#;+Dm}a^FyOv+p}_WY^a??)kEdFT1}?vX+B3gMZW<>h7=Z;LtkH zb+hS*me{vjR`maEU;eg({$IWSWpsFObg%#KqHH_C_b2khKCM)+_rB%sm((p^65!F^ z>SY04NIzzI?qj7pB+{+PjcX*uecP21S3BCrc;dEUJDSqiE*wDBvvw9;_mS33_ng&F zwr(XrZl~aVUyk;nCE9&?o6@cS-7VF(WCm=D|Bgm0_rDE?kM8yVU6hqGPhD4vZ?OY> zP;!^ews#Cqeu^I1THWnO`F*JHF5DlpCg045=5*O*k*3z&H0`yYb!~iZLsM>m?!#a9 zhR@BVTmEPEYhQOH{~xWK|2Y~S9p20TyC~i3&VLGS?ZR{b>#{N&|4=rIVlI#ykI5F^|4c(X2Qc(1=Khi-jHN(ua!3UE!}W4RySys%h42H-bF%|0eCq_ z29tuO=EA3(#5ZJyG78-1(`AtxIRcy4f!hWJR%Q%DQCs&YAA%kc} zRp0z;$q%B*@1k%1^$+H=zW&Gmlnd6c5KTyYQ{?8`hcb8&$(MQXAexYy;6bFaJb3Vb z!5%y(g7QMb+2d0gM7iL(QQQCD zKRmi$|94W{x514y6a;&FP?=s|!E-89K~itQz!RI?Wj@nbeY`UWLO7?hxq6BE-*zo& zK89|->N!pE6`iCADZRnU_LDFv6l6s_w;v16`AZbjA`L>gN)dB-!V}cuDK8YzByChB zEP;hZ7iiVyit}Uu3WxBU*r=%(8Jk|93xd}q}k*cS;44)xMmSZ?6q~aMoa|b}+ wF`E0SOjuc?!Uc+@nwKBmPdLg?QPSR*`*L6I%g0szKL7y#|61vHvjCg`0HM@9mH+?% literal 0 HcmV?d00001 diff --git a/assets/metallb/metallb-0.14.3.tgz b/assets/metallb/metallb-0.14.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..372f502a6510c2359764eecc8a0f15ae4a3187c4 GIT binary patch literal 38876 zcmV)UK(N0biwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ#dKcKgi6>^^?p8AoraTExXQ9{;;V`AP@)yA_9Rxz(gEkJl;NUmpg|5XnN~H(IYw23Y-@;eV`3n^32aEYg=k_i-C#C` ztBM6p)C6aOt4>ec$|YOPZHIkCKe$ZV*gCUBUw!d8qU zGqE&97(s>{Je&$8Xd5H9#bu)eZQK8|R;}+=cS<_4k)PQNvbE8~_XPJ3{9G6R20l5JO8t6d0zBk%=rd{9r;T_B1hdkN2vldB+pM|0?a;cqund6>s`5$6&;$Y*CAJL{ zP7&M2WJ=ucl`&qRs%=e6f>lPzoDv>iMix|4{|<#M7Z%Mw@7dGAa~ zgJcLUV~QAW0ycwT2KATC-Mwb5Ufq4U zzq7YfukHRi7QEKQ&%A3goe1Y#M$?N-qGB z29v;#j-e*Z;TJ%o2y*1qHV^}MGsI_zie4HP6LbR5(!qiu&^tUh0(5~z7lBi=2{>J# zQpu*o6crat!DSkSHUa_jJGl+0>)^txD@KMInuGusoK!S|G18>{76io!u!+v9ppTF& zoM09C7zKZhF&TSCbfa3|)`_<8jKpnp4~5kjtWueKMq_nlV%eNvA_z1>DPp!TcCBf! z7w$Mom{o9qIieQi#uDL`95M;Sge!0dEiQT^$SZ~{0OZ^jlATal_LqbXYJ?&Z!jw2w zepOsfC;~RQLv*rGXq&_ms!L!SLGffFIVk}R7v>h=GlMCfftHv77)>~U984f)NN|K2 z^Mk;OOMNTJS~j5^j0vBKwmB68OC@VD8^JlE;LgApV1sdF0moif>>yfoeq9jCo8aZ{ z%Z37KOaMcC3#j!41A?)I1%JO1AVgPE8sh|@dz&!DKBA!00$3Ula4cE;1z<>9P;?e- z{B^xiD|xlV{B`FWlat+%4<=byTnY&F&1u&rx~l88A8K1QhgWhyEW&|J5knT=0uV5S zCx97K3n>WB!c`N~S2ej{NSEWF+H$ZSoc5IzQi5b%!~^tu3f%qX($V)h9_R#F>}L*U zaH+7d5j71aOfCV~l|mQ;Z<);iBj65!sj)=B;K?-{4e>Jr#1bqb_{yIYuF!L7$q-!{ z8Uj$$1o32Nz<3ovR2HS^uZ2O8F65sD%Ah(@Mu}gn8g2)?c_Ui_Wy!mVHEg1vscG#l zvfs!mga(?gIv6IF6o#+!{Xlgf&MA^|0&gKweEbXsbYx?)a>n%s?qR^q66~DR)Bzrp zVn=+CQhy9JB}@ccLPI%+oF3e-gr*Cx2&Ni!T|nc7fptWcJ4jTiNJz2@hg0R4X;f?S zg}uP|f?z{iH5F=jMMsj=32=()0r@NdDEk0np_HZj zM*PNbjIc7B><|LLD+ckYEYt*_zs6w&)OI3}pt|tuzawMSw5;UJN)G81aarOc8OuhS zpbTxh8qm>>ORele>Z`hj#SvXX?1?9-HzLYTcWgx#t|R!|6;Qx?+jLv_cO?P=MG9l3 zTcwo(Z5ywoTv2uf7^8_$%Z4S^fkO347z#j7)i5p z5~4qAjc2X#H_#doBg#!^!6|b7koKHcvbVq}BJY!{JlKv4HT4)t7p zog&6A2*K_98C)>#v5lF>g$Hu-Ns&}~5!83i3Nfk~ z9jB)zB%V+k4z@tUf*EKCMzs_+8={!L0F??j@|(nD3NTtCTm@$f#)augECk4;3I2o_ z|G5SJ)X{h`6+aAXLd5@K0L1@@QbPX}Yv?~MVxd1vK!7_H(3(ILR(={{n$XglVB5z` zez-&986opCqN678H}~agI=(FaYXMh6!@8R>Az*4b99sqh@ZtsdzlG2?gCttmI^?L& zDdcFns`8cX&=ik@qv7i_z?`x`l&vbb6ixi?yRa3Y6O9Q3HDq(PeMjgV6R5KQ&TQL< zzWu@luK=U!)Ir^S@B9hWrhJcJq0@%47tR+NeCHMiz=Zex1)ZWMXzcxG@a@ooOK4z0 zbN`!IF$7vnYcJyGagCjrXCAt18>b{-GqS+CU@_(QcVudC4?w{hM0|@8ILg-@G^eEF z$JvH3m;*%s+yYQRG8pjoIi0u-xxL|RpLjbjvaZ^&mAkn~rmVCd4Zaf72;DmrpbP7O zb&1s@goip~kulL%ewiUdv6baKv11q*N|Pu9wkMFzym|P3_`TE4=`oiC--R7XNY0;!AqBuA^`I4hG*^**FZ2 z&Y;kX9%d#o$B1Hs@w8z!@u6Yq&c@K|-TlBzVV8wASJfxApYS_cT|ho-g7P-v+O~;r z)i%iO9IeW7L^Qn6(TP~MO`wdvN#vz-tZMC4N zC`j9?G3T!eLwws+EMYVprSSr|F9xbv`R+(<4KlTx6w*Fo_|L5t!ic-YpA}VcMWx=p zkns#c_Q_o}xosywCwO2u@vs3fFp&VVG`g~t0FfXR;KP;g$&jy=_W1l6l-+;{wA^`+tIvA$8{x({ zq}FIf>|b%rr{jW7s(o9 zLY+ut@ylJt!)X(|s_s=A&Wo_-h=)h)I0`8^|C|XJ4Vi$!pb60l4N||;ZWx6hH{p7w z{0IO+*o5eb^!SN-sU*2itgKuQc?{PHbwdDB3M86L8da{2DB+h78@e3qj$#^zdO-Xs zEG-qN?lXuZOan|p5tf2oY6dy%mRn0kN?95zy#T)?1ZF$opuYmB;Etg-N0z_We0Y2j ziB|VQ(;&v=&SzKItnc0zl$Rz0;)pWoV<+a=uoS|QnF$kE$zX6L(;VKemK5&I#5fwK zUr?}zgKgD|l`|K70Wn@F6Nwp1xq+^@^#w4AE|=L6-{g0S|BJ+bGHr%TSpCR|wYfHO z;y+*3c6K81pSwFd&+(s6@_a45JhG1)o-yBX}RnM1C^WL zgWm(7_GFx5qQhhKy(km4AJTvr7DrP=lYu0dK@WlxvRNJkA!=Sd2uRo#D-I%a_%leJ zL&;PEW%WC~JI;qN4{F4;iG{51H$xp~NLpoQwuR;>vKFSASrFs$mJmVX#Z>$-tO*hS z-$81L|E2du{IH0H-1!$pL7JuO$cPj=I79E6wXtvUUWGn?-3mkEaGC@HTC4L(h_T!! zNk(mDm9iEX2j!T0{>a42x4zdzF7^gQ5Q!B?LOu&h0;_mse3m)DcW}i7Pn=A;gkPvg zUGaApEfFn8`VRsV+IWmBA{+%Z{P7Mpk=VL+u%Icne<$e7l$eGE; zx>|Jy0lVf-@W@#P5#1s{9>$km<~ZSkop9k#78rNeY(vypfxi|I%Ulcq+V&bPD(}dN zb!u2yt$DE*LAOr4h2TVVTZo;?i<^pxn9(uRGBA=S>WZP0Yk(%I!f1nS6;CGG4NL2E zJ2jDq{H1M1?}F$0q9@ND-p|-6v+&B)?LcS_1>B?I((XDYVyZ-(mIdmBkF^v)DQ*vC zTCQa;Bs0ILcR(eF86rnhQW!C7kg^5}#8(2jwz+HXXE_>D4FxZ*KBwC`XKOao@xXF0 zn-M@*hI?3qDmtyl>bddE#fa;MAU}9TmBjf8#U8Sxip4T#+0b!o6Qo<5AkX@au5F^I z(H{b-T>cLS+&^FrL{77Ok9qLS&!PVPOY?I$xcmY9oDekscarUa(0ElLbzv6TWQf6u z#JxWXR#H6srU1%V_5z-h7)NFdRdl#wAM+eVAlU_1_T%dFz$Q;4kUf=(^t)K^-BK#b zKBGv2b3eI7S=2Nv!<62{T2?7|@06<7YAMAMsO!{D+_y?WIg>^pW0{;|YKAaPe4m1U zWZCZ0Kf$q@1UUL8)=2i|T1vHY_&~&?CT`#`#1EoGLgG8o8wG;WAVb>b2+$%jF;C28 z4@}_WAMu5F$_8s-{j(L*p0OP-H%d@4feR2~95I?w8N}Z+3sU}bs?Wtgwz3%=>;}Dl z3x(m-FS5__=$R|wAHoFWSxkC{+wDV|Kk>INzLL(KNhhGO_XL4nR?>nA`C@j1Hqlg#cr?DvDrQsWkQ;ygEu={(UZVhI@@9xL zKtDXHKc-ojx-^WLRSD~@$jXW8SzDe*z1F7ob5jBelQ(padaV@aW@g}F%BhH)Hl4D- zmWAE)rFRCOdB-fQshc7o1+DCm#*?WR-Y)UW?? zsj&YgANTx+mz{aLdp>CQtNfmCtc|?<|Bd>~*!hpfbN>G)dEB+Q!GJ~Xyc2tFa$A*! zrCKU=$(_uAtU)V~X4~NMK%2oCIO?$~xR80H0YwvazShZqE3=P~$;8kMh=EQtRw5Rd zk-K1OX93_@<~;QipZ~Wrgl$AwmD?M-3Lt0x?>8EIk@>&ZXw;tP|5H4lKX3mAmWJ7s zC-^4@M#2JlV+yipGt>mXZGZh*5~WJ*dmCDMEIGCef2@|Aaup!gXvjYkuOc!l{#SW| zzN#*q5esB5r*Saw5_|!iE-Ve~@5rBq*h?uhd2f=9 zv|p>GlL>Hg=_?@q@oFz-RLIcKv3hx?R3PtQn@U(e*?>!2W8%>=dUt|Lv()cJ=#7~N z=O>AK^G)#q^>Os5pnz0+ibSfei)ZNNn#kGIu=oU&|C3ezla(W|RHMb&EBR-L=>nrE zW{7jAjTp&bq6Ae+?%HOIsx0LXX|yXrDy!d40v+(h&8!H@|5XO%+w%HTh?pj^oa_wg z7&`mT62%$9W|hsdY1@& z{+v+d3;1h6IEr*R4n>8+=#}wG0dl#9bIDyfNHO~%|k zULVFgIGvKXHYUhp$!WcW{mM+sU|K%`T{v#Hn=_>z- zZWGE=jfBwk5D`DOEbl^-Spmxam<7L;L%0;hYeH!zYA!`4l&0Y}p)?CU|8qH=M>6U5 zFq#PwT%>Gp4y4yJ6KX_AU5wHXq;deO?7|t{306$$Px$BeUKITcJ@NH_K)Y?|Ho)xl ze|`Vue$@ZB_wxDvzo&W9%`#_yMOmEw^~un-+4iztnj4nh1TAk@xg8% z_A>esQ$)r)H=h3ce%yn2qGkgBj+s zo6b^J_L3UQ8k}516KB?nks{DI0PZry$(jbaHaiXF{!S!xdt(PZ&!vrMSHb>`_K=W5~kn$T@`-sX`% z8n)zvj3>|(d=PIsaR5TiMKb~TMPv7_mWmI3tljvEGezX*cn7LJNRFuKWam4kP(v5t zJe9RfFG47OD~M(!qq)E_T~0>8d;vj9#Au-T=@p$f-WA$$)>Nr2L120Z8kQfc{&`@* zfmtOvoPsY=?`zmmmLkAnp!{?_!CD@#xS1fcut^4yBASwMal)2@h25mv0TES6K_j7d zLhF!DLl=EiDnjJGDYWzof=!#|c(~3+EE}P0hQdH0oD2 zOlvBoD~sVF-UeP$1od+ZuR<3gWli)@5~`#zOvrSuo*C!%G2-FtoNUz<|BCOxCrQl2 z;Yv(8o-9$q_$E{gFAgF(!;8QSRS83jrZg`CE?g%JFP=KR2*hZuFwA)R^dc~$wH~ZE z!fD8o7%C}0{rBXk2*#UXsR+ky4LL*nUBcrGe2DwV4JnR2M@AGqQnz0PYdOI|fE<#W*q};uru8+Hh=OgBvJv zA)Zc&9ez^*2dAfDFH+IH8W(`l6-l?2gTy6X{A&06Rr)e7v9ws~6It}{&Jbf_ z>UlR~U_6G}d_Ydgl$~2`N(tTA;3b>60b^a&joGpwWC#aFEmS7MxQ+N0 zrf`*Xe_OO#;>JM?tEc^Cd&*kHchJ_vx43K;NXTK5N z|8LZGcAxkEpX7-PbZ^96mJurtQ0{X`<+;TPB_>$bs`Z^}4TQ?eGeiIrYlPl2$pZiG-J;>u z-47CP=qaOq93QEXTs@Mks$`3zuWA+6wse~qj^Cz|ytk6D7gK1M-JITTFWtWjj6k$% zWM!D!bS!1J3n=!XSxRvF6a^ZYz3XC0eIc6swgZgrKDHyuN*ICCZJp~ytjEBdW4w1NV5lZPe~*8g6sa;|K^36Q(~kNN*z z)^?uP|4;H{D3VZy{D=AgLO>oS&mL{-7VhKvW^7LVhnunyz>hFz(;*cwX{VlotP~%x zsuUbble+45jm`$HnurEHR@6O3P2i-h>-$ArD>vx`pQ!>j1oD6W{P{EZNwJHt!okv4Wp$q6fBVzkUTXnX^ga?d*ujTUGx7>cBLt1xG*s>6zi^-lm>M z{C56|-D=oC7I!vVZzYu5F(LT#M>2j>&Q1nX{wmZ)-GMzJvedxK|-DH z%^Ju>1UNkcHX%4%jfk~rQOIf}vYZIK02_HlEtI4yfCO{e-$NLjR{=lY*E9E|d$_PG~*4*2r`d z#Ml4QJG7ylfA!?#|JkeW??&@~@4no5UjIME6Ol}E@SS9UmGynJM=D?V!(Fw_4ej|m z>&~E)7kns}|0o5WyWoR+DKsl@1#XaMvYc}Cf)C{>;^MQ+=(h#R(y?3qBOkU!^e89^ zqd-*`t!>63UqpbYyPk@GK}%%uNNqK^@(RS{jzHZsqy(gBYRI%f{z%80@GrD*!lpyF zdq}#P3!YIR2vO}Xfe+7*V?PP=N*=M2lgc3Ft@3!H+muWUjG`Z=Hq@7ha)TjLuvh4_ zoT{RX(E5>@hMnFVZe#$JHySN0dBQLF;T!V728f+HuxlPXjH0&SGh}f?%jQi^=E$OG zX`s7g0TAzVf@DvSOlo%r$`h{H@H3($o_0^_f2NdkaK|AVq({Q6o`WxW=Z5s$%Ae)9Buu=+v&dvQ3Y1=7~g~Ei=EE6*k zku6W8`zwp@CF&lZ4fbK8F69(Vau%$INjG0_K2**H!A33l{0v(@u?k3RXxl7~fPaN- z%5q}8p#C^-h8gdXWZu9s;CtzYZ!4$r)x)=v+TTdqd;=-{?KHX%`B7`4M@0y3%FE`5 z`lSZ?W#CjSEo`n95K{bMQI5eS<^!qsJqK|U>)XeTVAkC;Kko3kbo&;uxj)`oZZiSE zYxHX!mWtafc^vgU2JPvs(x(};K))U}Xhj71=fK4^-+RyN`SG9l{;!*L+PQ#i0|DSU z@!$2mX#SV_%i7NV^ZxHsJn0F&Qg4WhieOLBMnpzIt7b!H;CHziCM)q(gnro}-1*@g z$%j5t92ZYDcAGE&pK9QIb2&C@DP;RLL-xIAeE3O~{~OE!k{ACYzD4r??C(71|9O%p zYx7R>!Q*m(^g}=%cjmp~wDn^OmF$GVAyT^HX6@rfMd3X7*il*o4?liX0Ahh-NGN!W z+&@SjWuD}VPXo70%!uWllMiJ+EliQrgWriqzvDro4`?7WthADrnKiwIgj3;>bKws_ zJNbloUb50c_(sp_=O6UX1@Jj^i|YDWz{dzuLL*P5LiGj;aKN6>rqu-WND3|)VvV291m978nW{*)q< zH*`C2=KKv0U+xvPKMwCbGgF+Il78l=Rf)8loLZ$|T9cf_Cb5&_Xs; zY(bK9>EvTI|2I_iVKeRVble<_qK2kxtc00l?UX(18lIZk206KCf-bR8DU^FZ?bLRz zrBuwo3SZs`=@jvcbtrZo!dn+J6#T=#SMHeDG^e&8l|cL#{C#H>7W2X5UY zVjEdh`JSqOnsrq$!~P?eR#~7nwYmznv9SeK3eYE9V?D2>{w3E^nKt?ZZd&>=%;Lxe zoSU(X6M+^tj{jLL;wvVfe$RR9w$& zd~^av@rQfd%6s7%FY?XbD@Ws+^!wM$=$Nt_^@C+~d;pf;EVE;=Ct?5BS%hyc1w{7# z?_RC8zaPE-p;3R1|9O(9mj89c3yB3d0W-KnfX@&^K*r_+awn$ncqLG3PACP$0)h$n!mgHHfVXgI zSW{8M1cn8mf3uCcyOx24gliJrn5@7U&EV1?lr?2?8*~p%8zUf55^zjH5zrwrg^?F* zY3*Bdib(AVr4^@zAJLuTcF3WJdxOslFqj!k4iDf6V+A0G$S148X*ojLS=^w*d6=L>d@v0klMxU~Yp0gE{b! zY4g>V%&f$TK-i{;36lQ?E&Vs~!ee9seZdfw6HTV<1my{(2RE0tf!LJmfE2F5Z$ z;TS1GDlqc4P+^c(bzc%RUiLXSU$XoC0-u9!=lVD<6T*59lg(~~fJ zqQ9|-_s72X7d7nQZ)@uPWiW$zf7piU{l>aq#hOw74`fUOe~ra7^!^eo>wmMy)Gs&D zeM~2CObyNZwxmv_5MfRxfQyMpY%zDlC`n4sP?R+Q)2Lx{02iE?kQ^}nikZ*34PVo9Khxk@? zjJ+uXP&okJoztMgz-vcwm%ULAmW~v+fm2R0KpNO`fGq-LDhHt1bUq3$No}VbV4jrv zl9#gE7aW$;gkZd!B9b4o8&X^vMl@1Hv2JD&#m|{V1e52W%edgmK&b>=CVCzeXVPRr zkrOGME)GA3bP{k*2?nR$gwk8*^_w!M(A{zKj72Vk{*3(9(!$3Uwt*F$AE1#E6`hU@43^sTo&fL7nOhiFTc7E~J98;*>JQkWNvc zJMsvtuf7>vfy3hqrzd9z?{7P;{+oKOv0DmAeX;r%l>>%^R0L8Xg=EsKNC z9I@v#;;ImT^u6&G9n;ZxF`WwJ?FF?7Lu^ZSOqd_cMw&1lAt>KbXqSN?7F1GA(jOQW z;|RLCmQ2)Z$1rvExNcCSalG0Bs5-5>B5?`vlp2;UtW7DO96QAmSE9)`Woht?4Qtyi zUv?X#9-dOdLX2+}mZDn_W0!p4W^F_#fFh01K!a}GKy!g|pi&Xku1qPkXP{CJ=njie z6S^&VuW^pZ+d zShu3z;;ms#1g#xlpEK`s@va9=4hDv{&3q?WOO9P16+TUndezkrw~hg!Ji$NB(P|6) zq-0w2O^jOMETW%3%L?G@SJ@kkPw> zaX*#IHVzH}&I0~UD4~hoIl1$55ZH8yQo|$bJBcq(WJ!ppZTf>cpwsKQnC7zy1BOWM}C^uzWJMacm!fv-zU=FLWi)P@B`>vaQoC?pbq zYt5Vy9W}vjqn5>b>)ufw?@{~;a`(|(r)x7Ey~f^t=wmk2qFqRlZuN-euG*A>pisZc}v}pO@#gM7RGnBESwG(7CIPEK`l)@yU zOhrR9MDYTg|B!}bTq4$(M{d^rfY^Kij)-j_<}E}Gh=cxArX;iYN{#7^hn%)@sf46o z1?i5IsK&ak*>a2}v_L3{qY_ux)1r z5f%`sq7x|fcEE-V(I%+ZYVl9b#(2F}4^0EPjBJ7rWw{h(G7VTo6aQ*9sL<01*yg4! z*GIqkOC_1k$$bJDznJmOBV#K8w+#P5*n zgmsp$Vs-7-O5~1&S)0xr1sUT3Op!N)6CkMKVOwQ0k5sqr%XP;yq3bE5aT_Zd8Wu;s z0CX?x^FXNpo#WE(2PU)IA+P_=i*+d+?{pf0!zCqOUr?eUWxqO3f{48qlCfG$zPd<6 zP5!5+dy18y;Mfa{F9PpL;rieLC0#Bl1xGXifrP3F?Ls;Y zutx<{Dq@zrDYAymUz}nxJw;1|!)m`$!DL#&;)85wJ<5oweh4wNG(_bRDh7O9(Zu^; zA2KTyAB{U`MWc~bnFMEZ_q^4zWU&Krl6)jrmcRMG?x1E#I*!)khb++9dltfs)_UZXStKGZ3IB6Az z=$UV}p{G*x@c80(aD9;gFlZO&6DA(b_MjFk^H(gZ)j)iD5Vn8TFT7q?Mv50#zMcx) zfa9maHMC299?9!z0kj5+r!qy1Evi&mdHYkT~IQP-5Ckwc3Yr8 zP-MJwx4aWwSx!5DFcS`K2r{Li9H1r1QdbCKl zJ-F>1Ttz2iU^h6)2r8f{AGGz5=Jt4yf=*JCAk_VUw`5&2GJ;%$CDyeha~x-d+-B<` zQfN4e?FGg0b4q8U_NWb?fY-OkJWQW9DO2L0b#~ItnJVgS|GJ-ATCR}#?cV6*s9nHE z_O15^G6?)we_0-kJZFkOqJxv}$!&jl*lQnLw0j|(LM6uMV)a1plu_lHX1lIfgL>qx*W^#X{1O24U!V?t{WYxK)oEw{ zkwck)Qocnb3O?Q{YCO!U|2AtvQR!2HMV}(6QrrN~i^ad~V$s<AHO|?OvO&0Y8w|J9Wy1_m4z;^BrXrXLk!I81#cBt^JwM?-4QMbfqqip-@=Xfr83c6UEo{aqg611xGBmfhfBGf33IA&f;P8yvj=Bmv4k8|=4d5jEZ?}UB`HWbX4N@bB@q-+o>D=h zJWIW=B{z$64+sk*nNKgz3z8Dxks5c99(hn8%p*}~QS{dWv1s&}W-pqcUNgfI6`6#t znxIiTGrSLhLjz}sF(Cn*+24T}kD)dnkW(^c=T@6iLN~)bdCDj)S~<~$8PgoDk3Qm+ zPY~1(cWh>qU0=#qf?DyLN&13j(GRKx3Q`#SQ;Y1iRb0B&xcx7t2iD*p;2X5hy5L_} z7Zf|G#VPa;wuH;49DB%iH#%HhaB!pcp64Qp|qzeWlIjPFH0=tyf~ zJJ3l5>KAq2JnHmh`VKfJSSGkQgN&op&*782ftNYQ3?tA3x_ypTO*u>zN-&DVY?_b- zk42!#1Zlhpx}>kokiNh^ZxUO;C$tIL_Xgvv7gTHw`o&@$UWrv@!r@cr3T`MlAk^!<@58DPdxwU9U9LFnQ!3UU-!wm|9Ai8Zatd+ zbGP=K|MN+nQ2G|#IW$Vq)L@(@=RO`mZ0It@;g#Z)qhNBYgj_FfxQ)YDl~6LQN9AjA zS+!ZJ_{jIr(m;1kr<|O{%eqV%ZXk=h3HyPcTOgdOK8miNG9ARy2d8Dl2mZ#}QjrT) zT(}0QEbC*$VWTph+BTB<&eDjj{ zAXHFhmktt9kx}AZ@-<`d>rtT}-KhxNbr#94=h;oA=6Uk)f8=0;lpnr!Ej^g~!G{_n; z&4pNQZDe#kXn%)cb&)mDKhuDYC%T_!a|83$1NWm0X{&wOPMxV9w*O2+iW{4k!x5N2 z%HU?r*9gifBfQRyNqHmrRQVU(glC@5+P#EscXvmE3tqPKTD^SgtA{cOtI@<Au_efX1%m4Vb3eGLO0>qLv1xmn1RA#ZQma47(ZJ!g0N-w|>F->BD(NQ1h z24$t{)Zp9lUxj|DI{rkr<-hKW*>qd{)?Y^Ef1|$Nc%J`H@w{-=eyQ{yA3UX2tJbQuKYo!ry3Orv z!<<&x%s^O|ig66}DcW`lS7g~rD2w#}#rO)NHxmqbh5faF6#WYRTLm2&eEuu|!_-`)}v*>H-Qzx@XOhl{tX;un^&M3kW_pZud#dhr7E zrCkV)h>l97K!vHnXN$4CGuoZr&i|@jPhEPZjK`9XViWxNk2j!Rt-r3;Dz!gLr7xi8 z2he;0atrATaKmA~l)h8~&zI1D;#cVl0AGNx#K9NEQlbus_RB%nAlptB4e$l{zeK%P z;EP0D+4cgj-;qE_a0vJUT291{_@y%R2hoe;RSBV8`T~Mia=QDlUjUJ}-hnUR&(B}~ z1fnnDqHeg;7ceFSi*lSUP-4m0UbZ~G`vv^@;g6*9u}Jw9xAtG>|TqVN3i7MQu*Y|Ib-t$7?x~xC%P#9oj(gc4(jQ`vM zf699-#1Bzl{C@|jCH_a068a|~6#QusON?9?i%{r9K6gaYhZm?2+uja!H<7VZ@^Iwy zU|vFpY$hy_Pa}twGV^DwS9eW5%ucqESJypOkUyNUT;%zq895|hov5_0K2rO8dpo;D zYRa6kU1IeJ;RU!MvHFl9TBzw@e)7m2(0N3PR91(h3n3h;XBDKcb1g)bD@7Y9-y;|s z)^sSZk4UV{F*}m6rF|J%TA(?O*_mN^=0&i)^Kx+7uQ!tG2I6ay)hpFm?tIU38iw!@ zpL{$b8N__(GBJu@%*m;E1o5O2DQ^sqRp(Ucq z><`i#Bg&J>n+kf!gz3BqBo!p?s%iG2_D43l!Z0(e>4OjsH)A8JAuBkA_Z|tf{xrDP z6L5d^Slk;qxIdgt!i~f*e_aUk^#oeD@_1_Zk=zGtkvr?*Y#V{I8FHyWu`c1K1nQ5O z`B6Zd;>2}SLZs$Br|>`!Vr{X?IK)V8%RZbUK_CyNhI6{f`Lh5LiN~P|D8|GCT_H55 z8WrkLC`Y+(f#`PR_*hmCyt7{ch|5~F-l*0RtHtm4D!>6@6TE=Q<5X}panMP%zGlq; zwwC-zha>EL#ZZQ&&JOkGhCM>mn5+u$Mg;I0Q!7$)9g8bc_0d*W1m60VR|LR1)>ove zcd+Eqyy8K645N7GARfsjDMzJJW|NrTIg8}j0i2YsMX$ch0hgYVFt=g>Uvbi@+Z?!w z8Di3=NM?4CM91=kIvX0|S2+VvOwhin?o}JfHPTj-JBg)polTi}FLLUvO}h2`@otLx z6fjwy_{hD3IsI762VXGBRf6xccy6&I-(`_RV#Vtf@pl$VH7s<4%~$J_oJ_a zd^T~v_k8-hJrViuFQYf80&?Vkqp{nF$p78F+VlC3CwVq!|3hRFtB<~$`5%yN5!>Gt z9N*ILPrT+8{Ng)3e+`lE-_xo0@0qr}e|`Cf+8VQT@MH+pRzA|EG9DsSFw=7(PE)->vSHbpKFY6PyWtIXwhNy%sCY zh>4o9^L&AGiX}r6l`=|f%MEU}jmgy84X@nI434U{H7z;mbg0fsUKWfB$Uo><;?cvV zrKNwkRd(xpQ~t+zlIFjk3sN44c(fqMod5Nm-Tl32{zsV-@_GJ0!4t~=XdCFBBTFW& ziRFDfk`_zPS>Lyi43~;#d<^V!s$?a;Nl=+0s~QNB0a1l9uMghWg%n48B<9W$k5VK>9cc;q<~g^udVVW)NB<%R-sr||d4hf{;8wCXlq zP>7q6lu7_F!vO96^(iWsuEy1$em&ShjLQ5T<%Cpus%h#v46uYeWGhs!~s7Q|{H zE;Gmg6RrS7GJIlT1t2U{+AnZMC<2BxAIT z!uHVkf}(9`8x@JHB?Vg5)L(dB(4QmZQ*5L{2tuEv#L1+!5Iw+P0J;$fvM)YK#VbLT zUb{c=vVkeGJAouVWBJ4ugfgs&Sc-{~GWy`KA${cTiEykw7nRhh;;G_zU zq%0Q=u=##59Qb)(1zI_{Mp~;{l zW>CSrTrB&^Bv7^*0hu-(RdZpn6)zD%$<4Ryp&{yvS!a4M#6%MBscFb`O4=N8fC*z& zd6_dsCgBJ;f?r7-FKqtKz*vmB2Tcd#m0}{rm?7BCt;?2!f@mXv5jRXkqr?!8O0gp4 z?oK1&y9w_Nb73|?V{b3%vtc=(6Fw&E3->|VjJQf>T~f9TSYK=-HjRf-ugn$AVxg5T9e<`I!1 zMqL)Zg9exM3)9QdZ8ky_jL}3YC84&ah9&J1yfUn5B2lxsB4V-Tc76~T@}gouwITQ* z+NVspuv4pcoS1jeQUqBrsg@YB^n@8zgqlAV zG1Ki8dCyf*i$xX=*(_u%vyc`tT2hcmc&%WDZjWM|PSa7c~4zw#Qprp_4$&`pVNoaJV?u!W10f;fVlXBDJ zB`H}>E*NlZ8gH$sHieNM8E>#Oq~l`Cb%DsjHl)xL>k7{ya(H|JLXAIrIG#Nm&mN9V zdpII9ynvr0Qez!&2b@l+lLGn_SyMhswi2av)&z-mSImYCz^q^i6omAg<3R;jn1U;^ z0RQKI|G&Zn01Ny7{O|uy_HlcsA*@6p)c}TciYQR|sUxOhqYADFoin)(Ik{Nw0w<>n zdYC=_@O4>?kfZ%fQq~)DdIkt>e9TBDj~$VRd6x^7Ks>zVlnAjDXyE7Q1uf@<9kbuacB|<*tYVG z3NFVu0mC(E9O=G1%^!%WW0Ez*yT2BQt^ipgDmV*q zHf!GtWvU!kkRoud=+h5)(vTU;aR-XO33c1tMJ)7#Pekbw!`W3&(#G2o_b7NLph# z&~rqP|9Cg{u7j>e%D@(_B=*nDxzB=FY-ZSUw!4$gHOS>*4iALln-gmbbO{&#ITr_u z@n{jmx`fL&8|$z_W3BG0Dw5?aCAUR?g0?x6(o%YiT+$d!SjU9A{gSIC1xSG~os1S1 zu_{uKB*JjWL1>5?8Q>gHa(h61QL8ZwHKYT5A(56V3&_#b(13}A2DODG$Rl#@{9SV_ zvUQ>VI1@j%YzjZ}GV7cYE@?B0r7jKD!#ki#($Nn3ii${aPMa! z8YKgL1vWIO)KSc^rWl33Ip$ChjDTP;AjV_~u@J^$np*&2$K;*F^vV{vn-QiY?ZiM> zE^lRg^;V4I%O_S@3GEnMpz`?^*QSK<`7PznY(byFe+7*Wd$gyS(1{O^9 zLX;dM#?>uK5Kjp;_{`h_GGUHfdd!UJOy(5QAQtN@QC<9xs93E_1CdxrmBr*PSakEN ztB_MOmloY%>3~ZS8>XR51OZPCzO%RjkO2$bbG6m$E(%TqNwC4mMHO7lkYmPfd3L#i zHG^`aP0l43s2+m)Y_UIE?9Ueav&H^wu|Hev(dXG>4>kL2vH!DK>~f1c*Km_t-pWi< zx?()FW#mO&^?tB`d*M+NT&YW&|f0q z*R{RF;c#@;y0njm!_Lm|%I*x>^+Q-@{_gO) zR&V!4@7R@DKR&y9cQU-vduQg|-OZ@ixvtfZ#!mg#rQN#O(TBsiel;H9>yg!+U)J8W zuRosL>vjCTI~cv|y`SD)&3lJ8!<(J6x3~-E?N5VIkLtD8!@+ypMf1H`&(iMDu>RNO zpw}H8>pQJW`(o6t?+xDD=hwq}r~iJ|Li5h=E`C>|-r@Lob~6~g8|k&t&egDYH5_$L zdhO0`Z)Cr}GH3JA&h)N79Gz>&y%V@I6W?Zn4mY*EtIK(3IT#M_hUPsS53ld9=d<2T zy}der-}~6B-PCVJ-J`)(@9prtZr#+dJs7s{dbRFA8|s7p)ybz`r_;HdcY32?=djzx zt=6U8)@z-en}+_bU+XOU!|vg5*u5Wh?EAB;o1S*`dU-w9F|uauevRy$j}CXbtJk~m z)4Mx_@dD!Rr!zeNG_K!V_su=lGtYLfKaOzg(l%k^=H}A6Zj3FRX;<|*y4t%qZP>G` z&LO-sdzbzGs|M`o=fl?FTp!J#-sV@sTK8x;v{yHu+N<;9?)&jhr*?MS9dvi>({X)d zw=V6aHmvi@+U2tMesqXBo$k%YS?{LRX=wH7a)j~xre>4T;O4OR{@v+K+dhHs?auk| z9UsoS^FizI`0T2FKDyf5>&;&^hE|VXb#8{OOWV-r_iWG_U88~4=+!##a&&ll-Z|Wb zBiw?uE+4n_`)+My4X(Pz`FnhNh4rIr6W?F%jOK&)?Y+VAyVI_z|K9!7*}tCOSpD~- z-PR?kpVsa7zc=1dI5=$du#Ko={-PlHa z&&51ur=Rdy-_%>z9}lfdlV1#KXSFM9v^&05XjbY;Ce>hIWRm$*B;dEc#d zukdMigzvQXy{pk^-Wa^?t$J6lI|z>kzt=HqUD|h7mj3>_F}l2Zi{GNRXL~op9_#Jk z?#R5P@T$Idz0(~G>%-;9B8@Zie*et6IqEm+-NF0A`8C#CmshieUhA>mVD#6pp|8$9 z_Ij;LyM~Ut?@w2((cRJae*ZLET;h|R;d}kB(V%lOu=G*yEqcA!q>||ZST|B>hLGQaGeZ@IE)}c1nXXBy%UVA$_ z84c^Lp~07ft9PHy23mbM*XZTPch<1ec{^J1i-Gt(=&jD*cN^o{&0+WL;o+tE>Rzww zr>#r7cm1(9yWX))G#W9jjStU99nv>D?52Ia)8ElA`fo>A$bjCkOS|ucvn8Uu=+362^hr?m#NX(0~VSQ&b>K)#+-&q5Eb21$CIz3bGjjmqT zhPZn&G+&=w4ce<-=VrH8>mKRtnLVyg8#m^tbNOCB(d)Q9!Y6ld{_f~zM?W6dIwJvB z@4OrIJMWhL&iwvt-n&9=y>)5zPT#li&d&AC7@2!5*>)iCuIs%{R@^ao83Axf6 zo-EP4bAD;+RJ)o{IMnv^Plp2E!{Phx@#U~{aarqFykq4To2qHmu!W3w%d?4$nuU z_k;Qf_us!8=%0owy``I%Lwh+I9o+TJJ>z7I;`WrhR3tz@O{@9z10`z1Fdm` z^~0-yzBt?IoSna)9qIM!TIr89ot9Se3PotaekbkC~>QSq;u-aQJcb*Y7*SottBRc|Le|IH>K_dz~&E_g~Sg(P($v z;D^80UcVcE()+!g!@K_5?t3A3ZU%byy4D$t-uL*p-Z}5R*Z1{Nhm7X$VDIX(etyh< zzy3I+quS_deBAv6E&RS~^#-`c|SXU+vWN( zzR=D3u-mq;$L|mC`ty@U>yqq_P5o_egcqZaLpmH>-(7XyHO||!e*f66kB(m-_1=zV zu-&7h)rSsR+8xht?6dbb*H^>)(-Fp3%&p!dN`Q9(`))_{Jy=X)p}$!z<&)s9@P3D_0eg) zx9qh#cK2<2XJld48)|#4OF~EW(Q$X)J%w%k5Dng)!1nBJWNE9xafh7uU*q8?{pM_V zQ@0pJ1{QCU(UHjU+>F6I1KaGd8o#7{JTv{F6KPG$K z_F4Vxs>Vf$=Xo4-5lnX|)-%i8abP1qUCFQ=EaQGe9N$HI0P zwTIFkJiUDL#<#dtx~brbLYcCTAzEjq!H24iPsH1f6+ zrs|rto-N!%O9S1FLSf)Q`YysT#r~Vd8X@jt{U+apBHP8=q=0rm@;Vg9ZYv<)?6f^X z)Y*lK4MP0=8bRa-{cap!=v_fztg4lYifL&Kj#!=FRLHy;`<=3ah8xG1$w6u2+FlALszF1nzA z%0GjAczmHwh8j#A+pWm$V|bV7G|xT|IwM#g7-s%4*q-7fq|04=c{K(%Otb}TL_x1} zwA*-DPd}xc((gG!HpIpfJpcu-?gsEMR|oxWe*A79SPOHk9K#ESJb^7k5X3z6ox`!@ zCGJ!B0OoGv_3rEamyOq%xdPTd(Yjtx!?}f5?!jdx%nhcPk63Oz!wkAvM%BGff&|Rp zUR^f?VUxS^xjSnc+9FDQUX0D-{(c4_&Ul7Xkw_pk7 z568iyXnlX@Rc5M?^@*wY^Q4vA1!0q@!r-J8**YfPx^7(xs1#_UPL%tj^x0w$aw|Jq?I##+U>H*Ao0tRnSF9cRJhY^;8Z#V&T>Lne3ijRN&b~ zmC@(#;G%jyB@Y;a z%HiT-WP>X+814vDg+w=m*)Erej_#8mT9CGGz2Rr6Vxna) zm<>RsYTZkxbngyy#Y-Ml4JMt50XPa9=-Ultw{SU$*YfNI>HA9I(GW2u=?n%Imhsm@ z9lkd#00VvE1js}BNFHi;F?B87w26=_Q2YqMqG&2~f*t_%#=%*oBnS{wcFi4M)xQT~ zn=@tCo3PKjR@vSDj=NTF>cN+<^RRs0)cTujY5}mM1#+EuzOOqZv$P9Tq@Te{n&>*j z7EIc?PSW>@5I|#ui8YmYie<@+FfLkM57Fn{x91a}&X!dmi|2!LvwP_?r8n zv3Kk*cXmf|jXv+;J@4T?@8M+$YG-!m?csUTIDZ$zV%)@WV*9UIU+CUg(uGDKtVUVm7gK$7&JiO^qe8R607rwdf|CJz)XAv@-qm3FAU$!jUR`d@Z}pH z%L`{w4{a}r@l%OB{dE4J3vD6BL~{c;LKz&LgRSh@W_-38pKZns+l-+pn{PLUim!FW zi#zG_eUpKtzn;^ILTiec3ItI;XxIHegG_Em$ZN2w;F>I?M3FF@+iHE{7uP@lkOG&NMsTy0EMbTp-`xjsVi*~da5prX<1*H2gD&xSG8JGtfAvn&q@Lc zjRHKD`}&xQkqe@h(-HhA`B1bw#j)>dsV-zDBsm4NFYm&ZSw(BdVtS2N55@$ihro@6 ziAbFt?2=9o1hccfw`bZkhKrR)qZYK|1UJn*p%%w$il+EhP;w+!R0F>;1#b68zH1(q zg0zk_D&=_HdDOZAfr=A@4<}W2{ggU`8sDG>ca{H9 zE`)97Tt4kx2@6PkVt2w8bKGX8zrI^x`^k|{3-`jpupiyU5H08F)!x;x(DiT7-Eir_ zw{trz41Mi-Xgn?550{>swr+^1wJRcO<&KEjUzBg@mWW!9rImXkTERsTErb2Ft76M# zZV9K}E38m<_p*la}RHjILeL2b8cJ6h#jgwieIa_ak4u2Plmmg?@R8LhdO&RcTl zE;G)x*1p!-YoE2&zSi2;TKigSZz#Uj+Do3b*1p!->q)An**YKRGH-!ea4p<*vL}db zTy|;?5i7bgALB z{004dvMFc{!jb68p3@ZQsxhQe27Iy)t8WICm22Ccz8+E1M%ky9U^DR}3Xm_TM@l=L z?5|P3SKsJkIvwR`&qy4b%{`XO3d@D|KleR(lv|RKZ0=+9W_#^)w01gLI~_f;(@~CP zo869b6_#;4N=4)no=0h=Otxt;-%_7^^CLRHOb+VPtc0L>YO>(O0F-R^5(PJjNOeaH zQ6(K{RAxh?A5?1E6I#Ae{xS|kD7+$%h z)90Bi?~;9)7U)5;bdBQOcu#(57z;W)&Y&ac^l?BpwYK#t6T>(S_d>*2Q-3b zZEyU;1vJW9Nty#YC|#>y+sp03%Qd^Lj0y)gBcDvaT`o}Og<0CLGeG8ZAP*HS)7Ua# zjzaP=MiALmE5kWcL^kue)<-3*37!iHDgB$1ZH5VTt*Ndx)wQO&)>PM;>RMCHKWj}j z)9hMP{c~xm4>`8Z+o0PVTsN4ZpFZNmU%t$vj)J@H1hbfTUFPwwGa-F|`cj5nDub2P7x3{zRm;UbFet&moXZN7@mtKEwd-vcksP`zXH#{>QWA>NcgWJjv z?ho>8pi3ObgoUt|k&`Y127)(&SO_ER-r})P`ZnZ}$!AeSS`*9ckmEE_T;lEfH{?#ugBR?SA+I09` zWNkV_d~0nw@l^b#%pY5u|7~rcUorFPjHC0@Gj2H%qrm8n?-AUU#Tot0a^~En9_fB5 zo_)-xjQLnZ8Y$Izu!B^@&E45L2u3fPw{LZG3A!^-Mhrwsps^Z-uvhJ zOxmB09X=5XiHhLtjY(G(wxO);hcYBCXleh+<3&J@Mgfj({`(9w@&bML?pm(wVsj>M z6*M#;%G*ZqHf{FzQkBv$jyP4qY2ns%_7 zh5no{PMmo3gJo@O=m4!J)FYNbvOH+Smteyx*W~>PCtV#qdy^Kca(a+b(7*eDIL7Xdb7#&iQZ^NraIW+YRWL>hJd5#E*#+g=0(XQj>8%`{4-no&GDQXZN02 za!`sdtYn8~qZ-kzOUL;|&&na;YtMcI{|D5)eS|ie_@vuK8 zJU&Exg17hf4-d#__;P=L*CWI2SNq=3-5&>S;gC;~bfe1y4-2Om?kpfiSIGL7Io(Xn7r{bf!V z^F0EhWi$(d!b^({F?bhms5C)3>KWnaZbBd`Urdo7azVpj4xe#?20tF3AT|r+F{P}j zY^_$r=u}jc7UK=XU4|oK-p(m+1A892OzMiA6axeH1_Z#fjWGHqsFXQr^iC{_@K@q(pY&4VI zp3+b(I-<9^E}oA>x5~PqVQzujiKH1B)F2?E7~xok3v}SZk(l#i<3g4SB?z^Ke(1sF zIn4!W;5_Ip%)Dqo{rb@lJ)NEf^|ucku{8E2tcbEW3nuV+OdxVZDKJQ-gAVo%wj}_6 zB;CfPj?Ix^2oy2;aRDF{WSP&1a!F%w6eYn)Hyr8V%!xZ=XzQ z$;neX3yl$>k5P=p(E3tLQ#EAD~;?OIXprhJ+ zD;Y*_#g1fgD-Ay>yOd&2&$mkWH6elp(-wWMQmv^8deT0piOe$Hg$-O;Zg7x$L+nbn zP{*GTYen_xqw+H`wb`)?*DQ@&m+;#bRcwF+Rbo7rS1`97dCe`F1;Hf^e0OmuyH+9z zb#N9nLdAXNE7_k7#n$>f1x8dZS&=I08B}MUjH@$r^y#yLOe6WhD3e*4(i93we9&wc zWdo*+EW(b1+#1phc1wp9Rj{O(NTh~PB-BXdiEAA26KFx7iTa_ea&_xRzY^w;7J6xy z0RImiD)%7K7sbgjW@91`WPhVWK-MAZ;3#sk*$D;dbu^?aSr_i*%yCf6EN@Jeib<>6 z({&&bAlGBjZx3|~|4R-VPRvA)B`&2?VH5=mkVSH#M?*4_*Tuw+D+$UY0Ssh)KOFNz z^zOZaZX@h!&nXhAmx2q%1P*$ulW;-;_e1mn2f>Fe^uZ&; z*;xGW!x0t#-(ePt{|RH1eL$3<4X(tCq z>i(t-G_toMpDQQ=;FijEDuiEp3?+}8Kz~$Qy<|fOb*0@2j7(+g&IasL!Cwbw@{yLT zI5ADyMHo%VbVwMu>yprAizrUh*h;`ZE>igouP>l4pFW|Ewj}F5chKk0b_!9G#D-ZB z>}J|doUWSSIi9%oY#=w99io1(H%;D5$rMSaTAt1Fceg>_36%)^hUcU+jIz;NZmQIwj^5t6#5 z($M2cEP{wIpL+SXeCE1@a|4o;++uWe7N^Bw0Q9=>RMwzSvu7x-Tf{G|Z zca+_7ggJ^Zi?tlOBf|-$w}KKqpNnyx5Ec&<;iX9cDw~L?C-_kyjm!ND7 ziI1~uc#~PgD3RDYc9imvmzm`j3(1}V#U5dYr8P&4sY+$vUFO02Jk!i^;Cq0=*OGbE zppf|U&wJ2NZ~vEZMV#L_4Ij`(z5Rc?zuV8B{~h$#=l@Uhe6kSgd@tv@bBH=xO%_vb ztLdj~-1Qh9#dhzYE8lH&ged96ejE@{O&WyM%S8n5q#Lw+=Ot0Gc;^s(0>12|Mxog$RC<<9^6m3hT32c^XZ5mYzs>fw~qpi8F_4N3U*xLDaMswyik%AT2UyXuC5Kl+z)6`>LQcLO!-lN1 zCPJO_(FKh!<>_2inF}&E1y%aIUl!lxtDq@}GKQzeqJ3$os-ydYa6u*H0XCoqGLK>0 zssp7)xFq(Hy-ow-N-LWNr&a13)~TxMaJ4TxZE#_>T6-$up?u^8Ls-K?P>#Nwv1=6= z+VZvv2D4VRRUl-HYIy+PGa|%SXQONA<6WsfR*;iv2U`tXOQl9Gb=86(t94ikU>Va( zP?xhHkoFT3j~&D9Sae;LNKcf-0^o;ZX&gyqW(5J45O1}Jsuob?a;4n{A~Rbhh}F=O z7w=74E#JtPnKeIW)I8His|KyQh`M+J9VnpE9F~SZngzkdl5L1O3-tR82mZ(>9>P(y zM2l>Q-I`XwnJi;rD}rsS-j*&x`3BFVPk?AQD<`Y9;L@2&H`g_zGhN#9PFJgsv*2L0 zl0t8o30K?6<;{mHLCN~HtTd2z8cp4jk{rgbw5DkUeH}s65e0gZ9Y`&R zwyLLcRcSz13&)?wL0b8y7%i>4YR{L4qF%ePJmLnaz=0KQHv)Q$EnvZ?rVe36eHK;g zw5UnH&v!N7HTF$(s+^AsYM%5|$*v4I2nzI(BlmKpGBqz*73j%<$#HAZWh8HqsbSB0 z22D3U$~C4Q#ihJjLg}5XpGm8ED{@PH$4wYz-&z=HiriJowN<)lww=OACs3J$E*XqDFoi*)sT}im;vFM=8)@Xcg;LC2>fV^v2N-Cwst7=8B zWQ3JVMHTcWHSjUoNKcrXftQO|^k|HfJ1I(^W?lj(kg!bCSb^mA8U2?NTvfKN>So#@ zy$v@jdivuJu0h|Zq_zB-m-+m@R7H4SP!U{~I~~i*!;`^j~%i zs$Mdd+EXfGeoMXOk5_8xF>fv|j9=5JCCYyO+TJ)%|5W&YC6{%(7r$JeT{-c`c=a|K z<3IHC_rDMNz3sLC*Hb)VV=P1@Bq_Q>Y!-%a{GoOo!Az{~j%8iYJGgr5;xJi};p*hv z$HWUBZQB#K=hc;hXnG>1gD;J`RvaU2f43P3WC@r&s{^^ZHqSt4|~U-%Lml z5yqW3S~V0z1OM;r<>UWt!{;^sKf&|qQ+E^1{plgx=^6O}5sU57RG`J3kVCZD{ruSy zrL41$k&ZZQ-V_4LaV%BNR&jOp!s^ItGj{qBF4{OUz|e(&qi++NXN%|_#cUS3XnzNO z`qQh~XykuH9lL`REE0O+r|jH`yorR97OGAK9qXS&!iMs(Xh95tqaksz5JsF%3Hp0- zO-$W0g3y6*K^1QD$b@2WE8w}hFmrlwCCUo%$s^*vaIEtYQZXDPkkn;AITjTnG;{j~ zbA+Mus<%~mO|K+r-1?&gmHBWQ8fBH=+n_t(37qet>xW0}=QHhNf&>Y~8AuGty1Jj4 zmrHgoVtyEpQ0L#c{cpUJgC!enPhI6dGc;#RCS*uZc|S4FT&I$yz_blbc#BE?V!$0XL$ya!EmKBbY%yXuQc>a6Tk*zr5|HZCr;;l7==T|oNp8GFDDvv3XAc(=kfs=Qo>z)5 z?I_iRvHT$I(jJ8R%3&TylEt0!enaG&&?VVkn~YROuXzD3TPnn_kg8eDxXe@Si%LmU zR@zbbMsth8bA#RudpCNXM@lODoEI+|nhH&97*awv+EG6`%fKlJgs;7fulzLXf5u(x zRilB`>wmkw-GlAC{9kohfIFq0KU$z6nc%rk89xMfI~B-E-o_JfAR3gq z&7Wy06R0#vy|3HKdv-COH3tNWSoo*1>;I$GGi`J z0=@7QsVXeih|WR}`Jt-aopILX6U<20qppwxX^^pOJIB}8XBXG!zg!$@)?ie=Ia&&B@^9*F>fI3UuTlB~=u^?j|bmsAbPdbRt+(~x85Kk}Q6orI%kQdwx)S!o@Ag1G)#|s%w zNyU?xjYa$P2*ndR8&4c`G9m7*97cqvaui!ArZhW&Vpw-Lb|-?u1iXKdA;SrMK>9g( z(OV(MtUeq^-qC`{S)x1|c}F2l{@73cVt!=)4#&w~KKFU@N90eF-+`A_2`4Q5gZN|P zuc2VW9=Ue(sCm&?db>)neQgw=1f(}Am&^p z$b+tA{4m8ga$x+ZgOGik-pWQcN3Ybn)k$XAES)PJAyp0tpbBiqAPb|6eT)td)ki@k zmF;v4;;E<)v{c`|ps)DQL3Zh_M^>`lu5#ti94ZC7;D2>XHx+opW+chANf0 zxIX&R*%XDd=}-j{KYhk!y1*or{~Y^);1bPt|Aua5e??On@|`Z}tIp-8|&01Hw^mZgDv)X;_SQ({jw zqL+|#_LKP*1A{A*W5^#gV-e+qZzTr^GDgJ$Vbr-}IO-sEjF@OP5Yv@lz1Bh|LCj(u zLP)LSp3jII2a7F4oUx-t;v5HK=7*lp9zj0oa7kKRi6)OapzsX+u&c{=bYm>(CrDTv z1UIsm5Kc7+H2Sj5Mud$JBQ9k|gSxKKoKX(hw!pSMW;mK4yJM^!A!SpnTT0La`E)(Q z^r(_wk`R^-ko=BdwnKFPS1Ab8rXF0HU_xyuWlNTn(K51CzB9DZF^M_kg=M~{maSBc zldD)n@GW78ks*{3=#ojXn(ex9;F1gGG@9L>yLik;f z_>QvMOiIZ)4Q5j_o21U}0A>&B-jbLb&NHy#KJ{4=f2mL?NOl>kmt_j;EEQ4w3U7p2RF7n_~Ef(lcC~GG==9fVL z8|Z{az6y4xB88ZS2`;$>0;KulNu05MD0dF95qXNZoWhvh2xe6#Q%r{^V~v$?vsi}V zqmy0^6C$UsWQ@n?K7aI>Jt@i{b_VytX&94_Ijpl;c+CI734^GM#ZNymI*Y`&eunBn z8#_erI-t?XB=H^5whW~O3MEz7Dy5AQF0CYuc4V;vNi zG7vsV5Ot$pE<2kg1Fx8in?ljdr07uDUPX=Yl-Y?W7QLiQthJpC3Nl)yR-sh{s;nwt+W{Th5SaT&w9|l0Q9;Ja zwIPtkBMeD(FO9(4Oh85m*L>&XCmRC59u-@us97>n63&aN>FdGZ=H!=)*XKXoygq+( zW{LpOOo^22Y6C_otijovUye`D1~-@Ir>!9-f4l1)GwRic67GI48k zQVn3>l8Vw?-!aR`)dQ?V>W#Pg9M8udw zz{9CA2k=4Un1l6Dddz`)I6>wBu0WAxxzl#xKa;mr`-R%wSc|=wv9oT2xax6MjN$n7?fFH+*yP)*|GKIy{p0z?>CM&I z;Ma3QbNE^om~t7Lf?9c((gdPOIVgNR7(7c8Q;{%ci-`JRjQ$+CYf57B;4umnhBQBXhu!6^^S^)WiAmhyZ(#3{qum32=#MslP14^{@eicSJX!@US!3w%zT(WFqb6o(uC*sS&O9g{%#`%ILecs;x zwaB%MMD!7c(NBXqvW9SJRMqxtA*V`=saXG6L^EiK8RI^KIX~8lr<#B2Ka+zGlD*+wHl*b;)&6{n@P;a)( zv7WF&Mb`^);fh=}i+Icko*oHhIHl!kpj9pB zEj?&bj6}?zhqJ3WQck{y({N zY)?{a>G%}VF_Td`Db~q)lT+R~M1dd9J~k?~CcNx?HaktXao5&9B`Twi;gzqmTU+fL zEN#voAchSn+55lQX>UlZ6aXX_b;J z>fozYxb5&~2>FqD8smQmHDu+;AM$C4|F*lcU5Njnh*N?+0J;?s+&{GU6y0BK9?g03@D*_M_-%dMY ztKQhz$mmS?}I4!QAxJVbUiI$e`6H==@aPY_Mb*Me}bn` z|5w${`=m+UM~J$e}B8b*8iX4Su$K_UIr$TF2}y@;$zgTO2AW6j0Cq{ocV&KK^HacYklq|4;E$ zo3pdoP)*-FQvjrX9ga&Gq1in}HPuEF%Gm9mF6d4xM5Z~n-y|_t z1QxP!aF(clkMf<)m_*xmtX9Y^)kOnRzIP=7gh=RtYr2{vTe)j?%)=nek7#azm35vyu-mL{hnMfK&KQi0044HGwJ${j z026y+i%`*x$}`6y!HlqLdP~CBen1XUCvhcHd&6#)>s61G7Tg8Xlcq`TPKc0Y9Yv|F z5fcYoMld!GlJu+PI4*^h@SB)A2{RkB-1t@QXIqK3gfT~qt$B0Jn+?3VX0{9_bpG|0 zc-6(Tx=f<^Toq&9Nt14J-dkfMY7CgSs%~bhK{W0YGn!ywGi6{!P=m{GWM0BsRipU= zDoj?pd@$M`4Mbb*SgT-JidZ&2;j-GYN-KAMd5A9L4Ku^7NV~+8s(*!xJnfeI7_%{n zSMuI8e923klj<%OE#IH!%ACOI&aw7?(fErOf^dq~c-~V?s4QOU1EZKEeUWTE;Eg;ANIs59ocs=ap8f$x17GAk z;LD-!aV-2x^e;8>gZELnk>3EVQ?sH@wRBb$(R9WkdxOkLM4H1&zl6{nWpa`RWW)%c6q;70Z5qmkVap^c*i6=F?ncXalyw0d4`23P zrr|hBLm)m`(7*qQu}af>!IdKKkwRfD6XU8F<*HR6t#2ceVuqr>{eXvmvY>*Z*5dJ| z}YJIKhk8`ccWSC}NDNCiH zl##d8BZp{rI~!Nc%(GFh2G~XuPm=)(7xn1KrQfSNFA@DM*@4$}eyP)!YH*^Y-nb^PZkY2${w#(p*$_q?Cp(GO+XET*pen~W!bZRYR~&a663y| zzu#mft8R&c?J|!$8Z$I}Z5B)qBVicXiyvtnH8SG@k|nnDRfc>U6)r3(3i3@XOFYAf ztW;*2Urz>S$Jb}-kAGaA>OXR8x?SwMpkCi2XCR@uI$rtOHo7nQRM>x=2??hDIHZg` zyp2Zx@130gcYklc-&@;%pW@j-mpG0IlL?;WjLUBu`~@mj~E&GABiWGitk=HNNBEzhEP*< zN$f5ljiX~Zr&l*uF=fQsKqquMr6KzDMQadjxl7aYlc$oH=)?N4kFm!BN5ggR|q)w`b1OdyF=k{l9bPKmFZYKOH-K;*-Dwg=>htG3lzpHk7q9X;lA{$BTd*jRG9o z{P!7VBVbV?#TCWo7w=x@4tt<=mye@+-DPCWX-vNkr*73d`BgnGoXj0$5v zp3H{ePp`RD&6TV-kf+d762{!J{+_7Vhv>r(N2u@gUpYOy_rbF6(IB9i(fKhwAoA%zMW~_ zl1(KRvU@b7G(h+0L(FF60}`FlWvaB(d&FZVmacpBp(8$Zl6raD$33FprXY%b`dlbx zWHZVDEdVS#{YbkG#^HRG(txyPE1@4$*J0+A8a?}ch8KdoM~u;#*wTn!h3@8Kof-gM zI=jwxX@!!ASDBh=;`f@`;LCK6{18xnuy?RiRyZ}u)lX2lt5gF1Re!f%Ql%J)v%VE0 z8%qNEW$$GH^s=+rZYFcgUqEj8JeD*k4|5$HMcIa`0GFR6R4`;a(|Llv!mKwR2qbm; zz52>oBXjF&h1@S`&H9SD95gl6^dW5q{bIoZ+@B;j6Cu3<9NRkRt@0ugiZLA>q7OI- zK5U^6kYHc@5cS3XcbJ9Zf5I4L9}s2eLr6n0Lun5(5xeS%KBC@n#tF8zaKQ*zFD@&N zL+WX($@*VSTrG|@YRIJa45NL$CFrX@$x&UsLMZO~d0V1f%~^ZHLRWCksHcsZySMe7 zEWfo}PgA)%VTsQ#cLl*xb9& z@W5>6WNA>L^16#$T9PsyS z0k7=hU5T)1dj)Q(s>yXN#}6g>T;2L&*YA%ORnpOngI8L_vX^?S<5^6{Bm}|ip%J4~ z1SYq{K?}{eK=Zo^38uD3U5@5`r{8mWsR6?<2!xc~QR@BHO^SD!JR#y;RqsVB^J9hm zPyH!&*f_|9g@rb4-VNwD+34DL6F(+S6pk%*=FdECB`0?_YBrErao*Nw%`>*m zKZ0rgNuCz`pWX#29M9eq4p7VFL_PoS?d#cXli!vq}0iy!NMJ-#LvAQ8){N zYL^42=s2JqSH|+HTbXA;m|mEc!+Sj#oaFo?5a=3zFa7*R-wBL@8N)$IzoherAC6}M zX2tIoLfoZ7QYCI3o{UInxRl5tn+^|f1wOg`K_e0#U!MQEbCr3GP+o9n`i^{#Fp7NQ z5_NEaGF?lPV@8Zdgyr3s4VuY0Um1-)6a7-h4Du43%n7OnNIW$Z(Svvb$v`7UI0@qv z{pmwT2!~30cEFX1Fpl_y&H_(#eok177;))1^#7H>hI4JmSSmzVoP!A}a)<-zVGoDY zXo?qz5zx_Rp#g6${bJBt$_Vnq5j`|lBF!rN@d{fyu~YU+!9xiaebHfiOQD5hf=Qlv@E)U#^u&U%@FV2b9l-Q$OZOG6xh>2c3Wb zK|_M1(ZO@jd5BK%lmsW3lP^920@K_Uh;26o`RiC_VTm=cM?2c=mcB>s3Zq>L8_ zAs#;_(~3@3cC!usDj*^OCc!JhoKx4=)i5Ak1p_GWZWHEpzXc<_odvNU1wLWbC39oc zG?$R2fFlMsO<;+RiuY{lht;Emo?`cw#3-PgJCMhkktvM{iWv^M^0rLk(x5v(2+*(| zV$ur_4Hr@@Nx^6KNl#6vx-QzUg_@2s_NRnZAznPvhu~23dS|<)+!TNGr?crH+TPo% zE9Qr)SWO`*as-~nx%{5yL)-~H*D-!poNnk24gi)|a*03B&Q>iNlbMVsIF^$m?>7l{ zfqPQ{h_(q1J(+<#L{mQqe3e(c4(~|2AAl6t>rLxsbm>Xj7pi@mY3kRNYClil!`^m| z&cIN}5oJhuBgn~uNy@O&lzOBdiQwlaiis&v(14YcbG_7*#4@d%0f~niW*t}(O=!ds zC-E$*okoeGA*BJq)nFC6ujBTF{OmPlX;-ue<%q(q87-$ttzb5qM&x5eTrv9V>o<^4 z9}7w4(y5?ZA;Hz=N69$n+2hKL-B!f-U|NJdNLv&O0S@PApw$z=f?f~h%FM`!FcP|z z>$80P5Yc!-7$o=S8eGLTrD|vebuIfum~($lmSVJLZ!x>oq=PWmKn}%@O8(SeYsUu* zncyLnf?r?EjV03=PQ$RA-@FkNpt#TfxE)$F*eH zju+J`u=L7ut(TM8wAI2;JA67){Se%j$3uP&h?4yAgJz~& z6MG&I&e3mv9254U9*g-2y~CkgqGueW0w{W^I4;-Nb* z*|pSIfpD_BQ~fi$SIs(9OJNk#hitPj4_mX{@zsS!>G2f`XVanFN(n|0;vH~JU7>x4 z_3NivFdMdsXcb=A-F~(EYX4ySRjWlJ4z%vb zg|3n3kOY(_!lng?@E8vRpHIwfKZlDmb+cN_FEt%DjC{({kbG&=VPvp;1MkSE4F}0b zg;8lLmggwtA*80^{8Gco;IOCx{{_6U537i~w_v=5Tcga+QVU%zQC8Q#yTnx-ywELw+FzEsunA|P3cnp;L{HOg>&0vCr~@`rL-#g&S;`Alc=3jS%DC zl&)HUEvLMd=&HR|h+0@E(C|_dBo<{$%PGoYy^@LQaOCLYKpr};AmbDHo>|2YUNz%2QMvp3J1^^w3RLkgqix6Z z*qaMZ=F4ga*J(|2PipR^RTPOfA}^*0C*YLt!q}gaFtrT{@dc|%qI|c}v=Tw}*g_4W zO;(!$vrl$wC~FEj^jAih(FLWdi00ii)8o2Wh|kOg(ZWpl;9fPII#iW!xx^#T zT28d*-wFcrQlagiCLHNFsU+u;_?JgsLix?RZVkr~N}Lp1>scg3Ln1gnS;IV~_v;3i zTC|W_5H(-Jfr0>)C~u1IAGBT=eQi~LDN@WiC@F+qCUR@}xkF{hlxRvOtgS3remz2I zBg=4OIT}*W!{rD~J_X}ry2gBIIkCL_s^H`YDn9ZlB4TMmK!&B<^}ROMN&PG>nODR) zsQ%~BSgo^Ad1LKm`qEN;*(Ss)@J5I-K?Dz61rj)4W)(;!uCyAg7XtHHeIZDu?F%gg z`FZ=2>p`#_Da)rE8;LYrjqK#}ILpFv$A;;%jLji^zV-EFReD0}WhGzZ3oR>40FUWF zx^TZZIF2WRt^JYT)&g!m zGETQfC3amB#T?;qkp$#k8l>tPMC(@l8^dWfLzE%%`>d6pS@ucA0o=}8cATqfk|=XF zw*7M1s%q17jC-DAs<`&BsZ1f^~zn#ZnZ&8oArOGopN&LBBr%tNKffg6<(=he#m3ouuE>C zg|wu?HdvaoTI);(LB9@OYurpIk40VS{g?6a*Z%#rBgkXsffpg0ZyZ$<-h(b2)l@cP z6*q*cxG=*S2R_6U0k1ylX&Wpk^2S9=97RFdtO8Euc0g}3BI1g*(%UMD<)HTmE)BWw zRjA}tCN@#sxtmZ}p-O4SgJyOh|s0>5F8U4QYXl@Lx6BDU>*g67O6rdzUj##L$}8uE!BH7-J6T%e;Q>=R^{ zOTbI|I}f+e1&zgjnS6~EAVUwGQo=8245c589ND$jsFB5iq(do=#rVv)P#ms}G-=xj zihYjGL!qTB96)R@*@y(MkB~wd+CmyN9Gc3uGw>x^MH?pO%% zfL-DtPlf`5NLe^0;|Ax@DPdzsRpmbP65gX}Bh9OLwWzTZw10_ZUacWAfO2{F(lE=H zjS{U9W5u;d#cl?9KE;us{7*tW0}*{j5%$G;dkoR~D(`QZHIy~e1TNtETISxoD zSKknk02Y%9pmbDNEw_}CAVe=Da~EJcw`9@T%5X>pL{a!WR96lPOqr}xpq6ytTgNFZ zuobWymfcz^sr|T&n>NFD4I1G9->J1b^rJ{ha)$5Fh_Rdo2TR+Sh-D&*Na&SnaO$v* zh5|<+=y@_GLV%MHdJq$z;}Jo}m*>l>SUQ153)SjU71gUWWgZx+^y%|Dj`IVbhsS@0 zJ*Oaw(%8>`X^#KCd$7Boi~qcTaIn9Q|NIosA2t57L3NK7`x&fA0w%o9#C=XamBoBc z`ywTl8Sgpymd1KM31(a#YJQ4zO&V?4{MB^Kru%zbK#bn$S|L8yY zJnW``hSW&YUO{BLUm{fe1SXB?fMo^i{G7zG}6 ze2?I+EY9d}mNVxr^+@-RV4P^d|AVvR)3;~N)LXTU2LA8&dk6XaZ~eXAn*X2T*^t@Q ztnc3aY9>fCvJU#wvBM`m2|N|j$QzTcDr`epTPWacisk9efAV+{kfTw6W1Igz!;HK@ z-@UueCuD1AK$N$Q;%(YE&L^*H8bw;cp0^u`WxXB@>?8x8wYm8-osvi_#+#eyZ#9|j zez2^K4Rj?pRVUOVmSt3^PG$GQpC;Ah`dL5gXZ@_7Z|M2|0RRC1|8IXsL;%tQ02&pB AUH||9 literal 0 HcmV?d00001 diff --git a/assets/minio/minio-operator-5.0.12.tgz b/assets/minio/minio-operator-5.0.12.tgz new file mode 100644 index 0000000000000000000000000000000000000000..063bfc10f737fdf6b2c87c0f2d5ec9ba4bf34cb9 GIT binary patch literal 24945 zcmagFb8seK)HNDoVoYq?wmC5-#uMANZQHhOTa)C8Z95Zw^LyW_TlcH`$30!UyX%~) zuC6-WXRo!++JsRs=pg^KZ)y-)Ln&n@BPltKUmo1-09JJ-V-9eZo-W@TgU-; zi+z`_1XX+;lFA0i$cWq&pu9MsyF!TkjpS`SAv8LwUK~zIzTwwa2d3`r>&w6ogeU;U}62gc?9d5+4@duE< z(;uCh1OpAzKmP(6dDk`wJHolq!*qQ4pms>-pkswxm?%|+yj*jIyT}0XuYxo zOasQj_zTUi4q+q`BU>{-St9G_<6IfE$?h)8oFwWJo-aVp?z4F9a^QY^9^ZVgCqQ z)O^fz#-g=h;;-21?j-f&Dr9_6tWW}1GKT2ImHy02RWrAQtAObR9{POOV zhg&C@WrVSebAsN!PM&wqANn`)JNmx9ejnFt6$t)hiFVX?agBB$)6DmqNalL4Sbn|! z-X0L%!v%2M+3xnCe9vdJSfOad&=&q&0Fgo%q29L+ocg4Pm!*fcvOLBedBMD1!LO4I z7AeVH*o?WnWbM4}Pp%%m&)dH;moO|zew?zX<2p8hrsyTR~HxAy~1J^aNDrKlts!aeq=#8a((&!$V$CiJ?oQ(Q^( zCiqf>R!2m-MUW0383N8(i-#E<(E!pEU|5BmKw%Ib#0W3}u!%IIr#-H+fdB=;6BuV4 z66m?#;_FUQ)c}yoAxP9AarlW4N+cY=(aLq!sQW zaS0G>SO%6=!#IOPxjXPIhhV56n2g8=%%&!+^9@|@XP=nbgP)j;O%#@gr1jsNCw5&; zLBH#AeltEJz2u}hJ)S=W@aE0DygZ+TLC;QYefA9LwqF!tnuj88uFeYZ`PZ4&o%}n# zT@AWLsHa1_8d_0iNT~)jilzva3E;6D%fBPbSMr79T)6{pM5X2*#@kPl(EcSJ^ z=+C*(+dtw#Mh=LOq!~grW5nvS_$s`zddoU>yTQ0}-TS!Lq|0 z_JgXDlH~=&0!|r>62(zSGYUk(phI-NNL#sF%Pl!w`Nn~<#&P7w@hl1P?TO5za`IwP zFNv&Q3NeB9A>h+0SQ*&%ZNYk85S`YN@a?3XSSKLzLaLr3=z-XoXpxn|K0oAdkX@KW z`vcHH$A?#r0{+d8Q+Q7}2}Sxu46s^+)AHiToJ#|%oB>h@OvLBZgSKNPWQ5A5aea3@ zkC;Zi76y!xIZA!VFAh^y%t#5+epk_u65JiU0on{W9dw zP*H{y#CMoWV-OcYgDuYpI*Nd0d|!z#`9?XAE3TXSnU9-6yiY8AWWSgTn;oqL7%~jW zwCfIk;?%%L%cM=dzRfw|3&S#vQnij`7O^R%Tu$hL7e=7mljM&E0y;D>D7sq)FBZ`u zh0{eT5=ap6xp;mu+MY>5S(sio>|4OQ9o~W0Xcf`t)E!QR6E-}9>>4)0KcR3MTepy| zg~XiXoTH2>+A8`@f^xg}147CIPQby4dQLGAcAr%QuUbkh>FPtqkrOrmy<^@18EvOs z<2N@5?JT?Lu#)|>0E<{$|MvB@?ei6{Okw@U9Y1U^y8{GQO#BBQquS4ad=Tgbmstc-h&XS1U-KaqspM2373 z!CyL5U5+vh2Dm3n4HuO*yQgs;mXy^1SR#SovmnONTv(1RW-vTck@&M~u@RAUR)E-# zVC_mJqNo&YQ(H}%`fb>9U}i*xFZ%baDhW5J3GsDsJfj=e+MSV_p!Qr9?SjlWm7!v# zi3?0gcnDd1(@$lpT{e@~-@orj^mHrEj4yCR+gjUc?Vt3*L#XfLhaxJnXEkoIwhSbJ zB)sv=-7sW^KXS7Y^O>BA!*$Z;)pUrjag>C+=qLnJ11U#{CI5_pMkX{9MHRykyjKYSz0h$=t+_;ci~Cw6Qqt8)#L%9f zF151Yxiu0P=D>ImPg0N`eslIVo3Z;FI16j92q8tRZw!mi)v54q_`>Hp7R8Onv{6O4Ub+mah2#ej`@|;R)FADFJYn*{ z07O9VhyaIfT(DZj=Zhf-rg`@Hj#cOhUtLa{4(5Q0SYI-gwls1S;oroa*IW57UR=`F z;&|GzR2o^SP3fH7#2=Z83Q>);*ClkF!L_u*Y72wEpcTAXDs4p0<+1PsKDTrQzcwU$ zA6GB?-2Wnu?I^a32^7xD&ho_dM{RAnxwBdFcp>x3@v%An`HrL6%>4b^>6Ezu6*itZ zDb?Ii-hmSGPEQTgAk}%-m$awf^5qinIL@;$2@LiuRZMva~rQFzVhKQt%SBaNz*)8q~B!GzPc>msvJ0D=Hh>I z^|VG_Bj|WAI-q?R&moeyc(|R7hnRlujo+I1ib`ZW9NF%D46#0GFk?Bg5iqOeJ=mO0 z+58GR?0n*rRu2lOYBC@uDJ?kR%QL#KD!y>m5X#=Moz=XERKp+owU5s7VJKciJ+7jzvhkYs&gU?7WnTQa z?nRLthh4Yx^mFAYKVsboMcuxg?E1XFA4aAyyM{jV-l@FMZguHAzi$-Mloh><8{!2H ziT3W#h_mBG5nlk3!|sTqyMo^jj~^TR_|rWL?1-DB`P~ymhwD>Ho*vBCcGJ5Wf9ntQ zHDK_aA$;EvehHN0<|VyMnB9iOW0hP~<{OKSMUHdz(lS#cVeU9vTeBS>;y{uzR~dI6 z3t<^ecwTRFwDj35d_`=#YK*zCEnLet0&sx z2)6^*WT@-|fOsVWJi{-ByOS+a0r+LInn*5ERD^S|Jt2P}FGtrR4591X^lu0vzN0~e zW)uA>1p%Q}27x+y4E*bBYa4#-YdM$l&&C^+LG$i(C8^(jdL)eK67Wb}dXUSv- zlP`k$y~9Wbm>~V+5#l_ctP-A+xCX0VlkEAIzvN5@l|Ns1WgZ z5ch}0-Yk(9F#%D>Ttd6jC{1LvzF?z?QDe&nhYn0i)RYizV0~~=Z1(+A;C~e^6^j1i z?F3L7Eh{&R2GD-j81NLpI6@e#Z}HuC|9mA6%yqo&XG)%zmk=ag?y8;}!2)xHG93>X ztTr2FY)3o9E8&?1DTZ+ej`4Nmg<-#XmIiWecjrZRvNV#2%{EP(S|jcULsljM*$f>N z13p3zio&tMP|)mIK*(>In>&xt)uv?M2pdm|`hM5is3Xj=hN~t8Mu%Hfc8=&fzZb0& z#r@=krABrX|9Gs!ds9R6E)J?^Q$;Wr$q^$G2ui3=qNcWalX%G-#uQFa|1CxYgI*V)@XMi zy#JPnG%{tMU22WeSF;nT(3Ak<<61Luvzr!f58+s)ycWeXZ9mqewlJJNidjwjo1I(r z*UHnTv)t4Y!SBIh_~g)K6=&v(TogpCFyWL5RsIYY^a$9AbXCqs>Wa_Dli~EvGdnyd zcn=$kR-~E^#F98=t8a23R-S}X0e{OcxZ;Lyy(_}x%f8Q^e{JBaD=x8qnNY1U>F|R_ zfL3Li)ahyg+nIuCUsmL0jnQ*3b*zw z;Ejtrniju1N`HU;_um(U!lq3HxHEax@7|D2%~C&Z{5!}z z{zq?@@(_`ba``L=Hxdg=zI8&QTH%F6zrz^akR~6$Ex$*EzF(9sPYFYbr^G(9(Am#B z{2h$lJP%|*RGo^iNs6wldPYi)*Pw!!I&olM+7ZRJ%C3M8C%CcXh@-f>2$di`&EWgM(Pik;utc5Lo&OzM{AD6_^Z|7D;@F1<`) zlA25k!&8^+&6dw<*F6TmzM^HFkhwTrFYR6hDH-Yz7807HWea9g*AT9}Lz0-+324+( z8|62CFa?@)eeOH7*MqpCbxQ|^rky6C{YgtahJHdnK5B6L1leviUa{1iDlW(ji<)#* zqwJb7$bt`;;Z>D;@tT>$2gRkw+uQtB>Zwn#GXO#~OqxLS*nQ?9aOCl3t!6@}MC(v^ zK+a*C<>5C%<>eLTMeQCO)$8Gpt?G$>GCvWgmw)_Smy?l$)1*+MsWODzZ>a@XoW9q2 zwVN5>WK^0lSp(yv{R^|^i%>t|=AJBD;(KR@m+Jl7_2mWX{aY_m@4K!dVOKn+B;F)Y z;{kcJ1CPcUDhRlHSu0dcn5l`0psXWDinv0bL8A8P4fEqgX}WVx@TJ8yVc9)jtY;PR z_pDWcr`DWnLdBZZk_FH)mk#{}fK82~h(#CQ8xx-;J9sZ5u&VWyXf|U6X~Y2NN;RoU z@3#i5?GU+PS1?UH#<3wXgVt%eL{O5_7#~d1)>CT`A5H}xGsUX-vprJMpdTp-{0=WI zC|9-R3z}vBvFYg82(;Fk(<~ilM0nDB*EKg$%b0bvT*a7dEjW!*|DvTieEre4EPcB{e}3!9SiPlbG|>Bg|FL3Y z@CqF49y9MgzJz_yBUZm1a&;Id6u@C0PyRw{-3UcEJ@xbZuJ``F7>U~ZxY3j0d{Y=S z%X|b8mA|DbKboR#dHl9xiTcN>zO$w|&c3}IULEb^zWunzzrCmr?%JIP`v^>O;I5M# zmI?PogE=j9TmnF=sqZxxSMINQQ^e+>1k|E25Ef+~vaD7uE5)gjhZQW+0J8TDl$PQ;Z`onf;(zjXj{9g{P|mt{ zLigCizWnLVA-`YRg+eXdecitt3$oZ_1tI=<8F~P?|G-1Vz>~8AuOew%CAirFEF}p!*gYOS**vpP+LhQqGkA@wA=WQ zZ=1gEp*2Xfw5q-mFSP<}E$~8Zwa)AoRa*9jm(sZFaA3YLi&!CSl9KU$^!+Et7Mu{< z)j<6q@$1=Y?;XHmdXx>oMt^jcWl;R@2BD7M7zR3)E z>f`*CPogtk+5u?3kjtFtAaG+pO|zJKuDMWh)A<~hX22AlNmM0rd7?TfA zOmF}}a(^_1`EK%VXLoZH|9zr2 znY!i&owW65QZ~Lep19EXD5X)ddd-7do2u#l&lo!{BSGEh;M7F8-ocB|{Gi9)2+$CH7t z>FeXcdJ*B@MZG0yeF%%H+HwLa*gY_HT<%bO7uC%D7kM1sbd-JK_OD4oMI7NWm++0e z?GR_uPVG*Wls@&!&zh%Bmi4FeuXd9%0%JVh@5gW_{-fX(+pbzhrQ=^vipyWNhlL=6 zxyS9Wen%R?Z}Ehnc(*}5SK%TcbjUR|WkZ?5J2M_0Z_Cz)LzKA3Xm2Op*h~d7Aq{1J0&$WSc#L66=E%d$4sl zJSK0`6`n#5XNC3DoNC};#WNV7jdaXkspfNVl?T5@5Cb?Ns}Skj)$txIR=Ipz9&8!x z7t%^E#E+kwx2nW4B8cCw^{7#0)@}H>?Q~HQr`){f$N41{R$e*2`oYdVXerwPpOk7V zN7fyig(a64Jh^{8NsVx9G8csx%8SA=!kJTIYR5uN#LyXTN?QpqgY3=Aky3K-mja!F9F}@xVpZtW?tXV2mQXUn~0CG2eWVYXRrG) z{XG8nw+jWq?)U5a{YSHp%NGUVL;b2g-|sgxp3k-VB(u4%J3@)wpW%?u-oH*YW*9K_ z7j;n4y$oy<{Tt|~hgIME1h@1yQ0_&0J%e~Vw7d`ZE8Qnpuz2k7zJB(M2-G6rgH!ym zl|L9w?n!yvOpJVjL19RUGw;DS3q+Br6SyOKW`yg2+;D@n9HLr(fff?Si!beL`5BKc z%M2K4Jm&Hz`1;9Ch)XsiM0^e5+|)!&eV4K>*>y~@(#Q^WnUY);ckMU{8QS-l}X4$eynVtxh#a+M8gpp6g?I2)h_ zxy&dh!5D^O0|n1~RP9M;=<5JBvSoOGKQa`DGpj_Q04rK-`jtmc%?0$eh%35Pi0cfu zrVKb)4x+XcQ>(UM1$c)@s5xi?Y2M-k09VFI(ODW!w(l7ydA04Bt~&q)&WVgp9E3ai zc{*0xo$auDhu2ccMSOI(Q%`V3-0K!to4ArZ@e3w9JXviMy^HaVu~%tE&tyzxu41@h zzqhkbj1j|~?fptJP$ckJf_FaWG6sDg?ttGk!!}k$!J+0y&CMvyS%{69Uc(*N7=Nxs z5H%Gr?e=>Gd@u2GYI6P#3S*vGee2rI@o&E;7Hmw7Ztc`?K-ypEj(vdtkf!ubLyAPR zWcqzoNNy+dG{20n0(t)ASVkPw@q|(C7S^>TB^rQ>s^ekP2OpVw+yAOT|6XXxWeqcqd9oXwLis~&V2}#aSM{;o9xW3mfL@g z|4g=GT!}j#!NIju-KO8^*x~*%3pNnSW@fu#rWhLR2)wN6)W@|~yggW)O)8y!gX^fm zHS>5)>s%&;qpSU-M>5tZG!)!g7pYO=05}HXMB;i;Oq;p!z?85mYZoNRvx19^&YM|@3?!jCMivyK95v~2-mrq>i{+U|d@ z<;OTTFyf>8I3T$e>F|fYrfSXSL$6)tmrYAwS-FY4ewN3Q)ZQ!q`+aWlX z4$GNHZT+~u$JgfkT&p5cK3BO0fK5G}SeF)?pevwv;+sAR=5;9${T#J%G_|=6ygPJ`L34dF+*rSK^bxdRq zr2grIvyd6~H;c2Fzz=u8Mhp-4?ojct(IQ5=ek;Fd*HjxTqB~-t=BX{&xr-q~OyJvJ zou67AN+P~tWWFfT)OXXubKW8qp>8dGt^C{^HP526>i8~g^xY6o-vU^)=9@k&YwP^m zI`I3K+ZavzoO=*_&`WgS(`Dd8b>Lkq$7`)heU62_Zr!jUGF_YIPLnD%l&0$W?ZQ+c zJqyKxt`t^gWqHAm#|2FhP*NAnI+v`Y1CZ6jXe--wCN*bDcfv>cUD(2Id2&Cj&s0u# z8@8AmOwxUFJdFASFi$MVZVPNq01iiuiqX&;d!;5Z8V_B~z>0ef0W8A|${|XN+4Q93 z>+xqZzLl%VsqjqaMN5oC1IRRb5Y!pSFGQM|!W%YdJsjZ}V}t(3jj5>I5e>OVjiGGg zsHpLW=ywpa5s3C;-j}s{m8w7=PHSK((KT%>#&PCsYg+XOrY3 zMsUIB{3%!SO~ph+d8BwEiBnji&1(NKASUD+gl~lxgQMV);Rw=OIU1qV}fvwiabM4gV%@ zYnM$o^FC{@g123>**TkiaFNjCfnR2PBb9jkF%n%=XAHiw~`#gNrYL{ z6i$po65s^EA<^0zj-kvp=GLP@E)kGBgs4doej}eB9RrUnLdOq0Wc2t+|>6)QR z;x+W1B(~{}u#7Y~MO+q;GT*?Q_Y%1uAxQ}-AzLOE?I;D^XW&NaTQd8q*Q_Krgvt=3 zqh#FuAP{a_>}u7cd+ry=2=6F`xO~A%=T72@F-R*FEiyr`l9{Ks-?_iiZi2us^+2u0 zU?7{xrluYZE$_j$vk+iEiu5(=IQDViIVLWip|Bc)Pxo*{-uOer5pLL< z$=vTlPvtg9?NCb?aQljucr7}guGA7=NKF|N%ysG>6w7()jxUMj-0htglwZym6uUaV zmw$l3v)!6_oqF!RPD9Wu3<|gmOw^=|E070e>#H&{{A^^7CToinJ1&q9|iTkFLFDniNPq$q!P#*Rs z@njt*Zi^@*!#yvCnulEB4bbuR5?Zf8_HT^Y0ylB_T!jLN#>WXaRL=9_aCmlXya>z) z@8Mz}xfZfrB00615my#oVS`+O(jkL-<`V-t0qiBv!gFTqX?~GD78T;oPsl2#R~Qmf zu$1yn9E)sMM=0%l9j5}7(&>7j!siinUR;V18y@Kn*s;zr>MdB-P}^L(ItKwi>jmIx zwG|G}=C3z6mi3aPDHf=0dJlxXA1xRA z()O0N2weo_ir4NqL(3mewkar=*=2#YT5gjzm%`+DLW#Do&8lY`%=%`@0i*vLbkw%4#hmHTRDY1 zP=^HvBSOsJ1# zebH;Fb&=>Zy!pR?1g1&^jY_OCGlj?!N>XYtj&V7C$y2WMM`;cEpeIYWz`4zd1V&ft zMt=v?ztygd(xY;8n>-^F$E<08NC_daVayJK5Q2*)4=C}bKs&n$!20P2qe_%`XtSJt z8o0CqQuJw3Ue+ruEhTK}l0J+jywZOaBk4|%z^AvHNAexoi!h?F7g!iA5~`L4Jh%nf z?S2GJ8f!rfR+w`k%g=#3t7QBVX6=92XTpM@M~8*w>zpED*S402BIYyAT4a9R)N*y(v&v0XKQoOry!`ndiou-J1XxITCpN|&@ z!Iq)?LjTvkg0ts~qDB`|=u-9o^%g?!0JV)rrcqg{vx>AKx7U9~hG@T~as=(4!mba96`Vv=aRnE>Xh09ANJw zldF3=-dvb-0nFJ^b{Sy+E=gXR0&_P_DE7>L5;ktB3rK{kZ6e^qJ+MSnC+Nd*x*vs(V*voo*xlfic?&qQ{LfFZK=gCU#g z<*h`g&@-Vlz;Q2F5XJKfmrl64Kmg_UpT_Xb9t+rN&xYH-XwXc{smpD8H3s0BC;PBZHt$Cf=M&6VLY0HLNACp zC}F8{u{*erj?FJ*uR>Cy==l*gDFSJ}ga)jS7|;tj&v#y|XXgdD#SP4I;FVLPKSeC$9AgYGZ}M-mzy&VQx*x z3tjl_nvgq+lAAgf;fj)znzJEhuO)7)CHb;8T$3Sbo+)msC1$LJN0Bi*PIBL@?$&9ZOO{nib@6N<~m~noeT$d>}tVwu!NFe zii2x$`?K~?{69=4TynfaSGb^?V`yY=E9OlIg+L-PN#4p7S27aC$?~uNYYBC zhtR$iw}-)I-IGXMfN&g$jmhG~Edys6v;Ya9uyM7R@OagIS8+CccfHq$y6cmi7k9pW z<->_n0AdYTG98(AE@c;Iv6hC+cU3WYfSE)1uBO`Y0EovD3d?Xk|8Ssc{?3Wff^_0!CS_T$@c3_vjN zL8@o@tgIC(H}P9!!ed#5gqOINK|O`TPi%N!pOmLN=u{XLEL5b`EZ@!2_?+?=XLu z6~9Ph(3)hQ_te$ubz2yV!o+7P2)b>v{_}Yh)oLf(lHZ_yu?A)5>8?^SM606zG1=^E zXBodBXA-|K`Y-mwvt+SE`U#w{)aP!?m1Q*=P%T^~y0RBAHHk8r&r&cFA z)LQu@5iac%5pEL8_~@j>1|6=A+?P!v%nC*CPd<+4su<0kE@?|VNo0GzVN|SS;?#UX zAvNq->gY*(`2s7}Y!$4)kC8kTc*^4xlW_8KT2VS-Cv4+prGHU7LsWzy{IzfLh%C!A zjA|Z$4S)^R0AtEdOP;dVTLe0DF=Efku5)1hZ}%|jBV;yBkhKnNkoEK`p|KHUx_-7b z9su@yG7ViezXmMG|F+bv-Wqn?prS>Hn`{>uI$U0kK#3hKWd33N3UY)KC<^C1iFYcT zlT!<_+>>zJk33r+<`O-kY9RVM$}@D>Jm9$$;#7I@Hv3{o#0*0_DPQP-BhortJncy?4S&ei7>C zUTZ$+%SJD1)_A0sXQ^+&YBK|cIji@NRfCFp-IKsHPgc*|K-TsZyN>?Ss_M+@>a)07 z)KA-o%1ZHelm`AItW5nM)L8j?-uvNDlDpqNpF4h^J|CBa`hK4lZXa(a zeZHSNXn*5Q{>kc>FNbk`0$$Hgt9iceFIz_=XLGM>H+g~Med>OnUr&_IZ%u}jbGe@f zf;a<~e_hd-MtB2`{-vQKBoMTVEi;n&n1gSDATLEhG&0{y1ZuSU8lT|HgV5V2rD%8;S@pS;o#8}%&c_=RuO zlQiL8CDxXvT>k{Da2U@r^lOtv_lCzhOrK%SKCAW`BErBI#G{m2Q5+&Gw(UmzreIIQ z-4|aZkNT873?n#fnKD6-#Mmc9F_9QB%Ovj`4G_jlDn%o7I2A$kg4J6ZLn~F&mPWiN zX9hQ98Uua2twT^(Qzl@zt^F$|K)umaN)bzV;IL$Hf;$wxFww)c;syA3bfjew83 zh#;1+#0qhC#{__hR`WYhi&&N;pTFu=$lhJWi7stBEN`yg1 zH3HC8@(|D@t0t5Fzu^s`+V(kbr7$c$0;B4>7iys^x>*p?ZKptrj)=@0;xHCf5YL(M zGqL1C|L=AO{8dVZ+`2zpDnF|CeieJsEsy1=G0o@ zx`do*z+E`8%Ql*i56BeT@7p57Lqk2+tZ8W2Yo++f!_d(@_-hCVab4+)hb6ruNL=+U zY%PC0mBMs#l}BURmFhVEcB85;bN{FLS@VQ0o|9q}bRsyk&rtD&0i&oob(DuwhpRw; z$My0Y>dx0c$%F=TK*VH;M`o1o1qRzMNoTu?X0GjP%ofiu(EroRMA@VA_4~;U5#Y@I zO#vS_D9*S>rp>R`G~`|g6wIB%#=xw#Pu3aDim&7N1hzj`a{o*n@?G1%+;HH4f9~0v z-L*55rZo#Gj6InmM?sIVJniD4f5)VWcQ$P!EB)F;KpG@DgWPJz+mq)apM3(qACy%1 znI&QoTOJ3Fjqrvag4kI<*p-Q^sO8-+K!UPE<;pqD8_UHN%f&6M=DtvzI{G&HAM)H? z(Q?@Q(6!;SV`b(dGZ+?K!h+EytBc7}jq1YrMH9HgVJ0{vRBx}XL%_&6Heg-p*nJhtceWxu0zfIrD zt7tF9G#2H?^Z{A}KWMW74|+|^FwUmY`UFCzT0QNGoMa3ly{0-GYXT$x@_6GE&F2;b zGeik`iU8ga~9?~%4BLkVncYl_bC&5>;MD_b}faOv$7ST*m}s7iTuTgxE{4|&{PnUk4sZKxH zn~tO>S*vm73+TnvLE}@R(HNOADA8}_Xmi7sasG-|b zBj!)eG7%`x;Wd|@t5Yn>irI+HUa`-7MH{k(e1bBqxe8)JO8k zU!{jnKVf6rgbtxj66he+F#$fO&Yy+z_BZ0J$~0e~SfT$kGk-zFzZ7QI9r zzQ8J<<7^|Q8E|ong@(|UBRGzA&XG%C@Ii8T`!-hO`#JPDGG>@Xc*l`tiD$~PZhnRB zNRm;P3xT)AZn-f!7wkdM(UboQ#ZJ%_J1 z(nQCr57h#VZ*8K9jTzF+|FQ2a5A(;+)a9hjQz+~s#)hQ`X{X*8^_Q#xPvw zlxGk*CH}^VE2ElGRQ2CIlNk92wuN7~jFhE7Y&pcJ?&hf-XA`3d=ZSEWtJR8{E#ppw z7R-wq!dS{dMh^jCK*F=v2Y`c`I3uBQC*agv z6_XP7x7pwNgMy*E~bueUsdP{Wwm+L)Xy&?lTM!aczmHqnRk%8?t=0%>Jy4D(H zVH4FeCTIkAvz-V^wm>_0)WU-D58qEYqO<|4v&`KZ8*iP?w3GZ8rU{6+^2{JShYH&AdK?+$YV6o^aWu#3FORzp#N!`R1dlF?t) zB=u)PMRI}$bh`miQ9ui1Y!u_W`|zU!iW-API7%>FZwilW+d!o!1SmP_OFt{)&Omv( zb~StJzRjX2k(vK$e&zYb)1_})?wnJ!FVdYN%}^w*RY+kTT2C0ff*08;vn6}*GWdS{ z{{bc}264ZMw8CWr|*%b@98@KRIbdBqli2q-RfBa;h_QoXFRm(R;NLTfm*JeeXwy=8?st^L&D8 zPuG2!oDmNr6wH2F(VsgsbX2uKIo)7v%-S<;H2Ei6|LYIz+p$EoO5eBp?hYUhBiW|? zY9ufA@f@3eX3LUtYJq64eLv5)=e`-iKl$e-Yn&O-rErTPj6OueTUki|8DBY-TO`SW z9OuBe?Uytx*|X>|sP8O^wuq%Ex6sbY-`ph@cTiy3)(!Z3Fbh*LUJY52o>3 z>nvmAP6*~5ay$L6k=hN-Fda!tOkIvUp6DAyJ?Ip0EdyN7wQzIFM+*76CYV2Zx0o`^ z7@IQ*$}1MZmUO*?GUOC%#DDRaW2YgmkCX;oA*x8rATgg4g+*!)7of(sCJ3)-NFW(K zV7Y{U#MiN5%S3Ojj*lelRe@0C{{Eo#jPj|T;Wrx=zI+Y+*#^`iSO{QECsz2c%5289 zp88q!ko|PYpLGI%zEs~JO_s=J@eK^roHDIut;nM`pjcyD*McAR!Hd?k117QY(+iN~ zwT44b_1;Y{QJ-1EP$sNgExr6PDysai>SD%;h-_pVP~Wwmo2<^$dY1Ac9|SC+w_^{_ z@w9Re;IFdI4(o`GpEI+&vorg4llOV~o8-Q)?Z&h>KdNvJN> z4)F5R$D3yH=aGQQwRehT(vfIgfu=$AwO!~Dtw9u1 z6k!`pQnS15)Nm*Kv?CE6sSz%R;fKm1?dzMZM2(HwP_c3GK+DiR(iXM(fX?RtNz+@; z^WPHVSbXnzKa_gqbc0=DKF+`BhdNP&Rqn|LIpvUv+`8NJSZNSkHuHoMNyDEVC10et zkqNo_tnP<3UsTXe66vu+1H`7@V3{z!Foqr(H`G#?H0`lE)XK)%*4&lWdAY8!{*%Ce zw?D}5!a|=D3`RNL_l|IwO+V3Sq5s=E4@9$UNRj{35c4O^-lFEs_>Z$TVQ{R#e!o$9Dt$Wn&f!e z-9Q)R`5JIJ4UebGqFN!fD(-LF^Q6ZdZq1s1NlrT~t2xR=9^gK0?D_NI8tM1@i6~Zk zM4xNU;p60YK5<`%@~Viu^(dCbx_yWV*(?!Q(XJkXueW;`*2341~a9ED+rbRNo+)&ECCVjc6c393v zsFf`1OOmLtMzTA@Pv9N?PjioZH<{e&pi86f}X z1HlB`-`@Lms(s!LYa|LRe3t1cD&3lxXVz0{S+~B2{lIe|7r%Lj{#yh0=1^I>41E6A|S^uP@wj5 z^@;p)dyuDhzAcV@a~nxz&GR~!2%gZ>;vcyohg+%Fksgt1u&0zEw16*5#a5wH$7&~T zm4Iw-WP-DI>`_27QRvp=dFXB5gwJ{^)ogxGc7rJyY7=}RJcUg;Hkyt>6g|kZNiBzln9RR-pc6Q=f!vgsE+7x@B*c|1EA@bKU06@RHQp7LS&wT7|gTe1qp>EgK?@W!$l zydJXB3CX?GNK5>;bdI?|3Rm_TlY>b z7(Zk~-T(Pg$&_4TQscm|yAO>(i(;e%F4t9jx|>TUE5G(xOHzMjD3M9}uIrH=rADCt zn7Nf-a8s73>F-BSM0Y%=JJir;ucX@t06efw+McMKETqAT3$yE#0gb{uUM1Y86UXha z?1i?h?dgwW8?xXqTBd!UTeD*r7t|prm84>w#15yB25|Kgb#8P&~xR-mF$~i8iP7vx4~+4L_u`yz5CGxpLbQF!hARp zG}z{2%-9?*gCce>yW)_-Jyys+jc6E>XTJ(y7{Gqm29}brkBC$wfX!R%t|n)4NWU&R zuwH&4mia-A8EugRieNNxq92aQK|LXGw$uq7byoppzyrck%wc1U;k6N>0e*Nt!f#qt zXu8(evo@*FX^QNU)1sLZaY7tpeuHHtJYCN6xh?kgKPYJ4UQROxd?47> zPM@)xzMQK|ZjnV>>&Ec^>j>F2{z-BbXc9T0am2=*>9x&~Sb+FGgjDANd1=sZIc*Eh z`(8`p7idm`s1JRWSFt7y@OP^C9o{ovnjLDQ^5tQ%k|#dnmSjLs$OH~x>liFsL_!#v zxbk_t^0z8_j(U}vbu`v-OYorLbBieh1{1|rY5n0MQB&;Ma63=*kE4JU6rQABBQrwN zn}z}HtRK8HH*d-04HMIu&Dh0(N)tR8pUGb35Ijd{u`l|j2+B28l12;lz#iYszT|yl z*^u%DBe2fNjt75imI`E-n6TqoE(6Ma6UQS%9YPD|uYE3I6!bF$b04~_etx+vVeQ*A z=5RujlsHwX;{6PcxyO~P)Fpa2e1ILY$fLP!?SCM7@J5@9oXGX&ari>tvqC%re9!e^ zsFlBd&|rohJ|kAhMy{*>+Mnr(jiCGY*WCWsWg*{-I&O8{;noK&nBp2+<0>tO?@&6UXhN z2R|-9>mtVDG~TR%&}Cbv81$@&h47ivNkzi4F_jH=3Z9UqFOkisfgMrkmT5+R7l8my z@E2XLAXSM9LTJ3t^EUo~3>;~Em^pBoD}Ihx`WY%3o_4u5|MQU6O8X*Gc-`aTyklJw z4HOZ-S5o)*P$Ptcwm0?EJbXxNj1;K`LNp|7 zE0!D24aUaH5lwfLmyS zWu~>4jk34lLjPo+kKU|?I|U z7Gjbla$dO(#9zUGlIT`E(fl{*JVB*TO%Ji3+tJonoc8BgIOtbCTA-*k21{L)qe^9E zwI!_Wn`S(-ok-6|WfF708cQqSR2A6O?cYGPX&W_Ov5sMWz!S}j{~cuZG#4gq4IM$t z4#_h9zVn9mSUoc;P`M*z8br?c^`-u*X!VnZIQsjuskBm8%8&K%+=%$4;Cfyj-qBOs z@P2sQ*t$a}oc8z4TnNRodhtiKxge`C1Y%$NlNEtq@fsK1Q=xyQj7T9{Lk-`cj#Oo?n&qE50!B){Sq;UD;)&33~=U^V6)kpxR)J^DwSISG-G zkynv=kOQ;gH5r+@zvf<{>~oY5-^2v8dqZ>)+S%DDFad2(yzmrc%!aQVFx!oWn#1je zE%02>Vs$Y)hVxiwH0$@j!B?m*AWD~9Z~-J`l^k1o)OoNkDtalRpE$?ip}Tykk;XS; z{J}gX*{FRVp=F|XZTrW$vi_4gR*(|X@d@A2*G2@Gb|=Y~Rn zTF;t5&nmGV143E6qzDzCqjD#d-{`u|J{pfSfum>wm355`9pd^f24yyK$ut{IwSA$g zgtMpqtJU24*zq>G>j@i-$`z_pP+Ixz2T#D;@JC|tBj_qypZ^I7X`3gwZw%IyRCt1rDKtb|upkbzAg7wiyN}wwi1e4_ z1AH>Y-$wny0tLJ=5E^15QGH4N*=P@Hux3GTY!Su~9gt-L;u~E=LG)Re_e(#-H{ba))76D z%P|G7x3Ed$#{PpjN{#e5-3pHMIMnhQ{~3*e7Jz8!ptNX(t4g^ziqwjBTI!wn?8Dt` zg6%XpMzsl~dDKGv^XCuo-2hy}HPqBU>eUGA!st#F<2C0cE+SR@C#IJ$!T`i)`=JZ) zkwP8e{GYBCBIxv#938AGe%fd5QP=p7&*w(s-zrt1C$_q<1g5EbZj4{qdM-KWwvtu# z7@HhZvfVb3cGY=qO2D`zIc9SgtRojV8(YiC@+a7Oh&5FHW6Uv({^YdOgK%ZRo$ww& z&0lCq22=Qa;UsZCQOs`;I}(&;^bUqC2q3VwJg~jHiW#EUly@246+d%zW0-`7O>gm? zDbaN-?-71@T=#dX)ys#%*uol=$Ih5bZrVfW%}@_E2I1qwQ806DXKF2tR5nxAXRdwL z2_=0S-{;l7WoUcn(^j|VuH^or)wS$x!Y@tp2TWrW@_SOYWC((awH6XK!e0DRx4KH} z1kqdbL1YyOB}Ru26aa#^$A-)63Ia}|f85Hi*^1zTycG!sjtg?fxAgpMlSe8>?YfZJ zrnRNvP^E)ViC=K@t9WB+V}SkuB|fIA4StLQlB!TIX5oY!{s;&o$1){B@n(u9;r$Vq zQDP4f!|rCunz3aQ5X}20QjMVCsO?5OLwqgkNF}CsoBsPLA>I?Sv37 z3~=6Z~JwvxQ~d>hlk%# z7M&Xu4&nD(4$V1sM$00Ezh36YX=C;0?a`3S!D`FcCPv62<4`k6QvZNcJCs2Gd#1Or z9BS6Z_+h_tb@IJ_xehKh?&%1P9O)O(*>_F5#8lPaY6r>2H}berd%YD^)e4bPbW?8c znc@j-)%~&`BTf&-YROo_uYQmM#su1cH!10HcktP2MJ*ll-89fp5l(~4|n?F{&CYFUr-&NeX&TkUVw79}o=^zr% zueO{Yg#0jA>78PURj6ORF>bR1$pC#zm}i?I59u+64&uQcgxM~LwDmIrNRcwj%Ns9W zF6$|AtSvLND(726-s*XSsVROQeUUk#Cu7iMpPA(u4Y@fzGC-d30wL5=0+6}n?1}PC zC$!O%a|h|TCH%k)0JTrO(3bKkh@F7igG%? ze_#p#D_b9f&c@-4{`i_5+`nFH=5I-+pP`pFLM8Zch5B_EOPzed|;OAizCohD> zZKgmRxRxFT&T?hzS=eWkzZIIyNg&&dGx$O1N&5B`R;C~t*CGV70Sr*Zg}ULg$y)iu zoLeCzPLo%_t07YyIE6#}M!j~m^ketPG__}&*<$HeOcjbZC7cFm352oVeW}#2>8Fs7IU~VIyNbCj#aU6`@+8Nj~H7#ZC@58!?#(q z>bU_sk}^pV2vNZCkigV{^whqK8GaR8Hes)%#n29TrO^`no-fA?U;oP92_AIB&o`xp zkm}2BjY`4~Oqj_*;>q9oP~?&yA;G^&Ql9I_cDX>}m%FGYk_6b!D2FDA7+o=%>(+?E z-V`ngaQ31(hC8t17c)v`n!2jZ>U+gV6*L*duTb|z2BVHMTvR+fidXCtv(P-TS@zy~ zz|Gh~NsdoRtFxeOD`cC{(;`8?N7rk7U-IA}*g+hACT_qrgyBrr+wLn;fE7ZQnj^5Z zmbg3Ni(?Q2I+90R^t;kX0tB%^LV6p8=0x1Ok~b={gP%pVE1J}lW}b?5n5+%@IkU<_ zFGbdIF(yc^#g#*c=^?auR={kIu^%xEETgU1%S0y#Zgi7IF z^+@DKFZx&uLk~{}56jczDGnt$%Ijp%D?6e>s`KE{J>}sl<+bmbhS}fmpLd^EFBYF} zcz;4|^Viz7|6fupWy9qG?)U>@Gc~6v21ePN0P*eFP=%&S-M3gVmEp+$U&cpru@YmI0-|I%lm2+^Y+S95EpN7EY*gKLDp6M;`li(#nev&T2ju=hH4q!xY1q9flNZ@w3j zB%zIKnu~0|aIByX2)nOeW+7D--{de-0gW2*?oiIe;lo&Azi764hbY14kQMdjodxLx z6^-&_Wyl`xHbNK@aXgS_42)Slr2v2g4Y$N|4CRC3Mkgo&gTz>&0Mw7iy^FeuX>C-C zW?=qIOYHYroc%XQY*4iVa{Z(_eM0yY*oh1X-b3R37O)E)B&Q4#V;6VHw*|R<$@wuY zAVI=BiYNmJP_Q*1Ev=~7-f*O~1CZ*n1^pvf8BJ9Yt~e4v29o|%~8)gwAd*E-_3s2>^vmAUd!Mn z&X=u|=kOwQk;1{KRbfmgR<9FUGpgoM57uRj9GDbw{Q2Z&z1^`DLgEuTn#Yb~ z?h5MWI(RPIbStV+2s)K3oGv4EvD3x2gk@w~1J`CrGD@FyKmxGc9EpZ5WRB0YD5g)SgK)HTPXSsHiFzVF z;}%1j8PGAfq{9c@&<*fGv+VX?_&z3_Tum+PfA>_mto`v5YT#ya>#g=QGAjO z2J4v*Qbrk!e(bB4A+aA#T7n~yBV^hPFy2P+N*;Wpw)&-u#uL#I^eGIDfWJ?iGIC<- ziUhrBira5km*PJltC_p(LmtBqfh`=^OmxHhV1dlIMx{?rr)+qRij72f7(OF4q?cf6|2L^Z!=Y z5!+NcL`qSg_=4*dKU}>X5+1*g+fw~jOY%*E=fl0=kc%Q_G}TxA%!HF z4a-M`8cc~!i3=aT%HyJsP|v00QD;?Dm{w~_R?!;+k^lf!_a zhtyow?e6&u2_w8C|384M3J&L7j&20Z!M)t(#TQhNEjTApw~yM##nys>nMTG`icLaNG{uEfL27iT+&HTtKfx!H(A zd)$g5&TJN4aDz`~Lpv?tHm<_|!B%NQn`4J+{%_W5HZ5)v$|13Wg?IaRrJMOd`;V*R zxfM%@d19HUYmCaMlI+c7ryoJizg?V1Nfl{>@-Qvv#ficdAE1b^e^-E#G`e}g#UjD| E7rBDc zVQyr3R8em|NM&qo0PMYeciXm-IDG%+r~l|h z*M><*LQN420m)XA+|T|Tyb^qqWJ^|FDxA~CBEiATU@#aA27?4~);S)cj0aORivMyS zWp8h9@8RL0{C96}ul#R!@8SMmx`z)Qb`K8@4j*;@ve(`39zOUB?A;4Cr7~t5Wq;XQ zx~(#CUr0eoLOJ4uCamWHgovY<4uTMI9^-(}PKYy3`UFQkNKwWUoYhu~2uou$Z6|1i zd+_qfn=?4W*`%TN)%X&(Cpcq-CO!C%$4A|u`>?(DAGMV;9Am_=1}y~ELn(P{zMkxR zC{69p{h+%SboaanvoIqmmk*!7UvWHwP{=v-X$E|VC6WQ5@K-Vz!dZ%O1jjKQNAMDH zGQseaFrJaiF&8iBXf#eps5s>Tyuslxp)nmy18+zLVnfc;UZ*o4d^o-gLOSXQRNI2u z@0dqIfrqHWdL8*jkVZxWT`QzXJESqqf;1U;S9p3&vxxP)wj#I=WXy*&6Zns_I7g?7v*$3|_ER_L2H$y~ zT4Fb4l|}0R35v&<-P;5(TmK(Ecyv(F|A*a28~wkIvbEykZNbkmy+kq4RO!l0!kA&H_E8)|NVVEjRT+>(P6u*w(6B<3z$FGc z!C6M42q$nk1(HN$LZWe@kyF`*{4D=jLMbMU1MLIDVTQTX$;@Ddn2WKh!7Q#Rjew;% ztVPmP9*r3Xd?OmswHO*<)l7;)tg9PkFXrAX!5qsOD54?jaKx@yC!|TA48|F5r!;C? zHgyDMZHZ(%&Bz3C+|KYoOpeozCHzbx^HQ|ggJ1tyWPquDe_df(kRO>JJnJ_$3;ec--Gubz17R~mb5Tva(|;{%dk*M zhLFdcI`QO{e%*7c_Jved>i?%U$vpA8@mo>d3L)?z;trQlhJhrEqd3M9kc2CfL)Oiq zd0UX-KF)9wVn7fo9vwe{V`Y_wh-07`{5VdcSOAoLDdsd#(hL_oW*2Z7)9{J`N+S8P zeMxVm@ZlTIye&v5$30m!nBa``rx(DukP|tyE-^4{#}-P{jHVe8EjKpADP;KFm}D46 zZ(f{vJZ8sFgjT=_x{QS_-A6IQo*Kqn!#F{y7(k*WnngGhU`BMDa6pL~;3OI3b;aw5 zNCVsbyl0^@J0|CVbShey`7;GDA{h=jRfAZ8kn&)$p_x%|Tv(nF$$HSiJX9uSh}vQ$ zAwgZ?sU7Kcp9@LRs)5N`O&#umfYpN#1!2bTWmu|}3`ZRI$1$8?E`)vDPajdFCXXBu3rl=1gno)iJ~3o!b`xSKqN?g~L-S zmWw@uQV`P+#frT=wrr^B&^zjqT#txS)Fq;nwFAyL>uBV374fVmu#;n36C_5vcyxuQ z7QGS922v@ch=)VTc^(_RY-<_wM;JVTS$}8aBq7P5joK0ohO-F?v9*L`hjkbZ#~Dcm z=W?yYW5aUUuCxbC2l8+zjUTTOF(VQVa?7Bm!I5NO{ycXe7ZEI=XGdS{NS4p~B*tf) zX1F39LLdwM7$J^4!|7!djg>f~aE0i#AH#&k9#|f1r*DrXAI*qDH)n#Yo)+H`&8GDtSX59rVdD%J32WSFs4fz#yK)sXIRKry4Tif(U?K*-Pa1P6!<*=HQOFr}(yHbPkt$4tx7TkEcw3$*Pa8!@im&xv!^~kn^q(KHOqx2aaE$B!CBUA>3`dWYVF)5 zHcOGvgm7ARJ=!I?wytWVW=m6}P#3IkoQ6eZ>7CSXc1^27azqPiP8~B0e|_`j^bD>E zSB%s9Hqg)LsN7z?^m+hkM*Act$zYy8^}*r6zW5-+jK-50{@2_e(=l~dW)m&$lrc?P zx5m<~JN}qDZw#}`b^W`^5mPJlj^}87u9p>C28QK}+6PuTR;zu`m=DiM!ZX_W{hD_Q zt;`tPTY#d70fIEceR5-rOeQ19BrUseJtX0<;z3GjWUS9E7~(h;0@|mU@(C%0Z-D?| zFiyz3vDzvGHcoK{x!YM)6#{cA@#ul?EA(nO=xqLZOR-RX-KTL(uO+@I4hf1O8^@Tb ztq)lPx&bgQNYYy#j3cR#_z-^hL2f$WBvQX0KeihcK+iza|^6Vu%er(?sT>9pN5xO~7ZqIWj9jW5m?$1B! z4`of+g;Rp#$k~!rK;COmrbo+Uf3M&B1&sZk{Sd&HIQu<~v3~w>*L-QwE`C);+!yNo z$I90Z5B;9fjQ(yj(s?f^%!Mj))smx>mYTAvlcms8W{woUjrLH!>ZP}56_`>?REAT^ zg!MAD@&&-rzy`^-QJj)QTN;RoL1Wwzb^$)Hc?NW>|}k zz{Z(b#ZPVcNhi6PZE`QJd6N6<%oDj%H9yQoxA|=rEw-|@M(uQFO*t7LB>93;rAe>w z6p+xK6QOVQbS7giO>~pe>tcQxp|nXE;bf8z?Vn$rJUe;u{N(wY9z6P){AgduQRb=u z+0aiJE$9Wa=J^FrU*mr9jfonTno|6Sps8RX&4LI|6o1W= zj^N~0?xYC>2PuUu_Zb$wigkmrb||_XxXK=xtJv-``1H_Qa^$H{QE9Q@ z8;%nu#4@EM;md{ddZkI)V|fH>uaW=m2dnD@4V7UzEKr)Vd+CUoMv0fw=#Bon=lc7G zhz-rrf@2#CE(5p3_xb5m`H^&6NfR+d%8gZs?N#BpajabUMUaHSIF0lcxY9$%LmXbQ z@#u+d#MPK$^(GLbsXXQRi(2%kA7^QXQFKfb#xq0`)m!p>$Qh1hlzcT#cqIGT#Wtl8 zv&*|C(9EpOib61?j3+iWUweAauJCmax*BFP#90}dPX;5DuAX28x5XU4#{5Wc;Hf+tM!KYGJpjq%@H4Ul5J^# z29mNIbvGF^GR$zq@~C)wa*gAJvqIE`3N`~|f-S7qM}m+i3+#s$o_SDiVX4TDy4a4g z1UlP70=>=;nhP@F#AEwWM6w)$^nt4FBk_&dbQO=6VvvCF`SM3#cU%4>S9U{t%#EcLcAU~!{dpe7 zWXo)78Z`j(!hg2xp=?%D9_Dbr#{PbVv#o7Mzl^2bXf$x=ZrK)`R!7BAgQ(WHg&r;Eti9 z;=gC$Z`7Opa)oxUfVdD5ck528&@26FZHgj4l12GZ`1DI-NK(U)>f)xlOse&jF1S>> z|Hab1>Vo@7jPUG+XGk7kZ%4RKlKV}CAX-FG1Sq>CJVV)3wd~{r$lK0iC-P0pp0`zW z;47zDaX}`&jc^H#`5^{{DmRK`H;+ z;e*4&P5!ral=tsD-+Iq(Qj@c!lItn(zU_Sc=)He029wb9T5%{v)Xrat0S$plB`a6x zMr_>#QSd>i+9ZUB2l7ucIve-<U@mMzPFF3Mfq_ z(t-ECSizR{xoANUz~B|DVxSFeY!&%a|j4Wr{G7M{czX-EqX5nm0 z#Cu1J_hycxWq|?`yjJ{C-x@p%4{wQFnvsO}!T*M}zhQm})^@TeL?v7Ge-4ZR%24CGXEN9WIO2-`d)M4>A=J3NiTq>4Sgn-+J(zinfY**k+7o z`MzdIyPQ_J++0~GWNcd$3!8)2*hMBLqyars?PV2B=|r4~kbT&blc_sp&ys^P%qyoLSY8dAN0K*)Nd0+$T1DnAoNGBnH z0572K%&Dmi8-Nd%{2fPVe;3B0sL^W8#>1Tb(TzK$jE7s(H13poJnVs|#jweZCUbJV z37bmIB1-kxTrbF#6O>jgym~xNP+G%_d0f$(taETFZL80~rBt&4qk3HI4)+{v^afc_ z^kLLtQ(v=;R6RBY|G{lAx>*>bn>%83vp7bMN3WsBsx|96tr4R|5h?mtW+76nxiD+y zAyN}1(7=(JnlrVGYPX?T)-+@)&9a$8=5Eba+1=D^1G{hAtP`#@huXa642l+#{kb@u5(6_U(A95kBE%+c$fB%iq zq@}CmQ+-Yx_{LB$%{d4R5j!rb!QPQ_SLU!XlngLzhy3OjJl&OlyhX97n43XGt>m&< ze{GNd?3%wd3`L;a)%KM^(zZXY@YFn$Tfsi~JkG1(j5FV~r3qq|3c*o>Yue?C76CM6x<%A~$ruVI5&>JA`WP<=Vx;K$!bGiOVBJX3IRW^N;&+ zV+S6o1fHdKwBXe~DEzGaa5w>er8&P2g~B zPIEmNgz@Nuug}zKD{3l-iyaz)869F6HPB*hmoi?ZLFx{rvT^NOX3sM1Wz>xFd^VW$ z#w}XA%1{Z#bsb#=IF+OYszKSFcr(QDC}6{mTm|;3{#U&^G@lh;G969&LSqv+YYV+t zd}6OY5${l%2F3jedwGXg`cyutUkX*Bj8K9GIBH)`6(F-DGzMfNlMMy4xm~8SU5kYB z30IipES0L?$Q0v=S^AZo64m-49i=qE3D+lP>#6#Y-pnLO=-$slf|ULBr3;Z@_dwK9#qQ!ar#trgbKD1{42iK2vMhg9D5NXX51EpGSFA2A_(${C9-^x07 zq{w_@Y~gB`FW2cIziDgVxMrS%Ps`fit$D`sJ;*>Hukla^&Ko9nS;Nt4f@5~XhyfTB zuljJm;Fa6ZJOY!HgDShqYmiIb3!|TQ>g(O=5U-$aw7E@zuJZE ziPQ-WjaMXzo-^=OQV?I%a3~RT=aq}I&hVk$Oqx2}03D$;hxq?1YGeubCl0fN$^4adVsO!hmugb_6=F`mjA|l}FtS0qT6~)htIn zlB8qa%hRnK$}CeouPp=Vdv;4(hSiHcqA2p(5b~Rz8~vOjrm~8qvAk|kMq`nLS1&;#1`!R%GLV#xxkORE!%0XZ9Od|SWvsZ@7WIoQ z%4To`zYEosVK$DNgsZ$lx3g13Lm^*0jbSGU`AzT>i7^X)#*U9fFh-epawDkK0#Val zu;&()6qEw=BgK_h6P#UVgk$w|C&D;Ars))R0wrTb7_F9tQgpQmT2t+2aGY%tsBc~b zDp)TEDaKvP^}vB~!C5hGmn5nnQYO8KIxt!hseLO_I-IP~O>QQ*wo1V$^olmfq}UM# zB(ZYvk0&QD?5%KaW)oAtX`x(1Q+2bRZbgftqn%yhj;|D4yR?g_8)~}-VnIIy`dz_e z=;*3;*=c7i%Pa7Ojd3nrLM{933QxxEDCck?gz@1m6UX*NQ}Vy++qEEXF1ftjPi>>OI%I5_LnGOmM~<(*QOE zy*Ok!GA)_5li>lrd94B=p2RWuzxhA>@Y`?fKX-y}TjJlxkAL$`*2}uu!MDHtX2j(; zzX!kh@=JgBzkS!kPfs(<`Sdlq7V5)?pas5pyZyfV@q51|8}Y>t`FFXmK6NP9ok}_W z&#K=QMgY!<|J&Q&@0Q~K9_&5b-2c6nqScG-_8C)O#XNBg9&74+Ubc~AOgK|ziZV2k z3wCQQ?CAAj&?;6GZOEGXBW-xN^DYgKZL+i85u_x%vP~!xq@8bG82^xjqQI&q+QpT2 zLOJXV5tGYbRokbj-zrVL()LzXkuWhvgfVGrryv~x^)pX(qe~5Vnu3p_NKDejhZ!Ex z39frC^=$P;NYiQcX+02*8Ly{Httk|7LnI6+B}G)MU<`oPJR<8jnIb-1l$WCJ;@q?@ zwlYVH4;{`GUnp(}Ce@%V*Li+xF0Be_G&ZHd1JcQ90*Q3N3c^-pM{1iz3q~&0bMDQay{w1ixJ}| zD9v4-8KvA;jn`Dw+|jj46;xX2-VyAuG$#Co6o`%wJJRo|WG^SYg86ozWK6n^)aH1E zZw$=6Dt{9!3`@683w*!AMMwCxYV%#@H=vd~R`4k0Q^&pHX)8ZQP;O@+KIBlT9Mn@6=<>x?s4b;!U`wA(=(dtkysMeb9Q2xYv6w9-(s3k^xtCru+aFElj)D3<_F_Tba zY6rjk=?tD50*@4=h8lt^wL;+Zn;y#s{kn=*s-aq8mkx&NHx9j_%yR~W%fpN+>8+Zr z6ccCye41j%Zz}q#xw9I(uOw?qxj1eTB^r*hDbYLc`xjQcTo|S&DsX0jQG#0rBf4wm z%uo7IGjUg<%u1%O>^J?lnABQQXjMMpf*Z+qzi8FJk^rim z=inM5Dj|jWpw-;{r8Kz9S|YDmrJ|~JinVKDYeJ3`hHvX=shPO7m8aEGWx^u#`Dpl{;OxXWshPrW!)#K6`i!ZofZ$_eM#eZ9xXY|E z6UrSqLrW?)yGy}EXT!T|#@yAh;DTLOpQRqFnx#QK)+?3<^;oZ07MTL;v|m+)H)+3m z9p0qM-6uOJibQkWmeW|BrCy+XdE^R6Rl#jE`z`&jGcDxLN!hD2L{3%p`~Een zBaT+hZRd?IrS10Wl#L7=5K_|i>qZBGBQPSrsI<$E>Q(Ell_<2wYegU(`WC-C@!id z{lhMJD@X7gYD6XZ8%MiPX69Fo|S#b1&vY)E$l#fVr#ZrEMzB^+B`B#xH6cc!dhTEAeZ_al$HPD zBNdcwFlb=l`$~XQ-6oNI{r*djqWN-5IsT^<2epzYpxN<1d)(zyIeUmMdF?DOe%Es&<)Zl=$m>v&Uj`> z(I~p;Es4FvEGJ-_LGMT^!fF)a&aeOX+i$=9_RpRF?)|1q>)V$2XS}y}fSbb?XMY&_ zcAmK9r~40m2vjWNzw5w89oqPV8|V1g20GfQUAA+gf;wh4v9tg1!$J7r0JnU>8+VqN z+1Ivi#oWISDPN;xs$$MV6vsG{kZC6VQMX#@#B4T0c_cS>wO1$dyb(&7N-itx;Nrcr zY?^R%W0N!%L8K_tNgMz1iOYgGyF#2yCulGvNfiNv6tPZD8mUCTv{sxf_y*4L{Ol&cyV%Zo^3wNg2r2b9f^Sor<qO6BSvqO0u@|QyB3U+}7bCk#0RhOW;n(4P< zoAzmQ%eG2G`}TbU7Dcd zH+D_ zFIeJvG_dkUxe_HeqGb4Y9?b2?n{Q?$zcsIhnzO3$-{QT^KF|QX;$~BmrOk_0>F0$| zY1(0E(lKQ>uJ-U3p#n{0&U&DizvGZMJ9GmY&M1!(b zcfgjoEUM~pZ%+a5h;PK`muJoML*YRtlh~E>f@LzfLWWt(ZK&01Nf>_3u9N5hO;fpV zOQY1dL3QY$YLKRWzNKfCN})%MYLQr#7*^Y0hS@Kr87{-s_-8ky(0pQ}x?9EP#o0tW zs_Z9Ko%%qNcv==WwR=E?*@(;!m5M+=8=>@jKwQlA`cNj*vXo;<6Tb!}@DYb92j_iBz zj#y3>-W#mnVk#fiZpQY?SO<9szOTaYx36Y>;d~&>{(p6S^JeBp<&)SYYiSmUTk`d) zVnf_zx3zY5t)HINOucG1%{KL1D{iM?=(Xziuy1S6EpA0N9|H{@e3ZQu5m`uUbZhQKE6`gTuGloC^QX2o}&W^UZyQQ)m|)$Y1I3o?B*)|C=?9 z|Gnz?f3&w5|LZ7sod0h%#BWwT#B;fi^7)TP zd)-Hy@xP98&*R^@uXF{2KZjP9&&`m(V`&=ydX?2i`X14Ho&URsmHB^vGyd07ZfF0O zZZ4`F@})YZn`@gD#xjbbPFgoAVUbcA|0#{yk-aRreW`9sUeW@XJO3Y4=Kq6(js3rt za>x0CT6|484Vy|O)k`Ro6Ka{SN1;b#6{OS$X#ckW$p^!YpY zvDaD(&du)2DGFC&H`D&DN@@JB((Jco?)={^`~MzxA8q#k)>7^`{_oSOU&5IG)ZF~? zO8xj>@BaUO&Hn#`&Hmq7%5vlXUIzYVz^}2C$3I6L_s4OYEx+uyW$yT|t;zcI5Tz0H8>bCnu-SZsTxBLH_UGAtlk#Z~peb{pNoUEXFv6?)RW; zOQ}~ChXfu&hmX=uhFSVOT#-12-~8>AMB>Y9MELhG$Z!hncRz{Rwyy61w7ga=+WJ(W zOo39hX{=Y|jUJB+kv_s4MTn#P5ty6Yo$G1ZTn%VvVEax?Wvr3p^BuQIllnvoxBh%##e;)Et;utOY=0ygXnDZSEg{JMAT z2*;S?c1mLsPJQq%ai3T3?@V4O1kT785R0iJz z8{#;IK};`g61-i=aEv&aV0CkD{v0Kdw*?6vNDVC$$@j?(j?}dGZ><1cCGiw!BEJ+U zL5eeoNrD3}czSkz#%YGVEjXs55l!Ij@fk!UV_q;Iyd(dw(D#DNKeCSezj-hmbj1J6 zPc}(9IiO1vUX4=_TA6v@2JAZZz6~zXmG^DHN8)dqk%9N^zq~DYi!wsT44yxI#=IcS z=UO*y@I;wg`fA@k33u%Nqp0{Pwtbw$wJ!xQnP6}6!|JTo+JUw|9jH3H#WA^wz zIOsks@Beil>^nKCCkKFpJpSJa0uyWG)_pUOgvyy#_4iN)7 z!5RE|um@pGaKa%*$zY5I7$iZ$`cg<&2=7GnIuRCKr=`+$5~2De!yrTnWa9*A(oQox zA`I^WNhH>xzf)LwnZ zI^u&)I7As|9rg7%9b_oN&~B52aTLc2j8q@uf1)wZ+uDM^>xwUFgqi2H;oEQ3BYS`M zUU2j6w>@|>#BibVw@OR*0$4c2BLv|PB?CbS86>1nLX_}$YCjdzR5!Q@0A6Dh!LNTm z{rUBir_W#h9E_rW?zq2NQtkx0**H}4NE1znKn6*08ICbx*npKZDD&F$-VCwm2=N~b zQ4;mXv0ysBNn;WcftAXcDLO?pa6Kg9P<~-@q?-v&j0~J`X2j!HhxC8$I6qo)CJH?7 z*#u`(E;GyOZ={GE%cFBZGx)`>!XQ71FC^#^OKHzY6p4v^3Kw$qa3SUALM~n|b~Uc~ ze2yc@uws^6g;>w?KEM^8!p!nPUNJJe&i$1SU_1<$vR}|R<_$Hy5AC^SfhzY{7H|E7 z_W>@{amtGsy!q9Uom|63G*rGEG4Qi-l8|K3Ms2ASw0_npfyPSbwC>h3Q_L2tnG+L) z@tAR(Rf)31s0vF^)6s2^WMKY0R~4G+`~V4EknAck0gu^5EirFioGn9$oHIx=I9LAM zm@U>(cO&L^%o)!x8kPIT5c4<8&t!!qNZPWkEGlzL5)%luE7ur7ItecXF<0L)IDLDZ zQ&IGL37R???&Az6A?^%tBJb~xoN8^9lFp>qZvQk*fuI8OM4#^VtVV?;*nNw*!+ z43~+NV`f*a#A^6XnALVJF_OU*8T&%TEXJsx2rHsV%wAyBmuAK?B-vK-zoZUmq-;rI z%H8uN_KZDr-_$ezi!aY)g=I*xt>k~*N6+LL1iq%8F$ozia$|{|9SIfnXVBH$p6iq^;bj8SEHH-h~sNCZMMyR zRuz^ZNVmbvA6xq0cA;APGN$2GYX!u79kyA98I313X0svYwXU!_iqM!3&q=~F+WGyO zcMJwAPyhy$GRTU=d}g*;&UeQ&v&5*K?1uH(2jxnU6xn+bS45X>yNQQxrAQ z0v|vz1Wd)X(sfH>+*1s71bqNe1M?vsGr;D!!@3B%<(P4aagJ78qEMRF%ssaqGkJK*EMiXcYO7MwG+KGjl+qa1 zO`2bhnAx1njq{ArT&mjYG*_PtMkt+4&@G8E$Hz^67ZaA|sx#x#6crlGnK2W_jNPSZ zb4p|N=Xn^DE&0qeaU0*}vef*Vpb`G(1$-{l+)6pS)YKU^%Ajdq(wk3V)ZDRa@*u3r zB0$ja)V^L35qW#fs`<{uG%4vXN;#JYjmjZ)Q6@$`UYTwdz~+;(95Kn4OpLd+wFNS` z(euPVa(|MUAOIYJ)KYRA@vk@@*}X?|nPC9%>;{d}7(-j`M@z-05BsTTfIRlsW}@%O z?d&NU#h#jQdLDp;+>+XtOo}kfZeTWs&4n2OxLHAFqbw){=hxx?)^+W&r#>1 z0;egB>0qjE0XwD%;~64W_=`G25F?BYD_`j5>BXse$;T-kdEU>RQ%U}?R_HyVDN}$Q;5lks9^4&U!6QV zdGY+@`I{a*`dNPIsEIAeu!_WpaHPJHVND!jj2MS~I6nP52z9A6(RV)+I8jaXX$EOV zBNa>H2$7Zwre(k?EX7_O3-9QWFdg^6-_P%ES2XlQWBQpyY|&3_|D2^bB>gEoAE5yT zeZZojbBL&;8sKQqgPUL){Lw~nN)o5XU+G0ZoX`lXIF^DF(eqx96SzoN2xc-e{-3sT zAm)BC=VoR(Ib6ItefIjvn^&*T|MtIcE_UJK>>p?6PmYgY{r%;e^XE@5RJ2s#si>&1 zn9^~kV^ad}1YKcZ<4nLsT)cybLPEKX$`|d4F%k;}c(Hq70%|JIRn(L-QR zkl`;q=#S%AKaf}bPEg!~{gJ6dMwpIy54ypBv7&Gq7fTOZ*2q^XsOwzMay=;W%1WNV z^gLCrH-l8MYVlJ6UUs(7m`}nGGdV?wK9AY;JHe9T}!kJ`(FY<3-YjqI}Wsya}@ zWNRtV`A39FM#&+`sTkczqM|~1bgTyvR#O1*Tn$*b(7OBi>4ib6fYXp(;|b1ya2XPX z5hL+bz&7D!@`A)%F&P-54+D*%kYFL1`F`gvT;$u*T0+$}m5PWq7k=ZLlnVU$Fr(wa z5V(w+uAm7-MmSDo#F!SY!1MIn+taufzm_pp68Vc46h%Lx7$qUjE}Yp{S1p-HEX83_ zQr++KL0{=V&5eq)gfL+usi-k0iqwX<8HW~}VR^N6L|7=JFlmATC6o_wW_vWv$OvUb z-cntV1>1y~tY1rmBcw@!Ral>vuQxB`?8Hcf?Q|~?m(Ov=Wh@~t0F;5C$2lZ3!3@y^ z1A?d? z;kA8+cmOJjpD?)iHu#}@|3+IF3y&`xAyqMvPojyClL&soh>tU@Z7FS+2=q+U5>exhk8-CC8+OVQK`h{d0`FAht{~#q^JkGB?mo;ZJz3S`x>o7Cd_&4L{f`qt4UJdqDm(Twy8Cq4M#2iSh|>X&CP;qhZ_IZBJw(>C;Zil%aw z6*c!yeiYRt@9bG>(9$4h5qaT-R?*&jd1BSY#_z#B+4dB`(w(eH`& z-`^L%gCOue*7x9Z)$eL_7T#RpsaVOG@w%-g6 z*RcrH2_hwE23w|Tp*S6)OUy}#;@il`-kxc^C*?)kkp!MIPH3&*S-Y}sby2)wujjSFJvE=lTLnbG7fby~_Y!j? z*7fQ@eGwHYp6aN$YEEc=mZH!uU&>R{W9Ne0(#&BXy)-a<*am%9uIp`ZW}#+a`82c* zAK=}Xs*~@ct~!BUh4!HtnmM$t@yV@T>DDo>Cf9K!ADM6?Q(-i1>qqKi&QtSB5@@U= z>sGOTth`D_DbKx$8Rc~M_n>3k1j3TbzmG8EBq_{PhJ;>W0M;?sGNycGlEA9W zVLec3Rsx)iN0(;VyGV0|1}o8s0={Tb48u=-Qo5CY&y9EvC7aV1trl5 zzTxr+`~slF*SFneaOY~MUo|#Nv!%7;@2s6pLi@><%#@;h5vOmD?fFRAU11Rn^ZPZo z%(xFme3DMWd7s(X;zjFKVOk4Haoh4*4!eww48K)K z@o|jE=#9;^wr8ulT~k}N>o6L}4BK{p{ipjzCG&BmqvZWt)M=`@*@txW+bO)H*8mD5B3JJaj>-V?ru-unxT%mRoV=EurZ(f}3 zDo^?dO|5!2t3Kt8hO;LxU3Xfu&QR`bIZde-HHdiyrJ;ykfs4+oQ-d#641ybrkk5#{ z`mJ{D+3~7kSf?Qh`|r6IBTaiY+-uf0zJzO*_#Lx;?8H|4RQLBK$ULt=gn01?Jg1WH zu9`F|@`N&OC;0}aLYK*nPJEN%kk=&$ zP}Yu`S1zZ(+%)zir+R4xhY#QjZ7EbWQ%X@I{M-1zEQA4(9^V+MJqN*i{Xzn8}-%pXox ziXuUR;_lrDx(zY^*KJ>7j!Fd0B&NL(HThVm&Hr$hK~W1xj*Lr;6Ei$MYw5Qhx`iY@ z_vd-u2TL=Q$_FX16k7VLHfKycetk<$67h@L8s#0&QfrcXb}BD6^#NXXo;3FG zVz?A(da3-lpmI+(z|qcLmGaU+n~zJerBfO~erFTtOPfk9rO{;-+hUEziqk*4O6>%eI^rZTU_r)udmKcr=D$7$rviF5JIMYW$sh1Zpq zw9V+mw%4>|46y=`+8X6MIWMX$l_ler<7wu7e;0+8%r)gYqWaD))mQZvSm6zjbLRgC zhX>{S?}v}}H~HV!QX1xesj-xud#>jHAAW%CvuCg0K6`!s^2y0Fc>LIl(FmVMOpspIqxEUI-my!d(2BobS}iL2b~GZI@vhs*cEY*l1K*WE>yfNy~Vp| z{hU;}7_YTiz7j2c8z$QGYw=Ng!ycUtZ=I`k&bjH{IUmDR9xQ=M1mFB2kW>NHhZ)#Q<8 zv@cK9--UAfaRcq*{lWy?25TEKcn7Svo5ByR6QD#zA;Nb#fzCr6*C5h1_;q<68Bk3u zaszdjot)n#gf1N4%uKwSzWG(fn zd+2^kb^I46nN_qgcmKCr_WwLMe6ZR7Sxade|G8OHxSU$$osx$vW*DrxF1k4*f5>_x zbaSpgJ!kSP68!Lk)D`gYBRqaw8F|`*t$wyQW4x+X?IDl`{3M|Bh-goLL<*L731F&p~2wz4~RmXqP&$0>`n>+vScPrz+ySe{&Ev0Gv z7aV&F?d@)+`!BIn$G>%^t*niC=nDt+Gsg8dcjuFy$ zbvj_~_&A8!1AYbjg6W7a&mtFve?wU1xLA(Ko7 zZD(Y3rjqyj9pCDP5NBKmcopJ)J1Rz*WUv#6I`F~fz!r0Q5N6zOxuLUHcsdWx6`q#C zT;XXEOw&H7Ap7`9&6cHn4yEXFW8>`53<8_+Q?kWjQEO2ip<7ZGqAGt@WZzWBe=($J z6*4y0|M%cQ#s7D>iT_+nX`25FF>KZ4KuAYvhMCGmn!EpMB2_A?<+EEPXpehB&jo6V znm^6zp)&q$u7}mNF?ame%>M@)`+qIP%_%(TdMa_Sy&}?cGX_^jY;6|c(r7c8@haJ2 zPf%)u2a1V)YgB{H>6=48luHwho6Qt$QUh0E$YZKpk>;COybSMCcgNa`GyZGyqO78g zIpe?k=uvh5|8NukvzAgj{!Pa4dl~(;hai{H0Vcz@Nm|zgz`TFa1jt_S_WZO5FKL23 zfOLEr6E=KF`D=`#>60iDW)EgI38=jH$1q5rinOlO-jTc*&zx!X?XId1zO}G?@JH{s z_(wPIgRjG{#48mZ?1OK^Wqrs`g(@|6>NGgOyc~e(U}V1}eV`fa;CIeTg=VV^)ivjI zvpiGVCJEyBaxKHUzJs=Q{3n6%bN=-L`xIfS6PZrRgL@; zhg`o%{0HFlA7~U;g}TBt*P35cwpVQYEujAoAC}jD2M-@^@_(ihQ^lbU-T zOyhYiiAqh)OB7z=Byv-OJ85zAQWG0onbz}Cy=B5c$j{r==qv42I4k%f0kk8b4Y>zS z@vK<4%)tB>5CK~&P0jvUy7TMw133DBX3n!^+L)*R_a2nve;(~U*y#VYlm`1>^!xpo z|MeH4FRI~0t;HiVYHqJwS^9!Et%0J#BX*Jg3c4O4B^Q{^X z>T~tChM+9GFvF3s|IEM16`sm}T#H?OXDxM&MGm^4_fQhqFZ92bbE={*l&_)*K7I_u zuNb}OortHpQnR~*2wg4l(xGHl^KA{M^Vb=8+rZZZGgc|AC9{ny-Qz zU&gukuoI|&mt5rvXf5zl4Lp#4IPYV^#QU0P8E3BdEve?IZ#bo*X+Fq{&Hf=Tb}4ax zqsPC*Qm6m(dmNl;XG7(jAGErK)hzw39`X)lxfDGwqgp#P|wSf)2Hnef* zwWWr>rrFhbM6x4)dndh)TD}J`x)KI!I|YCH|9krL`SGilKRy5X{I9Q0p2-0qs)W&u zm!uE>2ERg^fmwC_^LyY!oT&TC6Y-|Bs1kFD{=)<46K7ka#0agdkBjT?ywSda6Yx^Q zI2=-FCv`Jz4ba>whsQ2R7d`6)l63);Df~NJBf>p(&*cdnC!F=fn%(e8&3c}>LEStT9VaTEs>=i` z{52qw9E4%<5V7NeuNh=kY6pHY2fldkaKv4N73EVtf18u0FQMPkC^5$n*{PT{`GQQ_ zHe#j~mPE^ai5a;^((Q-S0xc5wTS)0_vl|oO?`r?zP3$LD(E4_E2y7>+JSD=z3u9{mD_So#9d% z*}IEu_|skD-|GfxN~5;HV`k#JLpStlW2W1Wt-G`_cmHQ^ud@HMx7q(+OL0~E z@=Dhl@~jwW)nxBGF_J6Ng~bKy97X7^BGgs=>UzS6u#ir0HdXh>J$-rhJw!D54-N^& zk*y{cD-)D4dvm$ot$IO{E0$mQUB?Nva8iq-ARWi?S<%D;kgrbdn^K5zU^tg75~o(A zv$0!>7qS=QuL@zf#fmRy7^5@LP)h)&u30bJ|2b*S3IOz5GlQ4oz83W`R@VwSowcil z5;n=5v8ju9DX_?_E$ZwnXLV6)VdcvVS5lT)XcPsk+Pm{uz#5|PHs;4?Q|jjby4zKk zX=Bd(zjv^ISc(7J-2b+oGVA=0*6;Vb{435SD_H`5YMy>c#Toz2H+wJH#=P(BpDJs|w) z^L~7(Nj$bSGf(wJ?S;<_qa|?-DL_!7P6ym74@j%f?j}3PlG#BDTU(VRA-7Eg(t;g2 zBD^RXzUGs_O|{dUd!%*OR3e-51r~Sy*SEU08Rq#dVC{4gE@=|Xv;PnG%l^MdoBMy( zRGRX?-u98$=_}(;9k2J4Bsb%j?J~|sdE}8M&$I>)AN^4PM&!H6Tz#WGCES)yiaf( zy~cf`+vRT+qHZP=Ie%DCXU|^0efGKlt#tNyd&e}_^2>9VuzYbQwEk&^`{bq^|6ZQ& zif2z2J$4e4J`Sg0EJJ_OOw5rwGZ(&5Q=lkYz{Cf9h#?k}Q#1~*fDOkyqSpy9GDuJi zoC43tV1P3~Fvw6S)Ud6kA=zUtCf}Fr6Gf|i)@Jch9F2}T6O?tbaUwfQ^;k-xnj<*o zy04j+&M+;7t)o*wCZpkFBU2VP7j_%^g_LOxUC4{k?% zgE}l9QxXFStY)+!f#PTL0V45s3r?Ru)gh1eOEDsgpSh#f+k(Ggex@$rJ$-xJICd*n z^_J5=I3|3}qtdOl@9S^Ubprv#7rFOt;qylIe{O-jYG@Xb?tMhHG?vI%Exz|~$DDrB3^|w9`Q9PHBO~nWMUeY|CcdS-<8InK{1j8tUE1miy*_j5oo$u{k}y zAVq)XvoY&E6I0TgMw&}44N-#Ai{uaSM@GjS%fHz8QvN$Znfy1E9_S;v5NJbt%Z*|rHbv+eOc9SS1hyA zzB$X9Wt23Dyf!p!bSdRLcLTFRu0hRQ6Pc&TEZiFDM2;&`Rg)3YSY@)Sf72B~SWJLb-lE-put(cEwU5vsfWU!vNY>|wcoOW@W1)-e|uH`|K|Rm^^|%0ZJVIKue&sjfA_~d zkN^FH>iu8)4>tF|tfe&Pe>~F?aCTp({#o9@=YGbwetoPX5{usXJUwJ}1#CVrbsUXk zkH{3$OBURwdW)fwVygK@<&;JzC_w`}!U;c>=^c7-iZT?(IG&%qa%EX7XNMNtCS9f3 z(m0M085!j2v(43o#}p1e-7P@IZK)C)zoJdN>gkI+ZrxS5w@7?V1CwU(VYSp(Y|lFr zznS6Z6*>P)BaG1G9`1hr%OdChAC=Gl9CQyi{-3oJ+x0!K4HJ|Rl_aM$wRvFf5y`ji z)om-6l*Sk(X5#LFI`#<13V;VN$mlrjfv=yy8RncM1DQ;p4e9kc8($hM&Pl%qKF`Kj zzRh3g^iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciT4hC^~=hQ{c#%RXfL|WciUqtL;5b;7Pk(8b z1(A@1F-5QdXj>EKe)hYt0gxa?y&T&~TXEJj7Kz6Ou(7eRp9!aaFH54BG+zxdm%$j1 z;(y)m(`vO^dpkSuZ>!a+{=3)S-TBwn&hFmU&i3}sv-ZDQTifm3*1u5ep5dr{G9fYl zSL=)Wst)ci^57(45=+Vw(eV%pvBWVO1R<6(CIMy5kZ?)+ltdkrVlETHYl}rxq%j`* z2_BISdQYy=DT!%VTb7fUU_ngT0s}pq(q9M{lqDT>)%GHik|ZKYNQvlpJ_=b9Q3+pZ z(&t!6o`o{wBp?ay#U$EH$Te5p`t{#EgiN3HDiCEoa&ScwS>6`V5GlPcEw%G~fi*6dcDCvB>IB7XFrdj`a!o5A zCfCsvSaj`*;?8=tCw4=zjpz-XLBZhj!duc5E|G|~=OY|bEIJ6j`%p_!Zij{yA0|N2 z-&jgGmW=1MX8|;&N)A>l*a~*0%m)zPyzU&*o|jvSw7a#OsZyINA|m88)iC|US(XYU z*+9`bj^vOannd)9Mj4KgZX5NP{*oVx=xx>`JRy<@Bv_mo(xb{@G-8~fkd69`OEoeS zku+xGks{IFkf|XKrA$Sq*&I+g%z8n{MmhY=A&EzNK7~g^1*9!)i$HlfBqJi4VJ0LS zH3?5x6AMA4XpTrk@g{d@&HAB|X| zCS0NW2-8Gjnh*}P^kV%d!^waCgE=12IA$I~8INnnS1D-ghk_-8gwLpGOHA+@f@M6^ ze8sH!bok@NOG-{ibA*K?+$Bb)=lRWC=J-+D)D$*ke!InqJPkyLk(kq5%_$$Uq)!JK z?3|f^PjCja`!c6p<*=SMgqmZ0!J*WgsxyaCcM31IxaLTjHU#(7n%$tY-DiSo51spI zO&=o*&T5&W&PV8i_&V%EE7;rizV=<|@AypI|6>+j-g6&w?*Hwbz1GD2e|u|n|9_09 zddFVoemuch7&<^%Z-G19@~zvu z+`_lAd^u{0iaE_L1Kv8yL+A8y=R1k z?f&*Qd9m{X@9gxqp1)|dpTBs9d*Sol-V6MUL|d&F+tF^=d;Ws-UPNSP`vrdfVs8t# zp7*^0NmN%P>Yzru)!y-2ZNK&Gd~3V2yWMHGgXdeV=X<+5FP{BR<8Q}xS%^u7K#ys<0D5vflVxX(rH-?xyVe$inQVUp^*I|s_d<){ zR0CF;R~%*mjOBbt1)>6ta1yEGYK&+fb?Y}wR}~aQBFRu!O;H!&B!ZqYK{$#S5h!62 zrJP;Sh#)EjV%G_xYD$ujAl653&)(Ss5&ihXR`49!`2L4>&a{GzM&|3(oN z3Jif_+#|7QI=Vj?iY?n4qlolz7Rvzr#xfM*#H=iUDls1rS<^_~fMlpgtniOSs=-Xq zWB}E5p(CihAII!Erb0IL+x?<3_;f^tL@d>2BHZ};+SRJ74U{} zCM4k^n6mF3PPEwYHA;~Bo$eG|ipW+3Q02Yt6sVH_-Y^BJpgrsR$6N z7&JwpJ`0&DRhAp-9Lamln5+HG9B$3kzcS((+U^;HuB)}&z-P$mYX)6Ydd6ydYYOym zh?9Xn?RsR0uc#vGgP8Sj9FNuUX2&J6G-X_p$mJ0NZw;Lhf)>}1fysJbcy|pgI1Czea1&{sw&9-k2%}b zI04G8bCz}gSa*JHczVow-F+XOs{!Z(4Q~CpZgcX$Q|F!evx6E9&ut>6AxQ*5mt+hr zz?oU7NB6^!Wr++lZ*@)MSg{i+Cw;;dJ5gY};(;`Kpt!CclS9-sjlU&h&0Tf1lJks& zoX9T1oFI{s5Nw(hkVScb^Rd9BiJ*g_6br-YRB!=(ua?2!madCfPqF0aT5(D6-W`bI zK!Gb$>*MtJ9)vhWyKhz5-SneaQvIoeK7C%KUdkd> zDP_@7QBO_W2oDG_SEi9yu)76}fs+9hl8^1M7*f0~DDt6NfIbM)&tml*W`h$oR;+k( zNw@+83Zf8)L!$W4n=$lc8#Z%lx;`Tk378nmC2O{tp+1q}&~ysr(=3kl9EuM5_=g&a zApDAk#2}tCqWuVN5rQC>9hXegC|wI-T@76m6mo(kf%>iipq^+uO9p+3P)J+XkQlNo zj?^G@dl6z>U0uQr~&ydb7lfeN$cKv7jsu*If; z$)Evsi^&AhyO>=k02zobbF5tNF&1yAMG^{)zEeO5`JTvY#xJ3eOFZ?7f!s1Vp>&#v z5}~KkL&e_~H>-tHP8p|i{3^yms4b}wy86!DrchUqFjFNI$&utnqIC@00mbBs#2b23 zoS8zebQyP7O>ac~4MrP9Q~9g92CGAACM+Td_xm)Vk^*L%AL9uC^b9}+L1GeW*{}M2 zW`0hoB3Vp$f%DLU0ugA4^U-c2yJZ9-HuZ`N@JBeo0}}a` z5%RY;P%o1(Lzs?W_5?{3+KG}dz?mob$$^Iw_{t0q-A)}~%IOu2$$&%?<9nA01%E}L z0(4qmS!gm)Gl~;*@b(P7!F+%vK_t1NoFyZz0<7<~ugex)I>b;Lc@J`|nOn`MUNCp1qcCs{uu% zmkm(N24;xrKyg-#aab(p6&!I?TJfAk@Tp_GBD}{0IbwqjTp7+8!cm0uKFOyw>zVri zdc)$FU8A2#JhJzJLKUXC{6Gxhj;?Pn7m|$97)x>iMVom`7dVM7G;~7sd#KOGYbu7S zS0iz=C!jz)OA@tiEO9w>dm83aMrR_twF=*wC5j$(-7*)tL|3CRm74ce2uUIovFpUn zz#M%*;H`OUAYuHE+R6#hR8?~h2&;=GB8kJC4GC%}RBxz-Qos5%CN48k23>v41*{R4 z*j9rRE|G}!y|sz`TxvsaQ0QW$U{pJZCa3||qXxo4W0z(A<&b!51ys3WF^A%?G!F=F z;fN*i7{!cTYHs$o{dY&uhR_pqZlO;V$765Q0O4P4J#WDv4>g2+*eD8R$qgQ*G0Blt z5Q2v6+C_7$j?>ECzNT`Ba3)zqMaZrQAFJlQsk$sR6R5NU^cw_nSgzXl1wew+)P6!J zZ@qYh;A)SP$bE$nxglW(HLoylM!kyo38bxgQ;zlv`M!+Re-%wfTdnqPtJLTS%Wzok z$J~|z1t!WN&WqHIP(7|S1&p=~d~#LoWz7-gThK{_4o~!EAjqCaiXw6%M5X@E$7kp7 z_un0K(34O3&;y!&u9Q1DK0WWCz3pc&N*~OXuu@pTi6jy7Z>OJs=*Q9j2kIcA19j`V z-#+Hp|Fw48dsY4a&hAS8|0vHII>AyBuCGpd^)(OO%V->_ou1PwSkh+skEF*3?h;Onz=z;Q&%Q{p*Oa_I1E-fn6oV;7zbGekV>KYatmrG7<=*==nK~vpB%_Y!-70!) zK&W|ctv*rPlbB2S|ATJP>%t`u-FmnF%xBu?^7~uw7JZy@V|W-VHgt=ABLdxmkfsox z=^08`M8sw;l{5+xv`&ISfL`YtN^GJN7Kx3`{JNCS*5d~1b!XTchv8X$9n#T6Jh}QQ{-fd`B!P!}^YEutr(p2XG?Zj@;t(BF5 zsBVV9LozhLKvT^s`XErZ3+*h2V|{bawmb%2&AU0Xs6W@DN4>SgL)&5~IJJfzeGryI zwDMac-y$5O%#JiybFhGCGZq3XVkT%rLd=0;5gb|ZQ6|(W_ZpKCOU{U_PC|_(!Q)vh z+@fMqPPE_-MgnfEY5*W2Qb_nS=UL$2MpouUs=gR}XB=P=&%bXFN1P`yk02 zf$GgDL@HW_f?ITIk|atQO(wP)n55mOm0doT1ddJv(~0_q_D>E0zlhO6l%Y-IY(Nt= zMkuW%!sca#H@pFHo!*EF5p?tJDg%bcEE)Kc@R2Uci6n`0gq@Vfeh;R5dhmx}w!l)7 zpSRSQM5z3Qs#&2$;rPsT7| z5$V&U&^#2-XsygbJ;BYPS7>#>%FcGQ1QTvd=jJluu2HvF*78~NK!iBSBS(NdnvSS6 zePBKA!(~jRq&LGjp(}Saf{j-BV zP)+0zjWfT()w!FO>{_LtOM9S86G?3o!A-D0AKh9v0Al*isLNOax|y=N*LwgJ@*^sc zy|1f1zHi;}J!+1<2T>b;J4$2k0X4??Njc-FD=So|DvT%8#S_Zn2T&DHD2nH*iR+Za z(^bS31@V`uhZj>0Pf-m|Du(OT!a!Ho*3e6?fU_o`=B4{11bxzRKOp{csg=kn)qV2yh~jvI4=qj5ouc`n4|SyCEL z4&kPu>v5dZMtzvE5kX=E((6c(PAxkrZTudI*)^OV^;2d+Ghl($8cRs2e+%qpaagFE z9_p4^1rUuv>$al9sZMhseQk_^dqxNF_Uv7af8C7Tdnra5RW!}9XtRc_scB*GpK{{U zT=c9)c&5)r?HoD6<9vSgeCnl@4E3qhO^_QZq(%j3$M|CCK1FWa+Q4ZV6f*-c5%7ro zFgXj29NzsHtk5OBBJsGGYIChY7-=2rhtnf-48jr#gs(7-)ocamHB+DoW=^89I)}>y z(So|BfS}q3Wa;46?f7a(poZ$Tai@**K@d%Y5$>@oV&tp_w`*{H3JgDJ2moKy zeRo1X*<|o&8!upl{tgZ!1 zJD0igvwG*U4Sj5RBZ93Yh)V6Fp%(gDZBz~p9;|Pbb6RR^1Q-@T;Kqb>L}EX?o^#%D z>Ij?6<f5T`c~S#y=K0oo-rdgi*F?8p>bm-^Il*hUbc=e7sSOG|8M?g( zmn63v$FXp-t9mCzx4Lm)b^J)ttv=~)QTO8?W}pkWqt-N|GmY^woqNi-< zZ^(z+1>86<*KXr^j?txdW^KoB%hkRFcHy=-iP?Abk#yU4S;5)+yX0+@c7s?T?g zcN;4d-Bb9C`*f;>j%P#w%pvFk2;IW+7k%>)0skh^09TO!zc3Qu^eBLU{qsVj&D{du zLa4NwkxWL2Ek>ddeD**dCtz$D@L5637GH;ND5zO^c-3f(ix24`qcfIaEXQ749K!pL z#aMxBT13AkK>XSf{`82ZgcO}Wj>iZwnu9na%<)`0^3|dq=g`+gmtJUoA2!-FfL9kj zbS`WU98T0&`o1gDf_dIk^s$`it9B~NMK)9|ljW zS3bTgAK#Ua@5;ybEspQ4YSKILEkSXV#vrwu4dVnK8{rWh91h)|RzSG%=#SA;Ga6 z0ufFL2Y$~m?)nN1qOP)160YtvU{#@7S7h4(fhB&*$%qO9r$T-UXIT`WU#T1- z)$T{DJSI13%($!4Uqr?=g*&uH9=1`pT=m;VaSI8v!m%&LV@3Oo$yH2lw2m&9YPt6q z&@t#qg9~@=ku)UWgX{=69eW@vXe}xE9C0s3f+mBQpp->M(rU$O;C0BZwFhqHW>oUc z)RX>AOmZOw1~g2m7NoL1!tOkdu)1>E+i__gM92wAI@%sfV=9XT2xzXT$Z$;mOCoU8 z<58iDqkIZ(Z)(wFN)jlo<1Y{nJd5taOdm}W!hvZHDGy^J0`&2O6U!AtCAGHN30U0A z0K@UrAN$7O(C#WV!H z4VWZ?Ln0?vMBN^!6snZW^u((j0EKXxma#wh+EnxJ^El^!NSl%f={pSb{q!*}|J(Mn zs{QwFYj>6Z=}{hi&+B*y#ZIRFt@ifL?%uQKFIu=4Mx;OOw}&iQ)iQWXlRa-zs#KPG zd4(v`C?>K)wfxX8~_Qc`Dm`glV85}+4KiWGh|Bpv`@KDxr3stwXX_3peLvSPnnc5OtSQ6aOIBTQoX`KKr~7KO?ub4z}UW*g{Cl5TpW^1F}hC>-k!ai-8Vvx4^0O( z>O&0FPVYlU7${GSA=>wdET+XJ)+Rp(?sbW>9znX<#X+e!Uf%~CN4m+yVW{`8z7J3w zOJ6X6b>#(fuvrY*^@YfKmhxQCevTl{YdFbg3r5vHV~3+dym+}S zL1$th`zMFUwmWke)oqzOiO{|i>rLAeS4i2UH}1XAGJyXT*l#}261b4-G2X`#Xu!3P z(?iVt^f4H2^*tVuFCK*>9eHIW4exCTNr2=bQEE;=k^9~8aK@lx)5qe}XiAig`vC5p zG0oZ6O)n19L>N66n#Rq|%}t{Oj@cv?B$%KjCQ7EkW(&(tTBmkqY_V%0u@|T>0mGO( z)?lPU#=?JfImn!tefM*iT_e>V${Q@BzK#KiM-ULp`aaQQK!ilSvEx+JSaKXi?792l zAoECewFBAL?jw*4ISh#aqaiStjmK69sAXh%{MXqdx@Z31mH*Vca5dpb`I0-~ocrHa z>shOE|9kdqrT=-H2dDHG&D?j;Rola9n*ZDiwq67+&-IsAmqcwSTDEI|jbo#rb&%@_ zV~it8B5Lh;k@pg8d8JLW@0g3I?P6T~YZX<7C)TD&xm)L^wI9-i5u%kI(ImTpyUVXM ziPWYnWc>Nw6W)-i;mvf8E`;P}i+D6taN9~HX*?E!IJ>H;T}ztp$@Qt-Wy}|UW|)&e zTn)TSGQMU!f~mI6`}qOyjS8CqRf3E#jq}TfF9{y~pUO<@_4<#dNlEj9dLyRc+PsYTS03jJNuhF3)BCYg_n2iW3K#vrz-z@_H1W&MgJe;c^v9a z72DQ9Vu;(jd!6m@MQeAv)!yoFhwV1T+hNoX_ntl9ine!NJnw})67^cW7tgkF|HW2& ztGD&6-QL-I@oZRu>#D&LPB)u$;1jd*K15&$Pxlx4!YjfOZu zI2O!idce84tY9``l7>NB8;c<}BLt)5oVh|NXHgc)?}UwTrFyg)*)@d9GmVflEeK7H zaN_MzWucsJPL566Yk8dE5u% z@1zZmyfxRHi{}xqY2lfE@Bz|B=#bJ0lL3HkTPu#Am<@cK(z5MK%m&S?Ezj%68A;?z zDnYZ&21n#dUD_Ko=`(e`PO%(zPy_t%RGs1i(0m%iY|sFOc#_?`Q{bIIX;s)m=vv<% z^t;BZ&hNipVgCE?F&q5;d(q7Azvt~lJ-4TR+`CZo9YnoG(c0_YL|c`DA*Tlwzmd!5 z;$_zF6MjbjOFF2r-M(z-*XCAqa04dv9n?7P_q7B`^6?QJQQ1Me9@6<@4w9=5`uGPp ztmH4?mt_YaEd9mF>GA*l4c;TY6LJS31=1GWr=(xJG4J$5+bB~Itlfh$henH=S!yrZSFiykGsbLDPkSnxSU4avim14B+JgRcJ2vh-n8CRNF#hh^ zD-ojPhgfy02y>L>27+qefwV1V0_@WuY@O56fI!r9;~L`tF)`R;U>Kbe9R13vB=2xC zc4zwv%GQq9%}bI8Rp{oMJBWH+*vdLcpCG8)jC#!{pWYw8J^+0C?Du<63g*wmg3=JH zMed-6o$-ce#$n_1IoJ{aLKM2x>Nv|z-U%TQ;2WAKSh!L_6a>jQB)5sN5H@iE;8kOK6daMR{G~O#Ui7{+?3WNTP>!mYIITZ?jXI->|J{7*w zP{(;w4?@nBC6)&5I~Dd$Km=C~cNM=!kCSN*HX_j6jq1 zf|)bqv>LOaM3)2g5v`k07MqABX(q*{;VZ=^VwqHLHlS^=&c$31E=)!9YePGVm3zuP znGz=52sJvuQ<1?40+-P^hA#4iE=3l$04Yo~p-0MHP?2jKHXW}eL2|u?P}|sb#56e>r@0@Q33U|0d4FF#omXd^uu+3*d&}*OO02$3I;h9sF`|$s1jGX&)C%B#)$b>a>ky&sR=cGsvtC(e z*oW^=KAgLQ2E|wDk(kC#fpa`4e+SMtcv>2r9F~hb`E;^>{>`Scb!zf~8eiL%*89V!3Vq>-T3!Wc@z9QTHz^(uV`e$o_#xVeu8H z+3<)6ZHo_QwXRv};fy$P|FVZZSkwz5v$SchY?LLw;-Kw}K0GEpQO;?envXmml7|IXJyI zJN%ym7X{xwKl9Cu+VqCn z13IRCx8i%EuDcgHBv%RFzMZY>%$Uvlba6?>s8GaeG2PU1fX^uo$((X2i{_LNk`p|d z{(VG*z=IhLjlVZ-W``Q{**{QF1V8?pH2_XPk*~OI(&C{UZTRs#RRNX zW}r%ilPr!WY4B6inqey4hBR+gN6zeeDz`$AWC3%=2r5cTsP0aD2PIj19XVW(75 zkPVkV+Uo!Q&Hwkv|95o$@1HyWe%JZ;S@7?pnwCh4G>hgz>e^04do~%!S6^m&RQei& zRGT(&ZbuEw{_qq-J22LXX%@#P;D*;hhyC|Vo^T>aqA0-{5c65IJY-2oQYl=yr_RXR zTr0w*`tS-OSLqzVK1+P;rz|r4o3z3pJ%ov{GCxiRx{6xRmw70E9V|i{V&t|OTEKwg zYdjV@5J(!cG2F|C)QGX{@s?Lw7aQoBCEv-w(-I44)QB1M8&k&`a;+hVt$Ibc4arGO zUPjya@fpMj*+kc*B=mrYU{+5mUBE#L0YwKy=74)^h$R&x6YFvd{){%@U0%kT*Q<+U zFQai}a^LCOb0T6Nm06Du2#;2m@OpHnscoqydll-c-{< zxNq>i2&HOXT+?Ku9Dnvfm?8U`2^$y7H)GZY%T|LPOA)F;>pQRl@f;7%fPL#&?SZcf z`FSZ=%=fUC9kiwH*IUn??QPe!+iow?t|>LyZo9R;^IYxm*G5z$2pDVT5p)q2f)0`* zy?n8IQWgoX6l&KEv>T>b2ko|6`ee32cemQl-%(?wNkpk^d$&?{Z|5ELJl?~hUd=NT zzggrOsMDAGuN+V(GRK0}Mg3Jo>JsTeIsTki&LumoD{KSG?N3WnTXg1G`EXLob6=`1 z8Oj7mctOgk_8n*Jl=0pD$a8*4G<3`ENfDY~V}%@WkaDQ#YD+2C?cHV;pqZayk`z~_gk+M-%7*~HO^ zChFwW?(QZ)C`|^Q?k_q~{oB*aF9@r8-_fEcIMzT%PyRWU&>`6ZV-nssc}ITu z!R(oe_M;rh3hQ*&x!|@kSdGtco7C&(&^$2owpmVqGXS}>PQa8fCy1v}tV@>JIHDJen zI@aDi4|9pVHI%4hZj{Qgsq*X32k#xf6q=xew`ck2*6ZhXqlmPcyCFIQ_SW*aZ+V<@ zBRGf21sdlJu@5!^k(F&U$fXGI2>+KQ_*&?&gKU&$lK9$;-$2vYL|B;BDfA7+I=%aF zc8=a3pS%31qDp;t={9Y+TkCEEv#Xdg9dg9vLsCjVa> zeP2g=X+wKG+D+X-je{F1tcM=y_em%_sPUei>63~y7A$|Dr>Eh0TG4l=7!xuWchD(= zR4*UkwFeAN5(#aD0cH_+05PAeJ(;#S!`7oIHyR5Pex}QM`CmDs8d1I0UGk(fZ(z)M-QKiME0$uYau1Gcsn))E1*OEGdI>?&1t%!60Cdll%<+>Zy~J=S;c3C(uiR#?~Ht=V^;gu$oF%N5%687 zI;#$Z$<=Q^e@3M+zZ3IdB_(-cWD|1NhY-K_`9O0(nGQ}*k54-=R}qa0F^^RRp-VCj z(2OT)eVV8z zG~-P5=g)re#>7WJw}=xhNp1Y^25MYDZ$rYVgbT)}Px+J@{fPQ*viX%h+fe=WnSqu7 z-U;Pj+6Y>bo%`YCcUplmq5aYddAH6Swg9$5@y1kiauIdjye+lEOCzh&BCQ2NJ! z7uj~!n?&E$Y?q6(f_`C*ZqnP;(4>w6&RmCdkEEjaq6Sb z)~H97oLf(2sPTN<_SSlr^ zOru-F7X6YLoZ80X(^qjLU1SO?Rc6d3nl+h~W@cjOMB#<-bfVT5&Gp>I?lkE~%g_V2 z;%uU@=*%B2Mj@tDnStiByDjxMx5uKZ+9jX9PE#mUdDUm)KxHV)Ox<#Gw)7yTVcRs! z6R6M+OvSW9hj2&S%InV{l0}&r)9*B0Y13`7+|**zVAQxXCc)~7?=}TiO+0-9Y>CB& zUuw^7&246}p}U%e1-Or*w4I9PQ`8+0XHp#4+V4R?ay95n2r4%A7n9$F(Z+OOD32J=AedL zIFm!h>3_A=)a7#!Q(kR(>R{~HFw>_jCY}x0)A91W{pi!DS%-s>*#_tq4(&vu9Zd!n z5rbB=vtTT$4Y_bif8s1lMF)LsG_*5b$?c#p6#-4K$X|hng8K7{@E%kj5ZTy7jhG7f z_ZrJ^*!ZJLVqvBVR{=c;7m&OMawAD1a%b2YuoMg=%s7=}NV-NzxhN>Go#J^oYJaKu zDn^+%l?k$gpyZe5CSLC#E9M(RYKgXIW69*7<4GnQG3o7{Oj{ z|ATgGgwy4M!Oq$L?cMDO`;Wc7t=0a2jHeX;Ki|i&&hKzq+P;h6+~aKWs>T*Jg$1(` z8_b4dn0nFGNNsmpy&!*T>06YP;V*8X^_q~0mULLF1-mtczr0r`GSq@yyEUBtXLb)# zl!YalXnktulOcCD76f~;=G57X#iFatF#}Vj*hAayI}>(2@oFwx#cB;KxgK zUaB%@;BHttO#$WsWNOsuY^Ij20^xx0wdwkz&r;`qZdz@F8Z5>K%(4I6-F;TI|KHhu zw#xtWD9>V)x+?j9vVqVOyFE(bRxIPmaWW`u6icB#suv5KrlPn*6z+}Fd5)CTZM`yLS0=JP%X%^K|IC<#7#vtmU03+0freOY+RP@U9*w~cPE%sc zdMpzFHIc*v8=`dG82%)Po4$3|V1%&Yv})XQ8?$y@89a+>@bi>0g*+t`D`S;oe*Sx- zff@~C++PlXg+707RG~U?BJMTZBeFnb{kc-v>Th0YC`#em5h6O-M)6oAut6J3A9FOG zWY%26J$Lum$E56N*Z?0Us(?Quk4mGaZ>zg^*gq3(a$1k>R824JwoU#->mut3$x#cn zXNnLUi;^cB8>m6D#{8k%A(L#WQ7_!?qK&%rpuG5J#~)5#9Za3i*&e$kxeA~HYFs`S z4R<7{Q5?;UdC)j0?dPMFyqmJ2~WZGh*Q-;mcD2U2ikwbivJTKxGguNY;Vu*UWl zWptjJBBjm5p0TqBIS7_nmOM?>v~`&_Jqz^MXiT;=9c@qc&wsuHSNQ` zlH*9n9M!>~6~H2g7;d9DgfDYCuP&-nuy$cn&IZxs$G^bhR(EO`Eyszs$- z)G&9OUYS^76T*gB+by()0Od`6CnbG}PxR||Xc4Q-?Jk|R*Zt|}FsG$S1e*{tRzuwu z;MYXKbx*JvH78c36vJ|=z_TVA;uMi_UC9|z&LeU#^J`rlv!m9@V* z-tQMHcE6@kS=AuEUPZfvhW23aG}6Bt#UZVAuf3|v44yU3-nn)thXc`OAcM)^|?h}_uHoJHrLVKIU@S^P`@hUR5PMZuID=Hw$YV0yL?qpCmtDLlqxPUcHyY z^&EhSwx(iz9p*12sxwITMf&w=>h)lwrmw2nd_k@GgXqPp0HXWXi!Y-Ve+;d7u+oax zdmH>6wBmL6jF#4l2j7@hJh(Tl_>`6&Ni#mt`{J7Mhf|FI_4MNR#FBlfR(!ILXudXF zlkGckjMJcefBgDjDr(jf9SB%Fh2X$9&55aNS&*;@f(k4SkHgDq$AuKE*1* z5tZp1UjDOEaKawJtx06qT+$k$+HuJiL9pfSgfsQ~<-1`S>e}XNl>DGQ*9!CI73Qdy zXQ0k?=lPXOYtTcRjg=)(Me(QV0MdWcUQ-`pPQGlkZZzv!M{g@_Odm}Bu}+ih=AA9% z?jO}+4cESmup%K}crxD2eBsgMDd?^ehZ)1DuuDr=)ZB+b%|!2&++6i|F#$le)|WxC zjIF|7+EgL0R-)&$-rs0iq@fend=1Z zzx`?aXu03TFVR)9Q?sk)2|3-we${%@_qVvC6V&5axm1SeCZ{b5*(}NhYE_cheyVTa z)=rB<+*%c2%vEesHkikG4i*NaMEP_q)z=xP$>1!{Tzxo5SpHh4{iH0Z5GKb&=bZ47 zsPdb>R@@%kq?`y*R-L+~KrAvl?{Q5%U&>{?GLTA}z%iG!*dH$aC;r5P$!brg}5lMr+<>PRsD zYbJ3E41fga7pErJUpl?gL~<5o>J+wv6j`bm7n6Rx&p6pcI2p5qK)QM`*wT)KH3na! zOejuTA}n)=fBZrBoJ3B?m=iQ$rZH{Kn$Jwx)D&Ma8bM}qRT^uRw!@{f1Yv8926&}o ziC@u>_zDEapmd&od>(mP#w6?x7Gd9(3D{EhU&RrtS+oVsz~;pN+HJS0@n3hgcUSSh z9_6w6hJ;BQ!hbf$34EjHa;SIbK-%bq54952&lndWFv(Sv6Dh8RJfOo zq+46SF!*5*dhX`D4>6DKN~7cb2zF2f$aOkLq} z0(#Y(S6e+Ian2Qh`8r^QW_~6(g3g`uQrHs@(uR@f6;3gT-l)y)@!iw!JcRl}$9C7m zHH%3Hoo30t*aw!9t3N*o!l!%}+I?x-*DOtAG9rn@v75hRqM)O;vT%Wt=ths@7x)Ag+jk5twiedvQhglEIRBZ1B+Brsky8Z@a#KnTfW7KE- z8uJK^S!OJEB|{$z@Q&C(6#Yaj6lJ$F^`@!nss8+Y+@d)k(pQ)uNz}CF66&Dv%jGr# zoyJ;^2th(?!K|7Pd}T2b5+@OkSwhfjFdMenNB$c9h&G==^a0IU;XK_rp6Wyh`VRMUL6U0fM zaD)YPSwLxKAn-hxkBEhtx*{WTlg5}P0u9-6`&7E zJPO26jaXq}pfU2$wA4f&lDySKNUj%3c&~{_snlW7x>c<1>b6jifPIOHYNjT_S*}ez zV0D&|R$qXW3u~Knya2bpWW&-)@7k*(D(n`Zy$<%-R+jKMIubQ+h**`+_Et z477zy)9r3b8Q+vKSE-DXrrkPam|;H*NJ2O^OQ&!FZCeirQ6wxcW7E10a)KJVd_$qv znItLNMt#mk&{WFF6=hj57kY+bnp|!K=r@+>_~mK`vs6|(7~w=m(9?Jd-SiX%ieq-I z-h9;I@Ps7kOq%lrlWS*j$|M71zCy3&T3+-yyil{vP*&^|NHE^l##U->0Bl8}W146x z^bu^cQaqT6DoYI}@820gbHi-tR|YkpD7;!jKWnOyV-0``o5DMvwXG+pDxq?y=oV06 z#vgI_qV=4DkZ42iW&Ob#dRzY4u4SA@$UiHQ)K zihiOI9_yh>!ig{e8rT)#oJKazn(0Yw+Ii@WQHq5y-$ywS!KkZkJpFu;)vdk@VIb7J zT~VypKyOF2cL=&3lEkHs`631AHAx9%{?q~Bt^s7{u#+%|@8UR*ZYfd{(*Ae~+4l8k z8s<2m_ppZA?9IG?xMZO9$!0bb0$@cD`t$}YEma*o~dJ&9%(hmX^vz?4MLJ&PMOdPPj2uijn#srG?c>5$ahg`*lK36WPFUeg+!?fwl!UI zT6PPpQLl@3%*vZ%ug*m-ud0CWZne6B=Y0=D{}Jwr-%I{uZXEf&jDGyS_v4{^qKt?f zvgrF}@5k?(GMXs+s=P21qwndDdVK(yzHibWm#FMwTDjWyO$+G+$Y%x1^*#Nuy8Ie~ zYVV%sb-P_}4b|;{3c5jvi$n^~D;B7OE`B@yaC-6n;Ma@OgQLS&7fwWg3(qWE2VJ~< zes^73ZUewbXdyhz;^ z`@t;RLb$qL97PIO^YddGmfitL*U(SEQpE+;fXfF?(|D`{^u~sI(KymHOn8Hs^>FM6 zx#uG}LNn2P4V~4KZ*|P6{wLPc0m!R>BlR$8NPnz5KQ?k)wCtJw=y|v3#I}L%@Z6%;M1-8C0M6=pq(@D=UdMZD(Yr6o;nC+KC)@^&01PfGmijoNHS;~VHw^x#KezYaqJs(UmCY~T z;AVlOFyW&qj4sJ|uF%D(-9;`H%0<)mlR8|pv}qdkFUeS+ZXk9ogydE|r{!_iG>%b^ zSbFX zU`m%mtoI)hN_0IWM$F(K3ZeoGhDmhqgZT$NkB13IW%@AflLG0jTHR!MMEEB5)?f8` zSWGZ3^7DCvGDz>Vi?zDHgV;{;jC8f&H6m%u#-No-5Khp++cWe=_ku`rMLA1GM3MIs zPOeBIMG<-*r7RL!KcW?3LdPu7LS)-W!XhI6i755Jd_oZ_O*0Da@97{N_RZ>VB0-V} zjc7tgI7V1XPJ5YR7+K=7k1-pF0GS}{>U4I~4yYqJVNx|EH99$9IH3>ziOcUix2Oy8 z>z3QLGh0-c0Os{tQnYl-w@4f1qf-_WzlQ~h5YFU~B$9@BC1iM@=ho8R`)e`Bgu>Bc zspfM`NLiFe2sgeNHn7M2fxCLl^FTB~$3f>LWr9k^XWkkoK>~R~9wkLGlxA`K4=3Ia z{@fOd>Z;vZVYas1mM$=%h={*DCaAiG5UgkxN=@?8hb@4m62~fM$ZfRpQA~_Ako#6hb zKewp+@s3MAtwp#y*kBTOq6rEUim1FUHeey>Ah8Cb8W&d2y*!#GoaWOGHiuu4I z?nD#*QceLdp`0XoSzTnFTw0NWLYJr;6)Qw|kmnY4PZ_w^e1LiWa*n~=A}cvTmf{%q zqlhZB#Ib`1Cbr~Arx;m1_x(K3Ez->%aR+(AbWB*`z(YL`gbC%G$;+M&9}g2Mo$LV1 zx}c{l5={kyU$oKO(EcjcHjzLM4al6(XT}f;hcd&lBhRD>_>By}mQD<5nks(P1_>z4 zAE|)E+Z4z2za$FK2SIdN0@??02UQ}Cd$q#;wA2Ta|VydNj2~Jzrc)M1=)WzT>N_ zL}#Lbv5HmLu+mY?dLGuIHQ{Fx>o6QX>N>w>gLFoc2t`<82>+n#I8p?hzjJKeSCWJ; zd>+Vpt(-%9*}DTsn<4o&FlUP2G7-K=1X}3;onR>mH@HR&lb8_o?x=wROvnrm z>~PvZCKR`ifo$}!AUZ&e&Ce$}4lfn6KVk{hu2GuXR?H>q_r=Nvs_uDkOekf(U#LZO zI!NFMdQcHTev3Zi=;!nE6BNcYcU<5^->*0kDN6(~jxCN5djI4Q7z@G!v~MhOSRb`i zl`NL(GKLa{Vn`&fP{rvNxJq)9>gx$aEBYIIMckt9cKh<)wbCU_IMTr$4sIZL?A*Q# zCNR`EP8ud=3A;uFs+&8pP=o?UdEBdlzqEauSd_XJ>7a(<85>8OcfR`StJu)H9Ba`-Cdj67XxB_-!=`d?Y@$ZO64F47 z*W^z`>n3@vkccG&;VVpI@WX)&!U_Swc4K4uC}(Ej>K3CsPU`w!dfc0cCJ_xmORHl( zLT@O9q+cbuDsWwD2>O-{#jEMw;E1fv0r$5cnGbYVULudz#0GdUOt4uN^Y9~!ul2pp z(zo~AqOI0X^j=$B0uySo(RCjN6KEgR&;=j`Hu0?iM*lX@fRL6-6fq(;HSw!MA&o7T zz!-7=UyM@RYKilGwzvc)loK6xEl3Z532L|7-mF0fO;D(A+V0`WNhZ{JM>bK9V9>OU zC|sPdR48F0+G4#e~Vs%iVjW39xRtcBZ1RspS;bY2WVGjlb}+-r@OnFd@_w;p<|8 zCgJ}`bokn*Ly_bAA#RanOn}}LLzogSDOnMQ((^4~LQV}VNM9Kf{+Wc~fiNMm=C;cj zU>J~QTVZr_Ti)(JVTB&+c_2(kS+u`23gjRyj0yQ=tb4+u?n;mPCC>w4f)3gS9-4QL zD;Bc>3RxVJP>1N}Y-F513*E4Z8B0YeVtS7Z@fBqp6077g1I&$N+(}i#`gs@DA{Y9x zE`>!;o7%`r^(L9MUHKc~-UC@{YD_TGxn$!rF=29r0(1f?Jj;2dKH7rDR_BlPHS4Qr z-fSRY8-`>@Tp<$V8T=b9?-I|0TV`oPb(@@Zk#260vHlmRNXH26*z~@}`u*NOUOkU- zcQBYhlQdh<^KS+w96~EAM0kkju`mH{aEA+_gM$hB-nYVs$9NtK6Z$lk3;KG^pb2ku zD=Q>;fag(Z!kdNAVJ=Nr;lo2bkA(?NXz+RXusBTsJ1HmT`0DwB=dmzBhqV3D)8SaR zvZ4kL@I312aJ&#Y%sm}e`0xh>#9L~s-p!6s4`i2%LA2^b#Q2KgSCJf;??QlV%Vg%@)af5&5(^!mMDVKT+3Vbd6pQp;{ zaZ@a5r%c!wj@~|pI4?#1=}ZuTK1M9OBwP&XXeMM5i%ZeO(TFBgNWy)S541U=0}gR5 z{61$Rzi6(x0o@TCZ6cZ=#v`qd85mbeAfVbzBOdD$I0_y_0|hCW9namWg^BPy=POLh zT%X>U4Ny!IBEaKQYooMx@49jA-7p72xuGIWqDiSYR0JKuS@yopW^`gF-dB=;kANMZQl7bI(K9V71U>9_h#>9B8f5!>Ju^P}=cc*}W zcDit6Xj54TACx0GB=+*WGd3dT=!C!-CjU>!5+S*c)5-csuu-0AR-lL_-$`SWTXdI? z7(8JWF#a{Ck{Ao!^C4Cf1qg1FV4!rW30{Dg=+RG`4BH7U?5<%xxa5$0dd(-F-XFg{fCTWL{eBNh8Da%~ zBnq=K8+Xg*nN1Kb6wW4FGBwAyH9AmqSI>DhByj*_Xbt`J_5kf?lBG0e5|JCM_MhkJ zPQT;saZxjYRfGme6QcPB>mGw8iU}5)%yvuOe48*2g-=9}ROh}xQk+=uoHQLya4|&@ zTzF`LK9)vT94LUP!GN(rOdxk~al-iel&qY8*tX%@lW-&OAoG5{v>gw*-FF}xznYT{ zs?HmHs=m|}5OU|IgM`FMgn8ui>l^3~4v!PgZt^Tnf@Q zzt8N8!uJ{ra}bD*#+)^i0ou>ASdT}sS4JpQ?+9*i#fR8l9pvPR`)s|?O7e5-weY5m#8$xAu)cZFJTC8)R~f!5pXwf zhX`nnhG^d_(fp$`*bkEscO~^!Qi1f z&^oB8{%O*rsm_R>!?BD(U-*@MMDF&z}2YT7Mt91X7l&`9Px=+^F!kH;U* zPd=Rg;W?Z+q!=$AyWDP(cOY)bpQrA(BHugweDdk&@YTWlvxAGb2fuxG3z8&C8O@{Y zJ^6I-{`JZ6;rsJasfzmN$)}^^UoT$opYLD1JAQpoDtbyJA76loNf$jmI6wXE;^^?* zVYyAc{qko)>fkis&N@PKR>V>jRIzrm2bN8`)!ho71+DI;W^aBb@dzT5N?Tr3!jn!l zwL53J36eycCE_E@9j|KnSKj$4=6FP;K3nv)FYvs{j?fTa5ySF2_X$o0n1gVx&LEVa z5mskcLQE)AxWvmL83PFb8&EfND@)LYS_X09aA4#HhY|^erxq+biHa6Lo&%I*qaNV_ zI@atylS9JM5UV+H_yV1m0=mtoSrxCeD^N_qDD|VF9W$@wg2*gY7!hS)x#&Bmu1&?z zq>1Frx5kb%@r#C4xWCBbcn)+Bh%vp=LDGQ$2&+x>cYT)F|1rCc zu*B-#zr^NWWdFC@)&1YveYV>FkMTIH_-d>F1D_@Kzm@y?S{v%pgV}^&?*8Acp8vah zJG-m>{}_*6%Z^vNlp9J=dZT%RuMO_%x#wqz{cobOFL(C;YoYVMRoVaB?X9iV{(p=o z58A&v{r{2A68ry}%Arq2sT>;)U{Mk;Ds3-w|N_HW+$Z#~=Fo8bTUR`TCRc|=B~ zy6+JoQOM~g(pII$O(Tz!PLm?ar|={hr7@P;Si?v8&t|Sk*LDQuk42c!Ss$%_K^Ni# zLX4<>vV6ydaCiwS;nD!L zIm(Q2Of66z3s^uAX`3u`>K&Bu3-j~hl8im8OP`d(tM^z4!leV6QRn4v3cCf7k}$A< z1@NoT{e5ix5s>7{sbq{X+;;4|A07X6ak77Uc5qtyXl!vB3U%~cHu7mVb8FJI(Z0I| zU;@hNUu)tKD%)Y`Im^x6t&HSbT_e37n<1x-V*f8p|D!})=*v|?lNc?=8y>eN-;dK0~s!B}Q{eHk>+ z{UkVc@Q(}37f;P3d-e@XQ5mSOeJ(%NvoQac=T^ILJV6#?1!wbr?d{#&s{P0A?sjX% z|2@Xz@_&VcO3B&ClK!de-%Ji~CU00c3Tb2f`{e%2Ex+V8C35rrP4xPuy_)8pvFcU| zX4p0Zj&?b1f>Y#@N8f$k0IwX6g2k?aY80i{uCKur=67UHUOna*`aM7D`RP?Sbs$mi zF5_5gA&isA9cR7bOj7CYu@+*fG1Sj`)uRt0`d3EUxzB>xc?I=`d16 zk}Cun9Uy($8OCGmJ^*1twrHsM67AMHx2VElT*v#CqpxD$*0ZBl#ns0BSv z;&JIR_K!RW{+V?2YmuPp&@DMK31@YCn~;M-M^MV)-!uuR5KX9EG406~#svTW?EU|8 z8#(eIi0|L^6j*9LVaY3&M9Dw8`5Di5)wa9a-?rTj$=$Pkz77$r0!diKLUo}inPYk5 z-rz3cF5)8YB5q&fp66cR_7N_S37~-bK^7%hcF(A0qD@udXCgC^nMh=&3%o6AF2VsJ zhvZp9;z|M+=&A=n;b-S;jhEz`5yHoX%7uBjY75up$=AmwA=tyV4fe2u!5(g#d3K(N z9cX*oov)8VL}%KPWtCkP!&JS3$X;au z+!8!E_We|_H!Wn;GT~t;jZ~zK8LTU^2jr~#6;q!7`t(mK4w$DQefUbxgf;ki@Y(Ux zevb7pUZgSma8*h4>XcFG{yK#DSxM#w!E~GByc#@LDi&Va`ZCOxXVVqwpMtd4P_20y zIe>oIt{ALZX1B%HjR$)zz1$)y-sBi>91ZJRkL3Sge{yuZiJiu_#s9&EWU#;g1K%7y zBbw2O7fXW!^`$QxzD118nG}mWVlvbLq~#R{cnj#5ilQzAu^2*KVzUq($~t{$%*CLL z%q@Z*v*@dXk`pCwe*M?LV(^dR=~VY)|L&icW7<@<`g6V9uYu>x}=GUi?p|nKi&E3lW2@n|#3gvo57GX9;=IgN9uidQD0G_sq zHaJ6UfW~e@=84E1Spkq$A@H9ZOPv{30e;@lCQLwxAsJT;l6rmWrN{IiL-NPsdP;E% z-h*9UM4bV;!~Og+N#nT2^dI$cxq!KSQADQ!`lm!}m|ItrPA4_&FIRJ~ zm}h$pU(tPhNCqMNuNyf?p(BrGEH9RygDCLSW3t9d&^EQUN!^xeDVoHW8n|wNRKB#Q zU-Q%1|C7(@l*x_n{``ma_kSK99#rpt9vnWtyZ?DBkL&-5ORQM1l6C%c_kCdaSQz${ zNaQ(-ihz9W_X@9Zb-_O;1qjr+Sz9RjG7|l85DvZ#SM%6w-zB)&vD!GKNg<>D!T#Xe zZliCyd(gVud_B`USbYw&+4KgMW-$B*$=Q_4B41)I1*I-e6lQ<@q(ev4xm{|bwsYm^nr;sBj5 zvSfbG?uuoLBspPG&I;*LOw1-c)q2cVzF-w_I}>stXfEI7Y%1aFb+;?%_D$JY`)x9} z%R122_C9C%^v?n8_0-V<|8fONqHz}DPq2(F?f&2Xqr3R8xAL^y|AW=m7eX*$|4r$GH>2uF<5j+QPIEt~&xVZq z#*{DD<52M^>p56wR9C(D)qQCCj6{vY=48rla4d})Q*~_siC!5nTt}z4l2thL`!6qX zebIHd1NchT{%YfCSpP50$?l%3Je~Ldd`zP&S%25>{|9yZ@BUrk!KX4gnlfJJk$+H#I$&X z4R!!y+jg`Vzh}`Zjc~;cl?~?%r^Y!X8A~{m7$(Y}NavMW4+__jrcwm4UDCe7}E7jO<$l(QN_b=4NZK_Dgfcf1RgG{AYY0iTPZl{e+KmnlJaBs<+)_fpzhJ4-Owx z^FIw9-^G8wm4{~hS4_h=B3H3Z_s&Ck{L@fmP|f{~)Ffoe$$ znVe;G)sS@oQ$CU+ou>JU3Z{gqalZJY$Z7h`H!JFtWlXIPfAIdwZgc@XDvyf<#WG_< zV*WZen24@GUz#@l6`m{e{|!y-Ao;*2G8lJFF)fEOY^3-4(8D}Am^|D`?Plujl* z<;5~AvPNF8j{YCk&VL>~KD?9vZsqy-u}}8ylV{+%fQh=_h?tlqCHMD8|I?>H6+`z1 z(lZDWB1VL!Y!6B*ZBCWu6B7Q4dxUMwd^cqZ@f)2d?d4P%mPqC{rahLbP1Q;?_uA6) zswyyuH1-Fj|8{?W>6N_Nb0hRWWogkz6I~MzSf~FD4jxwM|M7#zcky3u<@xw=?>=Vm zM)ji$Wzz6B+<;MG(A{wd*gma&slJPZylFVb#&Bb(_+sO5uXsAM#&;>sCmxv zv5@SgnD$6WK79%j0Wrf9cFvL^DRLSyONpO81*XC6))sBjL)GApsw2H5h}Fg*mPl)B zSuQ>-_0Zt=kbL||LUKv|ScrlVhfj2CaKhr8&a+U5D$`Btx4QARMkl$L18duEZ$Dbd zLd=hfBIn~p!K8%(emJG}ivqLDF3BZHc^b2{AP1Ep{P|hozvOch{9hjkwTXXg`Tzc5 zmH$6_G`QpcxAFl0KQ5WQUd#3TTo)`^_}+a2`v^@EaUsb9%!Lcd$mlO9UX2Kqgr+*+ zY|NvA#5`wFkt_*MNkmmyPaqqSSTG4{DW)fJ#ZlcV89pJ3C4Df$9O>bQ9=Wt9BhXpj z*&B@Dr)S{_cTL}1NmO^-Shwk$ty>l(6Ur0Pdplz}XwYy8T~|rzoFUYC!9@zrG%4f7 zjO7YUqtNf-9!W(`M&+M8B}=i$iDRG%$y2v+2y6bwg6Av_dsW_j$H)Jro*Uu+AU5<% zv7xdPtmXfYD*FH7{-c9C|Ib@_O8NhSCke?}8nc|>ijs0gfpwGLj$XZlNT5r_+sDj0 zN5n+r>TkFS0dnZb2%@8~!(LJoNG+4Eep2k-=jK=12lO^z*>$y-_WqyX#e<*ESq^C- z8j7rK)$rHaZgiu=Slg;M3@zfpRoA&=+zrCNoXhXubC@bn1C*~ifk)QHBxPtvW?VwRVLCj?)Al6=TMzT$7HS5o2aoRf|7|?T7lNa)EOHuw!BI?L8&IqI8dsGRVmeJ& z=p7VlJ8vOu#0sdU*{U^DI?asGGyp+mf$@k58F>XlZHktprx-v_agLGKLYcv5mxyA< z@(V5*>GjAqnw4dd^K`lsbYNOeyMIP2_TK$qG-bue7;b>E*8rg)h``on=80IO@h$}4 za~8rta+gR!E*ObuN{VI1`smw_3wOrT_=OCDzcWG;RgR_w5orQjh8_UiIRNi4F5xhB zSAXH@l#GCfj|iB(Vc7O|O%Fcx$hH|bG!zS-P6L{fQTt)8w~XP=XqQ~fcr-Kfr77vT z5b3EI;vJrm8sDhA(*r>W_3A3PP_(~`IlF)ntF0(>F^f;glojQYc|*C>@FKmj5J{_4 z6N6fEOs=0~%ALE&{s()+a|2?kz|2^2hyZ?DBkETcG1Q=sqI??ok zk00BST(3R+(<9rsNA=*(V=1V#csE>FIs#SVvguk={})@-WN!IW1Ud zA}@tS68A_Cf;@jvErPE~2fFpg<{i_Twjr!N?7ge!m)kKmP0{{tm{VAJ<4#2XB0JT= zWkT{oY%)Ak!yAp)YC)%6nkwjY?Ide6zzKM}i3j28K9c1;EheP*Z*uS7ZIS?X8=pJ2tjTb#5gQ8=9;GnXE>mFHR}t@G9b|Mc&~PC1N_epTU3@tIEn! zy4%|Nfv~xeMC7tb&$XxgaD{0VblPP;tsJzSzOPKN(3dyE z61$MiS!^)$gco;@vP|FmB$uQRC!iZ`1d|sq^f!wnAr`|hL>qYxF?fv*l}_y)BUy%# z=!O|-%yK98TM5_9dzo-qw8K}1PU*pJ$ASkt*W#qLk>e@>nN1Q}z>tSe2>gqi=VxK5 zU5dNYu5rqorc-vs`qlY9AvDVra+R-Ev*y*z+W#x?#@jR`4U1G1#!3?IRJzi&>zZ%Z zIcz*$#f@!CZY|@HQTceYy5ddfe+eD4!6f<@=+e4~_0%vzIYSKYt-26G z=RBQ;x?HFgGH7y6Q#xhwcgwO_nq}eHV$AZC6-vJpd%946tVEb&3~v*j=x{8yDajHR z6(WC$kR3j8Zfmp-O%s=2w;ZFEQEiL!g)ClGJ;MMh&P=K!amCr1cwmRGJ8AAif81_^ zkiOdAt9P)|BK_iG|000$~5^c+@zV}w$J<^nh;sVrz3t!&I~RS#5I_HKDKaG&sbgYjTx*dz^aY3+IwwjGw+kLs$Y61{xZ*v$bT4v^{W0~hl2-?YyMvk z@BBY+<*DBP0?w#U{znTaG;O1ygY5|^6%#Fkxl6O9bgOA;FDfR~B67|NmgW zBL5x2mC!r+?-m}-G}9R3dqTiBWRi+;>Wzy}Fw*jjqD!63Si~os#e|xhqF0oFtej%3 z@>dcItsu8|pL|bwqFQsM8>yW&X&T#$??dAI@pbIo6=JYo!!hwj|8HUeYO99Pl2CUf zBDWB8wm6+mLWu^v=vBh1^!xq5i_tm=&UhLR^-)`3GC!A5*SiRk(vzxT7EXNjj~{*W z3cSWrXm%KurzxxL6Fo0v%mdYi8Ep4qS}|FTwA=jrbt0E!{OAEoqn400|H}K*jqrbQ z(O1jbpNqK33b4-q|KM>||9|}O?)>L=o{z2mxQV!UMhp5%C^7l!{{K!h&Hn#xfkyv- zuZ0`*|99H;{Qtj*SAAtW+V=d)y^&VjxOZxf0Y+zb)~|Y+y?5Vpn)*AtHD7+W+tq&k z-lVVZ*Y9<_&d1*r)QjSRZWVZI+K=&0{P<_NS@N;G)nG3Xtirx3^8KYw^>tT@6=k~U zl6QLL4L&!q|7+vwmHqz*k8APY9t`g8f8WYeo<4J6KK5P>-U5zjlCZesL$G5}&2q_m zrRfwx?G0(9I6uBuoGo~C2o4~Uj9Ek#n^QcN{A7=F(L6WdEQvArc*5tr!2C|djCRo_ z4c_VA-->6iPs*KKiT&`2JUWD*e15W+O!x=V>sPg`($Db+e$G-tadc`sr$l0{TuUaD z+xgTJ#9dbA+dgBq7)TYKQB zAtHQ072OGg7ZWoRwVMk;5&;^gV)oJwA|~TSq2B5#74(crlI1L7F-s!`!XAtQgc@3o zST}wFehPAtWjT}5&N&Qzk&vr+mHO7SpnvDZ4A-r6{=_4k-d}YhvA^|5PwFDQ`Lb_* zclFs^*KK)Hk5e2zS%1=0LCO%TdVWP8Ua}P0n$r(tTQ0^5mfJLr2V^^8sp)QKXNT-V zMJ>81aV^Uk_#i4&HVLwDaB5LfLgN^s2hs#qheib&wRMnw4HWIu!7j`_6Y$HhbhB*+ zc}aL$?9_?K^C&mXn0L+r9o)h&-whNSge3c|$swrfGV}aHX2fmxutj^F{UUWV3vf5W z5>A>}MS*k8(XrWTF;xrAk z&IDYc)PAw6t#|=1Y^#xg$)v#75`I?er~g-I@f801w_b=6dIT&int>}YpAd6uY+)=g zn~nWjt@>ArI^~IX4Sl-$X!RQ+)zv`aT_b@Wp0pRPon3+TRog+OuJ4&3cN#mWuo&Mb ztd6_oM6OB&jf_asfrFchFKLHIrPH~du~-VMquQKeB`)par(j{+{3aqd>n<>NUPykC zaACw9??>2=4VXXm2v23fXxtr5wC8IJ?{+zf{#{-k$yt`rh>_lZ>XF`QZ>7|A=W_M6 zJvXBNiI`a*)6Mfg>_2=^_5XkTXmIEMbt})u=J0p3t57Kyb5`bJhoq1x z(|41U+EU^MTuAB^Z>g+vyK&jV8#zAvN=}fy17sJX9pjQY3%7zdSBo^BfL0F_HyF)d zO4i#pniWMlxeZriqgt%dE(jvG2ijvQjlqc_&JZzKjlUbA`zF!F+)l0$TNs^KUR?*?P^lW) zMsFg{gL{j{w0lw+Yrh^zrBj`cO_|;{=%iDf^}VB5fnE8fDvx3pe?4Zro(8D|cm9 z+Ogn9UAoC8Zr!Br+Fex{)-Oa?-Jt=G@dExPXsp2FVv^hGZ90}$j4qpr4GzA0_Mnbr z*<8IVWj3z%8sa2%LsT~ct$=9*vc7VPAB_nw^m?X(Q~-k(Ma9X-jHSljXx*}ev3IRU zJTFInHxbqkhtP`Y9ruumLlcnGi9g#~oZip15#U(L1~ltx*a(`2`J|2Eq_v~2)&Rwb zV=L!>V|PI|1KcVyZGl^xdAA0)7SietH?^=`cPztG!ipbS(~{OgGq--y zC`@qiUPsLoB67J`{b(BN9gU``C}2;MHt5FnsoiOHJ<&H|?-j{@71h_qbahI1fp$HD zZ;IjeHIe*kplwFyn?nuqCC6=X$tm-%jlty!UNe{mO5BJLBwn=eu09 zDtrAi-1v4T{Po@Uu7kGG*Wot(RX)pY?{=(f^UY{Sy7m%XJTn@_&nlY`6N`Kf_~7<~ z`sQK`+5V9wbFeTfy;SaKe-2^&Ihx%$N{DR4T{dy%a54Ytz8qJ1Zess0M8a~E#jcY7 zb^qbvgR1}EgU5I0zqj%<*lOO0m^e$?MPqY{xB7#)O;#C2<%F=Q=(Su#+WKzke@(4_ zCa;m3p#O80kA-Ba!d2-1@WK9|O8CMT_|Fd~cNh_4gZ< z{>whUa`E3CXjl2atn;T-0Ng2meHuUmaQ`_~fEAe6rUR@%ycI>Rt_5t$uR7+Ac4vMg zsiVsVQ5`sv-wBa0ns(C*Jc78AV(^7PHc;@|zb>p^q{UU?H1L76|25lSzvOde`7fNY zWX`9l$l1C+*6V-O_+Jkm?BCu0zLjT-yrD(Gl;Bkeg6oN!_jtiEUqMErGsyB7Y~h9` z7g;9qLJ~P+Ndi(InbRVg@pP)>g@hLToRN$cGv_@`<6w)VY>FH3c9ydV|G;7ti2mbF zNPbqbh)AKP8WK@_DB&p!gYenO=}94S7HpBHfQaPRrzeWP$RM2ZVh{d{!w?y3KnKjnG4S2i@J(b*y+6P_>`+z;hN7TgcV^eng^7IXDmk zU|_Z)`i!14bE6_+8CsXK#W>*+UMtl3+k53SoHdXlDD17=NTla1HL{yn>LWA{jYQgAyspW)WG6|eHz&d!QjFH3xdCS%*C7*JR+l~KOP;w?Y};H z^&IQq5^!mKgkc+5iUle?m=hE}jlv*!QIMHPMJ~yxDUO*cq9X>5Mx(i+(rCuIL=Q~M zsP?1LX!Tr;gUzP%we>cbbK{h&p|P$$Z8x=5m#G6yZ#r+RwDCf7N#;T-wRRy{!lbNo zm5{u!n!8JM;6{WrVM1u?w3y=s1e42I0QLcrGb%A|=^0}g;YCSbR|cw02-^jsUevIW zbESSE*<|4uOEf2R^LauLRX#66s}`b+9;bL=srRR`iNYFFIV0Pn{%GemBhR&f5`v_? z6>rTThEGV3_H(9IvH73l=SMGJ{?<=KI_=}E`wB9Bj4jX~v%U>V+Sk+Q^PQ`9$SLdMGCw_CCG=(q?FKW#{^Ie%l^*$nf_ z$fX(wE#6rrzJcE9Se!GA{aT)$<}70TT&=yuOGV{+l2aw*Q!!sxBZi!`!9cf{X_rcm+!xS@n3o^2KFIQw}~ zy=ihDrlVj}CY5hSef&P!ZTnJ5jf*JRR@Nqk9cd{_vBZjO>55ZOtqjTd)`*OeNGE){ z$c^aBB^jOLPQRq{WTYmjegtR}9R`Hhu7~8~CqlNoz@{e4I^=Q|6ZSrx8U-)aiqk|%qlBHa zdBN5G&csTUsVar|@ zMR`PI{Fp>eXu5=x8AU5qwY*b zRVzy}szVMlV#0Z6dD0t*6f6N#p+(j)v!U?8)D|0Yk!-UMRIw8vcf8TA#7Up<45=uj z1fgJ6^qXp^Ii1I>0oWfunvWmL*t5=7GZV5%S)oAGj!df1Yb^BH(a7m*sCeaTVYCKg z5kP#{PI;a>1sCf`>mI7LhJk z{S4Efxhv^ z3@fxBrxJy>cFK=a`4ozLcDlDcDIqEF|N5G@ixNU#**0MZW{Ix^YMJY}DzUZg6MPQG zU`@8x8A~$l;Sn>csbnTD2-X3a)d*&B==p_6RscI1DoUgXAl=N}ayb8pXn$Ae3z!L%Hb zlzmvp{$Zb|vY=_iLSr`!qlBx8^=((4R29s~nPdzX#>))dZ*Ll3D?V{;M34A%(p(=Y1Fv zJ6AA)f-sap_)WMEf36q{owBs(+}GJRQg_pzi2Q=)G0WW!4-VG%Se%eDiR@U_pN&;tIYBm&$i!>2b>7l6d8Z|`~Hxu4<-X7aUm&wy{DR zqF#>B*jnO~PdQS6Wlc#do<}8i3fpZk(vDPm+P39gWX!m~j0~Qa-(k#(BUQ2>*rx)n~h6X+hA0iati^)WhI@ zos=4bM2$L>M3=Mm<(zqqT8U=Wy@<9jR&dx(Gp@7v4axZ+IOAzNBz~|P?x&`c1bN; z9$<0x4!x$FVwN*>pGDfyrsvXm2f6E#Ohl51i;Cyo1zm!lOvNGZIgMt{aX=ykNrX5v z!C%q2*9Kd~Ta5s=KuN#)q+DNbv<|NgraCiQFj^BYk(_?zOce|~UX5D$YH0xMTPqOZ zWkdxVorf}Z9hk<(QvgiZR8NK$Bp0F}2|H&=qs7`BNquJXw4XK4Aesw-&IGc)GXrMZ zk%jvWcH#vB(EYe8xVh0CcDVk!Ga4v`hW*f3bhSyalxcoDdiAp032^I-Xo?nUbNofM zyY+-mD<(lieUa(-cD`VaKJGv!=2qQY#B4W+7P1g?LW?5j<3+*bF8Q9t$49T;0QJg6 zG;5Zd8`(2X@fFQ(*h!^PP0X3MUlzj-d-#s8M?EBH+z2lJvf?3 zlD_}C56$j*!`N#o()Wt=^-+=BTffpx1kteW4xvTKLKZA= zX{6J7`|qV1?3LSBj0~cmT#`ck|0U#fZo`oYi*q{9+E>FA(9s$kT*((8=^NfxMsy%> zJnbJ@W8h)96QCV9B%Lt4KY+Fe$9KcKMQ<8VT--nC-ux0kWio5;0aVHx2aRqZz{}-k z;+9*9@)nT|oM9Sp53hWYv7{_^8?!f6O5rY_pS-3l@rPnX-&npg99Y_v%}UB^Q#b8uD>6Qp=4MLXi0 zvCp{JCNBDlBKu0GSb=Qf;u$UID-nNwS7)cM4qm65mA+*k)kIvx25f%J1V-YaG`gjvGR@aAHPL8wU#=Zz|4t zez3N{`15H0U|&%B8nM~Wc)L;(ucp+k3*k<-V8v6fE{r=3-H<$9&j(y5U7c{ZZT8~B z(wC(%_31CiFKbuSjEHcBVM6xT>e!l+fd;?e_V1kq6@tha_{HL;3AJoqLpm2q*iI6C zBP}Gq;4Nw;O`zF8pXz9LGhLsh6Ol&>*_4D)h(KTVLW?hmAKPH1`#EFj$&62m9kt-< zgWDcW361AmO1Q3yuAH)Vs?>fk)RO$N<}LlM12b z#O1~^K=Jxkrg3iLEzH!zt?Y(2uUh!? z>i$p(7Ti2%Cot^iCX=$O4!FNj;aesYH`wkqC}qR-_9HK@MC8_3n01skM`#;MWxC!9 zl*R+TG4_0o>DJm2r=9PY4q_UI&VuW-9j0%1TG4EF=alW~_^ zXh)YNiA6P>VliWL1cnX~KBp<2vbY3fU;@OOy@nFW=p2H#u@4!`IZGo}TYJ6iI`X{^ z59bRrFsz(2T*HEI?{94 zmAe=~-XA3N1y?$aoXSk^%5=%mRiA=ft#3u;0VxNbvz1#;CrQ`&}inO>kK3wrT=r9 z7zpQZEqt=b!KsO-=o8_@3ozw&T%W)mHk;AB;L#$XiaMC=DTNwBck-0*LK3?--~iZ% zEP+E(8_pl^6CD|xaH*$g+Ff{M%2vC9U+`5p4j7IHPrg6vTc)1TQT)mr1uJ+Csq#qwN9oz z0(ZUrO1&=x$ppvx=x|_Jq&fN(kcmOHtJ*U@hI#8GUb--8{csx-LfY2zfVwrO2-ukm ze}!#`C~`^M-=mM8)R31<{c#iR32oii`DY9hO>HPxeK#{w+Ug#jX4J>;UR1fp6yE(_ z;>!su>`f|w&mt$yCnW!dJ+AW+#-e0A{6DR zPxFnJX2>OJd#?{&5$Vn8n(Tb7NqdT{7(t3Wrul8^Y^ynXN4xZgvZ7O_GM>_?1oDm& zYEb)$xdcoXTE>a!EZ0}4z}uyi6l*gqV_7VuzJn?*(s0EL-3wf`iTWR_++0ihl`CLP z|5SqAQ&-=@3JO5R)7ytw?R&nO8RM-DeN=E{OfFPC7o9)nx6uj`vJP<|=}cB!?N5@+4nsh-+ zqXiLZgmzsWK^tgMiev%Q45jRTfF|64kO&M-%X>u9GX}%*SKH=BfDuA;Ni%LUSX{_C zJ!81-m_1HG0_?tfF-us1W=<_>Y6t&$g_d=b0WtDVBBngT(s<)UpoVO)K_OEZtmiTZ zE|)n7$@e^EWSUc+k}@=45S)m)wShtQPQb*0R**0t}b&2 z&T4CD#|AMnhOM2a)4HlM zJ$8?qZ$7<9mqLl;L5L-NLV zV+?}tEKl1luc-PbIlEf+s5wANv_JvB2+4Pg!n01#oMW9F_kLV*ecGHa9JN@XSzskg zq3I8nM<4QI3RY{|#{;KSDk&*dz}3B0hl$()rzTQ^hJ_$BHOvGZb$laupsl%0O=9*- zM=_(uo^5RHXwNowYzQgnTC%N49lg^E_wZh;QE~W{9+R&)|IKp9P{9^b-&X~fWT3ds z`dE|yaj^fen*VX|=-}|~{P#AVN;Ho0zOl%yujwEh9ESV8`{_YIv&{K3JbWB}6W}hv z(ugxT42&zMf5=%0oobXA#a{ZF8@L`Q=%Qr@5)Oj6JmnaYBj>moqwi*kSdupucabPd zNyPc`)R}A;oUx_SpK#oI070LWR1nN5Fa1@`6|Bt2nbo^Nja-2FJ_A| zTo11lw7`)fou>JUil&6A5sw$~Klp`sFVFbv;}sPv1+jK3c?ZQZV?#o-Ea4FtkL1-@^xk8voyabjSa1y z`gc^Wjrv$k{}1;cJ>0L*|H1yFJNmzsXN&avSF_49YR9#6mMZTSJ&WrIp+EGoliz#p#AbW-g$@MA*?V#LO$r@WVAo=)RFJ} zut2-E0nqQWoJA}KpEq&Nax&5pskD!@Y1gE!)1x`XNPk=CfK)wL@=J}vK>uCBc%5%c zH_$j~j)U@d*~?es<8x1udxwr%k0c$`_VHeBG9o9m zQb^w50dpz}wrh-Z+Hf3fL0SV7YY53h_nV&@gX}7bs&yAsUqM8`V2iv!+n$M#QQ9LX zB6p{)$gWiVB2VAjBLCS~|4&%Opy;IB&~(U3FA$RqQrim^pcVJi_C~;F8#2Qf`@)9A z7N&8Gb*o0+HdIy64z}NK7_YCnR}-c5dMna{G;H^7TkFzwcw>7}c==RDrF9`}uq=R! z?5MOVjlwcl2n@Lb9%o^#{f&KK(W204Bq5?7gvjUwva-Dn0Q+M>mmwE>WhLk5^?+mz zDQf_NHj7IP%GaYgw~>+C zu*I-+#?=`-`~5(&)@j6}yT*0#y+14o{(Z*4zFX3|iGuDXigZIRRYqXE z`?T#E2sdA(3dC5+o|n2dF$`I{MP9%aER-bD*mT43%GxeLyFJ_tFuI8i%*G0yS+|iTc%sp9rzwHV@7DK`4>$RJbN=6wdSeb=|m>tqY7Zw4qP?bZPZQ% zUN66_hR!jQVv$EWPx;j*;3MAXt^N9X9s1+tK2y|&a9q=v^gOt^tU}0BH3wi z`s~)Bm#MNcX*>(|&hDLguJJ(Zypk2yLs-(vyApr8`yzIfT3Q?+M?u?{=H<4Ivfa9M zvIP2x`+}`z26_D5(NoKmO7@tKX><*y=e4??)vfMDxBEuK#DI+84rf`Cq8pi^XIgCh zKzvx%+(Chf;)QPOY(Tcb=j*5}1vkD*ht1!&?X8lnvaLQ%h#{#cC{BiJi8^JH{`imu*AonUHe z^Eg5I2q+GW19N)Dq1hKTn~g4%Z%9=Q4nN6A7t;skvQDhvtTAU zLmLVG$!?J)ATKXi5%w5u)!D*P(LWZ~?Gm-OusEs5cGNK6`^Mn`6 z4r1+$<}qNh=DOC=u|!~}W0TWTD#i^i2O=e=jTRkeG#J6VLKHMPg~IYwOVM@d!unW} zM8H+nH@@E7q7Qa=x$MRR+)y9QOuz}c(S**8N4p-5hXiir8H{37@?;4^^%q;)rPK#Y znlYD=LYrWVWFn0bG%St54kTUjhG_1JhdTVT92+VFi2r@W|FtL+*+jM4mW2Tt8uRQZ zGIkdb;+A(b9L(n?ov1Z-Xh~jSeT))zx`b<)nhlgePa1GmUviaURr57sH@>deOw9#(STYf!Kc;y($REW8nSf7qs=dOnQ&P};s?dAvI6^H_@B*ifuQ~cWa#!uu zj&1M77zd6Gp27{JbD9jv;lA{tWagy+BNheTUV>_%`QbL;vO%c)dF8AjdRBx&-cbLR1X6@-zH+0WN7X^=aQqn{#{u@ zhcehKAA+-~xEqMglVG=s`st(Xxeq<>IWy=JRO1aNA@6M3h~I4?LNFoz(0JiHUyxL> z`moG7p#Zh26A@pneG#u~Iur3#TFykgreSSeyGrA_>Y5H*q`OKl4vwzq<-HhRX$rt= zq*kJ7?B=lCtn`NAZdSUp?|I7l#Uf??Hf4Nchvcs-cMApCh{-*7M^f8D z*_3LWr_;ZgA^x#o3w9bg$^7+5j&WjthyFndCK1hO1Y)`==S}e7;r{-}elmr5FF1v??zs}`61oh@ z4@$<1#RB}SF)|~|msqBy&%^z>^kJyBa50%Q&d%*^{Tvj~np!)CRu&lqos1Yi$6!Ja z4!$Kye+5k?c2W*|v?B|V( zyrNQ>MDZETC5v~76le>AF5hLY0$tLx-^9&|k7X}AFox2b-((q3U_{BzmwK&wRhXlG zIM4*e1zG_ySLHd&X=2X0^hF9+v^t&eq+q!Zd)>PeOABWTS79ImkJh3T^ETOqov=@8 zPcdSJAUWMGfiG68 zao(SOBl|SVdcV7Kae!tf;vCK7Y|1{^3|7~kOSvtSVQ6i*JM7DtWX-9l-e$m+OcuNL zk}0*ex*~M zet=gZXK@Mz6>$6dH!GqTKSyV|pwTQIt3S_K!g6R}M)R@A0s8q=L~+k5>J9@227<0f zZNw^f>?04!n+E$awdUqfO2t~(PFlXp$4KEo3mZV;Csr&X-0E8XUJ=; zLc9y7!RpUl8(za&7c>b&NPl|9(h@w9ndHlP&SWOwB5B1g;(3-i#KAEQfZC_bni#&A ziFmIx#cHrSUKel=7lTJuQVwsCJ{kE~flwF?)h_16?a&>dbvptpHtb?cu|NV-eBFsh ziB3I$dZV_^6!7a^!6jTRSdH|-h8+2PHEeBC<01h!J;3sPES%;o1|t`KnL?#V6f8 zo-(gy=xTY4G+{)8zM3MKPfoL(P56hQ0k`JG+SFip&azBjkO_Z-CFLSk-uog4aQG^X z*hX8y=Wcy#Mb0v;xjp}UFUD{hYY<$nfq3IyzSS&C*{}D^?!6jG+&#VlMTnC@c7dVF z3IQh=`q132Itof=(Mt?fG86DIwe^B>p+$CZZprZkeN-RD$XS^-{IJ&*ai}YVOGgmH z!{RT3QfBT>=AR#`6lGA6`=i%{3mDK>;}Fh zXFQEV!r73F^xE|yAq!b$eyguZ;1b8%rj90@C9&PwKy~2%P)INn7w!gM*0>P)nPVNQ zFPa6i=hg#`aiuo{IX+oQxAO?;X%FF~6vizlt3k4n;R%0(~Syxmq1%zgyP+n(HW2>Yu9v{9 zq9THG!DA5Hlo&6ljcRxF<^`CdT)S^6-BpbB>Z2MvzEv9)v!3_()#@F_58He&9(>jJ zv?ypaJGJ?+!2dGv`0$T!-@YNn?-xaGk?Q*dW%v>;KBL0ypX2``S)(`)>WGawSW=^( zcaKYq!V~k!5<(HNoHZW0SovRnboDm(+~wy?i_S1HrO%Zz^vWUEWbzdg*hEra0 zD>P|2a53T@o)IFy@-~#GPCF)Rxhf^g@LEyAmF}&2By^#a#zF_%a8>cvV>53EEHCsR zEH`D#>ad>aFs^#um9VY;9>-!Ynl zElUYgGe%?B*Y&}jj|Qukox1Iov$q{bIg1rwX;MaJbzVWXcqcZNbxu^E>jL<)Ef?CW zC%<~WWiD@LI19;gYg{woJ=ajgm`WaiH|SV7J<4J{dC zs+BlkAXsz8;H=8*L8XUh(*iYu$Tc69I{VNYhB+fr+|4>|W6(M{SJp1rTtblyhbzY5 zgXc{LZvrQtl>(WrmB_ud!a?E0IQ`wxhTv>yNP7Qc zi<$2f{OwL@RPb|liVnY*t%bD}!blpY2}`HN>{KeTK3-o>%L$nfiNW0VI{M&V`$afj zDsZ5%aXp@%f~)+-6?3%=EM8X|;TVZLU!Z!pX?Nh_(_UQ0r;hH&&RJTl?Lv=9X{TUr zIW;%WGfG0DRTE@Isd3Rs6Oquv(Nr zeGo=JcZ86P(NEfKI!f4^ku&?Fm!NXnF=b z!Nk^6V}WR3PA(2z7rolHGZCM94rltWFbsEmk4f*Avbi{@Z5|?bd`r;u0dsv@_iQhL z3StT*PrVTN8O_BajbTSu%)@ODy#BBwB?rd>=A}IXoouP9#ePI()7@>v+a{R9O~ua@ z|8bM}pEm38-sy}bnGz3+tV1Z!HTk~}A0Irb#Q%J7aBvs@^H!dZANyqQJ~?K^BG-w9 z>+4^kko$Y2|LIc@=(@Zhpy5h4*F?qlOYQa^ec~UxHri)-M-`puok)hdJJp-EGxi$B z=mnV5VL5xY;$Mn+MutyF%%g(zDmTx2WEVF2SeZ+A&nn(W4efXV4$aJnDd1!Ah{F{d{sqNiKVffsrhZE{nU@4xC#pG6RyNz zR5QPXRsD_56SCvOxiDfEVO`ysE^Mj9R#KhswDkU$ zRhQ_8PwJ@F3gZTA&A3dJ7MX{afAt%#SYnDG53|7uWh?^VJd9G8Fz)$n=#rM zZzH{RYNR%}rhzIsW}D5kVhJtpI9($$v`~Og%Z;sjf7D2M75exDtu}$!tZ&)WcULs zfM=`e@Zs#I=Sn+r+1hgNl)=sCE6dx%QA&uUQkDlr&BtP&wpdyI>>&S3R&IK};HRgZP3M zGqEU0wg6i%URH&e?20!7_bz##=H{y6>V3^J^^PK0{l@j@l*j75_1ZCfC3ZE88_GA` zAU6oLzKK@pb^{#f3=H2NH6Ebf`3Q zt3W9&R_j2~3<$^K1*QCO2J7m8I}m}Xl}*ra6W-nFUW_2ji$&}m~+8vrOQ==7?yvjgFi3TR7-6$@lJPm2lZ{hQqTH#z(_ z*{hVV!Utw{N&Z-ff_YQ67~kBwX}V)$P1Mp(E{Lb9F>^{&C!oz}XOrc)Wx~OMxX>yQ zB1C{1hGdW;#0(%#wuPqbDX`I;6mTQ53jFT&|Erz|zyMIgps(BYb5nI{+Ruv>dhoFqrJ;%N7?W>?ugz=HDj!^t{y`j>)2vf6*fsQj zFnD}W_5XNy@ZgUAZ{yKu4(s`fW;aByUGVWHsM_UE=YzluTpMZ>ZVt(1U*9QsS_?{(l>fKD2#`E`Q^O(Sh-rsE(|uvtFwmR1_h(zh{n&S~qaa3>RWWEhc>Fsoy=JeNxsva!Zm=ex z81dwWw3FM^>aWUAuSov|E!bp{$WB7QYWg1>JU*!E{|^Uu_djmuaY>kFnJkTYCwh%f zm`}vFLl@VvEXa&O3S}o@)fGDH&lrspCMC3_Q~AQIA&J6E2MnD65t>F`Ho)Z(&dzu| zT-X1?P^uoUvwEa0E-wbxT+Fp?&l|xu91N4cgl~1b;dfNBH?)|MUd0yJ+ktt>89jLT zNG|5YQwl-Bv?s7$LU~d-i`GswE|9+Q8?&665FabME{IJu-)rv1;E^}__3j2~%0wta1{VA^pSLgZElGI!5A`m;Imcm}q@?uL{>yGL%!hI($ssZVxrS z=eaEY&WqWPSfzF3zKpV-owmy~28UB#JT=Mqz35lCG1P3Z4(e~n8aH&OYH-48p+k=r z4P+Gww6_H0t@G!5?a+K$iICnW{XS2#Me$^h715sC%ARB0uGJBX!d7xFoMV;Nn(J_? z%)soSRN1XA@WcxU-^c|>(@tQI-+jP)mC7S}1?7g_VQ^6IrPlSiNEUPUO5tS<;&t59 zhXGzWLguQr+Wdy3zBr9-){Ym}v{+j?r#wr~n+N{-`1H;3&#z9O9lbp|J^A^U4VH$@9~np8wW5j#^)6 zCHjdi^?_~mSuZ{M_NLnA95a^PhR}|x@q#rF3{J@ z_;i&#GFrhOOZ;e}s?PhX?V>iD)}59#?0TIDZw2qJ2vD7wv~xfGS}fYxI@%a?Ch|JJ zu;6`o{T|@N1$UY`{m@r{cyhQuUsLIVCVdlNv9Dvg zMavEq)xy{2tBc&Mn3ITUn6Pt}Jc-$OF};?g<8ZGpBIn$sOw!nD(+aF?wr$Bg0K)11 zug>hM>(pX9s6wqt&q1KA(MRggij4D2CCSm1ZCu?K3U1~<BF ze42`!ZPdrQ^S_6O4=eWngZ;yUJNy4_JX_=qE!5tQVcB4DF={DX;^yg;WHdShK{?Rz z(&Qooftbh{OA<0o#MmYl-h}{v1wYrpK+E?uje{+cvMKuCZDXP|rZcnr$DNS;oF+?% z@Sfq2AZ>lZQx*o{vy;=4LgXyiGQJAGK0P5Z&t(u!d9ero#o-6x_#gQm{MWpgP50D) z%%Ac+-76a!)97rGVf4`8ekd=p;C?u!XTkljn5*9+=hNW+e+{28Ht$f{TVzQHlhEgKOVjQ;rYv-e+cLCCVi|q|J#3bP`&>% zcsRK8|GkxGi#(mtbjlJj4URA%BgC$a;4P-VGnvaw;%Y8+sMY{7F+%7|!X+6~oo4pk zPmE=RmQ9y|G0zywXk^~2ZE%mJdxLO4+~3>T4Jf43c2xTnDyAw92X~83+ zttC8l8kTH+&hk*?(>?tp1i!s2VbIW^r9&)ds(>>^7$4u!UJhW5#rhjnoIi~dR^H1raH>CqR zrAMD>l^#GJpLI$P!UJbY17}M6k3P?o2A_XQ17}JlEj{cHJ`3VK`22|Xz(Kr$vr32k zgZ(a3Lb<+g94T?!gUy#hiQ0X=BYQ*iJLp5>&WOuJ81xVIi2wV4`#=6C@;sfjWOk|}MG+YgyX-;Dn6KAfD>hDHU&c&SUhlh{D zLj^tf^{^xK8e8oToZ0_6RL%m?vpOv+NX;7L9D^^m=ThupIurGyH>Zarkhst5!;F)Uv8TUSMjTGjc&C5sLz;7*vv+ zDM6wzkwxt_{V|)-b1oLSTE2$Wmp4uc2bK~J9Xhxc2^?w?*bfgq64?Kyea&s0aD^-i zksx`pQW2f#-IQR)C?{;aO|T2G-9MN}@WnD?nE33eh|Y3BqZx_E#@irl>d~JIspYj6XowXcr7k=o!2ueNpT@C zA)TQt1*J50@!Y1yE*5!;0)M$2Lp4MFd$cO!ek~PinFfC3r==UM;IQCvFxn-HG+|Pj ziS6pt(kAaT)A8qZp!lY_n4IxCxsSp=n~Z<;Jlc}kk3zJTU<%pEB2ml9J`@a89Ogjj zy%=L|K(!}m?AFPZF(vaK3y$kxbMlImFop6uLxCZgR?;0c%-LkE-nG<)b{)OqCSInS zv`J&!z`^wWj)Ku2C12eVT8p3?o~N6E0^gCW+d=A!@P)D&|rsghTVw(m358`&EHK+E#tBr#>Qeu#j#z07Ob{{Z%pf^ZxdzQmZ?0?74kDk4HzM=7N zt^M!t@!_MY{eLicd}sf^m1nE*5? ztOpQ+6QcC$-;h^L?^{Mx+`K;^b zixhGcJ6-zA0h3U)quAAGG@7$~PI(+mbDGV_%j19$xftVLnTX%L5iusAjk%I?)oQ%` z4&CfcF&xP|Z(JsEZI)1;zN_IEer9PL_)RHj^zCfk0dTCx@$Z3qaF0v%&c)Z?Nx%QM zO}i|6dqsI#@2#yl>?;>@q&lZWAHePPr~h#~)qy)yq1WsJ=&-LNz!PY@eVV4hD4|k5 zV-p;sLb+tP702NT zBw2b}8J}kf>LS2R-`S1vo-}!p0ASj9do?uBl`Dqe9o$=jIisoSofd=_WF}IPLjp4% zGmhr{>TIDm@-FTriUQ`iW(<;g!zO@xn%W+90pYw#~#?teyEq~t)W)|Gp zCF4bb=>TArB#~myh+L)xjS3zSxtQXR=JbpaMkOZJWd&Jex~xtuX-u&aGxYyd1_;+y zlHF3G0zpJoE-?#SMObXp(PAqYw1{BDd>e)_tb$SGT9CqMb?-bi`156A+$Hb)ln6K3 zmESVA6N zL3gdv0G5H3FZMFIASqh?%u@mDP_CX1xcRS}(#nnuIy!7dYE`0bSWF@Iq&#rLjZqSs zz%2nXW@@I0#4RHSy%0^N;Kybd+HRSoG-i>&HQ6Psh_oH{nKsz{2W(L4xTQ#bHO zr@X+pk?4iPC7gt5^Q^Oq<+_LDEj@!|FOca4FJK~4raa4(lByyNuQJ2b-P}N?}VlGv& zBByM^&(zO|COi`AS32eC2Y4lN7N<~<6;X_@^zl$UR)3zegym3aM)R@AVMzH@M6vF< z%uUf(zabaoDI)*SER=E51%f&?3*$HmXTpaMDfh9;dmpx>?RGxF+e9q~CT+ttaJJWO zTNl+?RyeZ$GBa#DN{I*5DM_eyKA<`x&6Dp;MIIKk>{AIF7 zq}XP^wq>23s_p!=taEDH-6i#pZZh)U?c^v(BSUh=SY}`5Y|6^L`(Q*}pf^RS-O#vFMDvQ_}D?9s9IK&r=kwbzk3W z7oB;$1A?6r-U`YS78CX%OK6I80Zd(U48@XX;sU)_01*w5s!}?Z3{L2TB@@d}Jchyx zJbXYA7tS6OS5mUB7b{n56onvSTu`18$&yK5HyM&Q*4mIPcL}v(9VpIP4i7+}(|!kW zNM3+(%j7Uwg5%OfN-F8uRKI4Je4dHCpeY>s&_oJr&;g_08AqvFPe9}`%Y#Ay)|08` z_TIRg_)Ak3xh5Vn^qTVci+5G8mxzcaGa-xNxBK7j_dL#`GlDiVm}YhW{O$C2?`kFx za__HZ{fiPXj`HFN*MIA|VvoxlEDgLA7X*}uxriCqIC2K^esLkloJBL5ayf^-auzT2 zX%B^alwiwKbz!@QwQ>DCBuitcXe}-wIbnJcJ%s?aEl()`>b9%qOG$qOa zW{w$&M4}yha2G5MOpXlT0A^dVMDa+=5tKGa5tLz<}^p$(Pm!#u}qiYBpgy1wxfeTpOy zzqa2|+tjYx4(3QsMa*oZGg%sQ5vVMjhGZ1tTYFg&I2Ah5RBfCA+#*w*FC?oUh`8q= z+Ec3ZLZhknY=Ya?3eBfEP0`4@EFEL#nMk#@9qrxvEP1Gqv&cn46h~*fzvdtB7yK1mmQ%Xa_6c%HMjt6?Vot0}GV1lzpdfddR;wI_U@FW-$_tUJ zo$@K3Fu1OdivH0Mrh%-hjY9CSB!*Kdjncs(jFwP(MQ1Hm&RyF8m=Cj@MM}bo7!j_! zxn>ilUA;}2vA|ZP9mw$n>!>JlK3*sx%quer5mtCS?5v+!37;EYk{622nLNIYJ|4dE zNq$sYm(epBl{{IRQv;_`A(V^&A2dtfwYDviiL|CtJ8On&sLki@Z*H2gpk=#{xtE>k zY9OwiwcgNixvR;FMebQyA^t?Yk19X+k@9d~0$%>;?;(mipbqG48&-bQ4z85Md@^A< zOC9c@mEY1{uasbSRE?R4OWOVa*n8XVwsGWNa9{IN;IGX8B+j*HOMXa??qu%Gq|-Cm zNzyq^dgk`__OT!lk{DBjnxO1x?B3752UP$FfTTp(vf`x07l}pU8HGZjQ1z=c*7I#{ zglH6j@|q^jc=|IAO8{BB?@WL(sWZW%eImGQY#fnataVTy6Z-z{In+JCpfI_q7^hN* zUeFxhkp3^f>R}R&OrT{zWsHlH=nY8f^c}5t?(dQ+B<~AzQ{XX0 V=x^-+DDalEc zg9Y=bmE*7jh2-Ba&fdL#_jgh`Xi{_{8NDjk0;-UVjd-T60rXNXq_})SQ{34!bCm4> z25H&-tGuXze=_3{u(*90Yw^+Y${*X@I<4-O-QXO`LnP9s`0aYm>ZOt{B| z)7%x$E@%dK)5crq!sA?6i99w%9QuSzk6M?=g?Echm{vinnYI%9@CHhr#E>B2?m_m~ z5sKv*63iCJ608=`-l*zj zSFIMnG~`_01>^0~n0;3F>}kb)lS>p;E&#eeZ0oFYqR_tGT>b9Eb7d3gBtt_U9s-aKAEzNB@5?h zQr0{dyNR!ZCd5vshMte?iI4|Z?LtAoa#B*eyLzN_An87fwL(EF;MW)i=e+JvVBOVI z&COGB@g&F4Emo7&h~>kH?XM;_LQ{5kDN|LNL85-`}S=`MKw!xre9vDH{Rct&f)6Elq zG!Mt4zDP!&a6&+ajGO$seCW6``+^k)7e=_+l`~b0kqZb#$G~+)hsTpwLwyhYYYHH) z&z)+1GNIW(-bE=pj{k7UaeRDVWO&4opWL{hN~vOJ;VC<7&>m>e)dDQ5n%R7A^#r3d zT$Bdh>J{{O&_Hzw21vMCz^e9 z9ip>k@Mr6|>sxfWhs`ugnk?YDz=&lsb0T*sIXgx$WHnRxWJ z2+x^GNC}dee#j+)N06&{{l$f(NVvyZ9WE@+v41LdakDjEGC(!e?j*-ta7SCl+Y{=q zJ#f_gmC~WTRA}co%gmhkW)x)xh?cl zvD|k-z_mAli#b(zYL{t}o|N00&b2x4&gHtdjX3Q82PjIL~?v z@(NP2fmS!ewo~?dn)h;Q=~_5$PCkuRGZPDwwt6vXAT1bomw_c}BFlp;hIna_iY9F5 zS`_=`U&CkN0aXY3bL(lmc_wxl09%DCF03n=z1;wo>F$)5sTE^)M|85l{+#xmZ#(xA zoPdiAxS@`Tmh@Jgn*ffw9b`H~CF2*Lp+Tq~Em5&m;eEEkVMQp8l+2X#Q!55TY(|xk zbi9vGO$nA&cH~-R;@%*Vk8N{B!80$h7iDCBILAB5V!luo4f%ttFNqXy?EOYkC61bD zite3Ir)pW2q9R;-{;R6&%-J0WmxNxkjQK=cv?i<8g21(&6y#s!;PF~0O-89m4k9B- z6z+&5P7UUSp>Hs$v!1Eh617|7S zjTw(3S^pv%b(iunVFqn#4Ud}>WKSAMs5mU4o8*r>OZf$bTnq71$HW`yMtY7hz$6MFBPWo`H5aiWNhqMqACi% zDGRrm{oY~-%m$J81rmu{1TxQH1fJ0#0@L2PNKD!4!6Nc4*d24@)MXx-+w3nMi%7ht zK?H3hNV@vq)Kwvwi~s*+i|LmC=QjEGqpQDoY$7)dWmNy!5;l8l;H<1Pw9GO?Cf4$S z<)2%-dhV2V_SlKI)hRal0h7t@j#cg^9-Cj^&QV^$1TKY?Q=!66t4spXD0~ld_19UA zX=b>e1O{FR&52tXIM5;aO)~|CrM=T*3=~laT>rlrO+-o#CRG`C-R3AfNuq5VRG|y5WDt;TRv0 z_{*L;{3?9`h^N)>+_|3X9H_Kv0w+F8sLwR(zj!D%|FnMP;<^5DJNL(#Az$frq-p~D z2>VN7+=6zSPic43$DE5eB$WM!nflI#fAScskqkn|&_9p1B?j~FI{U>?pn)fjY(v$D z+mFsViH`D1s+_4k7hKBJke-AJ=fq;#eWIW#N*MkFe{@>1xKcPg{3S&`=-jKonl({s zgcx+3bEa06yBK7% z$u$qqRFVlPV&m>-*dEqSTUSZ0q6&dAYUtTQfn#o zGD7}y9zR?8HF-6ejUudnqhP`~c%#UWIEk^eeDm2r^5MivT-@mWIk>>- zkAWj2r4pt1Kmk9uuIO+2i^Sx9_AYWkX8)rnQKGw@J$$B_d7rlcSB0Pj-pV3_mm0+y_DDPZ=31 zVN)5MmIk~B3_hm?H`<@P3(~V|HLTPvuw@Tw?$t;SIYNi{XB4(+9#ppgQyzJ-J!!v7 z{w=dzUl+HG`D6CE4f#`*Lij^<-`3~)+V%-G4fP=vUA;9|jt+n7xH9KpUF_MQ`I*4; z+zFes3tZ@n;kPQUGJEuCl+-`>W9{CAGnrdr|jA`Qp^rQBU!a3*8;G)7O|{ zr%JncX89Rsz(SGGyetBC^!RE0j0nKgxk+6A_d$r6ox7Nc{&AxW)zRWIX($3CALq)| z>YmTf)?xStQCh=^#>EGHK)ktiQ7z5ZWkvG+%O){TN5*rrC$inX3M{(?=x*YB^!q=@mvfRR+*9 z8U6Fo=9N*=9&RL=hmTp76{C3 zs6GC{@JRXdR!jy}`7N&^qbsZx)OlFh!bY2i;uWX0nH-n#bT4MkU&)95HodKCSfd3% zGPyOQXC4;0lB`(#qdnh_Y6e^GL%U9KbQr>DLaTWJDH%}1noVrmiyj`Rei^(oRMkpl z5~_KLLLWmTm=$c776Ss{I(YpWcFhVKA#zL{+ksh^eGJgE;x z^^lrIQr)$zX7qj`M#Za`N6TkxQq?)D^nB1?(<{sGRx?XIPLg}i<`f55p`L5fWS%eDQJSf zccEhzG^-@YfC)ZY0y?THlZP92XpR$L?c%i84(ko2>5dTLEARN8R%k%eCH<`n>R4-U z^+3qZv*YOgABJf~wFS;<@Az>mS61Wr#hpO|=P}jz{K%$2n)~xG^-p~U-9#3vgGF}k z;?iQ3R_^clawF|=^->X}3}7jlhZ_Q7_vF@L_GVg#rxi+iVQPowMJd(>xy&n#<*@OX^p`>e1&ZhP z*%RcvOPuBquGC+`w3`tI|2KPb0onlT*^jV|;FXxMg3tgG3s1jjF+I(tjmwLKRM~~~e^$VKscfA5+@7`Pmrc zs>%JHWp%zo=bZ}*@SyGXoje_0P%cZ|Y=-6Wp-$tZaWh&`x}%7QjkaEQ=L~3tUWn~~ z+*Dtd6b;$1)Nff2Yr^W_)u7o03;#5ZNYAtE0=$aAla$H~J;uF4Of%S8@bfdFN^nS* z?-uED*ey)_4)tQItjrE&-Q?Y1%{IY}l@M8Nd_D8cAS#bbzd+7j%Qw0RY*t$e7PdZO zL)gdsLaG{XLk`SEq z#3BD42hn{bW7sHVxQsS*sZvkejSohk7}MGu#MRxwcw(0}(EOM_A=vggdEs$`myE=! z8;W@x-39@c{5$wDRwSWKl8Jy}d!D0EFmYoURcf=ZfPe1%weNeUNpL}+QI*SMjcY}3 zfAPf8BJAU_Sq5Wpxh0H-i!$HBRK1RoV}(jlvjn?zHzSU#dK)%=aZ_CAwkZEQs788c z{#}~9Au4o{C4Ts#km%lGl6%Jd$gNL+*rt8RkfDZ;v}m5%qhRz>o5-<1=_#12_2`;=HnZA-8_S7H@< z&k9QK3Tof^44Z>PIWDAUV)@IBj;oa`Gqp@-r99ozjsMe1ig`GBX*k44VKJnH{u$Nr zZzo=@{l)qtL!;`#8Ex}Sh-1WgRaz~wu0)2vy;&0zMfCwUYWJ=7?e;kP#1k{}JFChY zFA&GM#T0}-seoxWn==HPvx!VhUCsPvCCIA3pK4t$50KEKA}SZ^-ZIrL&gHIf+9e3= zcET+9%>s_wxhBnVia8p8_IXqjHr$vL7*q4_& zqON@4AM+Gy^?SjLAMdm`pldVVt}a4XOt^Mcu6x>+jl2oB!l#x~SKceQR$mD_^f|7B zHRWCr`=FJ=Nkq1??r@Fz=b5HBuFlP}2d*`iS8Wlk$1=ixBqw|3&KE0yhJY9Z1{HEb z9w*_SUY+buEQBZJvD!|MUw_@^+C>9HjlB^B`ziza)OQ8=dH9}g^%dge-Cy)KJZwG~ z(kHzx81jj8VZ)MqVJ#TZo)D;&TfT72qQRM)r-p2NteUq@RvUZ4r&$#epLrw0qwzgQ z=;@Zs>M<*1ENOx_e?2dNE$Z+mMj@*;N;4S`D4HYgYGe<$Lu1nWaec52uF*75BdlBD zE|-|ciPLS^ZKXb&G16#*7wW)$Vi&sDi*VbpX7^5=3QLEo^U6iD+bC<=Bhgsta|hH) zTzh=+8~4{M+Oo1fz3Jxybs%wFdyr|^1JFKz4_c+?`#^mB>l^>pJJmgbg2&3x=Ggpd zc2HO?>LyMDf0fLY9O)|><*`e~p{lD3#-VKU(i!L8FGI$m)NAdbyO)v{I`^gPr|Qj~ z=8e`0>WxdCPT%vuO_9y3kJhi(Z5W{I7A^YV-M#;D-TUMUke}zw#qIdpi6b)&w2xx! z$l`p}QS!XrpS&JK-lE+(CYY&zp8z4QMvk`iZPBs(_eKaZCtV4)GtD}G%Dyt*osWC1 zKHJ(6lp09LKe49V5=%xUlb)(i z!BU*un5Cm?j5<(W;J>5US|Z%{TaH{nx*3bNO?R0)R7;ndncktx;-#{m6>13gP)Oo} zK<1v|oH`UYw+~;~nax*$Edu%t5cM12!1P%D46t*??e;qjo>zHG%AribQ(k%apk5EZ zkyJ#ZF{a8pSM~+1(*z42OTsZo{lhbx)NL4Ari3(-sbuwAUF+$nd+|>{zB=!1gXJwP zRLUNHC7v{AXV7f^Qt)}dE*w}G$oXhZIezPqLjWXRuTjcp1dss%5~4Gto?e3My+Hg? z6XYT)Txns_5XDkkA!$$Tr1E`aXke&LFqN$Tilx&ROAh(tsR?!}lo>`z@{^xZG3rwD z@?sY)EGu#BKk@SIr)_;Na{Ff+x6cU^X%zF@0JY;@`R73$U`}CS&gY0a;QTze^shvF z);>{O1avM1@|Y(7jPefT__!i7WafYr;*r)#5sKGXP$^_(TgYT^#XrTgRpw|)d@9YS zsO&Ua9EZPKH;&OE2hZEVA;C`khH12?3A}|OX6k#_y^tM!6wPFr-ga6$fXRJ5qqoq% zct*CCNFnlU@LyL6=hnXxaqc#L?X1hL$W`aKGilKEG)^e@RSawu&L*Ds zxzm*tqlC{yed^Z8+KDW)#c8LcR;>G1W?+EvGvcqk$~#_r+tOeD9tZcpf&C;r;PyD! z2e8WE$qGi}-Z`btU>8yW`htX2>LrEHSrKCzoa9p=-(!hF6)Ce~VuTX^h%}0YeKH9= zQiZvQxtb*YQECut*feOu!Z5n9LUrC-o>b!^tTG_M z@0LY=ENF(s==2+(Hc!usPHNmcwI3s9IB~qm!~YfT#XbQ+DMn- z@K1?}f>!BWK&b}rw5)9_0>zC0!xcZe$43DQmDJd^IBIp&O38)>)hT_M&N=a{`Ucff zEa^c8jK&Sroc1ptxxH_n_^`;D=I$8E zX{^%&q+4y)yu{RM*2yhtG|p`^B-J`KC~7Z*x8uUrKIp3ll7j@TEs{%)A=!p7B{nS# zE5zO(r3eSp`(m5k(Z=mEs%HnRr=UCfd}w^0^LcR&fhhEM$%h8FhL@l;FaFODCrvIu z_cxmnVCyZRK9nAuC?KDUYnNmd;=rV5V2qTDAPxnc8zWSDCd=7~*T;l?NIf=lp1LHi z0yF~#3y~n9Cy7wC!a_(p5wwZ)_=JaSP`LBr0tKL;>4pX?u1$CMb7`D-X3wPygVjJ= zy5CaB7i>0wAw5ErZaN(~Md+tPhx2^nE0gA1OlQ?NSiDgr8cT3~t&{ ziRPWV3=1O0FWnC)Dbn}PIF~hUTiK@2Nb=yE`z)riTqBuJR2r>dMnd6Y(!_yNp&^GN&}%n~M)M1lq1w7t}q245wy{ayh|9x8EmE zc}o1*|EK;_oPXsLFzMIV`JAD9IItr}qFUk{!XwqO{U1^x4r6#t?RliG9M{JRv4TUK z)!!MG>HE}OLzYa1{_ODA5JRhZ<@a?goDt#~bh>%%8&CA)%_wlTGy%(MQ)&{GnSoog`-r4aXdI!(!R@u9>CI zoYjufQ>SfGN?drg7bfM9tDxo_j^eA^5@uT2MFkl7mnu7J z+u-Hjzr6mk>7b(DSNsOE{^g`pWW288({n#j=>U zg7S9WlRlNaP0>!o1q3lKY#u&fWBvT(m5Ru(L$pb+&z5ATnZ%;T!yzD1A{=2WjA1p( zsQLkmKGZgyohC(l_jZexpVHB|&1mR;EuY=A=#)*SX;v6=G<&e+`~$du zK_;Iu=Q3%Rv3-5*9ExMytv#KY#$x@fvD4IAA!S9Y46vq?YCBddc1ly|k$bOm^Csh9 zCtGW85(|5FY&0K=1ptwb3^(t$=NyM#uPxlaHpW$Kf#85##*CAPd|tk$Pz_zq4+Tr? zxb#saZ*d6N#lt$2DEdP9s@}SS#7R%sl#|>%X=CE$#3`tupU|z%lSCo%`!2W@F8SQ? zLJ2CF^GwlSEtFAoBrg@Bmw~8;)0+Kd-#dQl?_m*jR5H!}Fs_-cozW+N&K7pFoQn1M zlunb_jE!RpDSrAb99M!7EV^#Ey66?rycC9~1*kxXf#^-f$MU&+`sSotb zSq9rRhbv;PU5zh`&AoQa-4G|`^++6Q zCwUqh)uysJG>cQ;n$t?$j(i%-9%Zfv^^ex7KEh98tk?a&waDC*i{1{N_nB(m9w3H; zxGM?84XeN|^iQ_b+N~Y9B>x7nq)pK|F!Tom5B{2tH+bP=rD;-vs;c}Ub^xmMR?GOj zU?0v@(x45Wch9+sA{Qoxjp3|f)m0KF+WHabd+SrcM-tr?BRS9n)?HE?T+wQ*a^e)b zP7+pKZQM8L@O|BFKohJDqpm){5d^L$nOqr3t8n7j?c63%1=dW=Im+2?YUEt)$Y&)b z)w7tI8vd3Vr{T`%o&MY+I9OMY6;0%lq5|_~oU|49Df5gP(qC%9jsx7fYRfw_j60}x zp-W5rL*|#Afq2!gEIAod9SynZw5=mIg(+u(yX|&ur5&&AnMAcG;7EAS$BOUr=64Z$ zM_G~~9&imEU_VMqwy%n#!JGKOK!OrQ?rJm~c1vl7oWHK}koqe=L8VFkOWi0R`QW=q zBe2LGowqp^r!eYiR_E*x%NGJVtYAxMOOdB683dvb6-F7znb@f8y+>*myS8b*>+}eae?!+pS!yc8w3~Q>Z2x zA#OJ8(&hLyx$Zr#>}fgu_F%)L2r^wfM%m6Cuk5jrt|ygCYCO2oZU1Xt_})9;P-6|; z_EhipKL=cVeAm*btusuF1p6AndVM09q_os8NEe!_^}2Ub02e3v=P(yaE`gr3Y&uT9 zA7DsA5H^xzSxMh?!Uf&q0xvt%MpEIMTT;L<7X<1AMbns;a#B{sCkgOtGu((G%}Bt9 zxK!fCocEKFAa-x2Xz58oD>P?+dtWB?S5$S<1{c{6XH#kB{Da%)YyNouInqD)m3)!p z8ZJbW?LV8M;;r@LV%0y0K{h1wi^Ko+YB71SQn=$ZYsOQI|Bzru9)bK*;B9#0Rpd?V z?mR8kzdJ~k(ajheF=_yqXswXp>NW_PWM(%(mI;Ro;j;jTVr#Ofr~ZJsKppg9pGZe4 znK8Uc$}?Wp@tRR$%Lo3sho06k{D{=xtnQV?uzfw&*C`@XOPSukU-31cdEYJMj=3F$gw(7eSpMFJtr4s-53)H zUqEV_?j`5INJW*e^z$T;HE=C|05@eFrbr(?s^Qc?V}0i51@mNwX913<$R6u94FmB= zfi6bjwibrVPH2Abxl$EU;$$mzFyXez(b91Sdh6u`x~c0^lA;B=fn5j{1T4wTD4Jxc zfhGtA2AL{Ms=c!m`=LX*bCPk4LlfoM!(hXUxD1WC@-nGTRmJefq3N(egluS`XCm#W zy>lkz<&I6s^4E4$g2eF@>0iU(;DLaIWqoE<&YVhccpaH+Y9c>jF{bvYa3h62ROu^> zcj;)1!FDRw(R>!Fn`Y7;%B6)b*klg`;8!zRK?wg(boT53DhFQTx8>CsrV$JFqt@(4 zNNMh&SocVu%yo-qn)owmk-fGALHL<-l(efF!S{-XJmEuk)p+j|G!NS0W@wrPySapo znjmTMqUAubtV9N?U3)?Go3mQUlaJpuhq-TLi+=v*j4MlzEP52sE^^({rgpuQt-)V!T)QWT zOJ`!Y#Rcx(9IUniuW@s)E_z$;bT#&YV;LWLW)09F$vHjfXZ=)*D=?l0J}H(OnLKUu z3N`Q|wwG*lnkkoWS%N?RoxJ6mGR^Gy%;A%(LUCrXwE+cqsrChO`8Rg|qtI#sS@4nh zk{Av}`+K$npp%)GoPwNgU9FzplHH9UCU6vu!J9jl^a%u3AKrRnP}t293c>VDf%g|{ z3B5pfx98ps&*b$5i-5;VdQLpcl;fokp_j-#kiuzd)reQr#~cHqpWoT0B|b?9^~HqH z4w6C`s(7(Ho_E|`z|Iur2)sA&o;z_8@UXQ_ zOHjo=Y_ExWXb~riy{keO{{VZ1C^Z@`gjeW~k+6pImpiKnv{%20TJ+~F=^1V`{6dVN zaN#_-XXOamf%)?HQf>gA;a`3Dx7>SNkT2s`Lj5i@`*poNM+isHL$sB}+stkxptuYx zhN>Ab6tFXSAI$st;{kjr9AgT4+rbYMBVTnRRRnolIVW|!;{fx5eTd&j{JgW+>C6X6ZHf2ykZrqBJ;KD&u&q1WsP=#QBi&I=XN^7s25nPO~!JJ zPL5YAs~ww6CE%Brn}wQ+c92=kXAgqz6u?`2-GGL*&7*R63>B%}MnfP| z+)AR*a@=`!Ap~@@?cJ(X`giw9W!ZD;gx^{PL-Xkq%_e?RC*2D*Tx)pKK^o$^*SXK9 zQn1IE5?+n2>17IvB@5DTixlPlw}${Wq%1z*v5W35NXy>Gwy%0Wkn`WGzx`=@%_C60 z5s@>;{q~DJRQ25tBbSD+xB4H>!#jI1zeBBkWsaP0Pc+y4+WE@Pt*z_J?yGlNc+32< zVb&A%^WNoe1y|P=tVdCe+=56`@#2@$MreNKL34Nl4}np8_MvzRpurd_Ys{T4^;0q* zB*zo((h=@ZMAgvmWu~J#D&SKKZmTDI2k@BJ5DUiCdeEPbmy4Tz$e(Y06KHo>KD*R) zj9hQlFcvu_t!IsBgmKCOa~)PkeVQXHdUjS*?k`qjKW1f8cn(Z71*6yG+1+Pb2F~3Y zj_3n7r{%xC0l^Hw%CWBKhuSEQf$!DNy^B9;d+b%;7|wil_IfvGOYZy=jw^XVR)70> zPy|H%{bY{=k)f=;f~yO;NhNLnq%!#Jx5Vhyw0R#J@`oN~aK8`smSY-4e8KGahq=(d zGlQGZuqu*~^P3vuNA4+m9(g?Xcm#q5geMt(_cUPtw?=l$d5Be6Zv6N<(+E5RxGA`O zZGSiK6P{UTGElpmB2G2Vf)aFnRmo4RLY#l@!Co-32ttB^CXhF^eoR;dqy7&Hjv4r<;P59m zM*Jj&oQA|6*in^QH>|j`(L0vu3WwXg(IbBsfD9g@Ut*2vGvJ<|pESrJjWPb;Boe6o zh&eD>z^#Ii2UQra5u`qtef#?x@N218ulx1(v$7F!m$jnG`1MVI{}LDf^}KiC^kNyv z4v;v2Y;KO;BUK>g&sNaNq=CYIcn!&#m;DKhS8g-`^BI>MKHiU%sx`4@FT^q$BRYxI z)jm`x;>>9bUblqDw3Ghiov3(;e~RAMq=S)`vi z3MR!b(8-V5-lFa>oC@3#vg>jR=j}ErPu+asMKMI;^%A8Wo%)7$L7T-!oQh1Re5M2; zC2|oY%-3nwDfsRq!I9%K61}+N4*5vmdq}=90B`p$jNdn-TWc8+<%MWtVi|2nVEIQx z5Ql$;Dtt0R=^dN&s{o+qYx|j!q)?3vdcVs{HSX*>@{>TzK&$QR=d@=voYkrg{UrNX zehs&^@Zk>M*2`ISxef$tuT4MWl4c5Sbd&K=-sNd9jsZ23g2 zYMPUOar+LK(F6PfOk!XL>ADSU#P_;1^;_{(QIJ~3BDl*8eJ6_j=vOW5sANznn)W?^ zL|F0C<*7OA<&8+`X=cAKNEX(KtICch`E~ZT${n<4=KqXuiu)+E6TRlLoO2sKpj8LD zKb;L_aR{`c0RC*Op10s;up7ZPK~~ucN^Ml&Tyolv6ig|%pC6>N9bXEGGpzq8LTf7l zYYra!s3F?=jdqr`L{x3+IPvJh2ZI56v*2~`=W}H|=aI5jkY0_|;$#|kk7k(%??xtU zwRY&zayX2(C)wHlM7hRkX{;Xgj_Oq6mhl=giu`>P9hs{&&H>;XT4`|xxw%X6=g-3e zGgqOsS`FkHt6C9A`U0V`5ui^U<{E9)njj^_ggTDlHKfE0+=uN!J7A(kuW9@9rT%kw zvP@6r!>zY} z?^QGgHilFKeKj=9hK6#oNhH9=GFm0RI>6+kOl+7)LE_c}U^&NuUgRIi^BE+c)N_&d zK_ZxA!9X~ux=FIqi*h##%D$wuOq9w(kg@IYOXdB>C6$rNhiBdrxzb#!z5>iTwM#vk zhyoS6Y6+i)015ohOY*csr}A)0VT{6Kby7BZov=C>{!fPaQDkP;F={IRsQ9`D@-&`R zrj#rE8%et?=H3zsTG$6-`>K8%G=1dj_OeS<5mrmL+OzsM;@rXV2CZWCS*y;T>loE0 zFRfE<(fdR086}VuIMPMkd%!T>GpE^OWC0xDE)UxMW(;;B)aqIumwe zL+m@*lo7Wi=6pcK_&SYy#0#k;kg@q2Ykuv8SV0(Pg@axJ5@m7FN5u zPa`>Ncbr(BLIoFv25%=}W6X?ZDy{IH7wLP~&b=%hhOpH5LJO^_(A#0cKt#I3w${G~ z2wrfxzI2)d*FHE@{<3vqI{HM43zn3NpQ$`vO)`%2zdgLlB@4a@g;;N~h-{^M>1uFK zkIi2mzYS)zb*4h1c}?4K3%raHBex6-yeUX3YXAo+*KPc47O^1n14*p%PeG5$93-9Y z0)C{|{%?|cUGEtm=R;Y!dRPU-@DbFEtV^xoa_ry?{d)|@-1lk3jK z3$Rb_^f!$7uw-4OMFep>{GEz{<@q&?2zhVAUv2|ehz3b>E6eHmtxtujd9&)hcZI55 zA*9beS8{U7k}&`D5j{I8#ZLllQA!NWZqb6Z2f3ffS~`4*0sU;6DK)PBi5U$y5twR~ zCjGTgN1z#Mux3gptD#V-U_58$Hn{~3ho!NXa!;wz=H8JP|8ekiOS zd&DyamCBByid=+H;>T)|cY-^y5R^OpP^1JEElj>z!cI*ZWZ@O61pLzBDKm%YS_;?w z`ds7N>?=Xh-8~(XZAoq^^ekz1zfuEbrtqfp78>gBd)i4ZH`IQR9Os`AdoRN)B`!UU z57oBEL`c$ftHQgbie32DL3dCHx&T4Mee`{05ga?CB1EbNCIk1dXaNM=t+J(*Emw6=gI3pVlp(*U0@d z77Fdu5(V5fwbwzKesIBaL$EQc)FXt*Cv|2~TE9@{kgWxBXR`4R=zOZ2o6Z{~KYB~p ze;;f$=X*T)6_#-xZeooQrf#8|S7+FtTPyZqQPR5t&4}v|KH}!4vWP@v4o9IzBFMec zDDsC~sBv9y>BLFr2-i9p&Gq{7BZjjYgU%(to?;<%tn(iW^d6Mfv}cn#oqj@2WhSfR zMoU+rwru3p!j-GG%8k8`raStdT5~h>h-8sXq{s?8L1vPE+gs!PRTiWQ7rz^JZ^#6C zb+j>_0v>lH+;>(B^+tQm@ncXm9K{P^)(n50;FDkPE?leEF^$=2Gz_CVB4KouX4Wsq z7>Gsww=&JNu>f7&uLHw35rYzxg_^%o^uiJ!{rIW0^2Stl^MKxa%)9t z%7I~^+SQ=OV{Y-6zlD_a#X)g`T- z)oATqc=-ylRzf{S#q}?9aU;wC9aRBJ;H&gTR}a_#(cB&L)d#OB5z%vBW7jk)7)PW2 zn+b}x{&jdl^$LB8ZLE6r#2ot;z6_tTI8fIr(QGl8Ej=k}3@ttB-6LKkH;|_Rj!P(hASm%)f%d)1A~{2p;$V;%r7|E!l{KjXQ|fjvOwzy zLkZFtJnhm2y^_+8&uI;sevkDG8RKHO9fs|!Ww=fYVFz&@ww|K09KjA{rS7MsS$j|0 zx6Ngg&djCkD(ONo>1I8e(zY6w8+*tyTf`v5R~aS|QuU&9x-un6fjR7`vCS>{tetU7 z=&FN|1VH*R-uSPx0Jbja7Vb`OZg;Q)LGmXB^f3nZ2U@H*{3^89W{t}%(W(l=FhB>m>N0<=xUXt@1 zdDbhtO_5~RW1b!V1m*_d+8&9P zV6d3CHq!SzwcNT)RuYV&nsy!k2)z%?95W~uuJ~J1gP_%$YuQqXxe_*?&LBfO5Rp``MhT?_e2OSR(nMD=>f-drDw&481 z=%yERa(piE_N4%+Wuf^5>3UcfEL=m%b8f$C+g0znA!hEw>Hv8su58oovF13ZC2Lwy z?G~$%4u}eLA4cdB+VgJ!Uq4=}0v8ZM#(-1oeyC1=Gol|m6wFHnl}R~WLZ0QhCb9zW z7UY59N-yIFqlm5In|LwBt(Rm$R70LY)#TCc-=ApE9<1E7*sUVhu-g7tU*-xLR0zP0 zrEnw6ilMkh$zgznY9eW;fRl7yUn zd&rilM3BuctvE+aVv)bDT*s;>` zw@GrHdpj2N)UJsP8n;LTxK&z%AXM^_b78Edk1XuXx0Nlr3AUakn!+|8XWp3$t-Kxn zD(00n5bCAp#aj)rR{gcad^Y-lu~zpvo7j)ckj}wuE84S_tQ(9u8ft8W@y);NGcv1~ zI$@c*U9cll*-|YPV{rOy>6-d5WPl+U^zBFtQO!IGA4 zTN48;*BRaqD;))1Ud>99oEjbR=9cxS0LA@!Tf)n0ZxJ>&wpHR4sm{a8#aPgrsR%QK zy=Nx^e+i`&p-NTLOJ) z8L!bA#2Z{&c1f>3cE8Q@zuk78ukE!;jO|`uweZhp|LQ^Dd3JWT3*Sd?(*D2|0?;03 zhNO$kSuHz7gTkTMO)Ri;a={}cd?fb^af|}$N0}0DUY`{%vT;V5GXSJyk#||=gvU*6 znsj$8lic~xnr-?8O}8_kSY?-uN+B+fCT_uT7ZWR8PG2ZoiFnT?n^G5LaPocYR*?3a zPgpCl6GJvra)-C|W`JFt<=%ypGo{_>7?_GZyq^~FyFt`$GbrZRanR4#DGy_YnRbfr zqUc{?QlHyyi_(vLA&qZ7;Y6Zit}c~G8hB(IVrja6!1^aw3A1oJG&tygWn zC?hxc4f~Vla6@{rhGOOmEFAR53BL*55BmrF;l4Y>E+|9dj7pq7^TNvez9e^ zM0NuoNPU`uRdKQouoOmV^QlOT(!UYUvJ`?} zgzj370&qbD2Uwv96zuKtf_n+az;tr25Echmf+-e8t0IYbSf!-X;7mF{*aLh4WDZhRJ0Ekon2;Nbq!M^?jdz%Z;O9#e&=%Xd z{EU5P81EXnbu$4CTC(c>BOXpaFDU9I@1ZC5^DPwiS&uAxH5vOK14a&iD8_2LsGI4l zN-rCw4}r0Yf~+s|PZ=8YDN#+PUxergGCOi$d z5llYT*;u`*DYg75q08|49?@%`K+d z`<i=BppC+fr__{Av#72kx z(YV?SYB5QU^;@{XO$pm?(hd+uPMW24TZ6faNQ=>+6ep(EUtnTgNystySqxVF0?u6? zRRC84-cIziU9oS6r5;r9bA|=QiScd%@$k|R8usjp3+&cOc%lASNbP23$in4XvO|@MF!|$~@FAb5F10XMLT(Eg!Yl4tgAkg+^N_u%G zWA7*JPN+Z`&#_*9%|$C%*)kDI|GHSjpVVETZp$cd7x8GGF^(X}t|VpT?qYN9<|NXU zn}P~k44qU)Iq_%4P2``x)vwLO3sNo(V$@g__bCnTsdyaaXT9GY#B=8xY;&vCQd&{8 zmj6Kt-)yaHE3vdCHqH@E#b{zz0K(tkZ;*X&>wQ z8q#48zvs#39i$L#A#0Q+Hskm?H0FDbf2c3fI}=mcmxRhyt%>JofdB4^Aoi3WWwFvh zuf%Sq1@p6%*3N0*jSdg0v&_c%h7<~YLkev|#}ShL#qTkgQ+R-L3mIMrT>h@Ddx+P` zy`P}^c7ELxp^)Y%K*CkEyMTe?&Z_h`Lit9pNJ@w4CO?V#?)!>l6Kpqr+rIKiD)wqB z4iPw0SM`#a@a15ViJg(!;LrKj!Q4%`E?5E7;6l_HrAQ@lTRUK9?4yyw(gJ9Fp}t`! z!0M@L&Ep>DvKq~n0|Ekp9)WnE4@H?jCc6MON{wmq$fUeKv{c`f_l#;)rdJ(RHL??29aFYIphaaeX6y}TZF z?0ZRkbBAXKsU%KjDx1ieip?mX>-YDYIzrx>LEPU80p^HEpb22Xm02Vz_YD zhBhoAm!XGQYcaSk%`lmuOhrIVcTH&`VV42b7ZyU7yIH~_$1kN_0@dEj}Nf^5!H)N0$ zNL!Rm1Q&z>Q|wU3m?yqNMhR0QXa1wce@bs^Apt_W4%O}zjYC%^o}vLYz)6O7(lXoG zTJF|C@D$|EdiK9oz0Shf*=ShyIrl=a&chM-hiiPU6B2LqTiWD}uoB*=r|AT)uB zDj6~+J^>FlYj3nQA`yfI{jJ=p!+}oWB+Y-S}mK3suoyf|<)(m;DDR465dn9|>%1A89ujgIY=M0b9xE zpMPoP3dYn!aVDv=heQIwv4WW%5f4g?#K-wc2!?tKF%L~Bls;K!Hwqvsq=Wn{=g#;hX#g`QI?)@7wMr%zo>wq-3XY;Etc5E}XT(U#EHHt#UE80L?<|o(qz-$NUyrj`SX!zaS68iaTlN59 zl?`CU{0$r`HzT(w+o%2uRy|%vDnAR^jJ9tu=oDrzyt$mOA}|TvJQV@W9H`uN`Q(b zAQR4n(k-ZC-tnA@k6po^Ci!Ph9rhnPwNNEZ)z4kU!o9r$2|Z1YQK&K=nU{VP$}cVg z#yc3wWD_4iBW=3FT0_d$+K?1zfc7nRfo*rIekEJpW}A%ug^v(#^3)2v!`U>2&G;Z_ z1v*05J?#;sDpYE8FjcgX7xFRW_4G6f|IsmUN9%(CaKs8dbjaCe0P9&3{MX%{;LxT_ zI;f>bFhS=bc{tRt8qlENoay%_%EBF+6apDC*;r(8$vI7N58AXOV^N}eD0gSADp>Ra*<cDe&H4wKK+pVpjO24N?Z;Ux*fk5w{GxoU*QpihUX*|3gmvg&QJgq&V}e&AYZEV zfXhPXsjgLZz;j&JkC)yX&+oqS4KMK}`|Dg7ZYx7HBS;!v9;z@#3QO#fl(H)t+6$;W zkpTMaA|WZMy(PBNn2+$?FFa;i2KF1)k@(&kJZS+%e^gsNQ=0iI9~v76#gE^McLr7B z*a&InpbLl}92+O=*iR(q?&q;=#!J_99X_#9B=Eh8l%3*eig|f{5CLI3$gkVlIsfbi z&{A>UYoYcPRgK486xgk(R>NU4tUX_|;1TPoWe4W@yWEtT^gtFfBS_ebv>=%Ro z!`DAJSJFRT;AbY8m=ik_+qNd0*v7=3IGNbCZQHhOdt%$ky}vup_p`NCyIcD&^zB>K z-S2Z==hk)4z5w9K_JXK3D^Y}%I7ri$IZxY9!#a!I9%m>922Z68tA>MT^cucAoyxPU zf||lS48xKoXGkT`@7oog4udmQo?ms!4}%n?L<=G5bXH^A!*TxF8bJ)gWeTWef5 z?=}p@Xz8;}n2;^CZQi*tef75%3Ng*{O06^G3s3v5js`{3-_XyLP4HXp@ zz_LEjp)NZYxl z%sKEdbx`V{9UA>hlA-#^Ba47Jg*0L^oje>>d<9*G)D5rQrU<8(Y!l`XwAyFv{*$cc6mOT$&H z@xWXoHGj?Vqf_|X1SY1ReQ#p<(qf0edD6R)Kg*iHW1b5M0qt`d^P#uv?95EJ^PUZE zfwd}7-DhP5T7Jxg@3QZSFB~nI(e$DXD)`jUn%cKU3}Wvty?QWwA+^PaWfjQg87ckqgHK8`0L2hjw<5Vfo) zQP;L3!iWh1I$U6NcjU3J3qm!lpyjz~Ph$BTYZ53At-WGY?BR}KVGK~y@K{QE z!SNRgU@`I~iz3qeal5SL0kLLk0D-WYYhN#9k`Xj(9p|Q;pQt&731fLG`tccEVwQO< zeXKMWR(w9z&)j&D&wRb@4( zxWj&aB57ba8Gp4xz+Wdi@Jr942gw?5mG&Za!EWYU=H9iv`d_`HiKbX|A{u_Q;sAii zC1yh;ViX!{DxSW}fY8ufr5Qb9AxwnWITOLqiF?M-qqA6gIDP#fbO4bx_962GLCFC4 zt>S9m&3N{A2h2W7xZz2Mi*b#;H_V{|MZQeRHkaBq2d3I1i$Rv(CKjAYzh z0>9cQ3H)a7iwqBf-5~+9W{?{ZM%Aw+gp(RpFMiJa2&0_S{GyPTB<$nQn|^174|Xqx zq#w{VkY!L5Oaq?0p%lm7H_lpV^X030u>!O%lxd@v)=`k7UKs}2T-X^&kq45F2XU8g&ew?9^me%YhTjUXUI6r$9{Tn!)*5B99OO)ymQ z&#Ik z!kaRT^WLJ*mztKH%;BAP-N1j)u(Q-|T`;d{qi37wIQ`c180;(B+xY z?((I=hmp4@N3Q?2Fzl-)bLEWuc=lr4)Z0FJgOoJIh%Ze!CX#lRX_b+p;nP?b-aIqh zb$qoLF@7PoJ(b;6RgIhMo-&Pz7qX+<@lr(KqS10zpS5OHwPSPNceN$K(=FQKE7kF- z2+437YMKyBI&#oXZJV*hNzC)q%|r+s;u|8hdb@n&pZLp06u0aX5dg&O0%FqBX7T^= zsmD`om#2}Q6I(RiMB$u608acyE&bfPL(xC8ndCRu{OcL(SwLr5-N*bfsh_N_k*|Zs zAWXnqj^p!^?&gcOtHAJtBh9EnY?g#;2evNLhw16tOi$s(<=UM;6?-wK& zd8ZoXL<~8C?~3t|C5uEwasfJ6L%5uof8@4skX< zjN75_>~QT&D9K#hFrV0@p82UWrhF63-+93xtG)1_=y@(7pW1i1pPjdFt=f7Dg0&Y+ zhrC;?fAZGdPWe%O%lzbIv2qEOetuKw0=tN20~xopAnwjk zany^`R&EOfeFE+BH7HP%pil;r6-I+?0UR)UdPjZ)kns`xq$p^U#9lpV>g{K%ELp$( znfB+4MZ$W-OnOYaO;U~{PqnAMjOuNhNSxk%ola3jOQolsDo&?Fu6JK0gVmS4vV%3z zk)B34waVWIh*cyPV*08mlV%8#rE94;>Z;r;SUa$&bD6=yzIk4gNcX**8RUepmnO?x zpt9e``_Nj)$~9n{)C)AfBrgU}j0riTE`UOZ=(T>toiooj4Cdr6uI$G(iSo6tTJ(Fm zFCjDaO&->!K&tFvs63v0i7!WaWf}{|VG7R`I=r}}6e6+WAY0VoV1+L{*JZv=x0>}s zm*RNynzvJXQ#>&EvrHgTVpdIbjz5^$jSN>Nfe!7h432 zM!4DsnxYv^XV79%`KsUUlrFVCbG&K*S-$oGB@k9yF7eZdZASSoU zd81fCH8ORMI2j|Gm_qYKt|vL^)U@Lp;lL2vX!5(bvrOi@Nu>w8n%%)b}Wgh2l}WCaiTd@q}^zp`&=dv z2~-?_@~%Fgt}*g1$30bi`XH%UO@imJf-0;@!ghW3cL1A4d+cCA4LClVdK_*m#ttuM zii#k85@Y1rkZW^&5!cF!bn-}uPU_pSg4wA-HNtv$oz-FnCG9@Zwxc#j=P z0ad8D0)H3Jzl&;BhXW*lN2;Ir^O^!PtIsrA-O7RDTnIL9qKNWE@U!+$Gpkfazvgqn z@L=ZJ<)DB3sL^yoRM0KvS=XL=ov(NRWIMm~KxVfuL)B&iU6FE}f4(r5l<)$ttN1v8 zDU=f;sk8=mS-QK;EDEg4U1_?*en<@VC%6a(5fRjq@fbMLOIipDli1%C;3+T8R0tz> zGzb#=Pw43KrKK#|Z^3v2D%8u$N7HM=`Ntup88mu0ZN>ELggQTlggni{?>Hb__3)-` z%oP&0Gy!rc)_#03$gR?^>Q^{^ zRU=gBqQHtPGIqC-IeDf0(){X?F8^oHQY5QpQAxO?bQTfDp0iy|t>9T|Zb_BTS}Xgu zl5eZ{%k>xG(>GiL>1^~93&fhmrzgn?Xk*K^$A*Xc^wsUGE^m9l(c^^rwLm8i@VFv} z{||&mA`y$gWfK13Y~)jpb)J(rpy5w~+HP+ilcJL}YhDig5!%#zJzxw|&Hj-9c&lGC zJ+0>hJo_LL^nQ7{8ro1lCIZ~1VB88FAF|kF2u{5ksqUnA~T;d$c0t+cT+f1p5F5a4qRnv^r4ogw`T4Tc0b$7(2# z>A&tD(9b!E)wy-T50{#Zhp{b(V#95KNNPp2I5b4vjQn1E2t<7)F`SWro!a=@!acQ0 z_*$b6H<(6v%2AptxpT!)P70&{^ifZA6r3OG~d{rgN4;hTq3!I#9Tlhns- z0dk+Y%kUQzr!S_D0~rv!(@Vnk5i8Bx8#PP*;mUCfWELsitFHjuuQ9b~G~B~Uh~7tz zEQMv>RwK;4v6Vd!5#(Ep;x72d39n%3w*3_H8Z0&ysySwn1Ttl#nx?GabY}7r+soNz zJsO(y*R#V*mr`rYpuTosX` zX8GF2rt<9cM@6$M3bURZ)8>Pc9aSN#W})7Qm)}}9o0x0$HsB7aH?Y6P5XK?rf|D}3 z5Bm4!SCkvxRlJ|K<1DHSTOdm4YZ@fAoc8JGk(T0<{?|B^;c5ZX^@>BV^#3L{Gz zkW!7C>d10P($Xr{r|<*&tKc+xd|BnM(7cOTizaMzQqBk2#0jr?*S|_v3Ec!-4ml6Z zro?Pv$7sp0Ut5W$629t|s+y1r$diiP@20dFtQiRpJFc}!r#>H%@=3lJyux7p?bS0^ z{DHC=3rZ`r5ffptira?5#e)0bz|%XRZTgxq11f-y0Dt|ysJYEpJPgFN%~-(WwUiMgAx;1l$C}apf^EP4xH{wy09$ zU_?^CU$Co}?Y-5`1zl0*4XaFyJQiXBgyQ(B6;0;&cTmpwt#BWjURm+P7`qv=B-sMf zV;Hi2#=Um|eOj(Wmwa8bHv$b20mZ29VPJNoXi&Mc*ymxJqWphgp`?_7i(uS42gWTrXGM zK@?PSt|y61k+$VP6T+mWw0hHHP%lU3xBsTGNnlFBXw_YLF_0Uo&9A7W-qHK=7sHUZ_Co zLRVTN+^Hx+Xi2e^kDzP8u+|X3#(ZC{&4#T&?Z9cN9A6*EoDY|_#;(Fccd(TNrs$iL z5k)nx!Cf8+dzKT2B*|k$uqfQLz9{6WbfpZsMK4+yBmZV#qDT5uAK4agL7OUaS=**P zeTdIVS~R%dbROFy`?~5z)rZQS;+WMjtUhw)baQql_5@jABYH0_UNPnV8Yz*-us>xZ zX)#Qi2j3bo$POYL>($zL*f9ZJj*xzu2a3|$Y=HI@S@mf_b@~E3mN&kK)u(d0W%2AO zdyC0cCc+_^*b3N$e0c8njfj+>x+vS0N`)~2g;EoZePsprfhLKCEz72j2^uKi{FnIl zLe0rz@J*Z`zqt6J-c~Hx=_BfD0(H&q@@C}F7_!_t9C=hJnyW4U_5_s-sY5Zbg1KVv zwxxYUDB&sSQ@H%nJ+bnkC#XmrlRNDA-~)QBT)6Ofu*T|0MUUOt+)vl-BMT z(!Vg~9@&yqGT*+Dv^!VG-Ts-3*lJ+sHl-^7mmG(faXmDHc82Ffst-R^6RDKo z@31P}Vo&ryR2Alt)HCTui;*-B)4gk=4As@IXuDmofd0b8sNLf;j{15}{d)Me?)mu` z_TiWF6pn%&J1wmi)S~r%>~#ZNdIvHIjHZolK&00_vB~Y9ZfbT_oNHJBHy-zUi1>Ne zL2l!rFvFK+cX8k4okh- zhGspgH&?9+Sg;^U1iW0E2DtLh@K*tQdl;|3hzE_%IPwTUf4bGYAa+Qh<~>E{da+XA%IA~A+&AwzlG=G3eNN>3LaWhx_ISPDlLe~O z{Ud*@Z9Wr5R_If{H2x_(toL2Mj&ap7=#amE>`5NI=Bs${36T&0xE`Oll>j%!9re$5 zcIgD#2MCmeRH6yT8n^@ImpjizOfdhxW4Wuix5O*KC5j)yJiomYo;vY>CG$ho1gi@| z3UlQ8$_A;2wu?L`*MDrWE1hspOJ)&TVDxAS@A5izaQ)JGkVGxHpAp`5*Qd?&U53kt^!5j z2hKrZRmhAz#E83tPD5V>!mNb~waq+i$DX1a0?cnVJh{|Y7TrKa8WB%|@K< zx??v8G+g_D5y+~GIJJ_d4HDOx;cN;(4~cr6&omu@MGzxHxMm}X#R7|voD8bb59HAKXA9- zDM6u9IuS@`G_aZbMzSG}FKKEpSw8gb!}KSY<6L+8Y^H8`jS7ruUTPEUyG^u1oHq(P zWj^<3k?QcYz2Qx)`cA7a|6d(V{+xR@P3*X0H|tbZ6N@eqj6oT)9RflZa8|u_ogi42 ziG$`8x>=+mPtu06KGN>JwuOuStD!%i^pUQ&WS$oj$OgsK5eZ~AJ_@2m$ZS#!Je9pkWI*fN2TgYE#222eLp@GP~O^1Bw>_m32^=Y@QRfYQhptr%kwB@fOMm> z$tr?D+S->={lvRjV;`F^7O5@%#2nfw*rr{v(!r*kYWbEm`@RlQUQXQ z9-M1$Jf|`o-IeGH;-j3WAK^770;3>X(6+iQcv`5@0_eC>=%p6pe}yG5nsi-Qz?z| z!{X|{m43(y$UX`}l8nE>c)FB|$sP1+t z6e2dY6XNpbriUGC>7lxTo^ptAfz0UtnunA>D~+@aL;t&AD0V~H_v>k^;n`T%qe(fko3Qh=5hPv+EDPoD$9XGm6J)Rs3oMG=+Ykszd$ z-P46-UyC6iyHDo1zAmFW@wF$P1~e;CJ^5hDko`4v!EQC(HfjO9pY2I9v(7%M7o>Y0 zO+3~KY{Z`J`!ggjWBsHJFKS=q&Adxa2%66yyCNKoeyq&itWSmuS7;jDCK~mA$~BS= z^QWBqMENnty5r!LZ~#U!6hRj2bG6Ffa*{Y+1M5*{-I{4~q+H!NF z!yibTtcyvb7A+OTkntOXOU!)S&nS@BAp?)a)t?s;sy>=b$3bJK)vlp%T~nmI-KHfA zt84Ju6_Z0Ur}%{>to-aZ)tQEd4O=%H#C+8~>oZ#&=9n+!(>q=Fzg~FFU@VD%Yf{y- z3}r-lw`rufVDXp;XzR|te^BJW`b=kZ2XJ%8^sW*sL+@Uyp`KxS@BFxh+@LS5KcNXs z!OZUVEBOMz>wdav(FY%Y5^EzOMcZ&dR^c{N3I6w?4~re+i=l0^&c zSf%VaCu4ks1!L6IYaZEYpW=l=fh^bzBaGk`rJ{Uk>T;{9GIvc(0^bpf#5Wt@XOY>R z%M8VG&mn`t7=&6DkVh8?IM#eN4goFB9lyQpQj5zDh-M>sXViIS7tu(UE2;kidm@{g zJE?LT?^_5^)e$)oo;>&;2$#lWQj`hlT^PP!G>b_PC`K!j%y1)R6Gp+(O7~m-NKtq= zNpFl1Ve{SUXMl!9xy6kuGKpv0fBu_yVht4JAA|IA^8h^9pcM?B@fUQBjfA&5uSG{z zxRi0jIdqj6@U_kZqL#yyDSmQ;yz~%ZPwv2~-2s)aKYX0rJYW7(%h2zDs+nYDMxet(uR0wW z>RQ{o`-m31-St1j?(e=hthJ#xGJtG&#NeeBe{(_W+LXkvN&^R<^6^_8n;&ZLzUxp3 z9ZyzeH9&4$TA+Oy!e) z;?n{6oH;$c0{HOCM*&s_TP*+odT)M@HA|{30ze{X>2sht7SMuMe&~&;?&M-<vUREj#f{;o zSX^tPZZDw^Szq&%#Ng-S5pv17C3dKZF>!-^a=`GPRq3!Tnnux7XpMy4x^llP)Q^AS zHmyR-2LMtJy{cNj4C~>-aQkzuN>B0qy=PmeWQ)28nm2FU@7M)bOwVu0(zY_ks{R@uPx@HW`2UdnCG$7m7SR{XF5g(p-gNTcAkF%TEgP;^Ur-0a{%+Atr#`l+ZFjM~xEp?7avl^I1HAzO zCS0q`ma2Zgo6KA9!28$5Z6<3p{(6WU9%Jnoyas_=CPEK3iqE$R9W$KIEC54WcHlr* zHe;03NU)^DG}Gk4aW}p`kqhMuqEyl1nRKhdV$VHwNAS0as?io^T6_>1cSr6R>`<{Q z#se{3pj9?X(eQVBTcx=18_lgak|gPp62x1cOl{E@_N20nG+p5Xqz`dbMUgYQ;q|GP zSkhu0tA6E&0cNsu#xbg75E?hwS)w$B`{d*FQX>eUUkAp>Pdxc_C4{`h;JKsoYjO6< zeZ5VUBX?OQZPW66sS$0qk2&j|dCoK=7#KiJm;H!*Ukfy}m{)vX_rRDa7v*sj`1whO zSYtlyNw7aYlbvEeORg7Cb3^jc&ZsjAH8qdqyt*jY!J z4N~~Oy9_C@;wrG$nmTEfRmLG;%rv%u;`(RBeb?EPh-Zsz_;&gsd+{lo`6=rJ zcNp>Ax6jI>d_J$c+j+}rVmLi|x``|wdOKJqeeNVfSz4ge-_0`i`JxP+xoS(^NGM9J zs4nrWxzYQ(HHR8AX_ZO>I`pT?W%tht*<9vP(?u|_2LD50)kPmI?YvD#OJ^-}3PE&q z$_yWBd&2j>4Sy<|AheRn*!r4C;Ue6Z=6mBqGdWLFpALxBQq{yqY>t#CgwIbsOu~b@ zGjWbqgRG|w0*WagHu>dI51*xMrG^=ItsBv0zVi^db4HN-VnPs=`8H-6#4S2xv~NUK zDT7+YM2e(gIaEEqm(ImlpkVxXgVC+p-m+1@+c%xXWnpp9DlKGM5NgVF&`|OfFfw&t zQMYb->nMm(5Yu9<(cgw@dqK4_bR+uhtPF8N|XR~gX6H{vp@-1kg`jpHjmFo(; zHfIgY?N4W&%0xR5pD4jw$JAdAz9P zk!|)cj*x)LxFMtzEQ{H3efZAYbm{pM=J4l?7o}v5)w!sjU)tFyei3jZ=*yr4@ya3* zJK+u+=_lPU`5~ld&ZkCe-t6<)B~yekQj^EY*}TZR;uPE=*Y`~%~LPGyX1B9aZkFsvws;#U7!OYt!csAs7>=Ly)Z z2urp-xsDTDEK2sYt`b2u>=r%7l(*mx2qY$LrT^I}uUP}l9Ootdp-Wp5V<;r}V#N+O z32`0P)KdpjgUs*Q=|I-yC_zI8|7k>RT-K4OTfX8PS!J%waE}S@Blo`q%EhQWP*?@QZfChu|q%?&p)f z1oBf3o_jbzzZYjI3g47~9E}k24uw&_tG|gtu)#fJ>xUr}#{-m`fRgSfRNgsNOFVo< zxm{hhsUWq@(aG$vP*K{7I> z;PJ9&r>60=tFlF!`dR)wN{z#Jc*f>y5eciW4r%5zLb`M+Uv9=pX#Km2JEV6x5p0^s zHT?hd%(E;Kcj_LgqTO+#>kNcz&^K!*kJmA1W!iO3@$<3IydCt&he!ABt;RuOtpSNH zb1**zyOWSdqSWQ-1XnrJ%+sS#Rx+JMf`SQ(!AYgT)Ijh=mNal%K;O|4v$B zUiBgU4~lytOvo|E9$WrDC=M5T`1Uih)y0$Eqa_IYLfuj3;RKj8v%6Yuz(%=92rG{` zSV=DjDU_Tqoazi`sM@|&eLQG>>7HVUpIKJHVK>f#I~#fQin$IG-yc_Qh^b~8oPnp_ z1zuB!UQRH5w~=W2`C|kY$B}GfHo!(uhLmC=t~n#8L+${yXBe%)R|%_mufCnL+y{Jh zRnOh0OGlW=k(Z@hteaTzZ}1KRUwJWA=~6tCDYGIc zx`+v-r(>?k&F7Tu7N=mPJ|Ir(%?#4w#C|?^>1!bIr^j^&)1w<}YwnH`lX&h@ zweNc{O8lX4;5^R!fiIUCzXs15>Wg5S=2=mkIQLVsx}@RJzZSXxEHC(oR4qzBAj?0M zTxvX!$?>Tx2HYWsgJ7o|^C5*PW4HZqIL9q$;k84W_$3DE6h^g>HOuvJ$Hs;O%Q<6b zaUXpqo1xo+=6g|$Du{_=tkFQQkv+w#r#FRwov^|E%3n`VrvZ95X%KzN%SYWRY)vji zutp)L8JM>U3=j*0MFbBelqA(4;F(k?tMY%K&85mfa;f^1>17z0ooXgLpoiVJE|K{W zE!Ji$-qXNv(hD!@v!d`nB@UF$pNwD(`+q5MilzT4apX{rq&Jdqh008Hz6lYiG>{V< zQt>w2Iv1M<*rfRM;XJH$blr3FCgtzeDF2jxpgvD9xBGGS9i#y)?kTikXsu~s2*%TPdd zV+N%ZdAIw7U<&s208d`1@{s+45Gf7d@S{V!**TbwQm2MLk}JIB6)Age8S><{@v3aa z3foa7@i|dX_AI>i=C?4+^^*uyO5dX497^f~z$5H!`o~){zZHfw)3@dAT)KYL>eeI zWeAG>=w+Yvi4W#OY;bqQRwUm2(Y*Kx1lV%}?xn7Y0r%qBaBuQ%LJ#Qz2|wZ9z2PYo z%2g&{$EQ}x*3N%!hvBdx=MKYJ-j?vK!t7>#;Zp{CKS)?eTMK4u*`L zgUS|LHbgP4G(;?;0^CYP3K%|itaS*Q z#{MwkX%qp=;hmycue6h2E|jh?49%E;nVv;Tpfxd&fB<9PC;K8tVAKcCz5GD1E&CD$ z3w39S1!YZ!|GKtkTQQl|<)0E4b@HCDw)|S@2Y|$zzWFE-2}IZIBYC~9r2-OM5#jUC z0{>kb^*?UOs9p6lDw#Y4HPw)IR4R|M1?QpvIdLwGa7LHOq-Blej><`=HeqsFOPX|% z=*S0FI^luPR(gSf&_8{9ik&caH`qIKAM|6&7;h_sfTEdbJotB-I!6HbSKyfa7~uTj zp$}-rD(|-yxNd|Yx>CwM^zOEsoyU~wbXn#8wgUni|RP=1Ge&3LuRODrTr^y0(4U$PfsiswTv?M%h-ELu!Gu# z3#-1W6@hURv5vGCj0p{4S@Y_M?e(7Cbfi`+1V`2bGLl*)r=< zAsF@|m9(6I0p0SOxKZ*@Q@0iKUvBQZjj&o?j|OR1lEX;wXqXw{}8{G?U(=sc}%C5L0^Bo1rU-fT#V(c=55X0;`-XiocAi?&Ve zsV5b+u446e`ET>7Y9&s1=B^+$7~A$a>>$Ih89$2=nSC?`e{m?O;-bre*aj*euS!W; zBj>6P>KDN=FftmCpcgX}h%6UzD~KdV_|e1pu(|l=Gja;aaG~4TBTKr}z4Ll3J!4n# zg!|boTk*VkzJY6|opbFu6@KyPar4ql;R*ccn#iqcbY3m&8dtx4svc?Q*@*m8Siv|q z%u=BAL01oA;zrHB@IgV;< zC+fxN6>JN4S$5s1pZya6F>`Mj34EQKv(_FI?k1CA{D)pMeeuoKPFCO zQayHdkKEY(q4~EcS_9dh1x09TEfsiKjEn_GX5g*HIQ+M%ep+$R3uEOo8&W4dY6G)v z?}pU4_#PH!uFwPU;^m+!QOpg2{V+E4KvWT%b>}`u-?M$xZM>8I4uL7|<9#jYfU*C6 z#IP9}`1gk2=Vr$V8L-4ivCsb+1E8+{+tr!(g+Ol_l?9HJqI0CXRjzXc;H&p1=F^%6 zcx1u#L2F~b% zlAskW*Ls~jHzj@k0_mr~lfoAL2O!_NAfH<x`_{Q0S#le@lpm5#e6f=<%nU^Naw1LSK z3CwgB6z`C`RciNy>cWNt6P29Wx12ZQj8~(b^OjK5?Hy+3^m^C~Q3;wkLQ}A?Bd#uUfkG#w0p0E#$g zo(?}A(BPBR1Dy481iV2m_mRT{)qM-LF`hPaJL${Jy(zo)*q(@#ahp^Yep9udH2#Lc zT)T5EPo9KCSt4Pswrz3%%m;RL5OO4YrI@kvnfVm>$>Qyo1cd# zfMYonA+$2{7n2EPQNJDg>FCfBhBO%(OW_0~n}q4e6ky;$eJ>;^q$CbGOy6ZpM{Jn9 zure;h4r{m}v>1lF+@f=4<{xF6T>ryfgg1xst0H2FyZKV&@!UQcDky>Gd^g;RS=17ME(dM99&bL&)Z5IQ>_GCe@5J^gD4zvK0;UfWnI`bhGEPTB#o7? zGSrFP4KjmbkcExG54_TRpH zuj91se>6FmaZgT=rqJNCxtSr|Vm!z}e}o%etb9Cyf_0dBV@;fH)MYxd4s=1D(r?0C zlW*DmV*>SJk(nDKASMn&eeMCdeP9Nk;IzcVNj#~%5Sp89snD0HL~neM&c6zMyTYKx zO9eH)3A_AY%!6qp%vc_Lq*>AGpP1jDNkO?n z>D!yhq!2`pER$D^xMrij)Ook~wx(oN=u_#l4+7}f0%fL|I`u1B0*gfYTsOh?kj1WagfL@G9Zm{?;R?;_;9UmPT2 zT&U&R152dDNXTIzW#{a|^Nv&q8{iCfHcw(W-7hq)D$;((4bdfhFPEUuJVC^KJ2N+a zbf$1W#H*G^)FSnLsU--Ri*C_5buoWFx`e*F+J|-k9I4-3->VbpV;7Rp$BwgdEw%Jf zg!rcjB4NgHXdJ-BTCBm;I%&tG42a_L&izy3_&`b=QaocfX13M>C-zyTI=?MLzep$9 zIo9_8O+NG2>Y2n*axV=z#PPRU_3kJ}uAQ{r0XM3|8^Q!{F8}un9mrxKT|<1K$EZ(B z14i&##D^yKV*T9D@0e7LOUm9T5oQVp6$@RbQgBk)@8<$`SloeEYaE79rlE|`mf7d6 zRCP<2XnW|@edSJ7Xqe>V{iFseilAd0v`Pq;3d~9HojUk$bPz6!@@rg)KZijvjfKR> zgl`kUXj^dptmz5oQrOJ@khqxDl;0@KASA97UF0h8JARY~P04>qoC}`SrA2#HJkhs3G>4~ZN4hs5pc?w^j)fsnWW&GP>tad?SldXR>@ZokLSQ;*EZO!ZCk zJysEo;^y2&J*zk$LKLYeml0nQgX?m{{GQX0_2h)V8F1DW(f=|y<*|&e7lCd{my{|k zLxF+;$CYY@VP(jG-M1ev`Li!GdS+C0=K7VNx@0o{ zgdnDW?<2AkziV%;BM}zU>_a>0Y9CxH5bbn+P!(2hzZlbX=>WPf@s;P-R?xI=c#I>#pTK>U*T~N_o@^;c$F2Jp-x#!{KnnKsa2Yk1{I=hl_C+fBQnDSHFntzO&&S z5#71&M5pgYZ_MKVQ0%n+`;uIv7{Wxr16Z$S6Um*CR8bqW^@F^+)a>%YAdQkE}af;K7jq)1)w9T0aW#NJrDxoqo-sN?yTfo(Gi2f3MSVBb5|9p;{!fR)ExH?; z2U|t{PltoWOA2ABMNEZSR{~R6Rgn!gB|GFJ{nqhIv1nLJU&_nmu`z>Po-`fNZ~1F| zD=VVuLY&__F0VcKms0Nw3?02wBwiiYIReB)k)iGy_I7FV)Csnp>>lr=>#wcONEVT} zmR_G?No|i*_*g3bp>KSOx0gD7_%@q8U62s}T5F0ehV+Sd*WYQL_{x`*%|SF+zNmE4~KJ-Zs1iWP>NjthJczJ!oWGo>d@gf z6|P)XxZv=f6NG;;e)&@zYEB+>)&Xqs&75}TV)-R3T_W{qc>+$O6%a&wia_Qy^?nzM z^tHNVi`EL^{}&Et`+qo`JEd>GG3MJB^l>YQD3|X-#}54V166KUV#eTRCr}p=l^+hT z)eDskiL-jjkC<)cU^GzM*t|EGK|ZFAjWZ3J@ZSCu3^+d?=UaZAMYNHn_zKZOG}BB} zkQ(fDhA7gWkgqFB8sxtrWU|fM#@|&i8TgqJmXl_e8(f;h#xPD;#)({u!-EbkvNR+rH!Da0NE&JltpQfaE{8*?9{~r!F5&%U}BBq_N2^AP!O#|tH zR7;Ghzvo>h=)B$O;|@4onlNMB*6DnCxR2219S6q{jVSR<&nU!Abej=3Q$vp#I&NWs z!X;J_OtJ2k!GmMAD%(TDwEBrIW>vMhG1LFe>l=KhEt5oTK2~f|AnI#V^KeJbS|&Dv z8h{tI$}dKG@;Q=La&pe041aI<;7*0!k1KL9c9toLtYFweg(-dAS|5!|E!rF#wt$9% zUY=^3C8KWM%@z%LHbd0cUsTA0=hs>$0;RPZHM+h^%M0^8)V;q%+VSVO*}=VxG0H6# z?W|`guD65v3O@dnSdrY_8VTXA)PSb&)bB%5)a$6njo!n<9Nt?==xa%4;ZVl=D>D}2 z`uDr%89drvO|?9_)epfoDx}^7=CxkX9Oaj;F7Rh2NJqss)lIqTCLD%5HSLyu-+y9k zGjV7#b-=UmJ3{@R4Ht?h!qV_dToDZ#9?=eN*xk04Lw@6)>fJzHp*?2x!nD&SaWI0~ zc|xQ$iC*JwaVf~YB9DD+|IoA7WL_1=_1tu(XHr)aS2@Sq6IgzbUn~}g5e&PgA7NB6 z4t3@=_@52O^*1;0wB*l322a<|F=@G9wyTSRfSbkthrN3WlC=B&1>a@cwr$(CZL`a+ z>OvR0y1H!JwrzCTw#}S;-`|`$XD%jU&P1GvbMeoMyvdu4Co`Yid+qP~EWBszV5Ju3 zANp=J*zUMTjF$>DQg9JLYjb}@`L*pxyTDpvZ5^7D;PQse)V~N4Z&phA-2Eyb`QA8-SVeoe@<{u zSZ!70JbmdF;}_ihEV4^w8$4vc|6C%OB+TaHuNVgS0`@*$&#|J-0G|NNVZb>75fKsk z9)N(55MOW*us+xj)?!{A)o^zPUj4V4#yLd?Kknw{7ui0BL4@8diR8g%Tq7-v<%_ygcpFrp8Z7)HG? zAupaU1r#I|R5(1H6I_4A@vn!i$Du-lwOh6lX(z{Y9O&Y-Ps;R0@1i%rWRNne|Gc4z zJxzt+Ar>GYHoWFYgqAEp?u_-9(Z;R!8kM!HNj8w^*4o|GH-QXK3Wr~2E^rZEApT&w zvIOJI(;~?!GNhr5RbsS8p7KXMI_89~2SDWx7SMT`Ef zTY>I|pBy9ye-FB<-|xQm78+xNB~Y|?%L*DKn*or-vWKeu<& z>2KtqmzXI?@U?HRUyD>1aN?_zSaf@4{5+x;R4l(5U?%$WP80{Y4_t((uy=iW$=ZZV zB^h|>8klG)>{#RnKyXRFIojn|ZnO2N&{U>ohOYOf9d9NC?p4TfVjU!RhKNPI-Rc8< zIF=dPoAvD>`d6vzYu~$`?UokhEg+D5Y3p+NzOm`X6*3nNXj^0M`wEdYObP#_m|HX~eSS$er znDlgjX16SeaU{`gry&TKBs646kH@zh>cH>EqDOO8{w1!_*J%Ot;aY$`99k7Ro}28U zLRu>3LGnsqMP!GAHpCq!Y<8ORkKfw?v`$C}^e4t6AcGAsu_F*lZyV-P1#NNcd5!P1 zfEdgCIv9uwKemXw#`cI7oWtAoI9kutey5(}7uP=4{nJ8r%C*?7xXE49hp-AG$-j&} z^p#4dh~^ofJ_T8CaRZ=@wjCSR10|fFX=fN+wm)24=@Grm#jqc<1?D(+#K#v@ho=uv!&(w-e-6QoN`5=&ouMch(2G$H4h{I~BEg(CX3g5YSFB{j0w92M~yBxHU|kCm};2fu#zks-*;ze(|m|y9v zUCf4a*miW?>{7Btex;3_4W0gf^$4u1knxZb!Zf@SG0MHY|1jsXeaz5l0);pM6V!i% zI9LQQE}7g4!m(Dv7X#70xy)aU@>@MDGUwBiMjeG<0{;qe1LC+X5m9550;|$(A=lo= zw6eR#jv=_gDY>I*oC@Ijfb_2P5i$bnKGjx>r>XjVyANEIFLOk)Y!!+n?i1K=sdyBu@nc30zCz7Yc?@}i; zv(fnn6i+uYNm=9@AkC`h!_;u6pnpY_E^DAP24h0}vJ{?D9>0Jp?SF*E3CXwl`U&kb zW~_Z>o3R1SEc%nNY@`Y*8jhzZ1-^x#YeYsmXv>qy7-d3vs*GI0Vn>K!w%&H0O!q7D zg&W`0=7D?HOLS?4`1jZ|=JzzPj0yaggA!&-^UQf>N^fi7nT~&nxQncyNC9`@{?VXs z{~_We5NZ40Z7{*x+8dEFd8+aV@dih~H9rBfXVXW7mLU>kg*5(9)oT8OyMdPQu3ie0 zvAxwaXJRNrNNZx4Cbt zUuI&8C$Y55t`nvX^WeW78xqJ$muq%bcYnsepC^X5X;eZ!ALGOd1s2m}g{uq-h+5ht zBDvsOx+b^=g@stQf&UtDSyNU?ndJ!SqkjQ5+zCZb+)TZPM}>uGcce#pK{KXmNytSn zStQB&>Wr^!B}T;*P2o?oQF|XeD}H|Zj@K@K(2oJg1UvQHe@VOsBK>-j`vBY=1OuG* zR^dI7M&!+{#N|)=ZpT)4ZvvlwAw47c6b$V4ffPjy7_;;9_|L;3{`xu|Gv+q#GY-5F zDv5A=5bFA|mFwx_?Cf?YR3ar+(C2b}(2LiQDiSisHqWyn#C>r^h=M+{^0oef~aKo)-tU(@l+S|rKE_Y81)e7bwdnrI9Mg!Wc0R+_*a7i zNy*AZSH()Ai?viycgHxyK+6>Mx6iE-`KgqhhZTO<4taH$dc4dbcjj57y(lStBJp9hI1#m#oN`_ zYG(X`(i?5Kvky4=m6OdELPN>!;-JLWzagjUL3`6Rk49^s7pY4AU_9wjoo3@1raO7$ zaI=N9kxWxS^AoA9@np}){4MahM&L0N^nC$zLE$^nj@&)}Aajr*Z|+V{tHgm(0BHi2 z?8N+Kf)OQrqEMTus?GPmVNN)h_xyOAB;ICklml`)s9|EX)6z=20dNy}9+|SI#Z`Vk z%fX&ueS68jq4Zdz=eg>y!I>jtzV++s-O9>oVl2Dza#2T_U}$ z6FL)K{?&GCI-ivhI~Ij!S?*4zo0`WCY&xGD_dBF47+*IqZv2be0=py|WFF?};KP{C z)RahIYhV0kxQR9B7r9g;B9TLCS8sUYCGXlv1o1;@d{PjCckYBqNV0;5WfTE||5^ zRAD_FwE=NUzQ1;d#5|>yKbNsR$`FBFod*M7OXMMR;}GFl)##eL)#7zZ|GKGDE1nG- zJi00v=fT<;iRKkUEtPm`K3~keaT+L(09+@-#ryBNNG7-MSZcn-Z-4HwD^8&_O)f;qZZc0*Bp zC8?6#xX@Rj-C*F-mJDnHY51*Fg4z^XAs>_>9XlE$k!j+y+yNZEqZT{!jz5os-xZ5N zWv~*t`wnFsu|0W8gD8#9rb*O~9kwq|?haM{trY&bADb!7_{Uz|)B7La;?z{PKgJWi zcYJKu-F5nW`jb#`oZ-CbmT}S6y;0cZh`x#74X191s-+3r2cdzPk*`64b;`9t_T@gF z=0ysy!8A!)W+b29_ z=}5YtO#*ZmfE>4{2znb&j9O_xpr7&`K!`VB1;BN;v2h_lskQq6U)dvRGFb23pMBO# zY?Z1fEhQ>2LQkfz2O*1Thk63}y{#bsx(nkG{Zf`hTMNQaLkgD-MGf!!x_UUZ9=5%^ zhyW%Gq>$uZ4owb4uJD=nDZL;T5ro|3wg*U;fqNA{^CrIA7G6B3+Y!1FNGU>Sq4OTF z4h5+w23oK#+Ilc~^H4U%twi`U|tQdowfh0?o+95Q3|u*=sYtA(DN# z`pZ&zo_&G8^X)-4cCZ26+l{013MuJ?qzb02dk!AUWFX5@C)Gr>VfVn0fh5k_fbK=% zsKpuNnpr9}$9S%kuHR)c#F2V1rs&xih7QubMdRbCp;BkmeG1(&%{6;7N1{>cd&}Z` z_sPLpB(+O<4fg#DH$7fi zF_L<|-aZ_IY0vzo7IHBEG^$9QI&bclDiFFpXqT**o`}2 zuynpezLbr|tK8;18#97TRE}fdSALdMM$3yzOss?%nR4QX$jJBo%Al0_u1gxR{3ZPL zLe_)XDYiD^hRKrDA4y44$|g_!fQI57r?Kd zKLQsWj292OH1MSPELeM`RC{EbOWJG)`n^LFpD*3%|D@*OFgQvly`I?JeXFjF=ZF+Z zmcRaL8g<$KWzJmMCN}Z#_#F`T0XTVRBnRYN2;BgLpa4X@b+b2bfGMbR)2q!7+d}v9 zn?=tMgvd|1O&9E|rnT-oHBlS*zmSiwXB)palcCDP)8U@07eoy!8|8=o$}c`*QDpaH zJ)u^9$I;Y)`J@fM!&&tws}{0IN|8oFY(kE#@NfDzhTfGZZtyS@4`VJJMO$( zf-t#Q6@uuXe1Ez*=-Fb>c5PgtL;hiso+PVZ?`^n~Fa_tmPXA?wIql*1ozGo=50-(0 z>w868Qj(-&4`-}?#;uOn0;Ahj|C~BvVWd#8Jgh|8@O{gz5_^m#4cizn<@YwVj68zp z`mmbJ1@->^eigyRpB(C7N~D`J>oZbbpE|bIO+0-vPJ%I3e^FaI+pHByW9A#dei`C; zv42G2p~NEDtNsPIE&jDFL_H1|DcSD$0*HJ8&hC0x3$z6WF60zOOyp(?Urv zM%f!b9(vLrkm5h0VE{us1v}*maO14s>5hv`zduV`N4$DSQA^V%zdlfqPnXkF@CWpJ zeW-Vc^O-*p4+=rwB8h$w)Q~PY0RH?ebPLr!0QmZNsmBAJkravc0v!%?T0WGT?It;H4|kc} zh|3t{(XBuedzgnVAl-ozl^`0pb6vta`Hx(%K(jxXpmPxntt`bge|5}`8i$YhTgxXT z8ij#?zY^Uhg4=_aN%yCM(~nUyGh=k}du87p;3%9B#}LDhrNxQ6f1P1`L~c2XWwSOZ z{jtwx-t`Uh?~o(R%UZBY=bv|Sd!W51mErLL&)}lAP0Io4iL0@}&Ft|_(@Gd5WyQ3@ z);iY_A2=;A%|=2{dc8aBu)2!&WXd^ax)VV6Ss}gF=0(u>na1xGr$3?-V+V3>9E60! zT%&{jYR$|My@KQYV94o9ICD4(?u#+pz|;<=ZBhs(8rHjFOdD7h#B7_Ywa+gzy+ETR zBdbBpg!?BNYgW_Ws6m|Krtr5zS8-H#b|ich8NZsebjkA$!yTFul!>slF{??h{zyH^ z_QKu?d(4b9W3K#Z3Y)8|pP$zSO1?ih*P6|^^$l=+qbmMJ6O)=69i#Aw%S3}y=?n0L z4_s^*{W{O}RNVmlLX0DN0;aH@`@YUAu)hKf?1Fm2nP=?@H%`3@*Pyi}#zVIej=Imj z?q{quA2<1pfK?HMNUXQOhp4BXu7y7l_uG=$@BM(Dtg)H6V;1nCYSNf_B7WDVw=0Xe$5fMJ%nq9^OVaK38Y9+owHK?Si@ zTg*@tC&hok?73~yZH4&eFSKT)mKG?`@X4`k0oQ!;b$pY10&wwi^Lop=2Q=ANo~M~E zn6b@L25#%?25ttiM0+{Vk%gOnTZ&3OTcp=WR!3QSEJc~zB)J5pV#4OgZLqD#=3g^b z-ZO&qATjjvL)@9LNcNIHtcKalG(arJefYPX>8FbxH@grx9FJD}%b%dQh*p?kfzdQ@ z&}@r~*c z2&}B_#jEs=O3ypbsBgQM8Z~Mjrq|^B$XVObiF3$Ro7zbT-u=@*Uy)ZpqwU_AlkVQ> zM%b%KtUuDGwRZYNR-aSVdDps2unRWovt5Nu*ht}5qUWFy{SOd+S)hgUby;bVbTEE% zNOAis;d=ZGg_Hl;(9d~z)5J;IAMy#fd1=K4e4gAK__hGP6bZ*%v96jn9hcWhXWYCT z`tngAamkoSoEI5k%=+CG{n5hl7&&vY_;@5F<1G}H!r9ko6ZkJ6Z&xC{t}-v9e9L}I zI)C%z-`5y&)7x_^aiBD3!ss zF}I*o!}sYm=-?tz*QwEnEbU+3uYk1r_~(I zcsK}az!J70Ppt;cyQ3A8T39TRFvhJYX#u;2ufyGUrEAuuduz#uA(V zS{;mCTZjrqqxxHRyw<~1mo{KiR=)_+M{YZezOdv?T+v*BT_a3IgkHY2=t@>92*Y;q zt-HF7$GNDht*vLg3ge)MpF~a$Vh;56`sE=v74TmAYz*i~8<_);M~>?3d~cYvn>%Y1 zDB3m<$-}YA?q4wVd@JI$V&ny>=!EJCa<`c@S41HeFO3lu!466WRYjbm?q}x~`PsJM zW~x*{luq8A;a2%L&Qq~;f$v4M`KoKIkUizb;nYc?s?&HIuCsPnxVl@E82lGULLxv_ zh6v%C;YPt2;@LyuF}y>njekpA1_le&>1*m6y6 zBW!5xOF5|rqG<`a#rm$wbREuMxv5DfjFJJ?m}B?HwO4x9Zz?INh$YW4Rj=U)eqJ)7 z>@GH=asx(%{A+39R7~y=3U>J_%*%~Edb}%O?+gw?e=5u^;~|*kFP{X9F(I9!_Raja zK&O7|#J1@cm}z^!Sob6D-NO6{PxQ$~X|=CraA*+;H$8?BhS-X&MK{7p!Y;ig{Z*v* z=F(5q8(IT+SAMg#eeLbCKO1mVQ%742%W@_6y311>PgM;#d;}TjBNI>Ul^;F*uSy1+ zO)ZGP9o2fxIKbnfYa0+qrSu16(bMOO4NqIk#l6eGf}NmYa&=$>%sAuEk7^ZnKkoJ% z-t6KMj?Z^AOa-yl8H46u5)VCrs8=Iwf;2i+Ct@yCH$;x{kXxOn) z06>BzUl*i(`F8Cme0c(_0V2S7vsJWuP0MlCpTIinbSieKroi)yo9<(QfDa}?i%9-6 zp#b@>>IPdSOE96G0l8#Rk6SmT>qg%cCGjEUuU&6FZcGcv*y8Z)Y3`aW(-3cb#`Z+O z(o9_k;JrC%Q4dk%$-yT%Lr)7uIGMGXtLVL5x%|RBsJgb;GwuM?+>Dm9amj zn^{36q>iNi4`uim}$`2FdatXYSkLm|@UZg#Q0TW~ti{!NOf&potD&Gi)lYOd(TUfEZl^wBRvJ z|8r+cWYjxJM|>lRe5B08DM^J89fkKEf+o#9ur;@X{6!X4ASAbg}1S~6^oUn(={ z3}z{;Mpo<#JtFi}=eA`?(JyeEnS+Cu(!GRYflw$EB6czEZA4E$I5Ph02F*eJ) zr0eA``l}loi`Yg%Do3HzLGd{~xBKVwQ)XmxJank`lBe-Cq$Usc*0Pp%Rgm(#q*~p6 zisY>E;tu@Y*lDCd_>h4ZME&NEZ1<5;HFv#m$wO}~vZI+J(`oh8JMH@Kn2maZ8VXg} zOEZS8?MJ+YbF?=3iAUyo2{n;lsC9IhmyP&R3d^>}7~KXCn30lZtp;sIlJsJr zP>Otcu2#wPanr1w$Vo9HRM)E~llGn!CQ)QJO{7Pc7;nT9~IXY(bkW>4oD3ZEKeU%Uj>b@Jl1T)^Mj!gi1v* zX-2u-V5QMu*EbOBhRz((?3A&F7B1ljY<3mUn7`97Tj5&*ql_L!m9oXVUJ1YLaIL6e zrVfbyTjjBV|4xwtlbmS}B?Xl}EV_)5o)}!b0#|1&~`yO zCAbKTG15X$7D^ir#ubOqv;pY?Q@1v>%Q6lsKSr~z8Lym7M%0snE&(;QvIZwbU{=^9 zjeq%DTONilF_Mw7?H?zo?yG}E+6iJjCoYzSA8CsQ&CkGgABT&>tG~=qM`Re(CJfeP zUK3lY1db|7;7+Sbw~-DV(y$kQ#dTe~-Qx)fMa8cgfVm)Y{I~XHJCxAk@5Cx!`nr z8|iE?)ZcHGjif9C-psNU{#bnUW4#9E;A1=j7qweoKfXNCW~O56ZpaCGzXkSN8&`(V zc0NmC*TIKHCpg6Y6Xs|^?Aq7 zJ}XIu+jWfW(fdT}0V~SNI}8cE>dJm_ER$b3(aqNf9GFLM0-#~7D?vW^^Rbu?MV|{W ztRV*wWoHVG0`R;C=_gZ34gE2O_9~bU>k`#60e-61tiS(9z zd!1p1{GF}s8dO72SnI+)Y8-_C2)^9Dw~_(+MM#2eB!+tS5YZ1pP*4%TDoK6dyzdSm z!^{4k7YQ-$`WM+gB)^-yro?^l%BQWNCEMpFCbxE$$sccy`&;nNs1ad$ralX03z5Mf zEp{0}w!|@8OkaPFGdSHNf6B~jn{0uP*Hbsh8%3j-{E z_2OG@+N#dfeCs?6f+UGml^;iA4aUphBZpZeM#tv4I`5mG#?qk<`AKH2^;8ezbza>a zs2yM-Y=io~M1RZlNZ$sK+t9hXSvCb+KSsR+OlqEY04={qwgAB_r`)@AS06(kOcQ@K z?92ZS4m4joYb7Cw5i0CQ5Cl~5eTdF}L2%uNF?+AH^z2)WeG)NX3FWPt>xmfu{(3$s zYy}WKBO?8~4YUOiDX!e8TD56N)=4a$e`-S5Yxc;;uw1W(cyVdIV6+N`iB|hy8f5ee;8ry)v`>q{lSD38+Yzas?attDHph5^h=M zsFEoS08aHe3b$Bbx<@$_fx`{PV4#WAu~eJ7^gNm_S%SUzN8%7mEFLa(GJCv?j%Y@B zC2VS~v-RkPvIy{0ui6qYriv@%J+Dl~RAA@-siu;8`_)oW)-We%T)}>c*mwKaJ5u!8vM2{ThN4i0< zrvmjTb<9q)k+})_Dh8FcS+wK#9oRSFiRXtlvd?3yR;9K1m6@n%lIRmatJY6|XKPR3 z%RlFED!ZdOKe|wKr+W592tD?0v&T-OIAs(-=sP@6XZhdCY%2Ajb#;Hb>C#%smsSnW z@|XQpFB5mK;Sk``m>XW1&i(83e(ltiP$6Jf2w;hBVB~#h<2RmrtpWDIwFUaQ-UtJK z5RQ&dgauFtgm;ZC_T%+Buv?044Y0h2QYgVinC&N_hAc>|NbIhWbz|R7&oTKtx=+@6 zGqmUlocj!2F0C+Keo`ZCO#%;=Pvch^(I`RO{R`(GNDIskTOoJ*A-*)VsE39z!`6?D z+#U>H^dSD$DE6)9_o2Y4@+!Cy6D~ITWJsOY*t-E2p0&-F;jP;{vF_OxHr%Ne^4Qcn z5lVmkej7Kh7Gaz}GC7?q7o>}`vF^#p3~0H8`r-jO~6$&hXU&pZvw zDfn=&Z8C(pIxkyhpzqMJqyY@0@};4`3jh|S7{QFSu)dNk{!ykE zC%vYDDQ`5CA+B6=Y*md^XC8}T@;73@NxWW{yNQ*7ofGrwOyX`k!@qda9FabpcZuU7 zml_w-&u~DNuW{}+&D|B0;8%*z(kNhVgb#~wQn5B3kb^!005SmYJyZN`AAtmtD1D*g zytSI$$-V7kHODnZBIXrsuo;CZLd5(@JtRd8!_IRd*4s{X|8bC_bI3b9+g@e=;~+6U zscr+*SS?PmK}`*SA^>d^y}ic$^1Nf?k_o;2B2GB!?ZgznJ#63+@cIb-lt{WO(fCUF z%>OERb_VpMl}G|Ipr{@4zBSha7OjKsk1$JvCLpd0!K$xXbYS#_mV^p0z5E|)nlvYJ z07$+=@7oK1px$Su_%R-YO#9yNm#;^u^Q%VxBO#URqpf15mlv*aTF{lbYf!3kTn!D` z9V=%_P1p|6FbpK}E7@5m79UeJ4d#-KHZd>ef8J5&HqI5CL+4{W!FDEgewwz)zDZf=c4``e29TYeJIn0B-A5*qml4*Pk{%gWy(Rf8S-$ z?>Jxi)SFGQl>kKd9|p;7uj7ZUaI)y|fK=f%`b`q8ZhV~iH-a&qH$}KS;wZHX)5P|3 zW#;+Qcn6?^M7>8)1F_(WDij!~d(kyw7&uwqt-0~dj0r?k6gjx+?<8`U({f>&7F-@l zn;baRa{Ohs`F*JSoX$6_E7q7FDgE~WCbZg2v25_FIW7XoR#70+Fq20D~3N&-9XLF!1wG^I$y{BW^U+;x&OstWD#FGz;WdrApoWkB*Cz6Rp}B zbdnbtRN-&iGLTPY%9Z(`^zpx!lhwqoPyq$y)FkehW|x+JqbO?C9J^)XI(afnMhPnP zWUJ_?6WdBS_IWE8XV8gh@#!#jgcJMIa$w*LAb zs&w4%87JuDSR&tkEI+9iiTV4Vx1T1*asZcBGU7;`2x;sEb6h2feqIo_e~GVG)o4t0 zJ937DaI0j^Xcir8K8088D@`SJ%P46O-^$kfQ#3P#%}|IqL3=BWy_GQ@bCxuzpEGr{ zFw@77Acn?{jAS!Mx?d^@?Jk3oDPRYbhJGHFBmv*?>tEMd zpEtua(>x}ta2^km47QcrQy2q}`_ajRWb+SDwikLZv`N={M@)%9W9;@9v2rn!Y319M z7wpK5(;foLK@hp^L!JTGR?2BPXeA>!Ba;$>^UG#>uiEcain_Qw)u{2S)cH8@uNO3u zOaF}~%4)QiP%H!8uTk&e-YyBHj1;f_&|tH3v|PGkn!#~ej7O(8&9-5P>`^SAgNLm)%W$aL;5E$?SFDEUD*R2}dzsv!KQX=IsTg6}uUVC2`$clpR*7@Ucs1 zI&S*K$VzfBC|Z&F8Z^R#m1?um#0_Fv$?XN>be|QrBR#rwAc~GR^{8DLmq@-14Si9k zLevmtJ|wz_`%}|(a6EQv7&Uy7Pl(YyYO_{E>r3;2F4>}|N^M~If>@{#!i{E@bDYHw zp-yrt2u?LOYWH)3t!mSdpC#)AT(iFt(#Q_DBIb#NmwBzMbTXQ$q|Gt?ozq?v?PtFu zl&jDXBU)RRWmw}QEak98(EhW~&;Zk1TW(QV{xV(2-6TCT?R%#F|4b2W+A}W9fBG#^ z1H!~G;hH-?mrbru8qERjAI5;T-z6si3o7Sf^9}R<0^#FY|FCHJ0Ly#Mj!01$`xAs4 zzryx61kq)cFLEqRjcrrB^|pkTit=b*){58n!ZT=W#{Md#upp{0qPPqsn%vul<{2jW(smue3}MHxH#~KiH-;^F`2RPBXzj2^ zi4^I+!n{x72_W?j@p^re>-mujSRXA&wZs?pQ-Xd8mse#~Y;p-Bi!l<)vsR@-<%E|a zfrDPm&Zmt&q5jAj<%OBWC5R5ES8WW~=3^KN`;vw*4MAM^k3Q>0SF$jrpe?qX#JC`&w`?=Z^OQE9EqLW*Q^aClhp-VtQ(CVfN9h!u_rpkRreArRaf` z(u<3D|I$)%E}Ciz8ZbQZ$Z_6FVnjtoS$S(@;Rj*dzOz}Aa9Ib8LL(4~RkvEZODj+h zoN&kHM`9-#Y%4wsQdjzMceb}IcM&K2cu@{iiTgJ z5)I$JlhOY^z6bxGA&4M#HlaBP;w)9zsQ_tn(l$_k#OJ<#@f^%~vqd4>J3C`D&%btz zZ$HVPu-h}3REEC5V7%_p5=OCss8P2WUC=UQV_6n2l0=LR_Ack&)c;j_zMkEqdU+-y zAfk96sjb}wmk%C5nQIw_9L8^0P2F}~yrwxj;M$^iu(2yxtoo_01sb_82`a!}#iZZf z0eV@XcvF1FM?0D|jtEOX+yq0n?k`;fgkgcm%M`V4jzYD=>%tFk4|3R+Q zgZvh9HV}OjTEpEF8m(OJFp&piQKl$o=D-cvAy$W!qn4fsuCor=!3;M)w@}(N%sHZF z7ofxf>;6Mp52jLfwb{5|p*stQOUHWLAT^1VUb{kuOJ}$;BT=CvS}J@9Ztm$qIe6qG zs0SWb?q(&`+_PO~;4Wm|f~T&p-&2a{ZvuTqMN84-_@be3W?|(|Td7CY#RCO{rV1NHo~&AUp=G4Gcr4 zpSpM;aTHF%b=6U^xwffF=h%w+?Pui($}!wa+<>On5PGOqO4h1iy)2&=@D|*8TO_Ww zS_e=1DYcIf0^P-gWKp)|03%BMsW@Lr-F<2|=Uc^zKQ!V8^#-5T_@xA~!z?q#N@$cP z!<%KBw(cx*S|-;~=G)?rMJ!c{r<}7_k~bPG8&_y!Two47yhen!@k~6W(R5m?zK5b~ z@Zwy$MTxb7n`Q`uxHAA?12=6*R0H;6K;T4!6S?=F+ zKa-Tbt$E4u=AWT?-L~AqG2JY<{hE%kdj7m~>!9%R_3E1)>eg>4tOK8-Ib2$DIc)A9Q3!I&Z!8e}$1J5_k_B-&eMb0I~ zB8JC)(r7c;ED89h88}RqoG;$2|F!%H97mP^xqS-^&0YfyErTgOLS#FZ^~{yZy{0E( zk3SNUDy<}yv_4d5zuUX*-i(ybXUsY31>bs1PlMo=V!dwRYlFUk$!=eXHz8i1cwiRr z?*zbB;F|Qag3|C7_jdcukOok3ZI|?QFL>Sd;)K*#^^vpu%82ysDe-z6CKt3daGFdQ z>}W9y1Q)p`Z}hAr$l_IFVq@-UayfyQ*9rL-*zum!G@0bS$1!LGu_iCJAFzHw-uZM5 zTan_@Oq=P$82@zLfcT^*=$Q!kfQc^N@0Gq*_I(cVWLUn-+-fK2V}5+6?G!d(RZ4X=dBL< zDDC&Ild|CLLw05r+M@@UfWV3afa&rrS)I@kWi`Y|X+iWbmU{uf>rhE_OvxlLb?^;h ztS84n`iqo55Z}`Gh6!=|9txoFykqof%DVLjaFVk}yETD_JG*;GPg1~a+V6W2eLm=W zfpk*zyfRaK=ae08c6|$YY#!~g!M#f(X3FV7&dw>+SB*H104ea*=05~B6v)DR_daz) zZMjOl1%B;qGZ}XIKkt2p2_c-lSr-Ee{%n1j{04q7h=eDBXfv3vG7gudLX&@jkgU`& zt!Tj!-u(I%Y-l?JWy*BwK?E(x4;yX=6Se9&FIr6+>S)LiDRn>dDAE`RmCW;a; zuUh-}>So8-<=4>avQs#$+^$d)(i)_nq?Ls{QXaYUQJbk4FxN_^c*ukPtMe_DH2NIo zS~sbw&PZ~kds%Dr-Voyg521NU)Gj~!S!FeS|BoC`$PY^eS-Ln03J=)zs%5Qkb=$S# zLj&{4)}9BB?Bi{d$%I2$N|H9P*nA)tINnp1R;Y3|!cX=Ygv6wC7SVa_&?6yb=)jxI z)QQQ8BjTgR>(KgyO1}`yn$s1iQ^7f$IW?}a((jm$s`a3VHi9c;~Eb6db zC<2xuSG!TWi!EKcNyZu3emva zZImOMj3ddBML#$k6IU^J^E;k(*a#nojrYq^yS4PXCN_ZK-3aAc6%&fyKV@Rg|N3xr z+@+jRyO_OzLPc7w9p{c9) z`d;u1Yj4QdBE5GWKKIbE~{;l1Tm=gKYlT>YnRT=UbEb!U2{F)-WvNx(#YM zeSpI{1IZPNB7X0nA&F~m37%DQ3v0pX#sc-3wp&EkWgeVc>b+%% zi7q={D8951ku5mhOzmZm-#g@cAF5D+68nZ|_848biwbS7PVA6180EYIddj+JRKGKQ zEEF)%`4wYTUrlYkT|ki`=dtC7#*T~OtU$_xInaEgwJ)a>V@q(&{{7RSu2j{ms;02J z-e+wpy#!?{T-Xj&XCn==;dHduKQ@ay_?x=W6D(tmTLeLM$4MNdY@X@%GOj@p>ZC=w z(Tq{gxF_faZv?v}LR0rw{`iIudK?_Bh`4`t>5E6TaUAEBFy&f><2YFJIf51GzM5zQ zJpxoi3~(4B8r)V+PXN?kI^f#4X+wW3+a;>Trrwe)3HGWrvntQdv{~O=%;I&aE~UL; zA^Xyn`J}tugkQEyC`Z!jpczhi)wP;c9|c3x(R{E|MOGqtI((I0LwfHIT=Aq$^CQvj1k7<#VRVg$BkcuLN+1Cw;+ScuE^ms_hv)8$Ks* zPG42RqLJ&w|EO{g$7GU~++44jG|^Ho&AypwjVlQuF{2eiBM2G)Qkt&O+FU{H6x*+o6{Az^7*8!P>`;VS#I4Ha_;xG)7C@Hes2_= z9eA~%z~6_ADNgHC63M8;cD8jA)rvt;!OKgCezAi>bv$dwuayu&A}Cn!%3YIHsb8i{ zV~fJM$slqXr;jML9$R96VSR!<&~2Gj{2>)_CAgRdDU`HLQzNRS(QzvY7vcX<}ji9?>PPdoq*WJ*m9)H6r0 z*VWPsS>{$pT7IZ6RD*M;PiSTxENJi#vO+mwvIxr}tGX$qv%TTutPN^lebgn?c}i{NvGcHS`;ln(WY4rHXe7(y>$;`kCe5aGkh z8j*5Dpg5(-?mfo0E0AnNV^(^dO@+DC%S zPDep;oR$CirR$`phdp~j;0Wk5P^S5r8Dc>1m>xed%u&de7kbIQNN6K)huBq`#2#!5 z=3h}THRTqN94moBXR3xONke*h5r%7oEYvI__xydjzJZ1)h0nHs5vqqj9VLCTHF2jp zsyMUWrK0i0)LP_b0wP5)_9f=BMW6+F1?K-?>m7qD`=WQS_E9L>YpJlCSQ5Pi$if|ok z4ya^T)?C8gJSsD{b?=Hd4E8b}W(vOd>_`Mck?(9vw#Zm_hi84Yr|l@5tN;h-ZWCED z^-Vp3eH^?Oc)4X*Z2fDS?vnf3e#(iEG`?c!jhgLmZAk-|?Fj}ROZ-y8b}5N>_u6hbU1Vn#6j`(1}+Xa#NO>mweZhfpdUbX3#%9=%iRYMRh*p&HObo zI%@ld_XRZ?YmoTsAcMkst+C_3GRPUF8`Xy^l`XT#)A`uPCdx_V&Iz5_AR_3qwgarA3CCPAVl&9^Cq1NUe@Y0r69@Je-xetqQ zIKzvE5Z<(EgZ-Tin_9bwq#4s3h9b%*ftYE&wYU<&`jOlpRW2I@g-~#k@j;-cQ`<(i zd_ev~@gdeslh!NRK{fFikf;Lm0oi$-FzOKW|*f__i-)PqZa zk9nQl>8%%cdZZ;r3#3s?HnT>E49<2xjUDSpex4=KUT-IgYcaq8=W)WFstpb!T^9KCvVK}C6id-%BL%{)2Os!`wwPhVc|0TFJL607MGE}mnAR{oesWP&?Z!(I{ck>1vV#8 zR$lX64zTQ$LTGso?+ay;RbLd5PNu<*&s=-Nf|z9gXF7}u?SX`Wm^wVz`Xc;j`2B1C z_sjdvkzDrj{F^=$%w0Kv?_x`g9 z&80wdT3TFMJB@N*)6&-FqU(mlj#-iNv46SF>2=0$R;1sfhTz?DGk9TpxQihmb$9hZ z{%5S8y~`B+=%gxkY|WYAQ#xcAQ$QjiFiX;dJmR1Sd@^oog&13e3&FhxallLFqsMA5 zBVydw*9lcgi_85M)%!A3phsaRZrcTmu$p@tWE1OK1Ghr@ne#hCWR~`l zY_jay(DFwBueBz6OaEJ$#XS5uX0*E2YA~Oo<)Ki;VfOK5;Wl1g6CMZQH+ZXistS`x z?f97ja3K03D>PAH2GjTSr^)@fC;=QYCgs?qe(4W}{4eLqVNnVq-$sFR=%*T;Isc4B z+K<2wgZSak62satam=}inaBc4ykdK{mORlNaw>xPlD438y$-cVYimC&-e4^ca=PUN zW36NedE4?(u4pHunn2Mj;hgBDTFigHzUd3Sm4JP49BLB5JyE*E$++F`L$6w9wX(VD z4;y0E#5@G&>oD`F)L(`TXg}>0?clnK9zS7(GfkS}WJ_YpS~QZ8Mk>@)pf(!NOUA3# zW{@OrBFhKkqoM_VVT{=09|8m#`d6FlQ1gQQ7%bLo@FLN<3bDU1Mhzq7@nBuoy8Vi( z1sO_G8Ed@&Rju*%(J-7>N=$S@Bg={ToWz7mNaN(tDSt8YD2R zuR4?H2=+5r+;%7y#D)PiID;{C;37@=ErxDCwL z!@xr-n}0l%z8OOs?Ihj(WgR9I=7fZH7-S0zj|XJqu8>a}%FiYxLl59Y3XaKZLP1bd zLQTq(a6kLws0a!=6mAC&RN!y^XeQ}!cr0KyKbR?vA0YHV&tMjvMNTQbO#Sc{csiTaae!REUai|KMazmXI3Y~Ria3!5JY&EwymTZ`Ri!-^bdH!9$g~FYW+Dw*qkea0* z*?V18rEW{1q+s5vyUerEnJaObuu?qB!_;A`L1B9-ORE0s!j<~fwNw1h9*Jv8i5c}c zwbG9Xmd}GLoMA;f8^WMOTWg{5RI{ME%~B!rHOkQ}!0Pj5PD(Q@Eyi5bL|9yXeI)c9=JVFT+y2j~K~~g$;>h+x z;y|HY5AM*-C=au^Dc|{VfX%;&cB^yngg_k zRI{LH)_60jIv)UCo4lDz1g((NCNC^-7PmLVmN}U4);hHqyKt=l*Qh@srtlEUcuYNm zPKoGSMgf@>fwtJyv;)6lJ5epkG|_Sf62n}|qGUtk=#3D*({L2xx==c!V;@fLec7}E z(^(Ce2k%;1M53S_ zFZ%tsxSoEv#?9=r|M85h>)>8`Eiv%p(=;Yvd{*z=b8wxu9Tm?ti0U^D$n-cM=3IDTk zDe+w8I5-Bru+0OihUr}^6T|Y!_YZoLTg(H=_)3EY z-^sLd+j=AHyAlGmjwo0hxsB;wGIeU$HF&eINAjL#1lUc}BHcKf9-q;-%K z-6JgXlEUFszMB=}@lQ2Ey$*4|MFdDv9fp%?&hrE3`>9TCS-tK-xboMW+ejsF4`$#x z4zJ$yjzD2g@kdP!w^zBtMOO)T{b#>8)&MJEF46Q&HWHTBq^o+rmPRK6xC5B=N+6S~ z%*5BFFoXzYE_v>w6Ua)W{z)hGr#fYg_uKjn<99}vzQN>_6KL-}vdXCoh@Eak`_m8OaB&4lp?^ymm=(+Ah{QmhXRB6( zfrk-qBU2GQ{7m#OuP|B_+U%KQTSG-6~+0zvD`K)SFwdTj^<>=yr#NyzorEL1Vm% z<~=7$oN)*L=e4I;@VS!|PZK#r$C#!(|7{#=LRV@x#(O7HpB`V)pGug6KIOB(SygP< zVQb`bslK|P2BTMEk=gejr4rSRV$ovMWxxcS)*oqjReU8fj(|@@bGxBmWAHhNEsWF3 zUN31QOY(}*DqaMFUBN*1lEV#Qbt;cl6F586s3&yj`YPQOy#PfKP-8biGB4fWT=GhkuOYZ{kM`v?gHn zxthgdI<}$bB8r3<;C+d@Z#tBgYz%r8>O>o7`4RaHb0?+{r`%=Vs`iJKHDhw@=~?Xk zorhw8A-=p-@;IhcMPp29lSDh;dzcua$T0E{b6(4|pRDrEz=rjQrQ^t*bslvi4qY&D z15HjwS*GIUBCpV~4R0x=QkCgRLK)Iu!9V^p?nXpK9OO|Z6=K~S2VytqVwc*n8J_Sp zdb7yhs*{=sYcdG3IqAbY=JN7`7&yy+cM@S~rIYRBsvZ?X2kF%5Oj%RP_w|zfRod1j zk{Sy3B0D8}XW;4j#fr(YzH-F1%pxO#L8xwp*6DHID=P7``h zAY)*nYFT7?FKXy}*Z#t}TzPLZLs)~>19d?MnOg=mUz{xO4;!=8MsFVVyGxXwPs<8- z<|Qoad=|~n0TNA#Kavi8EJbcZ3vu^W(&hDpDTzPSN zlFE6Xp|qkCMW>U+y>sRrxrwv+REN(%upgz71s0qoU9D6+z8tDa6|756I<>EO>0i6A z(^6?Al|wGLWpVhU1NdlHsa%#xXFP-chyH!0pz#6yM#WJtgt|ldHx#wMB|F$g3H1)) zC{i7@11gH|dS$Hd%X6w!>4ero$(~>;cFHwRl69ptD+B*Lxma07aV?jk!wVjR1Y5%3~cDXeImkmxDi^3wYNA zJqGs6bOkGUj#b~__--FldI50&iWymUIXe$%F;LW$DU>W;&pJLaX zN>4QT+HsheUDRwxYT=dLAPA8l8E#hFOh#(qp;gO!$ZT`%cXVK*C#m^2x_2Bq(tE2N zqIpy)e!A*DN?{HEr!P5@B(x-S63F0*=_ZEO@cW{ylc%k=zB_au)?$hZW58Q*UUny~ zM2h}dERCer8OkR4&6LH}mn9r&h^u6Xu7qDV%jBv2^B5)WBA?6{LrV;Tp-8f{XdPZKONS~ z7TGf1nI-9hst8%Sf2|NRWW6fD2Ut=#;nEhl=>vjVEM%c&1%Wnehy?x1o!k$Qia~Hb zNeG{OUA;c8@ zE>$*&;BxMaDw5$;%b8AyX4yTr9l~ziLLc?L<|WUYUI13deDYH+mZkmmhOiI){iL*j z+6v$q89CPKB^T!N6Xs*u%j382hLp!XEbEr7_tV98T-L>E zJG*;9fm3GQ8urGu{~u!7&g2p(EO2%*!&?9Fji0N0zlVsB{{^%;eqX)>LKY{{L&8U) zp1(Cl{HZ=y{AFY&*5LtT9Q?EtfoRZX=70IBDbkWwv3{#TDe222w_^Mm=>4nkwPeb# zVhSJz6MKH#Q~2K@J=M&`?>)0}+2!PxLDhwxG$*?6TDm|+-@D5ryXGoUw)|ajKlbe+ zbR-vwq)iJ+fyd^yRV%RZ%3Z9&7Uk6T(W2$JDe_cag0uV?o!~TYmLI>Dy*`^MWguGZ zmn%>7S!&iF8?`P^OQ*$*_33Jl0?;#HYRmx=cwKG5xdEnn0~!g9jXnDS9sCD*-5%L@ zlFvAvgLRs|a0ZQWK%t*5Xs;rR^OG(;!bpX9HKgjQsIPAQykitKWUFE$PHp-n4kmj& zl$TFtf{r&0oB9P_-Zqu`AsML*yNuodXMkAV{Wb>gIwnHiWT)FdTMBty+Q53II3%fhsl-Q6dZ@iEd1~@#w{f(~5u> z%~Sq2gQ4aD&tClF2mHqp+_06GX3mX!J8t;M0#wFu5$$UM0DzkOyiZ+L*Hd+eh!g$h zUimwFD-eMW=K*U6d}tQmDU|5byD?3?CsJqb)bhB8S#H%$-&#BI53fbHQ9}Txw|WA> zE@uH1%t7X--P5I84bma-Rh{PRAIe!*H(@@SvD+;*_P2~m;&nP(Y@T+fK++&F{dR7mPYjit(-ao#oCQhe8?^0S`i<%V62hWm8)&?{8 zGHdhS(Kc9OK;FJ@1Jh>HS}^tl(5ox}ci_Rp>*?!yF2ED`_A!FZxGr^lp)+S#Q&!Ix zoluW0spKiPWcuc{vps83adn!=Q!&Wp)av_YsTpa$=hEq#y~~1^UKaoLXG3xALuava zz!k>@Z+_g=66Uk_{tWn_pF#Vh(Gu@SS1BZ)2V$+M*^{qCi?Wy3B1&(mOh)5wrgZ2N$rkeOzxROeZvwBzJl4&jzY9qrr$uQ%IL0OD6~mMR*Pt%Fg`z?%q>nC+ z+?q)krIu2<$?t{7%#m@G=u`Bw?N3v@;+sq`k2JOpsK#Ai(@^dh0BvUzzH&(&qbyL4 zPzVGSC7D%XKjvg-=O!2E&!)ty0AC-X$U5T`?E1&~UKly}&!T}k7kz-q$Wvpv&ykO$ z)YTkXbK(6+8kluAT)wlh3SQ3z{MpD8g_^9x*+LMuO*~)@qS{=S*NdT0S2t{1U0akd zhp9dE6z*1Qp(CkId}S+Fyzxt}u%QEGF4uW~J`+915-u-;zKoZ*KY6tt@ncS^3$BG@ z2|tA<)MY8HZ%$BO*Hc4(zxZI-7?`<~x9|3ti)(zU2F~@n6T2?H=WB5c=(VH@$hixk zNwZ=2W!_-nr!*K9?*FV6f7lv76A-J>*+jY>II`e$yuua{brMV*EP&{fcPCy{VEcjO zKO&}d4|}5{m|y|TGDp8(5Mzrtr2JZx2m5og8dpDZdKXjENT`XX!|#W-GirJJIk=D^ z%3Kw_BebOK9R{y1-dFkFg!(@tG-RcI?@==z7wIcUNM8wlm@=<dYz=dYCX_(~RD_GWN^;T!^^~-ZcIj~;@k5v^8F}Xwl5nZ*& zFUR;i2-pK_z^;+s$5wbu)cVavmfR*w-VeHK4{vV4eSXbjUUxp73YFT>js9Y?jEi-S zm@@qjGFEirl6OAp`NW_2?_;j0A@OGD6arycw_}ZD33a0|cf$5dNylv_HW2!jo`b&> za6Yy;yJy_ueBe8gkQ1eU zFDA!@wS(m$y^;7?L?FW5aS#zN94Gy&x0wpHS0O0FT9P#=Q0r#?xI5`8obACF#n%|fOiIc) z%)uBQb0jf_DThO?PaeTscOi#J{xrx@i-9w_FvcW1p^*6OR2`owGqIt-N>;x}jzE9% zU`vm4%Ygg#YpSC+gnz=pm6?u_6!p&_Mypw!-^nXqM+* zBF!7(fV@2{A3;nzCNu&IJ!avMo7o0eRGwa{s?gs!!CUtUL7gMDNbG@^dM#==T-U8g zO~00w`sxB48jK^BJ7m}>>#4ul+(KJnu2#}w{_1lw~4}DW*}^X{=#+n zP|=r(uitQvom3k=>D!FE&t$`l4A5kkEf(!~3H=Bxu@>Boo(WYCpxkEEduxei4qU|5 zT0I)|QEg;0*PeVW2oA8rW*%3*yQ82zponjf4sJmuy&_ge=P0zzT@kFwB|S>1*7i0x zLIFtp`h8Lt>$1~Kr#!E-O`JlEb%wjVMExC&t{LCF^l2K^wYDlB9_H*`nAFId$^dF9KxYsoa?sCczN+l}NSicVX>395(O{Qv0Z6>D_j zb%l3>jpD&cEUJ{cvl-OV5N%|+H%aiTIeostjpz~$?*D*%`Kei$Rk;0RapwW1iC0m& zwNEjv({Y~vk7}-kzFrf@QA&!5o>9VEsH7S7_lbi&QQ%52OrcNHX{R)sKVD!Eu+q@| zDP~9dZ#85z_ocEH#LacGe98Ze92-M;!GE>?`ZD|GlZYh$$L^o`-fk{iHzge-P6*s9 zHa*M3+0QVvwS<*3$JC+>OQHBwUe===Ie z_Ao^Ndv|B=yO&J6=Tj=#75CZeQHTnp@ABb5%wR7x=srYrqi;u4gQ za|%$don?iJxx^87RubkpR@3t^%?_Dnmye7OA|BY(!^bccIDP*f0j+vkUx#r@dJBa?2IfBBZR`WDwG0tQt!>!` zQTmq5zM0dsP%DLL%2Vq_=|$ej^pTDKqk;pQBOYx3T{+~zPW*-QWsUac351J%hpG9+ z263VB(fH}P_CLZo)Q%dPA`=0!-5qn5;e2P%k{@e^Df(l;qXGw$Wm$55^oumur*u-D zbfJb}LA66Uy9vhlZi2M>Fx*V$es%mQPfcOeMpp(J$DuSlJazIq8 ziBzx4hUZxRUQDXCEy7Gp(26^o!Noz?pk5WUyhoQ)U!<6XvSbdu%$8$su67d@k2!p2!TVXTuw$M-8fyKdn|8 z`Fp=T>+t#E_VNM_I`_?i;p-fMO*z@+f9Cc1Ylis2ui;tOGqrf#5e;(mUb*Jn>){;) zb>@nx{+L3SPH|Z$;W>^U@)Lflr6SY5G@{p)SI!VpPNm|)o+eV%TL@78UC5Pjh69Q7 znPWDn#J_Vo6nPwMrN@HL+sFSe<`in4Fp^>=kgM+RPby%vnfznC{JkdB*(PoGTC8d{e}urUz8P!lr<{!P*T?%cXhS*1U zwEjnUr9~Ck`b=LR_P!D)(dn(qQMb9NAO45ww?tZeK{fsbdOl=PJd#0y zo^x!4PbTq1Va+9HB?HKZL*qal)g!vA^rh#oJW=Rr_iYR4rEfK9bfz{Pb*F1AIg3BK zI&6q~4_g{-1TY3VEDM4=Z~Fgo;Gs$q!yBe-2?(`$)Bihe=*+6&%i9t;c$cLwu`qi@ zZQP28D;U_ZKQY?9;d@v-uNuonxkfX%9aFL!aa^qJWyD6k{{+_XrRaF3gT0f|t_yl? z%3<_OQtpYRWX);V`dHi3OlUDo%8V0C1iSeJ%DIQ%AE#v?{=~HXP4fLaM1#GXQ0%i& zHFkpsww}-XWy`kf@BJAV671AiZ>da9LW8k?Sk7r3INPFNU3DleD~`Krg$qYO6H5&* zvfnN0kEI?gS);grDC@pgImvIxJ5eg!iL1*Ygi#V@X=dMZ8*E#qOIu zfqiqU1j_ZZ;U;bNJ)$gx)kcjsLaCHbv`a&S=zqisaA*Yc6dEnnL5G_K{MyG)_9X|Tqu+Drz8uv?uPo_fS z3Twv_AUoSr6B3%8Xv-DkRt6JS#o$%i(^V-#N?mhX<&coh@%}d-dA2Q8pN2s((n$9$ z)ms87vH#$us$kWwXEtEUJ%hnYhdzIdkx?UkE-D5t#e_{u@ef}yL3+TUvqqu|1b&8A zgmnU@6w7}dm^^xE%v@yJr5reX#ln$$?yu%7ogti>cJJfMvW~6we>@aQ359>^_AG;F zYnK^;Z6u)WQGD~{PqQ8akjDc57vQfe)l5oDl_cToq?*wLKE;8W?~mX*rmS5jRZ{pJ zhZ0W1@lQlOZfTfRLEVXn!>pJ3xZa7=z~eQN&hfBej~W96jCK?7Yxik-1UNqIfV}u) zV?aQJKVCD2SJC3ybje~~C=u%9Li)L;WX6fjkksL@9lR8LK@#<_7jB6q7(Fu@?Z2{v zF>m37LWe{ZqA@O;7|J{}u=q)xKA(NWth(Qik(NL~CdEi|b5oG2*`PNVm(T6}K;Z3v z5%J^wkuI??&5%&ueHYEzdKwm@=o#XzVrqZt)ZdO?59W55sq!Aq`WWXzhS;b?j4|_9 zo!M+t3N*cIqQdJbpR}T|>f5YGj*GbsP%e>8#z6R%;nu%i%)#pbYQaWM zr^n$yKXcdb0ad5Ebik@FYDcIG5a8(k(hIsi1P21n(z?Ly)yJk?1V{Rx2@SxY2+ArF z@VxyHdIWDR%|Fh~Jh&)fW2HjoWhC84)bhZ26{7{oZ= z2!(2|)BY%{JikN~ydH>Y&oIF88(vm{E7JH`GUtYBoQdq^U4qO z)7>8(509r$5(rS_0TEq&X{S4&jq&{h0GJy+j$motb6}>D{^mg{WsNSH^UUyyZU_RH ztrD%l$pbpr;OqEK7I=xIVPd z02xKm$qZBLSiN#CB*Ulq$+lRpE*0vvRIRzpHCHcXvcxyL*2s3(B0u_8rdMqh%cLn{ z;37sZJ)G?9mi@HXOmm&}bwcYs`F3vctd+D$lQ}htP|CYEAP^diQ{OuBXoif00;78K3>6;wZp|&0Hfx zgvW_0Y$IU%giceuie;iJi|~iR-!_VZ8Ptl&giD)IDvo$-!Tt}y;*9lc5Lo+`@|)Lm z#3$&*VIEimxY+@@F~;h~ZXw$1es9{)*WB$!>5rf%b>w@$kqfonCtUQ;Efq{67$0!d zl=Uh;NmdFemk_(QD#g3$5#n}I!0hVWNo_RdL;s$qRw5DVZ1}B0m6xzTs!F%TU_HP} zQ;8#pI(RIsH03zji98NETIp>@{_^yebq&YXnEt2e9U!NFF zs1FmcNrtog_B-KA0Us&4*K@q?IoRnjE=}qF{p~9vF1Pq=fstVoqs!D_JZ1_$HO%6L zd)$}{*XJpDFGCGoj{X*@TZy!!6lMisYBwXIiLv2WVjuYB=hzXjF~j!C2rq?`HcI3%Fg~S_(#7bCyVhYS}8dNn7q` zuO%VrAcdSKWbA)C+N3!(&IZyQ4SHie5aM@Zf5xa=I~@c-`)^(%Kb)zn<`+Jxp5obZa{u(ZUb1 zaF5E&{i2U)P63c#7@zMO*8%>=loPbvKCSY``nyBf17G&4-V?^*Ypm#1MwW$xH3px- znC!+=_+`R9{iE;0!j&P*brU2(Q|=t6r_Ovn#DS#jaQ~2<)GiduFy?qfzNO^ExE)2X zFol1QEBoiPg$JKmlB$-r+@vsG);y>|KCb36&V++mL;0BUvS%&CTRXX&+_;?2Z_9{B z64*Icsc+{05SjQX%VO6V1yopW?yW^OIb*4Z1|aJ5jF-+vd5%Cs8ubm?gp$ZL(tJ=}zr?m~M8h)jy)OizU2?z3TkA}B4x4r564gZhORx{2P5ckDbyst+N z>6z$)|N5}}9q?LbjA{`pEs~MOREu{I^D%gIenFAJR-3ond+)GFzeOxfc&X-iWOC_Y zZM079(ZM~A2eH*Esnqd!v7nP%u+-P8?-Uub=aPFPjh6|7DA9WA_ti%WPGar~?~jBS zAu?-s7bqP_tkYd=nl`z5$K@4Ubt}Ich!iOtn4ILwQS%7@;N`2kwry^`9kzgUs~DbR zhL;zIWUlQI)$vYI%&HLgDnt#BI-g7z=g`0nZ8mx#9k~UTohk|2Ul;Iytq4BIWja2*=hl`~67Snu+Ct6xoXqaF+d{{+5~0*qK}47Q z)$f3u3;q+()#0o(s}$HaI@orc1kG?cC&O>mj~Zg72nrXp{!gbA6iZ$aJ1TGut|9Y7 zJ2EUy0o!ZT*Z4c-{t9i{WCZoJc4RG|QCbm8n?HZm5p+uEHhR>$s*J>Rb)%+(9mzQsW5o)V1 znL(b4A79dcXY_n*o$SYp*)84cNhe+OMq_rK<~PQZtoNRuj)N`4-hdH8TEs=BrA1grfmnDE_2kuYxwo*4!+(s zzqFhkze5uzM5#+-W-9Tfd>Gd_De!R~(aE5A^B%J5)_?n#Ip;E!5OU{yX*blcY-UTT zX2|bNN*Q`XnVYS$&kXv*z4=BxzRCs6)~k<_x6WRhqK;3im`Q*o*W>r{5e0swwR=}R zlV#}6wlyB3&Cm!|>#%Z&-bR918%3vVMFNL5PG%D}Y!_O|*4H4!*ilFR50k(Y1>WhnmW{?O9!9 z;I-;D+hSOKs0L(5!B+`2w8`WNOg()?Jl?oX2ANNNcKw8MOGAUu6GRYkHi9(@ zCiTDqen6na*moJUKgdPY6G+ig%9d7fzI;?`C4oA){OGmgwdbbmYn_2Hlwo)~E>=EgXS)?PC-7$Ze=CpW|3IE>E(SZ17B+{TPL9nC=U3MXXG8 zeuAQyY)L1BY3+w3T!9gX1CEPs(nS);?3%d5cjF2P=O@%m@yS>*@@e< z8J3s&IpcbU3Me0-y zMY>x^MMF7LKz66xMT+um_6UR@-)vv=@FmR{=^NZ)Nc+F0rD+-Q3_}#Iu54Q_^~ldT zaBd;qX)KFYtOqDB<0SM(f3tkCb=Vu;#5C8FAydufmlwEdRFyYk&X-Y7bkz~FZHLpu zjn{=Cw4v!PLL^*FpK6I3QqCh-Jj0-Mut4W$#~Plnql06;#>rB68s&jS`swS%-|uT3 z@*0b@n@)!-vqXt*^V;s`_MRmSy37)TODSbDExHGt$4z;dl`lN%J3bckx!D8JVH>bY zIKx4;0B_}%FGE202YrwW_&Z+=2!r%aPN8z0KK~dzf@WBSDcM2s0Xky2vDsdTmtd&(x3BVOR&zpb4%yN zTaZwiWA%tncKtn;+|az|j>ICLzk`5ZK%-Ay z%}WdR-XmA+teB{O_m=;NKZ1CAPa5Eo>ofAZ(dmMSsf>pk?Gm_~f1QDa7B$_ZXy?2S znVfHqJ+5Lq2L8|{e*f7{!H~}BAm#4FCvlEw{we4Xxa57PeqFFcCsCiWYEOW_s2I&5 zfD+s_L#SYZA&X!U5_aqOwi&j;DS&-X+XmITqH_bdHITTOW)f_qxI3hS8WZU*Gg>DW+7YHOl*1SsajdJgcsGT z=ET~>Z*i0vSMgQ^$G`c1AeEA0j}gcTG9(~|00hpO{q<^gFv~&rX>ZWeUt{&-%6Fjq zTN(UbbMQqRLwv6pi6!~~TpgF!;oI`6qPC05(QNe;3gBqF3U+e3Sn5Q6{?U+Q^U((< zgbZMvjy-#TpTS=Ep^HH2O+5&u9i(Wag(PAw<+5geo?v9Zf&seWD)bPFd$g&w>LMnX zj}Bg1d2&B{yyg+k*Cm~6MpCV?)?(eI$eoVLtYkZ^ew4(=+9;RcTpg^;WRvMQ7YkWL zue(~!5004y2cWa44(ux>=$-oDr7R~gWQHRWcEP;mv8S4NJ-Mivo?F+bXBCx)Y1;WO zg;)fd`0S(bXQ1hxyiR;8M?|p1z@#K%PQmplWFJQp-EPXb3BY+h53eQp(Jv^e=Y(92 z%hu<}4ezzyd-|!258gb4nWv#PE;_R`agD{CRq3$Ugp!A2VQm4rp1?M4@YiaV#*SJi zeY7>&z@n>q9FdW^Xy-}UrS8fg&|FXA$VO3C|k(|{JC)!l3|k($`?wc3|W z>LEt7K{~0nR06);;eGKcx!rTNMd2DT^|M}O+kAdft)1VzMeD`}$5wAHLGQPDX4Uk%;Cd3;Rw<)8qyx+`C_y%b$FJ%ah={lPKkgXs3t)Tx-XS04 zrkb@ou{HeuRWN(?e)+q_)7Pu*dggjPZEP3GG) zxwOi8CClwycBP$Rt(wwNv=31))lHaV@}FA^M$zAT48Uw5pJmE18^06LW&4LHWJ?{! zG#{fZ!+wJIfHB@>`X}O%dVgvYepZ{>han>-+GLP#Ko6nh6-4F zBOU?njoWrBpx^%~c83~tpmUF|=!cp}cWSIK(AKl+s~(_7>2!PXH8>LFE3}*p(#hdJ z1n<4ROLc=V$KB{TLe+;or00gDBk3fUu=RyoNz$vrEKhdLcuH($X0@yVu(U zo|ge$c0fLiU+^)Z@dWC=3XE@N7@XG%L(IAYvitC1cQ`h?Aruw7*do;7S@mpC<*^gy zxN;sG3U`8%Qodv2vg75?Ii?bgA}kzzi0(X$D`^0I*e~{&TdA0@YJJ!!aj7Mmf;ZJ6 z?zu>pnc1;fF_n6wNDc&b0^m2F(uas>7cArRPS46m8Rwf@9Sn$_u_Tf2k?3AY*VL;z z4>g+cZ&sAYKjVio%9^_q1v_EJ0XH#C-r=xe2VcW)kz^|VU8l9xk6Rbx#_ z#tVS<`Mq1x7&ptGv{1R?m&U9ZX35fY+GIWHs7ajiBVennIGC^)Ykvfr#x+ncK6oZQ zg7zoNeSK*RU86qn$MD%oxqIT6alt|ILRM|au~7Y_XQD2fHYB-ss}Xa?Kk7^&5$+j6 zQ80<)6ntj8A7(i#-nj@ptL+FO6JdQ+TiN}jFD>uJV&yACf;>G!8Y2N= z-F`wDEgI+74|Bv1V#`ODCO-Mel)$V{1ct9zT7<0XdW{5sn$8~(;cZkcsjn70-iUzP9&Bq=_(l8JzDj1XxbW;Az@@q%+8I0Se)* z#n@4YL8-Pro9^;9e^y*X+5RBndonyG8}I*9N->u`8M*(4qVn5m=5Mk6i9-Z-yAvP< z2V*JdAN4AsYbeiiIB$zS6*$>tmAe%l^Gl4gd5gX!);fsG2Y7HeuGd~ZN}+S%q82TU zT?f_vbEzq>NM|#efw4o|Rinf;8?7OwfQRNpL@i(xV%a&*wKiR^Cfsc~c#c zuEN-|s$C|bfgO`3(ECR{c>(t_KT`pjddYj*4ScnEzBs-b&(#BUc|BcynI?bOnSq19 z1$E*4S{|9KdfqTR#_L^`lRC4>hNmKc!pBza&VIOkw|ARO)il>88xygxkzdJADZr4b z982l`1-1HvY+vgq%P=Yay@U$RY^oGX=U}$4tl6o&i~J{QzN|9}s$m6TTr2>k9uq7x zgX$b*TqEkzjyLJl$33M~8g|>?`ONTzy(AGNl3 z0GZeGBYXB|GmQ;^i+*5YgS*rMoW_`MTk)P$2I5zLOhwYI**CayOZe6RLgkZ3@aTo6 z(px-_fjU8k+c_Gq%3bYUzVgDnU1g(p&DobLx8Uu}T2*9^h zjSM~~-2Wa?T?34Ld5RdOXy&SK9;3PE0i zN+hk6;m{)ra_&U*!p>mdN1wDP2=zN`F0b{fm1-LevC%Loyl_3&#zaY@5{H%WyeB=$ zA0;~IR@6c0QH0of;>@R!h}zRTfJ%@qePEodv5x9k24Xr%$PcESuKCS-abifh9#QjH z=K)%D{*pCR68bosM}KM;h;e+rwM0%Fdfs{!bj804HHaTY$ZW-XDUFDa!_kL(5+QtN zHf+kj#v>CgLow0frSEakyd9ZuPjM-AU$jz`17^Pw@mZVkZicbTbP}v~e!kGT-(AwV z-@anqPE#;!@imKzEfJNC%q`3ivM-`{yu+1*R)~n@f@!iwf#EejxN-fQrxjFYSMOOB zwON88)$^g|erU6!Voj+YY-kOKzlpQfz{82$6-syYW)F(LH{hOBpbzdmeYyYpQAtWL z)Vk2;DIV;F__QhyT@=zb$my4c_m+<2=?%7w<82hRT3-1<8c*3kr~4vBo-G{ryX(?M zPFga&PfzdGWk>uNVV&H%|9tmPz^NhrGFg+@8&q~Ln?`z-^Vl3f+l@5xRFxS+9qP_+ z!V;>!0Ba>kQVoI!7t^|LF@cFIa)z}K-FRZm%~HB|NA_sna!grV98qPP>a9nDio|U! zQ1+)G1*sRWY0xR=$fRM#c$i==6iSqI+p?90TpZ;!RHdi1*F{b$&b3-}(CeFsTbsWe zMO)u|e5N&-4TY*fgX@keI5UMWC9L9jU(e%q!ihoJcgZ1sl{(LrgH&1z%=)ZZyvN;y z@_)`~O!>TLi593I+^n~7@OfH4SO2A!)%nMqP#{C)E{n~m~o%#tuq>~Lg{%9;)5G6LEZl=T#){N z>u(Xb402hJq;T%`l~-vM)&+y;&Z%F>~`nsZ!7*x(XKz*(#z@#+i^k=w) z?jKpjQMnM;&WWLw>VmI%X<^_`85(jW%({8*WM0;H#nsbeDgc*~pQ)S_jlUR~8vMEq z>q4+f+j`Uff5~HrNSWXk`4`!< zvCAp{TEjSm$w^v(4f1$Zouo8K3WxLaSO|+l*!7z2@SY2DPTS#w6`R>!SUB)LS@4Q3 z6{}fN#~8rbW6g(^**1K^JJ&4;S{JEJ(^Fe5=O|nrHlL*>R&A3`O&aw~vg+d?Nccx} zBx*A+rtWVTtovBSGDXRMDY`T)^h1NXq=a!p+Va0-zy3u#O%_zjjAQ3IXp3K2UK?5x zkKtHybT{>I6OUoXjWzLiI8rY0;v0O6>{i`oeQfXLLTw{9beo?T$M-PxM!{xO&a^*4 zJenj{Y&-MSadK(1UGi#5Mp6_P#?Or^%tOAMOi50+t0nfTo7rjaOBJACC-oXygF!qB ztMB<(MhruxUHYlB9fS5VVaK9|T|?}4mp%59ksXmd-6I;&F~582Ei)Y;liwK5jOXvV zd~n5^G~1n;khB`9B--!3mLIX?D91|itmOm%Kd#c$jQ)&`!GNEyP_54$QmEU=iGQzA z(TAe&0IY+M>3aF6X-X$mT#ex^ODN_KL>>zO=}IESem12q^w_DBZg(&O)+BRxs2HP~ z{i^(*s{Ci95fg#7FNO-yuN67_uQXO0tA0~xKLJUGf$R!rXM0x%BpE;Bq_c>12WlPL z)On39ikDpS9cQ|{hGzO>w+R+q;mAOpxzJ=-6~I&8GEH#?CgP--!-e@`Jqu9ilAFRP zwrID^wAEGYNS{KPWyDi{uhbPkMp{Ve7d_%L4epaxjq1JS0>{Bx=PYhVQ^~2Uosfmx zUqQ#$#AQ{5YbY+n@Fd&5^l1p`0!c*ofQoFMZ6To>_?3WNuJrp=ui zrDsN2yLsIo<}RRGoQGINkQ!S*^VT*zCMehviQ>9O*t&EmQ}UyDXwmjmIndzNqjsf} z48_egF}+k0WiR6hH635~7x6SY>%xmK9RJXG4$*hzz2M`OHrNkOS|f>|)lbGCH6CaW zXP-_@y;?6L29%bM*ER&G<1peq_24yjGxVW}jEVI-^Oh80LmrLY&T z63^F79O&CI{HQ&D=?viTH2CCeNt2wneQrY-yo8=yv67iXigS8Ujor}Zo3}y8GXZu6 zVHPLSYSy|%oj{44l}4xOxxw8v)Fw7gZFD3Kip@Jmm`arsouH-9u|~6EW*M&aKn&&m zFDmSRQDOgIRG50@NENp-?JstRhsdP+L`nY6(t7n}T(#o#!Y(tsMHK*<>B=V*d)e95 zIk1F-O9Q*vJr}xD{tsc%U0WI3H{<+)Cs{dQ%4Tp%7EF}rIPNrS=w5J)I)N#ABd3PB zn=;E3Lhl-}(RBVrfQZnEOu-@J?uC+62Z2&ERiNkWUyR?Kt&Eo#P7=3nEClv{PEKRm zBRm-RCqy)HMY6kiyjSfNS%~|P(%@$G&TOm@U~xP9F9cc;sG(z(Ya#~a&>UA=f}O|{ zYBGz~NGc_Oxmb;H<4>} z5^^oC+sP6v!tprCs2i%Y3CirYiI{qbbl-ehx95s~e95qyjxZs3eqB~O-?vmUk?<+D zJ@VaCSaF60)s*_a|2W~;VS>oEt%Q|#va@jR&6Ihoi^*>k>FHaF$0ev(j{OwU5N~f< zLkOgmW}A%l*N#Gax6lHF0fl zXWO1WdlNyTZ|R&SU_39@C9f)DGxzvcz77r`MomE#>S1 zrNcE%KE=dbm);eOoG*H79cKwZ8<_CKbR%NFLHe3W?T3`ilpm1oycwfrCt-n6y{0xB zErK#gdpG{TeTqu z_EHn8fYsuJ+fTSyi#-UWNOg8QATXDjjOiEL@xLcMGlxxOVy8lgjpHrEAz`LBpMqb9 zL$L~KcZtQe@*c}$)EhGyWu|#%W<*ma;e>Kj$N284c%RRmKjU^9e}+y<;QV>S%0>e4 z(|&HD?kNc~Ge_ImflhJa>5|ijjhM7hyls&#)xwu`S@6fr;c*vtqYB%^uK_<7$?793 z4Z4%?HT-F<9gpkGI!VnXj=*02`^Su}_iGQB)$wEXF9Sj_lX*EcYH~M6sB;Rg=`kuA zciMKAEQeU6&A+j^u)OqGewM6x_3UqX(sfA=y%Of3U=222X`Zpr5`~OLWoQQA0hDdz zzQgKR*7T!n?r_gr|0oPM1lKi$_w7EtWwk*u3+ZwoAbwf*oB8+98Pd$K$mCN*;SN-M zL7Gtln$zXu+`sbe`^jmd-Tv?YkV0?w8^ueDar~xKV#kxYn1WzCZEUj zZ}0Uf1SbF8|7+yK%2`7@2l#*w9mp9|J;1^1H#DHoeKo4P?)P^3w%l|HyKjRn)-weN zX0iU2H^TNMfb)45VRN5ah^7deZNR?%-E0Lplk%InD9~vy5Ai)^tAjf&#?o}0hojG| zBB4xCZ@ek6%Gj=)Xqoig1fp^Q0a2+nkG2T9mHcz7ZO;Hl7eZZlk_F9?@%D50@UbQk z8vh&$^2SNJUTQKPn0k)Q%pr-U)n2_fjZL1WNvUy>j#EB=N&qxvUBBWf+sH$>@^!v< z9FjgeDPSWXiULX;exrJ&U0@)w;Luw-EOvmclk@MGmG`F52N!SLq;(oCc0R3N)wX1V z+1pQZ^JOo!{%(wx85okkr`;THrS!HcU8|7R5C+in@oKU{{hW)(PTHrS3c}2#obF@W zI%O598qIrpox=zNZd8pnZl*O9j>KUaj~K0OnF5=%a-18wKNZyO=N8uX5~PW)D05+c z3&14{o(PX~GG$_}1;JP7WE89%=l0i?6g&!HsB79uefNf~5|`+YcDAi5{76I4&~85u zD`-vSPSzIZ@RO)u;{dVbraNxV_ndT=dm|9yyJt9po08a)V;8A`GZh z!z`sW{v{Yfg=Qi71nF0c6RLBTf%h{TTieX#OcA-kGBS|c+v8-`>ogA4$`uCW79B5B zyS6*0*i2jpk2jn`oxNQ3Y9N=#nNc0Pj)Xvbu7j9D+&)pUl5QCBi=7}#0So(xm?APH z(5nAh7Y%fk){@KTVr67%8*#t#Fhcd#xeL9)2bfEsU=L!rac}gz>8_Hx&ZoL00#1~q zohL#^;YbaNYMDFw)<6#sBVG{OpmRD?*2HKomn7T$Dm%7A=iGPA3<@cqdh%V*-ztY_ zlI$*yHdVZr=8A}ouKtHW9fe6{&w69V_q2? z1>4)V#ye)YN~})WVD1MJeTeKG&LKw>F7m!>VKqX5fkRv*DP%Qqq4I#9d zY4iWEN_NUIeSilM`Dzq6beCdVGb;tLvfSq#hlx}DoTMxH;RYu?++ab!^SXSwNQ{S< z1O0nPO&4ywk@O1?1(u+FY9POt(SMc`%M)vs&t@IOj10aK(?tc=E!Vmf^7lgu-*|rW zy+x=Amx4YDKc!YmU7_n?Uj(G80kTNb^*ofi6 znI)8sMubuUMun-Q$rGf?j(Ffej(M7|9BHTiOoe@ujWv|{uN;{)m-L}s(WztTew*QQ z2TM}HtM=rYgv64=g}5U2>+Hp)I(lZ}uYUJn;BX2qpFC7n3=$iq;i*`8>xBQb39`q& zL>3b>73Fkj08C^a3sXHeV<-?VVPzSXR1_xAVUbp9)F5U*2O2nCLlnAb;OTzxTR^8d5-!)h#eR(hFwito@jl?d zqJ2t?tz&d`u}-2NOeqfr{#h*gT_Mrm#p6`x487%PFX3$cFz@!?VE6+mZ)MERX)OsOd-zdZ1}=YEG_v2~>0gdvm2^q|XWdM9Hif zo(|7xeG~y65wy2llWJ+cv(||o@XSbM?oGIQH2tZY3)G{jzJFRk8&2P`329}lVa-uu zr20PW(@g-f0X^@0KKW$z6x|aEuaC2%hK{*U!2}+407DgHWIQ>+d!H ze0a8B96EnFP@>-`9v-%~1lD{tKux$&g^ z@7-^y^8iPnhCnuIUNtC0L&G=|#RL)`=egLxnYAYWak;fkr`-;BR8_+(|?tX{VB$RZc|ex}gOSzv{}HrD*2T zl!!=~PZDI4Qie;ejMB&ebi{C-ui(_4;g$F+mJ8IA52{7gA5Fzp9cy0FGHKzXsU_hl zLhilkLZYGSG2oNm8c$fIP*!z+6J^Xtjn0@8Eag@!da{);4ER{86{dScXaN9JjOKl% zWh@QNjaDd`6OM7v1FQ3>im)z&@-jl=M|LL*3A9mCkkjM@2#N_Z@M&a*!3Tc-tOrH{ zO)3QQJ#~tZFajGbxz`$Cg%-j4gVO>yW!g|wtSBL9>Yq243s7hQ#+)gVeT9 zVNR0%E<&dKigHIR%jd%vS{KJWdNfZp&o|37sEWGwGtCm}{eoBnA9lItvT$9{A;sR> zu}*0p?++0ABYh3;9{){H9z%dBLLjF$9EMk=zTt^||0kCkCDUH6o#iKOicf;!y_rXM z??C7oU_4Y4AkdCw4LlL6>|C7uOa^)^+&h;891wg38jIyWmgCFNuZR+77u$#%>Iiv9 z&I?nqsG|~@;K6y%rdDLp{}9V4&cL0;Dq}{hMw-B#OVk(y@CDt>hyc^RVSVRPH!gU# zlA;&WnoPNWJl9o`dhCcq>mSvzTI8K2rAldtL_Z>u7fWn0QP2wkdY6wdH*nGfMVJtt z`q`5@i)uq65o>Z^$_J?sc8G;83aBoYlhKszOU0o>&b96ypntvax4pBoxoOpA=cr2D z+tka9o#Yz3Fg1nJC#M7Sdn4~Jw8t8BT>aRh;MET*`Im*O z{FNK#t6^v^IR84={!OaU*6FD993vpkjn22E*Np$u@@$l5WfJ(6Rz(C)m&K%M=nidP zq!hz3t=C%wMoTw8MeB0y0@rxzMJo|G+Pl@dWc`qrF{vxW#;~~Tv3TfnS(NxEaHU3$ z5*m)?9@jqH`GlM|pUfL|*z#5Zwi>AzEK?y8u0jUeYchk9G$~ki6&6z+CLQJ+gqvq) zSdJYt6|I`)k_RB=0KQ$B+Erg{2BORM0WaYL-4j;ig?Bq}WA;8iQa__uIEbP_Q#(;v zeT?4Ssh`+$95Lh=Op-9hM&Q54+`^aN!f7jRTf6F4gP&OQmCie;X1H09WG@qWOf+z) z2CD{ThdgmQktfY2a;ZJEFx=$oBD@0PKwNJxjjhCLN%%2KQn&*Y*cnGh@KHWfU2iK-(quC=kfW!T77xp? z#}~W}fAwX{`XSyn%k#~kv{>WoX=NTa^lB+n6hIT)3gV22TRUtRUVs#MZJl>l#WiYP*qeCXRgG_4a4+%T(P9IZf{MhzKb5N)2POX=)_rpu~G_1HHC=nv95KT4k2{ zXp*uLV!PDprk(y5X5zOk1jPfJ_<>>FRLfz?qlJj&0(7%A zJ3>_t9^-ZS8SYetqvrYm<)gI5?)v(@G<|87pcm?TOlz%?)eDz(e;(^P%;$g6gzINL zNyi3?WX*q@mdmU#8Rk-ru76qkqB*(>@tl58i?d$NmSu$h1>rF?Tv)O*mQnu83U8>K zcBGeK$1`s(PQZX%A4rJS77M zy9%!U`WbCy+^qC?hLrddhLK+_c7ORT-c^h{0zQ^G%G`jA9AU zhC5T9`#$;S1m-q1O1{+)Y`Kb|AwAz+mu5KFf&oFRE=*i(SY}!|wum=92Lf6|poq7~ zQSkK)%EeBt$s*yg2~}7!d&czj0e8Lu-mh3ObCfxKmiC6}Pn)sbKs}#W+a(ztIkW7- z#ab#n(6{m9F8!$ZH}KQz3!?GWwl=fN;`Q!Q9*1MsG9#m-u`ht@a^VL4u6Y#-oUSc| zwsM4QmmXj5+@j&Wa@YyB0?gpFqYjFxGXWApobozN^Z3RS#kk+>xC&v1DFSYqBYn{7 zZ<>c$KV6(wwgip|FP`G_?c|XOpWg0MYM<9X^7s1VXJ==dzq|=6pKiXO>*t%BS&sXf zX#&sAF)_t4l%kR|@~bGyG4K~tQ2IwA)vFMEeNIEJ{Drn|sL}v2eoXW4Ew?QtpHXJ= zgLL6YjTK6=ruWQ6u*7c~$w(u>gxQ9S&-TyS$_MCtIM703LPg3AqT2}#IawwnTHL(^ zKJi_p8x{HO(Yd=KR7B72dRpv|gY}%lOeAK7wigkrInu?_7c9^NQ?g-Fbz$zW=>dXz z<2p-#Y?t_;Z-c3cnx_pq?MM8FI>6Tom$3Y(uh*p%n(V)BOCeu7(MSb+sC}S(N-XBh zLZy#E;!x&Mw>qn{p3@PJQ&Psy*5#5qu&BW=+^AGy-4x%V87rx)whmMK)+JrVw96Id zx>w|rw`<)Z$Jpz_y0^@pUClvr!fk2u#}c(%lbCk*RD;tSXl)(Tjod|>DV zqauc-3W-6`g8gH)dEN9y@Pynp;Z#>@qD9l8X$&U)W@~-^MpjXjLftSTeq>?u(z-K> z($18`z{_SZ=u-xlb2z(>f#35HI-*P8_c_x06*`JyZ(87O zZ}?_7+k2|(`F`){e14ig>XQ-2cc?3+X8N<|lhH@sLN>dj0#47lu}z?zuv7LGh2cb& z{6a17&4^*<0YV4mIO#%8dwn!%ke54?n!PX>sdBr|(AE-S?;g)?sb$3M6W{%jl5x~<*9uLC+LDmXYc4a_E609Uw<-EYG|>~=acST)6>VNym@*9VTi_R0 z6`9c%Zkic)Q&@Q0rQEf-Smhe-&lKp@j)FJNu)T2seE4N%MA9yc-9 zGF&xhJMNJ$a;eQI2k}dpwOkXt`2m{tow{^I0AEP}J)9_g4pU@%-F7^Ix}$36YFp7| zKz_(m2d;En-0dVkQe@ik6U_lD?Z7(u;mae?UN(OGS{j)3m)y(u{lx6y4s=rN{duH~ zqn$yMX3T=iyKz7o89cArPw?$?^(C;CzbO7TYLPd|G3HcB{bh|tP2i>6?!LD5;-PJ@ zg>kv=!2JSM*rbmRNN~PzeT=kHTudF|Q{Vhzfm`|`S)^G}tKHW`dT6lgm((*()7Aaz z@#?X=L0TW2d><6WAe7ior8_8sJf>w$VJ!3NAq7V)>9;mU9}s?kdcrgTtn z%k%qL_$<(OBT*LBPRFm#|4*7*dNA~AVq~p#eEq|+4QjgTu`0Y%zO#N|-KYIk=?W3I zo7^hybxd~sF5k`{AX}_gpONb)Xmr{H!wK(~e*8OVm15fR9rX27y)_(x?2OLGK-Dsy z-KihROeSVjM67s^snv^S)E2cPYH3R-Zb#CqPz>E`ioy;qspWy;^|Z>UDU+$ci@fY4 zm%eW5eD+aK8P7aO0Q4R|oqP|P_ILqRM&7q3rm-I0h$_AbPewfAU4VVho76b z>I>DoA~Iohg%Xy_)Y*i@JG01+Kg%B5ACj1-WmuM|-?0c!xg9a|FthXocIKkaSgQ&< z6uZx4P6`q??Yzu4JEBv5A}$d zYc^KP7jr}ot-s>01Y|hQi+&T*}w~%%h4M72QXgVZo_!(&n$1l}B+lpC10W z^JN}1d1n?Z|MWB=bj_+fiJ%z}EBnhm+5*JGjvF0Yrt$uEiZxE&|H@`IP6I;ED5Q6d zL`k;lmesI|Z;#eC8L!v^3fc;6A&<(?xN@+r(8+K#dMbm3b{A(HgR(K2n> zF@ohI)3nTu`n|yc8tMC0XYg7xdbdq;xQ(DnBkO zG<}r)@Cj;W9(x6?gx>^_e1OIr#LgJ%$$HjsWaeVCGA9Z;_{dTXMMVDm8NjqSoAf>M<)p^bQ|u=l?;tw37S@sxa)@tW#4*WJ0>*+KyI43wGrfdL$Ij@QRQAj?6pKE%Tmjg>eaD zXW>ef{Iaiodt^5j2B{AC=(Q4|I=-&TYp#t&^yD>NzcZYnLV^Cblj?Or#sty70z!=a zcCepoV7%E8q2F8nC0@p^fWC2t`40TLTl$dGqz*#<&eqqml3plRdYIa_g~(&RwE5mw=992gBYTAOgG=dVN(XG|1{4jtK94ucUfdH9 z@cDGm1ATon4&L8~Jgl>pD@sP2bbr&9eMc&mjkLXE!aL#(!#O7Io#*joe>J>6=OAUp z?%XL|q@FuZ2<4SJ4FdO?oGhwI%t4pG@!|mP$!BPjvRPAOn2{|`t2bD{dqd|_Egz;I zSZz5bzh;uP=1F93_QDNH_Tc?!yIw(h5@zhiJ#gJp7l(Mk`Ue z!aK2+=mvq!AGqN&D}`hWJ{yl8ziyr0!~!Lfmh2bpO$LRf<6%5|<_t7EdRLuZ@N^Es zcZ*OKcARd_hm<_DCyn4Dr_$ ztocb(=_)Y_C+4QRpuG56H~I@6>w|nxie*<_adoG?=oMSjaEfk&LNF2OX9@uSRx_C} zc~*W|3if&|KasGC74^AN5NVVUC*VXEq_CKT8pdY8e_k8}eZ6gdf@ z*Wbkf5=`wo-A821FDS@w8vy)s^VgC^7W6He8DLz8dmC~6@hOvd&}v86jD=h+z)G)}?hbcfi&WTG|Kk4w zY?LABYYRFs`OiH9uxzeVLRm(G&I~i{$q{E?I1j4w@#kmuy+x<|gAz}Bqelvfj#y1b zTQNoma2GK1Jj{EW`D)G{r;yAlET1;q?#e`@uA$f!_3I94*LK2R81yu_W2#OCwnt?x z&yPcFA^_1270%Q-E1iKp5!NG@tuRox4)`Ru7zsoCWWKioLSf#-7(1(a@}LAMlTTsY z2xI?A+MKpm=V$iYqd7voa$4NjajHkz5FR=;p;@$sv)8t}2Yf(#1k_+5Ty|H%s`yOC z8_)RQE8jFVybMPcJ89oe7^-1`X?B(F)9Tq( zg;#tnwjK*l;BgS&b{OE&=ge;+bUqovSA#@@2fOv>v0Qj{rrGS6Y&3+L_>pOB-Ph|v9oL=x)D zX2XdL{sc{s=4>>nm?1Fh&r>PLna8EI)wP^E@-m`2Alo;21jen;q3-wB$am(VuYw?B zpw2AoQ*xhtp@bM3dq~t5^aE|4;lZJn)U5mj zH2^bJQQ15y?;QW3muNU`1oK+EvsCT`i}; zI8OTqBP&Lq%M01ev&b<8Wv35HQl`>n=Ta^XA+E+bfY&QqT(szbK%7}77UGmQ;ID3O z^luddftiR(IIx)`@!H5T!CJOI-c4*?<}rzt=O%hG!^|9hMwb=xIlEnC)Ipp&ljM;m z1(l5WwG+o^zG?EzINv`A6_8<&M@M&hyB0#-MzT>i$}wD-Vi_sxn} z=ISop3Xh9N?D`x>Xw+$P?))rW&!zv}nPskAcwF||uk5oNyvACgwqf$ra8OtXj4@bC z7jcY1w{~BeHgwQzFP)&3oR@_L`@4#wIzPm*bZ?b5%#L_8x+ zax_|Kzh7dQSAGC0c7w8KXlzZ%ZXG0+y3N?Sy(Bspun~?Gq-wB!I&JieVR%HB$u~Pi3?DRD|=!r{kYQtwV-FfI1;i3CS zMubuRAhAG&_B;_ebeZdcX}3cpxtjYQFTlECB@Xonyl>#o)FaCTu~=0XmEJ2K`?hs{ z@9I-WthHKEu}LO_KU7zkW;ClC1~&7Bwy%pjS4hn5B&5U>cNDV}4(M(pWtNvLBE^ z=Z3;;?&ANpnfm4v1~YJzX#b63x2GEHh1oRyL+CHUID5WL;p|7kI=uV6yb%^_zkWq4 zI<6{(B%RtwhsY}lL#<@%8D(amV7aC?;*&KIi1b-J2q}#Y2^-zNfyp_Q?+g>4_|vA5 zFB&D1Yv%m!w>q};46fai*Xp4}lYYYBemT3 zI+@Q((1LxAb#LAwoweFKa4;0ILD|7FGNP z(@e0p@@#lRm=-wi2neZ|3Q5)vkKsu|>6mx$aH^`37>x;S7Q*^tG^6y#i@eD8>DKeY zsrO}}i6UG9#CTabO^?qxT2T&02XuF$|2raW)n>I+B;CbX#Kv9u@u_BBY10@js1WqT!uqF^e0qnJD~a2U#-&%^WSLoGaTl$z5Mi(^Nb zex=T&aIoMG;)Dw&Ezup`D4@qTH}5Kp6JQs`m{edpug&}UBb2Dg5at8)B2M{0qLl{m#33g$zgn%%2_iGeSTKK-7px{ zZAV9%S)^*A7)+^Mt=!-7>srZISlZ3=x1Qn71{xD7ghk%U@Bvk4>`SM=ybAqG>JshB z#^6Ow^6FISWF&N@_S(GK=kCCAI3g{nq!%y>^ahIoGXvf#t6f-5->ua$Z%faH8StlF z&s;VJZ^Rk`|Ba+-^!WV7ZWLHajf!(1@Wei}}_tl3NJBILkRYD-}9w2-19kbMj*R8iGe2Dh*rbqtGlk(S1 zTq)ICFx@BO7Ymn9;`xtdb^lcov^M|4QG)4CNHQzJ_iQY;$Nt|`EKZ+ZD(A-xparFj zPd9}MUn1oQoK($sH$iGUzKiFa z{n0Lx0KvQA)BgTIE2BOO+lyU&tp~}bUUj$sk2K3a`6V+O!_k!;Y=d`Qw`~x(HMh)$ z{bS=aEl2DbRxfx>4crU@$6~mig*EemAGN$an>N#ViF+46T<<5PBOxAb_NVL=u0_rz z=nacd?bR^q^C(COel+0C=ohv&!os!0Q{q$`=opC0@LW%{TZC6#_MAMrGR4O!k_F#B zme2P88cyZ=nP9G8F=tvm-Bb1e z(V;1`@Q`JDy@yPLT6V=rBWXX=;LH%#P!Y$!FGU55g&sAuP++$rAhzYB^z5vdWNEf& z2uC*shawSWcUmwLd~>TKnie34sfD~@e)-(_ELQA~YbDo1v^?8MTd9mg6a1;dgdrk- z90fj}5fk)ayVfH2*mGg+Pld%hIj?+cJxC`x*R&zm(TW09LZ+iErcC)L;WiPtgN7^w z3En8QISlKKDD6iaSggUVBK$~`@CV&q|EM!;49YT=i5ID)2gM~jw?xZPq#zQWzKH*P za6K;e3^lAm{ z!jjrqQYxk?P0&GEtObxt$oB=E78IrcXtcTu429t9f`u*c=YLg3%}7dBM(}dSU2BU^ z!FSH0jx$A2j_g`aMCF;^KRB8gD5mYhan+qtC&X$NRSi#h@EpQ%AgC0QP?5vAQVXU@ znUpY2O^p2l;%y@BOa2bD&io8&ogl`pTv_*5i`v8Gj2eIxk=N={k&= z?b|g-#r+CCJ@#8d0CBV1=g61)>!{(`wX@;w`Yi=+e}NB1+J9Te#asBknr$u{PS{r= zVkILpmf-yfrv2JY8V;Q5;rZiezXp`j*etfNwcmn;c+D0<_v!c;|5l-l1{ah<*AS)$ zT8_KU%r(hp03o!S;t2=So(H2CsF;bLGJCVHFiHuvr{nJu)6^D&-CrQY^oaO~rX~v( z?;LwUi7bvUeY5%CJH*nrE7I^=-mWiwr(asC{lkB;8sQ=$y4|mjg!+hnJTN0OvxH)3 z|1?Rmz~j4_BjW=&Bv=t1(TH483=)mi{8~&zkH#veUCb7T8k-0#>0ZCMtU%&QXZc-A!) zJJadX^mAr2;QU2&VOAgd)o94s%IVE9r%HD2BM-Af0tFz_pf zb0WIUKETwu62o;j!WwE$mj74nDlsC2T$MaGmVT)z&tUhC(o)DY378%Sxo}{@9m&=6 z8SlE2SzNrnq26|7THmEvIeefV7J5^6f4&uNHG6l0yezi>;byTAs0L`KGBB(RB|Dga z+4KX1^!cgG)3nJFU6>oyi{;>xHaT{?KA(iD*uPN2xaXM|p1u}dhulW94Bor$*=|6J zEP=U!yU8P9mH}!#WiJ2hU=681?R9DgLT|E^67mwQaJLdQQO>XN8CLnxgz408wUq1h zKHkJ$ECILbn-Es&ONS%NCOK>hJT$5>5@$*^g(H4M*i<@zf8Lni0u03+*csL(0thW#6ZPL{*BVioCR^flc8N4>!8^-kLhOP# z%kaCHkSyTk`M){Rb&UQ}lO?)?VCw%{85wBAI6+B$9wff+<9BZDPN4=1>y*Bu8m#lY zN^g%0cd7e_9aWx&dIpTgRYvwOBe?0>%Os~aNmDDGnB?0}@tFN(puy<&8lD=i`3KT? zpP{pL^6%hA96s~HwV1X#cRL5`6@#CP-c@u1I{52%iZP}#$a#IK7agQH%4+z-_J*e( zX6S*#JRuykX5}BlwMdxT*utWV!Rt-y)Iag4H5Z1HaAa*S9}?-cCT)6WUJA4e_P0y4 znvXZf9f`v7Tm!=-wG3~3tM$5XPpp!IuUTcV(d$SVO6OS87@;>#cw*H)tHk_$=W zXia0GL^@PR>mh8@4q|%2)pt7a{y05?$r__9)xlD zm`KL7Y8e^QOt%vMz*DwiXMU*`bOV=8BYh_l0A0jsMMQXx2s`qLjdaV=1R&t9+Ug?1y^fTSE3aWx%Z9=tZ8JA-CnI7ukIL&> zH~9NF4D1=^9*A`q<~kXO@n2yHAPdXrjL9ndX2!F$DslK4|IR9xBkgtOt7(r~Xa}NH z35;|yeKCU`hg3K`bPvU+$31kH@RXP3R`HZwGfMumV*!}5hNsNoE&G2?Y}20d-;w30 zEUiTG-<3;|#d4KjN8|@8&Q_=_?so5VDf9vpPn^2{twv6@PN*tUoV>q!GMk8_omZ}t zrZi8mng0D3KNQ9hi~6+hv3H{({pLK50;xJ|#oa!@LRc|YYlUpd?|YY5u3&0zi)!lZ z?3QbvL-X+TDqn*gx8b$u=y~iuAXoQ|fq+dF-`!U@Z+fd^1?Y9fv2CMq>dE6}7xLwE z3V6(DzzX=fI64?Umv(168}iOZ_Ya%S#@1%`r^j@Rd@O+e{onE68z3D0*I=<4U*l=% z;+s$Z@ns9Y;8wJ|xBA&RYuA4q<@2=}JcdsGQt3b^ zv+Y?R(09&O|G#sr;eD`Y6g*5<2~b&OAI!F4U2e{Gs)Cl87QdED$)`!lc2b%XrK{b1 zRyW~`o=tK@#zkw@I3 z3>;0rEph&xZ_V4g&lj<&ZrMU5!OkEw=yrdj>TwP=QPG4ysodykka1n!?(9lk(30;= z75OfcI#y15w$5m}47nFxnqbvQz1`M!FK7G*!Lb$M^D{zv9BvoQ1%xvnTEgqVC#dsc zC7dsL*oV@q5t$T44%qy=V*5+LhK3KxArtS)amzk9dqzW{lea0kY5O6)b&0;h-b!3! zb&DqT+Wdz6cgh)x`e|J%o=X9S zR*jgidG)f>`s3WV+AiCw)Briqlnoe2Z7iXgt{?VXoj6fXXQ$UhyF1_YqSopk)qM;Q z?=oO~Ja!~kw1&w#4BOHCtJ77?`AfB88xK-=u+K9Gkp2x5jk}QrcZ&z}O=h2}{y))0 zERClL8tC=$JXxeOog7m8_z@EO+d1-MB&E`4;D(OZ?PEGgj_3$L7>SXozhtX&Eu`%c zvw`2JI^3VzIkqlCzEzifMPd*mdKj6h;K-xJm5Y+lE0jx8ZpE00_qJm*MP&+%T-iTu z9&Y0#6KkS`YqN~T8w-*H6lB^o59=)|kj1N7LsLGA3{d3t#azT?Ncx1LVGE09X2$Sz z4ZeFrWnPghxz`>=$@Yj|MjlmB@zd#j(qQEr$8hv`RrC#THl#Eu3m0og&_XK_obaZt z{^lMruJ}$%#XUo-G;thY^rrrSxBWIYojDUp`1AWWuy1LFk}RISH#5Fgg%Zm}idIk> zX}!*$F*xjVHBLark;Xd7Fgkvb=oju@ihbJq6*CyEu=e)VjMAV~&8XxvK|!ErPBUZ+ z&ow~{bexfE5x4z!Usnx^0%!?0J0Un)4+cgbyX=a;D89m$ILE`yTZRU^m=Cw;Qp zS}r{y)5cG{=oo6x=wwriGgRpTh?p1Saa!=h^Sz=3u#u}9QMccAV<|gzK(|xssy)eT z81KK%IeeP-&(W?r-HuF2YmE)!iSG^mr#{n6T9f$UHVXaw?yIeU&jMCE)angG&ibtLr$;XEyqI}>6&Nr7cQl_yYmE&GlJt#pe)`$@S!$`%EWE6$-T`U75HoHEWoaO zOr8A@HQh3qY!+4OXl=3se_U5jAlG0~S{`Hm6*}Lc4|<)j+txI);GV!9(IfAVVlSiC zCpAg!RhKUxPCZw7U4CJaTr2WR2jwG6Lsf}tha}AXwZS;`xt2r!9mpMv<%u|peq~O5hbk{C zIX@g5;Om&;%lm3Q-9dARgvX$uG7wfz7n*y2v|H8xg5VDYj7YRXQP1*7#9O-}QtL8kyB*UKu#1;H|CJ0Y`oXOhb|t#51F9{Bu7&6W`BCt{%wf6R zOwq?|{omCPD{{p1JfzRLaORI6d%@n%YXw*8&-ilSZ*^0^MlgvF2KoAmAr9J87Z7a) zMaXy$@eu&9e+_;&qsyXkr>b00BJ)UQSyUlOm4=y`kHtBlP#`y=y}A0|E(ITN$_+s+ zyF1u9k4F*Yo|gD^@XM(}%9r8o?l+;YBX0TqXnlru**RZ~xR7Idqio?RZ*l(fk`{eS zuIyT9$uj&n2Pr&Cr>#$MTDa5|P9`6xKeMw0++S0=ssU!!!VcSBA_@e%*Q^whqEurH?WYcGv$X@GhHzSd zjDuf?37i}R2?XIPIDqFk4&iFV{;@G%Rj-Xr{P{VCFX$mW={PShlC;&7va+9wWMVv( zNcFEF^$NaZbhP+&eHs+j{8e2_S|xUoAx- zF1uOy#%g7_+r-}oOQ+`=w~lP%xVg78fSl_JSX~30NxWRHEW~LdiZ&Ol+GI+nm_8ZQHgpu{p7g_ssvf&w4-Hd%v7r)m`0vR-L`h z+Pmx5RX&EQDw)-A#-y)@Yu|*AO(%_WFtBNguywp7yuk6h1{{HF$ zP@&@38B0yxa|3I5AXF(pC=emkcOQx7-;KZIJm`oa=9Uo z?iRhmlAZ@Q;%vAM2jGga_gPDa%Dfv_02!W+z`DSh<5Fif7Has%#&^DXNAKjSN^k`^ z@upYrm(=NOn~jZkY_GotnO(01e{8P7mu^j{?%rblx_z?$6@Q;UJ-+QU@gX{u7(}>V+5wl|ux-i~XT|>nT`q&lEIiD6oEKFXqE{}$u3LCa+efli2Xf|&X zI5ytRlsbSkA-8{$HaHR)AJgVKDO}dlvGmp#)ZIG-ZMo&c%fxf;-H!)iHVclnbu>?u z-s@*8LiGw=tbwH zB{hO=KH*x`wrSOqCJ5t*y`J%w9oLuAnE3gD0>g1{z*3rUK}@oU3CbXxF&i-coESyc z8fY%HbV0z3SF;}|T??if-p3&H(F?uq$b!N0?P)Vt?6F~gz0&|NQbA#`JpE#;h35>M zuOc9;*@OkWS$f!2a);o_s9N~D<^Y%v(YIA)gYr^M37${)zb#@vRw zL`R@qWlX10kS`99t~&-t9#)UTf=m5XGr~r3M%;;IHh>s#ZSJT7ojmw2tpBM?xFSj)sI<7?q_4(zmV6OEkV_CJX;GbD6@yyXkBuuI<7 zS1o&VUm1_f-Z}9~72tHvqFPx*L|sZSlgRz+80EyMt+I$^xB)c>Y&6z|S>oxoGxzo!__ zsLmNCtXi3bCH!-ka7Gy&w;&nykhnx0=H$9AlN%5TL@LA_V4QI78^x1-Y*y zmiWbr7mu0PTyD=~JQ~#C#oIij+W);~%Ja>c$ztf3K?*x?%*(v@PDmJsxe%)*{4Vtu@gR;ALw4sz{#lq?{y?~D*ddQeB#q(qn}unM;okJ96=h#@tHiFsodc31-U!B7a;~R2TTr7LGSNjksfJ zsq+atK|<}*{qa=I;Z(uKeaDKb7C$>psWJn;_piujsa`&#PNN(p^}ci_XOnc%P%wq_2x zCeSRnZm*pbkYJq-3ry=B-Lqxz{EVZK5`J4WMr_~M?tU7K;(dqW@f595)RM+I-VthW zvBmO*LHlc{K`B^E;h{&M#eL{GhPv#_fL3FIv;CML#rFH^%-d6eZ@wB8J1X*v=H6gV_a>n&SeU(q#B;X(QuOvMEb z#xz_HeO^{2qy-fQn8DCtynY@8A+}`iuLxMKp}OBMWguR(9wrqH5EeQ-dmtouK8plY z-gBr6%6b0yvx*PDAN@bH`)W{+ME2qo_Yw??Z*>3GFM1O(gz8c6U6MEgYv|{sS^Fal ze^G1^-W^bH+P6CGg=h^)>bK_CZp>BKg6a$nZg~Jh-np&dOECedW>AEfi-EO_sFRgR z$?A|=pzU04Sg=+e@J&G?ZD5auN45l;i7PntRpMbPP3(M2_G1Xvx#Y7M*V4(HphP04 z7}Xjg9)+MIHcy<$qU!8R5)gP!sAVR!-J4z4syt&S16td*Ei@IHR?2V^CRIM$gA>>0XO4T`KL1pZ*=jOZ)-Q*1P zAVJB4jz_Eda&Dp1xN*YKi0aOn^&Hpf#`*`5_61io?!2>J^1}<|Fjj7vY2hyW!r~GD6N=nmgN-^3pPXj z=qssVxCFiT^Z&U4t8oE0n$g4hj%(q{7vTHC={W%X^97hamR~KNcO8EC=$&!-zP2(qw%+4;^iY60sFo*s1IyXmatvBx$Y(8e2`?R#uOW5(a_hlIg!^0q6x%f}bL=H)4dV&+a_Tg6!wcKcUG7p6;li_e+ zY)p@U*ZqBEV=BfdVL-!s6pRLPP`Bj(ZJ z4g0K1+nD2liv*N@6Qral3pF4=A%ltS$@?jZM!b;&e*U2--ydJro2-Ea&uB6v7g3hp z<2&=ezZoCCP!FDe@Kft@-yD$^`+(o!=%|7u!=X4T^Z=@DU+`$?KoExLH*hKEd2rvr zhZ!kX><3#y@jf(RHG@JjqCaR6{X}6RVju$}k~^eI$4dOWn3%ZXJ(Xk-@)s$UqCV;& zJpWBC*WM6eg|Q^$hfL`k7}qmnf~B+=Z_$s=5JPQw-*fk~xRA~^%!T}%dQz@U(ASw}gD*hxffq1&lH`* z<7P(NZz^8tjn1+IzM!Rlre2H@+4Gu%!w#~Ax=q?J7aEG@110Cb~H-<)A z>&%*6^e@T8_ARcp8fv$9<`mX?)LH4MRX8rz!@3@<5V*cy?}mpfGbd~58MZHKCEN@g zfHQ?9fH*f3Wy~U`+oxO_pw!~bh!q4rXRbS;-rNt2`5G@%)_M$3GAPRU@NlD^_8d7o zgm-F_eklgD2M(-gbovl4PZ)cj79dbpjY7v-3}UdB@Htw$LC+q&lYR1#LSfA zeZFk#B2YC`H+znm$*@_Dk&Fm470(@OKhn9lI+Ux>u9VQ&atYI@lqK*%y=GmdV ziD}>6u42!HwW_QgmVJLxeO~A+y*}{66^_wAEC?O{u+Jb>cM3r2n#3Ubvi9Bn?bhd` zjE4Q0idz;K;vOL+L^Pg8%6mlrXO7Kc;SkCXS4@-No+C;rMY@lk*`_j^aEiyhpbn`cc!)tn{A#f#Ur*#L0iPA;AL^2Cy;@Bp?Cu<;>5gy9Z`%?2+fald4E159oC{32 ziOHTvaFO{peOjx2qbd(H4@kEN%0b3*#k;(K)JEWC@!f?Ma1i5BZhEv56p3miLm1%P_J(_Uf%CHbg4p=p& z}FGbsdo{WA|OF!xpjY-@vR-3l9@A(wd2|!_)4L)(PX95t7O> zW`s)UJ?6?$0}2!yvfk~~ur%e)xSOrT=ld&bLNWKq;G`j7vJ;k#xTW+vZPXhTgH6hmW= zWlnIHr|{+V)V$y^4{*FZAe@7LM@;0FN(uZDD84WZ`j+wDmN;rlozP9Sa+m?I@&JuRP5rNANygJZ#q!~?olm(3;h09uO>18g$O`11*5c`!m@ zV>z2T+>2$lg+}@{@;jgwTS; zpo*THgaUx6;JLVYxp?&&1n{+>Nev~fefISaIrPM!Zsyoq%lzFOys}@`+Qw<$$0n4HGzhS znK{x#WTWNTyV_1hhATA_ZsGF6RU#E=j;GefqvnUE7$rp|nLap_ksT3#citUVe7O{G zX%N4$o!5lV?%3Ma^q7^1Ghb+XpZ?GQP0Nr><_B4yk8X67WG=@Ch0c`PvSJut@Rha^ z#Bp3mGl<{nw}K15c5?DyBmRzS|IA>*qli=p7h)0laiId4!mIh~1*foHRgw15;KAXc zk@$+Yt=VM~($U65+U%;avOM+5Bx?8JrHg!+xyb%1okF5Fytl(Sxph^S4}<& zIRrFViWpll9i#tXJp9ggeV#1uRY_N!>3n^M_<^z1n?dU5&z;lswO3rjc{>F zCId8GTbWLkmnfHsxqeS;6uHs%Z-~W&V@GS1jk&eG0-=YiEee;EV2$TMQ*wh01gtN} zO8i>N@fDW@B~6$HkL;BW+-tQeRZ|lgsv;G9R6D!*^ERQL)37O2==s?f#~(1} zt#3z_D;#1Kz(WUdcHKUI?Pe0pTo$xb((^iEEuFn2RN+$StX|S6a3jCpO5%i#`Uudu z5)(Zwrw4Fh$Z4Vq0k^k5I2%St>693lm?q=jWSjNwyQ9%U)t(>vUbWjZo*El%LlRSG zxRHawaXHIAh*k8;7wcnHBn;4UEdvtFW+;~7H`1k{*GRO4TyxsZCd2gsNa@_MX4`^P zX@4koe~hy%X$9zX^jR!IW3cXhn@JP6?K(6N($-Y#Kqj4) z&R1pMx4J3XaCu^=W=a7*t_#)~|GQK~OH`6Q(pPj#To-5wcw#K07ydtX*9B*~D&3K1 zpbZJzX4{dqoKoRT|p-k6`q$)>otAleIzFo)Ev>UwbYN{ zG|Aw%<(xAlDlh5S_rJ_%AE@_S{J9+V1uTLR{n*`~(L4l-SMsY4{UJI=cy zr@DypGvK$*9mm|WAJei-e2L@RVR}M$sX8~T@^mwnk+a_T!a&Y~>P4#-Voe-(X+rhN z6DXb0alKrHPLb!_vBV>J$y%C&uO_J5s9NT{b`o~$Ob)aXFpU5R8IUMf^$)!6*W2{6 zNBhr~8{V5{@%0V(Es6zV|zK=GaVjpr|MPQv*XqQKXjC#Go$Vu{mpG!p#3u_zq96O?Sy z8ulxU9R|l{28NxJMn*~Q3i~de3J^@oTY`LgYa5x&QaYqnZ3+1G`tHPSV8~j{r0BYL z?RG%7mFX7(`j33>o!!uH=L16Dkvv)nqAfl&c-Ld=)}0}LtkUzYZh6!axhC zUb-As`{LxB$@O$phrV5Uly<&u(xU}DFOzHqg!jnYdz+WMLf#9uKJyEJ%sN>UI`zYs zj>D$R{TJqaK4xsD&ffd5$ojKZUJ;JYauyM<9Swsb)5S0djk>EkqRKCQ4d%fL!8FDF z*AeBL{5mWPlY9&b!&7j8_vR}mf!E#&ezjSg0ar(^G40!xnSDN!0mukzM{l{ z6+!*)^nF3rol_b|7CW`kKJ$Fec1d$gWqE`zQH)vQ@(bYKAbO;`{jfewW?S*s1PQA1 z&Z2vg-rSa9lB0638mp0d_9WC7XFR9+5>g-G-RmF;X5=mFZ*RS^r0hef20{;VF}8Os zpUX!REyi(86B+%GV|OojZZCV>%E-8kF@?3MDb` zEZVUs@_gVQWUahXo2(>`({LTAac<;FvW5;SFC&q(4YT6Vg~YQrJ}D>+CN&@L;{8lW zoOQe7c}v?imm?voxjNdwyUh$Te3Y|)X+qDHoN{Hyxnk!#_xd5Ci|Pa9IcJ3<@(q+> z0wZ|D+RQl-#1X?Vwca$K_05u<-?&E2hRDX^Nr=LO-IsLigW#{s+llJCP)2z?bo=K$ z7oqYh-kYUn`mc2n^lGyIIte@GYsx%rr`tcgmcGwJl8h+zq^W#i(Vd zA)*yf)}R90Z`Aw@LvsrxZKGp~XzAhRmma%J~FdDqHt>7g->33_4 zD+TFGq_BFQjDc*Lr&_p=>s|sYeN?CAw3g7UPs{3+`ysoHjx2&`pU=9x?jRS(xh$*u zt<^*+;Kx|*C>-U#z#{&f*lZXys|IvHu{XSZ9;r$oes_{(xQfH7l8mSE^yh5hlvL&Y zb=}WqM{I=kj$Bt#ZH)c?X>~uLm~TasWz>QS<@Y;EvnT(jLmz86*^ss& z;eAvqRG~Ys#pX<--rB4Sk19*C|Bpk_Dy8Tu*%3MJ#>og7UgK!@<0|(4ZMZg*S!Gf1 zk_6c_B}^}Vy_dS~Kbb3Mq^8o?SmWq?GZovm9C$#$2R_~XADtNLppH(y;6AxEvvxHV z+>`y&ugm>B;NZ6)1Zic@X+=hX4GV{i#cMYybWexnx;Kx8t9t<0u|I3!*U1`cA(NlX zs}4UQdsib@Jx#I`dSTL4t^x53Y3rR)?q&1)qEE}ppTgOvv&Qa}(L!j;%f{}U6v*D$ zr?j_%|v6Qv?}s%sg@i z8A#<`9sx`qNrgWp0hY_BjoknnpMOm%Q)E6Z>HuL6s^dRl`M>F{)d9=!fuqg2f!XGE zJG;{_(sD#~-6}&+Awz?%n1<*1KpFmf$;UGl=x6U5yx|*EI^TF^^kv+m+F>Y;qP3Z7 zWmF$$FqT)6zTOL)Q#oGk;Bh^#}lf>Yj4`naBt?frIf z|2UeTN0<%K|9E&WB#^j?1<=qQAC=z+&!eM&*GBLAyYtM-$lRCPT7fX$?%`fvzPA9~ zkESEi(NTThrso9h$e}IhA-wQG1Y$UzP+JM}dGJEoZ1K^$KiT5)KZT}X@9lq@Ohlvo zsOFWN+^gDDNm7!4B+Sdi{?&vpEF>dDyCCCRgTg1@2!@?C=z;&Hfo@R4XS2%dxqgFc z8Dyqd12}XlW4QXMhn_-h*;XTWYBbUm=`v_7YKHl&D^ry_&KpjYPJ)qVV3dN-QuZ0J z4Vu6CnCkBHV|mK&$XgDj@)BKMCjdg(*J6XkuB?ad2QQ8m7I)R_kRS5L(AD%iWpRMN zbMZ?S#jgo^XHk?q>#duJMzqGk5t?)hM-Jl@HI%cTKyii~#X1Ih-p2%gEM)2q1qvr@ z?d!1oBY0Do9k39_3(|IuzMx(k4cr7a)>zX?ov~%XGt$Yd^_dX(&&<~N_I!;#&YCmm>GcrT78#B$N!x%F<{7T44)6%d zqdFCk$AK5Zx$sT5kq}lazj1M~bIzSgohH-p+ zd%OGAA3PBIL$6SgIi*3?IOF;pJ=t~f{H%Ckx0|xncCvF=ptVqzmRrPZM&gL}0k&LO z3<9abWMqdFvPi0#B*sd@1Y56^nJ+s=!8(7Pf!(?ntrp{M`M4+7LNX<8L|)_&*sM#o z)TzKsT;`n`SWo@&v#@rcQM`t)u6AI`qHKn(685x*#6e;7@*-khBfvo#OX z`y{LSh(+;bcub~)kad1xFd5(DB+}mQgU>7;UHw2`6u%* zF**xU_qmPV$`1j-Y;~p8pf%__9SHeaP)jV;KJ$wv0hkU zG414~$0!LW2>HKBNLC;vSW;qG zg>oOLb)%jnc{;LiTj=5nbP&L4GhwsoMkD)PX?GS?@q{9@1&>l@In$ zz^ifs-TPkH&(TJhWav^^F3-%kCuX+XU=OvH)o|-pI!-FVywfSK?%Nq1@vj5Ckz5-NP^+ zKxH-~(`O$c+A&zA*gPQ#uh!Yyns7L>B+&(LO3f#()+Iz?!ceZO1Z+@4j}Y<@+ecy_ z65&D%lnWqyEfYpMP;E{bP~9Q_0UM`VIo#Do@JA=(B_Ijq>SKWG3{RQSrZ>W<(FRs4 z1CDiM1Pi=xlhu|Rj|~Jfh~L{jy@e1nvn#}@;phrUT`GN*>)YOV{!xA0o~lj{%hNL3&c_p@mIpNdB?1&%V8{ zg}R??o20M`>S_Ogh22;{s;D7aU1*JMGpw419=TdYi^k0i^wZr_mzAcg=^%QyW1DVm z)gLH{B>Ww&xGZ}lrY&8e(q1&Dgfv5RgrHN34(72R7Ym_raA){@v@%N^;12a~k_pqN zh{?_}^ZsC-NJiwpou!ad!li*J;Yne-J?bc8L{n2d_1wcJV+1A1S@N4v6eit zm%BphkcU}04ZsYgrH()vy0);*K%{>l>7q-OeV!|%;w_6&xreDYtqzf+pa_ z78cx8Pcqj*9ZQdwer)#?f2gdHUBS$->+|CyIZ_FOUH4rXy~+`Inq5$&yd(BOCc&Gl zajSShV(yIK%1w~p0?@;>k*y-v^KQ7g5fxiI4@#%k_dOsYo4;9=C3A`nFXs!t$o}$i zZq}GYEvpE#g_-PCcHa1Ty;jBD1`l2MJEo(lEAf!4Ey;D+5KSXPXl50sM}jRYvAqgu zNGir{qq$+l`3>a51(fw%0k+|B*+gr6tf9y1SQj$sC8sD*jzRURk0sH5(uJ=K1sF_~ z;DQo^8uB#l=S)805HcNx6nS%th!UYPJBPbblP8SKB}7PyU6o1G?c~kF@g}LnajGkr zt}$XWgsdwVlbM!e3IAQ$NnO(Cc}sZHj_E1#)mQTK;LSLl>nZwLq)uE)UGiJm4*s9^ zty7sZJ4_#`Preb9Je_}6aebv;j|Z~HR0+VaBS7~xA7CCpPtU@strOpjbYT%g`8B}m zTWU#}6wqG%Zv;bm?<~Mp0L@A2KkfV9lMG2UKe_Q3MG4T9U zE6}L>@nEVvotxw0-SPr@bRT0yo?n0R7==cz} zUiA0ZQFWj$D!-|IKItM?q${8*3-R9udOHUY7nH^$VDVT^+m_O-7>mJ3R&dc~B=6*V z0lK1vo%&6RQ6>EJ0>!wc#H>n6)(QW>@w6xl2xzvkG7v^W>KZ6R0#rMv$%LZ?=RBJq zdHC)b>0)6ArX~Z)?4;71_SWts$8v+-ptF^~waZ;)(3rxi)8{eKv}I3ABHCSzdhij? z&P#~$KBa+|avFCpu1Xi2i#_YbR_y~$VN~M>3-COX?{to z8+>X@ydf)lk2jSlyEc~=8YYWF^n@501EC>L)xh_n&Zny~g%!1x5Pob@*}?_={0-x^ zTUkZ1OYp~tSN}~aB9u-MgGpQ`1`CU3hTLR;C<+CH22#U5yZ}wmy7F3j&s4Lw2I;j^ zJ58}Y%%VJn&Lr&)I$hYHBoSS}=V|!Fq^ph=o|J|J{^x)MxvVT*)s4HF6DcTIUM3{{ z$Lnb80d*{2_}WJiSg#>*>CaEaCxo?aWil&47QhzqJodcz5d(9g8|68NfqcAe@;I&h z-06qv82t>J_6+bZUJL_r7v-h%5@X&PzhdWhvY9vx82hpmnk`jN23 zMHMw<`6*g6jt-G{xWeIJT+IclDLA=fa}WJ#4AOm2jt9%U3c&Qb?F*S4aQ{yiW z%yYkx6jLR|zFy#rS{{KAnC93gDU~uv)odt9iou;xkb7KkSuf{ptQF6Wj|m7R911m= zu?*Cd6s&&)FyV5aftDM_3Ib(JlFF~avY+U(I#f&@t9}MsO9J6gFn5sEcWOlNmaBv8 z5Wu{T>^6mUYrcLamt`iIX^tT&J=B1}aV9F%-ls%Off%qP&N+_-xi_^eB1O*3*DiN3D4M2i939dGZd% zT$Pgay9{Bn`-(Dg+>OsQjSpPpbr>9wp>w8oaWL8u5`wf;k(=jkSRTe^4)il67cZZ8 zsVK5gk%@R|wdd;+p=xf6j>SNQkUd|LZcwL&&eD7UwbUuzBakZ$$g%OxJb1qJF|q4Y zvB9pFrq?YE6<|AKgDKx^C0z*%&N!{JwSxnQ7B%{*KJpov zxEl?d5>hpnrM&*GZYp8|Lm6Dx}Y_MCe5 z_YbgZKkB&E{H+8k&9nN)afDlQhBy z8UY)l;rzwY$^ETBs)l7|M{LP`@T4_Bv>x&1&=MTNuK@)a@T{-vc$OPw9$qvabY*dy zt&~R@TgtMNCVHr-HJ2GYNCwCVoyXP+0N7R*(=^u1r!_CqCt=VM2IY{xX}A@W;zsc8g^yOhpR^L{B5Nhz)D3mXp9r zO{XfM4D4;KYJ+ZMtF^c)>jvbPH59O%v{86G5K6fq89s=Id{NhQqYY(8CIn86jTj-d zyte`?AG#-jpPlNHAp{wITA5^CoJ;p#-tlI`Gn$$vuA9dK;GlVOM~$An>&+>hzaxV} zj|ra}KfNtn)(6#<>IM~cFJOvzFshv{@1!4AasgrU`Kb=IWcA>_YVS%QVbIorI{ zlG2Ad6g4Q6xrOW$Ar#A#lHw}`ya+sO&Efj)3TyPnT6H$B!hDxc6C#V(s2_*sB__ck zb~MpN0BKZu$iwNWVst)Go_apsnW!{Sr;`nvPHqbR)+Et;7i-fKZtmt- zGoG6>(^KReWt1CA!aBEeaD(j+{mPOr)se+>fymIKZpCB83www`9Sm$FKo&Gb`LEa&{8fDG4*hOi8i1tdo&0zJbyJSR-gDIVvEA}E$!6X2I{K_Av9tyWOz4j#2ee4a>G%|6%rJ}C@JM;RYq)pU_js)Mg5#)-itkkYQ zeu1E5^M0=xPSAondiUCVx=U(~|1QsHSxNpeyTmGAAJSTttSFuZ+L>aidBUKdq>MRH zzs3(d6d_D^ne7sEQmi@?h}N7}Ef?v8-hIPfJM0**X$!|JYPg6p9~D8B)^GZM0hRV1 zB>t~g61z_)GVeT}>==vV6`e0yljYLj*wrvxZ_#kz`M98M_6qfUv# zfgVs^VqpK`(`^Uf9$>{^(yCd4BU_|UWNE1fKoF$}`+tL3fBqS#TO@{CZhZq2OE;8- z#}lrFC&i{H(?ifrULS?w?*H}HG z*Hm^skM`zUY_g67qhC02^>h2@i}R^8kcvhu3Vx&~s2a>qmc@b>KZ+yX&T{W?2N(v+ zCwT2HL%PY(B^`L^NZLY@)?WemV@}@OXtIYoAu$*W zC@_c5CmMx`GgwAT^gfiWVXO0F9bpwF1wM?*FaRr2pcD_ivYlf96dYAHXEpkdDS4|u zC-{Nz{V+W&@a5?KvdC~$*#{$JU9$!9g-2xk1hWn7$L(+lcuS>^>IBm4E=*rKzN7v~ zA8-3gwN;h6P-KQ!EkIwR;_NU+0H^!=Qr4jsDp@kPHdzocDMH3U;WYJ>I0H zc4hF@rCMo=itEnhyGkk81%O=-O!5FC#YDD}(%xEs;ufAjd=+8@5ykIhm);SV>UMXp94ub# z>fn4bGtIQzO4&OqPSB0US%erD*CF;!!*re(xek*=T}~P1Ve*fjLMKmh7#Xz@pn&fZR%jC~2k)pw2Yj{wsP%QVWVcXM-~S;wcp2GLv}mD>1Tt^9yE?NO?n4*p}VhUO=YVKJ=Y@2$qN#vT`pXIg4Dy(aB_ zZU$`VmguKXXYI_RPUhdOW6U(MTKQ~giz~^lwf@MTX{vDP<~>W!M~u7k+7&bCfzh8j zaqqOnL=vGCp@97G9a;|inG1=y6}P4e>oH>gVI1Lf=-~dU?apn$^9h(@##c>*FU#8| zDp%AXxOiWloP<-Nqla=4BA}C@cUbN8KbzvXoXbTJgS9YIjF8feWiqkY_~Ebjb8vP> zgyhCpF3JYW8j;DpXXMPH$jw3mP=zCi*u@%)hIB2@l`YI2X=2fjTaUn-lWORYK0UwX zs!htnZ>Oi1SCaLr1&5=@z1?NXYlcYj@U}P~wAgIO@Dl1;rnSc%mCv?1S`z%ma66{w z0kL*B70lcSH-l2{y2Ej!!5z%#^aVja%&kt}6oPE73~B506okX|v81U@bM-}(t#Qo$ zzqjoI5vG!Rn=JA%zI5~O!Cu8P-YO8V(=E&aq91N&p` z!>UtaW9_hzB~uj!m2I#S`?O!w$v9jSgvtZ2=sgD{CK+k*Q>^02A#K6Pe|e*78 z@^k6Lr$zsP7=V*3{{v!3cWb#V53Y|~@foR|Xk@`uk9n%C%zMYCE}KT^;-tGAlJ$?P zy-1GyBBn#q`}+{)bUb02qpJ&1nNr2c&S*8iGA8?y1zqw8-6nE3)qLQlYYzEzt^ret zgPIOhb3*qqCL5fxflL(Ys%87?!XaH$mSZTO;W`_AZt4A-&3V$svNS?G%0$+|GF_2g zmi8J9tC0$0JqV=2fIBTfAmm(u*+z6*1tzdfC0i0*VzIjYN(v+f+eFR;3{vjF*q}`DK)rJqh`fjk?5|>QMnr|O=0i*#oo?EG`lJ;hXv4io!&1o&O?#V49=gHpUT4(yinKg0rg@6ayVCgRfRsXT7M_jdql zRE7={bMdh*^2bw$Fb!WmtnZ>4YRv?b+HQ4*SBXD{#*B}3Kr37EFNWY20WGkz>b_7n zh+WVX^Nq&)hL$~TTr8=EVDz6629RG6yr+z9o#oAcgoWvWj}w&}y4HLE%_~xS{C|Xn&S-4ig9BvF486|qR(m)>p770J zTPROczRMxHFAn|QKf;3M<+45Ce+i4njR3kX86J0Y_8Um2#}>DHeh>`1{|~|tZ^APuA`*HVZJ)NI|6eFYAhQX&JyiDrBvow4<5$pSK<#}!|-~0J+>y>u|^WrQ3x0r$Y zS)BYk(GhbOi1lp&!9JlA9&F312q3>ZuwcL^#2{yXEeRHkRl9XGm5j@`G5LH==I%u6`y*jAELt7UyYYbW# zmHpYGmfciUSTRV-!{S>JIMN(rjCbSwt{Sk>ckGq+TFg1C5tm{*zS6Syp-VBe{V-S+3z z@Us7AmcEd3?)iOYWks-$y_2uYjhv8BS2{dgg_o=nQyQsGrlEA>9-a2ZxN_(2`C#2( zwl`uRSMl0RBbB)EcIoRcfj8D%I*Hul#nM;WSP7KL)zVj9x)qz;-)k}f1pet#`TM_x1pk1BLISDW;{$-nJ*iQb zB*1d{bkQ4N0{|M1@BaY}8S(((Ul`z@09Y3=JpgC`tP21do^@<;3-3l|n|w3~+AUtt zXo$uXu8d+x^gU>}2(8thm`9b3NpL7iTsSTfroM88WSzIi(KG&f?72O(zXiOAzMP_s9 z9#yO6ebjU^7a@(dw-zhUssCR0dS8AYKi%l=&drtmdYe@DvMarb6^QD=>wfn0X2ZU` z{QMZ4yr!Rt@ry5f7O14|9qQe_{-llZYbT4JKi$}I!*{g%?Z)ZiMrit+Sk{4BgJ;2@ zR58A8TXb+L(mAianKuN^y}+0)V=WbN$Em5h9x^WF2!w6q6d7G1Qed7`P|&R>k=e&{gUAuGd)uXRKhfV+I z*q%9a#Ok&Ho)n}k6Cax%LAV{6{(44$ch`;NOxV5?pLmE z_+=t$lq)Jsn|>pu>%up*l01DQ7b}3KiYBJg zqVr3u5b+#ha1S0_=#W=&v}#Sd$B2h{<3XuH_L+#-c*%!%(Y4(yqyxVByVC(pwW_|q zNb95hIBlS=5G_I?MC#gWj zqY7;12yt1)B=%v3q&Rl{)IFY4A8N!#!$OU@AUY}iw5N$?xv(bsB($58(@1_T*J}l8 z1(9W`1q*d4Luw82=E`X+r5CHsf(MQUx z03T6EUKQ1=jj)$R5RiN0Y*3Qx6m#i&VSsgeG(_Xq>H17x1aO2fIgok^{ApI(ffb)- z9Ib^Sm}TNa#k|K*&)3usc*&vEI=60HNL}SZP4_&;+#lnI;R8x2cm-N92tqVi<%8f; z;f?iN`4_Z^o$2jA_)+lCA5Jpw;h<(|?uy{bhP=)-6BY}9yE%%^Ao`Ta{=g*FafFTt zo#*k!U&stABL6|~pn?@3@FM+wz=#hiyhQtG?~34vbrx(6l(1npUjN)+g&M15LnsEF z_x6Y=Fc~aA7E{{m)Yk3bg2RARZqD!Rec^R1mF>xgATkS%s1z7*9f+zb ziphzwko8hleuuyKjO7jS<6y3J4I|u+dxVl0;8TSC%*qV|?+nQC>(zl?zt=7noirK~z*JX;dt%6NCUlO)Zj^gVyWu%4B6){FTl z!u~doGZ{{lpObJyffvbFCrs5kLrE*+7HJM7g(rgf>%l-yQuwz3Z$gqzvchV}X^hdiQgZ5q z2w0Tbj6v$E8!LGw&0gaQdC}=@hL`kPwelu%!Ls4)Vm`SZ_1C@Ks4e;-x6gToOD)FW z)gbIpEORMt>M{^@PaJplFx{QtFmT&QL|K++E$E{|N~bnoO6R8on1F^pr?>>9Hr(T; zF2HE(0Sqm~`}>oD5=1M;sXltmG&<;4kM7j}=wUSgr#QfPhF!qM>i|TARdi6Fhvs1c z{oWRgQ}+MF&-_P<3g`(5?ZU1OgN7dmIGk-5=X#-lcv^-9dY1vGca8Gh+5x(LWTy$> z=&-=g6-CGY-0|Pw?|wyVKm-`-+?tAOU`Q8yAiOD=IQU_sCEssS2|D+Ct$P*tl~sfW z7;Xp#9IAu1{S%b}gxeUG_uIS56YM=lF7scmve_Ywy-M2$hwKdA%8JN$yyHy;P38t_ z4M$SYb~lo+zR4L#k!L~*&Y8@_%S5Qr+LKAgOT3aEW~-DFj}i67d+qWoGwmWu(d5N! zp~tFbrpV!p#Q75-h!uTsW092)nWImOe>Av8s6nlq;E-lL4ArN)9mVQui|c8|NwQaN zMQF;vJ&pa;sIkfm3M$Z+RtB&jEc#dliBhD5EqgGT0qY{-=Y5O%Ed3e?T;3^&eg}ki zG)Ev*c@_xobn0gxibeWWD+r|SY_R!5D;!Kz11CVa_1t5teVOY&rl!Ff3iBzi>fD)W zNx;2eV-vAX`g5Ceg(T*6)L5eCGQ`FkEU|6x{UVl`heKoqmk&1dA~z2+c6D_W@ksaV zDUZ!C!KmrWijM&m(iY*X_$o5b1OGa&E__^Q0Ru{*&d*|24u}-tBgBMZ{&N@6fir)I z@TMOefRt8tJ}}xL*f-$Ot+oMNo}c`(K)G9-7J^o8L?6QFO*q39+G=|bDiBl}<|?A}cP@9%iJ@X$~s^NrrtKC;$C!&Zf;N z3WHv>oNB&L%3OdRtL{$0GRX=GnNJIa@OieH)>vZJnipC574DZLLtk>qpdzj&3gi2I zt*|{v%bYWAvg}phfyC6ZwED*oFx1fHSiK;MYEWVHLE%&fvtBQ@%|YMaDOaNDh{81B zL)?H@q2Ss{`>W}PKQj|CB1yUQeU(K>R`nAQc|{g z2I|pWp>y<36BPdkR?}D7X7#Vvs3^YyN}_7yb?<0!rT+9Ca2J!bB1DyPUZCa=DRWi2 z*r61h!d2yNoU7#rFW(YH_MH)N@#z^7t`n}Oxag(7H`fSuG~t=~yYS$jfRR`$Xb(UY znCK8xK(=rG64%%N@cT-4=;y2ZfB!PVWQxO?eHjGX z+VVfz(pTc*28Rx$5J9_ux3p2NBzeHSskIjsr#B^^-2I<&VJ4N1`_~D@E^P{O;|%3uSe92i$eQ z@FCnJl%`QrIkuQQ*;CLx!}2BS1TBg}-8NhM$P}cA##C7jZcCWkwb9qtsa_g7+RY{mw5?$6I`(@mjDwgt6!}%;2$Ehf8ZUO|qpFnr0CGyI=IA1Ru#pbW#P` z$R8iw_=tMK-_uZ?J+F#tBf_^s#1UgY&hMWbIEaG(-W}Rcj#8@Ynx{HRDxHo06~ABXL9s%W$^3Ue3B5N3R9R z+S@B9n$^Z6R0!sUkyr3%1C>X3p?Fis&CvuOypzs*8SBZ?Nz*BU_yye#vqkd-_zJ*+ z`3V#QL<^fTX^7`agi76L?k_CeotZevh^u&>cuzU1O0&6~(s8Y2w;O!;mT%cWGBuR%T*A zH|GjvQj#1F!Tgd;;)V=F2$3uJQJRK7^h0JIBA3pOFI`G-kPxzkCbRGUcpQ|7tYv&? zyt}_V`ZIQ{H1^m}o5uccX80N3S5n~mV@=zrE~4-C)J{TqHC54VG#vH-M5;z82* z<)v%FAYo;^n~*sptV>}I;`LV==7G_9mgM`bSBXdDFq`J7B z9?k~|jiUTXx>q2Di6qr(x#F>R^x`&37~8?CP*AyJ4^6u#L5+IfUIlhCmku zO00h~x}ON6(!@1VP0olaMRtZ_W+omKiC&Pw5-^zqR|nauv65LQpQx-JpsPZZ@9R|a z3>rR?MV?6=HclzLvzYaV-`33;#b5_zKq?jAOO^bZ-4irORvbVlZ*tt4Y#-(5u|ja_ zCVz3*>K)v#F4B_OLwzy8+83#W&TBJ$khnw_IP(J!?YH9Z)q}$%ORhneHc-oOLQKzq zhSdm9p7ocse%ws1ipIchXlKKVxLR25-;^4O8-lwV+wlNDr&iRHbm*4P+#Sk+Mm-8& zha9>7L8$&4r7m8ZU(eyO{iS#u3&L#L70(~J0OWjMta6sF%JlWjOy(^~dO@?Ir*r`> zNm@~u_S1iinUl|)V9^}T0JO)#ueeb2WFW?)e0zJ!6ry8TJ}JgAI1idUN^!Ur!LptY zX`xfHlE8pGmImvEWF3bWVSblbiS{jnqFchEXCds#Og3l;fsP|ASLm?p%T#7zx+4LY zh2m9w)Jxs(UXw#$+v@qpf#igm1JZ!P8+2R8GJ z7{`Y)x@JP8YXrmm`r&Lve`GrHI8CTPe!L!HpiLFpDV|1DtG}E{yS{zso8G=@a##uD z!sf5fm|~^&*&A@*eN5uI6}|Nga1KrjO>2)HY_p*9u`hiqr%lOah!N7WgYh7>8 zM9a5{%le?iQY2v`__*)3m0d4$fdkh1`pO{8)Ee!kr0VxfGZO}Hxu~*X;81Uh>O;H0 zd4rRV|1CriwYHN{wtAyno%^sflLdqG?KgE;mN)-!SMcZF+NU{7appU^sk`81rL{ql zcsqgOulf-AL(Z9&t7Qb@kS;x7w>;jR4PW@>c5`uduU%hW&FoxX;&E%2Rqk|dXv=5a zqi+~gDMIi3PR8}Ds_{LN%OLAz1J`9Qa+rfJ>%ixGf1LA@xyE6zpmVLV&TMWIKi#h- z7auMCO+G6htG{d2qAbs_^sjyEE}2Hkfz-vcLA6hLmj-MF)l3xz4-pZw_s)EC&~~u|C)MNfa!Sp?w+G7 zlpD`dlj&BCw4z{9xdDyS=!f@(#-D8m?^Og?D|k^Ri=m2JUEU3E2^iJP-XIiMJY2gi zVGtO5K}RTSJ*W}YH3Y|(Vd`#w`XoM_+PCRGyo$ax}tJ_DRzEI+K@J|Z@v#t&=efD26uiKBQ?*1M;F!*t_!KzK_L zy`JWSCEeIwgm4J6J@TbwMLPbfru81Yg8EFuWi*SXKB!cqik{?OujF2EA$D^fls|}O z4&bfpogjTr1HLv9U!^|p7yGLJeAJuhT1V%5X_G_vb?FM&oVR*zueZsS^n=pw;tZNV zYK{~Q#2|tR(WVM4j{HW}Zzl|{sDyB5IzpFj&L5!Qk)n7fQHAHmO&;t}2WA%|pF@MA zt_C3^g~t{%ej^pZMooZ8fjT#yJ3W~C#jU2^lP0WX$OIMHJI&Hl1qRlNL@k1U9}Au)y6mck(WW(uq=(K#Z6=N;`9*zi4qv_6*s%PHP1O$&pDOg5wAeS+ep`Ma1R7(|^q`47jsJh>@uwr}`2PnkU;^~4N2 z<%c%sNQ-0D!&Al)M)g)0@esj7m*4Y;A#(~Yy5kSZfm(nsQjD50Amvh@0%!HCXlKN! z?j2A~QH8Ll+5vYpwBhlRKl*_}|JtymNhUSOg@ki#G35V)PtAKfqPMxu9@85m%{?Z7tUX+dTwIRoO98C3 z#X(utSD7fT_gt;8F1@HV6st@Z>bL=~b=+;L^1B&%KiSjPAeNOL?**T_ZFjabvOac1MK#`F`D_YCYHPnP z;od@oJJw8o0*}QS2BvglwKW2ZYV3+#TQg(rUvalJ`klk{3B1y1gOflI(`-5vxn{dN zR_=TCD}zlisNDj_I(fsRi$smEU2-a5Ryws5t=gvQEzG13T;I9K7E>q;%-i*Fyfu@t z$KS+|;Ym)lw23FHjL{6`U`nJS#DDfd$oLz4!EkN{6O^s;uUge*!?0=W0Bs(b6tf2H zqy?mN{AtR4qW=|Bi^yz{K5j1Tn2$lw3>d?VZCI55h!R2_4h`1h%}^S>hz{Z7;+&i& z6H;@FckGr!sAvYln(%V1wWjC5K4ah&(_SZeppB6?3KEm)rvv>2p6>&Fv(u-2o4 zO9Ae53N|IUNY8I^Pnzugm`WtO%O4+o$1C{~W&ey6#O7MmQTBchb zXg~ z@I*X{uAMBF6L%sQIr=R$@C|6#p{*W1_Pt*5-gx=gD@>zoK~V2!9L4k>|8UgjzYn|H z90(Q~l47X^bokanOTQW?!)TakXcBvwCdLQoMwhGB8#HW>w3p8#;lO zI=pO3<5PJXI3Dez6w8qA`S4E9&EtPgpZX5pc1nsMKd-+AO7LXJf%^L}t4$BJse z5To;ZdB0>xoYe8Cr&&&!@vp?ObDY3pT}zuW$b_CG-VB`r36g!>zS*iBi0}?Qp?jV+ zhqb*?-g{v;^vs|a&Sv*veJnwoIop?|UjkVHCpz8LLcF1+{J0qTYDEVP$9BK#$LMmB ztNwe+5f?+St2$w+X3}*H3(kDYn=Ke7ouJcGB5|3EOmtcTYmv5Woq6iL8v*v&t65_H z!O5ycY@5hIr9@le!Ijz23RAgx!IzBO66Do0x}FYAuFLvLNCd^r-erNGf3zd6 zG)wV%66bG6`Ww4%|9*{VJIK@<4r$+4VEzj7FBX4t_%oneCsuK!MFGPnW3JWgz#RySP`WCJmOg{{uJxaIMLkK-&sV0`>m{T zB}r-zR}!WkuHO-A7AL4BAq$w#ae@s;rIzSgG@Jnm+)*&F(%v*dXfWYahZOiG&Vjrb zVHj#TaGVjl7gi-FY7{NxDS4xcCJ-w-<8@Wrt@3%VS-m{1#2gwiZ;yHgo^zwyea?qn z6PYyz&WP;C(~DSgZ=xY*mYEg$V}IY$S6>fq;c`Z_-NuC-(zcXs zCqPx4@h$i!)aJVfe=V2zs^5!b!`BeMUJWf&9FYJ8O`NdDp%4vkqn&#cD7osHu1Bhd zs7;@nM>n@dS@e_k?o&1!X(ngROf@J?jPG@jV^JgmEly#Rc8bw$-EO}@E_bq>+v%FSLewQl2*uJ$65?fg7Bfm5+ zUKWV}hZGHQMV`T2=!XMI5t7C)-M=VQl=CC4$8;FtY$;_~jE~czw5ad@YG|NYUbS>C zEu#k0qGw|&!}Q%QI@$a1P48Zazi^tNG8LIU^kFzYo%OpUBQ~LPHsz0ca_deWXHqjW zrGr~kouu)V;@{*E)<(5oTwbp4?EhE}6)xk}7tVd1KYOdCNBDO5G@6J7RL>Y0(GCe% z1QclAQVgPJD=cJ;o>~Mk9N`6fU($XD(49$dxVgIQ0T<- z`8}S$;w;=pp(F?q#KHDJN-^*I3g&o~UJ6v-N^dDI)X88`?=2BGPmk8R<;v{)aYvV0 zoIQ5L=cZO2M-~1fH`jawk;#N>KrhhTT9fgkB6QVZAYrwW7BNNuGJ`< zY@k9q;Xh85Uw6`N*s?Qf{kP5O-NRX;e{=bow~#KC{#7dfegBmA{V3WTTDcgqwFStj zwdH|lyIB9CSSE^ERc{5&uT5EB9m!s@vtLder9KA`rc}VSJOxR6K+CmzMGc~KXjLuJ?D&ut6pu!EE(DD zZZ3L;CYu@IWkc`};uSLu69P}}-!xchCoRj%!%cI2DM?6XwY{Y!C)9T+hSN!C{SyQ; z&2qe5NW_%%I&sXwKFy(T!qbSi@1GK_8nn6qiQ!0w2AG^g*MFfYV&)@|OU(BhV1CS1 zq^)@xVMOKRjD;&F{;O<7~Ws0_QS+*7+aIWgM=eRvR?jzr)PAUnXGw{o=D%bR$@>7v!{YOnfkMq*TM5T_T)$l1$$h)Pq{jemIy} zlImA}%Q$cM7P5B#_ivy^M?V6s+4%>yU_nT_l-{RRb{FwUB8&P1VmGi_O)~TD>jHdh9v?H=sZ1zYoy9 zYL*TBqNonb0GkB(oNX$*d%{)tTL1yefPf7(FPCg`|o({NO`|1f$ ze*#1R>Q8Q9*ZSQ}US$u34T0UyBthsAfr6PD#HV>e>3>+$U=uGt)k)zH!$xG7I=45Dsz)B!U(3f^F8hEA7*vM|}ABL*&hPBZ@^^h+A6&lv=Jfn& zthkr{y!hIgJ$OyiM!}5f`SLj-d{K)CQx1nz3geGpk^$ZhcqStKTXiMIRmaza-OU2d zNGa3!yE9Rp$7#j(D~h?!-~fNybynM!?gE~kOfC$;c;}@S z3_rr{nbFcBpCBjYUdqgfFjjVeIo@h8`xhj;LRbX7i`m+f5{Kq=n;Wn|$abJ~h|68b zPraaiAnFe|{Wch69&q{?b2W2?`dI{ySv}NUVHMx^YgTKdOS|ay{xuZfZhx(6Bx2D20aTz zt(!&pN>^;Ss#N^G;ru**aPKsQs^e0aa2qK6GKfb$r4=eEgEn)^vMnzSm^RRrRLN(V zW#*hc2=l;ghoY0Lv%ayZJd4?^oBf;{JE}WBw76f9fv})b1pn;kkP#I2eXPbR1b>Xi1D4mQ|0;oz28#I1oQqi|Qd=UI&&rTf-KG9dNfVNOsG;fz1PR3y!6%RcZ08ZuY^O_yeg4%%9M*FbgeNFOhv*sw=-2-7MizBtwWMEBc zzzHkx3S}x4;IGRgRcM(12$GQ6L|`3%w*-@)zXbWQoEj-n7sBNd)f!GKZb=Qg>bXNa z`rmqolTRV^7^cfUI_pWLD0SEdX##`dJsC)VrCHEu=hnAIf}7P#o*ds{shZvV&GKHm z!@^r2dl2j2>O7IlKJM|&^Govzxh6bgZ~FCsn)pQJbCBAcVrgh39cr#Qh}koqe8-G~ z^s_1(u9nen%qYxMD#znUY?6TOtHC9wG2Zx4$Sp#t9W?0W;X6kHAI8d3Wbbs`W6m>O z%(w@I+E~1jW_=TsgGDArH^o=|7J>a0E}0TiMNt=&!n%_HiYPfiVSoVLnwj`(B`iW> z+4k2~XP;hP?qY5oHGW2+veu@JNpp<1$kp9WhRB2{(UiTv-0muiCRJUexWF@NFXK4E z=R&6foD~0d4C{H6RvU*G33aM>pjb!J9|DkWnEE9t<%Hn>2Nq@6gsn-fpHWA;6D)hx zl-d%Cm@*^)DB7ry#zhiZbH@%oSs+nZEKQqa>#N!7K)?ka9PusEmNnu{ha~^cFq~L< zw>s#qQc8ff0T^lCq}w&+UF|_U2k?yTw+H7K$kbu7ZSz^nCXFL#F zb1qSq6n}_>YMzd$&$!iDOI&%t#=USuH7F%+Q@Q1tE;~YcCScWUfd$K(4ukUS*${bmmsDbUk86=G!=bT=+R0<12-pyZvN=<}vUH1FA!(`-Y1iq=tsHC~O`+gK>Qpt-d>ZZk z#pNLl+nf>_DJF`q*Vg!V{H~Vx_tyUyZHcd^i++rSgo$}K1oFa-a(oM1O(ynR01&Lf2o(&#a)!n*Ez$QI}Ou)jbkP@_^t?I8@%OpsUDkfyzjmCUw zvl#osuVm27uNlwfgO(6=Yjn}H51?lvg8oC#u!{db(lhe~uSyt$zYnU6^Y_W3;Edp( zhWeDo>N?oGmCViAmI+c1(*y6Fbfv7oWvB=)1*;l#{d+ej?!3<;miS$Tbc@p+I8m+D zq!`Vepe?fFH8{okNMrSYjI+BdQ&vsC{ts9s@9iRQ-TF9| zWv;5Kg$I^C1G?G1Yv5|VDgh41-xiPKwp3q#Ce!@Vm#XHO_*<5#du<87*lWU7Jn7FM z(_)5bOwL^Vh|9w%$QP{s*e`(UScC{RJMM$S7cuK{ zYCJJLkbeN-01F4}wy#iC)YKoVI}54T+krK-gIHD>;?~^cQmF`` zW-75e7=C_A;{OIuqgy2Xm_!|0XEWX!BG}v#On9JiG868i!2QckJ22Y=Ve@nBYNdL9 zaFCZTE@>sghHtE@#9-yRZ?Hys23l;0C;;5CpqUay>_8g!=U^%SpX`?m76nk2DObA* zr4OcQZc{>Er&ECyf?V8I7WQs$f=kjvArz|+X|F8<=rc**ug9UJvn#Xf3zOVAY|i%e z43U$nq;I}+&&O@tq!@5T)W^;Oe?Mc@aV=F7iYi!G&|g5U-U1|UZfyvA+m~sMOM6i; zddJz?N>JS&ng2ITMaTcYmUnfp5`mqA_4~Av`Gq^^cDynj^0=|^m0F;LuZM*cCkQS zjNSdk%fP1H`~VJ#ufs?H`9qlcDJ4MII^~`rICY0JI%Ae%Dx^EERH;KTS>sL#{Hqkr z|8mcIe)s0f{T2%aOAJg>@NZRgSZ#zjO2WtK`j3)L|v7gl|e}r zolX^5^}9+yw*E|{>8#BL@V8|ZG$Da4FTYH<-d&$5iUikC6vzvw8-wi8l^}FxfV-GM zDs$E2=b#Gl`%jx358Yd!359+xo@B!js^ zm9vg)s;BQp=4Vn(i#TV7sjE^7Db!1)5Y5Aq{wOnp%rx)e9E{`?$*5|&zVHOcO8NJo z94p;&)9t89!OoX?#bFJg5u~j050#H_1#Gav)qf0`B0zR5K5}S}Q5WzWy&8@P|5(R0 zNY$OBEE8G;IA8y?qJLvP4^ zq!luJh|wwN|2*h_gG_XqkAGhr2K`MNUF7i*$@K28{#EQb@@;i`#5x^}?gV+PwFW~V-djxg9u+U85bBbIevF_s z*eCj{2ZHbfNR+`nFy{7U1rgLDvg1Q9bYyhg$5HuITwp12;6Y#?_wvun@F)-*jsiC< zTNp{0QvT*Ez}mr|UOio`6XKGwNVC~st?m8Os~=}NKcpN>nBgO;*lp)(pVLRkBq?QK zI?#yAk^QMIsm966_}zjwrDx?0GrLx-p?ksfbkgW&#QS^XU7X7cfsLU9b3!NCnyd@5 z+vUM>0%0j~AdZTTDLQ^#KwN;fqF&+@=|TQb_+5dmg$f#hoW(&J(c~%t=trUz?-`nWCKoebSiTk4Li*HWzP5Ywz|VK z^T1L^oWjB#mzV6-;N&FT<&M^e)qX!R77YgO1(pGYkE+fSKeYyR1xTgsyl-Dykqkv@ z6=+u)Kq2eRaZ99d`#aV#dKKpy`+j0HcS5{F?XdjG*!#XY-6rQaq7&M`zKo?A%`N@8 zzCf=YS+LR=aTc2Bc)^U2Z=nDTS(mVEOwio!1_kwBJ5fI)JKOv82dA;D)to?KiTf&# zQdKw=q@Z5Dbix}Za$~9oEY2%^%a%>hhaTo+67O^N*3(@CDn`ub-_rwK&Szo~@jLn` z=*a;u_nXkgiW!+7m^ET{ zpr+(^_w2J(tB>Y6O-PK;bjIgjjMkRq#)-r%mU)kzs*EBC4`sFA)5BymRY#P@Cqf2J zV}Ec6%z3HDH!Duo#<64SW{=R%eQ}f-s!LaWPY5(99j0Kxx3qe9R>r~3hFq3X8lrIM z;f#g`w7!A8yoAn4M84aG) z?u+f^)uek*rVJU19#|#Mtvx}cf9-O|-pdEU+W(%24MZKA3+JD1R=wQZuYIrE`0U}Z zg@%0&m9q+G|Bz>4E$hrWBnUl!!lNE`3p80mRU%e9-_^{8gTXCR&ed1r=K4n~v{n*~ z*VJ1{6!e9sn}cLIh%>>N*EY+EDZ2_u!@>y_m)~G7Mn)J>Ix5~*y%AI_`1~8PIa8wy z1#;BOZvx-Xm{@p;i4k(*u3fUKzLK^Oa3eH_vdrYpLSXsP&AH!lBlT-}{r%9r8yep% z7syfIvifXm2Q^eWFUtOE#LjA`eX;eNq1~#ehTaO_R5iP8`}tk;nWL3L9HNaeWDlvs5= zS>-4q2l?5EzxMYuUty5_iAqzQ_q4J<;aO^};mTR4`dW!!*l@SvaKk^)W@k=^mmWAa@BR;V8gM!?{w1h>MWR({{cHHedSa-Q;O})@hX#8^_p+LFbE7g5e}$ zIpZQ&gz1UTiuFBfB;0z_Hs=`WZOPP{^dxad07Xl$)v)ixX;d*$aj@rxfvm*5==Pjf`lsGW zF_5{P0eqIT9vm9X1MvJfyj00c`D<9yc$Xr>BFs5{@{TRa@Iqi9 zOIvqMs&~-t8p)gg1Dp&~veI7JR14Nw0p{nMAzQhaKv_@I7x>Tm;5BwtNmu zF|%!;&lS}37_xX}N@j$qHp}WFH>@L_Qyd)zUgAxtex4Tu{8(1xbRJC)Bd1%w$i3C<>KbTeT3(_K0`oQl z&dnvwBgF!D!)mpvy)e@UiLbG?t8puYt55uRU+X9oKlQr1`e@yQkjwR--Se^EfAUE% zVJIZpotzH4;-sLfMlDP4iB~ohUeOgg(K_iqT05xh*T_jQw-&1oK3~F#3^3``6PkaG z-F?yt{xbai#|M}FG~VXblh(_}M97}fYkP#n#c~}&YGTX%g9TGm&tUpS|3O()vi~=HCQ=-;Y$`IBa12uxUur+{?*bx)vt>TsF zfu7(wggw<*tQY~_ub_^$9AW=R6y1#h?#qXlV#J>+YJeXD;j}+=wdQ;npYny;D}fTt z8mY#e+KpE)>^Dg6^1_Q8F-rWE`}@{w#_@l8nRIOOmBLZ%zCDkk>o**+J2j(kqPa*Z zUJuYF!EeD2Bw$&2PaAtWg;PQl&IGh^g-S$bWSjVVK7tjtX@!FoS7%RWeVhE`FwI0f zNKqZ)Njj9e8x-P#y})fnJ$LdW@Lte*hNYZyC1V+cr@8CLYDz%yK31SC#xbbfTca0p zan7@-dcQ}qo+oh-ea!26OeKqgD)7>dM~@?}$Boq-1D8r&Ei?8`l?}ZVOTPb{n|R{ViYv-* z&pP&}L`W%s$3JV<8}hg#Em$YL7|e3(X1QT#t3{ZmuwFZPxBX6Ub@!%3Us!WI{%Dx~ zD;Td%u>~lpU4G!l{=8j8sfR(*`}%m;zkZFM-EFo43KqQ_zHiT0ghbH_oY(DjcDoBw ztaiJ4Bq20AJ-iQmNSAH5y>W7azDBAV5?+CgzcLUG^&FMSHQCN>xbmG{d9T@oh@Lhs zV-2>c#yj1E(qgBByU|rf+K_{z#6#whYgS5JY09!KTuFynjpPhYIy=abl39%{F1VI{ zQ%Hu$3I70^Zat^Tw<-P#GO#B!G$s*0J4XV3{vsPm+lpk~r&e$)+&yk9xG2#3(+!jj z!jzen&%Eh!=lB%)f`2G{cOGD#1DSK_rpa*oJ>Y-&ytgvM_R9Z2;L`DKe)F-ak3ZU} z5KNzz#BdH+Ez1?n9@y=z<2-K9DqS-fRL%up2N$A4HLpria+G8?s+bgx1b6`9QrX$A zpBdZ4gqGCXQJqTnzV(#W_utBHi}egboJK6!m)0dLXY{?DH7c{MEMH{;fKjn6an|<` zadH>x1EOer8u-hTuzuA~h>C5ssT?hIUQCCOGTMTNyYRvfxkNKurYFd8n=u z>1Xzz+TPt|t&4r}t3%P@v~%1yt`VwqvH?iPR2Y*gF<04j#-;8;F)4*c&6T$G*Oml$ zXQNiFZ^ahSK-f90{rq&dTMx4zw?9k1qlcFy#9Yi~Rzof}I>i z$Bi%#FG@8s|0-P~mkLXSi&cD+Q2?y`&+m=S=&kB{cZ5;8sss=CvYmgQF)wTX8{E_B zE9FE4tYCDT`wB}+egOt%*@&ivs~*BH`U2Gh%A3=N-{FJb3SLNP^UYuXt5`wIfXAerP)SBpU>>;oFT;LwnV-Mzo&#TtFzgWC_7Zh6Zg zGml0tddY#MVOp5lfqzbeZd_5P%dl6J^qJ+3FFj+SJUX;!kbm%fPq|0m2@~fnN-lZ! zJ_bP$uR#0(8$oN{BH2*$##PcO#Mcoag!$Qf_$7{m7XNm#skVuSJcp`7XCgax|FfHu z2(aT>Eh;BUtvs1BUy}Xsr$7GOek*RfzLowd5aCi|aZ2PxJ5vUSD^Q6%7#?_19d6}v!T@H&+5m}q}LUv*A+ zvg#TG3_IR^eXsr|cj(9G44K0C6vJ1j`S*krCHvahvmN8fVrv4*VrN1y zNyjbG_xh5nnG^A7cR1F8z4WxKp^(;W5kp;RsI@v!!&c?R>*c>=R#h6Ktq(7D%B|6f z10v&j?KUcw^&%3pUfy!epYY~Y6vDZT&gX$tHKdLapU@KnwAUT5RfJT{eaAD%hJj8V zdA8t0qwzabV#pADV69`G!@=2z&(9wxA@Gv^6QWN!3JwNrp+W>syVOeSfA|f5y}5D6 z@Usi2n!V)*=LpC}W7_@%c&ZhDDxifyW7-n~$*c)>Q%-79Y{-Qrb4 zZjn*{XMe7mO3!;=q{?r+#x!_GJxg*NOon5TguTZ8Ne z=r#IUy+h*fQQ~YT{LS-!7inE-6Sn6nymDPC}^}84M6X&-BGy z_jLUywyRx-9tqG@PNusu-+xmKl8>3pd_B)&edX_10Eweuw33qB+iQuzo}C}hpEKst zaKox7?14M2laWPAuh}iA+y%ehk{{o}oyM2woO)*TpVhChZopRi;6G*Zqq6G>99c{1 z)nT!jYN!?zm@>|E24(s`^nQp(+8WlLFhLtZgfVNZ?j=sX5qcRxLux!uh`S$V_s&C2 zmOH+r%}D{i!Cvy>i_L_7-G*b;-+3y`m*G2IJ6}rt3YAtpFt9uLn6Mtdw9G^#_>daH zo~U^_uu*gwElMwkuCL#18)pojyLn@c<}?j>s$$5ilfMy=!h%M`u9vbwYk4jccZh6D zcO2j)!k=_^ciIR)Zi6~I!EtYf=SVGxpJr-zE#M;Tcb=x_USjU(26wJmUXC|$!~MZY zlQRwH$K{X;eKExu+#so{A7Z&;@!tjf_nZ97msq{=d6Wa>>5Yw*aDP*G=O|akRnqUc1=b^_fk7aiDx|s_kx^hLI3XiA4 zI2Ozq4N%8NQQ@6K{^4364LyJIT9m%XlPSf0a6>1`4E16EgQ#rJXKk4YTwqS0TdQ4M zxlF%LsLLZwUK;{li_y#~;DRPhQwqhGFvr43eO9GsnhNx)Nutfkb2$`C*FfI+WJ6{a zS1FQr9en4blj&jy1io4uDFtDKRVZ4(AK?+&bj{pOO~9J1S;=I$)^yW8mt}}r_R&f^ zQ*~K4>WK;M5~N`2(DUjFt1<9ciR#%MUY$_ zwA^r*5e62FOm9n+un6lUZ|FPyMh{ZC-I-y$wQh91VyUN>X8Cur4xRb*M>9+$qT@5r z$UT}mmINfjmBRQJQrwHipjUbdgk$G~FNs7Li)gW$Q0iqL#*r!|942}$#U$Y*U<3Y9 z){P|Th#!Ih`Gq6d?`op#KvDU!l`N+$r<6S9Hmtm_V$GRs%Zxan+ph?JLYf$je@6Zw zM`?(|EG1qE?iP!|?c%Y3q~?kTK=IDnULgJntzX7Mb5DSjqbZ7-tjBsZkQjCbq_nx5 zc*O)w>@_ttjlQ!!g^f}f?-QV5E@WGzPM%2mO1@exFUrpv!T>tr1z!faH?hy#SKd9zE5zv; zr`FtA5ZMbCZJYH&_9e%A^^+suXNiaXXD8tejH&@w((q_=$ohrZZKWGSc)P>)xo6v_ z{bcz4X*7!Ce!>gq?Wq5+xllh7mm^s?C3D^s#oDpb(}{>tB^>{uPVzy$zT<^~Zlp_i3wXaBZA4UHdnu(&F@O7> z-{SE>-GG)NdPl*$O_b2y#1w2feZQW>ANN;|*$#%s5Ao7uXlJSzUH?^}W|XoVE7b+$ zOs~Z;r8uXET@KDuqaOl>rPdOuO(&3)S06e*Z6;ZiN&ERE>2)yNX49`en}zSJWPg@?~8tT^0!ZC_iFmZ0(d3dml(SJsSZ}Q zl-jJ#D&bUgp><5VV<=E*70U0P!GOxfPwkO)S;bx62xyOkjOj+56(L|WSrqRu0&d+= zw?*SBsD7z^GivWL$3tvo5u{pol4trO`;k5$DWk;2X z(|^4vVE;IlYr+a1fFEzHYBFLez@A{R<|7Pn-EVXS{QCR1a$oTq%`22~jC6XU z-*<`k@GEcRHV>Z;i>X zmvZ)@fz-YQRmiR~c7*_edXya8e3Z-Om>d-9ZV&6PuEm=CgLhdv?5sxcO}wj6DPy~? zbc{d3)x+?^aGC(~w=07HYtLlQVHW%EfCdVht-? zXEZaz8Y*5%WOrjtm)u~fMtageE+f@y%AaOQQbjw(9m@W5s*lVnJ5@Eal1*`G{77LM zHq8+Cdg-0If7<{PjXustw=mJ;OBI|+`_X#&tc!>D%f-q*KD$YN|7Y-2$Y4Nd&Fgi6 zTgM1?>$GtsCu7s$q^JVS)}DxFa^B`96Pj&u?=LyvEeVxvPl6b>lWuaz=eU)aVIB<<_|k%VxR zh#U>x|H@Mi(K%{Kj~9PcGvtZ1a%R};40C2Lqg!@~=xB%_i|O8Bj|p+I?|0jUCeQ~@ z&f(QgP~S8bv6aju{yeP@?{!qEX5ZygH6dAsnqX<3f^?X;2JZCnwbSQA9_|@iocN=H zL0`i#DaEKb4E4r8SL>*b18Ct0xVm`2AkXmPrc**SI=hBEvxnQ@b2lk1hE zboaqL99@CQ;p!I5Ps-N;sDa9xrje!f5OHqNShAI>coz!e^A0oE!zt=n8ryCi!^;C0 z9(MWbKDX0xPSM0vdP~o)l*d*&3yNonKXBA51d@Ts?3y!KSY=#< zfZCS>0joxp4BrcUN`zp=Usyq2jC4^U0xYwbKqi}w|2*~cne&ryhWKtn%AnhWaQ(ip zP@?!e6Oi&ZH$SfytfP*=*j4ag#ANcj=cGo)QYrYjMK3*M#qzn=?f!)K+kQOS2ognG zA@KXWZ>e9>PmS9*eV>^YLjyxW-+>lQQWB-khTnvtPK_(rV5;Sp&x)}a8{Ei?zL{!# zuTb0eR=ub!FNmqIpih~|Z}6mrp^xXjZt+*u(a;*WD7jzasEWB-x6hb7*zZrTNYBLX zh4`9&EG4dSA^DTf0iv(Qp%|B772PDUGL+~XjjpUT%<|XBVv}*#lQLiv zqs-NPeW}4)n^V=>Q+Wk&;2ZDD zQ=n&XX2L=yJ5d{~Xjwfy2z-TM$N%@hj&3D* zyN(2n;<_TqPXQmdeNtGKfRL;74+YlGao)q8kyPaQg#>-<8CKA}Q?`RsUM0~nJ5>JC z5PnGE@Rt;m|KS<+9AA;BSArP9|N5@);3~d^f zgdm02U%07hKX405;#_+!*o5a;PxX`})x{BL_6Ueny-N!8cX#+y$iIRj9kWq^-`t}4 z>wfQ;O{zH0U8W?vz$zA4zGS~L-FTjQ1{@~LiZD_<%rcFVRYW9GPDCNXO{t}Dp_y4K z;K#X>f=OvW@WB0N$($P&h^jAoq|B`#eE0-%hC%S%`t)RP26s`8+ZVDL>I^j!kGpU; z_ZDi(l%+d03?R7ao|XT=YFAH}hlO{^61?r&H#^4h3=PR&HqyHv;lHt!}g z^^*8eWKH^&bH8xUw5P60MXr)=#czBN+%(I=F=Jd^no6bXYh==E+SJ!cay59vY)1sK zj%nx6rePg&O;hCI`n+}n459_FfA}dDD3A;tKeA(;Wf0ok3}>V#6n#OSMnN9QcIBZt z(Py*ssXXEj*k4EfzaNPE@^JXsAf1=`DEmvuug+bV`HKd69N~6o97Q%@vnIfrV3C4Y zTt^eq{G5N?2>H4}pG;%%`DZ|T!8AbrpaR*QRL)rF1yn(}E}_cmN>~fY7oMZ}izgGF z+|Hb2gUYaQ9P~j2`XU+Iq-MuprB(kIf`13aTD7y6IDVN^ztMxUWW20I*s%8~wRt_Y zzYzoj&BPns10TrD3ux62XgPpqb^{sTVR8E)0kbU#n1gPI@!Mo0-YsZj+>64j*Y_k} z8L@X>lhR)Q{U=?$oKlv(j877J=<*P=-ffzG&3@45I#)IkBk>=mLuayl9-(E|G@4w* zdk?a?gNx;o06fH~pj?*o`kybs#tbQo7hBd&`jz?~uX{`s<@8&0Q^M5~OKh8m-BzFB z*Xa5^3BUf6`n7Y(WnV5Nyig$I<5swRF)!v66`VWJ7WYM6{M@;8dmJ>^94P0ZYBzV$ z!&m7QUk+Kyn!>rPfqaC#RPK{L$SanNYAbp5_)~B2e~EXs4;tfp3$)sa>8k%*E{h$H zQ>`kUC*&YEX)vz%3}kS1@2X}*g|#qRGO>3IU(gp%UtJx+n;#9B(!J*{1)mu#Y=In6 z2VVw5*)nxfLt&lM_!O$-cvizmC7!a#`Xf}s5usL+w~m!nG2~@XlcYj4 zZDVAvPRp$R6dC-jNJl|`tH#QNRZFI^$_FKXyIhGY=gbk+{ zL(F229qbB^Nz9Q1u{jVuRI9Ku0=9*Fk&U%ysOjnr64dGuvg@H}RC8|ZKyXiZ;F7u+ zpOr)S;)=}WvJqF|)X&&LIOEM#IL@-E7xmZ_(JoqcBYD+W7^MkayJ$iPsxKr9hBwsI zkK1=0(|`vzA|*4l_=95eG(UR|ipmxUg{d|}m$>?d_4BOj;~3zy^X+xtQkpWi^K%qv zd1hngjd_w1u<7XYbs<%95+qjqs&TBFO41uxFSEk45UWnAsC9IEsqonX2QSy5gh&k8 zBG3o83muiz{OV}c2z9WNF;XR4wOl(TpNLIPx-Aae%J^E{3oA2r@h# zQIVL0;i-Vj|#S?FwPS0|+6_4uwu02Vv;e)^AhFz+_#RsLEF6SWSs92X$GcNz#imZBo>Y zOqmGZs%}N9w4z?H>XJ?(S&f=sO*rEY)%inUrt$5C4gR`GK|K#dWpeEar61Emxw{*E z(HiJMlI9#AW`!>5=7aVMf*kH4wLSeGFV(Xa8r31Rt;9Z9z3f~CuuP#(jJr# zlltotm^R7zBHceaH3g;}bB4i7TFf~cGn_iEz7eRY2G!ile?MSQYEuYq_$Y$oIfu!y zftAwCZ5h&-K_qx!>?=Dou7*}#zxSco#yj2n+Qc2+glEqRsY`CoIah`4u^_bRR7Vf`1>Y2qoM(cL zh>VgJVYYa_sD zWME?{!G1;5m8YExP+-?lvoG&w7%or{-SY~XWhTKAAqk|^6&i%zb!vI zI~RZ1OaV!)YL!CEwIb>T@jl58fs>)uyGA)=b^uN=7?>CHJXGB%cA)3CUTEQIo6NM3 z;ka&+^luA0Vw=1JFSHncB6I3c-leunqfYbUhFyAS4yLyZCoNV~Cl&kf}3XAcHRTiA&`C@Qx6HM%^$ZLhy@+n+natG#peZu(%0Jvoc#kk z2+5@Ov5*9WPrzacL;`5$hCP4r@1mf1Y-XJw+#1}ARX=~im zFiUk$R16{p>;o=!n802hgNx~)hN}?rlC;0jhp8$YZH$3zu-Id`?%d4)5eUo3*Y+xN zR{)@^2N|F}s?sL2z=rdl9=Mb$K2rNaM9vo{bMWPmwt`>@Ov|zG@$!NCaAb_v4wC(a zdh9LNqnI_y4OzKY`p>kF1E80sSfj*fkx{QD4zwW>!@5$E+sQ{UQe)PM{8u&IN&XCG zdD*lW4hWFTJ3wc9`V$3aZFmbA4oD#+8V_#E1^m?72^POrAuB#o$J?|ok@Jd~RLI*f zkHfC06jBvI0oFTY@wxwh2Tw_VZ0yqa?sC}btj?B zITQsspRil)&RrTl+=}CKmN^1)zKBNF0GcMiz-A)q#?U&~y2Ge6_453d{bF_h^YeO# z0z;)758ipH@e0zkJXxrF%*)#GRe*LX)aOW9hRWeXbYWooJb=QBXWy0VrAD};eT)rv zQl4e2DFOrzqcU9~%%>TRhAjH{r|Cr%^1iS&p7**wP5`#m%0P~bp+x^I1St_RBQ*T2 z9p*5UnXg%rCeT4cq$sgSJYuAKaqoBTw#&xteR2uH$A_+U-hwv^!qBe{!HA>@o=P-d zijA;TDS}KYbrH$)#`N~ zj{Nt9oZc1;3sfVwm&sN_naet|e9?sa)v zif(V_pF)#Rnzi!Djua{#!L>|{43g@vv~l=k=Bo901V2*=d|__+!|RC&^?;-3{1&P(U(P%JtaSeRy-U^{E%^QT;Ctn#hLcMf3`%(?Ev&2Q0ifXf;gm4 zz@mR35D>UcXD)&f=6xe1-qY2KXc8#LD4~LTW&8S=BLO+lJ-~HWnbmvpy(H!|2$VQK zfbXpZSU?>HAtKiB=fh#OVK8pnM7g8Wffvg@SGt@IX@fWqGq;fiJo>7dp(BeofAj zHOArNY5E@5$MU?en?&OtH(B0ZGz)&IaE0koFYb%cXMb9074s^Ql8f{`ZX*yllhwlD zdcfhAJV}+K?&W05Icc*tZ;!hWP%TUI{-|$|Ff!CIOeD=Fjj3>_JR4@Mx|442!QRw7 zf+$EIfg@U5?j|x{mB@g~z66jW`vMGd#>qvg#VJFtm65w`fY&Y5*sg%r*}SM=$P=YJ zT?l>yY@lw}c)QoN8S7I*IirN^gcV9P1n$_+>cm14_*IFT@mJ1=JfZz}rS8s;zDug!%NHg6A$igHqNB;+Z=A`q^E zm~2`t4k08dY!$wFz2F=sW9fgm#b-d7NY8|2x*aX3u67|oadU$pW_)Hj$uG4onCE5R z;9{!>PBIk6wXeyvUaiG;kC;mpcs(2+nu(!u{L|44@?l*Qt3U>DI_jxdodr7`?qzHL z;c0CU6T%^7i$AXC?R~=>J9hcGzD=DgX}O=?8RFhSL-B|U<*-YUaCC>;J@vBQCFH(R z8F`~4g0Y6487LKb?WWSMv-C$GhQ1R(oms78P^LKlQ^i72V!O4j15zmRU{zZ>I7{^; z3F(O3*{C-P(+~^9{Hxg2j8ldDOV{<)>Pvl_fo(tfk{!2;gDkG5> zXTZ>NOwaLuC?lH8n3+p2ZH6mIfmX?6oK~_aeC&JS#{Gu0v(-9zTlD|X3FEm_#SkPW z{FXJ&ohdnPuyUJ3pZv&@I6+G;VQ_Q{(RK}dr!H^Y)DoU|sJij1KKQU8ugqJGv4s^Bj5jfy(X~_S3l17qMnb^RMnq>;U4_JlU3wF> z2U{29g|YlTf=#2u2OX4Irvb2Ks#n9}n{68V2!*;er7b3_YE=tp+#8;Hs&nL{&#FoLwij8G5?5 zUnqB5RXLmCV;-ciqJ1XTsdif-_Li`?5(s||m7W+`ZoJNaS)lSJ0?eS@OOSikeIzV; zmj*}~ejXc9^myC*+yo<<=CTsq3Ew20a)}0B8v`Vi-Rb!|b)r$>*^ixMvAA3q-4<%7 zc)g~MXDD0CY<0z803Kk$)k};|G-C}fJSNKtb+Q&Qvb~|Tvv@7+yJgf2=w9S z_Z^;)Hmrhv+oV)udnK*Y^N;DxRtHu~)zI9}2Sx2>wJ~SXVOnF!Rocb^ttnT+L4y11 zdVJXdv+-aW8x>*ZD!mPEZ#hd?9&Q;^_$SA>LRjA-|rXVGo|e_9j3T@cJhv z)nWA6>h8e-MaRdBeDy`!D(f0RePHqmR^Ha#41gY7sYoS1!W28-wiZ%&eTCqxc2|}6 z9b4~?Y7 z(vv7AFY11Dfo}}>bJpsnCxf^-+7Vn zn9#Hw%Z;})Y-<_vSEpB2odL9USWynku3VniyE4H*0vc-R>q zrr%akr*cC)Zxay`j+0HW!_(pF%_Ck+6-+;6c=N+Ph|E4f{--}QX8yTeFR8;X=gH3v z`;^J6Ln-8U)0!JlLCo(6gd8OT7+huRjM3HrgY@ik@-FXYvFB7cEEGcImHX?w_!gaa zXSE?T4|4(7yNxe~Elq~*Tu^&KK!olCNiHyfdtj=~E10K1szS$srazJgY(9PtflJDJ zJL4$>CHwLhyIdZ_`h0t5?6NNJFwv=E~%64igncRpsjb2 zIlT-WQi6pLcvm}nr)B@UyFT{W$@FdGX(^-SsS6?%mEhYWnoi)N7ambCU?iWyM~0s(@8|-&Y8~?;q~zA; zqco=^r~Y_qS;U~xgag5B7_Xj^wmo`jm^A?liht92)|ibFtJS+LLn&x6e1YCJL(%Q+ka#q5EY}o{JAV%KyxsMeKvR-yF6#(0 zW|j&<6&O}r8Ez^(wVYcukc+>ptI$Vg62f;Wc|9Z?fD;Rs!JLtV+u;1~-{9jv5VWpa z5LXJydam6bfv8zinFBC|D9&g>9Ub}Haf7Ch=V$Z2M#Yl`+v8^0L#?qA1}`g-^#?>X zD=md;O${U%H<);nUH7Ap>DhbQJ>A;>*^!cGhY0?IR&wN@xWfm+^ADWFQ>;b_z89qH zhOLqhmVFaL6+HW++&~0skc7`L&txB!n$~S76>B<^ofojbhWGO-3Z%_yhY(<9DjNLtM^}aDo|pAzhyA(8q6et`^+ zaM~o)j<2oFVQ_FM``{tyLdaH*#;*{-rWgViOLYXn5nGRXMo5p6DE?Mc#02VnE+tCQ zp*RuUhm|-9C|I=eMMmM8O(`YLyTdP*0Vb9Ptuak+Y`RR z+Ia|xabXzp13b9o*#M|wHAC}Xx_=g>3$h*@#MidwE^1`47LnCh4GJOgGRAq@li6Q5 z<1OZAd_J?t|1K03b$5EQ(`}Ruk9{pwg_jZZnKWWGn=y&NN6D390L*mJ(N))PJtlrP zWa1qtw7m?ma9U50C3X~4DH|#(gtc<*+evZA>(4`vT^0CxjViIda_FcTD~rv4Q{;<+ z3)J2U;4N(hxm`oglqXe0@~g=V;M3Z75sa|YMy?uQC2--B{2{~7`u)N71E*Tj6aojJ z6w`MYRLxRJksORk&nl)2srpDrL(wsjRQ&1i*t4ag*t|5I&c6ZZfaYWE=^&FHN?Mt)fmase%^G( zvp$DYl{{Y|;AeWOuo#6HmvB?TGQk^AF^AmZkld#uu%)3AAudrQNf7vuK!)+e1at1< zt}{#Upx#}_ufeCf2=V(>3-8#O_)u$f)l#W-xUc<@&^)#wSu1O{&lm`)=4l2;ErRkJ zkd){{9Cn~qkDObTSE?s4(PwICJr*SbB2UF zS<)(ymEWxo~%HLrq$Aj3ja;3>;@x>SaB#VTq5q{<{onFtN*44lm9D*+NfzhwxzoXx6 zTfqY!xC}P-;UbXkvlj@dj}ww3S<7vw5gF+`pCcGfnI7;WkP>1LDWu&w z7V($TG~L_LmVKz4+WOXg2#4WPBtnb3d({yB5-i^s^iX}fHS&{s$KlfgOE#Cum=66Z zszxEVGlkUY>*1snlE*!n@8Qz$sBG8BWcV#2!nsTZ$SQQJKacr71BX~+P(lv9n6#A} zsWTvapQZ(|USp?v(UXSp98! z{+{@{+gMmgNWklM|9A?iQ02W}@cF_Ie?Ge6f>QC)6{puZ z{6Z+AG;)pM4Ee@HOS5iB`>1wo_&EywJ7NBvSFZ2*D4;KbS5)bB3ZFtECPYtNFECzx zuCr!=+Q0+%u*B}%g5&d~kUgQKpBxdzFrv;`yQ-Sut z#*B=(+8=Aw8JTddg)>aC!#&DQ$Yb&bFa$bviG*p45{8LSe_sc}ac02nLF9>}BrA9? z!^$w)M1*sbFpTmTbA=4J3=mT6cheAC9;DO*y#}dC?E~TYI!UG9rd}k)ob(#n4ys(@ zSRwEyVey+KAH|D67yH-b!COEZzf#W>raJmLkarpeCK(Aklxdr-2g7+ofCa3`@6WzL z?XMWIflPiZ~#V#cAbOuJ@lxTDu|1_~~B!<&a4PDbGiQe3CpGe#+?R8YTH;hb# zFg&!)#dwSrhQwuxoKVlp4 z+SO7<$!Sg2HJND;r<;mHwpqUT8~5h5_<|jqhYQ!#zO%cj$b70vnO(-FVew?oW&XPr zWsol8Xo?1hlBa8iiFJ=4J&Ft{4Hyy7ngT)b==doIJ<%s8yz$KCW@)R@uS5y$$)BS^ zqJL9i?;WDzSJdR?nILhIH?_a=Vy-t4rS{r~Qp@XnQj?=rk{t?|;_Eog5=gL_PC;<2 zFL1x9L+#n@(7-XL#WCJU-KPLazUEGmBh4la9<1`5%E9!PR@Hm?mpE?t_IR7FF!IJ! zjo4s`DJk47VdNx9i%t&nvgXN~Go0gkFqt_05`m79pafNI+zrR=Ef540q7rOPS)Aec z>}YOeCfAL(=$F@d20{+E4V2%`iu3j)upQNejTRpDw(Tbe4t$9QIqJVB=j0?HOn|h#ZwljQ?{gN$G)gUH@9A$Z(u(tt39dd7Vc`Ob;6k^k<{oX`6d=hYn)n+xY*fPNK^QV9FH62Ts` zM2ic?Y6r=NG9R+T)2FuCW~7YrlJ(hSR#8th>&uqw8j;}O3)?KF(q*R1#MJ{z;2{3+ z=7XoyG^b_#o0uaAqy$^?n>RVu_^u336fqiw#kiuyz|r*i^E}=&Du!1FEm6xt$(`0n z!krgp_99^ULqCYG^?nBNqZT22++jd?+Q8t7g0}$`&T{{8reJ8m%Xth|>Vej$BrzX{ z!w-JXFe}tRz#hUDg7B7aF}T(#r!v6cCA2fnkro>zfu-C;#N7d%4V?WAjg*WksT0vD z{SuEsog2iP?Vcmgv41zFA(iUE$HDOdEVD1j?wzESoyPXAY);GwH-;7;;if7;ln!@~ zkVVq895K-j(me&lnlNZX z*8d1v2cJKke(#0Ubk9n?J zLQpn!s67HKA$-~2l2++_VQm5c^!Yd&0sRAeKhVGEqjNo%V-EiL;Sf_Uv7}|{3<3m6 zn3)-zWiC-~=j|+>pUH0yo?Z%R9($V!JSGt+Q(vIbz_buzu)T}(733~@vn5$au0S~) ztl{g^i0G2OX4nEO46xrIJq7xp)VX$w?QJtsjD@92G9)Kod3rG&nGa z5Xnbfk-GippZDkjDvUT@QvOar8OkJnh~v$fC_4F_*0$PCtSF+8eZtUUQ)tJ5&SUf_ zm0ZxDypbD&ReYraTy7>_+6yA{V2frCv*Yq;Gmh#sW*m30p%G8?fpoi_MBRDS>HCMK zhhqt##Puj9cXxO`jcDW&N%fx>4XjZ0(V(H;wt{hRpLdJvwKd94|6F>Jk~MKTR0_ZLW|NY zyN0%mO?CG_4~treN{$q?s5~6jz18=wuQHWB6T4x`TrPMP#gd ziYPH1;y)hHOB2#r@qI6KL8pyJPIFC2(phuwixqn6@YMvfI1zU3WQrim)q9t zT!uj0lpC(*^ZYqSGhtfEBrP08I#C(K2E+<)$(_i(oePZpYxi<>yo)gc*1e3ZMLZTd z$<}DKLQRyXc@Z2jS{h(*$$8%!nHhfy$KfW;Z(<_;XNYbO>3CLDubxiha-vW!{b*&L zE)m}f94cV;_N1mYltAVJGgVdyR3AH%-$d-T2g`^e?p_FGuAlmhJfV(*q3{$!I{5r_ z@l#nBSY!|6CTlJdFDn`X00P@r;V+Lamy;zZj@Mu6PFPU@Y~-Sf8=F4nhpVNz`9rF$ zMMxfk6aQMK1-&j(ih^m9>11l%v!E)FeTY$0xW@qioeOPULiWsB=3QJLdo8j;646&H zen{$nf9bqUw=4bOZ3&tl9}lLmF4Xwdyat3TJz0gZUaa@FAbxS4ClI^N2(4AC?Z$3o zPqvsA7XT{GZd3=y1&V7s6TA9&R&wjwmuf1T+Qv~Fea}~`K=0Cw6fm%SWC6Op>4DDE zW7K&Mh*7@hdAU#b$DA!7!fp+t9g3veB%m>pIduEPtwqZl-@7@w^SCb!yx%~>`FWRU&;JwU6?W1irMq(Sf zhx-`@B)Ft+R&Jc87=anb(SragrFu}XG!*SUBteSV8p24r z9KjG}Q%pEHg@FnN0#}&in4thPjbgdG5aHN8L}&D#Sdc-WjT@f?-rU3;pSgj}N z!{Vqj7g>XVZ=Up8sJ)zcWmPb##5)oMkH8)&e<`6WwK(Y^m$((mT&|8#+Jp8miIghw zv12h4d)wR1gW~SG-iR84wD!2>5)bevFD;);XlZd+W`QNHRTm+tx`65|A$|e7P?d;T z0f9R~F57*8L*`bYp61s+{qAA5sF!Hc>W8s0`vhWpU%6c0DO^&Z3DL1X6cy-$q0}hM zzKn!(p!Zx)k<>z}1qXfm?oRodGeg)EUk2;HflPTFE1Pm%?jVuUr*)g(#$mrl z$mE~%1o@%n_dQC-sve~#2I8e8H7jY1#Pme)La2=VT>0#8#QJx#GMT*JoBS{^Mlp3q$-x@gsoROPTra6$a-lE zLkM>jfZ-~Kj zNqWMYLY5zor!cCh^OGQ>^Q_(8m<@kQ@+Et&oiJ@s9K>a~ zCuMEDU@I3Y!4SIDW|W~C-)JXL2+hD+9$hHB_ue>y{Y*m{W5-=+A$3l`3hDY@lbL0> zm9g(;n<^i}jun$urM1E>S9}q26~+(KA~^n&?I^e^lEbyeQecnzjWSy#h98xI*jPO2 zAF3zCJ;&xltEk!-E1g#M1|1`g-=`GJtuNzhhZiu|*VLzFhx#`9l&=WmmnnY9^K#sFW z5BRY7UxV%1&Yd=QyN(n?Q`iz@!NTw1Ucv1gw9t-w$RsHdo21`^?DKE;xLXp5VB@(q zSiyFm@&o49MH#i5NKRi@DjO(Pj-*be`2vK{`0*L$yG`ow-(Mg5!O~^^`oOCPI*jAk@IV-Lxv~JBn>`D_Xiv#4 zwq!@=;H|)`kRcDIP>0&}qb>j8l~>x`l=vS}i6K*fe&DBG3aW?n(hNu_sX-JML#GHx zVO-09uyhX0dR=3SA7+LUinDN29)RH^3z&cj(?L!fOZkpDDJf$sTh z4h1#GKw7I_7YAVg*3j}7&_pb5mgoc4$lS4CMgDN-=0@EazMQRn?0c;RyKSD6 z!y(MmxHf_=0MQ9B&qpG&;7{#HqtLjqm~K^*phn#i5AM+Ms3RTU0yJ)_&qVVUj9Vse zER^er+S*X9<@PB=!zpaPC)D3@>~gyaAJD8^7EbOp2*CRTrJWMLN777W7$>DjYVe0p z;*5sKctVoszz_Y;K%FcGN>OGjQ==!ANYh|Rb7!-&!SHinBz{4Dyc>TpbzJOtR9rs# z#H9nqAMs{anw5qiqO{bMr&1-LDRUaoWPj<=CKUa3abfFGb4i8ubb{n2bPmDgF0_7^ zv+E|mYLC~GKe{`ud01{0qV0!JxXsM_DEb$MbW2fV6Bnu{csfy|Evjg@KM|_7I%z*W zoKDrum?SO8Im1q|LU9;<(D+t-LM zyZn?ttoxU2=*yVn8>cx+rQXbDoC0F}JCoV#rp9wUj4Pw96++%#Ky0%}9K0_bxzT^W zVyVHoqn&R?|AKDo2xS>GQBEjQ=Mi{KClU{QvA#T#wtV-_;D+8!y9vO5YA$FU{3!t&1{e-w_kkwp1hCFA1dk9r4t)$@?sC`3y2 zd9>gT!}88&=;4RqXzf;9J_6C%)M){92QsS>eq&e>9j~1*N|;@T6Qglc44jy8M7ll1 z%?kH(Xrf2J`q_vOW6LB=!8d^zakYKZ_D8(h%enNGQ{nJ@X0{J$JU9 zQl$zo$*TAuCVKsLMgmz6kQQoxPaP!V0#Fl{nQ|DrwipG5&cBxH%?_4>)JCpk7E0{Z z11%?ma3?$?YdY~c{<6HaGRda>_6kQ7noXP4&O9BTpT!>QcSW7ZL_$Dga12!@(r1R$ zX@nnrWweA?vG^&SUU9x7+6 zVYHNmAxt#=6HNMMi8u?sEYj%BpSRPKtL;XjWJFB_)pEtI$HRApwh>a9yjK_u zlcWEQ6d2V23yNQ%(O!aU1hH!?@7#fTQ3Y-shAF5u&j+lepH~3g8K;k)qDF-C^YH$F zPiSwtugOiiw54~zX2aT47a>F%46^_{9!zvLQls{p%y3JcmMbdZ>-6litF5TlenTvB zHBu5uTf0oGv1Tyx|AP_TN{;cD1$Y%|Y|@%qo=j>^uED{eEbNNCF4;6`)Cqw0czL## z0w%Aa<>_o5QsHz@6H3WXUD_wmxvCYb*g0%DVZ6c~70bymTv<+V{quBR z6A3{AUEMfYWeI~Be}s%#%rfHpgaq?4FY7l;ZMgVCS>Fkn4s%2u@4m@KU$VtIt`L=T zL%_y)apR1kjN_`0II^yQQ&(~`wrP^lMgs}t>3TY;HJ93^&Gl8nqq#emC%rn^X zWN*fvktyFqqg)TRVLrVU*;z;-siUw&X6FYa1(7jHcKFJ1+uWV-e%0I!!&wg8$UgV- zFBwh+(IsaSc;>Q?annH{XK-yZ`=;ZJOGVZoE@0^I`is!Dn8~ISRL=d|MjbKlpmf2Q zk+m}(Wja;r*8l(~`J1)L`~7hT&rtG+baM+<>)i{D!5wVn1x^^m)p)WQ>Dy?Etu$_lP1yfj^K^N#yv>X?=py9Un1gr} znWuO8cE;$c2ReeT)dxZ`-^p($h#gD)AFAE~xRU1$|BY?i*x0u1Y^;rKbK`7m+jdTD zzy_jm8V?!8s#ygl7hHB&X!Rnzl+o_^lUuaaI>+^DJ6+w6o9i|WHE#W@XD zx&n48R+-)HHdkGdE82#`6SUfYTn~m@j-eZ@a*^3oOBDmi)}$`_70tX<1UyB1#s(DZ zbzKj1*muf0=Lku98ltBoDO%c$?30GyI|#-0S3LErvv2jRboXk{)GX1WcHclFKlNom zw?tW4c5-d~Ps1&Qpssg`G=`T(#O9ezGR@lcROx41%^0uRTV`_WzUp_^fnpkZuDkIm z#I9nuqQ0Il*;K1R9qeNNk(Eh>L|pV^&9v>0tI|g?7ap--XTc`MAJs}Zv`1{@6X^Av zKn~nG?NT;Tp4{6tJMf&Hzf`NVB&-~~ns%fbBR(1$=BT;DSmtIovG;e$QCRK@=*IC0 zhdnT8=1$gV#l(A-Mm2rxxWMGF`cS<#!9McsX?_dy4QsHX$uY|lXU^lbgjwlQE7CTD z98ivfg@KC^?Wt6H9yMRVQm^KnOo@)MRb1dR4iz2qCsj+_C)S>LE$`9YSvm>$7UqhlIAiI5|8er=naBFibyxWXT3&$>^8BZbjDdLz5$u@_g zge>+ql#VFnynn(nVcRiEyaTTD!}9YRKn;D2!Vw%lLZJjE8p>lj(X(%}q9s1rpV|Ck zDHrVQ{D~uJ8pheXy0BF0C2H2ICt_s41!_JQQ979IMj4L~(Y9oK%Z8o~qQBt()%o?B}6a)N8(;Z zhZ^PvnjZLu1{br){OEV8xFb?hX{p@|ohUpJs15;VajVpdM#<1ribShaX8pr%l%#bA z@d_g6&SRMtN;!MZHk(n)l}qQ(X7fU3_2*Jm1Ya@i<+Fs1cYCculq8iZ#9+OMKUI7L z>urnNV>;^u+RjGl)8^VGUKwVB6FT<`h}YMPaHNI~y37VCNrpPVj{pi3l(-f+yw}5| zAUH)0-BvgT)4rZ<93F!pC2bIPem_PklD^u#zOF88tXyF2j#2s!Fv!;QgQL@Ff^)fy z_>?Mk*h>EmrNO8O`M&H^Od;U3uN@hb*O!A9Z_t-k*Pi+$n$L5fwFi$|d)u6FDFT=~ zrWkxgVwE{=^FGT^2fzHp6|YG4UdG0P?b36gl z5u~@3YiT?%_apo7HmE!mwNZ|!O-cuH*M4KBzShBwi?WulR-^ZQv;!q5shI-|`MzcM-+=i(PE8c+qD*zf!QVZY9RzmBzg!2fDHq zbgd%+w5yhl)?ANoXB;Qt3`yzSeHZEBf*39aj0AW^A&UXi@!CubaRYUqfCS5*)P-yc9*85!xpnzQ&b zJ&kJ{)H%PShL*z)7-#LG?v}+~UK44}!L;$?_2*Bzh9%f@^NecgMA-Jl(TS-*DRvnR zNt+4|cs}~TD#&0hK3grvP$uo04sdq7Y%SYmC#~Tj2D=8lQg=IIj|jA@0N9^=Kh83L zvj-()(2L8Lhh46^O#dXl8svFzomBe3!3Rh7%@}Ewc&7bB@HSLP7I6z_!u{C9@tF1c z`opUNIZJiTq~)m~$9VVhi2vGog%Ult`m5VyTlkuBYbeh(TuFK93=n z+}7MRRqZ8$xvP^fc7(GRwy8#D0&+ojAB2rcODxr+vzlJhS?^~IyNRad_9Lfzj=pMP z$p{r}=$0~$1?P`hNR)rXnLRWTFBKz+cYiO`Y>F#2wYs zfskqwlkM@|xVEh+-G{=5fB*68!M}M)%%G+O_4Kv$Zuto2f-U}u^UM0siH zDw%fC$UN%!854^CRLs;4^MHjV?|DpI8kj(ng@2S`Ha>BPlZ<)+tJ!h!0o^FPt{gGF zgy%nQ<;p5UPGj!-=_uoRz1`&pn-}6^2A9*@n<}iSh-RP0uemjj+_TLwezN_X%A0cc~47s3PsRmaboO%h#dMdRag?{mE!O z^S*8ln=-no*=+xId%3q8tpc9885ml38El4}E1OwM$(A448*u+O&Ig$Wl|}Q2jmd08 z`~7=u=gyGHbms6=mG?%9?cPKp_J;KCdz8EtWhJ69CQZqjTs`~_Wc~}apM*lEn^1F& zK<1avG<`Xl+K4#w59_|`%LQea#V{I?4}1C-LnsdUu_wvK@$U+cO|hO3KEENIahVNW zPa)~lr0OZk_nLmCuCqyIy3S+$QKGDLs3vxaJNZO$KP;NhyqJk}VFSa0l`QAkSmOhN zv24XH?0T@ z=~8-k92kj+ft(c=Z10Pbv%6%i4b)vlg07tpM*NqBDv_pwnXR$GyW|+(+&{NxEZ{2q z-R+65jF++U^Zs0fFMmhl?u6cy(3(9oaU3H~^G>V~QO2(T_>c9iM&Ie4UsYd0{qL9f z7Y~3}Cff(|EBwfZUnvb=vQ|e9T_qU-JP||ByHa9jX*1M^v7eXMvXR)taY1motQ_eH zr%R*csxN0zaZ)$>9@`3c!=vQ)lrG;68H!P>--8P&=GOmwlbdW!6(0jq44*y!aWzp} zSge?VbEzc+aJ7z{^wR^bY*wC6YVWixxwc2W-Higyy5&M^d$l-g`RU1qat*iNHmiz^ zyd^)H2rx~U_hI{wBGQ8`O(}2k#TKwc;0_M}l|eR^(79fG2oe4&L#%d+%it;Oml`MW(Uqp7(v?&*t%FK8euJ^O}lDL?f+$277}X zZcta%BZ;(b^{QWdkyfmb$QlW_ZC&oGm1G0)10(%y)H~ym{9kCDc>QI|V^7F={@LvE z8FY7fMQgs%vuYpk|Yi&q`g5RVO_;!w0FLXXwXZaCkfRe8@ zoLd^dKpYYqQeM*u`4wNKHzHyBkA=r2;Z#LBKffiK2eI57{c#*5Cq*DEdU~>a$GCQa zH&$3U{(Or8r=Ez={UAh}hDdCMpYlHFNZm558?T;@nl^)Syhy}K-UsitoUDOWt@(_^ z-R1JKTrlAA@GryDj2&mAT8%cNLHyU-;LGz@(SE?Yr}5XV?YH3tpZD!Pc7L8w?&kxS zU%KAUy8fRvzX6>VQwc9;fF3;)X9%^m&*+>hPRb&}cvpea$rB~YT+m@QL0sWdKG@~W;W?096VQXEAshxa@&7f zJD7vnRvu)m^rc{4SPr+;o~>ny^7D)NaYAPADM2jVT_6yk>+|WrDMV4P8_44FGsYpo z=&eE{`t~#kF*Tk|Iemc^Acx z;ag|GBi_Bs$3v%!5{7yruxe!T4HZ-DY4!YtK!@EE1V)*W-M9O%-q;%7kVZE8)A?{* z@N56qK$~0{P3d<+nbi83Gar4Q4Cg#bO{-k|=SR}gs8GLxW)%L8ZR#Xt-1qx*=h@i@ zG)<;J#1L0wkcg_>oOuTEsJ)+`EB&}~*(mq^`;R~666|IFzwuX&^y3@6|N6DNul!Rk zq)>>bn8A-cmU&7_Zv^TSA|>A;%to08I>q^a;Sx_>_H8O(6^ZsR-e8WUd+$5fG;pJ)rlS2vy4^tGZwrQBh-~8u_ShL> z=nlz4u|#3Jc~GP!q~7EA?I}uvrh}&itwk9*;_-9d3={z$@iSlF*<%q>xNS$6e~8rJ z^*9GYg97vOo*Euc3A1;_%zl}HKJ0kG8sU}C8VM>^H`bL?duWhfIXjR zxj&X&n7--Vx2uk9=3at`NKF^`-Qi1TlpDE+TVU43ylJPMx82#XZm9)q@Ec?_oPmc# zAs1QlMkD6@sBB`Y7q^A5!Y?+5RXC!?A?I-4RXOZiT>z};b7$6t`AhT9-YZ?e+M^5N z4iwT>h$V@Gy{AtMG$*hzge^ZzchsIT7QOd>v<4R^+o&lH)4sa@ALLARd|+XyN$5AL zfi^}kdMLq3@KDYA>V6$Utl)ZfB+c-q=GZtjtKberf^Uf=L?)ng*4Pb~M9BKt2nt+C z8?a1rm%!AGz$IhAU}pY?H9%~I{|~I`lMm|6he*azNgY}d#%XIOUE?P^xd2HM``(LJ zMCW;#&&couCw+wP0>T@w2pQ;uimjuJHl{Kp}^-kUL5s&}h#O z&GIqNpr?{Nu!(wqLz}TpQCbRf%i_IAg3ZRIIZHd6IL6Qi)f&4}>OxftI_LkxZRGHZ z9)444GL*0W^{eVg<9gVvyM1`2i+%oOZeO0&mlU#B^cNAKMrDpS2+@eta&7QMJZEnj z&ug)th`oCnaXUtErif0SB=(zqdbF-}2Wm!`%LFOfk~djfnf;YSrGg(pPJWL`va{ZT z>kayGkg~Gr@}cb0pUC$}Bj-8PQnX!S3;BxD1rZVz%$}c4l+uW&88Q<(m34dX54Q3x zTI^vcrN@?MIJ=;K_D$(u z4n^gdZLF7_vbcw;83ttM^SR7JxW8UouGmU@FKw3-A4 z3sw_OKz(%x(42nWcRUeuGu9G$i@)kBFSBrcQ-#olL52c@G6LwwTPd^ zds9k8u-?)srHRtQV;fGw;)3IF+$LjtjvvX$k$94;>8^J-nLuw^U{_v4B+vXDhwZ%E z1-?rbVW@9gHb(TECGx;_#F=W!tI+;^hjNC9tkR0?*euSf>Z#B$dSH~`Up96Gt_o;J z;La*yv?MX)%jf&+=3!@@A&BNG)UI3CQ6$EVy3vEOL?L1%_CRM;sjW!bMt0!Fnpi3V zeiS}OI)!S66Iv;T_Bhy}r|}5uKSw$R$bYO2SJAIzW62qYITE&)t{m;??#f7Ir}oOG z;~D{@o|C#q%XTESl^>V;CCazke*^e@Z#p`!dbQ&Q+Tt8g;rT4z*G(#Es}PKBtQ$Sh zj}eSRUQId0>i?otb3oW|dOz3MQN~c_cR-U zkCL`IvrUs}z!rh=#Llg3u?HzlUpSB_b60mZBQ&v!q8Egr+^4_K0N*?;4CUzPaO@;k z{bgv-y~Wj08DM^zTTAwKgD!~4LgulQP`k6IRuT8SJE^vKI-aY!^-E)c?%1XeKYNH+ zhSHd^0+M?EOO8xNG$%3OFo$9vjOEMRoCahDKU|YLJ40)Hkl!Dp`p=HWX83@Pwh~Le z2p-?_MCclI=(83m1@;0X;`;{&I>uy2wf^7a$YezR1^UZ8-ykb)9&e2sCHn_NWWOja z)ofZmC7x*t`vkRIA`4tPOS>3;HaO*L5?kiEj_GFj6ZW;?&VT8V&;@4;z1blhK)0_Y zmFfhq?|m@S=$!Pjj9isFd0f!b(3n`q(VQhPez4{ zTm^aX*7%j6#mm0)C^SM|Ry_=$gd#1YgbIomAgi1lK8P32hX1%Djr5Hm+kU@Ckq{J5 zKvp?;u!$feE*$&cnXcWlB7;o}oB$r~Q9u$2V&-Z;P*hG+3G0C_D*I5GiSwfpzjm9ywyT|&pvM(QfePGnXww4qN@^Ha8AJ15m zw>k$^9a5JcH1Hs*=e`@{C zwuOeT4zl^&QFPwLv_?EzjTsF6i{=%@!F=v^OUP%5lr@{w4B6C5>jH9X9hNe3Tntvb zm6VqoEyXR9sm)I7i9YU|iI0K`^J}4sBbRL#oL3ty63C33c;z0QZZf*dj8=I$ z%?rbFP+SgNpN&Z;?k-P&waIMY+RI7ZDgrio1bRuHn0+#-Y=wzwMLAubT7o_i70Fqq zRMh#by9Brz)~qzwI_fX7ZQ|QaTR%UI2CE&s8A9rhH(Hk|R+#URAI=~I6m2Y4LNEwHW_Bn{3qNM2L2Gs?bTV0ABl9AX53hUkM}GXZ&c0~5~l3s%szU9IFW#bvWZq$ch? z;EOgpJvY0$M{d18N#pOyU=xQBqLH2|0S`8&mIo%cke-(g@70VfN@xzfuS12R*Nfcv zwqx!YMsc!eZ#*bD7s%$_ecXtiwx(HynN_QBP4g10|@1ia}&rD-qh98knCW<`X0FG>+PlRQITw_$+tgSv&*8p(-NM2 zu2+<5)hH?zAMxcLfU=)pjlcV74m_E$2unLR7Urj{WS4DLbL?qbBByM;allxcx6op4)`U4k9}vkTdBZ&`kTPhji>Z* ziK@QkQ?iPA`D}?W;MN)wOt<^5cw!IPuPV*ah>$yLV#-c4{pBZ2TE5DW@x(fgz1OVN zBj89{zoDGIZ3X6*WQ#MqQPhO9IS!WlXQQ9;6+?8Z z)l(;`dlzrg(@k*BETYzdjb+vY^9HJ}E8>RJPVAD+PV6UM+kWhK3+~b7aTU>VK{Rpy zWVu&vGudaAV_06viSNIEM=kif(#~#_CnQXOSSaAJI!d*>YE#z}vS!==>F_TX=jyh1 zeWnhLk?q!aO@ZI*nd_Vf3nLFRpkrtu$8# zs}OufW}S1vrW1>r5fbe|h{6#%8uru?S3%x1XOk*ji8frSUdCIh18+ErL_`w3Wnwjq zu5;Ff4HPsNsd@+(os}8cg@8aoY=0*!W{2ZjO9LM?p5c0mJSSY$T67er<1;nM^4s|) zmF9d#qFcU!TSK!nS}=}fsJ@|auv;@}93tYiRs2jC!;~2nI*(y!{K%&hKQP;gpxb+@ z)xuwMJ+uFgOY0MA)BF<86+Zy60~l*FYxmu)e@_VHvkx5aBmDkx)qX!c-F`O5(Lg>< z{fua27}qJ&F3M@t8o>ktYSw{L^z^i|3*X36%Lu%L0O@{aPv8Y&dQv_@kk`9-jy<9+ z-X29b_xN|Jq&*+*3G>hVQT_Oiu)mSlYlfr(o@>K8A`RzZ>fVIOIg`=tPq%IjgAr8) zrzzva2H)r(WaH86IvN}oO*dYPC!=S)L@W@Eya@ufwFSFvqPuzG!ls%P{_@Qncm4~i zwbzW9t(CqV{v4?b8#=G92j_g^>ZD~Sl{)U~MUM+=kFDZKQgx{v{+Dzemy~S+A9z(+ zAdA`})IM~lrc4q!7gg0s;27?WdGm@y`2**#Ev=EVNVEIn7An~8AG|PHZ>RrE%c<6P z*9;G--l{fD1EwssQ`|rB&K8M=R-cUYHf>hzUp=YmZ_UD9u{qsVmzgh`PjL`JbRedN zrD8y0`#)A_dP8C0TA_kpz&cvusXA{}nIVG+@2LvwTME70gLX+MThW~ago}N_O^1?I z3dRze1PH6{{uIe%Y#vL6P#iE9Irzvu+41p7uLTzi{1-Mo5fk0RZQ`4uWqj7dze9Yp zM}V)8jL$ZAf$~+$G*5LlWXy{nLPDJq+}D}r7LwVixfNgX*s^QXIMUo2{I-pQeOgDJ z2K^#Y8!9)(qj)UxG^RZrP(k~YI&S>WeVcHgC8^tkRKZJ|@4%Z;U$@qHt4!tPl6Vck zxIHf{q`r$4`s(#Wq*>em=9gqB+3HS=SY|Nfj;~<=IeovcurX}`#xq|<4Vj(TOG!PE zip!{%AED|%WZTzkNEaAC0yF@#%qnrLlab=IV7~B*w@hN`-9t=ck%@v1&VPt}(Z?I( z#lIgU${8wOHcI@yIyy!5xdNhODkFx!Vz1-{F9yr)J>-@IAlqNiGDpZRW2=~eF2fQM zD&%fD5Ly*^(u_;ON*#tpMW@*!iwIPo*HviZx54KX=s&H8 z9MWC*fvnP9rtzL03=Z+0tw9#w!G40|772~%WrJeNuhJE<=PKBDQ@=uj8gC92nfDC< z-TSC^YtyRujGalG`H%Q&sdOr!BblE{yTDHHA^u}q>M;QFP7L<91|JnZr1 zISkUFWKs^ptPX)g3xiWmM~9wUrFX8Y;atr8!`r|>a4D}}s0qwf>5E1QKWBQ1o)biq;@3#Fg(?0rF`r?+rIC9Nw`G&;1K72>J>OVZtjv#0+$#tC_JlHy)m|NTM(>jDS!f)<>*mxqTzy z-9V%jpPrT_>1AZ!$yNa!v#}I`x*;>SXsO(=SxW|9q`sS%ScYZ)zLotgtfqFg+Jqf~ zRi$bH44mx%1$qPMdNr4}Jz_ZzJepgZZ_t?q^p+XPhy{t!R>tj4;#5880dDy|}tiJZjaO8kL;K-LI`= zLn)p1k3oC;-%Z2lLn8V$PSa4Z*y?dHsdlb5B+WCKk6_%o!6MC!O6 zT_UT3N#*I##YXunHOwga9ajK4h2F#9?QLGK*F(Ukv+w)<_JCpFML|W?YXoXLwd95$ z^!9Hd27G}yGHn>UfLV2H>&AFlLxUF~Hr(YeRX%RecEdvOovuRfIkr=pnPH+6>um%& ziV}>^moiH`7x>VsQXCt(!5n9L_yZ=2_=%pE`N0?C!@g@h>CoE_ zH3MLXITkOMfkC52K9j4ggDpp{Q0en4gvHRgB`x4}ME9&uT*I=c!id>Z8C8*X7SuP| zIJB5w$okl?M5jrwi{$I+VBg`3L-6B#d>naZA;tmS^nr)G%Pd+FQMPtCjo4Gv+Cxo@x8cDF2I{ zF%-ap?M;8r((@T~(zW8pEL#Xb&h2zIVv-Fyl5x3?sMbnm+f0KBF5>xAVH-!1Rj63> z?4;c`$Lp+YS{aL~%d@Y%FDAoMticTeb9tFP)7TmKR45MS;_( zb+Zl;VZI*3Ngk3&y&3D9nJV^*o@8fW$B87Kh;(p&A4&0f81W_fY0&&Qhh^ZV8J=;y zj%wgwzdl~^_lLceNxAA;H~Umx9x z(J8KC__Cw6YUa9jo-mE(sCB~)VJ785bP%l$^xJ#Z`lS_AiL5?pKQabE&`d5%T1Dqv z|DLN-@~julhAXCj)uaG3x2NnDWxMuAbBlY3kHC*aEER3; z7qdb|z6&RSnD{L&?xPh6)CIpXlxp~|9ck=#{y6J*!9-^NYjmZkC-d%H}ZxQV*rY#-)kEC1B!Ge^5*7;RJ5Q`u=`PQ`RzbVpI-J#+&z38r$CJ zZsb_9jU8e~Gyfy`fZOn^)eP7_pFS+yi=??yZmqeTW#bUN$5<0L7+M%5HUx9XY$CqR zDJWcoV-s#-1*QtdM(H16$*9o=1T5*7cr(HwRD1C}@F?Ol!`XUl^#~ixHMa5;T_P@k zT;n5pQo+U4Y4as&Ze!!&VB+GC;jm-?YipL=dre=dc&4>3Us0Bazw~R>?mjOpy38)$KCNYz*Q8+S zvt>#T&pCznCd~)s)BUO>6;^D#CFkn1z<29ONbJd;d4AB7Mv%KY$Z%J$X0A%EEW>c=?~^btd|i7j^t64(fx zXP_f$aPT-ICdqFT+~>YVy-#>5Rc$tG&%%lD6t@gW?-UN2Wa{7qk9jOgQ*viWz~UWJ zcCiQAB)a`SvrxzNaS3VX3}gj&-9yWlAX-IS@3NEG2aDaurCjo)4S zUrwdft`m^{2;uI!phbMY@x~ctZrJ>OSLI}@1g^dzv4)i;0_P=2RJ&d)@?|(+`?ngA zYg8Wia)(fXcFEY;DuonR-+Iod@|&{m4f2a%Y1T{|B1~A|A0Bv@j8<8U71%j6D|;;p zi46(RXXSv_D;uEJv|YPUZX<7EuDact^O0hUkTK?@R7TP`=B^ggKX#J1Pj&e*O*#v6 z(4;6}t+ITlI8JyY*2-aE<~Tv3nxgR^TwFP#(*@X>dlT2 zIklEdQW;GY&l0_MP9f2`wG&{qgHtj%|K^O?zxQywmPdWNy*e3<6-P{YU34b+0LzIj zTI5F(FJZ$b}1MFUEf1$w0d=1bA7-Rm&`>l;QBhab=yTNPBZ zl8R;E1#oEN0jW| zU04&5<{PH&ETx+GZ89~x5{c#w)G;)01)puU(~K*e4K{2Y)|v|$oH`%X-ardt<0sM= z24(2pq?l3?(0?WP=W@F%)&93|6?wd<3NMWGXT!Sd&UpESnr*d^S%@U6+QhJW?Etq@ zZ`e#pK1jD(9a<%O+<*23K1F6*G#0(5A3C^U_ty?%keaO`oPlncVMl1P_E9u)>4Jh9 zV~47E3~ffS{jhn7#+ZWOhqZ!gSYT}^Zx?8{noCJQfVp!dvu_Lca~C-f{NrOCH8y_>O!j=)3(|yM;`u} zVR4j9x8k5KjIi0%f#vn^r&N1j5#D)7@N}CvW^Ar3gY^sDyEK;Sfc3$^gVCIRCIdcX z02{#usqLyeKMJvutx=bLobYcEGeq8D`;;GnHwe@YM}qwKi<6)E9<<{L&klMdoD-4f zY-PvL6$W(!#ZGzG`6!4+IjY%O0KtNoHOoPYC4_$CYFV%#Hhb9CtJL__7a~uE6Q!P) zx^ispz6iG6DcTcby200;%0-A|Wi^j50X<`I3>A~&m#dZCr00f4`Bg4JF~T+r|8LK| ztS+gWANr=xG(L0PhGy?Wj-^K@@TbTV-5_~1i zog2OtrL3yG)?;$i$|nZ%Mfg#T`O}sideQ)NZ+FkdA80AzsbdGTjSN)iI^MmvZKzVF zTR|CM`jF)}O9EQTPrbB!y>Ff5)>!?d!`cH`al*agXboYW7vM|>ADy^Mv?41TA`0(0 z{=9rRBvSi&e4PhwysJ$U+0Xm@aVYus*g<8VLfs+w0f>{uy(Gy(L;~ZhK1C z-v{Itu19aCh5bU;SIwQJQQ}TkI;)h5y9QGYM(MIKh%RSXJZRXbHrHav_N`1e?tvP4YYsCCsp`>Q)dpltlQJzkOybVF6(jrg1eX=olI z4i=B3Rc*X!6Cny}Tt*}d7|d;~rH?}iZOhB)Z~V<7!ll|62~1k$8RF~ZGGE67MKsS?p0DFk>E|6KcJT&z0^i@c!GP{mlUUD}=T zve@Z>t}{%U2XA}!UbDOFo1gtSYexnvXJnlz*yt?InDsPlKVYl2g|b*Yot%x&J7PD> zJj4OB2tEq|DthLzI2BpBu6xid2JUYWj|!|{o}l#qmCy+_FlD62_9mkkNh3cuKD;?B zuiR*%R|*S5jBvewcpwQPE|^8;vJHTuhus*B!|Kv0L8@qHJM7?pinK~>;6LQ7(S<`> zZ3fw~2@7A{1d>gzD5F*9q5BD`j!bK5; zVRZ=%ob@cv?RVgbKtxk~@dX88h8B&~9w3k5fV@2+&$lzAuwLk{#sE#iPYBs&WmPjg zZXBCnAI+vApOjP=)__IOxJog8RS9O+!3(10hPhsZNKUA$;gs|p`|%VQyrWj9{`k~k zL9m$U(oUz%_!axTyK^$A5v{S2HA8_HGZ46Bc8G6a$@UriUNNbiZV7F5x?)hH`rNoX zY1ZH#tN{1a@@>VoE=ZgDzH-IO8CpXCF6LwhraaqJp&DI_c370oNN-7UH{qK_V|E{* znz@Zf*{>Q1D=t8nHy8qICdZyy=K6CS@BcPoyGu<;_B&U%YWX3~$5EyD$Dg8RhU z>59_LO)rX8DnM?>+QD}|jM{BudmzAD-dZjbwGn!6+gJWI`emymx*i*!V-r|bqh&a# z9;Y_>vgNVw%V}6QPjGSC)G>)`-k~m&Mu}MPV+Y?U#fnKOvnbSZq2|UH`zlP6Zxq4+ zQ_p1!RsQrN{JJ?PthB&cs?7mEAH?d&UJoE1gR#g${N@ zTnbJjI7ID#q3sV*mWZ!ZPRqej2LnT7H=&H$(3#WMUy?qO)E@|}Amhoxx8n2whT;B6 z9N0MF$i9pR>6>ToWYBOhFR^YvXfXNS9KYhhF;xzyY8M3e57bCS5<2WGNsF%kvp_{l z)Gi9^lDq@u7j9FPai(KS+v-Bd3OfW8UA5N-rw$q>dL;NHo9PC#zWu=uSYcO(a2OiW zH}YSApum??eIDej>=Ne z+W+$8VRiU)x2~P{mBx^Pm3i7~5<~v5=70#m`a9!4?(%zc2WTQ;jEmXBNDorun%`29 zE8US>bw$}d5O*P7r?vHmFLU%*ldtf)>Y~e+4kLNP?gUJ_tZ~-tbT%)pyF*4{c|JZY z_3@-O^3!OKNPZ*5h8X>cGP7-vw=HG=Y=Z8l*v|IaPe+DH7A$yPT_CoXs&5yS=7|&K zl>ibf_nXcy`7|a0uGONKOC^KWU$KH0QP}Z_R%vI+t33X++3to*l=C&y3|Eog$Q&b* z5N5&bFS&7z5g~@&dLIA=Jlz0(NmmSE_^Cd7av$c@B;W>f0$9nak!SE z^XL%ed({^P+l#Ms3v94Pt^kyTijGf!U4?l6h@;(KQ8(67j=p>GoI9j9S2?`^dxY3! z!3(!Is$EY3$12CJ$G!5LwJ++tCUqU25t+w-J@sG`KMx z8-Ja{;oH0)6YLVHGH_MaczV-{*d-Lx%GHJsil?0H8aYufHrCoLzn>qfM`#^)P9WMu zQ(pT7vEdge^<%#pc|sQ?=d*C9IIlV2Hh|fZ>n{)IR`4+MT0ib7%lV1<)%;JUf37TwkhfM| z{qk?WrK5Y`ln!(Z>Yx>tZ#Hb$OUw?uuC$FhisGv+$k>s=oY7<8>%9?O5f0`kwi?M0 zZSdu1^6Wwe@c)8Z`L5w*;ZCT%0U8a2Hg+{alrsA#8Ojx6c3YW1um}nNOn$5yi)^j}@dB=26A}M!lpfYSr1-#|nu=(OuHXKf z#<~iH0c_^om?q-XVIm!4P0MnO&mrAl0pyFBsF$oFhRH#S80`Bnph0R<(f|=DzNfgo z9uid+>^Mhrj2SqEFXVmJTIHq43O(9Qw>d6O4_wFS$ zcLgOWa&Qq7YmhXP1Zjcq>5?~k1>}ep+_-P?p&hpm+70BxZapI=6Onab(_R0FD5TM> zeVo|#d??OO~DmUFk8X#cJsG<)8_mZK=`z;98H4g0(vsp@TK>CL-q?Xmxq?u+V~F_9{{o z=Rg-O*H;aT$1`m8vjDy;^-=tmF(WT53E7X3`qV=?@^;(P0VP<3s^r-+3FAO{q-irJ zVs2#$Su}jUtaC#xlN;9ub#_sOaCiMj*-%E8=v;EjkQI+Vs4MD#BdUZ_ZZvMJ3Ijxc zZXp5zM9d(oEeXB~r;Y=ip(G*DiIY{W5u^i=*eXTuOXIi(g^exL^; z&p~?qTbpv4GTQnNhY=hWONnI0gD6-*<*>~hM6t)v{w0N zN0FweC6HQHf2eo;L~(f9Bayt!@(Ww_U0m*FyeQ3D4-KAr9W{Cf?QWnuqUspS>eRj!2X`O02@()^kw8M5D$B?+pbJp zN8G`_Kcj{f^{WO9kyJ(;j45itN{EO-98xMNfTRh!vxlFOm8z0>Z>l3V?JU0b?_J$2 zb#f39ojOuM>O%A5&eqZs3Q{f>4EU>YMpiu!WZpA1Kv$y;( zrOEW5O|M@;wDg;M{038;)9c*1aXNz7blI;GAUf&-;~TzX(m6qj=>Ld(%;8-M#tHRl z`rcGCpSD|nE=>e}3$(WFFHzSgsR41C2=g@Umgqt1J@qY4(jRN1F;GslJA&6o=oODN zy&WN>+46$nLIk6?iorB&TKZJ7;9()xoZ@K7K^N z=a4h|PLeL&q7P2$FPX@7*UdKqn>?4Y#10|M^jjI>HE#aodc?*8m*CI%%jl_CZg{&z zHPlGsqr1L?vn1cZoeUpFS96>hZq3C@IbuqhyeNFWaoN*or71Bes-Ph!c4#8ge!w9V z{8>#@F$BZY`DRrOfppC%D@e*Vs>3>bcBhz^s$aqufb@gwM7lD9Y@|zr5KvB|1juQ$ zajT%fa8k*nlBoddILhp}OoQRn_sSN={Jbdm!yDF(K_-eVxJ<_t9K~A&%^_NlIB8+& z0k;T>EKi~U2=z%}TU|p4LsGDE^^v;A(RndfccF(DtVHlZn*zl<4cBr#OFeNFh)&1M?2`l30=d#F|-oEdPA83&@7d-gu>^g*Fd@EhszCT~{9?uZ`=l zq2w-T8JKhv?_~ss^*~Z=m$9j&x*!LV{-o!E;_G)fdJ zWR}TGNFN$?A$B&d)u-^foYETTyqr>pgL`&rb0#FI(Ot*`WrhvA?R#tv;tcPRdmPvN zKs-oqtN^5<1jd_d!NMqRe!F1s*jaJ+55n5NeVXJNMSEVM#T%Yugw(B5=<%AtzEl{! zMBmEP1Jw0Hp(MuUp2m%s6GYrNWVN4?=y%#R*7+NRoT$*4j`PVO^id_md+-$3y^Vj7OCXwHwAl|HI56 z@E~=!%PFJNu^@EMYVC73NYRT&y>kUHhQyndlp3bcaJpc1ihv0p3=T>Lt{ZPC|lriI4XH@ zr89N|yuJgwqMU_Ip1A@wn7gbFAvNJ5N(yUIgjYd{?kei<0h|MnsvN*!lXLs71@P8A zbl?;99xsGd-)o)i2$!rD#8F{&&La-#rcD2S1-_8mI65GV;xZ1_a(Kq39 zt9$Pq{Bvq5)mxu(TdHv(??^1k9rP_&8m0wKS>@PWFjEMTh-8}OGUdtz$J=e}H8nIT zTGRll?m<$BYDxIlFNvo4oM|%}5k)#>t@Bs!qXyaM)Izl1CRn%)-+%wEbL-vm%}slI zC-Wq}<1w;mMNZ7ar%%6A?%f@aJA(sWs)E7AK^ZU*fP?Mu#G#Bfym3liam+4)_n}Zt zI_09wFe|}qh_N{@PBl?XV_pcPR!F@dil;@QsbI2D$*MJ~JPxR53HyYY-G#~dm#WMT zLRZQ($~A6R23N&rp7Z&1Bld|!HYzwviaFnr{_qQ{YF-wQE)**>_1pG!d7vWXkIUgd zG#4O`S;j;RCDC4&n2VF|6>_$`SXZj$s*+VGco4$1kV&iv`=oPf2vcfEkbh@JsAx}Q zo<@ma(mS`m-+q}-vE^mCcD1!(^fn^ywR|v6-irq&QajL0e zx}7zpDms*JngbZ(m;DK=*h4_NOO_?$zgQ_lRGu{Qg@cbP(!{(M8OMmtu0&L~Zn@Kn zFW4D;`)%i5uECp54uOAHfnad~3i3RhN2QiI$*t&`K8M&Xzu~ zQu7C%y&$iIDsonOZtFuCuKSc)uOEaZPucjE(OiRg+!YP{i;g}8H$)pexSYAbx{=NC z_JzybLuTiLvL@kPzxE}6$XU#mXDX)8NAMXJ@LZh}RpjXT(S+RalqWP#R+UoB<#UEv zxBJO=Z$dtV)u4iiUR!ds+o+#Ri)x79zc-}E~(Jb#_%Wsj|$RV33C z>qRYmf?=5>=&3?)nh#dKn(aXT8a;C_)ifP{+a@K5Qq1jMhuIccQ?7W5CGBVa<7d~e z&M)4+nxyfAlNKi8Omd;sZvAFg*O~U@$A7ddclIwj9CJ5JeYqxRts?V);fD0iS#O-J2cJq-bt_IOA9>Rk z))+{VRapkoYSDC#WtehnCeCuc|6Q zUvO|8EQFg6!g(8y$6zuz`MZ%P^nxsCq+phiX&f7pFB(bIlmH_RjY2Ls6U6=tt@FtP6 z;-r1duGLs1E`!@(FqrvFfeSX_Y7U`mLX=#a8JjU0w{yyM=Ep|4q+CM-2pT%I&i-kZ zy}pKaS=?~=*|j$k{legHLxvJhOUT*f^UJe))lj!>2|(Q^l*QGNO`q3{+N{0;RlGA&?8n=XwU8 znG|q^47+$OQ=u&Y=^c9PEK#yH4Oqnhat}a1vFymE`CnQ=1^8g`e;k*f*lTeujFzGZ zny^ugPxO0VrV#y}R5Wea!2g@m7(3?mrqxpAPVP%@d4x3S#c;f~r}SJP@))*9W;79M zjLK)RZGG{yO?G6Ec8=Zukxbj;JShco2FkB+SYBGw_O3*Jl&c|_<$bj(I+q)+mjU^riM>nQk&9FV0A4*mCm0~* z*%OTXdUW_?zw>Z^I^*#*^%xt!WBM%Y221vVswE(sT%tLi;;ee9U;g^?ECZC$i00^^)r~LMG5h%8du2>rVHHhmYLvY3JuP4?3GZZd{g%F zfl`m_t^t{c_I_43`QkZz`1&!(DeTA82*so)kAR4&en+ZcDqIEJ9?!x&5+RNx}e za~!K)<%tUst=)L{2%;>{X=-9}^V{T>W+6E_Kidp9=wWA#GpQS*SJ~3K$cbTYW(;C0 zl5r$O5z~)J_gtyCpuNjdYgw&ZU6Qk5CWHr)#wLh>4wJLLzmKZ0{ijc#Vq~R|1<|~o z5K=upIPl4ToxFMpksnhj5S0W=#z^o^X0b>9&*cxVi!d?euR5T%Zk|tGIQCDjqKnFz z4rn9^olJ0Ij7>OQTyVyF9HN3_{1G)JVld27M{-mR8e{{sGlQ}$n*>t!FqZs8KopV! z{x4%f38gx^A{JJRj9{Iy9zMnmQ0M3vW!1f2Lk7N8V;2`;>VL!A&{amlAL&M>MC-Yw z28T|g1QdLN#vCGf*^w@GF(>H#>ZbGtU+fFOi;U_O?HtahY%gMRmv9y6nCH^mVe9YU zfQ?bsd%#Gpfjqem0&#B;)AD^Y>3f?@>D=$=Elmed=v1^ok zth>w@1~|Kq@dh$NsL=9~h7nC1O@YCxcH$9R+)xZgUUpJZ>y3pfn^;zJVGW`9px)i` zq?TI;-`2t(R7edvvtv;K;rw(YC!N;xlI@6+6OCXp*Ik40!tx|$LXZerIH%b)Gk`HP z_Q|;-(&ASkEb=bs9;WUZSh|(a-l;%jU?uVa@-+u9 zI5{&L80`$ARBz520I=)gmal_a-s#?={H%{wz7|$_8&bI*DZSeIV>sUdVtd{T=G8o9 zB_+rmC6t~{GNJ~3irHUEC_I}qMV&Lwf{wgwc&O@uPcIGji{(Oki-*;xkGNQUx?KiV zpYnmtaZ9pH-?ie0E|nZGyNf00lUI6Ez{yC*g2%bEo=gop1{7)#zR{)BBy;u;*g26c z_uWeHS!;>+jk))?H72=39~x0&?S3=`SlkI?OI?z2z>-7?6rhZ_q60nkZelmBjiyyA zCQi=J);a+=`CHBaZi>J0Dc}rG0dClx7e&jpN?Ea;&t8nIk^QY=mafrh8AA`1Jq25J zaQDouBP`<2UF5t+@e%r?SGaWZ)T7x!W633iw!!nDbFfT#c&tN7Cke*@a$*l-XK}n_h8266fyiv z^Awl4%_1ooVkxm~E(o9OmF^6NHwVLY!ol1zVh<@sVFR6UUJ}{VyoR$x48WU7MIoU! zm>cZ9dvEwA&Qa^0pZ2W4@Nj;5I6rOV{N!vbhT$}vrCftybD%05nH&HfH8ssqif3hw zn>r6|n*)}f$GMz%&j?Eb9^&Au@-rbpv?5I8gv7AYFu6^{T(W~N{UFWvbOL|Q<~&>M*+lANDVI*M3o=2FXX*qP zFaE01f$5-o77pw<^$Qy0KIJJJq_C=Z0u zO(fQfcUWoqrQS49ufubh=2CM?vnq_syj=|yq3B?^78!q;_`>+C8D$usyT%$Wm$LS> z*=Xc&^O$L|iFH_Pkp<3!5l-)Ep`p3ST6!CeP~WVw(I5ZD+M3PY*=qm7fAI_3OC8VP z;kLHZ6nwa?eYmZCxUGHAHaut>9&T&N!)@(G`fzi%wJ7Q}-Pvkkueh+i*ZW!>xaTAY zc%H~Be$6^xI#lHUS~&oK&~hHAC%(7CL4T>Fmu#_)R6+AFQj-7L)65j$f)gbn3yTkW zDNEJYJ~<&73!*gAVdN>k$BAcSBSccLc%m`t6F1gRA-`)r*jNqjP~0Gyn^;I0`^{`^ znwl%O1XsNRO(}&Kg38iJJ6M10<vHhfNCWb`xEF!SxCY>voTX| zXdH!+T-aMX9bSv#im}5eif$w{O*2k|852%zD4=L3GHd&eA>cqpfjnx1j29&1(pPZnBS&Ke; zC81*+B8yi9Aj}xWNQTCqvzxrht@RR~OWoe}!CBnrt5^_a+ zi^9KhX|nFy%2b^Wdiu&h9wQMO-BJ)R3}*SFh?JCYOuMr9PYgI_CddX*(>pe`o6u#Z zMDMm@w(=?vQ8Go4^LZZ2D2Zpk*Iu;|^6zC^+Y*{Rkh}E5`{UD_o zwVel%bj7Y#-%+?x)Nq(87mW*wom-?$P8!J)nsiWAm*Ke}6XCbkm<+?9RA!47YQCYt zHA_Ma8U@V`7YUtfv@ItdcO}2r(~1dn-!pE;xa)4R4|35P%0^{bwax{qY_jMkU}pbU z`8G-VO$T548u4a$ocRmv-fGSPREx%HX)mnLXk~E6i_J#8$;N#=f48%7SYE^zG~|MO z6Z7DjykH=7ea!GI**N@^5Z-e-U3JgqkvUHy$+PAB;{L);KEOSTsdkqnX!i0k_ya8>+LF&J2=+1`6J*o%`aO z7e5M?`K}B&Vlo&7ES-&X37=)B7$(xUS4=+KW&$3^+A*6?$a9v?Y{B>4>Q9FVoO0e5 z2z6WKDK8>;gKNl{Oxd_!5Q_VnKA&}{&5zhQ9~Vw}yM(9g+IyD4l8wbki3OcaQ0NX> zNcauQvM6MNSRUk_Qlt33`|Sa@`IF-|uW=mOhVxK~O~IQQo1)=7NAXsdtIMaDWbx)Fve7YoKrT@RiS z#7u0?+VEM3bPY|ov4(eX+h{t5S8fyWoxW;-HJ9=i1=<4Ak<58z?pVb(Kh%Oojv#${pfN)BEo*;Io<26Le@CyK9*eWPcgdZ7 zO8SEU_SdJa6OgLN*?599PUQxBYGBs*xr-87i_um93xJKBk6o0=V(FZmpQ$rAxDnA<_@rT zO3CJ_>^|xb8uw4Gao?Z@aF)+$;;9t{I``6TU4=9IM6Vs(oFJTi81^^`3k~1q;b5n$Rhp z_jWGNzj?K*#ud(!XD=Er+AiI~UvJW1q}K2?wyIkGH5ANk4O`H8)rGYh z^RvQWZsy?~qkKk*kTj0ZW15_#X~u7wPva$8O+rH{nt7O)DRwQuu4Ag%ormH?S`YCrn~J9 zV%ZeKXSHNeC8eFGHqASm4Lw;Z0r^Xb+V_A?f>$>gsVk~|nb#H=?6sq82Z?dzrqvN# zzI?Dg)AoOvK8jG1MhwAEXrem{b{0lM{Zj2<>PQIR_Vi^qDwnmbg;7vb1pk1Gi_v#n zD|xk(uHpf(lkX9c2Qxy2B27(bwc?pSr%5znLi!dZSp0JM#wXwMjA%pkJ%g&D=`7|& zB(O0yZ*gi(d8moL1!5(=R(lu{n=`n&I3`0SCOTEWSKHEuA=$ZwO?#+*4zWUOHt8O! zi;B@%GK;2Dmf`V{fK%bFMg>W@lh|BJ7st&iA-^2H8IqlHyGWFT>>W8o?Q$ek8+Y|( zj#wm;zEfoeGcH(yM|sJ~jNULJxH6U76OuU4vkQf1o4+SoxKRBtHiX6~W2pa>alq_GAxx&I!st#QDEY8h(Tp#cf3$`YrX z(-2uHO%@-0@~bWdxcp$@K@mLmXcDTw(P1Z8Y@`qKs23yn@$AL@EQvhYz^d2sT1O!Y zMO8G^$Z}>j&9Z^GtCIu6D=MUh)-o6brDm7| z3T!a#7sH+Akg*p~gm{gZOMyL$=a*6(G;EY)LK1pIqZqXFd@NXYg8`{D)F7>% zvvkY}6r=9xZ|D}H1n7`S8pUQQV^`Q-TE$(LHZWsU zEE5n)R9`@1B$_A8yX9F(p3^ytpHsnfS+0v7j?uQ*D9O#buNIO~`BSKb;a73QLIU@U z3i2w;*&g{;?OuE2$K*QUw|ApeF1-aQQR!pD-kCPkXzx2PJ+n~hCsC{lmc zR8Z=mnDJ@G1R~cof+TiTIe*6z?cBGLytAfUhElVyO^Yvjyme)1+$d@+w+M6yZBah8 zQP`|>a&|o@Eea*ew4^0zq7vX%(zdOM>n?j~fl&v0tPx9IoSt8tK0moSeNmO~ntFPL zB(_`!;W?66O9I7^TRy2d(DEtIqo!PUmkaN-%iU@JSiL&CF3%s)aEfZ1GbQ)TcpM62 zw|e%%dQwG65a*#1E`I#+?1k_N`Gy5F7odd+d9p3Z53gVT7uaJ%iam>K0;s$ZMPOlx zaBbuphJp&z9MDv8F@cdQB*-E&7N?41UNcf4sH%dC2=m5#a>^unT`jYaT-s|ZG_H5h zwU&;L`ZRt^h1OU#QoCY&SLu{qZ%08EiqTE#8>HFY*jL&l@-rfRYB- zJINA^5@Dbo4+gNsljpgRe14(1#0zyS$D4;alQg7~D!xIJgiGq&d})z9W|=o-iLV6U zaUR7X%b;*m_07Kj$UhhmbO6v-1VYkzdQ6f$jt5#+AUF|)pT6@$b~6wu3sglI4}|Eq z`WS~4AoV{%K6nvFLVoYOd>ILpB7hbkA1bb;?!s9S(L5uEt+c10UDqq0io5&~HXM+{au`1UOC~j zXHoS+(`p@!Kv4{V>M(GD&`Pk3&r$Q2gcvgkM2|RPNwxb$KAxlLF2wQ@;FbOy);st% zX+e*iCB@Crr_*7z41vq4s)=hyI>TF9#tT>HWy*rmg3-F-LT+<7k9pdUWi*#Ojbh#a zbXC^Sn{*CxoM4hf6O!c#IEbFB&7AOreE0onk-jd%E;H2#Vjf&S$MxETJ6yh8DkXLt z>`+gX@mxj;bG=zLCulwZNV5ZImAO~|tdDczkD44iSdurOyLrabt>McwOM{kPX%y>& znCIb17ps`5Xx|{)1N6 z)2~}Vw0Qv}e9sn_El_intJH=(OYj}wex_-f1J6*USYRi~vz`r5JnaOouU1g~!X_*+ ztypnfMKA^^RWniT6k`)ONi>>F-OgA-*gF>F615yykqPRf2U-tj!dzc;Dnv`LtVtfn zNCsBjeT9FEa$@!M1yfxXGmt<`S;^{@HMWLxm+KJ%i#R<)weO7wrLDQv{j(-`AVCpl^VRVorDrd z>=ilELMDom5?rI=ezavmLZv7|o}a!VHxVT)xrs8KfMehd%_2IE+mJ(6Xm-^|2$?ZD z|0bVISauox(W1MoO^a$a!zN&wkKr{D>V4X3)fDg~K~U5J{Z;6q4#=zVLNdI9o<-A{ zCubSYr?WJdgr;e%;d4b3ABC1@N-9)GFCD2U5+upzV+I$&>|M&TNZ+{v$uVzQm!uPv z(kg(aS~sWBHCwl@OM*vlFh^Xqp^?8$?xn%to*8?j6^>I7+VFtsF%)b7`0hmW_DU*h8iy zb7Nv)2pxfeHt(|iwnlaXg4hyY&hjzrMKyyfVq5bEuvSnkJY+Za^xx1*KGA|WN_!{* zfr&%HNtA$%6<9s6I3*bi0dSPaj80VlN#3$81U!R;I`Sn3Ev{4Uh$9+JYDSxQ8_tcJ z5~*rv^ihH*d(c*G-f~QaX&iVVyBRiEM=To)1ol>k5xiPhHGiw=ONRLen(Y{}*{%SZ%ZF^X!8=F1U;4tXXVS_EOb zSaasmjm!m8NB@LQ0btC@(pN+<6`Zpy;^C_NMRFwMU|a%%eDt1jZl7WsyR~gvO$2H6gv)zZi*%c``NR+|o!2jn!VMj$}-v zJZXiVAJgEv(6A_aPtMPDCVp(9-( z7LDq=QsD*cLonMTED3lBv5Fhdw^|E`D|y0Wm?bkthC-?%?lcO>oMls8+>m5>tl>Vt zf7T$LEgMNTf5qlJTfB_s(W-;*c_}d}2j=jC#PG(9f{_AR6a$ijke>3emDt9qVTrv! zO=MScb@CFyTA8^H$>dC9OH+ex0TGjPffL6Lez|X(WUGp@qhDw6hMW9y`*~P8>O0UK zc-K3lbi(ONKg&`|gPC*G}d7I>r1#R%+mBz~ynm+jd!v#tN{L zkwi;u)i9r2Hk3C9{*EcOx7(x_Js?JW)5WWUh1xdq7@@;pH^Hik`;(RuyI2-lnNs!8 zhzb!+6EEeVr|KBB6ns?}Ne9(i9>NoiTw;{Dk+9Hh&E|)1&Xg z^igsSMl>k1S%dU8gQ>OK*;rl&ypxzl%V6tEO&vam)Np0(9OcjuUiZRY2ejiT0nXr? zOjzum2I|)8LL0zhWuK|%zY}|c2g|o~WZNe9 zT|xG`Afc8BhC3RE3Au8sOY@2{VITAxril?@l_Y^)CWQmV$}+X82ywyawUOEFk}X_= zBRKOAy0XYl)06Z8RagzDxWxF@t!o8_P?zWy@4SMQdurW#bDDbBY_Vk8te~!5BoZ>G zY1=-fWYr}V_SwE6eX{srDJZhn8Mxo;I;<&`l4Z#;`G0o)`yYRLyZ?J<=a+r&t2h7H z`EMWo_;UAu@BV3i{9|`_XXlsiUwwCVe)=Zb{qvV3pI_szKX-m%r*AqIvb+1gzgR+4 zX(*yZdOY*6B_(sr`csy1;4C337-L4cO#xC3ArgeoBWYYZ94W8uhKqn0 zP{NYeYY03wQG3JQS(sSoTGgVREaU!M2|>|3#dsUA7Odx@4i@z}uB#OZ1Pk&kl8fg& zk?dVd@V&|H6N6EDr8nqL(pMi`pi!b-v7;Uu#|3*3 z#JF0ww`8@(oOFycl;z1uuO_S2^WE7CbIE~*nKE0TX=c@fd-++T*>>h5HS$N%WF6Sr z#vlJuZCuJEmqPPSBO$X@m-O2gI$cG17tQIE*+PujWJX({Z{&<7cz?USEiA6T&Au}Y zGC$(GKKYq}MMoeZD!_ziw=@fhh^d%0-Ze%}u}BldECjZau{5TEF(II2=nYFi2*+fI z^%~a_VVq1tcB7q2M#d=jSMXKJeuYYo(FVNfQ12K5L1Ig8*Z~fV$$T9%l-B)P!od50HvVTaQVwv^G%!gXW7(Q zI|f8$6XyyHThEU+=~8-~*s6LN+-ZlTGkR$=@CZ;GOuwsAv5gh)Bgnqiq@j7>;Rl-%pz^17rGg5X(FLJ-zS$$2hHI@ZjX6t=x)koI`ubg)Qgnqpq%@ur`!RF<->C#;OZQvnKHcqdeSE zK&ZW}`MTFV-JAT}9WVDn;=ste3~ec0N75mRq{deiemZck z9ei@(6~3S|7S9oTK$P6mZw?1EP3_M^|6t$WA2b0Mk@`edyOnVcgPn}MOS!O`FwM_( z;=zoohBOddXl$Dn%ix+VZh01pJ9y(m(J^d<`b zbN^i!_#gsfqL9ll7~tRa77i@y^w#Jdef?QDqztV8|6~8)&_DPLndIO2>BRrFC;hq` zz)Jj&Csq89{l^D~5B&c=o-ON0rXvC?sjfZ+{6WF9E`yAwMxH{o*}zeB+P}1eKYUBM zQ0#Bf#7`P#+<=fRat84jnFI~j4fzN0VN(%)u>lMSk#wpBFfpV0uQZQi3=DWo&L*$9 zJVy+K0g`*3$1yq)p;WeIcda3O_f&olU3Q0q!8GP$43@V=uC$X*z~?EI(Kw1DxxiCA zh62V#r0=K{;h5X6R_sG@Ct%ObBE0`e&?-b7B;F%Esm<_#%xNmf&h<0l3Au>b?jGUg zJSZ{?vIA#IwUzROz&?r@uu8Wzgw*;&zc(FH5OC1?WY#b^=ww#Vj zDQLlTpSxjgt;&1Gh17O2P~e4~ro-W20Fz8$tXm22;E25&#j$mht4k3SBi2*NCV70x zq{fp)SI)s!5mdWm6fR~o14I8H<3f=C<^P0SHDj<9ivPgd&0H8mxp5xF(uce1*ywrg;3Of-J#1Wy{G)IF`$*uPlYm$Ao%06(O zht2e+e?+MVz8q09-6NhC^Qkw9Vzx(^416_)ajflqg^1K~n`To%0-C6)GT}Mk0IoBt zqjAi~qd8R~thOJBBhNO;pN9kXPG0#9kC={Qa zLyOf2z#UPE^9{@a{JBXyK*R5IC{~pja~gg_W10l&vu4m+1mf}I0Bgu?1N&1-Z(XMZ zBWLHLQl1X{N0TWt?7>p4YjV#w>To~U+9D^#;5)|gVW{U^VR6n zu`2op!+@;0Io2>RzfA&5jKh5_8K7f{85P=kp9oHb+I7JX(;!N~80vEcZb3klbDRQ2 z9l7P%wIDpV7pr6bZlKGDrr9N`nB{9GRfb~Oj%jdg_G9FcX#7n6C+u$*-<&*mdQ5|N z8Swxz>R{qjEoEjRki)gryGVfViTXf1BCew}wZE-ribuw|L}LyTa)5Hj#?v4Gdm=D4 z<}n*bNvNUXBe_>pr}|i}E!+Wf!A^C>7hEmk1+A%_o=k@(3u3AY{dF zd4gV$F#WJdYdftWEnn$fvt-KzWSwd*3O~GpfMfE@usARK0nZp0iVqIoXj!39-;rO2 z#e`?Vrnq6*7{11lki$JPyaoR_^%KAXqGmm<%{f_Py^-SNvY;X__UNu>H5OaK-< zCm|=dG%2;l$(ASBVg%zu$6s?HvPI%3QHf~yTP`5QTvcH$^!Bv-&D>l{26+}Q)Y63> znn;$B?V`)KeOqi{@xMh#kmgEm-k+Nn=rDUso;-RL*_OH{*+r&Wo}DH(PMci|s zRtQK#Mob1H8Jh`WbfJ~y?YSv3MnfgYn!Q%@;}aB1a9_KugH-?!W0B6W%g}CRd)7Kt zRctPm10rI@{K41{>A#RswFrb@^Q}~yG6pm$uAC~lRS=5Y-95@rqU{k zq38=2eIG(?>0517pa|{U2vP%pg{hrD6%E@Cs(P|JaVAjLXw6L)-6)yd8iFlRBvkv$ zIVxbM{U{jN(jJqOpD)Sj_m|}C zQe0=6MF|Yu;HU4v&JgBJ?bumk(a^_Hn4C0^`2POCH; zsOfpd=utdC`aH+=a!Uyv$3*?Vcr9arhfJ&YF-L)DLMV9E8p)WP7vLNX%4Y*yphbm2 z2f5z56Cv!!NbR0hX4mfqTU&#ahlU7!QfoRbHti!$dr}^{NzCU>(6~j@lxA~1I-4p~ zut1%kHe2RG1TuCR!4}c=_$ILr?(%-Q3hjV-o^f?hMY|)i{pEI_GW40qDdU)Ihdj7u znfYeQGaXtKIA*d_d6|;d=d37j;7Sueq42KtE3SeiLG_}GK+~W~)v1=u!Yxut<4t#9$6{5>qKp(g;D{t3WL3>?8SU zA|u!I9k1caRiJ)`0Y;(G)M-VyMlP(p1ujz5rpg3E_LmkCXA3H$XwA(CCtt19*{DkA zQz~>?)j0!#mpbRhr}9(;G{(TccI^f<#S26`^}>v6_c)K7ynG4W`kIH##ma$=1z>CD zEa}vIb-eQMe3kG}HA{o`jRqxfB6}}1fp8|30qkFISIix%>$3!0@mNPS-f-1wup~r8 zl(ve|p!mDs)K@&^F`q7oNI^^scp_w`vfr5`#l~VzL$!6{|2(N{^RPD0sZEiGA1~qC z^Wu|H+nG4B=lvyU~*8u5nNSJ%0nd^oitq~LRTmWE{ixUgqRBP zTHkTOg?ebL^KIUJR=#KvUdj9K$trW-~>>N zVsar%7WgA$WS&dZ?6P-3oQvp&`2#HY#AGTiXO>g1HNpkD>!)tP3!Q9L101gJ7&PF8 z?=@Rg4*cfU&BeOf7K1IrBC&3td{ZdJwI88stA$ht$YMCF+t7k=Zo*Qa-CPGiWG;pH zeNUZEZvdgkHp8O$V1FWsQKpUK!O;rpD%xm>##SzPu7h32(KRdVKD26nPIk;aA=&=A z2!Z?cFW1k62jzGNd&S?$p6~l__SDk*`WKp}Z`AMIZPl_92;>wqB~Y6?9^D?eA1#_< zVv1X0XtJu8+O?MJtq3A6|It_A9sb9U2SsfdY0bU$ ziKYo0OYl|-Kf^{jr>Xv#@#Hr?#vdVNbDjvMlNKTa{x%o)_-n?q=npmD?o_;!ivZ!bvbP?|7*H zN?C@nt|i`fA;w_iC;gU(p_LfMATihv_=hpsGavMCmA(k+XFlN&{+@G5@s+;+(SL(J zPX8#RG4ldkv;rj<=`^5nUC}+*7(_M2F&k`=Q-d|ACLv}*PM1=FxvJVrtcA(t$Xrzy`QDho?DR;iE9K`>?Rm52bMqBi4{2B&i163OR;o-r|3K=9G*=~$wiQa z(x!!Z#$3+u#uOp8_10=S+bObInl+wl-ko>QQhS&1j4bFpw!57}KuMzAM6-)8=Gf6D zI5=h0Wox)eb}A`#n^%&MP5!mk7;@GaqUh%iq(m0b5gN5soR^Btxd|dCN)bFyw}m<yS9rBGX!PJIYzxbUX-QP8A48TPJ5=)mEKg0g*V=}A4?e-2leJtm z;bt(9J|`yaKsDl3VTI7Jv)J)O(7tH}sY)^TDw}`52Z7+jdStl#T4Pj^?0B&LCSeW~;c`6rV z2dp)bZ5fVIR0s^vI<4Za=+?8Vy>E=YeSXrj-Z7%Gr5szd zNVvx5nf-l|gb4kJ-BM&hr<~(@!h!LRfbgY=v}*8Do!)Rz-3LUaIl&}$X91pdXjq)# zSqJ<3n#H*_M9JzJqNGm^XaEnu=Edb&xqAVtlg5tyi8%)7o=+Gvi1jp%Zg3s^bbdlG zJX5Aa4XDWtQ-R$?fyMXUQsrMbu0Yl5jg?$63qwtC8N?7w$?)bJ!e!D-$uMdvVH{xb6 z*do@v5#M;2y`XLdVHJ{=P~;F}k21$dfF)rL_e+|DWwf2DqXU`KB%0{x)5c4W3hN4q z&Q7mPB8SVBa0HCop^j^BXfrpKPK@ZSQaq0>hjPc&1}fE`-Hh4}+=F*y2vceJ8M(N3 z^8Yq=pJMd-hpW>|U%r!l>R5sQad>caSn>ZpczX2s!Td(V1U0q>haAmdHS`Yb7NsuNQ3#+*Dj7(Df6+1_5B`TLcI7_sih6=Vv-oLlT(`4A7 z9yKP`L*kPUAN*Cx?KxJb7dL@#A}z-}pz-nh_ry3D8+je%;SV21Zi5%Df06M+7bJ~o zgb>8)V3cvm$N5C@T80jGy3HqGGf8F;63;Kn3qcQSr37{U&F4i09O>Zd`VNRkKYX z#YhyG&YtyXv)W&6V zBqSd`d`5fR!_)rs-2Z=_u{dR!@MYQ^3TFBKe{gv8=%BLyA3ixcc-a5%<9Yvn^d-58 z=EtDgnM5&@iROAXM4>vaUv#vkZ(o>8u~ZCgX)6$wGx zfv_$<7|j@Vtx{Tz?w>?vc@mH(NAPDfzsx6-=p7k)MPZ8RsK1fa=jQsv)S-CTg8ZJ- z7$Y~+G=)a^gP$3e4(X+;Lp4Z{F$-ue7!iD45_O>I5cUY!KIkuvtxzP$4%(KJ7q2f> zTDbB_S+MI5ifacfqzH2lSZU~iRk@Z2{jnlmQ`@DN3w~`n$JqzXN87n3O>2Tqy$|m3 z`o|a0lH;$t53ob0?G!A$Z_DC-e1G8>G0t+b}nZc5EZ5#()>fR_aP0VneSeUhD+AVIQYHcmc z0Hi=$zn|pyoXgUZuJb4tUk5)E$^VPa<0UED%5o8H)Mx#>JQ%MlT&DadPOZxdbWb;) zT<*>$c3k%2Yi@3HD$NlZM*%gF@82&SZD(TCOEA#cy?csWGFe0!ah)zp{?Wz-iQw=Ko8htsd`cIOB+WtNvJ*yuBtx8$cE8rxh)$Lv@!y+R>9z7c z>~>l=^)k)4gP|PR3Ahr??fPgzQzW%FyTsj^+3#dWoojxWC^2R@r|Bx670pCGjb41^t{_L-vrES7!r8$l|_hYyzG>ag}Gr5N=m z#L=aioenRq>mV3401TVaOc)3ELKSe%GlPHVf$@h^6vAt_8Dls)GNK{UBpEYnyE<(Nja3%uOIFt8PpiCnw*Ty)J2}NR`>@OY#hn3c{r|l@4O|?&^z?OM>0KFM9L~n>J`ZVVF2PL}gIQYWB(v`q*}uW*Q`+`F z;ZCe(^aYy$fQ`1DTGFC{wHq!PRJ)JRT~_?-~$n1^?fF`m`GV@#yJ;{n!0GjTf>dCvnGE zw&Flhb)9fo`8v$X!`iKtDkRk|D|ccoo7!3K@mOm55t|Py&4k!gsTyy|%fqJK?kkm4 zHDf*3zvG6~JsRNh^?&&2@ljR(b9D6N!T;l49(PI8G!;r#t4?z#u$Oz_)G|a72dyNp z;MW(0kC-#_?#d|sg4|#gCun5^M$02UzILaG(B{gf#`#kxX^O2@N?uRU++8iRiWswz z*XvCT^cH*`(`bHW*p~JIEGcnJsmBI0+s;Tr$}?omS@O(PW0jg-#u6-&t(Y*CY;6_U z77}9S4gs)mC$^U}V9xuZoVtX6r&B?r5~~CpT32LMAzz^Yu4Yq95oD;#0CPg@x?=Nd z@1*MB)PNjq#s&aKrz2Z4R_b$t;gr_y7c(hSP|F>EO(e?_nk~pz`(N#oofhSxqrBU1 zyDck(H>aku7O-61fm>ZS#bMXFy^hR2sm`4q%mW{m+!SlqRD1rzi(g-#ygIcX2zqvZ zoALRv^OB%>zt#rS-lIFUVHm!H{9do>^8DoaN2m|+Y}~#n%`XB`tjf&G?L8Zrid4I} zo?`h@(q*gK-IpHmJT*tZe*fN?*413@v7^9`tCnL=17AC9%}M_!`He>j8SV{Nl2w^R zjR1_*>M;=lE(*`$fx5&rm(xyHWvm*hYC`F2AxnHYRzqq0HT@*jT^s6pcGqwL%u(WNaIL0k>}F#wUXTxz3$5$ znZ{7Z7rPyrw!F7%cxkVaO^B8r66dRe9@1lRr?__1!!U$8AXb(M?96I z>t|vF*+y2=)2FhUv{9|k3ND_KbiY10dBtt6ifG*G5Gn zGvR^se1*A+d*XBoG+Ml&lJ$pOcv0j0sgu#pgKU+$hlV|eD~@hh!h|@__?WrpF4ctZ zm@FT~Qkr-A}-q+#h5IqbSS*eA>V1zY0IxOLWI1vNMowiVM(h}-JbG6<>ZJgQ-2)o^q? zu2-s9d3bM2zxGicdX#yHaOBZ2%$N{gw?YiHvI$jIo(h>UI{#XA!0~8g<+0<+BpsCn zROmDdxPwB<9&9KY%oR?g@+ zswJhVTTa$vuWB;3@3nK)d}#b7d(UQepO*cnq43g_sbustdmpaLfK4b(M1gX@q|KEh z$FA=xo8!vm0qM`9+wynj*yRE?#J@Whx{8}u8Eun*vYL}y5#{g1&O2HR_hRl;D2|Enc=?}O`q^}zK%FRtJAqRUFAeBXSmrN^v?Hsx0MNr&=clW|77X zjM-4Bn`gZ`TLN3U6tu;@Y^0~Hygt-@6lJK`Ef-olDm!{o0~p@iX?2piYDY~JCYJ}} zyLC*AyjmTrhI_eDL=Vx!0Z@0_vX-eW)YGdO%T0r;jp?KX-eiMTR=BEt2HAdznz+Y; z`m6ZG^|b#*Fnf!@-^~bkmHq$0!G6X5_tD|gM-TSD_wl@cuZr)9=iwIGg#)Zw|BsIzRoDOHr$-O#|3048m(W!=PwV)DCyTp# z{gec%Pj1&Q7b!a?Kcw{coK?JVj>&dKjiS2>mje0lVf!!V#n^NG_e6fdXBGa-ll`jy z_oIXTrw{A@KA!iR!+$AIMG*rAxkMS{#bqSAlqi`xe&P=(Fl(Z~RMjcvK?J}OtZQqF zykN-!!o}+MV;ju00pn#U0E;eQdDl94DNCu;>C8cDW#uM)bM21N%hnb_;Bb?JCsw-* z>gsY2lu%q&W4O52lEopgj-1ln9OlzGX*jKIv%P6ulW4~VJi`mHS;ei>W6^yu(m z|G$stea$uTMI^F3Ra@pac{pWKW1xb`z5kr1bR5M1nB||GpXtq9`2VDW3~}aT)_lY~uPjvUdLWXvQzaF+~97Y+6NExe06d;Kl}gzp|Ipuy9$HVZ6$hvWgQpJyojR@Cpopp;^5=JAYn&aenrqc#-AFiTF`4y%A=4%#O+St6azn_2o5BE;yIluw%ZA zlKfpM9i%x)7Vte!Q+2LMB#m{5%*GAnOF$P=B9f;i-X9+^GTk*`@cv% z2Lp5?_rC{+PiyzTM-TD8@8|i%`+q;o(2oWds-|^cz)%df45~Vn`U)aTndoPw=$CGv zeV>n+PUL?V+4Qb%u2fPr5Lh%Jg3WJO_MFdCnlUo`4|3oiJofj!{b3U&5Uj`z2fdA> zwEd<8*HuZw-bt3g$eMI!19xLcZ&!~45mV_+bZFRze%a0igO?^JfCwOX_WEF^pL*T= zU7ow~|85x2EA@YmYxvJk9`66|=lM(V|BsCsz0NjpciiYZ)LuY3L)?O9Q0EQ6I&TEn z`GISHhEGra@0bmD2Y_D1|Bnu8_8cAJUOh%I^P`n|UCSYFod(MPZjc5RCttpyH zCFoHazA34h;AqocQK4=6WvFJ)aE}acsSIYrH^x1sFknHVjriJ`$VQ56DQi%W@#Hr? z?p*&^msTf27u27Gkg_>X1nWLhg-TGBPSaF0QB;(>22D0tz@~{R3hqypg`~L4Y_Wyh zq5fEjTV06=BN6Z$mMxYns&dKwDFgn>6G`KghX6qu(3oYNX*5})WZFbtTk-t~)n>ol zd#^mLYKH1f)Y>}wleZC8upS!#RNwB*n)57-5_d~&A_WUwgP3R@Nxb~N%UW}a=}*Hv zS4XyFddtQ$&aaWn=i1x9^TZD4kxyx01Sf_5()7`CdtLy7qyN(XlXVSJ!Q@5;jDB&5MDhAm{5Y)Mr?%m~* z`%`v9<0$+TLdS}V*Juf_dnzRjX1$JaUAnnecxU<$fANdekiGTu$&4jZ^P;81Nq)_e zjNL@+wnP`I(1vfCimqy>T4ons@zNk*LM*GH4rBI3M+EoU`iqKvV<~NA%$<+{{MYKK zbcKXQ@BRr})=shpO(1OMQovf^1o|KC0EyM9*P|30eu{~bMg@c+17wi&h)`C;2ILa;g?#uh95`^@UOk9H9qOYG7D|&Hl}VoPkh!oT=67S+<;0b~ zmEi5rJ9GpdJyv3|c#TNoo%*F8uz71U`V_MSVa8^D-L2(yO)*E~^c`G!kS$D1-;!qM~sZiDL8x?c@Ek&ew7L}5mbzwTMMc51=g)qZNH zygh!ScD7Lc^O`4)4N611ZQ5Garml5U56eD2qK?_K9zf2c2cx{t{8>-_qbQkg$o~7_ zu#W$`fAApx-N)0+LiNeZC;*l~fR@g8AImT24xTG_^jm4~n!ZpEOR~4ZB{YSQxR2lw z6dZKj~^t-;f;+hOjT#`ef8ns1;VQyyN`DzCh}OZ|4DRX8WAlU_#i$lZAB1Xi}% zCCV$?Bs=@dV5+s(4yK@mWa!puEj28ebi_!enn87S>u@ zmvMz{AmG&l8zquuH#9DYG;d1En+`db>nEFf7N+YJ2B0hIFTGwxL}MAfDS_BXKW0uR zm^Z8HH|f@`dBzhn+(qTiOD8&g@3L`LT`<^tqGamSQ2SI4Bv*xJ>r!?@#L(UpXHB$b z>rXcEzt*@@*75{Zjd` zs)Jg}X`p8nvvx|lH1RX)G+kDLx3w_x=8jpS53eAu8*Z$*`vXIMV8{;)`GFxnFyzfM z@@V`g@9qp^gb1FgV6z-0e{Q~#Zx zyYl}o&HyX#|DRUxf1Vs3?LYAU`*=P9|8Fwa|9fl$cd+r_L>D}ufj&HapPu~xhGjAe zDu^tr&H$_I|MzS7Z;u~8eZc>}m&f)0T7mBD!1WY-eYjhMqBN7^oQEgHn!ic~P*IH7@GU6hJs`%pUMW(kNlsxyDnm z-o56->%I}?3e8Z5CR&V#&^RbN`pbro-BnLDEm%!2w~8WdD%U^`ekm#E`WChxadY|( zV%ah$WAV=IoT^H5WqBLy!g-X`skHCbpt2}$HI-;Pq9w61l&v~ek2IcbXB&JYs9oxl z^CgpwMgy4Yg$0{yQp6(P>d&}3E~Y#Usnp9GGrDhj@{0#i?eG6|lK=b}i|5fa;Tc<} zjurCX{^Ntk75Q)f(F6Yb{XARboJz^EL=eddjxo8Nv4o8CD29M@DGjdalnH;ZMXqL% zfDn2RHC@bD9Fu9x$7rt=CDT2)a+J{xBPo?L=RHlr!4^r_6b`{;C(YO-ddEU!YyV@{ zCqE?dg75@#Dw0UbG7?7#^9TNm%U>@g&)8s#Jm>Q{PsmTtFG(0>V&G3BIfDNq`2&Ca zM>c~0n-{a`Nd3?J6gSDJC}>QB>pUfsC}v{tr7v#N!I%D+UJt(X#rl7I_^7h}51u}p z|L*D8BK7em|77u;JXh0UFgQzuq;V`D?&L2GiRqLj^3Bdn%2XVWM$<^n@-Y~L7iPl^ zlWNx=47Rq&cTAECmU0nEo-N2(GU0>&^*=n1NcK*~Q6jxC5=s^$p7$Svw{PDDJP|x* z1GOcQjHR5=Fm!yiJ#{?FlSnRzA*t!3uj!2VNR{N_K-c_82i{O?zlXtYZvJR_&;b5gX(Ni8&_vZKy3frJR9hYC&%a!p zzC1m-JpJ|c$*a>hjeXG2@#L3DOsC?F+q4q!*PETK((hd|W--6@e=T){CSqk@=yWT( zL$&(HBwF6?JZWw@wgk4OjLrEC6GSCa6ZU&M1y$84Pgo)ap+fK=qS9wNoUuwFgV`bxQ$}Y`Mrx}F}x2^e*fNgNt-C|d_1=Fo=$rgDPO*6oiBa@8J ziI8e`H_@a@Sjr^^ga6_=320(lA0=KI(|{ch1_wU*Wy&P1NzFf^WWwL!}W4ChC-MI93$%5w@VH(}W3_P6ING?p^-GtrhnNk#A89m9#&5^(F?+*s}uhA2U zCRTfM=lt|_4dSFA?l zxy!=_1DNp70kAIm!we^^H1Z9bD5+O--6)y1tc56%86Ux9_!ZX0R#24Z$r;0`TQ1gNje8zO8ZrG2^%7231KNmp(3ewJ_lu z#99K|%VKru4d`t>^IPk<0I(M<0O=i9#M?@FZ+-I3f(Rz1{aOQBM5D~NdqgUJjdSZZ zienAZ5AwgtgjS@55)uvrmXsZ{e*P!1_!PVT;ELN|NsJ(5;vR8e92u^16FY+J+(eX6 z^0s_S_7w3UdCu>Ois{L zqyTRu!y$PyAfz0p)q=n_OpYNYw`L%y`<*h0vj&z;WtdIZh(;zg&S(<+F{@{{$KH2^;dc7=f8yAW-N{ZwQFY7<0;Fi^^LYCmwkO4#rKzHKB(Kw^o z0Sk3h3CtmVKz@DBzd6G0ZiUU*DS@BoT?gXCssP#gAZc1tc) zG3un4Q6aNDka<=T^ncJZ)*sBcBGpopkNuDb*KjE_A7yr?w@vv$6ew~`ezyf9Ib(As zMkoM`f;@}(hzh}^7|mH2(d$U648KB-Ut>PyzZ#9bFK(uTYqq%MSqMEEm71cuSl2Z0 z95?I1oJM*tbjE?kH#Fk`9n%Dm$@45OD0aAVIh`Fvn#EiQ5vc0l-@)vTavYs(B!|S$<&+EYqqSxP9l?UPP0JJWF9TaR-`exQp#gK z1woF^Xg1E5QQVN&l#_8j&e)Q?Isv9`o09et)N3kY<&0h{m)X0cWW^pau&ese|H|Kg z*tb9br|n<0r>Q!B_i_kM<7_ zCP%^HA*Dw_I0>FSeRdEYJ^Jd|I2f~Vyg&Zx=@FfLb#QnvK6rX~_~^-3Pai#+j2|C7 zIUGz`q9&y}Ob!qC50AY4Bk%C=YJdND|IzXOSN`LJM@L^hIXpc4{|_H{(DJAI`bV9^ zItPH|>;K@%)5EI$_rc=_{NMX|wut8ui5=! z-wyO21lUY^bAlz|p%>50=EGY4Db zKMh)v=aEas$Xkb3zC{$jG(&;g}kfnJXYYQ%NHhInEdBy}9nCWTFOn@jN zXH*iJF_JJAqGDWSCqRY3$w77G7NSE1Eqq;x!5JjKyuq@~*@aE9{8AU?0?XI#Aa0Ca zxY>!4-&g?ia;}oWU4scyM0CiZmAz+k{EQjIIhDce|M0QuQQNh|Hsx5+{Q^rAcz>YV zXx%Q#BcTI#ddW0O-l5u3)8?rbOW zne#ls4xnLZy8kym-h-7lkEXL??Lt~2=P8LMa8Pp2gvg~@3qNObn4Zt}UjggD8w+i+o#w~nV1IvJ zN_n*ZO4oXcH!#B5D@Vz+;t7O}jCitg0hS$sus2&^Vm-1m<~-gdmnjRPNyG%X)tyYM z_3OS?TpV{ZDA*AoFq*=t(+c>yFWwH!UzH)jp@y;z za$dKRRTcv?_;%p_YOF!>m}SMfg9=sCWygj%`QHwlAF$;NltA!`CUnX&WJk^m>oeea zcoM2DY+sXP1YJ_H3R}5v1QuimMMki_ zeU&52JIykl2{0ndzsm(~a)xE9WT?DUzPNpo8 zXC^=P-box26YLs<$R93PxTj<_FqTHi1PraU)taS4Xi`{+o%C}gXHi0^$#kyxnYO*z zg9CXP)>Cb<_AQ*(RrM#YU#R-kCW#Ff45)#PS?~OcKA}5OSAJEp9?}#zB&s6xDxA=4 zN+tVRbvY1WT1TNPLIEa;N@53lD@BRULeh*+qL}$w9<&{IY+e8ahl_!_Wt@?qlGAso zIt~~dUHj2fC(vUuWY@x{bNUBQ=q+L%>zX}X^U%#j?36wx5IIfg5f!}Jv2It}0SJ&~ zsa+tWQ`3{AdMQil~OtYnBjNv<}!YrblFBJIzUykfHhj?}w(|)5snzV$6WzF4z|m-Iu1X z3Q@RJEYCugl~gMZU(rGGb#>S`MgN(eEdm(nwqGq$X1|eA!;e9#XIadIsAbo4{2Zsa zQ-W>!FEEMk|L{TPse^BsY_iSw$zCJl0?870uc;JA2Xb#wB z4!KA0Y7vi{N;q&!fT29ak%T6>FD$3)(2^HtmnYx6JpJ|iAHO;M_44ZE>h#xFr&kwe z&o7V3Q0;uS|-Kw!DhZhH0rO+I{p5U&QI$F)zI^Tbc+Tpgb(FdLtGFh0Sv z&iem##^RJ^!k1|$Q=k?0KL<~as`fuePo6y3|J=*-{{84naudyuL3^rB>2i^>uji^; zf*Cs|UyeR}7z|Xh!G*@5qFSW_dt#w8((}U~{3zh??XEwW#`+kTK_Nr3Loh5MymlfW zQ91J^_vMV?D>Bp7ju<}Ri+I#7{iN9XxdW9sZS=Po1ac-W^N8GSi;4XlXhH8uEh1Yg|-wya1%-14nj zf2i}VWO_2olYmNg#b3O>{5g`d%X~74-q}Er$Pjl{6{Gp)E*T1)e^}76+t}Jw4KnQb z(>2Q35I%0hD)^d1JLu7*y{(Pc?rQJy>hZ=tc|Vy3!NTc4V5Mk~C`)s(nfGb>F@)lu@Z8bqXMV`KP98n|)@H_}MK;)y4sX~IG;5+XM{ z_9t&=17UY;YR0()E5gsDg#|sEXxL{pcrHbEY@BQU`I)q?MA99bhwtHz?K5eeOVJ%0 zhc`=~NxL*LO-+L1l+3e4poRroPXN}Te#B{Ow$pK5;VJAvDcA>Pc!(j~eq?1RU5^YC z9x^d3{Ti9ujPhF{sjR*OfCu|7P z=a%LcvqU_u_e6tT2fmrpl!R2$-d*LnYp%tJ$pTLU=;QGky1BNqQS11*xe_jI&mpyb z1EIb(veHqY%XruovmxhBW5s1@CzGM#saXt_AcRZyGyR(9Wc8~SBWA`nTavWfk&snZ zBui~bNM8$*wyEAe?bn^$HlMHZ*$qVlC-2NzHf0SP!>TpnlRu%wT2)jUwB1hty1b75 zw>S@Iu|$l1<6}G=jI__48yjxL{m;SUr-xpxXA--x~LBFXciO zAJh;1rCy4MkdYqRv<{DnMu0<+T^kth!7q^q0l0uw;z@v|K$oVrG;@V=%?(G9G=#1z zicxFsc*ZmXXKadT(C+`8*)zv-CKVWe$J5k4!iCW%5AM@75{(q^r*uBj~*ZX)#JZy zdSl&8YirME#{b)6!#!*RA9Wj8FLa%|b8lpz`i8Juqo&%;TT4{CMx&C?kAdIuQTzoj zX3)oc^W47!{{Q~tD*soXANc>@f&Y);RA_nq|KZ~rb6>UQ?zY~&;+p(UJHh9~@2hQE zm+hNqbY=<~=z(Hh7VGLA&Ch+6SYuw38COLiS&D1WzTHKcTEE{DkL8XM1g5jpv-+7G(gQB$IW)lxmK z?icu{=nJhZywDgYLo%!Yv<%4*vRrU3hh4j=rDIB+W8AfzkbPY`-wmc_XKeQWvG?}f zZQDq^@bfo61s-|##Ll&3%XXYrXS3(JiM#9D#PzY0?d{Xs6G0**v8D(v0ohjLKA-&_ z%m5(37m4y)l2-g9u}HiQfWcre^P6$OguPuRk$Tx~Pq>h;R#ta!ubiV($38paYFKKO zWxKBya9uwO!puO<%Koe%jQa(vZ3K&zvFHplSxRxq=6QlkHg^&fgZM2OP#2}fZ;OXt zQ>an-GyX${A<%wcp8aKfEgxDZXmgSp_3w+_V&O^jl!1vpW zBYG~b-2uYzDt7@gR;~Nbc9Qx!AA7#gtM_x9|GK-o#rvO^FTZyD-}U+LOF92(Q_9B2 zzpp{zSLoCieEuso^x=+w<&y6}hV_}R_RI(LT_5?(EUh^56)A+L6=SPeds13#=u|B3 zOFF7Shub3*!Zq7_g~(ntX|HG;g>WDI3SrLjMC+s5`slVkx~-3H>*q5*4{raLinMr! zTyp-~-|Ze2&VRcHFAu-+^WRtUJoNdGY}S};l~0B!KI~j|2TW3PK0M2zPjKs4n}R&C zDTp};<)C*4p_Y&hqG5*+!9HVGDjTzCHwd_|5#cuw#jyeu$1M;-azH@faF&ELk+`2F zJZY(g76VhLPD0x2{z0`AAXbZ z^fgWCAc_I(*dTtk$ z$i6{Q-Tn;ub#hI!@aXI$&!iTNkSvjilK(oU(NukPQMDHy%UnorBLdu34JKfSN^P z*Vv}V7dHX^8bFhyVn0c$)o1&-;4v07oe~A z>W)B!?v_$r^rLJvb~`EXg{R$7>bS^ygIT!2e68&BtAC8QzP12(?Rx7!lr88I{=e7V zFZur+9(?Wm|6w-Phw0;j$K{}l&>nJW{oR5Y)9|vc5z^BF=3m27RZ1Oj(X<-lIkbng zJ<9kLT9al`B1fe4cd_$#(RL6TE4G8xfZuM(e`h=g{{p`j)1J@R7SCwJW%hSt)n;n; z0%IsxyGJ-h280abs1W*1@0H8#Oq*EDHQU?OlS26E)(-GK*1qbtQy#V|!L;h;9w9^e z9jtB$rR$N{(U~DBbo|iP>+|EI_s2Q_Q5lvG-s!~%Z?C$oGMEYC>#6tJ49`X(GiG?j zK%S2AqyGt;E25Ack4A91BBwlIKPGRo`S~nSOU!VDb9NQ6Yuh;J+!aK&Wl?g)htNqU z9vaFPkIuc;&wZb}Y*QX%Yak;mv;R3bcv*=5aPZ>gI{wR(Jc`>c-D}(JcCbNSW2|*b z1dB%qlT1zkaCh4aS2;B4;F|jN5p0C|U`Iwg3pR+#4WR^ev}4!^lChgoc!#^C{?O!?&J)w#g&LNk~1lrN4BE7ELXsafCa3fMUML!Ka zTzSPO!!ToavFR-qNJyv!%N{w{|7Lf0LN>^Yc|Zt~U#lb^b}$J+VMB-29a4h_-AS^j z1$DnZ(x$=w!btRN#K0&sq3u@afL}2(*3%#?t_aDoH##o(7dPuYsBdqaht!C14>aCL z&hMjy#_@dHk_=c*i9r+>i6Z1ourGA2_?Y4kvs}vRmwdT=^YRc@OZQ<`OL-Cy5+=f8 zb?^&GYC`t;=}8 z{S^}SybZC;w81WDyOS{l*aT2f^+Q{wpp|MI4Z$+_lFeZ&al*%Uh>pTl#29Ur4&=El zj4r(8*u3Px_K0h${z9+SDyUKN%W6E?g_JhR9`dW9gI6|+nka~b98?@)mZm(Dq-8E| zRFfaDn&C@n~J6=Pu1`#PiSq(aVg-G0WQ7EPl;=(X{&T6WwcWh z58AdHnz?P-xJ`6~0o{uqXKpJ=!dNIs$}+tXLqzfrgRA@3Py$fD;loVeIZ6H9b|N^C z*XQ3oT|f1Ve29tY1r({6jcu~?90KlYs!eA?k_o+H4&{W6Q9sTo2LI<^)m{fb8_fNP?T`l?A;wG+9kc?&D1JU%?7|Q|Jm-D* zq4?Z8<6q;sr~KClGkTf*$KgS@Apae9zk2-VujF|usOBdS10NT{cyR|-wNEpPsc{(0 z6-?0@?qPcTDz>tsNj?jACwC`z94AsRWg>w(UAHU zFy^JUeeuwDAeP@-51psgGiS2AP+`=SXOUW(aN@3tN>H^FX<{H^m| zm)rS{3U)^2gtQ8~b88FQBPMk3#i5u@U05nx1#0k`S0VCH5sS(%81kh&Jj#1oOsIKm zP2x(-sR}%#BDUZ|qrum}R^3&cZvx;{z_3!yZH95R3J&07BOZQ!T*G#Ao>T$GcW3Ow z3S7g*=!GTh!j{9mDj*759(`7uN|s86-qud3@*wy?ccpP4ge6yHXvx=aKU};&KL2=n z^zPUx{0bw8E~2v5Jrx>k$~`?lIr{kaqKz|wVx$)OeNYUR69kuny5 zybnecDUGt4(&aSWx%@_0+)E4qyQ57uAiKy*&lnA(gb8t$@d0y5K9Ms07nA-dpsnuC zgwa?|e)m7|O!mmP2M4>(>nMq2MB_IsrgLin+jSD8EQ9?EX^VgoGGS4lom?he^YYPZ4HNOYJUQ*#yNLr2fRyF1h$gv5))0OlWkUWG$;rPl zOS$1sbpE@``CqIUDQ=nmuUm}&xwrpfeg1!%$KKAX2~6T>kkM?87x9u_GBTtYBYcz_ z)W`|bY@hIqBpi%ojMr8(`Q~Xf+v}&vbGP*mXWGULVA=YAQS|@c+dq8qwa5SXN}fd? z^k1poPn`?&MJyf>4i5IASV^-nlV|4GuwPOD-dEdq@b$5^d#ryK;$vYQ%hvzPZgKyA zvA4h8|DWVpCekiM`dAfyW5voGy?8y2#=IZ>H}%w|J5%NY4# zHegx8BopLEqx21e=g` zV5>AD7NX7sKl2%Y|LeCzP9mWjj#%-(^z(_{|8>)}U>r%+2vxhSTWxb~y%uD~*v^y+ z$uheGBH=Llzbm56;kh{5rpGb~-zqPR?sLG|0 zl!s{ZETWJNX-33^&*G2_a!ckQ0JVIi!%EOA8pU)FGat_4PDOWuV+twZnm!VQsTr=h zMaWVH=Y)6;4sp?lP)XD{NWv3la)CXP1`)6n2h}Xr;x?gE=*y5#Q?6~g`}QDV?yLG} z`(yOEc!Du@-e)|_j~?5kpYpJrFR0F^dXraIsK&mBzd8gc1ev*D+lmSzWy5F`v2YtY zadi4dQ8M^$PIL^(Z73-9d#cAL^oFfWBK4W!ps1mWc{0}a@6^t=G~=TvW}P7TCwa#+ z#;*X~1nlQiE<`jy=P%>r2NWRv1;AH3VIUp7d1#XE230VK;a%v|ob}&j=-I z*NTy*fF=RXaMzJwdiEJ^g@Jbt~0;aCD1XN-n(q8++ie>hJtcthEgCl^e1iVM~qA#}`zS!Jf22!azJ zKaBagYsu?C%!lgT8g_;8p z=&&P53{EX!j?PX9T5-T=5wvO`2&55`am)uaj^~Ol zL+28(T2?=%I>?o(Ldly0rpk*FhbUIn(>GV;{cX~BjRn+i=l)*(Of!Bn#|aAyU37?= zf1_C(qaB^DY{X|tNT>{cnF*FX6J$J7ozpXT=w0G9r|=-=gT)li1(GdyMg+kvQQP`0 zc|T7Xxg~FqxbT-4W)aYf+y=L8_29qeKkqO272J~Ah@|9}aB#6Ax8#B`(su;LKDi|) zU{q%il{5sEhp7Y`t=$x+#sk~dXmMl~wxhz5@fL^Zmh^x5RW;?ky&=^zMeR}vAmTyP zG&QJbEQm5bB`5vs*IYJXZBVpe$A82Z6In^FrJm&BOsq zH!KaMU~)@@%oGE@CH+=Q6>zHLV!d9S!?MX>x6uxHN0X4ksi0AJbP2jQkaF3YF(>rG z{+1WeL3J-8zVhTa%M?e=$pQknT6|T>)K-(t@*TlSuu3?C47t!ln92iLnA(O$0B#Am z4<{p{WPZspS{bG+_#~P~%;zluCT*c>Pks$cwl8b|t=J&H0>6x}BD$~*IzR^w3% z5DC?q^2EWEhs)-UM?5s|ZnRz5u6m*}jvKn=+T)~Y0g~XtH_)!*jmD0fXj^l#Nu@JE zVs^#it%mHSrfSV^U<1Pq@oj$GFSEasgbbC$sWzdIC(rUt2(%UDQ_yW1@Y zx?6tpL9h&8EaCAf4_D&u<@V{m7Y*twM$DmiDS5-%i`lU9LIClq<^0ox>CnGsf@n>w zJ^+>vGjmOLEe~3E&|9Lo>n-VbRk`|G?!@7aRUAztDO$Zxttp%GY~Jd%zS(`(`eVDL zBpW91+c2HAdads6?zFX?C)`&FVermv>ABh&xdf;hQC{<{Lzc0c3nrDsA}m6g8mB_& z9V-@>i`T|I74rRsR?7-nf2voEO%3V8E5k#}MA3~(!^BIj(>vo}(g_HfjR z_)f@&VkcuGma$~WcIa@(glN;5oFwq??>p>9vIKO4?c9} z+Cg|_CO-+}645w{BQB~l*sqXwENC*Eu;0h@Dq>k>20sbpx}?dtJ*Ahdx+D2#NIj+5 zP|#!=RVKDyA#F-|%*Sv&L?<*G%&OZ|P6oL%&IcK*%z>Y_{;GB@cd-BHjJceqD+C5w zV*hoxw_C)2*<0g(J<;Piufq)JOc)KVhi%38kfj;Jh#x=EEQu21s#TrX>VX%enrQQo zw^3ruAJ>*1e-%rQius^LqYG58I5T2xXt6f5SQ}cb4K3D&7HdO`wV}n@(BjW+Xi*^< zq4ZP`jC2q$N3)<_7jzAuKIyS3rZd1Npx<+Tf5>9>^EvtD(O12@-9owh1FKnOL&Wi+Q)!uDA0@skiq$Jj7JHjHf< z2y;hisvS=QLQ)4T?PPSy928s_NN$2V*^gMtIZd%9-Pcp`HQET`P}EOUU;Bu{zF$8(qu=10fZ(ErX8W;1xk z6)s>DoV1Q_(u@h=gBJmAI+U+EeaYq?)|Z(SJ#vzGACMdQm|<;~a2`^UuA+6x=G|7{ z7TY?$i3A3*VGs_WxhU|9X-~%p$2dB0+3Vb&P?t&Bd7rta~u> zvWDKmsX*}AKvz6?`*hy6zXF(PSYad;PlvXE4#Jpbp5+(TXIArr?PsA5 zN@d#&HzmNa2d=ps0|M&Jw_z#DBFAvuI z|0y1q|Nq7Z&k8mnciaHfUuXw%kz)m}S^)f|1@Z^nPR_qOdX2`E!q{o)J`+8owPs6L zQ^)Ah8;uh4*V*kmzTkpbCR~}j&pY8 zg4KwsLm!G6SZRYXQBpK;3;J9(Vr-&SDHi@3`|9gF>#7w=B`VRHO7qsec-(Tq-`I9}AcLPC>YTrnBbgbp&6Bs5u2KryAIOvX~WsL48k zjT|F*GETAu8B7Y3<7)O_nbG8%Zx-aq)0kX0|Bc!UtI-KeJR6sN1ah9To-w2euFOpA zcDkMJn&m&ib6@`7#2RD?|KIJtDBb_PT;Kma&9k9z(9waIOXEar9F|Q)5N-ZG;nzw$ zM3eYY6f-4w3K@Z0fXz5T`$O%R&$G+UdM$sU&wbZ_ezgB+OjJ6u;2gGW{lDlI;(zS# z?j5Y9I7WmbVUkYh6$@+(uv#wRKqQ$GTXqpGiVAYY zvH=(DEjNCqF^4dK0C3SGGNVK0nv5M$Eh`HhWqb;(ZF4~kU2w!ak}``1Gs%Rd z0)F^N?H3cY#jr~!!pUBZJ^$Cs3jdPN1M+{ZSuTlx%k4k+OZ>mvUGx7Zd4T_)=gi(* z4=m;9HW0UA;XBU}F-oJB&4h-DBK^Oic-1FV5SpL~JcdWNF7S~?OY3_AS)YWQp@SU* z^K4ff)uoc&D{%C^F~S^a;fEHvHCq=})^_#=BlsEIO;@<9`sPZafAbMHy}VW5Y~DN} zz*~~m`w7e71g&~#vVcQ3P(1=KNWs*hJObFAC?WlhU&S+$@Qn2HpNJ%v5l1uAF=1!1 za4?kxAIh-PD)R0%AOA}|56S-#-yxSC%ucYB{~s35|9joNb^OmKd2;z5@D9+*+<*n< zLkX;#{CxE8EkQSQgeNtl9}=Fa-+;f309Zy4?ROgNB_)B>GWp^s#qND>ey4pvZv%hx z&@Y`@>g#_+rYsu+gyD4-Nmh|$X{m<4mUg2DZN}14y=G_;zg*0EQ}{DK56J(+L{un$ z8pVI!Ez17~>-+zwd1~~(Iq+`-1+YzAs{zi7TcQFkC%l&qxVqlOO5pmo{u#Bv54iq~ z+G^$V|9-c${&x@7_rFi_RIL9I3(t?v z%?TQp{#p3$m-0Ly|DSLn6Ah^E?Ey>p|K8#LVS)d5clX!$uTSzIUkHu{LS}U6#HKi9d!A4g>#=}RX?2#Q<80bM(CuB4IE9 zwjHRxR*P(+S{c#lw}J*t%PIG3)MD>E5Bg&!`$lmCjJ-q%ML{ICRx<;#*)|}cIRjxR zxlIHo*9>6LnI+p|(1U^}xKGjch zJ?QXXi)`W^)q4>qxJuZ27xyo-ZLI2|{kx)1ox&TpBPL|eR?xJchUR1Xcf{INdS#E_Ee=q zeSPVs=!S(YIy%=b5!3J{%VhC1`s^zuZ(cz>wUf8^N{N`x?q_B|jaFr0DqU@9{6N@T zn8miVQcY59^eesluBVLB0bX{C&0$)-I8?Nq(8MBw0?cxdBs9qUJvuxg>25w z2D6^fV>d@oCAUQK3k>SE3QaJu;n^&XiJf7H_5?wWZ6F3!uJJJvITS>*nURDnJIg^_ zbGoM9OMvdKrLS;9DR#FTCfwV)7bh*X97hS3*(jzGn%sMZsN=YKJ_<{1lH3b5S>%)& zH2hBai~W5?Xqu|YmA_idnin%`|5xC(x2j2+773R|OVZgYRHbv5Prgn2uyT79H?}3Y zxr{|d;p4-e6(8{Yhfy9@KmY9?l+S;MYy7{bd8+NdoS+@x^pS_%0Sm7vcle*uBpNXx zQF~@$l1ywghX&SPSW!vlyn{;gZx|uNn25DhGdf~|Q@6FqA%sq&WZco|I{H8cMe0}_ z-_7%4X_^+GpLL@4K#4Ht2(Hu75i;|lOeEU3NZH;i$6KSeX?j)pdGj`E8P%3JoeBA_ zXc-1nae7j0i7U>Q!~@%WT}gEv`r~FDg|usbt6afWjr5Cy{XsB?UPk|@YpXHrLs{9+ zY4)x9oXtB~Zd$3vl388sQ`!@-?zRF$md1PzNWD8D1pN^Z4cchbA(Rl9ZQ2OPP1j;+ zwpq$1S|L$4%<6k&XO&s~Lfsmx8c66yUSnyrYSxGGw$g)k z#zQ?ujR~9butd|xV+(h+jMW*>Ok>@pXM0f0>>rrDyjI{|nm2W`RgGMMSf!R0YcCCL z>V5k3SC2yTkn$g5iLGq^wckB>S+f5+T-$#>$y4^IK7Lwe&iAR(GOtucr6FErLzZ4_-)9{?Ad$<9 zrh?SPL=^L$FK=Ix@%zaZfQjEGZWvtg-h>$1W5 z+}qsxsd*k={`)BMkPj#eF0=nX*e%L`d;5oL{oj*3nrS8>;Clk#8!}17IQ7OAjSzr% zLeZqo29GAxc#7Up0%|$&MnNloC$Z29ay!q-_cV%CX|8l5w6P{lLhJb6BfcG9!`fXT z2J1B(6FvHW<}*09Y8uT6bz1@fr%PMhkOK^=5)C5RD!{6=+wH)^Xzd1{$92~ugASpbl8hYWtsDJw8t5-0TIHW?gLodHgS*)LEd5|#&stnWE=FPNXvTA9w z{`uoXZpq;AfF;9q2-?!~ko=!tx7Fyjr#$qu0L$$E_g)tHe|L9%|MN7@r&@d5m|wr4 zlD^|gOuoDQzf(-L{lA-_(*EBo;Q{UcopL?<|IcDoU)YW|J-c$Rr3EwYt&(AYIWs%s zSG>*MdF~la{luQkmfx**v0cB{>HFLDdlfIU@iz(eptz)4MBdWr$5?=;bzm->g*_2{InkHw-^||r^p9kFkwT^Xl`~U9C7bW}u?%MzRNuK=nIRfTm z{c6w)cu3=zg*hLB9gAv~OMX))9m&<+kPH>)$M=e}1&8}!03yhM4XI*tipP>4>~$`x z=SC5WLj)g>qiG~rh+%MOle46maJu&Q{LSe_zLP7lA3l-8efTq)Ud%?L=!Ue~#Zy*p z=lHMaiY0_%>(q8miNIW$mP{yl_U810{D;O-_)PCfG`^;DVb3L?RfJsIhBij=ivVmR zjh5aCequTGs3iBJS|rG(w!l$MMEbx{bgL7bj7(3|Zq7N0Ih;5Zvlq4zAsNi1daJu6 z=_L~+&DfBIEEzHo_MjCY)X==ey6|hTQxLNhV!YcvcY+TB;{Pu?zEutAPm!G9xaG#5 zc!ksYhmQC4&lYJ3ouoCLx6R*8Z8n!xo8Q!97kjUk-!v5_We2l*c11UDSpsEE=?&Qw zvw@=JCJnOEU&Gh-xaExKY?RH7E(8VF>7fG=|ZkLy1al z4brcPqHQ|Zwed3ny9~Q-HccaMNtDQ~@*?sq%1trmopV74UKr-Pp<;!QWWQAz1QktY zj&D*UZo8K)+Uo3s&}bH5ZiFfFcy6!)=@bkL;N+r(O2On)F3F}GF7a-1tPze8MZKOl z7T;)T?cJSYF1(O7E-(^Rkh?{dnc^JW|)+2G(XV5IdA z9g^;&UeK_$M2QySCsgEvt9dB)1WcjSezC2!ctIp>sY4E(Nr11#(PgQg_CKJ+kMQq5 zTOE|phrq&y6EFpiM#S72TN-nWW@CS=QU5}xPJZKEnm$c!wAvL&btRH`ZX{5{tNO&H zyDQMXYCWjX`8^fnR%HbR7USE5mFI5Wk-M&fN=BsDfipK1U(yDT>P+Wa#$qbaj%sy^ zmAJHtpQ42^^BeKZj626bc^&dWfWwH}-cPU}8#4dVB2gkFqha%DqAg!*c(=<*^xwJj zNXF8b4jF0vj}~ctY%P?!)+Se9+Vha-KOQn`YPv%Fhus$kMf}%pcW-U~^(4=yYWzPn zmKS;~n*cz$>1&}byh4jwp#m6RW!k0Y4!+BiZ^KYqdrb?LW&8A}Km>fi^`B-D&muW* z4`V6>oXi^C|L?vi<3I23ukoLsz-3X*Iy+b{CwEjLP$R z!XW%aet^+u6)MDR%JLB95EL?D+BZoZTk=T(4oQvhmhwDLi_6w|kn6KAm1>6iy814B?~2 z^LM4`z6!dSTgg4Z#U7OZ^P6(;&j#negM-78|95vS|2@f5CI6{$Y&LNr@LeqfQN`5r z4)^OlWw~NSwenk4i@rXY?IE8BT>pX%XL$b8P$7mDER+BCOY&d$<>7k$KgmugBC^cpjAh1KtT84*4vRjv%;%{~x|6+JEhL57z!a zPxBPmO=LV)5xPc?CEmZIK^R}3q;yV zVpYnv1ru)a`OLV_-W(%}HrWKa;okRTSnQ)@VGvTB_ z7}O{#PCj5PG5SVpmc@;}Yx%_UV&pdyVSPA++L_*P4=ETl!E(Crdt1WkeXNZD+maWc zSy#nIP}R&=bqpsdU3Jw06yqFQ*#8If1zC-7i$!71KV`RGCZYI zutTdF(h@Xt?e|sSYPS3{(gU`_fQz>po=gFe%XRgmNvL-;nj~Dpo+d2l#{E~jQ|j_X zUp0I0xa=3L`cj+jzS3Qy-EYBHVYq!sOMWrYR$J$*Qw`!JhjqAem9*5N7bRUXCLyMETy*=E#Fy80AN zEHf&_&mx=PBRlyV@`3k*`sU6UviWZoPeH?|&ZS~Y+jDSh&rxm8kyB(P?y`z8hdcA{ zZp(3(=K=SB$zzpNiDWCqf8Bkte^A{2U%p)5|31l6p{qILA#ujC$%)NLUTY8H7FlEz zg&V@Er1vrrsjIuD{w2BoOjaWgxc;wLHsFG_V?JJK{qG;_c8lx(@WopGf0CzO{@25K zAL(Bg@s`(!|IYVH`Cos3Q0YIf^9vXM-G(-m|MNUw|Ee2h&vq&J`>5hie9_-rPWCy z?@FhxPo&*1SqJ+$pZm&xoe7Jl(Kz85tF2@C`LBro_2OlB?f?BG&jvZ8QZglYNltJe zaq}L`B8*p%(%~gUc?>piLld(!<(U*jOjsO))JLXN4kuAER`NnjWpu?zO6A0PPm?g% zAPF1e2E3VOY!uzF5Cx+DcdJ8wRI&(9Ag5{)QG6(l64nViZ!SJwNS?7^gS>_rNdEKs zLh%<7bjFd~fq$|2L1*xLwgdl~7nAXh`p5hfSIJIZ(0~pvXDJy)F%!Y_j<`;P=bZt) z44!x7RQ=7fXdFEM|AP(kADTscCdkQ~V-a-HjQ_@lGU!AhqdS;939D+xZ%J z%YE1Xo8$i+zy0y-`23D&+;VX!`YN2 zQbW+7&nMiJW+M2vlA0A8;8R92J{wPLdM#VClxBz}hoCoVX`x4{#rScBif!*#U?FrS z{Mv}jk?g1=3(Xh^ze9EGRJ_S#GEwp*H7Bh8$3EF)opC4VH$VyRZ&{2cIbn0CNC(=( z2q5tsI}-__r@o?00H-}IGKmfW1+x{=C-jOLkBT8nQM;VZ25~e*w?ZAiy_I*v83Vxs zX}xlXJh@_tk=^(#6P+N~*dPw*X7GN(1al~2`yjctztRvwD(40%k;Q?1>RX3kFyVj! z!M~$0;!`T4A?d&V_tE+L_UX~PW6Xm?5D9A|4BN<@&+yQLF+t%|zY_!}l1zBQGeP=Q zIA$t|Mhxut`%|?_hZEKWJut~p?fd=y;=URKn^pU3^R3Y5$}Sh7vF_e&H?&oguEUyM zwcnU&<$;a_nR20ywKKtDCPbO5bjXQ4xx0%F%!qJJ7zj-r7IQEIFu9BcpdTO^qXKbD zFBwZoB=hxkXQJAGuuUlHp@#Jxm-?AtqnV>D(VWnY=LsOH(KLrvl{`m}Q@k)g_a~u2 zVGXI6kj;L(zx9;Jb2X#{khJ&wy=g@66=~6S#?&ZQ|95_T^!Dw~?U*OyHuk!$DAPu4 zf%bs4EhuSQccUH2b|l&?QM-=Btdh3}8NF<)9?A(^(}CK-W}y;_TR-Ryf8*##KP^vZRH>@e?0wH`{Kj*-=F;NR?P%- zCw4t>u8W&n?779xHGs2^JJqW?=go8!Z1QOG)l(n8_qXf56hhwn&3fjl!Ts;VWzB>@}~$1t7`JOgBw%n{sE8FwyE-)`G{qKUgWJ) zc%$Mg;yvfJ9b$+k!|ruGPG8g$dsQ~8)CpSc*7uE-ik2@cQ-^52TxSvmP{lwxhAY%y z%vH095?)t7c&kR7#!4C`?22V`;J^s!l27q%B|T=0hN5iaenqp04q}FLrns1kHTFoW z6;!_k%6-SkkY-9e?D_JrWv?@tUlAEQCY}+R%;9E6t(Br#6Pn&fA}}Xa$;ma(E=ij4 zlx6X}LrzAj&vQP@^l~ATBs^)WQs$&zrW{7Zg!|6?rZ?aTXadGui>w1?q3}V~78-Gp zY_c1w*a<9m^k`S&q`&aYQc;rW6^ZI6 zlS*`oi5`6#Id%0EuRP`E)L=9MI3G5XDBcQIOWkbRo&NZqoPBstj!u6j|2ca5;n+?p z(qK{rc24zOvZe8iH}-cUdy#-msBf$>JB76$CIW@F`jsCh;x#0B^mT7*QbJPT|N4@*i=0AV z*fwDsW*1*h)I8R4QDUpxC!#4_gH`ETCoE32g-6J!UL_NLO)wA0tVS>kJDy#LU=r9- zKV#!a4H*;t08LXQCnF|@6H^M3GoF*{Nfa|OV4wnz*-bQv8NpK~WQrhmLKuxkEK}VA zxtWi2IRPk?0HRSz_j(PhLE;&npmk4)s~t2W1K#RGuKvF9PdBjX1lM?avV*Op?QoVE z?VW#BfXvAyWiO~$7}y>hGEJs=k0k77CffV$C=rq-L)I~R!_F{{RL9yOpVBDl$T$ps z!f`CF&E+WZQF;Ozkn36}wQF60$IUBI{ zH5*Jgziba#CdVvMf;k=c$W^z~?R1r#GK=Fg9!JA@kDQE7xjf65V2RY9Fubeikzald z^4_Zsj?pBwKn(pWZ<1LGJ4qI`p+)RU(F77gQ@WjRI=k?5L0jmUC9-i{m){6oO?$+% zYnp{Db1U52TV7+a_w}2ho~7`g-UnR+KC82`riYLcIP+Yyp^#rEF{kPribq~^Oi{^A zhqs-~#@J8NaVO~O$#bp~_N@lnXraxbp7&ANn$IVH

U%H6^Wh7L`~jY_~yQ8&c_R z+mg4DG2{NyH}gFI4sBK}S1}329cUa6=HNwQa|C6^g}+pWLYQT{b2J)bmTRr zWBI@vA(IhYZ(64f*It521C;st{G?WGj4_+FtFSY>i4I&*&)VI=&m%*@&vVXY%bM+( zgihftjhYHO*F8Y}V3MXQx+ik^=?1s|J-b zu9%G9IGh zkw#5;{8h3_Gpg6g(%C5KxOy5s6H3PTi%&*L$DeH$F01>or(eVR?>O%=mV_)j%Vq6; za58dYoazgfDNQR3x0HxZ1m-Jk^X3i=Nn+$>-1&LJI)pp|&nk2#CtT{jEKZw_^Yw8U z*=p_5*;Z)PsvPaX+vBK5%J`oPP13A-um*EdGr1gdavKkF=o6I3=M6&-cSv#)Nl+M< zZg9~Q4{Uyos%t_;e$A;>#D#`Ht9!xo@=~eu(>eX>*Djhxei3yrR&d!) z(@010>yfK&a2X|GkN99W-c_how>5^%@&JEuz7Th?n(E*l;u@B~lv%7VuEwd%bBmM? z^?i~XY7$--B1${!f{sQ}5=jV+uuV!~@?aJho#*w+k&}#}`7Ev-t$NOlcaXcz$%w}> zzb;trUDG+($rKFoj_GjXTnEI0lbG{M1OAG}y%ua0y&CmRxpr@~2Co&WI@4QFS`#mj zoPOnW6%;&Pj#Bz!Y9Q=;D-fYGqN0tCLm9dTOao&n04i*%J3}SOIF}@5S1hj7Seq-U zM^;b!QS;11b1Bexfh@1gkl9vb>HdI~ct8NU9(M#+SGvOv*Isr<1F2B4-!U3ptrE;- znxBu}z0G$5+&YIeK@GLJ{-WC4dK8TdDnXq3Jk|JizF>|v?yyXZSKX9{Y&#gvgyd5~ zrOcwiOfs=ezGvb2(YrHPy<#?;RLjkk>>0cGj;0T6q*B2hSF<(rP0Ut9Hq@4HEqAC} zTg}<7A%pL^(wR@=9=UA;RW`h<3|~ZrksDbtZuZqOZ@{z7u5EbL@EVN-f6Ov{1 zYfLBTTTgw|{K88Zr{M|EH0XMzGxP-3X&e#l%{#4wD1(u1{N^l*_6tAuR2^Y zdPlI6u-tUDLH5Y)@-ZuRrE;B?%l}QN#@@Mn#mE5tM|2=?J?&pvBk(Zz1ZV>eK}QVz2T=Fm*lu`U^risC#r=!!)tvwe zomuJ!P)KhKG@6kBoy$$fEw|#i7m)?dFa@|5S^4GieY;s_DPg>(>Me400#po~T08It ziGN^ow9j){3x0wkE*YSDnOiaa#a@ytLZFrbOI7Lh5wLLHL(~d-iFOo*Ldl3Rs0b~d@o8?7YNy0G8}%F%kLBmL@(i>>sCh2ge3dfv#H?KnA2C_e zMNzcY%Dw%ZIbtqif!7V@NLKU$a+FXazt%SM?gus}b_Q$z9W||ikE)p;SXYpQqvcW= z;l{@D)Fpv9jH@A~QKpuRZl_hjnAPU`n!vGgM59<(Rk1C3Lh+W_wv{Gxck#e_^A@1s z0BBD~OwP%0!iJYZ^F@7&pRiysFL;y%!Owg~ewzsih`*SD=1ny8Q%$?(;Ak!?b&{`_ z@es=#oKeI8DPBm?hI7v7XWZGwuiI)xw$+(p!DQptZ>Xg2c=-6H&Q4totWH-;{lqq^ zF~1HC*}eiB)#f|9L-jHT^TRdQTF~n>PhmQ*t7PWkFz2`S`UzWzurytJWmR!_~h;WByLiE>S+p3~~1|M+y_wIruCt?D2 zvAAhME*sa7PPr1c<5+v7b;t+wqE^xbstxq5jy5;b`B^gJ*-%Y3C1FS&XlF0f_=5Pc z30k@zQ?eSfl&lb8>i`o|xEe&Zh_@M#x%kc;jWtc;^1(}-ps;`d@7e;-i1yp`!W zxAGQd^5ItYK$}+y{=B$96i|Yz`|JS2KK3%nt7XQ`zDIXUc%Ccw{v?rk&%5>A-hGfRC#XDP*#q<$a5-&% zKR1Ng`nkt*U;MxG+(Jvt6t7j73N5E^vN za6fP?8Mn!`HguVjkQd<;<%CU<7#bpcN)tL}VNS@v0K}WUh7!T(6u{fqP0F%}B|}yk zdp+zL`Ch}r`N9k|D~lM8p`=MjvoQJ{ce4ST(5r~gvY>=X(;*i$jOW`H(kxe8r7^ov zhyOf}@C^(}X!)xS#mJ|#*3=|$nPoju+kQieVnemvU zF-;f|!;GdZvz-93mgmR_U!4%7hM86_l= zg4j&~8^CVT7%oXIoIm;#Be88wit1>ZB_oU$Y*wF|K->k255)?bKCedcLEEJ zN@2uQC;S3>L2yg{g|9BzT##Gx77i);#~ZDcy~Q}I;V=IXv-F?cf9$CLe%;(adB3gK zYul{Xc6SRhtCm4UdQxAFa zO!_>raOtnlWZEKd+uN_yd&x=4Bg~Hm2bM*et6vV07*x5cJY!>+)pp{oOOx6UPthS< z+qxf+w`3FnJG1mh*g`~+TjKuR|MZ7y@|>w3N1@TQ81T=0*9M?5cgmO&;+2as@MCWC zifBTrnHBGH3STfORHL4Ws)TvT&Q?KgiT}$4S}7LjrOJ!4m=@%gxPR-8`(-!@@)8Q3 znUI5#U%oGI4+~h(-j+v**AtqI3!e13$&Q)k25CZT_jUXk!$cDc1*?5Chw8MtgSQ#w z_PdTM_vpeezvlDhf=TP?q%|hSjowA(@MrXeuV2QgU4B^@pVA%3CWYyZcIsOm3oxqf za-j=8HL1^Luc*}+jFVg9{8^r5J0P3rB#}=Y*SekDlETl*84INenknl` zCrzO}xl#$_9VOJ@=_iZ?%yh10oFScL+Jy?NU2;jW)WaOhVkWc?D!)!T3wr1}aFsgh ze=KryE$tUvz^dA1PbB5dG`ESh+o<;{pO;5rsLly8qpoGKuF=Rc;FqSQ)hUx%G!%qQ zBWVGa83dhRiMJJMJ4|v*^1r;D;23m*!rFhjyIyYTp|(EnmsiF)3ui+nNHUua7+7bkSOLUgzaO2_<*_%a-vYuPeo5*pCRUdXLHNfdC@u4RIFO^@AvP| zcGN!?BxC=bG4S2O6LWqm52pw!$%pf|03{38^qNhWqqjaLYtwb~GwB;w1SLuKQYyqX z&%*x+XohskdMVFj-{ZYD4DT&*|1O9d+GDpsGjm&{Y1bj=?7y=pgS&?-8b_f`;Yxf? z?N0o!TjKpFi#v!nGnkEcWJZUK#C$9)G`UM`4zUP*yGR=aP8|v?WY#U}Q$$aMk+fKX&LpRRJ5M+tEj}Ab6*pq#1QxOpQa3gH3DVR#+c3ZF*t7q7iE=xwJ=0 zt$e7oymP#L^jib8R=~!CU}04rWrb`(UL>@rhyMk|jNV7DCJaKRee)t=Xy6A4^wlGh zn}OdZ6dcX@$jIdVPc~>>&;GSdT2Qlkg@2GgEYi5!R17v5s6xsaIze!xQ3?lh3u**j zf+AUhv+H2%i;Mi#OE1`^i05+W8 z6oB6*k=BQT{YepIGr#%CiEK4akuY{(#$pw(j`W40T`?V1vh7HYx$MMA!87cX&h04@ zVVVsYbCoWf(x@an8KPcSBWS}~6g-~6YKByHKR^|3K*$gjP4j0&&`So*@<-doMt~Lq zx}<5hX)F%plwLC2cFZ29C;@ukosh*$qMB1nn%cmBT3E}v$bcC6C+6d5h^f)zgyRX> z%my`?I>B--v*&V|y$<<4N*EbuG)hPg4HyI$d}?)I5WN#-VpkuK5E&5Ys#%hf!yw6C z1-zeOK@h9U_`uoI8tSn@j0|CGkCJiVZSIj2EFR&SGI!u6)JGEicg7%w*TmikY`Xyj zz=oQF^RbnnRHA2=e@GBPH+hyDIqHPIZ6gL4vf6UcpX!qt&>&aJtIimE5Zw$Q;(%!o z6C?lTW?)w|8G?#N&NLXth-XTM(kc*0InHQ;3emX>#HbPyiW~h79A0zkrmzj!jjIzh zm?Qh{9NF)XGvACc2)?sCZ98{S^>1>vwd_$cfE1{K0)EjU-_4|_ot`+?IvMW$IOO`a zIh#4hVl~YID_L^A{$P0YB|nB>wYq)0a7u)dk`hH+U2CzK$Q`h2JTcQyazYcsOwdrr zSAqvxn_E>RM!$3pX4L4jjjkQ_*+!2Ikbn6AG?R$V*JPMLHBTd|N9h=XH&Wt&@{C__d9zpI=caKewGX)CVGJ}&-5=Y z3vj6BV4_$?Td#1}sszohuolEa4fC6e9yxNZkP%TgjrqJFQ8-r!`sx7gleH)jOt@<0 z5@+p8TShyLZX)Ksa5(eMn8`MTmSf>gl*o*SGvE*Hn)E?5RQ)iudlkzGn=-M3N`{@` zEQ|OK6@p2zGi6~!FC)2gdj2uyWB&2qJd1wkiKKByT#bWEHdiM+7zKZEs$tQU1Z{^N z!IVb1iLDvC-)1!V?KhgyX%xpiAY_)sd27d!oXiH$)Kt%w5Bg0>Ni$A66Z!D5?a2ivzW@T56dwwxg)Hggq`PwbK7TxXPE> z{%&XYb8Hc-^8c6*FITN&S^VGqgKm-k@4tMx=KoLeJPmh`#!Sc_5fi%i;;^?r{C4-n z{_b9Pv_IV2qjY~5j)sRXzv+hi2j6}(7!FuC*d2WPa-WXA?e294-IsfN2Z!IjJUAE) zUUU!lf-y@N1Q_j+*52;ketUPn-F@-C`)zOUWpDSOv-|Bghr8dt=zjbEwZ2fX>x+4s zuYc#jwPGEM*Z*O6uX|8j|A#MLtk?fjJR79lCO^86fL(lj9B%1XEL6kw#Z;EEv=Wt3-dDx^o_2EMncFI2z+1@Pf1}>}D4v-#A(^#AR;+-8v zZLz98b9V0$RawmBHn|kj?ScUsc_09E z9FzPS=JcF=I6;dRsjJn-&AH3iQ8I^+O-W=hJ)saU+DP985HWh>jxNz9bieyT^vNb% z)4%1{B&3ppGWFL@Yx}$5ftGA-K{2NPhC2BaQ8RrM#S-KC8{%qe+so*|JVyk?hS{G5 zlu=c>Hsm+EmGN)_g}=>bLYP53<3wLf!G!_ngF{XP2N<3(j1oJnrTCp2gm{pNJ80=` zFJV=RAJqnZ9qFwUd`o9h9O9*n38{ocFnB+@#Tj8Y_~(#il17Q!e%m-3!)X@F$T&}L z5O$Mh3|!frJ%@%N3%7ynX2N@YJI*uZ9c+_N0H9RS(QRTpg?i+a%adeVO8`Cciw*$y zD>!}^2VG6PlPc6jNc)qTq{ahRZ_IYzu#CXMj3cOLHcPare39W_u;p68CxdWwFdAXf z1{Pma(8&Jg!gagzW*#N`HYz!d?#ZjP#Qz z?t{-se}7l>6>mLt`311Uel@qva0)iX>_JSW+Jjnpb0W4!cPs_*_m zZLHqt5NLoIEJ0_2`==`UeKci!CVS-DU2(S-4(RZbk48Akk<`dri<<6K{~c!TkrzVI z*6`eR9ev+WHs#4hj)51)U^i`;w7qxy0ZUrGP3tPHl#G^cIrp~;ZCu4i=1vwpW)wf~ zkP970&)i9xnWjTpRcxSxjM2-2c$ND$sjBovo@L@Lb~$b{I8u&XsUeatwOEo>2x`L# z3uiInlfvaSjR1=tfWoWrliLofZ5`i4LJ9+?$3`PIls(cq<)+-$3VDui*l;ExO9gQE zhR2estkOH=Cp7`pVS6x7sSq}3q4spMzW60FoT@Q`Q;Ta@R0b4px_xLv9W~B+zo@cm zGnRmMPGqyBDDw$xlw}}tp&1%eFUJ_q0r`A<;V2>f3RvDg#&S_ofMd2`V5!{_R0E*O zU-EgXcB)@Dzlfb|3);pyUlA6ar0Wjs+kR-eG(f5ONw8fJSG#q1IL zVig9}i8t_jTeSkaBDgaWu}1AgPqw@pIjV%2OGRm;xV@{QYiNRuPp#6UkH@F~IXVCF z^xg64`;Y%QIzKu3?(Ol%i{tknPfkCA;qh^D)iC+d$Jaleet+_>kMEAoY!L|-@jcI` zRvbGDk(Vy+puzVvt;lr`H6_4CFf`!FfgiD2wZT)epfea(2Mft_3vUNRQp%kOYk&|yNysRp`Aa69zQcbCf-;9H? zj`f00RYGMh1@B0Cc;vlMl06%-EMwstICyA+M#=aDp?>f+(#+}uk=RaY?^!nW;n5^d zdCbRiP@m^o!A`_?jOT%u9`q@`^?Cl3v?%UF)3oDPfEw=d>U6SRvuHd4Znpba!eZzC zqTiRVizw~#6`OL!R=d(R38Qmv_DXMcnC&6uAuf*}7)up7r)c<2C4fhU8uzTg8d1EQ za<#g)l{kl6D4B^|r>?|#K23Q73L`pAg*vqVcNPsV<2m6daDz71;!Tzps@kP@)V@sG zJKx~;+-UDtX;oR@&88`tGF5Xlf{ufJV8XA3(H&?#!GjA4VyXm$&m|v3BS+$*Gs(k9 z4EYs9oEZQIXW58nQ@zsx7ql5ZoWC^y>AFb84x-_QEbfsOD0+5wBond|@!mJP-|X(_ zmE6i(09>bF?0@Yl8zqN^K`1ToATmuvw`5eADhibOk)wcg{Q_|$h2580)g10sxj?7g z7a;UlAQ!GiFkwSbaF;W7$c0@N1}ZMou45V&12|A$w+$sKq@h#kITNZlSr{sPKT<&e zmW1|_S5CNKHqL?`#UaRXfMkc5c|0Ti-9DmxnB3UdA&1Bh86fPAX%>Pe6zh&MD2Hrj zOtD#(ge=@LHx?i%5;gw!=!x+ng^Tzc_@sCZ;q!$fZ4IFn^r{zv(M;{Z)lGH69JMaR zv~7RG{j?kBp_Z3YsO6uW?7M><710YR97( zU`h3}Q!RqVy)#yp{M^nc!OxS)+BMfgZVJ2`;vs8iJZ1&frYX<{3Y3JsobE{W zN2vMfD`s*SK52zGSDI7_v-IDH2<(ZBXI8r+|}H5rf+9eRUFt`99=@}cGP>h>J#pU|QkcTw9q#3(>J^k>FP;xZ_X&A*hf$|N>T!mVp-VS-EPW#p!aY~a}DFV6i zG;|cxx|Xu!g7v*If<9CSPRYjin`!S}2r%FXcu8pGdRzDg#++3rI$-NI%9BpF?Oo@> z+N4q{X;{ZJ8-g>T3mDP2EVFO@wFfNb*QQRFOS>u^=g=V|mc8;e<83R=y;41H6=H5_ zxfEsNxsYt?B-j9iBmmNwnd1mZ>&OIwcF?8R-@nOn{NBOt zZnv;IM+x9Cv5U(n{SV8c(Y(||J+PCqicHQ^)*}N(v%;?Lw7_e?-u^e;>S=NLjcC&} zg&CmzjI*!x=xoyWZ!f^!EgD5bs&SSa zb%z?LyvBAxvjXF|t^RqX=(Sxnyc_=TazmN6Be`$Xj_^j+2yZMN;cvfv`K_07=?HIB zjPOQbgs1P{UX(sfWh}}WOngN&@yEa0j@G_9r6!P*9Nq-(9*t7{vC;f^yRfq-0yIy` zg@`ne9%_W<#Zv)%g8c!`AG!ALnL8z)<-Yn(6a!n?NFOa&sq}nv0miT7fbD$mfPk`a zC23@4j2YsnBVC68A$jWT`=?xj$_TK5NBVqaLJx%2dP8_YqNe_*CaTwP>1i*sk4$B+eusiaCE z6csI4B;4IsKEe&aRQj2AiSF*+i*G;A-uPGTzv_FwJNQ)CwtvA!Q$v)x+-nN`nWoKp zBm7Hlgj&xC`w$+T9&<+=+S=Y>WmP-la8Z*UeT&R%H)qMuxaePg#=Y{dOo#J*yZdE43RV&GueYnm(8ngXK%05-D=kO z!>4L|-Gzs>{vr#-w7<+CuTH0mgT1BJw*6}b!OiCR(@^p=%=rf%qCdg>UW+AvC9woX z`$HP4`i0D>WaHe}(stGwg*AYRnL%L}x-8XjoMh)bj-zCZbp?cE?r-ehl-_(u=oO7( zHH1CVZQMRf@KOW&x^{+_rTsvZTc*G1+8#JG%_@Lfd9WM6?-MXOYWhL~t@?!|RBt3X;ptCWD~vU)WZ z&?h5wQ_+h~R~%u`^KF92?+{zopj*0jC>lo3hIR;u#{04eW(^|SHAK3@*a;>mh-yDp z;D=ZmXbc$xn*^pl2BfZRjn)ZL9v&6wvb5o<&}OZ+!2|n&{nMFx=ViZs%n!(gbU0+f zt`)Uofm1qeh{z+gk6^H&iprfkAl^a948UD(raFoe)`sW}EF{Bpwykabwn>_CsLd%h z_d(?u2F%jt-Z@si=7nY*)y5cXNUdVFeo%Uq0{|{@n`}~{Yg$_k3F8Hnar(I=EMDW; zQHX~J)1>e&pOei4APt(BFt|yApsK9GnGr&HJIP&7^=aB zg?`nTsfrvPcCYUw7RAgS8xa3b=L6;j7*o1TcZ)0>pf&)M3J|+=ZaS1R8rSEk2$+qY zoJ93P@%g3B1UZ4cA8ip{?x=3HjZ0xUQNeehBDMB0xaxkh8*C5=pN^5&woM?QYno`` z*h~XT&RGZ^Fxm;!3A2vyfp8)hP!3H~wTspQ3VJ5SGMg)skR*!$ra)Q0+L@}OZ3}_- z#5$qQ^=|?IlQaqKZ^bi}v~zlXVlCP6=#fuVH|?@u2)0HS1JvecH*DA=J6AN@2?qu2 z@CMmI!{9Vs;{|k7hl%Ywe)ra?$zot{EybLsC0Aa_8;(3}TE#+ga;E)uh`}#VBa<;9 z+|2*}@#6jI(Yxaw`P(PkrB0Oo;U+r!@%(*{9PYpTHh*hE>p96(!-!NUcW zkdR3l#SmA}0VdH>BP%%eF8M5m%a@Bw^R>Dztf>xZB;^t&tW{-+zWwd54q&D44U1jiMVA zpw&31F-5db6phS5*a>htv1qSDB?bx2uTv=K4VIt;;-4Zpd2P_et>ExX(fJwbXbd1L z?2b5VpMN$Q?M;BzOirD|85sL`yoPGS37%PCr_5O~LUJo%qH z@U6pg!Ouj%Rh6EpkL2Hs#&SYlPuTDhn7}AzH+l;)&egCozR%wqYyqMEhzX+1f*@Ai%nk(N_?bw&^LA-^|s?l;5~m?Jg>6g~#KaBGoo)kd2yK zcZRhIdVvn&T+~Yyf;cy;SC?g$Lcgqo()H&Pqev?^s_p~C({0x7Jj`z$!SWQnb*Prl z@HCJAVlTNuE!i0E|b;0iFM#b{&G2 zen>2yk^!eDfBX@srYW-q1^-r^nl5G|C9t(bYYVdj zdNJ8dvnY`x(z5kW)xmhc$biXf#uD=P5H$;b4@C>x08QI6jZphT-kz}}n`CKwWEM^H z29aCE3J(v+78bpzc|LYOw5^EU--1$V+85uqeNnQcePT+%9(ZvBqok^V`cKnXo{>#= z&RmMA*_^ftUo-}^{rblr!A~?xV2^yIpCI_zgxt;VSTDs?)nni+eHDW?(E%V)Rh=%r z6TAnsAvb{+V8uqP0lj~YlSsHaG5?q_2h$D$zVeJ^ohlNjnU@b&j-g}aRUpHrf$(o7 zS(G2Z{Tz~}HC7~ZeBSIN)JrH(owlxW@Y$bj)PhLebCJ_2WO1cxG2 z^n$>}XDXvJ-3^;*0W#Av%pi>z#4bgLPU-JFq1OUqwDM^>ldLW0Y0>7U5XqzPRfqK` z+2pi|o>6131i?>CA6+375uP4- z92U!#9IzNwn{@~ShtY16!Az3pr$4@bZjCDns6Yl*k_r;Z0C}X^%HwD#bMOmu8gd7> zV(<#Imx0XLsew8cGM>8doZ<7?~_K+u6ER%X>7w9C}RIMuB3;Jr8uAJ72%X$M) zmkJOA7p{Ln)hJ&qFlZiUjJ4I)DtyAn7ct-NGh4ugld$?y3c1kleHf|WbuNGXj)O5 zz`76kLt0Gsybp5O-A1&*fZ|H1s8xet-f?JyeDU3NXw@1t6Rd7v4RNzsawI+omiffA zuUB6cjY;R!VPvV#w;V*lXksbhs<_IX7)fJ#nbIGdSZ;Wb1r)1*Zz~f`ofZEE7N(;2 zinLl)l#KcK`zU7mWT{h=SHzqy|1SPd@_&-Qs{^?HRw2@=9g)gt5XEY@m@*;gn38{=QK zk=Rrg0>J%h`y_{9)qCp=~?q8`v0eRK7HDG9=tY2X68sbnkgaYzcU(Zg#I*z z8~;v#=hH|KN`^e0qmcm>lI2nVaOt(TK1A0j5NkN);J$WLj!={O0vsuM9TosL5#}IYc-QQVAib4Ft&748iASz zOwR}oL;E3FrXEuUC^idj-j zqq|t@?#}bzC=5w|3Xy!#>eTO*4s|vyab}`9v%Q4@UX14P%N8t_?W|K>S?^UnNlcy& zxrL_uOs8>P0E|uVRsLm@)JzXO3QD50t7JM8@*T^@ux_ujNHW_bEcup5?p63GRJ0yP z&FGgqE8T^XZtgFWrnn4+y$>i8rF7ZltS!ru^+gUY5%sa^i_4#$&AtP$0VMgb1uKPPJY@zwVFalsz^r)O?jBpDV(c)3)O-H zs%RCBl++2J$GNF?&e(A~;u%O3cPER(I&51St@#FoHv9le_YT-^>6~S?Ov*Wk7iy_v zRXD}pYF@gC`7Izssc0;F6eTn+xYemDKo)TpUZD}56jxcst4bc}mr_MGpJCm#9y{8L zt8j%$&9AF#DdzaxN7D84gwK8SKOg-SU#ksTV*mMKcYm*-|2celu-5-P$>Ygu;4$RL zN{&^Z0V=RQgfSb_;oR6s{ZP1Rb$m+}NPqtPaccAABG-1nZINeYSkn&N#!6dzfk8SX z(A~NeQ+-vuQu8sl64tN>J}6m160Nzj|KpFqgkk*jsX^jmzZTSBbp99^aY5<%>C^ar3Ia}Sr(lf{B@`= zb+w=Fh*)eH7anLt(PtmbJbB`-N}l{*_WrfIZJX&A#{aMRDezaaSK@3-wtVcZb>&*y zP29V_lQ@3tq}^RzT^1xl5^IWJ3CfNxyU%BT7G?kt;6b8fTX9nHMPiXS9|kjnncvJ3 zy4-aOmHZl{qn~IP%CcNxEDNivUMgN9`;ZsHR2!PP^!U2mvbZ<|6u7j2N0OHUMUE;q zvx&e<@Y?+>Fr;PEot2JXkymV(*Nu{tMjWm^zp5)1N{lnfwYy{$kaY(JE2E3XI5PL$ zt~@_gvwAXP$}H1_F^!!lbE?P6Zb4FX^#)wp{+|h(u(vEuM~hCXW#C}RLp<~qMu6n@ z8H?ZWcxpQ%z_(0`EGO9#cp`RFl09ddZ`GXT%=g9?HVXInxwMsqs4^Px{_-#R;nJ61 z8gt8Xgn%+xA{!~I*M$~TD|}Eu_Ke;Y{p(`xU&O4RnJc4qF;k&|&1IQ6Xt(8+NyO!o zZ)YskAUTGn@_XJM*Ix8xdG1IQM7~_sI}7jbGBd|)a{y*q-BoTERoc;iS%?rX~jjk7Q67p!s5`V-E>X*Wmll()%nC%sAdBY(4o*)9iluurSp}8Q{D2Ry@lONob z@s4!d(&qFN!Q}8trq`t2!~wU=h}}=xZrHrN{|uB`o79+#l6?1{70=AdnX$`8-&jas zp%+8Ua=;6T0iJDOwWwu#*!=!S%Q&3Bxc6uo%PydWNnk;8$VKIICTxE&wVqIcnR24C zlT-Ap$X0^7FiDw6$xiEwS&tft2Cn1p-FnB~NoGcpMj8d1s|GCd;(Ls!uH4=Vgv6NB z>un$xygN(jh{ zhHTc|dU0Hp#CZ_a_Qq%xABWSw@PDO>9l>RhjXjd|zhCm|Ild zf{Tj0uw#_hSX^EixcPEnUT2~Jmm>g|p#RnlX;}mHw}|-bp#9!=btpqynN7oG0EGj? z-h{m$OuzX0C!zugM0 z=CiE#>IVU=`u$I@JS;A*z+V{=X%L3y$VG@MOl-sW_9iL0VJ2Ci*as;}$RY3(9>>f# z??sAXo=U)YGa8-$NbbmA6P|)<3m7Pks))Cq7E=VwA|JDKgfJ>s46cDYUa>+;26=w9 zNuFQpOUnNdJgRO=cIp27DkphBAD&;^t+iB2-m6!qA3q(xdezY=ehH&Kp*?=hh%y95 z+qxh^X;n@;?Wb~=cV6f~=sa!$z9)9LL3lzMe+nLTNFOvOWD<>OB1RD7HZd&He{-d@ zlRIo0GdV%OV}d{6UVb1?!P~zZWXz}rCq&R1C}gVHR+kCY+@}_>|L5Z4=_dJ^g=6zY z0hz}%5e$|=uz2Fq9fyR#dlEpow=#PShYc!?{UYnksEJU|!GHb4yTi^e#;>jrzZFuLu z|MqAc{DLfF2XUAsZ_bn8Kgdj7{UBNa-@0ylS3%@=hyoTo=OOdPETxijlAOH8z|__* zwM<3zk-tZP6^OLxI?o2#G9M;jFBT$LL6gup07Eg+A-^{oe<(Z#rHj%MN0T%FIbus+ zA?DwUl%~bEfKi8UuUXQADuyhT@}fM|pf}Rv$KD=rvIyW9*h3}hzsNC90NRL=WGDMSriqT(Itx?%|K~N$5uOMFi@Srwu-9U)>&g(PA#=F z+>bSRfc+0h?Wj^MrvdZjzy19FKiuD4@BdXiYX5834-CC!t>_o7UDu*J%`&_29XFmp zT&fF!OCE*#5@?jB@g+v9ymW16?JsD)`os2id#3kQt!7zPWAOIvJXf0hZY=F#&VMGW zx}JwljWKj;ux-(5w7bfF&TVykT_I^=}mK{b5ZdM9_y2=AmS))%fGi@D0ip+74uEs^yn{VqC=?+=i zMc51siAx#{@{)~X$uh!4+J@x0OqeS$+~SkS-^_);GRE`<*p^0cZ`Y(kutb4%N|Eiv zfe8o(WXRG|l8C`jOsns7?naOEu;H?J6cYKUDR$fV41U# z?c|BR$4^g=bgiPorx_(tgkmx_ZTWh!iqC;=CY@%t+uA?#xoPKn+3?P5?11C@^xX1)sZwNQu26C~i5 zIqSSA{K$3Hwvs27NTXJU^SSeSZq}@h`d>2-9+DI0R3l6%NZEk-IqiB_`9hhID7QN1 zrL0~Oi!Y2Cr8i58cP4+)*9$JEd8@1JhxKPEt)D)%)bS;n^X59IG?AM3eIU&O%+^8o<)R| zd+&ey`gcs@GE1;|`k&oA|G&H4UgLkS=9#tbP2la4{ZYIl(`+#+;03Gbj3(uq1q#S1GhORb<}drr0l2&e(faw8pL^4P1eg^pt@Z((P5*bcclO$O`EPq??f}Ni8?&gYfx>B;xNoBjh9Aa- zlM>B)Ynj*Lidwpm_a!U;AiMjfaoo!AgCv_~>>oPBUiuy(n*OVHS$h>qvKENBeD9A~ z|4K~8TQ1h9v)?exFL~bjq{?soNCi8i>4-GklSW*r|Qp`W%*HzlYm3iiI56$>M9)xDSTCj>wV@e zA15v5zEfxJ`*QQ>%8{oJCyTnXT6!!8QINjLLJ(#f!+GC9vJ;0Dd~L22ZHTo|dkC^9 zh&Bo?@{@?HjZhX*1mcF`Qp>@`RUPzrV{}No@_#4OF4|2EAD?u z6M7t7mzmbq*oYNdv0j~WSPEMh#;QV=sznB_c{mxf5Auu=<@CUnP85%y8{x6ckE6TA z(tb`$mJ@JV({Y%~FD53Fy(Pn*dnG$XF6!$BOQbF&+enk_a|?TPcM!y-yQ$90D(ne_Z^#75ZU<{Y_8B= zVCU`UicJ?O>m8d~#m(sY+tZ87pFduFl4s%N`SHca_n$wVd_1i-4A$7 zT|SwEwXl{gAz&idsY-Yx-UcELDU8`HM&{`9?a9U2`=j4Vx|l0IPS_y$VwEf9KP3+q zr&y0~ZCHVbi0lP$lO=OQ2|oI6Lk zbFrC@-{}jQ99uA zxW7;rg;r#?Qr_H~(r$TAw-#Ok$bM=GxHcv7dX}|I|Q%pJ)HMx4o0M|JmJJ z`+uzDDYN0v@ZU?U-fPMGHO$^Oasi6xn!c0eY~LTu&h+^`z~~W%Gkjjw`RDV^SJwxOdhSjC%dK*pI_CQS?G^C9_ty9it9k1Bf9EOh z9H;BAZN*>DfYcb976eJ-ZY>-Ca?BDdgud49A!1Ysk8E9~y;lYME3us?xw)wPh zb4|{<&0IUH)OzlJ{v$_561GU_RBo;^gp}pLj1qo z?e+d&$#eS@@!uXk{@0Zlmxul0iQzZwH0EW*eRfn91x&eBo!Z|Qi@jqPjWAc44j$A( zPIVZA+^(v$-Ls0IR_3yZIVC;HS6c#q_xziSdA5GCXLLXR8mZKr;;w_Iyh5ajJjjO)dAs~)IF59xL##uYK$a*cZ8q1@zH zyAj-SJ^N>caJ$#DH2t3+_RTzV>HlG#|KC42TIrulbdXHVc#SH`c|U7$&pzq z$Xl+Hm9gEb(iOPgZz7~yVQL>Bl3T9K`T^VujrmsNwmsCdH2t3+_RT!=^}o6M-<`d^ z_B#ION}k)L;=jpl^t8ghU5W8x!O-k3JiQ=q<=uIN`Coef&ky@yo_YKKaHoj>wYSFq zU&-?%^}ml2|3hy0d0{_tX=X+HC`($4Dfk1cxpqxmR$ANOJPaGSGQ{W%v~Cm zv?TMxqLFHvU~R%R2g#=q$U43uQQuKe)V-zq<4Vsl^%u=)s=*o&WVPfaae6`+52A@Nj$W|GSds zwhaFV=XY@oAiZ%baex*?{Mq#ejLO9ahpEr|S9ZS4H9r^t=)(*IpEwDwgOCkTd>u-ZtWn=PKGePFe@zUidGvp$K>zo5_Sf`(CC}}0_)lu9JTVL?Y}JA|P`R!= zK`f{T>6UdBDV|2}>=rfqgW+lbuhx(A+>8Ee1NTd1oL`{>oTvZWIo!#|e>q&oe_PFi z^dGK+kdPqKjMiJ|+aX3W4H{hf!8MTvp8-1cLgXDDNbPf^;KypI>tqSZBsvnG1xq?) z8-J*1mfIc;Lw<9n(;tgI4H3Hm8Mdq>^&(-^{}_eSbI#MBf{=-+NZB~2_H%CL@(?`e zWnnr?)Z%wXWBI;ob%*vZFBwL_-v_;fCezAt%bc>Se1)=x4}yq>7rD(-GRwI} zICqJqWt3klx}}s2TVW=bsm4tF%o^+&)EAhgm8^M#$9V2_{@26+opb(gAMWPye-970 z*Y=+)d7h;4$>ZREs#9z(252$eOdQaPUmpwfKKs8e2IxHf&+g7%5&w6s|5?dX zvG~^*pbu=AUZG`LSRR+OynqMBCbcMpwI$d1q~AF{X{ms}#wh(xFiP!Y&&auQJZoBXbrHiyp5HSj3G;6qK z$&?5>W~M6T@4F>=iB{cNh5l8c2v>r^)@G~znGnObs|FaZ8u^Wq8T@XLhPPgkQ^tH` z|6?9cK=Z4HMott7B4SJE%9Y$z4m6Q~2zR~H)cS!+R-l273@XYLfrRJqUE*FkwV=lXuUs~uR`QITPa@FskWA5&axw@apTyi3NH$>@NQ1`lYbdILxlI=A z1DuxQF^zolTi1{kF1ulk68S9h?dGxU9}NjjhLbTMvzOa6!gel3L88C}IQLrfiLqTH`Gm#~lK5hTrTJWRlw) zk(HKYw{WJ^XJjJeBmw?{Y9sT>$(g#H0PY_YrquTnCWM_?U;T8*^IOxwRuKPfCz8GE zkb~XB|FYk{JO1sWLtflAwi}(_8~=KD{M%*w-;F;u8*TG@=iiM#{(fO+IzRsK@ze3; zhmWTxpFW4bR7WfM}GDe zy|%2LC~sOG`lUTpX31JNTuEasZ-YE}w0m8ry=TFffRUdW4bu_YO6&dTG~8}cHmQPz zgAY6kQl13SuocU)jDI0yfLF~C6yJp6^*q2S(rh|Da6g6YizeSOOC%{4@{fS~L0?&N zOEM*!2Mt%5x3Gf$!02zG0{cI5%3>ZwsUYl2%q7w3O|z`zO~@y{JUk-cI9sZ$BZB#X zY;p)?f&`@x=_zVONJDfZUo;TMjg{$mh8N+0*lXn`=+d%X4kBGw{z3fdpq|wRW z6G42WPGPCf8;1+nO^-efdeiIv2ZNW-+vN3Y(r9ell8Vv5Or4MK8su-hmYtWh@w`p` ze!!u7OnLP_@?YH;aP$2CxAzM8|9jhO{I8WfHT?gdVw|@s9qzqjy_sfzrBH9!F-`K^ z7zy~UV#ZX<9EDc}REbJj>NR;=#O7bC$-d)f8Tv0JePtjUgL&?~{QtMN4|jL+`0wq# zHT_@7lcOd{kM>)!h>tV*%qIOf-CNh~9!se{2F|#zvD(mDyP!4fSm=?>S(aHvz*yTk z9iSeW|AxjC1ls_wubbq>E6HpP6euK6vSbpn4mqDhN8%`&dV~~!AY~ejDp{UIu=hbU z`BL?D62~DMvnZt@R4ghIS~u;wsc?^b^47Ej?Wo>3za4OWokyFGH_14NI;0IXj_H>U zIoRLdJy@J(FSGwGKkHg`%-jF%!+iY5-GkjV{@Y3(rTBRR`;UYQ6B1MkDZOH(PZPl5 z?J2h4A)N|>;y#0SrIRE!|57zsCCC@yo zubk^VkO33Ou~aI&aB?`jfUy;*zWUGAm&e&DK-(C3Z65T@BZ;L8APv-!O;;{+)!+ZE z5evrw#NJ)7j(PikdpnQ+)jnvi<3FzCNtsB+*7_{|r#|)f|M~IJ+YiUBvA=K~v-khr z?%`gZ|KC15*k14dRXoo~#e93-5&4;gV+G8da)k;F0zh`NnJHz-*j(}w!9xhj?s>0X z{mjQKrbE_w^@{v!4*IBN?hE%I_6tkFx;12JQ_fq;{H-8LjY&bXBK^NT?-}++U8quQ z-EVvX7o_T~jYN&M7{7P34buJNrEdN(NJo<%v|D##OCFC+wTIG#v8^!`DND?@GUaTL zkoRd8FV_3r%1ROzb0NoZTD!UpDT$d7X@i81u_IYgq&Fqh_fdWe1P(>^x#M}=ZdZ(0 z7Mtnre^FGFCW1?ajM_|qXIPck@7`D8t zZK}JQq-$FY%ios8v-}w+{L2)bx*;wk8vl{OBn;8wO;rYwBneHu-zS14F9aD*WapHj zN#D_*)F0tq$a}L#I6HSYTCgJCz?{c4NrV0*qzULj<(FsVJ-;DR)`AE<-lq{u7@-Lx z=?y1i)*sO*5M!{~OPD|DqwNs|pDCChnKeV?w|#O2i+thOv;e3yCKOQ+$1K&9hmo$e zF}q+k(vkZU_9^yG%3-!yMP_)>-WQ%1@|(9br60J@bewP4-*RTU*2gYM`EZEguR$>d zTS27chEA<+LdRqmR1Xr}0f3{HD>mgi-nJa2p&JEB1sO1n#E!Q2iC}#m`NDf?CEk!_ z?QZLDEzdgvqD3O6Tz>^0Gm+)O7C&PFsD_gErlLlppd5WJ@=w zYp8#VsM9+8#@h#~B3I!m1*hhUS?RlT%G&=-E*GuKD&PWLM7;c2L?+m&9+jD++)=j$e;Yy4P z?^N5)WYY>C4dLO5&k{3lkx2!_2j32YM5M59x_O@;dDdKsvHhDTazkfTXWv>1Hdkl^ zJRswUZ2|)==fxW+>}aSyJM+j(nv#U`6z6IK$2l0_oR|#_rEO-#5x2PfvTETV0F(&? z{r4fhKpckw8iKnAEuy5@XRSQMm1QdgnI6%|-$Y_)ts5}5r?x%I+Z=^u|Ac%75I!m zGABjC{<}lj|9ENr+Q5~`aQd07Mr}>uMLg9Fl1w#F*S;K@9+R(mqBj229&{*Mk-)BX zO{vcS&pV08H7bP#>9LUCkn7z|JXSTm?Piy;U5qA32Lr4dKHKHC$gfNt%05yD(>x@R zH|B&Cde&2pr=?wvml@ahd6F;@^9Tf@-v=Qbii~+#2`lHlG=$q3MA$XXs}0hdq%L*E z8N`(-kh!s1Z;@G?!0?7n@%(ltOxt+%rkZ#0UcQ&hN}2x7Tvmeu@haR|cQ=%j0&|AT zSe6TXz8YmWl8Ira?LJt<0SRp{JJ!%gM6&5DB0LJ=BI+V@nn%$RZ!|5z+Bib?$ zpEESIhI6@e>1>)6rVOa%{&X8@={|Z>!&|rmq{dtB6t4?RZL6y`lD!}FKKf)aph&b~ z%HEg3{t`}Tid7F*06$LzvK5e_W|AEz3$3YMk zLYGRWo2C5`>Bo~zGG=3*OgHgR6PoifgIQnR<-VK4l==$S z$u0|bvFEskm?pq5WZSo8DLFjvj=W=2az{Q*V@B?bkC*&Q^pgNo0OZcQYsv@z)&Dtv z!7uMFz(#UUGsWvub29**P9Rwc_5QjAD zrm}UhQX~-8K*%n+g8H4Z=vDKZv37E`fCew>GviyMb-V_{TQT)6VT7d=_^eM8(Xv`% zgI1PIkNTjaTAh?ewfa>#zDz8)9fQ+nYQ?!Sae0$T6sa9z`Fmb4)_EGCvFtI*iTUJ? z`1+{4Bi;7C=&F_JD1Pk481fr{>S)RjV0(O`3KJxx$xsS3BN~ytZ4@yi$uePPVB~;i zWQX_ZIr)5ojB1LU7>ENgOXNN|il!vuQ8Nlcb!I_!u7MkingeyhwMx2e?#nF{ff?&$ z5QHg%{d6V9wrFVxQ*WBx!RrbYOiVu5Yz4t6#C(>bRu&Q(<*k~#v!d#*X_#gl>TOyR z4Nh$tcN^+3nT5hzWi;|F2<^;AmMVypq@+$ia;KFa(~8EY9o838m z)L|qASr+*%a*`ScIk4#WGo6vkdkiS}>W$yX9qDl{36^5~?g&~GS5#9~uzDA=_3&ouAOU97RX z<#=9Hi^N8RFX@LRXqS|HK8f_sC1>_YrVdkAQ{?J5;09bpo-h-e*DY9+Cq+NF_nG3k zNBeyirxsX+5|fO2p`;hPDhHJ*U7S0)CE@0PUh}|*`~L*wOmnQ>1UA!TI&AA^ z@9@Gj+bGav5H*$36}6jpD`JgpzDwUiM|jp3q}Y2jeMiAIFYuj2q)!E2ZuvZVk&+vV*Z~G~Mw!l&D>hXc19c^^ ziF2r~li<#e6T~1$IbO?aLw(3A3dJciltp@)?^ChAAj7V*rxX@DIw&yTiZVFF8%rop z>n{?vcyDEou%9Mg+YE)m3y~$OSC>hSl_*#S)JAThGe061>?VoWO|#6pMkQ{yceY{t2Fy?BI4(J^%+TRUE67jGKR^0#R&Sbe z<>F*%Pc;*opt$ls+QKiGl|+`BNA(d3D?bWNtF0AgN1&_Kc;{f0b*VrFb41G%Ol2!r z)Lo$oH=Z#JKwF0yZ|B5}sZ)_DHM={{34ljXRvb=5PJd(7muY|=vQDK)}3gB{b`s{ZXAIQtANsl$*V^e+H zFin`P{0Q<_zEnVwCF&3PI%}C#{#w~_KV^p;#0L`#t-_>`mFH7ruYqD;;74^8=z`D{ zms5*e7=@{2tkIRlsS8~g&u**Gh)l0(HKQ0%SDqKIixop#AwI9M5wezx){9FHX_E4> zlmWna$N=_fyXUA6r%|zjJnN9(!Ar@Ya_1kNoy?a#Wd-xqEBgKocfTbt=R_eX(Pb8Y zM*2~Qt3ul<(R}w3Mz3;2J2OMehNATBK9yy%bjI2J>xiM&ZCl8n|Sn#or*bl?fmnVLP-Lyrg%vAY?0izxqMm{@kC#<>P?@{PuXIG^Lonqfi6bAIF?+EnS+1l&2(nbG zP@tFw`X3B0wFpB+?JAv6Ectrhg0Z5I%OzpxS~8K{QE>kvX8m9gXnNPRV*zxlsw&o^ z-<$F^n`FgGx5`=xhfqZOe@v|`y2_X9VgrRVtrgvwEqUq_9A*NTg8Rb4kfrDA!evh9nXhHw#SN+ zi#H({*JgQg zmxD#5QRWtov6imn{W69 z_Ix%|xwcC!zxm8_98f5zkZHd!>4;j4V3Y~!xv5Cm*tTG8$$~N=J`l>@9`91Jdp__& z8zvNt{LAcOOU+{CLa^*&Rj>G$G77EbE9F~f_X~U!)Xm(_pFW*!$$u{3_LhOUDX`+` zzyPH~Uua4`pT9?U&CloWop23QZokNv@)E{sAYpK&lroZ4mt09lo~JiF@&Ato*6+yC z=+>Q6@Eesq2GBg*VI>p!>xhB6G$Vzop{`m+<(H|>e>{4lkIC!`8||4}S&bG68bsAS&^;%9Q$&9Olr-J`}%Ss zQ*x<-OIdy;saPkNolLo#p&TF{nai3$k1k5OU$#N!_g_mQs{7Y0>2bl{^9n95)gIlw z$&iG6sLsxun>+BDVNPu}uv}TP!KrgbWQ~#sh4<_k`5=cHg+tGKMSlNtLZd(bqzN4d zVaQAUcHATzGFM;lXc#4>$<;SV=l3T5e}WtSr??7E&r6fLNj9L7XH=wUbrtj`DVI$> zOW1Y5CxQg2Sw6}oQIi>jV*#ICFyx-V4OyIUm}c$sBT^7nEo2!R@Wg7^h=pT~tFh6t zNwEs5pN?pBHJF5GwV-s5?fw64RX%3po)p8C>Q;3~=}ty0jG0fyYDO%IiLUT)MHVV2SU&A}qRw8vLLi@^};o zSsNP+d?xzPCXoi?NkWr}_eze;O%RGy=KBu|S#(8bV|y)u|I`}tbR5@%euZZ?{!@Fm zUBG|a+1X#?Kdt1sz0KnNG++g^MvVF3e`eD$$1EO2{cgZf_xGn{}BWU+1nDZf_Oio=>MkzJa-e z_4{)Y%Ac>u@3*(+>mM)W5B#)&;YmWlFrAgmD~}sl{^$CR;h%NKuzsHIQ~&;_A8e&e zq|H7Y^UbRu@|(W7g|=0@`8wvr|2b&yxAXCz_YcBmP81| z7RxZaMJ|F!Nt_Cm;PM@y9jK~gAz+V*;{A!wqEwRYqc{N0BzhrFhjfxeghuG=d-B#m z#tB3!GDkl80;38~a@$|B7 z8u`I>;7`EFL2HOi7;4l%d(QwLCo{oN#vR67qvg5Q9zMrhhoe}`M=G~t^pV@YgZ;WyGmz6!0C=NCTFcO?2wXnYy_SeGxKl)if{>RTblQ?j} znWGGtBmYZbGAIA zYuX27Pi-58i^RKP(;J@nqT@A<2cg%*uX^cttW@$(x+Dljz(P%~i`IKg45*E{0 zO;!nXdIbb9BZE$%b6ijUN)sCW@WYHeSsI<|%U?lrW;H5-YL!DiJUr<1uWP*$+pTu1 zy*@=&@Z6XF*U<*gq5s?M{p}q6KiEFlUDN+nJkM;es)(mLdVto)YF9m&{Y^6BHw>K)#;48fmIk@SQUyYq$sboqUKpywBv%)DD~U^`)kkSa?eBVe+y>ap#k&c zzxK|4ZvVI2J3H(Bzl!JfcIy>7lA(}iBKP2(sD>F$s;p?&7K7pVeYR+eZGc4dJZGLHi5RVuoCVF0aA zSsK8msHVZ+9q^1IcjT`LPxIbUH44l{8dF89x2o`}LI(*S18I9%U4H&n*^B~yxTMZ~ zvrR6^9f^X-XHiOaD*U^?T~hdud>)Yg>$oC$_HQoz-`>sB|LvW{VBTm;iQ%AN11<11(VDLAwq^*3F!U8Qk^T?5HZ0 zbY2rllD=qWjx_K?gWMUXaj2|moei4t(@x7ab657w=0uxp2WX*_nTQ$y-0z+zud?E06=XH*nFLe&6W8is381EVNzs6W;AFo+* zlLRR%Niw%oO7p&(8zWe?Jl>%AY#=-<|C||G&S!|6k2h zq5sVy-Pce6o5YnG;Hz%Cxu5Ro1s0Dt&{jb$l3(Nnz?ZWh9cd(BCv62Vrf_KytX+rxp^r#)L7J)ch&P8Dc-p%dEpNg!O zW4aoQawI%_kVANFDOI!}4M_kRl5)66t%1;91e*w+d=m&p8V&Li)yf$8Ys0HSw5)Q! zMJ@K$E3Z3bX;&+5fUp+^LXM!pxt2|U;0>F`!&Oa$9!Uu8f5QN6Go8k)NrhlZiW7Gg zME;5JykD7$bw#7pK+UQKpkJv1CY5uzslEVGr$XigwKp_7gS$j$PV!Q>8w&Dy5Dh&V zk#6;6t}~6TjqWDK;n4l15oy>X(vUqwe^`aYY65&s1oJ&LyK-DqyazsJ7)V+kMJ;<} z1p_i8Dpfg;r%|DphS^{(#w>nZ>lUR85j^^lNqcF03|z!oWv% z#sHWZEH}Cz_N731?2FIxwpKQ1(Ji4jT)jno17tD=OsiZtQ=p_vQoD< zYbM;;xECcYv>ay%w%H)0DKxqB8Urih;rS>ewN7%o+XYIgf=DctKi}WigvPO4T-mGH zq6c7J(Jd&`=n#v%s-(OQ_3>rZ2r1Y8MzMm83hoyt`?FxycxnBks;$DX4|!!br#`o;bJp)< zv1x@G3ubkpJJJq=wcHNOVy}oTAD|e8JnM``9m0Qs*`}WD+Iz9E+RVsCN+D4-&GLI= zmhX|;X_(I0Xb^Ec>d!1*r?GaK(Jxf(v9gJTZe%qUW~*Xp0zV^b@#?B{eR=@U1{B@p( zMhjtO48$*g(KIKw#&HhLRCkpv#wb z>uiQoGiF(HGC8;6*NH!Y=Yoi{mO`=a*#aP(>fj0nlKv$SLOWzasNE8tm=Uv%xIPCMRESlcHgd2k&1TbcFk0Il#`?noJRO!CB7*?JW*tUS zI9xUK!a~cwy>-|2v0y`rqDJ-~X)UxvjLv4f)Mmn$izkvdPQa z|69eB+yC1MO6~uh5+2b0-zwL!|Nkmh^||BdrDIp_v@~bNy-_d>&@!_%fBD<&tyhlG z)URx1w)}Rrv+eqwPT$|I->G<>jlWK)CdD4QS;Je9ezbMs?YH7ta+`TI7$<^Rt1rL! zo)>q0(Uf9FnmV%NTCRM+=K;@urDI*({=a=#z<=A`Tl;^n z5Il|fP~M2vktOwlQ?-BMZ%;3>lU%a>@QEDk!k@wTVlo&6Ur3{wm$EWD$NvtlSwtwd zP9Eo!2+Wlz&V-T|Z%;4CFEkAN7wSx+;SHS%BbR_y5pr$nvC)cO1YjE|wDgwuE6YZY zrsRI376|fES>VVf;`o3ly3z7Z2D&HmH0LUMWspi@FH9qR(wjhJPSquhbr~nD&wLj3 z88Ca$3Seqz)?!uo4cIA&NgO9k2-D}5_gT;(>&(38D4WnbeK~Xjx z>_+>UfL(^!H!pP~??@1(8^ulJSd{Bx^gHW<4!kh*cRh+FOp^IlW)PG&nK}LvYj)ed zY*AKcpM^rR0COWu(VH5ENA5s62Ezi7Toh9&Sh~tBS(m~^&P|Rn!qKd#(-X_$8!fGz zNm+2&VpSF9FK;0BD50jp!6Xc)3PFGx+PeGZ+8fUbqXRiU2dzo5iR`1jw97INr) zAYuIxm;wg_qHm4O7;}tfV}8q7f1*n#yYVh8pSm_$%@U-#!jL#_Bv8Za>coY+E6~0w zJ*ZIm9Tnt8X$3hFmsp&!J+1cy2-%SNIUVpk`=7(Z-Ms$yaDD%~nn$TUjRsiX?t;^iR(alx7=)k5 z1Q;c&P$4E`)OUh~5CnycnDR}MVoSCtz#*v?-cpulwYY4p2f03bA~(p+1+qP&HF3$T ziJL*2^GQl?K=T)h3$*5WMtZASGb2eYv*A28s#!J41c4{!Lc2$WRyZ+SGlUOjuiu51 z`y%LKb|v=!7kg0p&%YFdf7X!y_V#l4pF4+#du#r0B~KauC+D%=!iB(hl>|f(NB3)Y{Y{HLHoG%1+J|Lqp|znyk_z5iG8loB8nhvowPgx@2%HDoi$<4wk!x$Sh@?_0&uv+xw*@Mxm1jOPk{8Gya4KT% zKky{P++Se$D^iyYe7%C_r2gj-^#z^>rT>6;Li>F_iBgLZoJ0Q)_6zo3?Sr-d&uX3= zxe2t#Dni$&xy1W-Gzf#sPKfs=rPf;H2g*89%K{6q2oT6TKS}8qpf9KvUNj|q&-oQx zgi>u=4n-(Sby{fa3^CYkiY^!E zo>RIk#x_{%-O&ft+?M6p>+a0b*`BjGNl_71Z-eHBX@PCMbci3d5>C{7Mx5jZ1~rP3 zlJ^*kw7$`pWpSOg>kFcTJ^_GPHf#1OVgBA&JL|? zN(<1;mERYEtJ!d6qz7z;1{ZJCluQAU%Xamnk*`iP8bv&XGff!Kjr;F*tJL|MzHId_ zx$S4|`a+wQ-|6Qz@|n^C>!s#Dal%qV3) z^JIb#%;K|#54<1bH+#j9mp`*`3>ro$mx>K#&%up7N4YsiHX;jAmqm;@?3KT~Eyps? z1D^jW4_SgN*+TJOxA%AV3h`fe*7v_Fc}jFOXWS>&T-K4;tmKvUAa;>?LXo>6EK7PX z6OpRAE9#$<>wB^qdBFXD&5|A$tQqp*Li>MrZ@Zn}|J&PZ{(mJ;HUF=s^FG|aD&jq_ zVE?V}rToA8{-E4{R_7CE|Lum><^Quh-=qLwclqf_040O_eTo1xR$i41Fk|7(NV2>X zuqeH%89UnU`GbUx&I&|v;7I()dB|u~PcCpa#8QI6R~oXm9Ix&Bj@3z&E;~+bcaXN9 zvJUoZKKJGSS|b*YgJHxIR$0e<`7dYxwR5n&xAy;D$@7ey(KKa}@k%+tiNwRZHwiFa zK}`Es5arQ(h6kFM#4%4&LBxoKA#i!?C8{z@{ zGEUea_`-Z-i2nZ@E%H(FB0PeevPneJp)iP8%WJ*8xV%Vt!n|kX4Xi-&%bN>HUxe2h z2I&_3i_Q01z5gUz@UMO`8g9vd^iOdeZDj@ZX#Z*wlR*$N;k{~!o7j8R>d`CjRVy9K zzj+c2y;uLQ_l*2PlYmbIIeB|5yjGm>KUqKZT7l2#7A8;lpI+-)^tsQrz6IKH-~Ipg z_?P4NAJ2}@FIr>2qK?`7fA65ZowNVn*+1OgS?~WS!04EKhvipNv_QDhL|% z`GlL&M0h_-u33@+K4v80li|puSG+ZgX@XdC2zn#87J8H#j31k+*mQn*20~}VZ#2ss zq%A43(1Zc=+m~Xeq)j@Lj*^#BEn#&pyW}Nn4O?Ef21YK01{5I zGl3v#>C2JvK-yC*lV}l8FdG(qM6a3lsOYm8waf9O7Y2QFD^&5@8(BB3IS|}SjaP1; zN7pRUyc?e+qUCwdo)HUl)B7}Hf>|SC`jB#Ef2AOVWX@-#Ff11AQ`a~Ig9!&r2>u=T z0Uy&e=#%c7pO4NzHBXN|9Ah4wfVK_#ne1bv`#sq~=-InK_q-4Y+o(R${!!eUd z6k=ev+a1eY+8?nx=z&p&YTxa4XZKYb*eu##lW&1Omv%W1jkSEY?a)?rx(<7K(SBp5 zg(o@?WXy#WYbSz*Oo$>?X^|5nx!ao#%!qJLXb4Re7PB`2Fu8jgBsSgTA`3y@XyhWe?L4T+@Nt!DK$IiFa3q`et=VYgycKbGjad zivaj(9dgh9Yvs;jD=$MXRcp|!J0rxG?04GZ*9@^=v)j{z^;vK&=iaPKxyw~2hmy&s zr0WO$wCkxg*+sI5$hlpF^Xw{IMN>cM4*%rnNIxzvXH==m{UDpBiWC5I>LpA}LO4p{ zy#jmfqLPq|rTCJLXk>Q4H?v+daM{LD^Yr7V=EcY6`;Vvp-Mskx(@!V=w^6YG?S)+p zoNMFe=6i0ib2Z@X<1Y2G&N(X`8JjGceEHJH@7>L+FS*dTxFoC6nxL><#YIVynBy&N zb_%j(kc^)+%h>19AQ(;(&H4s{bg%KGpVD#Il^v9Sc&HQYc!Zd$JLL9nLY_ImraH#Ds8Bj?;TAC_UV9b@1 zhyq?$*LyE#oQ9GcCG46dQ=q^I>5?t+P02kbjQXNz<9f%d)RULVMAUgX?8`V?U;B%Xf%bJ8M#;TW=&{%9|%uNswpQoJh>uq!ef?% z(-t`y$UaZ`BvIRiP!jQ|DNC7>ZgJ!=A|~8-W;eYak3bVJcu1z zonoR#Uq)749Z4%sxt1EVMgZ5t%P0spyv0)2TXv@(KasP~pUBbaZ{(Mw_n(i=q9QdG zm1ove*B&<66ukU#RuQSQid+UVDH;J5ZtL-KxKASoO<7+7M?-m7Ymj{LSnJg4zFDEp zd{wW_d8-gF$-23b!6+WIc-LoAWSl-sryj~`*sGSkUa-Ftfx>to6!RXDZZLrR>`Vow zhPuQ!fa)9j<%T^!fOSS+TVu9zd*6=)GHum6-;cx_Nb>0W-qa+SB+vczl#h#Sgr3+j zVH##OUpA;&tm8b#R&`DUW4Hz@)3uIR7%K}8pHa0-M*N0g9^hFuW9GLUyAZ)rAV=MV z4Ffr4OmsaoO-VT!u(UtYrQmReQ*tv3LPmNFRNx`|67)hwP|Ac%0mM%5gTa6$vRlA6 z^MNYI1BDVmG)nGX?O{1dJV6Os^_1A!K|M3zt={MI?=P-&1BZ@xgVK|kY{_l=lSFIp z+^Yg4PWDiCypoN9?ZGKi!!+%Xh<%xe=58~HL`tJRYiYe5xT|F{i^0xo)@Gt+wP-CSiES!=OLykdwhFPtOu2Sd^+y7~WNM$nSr6 zS?^^BhiHw6@{rjJD7ri_+S4UHu?bHO&D} zZfN4O#IA5>XMTKwEU_>9iVm>xn(pv+T6hJ1b#g`7$`6h&SwrpV;F z!<$xSZS0rQVaw~P#dEF_c8vyGYoYa~o_0~$nyn{y=Lim(HOZ|w7L`~j9JgLq8B(ck zo02z?Fyr~s)$2U_4sDhsR}u+H9cUQ#X#Yz7O-(0_Qa|D;>H55X#gbOQyWY!>=*X*0 z$FhmnOeQ0^-;_=puDt|HHBjc8^OH)oF~)3GuEN&pCMs}6HEFjeKZ^_nKhHT&8^&x; zC$tK0DD}b^vSo06x0xWh$-FoVltva_F8##Jb)-+RPzFBj3ompPqNd^>b?;2Fj z*ld2{Drm@WnJ$@L^T4;+N)1EI)lCwvaj4t-eEuHRG~71LBnn!Yy{V&`;aP@9YtLNq zqNyc*)`8g`X}u<9a=zk{U8E5YziNxMuXy2V`c+uENNvr!{T|lo60@U+XXfgt9RCN| zBek0F_`770W|Z%fxvMdy!}4YLLP#FtAHEn$Ih5ty%V%)*|E)XjZN>*}%p2%lxuwSzjNA zkS*3Om2H7mElSZIyginBq=^4H(bL>bBajSq|V2t`}lYR$U$3LtMiWSTeKq#pO7aS#A;2 zzPeAcLruc#TtsPWU(mrIh=LSCBW#jFm^@g;dFOexbJ9`5(0ms6j#52m#ydz|r)0px zkl*Ai_ipGE>|}BVdB?OrvaSO{!AZ#Zl?H!B<6Z-{ie8QCrd+u<8iUsoRh{lFD6NST zNKU=7x(W&&Cr2TDJ~a&NC&Lh-Gol zGoI$RqYv-1lK_v-K8;XAt*^hRGPfQC!<`V*1z zF`;Ri1ieYh#3uQP`R7L;&S3Y7Nq1$j}$hZB-%g%20R(l^xnG;cZ@m_ z%pxo{T^^7fayNg@@?9z2r^WLB6tb~PmoEt!pr724l>d)_n9fyeWWfA{j^pat&q5lBt9xU4p$BSMUAgQ=}(Y?46K&~@$ z{Qz?5wSh*xAwcJH-El*$c;-c9fHQOf_C;29xqRPlR#{4Duc>N_T$KP71EM`IHfh06P{b7jR4;uiroNaDwSL zA)0=1x(75FDimWlTuVva8TV%pInCOd;5NW?G*v1%bASx7=o-&U{i$(!esXmA{^ZT^ z>BaHoyW`&)$^sRk#S=cxOj6B~IA?>7h2k+^ek-m(!-VSRicJ?OLoLk8-EfJ?>TZg> zwN~csXRQ%^5eu}gH^pH^FCa?^C9-R6z3$$zDKRTp`R~YO4Rlnle9yRoL>w)biU>C* zmZvHS*kRlaF%1&AWmG$j3P$fX+t&od$^i{RVN}JY5^aJ-F-_+TvtA^F-VyRbbqZ;xX zUk}?iV53_9WVc4WNWt82&6O7PD$OcP=T%iT7RW-0SG=06F}u%VdgC+_Eo&^(pa2hq zcw%8jQGwIlyV|QU>A#r zCgd`44e6LmW;+a(M_P+~MlWi~O`zI9-RdZFGnJo31D^EdVv`(3%01=mg&JRAKVE{C z?qkfNi%~F0H{^uN4|aJpBGexTLV&v}nsSQ5ty1;HP(|>|ic6nDe8%$Io_jFtgk*o! z(c_lJjI>zk+;`WXtl%W(!lwTHx2N8?Vgx?TTn{qVy`#U#s6#X@9*#A@&DR~yKDTvRXoq|mdsUgmR_B}mD&vj z>N1If0Sb?w|1U{L2m+{4JfOgG91&xgmvSBgrqm?RN9ZZLA?I@8$(lwJ(3J<#FmsIb%%QKK!zd9!Gz=B431a5GbvzJ@_=eue0GzR;Y%1U3tq-Qr zx_QUD(K)QO8y9G)VLX2K*)K8g#?( zJg_VoH_44MbeR&L=iwC75gX%RD2VVejp&g1*+6<4AYPv}ln6%00N%#F#4HI|)Mtgc zSJSSL?-e|p%gjKtl7QhHrZnC}clvSWQ@dygXH@ETa4B{`y~q40ov5_zMuQBYU}y zfa8(!e?UV$!U?#A4<-p1H3bpcL|AwMI^BkC6WG9FW16Hve-cu;JD6xlff}GYgNOvF zAm&iO2Cy%22$!S=&L91Waj;EIa@5f@D-AGOu-<)g0d3}|4-Bxn+4i_;PF^T`({@0fL?~j+ykl$~r z{o2&~wb|Z)%(7)r5xMj3n)Y*7{=-dF>&cbt-Kj2Wa~^U>vcI~GMwi?Xaz{?B5YQG7 zp-wvHQIJX*gjgkJ0IlSXI6ty-5sZu(kgDt&Q4u@4g>b8QVXlW|Q;V;%vUN0VNz{EF zy+~b}n7i~>GMTan+;q+>`99?&<^kqMg9Ae%_0=zjNDQ)ES)R5rOe#C^-X4?653A@9 z?rqf%$XhUqfRj0OXV^eQkvn4l-M#%=HhIeAk0W1eS~U1)c4`CAn7w3l3E{#;Y4|a_ zd3iJ;+02r6*$7{-RLDlX5M>FolC7hH+!6Pe4z!Xl&`FgQWiTzs9kKsb9e2yH5@aRh zJToB&BftMtJRW9{pq&k8Al{52*L&Fo8QbqjAZ zitV=@RqoM+-~Y(g%LPk~r<2l{Xg7KrnZsSt7p{I8mv-@GZhi`PATKE_Z?se2a7chw zZ5Ioj@u^OICVNS(+F+dA5$n(5D%%3yL?sE_(Xp-D$sNi4EM2isnlOp7vh4V5cf|dr zCeba)PLguPLeU^{_k5|-47np!@71L%E_!{tCThDiDNB(VEr^iDl)sIvV>LnRXnX%5 zuV|&owI@?50ly=e8kBzgK)_1pipS~GQKDR^z}h9_6bn7fuq-A*`JnQfs5PU9wgXq8 zqwdE%HCNnz&IPQjT}C1)9;TU1tT{%VSJ}Ee@_i{MqzSbxi&c%9mjS;t#jTE6ngo48 z*f>ZHz%qlN6D)F$LS=_Z?nw5Ra}pebPEZ*8Py5u%EIs7W=lpWYIA{K(&jg7k;~oQR zF5N%@0(wMv;-e370!c}qi^7?xZ@lk_^W!axS>y{HQ58>B&3AxUVtY{rD4Jv_MMe-< zhIH?4fV;9Bb{dS8f*_K_QwYl;az7#1J|Eg7uomG>_S z6!LYWQn+gT`(Io1-?D&bq}@`Yndf~_PST9pE~eTc$ik-8aVw0EnlimGUeSoP6v)sAXr$LM_DeLmlX*u>fnD~KBM!|sR@ISDc`(6=rM4E1iI>x zl{xxScj|LiO!BV)TH{4JyL0-yI0Lm@2FsE_O;kDDq4bQUC>Xt$oy8vvs zz9|5|jRK_)1^bgc$Yyr)lMS-bI0Zu6foY3XygE`BhGxgKWXYx@8RoJTCk18LF`XJI z5@DM4FlH)UkkV*Mc+^L|u0qg;y(oA%f!z$L%z1z+T#t}GD4M1(h@e*tn&r;6iH!g) z1awK=Zrxa%$T7WQcVAR#g!jH@C^k`IF< zJ0drIGd>rfw2@YjSv46l*75!kc? z2!IVW1?OYKLCHif4E;!f1%1hr%*atCbZr|kz>v|FgZ@-WW-tbsQeJjO+k>cPz##UR z0x{A2Z)OH|O`|@jXwr!S!x->H@=!_z0x5?HjZh&vwSgFALPGJN-vZ$^8{HU=A#-rG zyc%m{*IpyLEpq0XF?!yQhNf+1E~@TL&Zgo$3I>n@HBdk=TI9z`>S(7&*0s+6$KJbk zw{2^SqW3d@1&-V`VrQF_sl_{DW;iitX}jFDGon;z%icEAYcwcX&huj9MeQhRSd9D&}CmkkvQ1!e8V^_7bTv#V%tu|0Zt)pimS(iW?{2;FlmaQ(sSe5JJfA|L^`mw?zLtM;rRTj%Pj8osJ1ldWcW(-r-SifA~Y^aKE$H9qkYI_AuTb z`lI2|@%LSS|KNx32g3pJ2c5wW$NPBnLwBz`=pOIw9UT2|d~h%t9CnZPoG}RrBpB_X z)?R0C-|g(XdwXv>onGg-xBr9p!w<*Dd&k|QAO7FgUkFt{%d;f@Teq&o`TQ$e{`_H|8+cD=&rJMuio_F5>{cF0kK`?M!vZ=72S-Fajgrkv*m1AMjSn7 zOZOoDw1y!sY2*e{Z7WHDxV?i<`9Q`N$Hp=T@&YPTH_@bu7c#-h#Z6ud^?1cq+)sze z6RxkGFf1)y-9o4^L}U-r_NsB5E#$fuNBZu9#2hROPA<;SFJ$(|_M9cd5#?b5Z7ywOApV%tOYea497KIX7KUU9Jo76O`#;Axn&ebE z@^Ws6KmzeK;JAmjpFUMWegEmx9Vb%LIk`B4wUG0bN+_cpP=vvlp$BZty_}zf6b(B= zlXauGY)a3E&R)!4Fcp%~{NWC05YTX}U$~jQvVKGT_KvnYsGK+mHzhYJGs=}#0%;xM z*^8b7Gf?r!Vlt*I%+E)w8|63f)d*Q4fEIjIKqNjO`TSBmF?t}F!VdzQc ziIxJXkXfQ3FE<17QChj^o2=`i=Q^^C7N+Ym25doKPi;-SLPifkh)0N|G0N4I?IRK< z@l5b^GU*1l^nF=Wk9@>mahD{S)2&n%a4_gDLgy7Jh-V#C7yy^x2tnKg!ImlAp*xgD z5sAS@P0(jNgg$ZTLycBjCZ_sZ%laxuFrB^EoxGP*c`v5&-YC)#+LFCq{-1O7XG*j! zG9V=RNQS9Wn6Lp1#99-WjO<1nk+L$x6j7;0Ajk*{wJL=(1c3(y8!fnNUz;N0@i-=9 zoPg=A_96ylF1{f#9zzBmFziky?UV;(OGv=->aC()!D1(r)U^R)s0c^ z8*5w9w(Jtg`Snoir_0wbm2d@Jot~dQf1`)F-M{{xXI4nwFiM}ZnDDm=4d}n%wD0ez zKKIbevsZ85oL-@mpI^7kHe`Zofr*OK7|}rdCuoB2XT}n0w-_QJPeGN6hB4!o@u)?~ z6MQYrq!VV0T+G(VX0vVtk-xzKk=m=@{&{+Niu$Tmh)DJ9@9Nh-WFu#zTxSAuGcmgw zjacHCOxX>2F5mnF{ds0LC6pLHKZ9Hlixi~qY9}gMF$bzeKEl`^Jckr4Z|Ib;G_fe* z3x%m5J-dAIqt4Zm$dXd>KE)sDG@VM@PD2s}SnYMn2o8j=u1}zg&X!U~xh}diS#+{X ze3-KiFs6_qE@RpLDQB>Rv$6W zsWJxy`})xgNlBxnLyL(|!i0jCu&63Vui2c8XZ9$QEY6UHLlS|bl@Z*E|L<#&rZFWmJD9AA9bR23tkC;Dqubr3}$sv+y>$y&KJB6+OzVi|` zAM9<^w_%j_P`A^W=1T5&UOGBS1U8@REh+m%`|7Ap^8IFzjLafPtlMU0dth=NIhDrORABh;^sQm&IXN@lcZBv_cJ zJVy)xRP3ze666@E^xfS>Qh^CBQd&r3GE@+x!@e2|1=D8M4y?~ETyJuNFyYR|^oE48 z8#sf>N6O1flIM}lU_2cnLxH6+;5Z)nUy zaFsJo>kfQ74Q~K78>;>kv#BWzA@!On+^`^>>ehdiKdcIca%c+7yj}Vwyn!mFjyA0? zSYzTS$~5;8^SAkqCl>d_4h8RQp%i=~g$l#VA!riE6_l_aam zs!s4YEEVVzj|PONX?ltw~~~V4#7KO*O;M~uDKlS8*ygM#|mmGV;*-l zGWQ$F^mF2D0fCsYbT@NYkwVuN`MNVHK{2aVV(n@VL30DkGQzv zq~L3*-4UEEbV)|NMGqk>L~+D?*JR+1Vj^gjc<*dgrCpxT@x&AtT;d-)*qSv6^fR8yxEiyrEoE59z=dR%~kv@IuS zJJyDgmMHBX&rsJp+9^e|cW^`%vAw{_aPnVlAc=SRz4sW7N*qWfu4?YZ&C{tjik(FO8WbEz$;XQ+Z%cBSc4lfSURvmdT8W(;isBlbXhK zcVAjm{+E1~)c+XA^Y(k410;#&se*z$ z4M;MJ$TJ-nrYCbt=}5RIGRq9pR-qB|vxC5&i8EXB+frmqM@VIZj?+*(uNTell>3tv zCszs=vp_UekXRj|&P3X6%!yPP+HP);-Z}M%xYdatBmQ&D(g?1bT_;Y%6aJQy*#2!7 z&~fBkD}Rvq+YyW2e(FdD#N@8AZFE`a{3aPy!$+DBRC%sc$$XR)-oEweV15x3$Sp$BrmQ47 z0Q37yc>*nqhELx%?~y6mf`?GaI&7Z(=W(ZC z|G(eaKi=4XuH~`q|KSpk(`3S8rNmVNopzQ9OYZh13&@Xhw=05AFF=PZ0)jq$>hT#* z$h0T=c6|~^-S$cn+X=W-d1P=z72{nyQ3s*YJk7MK2gy?@v*Mx6-~UJB ze-q-XXDQAQxK+R#r0SD`b*>3*Zi!4{(oQtDb;9OmqF_&m`DE) z4hr$V_qzvs8~>lRJc^`lLtfF4B^hyrC}?laubz`Qp(DZUkex!2GW{)Q7G3UAxgb-y zm=N8oISpD95==clX-^otZuL+U6IUhb-W7kR(KyCF*^L-avJc{i`ciJimEmJtX?D@- zp#d4On7Go$K^ytOFP;vE5NTvJJZ>5gm4sFExF(sBTXUi-`wYvB(v((f$Kl-#i3ir_ zF-gqdY2@RC6c6O06#y*1Juvj{iCm#4e-s7*Uwo}&ipU+KZRnyFSjUm5*hPPVW)20nwB z^N|aki9rNKt`UShwy%;Bd8up1zYTF;;8`vIFaDB>T|NXtagN^)m zEzf7C{{sLFL+k&G4NAm)zL?-~)WXf|MILn$d`0wLi)%DKY7eMvVINOqi_0b+d*lxq zy~zi=Ts~Tppdj=~e37}Uwa_+_mJ3ntB_vHEq8kHef&l>1ezKZmpgqoG} zS&EI#Hw}_xXgCSDH;j`~iEA>;3S3OxQyS&}Ga_6^q#2ZhfXse4Hg>SX+qu+y%zcHcd)J_&`R?ZakTw2uxS-l`x zD%{Aw;-C(Ik>PY1MhF_?lrl3{*4b-3EL-mD;wGzXPz?FxDNq9TfG>&RIYv7xz#NU8 zdX}Q4eMZIR=_K>8GP$;VX807KCZYXKL|vbOi^_v;ucK=rj& zzv-lY%wqM?uf@2DQ||frtvr8u5pnWy-^@y=I&09bX8VwL)` zCi1!J;yzD&42Wa6Nav&Ds^5Y;LS+^7A{7SBrT_g0U4&kexfy8_itL;yZks$WMg$}O zqd_;tTG^kOT|BMuesr8l3SpcjnP!0+|b)UL`Inl#{K}GK1{1(H{N>U8vhE?Gr=DVoD_bm-hz@T9-(fx|a`30o?LzrY>p04ckV^cD8xtokP$`4WPz1Xs$YJLEGc>j5pB|tqL;Lfx4 zHS^XVe`4DJsABv4+7uZGK(;7c=fm3H)W`;_-fc*Ks(mxd0i~U}I{to{5vZ;Jn6vJ8 zeiQnLf9za;&$rhB-X!wt!@gIsza8R(>PJw$O))<;eKlkO%eZ;Jgz-TiP65vCx=R3$ zc+T$~TQ7*|fC~9G*Si&;Spuwt83C259D^C*0}KTm*L<|`$*zP{9+F4&0wx%HVi4zjYyq)nma6XyC+oBbhJZq)MSFAByKn)QDj9( zWo889n7=cu^x~-`HfR1rsv1Q zC~I+xu0|6Gvn2T1;bk}u;J>`IKNPg}qJceirH3`7zRJa9-M>36l&l(@g8Oq>nn_ZzgVs(V!id!sNbkoDh6StC(nF60Hr&RqX zv-Ot|AIk%eVnv&K;hBic2j)$%<=&l+rdHW=HpGqa2+xybU7|f1(qyBI84sllu3VAXgPcSi8aJH8gixvv)>*U9rKbvWGpcLE*OoyVe%q2wum<%v+UJ#XphW=<%50FBQ4#6b*!#b4c zae*;l75QMw_&ZLSoqCpr5tNRs2e@B?PcXpe>G<*ft2!m4qAjZDv;v!4J+lPN?c$eV z-uEvrZ~y1dum4tM87c%YwjoZSJ>Y_ponf-5>Y#sk$t?|Ec2YDGOjhhN9(ed2N{)kR zl~Q^4fe73%G8h6ptgGI9tY(f=uakH#%(ja9Zr`@%+SWqBLO)AO%moSyZ2I9+Lg;se zqyl-wGe=i=(3_g*g-m2-WC?1^<&({{qun#Fo^zkxT1Nv8g>#f{pELU@q61ovNq6}E zCXhy8u+v)Faa{c+3=KpiVEGljI^Kg_8Jp~|IRW$F| zSzwg}EOK)JZydgJhkL=Alefzv?;O;AEA$Yk7ImCn3^{|XaH@mO>ev_^McsJwm-AvF zi_F#0dWJ5@f+NOWFIrEHFo67k>B(LIHDGc3Zf_e3uzK(Nrc^s3_ltHB-1j*1_l!pr zi@7eBAOb>M7%b9eSzQPk+WZ0Zo~~BL zgfDzx08Atd4otv{%xl2fRxZHSD;vS8pBc;uZ%4ak3!(H})K&lmFG1SHxLWic3M66q znb6ngakuf+km;%3_xK*L^|k*MU<&9jKe=YkTFq$fGi+j=VkqB^?E7h%gG)!`AYA<6 z8Qc;dnvj5gzz_x44uw$VLDH7PxcToI+@s$NU!FOi11`MU<{%Y@<&K!6GtDNfkl*_KK>I_zv%8Wci~ybYys4WERwQu70*YQPK3; z(=@wf&yd@94EK}PVW|Io#B37-a9Z$5VP}bmczeqeHx~&N%B#rlkISvt3)=T9-+Mys zbH;?{SN^x5CHz;k>7+{hUxQqiG1Yk^yo7g%cJsSTKc^mC0W$$>-oJProl}b`n2d_O zm4KtnaPqsISkEkh>^nlH{y@N1NJ$)EOefz1aIr<}62mYOU$U6+GpZ6{B!nVy4;rFJ3iO4@yxgqi2fp{I!WE2_&ynp$-$bKHM8Q&pnkq(p;`jmEvy4`GcuecU` zD1IJo;`Z|l7_KN$*FX*y#`U}bHo&RtqizUHJna`DFWnsSjbl6t>m+ zuZINU$+1*TX0!Y~xM1ndZ=|s*!vm9CE5CwDCPWDO808C230UOPKx49|)ZvWOTU+;0 za*bN={SckL9)79RqQfJy{v@eQ<$8R~9fo~phC3ezd?LYbj!Z;7(;Rpx8c8^dp* zMxEXmu1j*3eAqQK1jM55BFF0k;#SS5AL}-hs5V@r!jnsQ)vR3b@I!)3Za+)t53po* zRT!Hc+ED^ZgY*P4JO(r7DT9I%Q^1wvhZ=8{oMRf&ouha16<=zkg#EX23RAF{SS^U% z(t5v$(}e4l6!>zA-84_fdGxz`b>fM73-RiRPa2hD1QvgvD3iE=?8n{@Bk(719x`Ie z{zUA#5`;wbKh!V4c37O!ILcYHJgS>)2nZs~VA!ascgY6E19!#@e6qa+HTA0c_I(dr zb-wMc!|$U_Qqx==5*p{&AUo5YjItm9Q$2M4U4)CLDlFz%ht4FbUqh~~w)*9cRIC2v z;8NPA)Lm@SX(=k2=TkaTQ|~B+r&@5B-nfiH-(##~1Lg3kRIZ}}f92PvT75rE(;1yw z&M0IU4~wI2JY{CT5!iTr3$-r4IHA9Q%s&4NudbC#0akjV`Wku9ftZph9QyWa^xuAD z*Q(j*hAuT_<9BCBTW1I4NAMpL_APuxJnJ9x?&E_>axBKD=uuw*{_iY6KAEf;9`DwI%Dx^`KG`${-D}WJzxuzGI7V3}M^qN8+r^A6lK{8uC=dK{ZwZ zAhl>I8k$ZB{qm9fkda;dx3IF{hGFTycbzRLIzlf+eekovTi^>*6rjm4D&nby$eWG5 zR;!>`2&26>!Iu^xAq{`YzCrv7cI82;txc@efb(#L&mN|(`J*lt?j{C{*#lVv$pGX1 zl#CDw+hOcl3U(8N8uBFm8m?SGikb^ya!HCo8resSjKa<`FI2P|Z7pS@?$H+~EoH*Y zC;a=b#Bak+7(Z+fu>zAHml|x*$_s#1x?S75o})nWWA?AX{3b^s;{x4OSBLqh z0q5+n6AQRQaPK9RCZ>a~gj-6|N@FfSd2k~~YhW&n?D&)CKfFjq6#sx?h&l}U4u_S$ ziyORcyhG`~SH+;r%xlsk*v4Of<&~9cBP%|$?wm_F@dKV@R>FcQ8-k{zo1BVb|B|$* zJ^=#HBDQpxEfE!?6q@M=a$e*hQ-qyrEO*cd3e*oX%EHys6Rt0R!`-?PyR+D@qz++T z@u9GOOvTIqE>Y8a`>>8zpI=k25vr);#CVIh2R^={CVUh(BV4evddA;!(tH<1D~cKQ zhBU%3T|E4Pe&0})G#hguR7_HrVPto1xR`$;8s~O|H7)D&3yS$4?=P1(I4d+y4^LL< zna#(%Sc$<_u~l@*ej;hOV1j9aD=-cGg+uuH5iDxRfK|W+EaoJ^g@o$iihM`OmJbX2b5S5=nGpfQB?)NtSz?St5u?Ep93bbPq<;pDz zFv#_!$n7d5#K{~kqed%83PclSq0-dXQ6f`!0K zk$W>@sH>_&zr1}wq*{#o&{f9+z3W4hB?7WJGmqiy$?o>L^Y?M5>#R z4cZsa+z|2$H8TJwdM2ek3N}(;Y)Qg(5Fjfe`8^0#I&fj%2)UB`&yE1TUOw@mSUr9p zlleNz)5B%>CB|Agz&fhcr!=~KqH1`v&`*8wCcH6{y5P_XVUdxY0;>qwn&mSZ1BkwyC$}rdKc$P?@STsxks9 z+w6gqHYC7ma!~3WY&YV3AjIX$zqH&5KcNb>`tMY^tjxO?;J)N6$D3&;8Bp%>&g750 z3=0ZINNCcpFZ>f~?-$~cy$Iy}%QE3VG_BZgB)r8diOo)U8nl8-z^?{b1z`A??zg-8 zxNL5I=bMyQKf`xg^e*T)oowBrl|9G(4jB3xD*kr7d9^YHbf=%xmjb%GSv@G1lKDDw zLz{kAzFwzLQHT~M_3v?&7X7NMVX#A!LM)?@5%p9MT~Lx!?x$tRT{N&eTR+Z7-?S;( zJa%dA)U#*M%$ZvL|2~E=XnJ`3_&M2S1iM}Abkx)J~)4q0Zb7$$GOHSh?i-*92+O;FI)nqlzh)~Aed@q1sfhJ)?hamK?o zR)%s?&qyF3@gWPDE;g?)0v+XFLLqe|ZYhiV7D{nP5s&uzHy3!{+ycN_M8>=hv7P*Uy5W|CTt*I$q`gmW-!>mfniQHtgU}eix=X zf*Cl8`?C2%#t**8Z&~nx7bAyP1C_Y)5F>&wL7EYO;Pwrk<0*hAU*~-mcf124yz5pm zY(YI}KRbqvP2)_0v*O9iJ^f1IvurUt3yUj8BecKC)P1k(X95O;ZuXK4k|uq-63GVa zaU_M_znmFz>{c$mE zZw5^lGlU@%q<7>< zejH!e1^}AXZ`yU`AC`5_tfCrgiq?ny$@=#H+PQfJ0yF{H8)!{~*JQ_hG>%cP@7V3+ zM?2GPHFjSy3WFSyx63umRf=U%$23z%%{XaZ7qr{=;gC9RNi|{Kn>_SLF^1Vb0iO?r zABM-n?QmbS-viDSr2y`=VSwJ0=?)-uKtEF|!{*zI!Ex?a5*Ma+U&JKvfm2JM4a%!X zh^xF@jcO>3V*=$uTzws;`B01*TQ=iz*4fJrMdL0Kf&YLLuD_`#;)W-{bGYoRs%xGauRe^M*Ts-SK-Dh!0%01Q;{c=6=b*0<#Lqb_*l!P^B z_;Y8ZLrnh06A@5Y$Ke3ZfkDa|$C&HgQ zWP>+Ta4k9pPWfLu|234_ch1~6?+jP(*){+O&3aVeX*ZCSEi_L!ffV-FGF&q3VA!Xo z-28`{MNn4zhnJnpx3))1ED37>=sf^5hbMBCg*@aoXL3;IbHK=_;>XrkZ`{|I4goG8 z4idEKo;Qf7IrkZM;_#*`5NzW)O~!>x*^5~A4^(%UgsrZlAV}G+|Dgd9*{uJPyZ}aYW=SQV5A~;!e znTF(HGY&{*>ocovM-lN$f`n1qdzmZ=cWQPWe*%**+X0hT1RvaS2i#u1!MpSn4d+zc z@}+;v%HCSg&+)wnc&beUez|$J6aioI?cNztv5zKrBY{i&2>uKd7H12jpE@G6U^>1M z(<&w9+OtDnt-~Oy<~N+>JXD{MDV#T1z;sLh zv9GU);Bk;=3K$5d4!vkhu)s1w_Os^zPbdZKGe+5{fNOf802luHM2LR@{7-&2Cjsh? ztkVG))Mv?V{nEB=OBQ0LEVJSYbfpW}N zaPw&Q@7qP7pe7^OSYexuQsa$;rT@rTj>}^}qaHEp+Ht~YaE(28&J;xlF^%4R#geD_ z^G_@OOh);~yY|2vasYc+Xr?7#mHHU4b#skRX!jQw5qp>g42GS8(g_`<*$hF_iDn#o zmmDL(ckb`l|MmKIsMk4NcU!QSOOtJBZ20k}tJit2b^^BUG1W+Bc-#a4j#lsmlfGS7 z8%uM{;uJtX1bF>4ErBx1|2(k@=>HA4x+ZjZ?RV#c{JKdQENVvyn#Ht4Weni+iYKvf z(Up&c)hb`q5;--Tl)r8okb~xX<3VB>SD}Q?P?gZMVDt&}d2Hev2r*as>(VWvG$|eH zi6b5)BZ!H?TBscFJ1NWpkatLr&DYiz8{`|SbMAYa#;xl9cd7El;CDI(^!? zCp0~iXZ5dI3I5UgrpEyor=*$%ISWIu#+sj9rRE=vKKgsVOg>jjzCwUy{PZyedbj2i zE$YACrz94fOO$$&q3CL)$u|&#E|aJzNS2XdQpcGp6I~sy@)qrM&t9|6@|%!jX@=}e zT#Iy~FsUh7eq2$eI4sabY)Ia}X+ClpiZ8@aar7zxHouEyPjOPnEK(Q4ak@h5k`z(a zl^T_lR!=y|V4WhNnPGv<5t|a7wFU*nPY0YPn!>4SzBEL1H(31xiZ9kE=hv?nME52Z z;07cE2&Fw{rZoY`31*2ZP>4Z6hsT8uNybyn3w*Np@X=u z9i4o7R4f(>;6pOXJ}O}gAh@uaex(zf@-lrhQHx?cq{c6mG=Gk$fmY=EPas@)a*-~E zp%1R!w@g9WZoseEfCNcWoCULE^7-Ot!MvesgZb}@jrH3ATd(VDy(Rx>gFxyKwF5&Y z!ZUj@#f@?GsHM_QaGUi?uL`|8Zd7=!Q|0Bf8-W(3)ryT$?L!+vTC1`M%ZoXHyXh#Fi2(BFW`|FQ7 zyKM#Ci5TlxJ`PaRp#-9(lSf$;8yu4><(o%7pHlwp-mIz!>NOs0r_ z;uGT_g)G(o&LYoNeX9Y7N-hrEOe~B@#zKzDJ5%QD(BCMILSVqz{ORt=pyJucEXAe2 zffL%OBC1MUdwrc4aXnu^EgKz0gK6a?_KBrPs_2DVS-z~h?5ST;k|`h5V!ztX$X}?C zOjaJkM!Z=Q{CP`|!)TIa?-F&bEG1eH3j42Gy7lcUc`#tga{19P%H96i(f>2zOXaiv zU>vXDOO&_MB@B`L)5JM55tBwaKgOLA zRJ10nr{)4SG1m0aag<365q=bnA>bR(z*60==(J?@6{>%NeM>DISWS8dsbQxge z75T$wY{&Pzf0>}BI?MJyUACPKCbgvRK1mW=3FJ(ozo3Utl6l};ZtfYB8Hzx_r13S+ zWnWgHr5<~}uln@^Sy)YW$@Y@`Pps-JZ!f%P64YAOXC4wiL%-= zBw$9W9U5S{?3|JidJL~r*iP>KGa|e1jo;{Hf2v0V=(}}}zx#LSM*_IFhXb@{Rf7Pe z`-b^FJwhcQjG^D;&gO_em5#FK+UC^AR~S^MMQcR^!5SZOc` z!gqvBQNT<5v+UhY0>>TU>Vs6*ZZ3i+$^kJ9-a1S?Xk$wKp+a$J+!*McOSB02i9D7G zCs}-@VqrE(wS=5C`(j2hsIm+S0f)$!9;jkeF}DpY*c?h~Nr7#U3x230W}}(NzV0Nf zP3v468tnsF`JU&PcA%B^m4A%N<+EyqAceFcJP@DFz!0e^)U(SAN-ZnuhX=*2jhmzG zjNuY(hd^|WOx70Dvj!$oud~Cyu|0BkUZd-d|TN5C{IIl4M+s{ z&2@HHL%X!@+#15$Pq9`(3Nm8L>V$`jb7cW%mXl$V%9LgEY%^%gq*P%EX7kLfp)3(C2`7(-Lo)Gd5vYlOS+=52@{eg$gjqDn3OhHg zXP_K4q8BWi*5c1KQ5F4kU@mQl)TBqEgB{mS;a<$Y90D&-+r1-ss4Odddi^qr4eN7Z zoi3D3<_1T^DJX5emPVuQS9D82`331wQnqr45bmD@1aWn>yD0W z*d+1iJ6YSku;m5LkpWaH<s+S<;j~7#l7mR}k?_KJlv|L4HA4 zDTB&p{;w#NQ7*g`=oQAlFW7_1WP!9k%W~N{QSRRvDY%ZyiAy@6bn_}GjumrhRr-Bz z3_KBKW3;~;ttaZr=vm+hHGMSop1u^16SdF3+XIxG0UJA;fR%f-jeww&ifJea1;WYy z7~1*iy?|&@9umH!1y;69X>BCf@&$7@&49dvisFGOpv)(tx)x$MA&|zA=UZZ zK8b(1iq$Fi~1-OI#~UI^@`|As(u-=OPj&-P6~E1z)T7AqlEbmFqJGstLc zm>$PGcdD@=HOA3SDBG$UK)$js9s+bc?MtlAGFsEPBofEt;6 zgLkc~GwwK9iMzB>=hf7zS&)k9&1mD8^lSR{BwH|Sc&yD0kc=QZG{gR=|GFLk-iNl1 zrhv}$ic}8L%PVE0?2pn@L&Xi2t`{a|`X|+P1@_hh8fPtfp z8v@^px1Bz6z^rT{w-frUJc_h1*Ybe4Bn#Coglq~AK@u^(@;+$|zc}GID7JvO>=EHG z295+UG5Qs1O{4=PY3pLy%}rd-UbjWPc>5rI+Ox3MfhO%j3BV(LuvNWw9>Lg$jE;lW z0^gaYJ;eyoYJnzH-C2KiV#Ml-XO->IM`ro>bl6F|;ZYn*I{%=`7(+wrsk^(!6VhNx zMdfmCs)c&yK1zeZY&ytF6#3VkF%E}ztXt#T(F^QW$-q1)Yy>;8?RVa6McNKvy_U9Z zEsw=e7W8->aD$I|7VzR(0??jy)wE5(ZP>u%8eq&aN+EOrII^qS0~|4bw*Y2a8-O-l z^;Yf|0JE`*5l?c1yZe4q3f^LqmwX7s&$8{g{`ZW7;0(6>m&A(2l%vOn-D*M3sw^B1Aq-r5Mhrw7w{YE$1i|sm9>!oNGF4UaRFyfyM82cMkUz z4Sp`DY>9&8a2K2711p7Iv{Gk)OaGb%x+X!R({=JG(X>1S>%Cc}9N(4(8IM&wdBRXv z%$x7ZvB3JXg4>kJ$msxWI6p`D)hdx=oufMLJFYy1%MQzdV&$Oqm;MppT@t>vgJvQ7uin>7F_5I~ znqhl#iSD(0V3&t1d^B6m)t?`8MG?_e{rqYF;6}9Kg8Si*X%9`dv~_iPS%{>jR+D42 zTAUe(SPWvGHzkdvU?&sVa3lICg!kuq*O(;iAB|MM4x0I*utRGB?3y`N&-zM8k0hJi zuSu!YW~$YhQ;+ojC24!3(f=c9&3~w|WpRIDS^wJ5XrrobZr2n4kEGQmnYw|(imWiw z0^!6QQFBSIK_$m5b23&)F^zR%qXixf=6Ce;wJteLWNVXkHq(arqCE7W@)0F$Fczn? zXwWh|SmJOm0n-`=JdRL7dK?{G2rxFl>(BD3|A7;afkQ*FZI(I9p*jO0S2XO^SY7Ig zBrjJj3Y7vIR0sLkwUqGTVRgs<`H_%L$^A&2*sup77jy<=UE8Q_O3}QYxnr{0uQE5m zwoQJky(BSJ8>yzLlbnkS`*>T^=Opa`xu8i7eN^SI0MV(sE*vy`Xg@gFkRyLsq@^Ss ziAJE+Kz*9b;)&+Lv%#W~4tDk%r2;EnHtRL2bHGPv8s!j*s)r3=66q>F!;`PmBkDS&#FjeK$yutI^$;<&nN+G{az~rlEeMh{ z{D|)4c?~B+PCLrex@NKPU+TmwbbTguFjDhB548X)4k9ElReY0DL1!#74 z`me@y;aT-6*ccWA%0SjvO-@vt<^9h%z>kbk^YV9kKsC;M`&e`By*B%|D~sHbyUGZ> zbg>ZupxtmE@Erfl@!FqW0R~9J%O93uRpV6)M+-ya3%g)v{h^xDwN|#e7Xp-a-D{TV| z(_pQSY&NxxGfzv|JFM7YT|s5FdNnfJZAOD}eYx12*|wAVnQ1I^T9wkAI-@nXY4Y7M zn&EG_ji*~hVDV+(-z-LS>0{w!-HYxx>6oDmQ;moiJtv34@WtltPvXqYF6}2olr-?g z7@~87Ec8Ju$O?BQM0;{qmg7ps#-(D)O820|Md_S4&2;5Q`VXLt8KeQs7#xI1MHma1 ze4=nr@_`DPZ|mv%kN$NbLhSeA%!-Xv*$1hS}N|#P*mwmD_nrIw_v(w&y~y{Wm_FiU zsvhT1_W5FeQvKPWGl>IqK28IcyhhQm5yIr?1ptu{gJk4-4M@D~#RAxu01SaA=mh|O zRMUl#5D3!ZR6YYiT1_BG+p2l`Vz2Wx2?S}K8O|T_uC$YS{NV|9Rzmv)0&eaXH2(3_ zEE*g&d-|-3>gU-@@Xsx0XbrQJB!AH*!*a0vv7{&T6pVD_7%sdDNH&5)k#J@_;+@P7 z!S;!_agDbVPcLSe!g5_p1UTu&NALkpPgIOVt$XvB$qcR1FyWi@gV8x2zgpJwqYk=rJ=)o}Jny2#Tj^L?V z%zuHfTVSpD{4Jn0C1LMd9rdIp{HwiB^B!>iA=3${nXS+LYKQKk0u(I2Q80o$r}p>Z z3XSZ4v)6+lCTe;>TY>b1lOXp)(#h6iOyk?n`jS_cG(#P^?}h@#wS=5H)_RE|ejs;Y z`4*91L_eML{i^*tcvy6?G{dNJVw*nTKVeD!S-?p=kQy(Fky0gayaRxHHuRBz!6;#W#%c~GZi;$&BCF6mpo@8WB5D)l(R&r%u|;d;I{lXy3%n3j%|)PO!-MxH z{sY@fOf@(${Qm-DQ{bMw(G!vWWPL!8b~Qf20Nx<FSAQaG%o{?qVq-U~-Rld)Lqz_j{R<;-KwS5^%_A%xh~E7_n*{D#1py>2-d$ zG46Gac-#80BwN1kh_TrC@Ce}1J=MfhO?Pp7-cRKf_0eMXa3mrNzX;_CRLL4PR+&=|~&aA&E)E*h0b?CS);*XeuE$K&Nib1_a|xVZ*1#LQw^+4DG_TXYItXDi6J<%lb`DP_>4VN2C0E<0Fow$+IX@M@<(`Ky6{_ zeu?OdA3Qe|5Z>@>?{EG)?#eC;E4;AX!0G*?*YbDRR%WDr&G*gyC$=SyHQ@zY>L)XCMAJ zUW$TM1pm*Xg?s*&AtJ(tzM5ecEE)p3gV19!V6IDfUA^kKS-pDwcA+WQt?3x>esyJykJrJ$`IzEY9TL}vmvFC*3%688tbDpuAI{^^%eTW;hKP+GY_hw#yvkbN zeldhJ-EBGtFXVDlVk}Tj<}%xhj9=7h?n^ECj^jJC^u&1_ffyl-PmOxU3zb{tcYA>? zs?{@6%`?Y$;ciZPqpvqU$IF)h{Wzpr2+t2w1s#J|jyNl^48i?nS-D*M=tDY4C#f>QhO zLs2y>+sb{JtQf7n`X)C9e=KNM;%6uE9RgJY!dY_AYuzq^X|SI`n{)pF^GHabR36FXdxMK03fpj_5wee$|61ZI+k~3fzxb#Tm?ouzsH4zl;V_^Rla^mBoQJu%S0P`ICKzN zIj4SIyhUEXL|6f2t4y-ni1Hz_LRlPyoC#8X-Z8r9SdE}LdZe#=k?^Kzt$9V6^}pIF zN&0VsOtB)(ra4P!((3yB!nFF#K6b09z|e@RL@3_BE@hbD-J10~g)!}pa}(7&^YxS` zj*5s%MUa7$%uLJe8S)6?GyyJ3p%_8MeBjs_aUin)yesht_L(r{wW|Y%8o6rR6Mers zcbBsJg61~;mxqq|s8VH`{Ef}cFp%|Dp0ZG|E08xTGnxc0(=3N#avdj+%yV5vdLn)+ zN*2!k6*ID_q>Tk{SXmRaTaSV77(chQm8%c@@E<2%)JS;qA1@G1nvH)cryL;Tels+D za89b7)BGiu8H9Z}g~2}Mu6MY0{uh=9l3gpU#$6;>O55`lf|f3;L6__TWVQ;Mb!Tcl z%qba!`+UqyZY2HZwnwS8%-~!k*-(^&ID;jVXgey-4>lqqFywJb9vGP9cDdhT#2&$l zlB6gx)}TAn5>@!n5HdfCm7QMTB1R}0wYCeF<&x;}mw3Uq&qXP|zcc%{{uCW-PHv>E z+YQ)%Sl5(!c&P^gEn1c5T)5%HgCyPZbn6vS;A2oQfzeT&0y!o) z-qO3ggloHYaKRwmQS|md!F5+vT+z^VRH~?%rDbS3v>}k<#9|jiqb#hr;-hvY$JjpC z`V^ptd&xs!O;@iIhbJ;agPF$;2)fRI?JnBaR5lm}Eun~J0v_C6lL>J-E?Cqj>2i-F z{>N)%%ADTJU9Id=3=Gk)$?#I;BK*;%u%Ah|jTA~h!WW+UUU+Vsjp;n)2F>>R>iSQr za6N|iful-fZM>TsIXkA#&rcCW!78tcc_D3}1xec2i=tGpsb1ydiNKMjKx1d*G))6P z`JW?Cp&qr9|JE1>OlQw%cRSS}KO}-{%jR$@E&ZtNW_GC)xO0QdnP4|*~lp{4-YQLh$W{t zZL5ISiECGTtTDN^Vn+&mTTT$-*qCeI?uz)OA2_NJl&_9BDxulkfnB^XNk%JIWdR&Y@d5^nU;f^NMxA){f%@KKPO)M2mkZ-N%r17wFJ}=}X%qZhoWhK7w|aWK{g*u~`iu z=W3e!At0De#~N$HmjxdOOQ0FDhsxj?8{ldrcl#P6yw}qw$oWdY1_0k5e{nZRIZGQ=1dZSM0Y z5NX@&P-`WZXr&X^ee=i9gu2)j*xf7SPgkgHJ6%)%7(GD`un2&=~F}%;vPD@iTCmlDVc%+_kvu-CXxra;8 z!K~R2xZGgO{!u75O7w`1K$XS+;S>%wTIYVNX}xJ1Tq{#AQAVwK9XGn$Dxy|l2`^%s zDoa*jpsflCs#qsc>D$OgcZoanL)ucTk%I=g%n_Ffv84K|yI+D;Ug0G*~98 zRYTg(;?7OLHXn-32NFXf@h$JnoC810-O!k_QwXGr&<8pLvug_@DMB651D*SBiR!ma0b*Hi4{ zMHx6~cKi;CHfakUHJvUo`hzd0Wn6J?m_6vXfew(P#Uk(2f}u7~tc|`uhtuk~nfQ(Vs`F1dawK)1 z)oCGei|W55L>~n~6)8rw(bWQqK_6X=I9x9-buRm%%$cq~y^Vh0ZWX15>4t(CYV$71 zAL99q_K-H>9DlEFNiKqFs!^v7jpQ!)W6uBaXb*uNZATSaF1Jv)lqczb9_`cl{pI1; z+xo+zre?)W0QXmK8J&{3)m^4MYl<2;N`~1|bFt@ie}5YB98=LdaIDMxpHiT94C0M> zqj*xWRc)Hrhc;6&dZW+<6l-VA0{l3N$emnm?cOyeizrlZ8Xz9Twy*^39{&Iig~hs4 zE#Ar0#j7ek5I=qGhcOO(s`3FF309naTRp5Etz;(DW@NPd6e?Zov_%b9?)o_RYr3e= zU!p>Of+Vx>a8#C_<7fsNdVi_hftp?AW3K*YG(RaXu%7|ukhzG;^#xe}=)omj4X9Im z1roxs_KmKJ0o1?Jrl*vCg7-#lagI|F^~sc$3eo?Zar`(XV^VwpRoH zb#Y<-0cEF#DY#y%&ZyepTYjtq@2zfuU;a>44GCgaIcOVBVLL+rE;s8MlA6w*Zv7(- zS|nA6xuhW~gdEWkZq)0|$UYtzeRv-5k~p&sJ@y^lkWlE!RB4|M)m;yUl=tIebzpBH z@$bn+?uhN8nQ+*;Tp!cU&q%LS+%d?{&|6}QxeYWHd0yRLt3nCnaXh*!ScD`;xPx6A znG{8}$?6IBoP=n`hnOUt5p^uXY~7_OT@$i)PwmXAQXKpl69Kjc5s}0s$?YQ@#n?c& zK~(00pLA;@A~_Mi=5#mUfE)qyp*qRkQ7xmYV6Z^5OdD>KY`8+@C-a6~-O8U}wDxoI zTSqKjH;Z+_qzr!N;oFRyve9>KNwEO$i6S5_F+n#|c(hA1mZv;R)<<=6evrKI*W>RW z$Sc`W9*jE@tu6m#0+bFK?M40tT!Sw^w*2|oDYwo}Sn-Aj5`euzhk4h%J|;-0)Z?2< zovHf{v-otV+*UkPjrQH+DS!qBp*gz_hw#xkPj+Dgx@K5)oBeYHsqF(sPTQsbAqf)~ zw37qF0=u*o&fdCCZrK*Zx^fqHJfDzxONDQ?%rXFjVtu;%Y4N(oY_bTAAjuQbHM}F& zqR)^gbp69?u+ifR#HtX?ksgVeLvD z(6oQ_Q0K|vZe)xJjsRS8RBQ+($-6+P>VrtEsh-eA5EGd)HNv9$ar!Q_KuYiI(#cgD zyk=dc|4Y(3BoNV7>~Xoqx&cXAkqF~qYc3=;JydMg8}Yy3jd(kA+_*uk=^Z)I9x4~4 zQ&#J~f4iAIv}`#U5>9=Au44W@<%W=<4!c4xG znEGsB-yQ8+KR9%hg^i^l7qvMA5g`!o_s-~*jW`amqm(|XKur-BQP)5?{Yze|S2>f0w*V=(ofS4{b9e9ha>@?3oY_35cC- zfyFHIfHL!CW~NwQQ2xPYNx@MykX<_^$QvRT|MDy}vQ$YG_qdF<0mMe*$zLi{P)OsLgrMJ<9&-w_1I4 zkI+4OWu<_&0ukz>Qx?)h+(D4lViuqk-J{%(tX&z5jF=!*nHo_MJ9~tnRlG9lVKLP5 ztE_FEO$L!%1qX~&&R=mqr_=+T44C)E5Dwwrw9Tn&v<$vi!E5!zLrLv|>Obc|6 z?7!8-^KDoKvK9)SnNWkEcR!VnhXxX~x073l=Mx-`3!e0u$&Lnd9ce;I_f`HGO+-Tz z3Rd}M4#jP?Ewvft@!O6nkC?){KQef^B8l;IQW6vGMsG*v$V2p1UcM|ryZo}SKP4T= zHU{vPcIrDh5}-xfGMaq>A zD!UE6h8fxpT&0QTKNhLE;`R$JU{&KXHI_FgUb`&7x#oD#QVDD z;FqSjRV6_|WJ(hgV3|PD2@>XxLS=`E?oswv?j$$`nIJdzpZ2MjS$c@0FZV0g#wGF7 zA>k-Yrvn1kTzY^UF6bd*u`hjyVcf)qDqBOKdMn zDz7G4lp=ExcnIm<-vM`JvFw;mm4F}=#FKL~$HL-6)NSAsx!`^(W(wyF(*IkBTZZRF z=TP0T7|B21yt!zLf38qW{!9t@Zpj;Srj>_V1WwS~%X0`N3u<~rCiK-?U6YmRy7V*Y zYgYupN%kVl`7Mk6|Ac6UcuIN^i<5qi_L?-j_sIUcz-}my-NKq_ZIN0#4_%T!QyPQr z;RXlPHzjP2&+6UE|8LxKV}<|Z_`z1R$L5$5e8O%^zDDKH_k z?xkG50;rt7W1x`FTD6y})<6E<#{UovY@x2Fu4az&QaMQzY`d6hhaf99tjk;Dw9n*qLFe1 z&v8yvl)}Nx1T_LLL7ow99C1+pnzNdPBOPeL61XL|%up?kwnZxt$}O;BPRl)q*SSIN zIF^l8zcQ3@J^-79Zw!IoCRE8o!TzKeWHZzJWQ%MhPLyjqFm16aRYyu;XfVbTEt`pC zF_*18De?|G#WQn@lwq3nGG-!OxTWC)v2ZBmx+;P;;38*13fK&#%y}S1xDG-?5H!u6 zAdasI3@g9eCN~0%5TZ-!aqGd#jhy0ZB99$?#)*{xxo_Ji0ZF8oQ*oNgz<*l6W!0pE zH2)K@F&)a%(&L258?uH50Zg7VpUUjnRA$dZKhcn&ag1q*ve1BzbH%1c1_s$X0TR3F zf+QmY!n!JwB=|5WvR4t_Pm>_X)unyl%xz7|v4M^B;b^Df*vTF4G~px|Nu1I;aGmNS zq<^Laa(GRQMqt-YAOJSh7@Us{2PFzUG4vw=7Id4%nUSL^n73_|35JZc9OS3!W(I4J z3FXCPv^|I#1}x%$s30bq|IN(6Zg4mR5lxb+U>GA73m!^|K%nF}#-S95&g?*pq9DTZ zpl`$FHCx>Xjv;e!dCmebvTwu4zK1UIW{i&WqoHZLnTu*(le4RMkCFi-ml7zT7asaC zO>)xdiKW(w<=HQ{Txpx*)VdZ6FmnuN$rS#<_9!L4Ou=eo`%>W)a=|5qVsTZk#bHY7 zAg9Jc4TcFrIMl>M8tUYQ;Es~!Ry8TJUs@M4tmWBS)-L7QT8<4N1#L;T5vfb-w8U24 zt80|+eWhyh2K{eDKT^^LJ7hq!2lp{A|Kst|QC|PsJw7fW@W8(3fv2#sk;v&R*j%!@P9Tx#OJFZqVh@)(ZX=Z?`4NpTZ zn4^%H7tw?U*Xh5^?@1Cf%BlJNA;sZ`4>-nC8U$H2enXM~hjFjezDfT~VjO<|y?OKTPwIxTqiW}{(~)Zdqt|OUrioZ)v2td~oEv*n_bgg87yqqu z_MtE~2mkku4)%-qf80IT;Quv{1=c-)}|ho+`!qgw0(AINnuVd&QvKJ(aI9f)zHuUtk*NYmoG#@AJkXQmiZG( zX#0;qTGJWx2ixhmZsfp6fgW=g(a@)mVTmRx;Toi?+bZcCdumupa$%B2>3p%SGl!Xv;V( z#AGbT?>I3rbQ#IadR%AYnZl6v4m&SllpqsSABR!eL)}hiS}y9q1p?wBl_MmTLL}uQ zDyaxGS8$3$`Xy%zy^f?TA&_z?dBk&V?rt1&X$V&!1t{brRjC?dZ3jvxT0kU=$>gX2f|p zT22bDqa91jqCDu?1)VMQpIQp#x=N5{yUTvwi^JUW-UDGpP>G%#{gmZ|2{_hekYfD>@5-+J65 zMK1`U)62`(mpzEb>r)@(k3bic>{E$Id=t1AA!O=5rhh5Bveq7i>;tjbdVNtECNz+u zw)!FU9OtQFlz_*3TEk2{EgZmLW{44|Di$8ZxH8(W0YQ-1e;37R*pt3~AUsN=ag2RZ z3gm@8eM0|}IRLt1%xd?Z{r>vxrThH+?bVypOUOZ7Dw#2gvakv=;{I~_d#S8s7iGDV zi?d>xur|h+RjP)aa7^?^0c2kqtrvclp#Sf6)W;-R?kYIP{(tXyznK4juXDJO|E%S? zyK6s1H+0$qN-?4VNoEmwrX7QNI<|28sdM@<($So4gA!#~ugbYfk5oEHWVAmwD+C;m zC&i0E1*+1(qkEaw8XfJ!pLD9i4Yu5@F^zQdx(8&=s?kxdONr{Pa`FW~=E|?R!^9LV z6ODT_$yOAU2U{3;`>FF>8mC}WZ&?%#N;Q0O~l5w!ro=Y%(UI0cgwD6!$sE0LM=4FRXttH{K)H9s9}LJJD>`}S1QvmPn(+N z+su*DTvHF3aK`R6%(!8~mKQ-2OjyMh0*jn;!ZMJtcry=KEy?gcY^7w~##K^97Fr=y z_A#qd*F@vWw4XZCdsU?iZ_<;9Yl^G*;6cC!Z9FLAE&JEoX930g*ek;v_sb-C*p{9M=vMMV+yrH7LcUYB5WT|PyCCXjX z(D_2ss6*eHMl%3euuTj2vL+!?JB!h__`_arwR}73OKDx|CRjbjogD)M1pr=1{=09s-1tg(96H*0T$fY{cL6Qe}c+Ezm zb2_C-4;?tjj6&P-WfK&S-7$zP>eVufXmxZmP5Kj55!2Zs$+VQ;*0c+stR%4c;LQcH zR&HlrY-c@mfmeyPqkKhfNUZx0Y4W@j`PtaROJ2rRZc;Mw*)67t8KpGxMB`yB7FODF zGS1asKDlwDbP&*Cdzi*Suj_S8%^{mku>jI{Px$1?E_&h)#lM^+$o=@gEuquf%kyU~ zEhzr(?&|dN*R$uR?_Zs~JpI(meqX%4eDkRd#*zPO+4ZIU%{%nnwip9)r>Nr{B9|kV zp|($M+F=?5$h}3azuk#$-Vd2iKDCg0jlR2kdwKq82f5@=wAbmNKmIrJSxz2Ch7*Qb zzhN003&Pi^JAl1r5F}RmXW?rIQNU2Z!m$;Y?uP!0lGq&vEcM+X3q$Gm7_c$-TDdNH zKuCo4>?!&zB-!sLf0#c_?jQL`+h5yYK-p$0HK7y}s@_4$rY*Qx>Nm`;6foT0B&&b8 zfAvtSda^FR8MbPh68l@x)M4lQPN!8H!`xkf=2alO0_)b@T><$rTW0j>Q?K+n!DH(p ztJJn9#*YVm`qawzabejvmwU^spK~>HyQ*iX?6PW>ylMXV%zwppUtQX%qKYl&vqhnX zj8Q0~i?s(_?uxsUkMWMsLpViAC;xx;uC%vpV{7*_f5kv9AStgz%TAp173uGNBKpjBW}i9dc{0fW?-Y-y+&twA z3%4%C#aQRaoJ*yU{c7n!IhRy!#+S`^-u=|=^pDQFkKcOYp5c*O4&>>X`*E5~z5Tpr z!)dn>MVtlZHsb@jdu-*}AY;DJb@jC6pwA07^QFjXY=h1LO5ytj&o!z)oHn^czIhG$ z$W)f2Ya2B7N9W?_vrE%b18geXl>7U$latQ-UcYsc4}B@k47?sDfMysXQuIri+>5uXg>CQML+v zDP&Z)(XuNb9awXN+yz*u5D*TkW%()?qve?@|NYk2sV^?9asSV#j@N$zSmyt^_wH@> z{{LNT>;L&AVe|LDr#B&>izbh%%iBStSNi` zdI|FUUNb5mzI}uJ5z-8PRAZ&@RkLs9+M~4QvaLi0&1??&|2~r^(EsVMbpBt$?X*fL zpa1s{-nMf1U#%_v&(nmRETWXPvx6x2^f68xZyGa)bHx6n$58BeznZ9`$E&vV|~bs74Lt0cVLlb=04w zdREen>iE^nID!==+Z{6ppvJvHo*n?=X+zymV%jp@C@j`Zjnld;S%Bh)no*`a@SCkg z5_jK#xL2G}?Um|=KPRo z6EXL7NdXX>KZ(y6${jFMKbNq|T%5I(p&OmtM?G22Ug-D|29ZiL+Bixv$~m0?PlcbF z8q3@o+06Cmx+(ZxpqmqYuT%7=1^P__dlu=2LxzH8^2#pPkOn{cIDM^DH#r;Fl}FbC zb%B+E#N{+{&u6f#7#3*Yd((WK={jY!VOm8&4>zU?fNGyY(dBEn$tY{3zH`qpr8LAh z)KjT$bOx98l079W4<(RcPWj}p8ILB|P09J-1&lC8DVP6FbfY}DuDOmc&m)Uhn`wiF;ZE~DqJg3wS zDG9hWe%2VDoUg^|{QNYv%3Ms%Io8tA0{!Rc;|aI(C-X2(OMqsN!Dqt1X(l+D(erwQ z6YNtzg&sJA$LTZ?oHm*G9KThbUlk<-6QUmBy0$|(rPTdF$13|6kUnJ-Hi;SqMRKf(ZJlx^KLyJq=W(`ab6nr_a9F^+DXp*JP- z4b+ZQSlr*oXyzoN31_%R7oB|+fgKw|%>hczBvAW9mz~HPC@`n)Os8rNUTjL`L3JZ6 z1y>(dg}MO-xSBJHf;i4prT$pjqIr5g@&mug>f~w}o0V9s8*66=btr+OWqox1#t2ZZ z1+CbXU71DkaAv9D{ky=&X@1$IZiAu*7$x@Gky*l&=Mu|H~iWO8IDxll?v z7=O$K&awuBK|HYln3+c{fHns3V;z?H#{!y=pA=aInE6M*3pbwZ)EEq&nM!NB)t}Ix z2*l)bUN~hjZy4Yv{Ec!@?(Cpn;6NK&)~i?DSr|l#<0tJ`uQ=dY$REjK+9VV2W`ZMi zW=STFPa*tc34|t|6oEqyh=+k0k#)3CXr->I%F-p7{26kP^nJd$=tdGF$Cy7moB&}{t@5Z?-e^~?^ zG~^`c>I0t6s$_v0dn3=8A~zVNGwdgfbyx5=;pxndCzS9d2|{laQ?r3SH*D$Oq@Ig+ zMOJ;scl)dmyLEe&_sJFB>CEp{ra8*+Zc`*vbOp4^{Yc?ENI_mjF93Azc(1MZmZkrO z*25lL)#)$JDgaq_#}h;vvj?XkHm}=7TLRka5%z(Lk{?iIJa$va)_Z`HZUR^F-}p`$ zMFU3Li029RV_54u&S*ku9E%biV#YHJ8yx`AVcF<29LcI}S?Cpghvcw!?K~4Y)Q$)$ z9A}EW`ZX7298spiyGyckB=xrZLdG$k<58MmB@!?m(q|?TpSPu6Jc-STZdV z%W>TfU7%uA3)qD|8V11>JAOk_y$bt=dYi-{OB`rS&YqYj!-+T5E=B?VfhyDmBM{h@ z%6Y{Z25Dm2%En~3x{L^dEOBy5F~M*a6ZOCp!YPq;VjByw((FO+YNG{M3RBa&3i}ha zbk{iTD%$8mOhmSC8@;6-y zpTyM$0>}71nadBuxgAc^8_&1p$2w2WkNaVS$KD(rB6n<$lKE9tG+^}_{U56CRz=pf za70$b#kW3*D4ew2u}yje6qfYAkY!X8SvEuxVc=G;>oOwu+g>R$6V?)teb87fOUWv6 zk~9Y2cq$v=IPBA}n$F#^eG>&~IJ~P}Rh3xP27>Z8kkmxAAxhOiYQ}Zjxw)w+mi}Zp z^GA36ndcwYs_a*_LFzs8{CdMA>dbSZ&fF*(r?aeRoX(7*qagK@tT24k#7XDrAJ(ey zZ$9(7qFJSCRDJ4)U9?AS*bMT{JR|SS%jDy9rpuELQeNr2bPb1YO1l>I*M|?adS1|T zH8Iash3KyJ5LMwnRh~~cxAB~eS=q|&81xh*cnZT-ZGZ0CbNG+u{=vHsbmVGV850d% z?(ZLBIVcrr@vUJ_7k1-5`HxE@gn?^FIt*MTQL~IR6_b+UTSlJrDQ2LP9?L#6~c+yO2jIZhsa#%aO($eEiMj3|f%XBt#qPv>G1DH;}&_Xz} zU3QO9ZDd5172&Wt!wxyGQ9BYIg>L~oe+awg553+wCveLpw}XE7DVi-DOw*9`I_#o5 zoa7`^-%AdwvpAOs9rnuLfe%?JGLPs3EGzLjb^OGe;yyi2WV$m6ExXmu%mUd&5ZcQM zIrFU0*X#!;Ng{8UCdOP@%P7-zJ2UH-reD97zm!Q1&VOVReZf8R=$@4WWRP=aFqZy( z$cba`#^+=hm|h1^cJMFclr#;#wB?@T!KwYAyx-3Lcd7mN$lFbDoHXyj1G^0WZ@={> z>;JQV@Oo?i{S<*Q7(!>3UL$+^uiqTJefPuvx18a~#p9yi77`4sSrM`w=WMUgf!Hrg zvazCZ5DcAY>$LX`!wUX?adHpr&+k^?f8IaHjsJuFt^ePXggEsQOh;(;FfZ{sg%2p1 zCz_}T64pxiiq}M5q5ysZ_an99peJdZaL-@K2(3;M+#y{ffo4DU_678VV1IT(Px+j? z7f?Uzw*xeo?g(gD;iiBF!+ik_*;@k|&^v2GFo*8ocdIYF$IIC8{k_ZjpK)R>38@;tr>9Hp;8% zqI1$Yy6ga*WixZvr2`JEmIEb3&1EA1HOvDN9>$)2IHG^Pn)~O(iI3T>}SIF~i84 zInf=bm<+~{))UMvg7BXPO5zU%PAcmxgTJ!kmQ1-7ZO*Oa=i5rjyk1!^bqYOT$U@BN z%M*-4JhFNF+3-tZm0q>3Dc+|klNH`!+NzH4RSN9i=F6Zh+e^?!m6B`cOj8ntz@n%a zfeGQg4-nZ=d zNR*Dc zVQyr3R8em|NM&qo0PMZ}mfJRxC_exG_!PD3$uG9oq|_g_6K$Nk?e3mT-=yt6mhIiS zNlptQAqi=Ig@C#(yM52T$iCb@$vyZW36da1O0+XGrCut+cQhK6|J^@$vj3<3qbE=Ij}8xyo*n#Yw14pQ+5Vqk z)H@}H&x$gX{Asi^u5#o4K|Ux9BZe4>LOQkpT*QzcEgTmy=3|FMLl-BE%nA0!5Tk^J zI58IU2#tNTwnG%)Fz_JD*ef_1b?fZ-ta5yRB6 ztUb8&5#zvstz$ffTp~V(D8?aOk~y>XAXdfn61;jQkzY<=vYOAydutCA*<5%N7oWbI z$Twr4H?EVm$&Xy*n+jh<9v;KsJY+Ztkw37kISG+ZJ_xb6w+9oVwEWELKWBpvIwIDAM1+89&jS5>;-3r8FKQT=8HbM zrM4d-&z>P4g)UC)8FH_2=-F`+vB-`54De5AhW!j?g4}B>Sow^o!NRp19P%-m(G0K$ z=5azXQ$uAHdx+r)OAy10^%y1rO4wWR&|1Zd1bO&XoT*W2@lwO;EcD`tge+gb-6eLf zo#Kj!;@Dr0!6Q@WrLk?Pm(c<;wRjBcHhIF&z81XiYg&(>D|BCYaGN{QN6_91?ae5pzbj zN1dr4qMo2)-`PKMMhfUjq_mI;c2@~uYyJSgXJh#I$=U;!cI_T~I|2`_DUcAB(JGzU4o4$Z5Wknw`(@-|I#v&DSPB{rkDUF3Bj?#u=i5>J zt9|tfAdV6?hJ$CL{b$*;n}}gLhEZN9ArT*}`7;B|1NF+)1>+d*GAMG4kSM%NqB-HV z$T)ik5QwFT`qAyHID1Ujl;Pl~s8I3-Co|qj>oKJ5Q0zW--DnlEmr~c>FhLd9qd4-T z#d;Da7CDiv>ppA^kl#ExX^8LMEq5P zZ7<^Hs7Vv}5QR7!nLf_6i=Tg0Pt&P*;v-6h5~F%RQ#j-bz@PeZVCD~EAyFzTPd0Pw z7bjUHj69q%U&BLgaEK|rOrjai=YeYPn`MIOGV;AK9A)qLz#zy!#XeeRLhh+1bIRf` zd&5Y8qZP|u?dPw!wZm3%5$LmnOmy-&PFfNAO*5hU^@QfctXvmUssY`vZ9^(NlU2xH ziQbiBOe{`z;--?0MM<_=aY#5^kPwgImQSfSWPy|HRsKj9O|pViUyCBkMeY($$OrtI z52P`SoF|3%9!W&Uum2Jy=b?w+W126bd9mN36SG+klYjG~5Nps=jl)*N+WXov&&{d}zG4>EE*k>= z>=Lo%7>2Ucet|6#XbMr5uw5UKpcaf&-x{D)3KZ*0ts+2i0|;5B*g5Z{?U;8_BUbrS zXNG(tr(&=!6feUnpa-P~U7%P87b-yI<|r7K?@lyQ3r^p>2d)VpN|%{^ESq>zV1Ixa z;-+*JcVn;77`u9v1k-4hxVWU-@D&_WR?&D;;RO3X5M5zY1C1+qe<41WTAfw^2|;$9N7z-x@W|40bKuR>SO;yCh72~Ac)v464h7HNkG#p!K`ZV>UM%9E*wu}|1vqlA3O zGy=h-lHHKdkv%F12Bm2WmE9gW!8-M@ykCDXl(P>iB@YTkO&IsRdX?6klBp@vN1>nZ3 zF$@kzqhOFd3*_yc-jrjXAgZrdBp$ZUe=x{qWNL&J4AlXDx<4pCQPsjIyop$5ch^kNMkAq>nNaj>)cORPy#lp<0i$Q2 z);F+=cc5w^Z*L=;tmIldc{fXWgRR`gTHb6gZ?u@3Z01_4d3U?H&T_7|o$IV;gZ*4< z0XJ$Tb$W?WT$Gmpvm~!s2F$Xi1AyvsP_rPImV~-Rp=nttEey3wLtl%7X?bW`AX+XF zofe6jWuk7OFf0`)nGuGQMlmi$@VyYc7lL0x2wHTB5>GAO*?3f*msGQsEib;cQbRd) zqug(bXhzrlrby0;`%RJiO_6`#O_BV0X%j+wvC;W|?{KbhUF!bRd|Z@#!0C(59>jaM zmdUMk@4mWsUwtX}mBn?Ta1j-h#DlI%VyzZ-uTtHsRQD>?y-IbjQhh0v>hC~#C~0+# z3Y-%BmpHkMJncxyKdo}N2WaIHR#*}}Oqp6|$Kq~8_C{Wr7{iOntC#sh;xn9#;p>l| zzWx#_0_VXhHaVa+9q?5Pr36q|DAi%#!|beY_tn3mEpoC63LF%m4^fD2skqvfM0|4a zzcxxjt5Jw<6rp>?`L$P=Uwej0vS*$od!_l+p{i04v(BT3_KMoKm}!iQoJ*d504+Ul&gg1|%d==fQDt{_^})i}9gx1tZGr z{jJ81pi!%d)#aDBi4wWv;ZT%u#API>aw}{6?PxTTMTX7&fu3E%M5>Z!QpL$8%wN)O|Ci1=$e7dA>j zl~)8Yp7aYyqx=FAe|L>>EO#OH^3kmf>@w^+x^tp#F}`l3D!-{^Bx_V8>&fRL%Z`_8 zN?hc(rte7;eR8apU~Wq^7{`ERxaX8zaLR5S`991rpAnQLE0mZzpH3#~?+4>HX#LWbz-cUZ19A&)>Xy zUBq%BFGDp}s9;i+47fP#LSuL@Ra>GJ%YkP_HMo}-7gv+B*Y9}o%k!%r&;B+B6ceug z?g@#b6_5x~hOF>1M{$h;b^7_r^pJn9_{UV`tFLP6-0@2AOSR74-riT*=TV`~-PP4Y{s*pj z?JM=a{3QTZiP+oQ<9|{*zS1cYL|hHw3VwmF#TWVG4!-7(hHy2_&RlBn_SBcJpaS!b z!xUhL;`@Uu{{KVqJ^fvRn8MRxYka%Ax&we;uCA`cH~xkHKjgpeuI_%hx_W$7fcW^q z0}W&bUTgPN;U7r*uhJFjod*2Dg9i`bL51Qn13xb@Ihf_(hEjG5SQG4mqyJpoWS5*OI`? zJ)$wH#GSg2pmeBz9+W?Od!>G?g(b$x|Bgrq{|=H=@@NU_jxTElIfepa1%A zplVY>s<$bkA2S~!;P)|37<~*V^dN{rw)EFPZ_xr0G@tt-e#!UWf1gEkC^Z4T`|dl- zst<#eh3Oy^JRJMc8ha2%w~lBfSIxOfCISI)0%AnzZIpOpF0FGN@A;n}T(4%>Wj@#; zeEbN`YZ)BN;l=}vk&EHeCs^P#z5wNgNa*@255qvM{Yp=E(f}X>aNyIYG@Jm~5&TA@ zFh*?oeDKlX#hn_R^V0zCfWvxv1h(yAH}deqjN()e{ClE0rO8aWbrOXkc183R-Y0Gv zLgeE|8^|1-cQR;FdbH0`<{*6f#5*c&WwHvvCSco10JhE8I`fIjpb22x!vFfbIdaDM zi8JCru(-qf{3YgNim$7-Ew_GQkd_<{|NK$wmT~$kYwo|d=cwFOcIx`6>cANaHUEE6 z>OU7&@xT)N!al`+G-LjiCO5q@=i^6sAa2@bV<8P^0i%bGn7^Msb>|%iLR>V#?0G^* z|9^#*p%`KSyW3I*{r_r-{TL_IVR1j9z&7ar2Tz}t<3Bz*cy_P**eD01I`wAiO2A0`010yOIc^{W4;z~K_~`xG?zkA1P--SIU77YCt-Es$Vp@8 zg+$mJM}{5clOmfzdJrnO1D32p7oHx9uOyIBnqXk(!1#3F-zAwR2}TS9%5d;0yN2Ia z$QN-e0mZRsfMfj!me56c#&Ph*P?%vCttb}zeY#R0nms4j_b8wQ%N--^$>o7icraTF zmYlwv@UkRai2K419qW7!DsH6&qI}O(1)vnqNbZPRQBEfXB#2kkZsKq*no`DSOH?_! zS5~IBK+5@p{RYl+nV$amvuMTmdHc@Q=*$=*p%lbrPHW+5X9DAdglrCjuc-YM9h9I+ zyscoW;a2y(FbuW+<&#GR2IGAz`dAGZSxW3OZ|-MNcu?Cao$2zsx*`vEz}FSN^bG!W z0E4SRr{=0=ML`gS>Nv|rQe`m-tL_k1!(y8+wAK>)fkT%=(fGznianxM6{iUE8oCm1 zaRg|SM)K`Aiy>=T4S^gW=|8!SR zs?t3~1l_RykB%zq|I;VWj_%k0FY!?$eu?Ohc%4dV7>FI7fgG@f5F0YIhTQ42^cWf& zC$rg5Q#FM~T%D7tqHIBS=C=VuDs3FN6X9<{21mTI++}+equ*E9qAVfd;#5%0(W!Mw zZj9Xli~fcJKL>E|ndjdh{i&b-{e=Q~@YY1knx9IsYCdn&Q02)$YX@kGAVBKGRyFMTQtm5hfp{;~p} zMPt@66p9p_6eVCa@tI}W+ThK4YnuRc!h8{VxCXC`#ngl~uUx>X4o45Ps^XE8pR0sV zpT?Ef3@zZ(r$GuqkHuSomA_O~N)4?I!YoN_h|#PL|1@#2624iryBgJ5C%aOqW}vsh zEf4AHXn)ElrLkx`WaTi?+VLI@uwF`c_zKZgB)3qsG*AJ|qr16IBXdfTnziw$$8WYw zqbaSjU9Y6EpcTd}G<0#~rjHwDLRKW74Vw_x#f#2qsf{RYl~C7$+KMYI9ipr>GFj^Z zS>9&Q`;{8HleX$bKV1qk5PW2*pwinY@J%!qD3%_ zjdWhA;Oq6(MS-+*e!#E3LRu!Pqk^_K)DR^M!$3vlHjAS;2+C5(umtf^8|;1pP+Do;m_(ZjGtHcNJKq5*VWR(>CTBHK^(c(-|{CVk(<41yy}=% z+HfCI$JGj6p}VRy6+&;Mg-Y=_bezTV)!F>CCEkL9offKS-8$xCjm`*b?{H>}ufOD3 zV0tZ_?U_-%o03n>>aCT+aI39ZLYZIV)T^gYH_@&WTew`97Aicfl4-27fhnl0#+59& zLOU9@x3=BjYsy=}nktvr9)*52GA&cME?GcVD7`&W?UHCd*z>yz81=FkGFW0G%ZyQ9Ij(7)!1PU%cJqx#7#qe7iOy}vptsTt+H$eR_~h?a2smw zB)uCnTd2R`R+i{(mD<(=K)W)Wb${g=abW-$YHaFib?rFU0@7>9MNL4J+F?u;?(3G& zWx=rxNYffSqrQB1QpPL8TpN&zvO5j!@-1X-Y}Z{-ZUMz9USdvxRxdY~rb}x$Mbkw< zCgE`hxLWBF)FQi@`b&?Jo%L8TbatW73gx%&HF@(oR~(J8c8UrlFH*J(idVQz<+ImC z4pnJ!>aKL>73(j38!*>`t1|7I+TN=rwt9^`uVT7lZXnPAqEFI(DriMezK&i`P_2Wj zo|a96T#v+Ews;eRc5EtN!lB)@F6ss9aTnD%k7$&ZsKz*|uj8a~j&k-?qqNGnM>?ej z08U(h(h8}=3Ue#H0JsTLxmHyc)<=&u4n$G8hSvDT%?rn-916uwELGh+5(|VIVo`M) zu3Er^v`8U_f=;Slb{F$P1qsh>i@K=cMLR>4s*2^Rha)en`#KtEG28kZto^#$TM0Cc zLi$%?O( z?hARnb+*|)YlPAlft&2Mww7B9h<%Z4@|ZOHOpG=ABFErMY4E0)>-9L?>MW)WG3`6S zthIZZEvRi_nly-ddujs~qh(d6dFT&n)WRHHlY-bvZda8>a|r)75DcoLNqID>kB#6e zieyJ}D(az0t?UZHG(hT=Ohez+D4Iq(3MywSrLz`Hb)4*vHVu4Z_J&QPcavjXCLl;( z*X1K9_}68bHtJzov{^aKO6{PJwSm!68%sfLr;DYvx6{Nn)ZVxrWVCnE!c4VxTbELZ zZ8We_*?tgr)f9~N`XQy8mSC#2wbw-ZVFBow9n72brVFCHY%%Y{hPr9t(k;`}#-lgM zYaIKNTm{MGMg>%wP{J%g>WjD93~#f&zB7utQBn`sxCw9ChHndEt5IAJyn_MX7DzvY zZQRt~w5`7l=$@Io#S*w3u;#U}9%iRSu^vpP)v+^}?tE{xUbd^=^N46zK{r02xo&r=jnRBW!+Gc{Xy_BsLU zf5G0x&$k8Oz6Yq`R7TB7j;=tq7>cFy9;Fi>Eh_dsH;m^(j3+}{1Nl58>gPwQCrH{= z??zc0zh~pr+|B*j7wA@A(2mHuI72tsEBc|2^0AK%wqglN)u&WB3$hu6;c!UnX0$jj zvf;$Y_83~Z1goygHmzzpSWdXY1k6k6;RJR zBdy43y+P6%+UMOTX>6C_#7_0hPP^)DwHEP2Pmk8*9904D+POwm;m_w7?S`OrZz!<4 zI30~3c2aE9w)XCD+z7ZI#XKE3JvbX%fa>UKR1kM_G%6swxfz>*bmjJTE=EJ;UdKQe z_hPY1uVifNS~OMfm9XvHiiXPl_S)7iMI(S-Y1_q}Xa>Ou8NYTu5#OeHGW`2G^s4yp`jzShtXs)ZpAo)0J+fq83sI*IN-{ z|1Qy%@OyM78hNy%J9Hz=&rSbUuFxh(TRB3TOdgeZR|b@`S+#YSp_YaCs(D)dCcHbyKE1%m_0aOfTmQ zZ5ZafewOSshoI#@HH__=N}D89rMk+bT0)!US8c*vsoDj3DOaa%UzU=1){syOU`r}Q zR!}1uDqrYkI!Yi+r=*J)e5*-sOLbI^+A3=CqHaL{(SdXSNj_QpXJ?81KnBh18^@;j z?@tb%mf}Aj?vL*CzkHF;9$X^Ea1x4iYO?>~c8Nont%%Q6HHeXW&6gI(+JiSsLV>R0 zI7%1=y2QQ@3qP7cfS9`^;o>nQ*hh@qV6g+NJx8Hu?Lmkaa--;hOstJPnS$+K9y%bT zd=!eBoFs^G0zL_`V>zdjs|kw|Z0&(cLGkWn0v<`IaCg&XNWGL(AIRgUbZl3I2UWC}CW_G;#ovRTy%aOF~#jtE9k3 z6%!gJ7=uV-NQ}}s_6Wod|e66=dztZ8%k7mOFk#MLUNRg1S3ZjIQ!uW~#rpUZsk7uDZ8JuRK1LllR{-2J zdDzK{vM7Mp%1o1aKsgUG7KrjJA&Ui0WD+M{m-k0B2RBL*OyejNE2!3_I3WSy%Of4b zgdxU<`vf!k7%n4^K317k=wralb;JNVmtD=_a4doW)|)6D0$Tp4G*v%LMHfzsDaTfn zgFxV6kGP0oFHd*?4-)J~L4ZRKdk@E!HJwiBQsi6`6AqB)rKuS!8Bf(PBav}*Ngye$ z!P@p_kc~#Q_JD1td9n7LeVNQLr!83LKR97rDy1!UQ3x{(uIMcC0eh;IoC)*D_oG|> zD?6bw^SN%3pa3(Gg2B3j%k(FhKX-77shbe7g-}zb%ZJ00+0izXv+lrd{=mi(9Y1$% z%UO3Y&2mmmYub78I-6`4C?s=CS(g568@^5D*f66j@NFv6UDOx6g9(dbxSU*^zJOB| z-W({JV}HE`X`D7;+-@LE(w1e~sN>s&iIJ^X$Hk5pgx}&%rq~9a-IJGo|^M>afnlGq~X8GD)X;kHUkClSw`R1K$6e zXlp+g%sE1)MZUEg{CrRfaJE}+LYkmb(_T7_ykahgO07G1jTbACa!mB$En34ex>fQb zWhmE*^0cS|q6cU$=MQ62r3vw^+$P`zP6Cv$x1waj5+Dg|ks)F#x>{w6;M_tkTOnVO zsn$TQ*F`tP!^!{0Nk~;BcZuEWV(KbYemFIfAhJwwj1szR6N_Ye3YaHRkS(F9^sqtG z-5!JBCwrVynU)rU`N%nP4(uaNp+{(WM7Lv78ts!4d6GmSXGwsV$bw4(K`efc-4(+! zi@oRvF>Xe10FU^84FkxCQKZG-_$D|@@-JN1h>;ob30r5)j6w*|Z&8xw4CywlwCr3S z_A$e@)KKFacM1x>$n#6)+&Y6>6pGaFvM{8HQncgw>b3>tgk|%QmzGDRJBXuN+9HqI zB($T%!^w0rk#b;(RhWbzYQY0;l%Qk{KB7!6I^D#0X&eG1T`zoPON3v4dI*d0%CMjLpdYz9fF0iF_C{jVG?(Ixl2X#wN zVP#nJ-k?P1`9Gx~Fk@fI}d2;ogv3#z|^8CEN3jnx{afbf#&yD0W+U z2|6)G%kMPJwN4T;yiiOKZl9l1pVvhc@}VyjqtN4~H(KC;uSGPPvs#hs48n_i=ZUU>h<&JSCPM~hI%2Nec~dnsTi>)bW_XI#_K34`OpfbxYzd}jy(8% zg+fNy`eB8F!xpo%N>h8&UPIV;ONjgOho4MjAxc222I>%2}?!O>KvN;&Ig8EMiAO^~a&I-hppOYP-B zVG7AjE@{B>-arWkDoO&9oDusunOlz&2y;aIRf274qEnzNcgd~u1TVPh^B6uvA*PQd zhvgPT#FjV_$r^1B&q*lMLP;2;U^=cag-KL7^fs0KzREbs8JWp83agNt5H!XvnG+>f zCdVZ-+wwfUtmyEGdaQoDQSJQ^uczffc^P@xHOLAL#Z=U(&?~Pi^)z@lD0E9+pfYY% zrbxur-JxA{o0<{oSK&+$x1Dc=%b7+tS1x;2FmKuCMOS5&#hQ<@jBz_I`f=oFb z`@y5%rZi$JT(|5Mb>Uv3xuu1hiYMl zife_{_HMaqY`oi7;Q`lyuqTzK0KF%{D##Rb16})DY37AQY*Pv9EY)A%zCIUYe8LOa zOIb=hsp#05zafq&_A+g5>+w;H&Lw#x_E-VAE~a9)E75qBL;*xA#`})bq8SNgKDD>C zP4r|p?j%VsF}sbD>&#wM#K}Do5h16HUTxo;UpA3YhraIOnk42Y5)cN`NQd*wuc^kX zpCaTzT6O1csa`!RFI*Wz3O9m!!K&?w8c}A^BDNJxdfGO#WGWSvl$C8h$Q)zZ3a88105jwvh6FD!^X*otXn}}_*3Y=-)cMr|Di!LK zIBrLn0?`k3YD8x$v%$EMy~Yopm&Ar;?Uv zGDIsV*@k8kQ@J6$$8{7Q{y?^HTx)lrja$Iymw-Gk;T+%CLncvx>v4Ml2vMl zi;g`nvyAgxn3vkYJ`MeLdT3LgzAtMrZ%)GZrEKS7O3-PcaWAvemdzcqg9%lWD|FiE zf6u82u%K{j(bAL`)aatlQRm$MtiI}Mve9O*^~+*URlU|*d#p{An0(h|3M#(q9>!|f zgI&Vf=)dkkdX?SSW%Nx>>^??9Nv|oRuk~g3BPhy>OBub%#oQzMs=vF4zRBI)1Nyek zsGO)xzNj9AXW0O*%)-v*Zx5U*+rSl~IvBv8fhdDPT%xa?J=`x*Rg1VpR6B!sYZGd7 zPSL8oYikVmAo?1N;m&q&MpP?nxE)btgSf(}c7|}j-S>BB3)j;5cV-pW(rL7h4Sn5U z9``#PYE5GUQ4N-H586>T+t^58$u8d72rebRl`Hd!yp5Y0n`utn)CFE<$9A@+o=aDv zE#te?&Wcr#Zl@5`r`0tYGbtrs$doB(>TNb;Ozi6W3{Hh0lRaZ3q~8NMhAgtv2J8*i z&DPV`n9A7P6QAvfPBpJ_!%*n`yiPH(aXscwMNzzx5fBo0JdZATH=1om7q{BB}~UJ@VZgsf|f=D?sXqsHz@2&eV#&(SnGo04fsGBiC?3xsiz74=Oh%BA&M5#O|k-w@Dp5HImi1Y1GLIkgr;nFN);<_@MK=gAMdQ=#YAsb6lYJHNfMqLiJdW;j-f z=!Y2%8>dD(jQfi0@_T=|<03fFFqnh|u_6Ky1uT8q+fdbbt84vt=GoBENs2@H^nOZt&Kz!cU*VWDLZVi zw&9F)Ya`>#7YF+M`#$O-}7yeEJf8Z|;0kqHUA+%j_(t zTU)A|vS#P{)IYvsyf)u<(cxQgj4Sqj5x00Ldv~K#T$?k+qs7}f!z-u_uJAI(o;={y ze9s0DMbv%yy-i8V4U<`7|`TZ*DWFCu+=hSZ|6d9NO4`*l}fYXP#mL#f6Z`Z zX%o0W#>ic!TCqs^61p8jaCb~)Egfc`+qb_dA@$VQIlZZ5P40XHUj4M;PI#Lf1zWfZ zx=3e1Pcb8HX(p)SjVgEF<%|TUv_%#Fko=~C9;sSVv*)7JQO2ffd zP!YdO(a4q57EzX~m`f?CGdHPVyiG!zGv3Y^?=Dy2HPtgstBfJt45p@J)YHxs_#%h( zHUx;2)Mam3D!Oi?pnc>Vka`78YMO~;H?>|yjO!$9iI~Vn;-Zj~DpL-{ zKGu(KQ;0%;EyLMoK2|l)Wh%t8_b7;cO!<#JIF-pBQQ-)0>78wR$dOka|_VXChyU#EXA) fuG;(0{pbF3|GEG4_xXPT009602a_bK06GBxVA{^r literal 0 HcmV?d00001 diff --git a/assets/percona/psmdb-operator-1.15.2.tgz b/assets/percona/psmdb-operator-1.15.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..95dec9eab27ace2d17a10381426a18c87bc93a9e GIT binary patch literal 46487 zcmb@tb8u!)81ES;6Wg|J+qNdQZB8(;?TPJ7Y}>YNCvWoZ{O-NGTeVyFpRGMrt?I5m z=T!GO{q*PgHc>PTI>>()kOqX#SX!0YR9b;k-kXQRgiVv#OpU`@SB-~LNmG+kLCem@ z*ul(OUByvA+T6|_O|KCFLK zi4?4{0qFu>FIVeLw}xF~-@t#FW1tZ5fy@6$-q+Ze{ugTn7sHejmI?V*w@d zbaDnIrBg~Ddh=QcZM~hL!PuihOS7V-yRT3VR20Bj1Ru&*K=}?1Dn^S>$YucP8S47tOyhyT{9XZ} zj}vd;dSKm`c4Lsru!SjuiBtRtKx}??no9t8^pPl^NC0?qrZa0fk<7ocej7KwtAmWn zH2i6oCKwIQay*}L_M^&hOuYC|sX1pA*5})9w^n4X>-b5_`sTeOxn{4Ym*gd`xuJZocSYzTc zRVvkhjuOAZsdm2m!GBRBu#g=F4k&H4&1zSw9|AgBB`}-ofUw^Iv6%8|{>8I-eBZqY zZ&5joC<eyj(eazfnZ2Er6%TG2oS%ycf^p(cm}pXo=z<6y7_R_X%-2w7!`T7Gh(w4OgiN)?&du>v!^NMSP4VT;{tnjZI}Vyp_V+jE^9 zMMWjaG^|}GLx{Kcbo5SMHCIzwl+vp*DE(5V_tGSJ1@JJ~;^Rw0E$Fp}mrT#=94lTZ zkLept0d8)Ya$803W%&y?V4MqP*mGwcuNpgd_V=&psVdRAq&B2UeM(fhaO?0)5m@B1 zY%&h*v(nUl9?i^NJ>k`_hr}631+-PkVizTk+y17;m;?{$rNn&Bu(;-XBmoY$>|cO|*XyGp=x z4^}*uqEK>KJgro*htI%;Wd{dAp%XtHV_9npf}w%i;Q=87o17WJG*WpkVwDQga()@p zmn42!tyimQ=!S%UWA~J98R-2|p8mpPWI)=UmsgCtlAHHRmwcw(jWJ(>+|j7BUbjm} zX_(|VVF)0XK*j3CsrkA$6D?w)Ynv_d)ERYbgH_`XSh}o0cq|Yhc3>j!-3P^MVmqD> zI*GE0yFTY4j6F|))^{y+(I**7CuRKJrW&m?oOK#|6vsA{PHa3sxb?}pSvN1fQqJw%|wY+{LNh-le7~8Z1PFRw!4BU;J_$Dj`7oRefRpI$k`x`JW>YUt!&6L=m z0#7mhVv*u<1!Qdf=#96?4cDJdT!>CiKYDMn+`l?a2+I@>{GK-4xm!mKl*{<__e^5I z5q-&Q4J*7`xYki{49yFt^wL z`DQ+(M~VI%=z4v1zUirD8A9e?wi!Qf1=N`b_I`d3vy}lI!SjfgH@H<9nw3{nQHhw- zCL$o6{Yd~%Y?B%vB2--IA>Plo#z92Fc!_>CyOT8bw8hhjvU-hxn(ey`t$Zof(5C2Yp{e01 zyKXeh&`>GaMPlN8_OC~PtcD*__5ekZ;E%AWr~N0^Q#dA><4Jib7WS~~EGR-&yCWbl ztDe|GmEgRshNe6i82I@0I-C9meBJGKddaWpyX_VFB5U6__Hdl8<~e`fb2RQ?*a__> z5A^%U2R<#-`B-{7m!c_Yk4#65;n=jT=;$5`ejkQw`9zWO5Y->J?M#s zOvNWQzS@CGbsK8$_`Y;2j!I({jU{-qcYjc$us%HMqaIBXI%B>?DUZ9jr%yB1>nDyj zMSq=dihMA{k7R0oAC-FwlCsrF>_k$rE&{Fu6M%7-?J87FsAj9NZVyfCoYzjyO0-WfT;#XrA|R=*Ki?R9el;8=5++Ik<(`4* zKFv#df{akxoL|162y~~}sIyb4iFx+Rs40OMb0lzCvpk<~^CKD>Tmrz?DNxBC>vWGLnc=>X<&_59m6_q0uC;7+zHLH~dr5$MTUBvfX_c2B4uhOX*WE|dEbe!(7 z7MsZ}x&&;CA*4)1o+#k7;>ow0_gkKAJ$3DdwAVHz<5&-Rq)%O&Zg{INs0$HsnY%=a zSf}c1Pib-etiWArpd6int)p@X0C+Pyo6j%~6bgLoP6p})S9a!%H2C;Dc6m;d0gta5 z6EmH~O09kNy?8v=R^|+8!dX$tO9G8kPfoPpSP!Y0n(*W#!|^(pv?oyBMM(+Y=@*V9 zb|g0F*$OcRN^NXsdbFcF#@?SB09gG4X>04~ z$@V10+&fphaCzyiR(`Xe+Re9h+a)gP>079me;tpV(qd1K_vkF#?{I2z=HwYBMWv$@ zKPZsOY4K9g%5{L@0?K$?d+%J)0;h~759Oi(>veIm=`8QFfd;hzoyGq$gbc54D$b~N z%`^gI(XJ6;)i*XB6pyhTWBQ8!mWOmpINP|AxdF6(ITv@AhP!k>HnCEQS9P)cSrvap zY=o!c2WX{Gl32iSCRgV&Tt>ToW$a_HLGS0eVMx{FE0xwQ)2t$vAc?nr|3NTA#&No$ zdBf_eCDDvQ2=A2q2j1t$@!Q4GEzrjoaAN1=?C0`#>2Tqv_40a`7hqY2Uw2W%<9u!H z;B|KrZlRK1KSNAIyq2I`wlW&7$ICN|!E>A3KnA5p{{wvdwk6%J`6GROm$5vrD+ew% z=CPLGV|#f0_Jj{0U0%Oz;yykTPV z>JhauD)%~RgX#pClw_F~K)l;P*P3pBW~0Hc+jXv8hRr}A;7aclxCvVvb#2wOqyt~Z zSR4Mxw6Y7&_4@bZLK)iwc4RKza$}9d)cN*xcayX&M0ZUZs0vXnbd)$-p@l2M&A2eYb+iRo-rt561c#)!#j9PKnbkxLJ>2DhPfB^xCxl+^CQRu|BR7bvOuk zPLK8zQgSi;E`eE#=Q)0^e2oMYrS@WmA3p>&w$F3O>A@-~)))V#a&XbVn&ab+=@Ii+M?nud*6Sj1|;nPTv$vjVst-O}WnFo6p7 zJrq0GS0WQ@maAPWA$0}zj_*+V2Uia=d#_O=ewenMDE+>e>Icw}Ef2e@gv!al)AiQL z`@mfx*L$MP;A`0ygoCLh{L2{{b7BTF)T5Jx?;OWz^n?JyQqSfLn06EKOg#(N!L=#I z(u?mGb?eIH4<$+dLQvq8*|w$F#ZM}hz33B^Xe5zC+0y0&_y?KCu}7x#@E&6q?%hL{ z#il?=eGK4Ka=}C3=@9cLN#xhV@3x23S+G(aJs+KD`X!`x*>jOb7A;-Ih|U%-S26G# zwdtaJ20X>kwij{sgF`b5!;KNjsS-dIB&keIk8Db-&OWXf!sg` z^Y1+L`QBkCuEz;`alHAlQ&~!#UqI&j(asHiC9@wT(@$BEdD~OYXbg?nJSL3t*2Y67 z3GTL*s;9vUjU7(_q^|>}Y|c=+)RbQ)n!y8d%L_ML6@WiUshu9ND2q~uwwkpJ@?g`J z_is|3UmaxmEY18FA`IV2zmJ((d(}OIeU$6nfPDYf&!a&ubu4x_z5mo3xM^pr};fr_4VFcexxAT+~g)op623o%soAVv&@!&pRkBpCaI#DO0d z7%7dZJng7`B3%o}lMJ|}Lv3)TL>@oXZba!d4RDzG0`l{a-WD3kil?;5m!({I>*QUi z+@87J)rnM2zxI$eAs-=8fgiY5`25>`w)dqagPL`~VzXUGGgP?pT5%JOKgkO&A}6FW3KlVW3o`d9s3eRu9un zr-2k$>_5iFEotk9YdTJjfZ5cPO;2bFbvjRhqa?@uiBto?#mnv!!f5nI8Ps?B*+8MV z3NB-_mvo^-Qq1q{BFiJ^kN%?dd_sZu-R=r$Y3Z`e5+Ri){Ld8FADxfd)lCP)q%q)% zWbwy#qUqg4&)+PU!tfl&Drwn7O3}^5>sp}~I+(>P_y0Dnj*gD;R-BV$B%?|p06Gog z0N}swyLUdRjbzQ&&-G7qaM@=VEeC@VgLX=}{CLyoXTSDQ+Eeu{^%Wx%drFd?0Z+9v zzatIS3QRQh6EC1iN!dx`OsPOhk*?Bi5s zf%!tf$4B!|;D40CaunDKYPg)veYK1UJyyAFmTAYTM&z2UnRb?Dcz>FU#5#B-dYGvv zTryQR)xdwzt!0-2QL*Eh+pa4#^ZT2IE^pL+UH-aYP&Fs(Rq7A9VDF8b(u=>IdK~8_V$ZJ45SF z*Zbeq�W!iVyGMf3}YE>3gt_N4en&h?iDPpEC2a3Mre2a?_&(Pqn&}hNocerQKcO zw>hU%ohQW!B*cW}SD{Wq?J;J)Qdq;q2rcGjM#;;C8W0$tJ1f z&HQ&ZMp%~pXIH7PGkjC>iAg}8b!UKq)~U5)`k&-B}#H7sCSUu`XWW`CM z1)0(^mFk@$70mz!72QyPEA6pHgYBa%pP7TV62|WgSzOj!3bm)6gy;jQM#7$i#YWZh za7X4lbAt<{JNsL>^Hp$b0N9U=?}c}N-I>p~=B}OS{_I5}IaVH;2bzbaczh+6&(|Mg zdV+})0Cs}FjXA@?e<@jM`V7!r1Hd*l5pZBE)XcJ1#4AP>AOeYOr&t*3Sy>miFS zcPE{6zie%!s4Ho+njoArV*Fb}^l@d@(Hb}rvlK@AE8_j@n`jDvxk#j?TPt9g9GN-e zc%!j4WXNbqG<8{RUa4bHjKIei@~)B0zOo>dhnjs(xxPa)JgURO4>;oG*|mANq-K)0 zW@meRXP^iV(7j^XZa#ohEmm}J42W((uzhjtb90cZT}haN)xcOcEU6vFh{S$$jh0<` z%z78_2`!9g&9D{-Hcow^b{_B?l|Vq(smQJplq4w`&a zV;j;hr16n`Yghtx-34*Iaowf+Xq-VEyFKatsE0{K2k>?_Vy}|C z-4)Hcv>9YNN|nxZ6`XvJ6_4&JhI5n|x%5Hvd## zbTf^XyDxnwd8y;dSk_~3bZ^4jD+@4WQK(&ia@5g18x@)czF$&_9&?Y&HNrkr_~?Bt zT@pZNjZ;77K`!dlJa3WKQmJFT=$5kjR4v&m1y;+OdT_*+wC&S~A-uUe{50&c!D>A^ z#=DPDHvnC8a-4A-H1uz&B{#NU%*dp%sYYgv)MT7&dU|qi(l=~l&L0hG=%Obfh!S5# z(3Sj&LYSzIFyZ(}L?zFfz*AvkKbO=1*pFRjin10Mzq)<@5Y!~Z-p5!(#G%@a~HtoA{;+r!LhZ zoAbh)Ez@cbWSu7(o2?iN!-TI=?dX)mb)$%l8ig!WG}9^I=*J3sCt!8CX5;dNgnSIp zt4~Qg4oK9p!tdo!DMXl&9%>_51a)Jp7%w_v9=j6VgI6xb6bSIF1^OjqL$P22{D zl;+#x*F22+WmG+2DSQEiSjba@-rTn>`-kK{HLd5^2O?n(gUpv1-#5@Er0%0;F;$Gu zTi=aR--d?&SYQP|gHOXHR69k5k;JDXn+R%upJsQZ#63{b=V0}rvP8!*%?SDNX}`H^ zT2omxdO7_Gg1x=cNF7YAnIbu4Oh8J%bkPvP)Il^kMp~ZGa8FkFBU(|VVZbRLe&im~ zSPsTm*yZvaK0?EV!`9yJ9yMQ{$i~QRN?sn0VGwLnwmOp_F`gC0^YtV-B!FA}F2|o) z*%G+H{ZjfkeFp0@@Z?ImIu+;&uFCMxaueUunc9*zWtn)wuH2rvQ=ZO`J6B+hQrvXo zrCIuSpIwtPcWRFFP{&r5!hF{7n7_nuU$uZnD-;%%Ei(m73LI49Lv}&>{yC&YSCSuo zeh33;5U#;O$TmwF6FN#mqlngNdZ2~+XEf_OQALVd#}r4;@WKr9eJz5@4&r|OSUhC> zlW%)C1Ng=xHJeytKSz9>0g@o|xYS}tUbrYkjHGQ3%=z{wH}X<%f!yfQF5(cWP`Vzqge$|K~H;xKl~nmOKS%?AVZoKbQ1xV5F(R(^P%u!JBuT_Q9L&I^J~j4o2jNtFJdE zi3_a1N)ncS!h?3N{zM)Rmm>w8x7{{JVQ1MK+VJv*cnN6}N9~hH0%1yqaQZ{e>81L0 zjJgI1NRkm=6BkZb*gJxGTZp_wc7A8SYS6!L!uG{7nlP_gxtC4^G0nYhE zP9V|LgZ?BP?daLy5KexM0*p1<#R7K9SNjeu1S@c9!~daodBe9F+eedu9_imuQpt7YFs-(?9P=_IFc@C9m(S z@5-Z{8SeXIy3`{U(0_o;f9o*$q0E5XtMF(EEg^XBM({=Kw;SizL6Lv@ zTS9P_;GO$no$P_9+9~9eai=daUgN>Lk4J4C59F3iLh8zFKXYCoG5B)u`w^ekj{8bh ze`f+3!^|$K47xOI=?Hzgu^}z$Z!J+BPmj>%I^4LUSKr8$yf=Hf3?*q_7i|29+Zeb( zz7EKwV8M6z+#{IHq7$a&HumFgN}5^_(=aao#&tEwIi$1m9ETn(&#pG?ZLD;mN2ExS z3h*boJX6?QombzIy7h`ScR_#!Yh;|pcMxzSAZpE$@ch=0Jw`MCF*)`{Q~Vs3e(JNk zaPMX%aFadAK&C{>S@(n{C7!V!q-BM?IrxR;vCucqTWN;za^ z#W1geaoYrIqCwC;vSF_o6blW~*fDqXuBu7Y+D?>zAnQrsM>tn%YM)skFPChAO}rOfa*6YBtvzBQ&mG(qoG&)>fs7ZTSwdlZ~a)jFw3N zcjXH84G`0ICZPutRzjq%BU|?`wxVOViX2G8mju=7AX;b(oG#_STVU>7W_*kcW#5^j z42*Pm49c+8d+}%Y=c?Q_%uuH3wc}sOu$eY{N&?It1_peU0FQo;#tR8v0-smwh=7mO zpQA+ifV(5P`@vPEJpKT{{VA8w&!0J86ZwAc*cAKj-;3#^MCTGoZyX~ZOHUY_RVF`b|IGUDg7qx zLIbNB&H&d26;JUId)ZP)LRcn{ukEko)P#0GcFC^1I|dPGDUI@5{&D>@CY<__;7?lh zqT%bf!n2P7sQlt|^_pDU)L%zhC#an;L{zq;*oz7rlR;B|7HXPFOa<9QSkT5m-WG_U zL2=3zK6;zW3SM@|w*E2FVOt5K`8z~k7MIT&Mz%cPp(eMgCaSoigOi36?vH)jCbZ9A zqg5niXuNG9<$kAWZF@IFJ8y+mm$|GIF5>`I$Eh&)CG{lKc`dZe>cGg#&}m0ijo$S) zUJRSR(@)%D*|C9j4OAfK?%kVQE@@AUvt}nGu=bQa_`(%cidN;-i zF)OrO?*3yfC`AZ0Z``O!1gntB8v#FQh#sDygu0*SSENvv>}56%NPqlNh*Oi^)W03A zu9Fd6V(EmUwI?ow^c9mn%l3f$oGzxh__H3eUOd7s#T#_e#xwBe3!Ov- zVR~p0c^YJ%)usp=gkY&kJqYol2yJUt!=Br#U!4KIeCs-TMr!UnByqxk2i(d^DocgZ1;DqAQA|SOHHgi6Xr~S|37*KaUe@E2QUE0S3R1~ca#ZU$BME7+g~Ux zJ;R8gmoZy@*i&TX7df`?;^J{NrvnLj4t=n?(d6PcIrZ- zg1~;5I?ZJxicP_(yW!DhZ?ukMF{JIymiOuDEGS{#=UY_ z+i`NHz(SIB-1kz(5%yrvAmW&_H}JuXZ{#zF6fj+#zBB|Nt0RNC3a2rHen*AfUM0e9 zCgfSH`j}~&R|pf~moa1UU8iU*gcG$UrVi;FB)$A9$lYpY1$BLw*%((gF@3Q&qp>DY ziu@x_VShwxO{OPP)jd(}tETRSX4L&Ry8z>Fv$`xi?uIh!7`-aFuiI{e8#8y>jdq9W zdCQ*m2Vwn_eMVBu>l%D(bA$x(h?{K{*kE?2 zE0;Z#>b;(4~R&j3To!(Y8!Q?i4-0`pehAmzvdaSLxJ#9vl zkhv%G=5((dmX7nn)9~(EW5?Fq?H*-=18LV&8jm~^Z0^y@G7M*5Qxv8GGZ_#7A^b zo_T!yNyuQ+b_M%?sp9*7z5f5W!JB3CflSXYdp@Hgyx*nn@y%0$BJ(||GUFtMdIfyY z%HFa;YJ`>C!m>Y2KFG$B(${)qxIiJy^qxcICycVGlBpsMd&IH8M&dIeMv03=|>GRfJV^GBYI_UQ#XRxr9 z!5sFD%TY1iUn43Q@Je7K#nlrSo9-FY4!lL0BCS+6Q?qR5{N4P8i>hLi!q3iEZ>^g7 zo>2VLMW-`35(6@)`S{cRn8TW?DUzUn(ZEA5Tbd6?abwci#FoPTn8%uCQ3kGEabv<` zL9-`$<#Uy`C|G;ShM1Fi;#Z^D+FIIy*alS{3Kgr16KN5cqM3SsBs>*sCBYV6VuJ!( zPMEkj8a}&X8kzlx-3ZGR>S+Xz&9)v=p@=Afx3a@f4Ysm=CO$s5Qph7aw~`n`TNbRZ zvReQDb1J!MQI;L^zqZLEI(*K}gGZn?4@n>s<95P;og%v26!36+Cb&ZLc+SD=L-fOP zC+>@np#B$!qv5bQp+GSHDzGkO{6!3oB{B!k_{)fm+jH^1d7&_~y#znA-3)z0`Tv?1 zKOsaWy#bt3INZ5OTy|2dJR_VRyzB$$@*|5*rI#GU$7-%q=f;T&}Ew& zlIhznbn+qfDgMpIJRd@}i`ctAl+Y;^p#JWo+p&uTgl4o@>>mWS$%QOHnJDt` zY!vuv4CX6a77+bEY`7qwM`|4gdu7A|2^nj~8(CMfTb*Vg6|(pr?tH=)obJ*FkaPac z5d1y^H{}!s(@Ui{g7_oHMplSi&U7SkUA$aHQfST=K98G@KgO0bcOvA1wqxb2E{nko zie>u@Dm3*9=Uw9KbSRp;oKlU1iRL;zejwTt@^291QL7sv8mwhPAJ{3N;z4X-f0ihK z+r>b$!MexFfEjPV{wPwr$%=33WuRjqCm6iSoLq!( z9EpWVO6W!jNZwLwn#kj_dG$V|yfTrg;oIBVr2#a_~z7ZwQ*rEojdLHa|D9d{0;9~9}(P(rl)k>12-R$kocNj}4G+n|+7<8%lWhsG+1g?>&i*ZzMZ+AtqL zV*Oc`lS53UAiMj{wu~OUUkOGE-SLN8+|$JivFFs*a2#o@=4e~@5|MP)cBsEL3wWh4 zjT+lV(@~Yg$piz$K=+%u`R~>vD1*ZdWjlJ?Ng+H=HTBHkBQinJx?XuQ(x%y>$9`4O zFRSo!q7RU9e5`}L49c#lxX_Z2&iL#893xrEYu?|>J6OrgKH|!?lFhZjNW5E@V1;kX zg3o~sQUm>K{LH_i`(Rv%BqR=QZZ%;wPT6@kZ0{yl66goYOvhVe0iI#SK{f+MG^H^$ zN;1~GD#09wJDuhkyricaV})tYn@^$JE~@q3sCIbSe_3I!yHUk}nm|SRPpC(}RjB`q z1>qeKPUpwZ%c~OFEQ?8Ek19DvGNg!M#NZsNKIc{UZptz~XcYg(ch$2chmzaGyt1g~ zuq}?qnorfIbzk2D`JLH)LIN$Q5VU7VsXrN{b;EAeC zXwblnSbkGY3*FTr3koHVplM$M!Zr+%>!#92g6=o0X-U)9HNw@SFA2)fOr-w~4+oxw z&Sk|?aK6d22Zn8qW~KpQ`g7Qz-y(#T8Iqg5?l(hGy9!3;O3{wkfv9FKO&E*MDMs1L{EtoTc5U2-HrAfOG_kE|~0_$XTIyZxS4UczFd5yl8*FPX4m*g~S)RN=R7ds{p0txvF zzw+;0ES7&^mc{R|+dUK04cc3~pP>zFc51MM5HQxB+;yAi-ypv0j; za1t>45eV!_W@jJzjur6eFFufMlJ-=YIUvDMi~O2FwlIX1Ig)FR3f4Dl)YdLDVr0|9 zu^B}kMS&aUyZR0vG~MTuQ(@4ue(nnqx2C+t@-s>#f+PHAR9HE<21(#BmkI0&!r%po zmykM{kfwx}nCvMRHi<26!*HO}{q=*=cTdneSFrNSIUA?Z%4;*`4*0RU9&HTOURIbb z!mDoXHN;V-OWep+PX<^CW6w06_D*4Sb26IW$4xdN;RxH9d>yqqsGUlH(vugSnGVOo z;k?$4x!cWBYRg|B-mAK3w2Pu#yC?fg-B{;OSR9Zcl->ErszR($DwJKNFcfwAHy+8{ z<+nQl_4U(^9@I%yvyUL!9|^ZMOxnOx^U?(xZ2=UL=b8ip9!<0g#z} z{pq{HkT0GFLEtJgHQT~N>{pY_n$Dc5QU6f`78g0pyatwI#&K4lkXnJdk?dYIp+=!yU^i%^PJvx!ay%zU zV%w0fneA*euEV3PG(XYboTTxC@AM7Iy;gROEqwPx(+T^ddp@WgYx=xe!^zX%&)0Lc z4*XxhyX(98_`g@vx*-m+ZHCw?3@Sm(`4w7I)PWllMr)sX@RLZGtiNiaVRZh$0jm{C zz*s06&P}4uvobj}OP{-2a$M4%0J$M2SQ_n!qDYo5`Bj7WOL9Ed5-t0!Fw}=raaTOM=&3Gb&a(^<@E4Rx?i@UO6d`3aC@az&nsWEaS z+^~h~P|v`}<$B#-dOoXx(X~gZS+vs~6$9}#*o!#OdH3jj>8=mI{IaieG#n6`v5EZj zcLW8Zj|o5B;{7=}gAC|8{F0N^^ImR){+PU}GbV>V7iWjWVtLx&s4`rtbCr9>o1IOfwO{foGjTko20kL*ODyRRcw2vZh`J+%+p zj32bV^CmwIdQ-5f9ymLKhrIcp(nsE+U_D$ZRMeaZ*HOPCub1tD&5GCwRI+T75_JBF zML`5O_HHHx3=2VWoQ1x(ir{3E4ZHr>?Ivz4b3CqZ6!`gJs+IXeGicV!G z)c%-;ho9!DiS0@i%!-K+=Jtbd9OU;i$eNJ4IA;U}o)xG(vYSo0npiGw2VxHH28bfU zPr}h3N3h%+Zim%5xEJ+3KVFb95T-^8;=uz3NlTah*(;ZtI&FWWsBoLpqE?J!=8)+g z6C#)k`K8G_v!qKYNkJHUKiygyV)*#1@kd$Z;Mt6|npEWpPI8R$ub`WV$yff|h`fQ1 zj0=J{vUj`|yoa6pTULQGN_ythj2MvIa=h`y&ig|JruT1~!vDn{#Y)u8serO9@77t^ zs`pF{IUaj|%Gq@gPvl4-A#37U_W@>v|KD$U%P4rxCUyi9*~id$I0&6={q{Sze>(NY z=$T*CP0;JF4)eJu-Xp43`yy48)00PC@VA>XRg3dUy z!O9UkW4-}v@TI9tw8hS1dgJA@xjIe^+)V{+a4W%VaJ69qT^-y_d-ypzbD5ANP7zox zmY8->mY7>~-Q$^%w)@EKb3OGimYD207$*4?Y5=y76D1FeDY{B+qo`Kw2*HwyrMY3; z*k5dL8tDl3%8bUnSJDyWhbHSQax?$7A--zSK5*7&Z?aPnosq_SM1b)55lk7UDwbBJ zB>D&DBVGhnx zVq@ZYd0i6<}zSBs{2I6<(07te;J1jZVf?9y@a*h9Y$KC7!%w~p#vY}JE346M4GcS z<1~`FC&6Us51(xi)<*_%le5& zmNb~TJD2yJC{h)+HhFY?tYR zA~wgmBKfy3HQD$gtYzDb_hj-^b2L6jWYQ>$ECZiChF%f=W7|U~RY}HWr_7hYD@G{a z6yA~*o)ZF)h8)94|2#qA8%ESi7AIrqSi^!nK>#)&&N)j zxGYFcgCYsUXP_eDf#<5_;axaUD$OUp2%0m_tB^6Oh|Rjc(k&B_TmHjCiy}F)d1xp! z3^a~&7}X|L!oTUU{{b&z{5~2&l4S$Rs0>x7c(>EUyD={A*lJLxMjIaG@NMd{U=bM~ zF+9PYo7h?6px(3fd?Hv`mJ9kr;-a`!nlF12D_=)ZsEuxD?VI)4f-ZRG+M*Xr+e{gf zZan=ay_6@2j27kvwxjt97@FTsw>K6jKk^CUCHW70HiC_*ufJ*0x_)ZsT8MsIPG)Uh zhf4hOws2^XDgI7C=Dlo9!}-POr?DO!&ZM={OrTJ0-R?h7=*Iay(p#ogi4bU)Q}W+= z3vV5?(G4%B_vDetYK|UZpK&-F1S1|i}`pV)N@ewaa7Ce&N5!tJyPwJXGj&Bp_Kif{A<)SqqcJkBey99wtd1`lLWovz5DA zJ4GJduZ^mZyEP?)I7T*1`Zcw4X2*H(O#juQ1u3zjB*X2(_&(9#AV!Jt=KS3c+FHZ2 zgl*MSE_JQ>Kw5#=2|3{q=>9E!49 zYkn=TC0OuZb}KnVNLQG1!i*y=H+SKNg3fR~j1j5(4jyt7^TAWE121j7Zm|YQ&amL( z{6q5$?*p44Y!Ty*?|=tQnWWRb&n`|7GJ~Ih3AODfoxuzE3##-Awtzk(fe`N~*71Zq zu2-J7&!}hQhs90;+X@T`E91P7lf8` zg~%tj^t%>kjfRwI!bO^d{Lz}~;4lyE>!sYyuu!s}N0O7J%lY?3bEu?zMCfdm==a~i zrYLbYGPkHu1_uo{Ofr*E0>6KBTBo7^%yXF=GlDT3!7+vckA)^PFss;-<&JVn35+my zb~G^q_;D5I{ew~t9Ea6PbBZ{h58S-2g(wz#v`n*~IE@whQRXx##<=E}F|*|l%7z+E zs-Sr9nqT*s$8$a}l+Fzr%oQ;zAe06k4Fs$ne__wKH1M#J9Go!ljc-lB z{=s7A3j}hb zt*-Rj4Q^gSrD-5!8|*u#Y+I~7?|9RTM_D#5o40_G$T-3Xc25)tJl*#HNhyg>5p_ZS z2d?aPgXa04bTYfcnRM_!Uh47>Q)Mh~CQ5(*POE=wCu#atU_ePY}%g3s^@qMs8*6qks9r_z_~R z(5IO9W+Bk7DoFF;D1DtUl@*%qe;EJb0e@2)fbfQTqYC@+fU0yB~2L z=Q9}y0jz)KGk!({`TpISoY6Sc=lCBHRPN1)Mo|(sqV^c6LP(4)#|`6Lai}o__aNC4 zSYheJ;R7jhk;<`$bD|iHFPNU5D^8VGvvmT5YHQ_(}2*5ze&;ZbqM9E z3a*gTDy$c-r)MGlH~9W5b|y3Pr}+Le^Q|a3MRglxO{0!br)Qn{ae}AOuFZzKTki)^ zOh|)RRGFxec4LyEs7YALJJmu2Nfl!qB4yxW)2P!>`sef_&shq1t%&TG%Que|VeGZ` zIClw`BQzPuXy7`OX~v}M=JG8TtUfZ|r}sj=-wS~cgNOed%+J7&%hhd!(Y}=+KB?fhLs3 zbL#aY!?=(36UUBrQg`@T4tb zgAge%d}gWOGWrIMbOcR;I}z2TwFjIxnP2%eqy`_TJ!XFfHjIp?S3-sU&-F~JDUn1p z3hcEkqqS9&ptu@yZ9UBngG~#jVwx&{ge25gMx3*r^SQc3&_-Tn#PKSSj`*}7DWx@n z76`X(g2fMW?wHAbklP63T>7Czt<&)8=FsF4o{Zf9IpNxwCrN#S}kqERAxP`Ue!^(%C z)3l+unot~hC7F~)mFs)7fw&rgtt3t}_4THj1ZLjj+IQ{G&Bg`M1(vD2c76pf^2Yz4 zA+w*@>Yw335jd1%s_igo=5`eb_DK|+M!Gn*I}8>P!R6|@_TYPjilh>@?j&~A_3!I1 zH?dN5f}#^E_PBqpqI_>wLa0j87JR5I*L4%*D~f6%J-#TdLUn>C4)DsMVYEt*O5Gwb z?h7rB=-9V}pE!T937xBERA&aeiNN=NA~h!j5ez#YBzAxm383zq(sKOn1^*p5iBzSC zuF=d=6;?`)i8b-KNHD64xmfQlRg#Z3uGrr3H`brht7O-Tlojw$)R3(#mw8I87+^{=s0 zkv`?op~(X0{h;Z+nc4OZR#b#7sNC@ulPM84I<48<7BbwHjXp;Ipb}so)Z~@OhqYHt%FeNPDeELLAzo+ zI>WGDyQ9PuNj4q-Bz{iAB+HV>p0SM7teu-p`}dCn{9lB54!~mFCeaRIiu>@6p!MeE z=2i$}ok}mdK^~JJ7LiNar+WZXQE+eYIBJsgyPxphbIrd!os`$oxVo%tt0R)rOi&5e z@U2!6>qc)cf8CbQMH!S69mu+`3)N*a%cE}F6Drc{H6Th!;(>_&ef-*y9Q1G(73M7L zZmGeux2yrnY-Ce!LkF2bLwQyl4Hn}v79-K6^NszNR}Qq4H&3QL229sVsO|bN(10U#(i)Vjk7pqL}#A3uO4EL5E>275GNW z1IgX&YGoPW5su)z>;cP+b#k)o3A>gFWulx~7L-PAY)~?~0Wnqif^Otz!PA`gk3W~! zKt)vDsQqOte^Bd-YnCdy5Q1Do4XCL%-vq4YX$)8E&K*3>XNT7inwhsT)FAp7uGzHG zTGWF}PD9+^kNKECA%>uZ90i+k+tQB810NYN+qP}nwr$(Ct;v^p-t(UC{Bc!Rb=|#s z^{QH3b?@u9cabRaVOi3oySL2s74W*QJU0M(m6x5#mrSK!YAyw()ucT0;EmNdUOezPj(+}DW^54OA^z7ZLzD~<4PAI8! z-Qvroi+zCpQav2;7m?NAPT#=Ml>?hJn`wdX2m5h%Lu95x6zP>=uqK{f&N{O2!w!Yh z34e8PvyHVJ2j4lQ%d{XvZX;-!(K)7zTi)vtUcxw z$7E-%J++MztBXzNzdHIbV6;;)77d^w#Xm6~h=9p(rWSs+nIhYiF+;dja#CX!LcV-O z)IeEV;f9yznar8ma!VtRrCi9FS|ZgSa@ZIN`O`Mg4wvZcenSKN@bfcr!e$BCHKCJw z9{wntp;Tsv#=a|$M&nR{YXn{4p`%6=iT3zQ?(R<5i;^)AbrZTjFM7ca;5C!cdWD9B8zA+MJ}*ZM=cLj1{@jG$FKyH zuE%nmEgn~dyc%m)Ix0h=mTlH!Do2V`sIxcCiEUbyshDD|J*>p3EHORORUa!4%yRGy zU{@iz#2m13pkjsj+BWUoj5u~&rflut?(XWiSn>NQSXW&auc5>LjQ?T8^D6u4dDqFq zOX0{l4W<@J^pJWk^eK#7tAG!JAW|C?dHqSeFN@{^h8#@E?S(`rJPu`4=&(? z5F?5W8tYN`F-5bJ5=++#i1OP~AYBFkQ?SjW0Etl3KlcW?Dv*zUhebN<9y?yk-$E+) z;!;V*TZ(%l%8_T0z%#B;yAy0~eBD#d)08b>>XGo=v^F`}L-sLV?IYaS*t|8UTHRw} zlrkSKy|VP4lqq8U?(&X1nYoR+%&IQ8h%eZKlK+x>^ z0==c8gJyMlQPU&4v_KZ)x$@z&}z->U_N0oBD4Y&ELbJ@n!d-{RS2>t_N~pA7LR!d$AG;& zkYLG`-C5YIHgb7h$L~Fl0F9SG)6rcu(qA^xU8puDk=yh)-zVZ^qr9(SI#U2PqQeKe zc*Pj{4!8qc{-Pwr9*l==1R#ZAXId=F`;nu;rD3fAN`h%)4nXWdGqKw3l%-*vRCho= zLc+n04Q59Gd-M<$&iTXhoGPd_HHMI3)g^>3=!8u}liWlFG34-w^LFhIHXyyP0=2~s7lmyLmDuGIrEC-UFrv5yY)asT=5GXl@wxp*2LH=O3IkFt&cfn2FYU z#cCL5s2)0h$HLbQWC4RILeSu7Cb@;pi9#RbCMAeh7LXCmoK3zUp|C*qpZV{x@oMQg z6!2jG;Nk}7tzwb?7Y2eOP3Nj6^%d~akFYOcN=vr3p_I#@Y9hKi=fGQsvW*?*_^4@k z7ur{Z@Qws^T;&N z%V2_X`Ls=TkU~oN2*7$$EjR!l(OFXfVr+%U{}M;&_h+-1dZG8`@S$=0BL$xCLF&-P z9ert~uaiZ(Ta|DX9$6J11^?s-r7!3r7@SjLWNw|?w#JW>USHwRa1|r4Ln`CNmP?+x zifL(K)l&%|b*Pr0u8Mpu4zV-&MK}S?3=Xj`{j8XCq(?Z}%YpIQ)=ASYkNxcJ#~W83 z2};)eIb0D=e=<<7W#EK5b>r!82gydoAOpQ3QxBNm39 zVeEPB{N^0wKD5?#qzTR+8Yc(-T8j!Fe@-NP3}c=W~3?{TD16xfCtB3FOt0;4)< zy#NxX09U8!n`jUXRUafoI5@+XCYcEfO-xQ?IfYWDXUr8qgHi3}M1b2xiHSA;jVvTd z(JIpZAnJOEohiHwz^c}SLq1@gxX_zR+?5CW%jRX+1ff^w@p1+pv@$AJXT*_)z3Zdq!k`B+zuVO0T^roJmK@FhcT2f=0!sxC&lyr)}AR z9XTd(G?27-O?D2_?Pff{ja52V>qEt~b@iCy_(s8fjFlpSa=<{b5rsSFMwuDwb-&{4 z5Cvq7ZD^JHY6R@6bwbuzVZtAluP5F2qCS|K0Bybiw0CvS9_dodV@QFw?&HBp;Ss0j za;xa3wSa4{!j&?`_#3dx2cTG1@{{3kC3XfNs=#1Tb91 zGc{A05k5_~B^r7DE2_z)M)T$Y@`8-(4&&3P;c$GPq>^@ar zOEkxbD{OBK_G4JcdUyu~L~pi59)s_5$9$Gck^7qPYqt$5g#$U+yMJ^v-C+P_Qy71Y zg5z^R=K^FC;A}}#5HT+RE9T1a_$?>i3-Ug~5V4vp>@WfI>(HaDtfnwC>8r05@nZ4FYWG) zm!$3E&YYxF+K1Wtv`+$ZWfYt!$)SL#>2ycaj$Ss_>_OwQ`z=DguuCSr)10E$bcLt! zb<)E?_qVz-^Ob_uhU(`KjZESg=HeMPcFq zUBt)J&G#Gr1WqWgV@F09N>>2%#SQw8Ry?beb1fC7qScJfm#=fqGLIh9=I^cz5~t)_ zXWE4%8I9(sAJn}h$t8x*RRcv8SR(a@N-H>&Ei)Pk%`E%~F1_B{a?(YJIm6p_g1>1; zSKb=vK(#fM>(}P#gq|6+8+!5G4Zp!O+HBqTVEVUaxU8FxgQ&)IYE3hPW*$DTNVc5G z4sH~g&xg-hp60{Wu@76{1+c{PhnO)Ssj(ofu22qXmNdAz9u@c6uVSV->)nzZUi^yTDqD4?aLmzjyR*4^XYw zH^qLTduNNgOsufbP(75h=`W~znkb)HYI=%rT0i@kaH#Nd<`t$pp~)Yh6$J|K8sY=u z_V`h0U`KSAj;ROiIIu~%>>NO4c zP6~OpJ`3{T8jy`cu%(t(xsr=$cb!r@_R(j-a+Lo=0j5SDvM4h}N)tQ&UyX)Lc|{;4 zx!$0P2<6{ZP{NM857^bV^i`uF zIFmW{bl#JCGY3LYwU4<1Vc8xd6X9W3zo`bc7M$I_ft;Z{h|%;0!MPD4>R1MTg@E2; zQHSu|CvhEy=7c^meE$2bLWi8-N zKjDe$!e_pEyS&l^)_^%z$tWG@7HR2bl$xtphWQDg{}@_v5cxOEwhTQ>|kqpG&^oh zG}%$fmI|q|z@qN3+K%Sy-NY1vW@`QJUlHUdrR^})cdBV`%4FbRRT$MATHtSf+zY0%&7T8InnKgLnFL{Y#D@nUQ_p~tQbdp<~~1fevU4iC@CemfA? zWL}30;s`p%HA%Us7@hX_D5V8F*4o}<;$nwzHN=dco=exo?eFzKcsR-wJlJuq4uKo( zUjDn?NnGAWj4uvoe@Ao5-GPFX5_nrugZEBPOL{oaW`W%^PSig@a6@vhyCw)ge}^6D z@=qMQPBg0I{(JmTKUR}n+L~E!2hirZD)}~F3kwcfg#}kqrDj}`01Q%5T4T!VBq0wP zr~j&#T;?u7d}1CM>rOtYyj6HBaJJoZqul{mf6VH;o@s|a@FWz?)o&HFhx|^+s2F4} zwxe-m7MST4-FEZ2FZ>qyjjK*zRD7Qdd1zfh*5Z>LOZyv4v`i5S22fCAoai}1G}=SyF&hn;ho>YRD00rVx3RRqu}5va}J(QIL7gm#6$pBvKR z(TwGQUu&C|_@bOW9zNv2eN|_0W+pG^&FngHNnJS*KYs{y-me@KO7U~qNgbD)$LCh5$v2Z|(_iE@c6WM$(1Od_wd!6f z0M$X?5areT8}tjEveym#yIv*jcHQ}@k_I{an2~QSny(KXeT8(?8bH?Qx_L{les{Cn zm+%nsPx3{G>C95SuZKbf{gQ;2i{oIeZ)r48A9g`H@8~?IvA~;pFS(Swh+U4GV}oBA zAFzKOUD5#<3OI$jsJsK@v4s&t!n4j|yE)*|z?cmUZ+L>~mW0?lgs{m zvIi~v`0!|o34#NwaUOl4Ts3dMO4RyVyus5i{_+wIA(02$&I$&QU{KfL$F<=Sj>Jd3 zW<6yP^`l%!x4@~Rver*f0?29hZcV$l|04m_)z29IhXhQ=W&Mu?^u-Xt0cz;D&c+8_ zTPv^4nTa6`GyEsHFmizRlp*K!rtt`4Cr*FgM83lyd8z`uA4(?pNaAfWNLvD8|DlOA zju#B@KCI694JoB3TvMz&Z({2P4yJ(v4RJ#aU=~cr#E+4VPrY@O#G;qQJ>)NN=It!3 zWovjf^wX&MMJMCD+5z(6ryd$(Fb1X$faI9@4rYG1*dhhY`cwr_(#`e+3lu^QkoDdS z`5a5eajE71#YMO0hOqm#B8lK(hAPNoi-I7& zMb0Vqf0FB-kOLi1JoCYmvnI!#9T5_u-Lg@Crg9h{-Qc@$aI_Y&g@MZ-a*kH{H#Q`? z096MzB+Q_BD+iA5jodK{M|+Ts{Gbgixfg_0-}aBy;Vzp+jF1e^Vy&L&M8E z8E7Z(k+iY5)pEeQ=AHq~GtmQg=ow0Ia_owm_*t!3uJh8Qn!TKe_-BfDhsF*wT@e>> zyBL$1II9Ew)Y&HhtSWCSNlXE0|#5f0upP(Li!oI^xmX2)kAxVG1(Z( z_ar`>}N2z<>YjtNPuLF)iAqc zcDIND`ypTm0k^cU{P%9{jn7OQx#6# z*8R_3vV!=3?4QR@dB=w?bHqRPZ@uq*J0M%{%-ZdL**{kOtT~X&V8Du0T_(FZMWcb* zgUbh6_F%5ofNP9CeUt}I#9?&#NLIs_SQDBb9FYKR_V3tsCfqPmva{ubqV+$^`4S>% zw1AKd@q=0+8!Q+-qYZ`|ZN)&Zgp|Hk3|qLHB%l#zFj)en&b29IGwO+?m9#!Oc)bJe z^pGFQ?mn-wu!|l3;E-P{Yb?{x=CW@Duo^rqoFUi0Hx`^S`-l80Coi;z{m8FaxE`Rp zz)iHeBGMf#OkI+Yy$62mI=u?oyjZFWOHqD(bS8 zB>_03uDa4~)x$C^Iy2lnx07e}R}XLtd>m}oohB6e>|pL3E-^BxBHVS({7EnzYbR~OY7`A{c ztG76_X1**9#|di+g&D^{dqvzSlMDRPzf(EC>fDs1Z~}x3@RsVCXRmKhVWER6jf`aF z;$+TrGXFpSlcET~J9#4|PpR6m6R2uLS>n{!BKly#v@L?rXjXuI}*rG%CvhPfm z&{uWS!!nVU>_3;@S@TjM zkfa>2Pk($OYBn=+upfGOU!k_aPv0<2=z<@uZKtgJkjneGfRkhiVx)yc-H_3ncNTmvJKIr1_@-|V7ejE z5X@U3dip-`^{GH~RSoSCC&Pqmh>B*J9$`A^mu4p#^^`t9_~>%A9>l@0fXd`;xDc~; z+;@qj0dSMd5ytkwZd+T`zBU%uuiwIT4=V)h1r4@0hcb2p40A2a zdCQS{1_2I-CN=+3cI2Oa zM45ay>UIiPrWfxy@)8!)4*KwCSaA55vS>fd`#9?{0EuILU}U5GK*GzW>D>L z%uLzHuz;ahuOMk%cCw^x%PsL7ak0`XpZPe2rLl8NyREOKl1+grZ(fE8=I|N*ht#xD zpfhavH2P7coH)DLuqpvRx~R*gwnin;zyqY#GNu@c7?N_)M%nV-xc}Y2cuNWt=EfPGKw2~EwNUNxAAheAWYhZ_hQj6NQ1hnd8>sHVPvZ(~wtGU=Q! zP(rhO>Z+Omhnb|hn4vy(k{HLBoWl75fW9jqpQ@4BVbD_|u+Z!rbo-0Ak)657r5bQ^QP zbQIb!8pw%ifN#SL_D>Dyszfs}G|fbhuc&|V+N?-tAyrwwMhgk_)|mp^Qe%Nd3t=;I z$)ZKAQv#neY^or0{^_*Co<#6b8r-Sp=z1aGI*vP@w&6ar<9Zc4p72qEMcIl8X`WAPO zqn}5#e+Sy<_x7ELI_r069&jwihwPk@8RRy+s3bgc42RY$NLU@dsa$n(YCTtpaR!sq zd@}%<)vx?UC-Y_^Pmx#n*xMKWDdsfpzqwKpXGjZH<~@9)dU8chV**Wj8DwzHn8}S& z_?8^3b%py0&-M9TgJf1k+;t?imZClp31$_b2-xWWbuHP?Sb%0#sIkiFfMzwgvCmjQ zb+rjJ4YHw2k|_G%BbDUZ!&6sfvV+3@gm#3+h?${kz|w=2z-0QN$n;EFn+%8zRz!J8 zg9;3tmT?GT>rz6hMYXG`Rq<2POGZ6y z5yh(z(u0b35@|Y8A0vlP#}IjV$mn0a9Kn@BBa2olI~E%_HV&u zsgjNi2(~NubKWx85&~>2hxu|L1Jb7V?_2(IW(3_gD6roIaiHrR^A&eM7MM2hsHe^! z$c5~<@BS~3i%ACzfV2}nqI%hW?R)KiSVuedxL?RVlUSA>wqA_?i#zJ`F_g`kzFRMT zs{JxUxI9Qb@E_feyM|ty$>=6lCzX047r?{iDJ2oOle8!JN$LktENfx3T*cY_BvBxY zixLOK`RV7`hc*K!Q`WAul-gN{^Fnz=*4~&P1A6}Wl=S930V#lg-0nQu4HUXWehoUf zggLsR2f@vN@NHm{gNk3^_n@36yboaf`sGXsa}xJFG2d@bDSs1w{euiEzgKj6ygz3O zE`O}=_X7#Phv0R1-0olRMsjvO9i8l+seJB_3=#uZ-eh#}d<;!`fH>Ul4?}nWNLS)D z3T|17eid)l@st{Xdz1g?c2BbY|NVJaP80vf?G8x6#}7xe`=8t0ms=R6|Hti4yegaZ zKW_IM4DugcsFSu4{M=2ljHN#$LoD_f5m*5D87}Ag6<^_EcMZyQ11suHMxK~{_)*W$ z$WPz6f{)I;U=RP5Y<)f{fCub6V{kHlaT`HR|A+*5%yb{Yfg@Cn9*zTP6{I)A9+I>a zx{E7CS2vTzB~;&z9^630H?09S2y6)xi#sLUNujYVCB;{}=uN8&DQPS0spCtRg%t-sEl-?UJ@Sm=z!J%OL*9^UQfbu~kVmOH6uCxZ0~)zuxn zlK*3PXX1VRF}#}#ih;ZS7~a*saT9)%76NU#tq6t|!~vo9{_5%Bya~+Kwi7J|&CYH= zar-g61Mah@jPUM8rpvAs^&x~X9Qo_zpeM9MvEW6J6-ZO3{AYOgol5>^csJ4mmEv;) zqR%h042>=TXhC3UL3WYM$5@S7r}#}tzQk^`7YDDgpRL8!ER+##8wqj3ry0wM81?!J z3ku3(P&Z&gln#RBz_&hqg;fM%IV2nvT}#ijKsZeZ{=gq!JZFm$RLVY&29uXcp6cBk z>s9aXoO&)98tM?EqcRWE#&h-BQ{qYnBX^%M-B>sMlqC9kNr(xiDFr57N2fyFY_!4k zpXL2V1^{MWH(4&jYI#3m<1|_P`xVHL(TN=yVA8P|(Znxim(OaL@YL{J$Q1D+gXRIK z3b_euiBa5@TLt)ODt9}p%G^bos+u>h_0@dh@F+}F0gpbcE<0t`zu(h)AW5v*k1rm< zER9@nodh~=AXJyCSAQO%EcY4Ec3!_cWKdMfdhx?aL>RWWUsXoNjjZ@2_Kg#;Cok-! z^!DG)F59abB1#FvfsL@H)s0&kC|t0>_&+33&l!VS`S@l0|00Pcs0MUPzEE`fezWJi zpsAE>U}nsqIMQ-Po=kZ_>x$bf6#MeLR8~+Li$mkN#z9Q#u;zb_(ejBU)*!SJ3WA;u z8Z6u8mhypc0D1MmL3CB0M*Bx!QXglP;-O3hC|}FPKrbKFFcmUq@=%YFp=HuAa+Tm{ zUfIp^Mh2yGg{f6%L_MIf*a9<72vwU4yS)vWR@?E%mK+zjY zGvQ<=qh9wTQnwvjFDEY}%YQ(}thI>i?BBXb@wQS()Buk}He26c!J>2VS&)@)N4xI1IWq;1M4>o9 z>diK^GTV?1vDd%8U#~(HU~FuZ>>4LVO3M>nytpD!dcIKJA-+_QVKR|UNpVlOgH*5F z${sFQ+wy{J`-Q7XYO@b6R!qf0XU%Bs*%F2+FAT5rQI*^>j=a+eDG8-2V#Rvac2~=Nxu7GFY+jE6AP~F0@gAQp0rA)RjSy-_WtDNQsDVPZ_^5@End(`P(7ZA~b z`)qgj=*%Po(8yr+#^p6cq$>I3NX~`YT?vs4j}Wbe)Ko9x9|VUG@X8$J;wD68tu6uOWgd3TrZIEJyTGIM)SC8y33B0t2i zUjj57m-W_&1>@cW>@Ucu#7VxaJp%HCa8N07fh!J9J4LGEo@u(s1PQu^ zPnT{?CtR6?^m-4Yx)Ou@#IfF`lkWuXSK~ap<5KbLQn&j8T#J%mZ!M}VdwGnpYXx`{Qh%Jw!zL?og$TID8zsr3h7IAY1)f;+ z!^tJO&y8#C_h0jTf|3=&-%Y67yyjFmW36FZZ!Wteh-&o1Ywl~s1%(>8UX4ET-<*p* zr|cuoD6&)$sUS`U8AXiurV6HbiCgkVFLU>r*^>?6#C-isFR_gRk!>KdG3`+D8({aH zjBn;j1P=7akHlti5N!|*_=u>v-Sw*AQeUG^N|5Rwd1lnA%PfBA5fL(yu73ngR1P@* z!u*OP)%e~XGwd1t;Ckja4*JO^!Rh?T&9|-vz?yWt4NY6b;90M#T3&_mbxEiyP*V zP{G`?7OUPU{SgjOoJ;&-;kZdO%)`DlFhkj#z{h@3cpZfOndSrH1l1AVx4Z_O&(Z;c z%Ex;LN>E{l1AK3%O%IB)_kz<5h~#V-o~5z(K3PNCn^=z$DXxcO{Gb9i+nUwogehZI z2YjzR|65ybCyp$i7dx}gcvn;TVeFWgOGzC`$V3KomQD}d;8!=^#$N{%Jot^7b0j=U1mRlR+Jgt)$cjy-}1Fax2&cWExz>_;Y0glv5v#=MwoNiq{XTXd>ub&E^&`t)bPOROQWH$=P)jY z&`-DFUm<^0I&T)J&0R0d!^^CB+^ua58W-5QC|3pAN_vb_Od4FN1OncE5&Vf_8-o5x zk8~3^(n25fpt%uC46`{o+#^(rxL{EUGk&xn63UCua6pOAV34q$K0GGowRa$8F{#B& z$Y=;TJeIVcHo3$mPGzd2#NR7kuZ616* zK4OsWRF{{O-}PL{ixPBxp)iS&3Sv&J=@nE~g~R99zgNr2!91&_ zmewNN_Q9aV;f7w+6iF`O#ldhcoMcb1v!R)oCB!?V(Wx&(i)B|N9)y4_vK_I%)X8h4 zrgys5yEf=DFdD2~U^0lN7d7{0vL$S(#=%JVmf!S|D?Vm+4BGT+b)oQqc&5<#OQTz3 z#im_5OW<(J2NX;0+T=m`Z~6K2^-DFoy5h6SI5wn`&cPacy7JY8Mf`QaY68BLL|Q^` z|6O&kFN2iigp3M~=xsRNhov|T-MTwx> zoURkMYRlU}qA8|>HZN~XZChh(b$~>IrAGdxo&~*B^0cm528vcQa&ZN0$!R@`7ITrw zAc|IU{)GQjYW{?~=$sKn`z7XoFVsRQB-u~Yk`ZZzr}Y39z_1_uaobmP-y$rRH%wFI zeZkxPaWnJkb@(j0!Q@wIX8WBh?BJ1NT!r1Jk8PTm$ssZ(wCzs1T;!OR^!CcMSd^`6 zOm_hkj@{>oB_4~MoZE^OMuH+4-e?8bb-wu+#i0cm=mw5RlMPlI6{j!t*#}=*z@2qM zCFkIooP_z^OULR<5e`D^qPq}fAtLNx_kgp_)=Mvl;ssO&il~zUK1CK)heN0GSbVN* z#CNuV9usex$HWoPgev+Q@}`qZ#eoG*e})&^Ll(d#K^7hRB!TO7&{j=#^PSq~inKR% z7^&Eti!Cl9WeeIxZDDAKlBj}g!m!kycps> z2gHz7f+1hJz(mjFB(V59;&8jQ63c={q?^sl&D2m~Z7Hb!9qgy~14ch-g;E z@ea!++NL%7YHIGM;858QM?1wB3Rf? zDWh--y7iv!@*ASCBpkEk@86 zl9tKrT19aaKGnUII91^uQ3M?rLCy4cFez*rgy>j90LKa{NT;hO_MGXjz=_C3j{8#R zMI8nd2L7Js;*OGYHLz%E#(K%x8n*0gKMaH(yjGmBu>tA4gOUs~4L;hqNGjrX`^SDWFJpyo%41c0-|s zr)K-(xj5?jPV{ALns>eG0d$|vD{Ty89TPQNgk0yBm@e9bpzaT>k4``lV)!lq3>wQS z{CbBXjt?Rtf;Txf=kYkmdzzMV?OR;*7f?j#fM`$izE+u)v!eV!xOfrYks#uuZVkWkzucsu;{+dr&b@zuVQa5Cp6I1%EWS z2i`bTrIS~|7L*hh4R2la9pnq657BvMzPR4{kuxWf6!hSLCN|N@Jce3kOT|aqXiB}Q zgwk(r8uPE)nVTEKZGARA+fnkCT9F=LvB^3ZdV^!cmQL8p(sew~ac>uy`!10=`_g`$a8&DlEnT)Y0#EDYlYN%yjz|KA)K`=D1Hjvh{@~oi+l5 zpMtMpw=prdT%^wv3ah~yWoQzmkrKypa$nBfFo!hu`+1qK+6KkMCYbmseopErze;>gs+^nTfha?q{j#O+R_8_I zM;`6J8qpyd?QHU&lwcVBYzmmv5f}x^BrX6NSGcVRy+;AsRYe$z_;O=KrPLT9UKKtJ zZ1qne2ur0AB|OIbDK=3;QVBxi5ri7a!OIP?Q#W{SSIA^HcW?9M@itCSis46;)zjzm z9r0fuu=4?DaH|;%BNGMjcoJ?o#ViSc^BH3ro(y-&3Ik=Oe2aw3h|>FeqZKd$cXWRs`W9hr>n6Qn7qv0iNg_xb^iFo`QV{cwP z*d#%nsh6wNYLEdTCiH5M;gX!yYG^J=VI#ss7CHpx5p6*u$|UnEss(2z-x}VGC%Z2) zcr}=F;4F4II+Nb^K&OeuTM1-6BHhSY(>5jSOam~+4y)XXHiuchD2 zB75(p-^yk>70TQp+mDlNU?Xcl1OEW*E`$#|CC15lid3H&fuqY9p)bt%gn1Wi9doIzMwj=A*<*A_UE5lk4n`3C%0OzI|LR-{z9ahY^d~d~Sa|CZeA}pKK z3I?XTXd*q=|&w??cHHO8B?Hob0A%d@c*FpvTIm(~&c^35#6;Zi}^M zGjX-C^|1N_=fDNhjxoAnzjn1VZyXOB2a&LM;u{#JzXZ`dt04Y3-sB~~I9`Tizqa~D zAb<+-1>Gm5V%oHMEFE8_BH&)OKdQn>vdHQxtzMQ$--vn5&xxKfHw z=1qpBY*7ApZ~EJ$J#vX?O&U+-g;KXMmYI`<@PonGVR8z;9AlG#qmPiCtdKniSKf`h z+R9JIYr>r0D^58U@dip!1n`&mwp=U-Pgk8hi&>lvSAE2pjR zogAJoh3;<_yI7Z-zt2065f8~g0Dr4bMb;g!Y|huq{7b7;@);@WdupP8vm$yb*x#tUl*iIh&j0n2#Vm3r-5fFX4H{+XOzRCXnOA z_k!z}#E(IXJ4q97RDs-cy4aqI$1q2(KRFJjs?9)Y>@HOg{{8DZP2-9)7#rSsGN^Q{ z;pbtu@urYugPREk?|IVlgnlW$rW7{50qu$xZorZ3N}ub# z9&H!-0&lhYkPua}^Y=8l^L&0?CV7H)a{Q`v{ zqdvLobYXR)V;{@jI#k%E%daMcO>@+{@e=GUUg|BL-7AwSByOFE8%cjRpxxjxQ5jEZ z`ONiqzIfSoAvkw9t%rgxF?=}IiCVVNZiss?3tdtWUIRJkv+u2w$K=-ZM^TK+pY)II zPpm(7pH4?~lkm(N-_U`0(MFbT$j_!;!GkxIAOks>S94D-7RB(!z!eG%n5IMsA0Be= zLP~8@rk}R=yr}XAn)D^+Paw3%r$9N0z|AQK+1?LQBxfKfKPq2zG3GaKso{;~Q<+t% z`cfH98x_`y0<*=Gol>T}C_chy*M!*u-x_*B;hTV>k_GDtsK90v)gsI8_2H-1eN`QZ zcRLA>Zwp9RUwxpK$iK}LP1pR+WG+M&c6;5_1_}gB5G0CJ5akh-OyR&A)^#K zGN3E_g63E~fNSiGCT6DO7Y3)kSBKTKZq}%UvUTF^fI8+mHqIlqKl+cLvQLA7gwAuB z)`^#XO|<<0>nf|7XPtOth)owC_-95iZ}PVqIY%@^GawKttdT~k7f7a~>N!2Ve6$c3 z4K`*vuX0oekBXe;OcJ%C#*l}c+|E%=x%{AhAb!cg9SfRD2Ip_+-afiQ%jEj_;NuX! zy80HX8S%Vw2{oo7TREy>{3Ty7-8x=#r(D2RaX6wWV*umiypa6fDZ0T5NZ8<sI+2 zu-p0K*?d|)(j(O6+w{beQC|`@=3jkGY@Cfbw!y>==5qjH0HwA7K)T9YP;?Jeq+G4y z^8nn1{wh*fzF8MHExUNFtUCed$0m5HtH97z?zg)aX(4zE0;%T`z_l_2f=tDLx8;(+ zuPfZH7-1)D6F{yre|+H8onews3?MGWCOpsL6_(6=1B0@?+hW)8ff<=%v zbl;yLXmt|(hHGhGI*_7^hOco(H67==j<*|d4Km#jJx>a_@bl)5nUBG@hcI31ZsT+# zo8)iz`8;SLlBVzMQcB#`=aRH~!%#}PudWG++i%J7FK$k}(L3+!rSP+!x4TvdUCK^j z?}<*pR)-+7JX8m|VC(jdN)Cj`I?lJqFiUc(cdiRB@0_ydkwQd`D^?mU+_AL1RJ@L` zbVN~CDSmkNI|0{{EvO3T9E#$%N6#;2uzAMDfgN9FH`__k@7>bXH%k~Djxy`FWaqeDuq^tKyp2rZE3B9-y=(y&B#<08EBIqt8MUj z?$T(~nVwIldq1o_-p@+{>qR#4O5k=W%Dp2h8N(`hv&+{xKMwZFq{6)Wt08Jd&yAhq zkGa=8={HDjGmVEX3F(Y#t~?G_ z!CKnYe1F0pue*6hjMS}`3{_P_KVYJv(sBQPZJlFuon70mV>Y(g*o|%5W@FoEY^SkS zwBj^qY$uIvn~mA*)#n-S`+a-t{bP=Mta;ym*O=El=5fv|Is^Yvs=EF)!?6?~N^jPN- zVdUK!EPC;K8{hDDN8UM3AjeGNoNZG2DuN?v6IT4!^?}PbzU$=3D%?H0PP;jk+3I+~ zRiW}g;!`8HTr*z;V48${aNCawRebM8T6UB%hw__OD{m&H!xhM6(w!_{=~c2JeF&hG z0d%=Nq_<&~UlXWw!FBaXZj=ty57kMGL{K);sR}6#*l(+Vs(znl$7VRo?ui*3q^9D> z12j}R69;IZ>Dr#*Gat8=i!=dWWllY7{EBP*W$k>#YgSfJ|WB z79XQjCU(AoOOaq8gDYWmsksE`K3-#p_QjHPt@2rjf7RVT);RWPQ?azydH8d;y_aso zbo<&7djpuUI%CRV+0Sr6{x-rVW21WTMJn9ex%pe>{BfcGZ`DC+^py>ffdzs@*~|xMEFj zidk>^tX+bwRo!8wD=z2CK^&TmQX~D7%!0pn4drrvSn(!9CeaEag6?SnQ`uNuAZImPf0m*ncrBObwG!c7L zpKg}d+K#pN2`N(TMHmo=q^6Pg^m*yTbOy#7+i^R>933wNoFc8wE(8{lepYgGV$J34 zE~^5G26>%Q)BCc>jpV-CM)o#}t!wi7C~h`iFix4%UiOkF`<^P&$IT8>rdzD>r!Ok1 z(}yr_j>?`4G#G|jvtm#yl$_R(UPw{6@Z5rWWk~44xC3QR7Znm~h0BOb1g;SzL@gic zcLQDr^6*sv5k{t`z_B(gfOMj85<%j80^J=CX8gMgNyR zFUO8ftcd+Z(??$t*K*#jls|V6jd|{^Dllpxd`s;&q@sY^2(M{`IXQNGejtaK z=fNK9MBDPT?2MtWCTX8h&-+tbgzenEDZYD5p zRiAMg)J~G!Ty{gm(L6SI(+6s}`#$<=5i!!e(jUZyR@DBsBT}e*IN*?ZR5_PPEG_vZ zV?1POo_AJ}i6@|S=W1aRGbynWW^LkXj?tyIzSfpSxoEIi(Kg-efs)z{tm6JspV*`Z z=&-8eC8=6_bCzw4@uHJ`@&%f8@j@YWHhg03j$p~peOT0hTv z>c!+Wx{sU_upuUPtXNmo_c@R2@{)as+`=O0m-wZFFnaxK32_zMSO`CBk_zE+k9Xrbm@5Zqz^Cfdu z8X@0Yle;8P#ek9YL$z5b7`-cD*Ry|V^^E78r(PNB%NmJCvr$~FCwCky;VcK94##EQ*E7>q zmCuL^=w??U#4Yt2ff{M#U8>+$YB}k&L)r5K82ue2<6tN2gXzhBX1FgiMSR>4+;2T@ z6L-aHdLw*R#XrV)b=nQEyv!rHWVNN(Fyxvp|G5W)h(qeR1hV&gGA(ytl#a-NC5bz4qVRxhkZ$}yg^M5 zCoyQ-5xb>=@uV=eZ8%5FXwO>R99L2IX6B8g>l}DENp728s^=sb_H}5hO3EHWB3K7@ zu~{P$8hx(Qto9@JihYwub@kJ3%=KQ2ea*c=l;54bjT>}zt^r4U{+j6zdX8u+V>;)@ zCTuRzw7sinD1XG6IB&PknJP}I*++z79? zSz>CK*CwoP)Pr{&_89fu>uk7zE)HXe5V8M zM=(2j;Q$nIh@Saa3Gb7$Pw2wU?r$1aubgIQ^tJvB;(;3~0@Q=SsHi9Dm?XI+AN3_! zG#L9%bS)D?bKA0h>%6m{9)J4FMGyOab>&_N*Q&A`ei)3#Xd%5{Os(+CCtJD|1eD&C3C%v<}a7=7?D9E?t$@*)j0so z*$G=;w7wujOvkYnCr-`vhShj*uk>(Vp!n~onNuR;pbmsV&*BfGuu_cQ_bLITmmimG zy?C|immeP(E(`1_nz>LJ5u~Lwgbh}UKI_I7QdDJKO1t(oiIB9$&!$oRht$k>98ZR6 zv&JgKR}nqWF7!pVF%EKLyzMBH=Sx-uwp_hLkjfqa&{_c;oU&HeJ~P5g?;FHjY09*1 z4BzOz%Td!;P+L{usFiYp4RjN48g=(d(3&nL?fMX_U&5_aIAkco;?`rLN@u+kM8=cN zl!CB}&OARk2?_H=&9(w{5PV6~aNq=&o6_%J1B^gfWu>>~hxh0d;M^8`A|p;3DF;`tOqip6t5yfqs-Z$W+KI3fM(E2+cIR+^Vw$<+YZGmCE?9!OE?8}C_{?~a)=oDi{NJeEV z978uDx8g`(B&&q4`}iDPjrcAWq&sv`pa#y~T4qoiQFb2s>{Y0iCER{nUge-AD}F)L zx)<3IfRShcHPRL7Uq<%bxvT8WY-7avu+*Q(`>C!6% z4h&X7indT&xX|%T&m?+o1-Qp}LZlaTM&$Z=Ja~O4noA1iGmRjO#hXbpqi(b0)e5&t z49Xd#21#8;ha=D3`GrkG75p2zsT{D$lZzH<{P!}xFti%PgP)j|U8)Ows51s zcbgNcU+?yzXHm0`vokM6q3btIYv<*4uOM$)I4e-Qv&2_=u@Cv+ zefcfs#%k(_I70xXHRk+VNVh=U4{kG4O%#^4yPo}4JT;?ZGV!uwV(s>aEBp<}RlYXZ zEvAGs6{iHH!;|~bH-4d&`Rcl1)M?1n=V`o6+qQ^M3;2oMfN*!<q=Su3(;4;v$BVZ=+JveN^)(la*128$-;a*ZM;KIlR*I8|#d zea>r*La51;l3RTdQ!IXqyW+l+(AOCQz7c$-yYg*CB5q9>t>3;(+z39?;I-LM(ysOMHw z05u_v%e@NINEnV77(J5L?ikEu&UiY2$A05Re?@;wI`l~8{=g(UW>bkIAXwT)a?5(j z+9gMb^M$0aqz9i*aDm=K{*xb%Agp{*90q&-Z_FIzQB?nvBVSqKiw&CwWLsn^hNAw)(~35sX&Sk}G44v73ZSqOsd1%z!SFT8ML4F!DKj-zZs=lLUx6osZ?4*ZZ?irY&C#e^eLcpS#u>w{pJoWlI=Yq zb0Swn=~xva;HDvopog?K7PZT%ZB{aXwUl4%CjX4|Wo6Y(`sYJJqTK}vH6Om-nyhP) zi+9#hTlGds*Y}{3;i|?}Y}rNMa_|iEn;I3#DyAFJ!?x1T_IAcGYi~z^EQ>L>csc!b zis5QRXuC)(k|8AG(t*!K3tEqR&}*nwM#?ex3j6nCev+~!~IVok^I1@1o@ zOXHuoWHx0wf(NnyKN%enRMw+~#niM89A6PjTfU`l=s@o^QyQJlNJc6YVJX`5O68L^ zZR?3uIe4S_de5~gGRwJ5&&L$Sa4Vjow_e$&`bAGn@7J%fM(zx8%31Hvgl-Gb1ec6m zg$$1i;R)>ys)@~!!@Oebjz?OFXL>jOVz;hw#EiUq<8b zpjS<$Y-}?<_d0~RKZccah8F;lTAAJ5U2iY$t=B3!?KDmNCZ=OcOi7sAE%Z75mCop$ zC!tPSdAJvVpgN~{wPNT!w>aN^rz71dr*<`~wb}0Gq)quwc|sl0D{Q6vf`_`s4Bi0w zfHPPeX&NH1Oz_oo2p*4u3C3hcJPZRf_Pi@{6PHKJQ>99K;us4VW3H{>tZO^B zRL4B_2$31_q76x4Iv}wTbru}gb5x0Bj|28zIuatMLBwMJvoULybKaev*)(Yb1;%%u zFpJVUc)t! zF5j0IIv`0(g%m&>{4}AUt5=v)-cUqK@PFYIdtL|8**1st2AmB@yl}CVeF^#%Qk$|vE(M9;ar5W#t2odw2hH%~{>3ZfK{2~v1gB8bh$cPc;~>0Z9}|m*dNlT6VJ)=9 z;7`|u>wUfs^IdT{sIiMdpY>p>rr9dOrykct+P8i7>X~Y)Rrm7#U_}Cy z{S_ZR4Im36ZXbhvLNeYRbcO&@J0T%iW8imKvkS9Rw*3+A!l1uhr11Q7;FIe;dE3v82Y-RQ z@sCyPq|h0sXywmBuos-_4Ok7?MjhDJFay2()r9#jUuXMy2gdFbpQa;ezIR!>OH9wA z|Hyt7ikOS)V+1laiy>zpJ{>-ve6KG;_CgLLhdN} zJ@-jAx`V9dGEHhzTPwC%q-^bM!>M~|FH69Gq}um`p&AQO)m4NojsJ_^G8gAjq?rnG zk)ypAlh)9ji7IrAgM&{ub)td9Sg2TE5howz+mrGJqmTG8aS3t=?1IgymDO~DgBu0* zzSds(HvZxw?qm4s1KnzC?QlTg66%%`KxGFqKp_Lpv8h$_epf$^82fid>4NpcEAnXp zEi-1?AZLk7;F6^O*7IF(xbO~{+5jI!yysEEVs(a*Ax0bt&e+JhwX0Cd;hW_c@-Rb<3o^_M<`6F`~Ks?L%TZKE{7qEBJhI5Yi^kh-3>>KYmgh%`jBKy3{` z>vOkQu7f?ZhwA&@;EX()UQ~TfWwHxwkcKcHv9A$G8Y7STGtA}QzB`?6!-{PxEcBqC zUh+$8oetU5D2=yUa8ARl__OC$C?y}MzL}~M(@jaNOqbrLyBe_pa z{*f{bNabI&f$WRJK;0<0b*dNlB-!;T9@m`JGxw_YNT1nuE0XJM>9*43yw0qt{vvvD zrvlaAqpCl8Bl?}l7a7k^4L;qI%6TdmIsXy*{>r=qM;U&|HW}IX8!1=|5A2x%vHzT; z>pn0yNQsyUJTVN^>wx$C!(BozNiB^EwdQEf-py698`T9VYWY(R{JWw+y*0hFr!%7? zxHs2JqeQyrKk#Ut8#ew+;D6y!Pl9-5Av2!{-pjo;V`3mYP-)|TWJVkQV}9VHYg{m2 zU_;YcZuhGR^>2>iKRXtlVB886i5h#CQvOqJ7l7n28~9c!Fs1s__BRcUXjBoA*j(Wv zsvfT>c3kEnPHCcxXMFB!0+ZG*u@%+9vD^`FITp_dq=g(|5GKMZA*R7i0}yePRo zD*DcBH!pFY0I&j|kNz08n)(ex_|PA>$1RR2nfZQ(D;rX0<4UkmorZ{QzE}tBp8Ixh zCt#NIHmOAi4t$s18(TXTV_9&G3|@cXwI|D(XZS2ZLQnk?c4A_ zxct9|^?FVG@g)sLf9~a`z!?jpgUdiwkwt;st$`FhDu{=J;~Q>ArY`X3i*K6aJFxSy zcSq@PfSF2PEnhpnvf(BUaZlYk0k{*BIEYc9si6J*vfe`CMK2p8+_WjZ_n?Hcf&_F! z>;TglOlgKJ@F#>%!f^CCkt;gTqg^J!FOMi z^WI4>-6(#|YceS05{!1|6m8^J$kcQ%UO?kFLJ zeUfFA*qFt9l1==4ij~-+Boc&8XGkfr6+Y;GSb=TQ#VFPuo-C|?M3|l#yeIo06^BqW z1kE489iSItr+Z#>taYXR9>+j09e2M7tte?t^tMfH7n*BI@#K4>9iXfIzZPDXuRpS( z6Fgz2{#kg3TG^(yBBr#qfh&{{FY~C)#zJyxVHqC$vCLJ)V}gZt z&jMD!+XiKPA&5-zO>-fvtLYo9#ecQ?)^>r*J?NClx8a=-PipNVIVMIC3)N@SpA!Vs zD*)2*eS@Nl_%O6~JkKKi_*ocd-xBP>DFCKB(?r`K0ElDeB|Yoa14%sR_V01_d^nIW zUDT^)tvYiTBXiota`u-SDn}B_RWwn~ciClwHKIW-I!J?w#a4x(`0v2EqTSensY;cY z5N_I@W{>KMy`|N2Wn*iUH%tZBs@KCpLa>syq^3p>i#rW4WI?LNlT%^PUP4*-7jak| z@BdV^ge%wrHK8{94DuM~7FoHJU%;>lLc|BEyr01_j~6DzjQeL>4~qzS#9zXyp0u?k z7F!RmR552!;bP?Ai_Y#-pO^DccrHU{%`@1q|RHm)?fvVj=GFO9yG({BVK78v`CS>+j_r8{&g;)9f zPT5DZt0A;7OpZ)$0Rko_cNWV7UDm5IYUORN+Y&mWS#&e>c9m&L zP=KOlX0Wxs^n$QnsCm#7hi6W@72VUw)|o<`wq~ef3u;yD7`cE4#i#N=SiFb%{h7g7`zN=?glq^O&ugW41G3% zgl$IZpR zNnzg3rsRS(R>G@p)wQR(w0#BDTDx?yMRw9!qkmP%9w!H?SYYwmeUC({M)i+X{fFe| z20A$`O8FS4K20n(9E*nwJCaf2f7y4k=U4PL%{^kt8{>Z!Nf^pV6}jsVikGlsyNs!} z0&nA>G4g_t&`Y6OgmOTd4Ni&RYVy*?3+C1Co>e{8L{x^I?eV^C+ETX+Fkda zoVX7X=yr3VU%$a#*${tbr&_Kd5LQVvopJ!Hq8+Skj@Z^fVev4p!gt(1+c3mZ|MDp* zP{4`t07|__)c{b|3`C{`0fO$;<#jy7aoT}}26*CVM{7*&St4P`{ z*RACz_ic-G%i^?^{W6tsq~mTD%=Jd6+9EmJLN(@ytQA{0kJUC*+GfRdPW8EU{B*Lj za5h?}fA&yIEynwu*qDfKd^gR3|KmiHqy#xF#=}b^_L0+ai6?v&s!WFyHzLy+3EB-= zuur=OHW%XY*X*PN#>-nkcBFGA(r>PR?8xO3Xj-L84nusEwaZ^r9n-S9^w>S8xURUg z3{9*!t_WGOdmPY=Wr+gd7I3*${{ndMw1BL(1%|UAfq;82SqL z9-TUiNdiFTBn^=tsXC?bF)1-gJsXz`CB)UqvN&O#oQWxS#W8o?%KDR1#9(+|$X`cN znOWzrBl$VXiH?a)H+fB5dt4Y1b2SWS1BHl|oX%8!#&F}N@r6CfYf#t#1ZNippFF4v z9EMBFLhtx?7Vseag<7Ue*@ZD$e~V5^=~pkkk(iZTrMTYmKjvC$DDnsGE-XTclb6A@ScAPd$ z3N%|n=(pH>_Cy6C8_OW!QOFhS|A)n!FSNY6V$G-NjEXi<5dCUSm$|R6yt>iSpcOq~ z2%-lah8+s09P;I@hsRq@sA|r}zM`SZpIuad%I;HDO$A#0)G^q38!X5kyJ*!;Q?Ph8 z@bGPvo)J`21WQE^RLu)huso)494g$P>T1$3gbwO{j9)7$JJArz4#v0Osp*sR41Kuj zu@(4`lwSjoA0mInRuJZW=_0@RR^j!jN5Z?RVi>H7Q0EW1@AkGMiXFpbM#chUERz6> zx5Lmpj?Z;1G8>rfQrChgOixAlr|op=Hx`7;-=qAUf|>b8)Y)xV54aFML2M+vVwLfq z5~mpob=Id6Pd`ICg|Rhfje^0>kZsdZLwb=3HJ{29jPhtG!x(R>qU4=D%viqNaTe>2 z9n!bhjDf*UKjAK@!@yAt@jIF26LO?7hp71<{O;>5>Z|wxm0^R@4&jJexo%A$)2e8U zw4Xm2vS<~L$*J|TmX~YczbSpyI0wfCZP>IEhIB=wl8&?6!7Yc_icAvXuM&on3 zZ?AVoqtM44`a6D+RySV$ixnafn8=oj98sd2&a-^-Z_ya-8EHW@vtM4UwLR2T$vrS$ z9MGKGI3&>vcwW5pXTTOT!<;83QeSV#^A;vU^`*SkLer+&JVnVg|BDNrpaB|$&?WKd2Am$yP`O}pk zu8aE9N4ua*r@0Wv)rmb7e&ijXs*?{~PUIY9?ZXrd^4Rdsm@q*GD#6j&h1yatUdnx~ zv`oMJPfnub>URoCz1QK<_@Tw0v+F?pyu(%pThH>^&&DUL^wmHA#`JB#{u9&h0LApJ zWe7kqeNIqJKlXmt59WxaDrHAqD%1-yc4iwEZPw_I)&0V|S1%{j8O}UF62rTb&84s^ z1{Li5E2B+vJv0(QVZ_vRD5y!#!5`#EX8*#vEq!SJofxcaZM4@9(IUg~*U1(nflIUp zJB#;W z?y1@P#5kJn(}-p|XBC#Bdp%<*&G@v4TB&C^V7Td4GdGS-#D2efOdg-oCVuHl@HyY~ z3w!Ii$0yU4f2>G$vL}>iV~`cO{rg5~D8cLZ{B&bv@1M{oHgbFw3u4AE3R$-L;W`>4 z`sXfraW;DD>^K&zvT))H$W#~3tROoIeeVJRxmj3e3rd%eD(|=t9#g?!W6_HukR|JD ziO=VxH}b2;X$(|kB9pGYt}(5^NeTw^dFMJ{@Op zVA5l|@RSj3O~pwWGZb6#-JEz9O@PAr{`I{>jQ@u7=g&6&ks*sSG%$M)4AvjU#1nQn z-C>cZDz=jNN=7zl{L~VX@V0`jVm*_tmC^Jy{4(0GV7cinPsW);5clZCP zJneo&xsnNmznCDI0&9LCObYmv5`d~RZoH&l^Pt* zQs@kVBgqA|PI5u~JH!sQaYR9S)CfbyHm(Qk2&C7;&?W>cF6Ypu={M4Lh$dRx2Phjk zQV%FUAY4KSJ42qw;A~Z}l}1LjlUq)cqnXyAW7Wui(i9vy!t)LfRl#IMqAW1*v%-6eR^}-gEF3{Q-^6j z91BGXy~A6$`?+s?zwgKEd;k@8?qPTS<^@_Ms zYvg7y1FiL)I;&G$a{1BB;W<#ecAQo`zd*YWh$cr0YN#R(b-#M?9D6quUbiLJBio831oO7L3Pg< zVzf4?^8Rg+rYv53{JSE8jY#NcP$#^W@FtF-&cdIa(H@s)Keo0w1|Cza)SrTkFsS}xbSxwVQSB=}3M-Lu}iLU^sl5GBk_PTkq<;~T*YWGN&K1A^Tb(r#OSNiia@>7eO) zCk^Y`3%C5f^mAJ{+W8t~!wLY*Etn)LCA5?a4;=glT-Wc)FD>E~dW_u|<7!9K>llux z9)`9{rUuKlbYKw8>Yno1%s*KHr-=G%O3`DND2W~*CS6)0ImQFyUIJ#cU2KLsQX=HQ z=F@1Bj))#U+5pufWStmZiw`GbO*~~raIDV}XIqzP?yCPfk0b3WIH(4j8Wn;|Y07(q z+>>vh>ifj6#^&G>l21)j%*Z2{tufu=|AVc$>49l=lD)azE35aDTkmx#%lNaCB8HnE zGE`>^H_;@2>dk~73Hvvz?e=F|90BTKE{{jmD?5N??-D-jg~c@BV8hI>_BUvIH8^VK z95h9yyxx7HaqH|bv@kzb7>CEG$WrgoE!N-#(3K_t|0wPu!S9#-E6oP^UFTY@C)xW( zcZD=ppu3b#OHds*IRq1c)c#Y$ACkCzpd20b(ff^ne$?AbE7%oL%$3mdVm{Q}!C0Oe zbHP}QsIPn&bC`R&cqAdd2^YK5UGgJBP zCfm0LDy?>HrXq}LiVF=8YYyo|}ZQp6s(p_&pi1ok?j86Jk8sWEUl`>LtG+$xtx7#;VA@jMzqBnesuc>-0E8f6NzwN z*TAY3_Ib-e+gUZm^d~`=fM#Goo=MjTn@sY{ijZKStRGV&FNQd2cd_D!7ub~D`-=bj zbwcOJa&&aPVm8)|!@HdCy_iDM{e{KH)yL!3pIRt*bV}*#tep=OFtCr0)aWgLuwo>z F{{t@+dKdrz literal 0 HcmV?d00001 diff --git a/assets/percona/pxc-db-1.13.6.tgz b/assets/percona/pxc-db-1.13.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..df875ab5124cc058c5dd9d52823d4881afc98ec2 GIT binary patch literal 16201 zcmV-PKeoUhiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ}cHB1dAUc2dQ`E1O+{j*$`mz;|?r6>`vL^Ayj&Mb{^bTmAF61gOY>_BnVCT;Q$~&0!4J{2S|tr`-E->mc`Z46}eH2>vb@difokL>U(?6|b^O>|JBV2~7^+o4+3I`g^T1d`)nLK%>R3lv2p znYQ2!FOfi(h+_^Jm&L>k4*<^oegbb(%#fhWAIzvkX(mL<54X2(Zf^Wk1M>qKZ-+Ec zl(Ga1%spzVc@xUK^w$06&qN#zNFY(Q&=|V$r$o%M%Zw|a0w+SjHEr1cdbfh1@X`x3 z;(0sUF(S#f{pF|0bRgddL=w#S;lKkNBN82gpfTYQy7touT?Zui?+y_I0NwAxd@QPQ z%%*tmr;H{fX{^KLH;*JmokWfVZSa7^1k>2=Vdsn9G1_i9R#)~OY_=t7JVG{p?e3LMCO zTiOQa(Ll+`x7V0465>M`4hNGgifS(hc0G6%qbYueQ_6{;Y<>tGSCzpaVAZ9TOcToR zv7=SMufGidHoyadVjsom-!wrtTrFRWM%Yw&jV^KImS!lp8l))W_z)&2;&?z3A{4F) zeH2CX=6%A^1fS4kLZ%tBE$ZS~8X|#5f+2yY^FtWLh>7>=Mg zO#*zHgefJ7DAwR$hJ!1=yh5Qgjpm0C5-zzu902fOhQln981BF`cq;!l9N{;?6rQ`uYDn$XPC*Z zve50yj01uqkK<^<$uz;Cr;D0WS0o7!tt#}&{W4`VOAi%)dWKnjLI;ENHjqtl@^5?y z`vU-?25kTUz&f*;DlX9U5MKB@{{Eh~_srkZlt^%ASrnbohy?RPIF4@6oXY{p1bv4C zdW|J~!7{8W;M|^l$t9cdzS{Zr*Rv;N(5#JiiWBp z!)YW%0-?#t3?+%2J7(hKTGH-?pcm=r6bC4-z65;)wgZ$MECexX!pb@q6 zn*F4@E1m}#7c}10N(k-#3qQ^EzCdjZ2CP6R=bVqRBh8ez~P zGY>)j>mim503stfZ51gv57ocko*w#?5z2^|pG1grO~H&zXP$jOkn<9SB*C1Wd0 zaBv8_&n0kjjmxk1b(d_w`y`-ojP=4LmwF%xAW*|%_(W+43WYM?z@6#oUsdVwH}ms` zGn`(8_%fRwz5S{5GG+9dgqU4WEwhh?(*OlC>`O6owEO-43+6Y|^Z#g$xt=OGx&9e3 zu17_VorjZa?;0_W>w!|_8?LcZ>h}zDVSWL`I93vC_j~gqNHfXAJF)s5k(dZO0`l3Y z*Vri4*#MR$g2dPv62(6r3zX;#ae$a*A@lQRt!I>9p8b4MdGoG?7K>g9+k}RAgd-dX z$_f?=3BS@}hjY2CNg0?BG1m}LBFM3Mb52tl(dqn0JU@h?W5yD?E$5u%{NX@%01B_A zL<qi-l(9?l9qUe7NW z3ChqEgPNMQ&Z`N8ctR2!ZUNT?oT>X4_tjsWIvgwMIP`{1)rP|@xS5e)W>rWI;XFYx z2|$TE$(|&cI`Fc@U;&$Ah9yeUc6%aw&@`1~QM3gKtu?0$nAZu(vFr(BuwJf}% zbghB<}wC?8~v+<%d3eo47nmy(UVYN2m-TYX^_TbM@gv5k%SA3LJ({&5zLHAg&<|v!*b3` zx-;grU7a7T&ZD_2v4QN zD^%(gkUFE`3h1P&!qK$;Pn0hhQT zJZU{ilW8!RA?41IaI2EPYK_8hxWt%zm_ENzwUyv*up!^djzodTP?Yy)si4xC?GiYl zSrWnwGn_jj^hQ9V_dle;6=vI)5xvwNf72h^`a?*VGMwyN^IvZo(MuHh!DOm21ki5= zMk|TYZ9tO*_I94Vu31Nz)+U1eNR=Xrg2u~09_jmrRmd#XX-(~&#K^qy`bdorWAiYAB?z*@{!Ijgr z)Gk}`QvKhE-N9Zz&FdBxB4L~$jc9z^4;HqGg?K0<_O`hAdW*EB2n3*xVbdJM`QNug(r(ckf&Ey}XpweSYSPe~Cra zazi)VE4%*;Bgn}vXh0+Fl6G4#u5$z2?X-QRt0@lVxo5lT{j>#MuS$MX#d< zTjaFE5SF2>v2!aeE$-w_KDKUd#Fag9pQVHAbMs(5P_z8v0{h|uTj~Pa*VEB;bdAft zt1(apW7lsrcAQ=QA_rP`C)mS{^CpA%`9196&Zhan3YPiGPJ(A&Ec1t2<^vlgQL?Np z9X*-WjTW;~iIG4dVMoL5Ys9uAa=C5M8Cq3X84DLh{K=7i{lRLr`nzMF9}N`@_5M(Q zO%dlel!e1wZI(@3kO>MfKN=d{=kQ=>e{WbAh7-wW7bFpwU8Cq|Ps)W2``Iig7a5m& zO^n@Eht)#1{i9(EKFZYQS$t8U_DByzwNw=!dOX@a%&oG-`uq?v-f}?AEA?Sr%wU3ly+E_(f%$?Tf znedBCJfRF<@Ocs(?Jg#va|KOAhvGFdTI+nY3|bxh%A|>DLIiag)4Um0OK2nYVun#9 zW@T=X3{bc}W^!@jM|+NI>B4wP)TXZMVzQR7?&nZ07)LwJAI-v{+RBThG>Y;sd(H=i zT4h#CQ+-$kF4giF9SupMW8Mf&%)6oE)e5fk7WB@u7tg=VeJ_S8i+~xGGKRMMW`qmM z=0^ujA1$Dgh^duINir?>dC?E@Qw0ro{?a%`NyydIuL~9IdwJ;M4>xqarR=mRVrS-1xyxt&5XP6xgPfuR{ zaO%Aq9ec;8qusq1-uEYOywMNGd(SOLeEdAZIKDVPR(5`TvCF^MZ@6Uf5xMEK6BVb;7`9?}+ zcv^b*1LXo>_s@I&?!gOx&)+Y7J)=wj{CRI@r}X+&65?Bk=NCl&QTikmJ86_%$OUo* z-C$?ujjJ8(HE0KeG>#j6H_JlvkMP*O=+EuJD(Sw=&n^=V7Msby3;t!5vcydRyvedE18 z{_gbkXt+XWKQDLoep6>ltu;%V7_&$+;H{y`rObCs;( zez;gu`CpuiuUWambW8N>T0l>dw-$qN(zH-&RK@P$v-#J(@aanBC@Z`mXv&p z8r1zZGvHx{z*1A7i!qR!18zsv$}F(~+N}TyzS8Ng%I}o7I=_p@umsQ5?|;wq8K&Z^ z!r%~wva#|PNBK7$>=dXRrn0pJ=0<{9>pe7rFfSD4K7&rYR`CvelZTht_eIeLZ^Jhw zcSBKhkxG|~3P-Ig&821q%vP%^Vfjp}D`N1gEVCs`?x}zG3%SAfOI?%&S6CdvXy5zp z_~gg;XWn=3PkuZ-_kKElbL#zY`tH;zyaDgI3c|J`T`vRh_MQ9kSjn#+@qD{h@<%*( zz|}r0Z;D-#7oScqE-jApMXsMjz z)KGbJdh+h{yi!@NYEsd(E7P9y4V$y2?^#qFFXa=u=Z9oU1d3>YQNmLcU~W!tmSwM9 z=N8D|Rflf-<*Rq6C+Bb9{o~=iz6RRSzcYrt%ZOf9X;xnfksyB^E+#?4(jGXsq@9k3 zN`frI85OFMFY)pN%CLV!l91kTKPiDOTbDmjF({oBc6=vVH5!J9M03-(!~gyN@ZXR=u@2ek&{adBnhG{#05MT*r5dFG>%f@UE%ql>eI{d%>B0&G@ZlD z?zk0iOBM2iK!{hkyM|iN${-zu6G$F*AxftB?cdwc_h2n%C|t~HbimDZlb@CwiQA&m9j*LVxYW;e_Jd4=a=1LxI5 z^*%Spi=1plYGjZQI8K#2&728xk+J3pWvUl`m5>hvCrhQC=UX;|}c@TD)n zZW$h$4X)`)?vyG{K}B@x<<2T+Cuak$rB-+-$umw3`N>mnKilj?CjU>Km}UE?x96uL zU)+lR+E|kR?OUsq^R!gw?&9K!{0A;%?F;jN{YwF?BeAiuA^)*>eC=YSkhs`}3-~8|qyEr8?%*5w zY8x)b$|+odXDoq@ub~F>PQp}Rx7FX97xMp4)Zg}Z1)_!L!gl)Y?&1yr{&{h6q5hJ8 z$p3H4Uw0RG|Gc=^x+p>1+T3(N=HMN=FG~LbJASpHFy9>Do12@Puvx>n+5w=uR6pAa z`duUJQfElm`oAUYU1B73+oK9&`FB3{ilPhiH(a<~y=j4~KN~vSK;MS#zrqFlWm{EO zy`3|H{-6H4#2VWs1ths90()x1_y7E_ z|Bd(+#28RA7c-Jf|Ih#W-+5${wmNJ>&NdmoO)(REOC7F`X(DFP9QX~I0z;EYq%xTO z^{;=;?ZFBO@Rz^*WiZ(F;he%03qbH@KKh@p)gh`>s^6T1SX(=i1bcejDy}R`ltT95 zg9l^+GsJ(ybMSxGS^Co30ERVVXb2y*KKt(N+w+UFB}n0&W4X46^iy`xhzyPms2_#qO=muA+-A>6?w;`rbh zcwUGD8e*-=b-@DP;s88B^2OrA2Wx=9P$?=V`I>L@nGL~*j~`WHwH@#RkUishCIyX` zNtD1#hhLStWN11TM;!OpXPpqW<^MDKF9~J$4F-FP&Fx`Vl)!PCTW*q-6RGqoi_@eV zaOPQ+^DPuPFaM*az#oj`N&{@hAny~ix$2v(IaR1&QI;j(5%4@A=HPiO&bJcHVQJ4( zyMsqI4~yq9EVXcP^b@|uOtEjlg)>R3wNIAtu|=${3w?f_52qi|04?J3fjeZSN%-j~ zw8!LoB+v}ieC`(6d%R1TY?!rgs0mdKMrK6!Rc)(m0{N-s4_39s{;n6oM$2tD`HHGFs~@0 z!pVGn?SNWR?c(C5sf9ZbEK347*jIm&c$7^hqQ|RrEdt!BNPS>sf_}U==o}e9W7dbJZa) ze;UcMD%DbogD3vr)dWoDdJUv-ohnzRdPhW_yGljiAr43(Z?Ik5zr`|PyTw_rtJ#0^ zGOYz{zwhlX=y$m?+8a%9yA8+Os9R7k?IQC3BVtu(n^uKzaKnc+@tu}BqR_}_*w zycn)TtRafVF-=VD#1cexAq@$oX(a?)Z$Gwbu!XuanBge)`D|MezMzWf7*(g;jM+3+pQ$*MOVjWPY~tU| zD__2WA>Ws8D}_rhH&wK4`P;B5I%I`9c~HpkiNi-LRW5pPf=JX*Ky^dsh#4R}`9`QP zAIby{|EpPWeZ>n)_VCCRBYa;;lFenNM*b0a?L=q#C61GrDJMjx`o;fK8*6KLYWBYk?=z}EA2$LmvH$mWcMmG||H0nD-WU7-F`j1k zy7d|l^VqtfR%D%<)^-Q_W)QtL4`M8k)D#Zy=d;gkf@O~Pnk#*YHPP%3FMGH(5amOy z+X&XRS{%_Iv^Hk#9v|*NYCwsAXR@k}RehVH-!nY0y`;kw9g+=he%|TILl1XwdGHJ; zfyTj&TwGYUC|H4z2Qx0LZc0_^mg5^20&t5~ptvEA3tmK z;`ZIp$vOs#30Fg-ibGcfnp#gn^>-0yxe$~sR)JKCyvgtY!SjD;hA zNNFI-!xa%OV6#;3HgM4^zCHDqf33Co#8^S_mAVK}_s2-x&2}PRXv`B5IcUiqk)5}K znwD!$1+D7-z(-Pt$}Uk6@mw>~k>MJ(0QrjM@~UMb#!V5-L|Y-d#_K{qR+jOKo!5nx zY>apZUUEmh6C0W0H5O@lUwB&VK?&}E&FlOB1quzrxE$a^syFj|QLrz3?}z5+GTrh- zW&iiiyZWD>dRhFx=4sRa`n(Ey+5OM^2UY*i^PSx<{+~yAT;U~kIya6v7iK0tTHlIq za|$+!wk|%H^~*T`_i|~+s4ZR>dobmyJjE)jhjX)W<4&*Zg~(mf)w_>%srr@3E=u)E zEtpk2R*h}zWQcCFuZuoxEV@!-t2p$G()824{d!dZ4{`5xvT~Mrl}eU`!I4MqO=%78 z6SZKP80RJ;YXG{DskHPCL)5Ig=55{dN|iEN`&&p7@2LV8QM3CJ{@i*#$SeJG8f!GEQNA*}W?)RUo4JSiQ~O zDOLWoi0R7L-ovo@()*!pv3f^-`z`q;Y}{&oa}9e6!rY+WUR@QirHix_?G$WSt=9soxTHnUVw1l+LC4s-dD%h@DZXset#vBxpo%S^Idq{3kfZDvMVd9*^!S4& zs`Q1L_KW_dU`dA9bcP&w(V)#b|$b>DUD*=q3zc5n?`r+zLc%d`Z$Zx>NqWU|bqi+QuC zRw=!st?0a5RJSoddM+319~Z&WDN{$r6H~I@zcM~5n@HU~f~v;=$EldVBrH$w^r3R_ zwyb_t0m5)bxi~{&HY{M;SBH5Di&Xw9Y0%9s z=Qe7}Z{pw8p^k<1p12j8Qo)y?meFpk(9|;(L@O{|Ewu4fIoWMf14RkvAjWSwfSP25 zhCI(Dike4QDXPv%kCp|(`B}P+z=CvM)|5tjVO~X2m%c7p7pr&gl|Yq0c35E@C9^SU zsiSYUBsDFy-wNj5YkfT-sw0^eBhygz-e}YlY3GYjLyGNu9c!)C;@jACJ(+eF)QG|- z3(x5TICtbXB-bv_Z)L}s3a%|@Uo8Nbr>iZjy!?*$MoX{i?Wvqv@T=WjI+oDU23b<4 zWngQyI@uzvwN|%B@{a3hq%JJKq>a_h$mW`>n35L4sy5fsdP~}Cyfv#ZjvBAja@$>4 ze@WYI_ig3!yY)UU7lT$P_h+*5y>e+v|A0lU2@l@hKJT~PhT&#D9dp6o+4q<;&q^-2Wwn+q?;Txp3(K$Mo^vKitMh1?=coZj z#bdP8EmtVo_jAov>fgsbR{_zZi>?B>4>w&a$WE@hHo?-}23%gV!i9D3papS14`D6~ z?&Br2l^^OU%(eN4c?%m{fHnV%ZK}ZsQ(rDycI#Sp_?FgNrhd0<_1$lCuxUrK<`Jr) z{4fVom6Da5OpY=6P)E~JQ1|lkI9z%khtq=UE1SmUw=?H0Lxl`m`7+im?W}_8L9X0Cn{ck|xyFA4k&EYUf~*WtGPkRT3J_YNh3u)1ejR33p^aI zuKwVlj-{~f7gFH}f_sH`EU159bK6aici3!xm$L3vWXuw?+Zc^51lRa3y{|&djqY}< zx+$?>&9bg14eV%Lcd6Ji(#=)7TiJ{2J8MQ)GqeP7bwhYT^)AM6mnh&;6McjOw*c&* z|CF##5#^8$psb1U6@~1Yd<@Ze{;@`Udv9iMcj9#wwemJu$4`MzOuo%wBq6h zR}pZFt8{FqQ`lr%rS2ZDln7S0{|sFDvBB)Cu0l;_NqwoQTz&4KubOc_7ElC<@po9< zV4S>9BZ@*^uUIcr)Nimf8svowt*hMF-Er-rn&@Z-xk!W*0IR~@Btl=1+M~E*z;E&u z*@M6?%j742TUh18m-IsQr|IcGQA6CAj;}3jA zhv#{#XKPz}7luk2{NH)LSC#*J z&%gb0|No;r8*qk%z${VMX=@IEn;A~vG9!_?XeLF$m6ZJcU<1@0ROWsm4t$2A2&NIe zgcylnMw00kFdQL4uCdzSaNeUN9Be>>r`ij)nKC>fw>Z>SaR1j6AKoU>9B86yN|YeQ z3?hHjy_fS(Z~G~@8<50|*UbEXcY6Ht&8Z)U>u6)){NLR__;$Z~|L5+v`(N@uKFYI^Uw*H% zJAzH`IQX^s18koC{p87SoA%=So12?b(#Vho_A-3$RxlJ^dM5wf_Uq&G)6x01(jWYp zkk%sMfWT@y_I3$%b0&>4B_}47>AUlNEqwHKi6KrSI_E9O15HYIjMGFg8b$ifMO)>q zy$_*iVK8{l@g$3+(7ED+r|@fD=zAh&*(DUtqoN0<>XRbg5Z=-Oo=sr(qy+jU4YC*~ zIuvJd#}=u3b6DPlGB3Ri+-@BVHa6glVNV+TgcE@kG3}HWtx8Htw=VL6sN0~Rz`fUf zPBYeUr@Id$j6q$#7)4s>hgcvIarkwH8Sd1B5*N=PA{fToF(OHhSqUS`>?QNP_pRy? z)wTZMsY~jvzqkM227{;Y1CC<2-d8=Zl7+%cP3yqnT6MvzX5BW^FtU3B;+(0 zVZpcHjD~#6SV(*eun2rf!FW98Gj%DbnuvhH(B8Zbc4+Oe8lEDwk(D$Mi)lRf z!b@=ZJiG+Yvlq7R`n&u74tQRHSv)U(NVEon^PJiMC2)x$P$NbDjYC7D?0^Z4B6=f# z<$Hpc5q2)}I~)w|;LQGn=I0JxVjeJ}!eUy=tnx^B`r6)ygBsj{xA=jjC02aydIUAN zgK?hwcihrjHVLq~0Xv_1Y8sR$C|u%*CR3$dxAy*6b69h8tM>l5mQi?IX|60P5-Nb< zm|nZw>BfdGYZJ!5{`PRxE9mPu*9Nei&^O_!o!aafeU-Aa9o`*`1Wn=W?;7Clg)&~MFqIyTK6%K}`g4wobhaZ(P0;1H234EP!+kYw?t)Ws%>TAKtp zr6FG*`mGsOE&BS@KbOjaN%_jvZbFRUIf;lmwN7g1NDkext_iBVU9u9lt{cEOvpgGLwjbab0 z|4414xCmdt3js~!Cys^Cxs`>_p0QBNHG+2NM1Wud}I>Y%FaiD$WWx{ zFiV3}sOU8bTbFR#BV((#sC)9t>Gut&Zd5g)ulRTDHYZWkJtwGUZw3{8Hz}syfoJek{_kPjuds8j8VGTO1(p_rC&ipc5|6SFv$2xdFrsItq}O^?lq-8#SS;5ZD4Y#T)oQfbz6*c=`I^hA!zC6>mWoXAw+ zd;WUllBFz4W9;Kwp@fwB?#1Rlx^l>6-%4IX#_g(-eO$&zm)0h4@9SB zqoY!WkGr6wlZ*F_j!iD!0pwjt7ZHd}v49vWJ$5st;S=~hLx~__?!yU6z7bl}C6k4U zGvP26EL)7g9gO$;A-bTtcF)SVXl<0@fK299ahP%IxsWPyu1QXDBL7mp49vK>oCP+C zwt#7Zfh&LnhY(WCRo~naE}ksu@NrK>7gSfn{8}0?V{Ll=>56tAo03_vQ+ED^fq{Nfns5(E=+u# z=w8~6<7T(}SRJM0+EHD2qF2ni7`4M^ZKnnj`1 zHW^02O!3O5i5TWml@>G1uw1|ssv~0cn*Kz4ZFhY2zwH+f8}TaDsLgd-qS_hj6}+_% zeAdC?4R<~?Xw+~ADv;Xv+}+FQ16@loc)%#<9w(w)+kODK7jhp zRHu~nPqm>-!nUsX1*pP!e}Cs-?ep5D`UaEfOpMn;wH-~}#saE$cY4@%Yt%^1j(JDx zBb6$ev8vYm^uFU&zPxC$mLjP>quPx0LOdY}4j*Oxx`XkDk3CaeOElHCZDXmn6+mYz zu=HOlqh#?`!97v!5mY{}D;arOIow^Z9c|^Eu5bE4F50GhdK>(8P#v{xNLQO~&hleoS{eHLw!ywJ%kAt0^c-URQH&Cq)>n@wu4%Oy#@4BD0 ztXwAb-4d`4)p@eKM|#$whnMs9E%1?6skRyZ*8Z%K>a(9ux>+AN)u56RKEks`s_V%Q zt9!qaYD@5=3bZxO>uP$&YAY>NKZZbC2i0ym$AvpSIfq~2xu=ilriiE=TOBrH*U7Kegqx_=q& zq-R`AwFz-O5V=}jN!K$@E#AM|Z=HKcX*V|4pILDz^x(x@2gre7so zuq+Uz&8|zD34NFbkqC!6Y7&|LvGF+%r}`nD|7NP|iD#RdxPy0gX+~}|qDjC3n`4_A zb_|rk*v)@Bexmm~rGPKZgAfT6l4ahQb?ojn<+N=))-l4Oz*C(ar%AC=sW9s($|>^U z*zyX{B%13p>uvq4b2haaKD|ASRF?**k!ne0DUGe#t*VkNmDT>pzJsy1P7W^;<~E!I z$f<7NZ(Y#_>(n~ofvCdx9Y*0Vj0pTT2_C}g&12mjXSkSZmGie}Vx6YPFTN-J%5W1} zbN+g?B&_kJiNUd6!+^$dme|cbrJ9_-9`%7+t?B;vuLI1)8y&Q|c)d0;NNTH6y9vvY zmNN`AKQ>6MHRi@Ro6wc98z|c;gmoRe_N9xVe7W#u44=;!<}(_FxgP$Dlt##Sfn_Pa z3g2IxfK1U3tQzY5+@ zF`G~pEBZAn^!lh>fHhOiGqnoUIs6StNSwuTTsaOhbqdcE#ymfXr>WNG7-UHjVkXTq zT~KQ6nnPwtak^1tmr>ojMp~s>&O(}r>R`8XcoA1;C|1*0>gPQ@>)hvBEX+Q!H0%8= zK!xfSVfKloS?{}h6{=f=*(a7}yM0Tu3e_#b>_1JKRj6(eW}jG^^{%C~Wq+?(n#cBB zPbo-T*8!U{URfYcSehPm6+TW9E-(shKu>5ghR~%h#I;0T)$a3X*~wjjYH6JGLGN0q zR+JYPRU7Y-ib{YVj?d(4Kpf6b&h%m2-2LOkwf5@UDeg>OVDVba%t^YGh7UYI*Z0b3 zsUQtW7Yg)yIV869&{v*z>QJYH@eFcxdh4jS9)arlpYbqD%_ z46S+P$G5)WDv6r$1k1tt35y%buHZFAAy`B0D$!yr6Q!&BNj zGkc@vtf!QrS1))zMbuuuhT~Z{3-Diyie%e;y{>uSj?cTC$aPJJCUVLHzS_KK#=efj znr26ZyNX$IpV_e(|FzDJ)8=L4o{L64S3ddbQ5m07Uc-eaVeM@WIos9bfE`NRD17+% z2>2I?4Qt4oLn7VKtv9+R{Ok9g=gx3DKP+oK=p0wyZh{K_^@Ngj{2z2mXI=QW9<3{@ z;}1Siw=Vo!4^Az>|2_k;HvVZl0@d@Or}fFtmcvZt{(tZhroOjoa{g&Mmehv-Jr5)G zz5P%)>spT5^nAExefm+SLo?;!xaY~4zK_4uX;^dwrj3H`LE~$aL0u2Cln7Y;K+C#J zhR(-Qn($xYXv&)LUw*)(3I7!inXDQA#)ELZ{ ze|_v|zMPT;;e0uApJhB>PC*|5eJ-hw7SUJ8_#Q&~K3O0}PQ_!z@vU!GKUO5)`eyTk zWBEEa+jF>5m4da$lk|V?q(Z^kBTCjs!Gf5Q(wgwu1(g&txjm|+or2FHtfb(gM~W+1 z?P)8!WvVQV z!h&>_ooMViKV?&!Zj#D-Wu+_;+jDoAI;q-DSQlWkS6Z5?de zss0b!qK@b^ppn)i8#5N?X)Yr=g}kT}fU`oQJxlBo?#-LQuS-ZjYGxM~yKx8HEBmQc z+&`lY)MnhBE$tpRvio*Pm2hv`0Iux(Rjr6eWN$I75h)Vz$xt0+u#f_6u0hb9fu*23mu9el?AcDjGJg6b+X_RLyEYW(9*v7 zRf==PB!I#YVrf?ut6oS0URw67UhPZ@l!PWNzFa!Djn~@C(rvv;Y%7>*72H5!XeZGV zbpe4~cO{pP)7xNNIE{uYyLgxNoG}?&y03?xvn}-8dAY5twTN<`-(qvfTymoNMse}8XW!dCu=P9`c2(I$pU^3xm)3r4WojEK<{ z24wmfdOtzqcHV+8=vp^^Mv7XMgmnj`_pPcK{8J*D-ByK-rb1@rR8!kM3Onow|@Ql9gK{(H&@xtUY){DxN#@+R(wBi2gHBN)O;e75- zxR+iB<6LO+e4nG_fZKwb8D==&C*+6fpb>%@na;cjU*ia_@H`Lc&XN$bXf79Dy>*%~ z?8Df$rmB{rN4YcK{NDHAnyL0hL!h@=J1jo3$O?_YctWB%pL2oZhmG1Iyst4Mlev34 z*d17@OPNX5ia`~#cY&F$k9-$P8`9^mNA9&)s}Q;lt*Az*3L7i7=!A|VJBbj9o&7~# z#KxN8JNx;hva8sMreBApJ;vdE7yf(Gl#7$GgO;UZ z)^DN6?(19CTy3vfat`|3O||5hfbRx;@U1#)O|{A*)FiT~tV0R3sQ5d6Qqn;dVw5|% z?qD1u63vbB{t*0Huv)RN0;YdTv2PIEfgN}%|JTPcmpX!17^e-$5rJc6kI3&9m0nMh zH}qALGMQs!4)t2`Yf!T5VIL?dw6u-G{S~()wx4s65YX=s5}D< zd$PP|tFMk(3l`D{Ex2?!7Df4c;nISI@zIRC_Jt{b-|lF^!dT+L3|)6ywC};&BlBOc~O+V4=4a1PB%@y}{S06^!5CMFf;y|e2Y!2f9`2iE-Ef}lzi$4`ND90>`FjtW`I1wCh z5>V6ZCF1ztnZGvfkZ9Olp|R5=_FZ$=tP7inPEU%+n&$CQ-YSX7-=YjB0=^?c1sLQN z*M{A-Ia{;GGz~=gn;a(9R3@m=m z)`Vu;vFC9tBzGREqXWNg<$wM*2E?YBif0fM#xoqnD!L6t(ReV}*nrbp6sHm9^2Y|e z#A!t5fWRC#R>2Z96M*22j$4#seG3w56>#;p6ZRMqe#Hla^BLjNY@afWY>-`uuk+mi z#DNG1Ddx#HLiuP2!{yLp2}w;STk4XEnL$Y>&ytwrXc%T5494T}CE~NeSKv~sS_jXQ z!^%?>U`THR@Zp~W*}u96t7%}4lqb=CEZwtxB+c1!<>qVOOE8RzQu-wEt#p3ibbk33 z>XgxI66#D4CzuHnufhg{zY)fTI$17-93Z%%?5Zl%Y-ixm^kSManld6y`B$80Sf4n7 zEcM|;>JMOp)_?sUSd0V;uHXmRsV6hUM6t^?%PxJ{**>3b2l5l&{udTpmfv>USBbMi z3Sx$YKNx&B&(F71FZ4dr?t&XEr86hf1gY~E5*3AjYDK4E5D-Wv!)D_0EoZ}yBp@=D zK!hvTd|xH>#=Yy??TN9|(92^2bjO&ePYx&ntY^3jM9BuO6Q9Vj06wEx6sobG(`;~qqex1&In7K2z3i$i zNmQ7W3(2 z9JdU-fj8@BLw9%ELWJ!aQ) z|G>%$qsB`Gg9@&nKVCZQL=^v0YLrwBN~G;lA~avbgh3A!?kP}A-G=b{%`DZDn2<24 zdj3TfR}|m^tB}j_sl3|BOB z2_97YB)wL^VDUZ)7ZDK92LQMN*Ovgv0S23zjgd+t=4*egx+PQq1?Oh>)e=jtfVr{{ zg}fVqvoKl6q_WP}P2#sGF(%miWT9~3q{Ncn8TY25j~QFJr;hv!5>+f$zt?rEysn={ zNyZ$i-6|0Y1Q5mYpO+f%{E7C*nt-{aJA`oS31#Omr%v8zyw`U`5)JRVix*!gs|T0N zDkBkD(9k`=1W!VZlc_jyW;Tqz5Uk6b zq@4O7m}@CiN|G$v#2Hs^Zr!(`;V3Vz?bS{2S4cNUq`r24Bi><`(C;Fk@c$-mhf2ew@udRPlMFPK%}xz%pYPU ztcGuSbrp!CJ#|u=wJJ<4JI`}6uuTFE?>gIh!{J%F;;bF#etQ0|t?ys??ABq7N+!R> zjCz$zG^tjir;o*Iy~ZVJgI(|80=-LLDWTK39=w$rGn93I9=-d{*!Lg{%wM{JCr}Dw~iwtx@`^vanQR6iOB~ zZ`05t2AgRdnv{qXA=@a*@JzFFrKZe?eB{tmcd~Qh<2J98coqnmWaTEv573sZ@j#;> zN0K4IH&=4KNa%S}PqDd&C(WF+M3;*)4T>~L3w`6gc;p>wZH-}teSktKO7?BJPtGB{ z79^wIB~cMu9nd_4&$!X*&F_$JFmMLLr4sT?VkkDIUX4r2{|ulp)HiF(<8ErTE68q{TQJ5io?7d*S(U*!(Y6kqlVtfIqvDe&p&Fw52HeyZv~g z{FHxx!ZwZdN6b!$thkCZl@-&Mk$)$^uOS84yF*I0&$K$yh>BXg4(j!MD5d*JW9~E% z-s^LJh;V~KvVMc3B4d|V+v=CbadjlES-^*&nJ86TCefkpUW7DG2t0p6MQH?$(aaB{ z1r~~>s7M#Yoro?J4G}A}=cWmik?>ZZU5xCIFyUHeLUJc}#OpT(O2+Cp!NwqtYm_+{ z^nO%gIj24x!DBXLoc$cYsWaqS&m~JnQcV-_mwRUkqh6%}W=cD;T=~gKQW1X7xeOn* z8h#&P`08HJpdqB1*EpxC3*X|SJqvI-`+U9Xib)>m?OmWBWn2f&{a{{QE}O1)zIiiQsE_6 z0brM`W-ZX^j`IXN0C}t<3w7*GKYkXaFSn0tl0T93U~T_8w0ny{-1$|7Iv2 zcYboA4V`t1CX#4tTqb2wX8Bx`qb{bfxQPb>$|O93XwP26N|$7@Y+W3z7Myt}@@BX3 zSAE`n9-8y6k`IiNrKLDD2%bE(STVtpDfVm;MrosA6;eu-ME9)(x^++2IfMWTYquw{ z;bfSNim)#D0_Z|%@aEdyiq$=M9)7I7FqXSO;LoOCX3AF=&0RG8ra%FohDl&w!1HC; zfA$jrfafPd=52fZBAk!Dg39v?r$L(GG~zf%0`RF$f4kDdIT@Md~+> zH&2Nz)#09~8rTT}iC#{fhQ|nya&wPm479of1h6UT9X-SoT!;SEv^E zjx4gVUMuzdhk`+maKDB8h3LE{&flwy2G_e0B&a_!pQC%>hi!9#Xvca=__ zFGZh)@LbmnmZKd5liX=!*w@q068m6=nr@~ zjl>jbT$Y*Q$;?ips%ZX|#<<284E2V`vHj33lF^W0Y>O*A-_DElu2%Dwvz?Ym-}(7` zV5+)7?Fdgh0`qA=fYStZ~l{ige?52M^5Vu@8Pfl|RogBKRboZUY4+&(({DHU~(dPR`waFUa*!zLM0Bw@g8>iv>;Cl73$NQQ1@D9z#>=8AM*&ZK`$(t@3$_Egm2hagvgN> zbHk4WFzBWAh!JeCeYAR8we)|jxTSqPTTz(gqO0CYF9zl?O^9(C21yFLegEP2rYnyA z4a#^moxzM-sL5Q@_Mv#IW~F#^R}OZ)%XBVr2i2dgpGMTCes0dOCl8!x9l;-~lmULq zA3gi6OiM}7)@SLeaCBfO_=zz^O&bg@lm>p-uSwOXfpS=yA4vU|9xwH;%#rF>tXcH>7PZ*$Lfv# zmy4ql0C2kh^)})3K%zm@;Y#IgLwwQG%m3zhkNelisbFJm_3muGXBr;hf+ZfYe zYE4^s8^~+$?pN*h9(|@(DLuu~6Q7+r?Zj6`Dhg?m#&EBIh2^H+h7P~bi5fE>actI3 zewXFBb8lgNWZs8@F*Gl85dfd=UEW`~t_%XIdA^N%vtp_CS4fVhY9HCw?4yRsx&V>w z%^)V=lsO3=R$aP|?R|u!|&35-R&Ggb`{Dm9nO4==O%1 zud%f5(chFU^4-Fj+gQh)(ZLoelQ18ln`=(E3I0Lap|p$7qu_bH%|>*p~A zeArsL=>b~cCFYG9H9>Xe(#_~pTgcAz)G$5JUa#$DT>h6ApiU6Rm#JN>8z~_+ZOe9hHm62%mRgner}vcx zarT;0m$bUPoqBbDoVhnG8Bo=+@2jdW?IlWqhi;Sm z$vNzxw%S%^>h14qeIzl*o48@^7x~k_?YTTX00+G59h@EAomO2AU6|&yz)2;GgUrc* z1B#`?GD=JS?6O{eExOzr4OL@vSYpqlzd(T)fX4^gG8*_X)ueN`v%?o~d<0}S>=JGk z^0wErwSQICHboJG)PUckx$H(O;Ujw^DszNJuT^wy}4V3aO%H z1K6L7Gna&!9z(^%Q^@Mi9?XB6}JZMA61XQ#RKW+m#YnaPXijXM5S-WwV7c$lC*xe?lZ$n zY-*+oq61$>xbj`*g)Oz56tQvh!~=F}g6-JbWK4En%LC||kR z@)cQ%5tC=3s0W4Q{WJ85ITVB}!D7iuex=-fQ0iH#RA6k}Rb~m3=ddQl?7x>0bODfS$K= zLbWE3y%bG?k4O^WsLmDMAEdQ}SU{b^oz1>avj4QcjCj5O02Q7T*rW&;xT#z6_pf5k z{hI1(m$o@R(jO~dW_shln?QpboBJSXdS)^C1O-(GfzGM>c z6vigd76|K=!trYTyrkg+Y~sMci8^a`WHYx;izE>U3*CaCT^6H8M=3)olj_Gr(zejM zd;z$u1hxN7p%ep)an%kD zZnhD}yV4JDuL6?t6m|%JnT-0TLPi`F(@t1Px4vhZ?K^mkt*oA@i$&8F1K_9&rYQ?3 zq@+wn%v2ft$t%z}kwn5IWjB;6w7z0SD!W)2Vx`I{^52)}-^k z^H8?q1L(te?IhPQse5tak}^4(Bu$tF99Z70N-Qq{{#2|OJV%gNjxRsGKJAT6?Cvuu z2)j24tT;7mP+-DWl%}iBJYb>MS%{@zbnf#Kk7Su*#7rl#Mi0B)wJKvy+MWsi%GFOZ z$I}wPOKsX2;o14pzv(d^qMcNmqgnn4_x*$PTq#*6dH9LHX^b#A9h2c2<0GR-xY|U~ z%y30gY0c#!?2Yypt9A9`-NuaI52u_N@r&xmCQNQ$lHJZExz+Ca)HFg)re?5WRbL{6FO4Vz5d_{4pyE&1v}N zw3KQ-ZCyGtZma-$ebb&#?QL1oCb>ULaurPgWB#e5u4#_0R7R4#dY_~cOgo|0$DnfK z_qx($lU!OKm))Bln?Y8yS_yyq|cC@hu*CcIx|AxYQ)r10HX zH=61e^N}9fhPu6eXJB~~4iO7%IhDsPT~AW+9xBZ@4p7}1h3#FtUt@i{oO5^jej-ns z)@?GLC%kQ%XNw{ZaaX9@gaIx6U4TL7nG>5^0AEqmaVMVF-#hu{G!*6}G^xxhr)PYZz_w*?hQ8eH<$;rLelWH$hpHdk^wTXC%Bva9JL`2noly+BBk1U z(UB!utlP{__xI-`p6O^T&$`~D&XK-^DJanf5=BQZ0&f5WEl0?GTsf;H#J2i{Ud)T; z9JE3@Dkzq^Ac<>1IHp0^M-^4@6g$i6TA`kONNSX|#_bC8P`=)N54-$Ro15oq66l-@ zXkE_eNLIL0>Ej01+P+>uQd?TyPmD=EDKX8td>xtUErjYrc?U+BUL6@)6>WmPr;lhW z=aJF?1_Dn1&xcQefUh`3uF1(CJ;9&qZNL35o)AfAOqF%f#g?>;?-t*x##A+GrAni} zs!Ay4fLbCZ=BOpgvYr_(H2!MbN$CjPlk7UJL*d0~xBfLX>e_||0eTAcnqJi29bVi` zk$6A!Gs)wquvZP+=wVHw1_B$HM@V|mGwpHXDaq2)N*Z3BrpdrND9=kT&B*Adn30KS>wXdBKnEg`RA9mZ9I_o?r;H)j z54gYbQHM2`_xfU>6Lj<`@Mp_14ZV%OMRH0D+k!Zgn(r$E11Y#eG7XH$f$wG#!I`Qs zasm)ZJ`yrdQlB4Lpk=C(&ASe~03=iM2w+V>CS)$M$|Ff8i7oJsHj&3V1+aBDdXI5a zo2)uW7+~hMqRu(Tvy5urFXQNZHJtWXqC1rYu(SH=jXohKiDwoo(Ttj{q%|ap1*eUu zY-Z;NbYQmtBGxH+am-Ls?Q&jVl!7F+u3Gdp#YrlxJ>EmZjT$0Yxu@6yC=x_dMkanH zmnci7W>k;|y*iL5F^diR_pZGm(pq!=ek(dS>PwXhO-VEB1n3<6XijuxeKDUqUw)03^UgOliX=iRlWdF6rdJ05IHzi=-WbI~#77~Ub{N*k2z)IYPc&D5mL4(J9Q~l|s zT$)Ag%s+qr)FY|o?CJi#_hxuDCx-hcMQSEJS@3WBhBAM+j*ObH(GUdv0bvVEgmxBdzbo90>I@;8 z=__S|ErdNl@cgV`&C+<0pjI2=FKr-u>zEjH66;V5$h2r4! z)-tQStb=}&X-ZS~$sFMR%fK!IB|Ulq7T%!2^f-onCYJL314~ZxE_6)GS1`AEKUwAt zMMthfE!b3*jZ`W7d5LmPdp@Jh+LAfunwJRpbXN}qE&|F72xkBXQa}gb=fgnV&R@XW z#Wqqvqu#DttT`y{#ER)Kb%8=}XCjWyOrP4v8+n}S)XhzDm8dRdYX%kq$l=SQ&jGH$ zyJqcST>}5J1@KAksjP>P;LD`%>7~bk;O6VLyj7sj|B`{-0=Vk%>|g%XYSE#lmcP|W z^|I<1*fL{Y=6>ZsZdUhYCH0~Wpc?a@L8AN9^8Q;|s*I*@Syepck}etDxOW_@TA5V$ z!Sm@SO$qw^foB=LsRy{vLPaq^M=l-L zDjsa+JndrIQa0m6#8S*^NNF8?SR}UGbme)CK-#^xI(I#L-@8HMl#bPzxpU;_UEQ`Y z*#ePah56p58sRW)kLeNrFM!rk_4t^9&rv_^ry|b78=*#W7DrNB=F1)H7(4$|9ofHeSJ)gFU_0-kx3%df0 z0g}`H5a1gR`i9m&>N$$I!7s-y4M5!fRwA^$=7e^85shy>65aEltzLW**>|9sTt3+eVVK^8BE5+5 zK8XVv5d2a0r3q>tej_KATRo(LKvD2i**3o^3hH4;BAzOM{xG|(67<%*F#z>jKeh<+ zFpTS5xB)vWS_cYi`!N>#WvkS#mhVCBm{jc<0&<)2kn0g)rW1)2iKDp>BK3tV@D~WD z`$0S`(Rsv8Lh@5wVCvYg35HF5kr_da;*f(`MPYmmgrHytaLCK|oJL`Vuzx{V7bDjf z2n&wF3E|K}*f%4Og~JcnrmP1NgOG;z|G)ubHHVqcC(g*s`hgeBWIt|?%NYsDgu@MC zafuu_ATlkE#DvE`Z2F0uLB@6k zIuQxx0ZC*SDg^lx(@;~$$C|yqpD*JFovuVq83c28zF!NT;jm>W3QJUIE5)_s0~Dgk z>--{xJ)%=)A{yvYG|Qa#^4rwF_Km(4mBhqs|0^fW;neFf)+>Vs ztD$0@`i?C%E>GDdwyP6Fo4dE=)T9u6IFn-f)>#RM2-miZQ&0V@4 zAM6^C@K+8u5j}Iu0=-+CK98pda}N4?e{w!2U-$!L8(%9wS5G7e*C*=w<)5==f=iB$ zqpsoC87vfIVzeN^dsMYRK3gy6TUi08Wb=Kpv(5HXIwG?iXp_AQ$kL{tISF!`nQP5* zkR=!bZ4yO6gY(+^bC^KLC=M4?OLv}EYg$#Y!6TBqZa#h=kN4-oRY#~5x8MXc7wm3~ zM%6}=7TqgDwSYsCw=m2%6$hokgNY?T6Ck-oN5?cI=Yy{ zcPrri3y=(yLN^%^$h{KKI_yXDPNN8-tds;Qn|>@9uUJe=h~1OWt>mwgwyZV(TuqYg z94^~JM6f|8mRY1utv0mys(xI2iqSqiPy44$X{Z}NKW-ZHmt;z}^|{QQ{Xzi|aLC&y zL3z?4zy&zGoSyJf0_#e$e=TX0`daIs=Xs;sv;PT%2?HJ0v71C06qAhg&)XxU+e=6>gRm zyv`G5?FnUeJj;=r{ea^${o@r!zObZ z@oIlz1fJ3ni*O~2nw1~iA7(WFPT^-ORnU8V^L}xgN~qoSg=<9F1??P}XxXZ|FumfW zvPNs#`1c%JKIjzaw&4=(^Ticpg^w@!VhlUJW{q|4VMtyv?LAn~iLgSaZj>=2q|HyQj42*dqSq)u?q(nlEd{~FBE{_ur5bMZ!}TYS8Qp+I zomC9nw})GJLOi0^L0qCiK(w|~!eTV@$(4f);hpR>j|?-ILq^3J*ddUFaq;5h#G^6+A0`msnI-K}!IrmfGgj`*q*UO@IEoTUhQbg>DLE=k zrCTgUw4fu!PNOYhHKrx8E4ZpC1B`@j_s@R>q0jAgxv}fKg+BQ19~4!CymQ!2%fNcK$_#STSMSV^1f&IM`qt;={2*IxeY(Zb!5=|9G>v)eea{C6B4R z8p~1g3Ez>kBh%wF!lDwpB*!?L4epYnrG#0Np0IzAFahz6?&eKLhYDtE^=TOr@>-47o{!OVt6Ii6AuyXBDJ9i zhE5qJYT?m>_MmwXEkOLk?Z;P6H0*m-+CG+lL!(mBzeVZibn2O1zc$0$-c9!Q7#R$_ zlF2aPWhFB~`lJyFd|ItJ+Ux-q8Aea@b*NmeV1a)mO`@_0e$3VCpnaR_E9AHw)ls1> zzc|eA^6iDtX1?Ug`(VR@Jo2=7Hp1IZs)reedA}82|zn{ z5Z;@KJu9}DnU{cR$7duHFl%HZ#8ZuiB3VeGoc`6@Ka4Jk*(mCQTfr>S+?2acs{r&_ zPo(-+IH%=5SQJTp(BaV$^x#HVPn4{ykRV#PE_Y!p^wK7qPWUq;n)h!Qc55X&zif_x+7XhnuJ?0Bpgz4BPp6-vjeT1Al_d=o=W0L+Bl3) znHU@X&8WQTL;WX6OG~9$Oc2sOq<%4J1MREuDG_7+>to!Bf}Ev&hf;TS6X&I!f|Hx?q= zf0T_T=BUH6)({gcYEZ;o<5&;s3Do#C&g0esy~+za(z4M%fjbgSFoV%KP*cfl7YXjM z_l#V6xT-!h4MSyU&X-$f{=f`*cuhv8{EZab8Z#ljy0tkiZ{Oz;Zfl@4JClP zWIDVN4PN7psI=0}e3VL6C+lSfw|TbpONClyDRP8%ft9*F&B-kYia#7>7fd(bAB0UU zh-dgcSELps+VZUOY`FuqNfqaW(2+N_nz`9dv` znkF3&kRYmX?c4+5BA6ihl0=#?ziv?$2zkpeE@L5$k)cVBFxJ zjN^$4fuvx@Q^t$lT7eY;cVix zDy2WY>3_r$V;&)2Lr%OE18%eS_V9Th1=~Z*+0PUkW=a0_3=5}&ut8f0iqVnz=INgB zi-kw6>euTt!t(9>Qr}f;QM*MQ0?{}A2US-|7bM_Gw~Ms>&fxyBTL3-yBgng>r4j?= z2_NLVKfJ~E*&v@|y7n|1fuV)|)qJYGYX!UU(01z_UP}Y(d|19q9rK*iGrdwc#~RLU zcvBzoxBPPGr8TTuIhiR{x?}{#xuVFp9Ap7v^MX_?slbKm;7pS`jOU6qXl~13f0KHQ zLff=9$5mFnE>iYa8||oh5b^VmjTEDgd;6dBC94G6EkmQRMl|rt23*y_FTS|_KKu?t zt#vc<$lg15HpQB^yK&=5m@i0%*8hh?bj8^Tao~qC0)hGy?7m;{vOn~}mj2Ba{>J?I zbv-y-`6*(tiwlN_p@bL<7Jg<`O9(gEPdQ6F_ubt5^9BbGwVBR@f_-j7wgQX_qpGMH zVFX=;?8&A6+JWU#;_j$jYS}I>lyE3B%nc}9X1Qqc?+BFEl|EM4;4MoEG+aGN?w|L& zvZB0}ipB_h2w^|gK13IYKa^lTx_`pBu=fH_w`RXm;~8LR_>_MeUTYknZPVbFP2=z1f@k5)IAwq zNkoGAs(Zg8F`UQpb%y1!SBr^juk`QgtZIR8xSqTFw*$4ZW}3yez$I=l&brX;9j%Bs zIa~yUn=%6r)>4T+g#k(P6lzpyik^hWRx{Xpe zsuWQuM2*ct>HWyg38Ua?pRa1%-P7F4bC-x&d5H|YfiGH!^1@JWH5g#fxAFvc>g#(X>e6KtzAj3;S)?u5{RoF|EVe>OITm*^lwtvXp zYyKOS^G8->yzDG|?Kt|RlQ$K_kG`SUKO7+MKK<@Hzti9YRG!H6ohxZ&iPM@#l`0J& zXsb`1DhJ~8mRF72(o|Kzx#~P-pqP|{L+pQoT;vOj-~8B9pp(?P00DWQJjHD?3g6IeE+sHG=7aeTFr3}GOmfe6mr1IMN7cPcgjCJ-pvO*|~;I+Ch-ilIq{_B5D7HGRKnD}6tI z7+QaTF6d}N_d7!HANNILZNZ3`QaD9dJN6K)-HF|xB+&K>Fbc0>7?kYdc)V1L^20dG z!6vB{OC}h0E>do)B1m~noapqg`Qn&wiyH4QdZHA@l@_COANwHRH`+CIp3}^F&A?108t|Zi42Cs0xte;#^+5&M23@l}3 zT$y^<^xbLGB0BwP@*Z%yk`~h!Wd>|9k>x&6-KwLGaVY2 zs+#mx#{0>LV-yQUh^?AOS#7nvsb#2*Ip(wqWaB4_fRb|xm$As)y2_^Vl*llDt0z!P znXL-Few~xjk&G>3TvcqsAEww-(BN#%FG}R(uZBc@b{SACy`Ke)ha8yOPBrq*E%DF- z;w0_3mc%+>heKDVu$F@#Q5dK!YJ)p=%hjY}#NpDf;e~ zKYb}7euGN!-+F*jBja_K?z5IHk+ER3Rlq{Ca!@B;bu$1@i;s|(jnyR6g2l@E zHmKR&`(0dYpU)q&`vbs|HR)SkGQa?LrQwu9tMN{Bo2NW0AFc@@C|aZRmBh$T=Cfse8EGV zSzthhv__WK+mTm^jcRtK@7V8VbkA=`6DN8b&LnfEU;2)fY`SFLx90V<9JEyNPZg;l z@0)%s-Dmn&2RScE|EuMq0d~aASu zc6o2L{6HLhm5M|6i0o7S)nUPa4Zmma8lV_KEC2ME!Q=EWOnay$Q?bjfjjTWf9M*rx zz;g}&ofEkJTQvJVn|q6Rf-BB@mN6pRx*4K)PUZGq6nXy|JYpr7xj~zrc z6o}9WfrV=TdhZq+#yQj*8)QLN4pNu7OHid@NIq4Nu*!oF>{D*b1|uH}mRHDt8?wV* zq~>ip8Un|wWEWJPh=ax*>zXiu^~b0H3~w>aLbn{`t9B8w0kytaGZ;e*72cW(R1C`P z2g9N7O~U4#<@sHf4gX$h9QjPeV~>K6Re~+XPdSI7EP^!kJShZI8$k{= zIO5^0*gv37CgQuqkiVbz`6aP-12j)DYcB+yRlay15R-qnWsIR7i`O^HE z_|8nxurq2-Mc9Q)8XToXco!qtg*F#?mvR z(y=jJNaMl$Zs@`bH9aJ0!iuhV{FswQ#R|;)axKrgzOMbwrY(LsXLXqN_8mVHJ`81* zrkm^QOKXSM3>t2%>)%brlx>szZ#Q-{TXPkiPcPj2dh7L8;DTrh|4uo0YT{C!T3SEH zw}~u2SpIaP3URjy2+$6i!*$fCmdje=+DE+GA^f zdD|KzO>=n0nx`6_+Q;up{(WUUd|UU4Wr*{9L@o@zb_7>Wyt&t}d5okfSjG}EOH~gN zlX!#L3E|K1V#syog9f1=JfwJwdiw^0=}75|np$HBnr6EwFY-?;4v9CZ=Dk((x4UcUJ;a`uq`3A)#E>Ia z8B1eTuKq2qX)1j^HCwLOI$eW)J8_N5)O2}!CfzZ}kwB90-R;`7X2xXQCl91^5|}+| z=3$A$OJkIf{lMl{N3~-?NLJ&r8}~%1*mCpLzd6X#CG)i780{t~D%bSk^Mph$N?sT_ zWRJ|uRq>Hx)OknTH5F_Z57XoUYAPj}UEPVZHrqp-i%se@fQ)NfEz(iX^>|E%Q_ZspxDt+UmJq*l|>$*0?A~HT1rV+pLb?2EX2|{)b+LEwWF}|JM-i9 zyCmU7e=a?zG;WGTk|)QH_iJ&+29bUfKj4&K0z(O-w&=>hs6f*h6irY*eG=VuCc&^C z@pB=J_e@N8$YV*&wZ$2U!Sa~K)18{%$`D1>yQ+CfdVbCAh@_&U33h9s>qS3GkawHZ zjBBOO+>^rm!T>%VrxfV~j>IGW>yYyYF)NzkQQ-LUITC{rMWit!k5d&ya|vP;E}lf(6x`T7 zJlmwb#TBPw3kHddbM`R@Cc) z@Fw})8a22Aca>^AE_K>o%ac{=ZtVuaQ{UAZ)%H16b6^(*amvH&JncSO8e_?9al7k2 zO~|P}cA@yGE(}*Z+0XVrAPxtK_rH=ajcGG+W5ziLW*|xuOwV20@_&NiA;+5_HA$Ss zo9OO^O@l}f$WjXO{cMs_#0lailkCBBQonnD9<2-i&HX%T0@?4)CSE3fzJ#rZTPab5 zi8$%gp9QN=BVkPli5{JREA zRp+$-U%`GM6b0=CQwJ}mRk=!`3t3hHFbj*-*iqrD; zWeKv<;|wjsuS{$@gq@j5jnO5M=!`!Z zZ9ZNu`9|YY>7f>p_|Veo)w*KR%lPuN^Gg4Uwv}0q+TMg5Sjsbvg(y0538F-s@F*wb zt*Bz(7G(&WV7QFQP!Vq8kTMe$vvz7O;aVeKI9VE< zGKRVSgKL>1Mu;m_vrmLi(|L_E9;fp6v9+Ab^@XTCZAZ1KM+0b*eEs7so(K|;{aKQg zFWD3tvpvM1Aj)h>jnSYc%LA8;#e4uDRq`>TwLD=d^n&hi=Gf7YL6J)=RN?=+^~?1z zK;xogyft@Bp`XF7ZzldvG%NLANR6PpHYNR+{vQEYRyl&llNzdW|2MuK>i8cxtGfPI z^_=#}3F7#eKfd2~_l*;bP-6E0rZfJ#IQM(+8aBUmg7_X9L-CEW*cn4nrMr>%8MJ8R zb0?JHr{(%EtN4VwqGrdi!&q`Uu4xV_x@XhrmOQ9pBS=^(l^&)SuVqhUd$T9284Epi zlwe32zY`-E!im|$#QM*C`^4EKMkeg)%H|K!iLcI-eu?B6jH`@CIx9GXbNEAk#pU8# z=j=OghZJb9(@B}RJPnVlWo=mZ{={iU8$FC6)phIaav4-KJG@VFqy{y&9BVRc98~yy zc(|H!r45p{sO%zUg#SsBzAdMzP!$ORH%7QLQa-=4X@xyQ4%iazaTU}&ase*2EDLLA z6bRa>Cp!gejH^T^4Y|#OTta4}=AUybn&hCUf8Y3(MfV*1&3%^jKf-ZZJa8bA2?IrZ zKYmnNOQ!~;LQQwP1arR7uopN-Bts zjILYJLDX_FROs55@oY$Uf_T{#ao?N5DNdVl80y!dj^l4)2WjN@)@^=rcrKs ze-}{v;7Ot#ha^zGKEV=hP`&{{T~p&aCZ_ZZ$vGB!1FBnR6gR!d4%+5`6wuM_XCtUb zt8lx&0DC>n%W`pT;gf7th%ezh>sPw~!A(Tla?N3|kR7liqf+i)ylJvjlD|%%$WaRe zDY^F{_pi@b1@~gsRUu(wkV#@8hNW#amF5Ay3peteSbx8=^cyWhrqKyOuagKZiO+s< zjHNP1fPpL3Tz3kmZ*dJGp4Qu1&fk*~k_$Huk)d=>z;1im>M%J_tU8ZVyu0#i4?dl} z?`P8Si5t6;6)K-Lb9rxe!Bo=Q2dvRkOy0L;+IEz)CeH9?ZiC!kFVHsMI^Yw(B-Ovf z3ASaO$sOdhFU2}wwIyH--@tn2z^ohe$B53e{kp~=fnXV*5?SlP7*-AJVSzZ<0<_M5 zk-(`C)D$`*#l3o_1uY6pEZx=SHC>myANJl zHZ#R%xVpRQJ^zbz7`}(@S8r&2sJ^%yt7+EXZ+a|5anv|ZjIs7H)k#;eK)2<<(`FYA#Vo^`ASX`~m~CR1ROEbu|d=<)&eJ~{~!v-{R*M1DV(oPUvs4lqtf~qG5WT9$!!LX)U z|8SkS{l}g|TILgq$`Aq1TIeU}Ivj%S0TCqEnODmn(j*eJsB5VCH|>b+`M@xGP-}g8 ztao#l*4*x$`x&$4TMw2?Y=Snoh zoc5l9*GhEY$Efyy@BC)&7q}lff;UhGkT*~qfgT|{P~Wxhu>&al_w%0ebHCU^ECO6! znb-3AAZ>#pyx?IhMQuDnu@cSL>8p(tH`F~6h!jjTOnn!)e!34+dPn?+f%7l$+(m8s z6?%9|@GpE=H(leuiQdF*y^G$=L*=0MG?{)!#;d90w<-^<#hEh~EQA#g5hHOI`w_z7 z)W1X(iaZw~YgLCLERrE;4l;l^iWl6#oRkD{(}`j&0Yb^87G8*ALMiV!66R*f#t zaDs-2R0+%z^rJ}?4UyWVAYBt-3&!Gb4%3~OswlL}1ekD{tvDg_U4lD)2c{qpYZ~b9J$U@1`O9NTE33>- ztq5_4=P1mW96(m$eHp4feX^-p2BuO0rc_lZVgw_s%4jbCcxvZ}oO}CEuwuAfa$`}p z6Aj6#VA9@6Fcq?6pji#4Jj9hKxC(!N4(Wc_?jXbRKRI374;t_)KScWQx4g5)WKF$o zC`XF{@VEd;(kuws++3|p+b4P`F{ehCtk^6>;i^FpR`V3tdmP2fHiLhx{SDi>HHK?h5INnd@lDspW4Lj=49OQ_r7)9zoDk z*JtJYj07odMR>r9LHaaiO4UX8Rx7K_PFhHGIJh?9Pwe}&v^!uB_&gfpzD*~j`G(E0 z2wz7LeV>|0fO~MZ(!S5{ZluS1kw(^iP&LX~Fvuzb=n^pZc9|P(bw?W?RF4QtJy!0P zSed%$DN36M>d0RXDkts>QwPHg2jdrwgP$a|t^%c2z-T!g%;CVTD|#7G<1BVxw7U$B zkvPdfs;%K5rc-$lw~L{eF2np%Qq;SsmX3Ta`8< z6FSY1CyZsLrEjg@s_Z%0ADG4u{dvi985WP5y-5{>ro^4mBbnxNyVhu;YX5~YtF3-e zc!r}*qqxL8X*T@s!OBpc@>hm&nuMUZiDOe%SRG4eH66Uhc+i041d!**vW=opJV&Pm zNwWAmavg^Ag{jL2{o=(c(Q@yE{7A7`mOeWcwvTqPpnLJe&$)UZu*eK#b_w$1KQLp% z!2?myq&&Anh_m4MvCz@SrGg5vgJ&3_*IR+KJH$Ln+RDLk#y0Fo-3^@(DQle&uT$a> zZB{V&k0)om@Gk2zG1ibIS05RK=Udj04M21uaI&yFrHC0_=v3l%E;tTqc?B+*g$T2> za0Mget2rSjdLg)c#^&?}4`Qwel&P`MK>PRPmwjMUMJ*Bgcyq@>)TrXT@X3;kNK zGmdxu+ZIWwugB4kJE`rFxC1BY7r|meSn5ww(%k2^@wen4bDQ{;u;M6&uNI?;F_|iH z))~MDW&-uZPApvgY?@N{m7`Hb4U!@E^Q|{OfA%e~`ONNR z9*~Z?*|?@25mrjZer$=xOk~JQb6ZkrsXHM-Z>`3JQ%|=MgNfT(UZX9*@nsyjIlw;A+S(l8$t~*k=g+|N+3(*$p^D_GT5ZFqMbkEuv2k1A%LUu% z;W?N}FYdEMYDuFj?|xRYr?KP?)C=j$7x!p~>8<#qXaPxq?Cd58 z5mLQ{#)|}E6xtrAd|CET-;Iq}!}vK9_V2Wm-H%#M*1{p*ZAe0bbqa<53WugOiFxDR)S#@64yk?Z4YlPc%_Y?* zj9o6m=k6~sokO#*&~XrbH@F(Kr-&bPfMuDy+959|J~q=h8CmsxrvRZy;aMHE<j>6&y+omv%b5T z5QYeWe-wdYZ~!vi5R}*G)p+MJBo1W#hWMS8xj$G@?ENkxmS-&d2HmHE*I^dF&lhLz zD;#|A`*hqYn-srP3J&smjF>{Z=6{NiH1aJknqCc0V>KmOGUGU%TZsq;yt8a z!wCLvS4{w(3-}HSt1xO>R29I$yw`G9VVVBczkpfsk4_XgKo@K*(m%jA6Qh%Pxu^OjI z1ZWI5;w>c(I)_VE+UsDvyvyQM8XvlmlbpzMBc5J^@HH{Km&pzBVT_ zqc%#xq5NR91!D~kq5i&|+#o>}>gzqSPouxW6~f1nx+wM2e7xBo4Xr3PMd-qWKMZO2 zWYDk!|C1&Zssp9D)#JChr(gVjZ)pn)SgA`&P>_$LSwwlqj1H;_>pkx5GCiW7+t za!VRntLZL8?_Ycc^kB-He96`U6duB_iu`G(|Q&N`jR zLZ5E_daH*|aHq_^izfwL@_d#$P9sHPPX5;RIK=$nY!>dKyH)hemVyLm>iNECxJR)+ zQ8wxK*89yKZ$3oi_RXH=6lX zMFr_2w1rSavygsktq@gwsD9X^;c`6#cShByfF$BcL(mH1(`FzfTExoE*0Cp9f>!UE zp>P>KYmDccqGW3f#!%m_A;^3+Jslp!D4j7s+%5vjH1mTIWbOqtz%QfZ~kD{r-Twr0-2`F}Yi!6}4O9h`A9( z+YB6uKwCBb^BBe3i-xp^i9t5e9@B1|pArbI&rX%gV!Z>wP_o0pvF3ZU_5}tFV|Z3N z9~1N-uD*%wEJhYGi{MENSN) z$@USg%1iHz!UoHt%o9N*v&DVQik@2y6sY@*qrIi&ZO(5)V*ok}2Kro5GJ~a!4b=$; zJc>{9KuRdfT{hTwqiu;_tdByyse@J++Hgd_r%H*cp@Tc6TiY#t&^^OeV<=C!S#MDn z(pfq`m&Ev~ll_I6wb8Px&r~zh41!w+@u)-w;*3`T3pG$u&}ZLhxfd(0gjPO?NWpp9 z?NG;2TN1z9AHx^1`4ipUUz&js7<)6&;tC}eHcf@I@{cx{X{2ZHm(6{Rc}j#?BzM_M zlM7pbQYc|>MG!N&u;8R=fyhe&Ug+>Mryda6=Jp0lbeN_)Ghws&Y?&y#bO)MnnH}8} zAtt_>;Rz?O>X;JHqPp?9lOmAC$1~wBvX%u4e!$I~+6_9%I5GNBSUNZb!zfJ9=22Rc zW_&(up*E0V&(s49w|gDQYd@+6O2bjMcSdwCt6D*NDv0isR+vFC#|GURwAj22S83eO z^w=D#GuG)W?*<^SfCu9;ud1>+z*SbL(u{yuQ{+dj!Bk+%-a=Fza-pwrBw>Lo#Q|Tk z(~b+EJMKT51St2Rd9hO8Cs!16`Bk_EmDH^LECy zvoTiO4ZMGXq1|3pa)+VqfWO9uNrQn@J&SLFsxNUlUN}Y)eD!pd=1yV%7!A!|N6lW9;U5+h?alyYIV(JhRJLR~qdCK=IGY2DigVa} z<)t&T?Od#4g^^*{GW%JK3|u9_>4`541)UCG_0y>fNlj=Si9v#Qwg86>4I5)WNav$=Ci6cR)E`7%7EfLFd%^3mua7ndDv zeQa3I8BM+Hhl9(I{YfSfts|i{qh!RWFqfV{AUeJ+(MPm*CN3shSBKL<;S{Wfn0XW) z#Pr$?E;#ShJ^31hrJNIdY@q0Du^D}+wZ|~0t+}L)Ss9hPoP6P}3VAk{HD#nBRmruHk1LC3w0S|D zs^+Sy6-`T{7#Z2Ge1N8)<9&EP;-Cbo6JT%xRr%xTHD>m}D8|zt@_a*+=T9c31U><9 zhL(-E9Dy@_FrS|m5L>p@(roGR8v-X-O*3)O!|G1IDji0WHkam)y@;{52PI1s%Az(R4+oTb<;flJ*Ut=4V3sb*2jiN`s0Mu6cP{ zE<*eXB0>$BidrEn40ah^;+I@GpN8E;n3`y=6E%DWA<)ZMQb}iz8=|~zMjfHBSg1`o z+w|NCEkHhhe=P$XLL)h?O|72h6|$Hxajq<@k%y&qF~z-|a;iW(*x+CE0xuldh#+C9 zzNm@gM+p!zn%lPkiZz@mRv3O5o0)j90z3!&NRZFQswwa%AfUdon5+CbJD=PulEOG- zrh{osY`zig!6=Zyg6+5)C`NOoiBMaF%$LT}%PxBdC-Ib@I>U(C(X;7a#QJ&k6W7Yf z4B>hE(=?15JVS_IpA77eH$d7M^bcq#=cK5fFT;8!ltQ!ZekJ{r5=-tBM~!p8lwt9G zHzEk;$_QGOU%T9m8;S_65po?>Fn%EUSMIj`gtQl^FEGJCLJmMmjmSL9ztQ3-Auq@w zN|lZTP9efIs}~rK8;`?OwTRR{;Q%yX zrXmS9`s!lK2`>-S_KOaxfpBURVMn4iVE$oDj3DmA?8uQ~s4ZWO;K3{RK$t;a-&(dW z(<^Sv%}}~RYmmGRxC)hj@S484K_&IcxBVhz>NHJz!ATMvP#MCK$F)KuJUw~3mFusn zFq0M^K6OYX%9HU-#gY-4=ZMXCQ@PII6=e*;%I*-Nx%{c0tQ+?R&haN+m;cQilySIl z$%^hWV(S%_g2WSy?+|XvtY%<}kA^s_HW!4xv^!a>o7zRBkY!Uk=di}t#M+DIm?>wr z_L>U{{R6bq__iKm%CC))TH{nEtSON_dXyv@@a_a{$gP^LlXF2lz$oVf%ezG2tPToT ztHl(w4GTQfW&~Uj*?w!b9dr=_>%}o@;wD@_2}Y5b*@p850!VlR_v=w#svg$yyf5q7 zO;;yG?=?}Yc7#5|-sH`0)L$~fb-yg?-=9(+Da(cY0$cvzf=3*|S5A;+VB0{`hapQ{ zlfcIZh43`R=7P_w)xF%z>9AG#*Y5-2H|E`r89U^b7S6FDfGXf)a5_F z6b?jcuWbPPzYaI*Hx5ovUc68C;Bm@PjEvo%9buLs@;){vjiy8XCb8Eqht zWV45q7o@hu{vaW2i43KiZWPLt^+l|F=?Fj4aOimWyL1vRyd?y2j)NlkRy7O`a)Q4U zV1A>2o(yKg%8@22Ge-~KXC7dYHed)SL&hP~#LK%f)ffK>bT}Tz_2)bm?B;xvsr7w_ z95o3(u-JJkU6yQPdS@1>`YyPzQ8OZ?k6z9FpFxhMPgS1q7804BVg}w?$^?R6+LMV1RfO2j9IX+A?0CW(U?PMJwwLNZhrjZSz9+bodKzl&epY%qZlz%9LGq zOU$9;&b_;IEfK6Ob;;Pw6GhOs#LwQW=^7U>2QhsJxaSkCRhTmU@>SBz+pCw@JW>#s z>ro*}CX1IbkpvcTsBHAL0o0k&fBUX38vNn3MXd<<_cX(A>p!TOPo2h~R1x(0tu8O> zs~QFzCKw{{Ec{T!{zW#PNV2w+ia}gF7htQRr@c308eS$(6l@Vl7c8afD)bpix75aV z*E;nkqp`FmKb}#iP)M`NZ?-iYVYB(3Wxq(7@DxfTUtx+nf0{4DMT8EhW?xu=f3*NpB1f2p{-2=@rX?76bwau?qf>ULOz336K9Ey~WZP zH=@VDDxyQp^B;7QVzej`5N?WWZ5DHc#`J+r4K_6rbxLSF zb8J88d}CuAZG6&Jw6ApsUQRh)4reU=&Pw0?qZJSFGw9&J=CdzSubx>OU2iqYN_b7B zO(DXaC1~^6?2%b)VJv1pBIGKO&QJ1uY~Gy{LleBI*CqXtK^K8$!f^D{(``s_bIX0x zuDr-OAe6-G>CL>bPyR=Glp%QXUqJ35A(Y2Wel2BFO?4^5oIOUoWNZN{dgL8cbwo%G zsgfdulLtNti3J@TdPZ!AARQ2HFAZ2c3kH3<(?j*3)(NUjz(s&F>f^X#`M zbnxO7nO7H%t;pi6lerXYU2n*D5D2@Q3dPQ*R#iq|Hj|_=aZg-Jv-8$!JWz~7%(o@V zq%K+0=Y$wTh6t}J>48Lg-+w@*_`&D&bm%5NjH`S9UgM#+6NdXKTCQ$<(al0@n{Iq}%b@;LA^nE(Cn zVRG0ER*WaRq&s1)e2DsK>Y3g<0dV;Kgls$D3LK6=S>-IadnF?g#V%2RO)uC zZ;L(cHy$~cl(G%(Foveh7X97~pA2m(k;E$dKQy^W^70dV5s;8QI)W+x_F`zhG#2kK zXF22$0KC-f{z-|jBs0Z@QsK}75?;_IV6iBuL}1pl1Jh&;kDw@D^mUdgPX*~-6ARrC z@;WlB36uhzstiCKxqPb0@+mBf+|CN&b8KuJgeTdKZrn)xXU-7YMaNEwGKq;=)`%SB z(meoMu^9&$9!T0d{9^}vNfM?~s_5M5Z{ZD%QRo~SR0c-bdUknciy&SNJR=TWJfqLT z=uVt!kVoNG_e9YAm&GH^AXLpUocxn@J6P8KlmRFjC?{1IdG=TgN}hLNybQBS6(RGX zmMILYCg^rHMsBi3NICT!*sQMw?*fx50(i^ck*mI}HyIrS*oXRpPq4=h@|uLb|7xQX zKk1Z<&>GBP$U2)EkDKjrs+yz6gj{A4jL4Gm_<^SOp}rDM<#N?Ht*EFI@(2P_!P=<$ z>si}#uVa(+#81}|Unf~T@t8-xzkxEe-oFFNnJ51M%C|~?1Le-|8WpPl8*4c`Il9&Z zR*UpMsj_=4AnX6#TaHqcUsD5n%W2b2cy0!rmWl~&45O7IT@xHH?@}%@su=N7G3Sh? zQj%1UHOH3IRN?fuc3iX15UQ@$~%NX zB~zfpkh^rDgcHBDEGDX%w<__xvkp>jRE&;Rk_odm>{RHterMkF_5AhCm?oDU(3GBf zl7&R7$)5Z@@`Psab7bjsifEgs| zB2uBBpg>=nV#_cz)T9v+o?ax0?}8f!y0cp3h5XQ~3men^#e~q($lID5kq6Ty9!oSd z1d6y1Ldg8P+3{g`l$!w=$)2GO2qrh&ZxDy}3Lm5OBa_%;l>XEEwdM0#b0_pKA8m@; z#okIp$Ax?cwBS99UPFLp;C;d9W>hwv1;wn+#MH`suovK&?jdV*Gb0tw?U!>Isry&Y zhfq(x6}CN@Q6`JVZ=|6rA1fBgBvME5m=vihb9+r9%&^NLM&RWMVC@oV+UK4S6YETw zh6x_bkp-zlV7#WGAGLY_jM}LF-CNe^n_}iwB2FgQPuTwR_;0NQH49Xnq-r}+Hb~-O zQyFu{#lG^rJIF{ltBEXv`=T%>o@pMDX`qr3%xd~%EhRYwdX93_Nb>L(OQ%d7(Y7fR zoP5hQniMgZn^;tw)jqo1N6;NcB5DA@du|jDSVk^U_G66k9J*`!CEH*0ah(&pMzX_e}38<=u#kh`2gj1WTSJ=F{+$bgs zhhtF!=9@&!VXtG@IR&Q)6Iy5nrl6SQCOC= zuC)K}FlA=0|DQ~GZR`J*DPs=*H<)tmvcbP$%8Jqcv<^SAbH7SXyy)l#m^q?1|0Gb< zk0Q_A_)Lbo+n{LXx-}0~|Lq72#TQHqBpP2I0@@Fyem;Y8S2U#knTy3NFJ>%L+gA|q zRo>lhZ$xzQqDciorW1Js5oOJdH~0azlSdEp6u1o(UxUzYJoAwH`=0b9mT2>kej&QK zbNy&s6?Ze*=LfNF;2PnK1|{sRI#uv`k;X2IkSCiyBi-mgetu=$*}Wm$e0{sx$C%`O zMLNOWH~${LJwE2aZt|r03#lIY^%k=L^1=mXDe=)8F)&!B zh>-`!&L9Pl0ZBA3qI&H4HAYDyOi284JXzim=pHF9GI!>r^}^IgJ3BB-GY^lfiF|vC z+*g7{nvmIn@P35K&0$s-Y&kEF@_LFJDUHJKJfUT(og%h;$0hZwBL-ZuXt>xbiFdAu zkFe`%8Cr?IXx6gs@DwpFPsq`=;n(g5n+RiwIXP14>%zI4I4V}v^45bRO8cr-+c zI1B6Owllcq0|*-yJq5<7CDod2&lKTHRIG3h5H}kl-+AJRouDOlly^rfg4gqz>Qcj$ zX|pc5Uzf7(y^oUnDk~PI^bMqsxv!0htvv{JH>Sp0d(<09bDuxW$GAIEa`{EY`eyjN z?52)6=`Wi=wR|%oE;#r$C^L3FBeg2ThcnQjSLKNyJ9(0fPsc#QIqt!8;97ekE|>v~ zS=2lAgvv%hcv}@#s-Wf@*HOhFe04m&Z=#$eVyt75su@O7(pQqI(=Ubr%NV}0 zYnPP6$ud%AJ50o1`Y|rL#(p36j;5>NGgF=$?SEc#3rQ1J!W+kZltjRe{P(j?$6M)AUCJ+WI|2f&W@}r-08j(DcrMBYyn*EIewu# zIoXLv$tg}ch@~^Hm8V%&aCl?Z*tvan=5)0#!idV0?bj`%QuS|21{xg9Y!$p z`(J08TR7};S7RCQo8n3|M-%P)R9sE_%mE!|I=`u@V2zV{f;1)p<=0`2mGEU;>L=sOy$NBN-Twm zs;3BQbC&i_mGNNzBp)YXma}6KydcHl-l?mE8iWEr+7Pi;9FivS-EROG^$-@RQr%m}vY;#%DI>uh3K>m9*QMoiC(o?I z>uGLzD{6j9ij3D5FY7-bBC4$Ir^egOEzEBuH`m4VwN{|lNx)SnZ_xLNrEsc=e@ zz!yr)ju{pH_$5MKntu9P!vjWl*f)n@jZc0rM;4PyC|W8Ra-F{5TMM}`mGxZg#tn9 zWfG<5_pVh#qZOSRD;$q@;mYR5(>U&zPDgWS&bkiU?G{f=3j zi9`Z5l6E0~9PGOba~c~w2Q)~9rSPs7284G;h}1E=dTC4i=denim3B4^?w?-x0IsfN zQbs&CfAM6nsH`sq{?X?kwq&%L>BdAM&14^Ema>xAf23EQZ)_zf8)A63+yci;NoyS= z*5@k2%0t|kubu>(izrqCr$olzsMeOQ7-Wrdrw(Nmsf2=4N|6l+p8n8lVw;Bcm2ZzgsI~z8`KNe5RXk@8w-<%8WnTF zodQE}K*2}ux7H8&_HaCEOeR4CjzPCP4Tb!?n9!q~Jxs-5#D-Rd)-80Nb z%D=V$`n}c_OwwXZzRqcgaY+&YQ17{~uYORuXIpJTHzr>3(5bBaZD1Uc%#zn2XVoJ5 zfHH(U?)CO1&s!1EFJfCBkAA03UK>Vmj6*ldR;ZH~Q?RxhCLvqg&b+prmk0@S{Ep#c=~yrVnz`~t;Xa%8oHxNrjWN<{ zuq#n0hNUf^J5xA!3IV5|1|~)&nAdwzruv#ypho#g>PIWcG^;AQBgky;^3nXtT0D%9 z1ZintTFgZ66nx7-=hs4EvV&ScEaRxNR5e1Z@5?<*$Or=d@fu4(pSHNXZbpcfp5IU1IRZh7IDv5j zY>_joyR}uL9^apfcZRV6f*|X={o{++DspJTgj=eMkDeGRozp{NPey8vA}C~1)>%i3 l$J$(o6UXo^4R`wXEz24k{w;=(;MXku?j6ZzhRA`1_#YnlWDc zVQyr3R8em|NM&qo0PMZ{dK)+LD44(b6gbkHwUkj))XjD{NoE!K5}o*>V=2kbFOwey zc7r6MW}^e3MKQMb+t=9F+b7u%RR9{@Y~Ca}PBPZ_C6>C;RY0Los45hyBujFdC3N>> zM5S&|={WuDzJEHMPUqp_A^h9vbn5@^A08ckws&~+aPRQo;PBDWXPv$MM~^z6k2i z62~*}kPv9pC5ecym~6Y3?O2R=-5&|n)c?`F-alv`v=1vV`-PhJ#Z48Yeb`N@W=dDu zk9nq9x{F97n&v!XQJ<<&6c;j$e)+WuX=(EkM~wt2k6ETzmmKFb9+bHhcVi>))Na`-97Lym zM84c>cOJ~3%2=$0R883ItK|sGhE<$Z5tD#f&FXH4(r^w(>hPX~|Xq}V-(|Ml(U==fUiI+5bC- zhqL?t(ZQ$v|M&Q*%hg4q(=8`lF!i0wua-{xQG4%k2&-8zt_*Ik{Y5L`L#A|>s1e;i zdf0vZMf~vbL43&KKI`l!M|($);=_lJ28UmK@#u*44-Y%Z!##G`p^pzAb=aeXKHA?O z93FiU)6U_e&K_+IS;i#QW+U9#@9ZB&o&Biu@M7<;Iaj1ydiy09d&G_a5yZKH9IX|AYO5ho9E}@A0!qUZ8@T5G_EvKs}e7i-Dd{ z$;dNNWC?7DWb63+*)}P%gh?VYMnLV5thH$txt6?NXd#K!m@tr+pV-P$A-F)N4VF|-MEz`ziFqYV)X!ysZ1HX~HGHd~uU z;Wu)!ySqD?OxhGW+ZJ-@>=L#6;`HR{tMjK|n3ylV&r+rok?hxkOO}xS)G0Onl#!H9 z%(TJWz?AchOeEJl8}1Ng=e)I9nVXVWu5(;f8iG@7;ll*vk z@$KvHFUXI_Z{8fgx;TA$PF}wuC$C>UIlVZ2{py^&enyU8{fm5e`s&FJVO)=xBudVm{z8Noh7L=#Y`2xMngl%#kxW=E_W_A~Z`{n&!RW+H}?QOzXz^2;w$gt#!FKKa$Jg=l=fMw%=(}SEEAfhA#lHuI?hwJ zLoUbD_SIw6R!m;=I50~t+pQRg_5vVx$=mmc^p!{$Q7mOKOs>(qv^0hivYd)XEGbgM z4QC=zJ0zwV5sq9aeS{?Enrb#E(sNdJDq))PRGF3N80n{A2oAfd|8$(DL}}PXZF^PHbX4@)whw^18TqcJ zL$wXy4D0@6q)L(95oqKfAaoqW|Cv~c7)9g~ZTr%#c4^vZIt2L{&;uxYR;1~fNO?R( zNT&mGi6qx_cxkr&2k0w(u!EbEMZ^`kJWeNcssMcM!F0*#;FZv4k|~zyIsK@NvyIWa05lGik)UMGnv1L&OU0jO-5_ajlnt*szTXE$JJTddxJawBV>Eg)%aa-5}5?$y5VC`-qT@uwk2~`G~fw3wk7! zHsjtX2i~@uU?RqA0Ag8^3nQu`JwJvqL3`h+|+)16DMm^W>%*pzIE9F>LbMbg+QtaC;*a|D2+8ZsRj zyHvBJRP_I8v>>A|epS+8(+dISdl@lQW47BZ`)%)vO#@x292$-rRtX3soK6_tWW*$n zAsjSUL}?+7Qtn{mH$BM)!1YFC*hluHW*Xt&;VbCS6`MwYCbF<1t|A0)XW_U=xF)F> z4$Tt5734t~AS-B&x`BAyLVOwuK%U zMzx;bO~h5ft_2vTZSqQJw=FZO3kl|s$kHjH*OaFq%gyJqw!0|u^;h;hqtk8y@D~W% z?}<;L|3>9bxPo6Reb@oGxfDrZwM8U>A`?bbF&r|b!9qnk>;Tx2n6PU@CbX@2nqp_c z%H{)TPg5oAMb3^#9N@&9aJH}czB%_*e9Zc6{mFzE> z9*N`<#Jv{e(jdIVO$e22D|Q`lwPQ_iHv7&ZRz*A_RFO-&LjX9}rt2lS>-=e^*^o)J z`OL1u!ICr>vSQq4(pc#^m6}^4Qdt9=WNea7jl2U@4rfh^oX4;i`Y*ann^_i5!HEKTYi?xAh{`0GHe$B?KGnvOFtiBpPbAl%&G^=) z55E?yU{8!`WcX2D)AXh4lA}(ii4bFY!^g##(6J~op!}GPjW!Lu8IZ*i12Oesbf({o z#v|;qM_n2H8I$McZI|qI4j&&qdf3zn$^5Aq8Bk;JSz+C@EK)JFOT)S#LX!i1RZIaE zkW*Ias(lL*%4!`6AAmPTBYTi; zz5WXV*@>}B$ErQR(+lX@vvjp1yR>6L z9BuCaF$lpcZ0qgWnTa%r(0BeFJ1xUaM<*d;L9rR>w#1&QGE`8t!az0o^JCM->(t4vI?kWN}4 zJ*~7g^f`Tkqj+6$6oJIFN*&HXTqrHZNP-fg`8E>?JN8eyMzo1k45u|K(9CDcd3gOC zo!|-a3=7lJHE#Bzs%&?Ss|;QTxgLvqbS{#|8iR(P?UQaucrz7dpNB?cns;FZ)c88c*i2@5hYW3`9kffM~62*e{$o8y{?S7#)yii_d;7Kz9&ndb zUYET&c7p*k$DgcCMIlSCVp46CLw%jQ z6C`T~`SJNdUBI?dK1UU>&%By!PY^B5CL^KHqY1~Zpmirp*aCPCHU#JfSA>moJ#{n; zpwEMY+(=W&Xfj1b*!9cl)_pb*k^$@DV#l}OYqp5K&&;+4X0Bm0I3%-O!Zk7B3Y`5~ zPT{m4{4vl9ybVYnqs04N4tWA-H4(;=G5k7Y(U|#n zb9vaF*t|HOD}zdoG_CH9Ap=ECryzfHUz< z46SiWPB0$Wn9G*MGQzbYmtVRszHaMOUD^XruQ(YSdjd14z2nGq#`J+_3BTq^QSsEk zhXFQKa-L3AJ7!X=OOQJh&Jai{s4_he%@> zg8#PNpbeCs3q!z4H;q1zy*JVnh8)u@*raJ0gb;lAK;a>T`OsO}u2T4&!d+$0u1WuOd~DAj=L^60a1>w_MIITOx|L0!w|3=*2~ki z0qi&cQPod#$s&6o!V+?-RN;C9CPR_{Tb6bl&wRkrC5P4^wMsU{5B;kWdHql*vfYcM z5IVvSg2o0@*LDaVozTn(Yx_hkwEAT@M(b7wi^Pssrx<6V%0ZUtmY z#p%skl&qIAed?CRAf@1}zC>dLECRDEL$3BPU_&;mE)zOb7+7MDrShVm@)%wT$u(!n z5!a*is|Z0RR$1+m!-L12&M457FiN6y)*2#I6kOZ3@Y@C+O5h+d(91Brop{fHI1FnT znpa~BDD-PXP)_RgZL9tW#i|06`0jn;*Y)}JFTt?ZN#?ke#__7onpaFuguDWmVdkwo ze$Dmt&YD5yVF$lLY(^ZQF^WRSz?SOPHDY#c<+g1^fl8avJRt~eKxkGj&=S3OuOP>Q ziEIz)YnD)Ac58ct16wrew`RUj!L1(HIJkP6J9X?|c8^t>!x6Jabb(W$vQY`nO98R@papQnAxG1DnoVdH`CK5ug%)LbVRf^ zp(ka`B&u+h^5{ziTcpUW;j)8j6iu$p>Q*cXq`0?(oCglf9OvFZCCtpTncPw7u&c8d zouw*hz4g~-It!yYW4j+IgpGEcxo$*ZI5f3mEf!F*uUKl#qMS(%deVpw4Tq#u!-0?? z49^TkGsK+6S4@*sD65k@3KH;V;%1lNaAT^NvOa1DjVnS)F1ZnC&|AE#5b1 z|A|Or;@DG+%2e7}3}S*OW=1@#7}y45ICk`V0^m0Wt~0i(CNBn=gmVige-=9)dnv~e zR`>KA!L^@%n&(Ikw_*Ce(Ik;fDW)!6ST0q#Ci+rbfo2_Gx2*wVV#7W$+_OS3XQ_MO zxXDyp(g;3)j`MhCy)`0Zgk{Ev^@|k0Ff%G-f+v+h1fM&b@n=w#6HSY(YVIrhwPLzG z`?V!UY&ZL}U^GIKC$G*yA}GHgJxT4PaoFH&M3;Y5n+fIcc)S?=Kr?&tW!hnvjTXVP zsu;r_c{|n9G)qXzu9>7m6hFCS1AcR1!+y;a2h0)EG%ixu@RLH~kp$N#F64)>8x|MZ z2lII{*v+t1qdN5md-Vr!QeQi=@J3h=_Uj&jx3oPJVwf`6$&C#g_3avpaM5m@+9SRV z@6bYF)n~dMfJG-NYJ!oa{no5w(GmJdrgo4A!zJwZK+syV7)kAy91hT4#Ha+L5f@Je zAB?GvM`65LxhBcq>s$q21l__pXxeeAQw}G1sD-@{!^kj48t7kXEo$b47y<*~y8eNt zJaOw`3r>VnMiuBIW1%#;X0k67+csNOmt0P$geVH04TSkOVf|uwxr2L~mNZ5mLn?+Z z42~`Y?U$NWW)x3|b2SX2G>;YO)A-7uDY;L!|pNAtac;5gJ-*3%cQauk8f ziz{tob;lxuNV{yfy9o#)j{vkD=(>?hp0A&l*3zZSudJrfgN8i-aY=G1awc&rnw?F% z=^9&ONHhK$YL;LM1*gr}E^N{T#VQhV7y@xx-|3UtukE|j#D0p`dGVp;pO>BhZFju` zc)qR-*ml-KjZ)M__nb*FW_rX56}`@xq^6ya@eBEx9 zbJ2KUf}gmEk1jdrn4K#vuM3p3qu}z#z73m~G&lTW@wgB%+v7I*-i!ja_*131c%aDm z;>9`mgsr|#GiN;MRGonGh0KZ#zBRb~?D{6bnRrZ}@sxGRF4OU@!5x9WY8Nb2^J_cz zCb{{uxwZL!6ptv+g62E}k0?98;`t9u^1-yiXIE_64D5$$Ib4&ZsUo*nXMHfLZw9}9zv%xrtkzXPQ#|q1?xfGeB!kLdLw9?jn zoFz7ZCKj3EiHrKjky#1F5@Q6runOU|1Z*@LoMSt<$dC>v?CwDi_$2ZGA=ZKUL;-G> zk0Nq%_I-(WnZ*9Uo!l&=n&Z4EUx46_^CGak{YEpUR}8`uL7^pjBpFR0DlHb0L6V5H z>2S>siYxL{KNZ8W`<0%XSGzioBMcu?+aV|$oI#bycFGRfm_~5w^cflQYnG8gVI;7S z&Ns7Z!MqY??{{Xfv!Af#4w!xkgJ*d6Q!?d(tKvc$9!sZH+tVElz;r$5`rD$9F1B)j zb8|!ZI~(wU+C4bxY*)K$MF+YQjXeFe;MX*T<1RriqezW&qfwL$1p$Lft9G0hPQ@tS z!u3Ra7ZSFN_r<81%frjyQXaMhVsyz~rGNHf9SAJNg|Q>XjAkkbJ`>pkO{h}Em>DH| zL=~v!_AYAp<;mIi?aH`)u&NQqq`+IJ;7szmxB+KYl)D1u06Yx|)ispjNy?&Jq?p$v zDirCEC_?u2m#N?xG@@LP&Shn=r`TnTC=!E!$KbG{q;i}WZFml+NVeBBBbR%Z7$fcV zazC*yAlZlUfa+2uZ4lDqgvm<`#Pq2DFyaIwL~9ZSA6C^s<$_655ntJ(s3x{-B#_k{ z5kk*Gs6;BbshjbGXd9YEwbkACpYtHJ)yp#%!cf}jJfm`2VO0AKS47h*BYfO8q=lxb zdyRrg3pAWO3kPTRVT_myF;?Vp=YP7@;y-%ekp?!vjv2|dizb&$K?HE+K%Od1B~e9R zO_gS2vL%@@+8FZDc6BqhODvZn2J6d(+9JQS}j3M;ioSGx3 zJg_+(5HaRjTR#@L9P{k54E$xk7BuyKtTDZD@3!m+S!KPZtmz9qst6p5!LCBj%aB|kotl}l>maFw<@cv{X+2 z324ouicl&omo#;EmfYE^>y7VX84_0wjDsTsA5U*6Z6?J0WuZGq{SLWeEQc6mZYf>1 zg#`O8R?x0rHp_#Dq%O+3}&ud zV2%J$23M2>2S2W6aty9qdk;euW863-bHdcY-)ol(XsfaXI#Iqu{_i;(Pq?W$H_3jx zX>-}{bY61uIq9_bmqOYh*!oLyL%t+?&$$DA&?c|v?MP&6GNPJYGfC9gXqA>`l8q_P z)V3G(HZ5c+ijkr-o4bWv6NzxP(>F%=1QL4CY~F6XRf-$C2FiVY%puCiU(&#hcEVM8 zPQ2)Adb2%G$hn93W10$j5jFxt~>7VVi6Gq8j&b4MHf1GKLM#~DR@hg{lDw@ts!s2*K{VwVZRKy5Ri z-K+4{%;{hy@U)yC+vp^vd~6!{8(&!hK;6agX2PHhF^jFS&jBIoz3R^KKr6Vnx8HG^ zfDLbPw`!AVM#nrZ4O~orWUZJejH2}?*JgRb9FZ-%BX8T;%WzzDXvVM9D>}x+MD9?{ zZHRWua{jrQPT*D%kAz|w*&62ihOLf&Jl`RZVUtR;k-NR^yQe$m9r-`V>zrlhn#NZy zPC4j{omI!PjR|frK2Vf_AS`K~SiATuF6mjwwS)<4gRiGiAl1-nxIqc=yKbGtz;w)^5w!39pYbZjIliYYIRFR&Zu zwi_{I@LJ*usC{!+frjJr(rnZ80Z)Kh#17u+9wiOzAqeDo8+czM$wUUpo*6pca7(9_ zq-{4^NA$|=Mzhw#Y*-FtDT1JRCAJt=1ECcu3wN2oKP3_{YVAcZzc?b|gsBDTdO46x zjqED+9U(?VnG#5->!8BDMdiWGh#kwxsPO}IHBTG@5Kq>w?^>(kJ1sBrg0W%sv4pED z^zHHasfa`5m^Eh^9vw#qY#w`GI8@c7aXern&Vs?`N zZjnq&&aPdWH5jpDuJU&O`GFOE&D+D8@_!@RsMz=SwFBJq9rODU7u^4D zFuNbPbHwttkiVu|Ik+{9#5B3Au97nU2zaV?g{-&0C@E}Vn9iFiKI30-sr9^!aBb?4 z<3EJ?9hhH$=~!_6uipFX16+8Hw&Bp*PooJuYM=SV1b5`PZqqGy6zHn+a=yp+MM zY2-JB#<$_2j5`RoVK*2J;I=Et#zHfjwxoJB+3fKdo45oSA9UEdfPOC>b`Sg8gZ?fg zL8WEwe!wznz!CeOhZv^2E78IKs7kU}3VZ=91$0?3B1>SPd~80=dC!q`9;XIP>JtQ3s&zCR8$CEU#Ie`x zfgcx(u5ZqFkDt6a4>Iq!i(;0gVRrGS{nJ+Fs_QJqk z`N7R2f3;N?vfM461Lrw&q`AvXd`!~RCTt;rYHer9bPfiZyZhS@_EjXBeg7SsHcHg_ z)V&MiRr%cXt&EB5Q^g)05|+i{4`2k;t=z?v;hW9Q0}|12nV07va&sZ|EIX1BXOhZz zWTZ9TKgy{KH$#}mK4U6)T;X1}6l1b~(B5x9F55MAlqRWa7H)G}n|{{C;5mk1i$Nt@ zv2!8WyS13N5uA^BUqG$7sh=LdBvPc6!GG@D08pCYGJH-as^>21^u|m>#_viCrB&tc zVVp1e;^Q!0K+zr^p3h;u*@j&b(54km*vo~Eavxw*6_zE{gG`D09rB!i^RZWF>A0Uq z9N(Zzjt(9^e$@G5Z@)8#+p)1f+*q(Kuw^`A@l}rp*G@W}d9ZoL%@p-ztLfmpo!e){hK97gB2NWPdYX@!C^Udy)SWTS_<*U#@Aejc7j~@2la#@? z@Zr&d;k$;bAaP?d$ZY={k&V*qVzp;K)Ur?-xPHOhS%|TgX|Ko=s#yu$^z7k+o`v7$ zy;!ippi83t6WBEEZYJQ;s=OD>PU%JN6)` zr&CpTe$7{)?e=kac(9N`Mv|$KNRyt-)%`8{Pf03<6(FnNfiTdD)I7q-vs4T#=Z!j2KSs4rC1|m&OKDRFhu>-Yu@)k0Qjwaew0- zB(mrKbfIcTd;2fBeTw*MpX|?kve(%^wBOV&JkCagRO;y7YILbk9jc%H;ALm>K@!6`i=GK@obvB0Q|R!!XI1=DCX>ut^Vv zB)AA)(!4^3a7=AFbzFcb>1}JK<;G7RpJ?{+wA^02E^h<* zdl-FjZ6gL7Z_23vnY%FotB7h3!zQqT=y=FziMhmGHiTh8CCxOmIX?W2xw4c7jipek z^yaFa;AWePYMQ-e5DRGxQI}&00`|*`A?{X*zhQ51@{Hsug^=@@7K)KKta?#w7K_XL z2Y1YHr__#h9UX8b&Rp9lOZK?Cf59z-%`ntwYfO2TPQyGr+jSziu8k{~W6XqWJ{;*3 zE=uL83+g^jY#sqWeQv(sIMpR*;ls=oCh&JlAx}hfCX%wCqAc7#SSzJCPjG!WNwcI- zB$#RN_rl7FgybSQu5YPEw1y4;isRn&HG*ALT&O2hG4z5kV>(L@9G0Ppz0Q`gNmDy_ zzF^G@?@zNg5#1zYn)`_eVuMg}LDhioD!zFa+QKMShfebT#qTXWqQV!rp25C;sv|?|Yu(-}XabehAS;70k4dcg8 zCIG#3$Y68}hSSe<*?e~iLGZ5g;On31%a!;Nx)pu2=JR{xZg!$l>Re zs*so&n_Py4XfMOUA|FW%)avA7C5}p^TuY}joAR#=D)!gZ{|NHUjL2mrjB?4?7^_BX zx`(mpHwyClNGhdA7uLgFHvK^@+Q#V*-~aA&Kd*o;A@vfvzq8`+gldE$ISLk$>mN2a zhxaGtYa{<7V^E!6v58ZmD>8afAsG-tBbI%iDXO^|aJ0wHt-*VoO(%4U1y~>t{)xym zyRlZ>Ks}eD$c^|yw6e&Kl`(b8N45>hG*^K3b@oOG{gNw4UuVGcgq=`nuiWCC{Rk!6 zd`f`XOJyX`>C1@sdQZzY;8j4k;Y+w8(k1UAw=sGbBD5+UwGtMBEHa~^n{LKbnq5UX zwuUv~uDsN3aJMm(=c)nV@)FMzupqFik?D$U(S;p-&P$skLJ>6l9Y=DEvU!Z_4i%HG4JpfaB( zBtgrV(eA07wv9Cf3Bp}QE@N21?UfwZ#=De4kj!n>KH=z$YuRj=Z_FyraKlVk3JVvb zVI)!k6#vGH59PfmvrR^4Kb*|WP{Ru{qFIt!EN4HQ;H7oIoYa})n`z~`{n-x$yX(en z_zxcJ5U$C9#ysVkYG3Ow*q;OHYGHKD9Wr7x)uX9(=NOt>wBU@g1@+8JWQno3cIx5` zs}kZ%hT{*^tiIlF@3r?j5yS}WJ@zkeRSrB7Hfx_h3-S4a!{qUAzBxYGX)5ZqgDFpK z`4jG!Y+ZmglhVP z%hwar`w`D8(fp@b=s9*NmZcEdB@u&*hb-A~MLr<080yA`@r45m>7{sTZ~wWY_8`-| z&!TzR(5Xw5Lm0Z~%(*eoxY;dzy32|h(O#FE7E2!(@4`P}7D#l% zst;K_5@h3BmZpOIC}f)akB$10JT1jxDDC=%n)byFE+Hc#vFi;!Zp^}@1telZL0@K9 zr@oz2D^AAAGxG&#sGB&HC@L~V2Q2DO4UlM{rdjM&dB}2tzPzENvG;xR%!oLVC6KZY z?%MkJDaaDeVz{3w*|`=u83}QP35v0-ZlM)cQI3n0%2Mq)6A9U}9=qK#8k6u03LKa@ z&LDrqSR_{Q{{~M~%nk^}295TTg}^aCMvix{@xF^`b` zk!0YCY?F%-wOKjQ+YhGJB(zc&v1O`uyVQo0r5`u9zXjVy-1O%xbi$V|&^J$?A%#}7$*jOAe=UzbBGWy!yJ`N3kQ6fV zX~b7XviNibY_4)>PylhkK)d7%$WLAoiYPa2dU~iBXhdkMB2}G0ZTiw(RIe1L_XKIp zlg_Pb4G|kT8)nh17DFw|j@aN@*lW=*HB+TEsCkaJfz1@xYeib8Z}oUC@$~^}Fc+N3 zL7x2}BRYN}Sbw7F`- zOb(?LD+&$Q_u;h1?3W`cGEpdU`Z_S3Ar*-gi1spbnMttEQZXSE@@G?!oc8?DR#CS} z?8-q3NCr$Oq))>j3dP4os%ge7>M|Nekz6RS%y(SgUF2CfqRb0jN?r(Q&}B-!Ad~ox z&5`MHW0Xvn1SvHw>q&3(m>tFF(`8l>OaWq$)cjy}>h7t$tzzjQ8VRLYGN(qiE;1Hj ze1h|f6&dSME_&>mfrNBHMtA@`&0KJ!Hjg z&%&a%dOmC$v5<+=91B|@5W3+5uggW^X<&O|qgty(Fftj^k_2~1!;aUgqq;zq5@0XK zj3m3)RPLs{UuJFwOW#qpg0O-?@!wbjSPZz{*n7^uDL>wFWn;Fn>dY6mas}$bn*Xveisz0i;)KZz<(O*nB|`nW`{nic>+Y8p-q&`akDRky=2uod zu3kQN;tKVDyTOJ9e|YPeCW}3+|r=Kmt6=tuj*zktj zwNr8zs|9>#3#EmR60WX#e$+E>GBIXyXmd4(FSz_Qd^S*8@^Sbi&WrF*HKBP9K`7x< zEor85YD9Z)R18^8Yq(-FhGLwzT>TSQ>nqr;T0zx!d&uFBgM->xnBlKlk+roMRy&-Z zf4?lsb&qB1%Dj3WypgH?k21GjGUgfF8ug{lwjhJN$ncH?R5_^~M8h2j+MN@VIOSAqesQ;^E<83EfwUs#jzy=Y-6w8yQ~k^Pjs>IloS=Kx)v7BmbyU z>AyVN^c8n}dOkw}AeOKH9HJsVF?aQ3qfW?b5w8lU2WqCMR|p--=!(q3shyxZbyFF# z_!$ceW^GM;UilG&YG|Rq%ok3x+W2;eImjXiHNCVOOuYxUDbnSTREyaKrT2g*+d0(5 z3o;hskFDLjY!0x{Z`ae;zbL1}j9!Hf-GjYmX2qJ-c*0)ZRpSH4I@KaDn2j~)W>6r_ z73gd_UA=&-fLKSyv@2bpO(UFH5@AW=GFQTjbFu|n036pfm8pjP6wVKZW&&)fKwn9^ zyhsJ)wCk(l4IbDemJod>3#BpZ7$^h-SI(lWw5VLsY+s(;M-aEYzY}PD0!!k!Fgi)a zhWU;Tu4qN70b^a6$Ma;F7h|~4LIGBhSDh~oEQF-IsIj4_vSr4qR}x<`JrXwM--n*^ zrWsg3saY{PBOF%~V4j<5vTBxu6*3+M;2MgORdCG}1u&&$@l99nW{zxFxVAfA?BAOZ zna3Q97z8cnvy)&ahLyn;$so0}!;((zu4s%%Sbs8)y8(|L9PHWc><`9r=&OoHY)q{@ zk<;oDRq*nSeK#-XEDrN==P?E%024g**OSBUR42lyRJ}e`JpRvFtDaVeD=mYLBkFxD zgC%2HK0!;@%eNO7XH`K@w&)clXGU2*li~)WJPq8X%(VZBnO0_|gVluhTuyVmc7G!G z1M*sHlRUl2nbcMjf%ts@9lJ z!7&Hc^kx~>Zox|JTEDkqp@BNKmF|cVV@4!bS7_6IkG4VBSPL6H%70_N zzi)!0i_-0(s-@v$!@#!44IDivzvtH~*g&D7Ob|ZKX{=px+^S2(Se0xCvUF@LYU@vv_RtZXF{XokIHtqgBmM?rA#;JX+Z=wRAUs4YrvIlHti4kw z*N|yfVF#lU$_q@j3Q55QiP8K@py4PyzuFI7XnFpn5EdrbQAQrh4@p|Bc&?@}g*c%1`20R4NdBVoI zfXX3jpzzTB=i1gTVX_K8=ZQVdSjx;z@N=GktKlCIZkS8ar~PzF5~#=MTva~yjMqpP zFzFieQ`UA4KDU5}QWQBR;9wBvT2I2F76QHqPCacD9kGCj1!SWRyt^hAnJUIis(+9d zA{!be#D)sbiT!&r7I1$KBWqoytua%I+KAyk(-Q{wtf|y}Mztb7`J657Ptp*p zYj^Wg{lhPjUkjl@3P80>~VwCN`Z$M#el%xs7A0QjTYhl=FJ^Ldx0FbL&&?d}Q>s zfOL{6&?GbRYr*3yCfyM2h~YkIl{P@$fyC$?54(p> z{xA5PxX=9<*-Z{rI?gR7r;Hd8uo4b0V?3k~m1JgnFazmNHB(*kN@Qzn1Y>$b;6vDe z{eEoh4@hQa6F*qO;x*wJlFD&UO|!VN2=`$PmJP1Cz}kD|nsqD{OR7eTX>M$SzOj-( z8*}RxvuQw$X2`&iY2wk45zTX!VbwvfYW&#XhPzYXAb(L0jC~`Mdk{JWdUFe3$niBU%pM`mf zZDmf%HZ<+=q{nV@js}^_sP(urPdK~(8wLlv#Uz({lMhEtY@=)dXO1xgruw@UT>W{l*@8EEM z@6n_E$189j*(7`WkIA_I@yBBnojGH|OksNuA3b`szxQyJF+Kc)49OR7Y(`1A$|n`NlptCuORcw1kQW!-{fvwA|jSD1{JfkZH-8syK6P z^rF3{n~EXEGuaC!Mq5m0F8tN>$3@F(|LEaMzDQ+8V-3PHOZC_uL_iRfhh9nP*=N4W zoyD>3d*em}iGW#_^hTmk?256RXTw?&R#orKseSF;He8qa8wMe*EOZh=C#ev*??^5M zn(DZ{Aw>@Mulh@-&ROf|cJVo(kT$?Gj)RR&ht{BZHj9{NgOm?Py4+S@F0o(ghyk+$ zW4izxq8MHnfI^7CWok@VHsl#=>c@~N-;0NbouxErB7j4MehV{xp5=u$i~*iD%xhJ} zE(Qa|bZ?LrYE+$ja0ksXumV27`awJ%5t^o@Ul)$r25>hY&K(SVj7Bu}vFk%{z_7My zhYMH~nrw~Lc4Z;^W0(55gY(2^#khygL74OT|0Te#SH1m*YR$ebleNkkw&+FYKdy9$NAoVkLqfun=41qiOjSJcS!4fj|0(e4I_5i+$ zM?R+ncFg&a*)>OPBjoFcb3O5!ssAvF6vT3aQV0rU_%>PXvC5#(Trv1eltN``jg#m#j}ys9=z=luki}ESQc> z@)Yj2L1SFRG_hF`Jt&fo;9^#7b&r`@fmJVl#wI;{-up%HtmKJBj_pv6RDlx%q>ABI z2YBZ5S4~HE_Vm^ViK1`aj%>v9`KOlQerW{C@(xtaCS6|0+Bpm)&{1RyW2<2qaz!X? zqGlQ5?V)Xd$q1sjL0z)<(0~tZ^27<(BSTXy3aD0%P9iZRMW%Ub?+IBH>}EubKA1F( z75vULr!iy^+*>->O>$yeyI7A99CU$afdqFX_y>7y*p2&DUG0X_W2bgmjmwS5b{bet zGF>}VS*nKyJm_^Qryd)awurJ?da?rP>)||NKe8Z(>!y%hPo6_R)JZLcsc!@)&rh6BPx%UYCfCf$3VHc-TYs}O@Nw0 zYgk|ft!tBf$EFcp+O-!73>f0Tz$R5ggs1Km=kUX2MnnaXuN)s1f7n7FV4%>|aIA99 z;&3goAm`bQd(R#IrOu&6y}^Uk(oC(46V;PgWJ*AmqEb~iIFXt3ND8e}t5uW*QWmNf z&nQnLMF%B)9T=-`2*=!R`*L_~@ugnEm0~W(!>no4h~3&n)EPz&7^wimov-BCIVi2* zUn0%J)l0Qz<6J8&@FA`+rHQ)%{6GOFG!s*P#R&LYovt~cJZ(DuTF|>`FeS~a+gLG% z+WwGD%c;MSY`R$F7=(&lF;*kQdqPJw)CREKz@tWM3iO6Cnp2BayPzBY8;mIXIeC8K zVkYA0oQ+k|f$pV@%8beK)DKTNt@nNYuChtq(19lQ^DQTB6FGjt{J&FISa1Xw8=SUROnd4 z-6g7sp=MXmuz3JgU((T%O&G&zysS0TqP$8ZEj^PkxJAvuTaRj4h8HHwe-0OBEQksM zE@taTEe2gdaJu`t5v(m}WphUK;N&;yIk5x>BY4{y5@kLNz`mSGRZ+qr2q$oAS}k3H zoS!;kY5@wq!!Xk`&-$*w$-%+V(c$62BF&=gnY9KWHZ=~iNjpcgw}N1P{W=M74L^E?orfdPZx)`%ZO)Xu z^HUL{p@GEkKIaNnHO9ccOk_P{i=>`07KcnXF~?05qY$>}bL*ny88WEC{P*3i8s}(@ zw#gQz`os`4%2NeW8v@XS);)Wn7sJb{MZEE5wqpei0o zGc{nchiu*)@z#K}#519I2myI{>YRbbl0yP4goupcUg?O-lU+r;iZ1-rW!PRCWk)W) zc|symLDdt5_OVXTGg~sS(J^(fz%lj2xqljcNfx;GB~_eKp|8lMXEiJ`(Qf%H(4}g< zc)_xv9)V47Ol6+gj<~F^W^pOQwUZh?P|#tK9xm0(1AK1zg#O47R~-w_oG93T{N0Lp zN~3Q@EDBU2PrJR9w4WK;VQL8^AI^r&@5@S#v8%;yMz=Uw^GkKkHe}`RWW-a3Wq}~8 zlcs688TsBoHb2Y1BJbG>`F|C$#;+~OYq~I| zSpj$E?ZHW9_+=C_IkJ!5Jbl(B^EuRN>Jyx)})Z|?A~LZdbDZjv)78D(=iSMqFKF_vQ*cdDtsLTGkd zn)6;FVuQ6yb_*qUq55o@KMa~hH0Mzw;s9BhpU6D-op!*Nfz743na+Uqz~_Lq$L*@f zji#)G1eF;qy8TD(PP^0I>mDBLJ^rGZK&QFQ4_+2*hgvHhoJ*Hg-reF_BBflhxW!sdaiYo%ES`wAxa2OpX{q}IZ31Lb#C2$d4SI}?v8!pb}7wrVEDwoPCIC%YD>tuNVtWiPz6 z0FJ@FQP`R)jc+y$E=Wv>nsDExc}5G>JfAnhAcD_^np*=Mf%>D6&Y}+Z*rB!1>y+%h z%DmCFVbjXqc8FjX%n)N;4`>p1ElNdyt2A@%r-!xajY{VZMr#FRxe*4xsQElK)>HW zXBTu)51_j3gqQBsCVA2{*K<6+N1aYxrsB>HTj;&ZQ}_@-e-fpiMCm6{`bm`j1x4v; zhWUL<;}C1nX49suFEd4GZSox9a&3}2G@pXUUT1gN-`&9tw?UvTACb50r!EB#=FzE? zH{)55a0gvGFXbCMK=9VQJrB(IC z!^6XkrPhHr5@zfyVssQ_R@E%ksp=wSsb)Pmj9mrw#f$TX%Mgehl9Dax zL0hM`cCt^8Wy2?E&et#iO9F^Nkn=Jx`YCr2+-Uwo>exEUU=LmyFI3mofQHtI55-ad zHKf!4q;;G!kJlVzZJ2M)P6)Hv*{UPOUc#r!o?VsrBh*y`N6(SdPyx{o`LR~UD|xOQZ9{%ydrws4p?rZW$g(41o#qdfL* zrC=5zcjpSzxJgdWW|yGBWmX6RuHmVU=8m&e!vfB&LP4Rhbr}J$xLjc#kP)0RqhqF8 zpZz6%yi*eQ$2Pi@+P^4~-5U<0emy)qgnv7oPW9it{iFTEho9{o9zEPUJUBRfbo5zg z@9?Oz_ZjKjTMrie6iQS1S?A8U>Vx}}{Jd=uvhg>Z^^Gp(pX~1Ln)#0`F9`Bvg7#Uen!d3VsC*L^^Ir8ESE_wM`yKbZfsh{W z@hqIVxC8tMS0s1+Jg5S{GKg0AucJp$9J`4mR7yInQV_WVIJi8erCL zm+8}%76BNcsRCPy6_Diw%$t~*C19VrI*l74wTd*w;?#~5KQEo&08)*(wXxPm)Yt|1 z42!jN$;Qg{a;p$(Yp3!qr&==!9s2K|X!Khr`XcJ>wtxQn-(DV z-s-&jX)pTX=YRh@`F#7||86h*d+VRwXlv`A-Qd|f^FKq-RU%jh7 zI(Yxp_CJxu?*IU}c&FSca>-(&8iCh8J_m)ty#?CE9HUVn02H@w}-}dr?;wb%)GZoD2I@>ld`0rS5VNYb+>974kQ095$*UR5w63^ipAUmBWFWGY5SkQbx1piLBwg6Iaqgk8V$pu+qu$F+=M$ zn643Lg?ho$pI7GBX3{SvKWX6EF^fku<7#|Y=2vr8n^`w=r5BEkKAn|eq%Ox6k=DP5;C0z7K33@|v?)tJROka|9L;NR z+1fX|I?v{>(N&icFi~L^ib*x!C`{IYS0FB3{D36G`~+PG?Gd$3U2 zlU1i{73zQ7VU`TOWSEV6?L4T7J(E}lbOA?&qPhL~Pij2+xj_cspS*RIi~b}+ch*{8 z)Z<0nSkRTl-C024(5r=?FVcPIyE9%0ntX!+CGwpseY!oz0h81{+e>j_xoPv3CmGa1 zhsD?k-5%=A5UTFL7+HsySW$V#qlw>F+E{rnGY7_1=;QZXDF zYTjBHq+|9f=8f1j8{ate;I5@XmLQF~_-%Y5@-tlZ8-X*MG4Bu%< zV>WLg1^xWbnC-F1xEAtG6W-u-P_d*rbAfKZ)4ou}c{{F|-ES)ns`_bQ6SbQ6f>dFt zzPlZcNrnRT4hB-37vW4{j)m1{$b5b;OCuJNsoO0K{B-`Z_zB$VLsY=+gjW^tx?e(E zGnq?q%@r5f2T=wro$rZs_8{yoa>b_P=%oVgjo#VWRCem#P0=yExw{cMo>7oydbgrZ z{@*`!qAz~_`<6W=`+56qXJ_yI*44Y0@1DQ=j=y`!-#zC|Zj&Z^!Hn%=cdNDN?{#() zn_~O+!pSJ2XH<_W=jBW)2$0i1h_o29@SWyNu48w2__xp`Ev|c6!H{+N!hCwG6ughB{B!8KkhV>5X6E|dWr=0clawmeu%z4; z-|!~1By7kP1srYa6{7JVWri(R$ zngq87yjZ%{cTvgU(mYMoykk(Z$|6|Ce^{^oyT(J!RS*!n<(EOY^I_fLwBy5^&NQFp zt`2lHW`ybcMB!TjU5Uag5@#hnsyPs3Sq~Nv?*n3;Pu%-Lx}M0gcI|ziKQ$DINt*WM zYD39}_4vHTcKss0Vl#Wy`WyMuS~mB(!!0Y`^8t|sJ5vvx5cg%bY#|3hP33oVqIx`2 z8g5d$v`_DpR_}&!KKo`>GpmtF?om}}WUdbepXR*h?jn6SESNEE1*K}azhxbSKKadu z9vP&J@i%3cVRJ*g1v*#aqP&Lx0g>5+uxXUhY}BgMt-q>b+dZr91l_ zMnr!rBFC@nMMgHnrVYuBnbImjZ z-L3v?z5}$``8m(=`TNH+&rwC!@_66okYuJGi=DS?dA#R3Y!~0vSujQGf?99goc)2g z`%lct|A`!Q(%>k%1HUYc5V(a`X3gX7^*u3nL9mkdWxb=nd-S?2?)zMC%UW!{qKD-U zFqe2$?f`kACuOnXvkKrv9+Nxwda0M>F8yE0GjbOM%e^6YfxeChnnm%&^H7fC)7@w*yv$-IcirbyTskRLhdv2J7WG5o@`vB)Ab zbitA>@}Z;&`?O@Mp#OSI^=Zj|)FsPqw4_h7>pAP=CzslxAwr-D%rhzKDGt^Jbw5Hx zX{ylew8g^XG8&IONcftxca`jxQwlwU(4 znVA=o(S$d?2~z;p9*3#@f>)Jfhv6rZ3(55qoSUy`Enq*$?pJx7i&PA!=egrROq94!cM4cx?MOwqaM!49Ojr=!SCl!-Mw51(6_z~pzq@%z#EaK zJR5!wBYXEcdjiGDW*mJ>#en7A`?)1SZ@$myHRY)>fNptJq6*`lEQC2rb5%hzZwcQE z)vQkqidvjwVS)NNh%E?yF_KJ;L^^Y_k~7Ig;y%6=-J5!GSL<@7+jj+69q0Y?MpX`f zn%%$F?AA8ZPt*I?n%+NEQsq^Z46A2-$LdMe5Mb@ugz@1>-%=|HP~Fk#cP|Rgh|1)h z5(E7%E|eDIWoMXn?05Ev0~8)fnQicOl${w22kjAg%M1uPA%n*}%-vF!UyQO(tW&rxSr@fg%{ z|HUJg6e&B-rV~1S_e8uB+C7_f6s+qOs2gqfBE|;lxfDfS7gw^#j@9?-ws{d8)VnVE zvKx2aGqFb}Bbp6aV}@kn2nWKQ=N-1}a3Io7vnEbdXoM&~5XoVn_1KUg7g=c0lnwRX2FPcj2!{bD7N z83nDnre}$>{A|ThWrd0+)t^QlByLL9A=*c%eKLOn7FI&J7xMm!4_Li##t2;ob{S~$p>#HOle1W})c(@&_TPq=(NF-vO17g~;gERubYb@j2P;Uc`BbVB11`*Tjp$01;uMd!oF z@V^qR0PX3bopdSE6%Lerp#!Jaos5%bDIMO*$I9fGXW*iJE@{lp795(a7W)v8elCDT zKI3ImHy=nV{MU!)U^e*UI5xm;AE6UVMm1X@<|fROzCyZO1UqMl3-cM@F|c5*YGRF~ zm3$2#m)p}r>9(`3v;n|K3i z(uWU5TIZFJygaUEP9L!`eZz)a>2>mQBjS5GU4g3{WjxD2HIrt?`?$zAfa~)C}G`TiiP%JqUv*oNB@ibRy^UdZR%2pc9 zui7?)Zf-QS9a!^l8=kK1R%uuTw_w2~i4NJ!atpsYNjb~(aiK@`@von(@I%;r(EWS$ zq|}Ff>)tM&+g8)>?`K5!Cz1N+5~)iMPLO^LuNqH8Rua(*%M>+^U|~tKIfD8_Zv+dH zGm(|W@qgMbGjF(s9s0kP zWD3!Zr@No_#ZUXSad)cVxq?&5lzd=2C>h87Q*XDj-8K&+< zNvIC-j*(|>uaCmbJ~F%g$KyZ4IK4hqJO(cOq%wU{nLepZ{|PG7!iB%Ar}Oi`k`EkWFllj$c zK10PDlIa`GyB7mjtfPQ0&PJ)_oTLbADX#|3)a*>`K6AR~QY1xeKAmEJ7MUu>O!jR4(0k1VUxz)WH}^yh4_Yy$xX3k8CH*s1dEV&RlkM9T6 zndDi_b2?-0tOpJy`Ad59O)(fSdA{JX!$NxfTCjpWk(6hrmO)?Mj_?4e(w{RX&qq|w zWub-OY&u=T2+!z(oMe?!(RF%N7f8$e_rCSnr=Jh><5FepY8!>2c3-`|czWK}H~PMC zbUK~R!^1=Px6|p={@v?5>OA^v@9^m1-r>Q);iIF^I(vtQkM=(!o%`y*qMt%(DnIMo z8CQL9f0CcKZ+Aa$z2Gs+Y>pc}V&pid@raRgG0+n#8F?m(EP-`RwvNxAZIdEPm?R=& zL`X6glC>b!6Ym#VNRlErLWh#EG0U`S6LQWlPsyv-7pEsr$$+PfB*uz0AK5GilVB zdfNIvOPNx{Ia^47N@xzUxSukT(utWSm<^a>o{@>E!nr63L{wx$SJC% zP2Lel!tJ(EP~8CkX1d?~iX@EXCuW(ni3i*>FBH?*2%Ks5|E9@_$cB>YBDK>m%n+eu zlcC?+x1^2vi(b(&Bk$k;j~0lGTqKH2c$yL^(o_^0hc#dmqVT4Cn_LJ2l@O5|HPwac zn#Fom^jWM^5@i7X4Q5~h1S+So!Q!FfXC$a7VZL!(W|SzK)oM_rDcs+Nk&`Hz7z4BA z*vQa-OAF+^gvT27`wh~@q-AY)Xxg^K-rgo#?AO`XMkym3F9c1#L8D4;Yy%xn2O#py z22dzNIy352(1cj)OA>qW-ldR&!dxVm;+iK+?jV`4iKT7IuUI-IBYMpUEwnHqJ*H_o zjfTefpoX0&=6++UO-?Oqs+eU|a^&0cOp*A@x}I;bDg*GOkY?E%;o-(gXdD}1qXld- zZStnb0OY_-&IGp)5>&`IfyOT{ry}`MG?%QpYtvXgIo%bT-~q86`Ly0 z;J#fOf+;-18;QfE(j-F3$_K$vbgGsKCo}sI`I`r4WE3CbVVFJsncD}Qsk^c>9)YynSngE8$tf zZb&rU-mrnCSIB-F0sGk<85Y_5 z_aR@-uC(ASt}C+|PoJHC)g_YAghaBsAo8oos?UCW(KVHj243OnXc1#l38~lrva%Up z$SF}`%!mTr-|0n$wdPF72?_xUc7@ZDDm|ca8kv`oO^Af*yTSIHU$fFC32eE!aArV+ zoqujwgXTO`)9Y|-$Uwxife0Y^foPHQxamW9G24YFkg~OpBY`%JXz}aBHm-c1GQH~8 zrfK=@t^Gd@{=c3V)yB}f2Ora7|KFoW`}=kO-_gTI4?p?;evh9|{=ZNDzyDzWU*vMS zZ+M{>8CEv?VLv_vuqih>yi~^&T$UKHsTzypS5&E#YUqNSEq`{Jp zs5UB+j`k0ty=Z@fwBJo~i)dItFyQAe<&5=n(`P$EL;p6yxo`7?) z?SQk76#d3a9Ghrt8AQ{^+8UjU*ZBG6pDw&v=z!xOAbeH+<;_A3zImFG zD9hIsyOH0cnRhf~I3ekfTU^vKkG+tR0v!3)h1Yz}+{8<=d5S!Y%#v&YY&&00Nd)OU zLU!_RH0w#3=--Sz;roBPuAeU4bRPYi@x;WVl=vOcc2_Wl79%Nz%0v22Y}n>#*479p z7(+ygGqzEiYEFJP3`gLM<8(xr(jb!aa~!kYE4z$GXmp?_y@1yt8 zL7K*CANDbMrpbO%g5^pXm*J>q$ngV;|I9)PUZw~<^cE!T!)WS76ZUOx%VA6@3#l|t zL(3qMeo7J_|1y_b*|ItFdvL*^cyQs=VzI5eAUt~X=$E~dqr;;g;nXnv1`*BD`G}tw zf=KY@1`le~=7ComWCyk%Uq)FlBOTr8$2pDBYMEqQHb?_{zQst2t2TlPya}HDT!a6& z>*5;jGM@8qeeQ*fUrH$Zu)Vvz1v~729`8Qhf=-8>WCjTAT*vEZi2-egcVzi=D1IW*unV&w z%KvQTlS##7Qa+hB7}!!q=EB*REfVr}tU7GVE6>9CxMYZHHS|YG0yzQf6vkvHX5~1) z{)WDwV&%qg*c&xHRiQGTou@mpsHRrGXH!Ou69890;|ZWzvjXgE%Z^v!O!p;f1yFg2lP<0=C2_HO%zQBAaQXF=q$ zHZC7pT2l=c(R~Da?_M09!t1v`4nTN>6b=KM4)xd$Wf@mo+*Rz-K|#*Zj)~k+7}}Lw zmg}7M(Xb1_`29ZWIt`PE*$xPz%sObt;=|g8?Pt%QKi}DYCh47z!JBg5a%_xV_kGj6 zUf*>U39bUE%}cfoPkTKBNNhFqSu@?;yBbPcx3>n<>Vw;c?cS5WJbnJm0&oGT!-V~V zeY6B{>p-^wKX?6Z!}g8=X&6t2(R?<{n^Xgrx2XoEB~-zplQB~#ZJm~Y(LNoH@!M*E zO2b&-QjqDJR`X)70?e`zc}0LBJ9ubcBl6tFjW@cD* z$rbUyhP4iT!G`hx*5q{|BW6ayChVZ#D7bWtCB5y!JVGZc+e^oUZ{&@pWatMe)>2S4jO~@eg zGDFSP7!5xN^JWe>aXRrLp}-pqEi}$Ty%|6IDvsN#afHBr=+_J)+6)7~VhGcZNT8&@ ziX^>sr=k8eq=YaU^wNwD1vHW&7M6I!W{}$&LZpkhX34PFGSKHYZ*wanMy&}0%I4=P z6+Casx7_tL0$bjB`rf*k%Ds}py%dguC8(MKR4ChPO|+hg6jn{?)i+$VTk`Y`PfV`V z4GjQl6Wmslx8WPnjVU~AxLyy{%`k`vzpzpVn?P8Ob8~4>`pQqv)T7g37{|#FFRz`p zFr6&9o!zd|_X|cf4xoUqR#3)KSEier4Z|(A*j6`@Ra$CSp*Z)CVx#%AR+_ds$QN#= z`3em+Uz4e33$$nEys3&2;rX3u%`5sI#>Q2 zEDmw|B+Y_xF!D0=>i6Mnp5Y-SB8#1NZ=EBpYmDT2Z|u*o1VWk8OxJ!kD$5K5ceq%g=2HEXMoc z3>zR=a`A9fXT@$;=h{YhUyGn-*cjJb7S-M6mSm+aSFlkC%HPUA#I=>webO|%tpd8A#;kO}&TIPB$hu+JfUo!VtLkc}P-iHCk z`B-dgHUTtEMiK>ijF6N+E99Aa6PkHLv_cSJX?QLyR8!$?4M(>$8-1HbqfcNm`t*9= z#!hS3h>&5zcqb#XM8$maJ@-1GYE`)N3_h+5o_S^w2>w9sgkQ4HU&RgJI!=EU?d{&{ zZygO0PpkpfVgXqN(X^n5%}_qJ%+iT@_-jQ#{0CQL7jT7=TjMprk4&TgS`&`hl=opT zFvHKZvot=(w0mHNz6JgkG=q#_Wcf-g#?23C#(mkhm}5$&H_X>mo!Aw2p^Ej}fUeGG zyX-{2wNAWTELc&?--M2TO9g$IMsSN0-?Gk|Ir*2X>vm@IrHTN{7#i5F<%KhzeeXybT?Mmwm<35lw4B6V zw7B#Z+JJ^iZJM+M!!)eyZD>UVS|N#+EtwfYUEsBj#E@c9xGTnS3I!2BEo%-3&+}4E zX~k`5y(YNr&fDZ=fw9?E?s#P>v4X=%Iie(-m@DwPZxrlQc5_dbmAYHaucfl9O2KL+ zlf^O!*D!O!$}$a9*flrg|FRV8f52<)4W4;7yPv4Ip(yO{Oydb1sYkbO8 zIR>v)ys8xTBDXs55!z5n(x6+MuJm*>%R0?H#EV(JmRa(CIz2sx<23%TSiykD|HXtL2iw>?Ft zo*P?H>N;6Tj4yU@D~m}5G;7#N*1r1rBvz6ttbU8Ok!mLQ2`nPGFTW)_NO{6vnf2q| z_;GLixUrke!O@FyEOjBrwyeQ{MVU}QRtLAECAV%09oI<4Ene|R>+%b!2eVi6C=0?t zMiS^jt1hAO#~{kuux)1HPGVnfZMh*HQ1^k~VSBQ+N;=zJk zz^;Uoee=dC+T#kEW)%CRGhTTvA1Nh>`T7yfMx~K8wt#&K*5roq#0}Zd zyILv{ndUBxC$HH%G4Yb7tZ&R5xw6j6{>*>L5UkNwb+!l%MtvksN5T=5*N-;RK<&{t zo-n$7CkV5XCg(t+EDZ>)9(HH>u-QC9nyMaL=i<1uUu?ucMni_+dIgl$R- zqUQ6f*p0>4r|L%gW@fz=RF9=abyw66YzK9vxYd&BiMNf8SSAQxh$l~0|&3_1SI)~j^0bT+L(b{wnDDL za1B;l>S{1YWyQ*L+U<_^vDPJGk+O{pPQ`7P0lfMaEMu0c0X9>OCH0{6sa1(-7LV&y zbRcOnxUCL!yAt`*1jJgr)~rVBRj@CDsrQ7GWz(a!F9W*FrhO8s{^<8ly$jKKdh8-mAa|>tH z`VhwrJD}c>lo6@IrQrNx6n?@qi`Ij6EfrYDki(`pgq& z1pnLX^@{&}{PfAwKW#sG`fU5j7@i-#`DNWt1-0p1~1#9qJA7!@zX^?apr)&a)ml6ufgZyy3EQWu@a{;|JQ8E85_*sM( z?sR&M7Hi;$S5EtHSgUyEE%1_sU&6|M$psuvkYrM z;{+fcgVqeZtijmiG|Q5Hw|jYc+3^s{PMl7EXcu-k!kz+oKnUr-yHk2JrSJ>>d3JUL792*a8w{Q<4Jt zkf696rw}mI5x>)rq#_4rw7~wR2^j_BU<9ETP3GQ&z$CsPDHd!`NQz;OaYWf^-@pR; z!v{3KJ!6#7!2Sr$cmogrEl0=e@%$zG7wxkDb-6T(4tq57vN^?iQTgS$ZY%Oeq069i zM=9|#;s`?=;7!%_HF%?tL(kvCY=M8dZbUBK#G~{wPJLdXoy-Wh?u@WM0y;Bmt1w{H zt3pi`ceB%}nTeQ$>v~}rU%D#gJUry{dZ=EZj`8pjdk`mt-+5tduj^v+eRznl;lCe# zikXPgHZEgbrMbwuH|*u77#ycng-AYsfyx{U;3n`G+?1_5>UBYsJ$qukkCg_hHaz}B zbigOz6FN$Rv#Ke`*V-gLB`hJSM5d^fUjfJGKIChDHu-N#!h{L_w-o!-uU7us?mgMw z*(u0>Pai*hb}#?k#qVDJyO;mIRrwET|KLNyg+7A*sB$$%Q!mX_JMBD>S1J4&#m!&i z#Ykr#zeC?Rd2q6pZ!bui20nq0kfrlz1kWDhKZDs|J{|`jz;PYxN!r-w$F#~{0^@lY zF5vgM7Y5^i_-v&S@=oIy!aK+I85@Glg2EXYd5mCbJR|UGen!%WWQ6khqH8Gyw#^Y| zk_!YBT4xKy#fzf>Ys=8gmY`jSmi&gv%_D>)Cge+n4cVr$K^?l(jdMuzo^mU+1Dz8R z5|0wT94mFDWlUVM3^F$<1GferqFD(gXd@Ia9dP)2)4`B?gB4LEQ&mPQ&nZVw+4)fS zowy~2SWhq|;S56WjD!@vM~y0u#NTBku`fFOr4p-}iiwFUyoSU2?9gc!x1^)T8LL@{ zR~=|K94|>a=ZeTXLEPo@vwbILZv8BXXvR1>`_v>Qd;6Iec@yHhXA9#C8P;q4hMgC2 zM52m$DflFB5LWLN%=rC{!dC9}$x!~9uRyz&r6AHc6JQ)rrdIN(@akXWjF2y3-M$wq zP~L_v?nIp}@_);t_9HN5!W$8AzIVVGI;*lsHJu+xhLFk$#N*tn_>3^Fh4b;)!2rR` zo7C^u*#$|R>J5{56S-G{*>Oq`vI{$80@1~@MY0ZWG>Yd@#`x`=uE0e0c>AL&_G&ik z2nDZjLM`*3s_0BcXk2M=3wpPX_=mGn2jx22h_82)iDZc+jbO}|i{YF}AWZP0B&$Ib zE{?=ZlYPdxhEj-`Je>uyXtMqjvir_|f+*{mu8hBjXXa zZ90Xiu}RJ5G&>;^^5G3WG3MOVu^~Lm#h3D;7W1}YunI|2rUwv8nNY^0;yA^X#TwNe z-e}}S;Dt1Xcr==)5R4n3FSZ{O8a>Pao#(luv~Jmh0?RwmkQO@m zM-h6o7>5u|7|&EKgoBKhJ3^S4UP#{^os)KKoVxRXcId^3{m04SWMj+T?Z{E?b#URO z0aH0>88daRxoQ%6P-2w}hpSFP-7S$9A#dS5uNJwNd;e&vI6I?t5bQq!8D8cV6EvP8)$)KvNL8q`$qgIST9YBB|^NKBZW=gX(1n$YX~5DcmG z9Weu`E%dWqiiPrORANep!cJ;cLDj2JTGh8}5E^EIT9?jBHAPmWt~42a1;n*dCesyX zT*yoN)lGhbd+eqOVmG?mmZx%DW#29DWsMzJD5S9NUaVXgk}r&nfQl-S_C?9fzm~>} zzV}|_s~~+VITx~4wDZ<06Ed{h{Ii1NzBY+n?yp$qWnVdUFzZ67*ogkFmj1^Q!ePb1 zGCZi%*X9>XaiP9z>tE`?EJcb9F?Lj$(H}P3Y1PKmhF`X;jJ!^@o85FwHLcCwJezh{ zU(0r}QLd$I3sC+qqd2-i57unT^yX2F7YKtxK*xB!W;Mq6Zi-}vS$H%!2ajQpaJkUmHmkXj6hN4)y)P> z3C9SWjk_t=`vL)h;1dhOLgeq#Z7wid{5iXhK!0`j_W|7d}G zvKHJw7U7=U81ALO>ogJ|l&jK1us%>bPgVrw&03(mxe+Mq!1Lo;@cejlc$NayDwuek z|NFJ){`I%-o6Fcrp)0+eG#I{*9$=cHAmWzQ!6E!U_o6Jw7VjfIIYMv5$Jri{?AwbL zAUkse_R#FRgxh`;JlbxuJQ2BD>MWLpbStMZBb>F*JN|LSnKvV6fjalJ^T`h`s_LV4 z+9jH-J*`z5D3!ZKLsd%XJjB=&$1#s4#*SW*MLF3`hj-J-(@QzCAaaV#ig&!b!uK5> zzEe(%V?(=z9M>Dm`>@Vf24RVMcVak&F#gh+qg2IKctSFB)vK&>4eN{mB^mF5P?9&^f*^u8MQ_nD z6CL6-$QE1RrKH~gaI2ZNx)T+Xdc((SjpEsiMCgP#&){q!ulKk3WwQWi9*K7C`cced zXx+}0!GecRFz!#|8Of&X!0Zr zOSbI5)kU>}__`q}#PfZWn#N{UnSx-{X+y8m>+Q5*r`Id8qDiLuLrtl`HPleXOAFJe z7GJ&~AlH{iO1TMFwJEcse z?RNc=$kk|9O#Ud&fJE_pGSyNlOSYv=-B=3xK9Ugi;eo#e0xbTA>WBU5tTme)+7&0Y zWF1y!_1#B}6Ozr-sKCOVe2a~ed1n--ggT6s&Vn!u@XrqHMLv*-&Qn5R|M(ruqadRV zFC{R?!ldU>d>IK=53Q7VVYq-e3K!taoHoQMM6rC$nS6~avWtVdLF6I`)UbHqJ6%_? zfN!_y^G}7*uD=T@nUD`B+;w>`425Z}^V|2W&ZD*?M{=51+t*HcZ|j{oGt-u!83&Da zbs*R9C)C?%tK5(WPyzFKEY6z`bh8$`LP zZdE42!JA_ohI>&5kua{|NL!*RuV7X27`C@ipQI$CjRMt{l1wwz&*7DbF$&C1yCZ5+0aEHTYHnwxJ*n%brG4vJovOa32}ZheM!r~TiBmGDpJAWOiiJR z2eJ(I2Ctb^Ax+RSE?Gsh$p|+Q2u*wliFZzcl2J-BD#Q1~ctSgHjIkmxn#M6D;6X%~ zvTq5J>)7tR)}n}cMCS=Ryom2kNjP)GD8}YtFMj411(@ZT2QtcX2K!#(odsc#1%!5f z;!Rl>?RH0kY~Yp0@$AR5gsBnE-ye7W(&;h2p~flUS7oTgAXV8bzr@DSGC2o@yE!Fb zG`_%LP$6O1?Bv6(CEipry}CPu7UK!rz3ulx@YOL$B*#$UZ>aDc6*M^?{nE~AAcpYeY}C$3QqOK z&-QU=o6T?ov)%bhX1jCK+1k&NFMiI9p0^*ny{*6R>~x;2HC@Zm_Z3Wcr?cG?(|vp+ zTHg6ecJ9tbcJ9}~l^?Ijm1}6ZSf5>Kfcd4wEwr(#rPX(B@fsDuY}RtQaum=Z<~sJu zE(!cY3);Q|p2-5vywUlkm-?91$jbth&lcRUmJ*Q>CW-w4QwM@?8@dS(T9u8A_D4WApL!@KFR=FvHXK4#4V?_|Beh_(~ zx$&(fL zs2E^5HDiWfNzESohlx0XZcs$QBFSFnK}3iz2vnB9WR2K+jp*gNEujHkLq)f1iTXNR zoSjp6W?i(UD@nz+ZQHhO+o{;LZ5tJ%V%xTD+sSwGcb|*C?%RF4_j>l4bBythR-|(6 zM=2)Hx8`$4#z0T|YqAIwTrE{xm?T4Y55m8JPVKkZ0`ujUlS1sdR6C1EQM#~^_4Cqp z(JSZe>iUln4x9HUsfnrzRcQ29$5jpX)kZ+noB@#m8_l5AVk1ftEDDRWOT>%WenP0b z#LIYrKrW)qbEbwRZAuyt*yNXo()0dEYp7r<&6W3I7FTVO+AJ;9Zd>B8C-Vc3d7o_C zQN39*N=$o_D?B;eyBWxFg1)`U$;`mcSo&gOMlbiUzI>sozbVi*l!-^(L}!@P8|@#X zzD;uZ>9(-$vWS-I>#v5CxBT)m1pf&b_Ho!{^ia0tN1n&e6G|d|6^ZxU+Trt_gCzEx zR-W?e%X(~yd;FxJFOky~6;cQc$~MU_aWHKp#OxVmfe{S; z79l39gj%V_+KJik*M#gdVwlANP<^r$Kj_Zs3*Tiy?Q|sDgUh?tExqm0cBQnk-ap6f zEO8pIL4L$`={wp?rxrN@UUP6uLKK%&$nA=43a^*mcGQl!ugdcBgMM z{ByD#8!H@d)=^a*8L$ezIBBPA$!Dss05)pg2XWqHwuif`}W= zI?l_hM&`J{%UX1@VaX=U zG%*%2KuK8q%~U+_0&PHil3wKB9;aqyED-&Tf`kTu88Ub)MhZwb0wB{<{}8#SduN5|42|D!6y4LXz`#VqRD&CI*c_BU9eI)Y-zgcSjo`AggjpD zN$-B6Y^S9@bp@r4m>NW^u5N-9n`Qh~Vb{i&6p&sCnUhw^PdjF*uN9X|Mg3`Ps|_@e zZIn-Hnxp$@DbkLii@{=D%^_p&qwDd}h*atBmQ%c%{rD?VAYrN~-D_%!Kp;CEfXgdT z7)20Mgt>ApB6KYV(#qYo#Q2jRlOoP)g159Y4nqQ4aT?H$raOb34cb%9?z*w`=)S+N zM?)_=)bY&xTcFG8EXo%=jxhk$cXRl&6Fh6;cB=1N-b*|zh`p5b z{BU>ZZhJ0@cRSq2tMTRd*W^f5nf`WeCj}3kbK7Jkq_NTd?*(!+D5*dYx~_Cyu$80o z+|6VL-tVq|T?<|}qdi+0FMU&in3P?&{j)<2g(#aCI`;H?T@T+rBFywz3tQmo3pCQ9 zMXTg1x4TrNzP+Oc9P$I!`F(z4*Fn@WdwU~kiWpwstaXO2_&W6fn137({nk1b%~qEJ zJ3fH#u7_PI9;^oOmCL!0mpL!+?00*_BV0PVLmf(<%rG!DXucH3l1OX@Jf|-`y{K+B zyK1O1|Ft}aLA32^1{Fe%KKn6%51x7PVtESo9S>d~MyoSSy0wI~Ro`H?Rn*hJ=EET?C-cOGhB9_YO4 zl%hg+f#N}OMKpK9CamR5htX+BeA4}II(iy47lT6|)XVw{Z+khkHge9;I{BZ zohY&iY`L4w?725uGDR2afod$M+r+7l(0FvZwbvc?5M39w?u4+aQ2sG{Sw`A-x!Xm3WYUL}@875{ zGzUGVfK|Qyn9|>1cN`s$O2G679*4x-{>$6Drr5`b$C7an`EB&1uw?9IeQP{X$}Z(M zKayd_sRg)!0K~J;9$^s*Bjna3}G*z*tskpqq#2LvUi zJEc5Ivmy@7;y#m1LGLk>p8r=lY?8pCkJ{6}(-EkZRhjgI7MW*UJ$uBWo&2QI9i0z3|6_p?d{Wqzr$Rh?;C)WkbG?#)EZXNH<;J& z+34!*ymW^!C6^=DI;}4_|q9BB;Vx6 zW46;8O^G9T&Y4`xLdfhx_Y0>YB~AlNF<$kczr`@5gJw{GC}hS;EKI;6f+Pm89m(#Z=cI$fIMKPpX@9V|U z#1epKNSI-v1hIqY?IfZQiue0l`Rfg#gWB5?ovW2w#k7bEW+qAU{OxcUW4XJwx6a~j zjG;=fjx4lVe;Z<;7&hjgElr&seebY@w0?eFbLSmbgwPAsU68;qC|9JNgNFlHEY`AwV7`SFR z_bdmv#J8ho2eA|0|8B>c_3UFPm|2DTfa5^Mg20t>d(qw=a^RHi_fb|6bTY4Xoa@Ld z{?RdZmz?L!%S&J(!Ys%kxE5oL#awssdlMeCVL^(8=Mvg2s8k>5u$9+8mmV{rItvW&sIyN>_k|)hv2}>t zgnA%}K#?@{7;9y@+6|+>6%$2$V2ak#(i8sRE%eA?g*s^CN0AL%{g_SLvc6Ar4DYy| zx5db&%&Vp|i)nN|P-!!=!|6YoNEjlN1f4LfESL*W?OobPGu6q7q-km4{5Rh|7p&do zv?VIz)hRN_S}bt&uh}Pls|0^}ti|QZ5k|aT9xM=06>M}6q`j+gBRQ2*@MC+hkE2db7 z=!wW4mZ!bLxg{qHy+F%Qv17V0FM$44`zXiNCm-`7AMmjR4Y0kstEz0)5l(OU0?SRw<{OG*us=pr+w1zS2%9|W_j zKcRqXu`qFwp2-lI2}{%pe3*-UTFCut)ex`o&AZ6Cor%ht-lwdi0%2g!wO;d>zzEnL zKr%DP)!}OQP?_^SF02@y0w<=&nVOp)Lb0Fo_j(3T{_ynhOb{;jIo7oaAnv(qWL~nTn3O{K_Yr|k74JLLr@}dFbddL~(K9`l)`TH;y@kazSsA~5AY&nanXzBgq{3rxca$m8=>dIWerzn)Ehz4@W{d^`ZYKLKhp043*T zsR+WFN11*;!ZAMW!PxIaea3ws|5n?@?Z{8kH&emyX_%Xlb<{82H&M<`{DVJmPc%w4 z8LeAB(4Xnzwxxp;;b@M+kQkaPCf6>cQuz+%KjA|YLVx>32)X)DU^0SXHC+AH=znOi zD=yebe7>nDds$J?_nm<-c4ev9C+oj13B4qqv_q=BwfK6rvdjE4KI^04PA{x8;sV2G zPPh$Zf)ed7=M9jK@*#o{Hdu^$t7h%}YWGM3cCmeeHMQKi1UI`@ZL`4>cEW@&>lleK z)p{@38xfw5GQb|Qp>3S`S~-eE)!jR0pasfGr2Vc6wJ{hh`Fpa}u>D~-5}qaH4n5Gw zreI!*?bWB2>*6rM`|o}kUJRtn1n#N)&U?OiOH=JI??*RrF!;R9{$D7S^Tg0+;p zY_Q<|BC)jJGd)DrwC8&0m&^uRb6yS$`a%!lmGkcNlf-w;Ye^f63{1LlD?je2Oc`%oEi+tYM?)r9P@A3M&(F1g>0N5%4 zbDinY)y=FwfDJWM9fl=TG1=BRTMZ9I?x`6Ylxa(`dGv;L-BhrDecn89eEtg#jq(ql z5Y0&JEsFBg|7Ii~q2LV`5u1`tttk@ogkez2ub>LeMPxOV1A8*FDM^*Ly7dydr3+&c z`G_M$=GZStFkV#~GK6Y7tmwE&iepn#k)(0|6S>uSl2xYc2`C+$j8VW=WkytUxZ=3- zP$;LtMkuEYm2=cxy`7LW%vII3D5|%LrlERKp3PLjLu%DuE54(YO2@sO_MbGJLe7i- zIDk-~rP2OD5?V@|Vj`?sZ2xuU2}Nu6+))ii^?JUpWj-gMIr0RBWz|Pma~l%_pj+Wu zl07qPG+cOersi$cqBRpQ&kZhaU)9x15klr0^x!AVIGS8RLesZQ*{U-4`v|4fxsifV z@X$@e`L@RYR0Z#zI&Z02k^s_OT?iF;ig<3p^19OP`i|XRl>2UQy)*x3vUbTo&+Mek zmT&s)C+{Zp?KhMAa(%_`c86S0{eqV71wG4d0Yrs`?no(QhTSrOAe|J8ZVDcyc|zu< zma}wSiJ%7}w;WZ8(Shj|$cP$a+Wnk|plzF(?FWe=3`A!3(FTt%+neMRz^hI)Tz+xm zz)0eZYk*F!CsoO)xIamD@v0{3u{Fa6% z(;4Dra2(g8mKXY>EO286cDGu|qo+5=(qfWebZ^)=-8h$gm;8gkPP?Vi8MwHYd1zMD z81kx?pa%@v0$*Ie)eq7)i8{3=h4T0Bhs=G^dS zFM1eLvC7uK48F2JXc^Q^#D08IP^Zzgk{J4lDk^yu{TFoMqLkhCyDRzyngOL-y6!hH z&p*;?Yf#?vW=`46Huvp@-R%j#x?xDHlHKuq`3M$Z>g|w#cWYY{x43MBn;mSdIrklF zt8QhEg-%8_VE`b+F4sWkh*u8M8XGFL^mWNJY*X2jIpP=VQz*;9% z=8$mG?ow7?tR`&p+komaxK&FIcay#&T3>px6HIV#;p8drkAvgjG(LLCi={!WsOWD& zRs3VZy2R#?-}KW!?{Sd(sp=oAPCy^1LgUy0)h)aG;2Mu5p_ie_aRkX&pU(jQJW6B| z5eTD}%IfX$`rga95w)vb7O0O|w;HmFDM>zfU(qDej*4AGvVM*|R8ON-U$Pd;CSy2l z_|eG%w(;VkWN%tO24#rYJ4V_zZxMLK6$x}wd#J?qR)JQm5DP#}j#zi0s0skpv2P7M zt}2*pN-6yZ6wV~19u~sdEWk**cWE9+9nrS3XW+}0>1kQ|V(?K2wcVKz-v^4nJK4YO zCywTS{<*6dcyy6n6WSNT4xQ7y#tIMK;qd}P*|@RcYW@#b{j{vv!O`e_GqkDp(7Xk} z1WDBc?%Fl#1`XXgjq&unlVd*90{so(=H`~i-`ViH*>|%8bhQ9{2cCDhv}tR5QnIYt zm{PQ(ZaM5ErOUWhveq-EU;irf4<>9Q9JAvPVnkt;t|Hu01ecHUg%3Pez^bIbxE z%q^Ll;FO8nfu>-^*}27qxfV(Erp_ZPn+`&z{U*axf+||KWXS9vEox1<3mSHlz*F>w zbU-nBUXun^z6ta%1ADB;x9I_0cumxaSBai(KEO0woCJwuT>8U99CPCjW`q3z_oXq# zdh?vvo8=ayd@Dqi4@3`hBm|0?F$bqkAIR7^>3qsbw2?n+t*}}X(i}WpQNTUJT6|mM zvTb|1yqzG}4jc7cXafUAF>jNv>1tK1;GGjS{aQxn&xDYv)uAdPOd^@3Louon8K~6~ z?sg=quEN-AP~>_S!)CHQHP7pjm6P6afXY^6QKz37BS^=|FASTbXs*}v4ev#{Jj^z>a$mSs!Ysv#F^Nb&pLK4fI(d(R{ZK!_x6a%*g6tN7CFBBt?>p0Umh-1oq zHYY|8>dB-24$J~;E@6S`yL`dEg&IP$cW2MOIcnD~o^CROjyPVsD#{j*a#S?(msQQO z^(A$sCWn;18ukx?m!k1zLLBS<<-}5|kVdDM`Y>~!IX%&yEEbfXOvgUq=>@Y;^=gqI zst7JyuIrL8Wa11sO+k()UqEu$WQPF*)Fzqcc>AR#Xm_%x4}#hjTX=?2dk%9Zm3S)8 zm7vwVKM8`$lS!Q;4G+a-bV^On7)8(h7Zx(}s;$sLo*`XMS%FzDT4WsF)smk92H=Sr z0xx;!hF_|3yLq`sadvrly16Oz&3&DJZJWnT0|24PBM>d9y(SYiWeg$^4P!)KJ$0K_n&ikPI^&bjVW7pTvSeA1Pb`DN#80Zhwy* z^r?xKmn6Y!aq=ER=y*rG$fM*;k2oMNjGjRC){>YZrH+0*9ouo>Yo7s(H^ZE!Jy@wr zit(iw_RrQhVLZCg5V`C1n`TmMR0T9GCDgEZ1{B&!!=t8h84M#9HA`(YQee+57WOkx zKUR75F(&Y})}F*9{qKRX>*jK%wEjurPl;|$YD!Mv z^dspRx0#Kc;1Q!s)|Na=Fri70g4&+;83*gMbBm*5yS8{yOdDp`y4Rak?QUxkud*-J z`oAnrj5V&+KYD9;S<|8|0rnZ%b1_>HGON#iT<-te9B&Wyb{~IAfXBB=K_55Tk2S=T zIT*x};q7>gR-}K9+sE-r5sJc=}>RJud8`vw=*uQ=3NnVFFc z_AxRL>ebYNJ)-K(b$8xNFv~Cg?eM2o-*rdV8)EsKz-6YXbI|S<5V}Q+R1^CQM^nPYNIpWfV^%zn3oqlyly^@ZSF70v6+5pQ9`h@;22sSE4jeKraY@2-3syYF2P`>5$x0b=^<~wV&=I%HozgdpVt(regA1dR#EvzF; z4RL`_w--mmc|XOK>eS>@_Z?QmxZr~SuuZwwEqM7F@3C7+Itr=8*=!#D@4B{YZ##-TOx$ZEY*Y&__Sx6n=eBTE z9Y+kK|99(~;L5)FYERm4x9PFN-WQ(B<%$NcstZJHPSA%g^FfQDC{C#oL#Z6 z9&QibS#I>uE+Xk1GtK?|KL-?W3CNsZwkwoP#uJ2fC;PZC$~q}!;@8GX-HZRcz9kZ` zEx>T9(YFSvbyUE#Hj8b`)ee=JW2uoP{(_!x7d&Iz6z~}WDD!kZb&47vDZi$PGLNV= z8a&YU@m8Yw$3NofsjqUW#ja7jCXHQLgjFcRTQ13pK~&+C?4^iResik~La1OJ!}gHJ zG_F<}gd(D^=ithr;ZqmV6=NZn)--g@9iP_n>hoUbW8lrvy;pcg3Q_~ZP|;ig7t0^z zIu~gg0vTuqv-wp~Eml z(m+@F1eIPe9v^cMIv)d_z?bkh$lH2Ak_Y|CeGmh%Ca1`WDr=D?Y6BXAMhoS~oU z9AP+l7cRi&T$JIdpYbdPnL3LOG`V27c_L zP@Ps%J@WDCa>pQScOy<8P@mqx1V+-qUy4YDJ(x4b+z$-h|86ZNq}TK*509Vn z2;k+35AgUI_1=DL`5&oA{Io&=cU=X$Uc$pS(HtQa^AfB_`H^pqGpm-_6J!88Z&zW> zK~+OAo4`Cymzwhuq`1z3PIkkz@(YySi7S4c)UnDGJ*K-9bzrm(Zc>)qGGbsnQ20^@ z@9hBn)(>_&1Te%kBNBr4cX@9zU@MDVVy!_uio`e{6nkk<=R}QKd}dc>%A67r)nl zlYT1J;os9+LS2 zlfBtdkd4$?auqvfl|p<;m1G=t2yJmHC{MfZyWdas8J}>$w)ppA;yXO|OfEm|qTkP6 zYHY#lV@CJ$XMBEn&hz?^_w|JCHg5t{?YdW8-!HrHxL(Lg<_$-y)aiM9sFC=vvKfmu zXgO8Da%7SoTc!|-f!{ZWrXLY!dlWsm^Y~7kX2BQmGd6ahcC*H-+JQz=RrBveZ;8*3 z;m=o~iy zJX*ZjM4?S`7#~Qy8Cl%pimi3%=FAqU{3P+c0tWNqj_6mzcBqLH=E!3);ho*@SdO=% zmHL|#asY|$<%#t#O9K``f2rxO+Y3943pTUF#ib{5prN;vuavZjM1wv%IUpw7{SCQh zl?tsEa=HJYA{DOjG${<(pmX-wNK8E1Cc#{l(_7zdeHo(2ZfGKO*8BH}GSZ50&N-Y< z^&JPc^z3E87boiWKKAiD_8pX{Z|XR&S9Uh);-t(EdlP*%3vMb{>25(mNra_pif<}3 zmU`JdW6~aVJU&c9 z93{K$$)UDVzAt-SZEvkui@^Np{zZjIxVaZ{owT&9_a1JCd)nE`XiCwag}Sug%JAzb z0lrqRfe9*4@A4eJZcx`and(q&D__ScgEvil0UM$fnfx-EYd5adL_wFW2gX!fa+y9p z6-1h*FGd{~N&nu8sZDYVENI_R6kEc#6Dv-(jp4J%K$B!4!zh)5}kqvYjKrHG8d6C+M2w^Pqt99k|y^b784 z=_+@jH%T%uBVA{Qd^@BOV3S~%J!l_(p2sn4MlWeSq|bm6ZtjqG{0;fsE1sSfz>gxd z{q1K50H|F7c<2^5isN4_UH!JMV{bY=*kTrTdscsLO7s@0DnCk9O+oe`Vg1ITHFKyp zR7bn04il}4X_CvBnV$Io8{CL9p5xs(C_SXF%z+0{yS-`PZX(KYA!m~La2LT@#-wmbkA(_t22y-J%LFQ9|CJpkB=^sH5N`zr#%dA+29(9cvM0 z1QXp_v=Du|Wv%hfXA$-=@{<5_;T|V)m|?EWnyLYSFOHesk4E9lK_xYJ2XyQULF6+3 zoy0IR&W{6{3nE9ct*en>YT z`M<`!Tj>2vc7j^3P*CeS8hXTW|By5bbC|0J{$n*;r9RSS6P^8v$|@0?V8a@&DO2KQ z$3gkN9@eGvD5L$CO)sawYy22XyJw|?@0R-+M*#8a`EiZ^`Hf%hqi4x$Tv=Qme@73X zEo$fMYbMPd;N)Tn6Z+`2_V5$115Lhs;{)E<3E{!?J^^y+wbX-!lk?@< z-1D9*tIX>m*)h5*7To_h|Dnd(Ssrw?dDe3+3igE8K%>|SBwW#Hmo;ve7x=-{>Ra`3C80|!Y#X<>j( zpHZM!@>_K*3Pxui$GMneLx^iq4)~hY^Z(?%nw+rb@3@^DEpBo15$&hXgTC_EI=}un zaIG|UVGJ@)5=3qiM8hAMSn#-HtpOI;1C0QTW!91h-iL!&AV?Fzv)q}B48K#6j16e0 ze< znfc5Jx5?*c2Eh44)9&!8dFGqR^ZLt_<(k*;eP!f(T7M?j#ggk>ZvXmC--4Y}oL{nL z0y?3CIf9gvT#qe;8EH7pF*SW$u{TFn^qrU|+99<~5ZDXhEWRCGZ(S9pq4E_0UySg( zjDs&s4Z9{dF-{Q`A8WssCO58hcFIh0j3Xu@Bq*|k znf8_7p&724!<@wE8brieD)1onS4yyE<#t^`L@wW&U18sZE|jrn2OrzS!|A-~4I=Nt zlaZ9#O-us0BPxC(ppsqGh}T~Onx=K|d07w8bw9m)^qdxch2`^Y?Dp-~M`w(SxesYN zIB4&3uBUO+^uQD+Ug?woS5m&5lK{QPg^^&BuQON7aH?Z>hozbXuVjxLcH6V5T~S$r zD#zL`JbEu%@i5VLgxjVV1itRIJAs*TvDej1^ip>-a(jRi#D3HA(6Kg}NR<6%3J2yI z61x7ig4P`%U#C1guFN#Lf0&y9EmmWkQdBy~aTC6BL8A*Idh)Ih1%e+>(?JVBLrO^T z$eN!oJKB`?xW$rD>+J##qmAK3>(GdvjzY2o_s{bLS|~p9ik@+hnk^{?W+5cQ${%BN z%c9j;F_Zc$$=@)91U&zqY_Il0sa>^gjth15(K3qsWFeexGFvgTPWRx_Vn`nMH2_f# zVeQLFi8+K$q6>q$1RsIPVhT2YW*CSS9Anft1BJYobrbHe6;3Ii|0`B`*pgJG6}`p8 z_roMN0Nk6o&SR+L&xS*!AkR5OqJ;KUmE8|OjGiTVXSZ*&Sr@w2B;aon4~%j@x|MtH znOg&V21jfYgn2S$(~H(|J1ZPn z4})evar;6$9<{EFIt{gqCre|^cTCH8g=Ey0G~8_r`_yrb$Il;F>PSMj65}e}76_gZ z%a!Aah@XU#1pqX)5+)8VZinCBHwI~E!7?X8KkWs-y200&x$!4lyvQRH3BMC230>G} zWX{w+;Z@*Zv&Y?HNj#`6I(gbi%tvNO6XFGkHri9FlOZc`LjAW+nl}Vf8e;i`J}p*= z#kLe|wPtyWuH4-|X%4b%>h7<+PHrwPp7(lqyM2mLqs6r~h8v`vfsFk7(v(SXm3goM z^f2;{)KM$(+;zk@oc$z2jM=KCZl$uXi-Eo~TPN)=ALrYN_@}mwO~si&#?N=^R>Y(z zjSp*ZUutn1V|lp;sb~8xQte8y=(R$6U}79aPwPklABW^HN_JNhS{HhUm^K{%I5L0#yt_8jglJ$?)rm&Z*~JweE&8pLP0 zv?AYseh^G7BFSohHP_Hv5d(64e7b|aC^2*X@wIke zC$Xfgxl?f5U`TZ$tTAC{n=Mj0`@2oJYuzUKJMIZe$}7hK56p`|+&mc!T+{J1z?Zb_B80}5K)asX=P@=vj0j3GUwfd5B=x&}I*_i}`>`h3pkShO z(gs zR6gOq+O%z!sh7y*`+RCL&K6sdW7L-kXrw{#1@}^%+~RWVPC@d6wt%_gkv{&+k6SQ6 z648TT7Aj{a?ANi=m*TVB-urtmU~H{u;8C)q(T#SL!azm~p@6WHx-M-$=FVt~w3A*@ zmgYiFD8pT>t~EVHQ^H2f9}Dq`o7u*&S~uP+Hsklr%u*}$x3l?*Y$09x1X8liw2wkh zxQ%RN=hG_sIV<+pQ`cCD4Q0W70@T-$&EHk+2;?O;iYUmXsf)I$3XXA2IR}!UY1$5@ zcugMZRmF2=n5DR*)pF4<<#M8(h$37kVaPU4{ykVxQKYq~fuv7sF8-p!7f$7=HWJ}J za!gD{iZT+?3c`vq7&AIJ7)r>IUB%mjId3tdWxnu5)j0N?gev68c5_3Xv*R`XErQ5@ z2A!u^6^G+o2p@LMj}k3#Y3(5!l>;~(29a`E8yL4#>lLU#Mn4^s8TyQcJH$Ja6vXjQN#e*;id1)yPrU?5&+Lg^dUBS-NUcM5 zf5a&covSNX9Cz1E%FzVs!faUuRo1z=L@rW_zC#0iqYEO0kdwe2>}B8rwKk|N8xQH= z2#Zy;KF{YxW8vR`3xD#G==}Up14vZlL9JDXI{E8zwj#Zb$VSKb>bTk8-YH7FMR)6!l z;>SC$=6h7%@KPQ8iJ8y#cTaasUe2ZL>(tPgp;9r&IQ*Q8q3b|mN4jisu=tJ1e^R`R zgu*Q&uG*97b1DhmELaC5$A4jR(KdDT-FQMa2(48D?k_HW;)y-az940kWfvC5hR9N9 z2r#Dn2Vd^fWRnV=)wS6K>TA)k?I{3C^%Bn?H0{mM3^;jNSWpnU4c!BYp^%H=Sg04h zUN#O47^a>vJVZcrJN#68xzwu(3p_ZXgxL<=3kP9)GPCHRGO zBly!c+lv5J`+U}{g-ck;wRH;b$UmgRyI#QSvntZPy4;~<;C8Y4H#vBhScOq+p{t=a zot;XYzoD%a?VV?KdeEpfG-^M;jd>G4eOpo<5JV6!B*>MwtS_!#_^lN;$5vLNDRrvZ z=k#3|Pg<;9T#S!UJN(N_qvBd<6DCyWYv>|3rC=yanq<1>-nL8962lcLcKTC`Q<3eQ z;VQ}#>3abF0G_oCzorcvRNMtqtRLKN`326u;(&}}3A6qbN*}+#FfUI6OMG7fJt-yk zRhyVj7q01jC#0q~Mp;H4fh6A&_m72*zB8Ad_w(1Qv9sHEdhcO1knf7&M##X76R|u7JlyUe|;Ge7K^w@sag5M|>0zTfn?McD{ z_=(TO3c$(N3-I;fdZPI9<*M!u1$o06ML^E3S&cCwVCofIU9YrSJD!3B<%iWswV+`R zBpGoNtF-@M0Ix+Ms3F>hRb4(gfP-_Hhm#GbkNa8K+W(xwpnO9hgA1oD9%M;S+sloY38|j|>ZaPZR>pJo z-f+~RxszwG#0D;5SpPgb*=ka6O7sEs;rY0YEi zzBd*MN%9b2ZVz!o5M)XC#H=N0E{XgT1QSCIotc2iAVZapBBb?=v8ik!)$5-Cf;WNa z-2;N(*TEAOrfy*od_4U$;5xuS6CPWv->Zsvgo-?rZUThimVDwX;1Tx8mfzZyy8i9r5}`XaD|R=&}x#6s|>X}MNw2h9!05^wm530n9R-{{R| zi6!2bI>ulGd2BLA`Ed$k0!fByQ;mC_>muAS!83LvnhnY}qcXpR3}3>X&=8EjY$s}x z;*|`#VZD@deJk)=f5Ypo2#QwiupvtLe8+7cjLdk3eB#fvrHX{RpO(EB-<_A!1rSJgV#*Rm_CWg?Oldrj!Tde$1Y(Tm4Ay40!Kms{|>LVZuD3D=>*ZEVXUx1^@M(Iv}*XlV}xm2 zQ2b&(THI13j^5W)Kh+jkQa$eH3DLkMaYS2G`LAc)F|ImL#1Jpy9wp_gSsi*-<^ZF1 zg!QcSO!Cg38$~7=8?pe7?3Pwvr84ef6B`UuGGG1X@D@=QCz^W242k+ApGR!PXIJ}S z=Sa;VTf5`ZK*89rHqm&1IZg5x5<=8yWRT`U0_x!ssS=q!!U2-ICfXm{4QX%EcgMGx zImn5*@tBJF5iK!Z-Wi56=C^ZDWThM-NB{j7DsKNKByhPFR|(^8YBKm0J9<0dddAXX z59wvmrt=9$L^Qi=^8Z+mjbDqYLsc%3n{*#l?j@Vyz^SP+b?G3e2IT9xte$o)DS6R+R(o1D8$YJXbFFn4PrSUN(jW6>p~%U&J*2ZMmv*A)#IJA+|23cz%A zzs^Ly{+@a%X6qI3(xxI%7Rs4Zckms)JR~nG|FNGJ9dN*iL9?|apch7lfRAmbcPLOV zNuSA1u#_bp7mnMJ{tn|7YVGkpuSsRFgRvNLD zs+BIXrHmb7Z2i;Xk;*5Xran_0)N6<_#?fv@Tz@m!xT=U)`B1F-r*Mk#!HEt9)Ve36 zN-^1@g;g}etp`H};y2yY+xhoJx-T_w<(dz%q=WyYFq~@NZ_re8p?SnqDJlT|5yt`4 z!`~%8+OhP|#x3V_6D{&%r|eU80}#A(0yZu{(+1dD^Zl+e0C+urj&*(A$oalJ_jrBm zv{(WDEduD0J&;yIxpM;I(8Z489Qtl+Bl0xq{y)+|b?qSIg%3``1zZ92%pU^FrI3#yK7+X&{ z9dy|XQPnf`CWI5Ewj`14v{?_M+cu02bqsOzLcl7Z=E?OPZ!j4F8mWgN|5(v_t}KVy z*|0PC0gj^IPtee;IInn42#p)drodXTkj_Vr{a|$-WtFk>(ml29eW~STXf$wPQk%Th z7y>Ob{`?9IPn_c+4SFDW%P8)1FQ|!USxl~VOdgBo#`RpYc-QJ!((Qv!ARj=l?joUF zoj6Cr5jX2o-Z&8yVRpqyX3y*TJk!ksEZyVBm78+!H52V3z1^H8osa@*$-BsZj^>ZV za`c~isGSP9l+$?1HB6-6?x&tSe|7``|GR|qrpq~*Mg&La#?@Z#F!rd%iNx+v>0Yrp zO=*G*N0`+nw3Sahs-*7ip&S`w>!PmZ2GRzJAIsf$#np|iPiad_hv^o$&Z@)Mtu(pp zsj&$eyK-N}pi3q~Rb!ge?^4Ghx;YhTL*RZ6@8)K>0ASfk*uVy)o%_k>y);L?@BGU- z>H0CT{=Cokov!bf>T^GxDP^b_^xz*T!bA8pvTGH>PEMlzv7UXQfmSTF%fP<)y!V+= zK{i9KOrQl(k4B+|TA4pBI4{RkYOZAaAJ`_v2yS-05`(vI_&~TDxaF|O1?aL8G zF+LMGj{nWX<9fYuJ_N;D*;?nob8E6)rhlgoKbSNLiXOZZnnI+=OEk=|VOf|v(r(Mw|;G*okvzgiPrTN?vg@H&~)`yLD(xOo2?;2 zneY|0sI~;0-+;@m56_L}X9^C#3rdAy^O18z%C(3jH7~Cl2i%q^OS*3x^Ou*b#*t77 z2_acT8iDm?Ii8));m&QIF>j4u61QYy%_iJ2kK#Z55_Hhe&==i$7{|zqOgCm#HFTgs z5xp1a%$HLXG|+kF>ntOXBaoP~m0Zc0v5|R;N3amv`w(%va_sMjCkReBp(M^)6xxYk zSxsg4=-XI&&t@-Fl~!5Y?1Zau2F26nWyWTWbuEsK!5i@+@~sBmIem#6JKngh2EE8`a!p^f

@i3`)+2XB&;njfETr<+zrIs9PBj`y)=MPF&XONf}b_MUecKQIN28 z_t~oD{|$+UdaGaXVG>xBZ^xThBwVmirRVp(`6LYwc1=6*#U&g%I`l@;8ZJa>rz$BPx4%M{7NaAn@`>9?%2W&i}^^DTUBn{ zr%-X+fn=>c2b~-oz5P2PSHwq!y3h97y29r)hKF`$=Y{A>379%<@Q=sxu>TD~9kh*a zp5DvZwkERrGhJNua<0@nB@Az(0CP8eHI!w+%iIFvGH!HxSMGY97dkP)L@bV`^L(1PAp0V*b3fPpko z1PmNk-(L`}a+}X$<8KE2y3%U1*t8S7$9>)5{W5K{r*Ipxe>37ZcM2;Ig61##<^*-I zt8TGMq0NNuVHF+CY?rQt^5JOjJ|`D&W?P zRyxAKAD1`-8_F4HP%3>|JDk0Wx^aHwY*NT435aK`bNJ~6vk+Y0XJ%guLIfA zry*kEgU9>3rfK~A{`lnd^`R+ZwwxK1{5@w+F~LbHyfG8W>%&6RPfM>BRbKqe;zh zLHe933$zL&MF~SO2V1UeJORETx5-B%Q}08zn&2emB%E3!Wt|si8Z(g`CzvPY1xVqe zx~N(?$AGY2+A(iSGLL!ux#lTC37rs@Cdj=|j^G!!@GX!;1Ig(i_sS?xGz_}gvde-= zHi5FqH|FFxVewZ6Cbj5UKtfMYz`*AXyv`&?>SN`^s?afE8J3a)=IgpPJW1n2&ISZ2 zHy2260DhWS)v$rMA}P)wDv)x=m*_4>%GwM#J0~2Cu|ODn{!eLuun=?Wn!v z(4`((tooY8-_gPGhc_oR1)^1%=ko$Xsbaj6P`I+SI}GtiyTBo*+73c%Oo)eS*6((! z?Ql%plpANd?!{JD(aWv`_S9+D%v#kcRCAy6+LUL8&I)bi%}#OnN^bi+KPG!Gy_yfp z+@OSB%E`%?6ES9Cuvo|Cugbl~3;A3Xx{T``u26Oc4SK6X_(v*|Tbx8rl2rLiZ})nI zLs01cK2O1;#phe&U;&g%MZ#jw%fZ58pL5Z$L|BW6XfV(ejHUvO2@aF-6k*?IDrh5N zg`(1`fmaylb@Egoc5XVP!nAfTX`pW)goi`oCj#Lx%!;TXED(i{vkOB94;1=8WWlS< zY4ith8inI=Nl?I|rwO{ml7C}}voM5`YtT7W7ft4soi9^9O-Q1m3bf3g5aPtSQa&RqPl6zrjyeS3TA7_oB&fw);WKpS5EUJPg z1l8zODZNQHl)b)iP) zMtl0R!i>K6t=xd8wrg%S-k*6hn?I=doY4kN7z znVCD?nv97(ey1jtg)jGatuM=I~QjDN<>l#Z1Cf>aKYuh`Ed%#AS;9$AvI9Lcj~2=(HKw4 zfX!zR!ebv~TKH;?H@%<%*~gi|;a8maV=~i)S2c7mRm&CX;UC0_x462@I0S*lsUYCQ zTksy4V>POW?=lQV4Li4>FVU?hF3PdQ^RDFEETYuSqOQM7_CUO!E7NT}P<6x2#?z7$ zpn+~?x7P4ofvaB=9l5DPUu9owygK**`<2|RO_NDD3q!C`Hj}h09^Gm`ld#Pltby{~ z@cTxO;4(>^K%g+6M-yG9(WyP%_T2Q&&?UHEYK zCTmu`fS{QRZI!Wf;^5m4qdS-}M4k!7MhH2`AB;xG=`^HGs2h!^(Sp|Hqk~t6d+%QD zo&J3A=I!ax!JC7<<7QiPO@`aTFgKv?X0FS=lyVr%xRUJoR_OVy7O}buDqGO}>#1>B zl?Uq1s=u!EyT-8Y27z-ST8?JZbGy4)!#DUN&l2R+6;?b1>e;)+Jb-cspdRQrU6DxP ztWFfvQqWr#kUr|MmoIlJQ!Pq~6;`=HK&rV-Kv7p{wI5A(Z@^x z4^SMUUwrmraPqfd<+{s`iFAo+~yKuX7`zl#5&p@|_&-OiCAard)uK z-c8t9U@3PJr50PjQsPCIxGQtwQfn5asftP>wa+Fo<^(za+}-lFUO4Wicv>}eQ9MQye06+IE_DrT zPybmwwx+9Jw8Q(xg=ak~w!Iva=tCrMLdB5ETf=-&c~SfhG9n!p5>lC8IWg7zlCd^t zSXaIOQ%$z+&H8>L77#Nn;0Ub?$9~tZWZfz|-_9Ee>!jPIL2#CfdyxSe)QvHx3^?Zy z3-PX$_O|q@QR1%cK8yrN>*}ta2$65Q<>dIK?ty4D0=2N`2|p7y{nCDM7Y`WFX3vFDcy`{8QpT! zt~a6SVHTW| zs_Et3)-Z#T8bZ2c+PGpmcL%al)N$0a`wyLoe*JrhUrqgoM4}=57hL3ZP~06VLCmZF z{Bq}IvHrt$Z|nKay8gp`{MPj!*7YC0*7^^2NCV^6{hEYgc5T1>CdMM1)l?N;s4ePu z$by=z_s#-Eo!t^`c5YqP&*HOYrp<3ioL}N@D!J61F$pK07habyz@DM9<$8+oPhhiNk9LNT!32rj+x1yH?ZRM`NS8_C0+-ma*lx; z<`-C|Ph-h>$3@*#aPVf-AkZS9yCNx{)?7IW*mDjZnU z=Y21se9x%mt@biagLNcODR- zWpIHAEsGCCXepc^Lbu}u5o+Ct8HD!BU=d+x#(>d1$=jA8d%1Sll; zl|Y&nx!w^@6fnp50z&Eya&z_{)5zIZfWb4wJ{-+&q|N6({ zU8nCrUI66sqF@l8yIR`5pqxdLr*JPY2ZtGx4dfr_ADa+!?>J~TowAdvlTP8j@uyWK`x#a^DM zz&pu`#7rcvsj~P78%V}VRn!9xqjo5Dejt3pb}G~P!d~=xI^~y-93@eI{D?L-ZLwM> z))}!Z1z-1GP%Xp%5@4K#BoJ!eYuJh)cCIQd?(F&u8OP zzMN}0r;SfFSIG4ulggTdYc~pLaPxWHSyxkv`koPlGcSPXQE7c<$^WzUKR$~h@ZoeX zD8wQP7Lpq)f@bS~wtLT>y(sB_wzqe-*ZQCP_^s`KYy001@^l1Oi-UrlAkfZ)~&}QCOae8g!XtjltDKL<;KgL{MF30J>m;cOH z18=NB_3HnP`J$uhFK#fffv`1p_giGFLD|-9fW_tq{kXrY7&HA+#duhTSV96<5Pm_p zE8D3HagvJUMg4mG6Lkt3MJOG6D^ktAiD1PPd{fTlmYbO0D)q zTBZv*3CuiB-W;DEyxaTX&A}^+{m+vRy_N$m%G}^?CaKA)S`ZQ zi|uagzkm1cVE^R(Q8j}|?Ser~@dYArd8OUTLK@WNr4XT9DO;P_p^_E0OU)1Wj*qL&<|eWCi=p z>7(Bq#z#iTRt&w0z{#@ec*5s+;vLKXzF{L8y=6ffl3d`H$O^jP-+ue;H|IA;A(4dh zwSEG1CoUNeicKVJO_RU>=5(Bf1)c02{d9057nEQ=BFPuIph|*mAX%gyH_E0O$)TTs z=DNR&jA#aIKG0WJifEf0N5Q*vLOAu&vvRWWOu-MFI{}MG-fKf!De6^7>Io4Enh+uI zhwEd!4$yIwo8Ur^m-{3KrmS&agM?JX==X5Of0zO)R@+*(LT`wn zzdmxdYC6T@TzC_F)$qPVZ3m1cLW(<{(#*)|$k`NCA-VKbGhTt%ExSJ)QVbvhI>MrG z>KayJ?%J|%)$?lma{_s9F9=TvpSiJFE8+bxO~@YSc)Fi`S?L%A-qm!i*5dwC!^z0Z zeSJ6^;OYKT!^Ub4o?A5oOe5a|)YSKtP%hjTIFy$Yivob@&a5v*_UYXDm2ZC$dI?WO zA`-@lmrP?gyoU#Go0fK~PiK!BGIi4A=Uo;jUDz=rK)62PiRk*c>toO7$xSDA$KI<< z)Qkp-DVeu=!*XO5dHTqy(DV7ryk$3a{9nd7Lm$NpZtgthbx`>JxiOozy}4$ zrN|N8lIU0#B}dNeYbx)kIIC{WU4E0!%5d&(R3FXnuH@~N_g}@j?nceC#V1_F(qf1D z*&H8`Gt1)Ri0Z6geB8J{-Ndc90vO|FdSt>bZOtfy1??0A(&n zvbbASZOJPl63(VeSl54{R|jtnP7ciMyBnX1r}^5cpLj{+u)Uu`QX{uCu22Gr4Tpjx zuDm^kS7mdu0IFrV&^#)~mvv5qxxcyoKezJuDgNfg|G(JTF8cp$z1-=&T>Jmr$8YWb zv-bb_%Kd+u9DG(5xvvLWhwZPOBOY1U{%sAcGqNAUk!q^j;fV`>5y5D)=!aJEdDD`T zmW|fD?Bc)K{9oolV@e}}D~&eMF3c6q=Kr>~UOszP^8bGJ^7)H3|92n1HUGEf|Gskm zubBLGZtf>U{>(0*tYT~eg)-i;fT#=0b~di{@z(F^UBj2@0Bo4f3Mm(03^2re&5N#i z(IrK{-^@w2paUfdpH^I5L+0ZU-ccfUosBK0=Cz*3uCuXSP^%*J1Rd#ERozA<>kuYN z72*kf78J`gnYh~x{ZY-3^21a4;qJ!2%0s>$7W0}`9;h}*}CyUE9z2gz4MPCZ-eUZ%`xe-A<@F&r| zAa|6YUcD!V-XyfKxtTXdTkSS-45*ya2c%rn5B7v4DUV7(0!Kt^_SKQ)H~G{H?+f9n z+TZ3=rC7S8c~FyFhjJvL@W3dVqqM#jpsA6GDSe2EE z-NNZaPQg`Oy>x0ubX?c{XEv_+2qmF#%Et)pprx;lr^D%~g5)U# zS|c~+5~5WHOEpy=AJqAuy8C;;`+WM8d1Hb9W)h07vNHb<;bhh2wY_0G!F60(z*wuTfz1;Y6?Go&O8kYMPN zAmdDKst!`6+cjW70U1yn<(O6WDX*Wp5MkGZtbn;nl7Gph+Vd@P{Bz)_W|{pW_6oj&z$@F)r}TkWJIHbpN!C{ASe=At)^KaF?hYk0 z)&kvpf$p)2bG3Q>vaCTr9KHYL;ON*A3v_b7MPe&vI+=Uc?Dc7UrA!T>ahvHEdNWf6z(UzHP^!Q_ABY|<||s*o@^BEx>ky#<~h;$+;<%DTg5G<#aDs?G>e zGzDr%AFC45KZbY&q|M3d_B=%0d`lfxncOaNTpw|gkO(rF45kSYyWjPY>mxx%k`d9* zp2M>Yk2smIMB+0Jb`zeGx|dJ~AKp6E+^&mfZJS@TWnC2Ii_5h32#TWAPT?Xg-4Op%ItEBx}jlOI4?3bbbnggF3Xv3;1 ztc7O3*3wwK;zP^-i|BuVY~CX7$Nc8#e_r%<%JqM@p7)-w^*{IVTkC(;`k${^|5ISF z=SA<#*841|PC5lvjwGrV$(K6%zYQ&dbTXM9L%=gs)wrRKY4N5L`45e!g(>h*9 z{Z^+axgxE#0${BGcw7pATKN?Fp{l5nS^DK)H@ z{F^QRYjFe8?%ci@$h`a?FMDPAe|xL9y_Wy)x*i;J_fAy8S9A&gpBMYR;x3wIX zV|j&s{D?LRh@z8F|Lt#R)7gM>yHF%tqTi`5xr{!4M)o_Wt!>5y$-0Ps8=IS`G!EKA z1+~k1ld79k(nOd*fCcxZJ|^HR0k3z1kcNu-QITZBP)pJbRar^kIm?mD=gEIV;!pjM zxWeZ&zCq0&`!_fL<96Bqf9v^+-dg^$$P11UsMIz5y1W51`$38hEoU-7U z_$&$p+AewMmu}7?YrN@2h1ZfoV3c*R*I}v1zf$n(emP zsx`je)vA`Chzeh7s~cn|Dw3lJjK^b9TVyH9KOjG;>hE`kFjbub3TOT^N_ZOiXr~9I z2V9W|w+skmytCi3fb>z1y?nW|w(xyrzd7^QZnU!T1H z<=|c8mkB#3QO#HTd;14RC%e@TDmA-oD@}YFQjzRBPW^imY`JTxF6IZR(joeYoQ+TB z?X`p4FhS0igX#;$DjP=DnGZ)D4G4leDjDMlZB=T<&NP$QYrxTn>~3tzD+6t0gScqR zh9Z-k0uB{8HZ}$M6ZOyreA}+?SBK))zLOUZm6zs*-EYBKR$9*C`&Xy04vzOTqoV6$ zRq*bU+SzO5x?_Unb>!@&$(V8aAD~@*^aH`1aJ2CWFz4DS)QONk_rK6j2PbIbQ+7a< zIqG67M?|RoP-_D-=q|e9z^x|5E)dAw24#maGOD8%BHLdb7bd$D#fd68Fo zzj+D9yzt@%jqUP^^#`jQ)6g7@a;wsuvyk#;b!%^ooipmr-cQxpo8anQv2|g5T^7bR z?&)?uCeJpu&EBY3a^|0K!1^PQLgLO>m!Z}Vs(vbVy=um z(?;!H5;__uedM@XJsmE(EE{%tO?-fTh&{|0aPRy(kP5Ta9qK4= zQH%Fh%%OP`vp{5j7 fTo6968jeWPYFU)_p{)|@-+ldN+y5dK5P3u1-uCx@EMouL z*(%q6d;W4A|93CHwf%2x|6AMtmTCWc#{#0l1|Fg9&nD=P)9$xy@6<+{pACwP%X1^< zVpos4w*0Lve}&%GmcN@={%&sfTZYxIw*5@|U&ZQ&mSgr?q0#S-CO;_`c5h|tTg1{g zW+High{_*6kWJ5A$3=VIEzEh3$DoJ)(nh_~fosxiFV(8opw(W1Nv}3r+3j@MC6bV7 zwm;GMdcJNOt=`5r4^P*2zBTqP5qsw&+*fDsTVvH-u&NHpnqRN2es%Vg`BL`EGys*4 zN*0>c*!~{zf|q6ioVUiC+X3f8?Ln-8k9jli!zQ>k3I5f8v+aNID(38J>e9#-UvE?l zWM2K(=R40!_P^&_FW2#Z_wrlke_7{$`C9Y8)TRKHa4!y3)wH(#UEmjY#NxI6gSqbrhuJzx!@^^784sy|)K;awYZc;okAF`BwhB`mKEW z>-(cu#cyv?;iO61ddnQ1<}nUK7j%#UxvmhQ%gLWXL5Zg^lkw&DADyt z-;!j^N?YlsDBpqWeh$&=%9Lu$z0T8?W(MGrCiBy$ntQokSz0@`af+zDTFu?*1yFKZ zVPAcbZ2*&2kah>0of9tBoBcIxHdM?J%hFo^mFlzF;YSZGtFPj>u>NO-^W= zc6MH@^*{IVTkC(;`k%G_2W`qty`>VUeNS4TB`IJQPi0)8{*N}L@mlM$*1FtY>(XEA zT-G|5FHGlBICl_-!D1kY8Zo~_v3gcz7cDa9RO${Yj5X};TO;s@1o^+H9Dm#29QmKK z2}#Bz6>ft0h}^CK&^-Bn=UJux&&%GO}-#Y&Lk;i}EEc$yL`+fJ=?^a3Zn6OBS zJ2V=tyxwb--ma^?er*D`iC6MQGzsy*^Vy`U{^|PEO%oc5?rQ44n%b@T6YHNpAMCw3 z`T4(hH#QezqBYU7Fq*}L&2>zNgD3dLi?1*#ExweXr|w#{`GTc-k(>PH02V z1AViLwtKx9fyenMl3Ynrt^4dioUs(UieD`nd|cOk*0nz-{<)++bO>67spolxz|EtB zy;t`JMVLVqhA@ZQKoI&{1^jf!^3pQphk^dtSAH3iC9&=_?{Tw@KD7#ydxDPA2&lb2 zB^^-v3VfmN6_~uw0#f=)igx|X=4yeQvTne9VLj@q!`S^ZC45Sw5d>rxx`VAjM+e6r z-kjVI2I!b@eV6=8_#DUNkg;%A%Y<*$-PRl`zQEPh?Wqv(r=Gm_JnSd*f}E%!KmP8i zqk%pnK|t@i&_ zL@g94<_(4S#RPUO;MWW8e<`tjB|`gSw~=Q7xS0%}J;@TM*>bzCR8y0&P~zfVc6rb6 zM#&7$+wL>BH_za_unnzZ;hq;wRm`Nc8PHK?*>RAQIodjCh(kfD;Z5xZ7u<5{2;Hal zxi!hPYV2yua<;|6ghrWd?P9ANv4EWVEE>`g`i#JX;He|`%jv`aK5n_se|Mg?>do)7 zjD7bwD+Q}MBQ=lDk(m*KVUX??{2-9)j+sd6sp@SPkk445*r}ZHX-0~j!ZEEs8rRoP zi)+xrkD2_4B&fFYzmT2up&8Qk?_Pg%$H$tvpq_FnF6Rs6rVUasxG z_wrlIe{1>gYnA_6+W7&Y)`{Fp$T8}toRcUCr)Y?2DA0iTSnf6(B8&#<2wjc|C-T1$ znxtVu=hoMjPkrnIgLig{+I-5 zNTbo~QN*&x2Uo;TA-%C>e+J+lgJp>EenH1R!HGY9lX)}PKU+s%OyMopv^f6stbP*~ zvyhFZzmRDk6+4x}iu~%H{0Jmy_gAf$SXeJ{XQ3vayclCn0#}}M3-IvyAx_49)J+BN zLaVODm|7VwO;56mfbxc3E->$gbddL9jd({j%Q_@s9g?t`kc3-@2AB?be2(BAMCu+y zE^9ncU3Fo~e|rC+u^hHBr{e9kq|iU%MVd57#dN@~ioQ$tN@SXgRcLCkI5AMaG?Fl^ z2W)`4$t3P-)+GA`cujX`zwAmDu+e7j_PpdOxx@Eccl>@EzAtr9SX~!{Ko*9C&tB;H zcLHhwoU!x7Pox^*>*+{--7ZWGT9@%II!dwcm2CG1qlCf=!4EY_`+R>Q<`^i}86~ zg2l!3FuK*LY$6#D=uL8&j{fhARzW(MOphVUfU=#gDuO{>7W(1<5d5XpG3(%k)q6q! zTQ21o$(kp0LRe}m1R%+n_4kd6&5^a-{dLOSWkk5LpFB}v94Hy%1nv#kI}}oppnwKQ z5jpDv2wynmM5JMIO0H;f>a&3C+U~)ZW63Fe{D?L_)wjMzZbVQI*qw-Ac<-Fr<+v#nu z^S|B8Z!Q0=<-f00{;L=N3N`=kQVF13J@Ec&0u)Dn@ah1j0~`hKRLoX?7wNwUr#^ai zLveIrX;kpKJ4>>k_H1B^>%4YrN%anS?J5!X>#TNbQFfixZt<*kS{-9MbBlN%s;Yz5GZ^^5>Cm5P#wg*2NzmcDi+wXqxH2)cqOkCOjpNV%p6!YFa~AkVr6IWo=xj zI^4ZbtkvV#m0L~rt}B0hyL|VV-xVg^f)mb{0gbvjF9{A`E{e=uz>*-O?}0B7Hg!{9 zE>ymF^qIR32`}rxb*sR^l^0oI$!?r|7cDCTZwXHGbMYdTkJo8P$m`Tjv!;msqIL9_ zQZQ)dJT|^XpFgA0mR{Fy;CkyG+152}naYOr6G>FuQ7$q#_4|5XY@*RZ-%eOk>j5N^kjP_aX|sqWQ|Z*!rJ;2o^mpcNd_ipS0fB z=_BXUZ;q7AeslW2Ih^>62fsO;-<$|f)H6j>PX(UDA%RyzO2R<==JY>)vf3qdLPUZm zF|^6L3|TaSCm|bAABQLAMb_S(&@iOpH|M%z_eTSX_d`l}u|tt?+R$a1(xBW8Q2x3p zUH^XVT$h3KphtL-Z0L>0=3WnP!yF#jHD6CTROe{xfk;L{vG665wpYL{)q-&$;^zJr zdUf#T;N)O^^p<$^9^K)q!|oF5fE5!*5PrNyqcs}UqtU-IEKvg5@|~#GWjnu`-;Mmg zZdn6#p8r?1{>S$7t?jk{*M0of{$FeVueJYIx&G%ZoxtiUfiB+*>`U;vT02^;9j(>{ zMAxoXXzgmXcD1s8wT93y(9`P6aaAt49Z#N9SSnSRr&12df!NTs!HYhwy89D1hD7oYw3`RI;Mq7e9VSWB-@!#ksAerO8@p#TtNvC6S`V{liFAR;PG~pD70_rm; zgJxhKns2`Orf_QLt=+EH2ktL%;L83|_FUKJZyD#$IzKbd;;bU^e}&pr6G7(#n?Z`BO<)k z69jdVL>fzKERYzJFhrw}4OFof@F?OW#0kA1D8|XydXA%@^#ny^q#em(PKNYKdw!vB z+8%lzg;Q`Ui`A4QT|ps@h}ZI79iJX2jFZ;U!QQL42i_#`Ml6}cVe1LnXOjtw(7*SO zQ9!w9c_W&1;lFAS_&E~0MU(E$7BX$-DiqV=sOF5}j>-T_@IN14i1mrzxuE*A9tYDtJlXTN3VbQAfG@7TON8v zpj?$?2R*|JWuBc#jByyE3Bi%#ZU~=%4=M&Bz|iV74kKb?>$DbI`X%EU_Eu2MXZ41F?1lDB7^ z{s+cuWo%sK3&`3^1sZW2LD9K_Ph>U$GQuG`fUYZ(NF%vG%?M&2dNH$z0))d*cf*u> zr+h`h2^S|w*9Yk!%n8bhg~&;Fz(bW2?W^enAfJ%CWy$P znr*n*BS-h*z)}R-q;2&nyCl3L?+xN7;Ds8ge|O}4s7n7OV}tkV6+nQa36Agx{F~*t zBK605VjX#b!tw`GHG2$w+mN}W5}QE6qwU;%S@txf!(=M&K3{gdxzqa}ZR2LG0dG1= z6OrHuE@`NGBTSF9jRqtlL+Vo;7JIkmnQ!@jv(!PGjKjaU)3$dVM*x!x8lj%@sB z8MdBqpNg_0F5sCu1h6d?R6B+^5=S1dNg2~5e?T}VfqFXxh@ZRCp&w}ZBt7T(4b?^|B#MSCG9JAAfNhs5JRg|$I(@Lw`4OOzSw?mM6zKG_ zCO9AnUtk)7vwFo>yCbQoL_i;FRLU#48R{0Xg!&{SZ(3pt9ox^jgGh)6jGMn0 zH`{EVCf%95<%l3r0?^0ka?C%Fyp;N=c@$aBA_%!q+HXCXC5}pHK zIGJFYmwk#c2TYN0fn`hxC*f2I3g-a00gV7pB0M2&v+1CC8e$(ViH>zgWNT>Y>RX-p@}9QhVM{nPdRg#o<0gN5YX`oTVZw?uDhAHh0Ul)stm(Rd>@c84u^;h zo0*rzZhPcpYch%_b>C-XnGF$C8|5sben;-Y0Ed7_mt1}aF+7tr($Gip6xcu~IiMt* z5|JMkfWPR>yoxf~WskukYffl_X$Td8sYpb}zOph_NK8dSCc-A+REU(wE5wI8Qnygs zFK<4@tz^8G4fKvhMhaM9L0iHtpu$fD-10Eu1n8w^BYy>omtRff$^fCbR)dc|i$qNQ zl%*n^q6y~blJxPMJ2EU65p)y*?a$+u8Zc23E9V_c5JvV{^_=PvF7emdvdsyc%ktO& zl=N{@8WfGOKm$S|#EDOUk`JbZaq>eb$e*dwp3=x?JZ9>;mJF|T{1hSD_Rvp~t&+p; zXUorG%#M|M+~8`hFk>Avn<_)yX$wF|l90hvadE-~&tb{o#Ux2_XwdJH@i4fglGlh> ztoA)a>fCo$pbsul1=GZwboX0!PjEe2+}GGfhj4zxvW&@*d;4zVPrqrG{jrE&*LE=hvLSmV~ZI6=xARxD(XGg%-8*eyjlFsaclUj|p(95dI>U zRm4QYG8tjC6a<`~F@5D3u1ehw@`%daGq{3J%$Xoo>a5|^R0>{E*FBLD_b{S-&`t&urN zFpWBfZ?;5ukPf10WpM@Ds~#{%h>kpA`R&-z*xiw2F(8s}>R8MKplFgGH@!Bcf~c8K znWPpuH$^>7A27Lq0Ye)T4k7Fb(%eNv$~O2lQ3J|gB|GRW z0#~b>dI;CT6_5=l2!cKli)<~u{v+> zBiITkM29(@kyqv@zX7ZLGv28}85>^D(sF6ppax3A(n$dZ;(~CsS;?64z?F-fW_uGc zK9K^mWGo2g9y%E-DNNF@Dwyr$7Ls{TqI9O@!=WX-N)Dws9euWdVoeLW`Rv-jK_LIl zrMzQfq}7X=x`xmqC!wRDFKAFe9gwGRBnKr?kWLKSTEG}XSd{!{wzEvr0Kis0kJ`fo z+A1_4iVxsv8UGYun(P*}Aj+i*U|T_1uNZ)m;>+3!*@<39NN<6sJrT=6cX&hFKi%E0xt05Ot zvt&3!SPvEqd?(eGrXpbz%%?CL8liv)pVNWficILBBU;tZn$u+VP2UDJSAc@lOAo!G z0z@amWvgE?mvEV8hhS#j9&-e0v-e~hrq8~}r@ATUO0YjJi>P*Mnuy}&w(C>-s4ni9 z;KvB3D$S3jCe2S!p0%f=lK?l8i|IU5=?#H9o?|wRXd+_e0 zgWet-?f<;@?qu(W*Kb~*{5PP`kFQVO9ULq7fj!;F;oi~7>-`UJ_Kwiuhoi&y#|P@R zRo23ggi=-$F^dERs{>eOlvG$m7aYf&#hgm^92Pu8DdN8c62=o-We|~3NJk{{NxPF-yE_F{Zl?K}i|?C?Q4lB~Asqli2a_9d zCPZepFheE?`-y1J$ZiGHvv7Sdjs|ASLP+jmGy<@-c!Ebo9lre9xCG?R0g#I-SF+K_ zhu|h{N{|eU(&Ajr3+(bk)`v zY|gZan_0th_T?3hPLkT9EpU*F&>c)@C2!x_z=@DbK(GG#grE+`mDhuVEZ2&#c#oEvoa>I8i6p*>&T2@(p1 z^2(9-@{8I!6u&~1=HhWJ8w+Qe+YA@#j~P>1P|$Q1jP0OvMHmeU(31|rFhj^12aAZ6 z8dOuiDc~KML^R3HV`jY#&D;?igjx#)d`nl79m)ABQwzA&Cq}-aqG0YJ9{QPGN=ZnG zk{Q4No>s^C`oNKyY4P$I)zXHd+KbIN&cEz_D~ECk{5_-G|+r>Zv| zOf|ESFK8+uki#@%<}WR5wAjXME((DU-o29dYMmP#yx%)KJb3r&^?&u{7J{}Qj>Bn9 zc0>6NrgE9tk`O{C3x3eiZWKjrf?=x}4GC9~E=ro~GXH>5$4T?Wh?9N&^*f-x==PvRL-U;ySPO{&7$OwZkAFL-7u{tLJM)|^D=AN zTFP4|*StIXo#)p?c{bL&q}T)oYG#(rhjwmW|K|QO|NktmV)exUBQljc77X2cFL+-7FPpfD_yulW+pACW+_{LN@45FpawUK}LbBp4%Qekj$nY zKgS^fUU8BG&roe(xF)@pj%`W;;k|&QUaR#Z$j&0+sSeCw5gIGzSw2=OgCNsX!aQw_ zfNm=3)NJ515Pgj51_FD3|-Qd^SOB0rx*TCWf3q&SIv{rO|gngFt zL>F7$)|U6I7B?csFBuE|=w{8kTqS`PUHx6V)q3*8m=X6`Kw7PD(LZj2Xa9sAjuhVp zIp|xhUov3y(b@mr^0v3Up4&TXwLYVxJSXvI^iJ}Q#O|S(TPBgJ?+qN^A*tRpVGqG(?Y)@=XY&$!) z?S1$6+;h&o`_KDpKiyStztyX{s@JLq3-5%t2V(7;b=khzx9a%3<*kc_S5TlOd0>Fb z3$$%DL=7UY3GqcA0W`z8POjBe5d=SW6^XKeLm-jsr*9Pf98goeeB#9Smo|J9yzUc+ z;8d>+Nrk~DN9@jH(4oQGLt?Ya2g3}Gl0R@n_LjwAk6Mo)l01@b6}E;v04wI2*vdmnC4)s+h0!#zrh;)@FT= zm;GHI0loW>J~Wu9Xv?M|N_E|=t~&fF^Q6z&d830j0YV>*Vty_H*4$NH(4AsGKc%{I z8V*t1%~51ZK~%MTQSL1G149=Edlk>K;8+`+BqvULb^>|wcONV9Pce+ipD3!OgyL*N zIq{~lKU3m{0<>M(o?_*$&|%Q={kF1*@*yCf#VB zsOjw2?6~Ow2ZypE1cg8gyf;+6@{5 z)c4EIV56P3Bwp;kidM(kuj!hkfD+cEh(=9iHjpx*VB|uS1yDl45otxsHF|(l()cUx zWY%m{!D3AxDrMe;hEn}(1&i49UC9GOjB9>GwA~bQaHT4dwfKXu9uHk0wbkkBEW^vw z=8CFSuqqyY5J$6qGaWq~j`f#TLK?bV{!n13rJ42+F6}(YP?T0hA4w1N@k~FoekZ@X zvpTk;T9{QX?z{)QX^u|4z*7ApJ>P<@(x-R_iVNzWvFsDOqn{};>G5P^IA*;;G8QRD zKlko#w{NrYZIUq-%+90b-J6(-@tX`%4vonhL{l5S%A)MjQV*Tpra|Nz+q%y$$ATV~ zwi~BBl`V6qxO|^o7N{6}&U|ri{=og~70Lc`wN`6P7Uu5>jXO%6IjnJXN8^zqKs|lH!ZyN;m%2X2O>zFVMqmF#nN7K+{_X z!&jlGBC4k^R9!hlN8CoIw)=WU0>9O&Tl4I6bWP?8L5L{UCLU4mC_6E(BD2Vy3&)|1 z?_9BGeIv0p?{-!)tXjGk*Tg95CrahScDX9Z^}7m*1Bti4Uv10Mg6YUxjT3zLfj-se z7wXMy_^4-kpRsbL^dbj_XnV2A_Z4={o`d|nU=5OcdaF@RDpB;OBkNQ!N%R`KiPnktWu&17X}QE->NA;cxq(qsVeTE9kV&+1u6}^q*R+q@Ivk*NckdDsf+&l=n$}b z!pGl2n{VQfRpI2%v;}Q|FbGYr_zes+Up}T@7XEaRa@8s4v#ZO zBGizUOr#7i)p6JFZ?)jD^%PVn5JSlvTq`Pb3U%IbywPxqG=HzF$h3aBJ6TsdiaJS4 z7V@29b=a9PJ&q*xF5<<}F*E0UHJ-okt$A6*Sfk;PQ`x!AclmZA7POEMs{oBF%aa4oqT1!zzVv?8i9N$V z9nr|KjLx`<0*d4gxM7Mg((JkKuc&egC z@04orXw6@(Vm#`@Hmy4Ecc@A6DZ0e#3&53steVrJuEBXh@BAsgqByhx!E4xWTwkRO zWL6Ab=u=p866N21rB%Yp^~i9=po^l_h$xAV5bUW|gNxv^&W}SR7Js$N`2|=(h3N); zR1nj7(}gGE14U0Vap{p*{QbPTzcOC5b@M^!c2(tO>wWeMF}YkF-0mY&WWfIn~E&Njb|)Z|*kfq;;mU z$K(46CHF=vI_Pln#`~#xz67K07?daI9hRlyr*=ce!*_f!Rtxy4#id=PYTh%hDN~wk?~QJ?~ja>>2TU3cB=g z(W-AE%lqq5fm*^Rf)Mq_5S(#Ph(=X{Vf0}-ml@BnO>eiynNl{`%0Ke1pnaRk>tG|K z94jFH`eAYAPck}`EN!x{`G}Zs=lwHZSqZ97TJ@Q^NfH+#nKXKV-)zwRZQNEPa?0&L z3KNPSd-f}|&_~-Ev5_|)6VmZ%=NWdK7rlZH7pJElymD%CFN$*mh0@_$)=X-fSZ)2 za1t#L4-yc0HFSzdCf!fo+B|rt&=nODPp8qE1@wT=)$&?86~P%zCw|w5-2g?8H?cYi;$x> z?}uUVm8MC<0Qf#Ae z#uw@_?iIpvf~$u=9tqhqh{0!XBJtB{fR2gdePY8uZE)6}|)oA+b`8 zLZbqq)*;h(g_S@SuO$lauZ0PVJLH9bOU#RtmF~81J@7fMW%R+xSHwu^SwcwS?r=Ta zbaQS0$jt{*pMz-g(GPFNoEUyEmZ=@9`}{;z&%)|-KA?$BCY1%VPD+8~-Sivh{Z`=oIMlVcq-ouD7-Y#k^I+c&>GA*@8l7R^27ASm~z#lSF)06z_A_@FQT5t$+0O-$BR& znX&z2)j5?X#k$Cr&>o9~wd)9y{zC9sdypEPDa^EUuuRj0F}<=D9Nv!=#MF0(R-HTM zV*RL}0k9#vGCA|pmuUcYig_@TWMeW)vgh7*btC_vq4v>_VOXeJOZBZzv_^fLg;-Kf za;I2!%~(Z+EA*OVuA|s0l_l_R_t*oNulSi$JzxA zdXu&y`8i{Hg*myzW7Y3cuLNBpq691Q&4=r>z)bdkNsZ_V!2QM=?3p~^wi5;R*4EY4xX(;nPO>D$2UfGZ?;NzJQ|->~yar7*TOLb!wwU7N!~B zHa~a+?19^vYpq#8kM8SS&RUmch}vfKIZ=#%F;YWrmcJbUNL;h`dOHj~josJS!Nbqp z*Yus*o#&v3lCGV(z|$djWwzx^OQlwemhgD|iwr=Z>R(ZfhRR{u$job@J09O1OO2JuuPcRK7W zG}zwh?iB)yMVEWkqXP9p&D8O%r~Wn^88=u&I)iYBO(JVE4t2Vz?I20m5XE~mtUsM| zM#bv)UD8x7ih0BA7v5^Rj|>_|nS$?#Y)frV6o4*{OiK}m80f@FlVX=O^A5TqpQqXP zu3y3u7nBxzhfWjZqPTY=uhY7?v+}OJH0R%D#uK7Nhh)^5Vme@h@0PjkJ1?x3HW)_g zTh+x(`;z{qqSC=vUru(NhQR5MN4T0-Bx!KfToSQpk=jX}frtbw6Wy}4qpbKiVmf^l zp~o>_n#1lwX}@Cjb3z7^3AZ4@jB?NfH`0%>=7(&$12$dS-+n3yDmw1PqcU+oYELZ& zX%u$AZL$Y1N;2cKOhHIM2RwtPj^|%$oIj#~Tb7*@mXLuLuuo7J7CTkSbSgmB?Q=be zws=SHuVsSY!HtF1{%UUkfV_7CIlHW~M5agZy`{rG z6ZBQ&;as^_;CgdzKEmAsraA^mo0`#ybx$_xX?1538g>_!8NfX0N_B+lXyZNrb! zf0*l=5~*G%zYPZk%2BUP)!ky0htV0ifR;lTSN3dhae@@e80el^GKg0oqKbWTZMbtbwmk|HKdHU|D12>c6NO z7p4CGGec$;dKZ#P2H#lW?c@T@WweNHg$78RAj-$5Iz~T@7WZ2vTi$sz=g!&XrrM_e z6?O;wTg7XCDrr9)Cfp-5o)J)wiIdxIABsCu^uPncE_poMniiLliUC60lH*J$5PTEV z09g$7s9@nmJrQQU?E=cBvp)-pF8iCyE=Y@YPhB;6#;bdRY55N9#FAKLL*Ip{2qxTP ziu_d#pP~UtA*ulHbQTKVIMZfG^hfVp^fLEh&2~@uLZr1w+0xU8KbC^KV3%t%1k;!7 z?Q;J4uRS6N@8FUQBqJ0QRWdx*&-QnwurIonP#v~pz@>w0W{Zdlv#WFsD+Kn<^JP*?78L1}stib3Rpc>7YbAK{~ zVC3s{oAO8r#&eCG&Xp_Mew z?ZX2%p=+^e4w7LW-EIZPsviOtT`?C62c^)&Hw?UdMnCcHS_v6Do$ZN^Ff7!_* zi^7`ZUcF92DqO9cC%b4guk1}!f)4?%eQqD}@eO6)ZZUxM2-KptiJ&_wkQ|S`Ekup5 zmt+>z?v~M}*0lO1FcRq$-?#1~^rfCOtaanJ=~oL^>bf?)V4g-WsyPjow2qtU9elgb z537@nh(o{)I^ac~Xd@92;NHLm+MiQ+v2C^*oSnbqho>}(Uz_)=dzq%z8`tYhpxr^6 zDm}o6zmfbPDy?P)g&IOmLEVk{b;@-ALGDNo4nFB4jj6e)kx(im06I3<{{tFvECP1M z9l$(`JQ%7=8|h}Dl69c2KBK3ZYm*VoH!dCC`;j0eD)ST{BD6e+B2Jr++D&q2n_8@= z+w+uaMv+(w-@hly9bmu*^>YLi3=*K%;tIQjBCxz-b`?al7fC6}9IB(&MpuF>o*Y9R zxhbqT;Niv%=${Ad)FNJIE439-RYlPXXswoeu@)MWx}g5RO(`KHoveF{h&Ik@f6k7g z4X6&qPC(=E&cW?LI*W>7iC1c)=_^f>HNOm2>%}gIYc=ElEP0Zd4aoS&s;8KuO2|+4 zQfm;%rsAleis4@0_@?o1JFnA)>?|_dZIvLCpo}h^JbY7kg-{w3O9{DI{O<>3k|poP z_OxQtfkDy&oUnps*g(U*dsValOFx-BGUNnxdvY0Z*=zK=YxuYN=GnWQM>*rtuzE-% zs+XLASI9yLWws+I7$sYAE=drTT|E}4VJtp4L3=#|;^m;~7utI*9Y1N)af`)Ny-}ii zjtF%SbefS!K#-JGMi{BQ7}1Fb1L-G&)C`nz#R}aOJ;{yyJejAB4e1Go@9rWJ&&0>2 zf8p57DVQ?pykw=D1u61P;EB-2X>;J_tb7+(YnZUAcc6IThrz)mYvc^y2?GFu#(@lN z6{ARJ5+Jrt@u(2U$Xr~)bJ%!nnUqM>udn8wC}ydv{-FZnaGBk9;s30_d0MvR7o-$j5E`BshC(kaI7`cMuP|lkvXm}Nx-n87!ilVa8SMXR@$>SKC5l@G@-+DNjGrsr zvA~kvNhK9Rp?v792Ji>XXS$(G({Ue2hNYsHqD}q6)V94};F&mgup0WJcwzllbXasR zR)qBfQ6>@ohJP61%i-;sBfJK4SbO)hnz)q5UyrZEDTlg1*epb8MeyaStMyBbfY<*8>-76y>C*GVH zK<}eYlYqbbrf+EsS%sCbzDjbXJ_zUJm0ZKJ#$^3iQOC1=EB5wX@(lmy0hgBgnTxqx zIliJ%Sb?pSAz1QCsO588Qr4V9E44Uy54}ycW|3z1+DWQ825vp{dq-4cUc%1Eez=Z2 zSKwKT9^z1}#}PPf|D@L@;VDrN(qf!HKO2e69Xv=T;_#aJFqk!#c!yvrBb3h5mbTz$ zA@Q`935Qm~Y&6ukL_t;fn<>F*lfk4bUHcd*V)MYdT0_7a)4HCs274+yf78UtBsE9j z@hM3in6e{pCVAKv3L3JfH&)inrGm2l3bIp{#q|Di*;xphLePGQlK|QKDsl2iQyKT4 ztr`!{X%XZmK=kyPduLv8Vx>9IQFoIgbmOw<>XMYJO5h=gA8j7Naf;`_PNa*p)cAkc zO?TxSTGq%lOM!M@7nBk-NQQ|hit&*%g+?X#EFL$NQbpYUsI0pw(9c4j1N8_BzNuGD zKle9Rn_D!PORLn@^K_8%G@`U0s!I>Q-6j!5?^ z%*e5~GhqUlB*Oav!<1Mmr28}lYsuLnf^sLnMYr+b8F-gtfNTMpW9qjUsPMytXjbtw zq^f1t7zJz= zWZ(!!X{h*gZEiU~#H2w`q}B-6ZregJ)+;`uMA{B?8Y8D7K+m0E%LhqcZ&TS-DL+2I zaO`->j_65Sw0-61g*AGOPPAOVZel5zXf%r|K(yXE;Dr_@@tufu^;jNuA{AlO2j=qA zun;mZjsY!#!f)wnIY1qu-v*jD=QwudSF>85-fiEQ=6Lp{e7&*rvZ&=9PfkBCCk@o2 zgi8qB;U84m)n2y6O8&Xw<2s^0Gp;6gbP2mwOb{w=p4aH*Hvd26BDOPGN?3%#53Ow!uN95y>w`dd5qoZWI8!nj2VlLWjI zG;*NGVF5ODx7>R3dSoSQv3#cb7Sn4xT$47e`!xI6u|ZbpmDpe3XUhHKkgCqDO-UW- zo>g45e~N*#e`!cHBe^kzozj>DuV*2|mv{6)e3-tqtHVna`MtY0>do8lClP-S7%>xs zs?u=M-w&;usD)q~R7#}x^AQ}rA&v@7$L#iwA13YbnA!3>viH#iF!q%3jf{&MTRXkregEuv-g?@rYJZL{=eyHC z;ZiIDUHHBBzhbe&eBt?y4f6@9pZ{~8xdRdINEQz=Q|~mT#;K3_D}J#!?AtC5hjBh) zj5#{W2-QD~?PypyjTB*NIWN+|z>{J5&k@Aagcns|3KZVbi~HIv4b?6!?XkUw))pVa zGAXCshgLoXQPQ1Jhl;xs1Oq`kwR(=z;lft$AS?$3Y*Y2(uQGnTk+$IqQjBg{X^7 z#mZu21g~@=OX9)_r2CZt_=^rbF(}a&aq3SAJR#+CJU{Oe=V?d?WL=fMp$vq_C?*J) zaNv>t+4;trE4T;6vLQ}wT0J;{*&-Gbj$FYCQ4Zq;$C-bC7jaVL5REb_L@QtB9(bY~ z5)QXJgw){BkUPu+FILE9nGv>&LD>6sda!fCh~|p1i&8+W#WsBm_2%0x2#$6zqn26$ z|I;adz|)jr7Uv!e8VUx~f7Gj_Pu`IGz*y=x#TWH=^MkR+;KtnzKrps>bZ<@ zZ!b49eER|%PRjkRr3Nj%n3VQIT)$as9)FbY#pl(}o26UccD>8#Nn(H2pJ$V~S7SjP zCj@8ENzmvI3<5ic84|=~f#`H$u1kM^ac9e>Mha;3;F~dL8SGgz3TF=AMe!&cI1$!t z&+D@5xvfi|1-*mW*JuZmpWa!*Y_;gthz~$hz&?#_64<|0@l$^vU4T3x!gnc*$&^8I zVsn3sgVf8(vMuC@Oz>%AZCn7(Z1>i-+M7lXzI;_z^=a^RIOnsREv;GF z=q-vrT&zckWl1Mg(4Xp`&1*hCmzdF8@Qq1#F1*SZNpn{YjOHQ*Hbnn5+zep!%$}Ao z*OEk)Y*qOEJcXuJ!I<#}a_%1t$ol6eldoW+sZPq4^XsTof<>EG&U6$OF|?62-$3zX zBq7A6{i)e)7Np0{`6piqbQBVu7|)E<(W{qP z(fq136+0WYthM22ELlKWEjT&Hn;FG{MJUBINxs;`=dIXJ#X{>ZQ_%Hj_@xg+(RNxV zasM~#p9>*`9IKMHA9A<~SI@GKO$BF^=wP&FT_a3r_f215qhw0Iss6r=e^qSnv2`2#9vp z4t+*@xDFv@BU%aTQ^RdBygV#m(Ycfc4AxJRu=3SltjDv&s)Hxrg4;C+U{v|Z z)NA;+51v)~KKFOpj`|?cBWD#Ex#gWxGt{%I@S9J}Loh*!lRwW%)pXJ$YxVks{7s8E zo(t1ECh=5*BG-{(S`Oce+pUvjSM42!h3SCg59>8=x z-R$e3E{M0csgRmFr6dELQ}EpqF3vii+#K2*?kCkB-@a}0*I~YYJP>06xf}0Dv6C`5 z&isM-Jd{-5-&_?~xJ|rkO@A|Mu$Tu?oV-$Osgc=Tj~K(iRSZvvKkhvuhZ8KwCNDdl`5N*s#hT)hd!%N!_Q=GPp&nS$$U&w-FGuw0iLF6mV^^aXcw z3Qnu|B%M0FF)Pk)pQ1Jx`aU4Cu{q{roPQ|{4@0ZdkECVevOVd{h@qunJwz7e!?U93gp3j475p7@b{DB=y4EC5=W2hh8l5C9YRg z=B!}4o8%{w48TAxrPCYhG*0bgB3tH#UyXcn17{dsdTP5 zEe_+Q*3s@#Ep2WdFy8fbl4}z0A6rZ8ROOG#f!w*@+qE*X_F@P%XnJ8%xA08J)wp5s z9^aG6c%8ROp)~)xu{*A%u731`JLM9N`I*ZYm$AJ+-jQ}aINmn$t`N7opa7^BYRM2C6)sJG!A8=r)ruC_d zS{cmN2d?L1*Jg6qXp#23|!_X0AJMvIE zZ2r~IhMl0?{Vsx3|J_pxFB)TNW#}2BWNFgtu_#(~<<|KYTf_%pj*Z&rEJsskp#L*@ldERemhHzVbm@hda<RApYr)7nrTr|mrurS?r#4QLz_Vbyq=ut`=KcVEyq<+I+8!;$P-uNo^FW}@ zXqYK(3QxTn>GF)=x>t=MF5%J0_|W`xB&1_nbagkF z-M?y90BhT)pZI56BVd|>nF$#{-RtQ0N~9~~I{|TrM+-^6)++;e-4AiDG;X=gUK4FJ z8_eg|?VF`AS*m`tQEXIp1)UkAZWq3Biv8Csm|RB)Zgd3VL%)svWM9{tJ^Qkv!x~ikUgnzdrk7cQWG?s8H}9plx6G^ zk?F7drM=cYxgf&gjB&We_iBc6?F2#pgcU6f7j5-%aoINoTekF_Z#F&e5nLA*AR_Vx zb3DiO&XbUcAmbgg`sU7rC<2VWiOu55z|U~b>hmjnip=D75Tu{_8OVS@fLQ|ZT>+-$ zIqbx0RSIy87$5d$nf+mZ?ln94`S@g{yRor*|GsFDl#f^Zoq7aD`dFHJ1k{uce@O@= z{B(5nogGU)0hH?X*SV^NN}*NaHXoRR&n}}lO}ggDvk8z|6=JZX5Yq0lVnT$_D-0~N zLtzKtJMnYV^d5QD082;EAT&ul-4!W}b7Ml@ z6pc`S=jv(o1G!t>xh6jRT^d(5>|TJT0*F9|7ym&Z!WVL6O;T&U6PFd~&U<|tR3;m#V0Ov{HrJi*`h7u|9aJ)rAT>O(+7vW`qbn)q_d7By zY$WU44j3H@#CrlnZ(T-xTsw4o&W!>`K+Ix*QJ~Zp_8kz3 zjKJ)WSUITky!Ril6?@$uc?`(?&d+@G3RD;b67O68=R5o_p!SD<2^>r{j#k&yESt!s zZzn5yNHmvkxUidfh`=gOL(0O8=3+M+;kN@!rfDH%aJOH}a872a|vH3S*Km23L5`nQF4hKM;yWVXu zUn6LdMJq7AngZ-(PS*hFIMsck?tuM5Y>SkD4Dj_JG)+(6Q05edhzN>~e4Kn_!+nP0 zyK|&BKBLG{lL6*cPlgDLv#n6rQi|al4}ne;6wWGo|4)~q#E-Asqz}L&4^pi_wWo+! zNLv|8e(J681}4zK|9QxLANV`veXLMseol zdB-yQ$bA4qu`LsettGky^ngTWeeho(-l#$};DY~c;mV6Y@!|jY(eTFKbidz;+CHgV zn7hV4El<1g3Xr2%iDtxpT3Grg3sKb59BKGa@>etyiX3h_}g%`(sxwK$W7JKrkXOwF?KfP z5Ux({YQK&5mfj;8pWkIC$0mBzeF3I& z$ZEHx%XC<-7A6)orhHGZ$k8zl5w7X`d+(UwlqEk|lF5-t@DnYqSEy;_4a)~?`mhL6 zO$bBCT#Rbf2`EnTmLRbM;X$b%W6r`Dv=$9hW_>uX(tT_+)E_m#6Sy3>kbG9Abk?^Js6-g8J;-rIhB~jw9=8^aIfl{IX-Xq0l)26NF?WgLRI*SULWUL**oeG(KTJ`Kmz0zj2+#@gk;}IT=ZdT3 zTKUT_q3s`BcJcO-ql8adlf>vFB(@o8yUF`g3ZC%MB)@--dSZNao-OxVvQDd8EzSu+ zgS|boF225?3btx@J8!KKTPhc?+mRE0hEdEUfn7e#etUZuLs#)U!wlg}{|EL8gixb|AUJl|zeGkHPa^#81W06rS1J^OobXMX~uz3@JJ z=YaU1fGJ>+0p{3yHRP3OIR_VRiW&}Ph z5iqB|#|$To&^}K^e;pz89zTD4JbPsO`9JG=-Y?o!dkNjsjsbhpOGwis@?HY-AKqcX z4ZOa}dR0?_8=n@yYvo+2FYdeEM4-znkSCG`)yC*6WZatT>@31y3b$GGI-0iFJASQM zA$tPDh$F~s*n;&|fWA%^EmUmWIQy6Tajf!`Fy+xo2JsK?(66GY~7Dq#=Q{QJtqR~=}~flE#KQqE`zNTRrY;qPq{n)#(E&+ zKuN(p^D?-`DDcnruR1(nV|(Mq|1Vt64EbwP{zXSd!i87wcA{dp&jlF$ju+Sj1c|pn zPYPP-q6_B!c(DQXzu&rem6+>IXOU7urs&LGsBjO8S%Qtoj+&gK(7?0^tDY}!NDZdFk^4anb;3Kh zm{LAv(pRb6B{V)Xr5ZltZ5+>8IIS{Zw;fMr^;youl_yGj*Pyl!^`iW|g5*U`Ui zmoXStkJdg!x^ERq(=$~oLzw3oChQH)G8y>FT|74(Vq(#66?APk6D@z zRPZaafD}C?iCU1!1?2})=8D;pfdWm*@m^byB;DJs&s>%c(=&<_RRn?~nmB*xx*t*+ zH`c-o`P%Evrn!L7$99+GsNL9xLY9g(bzC!_LX__g6VW(G(iZRF7_sl8V1J!~9!$W& z=&8$^VGsdn*ud);3k{JTT*>A}@39{GWl9k{X$+a}-#Wk-Q>h?InJ9)rD zUVuw?Q|pd#LESB(lRI?!3l`bd)hrX&n#M-0qG`MkXS{9h5Gb@c_|RIiCaNaEWxu}e zKKp~9Yfbwn;PU8Wq)6buUD2N$i2d&0T(BLbEk?P2)CK-}jOsx7)w_QOd~f(#-UTh? zJn!tOFF?`%A|K5Q;OBhkGobLH=sQnm~H z4`B5U0=GEuM6hKct#z}GiVAGej?!>CHQ)Ao-zqhbgE z-6z*}Pu|_`i3`Cuws+HMCtLnWHE2NKGCD`5gxM9&OFCSD`a2M0{d=CfJ3bKjfA;tz zANOh!jX%w5mRW|^#eKOu`Mq2{TyDP_BNU`0vvvz|mrZ;-sai-5j!te2F52&I-3EMp z^=@m0 z?;S}6X8(@YgHseMrJdPaf)2~ac0@~S0y8YNwS}lU07n0*`~YlTaXx{({XZ{f>m&XZ zF*FOg0~h}+2?z{nwXPfl1vo2Q^C|kp!Ka-qJljk0hB~UG=1Us-a4VH zPoA#T4S+BK60;xA$NSJ+f0?^ICt-wUC6~aaFu#C@4RiVUSV#j!oxA(X+sT2a=$bN? z9x9yq408A}HlP;(+`aK7l}8`?#$@8_lURZ}xC>3N&@r4CJ zhWf`{+KioCz;AsxecQPGRyzxceJYlb6zA~3Ab_u2W zf%mPRWx&hnC$itQ6hQ9oF-$Ml*WTv#ZrxO%Zs*izeEc29f8iR05{+KtRlP;;_9KpJ zgpKXcP;*oY4i>v)TM zmNK^cI<~fbE?!dir%PA}*i;-T)?2BuEzBzf;O7$pseS0nvr-o}|FHB2P0M}j%dme`NE1`91o-%-{^{UzED73biT3|@cBx;& zZ6v1zcm8UaofiJ}Ys7XBrAM!(LX@8lWxs&WyN|s!25vwPAIsKu;5lgP`_CdNppVIC z-5T+)r*Ql-!=f&seh~0;KY#Kk76oq9+yXgo{Xsr|Gb{pfz5yUFfVJ~D*`K=>{%y*b z`0BTjc}ZW-CPQC!Ssp_MseNtYMmuz$b%s;Gu2&Nu&?vkAH%e#lSDEKd@l)$}mzSie2ZaI-6C^b;p;h(5DhncyR{$R)mI-CHF|LmUi zE)2>N{tNH;ufTQ?*I-#J&!?#{l0$% z^|kt>KKP(7$_(Kwu}K)em21AHnJJs~R`k;6iO%a8P2WzYz1_IjXX2E#{2Nhhro^bB zLf0*?(dV{+2%=Gyi|F)s5fw)(lTV@`f#euY%rsDKvQT^aahY*3GDJ?7oeUz9PaV!%8TrqHaZ5U3=l zxh+kHp2g>9hpI>5m%@Kot+Ts*>jW5oyF+0tMX6E+VH&lrN}Y`blA_ zUzwqR;ik(|GK_|se?En!u&`Gqr7t7VN1JgJ90Z-EWHbbiSebbCt^e-VoCs#i=lR+r zB#4j_h4v$4^j8$niE&}=Mb|Ictu?5(w|&hEc>dtvptk;$4Sx65j0JH_+5GmK7j%Li5HG-SeLB7?+|T9s*vzXaDX!e$-(t zrP@>fuH&*db#sEYN1*-hMM4cqMNSJZahagz$hd9Wrl8dE$U1E`2_@Iwj)o-MmOmmF z@Z9?@ju1ro0rcbY2Z_Se82I}EEnCNc_dJUGKOch_(Z z9RuA3h_zEzM2zEzK`KgCOt1i@QYV!{L6lLH^srCaQfP99et3>&pG7OZQaeb*ngw$S zHU!u0gpM3`B9JUbhY_OfCG_&$Bxx=IM+zz2L!uR0t^GI7n3_IX7IP7VemX;-mqEyeDZeotN(;O^~bvJ_x+0 z?Tjb7(8lfkS5IVjkgkNM1Q`pC6RcWX5$tC|EUaQg78=)ED3r>J1>Y!R+(LxwthvB_ zT@Pjt$w$_=I6UXmRtTJXT`ODygxS+}6@&b;L=z^|U9B@okMV)7-~<`ag*dFxKMTl6 zJSDH6ukC-}GSEI>_V?A^YFtpU+^8z9G>bPk^RhEC>IKq=rek(zl2}0y;SzW2l)|`ue5bqZ% zi+3+_c@$h4R&}V(KxY|!I5eCw-KrfZi9-QvCn$%6-tm;FIA z)_Or3Pt(%FH2c|=5^CUwfg~VD#BpAdV?cjC(BaZiLx8)k=pdtyNU+)2*A*jObC{9O zB&0fAvey?@SqAkPFrvAdrF?SX=o$B<5HGLPebXH0tYKCyx$|k@k>9f|Fzb zCYH;_1aq>n-KyIH5G2r2QH#}8sM8rz9Br{LCyW$wpr?g{IAKstx59d#2B&chK zaS}dn>07x74z5AW0mcv0ZFt7_f+kU*RcQq4B*cK|dN4k7G+a2`tfYPC^~`q1xixYL zD$;0*q#SvGm%PP^{|%=UB~!MG3`k3q6|AhuyaYQ*x8#>H?$lyZ5gZ&RM0sKziOXk+ zV0o#EdFru^SG%xz(@-TbM8}2}Ou>5`tUp3as z|6QtJw6~DecN)``iwJ?tjku?x2!NQdV%V5?M@HLh-g3L_@I!`yUHO+p?*x7zRa}x% zbAHAO&Xc*3#g3k^NySp-odvIQX@tc)UY-pcBxM4M6B@g0VWwp18>i!wZ`3DVbhe3d zM-fABvr(sm+g_lL4U&{fmUTX(WOcJdQ$!fXBRwCb%=->JkqH=v`g~hGq9Mk`(LhSK zq9?q_;ssrxJ{6a8Nuy5R!$|nINu^(DVNncKO}YpfUs|vo3&F%p<7lpwxWDSLNJkb(d7og56?a>9Sa1$->B@ZoKbaTqSe}WfW3pK zhXMmA^6jMMS(9d&?dNh6otRV@Cvb})E_8fv}NVpO2fi9mKKr4<_|^uQX~2O0utin(n-cf(v3^G$V(_)EbH; zdQ6gejw2WnYQ{fiBUREj=P+UQApKvtVSLV?lZzM~)TJOwAEG8PCgJ3aXK)iV*^jJaw*bKR>JARnFRAYf2yE=9m` z?1?G%Hg|R}K}0$4cKVx!LpX=mOP>p9_AF}y0g*dhXDs6gW(v?@56J6Q=jmA$(vd7V zWxQn*FCy0@a)=@-4$Ipz2+F{Vzv767*4_IYoLq{8K@`PINOVp3hzYWxa4M2+1g$01}}60a9fQWbar4UXf&?Xyr$>R zE6xEdr4_Jrq^lg6^iBh`)l(WqR5(Tva-$0L8_)+*9FQT2NMS(WWafBgio8e9>=X^n zLeui}R_3JX2L0Hb?!1Y@J%}U0)O4f~o2dow+m*Yo+q;AYPgyueEI?;&Q3J73=}$Sm zrV*KtLlNM}7}^#;+H1y?)^F5Z%|D=f?F}jtLLu|uy?O9L$6Xo&GGjk6d{2~LrqzY-K@LINWnk=(;Cr#Jx@yuo7*tFQa@bsuJV|AMda zJAC_w;8fe$o3C5??d$!wY;tHRrwyoSw_3$K=rwp|jZ>G9fhuuC&_P}r3R_FIRdwpA zkNcUBELOwP24ft9-mKXf*19c8B%gtpvn;vjK~s#WXMzgBkw+#*8tX8CGZsZOnY;%j z+<2D4EOOWnG8+1DjoPCuoY-i+7~j56@HM6p1aiWxR`)fWbp@g!O{1BW38yR+dR$ag z1~$JOO~bz^5&%C1;go47Ca~U=vynDOVnU>T2SIomPbJx^Ufk2J#tq|F5yPSArcD3i zMRZJpSrC!#vz#nF4IVhqBYI5|BE+eBr7=kpDk+W*NQ7rY?b#WizK(nxV;W_goKHCs zQx=5-v<2@q0;;7&2Jz8OX}#7YjS0(SQM{$?c)AWGyNe*%yb~l_wUF$zYRHBp*OaqF zO@_0FX*sFhsB(f|HT6HsgPG3u_J6oII)Hb12yDCGZn+LM%U={g%1AUWHSJGD#li=g z!dKuLo4`)5@vKp0E16Z82pSTudBKPPs+6*H4x1QxOAvIxqR9H`)Nh((#OzEcd_jA< zx>Hkoh{5@)aion$tOO{)bU<*ZRJX(1fRGRzI9Na&*fZVLNa;p=jDx}=b^z06w~vmQ zG=A%RuuxkwU1*I6Nn`M$ht^Qm&dD;;s6Z(OjZr%SOHewL)oazeVp$YgW;-NW%jX25 z5A^0JyFm(*BOF}$dSe)T@4zfU$$zE_hEyowm{BoBBO-4INpfd5`jv17cvYh_`|=uI zPOhn-EO|qPWPJ8kNfIFJR_<$)gnLS4?v2N4&CC$bEQuNpt8lY~#XTHPD(|#np-e~E zol00py3YVX@EaT0VILMJlICxKQKc-jqjQ9;4Er3^^vOgKk|Jc5MWNn{Mj{2j zB~-^jz_|6LOO~>TO=jprIS z%&H#DYK{=a+U-_W;TLI&A}vM zBOIYiMP1h7yws}8lQIIJb^}k&=yH?TLDMOx;L?Q*&&swy6Q$^?8TlPBI5nWuKrXMRyc7DCmStVgz|EKBt?L-w2{ zWZ}~VhVXsA_^kN9r}X^c6}ibRA(unjAAT7orDbRiG$qOVL|{q9m})C`Xzb^`WOjpR zi<~ZF@tU(NRlG}g%d=!pycdKQuS^-u&}=-@Npi-Rd`Cr$WiVBvBRr-Fpzt-v0XZ#O zTU$L7u7kO>ZRk*`(n;RyJQ=%(;8@`SEz)(9kY@1!>Ga#yi%oweM(^EuSEPy`Af9?= zbIOx(nm1h>C-h3^1$CJPm0QMR2Jtd`I+=RO_asW6ayRJEDCaimmD=+H zQrW2xsw4Vz^HiV- zNes`)gtfj_MW9;j=dNZ0UmdCkYop~3_{bxoY7x=7zu_T>i>n+wO>-x+q3skR+rHcG z{gWJt{Fi!`od3xq*t-`~5~YNT&rAcm;`}FE_EXOP((i3G`QIPq`S`K>P3spqVBeEET&dpquPABTNb9QFC8`{`2)X#emwg`J{` zjMXu^wwz}Ic~QG^u%(T>q5$}3d>z6MCY%3PeT33IuY!I|cE*Fje# z@^-$0Aq`%xKOY5*dGvv9#6QysCUjj3XX)h~flE0}6+BB@J~%L z3XA&Ow>b&*pGY5HGQa1iPu1}CM@!S_tDK=Ie9}O++V-#+ERQyNj%X4@Sy-Nb^U+5e ztu{{6iZy62s~XKz{Tv5YiQcdSlI-s|j?i-y6FwmhFc6xdzt!{(&K5fme`8~#eo>_? zw77xxwE$X$r3KwA#@GDt^}?t}oc^`|Z;%=w2}lWRKsmL=l_X*bNfyph-q}io+hyaP zfI|!LYM7M{Tmgz!+|`~abWUsJOjaX%IY%)RZQTw8O zhXtkw^qOe@yBz|A)Z61ZL~%qI5msVHAADLm5<%i?!gG?Tn;3~FYF;#S`iuo?U)Mut z&|Q^Y)B53m^pn>G z586;ijt^d<_W!+p-uvxC-}~<8pMDCz+4$)vf9db%|2^=YKmYH6^X@nG&j;-Ny663` z_w$FI_nrM4imMjZF2C{3#>Rg`rT={He)&(`Q0Wzv{iU?Un~8+$j#)p5CQ^F06?e%Y8SHyFF32?Ft^A+H$|2XD$Da6F&Jl z*+SM&e&ceZyL|IcGQjsK_d|NQIve@d#Y!{v-xo6AAYnAD0BN%z&9`AS^6 zIofcVitcs4bw!hK;6^UTL_!jXLB6rFK<#%_L8dWngFvX$qkWNtB25PrayIq4_-GeOz_;AKxT3!<6 zsLIa|VL@@*SzQETeM5C+bt|HDbOBVqJRQu(b(|3nCU;GfHb}gL@p+(Zx$0b?eB;gl zse*F}hFYC|S0cpLuF`IOAC}l4>|psee*MfYt>j?AiFeD# zQq!Cpqgd3Qi(RZoW4~83#$~-Z;iGP6<*3p-_EpdPsxe)a-sU0#^R~!8)@TkQ%TRlY zdDwQFM!EPpfI#SB9td_cNm%~+@RkG_oVRgmBIK0=Q5LX>DkMdfG9)&_0uC&RLFJ3; zO?BY<;GiV>4gDiy+8t7^02E(7`Q$!TRMEsOAy~(}Hy2F7a&ci#z?I<4kGFmNh$QsaE!X*_X^i#&=O9$c3T-oed zb;}f*`OLakWTuKL5D0(C_{17oS9pAdZ7W3);eS7qWRG*KrcS?`Yg7lC-g~o<$-<}M zf?=9O7j>i5NmG0iyy!!Ajs>lh%J?R8Pfe3L()BZ%)D`QRG$*F+-lR#2vU=e8seYY( z$L9nu!e&t=FS!I8EBb+q1?zPLMc2ps7mjH0WUT1t&LdiT+P`o_i)mp+KX)F{9jGo( zMCI#5R4cowB-*+QJ$!LrcbKU!?rSj)ZK5+jf=p+AEEY6g&4{+NF-WiG!^Xh!*7Ce@ zOK@%u!f^3&Oe4}U=`l@yy_J=GRmq1l5_JM1j#=VY>iDl{M094qQ}b%Bn~F(S(!rec zf4<4+u+H%O^2iL#0gHW;I{z1?M3Q90xB@a4ajFq~Bm7~h`U?10b)I65WAoBaVPkv| z)s@Cu%43K=eOj|lDa+yKAWOrm(4Y^ttp%(uTGw5zb~dk$?Hy=;>)zXSG_!h;79^8g zWZ+go`2OVNe0YAgcX}~AJp1e6+3+rXR}+se>U0UUSF?RCf_J$8=J4I##o6KOqv844 z-!I;uy}b*h^ZhIVb&Z*Oy?^oc zYCaVSkLJG>8L?K3VYoMZd+~mFcy_$^?r`NeYT#O@{db4^Z}yIlhVSmsK{2{@dN|!1 z4u3p3JGgjt^mf58c;Go1p1U?1)929m`P<=L2s~#BHdkLRyza~uiY5ZQ{v@BDy&s+* z9$f4no-JA?A3x>+X#wv3Nwm@PJYGrX%WJO*PbtgU#+qDYtq~J0?=a@K!;8K5=Wk%p ztH(^Ztc=>^x?45u0;mTYxU%u@KJFh5|GskAS7cT*>MJr^G3o-M&mQz5pN~!8GOs+W z@GY(AwI;=meWp^Tuig6w^^@w;igRvUE(hSU@o-8jA3>Os0eW+Oep>oen?tAG$6Er_ zuc=ra?tBiObsDbLs%?}unAjV_}a=YXkwykbv4Uz%`N*RH)mu9j?4 z&Lj(1G(hM3r{&avl8KEdKO z^=>#Q`k981t*H^BEY=C!n8RqDydTZZAYN4%CAT;yDSvhkKd zSUB7Y@3B5+ceyXna>GPeUa_xtlwVQqT)$mP{IN*5IfdNK+eK=5DMhHWgqGPXZ|*(dmP$=z4Q4k`1|bCO(c|eSW4q_$IezH*(oU_ zCU2Ufj+7u<(2Togyk)^Gr7)It;#hPn>|&Xo=Lb?Mjt1U0?<&H-60>6qFAU77$sXiX zoBO&D_t)-q`d=m`mrBU$Rs3k~I)1jjyL|665;Qi9+}fE!heGWY8Tf+_yOaDK|+A;b-!Jl zXm*M?K?cnkv*wK1zv>yY(jl=$E6AK0D{gnGKQ(3<@*R(j)htev`6Lf4UgM}&`E=0I z*1zmD*|L`BZjsUL&tERHu*>S8QWlzPaSoGEUx8)Q9hNt-^j<_M`Qg2v2YUjgWi9z{ z9pImH_=pCJ2Zx9tiYAs*7Qyrw-WOSk$2ndt!|Otb^q2| zz7v}++sm!MTUVqGyjuV>>*2mFl>rV3DWD~oy z8n8|mWF19w+6 z*3b^-Ebt0e=CqEIXQ1k?U(r$Hq<_+9E%`5rkfPh`dvUz!=?jwYq693L|C_yjzh9OA zFE+Ou`TrPCBmW!u|F0_lE3#j4xs?+Cl!c$0(haz$>cso_QJJdYaTXI!1GM!xlK&3g zeI>*5T<=rHuG#~nAfNx>g(M=9cqupv+5>Z&uLs`%nUp2Dzo8OfcTBF~81S0WWot*4 zZP!@D)jTtKm?uoQnj1HMZGb`+TtPImNfi*VxNCo?$cIK9;ety1zK9-^|NHAq6n3CYiDXUf= zPC|3Izf?ZRcvRVQDy8~WbY*$ex{k5IO5cv7e*CwF?PU#YOUI%l#qV<@bCA`I1C_23 z{Cy3i`;|EdGVjOZjVQ=hA#(jwhMW@{^&FMVei!sd*#E#3l1@(Kclank7*L3Zk)(2 zBt!3hgFHA?x#4tMU;X7*AL~C1ycGwbe?wWC5{^EV#!tuS!w2LgsQp##$lB;X{zHGR z8DjCV9;P<>`RD&qT1R;m^YjX(oPpk`(5-Orvc7wiVj*7E^^MBId$|CFQpZ(Pu2JQG z_V$J*iNwY5hgEn{68hy&kb=EknR<((Pv$eS$7qW3HF&e7|LdoAr@e5f=X+OiyuWFz`FJGdz8o~nJJKujBS{@GHx=Vya zYk+X44)S5vb#q@MDG#E&&J{U>o`WJfw@md1XBm6&W}WJw^|jB5koK~Ze{ZATobo2A zmfP$+B^gcZr81DeI@>!wIC14rfF=6#pV8NcC$GLne}OxYyQ-w(!Tv9zq$QV)o;DcY z1Jo|})9#c@X=dIYRB9tfiPMR%R8tERI>wZ9#{GBj-waX zPqU_K^lO^K;!5~2zFqLWBC~VO3A!oa3XnTzW2yn7BrPAM6C6=opphlfY~|qdD*F9= z`BGxgrE|VCiRXO7mE@rJ*|Z*u_ZNd6!|(wyii<2jqxTns8>c*Q@|q52Nl;4TDSVnp z!mlx$;9yAzINe!RQ{+`w!dF!?MdTMJbRY$?s(X6)Zqd*_tLpMzBc_*PyOaoK$zkRD z)CtyK5`PS+=WUB61++%KYPPJtZDViLG|vgj)%5b2&D5DixrGL8lr@NzaNM~8ohj5) z>rI%YS}Q>MrHY?g^?x6pyeeA?A@V3{i*ChzQgx?H+RH_B(NK9j-LERY@6b?ncDi59 zzgpcK_&(~|pQqLCS2gd}2Y8;g%MF@$>wxUt-q~B_y+L2^n|sgBAt21`7O6sA)yLNl z>d``8i2hH_!0OdfmWV7S$SkiyTT<$IAN__VoTOD1^zJD68#*|Adw72MxDM3ctDmtz zzuw+))c2Z+P_tO(JysXfDnf!I({?o>%a@(Kb~8$pjd5ovHayjS#&s8=+%2JmIo9u- zBmdlSc(vf6nuE6GL$>Z2+b=saem7Js*+G2jK!)b|tY=C5k3S_*OyRnhFY9AP{BLh( zXSW>x)8F0QdeOxHJjU}3ononYw1CJEm~F_kfkqjPAj&4i!4;km;kTaYduv6O>QH(y zB~gSX5gX~#ZxB(!NrWZ6CORun@g65(>lsSO!~_!Q1m5=I^?%>+(Mb}`AgCzSAfc3S z6w!qEE&pJ6F@)p{XNP+S?+*Pq^e0TlY1Dd#_VuOhf88IVkaE%TCscOfUp=0dKl+t- z;a~e=I_au^>`!r>bc=>YIJnAE2<;KAZ+vl+w!ZO4_^S1dFJtvL<8;#c=Kt4vhW?5< zWtl)n2Zy4iEQVi5AX`2S3GV9Roc+@BuSLK@()}GW$tCOGgcyB!A1mVjcKcg9mG!@~ z)8A^=|6@F8)l&|UYb`111kZKQ|KKFUe1Zi0MtXjD_HKywjt|^OvR5Z( z=>71pgU$|5&rS~B@2l4xD0Of&JU=`7{yn6;R}J)ibU@%345Tu!YHl9chr|>|5sC>; zAVy3Q9zzV7GCgzvqQ1U66GU-0?a@}RtpTpe=FxEq16Y^~vLO_2NCMqRAIT|a*<^~o z(?Ne!ppXR_q;jgj#rPaxm1su8;W&|swU=Vz zasbE#N9Yimo&zFF)BsJ$A`YMx3q=wl99dPL>F_@Fi9!%2mJox*S=2$86Z<0qpgRzu z$cc&7(>thnNEH;+ast}X9s1~%2@Fg#o-#p1fz^D%?HsjDD{UBxK+oxhuF7r*?;w45 zI7A^P`tOdChXK}so|f+QC%^zlG2GYyH=43B5?L@cfOV7rh2f888hQ+EyO_D5ikcWl z&nev~!dF#GV>*^ICHn%^^z)tGpEhimtwFqPD3e0s1cbDhVoro@k#3+7NywN66i4OO z9XN|A|2xat=sDx?7jJL4vyKzM$u$i#)fPuCeV7KwE#Uzb)j&+3Grb64TINViZ-D(6~a!iHi*^dQ6?cq7eYXF#H)>RHO4Da(zuhaJvY=! z7wFja@7#R>>OcYd$w-O%dC+k()9*MDSp@52%vp?#CojltVaahKil}Bq%IZyIevT1F z8a>clr#wK@MrD`*i&Lr=6a(PQFefA-9IGOw0lVBwZ#L*jlgzB$n1mF=i9u)BKQewb z#}pu9TR{wbNKsm`1ZZN1kuLy^Iy0;ohXmnkOd|+Zo{QD(C~m3Ll z5RzozD8KAjbljlc4k8gAF>Ze`Zl~E@O{Os=<%l4O1ngsUGi4Dh3ZztDn&7Br&gc2D zg+2C(%q93Ri%*5lw(j5*(8a zJL%wv8sh+jM8}blIa23x)GQaj_-HIOe^r@tJ5X2Drmn!}+QE6oXV zjzUxi*B2yfV5gRX7Ue=TLsGX0=2196hpR;8)MsWI?vxEj6H47sg0Uh0N zRS(W^#93mnkJKt~kxmLkDLhG0EEd4O=qwdQIq!1&V2J}0iZP8;<%kL?IC=n8Xj5HvUEDRei z)o;%);fj8p58JN5l`4;mK*b;9N~dUw1sV~OAWi}ToP0DZ^;0ZDLH?1EL`JIHfbo=R zacwdxTkL8^wCSVQO081e?&rhL&ln9eEnE$))*3U;GIO~y!NC+c2tta5jAmMk6ZY^F zRvKPPWQHS4em9Iq;SE)~M#2&gW?s;1_~`{x%qPllVly1cnK$NybP(m7Tr)VIG$+mN z@iEDAYm0Q0I+!Xtp5t@{J5RGwM1yFi2sMrHtW&&63D=@lz#F4jxOSVX=I6W^l;yb| zYs5M57Ck{*&IFxe#dQA(X6Ly%;)Vqr7O^T46-a13IwZ5=9;JFO5^irJk6a4;V$+XobLL?8p=f^c>|!4%0MJ<|a#`nZ~l>T?Vuu z!Za49tTVXLOgG|UH|LuP35XDwQ&^p2PLqkXXb82k&t3S>#RkHWIU5NEU_3In6&P7h zd9{KakhXA*w3W;#d1c^C7dL7utgQ3V(OAuYZVL%XrK0J4QY1BgS3JS$GcY-0xIZrh zR<2ufCWHqFLvSc1Q~Hzs4JQ{Pd?PX{)lefc(Lw;r9QZ;fsBpz)3=U+123#0ZyJ*Kb zU^=tIvhxvxrYfgIt72tJv?`M|Mk|Lvi#29Mp4Ft(Nl3G}qv=R#G*nJmE|JS-vlihC zI9aDKg#aN1X~l%-Sst?}VmDg8Ti!Kj<#yGE9%&{dnkaY`c-r3JB%moJifOs3FLUn$ zog1ioRJNG0{{k^;`y4raYR65XN-H}`+3(t^!xaf}7Slx0iMAd~S&o$|XGvPMsZ93? zAcN?3$~^~8&zwk1laAG!9TOg`gJd>0IH%*h!-60>YK0Zjv16#aqu63dl-|^FlnEeF zSu8g*Htm9_fv3t+%bJ_!p0*7DE@Yt4ri8;0X35No|+soYLK?&@+_K+Q^-!z|2~)08zmF&uXS8`C|XU58eCsMJNj zVQRn`oWt&&b@1vmQ;*?VyaKUdi6Vl9GN)WGy{S^H)-+N^@W6tJEsO=OorB&kRf(lA z{FlqjOGM_b>#_q1(Q(0Nl*pVE5^%nK#yj&^##YyJyj;dMsKL^>vQj{SxF%drmYh-^ zdTNlfd~OoPV`VTa#e!h&!-Xh;j-3+oXm*nuDCI$$(z%llM~?BTG?X$pW^Dn-nw5O> zx!AyAsQ%{4-f=0?4R|r28w{LQNXEO(PmmW&T2o&IU>D-$$d?h*Mwwc+ z6EN?T7y-~kmJ%*VX!5P7W#CMS=}2oA+CeJGd={2GfeBb-NGG}|3 zy?|XGom&M&_&P4c>d_$s&MCFZ?d%9C#G4H@t-jc83>*{TXf#3@gb>S!%umM6Ng}BW zmy@OxqMmHH}QoDUaWDd)4Vut(qaV_Sz9{Vsjg841`(fUv22XakIvs7cF^(3v3GR*>g?$F z_2Ik2-N9TVB5_)xXetbC8;RAc7jnloe^P~OuZ}-m7>HD+O zli{J3wtBZPB9XGyM9LCDVb=k6X0%mUCKsHhoTZ#9^&AE~Mj7}@f&L1P>-bBxw^2ZR zGfwQ1=2QS@7c8K;nXH+**=GfBth>=VZ_H}i`_@NqbCjw|Z>hfEVdkSFC3z9KRvd3XJyYQXJVvEr$-KSfPk;gt^``S5iEe)gp^z)zAfOW;u_^^c$L( z$#nRt>oIt~bWhwurG_0bO|TQj!W$a7zQZddBui5~Asx^OG6lG~&Q?c3MB^+elp7F& zHIX0zi(^H+EKnT=QBn(t?cwyrAh6yC?-mFFZvK85p0i zvYF^u^Jlf-^?C=~jC0(CWK5D!*MK{W=UwNR$H0lKa-CzbSk4*e#crAL9AhB}SIfsZ zQ9JW~bSbENLG-KVZq%dAxwLMs4H&zJb762QyVnSr&y# z#n0g|)`26ooxNGLR>Ulk_%`1N1*2XA;G-W2!jWKz6J6T)Ni7$LvYKv$0F70fU7%*B zRv6o@)e$K|R$zzJLLyYfHXPZ6TUIBetz<=c=hFngC@={YG~bUmn6vw?xqGH?a$p`z z>9ysQ#b)A%*=#oZ8GQh_*|@sP`ZE;Ib4IR}O%YYIDXJzuBcWp1@<(?|sfg~FRuQ4K zH1t)O6^@=IGm8K zDeOU6ujG6GZy{$9c{z@-^u#|h%*h7&_YZRipjULD%6m@nb^6##Qzw(G-}84@bW&9C zborINv|8YTQ#yk6W*Kh~8=EljbJK#slE|*E+bx z*@*CjNFusdo-XP+sNV2fYVqCSY3*f_6dq_m&ohZ6TI=OdoU<}hlXnz0@Ina{LfH^;)d<^;snZA$n{(*N}S5Q0d z8-2B^qViA^dlaF9tC*uXW+9uiCmnPd&-|-z^AsLMMu_=2`}nCCVxHom@E`5Fhn5~< z;H&zCNd#Zclts!Uv`)7F!PmHQrYe`*s>}~~e3dIFP5>s8?iR5fM-ZI@7X=y5Y!*VoO5ofbAKpW)u+M zR7HYQqq=!(obz}qit0JyYT zB>X~DBH~YcbQv(7dZvZX#`A-)^p#y2NoO645Gyu^NEn&cDeT_5QtTNV0KD^n371bv zS_`_@#8u?tDM(AW_y{5jo@hEzEYBseGEGGSaCSvzIs`HWRT(I&rt^Bb0ZdfTW13Ht9+IIqa;30J^^-tV>mQrK=KK;UzfuU_5{ zwWhh58ay;+*e;*pMM8_lE+Z{Z|hJQN7q zyx$595rq4aI0b}_R4YibiOG-w*F_;gOdur75$U7vP3|aj(iCPN@~5QPyn^1}>i1r3 zEU-ls7aS>&SqC}b%Uv_q6HhY6)5)6k60gt#Zkm= zgh`oU8j=i6usPk&Nj@!RT>!o628(mNWGQlM@M^P2J}5qICkBsj$2LofX5(feY;gNY7tCHjL*nK)t|jTd;6fn zpX+T-{MWKwbh5FP8QuoTZ*p85Hy(*{`XTFrHR*A745<9r2~!ygIh zm0stR4O2pxh^Jy3u&mvggHH2~tOba-nDhDt+SK0`XI}rV_%fFrJPq1R=NqloS@8+! z6!1BvmR+SfV|;ZrdUdjYakmK=esD;2Ly?e%P+ePR2#C_ub0mzK1buYWy&N2GtZ!+XG3 zo@dA+PPcp)M41|EA?gv=j@#kGkd|3zSsE%e;SLxx(xr?reNVCf3%tXFx#a(DelFe}fDt3A(InRwK>VIH=ir+I(F@A2z52E*!ai7|vMV z)kdo|G;j1q(yhz|V_hs<(GY}3Lwx^b5l2;R{t_BHWuX_5YZ4V9I`xDI`u{1X*EAv% zawq~EnQNJ}Htx`o)2EZb@%}Ma-%mN5!TI1EF42C^Qx+CU_zsH37Dp^NJ&v+)LZlz# z+xJPH{_{b{SlipMHxqeWPY$s)cAjvi5EP>#} zYs}#UWnud&l9-$S4?ouoA)?oCPWF_u(Ziy))DsNm7sd9#VM;h<+9?PTMyV`Ab=r^+6GsOm!n2{hp0D5QwDpinuS6CEL3X5zqAwnOGvS-7T zikE_e2dd&AVBBs?NS3mQO=jp?qVV6B=Hn!Cg7 z`q>c{0qadp%ECukKTbd3)0BjJN|*l3HS`3?1p^9xTl)8K5_&k1^sXyHAtRCW(Gc(S zr6iCG@jnaR^P`yd10qT*b~pA08U!#1Bf$}kej+PHWr#DLMlFOb1~{J7W#JK z^hJB{@l&U5`S=e+nQ>*TOqq~yWpt;luZe9>F%R3F_6?zvsZ`Rkw?GV5CfV0rJ|{U|QWw=R;x^S)e&o7R%^-eCIQgu#`cHaB68lfx`?jU!PYE&SarCr!;Mz!uQ;M% zWy!(a59V+I8_UZMx>O6|5>~1uA|JgMq#!8@2@lW>)|u8s1{PyZTy<;OgeA<;t8G$; z%+Dhk7Uvo$)vNbWk*d4gXtjQXKY-BIjhGNzjdKb2jFP=IQxqNVw*QBLXRZ z6sJ4~ahtc2-{NGVm(*{XWME6BoCT0&1*$r=^zmR^B=j<;G0|ydXot4}AtCIVV*$l< zo<5PmT^@O)p97HgsQc)cNpmAiK0v5#yq(JQi}j^AHuz76X_b)#hekm}RLNntcF`%Z zL33w=Up37ilrC2EJ?C56Tn&GX7vV97P}BX~D0bJFhLX?YF$YlUc;3~x2Iy7a%ws}d z?R#zjTdUzOyOACf`f|^6uI9Cx-02M!lJOa2 z_j_PS=R2H>$zf55Oc=tD=rDer2i+WiWH(3&i4hL2Os-H0LBb47OUOn?g)$B^DyC>e z1+}%w`3MVVjsE9Rf0CRrCf`v3w-K*15j;!w#Ct&=)?K==*L5dDaxBT@5sb!C zPxA;qV^Ktt$$N-@sKc+lMuW2CHOB!teKd)@wC8z=R>wjli)@hR!-87$qc|+KC!%0y zA}X@muW*(-&D1)}-S3a)DObWkg4?j@zB_MZ)ovA9ugws=GW*3|z=z(?evEI2SLEh_ zCuTJOYi%SiZRoN5Wa|R4Q5(i&3;5-^|CJ@AUGExQ+TYETB<~Y}B^6`(;2{8a17)7i z4ULH3OJ+BCR>$ac2-xt^7;{a3>$2x@7Db6U9jSQ4{li)9VWZWue?o+j4b-#cE|DZL zq!C@>eW5X)JOHfFEJV|q$e;rjToI1o{i@)eG>amwe6$Dcqwz75r}|3BcBjor$^?}< zY%GLE%h`DBj|z_E2Lide~^S%ybv;bP_9b(u^U6kaFmlOCa?jpLdz< zxjB~j0Rpe{rp>J8gE6d-emvNzcXjTs-H4|`FBgoKo*_L}GdGzF3wD2%T>!aTpE z#1pXrM%)J+MJP+YutCqZpj)0JEuGX3=ZW+b@fFxrgsd}9Jb+49?O~(UQoqc>Yyq33 z&SsO{fD1SYb;fwm`ZVLo>5&ovbF)PCf`g2?-bG-?HV-1|DgySPQO}$P_qaJ&*j=oK zMQk#m$pcWLX?Ua6ddnuuLnzVZ$2Jsb585}FC+$xa=zRG4U@+?DHKa&Gs&~swuFL1Z zDfI1IlA)Lh3HJ&!K{gQPWPmOS=Zs%=(4~T3{ZErIGda3KGRh`3yb*?KM;fyPsNf-{ zqG)@g)q0oz@X?P`0vVKG&lo}xHES<&E+HMaC=gawiK%OHcR5?C%4p#%CUQzL;hn&l zIemfhUugi>mcJvC)4=&A84>}uw=H=KB9*@9nqS#*qc_|M?UcD)-lM|4d4<<9z6B&mFbxq&-P&AKU5P zKDm8th=L`?6v-wiJ8HN0>}%}n?UU?5;e#LvQj{gRb7#aela@)Ks!#w51)x4K8*{rI znp=a{t28xHm>MffBA(dlsT6?0##(0TnPZAy>ZMQw;oG+3C`qZ^`+P6o#cH&OuXgXv zi_VLO-}HVEG_2Q1+JFQsc=Be^Llsp_u%pIQLP8AJav-TgHwFjcy~XWlK#PMzRg!Ka z%uD)IOQy%8cJiQAk5t$N%Dx9#WY^YW0Y4j&;>9BdCKqZ-ddP8V7<&T8lMF!vt|lW< zR+~E@Wx;h>yBpE4?h*(3RAm{$1=_Xr4ZK$Q>_6w?Ucj{0iKZhlhBwPKq&)3JoK6#O zU{fX6-E~b);Ujk&1=9)n$guNME%xgauOq_kT$JSljCMMS=aRgpZmz*rCNzm<9A&4P zWLBL_;&gW4Coa#~yl%P;D9glu@f-J)=ex(Un2e0#4(X{**T6Wq(W-2=NW7lf&pkL>2B_&kLEG2S1HcDD$ zwMuEL9+R^Qnx*CPZk)5KWwjPeS;cCsB4t%;1sSVat4mnbT1mdD*1U98j^kLF{Oef= z6=QDqkge9gPIj)Ze$ZRbmGLNp$iso#d((NdyR9m9A5&?kc_o_>EhB~YAnBPn3+o}a z?!y}o_hf=O8AdbC?IWqee#&qzWmHt|GT?}{9m1yoAv)Gp2GYqsQz$WM0@B@ zn2Qb^L1dyrCG^H4(nC!yJK50c-R`(A+-@0}SkZc7NrnZ@P$;}95p=|Dr~BfK&E-tf zu20fPcpKy*k}x*8mhZ8`S)MRRYV4)gm_k^lkfiMx|9+dsv+LK%-L$>y{rc10-lspt z|8sxvetNd^;@!d9cPH&vyVrx4uXo7H?%u0mx9fE~!@a@IU~h=K!##Z6Y112=5{IU2 zVHdb3nCe5&OC65GAfQ!oF!uR7hA1^NH7yZ2%v|DWR7?Eg0Vzs>%S@Bge8 zI>=`+WoSIP9=9~lm0$ZGKRA3uLcT+v7dRkZz~)RA7>OTuio{cXC{wD-n;Gg_mI&>+ zA5Fuwhq{am$0_LpRrZKn`?3&{#ymz%%t8pDE^Fn6w5pjppsRNhlgVb#LMXE<>>=Iw zPp?*Lx-?FMLS+Lrc)g5~nq2h2k_@0NZ>J_;mdw-`^nXa(NXIc4s#yr7c+^9-Er!BM zjK{IN^+>WX@%d(EPSG3Q$THnk_mmg%Bd+C$*# zn`R__suL6dR(W}n zxgi8ni-y$FlOjShtvQ_1?AWa$i!2DKP=2R_kHL{gccB77D7~n9=*=4oA>kqhe_6Dm z{BZ<6Vp<=2IK~4%@Kc{qK7II~U_SoPB=6cXY}mXOyHp^t$u91C_&QNKWC^E>oiAkUG&Feqa@2E4=DxKD!~! zBuQMJC4)hMxE*YKU4?$YB~UUVkb0wdN(Y?xLvX2Q-_-dcm|(EkBEvnv;4uw;Mr&RG z33x8l?V)hwhhL2a(||hI1K5m@4E{KxsW?1z;Ex{PTstDWCO;n)d-@osV=9k7Sq1i@ zhuZ25FT%5eAF=A{U_oX=XWR+6h=Y;fXql!8sGT&RVz^{vwj^p3m6i&(sszO^OxjOz z5X>Nv%Va`?CoBZ2;o*|xf}(2k*u)VE2)-3sDyBT-0`>f8%E|J^5tBDko8n1jLCb;Y zr+&!93R9rHF;izLCz-O5%alGX79`~%90EU0g$|%d*+z8gjT!ohANs62!Tu!|B}Ozu zt1}IGQ&W-3DF~uFKO6z*zz82#(@V2v;)lY6 znldF2p$Yz~z36n*qyhFP3E12}{q!mI1OE>gm8T@}*a#gFCL91aFUGAos!LjW%sf7; zwF`T`g3G`&@^gjvlqT%w#C%~&vVPHTwf^EDFQvFOe8rPzl}dHcW0%3w$#dR{RQJ#2 zZc8Y5Zz0$UBy}fj8yHR?^Ia^Zw?e2iT8_01WbxlhtRzt&7dH0uM;}s6 z(Vkqjn}&QXZ&b8ZUB-}A(o&uzzVE+%-@iQT@4r7f5EBMgs~)nu_97&d&`)q2%M|n? zxoDIi-d!JYoYC|)i6%f-ONsC^a^2&bZb9ZvbQd_BaSkt%(WW0ya2p^^)G^X7KAfW) zGNS_J&%BI6DKOyc8w{6i6fkovk_vrg$(NM%IdM?jlWokmLGDCE$r}0*nBX;O1-FB% zZVGClk4!dCc(ymDi*O9ABv7ZU{d%ZPQm+k_+Zi9EQYG{yBh_kmQXo0P({#M!#7XpZ zCdl4bMYX+2Kb#>Z-?EP?y>zw@xJ&#rB_RaBv+|{tc+f^FQ_!Pp0ISi*Bt9eKC|@7_ z>F};nR}m?pslzH~TQ6Jmro3peCw`ccpw0K54h~{JB+dZSvBMTR=gaRs?ue%ga>T3@I~58fhB!K%*6dpHzlqy$~*Qum7IDFwgfwV-$bpOER$W zIKh<2m-z&TMYQ>^7doo)Ck=7wqee!YL}@gbUcd9xA2Id4{xls+yuhQwFeOQx_*9+w z$+I`1z?`3-sMEOT<`Fq_{!-p`XC+Vb+g*y|zE} zYHGvoM{-RYc=G<=f>UNLr#V1K*x8T$9MCv7SPEmYG#d5sXq8oZd1nO)`7vLx0!Y^* z^7x4!cQeY--I#<{3t?56DoLwEsin1)4GUiKJX1C^HBI#Y4Vh_2zXc+BA_K9#717Q_ z(t?%mtm==0v-grJM^Pm56+i|9Sy^T<$R%T7%{RpO>mjy}&Be}RJ7Bf}&c$@&`{ZJj zI{vm8{ji62Eh`@(PHAuN5)ktKgs*&rrZUHqe+yApBQ%X^nh-pZN3_|B!{sUKk#mqb zNQxb|s&U;lwT^Rpg5%N}m$%i+FMl$!6U?o@`Zjv=JoPij{)4Zi?iU(`kH;~`{$qFV zRnh+A)r;MY{r{6Z_ZC9-Gv3X1581-lfOWVdIzLKAZT_=mZ?ob&Ha@a>TyFkO9)Q_B z^cmJM8+NN~P5TWB#7Pu0C7DpWhwgb1dAz9Jl!3$Rhiy?lJ43ChvMt{mP{Ml^9YA}j zff+vx+!z3 zC}Co#>A=VqxWAn8!fBI<9-Jh2W|wOnhPMkAXPfCos_2Jzi`Q#frFbcCs>b*A`FdPp zH0Z#Run})npe^z8x4B)e2ktU=yG|%7Oh#z{@wmEKSg_jK+xoYOAATU=C>`5e5iG-n zm|+dcF%ICOEl0yn7dN=e%)eY526Gei$zN=_x_5p|cPz6ez|C$|P0p%ZC;BOw6w6n$ ztDb2Z35NGIjW0Dr;=$?Igrc@dwGC_1ye5s*2(0`%x4{+7)?i=o`pdyLye+>gzRCZs z|Mg&=>cN~*H)p2j_TtM-+;RrOM`$+2jD?SYQ%G?52ngkTh>ua!3i%V4Qp_H+n(Ej4 zjTLO81g@=;H`7|6R>5*>sqx1xydKq0$_Q)8F3O)RZDx}y^zF?i-Qe2PQ8_SKC1Eer zbcplQ;HTV=}J+;E>lSGVlwX1zi$PLsI`wz zE)LJ#^lSQP9CPA7ym-}pRl5J#+4%oH$#Z|-{@z-F3-D?jfLG!EyDI13mAL*s&hgh; z%$HQ2`%ke z_xBF+uaWyRzaf{NOX2_-Jv=~(1X6H68%H!ny&p=Y;mDYkMJOxn!r3c-%ew#mo*{Zx zteXa`486ZcBxLw{?e_gWM+I=v!^8bO2bN*rMXln`fc5RQw1TC`K9<^?B3TBMX6qP- zN4_#;5gnf#9A2KDoL&6z?D@@fK)f_SBa$M=Q6bh5Bjk((1XJQ3tG5pi$cfMw8if!i z(!O_D*SZh|9O7sSA|C9_-i9$F^n&S-sM|s1wrC?4Jv?j`NIN<$5C+-1A4MJymPJDF(GX2N$1_cFcpkaO3d@4n0W z?)>oV=c9c?_W`gbSm&cdjw2NuWZ&Q0_xEB7KKH{R`HEye2O1OQ{6n2Bm|-qVGd`K@ z2Se{?4e2pb3!MsWt(=C+@w34^JUuzMJnnxyEU+t%hD`^1fNUJcg^XUT;twWPW^CLp z*MgWxp$9c{*cg{8r`3d{;584h1uJ>u_D_y4`bWoyXC_G#N5f_eLeo1*FiWwEob(GxUWT=tP zaP*$#nW78zh4sJr`v2va1Tjgdo5qg}1vE$hf7yLi(EoQjyWLkC{r@Q*(Eks=#?m!G z4@Uq)Lg-3tjB($nq9Aaxui%30@_-gF=cVk@@2}9GC{3oJhhFZ&Pk(Ygy}tIpBHOVG zDvAZvDZdzrfywe2`hAK6$OFvg8PM%ozYq=^%BKtiYXe0C;$b!|X*40aYYnva+9$z~ zJ79p;DEC1=Mb8H_;Kaf4IV;N+K_)S_TC4Am;AWC#|KM@{vAyo=$|Md zaljS^`~SC*eQ7T~g@ljL(FBi34TZ`Xj+t!e)U?LmXg6^gG_Afo4m zPbnUuKZ}E~ufpV@EtDG|WkQTptO8v)RM_Ni$!0A|N;R8BHY%tn!%D*7=owX4F>YLr zzxbY27fF;YAKPM)J8EPQAu!s3tYuUP+m&6D-BG)*Sk$ zu1Wgk!Ex1MVT=-l3M=;Wy4})N6|7Kip(dgwR9pNg?O==ms>CoS=sSvjy0|z+JZ=qQ z3OPUMgFS+uxov~XXD-i`x?n}3I^EO~g{Q!z8=UqDz$Y+8ER;$N&0sQuiZDD=Z22~+ff)s@J+ECiX%h|uC1uvsNk zsM0t<&*e7DSab_LD`G9FD6$3w65}P{XO18hWvmHqD4a+AvUG)6Plya-meJ!3#H$ir zS;({I%SJH^^pod{rbP#>ArYb%>UNe-Px@FPw^C{lGfQ91z@89 zY!rap;*aB)wv`5u#kqWX6@Zt|9i?hUz`R5$wVGJr@fHfN%&*9hvJ##N)Nc$f#C8szYBfGHkwzq&dI>tMDFX?nr zJPpdVHt&_E7p-jV>moqaX7&WRUU@{nl)xA1RhIzw_f_O6dm8{G$EXot(ThF9UdmNq zHD^qTE#+f)^VByT*SmSRMSc|gBXykl5cW`;5iDqLM!ASstA|3@1Ikiuz-V!0HKVab z1f4c!^t%a&sFvMH6e-EV?#YMd0?_I2s##w{OpYNrOUxXJBIKljLMG_sHO4|zy4m0P zx*3F&&JKzT{7l5l7tDVIlGfn3B+Hr}rntsY!M z)l)5Rk*418Tb?Y6OuiXa6(-un-a$OPsTT!3bg_S`eY@4e zb{i=w%Y9@B(_I)@h0=wf-T8sjO!%YP1)z>3bLlxGl?KWp%K)0Y6cp&q+vS_sL#KmN zV*&9&tR7XRYMNB>x=QMsTU#mqi<7VdXDR$=_84PjYEvy&)isnZ5>N=SSqUmvt_Y+U zld}>^zF-kdIgDo|pkmP?sB-MjN>Ih3MNmu#y(?-eDttLOaJR<<2kE$20wh#HhLxkM zHt*bg-Q{|>0PC^cTL7~}{}v!E)xiZ=Pu;^RVXt0R7YT|?nTM!aM3C^d45uuP4#V43 zOQA*9B6C@Ykm2f~(yP`5p6KMffBxa}w10m7%gNb6p)Fu~0?9}UALOp#J(;Ok(fMcL zEm-zIoN1o9fHlL3vl!@exL41Uy7=n#JUTr)xj6ap)7#5;M;Dhr_Ro*@`=2g;`ewN% z8|sYw)ETg*;%Pcw86V3b_Zy6`{x9br&)*;QKVF_6?w=iAyg&T)TVopxHhf2&3B7TA zJP~PioEtJ*mSqtCy`D=KAI>lL`)`jv9G>=^q?RPb+8Z)knpi{Dh&fYd|EI%`{jNs~?IDRfT-hzSZTAH%;XLUTEEu4gPTQ z?&$dPpTAu2)#}@6BE&IszTBlU>07Z;IqNk8~^U)NUG-WmQ}H(@$|@X%aqBc5!Vim&JOo4PR@S46u#E|{r!_q$8#i{Q4Hjo$_aAB zrHvyKIe(#1xO9^t7TqEPCrbiuz*>rX%3G46%8tX=q)m+jt=&}?Lp-ay;TjWEdHu14c)4k!)>&_9cE;tJA(Ab zvq7aOmcc;Xc#aNyc6e~wKR)PR_76TD9rsU< zLfM7Q1xpC@Yy?>`{q0hAcx7u?kyNkN#^~=&G)~-GvEJb9OFlO{_-#7qm9Dp_sKs}^QkM`}3@B{iOO8h^V>J*$t!@ej%lBahHk`57o z{{jNJD4p8m#ss=>(Ul1;wn5hNndTG_U65#HM5Qc=YIUWojHpD?#P@W@n8j9ohE%Dl zI4GUPY?CGom4yBx?Upi~M;OP(Q}u=;(3NoxO2emp!?z^CBcgq*Y;rTo3!30uPJASj zD4DI2854l`RQzZ_zd`HVD4oro`TCy>JN|ebaE|`Bx3|+R#edz|-ROT$@oY4^jb``n zs@dJwXL3*>-k8!O!@JdLM5+e8^<;!UW88Nw8XOLXB??p~WAvO2w&#>gZb`BqO=311 z?Z5xfb-S;fj*Z-X9OHo>_^D5*`+hngVg$SI{8aqh+TzQk=F0tijNvT4h*x(Zw~J9O zHPUPit7=iYu+?vjR*vqX~rQ*ne<`G$IWXV8MT{>&~HNb zVx{N?B*oo)h&{au`I?dthIzg$XA0Nmk2o968<1=?FS*+=Ib9oi9!i${;ww%P=LRB} zGh3FMC>*%}Yd%*k<17+f(#Z2^TP%c9o!@y!vr<{6n?tUc{2{EUrDc)fj{_d1ae$t? zJV22O+^g3vc(BiNOfEG}{gF&naHs0FcSNQdK?VD(ml4nYG&Vq>&+4&NQZ)|p z=ky9!ALZOS8MoqEuRMLs$;{w2W9-=igDiU_;Eaq5J>5%HxAA9yy&Dn^O&3FTvau1R z<-0Sngq1Jps)S4a0hc1v1>bZsAPKK87fz$YkLdzaQFYva22oV`*UmvV=Nj){V%Ir; z|0k}$m$(9$v;TY5*)8S&=)Ty*|9X;Vv;W)d|2F$SgBxg3@m68KxTVPQr~8X(+x$rN zB*wo_i3$MPLgyq!WD=({6`G!PDUVx!M>HM zwO?%(hTgW(pJ?#%1qr>pX4uFfvl?Bk%W7lvHI9wds1078jS+Giy=vIpesD2xL}*5} zUW*HXtZlxq32e^e3a6u*p=9>JS`cHwnXf6ji^Y1N!o6-0YzuXd+39TobdCBB#K4DW zN;BeRv;xRs+PSEboRz>sX`7KprHTiEf;Ad0sp}B~S zu29VhsC2}sL2PhHS`?wtXJsx*lUGk;%w-RdYJ6qym&MQ+d?)50D?5@j$5`@0sKHh8 zz-Trb50&|aIrrBQn`RE-zU8oTV~m>P=h zYP^S4E-kxrrH9t+xfB41K+V1~%_Ffg^zjt;w_McDlY|ei+=Rg0h=RcLX zU4;I<!xDzKXvn@MJ{zjEV!B+_WXJzOC7jq@KRII(o&dI z?KbXtmMH%?8WI7|(3n#4O7KI{V(1Bm~ti8+ym*w8|n%*c_3D5iB)LJ3JtRU z`X(#{Z9!^`M-`Ag(30Ss98u2n6v(OJ3F1i`oG)VV;QH?2pO6h-UMPE+aFJ=dkAusMmDpZh2 zGclOb*&zBVUaE8-pTA>8zxz!_BuGY-y`0b2UiIb+pe2Nj;#4N6I3~9wu^ts8;IAH! zo9AhtD*5lSiRO>OC?QMZm?Qr?dwYfR-|oxq&Wnxwe~PDtPH~!&B&4u2fDT7@V-ljl z)DK{n6=UxPj|g?G7P?@29y*QTdrIR?Y zT4+C-Orj9|ynl{{enKsGw9;AZ>;a#bi#f|i9fQw|6f)M{frYono@Lha7ZmTPNFZwOD)$Q65Qs+ljw`( z-cm0blJ++!U90B5V)F`c)X)Fj?yKVcPj_$UWp^|GpW?|b=+Qp!dh`wh0 z=1$y><5)vNy~K~X-}YNS9Kya@-X}wtFW7)1tsq6wHKHU?fE!OW7=!C{mICsW1j>=@R}On;fS_t#?eeHWb4(dADMMoiuagzGpG{DI=Ki4tfrGZg2$zs^CjYXSj7>*D-gCH8TC)f{*a!3Qb8%y-rfTAeyX-bCLxEt_8 zD%F&2go7v?@wEnrv%-jVEjTu;8Iuf)P|}A8Q-l$n4#bzjfYvHWQ`}iJ1zTL6VGro! z3Dl;ER*}6fk&s3sl8#B@T5qES`5{e{sV8Pth{n+!KhdKp4g!F{k0wR;u;uugB=TVQ zbC%){4I^*LeiR1&F!E?-I>LI5y%Aa9wPf&41arGhNpS6qBgX%B=H#jUbVSvy+7?8& zBuV@s;k=pBG@AH-kit0Qowbc9A?WjdnSp|5a~m_kAs!K(T-6&+HY(e#?5!HPVq9*y z786nnJXU|ox-ujQW<&KliR2)WJ8d+jOx^kn6fio`ZP)E~-Cg5c3ZvvMiiTg>s(3pg z0l}2ewy3vdS*;d2hZr7cKN=Ft`X2p{Mdsz-IRr7&*dHzQSq9R}$YR3d8hZfGkJ?gU z1V{zo@~{7#L_-|>zWhT1n zWAm(&)OyS%>R&6ida#?}ch9RPP={SJU$YG6{5ECvWaQzONJ*0^(TI_D2-p5-4Www$ zw=7FaO?7>BwV!3-y+Y6BZQYg&9yXY-)Fkwn+NRV4zFC&K4qy6UB`+xoi>>DhSs|k< zTc#_!Q_pL>mi{ausO`|qCVAC#WRQy;Dety#$ZQ+*z!2deB}vH7Jkki245s;U3RYEl z0j5ymTkHo+bmv=XSyxwA)_plNaqk{t6ZdR;n@2tF+4jQ&lolMxhw)uGTk_!9IyoHb z*Yw#5`8J|cZ_GHvxCR~xJ5HQLUuUK9_4&6P`G?`{TIfCuZ#lt|SQ6g)Nfd%IEPdg! z*;<-k2h|IIxdm^NXtJ(WFxX97QfkEn$FWpDh0j2gpnaL)e_qq{+`wyTpN^nBzIYaE z?#oyhVizCI*`%b+TCh&yE9qXGVtEU6B6dfsrn(4!%d+H8bXB~Hx5YCw6h}ixX*z8-MjZg^#EE~4Q=?)(E*{YQyTdj*6g`h-?wuE$_ifjYwC2w4#A7k)_KIKV9EOFAp8gLuV-e5)H|3s7vM+xrXBFZKVlgew#(vX6YLEpzU<4rC8wK zl8{h(nnZ(@59%E7@+k%X2s%MR@X&|9Vpf*&^QIw5u^;FsO7GRmS9O-O@YQBtm&k8{wKx_GyOPJ{4XGpPoQTbA`M!C{KnQUJHSgu?m`Hte^4I%6-V zF-;SKCo+a8RY!Rc;S3hqbBK?GWPqene|0+*e8??UYvw=>m*G~ng2dwDxn?Sh=&CPi z3l;P0`I@QBBdenkuA29wX}I#8qYk@{0-nlc4IB}GYgR^nKC^1f9O{;3?Q=&xj6!mU zG`TFUH^7q=PKiS5!zEq*Zq*OtX-ZuLwq@eXXecZDB5)!ZLhh#tPJIst0XN~A;33KG z@T7srX*6`v(KXn7-GN+*z$Q!cmPO>NPnotZ(9msVAttT2uJqfUD==_lfOr(giu;}< znjo4c3@#&&Gl*ZMWOc!+SqZOw!urDZa4G=^iYjz)ek*JD(qu}uwG^p#@BU%ihA?sb zCj_Xnd-pasGvY6KkTd>U#dqV^nUO#A_=o5w1sD(8>NuCdkwJ{$ldh!eA?nsM#yIRP z%i^Nm%%SptU(YR>4jZ<8S||JbK6*gY1cQYgbUVIblS2&XY`6-uMYUP`jyp5c8BNK= zMW2+@>^O>sh;4bH?^f z+Da&DrEBI7wk}E-Y=fmyW^1H^Zm1X_>mnt?pzoU5n1j-6SYPFBalm7aBrX^Uhpgt6 zOoVb3`oUGPUHo0XS!+0z%*81wsrLK9l%^y(I<*V57+kv7M416ot!1RBhGe9WxkEPZ zX}{)HD0?DtmP;tQ8-ryv!bQ@xGfiG?SZa(xBuGr*8g{M*6ymax{me|_^UdIz2WTT~ zv{NSk!y&pdvgV2{AG}@LOqpVEeTp)ZWp17f%1O0pK=mG#ElMdFt^8V9!mSaJS~BZZ zW7j~}oYq&S0AD>h6^P8-srLU8cTDPqqXht6Gz8Eb|Ie45y`umB&Ti+`#{cUno)%g` z@Shf1P57S{T15b$7FtyZpcYz55TF)%To|C1)k2F!0%A2*5e%q>mJbKiLMsah)IzHW z3DiP!f&y7QdV_^fibp*(!At{lUSE42*?nVK>ZpU208k z8GfGY$AGyX#(o)gm_~d`gGDm=lf^-G;nN(sUMVyrl{cG@| zNaeXJA<-v2_T#^a)1D%L}h&K2`*T)lgR0ui>M%V^8buGcubbL8Yd{#njvN$}d z@_a;-cGTwHDQ)&|9t5O%D8k^S1q2-Xu;8|#sDS`Ej4!|Lb>3WhBuOu)Nua}HdR+mS zAn3N+W)-Nh>5ITiqCu20aB_yWS?#u32dh}F&~D;FZJy1uc{b0#+VlSc00960MN}lb H0R9R9SAfF= literal 0 HcmV?d00001 diff --git a/assets/speedscale/speedscale-operator-2.0.11.tgz b/assets/speedscale/speedscale-operator-2.0.11.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8e648798ca904c110e7c0e0cfc22aaa9469ac35b GIT binary patch literal 16616 zcmV)(K#RX0iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYccN@2oIC%eEeu^48b8KbUP0_DpI5&5ek?2G>vZNK|exH303P8WueE6NrsLx3(b_0b%p-`v?fKnNyv5H7S1Cdclw2=Ly z1(7;jku>?+dwC8I4-X$de2D)Z9v(LT9XuEu{%!E^(c{6x2M->8@#t@dgGYmhgTKMy z`)PjrlPgW+-wxlot!C%`A`jtQXrh_mYS;mYh$e}chY`^_p&=9fh)T_7jK)LAh}4|Q z)?zVJSwdC;Cn+7mq~IzzcU;w4>pGv(U`eH7f)C;DKfZ!NIQSww3=Z$MmX|c4L{ZmD z3-5MF#=iIPmV*w-vf}6ca1ahUF;$UdnZ{QWEvZtVsnW0#xrEWhiGmxZ7a%D~;6}(K z1{G0GBoitGI1))hBMpSdAgSqc2S7_Qo3RKhid=(hfzQLvLKsXJT4!q5@0S>dkw`l% zGD!H3lH7!IrWg4%S5!uVYs$4LSE<$~N>Q!)DPg>yh`H#`MH0U-f4vYqS%n#&cdqH` zM#xwVJ3)m;odEmk{$YIH2|&`hApjE`e=paQ@e(@bp1&gOAmmZN$Y4hEf1J&*pXPn-N- zk|d|<{Vf1Ht7^bOlU-q`&4&(ipUWNN{dsofe=M zv^qbdMC5VUxdSINBR7Fl8UsNXIM+8!_0Wjt@91g>-EOCI2S%W1B&kLL01@FZr6B2y zO3EV|1LI0l5`&l_0wiM=O|57$GtFNus0WeeN}KAg>`cg%=wath=MLyqMu%{okzaG# zxdSoLWZ1a_0F#UH_;_+OIvu|lU7Wo5Zv5jA{(enY|5*Qe@#5L#=@9--vh0~m{^2?@ z!M1&ODg=s!5rKwsxuT}qrq&R;B+J4&O|Yiv2hu>y>^c-BxzbdI9rwo>3c_x>3fzlk zgONxx!70}YSW4!GEZPWp6?X8qS==R^Go|Hf2=hpq<+QRm0BABF!qP6109l?S7b0QN zY6zp`hOCrn@Knqpp-Y+=`nES8b`mi^HD!j-Wqc+OQ-iXKd@#iQq@P?peP7NAQSYoPQ<_R?|kSt49 zEpz9IkT*oeRCZ=q!IU3DS82jyB4Z@iG0_B0g;H=K>5_7ztyD%dPBJr|n|e+;nIg`b zKw^MoC6E~9eSNo-*uTcH@;3=1~#KCzRpKqeD$|AtN% zLR>2=B<$!5j^!3YX|Gt=>CBW7LPnFp;zkBokVYMnB7rO+97P2ex)4w?lQhzn+Qc;4 zxr4aVd1&e%k%UFU0M3<>Qwql4P3|g)>5Sw_fq_wp?iAWsEFu+ZHm8!H8jLXd55oJ8 z`g1!Ffmt~;jZur0oN8+HGEU|+4zhfjuqZ$|*{9d)juB-fNdkJU0>g5F1sGJ?Hq)ZiF<&s5I_28wLs-B^g>H*bJ zh;nlLilkXWjchC%3ujC!Jp@z=>R%L%1dsivc_OAH8CC2Fc>PDM2ML+dqk z@%Q~Yo~MXQiQ+6z5-@r#XL z!=eUkRCYG!=A{a_h^Y#4W!T639rz|Y{tu6mSrWVe)FPqM4gJ12MS@2()2gqGoXr!{ zB3-h`K9B7*96(}tkpPN@kN?1NJ^5uJyu-LMJ>0$RJS(0uKy4{~Uw$L$6#SrX! z)AofFuU1~nRAsOcD}|~wUD*Z1OENQdiW)nKE5phL5iceoLy(j&nH1bGcjpc)iDX6= zEBN;6>f*)4<@vvU?BU-N|HIguXXo};$B_I50z%aTN1*bXi^`AAokDi987LOhh)6K3 z2E|Y)Pz#YKG02?T1u>Is$r3uJvFUQB{5i1zR7FBnz#B>Jn{XiQD$|dd!bK@pg^H$9 zA~nQZK_bL;p82&2?m5aTI2&KR7#%-7IXmb$0IvOsse4I{6-bZICKYT76{1)!-Ebr< zWm*A|M#4lQO({3)OU@Ij6l$>xvZO$~9?-dCNkL#qR2^7hb#{I=9)hO{%@#DJk|crBLK@|5x`Jpy_}p-@K^j@s zuu+!_PP-kyz*?=&DLCc_xNh3N0irA)!lT2()csCrDvSd7XmI~2bMMxgAHv}9(0w*T zK~)3bU>)G#{+GJ};%v5SZowtRC{+Zw`)HN)O8@RawTJdswU7Qyy_f#&Mzm~!vZpn` zgBG|C_5$mBVdU7SHuE+>Ki_tg!+|!r#5!^e+Lg9H|+n%k00Ioe?Q7| zwIKW&rJs>vPD{nbvu?F`vHEYF&KZ4$-qO2CQt0#~j+-^?+UexADT8ZdMLYtkK^;@= zF0x^y6OX}NxM9B$8TUX)BMnI$d!+8VdDXC^`-~giWZ3B%d#ro6s;I(*(%RZ&v=i)b zDkKGCrOFhG4m&mdztM!EI?wtJNZ+B_?{rRPkY{sA5J$7ZnYN@z5|L{ozl^eCOytz8 z;<#FnXaR*i>zv6}%yslCqt=R3W-+W#)HQ6^usn;6mOM0en^CDeb9+#hm&LH!Mla+I|Ch27(v#TK8=9!#}UsyM5fVUH+3eWf&fK zCui_>`9By84jSnv%Rv{q)+ySB@X|)>!ov9n-3q%ozfcfSsa5x&0Lf+sYKaEo_7yN5(^v4B3eh3e zjYt?t-G$!^FV4M237se`asa=>^zp-(M)kg}f%Fwx%A1b2mcOQ}wemm{MZs4kiN^jL zI-xy(&lp!+&uYZ*b1(dN)k?U7oz+6Mj5buQ(9&Qrr~GKt3Z@GW9zQy)l&6*l=9Ev^ zoYVNoylAhgr~Vt3;6s8%YZePXD6ka*Z=`QBq_eUVyRg{(`*PlPm&^F*%p@s zXhhTjh@6Wk4$VKA6fX@frrjZ2NIF^Z2n#vR55Kpuw>4*)3zZ|*OofABN6#J=W#-Z@cOkMP~?5e zBXG?*HNl&U+X&^qBby@37VdRm0WzW&L+Gbw@Ms5MMp%+d>SGiqb1oz;ho)6W?5xpw zEv8@_Tn{xM7AeuuV*Dy|G4sMG4&a)uhEVr_c}~JMTtO&Y<3s44@NV(i`J{^97Ewv~ zobJNaKLJt@eurOkp=teFg$djbC!*TAYV6fU6-gOiiU@hEp!nto>0d+BxB!5 zk!P+i=0&F5pHo9VJ0*%qTa-hd^Yp2HIJz8M$MN`d?0z(yAVJm6aBq}h zoLQbITD*!0O$D#Kcqyj-&x-4&y<^?(N9sx@VuONV>G5nvBdvyTCOF3ISV~2%C+LV* zLl_+X31wnX?31|_jUQe#1{H{rNQ31da2s}tVQ7fXCxn&bXA9lR&G#fXw+O~H62Bi= zvL-%iqyNDL35Hm1Maf@Wlq~Hi-U^fd<-%mUV)DKuOCdb0=b$De*5>(wCTXY^ZgOXm z2F?$=_BDuULNyIC$C^_*6Osnj>EL9~N0SO~B<^aiko(=_(eGXA`ZoA2Y%>9fhz`0~Zs=;_#Y#eu8r#kGAoc{=)L{Nm!->FJA$ z^V5@~A8W;N-)&fKq+P2s86RDauO>t5O0XX;$KRYxt}fdk`R%(^I9H=@T1sj%cZJR- zSEI9|@r#q=A>6gz)^y!tUySumr+wk?MX&Pf*XXT}Qoz4Ii&Aurhm~gS7pLjGeqC{6 z|GNs%+1*0iJZJIpAso2MI6QYd0H^2Qyf__yKR&JX+3z>DU9RlfK0dv8addw6RZ$9 zT7z!0ZCx|O(kEw=i}BIb`DMLMeV1{)p4+VM7-*eQtDDp7HIK&^r{_PuI37PeuQyk0 zf2)`O=JfpQ(dmoP+1dHk=<4MBY*MS%Ho>&`rxLss%<1Us@o5_byBl*u<;L7EH^14> z<(9b`;AXKk?YjX|HDOLR09E@!_1p05N56Tm2CrVE2JGVUH^y!2X1Y2Y*Ld4R^7{kYhV4_YYq!sS&kp@h#;RX8 z^WH)e+^+vU8r;9%jQ`(1e0;nA>!Un14`0UUD@{524Awk*N4e4>y>w21V~X3=n?AiY z?apluPN)p#l!wMXo#rfwDIP#7PH`>|!@+~_a1S%N!Ho^ahstPV8lFp$XTx>32rW;WlH1sEXgHFnuu7p+(Jkj03TMONDi)Ie4ZynHfnYNR3wb; zUT9o#2Vhxq6_PkcT9f2L;>o2Wk>qLVzj>(yzd+Yrs5H^J3Q45dlGgl#qv|W`E|?0D zP{LcFWHbs>5!WF+EnnFBcBB19BqG5r-s-1dF#I`8sZwNKhdIHbdqFLnd22jU@8`UZ zWNZV*{5o_SKKJ&BA7DiPoU}e&X zSk3A_#>xz=ylu36*C1z0L2RZTwT(MAp|R_a-CK|6I5SBV<+^lpl@FdKa)&uWm{7T_ zoB@agUs9=Yll+{s-wN2uA7;a~K{sF`TXK?EFRDGTkdhThibqCrUV-Nh7{gP)`?5Sm zGH2RLo=Bu=&Y52IQHZc0Hu2$yk7>;|VntrtzJ^VR^TP z>l%~U2j#(*5il~rj5+bgOYElng3x}~umpSgYn(h`akQGnl-Sez2x)2bND3L1cm#r*70WCi>-~iqW8rbT5RS(em*b<+ z)%f_0n9QKGgD6JTY>ERX@7|v@nB_?l$aRqqPIp(C;4zhf;7MD7VsP3EY~c`e`aIoD zg$rM(?nv_RRc;MoVw#?~*5PMtY9 zRl%mULD)Xez#T?43Tj)s0n|3LG-0kO%GHlV$~9S6oVMNCxx4-(pO-|%30_<`S=3mz zE0d_L6S<=BgFixjcdfwoG4V(J*1t56KEZ;m+EsZH{-sl};(WtkAo;8gZI+i7iP2hV zo2UT0*D6}<(TNLF&Imbly~2zo)YdJ04xW&$u-r{ZFkR_3rrF7gI@vHUcFh|zPMf~0 zjgx`4WHD8BHo`8JLp2pSZ||jju1+VLCfq*w+EQ#u^u`I_g8YT8;k6YrKD;6cu1+U= zU|wk&u4#)7Q+;-fSOE_&p?Q;@V1@V45ew&i^}{Y~Z_p1H`Lxa&`!_CJz8BYYrQF?I zJ9=UdMPr}6+5H~6v{g{sC(U(El0B!-Q!KpC6tZCdVl&7hZBYAbPoVw#@h6@?WhZbN zeVo}K@-67sP(RPxmwSV+$hE(D%*}@_$Xji|ulYNW-@M50rIodQRGegLA@oU${!|~W zqM&CyR$Q6rU47uA}QL{JQ*VRsA@ z=^grJ_b>12mM!IbWGa~j=7um!a@R4uXxM0tj5D>^WsTYZgCor^S0_)$=g+Qw@mJ>f z55*baH|mv6Ml((2B_;7{SKqEq%d+JnL(B)b=euf*%mYYiv>=?Rv`vu|_UaxRLt-ZW9cbJ5C5dy5eloQ6as+oOGmI1>e?5=TWVMs)1CUYrezIt!PQu+LMMpg*_umiHKoDv%K1Nz2YvT zgK;-H-_e$ptfgCboAT|X0-;65*=MIJTg79eeN;oFTWi?f>ZI&_S}dkqv)Kw%!Xl%} z&UTvKg^K5OK8%bMLu6JU93L|Zc5_Ciikovc>$k$#01otB1-}$H{{k~clQ=B&Phfm* z(QDyh9E3*QvZ;myV=k-DMwh5#eHF&r-k z$6JN5U36H|7=&4gEdm?Ck|Zf7b`Pex22xVh%wZomEV_Vp5j<}<2h4*}3#1<2cAU9L z4s*6iMk7OaCq4XK>P8f89(=~<2@MLo%m62JPNJ2YaSnBVOL{?rjS%s6G}EIJsNd7X zI0$L9>k5)F)l{ZNQ`1{UzD>UmyPLd+n}n2o_OLBC`@HQVa{b10_PkbS$E4keyvVh6 zDy`320jY?t%h+aZOwFX-YzWt`!LCl)66s>rmebbe0NG4uhuGW9+RY-shk7>6+O0Ee zBUp6oA)P#8^)=Z8!f9qyv1__AGZoI;0=NYQs)n@fs8t$b!2WvG+l(8HYv^x;iEA_$ z7Gn<$0db)%2N;#2B*_I)3hsWsX?cQzag4z7)jr+Sl5O^peHu~Xne{W(Orzow-hz-l z3~O$d($#AWQDv)K_p-@*vyVG-mkHC-r8hNX?6a4vY_n0*g2&#b%^M)FEf%_lz~08r z8zQj9@Y#UHe&)|sS7zNwvE2yTyFc5)ys+6U@*g+Efngt~>c*(Aed-$X)%o%H&@M+z zp@d>-mQXX>jCB)W>ysVs+C5{^n}p{+ zf?!+BxrJnJ5_#V4n74M*Tg0F3v)e%p+hfr!oqNZKw0(BQrK|Yw3L$KYQM=yl6}Q?R zueQ$ziCWudYvk?C`T_e!;aWPiJDR-*L@0u$dxzxgvu8xhb#agITw4#{QOW&|_yW{Y0+^xN5=9wwfC7WX?ri#iXjosM<9J*l8sJZd96}D45Z{^{=+kq>4sC7qV z#~yP9#$#rT40K9i=+~x+s-K-=3Zh&ZYp~V-lk=F$8?v(Tn-)jHj-xd0^y@mt`vqXS zM;=7!FtdrbZ1xJlDG+1p6fQK^nRbiMlO72%x;O!Um^*|Z2&`Ay<`cv%^<3KwNtgu? zU5l+?jfy}N5N=r-h;{;-CNbV8*m4{=1b8AOP@D3n*9!MJN9w{8AsjF1PcvK)lPyH>Ejyi|e@pLff?_e5%VG}Ei+U8rFgRC1i`yXo zXRm=jQ&#hwA;0?U|8`k*`(m~&t59EBY0>Xpvx9N{_~9m|VVtFTI)uZm>|)mFIc+yx zB_(Q49xK<47r?pbcJRJ}*Gri7cO%G@5{{nbBFu_n&Mw-e!bl5PxXFeavqNqP zniH7kL=vtkjg9cMyY%cn&QidW@(P9>vZJ5izUTfp4F2;)Z}{`)m7hN!{P$;XE85x&lk%yts#`wGlj4>edbqZt zS&`EoJRymqJ$S}(@!LeG_G7{J37~60Z3>_U(8V@3e|K%aElIGzJ_JFHPt2P}*qIZbLwE<;q65csjLErmbk7(uklL zA*W1BB3BjL$?rSJ6`kdqeIoZ1r4Vuv)Acptz)E~FWeL+On;Sk7e3me@bT%&*X(ps5 zT-#|Z>72d-rtJ;n6hmS6Vy*^*`wu4h)TaD@lIs4!f8YBxCkgJaIU^~3lInv!l!L+J zo%8VCPj?5ft)Eo&GO79}gZ2CJ)IhN(z1^&6M2X5%%!Ojza6>GJDnPDJ$=&Mo zmLb7g+DO8Fdk18x($$RBR^!X@V$xZjw0cf5Ni!nfdv6T;d`pScQ%dyP^aro8sTp%O zm=Bub8F>N=54@#Mip@Dm-gA%kQS0j-)OCfvYM>ULwo=dDjB&dPx=pvV_XzDi=F@r# zsdizJz3J}_uM@IWcVF;g+RtTD9J6S>G3iYjcAK!@<9v4z-zz({O0%_>mO+MiJCJ?h z6IYjS@@XU8L!qU?>pwcB!e*TTcAcwTtmx8X`P&llXT>AxFLg9c)3``fVPAjhOELc! zJ=^bptz=PqhYSEa^1mJq9^G%=|NrpequcvmKgP3`xHNluj!Y+CihYp_1~^f=;;vT~fQ`cL2PIaR@c;eO%+O55hQK zRYOEXG_KtYq*0ZO`M?#A9+XI{Mhi)OP_>zO1(wxD7{7Nw(JF zuC#3ccZzFS>xrFW5vhK$W4>Qp4O%G{kc{=0gYf=?{+(jfgXJKIY@S@-zz;@6C3s4T zzG6z_@t*QrhgAW4r7yI4Y_Hg`f|iH7XbTT9XmU-B4H(gw)?DFtz_M|1=3%-5!ePvp z{@7xiqvW!ik#<0PE9wSfNu^|QU9a}1uqsNhZK1f;tquI$*RO%o_QV_AF8mI7DY9H` zC{e+VWDJvu+e{~Ic;Qyx;u~gqu?TET6H`p%;f543ckAFTid;2&B(kwj!j_a%r7onH z)+{5J7w~E!sal969>Sx_SHsrdGQG7-0ba~_UL52`Yunb)rDo#l+Rxoo%IO5rWD7d~Ul*vxphsj5Dy?RHR`)@A*hA@ey; zR+mEPCoG|Ar8G?&0t-Oqe5B36B`F5;Gqw$-<7&DLt|YWGunI&Pn~XS@Fo6Is7g?$5vN&j0!F;p2w?Z}7$a z2M=%ke;?y%`v0axM~l({_)jtYnCX~%c11Uu9F5&Rn;MK8%H|6_gzm$S=}ml_O!akA z?3Ww0bUJ-F7o+zEO-XbuX0ub4GHn$$trNH6<8^OOTs+!YMSpsa-R41p7JuHSce@ce zuW7`;2Q@97a+OQ;xv=tnBsXd7-lqk@EKO)v0;vY%p*ja!``gTp>7O#0=2z{xG|Lo^ z@Vo)OHX0k+RGS)|w706>z1ez>P5=0GoL{wN<9w6WaPCJsLE9AqbS~XUrYQsg7lDjs zETMtTzf^-31SDg@HC@4Hl?=2lwd-2REXZZjD0%VX+2v`c#x;yXL==S^dKWW00aKb) z@6U`3nBZSfAeN zykA?fQB!>XZ0fB@sPnLR%5Ldp$8XrLs`cCYq;fn-fC{v&IjO~(-@_)><`69h9g=H- zG5LC9SK^v-7x->PWFx8ep6&i0r$xV`3uuS`=kW0tgQoxI z(W6`c&qsNTsD1sq<|9U@x{(465$xrwVTtYQpLM_QE#TfIs9XeuAAG!kuszLio{?X3 z+VMnKkKxoD{*J1@!}Re($|KwH^=M9`PWDVDwK}g~zh@D>YyMk<`P~G-uKEAP7i<3C zFCHG=&i{|`w5VD&J?d70dMgFW2mgyr-+|i^?RR+LJ}Ooc|;K-aKd zBz4y=e=&{fxV4tYn17=@&_q!vnxeL=bIOlK(47=GcHzO}M~6+EuzYxADm7ZSU(Ay3 zKbV;xv>2~{l^u1D{_H#Itg|b4d97|Y)cr*^)O{e_-f3$c!07Vm+pj*mm*ainL0Z3? z3AayuW{Ln?zhvmumycgOe%OAS6M`jayx~&6|N5`B*F>i9yZQg)hvr`*qs4aMrsO`r zsUr0xY7ksx7!T3u}!rYg<`&GiZ5c7nR zjH$-ysz6%#)%X7{2jTt0@UTB+yq_?hzv_SX+OWVMSSiv;w}DI`pr0$*Peeo#tmX>V zaa*J!hW~iAPuXj_(n2H<*lW;m2MF*Amy9UoE{SCtARq}Nsv^cA zz$`H>XQ}#brLQ+`5rTljXRm9=yZ>+*kgO<$K9a0&*8iea` zeFA^VbNqkut*auV{AGOozP6v%lr2A!Z?yGv&l89NW@a&iRbFPbcFgehkl$ZqbL@NM&u)zK9Tb~H4&~MWo)VA$bjq``4Pil?_(Bx(5))bfSvr ztFs{y0{U+2fmY`nwx6#XaoA7og8!sXTl^<9{AI6hd@pV6ivK=(@Td|0dGz4XZT#n> zJa^#2-Y$A?N)um}GnJSTDm_YV&@WuO7?-n_ZF2?;h63OVm5wkg#|@9EX}^63OdXUA}Kes+9v zb#i_-fhXse@N6>f!R7ek^8EPOk$K(2QpYEgtILzGpP4rZV1NnJ{eiB~yJWkrM_o`0 zk|dZB$Ync_DJBo9CLxAv&@%$+6T9PN%?5vz+KHntI)<|x}p?Rv|JwNexeKrf`o z=L`7HA`N3KqCBNsH}Mj34Y5dMD{0hx5I3Ak5E3ZYOs~Kz%h;ZGCbiV?Y2oIQaP2d` zIXYAjpmUPI7(uTgk#o~QcdtK*5Q@iw$5386VH5b_Cx%HtiT2)zo=+ZQek6!=&-BK; z#oTu2!!A;MxPtz+QKDUgHp`g7Bg#e^7Q1}cvh4zXU5L2A0P*b{_ZrOXX8+$1F2W9+~V zk6N(IK$@|cUYWHoGNA80I{fzoY|gCAmhc`>u9YTejGAGRRC$Q(0H&1F8H*T6>d-5A zmP7ud$h&Y)Nc>B752~Y1IMQUv;@rTJP~{H?fWD$KVwglQqtZDH9G}@qfWxxJY7_Jw zbTQ>YlhZQ1-&WcLq$$q8lw6x8QW3M6KUL%hnDHpdkrdNhW1g&prOdRh1t>AoH-^33 z9kph8?iF*dnljE7==u3yO%-nRgA(;~v?kY4Cwyh!NviS$=LhC~OlhuW9M#4 zV@7P6wX)kk2zk9G6!5Y_gE7h>!)fIdVBB}3m;jb^u3IUIDG;9z%FX|ZTXZ4} z>w*ip;H4WEnnkn_Z<>Q9rZz#c|RR16@)T$(yE*+NPpGax)c?%tJ;R(6`UX?EHRZ6rnKr+ zm#jh+vN!*#stCtRdCd|M;Tq{m*x@%TpVd|hU8_p;UPX-5xS&F9OpnS`lw*2p+hU6H z(y5U@pu{VeCi=<~q25=|kCEUiV^J=0m8>8o^4f?#S!zdK<)WB&OIxXI#s~@9%85o; zb1&k@%|3n5j&&s#K;VT0n(BU_{7tWwkie z3w{(i5ToH`ROck|>~|w%65lYRYjD8>9C^i-_%nzWM9z)jBvvHRt6(N6?E#aLE=6Pn z`Pypk>_5|>x3*}{CzM;4bfq}Y@@c}NWMvpNOUSBMzR9SxORd5;PO+%kZB;eDkj1Dh zueI2+oTF^91N5LWKojlw8vuEXb0g zmgf;dJ6ggjGQaj!C;mNk03^Y5w9Wubr|$j% zx7IV+tl&H3^JyRhYT=Z;I&!WFn}gAh`SbZaS;3Xou?8yFy?(*9-~2qff2bg03zVw+T306D;D& znc5|ss2rS?@0K5r6g5?inN0Yq!HHgF^2Vr}Dc;a1=a^gayjEpb2Y)lV=M_@q9>xnD z9rG2`#bnJ1jjbqn7{Vp3dWJ%5I<+YXtz>ITp-5!R>ozrcv_;FqAu(zrjai=dEFT$- zhUrDQOR8=*+a-L1BND;MOME~VOJg4p5{u!+~8}_v-XCh z5z826pRcOEqMB)Pt)m3jho&X*U$~6=Hm8*~T|VJLl{R*ivEQvzM;aEAB4yn0iM1Z9 zSpk&Y#8C9zZETHg#|@l%%Tc9eNi|`-=k?}_36ItRU#)en(s0pW$q+p=!^+jM=eWCP z#9~a1-qdSkIw!iEZmw_E1<`^}Q>4~4H!D3o3`8y#sL*Cqnr<3$+8HNxxp0Bg;F}$- z6D>Y4LaP{mXZV?+?w*}rog9t3py?}(^fuGZwP955N;}orRS^L#Gi8mkI9?S{-t;86 zXBBPClIdtGS^eRID*2sIL&;z}f?eqCL)QwJb_%!B6`74_yv4?tQ&lg$t5VL^EFrjs z)1gT`jwP*23e~tuZN=fgs=~a+WYu|HcR&G~m2$=`ne%c5T!$}YZ=K4->v|P0m$MC8 zs5EQL6jUIVRNBGP3nt^hbaGXU4Hq&s2D4EtD3LZ1xEXbKtyY7~mGMU9!J5*AlaC}7 zQeV|`VhOaT2se#V9_Oi7 zTWcKS1&g)+{BSm98WPw$F-X!rnb2DWQ=3;_%e={dmN1**7Of;ItqN3I(OGX5fQI9% zG86`g>qix3At7cnOu1Ika$7X`(zVwTGO}PQu_7^R!KPPEn;9C5s|}_|)jL;AC4^_1 zu6XlG1lFQewN<##x+9TVRod`T%`H<{Dh*4ZHXx7C*m02nYpa%8pbFs`PpDEjX!KQ< zu!tG+7a>*xB!z!t)zl&@&a8?XYoqI`)bve@O-GJZ^`=$t^P8AvPR&9zD-2^nSk*Q5 z(MMbVOlVW7h~D7(G8NV+Gt+jC=ABta5H*!&R4N)%8wfJfpfV(`A*)?j2dSo|Ni>(# zGXBcV5VXkXD;iZqJPO`|Ad=3Bv~i`T?crhpk3+cf3Wy5rz7VfR#{wm%wkmfeB4h~f z0%}%$@nH;-VvfNAV9%c(0QXZ!a6D`ad#3dm_e!smGgBq~HD@k*WEONKI4V~2)I@p}8`)B=Z^5f=KgO(-0QtFEkj+sK!iAq!I2OdSJP@S%< z0gINmF|kT9fTM`UOX&scl>_GHzA90@XKSh=PhfQRBYbyqcH9HXYy|jKCQT=co-mXv zam7tq&LH%Y5-+D#aAQe@29aDBv0?^SCs(KA9-N(@1t(`uE>F(B89yDLUG?DU`10u6 z(b?7L>yy)ys~?eto}65rjVE^dz{tV47+qeS96dW7UBbn)%Zu~L*siuVTA0wp*lH>h zTrrF~U}VNxg>`lzStdm$nNiQN!!yXySBm^sO5BRS)Os70%2TveytrlxC3`*1CJJ>I zXGL#pHPE_l%v#?2GKABDq^8m-BU6@O@chKAy!L`n#KXei0upp~>ID^YRdKcWNR}2- zS6v32&J#ALJfa7^BHG=nxpE87&rW{7XB7nnF-_PM6*@$2E`?G>+`>1hfkawibi93j zSm{|?K7@p+AF_mD!_FgsLrYRJulw*#ZNDX;+#H}X8nM#J#(2bHquAO|f>B_sPnVIz z1N9O*S`b4bDuGBFGdHVvu~w@*(M>}ashJltCbw@GcY|4xt5uJ|y{$2EkCo|mA}qts zg@|uhQuQ5PgVG|)$ei|2C&&%rE?1=81(D2hUMe@Z2)675iA0(j=B?7hHcZt)5Bbn2 z=uJnQgHbrsNxWnjB%QhK8%i-p1i!h#fwwc@KSLNrW=$|u@RHZGJSrFJ%B1*VVO00} zbZrI;w}#ui78)&tuwGE~bk>6H=yL@EGm7%02Lv%BJfgM}nRSCY>9<0@qbX;)n2$yD zHu1QFm?q8(g?dZhh#jN(+E5EqxJWtsim6(-hlcR2xG|QHH6;szAw4UA%l_ex7M@h1 zA%)KE!XoIzb+3&eEyXC}i<(XuMJXkE=_#tPf%6F)n~BY=d^Qu_&Ud8Ete{OyXOzdb z#zG`Yt_v!b(>a&2jFvgiF;R+2Gku&BwYTm!p01p-QFdr$C{WV0Q08wc z+*nZ?3tTJ%kI#~DwcEz_l^a>TkIF8%ux^g-wpt+bu?4eLgYzoRQv)DXB||Q?MiIc%oVlbn!G9k zp=i`w1VZ?M0!fqrNo{H8C-qVs%UZrs3N==1cA=V?`Ni0WR;RSwvVsxPB8jJ|*v%wE z$F-5cU9(oyBcE>bi$RkT#fo^mqnwYs7VeqS$w6eaU`sD4%V6UD!}|j$ug1Zzjwj-Z ziB#v7UUmN`+%pA=EtUs(JB2qt%)Ga&mGhQ+t(|dab)qCJ7^u)_Dn`DTqH~PYJanFK zi7w9F@7Q7Lb~*?5!$YjHk3zml)o@$PI#s7+jb0u-rfLN?DctX$ky1TZ>-`G<3ftXppT^U+|NnA4I(|A1)A&8LvE%-? z!QtaCn*0AB9X`6<|Nk+bI~73>=l&RY$1I#bm0y0o=dZFclC*w~{Gh02BpZRBzAH}Y z73a#!`t>7xv4~VZ65NP?)yG6FaZt%LUa;gr2iI3TzUyq3N?smJWA20h#Xe7$u>@CM zO|GfJ{pxt&M|rthY>%{_{o)*ag!|Yq9!kL81B8*oOdGSuU3U+R8~wg8&D>H^Zm?8T z=NWE^Q^M`*)l_Mqe95HXsAUi-avpa`r9W0YQ)L#GI$prEqRGq>x>CUshgl~kNp8qW zf!mbkG>U>6hS(kRVnLJCC6UDKfq1+WBiDECz=fo^2r8zj>U09A4C){pJpPYP0N)w_ z56oYqQip<{TtW-GQI$!0W8;^Vt<)tqnDK93OMu(HDUWEsOpS4XB&l#}l!!dWCfq4< zKPHI%H&nwV%>QHu`tSeo}Fj;nVQ756lin7AbPOcXpAnCkrs5O=Kn zmtTJAbY7Sh_NU@o*+YL+7dagvnE$;nh5EKv?!KOSY%F|%9XYY10!L<;I-L=R(ZvZ| z)0G)Aucd@AVRH_7X3ZJ+X=W^=3bC|gBq>p9(A$&_ut@*F7*|G3bCD=?6bnwn1`Qpv zw4Ic$yz94pe%|@N0$!!PdEu}2D^3F2w~A`8_vC!__aD!nT?XZS$-(I2B=~Op<3Gxh zj=|4JN?q}z(`S>b@nvu}dOH5c+BmsR>>MgrZue;6tnufx;iZ^*H%X`SgZ0^DjqgUJ zENFCHhHm`unkI@f=b%LDkA9T8X>s#H*y*@Hx^I)l5a-f+8eNOdt-2EVT{Cn}BP;{M zR7xXNZ9P|Khy&jln@>YHIh$OKPESWh{e&l@lhg6>(6?9V+OUGh5WcQli#UGe?k~Wx zz>O6sXN?+aca9)~rDDdG@j6DBu~(i%*!Ldf z+>cHnAl-#*J%8&M(#&@GrI>bbZILTaFSPIHgz;fx#?-Mb+iAPErM-u)eM8#4`grFK zJS&=U^5d;hLWmgSku()cvy?g_Rn~>#KACmrb(yc&n!yQHuZ?~(>88cnZAW6w(VbfDdLnHoDojFL4|@lTX#yqoz~L=G8SE%1qY`r zF{(8-806P+h;i|85565F;qyw-OqupM&R_uA7trtMv#)1 z1}IX~pKq~y=ipw#t|=@B;r;Ld1pk2L{qQh6JSdKKsbT}EL>CF+9mb7FAsPd3Q%UXV zKL^k7B_0OEv2d!r3agkSj;5KxV4aDq*VCvDa!F-icou?Lp$bZJ<8;7WQR!m5s4rD! zRb4eq3FCd+T;&S&NXDw)5Ckid7E-!~>>wP3hn>#X<0t2rV|aG)&E@ELymRr}cp>II zl98mbYRS#fkXAcxWeT_50=0D!bMUv`3-#vEk#-+xL~%^sen1b+fPOSo58ocu!*Fmv zeDKk5wavW|vQMN)3$cPnGA+`F1^Tb7lHz2XYF!nzfTb-Qb~?{$8eb;q67TnLT8Y~u zT^6vC4fnjMND>__thxLxO|njP2{b~t8n39Fa3vakYO#B_8pRmmekmA-Ty>m5|5Mc* zwnwb=3ML7Ou1i>^PN>W~91>j_l%h@_&yL407+*3?`@iYn)gu|n-}uAeU*CQ+_(VAYq&}Kxk<%=wWHX(@8(w;)Xgjhpt r!Qwr)xnxGUUQn)`SGIF2w{D-?=k~dM{PX_@00960B=?ll08Rk_0hIDE literal 0 HcmV?d00001 diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.68.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.68.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f0a16d7577381f14b3ac59b307948186698e39cf GIT binary patch literal 33329 zcmV)rK$*WEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJf7>?FC=6f!R-Xco(tVm_B}(#J65ZQ9x9hmAuO_yS&Gc6axl?f+MQus_&; z_FtgC73?)n!Z@V=)xR~aV&i@%4~!zhA;%)vsi#x9KvNcf(tYRBf(W8!ByZ;aFnykRWd={YeX3)(GYz1_wNVZ;Dy)k_P=u$ zrzk{_A&tSsw=Edsw+7zzP7B6y`sa>-J!l0eMp1wwA0swwbpZ@9WJ56LJpLKM0MV1^ z-^k~L{sT?sgj}@%Q20cN?pzk>VqK;M07Wrjm=n4jf+-Hsu-Ef?zL-9&S5YNxao_8E z&szavKE*MYuYN}10?6uMN+{rSRO(8vH7AB3Hth9gn9q}m=aWTG7JZ8uhdrx%RM%i% zz&DjByzx}UgdysahzrOC7;_XZy1Fe3$T*?`>?A}zr_cz=jCkyN*1AH=8$tuwzY7wH z-oeqV)dgh25WR*I9Ads~b*(XMEg+6K#1W#h8d^Xc4grbT|C<#O^rho5%IdCQh_tT< zUf(---ulwB?dyA1$p4V|S6jhRBmeumdu92*xBDRf@8c;7#KzLjh!P{6E+m91M!{e{ZM%F#qr4dE|OpkHAlIiiO}B zQY_Yd1|GHCWm~h5OkgOqNA!VHcpP1e-vB%U>WgPydn85?=yt)ecmd>JD7wa!L<2(0?~Z0VTpdW}Gesq9VW{`1PF= z;gJQq+XX+#&*2gTXo@40LoIN|Nf_d2rr@(2CJT~mUh9!u2F|V#r8qzWdiqk*hHVYm{EDNq1atS7;>9sv&N4Dr#DakLPyF6H0gY@}6X%s_zR zkSygeKaL4wcoHI@gxL^;I7&V|Y1v?gpe^6FTP+w$4wijl*cXPnyFD{N67L)phD~r% z!jNJU^KuB`2NNomE z#$n(Fhas3CfJFPmS}40A1qmPrG>JG~Ac;|97=kGb8EUm65+J#s7)s_!|MXzO$;gL- zSB^8P)KAa@0cP@-D8^K=bgLqO0J(ysGqw!PPyn*VTqrtC*JQL5OL%_5I9ZH{e}(ut zEc53&{PsEEu3EOhUE6I=VRNo^`;HsT%-7!Ant}b^uG_ zI9vh<6jmFq8tNi7l2aSD;b+45IVHZc1(<;lCXqiEqe{sFKoEz}M}ik90=-yN#0)G* z5{Z!y@N|kOig>u}=&wGE1b6sz7|l>1shVq)Lsg{J0)Y8`x!0NR+YDJ6dO<6W7>8k) zGO66DB0r&+FGX*n5B!KkQ#?zkDq~5%eBB6~#V8uh@l?xMROAyFFUmy1cu`AaS{fXl zzXl5uBq1u`;4~2^BE)Y9y}G2(x8`VuE&qKD#JVEjs^&@}VoEsiNq7>m82Qp5P$HyU zW({IYWibM#wv!T}+vobCSRltPS2!NA@GT5+pvF`#fm}#MQ5@hYU?`jdhG!89fHo-k zkRt{lMM882f{qfPj0KALen}=MMEvsA=q;jnx^$pik_6nqNWK$Qz?G^4c*w;5M3JDo zzy&iEm4*2{NB$MNgtH?^102B+bBR7AHyuEzKSzvH$O#pqWR7QZ51iR=Lv)Qo0E2)D zAvqQ+T}PHv@3b9loC*V3LP$#o-eC@5iBdTMLAR@9?G!s0TfO&)wMHL;5Hl_&wbFi= z5ln)A`J5sIuF#T!_kytZ9q?WV#PmrsBuDnJoPm|W6Qfv3n`z*s4TsiyGjyJ9EA6cZ_wLde*u z&^EeVaIRkhU%Zt<$(kj4=_=J!iii-Jay?U>Y1TnRU*QGjOuYqa88m+Yu)q;sB#Z1t zQRGUHUJ;rn!Fam1=f{a4|F!xP9G$-b6fu%eAAwL-kZoB&94P`k3!fh+a=W}}-;Rg{ zS`eiP89MZv=A@_!L(m>P@4vl&e}y4$L$#MAw910{ttg#?H0nLMUQ+0u2|K zzlWk>C#OH2wOVFYsJYFup$~J)No`-G5Ij}U$Tf#Nb4age)zYgmrq@m}&tkiZzB{un9FBFAzz% z-6{E3^_1kx55ayaJz;>?olf~m)$=J|ZVMBtfOyRrmDb+clq%4((VVKJ>Q>A2dC=Zd75YddWF4I3(gSD!;&hX%L zDl~uDkB82|)Evx68iL)u{%ib0lZMPWk4GGG_CqqAB09qVL0Z>g0GdOZ z%+)AaOb`{6ih4rt<>mgR~*o>-YQprVTq&kq>h0H)$WS>fdQI-GrLf8aITKh>KDobFyf@NX9@V z2SDSAm1>fCFDTU-tO1GUGPR-9-dCpJ5bQi}Mn|NaURYyF(hBvon4&|l>tu@pHAXXS zM2RU}LxnCj1iL$}manvcRJiyg4D((^b_p;0>|Le$$MH3aluN5~->m^?iHB5S3y{Q9 zgl28Sn~?AtafG%R%KY9cheHL18%1`T@$tZf|NaW)E1#J(f~WMaH!#BPf&)B-52 z2t2Pc9-f~R>C>3Rdfl8l5|fZ9J)=PPsixN^qIf{sxFt%zI%Jn{#xnnRt#xr?x=yiSx^~Mgzu3p{C${h=d`10 zOoEQ(zul18# zgog58`z=RsF_izd*5`FgkuEa4t+(HT>o;Kg5>a=-`xz4F1h79lWJ5p$Q@eMmLlLtP0T7I|c|r_2 z5jx2na%Hm+iYZU^CynP8t&CHiQase8wHY54*sug_i-h?h#EVU+JCYSW@KTmme(;DP z6@wKK4noB3VKJjnY9%mnhJ22ea%k0rlT)>#2Ncz}=mwTWCf2lDha8%*U?u`_W7Me? ztO@qi44M*B8EGh^%xMgK0#B5`|B}Sv8 z{gx08n=zrP@IPe*uW%}=z+@+;C1TvsN6Ji8sT;{~Bvr-}yX6_7Sh2{Fio#sLIF^A$ zLZ!F1QDl0{RL-3;C%Ji7mFkVet zTFhI(4=*8y#y)Mr2A~YR5?tZWA%(uQjTmcn067FPB{8CWDP00Gjmi**0->lEb|hKz z=E%RwPOc0E6{gBRV9Z+KlsMO5a}XL6Dov1zFJ)iqvtE@NDm{{l&4IA^F$DYl{{AYs zDkT2ADfFzkV*d0`jj1dP)-wDFIg>Z*731=Aus4n$Y34Vjaan#-PW(+HMqJS%PJkQ6 zhE#ewwVZC^1=P273NKq@S0dPg`*)R}>Poy@bM#*2kGhhATe)<*{Z3cn+k*3Um4E3< zytj1IcKVSP5w7&ya7BXEJ96X@G>ss3qpAxgc6pl@2)Mm(dF{Ns126K1GxN^;#n+gd zTlEZYG&}FW2fX3@+_JZKlNqWvu18XV>~_Iv>f2zpwCRa^;ha)$y}eet`;|aM(<)th zTpG?6yn6DaRr~amNhmmhmA${Rq(zzg7i;AB^~mM=^~mM?r9@56Fr9a0EsfdQ9;?b- zbI%H0u7ha>C$IENO+7N7XFjP#f7D7`Yq_1OHau(4gtTULBZ|PYDC)tEj-oDr-;Lhd4voU|MjClFon=bTuEdGFF#30%;O=*pV$SZI>LhdJQhzX$ecmQ*wf2rp(m7Lf3GFQ{(It5I zW{9>h--#W%68_zqp)1kemle8_fV(k5SE9RH8+0YwJ2FAr_*Pn=wL+rxk){Ud+)CGM z|L8=tq50WDe@E8mY7BR5e6B`(Z?@-Z67IFyxIh%9UG?96N z{W%g^VP)O63esDh=D8; zP^}u~1`ch#QG0xSKV3C>FyZq{a-}Z9Ij7`W?1v%X@)aj~00BdOLdA}8u}C6w8;FVX z&S;R4OfC;9nVDQ6($`Yts7Yv8(MO}p!=qnDmxq_f;LXJ=(>3C!F=}Pwle1gNWF9`k z*V-R24R}pyN@zHIxQgrRdRE>4CDfq>^#09AbSoS+_y6sd@BceEIM{o*|LZ=Uk1YV& z->Q*r4?){p>n8@is~LdMSudb)%6mKg!HaJHMNgOS$jUgdE9R~O?CH2W$wR8R&}&3_ zrT3_JI_W`MtlO#(=AkTAy#3U^Aysjyf}m4e2ugmH(yyJ-(N?j5ZTs+A2*h`?rgmG# zhzaziy5^mma{0c5TfS9GR$3~tEixr{?{W zZ`--*pYzb#>FU>jkUXH4>-Xovpfw$Ymi^z)E=Js#!IW{jIs54H8}dNDcU6Ff-Eqyi zL)Tp~EDl=gpsE(8kr~eK^%#J~h3Bi0$)euV%5NF6Un{-?H~(eNI~RGf9*UC1YRD>_ z#o0hpA`Ns|RZ54ztSX{{V=5creE-?;w*0R6=5v#YnxAnk@&C^cN@wNc)c-hI#3AH} z^~SmQhi*B}zR4xAb^71nS>gWIoxT0thx?!J<@xxrYibU%M?i5lOEj~9r6 z;rGCMt9A=(gdzeB22UH+u1?wW`LoG$HTG5d9C^kdV52AypK*lw*c?pD{c5DGxLxDJ zN6Z~IU1{!O`gdyX>ly>0`co5bx}Yk`{PSl6$N4=4rRi(}c?Hl$@T{~9DWL3K69`#a zf)qgds!4q-9y|q*y=w%)issHhWG|b*utTv^7}m=sFmiF!DG>W@6DVm2atgt`X;M31 zvuUj??mDfSzG~ERolYQYw0hyH+bu*3=lfbraGyk+ig`%QM|p@rrP`t2%n8N+ArXgR zOoHs*D{G<#n9(E_@FqzxGsKATAQaA!JS0uQl`@^!&Ahcd60q16j>n-i)sB(Lx|bb) z7CK4U$;Xh5xs^8PLf&d&`->i}aLXv_JSDsY>Ii)G|X zFMJP=d}{SS_w=O^P|j{m7gLt0jUq{O-uQ!VnppydUc+IIjb5VieiF7;Pk zXw|<$($|r7VT`+1Xj!5xJF}BNUmahLe?A*sR#Q5~C=3cz%6ICDc0pOfyg6Z9XUI3$ zEKCB!>EY|+&9TJDmt%7Z^#%NPn_S?Bp#AM*2MJHQ)@WB8cdCKSa2)=0e0n*4dwelE zIXlfGS(gPr0in5}{Dxr&1a;%{i?gFb6S50A+U4@2e~z5R*^;#@Mxsz&s8DSO^S&M* zpC113>iA`Y#@cT36|FNs-(0*Z0bI@J`6E_~+ilSL?0Kw)sg81ICXE8&tCUw$rIrwj z`9{YVZ%>Yn$7LoJgk7KzL54heUjF&BBS%IxlEXKbKaVfZemOq)gPZY>em*|>Wi-A#{Aql2c=7V&^zhZm ziF$(dAc_cmZ|^mr!;$e zxt3L^k{P}ZDo&3t|8aKl%lPu*@aW|9r!^#NMNrTRT;~^OmuE+3uf`{*qjNP_Yv7A1 z;lwB5NhFqAxi@Ww^XPaqYAAizy)k(O;-jw(Sj|d^l0?TNa|)N zUyd)w=ZBX+uQM&{&^XMR(#ihqk>83k_Q8q!~ijUDa3Xvz9K+lK17(;p~v}6;| zr63m#y%w}2c}@&@yG>q0XPZes=9#t?xJSvlv0qSK1Y9NtoL_@gTscfGHm@8KaQ|y%jOiRF0 zgKP~q%qU6Xa>I;)wl`%xRi>I@tEO2l^+P&im73YGg2l8`JnNc|T{YWXlQCA)OPzt#s3k-%|49b1c%az(`W%OP)BHouU@sa^QEEvf)M^A4iQ^2jus|DOwt}Q-O^gB ztV&sfAI|iDw@>r)|J;rCYxx1xod56b?eq)h|GWME;NkrLJ|6e^e{QVvegL^oEwM|l z+1%s|eCAYK9jKQM<8J||_E_FoeVx;J2LN+O|M8%alIU%xteeRA0hIwMoAvM{~E3(UP4 zd5sqG=c@Mne0h039$g+@j>bQ{`SHi&i}C2>e^<+|l^Exo$0H6o`yrW55ta9j)uBH7 zK`bQl9DYj_oK2YMU^$Y_2zhWk_`;3{C9YUsE{l<`5z2ou_lAN1fADhneS107AHU@W z{NWVtk9P{kmaHp}t-@}ACdsUXfGt^173gIJ9)X{s3brX!2arizfJEUEOelg^EK9hp zLvol({-x4^$xQDmQc#1wQ{^9(`@qeFO zj(I}1( zBjV3|gjsj~H%DPC<}r`g4*N}?n)AQiXS;>-zrnNp{fG0vdwD*7>^%k7crg?Ug}g?C zFJtumLUfBiM?>(mCud0SY3ukyY|@QJR;E;$jL&Q7a@lF3Q=L_+Y&R>a>~TjDhP3;p z!W1shnUSBL#GH+MaIh9SLPVooO?q+pyba5Qd)Cw*CsHgIO0>#{tN5=g|!RNzKt5g)J#|PJI9RH zD2s`7jVKd}7G$~n$EuV}<8g7lPZSfq13y;lvvLhN))g315mhqc3QO;ATbTX-)Jd9)0nNC=GkQJy> z70XOv=_6$*3mCx}3c8bJo~Dt`T<;#3+?BN|)G}Gv$zK|?m#W%Tnk#DyeCB13>6y-+8THMbY|0<2p?oR$aCKcVKgyVF8)*w><{S{mIknh<7aZO)M5$U+1irdfrLuB? zq5x5$bt!MSYRltLg7T;Y-3E_AfPD_y@@+dirGtF#apLhg zQm>RtBKpAF;M*sn|C)_S312sVm?L&LCoE0B3p~|O%e*d4-C~JQUp!4l&d#3N8}d~i zd*%c}*~*`|YnLq#_3et2Fzo8((^l@+Izs4LP@JQm&Igrl8N8JCR&XL`N6Mu7GVW7( z=OPkKhSJQalCle(HZ>yDQU2{S+(R6LH_Zk5}2tWrd)Zjp0~r zCxfH28bP*oTECAQA8)xjxTf-|-h~M#$DGcNC!WP-H$$NLF$V+j&)@-`pB@>a_U z;?Q#!ap>|*?f*6BKl!benpKp9Xo8~vN3&*OU^V&w2mO92|NrjJvxoDa`*>Dt-z^7! z7~{9bkVz-dm$%pvivI&uM(F3t);VZh;V2jaZF#&PA^JfvN^5~Q3?PSMfz4LVlE=Tr zZY`4;yTK0A*pt01;q;!7L}hEL(11yVB0dB;go3fPmllliPn0C_isrTeD7AKF44 zbk#BP-Hrb`^FO<0Wjz5whqgS*Ge`H<@oXyPK#h_bvli ztZpV?=H_$doC&!9qF&8}Gyxv~9 zTjs8iFjT-uc_(1W+&Pe7{VN*tj{W& zGRwBu1pqS(n)R0J3}@95j?GZ&B{;0HqWj7DF`cc{v~Q zcfpvaa3_p;@^{0S=dSOFu^X3T0ZEd{OOoe+a&{8+I6}eHQxy=Vp4*0nsmGbMBu{sB zHjx_oU71C!FID+P%Dq;Nb{n}y^7vdCM{)>jCs84yFb}?%r=SVws+0rejw;`8lJ6_) zLW6SURY^fA$!w4sL_Mp{Z3+oO>PTCiCZt4aeX@``gr$@r7LN5N?zX0GeL9h>=SwoG zCbdY_csEQiQpQo2W+aEuN;cx4cGXoTRdna}US%JR;NE%gUnTVM%DmRog1M^yK8eKI1uLY7Zj0fn8iRnA8!>F zpC`2xlwPFN9U`9*Qj#j`Qqv4Kwtw$s7$*^V`G8@>|HN{QBmJTzU3Wc!hlX>REeZ z?hKdCa5#dw%~KiFZ5~%}w|N{v-YMLb!QOU5i%!^Uw8jA}FXmU8Kns~tGRkuqQ*2Nx zGN)9MP|l-b9y^yn(3S3ub{+xq6tgH)xK*_trD-B`dJmN+K=x4@2YZ8LIt}F}C5Lqh zIME3x%$pFPsT6rm9g(F&4Z_V>OS65f0ZE$q=s`L#h zuWppaq1;J@iCL+`7|p0LNcmKTyQ!StE#1xnm74lkySX? z!N*C6l&i5N*{qivV>O~Ih0s8P$(JuN9fFSyxVCZ1x7@6+Wh4`iOVs zv(EW{Oo9M2n#lY>lO&j-W{v=L{-1-rXGQ2EHObG4(#J&<$K`3^1E;`G6$;*_~A_i zuOSXaM-Rc^kL7akyODu^=4T!GuhlfD)U@V4V730AJNw1^U-k|j@;}|nv%ddV>iSji zQUBw(e-*tjs~w^86T)&@QbJG=W2 z^Zz~`8ILQb#RXz3A}GU9-y@LCpbOgswt0Y%TW+j*nsW~VBIjN}lMv;Ccl2$mGJ+>( z1ndHIjUvue$S?_z`W2Hv{m>$WS(yR!Xn3h?WOm50dQ)@DaQ*1L*5Sn(a@taL{ZJ)> zl(^I-(gI=L)YU~%5EC5nv}*dIu4XKFjBylkwR!hLh!-gs_t$k{R)VXA#B`jvuCM>B zt7X{bw}fz*R?fdIrPoGuqSu&LW5vcp{X!YTt#e7eU((g99pjz*s^e>W*_Nl6;?3BH z9L)&Dhz+aZ$pcJ<*2^lSsRV7;k-kDvXfY=-3CV1^X`3;L##rAqx2oZiP=n0s2y;)J z-TqABS*s&6^TLYeud(fw8HDw&Hy@fHzN&0OW1Tu_>=TM|eVB`X%L~PF=B0d0-~n*u zB3dKamBV+XL3*s;V=(%|bMMbu>;Hxc0BYj@_jh)R>;GMa$tAf(khz^%VgzR8j*%b8I{%Y{APDYo zg>(R4Q#OFJSFetbaycPhA75Ua9638_ExVF&e5h@WgNDnK*T-jXoRR%&(Qv7v1UIAM z?ELK2*-y2p5$cK1=DT_-nj|JzHJW!I9I982qt`Dh(=Sxv(i2LD1DzAvU})|*8$gYH zFb!7m7VyJM$l(b8XC)sA5%&7+h**F>mJ43u2;YMIP&`n zz_$DO&LgmGWcLz+Z6mzD80<>n?})r!gMpoq)Xh(hzVwmUpXyob{CC3u@Y?wAe)0Z? zy=VIm{$Ka<{LUl0zj8m*JB;-Hs*aq$G#5WSn?7sF|8)aD^-~}JUG)DS9PIWVI5=XVkDv(fmkHUG^y*_tXq?f!32y8mx?=OO>gy*#TjyKLz9`_<%hac;%Z zEW8D;xojh)(k_4eh@%S6M>7pXK|@J78E^T5D0>2~^6e13M5=F@8_!{$NrJX0s z>SZPKN>h9}a?sqQ)*hLh<%`DFZZ!Ybv;o!Hf1VAB=YReE2m9~6Ja;?)SDK2xCNZ$p zd@!pTb_-+B>i%k?U^yhs8uNd%0e~$df2^+S8iGMzxs)-V!Wik2X@jZ|8oro=z{TB%!skoj+g|ptyV$ZeG-CfOuoRDktaA#a_CNl6S~7y^nG5JxzgX_49iHwXj-M1-5mx(IWzRX|Cci#C{{ z4?{!eWAEvchm=2mil@2$m*(l+w*Ggpb5OGX40a#R|L^5lSN|*I2$DQ8YJBg`+B=qe zRu#=5;q81gbFFlj{$ja+vH@0}Mx$Ihp!~Z(TvDK{@pqmcsKf(*^xQyM-`*lI(5mb< zjvn1!YMTP})p>1-1LL}lEeYs%~Cu>y%bW!A@Z4QYrc%3P2Mp}IEVNl#VjRn~Fhu2i}< zPJY%1MAOV?tJSuZJn4?itcnr6UC?BP^*%y0Gi+Z$eCC`m#fW(+;+}4edAuI#N``MT zYu649wOH@LAaMsz^Zoy(w?8)V|0v!6I5>Fl|G1ZDc-}my|xo=m-LH9D5Ep%J+?ds{=GuE4!k`GJkZ?WwwU1eBx z{n(ctbNkt7{%_m=Yf$$8+IjH*xR>X?e7nA&7`R*CE(_B(eYF-j%t`w&Dl&o z-^|hj;4U>8RzYdR<#Oc$#h9fiI3Q-iz+IR>xzwt$TcvCnDGG6o0cCjW&9tQ z&wnP2pCZGebM@B^p;x)%NO|sa@^aM?W!BVR#J@uFyfOpWb)I3yX>#P-z&3i1D&bSiWFdFURuPgO zrCupZWC4EuZ6iR@lofzvZyEv6hq_{|4B>L808D)?d|U~aCXs;|As!W}Q=jZFwNwg- zJ{4;)#l#a`UmTX)fHZ|@hCi@=I-#dunSYkzJ;x9UI_ zq3TOxBAZPLS)UTWJQ>8I6=2$gcEtTcWyII0+lwJ%H$f4<{jzp6rmW}BC`sbt=*pL@ zZt1H`@7^#ow$u5c;bsctrOej$f6e#*F$rM83G-oy=oat)?e9Drl+OR2J$vx~zn4es z|0@|@jQ7ZgA&zFpZg+sTVF{tJr-ub?Z9aI5D91hw&q;8Yvd-G3gzj|=8=4c$7D%aY zsk3IDVrAh_zL`Zc#~L%zoD^!^y9MmMhJ1h9S8@LEc5m zkCO^@W%x+7--@+x^`UKjgNiTW1R= z^gHH`JkD)1i4*!g@`|$7+44obc})T|1Z^Qw+qcat)qMSDzP~~4@BeDB{_j59DXjnf zXZ@Xr_5VJe%C%n%x9tNcX6(;|@t2ssm1^yIn9OjbjYf~a4P@$PTJq%lXvNpOA?gv3 zB0(zf;QZtzm=X#CG83H10zfF9;RpnXt2E>pn9OdK10l0~Dj+NXJ;15Z5PH(r58#Ny zD~ptKnG)2Z@7#oA91D2>Rm8NjC27gv$O!aY$u9Wr>36Cq3hX;JhTzwC=KY(9!6_Oo zna@M%JRs{>I*W-Nk+&hTIi7Oulo6mQOhSGb6ktb57`CQNc_3&~E|Tbw9Y#x`9xY=u z1g{gu<;&Jgdq@5HE_LqA1*;s9h;a&~ThkpK1R0y4rhWCreI^IMOG;u#!wc=rE*C5} z{Q^caF;;IFlGy~_v)CW=_kf`gN680S9B=}lFIECkr1ePev4PrTgTKm6Fo02@_mMy{ zZHu8-0)!Rsqi|c}po^TvmLV;Xw;;AvgU5+dQ&q|f^OCBU3S3)Ktlos^8inFjzn$Yh zhJ2qa;&V!-qA%q@vm}l~nH&LzStk1eiGmo(k-Go$PO!tO(JXx^u!KETrIAg|cG;^v zpqE`>yzVS3VK>`Dw^V+Qo9G78;PCuJdEe=Kt6H`(K&NK&DdJyi7RE34tg-%Ymi)Ux z{_nkmqW{le|JnY-`hOqK7V>|8?T7v=&Nd8BZ_S%OH9$x?>fUacgx_Lm(Y5gupx^4s zwqFq#`~X83`G~f4M_R8&a_1peG^Wx|X?iQcR@Jr}So8uY zf38f6u8Xaa>bzhReaLfu+h=Y0e+Thj`@7}%uf2!(k9&Ex7u)swUk3iriM}hIn)#n@ zIJ+U4&2Tj9Dn)vm=Rbpfzv%zD+keRac|T9V{v*bFB*y!d8g5Unr^ZKYMKGw`UETVk zfC8801xbk)w;@54qIMR;-x8E&3KiSll>Ro1@fBLO!6z^|*h7(TXU{Bj-z+2(7 z2wx+57~@}%wiU~hYC?mYR_HEYg~;5bS^>;T_6chMMoeZX)t? zPmTQF-PtMG|9AHu_W$?t$ooIF8QG-AvhM-a5-OKI%gByzIf-T2^aa%=4ii3q4dqAa zQ~ddJ%L=?ni*>-aK1D(pV;Hh3wC70}9$Ce7R89fiOX4RBA=VAfZdPtAUNXchYP5~K zZ|CUo%xlmbk`c@WNanQ#35qU4jKLWaFk^}%J_YT+u;E`=+YLS=$o)CRlFI$&gbQ-o zd8*RN$~uu&1Z~YPZQHTaHTETZ;{D^b6152)ds0EP3D3&b#WhLEnzRyuYr!n8{HfQw zBq%s<=b*fj}g&cLexpZ~7;`OC0sk$JvV2OgprGv!#y3$g*ljuSMA>RZ;q?M2?` z;sTEWqXcPs_4BwHTvIeRX_RE?f-Z8 z3--Ukv%UVq{Xh5e-061y{tSVRZG7{sxs_3LE4%Y5cpGidttL2b^AM}VCAmUThB>|A zFyZqq7vJix1j&FjYg+{d3ZvjKjOXw)S%BT0CXLhkfh#1o0y6WeV-tWra0-v3YmcQy zD5>^|Y9?+=SFS<%r6=20_&DXiH%H+D&muz6HgMFP{~YuS{{Msh-G}@C@8@|0&LQWB zMhtKQ)R?P;$&&FkOCgZ6ix956sSX)|KAf2oJHXhkVw`PB!L)F5aI}VE$`)MJmQ3+ z)+2C477G%Aw?`uoV9HwF4D+7+SCQZHCjX&5`LB5~pY_B)=1+DV^)f&c=wBtVyz+>( zo_g#iZawuT@T&FHr>ZyKIQ%+eziUULxWi5Y<&n5pg#VL zV1VdJ^l#~w@((nb6LR%feCf{Rr!Lmto`6rF@AbXs;FC>i0F(;TYMn%Y&;U^(U0EW% zNQI8P1X>mVE+ne#zYbWE1U!AZNEmBX$TwG)8@5{S-@lj3O-qbg+I#;TFYYPgod(S_NwQcbnoB4*GwdujiSKj zBQ6F2hKvAeedcq>CEGB>0aTY4$O-Ej$5hXM?}3vkz!GFcxM8)RlY+RxVF)G&%us|V zbn%$gGZG8gHTrFb%MMwxff%no;|2_Bw4uzx$u&=Z}G8Mvu&k@yPz~oIyISvWF zN;xh?0U!rdg`)$5-(1zAZTO#n?#55xefzfrEJt_7bP8khc_WgFc1&7>dLf6YuzIJdb_$0 zv($k9ph}%nUHE#;yr6jGOtoy8h^W=1qW--D`xD2F5i1eVjnM_>+T>y29mL_Ki|ihI z_f%1tX*q_4`QwcL>2S!;H=Xk)~Fl zAOonsQ#B;9a1ZSkMo>bZpho0j%phxEDT3?y7*4Lce0UlC60LXbR3WkVtk6k@rf5=g z-V`LUQSnpC3wIWMvwq`KqU%i27&@Xt&P`CS{(bI5wR*k2R=Qm2K?y${U^csV3n1@h z`WO1UWr3!GMcLmobX>ty$*DGzt~`MH*;xr)v(@>#$t0!m+D4C72Nmy=vR058_0|D{ zO6~l;OieG{Gfy;4UTwV+T{q@*yt5tE+g@zB~>|=NCjma0S7v zQZCGZqT)`#O946u`7BDO&aI_Z6>SX6IA`g>3M}Id0gvjkH%aWi=+4qFnY0+(X*Q({S^C6-=j zOJx$tg8JrI{H6x1OqOvckXFQ(i0bvUW%-)%AmLx-9eN6`pjru3DH{Gk4&lRlb*)zP z#F-$hX}w3C$ST}8RRyuR)C7a!6kbRAnNB)j_rOI85Bdg4xCNIoF zQGejl%I`!$i#R|sclyE&Y~jnH){2p#K*zA*<$yppLMb#+URsr*nm$o0(C0WWnu-tS zg263&1W+H9j}%7xRg>L!7HFUC4I#_ zWV$ei=k=ae`nk1!=;GX}qi}`t0##rbFQA+b66zAmR24;WC?#t!P!zzBkOM6q&|`dx z4McP!H{<=Eh!;&mCymF^gOT6AIzeeKBD3w`x4-7wCx79fQ}SDAY^^Q*sT~^tZLQrm_tlzG$zK8y2);D+&aBI zFv(`-)bzbA)~-!HkuzS_)ByOC1m7k=dl8sj_x1LY7{3b{^2iR0r;mQYF4H&3^S8jt zc4<9q7`@x3g_N2QEEos=JB{|H3@PTz#x*7pcT1rj&&-&JGsIH#aLEd8T?iU&51zuZ z$fqC+Yiu}`WtTwXu2|1-A&)pMhpQxPh>F_Ux+y5LSL70zb-yLHHyDWDjEooL zbyLc`3$T_d-EJDiTulaIEY-i%zhhrw(SBm|UopfWA~CVh2d;W&@sM2)JqkghW-oYt z{m2SaJUjB6Twy5ZK4hmHy*xV+(;~LY3P3TQKhA8^5xHun1AqFuW6%UV8L@*Y&p?)# zb9sp4!A&}vnc=yL&N2!1l42{o!_wc*s@>DHhCJ8zwej|vrX9--Y+nVNac4I(PE_~T zw_-pRz(`%nN@OhARuXNI++z$a)ezH`B(XLT{_NS zlw6$6ZTBPadXtEFJIRM6z2uJmnvD`+@EUJA0l0}KUd?l)~;O9jcFmG{4{ zXULUVstDEtV(@&L=+uZ?+V54)Yq}ynWRV1{rPsM%*+ARPRtfW4whFQjTH_e9r{=f| zaFv<0;|Eys7Cbj7e&wCuDv_3s{=hTFPlK?G0imGVUcoOt;+%6PM&|Cb&-JJh_rVBwq8KH+^r0Kf!d`f?o-OwT10L zMZ%f!2-L4xACR+z04(G3y2aj$IxKcoMlVRF$fn(8X=!}&YEjG^P5ud-sIf7d9oxZR zXq{qgV{2ZcjXzC?))mHwm6#z!eEXcvOl#CIu%n+n0_SL!t*B2>rO%K0t7}U}_S5b> zIIkd4YL}XhG1O|$)=URK`Kc5{(*dLDN>BUO1;sZQL%$m$z>hm?lHbm>TZIw?8{EMf zJ3RMv#NkZmKOWH`S7KBhAhzQOg?-Ug^6N{c<6OH+D~p6`{-1tItBD9D8Z@*bXn5*- zl&lDq#>vTE!QUm&QyD&A?2BZUZe=mbpU}x5XYYTlTPOs|JAiCr)#|CAO@F2Du?q4} z*4TsnLEtQ)`e6wcrQz7g>KICUUDVp7eva`*GnWxvBzaB{2 z#C~7;vmVK8vplznefe~;RW9FFvGeAndcw$)&e0<3L|U|72UcYevWO_b5HU9?x&1H; zde?Lo#V3F5gD0MkD42k{1}ZRk*QJ(v0TFYG&WHL#NBmEa8igzv*7LwR=V?;CQ%T9@R_7CCr&A69(`r^M!7x>!R!7QGp+h_PG( zU4kmex<xC(c)@&X!^9Q(M`W6a^H`VWUMhc_FzsYK%+?mPWtKE7!G-W;7 z+lIY`07X_T`U^Ls20@e7-LM-+?oVvcB9uNtOMXyNHF>^ZD3d2@@-O!q*@w0M=xpB0 zvUT0{e!X@7E-K*i-z~4?tPqRk^!WP=wh4z2PW5|LODdCQE*+JIN#1-`=$=OK{nC0C2uq72TP_&=aZ#rfcs{QCfh z#@R**V!UwkvgvkGv_X8GyUY|Im8L5{A^MXiT(^T%4TE6HYf8Q1zLoMr z=MnQ|GA_Q+yBNns$(~>%Lb`R$c+_MeJ$Big#QW%Q{z@0f{v`xkjFNg+rA>OsH7yRE zkCQ@%ErnBNYAWWQ+b@3gWD*nz^CKpX9Jc5Fvl}{%bN!UVJYc0UQzl?TasDCLm`6l; zIR8|3^BZU2`4bV_N6<<>^;qaEh+bzk1VUCknl8X_wqDaYh1knqzMwse66O3PB2T~C zo1(cgMKYC?cLz8oa}N+y1Ht9693a^iwMy}EG@G>Bv{bBvC8N<;DROB^>`_zk8;i8+ROE_u?Zy05j1hDhLLT3I@=|lTY)VNsGLR-TW&J9Ci=OAQGgWItQuMFK~iex~o`j@7T9Uyk2$QLFs_LrKLF9f<{#iEKSSE_$3*^r6D z0KFlg&HUWF1u;di2-Syne%Kjv|K`OsN*LS*fI&u&6);Y3!%QJ0rmBJ5YSAJzIK79F zF7-MnlKz^(lsJ4Fnzz)JK^t)9K+FBB>hMq*w2hMae3WKxF~_2MJw3p9P6^@C!u9Kr z^kI&YZnuITy$JBUfuUJv0OwOYxbvw!6qVbt@Imvkm>IL52`AWPh?afoN`tvffhbGP zZ5y{ZvO!39t*LV(ToVvA`ApEEf;m2m04xm= z4>6;jMfiZ`1BMLiAXnGgtKV;BNg57GY(`H8h?m| z*Prc8TQM%gdO8D{f$ZC3Z4Pz;KAuA_+6O3{7kR6oc$5ufMg(c2%$;Zm&BKX8j>A=h z&i8p`5+!^Ip5d8)AxEDyI4HNy0yi!`9K**>O$jkaiN^zIz@|DcXk>5U{Y)6O^!-7v zMpv$pQVY)PUg;EZusP>oMV*Ye$g63_pc_DKwAu!0DuCiAU2>#+G0h~x4JC!|3lW9N zfXO|At-FKl!0WFfCd%O=m}am3P$7Fn=f#3P$`-FqF-j~lpMm`Yz<<-PIBc%*J$!nN zGEJ4|4(w8Y>PHq#jFWCsiO%d|(Ua{~cqd&!?iN_28GwSCd?A`t1@%{vfX; zGGI@HK`0mh=XhJj?EY=1>tR+ZcFF*ucZ`uvZUw9RmpR!6A7pUWkv$}K%tOyl#>sF+HJAAL zTdj`Q=C^o={=rGBw>g!~X)rCu-#s1=#sftQEAhL1Wbtk2b_wfEN|mU|(a98wc&EC^ z+l4d8_wY4IjCT^Eu^Gi?wiFwAl&Ps9-j|_4?x)5SmKneH2K>ff$-E}jnSFEoF}f`p zdEO#t_>2Z2MfW**B6)~z`EXT>^kAF#mg6+~4%ZdtdCj_Hh9fHoxkA=tQ_j7=$qLY9 zOvvCLB5@5ka}{dl&)g|HdofVsf8*j8$r5X2+TutAmM$eZR%WLE!O_u5v9%J*!WjBI z`H1B6K+Rsx2&_YeEhw*8WiqjLly1xX%9|)p2Q*@=<$y8UtioTK&XrJ%h5oH?GT!&eI_U9M`>|bZ za=g>Ufq0Gg@mD7fj+2o-PhZ;G9Qo%NSvrJBj%s?TS`pZDQ{^+qFz|`#MO)YBlupVm zb$n*R_+zL{unGR&zfn?zIXImM)NI2$H=GVf-`PA>=%W1#Z5!{{MsPfv!y~L@S3P$Y z+|o@7yP_WpqW&eqwOfE){W~ooQ=??mi(mVzPH{Hkb)`umiSt)SYJiSqeQSvXY)RjK z#K;A0OIhEfri;NsOlS9y{Rz)KKpUEf9Gc3>-E&s zRsC20>$N8z^Fy`q7uA4Uc_7x^RMc>#?Hc;zOmNHQTT!Jc3ED3a8vMz%$|cTau$eB8 zDL!crrXhYFU$1Kq;;sg>lxehm0ST1nW92&ZEQY@^%m8<-L>Ad3hwVF69*r)*vKjOF zq(aMyq#Ey|ma-fd;(8@jvDY8Zd|RQ9bNE}?5S;4`!K>-@ z%q33i+HDuF5Q&|C)%m-b+jZ?_z%!}s9Bkx7OnXCsXP za#V!97^;dS^mn+E#~%1obBHkg8tHc#r}$RD>MF^UmTP)K#fez!ypyM&{e;J=&dQ=l zU3xLyxcc&vYEo^rmNUk0BCfC$c~_6q!l^0;wA*qs2E=NH-LJA&zc}R13Ct!q?$e%U z!AXH@=e`#djR7t|^foYiI2t(ox?O<#{OrB?@hI`l_d;egh7Wjo*Yn2k)+OUH@CH8W zab~)Dd)|FXlvC8pL3g2zTkJXB)ILti{eYf{)-~y7)+}?vWn$bWCc#YEjQfs!A+>h5YMbfbmJq28cr((J!9KfWM}k%gni*r)Q-O}zg5 z(%IhKL1d2}K^~#N5^F+)1uJ0TnP2iK3-fDm*Jw*YVjvq@p$Ka4w-Vjg`kN>jqe?r~ji%UQ5}9&`WnqVK%n`JzzxUvj1i zkKogCsWgzWT`I~66(TR^?(U_?k97_-mMoz7?EQKBIH}Aj24duTkwK~>MIOAmf*Iv8 zyk1CkQTv|+8k;A5K1&?+iBA*wSF#mTFm1#iKluWICSGpXffsK`YGZ1s8?jjqDgXg< zu8*I(*@Y7bMust#?@f(-s;1C}$41>jQQT?z55%vS%ExNm>I4lEm zwl)QS_wCx~Rpw8Hg$>$5W$1fC8%_1_z}U^sOV=AS)$tWZA?K2Cjp|Ym^qP2LTLW(R=0m!?@a6v5o=0zX}H!EOE!1LGF;W zLF^+iFmmibXI-XA-$ovOrP`GnCU)f%H_}+oCM6qMbVkG_SS=C5 zBci>tno-Zls&bSutdj_y8~#Y)u9Zrwl}f_}KMNmZ8#$M7MZRu{MvIGjeyO+qM_7ng zkYumqlY3urdk-pHLg!!w)>ikt*2gXBX;jS&IrAYz2K61w^qkz$?WdlE z_K#~l^|dgUszlwQC1=>S=lBesKaMBjI3QCnhi8g&jQ#O#I4lB=6_Kd>De?jwP(QR# zk8o$d#~jiuJsE!%breZZ;W($dts1*xISRi?88GX3gCoxXV4dFk^&Gduht`in1{vig zvgIb3xTUgKMmj-fkf@idsr}>6uX`#L2*!C{of|CUcfN&V8^w<$)_tdFcLG*}>kV z+?taObbAak1J;~G-`fZNU2<#d`bm-2=s1Q2Ln1X)*S(Y}n@n1TjWj$oEZ|^VU9ZMI zv+!pkj5;c9v`78KL8a|d!q!t;A(k`=SN%uH;S`EDflv^O%5N>`?%1aczrY(jILoKI z015cIgMgTt$4N8L9V0FJY07DaupfoaV(x6$zi3n#9 z5`>eFy^BLtkXC9B9T0S6f-HPNj^$J*8CQeEI0IjQVt}&`M4(}|5p)8{fIu$858I>h zTh?@Bsd{$l%+f5JbhxR5EfG|Hj_U>o5>r`suYdW2!5wi0zVO`P+<)m4wX#m>M8ig& zf!?6Kyz%K|MUkzvwF}W)fIsFm4-BdI8bYt80WTr*%{&BqKZd%?G*?^W{;gs7245Pi zQDw20vfD)hR>N-D=q!sobiLJ%oB*YY`9Jp!S5IstTc3Uxm6wMQ`X#@@2^x(A2F*<^ zxOVn`%$1*AAD1oxwRxlIny|~?m4;zd@K-^^BEOcmSBcOcx;uM?zoOsWD@ zEdbAHQ;ARIKQs#qm9y+P0auL zsQ>!VbG+jm1vYAp06XgcGP$LEJ6ZmCeig%jCd#GJ8oHUTcoeYqp94ZmdH*)UJ%G}H zX*4XVI}~;0_yBzJG*J5vF~1yACR9fBfP@qO;&T% z22N6q5kU{^pamK)%)?b8>A+(W*F%c9%53shde+cnw*iBEcIL&{THlt2HZh7Tgdv_^ zaH0vmJ%6$f27Md>u~1t~;QC2cm*4!MR7}WT;_XJ)+43M&M<(L+idX8-5VDEkqVCFO zTIa|kp+_f^Zdzj_Es4)>xKj8nqpcSg;kXpyP<1pTqimGu{_O4GdVK!=?SH_LjCwW1Fy`YR4im$fRZL=Ok2P!C9w1# ze{uZYId^7B^mdw|cjfmLHCH0ptPX9wZdXoww^FH30^i-nZja!xJ)p)#I4!#^&6fn#l=`ZmdJ0Wj&k|4 zx=_I85F@d=I9Oa&|6vFOSw}8Td;|n}7-f`loC!B*Ha`LVuu*PZ*5JaTh9o2yW=~AH zsA3k9Sfczr&wiKu4S_r&3HA*`RIB6yD3Mm9`uIe|ZPa&^a5yT(SZQV=ICv^Vs@Kc} zinVDnY1Tmt4iS!gQF?HET&i6LW{2hW2jMt^G?g5w?C;st3md*mCr(~G-t=rv7miNQ z))@T{azdVCCx_8_`3HQYF(cLC`a3u-qdsYB35|#-m~f9CwA*OQ^(d4R+py&u7P&iW zted2`+WfAjr}Ms}SUpwJk6}+6dSIfaTRwz-)5rG8%BIB#uya!7EBUYcQbY&XG}vLD zZPZ7?p-UB@WDAyO5suUh;rH5fu!+gzbIhP{CM`Hvtf(@q$s?l#D+jUSQ9OD-G2lYG zF|k0o$=8g8dRglqDRKulwY{qw!%zeTl%+@K`3UmE}IL6SsV zv5bk$T3yiN=4*OMv_cspG3Ym&h)>U3gjK2R&)j2(fGXTL z=C}m!AyBSCBF`{+g$Vi1f&I3hcrvFZV@xmHRd13<&`?4T@UWI>d7#URc_S`iLbl^{ zWf3^iw=VK9SPmkYJ^?Bpvyd`itR@~!qaNie4>c6cg&Gpv7ZZIU1MKtfJ-XhLKHVEhW=Vv3SyAAHNX>Q z#!=tf?J4 zM-NhF7}bAP_dH-e@G^a+tyZVZ%fpEC@{tiQO4RQwfR&XeuuPVMT141fzB>f0vgJtO zT1x+#{vpSy1mDbC|9TkZ^cRnl@VdB{kvBbko!6lQjP?-)GbSR-^0WUQdMwz8E1D=y(xp1o&8)zezjr3U2vFFb{f7H&pV+5 zUJNFVvCbBH&nKvXLe^Z|6XT0XESe_(j@-DlyPuU-o^GjhI4YP~?v&@jLhxW4r$}Oe zzV|a>)_1gnLFF_>f=UEihDm1>@R-fEPf{qr?J>E0Oi<$ z`E#Eo?G8FFWI!2}GCDE4Q6FohBC+dvU z`&oJ1+`q@k&+J^Q+vd(~OVqW4l!|?gQi?(ryrIRk>V5M(0ag(@q530gvkhE8{(Yir zVij+(nuV&9Ij&2jz$QdJTYB^YcP4hh!E|*H{MM+YvGKJY4Wx}3c)3rsMV69({+E@8 zxvE(@b59RPQCwB%Mm0U66?7J>bT$jYxHHCx(C|zj&M~2p4h2+$Yok|Vfq(?yuk#9= z%iVzbQA!qO5zpX1)=FGbCeV~-kmpP4aZ;Wh?eo=vfOEP#^WyL9J$Jt85 zjzl&aGwDZ!&M|8iWwia2OwH0uC8T42eZC?ClRKli3=?OiYO*d9sld)R*kf-_0pO%l z0od$oj%-XoHbs53-|+_U@{;4@mus6A9q{_Ed)L3)35lF_4++sYfJg+$_1oI(9mEGK zdoQyMq_*DQN=^VOL*m@S+nW6mN1mClnW5k2Uw?l&PTRR^EakeZw>2!RUW8krUQ-wf z|4=Fuh)?jYu!mjF0g+rs+zBn%wLV$lL1Y3}UagEH@det>R*~rk6YH`3z@er&7ZiEf zr7i*u`v?i-8@?%b^vyJtyCCb5`9QalVU6Aqr45@+!#B4eJzCej<_u*x z=T3}p-q^g8{>ygn{-k)mur<@4HC!Qgc3t9+6u&VOJl->@6j#S2og4B(L49KoAlVYr zuYRv;Ca;T967PQh!iM_y>6B%c76&-p^UHA43#<80Puy+VZ0U5n3ZGv@GE-5_lQ2D0 za^`8JZMn!7?^*P8f@n5C8u-|;%c6a<7lzN0*K`a+&0{aN{ItZCVahvTJ34nNo(h%% z#iBpH53}3{bMcLmb#V=*g-Id3%5@FSz~#9TT_VQ ztS+z&T!d$xEOt?nxvM=sTVRf^SHdt9TqT0_tdsrS8ol&H1xgexf&aAAX%*%?Awl8b z!zg-{&Cv!|R{@*+DdVQf-f6hj4LP5L4@(hVM#6xN{s*!1_!CGl<(<%tcxPSPdCm&& zsKt(yVFv81R|^N$H_mSA4tjSbo5hj^-Cc=I5v&{XUB>rNxpVB5cAecj%l3pL9OEOE zR*rm5qdRg@j=EJd3F+ExHC`P|e)K!#X`aUNR?Km$>?sw@S~Z(L!J1|%ZV#j@kXAMo zXDAlWl-bk~IQ6h-FK^m2n^s^ull$2qA>}<1?6!SmQuQYUIPvfHRS=yuf6ajJ=_qpG zo7f;}+m2hmR*5M4Ijmj^Wh1&tK03+K7&cc$&D;^^uodL`)6|>@@}hn!9pYt;ks=EE z3)_q#PdZWzB9LC^Yx%}qmf=_rI_9JdJD6)i-fJLE%OG0(F{$p(hHjKf0#@dN9*qJw zH$6U@J2x{IU%#u)XBwa_<4f`6ed0oQ$e|gW89NyxY zYL~|mcMMh&JPVjbu#^r1d%|I*IJoZ7VGUxG=O{}R`O8s$OvloXLu0B=^_-RwME=B_*8ZUnSi+yM$_yQx$+ z^x3v@A-%SOs66#0)9RP=8~xQoC^q+6*_~^csr;CkYmX8!u{qlfINs8vsWSZBHjQ>3 zOqm0O(oyVjH#8T0c$Yzc%3wdMiDo+@nU@5kd7I52pL@1KdrX-I>rw#mQP2Iv%EQB} z85?#%=~EG`cm+K)3}3<+zl=~B3z9W>zX5A2A=Ot17&Y=clGvk z{dm~y{mP$l8gZ-R<>u(Iy}my`n^&$%M+M;Z!6lH)g3)o4?|~DrBjD!suV`FcmF~JC zqB-kG4mX0UWyA)IMlMx3sP9^893=+Pba%%=@*$aW-Fk{ zC-*;z4cVG#?PAKHwJ|zL>&ABwdK}lF6&x35hAP(x-GD~f&~5DqTNF-@=H3ewbz?0P z4Wm65{C3~K!Pz~mitt|__qK5;Mmm=d&&OBW`aKnMZ94)j zUk`iMb@m8bFssusrenX*=a z^d(g}~c2-P6%>PaDL`(RPqJrHB~JVReLTF#Uq|)X-~t3MF1)YoEK^>6ri! zEPnYb?0s^7&k*;*4Xyys8LNOb53e`P|vRvC+4aRx4^KqD(#Y9*>AmyWE}fGqU>LT|E3! zR(6ssyJ@903t~M`C>{m<0w4YWoF~Z?*g-g*!`D$fZzGMB69{dgB{AdG12rCQh97s= z+4C@P%Z=$jLK#K@n-0&R`n@F4B1x#2W`@9x^thCTxfnFXg3$%A5Xtc#Sg_-I9f^bZG{Pf0ek-H;Nr=bKiX0hcp~zH%m0r zN7M0Frqd!ZsrMO~JZ;9}L$_ zDf4Icv4fO7wDuAWl3*qeSMyj+;f*;>IfQ8A`=todbQIzip^9$tW6OYvg;N~6H!S8{ zelN&1{BFQ7#Uh-Aizp*@=O1D8*bl_(CrtMwhp%_WElv-ob)1`w_wLEgNRN-{&PtW9 z>v#7nm#_8Yy2_68cfBoJZlE=LpDl0cVv?;C@8eHUFJN$YGta?h$0bQMp>wNly1}x2 zM^&{IR8NvN8VmyYn<)5$rZd~$8yilarJ7BblO*1M(3JuKcM7YHclKh(#dQY1Bo#5u zZhAOdb3e@hGfHuhJ=Wd4jzsyhd27|7|Nh`|It45GFR0Q}NwMi`Y)o|#A*kH7E-piTDN7A@^||hLVd#K6FEIUJ!RyblC~6`t{5W7GSf7jK1)e-Cm0sF z=bvQFz$s6>k#imU_eyb?Y9O__F7qTcebJEtm*{p{&%MdMuD6aXKfAM!|7rpgn}_a_ zyuq&D^*-0Dy?|s`K!+JsE1=~iFudaPlF)A3?R40T=G;57{YhV;H6^tJwV%Q_D_u@1Ce zJ_H_3U5$M`dl5RBEy2p6oaQzE;zbRz_n&g}GYQ8Uf_o*N7OfUnd=bGLwjv1WLDvd~ za(Q{BnOyQ;NhTq@ILf*w7E33ZFT$YS^Z!R<&QTbY4wpttW4yngzFfmq5CCmII$r}h z+R;ReB0)+Ej-v>J#t9E*=Z)E!9k`Cz1t|G+oE^h>aBa50-vF@>jnWz%L*y6wm59;1 z__4RvOS(4HHJkPC7uDHNf;?&5GNGK1E}15CR6B~K$+9Vj{K5oSTX|h#32!Onw(sv6{m!Hqx)NAymY1+OOW+eDN$Jz!IQpBO&=64V zrX>SG?S|$U=ZPVmyus^SH~6zs2QgJ{^{GG}JZ&o01YiY?6=*l=vde@EW+};JLOe(C350q+Zne1cQTx+c5LifQ8 zRXhb^U?Muwk&h)k@#Xp(s89C^)XmZq-yp>);a=;3Hw)%ObS;Vh zrJAE$ceDu~C)wdzzXSHGDInW|kCn`+>9lhS%4AYzzpVelpvI;y{WNQw&uj4UB{N@9 z_Ao%yZ48GSu3Uj;eGa&)_EztwI3+G^t`WatAWFf_mt^da1&yJ*fS!LVviMUl_Tgr* zcXb`9`;}Huy}eynBu<7$LbCAga(QlR*ZJT@+&w-o&GdBr_&9%JH``@t zxAbM@-`qH{nY=nZKPJ-c@VbBMADvy_*316nDeV7B4}koFW2i$*`(Dfikwyyh2_C)n zhEn^IQDl&MvgHY1mGor8tH~HG=f%%sMez%A`{#C5FU}y-gKr|`wx#|2_R3j7QAm;U zU}YI==O>b@5jb3AI{Zt8`{+#+K#&wLWQ@cp1xZfg ziCG)5NH8dl&A~q`8?{Ay*XYH~`?BewN4^i2KAEP!WcJ-p^plo#+~d~MP40u)_Zewa zK!kj}$<8zscLL$s#4(Q94#6-N@nsil_fyC2idj>zAkK1QC+k&>56i*(nCWs4o&+HB z&}0kTwRib>*&H76CY1R)reQm-mm{@5i&l0BKoX=f`f=q5Z_( zF45IC@c}WZB-%<$w~?jwoGNU;cUqskqu7n|*4(l5SX!v{P5aAO9N;lYWw;?nU0NB$i2R%EaA(=fi>0EIfYU@FOKcLbd4l9Z!tS zxDd)VYqTZ5L_cnfi#pSZV&SR?i+W2Tkn?d|bpJfm&$1ROk_YB9V}4E9RV{kerN-Q; z12~Fz+kS$wqvvt5dUbYDADgRnUatV@x?_bar>Nf=U_uEIeb6lo6DS4}kzY=!5+P zzX(yr4nH#)6nkEB^D+_J!TDY_19w9J4I%YRY}4wVee??+Lk3^i$czWGY(xoT2<`J- z9i#|}sUVffri5+aCI<#?3gQ3;Ipov?g~$!Sf*lVNF#-`NP-u@r#TUT0%WO{6#^R?X zsq*!qxzfq{*@l^W-Gtt}S=5cTe6(~iBK2gWn-humX2`i;t@<26Gg(%$Mk(QHo$tOt zcME(=MX{1v>0pg{+Ix(TSv4cMWLlF0tZ|eh)N*?obvYFUYF-JaL5Kn@W>x95$M@WM z7mn(Wr8~^iLPciFDD9QWzFjPp);~Zbf)OSkO=Z(tS`I{rDJhcV5M|EjgMnn^{hW zO{z@Cs;5_e>>(%$bY+%$9@_+cy_L|TI@u&Ujrk7pq;Aiy5-_5gCm z37aLrZ|9*k^Kc3}Zw4-vjYi#xO71D?^B`&WK;t`0Cp5bbmdELr+pI~aE;O?amNO0G z^+g6HpvV70F9hUdF)0I^!T;=TZ|+{sM zN#ceFpU2FF7+?71mHp|YvOlR1k`AUVT+1gf1bfo32`g}Tn>QlT9i9bui(sdajF~|v z#Z=n9&F+4^q1>l&UfPL?9_9<$M%)%0QQUnIPIA7{3+&o|24=e4=-nH#U5t27Wbct) zCHQ=oZ_{YlH6gIap^OY@$D!L)$5Uv(@TjKZf!iAX+u~zx3_CBcv33Vd;!}{rW+W5@ zDh!7}hYvWEn;4gjkU<=oU(|z&nKh6V`zIywYx{>2qBFAu$nPo3`b>(AGb7na)F87wl5KTt)`Jb4**zS+n43xsgKgKOh(bqVm0^mfWi=YJCJ{*^p! z2qlC^6omwA*jk*pnJ{!GL%H49gIc*gwwa*@dV$l#S{(6C#Zxi9q)-}*|CP(?@owbG zHXt3^P8ktDKlrj8*3j}-3rMw68*cqQ&e`IZ&uoCA-P_LQM|TX%H+?VoY38-_&IwWX zzY-O*cCYs>;G_Rcs%IF8pa!D0Ql==WzhXm`?UHh z|LE(^pyN$_wva6Rf>i5aJ|@xb9cEv-*Dz66K+1Xc}e$L?(F)4R`dCnYOc+Kh>hRj&#gfdBkAEZ z%HsA%slK#~f-UeVii0t>TF|)kV4Chl{W1?Ajn%iPry2(#QBhTC#;GtM*MJwIL7t1L zAS`31oWT#Vl#Rei)=xVX7KM7Tjso%8ia`5Ag&UzNXS(%ZJ=z?K(TZ?)Kw&$Wp72ew zywz9%93`<{@l%Ri5g_XxcgM%EdMeg{-Qj)PHRF|R!4X$E>_DWiz96jt7fL_*6Q5^I zW4Ml_GU~K~sRV;Tbm)yLDT)$#4m6x*rB+4Z<%C(puFuw52(PCH10YR&@$9XtAJ4P^ zNZM&=4W25IQ-p2JF+h7*g@>dOyoXCGqE|kUw?>Z$yh)weL6U&?w4@DC)XL16j6NV8 z|1-dO2iCYQ$DR5TLFSMKSvVPu>4-`2x(@;zTn^7TD7aD zp!Uq8vJY8FF?q3)9)^8$dB#vWv}-K$+SrICO621ioO&#EpiZ(@>a5wdq~NA1Os44< zw$wgH&&wm9oTHFgjK7oZE4;GR=&ks@5I7(?Nj0IC@Qh(n-eV6=KBIP)UkctPOUK8m zU5RYJvPO*AD4FsNs7SA=xZ5y4);eej`vr0ZWWxJf!k(WH^i4dMqEm6Wqiv<*Zj{bf zxV%_4=nF&J_=!`Cv4-kaTZQ>=aCV6!FR)k9;L8~4etsu8b8_;MfPdnxLcZ10z&+oy z+;^ddUSoc)v@rUNZNG~bCiRrkCz6CAq+tdbYfaF^oNn2{LH<@>I7%eIVGFjI5~z%_ zypeTY)o${@-h510RykVxW+Q-!rB*le*v5O5`=O!fQ<2;}TF2~3RlWmdQRI~|A6ivi zZU0wKn=dr^^gP;;wG4&denalLdr9efK@)KLNS4wT9zL7 zpDd&sgfXtdqag`Dzg`=vtRy5N#5gfm48|?up&a|gJW4TTapUPuQt5c65hM~%j10{W?gqXY99nVES05?jk zLbxC^*SNacz$|s^{uG1j8qLF#sEGsB8+2=(nu}eo(b-$GP)U#)v`Dbxh!UaPaLy5N zko>o&!15P|3^54NiOP@7KMg}#mU0XIl;Hc!2y_GR5~4{Ww|-sLoRzf$g=eYR}(g-c{9y_xBp6yF$AIaIE1?HL|O;2HD7K19#+V zIPPHgG|8Xen>V#jh!v%KhLhgj>i@L8cCN<(EP|$B*k$kLc5YkEtkP z^hr4SMu+O_9+r(9DS>ZwyJOuBH5@n1X2`5JDjb19514RBkg*F?9eE5y;^S-D1bjTE zacGgJZK&{*MOshO_E^!war6%uqw@Icbu$R%_DgSv{*~_1ymXe*pjh|Nly~`CkBr0{|2bDc zVQyr3R8em|NM&qo0POvHTjMygIF6sc^D4BacL(NlLat1Ab~$?>BwQ279WvX$d=y(r zOl-?-DM0Aq_u9XYF1BUI34x}2X3n%{o~MZ|l}c5mQk7IHE#?zAT2QoGnL>|d7SOi- z>#d(`Hk;im7Wu!~Y&QOHu8=MLSFTvv%M}ZS;xBvu#oiS5{tIN^9Fv4+PAK&LEBn=L z#XI*Wd7$H93aN=5QceM&LkcZC$>@+$3uR2at0Rw^V-p!=;6jf&$V)6{n8dZ&#i zQ&u=u2)bs^Z{{wag036<%x7|YnU9%ldbIaT%0NW-OqcR6A@aZ^fKCyZnv-eTMcx>D zHgt3Z43kjL9L*^*K)ZPX3`pS!5(LKB1EaZV8KyHy0Wh)f2wLxf=}_c3h^C1SEd-$J zl1yrf8Lm@GT~glNy}!TD_;_b@Y^O|}A>)6BcaTDlWHS?!PUoXJL7t8siX6%c@6LB~ zzhr+Yekc|HP4@HI>_6`Iiz!CtUILYEXgU;{4)RDjl?KR$rd0+6Ix|G4{~JL90722V z_y|rN1A5S%ht(#x(6V51tz&!#J!1+T&_af>0B5XdD#jy%=bnx@CVpo{A9=?D{pA0V zHb$wtC=*k^_aOQcKLLI3pfyM2n@j-f^?xy!FBIeYzmU!S(Es1#*#bvs4CfXFLIAi1 z3kGv)3v{L?VR{gPn}hmAnyWy{^xoLCc!49NThK$`4tgdWS%?6N!3Y5t5`qk-`Y>4F zxd$k+T?3h>9-LrfqImID+hk%@kkK3@e=SkZYMbBuc+PL1~@;*xCYJCV&(Jf+&!6*c1=OP^Z`v z3^GZ5Zc+2#kqJ2~NU_f}iYc_}96n(%Q_KJ|xsjkWoK+jnrc$z5(*YcC`e4Ao&fS!# za9|i7A_Pem1H+2N= zO*#d02RXX8aG8qGv2D+tfa)H$!7Vl&)0qIu)QWD+8A(zAm<~bu+(RLDqD_gk+Os)9 zfElG}8#-`;JXV(?XaGD0u7~eTW_t;ZgYO;SVN5FrtZ&Gpbx}pg*b+flqkT4%bq}#Y z%&O}UNDG*cYv>rjBxH`H^h5;)fDy)&P!GCoWQ~bAaTxsID;Et=5xqW52J;?ZIz`^S zNf7UV$QS`qd^qBBp7ccUZ0z{K5lvxvizCWVGR6+a6`;Y2{AC>BuIs< z!Juc;4FZ-qM%1(s7@;xtV%+Asmcs-PIOtx5lZk-wP@0!BB29(LdV~O+Q*1+O>d>+l zz(W>>1~R~C!3U0%>k#TGWnFWSjtGI?f)PPT90CN}2%raM=0gkE2s(sO%R|h(phDsi zaIryraK_w&!r{p0_Oes31wLjC`OQNPxknk)HVp*6vtNvC!hR4YgA1F$9k z#U5z24+3;6&|#g-XN!C9K{5Mrj}`ck`$do}EUnCP zXYFo1->Wu`n*G+vAX_W6yJv@ktW|0DT8Ew4nF9+o4D;5><+Xm_oYh)-c5v9L)~-9f zvzC$VIsI;{-|f|^t!pFOw_DePoyUn2FI+iA{vEjX)LEl0mc)sNlgwbf`H8--4{ z)iScV&uzPQY&;&8I=R*%>gKAwYopPs)e4=ydw$c+Rr=S{<5soSY1+nRZ{k*(-CVc% zSR?fwUbJk>>etRlyW49wv#cLyXK+@#Y}$sW_op80>Lugxu+r?+YOPuAu#;^Zc01F< zPS-kX&Kgde{qFV-D^BmS-mm3gUoVdGZm)h)&t6{F3eD@O*U8r^@MLzccdP~MP4aNo zTMYVVi_Xc}W&h~x5}g?Rrrqf2{j*uun)dWUZ_sFe+-r54=iSQ3%AnJj>7ClVZhx#c z^Mm7F_5L0m&lZiE(HK-8TDo&~Sa*zy@mQmclX|XiHy`!tS+1KcF8U{DvtDmHL*0ix zqx)d#k7te11mEeivj@H3BKozvcky_z=*&KLE~_8gz1pDC?X^11&SCqq)~Gjgt=snT zL%nIYW_8vvU}Gpt9LoNp7xvh>b-t)Q0i72^NQ_up?!ANdYqp1XVa459L_om zT7cbFv!1)j!Q7wYk*N$7atv#bZ@dmSxJ>gf4a^SzVA<5a{hRhhXrFcI5~r@$DRdGrgx*`>2bT@ zw%Xm+VYgeWj2;iqj9jhS?0&2avZa2zRxLJXHT$yKV{&xVysov3?6k$@_x6xfW@nZD zwQ=0+S!eBnF=)=tTD|V{(8%^qn%Tx8;`m@_}X0=wU`%vk2Yt=#Cs5NJ`YV)?&8rjy3k#ngr zE9KE~sW)nWB%MyLHnK^fXHPrb$5wY>8K?D=n_@Fdyg`3ZZ}$#6qkFg4nHd+2>u#z0 z*r;~<)*bAAY&UW}ThHHkEoYW%UR$?yyV1SL)$`r!!-r0VW_!7&*Uj}#JJ*e~#_S_* zW=n1}H@R!xHqQIi)>UO@0cX@&fuz%Lk`=!TbzGWKO(hS}nEb3Y7zJAjC z+^Bv$>Ybbw;N#%d$hHpAwRPX?&+Z#}Iy3Sg9&Y+)r~T@~=ZjW2W zvdu+v_E7EF-7GwCbE8=eo);PmWVQ0`Tcc#mdf0fhPTEJc1-vziP5Wc7aeG*5ce~zA zn>?Q9ANuVoDfXSib}!qwt~=8_>NmWb>$CRxf?l=rjq{3CBNy4?J;S}xKWlZ5dbs;& zOfNgev^k?4Xg5CJ6so1(W8+wNre`ou&)c2sxzx9{&a63UW_#^k)jDo>8;8AWm+RV# zCf*lb$qX%)^>e$MtxmeNv$Nie>F2|XR&OTjxs7($s_E6*S#wr9^!1j}Ek4{__uRqb z^bT6xd;PIl(yxs}bWE>qx@Q=54j(SB&)oje;B)Kx%(`*T>iVp7Q=gTJMs854B*~BNT^yg;BMlO8UgLDhs zZ2P!n4`zcay;CdbHLKFSwQO`;>kN*`L-VnfzqzjEy0_Ch>|1;NevkJ0J+pN@@t{d( zZO3X?Z1;YUKWo6FUa_4!q^;R~3EA#_w=n2-W{qO^fKzW z)BXqt$L_p+Olhm~an^i1ghsV`cac3i9TaZP8z-}(QRun-3c2g{jUKGFvV+`NL$_PG zL3fb5>{;iqhD+V*$J?9h*<*V)d#u-{)tg)6tlj>2*Qhn7H_o)9*G>zg&ZN}8y~#H2 z-R`I`C70D{r~PPU+ui2FXlCU`Cq1`gKje&)(_HJ(I5Mgq3;oVvThBL2hCRq5Yf^+c zBM)cp#h`cA8`;x(yF#yfwZSEs#>ru&o!8Gh*HhZ4 zJ``HrhSTr%4jYbj)tXHkH+k35Pi`JA9<7r><-=lB(DOI;;9T$2ZtFSYb92_q>rOpC zxNa=!j}xz3=-wHKredET+7IXT^^!&2ZV$;%~Q9Wfkb$WTyIO}(eLg%qtG)~-J{dRzLtLH$ccHPYN zjs`ia*1WcQ-R|jm?W(Obr?9vfzB*4rEObIo?ub(?lB-{?1sgN}8H zoPpiVRe$v<-?lCF4(JlUh-4 zy8WA+Wx`tRbY!`1yI(KWk6ZIm`{N<()$*u+)^BtNpBqlIG|HBGy*~BOu?u^-DTLP9 z_2n@g)cd7U)22sV`>fw{rqxzMlMxEL*?Dl%S79Bv{Z?AF>T++N?Xh4yrXe{o2`iuTXRKS+meMYR$U6)?MqiRe@FGx}DG6q2tp+z2JUs zA3yZriGHtNPmk)(S+Uo|-k{oexIC(6d)K|QR^iaP>>SpOez(x<)T~zb9~_sijQm+0o(wK}tbE6~>RmSoG)SzYE zcXP&UaQtu$`_tlOr*U(6G|0l^4~6dI*}QArc#Yh&p*P*DUjO4j?+tSOW9zuyH|q6V z;~1R`KG#pC550nwHL{JXPQP?CIIdMj*?P7!yDuQ;j9z4|!DY33-=5v)>$B>|t0opU zN4Iy`s;sj~ge~KH#?&I2l@7fq=U@X>e2-qN7xJHcS!E=>dhRLnwIRjlHwi$tOBcQ? zE-Od}ox__Tr_G(@Wsu53L5PTgg!H)0ajZ${UHc0F!D58J3NeBN?G*uXbZqb?OTMWJ z@OWw6Z-zMPJ^><5x@r(=!9waY#Zr^81t%oFI&X*#nW0$n9`a@JA;m)v+C#o%R0i41 zhmyMN{N*XNB^C&WIwS--h6jgmPN&GBa``n_F}}ivV6TlF>hFPEK@VCMvQjC*@(T=& zLuf%q50-&b2DYK;$W0NsKA5qv4lON}l51sE$8fRfh-Lh=+y>SbqqOK?dTt65(1nZ2 zKy8J;R-+MEr__bXtAKu6d~H~4&9_CnKapTPrQ^Zz*wjVO#6oY0yUy z=uAreQWmpVg>O(10E6A0t6&#yj6Hy$J_W&0;j>pLi~@v<`IIQOy5tbNLf#ctHpJL` zxu&K2DJFan00Se!_f)3v4gndl#XkusrUOix0SA0X5IX?`sC$?YV3^}E^7te!8WCX# z!S0LzGKQvw?~s=PU4q7QOQoKJ?pbr}PeK~iI zMI;8y0Z?!!?XyRsPkbf|IOp>b5As66#wOT4uU@5dd&Sa@6ytkkdr=}&ePDx6nkUES zRnS6X5XM637M>fK3C0tP2UqdnInhiSITO=Cy9Ud!r7%R>{By)m81 z5Dw+*;TU^E#G4nb-{3jWA>YswV}w=Wte|{9jWbC{3Z3}g^m+;0Wdm*$*H0c7OSx>mNs>y>W2_v!jBMMSHoNZWKQvBcIKU#&O{lbR<#U)}doS zioHb;o+6|ssb(wyAQQw8l)@u$dd%GhGk9Gy< z-6O2enR@0%+b(p?jBRYmKG*_7-b7O11y_g^d3VtABTS{u4~XtT7Y&2YTn$>5*f8{M zYaTBl3Y0-1O9V*tKs|UNWq817^S6zASPW&&lFH023F~ouieYcv$Cap zRj@NQCvroZZ+yp?73YiU?*#M-ViBY@BF!LSRfIkEO;SjwWuU2?vJv%6ooFw_Din!G z_|iAP3jk(NZ35mmyk6G`*{~7vHH|RqZ=+UxGx2qd6edHRziA;Z#>|KkQBTSMX8Ppp ztY30P@DRKc(NB(yTVa0-uz+B2kN6mwczEs(M+-nqHm`}dJT_zjhC^0$I0T02A)Q)_ zOeVw4exWG+aq+9>7t}t+r^ zm*eX(Jb-14EeqeXF*$-Hh*6;)9y42Iiog^)hK0PL1u1g$#qej@Lq5zorGSXnd=cVt zsN0Lt@Yny}@YByb!|mw5E4#=?(U3X2tNZw!@nQDPN`&&?3ZWsH+rJHY)aK5=*P+HF z9~+6t6@EA5f+iBs@?70-<6TjSH5F4u%E1O|BMa$lGUspLcx*b%IpV(vg_IfbZA1@Z ziytWm(R=L8!uR5}Pz1_+lnQ5&tu1C?g~ugAbBG^KVWw1IzU~H5IjYqKU32#?m&xaM zw|q>~ceyk(2Lya>zuV?yN&%L^$dReruO;Ff{n)Vuv@PjoJV4tOp2=2FSZFb(FO36- zng_AhAaE6r=FE0)>r-URnf^N!tES?0^#SQ~KQ2|&ON;Rzups!rS4JS!r_~47LxlJz zf5NY6u|Nr3H}V<)-wDc7uSsH2$IK^rn zwnL(gO=KAiO@&na-4&l9*^rr&45JW-60`z-{lw`52oGDYI(G_L)JQw#>k%Z25q@e3 zK<34&6--CWl>q^T#C9%^F2R9e@XinyGVk3Yn1@%-T{hnX9lHzeflK&&An<6`uu>+9 zXp}d7OOnq@M7lFC`JOovx2~~qF#vf&!=Kw1aFtD*yVNP;952F-hNHpC~T#p$SC}6?G~WG?ihXv!7y9 zhF}}<%KV+LA^et-X$Ndhsc%CB4tq072!?Gy4h~Z&#N8>j!!_DnR&E6K+1!nGU4rKQ zPbnVW51ZkSYcnYOCg0I$=!kPKKdgpVTMd$LAq9Wf4auVQ3d11*#7ixQZz|w_7Skcv zLroJwth8uoyVJrod?kuj1FW0xNtrwVCxb$LJNqQPfcf2vOh zGgJ!B>9pb@13A=$;?!)oPCh5dQx>F!rVn2D={@9&a1DQbwHaFQxl4>jY#9x{L*1qe z%Rh3P3N%ULDPA%&U0|4G22L-9s(BBN8f{;>@LfBLTXFB1e&8VZlsYmUL+YlK2s}Bk ztoY&Dcta~{9-593-BnGhJm+yX;s~4!Ig^D&<6sI2Po%=8AJ4>|Nf)w#F0ZOaN?c(B z@B_gnT~x3`(F0ArXxPOD+dcMX7KTPTSf$)`v5~&Z?QZ$ar1h|!=;C`s&VV;}2)H>+ z*F&v*bC~ugR!9H@4tCNW#*~Xk%Ed-I+LeUx5V=|H&45XPJZ@-?`9AYKbU3vM#je=V zz#^=YgJ&bkG<q1a_r%`TL!soHklZ~)N30=1l;1ly z#$VwHW`-a;$8O`YQ*CGH1AVJDp3DFB%U&*)|D{+e{>cCJU7lP993!g6@LXYofYE}f z1SL}gwwZZYmXRhpwLm%@dURjDfJ{ro1!Nk*+ovZmL6kcisZ?GxWSN8qS1Sz$(NuH_ zDK{Ks)30jHhn7keM2n^)_CT5Ph9f)|rU#o1z(@wV29?wnIj}o@qn1;tVg^*O;~<^u zYUT;ZJ!i`FJO$yhlMf#~pv{1Tv`LjPg>)8-Aep98r3`4z9iAElkSVe(;W(QPF%8~4 z{3ea3({ZD6WIDUdlp<4*o<<61l-StJYU1r>K*d7PnY(d8OaX2hGLsbKSqJ!E2C@)c z#+jp=cIVy%sr3pQ)pJ%e7XYRb%iNRmeK;FBbG{)jVe(+pzyXm{VhVsSU((^DG0>tppGy+9yDWtqi=o-bc^e+GA^UFM;WW79%(;i7$;kwu@P zGWdCyjZjuBC8CZ243@9Qb2b7#&!NRLL^8SK9%&}kN6h+k#Mv1N_6j_Nkbn`=;he~H zDN4XBkJ90*mSQb}dj$Tvl}W(1Oq#)*A3x65Mfy%Abvlm38}kD^&~%81SrqTg*jXZO zr8DFuw#?qw{gh;KEz|TN$Y@)7Aw@#>MIujzA z@k{V8y!r&uFz6DGK|aeHhB`$ac@GHoDaj@<5`@q171H_aezA~AaSpK&ZlJO0pfC?w z#?PjvDSF2o2TCWNY)zIDIsM|D9+txB`!jp*x039{EfC zTMV*eKO2q=l^1cF>$ogRXiT|Jk!MmkL1jLfNunz2ISfVQInY}Gtz%ji@-(m=^h!=b z;5YDjjw#w<5QAvXrAbqkVukoX5k(ZHss+M)e+ptj7C^OVOh(n9AO00kd;@JOu>epg z8vQdyTc)Tu+1Ak&x-KuHsc7+eS2i78(P5>;nJU&r5qN27Uwf+!Dww{mF1mW`>jvWwvLNv0SWXGd-X2rTHLAJv;Jwu@$nz z=K*!<5`X(=D}M9CB!Twd8qkJXFhT6Cm>||n0WiMN1Vox@U^;hLSOn|35mX-X%3*Wn zm~+@4{Xw~mTqx!R%`x~Dq{ne*k78_*-Ps2+46C^d@adn7z)lK)tDDZrWux0T?AB`4 zR`qCKquv~88^ZaISa5fU=&$&hPD8`+_PK7k3Q8XshR2i)_|Nm5Iy8ko5zv@i$Dv(e zk1lCBQJeu7j!ef;HPhGx|M-V&dfjX;)>aM|6oIkaJQo4w*fY`Ed3{WVtoYC{J)$jn zj_*vzKo88Inmg3Am@1=SJ0qfbcjCsA6I958r>FN{zQ}Iu+78_{Ofq9Wr6{nOks^Er zxmTaiF|G$a1P#+cgn(UOnRkf)>3VpydB=ym_>edDwnP8{5wv6~@HZJTbkLIa0 z#?QuK<|CP82JSsmCJ!JBN9Q#8Dmn-XAbpB~#v2f$1ky5iw{1X*b~HX@n3>1d34E`9 zBkE=tRao_Z{6paT8URVO2^5-)4yiSd8tXbPx8=v54JYQhY%^N=Lwxz*t)H+WC=xk# zmT=ZJDkHv{f46;d+3qwB>eZdhyKVMw`|6-l-N}$UJ;Nse2|i4T5O;mzxW+83=kb$= z5>*7jJ3BaD*pS{-aFkd(5L-bYEF+!Y@VxQgz?JZnnXeydI^p=BmW*UVN$?B_|4!Kd zON8{#`XVZ`NG$cw_ei*3m_Xqb#C?vXNyu=nMw(0JF#xL^Tm_$Jxf*dZ|LAOehOz0_ z@%A~>JBjzt`sq>R5;0?pep%Zq2m31>d#MD2prasE=y{E}6sQzYk4v43=uxJe%U`|# zF~0>}6!NI4$t9k(OJxsQR}~R15Og4=9F$&hWPZC|Y432KhDob9bpLMq>hfrKdbI;6 zP9cZPJp^tl%?oC`697e+!yP}p9W>QO=%uL}a(lT_X$_G*SLbG45^>-0;E3}6#^hU4 z3TtL7U!1ZT{vYF#Xm6#)+g!s0v|R-?qQjmOq1OodJsOEapJN`!xtjj>Xe65pibs|d zKZmqj3P%E(j6BlRHLhRF0aY7ezu0Z#!C4y#{he8W4XjR ztVqpj;qg7}9miCcJ1EZW>WF z@}qyt1>ZT8J@w!DL7~5~k)_rZlhn{(Y+q}rzH`vMVmC2g*yPTXvfQ!R8kw&n0|)`h zwH2+rTWhh}HNF80H<=7JriY z2yEy5cgfiN#?xoyve})TofT`F&$gY+lQyD2$BrK}Anz4JLl7>`S9g{oseuh$SM2%%P`yLmB3eoAUQ5;Nz z)SYpfOTc`mMLnRfWZSI9Z53J}&acF62`vF}HEt_Nvk`8Rd3Va^3zKj+g~!Sb>tMPO>i z4kM+A0b%naAo42nd+A;TU*2XXpo$Q(M&#ylphzjdK9VR`!hUzQ z2x*lE))nD+Td@ZqGSa?&Wb(DOO)&ZD;ip4EnctC1zS{I-M|fm4PmY?T`SycTekh}+ zP=!u-F<|8&6UJPND~ZJ&tG9C^PO+$$5%Qz8+^68DiA6w|%vKsr%MfNFjs`?S_6F)R zV9H$_ktvk78{T9%T0}48^m9L_xHSmH(L^0)bdSoU$2xStl$+|@9Avej=|t{V5Yj+^ zWzG<|K$KL)C9-lMBrb}9=n3qSMNi=)!)a4yzE}oj!grYqGkG1|kJ0s|-E<7(P*7xz zi8}! zqr3bP4JJr}&?1OkNe0661~75+Z~9IYxL`eF^`RGThxlp115<>*g|5rPdk?$`Uz0FQ zodQjU=E_)8jnTv>Z#o7~G{>rLi@LI5Eo@N}WwZ#ffmRWLfZ`?p0W>KDT2v;&SkZUt zisN?T`t**Xd?MV9FLx$?^oc81r$k`Pgo@~=p!ppDvO6!bu-?cPQ59&QS*bwI+YaD_*8Is3!7$d$Nk<*=UjPFI`C^ps&duyit z*Uqeg+rQRQT3T(5SO<|$(V&bZD?;_;`S({%(Z9P)g|{`o$jeh=D@m#3z7n0PT<79B|PnKEWwXFVztH{T2bZ!sBDY*L$i{BR)`T zGe&>^N%b#0A^t&_{YRhe)D;`QFMqK~FgoQ0Q#+h5p&f@KjT4OZeH()|c{AqOC4P zHiAW-#fg>h^R|fttKmdEf>fV|)9)D`ZMt}=#Ib;vWA=DLoMfsDX*7(so8$Kwl;87`j!!AT^6l*+Hr3|K|N zxZUv##a~4A4JiKt>I2|YKp?@iQ*cXb1Kmjj0{H0=kQa0+9i*^b7E1A$HqQ;9wtvcA zWjy3!V)ERdA|y8YnZik=FGwWdjRX=rKU5WZ`Ka=|z1?=TrGy&D9Iq;p>tJe25d_OY z4x1^PRro0>gUS=-5U^BrY)*t1C>F(w3k|< z<(HL7*8adxg8wH^Fhno2{F*?pXZ*kXUMUv;mCqK6Kk~nQmq!WV_6J(@Cf22cX|c~j zTGWxLdRkI?OlOi27pw9^n#%UQ3hR|ln0l}1(oX!!L*i0}B;NiXU%y+K>?o;Ts93+V z<0jhY0V1ndsaz4OEPwhLwZLz{Q3DfVUGg21TRieF2$Vh4L;zfHYmB@t=3;rR_c?Z~ zV8}8{HfKu0eD?z1PEs%}f;6-#f`)|%pT&dwc+37-h;_7=JNl8+I+5utEiX-FIEBY_ z{XG8sEu_=fvUMi7DOkP_Z&zhC;$P!bjFf)20`o*55h+*iWMv(R-Xh5_S=9p4tCvW| zSQW1+?j~2R?Tpu#=d47zWEc)M&`=z{ON7BYzD@@0q?>0W17{WCR@_{>Jj@~#{k|4O z()_QSJl++32r~MrS5$4>#&h|<^S|U{^M4^%`Z521m*-1DUY&%a=M^pn9U%pNp2%%A z-&Rzgi;W~@^IQ$>ijJ15uSS(Xa`ZX2Nvzxn=F4D^%y4~xSO5pQZV)EML#I{*6!Ovu zrihAy7!{j^{%sH<6q#+;?1#o`_!BZeupXiyDb8!X4-;1egb?T3Ws7NLlUZ!!FHM2L zwDeA$mSS6&>g2zY4q+b3^`uz6r~aq(vHr-8X!47a>%?Xc#VL!_wRLh36l0YlbBq9%?DTFB{-LD1*pB5VeJ*83 zJQjKN*^3Q!FW1jmnFQ7T2Oyn)DaGq(7u5dF#8dK*yw&)BPXGJ5-$h>9#m1|a0iV_xie-A=UjP9h4CC}J)Aq*C}5&W*6{ zjpg-^-_yTISbuY{llIr$wAVO5$a`D=C&B$86jC&vTLjVA0;P+M^fUDS-riG!{(sdP z&$?&5{{N+rjj#XYO2uO7hyMQ_&-(NKLH3+@Fsr|EO}#nVNiLFAU;N8~=> zkb~Z7U^}?&$1yFiv-G>LSIWjv6(Qp?L?q<8|2@N-_zjHqipbGL=`hG4tfOyIn%_LG zls-p`Na5&q$ud%F4&^3ewKPU}y9~+XiUERaDk@Bux;=g%_^)vC_D`*`e)rRjZ>-hc z&?MYkFMi*1*RMDi_(wSv_VTBM%LKx%8Caj>KvN7Qd{q z-X&SpT)g}2d(6vN)$Yow%YH^A1mFb;i`Jcy-*ByRBlRMtl9w&Q3Ju9??);7`p$TU1 z+GxZe51O2Fugai-9klV<=r>;!{pwZC)R!+y+E(bV3k;1z|0e&aY3?r-vo1!fZWw$d zXGk9o4ie4`*@avV9|8Q!O>^f4^3B!YjyL9o0XAS5O5@Z;AT2R9!J zy%mfYQ8QGoQs4r*1SR7YId4}LTNT^6@vcPx_zyos0T3*Skb}JvAN{~S|pGR3d>Vm?5~xx7bBK(x*d7XG(3Gs-QGb2P{Y`0tz zEUjCRNP$vmDF3douSq!>5)Ku|lR&&sA?30mFf~g908rNvA$4q^2=p}2S_m3_&!p(m z(b3Y`-_;#buvXuPdS{cG2_*0nz((-&(C0ZKH1aNJH=#KtThVIsX6_o0qBiv)MH88V zN!SN1Y+0r=>GA^N43YXKJTUf*qT)sl^r)Gfsw(&tQCAXj^eov%P<*`+0h1g7zv}qg zE3GS;`D}d#lrQTpL{o4U%R@M(934dOu{R6HZfsFVobq(Bp^olVn{0~CNEr3ONx5eb zczOzFZ}n{A2k|8$*vT-Hv3@Dsq$S9NgZlg`ZZfxb#cBtaBprUmLe+18OkuvXN9J}E zp(PBLUqqz)l{}|GywsnH=_}CwD{x(X5ufW`ZM=V2G5|K6FPCeMH(ruf=ReaxI`l+o zW*C^xEz)TjXw;jdO){B0qZ6N3AHkXF&1EQQAZ{SCuWu=QrP?M*WEV-D+_`17gB%zk zIG!ZxD)_jR6(l}Eu7|eC&~mZSM*7?{>7s%iiXP~)7?5azG6#fhlRgIuXc88`306=v zO3!seDvqjy4b+wsc34t}1Bw!S3u+8aYwn@6 z*cVK43m?V4M)bih<0AIT;M7_A$Wu`*H7F83ucOn85U1G17M?7AH*A-u1#SURGl|u% zhsMZz6|d7kWOyut@Mhw$J=qo$fp{0Vl@M2x;qx4wleNLBG$Kp#LfaI2G%8={L0x+D`yWde7>c1bf@GQ``C3{}di_5M!fekB(*tQ2?Ai|9HB2(g z?&{b>W$^AxQ2S}Q>Vrvv7Ac~XkcL}l z>LD`4mQe-;btp%T-<)bV@Z`^gC^d7+S8Cb_&uLh7oxdMROzdmGtIMO|>6HSKPg*q( z$1Iewi7X?yS0eUaq}3!8(mD4s6@Y#_CztI`ioFl?tI$teEnA8lRhK?joJ8v2wmg&Vpv3)JrJ2nV2d~Z>ysirg+gs0UBdu7c z@d5dJM~Rz&k)5RH0QuWTYam7YvIW=>0><2S#YKxcwwUvT4CeXYV{c|UlOxju=2)pS zW5%(?vuzGtNGb9hU=lzOWwjtr*GJ7e#PbUB`!-_@X8w*ce|Ix~r@&LS##U0QmcS(7 z87#>zziEf;=0YVMqPbQ(BuukupzRW7YEaWLwdjX*I(z}WNqp0lTPSg}Z^__`PRQ!{ zu_b$hxyu%FdbwfIwM^TjJI|Iou&kZ9Gqb`fqZnIcclLn{LlEv_g=Mx`UH^6l{~4R$ zAO8UViFJ9&-+HCtwVnz)32l6p;gbhXPaAjVo#*NYhQULNf)8eNW z(}@7DWPD!iP?iYN)2QyIJy%cjyp$^-9GN-|PgODmwGdV93XAiPvZWPB_>@lWTEK`Q zxAioz&D21wds+ZQ3((q0XpgVFs7v*Mr-YgqMAAdO2loi*e7kbjz|K!p)S=jq^8%+=fTxIB9w1EYzu_s1 zCCw2f+v~+I4k=L#qwMj8G1~fiux~D!5rpFc8j5HF0#Z;DzHBP4$!g^ujf9M@mf@ht zkY~{yL-p+QYW)&aThC@TBd6zPqJjxPB=R?ky3gNevup8sYwkwSU8Q~!nwPvy_>#=q zgz5O1`51c05tDK9Y#bKak6!?h042KOgsi1SR~4ML!36$tgFWGtdyFb#k$_)4Z#okY z#z5|3m+mqEB&gaLB$TookS5FE z5-?AwEW|-9!X7nTBP^ciH=Q>}%@jBZTYs6~L_8B9iFX<_Oax^baj(Ix*B zoHV<{8M;@%pP|Ku@MmbT1b=E{1MFq9i6DM{PGblP_77T()5dWbG%)wvd~&K+O|qd% zr-)}Vkq7p`6cV6Mp)*0oChBIDzwqq34v@>M;N6!{#XTi0Ee8N%f+btpG*nxC(rMMX z*k`V~jHO)Rf5beGr>6v5l6UuFP3_)6FVr{*K$hnu;egPkE$-9vuLSiFN4|DzZwT4b+Z)Pa~? zTxS;V!DAAtGL1ja^BUm~XnHIU~~ zf2(3Yn^4A?+e6)*b3Alpu3uQp__6mH-JK`5Id=>+#f+f=dkc z25cg0`SjfE6tAPSoygvx!#;llEZ0DKa~}KXEi*Y}bF^W}=jhAL8J(bKHa55Yt*IaO z_Fu!^mi!(nM(QhU?sYs_)xy_U%71vnF+3pnZ7oNC>;Fwn$A}^2M^*B>I=G|`WuvRS zfw=r_eATw!HY+fc=&{Nx-Hw&=A3xr<`abFBi>4&lY)y8_jS{~5C(33js83bbiFo|#lk=S68&^M*mx&tucpF`E^N73`&YV(5F zW79%hK_*_TDmy&>Y&c5>U_!sv2+{ZRdR{=8FpbPx`bryGO<%X*!iuc2)%Sg~aWz8U zV67(EyW5wp$_hU+em=#cOW7DUN>C<|2*cj55_28-&$FqL6aDD!0KUqi%ideuU*crAs6Zq~JR66WWOPl{XJ zUKxhmQ?x^3z`{~LO;Qajk~(x@l60e3~j+$xsjOuCfGPt}x|HoQ){R z?56YYTFn^kW26|Fk3=DPIO~tv1$FUGgor11L;a*^_LR!4r6T|@GuXb?T>GOMYg0@F zwIh^uqqZB_CB#TH;8q+PNj^!kiRreg=rdtzU--SXKq&?MQjvJwKaXALdia)~?ucb! zTTa)u+R2O)ZiF!<)PrstS!2ReoG&Lh5GRP1kIn{!Q@Y9;OY3m6Zf>?NumJ*pXwD^{ z1B=O~^#1>}!kNS(5~Tb2GxPxXi$8U2pfbpp_SPw|Kc*-2W?cAAe%mW`J9|uu;yGl3 zY!xDMaYIc({aV5F*y1zk}$dS%;c2s5;J9zwj(3ibCAseA)}HRh*%14nfOH#N~Y z`>+J%ZQRp0?s1Y|x`|i1X`iFlxGZf-2iv-0xi+}%Z};a^=kn;X49LAn^(l|U=l%co`T1@wG+!8m&ABOX=7~eknJjdSL4!6j^OXk@x zYi|(#@%)*e#QUG=+)eA@mUvpn&e)vT(0$#V(ChDi&h6!jzr^qVFJ^z-|NmW{Fm~ek zu!+qgCf1gkp@q0zVzW4rwWZeM#7eLkU<8+El;DPr3K#4;bdx8Hb;>;ho}SXnLq#kt zF5j}T(FGea4I6KJZPqlNZb1U(m*Zw+)>W}~%I16QAjdBvX;krF^MZbFm->())3QvB zu=TfKnN}>W5kx^6Vc?oB8bi|(Z+X7TxeG++#qnwOTLJ19OmF(g@<(#Vz6U*%&4T2` za3p1+fgNiBj;ghT?nP&K({5f2yX|UgKep1HT=MFm-R@tujy5ZObf}hFQLqvq5Cjvg zf?0`RpcGGm$V#QpX!UyMz&>5N;yL0|pwD1Cas}s3)X#och4+9>Li^!Qf96tN z86){aj~3ULi?dh$47vZ>UY#J&NEf90^nUx*5A>S8RTN`CI5Vc!96r-*P*5*68J3?91Nse&_f^%fiFJ+Xs#o! zjzc~9F7LOyG;+Vw*p;KV5bkKEyFh!FQ-13}`_F%L>^P<~#{T;qe?3J_}5=S+VNE$n;%(+!9V_?47bR~-+qgHS(@LqR1#ocN+Q66(HJijWk>pP z6%@{^02>YbZ673Iw1R{2<^}d~_C>mJbQtM?G1?D5s1+WUE3Bt8hZOe2hXq}8Ut_N$ zBbRejf1ab2cuTs%(Mp7)dICo)D>+(8;;0@YY2`VNCP5J#)mLz|vWBBc%|F9YR^+^T z!xKA3x)IC?@j^>HP6Dx>{tE1{pHY76F@B45MZDxjx>@}qr*gjmoq1>4JLsAkFn#I? z3EK&1nWWnjt#d766oRy;A_M;QuYWPc7PCK8^%qg4$|^nA+6kIPDWL$BDe>a+__P7q-K%PgRR)2N`;#o|zj*oy{4);v;G$D)fun=Y!QnwWfNqSQ zz-7NtZGp~Zv_%C#NX8X9|DXR1$gW4ouF_CXrlFolLp_m(^Td&(mT==GmiY=m8bv96 zS_6&C4yazAwmWS`1wEib|Fm-gd>CM#Q(BKw`k-+nIkV5Biuj9=N%G}NawhaYAm`6J z!rt+7AtC~GbrgyF(E?pGNj`C^BfdeHT~YS!D1^p-^OCMcZeG4{ZX^hu8n`9dm%9?gi}nPc!b zKOZ_M*gOe6m#?^^1>SvGlFFy}OP@vTL$JQ|1QeGxx_qNWEL?$iM=N0<82Wr;<*Phe#Y2d*yt0br z`ZFwN70;z!h-0nljF{IG`Sxm#SJrS`U&V2K4aYZeHupDkHaFyWWd+CeB#yt><4xlD zk6?j6{*$o(FPA>ka__{(j!Ciix~+fytl$67?iKRI*#3XERQ$33|6LxjHE8o)LH}5U z;Co&0U0!YArIv zPO_My{vlRTu?qG(UMx_|Z2l_?6Zs)babY5_7ABDq>n|)#%tHJjPEna)GB<8Jr;CAMyUn z45mNf6O4am7ZQ|)mX#(`=po}P7W`w+%jf@6A(#Cz{=df~&G2ft92q9R2r~=#dqKi0 z5X+et7#fGrf{re?{DS3IQAd=G=l0bs2&jT-mALIXfJR6Sx zx%rKT{%7l(jrmABeB{4XOUr5`(iVBcPJL^|6pa4~a*zip8Zt*nIC&X&@g{AoAOE>R zX)hn2|BHJ+_W!@jv-P*#Iq~@UH+Mm&*hy`H3U(JBzkX(0-{DTc;ew*~;MCDGsnizW zK7%~#eUIms0es;B5QO5x-E!s>Ow2pvh|N$0pw5#ernbOn0mg{xQ{Q*+y$RD9W6u_@ zKXeQLErJ0w3|`1T#T|?Oz@2++TFazTrp?!gp*L}%M^I|)VH=S7$n~&} z2m$gtzu#ww=hU53S!NM@L=PtQ0o@Yp_627e%%^HZ2tVHtpbVO!%U7DwQ(O z7Jb$xO_BZ?4E3glK)i@id zrG4_ly~2D1Qndu-Gw6XL$JqW=OQ(ZUnu5cpom4_`72zGf6^ZA%Hn8>{XsnR-DX6A& zD6GoU?QCnUx#RGQOyzg*UEP|HGiUJt}>DWNq+MJF*XgiXv&zSiA=W@{FAd zttBfpO2!L^!ml7|aalw~h{FwOwSO&B>mg3e|UIdTjFyfU3hDJsN3%1Z$wC=B& z%|7th2m|Y6SI3TyT+06l7XWt!pxrG$)Is8y<~XLsR~gHx$@{ETVu1bN!~g(V7y+b} zfp(YE-iO}|NTF6%N{hER?O>WVkcB8p&j~WpW9)^Q1);OJpCS)2c=hJ~z5?+{0X{Pw zgB59Wq||2p(4yt0q2pk&KuMN93ZRhylNf<`js>k8NI<0eQ}m~{s;t@tzVB0hrd7cf z*}tbHZt&|tgedL%s!EJ6MP@a%2KN=@2?V~Ehh5}sC&PRXw0mub-$5Mz9u6x$_Kdmh zMu5Cut|Ho0HR!JzbX{w~)JuA-B~;;9d{PHnN*T$Lx^nDJ5cR7v_HX-mBn(t_j7h0B z9dOpZYyhFAn65G9P0QlaWu~RYD3(Lkr0>N(qbGqewVwf}l)dmwL_mShBScU+#~Q*6 zhzP*vF#IV{;y^JNA>d+nZm}^gD)J?F)}c&vOe$Rk`@C_XN#^#@M_?b6guuv{|9y}b zZ0E86Y#Iu=D8Vsig8dkiCTxHKjmV)U%PzA82qmq_yV4m=6|lbwh46`!Qi$ZLB1!o& z{hlhtBc(FbU7;8!#;c z+WfHnmnZTbY=3zQq`^XCx)V%;OS&f*HG)^~RU{*YLsEx-u}T?!$bVbbkB*a&fT>i9 z8&e+G4-Bi!fj8lMH&^`2wtJDh<#5?lrv+^*nowzV|j zW7_wrhEkbn@4*yV?!G3YLBWBXAGx}G4`d1iX(Fuv?Fi7S-6Mc1`$_6YnXYr6>)A9} z5Q^-Tc67x1t6q>!`|_D2W=@cto?x07uB|QEQ zH_*0sc9`XEirHT_9Eh8T?@WWK2n6Otq~g)%p2w5IilQmM3THI=Rr7KGlrqOEJf=E) zYt*k19sk09U|ox~p?!KUfrkYD6q>#@Xc4rNN=Y|i2r2bQ3_5REZDN7~@Jxv0pBX|u z)7{qPA<8OtJXxRHlQN4+Xu&k#CG_bD=(F zlid`_36;$Ua+VeDTg-Ttc1wytIlnU*vP?p^cT!vGE^;oD&jak-L(d?+`$ht!$!v=_)?TE(5o9Tcg;+2!E;}t%HpiV}ZRVxUaNLM~P z1YOTS*JW;*3VSCNIyzf`U>o`2_ENtRFokzWZ0Wm}Z*P$Iob;@J(6SgqY*7wMNQ&tr z$(M;?!yH%fr$Ac!B)przrb?pPuK{g8eM+Sg?3fscptW*>;j_x>TR}*39H}qWX{Z82 z17NviSPDIubX#j+Fy}eqL&t9J7@PpiG{^*#{R(a~1uxZ`ub8wiPie(jUMVK3j@U`D z*=Z-r&1{$4s~yh4-%1i-z?lwtFao) z|A<3kp2sL!G;{Bn6m5%@o6KmhC_Q+EOTPX1tKSx*u?j-BFhN2GNxh&fej$f?ixfe0 z=#y8s`O-{kS=noZO;e(ne5LY47D}f>@cRm16|(OHMdfX+N-=*Hk~7p#+D|)Sab%B> zA+D+9*AHsJ7xvB^n>u9P^qfwyXVQfVH%{!G_o+`Qbry)xV0lKL6XXf?2KK>b91#Zp zryX_SCH+C$5d;rUkv>cGu&7UXWef#G;LWL>4pH8D5qA?5NQcEe&zM2eScM=68-e1MWn-ip%*pV)7hEEimSYylB$aP8I zml5mI>aw@Vb9yJYwetttSq}DpnBpW;b4)WzlFhei?bUGEVo{jLWFy}VEYci$^07&zwaB*=(C^T|i zEQ}cC=74;w+{UUb2bO`>B`CO)n;=U0k&kE+9I-xai4!VHc_px7gz^8!-qrLp&I92) zzrqTK_tc8d3pZZ0i;$o~O|^SOY2re56T6C&Meyra@mFkToVc`fCDa^N+R~YM9@{g{ z)E`seMErouUg+x+YnBSxQ@*+qwNm(>`O%sy6uJ5h3BC8iBy^WCzr?G3`O zlV?BfuEHq*|86y-^<#w@CN%`V8xS3SOqx=EMAz0(5D=p4;x&0=PQg;xmXCf5TUN9Q zZ3aUGYK~qN%YJ*=)rWX~2@t99y2#T+ z6^!cBIQJNuHRTdlh_18>9z!0Cy=Wc3oYZ6ESyG-0WqcpW_av>g$|3CCjS|~|U&Pie z1Uo@5b%J9ksqv~QVq9N$%i1tv;|qGpG4A9Yz*(L`i0zRlAx9&sqp{gXbWd!I%8e!< zA?KcOa_(d^M^%4T@+jGEvJxhdg&;=eaV!Wh6RbP|(lQcKM!vDC2| z#*9mi`lJjxpX-!Xv<&si?VM7Y{Fqm&E0aFcEfv6z_@!TVXecXId+YOghK<@;_B0Hn2uq-D%=CyO#DHW8S|S(vu)M~yhl6O~mJf7_nJtY*`6-9Y(J z-?$*|-r+s`A_u81{qLb3S|u*wwDrt%N|4+9`r(tP0h-5|DX08s zk10RdbC=nPK^QY{r(O6vP0`zHuXW^(kI~{jcEXEsk+2<4IybgSeB)nkHK7UrSJzKp zzA0%dpmYM8L=nwSPwMw^Somle5t`uzozV=K?5uWk5`6-pfZlLXQOys^MK=WNs`CKO3Bzeq0c~n)wXxnwDKtTZ>ODWNdBJzt5uDbD z64Ve((&}wp<4k>=Q?ey5Z91i8*$|m?`?{lF`Ft~??abLKnUq2cFZ3+-@96_H#*#hT zw$oZu5-^HIx#*+A%Ffq$`fGR9GD&y41~hv9_q@0Mb9r%C|J}>e-48C0`60H(X&XIy zNA180y7tyU;3i%@u3m6a+I4Y_E!4b1Qok!HEJdM;9?-k*0P7C~hPO|m| zX3Ts=3oK7LCF}fF%=%taM+o&SX~iDc zVQyr3R8em|NM&qo0POvHd)v6NIF9#ky$V#xcH^E%*3C}h)~CmoC0}C6*47xGsqoEh zMLYKgd7y1$3aNo@a*zQ)gA|&0n%5wuCdwOlS3@o}CI-?EfCF7>BR8>_ZV<* z7PK`4bc0aW7%wQ&L8o;IbV%VC5(FmL1>=Qb>V`ed05CQ27@BW^VN>MVh~|g}O$4Ch zkbGu_8Ll%*9dfX{dw+kQ_wdeZ*vc3hL&p0Imykl26!KGp&KBbZL9T{vifqaX?=E(W z?+WiK@AoSIAcv(w;V;X>N`{fSpFm{`8a9Q7ja+h&$pK_R!#n^4+H*u_{})060721? z_z2Ez9lFq21l6W@&@^Fkty8>&u0De{Xd_);feThN6X6lT3s*xN6R)$PkGx~Pe)9gv z>Ep~Y%*4!ZJ&69mk5AtvG#7|`mkD6K{;%x6+j|$)|K(Egr~dyD&ns|(CU9X=AOwJG zFn=&-UV-k+AWRQJaC_9a%yAV+nckZiCNFS;G!wcAETL<_v55$v7>p5cAR$O+stf=kjp^fTCNo)>CesgBOXRwSjt)RJn~A;1oLg{;*nH(8 z2NQ#0cNK!e zB64QPLM}89zyz8E0q_dk8>R_tOaU}atU-#vb)SIy8L|O&7i_MwAfd=*^#RcEf_1#a ze-Psl9e`rt)DS;KLsb(J!kY$w667wQRX5`zp2aKO2vAp^T` zGNQtfuDgg3Bw6G)FU2WyG!!3RffIwU@x(2V+fM5;ql*`}v0+Ql8&9r@aaE+n2}W&kl+zX#A>0oHj# zL*U+^GqA9ct+^|QsR#{Q*24Cw?qUnvVZ%1;DWFWPXy$^EBm;n96QnI%6ksRXlt`;R zTMz`8QJS-$4X4Oubt!^6z!TuOcxf=(OK2Q?Zvz)&T0LTYLoRKIDniC$1YwO1*ihD7 z#0D{|u0bFzU_P#)tpkIQ1(MPe78n4=7*j%B=yZ@dA;#2Z@cpk`G(c7K`aBuTTY%{d zx%UP^ysM%Zuf8BCR5y${(^iZIVepb*yp?EuZr*yhX<^9nXHJ6=@LR$SFf$}X-++@K z6|(w+o=rChn8pNA!$M$;CfJQ|o9kK*6F^|2dlgPT1ja=<%sK$=&JlP8 zYSoj@5x_3{=_6Z(HtS-kPX7sPtsHrIR)UWk`FoC5fY}QRshp?CMlKs$-OCOK z$0@W9KGy^c;uzz|U^^5;NHoQmWlU}CBK;{KqXXFM54M?%D4jA0?}PwNF<2tkn5=?+ z_+8UEXaUU=E?-up1i1`F0sX)q9|s_N*(uP=PO;kV=@(t&_@v#x=yiI-i&mlDYx8df zTAdd!I=x1zUu&MU2JN$9pR9zt{qcCOTWlYrUa{7{(VOjhz1$r*A8&ib>fmN}+OE~REla=ZPn~M3 zSM0SO>!i`gtF~pDgZc&O^!lAvf%W6!0?zAKElYQ`!OVp{ZBKtZuD1I1dV5|!?iQNI zz3%L|+cPg(^QPTlzkB`Ts@=b84C+NV&?@7S({G$L3RgGva_eU1c1!gtJe%KZU2_Hd z(-NHbSHr=@s(W^EH8{DrLTCD*Wi|WS;9}l0XML^QA2vH5_S?PI$6obAb=YmrwQhaU zus+mUrQvD6c7Kmf=c{I2Zw_k@ZOy(oZrFNNf2`ByS)(|xT8~=oqSz}`R)e#PdA~oK zqu#^5-g_{$$BX88ikI5_;z1jD z`>u2P&}dohdBf5lhQ*|c#!V2pV3wwi3y;f<>>(*7R&*bQ&byIKag;|@+@7*z} z&M&Hi8~wD^H!nJ6eb|~`wEMl;v0mt(wF=G0cA?(x_l8xyP(11OYL#}O_Rt@+>w2MI zy)5hP_Plu9Wn<@VR&Lkp!_J&82lM$ycs9K2&g<=V@1ff3)oa6&UT@9owbos~J+{nS zz35PVzE?u0d;M|e1L=1A^|3|DeQVb3J+^y8Q$KH<-Bwx!;tmJHMyG$=9p5|s?p(iY z-t_i*kIh&ComSk2yTu~F*X96xlcw9qfM++MMN-o0sF zH0K|1tFY&^iqmE5uK96LYhPFAdZ}G#pSK>5`&VbU3KJR1w(LC#%)K~CMue7WW{pQ{A zUZ>Y{Z#(4iW9ebgsgcUSKJN4j&6|cjE1^Nty}h~Ud|c7%PO15^YSzhRp>oe~Zw@Zn zy^}ufJ?gWou0CtcX%||}Pq*dTUjMOqs@by(SfU?0-NHwyZ|mK8YuYOGJN=q@+UYfq z`?Vg|wU;e?D4dcxTE+Eqr&p*=d-aQp{+#LO^kZ~NuWx%77yu5K=z!O8Gb`{u&DwJ#dleDAg~->c}w zVYQm5x7w}C!iCu=wI3RT%4%F_pA6^2Uiaj<0=wshexW$;*6S;6UR&vfi*jR7C}@v; zI6P_Ix9onmdw2dZQEwR^RxP{!Fg$&DKsH`BPA;yx#YUxDyy*4WIIB008};)_ukdiv zKW(0mYY)}oX=^ns*X_PF+#j}_M7;&g_NUvqd3IGZVdu;&X{YV$k7eCy*N-0icYU`% zZ#!3=52RCU<6*b?(CF<|u1?H;tI%KRHPfw{NqVb!+q`QoVZZm#==M+G>I1p$4NseA zP7zkA)h+h-(R{D3*Y&;TSB{J(5?OMIv>RlX<+1%T^Ao`$4d*$gvyQtp{YVBg<-nmD{`}<*SHWhS6Ic;0R`S4on*2`MmtoH6q3!T=x!&CCmdTf_&Z|cR~-K+rz=Kf&Nr~N_S zXrE49XwZ4bHak_zxgVA;n((Aw=@gG?dw#!%Ea$#g9`?HPW~Fy_T)yhn_r}&9X_WO< z^K3ZNdc|tD^8pS|oki!A(suR3y!Cht^;&ItS-3bKmTx~c&*l}q+;;|5vg{4?KCHD1 z!{S9#v)aXBZ&E7V(w$QwHdgJnpT-9dX&ZAlA^jZ(&xmg^a^_{NuP}I-Pi|t4KM6Z1)54y)4t<>Dp ztzik7(+Vu=B{+93hy9EG*qSvuReIB}53gYD;kECGo#JgL%H2++Jj#IxM`c$?fI;ETXJme?DpaE(L5Vg->=4Ht#oS*KWg3jU8AUf zYR&s4&2E&2H_cV!aq9NUy`|o-+vw(^sU6|HexZnmHPacF^xNTG-)!FX_lD;A<8A-= zM!UPX&BXK_)ApKo&HLNFQy8C`7q`bDKTs8lYCw~zh7@UmN)@3rT&js_3=&BvzEp7-~MgJP>wbDWk{ zEHwwM%CKu*A$w@`3bjIYt~>4St$Sj{-MPQLarUoHo3*~J&)PL- z)g2V~wX=FfYdM44qG`Z-{d{aXPG`{AYn-+h#Q*50_V*Y6Lg zi%uQbFU}w|FK(_*>98@_+iO|$q-R|W`u42WF3c;{yWv&8FvO@^KZU)1zkk}i&@56O z^oRA9S-)&qdb?e7&bs|`_jb^(LyMYivv=RT>qC7$?A=<;LciX>zAfvI<6<2{Q!Byw z{Nu3SSarLz2RLuuqT2gH)1I{&cE5}2&F-Ln@v&d7JKDTeZl1K~y?%SyzH3)uO~2`s zic55QUT&0~Po2|;0X)<0wVT;V!@j8WTi6}enh#eewL<@r`Ii23LX1+Z+zz1*dnd!wdUafA6uR^KGO{n|Wx*U?)q3}x z`F*J|uYI^~VPSLh`d97hI-5k;GM;BlO_EP_=tVgj>!|8^^kTV?|KzJGW9ij%PnjsWiJ^WBO=xTWDsW~s)((=Ekzc*?_ig8kG2iA!gogxRjqGaJ){sN_9}{CL z*SvPcYF^IUpddL$c(EnD`^tNp^EME2(AINedmx7=IS1?fjbF!K?dK~iaEzA-n1(%P zQez_M+Q7mt|FEFoqmLx;n+GB6xU2*p#rk@9JL8qIM^ViBFT7ofBHz+@724F;qDp2p zu9^ti3y1UcCv9JnwmP<;Vaq)|xxAe>u?Ed-CL@=6YqsuS!xlhuGKwL)8t23S%`FTu zgz3sb2S6Pq{IwcPBN!O0t6%%${}tcb5RoMv(eAIrUk~iMa56D8F*3zIMbZ}^8gv{L zMe)*9FjHD~up4Z!F~Q0$j02E;S11&+nMjYNa>+@`{C@i_5#7GyRC98xPiBt2JOJ4b zg^It+$Uh<7Al}FQ^1BbAk0hwLS1FgXnT+g8ipUU&7aSuq&L=WAoHGPXI;+l*HYe(i z&Sw3;fuRA`uA_NKzbmHmI*x0Iw(F2hLF7X^A|Hz3PcO$21&NjR$;?@ZeJhp}T*OBX zR(>tUzLKD7S@}3+eOQhCeiYvqitn?TOooZ~3@=Qb*(}P2p0I|D2{tSQDW#wgDx=aJEZX~RL&Y6U=i#ly?O<@S0`5oz(p2Q&U|N; z%?uf3_Sg_nwaYik$nM^LrO0>hj0a{iy?T`~7$#M0IglD-!!+nB!3fBRp-l~YO1LUF zm_;Y|23cRNg-H#m5dgB6hKp@xf8;ajmjf}^RQc{J0np#dy!N-4C)foDYBS&uByO7p zqAEZ*m>YazA6E|0Yvf+zu-&4qY3Y832_GUr$B6I^!x>y6Aj1*)CjrHV=_T5H&I0+BF4twdK5q=&@k~5xp_9#P8Oz0JsaJ#=GdQvu1pkkt;$>M zimuCk`b^<)Ya$N7;Nqww$Hc2pfTInd;7-nCk3^q%OcrpIncXY+=40(TSKP1c?MN}c zSN6^&GPMUbOr-IB`mqMuXaa&jKh4AoJwL^GYVycI#mdPcdurH7SUNL&pQCs;gs3+& zkykF78tjc>Pe*VhUyml(9U$KIG#j> zSJ07!dE0=t4k>n5e(aTynxvYM=$5>1)*XOz8)!_T@q}^cEm+|Nu#xb&97qV~+u33a z8ps+Wm&^=@M+1Cku5$4cVYESgZ=CAFgW?ES8aeXge7#LspRtW91rTEP)|!BE=o#(auX~dg0U3qXk5Bp@T;LXRZcK zQ*4KOmNyRu5(N%Gxj+O+^gvyBDP})S1U7if0#Mf@^J18m5`vg?B|S4hh3MO?uRQI3 z02qm+d{tHdg-3Nnm=)!V>dpJ~@dIt7-5`x5VO9h^_6$}?X9pmwa>_!~H8hfaB36M& zgktl)16}|yb88#$o>}(1M#z?pkZ);(*@j!S;u(?8W27({8vIQgaWQ5_l<;Yl0nGHt z#l>LH5s`6lDco^e24%6o1z12ZxJP`9OkKQiM&lJA2AkK!TORnd0;3VDIvN4paFIsM zRX(5RPJvLA-njT@)+?C(w+!i=qK5;JeUty|j&up3J4N(T`V0gvkfmx${zAz&M5^%F!GZS zk3xO38jt?@{~P`LuREhR;eS)R$VbtLxx(pv{K5DzdnXm4()U7WL>AVU5f4e;`Nulc znB-$U5xMejhMeC-0$Q%4d2PI|D1p>ss>s+_M;&A$jZNnK4V+92n>k1P7om_cBff*^ zQDkW(V$zZO%AqNC-iKq zoJ7K~r@OjM_@bZuw#xw4@>A|t`VAj=4pQB43C$?)v)M4BVp`&ehGwWAfvafnfc*jh zJMvH)|K+WA*gB>}yaM9H!vV-vvYDVZr+p@v!e6~&*6muHecxf%5BO6}Ug#LR%VNG% z+I{7TNp4xpFJr@L)x_XQ>Es7r7R**C6%mZJQz@CL&1kpvK&8?uud^0U~Pwid>5s zdRJ}U)|5?h?ptn{a!1{QRGR_x;JAoz1D!R`-%Si;>cFsh6OhePQ&RzK5OCByQGn*< z+`)*2piSNaV*(%(EZ$M?+zHWUNMD$I8wx-r__|H5t2Mo*=JVGA?bC!icfS0`8CNY{C1hyyhwmTM`~x(;&%fQFqFU!0ThxtivuID$&~ zFrr}!HEuht%hBb@(e>#1sM8r-wNKKiC189+s|dveDB_=7Q$F!A!sO&0yUh0u(C|q3 z3Mht(RHRVXQ{{^5fQV(o!Cd;D_+|*IwIe1%Y$A7S99~qmso(S(`3?#ZkAa-DI?{QZ zfG%ksD4*J=1vFJ&9x!1(O)QnBIDHm07O+WZf+aQ=7E;$n`r=K4 z*}FpcEq`^;Uo=-szBmO1PMfrYY&|UhV(QJ=6OvnEk0=gui9sl`si;#mp`i=|jr|n6 zxddB?SLW|L4dJzvOgmt4N_`(9aM;^XLNII#a&VYJA@0tw6>Q(^vT|dn%@k@R( z{|=(c<^*?*gf%F})yc6KTHJ7mloJ4m*xy1A2BDt54AkQN47o_vp%S2ovvKi)*%}Kc z&lM1dex%9stl4ZPlTp^Eej43BjqaaD_kWAgtwb3-(dzy^SlnH4So*)q= zX#86m?LKw~z*^<(MkXnL2cGqVmgH`%#&GhPj^r;;HujcO6-O6ocOnnakzm z&coQnP}d-#Bk1Ll0232V+0?6$?Jcme0O7c3V)98x;Z$Z$=ag8OUXk<7CfbaAFKaX1?nmMmT<;XX3bbEFma*w?Z$Xpo8Uj9$_=D*av zalVUZ<4r6t=h{RdZt2_1kZF}J(G+ScKZM6{Mlz4tNG>EDfb6m|!nV1}f>%KP`4%kq z`5(L~h64W~t03LW+XTg~sfC%M$z+6S#6z<^&NE(zQq1l0Y)n+)e>jlb&!@!g5YG_G z`O|j>F6gZ4A|2V(fFco1ushGDV`Up$Oh^6;FJqp35kwBGuQo?3IVUo*VpDJOxVR2o znO+u~jIZtz6XTG%;Q-wrb8vno^x<2+TO~Chj}P)f~X!`8#GTuGG|JoZPI${dBxk@~*aX}j=NiG( zaeJKeW`D@MG#lGF7h_@MWgM(`!d*!_nbLsn92gYH6duNeN4MQWn^T)m?1+($#Ze_; zLoT6d=pMPEIRM2%p-}Wn^|23w(Zq$krM3$oNmt|Dzc)Sy%GZd6`tO z>-B%RRH;PsfA3W)<)8ZhM?9ZD@BS4m4eNlP4wx7wqALd-T8u2(3>|>K?y?ceie<#X z902`260!C1X#q{KAO{_XJ5Bk_05Ma^7Kf)P*e~-adjiHtg9{?l>C!W8y2FXtG^d zN|Z}2^hMwUDrNqsVRaUhiSYokIkg#Nk}$m2yvGNJzVPJ5jRRZ(dyS=HV@v|Z3P@oM z?v<6ehrVq_I00qx%5e>wPC)h-lKX{ZBX9*CTSK>Xl|1s7`nMQlr(QZld74ZdZCJ-; zQ6kHf`wY1Tg;R9ECo@S@W$}Tbh+G@GE0FCPrit7vc;ojw@#B`kIXr)5Us*?DI&7N;;OhXOq z$XBT#MSwRncXm8j{>kGvp57J&1=!{JUMz#~lYA5Gf?vq)FIjBAU z_{Ab3fN{J6@81>VLEu9E{T}!$C>BZ;@c-xU-%Ly_3}p?P+QO6}IXv3R+h^WcM{Jp^ zh!H>}EJ`G~o&|Z4vrAUsQawcvb;H&{_FwwJ-&8u|FBE$;^1g8Uky+fFvQ?5mSOu#=uZW7%@pctEEcmAG?0z{k@`1ju!%j^sQ*SFoXt7flx+^g4X?b^v< zmbwd+-4f2fMAU&z1O>&N9S6LKd z)kb5()>XYWF~DE`!dpyKdNJ2uY}6gEC;}51Qz;JcW7j}y-P#EmvEn1$a7i|{4e^>8 zeh-Xy3!54y(})zj$&1s|JJFRm+pkanU%$Tfk>9m!x~m&x&PX8&Y`5Yi7M|t7sf3Pk zb?PFh8#W>Y>;ltRBL1i2;_>z!AMxTN-q_0$0r*77CR2gG$%_%Vjv`W>iS1UNiwFZK z;#KZlL#84nD_i3<`6fCD3LtHUL6$clh6bbu;Po3FQnZuh-%D*Krv&Ir*g9DeK^&^gRhV!$Pe0CV|&)&aOJ$=24@z zlYjk&{oA=ds@8V$WU1x(^dO-Jc_*XGp1oPk#e%~_Ixp6#kaA=i_u%tqASNxpi$Wf=YW~iRHmmGG`?@Nk zAN>wwlx%Y;c?aJ#s+}F~?=WcwYlUe z@cgDa2t76bWpTf_x0lHbgsTO?J$C2N#S2^HlM~sGji3i2Pv>~WFy;Oe$2JpS%hWp; z?-?dE@10=QF(US_zH=p9Hw{~3!-gXAl;8~OKQ%O-Xt|K*|GkwFf($L99Nkq&^JUytFG(M{N-k?vBQKKfw-BE_C?CgPJP^XP-pU`UIx5d&s4x*S0 zB0L(si5R<2P|n+04nemPF-@H)HjUHgXp?(17U{_*JRL#0#N4B?Y|bwp+S&gUa6cBp z4ze;@J*#dt|MTGB-&v5AjNMjwu;J~v_+b@MA!|JLPv(f%NR@bF0u)BCk=~b=1)sx; ze5a2)FCFsQn2PTrC)cN)CllV8l8vN)8M)a&H4-9Qvajj8(B4rc?-bR#1ukARIB*rx zqVl76D=}Xwkv;X^dB>u@upy|{6(+;TThw1`P`&yJ%uOM79F9Tg~*;zYoDD zc{Zh$*K6(QH35y0X@E&VO#4S{wPbfZM&_W>hLwqEL9gFmzXqB8184o~*F0Czu`&s! zA}gqJ@axxucf~>>vY`GPTaam`1@+P?JQ&u(0``L0$IR|n*l-CAliNG|7*c47IVdNk z&Li1c0e=`NP8>FTlUloni9t=XmQ;3OdwICCI z6WJgiLL#-i>_b8&`GwQPmpUGAgFdA|DeQnZQyNF95MBbEK*I#tTf7iNu`%`UT8h$K z0_J;S>Jiab$yhxJAuk+5shMN|U<%&MAOZP!*LOk{6iM;*;x|Y$ z;ERJhF`UBo$2NUac(qjrU$Sp0qv7eD+pL~X-M?#RHh$!amKriUnuz?DBozEJ^TnLTB&pSUsYH~846F=iCGo?s~ zOoRk&W0{sfN{%IEpl^uJ_E@H5VoGIml+irzQaDaq8Ns0-qM(6k3Jjth(t*MdjtV+)E+&#SON4^WsFckSNLL8YAP+eQUp+wI% z;*N8acXq-mBN}JDCd`^Rh+m7!{AqD_EzfVYb+4+yU`yzl-}v?pzXrpOKL5SW!S^We z+@2exdgLd@km;eAV&$3^np5l=bY{i-5?cUJ)s9~;s>}IBy@owK0M{R@o%bTp+IUQ$ z)mr#-wCWg-5~?^tCXy|A=g)y6rPU)pi(2!yVT+JfKaSiNj+YgC074_}+eao}tKSBb zZytUcRAcUc6E68@6r=&gPge8$!;&=Lp`Vfl<<(oppzYs#3aUr>;LNo=%EVKs-Ytm8 zVj=Ik=C@jNJU^ER1(p|jg%d0Wm-U4YL__ulYIA>wTU@5a+x0Vpf$=IN3I6qn z8EKSrerhnUxm4Z@s6iXdxa-f|16CWdCX@@dg)|Ug8gm3L5hXQSb61XcZX+s+>yASu z9W!7!ZOhCj%ixnv+H5#zi`pU5(rc;wAR;ECq=iA7OYHk=Jw%!)GE5V1kFDnh`;Oa237r4VGpG7+2- zc&+YWyh+^e+EJ8Gh`Z74ljM&caiu>l!Yig!1g!ea?*LHPd6I?oLbiyiKz+?hO_E~` z2Q(L)+X)r_g(wBL8LLrX&o|$gJa?rJq*YWa7O%1NKSWxF}@#mL$}rq`)j8D z=gzFb0kn0NQf&7oWF3S)Ws;T+LRLY{{eIRI{hP~_E|b+g(a!X$h1uXD8{HqH33i`q zw<1id7slu5!^Fe+Ni|=f zU#vgdsgN*3!bFiP?4LjL*P;Cj|5KQ3&!*P%`@C=sk@FS+!#VOIk@%Z6=c9kSl?bkN z`M~s)uj*Ne57gX_em{O@|1X}Ee<#fTy-&I7vXR%9|FW4lJn#DRrchGb>#N^-5&XaS zN!b6<(ReW(i4@Hv3p(Gt2ec{wZ@E~C?EkzgRZ2hie}2T1y0Rv&!)-uk+jU(fWDtD) z>c!R0Fy>j$BQtl(q%E4+Y;&irm-rUA8rYlv`ZedcXe8vCA(SVx1CZq>Uw@q;)5N)n zi!D~@SC9os)iI%4)W?K!0D)=)AbsufTPf^i+5JHzmd&Xo_Aq!ZjU)A+O=M2v-+Cnd zF`oqe&*f>CAi8jJT5!8V?hcQiHx+Eq|9g9-{jmNo70czH`~N@Wi64rJTX9z;PEq6aBPrlt%k!+sK~Y% zgC=66wo1Xu3d%IB*+?E%FV;#)!kSIY!YT?XcTNc8vNL2_c{1aQA$tIr2F@8aq0ltr z1#%)DE_(p7g>1rSk<&cqaK|Eh0QgIOl_t`W?z`<{sLkc}xs`o0d3Y7yeA)G}IR)?!r@+PbOOoRfS$2s{9JQUZ>VpLYL*OX)2QIU}j?x z$?>4+?UYR#e#-5BPsLGz{mpo)$}ADjljCP#s6hQD47GJ!u0D^;+6!@6+r;JS^SP|O zAeTcEWE!3yYq$IW;xq76U_S*{sNTaG%Dvp#ZScuHlgw!= zt!b#l$i9Z$%iz|+C-q+QJlF#Ti*K-=!tl4D&(_ot>)R@x>WcRk#Fe=!8(2pNptQFi zk1YQ~E@&qBe{$tRZdh5^W`@DHECO!u|4RFNg^2%GC|8O<{l6daC`UrQfhHN>kc^LJ z#E5*B8EBM|sd`#cdJKD-*RYE)zpr6e3Exv;J<|#E7weKD@lq3jNfjde03Sp)aqBGg zvV)|0fnxo^j+2=n8P>#S=qy^2!L0P zH}S(wm+@`ZP3%ZvNYc@yZJClV-#x*%lN8K}AkFLyLES`z&*I3|9c*yBA+wqGa)ml{ z`ad+C<$$;Ymf@u4ED|^4^0$!AB0I);o}y<7P4B(;ThxetjZ!gG`gIECi9kY9&iHKD zQ-52KLU)R&CnQrBFPyATdY%{864D%DRkSAJDRxGT_Q~~S-Ud-F8HSB@G!n@?5@GO; zuaf}_QPQT(C+t{@KS9%xO z|0|V?dq3y@AM$)w?qFGy$*Ri5pev-nyC>?6nm#(L&y`DA#4eK>+8rJ(HBXHy2g%T< zNWfH9*)1Yo^!8Q(;yxVcIDVKo51mdqP{2zkm?A0)VpMDw`oBepaA>w&6N(h6;Z4Xq z0ak#5q&TnjHpubk6GG(6k}axtS%^Ts*c9kbONpuUWb}|a`KQt$xQA*zDbmB){*XS_ z@A=uJ|1FJp11=|~*{6GgoAm$wyQu$HD!r@x)c-%?VFQXMbZDaq$octFH4`uN{1oG< ziMY$A-2RU2sbM2=J^T#c=P2F{Wpef8g}idn)L?H6dpd$6`I@H|6QYy>NeNnmrgo7% zgSN2L$S!pel8Y0&bL5a+VoY-(VJ+@g_HxO%3>i6JIKvBSbx?s;HLGz(q1JR|FKso{M7$H;@MjD$t1RMs~)+k zQ6D|iDGSOdvgX2y-ml>w&qzH3nR@>5jprsHH{pzB;DT)7ARsq#kW{_=M)z{=rzJsE z4w;02JxRB`-U-*~kC-HlP>uA}8vW107SCwfN1lY!M(i|$9gj58Hqrh8Giww~a!saGY27gZgs=Qha5 zPmk}9`y|Z&@@)T$q<-ShhWWp+Ux>ti7WXQZcR%OD&+-35p7r_P{A|q8bA+DZLtTDT zds304RB`-NWMWd1tup%j4i2UMwt0cl&I!wmK=L|XpQqKMsyLu|a0tc=!_=z_La|jv zE?u8hXk7!oSEBi_r^pt$?>JX224ho0u@HkRyk}@S@6&oYGU4~?GMIXU66&0o@ z-@%Bm?Z^Bi#jJ}oDga?O5(XRJ|zj?R?jXitZg+W9HU?{=C=g)o=f6&LE zKy2*%4o7c%KV0EsXa@BHx3gWtH036RI@UAMk>SalPa3~$v?^zBTCueA4O{Qr`+#3G zcKLe@Qvd{4LgZkt#78f;f7gYRiJ^Ik9YUoO%YZMwHIbE8T{eYBrlJl!4us!D8ceDX zpPp0xim3udEails3@qq;+w$160&3(OELXXnd&R`>VazA#eiBgjNKsg8RooW!lbVhk z0F?UYi7C8a){1hlF4k!+WK(q*skmIn3wfPNzl&O|^~;63ILzoep$AXdC)ixqTSg3O ztJ?83q1c5}bZ$@ZGgdNX?Zkyl@0+@g>5;?6G`TQxX2?RWcLGpk3#gjVu)MUoaTOk2 z5##zolenC(!26oIcNAL}yTR!{rfj9Fx$B`7g`6NRuYeBIqC99NwAz|LLvo9rJ?-0%DyJ$CHfpstPxFw^hAYJECj&R zOho`dO+$nDS;9Y_e!qY{c7KqT$ zJHOq8=9FZ)>E_MC(IG`0>OzX9G6S%%58Bu?4SU+-1;ja8^-XYSdV`|kMhn z{}fVJ5_0%F^;S?ky%7SFd2>3ItE17tEeHO65@LfkQ&n?9f%kKK7Nb|b4= zB5;Y{8ybx6v|UC;XC#dJ&)#YA4G4Vw8qD76`TY0dOGvPjVJ2h!RJchiwh75DRo zWMS=!l^QNd8vKT(wl9FpU}F%07`Lel+Ao>M<&_z%VO6tw>vxURm4&UMc= z-rvUzfNkf?c+Ch+4MGiE#g+r9F*Zztu98Sh3>|6E6{VSBVAyv^qX!^M-38hvo7V=N zxLJMpc|*3Bp`?Mhg~&d?rQnrnnQajg&Mr(qtIC3Nm(+ZDvF1!5(SC2~jAlzV{8y{1Yi8TcOxQZqx}-Uap@P5`jET zf2Ylff?i$#^j0&;ccz%v%(sy&8OpcPOnpI-YZ*2NedpbYJOrnl!oC!rLg&|VbQGxG2GWqA|RsiqHt5xnB$@ea$Tff8ie|DhyQl#$s?QGYHY6f;%TNN z9_F9eZgQ9WVUQ>$Pw!iVM%(G4HBucLJ5dz3;9s)Ikf{FF8>2r3^rwLSPytO+{#$zi zOm;TTFA9C1;2dl}Z#}22*icC%e8d4rS^*Ix?%SP+LQY&LS>w%o3k5ehIWJ1Wcw;X{ z!x-pPB5t#qt=mN0l@=8AUx`Jq6#ssmTc6mB8Y3W^QDO`7@h#RE==5t@ct$7@#-iT8 zpxnulu%sBfm?fc1^mZ11@iHweB3P}A_7?!tm>_MXnMmCSbughF3SAoB97PZ6{;${n z$h{5TlLOf?B(rSNhn$x5`hR2Z0I=q|;ewn4b}gIk>IRt?b~WrG^0zGuuf{nYQn)K_ z8c3{WOu#?EpFwW2rrxfJrz6co&|WxsG6Vnq8=x~}CqR?%7_|895Kn*tfaYug;%Qw4 zU}7Y_pBPb<#uLQ8*&HIWBMW))qhxM4X9${fR^_`yJ3C=%TOu0~a_!=ANaEt6l_*#_ zz+@`&Dz}Wj&>}CsB-jiIaY$su=r__0my8^SVKy9^6DXTv1$_M)B_w(<=t#plI?TTQ zM>h6Vn_-Y;oD%zIyg1UiUOE7;Kl`=6#;ZOU6l6n1loAtYmtm z*1x*$jH*}dTJ`Gsc64%{bgxoWKgPmtzHL8{-y~48mm8MX6E`E*q*_Vbs)=M<5i6KU zxne>+jBoSmdOY>YCgX1FZOb1(kktG$QHrQJXkM5miCfE%uQjH`3B*2#)CFDKkxBe) zlo;HoG_&1JQ|T8?t?NQUEZC+2l4A3Eki1B%#E`jA+|?#PUa-{~Na4=B0&J`UePKBS zKof!a|3ZPQs<&53$$fp>h2MEXb`3%ni0l@F*(5-7tr|ymlS!NY~xuC2!Z!Mq|U)M^M*YM3l4PGIdGPo|>aw%hN2891h}0OO|R*&UNIu zxD*H{Y<}?P35H-cKs9@fMY)*9&fthn7Q$#ovN^ z1T-Gxx2t3OS1RgK>{SBi*MKJ%kI^J1{o5qnRmWwR9M2c4D5OO33X|OvvT*C`!M?c2 zg%D0(0#86d3Sh#QZN)HIUEHIwkiB%-^oxx6eM%Fkra(&98-BI*Y-TfUZeb)U4j)7! zf5WJI{0%p|7O$7)ZV25pwUW@hi|WUKjTY%tXj?z%<@`KhxfM);sStXIh;D*)Cz$XYV)w|!`J^vqv7kI6v&}Zps=25 zZ8TwYW70-V0tC-sG8(a!u?=+NLZ8wlFOP*Zr$iQvXTYDM)t2z*XcdD$v#<{K3xz}w zf8C@p1O*32?dEy&^Z+z5_sBeQGHAxc&>%&G4OKcrJg1>dxdCR70Br{CDblx5H)(#r z#)Tyy*LT6|&w+~jnzXj<1BeJ#njw{PU{QT?In`-6WG=WoQIz6WL_CVGUlVYNE)^v< zwY!9Fpm7p_#OI{Xk#qdskpXA46sN66Wa03G?b+r22;1f=MrekHjeJXZG%-wy+(W}z z?vK2K=5P5g8`~qMx<@>}ka!18{zoNLw8CCLsRNM%4-Foe_?U#MywFi%i#UT4Rt1l| z?{R)GDDs>wWfYn~jbb+jCpe0WDKr~0-1bS_O~N%nn4-nJ^}27y+&|IxBwoY@jcyP& z_1}_DiNi%02BQ`EWFAs?ktn$-1X8Q=B%0eH%4y3l%^dN|JDD;$eEr5-)!#`Vn}saw zu10*7Wi*4XK4PR#<%lTF%ke7N^(%RaoFY_5u1meWlEXqm8GB)kG-tu_(2%iy!7%Tg zK+S8;BDu|lt)mH^A9`@#DiltjtqhKxm~i?Qyv9r9x<*1Kw<#+?Vh2QnW|;)CGT`f1 z))TP>9>9B|0B&=l%xjrXfJ}WJCRuF>1R_Yt48`JKWNYrqVZ$jlj=ZE)UEIV;ym&%8}``~Atbn?havY# zR*g>j2}7OxgW4xE-S^c#nIp%=538pvn+1S3uW+nBnd??Kv`=QD@9QD$dA(j+sffI^ zuPYHtU&9DBDm~oLyKUAjWCxg*Nav9=CEvg$273!Ok+pouq$pM?g4NE?UUvAIn1U<90x$SK^{j|6LJM3-A?~!7pKEvi-$CI=czQt1h z-5ZWUnvCyjIeH-hFKRl545=9=l+lsj+R7z$BpXfh2BPu@7j#y25mQ|TG)bPdn0Fu{ z_t;HjAuBMF=&{PFZbz#8N0U6nP|!Y^`2~q4M@lTV4pT-Y4H5!v-Gv-iR#mufPsI9Z zwt6fLOMuf)WBr?rb)U67QiY)>b=U?3BatnMa0QXrV3N?crB@c^90HSXHs6$SK88Q`nClZRwT_b^-05brD6E-{iL)=z`ff{LU89fu#pGzcY$;o*rOXkW5a$DP}kz|i77R9Ljxf1 z7tH+ z&$fBBZ?JX)V^<8y_^IQxMHU74R_nE5MYaK*gXFdBjZzQ3ewEFOCc-m^*ga`r9UXwe zyS=?|&*hrQHmlh`t~1^Q@s!@IpIngT&=o(Y{CN%QpSKwPt+UMUb&i=~B2;FG15S9# zA-ja=iStfM5`yHs1l!CwX+<|!xUAalUx88zc%?#zKL0q=nd9O+o+==60Z#m;oOH`6 zO1Lq`lu#Es9b`@jzaKX`hvk6CJ`s0deZnbSWsT)DxLr55+l<}) zsS7cO#d6Mss>%b1DRqM#yY&#}Xtfzav`~urdx})Pz+NDU=jDIlO~5U-027^w_sN-l zzj^ELg?pUjM{VOpZQJMYt^Tn{Xg`)%#0bfopxJzr>0X^&9RPA~P;JJKfAh8O-DMGI z*m6unk+}l*Gh~B%1PH|rkipc3J2mAF}ZyVC({ORdL=m0&7(4C5-@zn#45Ei5H#>~-2T559iQ#fOTBn~2{qzSZU8 zt|%jROwd*ep zmsq$Yh=Lr#z%d*&frcsG@~f>D4iKFeNwC;&1*lgrx9ua#pU61vK6DK>4Us3qk(7lx zw#^kdsnw5qm)+5Ar*%2%b!zRyNElCY$?Ky|XK>X%*{<}-v05&rVAV&!KSGiQvl_xc zDV_nLr9zL4sOyC4z!9SM9DiM6kuNPX)>= zAS_04;W5ufq8{aCQpA62-V4JPkynJzLJ8PZx5FlmOvKlThNd_!nivl}Hh!d8`r#W{ zE$Ij)`DBtA$j#IX_VQ`tKTnogUKyY|wxD5$FOSSQAp6=Uw2+XUFkadgcxfE3mqIH0 z+9!4hBPmR4*IXmi{GY=&Swc(;>*!EkpOoE+6xIBqxf~(pP9m3{u3NrQr|=%IN$4>6 z>CIfqD}5|~XyM{oyf}O1&5(!B?bR7_Oyq*e!WM_0p4T}U^Y>;4e3s1MhyRqM=CA)D zKZvYDwFiTz2;(sXtN?iJm-ROGW#aP4d&xf!VQ>!(+Ow%)ioEeF1qU5zCUg(f9_zAky~#zyWB8oP4zmV>~CTn}Vl7nR={$o}hJ8n$i2o?!3&j<-uFGH7LA zSF+&nP~P<$PoK5TP?{K-5W8M~_GoEAsUzFh%`uOEb=u2#V&t{SUdr}et?vKW3 zp)fmgk7-aiuY7E>;LnF338NGaMw=JdN7)zZ#>sK01N!(d_@GvJj8|AsXAUXoi3bZh z#$lGd4vk#SQEf9vtI?J;g`?FFN3{fwR#Q1zP2#8)A!&6JN0Xokj%q0!t*+r{Qu7-) z%8Gof-SYbcLf!D^glM4{kCQ;Gr@sO_=x3PUT7=&sMJ+G6m2OtQ$f?|GKx5un_BC{j zEHFIk2?^WrX_=(k6Rq=X$S4FkS49T={qKKgiY;P)sOm4IN|j}DuC)_1i&8=Z*=oCX z)UAQ`)nyGx{mDr5RZNMOSEuJq(CJ;*+N?70ecWGVS?|TyU%}s^ppP!QwKh08>K+{* zb$sah_$#;?G;3|py$ZLe00_vKqVxauH=pcUi0mp2wPYGGL{hUUfn3=DgGGFe+$16$asHvl9!TlZ|nV%ymD(>-t6lUo9f%Bgz_hGs`NzlKG2+N7U5BL2p zG8~uUXUXyNB{@x&w~^-1%#ftNL#kfwVv5u%+=)x>^JO|MhJ$`-%-jLTQl(E_hO$E5OW^rgol_Q79Y`U(`6HoSb34OzGX@2*5f_>K2U zFTADqkn1n_;90(}`1&DGR_#;$Ls{V!;F-vgsCaVhQAJp|ujQbMIb-@b$rTf>P^eQ; zeHKRdmA6#MTfdgNH3zK&w2Fri zWqCD?<=O_8vx*<3UWj6?>Wqlj6Z-aSj#t-kTubA)wua-|IGcytIh$K@yqdysEs5h# z_IQ&x{&Tnf_x~j9|9ipia__{#wn4G`ysdx!tl$4H?3YWG$o_v}ukv&M|A#zcYtZ7m zg5J3V!S{yXy9m4SkBAb>HwoTgm;d&o&Aij1#1fnRp%*0j0_g?`o!(Y==%vsZ_LSdC zhY7zt&fmB1giw6u=6$frAK8YF>|#YiwdCqPbescqi!|$3Rim+?; zV#Qz!@`pwO0QLB1vJ{9=LJ`=dZj&ZlbXiH*M)e}k?(mqyH~?AM!|c`}WSbb0#*(BE z`K{TK5C^+8Yk+qZSdOk727HE~ZX&`jF+{fRV1u7!&1|NADBq(;jnK|&j-SI7NU2H8 z9PfByp5NZ6u!e!)`Rta#$s_N#s1f}drDLe{>lD-zfrJE|vD&b`GuJslp*uy?lar~7 z7f#lvy<o zY1p!`-H6tYkF^j@!~5c!B#SBPpJEjjD}TS^$pXd9=Kp44B0q&GDoo_r!X)w_{})RW zvk-rZQ&=V#O`a)FF01<=D^Ncd8=m#}{(pXkOv{+s*hMeh#s>etP$=w${r_UQR4M%Q z|9`|o5uxO_M&jr5n?3&cZ`Y1a8nwKozkC~;#($+;h>ZVIdH>zd@&6+pWw%j-HW(wI zBge!mq>Ffa*T4$`l;fG=EZD;3ms}9<1fpS20Ws{UiNGVa(OY?0I{TZi8;0&q-vJB4 z?{}RU1e_t$0%GL~oFEDfX5Z;pTQHM@Hv$X-{y+Aft+{O*-FN;99QeWFRHQGmom4ZL zbJDcQEMR*ij5Bra+Wq~(zeCx3bd7;IW8te&ra$3h^~(y|G`a1xYK9c(H>?lSd9v(>5LyK%D+PeDlL{W9aT0s9kd~10G}Nm z9?AvgKAP5?^KN*8!T$h}+2c0`@Y}-^w+{&CgqaU#qi5gx8-&dJ)05E%el;emL;oL6 z@%6J!|If~jTKa!-cshF0|HpWC)c=NjA=Uq__+mOA;E|gDP?*-uNPvqyAX8u3Fj@V- z#wD&1$1{-#sU$D0Ru6(>v;H5Qo}M1J{r}0?lm0)-v-dv-4U;F&A5<%TL(6Cnyrk8t zmX{6>vREbo->ou}6hNDGImw+|%s-_uc4CwFjR_7UQc-3%SW@SI(kAxdQzcN~y-*d$9*@^j! z<7KrV1-5^arTtBroRo^9D8~y>H|0zpR6o%F&rp5MhVJx`$y+&`g4j$ToLtro9s+qO ziz+YQ#ACDAN4x?Pa0O*E@B&WFa!+?2i8d{^e2PDET;_u-m?X9o^k|sIQAcr~;Mic% zbZ){y;SfMk2u^J^k0Do8o_95X=S^9PE@HlePj@g?J!Aj@On;@MG{nTQ0;$>$OoHaL zg?fptF>mTpHf>r^l(T`VscPVY;kB}=K$_!>=6C=bzIYB}-Mo5DEJHKdM`!A+#6eDK zx!h?r1PsX|b3Iw>ri2ixb-N6pcAwWhUO|%`UxP7wW-PE2oJ%U1R1H~#F0>lS%8J4~ zRf~ns@j_uYV`lH4%e7HC&DcRk%M4ds{%`|;2MW-^o>}UoX-p)IiTbM7azm)Sp(hM5 zu{(wUfNljK90T~_2oBx19B~B4UTO7~CMD%bjtk6j(lDGS3tGFQJyE&3y}>mW@P7LH zWa2@*^MJo6WiEX@Cim9(`k*CR8x>|RyF*j93^A8Li9g6Df znC{i21pj~W^IM?Il(02~gB!&3*`d;{DJ|A2OZZT&GpIE%VfIt-hKm<9!3>O~A7M($ zM*BMp_vppdBt_DUIqsT8H^l6^(G z4y-ktdc}iM^BSY~k$vUMA(`0yWXiGnGMa$HaR(stmvU*Lax0qy_CMY21H$B?+P2YB za3K%d_;kmHVDRbA_J#s4cx>I^n(eV#quOfd6B!hCqISPTrBojBG0^oxJ#hkD(-n2I zHA90eV)nFg) z$0@4{!UrO1lA(DGCN@k@U)0xfCh(p7GRU#YI|wZ&@U_W0{?^Q~I?7M=j7urbSc6MZ zE~8WlX8;o>J%q{7XIdn12ySpuO`zUe0AA>hD4p*R=mT|hz}*A7RG|GRS^@QDC;gB5 z^yP{4+6h}Rj+ec3X9{>mOO8J}dUd1^%=^CTR8?02tMrE!gbtU*JGpue#*v8X!32Cj zH5+Jn@;@2w58_zlfkefU8nHEAHT^(x;czf$m^#=kYwB8_@vVwRriyH6b_EUX(}*m5 zc)}5x+{V-hy@`rO1#2xFa5~h$oxrEVuzSW)q?67W;=Jy(3_gl$Y{838q<`wJ9IK|M z$qhz1uGuaGL>>h?>4r?1+#W}{6Bccl(v#G&=mY32|aKzBec^Bc<95C~qRX8IHq83(k z3}p<(%NmoQi_6_9_Weku{d zsmd^IT-ycY%A%Q01>3JksYYw?N5bTmaFpjn7;Uu0(R+e4Lk1nuMNivzHGLdK9kFeT zC5v<15e)Zb0v+89sEE+7uZ^NJWWYt2d;X%8qxAUr8<11X%6*fVcXg96`=76(J>x}& z!s6bb52EiH03wTs)=6^Y=s}jZ6g2XR5I3yQl(}qr5tt4YJkgQ@q76KI8bXi4v=aTE z;Si;osR|cAqh)t!sxXDzxxvE5!XHUHWPhbrDRJrsKHaeA7&u{i``KF(P5XoQ9vSq; z?U8Y(#)ZI7cZoMh)+WMwJMU@x! ziy`}GW3Ptc zTG;|H0lT$`N|dItKj4}?hp`g4)3&WbcSVihJsq+_km!7-9m(-$wN8g*LSkFe3CH-2 zz+^p5=QajSme9|fZkwP@eT!fV%7YmFQXaH>i@~we*+JU;deL~pu$K%4Ebc~6NKFgb zIyKr=nygbrIR11Ok(X(7;0C6Hh7S;MPPBDEWisTLU!r8m~@y7uE)}U2Ns5?d3PP;U7^7SmC`cpr) z?S5-8Q$vRjz5Hw2`j64!S$qBW$>HeiN&g??Ns=V8O)oTj&)vB}gx0rA0RV~I6{2pA za-Bx!pl-#u3=8yI?}BP?0Cx=FKNvP;0K=TiEuY~bcxvdrP&-t;^4`L#Ii&?gY66Gd z(Aybn=7zEvS&Y?XW%9G!S~~`?4d1I_*IxOIN&}cW>u1w1%OP}k?;V79gs8!9HG15- zs$0=70`v0PzSO*Wi|=JafKKebG&j_My*zPr-NDRpdYT@khspftbo8)Xg!nd+&(U>1 z-BnW*@8s2N9pt}RyrukIjTtU^7x}J3IQntfEbS{=1zkar0ACchXvJXovKv<)`+{tJ zrQEJ!@Tzo)W9=I0b$NvBZWe>DOx=vQ`>HkS9!CB}%Y8XkNktL~-u;uQ>;Gh)*}+JS ztAb?6+}OCz#;6C;+h#e(HJ}R%LfVj@ytSx~KT`5-{aLeou7JsPWUo-hEyzu@yA!4E zNBreQa0=0bP_JQj_94XaqA4ygf8iz(yD9bx*d+%Su6~Q)oMc@Thdob|47Y%W+q{oz zo(r#6ewG7L_1ZfeTW7NRy=vVn^#Hk_vr;I5=4&^HWvqg}{ZuWMT}KJSXfuXyfZKaJ^MG89L1pBfsMg(|>gMnmm-pYLVB%xEoKR(k|SnKVKGzu@0_w zbz&M!7J%8xSk}V28)vfCR-M#F=gTT(U@dpm%KIs$M)}9I(j1xiCDqap_($}zzwV~4 zY`A&^&1@66n`(B|+KHh@Rn9h*J8EZVH5g`eHD2#1wT(=Es7oUxPYd6 z=%b~0H%&BHjr|oZhZ$#SRyAGu5bS9H?VCSjRbxV35pi|#-rK!52XbAYm;G^Q4_iyT z>`q&ceWmQ=?fk`0Ux>91$lEzHO8G}y%;?D@H(8h%?8aGdqn-3OnqluzTg@@Iw+AkN zyl9yh?;?TFo;WoQnfO5#7LY(9|IGI{DH+b1xxaQ_q3|}L5W>k1i0VG)}C_|y7Cw(kEQtfMO$@_uFR&S`798b^F^Yr|spMM7c0RR8! K+ve5){s91BN4Ts2 literal 0 HcmV?d00001 diff --git a/assets/yugabyte/yugaware-2.16.9.tgz b/assets/yugabyte/yugaware-2.16.9.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a4363237ab7e5a467de4eb8dbfc433935b8f9a11 GIT binary patch literal 26103 zcmV)6K*+xziwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHd)qjYC=T!6{uEfbcazLUGO3F@_HJg6b)jV0qAZFRiGBLj zfe2Wn2wp-`*L2>`{(AtD5_PkkjypZm6V5Xoiv$XVLZPYvR25dU30%McU(`$(M1>V} z$iKbz!*LvUSuV4GIgZ=^m#-8r|BWwKF8Ok)RQ~zrf8+QPSNi$i0Qc&c9C>D81cQI$ zzPYXa&i#`-&~?2CMwaJ>*Jl72FoMLJ6bu+e1Q#st!oWdfJz5xD10M#Fi-V)ZkQMp_ zuJSH)@HH6DCUCrpaJ>p{+||Ow0X|yGo{e#Sj)Tzh+-vaW?;rUB{~^!4Ia)Zt1j7&~ zO{9!Vi&EAN3!abN(6k;ST6nJz^er`QW?nplzQ6fdEby0ws{)rFU;ccCaA*XUAF(e- zdI9{vn_CEn0AZhaD+jyLd*B6ziNh#hbbJq>i-6;~R^$biJ2?a3(F=eBT{yAaNfxR> zW?_VbuyC{~1G>NnFpMyOM{1n`u&^Q%I5QGiKEc5EP?+L}z<34jW@8+&P2##Th3umTB z$!tcEA6{QvEEbExDnYbhc+Qz+P&%fc;T%RV2)V+)ScrX zun@imx!l>oi!;lC6U_9I=Qy4#;R%&OEA|n9bI`|8L}lvkXNo`wSMR~68C(@C4|oaC z5JV;hL0T+~YsYfOfwt0>L7fNv*iV?IZ2sdl1nPq@x8AX$uw>A#{jlA(Q(6&LYo&QKAqMof9|4 z;2{7*0LR`O@1RKAi^mB7-wUHjfSC~iHY834Dj~xgzFfF^!+yu|Gp&>bke~UJ03!Sp zpd8QVBQMXFa~WWf1zpd**oVVl2cAQ9+w4j7=EXw!=K`O_FYug;ZRNAGvvg#yV-_Hm z0mExR>x7XPP-X=@$2G0(iyDDpm^75Uy2;pF;PaO=5bJOmyU>lU!6PJLGK3;@Fz_A$ zURohz^ga&emVs{!!<)HL0ca+6H#+}4<5gx2fraP3iMHm$UcH1t5>9|o1PwEp8=q!Y zfDw?YH#HD=$#k}&0*LFhF!3K}1X%9IBmoZuM$BGl-Zj9D@3XSuPK(#z&71AZPHY^- zgMnQtHPE)-0KfwR?Ls>wVDkO?M0JoFO}7u5G2gTs1+%zW%il7@%BQS-??F_B1iA(e z;t%KNU}0JjCRP}M(3=GY2DRI|6vkgkrb3^6m7qIGr^R_5a0T|i3od=ZUs37sp}=$W zb+OE*0y^Ch0>_x7KTQltWX6T5ITf>Q(g!Ml7hZt2J&vs%_A9_K@|zj)X@-*kO{c%s4xy+(Y0kR~;M$mJ!~}B6CB?^K)=dspCBYh>%6mhXg?4EieML zuG9x!U`;GHq)cSMka4)-IX=Nl5a4;ww_2sRJX!l#ugIQ8JgfI;Q-Lbcw-RT8v~s!p*$nJh+t@k z7s1TUL!XHk3gIG_^0NTveKfvEAcj$j)29=!kEfTc^W20GlBtLMgiOix&ml<3p~dGuxKT)vB8;s$Re>Y zsk&KUfV?aZM3_mjLTpqpgCmwe#IiBfJSLqilr1Q*#~B^20_&{GL&?0m=t^r4> zJaa8-c;nI7^P*9_a7*>kIk-)j%ODohdC-lREQ?2!wU9y0WMjz+&@aR4&6|*o6P+o( z=f)BlJOp@dd9#qL-cuqhU`Q2LXiWH~tb$%Hs)EFqmZ*Wj1jAYY61dtP4o zIN$XX!QpzLYdt>Z-h@xrM<r_wLz_0OdGF%q_xaS!>`N)Vo0J%AnS|5t|KQJ%U+Cby>Ie0BY&(0x&Ug zV%>EX%d(7l000{At+@7OKAq<=5iK{Of{>(mhK!o220S&X&(FclmK&17Spj@fAfKOa zic_tTRUfrf>1=ez?E_`H0Ee;BN$Hl=G4H{`3+xbhE?H4Rg)`sxf+$|jGv&^tRif~N ztk!y|Oy>%feW}hjtz^njOCzRU!Sq5l$wSQKi%Z#+%~iv5U2H_mZge;0H-oj=9AM)^ zWrZ6?7$V9hbg9M67`hzr7A|Gs6hMq6ZFQ@_ydb&;m2#=L(Px`)DMMs<T= zvUz5}h*=YTF1qjYHAz8j*{aqhwXO6Oz1`ykMPlE$sAlu+zM|LFhFI?n^p?&ErM}Xx z>KsvJV$Q{)cqtdrO3`|O!d)%88WK^1BVRXn~^WANvYFlR~1EV)@-3Fb7ECro7K3i==SMvPOWy7W!RU6>it@J z=&HBtzAX}w7mFQbIaCK`z3(hNS@Ul-#apVpAgYcrht`Lp)Uxm3T9RdF$aQStzBj$) zkkA(Hilm{*RT0YVK+?>%q3UH>Ko25k+FDEPi(E7mo6Ekg394#Kf~-VCMH72U?W(8M zb$h(<7rLs;is1LvsoD}-;!j`;rZ|ukt`2mVG3quX0&UV&`)Vz>1j&%A71U7GJB~ErA|p# zL=DQ)01^EG6Sb*WQG2XOq_?h0x?COLX2sHpu5{eCty)p83OfYNw84;<QZ*-O14m2~Thbn3_wi`=rON_VI(MRHRjXkCpEua=dj z(3FdQy;CVBQNCMu_;HcUa69Q_%|VjDgu7D&}RU)i(QfI9Hpu zYfRKTRasK3WsiQ-Is-1UE_OFz3S<9WN8Argv7K|x!prr?+#6MN9NE#u1oiQ!H3wn zy3=_w?Fimn8c0f~;nyVYs@dVLoQ_s5ibbP>>Jm}hoAtP%_V2kXvBL=uLmo+EO_+CE zMC~p7D&o{?PZPRogKtU$bgQVOp_1E$%(ZKpqBdoP-t%WeUYE3{?su%HB~Gi_kXz35h7@Xo>5S|8eYYQ$JB>;OHYVlX zRN|FJTa-1^)0!OLnYNvw+lB^@1jCg|T7wTdML(z!y`rc$rB2f>ime8(H`PF2o8EAJ z%k>AQpb#~L&efn(Bz0Lv!I)E*u*p|c+i&8!xa_FN8w-sET8p-(`kkICN(LF;DV*fr z7u!v3N7Hx(ZGviYD+MRLy#SI|~?r51TIX}96}W?y?(CW(4 zOZr;n%z59|D`QeED>r^iY$|JITJ^?7(H*aExn6PE?G^c9M-!@w6IKk~Ux`JN6Nwsj zc!5V8>Y%l5-xY5w*jWaOR=Jed!l1V{D%e&;vZqLmljmRC|Waj4d%ithIA^cD)n zuI_4eY2Fctr?_HIZ21pbUAV;BvO8XzpQO4eiA3f5HtO~5FcA5+t2iIlYD0QZOLn=_ z(0yfHT~glZ3#fCq@FSV?6|K2k!-l^=twv?c8$50Gmct9nW1tJU$k8j6GJ)Tmvxjj1FXGFo&vv2)Ma3z_ry ze#4v^&ai|^ZLL4?d#W~BBZa>oYidiaODkMQfkt}k-nu%#uBj*-@eGdWU4<`pR4Kwl zD0dou&~vUzMo}C>Wf&L(d#>1|qNtO*#D)@NyEo}^YF}-TW?vDjYC~c6(|ynTNG&fL zuMRD)o?;WNr%J+YBNDV7i_4b~M`}Gqs>*iTg(bm*MbhdHj75)02))`<#d?qLEKm`- zuvBH%NKd<>)|(^=Dz9q3D%GxBaV^{qi{V{=in#vjN<~dckrWcCoLZ4J$sH3N_6Fua zsztr~;#IHDOI}}Y%poDwF=tv(76i4fw`Iqdu(C82RTSW$I+O;IE-w7FUKfa{m}{e{ z`>H+U4WX^ds!%eTQVp#q^KP9uM!oHi>#Ek5NhlFB7&@dfE{UEdlUk=`>bi2}4moik z+E<!aIKf1dt13H`DJmfnwsF7deff6l7HFZQAeFtdp+wzMdT$8 zxvHfqZL#KXYp4>gL$NKkYidKOjCrLfD@z62S96gw7lz!9q(M~~+o-H6NYI)~f=Gjt z8_Q2aM<*R#S<0$ZQ)RO%w@gb>j5|qdR5Y8&aBWs_V^Pu_-tQN6p~s7%(j1m?OV!3L zeQwlo@~9&V`cNY#F>d^++G zTS<}JyJ8fKIrPbp1y8oQlFT(q;wrN5N@&>^>{6doN_s<7dz>IB{i{2@fyj7ju2s#C zhFo-8bCkK>8m{{eul0E$z*BLqaQakQ>qCj?HEj0+r6F-xyAsF6u&gxDLRJ=m;-J-7 zAT?#$ZgwlHQG>?z!^Y_ueMXkT^pmZWI? zkndPmi*8+l+CX>5MJXKHSMFG8dziFmU7@p71R;=Ao70*d{(j*Pbhph*_1iV9tF5u4 zs){`+i!FcJlhv|ji_p;g%RUj>QbUk>O1nDdNWG^B&ag=OMxAu~&ayu&byi(f@S!Xy zB4;dW*40!M{OY*WS*bi(BBI+J4GooMV-1_biZ~GNAjjW}Q?=J|)z(;9th)nARC&=; zU2(?Qtff5h-6dfOzpX* zExnp8_H?x^_txfJzo9mV+EVNbq6V9O8x{4cs3>NW(@vu}f;D%{C+wV}F#B=T)d8LIc$3C}9~pSB_yv4@i-0H1MZV(Ol^ERR=fyCUQ)l3vu?;DFAu7fuB<ZKE35+SDzbG z)q<+H#)`>xTI!vm>TRg;)*bH$vd~`08d^xiUdhA=WEWlDFT7<}yQ=q#x}vJSCfaQa za#y!^oal8GZ*jl6GG$q6imo#6$hT#cQxUCF$Ksz6t$_x+Z7iQLJZV*4{`YTg>n#TsemEz*_^=##0HmH`7NX|CzRk{C%YF|`~2PPW^fo?0#Sn`qE&s5Pa9 z?z#;>=-17G#EUYveZD);n}}~y&ikbE?F!PAd7rD)HCJ>LO(-h$NeQh@I412DY?#xU zOzIOE>+Ty*ec1ki) zi$mA0bnI~6ZAq%CNs*>a?mAAp4U1w~<){p6d)PHgcf5X!N;iRKN1YxgJm}U{*lm88 z_vp%*M|xinn@An5Wt)^_j=$84!X0cZ+ueFwl(-M;-ol@C>$=<-7z^Aqik()qf)w@g zo-+q}|Ek>)bX#hQp++Vvv350uM6HfF-tG~5-fs@evTYW1MKtxsvWEw^CEWC-VNtxV zk(;&1NhT7c)m>4N^`hjd_HwP%sYR};dP84|3hDG)-clY^?QwBA(2IV(PxMcQtaq?2 z%==2aswk2-9Ed}tO6yMj_D*cr^Pw$~epAx>&Z5}k#kH!KMbT*w?n}rY63IkG|rHZ2POVpHV zTJ!1?YWlpfu3lnW5PNEG-PJ?~X{6O@O5AWDl(5$BsHCwN%4S`61*cP2SBj%^*jAmI z6Uj>5E+US%Ri&|#o2WK+l`^y!>#kDf6?+-o6(wI+&=S{g7DJ~k!xE_|jjNW}x}6(! za(TBFFJ(t{uwpu6=c+uG?K{QotsyV@xM`}Qjmk>X?Dk#V*BW$Q`3sptcj}-szbhg| z)BLH@;MbCN)fHQ}E2+p=3?(e}i@c~emI5pd`F@L7+QbjWju@&%p`!}K6dV4uGi@tS z)7yySMOo`CU@fY4?6zvyXsQePWk|g1M5!${2`C+~n@Y#1F><($G~?H0s2=<58=ts%B5FMnev1SX*AIZu^r`B$8xHWuqZ< zbyetfG-CG!^Kx9$=U5esvN9>6db=yyYU6(4yVB}vps0Ge&n@kaa9dIYvvyx3J&{wP zT9j;U(EbE9p#rCRZ78=Nq@pzIY9ts7#$30_eWy4q_twT*EG{Z?(_8iwby%~P-TPv1 zE;UR};;WyG`fwqulhsgJ>R8p+h*X#NrRp3tL`hYB8`p2jNHC=iS8=6*@00%+V-`2wXW40^A1OvhNCtWCsNqD#ulpMX2kW2zBJY(Q`eTIp7LR>X#A|^aFvcL zRiT2qP-y$Q+BR{WghtaJXfm2(P4tF}-j#~xgS-}Qm6lNKH^j0$6`RAg-a=fvs@lFR zY9Dw}HTAI)6*0NF>lE!(r%t+(WBRauv*PfC)qDD|eIrprRTJ22;{p?9HR(0`ZG#2<`ZF+dGtj-4yJulhr*`l6_`dx}Fm z=%}TRAW5pS)DhR?IzT`4-J6!m7i+}9SX&Y<1v3W7dd3!Yqzd~u3q zTB|xR)}r2RmhXnENHS#fX~-d7BUK(Y)DGhKrPef7ou;?eOK8?ri9F^}eXMz9&EW#k z8FIanKGddmfRv~qa>JGG8q}_Z&{fLl#-EQlzOEOM(6fbyv8uLoUiD-yQq)z*q@7!E`kPbG24g@M{!UXHb;T62V!%<&~8n6k1q zIB9UZR2@=N2c1B7+jrO&9;70Ft8$H{uAvAvRWjtObJ)0Ajb*c<+3F0d?QY+eOs#gM zD1&NWaT|9~MV{6WtK(@~)`Z^D5J)&wtLx4b+2esPXl}2h5LM~hZC&ThmOki}(Lk6g z10AaMwtiO>*3}NGTdB>@WIM5wU(5Kyov{raY(ltq{Sy5eTweQ4ckHgM~ z3KGN`Ec%O~+^KYmQeB#wwZ0-X`bux5*=k#?MO9U+6h+OHMdw3Nw4(0)y4n?qUor;v z!YKN8L(aJC75RJIzlub~|D>*kwpQ;f`;N{lO649oS3}X31d-EixaM|tMHHdkR&7C% z`qg_$wRd(!!jL=!UgQ}bVJBMPoSib_=>5h=ZgYk&PAqo``u%(0r&UsqId&kt@rm<2 z1p3&R1y-~I>-QMp}gTGUcDD#0+GGK%jn`PeUmhC^dRp196W~2 zz?=CXzywAZrGAYR(-21>ahIS-6FkSHa0b#U%y*09w=ZhUA0c(s%XMAJ^P-LwIxsTK zT-=;&V({n@;w>z9vfo(NnUc9(Z=K1&rmJD%j+Hty1~d02R6-m8FEVieA``kXX7K^+ zBeV$XgWB1+Kx7{(KMSm+TKlTiSc}V|zfJQa&DD$D^b;I}66pxZaRAc7=?*xNXY% zD{lr6bCqLm8QAq^6BGD2aIBEx#7f6rbTO3VNMG_uJfKy}MV32x&xRVu&KLl?8E^ZP z2+UV62ExwN6D;0?(2Je?DBhC*`eq0o1J7Yoi7^NWlY{HHPz)pSyaLK?(t(8+*mT%q zY}1iEXO1vlfG8t*37Y^fi{Q4M)RFIfa_Y~BML|$lg)`6aYo6o7$QoP3idIKv;MqB7 zFrT3CY_6@*dEbHkZKhsWExVLhldV1>ybpwyKquqGxQa^EA~WCi9{>@mbh zVudkH&Y$%SGd$P8eiU9L{#lkg$>X`jc;f5JH zXLbZZg*8=fv0N;SaRm3sOzD)Z2!Q9~05Tfiy1QRuA$Ps|GQSz2JUsbjd`8>ZP$eBb zs=XqQ;5c+C-10G1^B1cDjC%%_wIR0D=M1aGrqIUl=Ey(^sUI)ul7MGAN0#G1msp`axS zdGjg25q2rgvPHEVUqNR8e462aS|-LU2(U}_Taim&ci^(mFbJiBzPe!18_~vO z+x1P2f1St8j##ssIE09VV5c0FkuJu}X`SktOuI1vjn*$jBrGHv27F}nPpv2_$7Ap= zHgFiiV3qZ@3NLKDV$3jxA-*hwIBtdZ|B0r4F<=b`(Qg#cZ#G{2npkGiAt}?zftNlu zBG&Y#&A1XXkFwObhztE6lkfltwZjO@7Fx{kxkEt3TO5!_PKODx4--DY~NAu{2Zi_ zL`{ZvG6B4 zkX8W~K=ZCap+Mh%lSZlHAP!stZ~`qii~u}>3i$g+z!!>q;p`mvXdJJ4lHO#ZvgSP1 zVSMiFi88r=q5#N$@n;kNxrxrZ7@3&(bXgktuM-OTbo?h@`uVc57ynr)my18*KflNG z`SZo!z}#}Kw~H@d&S9hVH_rkguS!&LNeJ3lp>#C zdz!Xs9PO4Q*5ihp`$4vwGA9eXh~^~RLi&l}fBo_0!d^Y*I| z^aIO{9zpIu!u)@PxjkrcyI;d-r~ckyz|6?f36pGZ(NRrpk8PYL3+H=kgjuoNk^ba% zX#E?D(t-vCx&O+6+$i@u=Fcr%qp%pbBnZe_$HscPir+*|v%ope@jVy2Q4%&?I6I^E zksshkOqW0y#CvVCB(RBZfeJ?zw4y!G%%!)!Z|y;b-~z+%y_l%chNc7K8w*l7;-urN33K#Kmf2AmPRX%Hod?82;Ne2lKrO;cwUswv>5loX7i1* z#ygNpYv$f%09%j1^&;>VJASk}0%mWh(yAx1`uIGIOzSD<9YN&~_6yqH&WnrOu@XmG z-UF6OvbT{JuP(ll$V?2sdv_EzWuk8Y9l^;iZMb5cVcAl zKRG48Z8m0R1XC7I&CA?D>WbV8X3POs@3s-a$#I^2o@1Y2(I$?77k~+NaX^*rLvs`8 zeildEgZySYD^4`TvJ24_^F^E~>cR@c84fQh{N>N*>~BgA>_+(y<O<0E4y1Mv!7igkY6pD)g?sEyBJ&;i4OnipwV1r|l$9i&XU}}Ppw5B9o#i6H zGhQS3od=S&NBPPJg-xFXK0bJG|O8f2>FF7Js6REN~Eme+P1LN{>Vf(6Rw^ z(GBrUD9)U?55Ix&Wf{B1ack(NY726h(Bg0i;X&$( zSg`(*Vm8?>lQt&*>AV-)RT20Ne42R?24B9sKR`RP2F&iD)6cn7G=BcPQzngI24BA9 zc1g%;yre>cz^^Y5+DT}*frBXBfj+_h@sg^~%GYpqCG-9{m|GLbc%V4+D=)2R<7(z#z*pbl5`1{z2$NvD# zcba1-`|$R}6!IxsynAsU{?M8BwZplYiJ9s4eTMRDCi0F-ju&)s)}ADN&EedQ3&p9M zc9ii?X$qjsT5Y=vx04hnYg$Y&_=%1Fd+-yE7tf3q*`nLkU0N8t4QFHUmKq~z$#;O? zUDfUC_!G>LE%XHCc9n8w|NqGOPkdhcim5=KKL06S7AwVr^Pdv`xyGY3a7Z6nUTld(|uLDAZAQludhk*FgFNCVcT{ zmhkhX_-x95D^9Tp+Z%sYVuyFOep5&I1qId|2Oqs)QrIF{sI#~G-AR&@+Y)h`c#NUT zrevlL6&^XmbG8}nSBrwaIY@&@qVrouMa)6(JkS(#PmL5u+utCz#x!sXVU6M|fPm7-e zxm)kP9eWc5-FMf_M>ReciBki!5IS~hlN@|l?j(+0VjdfXLLn7WrWGI`2GOdJi6To! zk$ugx&q;Y|gYK2g?U|@MpSRPAeM*L66yp8C&3@ieF;1jiFidRNBbGsS4#~)&bxWzk zex_U)!Dtrl6)cyEM~WueWW zK_)nw`JgWLlPU{nMND4AYBw{-`AS;vg*HG&7$sXi1v8Ao(QbglzV<#*b8kcHW4w#?$D>792HejZ+SK}z05+>rrgFpJaZ>;Q!}DwlXI>;ZgI&)BbQKl* zPcbl&XJdEc)W{suSTGz+fv~HKm>@|mtVo}fy=mJuRyMcOo@U}CDi)`(l2D8>P6I0$ zwX#6t7km2XIe080l)i4s@K3bb#43Jc+c|j-#voOLaJrCS(H0FoBA(Hnzc9TMp2cThKKgtYQ9C}(f zG9I-sc+AVROzxnIU$#8NIN2!JF z42g5=vtt}qGE7D@yf6Zcup3#Bq*v2~@g*pc35>uC!+d;vyNR~iKum19u(pMeU0iGs zZbgyb!I9~qxKGW7oO=&)bcMtIRoFk>2l=)u_UWJX#(hI>9QK?7YHg^4$gTWP%ilcQ=H>2PL!__2%1V9@e)^o15(PRN6WPNyq`v&R zGxUjIIZtAB4nlsYLBK**(kSiyIG>HwOLo+4ym}9QisOee`|$_$3ftfyu-O%7)xno9 zi6%+Fq-tP)Wpob4o<}frFDy6uj+pO6F i~Bz6Ppg}gJC{%Hou1sbj7XS|*P91> zmbvFPEpypj%M+zD+m^X!_APf#JNEZ4PwY!>H-Ec6{4~SK9%bxFl1P{1N4js3Wkevi zIVaq6Adk-ubCTyV>{+=Sc$@Xk+;=(89Z)s*?j86IxRy&r3@C!k$xSknS=T`5BJegH z_5FbSlm*@~=dV2rYTx;J>lR!HFfw6Ousn*(moKlp>FrN8cQO6dH@&xA&8JsX6+$!J z^FIIgi?QWijA3Y=#a2lK@=K8S01g7Yw4zub83c;HS?I&H9aeBQ~@z?{eT*@Spz)emVTyy|1&+|IL6zaTW^tV8ir4PGRj(sr}Go zmp8;hFI$_c&1_>^d)j*3m%y3a#=)kJ7u0I5HEw%!2(-yv$4k@4-dy6^PA^K zkvHPY1>#Nqdxx5Ap9m7N`G05x(8-4;%oi({Iq>(tZxN!Tq)^Qnnh5qxrbeJR318!v5?z{iH&8jk$e9bDRUg3)pQV`OST+yW#eb`4PR}@o+1E zMjR|28=+$u;`}x&yYLkQ9Y<%!U5=y4ce?wcnx}1vr>bwFz>~%|G3+l!UrC-`H%WU9*=ww_SuK znK&%Z%@j%t1T%t1j~2n3BnWx%=IM>$i;SOb;cpbRH(y^hz=ju4rI}|RwoqQi#>pyU zGe+Aa5!5UNkvD`6c_EPBKw>&x9WxRqB}bm&XBqkt zBj!hma+zT@@#bpiv(4*>gb60snLP#rvN5~{7jqa~1T*&{KH(4d(##|`e!=(_$ctF? zW#CwDywNiX?f7KIdR%4hccjl4!vF^(w%PH!8f7)N9Wp)F3r6Xsj5|#wXA2`gNtc#V zDR-9H4PhxOGF^DXk_!Fu>znLLY9djj2#!*yJ74qQP4am(XNjvuVFaUaGz&2rQBDp& z`&5#J5q6`vgh8O?eEk3C-WLA$F25S*>A$%zZ(an}fIc*=X!Q-CxBW37np>e4oa)#n z7H(wtv(YSs6FdsB;khUrMP3BSXWv6fYp46Mg%an?87;iPw%o}m#8KLf=fK1`=P3|SDA5rkfHondU)kH)Lyrpfp%UAm4}V8rCd zXp~s>WVJmXiqTIfl}@K$a%qjsRvCyd@Wsn(z$lm7`4ZD5hHwpXA)I5xVC41yY|_eI zgWOMi?rAi95B**YC^LL>`x|chy;yA7@g=xqbVTahazqQf*~&?lkS)xz?)Mk}uPxcP zWk(@8oDq3;JMuM4N4BkWasuT6WQowOW24W3{@KAWjz-j`9Az4&z~eC-y)FFLy9~75 z@g0qlTO~)Mvl9cG>3ZrEL*+o~igKLsPGCgG|JOtOcTn7C!O2%6h41Wmmu5B z!C$^yf8aiFZ+`s;o$D_*@P16QAJgmvF6ZEm@@mSbY{Pq)Y&_Jf!1qx29v~|;V1NLg z<6sq;mOEhv*|Q{#aXH=a$mI>27cK=_020f>tA1S9GBe>{PkE@ zb5w+Fai%Kis3xJcc1|tQm!}UPl0GsaS@>IF8hY+NJ)f3`RZP4^s;%PGG-+0R=D-~~ zo)?*W*>{+(8{s9pWFr7vfiD%f^eTrq9r!m15C-1xXHQO^4U8wIO$umN_&zhOUxFMP zCbnJ~Jq8%R4x)QN57of8BO6-l*GHBDeKll}722Z!LqrWk$0vB_0O?yWJ_h;K7=i(3 zXLWxJ-us|m4e`YM=wL_Qhxq$Z-UIq-%#pzD6F7cVL@B`6MzRJC^R-xD2jpubTAe*U z;vjrgOcR)|jcNxw!mEkfU6`+iY7+i73b28#`4PCkALFB-UriFE(4zplp<^9ghI}jL zyRcs!^^`C^G;AFGK~ztG|8aExL$Ke6{)f>X2d^bdjzRw8sQ&tR?|^)R=i? z+vt@iW(L_Lndd9pL=kpRq5N0h8#%VpOxK9HlZ)z%E6BlW`j1$dZt^7jp4I7JdjPXN z-Muh$3`5I+gseb-qriK#;_KJqe6+!cF0ox>HTv6T3n=p9?c^jm;kR{hznQnI@#vTT z-{{xBy&JvV{r7odB=NB;|J%0OzAwg>fuBdY_}x$*g)`^35j&fB_rEVf-eF;fPoiJ? z2SooR;y>_>w9%i+KdzMeW1b`V|6&jA#7q4(vH(7v|Bowj+|PUY|1Qfv|G59@yFAb3 z|9j;?q8;A)%SS-$2Ln8j;Vu0(LgU>qmV-KIoZMQJ7Cp|~>zvWs{esf@*CUpA-JK!1pU*gN*~2QviRDF!^ZNKJ;5{;)jBh*Nu*en{!>8kVf`@X) zKDc->Vjs`;8tx~flgSJbU%itV>Uf;8Tbsu@IBnzv7sn|h${fd7cpni7C%3xdr4=%i zPW9fIe^uA%hx|`(5tU*8^&jE80}^ancJbmX8{LrgBu42h%6f~%&ED+L7!o>NS8+)-v=@IBX|}#h~lUo4&onkK&ZF?(!`$L##5@sV! zz;1?U%eyehER1lFPq4ZMIl9t`%}$7r=f(-}gTih#$3yrUNZ9aP!y9*oeaGvphJ;L`QCPI>na1 zZSLzh!enl`A%BQ_yifn-%UR$NEa69r=K;+&h@9>v^evYE@Cjn>m<~tB=9LHK&zoK> z8x|eblq}4{fO!_AVbTn#JPRxdw|~VEf9!XHLi{nkTp|ADduaQ|1zoqF0cv%QSu@mr zdk=EN3faF4YR1q%;yIN2bqB2&`ZB^UvkeaswA@L6!;s$y@=Uy<%v*))8S z^?nD!uP-7{%A{dJ6&BCB?LD=>AH84!1N0R{cn@+jA0>bJ=|_aAk$(iQ_aL{W(J?F$ z_KCM*SM=-;-Ug*@)2EQzqO`%}dkV2XZ@&EVNy6jgd$APU$+Y<6FIWUsD$k;n}E#FQn+v=IBAGpJs@vTp3@oc6tKPhm<9c;6`go)zh z)5q^sN{Gd-|BEk9$Xqj@y#U~NmE64tQ56#C8aT+k+uka0P~7t0B~u_%gAU-6cv*f1 zs|`t?PiFkg0_UL5QZKWBj)x=%2C$+K zlSg)49)<{bk6=7=5#^SLO-N1ZmcasfPUgmVoqhW!Qn05!m4BSBPn&qcSN8WR`X>SW zi}GrsHMg27L;qA&Rm!E}fr3k3{$Blc%u#nweVx``$7`I_UI)crq`i*RI@Df&#Z~LE z^>7Wd;nO64E%AK&Hq+V~IX`(eghNm!--)o0p&X*rt+ z5%DEd2(V8q1BS=9_|mVhc1#a8q)UKgMvXzpYSoQLpNS1SoH-XsBFAjpL>%G(ek#Zb z+(H$G@twT6q3->rcK>j&Zln*{A=yi9 zq*G`n>9n55Fe&&Xaw!9`zjt zMivQBY_fKTG&_B*+CV_~(~EKY72&!DkQjjyuWH3BVXx7RFN{_|S;0Qf=cGb`)I@A%QG zZUxui^Ow_Ab}mU~_y*n-8xcmkIA%^;cZbVJLvQv!0q~;jb?EztNTiPy;r$t~ZJ99& z^qFPC4*25R6xoGTN2_eNGM=wmsL_3fbNai32V`dX`EONFB` zi?2e7Bv9>Toj(%rb%Fvu@;%PKo+i zY=mbDe!T>xBjz~JMF$DL#xOJwF4D^z`>%f6Be&s$i)0Bp${bq67+>s4esFP6BHSpI z=RqU|cY*9C*VrFW@Jr6{bMHa!#pA&WKRYBliK323sMKEXcr!QJ%Psf3(E@-&>pieJ zdm8g2P@h-~>;gUP;jRRqjUS#eQ-0qx`)Vvt$9Z2IN0)v&(%^Hp(Qd1|rJo+?KT#E( z62Xb&O_H>1`VpsN*(6j+6+sT<0?&(bpz!XMMfF}oPm9|l!uCMa=Ce}p$W`xqu=2Pwti3U(;?RQBJI&9a={uq!EBqW_FoK)KLmCjUm|pUaWSzXb2er^ z5|IU6&%H=)?%yZyg%yS~9A5C;Is1!J8M{%wQY>*rj^|59aaH;a=@3yN@SJ^vBev@9 z@G5bT-F<#X=BwQ&wq~;FjgH~l?aNK6(I4H4w{pEYx{;dwV`R?d74TEsx!hL>C24RJ#}$7+rCNrY{3!lr0O}BE9?3O}%p~{*^jJR|D0Xe&ZjwD@VlR;hsvGxt&h-q+&AVQ^5lX@fIL5txSd{ zDlo>FPF8nQeExvypn5WVg(yVhf)69};|bP}i!bmvp<|vc_43fS zo+?DFM{KMNf}d_Uz!7$t^HXFw_+vKwBs-o-A=z>cR5=CtX@-MU!GTLk6k`?y*fmxs zfU&Z*ZLz1}h0yT{4xfV6fy;he>NF_YId2v{1xAjGe7&uj1k&zu^-hdH{QS-n`X8GA zgy!F$rC)1You+Xn)Zy#3_mRp^=Q`0H)^rpVtsJdFB{n$(d0@o?W>Ve-{_f#Z(uVI0v7 zFSgg8b4~fi6U}e+?>Gk@LCm*}?GlfnVY4k`BfA`X4Fs9O{CdBW-$#ffY%e^~R{Ht% z2tPKSYjZVbmsjq$`(5b&y~*+IOR+z5?ex8u+%I#>{{4>GhlG0h`f4}DXx6H=5H?_N zB4%;(bw5z?FBkg$<2fGxAK@^H|NBZQ;GWC>U*fs__jW`DM-EpYNX6#=vt=2!yb430p$rip_{%5{eE*<25zWkB@>$^NB1@^}!0 zjpOuEmizy)_io*d;##}#eSU@C?wi$Xyp)r=H9IyfJ}syV_;9J0p*Ok1KidNpO*6bxA86i?;o%D|8(Q*ul3(Q<%;e$-Yj!)ULE#%w#f#Ut6jDo9O~<1veI@{ zHfoiw+QThj`t9Vuu@*8@H{W`Lc+hNCyBo*o#x+dhZT2bNev0q8kp_RW%s38y8pQ2j zo5m_T9nftyc&p`OrH!f&Pw&R*rrvG`adjA^s=k&t|GO=|s*W1&>y5fIBk|yuY(GfV zDlNAEd8hg>hk=X_1O4v2x?6Jhd{bXv=7adUt;^%zZt37Jv-TGB9gWqX$})MI__fJm zwd%7$a=l$u*>*dquiLaP@5$zGr0(ILo}9deE{&@}lHDQ9oSwW|Qq!+5TZK_EU3rX8q^YZ8M+VzjNQ%=f`6MKmYVAG<-~P``fWA zZhBGv^oMI(H(9m4Y4-DvH}21;W3!*`iXFTCr<0R^{l~w~H|^?|IBf@0YCbBpDlbpB z`6^TLct+wq6Tm;OH|oFc%fxq*`E_zrCW+-`_IZ;v^>)?Po5O?pPq4laxqtnB-e&P8 z&Hs5L{9g}ZzxSQF#bR=DRU~fAjnQ_4=>=kH5bE|CH;;!E$o(5VEMU zyK|e55seSAvnRK~3n#a91$VRd=fTx=e7KpMuYy=VT_>xPBj3zzDDwUK-)(B_&x6-V zvd02#eEIW0`}F0@sdjdzjSTG{`fXzJ?Mm||-=^wG-s&gK__WD0^^apy4*`0=rm@}d zRMSqulSUqapKJ2`oo0C`Iab&R*TjmZ07{fNJM zJ?i zFlcIdjF8&Jo7K%2zp(=M1Ly9n#>l)UJ3G#+yT3k(PCf3!{QS_&y{q)dk@oC#)7yyL zTOz5Xu2mM_9(cOV>;1pC*U5eR|6cuaKPPW)U*2X-{qU;x+gzI`f=?JQ9#P!}d_7vb zhft&kI6u5={vNY=?gXuhHNO-qC3 zWm6vk@I>;57k!si*N@TPb<@7&Y4|kw;au(G!}i4)Vs9aPyK{o)$u*Ci^YB4XeA#}w zDf#I(59h;={dvV7>AmesT|V4<&sBSh^yU8H8%Q+(oYn6e&B3e6pQ?U$_ao{ZcTV5X z@#E?pt4W_#^IXZn%QoIn^|s7c6@J*uJ-y$?Jx!bIw`|7m>)Oc$z27K4zIa}ZgLja8 zQ|{NIE3@)#vp@X3qsKee{F_jIMD&M~_r~0F8qarL&MyYY-4f3A_I45E{$RB{d#{J@ zpX2SpYWGV(?}Pl!FZKt+aHr$P-s`V=W7Yhw`S-Dx-F-LCEP6EZgLNbH7O*GL>aXEE*Y@iuo{p#|FzjR91F{GPb@kzS_YJA{faLYIz4@$s zMO)!-%S(z4QE)A$~eE=yw z-UIEV(AAt^`UEmep&>!D!o9lUOb!!$)|0h~{56g+#BOG5 zHVx%6F6@qkP36&HmuR`oY;8y=#&X{*vHj$pAsuWpLa1wEV0Vl%QyOv}73nBeD$Jbm z$^*kaq004vy7K90BJ{S4owmWfGCbQgDP_*2fF=RR6n$>qmPJ)?^E+UsN4sr6ptvLKn_; zWpiSpn7A9vb2nvTNT9qxATRio1qieea=Jip$XJ0Pp>0Gt^66ykb4wJ-zS#>V2!&0+ z)@+KVs3W!tDTD=Kau%24na?{dF4agn?lxd9rCctk;cvXMxyClM5Re_F*u%EWQHUwG zJ$+KNm=~yB+E~SfT2kWmu|suYA>iw|iL2c8v}Paa+7^R$pY(FhLN}m}HuQ>dPo@y3 z#2iVRu{ltVaGHis?Rh+P7a7C=(R}I|o*^jWF~Ol!;v!Sbp{v$SI97gdVnNI>b4Dwn z1obMnV5`<&XfS4B&I6mZyfQCRQ0R+&Q>J~c=9=7kN?!9Y(g?X6dA#U^jSaCHE6roU|f29s3SccNee4lo%e~&f&~~O55S8^lQ`jUx11{G?;BGBX8Ig1nXNfE zlrzed&D3m9fIH!oIfMcbtj~ws`Ld@@q@_eH11?sc6CH3bu2K!wgwBRX`@yj*H7F*9 zHi;O85ouakL zBhXz78*e$x%fu3kWw0H3_GlE_mqUMzHEO$v@Vw>@(7d%XliT1VH?rsb=1#55ay67wvEei=;_KLL~atmy4cZ1tZ1CfLY>ECoj`jp zdsJ}Ncs@foRneRR+$?n0;cIoZ3|Y&WtWyvT{WZJ@NPfZANG(8ghzqLGNm~=;x^aKr zCw$yrrv!Xr`nb1{{hq!Jak z@Xmv(rWNwhw7K9GJj-~uO#1u^TRBFGX+a_VpxADZ=2o=)(lZ-hFryfHwrFT?b~j@u zfYO`qo0fova;NKKyV=XBJxa7x%be~EX{sX?+zZGmT%rS6y9=MAGIp3k6*B?~t0i>X zjQBgOaxB*QT!!j8a7Oh+!JH{r5xcRosd*4YFjS0e$uG4?V_T03l5#Ym4!np!2YkR* zj9-q@!tdg>Igw1DeWN0XppUbMzt8e*F0qgF6s z5Y04`-rS}w>J%ukq?+zA+-3?6J-gZX<=9Ad6vZ^!q+zk6g&I+IIluFvASwJy zAFzPg$_XeknN5%W)55R+>yL03CvSRo-}V@v$PNCM#M|s_ILNBw3Ew}x=S3FTTi?_# zyhooFiu(-1ncYJE%zJFG1Zv__Y?8vQVguH(uBOW{-TOytCrqCq%h$ZU)MXVL=FzkA z`S`{Y#TYV;@rL2axI#UgMf!FgtR)BzVIa7o$VjCMI?2*#lq;SdY7Z+c-tg=pTVj%ZjBX(@CWVbDk&Jdyq7 zZfU79wcIAL7!QcrVwG>AQjHP=)tsn_H_e5h<0=9uM8(((dZ1{Lox@z08S@ zkWafl;$uuggm~q)9v!WTGv51UyND{eM1@v)6qkZVMq&u%*)8;04&xHH$yDWx74wv9 zSE=3+Y12(qV$SQE5rETai5PedvAzRYXV(BUqf5! zM8j;#crtAcsB#@#j!Oy=Nc8rwq$6DvBb-3Q*&1FkO?m{1h^t(s=gpc;-8RrJ_dbUf z;cSK}uI75XNr1dc39Ly03<7Ke9ok}U$S#0|5ddlk8!;b1NQ3cQ*it3yyl1>=Bhbz! zCEbZ>)CZ-;0}XDnHQG@i*0>iDR$`JB{)XBZWPFSgeLJMK+!MOr&{7@}s3vsnIv!^t z1`K7&9;Ts~MSU?x7Sv-VG*3rYjQct#xlchfOsBYrit$oRG3CKl^H$^i(!wzhMV07y zn-t?Jp>CZi_j(DvjzYM>tN`5cw8g#&MdfPPn)R{8rb)>dEiQ*>+N^!ThP*&=%A2!5 zK^NN)`_wfPpe&!lGSXF$T51`TT@V@GVaZ?<6G#zA_mkCl&0u3DhIe3^>ZB5d$7Mtv zyN{h{ghDuvfwn+v=6e;JCUoB~LyVY)YF4SUv{E{@i-WiJMyx{XAQcV8)-7)6w1=U1gYa_g7 zWUjka>WEdm&Vz(8iow`QrnumaTSe>KjaOgh2;_KaL**B#7J{F(wfFs z-X81Xu(Z@vhSK)vc9@mpGA-H*NpT^=W{vfHFN(33IgKOBoGj0qz}F*97$)@kOAvE4 zP4$+G$+#4jyOlq-G*rjW>iW%xNngegj=9CFH z=GtnmH5&rmJ>hbXRdFCH-H=M2E%tS{Y(rrzE+GRz`@+eXEB2}U)zgd%FbkUIj2Q)jo0}s zb@sjF`AqW8j?3Xt+Re=zo%jsenbYNr&GtxBXT*W}l8H7h#U!g5;jPpCl8#$mNX@+&c~?SnN0QTB07e$C zP)Rw|sdZ_{K93XSPGdV?PYN}qlxZGBMpC-H2%$UI7>|KBic7JMp*@tU-g`j$#1Ur+ zZ?*v+U!Vdl2=ff0m>yNd$SbzH8tNI%byT|H!jMg*a4vP(BvwAc6!Ads&N3Jc zGaK!BRd<}_*jJGjRcz<0^G&iA6Mo)QYEH=>##hp5w6r(RvH~KX z`TdfkQgSu*91Nlm8X0#zrtE!0a!XXO^elFur2tvM%1PN0Y8AQ!TEVD&AdZ|Q6&=RK zzF*RzMvJbU>$nkAcA0g)k4l%sh8j_OJVn#lF16IzyhmrGWMxM4GAYNygcNgH`F*V6 zCUbIz3OS@sz6>hSaQkLnHG2Z&oQ2+Qu1m^!v!=GzV?JJ@>Fj`YZIsfj5$GBcb_Zi4 z(t@d4@ylkDlxWLz=rO2rWH)PX?b4VFR{{+Y?(O4AYkGyt(n78U6lWee2Q*aI6bfHh zGED7lpH=x)y2clDnrl(z>yx$E5nkxnmN;NY1@^;pC37u0uqpJh<#lO~VrsCRAEvsm zq%JtaNhwAd$pZ?TPBQ2xpgyD_>M{q+6V+^!P}zdzD792Q*W`4`Snda+j!J_F~^u_%IGB6T<*>g$HK_h52Nm zD<1(CGaVN^bgyC#NAX%rBH~_P9bYfG+9WXDi9#(rJsSFb+9Q2GB2L};ltq)GTP}2e zhwU6-&AdvjXiwPXA)=kgnCPW4yMV6RO_5pWLkV;2fl-A+Trz^R)PfBPnVwK> zChT@Wcs*Yd20RP+XI)!>*qaj%%C+fvi0@q|kLlFO>A(o4TwtA+{=bm01JWDNcnK!X@ zz7NU~!fSCh*SC9K`J;fKJ?_y#>bNFrTf-D@JnPcHbZ_`;#07!YGR$|<7Rwl>H~)6{ zvI&z4ZKR#1f<55sl_()B+xqUqzBKbdtu1yB~v8P zq?Pb`$V;$6WdwXfM0{OrByDX3qJyZ?8^1P=D>{_t%`O3&C3Fe>0$wDHO@+p40$R!r zTP?GjLMS-Ll!dfP4-CRHp{p|)v_{N|KDMGw6e5zXF^a%;!<_Cc;T@Zla7ut?NSG7a zrvQhuj+JV{LT@7~cb*mS0_)n00lO1iwz0!hq?x2tk9fhZGv+RX0_S`(rZhAI zTG{iM$(q~9Ox7;p(C<>Hwh=RXZ!L=?Y#^_EgDOUY!WBZxry}%+GK6ayikMlhm>cLU zokGM6+Q)XoWjX8QWh0P-U2bbScC?sj<^@~BeKK|Jn6Nt4wISnRL@d_wLYpN@Db&Md zROH*(o^^A;C<;Z%p;#|%+*1u>!7-k!S_@CzIdXiEm0v~@qDibb`-pfWPsbKs=aYb9 zJD~o77tBSI)?|F7Bc2mfe$mmYT`qcaiBw~xVX;s3W*&ib?(5nj3&t&?%@ymR%Pp@9 zN}*9YTF7!7p#nn$L=pGk*$NMZuFDEYabPYmEB??Gp69DB-(J}%vcv6)j(oAC^W%?? z^hd9v^u8Juc=420@>^jCber9mc?cqY(cZIYgAbJdoxuk8T$aBgc<>cF(030sc)>*V zMmtYC^_|jR2^hNv@OE^drk#$ytN!l?1HLZ!0j=NJd2gOQ%I~E5S9aUqDEXH14{E;^ zrZf27Q4n2IZ?nOwy5)j>L=$fZ@qLWOd$AB7k^L&d566;$-#frwMulCx=ZMJz2)B6H<2k_pL z@v1C7{{O%K^JV1hYajMGf#J8j*!u*RN3pN@u-`2GJ3ZJ(#>8La!#*XZ`lGzqN5CKR zW8W+P6`$}C#@oK^PCwQEajJc1AYXB4-zfSa_1`m(n`7Gd^GE#MaD2_XeXH!7*5VDK z#XmWh;Nms^=r{boR~`CsM1N}jz$;|$>iL9R?zL{(Nd7L(@O|}z7xh2w1M}W@@AbE8eyZ@p z{ST}8$Bd3QtA3^EhsVfM9>LeTJ|n34O)D4g)c;E1yCOgQbu`Fd*I(CP*I(D$*Z&Lv O0RR6seUTghh5-OlnY>~E literal 0 HcmV?d00001 diff --git a/assets/yugabyte/yugaware-2.18.6.tgz b/assets/yugabyte/yugaware-2.18.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..56f78ded9de82e7f37ae8ec2ed63d39f522f6d85 GIT binary patch literal 24335 zcmV)AK*YZviwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcf7-g1Fg$3`VEn1~pj77r5C{U@XRt10VZ;7 zyqF+|z6aPdMur zAVmPC)XD%bx9A8=rZ%-)8vz%a#K+GB{ROz1_L1ixiU`0SxN(uwVC3QW*?4Ff(6$#~ z=;5i0OhEAv(GiDBF++I*u!H=9z_bYUtp1cD6PS>~J|sxZj4&hfh*FmnbGi9^t}Y~^ zs(~jN%V2c$Kf@WM&?A~UwCHHspAzI5*rCXwtZ;6c(?4h*3Lp0i|3i-Qn)aWwqe6yp zNIQi=CeU&yv>fD-VnzXI0xi1;2z17Xj{Y}>1OS2=8sa0ka7^eycN$h3K0w=s>9x-A z40`4WI-rhBa{(?{(M*E9W^rc9{Moa5`zMh9GiXl{`5_8mz5LJb?G^Tu@;`sD_e=i& zjAsX&q5+)R6bJ_3vdU))HM0YnBZ~lwFcEZIy;hi9fRqV=fo1aor^v9OhrkSa7VO)I zF!9kxz=eb$6Ic$#V1cI|plIUSkRqaHGJ~mYvpIA#L!M`us0gyz%+iaDHGxCK^%9;; zuv14vCWRLKBLF*~fhc7%HU60)K;Ys%_%ekH)xrQvpajqn0-j%th}xph(6#|@j&R79 zW7t!Z!Ddx_f`}5C3;-T-F<}yZQS_V1`SK$d(M=Q%6DkG(cWT?W*tU#C5nK#vnBIDb zAcx9N4PP zC&i8eG?o7^r};1R!@Q~=d{lLfz0Mc-L@-x(#D;xj`#(nr+H@oeGjmEXt?UC6z;o=G zVULBi!+&{5ARo+!FH=OQ`~`sFPKzL$&&r<@G~tr2!1-EG?$*PPiz=d?Wsu`39R-Bk z*#Xy#I(Pt}X<7_@Xai{DIWj@%rrrS9vxb&K7!MhcaQ-&%#I?~Q@X$iVGo=!lvLn>e06{wS5COzRhBdGZ zF82)^PtAxm&jymeTgjc0Ru|?uf+q5cAp1$Fm+xBTMpL;s%?eRwo?674a!2B1Y7P;V z8~_>!1qSgrFwnURg$&rn>q?~xo}|+aze^aJ*2p1KPMs8FhzilAm#JclxiFg zfCfyA2%G&L;u3uV$4s6(1OZ|>1{VhuQZ$&_4Mc&(%R)hAt~`wqGN(2I=#hFb5OXRx z$8$789Ys62HnW_Y7sA7k1Rj+?L>fWW-$%s8iTjea4S&9E)51EE8? zWD_IITa2JO;$zDTurK!~$8QNAH#T!z>(*&jS zbdli>feiMv2A6%rtT-DynbfMDZ}gzK|OVZ37_-?ae3n~cI9)| zz>b3q%I!!eC?5<~uvoyyhsh3yPy|iJCd~EXMh$Zh@Z3?w#N_}4maNrKp<#~}!G2*c zALzH>o6ist9$8`=pXisTCnX- zDi|&$XV{)jg!ix`#7|qisWOv=0OmeSpkqSjH1N?z%;t)glqOak4T|e@gog&mLym!R zL*yV2Qe;MoDbTfYGhNN+b2|bjWu_|z_I!0HC4>|-Ve8_JA}wDr?G3#8Vo_S< ze%iNhim#9qY7>P)kOOBkO|;ZOKIB0U#pnVEV%^CJEd5oL$oei5Z)v8OXE_sW6?TB{Db_d7*MD*`8vQzzK@t8!Z7l6X!E)e8$PM}kO>AJ zo&ZVMQi5v$Frv_WJ!$&C!N(5=+6e4`L(P=mJmjGH2^wGz6+ynhzv}z`S7;BhXVKB5 z2AK!z5c6h)FeAEx~ygSj7Hy+6EAG`;99}BF^ zeqQHAI8<3^j1~>+i6NsEK5|1XSi5qu2^z?ldKO&(ZW=yPR>0dJX@yG?aY3-D7+9{p z=ZJ*JU!g~u%lL0(6EPVVx`+dE=HV$br)?&?eG$eGWhRF7Y8cKonjxD_QdxyBuxNVt zqQu<>e?={OyfMgo4-aw$Ot87U&eBKa{Hnu&C4Rl&I&zd zb23#R|9lT-2mB8{L~LyMkI*9Z2T%;$1T$wklkxh{kOHp3Ek}#{RJ?5_5Epm~OukaZ zM+G@}Ivg=OV`3486E7_mu>=%3Y3tY)`t8JWn2q*cSX4rzGeb1o?(&Jim&ybXIhY)a z_uN+Ty_TT|-4PLDq7;lRk(Qz;Bw)y;574@h9bl$9SG62leDm1cRk!u;G^Q#D&!ATed|PDdt1QH>m=~ASKnHq{KVOk}`_ zJ6FNX{pad&j(KH|sdh$G*MIAdVPKrSUYxj-|6RXPnO;-I_ z(w!5Td*GHawV?-|u!91P_``ar_~V}FqK}sBqQ9(sI`u4P*a)Cs3>_T2EWT0$py8q~?D=fZMBZn!aYTg`$PtYjgg*gS(V%1rEEn0tFW-4|OiYQ-8JvZRAX~_0 z!rDGNoC-|>9U9rP5=*ikbP=BqgiBn+;BbTAX12aJwGm%X=gQ201QGBqsuC5kRl@Xp{o+n4bu*aPh<*=1fP z??H_f3hY3?6UVF%b=HO8lZPmB7%`g`BcU*=zf6(G>`G(mG2ef|%v}F<6+Sk2S4k1< zi%od{Q`5Ji_B67}7Gb(MrL&P38paQ?zN+ge=OHq+DIb!)4V|%XS>S=RFXiGKm{QBO zoO;pe#XfU-|0cpV)$bp`P2@t_T+!$+DrOy{saFOEqEivR~9zHiFxtw_59K!?>=sZCUAWq~73B+mNMmXZ8`3`7X@7E!m8 zZ-zwwWG(VN4rcPskj+<*A~+T!jMmg$!jAkr(|1aD`gsF?f7( zv+1+Ec^FPfm0JvAhhG?%V&~1ko`($X&qtaGR)AO$3OxoYB3}Z}=sxhm*nHp)2L=;t zT7!jHZ<%NeslvJvzg zFu@-GFpUjwfI?jCslnP+T&{;ZLiu1zC=~DenpU-xe-#bXg{~vrf(0;{#{*34A*W7P>)-bg) zB}_i!fspJnd=7lBm#@pmjq>l{bLsrJ-uxXXiif5IDRRkAQJD4g*$)8yz4)1b_#M!Z zhv!Vai>(6B!=Aq&gJ#H~!rOJwJkZNL#?m3klS{R%sBDGnJT)Vc6+x+eWWXswAcoGs zhC`-cNwhX!(Bpf$kT7*BwmO(uD6oH*R%1%Vr{f2LqF6JT0`bgT%1{2hEWu<79&16k!c8Kw_W8fyUUu za~qjMX77uQbg9QC$h4*t9&i7@V*^q`p)t-)9TRzkGR?z=-jAGASVss`Wr)hY#YSE^ zK>Ht|@o}K%KOi|W7`UDoTt41J#sV>dEtt{Za}}ptf{|Dc#c=S30US^sFhD(QP7PLD zgl3|7NS*h=)}+rTVmn0!dHG9#G6Yu5{FeLn?UzCbo;3MCLbi*%R}lR2Sug+f4~4yC z{QrI-|119gr#wvlgPAocau1kI5xQ{E(S(u37@;EI^Mz}P@}tWpD3dr240lYVT$be& zHXSVofo!nC&kARO5`N~hRTT#g`DU})7M4cz008)dx!R5a4)*w;)}%2V46H|xRYG8h z35;*wG6KOMLcnihFtzOk_%emIkOa_mIqGVrg9LP5p0YMrH$sKNSJ5J-H1F`hLbfS% z6t~!Y6=f0dPR3)M)*7rV6IDzA?W&oJK_Kcm5NX*lv!C|E1KIRg!G2vUp(4=SR;4_q!3Wz0SE!EvA54g(Df{b4nX!li1HsK zn}81+yq#)QuX0vG8Yc$ zV>%KG=I=v1!_lK~=$jNiQT*r|KbR;yUKB@XW&8Y$&eD*x+1TSH#Q*`oXP6(Y-V1tP zJOb~A%w}c(Q9X>QKhp&6YOs31SYsDt{hHa`2w-af98AGGG;!%71x#Y7{HiOlI@$~) z(z?%iDX1*N-lFYrUgWZAB~n^W0P`i;JBr1^-ZP2J#qjQKDs09?F91#9Fb+BF?SGIW z69p+fPV_8}%&SO%*vUAtf+{)vM~VVbIXr(SE6S;_F3o9CJ~EB{Q*Xg^maC&f-=c}1 z_Dd1Ye5U%PwwdnZt}NEg%k0w8#q1U{W{IogZBRH&=h@91yM{&2 z5Czx+e$X$tJqr#xWyFaqpakBoIB3qjUFO&3M5X`{QAu+9`oV`C{x>5Ba;WmLuy=Tn z|FEYokNFVM8_$ojyp=6xfo})d$lx_56mQfkw1}HO)&RUiUsxk^f7?croOq)rM z=FRC%k?(iSkTC7VBE$gAeLJ3rEe^~NQrR}Zwh3GrxRtRSLZNNTXb!$tA}}xoVoU_4 zk|9ORq?QXh(8L1$*W$sf5AGG&aD9V8S6;#fBS|K9$AmP&92G(M$M$juA!mZGKN zw#xdMyn-Lu@bYe14sg*##%pZBnYU>2V;PgfH4%@UVB{$trI+OdF_E!UsU$~hZS%{u ziQheWl(dN^E@#?^Iro1YZqG%qi#58t8X89^wTYO7mgDcDi5UMSFh6OIt?a|Q6;sG% zY_Yp_AAaaed+u-sGchvVe$G%nXCjwI$QbkE(&FH;Lr8D#LDxkdK+eqau)`zQ!_725 z5P5l48w^&BkdCNd=0NMRcs9-!KFt$nU1F-%A3r(q-#G}pV^-Lzy1{XgU7+ngt2jSN z61s$Oe~Wt4z?)0+=VJU8ugXKX(mcV~KxE_|avOOfUI@hwdx~h)mt6vb^j=N+tP)6DB_V z=*tQyY_NxP86_?5SN@1aW*;Zt8rU}R*3U=;Jil{m5cDg%KQPrhsYXVvPdkIz`BCT+ybnuqA0PvztQXys)chiJu|i(GdN`? z^8ic`h0G5u1}R{JC7zWT68wAxB2htxxQHKmCV{uc4+sQu>DxE3vy=|uNF12h8tWIJ zYxx-u9Nz(6QA;?-%x_EY5kuCOm#Lk4#vp`J=eznewG>uBq=tBQzbsNZ4vwCQ&9PdL z$$Bo564(PE8L@QCNnv=1)_n9M{{Mw^7Yy*6TP~Ag(U$jJhcrogpKeh7@U2aZ5CXQElonc8+XtZm~V7uEtlG19jlc9}7T$Wf5Z z(8fd65Bv@R#xk-6vX#*!XX7EsW@NHj@YPQ)C}Oo#k-zrn&DYzTM)Ry*ZuCx1#5!ek z`UMf>@wB{wq2fbhZ;!H(AzfK9o2cnxj~=b9$hTVM8fvgpgT91QZz-P~$ja1l*;SZ+ zE*ACQvk{Oh%IWzJJb%9KmlZQLUUcf&N7)CnZxnsxzu3iGF8k)I*;k|RzGaK?mkil& z*+fY(GT-6_d6tJ{!{Tj>?qN!Z6k7Wk`=g`YYLx5Ca7E}}wA}4+qtUskpDy!AC=6^o zHKVI+0;-F=K@XZUi(pSRJ!^)%qb&A@>WF-?%|1t2y*xcBo$_zlv}z%VMWx~dO^U39 zB1@#!5*cVtWj^SOLDeF}a)w9IOd;`Rd;(<&OobRwW>tY8mQ;mPidVN3mXk?%>hI42#t;l7*x4Xog+p(@&63-9U$lZ?fP-q`VZm zLo~Ln;E&i5LfC_dFpuEkH!<~W)`E;Z&A$1%=&RA@zh#Su+M$*cdA^gi#d697Idp44 ziVs6x(W6G0EnTJip)Y0#LMEG>;3$?6iOk`|MV=~>^4zAi70G!e zN|8iep7U)}RbD8-MT8JZe(J#~9rXs->+y?JdXg+FI5GX!mxx^CFp#{Br6)7jt^k&P zb4v&;avjnN2+hAe@^&;g6g>*_11q*xml%jrS8GaMd zDsd&tiZaozh}IAh)qB2mumMg`Yz-*ij@SSyC>DZ>xRcTAzE%N>l}UvX`mD9(zNNUe zK8T2%+Z5jKbMx6%8B|LRK;ak>@BvT^bWL8JB$7@dI(5Nmts$$-p+&j85NbCv$Mt=` z-j+5%L>S4i4s}E*>BST6CAIg8nu(y3BN5at9L!`Ki<&T3xY;qVY<~U6*MK&qM!f<8 zSDmX|;thfV02mmLEfjenFHCW;1DH!G4ij@Q6pxV;obczTw0Tw%=mU{iWGv#}-se9) zd$YDnylghsUT4IwY?T?{I4l`B*++hoYfh~wQ1K$6k2b;MkxcCMd9!&dvQ6?lJA~gy z=s%46ZrHaZ@Gy)i(g+6q1)EZm*gTZi8i*4$@)rRFQi}|%ASob_l}gwnO>aslGX29b z$wmb~B!;M&NM9ifQ4FAAAeTmlOyuoRQ^uo2yn)hWWwJ|M{1);M??{Y?aD>T(J$vh+ zf%S;^T17UO{XO_7j}C>Mi!ycExgr&Oi;~&T(#lE_IhrJAc*sN!wV>_a(@DgQkaPqL z4-=w@vrIvrwE&{D=}0Mr5Uz$q5I(2Wts*+Yrs&gIxtV0r zOS|F#rj$eJC!yY%mO()_*jrBIT@m}u**eA?dtNS^+_YP{Uni-W-Q5L$0LOBeFamiH ziQ|lHbol|iJd)gJf#fv`ArHKZy0hsyL&9tts)x)Gq^gA(F5kYr@?L>E3@)(!tM3(r zT~+*heN{5@w+eRtJ=eFKTpyB=*ltD?D33tF0C^sIw5SkWh6!@+uqOfaY&;|)k)JgH zpTWO_?3;Hs0m?CW^Y!-Z^tgFkD|f!_X2I{^KmQYaUjBS@eab)ojRT?L?hy7MV}wCg zq(5cy{q~ICaVNxMv^G<)(Z)i{+ZqJ---sj^{PsuTPvY?OIRb=Q#&`kx78S?Gd7|I| zjK~EYUX~K(88j`A-`*;tu11%$)w4;Bc?&Bq=A1ul<4 zfo~4NCMqH_h5ki?BO)WPnApDD9NM_=Uwq5uCcma5 zSXeFcm%0|Z!_?^tc)Na^AQwqNqW;EEd;9#V9x|}U3?qeq z2%&7p#?t2u#wfhHg1H`m;(Iu;w*>MBknX|3vda8T4}A)X9n97m~P^U1vR{vk#Xg-iSVZpTWKSPK4|zSl^z~hh@|t0XM%ck#Pfp}`Q*x)N z=gNx=eJW)$k+m^?kw&BoZ~1j!pMQTFeaXyVhLnw{4>k5x0dM8!o;bbPBNS57n-XO9 z7$=jj;ibl+1i!KP=>KKkslV+ii@w7C&3=2k6<7nh(6H#@1)#(J7;=k$RmXxffjz^W z_IUF49zh0nOwyy6Li?+WP1)M&euPlOr3pQG?^TZ=>UU!k7=g3GXn>S7Y>`JZtO4ce z--2E$eyXlqK`r<@d_4zKL~?BI7LIGAkcK1AE(0drOchfZl_tW6`55YluM&WfFzdGLn)|G$uEn ziwPXE5h*wR7@>EBHY%AJ#Y62-k4$XA9z73n$&l9M4ruth4bhc)Q4tW#d}RYV!Wr)M z7l2rff#h2UQ_x?49+$_xp7ez6MY#Ja(3iyW#nb1kUn8;*4Y&pxqQ@fOWX#6C2)YOe zMUW+MhD;74n*b18pjiajH+ptG8ZI`!7X!u*FK$0zsPDxhijvpznxY*l`oWgW^d4l{lv_c}ZKmWxr5NC>bfeCao zORUuEF{i5+X_x^QEYf?Y{?~2J?*+vKPee5wpZbbR;+f0m+P&NLQ zTQ5>88;sLGwy-ke)81zlhWQ3flV+T*k@|tbx=nk(bojrH4qqkT;|lieMq@KHHNoc; z0IGPkAQVlQ{87Jt^|erV>HW8F#gE!Y?d|V>>RkUJTL0Hf`2=ODS}^S{XdRbznX!t$3`UN8FMO5 z?H-&4EF zWSRnp$f2t{yVNzN%2G8D10LII_Ft~vHI}5vg@~xXsSgA@Z`1J2vSL3TkpP7_N!APW z6J+DLuWrSiFMg77ZdQ>A#&ndp)`lzVo=9AdJfNxip4iwDw**r}UMBxJc*C8(*uwMy z#kI!iGEd1al z7^gvgHHP58d8EgW!8-~1)ex8VQx#2`Nr>N%asue9F^7cPuwnmI5oG{h8_5zhMz6&J zF_5o~=*e_2KpuHjOeM_MMzxA2l~)tDahR`$sys^H^N@k8Sqj|m$2b-At4RVMI`yDK zCRVB+^-|2^uwNZ@pD->o#)$qPs!QNMj_yAM`y})qMtkJFmMlqw{Nt$p`gq4czpkYr zrVle_UfDK!<%tWe#Ro~G|3hIP}IinoZUO*+((h`FEQTl?R> z%dP!uk9@SJ%@G0vY}?$iv0jh)=8m!G{T3{KQ7jhH z<#mBC>teE*cZ+`S^Z(cT{kPrTyZFDGi6N78EZmnZGX7kQEdy;vIsem8?vd%_j~?HZ z+5Mlbke~3}2W!#a`v*jS8@=JVhTrI$LN@bf=dS(ry!=VY|16Fn$)i}Wkp+6g{Xcn4 z`>=HX&;I_e{Leq**_8kJl~2pYcWGw_VP5Qb(tjV! zlpt>dAXa1(7(e6L22ebUQ#z=41o_5pzO;AG?o>RL$riWmZ@TnX`AiDa^NPiV3oBzQ!wm%Z<^3^Utv0W^KM`{ z>nbW-J7<3rSKBM-5g9z-1t%UZl29o!9~-0DTX^ab%HE z{%K+-2o<#k;LTTA{aXSnffG;gCQ=!?3xEflCpk+5iKZ4IE{4m-bp;P)(>^$8-s2xL ziG~|;bRsFP@POxs3Wr*ZQ*GR&cS%eO1sj&caDV>d1i;9>Df!5suQT-cM%F z>N@+Nym@Cb8TMcQL3Wo&5VY)|`7;|0$hs0Ee-=ff@;Hcu_$O+Z~nucPqW38@i z2)ZswZHz*S22-1??O9}ezN78*PVy7b$tGg}BdxCJyU!r&+fQ7spN5VRUbDX*r&#kL zR?q6Y*x{Q%cUxYHP8A=4^>d=X0QV=yY-)&pgZmS3dJeyZe)X04%)6& z7n{%H#n+lw&q6XSanc&tE5zONy1*!tLyyQ<#iQRh@pHt0HcG;L7EhxYa+asF=;%&N zR*MXA0e~Qa(zeD(WSa#pd$BrpgbgUw#%&B3VExTkL@Piex6i#tzq5 zBxm5s#G<(Z+~3m=4?pDhKJFhJ927o&fFJrs-Y_*|Z(rNb5AwzU7L5HD4O!|$iz?;V zWKR>o-@(_bCE^Cl;3pcnf1bPY&u1y8lW%J)IhJnzS7gc$e^SN7Bn`EP*5!iWs52+bOHc8m3%ST_R>AGisZAY zCGX=AHH*N{H6^d#=I{7T^s!dL>XE7+wdI=PqGP{!G+~-63mj@o+br8Kk+@+e{VHKe zEPms?xB)P74`TEtyYwpAYYfd3XhX+9UUoOU9&f3*7CbYAtK8zoJ)~=KqDugRkQQuJ`{6 z1^wV4dH!#2Pyglr{fy_i=l`JVl8Ct?S*7vpn5Mt9oRvbPwha|L#PckZ^d&t1>#K!n zfq--pNMzJFgs4^xBDzP&7?UZ#MQdOUW9R0?5jXHgZA!T62_)zi(h@HBj zAApQte*b_>C+qBK7n@0izs4v{mJYQ0$0fg!J$8&_+uBI0(3DvpH)ALZu0_sgApUo3 z^|tmZtGqnie*%Z-c52(=Kx5=~$fcEJc?Eh1orx6)i7&6gjy0Qv=3kW^ zKnvP`N6=)3JRS(+A&~w1k*?-7g==nQntow0sh~ zRe5Jq>E~b*HRR+D3q{|inYgi9Azy9XD#bSPq9!#r`@)ye3o-dAl=O-b#3Fw5NAcxZ zWO%|3Ivxxx$D$E>Lir|S8rJdSrMDp1*E^ju2fJa6kU6z2XLvDmaPYePh>R)E6&%ZS z5hZ35d6T7dJ6znBA6*ZL9ryTmR)XKNJAjrw^^hX2BvJc_!o(gA>t&)Y2*PcO;KEt@ zIOF6=V}TgO0v6CeM!E4>=u_-s8xI$MD$YxMBKFy1IqZe73KokA#U30+aSV6q+q`zk zhSntBYrb*6SxYYgUuu17MbB|fT)H^5ydwDeZFQ9(1ww$YhaZqZkr~G^vRfJ-F2g^1 znf%0_Etc1z>nB&j$8X(Dtr9L}Y_79P*ZT1*y*|dY zCk`bix%>rW@xdz$ygc*#U35vqb1hNQT2|%F`B9?8CPc)APq{qXe^$_9n-d3Xpst{T z?0@`f>!qHHKCdYBT&p6aLh70ISD}PFsJvb0Qx5#DpuoD4DWknhGV zg_HZ7l<@vKCHscrZCQRwjkku@#}(D&$5 zJlD{LUv^WM7$lBaM6L=NPKD2>1|fWLU}0om+FtClVTVJc=aX1-g2uUHg*7DMuI}>| zMh2VilL>Upq(*z&hh(&LH@jjaU;UAowuTFGa+RhR+1C>o=iC`zUtz@#TB*}tONqd}s*u1_I7E1+C!%iJzx*3ElxXj}5 z8?2)P3O;8IH~SuBw;m5(c;k@7GIyqE7T=|<;;BOu$$mH6^#Dv*y<0B(S7V+6b&bCq z2fEzDxREpM->$Rdzi*m78_U(HaB}JBvQH@uZgL;ut;S2QALu{PT3e+}q!N*N?1FxX zjCDcIIp0>wf~s4zwX{xr?>WWj+n|>R z%ZOGyJV{#G!e_fe3mM)Xf4(EHY5Wmpd^CAw8ooD;=2^Ym=v~wT6xWuKu>ww9^sqqsu)2kAW1`Q=587Pe`$7jr(hb5RqTZh5x7NO6YXY`juyuIj?( z#g45O#a<@*SBm_E;7<6&+ez&U$D*$)vJ(KGDX+g@i$zSxKz0k`aM%;hcrNOe$1K8x ztWFBpgaBD1U%9EXBw?fQdaaAoba-1?^h@sS68y98g)c1r)CPW}Fk7P4GX=}if^cH? zCsucsX0(yw`Y&hUSeGk0fl@SvPdqX9A-bL1%I!ee2*-bv0 z0d7OZJ zL4k=8ao$pqtP>grB0Nc|%p}AbJUw|22Z*K{kz9V&}HOnlo}&9yrl_;%+tICm$7cQ?wAyX(J<6uGZUeamd&FKy{D z{b`zTg|jwH_0v{+YI`ZYNn_mS`-a zYG17G2Vy1+r0Cd29<5L9AJ!e7^>ck^l0}}`l`X<6;|Gae7+<;EZ&8@vTa9we2~4n~ zhoE`m*vXriSM)TwF3FHr{F^TamW_@!hk7hkm&2!0V)j)R($Ue1Stp9mQD4$g;oh_Y zU29z-+ZrHaVc2MW!ycl@;UQJjnxLcTS?B0@%0f+RlCs9HC|{wiFgy50Ai!Ya_A_Ruw)rM5)!FSm*GRt^?B)MV{{t$gC}Ku8ti@70-8u?fo)3 zwp{*wu3fj9#*uTi&o>-WDz7mcR!JN1Ior3KK&@uqXO+{Kz~M@A#YvfUn}|E0gdNjj zRru}Y{BE8RBFJAjv=~2;_lzDP4_Jh6J8AEjNxd5bhdrQcnx?<=bCFW>RDw6|IQ`n% z_)|LZ*W23gkw3n@?KR4!db#JPG_ zE&ucD5x#G1YID&ydMWMx6#D;ca=hHb{xes+ z0lgJ@PlB(>WG8>Q^jZJ(PfGqTiU<||eWeu8o9=%+C@kgw(zU%``M-X~lbXcw7Mssa z*38)DxjDW3O0S#PYbk?Oc7*JSN=CU6#^Y=e@K*gyOKI7Vw$6l<4CP!>9YF`bYmsQ_ zEQtc%2BF4pqi+>tM1TK1x?*G_k0Xv*R=g#_douWXG8wS=Vs$snHRX^CrsE3)lcrx%REEQ21_Dv~kDfQuCr27p zi{KA`6h@HTdT3xhg6z(}XSW{|)^9gu9XqwWns!rVkm{cUdZ$(_8xi#krQ8~t26Q(a zs@zxqE2h=`r+HH3zf89F)9wM(9xLI0(es79rTbqB`@iJ>&v;e}?Ax^TdC&C<{H2qX z*Aj^D-+$fia{ZNZ=C7(ed{0J1`d6`u0&k>_pvi+ZZX9Fn?GS>DB^wey({SX?n$)vP z^$ zHt%?+oaGK9W5|CSZVu;+)huvM0jQRKY2t(6W&UOl(Xi$Ptz;un2%NXxXrDBLHbJ zqkzvB;_~}cS`s{>rzQ9Q_6qr5>%Twc`6d7VA>{w) z+43L!_s^5$fB%aM!GGZ=kpF=yRA+K2=Czi8H~Rkv+S2{s`Tbw(zdz;K0XL=FAl%SK z^4=C6jTpqeW<>BpMqF1WXKfLDnZgB|oJ#?y%Cv7~_YJVEJe`FF@h2 z2z2G+M^!&K(D(QB4|#DMU#v8HBVyQ*)7px@r+6b|f8b38!FA7RY*tWpUDYCu1k<39 z!z6l4EtB#3kT0}~OesY$fHpyyO!7FaxD=L$Q^;t#Ov$`BPf#VkrAHv$h7ab-?Ik( zY+|2>;vidg3AzZsiByc-fEV^k1bl_kE{NF)x|3Zg{^D^!mKRQQ|Gnr9p`PW0X9FZz zmdPQqtEA#0_SgB&-EvQtDrQ%9l)_<35A*82s;ipP*Z22+OsC@QZqpkIhpW30o&!wj z&BdUG>8*zda_HvXY(Si~1l(j(+jJmOGn=3ta;9PAHg;+9o;C$!kL@{JkVHpi!3A~G|jgN2uJPnARdu3m0aHJe$*bMb5ZS19KMgUBVEDG`exemcPsT18=h z97Q@oe+g)HC%;><2ZBN3xSd{KqK4(ZX#Q=d?0hm_+-@!I!YbjuEi*7I&dtyLWvVM3W(nKCdoHlWSE zzxJpw98=m|KPu5mt2!eyZW@rLGFn5U*A2Z?Z<&`(>*TcFzHBvG-OD?z(yH@s8ZC|W z%SNkv+Ah~l?>=?UyIN(h(Yie8YIeJ6k7l)e?Vy=A7p=~n*U}E>HyyKPmNl)fw`Xu~ zR57)Bz0-29`?`Ax&$|!Jaiv~w&9Cn4%899U%k_4xb~mn^-!&`kdaJT$YOYm(vcGiN zW}%yvo{$K}W7C)cUA3Xgq#RBo5`LbFw`n{)T3UXFa* zGtcVfcC*>KJgIBt$9AiIV(yt&_hVxp+V&@Oc4$?#!o1nCFYh$_%Ux@~)XmdJct+j& zlf73hU!JsD?X%Lja?;dlC*7yfi6~oh8tk{$KB=}INuyagxqhnO-n1{C8snN>(`)%^ z>+!z*X>{6{JmO}@z38;?V_UD(+7n|2t&jQo`S=Px)tk-9y;dDpuJ0Z$G_!J9xysw+ zPV=M&o0nd_GrBa|-9ocs-qy6yxO3ia)HHfuJ9}(&JC$~OT(2}+^uE=p-L*=Gcb(Jj zxIcI2-FCOxs<@5zL;JjTUVCho?N6;rW!!9=7jSZTao2g&;l$oI&n`)$ec5Vt%(|WmbTGPzOdaGWom(5Y_Q@zzGSM#MYt#`&XdQ-03aBSbSn$;(G*2*_eYua6Y zbW(RlmsQ=J-{*Bw*XX?eWL~vDT{c>0dZ9W#d}^Lo>PGWq-z>M=SDJm+J#*d8dHD*S zUtXh1U8}W5=heOHUbj{2z-IlEX?Jgt-9Bqs^s?Wn+jmbV^=|Xz6FS?sx^}l!buPzk zi{4%971;hX>NLu2+Hp>94Q-sip1Tv{X=GpNCaK!ywDaj+Z#IYf)z0{_TdwbQtwXzd zYFf3t_ITH>Uzw+M+B~b<=F(3kRyk|t-P7vn=)h*iM($y|2t#kXnHQAqEYmaA*W_x;xO+&M(35*-Qv*ew20o;D(&vsXxur|ukOb6TD5X=Z8*cH z)>-@J{-I9pox7(-vvSex=y&zg6WkqBt5Y!#pgpqM&C5Hpb9ZGvbSF*C{M0jHONwrhR*Yd``d0Mwy&hb;f+-_WJhqbC!xxLrT zdcRYd-JIL)ySaN}YVDJ|PUWUu*3asn%!^jrF1PKAc~iSAbz1GSW=qo=566Yh*~fY7 z>|QsT_D!SHwW??Li~3Xdi=kI=vvpD6@}pC~H1$fiG}cS^t;&{l%YNO8skKYjduF{p z)=!vB>OPG2>Xk~jF{ZQ5czhMg$H!8uRVjD#=H=bEa#Ei>dY$&=*nB$Hx|73MGk+V2~9>9sB*WDT8CC+Y|iWD?nT|AxO?YL@AYoIbJlgM7Co;$oOJHB z$7#1*C!NY@(m(B9-!w>}THfD>em$hbRgga-NUVXTn+&h=h(9MeB)b~1N z-K*wZuVi=kTkYe$>e)D7J1^_qv$ofL8sYn=3$5{KRB7350w;%`s(Jgg*)+Yr)_#O% z`hI)to}ts)W3_GKex*D&pK9Yy+pXTUYjwlEziMf9_d0)h)_JhM+2cJt?pj;sjZD>jd6FsZ=V!e z$L@LUto77-IKlmV&FMc~Xm|O?o4dSzU+q**S`)Hw=T1&5MCA(g)KUHeYeAm9to6YvPzGpT^&4%Ni+?==d zuIAo1$F$QKKbE?-3u~Q%-W(s2n{(5>X}7PTe$sAr3iF$Dyw~p3?%SvJ{jPI&)jc=8 zzSDI&r}bI2V&j%myQ`hMx1H0<0qQ*7^q)pw>ZhZ6&2H9hJ*syfMpx!1d)heL$0fTmYTFg3S$50l z{AAH>cH6b_e%b5{^?SWds;zF*=+sKBv&!wg_Nd)yZL8fG?i=H~NBD4ZVUFugv(=h4 zo2`8F%+*_G=2_P+UsW52kLZ(q+8S3LjC`%saN5=Thx()Osov`6_i4A?-D~P6C;g`r zQu}oBV3ZCojfZ;EXqxk?R;ylX<9SoVdZRpgFedkV=H6weF?8?Ro#B(&(y#lS_IdlX zzCfp@*Rk)O?w(FQA!pQTX*M=AyL;2p^VN2pBD+$kmR;{|a=2&YYxl5q?-`%Qv)0(& zZ?%V4(uS%u$9Ka!t=(vs?XyO!cG51lxczi}hmU@QxmZfI>^57Bk$T`=9};v>0LbA- zE_YX1kz zx+iz-+UcEMott^nfqN(1vbyUWGE1~xue9}c$8Fb3hfeLOa&ez0SB(c#Yb*}i=2^W} zZ`ri1wfCEyy3@D2@b1&-Q@up*uJea?4ZV&V&GHP|_DNqGS+H5Dv`@R2&52t_t;bQT zU8}%PC-?PF^=@tMK6OtkcC9sfGS0egdwj1OmCJUsUD-3v>Lv4OIJ-HuC&uZe+dpl0 z8cmzj?U8psvG@CXHQZ_1rRw>p+ie{>_gd{!ZG2d5JXQ3P-NyCt{^{MPlk4h}Icnx> zwY%2i(|zZ#-uzUnb(~9DZS6la&kpBz6MB8`m^Zbt?o?a#Nw;;s*Wc^f)iSNzwMP{= zsnhj1vkG1k+<8FxeT9eE3?)lw*+ddhYrEr(0 zrSPe{2c3)kt39_+duoq56?fD<8_(dLdr;NQYWv~j?#}wSU(@TF>9nnO z>#|mwXiu_d8>|37g8fl%~ z7tndT(?53?HRtlIJ~^DUDmAU2r;D4`e!e^2ulFmpPWz$qrLCLQW~F=Iu}8LX>^`*5 zFKI&`&hI*v(`KiAQE%0qt337kn)$_OR&aBy?KQRXUTs0gS9|7TqcYxWXsx|&xz@hZ zDwS5_@Tyxj?f%2)soinuy+$uelh&+ze*e^%=$(dM@z6tU*3!BU^{4KA-R_pq_|9vU z>l*4D*7|u;XqC-*vo-fx6LZn8*rnFPBfc4(B(gb=djTb^7@_>5mVce(Mq=`*M0y zsXn$U6|deNYn`*Iem!?Tb)8GSetPi)Puu7HNxR(|4-2((_u;PDE_B8yWg*Us$4-$zpg#B@2XDwyx*EX-F&Lo+IkJQ9s9s=?0mgEUQ{2d z`~N?C*Vdf4u4do+SESB)nR(c!BpH}ySDiW&uw^hD)+~y}NtwQ#GxJTnb5EOBNrW#gdk2ND&0%gYMIXH)~rBbnlr0GFC-W5EPjCOapSG zu(nc^2MXns%e(%aGP5dE^>n9a_%^V+A~VZ@wmt#|^%biRooBT`U$+BZcWsPSoMJi` zXgo~q-BQllD}pGIRu{U3W^GWJdx_WNf#NMrtCYvlqfSC=OL%!67XKTOg-NZMBMvJV=D#6pYPe zMoVcsO;qGgy!yBxAg7*%E5Dp?B7qmo6qaZ(CD4%swyj^e2a43uGpm^nwdL~dAgjl9 zTJEkir=9&* z9)~dF?Oel28&t%0`3|T)zv6r--AV)ubYVKHB3G6Jg}SvH>L9Bq^O0Wpjk{2W>ST%c zF^8?hxe-(%B!+4eK$ohR1JxHGZfLOHR7s|9Q~3_AxV^?_F9kyYu2 zHF~r>tUFJR%>XGbL@P<@tYR>pF92D4e0^9R$2nuvCJo=aY(5ZxcX8$T91LqMeUJd% zYFk{9kZ!3-WDwGA0`qEGkfRjtCS~L{3OS^~PNoP`Wn)45d=oTn7}b0uIjw!@9HgyB ztgO~S=^lMp4mF^`!pP^bz;{pE%U~u(y18EPvc086K2PmKuVp^hva{lPFwjw`v440*^rt`jJSDi=su5=%9+JhUQEks z#<_qlCPq>_y$Z3jfI`N=9mcgPVr&g`wLZ8&`^;9OM7G;Nj;}~bmQ1(?s|1Rga_E-Z zy*HymNV=2qdg0cN6C*MZ;4X$a>#WI*1yplwTyA8!bA5oX)M~u-?2mgNfzF3o1(?`c zL_I4jg8?{F2rpu*b3D@_6nyOcLwoC)in(EW$m|rkv&m3%FOzHDGpN)}%9NXxcpq?Q!Z}?>A&Io0y=%@F#47huNvpu7 zDyR?0hol!gN2GSbrJ>uXqPa%8P0V~qIgtVCMj4ICi`ISaW3Yyevn6W(Ixb3vSegf9VG$dVS zgGExc+a#7TMC06WR8d;eL26-73GBPFDg&I45<~4X zK@j8DNSlsFN?|PzZ9|XakP9^kKv%kWZg8AWm#Fdy5V1hCl%aDIOFWDVHI0~aMG?LA zWVK0fx>sejbWt?$`?M$MFl6?+^SOwoW#=uCzo%9XD4g7+W^`cU`WW#}WkU73nsiHJ zvey=&LbPROUJf+QsSAb;4QVYHfvJgG5(<=XI9Jwg$>e(BF#%kY`jlP5SPIV**S%+@ z$Eb92R_Q3l!by2I)uyxZ_;n}iPH-dlWkW~ICSForAA*?^WrgE%(wOZbQlRK9gh}aph5zU$Gv~`3$4LA_Gnta;T?ct^h~Mb_Rhw9Np0IJ&aY<<26IOmK6F{&L&~n6Xn^1MReTJ zlG2>6DIWKnK3-&q7iN7bZv zd2Jjwe4sDeeFC7Vkj8$AuM#0<3W_xYJ1&k}m|1P9D!iavguF?Q0^^ZF)kp_BBNk;J zo6#l;3CjvfBCy>EyBj646Vn>c7=VVxIpci_XgKdgT}?&kZdBtevJziW1m^-+osxPN z+oFo#WFK4OW5V*GEX8dm94{zoE~jJ8!%4s!YY_{*mKK>Lg~KHFyA)U3NKAUS&}9;~ zST?@FE5U=(Q3~cW75W1m;(~`N7N(;X1{tL@OoYMv*lMM&=bgT86|t!!Er_TMV*w{u zqQHk_=2$Tk>lDF(kYLD6v6Cg7CskFE9(z%lZ)0oTEr8%8RJFva@GRPMNU4&PPFFjV z&YT6YeUQ~3hZ>VyP#H(^Wjq0!az{E0x~6s=%wKHnm@q9q?`T#bvZTeZ6OD zgEQ)XquAiV8}~Pe2VZ$&eRrY33;(qf*LgaqZ`6KAF!n&;v^o&Nr)Qac2mEh~0bf@< z1N9rBD5!meI=Wxp>XyLvHI&Smqab`1Ui?bug1z0=}dTF-pPzkB4eKKFjF zIyr~N+YQcR(XKZqSUfX)e4odvd8KZBj_H0^=nWH9U{sGq;Q%&hFk_`S-AU)$lxag-+6|coWy(e{MSFWO|p; zHCcMU8@9c>Ot#B5Z*h9N!RG^bA1tV=EWZEyfB*4PIr} zIMm;Sj6QUK@uL5ygZ#YG%b5Fy3*Pg1`-teIOgs48$HnJPo`u;r>im}A`X$^y#MaXn z{91&4N%fzfT=h=e761VJ{b}m!exHun=T}cn@HYTX?>*e#+-B$9+xoey?fubj-!|3X zzv2lRPivk->5CEGcOUgrJwFBf<@K{+{+QWuvg=ns&z>VstsP%ueP%B6yH+mV=>HYq z&sF~N^JtLw%aik;A6#Gl=ke3*5AlCN2%%U0FQcFP|NoG(yPj(O=e);@>@@bxY*nK+O_m_*+?$?WGa`|YF^5Npk z*~!1Y?&jhm-fpwagZIj6OV&H9Zar!{wx3WkAM5m``q~A z?|*+hp7}5T{@*83vk#vkKK&x&&%ycSvHyLX&mIW>B&3g-@L6N}%c@!JF7AFze>CK0 z7kOiV@8O&~%D+5&?EV)Z@dmOp@5F6;y@_@9FTmpkqBrpW*%9$)`B{FJpXL8Y`M&@F O0RR6$kQ6ciwgCW6YemHX literal 0 HcmV?d00001 diff --git a/charts/amd/amd-gpu/Chart.lock b/charts/amd/amd-gpu/Chart.lock index df1448888..533c43af3 100644 --- a/charts/amd/amd-gpu/Chart.lock +++ b/charts/amd/amd-gpu/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: node-feature-discovery repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts - version: 0.15.0 -digest: sha256:35fafe91e8fe2c76d852ca87cfece3ce6475d9b0719284757e2f093f4be1cac4 -generated: "2024-01-15T04:05:45.773461678Z" + version: 0.15.1 +digest: sha256:946597a8562956f1e563f07ced1d906d550a641d30cb0e6e5532449f6eb640d6 +generated: "2024-01-26T03:50:06.036231897Z" diff --git a/charts/amd/amd-gpu/Chart.yaml b/charts/amd/amd-gpu/Chart.yaml index 2116fb80d..6d9b03e83 100644 --- a/charts/amd/amd-gpu/Chart.yaml +++ b/charts/amd/amd-gpu/Chart.yaml @@ -4,15 +4,15 @@ annotations: catalog.cattle.io/kube-version: '>= 1.18.0-0' catalog.cattle.io/release-name: amd-gpu apiVersion: v2 -appVersion: 1.25.2.6 +appVersion: 1.25.2.7 dependencies: - condition: nfd.enabled name: node-feature-discovery repository: file://./charts/node-feature-discovery version: '>= 0.8.1-0' description: A Helm chart for deploying Kubernetes AMD GPU device plugin -home: https://github.com/RadeonOpenCompute/k8s-device-plugin -icon: https://raw.githubusercontent.com/RadeonOpenCompute/k8s-device-plugin/master/helm/logo.png +home: https://github.com/ROCm/k8s-device-plugin +icon: https://raw.githubusercontent.com/ROCm/k8s-device-plugin/master/helm/logo.png keywords: - kubernetes - cluster @@ -23,6 +23,6 @@ maintainers: - name: Kenny Ho name: amd-gpu sources: -- https://github.com/RadeonOpenCompute/k8s-device-plugin +- https://github.com/ROCm/k8s-device-plugin type: application -version: 0.11.0 +version: 0.12.0 diff --git a/charts/amd/amd-gpu/README.md b/charts/amd/amd-gpu/README.md index ef3dbbc73..c94f53dd6 100644 --- a/charts/amd/amd-gpu/README.md +++ b/charts/amd/amd-gpu/README.md @@ -1,6 +1,6 @@ # AMD GPU Helm Chart -![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.6](https://img.shields.io/badge/AppVersion-1.25.2.6-informational?style=flat-square) +![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.7](https://img.shields.io/badge/AppVersion-1.25.2.7-informational?style=flat-square) A Helm chart for deploying Kubernetes AMD GPU device plugin @@ -34,7 +34,7 @@ Kubernetes: `>= 1.18.0` ## More information -https://github.com/RadeonOpenCompute/k8s-device-plugin +https://github.com/ROCm/k8s-device-plugin ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml b/charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml index b85993272..7efeace98 100644 --- a/charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml +++ b/charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.15.0 +appVersion: v0.15.1 description: 'Detects hardware features available on each node in a Kubernetes cluster, and advertises those features using node labels. ' home: https://github.com/kubernetes-sigs/node-feature-discovery @@ -11,4 +11,4 @@ name: node-feature-discovery sources: - https://github.com/kubernetes-sigs/node-feature-discovery type: application -version: 0.15.0 +version: 0.15.1 diff --git a/charts/amd/amd-gpu/templates/labeller.yaml b/charts/amd/amd-gpu/templates/labeller.yaml index caaeec0b2..4f4fd22b2 100644 --- a/charts/amd/amd-gpu/templates/labeller.yaml +++ b/charts/amd/amd-gpu/templates/labeller.yaml @@ -1,5 +1,5 @@ {{- if .Values.labeller.enabled }} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cr-{{ .Chart.Name }}-node-labeller @@ -8,7 +8,7 @@ rules: resources: ["nodes"] verbs: ["watch", "get", "list", "update"] --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: crb-{{ .Chart.Name }}-labeller diff --git a/charts/amd/amd-gpu/values.yaml b/charts/amd/amd-gpu/values.yaml index 2f9c9a581..361afafdc 100644 --- a/charts/amd/amd-gpu/values.yaml +++ b/charts/amd/amd-gpu/values.yaml @@ -10,13 +10,13 @@ dp: image: repository: docker.io/rocm/k8s-device-plugin # Overrides the image tag whose default is the chart appVersion. - tag: "1.25.2.6" + tag: "1.25.2.7" resources: {} lbl: image: repository: docker.io/rocm/k8s-device-plugin - tag: "labeller-1.25.2.6" + tag: "labeller-1.25.2.7" resources: {} imagePullSecrets: [] diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index a31d99935..1b38f39c8 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/changes: | - kind: changed - description: Updated documented default value for application.instanceLabelKey. + description: Improved documentation for various ingress setups artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -11,7 +11,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 -appVersion: v2.9.5 +appVersion: v2.10.0 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -33,4 +33,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.53.8 +version: 6.0.5 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index 88280075b..e8369d23b 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -64,7 +64,170 @@ applicationSet: replicas: 2 ``` -### Synchronizing Changes from Original Repository +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +certificate: + enabled: true + domain: argocd.example.com + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + hostname: grpc.argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect" '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + hostname: argocd.example.com + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + +## Synchronizing Changes from Original Repository In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -105,15 +268,38 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Please refer to [ingress configuration](#ingress-configuration) for examples. + ### 5.53.0 Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() ### 5.52.0 + Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. ### 5.35.0 + This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. @@ -399,7 +585,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| apiVersionOverrides | object | `{}` | | | crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | @@ -516,7 +702,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | -| controller.args | object | `{}` | DEPRECATED - Application controller commandline flags | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | @@ -575,6 +760,7 @@ NAME: my-release | controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | +| controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -686,12 +872,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | -| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | -| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | -| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | -| server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate | -| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | @@ -744,28 +924,37 @@ NAME: my-release | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | | server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | server.ingress.annotations | object | `{}` | Additional ingress annotations | +| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | +| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | | server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | -| server.ingress.extraPaths | list | `[]` | Additional ingress paths | -| server.ingress.hosts | list | `[]` | List of ingress hosts | -| server.ingress.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration | +| server.ingress.gke.backendConfig | object | `{}` (See [values.yaml]) | Google [BackendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | +| server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | +| server.ingress.hostname | string | `"argocd.example.com"` | Argo CD server hostname | | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | | server.ingress.labels | object | `{}` | Additional ingress labels | +| server.ingress.path | string | `"/"` | The path to Argo CD server | | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| server.ingress.paths | list | `["/"]` | List of ingress paths | -| server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` | | server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] | -| server.ingressGrpc.awsALB.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | -| server.ingressGrpc.awsALB.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | | server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] | -| server.ingressGrpc.extraPaths | list | `[]` | Additional ingress paths for dedicated [gRPC-ingress] | -| server.ingressGrpc.hosts | list | `[]` | List of ingress hosts for dedicated [gRPC-ingress] | -| server.ingressGrpc.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.hostname | string | `""` | Argo CD server hostname for dedicated [gRPC-ingress] | | server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | | server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB | | server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | +| server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] | | server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| server.ingressGrpc.paths | list | `["/"]` | List of ingress paths for dedicated [gRPC-ingress] | -| server.ingressGrpc.tls | list | `[]` | Ingress TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` | | server.initContainers | list | `[]` | Init containers to add to the server pod | | server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-cd-server container | | server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | @@ -837,28 +1026,6 @@ NAME: my-release | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | | server.volumes | list | `[]` | Additional volumes to the server pod | -### Using AWS ALB Ingress Controller With GRPC - -If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. - -Example: - -```yaml -server: - ingress: - enabled: true - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internal - alb.ingress.kubernetes.io/target-type: ip - ingressGrpc: - enabled: true - isAWSALB: true - awsALB: - serviceType: ClusterIP -``` - ## Dex | Key | Type | Default | Description | @@ -885,7 +1052,7 @@ server: | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.37.0"` | Dex image tag | +| dex.image.tag | string | `"v2.38.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -967,15 +1134,33 @@ server: | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | +| redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter (optional) | +| redis.exporter.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.13-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | +| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.metrics.enabled | bool | `false` | Deploy metrics service | | redis.metrics.service.annotations | object | `{}` | Metrics service annotations | | redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | @@ -1003,6 +1188,12 @@ server: | redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods | | redis.podLabels | object | `{}` | Labels to be added to the Redis server pods | | redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods | +| redis.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | @@ -1032,7 +1223,7 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | @@ -1042,7 +1233,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | @@ -1077,7 +1268,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | -| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | @@ -1101,7 +1291,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | -| applicationSet.extraArgs | list | `[]` | List of extra cli args to add | +| applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | | applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller | | applicationSet.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the ApplicationSet controller | @@ -1111,6 +1301,18 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller | | applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller | | applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. | +| applicationSet.ingress.annotations | object | `{}` | Additional ingress annotations | +| applicationSet.ingress.enabled | bool | `false` | Enable an ingress resource for ApplicationSet webhook | +| applicationSet.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | +| applicationSet.ingress.hostname | string | `"argocd.example.com"` | Argo CD ApplicationSet hostname | +| applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | +| applicationSet.ingress.labels | object | `{}` | Additional ingress labels | +| applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | +| applicationSet.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| applicationSet.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` | | applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod | | applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | | applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | @@ -1166,15 +1368,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | -| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | -| applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks | -| applicationSet.webhook.ingress.extraPaths | list | `[]` | Additional ingress paths | -| applicationSet.webhook.ingress.hosts | list | `[]` | List of ingress hosts | -| applicationSet.webhook.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | -| applicationSet.webhook.ingress.labels | object | `{}` | Additional ingress labels | -| applicationSet.webhook.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| applicationSet.webhook.ingress.paths | list | `["/api/webhook"]` | List of ingress paths | -| applicationSet.webhook.ingress.tls | list | `[]` | Ingress TLS configuration | ## Notifications diff --git a/charts/argo/argo-cd/templates/NOTES.txt b/charts/argo/argo-cd/templates/NOTES.txt index 1b6267969..f2dbdfab3 100644 --- a/charts/argo/argo-cd/templates/NOTES.txt +++ b/charts/argo/argo-cd/templates/NOTES.txt @@ -1,133 +1,3 @@ -{{- if .Values.controller.args.statusProcessors }} -DEPRECATED option controller.args.statusProcessors - Use configs.params.controller.status.processors -{{- end }} -{{- if .Values.controller.args.operationProcessors }} -DEPRECATED option controller.args.operationProcessors - Use configs.params.controller.operation.processors -{{- end }} -{{- if .Values.controller.args.appResyncPeriod }} -DEPRECATED option controller.args.appResyncPeriod - Use server.config.timeout.reconciliation -{{- end }} -{{- if .Values.controller.args.appHardResyncPeriod }} -DEPRECATED option controller.args.appHardResyncPeriod - Use server.config.timeout.hard.reconciliation -{{- end }} -{{- if .Values.controller.args.selfHealTimeout }} -DEPRECATED option controller.args.selfHealTimeout - Use configs.params.controller.self.heal.timeout.seconds -{{- end }} -{{- if .Values.controller.args.repoServerTimeoutSeconds }} -DEPRECATED option controller.args.repoServerTimeoutSeconds - Use configs.params.controller.repo.server.timeout.seconds -{{- end }} -{{- if .Values.controller.logFormat }} -DEPRECATED option controller.logFormat - Use configs.params.controller.log.format -{{- end }} -{{- if .Values.controller.logLevel }} -DEPRECATED option controller.logLevel - Use configs.params.controller.log.level -{{- end }} -{{- if .Values.server.logFormat }} -DEPRECATED option server.logFormat - Use configs.params.server.log.format -{{- end }} -{{- if .Values.server.logLevel }} -DEPRECATED option server.logLevel - Use configs.params.server.log.level -{{- end }} -{{- if has "--insecure" .Values.server.extraArgs }} -DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure -{{- end }} -{{- if .Values.repoServer.logFormat }} -DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format -{{- end }} -{{- if .Values.repoServer.logLevel }} -DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level -{{- end }} -{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }} -DEPRECATED option server.config - Use configs.cm -{{- end }} -{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }} -DEPRECATED option server.rbacConfig - Use configs.rbac -{{- end }} -{{- if .Values.configs.secret.argocdServerTlsConfig }} -DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret -{{- end }} -{{- if .Values.configs.gpgKeys }} -DEPRECATED option configs.gpgKeys - Use config.gpg.keys -{{- end }} -{{- if .Values.configs.gpgKeysAnnotations }} -DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations -{{- end }} -{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if .Values.configs.knownHostsAnnotations }} -DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations -{{- end }} -{{- if hasKey .Values.configs "knownHosts" }} -DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts -{{- end }} -{{- if .Values.configs.tlsCertsAnnotations }} -DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations -{{- end }} -{{- if hasKey .Values.configs "tlsCerts" }} -DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates -{{- end }} -{{- if .Values.applicationSet.replicaCount }} -DEPRECATED option applicationSet.replicaCount - Use applicationSet.replicas -{{- end }} -{{- if .Values.applicationSet.logFormat }} -DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format -{{- end }} -{{- if .Values.applicationSet.logLevel }} -DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level -{{- end }} -{{- if .Values.applicationSet.args.policy }} -DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy -{{- end }} -{{- if .Values.applicationSet.args.dryRun }} -DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun -{{- end }} -{{- if .Values.controller.service }} -REMOVED option controller.service - Use controller.metrics -{{- end }} -{{- if .Values.repoServer.copyutil }} -REMOVED option repoSever.copyutil.resources - Use repoServer.resources -{{- end }} -{{- if .Values.applicationSet.args.debug }} -REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug -{{- end }} -{{- if .Values.applicationSet.args.enableLeaderElection }} -REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas -{{- end }} -{{- if .Values.controller.containerPort }} -REMOVED option controller.containerPort - Use controller.containerPorts -{{- end }} -{{- if .Values.server.containerPort }} -REMOVED option server.containerPort - Use server.containerPorts -{{- end }} -{{- if .Values.repoServer.containerPort }} -REMOVED option repoServer.containerPort - Use repoServer.containerPorts -{{- end }} -{{- if .Values.applicationSet.args.metricsAddr }} -REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts -{{- end }} -{{- if .Values.applicationSet.args.probeBindAddr }} -REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts -{{- end }} -{{- if .Values.redis.containerPort }} -REMOVED option redis.containerPort - Use redis.containerPorts -{{- end }} -{{- if .Values.redis.metrics.containerPort }} -REMOVED option redis.metrics.containerPort - Use redis.containerPorts -{{- end }} -{{- if .Values.apiVersionOverrides.autoscaling }} -REMOVED option apiVersionOverrides.autoscaling - API autoscaling/v2 is GA from 1.23 -{{- end }} -{{- if .Values.apiVersionOverrides.certmanager }} -REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22 -{{- end }} - In order to access the server UI you have the following options: 1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 @@ -139,7 +9,7 @@ In order to access the server UI you have the following options: - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts -{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}} +{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d diff --git a/charts/argo/argo-cd/templates/_helpers.tpl b/charts/argo/argo-cd/templates/_helpers.tpl index 97ba5c259..4898172f2 100644 --- a/charts/argo/argo-cd/templates/_helpers.tpl +++ b/charts/argo/argo-cd/templates/_helpers.tpl @@ -173,7 +173,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration) Merge Argo Configuration with Preset Configuration */}} {{- define "argo-cd.config.cm" -}} -{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}} +{{- $config := omit .Values.configs.cm "create" "annotations" -}} {{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}} {{- range $key, $value := mergeOverwrite $preset $config }} {{- $fmted := $value | toString }} diff --git a/charts/argo/argo-cd/templates/_versions.tpl b/charts/argo/argo-cd/templates/_versions.tpl index 5d65fcd6d..966dad979 100644 --- a/charts/argo/argo-cd/templates/_versions.tpl +++ b/charts/argo/argo-cd/templates/_versions.tpl @@ -5,16 +5,3 @@ Return the target Kubernetes version {{- define "argo-cd.kubeVersion" -}} {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} {{- end }} - -{{/* -Return the appropriate apiVersion for GKE resources -*/}} -{{- define "argo-cd.apiVersions.cloudgoogle" -}} -{{- if .Values.apiVersionOverrides.cloudgoogle -}} -{{- print .Values.apiVersionOverrides.cloudgoogle -}} -{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}} -{{- print "cloud.google.com/v1" -}} -{{- else -}} -{{- print "cloud.google.com/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 5ebe00b3f..615b56f9a 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.controller.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 9ebe80ad1..7b6df7820 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.controller.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml index 6d1d3e2f2..c08a4a344 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -13,8 +13,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: replicas: {{ .Values.controller.replicas }} - # TODO: Remove for breaking release as history limit cannot be patched - revisionHistoryLimit: 5 + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} serviceName: {{ include "argo-cd.controller.fullname" . }} selector: matchLabels: @@ -66,38 +65,6 @@ spec: - {{ . }} {{- end }} {{- end }} - {{- with .Values.controller.args.statusProcessors }} - - --status-processors - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.operationProcessors }} - - --operation-processors - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.appResyncPeriod }} - - --app-resync - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.appHardResyncPeriod }} - - --app-hard-resync - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.selfHealTimeout }} - - --self-heal-timeout-seconds - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.repoServerTimeoutSeconds }} - - --repo-server-timeout-seconds - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.controller.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} @@ -122,6 +89,18 @@ spec: name: argocd-cm key: timeout.hard.reconciliation optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -236,6 +215,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -254,6 +245,24 @@ spec: name: argocd-cmd-params-cm key: controller.kubectl.parallelism.limit optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml index 655e8f196..96fc38044 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -17,7 +17,7 @@ spec: strategy: {{- trim . | nindent 4 }} {{- end }} - replicas: {{ .Values.applicationSet.replicas | default .Values.applicationSet.replicaCount }} + replicas: {{ .Values.applicationSet.replicas }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: @@ -65,20 +65,6 @@ spec: - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} - {{- with .Values.applicationSet.args.policy }} - - --policy={{ . }} - {{- end }} - {{- with .Values.applicationSet.args.dryRun }} - - --dry-run={{ . }} - {{- end }} - {{- with .Values.applicationSet.logFormat }} - - --logformat - - {{ . }} - {{- end }} - {{- with .Values.applicationSet.logLevel }} - - --loglevel - - {{ . }} - {{- end }} {{- with .Values.applicationSet.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} @@ -210,6 +196,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.allowed.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/ingress.yaml new file mode 100644 index 000000000..ad2db8654 --- /dev/null +++ b/charts/argo/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -0,0 +1,64 @@ +{{- if and .Values.applicationSet.enabled .Values.applicationSet.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + {{- if .Values.applicationSet.ingress.hostname }} + - host: {{ .Values.applicationSet.ingress.hostname }} + http: + paths: + {{- with .Values.applicationSet.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.applicationSet.ingress.path }} + pathType: {{ .Values.applicationSet.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" . }} + port: + number: {{ .Values.applicationSet.service.port }} + {{- end }} + {{- range .Values.applicationSet.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.applicationSet.ingress.path .path }} + pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" $ }} + port: + number: {{ $.Values.applicationSet.service.port }} + {{- end }} + {{- with .Values.applicationSet.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} + tls: + {{- if .Values.applicationSet.ingress.tls }} + - hosts: + - {{ .Values.applicationSet.ingress.hostname }} + secretName: argocd-application-controller-tls + {{- end }} + {{- with .Values.applicationSet.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index 81020f54c..c6333f883 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }} +{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: ingress: - {{- if .Values.applicationSet.webhook.ingress.enabled }} + {{- if .Values.applicationSet.ingress.enabled }} - ports: - port: webhook {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml deleted file mode 100644 index d98f94237..000000000 --- a/charts/argo/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}} -{{- $servicePort := .Values.applicationSet.service.portName -}} -{{- $paths := .Values.applicationSet.webhook.ingress.paths -}} -{{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}} -{{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} - {{- with .Values.applicationSet.webhook.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.applicationSet.webhook.ingress.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - {{- with .Values.applicationSet.webhook.ingress.ingressClassName }} - ingressClassName: {{ . }} - {{- end }} - rules: - {{- if .Values.applicationSet.webhook.ingress.hosts }} - {{- range $host := .Values.applicationSet.webhook.ingress.hosts }} - - host: {{ $host }} - http: - paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.applicationSet.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.applicationSet.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.applicationSet.webhook.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-cm.yaml index 829a67769..c0c8bc86f 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -1,4 +1,4 @@ -{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} +{{- if .Values.configs.cm.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -6,7 +6,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }} + {{- with .Values.configs.cm.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index 982867f92..f94113a26 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -5,13 +5,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} - {{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}} + {{- with .Values.configs.gpg.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}} +{{- with .Values.configs.gpg.keys }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index c882cb394..f9b62f760 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -1,4 +1,4 @@ -{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }} +{{- if .Values.configs.rbac.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -6,13 +6,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }} + {{- with .Values.configs.rbac.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }} +{{- with (omit .Values.configs.rbac "create" "annotations") }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml index 4561440a7..9e25e376e 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} {{- end }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }} # Setting a blank data again will wipe admin password/key/cert data: {{- with .Values.configs.secret.githubSecret }} @@ -38,10 +38,6 @@ data: webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }} webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }} {{- end }} - {{- with .Values.configs.secret.argocdServerTlsConfig }} - tls.key: {{ .key | b64enc }} - tls.crt: {{ .crt | b64enc }} - {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }} admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index a7f3abdf8..845d219db 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }} + {{- with .Values.configs.ssh.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -13,11 +13,7 @@ metadata: {{- end }} data: ssh_known_hosts: | - {{- if hasKey .Values.configs "knownHosts" }} - {{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }} - {{- else }} - {{- .Values.configs.ssh.knownHosts | nindent 4 }} - {{- end }} + {{- .Values.configs.ssh.knownHosts | nindent 4 }} {{- with .Values.configs.ssh.extraHosts }} {{- . | nindent 4 }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 6a5a95e54..fa6e74330 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -5,19 +5,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }} + {{- with .Values.configs.tls.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- if hasKey .Values.configs "tlsCerts" }} - {{- with .Values.configs.tlsCerts }} - {{- toYaml . | nindent 0 }} - {{- end }} -{{- else }} {{- with .Values.configs.tls.certificates }} data: {{- toYaml . | nindent 2 }} {{- end }} -{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml index 927d30a05..793bb5d35 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -10,13 +10,42 @@ rules: {{- toYaml . | nindent 2 }} {{- end }} - apiGroups: - - "argoproj.io" + - argoproj.io resources: - - "applications" + - applications + - appprojects verbs: - get - list - watch - update - patch + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch + {{- if .Values.notifications.cm.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get + {{- end }} + {{- if .Values.notifications.secret.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get + {{- end }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml index 2ed9f1e8e..f9b766f4a 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml @@ -91,6 +91,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/clusterrole.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/clusterrole.yaml index 21dff1a92..e6efa08a7 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/clusterrole.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index ba156d241..f15b1cec4 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml index 2a18df6c8..2d232591e 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -74,14 +74,6 @@ spec: - /usr/local/bin/argocd-repo-server - --port={{ .Values.repoServer.containerPorts.server }} - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} - {{- with .Values.repoServer.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.repoServer.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.repoServer.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} @@ -201,6 +193,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -249,6 +253,18 @@ spec: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir diff --git a/charts/argo/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo/argo-cd/templates/argocd-server/aws/ingress.yaml new file mode 100644 index 000000000..940ed4278 --- /dev/null +++ b/charts/argo/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -0,0 +1,71 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }}-grpc + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo/argo-cd/templates/argocd-server/aws/service.yaml index e9032f92b..376699e38 100644 --- a/charts/argo/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/aws/service.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} apiVersion: v1 kind: Service metadata: annotations: - alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }} + alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }} labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc @@ -21,5 +21,5 @@ spec: selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None - type: {{ .Values.server.ingressGrpc.awsALB.serviceType }} + type: {{ .Values.server.ingress.aws.serviceType }} {{- end -}} diff --git a/charts/argo/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo/argo-cd/templates/argocd-server/clusterrole.yaml index bd10316b4..f4877980e 100644 --- a/charts/argo/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.server.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -31,7 +30,7 @@ rules: - pods/log verbs: - get - {{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }} + {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" resources: diff --git a/charts/argo/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 27fd13d6d..1e5a98fa7 100644 --- a/charts/argo/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.server.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml index a09b56565..6de12319e 100644 --- a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml @@ -27,6 +27,9 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -65,14 +68,6 @@ spec: - /usr/local/bin/argocd-server - --port={{ .Values.server.containerPorts.server }} - --metrics-port={{ .Values.server.containerPorts.metrics }} - {{- with .Values.server.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.server.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} @@ -284,6 +279,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -296,6 +303,24 @@ spec: name: argocd-cmd-params-cm key: server.enable.proxy.extension optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo/argo-cd/templates/argocd-server/gke/backendconfig.yaml index e2ae3d844..cd040c906 100644 --- a/charts/argo/argo-cd/templates/argocd-server/gke/backendconfig.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -1,11 +1,13 @@ -{{- if .Values.server.GKEbackendConfig.enabled }} -apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }} +apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.backendConfig }} spec: - {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} + {{- toYaml . | nindent 2 }} +{{- end }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo/argo-cd/templates/argocd-server/gke/frontendconfig.yaml index 316875969..d8b3b1ea1 100644 --- a/charts/argo/argo-cd/templates/argocd-server/gke/frontendconfig.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -1,11 +1,13 @@ -{{- if .Values.server.GKEfrontendConfig.enabled }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }} apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.frontendConfig }} spec: - {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} + {{- toYaml . | nindent 2 }} +{{- end }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo/argo-cd/templates/argocd-server/gke/ingress.yaml new file mode 100644 index 000000000..31d98e103 --- /dev/null +++ b/charts/argo/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + ingressClassName: "gce" + {{- if .Values.server.ingress.gke.managedCertificate.create }} + networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- if .Values.server.ingress.gke.frontendConfig }} + networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ .Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 942c6b3f8..569063be0 100644 --- a/charts/argo/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -1,12 +1,15 @@ -{{- if .Values.server.GKEmanagedCertificate.enabled }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }} apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: domains: - {{- with .Values.server.GKEmanagedCertificate.domains }} - {{- toYaml . | nindent 4 }} + - {{ .Values.server.ingress.hostname }} + {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} + {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo/argo-cd/templates/argocd-server/ingress-grpc.yaml index b671f86fc..bfa9a2423 100644 --- a/charts/argo/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,8 +1,7 @@ -{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} -{{- $paths := .Values.server.ingressGrpc.paths -}} -{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} -{{- $pathType := .Values.server.ingressGrpc.pathType -}} +{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} +{{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -24,50 +23,43 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.server.ingressGrpc.hosts }} - {{- range $host := .Values.server.ingressGrpc.hosts }} - - host: {{ $host }} + - host: {{ $hostname }} http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} + {{- with .Values.server.ingressGrpc.extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ .Values.server.ingressGrpc.path }} + pathType: {{ .Values.server.ingressGrpc.pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" $ }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + {{- range .Values.server.ingressGrpc.extraHosts }} + - host: {{ .name | quote }} + http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ default $.Values.server.ingressGrpc.path .path }} + pathType: {{ default $.Values.server.ingressGrpc.pathType .pathType }} backend: service: name: {{ include "argo-cd.server.fullname" $ }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.server.ingressGrpc.tls }} + {{- end }} + {{- with .Values.server.ingressGrpc.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingressGrpc.tls }} + - hosts: + - {{ $hostname }} + secretName: {{ printf "%s-tls" $hostname }} + {{- end }} + {{- with .Values.server.ingressGrpc.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo/argo-cd/templates/argocd-server/ingress.yaml index a142bb666..627f56b9e 100644 --- a/charts/argo/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/ingress.yaml @@ -1,8 +1,6 @@ -{{- if .Values.server.ingress.enabled -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} -{{- $paths := .Values.server.ingress.paths -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $pathType := .Values.server.ingress.pathType -}} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -13,78 +11,59 @@ metadata: {{- with .Values.server.ingress.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.server.ingress.annotations }} + {{- with .Values.server.ingress.annotations }} annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }} - alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: | - [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] - {{- end }} {{- end }} spec: {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.server.ingress.hosts }} - {{- range $host := .Values.server.ingress.hosts }} - - host: {{ $host | quote }} + - host: {{ .Values.server.ingress.hostname }} http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} - {{- range $p := $paths }} - {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} - - path: {{ $p }} - pathType: {{ $.Values.server.ingressGrpc.pathType }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} backend: service: - name: {{ template "argo-cd.server.fullname" $ }}-grpc + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.server.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: service: name: {{ include "argo-cd.server.fullname" $ }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.server.ingress.tls }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + {{- range .Values.server.ingress.extraHosts }} + {{- if .name }} + - {{ .name }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo/argo-cd/templates/argocd-server/serviceaccount.yaml index 12f571fde..a8efe1e5a 100644 --- a/charts/argo/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- range $key, $value := .Values.server.serviceAccount.labels }} + {{- with .Values.server.serviceAccount.labels }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/argo/argo-cd/templates/crds/crd-application.yaml b/charts/argo/argo-cd/templates/crds/crd-application.yaml index 034015741..9869efbbc 100644 --- a/charts/argo/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo/argo-cd/templates/crds/crd-application.yaml @@ -330,6 +330,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for @@ -658,6 +664,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -1103,6 +1115,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps @@ -1421,6 +1439,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize @@ -1892,6 +1916,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -2224,6 +2254,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -2700,6 +2736,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations @@ -3049,6 +3092,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations @@ -3513,6 +3563,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -3855,6 +3911,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -4341,6 +4404,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -4683,6 +4752,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources diff --git a/charts/argo/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo/argo-cd/templates/crds/crd-applicationset.yaml index 8d7409e57..02623f6c3 100644 --- a/charts/argo/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo/argo-cd/templates/crds/crd-applicationset.yaml @@ -255,6 +255,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -465,6 +469,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -834,6 +842,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1044,6 +1056,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1417,6 +1433,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1627,6 +1647,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1980,6 +2004,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2190,6 +2218,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2567,6 +2599,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2777,6 +2813,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3146,6 +3186,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3356,6 +3400,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3729,6 +3777,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3939,6 +3991,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4292,6 +4348,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4502,6 +4562,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4865,6 +4929,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5075,6 +5143,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5618,6 +5690,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5828,6 +5904,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6366,6 +6446,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6576,6 +6660,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6943,6 +7031,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7153,6 +7245,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7530,6 +7626,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7740,6 +7840,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8109,6 +8213,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8319,6 +8427,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8692,6 +8804,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8902,6 +9018,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9255,6 +9375,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9465,6 +9589,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9828,6 +9956,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10038,6 +10170,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10581,6 +10717,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10791,6 +10931,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11329,6 +11473,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11539,6 +11687,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11910,6 +12062,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12120,6 +12276,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12480,6 +12640,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12690,6 +12854,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13233,6 +13401,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13443,6 +13615,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13981,6 +14157,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14191,6 +14371,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14633,6 +14817,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14843,6 +15031,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -15002,6 +15194,8 @@ spec: - metadata - spec type: object + templatePatch: + type: string required: - generators - template diff --git a/charts/argo/argo-cd/templates/crds/crd-project.yaml b/charts/argo/argo-cd/templates/crds/crd-project.yaml index 0a6da4f0f..388014693 100644 --- a/charts/argo/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo/argo-cd/templates/crds/crd-project.yaml @@ -14,7 +14,7 @@ metadata: app.kubernetes.io/part-of: argocd {{- with .Values.crds.additionalLabels }} {{- toYaml . | nindent 4}} - {{- end }} + {{- end }} name: appprojects.argoproj.io spec: group: argoproj.io @@ -99,7 +99,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -107,8 +108,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array diff --git a/charts/argo/argo-cd/templates/redis/deployment.yaml b/charts/argo/argo-cd/templates/redis/deployment.yaml index b3182245f..94c445c8f 100644 --- a/charts/argo/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo/argo-cd/templates/redis/deployment.yaml @@ -72,6 +72,32 @@ spec: envFrom: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} ports: - name: redis containerPort: {{ .Values.redis.containerPorts.redis }} @@ -82,8 +108,10 @@ spec: securityContext: {{- toYaml . | nindent 10 }} {{- end }} - {{- with .Values.redis.volumeMounts }} volumeMounts: + - mountPath: /health + name: health + {{- with .Values.redis.volumeMounts }} {{- toYaml . | nindent 10 }} {{- end }} {{- if .Values.redis.exporter.enabled }} @@ -102,6 +130,28 @@ spec: - name: metrics containerPort: {{ .Values.redis.containerPorts.metrics }} protocol: TCP + {{- if .Values.redis.exporter.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.redis.exporter.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.readinessProbe.failureThreshold }} + {{- end }} resources: {{- toYaml .Values.redis.exporter.resources | nindent 10 }} {{- with .Values.redis.exporter.containerSecurityContext }} @@ -139,8 +189,12 @@ spec: {{- end }} {{- end }} {{- end }} - {{- with .Values.redis.volumes }} volumes: + - name: health + configMap: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + defaultMode: 0755 + {{- with .Values.redis.volumes }} {{- toYaml . | nindent 8}} {{- end }} {{- with .Values.redis.dnsConfig }} diff --git a/charts/argo/argo-cd/templates/redis/health-configmap.yaml b/charts/argo/argo-cd/templates/redis/health-configmap.yaml new file mode 100644 index 000000000..fd0ecff7d --- /dev/null +++ b/charts/argo/argo-cd/templates/redis/health-configmap.yaml @@ -0,0 +1,35 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index 58560eb59..146dac34e 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -11,9 +11,7 @@ kubeVersionOverride: "" # Override APIVersions # If you want to template helm charts but cannot access k8s API server # you can set api versions here -apiVersionOverrides: - # -- String to override apiVersion of GKE resources rendered by this helm chart - cloudgoogle: "" # cloud.google.com/v1 +apiVersionOverrides: {} # -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles @@ -442,16 +440,6 @@ configs: # insecure: false # caData: "" - # DEPRECATED - Moved to configs.ssh.annotations - # knownHostsAnnotations: {} - # DEPRECATED - Moved to configs.ssh.knownHosts - # knownHosts: {} - - # DEPRECATED - Moved to configs.tls.annotations - # tlsCertsAnnotations: {} - # DEPRECATED - Moved to configs.tls.certificates - # tlsCerts: {} - # -- Repository credentials to be used as Templates for other repos ## Creates a secret for each key/value specified below to create repository credentials credentialTemplates: {} @@ -533,12 +521,6 @@ configs: {} # LDAP_PASSWORD: "mypassword" - # -- Argo TLS Data - # DEPRECATED - Use server.certificate or server.certificateSecret - # argocdServerTlsConfig: - # key: '' - # crt: '' - # -- Bcrypt hashed admin password ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` @@ -595,6 +577,9 @@ controller: # Additional replicas will cause sharding of managed clusters across number of replicas. replicas: 1 + # -- Maximum number of controller revisions that will be maintained in StatefulSet history + revisionHistoryLimit: 5 + ## Application controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -627,22 +612,6 @@ controller: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- DEPRECATED - Application controller commandline flags - args: {} - # DEPRECATED - Use configs.params to override - # # -- define the application controller `--status-processors` - # statusProcessors: "20" - # # -- define the application controller `--operation-processors` - # operationProcessors: "10" - # # -- define the application controller `--app-hard-resync` - # appHardResyncPeriod: "0" - # # -- define the application controller `--app-resync` - # appResyncPeriod: "180" - # # -- define the application controller `--self-heal-timeout-seconds` - # selfHealTimeout: "5" - # # -- define the application controller `--repo-server-timeout-seconds` - # repoServerTimeoutSeconds: "60" - # -- Additional command line arguments to pass to application controller extraArgs: [] @@ -944,7 +913,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.37.0 + tag: v2.38.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1182,7 +1151,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.13-alpine + tag: 7.0.15-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1198,7 +1167,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.53.0 + tag: 1.57.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1215,6 +1184,35 @@ redis: drop: - ALL + ## Probes for Redis exporter (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter (optional) + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + # -- Resource limits and requests for redis-exporter sidecar resources: {} # limits: @@ -1244,6 +1242,35 @@ redis: # - secretRef: # name: secret-name + ## Probes for Redis server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + # -- Additional containers to be added to the redis pod ## Note: Supports use of custom Helm templates extraContainers: [] @@ -1405,7 +1432,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.13-alpine + tag: 7.0.15-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar @@ -1413,7 +1440,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.53.0 + tag: 1.57.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false @@ -1934,29 +1961,47 @@ server: # -- Automount API credentials for the Service Account automountServiceAccountToken: true + # Argo CD server ingress configuration ingress: # -- Enable an ingress resource for the Argo CD server enabled: false - # -- Additional ingress annotations - annotations: {} + # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke` + ## Additional configuration might be required in related configuration sections + controller: generic # -- Additional ingress labels labels: {} + # -- Additional ingress annotations + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + annotations: {} + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # -- Defines which ingress controller will implement the resource ingressClassName: "" - # -- List of ingress hosts - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: [] - # - argocd.example.com + # -- Argo CD server hostname + ## NOTE: Hostname must be provided if Ingress is enabled + hostname: argocd.example.com + + # -- The path to Argo CD server + path: / - # -- List of ingress paths - paths: - - / # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls` + ## You can create this secret via `certificate` or `certificateSecret` option + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) extraPaths: [] # - path: /* # pathType: Prefix @@ -1966,17 +2011,70 @@ server: # port: # name: use-annotation - # -- Ingress TLS configuration - tls: [] - # - secretName: your-certificate-name - # hosts: - # - argocd.example.com + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http - # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` - https: false + # -- Additional TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - hosts: + # - argocd.example.com + # secretName: your-certificate-name - # dedicated ingress for gRPC as documented at - # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ + # AWS specific options for Application Load Balancer + # Applies only when `serv.ingress.controller` is set to `aws` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode + aws: + # -- Backend protocol version for the AWS ALB gRPC service + ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features + backendProtocolVersion: HTTP2 + # -- Service type for the AWS ALB gRPC service + ## Can be of type NodePort or ClusterIP depending on which mode you are running. + ## Instance mode needs type NodePort, IP mode needs type ClusterIP + ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic + serviceType: NodePort + + # Google specific options for Google Application Load Balancer + # Applies only when `server.ingress.controller` is set to `gke` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress + gke: + # -- Google [BackendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + backendConfig: {} + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argocd-secret + + # -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + frontendConfig: {} + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + + # Managed GKE certificate for ingress hostname + managedCertificate: + # -- Create ManagedCertificate resource and annotations for Google Load balancer + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + create: true + # -- Additional domains for ManagedCertificate resource + extraDomains: [] + # - argocd.example.com + + # Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts ingressGrpc: # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] enabled: false @@ -1989,32 +2087,27 @@ server: # -- Defines which ingress controller will implement the resource [gRPC-ingress] ingressClassName: "" - awsALB: - # -- Service type for the AWS ALB gRPC service - ## Service Type if isAWSALB is set to true - ## Can be of type NodePort or ClusterIP depending on which mode you are - ## are running. Instance mode needs type NodePort, IP mode needs type - ## ClusterIP - ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic - serviceType: NodePort - # -- Backend protocol version for the AWS ALB gRPC service - ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features - backendProtocolVersion: HTTP2 + # -- Argo CD server hostname for dedicated [gRPC-ingress] + hostname: "" - # -- List of ingress hosts for dedicated [gRPC-ingress] - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - ## - hosts: [] - # - argocd.example.com + # -- Argo CD server ingress path for dedicated [gRPC-ingress] + path: / - # -- List of ingress paths for dedicated [gRPC-ingress] - paths: - - / # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` + ## TLS certificate will be retrieved from a TLS secret with name: `-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: grpc.argocd.example.com + # path: / + # -- Additional ingress paths for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) extraPaths: [] # - path: /* # pathType: Prefix @@ -2024,15 +2117,25 @@ server: # port: # name: use-annotation - # -- Ingress TLS configuration for dedicated [gRPC-ingress] - tls: [] + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http + + # -- Additional TLS configuration for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + extraTls: [] # - secretName: your-certificate-name # hosts: # - argocd.example.com - # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` - https: false - # Create a OpenShift Route with SSL passthrough for UI and CLI # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: @@ -2049,38 +2152,6 @@ server: # -- Termination policy of Openshift Route termination_policy: None - GKEbackendConfig: - # -- Enable BackendConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [BackendConfigSpec] - spec: {} - # spec: - # iap: - # enabled: true - # oauthclientCredentials: - # secretName: argocd-secret - - ## Create a Google Managed Certificate for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs - GKEmanagedCertificate: - # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. - enabled: false - # -- Domains for the Google Managed Certificate - domains: - - argocd.example.com - - ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters - GKEfrontendConfig: - # -- Enable FrontConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [FrontendConfigSpec] - spec: {} - # spec: - # redirectToHttps: - # enabled: true - # responseCodeName: RESPONSE_CODE - ## Repo Server repoServer: # -- Repo server name @@ -2500,16 +2571,7 @@ applicationSet: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- DEPRECATED - ApplicationSet controller command line flags - args: {} - # DEPRECATED - Use configs.params.applicationsetcontroller.policy to override - # -- How application is synced between the generator and the cluster - # policy: sync - # DEPRECATED - Use configs.params.applicationsetcontroller.dryrun to override - # -- Enable dry run mode - # dryRun: false - - # -- List of extra cli args to add + # -- ApplicationSet controller command line flags extraArgs: [] # -- Environment variables to pass to the ApplicationSet controller @@ -2714,51 +2776,6 @@ applicationSet: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" - ## Webhook for the Git Generator - ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) - webhook: - ingress: - # -- Enable an ingress resource for Webhooks - enabled: false - # -- Additional ingress annotations - annotations: {} - # -- Additional ingress labels - labels: {} - # -- Defines which ingress ApplicationSet controller will implement the resource - ingressClassName: "" - - # -- List of ingress hosts - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: [] - # - argocd-applicationset.example.com - - # -- List of ingress paths - paths: - - /api/webhook - # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` - pathType: Prefix - # -- Additional ingress paths - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - - # -- Ingress TLS configuration - tls: [] - # - secretName: argocd-applicationset-tls - # hosts: - # - argocd-applicationset.example.com - # TLS certificate configuration via cert-manager ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration certificate: @@ -2800,6 +2817,69 @@ applicationSet: # -- Annotations to be applied to the ApplicationSet Certificate annotations: {} + ## Ingress for the Git Generator webhook + ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) + ingress: + # -- Enable an ingress resource for ApplicationSet webhook + enabled: false + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + annotations: {} + + # -- Defines which ingress ApplicationSet controller will implement the resource + ingressClassName: "" + + # -- Argo CD ApplicationSet hostname + ## NOTE: Hostname must be provided if Ingress is enabled + hostname: argocd.example.com + + # -- List of ingress paths + path: /api/webhook + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret with name:`argocd-application-controller-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http + + # -- Additional ingress TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: argocd-applicationset-tls + # hosts: + # - argocd-applicationset.example.com + ## Notifications controller notifications: # -- Enable notifications controller diff --git a/charts/bitnami/airflow/.helmignore b/charts/bitnami/airflow/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/airflow/.helmignore +++ b/charts/bitnami/airflow/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/airflow/Chart.lock b/charts/bitnami/airflow/Chart.lock index d37d9aca7..308272de0 100644 --- a/charts/bitnami/airflow/Chart.lock +++ b/charts/bitnami/airflow/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 18.7.0 + version: 18.12.1 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.3.0 + version: 13.4.4 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.14.1 -digest: sha256:5ccdd0a9b98fdac3ad60b2fe1fe5776e2aa267addd60501166de8166377bad94 -generated: "2024-01-17T19:54:42.562153805Z" +digest: sha256:49f55036d61c3a75346caddd96eb54503c4ba8afb6158614f16bb7a2a6dd034f +generated: "2024-02-09T10:01:48.735049564Z" diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml index 3320db34e..9a9cdc5aa 100644 --- a/charts/bitnami/airflow/Chart.yaml +++ b/charts/bitnami/airflow/Chart.yaml @@ -6,20 +6,20 @@ annotations: category: WorkFlow images: | - name: airflow-exporter - image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r443 + image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r448 - name: airflow-scheduler - image: docker.io/bitnami/airflow-scheduler:2.8.0-debian-11-r1 + image: docker.io/bitnami/airflow-scheduler:2.8.1-debian-11-r4 - name: airflow-worker - image: docker.io/bitnami/airflow-worker:2.8.0-debian-11-r1 + image: docker.io/bitnami/airflow-worker:2.8.1-debian-11-r4 - name: airflow - image: docker.io/bitnami/airflow:2.8.0-debian-11-r2 + image: docker.io/bitnami/airflow:2.8.1-debian-11-r4 - name: git - image: docker.io/bitnami/git:2.43.0-debian-11-r5 + image: docker.io/bitnami/git:2.43.0-debian-11-r9 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.8.0 +appVersion: 2.8.1 dependencies: - condition: redis.enabled name: redis @@ -50,4 +50,4 @@ maintainers: name: airflow sources: - https://github.com/bitnami/charts/tree/main/bitnami/airflow -version: 16.4.0 +version: 16.5.5 diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md index 758ac183e..53f03ceb3 100644 --- a/charts/bitnami/airflow/README.md +++ b/charts/bitnami/airflow/README.md @@ -153,7 +153,7 @@ The command removes all the Kubernetes components associated with the chart and | `web.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | | `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | -| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | | `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | | `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` | @@ -186,6 +186,12 @@ The command removes all the Kubernetes components associated with the chart and | `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` | | `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` | | `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | +| `web.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `web.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `web.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `web.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `web.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `web.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Airflow scheduler parameters @@ -227,7 +233,7 @@ The command removes all the Kubernetes components associated with the chart and | `scheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` | | `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` | -| `scheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `scheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` | | `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` | | `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` | @@ -260,6 +266,12 @@ The command removes all the Kubernetes components associated with the chart and | `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `false` | | `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `1` | | `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` | +| `scheduler.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `scheduler.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `scheduler.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `scheduler.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `scheduler.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `scheduler.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Airflow worker parameters @@ -308,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and | `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` | | `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` | -| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` | | `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` | | `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` | @@ -348,6 +360,12 @@ The command removes all the Kubernetes components associated with the chart and | `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` | | `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` | | `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` | +| `worker.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `worker.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `worker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `worker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `worker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `worker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Airflow git sync parameters @@ -461,7 +479,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` | | `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | @@ -496,6 +514,12 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | | `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | | `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `metrics.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `metrics.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `metrics.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `metrics.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `metrics.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Airflow database parameters @@ -743,9 +767,163 @@ NOTE: Due to an error in our release process, Redis®' chart versions higher This major updates the PostgreSQL subchart to its newest major, 12.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1200) you can find more information about the changes introduced in that version. -### To any previous version +### To 13.0.0 -Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/infrastructure/apache-airflow/administration/upgrade/). +This major update the Redis® subchart to its newest major, 17.0.0, which updates Redis® from its version 6.2 to the latest 7.0. + +### To 12.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. Additionally updates the PostgreSQL & Redis subcharts to their newest major 11.x.x and 16.x.x, respectively, which contain similar changes. + +- *auth.forcePassword* parameter is deprecated. The new version uses Helm's lookup functionalities and forcing passwords isn't required anymore. +- *config* and *configurationConfigMap* have been renamed to *configuration* and *existingConfigmap*, respectively. +- *dags.configMap* and *web.configMap* have been renamed to *dags.existingConfigmap* and *web.existingConfigmap*, respectively. +- *web.containerPort* and *worker.port* have been regrouped under the *web.containerPorts* and *worker.containerPorts* maps, respectively. +- *web.podDisruptionBudget*, *scheduler.podDisruptionBudget* and *worker.podDisruptionBudget* maps have been renamed to *web.pdb*, *scheduler.pdb* and *worker.pdb*, respectively. +- *worker.autoscaling.replicas.min*, *worker.autoscaling.replicas.max*, *worker.autoscaling.targets.cpu* and *worker.autoscaling.targets.memory* have been renamed to *worker.autoscaling.minReplicas*, *worker.autoscaling.maxReplicas*, *worker.autoscaling.targetCPU* and *.Values.worker.autoscaling.targetMemory*, respectively. +- *service.port* and *service.httpsPort* have been regrouped under the *service.ports* map. +- *ingress* map is completely redefined. +- *metrics.service.port* has been regrouped under the *metrics.service.ports* map. +- Support for Network Policies is dropped and it'll be properly added in the future. +- The secret keys *airflow-fernetKey* and *airflow-secretKey* were renamed to *airflow-fernet-key* and *airflow-secret-key*, respectively. + +#### How to upgrade to version 12.0.0 + +To upgrade to *12.0.0* from *11.x*, it should be done reusing the PVC(s) used to hold the data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is *airflow* and the release namespace *default*): + +> NOTE: Please, create a backup of your database before running any of those actions. + +1. Obtain the credentials and the names of the PVCs used to hold the data on your current release: + +```console + export AIRFLOW_PASSWORD=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-password}" | base64 --decode) + export AIRFLOW_FERNET_KEY=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-fernetKey}" | base64 --decode) + export AIRFLOW_SECRET_KEY=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-secretKey}" | base64 --decode) + export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default airflow-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) + export REDIS_PASSWORD=$(kubectl get secret --namespace default airflow-redis -o jsonpath="{.data.redis-password}" | base64 --decode) + export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=airflow,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the Airflow worker & PostgreSQL statefulset (notice the option *--cascade=false*) and secrets: + +```console + kubectl delete statefulsets.apps --cascade=false airflow-postgresql + kubectl delete statefulsets.apps --cascade=false airflow-worker + kubectl delete secret postgresql --namespace default + kubectl delete secret airflow --namespace default +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console + CURRENT_PG_VERSION=$(kubectl exec airflow-postgresql-0 -- bash -c 'echo $BITNAMI_IMAGE_VERSION') + helm upgrade airflow bitnami/airflow \ + --set loadExamples=true \ + --set web.baseUrl=http://127.0.0.1:8080 \ + --set auth.password=$AIRFLOW_PASSWORD \ + --set auth.fernetKey=$AIRFLOW_FERNET_KEY \ + --set auth.secretKey=$AIRFLOW_SECRET_KEY \ + --set postgresql.image.tag=$CURRENT_VERSION \ + --set postgresql.auth.password=$POSTGRESQL_PASSWORD \ + --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC \ + --set redis.password=$REDIS_PASSWORD \ + --set redis.cluster.enabled=true +``` + +1. Delete the existing Airflow worker & PostgreSQL pods and the new statefulset will create a new one: + +```console + kubectl delete pod airflow-postgresql-0 + kubectl delete pod airflow-worker-0 +``` + +### To 11.0.0 + +This major update the Redis® subchart to its newest major, 15.0.0. [Here](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1500) you can find more info about the specific changes. + +### To 10.0.0 + +This major updates the Redis® subchart to it newest major, 14.0.0, which contains breaking changes. For more information on this subchart's major and the steps needed to migrate your data from your previous release, please refer to [Redis® upgrade notes.](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1400). + +### To 7.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. The following changes were introduced in this version: + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the *requirements.yaml* to the *Chart.yaml* +- After running *helm dependency update*, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. +- Several parameters were renamed or disappeared in favor of new ones on this major version: + - The image objects have been moved to its corresponding component object, e.g: *workerImage* now is located at *worker.image*. + - The prefix *airflow* has been removed. Therefore, parameters prefixed with *airflow* are now at root level, e.g. *airflow.loadExamples* now is *loadExamples* or *airflow.worker.resources* now is *worker.resources*. + - Parameters related to the *git* features has completely been refactored: + - They have been regrouped under the *git* map. + - *airflow.cloneDagsFromGit* no longer exists, instead you must use *git.dags* and *git.dags.repositories* has been introduced that will add support for multiple repositories. + - *airflow.clonePluginsFromGit* no longer exists, instead you must use *git.plugins*. *airflow.clonePluginsFromGit.repository*, *airflow.clonePluginsFromGit.branch* and *airflow.clonePluginsFromGit.path* have been removed in favour of *git.dags.repositories*. + - Liveness and readiness probe have been separated by components *airflow.livenessProbe.** and *airflow.readinessProbe* have been removed in favour of *web.livenessProbe*, *worker.livenessProbe*, *web.readinessProbe* and *worker.readinessProbe*. + - *airflow.baseUrl* has been moved to *web.baseUrl*. + - Security context has been migrated to the bitnami standard way so that *securityContext* has been divided into *podSecurityContext* that will define the **fsGroup** for all the containers in the pod and *containerSecurityContext* that will define the user id that will run the main containers. + - *./files/dags/*.py* will not be include in the deployment any more. +- Additionally updates the PostgreSQL & Redis subcharts to their newest major 10.x.x and 11.x.x, respectively, which contain similar changes. + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version does not support Helm v2 anymore. +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3. + +#### Useful links + +- [Bitnami Tutorial](https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues) +- [Helm docs](https://helm.sh/docs/topics/v2_v3_migration) +- [Helm Blog](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3) + +#### How to upgrade to version 7.0.0 + +To upgrade to *7.0.0* from *6.x*, it should be done reusing the PVC(s) used to hold the data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is *airflow* and the release namespace *default*): + +> NOTE: Please, create a backup of your database before running any of those actions. + +1. Obtain the credentials and the names of the PVCs used to hold the data on your current release: + +```console + export AIRFLOW_PASSWORD=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-password}" | base64 --decode) + export AIRFLOW_FERNET_KEY=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-fernetKey}" | base64 --decode) + export AIRFLOW_SECRET_KEY=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-secretKey}" | base64 --decode) + export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default airflow-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) + export REDIS_PASSWORD=$(kubectl get secret --namespace default airflow-redis -o jsonpath="{.data.redis-password}" | base64 --decode) + export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=airflow,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the Airflow worker & PostgreSQL statefulset (notice the option *--cascade=false*): + +```console + kubectl delete statefulsets.apps --cascade=false airflow-postgresql + kubectl delete statefulsets.apps --cascade=false airflow-worker +``` + +1. Upgrade your release: + +> NOTE: Please remember to migrate all the values to its new path following the above notes, e.g: `airflow.loadExamples` -> `loadExamples` or `airflow.baseUrl=http://127.0.0.1:8080` -> `web.baseUrl=http://127.0.0.1:8080`. + +```console + helm upgrade airflow bitnami/airflow \ + --set loadExamples=true \ + --set web.baseUrl=http://127.0.0.1:8080 \ + --set auth.password=$AIRFLOW_PASSWORD \ + --set auth.fernetKey=$AIRFLOW_FERNET_KEY \ + --set auth.secretKey=$AIRFLOW_SECRET_KEY \ + --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD \ + --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC \ + --set redis.password=$REDIS_PASSWORD \ + --set redis.cluster.enabled=true +``` + +1. Delete the existing Airflow worker & PostgreSQL pods and the new statefulset will create a new one: + +```console + kubectl delete pod airflow-postgresql-0 + kubectl delete pod airflow-worker-0 +``` ## License diff --git a/charts/bitnami/airflow/charts/postgresql/.helmignore b/charts/bitnami/airflow/charts/postgresql/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/airflow/charts/postgresql/.helmignore +++ b/charts/bitnami/airflow/charts/postgresql/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/airflow/charts/postgresql/Chart.yaml b/charts/bitnami/airflow/charts/postgresql/Chart.yaml index 3f995edd0..1fb01b8ca 100644 --- a/charts/bitnami/airflow/charts/postgresql/Chart.yaml +++ b/charts/bitnami/airflow/charts/postgresql/Chart.yaml @@ -2,11 +2,11 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r93 + image: docker.io/bitnami/os-shell:11-debian-11-r95 - name: postgres-exporter - image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r5 + image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r7 - name: postgresql - image: docker.io/bitnami/postgresql:16.1.0-debian-11-r19 + image: docker.io/bitnami/postgresql:16.1.0-debian-11-r25 licenses: Apache-2.0 apiVersion: v2 appVersion: 16.1.0 @@ -34,4 +34,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 13.3.0 +version: 13.4.4 diff --git a/charts/bitnami/airflow/charts/postgresql/README.md b/charts/bitnami/airflow/charts/postgresql/README.md index fd5a2bab2..24a4b1fe6 100644 --- a/charts/bitnami/airflow/charts/postgresql/README.md +++ b/charts/bitnami/airflow/charts/postgresql/README.md @@ -213,7 +213,7 @@ kubectl delete pvc -l release=my-release | `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -221,6 +221,7 @@ kubectl delete pvc -l release=my-release | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | | `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | | `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` | | `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` | | `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | @@ -317,7 +318,7 @@ kubectl delete pvc -l release=my-release | `readReplicas.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -325,6 +326,7 @@ kubectl delete pvc -l release=my-release | `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | | `readReplicas.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | | `readReplicas.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `readReplicas.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` | | `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` | | `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | @@ -397,7 +399,7 @@ kubectl delete pvc -l release=my-release | `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` | | `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -450,7 +452,7 @@ kubectl delete pvc -l release=my-release | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` | @@ -483,7 +485,7 @@ kubectl delete pvc -l release=my-release | `metrics.customMetrics` | Define additional custom metrics | `{}` | | `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` | | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -572,7 +574,39 @@ At the top level, there is a service object which defines the services for both ### Use a different PostgreSQL version -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/configuration/change-image-version/). +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. + +### LDAP + +LDAP support can be enabled in the chart by specifying the `ldap.` parameters while creating a release. The following parameters should be configured to properly enable the LDAP support in the chart. + +- **ldap.enabled**: Enable LDAP support. Defaults to `false`. +- **ldap.uri**: LDAP URL beginning in the form `ldap[s]://:`. No defaults. +- **ldap.base**: LDAP base DN. No defaults. +- **ldap.binddn**: LDAP bind DN. No defaults. +- **ldap.bindpw**: LDAP bind password. No defaults. +- **ldap.bslookup**: LDAP base lookup. No defaults. +- **ldap.nss_initgroups_ignoreusers**: LDAP ignored users. `root,nslcd`. +- **ldap.scope**: LDAP search scope. No defaults. +- **ldap.tls_reqcert**: LDAP TLS check on server certificates. No defaults. + +For example: + +```text +ldap.enabled="true" +ldap.uri="ldap://my_ldap_server" +ldap.base="dc=example\,dc=org" +ldap.binddn="cn=admin\,dc=example\,dc=org" +ldap.bindpw="admin" +ldap.bslookup="ou=group-ok\,dc=example\,dc=org" +ldap.nss_initgroups_ignoreusers="root\,nslcd" +ldap.scope="sub" +ldap.tls_reqcert="demand" +``` + +Next, login to the PostgreSQL server using the `psql` client and add the PAM authenticated LDAP users. + +> Note: Parameters including commas must be escaped as shown in the above example. ### postgresql.conf / pg_hba.conf files as configMap @@ -696,7 +730,7 @@ global.postgresql.auth.database=testdb This way, the credentials will be available in all of the subcharts. -## Persistence +### Persistence The [Bitnami PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. @@ -705,7 +739,20 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to the [code present in the container repository](https://github.com/bitnami/containers/tree/main/bitnami/postgresql). If you need to use those data, please covert them to sql and import after `helm install` finished. -## NetworkPolicy +### Backup and restore PostgreSQL deployments + +To back up and restore Bitnami PostgreSQL Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using [Velero](https://velero.io/), a Kubernetes backup/restore tool. + +These are the steps you will usually follow to back up and restore your PostgreSQL cluster data: + +- Install Velero on the source and destination clusters. +- Use Velero to back up the PersistentVolumes (PVs) used by the deployment on the source cluster. +- Use Velero to restore the backed-up PVs on the destination cluster. +- Create a new deployment on the destination cluster with the same chart, deployment name, credentials and other parameters as the original. This new deployment will use the restored PVs and hence the original data. + +Refer to our detailed [tutorial on backing up and restoring PostgreSQL deployments on Kubernetes](https://docs.bitnami.com/tutorials/migrate-data-bitnami-velero/) for more information. + +### NetworkPolicy To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. @@ -720,7 +767,7 @@ With NetworkPolicy enabled, traffic will be limited to just port 5432. For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. This label will be displayed in the output of a successful install. -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image +### Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. - The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. @@ -748,9 +795,191 @@ This major version changes the default PostgreSQL image from 15.x to 16.x. Follo This major version changes the default PostgreSQL image from 14.x to 15.x. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 15.x. -### To any previous version +### To 11.0.0 -Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/). +In this version the application version was bumped to _14.x_ series. Also, this major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. + +- _replication.enabled_ parameter is deprecated in favor of _architecture_ parameter that accepts two values: _standalone_ and _replication_. +- _replication.singleService_ and _replication.uniqueServices_ parameters are deprecated. When using replication, each statefulset (primary and read-only) has its own headless service & service allowing to connect to read-only replicas through the service (round-robin) or individually. +- _postgresqlPostgresPassword_, _postgresqlUsername_, _postgresqlPassword_, _postgresqlDatabase_, _replication.user_, _replication.password_, and _existingSecret_ parameters have been regrouped under the _auth_ map. The _auth_ map uses a new perspective to configure authentication, so please read carefully each sub-parameter description. +- _extraEnv_ has been deprecated in favor of _primary.extraEnvVars_ and _readReplicas.extraEnvVars_. +- _postgresqlConfiguration_, _pgHbaConfiguration_, _configurationConfigMap_, _postgresqlExtendedConf_, and _extendedConfConfigMap_ have been deprecated in favor of _primary.configuration_, _primary.pgHbaConfiguration_, _primary.existingConfigmap_, _primary.extendedConfiguration_, and _primary.existingExtendedConfigmap_. +- _postgresqlInitdbArgs_, _postgresqlInitdbWalDir_, _initdbScripts_, _initdbScriptsConfigMap_, _initdbScriptsSecret_, _initdbUser_ and _initdbPassword_ have been regrouped under the _primary.initdb_ map. +- _postgresqlMaxConnections_, _postgresqlPostgresConnectionLimit_, _postgresqlDbUserConnectionLimit_, _postgresqlTcpKeepalivesInterval_, _postgresqlTcpKeepalivesIdle_, _postgresqlTcpKeepalivesCount_, _postgresqlStatementTimeout_ and _postgresqlPghbaRemoveFilters_ parameters are deprecated. Use _XXX.extraEnvVars_ instead. +- _primaryAsStandBy_ has been deprecated in favor of _primary.standby_. +- _securityContext_ and _containerSecurityContext_ have been deprecated in favor of _primary.podSecurityContext_, _primary.containerSecurityContext_, _readReplicas.podSecurityContext_, and _readReplicas.containerSecurityContext_. +- _livenessProbe_ and _readinessProbe_ maps have been deprecated in favor of _primary.livenessProbe_, _primary.readinessProbe_, _readReplicas.livenessProbe_ and _readReplicas.readinessProbe_ maps. +- _persistence_ map has been deprecated in favor of _primary.persistence_ and _readReplicas.persistence_ maps. +- _networkPolicy_ map has been completely refactored. +- _service_ map has been deprecated in favor of _primary.service_ and _readReplicas.service_ maps. +- _metrics.service.port_ has been regrouped under the _metrics.service.ports_ map. +- _serviceAccount.enabled_ and _serviceAccount.autoMount_ have been deprecated in favor of _serviceAccount.create_ and _serviceAccount.automountServiceAccountToken_. + +#### How to upgrade to version 11.0.0 + +To upgrade to _11.0.0_ from _10.x_, it should be done reusing the PVC(s) used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is _postgresql_): + +> NOTE: Please, create a backup of your database before running any of these actions. + +1. Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: + +```console +export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the PostgreSQL statefulset (notice the option _--cascade=false_) and secret: + +```console +kubectl delete statefulsets.apps postgresql-postgresql --namespace default --cascade=false +kubectl delete secret postgresql --namespace default +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console +CURRENT_VERSION=$(kubectl exec postgresql-postgresql-0 -- bash -c 'echo $BITNAMI_IMAGE_VERSION') +helm upgrade postgresql bitnami/postgresql \ + --set auth.postgresPassword=$POSTGRESQL_PASSWORD \ + --set primary.persistence.existingClaim=$POSTGRESQL_PVC \ + --set image.tag=$CURRENT_VERSION +``` + +1. You will have to delete the existing PostgreSQL pod and the new statefulset is going to create a new one + +```console +kubectl delete pod postgresql-postgresql-0 +``` + +1. Finally, you should see the lines below in PostgreSQL container logs: + +```text +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") +... +postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... +... +``` + +> NOTE: the instructions above reuse the same PostgreSQL version you were using in your chart release. Otherwise, you will find an error such as the one below when upgrading since the new chart major version also bumps the application version. To workaround this issue you need to upgrade database, please refer to the [official PostgreSQL documentation](https://www.postgresql.org/docs/current/upgrading.html) for more information about this. + +```console +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") + ... +postgresql 08:10:14.72 INFO ==> ** Starting PostgreSQL ** +2022-02-01 08:10:14.734 GMT [1] FATAL: database files are incompatible with server +2022-02-01 08:10:14.734 GMT [1] DETAIL: The data directory was initialized by PostgreSQL version 11, which is not compatible with this version 14.1. +``` + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the _requirements.yaml_ to the _Chart.yaml_ +- After running _helm dependency update_, a _Chart.lock_ file is generated containing the same structure used in the previous _requirements.lock_ +- The different fields present in the _Chart.yaml_ file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. +- The term _master_ has been replaced with _primary_ and _slave_ with _readReplicas_ throughout the chart. Role names have changed from _master_ and _slave_ to _primary_ and _read_. + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version does not support Helm v2 anymore. +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3. + +#### Useful links + +- [Bitnami Tutorial](https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues) +- [Helm docs](https://helm.sh/docs/topics/v2_v3_migration) +- [Helm Blog](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3) + +#### How to upgrade to version 10.0.0 + +To upgrade to _10.0.0_ from _9.x_, it should be done reusing the PVC(s) used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is _postgresql_): + +> NOTE: Please, create a backup of your database before running any of those actions. + +1. Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: + +```console +export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the PostgreSQL statefulset (notice the option _--cascade=false_): + +```console +kubectl delete statefulsets.apps postgresql-postgresql --namespace default --cascade=false +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console +helm upgrade postgresql bitnami/postgresql \ + --set postgresqlPassword=$POSTGRESQL_PASSWORD \ + --set persistence.existingClaim=$POSTGRESQL_PVC +``` + +1. Delete the existing PostgreSQL pod and the new statefulset will create a new one: + +```console +kubectl delete pod postgresql-postgresql-0 +``` + +1. Finally, you should see the lines below in PostgreSQL container logs: + +```text +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +... +postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... +... +``` + +### To 9.0.0 + +In this version the chart was adapted to follow the [Helm standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). + +- Some inmutable objects were modified to adopt Helm standard labels introducing backward incompatibilities. + +#### How to upgrade to version 9.0.0 + +To upgrade to _9.0.0_ from _8.x_, it should be done reusing the PVC(s) used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is _postgresql_): + +> NOTE: Please, create a backup of your database before running any of those actions. + +1. Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: + +```console +export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +export POSTGRESQL_PVC=$(kubectl get pvc -l app=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the PostgreSQL statefulset (notice the option _--cascade=false_): + +```console +kubectl delete statefulsets.apps postgresql-postgresql --namespace default --cascade=false +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console +helm upgrade postgresql bitnami/postgresql \ + --set postgresqlPassword=$POSTGRESQL_PASSWORD \ + --set persistence.existingClaim=$POSTGRESQL_PVC +``` + +1. Delete the existing PostgreSQL pod and the new statefulset will create a new one: + +```console +kubectl delete pod postgresql-postgresql-0 +``` + +1. Finally, you should see the lines below in PostgreSQL container logs: + +```text +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") +... +postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... +... +``` ## License diff --git a/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml b/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml index cb9374d6b..1f0c96203 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml @@ -49,6 +49,7 @@ spec: {{- end }} serviceAccountName: {{ include "postgresql.v1.serviceAccountName" . }} {{- include "postgresql.v1.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.primary.automountServiceAccountToken }} {{- if .Values.primary.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} {{- end }} diff --git a/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml b/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml index 826870065..f11ae0a89 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml @@ -47,6 +47,7 @@ spec: {{- end }} serviceAccountName: {{ include "postgresql.v1.serviceAccountName" . }} {{- include "postgresql.v1.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.readReplicas.automountServiceAccountToken }} {{- if .Values.readReplicas.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.hostAliases "context" $) | nindent 8 }} {{- end }} diff --git a/charts/bitnami/airflow/charts/postgresql/values.yaml b/charts/bitnami/airflow/charts/postgresql/values.yaml index 307cc9574..2a353ff63 100644 --- a/charts/bitnami/airflow/charts/postgresql/values.yaml +++ b/charts/bitnami/airflow/charts/postgresql/values.yaml @@ -98,7 +98,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 16.1.0-debian-11-r19 + tag: 16.1.0-debian-11-r25 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -465,7 +465,7 @@ primary: ## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param primary.containerSecurityContext.enabled Enabled containers' Security Context - ## @param primary.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.privileged Set container's Security Context privileged @@ -476,7 +476,7 @@ primary: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -486,6 +486,9 @@ primary: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" + ## @param primary.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false ## @param primary.hostAliases PostgreSQL primary pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -837,7 +840,7 @@ readReplicas: ## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context - ## @param readReplicas.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param readReplicas.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged @@ -848,7 +851,7 @@ readReplicas: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -858,6 +861,9 @@ readReplicas: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" + ## @param readReplicas.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false ## @param readReplicas.hostAliases PostgreSQL read only pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -1133,7 +1139,7 @@ backup: ## backup container's Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context - ## @param backup.cronjob.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged @@ -1143,7 +1149,7 @@ backup: ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1324,7 +1330,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r93 + tag: 11-debian-11-r95 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1346,14 +1352,14 @@ volumePermissions: ## Init container' Security Context ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser - ## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## @param volumePermissions.containerSecurityContext.runAsGroup Group ID for the init container ## @param volumePermissions.containerSecurityContext.runAsNonRoot runAsNonRoot for the init container ## @param volumePermissions.containerSecurityContext.seccompProfile.type seccompProfile.type for the init container ## containerSecurityContext: - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 0 runAsGroup: 0 runAsNonRoot: false @@ -1427,7 +1433,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.15.0-debian-11-r5 + tag: 0.15.0-debian-11-r7 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1469,7 +1475,7 @@ metrics: ## PostgreSQL Prometheus exporter containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context - ## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged @@ -1480,7 +1486,7 @@ metrics: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false diff --git a/charts/bitnami/airflow/charts/redis/.helmignore b/charts/bitnami/airflow/charts/redis/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/airflow/charts/redis/.helmignore +++ b/charts/bitnami/airflow/charts/redis/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/airflow/charts/redis/Chart.yaml b/charts/bitnami/airflow/charts/redis/Chart.yaml index f9e180e84..eaff8591d 100644 --- a/charts/bitnami/airflow/charts/redis/Chart.yaml +++ b/charts/bitnami/airflow/charts/redis/Chart.yaml @@ -2,13 +2,13 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r93 + image: docker.io/bitnami/os-shell:11-debian-11-r96 - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.56.0-debian-11-r0 + image: docker.io/bitnami/redis-exporter:1.57.0-debian-11-r2 - name: redis-sentinel - image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r0 + image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r6 - name: redis - image: docker.io/bitnami/redis:7.2.4-debian-11-r0 + image: docker.io/bitnami/redis:7.2.4-debian-11-r5 licenses: Apache-2.0 apiVersion: v2 appVersion: 7.2.4 @@ -33,4 +33,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 18.7.0 +version: 18.12.1 diff --git a/charts/bitnami/airflow/charts/redis/README.md b/charts/bitnami/airflow/charts/redis/README.md index 1fa7bd41c..6eb2bf85c 100644 --- a/charts/bitnami/airflow/charts/redis/README.md +++ b/charts/bitnami/airflow/charts/redis/README.md @@ -168,7 +168,7 @@ The command removes all the Kubernetes components associated with the chart and | `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `master.podSecurityContext.fsGroup` | Set Redis® master pod's Security Context fsGroup | `1001` | | `master.containerSecurityContext.enabled` | Enabled Redis® master containers' Security Context | `true` | -| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `master.containerSecurityContext.runAsUser` | Set Redis® master containers' Security Context runAsUser | `1001` | | `master.containerSecurityContext.runAsGroup` | Set Redis® master containers' Security Context runAsGroup | `0` | | `master.containerSecurityContext.runAsNonRoot` | Set Redis® master containers' Security Context runAsNonRoot | `true` | @@ -180,6 +180,7 @@ The command removes all the Kubernetes components associated with the chart and | `master.updateStrategy.type` | Redis® master statefulset strategy type | `RollingUpdate` | | `master.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | | `master.priorityClassName` | Redis® master pods' priorityClassName | `""` | +| `master.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `master.hostAliases` | Redis® master pods host aliases | `[]` | | `master.podLabels` | Extra labels for Redis® master pods | `{}` | | `master.podAnnotations` | Annotations for Redis® master pods | `{}` | @@ -286,7 +287,7 @@ The command removes all the Kubernetes components associated with the chart and | `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `replica.podSecurityContext.fsGroup` | Set Redis® replicas pod's Security Context fsGroup | `1001` | | `replica.containerSecurityContext.enabled` | Enabled Redis® replicas containers' Security Context | `true` | -| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `replica.containerSecurityContext.runAsUser` | Set Redis® replicas containers' Security Context runAsUser | `1001` | | `replica.containerSecurityContext.runAsGroup` | Set Redis® replicas containers' Security Context runAsGroup | `0` | | `replica.containerSecurityContext.runAsNonRoot` | Set Redis® replicas containers' Security Context runAsNonRoot | `true` | @@ -298,6 +299,7 @@ The command removes all the Kubernetes components associated with the chart and | `replica.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | | `replica.priorityClassName` | Redis® replicas pods' priorityClassName | `""` | | `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` | +| `replica.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `replica.hostAliases` | Redis® replicas pods host aliases | `[]` | | `replica.podLabels` | Extra labels for Redis® replicas pods | `{}` | | `replica.podAnnotations` | Annotations for Redis® replicas pods | `{}` | @@ -428,7 +430,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.resources.limits` | The resources limits for the Redis® Sentinel containers | `{}` | | `sentinel.resources.requests` | The requested resources for the Redis® Sentinel containers | `{}` | | `sentinel.containerSecurityContext.enabled` | Enabled Redis® Sentinel containers' Security Context | `true` | -| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `sentinel.containerSecurityContext.runAsUser` | Set Redis® Sentinel containers' Security Context runAsUser | `1001` | | `sentinel.containerSecurityContext.runAsGroup` | Set Redis® Sentinel containers' Security Context runAsGroup | `0` | | `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis® Sentinel containers' Security Context runAsNonRoot | `true` | @@ -460,8 +462,9 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | | `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | | `networkPolicy.extraEgress` | Add extra egress rules to the NetworkPolicy | `[]` | | `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | @@ -492,88 +495,92 @@ The command removes all the Kubernetes components associated with the chart and ### Metrics Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | -------------------------------- | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | -| `metrics.image.registry` | Redis® Exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Redis® Exporter image repository | `REPOSITORY_NAME/redis-exporter` | -| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | -| `metrics.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | -| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` | -| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` | -| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | -| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` | -| `metrics.containerSecurityContext.runAsGroup` | Set Redis® exporter containers' Security Context runAsGroup | `0` | -| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis® exporter containers' Security Context runAsNonRoot | `true` | -| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® exporter containers' Security Context allowPrivilegeEscalation | `false` | -| `metrics.containerSecurityContext.seccompProfile.type` | Set Redis® exporter containers' Security Context seccompProfile | `RuntimeDefault` | -| `metrics.containerSecurityContext.capabilities.drop` | Set Redis® exporter containers' Security Context capabilities to drop | `["ALL"]` | -| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` | -| `metrics.resources.limits` | The resources limits for the Redis® exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the Redis® exporter container | `{}` | -| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` | -| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` | -| `metrics.service.type` | Redis® exporter service type | `ClusterIP` | -| `metrics.service.port` | Redis® exporter service port | `9121` | -| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` | -| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` | -| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` | -| `metrics.service.clusterIP` | Redis® exporter service Cluster IP | `""` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | -| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | -| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | -| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` | -| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.podMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | -| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | -| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | -| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | -| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | +| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | +| `metrics.image.registry` | Redis® Exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Redis® Exporter image repository | `REPOSITORY_NAME/redis-exporter` | +| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | +| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` | +| `metrics.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | +| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` | +| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` | +| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | +| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsGroup` | Set Redis® exporter containers' Security Context runAsGroup | `0` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis® exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® exporter containers' Security Context allowPrivilegeEscalation | `false` | +| `metrics.containerSecurityContext.seccompProfile.type` | Set Redis® exporter containers' Security Context seccompProfile | `RuntimeDefault` | +| `metrics.containerSecurityContext.capabilities.drop` | Set Redis® exporter containers' Security Context capabilities to drop | `["ALL"]` | +| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` | +| `metrics.resources.limits` | The resources limits for the Redis® exporter container | `{}` | +| `metrics.resources.requests` | The requested resources for the Redis® exporter container | `{}` | +| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` | +| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` | +| `metrics.service.enabled` | Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor | `true` | +| `metrics.service.type` | Redis® exporter service type | `ClusterIP` | +| `metrics.service.ports.http` | Redis® exporter service port | `9121` | +| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` | +| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | +| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` | +| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` | +| `metrics.service.clusterIP` | Redis® exporter service Cluster IP | `""` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | +| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | +| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | +| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | +| `metrics.serviceMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | +| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | +| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` | +| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` | +| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | +| `metrics.podMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` | +| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | +| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | +| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | +| `metrics.podMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | +| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | +| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | ### Init Container Parameters @@ -587,7 +594,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | | `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | | `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | @@ -642,7 +649,7 @@ Bitnami will release a new chart updating its containers if a new version of the ### Use a different Redis® version -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/redis/configuration/change-image-version/). +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. ### Bootstrapping with an External Cluster @@ -744,13 +751,27 @@ It's recommended to only change `master.count` if you know what you are doing. ### Using a password file -To use a password file for Redis® you need to create a secret containing the password and then deploy the chart using that secret. +To use a password file for Redis® you need to create a secret containing the password and then deploy the chart using that secret. Follow these instructions: -Refer to the chart documentation for more information on [using a password file for Redis®](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/use-password-file/). +- Create the secret with the password. It is important that the file with the password must be called `redis-password`. + +```console +kubectl create secret generic redis-password-secret --from-file=redis-password.yaml +``` + +- Deploy the Helm Chart using the secret name as parameter: + +```text +usePassword=true +usePasswordFile=true +existingSecret=redis-password-secret +sentinels.enabled=true +metrics.enabled=true +``` ### Securing traffic using TLS -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: - `tls.enabled`: Enable TLS support. Defaults to `false` - `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. @@ -758,7 +779,23 @@ TLS support can be enabled in the chart by specifying the `tls.` parameters whil - `tls.certKeyFilename`: Certificate key filename. No defaults. - `tls.certCAFilename`: CA Certificate filename. No defaults. -Refer to the chart documentation for more information on [creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-tls/). +For example: + +First, create the secret with the certificates files: + +```console +kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem +``` + +Then, use the following parameters: + +```console +tls.enabled="true" +tls.existingSecret="certificates-tls-secret" +tls.certFilename="cert.pem" +tls.certKeyFilename="cert.key" +tls.certCAFilename="ca.pem" +``` ### Metrics @@ -774,11 +811,65 @@ tls-client-cert-file tls-ca-cert-file ``` +### Deploy a custom metrics script in the sidecar + +A custom Lua script can be added to the `redis-exporter` sidecar by way of the `metrics.extraArgs.script` parameter. The pathname of the script must exist on the container, or the `redis_exporter` process (and therefore the whole pod) will refuse to start. The script can be provided to the sidecar containers via the `metrics.extraVolumes` and `metrics.extraVolumeMounts` parameters: + +```yaml +metrics: + extraVolumeMounts: + - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' + mountPath: '{{ printf "/mnt/%s/" (include "common.names.name" .) }}' + readOnly: true + extraVolumes: + - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' + configMap: + name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' + extraArgs: + script: '{{ printf "/mnt/%s/my_custom_metrics.lua" (include "common.names.name" .) }}' +``` + +Then deploy the script into the correct location via `extraDeploy`: + +```yaml +extraDeploy: + - apiVersion: v1 + kind: ConfigMap + metadata: + name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' + data: + my_custom_metrics.lua: | + -- LUA SCRIPT CODE HERE, e.g., + return {'bitnami_makes_the_best_charts', '1'} +``` + ### Host Kernel Settings -Redis® may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. +Redis® may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. To do so, you can set up a privileged `initContainer` with the `sysctlImage` config values, for example: -Refer to the chart documentation for more information on [configuring host kernel settings with an example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/configure-kernel-settings/). +```yaml +sysctlImage: + enabled: true + mountHostSys: true + command: + - /bin/sh + - -c + - |- + install_packages procps + sysctl -w net.core.somaxconn=10000 + echo never > /host-sys/kernel/mm/transparent_hugepage/enabled +``` + +Alternatively, for Kubernetes 1.12+ you can set `securityContext.sysctls` which will configure `sysctls` for master and slave pods. Example: + +```yaml +securityContext: + sysctls: + - name: net.core.somaxconn + value: "10000" +``` + +Note that this will not disable transparent huge tables. ## Persistence @@ -798,13 +889,115 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE ## Backup and restore -Refer to the chart documentation for more information on [backing up and restoring Redis® deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/backup-restore/). +To backup and restore Redis deployments on Kubernetes, you will need to create a snapshot of the data in the source cluster, and later restore it in a new cluster with the new parameters. Follow the instructions below: + +### Step 1: Backup the deployment + +- Connect to one of the nodes and start the Redis CLI tool. Then, run the commands below: + + ```text + $ kubectl exec -it my-release-master-0 bash + $ redis-cli + 127.0.0.1:6379> auth your_current_redis_password + OK + 127.0.0.1:6379> save + OK + ``` + +- Copy the dump file from the Redis node: + + ```console + kubectl cp my-release-master-0:/data/dump.rdb dump.rdb -c redis + ``` + +### Step 2: Restore the data on the destination cluster + +To restore the data in a new cluster, you will need to create a PVC and then upload the *dump.rdb* file to the new volume. + +Follow the following steps: + +- In the [*values.yaml*](https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml) file set the *appendonly* parameter to *no*. You can skip this step if it is already configured as *no* + + ```yaml + commonConfiguration: |- + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly no + # Disable RDB persistence, AOF persistence already enabled. + save "" + ``` + + > *Note that the `Enable AOF` comment belongs to the original config file and what you're actually doing is disabling it. This change will only be neccessary for the temporal cluster you're creating to upload the dump.* + +- Start the new cluster to create the PVCs. Use the command below as an example: + + ```console + helm install new-redis -f values.yaml . --set cluster.enabled=true --set cluster.slaveCount=3 + ``` + +- Now that the PVC were created, stop it and copy the *dump.rdp* file on the persisted data by using a helping pod. + + ```text + $ helm delete new-redis + + $ kubectl run --generator=run-pod/v1 -i --rm --tty volpod --overrides=' + { + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "name": "redisvolpod" + }, + "spec": { + "containers": [{ + "command": [ + "tail", + "-f", + "/dev/null" + ], + "image": "bitnami/minideb", + "name": "mycontainer", + "volumeMounts": [{ + "mountPath": "/mnt", + "name": "redisdata" + }] + }], + "restartPolicy": "Never", + "volumes": [{ + "name": "redisdata", + "persistentVolumeClaim": { + "claimName": "redis-data-new-redis-master-0" + } + }] + } + }' --image="bitnami/minideb" + + $ kubectl cp dump.rdb redisvolpod:/mnt/dump.rdb + $ kubectl delete pod volpod + ``` + +- Restart the cluster: + + > **INFO:** The *appendonly* parameter can be safely restored to your desired value. + + ```console + helm install new-redis -f values.yaml . --set cluster.enabled=true --set cluster.slaveCount=3 + ``` ## NetworkPolicy To enable network policy for Redis®, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. -Refer to the chart documenation for more information on [enabling the network policy in Redis® deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-network-policy/). +With NetworkPolicy enabled, only pods with the generated client label will be able to connect to Redis. This label will be displayed in the output after a successful install. + +With `networkPolicy.ingressNSMatchLabels` pods from other namespaces can connect to Redis. Set `networkPolicy.ingressNSPodMatchLabels` to match pod labels in matched namespace. For example, for a namespace labeled `redis=external` and pods in that namespace labeled `redis-client=true` the fields should be set: + +```yaml +networkPolicy: + enabled: true + ingressNSMatchLabels: + redis: external + ingressNSPodMatchLabels: + redis-client: true +``` ### Setting Pod's affinity diff --git a/charts/bitnami/airflow/charts/redis/img/redis-cluster-topology.png b/charts/bitnami/airflow/charts/redis/img/redis-cluster-topology.png deleted file mode 100644 index f0a02a9f8835381302731c9cb000b2835a45e7c9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11448 zcmeI2cUx22x9_8Zh@yyC0I4cPR3wC|kVp$H5PB1ZB#;m~gf1}_1O)^|QB*Y2#4gyt zMlbeAQxFvp712m>hX{m(GZyaOx!ZkSz`gf*j(>!>GS^(QjWNFCGu9zzC!56!6&9jU zsKs`+R<0=2Tv-%qj{Ji8aAni0vR)KQEHl>HJ2pI#N)HP{sbegEe^b}f4US~Qs$;Cw z_4G(lQ96Ni5-o-l&d`YniiJz?dw66Zok|Z1{M|-RS5J47uKp%8#vQGzjxpCah7XLM zj-j5O@9*{`T2RE_9UAE9LI+xoBnmwuHj)v%{&$O@SQ71bZ+Kl2DH#*!W~guJ6YNcK zHZTeO`>F9kF${WS#P4QkJslGrH2U}5u}M)uzb^*{#nUN4$W@Fr%;@i-!xQO$57ytD z8g7NACsAo=gGf@4U2vq4|L;yBNa25X;tb>6G}|@C+Q2i|iEP41uyWQ#JBJ%4#8?F< zhJ?qHVxj_RUKr=dpkNn9ac?y zjjf4Zb6GNz?1!C-z2!T|`I6FNrJxgzEdNh&X5<(5KrG*81T6sFq zW4#j0(FP$=R0ktuGQKhJ>5aE1x<}i)7{Yf-uoVV+b&Uyx|9F@?Q)9v%9i!kom8xr_ zZyDi8quLlJ$HoMDMv5Etu;N25ccDbf0|Q5Hey zuy9hmyN{lmxi_9+6lmk*8e~ZKun3K`af^yY(`;?=K0&@@N^D4|ZmdgqQerIL%hrxy zM`KVuoedc@Cs*&NU@z}TC!YjoOLVwfgp0XBq^=QOH`LfZDk)yy$}P!&oMd9pNV2eV za19GKbTn|V3?&(oC>TsM-pj)_-XqzO!f>`XcTI{5(F-#P4|eb+*@i_q#RWz9Cb}lU zY#Dly5oBMwdxVb>J|ZxR=Hn2B(esIp*C%@g#keGsV#(gFfsDuqU)z`@qaaF%b3~+m zaCivCJ1!{#Z-OS0%&mNabUj@xDKwK12OC|CUMSr<(LBO6#=*zKmh2FMcXPB0wAZ(G zOLT#y3^MdVd+FN4H&{DMs+$|$6}}_mun)3ByGD6M!*@NGc#37RH*(}cY~w5(g7s}^ zzJ{deP$OjHtPIHRcv})F*daVJ9OLS0Leg`Niu1-BQNyAVy)cG$-t^cQdT5*_#!w#< z6bFATlk}s>LCIl6HxqO;(KpT^F4{I2o&%lvSS5MJQIi?*1e?StBg+V5BGsE18|WMZ zW@PMb;;rjJh)Z(TCxklSlZ>ctaW=Yo)I?_w8+1I}9FDPYfEk{Rp z-ILpbFFK4J$#eW+T6n?W^l5qJZKu}h5eQ&HLB6NEPly?kFMd+9B*;21U%BtZEs%?pK-aOJA&_a1j0}?4#_1KVkJ~ zb1N$=!~T5LHEY(Ki6ShOkvZyUtN}kg)=-p%p8{pGCE=%=k}YB~GBVw%{}0_J=Dl%c zNm&_1!2faZ@ZlzI_bqfh*IP+9=vgI}rUzo0%pyLDCQ>#KFyN?VT{J-WBp zCg)?vCAY`Vo>`JeY8zKB+H+FMc}Q(BfZHZ_r67MSRsc_F7C zywt+dvh}JDW@2iJ{P>7kKAJK=H#hgl*|VFbw_3cM9SuWCQ8xa>xpUb;&rXoK%1McR zdnJ}CDoP!Dk~;a<;97Nc@fy+86}OQmPoC7l)OA^+lzf7Q)M`ViYrc0ZqM~%M)1#Jw zfq};3$}t=HHo0Bw?;rEaU97FebB`UnQf>OC*hZRgcFPL?lreG9^k2lGzd~ZiK3a#p zy)Aj;;m?Kl6GpPH?|86AUw`=-!|+_};cth8N7wOf@{BbUz8)iD>yD^dMsdu3sjgcm zW@l$t760Qj&u4MW_&1NM{x!;Vb#<@w7h9$;X)0sy)@H8k+&6o3!pHoJ>1>urexUjA z{*xzH?Mxn059_{ZJ+&^q>tPZG7Orn-Nb**9*6rK+L&p|ya{?=HmlwBKDP8rsHUCla zcztmWHlwP_c!*J;ZD_dCY!|w?1!4%~4*Dqs@kWrCfWZ=WDk*3@9_9&Rg z5F_^U)4UCdKkmGFRb;&gdi0)Bv?Q|{S_2<>6TK>ZjGG z9{XfuWax&!)fbyTe+?S#0yhM(;#x%99AT%DK(HZO64jEUVl(pL5m;Fr&fwZPdwct( z%F5ZbwcE;A()V1-YtksJyA;;q7Ewg>BpOX=mYSHHB=uG^+sd@U;l8gOmt?7&bDNkM zu3c;-9?ml75dN@2UC14Kwt46Ayu3oYV;XHVV{t*d3K&7wJ2t7s>ig?!V=XEy zTei8u;}z>#O<*5YkYo515Ix`}TT?sxu@^5d`*D}*ybg@r&so3e+v-a$5 zZUo2RH_Wjx%ILh}MVX!$Yom3g3NIn!T+5S?3nT>6XvGdEb=qi07N;DkD{zvz0b5=XcjZ z%dB}4OKjOLo4Fig7=&v@&9~z!vfyUH!r>W8>ohdhn40=cWhIkX&B#nMgdSzQe698C z&HwuHqLib$HKeUX^6As3C7g@0e3~gTl8)Z9$CYK#Xmq|lJ(njRXfx1~)AFtJO6k9w zkVqt3A`$kLt7TxY0_>xW)*>D8sh7e;aXnntiCP%~e12HDO9BW)FCB@FA<~X*CewMZ8<>mEH4zkm8a-`u%DeyvRRBF-r^R>#fZ%=tc?G*uabB8b?O`

    gt0u3YK+3VbZ)7Cr=g*&)YecY;+uHRLladT3#L-cG+Z4CN zKHgdOtr;9@>`b#Ba+WJ_{4yh$6P!auoRD{nC(pX_v#ErxkgbB-IsWFP&W_}s%qJmt z*68S5|2A?sI~z}@uitaVzm50v=e`T{#J^q`x%l~|^x)X1PD%ECQ3)6r7}&pZlW#!x z&7i92f%*0h4r6aaZ}j74CZ$tSQjUNV{3&o&kyxTw>qazFXX3Act31{S^Z5WvqP%;8 zRA3x!@p~>={SD~@*D62Me{9N}gIbv>4iVJ*7S*vcbLjhxnzRda8yg$XpFfY95st75=?aFC9}wq0 zF)@LdjmM0RV|#f>r?%h2M3;$#Pa{fO)5_jR(9T%&W!y0{L3|lv0qAhQ-1KmF^PQ#ZP>O;1`%Dz!7D2~MQU ziWTB2Dk_SwVr4}3^O^Dya_Y^8?nk&h01c(e<# zn#xC@6l4*7aQx)S269E;yL${|OE<2}jM=QQ;)KaRrkkog^P>D`le>${Uf8$b)1Kp> zs|yMWF0X0_-=xd4u&0Y3+CqaAK$nqa%A?fkq#lyJoui-Hen2>X}amW4T zsHl&Pl3-Q+5SF_hB#eanpW7uIe*?#A_w<-e)@q~SyPJD|z&6%iOR!QgO3a%bavc#AD>^6l_mA0H!azv|NZlSo-Y>{7yA@;9CP`qRRbUn%6+e)_JqE@(-#Tj($SLZ+CP~bsy z^z=kD2pv1Nx#8&8SRE{FDJOU-zYL2!Y4}F2TC*4mHh4*NbaWfddEQmOd&^+c{tSn~ z1k|3gva*{asc|0Qw8G!sK8kJ7>0&1%@zj--rXaiP*RVBWzVhzUM4V8cKhnFInYN=G zH(rj*4J;8!8EBy5Shg7(^gc>&AhW&&K%fp5%101T+q}K=U2!!ZR+L`2pe;1(yhCD5 zwZLA;2r!@WQK-ns$WLFsz)Bk!GrmY|iT$d|OtY-O3CYmGMWK8=bZ|_=(b>~egE`;B z&DC`utbzl(e>s=PLdF(@$Qo;F>;K4_clR(EnVF@3${I-&7|nq*XIAU@RjD#F9Ja!- z1gAUx{SAmEZGM?Fa-d@lh@@~DD8%M>?%ZkX;BXAvqz+>)+VLR1jdqa4x`}xGPujwJ zjrkWlZqbNgA0GNlNuA6sD9GCRDA|r(xQNS{?CRYFpMIBcClzE-x)A0>$IUe54MLV{ z5YKI7rd=<`4U$-_CQ(64=M>`}9L2G*vBc3jiKCFeFf-JY%#xS?czdS-j34BuI)Bic zdm|o%rQaRgNkv&y6rbx8JJcqgxpGr3w#j*=j^6?ni&d~S!D(vw4hk!~PV_BJXp*+! z*WgV`k!x(MK7_Aw8b^7^?KuC1QSW&W@?d1=cj}_1HTsUh>3@C-(>ADeNNAuaxTPcrHRdNQYOyka!)+4~pt_Se?%`LR z;xnbVV}q7fEhKKOH~ewy)Ya|Slm*-y!(D7)Ma_K*%o**nUm81s`t?3R<$}}M49N5# zO;E?-RNO8Q>V&^~b0AxTn{2rwaMM6V%>xSL3uu>2xLgQhlQT=!U!rWP1^I{yYZ~lH zCiu;Dr4yU|b(q->0jx?`SqgmC)WAIw&;orf@uOty$OokjUf03z=V70$*Vfi9CpRq= z6BFxuqRFa7_Xe7xHZ?Q6iq)$~_dm)_vy2nS?9xW&ct6KH?@M@!S2w7Qj z=(&&|);AuKJ$mZYdgjW#!lRHK-s#T|KF`4lq}0^Zf;%qCq)Ex|YizU%>b>pm?R_vc zRSXGr(F4tL*c4;KurAeqW_0EIH*LSGYHF$oXUzJ|^&Mz>+qx9d`YfxIVcpv04@u z7P_>TibzHZ0gUm@th>A0*2$^4z=W}M*)l}U-VX0sxfY*Qo3UcUk-WUm9lIV^fIX2} z*E1>gbxsAwdp~^&w6d{TYiukBsv-@H2jbq;uaTU`k8PiyHdu7U^IHAuYulqIMoAFE z)@W)<+`D%Vl!lF+oh0gfNr@P^e{hY~PEJeofU`lfu=n>@z+N=MaRRq@2)rNV)8nJT z@2b%EV~6$~IkFUaoQa9NiHS*l&Du`{aQhXwH+5(=#3Ug)*1bHtRYpZ6C+V**r214z zInzX4$S#&HU5fJe_fOoltD&J`-itFv$e}!K6uCrNS{k|d=FO@(bLK2qw5Xx4Za)P6 z0|_6JB*5sp?lCk$heZuEFCHT1#U4bGY#KpPcA?gW4GpmOE{Mljcuy6aXct?-SY!Dp z3!^+du-4Tf9pP_A2VlmeeOgNzIH%HHIGOnLW(iBYVtfv6^)iTckbN8)b|_e zoVEKYtaXQkm(nQ~GAVfY2Jx!TxY1AzKg z4W8SD1hSHnb$$=x9jC6&zn46&{rZM~PG4U@@aeQd%k+=!L|h&=GXz-6GC}dyXhKH= z2RD-ik+|;JvqhU9@s`~U>t4gmwFDg}4-1F*+3qmBukUG|ofzK+)Lv&ArD)0Pt3LZd z-u1WIs95{?74S@)R;*r~3HkcRiWX(dl$3`&lRqTHrj?s_W*^34BcsF5WXY98Q$y+qe39R*cE(Z(E%W;ALmX4_goK$fL!PTdlU!K_L zGZ#S${GQ0RvabpPh7{k+h|59y-9z+iMMVWtafpeDDIuauU^oMX>B{wQ?}V2ATkEct z1-3xFh3IQt>T@|OYirQg8@QaLu3rBN++g$_kzWV_bX-8s-S9SA)$!xUm-D{1T24vr z2w=Sg{!3!L9JEK2I^=1iqodoX)C;`zI_trjLECF>-h2{kEhacNi=@1UIHQz$az!l| z8)%lcvZ~uaCu?84c=5SCkAqGC7kmLkoDB}^lYD!N{7&jB&RM& zLL_Grvo2fFWDTItH85H@m+%ZR2)7Vtv%1**&5dUws}CJmvmB zGtS1^z4OMP90a2@w6(J{cXmF)lV1!SAerA&p@-{k0=K79n$nUDi8{9rS~df41@yU! zPg8_JTD8h3G71pC{{UNtA{1TRzuwRQ1S%=35%6pHJ^Yjj1%R3w-0SN*GK-4VKt?7H z+!zW;Nl8h@(I3T-s)4h!D)aJ1NHvB;hl3ET%cg*faQRJkm08o#)4X;fbmidWztg>;!#64Q4Gor0j7EW=${<=D*66b5 zujA|8puV!ZCvyl$p>fKDE~*bq0LeZf$BO##)&K#p0HJ_%O}wcQ9Y9h)n8zMKySw-s zXZgX*^dPPxyvOhfvCXxg%sc?h3$;R^(_K(P3*UU9 zmo=l*kS={AxsHB14URAhG(H6XjehrIFNH9@s`H1Z0V^NwC<~Q+g!6yY>m|$gN=Rl^ zC)eE2fUMg+rTS^MrFP;Z-c2n#cY!_uVPeiZze#uwRB7j-`Ucr7 z1d%86&I~B~qfip>kaqztb`AD8{~L0y=zSrD@@I~B`d2Tngq+?T{yoYEXi*LkuBUpH z0H|_0bQSw`DM}TKRR+*p$t3cnann&fH_kwO9H+mvI*@?5h2v`?1mF>%Lx?i#e=%R@ zUH7lahQrdIgA+lKduYc@^~aB7Sa?aW0Ti5oJ6nWrkqTQAxuWOM%e$d(bO`56eWtQ} zAwti*<#NWldf&6c`I?qc=!pDa3fZy)Qd5EY%4(=&UH>3%Ritcc}65Wn3V;U zGj2e~MHl15QJ{w7^`fl(h_e)2ahe3|wfW)bzFeGAc0@N6uhW(&X@lDYn22!P7*?JX zS_5i1OF&7$Q0K$m87KWL`6GbnHRhxCfFD-V(Sg!n$ez3nUTd_q?Wd&9l;h%{m%vmJ zYTjW<6sS6P{@L>DPstVMK}`bn6c@P7#^Y}sX9^jr!V9FNkWys-P#L=!m_#Y3d=bA4 zshnkXunU{T&JRo5MO)*iN!DDV5)vM-K@C$91wg?Pk52;}n%U9eURqOj-w@Jegh-NE zX+Y}we*8ELCNYG$IG^^iz#NJ$PzKfFm-!=I+`%_M==-;pa)8z>^u1K?EVY%s@=l- zy!B2{l-)a99)1PoVKEd^t^nOjr_({?$m#Ja;%i|Y6XALlsj?* z>f2SmNb!5t=79F8f=nm{tq1iagrj;_Mx5oXzuzcQ%oKKJ3r$X3;Sc6QhcC~WWrCv& zXf3jCE0cQ)RgQir2!ajTv5P`MK6d%PFUPe+eHQt}6WlYhv(uo|$me#iWoEQhPkvbq zRiQcH$&UT0Oko%H9MdEgMfO%NSiHCiiXkN&7kd{M8Aw*3GGGEM3_qo)KC5{Der=#X z{~{HX6C8=gD>te$AQ(BYi$kGmp1&nd8(e8RqDB}}dyzL1z;k#dz?_lSAL=Aj`lBCJ~vZaRd#_rNgaC%{d^a1(O*c4V(IEKPIWeu+|! z%s41R;Cpis01Q##f4*n&tq)o>%MwlZf?K7)8x|0Q+B8i-h>9Z>i#>Z#rjwtJ+1lD3 z!9G!kDkObY&CdG<*>PCB)+SAnpzcWopr+1YmyVP=wr>GG+}yaX!FnYg^j|U!I@Z5A*1U%+~3V zCPXPnD)TY4C4fAUv>D!~AU7VA@vb0?g9P~_1vT!1n$8ix_3$2(n1nwesZB`Vk~c;^CATva2ZRgf1zp?(eu{DL2oO*VOmYB7 zBSIoS4h$fnf{?E}XTO9r-rHMl?%cV3-@h+{@KL~<7Y!45Ic+v z^)Lto6Ar$AW@U!Y=x^d~2*j3yWE7t4A3^l?BOoM{bpL#lP?Yxy3?WM>=}9Omx&{Tw zdU(5f2D|!)$OaI|a0%}F2YPrDy$K$F+9=8^${&_jKCGaGRZx&n(pFN24@E^;byWqs zKkZ#T2?2ixRFRd30S=kEx_bwZ14Fzd|Fj^GT|NJdW~Fl2&%!mz$V#6`a8_3jwp5Pr z{?jIm5FFwi81Sc=0*o&UkNX`DIWmaw=duSO%-fy7xT=JLH~JeoJkk4au+G{41$dfjkSY4t(D}p^=!R^ z)U|CKrYmJoGw(?iivqLLdoBFF*ll?<2 z{d}S{4I;xL&BN8)(F%r&3f=@&csYzVH1I;Yo0Ig+@#@xYm`Gbo z6;m~mpLZnL*4@I=+EvXe#N5m`(AL<@!_3GsBE%yyGAcA&UeVCaP}fffP1ZH`@bDwr zhD2D}kpm6o6;)Mze6)RWD3Yg@kB^c!$`GxJM4>$4F##cp{%-QFkw)lnTQgk~MI&8P z9Tk10zyNPEcN7YiN#By}ZyI8$7_3L|v~!E_G_ke}4lu`u==l2t+o5oZCgwN=4ABVf zui&QcjmD~akyP<08^&v>n44=yl98cgJ8fdPxxR9gqDi2sKN3SAn}o{~-Th!}D@b7- zBK+@V8i5Z|Ggr5W#Ca+Q!5y+WQr{-X&)36BG1AnE5r%G*B_;-qhuCJ z3XxYc5B0Jokc_ z1Ak8sy+8wFWt6*~nwd6M)r1rorlJ;Lr9cdJSMxSgQB?OfRkKvnLmDd)4PlJ%D3S^z zavWp#D8Z=u|LmCG+Xw#siwR1ok~bZf5C~C(k)Ad-qG*2D7mHoyXI?BnJ}PN*Kx35p zB0Edh32l>qHgUl2g57l&%5g8&D_%rGS=zPh21n3VO3m93Nq4b_7)maAO;F`;?+;dI z-ItZmu3&nclXqOPbM=E;&Mi0Mw-@mX$2tScS4HKOIzK$%kW*?FHp&rSe6q*<=x6aE zqfMNg>J+N6p7{PeDbDP4JY7#u(T%p7vpxBL@S=FafS-O?m}=Pk;F*MkEia0-M7p}V zc-4c&*_k(Q+Pt~zwx>CH=JnS3p_-(c8nsiWPJNi4&-gY!bOoI+J3VmwAhdCn=amm0 zH+=HsiKwjX&TZSa_22d72@Vdnu(y|9yOvYvO3Uev{k8tx(8%cV+qw`=LBVvVhN#Cw zLjofsBfQ6=l+*S1@0E2(-XWms^8M5B)An}lxHwI-iyCKMzs6v(*hW9q&9zRg+}zxU z4j*ozS(RlK7iSg~34VOnAdr%hg0FI6f)VsHg)^$E+^rb`NfeiQbaZvIb8=46=~7+QAA^@?ael-1x%chcmnFW9`5+-`|sGz2%raXVf(`V0i3#DLBQH>AZa&2a2=T~O^{ytu7 z_ntkdHWCdMm|YOL>og08J_eIBjl3EpgIlwDo-b!G)p3ziNGKycoxO{cpb_=;P-$uD ztGW=+n+|mtvLNPAp49N0p}>*sdv4gE+APmW+f;m@<~!-shs{^TtOj?H z3|;Z`HzvWsiitagQf-_fQFqNX>Wm2l31a7^jLVlr{RVEKU_915DJBHl_U#HDPj~6* z>wl@t^21tLolZ_>-LiFS-A|R;t4C#UO^_=i3k#WFzmmHwvGX4upPufy!86%eET_S? z?FlB-z0B<5sp4XhVsiFCD!23pXetu_(~``!`vi6N+V0)EUqSA2@$jTkN{!B(Ia51V zQC~$G)9 zYeYmwrckuanlL?8u(o4U#qoQEP6w1;y}D)ie&`;d(?ut!bjv*l&7OQ7YeThN*2=zk zF=KHts7t|+D1+M(wcKMT8s+r`Ah^x8yOs<60_c?`zhDLm8KUmT?H?Qdx5)dH!?D_MFWZI#S$rq1v zB+wAf5s2Dv@Q!zXOEuAN&0x^rX?S5=J_%t|iN3u&ey6>3h?*0=V^7W~8OvepuYS zvHk<{P1I<&Q|vMhYh$B!B)(gK|5{m@Ze`yU$NDe^tnu^n1LmgXJ4J2#wb~hfxo<8z zJA2>w50|v&B#yC>B$0n!H2PB=3kroQb^j@GwmkvTY3y#FQ}dUJ=S&XqN==Q8$Nl=N z9^28KV?J*cH)DPl{V#bM3xnx-yaP3}NgPM4mWxYSY)bJ`M(cy1MRT<`7O_ zS&2B8pFj5K*SZ{Z1c=Sb&E4AIlqrGE!&jnn#BbWy?BtPi;`%AH>U+?v==j3B21pOa zB;M3b+DVT{dILn$>>~eRy6ei~_wNR=vB$oA`NG)Rzt$Jxdojmi*OV2Nl$a1Ul};_= z?PobfL^8X}%yo0bV>VW&u2)vJtu9TGzJ0Vs^!+N3k(S<$a8c%02z+;RZdn)^gotVo z1{PsuXUF#J(aM)~Je8T53HibT`LcEE))dMsv7wqkgPC?Jo;qch5&8iSAKyzjefpBwFgiTI=#4{#8O>d{c3I*NgCZ^R;=lN7vkDzJ4lIuE4zn=j{mtZ1sLs$wt;IpVe=%!g!U@8!+H#$KE(3~X|%7FAQ@$q{#L zN##by{X~*Agp7@i5eV4Hd~3^dNv*B=bB{e__HOSjw`YMB+|DC=`QE*~XAhd|!~FR8 z_+V}5F($YMJYDKqp64&E)$u*PG;18L#Q9MizAjh-arydnR*j20Z7LidKR(S;xIVZ6 z`9qfC6LR8|XW>^5JwXc_wE$g%13l{hqmSaUg!# zjYh}&`Q4OqD)UK$IdQm8ZeP>1$Ki0jow>QWBR~`Kg)d)rbbq~dL*S9w4vw^+7aF3! zkFHJ?GeCl|u~BJzRif_|-WkhKd)EjYCZWMRaFR-QW7#R#SmoLb`}iQQq6h2i?(Vw38r1=E|{@#%l6Kh&4Fnyf}Txn9EYy_yX2aTKPy=i-Trn`)RLyG(v zhK7c_{@|1P?E&_{z(9ao{Y#fFy`)T{W&z(%fKUONXTYj9kmY-06sQ9Jpy^lp^iU|^ z0LAml-n%J+>SBPj0Q#Kf$CkM?*S}f;8ZsRT``FlD?GE9vRAW_2tEzTwY-|9`ZT=c{ z%pwhLE@+L(sUPcZ!V|uOw&fy*U)$7l$KXAGX$WZ>8aE~-EzQZxdq{(M z_%cB3^@<9BqoM@rEVGZV@5szd3Zz&vWwaNvnZ+n4Xns%ys5%8Gx%A;fVU3HFHYaZJ z{rfiq)&V~_0LK%VcM2wh{7I&aSeqQ!!@PqZ0ZFKg)XGhCnc65)a zgoMOM$B_j+ZS9lOhYHStf~;_?cLO{ty^@tyjUDbExb4ZgYu5?F^Sl&FsU)adl#7cf z#BvbSMk7YzNlS}%W#3ri$<3u#t`Fur$E64#i*o5IMM3}LGPq5MqN9k1!n+e z_e)6pl}E#Gjx0Pl4U$XfHu0qn3Uy{0nToNtPQ0MxIZ8S5sgaJmq1U$Wj4SPRu^k}) z{qO}!``Lr_>jJN18T%_eU9Ydgu{vtm2Q*m;XfiP%BTeC$MeVN(??rt3D$caHaSF9d zKwei9U-EyQAL8LS_H|dz*|R7Eu`}+p98=Kmy95NbLynjfAvq76H451}^y<|KfM@rn zgl!DbaLv4!^7gGmSGA!8L(+0+{oGYjQsM=YrZt`K^kMsZ*T1!wr>3%rA3V4piR2X) z7UtE8J9^K5=)fO6>rovtWu~X6ciFsHbGo~XgZSe7NsuS3Q=PDH=dT%~(bfJ#swTyn zLf_v-%Q3U_o_PAy@G6y>LeZCM!$=GWX~hYC{`@&&@`C4wxw*7z_ck$QWv=aeWsdv! zNSPHOM_wNVP?x`8!YB|xWi#pyS;zY>5I+7kaR=~nUIjc z$j!yCUlSg?G$wQI-^I;+W_sF-Q5O}e1?m%t2ZBRFEFB!ub8>c{%grqT!P2;VWilVW zf=+8`X?gncB??-p2EI#=T$*%!c1|)mHMI#wk|&Moff5lF6-B@_C8wpGZuih3k*Yr| zuzK^Ma}yZk1x#G+*(odzxtenD(ut%b7Q31N&?2wyhx&q?YM!r!%8uyc zuo|8;&yf(ILG zbEkIiQGtmc`9lgxfZlG4A09InT-@kXem;+WIxneviCsif5Y`&X7x=9Gwef=l3dePQ zZCTdL{EZ;Is5+y(xN@b7j*~ViRNY}~Yg-$$st6kDG*HbIkl*o98z3MS7z00e@W29x zJM-d&38+x+9Pxbz4lu(jg>)U>x5kamb(pQOpGn*yP!RhN*rw)Plr&kxF-^9!t&JuA z$I$zr**7$zh`EW$_%~ynDr~z%z`fjeCT3=4Y1{7_!7$my#qr&pq-Y5n$oTG`J=U{6 zZ=Kq?@pSR}^z`(-{?yW-XbDd@T8>P>TVoc0ml$b($$(06wLB?xy%~FNG<2~9y^?ivgWfk=c}B{*6FA%m-FDSxA0+prtm z^D;;}bVoqtr!+v&f_txje5%j1ry<@t4R1%|n&awoi9}*5WxThx;XddaW|A~cGoW&? z1=Ev!tsI*p9zd09n#V;0eYcfkkJL8!fHpo;o9iP`V-pHWg|!Cry?GuNi>I@NL)jTX zeKL#_phZ?zR%7`&!5sMK_k~k$ zYjgQC^aH5k+XE^`tFeyh_L6mMH8u)(x-2x*8~rwGCxbgUYHe)XJm0g5rz--(;cu6p zu$PqNtg)GLr9B&OEk7rKplz$MiLAy7L8m(jLpP4%>0w@L?H%w}>d=jKJpJ(3q4IND zE$u=<(RYQ=%W^@|689-XzRzn-X$3EdP$akmBmy%x{#;#R6ua5`4Vql!Mdjsp9gF^^ z2Ws%u!`Nsj;l@7IFC@a&3#gx0Wmq4KyFdlthv-uTQ()163ZOn`f}&T)%xou+7wSD$ ztZ+b4q-How;ONn#LEneNo59@xtelE@d;BbQZT(KuMOI#>eqi_xITRU!GkQTtEHg~dIyyQo^1M~xbpWnHeGnJqeQ9*m?c>|JJs|260Rn4DW3Omd2LTs<>rFE= z3VJCkdMu_kPYQjvx*CX~ea*N11k+}D-(H!RpP$f>Muwe6qm^FCZVl3e(v24I?g1Y}sy)|R&dJZ83RVpkhfARl@^9Ewy1_-(ZQD+Y z8}S|qlhIuHuo-x!1u63E@(RXZgEz&jtoe4QW*Q(CUtGk&nc_tTi8AVxt5?N=7*E1@7dcvTXMu>j!0pg8FxbC; zzb;v@gd%(_6|^|{(_22M#<+x%xK1p6mZo+jxfw6d*Sv2nuX&dWf?;g7=LRtNvs`JL z#n))L5=I^NFs2Tu9x*kRDe147kni(vGlYX)|9_Yv!Au-sF>I$ZEbDY_>6sZ%u~&ArBk|wG!P{`p!p2V&BJGweO`jP?z&+k2NdN@ z=E~um(iJY9Y^GA9X5UDztgcGVY7-9QtKGK#TwnhTHB2f+XXl3)WYUePW&*V!E9(Rh zM`>+s|4iQm1soYtpJTY|SZfBT8X=@e$HcSMAR`)VU)~J;GA9;CHNrElKUz}tLrg72 zda`+jI#?6v9J4l4W>z1w)&K?oJFon4GP@5`N79^nv}Tbtop_s1NP~PlAfV!7zG?j7 zBS!?FE`X}0^vWw!$b{g@7$g<@lBo2cp~2GH`oP>oj=!u!EyCQ~{GqskE3DCno2yw3 zSRg-!d>op{9^15OlZCAu4ajB++Su5z$jQldDX7P_fSLuh;v5nU$7R4FWaZ%C5o$h6 z(mZEgv6@B2Izz=R<9Pqgi2QgAI#1>?6lHqg4i#}MXSr(%%J#(m_~yE@II{DMXkXOV zE`!fKHqI&FDN=`B<6Z?!;)(_jq=xYc{#Oz!Vrzt z4GIEprQpe`g;w-ba|OoK+}wanzVp&X|Jl;pkj|0Ck>*l&FSaS&BOfnt)HBLQQ3;8b zYfD**{sXtRa&mJ1_iiEj?jINCu8M%&y?==bKj{lmCfs zt#LEQhx&zwA>xJ4xp{c(7eq}#J}dYSDucg}>*=2i0xT(o|>K{kpItU_V5C|MX{qks>ED zsDof~;xw~jKaZk*{&@c@(X8zD#<`2?AqQsX<_d?s!K+|IfoKE|SRwL@2iPB1=yW!) zR%T{qs_-%qqbUa$flEq3k>!Ywd>puqII*@C^>a+*m&L@7TIc)ZZQxaxx?ks?I=#fy zkEa8^QO0+d-oMYEFXw!3qyE7IL7)j(5cqugNm*z>w3k-!Fbqu-7TqOUmNyjq|z zNO_NS?;>by79U8MmPx^Gr~-4OTrxk1vjtDydRRPY{K6EMscA0PjwuTSkqEzl$Y zJ-h;(7J$EfvxWra8@?e*1;MaFfKS_^7aEeFG>4UhLj#7-4pIT?)WiY5R!|E;FeCZz z%?wCZp@NLqYahGQ0ZkxMY3rNEq1FW}=HbSgFRU*>f=Ye2$pyu&fe%*?fMABIp?qp{ z+aN`v(R5N#qXKd5PhsHEh!sD_6FzTY0MP8JgL>j}^ITB>#Li~07R zRK(H2;^IzgZEdB03XL#@sy7jI$OyopzQ6yxNSq^NC1WmQolBr@-Rt-bTu>L)Lc;So zA8;yLmO8cMes8{wm0QE!ntoC}V5Ydfdk{&19UcXS%3`m5U<#$gr-)w@netuj+x;;pdLBjKx{+OdZa0uW*APf{{ za2?khGuHi;s2zGJ@RaVc@$($E#@vXe z=4OzFV~Z16OCG;{no~i4NUR*oblJWp;E<$bHiHAfpw!M3J_ao2Tf{Mu69OEGLo9yz zqT}dz(J$YCa)U}y z|MqaEnTt3GLA?x;KRLHhalLyc!p{h7GR0SSeQmlFraAspoDzB)_hX*XKuSsqJf(BDZYjPfQr{E)mc(LRZYQC!b6ex; zio0JunJ}i!|Hdq&O z5Dtc3m6?mcerHi4zGyTMiA`Xz7A4FIxVrzIzW~F60?g*w%*+l)KjN=nzt%I@zhg8e z`N|-sp$ps;#`%EfrAX$74<9n>2ylU_T^?_`dhOcilaxKOFRd&r5Mcal-M&{8tfR+| zA5XugZa-jh{siEysGM9UHIh<^>4V=Bg))8%@U(%X=>SF4nmwGI0JnmNqYDSaupM@Q zR%M(P^D1nDl8wPmU}YqkYp!m&aNz>O5h9Tkz+JZh1FxWfAJLb|<^*5CLIUNmAGilv zt&E>FXE?PF0KotMj!{=7h;wQ?rr`omD@a$t=x-mjF__(up9$XG*G6W_iuIu&TKhJ? zT}w-gJlDH}p}=8Fb8>MdfCX0yx(ZaV0LaQ$Am5=B9b TIP: The secret may be created in the standard way with the `--from-file=./keystore`, `--from-file=./truststore`, `--from-literal=keystore-password=KEYSTORE_PASSWORD` and `--from-literal=truststore-password=TRUSTSTORE_PASSWORD` options. This assumes that the stores are in the current working directory and the KEYSTORE_PASSWORD and TRUSTSTORE_PASSWORD placeholders are replaced with the correct keystore and truststore passwords respectively. Example: -This chart also supports mounting custom configuration file(s) for Apache Cassandra. This is achieved by setting the `existingConfiguration` parameter with the name of a ConfigMap that includes the custom configuration file(s). +```console +kubectl create secret generic my-exisiting-stores --from-file=./keystore --from-file=./truststore +kubectl create secret generic my-stores-password --from-literal=keystore-password=KEYSTORE_PASSWORD --from-literal=truststore-password=TRUSTSTORE_PASSWORD +``` -> NOTE: This ConfigMap will override other Apache Cassandra configuration variables set in the chart. +Keystore and Truststore files can be dinamycally created from the certificates files. In this case a secret with the tls.crt, tls.key and ca.crt in pem format is required. The following example shows how the secret can be created and assumes that all certificate files are in the working directory: -Refer to the chart documentation for more [information on customizing an Apache Cassandra deployment](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/configuration/customize-new-instance/). +```console +kubectl create secret tls my-certs --cert ./tls.crt --key ./tls.key +kubectl patch secret my-certs -p="{\"data\":{\"ca.crt\": \"$(cat ./ca.crt | base64 )\"}}" +``` + +To enable this feature `tls.autoGenerated` must be set and the new secret should be set in `tls.certificateSecret`: + +```text +tls.internodeEncryption=all +tls.clientEncryption=true +tls.autoGenerated=true +tls.certificatesSecret=my-certs +tls.passwordsSecret=my-stores-password +``` ### Initialize the database -The [Bitnami Apache Cassandra image](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image supports the use of custom scripts to initialize a fresh instance. This may be done by creating a Kubernetes ConfigMap that includes the necessary *sh* or *cql* scripts and passing this ConfigMap to the chart via the *initDBConfigMap* parameter. +The [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image supports the use of custom scripts to initialize a fresh instance. This may be done by creating a Kubernetes ConfigMap that includes the necessary `.sh` or `.cql` scripts and passing this ConfigMap to the chart via the `initDBConfigMap` parameter. -Refer to the chart documentation for more [information on customizing an Apache Cassandra deployment](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/configuration/customize-new-instance/). +### Use a custom configuration file + +This chart also supports mounting custom configuration file(s) for Apache Cassandra. This is achieved by setting the `existingConfiguration` parameter with the name of a ConfigMap that includes the custom configuration file(s). Here is an example of deploying the chart with a custom configuration file stored in a ConfigMap named `cassandra-configuration`: + +```text +existingConfiguration=cassandra-configuration +``` + +> NOTE: This ConfigMap will override other Apache Cassandra configuration variables set in the chart. ### Set pod affinity @@ -426,8 +460,6 @@ For this version, there have been [intensive efforts](https://cwiki.apache.org/c [On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/administration/upgrade-helm3/). - ### To 6.0.0 - Several parameters were renamed or disappeared in favor of new ones on this major version: diff --git a/charts/bitnami/cassandra/templates/NOTES.txt b/charts/bitnami/cassandra/templates/NOTES.txt index 994177d72..fdedcdd38 100644 --- a/charts/bitnami/cassandra/templates/NOTES.txt +++ b/charts/bitnami/cassandra/templates/NOTES.txt @@ -15,11 +15,11 @@ The chart has been deployed in diagnostic mode. All probes have been disabled an Get the list of pods by executing: - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }} Access the pod you want to debug by executing - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + kubectl exec --namespace {{ include "common.names.namespace" . }} -ti -- bash In order to replicate the container startup scripts execute this command: @@ -29,7 +29,7 @@ In order to replicate the container startup scripts execute this command: Cassandra can be accessed through the following URLs from within the cluster: - - CQL: {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.cql }} + - CQL: {{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.cql }} To get your password run: @@ -37,13 +37,13 @@ To get your password run: Check the cluster status by running: - kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status + kubectl exec -it --namespace {{ include "common.names.namespace" . }} $(kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status To connect to your Cassandra cluster using CQL: 1. Run a Cassandra pod that you can use as a client: - kubectl run --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \ + kubectl run --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \ --env CASSANDRA_PASSWORD=$CASSANDRA_PASSWORD \ {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ include "common.names.name" . }}-client=true"{{ end }} \ --image {{ include "cassandra.image" . }} -- bash @@ -63,22 +63,22 @@ To connect to your database from outside the cluster execute the following comma {{- if contains "NodePort" .Values.service.type }} - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $NODE_IP $NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' + Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "common.names.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $SERVICE_IP {{- else if contains "ClusterIP" .Values.service.type }} - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.cql }}:{{ .Values.service.ports.cql }} & + kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.cql }}:{{ .Values.service.ports.cql }} & cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD 127.0.0.1 {{ .Values.service.ports.cql }} {{- end }} diff --git a/charts/bitnami/cassandra/templates/_helpers.tpl b/charts/bitnami/cassandra/templates/_helpers.tpl index 2cca29ed5..f82e9223f 100644 --- a/charts/bitnami/cassandra/templates/_helpers.tpl +++ b/charts/bitnami/cassandra/templates/_helpers.tpl @@ -50,7 +50,7 @@ Return the list of Cassandra seed nodes {{- define "cassandra.seeds" -}} {{- $seeds := list }} {{- $fullname := include "common.names.fullname" . }} -{{- $releaseNamespace := .Release.Namespace }} +{{- $releaseNamespace := include "common.names.namespace" . }} {{- $clusterDomain := .Values.clusterDomain }} {{- $seedCount := .Values.cluster.seedCount | int }} {{- range $e, $i := until $seedCount }} @@ -203,7 +203,7 @@ otherwise it generates a random value. {{- if .Values.dbUser.password }} {{- .Values.dbUser.password }} {{- else if (not .Values.dbUser.forcePassword) }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "cassandra-password") -}} + {{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (include "common.names.fullname" .) "Length" 10 "Key" "cassandra-password") -}} {{- else }} {{ required "A Cassandra Password is required!" .Values.dbUser.password }} {{- end }} @@ -213,7 +213,7 @@ otherwise it generates a random value. {{- if .Values.tls.keystorePassword }} {{- .Values.tls.keystorePassword }} {{- else }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (printf "%s-%s" (include "common.names.fullname" .) "tls-pass" | trunc 63 | trimSuffix "-") "Length" 10 "Key" "keystore-password") -}} + {{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (printf "%s-%s" (include "common.names.fullname" .) "tls-pass" | trunc 63 | trimSuffix "-") "Length" 10 "Key" "keystore-password") -}} {{- end }} {{- end -}} @@ -221,7 +221,7 @@ otherwise it generates a random value. {{- if .Values.tls.truststorePassword }} {{- .Values.tls.truststorePassword }} {{- else }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (printf "%s-%s" (include "common.names.fullname" .) "tls-pass" | trunc 63 | trimSuffix "-") "Length" 10 "Key" "truststore-password") -}} + {{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (printf "%s-%s" (include "common.names.fullname" .) "tls-pass" | trunc 63 | trimSuffix "-") "Length" 10 "Key" "truststore-password") -}} {{- end }} {{- end -}} diff --git a/charts/bitnami/cassandra/templates/cassandra-secret.yaml b/charts/bitnami/cassandra/templates/cassandra-secret.yaml index 847cad0be..44908395e 100644 --- a/charts/bitnami/cassandra/templates/cassandra-secret.yaml +++ b/charts/bitnami/cassandra/templates/cassandra-secret.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -23,7 +23,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-tls-pass" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/charts/bitnami/cassandra/templates/headless-svc.yaml b/charts/bitnami/cassandra/templates/headless-svc.yaml index a9f77d28e..9c9b2b8c0 100644 --- a/charts/bitnami/cassandra/templates/headless-svc.yaml +++ b/charts/bitnami/cassandra/templates/headless-svc.yaml @@ -7,7 +7,7 @@ apiVersion: v1 kind: Service metadata: name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} diff --git a/charts/bitnami/cassandra/templates/metrics-configmap.yaml b/charts/bitnami/cassandra/templates/metrics-configmap.yaml index 12595a213..612513b4f 100644 --- a/charts/bitnami/cassandra/templates/metrics-configmap.yaml +++ b/charts/bitnami/cassandra/templates/metrics-configmap.yaml @@ -7,7 +7,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ printf "%s-metrics-conf" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/part-of: cassandra app.kubernetes.io/component: cassandra-exporter diff --git a/charts/bitnami/cassandra/templates/networkpolicy.yaml b/charts/bitnami/cassandra/templates/networkpolicy.yaml index 7182dd866..1ca8aa250 100644 --- a/charts/bitnami/cassandra/templates/networkpolicy.yaml +++ b/charts/bitnami/cassandra/templates/networkpolicy.yaml @@ -8,7 +8,7 @@ kind: NetworkPolicy apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -17,30 +17,66 @@ spec: {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - ingress: - # Allow inbound connections - # CQL port + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution - ports: - - port: {{ .Values.service.ports.cql }} - from: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow connection to other cluster pods + - ports: + - port: {{ .Values.containerPorts.cql }} + - port: {{ .Values.containerPorts.jmx }} + - port: {{ .Values.containerPorts.tls }} + - port: {{ .Values.containerPorts.intra }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.containerPorts.cql }} + - port: {{ .Values.containerPorts.jmx }} + - port: {{ .Values.containerPorts.tls }} + - port: {{ .Values.containerPorts.intra }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPorts.http }} + - port: {{ .Values.metrics.containerPorts.jmx }} + {{- end }} {{- if not .Values.networkPolicy.allowExternal }} + from: - podSelector: matchLabels: - {{ include "common.names.fullname" . }}-client: "true" - {{- end }} - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - # Internal ports - - ports: - - port: intra - - port: tls - - port: jmx - from: + {{ template "common.names.fullname" . }}-client: "true" - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes for metrics - - ports: - - port: {{ .Values.metrics.containerPorts.http | default "8080" }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/bitnami/cassandra/templates/pdb.yaml b/charts/bitnami/cassandra/templates/pdb.yaml index 07c37776a..a02d40212 100644 --- a/charts/bitnami/cassandra/templates/pdb.yaml +++ b/charts/bitnami/cassandra/templates/pdb.yaml @@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/charts/bitnami/cassandra/templates/service.yaml b/charts/bitnami/cassandra/templates/service.yaml index 1dbb251a6..270a7917d 100644 --- a/charts/bitnami/cassandra/templates/service.yaml +++ b/charts/bitnami/cassandra/templates/service.yaml @@ -7,7 +7,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.service.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} diff --git a/charts/bitnami/cassandra/templates/serviceaccount.yaml b/charts/bitnami/cassandra/templates/serviceaccount.yaml index 24e9b6984..b167a160f 100644 --- a/charts/bitnami/cassandra/templates/serviceaccount.yaml +++ b/charts/bitnami/cassandra/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "cassandra.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} diff --git a/charts/bitnami/cassandra/templates/servicemonitor.yaml b/charts/bitnami/cassandra/templates/servicemonitor.yaml index 08748490f..6271dbbc7 100644 --- a/charts/bitnami/cassandra/templates/servicemonitor.yaml +++ b/charts/bitnami/cassandra/templates/servicemonitor.yaml @@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default include "common.names.namespace" . .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} {{- if .Values.metrics.serviceMonitor.additionalLabels }} @@ -45,5 +45,5 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "common.names.namespace" . }} {{- end }} diff --git a/charts/bitnami/cassandra/templates/statefulset.yaml b/charts/bitnami/cassandra/templates/statefulset.yaml index f17c4279e..8b16bea4b 100644 --- a/charts/bitnami/cassandra/templates/statefulset.yaml +++ b/charts/bitnami/cassandra/templates/statefulset.yaml @@ -7,7 +7,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/charts/bitnami/cassandra/templates/tls-secret.yaml b/charts/bitnami/cassandra/templates/tls-secret.yaml index 56722c8e3..47217082f 100644 --- a/charts/bitnami/cassandra/templates/tls-secret.yaml +++ b/charts/bitnami/cassandra/templates/tls-secret.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} {{- $ca := genCA "cassandra-ca" 365 }} {{- $fullname := include "common.names.fullname" . }} -{{- $releaseNamespace := .Release.Namespace }} +{{- $releaseNamespace := include "common.names.namespace" . }} {{- $clusterDomain := .Values.clusterDomain }} {{- $serviceName := include "common.names.fullname" . }} {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} @@ -17,7 +17,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/charts/bitnami/cassandra/values.yaml b/charts/bitnami/cassandra/values.yaml index 4409e65cb..ad0d1ceb2 100644 --- a/charts/bitnami/cassandra/values.yaml +++ b/charts/bitnami/cassandra/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.3-debian-11-r81 + tag: 4.1.3-debian-11-r85 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -296,7 +296,7 @@ podSecurityContext: ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context -## @param containerSecurityContext.seLinuxOptions Set SELinux options in container +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser ## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation ## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped @@ -307,7 +307,7 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -553,20 +553,63 @@ service: ## @param service.headless.annotations Annotations for the headless service. ## annotations: {} -## Network policies + +## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port Redis® is listening - ## on. When true, Redis® will accept connections from any source + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source ## (with the correct destination port). ## allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## @section Persistence parameters ## @@ -639,7 +682,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r94 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -675,7 +718,7 @@ volumePermissions: ## Init container Security Context ## Note: the chown of the data folder is done to securityContext.runAsUser ## and not the below volumePermissions.securityContext.runAsUser - ## @param volumePermissions.securityContext.seLinuxOptions Set SELinux options in container + ## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.securityContext.runAsUser User ID for the init container ## ## When runAsUser is set to special value "auto", init container will try to chwon the @@ -685,7 +728,7 @@ volumePermissions: ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false ## securityContext: - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 0 ## @section Metrics parameters @@ -709,7 +752,7 @@ metrics: image: registry: docker.io repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-11-r433 + tag: 2.3.8-debian-11-r436 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/kafka/.helmignore b/charts/bitnami/kafka/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/kafka/.helmignore +++ b/charts/bitnami/kafka/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/kafka/Chart.lock b/charts/bitnami/kafka/Chart.lock index 8c35de998..a5e7c4d63 100644 --- a/charts/bitnami/kafka/Chart.lock +++ b/charts/bitnami/kafka/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: oci://registry-1.docker.io/bitnamicharts - version: 12.5.0 + version: 12.8.0 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.14.1 -digest: sha256:e4feec8f181106637521ad9f041bab689837c3793a890cbd82d0fe386eb7b4b3 -generated: "2024-01-17T19:59:13.138728344Z" +digest: sha256:3178a4d20ef8d4102df204eae515d83d6e013deb87e687c7b60510525290acde +generated: "2024-02-02T16:50:14.687087671Z" diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index 1e6db8651..dee643917 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -6,15 +6,15 @@ annotations: category: Infrastructure images: | - name: jmx-exporter - image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r3 + image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r6 - name: kafka-exporter - image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r136 + image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r140 - name: kafka - image: docker.io/bitnami/kafka:3.6.1-debian-11-r1 + image: docker.io/bitnami/kafka:3.6.1-debian-11-r6 - name: kubectl - image: docker.io/bitnami/kubectl:1.29.0-debian-11-r2 + image: docker.io/bitnami/kubectl:1.29.1-debian-11-r3 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 licenses: Apache-2.0 apiVersion: v2 appVersion: 3.6.1 @@ -45,4 +45,4 @@ maintainers: name: kafka sources: - https://github.com/bitnami/charts/tree/main/bitnami/kafka -version: 26.8.0 +version: 26.8.5 diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md index 684ed86dd..6d31cf8fe 100644 --- a/charts/bitnami/kafka/README.md +++ b/charts/bitnami/kafka/README.md @@ -237,12 +237,13 @@ The command removes all the Kubernetes components associated with the chart and | `controller.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` | | `controller.podSecurityContext.seccompProfile.type` | Set Kafka pods's Security Context seccomp profile | `RuntimeDefault` | | `controller.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` | -| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `controller.containerSecurityContext.runAsUser` | Set Kafka containers' Security Context runAsUser | `1001` | | `controller.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` | | `controller.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` | | `controller.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly only | `true` | | `controller.containerSecurityContext.capabilities.drop` | Set Kafka containers' server Security Context capabilities to be dropped | `["ALL"]` | +| `controller.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `controller.hostAliases` | Kafka pods host aliases | `[]` | | `controller.hostNetwork` | Specify if host network should be enabled for Kafka pods | `false` | | `controller.hostIPC` | Specify if host IPC should be enabled for Kafka pods | `false` | @@ -342,12 +343,13 @@ The command removes all the Kubernetes components associated with the chart and | `broker.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` | | `broker.podSecurityContext.seccompProfile.type` | Set Kafka pod's Security Context seccomp profile | `RuntimeDefault` | | `broker.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` | -| `broker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `broker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `broker.containerSecurityContext.runAsUser` | Set Kafka containers' Security Context runAsUser | `1001` | | `broker.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` | | `broker.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` | | `broker.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly only | `true` | | `broker.containerSecurityContext.capabilities.drop` | Set Kafka containers' server Security Context capabilities to be dropped | `["ALL"]` | +| `broker.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `broker.hostAliases` | Kafka pods host aliases | `[]` | | `broker.hostNetwork` | Specify if host network should be enabled for Kafka pods | `false` | | `broker.hostIPC` | Specify if host IPC should be enabled for Kafka pods | `false` | @@ -429,7 +431,7 @@ The command removes all the Kubernetes components associated with the chart and | `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` | | `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` | | `externalAccess.autoDiscovery.containerSecurityContext.enabled` | Enable Kafka auto-discovery containers' Security Context | `true` | -| `externalAccess.autoDiscovery.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `externalAccess.autoDiscovery.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `externalAccess.autoDiscovery.containerSecurityContext.runAsUser` | Set Kafka auto-discovery containers' Security Context runAsUser | `1001` | | `externalAccess.autoDiscovery.containerSecurityContext.runAsNonRoot` | Set Kafka auto-discovery containers' Security Context runAsNonRoot | `true` | | `externalAccess.autoDiscovery.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka auto-discovery containers' Security Context allowPrivilegeEscalation | `false` | @@ -487,7 +489,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | ### Other Parameters @@ -549,12 +551,13 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.kafka.podSecurityContext.fsGroup` | Set Kafka exporter pod's Security Context fsGroup | `1001` | | `metrics.kafka.podSecurityContext.seccompProfile.type` | Set Kafka exporter pod's Security Context seccomp profile | `RuntimeDefault` | | `metrics.kafka.containerSecurityContext.enabled` | Enable Kafka exporter containers' Security Context | `true` | -| `metrics.kafka.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.kafka.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.kafka.containerSecurityContext.runAsUser` | Set Kafka exporter containers' Security Context runAsUser | `1001` | | `metrics.kafka.containerSecurityContext.runAsNonRoot` | Set Kafka exporter containers' Security Context runAsNonRoot | `true` | | `metrics.kafka.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka exporter containers' Security Context allowPrivilegeEscalation | `false` | | `metrics.kafka.containerSecurityContext.readOnlyRootFilesystem` | Set Kafka exporter containers' Security Context readOnlyRootFilesystem | `true` | | `metrics.kafka.containerSecurityContext.capabilities.drop` | Set Kafka exporter containers' Security Context capabilities to be dropped | `["ALL"]` | +| `metrics.kafka.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `metrics.kafka.hostAliases` | Kafka exporter pods host aliases | `[]` | | `metrics.kafka.podLabels` | Extra labels for Kafka exporter pods | `{}` | | `metrics.kafka.podAnnotations` | Extra annotations for Kafka exporter pods | `{}` | @@ -589,7 +592,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` | -| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.jmx.containerSecurityContext.runAsUser` | Set Prometheus JMX exporter containers' Security Context runAsUser | `1001` | | `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` | | `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set Prometheus JMX exporter containers' Security Context allowPrivilegeEscalation | `false` | @@ -626,6 +629,7 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | ---------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | --------------------- | | `provisioning.enabled` | Enable kafka provisioning Job | `false` | +| `provisioning.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `provisioning.numPartitions` | Default number of partitions for topics when unspecified | `1` | | `provisioning.replicationFactor` | Default replication factor for topics when unspecified | `1` | | `provisioning.topics` | Kafka topics to provision | `[]` | @@ -668,7 +672,7 @@ The command removes all the Kubernetes components associated with the chart and | `provisioning.podSecurityContext.fsGroup` | Set Kafka provisioning pod's Security Context fsGroup | `1001` | | `provisioning.podSecurityContext.seccompProfile.type` | Set Kafka provisioning pod's Security Context seccomp profile | `RuntimeDefault` | | `provisioning.containerSecurityContext.enabled` | Enable Kafka provisioning containers' Security Context | `true` | -| `provisioning.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `provisioning.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `provisioning.containerSecurityContext.runAsUser` | Set Kafka provisioning containers' Security Context runAsUser | `1001` | | `provisioning.containerSecurityContext.runAsNonRoot` | Set Kafka provisioning containers' Security Context runAsNonRoot | `true` | | `provisioning.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka provisioning containers' Security Context allowPrivilegeEscalation | `false` | @@ -758,7 +762,7 @@ You can configure different authentication protocols for each listener you confi | sasl | Yes (via SASL) | No | | sasl_tls | Yes (via SASL) | Yes | -Learn more about how to configure Kafka to use the different authentication protocols in the [chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/kafka/administration/enable-security/). +Configure the authentication protocols for client and inter-broker communications by setting the *auth.clientProtocol* and *auth.interBrokerProtocol* parameters to the desired ones, respectively. If you enabled SASL authentication on any listener, you can set the SASL credentials using the parameters below: @@ -959,6 +963,31 @@ externalAccess: external-dns.alpha.kubernetes.io/hostname: "{{ .targetPod }}.example.com" ``` +### Enable metrics + +The chart can optionally start two metrics exporters: + +- Kafka exporter, to expose Kafka metrics. By default, it uses port 9308. +- JMX exporter, to expose JMX metrics. By default, it uses port 5556. + +To create a separate Kafka exporter, use the parameter below: + +```text +metrics.kafka.enabled: true +``` + +To expose JMX metrics to Prometheus, use the parameter below: + +```text +metrics.jmx.enabled: true +``` + +- To enable Zookeeper chart metrics, use the parameter below: + +```text +zookeeper.metrics.enabled: true +``` + ### Sidecars If you have a need for additional containers to run within the same pod as Kafka (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. @@ -1498,4 +1527,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. +limitations under the License. \ No newline at end of file diff --git a/charts/bitnami/kafka/charts/zookeeper/.helmignore b/charts/bitnami/kafka/charts/zookeeper/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/kafka/charts/zookeeper/.helmignore +++ b/charts/bitnami/kafka/charts/zookeeper/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml index cc3510b49..5d0e73c29 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r93 + image: docker.io/bitnami/os-shell:11-debian-11-r94 - name: zookeeper image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r5 licenses: Apache-2.0 @@ -26,4 +26,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 12.5.0 +version: 12.8.0 diff --git a/charts/bitnami/kafka/charts/zookeeper/README.md b/charts/bitnami/kafka/charts/zookeeper/README.md index 3f50dee51..b0b067582 100644 --- a/charts/bitnami/kafka/charts/zookeeper/README.md +++ b/charts/bitnami/kafka/charts/zookeeper/README.md @@ -166,7 +166,7 @@ The command removes all the Kubernetes components associated with the chart and | `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -174,6 +174,7 @@ The command removes all the Kubernetes components associated with the chart and | `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | | `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | | `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `hostAliases` | ZooKeeper pods host aliases | `[]` | | `podLabels` | Extra labels for ZooKeeper pods | `{}` | | `podAnnotations` | Annotations for ZooKeeper pods | `{}` | @@ -225,8 +226,13 @@ The command removes all the Kubernetes components associated with the chart and | `service.headless.annotations` | Annotations for the Headless Service | `{}` | | `service.headless.publishNotReadyAddresses` | If the ZooKeeper headless service should publish DNS records for not ready pods | `true` | | `service.headless.servicenameOverride` | String to partially override headless service name | `""` | -| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Other Parameters @@ -266,7 +272,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | ### Metrics parameters @@ -492,8 +498,6 @@ This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs [On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/zookeeper/administration/upgrade-helm3/). - ### To 5.21.0 A couple of parameters related to Zookeeper metrics were renamed or disappeared in favor of new ones: @@ -540,4 +544,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. diff --git a/charts/bitnami/kafka/charts/zookeeper/templates/networkpolicy.yaml b/charts/bitnami/kafka/charts/zookeeper/templates/networkpolicy.yaml index 34d36f971..e9de1da12 100644 --- a/charts/bitnami/kafka/charts/zookeeper/templates/networkpolicy.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/templates/networkpolicy.yaml @@ -19,6 +19,29 @@ spec: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} policyTypes: - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow internal communications between nodes + - ports: + - port: {{ .Values.containerPorts.follower }} + - port: {{ .Values.containerPorts.election }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} ingress: # Allow inbound connections to ZooKeeper - ports: @@ -28,11 +51,27 @@ spec: {{- end }} {{- if not .Values.networkPolicy.allowExternal }} from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - podSelector: matchLabels: {{ include "common.names.fullname" . }}-client: "true" - podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} {{- end }} # Allow internal communications between nodes - ports: @@ -41,4 +80,7 @@ spec: from: - podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/bitnami/kafka/charts/zookeeper/templates/statefulset.yaml b/charts/bitnami/kafka/charts/zookeeper/templates/statefulset.yaml index 0aa6ffa34..c09849a4d 100644 --- a/charts/bitnami/kafka/charts/zookeeper/templates/statefulset.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/templates/statefulset.yaml @@ -46,6 +46,7 @@ spec: enableServiceLinks: {{ .Values.enableServiceLinks }} serviceAccountName: {{ template "zookeeper.serviceAccountName" . }} {{- include "zookeeper.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- if .Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} {{- end }} diff --git a/charts/bitnami/kafka/charts/zookeeper/values.yaml b/charts/bitnami/kafka/charts/zookeeper/values.yaml index 9d06d661f..fa0b5ead6 100644 --- a/charts/bitnami/kafka/charts/zookeeper/values.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/values.yaml @@ -339,7 +339,7 @@ podSecurityContext: ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions Set SELinux options in container +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged @@ -350,7 +350,7 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -360,6 +360,9 @@ containerSecurityContext: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false ## @param hostAliases ZooKeeper pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -599,12 +602,53 @@ service: networkPolicy: ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal Don't require client label for connections ## When set to false, only pods with the correct client label will have network access to the port Redis® is ## listening on. When true, zookeeper accept connections from any source (with the correct destination port). ## allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## @section Other Parameters @@ -708,7 +752,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r93 + tag: 11-debian-11-r94 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -731,12 +775,12 @@ volumePermissions: ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser ## @param volumePermissions.containerSecurityContext.enabled Enabled init container Security Context - ## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 0 ## @section Metrics parameters diff --git a/charts/bitnami/kafka/templates/_helpers.tpl b/charts/bitnami/kafka/templates/_helpers.tpl index 1426e36c9..79c71ef0f 100644 --- a/charts/bitnami/kafka/templates/_helpers.tpl +++ b/charts/bitnami/kafka/templates/_helpers.tpl @@ -1131,6 +1131,20 @@ kafka: rbac.create K8s API. Please note this initContainer requires specific RBAC resources. You can create them by specifying "--set rbac.create=true". {{- end -}} +{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (gt (int .Values.controller.replicaCount) 0) (not .Values.controller.automountServiceAccountToken) }} +kafka: controller-automountServiceAccountToken + By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" + an initContainer will be used to auto-detect the external IPs/ports by querying the + K8s API. Please note this initContainer requires the service account token. Please set controller.automountServiceAccountToken=true + and broker.automountServiceAccountToken=true. +{{- end -}} +{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (gt (int .Values.broker.replicaCount) 0) (not .Values.broker.automountServiceAccountToken) }} +kafka: broker-automountServiceAccountToken + By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" + an initContainer will be used to auto-detect the external IPs/ports by querying the + K8s API. Please note this initContainer requires the service account token. Please set controller.automountServiceAccountToken=true + and broker.automountServiceAccountToken=true. +{{- end -}} {{- end -}} {{/* Validate values of Kafka - LoadBalancerIPs or LoadBalancerNames should be set when autoDiscovery is disabled */}} diff --git a/charts/bitnami/kafka/templates/broker/statefulset.yaml b/charts/bitnami/kafka/templates/broker/statefulset.yaml index 76cf2d3d6..6e58d12f0 100644 --- a/charts/bitnami/kafka/templates/broker/statefulset.yaml +++ b/charts/bitnami/kafka/templates/broker/statefulset.yaml @@ -52,6 +52,7 @@ spec: {{- end }} spec: {{- include "kafka.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.broker.automountServiceAccountToken }} {{- if .Values.broker.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.broker.hostAliases "context" $) | nindent 8 }} {{- end }} @@ -436,7 +437,9 @@ spec: {{- if or (and .Values.broker.persistence.enabled (not .Values.broker.persistence.existingClaim)) (and .Values.broker.logPersistence.enabled (not .Values.broker.logPersistence.existingClaim)) }} volumeClaimTemplates: {{- if and .Values.broker.persistence.enabled (not .Values.broker.persistence.existingClaim) }} - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data {{- if .Values.broker.persistence.annotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.broker.persistence.annotations "context" $) | nindent 10 }} @@ -458,7 +461,9 @@ spec: {{- end -}} {{- end }} {{- if and .Values.broker.logPersistence.enabled (not .Values.broker.logPersistence.existingClaim) }} - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: logs {{- if .Values.broker.logPersistence.annotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.broker.logPersistence.annotations "context" $) | nindent 10 }} diff --git a/charts/bitnami/kafka/templates/controller-eligible/statefulset.yaml b/charts/bitnami/kafka/templates/controller-eligible/statefulset.yaml index 60235d650..5a713e9f9 100644 --- a/charts/bitnami/kafka/templates/controller-eligible/statefulset.yaml +++ b/charts/bitnami/kafka/templates/controller-eligible/statefulset.yaml @@ -52,6 +52,7 @@ spec: {{- end }} spec: {{- include "kafka.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} {{- if .Values.controller.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.controller.hostAliases "context" $) | nindent 8 }} {{- end }} @@ -435,7 +436,9 @@ spec: {{- if or (and .Values.controller.persistence.enabled (not .Values.controller.persistence.existingClaim)) (and .Values.controller.logPersistence.enabled (not .Values.controller.logPersistence.existingClaim)) }} volumeClaimTemplates: {{- if and .Values.controller.persistence.enabled (not .Values.controller.persistence.existingClaim) }} - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data {{- if .Values.controller.persistence.annotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.persistence.annotations "context" $) | nindent 10 }} @@ -457,7 +460,9 @@ spec: {{- end -}} {{- end }} {{- if and .Values.controller.logPersistence.enabled (not .Values.controller.logPersistence.existingClaim) }} - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: logs {{- if .Values.controller.logPersistence.annotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.logPersistence.annotations "context" $) | nindent 10 }} diff --git a/charts/bitnami/kafka/templates/metrics/deployment.yaml b/charts/bitnami/kafka/templates/metrics/deployment.yaml index 7860a9711..e22b2f801 100644 --- a/charts/bitnami/kafka/templates/metrics/deployment.yaml +++ b/charts/bitnami/kafka/templates/metrics/deployment.yaml @@ -35,6 +35,7 @@ spec: {{- end }} spec: {{- include "kafka.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.metrics.kafka.automountServiceAccountToken }} {{- if .Values.metrics.kafka.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.hostAliases "context" $) | nindent 8 }} {{- end }} diff --git a/charts/bitnami/kafka/templates/provisioning/job.yaml b/charts/bitnami/kafka/templates/provisioning/job.yaml index 8eec3a30e..266fbad2c 100644 --- a/charts/bitnami/kafka/templates/provisioning/job.yaml +++ b/charts/bitnami/kafka/templates/provisioning/job.yaml @@ -28,6 +28,7 @@ spec: {{- end }} spec: serviceAccountName: {{ template "kafka.provisioning.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.provisioning.automountServiceAccountToken }} enableServiceLinks: {{ .Values.provisioning.enableServiceLinks }} {{- include "kafka.imagePullSecrets" . | nindent 6 }} {{- if .Values.provisioning.schedulerName }} diff --git a/charts/bitnami/kafka/templates/scripts-configmap.yaml b/charts/bitnami/kafka/templates/scripts-configmap.yaml index 4e9a9c9cc..bc9157e72 100644 --- a/charts/bitnami/kafka/templates/scripts-configmap.yaml +++ b/charts/bitnami/kafka/templates/scripts-configmap.yaml @@ -333,7 +333,7 @@ data: if [[ -f "/bitnami/kafka/data/meta.properties" ]]; then if grep -q "broker.id" /bitnami/kafka/data/meta.properties; then ID="$(grep "broker.id" /bitnami/kafka/data/meta.properties | awk -F '=' '{print $2}')" - {{- if or (not .Values.broker.zookeeperMigrationMode) (and (not .Values.zookeeper.enabled) (not .Values.externalZookeeper.servers)) }} + {{- if or (and .Values.kraft.enabled (not .Values.broker.zookeeperMigrationMode)) (and (not .Values.zookeeper.enabled) (not .Values.externalZookeeper.servers)) }} kafka_conf_set "$KAFKA_CONFIG_FILE" "node.id" "$ID" {{- else }} kafka_conf_set "$KAFKA_CONFIG_FILE" "broker.id" "$ID" diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index 210962554..298b2e0b5 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -80,7 +80,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.6.1-debian-11-r1 + tag: 3.6.1-debian-11-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -620,7 +620,7 @@ controller: ## Kafka containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param controller.containerSecurityContext.enabled Enable Kafka containers' Security Context - ## @param controller.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param controller.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param controller.containerSecurityContext.runAsUser Set Kafka containers' Security Context runAsUser ## @param controller.containerSecurityContext.runAsNonRoot Set Kafka containers' Security Context runAsNonRoot ## @param controller.containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as non-privileged @@ -635,13 +635,16 @@ controller: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] + ## @param controller.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false ## @param controller.hostAliases Kafka pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -1017,7 +1020,7 @@ broker: ## Kafka containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param broker.containerSecurityContext.enabled Enable Kafka containers' Security Context - ## @param broker.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param broker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param broker.containerSecurityContext.runAsUser Set Kafka containers' Security Context runAsUser ## @param broker.containerSecurityContext.runAsNonRoot Set Kafka containers' Security Context runAsNonRoot ## @param broker.containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as non-privileged @@ -1032,13 +1035,16 @@ broker: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] + ## @param broker.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false ## @param broker.hostAliases Kafka pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -1370,7 +1376,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.29.0-debian-11-r2 + tag: 1.29.1-debian-11-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1395,7 +1401,7 @@ externalAccess: ## Kafka provisioning containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param externalAccess.autoDiscovery.containerSecurityContext.enabled Enable Kafka auto-discovery containers' Security Context - ## @param externalAccess.autoDiscovery.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param externalAccess.autoDiscovery.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param externalAccess.autoDiscovery.containerSecurityContext.runAsUser Set Kafka auto-discovery containers' Security Context runAsUser ## @param externalAccess.autoDiscovery.containerSecurityContext.runAsNonRoot Set Kafka auto-discovery containers' Security Context runAsNonRoot ## @param externalAccess.autoDiscovery.containerSecurityContext.allowPrivilegeEscalation Set Kafka auto-discovery containers' Security Context allowPrivilegeEscalation @@ -1411,7 +1417,7 @@ externalAccess: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false @@ -1656,7 +1662,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r94 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1678,11 +1684,11 @@ volumePermissions: ## Init container' Security Context ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser - ## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## containerSecurityContext: - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 0 ## @section Other Parameters @@ -1740,7 +1746,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.7.0-debian-11-r136 + tag: 1.7.0-debian-11-r140 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1870,7 +1876,7 @@ metrics: ## Kafka exporter containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.kafka.containerSecurityContext.enabled Enable Kafka exporter containers' Security Context - ## @param metrics.kafka.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.kafka.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.kafka.containerSecurityContext.runAsUser Set Kafka exporter containers' Security Context runAsUser ## @param metrics.kafka.containerSecurityContext.runAsNonRoot Set Kafka exporter containers' Security Context runAsNonRoot ## @param metrics.kafka.containerSecurityContext.allowPrivilegeEscalation Set Kafka exporter containers' Security Context allowPrivilegeEscalation @@ -1885,13 +1891,16 @@ metrics: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] + ## @param metrics.kafka.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false ## @param metrics.kafka.hostAliases Kafka exporter pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -2056,7 +2065,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.20.0-debian-11-r3 + tag: 0.20.0-debian-11-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2073,7 +2082,7 @@ metrics: ## Prometheus JMX exporter containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.jmx.containerSecurityContext.enabled Enable Prometheus JMX exporter containers' Security Context - ## @param metrics.jmx.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.jmx.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.jmx.containerSecurityContext.runAsUser Set Prometheus JMX exporter containers' Security Context runAsUser ## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set Prometheus JMX exporter containers' Security Context runAsNonRoot ## @param metrics.jmx.containerSecurityContext.allowPrivilegeEscalation Set Prometheus JMX exporter containers' Security Context allowPrivilegeEscalation @@ -2088,7 +2097,7 @@ metrics: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false @@ -2227,6 +2236,9 @@ provisioning: ## @param provisioning.enabled Enable kafka provisioning Job ## enabled: false + ## @param provisioning.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false ## @param provisioning.numPartitions Default number of partitions for topics when unspecified ## numPartitions: 1 @@ -2402,7 +2414,7 @@ provisioning: ## Kafka provisioning containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param provisioning.containerSecurityContext.enabled Enable Kafka provisioning containers' Security Context - ## @param provisioning.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param provisioning.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param provisioning.containerSecurityContext.runAsUser Set Kafka provisioning containers' Security Context runAsUser ## @param provisioning.containerSecurityContext.runAsNonRoot Set Kafka provisioning containers' Security Context runAsNonRoot ## @param provisioning.containerSecurityContext.allowPrivilegeEscalation Set Kafka provisioning containers' Security Context allowPrivilegeEscalation @@ -2417,7 +2429,7 @@ provisioning: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false diff --git a/charts/bitnami/mariadb/.helmignore b/charts/bitnami/mariadb/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/mariadb/.helmignore +++ b/charts/bitnami/mariadb/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml index db12ccaf9..759b40a76 100644 --- a/charts/bitnami/mariadb/Chart.yaml +++ b/charts/bitnami/mariadb/Chart.yaml @@ -6,14 +6,14 @@ annotations: category: Database images: | - name: mariadb - image: docker.io/bitnami/mariadb:11.2.2-debian-11-r3 + image: docker.io/bitnami/mariadb:11.2.3-debian-11-r0 - name: mysqld-exporter - image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r2 + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r6 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 licenses: Apache-2.0 apiVersion: v2 -appVersion: 11.2.2 +appVersion: 11.2.3 dependencies: - name: common repository: file://./charts/common @@ -37,4 +37,4 @@ maintainers: name: mariadb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb -version: 15.2.0 +version: 16.0.1 diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md index 37350bf2a..a8da1af2e 100644 --- a/charts/bitnami/mariadb/README.md +++ b/charts/bitnami/mariadb/README.md @@ -116,6 +116,7 @@ The command removes all the Kubernetes components associated with the chart and | `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` | | `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `primary.hostAliases` | Add deployment host aliases | `[]` | +| `primary.containerPorts.mysql` | Container port for mysql | `3306` | | `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` | | `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` | | `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` | @@ -141,7 +142,7 @@ The command removes all the Kubernetes components associated with the chart and | `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | | `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` | -| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` | | `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | @@ -217,6 +218,7 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` | | `secondary.automountServiceAccountToken` | Mount Service Account token in pod | `false` | | `secondary.hostAliases` | Add deployment host aliases | `[]` | +| `secondary.containerPorts.mysql` | Container port for mysql | `3306` | | `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` | | `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` | | `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` | @@ -242,7 +244,7 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | | `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` | -| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` | | `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` | | `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` | @@ -342,8 +344,9 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.annotations` | Annotations for the Exporter pod | `{}` | | `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | | `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | +| `metrics.containerPorts.http` | Container port for http | `9104` | | `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | @@ -381,22 +384,15 @@ The command removes all the Kubernetes components associated with the chart and ### NetworkPolicy parameters -| Name | Description | Value | -| ---------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable network policies | `false` | -| `networkPolicy.metrics.enabled` | Enable network policy for metrics (prometheus) | `false` | -| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` | -| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` | -| `networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled` | Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin. | `false` | -| `networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the primary node. This label will be used to identified the allowed namespace(s). | `{}` | -| `networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the primary node. This label will be used to identified the allowed pod(s). | `{}` | -| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the primary node. | `[]` | -| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled` | Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin. | `false` | -| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to acces the secondary nodes. This label will be used to identified the allowed namespace(s). | `{}` | -| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the secondary nodes. This label will be used to identified the allowed pod(s). | `{}` | -| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules` | Custom network policy for the secondary nodes. | `[]` | -| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | -| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------- | ------ | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation. @@ -443,15 +439,59 @@ The allowed extensions are `.sh`, `.sql` and `.sql.gz`. These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `.sql.gz` files. -[Refer to the chart documentation for more information and a usage example](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/customize-new-instance/). +When using a `.sh` script, you may wish to perform a "one-time" action like creating a database. This can be achieved by adding a condition in the script to ensure that it is executed only on one node, as shown in the example below: + +```yaml +initdbScripts: + my_init_script.sh: | + #!/bin/sh + if [[ $(hostname) == *primary* ]]; then + echo "Primary node" + mysql -P 3306 -uroot -prandompassword -e "create database new_database"; + else + echo "No primary node" + fi +``` ### Sidecars and Init Containers -If additional containers are needed in the same pod as MariaDB (such as additional metrics or logging exporters), they can be defined using the sidecars parameter. +If additional containers are needed in the same pod as MariaDB (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. -The Helm chart already includes sidecar containers for the Prometheus exporters. These can be activated by adding the `--set enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. [See an example of configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/configure-sidecar-init-containers/). +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` -Similarly, additional containers can be added to MariaDB pods using the `initContainers` parameter. [See an example of configuring and using init containers](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/configure-sidecar-init-containers/). +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). ## Persistence @@ -485,6 +525,10 @@ helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb --set auth.r | Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. +### To 16.0.0 + +This section enables NetworkPolicies by default to increase security of the application. It also adapts the values in the `networkPolicy` section to the current Bitnami standards. The removed sections are `networkPolicy.metrics.*`, `networkPolicy.ingressRules.*` and `networkPolicy.egressRules.*`. Check the Parameters table for the new structure. + ### To 14.0.0 This major release bumps the MariaDB version to 11.1. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-between-minor-versions-on-linux/) for upgrading from MariaDB 11.0 to 11.1. No major issues are expected during the upgrade. @@ -522,8 +566,6 @@ Affected values: [On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/administration/upgrade-helm3/). - ### To 8.0.0 - Several parameters were renamed or disappeared in favor of new ones on this major version: diff --git a/charts/bitnami/mariadb/templates/networkpolicy-egress.yaml b/charts/bitnami/mariadb/templates/networkpolicy-egress.yaml deleted file mode 100644 index 64af059fa..000000000 --- a/charts/bitnami/mariadb/templates/networkpolicy-egress.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-egress" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - policyTypes: - - Egress - egress: - {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} - {{- end }} - {{- if .Values.networkPolicy.egressRules.customRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/bitnami/mariadb/templates/networkpolicy.yaml b/charts/bitnami/mariadb/templates/networkpolicy.yaml new file mode 100644 index 000000000..5d5fe77ba --- /dev/null +++ b/charts/bitnami/mariadb/templates/networkpolicy.yaml @@ -0,0 +1,76 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow connection to other cluster pods + - ports: + - port: {{ .Values.primary.containerPorts.mysql }} + - port: {{ .Values.secondary.containerPorts.mysql }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.primary.containerPorts.mysql }} + - port: {{ .Values.secondary.containerPorts.mysql }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPorts.http }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/bitnami/mariadb/templates/primary/configmap.yaml b/charts/bitnami/mariadb/templates/primary/configmap.yaml index 55ed4414e..d51d0a5cc 100644 --- a/charts/bitnami/mariadb/templates/primary/configmap.yaml +++ b/charts/bitnami/mariadb/templates/primary/configmap.yaml @@ -16,5 +16,5 @@ metadata: {{- end }} data: my.cnf: |- -{{ .Values.primary.configuration | indent 4 }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }} {{- end -}} diff --git a/charts/bitnami/mariadb/templates/primary/networkpolicy-ingress.yaml b/charts/bitnami/mariadb/templates/primary/networkpolicy-ingress.yaml deleted file mode 100644 index b3e5e6720..000000000 --- a/charts/bitnami/mariadb/templates/primary/networkpolicy-ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-ingress" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $primaryPodLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $primaryPodLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: primary - ingress: - {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} - - from: - {{- if .Values.networkPolicy.metrics.namespaceSelector }} - - namespaceSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.metrics.podSelector }} - - podSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} - {{- end }} - {{- end }} - {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector) }} - - from: - {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector }} - - namespaceSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector }} - - podSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }} - {{- end }} - {{- end }} - {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (eq .Values.architecture "replication") }} - - from: - {{- $secondaryPodLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }} - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $secondaryPodLabels "context" $ ) | nindent 14 }} - app.kubernetes.io/component: secondary - {{- end }} - {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/bitnami/mariadb/templates/primary/statefulset.yaml b/charts/bitnami/mariadb/templates/primary/statefulset.yaml index 40d78eb9f..0e8dc7ba1 100644 --- a/charts/bitnami/mariadb/templates/primary/statefulset.yaml +++ b/charts/bitnami/mariadb/templates/primary/statefulset.yaml @@ -196,7 +196,7 @@ spec: {{- end }} ports: - name: mysql - containerPort: 3306 + containerPort: {{ .Values.primary.containerPorts.mysql }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.primary.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} @@ -299,11 +299,11 @@ spec: if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") fi - MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:{{ .Values.primary.containerPorts.mysql }} --mysqld.username=root --web.listen-address=:{{ .Values.metrics.containerPorts.http }} {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} {{- end }} ports: - name: metrics - containerPort: 9104 + containerPort: {{ .Values.metrics.containerPorts.http }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.metrics.livenessProbe.enabled }} livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} diff --git a/charts/bitnami/mariadb/templates/secondary/configmap.yaml b/charts/bitnami/mariadb/templates/secondary/configmap.yaml index 8a9599144..ef73b1242 100644 --- a/charts/bitnami/mariadb/templates/secondary/configmap.yaml +++ b/charts/bitnami/mariadb/templates/secondary/configmap.yaml @@ -16,5 +16,5 @@ metadata: {{- end }} data: my.cnf: |- -{{ .Values.secondary.configuration | indent 4 }} + {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.configuration "context" $ ) | nindent 4 }} {{- end -}} diff --git a/charts/bitnami/mariadb/templates/secondary/networkpolicy-ingress.yaml b/charts/bitnami/mariadb/templates/secondary/networkpolicy-ingress.yaml deleted file mode 100644 index d4545af44..000000000 --- a/charts/bitnami/mariadb/templates/secondary/networkpolicy-ingress.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled) }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-ingress-secondary" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $secondaryPodLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $secondaryPodLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: secondary - ingress: - {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} - - from: - {{- if .Values.networkPolicy.metrics.namespaceSelector }} - - namespaceSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.metrics.podSelector }} - - podSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} - {{- end }} - {{- end }} - {{- if and .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector) }} - - from: - {{- if .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector }} - - namespaceSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector }} - - podSelector: - matchLabels: - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }} - {{- end }} - {{- end }} - {{- if .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/bitnami/mariadb/templates/secondary/statefulset.yaml b/charts/bitnami/mariadb/templates/secondary/statefulset.yaml index 7419178cb..194cea901 100644 --- a/charts/bitnami/mariadb/templates/secondary/statefulset.yaml +++ b/charts/bitnami/mariadb/templates/secondary/statefulset.yaml @@ -183,7 +183,7 @@ spec: {{- end }} ports: - name: mysql - containerPort: 3306 + containerPort: {{ .Values.secondary.containerPorts.mysql }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.secondary.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customStartupProbe "context" $) | nindent 12 }} @@ -282,11 +282,11 @@ spec: if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") fi - MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:{{ .Values.secondary.containerPorts.mysql }} --mysqld.username=root --web.listen-address=:{{ .Values.metrics.containerPorts.http }} {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} {{- end }} ports: - name: metrics - containerPort: 9104 + containerPort: {{ .Values.metrics.containerPorts.http }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.metrics.livenessProbe.enabled }} livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml index dac39b648..5c4c99ffd 100644 --- a/charts/bitnami/mariadb/values.yaml +++ b/charts/bitnami/mariadb/values.yaml @@ -90,7 +90,7 @@ serviceBindings: image: registry: docker.io repository: bitnami/mariadb - tag: 11.2.2-debian-11-r3 + tag: 11.2.3-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -192,6 +192,10 @@ primary: ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] + ## @param primary.containerPorts.mysql Container port for mysql + ## + containerPorts: + mysql: 3306 ## @param primary.configuration [string] MariaDB Primary configuration to be injected as ConfigMap ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## @@ -202,7 +206,7 @@ primary: basedir=/opt/bitnami/mariadb datadir=/bitnami/mariadb/data plugin_dir=/opt/bitnami/mariadb/plugin - port=3306 + port={{ .Values.primary.containerPorts.mysql }} socket=/opt/bitnami/mariadb/tmp/mysql.sock tmpdir=/opt/bitnami/mariadb/tmp max_allowed_packet=16M @@ -330,7 +334,7 @@ primary: ## MariaDB primary container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param primary.containerSecurityContext.enabled MariaDB primary container securityContext - ## @param primary.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param primary.containerSecurityContext.runAsUser User ID for the MariaDB primary container ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged @@ -340,7 +344,7 @@ primary: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -607,6 +611,10 @@ secondary: ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] + ## @param secondary.containerPorts.mysql Container port for mysql + ## + containerPorts: + mysql: 3306 ## @param secondary.configuration [string] MariaDB Secondary configuration to be injected as ConfigMap ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## @@ -616,7 +624,7 @@ secondary: explicit_defaults_for_timestamp basedir=/opt/bitnami/mariadb datadir=/bitnami/mariadb/data - port=3306 + port={{ .Values.secondary.containerPorts.mysql }} socket=/opt/bitnami/mariadb/tmp/mysql.sock tmpdir=/opt/bitnami/mariadb/tmp max_allowed_packet=16M @@ -743,7 +751,7 @@ secondary: ## MariaDB secondary container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param secondary.containerSecurityContext.enabled MariaDB secondary container securityContext - ## @param secondary.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param secondary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param secondary.containerSecurityContext.runAsUser User ID for the MariaDB secondary container ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged @@ -753,7 +761,7 @@ secondary: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1038,7 +1046,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r94 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1074,7 +1082,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.15.1-debian-11-r2 + tag: 0.15.1-debian-11-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1135,10 +1143,14 @@ metrics: extraVolumeMounts: primary: [] secondary: [] + ## @param metrics.containerPorts.http Container port for http + ## + containerPorts: + http: 9104 ## MariaDB metrics container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container - ## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container ## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged @@ -1156,7 +1168,7 @@ metrics: enabled: false privileged: false runAsNonRoot: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 allowPrivilegeEscalation: false capabilities: @@ -1285,100 +1297,57 @@ metrics: rules: [] ## @section NetworkPolicy parameters -## - -## Add networkpolicies +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: - ## @param networkPolicy.enabled Enable network policies + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false - ## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus) - ## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. - ## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports Keycloak is + ## listening on. When true, Keycloak will accept connections from any source (with the correct destination port). ## - metrics: - enabled: false - ## e.g: - ## podSelector: - ## label: monitoring - ## - podSelector: {} - ## e.g: - ## namespaceSelector: - ## label: monitoring - ## - namespaceSelector: {} - ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin. - ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the primary node. This label will be used to identified the allowed namespace(s). - ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the primary node. This label will be used to identified the allowed pod(s). - ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules Custom network policy for the primary node. - ## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin. - ## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to acces the secondary nodes. This label will be used to identified the allowed namespace(s). - ## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the secondary nodes. This label will be used to identified the allowed pod(s). - ## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules Custom network policy for the secondary nodes. + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## - ingressRules: - ## Allow access to the primary node only from the indicated: - ## - primaryAccessOnlyFrom: - enabled: false - ## e.g: - ## namespaceSelector: - ## label: ingress - ## - namespaceSelector: {} - ## e.g: - ## podSelector: - ## label: access - ## - podSelector: {} - ## custom ingress rules - ## e.g: - ## customRules: - ## - from: - ## - namespaceSelector: - ## matchLabels: - ## label: example - ## - customRules: [] + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} - ## Allow access to the secondary node only from the indicated: - ## - secondaryAccessOnlyFrom: - enabled: false - ## e.g: - ## namespaceSelector: - ## label: ingress - ## - namespaceSelector: {} - ## e.g: - ## podSelector: - ## label: access - ## - podSelector: {} - ## custom ingress rules - ## e.g: - ## CustomRules: - ## - from: - ## - namespaceSelector: - ## matchLabels: - ## label: example - ## - customRules: [] - - ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). - ## @param networkPolicy.egressRules.customRules Custom network policy rule - ## - egressRules: - # Deny connections to external. This is not compatible with an external database. - denyConnectionsToExternal: false - ## Additional custom egress rules - ## e.g: - ## customRules: - ## - to: - ## - namespaceSelector: - ## matchLabels: - ## label: example - ## - customRules: {} diff --git a/charts/bitnami/mysql/.helmignore b/charts/bitnami/mysql/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/mysql/.helmignore +++ b/charts/bitnami/mysql/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/mysql/Chart.yaml b/charts/bitnami/mysql/Chart.yaml index f26b02be2..9e3dc0050 100644 --- a/charts/bitnami/mysql/Chart.yaml +++ b/charts/bitnami/mysql/Chart.yaml @@ -6,11 +6,11 @@ annotations: category: Database images: | - name: mysql - image: docker.io/bitnami/mysql:8.0.36-debian-11-r0 + image: docker.io/bitnami/mysql:8.0.36-debian-11-r4 - name: mysqld-exporter - image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r2 + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r5 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 licenses: Apache-2.0 apiVersion: v2 appVersion: 8.0.36 @@ -36,4 +36,4 @@ maintainers: name: mysql sources: - https://github.com/bitnami/charts/tree/main/bitnami/mysql -version: 9.18.0 +version: 9.19.1 diff --git a/charts/bitnami/mysql/README.md b/charts/bitnami/mysql/README.md index 3e9712bda..93b26870c 100644 --- a/charts/bitnami/mysql/README.md +++ b/charts/bitnami/mysql/README.md @@ -118,6 +118,7 @@ The command removes all the Kubernetes components associated with the chart and | `primary.hostAliases` | Deployment pod host aliases | `[]` | | `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` | | `primary.existingConfigmap` | Name of existing ConfigMap with MySQL Primary configuration. | `""` | +| `primary.containerPorts.mysql` | Container port for mysql | `3306` | | `primary.updateStrategy.type` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | | `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` | | `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | @@ -140,7 +141,7 @@ The command removes all the Kubernetes components associated with the chart and | `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | | `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | -| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | | `primary.containerSecurityContext.runAsNonRoot` | Set MySQL primary container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` | @@ -220,6 +221,7 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.lifecycleHooks` | for the MySQL Secondary container(s) to automate configuration before or after startup | `{}` | | `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` | | `secondary.existingConfigmap` | Name of existing ConfigMap with MySQL Secondary configuration. | `""` | +| `secondary.containerPorts.mysql` | Container port for mysql | `3306` | | `secondary.updateStrategy.type` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | | `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` | | `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | @@ -242,7 +244,7 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | | `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | -| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | | `secondary.containerSecurityContext.runAsNonRoot` | Set MySQL secondary container's Security Context runAsNonRoot | `true` | | `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` | @@ -322,11 +324,15 @@ The command removes all the Kubernetes components associated with the chart and ### Network Policy -| Name | Description | Value | -| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | -| `networkPolicy.allowExternal` | The Policy model to apply. | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL | `{}` | +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------- | ------ | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Volume Permissions parameters @@ -351,9 +357,10 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.containerSecurityContext.enabled` | MySQL metrics container securityContext | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | User ID for the MySQL metrics container | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set MySQL metrics container's Security Context runAsNonRoot | `true` | +| `metrics.containerPorts.http` | Container port for http | `9104` | | `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` | | `metrics.service.clusterIP` | Kubernetes service clusterIP for MySQL Prometheus Exporter | `""` | | `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` | @@ -425,7 +432,7 @@ Bitnami will release a new chart updating its containers if a new version of the ### Use a different MySQL version -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/mysql/configuration/change-image-version/). +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. ### Customize a new MySQL instance @@ -435,7 +442,19 @@ The allowed extensions are `.sh`, `.sql` and `.sql.gz`. These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `sql.gz` files. -Refer to the [chart documentation for more information and a usage example](https://docs.bitnami.com/kubernetes/infrastructure/mysql/configuration/customize-new-instance/). +When using a `.sh` script, you may wish to perform a "one-time" action like creating a database. This can be achieved by adding a condition in the script to ensure that it is executed only on one node, as shown in the example below: + +```yaml +initdbScripts: + my_init_script.sh: | + #!/bin/sh + if [[ $(hostname) == *master* ]]; then + echo "Master node" + mysql -P 3306 -uroot -prandompassword -e "create database new_database"; + else + echo "No master node" + fi +``` ### Sidecars and Init Containers @@ -557,8 +576,6 @@ helm install mysql oci://REGISTRY_NAME/REPOSITORY_NAME/mysql --set auth.rootPass [On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/mysql/administration/upgrade-helm3/). - ### To 3.0.0 Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. diff --git a/charts/bitnami/mysql/templates/networkpolicy.yaml b/charts/bitnami/mysql/templates/networkpolicy.yaml index 2b076bdbf..22192a512 100644 --- a/charts/bitnami/mysql/templates/networkpolicy.yaml +++ b/charts/bitnami/mysql/templates/networkpolicy.yaml @@ -15,26 +15,64 @@ metadata: {{- end }} spec: podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - ingress: - # Allow inbound connections + matchLabels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow connection to other cluster pods + - ports: + - port: {{ .Values.primary.containerPorts.mysql }} + - port: {{ .Values.secondary.containerPorts.mysql }} - port: {{ .Values.primary.service.ports.mysql }} + - port: {{ .Values.secondary.service.ports.mysql }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.primary.containerPorts.mysql }} + - port: {{ .Values.secondary.containerPorts.mysql }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPorts.http }} + {{- end }} {{- if not .Values.networkPolicy.allowExternal }} from: - podSelector: matchLabels: {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9104 + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/bitnami/mysql/templates/primary/statefulset.yaml b/charts/bitnami/mysql/templates/primary/statefulset.yaml index a6643d162..011856718 100644 --- a/charts/bitnami/mysql/templates/primary/statefulset.yaml +++ b/charts/bitnami/mysql/templates/primary/statefulset.yaml @@ -151,6 +151,8 @@ spec: key: mysql-password {{- end }} {{- end }} + - name: MYSQL_PORT + value: {{ .Values.primary.containerPorts.mysql | quote}} {{- if and .Values.auth.createDatabase .Values.auth.database }} - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} @@ -299,11 +301,11 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root --web.listen-address=:{{ .Values.metrics.containerPorts.http }} {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} {{- end }} ports: - name: metrics - containerPort: 9104 + containerPort: {{ .Values.metrics.containerPorts.http }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.metrics.livenessProbe.enabled }} livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} diff --git a/charts/bitnami/mysql/templates/secondary/statefulset.yaml b/charts/bitnami/mysql/templates/secondary/statefulset.yaml index 23162cc06..3e358b043 100644 --- a/charts/bitnami/mysql/templates/secondary/statefulset.yaml +++ b/charts/bitnami/mysql/templates/secondary/statefulset.yaml @@ -136,6 +136,8 @@ spec: value: {{ .Values.primary.service.ports.mysql | quote }} - name: MYSQL_MASTER_ROOT_USER value: "root" + - name: MYSQL_PORT + value: {{ .Values.secondary.containerPorts.mysql | quote}} - name: MYSQL_REPLICATION_USER value: {{ .Values.auth.replicationUser | quote }} {{- if .Values.auth.usePasswordFiles }} @@ -287,7 +289,7 @@ spec: {{- end }} ports: - name: metrics - containerPort: 9104 + containerPort: {{ .Values.metrics.containerPorts.http }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.metrics.livenessProbe.enabled }} livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} diff --git a/charts/bitnami/mysql/values.yaml b/charts/bitnami/mysql/values.yaml index baf16715c..f5fb356c1 100644 --- a/charts/bitnami/mysql/values.yaml +++ b/charts/bitnami/mysql/values.yaml @@ -85,7 +85,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mysql - tag: 8.0.36-debian-11-r0 + tag: 8.0.36-debian-11-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -212,7 +212,7 @@ primary: explicit_defaults_for_timestamp basedir=/opt/bitnami/mysql plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 + port= {{ .Values.primary.containerPorts.mysql }} socket=/opt/bitnami/mysql/tmp/mysql.sock datadir=/bitnami/mysql/data tmpdir=/opt/bitnami/mysql/tmp @@ -238,6 +238,10 @@ primary: ## NOTE: When it's set the 'configuration' parameter is ignored ## existingConfigmap: "" + ## @param primary.containerPorts.mysql Container port for mysql + ## + containerPorts: + mysql: 3306 ## @param primary.updateStrategy.type Update strategy type for the MySQL primary statefulset ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## @@ -327,7 +331,7 @@ primary: ## MySQL primary container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext - ## @param primary.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container ## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation @@ -336,7 +340,7 @@ primary: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false @@ -624,7 +628,7 @@ secondary: explicit_defaults_for_timestamp basedir=/opt/bitnami/mysql plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 + port={{ .Values.secondary.containerPorts.mysql }} socket=/opt/bitnami/mysql/tmp/mysql.sock datadir=/bitnami/mysql/data tmpdir=/opt/bitnami/mysql/tmp @@ -650,6 +654,10 @@ secondary: ## NOTE: When it's set the 'configuration' parameter is ignored ## existingConfigmap: "" + ## @param secondary.containerPorts.mysql Container port for mysql + ## + containerPorts: + mysql: 3306 ## @param secondary.updateStrategy.type Update strategy type for the MySQL secondary statefulset ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## @@ -740,7 +748,7 @@ secondary: ## MySQL secondary container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext - ## @param secondary.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param secondary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container ## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation @@ -749,7 +757,7 @@ secondary: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false @@ -1045,33 +1053,61 @@ rbac: ## @section Network Policy ## -## MySQL Nework Policy configuration +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false - ## @param networkPolicy.allowExternal The Policy model to apply. - ## When set to false, only pods with the correct - ## client label will have network access to the port MySQL is listening - ## on. When true, MySQL will accept connections from any source - ## (with the correct destination port). + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports Keycloak is + ## listening on. When true, Keycloak will accept connections from any source (with the correct destination port). ## allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend ## - explicitNamespacesSelector: {} + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## @section Volume Permissions parameters ## @@ -1093,7 +1129,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r94 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1127,7 +1163,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.15.1-debian-11-r2 + tag: 0.15.1-debian-11-r5 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1141,15 +1177,19 @@ metrics: ## MySQL metrics container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled MySQL metrics container securityContext - ## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser User ID for the MySQL metrics container ## @param metrics.containerSecurityContext.runAsNonRoot Set MySQL metrics container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true + ## @param metrics.containerPorts.http Container port for http + ## + containerPorts: + http: 9104 ## MySQL Prometheus exporter service parameters ## Mysqld Prometheus exporter liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes diff --git a/charts/bitnami/postgresql/.helmignore b/charts/bitnami/postgresql/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/postgresql/.helmignore +++ b/charts/bitnami/postgresql/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index a01febc97..93681662c 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -6,14 +6,14 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r95 + image: docker.io/bitnami/os-shell:11-debian-11-r96 - name: postgres-exporter - image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r6 + image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r9 - name: postgresql - image: docker.io/bitnami/postgresql:16.1.0-debian-11-r22 + image: docker.io/bitnami/postgresql:16.2.0-debian-11-r1 licenses: Apache-2.0 apiVersion: v2 -appVersion: 16.1.0 +appVersion: 16.2.0 dependencies: - name: common repository: file://./charts/common @@ -38,4 +38,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 13.4.1 +version: 14.0.4 diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md index 31ce3053e..109767ed0 100644 --- a/charts/bitnami/postgresql/README.md +++ b/charts/bitnami/postgresql/README.md @@ -213,7 +213,7 @@ kubectl delete pvc -l release=my-release | `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -248,6 +248,13 @@ kubectl delete pvc -l release=my-release | `primary.sidecars` | Add additional sidecar containers to the PostgreSQL Primary pod(s) | `[]` | | `primary.initContainers` | Add additional init containers to the PostgreSQL Primary pod(s) | `[]` | | `primary.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) | `{}` | +| `primary.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `primary.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `primary.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `false` | +| `primary.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `primary.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `primary.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `primary.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `primary.service.type` | Kubernetes Service type | `ClusterIP` | | `primary.service.ports.postgresql` | PostgreSQL service port | `5432` | | `primary.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | @@ -318,7 +325,7 @@ kubectl delete pvc -l release=my-release | `readReplicas.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -353,6 +360,13 @@ kubectl delete pvc -l release=my-release | `readReplicas.sidecars` | Add additional sidecar containers to the PostgreSQL read only pod(s) | `[]` | | `readReplicas.initContainers` | Add additional init containers to the PostgreSQL read only pod(s) | `[]` | | `readReplicas.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL read only pod(s) | `{}` | +| `readReplicas.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `readReplicas.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `readReplicas.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `false` | +| `readReplicas.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `readReplicas.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `readReplicas.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `readReplicas.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `readReplicas.service.type` | Kubernetes Service type | `ClusterIP` | | `readReplicas.service.ports.postgresql` | PostgreSQL service port | `5432` | | `readReplicas.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | @@ -399,7 +413,7 @@ kubectl delete pvc -l release=my-release | `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` | | `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -452,7 +466,7 @@ kubectl delete pvc -l release=my-release | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` | @@ -485,7 +499,7 @@ kubectl delete pvc -l release=my-release | `metrics.customMetrics` | Define additional custom metrics | `{}` | | `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` | | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -574,7 +588,39 @@ At the top level, there is a service object which defines the services for both ### Use a different PostgreSQL version -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/configuration/change-image-version/). +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. + +### LDAP + +LDAP support can be enabled in the chart by specifying the `ldap.` parameters while creating a release. The following parameters should be configured to properly enable the LDAP support in the chart. + +- **ldap.enabled**: Enable LDAP support. Defaults to `false`. +- **ldap.uri**: LDAP URL beginning in the form `ldap[s]://:`. No defaults. +- **ldap.base**: LDAP base DN. No defaults. +- **ldap.binddn**: LDAP bind DN. No defaults. +- **ldap.bindpw**: LDAP bind password. No defaults. +- **ldap.bslookup**: LDAP base lookup. No defaults. +- **ldap.nss_initgroups_ignoreusers**: LDAP ignored users. `root,nslcd`. +- **ldap.scope**: LDAP search scope. No defaults. +- **ldap.tls_reqcert**: LDAP TLS check on server certificates. No defaults. + +For example: + +```text +ldap.enabled="true" +ldap.uri="ldap://my_ldap_server" +ldap.base="dc=example\,dc=org" +ldap.binddn="cn=admin\,dc=example\,dc=org" +ldap.bindpw="admin" +ldap.bslookup="ou=group-ok\,dc=example\,dc=org" +ldap.nss_initgroups_ignoreusers="root\,nslcd" +ldap.scope="sub" +ldap.tls_reqcert="demand" +``` + +Next, login to the PostgreSQL server using the `psql` client and add the PAM authenticated LDAP users. + +> Note: Parameters including commas must be escaped as shown in the above example. ### postgresql.conf / pg_hba.conf files as configMap @@ -698,7 +744,7 @@ global.postgresql.auth.database=testdb This way, the credentials will be available in all of the subcharts. -## Persistence +### Persistence The [Bitnami PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. @@ -707,7 +753,20 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to the [code present in the container repository](https://github.com/bitnami/containers/tree/main/bitnami/postgresql). If you need to use those data, please covert them to sql and import after `helm install` finished. -## NetworkPolicy +### Backup and restore PostgreSQL deployments + +To back up and restore Bitnami PostgreSQL Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using [Velero](https://velero.io/), a Kubernetes backup/restore tool. + +These are the steps you will usually follow to back up and restore your PostgreSQL cluster data: + +- Install Velero on the source and destination clusters. +- Use Velero to back up the PersistentVolumes (PVs) used by the deployment on the source cluster. +- Use Velero to restore the backed-up PVs on the destination cluster. +- Create a new deployment on the destination cluster with the same chart, deployment name, credentials and other parameters as the original. This new deployment will use the restored PVs and hence the original data. + +Refer to our detailed [tutorial on backing up and restoring PostgreSQL deployments on Kubernetes](https://docs.bitnami.com/tutorials/migrate-data-bitnami-velero/) for more information. + +### NetworkPolicy To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. @@ -722,7 +781,7 @@ With NetworkPolicy enabled, traffic will be limited to just port 5432. For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. This label will be displayed in the output of a successful install. -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image +### Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. - The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. @@ -742,6 +801,12 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 14.0.0 + +This major version adapts the NetworkPolicy objects to the most recent Bitnami standards. Now there is a separate object for `primary` and for `readReplicas`, being located in their corresponding sections. It is also enabled by default in other to comply with the best security standards. + +Check the parameter section for the new value structure. + ### To 13.0.0 This major version changes the default PostgreSQL image from 15.x to 16.x. Follow the [official instructions](https://www.postgresql.org/docs/16/upgrading.html) to upgrade to 16.x. @@ -750,9 +815,191 @@ This major version changes the default PostgreSQL image from 15.x to 16.x. Follo This major version changes the default PostgreSQL image from 14.x to 15.x. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 15.x. -### To any previous version +### To 11.0.0 -Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/). +In this version the application version was bumped to _14.x_ series. Also, this major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. + +- _replication.enabled_ parameter is deprecated in favor of _architecture_ parameter that accepts two values: _standalone_ and _replication_. +- _replication.singleService_ and _replication.uniqueServices_ parameters are deprecated. When using replication, each statefulset (primary and read-only) has its own headless service & service allowing to connect to read-only replicas through the service (round-robin) or individually. +- _postgresqlPostgresPassword_, _postgresqlUsername_, _postgresqlPassword_, _postgresqlDatabase_, _replication.user_, _replication.password_, and _existingSecret_ parameters have been regrouped under the _auth_ map. The _auth_ map uses a new perspective to configure authentication, so please read carefully each sub-parameter description. +- _extraEnv_ has been deprecated in favor of _primary.extraEnvVars_ and _readReplicas.extraEnvVars_. +- _postgresqlConfiguration_, _pgHbaConfiguration_, _configurationConfigMap_, _postgresqlExtendedConf_, and _extendedConfConfigMap_ have been deprecated in favor of _primary.configuration_, _primary.pgHbaConfiguration_, _primary.existingConfigmap_, _primary.extendedConfiguration_, and _primary.existingExtendedConfigmap_. +- _postgresqlInitdbArgs_, _postgresqlInitdbWalDir_, _initdbScripts_, _initdbScriptsConfigMap_, _initdbScriptsSecret_, _initdbUser_ and _initdbPassword_ have been regrouped under the _primary.initdb_ map. +- _postgresqlMaxConnections_, _postgresqlPostgresConnectionLimit_, _postgresqlDbUserConnectionLimit_, _postgresqlTcpKeepalivesInterval_, _postgresqlTcpKeepalivesIdle_, _postgresqlTcpKeepalivesCount_, _postgresqlStatementTimeout_ and _postgresqlPghbaRemoveFilters_ parameters are deprecated. Use _XXX.extraEnvVars_ instead. +- _primaryAsStandBy_ has been deprecated in favor of _primary.standby_. +- _securityContext_ and _containerSecurityContext_ have been deprecated in favor of _primary.podSecurityContext_, _primary.containerSecurityContext_, _readReplicas.podSecurityContext_, and _readReplicas.containerSecurityContext_. +- _livenessProbe_ and _readinessProbe_ maps have been deprecated in favor of _primary.livenessProbe_, _primary.readinessProbe_, _readReplicas.livenessProbe_ and _readReplicas.readinessProbe_ maps. +- _persistence_ map has been deprecated in favor of _primary.persistence_ and _readReplicas.persistence_ maps. +- _networkPolicy_ map has been completely refactored. +- _service_ map has been deprecated in favor of _primary.service_ and _readReplicas.service_ maps. +- _metrics.service.port_ has been regrouped under the _metrics.service.ports_ map. +- _serviceAccount.enabled_ and _serviceAccount.autoMount_ have been deprecated in favor of _serviceAccount.create_ and _serviceAccount.automountServiceAccountToken_. + +#### How to upgrade to version 11.0.0 + +To upgrade to _11.0.0_ from _10.x_, it should be done reusing the PVC(s) used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is _postgresql_): + +> NOTE: Please, create a backup of your database before running any of these actions. + +1. Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: + +```console +export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the PostgreSQL statefulset (notice the option _--cascade=false_) and secret: + +```console +kubectl delete statefulsets.apps postgresql-postgresql --namespace default --cascade=false +kubectl delete secret postgresql --namespace default +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console +CURRENT_VERSION=$(kubectl exec postgresql-postgresql-0 -- bash -c 'echo $BITNAMI_IMAGE_VERSION') +helm upgrade postgresql bitnami/postgresql \ + --set auth.postgresPassword=$POSTGRESQL_PASSWORD \ + --set primary.persistence.existingClaim=$POSTGRESQL_PVC \ + --set image.tag=$CURRENT_VERSION +``` + +1. You will have to delete the existing PostgreSQL pod and the new statefulset is going to create a new one + +```console +kubectl delete pod postgresql-postgresql-0 +``` + +1. Finally, you should see the lines below in PostgreSQL container logs: + +```text +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") +... +postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... +... +``` + +> NOTE: the instructions above reuse the same PostgreSQL version you were using in your chart release. Otherwise, you will find an error such as the one below when upgrading since the new chart major version also bumps the application version. To workaround this issue you need to upgrade database, please refer to the [official PostgreSQL documentation](https://www.postgresql.org/docs/current/upgrading.html) for more information about this. + +```console +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") + ... +postgresql 08:10:14.72 INFO ==> ** Starting PostgreSQL ** +2022-02-01 08:10:14.734 GMT [1] FATAL: database files are incompatible with server +2022-02-01 08:10:14.734 GMT [1] DETAIL: The data directory was initialized by PostgreSQL version 11, which is not compatible with this version 14.1. +``` + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the _requirements.yaml_ to the _Chart.yaml_ +- After running _helm dependency update_, a _Chart.lock_ file is generated containing the same structure used in the previous _requirements.lock_ +- The different fields present in the _Chart.yaml_ file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. +- The term _master_ has been replaced with _primary_ and _slave_ with _readReplicas_ throughout the chart. Role names have changed from _master_ and _slave_ to _primary_ and _read_. + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version does not support Helm v2 anymore. +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3. + +#### Useful links + +- [Bitnami Tutorial](https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues) +- [Helm docs](https://helm.sh/docs/topics/v2_v3_migration) +- [Helm Blog](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3) + +#### How to upgrade to version 10.0.0 + +To upgrade to _10.0.0_ from _9.x_, it should be done reusing the PVC(s) used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is _postgresql_): + +> NOTE: Please, create a backup of your database before running any of those actions. + +1. Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: + +```console +export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the PostgreSQL statefulset (notice the option _--cascade=false_): + +```console +kubectl delete statefulsets.apps postgresql-postgresql --namespace default --cascade=false +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console +helm upgrade postgresql bitnami/postgresql \ + --set postgresqlPassword=$POSTGRESQL_PASSWORD \ + --set persistence.existingClaim=$POSTGRESQL_PVC +``` + +1. Delete the existing PostgreSQL pod and the new statefulset will create a new one: + +```console +kubectl delete pod postgresql-postgresql-0 +``` + +1. Finally, you should see the lines below in PostgreSQL container logs: + +```text +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +... +postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... +... +``` + +### To 9.0.0 + +In this version the chart was adapted to follow the [Helm standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). + +- Some inmutable objects were modified to adopt Helm standard labels introducing backward incompatibilities. + +#### How to upgrade to version 9.0.0 + +To upgrade to _9.0.0_ from _8.x_, it should be done reusing the PVC(s) used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is _postgresql_): + +> NOTE: Please, create a backup of your database before running any of those actions. + +1. Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: + +```console +export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +export POSTGRESQL_PVC=$(kubectl get pvc -l app=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") +``` + +1. Delete the PostgreSQL statefulset (notice the option _--cascade=false_): + +```console +kubectl delete statefulsets.apps postgresql-postgresql --namespace default --cascade=false +``` + +1. Upgrade your release using the same PostgreSQL version: + +```console +helm upgrade postgresql bitnami/postgresql \ + --set postgresqlPassword=$POSTGRESQL_PASSWORD \ + --set persistence.existingClaim=$POSTGRESQL_PVC +``` + +1. Delete the existing PostgreSQL pod and the new statefulset will create a new one: + +```console +kubectl delete pod postgresql-postgresql-0 +``` + +1. Finally, you should see the lines below in PostgreSQL container logs: + +```text +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") +... +postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... +... +``` ## License diff --git a/charts/bitnami/postgresql/templates/networkpolicy-egress.yaml b/charts/bitnami/postgresql/templates/networkpolicy-egress.yaml deleted file mode 100644 index b67817c05..000000000 --- a/charts/bitnami/postgresql/templates/networkpolicy-egress.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ printf "%s-egress" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - policyTypes: - - Egress - egress: - {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} - {{- end }} - {{- if .Values.networkPolicy.egressRules.customRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/bitnami/postgresql/templates/primary/networkpolicy.yaml b/charts/bitnami/postgresql/templates/primary/networkpolicy.yaml index 9da3fb491..8b537c3da 100644 --- a/charts/bitnami/postgresql/templates/primary/networkpolicy.yaml +++ b/charts/bitnami/postgresql/templates/primary/networkpolicy.yaml @@ -3,59 +3,77 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +{{- if .Values.primary.networkPolicy.enabled }} kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: - name: {{ printf "%s-ingress" (include "postgresql.v1.primary.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "postgresql.v1.primary.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: primary {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: - {{- $primaryPodLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $primaryPodLabels "context" $ ) | nindent 6 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: primary - ingress: - {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} - - from: - {{- if .Values.networkPolicy.metrics.namespaceSelector }} - - namespaceSelector: - matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.metrics.podSelector }} - - podSelector: - matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} - {{- end }} - ports: - - port: {{ .Values.metrics.containerPorts.metrics }} - {{- end }} - {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector) }} - - from: - {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector }} - - namespaceSelector: - matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector }} - - podSelector: - matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }} - {{- end }} - ports: + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to read-replicas + - ports: + - port: {{ include "postgresql.v1.readReplica.service.port" . }} - port: {{ .Values.containerPorts.postgresql }} - {{- end }} - {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (eq .Values.architecture "replication") }} - - from: - {{- $readPodLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.readReplicas.podLabels .Values.commonLabels ) "context" . ) }} + to: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $readPodLabels "context" $ ) | nindent 14 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} app.kubernetes.io/component: read - ports: - - port: {{ .Values.containerPorts.postgresql }} + {{- if .Values.primary.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.networkPolicy.extraEgress "context" $ ) | nindent 4 }} {{- end }} - {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules "context" $) | nindent 4 }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPorts.metrics }} + {{- end }} + {{- if not .Values.primary.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "postgresql.v1.primary.fullname" . }}-client: "true" + {{- if .Values.primary.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.primary.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.primary.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.primary.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.primary.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.networkPolicy.extraIngress "context" $ ) | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/bitnami/postgresql/templates/read/networkpolicy.yaml b/charts/bitnami/postgresql/templates/read/networkpolicy.yaml index 79d3a5aa8..a3cb87686 100644 --- a/charts/bitnami/postgresql/templates/read/networkpolicy.yaml +++ b/charts/bitnami/postgresql/templates/read/networkpolicy.yaml @@ -3,37 +3,77 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled }} -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +{{- if .Values.primary.networkPolicy.enabled }} kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: - name: {{ printf "%s-ingress" (include "postgresql.v1.readReplica.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "postgresql.v1.readReplica.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: read {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.readReplicas.podLabels .Values.commonLabels ) "context" . ) }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: read - ingress: - {{- if and .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector) }} - - from: - {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector }} - - namespaceSelector: - matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector }} - - podSelector: - matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector "context" $) | nindent 14 }} - {{- end }} - ports: + policyTypes: + - Ingress + - Egress + {{- if .Values.primary.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to primary + - ports: + - port: {{ include "postgresql.v1.service.port" . }} - port: {{ .Values.containerPorts.postgresql }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: primary + {{- if .Values.primary.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.networkPolicy.extraEgress "context" $ ) | nindent 4 }} {{- end }} - {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules "context" $) | nindent 4 }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPorts.metrics }} + {{- end }} + {{- if not .Values.primary.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "postgresql.v1.primary.fullname" . }}-client: "true" + {{- if .Values.primary.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.primary.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.primary.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.primary.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.primary.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.networkPolicy.extraIngress "context" $ ) | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml index 316559c55..feb9e7d95 100644 --- a/charts/bitnami/postgresql/values.yaml +++ b/charts/bitnami/postgresql/values.yaml @@ -98,7 +98,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 16.1.0-debian-11-r22 + tag: 16.2.0-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -465,7 +465,7 @@ primary: ## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param primary.containerSecurityContext.enabled Enabled containers' Security Context - ## @param primary.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.privileged Set container's Security Context privileged @@ -476,7 +476,7 @@ primary: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -602,6 +602,61 @@ primary: ## @param primary.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) ## extraPodSpec: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param primary.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param primary.networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param primary.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: false + ## @param primary.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param primary.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param primary.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param primary.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## PostgreSQL Primary service configuration ## service: @@ -840,7 +895,7 @@ readReplicas: ## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context - ## @param readReplicas.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param readReplicas.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged @@ -851,7 +906,7 @@ readReplicas: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -977,6 +1032,61 @@ readReplicas: ## @param readReplicas.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL read only pod(s) ## extraPodSpec: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param readReplicas.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param readReplicas.networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param readReplicas.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: false + ## @param readReplicas.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param readReplicas.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param readReplicas.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param readReplicas.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## PostgreSQL read only service configuration ## service: @@ -1139,7 +1249,7 @@ backup: ## backup container's Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context - ## @param backup.cronjob.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged @@ -1149,7 +1259,7 @@ backup: ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1330,7 +1440,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r95 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1352,14 +1462,14 @@ volumePermissions: ## Init container' Security Context ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser - ## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## @param volumePermissions.containerSecurityContext.runAsGroup Group ID for the init container ## @param volumePermissions.containerSecurityContext.runAsNonRoot runAsNonRoot for the init container ## @param volumePermissions.containerSecurityContext.seccompProfile.type seccompProfile.type for the init container ## containerSecurityContext: - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 0 runAsGroup: 0 runAsNonRoot: false @@ -1433,7 +1543,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.15.0-debian-11-r6 + tag: 0.15.0-debian-11-r9 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1475,7 +1585,7 @@ metrics: ## PostgreSQL Prometheus exporter containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context - ## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged @@ -1486,7 +1596,7 @@ metrics: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false diff --git a/charts/bitnami/redis/.helmignore b/charts/bitnami/redis/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/redis/.helmignore +++ b/charts/bitnami/redis/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml index 01187ac84..6de37aa52 100644 --- a/charts/bitnami/redis/Chart.yaml +++ b/charts/bitnami/redis/Chart.yaml @@ -6,13 +6,13 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.56.0-debian-11-r1 + image: docker.io/bitnami/redis-exporter:1.57.0-debian-11-r2 - name: redis-sentinel - image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r3 + image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r6 - name: redis - image: docker.io/bitnami/redis:7.2.4-debian-11-r2 + image: docker.io/bitnami/redis:7.2.4-debian-11-r5 licenses: Apache-2.0 apiVersion: v2 appVersion: 7.2.4 @@ -37,4 +37,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 18.8.0 +version: 18.12.1 diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md index 7874db508..6eb2bf85c 100644 --- a/charts/bitnami/redis/README.md +++ b/charts/bitnami/redis/README.md @@ -168,7 +168,7 @@ The command removes all the Kubernetes components associated with the chart and | `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `master.podSecurityContext.fsGroup` | Set Redis® master pod's Security Context fsGroup | `1001` | | `master.containerSecurityContext.enabled` | Enabled Redis® master containers' Security Context | `true` | -| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `master.containerSecurityContext.runAsUser` | Set Redis® master containers' Security Context runAsUser | `1001` | | `master.containerSecurityContext.runAsGroup` | Set Redis® master containers' Security Context runAsGroup | `0` | | `master.containerSecurityContext.runAsNonRoot` | Set Redis® master containers' Security Context runAsNonRoot | `true` | @@ -287,7 +287,7 @@ The command removes all the Kubernetes components associated with the chart and | `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `replica.podSecurityContext.fsGroup` | Set Redis® replicas pod's Security Context fsGroup | `1001` | | `replica.containerSecurityContext.enabled` | Enabled Redis® replicas containers' Security Context | `true` | -| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `replica.containerSecurityContext.runAsUser` | Set Redis® replicas containers' Security Context runAsUser | `1001` | | `replica.containerSecurityContext.runAsGroup` | Set Redis® replicas containers' Security Context runAsGroup | `0` | | `replica.containerSecurityContext.runAsNonRoot` | Set Redis® replicas containers' Security Context runAsNonRoot | `true` | @@ -430,7 +430,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.resources.limits` | The resources limits for the Redis® Sentinel containers | `{}` | | `sentinel.resources.requests` | The requested resources for the Redis® Sentinel containers | `{}` | | `sentinel.containerSecurityContext.enabled` | Enabled Redis® Sentinel containers' Security Context | `true` | -| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `sentinel.containerSecurityContext.runAsUser` | Set Redis® Sentinel containers' Security Context runAsUser | `1001` | | `sentinel.containerSecurityContext.runAsGroup` | Set Redis® Sentinel containers' Security Context runAsGroup | `0` | | `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis® Sentinel containers' Security Context runAsNonRoot | `true` | @@ -462,8 +462,9 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | | `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | | `networkPolicy.extraEgress` | Add extra egress rules to the NetworkPolicy | `[]` | | `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | @@ -494,88 +495,92 @@ The command removes all the Kubernetes components associated with the chart and ### Metrics Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | -------------------------------- | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | -| `metrics.image.registry` | Redis® Exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Redis® Exporter image repository | `REPOSITORY_NAME/redis-exporter` | -| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | -| `metrics.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | -| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` | -| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` | -| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | -| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` | -| `metrics.containerSecurityContext.runAsGroup` | Set Redis® exporter containers' Security Context runAsGroup | `0` | -| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis® exporter containers' Security Context runAsNonRoot | `true` | -| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® exporter containers' Security Context allowPrivilegeEscalation | `false` | -| `metrics.containerSecurityContext.seccompProfile.type` | Set Redis® exporter containers' Security Context seccompProfile | `RuntimeDefault` | -| `metrics.containerSecurityContext.capabilities.drop` | Set Redis® exporter containers' Security Context capabilities to drop | `["ALL"]` | -| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` | -| `metrics.resources.limits` | The resources limits for the Redis® exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the Redis® exporter container | `{}` | -| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` | -| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` | -| `metrics.service.type` | Redis® exporter service type | `ClusterIP` | -| `metrics.service.port` | Redis® exporter service port | `9121` | -| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` | -| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` | -| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` | -| `metrics.service.clusterIP` | Redis® exporter service Cluster IP | `""` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | -| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | -| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | -| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` | -| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.podMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | -| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | -| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | -| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | -| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | +| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | +| `metrics.image.registry` | Redis® Exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Redis® Exporter image repository | `REPOSITORY_NAME/redis-exporter` | +| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | +| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` | +| `metrics.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | +| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` | +| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` | +| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | +| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsGroup` | Set Redis® exporter containers' Security Context runAsGroup | `0` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis® exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® exporter containers' Security Context allowPrivilegeEscalation | `false` | +| `metrics.containerSecurityContext.seccompProfile.type` | Set Redis® exporter containers' Security Context seccompProfile | `RuntimeDefault` | +| `metrics.containerSecurityContext.capabilities.drop` | Set Redis® exporter containers' Security Context capabilities to drop | `["ALL"]` | +| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` | +| `metrics.resources.limits` | The resources limits for the Redis® exporter container | `{}` | +| `metrics.resources.requests` | The requested resources for the Redis® exporter container | `{}` | +| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` | +| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` | +| `metrics.service.enabled` | Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor | `true` | +| `metrics.service.type` | Redis® exporter service type | `ClusterIP` | +| `metrics.service.ports.http` | Redis® exporter service port | `9121` | +| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` | +| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | +| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` | +| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` | +| `metrics.service.clusterIP` | Redis® exporter service Cluster IP | `""` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | +| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | +| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | +| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | +| `metrics.serviceMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | +| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | +| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` | +| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` | +| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | +| `metrics.podMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` | +| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | +| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | +| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | +| `metrics.podMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | +| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | +| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | ### Init Container Parameters @@ -589,7 +594,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | | `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | | `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | @@ -644,7 +649,7 @@ Bitnami will release a new chart updating its containers if a new version of the ### Use a different Redis® version -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/redis/configuration/change-image-version/). +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. ### Bootstrapping with an External Cluster @@ -746,13 +751,27 @@ It's recommended to only change `master.count` if you know what you are doing. ### Using a password file -To use a password file for Redis® you need to create a secret containing the password and then deploy the chart using that secret. +To use a password file for Redis® you need to create a secret containing the password and then deploy the chart using that secret. Follow these instructions: -Refer to the chart documentation for more information on [using a password file for Redis®](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/use-password-file/). +- Create the secret with the password. It is important that the file with the password must be called `redis-password`. + +```console +kubectl create secret generic redis-password-secret --from-file=redis-password.yaml +``` + +- Deploy the Helm Chart using the secret name as parameter: + +```text +usePassword=true +usePasswordFile=true +existingSecret=redis-password-secret +sentinels.enabled=true +metrics.enabled=true +``` ### Securing traffic using TLS -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: - `tls.enabled`: Enable TLS support. Defaults to `false` - `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. @@ -760,7 +779,23 @@ TLS support can be enabled in the chart by specifying the `tls.` parameters whil - `tls.certKeyFilename`: Certificate key filename. No defaults. - `tls.certCAFilename`: CA Certificate filename. No defaults. -Refer to the chart documentation for more information on [creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-tls/). +For example: + +First, create the secret with the certificates files: + +```console +kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem +``` + +Then, use the following parameters: + +```console +tls.enabled="true" +tls.existingSecret="certificates-tls-secret" +tls.certFilename="cert.pem" +tls.certKeyFilename="cert.key" +tls.certCAFilename="ca.pem" +``` ### Metrics @@ -776,11 +811,65 @@ tls-client-cert-file tls-ca-cert-file ``` +### Deploy a custom metrics script in the sidecar + +A custom Lua script can be added to the `redis-exporter` sidecar by way of the `metrics.extraArgs.script` parameter. The pathname of the script must exist on the container, or the `redis_exporter` process (and therefore the whole pod) will refuse to start. The script can be provided to the sidecar containers via the `metrics.extraVolumes` and `metrics.extraVolumeMounts` parameters: + +```yaml +metrics: + extraVolumeMounts: + - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' + mountPath: '{{ printf "/mnt/%s/" (include "common.names.name" .) }}' + readOnly: true + extraVolumes: + - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' + configMap: + name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' + extraArgs: + script: '{{ printf "/mnt/%s/my_custom_metrics.lua" (include "common.names.name" .) }}' +``` + +Then deploy the script into the correct location via `extraDeploy`: + +```yaml +extraDeploy: + - apiVersion: v1 + kind: ConfigMap + metadata: + name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' + data: + my_custom_metrics.lua: | + -- LUA SCRIPT CODE HERE, e.g., + return {'bitnami_makes_the_best_charts', '1'} +``` + ### Host Kernel Settings -Redis® may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. +Redis® may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. To do so, you can set up a privileged `initContainer` with the `sysctlImage` config values, for example: -Refer to the chart documentation for more information on [configuring host kernel settings with an example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/configure-kernel-settings/). +```yaml +sysctlImage: + enabled: true + mountHostSys: true + command: + - /bin/sh + - -c + - |- + install_packages procps + sysctl -w net.core.somaxconn=10000 + echo never > /host-sys/kernel/mm/transparent_hugepage/enabled +``` + +Alternatively, for Kubernetes 1.12+ you can set `securityContext.sysctls` which will configure `sysctls` for master and slave pods. Example: + +```yaml +securityContext: + sysctls: + - name: net.core.somaxconn + value: "10000" +``` + +Note that this will not disable transparent huge tables. ## Persistence @@ -800,13 +889,115 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE ## Backup and restore -Refer to the chart documentation for more information on [backing up and restoring Redis® deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/backup-restore/). +To backup and restore Redis deployments on Kubernetes, you will need to create a snapshot of the data in the source cluster, and later restore it in a new cluster with the new parameters. Follow the instructions below: + +### Step 1: Backup the deployment + +- Connect to one of the nodes and start the Redis CLI tool. Then, run the commands below: + + ```text + $ kubectl exec -it my-release-master-0 bash + $ redis-cli + 127.0.0.1:6379> auth your_current_redis_password + OK + 127.0.0.1:6379> save + OK + ``` + +- Copy the dump file from the Redis node: + + ```console + kubectl cp my-release-master-0:/data/dump.rdb dump.rdb -c redis + ``` + +### Step 2: Restore the data on the destination cluster + +To restore the data in a new cluster, you will need to create a PVC and then upload the *dump.rdb* file to the new volume. + +Follow the following steps: + +- In the [*values.yaml*](https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml) file set the *appendonly* parameter to *no*. You can skip this step if it is already configured as *no* + + ```yaml + commonConfiguration: |- + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly no + # Disable RDB persistence, AOF persistence already enabled. + save "" + ``` + + > *Note that the `Enable AOF` comment belongs to the original config file and what you're actually doing is disabling it. This change will only be neccessary for the temporal cluster you're creating to upload the dump.* + +- Start the new cluster to create the PVCs. Use the command below as an example: + + ```console + helm install new-redis -f values.yaml . --set cluster.enabled=true --set cluster.slaveCount=3 + ``` + +- Now that the PVC were created, stop it and copy the *dump.rdp* file on the persisted data by using a helping pod. + + ```text + $ helm delete new-redis + + $ kubectl run --generator=run-pod/v1 -i --rm --tty volpod --overrides=' + { + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "name": "redisvolpod" + }, + "spec": { + "containers": [{ + "command": [ + "tail", + "-f", + "/dev/null" + ], + "image": "bitnami/minideb", + "name": "mycontainer", + "volumeMounts": [{ + "mountPath": "/mnt", + "name": "redisdata" + }] + }], + "restartPolicy": "Never", + "volumes": [{ + "name": "redisdata", + "persistentVolumeClaim": { + "claimName": "redis-data-new-redis-master-0" + } + }] + } + }' --image="bitnami/minideb" + + $ kubectl cp dump.rdb redisvolpod:/mnt/dump.rdb + $ kubectl delete pod volpod + ``` + +- Restart the cluster: + + > **INFO:** The *appendonly* parameter can be safely restored to your desired value. + + ```console + helm install new-redis -f values.yaml . --set cluster.enabled=true --set cluster.slaveCount=3 + ``` ## NetworkPolicy To enable network policy for Redis®, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. -Refer to the chart documenation for more information on [enabling the network policy in Redis® deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-network-policy/). +With NetworkPolicy enabled, only pods with the generated client label will be able to connect to Redis. This label will be displayed in the output after a successful install. + +With `networkPolicy.ingressNSMatchLabels` pods from other namespaces can connect to Redis. Set `networkPolicy.ingressNSPodMatchLabels` to match pod labels in matched namespace. For example, for a namespace labeled `redis=external` and pods in that namespace labeled `redis-client=true` the fields should be set: + +```yaml +networkPolicy: + enabled: true + ingressNSMatchLabels: + redis: external + ingressNSPodMatchLabels: + redis-client: true +``` ### Setting Pod's affinity diff --git a/charts/bitnami/redis/img/redis-cluster-topology.png b/charts/bitnami/redis/img/redis-cluster-topology.png deleted file mode 100644 index f0a02a9f8835381302731c9cb000b2835a45e7c9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11448 zcmeI2cUx22x9_8Zh@yyC0I4cPR3wC|kVp$H5PB1ZB#;m~gf1}_1O)^|QB*Y2#4gyt zMlbeAQxFvp712m>hX{m(GZyaOx!ZkSz`gf*j(>!>GS^(QjWNFCGu9zzC!56!6&9jU zsKs`+R<0=2Tv-%qj{Ji8aAni0vR)KQEHl>HJ2pI#N)HP{sbegEe^b}f4US~Qs$;Cw z_4G(lQ96Ni5-o-l&d`YniiJz?dw66Zok|Z1{M|-RS5J47uKp%8#vQGzjxpCah7XLM zj-j5O@9*{`T2RE_9UAE9LI+xoBnmwuHj)v%{&$O@SQ71bZ+Kl2DH#*!W~guJ6YNcK zHZTeO`>F9kF${WS#P4QkJslGrH2U}5u}M)uzb^*{#nUN4$W@Fr%;@i-!xQO$57ytD z8g7NACsAo=gGf@4U2vq4|L;yBNa25X;tb>6G}|@C+Q2i|iEP41uyWQ#JBJ%4#8?F< zhJ?qHVxj_RUKr=dpkNn9ac?y zjjf4Zb6GNz?1!C-z2!T|`I6FNrJxgzEdNh&X5<(5KrG*81T6sFq zW4#j0(FP$=R0ktuGQKhJ>5aE1x<}i)7{Yf-uoVV+b&Uyx|9F@?Q)9v%9i!kom8xr_ zZyDi8quLlJ$HoMDMv5Etu;N25ccDbf0|Q5Hey zuy9hmyN{lmxi_9+6lmk*8e~ZKun3K`af^yY(`;?=K0&@@N^D4|ZmdgqQerIL%hrxy zM`KVuoedc@Cs*&NU@z}TC!YjoOLVwfgp0XBq^=QOH`LfZDk)yy$}P!&oMd9pNV2eV za19GKbTn|V3?&(oC>TsM-pj)_-XqzO!f>`XcTI{5(F-#P4|eb+*@i_q#RWz9Cb}lU zY#Dly5oBMwdxVb>J|ZxR=Hn2B(esIp*C%@g#keGsV#(gFfsDuqU)z`@qaaF%b3~+m zaCivCJ1!{#Z-OS0%&mNabUj@xDKwK12OC|CUMSr<(LBO6#=*zKmh2FMcXPB0wAZ(G zOLT#y3^MdVd+FN4H&{DMs+$|$6}}_mun)3ByGD6M!*@NGc#37RH*(}cY~w5(g7s}^ zzJ{deP$OjHtPIHRcv})F*daVJ9OLS0Leg`Niu1-BQNyAVy)cG$-t^cQdT5*_#!w#< z6bFATlk}s>LCIl6HxqO;(KpT^F4{I2o&%lvSS5MJQIi?*1e?StBg+V5BGsE18|WMZ zW@PMb;;rjJh)Z(TCxklSlZ>ctaW=Yo)I?_w8+1I}9FDPYfEk{Rp z-ILpbFFK4J$#eW+T6n?W^l5qJZKu}h5eQ&HLB6NEPly?kFMd+9B*;21U%BtZEs%?pK-aOJA&_a1j0}?4#_1KVkJ~ zb1N$=!~T5LHEY(Ki6ShOkvZyUtN}kg)=-p%p8{pGCE=%=k}YB~GBVw%{}0_J=Dl%c zNm&_1!2faZ@ZlzI_bqfh*IP+9=vgI}rUzo0%pyLDCQ>#KFyN?VT{J-WBp zCg)?vCAY`Vo>`JeY8zKB+H+FMc}Q(BfZHZ_r67MSRsc_F7C zywt+dvh}JDW@2iJ{P>7kKAJK=H#hgl*|VFbw_3cM9SuWCQ8xa>xpUb;&rXoK%1McR zdnJ}CDoP!Dk~;a<;97Nc@fy+86}OQmPoC7l)OA^+lzf7Q)M`ViYrc0ZqM~%M)1#Jw zfq};3$}t=HHo0Bw?;rEaU97FebB`UnQf>OC*hZRgcFPL?lreG9^k2lGzd~ZiK3a#p zy)Aj;;m?Kl6GpPH?|86AUw`=-!|+_};cth8N7wOf@{BbUz8)iD>yD^dMsdu3sjgcm zW@l$t760Qj&u4MW_&1NM{x!;Vb#<@w7h9$;X)0sy)@H8k+&6o3!pHoJ>1>urexUjA z{*xzH?Mxn059_{ZJ+&^q>tPZG7Orn-Nb**9*6rK+L&p|ya{?=HmlwBKDP8rsHUCla zcztmWHlwP_c!*J;ZD_dCY!|w?1!4%~4*Dqs@kWrCfWZ=WDk*3@9_9&Rg z5F_^U)4UCdKkmGFRb;&gdi0)Bv?Q|{S_2<>6TK>ZjGG z9{XfuWax&!)fbyTe+?S#0yhM(;#x%99AT%DK(HZO64jEUVl(pL5m;Fr&fwZPdwct( z%F5ZbwcE;A()V1-YtksJyA;;q7Ewg>BpOX=mYSHHB=uG^+sd@U;l8gOmt?7&bDNkM zu3c;-9?ml75dN@2UC14Kwt46Ayu3oYV;XHVV{t*d3K&7wJ2t7s>ig?!V=XEy zTei8u;}z>#O<*5YkYo515Ix`}TT?sxu@^5d`*D}*ybg@r&so3e+v-a$5 zZUo2RH_Wjx%ILh}MVX!$Yom3g3NIn!T+5S?3nT>6XvGdEb=qi07N;DkD{zvz0b5=XcjZ z%dB}4OKjOLo4Fig7=&v@&9~z!vfyUH!r>W8>ohdhn40=cWhIkX&B#nMgdSzQe698C z&HwuHqLib$HKeUX^6As3C7g@0e3~gTl8)Z9$CYK#Xmq|lJ(njRXfx1~)AFtJO6k9w zkVqt3A`$kLt7TxY0_>xW)*>D8sh7e;aXnntiCP%~e12HDO9BW)FCB@FA<~X*CewMZ8<>mEH4zkm8a-`u%DeyvRRBF-r^R>#fZ%=tc?G*uabB8b?O`
      gt0u3YK+3VbZ)7Cr=g*&)YecY;+uHRLladT3#L-cG+Z4CN zKHgdOtr;9@>`b#Ba+WJ_{4yh$6P!auoRD{nC(pX_v#ErxkgbB-IsWFP&W_}s%qJmt z*68S5|2A?sI~z}@uitaVzm50v=e`T{#J^q`x%l~|^x)X1PD%ECQ3)6r7}&pZlW#!x z&7i92f%*0h4r6aaZ}j74CZ$tSQjUNV{3&o&kyxTw>qazFXX3Act31{S^Z5WvqP%;8 zRA3x!@p~>={SD~@*D62Me{9N}gIbv>4iVJ*7S*vcbLjhxnzRda8yg$XpFfY95st75=?aFC9}wq0 zF)@LdjmM0RV|#f>r?%h2M3;$#Pa{fO)5_jR(9T%&W!y0{L3|lv0qAhQ-1KmF^PQ#ZP>O;1`%Dz!7D2~MQU ziWTB2Dk_SwVr4}3^O^Dya_Y^8?nk&h01c(e<# zn#xC@6l4*7aQx)S269E;yL${|OE<2}jM=QQ;)KaRrkkog^P>D`le>${Uf8$b)1Kp> zs|yMWF0X0_-=xd4u&0Y3+CqaAK$nqa%A?fkq#lyJoui-Hen2>X}amW4T zsHl&Pl3-Q+5SF_hB#eanpW7uIe*?#A_w<-e)@q~SyPJD|z&6%iOR!QgO3a%bavc#AD>^6l_mA0H!azv|NZlSo-Y>{7yA@;9CP`qRRbUn%6+e)_JqE@(-#Tj($SLZ+CP~bsy z^z=kD2pv1Nx#8&8SRE{FDJOU-zYL2!Y4}F2TC*4mHh4*NbaWfddEQmOd&^+c{tSn~ z1k|3gva*{asc|0Qw8G!sK8kJ7>0&1%@zj--rXaiP*RVBWzVhzUM4V8cKhnFInYN=G zH(rj*4J;8!8EBy5Shg7(^gc>&AhW&&K%fp5%101T+q}K=U2!!ZR+L`2pe;1(yhCD5 zwZLA;2r!@WQK-ns$WLFsz)Bk!GrmY|iT$d|OtY-O3CYmGMWK8=bZ|_=(b>~egE`;B z&DC`utbzl(e>s=PLdF(@$Qo;F>;K4_clR(EnVF@3${I-&7|nq*XIAU@RjD#F9Ja!- z1gAUx{SAmEZGM?Fa-d@lh@@~DD8%M>?%ZkX;BXAvqz+>)+VLR1jdqa4x`}xGPujwJ zjrkWlZqbNgA0GNlNuA6sD9GCRDA|r(xQNS{?CRYFpMIBcClzE-x)A0>$IUe54MLV{ z5YKI7rd=<`4U$-_CQ(64=M>`}9L2G*vBc3jiKCFeFf-JY%#xS?czdS-j34BuI)Bic zdm|o%rQaRgNkv&y6rbx8JJcqgxpGr3w#j*=j^6?ni&d~S!D(vw4hk!~PV_BJXp*+! z*WgV`k!x(MK7_Aw8b^7^?KuC1QSW&W@?d1=cj}_1HTsUh>3@C-(>ADeNNAuaxTPcrHRdNQYOyka!)+4~pt_Se?%`LR z;xnbVV}q7fEhKKOH~ewy)Ya|Slm*-y!(D7)Ma_K*%o**nUm81s`t?3R<$}}M49N5# zO;E?-RNO8Q>V&^~b0AxTn{2rwaMM6V%>xSL3uu>2xLgQhlQT=!U!rWP1^I{yYZ~lH zCiu;Dr4yU|b(q->0jx?`SqgmC)WAIw&;orf@uOty$OokjUf03z=V70$*Vfi9CpRq= z6BFxuqRFa7_Xe7xHZ?Q6iq)$~_dm)_vy2nS?9xW&ct6KH?@M@!S2w7Qj z=(&&|);AuKJ$mZYdgjW#!lRHK-s#T|KF`4lq}0^Zf;%qCq)Ex|YizU%>b>pm?R_vc zRSXGr(F4tL*c4;KurAeqW_0EIH*LSGYHF$oXUzJ|^&Mz>+qx9d`YfxIVcpv04@u z7P_>TibzHZ0gUm@th>A0*2$^4z=W}M*)l}U-VX0sxfY*Qo3UcUk-WUm9lIV^fIX2} z*E1>gbxsAwdp~^&w6d{TYiukBsv-@H2jbq;uaTU`k8PiyHdu7U^IHAuYulqIMoAFE z)@W)<+`D%Vl!lF+oh0gfNr@P^e{hY~PEJeofU`lfu=n>@z+N=MaRRq@2)rNV)8nJT z@2b%EV~6$~IkFUaoQa9NiHS*l&Du`{aQhXwH+5(=#3Ug)*1bHtRYpZ6C+V**r214z zInzX4$S#&HU5fJe_fOoltD&J`-itFv$e}!K6uCrNS{k|d=FO@(bLK2qw5Xx4Za)P6 z0|_6JB*5sp?lCk$heZuEFCHT1#U4bGY#KpPcA?gW4GpmOE{Mljcuy6aXct?-SY!Dp z3!^+du-4Tf9pP_A2VlmeeOgNzIH%HHIGOnLW(iBYVtfv6^)iTckbN8)b|_e zoVEKYtaXQkm(nQ~GAVfY2Jx!TxY1AzKg z4W8SD1hSHnb$$=x9jC6&zn46&{rZM~PG4U@@aeQd%k+=!L|h&=GXz-6GC}dyXhKH= z2RD-ik+|;JvqhU9@s`~U>t4gmwFDg}4-1F*+3qmBukUG|ofzK+)Lv&ArD)0Pt3LZd z-u1WIs95{?74S@)R;*r~3HkcRiWX(dl$3`&lRqTHrj?s_W*^34BcsF5WXY98Q$y+qe39R*cE(Z(E%W;ALmX4_goK$fL!PTdlU!K_L zGZ#S${GQ0RvabpPh7{k+h|59y-9z+iMMVWtafpeDDIuauU^oMX>B{wQ?}V2ATkEct z1-3xFh3IQt>T@|OYirQg8@QaLu3rBN++g$_kzWV_bX-8s-S9SA)$!xUm-D{1T24vr z2w=Sg{!3!L9JEK2I^=1iqodoX)C;`zI_trjLECF>-h2{kEhacNi=@1UIHQz$az!l| z8)%lcvZ~uaCu?84c=5SCkAqGC7kmLkoDB}^lYD!N{7&jB&RM& zLL_Grvo2fFWDTItH85H@m+%ZR2)7Vtv%1**&5dUws}CJmvmB zGtS1^z4OMP90a2@w6(J{cXmF)lV1!SAerA&p@-{k0=K79n$nUDi8{9rS~df41@yU! zPg8_JTD8h3G71pC{{UNtA{1TRzuwRQ1S%=35%6pHJ^Yjj1%R3w-0SN*GK-4VKt?7H z+!zW;Nl8h@(I3T-s)4h!D)aJ1NHvB;hl3ET%cg*faQRJkm08o#)4X;fbmidWztg>;!#64Q4Gor0j7EW=${<=D*66b5 zujA|8puV!ZCvyl$p>fKDE~*bq0LeZf$BO##)&K#p0HJ_%O}wcQ9Y9h)n8zMKySw-s zXZgX*^dPPxyvOhfvCXxg%sc?h3$;R^(_K(P3*UU9 zmo=l*kS={AxsHB14URAhG(H6XjehrIFNH9@s`H1Z0V^NwC<~Q+g!6yY>m|$gN=Rl^ zC)eE2fUMg+rTS^MrFP;Z-c2n#cY!_uVPeiZze#uwRB7j-`Ucr7 z1d%86&I~B~qfip>kaqztb`AD8{~L0y=zSrD@@I~B`d2Tngq+?T{yoYEXi*LkuBUpH z0H|_0bQSw`DM}TKRR+*p$t3cnann&fH_kwO9H+mvI*@?5h2v`?1mF>%Lx?i#e=%R@ zUH7lahQrdIgA+lKduYc@^~aB7Sa?aW0Ti5oJ6nWrkqTQAxuWOM%e$d(bO`56eWtQ} zAwti*<#NWldf&6c`I?qc=!pDa3fZy)Qd5EY%4(=&UH>3%Ritcc}65Wn3V;U zGj2e~MHl15QJ{w7^`fl(h_e)2ahe3|wfW)bzFeGAc0@N6uhW(&X@lDYn22!P7*?JX zS_5i1OF&7$Q0K$m87KWL`6GbnHRhxCfFD-V(Sg!n$ez3nUTd_q?Wd&9l;h%{m%vmJ zYTjW<6sS6P{@L>DPstVMK}`bn6c@P7#^Y}sX9^jr!V9FNkWys-P#L=!m_#Y3d=bA4 zshnkXunU{T&JRo5MO)*iN!DDV5)vM-K@C$91wg?Pk52;}n%U9eURqOj-w@Jegh-NE zX+Y}we*8ELCNYG$IG^^iz#NJ$PzKfFm-!=I+`%_M==-;pa)8z>^u1K?EVY%s@=l- zy!B2{l-)a99)1PoVKEd^t^nOjr_({?$m#Ja;%i|Y6XALlsj?* z>f2SmNb!5t=79F8f=nm{tq1iagrj;_Mx5oXzuzcQ%oKKJ3r$X3;Sc6QhcC~WWrCv& zXf3jCE0cQ)RgQir2!ajTv5P`MK6d%PFUPe+eHQt}6WlYhv(uo|$me#iWoEQhPkvbq zRiQcH$&UT0Oko%H9MdEgMfO%NSiHCiiXkN&7kd{M8Aw*3GGGEM3_qo)KC5{Der=#X z{~{HX6C8=gD>te$AQ(BYi$kGmp1&nd8(e8RqDB}}dyzL1z;k#dz?_lSAL=Aj`lBCJ~vZaRd#_rNgaC%{d^a1(O*c4V(IEKPIWeu+|! z%s41R;Cpis01Q##f4*n&tq)o>%MwlZf?K7)8x|0Q+B8i-h>9Z>i#>Z#rjwtJ+1lD3 z!9G!kDkObY&CdG<*>PCB)+SAnpzcWopr+1YmyVP=wr>GG+}yaX!FnYg^j|U!I@Z5A*1U%+~3V zCPXPnD)TY4C4fAUv>D!~AU7VA@vb0?g9P~_1vT!1n$8ix_3$2(n1nwesZB`Vk~c;^CATva2ZRgf1zp?(eu{DL2oO*VOmYB7 zBSIoS4h$fnf{?E}XTO9r-rHMl?%cV3-@h+{@KL~<7Y!45Ic+v z^)Lto6Ar$AW@U!Y=x^d~2*j3yWE7t4A3^l?BOoM{bpL#lP?Yxy3?WM>=}9Omx&{Tw zdU(5f2D|!)$OaI|a0%}F2YPrDy$K$F+9=8^${&_jKCGaGRZx&n(pFN24@E^;byWqs zKkZ#T2?2ixRFRd30S=kEx_bwZ14Fzd|Fj^GT|NJdW~Fl2&%!mz$V#6`a8_3jwp5Pr z{?jIm5FFwi81Sc=0*o&UkNX`DIWmaw=duSO%-fy7xT=JLH~JeoJkk4au+G{41$dfjkSY4t(D}p^=!R^ z)U|CKrYmJoGw(?iivqLLdoBFF*ll?<2 z{d}S{4I;xL&BN8)(F%r&3f=@&csYzVH1I;Yo0Ig+@#@xYm`Gbo z6;m~mpLZnL*4@I=+EvXe#N5m`(AL<@!_3GsBE%yyGAcA&UeVCaP}fffP1ZH`@bDwr zhD2D}kpm6o6;)Mze6)RWD3Yg@kB^c!$`GxJM4>$4F##cp{%-QFkw)lnTQgk~MI&8P z9Tk10zyNPEcN7YiN#By}ZyI8$7_3L|v~!E_G_ke}4lu`u==l2t+o5oZCgwN=4ABVf zui&QcjmD~akyP<08^&v>n44=yl98cgJ8fdPxxR9gqDi2sKN3SAn}o{~-Th!}D@b7- zBK+@V8i5Z|Ggr5W#Ca+Q!5y+WQr{-X&)36BG1AnE5r%G*B_;-qhuCJ z3XxYc5B0Jokc_ z1Ak8sy+8wFWt6*~nwd6M)r1rorlJ;Lr9cdJSMxSgQB?OfRkKvnLmDd)4PlJ%D3S^z zavWp#D8Z=u|LmCG+Xw#siwR1ok~bZf5C~C(k)Ad-qG*2D7mHoyXI?BnJ}PN*Kx35p zB0Edh32l>qHgUl2g57l&%5g8&D_%rGS=zPh21n3VO3m93Nq4b_7)maAO;F`;?+;dI z-ItZmu3&nclXqOPbM=E;&Mi0Mw-@mX$2tScS4HKOIzK$%kW*?FHp&rSe6q*<=x6aE zqfMNg>J+N6p7{PeDbDP4JY7#u(T%p7vpxBL@S=FafS-O?m}=Pk;F*MkEia0-M7p}V zc-4c&*_k(Q+Pt~zwx>CH=JnS3p_-(c8nsiWPJNi4&-gY!bOoI+J3VmwAhdCn=amm0 zH+=HsiKwjX&TZSa_22d72@Vdnu(y|9yOvYvO3Uev{k8tx(8%cV+qw`=LBVvVhN#Cw zLjofsBfQ6=l+*S1@0E2(-XWms^8M5B)An}lxHwI-iyCKMzs6v(*hW9q&9zRg+}zxU z4j*ozS(RlK7iSg~34VOnAdr%hg0FI6f)VsHg)^$E+^rb`NfeiQbaZvIb8=46=~7+QAA^@?ael-1x%chcmnFW9`5+-`|sGz2%raXVf(`V0i3#DLBQH>AZa&2a2=T~O^{ytu7 z_ntkdHWCdMm|YOL>og08J_eIBjl3EpgIlwDo-b!G)p3ziNGKycoxO{cpb_=;P-$uD ztGW=+n+|mtvLNPAp49N0p}>*sdv4gE+APmW+f;m@<~!-shs{^TtOj?H z3|;Z`HzvWsiitagQf-_fQFqNX>Wm2l31a7^jLVlr{RVEKU_915DJBHl_U#HDPj~6* z>wl@t^21tLolZ_>-LiFS-A|R;t4C#UO^_=i3k#WFzmmHwvGX4upPufy!86%eET_S? z?FlB-z0B<5sp4XhVsiFCD!23pXetu_(~``!`vi6N+V0)EUqSA2@$jTkN{!B(Ia51V zQC~$G)9 zYeYmwrckuanlL?8u(o4U#qoQEP6w1;y}D)ie&`;d(?ut!bjv*l&7OQ7YeThN*2=zk zF=KHts7t|+D1+M(wcKMT8s+r`Ah^x8yOs<60_c?`zhDLm8KUmT?H?Qdx5)dH!?D_MFWZI#S$rq1v zB+wAf5s2Dv@Q!zXOEuAN&0x^rX?S5=J_%t|iN3u&ey6>3h?*0=V^7W~8OvepuYS zvHk<{P1I<&Q|vMhYh$B!B)(gK|5{m@Ze`yU$NDe^tnu^n1LmgXJ4J2#wb~hfxo<8z zJA2>w50|v&B#yC>B$0n!H2PB=3kroQb^j@GwmkvTY3y#FQ}dUJ=S&XqN==Q8$Nl=N z9^28KV?J*cH)DPl{V#bM3xnx-yaP3}NgPM4mWxYSY)bJ`M(cy1MRT<`7O_ zS&2B8pFj5K*SZ{Z1c=Sb&E4AIlqrGE!&jnn#BbWy?BtPi;`%AH>U+?v==j3B21pOa zB;M3b+DVT{dILn$>>~eRy6ei~_wNR=vB$oA`NG)Rzt$Jxdojmi*OV2Nl$a1Ul};_= z?PobfL^8X}%yo0bV>VW&u2)vJtu9TGzJ0Vs^!+N3k(S<$a8c%02z+;RZdn)^gotVo z1{PsuXUF#J(aM)~Je8T53HibT`LcEE))dMsv7wqkgPC?Jo;qch5&8iSAKyzjefpBwFgiTI=#4{#8O>d{c3I*NgCZ^R;=lN7vkDzJ4lIuE4zn=j{mtZ1sLs$wt;IpVe=%!g!U@8!+H#$KE(3~X|%7FAQ@$q{#L zN##by{X~*Agp7@i5eV4Hd~3^dNv*B=bB{e__HOSjw`YMB+|DC=`QE*~XAhd|!~FR8 z_+V}5F($YMJYDKqp64&E)$u*PG;18L#Q9MizAjh-arydnR*j20Z7LidKR(S;xIVZ6 z`9qfC6LR8|XW>^5JwXc_wE$g%13l{hqmSaUg!# zjYh}&`Q4OqD)UK$IdQm8ZeP>1$Ki0jow>QWBR~`Kg)d)rbbq~dL*S9w4vw^+7aF3! zkFHJ?GeCl|u~BJzRif_|-WkhKd)EjYCZWMRaFR-QW7#R#SmoLb`}iQQq6h2i?(Vw38r1=E|{@#%l6Kh&4Fnyf}Txn9EYy_yX2aTKPy=i-Trn`)RLyG(v zhK7c_{@|1P?E&_{z(9ao{Y#fFy`)T{W&z(%fKUONXTYj9kmY-06sQ9Jpy^lp^iU|^ z0LAml-n%J+>SBPj0Q#Kf$CkM?*S}f;8ZsRT``FlD?GE9vRAW_2tEzTwY-|9`ZT=c{ z%pwhLE@+L(sUPcZ!V|uOw&fy*U)$7l$KXAGX$WZ>8aE~-EzQZxdq{(M z_%cB3^@<9BqoM@rEVGZV@5szd3Zz&vWwaNvnZ+n4Xns%ys5%8Gx%A;fVU3HFHYaZJ z{rfiq)&V~_0LK%VcM2wh{7I&aSeqQ!!@PqZ0ZFKg)XGhCnc65)a zgoMOM$B_j+ZS9lOhYHStf~;_?cLO{ty^@tyjUDbExb4ZgYu5?F^Sl&FsU)adl#7cf z#BvbSMk7YzNlS}%W#3ri$<3u#t`Fur$E64#i*o5IMM3}LGPq5MqN9k1!n+e z_e)6pl}E#Gjx0Pl4U$XfHu0qn3Uy{0nToNtPQ0MxIZ8S5sgaJmq1U$Wj4SPRu^k}) z{qO}!``Lr_>jJN18T%_eU9Ydgu{vtm2Q*m;XfiP%BTeC$MeVN(??rt3D$caHaSF9d zKwei9U-EyQAL8LS_H|dz*|R7Eu`}+p98=Kmy95NbLynjfAvq76H451}^y<|KfM@rn zgl!DbaLv4!^7gGmSGA!8L(+0+{oGYjQsM=YrZt`K^kMsZ*T1!wr>3%rA3V4piR2X) z7UtE8J9^K5=)fO6>rovtWu~X6ciFsHbGo~XgZSe7NsuS3Q=PDH=dT%~(bfJ#swTyn zLf_v-%Q3U_o_PAy@G6y>LeZCM!$=GWX~hYC{`@&&@`C4wxw*7z_ck$QWv=aeWsdv! zNSPHOM_wNVP?x`8!YB|xWi#pyS;zY>5I+7kaR=~nUIjc z$j!yCUlSg?G$wQI-^I;+W_sF-Q5O}e1?m%t2ZBRFEFB!ub8>c{%grqT!P2;VWilVW zf=+8`X?gncB??-p2EI#=T$*%!c1|)mHMI#wk|&Moff5lF6-B@_C8wpGZuih3k*Yr| zuzK^Ma}yZk1x#G+*(odzxtenD(ut%b7Q31N&?2wyhx&q?YM!r!%8uyc zuo|8;&yf(ILG zbEkIiQGtmc`9lgxfZlG4A09InT-@kXem;+WIxneviCsif5Y`&X7x=9Gwef=l3dePQ zZCTdL{EZ;Is5+y(xN@b7j*~ViRNY}~Yg-$$st6kDG*HbIkl*o98z3MS7z00e@W29x zJM-d&38+x+9Pxbz4lu(jg>)U>x5kamb(pQOpGn*yP!RhN*rw)Plr&kxF-^9!t&JuA z$I$zr**7$zh`EW$_%~ynDr~z%z`fjeCT3=4Y1{7_!7$my#qr&pq-Y5n$oTG`J=U{6 zZ=Kq?@pSR}^z`(-{?yW-XbDd@T8>P>TVoc0ml$b($$(06wLB?xy%~FNG<2~9y^?ivgWfk=c}B{*6FA%m-FDSxA0+prtm z^D;;}bVoqtr!+v&f_txje5%j1ry<@t4R1%|n&awoi9}*5WxThx;XddaW|A~cGoW&? z1=Ev!tsI*p9zd09n#V;0eYcfkkJL8!fHpo;o9iP`V-pHWg|!Cry?GuNi>I@NL)jTX zeKL#_phZ?zR%7`&!5sMK_k~k$ zYjgQC^aH5k+XE^`tFeyh_L6mMH8u)(x-2x*8~rwGCxbgUYHe)XJm0g5rz--(;cu6p zu$PqNtg)GLr9B&OEk7rKplz$MiLAy7L8m(jLpP4%>0w@L?H%w}>d=jKJpJ(3q4IND zE$u=<(RYQ=%W^@|689-XzRzn-X$3EdP$akmBmy%x{#;#R6ua5`4Vql!Mdjsp9gF^^ z2Ws%u!`Nsj;l@7IFC@a&3#gx0Wmq4KyFdlthv-uTQ()163ZOn`f}&T)%xou+7wSD$ ztZ+b4q-How;ONn#LEneNo59@xtelE@d;BbQZT(KuMOI#>eqi_xITRU!GkQTtEHg~dIyyQo^1M~xbpWnHeGnJqeQ9*m?c>|JJs|260Rn4DW3Omd2LTs<>rFE= z3VJCkdMu_kPYQjvx*CX~ea*N11k+}D-(H!RpP$f>Muwe6qm^FCZVl3e(v24I?g1Y}sy)|R&dJZ83RVpkhfARl@^9Ewy1_-(ZQD+Y z8}S|qlhIuHuo-x!1u63E@(RXZgEz&jtoe4QW*Q(CUtGk&nc_tTi8AVxt5?N=7*E1@7dcvTXMu>j!0pg8FxbC; zzb;v@gd%(_6|^|{(_22M#<+x%xK1p6mZo+jxfw6d*Sv2nuX&dWf?;g7=LRtNvs`JL z#n))L5=I^NFs2Tu9x*kRDe147kni(vGlYX)|9_Yv!Au-sF>I$ZEbDY_>6sZ%u~&ArBk|wG!P{`p!p2V&BJGweO`jP?z&+k2NdN@ z=E~um(iJY9Y^GA9X5UDztgcGVY7-9QtKGK#TwnhTHB2f+XXl3)WYUePW&*V!E9(Rh zM`>+s|4iQm1soYtpJTY|SZfBT8X=@e$HcSMAR`)VU)~J;GA9;CHNrElKUz}tLrg72 zda`+jI#?6v9J4l4W>z1w)&K?oJFon4GP@5`N79^nv}Tbtop_s1NP~PlAfV!7zG?j7 zBS!?FE`X}0^vWw!$b{g@7$g<@lBo2cp~2GH`oP>oj=!u!EyCQ~{GqskE3DCno2yw3 zSRg-!d>op{9^15OlZCAu4ajB++Su5z$jQldDX7P_fSLuh;v5nU$7R4FWaZ%C5o$h6 z(mZEgv6@B2Izz=R<9Pqgi2QgAI#1>?6lHqg4i#}MXSr(%%J#(m_~yE@II{DMXkXOV zE`!fKHqI&FDN=`B<6Z?!;)(_jq=xYc{#Oz!Vrzt z4GIEprQpe`g;w-ba|OoK+}wanzVp&X|Jl;pkj|0Ck>*l&FSaS&BOfnt)HBLQQ3;8b zYfD**{sXtRa&mJ1_iiEj?jINCu8M%&y?==bKj{lmCfs zt#LEQhx&zwA>xJ4xp{c(7eq}#J}dYSDucg}>*=2i0xT(o|>K{kpItU_V5C|MX{qks>ED zsDof~;xw~jKaZk*{&@c@(X8zD#<`2?AqQsX<_d?s!K+|IfoKE|SRwL@2iPB1=yW!) zR%T{qs_-%qqbUa$flEq3k>!Ywd>puqII*@C^>a+*m&L@7TIc)ZZQxaxx?ks?I=#fy zkEa8^QO0+d-oMYEFXw!3qyE7IL7)j(5cqugNm*z>w3k-!Fbqu-7TqOUmNyjq|z zNO_NS?;>by79U8MmPx^Gr~-4OTrxk1vjtDydRRPY{K6EMscA0PjwuTSkqEzl$Y zJ-h;(7J$EfvxWra8@?e*1;MaFfKS_^7aEeFG>4UhLj#7-4pIT?)WiY5R!|E;FeCZz z%?wCZp@NLqYahGQ0ZkxMY3rNEq1FW}=HbSgFRU*>f=Ye2$pyu&fe%*?fMABIp?qp{ z+aN`v(R5N#qXKd5PhsHEh!sD_6FzTY0MP8JgL>j}^ITB>#Li~07R zRK(H2;^IzgZEdB03XL#@sy7jI$OyopzQ6yxNSq^NC1WmQolBr@-Rt-bTu>L)Lc;So zA8;yLmO8cMes8{wm0QE!ntoC}V5Ydfdk{&19UcXS%3`m5U<#$gr-)w@netuj+x;;pdLBjKx{+OdZa0uW*APf{{ za2?khGuHi;s2zGJ@RaVc@$($E#@vXe z=4OzFV~Z16OCG;{no~i4NUR*oblJWp;E<$bHiHAfpw!M3J_ao2Tf{Mu69OEGLo9yz zqT}dz(J$YCa)U}y z|MqaEnTt3GLA?x;KRLHhalLyc!p{h7GR0SSeQmlFraAspoDzB)_hX*XKuSsqJf(BDZYjPfQr{E)mc(LRZYQC!b6ex; zio0JunJ}i!|Hdq&O z5Dtc3m6?mcerHi4zGyTMiA`Xz7A4FIxVrzIzW~F60?g*w%*+l)KjN=nzt%I@zhg8e z`N|-sp$ps;#`%EfrAX$74<9n>2ylU_T^?_`dhOcilaxKOFRd&r5Mcal-M&{8tfR+| zA5XugZa-jh{siEysGM9UHIh<^>4V=Bg))8%@U(%X=>SF4nmwGI0JnmNqYDSaupM@Q zR%M(P^D1nDl8wPmU}YqkYp!m&aNz>O5h9Tkz+JZh1FxWfAJLb|<^*5CLIUNmAGilv zt&E>FXE?PF0KotMj!{=7h;wQ?rr`omD@a$t=x-mjF__(up9$XG*G6W_iuIu&TKhJ? zT}w-gJlDH}p}=8Fb8>MdfCX0yx(ZaV0LaQ$Am5=B9b It is currently not possible to submit an application to a standalone cluster if RPC authentication is configured. [Learn more about this issue](https://issues.apache.org/jira/browse/SPARK-25078). +Once the secrets are created, configure the chart and set the various security-related parameters, including the `security.certificatesSecretName` and `security.passwordsSecretName` parameters referencing the secrets created previously. Here is an example configuration for chart deployment: + +```text +security.certificatesSecretName=my-secret +security.passwordsSecretName=my-passwords-secret +security.rpc.authenticationEnabled=true +security.rpc.encryptionEnabled=true +security.storageEncrytionEnabled=true +security.ssl.enabled=true +security.ssl.needClientAuth=true +``` + +> NOTE: It is currently not possible to submit an application to a standalone cluster if RPC authentication is configured. [Learn more about this issue](https://issues.apache.org/jira/browse/SPARK-25078). ### Set Pod affinity @@ -476,8 +508,6 @@ This version standardizes the way of defining Ingress rules. When configuring a [On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/spark/administration/upgrade-helm3/). - ### To 3.0.0 - This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. diff --git a/charts/bitnami/spark/templates/networkpolicy-master.yaml b/charts/bitnami/spark/templates/networkpolicy-master.yaml new file mode 100644 index 000000000..12e3167f8 --- /dev/null +++ b/charts/bitnami/spark/templates/networkpolicy-master.yaml @@ -0,0 +1,91 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.master.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ printf "%s-master" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: master + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: master + policyTypes: + - Ingress + - Egress + {{- if .Values.master.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to other worker pods + - ports: + - port: {{ .Values.worker.containerPorts.cluster }} + - port: {{ ternary .Values.worker.containerPorts.https .Values.worker.containerPorts.http .Values.security.ssl.enabled }} + to: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.worker.podLabels .Values.commonLabels ) "context" . ) }} + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: worker + # Allow outbound connections to other master pods + - ports: + - port: {{ .Values.service.ports.cluster }} + - port: {{ ternary .Values.service.ports.https .Values.service.ports.http .Values.security.ssl.enabled }} + - port: {{ .Values.master.containerPorts.cluster }} + - port: {{ ternary .Values.master.containerPorts.https .Values.master.containerPorts.http .Values.security.ssl.enabled }} + to: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }} + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: master + {{- if .Values.master.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.service.ports.cluster }} + - port: {{ ternary .Values.service.ports.https .Values.service.ports.http .Values.security.ssl.enabled }} + - port: {{ .Values.master.containerPorts.cluster }} + - port: {{ ternary .Values.master.containerPorts.https .Values.master.containerPorts.http .Values.security.ssl.enabled }} + {{- if not .Values.master.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-master: "true" + {{- if .Values.master.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.master.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.master.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.master.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.master.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/bitnami/spark/templates/networkpolicy-worker.yaml b/charts/bitnami/spark/templates/networkpolicy-worker.yaml new file mode 100644 index 000000000..4479b9595 --- /dev/null +++ b/charts/bitnami/spark/templates/networkpolicy-worker.yaml @@ -0,0 +1,89 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.worker.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ printf "%s-worker" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: worker + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.worker.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: worker + policyTypes: + - Ingress + - Egress + {{- if .Values.worker.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to other worker pods + - ports: + - port: {{ .Values.worker.containerPorts.cluster }} + - port: {{ ternary .Values.worker.containerPorts.https .Values.worker.containerPorts.http .Values.security.ssl.enabled }} + to: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.worker.podLabels .Values.commonLabels ) "context" . ) }} + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: worker + # Allow outbound connections to other master pods + - ports: + - port: {{ .Values.service.ports.cluster }} + - port: {{ ternary .Values.service.ports.https .Values.service.ports.http .Values.security.ssl.enabled }} + - port: {{ .Values.master.containerPorts.cluster }} + - port: {{ ternary .Values.master.containerPorts.https .Values.master.containerPorts.http .Values.security.ssl.enabled }} + to: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }} + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: master + {{- if .Values.master.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.worker.containerPorts.cluster }} + - port: {{ ternary .Values.worker.containerPorts.https .Values.worker.containerPorts.http .Values.security.ssl.enabled }} + {{- if not .Values.worker.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-worker: "true" + {{- if .Values.worker.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.worker.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.worker.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.worker.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.worker.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.worker.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml index e37cd80c2..c5aed21f0 100644 --- a/charts/bitnami/spark/values.yaml +++ b/charts/bitnami/spark/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/spark - tag: 3.5.0-debian-11-r18 + tag: 3.5.0-debian-11-r22 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -179,7 +179,7 @@ master: ## @param master.podSecurityContext.fsGroup Set master pod's Security Context Group ID ## @param master.podSecurityContext.runAsUser Set master pod's Security Context User ID ## @param master.podSecurityContext.runAsGroup Set master pod's Security Context Group ID - ## @param master.podSecurityContext.seLinuxOptions Set master pod's Security Context SELinux options + ## @param master.podSecurityContext.seLinuxOptions [object,nullable] Set master pod's Security Context SELinux options ## podSecurityContext: enabled: true @@ -189,11 +189,11 @@ master: fsGroup: 1001 runAsUser: 1001 runAsGroup: 0 - seLinuxOptions: {} + seLinuxOptions: null ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param master.containerSecurityContext.enabled Enabled containers' Security Context - ## @param master.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param master.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param master.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param master.containerSecurityContext.privileged Set container's Security Context privileged @@ -204,7 +204,7 @@ master: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -382,6 +382,61 @@ master: ## @param master.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param master.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param master.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param master.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param master.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param master.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param master.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param master.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## @param master.sidecars Add additional sidecar containers to the master pod(s) ## e.g: ## sidecars: @@ -478,7 +533,7 @@ worker: ## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param worker.podSecurityContext.fsGroup Group ID for the container - ## @param worker.podSecurityContext.seLinuxOptions SELinux options for the container + ## @param worker.podSecurityContext.seLinuxOptions [object,nullable] SELinux options for the container ## podSecurityContext: enabled: true @@ -486,11 +541,11 @@ worker: sysctls: [] supplementalGroups: [] fsGroup: 1001 - seLinuxOptions: {} + seLinuxOptions: null ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param worker.containerSecurityContext.enabled Enabled containers' Security Context - ## @param worker.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param worker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param worker.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param worker.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param worker.containerSecurityContext.privileged Set container's Security Context privileged @@ -501,7 +556,7 @@ worker: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -683,6 +738,61 @@ worker: ## @param worker.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param worker.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param worker.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param worker.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param worker.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param worker.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param worker.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param worker.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## @param worker.sidecars Add additional sidecar containers to the worker pod(s) ## e.g: ## sidecars: diff --git a/charts/bitnami/tomcat/.helmignore b/charts/bitnami/tomcat/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/tomcat/.helmignore +++ b/charts/bitnami/tomcat/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/tomcat/Chart.yaml b/charts/bitnami/tomcat/Chart.yaml index a78ece135..acbe67666 100644 --- a/charts/bitnami/tomcat/Chart.yaml +++ b/charts/bitnami/tomcat/Chart.yaml @@ -6,11 +6,11 @@ annotations: category: ApplicationServer images: | - name: jmx-exporter - image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r3 + image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r6 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 - name: tomcat - image: docker.io/bitnami/tomcat:10.1.18-debian-11-r0 + image: docker.io/bitnami/tomcat:10.1.18-debian-11-r4 licenses: Apache-2.0 apiVersion: v2 appVersion: 10.1.18 @@ -38,4 +38,4 @@ maintainers: name: tomcat sources: - https://github.com/bitnami/charts/tree/main/bitnami/tomcat -version: 10.13.0 +version: 10.13.5 diff --git a/charts/bitnami/tomcat/README.md b/charts/bitnami/tomcat/README.md index 437ab3a37..b7bd7d36d 100644 --- a/charts/bitnami/tomcat/README.md +++ b/charts/bitnami/tomcat/README.md @@ -114,7 +114,7 @@ The command removes all the Kubernetes components associated with the chart and | `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -237,7 +237,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.jmx.config` | Configuration file for JMX exporter | `""` | | `metrics.jmx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.jmx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `metrics.jmx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -297,7 +297,7 @@ Bitnami will release a new chart updating its containers if a new version of the ### Use a different Tomcat version -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/tomcat/configuration/change-image-version/). +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. ### Add extra environment variables @@ -313,9 +313,43 @@ Alternatively, define a ConfigMap or a Secret with the environment variables. To ### Use Sidecars and Init Containers -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.bitnami.com/kubernetes/infrastructure/tomcat/configuration/configure-sidecar-init-containers/). +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). ### Set Pod affinity @@ -377,8 +411,6 @@ helm upgrade tomcat oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set tomcatPassw [On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/tomcat/administration/upgrade-helm3/). - ### To 5.0.0 This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which is based on Bash instead of Node.js. diff --git a/charts/bitnami/tomcat/templates/_pod.tpl b/charts/bitnami/tomcat/templates/_pod.tpl index aba36ad8b..374a4c7ee 100644 --- a/charts/bitnami/tomcat/templates/_pod.tpl +++ b/charts/bitnami/tomcat/templates/_pod.tpl @@ -84,6 +84,8 @@ containers: key: tomcat-password - name: TOMCAT_ALLOW_REMOTE_MANAGEMENT value: {{ .Values.tomcatAllowRemoteManagement | quote }} + - name: TOMCAT_HTTP_PORT_NUMBER + value: {{ .Values.containerPorts.http | quote }} {{- if or .Values.catalinaOpts .Values.metrics.jmx.enabled }} - name: CATALINA_OPTS value: {{ include "tomcat.catalinaOpts" . | quote }} diff --git a/charts/bitnami/tomcat/values.yaml b/charts/bitnami/tomcat/values.yaml index 581d224f4..53676316b 100644 --- a/charts/bitnami/tomcat/values.yaml +++ b/charts/bitnami/tomcat/values.yaml @@ -61,7 +61,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/tomcat - tag: 10.1.18-debian-11-r0 + tag: 10.1.18-debian-11-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -169,7 +169,7 @@ podSecurityContext: ## Tomcat containers' SecurityContext ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions Set SELinux options in container +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged @@ -180,7 +180,7 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -628,7 +628,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r94 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -688,7 +688,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.20.0-debian-11-r3 + tag: 0.20.0-debian-11-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -715,7 +715,7 @@ metrics: ## Prometheus JMX exporter containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.jmx.containerSecurityContext.enabled Enabled containers' Security Context - ## @param metrics.jmx.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.jmx.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.jmx.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param metrics.jmx.containerSecurityContext.privileged Set container's Security Context privileged @@ -725,7 +725,7 @@ metrics: ## @param metrics.jmx.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false diff --git a/charts/bitnami/wordpress/.helmignore b/charts/bitnami/wordpress/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/wordpress/.helmignore +++ b/charts/bitnami/wordpress/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index 5e6b95297..75f0c573c 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.9.0 + version: 6.10.1 - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.0 + version: 15.2.2 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.14.1 -digest: sha256:1dd88de417e6f8cc74a7d360b942207c5bd9045a1e8d7758913c1e7b8ef142a4 -generated: "2024-01-23T15:28:06.176976429Z" +digest: sha256:2bc29e2de3ffe663852dd8ee59359ab30f27cdd4001f24bef71200eb637a5ebe +generated: "2024-02-07T10:55:26.025905331Z" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 672475c45..5609c933d 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -6,14 +6,14 @@ annotations: category: CMS images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.5-debian-11-r3 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r2 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r95 + image: docker.io/bitnami/os-shell:11-debian-11-r96 - name: wordpress - image: docker.io/bitnami/wordpress:6.4.2-debian-11-r18 + image: docker.io/bitnami/wordpress:6.4.3-debian-11-r4 licenses: Apache-2.0 apiVersion: v2 -appVersion: 6.4.2 +appVersion: 6.4.3 dependencies: - condition: memcached.enabled name: memcached @@ -47,4 +47,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 19.2.1 +version: 19.2.6 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index 267716dc5..4c7a14dbf 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -175,7 +175,7 @@ The command removes all the Kubernetes components associated with the chart and | `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -261,7 +261,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | | `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | | `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | ### Other Parameters @@ -316,7 +316,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.resources.limits` | The resources limits for the Prometheus exporter container | `{}` | | `metrics.resources.requests` | The requested resources for the Prometheus exporter container | `{}` | | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -444,7 +444,9 @@ externalDatabase.database=mydatabase externalDatabase.port=3306 ``` -Refer to the [documentation on using an external database with WordPress](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/use-external-database/) and the [tutorial on integrating WordPress with a managed cloud database](https://docs.bitnami.com/tutorials/secure-wordpress-kubernetes-managed-database-ssl-upgrades/) for more information. +If the database already contains data from a previous WordPress installation, set the `wordpressSkipInstall` parameter to `true`. This parameter forces the container to skip the WordPress installation wizard. Otherwise, the container will assume it is a fresh installation and execute the installation wizard, potentially modifying or resetting the data in the existing database. + +[Refer to the container documentation for more information](https://github.com/bitnami/containers/tree/main/bitnami/wordpress#connect-wordpress-container-to-an-existing-database). ### Memcached @@ -463,13 +465,55 @@ externalCache.port=11211 ### Ingress -This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application. +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`. -To enable Ingress integration, set `ingress.enabled` to `true`. The `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. It is also possible to have more than one host, with a separate TLS configuration for each host. [Learn more about configuring and using Ingress](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/configure-ingress/). +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). ### TLS secrets -The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/wordpress/administration/enable-tls-ingress/). +This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases: + +- Generate certificate secrets based on chart parameters. +- Enable externally generated certificates. +- Manage application certificates via an external service (like [cert-manager](https://github.com/jetstack/cert-manager/)). +- Create self-signed certificates within the chart (if supported). + +In the first two cases, a certificate and a key are needed. Files are expected in `.pem` format. + +Here is an example of a certificate file: + +> NOTE: There may be more than one certificate if there is a certificate chain. + +```text +-----BEGIN CERTIFICATE----- +MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +... +jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 +-----END CERTIFICATE----- +``` + +Here is an example of a certificate key: + +```text +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 +... +wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= +-----END RSA PRIVATE KEY----- +``` + +- If using Helm to manage the certificates based on the parameters, copy these values into the `certificate` and `key` values for a given `*.ingress.secrets` entry. +- If managing TLS secrets separately, it is necessary to create a TLS secret with name `INGRESS_HOSTNAME-tls` (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the `*.ingress.hostname` parameter). +- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, add to `*.ingress.annotations` the [corresponding ones](https://cert-manager.io/docs/usage/ingress/#supported-annotations) for cert-manager. +- If using self-signed certificates created by Helm, set both `*.ingress.tls` and `*.ingress.selfSigned` to `true`. ### `.htaccess` files @@ -477,7 +521,19 @@ For performance and security reasons, it is a good practice to configure Apache By default, the container image includes all the default `.htaccess` files in WordPress (together with the default plugins). To enable this feature, install the chart with the value `allowOverrideNone=yes`. -[Learn more about working with `.htaccess` files](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/understand-htaccess/). +However, some plugins may include `.htaccess` directives that will not be loaded when `AllowOverride` is set to `None`. To make them work, create a custom `wordpress-htaccess.conf` file with all the required directives. After creating it, create a Kubernetes ConfigMap with it (for example, named `custom-htaccess`) and install the chart with the correct parameters as shown below: + +```text + allowOverrideNone=true + customHTAccessCM=custom-htaccess +``` + +Some plugins permit editing the `.htaccess` file and it may be necessary to persist it in order to keep those edits. To make these plugins work, set the `htaccessPersistenceEnabled` parameter as shown below: + +```text + allowOverrideNone=false + htaccessPersistenceEnabled=true +``` ## Persistence @@ -500,7 +556,43 @@ Alternatively, you can use a ConfigMap or a Secret with the environment variable ### Sidecars -If additional containers are needed in the same pod as WordPress (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/configure-sidecar-init-containers/). +If additional containers are needed in the same pod as WordPress (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). ### Pod affinity @@ -578,8 +670,6 @@ Compatibility is not guaranteed due to the amount of involved changes, however n [On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/wordpress/administration/upgrade-helm3/). - #### Additional upgrade notes - MariaDB dependency version was bumped to a new major version that introduces several incompatibilities. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/mariadb#to-800) for more information. diff --git a/charts/bitnami/wordpress/charts/mariadb/.helmignore b/charts/bitnami/wordpress/charts/mariadb/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/wordpress/charts/mariadb/.helmignore +++ b/charts/bitnami/wordpress/charts/mariadb/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml index 3a51ab5e1..fa6b4c057 100644 --- a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml @@ -2,11 +2,11 @@ annotations: category: Database images: | - name: mariadb - image: docker.io/bitnami/mariadb:11.2.2-debian-11-r3 + image: docker.io/bitnami/mariadb:11.2.2-debian-11-r6 - name: mysqld-exporter - image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r2 + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r5 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 licenses: Apache-2.0 apiVersion: v2 appVersion: 11.2.2 @@ -33,4 +33,4 @@ maintainers: name: mariadb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb -version: 15.2.0 +version: 15.2.2 diff --git a/charts/bitnami/wordpress/charts/mariadb/README.md b/charts/bitnami/wordpress/charts/mariadb/README.md index 37350bf2a..eec0a2bb1 100644 --- a/charts/bitnami/wordpress/charts/mariadb/README.md +++ b/charts/bitnami/wordpress/charts/mariadb/README.md @@ -141,7 +141,7 @@ The command removes all the Kubernetes components associated with the chart and | `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | | `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` | -| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` | | `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | @@ -242,7 +242,7 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | | `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` | -| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` | | `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` | | `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` | @@ -343,7 +343,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | | `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | | `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | @@ -443,15 +443,59 @@ The allowed extensions are `.sh`, `.sql` and `.sql.gz`. These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `.sql.gz` files. -[Refer to the chart documentation for more information and a usage example](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/customize-new-instance/). +When using a `.sh` script, you may wish to perform a "one-time" action like creating a database. This can be achieved by adding a condition in the script to ensure that it is executed only on one node, as shown in the example below: + +```yaml +initdbScripts: + my_init_script.sh: | + #!/bin/sh + if [[ $(hostname) == *primary* ]]; then + echo "Primary node" + mysql -P 3306 -uroot -prandompassword -e "create database new_database"; + else + echo "No primary node" + fi +``` ### Sidecars and Init Containers -If additional containers are needed in the same pod as MariaDB (such as additional metrics or logging exporters), they can be defined using the sidecars parameter. +If additional containers are needed in the same pod as MariaDB (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. -The Helm chart already includes sidecar containers for the Prometheus exporters. These can be activated by adding the `--set enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. [See an example of configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/configure-sidecar-init-containers/). +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` -Similarly, additional containers can be added to MariaDB pods using the `initContainers` parameter. [See an example of configuring and using init containers](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/configure-sidecar-init-containers/). +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). ## Persistence @@ -522,8 +566,6 @@ Affected values: [On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/administration/upgrade-helm3/). - ### To 8.0.0 - Several parameters were renamed or disappeared in favor of new ones on this major version: diff --git a/charts/bitnami/wordpress/charts/mariadb/values.yaml b/charts/bitnami/wordpress/charts/mariadb/values.yaml index dac39b648..9803c8d99 100644 --- a/charts/bitnami/wordpress/charts/mariadb/values.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/values.yaml @@ -90,7 +90,7 @@ serviceBindings: image: registry: docker.io repository: bitnami/mariadb - tag: 11.2.2-debian-11-r3 + tag: 11.2.2-debian-11-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -330,7 +330,7 @@ primary: ## MariaDB primary container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param primary.containerSecurityContext.enabled MariaDB primary container securityContext - ## @param primary.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param primary.containerSecurityContext.runAsUser User ID for the MariaDB primary container ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged @@ -340,7 +340,7 @@ primary: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -743,7 +743,7 @@ secondary: ## MariaDB secondary container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param secondary.containerSecurityContext.enabled MariaDB secondary container securityContext - ## @param secondary.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param secondary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param secondary.containerSecurityContext.runAsUser User ID for the MariaDB secondary container ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged @@ -753,7 +753,7 @@ secondary: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -1038,7 +1038,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r94 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1074,7 +1074,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.15.1-debian-11-r2 + tag: 0.15.1-debian-11-r5 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1138,7 +1138,7 @@ metrics: ## MariaDB metrics container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container - ## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container ## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged @@ -1156,7 +1156,7 @@ metrics: enabled: false privileged: false runAsNonRoot: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 allowPrivilegeEscalation: false capabilities: diff --git a/charts/bitnami/wordpress/charts/memcached/.helmignore b/charts/bitnami/wordpress/charts/memcached/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/wordpress/charts/memcached/.helmignore +++ b/charts/bitnami/wordpress/charts/memcached/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.yaml b/charts/bitnami/wordpress/charts/memcached/Chart.yaml index 83cb7db78..cc0f3eea2 100644 --- a/charts/bitnami/wordpress/charts/memcached/Chart.yaml +++ b/charts/bitnami/wordpress/charts/memcached/Chart.yaml @@ -2,11 +2,11 @@ annotations: category: Infrastructure images: | - name: memcached-exporter - image: docker.io/bitnami/memcached-exporter:0.14.2-debian-11-r1 + image: docker.io/bitnami/memcached-exporter:0.14.2-debian-11-r5 - name: memcached - image: docker.io/bitnami/memcached:1.6.23-debian-11-r0 + image: docker.io/bitnami/memcached:1.6.23-debian-11-r3 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 licenses: Apache-2.0 apiVersion: v2 appVersion: 1.6.23 @@ -30,4 +30,4 @@ maintainers: name: memcached sources: - https://github.com/bitnami/charts/tree/main/bitnami/memcached -version: 6.9.0 +version: 6.10.1 diff --git a/charts/bitnami/wordpress/charts/memcached/README.md b/charts/bitnami/wordpress/charts/memcached/README.md index dfa05e94c..ed3c59890 100644 --- a/charts/bitnami/wordpress/charts/memcached/README.md +++ b/charts/bitnami/wordpress/charts/memcached/README.md @@ -134,7 +134,7 @@ The command removes all the Kubernetes components associated with the chart and | `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `podSecurityContext.fsGroup` | Set Memcached pod's Security Context fsGroup | `1001` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -176,19 +176,26 @@ The command removes all the Kubernetes components associated with the chart and ### Traffic Exposure parameters -| Name | Description | Value | -| ---------------------------------- | --------------------------------------------------------------------------------------- | ----------- | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.ports.memcached` | Memcached service port | `11211` | -| `service.nodePorts.memcached` | Node port for Memcached | `""` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `""` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `service.clusterIP` | Memcached service Cluster IP | `""` | -| `service.loadBalancerIP` | Memcached service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | Memcached service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | Memcached service external traffic policy | `Cluster` | -| `service.annotations` | Additional custom annotations for Memcached service | `{}` | -| `service.extraPorts` | Extra ports to expose in the Memcached service (normally used with the `sidecar` value) | `[]` | +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------------------------------- | ----------- | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.ports.memcached` | Memcached service port | `11211` | +| `service.nodePorts.memcached` | Node port for Memcached | `""` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `""` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.clusterIP` | Memcached service Cluster IP | `""` | +| `service.loadBalancerIP` | Memcached service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | Memcached service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | Memcached service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for Memcached service | `{}` | +| `service.extraPorts` | Extra ports to expose in the Memcached service (normally used with the `sidecar` value) | `[]` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Other Parameters @@ -223,7 +230,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Memcached exporter image registry | `REGISTRY_NAME` | @@ -235,7 +242,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.resources.limits` | Init container volume-permissions resource limits | `{}` | | `metrics.resources.requests` | Init container volume-permissions resource requests | `{}` | | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -313,9 +320,43 @@ Bitnami will release a new chart updating its containers if a new version of the ### Use Sidecars and Init Containers -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.bitnami.com/kubernetes/infrastructure/memcached/configuration/configure-sidecar-init-containers/). +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: + +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` + +> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. + +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). ### Set Pod affinity @@ -361,8 +402,6 @@ This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs [On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/memcached/administration/upgrade-helm3/). - ### To 4.0.0 Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. diff --git a/charts/bitnami/wordpress/charts/memcached/templates/networkpolicy.yaml b/charts/bitnami/wordpress/charts/memcached/templates/networkpolicy.yaml new file mode 100644 index 000000000..879c63f47 --- /dev/null +++ b/charts/bitnami/wordpress/charts/memcached/templates/networkpolicy.yaml @@ -0,0 +1,74 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow connection to other cluster pods + - ports: + - port: {{ .Values.containerPorts.memcached }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.containerPorts.memcached }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPorts.metrics }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/bitnami/wordpress/charts/memcached/templates/statefulset.yaml b/charts/bitnami/wordpress/charts/memcached/templates/statefulset.yaml index d0819fd1d..291984565 100644 --- a/charts/bitnami/wordpress/charts/memcached/templates/statefulset.yaml +++ b/charts/bitnami/wordpress/charts/memcached/templates/statefulset.yaml @@ -17,7 +17,9 @@ spec: {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + {{- if not (and .Values.autoscaling.enabled (eq .Values.architecture "high-availability")) }} replicas: {{ .Values.replicaCount }} + {{- end }} {{- if .Values.podManagementPolicy }} podManagementPolicy: {{ .Values.podManagementPolicy | quote }} {{- end }} diff --git a/charts/bitnami/wordpress/charts/memcached/values.yaml b/charts/bitnami/wordpress/charts/memcached/values.yaml index cdf0bda6b..dfc151b1e 100644 --- a/charts/bitnami/wordpress/charts/memcached/values.yaml +++ b/charts/bitnami/wordpress/charts/memcached/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r0 + tag: 1.6.23-debian-11-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -229,7 +229,7 @@ podSecurityContext: ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions Set SELinux options in container +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged @@ -240,7 +240,7 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -458,6 +458,61 @@ service: ## extraPorts: [] +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports Keycloak is + ## listening on. When true, Keycloak will accept connections from any source (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## @section Other Parameters ## Service account for Memcached to use. @@ -538,7 +593,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r94 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -560,11 +615,11 @@ volumePermissions: ## Init container' Security Context ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser - ## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## containerSecurityContext: - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 0 ## Prometheus Exporter / Metrics @@ -585,7 +640,7 @@ metrics: image: registry: docker.io repository: bitnami/memcached-exporter - tag: 0.14.2-debian-11-r1 + tag: 0.14.2-debian-11-r5 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -611,7 +666,7 @@ metrics: ## Configure Metrics Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context - ## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged @@ -622,7 +677,7 @@ metrics: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index a8fe72984..e0b6cdef5 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.4.2-debian-11-r18 + tag: 6.4.3-debian-11-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -418,7 +418,7 @@ podSecurityContext: ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions Set SELinux options in container +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged @@ -429,7 +429,7 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -779,7 +779,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r95 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -801,11 +801,11 @@ volumePermissions: ## Init container' Security Context ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser - ## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## containerSecurityContext: - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 0 ## @section Other Parameters @@ -875,7 +875,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.5-debian-11-r3 + tag: 1.0.6-debian-11-r2 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -954,7 +954,7 @@ metrics: ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context - ## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged @@ -965,7 +965,7 @@ metrics: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false diff --git a/charts/bitnami/zookeeper/.helmignore b/charts/bitnami/zookeeper/.helmignore index f0c131944..fb56657ab 100644 --- a/charts/bitnami/zookeeper/.helmignore +++ b/charts/bitnami/zookeeper/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# img folder +img/ diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml index 12ba6f632..fb6f7f60f 100644 --- a/charts/bitnami/zookeeper/Chart.yaml +++ b/charts/bitnami/zookeeper/Chart.yaml @@ -6,9 +6,9 @@ annotations: category: Infrastructure images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r94 + image: docker.io/bitnami/os-shell:11-debian-11-r96 - name: zookeeper - image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r5 + image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r8 licenses: Apache-2.0 apiVersion: v2 appVersion: 3.9.1 @@ -30,4 +30,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 12.6.0 +version: 12.8.1 diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md index 30ae88d15..7879d6824 100644 --- a/charts/bitnami/zookeeper/README.md +++ b/charts/bitnami/zookeeper/README.md @@ -166,7 +166,7 @@ The command removes all the Kubernetes components associated with the chart and | `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | | `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | @@ -226,8 +226,13 @@ The command removes all the Kubernetes components associated with the chart and | `service.headless.annotations` | Annotations for the Headless Service | `{}` | | `service.headless.publishNotReadyAddresses` | If the ZooKeeper headless service should publish DNS records for not ready pods | `true` | | `service.headless.servicenameOverride` | String to partially override headless service name | `""` | -| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Other Parameters @@ -267,7 +272,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | ### Metrics parameters @@ -493,8 +498,6 @@ This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs [On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/zookeeper/administration/upgrade-helm3/). - ### To 5.21.0 A couple of parameters related to Zookeeper metrics were renamed or disappeared in favor of new ones: diff --git a/charts/bitnami/zookeeper/templates/networkpolicy.yaml b/charts/bitnami/zookeeper/templates/networkpolicy.yaml index 34d36f971..e9de1da12 100644 --- a/charts/bitnami/zookeeper/templates/networkpolicy.yaml +++ b/charts/bitnami/zookeeper/templates/networkpolicy.yaml @@ -19,6 +19,29 @@ spec: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} policyTypes: - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow internal communications between nodes + - ports: + - port: {{ .Values.containerPorts.follower }} + - port: {{ .Values.containerPorts.election }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} ingress: # Allow inbound connections to ZooKeeper - ports: @@ -28,11 +51,27 @@ spec: {{- end }} {{- if not .Values.networkPolicy.allowExternal }} from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - podSelector: matchLabels: {{ include "common.names.fullname" . }}-client: "true" - podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} {{- end }} # Allow internal communications between nodes - ports: @@ -41,4 +80,7 @@ spec: from: - podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml index dd9142de3..8cbbc0c7d 100644 --- a/charts/bitnami/zookeeper/values.yaml +++ b/charts/bitnami/zookeeper/values.yaml @@ -79,7 +79,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.9.1-debian-11-r5 + tag: 3.9.1-debian-11-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -339,7 +339,7 @@ podSecurityContext: ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions Set SELinux options in container +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged @@ -350,7 +350,7 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 1001 runAsNonRoot: true privileged: false @@ -602,12 +602,53 @@ service: networkPolicy: ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal Don't require client label for connections ## When set to false, only pods with the correct client label will have network access to the port Redis® is ## listening on. When true, zookeeper accept connections from any source (with the correct destination port). ## allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## @section Other Parameters @@ -711,7 +752,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r94 + tag: 11-debian-11-r96 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -734,12 +775,12 @@ volumePermissions: ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser ## @param volumePermissions.containerSecurityContext.enabled Enabled init container Security Context - ## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## containerSecurityContext: enabled: true - seLinuxOptions: {} + seLinuxOptions: null runAsUser: 0 ## @section Metrics parameters diff --git a/charts/cert-manager/cert-manager/Chart.yaml b/charts/cert-manager/cert-manager/Chart.yaml index a058286e8..9e635a610 100644 --- a/charts/cert-manager/cert-manager/Chart.yaml +++ b/charts/cert-manager/cert-manager/Chart.yaml @@ -10,7 +10,7 @@ annotations: catalog.cattle.io/namespace: cert-manager catalog.cattle.io/release-name: cert-manager apiVersion: v1 -appVersion: v1.13.3 +appVersion: v1.14.2 description: A Helm chart for cert-manager home: https://github.com/cert-manager/cert-manager icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png @@ -27,4 +27,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.13.3 +version: v1.14.2 diff --git a/charts/cert-manager/cert-manager/README.md b/charts/cert-manager/cert-manager/README.md index bdff2abe8..8f4096b06 100644 --- a/charts/cert-manager/cert-manager/README.md +++ b/charts/cert-manager/cert-manager/README.md @@ -8,7 +8,7 @@ to renew certificates at an appropriate time before expiry. ## Prerequisites -- Kubernetes 1.20+ +- Kubernetes 1.22+ ## Installing the Chart @@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources. ```bash -$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.crds.yaml +$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.crds.yaml ``` To install the chart with the release name `my-release`: @@ -29,7 +29,7 @@ To install the chart with the release name `my-release`: $ helm repo add jetstack https://charts.jetstack.io ## Install the cert-manager helm chart -$ helm install my-release --namespace cert-manager --version v1.13.3 jetstack/cert-manager +$ helm install my-release --namespace cert-manager --version v1.14.2 jetstack/cert-manager ``` In order to begin issuing certificates, you will need to set up a ClusterIssuer @@ -65,182 +65,1724 @@ If you want to completely uninstall cert-manager from your cluster, you will als delete the previously installed CustomResourceDefinition resources: ```console -$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.crds.yaml +$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.crds.yaml ``` ## Configuration + -The following table lists the configurable parameters of the cert-manager chart and their default values. +### Global -| Parameter | Description | Default | -| --------- | ----------- | ------- | -| `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | `[]` | -| `global.commonLabels` | Labels to apply to all resources | `{}` | -| `global.rbac.create` | If `true`, create and use RBAC resources (includes sub-charts) | `true` | -| `global.priorityClassName`| Priority class name for cert-manager and webhook pods | `""` | -| `global.podSecurityPolicy.enabled` | If `true`, create and use PodSecurityPolicy (includes sub-charts) | `false` | -| `global.podSecurityPolicy.useAppArmor` | If `true`, use Apparmor seccomp profile in PSP | `true` | -| `global.leaderElection.namespace` | Override the namespace used to store the ConfigMap for leader election | `kube-system` | -| `global.leaderElection.leaseDuration` | The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate | | -| `global.leaderElection.renewDeadline` | The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration | | -| `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | | -| `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` | -| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v1.13.3` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `replicaCount` | Number of cert-manager replicas | `1` | -| `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod | -| `featureGates` | Set of comma-separated key=value pairs that describe feature gates on the controller. Some feature gates may also have to be enabled on other components, and can be set supplying the `feature-gate` flag to `.extraArgs` | `` | -| `extraArgs` | Optional flags for cert-manager | `[]` | -| `extraEnv` | Optional environment variables for cert-manager | `[]` | -| `serviceAccount.create` | If `true`, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | | -| `serviceAccount.annotations` | Annotations to add to the service account | | -| `serviceAccount.automountServiceAccountToken` | Automount API credentials for the Service Account | `true` | -| `volumes` | Optional volumes for cert-manager | `[]` | -| `volumeMounts` | Optional volume mounts for cert-manager | `[]` | -| `resources` | CPU/memory resource requests/limits | `{}` | -| `securityContext` | Security context for the controller pod assignment | refer to [Default Security Contexts](#default-security-contexts) | -| `containerSecurityContext` | Security context to be set on the controller component container | refer to [Default Security Contexts](#default-security-contexts) | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `affinity` | Node affinity for pod assignment | `{}` | -| `tolerations` | Node tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | Topology spread constraints for pod assignment | `[]` | -| `livenessProbe.enabled` | Enable or disable the liveness probe for the controller container in the controller Pod. See https://cert-manager.io/docs/installation/best-practice/ to learn about when you might want to enable this livenss probe. | `false` | -| `livenessProbe.initialDelaySeconds` | The liveness probe initial delay (in seconds) | `10` | -| `livenessProbe.periodSeconds` | The liveness probe period (in seconds) | `10` | -| `livenessProbe.timeoutSeconds` | The liveness probe timeout (in seconds) | `10` | -| `livenessProbe.periodSeconds` | The liveness probe period (in seconds) | `10` | -| `livenessProbe.successThreshold` | The liveness probe success threshold | `1` | -| `livenessProbe.failureThreshold` | The liveness probe failure threshold | `8` | -| `ingressShim.defaultIssuerName` | Optional default issuer to use for ingress resources | | -| `ingressShim.defaultIssuerKind` | Optional default issuer kind to use for ingress resources | | -| `ingressShim.defaultIssuerGroup` | Optional default issuer group to use for ingress resources | | -| `prometheus.enabled` | Enable Prometheus monitoring | `true` | -| `prometheus.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor monitoring | `false` | -| `prometheus.servicemonitor.namespace` | Define namespace where to deploy the ServiceMonitor resource | (namespace where you are deploying) | -| `prometheus.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default` | -| `prometheus.servicemonitor.targetPort` | Prometheus scrape port | `9402` | -| `prometheus.servicemonitor.path` | Prometheus scrape path | `/metrics` | -| `prometheus.servicemonitor.interval` | Prometheus scrape interval | `60s` | -| `prometheus.servicemonitor.labels` | Add custom labels to ServiceMonitor | | -| `prometheus.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` | -| `prometheus.servicemonitor.honorLabels` | Enable label honoring for metrics scraped by Prometheus (see [Prometheus scrape config docs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) for details). By setting `honorLabels` to `true`, Prometheus will prefer label contents given by cert-manager on conflicts. Can be used to remove the "exported_namespace" label for example. | `false` | -| `podAnnotations` | Annotations to add to the cert-manager pod | `{}` | -| `deploymentAnnotations` | Annotations to add to the cert-manager deployment | `{}` | -| `podDisruptionBudget.enabled` | Adds a PodDisruptionBudget for the cert-manager deployment | `false` | -| `podDisruptionBudget.minAvailable` | Configures the minimum available pods for voluntary disruptions. Cannot used if `maxUnavailable` is set. | `1` | -| `podDisruptionBudget.maxUnavailable` | Configures the maximum unavailable pods for voluntary disruptions. Cannot used if `minAvailable` is set. | | -| `podDnsPolicy` | Optional cert-manager pod [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy) | | -| `podDnsConfig` | Optional cert-manager pod [DNS configurations](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-config) | | -| `podLabels` | Labels to add to the cert-manager pod | `{}` | -| `serviceLabels` | Labels to add to the cert-manager controller service | `{}` | -| `serviceAnnotations` | Annotations to add to the cert-manager service | `{}` | -| `http_proxy` | Value of the `HTTP_PROXY` environment variable in the cert-manager pod | | -| `https_proxy` | Value of the `HTTPS_PROXY` environment variable in the cert-manager pod | | -| `no_proxy` | Value of the `NO_PROXY` environment variable in the cert-manager pod | | -| `dns01RecursiveNameservers` | Comma separated string with host and port of the recursive nameservers cert-manager should query | `` | -| `dns01RecursiveNameserversOnly` | Forces cert-manager to only use the recursive nameservers for verification. | `false` | -| `enableCertificateOwnerRef` | When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted | `false` | -| `config` | ControllerConfiguration YAML used to configure flags for the controller. Generates a ConfigMap containing contents of the field. See `values.yaml` for example. | `{}` | -| `enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | -| `webhook.replicaCount` | Number of cert-manager webhook replicas | `1` | -| `webhook.timeoutSeconds` | Seconds the API server should wait the webhook to respond before treating the call as a failure. | `10` | -| `webhook.podAnnotations` | Annotations to add to the webhook pods | `{}` | -| `webhook.podLabels` | Labels to add to the cert-manager webhook pod | `{}` | -| `webhook.serviceLabels` | Labels to add to the cert-manager webhook service | `{}` | -| `webhook.deploymentAnnotations` | Annotations to add to the webhook deployment | `{}` | -| `webhook.podDisruptionBudget.enabled` | Adds a PodDisruptionBudget for the cert-manager deployment | `false` | -| `webhook.podDisruptionBudget.minAvailable` | Configures the minimum available pods for voluntary disruptions. Cannot used if `maxUnavailable` is set. | `1` | -| `webhook.podDisruptionBudget.maxUnavailable` | Configures the maximum unavailable pods for voluntary disruptions. Cannot used if `minAvailable` is set. | | -| `webhook.mutatingWebhookConfigurationAnnotations` | Annotations to add to the mutating webhook configuration | `{}` | -| `webhook.validatingWebhookConfigurationAnnotations` | Annotations to add to the validating webhook configuration | `{}` | -| `webhook.serviceAnnotations` | Annotations to add to the webhook service | `{}` | -| `webhook.config` | WebhookConfiguration YAML used to configure flags for the webhook. Generates a ConfigMap containing contents of the field. See `values.yaml` for example. | `{}` | -| `webhook.extraArgs` | Optional flags for cert-manager webhook component | `[]` | -| `webhook.serviceAccount.create` | If `true`, create a new service account for the webhook component | `true` | -| `webhook.serviceAccount.name` | Service account for the webhook component to be used. If not set and `webhook.serviceAccount.create` is `true`, a name is generated using the fullname template | | -| `webhook.serviceAccount.annotations` | Annotations to add to the service account for the webhook component | | -| `webhook.serviceAccount.automountServiceAccountToken` | Automount API credentials for the webhook Service Account | | -| `webhook.resources` | CPU/memory resource requests/limits for the webhook pods | `{}` | -| `webhook.nodeSelector` | Node labels for webhook pod assignment | `{}` | -| `webhook.networkPolicy.enabled` | Enable default network policies for webhooks egress and ingress traffic | `false` | -| `webhook.networkPolicy.ingress` | Sets ingress policy block. See NetworkPolicy documentation. See `values.yaml` for example. | `{}` | -| `webhook.networkPolicy.egress` | Sets ingress policy block. See NetworkPolicy documentation. See `values.yaml` for example. | `{}` | -| `webhook.affinity` | Node affinity for webhook pod assignment | `{}` | -| `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` | -| `webhook.topologySpreadConstraints` | Topology spread constraints for webhook pod assignment | `[]` | -| `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` | -| `webhook.image.tag` | Webhook image tag | `v1.13.3` | -| `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` | -| `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` | -| `webhook.securityContext` | Security context for webhook pod assignment | refer to [Default Security Contexts](#default-security-contexts) | -| `webhook.containerSecurityContext` | Security context to be set on the webhook component container | refer to [Default Security Contexts](#default-security-contexts) | -| `webhook.hostNetwork` | If `true`, run the Webhook on the host network. | `false` | -| `webhook.serviceType` | The type of the `Service`. | `ClusterIP` | -| `webhook.loadBalancerIP` | The specific load balancer IP to use (when `serviceType` is `LoadBalancer`). | | -| `webhook.url.host` | The host to use to reach the webhook, instead of using internal cluster DNS for the service. | | -| `webhook.livenessProbe.failureThreshold` | The liveness probe failure threshold | `3` | -| `webhook.livenessProbe.initialDelaySeconds` | The liveness probe initial delay (in seconds) | `60` | -| `webhook.livenessProbe.periodSeconds` | The liveness probe period (in seconds) | `10` | -| `webhook.livenessProbe.successThreshold` | The liveness probe success threshold | `1` | -| `webhook.livenessProbe.timeoutSeconds` | The liveness probe timeout (in seconds) | `1` | -| `webhook.readinessProbe.failureThreshold` | The readiness probe failure threshold | `3` | -| `webhook.readinessProbe.initialDelaySeconds` | The readiness probe initial delay (in seconds) | `5` | -| `webhook.readinessProbe.periodSeconds` | The readiness probe period (in seconds) | `5` | -| `webhook.readinessProbe.successThreshold` | The readiness probe success threshold | `1` | -| `webhook.readinessProbe.timeoutSeconds` | The readiness probe timeout (in seconds) | `1` | -| `webhook.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | -| `cainjector.enabled` | Toggles whether the cainjector component should be installed (required for the webhook component to work) | `true` | -| `cainjector.replicaCount` | Number of cert-manager cainjector replicas | `1` | -| `cainjector.podAnnotations` | Annotations to add to the cainjector pods | `{}` | -| `cainjector.podLabels` | Labels to add to the cert-manager cainjector pod | `{}` | -| `cainjector.deploymentAnnotations` | Annotations to add to the cainjector deployment | `{}` | -| `cainjector.podDisruptionBudget.enabled` | Adds a PodDisruptionBudget for the cert-manager deployment | `false` | -| `cainjector.podDisruptionBudget.minAvailable` | Configures the minimum available pods for voluntary disruptions. Cannot used if `maxUnavailable` is set. | `1` | -| `cainjector.podDisruptionBudget.maxUnavailable` | Configures the maximum unavailable pods for voluntary disruptions. Cannot used if `minAvailable` is set. | | -| `cainjector.extraArgs` | Optional flags for cert-manager cainjector component | `[]` | -| `cainjector.serviceAccount.create` | If `true`, create a new service account for the cainjector component | `true` | -| `cainjector.serviceAccount.name` | Service account for the cainjector component to be used. If not set and `cainjector.serviceAccount.create` is `true`, a name is generated using the fullname template | | -| `cainjector.serviceAccount.annotations` | Annotations to add to the service account for the cainjector component | | -| `cainjector.serviceAccount.automountServiceAccountToken` | Automount API credentials for the cainjector Service Account | `true` | -| `cainjector.resources` | CPU/memory resource requests/limits for the cainjector pods | `{}` | -| `cainjector.nodeSelector` | Node labels for cainjector pod assignment | `{}` | -| `cainjector.affinity` | Node affinity for cainjector pod assignment | `{}` | -| `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` | -| `cainjector.topologySpreadConstraints` | Topology spread constraints for cainjector pod assignment | `[]` | -| `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` | -| `cainjector.image.tag` | cainjector image tag | `v1.13.3` | -| `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` | -| `cainjector.securityContext` | Security context for cainjector pod assignment | refer to [Default Security Contexts](#default-security-contexts) | -| `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | refer to [Default Security Contexts](#default-security-contexts) | -| `cainjector.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | -| `acmesolver.image.repository` | acmesolver image repository | `quay.io/jetstack/cert-manager-acmesolver` | -| `acmesolver.image.tag` | acmesolver image tag | `v1.13.3` | -| `acmesolver.image.pullPolicy` | acmesolver image pull policy | `IfNotPresent` | -| `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` | -| `startupapicheck.securityContext` | Security context for startupapicheck pod assignment | refer to [Default Security Contexts](#default-security-contexts) | -| `startupapicheck.containerSecurityContext` | Security context to be set on startupapicheck component container | refer to [Default Security Contexts](#default-security-contexts) | -| `startupapicheck.timeout` | Timeout for 'kubectl check api' command | `1m` | -| `startupapicheck.backoffLimit` | Job backoffLimit | `4` | -| `startupapicheck.jobAnnotations` | Optional additional annotations to add to the startupapicheck Job | `{}` | -| `startupapicheck.podAnnotations` | Optional additional annotations to add to the startupapicheck Pods | `{}` | -| `startupapicheck.extraArgs` | Optional additional arguments for startupapicheck | `[]` | -| `startupapicheck.resources` | CPU/memory resource requests/limits for the startupapicheck pod | `{}` | -| `startupapicheck.nodeSelector` | Node labels for startupapicheck pod assignment | `{}` | -| `startupapicheck.affinity` | Node affinity for startupapicheck pod assignment | `{}` | -| `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` | -| `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` | -| `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` | -| `startupapicheck.image.tag` | startupapicheck image tag | `v1.13.3` | -| `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` | -| `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` | -| `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | | -| `startupapicheck.serviceAccount.annotations` | Annotations to add to the service account for the startupapicheck component | | -| `startupapicheck.serviceAccount.automountServiceAccountToken` | Automount API credentials for the startupapicheck Service Account | `true` | -| `startupapicheck.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | -| `maxConcurrentChallenges` | The maximum number of challenges that can be scheduled as 'processing' at once | `60` | +#### **global.imagePullSecrets** ~ `array` +> Default value: +> ```yaml +> [] +> ``` +Reference to one or more secrets to be used when pulling images +ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + +For example: + +```yaml +imagePullSecrets: + - name: "image-pull-secret" +``` +#### **global.commonLabels** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Labels to apply to all resources +Please note that this does not add labels to the resources created dynamically by the controllers. For these resources, you have to add the labels in the template in the cert-manager custom resource: eg. podTemplate/ ingressTemplate in ACMEChallengeSolverHTTP01Ingress + ref: https://cert-manager.io/docs/reference/api-docs/#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress +eg. secretTemplate in CertificateSpec + ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec +#### **global.revisionHistoryLimit** ~ `number` + +The number of old ReplicaSets to retain to allow rollback (If not set, default Kubernetes value is set to 10) + +#### **global.priorityClassName** ~ `string` +> Default value: +> ```yaml +> "" +> ``` + +Optional priority class to be used for the cert-manager pods +#### **global.rbac.create** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Create required ClusterRoles and ClusterRoleBindings for cert-manager +#### **global.rbac.aggregateClusterRoles** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Aggregate ClusterRoles to Kubernetes default user-facing roles. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles +#### **global.podSecurityPolicy.enabled** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Create PodSecurityPolicy for cert-manager + +NOTE: PodSecurityPolicy was deprecated in Kubernetes 1.21 and removed in 1.25 +#### **global.podSecurityPolicy.useAppArmor** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Configure the PodSecurityPolicy to use AppArmor +#### **global.logLevel** ~ `number` +> Default value: +> ```yaml +> 2 +> ``` + +Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. +#### **global.leaderElection.namespace** ~ `string` +> Default value: +> ```yaml +> kube-system +> ``` + +Override the namespace used for the leader election lease +#### **global.leaderElection.leaseDuration** ~ `string` + +The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. + +#### **global.leaderElection.renewDeadline** ~ `string` + +The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. + +#### **global.leaderElection.retryPeriod** ~ `string` + +The duration the clients should wait between attempting acquisition and renewal of a leadership. + +#### **installCRDs** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Install the cert-manager CRDs, it is recommended to not use Helm to manage the CRDs +### Controller + +#### **replicaCount** ~ `number` +> Default value: +> ```yaml +> 1 +> ``` + +Number of replicas of the cert-manager controller to run. + +The default is 1, but in production you should set this to 2 or 3 to provide high availability. + +If `replicas > 1` you should also consider setting `podDisruptionBudget.enabled=true`. + +Note: cert-manager uses leader election to ensure that there can only be a single instance active at a time. +#### **strategy** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Deployment update strategy for the cert-manager controller deployment. See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + +For example: + +```yaml +strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 +``` +#### **podDisruptionBudget.enabled** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Enable or disable the PodDisruptionBudget resource + +This prevents downtime during voluntary disruptions such as during a Node upgrade. For example, the PodDisruptionBudget will block `kubectl drain` if it is used on the Node where the only remaining cert-manager +Pod is currently running. +#### **podDisruptionBudget.minAvailable** ~ `number` + +Configures the minimum available pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). +Cannot be used if `maxUnavailable` is set. + +#### **podDisruptionBudget.maxUnavailable** ~ `number` + +Configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). +Cannot be used if `minAvailable` is set. + +#### **featureGates** ~ `string` +> Default value: +> ```yaml +> "" +> ``` + +Comma separated list of feature gates that should be enabled on the controller pod. +#### **maxConcurrentChallenges** ~ `number` +> Default value: +> ```yaml +> 60 +> ``` + +The maximum number of challenges that can be scheduled as 'processing' at once +#### **image.registry** ~ `string` + +The container registry to pull the manager image from + +#### **image.repository** ~ `string` +> Default value: +> ```yaml +> quay.io/jetstack/cert-manager-controller +> ``` + +The container image for the cert-manager controller + +#### **image.tag** ~ `string` + +Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. + +#### **image.digest** ~ `string` + +Setting a digest will override any tag + +#### **image.pullPolicy** ~ `string` +> Default value: +> ```yaml +> IfNotPresent +> ``` + +Kubernetes imagePullPolicy on Deployment. +#### **clusterResourceNamespace** ~ `string` +> Default value: +> ```yaml +> "" +> ``` + +Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart. +#### **namespace** ~ `string` +> Default value: +> ```yaml +> "" +> ``` + +This namespace allows you to define where the services will be installed into if not set then they will use the namespace of the release. This is helpful when installing cert manager as a chart dependency (sub chart) +#### **serviceAccount.create** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Specifies whether a service account should be created +#### **serviceAccount.name** ~ `string` + +The name of the service account to use. +If not set and create is true, a name is generated using the fullname template + +#### **serviceAccount.annotations** ~ `object` + +Optional additional annotations to add to the controller's ServiceAccount + +#### **serviceAccount.labels** ~ `object` + +Optional additional labels to add to the controller's ServiceAccount + +#### **serviceAccount.automountServiceAccountToken** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Automount API credentials for a Service Account. +#### **automountServiceAccountToken** ~ `bool` + +Automounting API credentials for a particular pod + +#### **enableCertificateOwnerRef** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted +#### **config** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Used to configure options for the controller pod. +This allows setting options that'd usually be provided via flags. An APIVersion and Kind must be specified in your values.yaml file. +Flags will override options that are set here. + +For example: + +```yaml +config: + apiVersion: controller.config.cert-manager.io/v1alpha1 + kind: ControllerConfiguration + logging: + verbosity: 2 + format: text + leaderElectionConfig: + namespace: kube-system + kubernetesAPIQPS: 9000 + kubernetesAPIBurst: 9000 + numberOfConcurrentWorkers: 200 + featureGates: + AdditionalCertificateOutputFormats: true + DisallowInsecureCSRUsageDefinition: true + ExperimentalCertificateSigningRequestControllers: true + ExperimentalGatewayAPISupport: true + LiteralCertificateSubject: true + SecretsFilteredCaching: true + ServerSideApply: true + StableCertificateRequestName: true + UseCertificateRequestBasicConstraints: true + ValidateCAA: true + metricsTLSConfig: + dynamic: + secretNamespace: "cert-manager" + secretName: "cert-manager-metrics-ca" + dnsNames: + - cert-manager-metrics + - cert-manager-metrics.cert-manager + - cert-manager-metrics.cert-manager.svc +``` +#### **dns01RecursiveNameservers** ~ `string` +> Default value: +> ```yaml +> "" +> ``` + +Comma separated string with host and port of the recursive nameservers cert-manager should query +#### **dns01RecursiveNameserversOnly** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Forces cert-manager to only use the recursive nameservers for verification. Enabling this option could cause the DNS01 self check to take longer due to caching performed by the recursive nameservers +#### **extraArgs** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional command line flags to pass to cert-manager controller binary. To see all available flags run docker run quay.io/jetstack/cert-manager-controller: --help + +Use this flag to enable or disable arbitrary controllers, for example, disable the CertificiateRequests approver + +For example: + +```yaml +extraArgs: + - --controllers=*,-certificaterequests-approver +``` +#### **extraEnv** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional environment variables to pass to cert-manager controller binary. +#### **resources** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Resources to provide to the cert-manager controller pod + +For example: + +```yaml +requests: + cpu: 10m + memory: 32Mi +``` + +ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +#### **securityContext** ~ `object` +> Default value: +> ```yaml +> runAsNonRoot: true +> seccompProfile: +> type: RuntimeDefault +> ``` + +Pod Security Context +ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + +#### **containerSecurityContext** ~ `object` +> Default value: +> ```yaml +> allowPrivilegeEscalation: false +> capabilities: +> drop: +> - ALL +> readOnlyRootFilesystem: true +> ``` + +Container Security Context to be set on the controller component container +ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + +#### **volumes** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional volumes to add to the cert-manager controller pod. +#### **volumeMounts** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional volume mounts to add to the cert-manager controller container. +#### **deploymentAnnotations** ~ `object` + +Optional additional annotations to add to the controller Deployment + +#### **podAnnotations** ~ `object` + +Optional additional annotations to add to the controller Pods + +#### **podLabels** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Optional additional labels to add to the controller Pods +#### **serviceAnnotations** ~ `object` + +Optional annotations to add to the controller Service + +#### **serviceLabels** ~ `object` + +Optional additional labels to add to the controller Service + +#### **podDnsPolicy** ~ `string` + +Pod DNS policy +ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy + +#### **podDnsConfig** ~ `object` + +Pod DNS config, podDnsConfig field is optional and it can work with any podDnsPolicy settings. However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified. +ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config + +#### **nodeSelector** ~ `object` +> Default value: +> ```yaml +> kubernetes.io/os: linux +> ``` + +The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with matching labels. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + +This default ensures that Pods are only scheduled to Linux nodes. It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + +#### **ingressShim.defaultIssuerName** ~ `string` + +Optional default issuer to use for ingress resources + +#### **ingressShim.defaultIssuerKind** ~ `string` + +Optional default issuer kind to use for ingress resources + +#### **ingressShim.defaultIssuerGroup** ~ `string` + +Optional default issuer group to use for ingress resources + +#### **http_proxy** ~ `string` + +Configures the HTTP_PROXY environment variable for where a HTTP proxy is required + +#### **https_proxy** ~ `string` + +Configures the HTTPS_PROXY environment variable for where a HTTP proxy is required + +#### **no_proxy** ~ `string` + +Configures the NO_PROXY environment variable for where a HTTP proxy is required, but certain domains should be excluded + +#### **affinity** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + +For example: + +```yaml +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: foo.bar.com/role + operator: In + values: + - master +``` +#### **tolerations** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + +For example: + +```yaml +tolerations: +- key: foo.bar.com/role + operator: Equal + value: master + effect: NoSchedule +``` +#### **topologySpreadConstraints** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core + +For example: + +```yaml +topologySpreadConstraints: +- maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/component: controller +``` +#### **livenessProbe** ~ `object` +> Default value: +> ```yaml +> enabled: true +> failureThreshold: 8 +> initialDelaySeconds: 10 +> periodSeconds: 10 +> successThreshold: 1 +> timeoutSeconds: 15 +> ``` + +LivenessProbe settings for the controller container of the controller Pod. + +Enabled by default, because we want to enable the clock-skew liveness probe that restarts the controller in case of a skew between the system clock and the monotonic clock. LivenessProbe durations and thresholds are based on those used for the Kubernetes controller-manager. See: https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245 + +#### **enableServiceLinks** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +enableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. +### Prometheus + +#### **prometheus.enabled** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Enable Prometheus monitoring for the cert-manager controller to use with the. Prometheus Operator. If this option is enabled without enabling `prometheus.servicemonitor.enabled` or +`prometheus.podmonitor.enabled`, 'prometheus.io' annotations are added to the cert-manager Deployment +resources. Additionally, a service is created which can be used together with your own ServiceMonitor (managed outside of this Helm chart). Otherwise, a ServiceMonitor/ PodMonitor is created. +#### **prometheus.servicemonitor.enabled** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Create a ServiceMonitor to add cert-manager to Prometheus +#### **prometheus.servicemonitor.prometheusInstance** ~ `string` +> Default value: +> ```yaml +> default +> ``` + +Specifies the `prometheus` label on the created ServiceMonitor, this is used when different Prometheus instances have label selectors matching different ServiceMonitors. +#### **prometheus.servicemonitor.targetPort** ~ `number` +> Default value: +> ```yaml +> 9402 +> ``` + +The target port to set on the ServiceMonitor, should match the port that cert-manager controller is listening on for metrics +#### **prometheus.servicemonitor.path** ~ `string` +> Default value: +> ```yaml +> /metrics +> ``` + +The path to scrape for metrics +#### **prometheus.servicemonitor.interval** ~ `string` +> Default value: +> ```yaml +> 60s +> ``` + +The interval to scrape metrics +#### **prometheus.servicemonitor.scrapeTimeout** ~ `string` +> Default value: +> ```yaml +> 30s +> ``` + +The timeout before a metrics scrape fails +#### **prometheus.servicemonitor.labels** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Additional labels to add to the ServiceMonitor +#### **prometheus.servicemonitor.annotations** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Additional annotations to add to the ServiceMonitor +#### **prometheus.servicemonitor.honorLabels** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Keep labels from scraped data, overriding server-side labels. +#### **prometheus.servicemonitor.endpointAdditionalProperties** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +EndpointAdditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc. + +For example: + +```yaml +endpointAdditionalProperties: + relabelings: + - action: replace + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: instance +``` + + + +#### **prometheus.podmonitor.enabled** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Create a PodMonitor to add cert-manager to Prometheus +#### **prometheus.podmonitor.prometheusInstance** ~ `string` +> Default value: +> ```yaml +> default +> ``` + +Specifies the `prometheus` label on the created PodMonitor, this is used when different Prometheus instances have label selectors matching different PodMonitor. +#### **prometheus.podmonitor.path** ~ `string` +> Default value: +> ```yaml +> /metrics +> ``` + +The path to scrape for metrics +#### **prometheus.podmonitor.interval** ~ `string` +> Default value: +> ```yaml +> 60s +> ``` + +The interval to scrape metrics +#### **prometheus.podmonitor.scrapeTimeout** ~ `string` +> Default value: +> ```yaml +> 30s +> ``` + +The timeout before a metrics scrape fails +#### **prometheus.podmonitor.labels** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Additional labels to add to the PodMonitor +#### **prometheus.podmonitor.annotations** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Additional annotations to add to the PodMonitor +#### **prometheus.podmonitor.honorLabels** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Keep labels from scraped data, overriding server-side labels. +#### **prometheus.podmonitor.endpointAdditionalProperties** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +EndpointAdditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc. + +For example: + +```yaml +endpointAdditionalProperties: + relabelings: + - action: replace + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: instance +``` + + + +### Webhook + +#### **webhook.replicaCount** ~ `number` +> Default value: +> ```yaml +> 1 +> ``` + +Number of replicas of the cert-manager webhook to run. + +The default is 1, but in production you should set this to 2 or 3 to provide high availability. + +If `replicas > 1` you should also consider setting `webhook.podDisruptionBudget.enabled=true`. +#### **webhook.timeoutSeconds** ~ `number` +> Default value: +> ```yaml +> 30 +> ``` + +Seconds the API server should wait for the webhook to respond before treating the call as a failure. +Value must be between 1 and 30 seconds. See: +https://kubernetes.io/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/ + +We set the default to the maximum value of 30 seconds. Here's why: Users sometimes report that the connection between the K8S API server and the cert-manager webhook server times out. If *this* timeout is reached, the error message will be "context deadline exceeded", which doesn't help the user diagnose what phase of the HTTPS connection timed out. For example, it could be during DNS resolution, TCP connection, TLS negotiation, HTTP negotiation, or slow HTTP response from the webhook server. So by setting this timeout to its maximum value the underlying timeout error message has more chance of being returned to the end user. +#### **webhook.config** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Used to configure options for the webhook pod. +This allows setting options that'd usually be provided via flags. An APIVersion and Kind must be specified in your values.yaml file. +Flags will override options that are set here. + +For example: + +```yaml +apiVersion: webhook.config.cert-manager.io/v1alpha1 +kind: WebhookConfiguration +# The port that the webhook should listen on for requests. +# In GKE private clusters, by default kubernetes apiservers are allowed to +# talk to the cluster nodes only on 443 and 10250. so configuring +# securePort: 10250, will work out of the box without needing to add firewall +# rules or requiring NET_BIND_SERVICE capabilities to bind port numbers < 1000. +# This should be uncommented and set as a default by the chart once we graduate +# the apiVersion of WebhookConfiguration past v1alpha1. +securePort: 10250 +``` +#### **webhook.strategy** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Deployment update strategy for the cert-manager webhook deployment. See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + +For example: + +```yaml +strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 +``` +#### **webhook.securityContext** ~ `object` +> Default value: +> ```yaml +> runAsNonRoot: true +> seccompProfile: +> type: RuntimeDefault +> ``` + +Pod Security Context to be set on the webhook component Pod +ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + +#### **webhook.containerSecurityContext** ~ `object` +> Default value: +> ```yaml +> allowPrivilegeEscalation: false +> capabilities: +> drop: +> - ALL +> readOnlyRootFilesystem: true +> ``` + +Container Security Context to be set on the webhook component container +ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + +#### **webhook.podDisruptionBudget.enabled** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Enable or disable the PodDisruptionBudget resource + +This prevents downtime during voluntary disruptions such as during a Node upgrade. For example, the PodDisruptionBudget will block `kubectl drain` if it is used on the Node where the only remaining cert-manager +Pod is currently running. +#### **webhook.podDisruptionBudget.minAvailable** ~ `number` + +Configures the minimum available pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). +Cannot be used if `maxUnavailable` is set. + +#### **webhook.podDisruptionBudget.maxUnavailable** ~ `number` + +Configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). +Cannot be used if `minAvailable` is set. + +#### **webhook.deploymentAnnotations** ~ `object` + +Optional additional annotations to add to the webhook Deployment + +#### **webhook.podAnnotations** ~ `object` + +Optional additional annotations to add to the webhook Pods + +#### **webhook.serviceAnnotations** ~ `object` + +Optional additional annotations to add to the webhook Service + +#### **webhook.mutatingWebhookConfigurationAnnotations** ~ `object` + +Optional additional annotations to add to the webhook MutatingWebhookConfiguration + +#### **webhook.validatingWebhookConfigurationAnnotations** ~ `object` + +Optional additional annotations to add to the webhook ValidatingWebhookConfiguration + +#### **webhook.validatingWebhookConfiguration.namespaceSelector** ~ `object` +> Default value: +> ```yaml +> matchExpressions: +> - key: cert-manager.io/disable-validation +> operator: NotIn +> values: +> - "true" +> ``` + +Configure spec.namespaceSelector for validating webhooks. + +#### **webhook.mutatingWebhookConfiguration.namespaceSelector** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Configure spec.namespaceSelector for mutating webhooks. + +#### **webhook.extraArgs** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional command line flags to pass to cert-manager webhook binary. To see all available flags run docker run quay.io/jetstack/cert-manager-webhook: --help +#### **webhook.featureGates** ~ `string` +> Default value: +> ```yaml +> "" +> ``` + +Comma separated list of feature gates that should be enabled on the webhook pod. +#### **webhook.resources** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Resources to provide to the cert-manager webhook pod + +For example: + +```yaml +requests: + cpu: 10m + memory: 32Mi +``` + +ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +#### **webhook.livenessProbe** ~ `object` +> Default value: +> ```yaml +> failureThreshold: 3 +> initialDelaySeconds: 60 +> periodSeconds: 10 +> successThreshold: 1 +> timeoutSeconds: 1 +> ``` + +Liveness probe values +ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + +#### **webhook.readinessProbe** ~ `object` +> Default value: +> ```yaml +> failureThreshold: 3 +> initialDelaySeconds: 5 +> periodSeconds: 5 +> successThreshold: 1 +> timeoutSeconds: 1 +> ``` + +Readiness probe values +ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + +#### **webhook.nodeSelector** ~ `object` +> Default value: +> ```yaml +> kubernetes.io/os: linux +> ``` + +The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with matching labels. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + +This default ensures that Pods are only scheduled to Linux nodes. It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + +#### **webhook.affinity** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + +For example: + +```yaml +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: foo.bar.com/role + operator: In + values: + - master +``` +#### **webhook.tolerations** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + +For example: + +```yaml +tolerations: +- key: foo.bar.com/role + operator: Equal + value: master + effect: NoSchedule +``` +#### **webhook.topologySpreadConstraints** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core + +For example: + +```yaml +topologySpreadConstraints: +- maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/component: controller +``` +#### **webhook.podLabels** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Optional additional labels to add to the Webhook Pods +#### **webhook.serviceLabels** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Optional additional labels to add to the Webhook Service +#### **webhook.image.registry** ~ `string` + +The container registry to pull the webhook image from + +#### **webhook.image.repository** ~ `string` +> Default value: +> ```yaml +> quay.io/jetstack/cert-manager-webhook +> ``` + +The container image for the cert-manager webhook + +#### **webhook.image.tag** ~ `string` + +Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. + +#### **webhook.image.digest** ~ `string` + +Setting a digest will override any tag + +#### **webhook.image.pullPolicy** ~ `string` +> Default value: +> ```yaml +> IfNotPresent +> ``` + +Kubernetes imagePullPolicy on Deployment. +#### **webhook.serviceAccount.create** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Specifies whether a service account should be created +#### **webhook.serviceAccount.name** ~ `string` + +The name of the service account to use. +If not set and create is true, a name is generated using the fullname template + +#### **webhook.serviceAccount.annotations** ~ `object` + +Optional additional annotations to add to the controller's ServiceAccount + +#### **webhook.serviceAccount.labels** ~ `object` + +Optional additional labels to add to the webhook's ServiceAccount + +#### **webhook.serviceAccount.automountServiceAccountToken** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Automount API credentials for a Service Account. +#### **webhook.automountServiceAccountToken** ~ `bool` + +Automounting API credentials for a particular pod + +#### **webhook.securePort** ~ `number` +> Default value: +> ```yaml +> 10250 +> ``` + +The port that the webhook should listen on for requests. In GKE private clusters, by default kubernetes apiservers are allowed to talk to the cluster nodes only on 443 and 10250. so configuring securePort: 10250, will work out of the box without needing to add firewall rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000 +#### **webhook.hostNetwork** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Specifies if the webhook should be started in hostNetwork mode. + +Required for use in some managed kubernetes clusters (such as AWS EKS) with custom. CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + +Since the default port for the webhook conflicts with kubelet on the host network, `webhook.securePort` should be changed to an available port if running in hostNetwork mode. +#### **webhook.serviceType** ~ `string` +> Default value: +> ```yaml +> ClusterIP +> ``` + +Specifies how the service should be handled. Useful if you want to expose the webhook to outside of the cluster. In some cases, the control plane cannot reach internal services. +#### **webhook.loadBalancerIP** ~ `string` + +Specify the load balancer IP for the created service + +#### **webhook.url** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Overrides the mutating webhook and validating webhook so they reach the webhook service using the `url` field instead of a service. +#### **webhook.networkPolicy.enabled** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Create network policies for the webhooks +#### **webhook.networkPolicy.ingress** ~ `array` +> Default value: +> ```yaml +> - from: +> - ipBlock: +> cidr: 0.0.0.0/0 +> ``` + +Ingress rule for the webhook network policy, by default will allow all inbound traffic + +#### **webhook.networkPolicy.egress** ~ `array` +> Default value: +> ```yaml +> - ports: +> - port: 80 +> protocol: TCP +> - port: 443 +> protocol: TCP +> - port: 53 +> protocol: TCP +> - port: 53 +> protocol: UDP +> - port: 6443 +> protocol: TCP +> to: +> - ipBlock: +> cidr: 0.0.0.0/0 +> ``` + +Egress rule for the webhook network policy, by default will allow all outbound traffic traffic to ports 80 and 443, as well as DNS ports + +#### **webhook.volumes** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional volumes to add to the cert-manager controller pod. +#### **webhook.volumeMounts** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional volume mounts to add to the cert-manager controller container. +#### **webhook.enableServiceLinks** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +enableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. +### CA Injector + +#### **cainjector.enabled** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Create the CA Injector deployment +#### **cainjector.replicaCount** ~ `number` +> Default value: +> ```yaml +> 1 +> ``` + +Number of replicas of the cert-manager cainjector to run. + +The default is 1, but in production you should set this to 2 or 3 to provide high availability. + +If `replicas > 1` you should also consider setting `cainjector.podDisruptionBudget.enabled=true`. + +Note: cert-manager uses leader election to ensure that there can only be a single instance active at a time. +#### **cainjector.config** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Used to configure options for the cainjector pod. +This allows setting options that'd usually be provided via flags. An APIVersion and Kind must be specified in your values.yaml file. +Flags will override options that are set here. + +For example: + +```yaml +apiVersion: cainjector.config.cert-manager.io/v1alpha1 +kind: CAInjectorConfiguration +logging: + verbosity: 2 + format: text +leaderElectionConfig: + namespace: kube-system +``` +#### **cainjector.strategy** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Deployment update strategy for the cert-manager cainjector deployment. See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + +For example: + +```yaml +strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 +``` +#### **cainjector.securityContext** ~ `object` +> Default value: +> ```yaml +> runAsNonRoot: true +> seccompProfile: +> type: RuntimeDefault +> ``` + +Pod Security Context to be set on the cainjector component Pod +ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + +#### **cainjector.containerSecurityContext** ~ `object` +> Default value: +> ```yaml +> allowPrivilegeEscalation: false +> capabilities: +> drop: +> - ALL +> readOnlyRootFilesystem: true +> ``` + +Container Security Context to be set on the cainjector component container +ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + +#### **cainjector.podDisruptionBudget.enabled** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Enable or disable the PodDisruptionBudget resource + +This prevents downtime during voluntary disruptions such as during a Node upgrade. For example, the PodDisruptionBudget will block `kubectl drain` if it is used on the Node where the only remaining cert-manager +Pod is currently running. +#### **cainjector.podDisruptionBudget.minAvailable** ~ `number` + +Configures the minimum available pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). +Cannot be used if `maxUnavailable` is set. + +#### **cainjector.podDisruptionBudget.maxUnavailable** ~ `number` + +Configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). +Cannot be used if `minAvailable` is set. + +#### **cainjector.deploymentAnnotations** ~ `object` + +Optional additional annotations to add to the cainjector Deployment + +#### **cainjector.podAnnotations** ~ `object` + +Optional additional annotations to add to the cainjector Pods + +#### **cainjector.extraArgs** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional command line flags to pass to cert-manager cainjector binary. To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector: --help +#### **cainjector.featureGates** ~ `string` +> Default value: +> ```yaml +> "" +> ``` + +Comma separated list of feature gates that should be enabled on the cainjector pod. +#### **cainjector.resources** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Resources to provide to the cert-manager cainjector pod + +For example: + +```yaml +requests: + cpu: 10m + memory: 32Mi +``` + +ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +#### **cainjector.nodeSelector** ~ `object` +> Default value: +> ```yaml +> kubernetes.io/os: linux +> ``` + +The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with matching labels. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + +This default ensures that Pods are only scheduled to Linux nodes. It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + +#### **cainjector.affinity** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + +For example: + +```yaml +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: foo.bar.com/role + operator: In + values: + - master +``` +#### **cainjector.tolerations** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + +For example: + +```yaml +tolerations: +- key: foo.bar.com/role + operator: Equal + value: master + effect: NoSchedule +``` +#### **cainjector.topologySpreadConstraints** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core + +For example: + +```yaml +topologySpreadConstraints: +- maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/component: controller +``` +#### **cainjector.podLabels** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Optional additional labels to add to the CA Injector Pods +#### **cainjector.image.registry** ~ `string` + +The container registry to pull the cainjector image from + +#### **cainjector.image.repository** ~ `string` +> Default value: +> ```yaml +> quay.io/jetstack/cert-manager-cainjector +> ``` + +The container image for the cert-manager cainjector + +#### **cainjector.image.tag** ~ `string` + +Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. + +#### **cainjector.image.digest** ~ `string` + +Setting a digest will override any tag + +#### **cainjector.image.pullPolicy** ~ `string` +> Default value: +> ```yaml +> IfNotPresent +> ``` + +Kubernetes imagePullPolicy on Deployment. +#### **cainjector.serviceAccount.create** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Specifies whether a service account should be created +#### **cainjector.serviceAccount.name** ~ `string` + +The name of the service account to use. +If not set and create is true, a name is generated using the fullname template + +#### **cainjector.serviceAccount.annotations** ~ `object` + +Optional additional annotations to add to the controller's ServiceAccount + +#### **cainjector.serviceAccount.labels** ~ `object` + +Optional additional labels to add to the cainjector's ServiceAccount + +#### **cainjector.serviceAccount.automountServiceAccountToken** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Automount API credentials for a Service Account. +#### **cainjector.automountServiceAccountToken** ~ `bool` + +Automounting API credentials for a particular pod + +#### **cainjector.volumes** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional volumes to add to the cert-manager controller pod. +#### **cainjector.volumeMounts** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional volume mounts to add to the cert-manager controller container. +#### **cainjector.enableServiceLinks** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +enableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. +### ACME Solver + +#### **acmesolver.image.registry** ~ `string` + +The container registry to pull the acmesolver image from + +#### **acmesolver.image.repository** ~ `string` +> Default value: +> ```yaml +> quay.io/jetstack/cert-manager-acmesolver +> ``` + +The container image for the cert-manager acmesolver + +#### **acmesolver.image.tag** ~ `string` + +Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. + +#### **acmesolver.image.digest** ~ `string` + +Setting a digest will override any tag + +#### **acmesolver.image.pullPolicy** ~ `string` +> Default value: +> ```yaml +> IfNotPresent +> ``` + +Kubernetes imagePullPolicy on Deployment. +### Startup API Check + + +This startupapicheck is a Helm post-install hook that waits for the webhook endpoints to become available. The check is implemented using a Kubernetes Job - if you are injecting mesh sidecar proxies into cert-manager pods, you probably want to ensure that they are not injected into this Job's pod. Otherwise the installation may time out due to the Job never being completed because the sidecar proxy does not exit. See https://github.com/cert-manager/cert-manager/pull/4414 for context. +#### **startupapicheck.enabled** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Enables the startup api check +#### **startupapicheck.securityContext** ~ `object` +> Default value: +> ```yaml +> runAsNonRoot: true +> seccompProfile: +> type: RuntimeDefault +> ``` + +Pod Security Context to be set on the startupapicheck component Pod +ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + +#### **startupapicheck.containerSecurityContext** ~ `object` +> Default value: +> ```yaml +> allowPrivilegeEscalation: false +> capabilities: +> drop: +> - ALL +> readOnlyRootFilesystem: true +> ``` + +Container Security Context to be set on the controller component container +ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + +#### **startupapicheck.timeout** ~ `string` +> Default value: +> ```yaml +> 1m +> ``` + +Timeout for 'kubectl check api' command +#### **startupapicheck.backoffLimit** ~ `number` +> Default value: +> ```yaml +> 4 +> ``` + +Job backoffLimit +#### **startupapicheck.jobAnnotations** ~ `object` +> Default value: +> ```yaml +> helm.sh/hook: post-install +> helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded +> helm.sh/hook-weight: "1" +> ``` + +Optional additional annotations to add to the startupapicheck Job + +#### **startupapicheck.podAnnotations** ~ `object` + +Optional additional annotations to add to the startupapicheck Pods + +#### **startupapicheck.extraArgs** ~ `array` +> Default value: +> ```yaml +> - -v +> ``` + +Additional command line flags to pass to startupapicheck binary. To see all available flags run docker run quay.io/jetstack/cert-manager-ctl: --help + +We enable verbose logging by default so that if startupapicheck fails, users can know what exactly caused the failure. Verbose logs include details of the webhook URL, IP address and TCP connect errors for example. + +#### **startupapicheck.resources** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Resources to provide to the cert-manager controller pod + +For example: + +```yaml +requests: + cpu: 10m + memory: 32Mi +``` + +ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +#### **startupapicheck.nodeSelector** ~ `object` +> Default value: +> ```yaml +> kubernetes.io/os: linux +> ``` + +The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with matching labels. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + +This default ensures that Pods are only scheduled to Linux nodes. It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + +#### **startupapicheck.affinity** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + +For example: + +```yaml +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: foo.bar.com/role + operator: In + values: + - master +``` +#### **startupapicheck.tolerations** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + +For example: + +```yaml +tolerations: +- key: foo.bar.com/role + operator: Equal + value: master + effect: NoSchedule +``` +#### **startupapicheck.podLabels** ~ `object` +> Default value: +> ```yaml +> {} +> ``` + +Optional additional labels to add to the startupapicheck Pods +#### **startupapicheck.image.registry** ~ `string` + +The container registry to pull the startupapicheck image from + +#### **startupapicheck.image.repository** ~ `string` +> Default value: +> ```yaml +> quay.io/jetstack/cert-manager-startupapicheck +> ``` + +The container image for the cert-manager startupapicheck + +#### **startupapicheck.image.tag** ~ `string` + +Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. + +#### **startupapicheck.image.digest** ~ `string` + +Setting a digest will override any tag + +#### **startupapicheck.image.pullPolicy** ~ `string` +> Default value: +> ```yaml +> IfNotPresent +> ``` + +Kubernetes imagePullPolicy on Deployment. +#### **startupapicheck.rbac.annotations** ~ `object` +> Default value: +> ```yaml +> helm.sh/hook: post-install +> helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded +> helm.sh/hook-weight: "-5" +> ``` + +annotations for the startup API Check job RBAC and PSP resources + +#### **startupapicheck.automountServiceAccountToken** ~ `bool` + +Automounting API credentials for a particular pod + +#### **startupapicheck.serviceAccount.create** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Specifies whether a service account should be created +#### **startupapicheck.serviceAccount.name** ~ `string` + +The name of the service account to use. +If not set and create is true, a name is generated using the fullname template + +#### **startupapicheck.serviceAccount.annotations** ~ `object` +> Default value: +> ```yaml +> helm.sh/hook: post-install +> helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded +> helm.sh/hook-weight: "-5" +> ``` + +Optional additional annotations to add to the Job's ServiceAccount + +#### **startupapicheck.serviceAccount.automountServiceAccountToken** ~ `bool` +> Default value: +> ```yaml +> true +> ``` + +Automount API credentials for a Service Account. + +#### **startupapicheck.serviceAccount.labels** ~ `object` + +Optional additional labels to add to the startupapicheck's ServiceAccount + +#### **startupapicheck.volumes** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional volumes to add to the cert-manager controller pod. +#### **startupapicheck.volumeMounts** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Additional volume mounts to add to the cert-manager controller container. +#### **startupapicheck.enableServiceLinks** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +enableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. + + ### Default Security Contexts The default pod-level and container-level security contexts, below, adhere to the [restricted](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted) Pod Security Standards policies. diff --git a/charts/cert-manager/cert-manager/templates/_helpers.tpl b/charts/cert-manager/cert-manager/templates/_helpers.tpl index 90db4af26..067fe6a05 100644 --- a/charts/cert-manager/cert-manager/templates/_helpers.tpl +++ b/charts/cert-manager/cert-manager/templates/_helpers.tpl @@ -172,3 +172,17 @@ https://github.com/helm/helm/issues/5358 {{- define "cert-manager.namespace" -}} {{ .Values.namespace | default .Release.Namespace }} {{- end -}} + +{{/* +Util function for generating the image URL based on the provided options. +IMPORTANT: This function is standarized across all charts in the cert-manager GH organization. +Any changes to this function should also be made in cert-manager, trust-manager, approver-policy, ... +See https://github.com/cert-manager/cert-manager/issues/6329 for a list of linked PRs. +*/}} +{{- define "image" -}} +{{- $defaultTag := index . 1 -}} +{{- with index . 0 -}} +{{- if .registry -}}{{ printf "%s/%s" .registry .repository }}{{- else -}}{{- .repository -}}{{- end -}} +{{- if .digest -}}{{ printf "@%s" .digest }}{{- else -}}{{ printf ":%s" (default $defaultTag .tag) }}{{- end -}} +{{- end }} +{{- end }} diff --git a/charts/cert-manager/cert-manager/templates/cainjector-config.yaml b/charts/cert-manager/cert-manager/templates/cainjector-config.yaml new file mode 100644 index 000000000..82399cc1a --- /dev/null +++ b/charts/cert-manager/cert-manager/templates/cainjector-config.yaml @@ -0,0 +1,18 @@ +{{- if .Values.cainjector.config -}} +{{- $_ := .Values.cainjector.config.apiVersion | required ".Values.cainjector.config.apiVersion must be set !" -}} +{{- $_ := .Values.cainjector.config.kind | required ".Values.cainjector.config.kind must be set !" -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "cainjector.fullname" . }} + namespace: {{ include "cert-manager.namespace" . }} + labels: + app: {{ include "cainjector.name" . }} + app.kubernetes.io/name: {{ include "cainjector.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "cainjector" + {{- include "labels" . | nindent 4 }} +data: + config.yaml: | + {{- .Values.cainjector.config | toYaml | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml b/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml index f14168924..a2f7243e8 100644 --- a/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml @@ -16,6 +16,10 @@ metadata: {{- end }} spec: replicas: {{ .Values.cainjector.replicaCount }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "cainjector.name" . }} @@ -55,12 +59,11 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-cainjector - {{- with .Values.cainjector.image }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} + image: "{{ template "image" (tuple .Values.cainjector.image $.Chart.AppVersion) }}" imagePullPolicy: {{ .Values.cainjector.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }} - --v={{ .Values.global.logLevel }} {{- end }} {{- with .Values.global.leaderElection }} @@ -75,6 +78,9 @@ spec: - --leader-election-retry-period={{ .retryPeriod }} {{- end }} {{- end }} + {{- with .Values.cainjector.featureGates}} + - --feature-gates={{ . }} + {{- end}} {{- with .Values.cainjector.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/controller-config.yaml b/charts/cert-manager/cert-manager/templates/controller-config.yaml index a1b337572..25f62ef1d 100644 --- a/charts/cert-manager/cert-manager/templates/controller-config.yaml +++ b/charts/cert-manager/cert-manager/templates/controller-config.yaml @@ -1,12 +1,6 @@ {{- if .Values.config -}} - {{- if not .Values.config.apiVersion -}} - {{- fail "config.apiVersion must be set" -}} - {{- end -}} - - {{- if not .Values.config.kind -}} - {{- fail "config.kind must be set" -}} - {{- end -}} -{{- end -}} +{{- $_ := .Values.config.apiVersion | required ".Values.config.apiVersion must be set !" -}} +{{- $_ := .Values.config.kind | required ".Values.config.kind must be set !" -}} apiVersion: v1 kind: ConfigMap metadata: @@ -19,7 +13,6 @@ metadata: app.kubernetes.io/component: "controller" {{- include "labels" . | nindent 4 }} data: - {{- if .Values.config }} config.yaml: | - {{ .Values.config | toYaml | nindent 4 }} - {{- end }} + {{- .Values.config | toYaml | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/charts/cert-manager/cert-manager/templates/crds.yaml b/charts/cert-manager/cert-manager/templates/crds.yaml index 6cce90551..baec4012f 100644 --- a/charts/cert-manager/cert-manager/templates/crds.yaml +++ b/charts/cert-manager/cert-manager/templates/crds.yaml @@ -365,9 +365,83 @@ spec: name: description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string + profile: + description: "Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. \n If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret." + type: string + enum: + - LegacyRC2 + - LegacyDES + - Modern2023 literalSubject: description: "Requested X.509 certificate subject, represented using the LDAP \"String Representation of a Distinguished Name\" [1]. Important: the LDAP string format also specifies the order of the attributes in the subject, this is important when issuing certs for LDAP authentication. Example: `CN=foo,DC=corp,DC=example,DC=com` More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 More info: https://github.com/cert-manager/cert-manager/issues/3203 More info: https://github.com/cert-manager/cert-manager/issues/4424 \n Cannot be set if the `subject` or `commonName` field is set. This is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` option set on both the controller and webhook components." type: string + nameConstraints: + description: "x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 \n This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components." + type: object + properties: + critical: + description: if true then the name constraints are marked critical. + type: boolean + excluded: + description: Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + type: object + properties: + dnsDomains: + description: DNSDomains is a list of DNS domains that are permitted or excluded. + type: array + items: + type: string + emailAddresses: + description: EmailAddresses is a list of Email Addresses that are permitted or excluded. + type: array + items: + type: string + ipRanges: + description: IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + type: array + items: + type: string + uriDomains: + description: URIDomains is a list of URI domains that are permitted or excluded. + type: array + items: + type: string + permitted: + description: Permitted contains the constraints in which the names must be located. + type: object + properties: + dnsDomains: + description: DNSDomains is a list of DNS domains that are permitted or excluded. + type: array + items: + type: string + emailAddresses: + description: EmailAddresses is a list of Email Addresses that are permitted or excluded. + type: array + items: + type: string + ipRanges: + description: IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + type: array + items: + type: string + uriDomains: + description: URIDomains is a list of URI domains that are permitted or excluded. + type: array + items: + type: string + otherNames: + description: '`otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.' + type: array + items: + type: object + properties: + oid: + description: OID is the object identifier for the otherName SAN. The object identifier must be expressed as a dotted string, for example, "1.2.840.113556.1.4.221". + type: string + utf8Value: + description: utf8Value is the string value of the otherName SAN. The utf8Value accepts any valid UTF8 string to set as value for the otherName SAN. + type: string privateKey: description: Private key options. These include the key algorithm and size, the used encoding and the rotation policy. type: object @@ -737,10 +811,10 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: 'Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set.' type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: 'Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set.' type: object required: - name @@ -763,14 +837,14 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: 'Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set.' type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -779,7 +853,7 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: 'Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set.' type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -985,13 +1059,13 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 @@ -1205,7 +1279,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -1235,6 +1309,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -1288,7 +1374,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -1318,6 +1404,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -1378,7 +1476,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -1408,6 +1506,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -1461,7 +1571,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -1491,6 +1601,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -1852,10 +1974,10 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: 'Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set.' type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: 'Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set.' type: object required: - name @@ -1878,14 +2000,14 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: 'Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set.' type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -1894,7 +2016,7 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: 'Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set.' type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -2100,13 +2222,13 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 @@ -2320,7 +2442,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -2350,6 +2472,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -2403,7 +2537,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -2433,6 +2567,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -2493,7 +2639,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -2523,6 +2669,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -2576,7 +2734,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -2606,6 +2764,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -2723,6 +2893,11 @@ spec: type: array items: type: string + issuingCertificateURLs: + description: IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + type: array + items: + type: string ocspServers: description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". type: array @@ -3170,10 +3345,10 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: 'Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set.' type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: 'Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set.' type: object required: - name @@ -3196,14 +3371,14 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: 'Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set.' type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -3212,7 +3387,7 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: 'Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set.' type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -3418,13 +3593,13 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 @@ -3638,7 +3813,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -3668,6 +3843,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -3721,7 +3908,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -3751,6 +3938,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -3811,7 +4010,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -3841,6 +4040,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -3894,7 +4105,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -3924,6 +4135,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -4041,6 +4264,11 @@ spec: type: array items: type: string + issuingCertificateURLs: + description: IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + type: array + items: + type: string ocspServers: description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". type: array diff --git a/charts/cert-manager/cert-manager/templates/deployment.yaml b/charts/cert-manager/cert-manager/templates/deployment.yaml index e0f347ad9..c984de03d 100644 --- a/charts/cert-manager/cert-manager/templates/deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/deployment.yaml @@ -15,6 +15,10 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ template "cert-manager.name" . }} @@ -73,12 +77,11 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-controller - {{- with .Values.image }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} + image: "{{ template "image" (tuple .Values.image $.Chart.AppVersion) }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }} - --v={{ .Values.global.logLevel }} {{- end }} {{- if .Values.config }} diff --git a/charts/cert-manager/cert-manager/templates/podmonitor.yaml b/charts/cert-manager/cert-manager/templates/podmonitor.yaml new file mode 100644 index 000000000..1adc0609c --- /dev/null +++ b/charts/cert-manager/cert-manager/templates/podmonitor.yaml @@ -0,0 +1,50 @@ +{{- if and .Values.prometheus.enabled (and .Values.prometheus.podmonitor.enabled .Values.prometheus.servicemonitor.enabled) }} +{{- fail "Either .Values.prometheus.podmonitor.enabled or .Values.prometheus.servicemonitor.enabled can be enabled at a time, but not both." }} +{{- else if and .Values.prometheus.enabled .Values.prometheus.podmonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ template "cert-manager.fullname" . }} +{{- if .Values.prometheus.podmonitor.namespace }} + namespace: {{ .Values.prometheus.podmonitor.namespace }} +{{- else }} + namespace: {{ include "cert-manager.namespace" . }} +{{- end }} + labels: + app: {{ include "cert-manager.name" . }} + app.kubernetes.io/name: {{ include "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + {{- include "labels" . | nindent 4 }} + prometheus: {{ .Values.prometheus.podmonitor.prometheusInstance }} + {{- with .Values.prometheus.podmonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.prometheus.podmonitor.annotations }} + annotations: + {{- with .Values.prometheus.podmonitor.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +spec: + jobLabel: {{ template "cert-manager.fullname" . }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" +{{- if .Values.prometheus.podmonitor.namespace }} + namespaceSelector: + matchNames: + - {{ include "cert-manager.namespace" . }} +{{- end }} + podMetricsEndpoints: + - port: http-metrics + path: {{ .Values.prometheus.podmonitor.path }} + interval: {{ .Values.prometheus.podmonitor.interval }} + scrapeTimeout: {{ .Values.prometheus.podmonitor.scrapeTimeout }} + honorLabels: {{ .Values.prometheus.podmonitor.honorLabels }} + {{- with .Values.prometheus.servicemonitor.endpointAdditionalProperties }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/cert-manager/cert-manager/templates/service.yaml b/charts/cert-manager/cert-manager/templates/service.yaml index ec34d5878..3d5df905e 100644 --- a/charts/cert-manager/cert-manager/templates/service.yaml +++ b/charts/cert-manager/cert-manager/templates/service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.prometheus.enabled }} +{{- if and .Values.prometheus.enabled (not .Values.prometheus.podmonitor.enabled) }} apiVersion: v1 kind: Service metadata: diff --git a/charts/cert-manager/cert-manager/templates/servicemonitor.yaml b/charts/cert-manager/cert-manager/templates/servicemonitor.yaml index bfb2292ff..b63886077 100644 --- a/charts/cert-manager/cert-manager/templates/servicemonitor.yaml +++ b/charts/cert-manager/cert-manager/templates/servicemonitor.yaml @@ -1,4 +1,6 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }} +{{- if and .Values.prometheus.enabled (and .Values.prometheus.podmonitor.enabled .Values.prometheus.servicemonitor.enabled) }} +{{- fail "Either .Values.prometheus.podmonitor.enabled or .Values.prometheus.servicemonitor.enabled can be enabled at a time, but not both." }} +{{- else if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml b/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml index 52aadecc2..311b4c48e 100644 --- a/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml +++ b/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml @@ -47,9 +47,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-startupapicheck - {{- with .Values.startupapicheck.image }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} + image: "{{ template "image" (tuple .Values.startupapicheck.image $.Chart.AppVersion) }}" imagePullPolicy: {{ .Values.startupapicheck.image.pullPolicy }} args: - check diff --git a/charts/cert-manager/cert-manager/templates/webhook-config.yaml b/charts/cert-manager/cert-manager/templates/webhook-config.yaml index f3f72f02e..8f3ce20c3 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-config.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-config.yaml @@ -1,12 +1,6 @@ {{- if .Values.webhook.config -}} - {{- if not .Values.webhook.config.apiVersion -}} - {{- fail "webhook.config.apiVersion must be set" -}} - {{- end -}} - - {{- if not .Values.webhook.config.kind -}} - {{- fail "webhook.config.kind must be set" -}} - {{- end -}} -{{- end -}} +{{- $_ := .Values.webhook.config.apiVersion | required ".Values.webhook.config.apiVersion must be set !" -}} +{{- $_ := .Values.webhook.config.kind | required ".Values.webhook.config.kind must be set !" -}} apiVersion: v1 kind: ConfigMap metadata: @@ -19,7 +13,6 @@ metadata: app.kubernetes.io/component: "webhook" {{- include "labels" . | nindent 4 }} data: - {{- if .Values.webhook.config }} config.yaml: | - {{ .Values.webhook.config | toYaml | nindent 4 }} - {{- end }} + {{- .Values.webhook.config | toYaml | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml b/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml index 99830f953..e55cd4361 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml @@ -15,6 +15,10 @@ metadata: {{- end }} spec: replicas: {{ .Values.webhook.replicaCount }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "webhook.name" . }} @@ -60,12 +64,11 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-webhook - {{- with .Values.webhook.image }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} + image: "{{ template "image" (tuple .Values.webhook.image $.Chart.AppVersion) }}" imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }} - --v={{ .Values.global.logLevel }} {{- end }} {{- if .Values.webhook.config }} diff --git a/charts/cert-manager/cert-manager/templates/webhook-mutating-webhook.yaml b/charts/cert-manager/cert-manager/templates/webhook-mutating-webhook.yaml index f3db011ef..9ea29777d 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-mutating-webhook.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-mutating-webhook.yaml @@ -15,17 +15,19 @@ metadata: {{- end }} webhooks: - name: webhook.cert-manager.io + {{- with .Values.webhook.mutatingWebhookConfiguration.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 6 }} + {{- end }} rules: - apiGroups: - "cert-manager.io" - - "acme.cert-manager.io" apiVersions: - "v1" operations: - CREATE - - UPDATE resources: - - "*/*" + - "certificaterequests" admissionReviewVersions: ["v1"] # This webhook only accepts v1 cert-manager resources. # Equivalent matchPolicy ensures that non-v1 resource requests are sent to @@ -43,4 +45,4 @@ webhooks: name: {{ template "webhook.fullname" . }} namespace: {{ include "cert-manager.namespace" . }} path: /mutate - {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/cert-manager/cert-manager/templates/webhook-validating-webhook.yaml b/charts/cert-manager/cert-manager/templates/webhook-validating-webhook.yaml index ce33cc797..76235fdee 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-validating-webhook.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-validating-webhook.yaml @@ -15,12 +15,10 @@ metadata: {{- end }} webhooks: - name: webhook.cert-manager.io + {{- with .Values.webhook.validatingWebhookConfiguration.namespaceSelector }} namespaceSelector: - matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" + {{- toYaml . | nindent 6 }} + {{- end }} rules: - apiGroups: - "cert-manager.io" diff --git a/charts/cert-manager/cert-manager/values.yaml b/charts/cert-manager/cert-manager/values.yaml index 2d47d7141..885ae024b 100644 --- a/charts/cert-manager/cert-manager/values.yaml +++ b/charts/cert-manager/cert-manager/values.yaml @@ -1,11 +1,16 @@ +# +docs:section=Global + # Default values for cert-manager. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: # Reference to one or more secrets to be used when pulling images # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + # + # For example: + # imagePullSecrets: + # - name: "image-pull-secret" imagePullSecrets: [] - # - name: "image-pull-secret" # Labels to apply to all resources # Please note that this does not add labels to the resources created dynamically by the controllers. @@ -15,17 +20,26 @@ global: # eg. secretTemplate in CertificateSpec # ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec commonLabels: {} - # team_name: dev + + # The number of old ReplicaSets to retain to allow rollback (If not set, default Kubernetes value is set to 10) + # +docs:property + # revisionHistoryLimit: 1 # Optional priority class to be used for the cert-manager pods priorityClassName: "" + rbac: + # Create required ClusterRoles and ClusterRoleBindings for cert-manager create: true # Aggregate ClusterRoles to Kubernetes default user-facing roles. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles aggregateClusterRoles: true podSecurityPolicy: + # Create PodSecurityPolicy for cert-manager + # + # NOTE: PodSecurityPolicy was deprecated in Kubernetes 1.21 and removed in 1.25 enabled: false + # Configure the PodSecurityPolicy to use AppArmor useAppArmor: true # Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. @@ -39,34 +53,67 @@ global: # leadership renewal until attempting to acquire leadership of a led but # unrenewed leader slot. This is effectively the maximum duration that a # leader can be stopped before it is replaced by another candidate. + # +docs:property # leaseDuration: 60s # The interval between attempts by the acting master to renew a leadership # slot before it stops leading. This must be less than or equal to the # lease duration. + # +docs:property # renewDeadline: 40s # The duration the clients should wait between attempting acquisition and # renewal of a leadership. + # +docs:property # retryPeriod: 15s +# Install the cert-manager CRDs, it is recommended to not use Helm to manage +# the CRDs installCRDs: false +# +docs:section=Controller + +# Number of replicas of the cert-manager controller to run. +# +# The default is 1, but in production you should set this to 2 or 3 to provide high +# availability. +# +# If `replicas > 1` you should also consider setting `podDisruptionBudget.enabled=true`. +# +# Note: cert-manager uses leader election to ensure that there can +# only be a single instance active at a time. replicaCount: 1 +# Deployment update strategy for the cert-manager controller deployment. +# See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +# +# For example: +# strategy: +# type: RollingUpdate +# rollingUpdate: +# maxSurge: 0 +# maxUnavailable: 1 strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. enabled: false - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) - # or a percentage value (e.g. 25%) - # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` + # Configures the minimum available pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `maxUnavailable` is set. + # +docs:property # minAvailable: 1 + + # Configures the maximum unavailable pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `minAvailable` is set. + # +docs:property # maxUnavailable: 1 # Comma separated list of feature gates that should be enabled on the @@ -77,17 +124,24 @@ featureGates: "" maxConcurrentChallenges: 60 image: - repository: quay.io/jetstack/cert-manager-controller - # You can manage a registry with + # The container registry to pull the manager image from + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-controller + + # The container image for the cert-manager controller + # +docs:property + repository: quay.io/jetstack/cert-manager-controller # Override the image tag to deploy by setting this variable. # If no value is set, the chart's appVersion will be used. - # tag: canary + # +docs:property + # tag: vX.Y.Z # Setting a digest will override any tag + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer @@ -103,17 +157,25 @@ namespace: "" serviceAccount: # Specifies whether a service account should be created create: true + # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template + # +docs:property # name: "" + # Optional additional annotations to add to the controller's ServiceAccount + # +docs:property # annotations: {} - # Automount API credentials for a Service Account. + # Optional additional labels to add to the controller's ServiceAccount + # +docs:property # labels: {} + + # Automount API credentials for a Service Account. automountServiceAccountToken: true # Automounting API credentials for a particular pod +# +docs:property # automountServiceAccountToken: true # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted @@ -123,24 +185,39 @@ enableCertificateOwnerRef: false # This allows setting options that'd usually be provided via flags. # An APIVersion and Kind must be specified in your values.yaml file. # Flags will override options that are set here. -config: -# apiVersion: controller.config.cert-manager.io/v1alpha1 -# kind: ControllerConfiguration -# logging: -# verbosity: 2 -# format: text -# leaderElectionConfig: -# namespace: kube-system -# kubernetesAPIQPS: 9000 -# kubernetesAPIBurst: 9000 -# numberOfConcurrentWorkers: 200 -# featureGates: -# additionalCertificateOutputFormats: true -# experimentalCertificateSigningRequestControllers: true -# experimentalGatewayAPISupport: true -# serverSideApply: true -# literalCertificateSubject: true -# useCertificateRequestBasicConstraints: true +# +# For example: +# config: +# apiVersion: controller.config.cert-manager.io/v1alpha1 +# kind: ControllerConfiguration +# logging: +# verbosity: 2 +# format: text +# leaderElectionConfig: +# namespace: kube-system +# kubernetesAPIQPS: 9000 +# kubernetesAPIBurst: 9000 +# numberOfConcurrentWorkers: 200 +# featureGates: +# AdditionalCertificateOutputFormats: true +# DisallowInsecureCSRUsageDefinition: true +# ExperimentalCertificateSigningRequestControllers: true +# ExperimentalGatewayAPISupport: true +# LiteralCertificateSubject: true +# SecretsFilteredCaching: true +# ServerSideApply: true +# StableCertificateRequestName: true +# UseCertificateRequestBasicConstraints: true +# ValidateCAA: true +# metricsTLSConfig: +# dynamic: +# secretNamespace: "cert-manager" +# secretName: "cert-manager-metrics-ca" +# dnsNames: +# - cert-manager-metrics +# - cert-manager-metrics.cert-manager +# - cert-manager-metrics.cert-manager.svc +config: {} # Setting Nameservers for DNS01 Self Check # See: https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check @@ -154,21 +231,32 @@ dns01RecursiveNameserversOnly: false # Additional command line flags to pass to cert-manager controller binary. # To see all available flags run docker run quay.io/jetstack/cert-manager-controller: --help +# +# Use this flag to enable or disable arbitrary controllers, for example, disable the CertificiateRequests approver +# +# For example: +# extraArgs: +# - --controllers=*,-certificaterequests-approver extraArgs: [] - # Use this flag to enable or disable arbitrary controllers, for example, disable the CertificiateRequests approver - # - --controllers=*,-certificaterequests-approver +# Additional environment variables to pass to cert-manager controller binary. extraEnv: [] # - name: SOME_VAR # value: 'some value' +# Resources to provide to the cert-manager controller pod +# +# For example: +# requests: +# cpu: 10m +# memory: 32Mi +# +# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} - # requests: - # cpu: 10m - # memory: 32Mi # Pod Security Context # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# +docs:property securityContext: runAsNonRoot: true seccompProfile: @@ -176,31 +264,37 @@ securityContext: # Container Security Context to be set on the controller component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# +docs:property containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - + readOnlyRootFilesystem: true +# Additional volumes to add to the cert-manager controller pod. volumes: [] +# Additional volume mounts to add to the cert-manager controller container. volumeMounts: [] # Optional additional annotations to add to the controller Deployment +# +docs:property # deploymentAnnotations: {} # Optional additional annotations to add to the controller Pods +# +docs:property # podAnnotations: {} +# Optional additional labels to add to the controller Pods podLabels: {} # Optional annotations to add to the controller Service +# +docs:property # serviceAnnotations: {} # Optional additional labels to add to the controller Service +# +docs:property # serviceLabels: {} # Optional DNS settings, useful if you have a public and private DNS zone for @@ -208,41 +302,65 @@ podLabels: {} # cert-manager can access an ingress or DNS TXT records at all times. # NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for # the cluster to work. + +# Pod DNS policy +# ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy +# +docs:property # podDnsPolicy: "None" + +# Pod DNS config, podDnsConfig field is optional and it can work with any podDnsPolicy +# settings. However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified. +# ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config +# +docs:property # podDnsConfig: # nameservers: # - "1.1.1.1" # - "8.8.8.8" +# The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with +# matching labels. +# See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +# +# This default ensures that Pods are only scheduled to Linux nodes. +# It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. +# +docs:property nodeSelector: kubernetes.io/os: linux +# +docs:ignore ingressShim: {} + + # Optional default issuer to use for ingress resources + # +docs:property=ingressShim.defaultIssuerName # defaultIssuerName: "" + + # Optional default issuer kind to use for ingress resources + # +docs:property=ingressShim.defaultIssuerKind # defaultIssuerKind: "" + + # Optional default issuer group to use for ingress resources + # +docs:property=ingressShim.defaultIssuerGroup # defaultIssuerGroup: "" -prometheus: - enabled: true - servicemonitor: - enabled: false - prometheusInstance: default - targetPort: 9402 - path: /metrics - interval: 60s - scrapeTimeout: 30s - labels: {} - annotations: {} - honorLabels: false - endpointAdditionalProperties: {} - # Use these variables to configure the HTTP_PROXY environment variables + +# Configures the HTTP_PROXY environment variable for where a HTTP proxy is required +# +docs:property # http_proxy: "http://proxy:8080" + +# Configures the HTTPS_PROXY environment variable for where a HTTP proxy is required +# +docs:property # https_proxy: "https://proxy:8080" + +# Configures the NO_PROXY environment variable for where a HTTP proxy is required, +# but certain domains should be excluded +# +docs:property # no_proxy: 127.0.0.1,localhost -# A Kubernetes Affinty, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core -# for example: + +# A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core +# +# For example: # affinity: # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: @@ -255,7 +373,8 @@ prometheus: affinity: {} # A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core -# for example: +# +# For example: # tolerations: # - key: foo.bar.com/role # operator: Equal @@ -264,7 +383,8 @@ affinity: {} tolerations: [] # A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core -# for example: +# +# For example: # topologySpreadConstraints: # - maxSkew: 2 # topologyKey: topology.kubernetes.io/zone @@ -277,14 +397,14 @@ topologySpreadConstraints: [] # LivenessProbe settings for the controller container of the controller Pod. # -# Disabled by default, because the controller has a leader election mechanism -# which should cause it to exit if it is unable to renew its leader election -# record. +# Enabled by default, because we want to enable the clock-skew liveness probe that +# restarts the controller in case of a skew between the system clock and the monotonic clock. # LivenessProbe durations and thresholds are based on those used for the Kubernetes # controller-manager. See: # https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245 +# +docs:property livenessProbe: - enabled: false + enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 @@ -296,74 +416,241 @@ livenessProbe: # links. enableServiceLinks: false +# +docs:section=Prometheus + +prometheus: + # Enable Prometheus monitoring for the cert-manager controller to use with the + # Prometheus Operator. If this option is enabled without enabling `prometheus.servicemonitor.enabled` or + # `prometheus.podmonitor.enabled`, 'prometheus.io' annotations are added to the cert-manager Deployment + # resources. Additionally, a service is created which can be used together + # with your own ServiceMonitor (managed outside of this Helm chart). + # Otherwise, a ServiceMonitor/ PodMonitor is created. + enabled: true + servicemonitor: + # Create a ServiceMonitor to add cert-manager to Prometheus + enabled: false + + # Specifies the `prometheus` label on the created ServiceMonitor, this is + # used when different Prometheus instances have label selectors matching + # different ServiceMonitors. + prometheusInstance: default + + # The target port to set on the ServiceMonitor, should match the port that + # cert-manager controller is listening on for metrics + targetPort: 9402 + + # The path to scrape for metrics + path: /metrics + + # The interval to scrape metrics + interval: 60s + + # The timeout before a metrics scrape fails + scrapeTimeout: 30s + + # Additional labels to add to the ServiceMonitor + labels: {} + + # Additional annotations to add to the ServiceMonitor + annotations: {} + + # Keep labels from scraped data, overriding server-side labels. + honorLabels: false + + # EndpointAdditionalProperties allows setting additional properties on the + # endpoint such as relabelings, metricRelabelings etc. + # + # For example: + # endpointAdditionalProperties: + # relabelings: + # - action: replace + # sourceLabels: + # - __meta_kubernetes_pod_node_name + # targetLabel: instance + # + # +docs:property + endpointAdditionalProperties: {} + + # Note: Enabling both PodMonitor and ServiceMonitor is mutually exclusive, enabling both will result in a error. + podmonitor: + # Create a PodMonitor to add cert-manager to Prometheus + enabled: false + + # Specifies the `prometheus` label on the created PodMonitor, this is + # used when different Prometheus instances have label selectors matching + # different PodMonitor. + prometheusInstance: default + + # The path to scrape for metrics + path: /metrics + + # The interval to scrape metrics + interval: 60s + + # The timeout before a metrics scrape fails + scrapeTimeout: 30s + + # Additional labels to add to the PodMonitor + labels: {} + + # Additional annotations to add to the PodMonitor + annotations: {} + + # Keep labels from scraped data, overriding server-side labels. + honorLabels: false + + # EndpointAdditionalProperties allows setting additional properties on the + # endpoint such as relabelings, metricRelabelings etc. + # + # For example: + # endpointAdditionalProperties: + # relabelings: + # - action: replace + # sourceLabels: + # - __meta_kubernetes_pod_node_name + # targetLabel: instance + # + # +docs:property + endpointAdditionalProperties: {} + +# +docs:section=Webhook + webhook: + # Number of replicas of the cert-manager webhook to run. + # + # The default is 1, but in production you should set this to 2 or 3 to provide high + # availability. + # + # If `replicas > 1` you should also consider setting `webhook.podDisruptionBudget.enabled=true`. replicaCount: 1 - timeoutSeconds: 10 + + # Seconds the API server should wait for the webhook to respond before treating the call as a failure. + # Value must be between 1 and 30 seconds. See: + # https://kubernetes.io/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/ + # + # We set the default to the maximum value of 30 seconds. Here's why: + # Users sometimes report that the connection between the K8S API server and + # the cert-manager webhook server times out. + # If *this* timeout is reached, the error message will be "context deadline exceeded", + # which doesn't help the user diagnose what phase of the HTTPS connection timed out. + # For example, it could be during DNS resolution, TCP connection, TLS + # negotiation, HTTP negotiation, or slow HTTP response from the webhook + # server. + # So by setting this timeout to its maximum value the underlying timeout error + # message has more chance of being returned to the end user. + timeoutSeconds: 30 # Used to configure options for the webhook pod. # This allows setting options that'd usually be provided via flags. # An APIVersion and Kind must be specified in your values.yaml file. # Flags will override options that are set here. - config: - # apiVersion: webhook.config.cert-manager.io/v1alpha1 - # kind: WebhookConfiguration - - # The port that the webhook should listen on for requests. - # In GKE private clusters, by default kubernetes apiservers are allowed to - # talk to the cluster nodes only on 443 and 10250. so configuring - # securePort: 10250, will work out of the box without needing to add firewall - # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. - # This should be uncommented and set as a default by the chart once we graduate - # the apiVersion of WebhookConfiguration past v1alpha1. - # securePort: 10250 + # + # For example: + # apiVersion: webhook.config.cert-manager.io/v1alpha1 + # kind: WebhookConfiguration + # # The port that the webhook should listen on for requests. + # # In GKE private clusters, by default kubernetes apiservers are allowed to + # # talk to the cluster nodes only on 443 and 10250. so configuring + # # securePort: 10250, will work out of the box without needing to add firewall + # # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers < 1000. + # # This should be uncommented and set as a default by the chart once we graduate + # # the apiVersion of WebhookConfiguration past v1alpha1. + # securePort: 10250 + config: {} + # Deployment update strategy for the cert-manager webhook deployment. + # See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # + # For example: + # strategy: + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 # Pod Security Context to be set on the webhook component Pod # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # +docs:property securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault - podDisruptionBudget: - enabled: false - - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) - # or a percentage value (e.g. 25%) - # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` - # minAvailable: 1 - # maxUnavailable: 1 - # Container Security Context to be set on the webhook component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # +docs:property containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true + readOnlyRootFilesystem: true + + podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. + enabled: false + + # Configures the minimum available pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `maxUnavailable` is set. + # +docs:property + # minAvailable: 1 + + # Configures the maximum unavailable pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `minAvailable` is set. + # +docs:property + # maxUnavailable: 1 # Optional additional annotations to add to the webhook Deployment + # +docs:property # deploymentAnnotations: {} # Optional additional annotations to add to the webhook Pods + # +docs:property # podAnnotations: {} # Optional additional annotations to add to the webhook Service + # +docs:property # serviceAnnotations: {} # Optional additional annotations to add to the webhook MutatingWebhookConfiguration + # +docs:property # mutatingWebhookConfigurationAnnotations: {} # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration + # +docs:property # validatingWebhookConfigurationAnnotations: {} + validatingWebhookConfiguration: + # Configure spec.namespaceSelector for validating webhooks. + # +docs:property + namespaceSelector: + matchExpressions: + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + + mutatingWebhookConfiguration: + # Configure spec.namespaceSelector for mutating webhooks. + # +docs:property + namespaceSelector: {} + # matchLabels: + # key: value + # matchExpressions: + # - key: kubernetes.io/metadata.name + # operator: NotIn + # values: + # - kube-system + + # Additional command line flags to pass to cert-manager webhook binary. # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook: --help extraArgs: [] @@ -374,20 +661,31 @@ webhook: # webhook pod. featureGates: "" + # Resources to provide to the cert-manager webhook pod + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## + # Liveness probe values + # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + # + # +docs:property livenessProbe: failureThreshold: 3 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 + + # Readiness probe values + # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + # + # +docs:property readinessProbe: failureThreshold: 3 initialDelaySeconds: 5 @@ -395,13 +693,51 @@ webhook: successThreshold: 1 timeoutSeconds: 1 + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property nodeSelector: kubernetes.io/os: linux + # A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + # + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master affinity: {} + # A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule tolerations: [] + # A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core + # + # For example: + # topologySpreadConstraints: + # - maxSkew: 2 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: ScheduleAnyway + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: cert-manager + # app.kubernetes.io/component: controller topologySpreadConstraints: [] # Optional additional labels to add to the Webhook Pods @@ -411,34 +747,48 @@ webhook: serviceLabels: {} image: - repository: quay.io/jetstack/cert-manager-webhook - # You can manage a registry with + # The container registry to pull the webhook image from + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-webhook + + # The container image for the cert-manager webhook + # +docs:property + repository: quay.io/jetstack/cert-manager-webhook # Override the image tag to deploy by setting this variable. # If no value is set, the chart's appVersion will be used. - # tag: canary + # +docs:property + # tag: vX.Y.Z # Setting a digest will override any tag + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + # Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent serviceAccount: # Specifies whether a service account should be created create: true + # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template + # +docs:property # name: "" + # Optional additional annotations to add to the controller's ServiceAccount + # +docs:property # annotations: {} + # Optional additional labels to add to the webhook's ServiceAccount + # +docs:property # labels: {} + # Automount API credentials for a Service Account. automountServiceAccountToken: true # Automounting API credentials for a particular pod + # +docs:property # automountServiceAccountToken: true # The port that the webhook should listen on for requests. @@ -463,7 +813,10 @@ webhook: # webhook to outside of the cluster. In some cases, the control plane cannot # reach internal services. serviceType: ClusterIP - # loadBalancerIP: + + # Specify the load balancer IP for the created service + # +docs:property + # loadBalancerIP: "10.10.10.10" # Overrides the mutating webhook and validating webhook so they reach the webhook # service using the `url` field instead of a service. @@ -472,11 +825,20 @@ webhook: # Enables default network policies for webhooks. networkPolicy: + # Create network policies for the webhooks enabled: false + + # Ingress rule for the webhook network policy, by default will allow all + # inbound traffic + # +docs:property ingress: - from: - ipBlock: cidr: 0.0.0.0/0 + + # Egress rule for the webhook network policy, by default will allow all + # outbound traffic traffic to ports 80 and 443, as well as DNS ports + # +docs:property egress: - ports: - port: 80 @@ -495,7 +857,10 @@ webhook: - ipBlock: cidr: 0.0.0.0/0 + # Additional volumes to add to the cert-manager controller pod. volumes: [] + + # Additional volume mounts to add to the cert-manager controller container. volumeMounts: [] # enableServiceLinks indicates whether information about services should be @@ -503,47 +868,94 @@ webhook: # links. enableServiceLinks: false +# +docs:section=CA Injector + cainjector: + # Create the CA Injector deployment enabled: true + + # Number of replicas of the cert-manager cainjector to run. + # + # The default is 1, but in production you should set this to 2 or 3 to provide high + # availability. + # + # If `replicas > 1` you should also consider setting `cainjector.podDisruptionBudget.enabled=true`. + # + # Note: cert-manager uses leader election to ensure that there can + # only be a single instance active at a time. replicaCount: 1 + # Used to configure options for the cainjector pod. + # This allows setting options that'd usually be provided via flags. + # An APIVersion and Kind must be specified in your values.yaml file. + # Flags will override options that are set here. + # + # For example: + # apiVersion: cainjector.config.cert-manager.io/v1alpha1 + # kind: CAInjectorConfiguration + # logging: + # verbosity: 2 + # format: text + # leaderElectionConfig: + # namespace: kube-system + config: {} + + # Deployment update strategy for the cert-manager cainjector deployment. + # See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # + # For example: + # strategy: + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 # Pod Security Context to be set on the cainjector component Pod # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # +docs:property securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault - podDisruptionBudget: - enabled: false - - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) - # or a percentage value (e.g. 25%) - # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` - # minAvailable: 1 - # maxUnavailable: 1 - # Container Security Context to be set on the cainjector component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # +docs:property containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true + readOnlyRootFilesystem: true + podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. + enabled: false + + # Configures the minimum available pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `maxUnavailable` is set. + # +docs:property + # minAvailable: 1 + + # Configures the maximum unavailable pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `minAvailable` is set. + # +docs:property + # maxUnavailable: 1 # Optional additional annotations to add to the cainjector Deployment + # +docs:property # deploymentAnnotations: {} # Optional additional annotations to add to the cainjector Pods + # +docs:property # podAnnotations: {} # Additional command line flags to pass to cert-manager cainjector binary. @@ -552,55 +964,120 @@ cainjector: # Enable profiling for cainjector # - --enable-profiling=true - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi + # Comma separated list of feature gates that should be enabled on the + # cainjector pod. + featureGates: "" + # Resources to provide to the cert-manager cainjector pod + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + + + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property nodeSelector: kubernetes.io/os: linux + # A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + # + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master affinity: {} + # A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule tolerations: [] + # A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core + # + # For example: + # topologySpreadConstraints: + # - maxSkew: 2 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: ScheduleAnyway + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: cert-manager + # app.kubernetes.io/component: controller topologySpreadConstraints: [] # Optional additional labels to add to the CA Injector Pods podLabels: {} image: - repository: quay.io/jetstack/cert-manager-cainjector - # You can manage a registry with + # The container registry to pull the cainjector image from + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-cainjector + + # The container image for the cert-manager cainjector + # +docs:property + repository: quay.io/jetstack/cert-manager-cainjector # Override the image tag to deploy by setting this variable. # If no value is set, the chart's appVersion will be used. - # tag: canary + # +docs:property + # tag: vX.Y.Z # Setting a digest will override any tag + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + # Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent serviceAccount: # Specifies whether a service account should be created create: true + # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template + # +docs:property # name: "" + # Optional additional annotations to add to the controller's ServiceAccount + # +docs:property # annotations: {} - # Automount API credentials for a Service Account. + # Optional additional labels to add to the cainjector's ServiceAccount + # +docs:property # labels: {} + + # Automount API credentials for a Service Account. automountServiceAccountToken: true # Automounting API credentials for a particular pod + # +docs:property # automountServiceAccountToken: true + # Additional volumes to add to the cert-manager controller pod. volumes: [] + + # Additional volume mounts to add to the cert-manager controller container. volumeMounts: [] # enableServiceLinks indicates whether information about services should be @@ -608,32 +1085,46 @@ cainjector: # links. enableServiceLinks: false +# +docs:section=ACME Solver + acmesolver: image: - repository: quay.io/jetstack/cert-manager-acmesolver - # You can manage a registry with + # The container registry to pull the acmesolver image from + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-acmesolver + + # The container image for the cert-manager acmesolver + # +docs:property + repository: quay.io/jetstack/cert-manager-acmesolver # Override the image tag to deploy by setting this variable. # If no value is set, the chart's appVersion will be used. - # tag: canary + # +docs:property + # tag: vX.Y.Z # Setting a digest will override any tag + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + # Kubernetes imagePullPolicy on Deployment. + pullPolicy: IfNotPresent + +# +docs:section=Startup API Check # This startupapicheck is a Helm post-install hook that waits for the webhook # endpoints to become available. -# The check is implemented using a Kubernetes Job- if you are injecting mesh +# The check is implemented using a Kubernetes Job - if you are injecting mesh # sidecar proxies into cert-manager pods, you probably want to ensure that they # are not injected into this Job's pod. Otherwise the installation may time out # due to the Job never being completed because the sidecar proxy does not exit. # See https://github.com/cert-manager/cert-manager/pull/4414 for context. + startupapicheck: + # Enables the startup api check enabled: true # Pod Security Context to be set on the startupapicheck component Pod # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # +docs:property securityContext: runAsNonRoot: true seccompProfile: @@ -641,13 +1132,13 @@ startupapicheck: # Container Security Context to be set on the controller component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # +docs:property containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true + readOnlyRootFilesystem: true # Timeout for 'kubectl check api' command timeout: 1m @@ -656,56 +1147,105 @@ startupapicheck: backoffLimit: 4 # Optional additional annotations to add to the startupapicheck Job + # +docs:property jobAnnotations: helm.sh/hook: post-install helm.sh/hook-weight: "1" helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded # Optional additional annotations to add to the startupapicheck Pods + # +docs:property # podAnnotations: {} # Additional command line flags to pass to startupapicheck binary. # To see all available flags run docker run quay.io/jetstack/cert-manager-ctl: --help - extraArgs: [] + # + # We enable verbose logging by default so that if startupapicheck fails, users + # can know what exactly caused the failure. Verbose logs include details of + # the webhook URL, IP address and TCP connect errors for example. + # +docs:property + extraArgs: + - -v + # Resources to provide to the cert-manager controller pod + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} - # requests: - # cpu: 10m - # memory: 32Mi + + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property nodeSelector: kubernetes.io/os: linux + # A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + # + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master affinity: {} + # A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule tolerations: [] # Optional additional labels to add to the startupapicheck Pods podLabels: {} image: - repository: quay.io/jetstack/cert-manager-ctl - # You can manage a registry with + # The container registry to pull the startupapicheck image from + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-ctl + + # The container image for the cert-manager startupapicheck + # +docs:property + repository: quay.io/jetstack/cert-manager-startupapicheck # Override the image tag to deploy by setting this variable. # If no value is set, the chart's appVersion will be used. - # tag: canary + # +docs:property + # tag: vX.Y.Z # Setting a digest will override any tag + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + # Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent rbac: # annotations for the startup API Check job RBAC and PSP resources + # +docs:property annotations: helm.sh/hook: post-install helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded # Automounting API credentials for a particular pod + # +docs:property # automountServiceAccountToken: true serviceAccount: @@ -714,21 +1254,28 @@ startupapicheck: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template + # +docs:property # name: "" # Optional additional annotations to add to the Job's ServiceAccount + # +docs:property annotations: helm.sh/hook: post-install helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded # Automount API credentials for a Service Account. + # +docs:property automountServiceAccountToken: true # Optional additional labels to add to the startupapicheck's ServiceAccount + # +docs:property # labels: {} + # Additional volumes to add to the cert-manager controller pod. volumes: [] + + # Additional volume mounts to add to the cert-manager controller container. volumeMounts: [] # enableServiceLinks indicates whether information about services should be diff --git a/charts/clastix/kamaji/Chart.yaml b/charts/clastix/kamaji/Chart.yaml index c37e5b891..df1341fe9 100644 --- a/charts/clastix/kamaji/Chart.yaml +++ b/charts/clastix/kamaji/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/release-name: kamaji apiVersion: v2 -appVersion: v0.4.0 +appVersion: v0.4.1 description: Kamaji is a Kubernetes Control Plane Manager. home: https://github.com/clastix/kamaji icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png @@ -20,4 +20,4 @@ name: kamaji sources: - https://github.com/clastix/kamaji type: application -version: 0.14.0 +version: 0.14.1 diff --git a/charts/clastix/kamaji/README.md b/charts/clastix/kamaji/README.md index 8a79a014b..70e77a0b7 100644 --- a/charts/clastix/kamaji/README.md +++ b/charts/clastix/kamaji/README.md @@ -1,6 +1,6 @@ # kamaji -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.4.0](https://img.shields.io/badge/AppVersion-v0.4.0-informational?style=flat-square) +![Version: 0.14.1](https://img.shields.io/badge/Version-0.14.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.4.1](https://img.shields.io/badge/AppVersion-v0.4.1-informational?style=flat-square) Kamaji is a Kubernetes Control Plane Manager. diff --git a/charts/cockroach-labs/cockroachdb/Chart.yaml b/charts/cockroach-labs/cockroachdb/Chart.yaml index 3e456b8ff..16e4963ba 100644 --- a/charts/cockroach-labs/cockroachdb/Chart.yaml +++ b/charts/cockroach-labs/cockroachdb/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.8-0' catalog.cattle.io/release-name: cockroachdb apiVersion: v1 -appVersion: 23.1.14 +appVersion: 23.2.0 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. home: https://www.cockroachlabs.com icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png @@ -14,4 +14,4 @@ maintainers: name: cockroachdb sources: - https://github.com/cockroachdb/cockroach -version: 11.2.4 +version: 12.0.0 diff --git a/charts/cockroach-labs/cockroachdb/README.md b/charts/cockroach-labs/cockroachdb/README.md index 513b98b98..8b494f876 100644 --- a/charts/cockroach-labs/cockroachdb/README.md +++ b/charts/cockroach-labs/cockroachdb/README.md @@ -229,10 +229,10 @@ kubectl get pods \ ``` ``` -my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.14 -my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.14 -my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.14 -my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.14 +my-release-cockroachdb-0 cockroachdb/cockroach:v23.2.0 +my-release-cockroachdb-1 cockroachdb/cockroach:v23.2.0 +my-release-cockroachdb-2 cockroachdb/cockroach:v23.2.0 +my-release-cockroachdb-3 cockroachdb/cockroach:v23.2.0 ``` Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: @@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file. | `conf.store.size` | CockroachDB storage size | `""` | | `conf.store.attrs` | CockroachDB storage attributes | `""` | | `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v23.1.14` | +| `image.tag` | Container image tag | `v23.2.0` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | | `statefulset.replicas` | StatefulSet replicas number | `3` | diff --git a/charts/cockroach-labs/cockroachdb/templates/certificate.client.yaml b/charts/cockroach-labs/cockroachdb/templates/certificate.client.yaml index d8bf96808..dd0272f3e 100644 --- a/charts/cockroach-labs/cockroachdb/templates/certificate.client.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/certificate.client.yaml @@ -28,7 +28,13 @@ spec: - Cockroach secretName: {{ .Values.tls.certs.clientRootSecret }} issuerRef: + {{- if .Values.tls.certs.certManagerIssuer.isSelfSignedIssuer }} name: {{ template "cockroachdb.fullname" . }}-ca-issuer kind: Issuer group: cert-manager.io + {{- else }} + name: {{ .Values.tls.certs.certManagerIssuer.name }} + kind: {{ .Values.tls.certs.certManagerIssuer.kind }} + group: {{ .Values.tls.certs.certManagerIssuer.group }} + {{- end }} {{- end }} diff --git a/charts/cockroach-labs/cockroachdb/templates/certificate.node.yaml b/charts/cockroach-labs/cockroachdb/templates/certificate.node.yaml index 3392008a8..05e909d0b 100644 --- a/charts/cockroach-labs/cockroachdb/templates/certificate.node.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/certificate.node.yaml @@ -38,7 +38,13 @@ spec: - {{ printf "*.%s.%s.svc.%s" (include "cockroachdb.fullname" .) .Release.Namespace .Values.clusterDomain | quote }} secretName: {{ .Values.tls.certs.nodeSecret }} issuerRef: + {{- if .Values.tls.certs.certManagerIssuer.isSelfSignedIssuer }} name: {{ template "cockroachdb.fullname" . }}-ca-issuer kind: Issuer group: cert-manager.io + {{- else }} + name: {{ .Values.tls.certs.certManagerIssuer.name }} + kind: {{ .Values.tls.certs.certManagerIssuer.kind }} + group: {{ .Values.tls.certs.certManagerIssuer.group }} + {{- end }} {{- end }} diff --git a/charts/cockroach-labs/cockroachdb/values.yaml b/charts/cockroach-labs/cockroachdb/values.yaml index ea1d0ed8a..90291a9b3 100644 --- a/charts/cockroach-labs/cockroachdb/values.yaml +++ b/charts/cockroach-labs/cockroachdb/values.yaml @@ -7,7 +7,7 @@ fullnameOverride: "" image: repository: cockroachdb/cockroach - tag: v23.1.14 + tag: v23.2.0 pullPolicy: IfNotPresent credentials: {} # registry: docker.io diff --git a/charts/crate/crate-operator/Chart.lock b/charts/crate/crate-operator/Chart.lock index 5a47f219e..802d30819 100644 --- a/charts/crate/crate-operator/Chart.lock +++ b/charts/crate/crate-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: crate-operator-crds repository: file://../crate-operator-crds - version: 2.33.0 -digest: sha256:0507220f505b512b4b89c7ddbc8370c161c39683c70def1bea8640b8f532bd17 -generated: "2023-11-14T13:35:09.491416868Z" + version: 2.34.1 +digest: sha256:0f7e12bb95a87abed37e5678525884718f7972e69b67bea83a249db4d2cdbf46 +generated: "2024-02-06T09:17:36.915752993Z" diff --git a/charts/crate/crate-operator/Chart.yaml b/charts/crate/crate-operator/Chart.yaml index cf4500950..04aacb0ca 100644 --- a/charts/crate/crate-operator/Chart.yaml +++ b/charts/crate/crate-operator/Chart.yaml @@ -3,16 +3,16 @@ annotations: catalog.cattle.io/display-name: CrateDB Operator catalog.cattle.io/release-name: crate-operator apiVersion: v2 -appVersion: 2.33.0 +appVersion: 2.34.1 dependencies: - condition: crate-operator-crds.enabled name: crate-operator-crds repository: file://./charts/crate-operator-crds - version: 2.33.0 + version: 2.34.1 description: Crate Operator - Helm chart for installing and upgrading Crate Operator. icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg maintainers: - name: Crate.io name: crate-operator type: application -version: 2.33.0 +version: 2.34.1 diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml index f54ecc8f7..010a95175 100644 --- a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml +++ b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 2.33.0 +appVersion: 2.34.1 description: Crate Operator CRDs - Helm chart for installing and upgrading Custom Resource Definitions (CRDs) for the Crate Operator. maintainers: - name: Crate.io name: crate-operator-crds type: application -version: 2.33.0 +version: 2.34.1 diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml index bab1d2792..575073b9c 100644 --- a/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml +++ b/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml @@ -415,6 +415,28 @@ spec: - name - version type: object + grandCentral: + properties: + backendImage: + description: The image of the grand central backend. + type: string + backendEnabled: + description: Flag indicating whether grand central backend is + deployed for this cluster. + type: boolean + jwkUrl: + description: The endpoint to retrieve the list of JWK public keys + used for verifying JWT tokens. + type: string + apiUrl: + description: The CrateDB Cloud API URL. + type: string + required: + - backendImage + - jwkUrl + - apiUrl + - backendEnabled + type: object nodes: properties: data: diff --git a/charts/crate/crate-operator/templates/rbac.yaml b/charts/crate/crate-operator/templates/rbac.yaml index 79e8617ce..695834939 100644 --- a/charts/crate/crate-operator/templates/rbac.yaml +++ b/charts/crate/crate-operator/templates/rbac.yaml @@ -31,11 +31,13 @@ rules: - apps - batch - policy + - networking.k8s.io resources: - configmaps - cronjobs - jobs - deployments + - ingresses - namespaces - persistentvolumeclaims - persistentvolumes diff --git a/charts/crowdstrike/falcon-sensor/Chart.yaml b/charts/crowdstrike/falcon-sensor/Chart.yaml index 284a33a8d..f1b2ee3d0 100644 --- a/charts/crowdstrike/falcon-sensor/Chart.yaml +++ b/charts/crowdstrike/falcon-sensor/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>1.22.0-0' catalog.cattle.io/release-name: falcon-sensor apiVersion: v2 -appVersion: 1.24.1 +appVersion: 1.25.2 description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. home: https://crowdstrike.com icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg @@ -24,4 +24,4 @@ name: falcon-sensor sources: - https://github.com/CrowdStrike/falcon-helm type: application -version: 1.24.1 +version: 1.25.2 diff --git a/charts/crowdstrike/falcon-sensor/templates/clusterrolebinding.yaml b/charts/crowdstrike/falcon-sensor/templates/clusterrolebinding.yaml index aa995d309..77ff998f5 100644 --- a/charts/crowdstrike/falcon-sensor/templates/clusterrolebinding.yaml +++ b/charts/crowdstrike/falcon-sensor/templates/clusterrolebinding.yaml @@ -12,11 +12,6 @@ metadata: crowdstrike.com/provider: crowdstrike helm.sh/chart: {{ include "falcon-sensor.chart" . }} subjects: -{{- if .Values.container.enabled }} -- apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:authenticated -{{- end }} - kind: ServiceAccount name: {{ .Values.serviceAccount.name }} namespace: {{ .Release.Namespace }} diff --git a/charts/crowdstrike/falcon-sensor/templates/tests/test-cluster-permissions.yaml b/charts/crowdstrike/falcon-sensor/templates/tests/test-cluster-permissions.yaml index c4251387b..34896aa3a 100644 --- a/charts/crowdstrike/falcon-sensor/templates/tests/test-cluster-permissions.yaml +++ b/charts/crowdstrike/falcon-sensor/templates/tests/test-cluster-permissions.yaml @@ -25,11 +25,6 @@ metadata: labels: {{- include "falcon-sensor.labels" . | nindent 4 }} subjects: -{{- if .Values.container.enabled }} -- apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:authenticated -{{- end }} - kind: ServiceAccount name: {{ .Values.serviceAccount.name }} namespace: {{ .Release.Namespace }} diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index 3adfbaffb..b3d4fa869 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,21 @@ # Datadog changelog +## 3.53.3 + +* Update `fips.image.tag` to `1.1.1` + +## 3.53.2 + +* Exclude agent pod from labels injection from the admission controller + +## 3.53.1 + +* Update `fips.image.tag` to `1.1.0` + +## 3.53.0 + +* Add `otlp.logs.enabled` option to datadog agent to set the `DD_OTLP_CONFIG_LOGS_ENABLED` env variable. + ## 3.52.0 * Allow configuring CWS security profile features and enable drift events by default diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index a769d1deb..c0dda0d7b 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.52.0 +version: 3.53.3 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index c2076ce60..450c918b1 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.52.0](https://img.shields.io/badge/Version-3.52.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.53.3](https://img.shields.io/badge/Version-3.53.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -743,6 +743,7 @@ helm install \ | datadog.orchestratorExplorer.customResources | list | `[]` | Defines custom resources for the orchestrator explorer to collect | | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | +| datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | | datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.endpoint | string | `"0.0.0.0:4317"` | OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.useHostPort | bool | `true` | Enable the Host Port for the OTLP/gRPC endpoint | @@ -818,7 +819,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.0.1"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.1"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/datadog/templates/_containers-common-env.yaml b/charts/datadog/datadog/templates/_containers-common-env.yaml index 50f70e8a8..dfb27ea2d 100644 --- a/charts/datadog/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/datadog/templates/_containers-common-env.yaml @@ -70,6 +70,7 @@ value: {{ .Values.datadog.containerExcludeLogs | quote }} {{- end }} {{- if .Values.datadog.otlp }} + {{- if .Values.datadog.otlp.receiver }} {{- if .Values.datadog.otlp.receiver.protocols }} {{- with .Values.datadog.otlp.receiver.protocols }} @@ -87,6 +88,12 @@ {{- end }} {{- end }} {{- end }} + +{{- with .Values.datadog.otlp.logs }} +- name: DD_OTLP_CONFIG_LOGS_ENABLED + value: {{ .enabled | quote }} +{{- end }} + {{- end }} {{- if eq (include "agent-has-env-ad" .) "true" }} {{- if .Values.datadog.dockerSocketPath }} diff --git a/charts/datadog/datadog/templates/daemonset.yaml b/charts/datadog/datadog/templates/daemonset.yaml index 4eced384e..5aba67ff2 100644 --- a/charts/datadog/datadog/templates/daemonset.yaml +++ b/charts/datadog/datadog/templates/daemonset.yaml @@ -9,6 +9,7 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" {{- if .Values.agents.additionalLabels }} {{ toYaml .Values.agents.additionalLabels | indent 4 }} {{- end }} diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index 40b116eda..dc79456f2 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -500,6 +500,9 @@ datadog: endpoint: "0.0.0.0:4318" # datadog.otlp.receiver.protocols.http.useHostPort -- Enable the Host Port for the OTLP/HTTP endpoint useHostPort: true + logs: + # datadog.otlp.logs.enabled -- Enable logs support in the OTLP ingest endpoint + enabled: false # datadog.envFrom -- Set environment variables for all Agents directly from configMaps and/or secrets @@ -1269,7 +1272,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.0.1 + tag: 1.1.1 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent diff --git a/charts/dell/csi-isilon/Chart.yaml b/charts/dell/csi-isilon/Chart.yaml index 7e846b8a1..c1cdaa6f4 100644 --- a/charts/dell/csi-isilon/Chart.yaml +++ b/charts/dell/csi-isilon/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.21.0 < 1.29.0' catalog.cattle.io/release-name: isilon apiVersion: v2 -appVersion: 2.9.0 +appVersion: 2.9.1 description: 'PowerScale CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as an Isilon StorageClass. ' @@ -19,4 +19,4 @@ name: csi-isilon sources: - https://github.com/dell/csi-isilon type: application -version: 2.9.0 +version: 2.9.1 diff --git a/charts/dell/csi-isilon/templates/controller.yaml b/charts/dell/csi-isilon/templates/controller.yaml index 3c279baaf..8466a8131 100644 --- a/charts/dell/csi-isilon/templates/controller.yaml +++ b/charts/dell/csi-isilon/templates/controller.yaml @@ -423,18 +423,6 @@ spec: imagePullPolicy: {{ .Values.imagePullPolicy }} command: [ "/csi-isilon" ] args: - - "--leader-election" - {{- if hasKey .Values.controller "leaderElection" }} - {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} - - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" - {{end}} - {{end}} - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: - name: CSI_ENDPOINT diff --git a/charts/dell/csi-isilon/values.yaml b/charts/dell/csi-isilon/values.yaml index 15b204765..4b0abe3f5 100644 --- a/charts/dell/csi-isilon/values.yaml +++ b/charts/dell/csi-isilon/values.yaml @@ -2,11 +2,11 @@ ######################## # version: version of this values file # Note: Do not change this value -version: "v2.9.0" +version: "v2.9.1" images: # "driver" defines the container image, used for the driver container. - driver: dellemc/csi-isilon:v2.9.0 + driver: dellemc/csi-isilon:v2.9.1 # CSI sidecars attacher: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 @@ -16,10 +16,10 @@ images: healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 # CSM sidecars - replication: dellemc/dell-csi-replicator:v1.7.0 - podmon: dellemc/podmon:v1.8.0 - authorization: dellemc/csm-authorization-sidecar:v1.9.0 - metadataretriever: dellemc/csi-metadata-retriever:v1.4.0 + replication: dellemc/dell-csi-replicator:v1.7.1 + podmon: dellemc/podmon:v1.8.1 + authorization: dellemc/csm-authorization-sidecar:v1.9.1 + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 encryption: dellemc/csm-encryption:v0.3.0 # CSI driver log level diff --git a/charts/dell/csi-powermax/Chart.yaml b/charts/dell/csi-powermax/Chart.yaml index ee71890f3..e34197fcf 100644 --- a/charts/dell/csi-powermax/Chart.yaml +++ b/charts/dell/csi-powermax/Chart.yaml @@ -4,12 +4,12 @@ annotations: catalog.cattle.io/kube-version: '>= 1.23.0 < 1.29.0' catalog.cattle.io/release-name: csi-powermax apiVersion: v2 -appVersion: 2.9.0 +appVersion: 2.9.1 dependencies: - condition: required name: csireverseproxy repository: file://./charts/csireverseproxy - version: 2.8.0 + version: 2.8.1 description: 'PowerMax CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a PowerMax StorageClass. ' @@ -25,4 +25,4 @@ name: csi-powermax sources: - https://github.com/dell/csi-powermax type: application -version: 2.9.0 +version: 2.9.1 diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml index ce730d887..341b4f716 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 2.8.0 +appVersion: 2.8.1 description: A Helm chart for CSI PowerMax ReverseProxy name: csireverseproxy type: application -version: 2.8.0 +version: 2.8.1 diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/values.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/values.yaml index bdfc36fae..5afbc2adb 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/values.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/values.yaml @@ -1,4 +1,4 @@ -image: dellemc/csipowermax-reverseproxy:v2.8.0 +image: dellemc/csipowermax-reverseproxy:v2.8.1 port: 2222 # TLS secret which is used for setting up the proxy HTTPS server diff --git a/charts/dell/csi-powermax/templates/controller.yaml b/charts/dell/csi-powermax/templates/controller.yaml index 12d6b2da6..9ff4308d4 100644 --- a/charts/dell/csi-powermax/templates/controller.yaml +++ b/charts/dell/csi-powermax/templates/controller.yaml @@ -358,8 +358,6 @@ spec: image: {{ required "Must provide the PowerMax driver image repository." .Values.images.driver }} imagePullPolicy: {{ .Values.imagePullPolicy }} command: [ "/csi-powermax.sh" ] - args: - - "--leader-election" env: {{- $_ := first .Values.global.storageArrays }} {{- $arraysStr := "" }} @@ -473,7 +471,7 @@ spec: - name: X_CSI_REVPROXY_WATCH_NAMESPACE value: {{ .Release.Namespace }} - name: X_CSI_REVPROXY_IS_LEADER_ENABLED - value: "true" + value: "false" volumeMounts: - name: configmap-volume mountPath: /etc/config/configmap diff --git a/charts/dell/csi-powermax/values.yaml b/charts/dell/csi-powermax/values.yaml index f2a3de106..117dc70c9 100644 --- a/charts/dell/csi-powermax/values.yaml +++ b/charts/dell/csi-powermax/values.yaml @@ -48,14 +48,14 @@ global: # Current version of the driver # Don't modify this value as this value will be used by the install script -version: "v2.9.0" +version: "v2.9.1" # "images" defines every container images used for the driver and its sidecars. # To use your own images, or a private registry, change the values here. images: # "driver" defines the container image, used for the driver container. - driver: dellemc/csi-powermax:v2.9.0 - csireverseproxy: dellemc/csipowermax-reverseproxy:v2.8.0 + driver: dellemc/csi-powermax:v2.9.1 + csireverseproxy: dellemc/csipowermax-reverseproxy:v2.8.1 # CSI sidecars attacher: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 @@ -64,8 +64,8 @@ images: registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 # CSM sidecars - replication: dellemc/dell-csi-replicator:v1.7.0 - authorization: dellemc/csm-authorization-sidecar:v1.9.0 + replication: dellemc/dell-csi-replicator:v1.7.1 + authorization: dellemc/csm-authorization-sidecar:v1.9.1 migration: dellemc/dell-csi-migrator:v1.3.0 # Node rescan sidecar does a rescan on nodes for identifying new paths # Default value: dellemc/dell-csi-node-rescanner:v1.0.1 diff --git a/charts/dell/csi-powerstore/Chart.yaml b/charts/dell/csi-powerstore/Chart.yaml index b67ebc688..59e29cbf0 100644 --- a/charts/dell/csi-powerstore/Chart.yaml +++ b/charts/dell/csi-powerstore/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.24.0 < 1.29.0' catalog.cattle.io/release-name: powerstore apiVersion: v2 -appVersion: 2.9.0 +appVersion: 2.9.1 description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a PowerStore StorageClass. ' @@ -20,4 +20,4 @@ name: csi-powerstore sources: - https://github.com/dell/csi-powerstore type: application -version: 2.9.0 +version: 2.9.1 diff --git a/charts/dell/csi-powerstore/values.yaml b/charts/dell/csi-powerstore/values.yaml index 4843fe5ee..500e3333d 100644 --- a/charts/dell/csi-powerstore/values.yaml +++ b/charts/dell/csi-powerstore/values.yaml @@ -23,13 +23,13 @@ driverName: "csi-powerstore.dellemc.com" # "version" is used to verify the values file matches driver version # Not recommend to change -version: v2.9.0 +version: v2.9.1 # "images" defines every container images used for the driver and its sidecars. # To use your own images, or a private registry, change the values here. images: # "driver" defines the container image, used for the driver container. - driver: dellemc/csi-powerstore:v2.9.0 + driver: dellemc/csi-powerstore:v2.9.1 # CSI sidecars attacher: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 @@ -39,10 +39,10 @@ images: healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 # CSM sidecars - replication: dellemc/dell-csi-replicator:v1.7.0 + replication: dellemc/dell-csi-replicator:v1.7.1 vgsnapshotter: dellemc/csi-volumegroup-snapshotter:v1.4.0 - podmon: dellemc/podmon:v1.8.0 - metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 + podmon: dellemc/podmon:v1.8.1 + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 # Specify kubelet config dir path. # Ensure that the config.yaml file is present at this path. diff --git a/charts/dell/csi-unity/Chart.yaml b/charts/dell/csi-unity/Chart.yaml index 9c393792e..b9b63b1b3 100644 --- a/charts/dell/csi-unity/Chart.yaml +++ b/charts/dell/csi-unity/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.24.0 < 1.29.0' catalog.cattle.io/release-name: unity apiVersion: v2 -appVersion: 2.9.0 +appVersion: 2.9.1 description: 'Unity XT CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a Unity XT StorageClass. ' @@ -19,4 +19,4 @@ name: csi-unity sources: - https://github.com/dell/csi-unity type: application -version: 2.9.0 +version: 2.9.1 diff --git a/charts/dell/csi-unity/templates/controller.yaml b/charts/dell/csi-unity/templates/controller.yaml index 1f3e2220c..84b64b056 100644 --- a/charts/dell/csi-unity/templates/controller.yaml +++ b/charts/dell/csi-unity/templates/controller.yaml @@ -279,7 +279,6 @@ spec: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" - "--driver-secret=/unity-secret/config" - - "--leader-election" imagePullPolicy: {{ .Values.imagePullPolicy }} env: - name: CSI_ENDPOINT diff --git a/charts/dell/csi-unity/values.yaml b/charts/dell/csi-unity/values.yaml index c311a19f4..f5da26015 100644 --- a/charts/dell/csi-unity/values.yaml +++ b/charts/dell/csi-unity/values.yaml @@ -3,12 +3,12 @@ # version: version of this values file # Note: Do not change this value -# Examples : "v2.9.0" , "nightly" -version: "v2.9.0" +# Examples : "v2.9.1" , "nightly" +version: "v2.9.1" images: # "driver" defines the container image, used for the driver container. - driver: dellemc/csi-unity:v2.9.0 + driver: dellemc/csi-unity:v2.9.1 # CSI sidecars attacher: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 @@ -18,7 +18,7 @@ images: healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 # CSM sidecars - podmon: dellemc/podmon:v1.8.0 + podmon: dellemc/podmon:v1.8.1 # LogLevel is used to set the logging level of the driver. # Allowed values: "error", "warn"/"warning", "info", "debug" diff --git a/charts/dell/csi-vxflexos/Chart.yaml b/charts/dell/csi-vxflexos/Chart.yaml index b31c7326a..640eae0a2 100644 --- a/charts/dell/csi-vxflexos/Chart.yaml +++ b/charts/dell/csi-vxflexos/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/namespace: vxflexos catalog.cattle.io/release-name: vxflexos apiVersion: v2 -appVersion: 2.9.0 +appVersion: 2.9.1 description: 'VxFlex OS CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a VxFlex OS StorageClass. ' @@ -19,4 +19,4 @@ maintainers: name: csi-vxflexos sources: - https://github.com/dell/csi-vxflexos -version: 2.9.0 +version: 2.9.1 diff --git a/charts/dell/csi-vxflexos/templates/controller.yaml b/charts/dell/csi-vxflexos/templates/controller.yaml index d308cc00a..a456049e0 100644 --- a/charts/dell/csi-vxflexos/templates/controller.yaml +++ b/charts/dell/csi-vxflexos/templates/controller.yaml @@ -394,7 +394,6 @@ spec: imagePullPolicy: {{ .Values.imagePullPolicy }} command: [ "/csi-vxflexos.sh" ] args: - - "--leader-election" - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" env: diff --git a/charts/dell/csi-vxflexos/values.yaml b/charts/dell/csi-vxflexos/values.yaml index 7cfab7be5..94fcfbc04 100644 --- a/charts/dell/csi-vxflexos/values.yaml +++ b/charts/dell/csi-vxflexos/values.yaml @@ -3,14 +3,14 @@ # "version" is used to verify the values file matches driver version # Not recommend to change -version: v2.9.0 +version: v2.9.1 # "images" defines every container images used for the driver and its sidecars. # To use your own images, or a private registry, change the values here. images: # "driver" defines the container image, used for the driver container. - driver: dellemc/csi-vxflexos:v2.9.0 + driver: dellemc/csi-vxflexos:v2.9.1 # "powerflexSdc" defines the SDC image for init container. powerflexSdc: dellemc/sdc:4.5 # CSI sidecars @@ -21,10 +21,10 @@ images: registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 # CSM sidecars - replication: dellemc/dell-csi-replicator:v1.7.0 + replication: dellemc/dell-csi-replicator:v1.7.1 vgsnapshotter: dellemc/csi-volumegroup-snapshotter:v1.4.0 - podmon: dellemc/podmon:v1.8.0 - authorization: dellemc/csm-authorization-sidecar:v1.9.0 + podmon: dellemc/podmon:v1.8.1 + authorization: dellemc/csm-authorization-sidecar:v1.9.1 # Represents number of certificate secrets, which user is going to create for ssl authentication. (vxflexos-cert-0..vxflexos-cert-n) # If user does not use certificate, set to 0 diff --git a/charts/dh2i/dxemssql/.helmignore b/charts/dh2i/dxemssql/.helmignore index 0e8a0eb36..f82e96d46 100644 --- a/charts/dh2i/dxemssql/.helmignore +++ b/charts/dh2i/dxemssql/.helmignore @@ -1,23 +1,23 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/dh2i/dxemssql/Chart.yaml b/charts/dh2i/dxemssql/Chart.yaml index 7a374fe29..c0f27125e 100644 --- a/charts/dh2i/dxemssql/Chart.yaml +++ b/charts/dh2i/dxemssql/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/release-name: dxemssql charts.openshift.io/name: DxEnterprise for Microsoft SQL AG apiVersion: v2 -appVersion: "22.0" +appVersion: "23.0" description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server availability groups icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png @@ -16,4 +16,4 @@ maintainers: url: https://dh2i.com name: dxemssql type: application -version: 1.0.4 +version: 1.0.5 diff --git a/charts/dh2i/dxemssql/README.md b/charts/dh2i/dxemssql/README.md index 813228eb6..7c0e7f527 100644 --- a/charts/dh2i/dxemssql/README.md +++ b/charts/dh2i/dxemssql/README.md @@ -1,15 +1,15 @@ -# DxEnterprise for Microsoft SQL AG - -This chart deploys a SQL Server availability group managed by DxEnterprise clustering technology. - -## Prerequisites - -- A secret on your Kubernetes cluster that contains SQL Server credentials (`MSSQL_SA_PASSWORD`) and your DxEnterprise cluster password (`DX_PASSKEY`) -- A DxEnterprise license key with availability group management features and tunnels enabled -- Optional: DxAdmin installed on a Windows machine. Installation instructions for DxAdmin can be found in [DH2i documentation](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/installation/dxadmin-qsg) - -# Additional Information - -Instructions for creating this chart using Rancher can be found in the [DxEnterprise Rancher guide](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes/mssql-ag-rancher#install-the-helm-chart), and additional DxEnterprise Kubernetes documentation can be found [here](https://support.dh2i.com/docs/v22.0/category/guides/dxenterprise/containers/kubernetes/). - -Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy. +# DxEnterprise for Microsoft SQL AG + +This chart deploys a SQL Server availability group managed by DxEnterprise clustering technology. + +## Prerequisites + +- A secret on your Kubernetes cluster that contains SQL Server credentials (`MSSQL_SA_PASSWORD`) and your DxEnterprise cluster password (`DX_PASSKEY`) +- A DxEnterprise license key with availability group management features and tunnels enabled +- Optional: DxAdmin installed on a Windows machine. Installation instructions for DxAdmin can be found in [DH2i documentation](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/installation/dxadmin-qsg) + +# Additional Information + +Instructions for creating this chart using Rancher can be found in the [DxEnterprise Rancher guide](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes/mssql-ag-rancher#install-the-helm-chart), and additional DxEnterprise Kubernetes documentation can be found [here](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes). + +Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy. diff --git a/charts/dh2i/dxemssql/app-readme.md b/charts/dh2i/dxemssql/app-readme.md index 2821f95a4..2996119d4 100644 --- a/charts/dh2i/dxemssql/app-readme.md +++ b/charts/dh2i/dxemssql/app-readme.md @@ -1,8 +1,8 @@ -# Availability Groups With DxEnterprise - -DxEnterprise (DxE) uses Microsoft SQL Server Availability Groups clustering technology to dramatically reduce the complexity of configuring and managing highly available SQL Server AGs. DxEnterprise makes AGs highly available within containers without relying on WSFC or any other cumbersome and restrictive cluster orchestration technologies, while also providing advanced fault detection and failover automation to minimize outages for SQL Server databases, helping customers achieve nearest-to-zero total downtime. DxEnterprise AGs enable cross-network failover without opening external ports or the use of virtual private networks (VPNs), enabling simplified cross-network, cross-zone, and cross-region clusters. - -- SDP-enhanced highly available SQL Server Availability Groups -- Realtime health detection and automatic failover -- Discreet and secure networking across AG nodes in separate sites, regions, or clouds - without a VPN -- Management simplicity and minimal complexity +# Availability Groups With DxEnterprise + +DxEnterprise (DxE) uses Microsoft SQL Server Availability Groups clustering technology to dramatically reduce the complexity of configuring and managing highly available SQL Server AGs. DxEnterprise makes AGs highly available within containers without relying on WSFC or any other cumbersome and restrictive cluster orchestration technologies, while also providing advanced fault detection and failover automation to minimize outages for SQL Server databases, helping customers achieve nearest-to-zero total downtime. DxEnterprise AGs enable cross-network failover without opening external ports or the use of virtual private networks (VPNs), enabling simplified cross-network, cross-zone, and cross-region clusters. + +- SDP-enhanced highly available SQL Server Availability Groups +- Realtime health detection and automatic failover +- Discreet and secure networking across AG nodes in separate sites, regions, or clouds - without a VPN +- Management simplicity and minimal complexity diff --git a/charts/dh2i/dxemssql/questions.yml b/charts/dh2i/dxemssql/questions.yml index 431aa1aa3..b56fbe432 100644 --- a/charts/dh2i/dxemssql/questions.yml +++ b/charts/dh2i/dxemssql/questions.yml @@ -1,116 +1,116 @@ -questions: -- variable: replicas - label: "Replicas" - type: int - description: "The quantity of replicas (pods) to create. Note that setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. Only set this value below 3 if you intend to add these replicas to an existing AG." - default: 3 - required: true - group: General -- variable: secretKeys - label: "Kubernetes Secret" - type: secret - description: "The name of the Kubernetes Secret to use for the MSSQL_SA_PASSWORD, DX_PASSKEY, and (optionally) DX_OTPK." - required: true - group: General -- variable: enableLoadBalancers - label: "Enable External Load Balancers" - type: string - description: "Enable or disable automatic provisioning of an external load balancer for each replica in the StatefulSet." - required: true - group: General -- variable: DX_LICENSE - label: "License Key" - type: string - description: "The license key for DxEnterprise." - required: true - group: "DxEnterprise" -- variable: DX_ACCEPT_EULA - label: "Accept EULA" - type: enum - default: "N" - description: "Accept the terms of the DxEnterprise license agreement. For more information, visit http://support.dh2i.com/docs/other/eula." - required: true - group: "DxEnterprise" - options: - - "Y" - - "N" -- variable: DX_VHOST_NAME - label: "Vhost Name" - type: string - description: "The name of the Vhost that the availability group will be created under." - default: "VHOST1" - group: "DxEnterprise" -- variable: DX_AG_NAME - label: "Availability Group Name" - type: string - description: "The name that will be given to the availability group." - default: "AG1" - group: "DxEnterprise" -- variable: DX_AG_OPTIONS - label: "Availability Group Options" - type: string - description: "Additional availability group options to apply during AG creation." - group: "DxEnterprise" -- variable: DX_NEW_CLUSTER - label: "Create a New Cluster" - type: string - description: "Whether or not to create a new DxEnterprise cluster, or join an existing one using the provided One-Time Passkey." - default: "true" - group: "DxEnterprise" -- variable: dxeImage.repository - label: "Repository" - type: string - description: "The repository to pull the DxEnterprise image from." - default: "dh2i/dxe" - group: "DxEnterprise" - subquestions: - - variable: dxeImage.pullPolicy - label: "Pull Policy" - type: string - description: "The pull policy for the DxEnterprise image." - default: "Always" - group: "DxEnterprise" - - variable: dxeImage.tag - label: "Image Tag" - type: string - description: "The tag to use for the DxEnterprise image." - default: "latest" - group: "DxEnterprise" - -- variable: MSSQL_PID - label: Edition - type: string - description: "The SQL Server edition (PID)." - required: true - default: Developer - group: "SQL Server" -- variable: ACCEPT_EULA - label: "Accept EULA" - type: enum - default: "N" - description: "Accept the terms of the SQL Server EULA." - required: true - group: "SQL Server" - options: - - "Y" - - "N" -- variable: sqlImage.repository - label: "Repository" - type: string - description: "The repository to pull the SQL Server image from." - default: "mcr.microsoft.com/mssql/server" - group: "SQL Server" - subquestions: - - variable: sqlImage.pullPolicy - label: "Pull Policy" - type: string - description: "The pull policy for the SQL Server image." - default: "Always" - group: "SQL Server" - - variable: sqlImage.tag - label: "Image Tag" - type: string - description: "The tag to use for the SQL Server image." - default: "2022-latest" - group: "SQL Server" +questions: +- variable: replicas + label: "Replicas" + type: int + description: "The quantity of replicas (pods) to create. Note that setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. Only set this value below 3 if you intend to add these replicas to an existing AG." + default: 3 + required: true + group: General +- variable: secretKeys + label: "Kubernetes Secret" + type: secret + description: "The name of the Kubernetes Secret to use for the MSSQL_SA_PASSWORD, DX_PASSKEY, and (optionally) DX_OTPK." + required: true + group: General +- variable: enableLoadBalancers + label: "Enable External Load Balancers" + type: string + description: "Enable or disable automatic provisioning of an external load balancer for each replica in the StatefulSet." + required: true + group: General +- variable: DX_LICENSE + label: "License Key" + type: string + description: "The license key for DxEnterprise." + required: true + group: "DxEnterprise" +- variable: DX_ACCEPT_EULA + label: "Accept EULA" + type: enum + default: "N" + description: "Accept the terms of the DxEnterprise license agreement. For more information, visit http://support.dh2i.com/docs/other/eula." + required: true + group: "DxEnterprise" + options: + - "Y" + - "N" +- variable: DX_VHOST_NAME + label: "Vhost Name" + type: string + description: "The name of the Vhost that the availability group will be created under." + default: "VHOST1" + group: "DxEnterprise" +- variable: DX_AG_NAME + label: "Availability Group Name" + type: string + description: "The name that will be given to the availability group." + default: "AG1" + group: "DxEnterprise" +- variable: DX_AG_OPTIONS + label: "Availability Group Options" + type: string + description: "Additional availability group options to apply during AG creation." + group: "DxEnterprise" +- variable: DX_NEW_CLUSTER + label: "Create a New Cluster" + type: string + description: "Whether or not to create a new DxEnterprise cluster, or join an existing one using the provided One-Time Passkey." + default: "true" + group: "DxEnterprise" +- variable: dxeImage.repository + label: "Repository" + type: string + description: "The repository to pull the DxEnterprise image from." + default: "dh2i/dxe" + group: "DxEnterprise" + subquestions: + - variable: dxeImage.pullPolicy + label: "Pull Policy" + type: string + description: "The pull policy for the DxEnterprise image." + default: "Always" + group: "DxEnterprise" + - variable: dxeImage.tag + label: "Image Tag" + type: string + description: "The tag to use for the DxEnterprise image." + default: "latest" + group: "DxEnterprise" + +- variable: MSSQL_PID + label: Edition + type: string + description: "The SQL Server edition (PID)." + required: true + default: Developer + group: "SQL Server" +- variable: ACCEPT_EULA + label: "Accept EULA" + type: enum + default: "N" + description: "Accept the terms of the SQL Server EULA." + required: true + group: "SQL Server" + options: + - "Y" + - "N" +- variable: sqlImage.repository + label: "Repository" + type: string + description: "The repository to pull the SQL Server image from." + default: "mcr.microsoft.com/mssql/server" + group: "SQL Server" + subquestions: + - variable: sqlImage.pullPolicy + label: "Pull Policy" + type: string + description: "The pull policy for the SQL Server image." + default: "Always" + group: "SQL Server" + - variable: sqlImage.tag + label: "Image Tag" + type: string + description: "The tag to use for the SQL Server image." + default: "2022-latest" + group: "SQL Server" \ No newline at end of file diff --git a/charts/dh2i/dxemssql/templates/_helpers.tpl b/charts/dh2i/dxemssql/templates/_helpers.tpl index 9c3fe3394..5aa540e24 100644 --- a/charts/dh2i/dxemssql/templates/_helpers.tpl +++ b/charts/dh2i/dxemssql/templates/_helpers.tpl @@ -1,62 +1,62 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "dxemssql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "dxemssql.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "dxemssql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "dxemssql.labels" -}} -helm.sh/chart: {{ include "dxemssql.chart" . }} -{{ include "dxemssql.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "dxemssql.selectorLabels" -}} -app.kubernetes.io/name: {{ include "dxemssql.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "dxemssql.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "dxemssql.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} +{{/* +Expand the name of the chart. +*/}} +{{- define "dxemssql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "dxemssql.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dxemssql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "dxemssql.labels" -}} +helm.sh/chart: {{ include "dxemssql.chart" . }} +{{ include "dxemssql.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "dxemssql.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dxemssql.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "dxemssql.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "dxemssql.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/dh2i/dxemssql/templates/external-lb.yaml b/charts/dh2i/dxemssql/templates/external-lb.yaml index c08f817e3..52e960acb 100644 --- a/charts/dh2i/dxemssql/templates/external-lb.yaml +++ b/charts/dh2i/dxemssql/templates/external-lb.yaml @@ -1,23 +1,23 @@ -{{- if eq (.Values.enableLoadBalancers | toString | lower) "true" }} -{{- range untilStep 0 (.Values.replicas | int) 1 }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "dxemssql.fullname" $ }}-lb-{{ . }} -spec: - type: LoadBalancer - externalTrafficPolicy: Local - selector: - statefulset.kubernetes.io/pod-name: {{ template "dxemssql.fullname" $ }}-{{ . }} - ports: - - name: sql - protocol: TCP - port: 1433 - targetPort: 1433 - - name: dxe-admin - protocol: TCP - port: 7979 - targetPort: 7979 ---- -{{- end }} +{{- if eq (.Values.enableLoadBalancers | toString | lower) "true" }} +{{- range untilStep 0 (.Values.replicas | int) 1 }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "dxemssql.fullname" $ }}-lb-{{ . }} +spec: + type: LoadBalancer + externalTrafficPolicy: Local + selector: + statefulset.kubernetes.io/pod-name: {{ template "dxemssql.fullname" $ }}-{{ . }} + ports: + - name: sql + protocol: TCP + port: 1433 + targetPort: 1433 + - name: dxe-admin + protocol: TCP + port: 7979 + targetPort: 7979 +--- +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/dh2i/dxemssql/templates/headless-svc.yaml b/charts/dh2i/dxemssql/templates/headless-svc.yaml index ed03dc92a..38eb0b301 100644 --- a/charts/dh2i/dxemssql/templates/headless-svc.yaml +++ b/charts/dh2i/dxemssql/templates/headless-svc.yaml @@ -1,25 +1,25 @@ -#headless services for local connections/resolution -{{- range untilStep 0 (.Values.replicas | int) 1 }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "dxemssql.fullname" $ }}-{{ . }} -spec: - clusterIP: None - selector: - statefulset.kubernetes.io/pod-name: {{ template "dxemssql.fullname" $ }}-{{ . }} - ports: - - name: dxlmonitor - protocol: TCP - port: 7979 - - name: dxcmonitor-tcp - protocol: TCP - port: 7980 - - name: dxcmonitor-udp - protocol: UDP - port: 7981 - - name: ag-endpoint - protocol: TCP - port: 5022 ---- +#headless services for local connections/resolution +{{- range untilStep 0 (.Values.replicas | int) 1 }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "dxemssql.fullname" $ }}-{{ . }} +spec: + clusterIP: None + selector: + statefulset.kubernetes.io/pod-name: {{ template "dxemssql.fullname" $ }}-{{ . }} + ports: + - name: dxlmonitor + protocol: TCP + port: 7979 + - name: dxcmonitor-tcp + protocol: TCP + port: 7980 + - name: dxcmonitor-udp + protocol: UDP + port: 7981 + - name: ag-endpoint + protocol: TCP + port: 5022 +--- {{- end }} \ No newline at end of file diff --git a/charts/dh2i/dxemssql/templates/statefulset.yaml b/charts/dh2i/dxemssql/templates/statefulset.yaml index 57b3d53e4..50dab324d 100644 --- a/charts/dh2i/dxemssql/templates/statefulset.yaml +++ b/charts/dh2i/dxemssql/templates/statefulset.yaml @@ -1,108 +1,108 @@ -#DxEnterprise + MSSQL StatefulSet -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "dxemssql.fullname" . }} - labels: - {{- include "dxemssql.labels" . | nindent 4 }} -spec: - serviceName: {{ include "dxemssql.fullname" . }} - replicas: {{ .Values.replicas }} - selector: - matchLabels: - {{- include "dxemssql.labels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "dxemssql.labels" . | nindent 8 }} - spec: - securityContext: - fsGroup: 10001 - containers: - - name: sql - image: "{{ .Values.sqlImage.repository }}:{{ .Values.sqlImage.tag }}" - imagePullPolicy: {{ .Values.sqlImage.pullPolicy }} - env: - - name: ACCEPT_EULA - value: {{ required "You must accept the SQL Server EULA." .Values.ACCEPT_EULA | upper | quote }} - - name: MSSQL_AGENT_ENABLED - value: {{ .Values.MSSQL_AGENT_ENABLED | quote }} - - name: MSSQL_ENABLE_HADR - value: "1" - - name: MSSQL_PID - value: {{ .Values.MSSQL_PID | quote }} - - name: MSSQL_SA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ required "You must provide a secret key that contains MSSQL_SA_PASSWORD and DX_PASSKEY." .Values.secretKeys }} - key: MSSQL_SA_PASSWORD - readinessProbe: - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 12 - tcpSocket: - port: 1433 - volumeMounts: - - name: mssql - mountPath: "/var/opt/mssql" - - name: dxe - image: "{{ .Values.dxeImage.repository }}:{{ .Values.dxeImage.tag }}" - imagePullPolicy: {{ .Values.dxeImage.pullPolicy }} - env: - - name: DX_LICENSE - value: {{ required "DxEnterprise license key is required." .Values.DX_LICENSE | upper | quote }} - - name: DX_ACCEPT_EULA - value: {{ required "You must accept the DxEnterprise EULA." .Values.DX_ACCEPT_EULA | lower | quote }} - - name: DX_OTPK - valueFrom: - secretKeyRef: - name: {{ .Values.secretKeys }} - key: DX_OTPK - optional: true - - name: DX_PASSKEY - valueFrom: - secretKeyRef: - name: {{ required "You must provide a secret key that contains MSSQL_SA_PASSWORD and DX_PASSKEY." .Values.secretKeys }} - key: DX_PASSKEY - - name: DX_VHOST_NAME - value: {{ .Values.DX_VHOST_NAME | upper | quote }} - - name: DX_AG_NAME - value: {{ .Values.DX_AG_NAME | upper | quote }} - - name: DX_AG_OPTIONS - value: {{ .Values.DX_AG_OPTIONS | quote }} - - name: DX_NEW_CLUSTER - value: {{ .Values.DX_NEW_CLUSTER | lower | quote }} - - name: MSSQL_SA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.secretKeys }} - key: MSSQL_SA_PASSWORD - readinessProbe: - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 12 - exec: - command: - - sh - - -c - - "cat /opt/dh2i/sbin/ready | grep -q \"1\"" - volumeMounts: - - name: dxe - mountPath: "/etc/dh2i" - volumeClaimTemplates: - - metadata: - name: dxe - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - metadata: - name: mssql - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi +#DxEnterprise + MSSQL StatefulSet +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "dxemssql.fullname" . }} + labels: + {{- include "dxemssql.labels" . | nindent 4 }} +spec: + serviceName: {{ include "dxemssql.fullname" . }} + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "dxemssql.labels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "dxemssql.labels" . | nindent 8 }} + spec: + securityContext: + fsGroup: 10001 + containers: + - name: sql + image: "{{ .Values.sqlImage.repository }}:{{ .Values.sqlImage.tag }}" + imagePullPolicy: {{ .Values.sqlImage.pullPolicy }} + env: + - name: ACCEPT_EULA + value: {{ required "You must accept the SQL Server EULA." .Values.ACCEPT_EULA | upper | quote }} + - name: MSSQL_AGENT_ENABLED + value: {{ .Values.MSSQL_AGENT_ENABLED | quote }} + - name: MSSQL_ENABLE_HADR + value: "1" + - name: MSSQL_PID + value: {{ .Values.MSSQL_PID | quote }} + - name: MSSQL_SA_PASSWORD + valueFrom: + secretKeyRef: + name: {{ required "You must provide a secret key that contains MSSQL_SA_PASSWORD and DX_PASSKEY." .Values.secretKeys }} + key: MSSQL_SA_PASSWORD + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 12 + tcpSocket: + port: 1433 + volumeMounts: + - name: mssql + mountPath: "/var/opt/mssql" + - name: dxe + image: "{{ .Values.dxeImage.repository }}:{{ .Values.dxeImage.tag }}" + imagePullPolicy: {{ .Values.dxeImage.pullPolicy }} + env: + - name: DX_LICENSE + value: {{ required "DxEnterprise license key is required." .Values.DX_LICENSE | upper | quote }} + - name: DX_ACCEPT_EULA + value: {{ required "You must accept the DxEnterprise EULA." .Values.DX_ACCEPT_EULA | lower | quote }} + - name: DX_OTPK + valueFrom: + secretKeyRef: + name: {{ .Values.secretKeys }} + key: DX_OTPK + optional: true + - name: DX_PASSKEY + valueFrom: + secretKeyRef: + name: {{ required "You must provide a secret key that contains MSSQL_SA_PASSWORD and DX_PASSKEY." .Values.secretKeys }} + key: DX_PASSKEY + - name: DX_VHOST_NAME + value: {{ .Values.DX_VHOST_NAME | upper | quote }} + - name: DX_AG_NAME + value: {{ .Values.DX_AG_NAME | upper | quote }} + - name: DX_AG_OPTIONS + value: {{ .Values.DX_AG_OPTIONS | quote }} + - name: DX_NEW_CLUSTER + value: {{ .Values.DX_NEW_CLUSTER | lower | quote }} + - name: MSSQL_SA_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secretKeys }} + key: MSSQL_SA_PASSWORD + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 12 + exec: + command: + - sh + - -c + - "cat /opt/dh2i/sbin/ready | grep -q \"1\"" + volumeMounts: + - name: dxe + mountPath: "/etc/dh2i" + volumeClaimTemplates: + - metadata: + name: dxe + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + - metadata: + name: mssql + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/charts/dh2i/dxemssql/templates/tests/test-setup.yaml b/charts/dh2i/dxemssql/templates/tests/test-setup.yaml index 697b293cb..e9ba50ec7 100644 --- a/charts/dh2i/dxemssql/templates/tests/test-setup.yaml +++ b/charts/dh2i/dxemssql/templates/tests/test-setup.yaml @@ -1,29 +1,29 @@ -#Test for dxemssql -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "dxemssql.fullname" . }}-test" - labels: - {{- include "dxemssql.labels" . | nindent 4 }} - annotations: - helm.sh/hook: test -spec: - restartPolicy: Never - containers: - - name: dxe - image: "{{ .Values.dxeImage.repository }}:{{ .Values.dxeImage.tag }}" - imagePullPolicy: {{ .Values.dxeImage.pullPolicy }} - env: - - name: DX_TARGET_HOSTNAME - value: "{{ include "dxemssql.fullname" . }}-0" - - name: DX_PASSKEY - valueFrom: - secretKeyRef: - name: {{ .Values.secretKeys }} - key: DX_PASSKEY - - name: DX_VHOST_NAME - value: {{ .Values.DX_VHOST_NAME | upper | quote }} - - name: DX_AG_NAME - value: {{ .Values.DX_AG_NAME | upper | quote }} - command: ["/bin/bash"] +#Test for dxemssql +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "dxemssql.fullname" . }}-test" + labels: + {{- include "dxemssql.labels" . | nindent 4 }} + annotations: + helm.sh/hook: test +spec: + restartPolicy: Never + containers: + - name: dxe + image: "{{ .Values.dxeImage.repository }}:{{ .Values.dxeImage.tag }}" + imagePullPolicy: {{ .Values.dxeImage.pullPolicy }} + env: + - name: DX_TARGET_HOSTNAME + value: "{{ include "dxemssql.fullname" . }}-0" + - name: DX_PASSKEY + valueFrom: + secretKeyRef: + name: {{ .Values.secretKeys }} + key: DX_PASSKEY + - name: DX_VHOST_NAME + value: {{ .Values.DX_VHOST_NAME | upper | quote }} + - name: DX_AG_NAME + value: {{ .Values.DX_AG_NAME | upper | quote }} + command: ["/bin/bash"] args: ["-c", "/opt/dh2i/sbin/helm-test.sh"] \ No newline at end of file diff --git a/charts/dh2i/dxemssql/values.schema.json b/charts/dh2i/dxemssql/values.schema.json index 47ef0134d..c84ceba4a 100644 --- a/charts/dh2i/dxemssql/values.schema.json +++ b/charts/dh2i/dxemssql/values.schema.json @@ -1,14 +1,14 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "required": [ - "replicas" - ], - "properties": { - "replicas": { - "type": "integer", - "minimum": 1, - "maximum": 5 - } - } +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "required": [ + "replicas" + ], + "properties": { + "replicas": { + "type": "integer", + "minimum": 1, + "maximum": 5 + } + } } \ No newline at end of file diff --git a/charts/dh2i/dxemssql/values.yaml b/charts/dh2i/dxemssql/values.yaml index 9419e0c71..8729f77b4 100644 --- a/charts/dh2i/dxemssql/values.yaml +++ b/charts/dh2i/dxemssql/values.yaml @@ -1,38 +1,38 @@ -# Default values for dxemssql. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# General -# CAUTION: Setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. -# See https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups -# Only set this value below 3 if you intend to assign these replicas to an existing availability group -replicas: 3 -secretKeys: null -enableLoadBalancers: "true" - -# SQL Server settings -sqlImage: - repository: "mcr.microsoft.com/mssql/server" - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "2022-latest" -MSSQL_PID: "Developer" -ACCEPT_EULA: null -MSSQL_AGENT_ENABLED: "false" - -# DxEnterprise settings -dxeImage: - repository: dh2i/dxe - pullPolicy: Always - tag: latest -DX_LICENSE: null -DX_ACCEPT_EULA: null -DX_VHOST_NAME: "VHOST1" -DX_AG_NAME: "AG1" -DX_AG_OPTIONS: "" -DX_NEW_CLUSTER: "true" - -nameOverride: "" -fullnameOverride: "" - -podAnnotations: {} +# Default values for dxemssql. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# General +# CAUTION: Setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. +# See https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups +# Only set this value below 3 if you intend to assign these replicas to an existing availability group +replicas: 3 +secretKeys: null +enableLoadBalancers: "true" + +# SQL Server settings +sqlImage: + repository: "mcr.microsoft.com/mssql/server" + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "2022-latest" +MSSQL_PID: "Developer" +ACCEPT_EULA: null +MSSQL_AGENT_ENABLED: "false" + +# DxEnterprise settings +dxeImage: + repository: dh2i/dxe + pullPolicy: Always + tag: latest +DX_LICENSE: null +DX_ACCEPT_EULA: null +DX_VHOST_NAME: "VHOST1" +DX_AG_NAME: "AG1" +DX_AG_OPTIONS: "" +DX_NEW_CLUSTER: "true" + +nameOverride: "" +fullnameOverride: "" + +podAnnotations: {} diff --git a/charts/digitalis/vals-operator/Chart.yaml b/charts/digitalis/vals-operator/Chart.yaml index 59f6bf90b..30eafe89c 100644 --- a/charts/digitalis/vals-operator/Chart.yaml +++ b/charts/digitalis/vals-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: vals-operator apiVersion: v2 -appVersion: v0.7.8 +appVersion: v0.7.9 description: 'This helm chart installs the Digitalis Vals Operator to manage and sync secrets from supported backends into Kubernetes. ## About Vals-Operator Here at [Digitalis](https://digitalis.io) we love [vals](https://github.com/helmfile/vals), @@ -20,4 +20,4 @@ maintainers: name: Digitalis.IO name: vals-operator type: application -version: 0.7.8 +version: 0.7.9 diff --git a/charts/digitalis/vals-operator/README.md b/charts/digitalis/vals-operator/README.md index cfc03bc27..48719cf0f 100644 --- a/charts/digitalis/vals-operator/README.md +++ b/charts/digitalis/vals-operator/README.md @@ -1,6 +1,6 @@ # vals-operator -![Version: 0.7.8](https://img.shields.io/badge/Version-0.7.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.7.8](https://img.shields.io/badge/AppVersion-v0.7.8-informational?style=flat-square) +![Version: 0.7.9](https://img.shields.io/badge/Version-0.7.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.7.9](https://img.shields.io/badge/AppVersion-v0.7.9-informational?style=flat-square) This helm chart installs the Digitalis Vals Operator to manage and sync secrets from supported backends into Kubernetes. ## About Vals-Operator diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index ce4f35501..cb4557c7b 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.9.11 +appVersion: v0.9.12 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.9.11 +version: 0.9.12 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index 96d2de05a..7f5c86e73 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.11](https://img.shields.io/badge/Version-0.9.11-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.12](https://img.shields.io/badge/Version-0.9.12-informational?style=flat-square) External secret management for Kubernetes @@ -44,6 +44,7 @@ The command removes all the Kubernetes components associated with the chart and | certController.extraVolumes | list | `[]` | | | certController.fullnameOverride | string | `""` | | | certController.hostNetwork | bool | `false` | Run the certController on the host network | +| certController.image.flavour | string | `""` | | | certController.image.pullPolicy | string | `"IfNotPresent"` | | | certController.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | certController.image.tag | string | `""` | | @@ -98,9 +99,10 @@ The command removes all the Kubernetes components associated with the chart and | extraVolumes | list | `[]` | | | fullnameOverride | string | `""` | | | hostNetwork | bool | `false` | Run the controller on the host network | +| image.flavour | string | `""` | The flavour of tag you want to use There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default the distroless image is used. | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | -| image.tag | string | `""` | The image tag to use. The default is the chart appVersion. There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default the distroless image is used. | +| image.tag | string | `""` | The image tag to use. The default is the chart appVersion. | | imagePullSecrets | list | `[]` | | | installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. | | leaderElect | bool | `false` | If true, external-secrets will perform leader election between instances to ensure no more than one instance of external-secrets operates at a time. | @@ -153,7 +155,7 @@ The command removes all the Kubernetes components associated with the chart and | webhook.certManager.addInjectorAnnotations | bool | `true` | Automatically add the cert-manager.io/inject-ca-from annotation to the webhooks and CRDs. As long as you have the cert-manager CA Injector enabled, this will automatically setup your webhook's CA to the one used by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector | | webhook.certManager.cert.annotations | object | `{}` | Add extra annotations to the Certificate resource. | | webhook.certManager.cert.create | bool | `true` | Create a certificate resource within this chart. See https://cert-manager.io/docs/usage/certificate/ | -| webhook.certManager.cert.duration | string | `""` | Set the requested duration (i.e. lifetime) of the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec | +| webhook.certManager.cert.duration | string | `"8760h"` | Set the requested duration (i.e. lifetime) of the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec One year by default. | | webhook.certManager.cert.issuerRef | object | `{"group":"cert-manager.io","kind":"Issuer","name":"my-issuer"}` | For the Certificate created by this chart, setup the issuer. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec | | webhook.certManager.cert.renewBefore | string | `""` | How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Note that renewBefore should be greater than .webhook.lookaheadInterval since the webhook will check this far in advance that the certificate is valid. | | webhook.certManager.enabled | bool | `false` | Enabling cert-manager support will disable the built in secret and switch to using cert-manager (installed separately) to automatically issue and renew the webhook certificate. This chart does not install cert-manager for you, See https://cert-manager.io/docs/ | @@ -166,6 +168,7 @@ The command removes all the Kubernetes components associated with the chart and | webhook.failurePolicy | string | `"Fail"` | Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore | | webhook.fullnameOverride | string | `""` | | | webhook.hostNetwork | bool | `false` | Specifies if webhook pod should use hostNetwork or not. | +| webhook.image.flavour | string | `""` | The flavour of tag you want to use | | webhook.image.pullPolicy | string | `"IfNotPresent"` | | | webhook.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | webhook.image.tag | string | `""` | The image tag to use. The default is the chart appVersion. | diff --git a/charts/external-secrets/external-secrets/templates/_helpers.tpl b/charts/external-secrets/external-secrets/templates/_helpers.tpl index 92031fe2f..5b0f306b0 100644 --- a/charts/external-secrets/external-secrets/templates/_helpers.tpl +++ b/charts/external-secrets/external-secrets/templates/_helpers.tpl @@ -133,3 +133,13 @@ Create the name of the service account to use {{- end }} {{- end }} +{{/* +Determine the image to use, including if using a flavour. +*/}} +{{- define "external-secrets.image" -}} +{{- if .image.flavour -}} +{{ printf "%s:%s-%s" .image.repository (.image.tag | default .chartAppVersion) .image.flavour }} +{{- else }} +{{ printf "%s:%s" .image.repository (.image.tag | default .chartAppVersion) }} +{{- end }} +{{- end }} diff --git a/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml b/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml index 51083e565..31949bcb6 100644 --- a/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.certController.create (not .Values.webhook.certManager.enable) }} +{{- if and .Values.certController.create (not .Values.webhook.certManager.enabled) }} apiVersion: apps/v1 kind: Deployment metadata: @@ -45,7 +45,7 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: "{{ .Values.certController.image.repository }}:{{ .Values.certController.image.tag | default .Chart.AppVersion }}" + image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.certController.image) | trim }} imagePullPolicy: {{ .Values.certController.image.pullPolicy }} args: - certcontroller diff --git a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml index 3d5919ced..c86e5fa61 100644 --- a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -27,18 +27,39 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: "ACRAccessToken returns a Azure Container Registry token that can be used for pushing/pulling images. Note: by default it will return an ACR Refresh Token with full access (depending on the identity). This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. \n See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md" + description: |- + ACRAccessToken returns a Azure Container Registry token + that can be used for pushing/pulling images. + Note: by default it will return an ACR Refresh Token with full access + (depending on the identity). + This can be scoped down to the repository level using .spec.scope. + In case scope is defined it will return an ACR Access Token. + + + See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: 'ACRAccessTokenSpec defines how to generate the access token e.g. how to authenticate and which registry to use. see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview' + description: |- + ACRAccessTokenSpec defines how to generate the access token + e.g. how to authenticate and which registry to use. + see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview properties: auth: properties: @@ -53,32 +74,42 @@ spec: description: ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure. properties: secretRef: - description: Configuration used to authenticate with Azure using static credentials stored in a Kind=Secret. + description: |- + Configuration used to authenticate with Azure using static + credentials stored in a Kind=Secret. properties: clientId: description: The Azure clientId of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientSecret: description: The Azure ClientSecret of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -89,10 +120,15 @@ spec: description: WorkloadIdentity uses Azure Workload Identity to authenticate with Azure. properties: serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -100,7 +136,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -109,7 +147,11 @@ spec: type: object environmentType: default: PublicCloud - description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud' + description: |- + EnvironmentType specifies the Azure cloud environment endpoints to use for + connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. + The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 + PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud enum: - PublicCloud - USGovernmentCloud @@ -117,10 +159,23 @@ spec: - GermanCloud type: string registry: - description: the domain name of the ACR registry e.g. foobarexample.azurecr.io + description: |- + the domain name of the ACR registry + e.g. foobarexample.azurecr.io type: string scope: - description: "Define the scope for the access token, e.g. pull/push access for a repository. if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. \n examples: repository:my-repository:pull,push repository:my-repository:pull \n see docs for details: https://docs.docker.com/registry/spec/auth/scope/" + description: |- + Define the scope for the access token, e.g. pull/push access for a repository. + if not provided it will return a refresh token that has full scope. + Note: you need to pin it down to the repository level, there is no wildcard available. + + + examples: + repository:my-repository:pull,push + repository:my-repository:pull + + + see docs for details: https://docs.docker.com/registry/spec/auth/scope/ type: string tenantId: description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. diff --git a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml index b71734e86..7e80cbf0e 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -40,10 +40,19 @@ spec: description: ClusterExternalSecret is the Schema for the clusterexternalsecrets API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -74,7 +83,9 @@ spec: description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. properties: remoteRef: - description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch. + description: |- + RemoteRef points to the remote secret and defines + which secret (version/property/..) to fetch. properties: conversionStrategy: default: Default @@ -112,14 +123,23 @@ spec: - key type: object secretKey: - description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret + description: |- + SecretKey defines the key in which the controller stores + the value. This is the key in the Kind=Secret type: string sourceRef: - description: SourceRef allows you to override the source from which the value will pulled from. + description: |- + SourceRef allows you to override the source + from which the value will pulled from. maxProperties: 1 properties: generatorRef: - description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1." + description: |- + GeneratorRef points to a generator custom resource. + + + Deprecated: The generatorRef is not implemented in .data[]. + this will be removed with v1. properties: apiVersion: default: generators.external-secrets.io/v1alpha1 @@ -139,7 +159,9 @@ spec: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: - description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + description: |- + Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource @@ -154,11 +176,15 @@ spec: type: object type: array dataFrom: - description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order + description: |- + DataFrom is used to fetch all properties from a specific Provider data + If multiple entries are specified, the Secret keys are merged in the specified order items: properties: extract: - description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.' + description: |- + Used to extract multiple key/value pairs from one secret + Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef. properties: conversionStrategy: default: Default @@ -196,7 +222,9 @@ spec: - key type: object find: - description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.' + description: |- + Used to find secrets based on tags or regular expressions + Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef. properties: conversionStrategy: default: Default @@ -231,11 +259,15 @@ spec: type: object type: object rewrite: - description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last) + description: |- + Used to rewrite secret Keys after getting them from the secret Provider + Multiple Rewrite operations can be provided. They are applied in a layered order (first to last) items: properties: regexp: - description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation. + description: |- + Used to rewrite with regular expressions. + The resulting key will be the output of a regexp.ReplaceAll operation. properties: source: description: Used to define the regular expression of a re.Compiler. @@ -248,10 +280,14 @@ spec: - target type: object transform: - description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation. + description: |- + Used to apply string transformation on the secrets. + The resulting key will be the output of the template applied by the operation. properties: template: - description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template. + description: |- + Used to define the template to apply on the secret name. + `.value ` will specify the secret name in the template. type: string required: - template @@ -259,7 +295,13 @@ spec: type: object type: array sourceRef: - description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values + description: |- + SourceRef points to a store or generator + which contains secret values ready to use. + Use this in combination with Extract or Find pull values out of + a specific SecretStore. + When sourceRef points to a generator Extract or Find is not supported. + The generator returns a static map of values maxProperties: 1 properties: generatorRef: @@ -283,7 +325,9 @@ spec: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: - description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + description: |- + Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource @@ -296,13 +340,18 @@ spec: type: array refreshInterval: default: 1h - description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h. + description: |- + RefreshInterval is the amount of time before the values are read again from the SecretStore provider + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: - description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + description: |- + Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource @@ -314,11 +363,15 @@ spec: default: creationPolicy: Owner deletionPolicy: Retain - description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. + description: |- + ExternalSecretTarget defines the Kubernetes Secret to be created + There can be only one target per ExternalSecret. properties: creationPolicy: default: Owner - description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner' + description: |- + CreationPolicy defines rules on how to create the resulting Secret + Defaults to 'Owner' enum: - Owner - Orphan @@ -327,7 +380,9 @@ spec: type: string deletionPolicy: default: Retain - description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain' + description: |- + DeletionPolicy defines rules on how to delete the resulting Secret + Defaults to 'Retain' enum: - Delete - Merge @@ -337,7 +392,10 @@ spec: description: Immutable defines if the final secret will be immutable type: boolean name: - description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource + description: |- + Name defines the name of the Secret resource to be managed + This field is immutable + Defaults to the .metadata.name of the ExternalSecret resource type: string template: description: Template defines a blueprint for the created Secret resource. @@ -348,7 +406,10 @@ spec: type: object engineVersion: default: v2 - description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + description: |- + EngineVersion specifies the template engine version + that should be used to compile/execute the + template specified in .data and .templateFrom[]. enum: - v1 - v2 @@ -442,16 +503,24 @@ spec: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -463,7 +532,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml index ea9ac2669..26ca77086 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -38,10 +38,19 @@ spec: description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -49,7 +58,9 @@ spec: description: SecretStoreSpec defines the desired state of SecretStore. properties: controller: - description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters ES based on this property type: string provider: description: Used to configure the provider. Only one provider may be set @@ -66,7 +77,9 @@ spec: description: Auth configures how the operator authenticates with Akeyless. properties: kubernetesAuth: - description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource. + description: |- + Kubernetes authenticates with Akeyless by passing the ServiceAccount + token stored in the named Secret resource. properties: accessID: description: the Akeyless Kubernetes auth-method access-id @@ -75,23 +88,38 @@ spec: description: Kubernetes-auth configuration name in Akeyless-Gateway type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Akeyless. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Akeyless. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -99,7 +127,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -109,51 +139,72 @@ spec: - k8sConfName type: object secretRef: - description: Reference to a Secret that contains the details to authenticate with Akeyless. + description: |- + Reference to a Secret that contains the details + to authenticate with Akeyless. properties: accessID: description: The SecretAccessID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessType: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessTypeParam: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object type: object caBundle: - description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used + if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -212,26 +263,34 @@ spec: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessKeySecretSecretRef: description: The AccessKeySecret is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -250,7 +309,10 @@ spec: description: AWS configures this store to sync secrets using AWS Secret Manager provider properties: auth: - description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + Auth defines the information necessary to authenticate against AWS + if not set aws sdk will infer credentials from your environment + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: jwt: description: Authenticate against AWS using service account tokens. @@ -259,7 +321,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -267,39 +332,51 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name type: object type: object secretRef: - description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. properties: accessKeyIDSecretRef: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -330,32 +407,44 @@ spec: description: The Azure clientId of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientSecret: description: The Azure ClientSecret of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object authType: default: ServicePrincipal - description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)' + description: |- + Auth type defines how to authenticate to the keyvault service. + Valid values are: + - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) + - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) enum: - ServicePrincipal - ManagedIdentity @@ -365,10 +454,15 @@ spec: description: If multiple Managed Identity is assigned to the pod, you can select the one to be used type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -376,7 +470,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -425,13 +521,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -447,7 +547,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -455,7 +558,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -482,13 +587,17 @@ spec: description: AccessToken is used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -516,13 +625,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -547,29 +660,41 @@ spec: description: has both clientCert and clientKey as secretKeySelector properties: clientCert: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientKey: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -580,7 +705,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -588,7 +716,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -598,16 +728,22 @@ spec: description: use static token to authenticate with properties: bearerToken: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -657,7 +793,10 @@ spec: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal. + description: |- + Auth configures how secret-manager authenticates with the Oracle Vault. + If empty, instance principal is used. Optionally, the authenticating principal type + and/or user data may be supplied for the use of workload identity and user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -666,26 +805,34 @@ spec: description: Fingerprint is the fingerprint of the API private key. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object privatekey: description: PrivateKey is the user's API Signing Key in PEM format, used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -704,13 +851,20 @@ spec: - user type: object compartment: - description: Compartment is the vault compartment OCID. Required for PushSecret + description: |- + Compartment is the vault compartment OCID. + Required for PushSecret type: string encryptionKey: - description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + description: |- + EncryptionKey is the OCID of the encryption key within the vault. + Required for PushSecret type: string principalType: - description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + description: |- + The type of principal to use for authentication. If left blank, the Auth struct will + determine the principal type. This optional field must be specified if using + workload identity. enum: - "" - UserPrincipal @@ -721,10 +875,15 @@ spec: description: Region is the region where vault is located. type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -732,7 +891,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -751,26 +912,40 @@ spec: description: Auth configures how secret-manager authenticates with the Vault server. properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. properties: path: default: approle - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -779,55 +954,83 @@ spec: - secretRef type: object cert: - description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method properties: clientCert: - description: ClientCert is a certificate to authenticate using the Cert Vault authentication method + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object jwt: - description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method properties: kubernetesServiceAccountToken: - description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. items: type: string type: array expirationSeconds: - description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes. + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Defaults to 10 minutes. format: int64 type: integer serviceAccountRef: description: Service account field containing the name of a kubernetes ServiceAccount. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -835,7 +1038,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -845,55 +1050,86 @@ spec: type: object path: default: jwt - description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"' + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" type: string role: - description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: - path type: object kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. properties: mountPath: default: kubernetes - description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"' + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -901,7 +1137,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -911,27 +1149,40 @@ spec: - role type: object ldap: - description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method properties: path: default: ldap - description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"' + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method type: string required: - path @@ -941,18 +1192,26 @@ spec: description: TokenSecretRef authenticates with Vault by presenting a token. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object caBundle: - description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -978,23 +1237,40 @@ spec: - type type: object forwardInconsistent: - description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.' + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. type: string readYourWrites: - description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency type: boolean server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string version: default: v2 - description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2". + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". enum: - v1 - v2 @@ -1010,7 +1286,11 @@ spec: description: Body type: string caBundle: - description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate webhook server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -1051,7 +1331,9 @@ spec: type: string type: object secrets: - description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name + description: |- + Secrets to fill in templates + These secrets will be passed to the templating function as key value pairs under the given name items: properties: name: @@ -1061,13 +1343,17 @@ spec: description: Secret ref to fill in credentials properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1098,13 +1384,17 @@ spec: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1112,16 +1402,22 @@ spec: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1188,10 +1484,19 @@ spec: description: ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1201,7 +1506,9 @@ spec: conditions: description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore items: - description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance. + description: |- + ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in + for a ClusterSecretStore instance. properties: namespaceSelector: description: Choose namespace using a labelSelector @@ -1209,16 +1516,24 @@ spec: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1230,7 +1545,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -1242,7 +1560,9 @@ spec: type: object type: array controller: - description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters ES based on this property type: string provider: description: Used to configure the provider. Only one provider may be set @@ -1259,7 +1579,9 @@ spec: description: Auth configures how the operator authenticates with Akeyless. properties: kubernetesAuth: - description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource. + description: |- + Kubernetes authenticates with Akeyless by passing the ServiceAccount + token stored in the named Secret resource. properties: accessID: description: the Akeyless Kubernetes auth-method access-id @@ -1268,23 +1590,38 @@ spec: description: Kubernetes-auth configuration name in Akeyless-Gateway type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Akeyless. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Akeyless. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1292,7 +1629,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1302,51 +1641,72 @@ spec: - k8sConfName type: object secretRef: - description: Reference to a Secret that contains the details to authenticate with Akeyless. + description: |- + Reference to a Secret that contains the details + to authenticate with Akeyless. properties: accessID: description: The SecretAccessID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessType: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessTypeParam: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object type: object caBundle: - description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used + if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -1359,7 +1719,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1405,26 +1767,34 @@ spec: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessKeySecretSecretRef: description: The AccessKeySecret is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1448,7 +1818,10 @@ spec: type: string type: array auth: - description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + Auth defines the information necessary to authenticate against AWS + if not set aws sdk will infer credentials from your environment + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: jwt: description: Authenticate against AWS using service account tokens. @@ -1457,7 +1830,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1465,52 +1841,71 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name type: object type: object secretRef: - description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. properties: accessKeyIDSecretRef: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object sessionTokenSecretRef: - description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1528,10 +1923,20 @@ spec: description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager properties: forceDeleteWithoutRecovery: - description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery' + description: |- + Specifies whether to delete the secret without any recovery window. You + can't use both this parameter and RecoveryWindowInDays in the same call. + If you don't use either, then by default Secrets Manager uses a 30 day + recovery window. + see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery type: boolean recoveryWindowInDays: - description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays' + description: |- + The number of days from 7 to 30 that Secrets Manager waits before + permanently deleting the secret. You can't use both this parameter and + ForceDeleteWithoutRecovery in the same call. If you don't use either, + then by default Secrets Manager uses a 30 day recovery window. + see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays format: int64 type: integer type: object @@ -1573,32 +1978,44 @@ spec: description: The Azure clientId of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientSecret: description: The Azure ClientSecret of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object authType: default: ServicePrincipal - description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)' + description: |- + Auth type defines how to authenticate to the keyvault service. + Valid values are: + - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) + - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) enum: - ServicePrincipal - ManagedIdentity @@ -1606,7 +2023,11 @@ spec: type: string environmentType: default: PublicCloud - description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud' + description: |- + EnvironmentType specifies the Azure cloud environment endpoints to use for + connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. + The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 + PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud enum: - PublicCloud - USGovernmentCloud @@ -1617,10 +2038,15 @@ spec: description: If multiple Managed Identity is assigned to the pod, you can select the one to be used type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1628,7 +2054,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1652,29 +2080,41 @@ spec: account: type: string apiKeyRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object userRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1687,23 +2127,34 @@ spec: account: type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Conjur using the JWT authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountRef specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1711,7 +2162,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1727,7 +2180,10 @@ spec: caBundle: type: string caProvider: - description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + description: |- + Used to provide custom certificate authority (CA) certificates + for a secret store. The CAProvider points to a Secret or ConfigMap resource + that contains a PEM-encoded certificate. properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. @@ -1736,7 +2192,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1755,7 +2213,9 @@ spec: - url type: object delinea: - description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current + description: |- + Delinea DevOps Secrets Vault + https://docs.delinea.com/online-help/products/devops-secrets-vault/current properties: clientId: description: ClientID is the non-secret part of the credential. @@ -1764,13 +2224,17 @@ spec: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -1784,13 +2248,17 @@ spec: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -1801,10 +2269,14 @@ spec: description: Tenant is the chosen hostname / site name. type: string tld: - description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com". + description: |- + TLD is based on the server location that was chosen during provisioning. + If unset, defaults to "com". type: string urlTemplate: - description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". + description: |- + URLTemplate + If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". type: string required: - clientId @@ -1820,16 +2292,23 @@ spec: secretRef: properties: dopplerToken: - description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified. + description: |- + The DopplerToken is used for authentication. + See https://docs.doppler.com/reference/api#authentication for auth token types. + The Key attribute defaults to dopplerToken if not specified. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1902,13 +2381,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1924,7 +2407,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1932,7 +2418,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1959,13 +2447,17 @@ spec: description: AccessToken is used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2020,13 +2512,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2041,16 +2537,22 @@ spec: description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider properties: authRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object folderID: @@ -2071,29 +2573,41 @@ spec: description: has both clientCert and clientKey as secretKeySelector properties: clientCert: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientKey: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2101,7 +2615,10 @@ spec: description: points to a service account that should be used for authentication properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2109,7 +2626,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2118,16 +2637,22 @@ spec: description: use static token to authenticate with properties: bearerToken: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2153,7 +2678,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2186,13 +2713,17 @@ spec: description: The ConnectToken is used for authentication to a 1Password Connect Server. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2218,7 +2749,9 @@ spec: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth. + description: |- + Auth configures how secret-manager authenticates with the Oracle Vault. + If empty, use the instance principal, otherwise the user credentials specified in Auth. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -2227,26 +2760,34 @@ spec: description: Fingerprint is the fingerprint of the API private key. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object privatekey: description: PrivateKey is the user's API Signing Key in PEM format, used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2265,13 +2806,20 @@ spec: - user type: object compartment: - description: Compartment is the vault compartment OCID. Required for PushSecret + description: |- + Compartment is the vault compartment OCID. + Required for PushSecret type: string encryptionKey: - description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + description: |- + EncryptionKey is the OCID of the encryption key within the vault. + Required for PushSecret type: string principalType: - description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + description: |- + The type of principal to use for authentication. If left blank, the Auth struct will + determine the principal type. This optional field must be specified if using + workload identity. enum: - "" - UserPrincipal @@ -2282,10 +2830,15 @@ spec: description: Region is the region where vault is located. type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2293,7 +2846,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2315,13 +2870,17 @@ spec: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -2344,13 +2903,17 @@ spec: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -2372,16 +2935,22 @@ spec: clientId: type: string clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2410,39 +2979,61 @@ spec: description: Auth configures how secret-manager authenticates with the Vault server. properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. properties: path: default: approle - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string roleRef: - description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id. + description: |- + Reference to a key in a Secret that contains the App Role ID used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role id. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2450,37 +3041,53 @@ spec: - secretRef type: object cert: - description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method properties: clientCert: - description: ClientCert is a certificate to authenticate using the Cert Vault authentication method + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object iam: - description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method + description: |- + Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials + AWS IAM authentication method properties: externalID: description: AWS External ID set on assumed IAM roles @@ -2492,7 +3099,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2500,7 +3110,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2522,39 +3134,54 @@ spec: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object sessionTokenSecretRef: - description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2568,25 +3195,41 @@ spec: - vaultRole type: object jwt: - description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method properties: kubernetesServiceAccountToken: - description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead' + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. + Deprecated: use serviceAccountRef.Audiences instead items: type: string type: array expirationSeconds: - description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.' + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Deprecated: this will be removed in the future. + Defaults to 10 minutes. format: int64 type: integer serviceAccountRef: description: Service account field containing the name of a kubernetes ServiceAccount. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2594,7 +3237,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2604,55 +3249,86 @@ spec: type: object path: default: jwt - description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"' + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" type: string role: - description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: - path type: object kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. properties: mountPath: default: kubernetes - description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"' + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2660,7 +3336,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2670,27 +3348,40 @@ spec: - role type: object ldap: - description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method properties: path: default: ldap - description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"' + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method type: string required: - path @@ -2700,13 +3391,17 @@ spec: description: TokenSecretRef authenticates with Vault by presenting a token. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object userPass: @@ -2714,23 +3409,34 @@ spec: properties: path: default: user - description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"' + description: |- + Path where the UserPassword authentication backend is mounted + in Vault, e.g: "user" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the + user used to authenticate with Vault using the UserPass authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a user name used to authenticate using the UserPass Vault authentication method + description: |- + Username is a user name used to authenticate using the UserPass Vault + authentication method type: string required: - path @@ -2738,7 +3444,11 @@ spec: type: object type: object caBundle: - description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -2751,7 +3461,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2764,23 +3476,89 @@ spec: - type type: object forwardInconsistent: - description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.' + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. type: string readYourWrites: - description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency type: boolean server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string + tls: + description: |- + The configuration used for client side related TLS communication, when the Vault server + requires mutual authentication. Only used if the Server URL is using HTTPS protocol. + This parameter is ignored for plain HTTP protocol connection. + It's worth noting this configuration is different from the "TLS certificates auth method", + which is available under the `auth.cert` section. + properties: + certSecretRef: + description: |- + CertSecretRef is a certificate added to the transport layer + when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.crt'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + keySecretRef: + description: |- + KeySecretRef to a key in a Secret resource containing client private key + added to the transport layer when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.key'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object version: default: v2 - description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2". + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". enum: - v1 - v2 @@ -2796,7 +3574,11 @@ spec: description: Body type: string caBundle: - description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate webhook server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -2837,7 +3619,9 @@ spec: type: string type: object secrets: - description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name + description: |- + Secrets to fill in templates + These secrets will be passed to the templating function as key value pairs under the given name items: properties: name: @@ -2847,13 +3631,17 @@ spec: description: Secret ref to fill in credentials properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2884,13 +3672,17 @@ spec: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2898,16 +3690,22 @@ spec: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2927,13 +3725,17 @@ spec: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2941,16 +3743,22 @@ spec: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object diff --git a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml index 4eae527ee..45d7a4df2 100644 --- a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -27,13 +27,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide. + description: |- + ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an + authorization token. + The authorization token is valid for 12 hours. + The authorizationToken returned is a base64 encoded string that can be decoded + and used in a docker login command to authenticate to a registry. + For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -49,7 +64,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -57,52 +75,71 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name type: object type: object secretRef: - description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. properties: accessKeyIDSecretRef: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object sessionTokenSecretRef: - description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -111,7 +148,9 @@ spec: description: Region specifies the region to operate in. type: string role: - description: You can assume a role before making calls to the desired AWS service. + description: |- + You can assume a role before making calls to the + desired AWS service. type: string required: - region diff --git a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml index 9d0fe9fda..6606ed807 100644 --- a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -41,10 +41,19 @@ spec: description: ExternalSecret is the Schema for the external-secrets API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -86,7 +95,9 @@ spec: type: object type: array dataFrom: - description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order + description: |- + DataFrom is used to fetch all properties from a specific Provider data + If multiple entries are specified, the Secret keys are merged in the specified order items: description: ExternalSecretDataRemoteRef defines Provider data location. properties: @@ -112,13 +123,18 @@ spec: type: array refreshInterval: default: 1h - description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h. + description: |- + RefreshInterval is the amount of time before the values are read again from the SecretStore provider + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: - description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + description: |- + Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource @@ -127,11 +143,15 @@ spec: - name type: object target: - description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. + description: |- + ExternalSecretTarget defines the Kubernetes Secret to be created + There can be only one target per ExternalSecret. properties: creationPolicy: default: Owner - description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner' + description: |- + CreationPolicy defines rules on how to create the resulting Secret + Defaults to 'Owner' enum: - Owner - Merge @@ -141,7 +161,10 @@ spec: description: Immutable defines if the final secret will be immutable type: boolean name: - description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource + description: |- + Name defines the name of the Secret resource to be managed + This field is immutable + Defaults to the .metadata.name of the ExternalSecret resource type: string template: description: Template defines a blueprint for the created Secret resource. @@ -152,7 +175,10 @@ spec: type: object engineVersion: default: v1 - description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + description: |- + EngineVersion specifies the template engine version + that should be used to compile/execute the + template specified in .data and .templateFrom[]. enum: - v1 - v2 @@ -224,7 +250,10 @@ spec: description: Binding represents a servicebinding.io Provisioned Service reference to the secret properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -248,7 +277,9 @@ spec: type: object type: array refreshTime: - description: refreshTime is the time and date the external secret was fetched and the target secret updated + description: |- + refreshTime is the time and date the external secret was fetched and + the target secret updated format: date-time nullable: true type: string @@ -280,10 +311,19 @@ spec: description: ExternalSecret is the Schema for the external-secrets API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -296,7 +336,9 @@ spec: description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. properties: remoteRef: - description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch. + description: |- + RemoteRef points to the remote secret and defines + which secret (version/property/..) to fetch. properties: conversionStrategy: default: Default @@ -334,14 +376,23 @@ spec: - key type: object secretKey: - description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret + description: |- + SecretKey defines the key in which the controller stores + the value. This is the key in the Kind=Secret type: string sourceRef: - description: SourceRef allows you to override the source from which the value will pulled from. + description: |- + SourceRef allows you to override the source + from which the value will pulled from. maxProperties: 1 properties: generatorRef: - description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1." + description: |- + GeneratorRef points to a generator custom resource. + + + Deprecated: The generatorRef is not implemented in .data[]. + this will be removed with v1. properties: apiVersion: default: generators.external-secrets.io/v1alpha1 @@ -361,7 +412,9 @@ spec: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: - description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + description: |- + Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource @@ -376,11 +429,15 @@ spec: type: object type: array dataFrom: - description: DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order + description: |- + DataFrom is used to fetch all properties from a specific Provider data + If multiple entries are specified, the Secret keys are merged in the specified order items: properties: extract: - description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.' + description: |- + Used to extract multiple key/value pairs from one secret + Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef. properties: conversionStrategy: default: Default @@ -418,7 +475,9 @@ spec: - key type: object find: - description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.' + description: |- + Used to find secrets based on tags or regular expressions + Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef. properties: conversionStrategy: default: Default @@ -453,11 +512,15 @@ spec: type: object type: object rewrite: - description: Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last) + description: |- + Used to rewrite secret Keys after getting them from the secret Provider + Multiple Rewrite operations can be provided. They are applied in a layered order (first to last) items: properties: regexp: - description: Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation. + description: |- + Used to rewrite with regular expressions. + The resulting key will be the output of a regexp.ReplaceAll operation. properties: source: description: Used to define the regular expression of a re.Compiler. @@ -470,10 +533,14 @@ spec: - target type: object transform: - description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation. + description: |- + Used to apply string transformation on the secrets. + The resulting key will be the output of the template applied by the operation. properties: template: - description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template. + description: |- + Used to define the template to apply on the secret name. + `.value ` will specify the secret name in the template. type: string required: - template @@ -481,7 +548,13 @@ spec: type: object type: array sourceRef: - description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values + description: |- + SourceRef points to a store or generator + which contains secret values ready to use. + Use this in combination with Extract or Find pull values out of + a specific SecretStore. + When sourceRef points to a generator Extract or Find is not supported. + The generator returns a static map of values maxProperties: 1 properties: generatorRef: @@ -505,7 +578,9 @@ spec: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: - description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + description: |- + Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource @@ -518,13 +593,18 @@ spec: type: array refreshInterval: default: 1h - description: RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to fetch and create it once. Defaults to 1h. + description: |- + RefreshInterval is the amount of time before the values are read again from the SecretStore provider + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. properties: kind: - description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + description: |- + Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` type: string name: description: Name of the SecretStore resource @@ -536,11 +616,15 @@ spec: default: creationPolicy: Owner deletionPolicy: Retain - description: ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. + description: |- + ExternalSecretTarget defines the Kubernetes Secret to be created + There can be only one target per ExternalSecret. properties: creationPolicy: default: Owner - description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner' + description: |- + CreationPolicy defines rules on how to create the resulting Secret + Defaults to 'Owner' enum: - Owner - Orphan @@ -549,7 +633,9 @@ spec: type: string deletionPolicy: default: Retain - description: DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain' + description: |- + DeletionPolicy defines rules on how to delete the resulting Secret + Defaults to 'Retain' enum: - Delete - Merge @@ -559,7 +645,10 @@ spec: description: Immutable defines if the final secret will be immutable type: boolean name: - description: Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource + description: |- + Name defines the name of the Secret resource to be managed + This field is immutable + Defaults to the .metadata.name of the ExternalSecret resource type: string template: description: Template defines a blueprint for the created Secret resource. @@ -570,7 +659,10 @@ spec: type: object engineVersion: default: v2 - description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + description: |- + EngineVersion specifies the template engine version + that should be used to compile/execute the + template specified in .data and .templateFrom[]. enum: - v1 - v2 @@ -664,7 +756,10 @@ spec: description: Binding represents a servicebinding.io Provisioned Service reference to the secret properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -688,7 +783,9 @@ spec: type: object type: array refreshTime: - description: refreshTime is the time and date the external secret was fetched and the target secret updated + description: |- + refreshTime is the time and date the external secret was fetched and + the target secret updated format: date-time nullable: true type: string diff --git a/charts/external-secrets/external-secrets/templates/crds/fake.yaml b/charts/external-secrets/external-secrets/templates/crds/fake.yaml index 11fd839e5..237fce3c3 100644 --- a/charts/external-secrets/external-secrets/templates/crds/fake.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/fake.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -27,13 +27,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: Fake generator is used for testing. It lets you define a static set of credentials that is always returned. + description: |- + Fake generator is used for testing. It lets you define + a static set of credentials that is always returned. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,12 +52,16 @@ spec: description: FakeSpec contains the static data. properties: controller: - description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property' + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters VDS based on this property type: string data: additionalProperties: type: string - description: Data defines the static data returned by this generator. + description: |- + Data defines the static data returned + by this generator. type: object type: object type: object diff --git a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml index f5bc903d9..fb9d5784e 100644 --- a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -27,13 +27,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: GCRAccessToken generates an GCP access token that can be used to authenticate with GCR. + description: |- + GCRAccessToken generates an GCP access token + that can be used to authenticate with GCR. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,13 +59,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -70,7 +85,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -78,7 +96,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name diff --git a/charts/external-secrets/external-secrets/templates/crds/password.yaml b/charts/external-secrets/external-secrets/templates/crds/password.yaml index 0daa607a9..75d45d4d7 100644 --- a/charts/external-secrets/external-secrets/templates/crds/password.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/password.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -27,13 +27,25 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: Password generates a random password based on the configuration parameters in spec. You can specify the length, characterset and other attributes. + description: |- + Password generates a random password based on the + configuration parameters in spec. + You can specify the length, characterset and other attributes. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -45,21 +57,29 @@ spec: description: set AllowRepeat to true to allow repeating characters. type: boolean digits: - description: Digits specifies the number of digits in the generated password. If omitted it defaults to 25% of the length of the password + description: |- + Digits specifies the number of digits in the generated + password. If omitted it defaults to 25% of the length of the password type: integer length: default: 24 - description: Length of the password to be generated. Defaults to 24 + description: |- + Length of the password to be generated. + Defaults to 24 type: integer noUpper: default: false description: Set NoUpper to disable uppercase characters type: boolean symbolCharacters: - description: SymbolCharacters specifies the special characters that should be used in the generated password. + description: |- + SymbolCharacters specifies the special characters that should be used + in the generated password. type: string symbols: - description: Symbols specifies the number of symbol characters in the generated password. If omitted it defaults to 25% of the length of the password + description: |- + Symbols specifies the number of symbol characters in the generated + password. If omitted it defaults to 25% of the length of the password type: integer required: - allowRepeat diff --git a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml index 306eafea5..42b45dcde 100644 --- a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -34,10 +34,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -70,7 +79,9 @@ spec: - remoteRef type: object metadata: - description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + description: |- + Metadata is metadata attached to the secret. + The structure of metadata is provider specific, please look it up in the provider documentation. x-kubernetes-preserve-unknown-fields: true required: - match @@ -91,7 +102,9 @@ spec: properties: kind: default: SecretStore - description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + description: |- + Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + Defaults to `SecretStore` type: string labelSelector: description: Optionally, sync to secret stores with label selector @@ -99,16 +112,24 @@ spec: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -120,7 +141,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -153,7 +177,10 @@ spec: type: object engineVersion: default: v2 - description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + description: |- + EngineVersion specifies the template engine version + that should be used to compile/execute the + template specified in .data and .templateFrom[]. enum: - v1 - v2 @@ -268,7 +295,9 @@ spec: type: object type: array refreshTime: - description: refreshTime is the time and date the external secret was fetched and the target secret updated + description: |- + refreshTime is the time and date the external secret was fetched and + the target secret updated format: date-time nullable: true type: string @@ -298,7 +327,9 @@ spec: - remoteRef type: object metadata: - description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + description: |- + Metadata is metadata attached to the secret. + The structure of metadata is provider specific, please look it up in the provider documentation. x-kubernetes-preserve-unknown-fields: true required: - match diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml index 20adc876c..faef89de5 100644 --- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -38,10 +38,19 @@ spec: description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -49,7 +58,9 @@ spec: description: SecretStoreSpec defines the desired state of SecretStore. properties: controller: - description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters ES based on this property type: string provider: description: Used to configure the provider. Only one provider may be set @@ -66,7 +77,9 @@ spec: description: Auth configures how the operator authenticates with Akeyless. properties: kubernetesAuth: - description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource. + description: |- + Kubernetes authenticates with Akeyless by passing the ServiceAccount + token stored in the named Secret resource. properties: accessID: description: the Akeyless Kubernetes auth-method access-id @@ -75,23 +88,38 @@ spec: description: Kubernetes-auth configuration name in Akeyless-Gateway type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Akeyless. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Akeyless. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -99,7 +127,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -109,51 +139,72 @@ spec: - k8sConfName type: object secretRef: - description: Reference to a Secret that contains the details to authenticate with Akeyless. + description: |- + Reference to a Secret that contains the details + to authenticate with Akeyless. properties: accessID: description: The SecretAccessID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessType: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessTypeParam: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object type: object caBundle: - description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used + if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -212,26 +263,34 @@ spec: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessKeySecretSecretRef: description: The AccessKeySecret is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -250,7 +309,10 @@ spec: description: AWS configures this store to sync secrets using AWS Secret Manager provider properties: auth: - description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + Auth defines the information necessary to authenticate against AWS + if not set aws sdk will infer credentials from your environment + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: jwt: description: Authenticate against AWS using service account tokens. @@ -259,7 +321,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -267,39 +332,51 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name type: object type: object secretRef: - description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. properties: accessKeyIDSecretRef: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -330,32 +407,44 @@ spec: description: The Azure clientId of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientSecret: description: The Azure ClientSecret of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object authType: default: ServicePrincipal - description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)' + description: |- + Auth type defines how to authenticate to the keyvault service. + Valid values are: + - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) + - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) enum: - ServicePrincipal - ManagedIdentity @@ -365,10 +454,15 @@ spec: description: If multiple Managed Identity is assigned to the pod, you can select the one to be used type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -376,7 +470,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -425,13 +521,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -447,7 +547,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -455,7 +558,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -482,13 +587,17 @@ spec: description: AccessToken is used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -516,13 +625,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -547,29 +660,41 @@ spec: description: has both clientCert and clientKey as secretKeySelector properties: clientCert: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientKey: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -580,7 +705,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -588,7 +716,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -598,16 +728,22 @@ spec: description: use static token to authenticate with properties: bearerToken: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -657,7 +793,10 @@ spec: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal. + description: |- + Auth configures how secret-manager authenticates with the Oracle Vault. + If empty, instance principal is used. Optionally, the authenticating principal type + and/or user data may be supplied for the use of workload identity and user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -666,26 +805,34 @@ spec: description: Fingerprint is the fingerprint of the API private key. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object privatekey: description: PrivateKey is the user's API Signing Key in PEM format, used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -704,13 +851,20 @@ spec: - user type: object compartment: - description: Compartment is the vault compartment OCID. Required for PushSecret + description: |- + Compartment is the vault compartment OCID. + Required for PushSecret type: string encryptionKey: - description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + description: |- + EncryptionKey is the OCID of the encryption key within the vault. + Required for PushSecret type: string principalType: - description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + description: |- + The type of principal to use for authentication. If left blank, the Auth struct will + determine the principal type. This optional field must be specified if using + workload identity. enum: - "" - UserPrincipal @@ -721,10 +875,15 @@ spec: description: Region is the region where vault is located. type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -732,7 +891,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -751,26 +912,40 @@ spec: description: Auth configures how secret-manager authenticates with the Vault server. properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. properties: path: default: approle - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -779,55 +954,83 @@ spec: - secretRef type: object cert: - description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method properties: clientCert: - description: ClientCert is a certificate to authenticate using the Cert Vault authentication method + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object jwt: - description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method properties: kubernetesServiceAccountToken: - description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. items: type: string type: array expirationSeconds: - description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes. + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Defaults to 10 minutes. format: int64 type: integer serviceAccountRef: description: Service account field containing the name of a kubernetes ServiceAccount. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -835,7 +1038,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -845,55 +1050,86 @@ spec: type: object path: default: jwt - description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"' + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" type: string role: - description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: - path type: object kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. properties: mountPath: default: kubernetes - description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"' + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -901,7 +1137,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -911,27 +1149,40 @@ spec: - role type: object ldap: - description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method properties: path: default: ldap - description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"' + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method type: string required: - path @@ -941,18 +1192,26 @@ spec: description: TokenSecretRef authenticates with Vault by presenting a token. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object caBundle: - description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -978,23 +1237,40 @@ spec: - type type: object forwardInconsistent: - description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.' + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. type: string readYourWrites: - description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency type: boolean server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string version: default: v2 - description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2". + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". enum: - v1 - v2 @@ -1010,7 +1286,11 @@ spec: description: Body type: string caBundle: - description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate webhook server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -1051,7 +1331,9 @@ spec: type: string type: object secrets: - description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name + description: |- + Secrets to fill in templates + These secrets will be passed to the templating function as key value pairs under the given name items: properties: name: @@ -1061,13 +1343,17 @@ spec: description: Secret ref to fill in credentials properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1098,13 +1384,17 @@ spec: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1112,16 +1402,22 @@ spec: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1188,10 +1484,19 @@ spec: description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1201,7 +1506,9 @@ spec: conditions: description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore items: - description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance. + description: |- + ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in + for a ClusterSecretStore instance. properties: namespaceSelector: description: Choose namespace using a labelSelector @@ -1209,16 +1516,24 @@ spec: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1230,7 +1545,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -1242,7 +1560,9 @@ spec: type: object type: array controller: - description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters ES based on this property type: string provider: description: Used to configure the provider. Only one provider may be set @@ -1259,7 +1579,9 @@ spec: description: Auth configures how the operator authenticates with Akeyless. properties: kubernetesAuth: - description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource. + description: |- + Kubernetes authenticates with Akeyless by passing the ServiceAccount + token stored in the named Secret resource. properties: accessID: description: the Akeyless Kubernetes auth-method access-id @@ -1268,23 +1590,38 @@ spec: description: Kubernetes-auth configuration name in Akeyless-Gateway type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Akeyless. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Akeyless. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1292,7 +1629,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1302,51 +1641,72 @@ spec: - k8sConfName type: object secretRef: - description: Reference to a Secret that contains the details to authenticate with Akeyless. + description: |- + Reference to a Secret that contains the details + to authenticate with Akeyless. properties: accessID: description: The SecretAccessID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessType: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessTypeParam: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object type: object caBundle: - description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used + if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -1359,7 +1719,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1405,26 +1767,34 @@ spec: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessKeySecretSecretRef: description: The AccessKeySecret is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1448,7 +1818,10 @@ spec: type: string type: array auth: - description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + Auth defines the information necessary to authenticate against AWS + if not set aws sdk will infer credentials from your environment + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: jwt: description: Authenticate against AWS using service account tokens. @@ -1457,7 +1830,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1465,52 +1841,71 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name type: object type: object secretRef: - description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. properties: accessKeyIDSecretRef: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object sessionTokenSecretRef: - description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1528,10 +1923,20 @@ spec: description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager properties: forceDeleteWithoutRecovery: - description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery' + description: |- + Specifies whether to delete the secret without any recovery window. You + can't use both this parameter and RecoveryWindowInDays in the same call. + If you don't use either, then by default Secrets Manager uses a 30 day + recovery window. + see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery type: boolean recoveryWindowInDays: - description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays' + description: |- + The number of days from 7 to 30 that Secrets Manager waits before + permanently deleting the secret. You can't use both this parameter and + ForceDeleteWithoutRecovery in the same call. If you don't use either, + then by default Secrets Manager uses a 30 day recovery window. + see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays format: int64 type: integer type: object @@ -1573,32 +1978,44 @@ spec: description: The Azure clientId of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientSecret: description: The Azure ClientSecret of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object authType: default: ServicePrincipal - description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)' + description: |- + Auth type defines how to authenticate to the keyvault service. + Valid values are: + - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) + - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) enum: - ServicePrincipal - ManagedIdentity @@ -1606,7 +2023,11 @@ spec: type: string environmentType: default: PublicCloud - description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud' + description: |- + EnvironmentType specifies the Azure cloud environment endpoints to use for + connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. + The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 + PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud enum: - PublicCloud - USGovernmentCloud @@ -1617,10 +2038,15 @@ spec: description: If multiple Managed Identity is assigned to the pod, you can select the one to be used type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1628,7 +2054,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1652,29 +2080,41 @@ spec: account: type: string apiKeyRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object userRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1687,23 +2127,34 @@ spec: account: type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Conjur using the JWT authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountRef specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1711,7 +2162,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1727,7 +2180,10 @@ spec: caBundle: type: string caProvider: - description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + description: |- + Used to provide custom certificate authority (CA) certificates + for a secret store. The CAProvider points to a Secret or ConfigMap resource + that contains a PEM-encoded certificate. properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. @@ -1736,7 +2192,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1755,7 +2213,9 @@ spec: - url type: object delinea: - description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current + description: |- + Delinea DevOps Secrets Vault + https://docs.delinea.com/online-help/products/devops-secrets-vault/current properties: clientId: description: ClientID is the non-secret part of the credential. @@ -1764,13 +2224,17 @@ spec: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -1784,13 +2248,17 @@ spec: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -1801,10 +2269,14 @@ spec: description: Tenant is the chosen hostname / site name. type: string tld: - description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com". + description: |- + TLD is based on the server location that was chosen during provisioning. + If unset, defaults to "com". type: string urlTemplate: - description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". + description: |- + URLTemplate + If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". type: string required: - clientId @@ -1820,16 +2292,23 @@ spec: secretRef: properties: dopplerToken: - description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified. + description: |- + The DopplerToken is used for authentication. + See https://docs.doppler.com/reference/api#authentication for auth token types. + The Key attribute defaults to dopplerToken if not specified. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1902,13 +2381,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1924,7 +2407,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1932,7 +2418,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1959,13 +2447,17 @@ spec: description: AccessToken is used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2020,13 +2512,17 @@ spec: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2041,16 +2537,22 @@ spec: description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider properties: authRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object folderID: @@ -2071,29 +2573,41 @@ spec: description: has both clientCert and clientKey as secretKeySelector properties: clientCert: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientKey: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2101,7 +2615,10 @@ spec: description: points to a service account that should be used for authentication properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2109,7 +2626,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2118,16 +2637,22 @@ spec: description: use static token to authenticate with properties: bearerToken: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2153,7 +2678,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2186,13 +2713,17 @@ spec: description: The ConnectToken is used for authentication to a 1Password Connect Server. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2218,7 +2749,9 @@ spec: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth. + description: |- + Auth configures how secret-manager authenticates with the Oracle Vault. + If empty, use the instance principal, otherwise the user credentials specified in Auth. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -2227,26 +2760,34 @@ spec: description: Fingerprint is the fingerprint of the API private key. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object privatekey: description: PrivateKey is the user's API Signing Key in PEM format, used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2265,13 +2806,20 @@ spec: - user type: object compartment: - description: Compartment is the vault compartment OCID. Required for PushSecret + description: |- + Compartment is the vault compartment OCID. + Required for PushSecret type: string encryptionKey: - description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + description: |- + EncryptionKey is the OCID of the encryption key within the vault. + Required for PushSecret type: string principalType: - description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + description: |- + The type of principal to use for authentication. If left blank, the Auth struct will + determine the principal type. This optional field must be specified if using + workload identity. enum: - "" - UserPrincipal @@ -2282,10 +2830,15 @@ spec: description: Region is the region where vault is located. type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2293,7 +2846,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2315,13 +2870,17 @@ spec: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -2344,13 +2903,17 @@ spec: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -2372,16 +2935,22 @@ spec: clientId: type: string clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2410,39 +2979,61 @@ spec: description: Auth configures how secret-manager authenticates with the Vault server. properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. properties: path: default: approle - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string roleRef: - description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id. + description: |- + Reference to a key in a Secret that contains the App Role ID used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role id. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2450,37 +3041,53 @@ spec: - secretRef type: object cert: - description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method properties: clientCert: - description: ClientCert is a certificate to authenticate using the Cert Vault authentication method + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object iam: - description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method + description: |- + Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials + AWS IAM authentication method properties: externalID: description: AWS External ID set on assumed IAM roles @@ -2492,7 +3099,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2500,7 +3110,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2522,39 +3134,54 @@ spec: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object sessionTokenSecretRef: - description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2568,25 +3195,41 @@ spec: - vaultRole type: object jwt: - description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method properties: kubernetesServiceAccountToken: - description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead' + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. + Deprecated: use serviceAccountRef.Audiences instead items: type: string type: array expirationSeconds: - description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.' + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Deprecated: this will be removed in the future. + Defaults to 10 minutes. format: int64 type: integer serviceAccountRef: description: Service account field containing the name of a kubernetes ServiceAccount. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2594,7 +3237,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2604,55 +3249,86 @@ spec: type: object path: default: jwt - description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"' + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" type: string role: - description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: - path type: object kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. properties: mountPath: default: kubernetes - description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"' + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2660,7 +3336,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2670,27 +3348,40 @@ spec: - role type: object ldap: - description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method properties: path: default: ldap - description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"' + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method type: string required: - path @@ -2700,13 +3391,17 @@ spec: description: TokenSecretRef authenticates with Vault by presenting a token. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object userPass: @@ -2714,23 +3409,34 @@ spec: properties: path: default: user - description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"' + description: |- + Path where the UserPassword authentication backend is mounted + in Vault, e.g: "user" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the + user used to authenticate with Vault using the UserPass authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a user name used to authenticate using the UserPass Vault authentication method + description: |- + Username is a user name used to authenticate using the UserPass Vault + authentication method type: string required: - path @@ -2738,7 +3444,11 @@ spec: type: object type: object caBundle: - description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -2751,7 +3461,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2764,23 +3476,89 @@ spec: - type type: object forwardInconsistent: - description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.' + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. type: string readYourWrites: - description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency type: boolean server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string + tls: + description: |- + The configuration used for client side related TLS communication, when the Vault server + requires mutual authentication. Only used if the Server URL is using HTTPS protocol. + This parameter is ignored for plain HTTP protocol connection. + It's worth noting this configuration is different from the "TLS certificates auth method", + which is available under the `auth.cert` section. + properties: + certSecretRef: + description: |- + CertSecretRef is a certificate added to the transport layer + when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.crt'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + keySecretRef: + description: |- + KeySecretRef to a key in a Secret resource containing client private key + added to the transport layer when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.key'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object version: default: v2 - description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2". + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". enum: - v1 - v2 @@ -2796,7 +3574,11 @@ spec: description: Body type: string caBundle: - description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate webhook server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -2837,7 +3619,9 @@ spec: type: string type: object secrets: - description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name + description: |- + Secrets to fill in templates + These secrets will be passed to the templating function as key value pairs under the given name items: properties: name: @@ -2847,13 +3631,17 @@ spec: description: Secret ref to fill in credentials properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2884,13 +3672,17 @@ spec: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2898,16 +3690,22 @@ spec: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2927,13 +3725,17 @@ spec: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2941,16 +3743,22 @@ spec: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object diff --git a/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml index 123558f86..bdd9c4161 100644 --- a/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml @@ -9,7 +9,7 @@ metadata: {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook {{- end }} - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -29,17 +29,28 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: controller: - description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property' + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters VDS based on this property type: string method: description: Vault API method to use (GET/POST/other) @@ -57,39 +68,61 @@ spec: description: Auth configures how secret-manager authenticates with the Vault server. properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. properties: path: default: approle - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string roleRef: - description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id. + description: |- + Reference to a key in a Secret that contains the App Role ID used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role id. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -97,37 +130,53 @@ spec: - secretRef type: object cert: - description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method properties: clientCert: - description: ClientCert is a certificate to authenticate using the Cert Vault authentication method + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object iam: - description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method + description: |- + Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials + AWS IAM authentication method properties: externalID: description: AWS External ID set on assumed IAM roles @@ -139,7 +188,10 @@ spec: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -147,7 +199,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -169,39 +223,54 @@ spec: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object sessionTokenSecretRef: - description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -215,25 +284,41 @@ spec: - vaultRole type: object jwt: - description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method properties: kubernetesServiceAccountToken: - description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead' + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. + Deprecated: use serviceAccountRef.Audiences instead items: type: string type: array expirationSeconds: - description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.' + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Deprecated: this will be removed in the future. + Defaults to 10 minutes. format: int64 type: integer serviceAccountRef: description: Service account field containing the name of a kubernetes ServiceAccount. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -241,7 +326,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -251,55 +338,86 @@ spec: type: object path: default: jwt - description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"' + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" type: string role: - description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: - path type: object kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. properties: mountPath: default: kubernetes - description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"' + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -307,7 +425,9 @@ spec: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -317,27 +437,40 @@ spec: - role type: object ldap: - description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method properties: path: default: ldap - description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"' + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method type: string required: - path @@ -347,13 +480,17 @@ spec: description: TokenSecretRef authenticates with Vault by presenting a token. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object userPass: @@ -361,23 +498,34 @@ spec: properties: path: default: user - description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"' + description: |- + Path where the UserPassword authentication backend is mounted + in Vault, e.g: "user" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the + user used to authenticate with Vault using the UserPass authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a user name used to authenticate using the UserPass Vault authentication method + description: |- + Username is a user name used to authenticate using the UserPass Vault + authentication method type: string required: - path @@ -385,7 +533,11 @@ spec: type: object type: object caBundle: - description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -398,7 +550,9 @@ spec: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -411,23 +565,89 @@ spec: - type type: object forwardInconsistent: - description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.' + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. type: string readYourWrites: - description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency type: boolean server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string + tls: + description: |- + The configuration used for client side related TLS communication, when the Vault server + requires mutual authentication. Only used if the Server URL is using HTTPS protocol. + This parameter is ignored for plain HTTP protocol connection. + It's worth noting this configuration is different from the "TLS certificates auth method", + which is available under the `auth.cert` section. + properties: + certSecretRef: + description: |- + CertSecretRef is a certificate added to the transport layer + when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.crt'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + keySecretRef: + description: |- + KeySecretRef to a key in a Secret resource containing client private key + added to the transport layer when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.key'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object version: default: v2 - description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2". + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". enum: - v1 - v2 @@ -438,7 +658,12 @@ spec: type: object resultType: default: Data - description: Result type defines which data is returned from the generator. By default it is the "data" section of the Vault API response. When using e.g. /auth/token/create the "data" section is empty but the "auth" section contains the generated token. Please refer to the vault docs regarding the result data structure. + description: |- + Result type defines which data is returned from the generator. + By default it is the "data" section of the Vault API response. + When using e.g. /auth/token/create the "data" section is empty but + the "auth" section contains the generated token. + Please refer to the vault docs regarding the result data structure. enum: - Data - Auth diff --git a/charts/external-secrets/external-secrets/templates/deployment.yaml b/charts/external-secrets/external-secrets/templates/deployment.yaml index 00ea999ba..3dafc2c9d 100644 --- a/charts/external-secrets/external-secrets/templates/deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/deployment.yaml @@ -45,7 +45,7 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.image) | trim }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if or (.Values.leaderElect) (.Values.scopedNamespace) (.Values.processClusterStore) (.Values.processClusterExternalSecret) (.Values.concurrent) (.Values.extraArgs) }} args: diff --git a/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml b/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml index 5ab8fe9f6..f5d640d5b 100644 --- a/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml @@ -45,7 +45,7 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}" + image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.webhook.image) | trim }} imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} args: - webhook diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 24b24dca3..e1bee95fd 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.11 - helm.sh/chart: external-secrets-0.9.11 + app.kubernetes.io/version: v0.9.12 + helm.sh/chart: external-secrets-0.9.12 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.11 - helm.sh/chart: external-secrets-0.9.11 + app.kubernetes.io/version: v0.9.12 + helm.sh/chart: external-secrets-0.9.12 spec: automountServiceAccountToken: true containers: @@ -38,7 +38,7 @@ should match snapshot of default values: - --secret-namespace=NAMESPACE - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.11 + image: ghcr.io/external-secrets/external-secrets:v0.9.12 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 123207b31..44cc61eff 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.11 - helm.sh/chart: external-secrets-0.9.11 + app.kubernetes.io/version: v0.9.12 + helm.sh/chart: external-secrets-0.9.12 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,15 +24,15 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.11 - helm.sh/chart: external-secrets-0.9.11 + app.kubernetes.io/version: v0.9.12 + helm.sh/chart: external-secrets-0.9.12 spec: automountServiceAccountToken: true containers: - args: - --concurrent=1 - --metrics-addr=:8080 - image: ghcr.io/external-secrets/external-secrets:v0.9.11 + image: ghcr.io/external-secrets/external-secrets:v0.9.12 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap index fa5b3224a..affb9f21c 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -4,7 +4,7 @@ should match snapshot of default values: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretstores.external-secrets.io spec: conversion: @@ -43,10 +43,19 @@ should match snapshot of default values: description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,7 +63,9 @@ should match snapshot of default values: description: SecretStoreSpec defines the desired state of SecretStore. properties: controller: - description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters ES based on this property type: string provider: description: Used to configure the provider. Only one provider may be set @@ -71,7 +82,9 @@ should match snapshot of default values: description: Auth configures how the operator authenticates with Akeyless. properties: kubernetesAuth: - description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource. + description: |- + Kubernetes authenticates with Akeyless by passing the ServiceAccount + token stored in the named Secret resource. properties: accessID: description: the Akeyless Kubernetes auth-method access-id @@ -80,23 +93,38 @@ should match snapshot of default values: description: Kubernetes-auth configuration name in Akeyless-Gateway type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Akeyless. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Akeyless. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -104,7 +132,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -114,51 +144,72 @@ should match snapshot of default values: - k8sConfName type: object secretRef: - description: Reference to a Secret that contains the details to authenticate with Akeyless. + description: |- + Reference to a Secret that contains the details + to authenticate with Akeyless. properties: accessID: description: The SecretAccessID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessType: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessTypeParam: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object type: object caBundle: - description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used + if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -217,26 +268,34 @@ should match snapshot of default values: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessKeySecretSecretRef: description: The AccessKeySecret is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -255,7 +314,10 @@ should match snapshot of default values: description: AWS configures this store to sync secrets using AWS Secret Manager provider properties: auth: - description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + Auth defines the information necessary to authenticate against AWS + if not set aws sdk will infer credentials from your environment + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: jwt: description: Authenticate against AWS using service account tokens. @@ -264,7 +326,10 @@ should match snapshot of default values: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -272,39 +337,51 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name type: object type: object secretRef: - description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. properties: accessKeyIDSecretRef: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -335,32 +412,44 @@ should match snapshot of default values: description: The Azure clientId of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientSecret: description: The Azure ClientSecret of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object authType: default: ServicePrincipal - description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)' + description: |- + Auth type defines how to authenticate to the keyvault service. + Valid values are: + - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) + - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) enum: - ServicePrincipal - ManagedIdentity @@ -370,10 +459,15 @@ should match snapshot of default values: description: If multiple Managed Identity is assigned to the pod, you can select the one to be used type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -381,7 +475,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -430,13 +526,17 @@ should match snapshot of default values: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -452,7 +552,10 @@ should match snapshot of default values: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -460,7 +563,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -487,13 +592,17 @@ should match snapshot of default values: description: AccessToken is used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -521,13 +630,17 @@ should match snapshot of default values: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -552,29 +665,41 @@ should match snapshot of default values: description: has both clientCert and clientKey as secretKeySelector properties: clientCert: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientKey: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -585,7 +710,10 @@ should match snapshot of default values: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -593,7 +721,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -603,16 +733,22 @@ should match snapshot of default values: description: use static token to authenticate with properties: bearerToken: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -662,7 +798,10 @@ should match snapshot of default values: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal. + description: |- + Auth configures how secret-manager authenticates with the Oracle Vault. + If empty, instance principal is used. Optionally, the authenticating principal type + and/or user data may be supplied for the use of workload identity and user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -671,26 +810,34 @@ should match snapshot of default values: description: Fingerprint is the fingerprint of the API private key. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object privatekey: description: PrivateKey is the user's API Signing Key in PEM format, used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -709,13 +856,20 @@ should match snapshot of default values: - user type: object compartment: - description: Compartment is the vault compartment OCID. Required for PushSecret + description: |- + Compartment is the vault compartment OCID. + Required for PushSecret type: string encryptionKey: - description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + description: |- + EncryptionKey is the OCID of the encryption key within the vault. + Required for PushSecret type: string principalType: - description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + description: |- + The type of principal to use for authentication. If left blank, the Auth struct will + determine the principal type. This optional field must be specified if using + workload identity. enum: - "" - UserPrincipal @@ -726,10 +880,15 @@ should match snapshot of default values: description: Region is the region where vault is located. type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -737,7 +896,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -756,26 +917,40 @@ should match snapshot of default values: description: Auth configures how secret-manager authenticates with the Vault server. properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. properties: path: default: approle - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -784,55 +959,83 @@ should match snapshot of default values: - secretRef type: object cert: - description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method properties: clientCert: - description: ClientCert is a certificate to authenticate using the Cert Vault authentication method + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object jwt: - description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method properties: kubernetesServiceAccountToken: - description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. items: type: string type: array expirationSeconds: - description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes. + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Defaults to 10 minutes. format: int64 type: integer serviceAccountRef: description: Service account field containing the name of a kubernetes ServiceAccount. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -840,7 +1043,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -850,55 +1055,86 @@ should match snapshot of default values: type: object path: default: jwt - description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"' + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" type: string role: - description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: - path type: object kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. properties: mountPath: default: kubernetes - description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"' + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -906,7 +1142,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -916,27 +1154,40 @@ should match snapshot of default values: - role type: object ldap: - description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method properties: path: default: ldap - description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"' + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method type: string required: - path @@ -946,18 +1197,26 @@ should match snapshot of default values: description: TokenSecretRef authenticates with Vault by presenting a token. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object caBundle: - description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -983,23 +1242,40 @@ should match snapshot of default values: - type type: object forwardInconsistent: - description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.' + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. type: string readYourWrites: - description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency type: boolean server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string version: default: v2 - description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2". + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". enum: - v1 - v2 @@ -1015,7 +1291,11 @@ should match snapshot of default values: description: Body type: string caBundle: - description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate webhook server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -1056,7 +1336,9 @@ should match snapshot of default values: type: string type: object secrets: - description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name + description: |- + Secrets to fill in templates + These secrets will be passed to the templating function as key value pairs under the given name items: properties: name: @@ -1066,13 +1348,17 @@ should match snapshot of default values: description: Secret ref to fill in credentials properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1103,13 +1389,17 @@ should match snapshot of default values: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1117,16 +1407,22 @@ should match snapshot of default values: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1193,10 +1489,19 @@ should match snapshot of default values: description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1206,7 +1511,9 @@ should match snapshot of default values: conditions: description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore items: - description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance. + description: |- + ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in + for a ClusterSecretStore instance. properties: namespaceSelector: description: Choose namespace using a labelSelector @@ -1214,16 +1521,24 @@ should match snapshot of default values: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1235,7 +1550,10 @@ should match snapshot of default values: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -1247,7 +1565,9 @@ should match snapshot of default values: type: object type: array controller: - description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters ES based on this property type: string provider: description: Used to configure the provider. Only one provider may be set @@ -1264,7 +1584,9 @@ should match snapshot of default values: description: Auth configures how the operator authenticates with Akeyless. properties: kubernetesAuth: - description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource. + description: |- + Kubernetes authenticates with Akeyless by passing the ServiceAccount + token stored in the named Secret resource. properties: accessID: description: the Akeyless Kubernetes auth-method access-id @@ -1273,23 +1595,38 @@ should match snapshot of default values: description: Kubernetes-auth configuration name in Akeyless-Gateway type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Akeyless. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Akeyless. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1297,7 +1634,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1307,51 +1646,72 @@ should match snapshot of default values: - k8sConfName type: object secretRef: - description: Reference to a Secret that contains the details to authenticate with Akeyless. + description: |- + Reference to a Secret that contains the details + to authenticate with Akeyless. properties: accessID: description: The SecretAccessID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessType: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessTypeParam: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object type: object caBundle: - description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used + if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -1364,7 +1724,9 @@ should match snapshot of default values: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1410,26 +1772,34 @@ should match snapshot of default values: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object accessKeySecretSecretRef: description: The AccessKeySecret is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1453,7 +1823,10 @@ should match snapshot of default values: type: string type: array auth: - description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + Auth defines the information necessary to authenticate against AWS + if not set aws sdk will infer credentials from your environment + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: jwt: description: Authenticate against AWS using service account tokens. @@ -1462,7 +1835,10 @@ should match snapshot of default values: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1470,52 +1846,71 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name type: object type: object secretRef: - description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. properties: accessKeyIDSecretRef: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object sessionTokenSecretRef: - description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1533,10 +1928,20 @@ should match snapshot of default values: description: SecretsManager defines how the provider behaves when interacting with AWS SecretsManager properties: forceDeleteWithoutRecovery: - description: 'Specifies whether to delete the secret without any recovery window. You can''t use both this parameter and RecoveryWindowInDays in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery' + description: |- + Specifies whether to delete the secret without any recovery window. You + can't use both this parameter and RecoveryWindowInDays in the same call. + If you don't use either, then by default Secrets Manager uses a 30 day + recovery window. + see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery type: boolean recoveryWindowInDays: - description: 'The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can''t use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don''t use either, then by default Secrets Manager uses a 30 day recovery window. see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays' + description: |- + The number of days from 7 to 30 that Secrets Manager waits before + permanently deleting the secret. You can't use both this parameter and + ForceDeleteWithoutRecovery in the same call. If you don't use either, + then by default Secrets Manager uses a 30 day recovery window. + see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays format: int64 type: integer type: object @@ -1578,32 +1983,44 @@ should match snapshot of default values: description: The Azure clientId of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientSecret: description: The Azure ClientSecret of the service principle used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object authType: default: ServicePrincipal - description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)' + description: |- + Auth type defines how to authenticate to the keyvault service. + Valid values are: + - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) + - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) enum: - ServicePrincipal - ManagedIdentity @@ -1611,7 +2028,11 @@ should match snapshot of default values: type: string environmentType: default: PublicCloud - description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud' + description: |- + EnvironmentType specifies the Azure cloud environment endpoints to use for + connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. + The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 + PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud enum: - PublicCloud - USGovernmentCloud @@ -1622,10 +2043,15 @@ should match snapshot of default values: description: If multiple Managed Identity is assigned to the pod, you can select the one to be used type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1633,7 +2059,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1657,29 +2085,41 @@ should match snapshot of default values: account: type: string apiKeyRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object userRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1692,23 +2132,34 @@ should match snapshot of default values: account: type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Conjur using the JWT authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountRef specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1716,7 +2167,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1732,7 +2185,10 @@ should match snapshot of default values: caBundle: type: string caProvider: - description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + description: |- + Used to provide custom certificate authority (CA) certificates + for a secret store. The CAProvider points to a Secret or ConfigMap resource + that contains a PEM-encoded certificate. properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. @@ -1741,7 +2197,9 @@ should match snapshot of default values: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1760,7 +2218,9 @@ should match snapshot of default values: - url type: object delinea: - description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current + description: |- + Delinea DevOps Secrets Vault + https://docs.delinea.com/online-help/products/devops-secrets-vault/current properties: clientId: description: ClientID is the non-secret part of the credential. @@ -1769,13 +2229,17 @@ should match snapshot of default values: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -1789,13 +2253,17 @@ should match snapshot of default values: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -1806,10 +2274,14 @@ should match snapshot of default values: description: Tenant is the chosen hostname / site name. type: string tld: - description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com". + description: |- + TLD is based on the server location that was chosen during provisioning. + If unset, defaults to "com". type: string urlTemplate: - description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". + description: |- + URLTemplate + If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". type: string required: - clientId @@ -1825,16 +2297,23 @@ should match snapshot of default values: secretRef: properties: dopplerToken: - description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified. + description: |- + The DopplerToken is used for authentication. + See https://docs.doppler.com/reference/api#authentication for auth token types. + The Key attribute defaults to dopplerToken if not specified. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -1907,13 +2386,17 @@ should match snapshot of default values: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -1929,7 +2412,10 @@ should match snapshot of default values: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -1937,7 +2423,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -1964,13 +2452,17 @@ should match snapshot of default values: description: AccessToken is used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2025,13 +2517,17 @@ should match snapshot of default values: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2046,16 +2542,22 @@ should match snapshot of default values: description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider properties: authRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object folderID: @@ -2076,29 +2578,41 @@ should match snapshot of default values: description: has both clientCert and clientKey as secretKeySelector properties: clientCert: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object clientKey: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2106,7 +2620,10 @@ should match snapshot of default values: description: points to a service account that should be used for authentication properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2114,7 +2631,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2123,16 +2642,22 @@ should match snapshot of default values: description: use static token to authenticate with properties: bearerToken: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2158,7 +2683,9 @@ should match snapshot of default values: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2191,13 +2718,17 @@ should match snapshot of default values: description: The ConnectToken is used for authentication to a 1Password Connect Server. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2223,7 +2754,9 @@ should match snapshot of default values: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth. + description: |- + Auth configures how secret-manager authenticates with the Oracle Vault. + If empty, use the instance principal, otherwise the user credentials specified in Auth. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -2232,26 +2765,34 @@ should match snapshot of default values: description: Fingerprint is the fingerprint of the API private key. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object privatekey: description: PrivateKey is the user's API Signing Key in PEM format, used for authentication. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2270,13 +2811,20 @@ should match snapshot of default values: - user type: object compartment: - description: Compartment is the vault compartment OCID. Required for PushSecret + description: |- + Compartment is the vault compartment OCID. + Required for PushSecret type: string encryptionKey: - description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + description: |- + EncryptionKey is the OCID of the encryption key within the vault. + Required for PushSecret type: string principalType: - description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + description: |- + The type of principal to use for authentication. If left blank, the Auth struct will + determine the principal type. This optional field must be specified if using + workload identity. enum: - "" - UserPrincipal @@ -2287,10 +2835,15 @@ should match snapshot of default values: description: Region is the region where vault is located. type: string serviceAccountRef: - description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2298,7 +2851,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2320,13 +2875,17 @@ should match snapshot of default values: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -2349,13 +2908,17 @@ should match snapshot of default values: description: SecretRef references a key in a secret that will be used as value. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object value: @@ -2377,16 +2940,22 @@ should match snapshot of default values: clientId: type: string clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2415,39 +2984,61 @@ should match snapshot of default values: description: Auth configures how secret-manager authenticates with the Vault server. properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. properties: path: default: approle - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string roleRef: - description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id. + description: |- + Reference to a key in a Secret that contains the App Role ID used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role id. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2455,37 +3046,53 @@ should match snapshot of default values: - secretRef type: object cert: - description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method properties: clientCert: - description: ClientCert is a certificate to authenticate using the Cert Vault authentication method + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretRef: - description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object iam: - description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method + description: |- + Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials + AWS IAM authentication method properties: externalID: description: AWS External ID set on assumed IAM roles @@ -2497,7 +3104,10 @@ should match snapshot of default values: description: A reference to a ServiceAccount resource. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2505,7 +3115,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2527,39 +3139,54 @@ should match snapshot of default values: description: The AccessKeyID is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object secretAccessKeySecretRef: description: The SecretAccessKey is used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object sessionTokenSecretRef: - description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2573,25 +3200,41 @@ should match snapshot of default values: - vaultRole type: object jwt: - description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method properties: kubernetesServiceAccountToken: - description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. properties: audiences: - description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead' + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. + Deprecated: use serviceAccountRef.Audiences instead items: type: string type: array expirationSeconds: - description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.' + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Deprecated: this will be removed in the future. + Defaults to 10 minutes. format: int64 type: integer serviceAccountRef: description: Service account field containing the name of a kubernetes ServiceAccount. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2599,7 +3242,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2609,55 +3254,86 @@ should match snapshot of default values: type: object path: default: jwt - description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"' + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" type: string role: - description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method type: string secretRef: - description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method. + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: - path type: object kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. properties: mountPath: default: kubernetes - description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"' + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used. + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object serviceAccountRef: - description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead. + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. properties: audiences: - description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list items: type: string type: array @@ -2665,7 +3341,9 @@ should match snapshot of default values: description: The name of the ServiceAccount resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string required: - name @@ -2675,27 +3353,40 @@ should match snapshot of default values: - role type: object ldap: - description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method properties: path: default: ldap - description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"' + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method type: string required: - path @@ -2705,13 +3396,17 @@ should match snapshot of default values: description: TokenSecretRef authenticates with Vault by presenting a token. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object userPass: @@ -2719,23 +3414,34 @@ should match snapshot of default values: properties: path: default: user - description: 'Path where the UserPassword authentication backend is mounted in Vault, e.g: "user"' + description: |- + Path where the UserPassword authentication backend is mounted + in Vault, e.g: "user" type: string secretRef: - description: SecretRef to a key in a Secret resource containing password for the user used to authenticate with Vault using the UserPass authentication method + description: |- + SecretRef to a key in a Secret resource containing password for the + user used to authenticate with Vault using the UserPass authentication + method properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object username: - description: Username is a user name used to authenticate using the UserPass Vault authentication method + description: |- + Username is a user name used to authenticate using the UserPass Vault + authentication method type: string required: - path @@ -2743,7 +3449,11 @@ should match snapshot of default values: type: object type: object caBundle: - description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -2756,7 +3466,9 @@ should match snapshot of default values: description: The name of the object located at the provider type. type: string namespace: - description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2769,23 +3481,89 @@ should match snapshot of default values: - type type: object forwardInconsistent: - description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.' + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. type: string readYourWrites: - description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency type: boolean server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string + tls: + description: |- + The configuration used for client side related TLS communication, when the Vault server + requires mutual authentication. Only used if the Server URL is using HTTPS protocol. + This parameter is ignored for plain HTTP protocol connection. + It's worth noting this configuration is different from the "TLS certificates auth method", + which is available under the `auth.cert` section. + properties: + certSecretRef: + description: |- + CertSecretRef is a certificate added to the transport layer + when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.crt'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + keySecretRef: + description: |- + KeySecretRef to a key in a Secret resource containing client private key + added to the transport layer when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.key'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object version: default: v2 - description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2". + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". enum: - v1 - v2 @@ -2801,7 +3579,11 @@ should match snapshot of default values: description: Body type: string caBundle: - description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. + description: |- + PEM encoded CA bundle used to validate webhook server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. format: byte type: string caProvider: @@ -2842,7 +3624,9 @@ should match snapshot of default values: type: string type: object secrets: - description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name + description: |- + Secrets to fill in templates + These secrets will be passed to the templating function as key value pairs under the given name items: properties: name: @@ -2852,13 +3636,17 @@ should match snapshot of default values: description: Secret ref to fill in credentials properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object required: @@ -2889,13 +3677,17 @@ should match snapshot of default values: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2903,16 +3695,22 @@ should match snapshot of default values: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2932,13 +3730,17 @@ should match snapshot of default values: description: The authorized key used for authentication properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object @@ -2946,16 +3748,22 @@ should match snapshot of default values: description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate. properties: certSecretRef: - description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. type: string name: description: The name of the Secret resource being referred to. type: string namespace: - description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. type: string type: object type: object diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index b5aa2391a..344059a56 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.11 - helm.sh/chart: external-secrets-0.9.11 + app.kubernetes.io/version: v0.9.12 + helm.sh/chart: external-secrets-0.9.12 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.11 - helm.sh/chart: external-secrets-0.9.11 + app.kubernetes.io/version: v0.9.12 + helm.sh/chart: external-secrets-0.9.12 spec: automountServiceAccountToken: true containers: @@ -37,7 +37,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.11 + image: ghcr.io/external-secrets/external-secrets:v0.9.12 imagePullPolicy: IfNotPresent name: webhook ports: @@ -81,8 +81,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.11 + app.kubernetes.io/version: v0.9.12 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.11 + helm.sh/chart: external-secrets-0.9.12 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE diff --git a/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml b/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml index 52cce7efd..8f2769d62 100644 --- a/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml +++ b/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml @@ -61,3 +61,20 @@ tests: - equal: path: spec.template.spec.containers[0].args[6] value: "--metrics-addr=:8888" + - it: should override image flavour + set: + certController.image.repository: ghcr.io/external-secrets/external-secrets + certController.image.tag: v0.9.8 + certController.image.flavour: ubi-boringssl + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl + - it: should override image flavour + set: + certController.image.repository: example.com/external-secrets/external-secrets + certController.image.tag: v0.9.9-ubi + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: example.com/external-secrets/external-secrets:v0.9.9-ubi diff --git a/charts/external-secrets/external-secrets/tests/controller_test.yaml b/charts/external-secrets/external-secrets/tests/controller_test.yaml index f74af187b..c437d64fc 100644 --- a/charts/external-secrets/external-secrets/tests/controller_test.yaml +++ b/charts/external-secrets/external-secrets/tests/controller_test.yaml @@ -54,3 +54,20 @@ tests: - equal: path: spec.template.spec.containers[0].args[1] value: "--metrics-addr=:8888" + - it: should override image flavour + set: + image.repository: ghcr.io/external-secrets/external-secrets + image.tag: v0.9.8 + image.flavour: ubi-boringssl + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl + - it: should override image flavour + set: + image.repository: example.com/external-secrets/external-secrets + image.tag: v0.9.9-ubi + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: example.com/external-secrets/external-secrets:v0.9.9-ubi diff --git a/charts/external-secrets/external-secrets/tests/webhook_test.yaml b/charts/external-secrets/external-secrets/tests/webhook_test.yaml index b157e3bd4..8c6f761b0 100644 --- a/charts/external-secrets/external-secrets/tests/webhook_test.yaml +++ b/charts/external-secrets/external-secrets/tests/webhook_test.yaml @@ -170,3 +170,24 @@ tests: - equal: path: spec.template.spec.containers[0].args[5] value: "--metrics-addr=:8888" + - it: should override image flavour + set: + webhook.image.repository: ghcr.io/external-secrets/external-secrets + webhook.image.tag: v0.9.8 + webhook.image.flavour: ubi-boringssl + templates: + - webhook-deployment.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/external-secrets/external-secrets:v0.9.8-ubi-boringssl + - it: should override image flavour + set: + webhook.image.repository: example.com/external-secrets/external-secrets + webhook.image.tag: v0.9.9-ubi + templates: + - webhook-deployment.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: example.com/external-secrets/external-secrets:v0.9.9-ubi diff --git a/charts/external-secrets/external-secrets/values.yaml b/charts/external-secrets/external-secrets/values.yaml index 5b4335720..f2f5597c1 100644 --- a/charts/external-secrets/external-secrets/values.yaml +++ b/charts/external-secrets/external-secrets/values.yaml @@ -7,10 +7,12 @@ image: repository: ghcr.io/external-secrets/external-secrets pullPolicy: IfNotPresent # -- The image tag to use. The default is the chart appVersion. + tag: "" + # -- The flavour of tag you want to use # There are different image flavours available, like distroless and ubi. # Please see GitHub release notes for image tags for these flavors. # By default the distroless image is used. - tag: "" + flavour: "" # -- If set, install and upgrade CRDs through helm chart. installCRDs: true @@ -224,8 +226,10 @@ webhook: image: repository: ghcr.io/external-secrets/external-secrets pullPolicy: IfNotPresent - # -- The image tag to use. The default is the chart appVersion. + # -- The image tag to use. The default is the chart appVersion. tag: "" + # -- The flavour of tag you want to use + flavour: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" @@ -271,7 +275,8 @@ webhook: name: "my-issuer" # -- Set the requested duration (i.e. lifetime) of the Certificate. See # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec - duration: "" + # One year by default. + duration: "8760h" # -- How long before the currently issued certificate’s expiry # cert-manager should renew the certificate. See # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec @@ -375,6 +380,7 @@ certController: repository: ghcr.io/external-secrets/external-secrets pullPolicy: IfNotPresent tag: "" + flavour: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" diff --git a/charts/hashicorp/consul/Chart.yaml b/charts/hashicorp/consul/Chart.yaml index 58acd9ad0..2fa3de6fd 100644 --- a/charts/hashicorp/consul/Chart.yaml +++ b/charts/hashicorp/consul/Chart.yaml @@ -1,11 +1,11 @@ annotations: artifacthub.io/images: | - name: consul - image: hashicorp/consul:1.17.1 + image: hashicorp/consul:1.17.2 - name: consul-k8s-control-plane - image: hashicorp/consul-k8s-control-plane:1.3.1 + image: hashicorp/consul-k8s-control-plane:1.3.2 - name: consul-dataplane - image: hashicorp/consul-dataplane:1.3.1 + image: hashicorp/consul-dataplane:1.3.2 - name: envoy image: envoyproxy/envoy:v1.25.11 artifacthub.io/license: MPL-2.0 @@ -25,7 +25,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/release-name: consul apiVersion: v2 -appVersion: 1.17.1 +appVersion: 1.17.2 description: Official HashiCorp Consul Chart home: https://www.consul.io icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png @@ -34,4 +34,4 @@ name: consul sources: - https://github.com/hashicorp/consul - https://github.com/hashicorp/consul-k8s -version: 1.3.1 +version: 1.3.2 diff --git a/charts/hashicorp/consul/templates/connect-inject-deployment.yaml b/charts/hashicorp/consul/templates/connect-inject-deployment.yaml index 2fafae7df..b87c8223b 100644 --- a/charts/hashicorp/consul/templates/connect-inject-deployment.yaml +++ b/charts/hashicorp/consul/templates/connect-inject-deployment.yaml @@ -259,7 +259,8 @@ spec: -default-sidecar-proxy-lifecycle-shutdown-grace-period-seconds={{ .Values.connectInject.sidecarProxy.lifecycle.defaultShutdownGracePeriodSeconds }} \ -default-sidecar-proxy-lifecycle-graceful-port={{ .Values.connectInject.sidecarProxy.lifecycle.defaultGracefulPort }} \ -default-sidecar-proxy-lifecycle-graceful-shutdown-path="{{ .Values.connectInject.sidecarProxy.lifecycle.defaultGracefulShutdownPath }}" \ - + -default-sidecar-proxy-startup-failure-seconds={{ .Values.connectInject.sidecarProxy.defaultStartupFailureSeconds }} \ + -default-sidecar-proxy-liveness-failure-seconds={{ .Values.connectInject.sidecarProxy.defaultLivenessFailureSeconds }} \ {{- if .Values.connectInject.initContainer }} {{- $initResources := .Values.connectInject.initContainer.resources }} {{- if not (kindIs "invalid" $initResources.limits.memory) }} diff --git a/charts/hashicorp/consul/values.yaml b/charts/hashicorp/consul/values.yaml index 80245654a..0d2d3aaa3 100644 --- a/charts/hashicorp/consul/values.yaml +++ b/charts/hashicorp/consul/values.yaml @@ -66,7 +66,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: hashicorp/consul:1.17.1 + image: hashicorp/consul:1.17.2 # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. @@ -86,7 +86,7 @@ global: # image that is used for functionality such as catalog sync. # This can be overridden per component. # @default: hashicorp/consul-k8s-control-plane: - imageK8S: hashicorp/consul-k8s-control-plane:1.3.1 + imageK8S: hashicorp/consul-k8s-control-plane:1.3.2 # The name of the datacenter that the agents should # register as. This can't be changed once the Consul cluster is up and running @@ -639,7 +639,7 @@ global: # The name (and tag) of the consul-dataplane Docker image used for the # connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # @default: hashicorp/consul-dataplane: - imageConsulDataplane: hashicorp/consul-dataplane:1.3.1 + imageConsulDataplane: hashicorp/consul-dataplane:1.3.2 # Configuration for running this Helm chart on the Red Hat OpenShift platform. # This Helm chart currently supports OpenShift v4.x+. @@ -2701,6 +2701,13 @@ connectInject: # @type: string defaultGracefulShutdownPath: "/graceful_shutdown" + # Configures how long the k8s startup probe will wait before the proxy is considered to be unhealthy and the container is restarted. + # A value of zero disables the probe. + defaultStartupFailureSeconds: 0 + # Configures how long the k8s liveness probe will wait before the proxy is considered to be unhealthy and the container is restarted. + # A value of zero disables the probe. + defaultLivenessFailureSeconds: 0 + # The resource settings for the Connect injected init container. If null, the resources # won't be set for the initContainer. The defaults are optimized for developer instances of # Kubernetes, however they should be tweaked with the recommended defaults as shown below to speed up service registration times. diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md index bf1415bd7..b52622b1e 100644 --- a/charts/jenkins/jenkins/CHANGELOG.md +++ b/charts/jenkins/jenkins/CHANGELOG.md @@ -12,6 +12,66 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 5.0.13 + +Update `docker.io/kiwigrid/k8s-sidecar` to version `docker.io/kiwigrid/k8s-sidecar` + +## 5.0.12 + +Fix controller.sidecars.additionalSidecarContainers renaming and add tests + +## 5.0.11 + +* Add controller.sidecars.configAutoReload.scheme to specify protocol scheme when connecting Jenkins configuration-as-code reload endpoint +* Add controller.sidecars.configAutoReload.skipTlsVerify to force the k8s-sidecar container to skip TLS verification when connecting to an HTTPS Jenkins configuration-as-code reload endpoint + +## 5.0.10 + +Update `jenkins/inbound-agent` to version `jenkins/inbound-agent` + +## 5.0.9 + +Update `kubernetes` to version `4186.v1d804571d5d4` + +## 5.0.8 + +Update `configuration-as-code` to version `1775.v810dc950b_514` + +## 5.0.7 + +Update `docker.io/kiwigrid/k8s-sidecar` to version `docker.io/kiwigrid/k8s-sidecar` + +## 5.0.6 + +Removed `docker.io` prefix from inbound-agent image + +## 5.0.5 + +Prefixed artifacthub.io/images with `docker.io` + +## 5.0.4 + +Updated super-linter to v6. Updated README.md and CHANGELOG.md to fix linting issues. + +## 5.0.2 + +Update `git` to version `5.2.1` + +## 5.0.1 + +Update `docker.io/bats/bats` to version `v1.10.0` + +## 5.0.0 + + > [!CAUTION] + > Several fields have been renamed or removed. See [UPGRADING.md](./UPGRADING.md#to-500) + +The Helm Chart is now updated automatically via [Renovate](https://docs.renovatebot.com/) + +## 4.12.1 + +Update Jenkins image and appVersion to jenkins lts release version 2.426.3 + ## 4.12.0 Add support for [generic ephemeral storage](https://github.com/jenkinsci/kubernetes-plugin/pull/1489) in `agent.volumes` and `agents.workspaceVolume`. @@ -1441,13 +1501,13 @@ Make `agent.slaveConnectTimeout` configurable: by increasing this value Jenkins ## 1.9.7 Update plugin versions -plugin | old version | new version ---------------------- | ----------- | ---------- -kubernetes | 1.18.2 | 1.21.2 -workflow-job | 2.33 | 2.36 -credentials-binding | 1.19 | 1.20 -git | 3.11.0 | 4.0.0 -configuration-as-code | 1.27 | 1.32 +| plugin | old version | new version | +|-----------------------|-------------|-------------| +| kubernetes | 1.18.2 | 1.21.2 | +| workflow-job | 2.33 | 2.36 | +| credentials-binding | 1.19 | 1.20 | +| git | 3.11.0 | 4.0.0 | +| configuration-as-code | 1.27 | 1.32 | ## 1.9.6 @@ -1573,7 +1633,7 @@ JCasC default configuration includes: - maxRequestsPerHostStr: "32" - name: "kubernetes" - namespace - - serverUrl: "https://kubernetes.default" + - serverUrl: `"https://kubernetes.default"` - template - containers - alwaysPullImage: `agent.alwaysPullImage` diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index 43c738094..74d0caa3d 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -1,16 +1,14 @@ annotations: artifacthub.io/category: integration-delivery artifacthub.io/changes: | - - Add support for [generic ephemeral storage](https://github.com/jenkinsci/kubernetes-plugin/pull/1489) in `agent.volumes` and `agents.workspaceVolume`. + - Update `docker.io/kiwigrid/k8s-sidecar` to version `docker.io/kiwigrid/k8s-sidecar` artifacthub.io/images: | - name: jenkins - image: jenkins/jenkins:2.426.2-jdk17 + image: docker.io/jenkins/jenkins:2.426.3-jdk17 - name: k8s-sidecar - image: kiwigrid/k8s-sidecar:1.24.4 + image: docker.io/kiwigrid/k8s-sidecar:1.25.4 - name: inbound-agent - image: jenkins/inbound-agent:3192.v713e3b_039fb_e-5 - - name: backup - image: maorfr/kube-tasks:0.2.0 + image: jenkins/inbound-agent:3206.vb_15dcf73f6a_9-3 artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Chart Source @@ -24,7 +22,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.14-0' catalog.cattle.io/release-name: jenkins apiVersion: v2 -appVersion: 2.426.2 +appVersion: 2.426.3 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides over 1800 plugins to support building, deploying and automating any project. @@ -51,4 +49,4 @@ sources: - https://github.com/jenkinsci/docker-inbound-agent - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin -version: 4.12.0 +version: 5.0.13 diff --git a/charts/jenkins/jenkins/README.md b/charts/jenkins/jenkins/README.md index 32172e1b6..9b7db0737 100644 --- a/charts/jenkins/jenkins/README.md +++ b/charts/jenkins/jenkins/README.md @@ -490,315 +490,6 @@ controller: RBAC is enabled by default. If you want to disable it you will need to set `rbac.create` to `false`. -### Backup - -Adds a backup CronJob for jenkins, along with required RBAC resources. See additional `backup` values using [configuration commands](#configuration). - -#### Example: Backup to Google Cloud Storage Bucket - -Let's look at a quick example. Let's pretend we are backing up Jenkins to a **Google Cloud Storage (GCS) Bucket**. Here is what the process would look like: - -##### 1. Create a Google Cloud Platform Account - -If you don't have a GCP account, you can create a Free Account with the link below: - -- - -##### 2. Create a GCS bucket with a unique name - -You need to create a GCS bucket with a unique name, which you can do by following the guide below: - -- - -##### 3. Create a GCP Service Account - -In order for the backup job to upload Jenkins data to the GCS bucket, you need to provide it with a Google Service Account, which you can create by following the guide below: - -- - -##### 4. Bind `roles/storage.admin` role to Service Account - -Now you need to provide your GCP Service Account with the `roles/storage.admin` role, which has permissions to read/write content to a GCS bucket. You can do this by following the guide below: - -- - -##### 5. Create a Service Account Key - -Now that you have a Service Account (SA), you need to create a Service Account Key, which is a file that represents the GCP Service Account that will get passed to the Backup Job (and later on to the Recovery Job). You can create it by following the guide below: - -- - -##### 6. Create a Kubernetes Secret from the Service Account key - -In order for the Backup Job to access the GCP Service Account Key you need to create Kubernetes Secret, which you can create using the command below: - -```bash -# Replace with the path to the SA Key -kubectl -n jenkins create secret generic jenkinsgcp --from-file=sa-credentials.json=/path/to/sa_key.json -``` - -**NOTE**: This assumes that you will deploy the Jenkins chart in the `jenkins` namespace. - -##### 7. Deploy the Jenkins Helm Chart using a modified values file - -Rather than using a long command to pass on all the new Chart values, create a values file called `values.yaml`, then put the following content on it, then save it: - -```yaml -backup: - enabled: true - schedule: "0 2 * * *" # Runs every day at 2 am, change it to whatever interval works for you - existingSecret: - jenkinsgcp: # This is the secret name - gcpcredentials: sa-credentials.json # The service account file in the secret - destination: "gcs://BUCKET_NAME/jenkins-k8s-backup" # Replace with Bucket Name from previous step -controller: - initializeOnce: true # Installs latest plugins as soon as Jenkins starts - installLatestPlugins: true -persistence: - enabled: true # So that we have a PVC that we can backup -``` - -**NOTE**: The [`gcpcredentials`](https://github.com/fabiogomezdiaz/helm-charts-1/blob/main/charts/jenkins/values.yaml#L829) key in the [`jenkinsgcp`](https://github.com/fabiogomezdiaz/helm-charts-1/blob/main/charts/jenkins/values.yaml#L827) field tells the Helm chart that we will be using a GCS bucket as our backup. - -##### 8. Deploy Jenkins Chart with new values - -Now that we have everything in place, let's deploy the Jenkins Chart with the new values file: - -```bash -helm upgrade --install jenkins --namespace jenkins \ - -f values.yaml \ - jenkinsci/jenkins; -``` - -**NOTE**: Save the password from this installation as it will be needed in the [Restore from Backup in Google Cloud Storage Bucket](#example-restore-from-backup-in-google-cloud-storage-bucket) section. - -##### 9. Create resources to backup in Jenkins - -Once Jenkins is available, go to Jenkins and create jobs, download plugins, and create credentials so that we have something to backup other than the default Jenkins installation. - -##### 10. Trigger the backup job - -The values file we used to deploy Jenkins runs the backup job every day at 2 AM. - -If you don't want to wait that long for the job to start running, then patch the CronJob to run in the next minute with the following commands: - -```bash -# Update CronJob to run every minute -kubectl -n jenkins patch cronjob.batch/jenkins-backup --patch '{"spec": {"schedule": "* * * * *"}}' - -# Run this command until the "jenkins-backup-*" container is running -kubectl get pods | grep backup; - -# To prevent multiple jobs from spanning every minute, change the CronJob back to original schedule -kubectl -n jenkins patch cronjob.batch/jenkins-backup --patch '{"spec": {"schedule": "0 2 * * *"}}' -``` - -##### 11. Verify that the backup job completed successfully - -Once the job is running, then query the backup pod logs to monitor progress as follows: - -```bash -# Get backup container name -BACKUP_CONTAINER=$(kubectl get pods | grep backup | awk '{print $1}'); - -# Stream logs of backup container until job is finished -kubectl logs -f ${BACKUP_CONTAINER}; -``` - -**NOTE**: The backup job will create a time-stamped folder in the GCS bucket each time the backup job runs. - -If you can see a success message from the backup job and can see the contents of the backup on your GCS bucket, then the backup was successful! - -A similar process would work for AWS S3. See additional `backup` values using [configuration commands](#configuration). - -**NOTE**: If an environmental variable `AWS_REGION` is not provided, the region of the AWS S3 bucket will be assumed to be `eu-central-1`. If you want to use an S3 bucket in another region, you need to provide the bucket's region as an environmental variable as below: - -```yaml -backup: - env: # The region of your S3 bucket. - - name: AWS_REGION - value: us-east-1 -``` - -### Restore From Backup - -To restore a backup, you can use the `kube-tasks` underlying tool called [skbn](https://github.com/maorfr/skbn), which copies files from cloud storage to Kubernetes. -The best way to do it would be using a `Job` to copy files from the desired backup tag to the Jenkins pod. - -See the following example for more details. - -#### Example: Restore from Backup in Google Cloud Storage Bucket - -**NOTE**: This section assumes that you ran the steps in [Example: Backup to Google Cloud Storage Bucket](#example-backup-to-google-cloud-storage-bucket) beforehand and that you **saved the password** for that Jenkins installation, which you will need at the end of this section. - -Let's pretend you are restoring a backup from a Google Cloud Storage Bucket because you completely lost your Jenkins installation and you are starting from scratch. - -In the following steps, we will explain what this process would look like: - -##### 1. Reinstall the Jenkins Helm Chart - -First, we need to remove the old Jenkins installation that we backed up previously, then we can install a clean Jenkins instance to restore from GCS backup. - -To do so, run the following commands: - -```bash -# Delete old Jenkins installation -helm delete jenkins - -# Install Jenkins Chart -helm upgrade --install jenkins --namespace jenkins \ - -f values.yaml \ - jenkinsci/jenkins; -``` - -**NOTE**: This Command uses the same values file that was created in the [7. Deploy the Jenkins Helm Chart using a modified values file](#7-deploy-the-jenkins-helm-chart-using-a-modified-values-file) section. - -Now verify that Jenkins is up and running and it DOES NOT have any of the resources you created earlier. - -##### 2. Create a Kubernetes Service Account for the Restore Job - -In order for the Restore job to pull backup data from the GCS bucket and put it in the jenkins `/var/jenkins_home` folder in the Jenkins pod, you need to create the following: - -- A [Kubernetes Service Account](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) (not to be confused with a GCP Service Account) for the Restore job. -- A [Kubernetes ClusterRole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) that lists the necessary permissions to update the data in the volumes of other pods. -- A [Kubernetes ClusterRoleBinding](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) that binds the above ClusterRole to the Service Account. - -To do so, create a file called `restore-rbac.yaml` and enter the following content, then save it: - -```yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: skbn - name: skbn - namespace: jenkins ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: skbn - name: skbn -rules: -- apiGroups: [""] - resources: ["pods", "pods/log"] - verbs: ["get", "list"] -- apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: skbn - name: skbn -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: skbn -subjects: -- kind: ServiceAccount - name: skbn - namespace: jenkins -``` - -To apply the above manifest, run the following command: - -```bash -kubectl apply -f restore-rbac.yaml -``` - -##### 3. Create a Kubernetes Job to restore Jenkins - -The logic that will execute the Jenkins restoration from a GCS backup will be done through a -[Kubernetes Job](https://kubernetes.io/docs/concepts/workloads/controllers/job/), which will run only once as needed. - -To create the job, create a manifest file called `restore.yaml` with the following content, then save it: - -```yaml -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app: skbn - name: skbn - namespace: jenkins -spec: - template: - metadata: - labels: - app: skbn - spec: - restartPolicy: OnFailure - serviceAccountName: skbn - containers: - - name: skbn - image: maorfr/skbn - command: ["skbn"] - args: - - "cp" - - "--src" - - "gcs://BUCKET_NAME/jenkins-k8s-backup/BACKUP_NAME" - - "--dst" - - "k8s://jenkins/jenkins-0/jenkins/var/jenkins_home" - imagePullPolicy: IfNotPresent - env: - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/jenkinsgcp/sa-credentials.json - volumeMounts: - - mountPath: /var/run/secrets/jenkinsgcp - name: jenkinsgcp - volumes: - - name: jenkinsgcp - secret: - secretName: jenkinsgcp -``` - -While the above Job manifest is mostly complete, you need to replace a couple of things, as follows: - -- Replace `BUCKET_NAME` with the GCS Bucket name created in [Create a GCS bucket with a unique name](#2-create-a-gcs-bucket-with-a-unique-name). -- Go to your GCS bucket and find the name of the latest timestamped folder (i.e. `20210717154947`), then replace `BACKUP_NAME` with it, then save the file. - -Notice that we are using the `jenkinsgcp` Kubernetes Secret that holds the `sa-credentials.json` key file for the GCP Service Account that we created in [Create a Service Account Key](#5-create-a-service-account-key). - -Having the Kubernetes Secret provide the GCP Service Account Key to the Restore Kubernetes Job is what will allow the Job to download the contents of the backup from the GCS bucket and put it into the `/var/jenkins_home` folder in the Persistent Volume Claim of the `jenkins-0` pod. - -##### 4. Deploy the Restore Job - -Deploy the Restore Job using the following command: - -```bash -kubectl apply -f restore.yaml -``` - -Wait about a minute for the Job to start, then query the logs using the following commands: - -```bash -# Get restore container name -RESTORE_CONTAINER=$(kubectl get pods | grep skbn | awk '{print $1}'); - -# Stream logs of restore container until job is finished -kubectl logs -f ${RESTORE_CONTAINER}; -``` - -Watch the logs until the job is done. This usually takes a few minutes. - -##### 5. Verify that Jenkins was restored from GCS Backup - -Login to Jenkins, then click on `Manage Jenkins-> Reload Configuration from Disk`, then press `OK`. - -Jenkins is now going to reload the backup content from disk and restart. Now, if you performed this on a new Jenkins installation, you will **not be able to login** using the password for the new installation of Jenkins. - -Because we are restoring from the backup of a previous installation, we need to login using the password for the old Jenkins installation. - -So, refresh your browser and login to Jenkins using the password from the backup. - -Now, verify that all your jobs, plugins, and credentials from that backup are showing up, and if they are, then CONGRATULATIONS on successfully restoring Jenkins from a GCS Backup! - -A similar process would work for AWS S3. See additional `backup` values using [configuration commands](#configuration) to figure out how what fields to put in the Restore Job manifest. - ### Adding Custom Pod Templates It is possible to add custom pod templates for the default configured kubernetes cloud. @@ -954,10 +645,10 @@ controller: ### HTTPS Keystore Configuration -[This configuration](https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777) enables jenkins to use keystore in order to serve https. +[This configuration](https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777) enables jenkins to use keystore in order to serve HTTPS. Here is the [value file section](https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777#RunningJenkinswithnativeSSL/HTTPS-ConfigureJenkinstouseHTTPSandtheJKSkeystore) related to keystore configuration. Keystore itself should be placed in front of `jenkinsKeyStoreBase64Encoded` key and in base64 encoded format. To achieve that after having `keystore.jks` file simply do this: `cat keystore.jks | base64` and paste the output in front of `jenkinsKeyStoreBase64Encoded`. -After enabling `httpsKeyStore.enable` make sure that `httpPort` and `targetPort` are not the same, as `targetPort` will serve https. +After enabling `httpsKeyStore.enable` make sure that `httpPort` and `targetPort` are not the same, as `targetPort` will serve HTTPS. Do not set `controller.httpsKeyStore.httpPort` to `-1` because it will cause readiness and liveliness prob to fail. If you already have a kubernetes secret that has keystore and its password you can specify its' name in front of `jenkinsHttpsJksSecretName`, You need to remember that your secret should have proper data key names `jenkins-jks-file` (or override the key name using `jenkinsHttpsJksSecretKey`) and `https-jks-password` (or override the key name using `jenkinsHttpsJksPasswordSecretKey`; additionally you can make it get the password from a different secret using `jenkinsHttpsJksPasswordSecretName`). Example: @@ -1012,116 +703,4 @@ Upgrade an existing release from `stable/jenkins` to `jenkins/jenkins` seamlessl Chart release versions follow [SemVer](../../CONTRIBUTING.md#versioning), where a MAJOR version change (example `1.0.0` -> `2.0.0`) indicates an incompatible breaking change needing manual actions. -### To 3.0.0 - -* Check `securityRealm` and `authorizationStrategy` and adjust it. - Otherwise, your configured users and permissions will be overridden. -* You need to use helm version 3 as the `Chart.yaml` uses `apiVersion: v2`. -* All XML configuration options have been removed. - In case those are still in use you need to migrate to configuration as code. - Upgrade guide to 2.0.0 contains pointers how to do that. -* Jenkins is now using a `StatefulSet` instead of a `Deployment` -* terminology has been adjusted that's also reflected in values.yaml - The following values from `values.yaml` have been renamed: - - * `master` => `controller` - * `master.useSecurity` => `controller.adminSecret` - * `master.slaveListenerPort` => `controller.agentListenerPort` - * `master.slaveHostPort` => `controller.agentListenerHostPort` - * `master.slaveKubernetesNamespace` => `agent.namespace` - * `master.slaveDefaultsProviderTemplate` => `agent.defaultsProviderTemplate` - * `master.slaveJenkinsUrl` => `agent.jenkinsUrl` - * `master.slaveJenkinsTunnel` => `agent.jenkinsTunnel` - * `master.slaveConnectTimeout` => `agent.kubernetesConnectTimeout` - * `master.slaveReadTimeout` => `agent.kubernetesReadTimeout` - * `master.slaveListenerServiceAnnotations` => `controller.agentListenerServiceAnnotations` - * `master.slaveListenerServiceType` => `controller.agentListenerServiceType` - * `master.slaveListenerLoadBalancerIP` => `controller.agentListenerLoadBalancerIP` - * `agent.slaveConnectTimeout` => `agent.connectTimeout` -* Removed values: - - * `master.imageTag`: use `controller.image` and `controller.tag` instead - * `slave.imageTag`: use `agent.image` and `agent.tag` instead - -### To 2.0.0 - -Configuration as Code is now default + container does not run as root anymore. - -#### Configuration as Code new default - -Configuration is done via [Jenkins Configuration as Code Plugin](https://github.com/jenkinsci/configuration-as-code-plugin) by default. -That means that changes in values which result in a configuration change are always applied. -In contrast, the XML configuration was only applied during the first start and never altered. - -:exclamation::exclamation::exclamation: -Attention: -This also means if you manually altered configuration then this will most likely be reset to what was configured by default. -It also applies to `securityRealm` and `authorizationStrategy` as they are also configured using configuration as code. -:exclamation::exclamation::exclamation: - -#### Image does not run as root anymore - -It's not recommended to run containers in Kubernetes as `root`. - -❗Attention: If you had not configured a different user before then you need to ensure that your image supports the user and group ID configured and also manually change permissions of all files so that Jenkins is still able to use them. - -#### Summary of updated values - -As version 2.0.0 only updates default values and nothing else it's still possible to migrate to this version and opt out of some or all new defaults. -All you have to do is ensure the old values are set in your installation. - -Here we show which values have changed and the previous default values: - -```yaml -controller: - runAsUser: 1000 # was unset before - fsGroup: 1000 # was unset before - JCasC: - enabled: true # was false - defaultConfig: true # was false - sidecars: - configAutoReload: - enabled: true # was false -``` - -#### Migration steps - -Migration instructions heavily depend on your current setup. -So think of the list below more as a general guideline of what should be done. - -- Ensure that the Jenkins image you are using contains a user with ID 1000 and a group with the same ID. - That's the case for `jenkins/jenkins:lts` image, which the chart uses by default -- Make a backup of your existing installation especially the persistent volume -- Ensure that you have the configuration as code plugin installed -- Export your current settings via the plugin: - `Manage Jenkins` -> `Configuration as Code` -> `Download Configuration` -- prepare your values file for the update e.g. add additional configuration as code setting that you need. - The export taken from above might be a good starting point for this. - In addition, the [demos](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos) from the plugin itself are quite useful. -- Test drive those setting on a separate installation -- Put Jenkins to Quiet Down mode so that it does not accept new jobs - `/quietDown` -- Change permissions of all files and folders to the new user and group id: - - ```console - kubectl exec -it -c jenkins /bin/bash - chown -R 1000:1000 /var/jenkins_home - ``` - -- Update Jenkins - -### To 1.0.0 - -Breaking changes: - -- Values have been renamed to follow [helm recommended naming conventions](https://helm.sh/docs/chart_best_practices/#naming-conventions) so that all variables start with a lowercase letter and words are separated with camelcase -- All resources are now using [helm recommended standard labels](https://helm.sh/docs/chart_best_practices/#standard-labels) - -As a result of the label changes also the selectors of the deployment have been updated. -Those are immutable so trying an updated will cause an error like: - -```console -Error: Deployment.apps "jenkins" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/component":"jenkins-controller", "app.kubernetes.io/instance":"jenkins"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable -``` - -In order to upgrade, [uninstall](#uninstall-chart) the Jenkins Deployment before upgrading: +See [UPGRADING.md](./UPGRADING.md) for a list of breaking changes diff --git a/charts/jenkins/jenkins/UPGRADING.md b/charts/jenkins/jenkins/UPGRADING.md new file mode 100644 index 000000000..41e424dbd --- /dev/null +++ b/charts/jenkins/jenkins/UPGRADING.md @@ -0,0 +1,148 @@ +# Upgrade Notes + +## To 5.0.0 +- `controller.image`, `controller.tag`, and `controller.tagLabel` have been removed. If you want to overwrite the image you now need to configure any or all of: + - `controller.image.registry` + - `controller.image.repository` + - `controller.image.tag` + - `controller.image.tagLabel` +- `controller.imagePullPolicy` has been removed. If you want to overwrite the pull policy you now need to configure `controller.image.pullPolicy`. +- `controller.sidecars.configAutoReload.image` has been removed. If you want to overwrite the configAutoReload image you now need to configure any or all of: + - `controller.sidecars.configAutoReload.image.registry` + - `controller.sidecars.configAutoReload.image.repository` + - `controller.sidecars.configAutoReload.image.tag` +- `controller.sidecars.other` has been renamed to `controller.sidecars.additionalSidecarContainers`. +- `agent.image` and `agent.tag` have been removed. If you want to overwrite the agent image you now need to configure any or all of: + - `agent.image.repository` + - `agent.image.tag` + - The registry can still be overwritten by `agent.jnlpregistry` +- `agent.additionalContainers[*].image` has been renamed to `agent.additionalContainers[*].image.repository` +- `agent.additionalContainers[*].tag` has been renamed to `agent.additionalContainers[*].image.tag` +- `additionalAgents.*.image` has been renamed to `additionalAgents.*.image.repository` +- `additionalAgents.*.tag` has been renamed to `additionalAgents.*.image.tag` +- `additionalClouds.*.additionalAgents.*.image` has been renamed to `additionalClouds.*.additionalAgents.*.image.repository` +- `additionalClouds.*.additionalAgents.*.tag` has been renamed to `additionalClouds.*.additionalAgents.*.image.tag` +- `helmtest.bats.image` has been split up to: + - `helmtest.bats.image.registry` + - `helmtest.bats.image.repository` + - `helmtest.bats.image.tag` +- `controller.adminUsername` and `controller.adminPassword` have been renamed to `controller.admin.username` and `controller.admin.password` respectively +- `controller.adminSecret` has been renamed to `controller.admin.createSecret` +- `backup.*` was unmaintained and has thus been removed. See the following page for alternatives: [Kubernetes Backup and Migrations](https://nubenetes.com/kubernetes-backup-migrations/). + +## To 4.0.0 +Removes automatic `remotingSecurity` setting when using a container tag older than `2.326` (introduced in [`3.11.7`](./CHANGELOG.md#3117)). If you're using a version older than `2.326`, you should explicitly set `.controller.legacyRemotingSecurityEnabled` to `true`. + +## To 3.0.0 + +* Check `securityRealm` and `authorizationStrategy` and adjust it. + Otherwise, your configured users and permissions will be overridden. +* You need to use helm version 3 as the `Chart.yaml` uses `apiVersion: v2`. +* All XML configuration options have been removed. + In case those are still in use you need to migrate to configuration as code. + Upgrade guide to 2.0.0 contains pointers how to do that. +* Jenkins is now using a `StatefulSet` instead of a `Deployment` +* terminology has been adjusted that's also reflected in values.yaml + The following values from `values.yaml` have been renamed: + + * `master` => `controller` + * `master.useSecurity` => `controller.adminSecret` + * `master.slaveListenerPort` => `controller.agentListenerPort` + * `master.slaveHostPort` => `controller.agentListenerHostPort` + * `master.slaveKubernetesNamespace` => `agent.namespace` + * `master.slaveDefaultsProviderTemplate` => `agent.defaultsProviderTemplate` + * `master.slaveJenkinsUrl` => `agent.jenkinsUrl` + * `master.slaveJenkinsTunnel` => `agent.jenkinsTunnel` + * `master.slaveConnectTimeout` => `agent.kubernetesConnectTimeout` + * `master.slaveReadTimeout` => `agent.kubernetesReadTimeout` + * `master.slaveListenerServiceAnnotations` => `controller.agentListenerServiceAnnotations` + * `master.slaveListenerServiceType` => `controller.agentListenerServiceType` + * `master.slaveListenerLoadBalancerIP` => `controller.agentListenerLoadBalancerIP` + * `agent.slaveConnectTimeout` => `agent.connectTimeout` +* Removed values: + + * `master.imageTag`: use `controller.image` and `controller.tag` instead + * `slave.imageTag`: use `agent.image` and `agent.tag` instead + +## To 2.0.0 + +Configuration as Code is now default + container does not run as root anymore. + +### Configuration as Code new default + +Configuration is done via [Jenkins Configuration as Code Plugin](https://github.com/jenkinsci/configuration-as-code-plugin) by default. +That means that changes in values which result in a configuration change are always applied. +In contrast, the XML configuration was only applied during the first start and never altered. + +:exclamation::exclamation::exclamation: +Attention: +This also means if you manually altered configuration then this will most likely be reset to what was configured by default. +It also applies to `securityRealm` and `authorizationStrategy` as they are also configured using configuration as code. +:exclamation::exclamation::exclamation: + +### Image does not run as root anymore + +It's not recommended to run containers in Kubernetes as `root`. + +❗Attention: If you had not configured a different user before then you need to ensure that your image supports the user and group ID configured and also manually change permissions of all files so that Jenkins is still able to use them. + +### Summary of updated values + +As version 2.0.0 only updates default values and nothing else it's still possible to migrate to this version and opt out of some or all new defaults. +All you have to do is ensure the old values are set in your installation. + +Here we show which values have changed and the previous default values: + +```yaml +controller: + runAsUser: 1000 # was unset before + fsGroup: 1000 # was unset before + JCasC: + enabled: true # was false + defaultConfig: true # was false + sidecars: + configAutoReload: + enabled: true # was false +``` + +### Migration steps + +Migration instructions heavily depend on your current setup. +So think of the list below more as a general guideline of what should be done. + +- Ensure that the Jenkins image you are using contains a user with ID 1000 and a group with the same ID. + That's the case for `jenkins/jenkins:lts` image, which the chart uses by default +- Make a backup of your existing installation especially the persistent volume +- Ensure that you have the configuration as code plugin installed +- Export your current settings via the plugin: + `Manage Jenkins` -> `Configuration as Code` -> `Download Configuration` +- prepare your values file for the update e.g. add additional configuration as code setting that you need. + The export taken from above might be a good starting point for this. + In addition, the [demos](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos) from the plugin itself are quite useful. +- Test drive those setting on a separate installation +- Put Jenkins to Quiet Down mode so that it does not accept new jobs + `/quietDown` +- Change permissions of all files and folders to the new user and group id: + + ```console + kubectl exec -it -c jenkins /bin/bash + chown -R 1000:1000 /var/jenkins_home + ``` + +- Update Jenkins + +## To 1.0.0 + +Breaking changes: + +- Values have been renamed to follow [helm recommended naming conventions](https://helm.sh/docs/chart_best_practices/#naming-conventions) so that all variables start with a lowercase letter and words are separated with camelcase +- All resources are now using [helm recommended standard labels](https://helm.sh/docs/chart_best_practices/#standard-labels) + +As a result of the label changes also the selectors of the deployment have been updated. +Those are immutable so trying an updated will cause an error like: + +```console +Error: Deployment.apps "jenkins" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/component":"jenkins-controller", "app.kubernetes.io/instance":"jenkins"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable +``` + +In order to upgrade, [uninstall](./README.md#uninstall-chart) the Jenkins Deployment before upgrading: diff --git a/charts/jenkins/jenkins/VALUES_SUMMARY.md b/charts/jenkins/jenkins/VALUES_SUMMARY.md index 11671ee2f..f18f29dfe 100644 --- a/charts/jenkins/jenkins/VALUES_SUMMARY.md +++ b/charts/jenkins/jenkins/VALUES_SUMMARY.md @@ -31,7 +31,11 @@ The following tables list the configurable parameters of the Jenkins chart and t | `controller.JCasC.authorizationStrategy` | Jenkins Config as Code for Authorization Strategy | `loggedInUsersCanDoAnything` | | `controller.sidecars.configAutoReload` | Jenkins Config as Code auto-reload settings | | | `controller.sidecars.configAutoReload.enabled` | Jenkins Config as Code auto-reload settings (Attention: rbac needs to be enabled otherwise the sidecar can't read the config map) | `true` | -| `controller.sidecars.configAutoReload.image` | Image which triggers the reload | `kiwigrid/k8s-sidecar:1.24.4` | +| `controller.sidecars.configAutoReload.image.registry` | Registry for the image which triggers the reload | `docker.io` | +| `controller.sidecars.configAutoReload.image.repository` | Image which triggers the reload | `kiwigrid/k8s-sidecar` | +| `controller.sidecars.configAutoReload.image.tag` | Tag for the image which triggers the reload | `1.24.4` | +| `controller.sidecars.configAutoReload.scheme` | The HTTP scheme to use when connecting to the Jenkins configuration as code endpoint | `http` | +| `controller.sidecars.configAutoReload.skipTlsVerify` | Skip TLS verification when connecting to the Jenkins configuration as code endpoint | `false` | | `controller.sidecars.configAutoReload.reqRetryConnect` | How many connection-related errors to retry on | `10` | | `controller.sidecars.configAutoReload.sleepTime` | How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar) | Not set | | `controller.sidecars.configAutoReload.envFrom` | Environment variable sources for the Jenkins Config as Code auto-reload container | Not set | @@ -109,10 +113,11 @@ The following tables list the configurable parameters of the Jenkins chart and t | Parameter | Description | Default | |--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------| -| `controller.image` | Controller image name | `jenkins/jenkins` | -| `controller.tagLabel` | Controller image tag label | `jdk17` | -| `controller.tag` | Controller image tag override | Not set | -| `controller.imagePullPolicy` | Controller image pull policy | `Always` | +| `controller.image.registry` | Controller image registry | `docker.io` | +| `controller.image.repository` | Controller image name | `jenkins/jenkins` | +| `controller.image.tagLabel` | Controller image tag label | `jdk17` | +| `controller.image.tag` | Controller image tag override | Not set | +| `controller.image.pullPolicy` | Controller image pull policy | `Always` | | `controller.imagePullSecretName` | Controller image pull secret | Not set | | `controller.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 50m, memory: 256Mi}, limits: {cpu: 2000m, memory: 4096Mi}}` | | `controller.initContainerResources` | Resources allocation (Requests and Limits) for Init Container | Not set | @@ -155,7 +160,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | `controller.admin.userKey` | The key in the existing admin secret containing the username. | `jenkins-admin-user` | | `controller.admin.passwordKey` | The key in the existing admin secret containing the password. | `jenkins-admin-password` | | `controller.customInitContainers` | Custom init-container specification in raw-yaml format | Not set | -| `controller.sidecars.other` | Configures additional sidecar container(s) for Jenkins controller | `[]` | +| `controller.sidecars.additionalSidecarContainers`| Configures additional sidecar container(s) for Jenkins controller | `[]` | #### Kubernetes Pod Disruption Budget @@ -255,9 +260,9 @@ The following tables list the configurable parameters of the Jenkins chart and t | Parameter | Description | Default | |----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------| -| `controller.adminUser` | Admin username (and password) created as a secret if adminSecret is true | `admin` | -| `controller.adminPassword` | Admin password (and user) created as a secret if adminSecret is true | Random value | -| `controller.existingSecret` | The name of an existing secret containing keys credentials. | `""` | +| `controller.admin.username` | Admin username (and password) created as a secret if `controller.admin.createSecret` is true | `admin` | +| `controller.admin.password` | Admin password (and user) created as a secret if `controller.admin.createSecret` is true | Random value | +| `controller.admin.existingSecret` | The name of an existing secret containing keys credentials. | `""` | | `controller.additionalSecrets` | List of additional secrets to create and mount according to [JCasC docs](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets) | `[]` | | `controller.additionalExistingSecrets` | List of additional existing secrets to mount according to [JCasC docs](https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets) | `[]` | | `controller.secretClaims` | List of `SecretClaim` resources to create | `[]` | @@ -341,20 +346,21 @@ The following tables list the configurable parameters of the Jenkins chart and t #### Side Container Configuration -| Parameter | Description | Default | -|---------------------------|------------------------------------------------|------------------------------------------------------------------------------| -| `agent.sideContainerName` | Side container name in agent | jnlp | -| `agent.image` | Agent image name | `jenkins/inbound-agent` | -| `agent.tag` | Agent image tag | `3192.v713e3b_039fb_e-5` | -| `agent.alwaysPullImage` | Always pull agent container image before build | `false` | -| `agent.privileged` | Agent privileged container | `false` | -| `agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 512m, memory: 512Mi}, limits: {cpu: 512m, memory: 512Mi}}` | -| `agent.runAsUser` | Configure container user | Not set | -| `agent.runAsGroup` | Configure container group | Not set | -| `agent.command` | Executed command when side container starts | Not set | -| `agent.args` | Arguments passed to executed command | `${computer.jnlpmac} ${computer.name}` | -| `agent.TTYEnabled` | Allocate pseudo tty to the side container | false | -| `agent.workingDir` | Configure working directory for default agent | `/home/jenkins/agent` | +| Parameter | Description | Default | +|---------------------------| ----------------------------------------------- |--------------------------------------------------------------------------------| +| `agent.sideContainerName` | Side container name in agent | jnlp | +| `agent.image.repository` | Agent image name | `jenkins/inbound-agent` | +| `agent.image.tag` | Agent image tag | `3192.v713e3b_039fb_e-5` | +| `agent.alwaysPullImage` | Always pull agent container image before build | `false` | +| `agent.privileged` | Agent privileged container | `false` | +| `agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 512m, memory: 512Mi}, limits: {cpu: 512m, memory: 512Mi}}` | +| `agent.runAsUser` | Configure container user | Not set | +| `agent.runAsGroup` | Configure container group | Not set | +| `agent.command` | Executed command when side container starts | Not set | +| `agent.args` | Arguments passed to executed command | `${computer.jnlpmac} ${computer.name}` | +| `agent.TTYEnabled` | Allocate pseudo tty to the side container | false | +| `agent.workingDir` | Configure working directory for default agent | `/home/jenkins/agent` | + #### Other @@ -380,42 +386,10 @@ The following tables list the configurable parameters of the Jenkins chart and t | `persistence.volumes` | Additional volumes | `nil` | | `persistence.mounts` | Additional mounts | `nil` | -### Backup - -| Parameter | Description | Default | -|--------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|----------------------------| -| `backup.enabled` | Enable the use of a backup CronJob | `false` | -| `backup.schedule` | Schedule to run jobs | `0 2 * * *` | -| `backup.labels` | Backup pod labels | `{}` | -| `backup.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `backup.serviceAccount.name` | name of the backup ServiceAccount | autogenerated | -| `backup.serviceAccount.annotations` | Backup pod annotations | `{}` | -| `backup.image.repo` | Backup image repository | `maorfr/kube-tasks` | -| `backup.image.tag` | Backup image tag | `0.2.0` | -| `backup.image.imagePullSecretName` | Backup image pull secret | Not set | -| `backup.extraArgs` | Additional arguments for kube-tasks | `[]` | -| `backup.existingSecret` | Environment variables to add to the cronjob container | `{}` | -| `backup.existingSecret.*` | Specify the secret name containing the AWS or GCP credentials | `jenkinsaws` | -| `backup.existingSecret.*.awsaccesskey` | `secretKeyRef.key` used for `AWS_ACCESS_KEY_ID` | `jenkins_aws_access_key` | -| `backup.existingSecret.*.awssecretkey` | `secretKeyRef.key` used for `AWS_SECRET_ACCESS_KEY` | `jenkins_aws_secret_key` | -| `backup.existingSecret.*.azstorageaccount` | `secretKeyRef.key` used for `AZURE_STORAGE_ACCOUNT` | `""` | -| `backup.existingSecret.*.azstoragekey` | `secretKeyRef.key` used for `AZURE_STORAGE_ACCESS_KEY` | `""` | -| `backup.existingSecret.*.gcpcredentials` | Mounts secret as volume and sets `GOOGLE_APPLICATION_CREDENTIALS` | `credentials.json` | -| `backup.env` | Backup environment variables | `[]` | -| `backup.resources` | Backup CPU/Memory resource requests/limits | Memory: `1Gi`, CPU: `1` | -| `backup.destination` | Destination to store backup artifacts | `s3://jenkins-data/backup` | -| `backup.onlyJobs` | Only backup the job folder | `false` | -| `backup.usePodSecurityContext` | Enable backup pod's security context (must be `true` if `runAsUser`, `fsGroup`, or `podSecurityContextOverride` are set) | `true` | -| `backup.runAsUser` | Deprecated in favor of `backup.podSecurityContextOverride`. uid that jenkins runs with. | `1000` | -| `backup.fsGroup` | Deprecated in favor of `backup.podSecurityContextOverride`. uid that will be used for persistent volume. | `1000` | -| `backup.podSecurityContextOverride` | Completely overwrites the contents of the backup pod's security context, ignoring the values provided for `runAsUser`, and `fsGroup`. | Not set | -| `cronJob.apiVersion` | CronJob API version | 'batch/v1' | -| `awsSecurityGroupPolicies.enabled` | Enable the creation of SecurityGroupPolicy resources | `false` | -| `awsSecurityGroupPolicies.policies` | Security Group Policy definitions. `awsSecurityGroupPolicies.enabled` must be `true` | Not set | - ### Helm Tests -| Parameter | Description | Default | -|-----------------------|-----------------------------------|-------------| -| `helmtest.bats.image` | Image used to test the framework | `bats/bats` | -| `helmtest.bats.tag` | Test framework image tag override | `1.2.1` | +| Parameter | Description | Default | +|----------------------------------|-------------------------------------|-------------| +| `helmtest.bats.image.registry` | Registry used to test the framework | `docker.io` | +| `helmtest.bats.image.repository` | Image used to test the framework | `bats/bats` | +| `helmtest.bats.image.tag` | Test framework image tag override | `1.2.1` | diff --git a/charts/jenkins/jenkins/templates/NOTES.txt b/charts/jenkins/jenkins/templates/NOTES.txt index 0d2df0b93..953dd2606 100644 --- a/charts/jenkins/jenkins/templates/NOTES.txt +++ b/charts/jenkins/jenkins/templates/NOTES.txt @@ -1,6 +1,6 @@ {{- $prefix := .Values.controller.jenkinsUriPrefix | default "" -}} {{- $url := "" -}} -1. Get your '{{ .Values.controller.adminUser }}' user password by running: +1. Get your '{{ .Values.controller.admin.username }}' user password by running: kubectl exec --namespace {{ template "jenkins.namespace" . }} -it svc/{{ template "jenkins.fullname" . }} -c jenkins -- /bin/cat /run/secrets/additional/chart-admin-password && echo {{- if .Values.controller.ingress.hostName -}} {{- if .Values.controller.ingress.tls -}} @@ -43,7 +43,7 @@ {{- end }} {{- end }} -3. Login with the password from step 1 and the username: {{ .Values.controller.adminUser }} +3. Login with the password from step 1 and the username: {{ .Values.controller.admin.username }} 4. Configure security realm and authorization strategy 5. Use Jenkins Configuration as Code by specifying configScripts in your values.yaml file, see documentation: {{ $url }}/configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos @@ -53,7 +53,7 @@ https://cloud.google.com/solutions/jenkins-on-container-engine For more information about Jenkins Configuration as Code, visit: https://jenkins.io/projects/jcasc/ -{{ if (eq .Values.controller.image "jenkins/jenkins") }} +{{ if and (eq .Values.controller.image.repository "jenkins/jenkins") (eq .Values.controller.image.registry "docker.io") }} NOTE: Consider using a custom image with pre-installed plugins {{- else if .Values.controller.installPlugins }} NOTE: Consider disabling `installPlugins` if your image already contains plugins. diff --git a/charts/jenkins/jenkins/templates/_helpers.tpl b/charts/jenkins/jenkins/templates/_helpers.tpl index 1b416c805..ef7f1ef82 100644 --- a/charts/jenkins/jenkins/templates/_helpers.tpl +++ b/charts/jenkins/jenkins/templates/_helpers.tpl @@ -61,8 +61,8 @@ Returns the admin password https://github.com/helm/charts/issues/5167#issuecomment-619137759 */}} {{- define "jenkins.password" -}} - {{ if .Values.controller.adminPassword -}} - {{- .Values.controller.adminPassword | b64enc | quote }} + {{- if .Values.controller.admin.password -}} + {{- .Values.controller.admin.password | b64enc | quote }} {{- else -}} {{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "jenkins.fullname" .)).data -}} {{- if $secret -}} @@ -180,10 +180,10 @@ jenkins: value: {{ $val | quote }} {{- end }} templates: - {{- if not .Values.agent.disableDefaultAgent }} + {{- if not .Values.agent.disableDefaultAgent }} {{- include "jenkins.casc.podTemplate" . | nindent 8 }} - {{- end }} - {{- if .Values.additionalAgents }} + {{- end }} + {{- if .Values.additionalAgents }} {{- /* save .Values.agent */}} {{- $agent := .Values.agent }} {{- range $name, $additionalAgent := .Values.additionalAgents }} @@ -200,11 +200,11 @@ jenkins: {{- end }} {{- /* restore .Values.agent */}} {{- $_ := set .Values "agent" $agent }} - {{- end }} + {{- end }} {{- if .Values.agent.podTemplates }} - {{- range $key, $val := .Values.agent.podTemplates }} - {{- tpl $val $ | nindent 8 }} - {{- end }} + {{- range $key, $val := .Values.agent.podTemplates }} + {{- tpl $val $ | nindent 8 }} + {{- end }} {{- end }} {{- end }} {{- if .Values.additionalClouds }} @@ -284,8 +284,8 @@ jenkins: {{- /* restore .Values.agent */}} {{- $_ := set .Values "agent" $agent }} {{- end }} - {{- if .Values.agent.podTemplates }} - {{- range $key, $val := .Values.agent.podTemplates }} + {{- with .Values.agent.podTemplates }} + {{- range $key, $val := . }} {{- tpl $val $ | nindent 8 }} {{- end }} {{- end }} @@ -301,16 +301,18 @@ jenkins: excludeClientIPFromCrumb: {{ if .Values.controller.csrf.defaultCrumbIssuer.proxyCompatability }}true{{ else }}false{{- end }} {{- end }} {{- include "jenkins.casc.security" . }} -{{- if .Values.controller.scriptApproval }} +{{- with .Values.controller.scriptApproval }} scriptApproval: approvedSignatures: -{{- range $key, $val := .Values.controller.scriptApproval }} + {{- range $key, $val := . }} - "{{ $val }}" -{{- end }} + {{- end }} {{- end }} unclassified: location: - adminAddress: {{ default "" .Values.controller.jenkinsAdminEmail }} + {{- with .Values.controller.jenkinsAdminEmail }} + adminAddress: {{ . }} + {{- end }} url: {{ template "jenkins.url" . }} {{- end -}} @@ -342,7 +344,9 @@ Returns kubernetes pod template configuration as code - name: "{{ .Values.agent.sideContainerName }}" alwaysPullImage: {{ .Values.agent.alwaysPullImage }} args: "{{ .Values.agent.args | replace "$" "^$" }}" - command: {{ .Values.agent.command }} + {{- with .Values.agent.command }} + command: {{ . }} + {{- end }} envVars: - envVar: {{- if .Values.agent.directConnection }} @@ -360,7 +364,7 @@ Returns kubernetes pod template configuration as code value: "http://{{ template "jenkins.fullname" . }}.{{ template "jenkins.namespace" . }}.svc.{{.Values.clusterZone}}:{{.Values.controller.servicePort}}{{ default "/" .Values.controller.jenkinsUriPrefix }}" {{- end }} {{- end }} - image: "{{ .Values.agent.image }}:{{ .Values.agent.tag }}" + image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" {{- if .Values.agent.livenessProbe }} livenessProbe: execArgs: {{.Values.agent.livenessProbe.execArgs | quote}} @@ -373,23 +377,29 @@ Returns kubernetes pod template configuration as code privileged: "{{- if .Values.agent.privileged }}true{{- else }}false{{- end }}" resourceLimitCpu: {{.Values.agent.resources.limits.cpu}} resourceLimitMemory: {{.Values.agent.resources.limits.memory}} - {{- if .Values.agent.resources.limits.ephemeralStorage }} - resourceLimitEphemeralStorage: {{.Values.agent.resources.limits.ephemeralStorage}} + {{- with .Values.agent.resources.limits.ephemeralStorage }} + resourceLimitEphemeralStorage: {{.}} {{- end }} resourceRequestCpu: {{.Values.agent.resources.requests.cpu}} resourceRequestMemory: {{.Values.agent.resources.requests.memory}} - {{- if .Values.agent.resources.requests.ephemeralStorage }} - resourceRequestEphemeralStorage: {{.Values.agent.resources.requests.ephemeralStorage}} + {{- with .Values.agent.resources.requests.ephemeralStorage }} + resourceRequestEphemeralStorage: {{.}} + {{- end }} + {{- with .Values.agent.runAsUser }} + runAsUser: {{ . }} + {{- end }} + {{- with .Values.agent.runAsGroup }} + runAsGroup: {{ . }} {{- end }} - runAsUser: {{ .Values.agent.runAsUser }} - runAsGroup: {{ .Values.agent.runAsGroup }} ttyEnabled: {{ .Values.agent.TTYEnabled }} workingDir: {{ .Values.agent.workingDir }} {{- range $additionalContainers := .Values.agent.additionalContainers }} - name: "{{ $additionalContainers.sideContainerName }}" alwaysPullImage: {{ $additionalContainers.alwaysPullImage | default $.Values.agent.alwaysPullImage }} args: "{{ $additionalContainers.args | replace "$" "^$" }}" - command: {{ $additionalContainers.command }} + {{- with $additionalContainers.command }} + command: {{ . }} + {{- end }} envVars: - envVar: key: "JENKINS_URL" @@ -398,7 +408,7 @@ Returns kubernetes pod template configuration as code {{- else }} value: "http://{{ template "jenkins.fullname" $ }}.{{ template "jenkins.namespace" $ }}.svc.{{ $.Values.clusterZone }}:{{ $.Values.controller.servicePort }}{{ default "/" $.Values.controller.jenkinsUriPrefix }}" {{- end }} - image: "{{ $additionalContainers.image }}:{{ $additionalContainers.tag }}" + image: "{{ $additionalContainers.image.repository }}:{{ $additionalContainers.image.tag }}" {{- if $additionalContainers.livenessProbe }} livenessProbe: execArgs: {{$additionalContainers.livenessProbe.execArgs | quote}} @@ -413,8 +423,12 @@ Returns kubernetes pod template configuration as code resourceLimitMemory: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.limits.memory }}{{ else }}{{ $.Values.agent.resources.limits.memory }}{{ end }} resourceRequestCpu: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.requests.cpu }}{{ else }}{{ $.Values.agent.resources.requests.cpu }}{{ end }} resourceRequestMemory: {{ if $additionalContainers.resources }}{{ $additionalContainers.resources.requests.memory }}{{ else }}{{ $.Values.agent.resources.requests.memory }}{{ end }} + {{- if or $additionalContainers.runAsUser $.Values.agent.runAsUser }} runAsUser: {{ $additionalContainers.runAsUser | default $.Values.agent.runAsUser }} + {{- end }} + {{- if or $additionalContainers.runAsGroup $.Values.agent.runAsGroup }} runAsGroup: {{ $additionalContainers.runAsGroup | default $.Values.agent.runAsGroup }} + {{- end }} ttyEnabled: {{ $additionalContainers.TTYEnabled | default $.Values.agent.TTYEnabled }} workingDir: {{ $additionalContainers.workingDir | default $.Values.agent.workingDir }} {{- end }} @@ -509,7 +523,7 @@ Returns kubernetes pod template configuration as code {{- define "jenkins.kubernetes-version" -}} {{- if .Values.controller.installPlugins -}} {{- range .Values.controller.installPlugins -}} - {{ if hasPrefix "kubernetes:" . }} + {{- if hasPrefix "kubernetes:" . }} {{- $split := splitList ":" . }} {{- printf "%s" (index $split 1 ) -}} {{- end -}} @@ -548,25 +562,14 @@ Create the name of the service account for Jenkins agents to use {{- end -}} {{- end -}} -{{/* -Create the name of the service account for Jenkins backup to use -*/}} -{{- define "backup.serviceAccountBackupName" -}} -{{- if .Values.backup.serviceAccount.create -}} - {{ default (printf "%s-%s" (include "jenkins.fullname" .) "backup") .Values.backup.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.backup.serviceAccount.name }} -{{- end -}} -{{- end -}} - {{/* Create a full tag name for controller image */}} -{{- define "controller.tag" -}} -{{- if .Values.controller.tagLabel -}} - {{- default (printf "%s-%s" .Chart.AppVersion .Values.controller.tagLabel) .Values.controller.tag -}} +{{- define "controller.image.tag" -}} +{{- if .Values.controller.image.tagLabel -}} + {{- default (printf "%s-%s" .Chart.AppVersion .Values.controller.image.tagLabel) .Values.controller.image.tag -}} {{- else -}} - {{- default .Chart.AppVersion .Values.controller.tag -}} + {{- default .Chart.AppVersion .Values.controller.image.tag -}} {{- end -}} {{- end -}} @@ -586,7 +589,7 @@ Create the HTTP port for interacting with the controller {{- $containerName := index . 1 -}} {{- $containerType := index . 2 -}} - name: {{ $containerName }} - image: "{{ $root.Values.controller.sidecars.configAutoReload.image }}" + image: "{{ $root.Values.controller.sidecars.configAutoReload.image.registry }}/{{ $root.Values.controller.sidecars.configAutoReload.image.repository }}:{{ $root.Values.controller.sidecars.configAutoReload.image.tag }}" imagePullPolicy: {{ $root.Values.controller.sidecars.configAutoReload.imagePullPolicy }} {{- if $root.Values.controller.sidecars.configAutoReload.containerSecurityContext }} securityContext: {{- toYaml $root.Values.controller.sidecars.configAutoReload.containerSecurityContext | nindent 4 }} @@ -617,11 +620,15 @@ Create the HTTP port for interacting with the controller {{- end }} {{- if eq $containerType "sidecar" }} - name: REQ_URL - value: "http://localhost:{{- include "controller.httpPort" $root -}}{{- $root.Values.controller.jenkinsUriPrefix -}}/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)" + value: "{{- default "http" $root.Values.controller.sidecars.configAutoReload.scheme }}://localhost:{{- include "controller.httpPort" $root -}}{{- $root.Values.controller.jenkinsUriPrefix -}}/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)" - name: REQ_METHOD value: "POST" - name: REQ_RETRY_CONNECT value: "{{ $root.Values.controller.sidecars.configAutoReload.reqRetryConnect }}" + {{- if $root.Values.controller.sidecars.configAutoReload.skipTlsVerify }} + - name: REQ_SKIP_TLS_VERIFY + value: "true" + {{- end }} {{- end }} {{- if $root.Values.controller.sidecars.configAutoReload.env }} diff --git a/charts/jenkins/jenkins/templates/deprecation.yaml b/charts/jenkins/jenkins/templates/deprecation.yaml index 43a798de9..f54017ce4 100644 --- a/charts/jenkins/jenkins/templates/deprecation.yaml +++ b/charts/jenkins/jenkins/templates/deprecation.yaml @@ -4,7 +4,7 @@ {{- end }} {{- if .Values.controller.imageTag }} - {{ fail "`controller.imageTag` does no longer exist. Please use `controller.tag` instead" }} + {{ fail "`controller.imageTag` does no longer exist. Please use `controller.image.tag` instead" }} {{- end }} {{- if .Values.controller.slaveListenerPort }} @@ -112,4 +112,40 @@ {{- if .Values.controller.rollingUpdate }} {{ fail "`controller.rollingUpdate` does no longer exist. It is no longer relevant, since a StatefulSet is used for the Jenkins controller" }} {{- end }} + + {{- if .Values.controller.tag }} + {{ fail "`controller.tag` no longer exists. It has been renamed to `controller.image.tag'" }} + {{- end }} + + {{- if .Values.controller.tagLabel }} + {{ fail "`controller.tagLabel` no longer exists. It has been renamed to `controller.image.tagLabel`" }} + {{- end }} + + {{- if .Values.controller.adminSecret }} + {{ fail "`controller.adminSecret` no longer exists. It has been renamed to `controller.admin.createSecret`" }} + {{- end }} + + {{- if .Values.controller.adminUser }} + {{ fail "`controller.adminUser` no longer exists. It has been renamed to `controller.admin.username`" }} + {{- end }} + + {{- if .Values.controller.adminPassword }} + {{ fail "`controller.adminPassword` no longer exists. It has been renamed to `controller.admin.password`" }} + {{- end }} + + {{- if .Values.controller.sidecars.other }} + {{ fail "`controller.sidecars.other` no longer exists. It has been renamed to `controller.sidecars.additionalSidecarContainers`" }} + {{- end }} + + {{- if .Values.agent.tag }} + {{ fail "`controller.agent.tag` no longer exists. It has been renamed to `controller.agent.image.tag`" }} + {{- end }} + + {{- if .Values.backup }} + {{ fail "`controller.backup` no longer exists." }} + {{- end }} + + {{- if .Values.helmtest.bats.tag }} + {{ fail "`helmtest.bats.tag` no longer exists. It has been renamed to `helmtest.bats.image.tag`" }} + {{- end }} {{- end }} diff --git a/charts/jenkins/jenkins/templates/jcasc-config.yaml b/charts/jenkins/jenkins/templates/jcasc-config.yaml index 684c985ab..e40419452 100644 --- a/charts/jenkins/jenkins/templates/jcasc-config.yaml +++ b/charts/jenkins/jenkins/templates/jcasc-config.yaml @@ -40,6 +40,6 @@ metadata: {{ template "jenkins.fullname" $root }}-jenkins-config: "true" data: jcasc-default-config.yaml: |- - {{- include "jenkins.casc.defaults" . |nindent 4 }} + {{- include "jenkins.casc.defaults" . | nindent 4 }} {{- end}} {{- end }} diff --git a/charts/jenkins/jenkins/templates/jenkins-backup-cronjob.yaml b/charts/jenkins/jenkins/templates/jenkins-backup-cronjob.yaml deleted file mode 100644 index d710dd5e5..000000000 --- a/charts/jenkins/jenkins/templates/jenkins-backup-cronjob.yaml +++ /dev/null @@ -1,168 +0,0 @@ -{{- if .Values.backup.enabled }} -apiVersion: {{ .Values.cronJob.apiVersion }} -kind: CronJob -metadata: - name: {{ template "jenkins.fullname" . }}-backup - namespace: {{ template "jenkins.namespace" . }} - labels: - "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' - {{- if .Values.renderHelmLabels }} - "helm.sh/chart": "{{ template "jenkins.label" .}}" - {{- end }} - "app.kubernetes.io/managed-by": "{{ .Release.Service }}" - "app.kubernetes.io/instance": "{{ .Release.Name }}" - "app.kubernetes.io/component": "{{ .Values.backup.componentName }}" -spec: - schedule: {{ .Values.backup.schedule | quote }} - concurrencyPolicy: Forbid - startingDeadlineSeconds: 120 - jobTemplate: - spec: -{{- if .Values.backup.activeDeadlineSeconds }} - activeDeadlineSeconds: {{ .Values.backup.activeDeadlineSeconds }} -{{- end }} - template: - metadata: - {{- if .Values.backup.labels }} - labels: - {{- toYaml .Values.backup.labels | trim | nindent 12 }} - {{- end }} - {{- if .Values.backup.annotations }} - annotations: - {{- toYaml .Values.backup.annotations | trim | nindent 12 }} - {{- end }} - spec: - restartPolicy: OnFailure - serviceAccountName: {{ include "backup.serviceAccountBackupName" . }} - {{- if .Values.backup.usePodSecurityContext }} - securityContext: - {{- if hasKey .Values.backup "podSecurityContextOverride" }} - {{- tpl (toYaml .Values.backup.podSecurityContextOverride | nindent 12) . }} - {{- else }} - runAsUser: {{ default 0 .Values.backup.runAsUser }} - {{- if and (.Values.backup.runAsUser) (.Values.backup.fsGroup) }} - {{- if not (eq (int .Values.backup.runAsUser) 0) }} - fsGroup: {{ .Values.backup.fsGroup }} - {{- end }} - {{- end }} - {{- if .Values.backup.securityContextCapabilities }} - capabilities: - {{- toYaml .Values.backup.securityContextCapabilities | nindent 12 }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: jenkins-backup - image: "{{ .Values.backup.image.repository }}:{{ .Values.backup.image.tag }}" - command: ["kube-tasks"] - args: - - simple-backup - - -n - - {{ template "jenkins.namespace" . }} - - -l - - app.kubernetes.io/instance={{ .Release.Name }} - - --container - - jenkins - - --path - {{- if .Values.backup.onlyJobs }} - - {{ .Values.controller.jenkinsHome }}/jobs - {{- else}} - - {{ .Values.controller.jenkinsHome }} - {{- end}} - - --dst - - {{ .Values.backup.destination }} - {{- with .Values.backup.extraArgs }} - {{- toYaml . | nindent 12 }} - {{- end }} - env: - {{- with .Values.backup.env }} - {{- toYaml . | trim | nindent 12 }} - {{- end }} - {{- if .Values.backup.existingSecret }} - {{- range $key,$value := .Values.backup.existingSecret }} - {{- if $value.awsaccesskey }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ $key }} - key: {{ $value.awsaccesskey | quote }} - {{- end }} - {{- if $value.awssecretkey }} - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ $key }} - key: {{ $value.awssecretkey | quote}} - {{- end }} - {{- if $value.azstorageaccount }} - - name: AZURE_STORAGE_ACCOUNT - valueFrom: - secretKeyRef: - name: {{ $key }} - key: {{ $value.azstorageaccount | quote}} - {{- end }} - {{- if $value.azstoragekey }} - - name: AZURE_STORAGE_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ $key }} - key: {{ $value.azstoragekey | quote}} - {{- end }} - {{- if $value.gcpcredentials }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/var/run/secrets/{{ $key }}/{{ $value.gcpcredentials }}" - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.backup.resources }} - resources: - {{- toYaml . | trim | nindent 14 }} - {{- end }} - volumeMounts: - {{- if .Values.backup.existingSecret }} - {{- range $key,$value := .Values.backup.existingSecret }} - {{- if $value.gcpcredentials }} - - mountPath: /var/run/secrets/{{ $key }} - name: {{ $key }} - {{- end }} - {{- end }} - {{- end }} - volumes: - {{- if .Values.backup.existingSecret }} - {{- range $key,$value := .Values.backup.existingSecret }} - {{- if $value.gcpcredentials }} - - name: {{ $key }} - secret: - secretName: {{ $key }} - {{- end }} - {{- end }} - {{- end }} - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ template "jenkins.fullname" . }} - - key: release - operator: In - values: - - {{ .Release.Name }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.backup.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.backup.imagePullSecretName }} - {{- end -}} -{{- end }} diff --git a/charts/jenkins/jenkins/templates/jenkins-backup-rbac.yaml b/charts/jenkins/jenkins/templates/jenkins-backup-rbac.yaml deleted file mode 100644 index 0f94fa833..000000000 --- a/charts/jenkins/jenkins/templates/jenkins-backup-rbac.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.backup.enabled }} -{{- if .Values.backup.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "backup.serviceAccountBackupName" . }} - namespace: {{ template "jenkins.namespace" . }} - labels: - "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' - {{- if .Values.renderHelmLabels }} - "helm.sh/chart": "{{ template "jenkins.label" .}}" - {{- end }} - "app.kubernetes.io/managed-by": "{{ .Release.Service }}" - "app.kubernetes.io/instance": "{{ .Release.Name }}" - "app.kubernetes.io/component": "{{ .Values.controller.componentName }}" - {{- if .Values.backup.serviceAccount.annotations }} - annotations: - {{- toYaml .Values.backup.serviceAccount.annotations | nindent 4 }} - {{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "jenkins.fullname" . }}-backup - namespace: {{ template "jenkins.namespace" . }} - labels: - "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' - {{- if .Values.renderHelmLabels }} - "helm.sh/chart": "{{ template "jenkins.label" .}}" - {{- end }} - "app.kubernetes.io/managed-by": "{{ .Release.Service }}" - "app.kubernetes.io/instance": "{{ .Release.Name }}" - "app.kubernetes.io/component": "{{ .Values.controller.componentName }}" -rules: -- apiGroups: [""] - resources: ["pods", "pods/log"] - verbs: ["get", "list"] -- apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "jenkins.fullname" . }}-backup - namespace: {{ template "jenkins.namespace" . }} - labels: - "app.kubernetes.io/name": '{{ template "jenkins.name" .}}' - {{- if .Values.renderHelmLabels }} - "helm.sh/chart": "{{ template "jenkins.label" .}}" - {{- end }} - "app.kubernetes.io/managed-by": "{{ .Release.Service }}" - "app.kubernetes.io/instance": "{{ .Release.Name }}" - "app.kubernetes.io/component": "{{ .Values.controller.componentName }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "jenkins.fullname" . }}-backup -subjects: -- kind: ServiceAccount - name: {{ include "backup.serviceAccountBackupName" . }} - namespace: {{ template "jenkins.namespace" . }} -{{- end }} diff --git a/charts/jenkins/jenkins/templates/jenkins-controller-statefulset.yaml b/charts/jenkins/jenkins/templates/jenkins-controller-statefulset.yaml index 9cfe93633..364debb9e 100644 --- a/charts/jenkins/jenkins/templates/jenkins-controller-statefulset.yaml +++ b/charts/jenkins/jenkins/templates/jenkins-controller-statefulset.yaml @@ -118,8 +118,8 @@ spec: {{- end}} - name: "init" - image: "{{ .Values.controller.image }}:{{- include "controller.tag" . -}}" - imagePullPolicy: "{{ .Values.controller.imagePullPolicy }}" + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{- include "controller.image.tag" . -}}" + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" {{- if .Values.controller.containerSecurityContext }} securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 12 }} {{- end }} @@ -170,8 +170,8 @@ spec: {{- end }} containers: - name: jenkins - image: "{{ .Values.controller.image }}:{{- include "controller.tag" . -}}" - imagePullPolicy: "{{ .Values.controller.imagePullPolicy }}" + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{- include "controller.image.tag" . -}}" + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" {{- if .Values.controller.containerSecurityContext }} securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 12 }} {{- end }} @@ -205,7 +205,7 @@ spec: {{- if .Values.controller.containerEnv }} {{ (tpl ( toYaml .Values.controller.containerEnv) .) | indent 12 }} {{- end }} - {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.adminSecret }} + {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }} - name: SECRETS value: /run/secrets/additional {{- end }} @@ -298,7 +298,7 @@ spec: - name: sc-config-volume mountPath: {{ .Values.controller.sidecars.configAutoReload.folder | default (printf "%s/casc_configs" (.Values.controller.jenkinsRef)) }} {{- end }} - {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.adminSecret }} + {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }} - name: jenkins-secrets mountPath: /run/secrets/additional readOnly: true @@ -313,8 +313,8 @@ spec: {{- end}} -{{- if .Values.controller.sidecars.other}} -{{ tpl (toYaml .Values.controller.sidecars.other | indent 8) .}} +{{- if .Values.controller.sidecars.additionalSidecarContainers}} +{{ tpl (toYaml .Values.controller.sidecars.additionalSidecarContainers | indent 8) .}} {{- end }} volumes: @@ -351,7 +351,7 @@ spec: - name: plugin-dir emptyDir: {} {{- end }} - {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.adminSecret }} + {{- if or .Values.controller.additionalSecrets .Values.controller.existingSecret .Values.controller.additionalExistingSecrets .Values.controller.admin.createSecret }} - name: jenkins-secrets projected: sources: @@ -368,7 +368,7 @@ spec: path: {{ tpl $value.name $ }}-{{ tpl $value.keyName $ }} {{- end }} {{- end }} - {{- if .Values.controller.adminSecret }} + {{- if .Values.controller.admin.createSecret }} - secret: name: {{ .Values.controller.admin.existingSecret | default (include "jenkins.fullname" .) }} items: diff --git a/charts/jenkins/jenkins/templates/secret.yaml b/charts/jenkins/jenkins/templates/secret.yaml index 4feb52f42..cc6ace179 100644 --- a/charts/jenkins/jenkins/templates/secret.yaml +++ b/charts/jenkins/jenkins/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if and (not .Values.controller.admin.existingSecret) (.Values.controller.adminSecret) -}} +{{- if and (not .Values.controller.admin.existingSecret) (.Values.controller.admin.createSecret) -}} apiVersion: v1 kind: Secret @@ -16,5 +16,5 @@ metadata: type: Opaque data: jenkins-admin-password: {{ template "jenkins.password" . }} - jenkins-admin-user: {{ .Values.controller.adminUser | b64enc | quote }} + jenkins-admin-user: {{ .Values.controller.admin.username | b64enc | quote }} {{- end }} diff --git a/charts/jenkins/jenkins/templates/tests/jenkins-test.yaml b/charts/jenkins/jenkins/templates/tests/jenkins-test.yaml index 20e06b593..12a935ecc 100644 --- a/charts/jenkins/jenkins/templates/tests/jenkins-test.yaml +++ b/charts/jenkins/jenkins/templates/tests/jenkins-test.yaml @@ -17,7 +17,7 @@ spec: {{- end }} initContainers: - name: "test-framework" - image: {{ .Values.helmtest.bats.image }}:{{ .Values.helmtest.bats.tag }} + image: "{{ .Values.helmtest.bats.image.registry }}/{{ .Values.helmtest.bats.image.repository }}:{{ .Values.helmtest.bats.image.tag }}" command: - "bash" - "-c" @@ -31,7 +31,7 @@ spec: name: tools containers: - name: {{ .Release.Name }}-ui-test - image: "{{ .Values.controller.image }}:{{- include "controller.tag" . -}}" + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{- include "controller.image.tag" . -}}" command: ["/tools/bats/bin/bats", "-t", "/tests/run.sh"] volumeMounts: - mountPath: /tests diff --git a/charts/jenkins/jenkins/values.yaml b/charts/jenkins/jenkins/values.yaml index cc6e6626d..a70faeeb1 100644 --- a/charts/jenkins/jenkins/values.yaml +++ b/charts/jenkins/jenkins/values.yaml @@ -24,10 +24,12 @@ renderHelmLabels: true controller: # Used for label app.kubernetes.io/component componentName: "jenkins-controller" - image: "jenkins/jenkins" - # tag: "2.426.2-jdk17" - tagLabel: jdk17 - imagePullPolicy: "Always" + image: + registry: "docker.io" + repository: "jenkins/jenkins" + # tag: "2.426.3-jdk17" + tagLabel: jdk17 + pullPolicy: "Always" imagePullSecretName: # Optionally configure lifetime for controller-container lifecycle: @@ -43,20 +45,23 @@ controller: # This is ignored if enableRawHtmlMarkupFormatter is true markupFormatter: plainText customJenkinsLabels: [] - # The default configuration uses this secret to configure an admin user - # If you don't need that user or use a different security realm then you can disable it - adminSecret: true hostNetworking: false # When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. # If you disable the non-Jenkins identity store and instead use the Jenkins internal one, - # you should revert controller.adminUser to your preferred admin user: - adminUser: "admin" - # adminPassword: + # you should revert controller.admin.username to your preferred admin user: admin: - existingSecret: "" + username: "admin" + # password: + userKey: jenkins-admin-user passwordKey: jenkins-admin-password + + # The default configuration uses this secret to configure an admin user + # If you don't need that user or use a different security realm then you can disable it + createSecret: true + existingSecret: "" + # This values should not be changed unless you use your custom image of jenkins or any devired from. If you want to use # Cloudbees Jenkins Distribution docker, you should set jenkinsHome: "/var/cloudbees-jenkins-distribution" jenkinsHome: "/var/jenkins_home" @@ -247,10 +252,10 @@ controller: # List of plugins to be install during Jenkins controller start installPlugins: - - kubernetes:4174.v4230d0ccd951 + - kubernetes:4186.v1d804571d5d4 - workflow-aggregator:596.v8c21c963d92d - - git:5.1.0 - - configuration-as-code:1670.v564dc8b_982d0 + - git:5.2.1 + - configuration-as-code:1775.v810dc950b_514 # Set to false to download the minimum required version of all dependencies. installLatestPlugins: true @@ -359,7 +364,7 @@ controller: # Optionally specify additional init-containers customInitContainers: [] # - name: custom-init - # image: "alpine:3.7" + # image: "alpine:3" # imagePullPolicy: Always # command: [ "uname", "-a" ] @@ -369,7 +374,10 @@ controller: # jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the # http:///reload-configuration-as-code endpoint to reapply config when changes to the configScripts are detected. enabled: true - image: kiwigrid/k8s-sidecar:1.24.4 + image: + registry: docker.io + repository: kiwigrid/k8s-sidecar + tag: 1.25.4 imagePullPolicy: IfNotPresent resources: {} # limits: @@ -399,8 +407,8 @@ controller: readOnlyRootFilesystem: true allowPrivilegeEscalation: false - # Allows you to inject additional/other sidecars - other: [] + # Allows you to inject additional sidecars + additionalSidecarContainers: [] ## The example below runs the client for https://smee.io as sidecar container next to Jenkins, ## that allows to trigger build behind a secure firewall. ## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall @@ -638,8 +646,9 @@ agent: namespace: # private registry for agent image jnlpregistry: - image: "jenkins/inbound-agent" - tag: "3192.v713e3b_039fb_e-5" + image: + repository: "jenkins/inbound-agent" + tag: "3206.vb_15dcf73f6a_9-3" workingDir: "/home/jenkins/agent" nodeUsageMode: "NORMAL" customJenkinsLabels: [] @@ -791,8 +800,9 @@ agent: # Containers specified here are added to all agents. Set key empty to remove container from additional agents. additionalContainers: [] # - sideContainerName: dind - # image: docker - # tag: dind + # image: + # repository: docker + # tag: dind # command: dockerd-entrypoint.sh # args: "" # privileged: true @@ -840,14 +850,16 @@ additionalAgents: {} # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp -# image: jenkins/jnlp-agent-maven -# tag: latest +# image: +# repository: jenkins/jnlp-agent-maven +# tag: latest # python: # podName: python # customJenkinsLabels: python # sideContainerName: python -# image: python -# tag: "3" +# image: +# repository: python +# tag: "3" # command: "/bin/sh -c" # args: "cat" # TTYEnabled: true @@ -867,8 +879,9 @@ additionalClouds: {} # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp -# image: jenkins/jnlp-agent-maven -# tag: latest +# image: +# repository: jenkins/jnlp-agent-maven +# tag: latest # namespace: my-other-maven-namespace # remote-cloud-2: # kubernetesURL: https://api.remote-cloud.com @@ -945,76 +958,6 @@ serviceAccountAgent: extraLabels: {} imagePullSecretName: -## Backup cronjob configuration -## Ref: https://github.com/maorfr/kube-tasks -backup: - # Backup must use RBAC - # So by enabling backup you are enabling RBAC specific for backup - enabled: false - # Used for label app.kubernetes.io/component - componentName: "backup" - # Schedule to run jobs. Must be in cron time format - # Ref: https://crontab.guru/ - schedule: "0 2 * * *" - labels: {} - serviceAccount: - create: true - name: - annotations: {} - # Example for authorization to AWS S3 using kube2iam or IRSA - # Can also be done using environment variables - # iam.amazonaws.com/role: "jenkins" - # "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/jenkins-backup" - # Set this to terminate the job that is running/failing continously and set the job status to "Failed" - activeDeadlineSeconds: "" - image: - repository: "maorfr/kube-tasks" - tag: "0.2.0" - imagePullSecretName: - # Additional arguments for kube-tasks - # Ref: https://github.com/maorfr/kube-tasks#simple-backup - extraArgs: [] - # Add existingSecret for AWS credentials - existingSecret: {} - ## Example for using an existing secret - # jenkinsaws: - ## Use this key for AWS access key ID - # awsaccesskey: jenkins_aws_access_key - ## Use this key for AWS secret access key - # awssecretkey: jenkins_aws_secret_key - # Add additional environment variables - # jenkinsgcp: - ## Use this key for GCP credentials - # gcpcredentials: credentials.json - env: [] - # Example environment variable required for AWS credentials chain - # - name: "AWS_REGION" - # value: "us-east-1" - resources: - requests: - memory: 1Gi - cpu: 1 - limits: - memory: 1Gi - cpu: 1 - # Destination to store the backup artifacts - # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage - # Additional support can added. Visit this repository for details - # Ref: https://github.com/maorfr/skbn - destination: "s3://jenkins-data/backup" - # By enabling only the jenkins_home/jobs folder gets backed up, not the whole jenkins instance - onlyJobs: false - # Enable backup pod security context (must be `true` if runAsUser or fsGroup are set) - usePodSecurityContext: true - # When setting runAsUser to a different value than 0 also set fsGroup to the same value: - runAsUser: 1000 - fsGroup: 1000 - securityContextCapabilities: {} - # drop: - # - NET_RAW -cronJob: - apiVersion: batch/v1 - checkDeprecation: true awsSecurityGroupPolicies: @@ -1029,5 +972,7 @@ helmtest: # A testing framework for bash bats: # Bash Automated Testing System (BATS) - image: "bats/bats" - tag: "1.9.0" + image: + registry: "docker.io" + repository: "bats/bats" + tag: "v1.10.0" diff --git a/charts/jfrog/artifactory-ha/.helmignore b/charts/jfrog/artifactory-ha/.helmignore index c7eb1e274..b6e97f07f 100644 --- a/charts/jfrog/artifactory-ha/.helmignore +++ b/charts/jfrog/artifactory-ha/.helmignore @@ -19,4 +19,6 @@ .project .idea/ *.tmproj -OWNERS \ No newline at end of file +OWNERS + +tests/ \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md index 9987e6dec..a36e0b66c 100644 --- a/charts/jfrog/artifactory-ha/CHANGELOG.md +++ b/charts/jfrog/artifactory-ha/CHANGELOG.md @@ -1,10 +1,29 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.71.11] - Nov 15, 2023 +## [107.77.0] - Dec 21, 2023 +* Removed integration service +* Added recommended postgresql sizing configurations under sizing directory +* Updated artifactory-federation (probes, port, embedded mode) + +## [107.77.5] - Dec 13, 2023 +* Added connectionTimeout and socketTimeout paramaters under AWSS3 binarystore section +* Reduced nginx startupProbe initialDelaySeconds + +## [107.74.0] - Nov 30, 2023 +* Added recommended sizing configurations under sizing directory, please refer [here](README.md/#apply-sizing-configurations-to-the-chart) +* **IMPORTANT** +* Added min kubeVersion ">= 1.19.0-0" in chart.yaml + +## [107.70.0] - Nov 30, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml * Fixed - Artifactory primary service condition +* Fixed - SecurityContext with runAsGroup in artifactory-ha [GH-1838](https://github.com/jfrog/charts/issues/1838) +* Added support for custom labels in the Nginx pods [GH-1836](https://github.com/jfrog/charts/pull/1836) +* Added podSecurityContext and containerSecurityContext for nginx +* Added support for nginx on openshift, set `podSecurityContext` and `containerSecurityContext` to false +* Renamed nginx internalPort 80,443 to 8080,8443 to support openshift ## [107.69.0] - Sep 18, 2023 * Adjust rtfs context diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml index 7f44c5d46..90619f508 100644 --- a/charts/jfrog/artifactory-ha/Chart.yaml +++ b/charts/jfrog/artifactory-ha/Chart.yaml @@ -1,10 +1,10 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA - catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: artifactory-ha apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -18,7 +18,7 @@ keywords: - artifactory - jfrog - devops -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: installers@jfrog.com name: Chart Maintainers at JFrog @@ -26,4 +26,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.71.11 +version: 107.77.5 diff --git a/charts/jfrog/artifactory-ha/README.md b/charts/jfrog/artifactory-ha/README.md index de40eebce..ea332fc19 100644 --- a/charts/jfrog/artifactory-ha/README.md +++ b/charts/jfrog/artifactory-ha/README.md @@ -8,7 +8,7 @@ Below you will find the basic instructions for installing, uninstalling, and del ## Prerequisites Details -* Kubernetes 1.14+ +* Kubernetes 1.19+ * Artifactory HA license ## Chart Details @@ -40,6 +40,13 @@ To install the chart with the release name `artifactory`: helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha ``` +### Apply Sizing configurations to the Chart +To apply the chart with recommended sizing configurations : +For small configurations : +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml +``` + ## Uninstalling Artifactory Uninstall is supported only on Helm v3 and on. diff --git a/charts/jfrog/artifactory-ha/ci/large-values.yaml b/charts/jfrog/artifactory-ha/ci/large-values.yaml index 8c1bacd34..153307aa2 100644 --- a/charts/jfrog/artifactory-ha/ci/large-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/large-values.yaml @@ -75,14 +75,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/charts/jfrog/artifactory-ha/ci/medium-values.yaml b/charts/jfrog/artifactory-ha/ci/medium-values.yaml index 3f04f68df..115e7d460 100644 --- a/charts/jfrog/artifactory-ha/ci/medium-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/medium-values.yaml @@ -75,14 +75,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml b/charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml index 7ab2221da..58a8cb207 100644 --- a/charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml @@ -105,14 +105,6 @@ event: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml b/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml index 2b88d70a8..ef334e5e6 100644 --- a/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml @@ -155,21 +155,6 @@ event: preStop: exec: command: ["/bin/sh", "-c", "echo Hello from the event postStart handler >> /tmp/message"] -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "echo Hello from the integration postStart handler >> /tmp/message"] - preStop: - exec: - command: ["/bin/sh", "-c", "echo Hello from the integration postStart handler >> /tmp/message"] observability: resources: requests: diff --git a/charts/jfrog/artifactory-ha/ci/small-values.yaml b/charts/jfrog/artifactory-ha/ci/small-values.yaml index 501d357b9..b4557289e 100644 --- a/charts/jfrog/artifactory-ha/ci/small-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/small-values.yaml @@ -77,14 +77,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/charts/jfrog/artifactory-ha/files/binarystore.xml b/charts/jfrog/artifactory-ha/files/binarystore.xml index f6b99dbe0..dc13eb870 100644 --- a/charts/jfrog/artifactory-ha/files/binarystore.xml +++ b/charts/jfrog/artifactory-ha/files/binarystore.xml @@ -261,6 +261,12 @@ {{- with .maxConnections }} {{ . }} {{- end }} + {{- with .connectionTimeout }} + {{ . }} + {{- end }} + {{- with .socketTimeout }} + {{ . }} + {{- end }} {{- with .kmsServerSideEncryptionKeyId }} {{ . }} {{- end }} diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-2xlarge-extra-config.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-2xlarge-extra-config.yaml new file mode 100644 index 000000000..d3891eca4 --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-2xlarge-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=200 + -Dartifactory.async.poolMaxQueueSize=100000 + -Dartifactory.http.client.max.total.connections=150 + -Dartifactory.http.client.max.connections.per.route=150 + -Dartifactory.access.client.max.connections=200 + -Dartifactory.metadata.event.operator.threads=5 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=1048576 + -XX:MaxDirectMemorySize=1024m + + tomcat: + connector: + maxThreads: 800 + extraConfig: 'acceptCount="1200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 200 + +access: + tomcat: + connector: + maxThreads: 200 + + database: + maxOpenConnections: 200 + +metadata: + database: + maxOpenConnections: 200 + diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-2xlarge.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-2xlarge.yaml new file mode 100644 index 000000000..ef809864f --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-2xlarge.yaml @@ -0,0 +1,118 @@ +############################################################## +# The 2xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 6 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "4" + memory: 20Gi + limits: + # cpu: "20" + memory: 24Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "16" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: "1" + memory: 1Gi + limits: + # cpu: "6" + memory: 2Gi + +frontend: + resources: + requests: + cpu: "1" + memory: 500Mi + limits: + # cpu: "5" + memory: 1Gi + +metadata: + resources: + requests: + cpu: "1" + memory: 500Mi + limits: + # cpu: "5" + memory: 2Gi + +event: + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +observability: + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +jfconnect: + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + # cpu: "1" + memory: 250Mi + +nginx: + replicaCount: 3 + disableProxyBuffering: true + resources: + requests: + cpu: "4" + memory: "6Gi" + limits: + # cpu: "14" + memory: "8Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "2500" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 256Gi + cpu: "64" + limits: + memory: 256Gi + # cpu: "128" diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-large-extra-config.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-large-extra-config.yaml new file mode 100644 index 000000000..038c2ac4a --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-large-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=65 + -Dartifactory.async.corePoolSize=80 + -Dartifactory.async.poolMaxQueueSize=20000 + -Dartifactory.http.client.max.total.connections=100 + -Dartifactory.http.client.max.connections.per.route=100 + -Dartifactory.access.client.max.connections=125 + -Dartifactory.metadata.event.operator.threads=4 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=524288 + -XX:MaxDirectMemorySize=512m + + tomcat: + connector: + maxThreads: 500 + extraConfig: 'acceptCount="800" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 100 + +access: + tomcat: + connector: + maxThreads: 125 + + database: + maxOpenConnections: 100 + +metadata: + database: + maxOpenConnections: 100 + diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-large.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-large.yaml new file mode 100644 index 000000000..083643ca2 --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-large.yaml @@ -0,0 +1,118 @@ +############################################################## +# The large sizing +# This size is intended for large organizations. It can be increased with adding replicas or moving to the xlarge sizing +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 3 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "2" + memory: 10Gi + limits: + # cpu: "14" + memory: 12Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "8" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 200m + memory: 400Mi + limits: + # cpu: "4" + memory: 1Gi + +frontend: + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + # cpu: "3" + memory: 1Gi + +metadata: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + # cpu: "4" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "1" + memory: "500Mi" + limits: + # cpu: "4" + memory: "1Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "1000" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 64Gi + cpu: "16" + limits: + memory: 64Gi + # cpu: "32" diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-medium-extra-config.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-medium-extra-config.yaml new file mode 100644 index 000000000..47a4004df --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-medium-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=40 + -Dartifactory.async.poolMaxQueueSize=10000 + -Dartifactory.http.client.max.total.connections=50 + -Dartifactory.http.client.max.connections.per.route=50 + -Dartifactory.access.client.max.connections=75 + -Dartifactory.metadata.event.operator.threads=3 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + + tomcat: + connector: + maxThreads: 300 + extraConfig: 'acceptCount="600" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 50 + +access: + tomcat: + connector: + maxThreads: 75 + + database: + maxOpenConnections: 50 + +metadata: + database: + maxOpenConnections: 50 + diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-medium.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-medium.yaml new file mode 100644 index 000000000..a9f0756d2 --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-medium.yaml @@ -0,0 +1,118 @@ +############################################################## +# The medium sizing +# This size is just 2 replicas of the small size. Vertical sizing of all services is not changed +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 2 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 4Gi + limits: + # cpu: "10" + memory: 5Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 100m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + # cpu: "2" + memory: "500Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "350" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 32Gi + cpu: "8" + limits: + memory: 32Gi + # cpu: "16" \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-small-extra-config.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-small-extra-config.yaml new file mode 100644 index 000000000..47a4004df --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-small-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=40 + -Dartifactory.async.poolMaxQueueSize=10000 + -Dartifactory.http.client.max.total.connections=50 + -Dartifactory.http.client.max.connections.per.route=50 + -Dartifactory.access.client.max.connections=75 + -Dartifactory.metadata.event.operator.threads=3 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + + tomcat: + connector: + maxThreads: 300 + extraConfig: 'acceptCount="600" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 50 + +access: + tomcat: + connector: + maxThreads: 75 + + database: + maxOpenConnections: 50 + +metadata: + database: + maxOpenConnections: 50 + diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-small.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-small.yaml new file mode 100644 index 000000000..3a3db7c89 --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-small.yaml @@ -0,0 +1,118 @@ +############################################################## +# The small sizing +# This is the size recommended for running Artifactory for small teams +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 1 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 4Gi + limits: + # cpu: "10" + memory: 5Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 100m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 1 + disableProxyBuffering: true + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + # cpu: "2" + memory: "500Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "350" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 16Gi + cpu: "4" + limits: + memory: 16Gi + # cpu: "10" diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-xlarge-extra-config.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-xlarge-extra-config.yaml new file mode 100644 index 000000000..e266e0638 --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-xlarge-extra-config.yaml @@ -0,0 +1,39 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=65 + -Dartifactory.async.corePoolSize=160 + -Dartifactory.async.poolMaxQueueSize=50000 + -Dartifactory.http.client.max.total.connections=150 + -Dartifactory.http.client.max.connections.per.route=150 + -Dartifactory.access.client.max.connections=150 + -Dartifactory.metadata.event.operator.threads=5 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=1048576 + -XX:MaxDirectMemorySize=1024m + tomcat: + connector: + maxThreads: 600 + extraConfig: 'acceptCount="1200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 150 + +access: + tomcat: + connector: + maxThreads: 150 + + database: + maxOpenConnections: 150 + +metadata: + database: + maxOpenConnections: 150 + diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-xlarge.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-xlarge.yaml new file mode 100644 index 000000000..ccd336589 --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-xlarge.yaml @@ -0,0 +1,118 @@ +############################################################## +# The xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 4 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "2" + memory: 14Gi + limits: + # cpu: "14" + memory: 16Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "16" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 200m + memory: 500Mi + limits: + # cpu: "4" + memory: 1Gi + +frontend: + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + # cpu: "3" + memory: 1Gi + +metadata: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + # cpu: "4" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "4" + memory: "4Gi" + limits: + # cpu: "12" + memory: "8Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "2500" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 128Gi + cpu: "32" + limits: + memory: 128Gi + # cpu: "64" diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-xsmall-extra-config.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-xsmall-extra-config.yaml new file mode 100644 index 000000000..cc557abd5 --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-xsmall-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=10 + -Dartifactory.async.poolMaxQueueSize=2000 + -Dartifactory.http.client.max.total.connections=20 + -Dartifactory.http.client.max.connections.per.route=20 + -Dartifactory.access.client.max.connections=15 + -Dartifactory.metadata.event.operator.threads=2 + -XX:MaxMetaspaceSize=400m + -XX:CompressedClassSpaceSize=96m + -Djdk.nio.maxCachedBufferSize=131072 + -XX:MaxDirectMemorySize=128m + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 15 + +access: + tomcat: + connector: + maxThreads: 15 + + database: + maxOpenConnections: 15 + +metadata: + database: + maxOpenConnections: 15 + diff --git a/charts/jfrog/artifactory-ha/sizing/artifactory-xsmall.yaml b/charts/jfrog/artifactory-ha/sizing/artifactory-xsmall.yaml new file mode 100644 index 000000000..e46ee61b6 --- /dev/null +++ b/charts/jfrog/artifactory-ha/sizing/artifactory-xsmall.yaml @@ -0,0 +1,118 @@ +############################################################## +# The xsmall sizing +# This is the minimum size recommended for running Artifactory +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 1 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 3Gi + limits: + # cpu: "10" + memory: 4Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 50m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 1 + disableProxyBuffering: true + resources: + requests: + cpu: "50m" + memory: "50Mi" + limits: + # cpu: "1" + memory: "250Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "100" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 8Gi + cpu: "2" + limits: + memory: 8Gi + # cpu: "8" \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/templates/_helpers.tpl b/charts/jfrog/artifactory-ha/templates/_helpers.tpl index c6ef87daf..0456a7b9a 100644 --- a/charts/jfrog/artifactory-ha/templates/_helpers.tpl +++ b/charts/jfrog/artifactory-ha/templates/_helpers.tpl @@ -372,9 +372,6 @@ Resolve requiredServiceTypes value {{- if .Values.event.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfevt" -}} {{- end -}} -{{- if .Values.integration.enabled -}} - {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfint" -}} -{{- end -}} {{- if .Values.frontend.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jffe" -}} {{- end -}} @@ -402,20 +399,7 @@ nginx scheme (http/https) {{- end -}} {{/* -nginx command -*/}} -{{- define "nginx.command" -}} -{{- if .Values.nginx.customCommand }} -{{ toYaml .Values.nginx.customCommand }} -{{ else }} -- nginx -- -g -- 'daemon off;' -{{- end }} -{{- end -}} - -{{/* -nginx port (80/443) based on http/https enabled +nginx port (8080/8443) based on http/https enabled */}} {{- define "nginx.port" -}} {{- if .Values.nginx.http.enabled -}} @@ -496,14 +480,3 @@ nodeSelector: {{ toYaml .Values.nginx.nodeSelector | indent 2 }} {{- end -}} {{- end -}} - -{{/* -Resolve fsGroup and runAsGroup on cluster based -*/}} -{{- define "artifactory.isOpenshiftCompatible" -}} -{{- if (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}} -{{- printf "%s" "true" -}} -{{- else -}} -{{- printf "%s" "false" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml index a0f738f72..8fab72a32 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -71,11 +71,8 @@ spec: securityContext: runAsNonRoot: true runAsUser: {{ .Values.artifactory.uid }} - {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }} runAsGroup: {{ .Values.artifactory.gid }} - {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }} fsGroup: {{ .Values.artifactory.gid }} - {{- end }} {{- if .Values.artifactory.fsGroupChangePolicy }} fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} {{- end }} @@ -707,45 +704,7 @@ spec: {{ tpl .Values.jfconnect.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} - {{- if .Values.integration.enabled }} - - name: {{ .Values.integration.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/integration/bin/jf-integration start - {{- with .Values.integration.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.integration.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.integration.resources | indent 10 }} - {{- if .Values.integration.startupProbe.enabled }} - startupProbe: -{{ tpl .Values.integration.startupProbe.config . | indent 10 }} - {{- end }} - {{- if .Values.integration.livenessProbe.enabled }} - livenessProbe: -{{ tpl .Values.integration.livenessProbe.config . | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.federation.enabled }} + {{- if and .Values.federation.enabled .Values.federation.embedded }} - name: {{ .Values.federation.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} @@ -911,8 +870,6 @@ spec: value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_INTEGRATION_ENABLED - value: "false" {{- end }} {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml index b13bf5cc6..19e04a29a 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -89,11 +89,8 @@ spec: securityContext: runAsNonRoot: true runAsUser: {{ .Values.artifactory.uid }} - {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }} runAsGroup: {{ .Values.artifactory.gid }} - {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }} fsGroup: {{ .Values.artifactory.gid }} - {{- end }} {{- if .Values.artifactory.fsGroupChangePolicy }} fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} {{- end }} @@ -797,45 +794,7 @@ spec: {{ tpl .Values.jfconnect.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} - {{- if .Values.integration.enabled }} - - name: {{ .Values.integration.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/integration/bin/jf-integration start - {{- with .Values.integration.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.integration.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.integration.resources | indent 10 }} - {{- if .Values.integration.startupProbe.enabled }} - startupProbe: -{{ tpl .Values.integration.startupProbe.config . | indent 10 }} - {{- end }} - {{- if .Values.integration.livenessProbe.enabled }} - livenessProbe: -{{ tpl .Values.integration.livenessProbe.config . | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.federation.enabled }} + {{- if and .Values.federation.enabled .Values.federation.embedded }} - name: {{ .Values.federation.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} @@ -995,8 +954,6 @@ spec: value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_INTEGRATION_ENABLED - value: "false" {{- end }} {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB diff --git a/charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml b/charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml index 80e2def21..a086fe9f2 100644 --- a/charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml +++ b/charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml @@ -41,10 +41,13 @@ spec: component: {{ .Values.nginx.name }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 8 }} +{{- end }} spec: - securityContext: - runAsUser: {{ .Values.nginx.uid }} - runAsGroup: {{ .Values.nginx.gid }} + {{- if .Values.nginx.podSecurityContext.enabled }} + securityContext: {{- omit .Values.nginx.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.nginx.terminationGracePeriodSeconds }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} @@ -80,12 +83,9 @@ spec: - name: {{ .Values.nginx.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }} imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - {{- with .Values.nginx.securityContext }} - securityContext: -{{ toYaml . | indent 10 }} + {{- if .Values.nginx.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.nginx.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} - command: -{{- tpl (include "nginx.command" .) . | indent 10 }} ports: {{ if .Values.nginx.customPorts }} {{ toYaml .Values.nginx.customPorts | indent 8 }} @@ -211,4 +211,4 @@ spec: secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate {{- end }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/values-large.yaml b/charts/jfrog/artifactory-ha/values-large.yaml deleted file mode 100644 index 2d0ee5789..000000000 --- a/charts/jfrog/artifactory-ha/values-large.yaml +++ /dev/null @@ -1,82 +0,0 @@ -artifactory: - database: - maxOpenConnections: 150 - tomcat: - connector: - maxThreads: 300 - primary: - replicaCount: 4 - resources: - requests: - memory: "6Gi" - cpu: "2" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "8g" - xmx: "10g" -access: - database: - maxOpenConnections: 150 - tomcat: - connector: - maxThreads: 100 -router: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 150 - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/charts/jfrog/artifactory-ha/values-medium.yaml b/charts/jfrog/artifactory-ha/values-medium.yaml deleted file mode 100644 index c2d26ee38..000000000 --- a/charts/jfrog/artifactory-ha/values-medium.yaml +++ /dev/null @@ -1,82 +0,0 @@ -artifactory: - database: - maxOpenConnections: 100 - tomcat: - connector: - maxThreads: 200 - primary: - replicaCount: 3 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "6g" - xmx: "8g" -access: - database: - maxOpenConnections: 100 - tomcat: - connector: - maxThreads: 50 -router: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 100 - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/charts/jfrog/artifactory-ha/values-small.yaml b/charts/jfrog/artifactory-ha/values-small.yaml deleted file mode 100644 index aa97312a1..000000000 --- a/charts/jfrog/artifactory-ha/values-small.yaml +++ /dev/null @@ -1,82 +0,0 @@ -artifactory: - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - primary: - replicaCount: 2 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "6g" -access: - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 -router: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 80 - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/charts/jfrog/artifactory-ha/values.yaml b/charts/jfrog/artifactory-ha/values.yaml index 34b9c53dd..e36b3600e 100644 --- a/charts/jfrog/artifactory-ha/values.yaml +++ b/charts/jfrog/artifactory-ha/values.yaml @@ -41,7 +41,7 @@ global: ## String to fully override artifactory-ha.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 installer: type: platform: @@ -174,19 +174,12 @@ postgresql: enabled: true containerSecurityContext: enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" + # requests: + # memory: "512Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "500m" ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## you MUST specify custom database details here or Artifactory will NOT start database: @@ -214,7 +207,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.2.750.1697534106 + tag: 9.3.1475 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -239,7 +232,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.81.0 + tag: 7.91.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -787,6 +780,7 @@ artifactory: {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} federation: enabled: true + embedded: {{ .Values.federation.embedded }} extraJavaOpts: {{ .Values.federation.extraJavaOpts }} port: {{ .Values.federation.internalPort }} rtfs: @@ -971,6 +965,8 @@ artifactory: port: useHttp: maxConnections: 50 + connectionTimeout: + socketTimeout: kmsServerSideEncryptionKeyId: kmsKeyRegion: kmsCryptoMode: @@ -1429,62 +1425,12 @@ jfconnect: failureThreshold: 90 periodSeconds: 5 timeoutSeconds: 5 -integration: - name: integration - enabled: true - internalPort: 8071 - ## Extra environment variables that can be used to tune integration to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: MY_ENV_VAR - # value: "" - resources: {} - # requests: - # memory: "100Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "1" - - # Add lifecycle hooks for integration container - lifecycle: {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo Hello from the preStop handler"] - - ## The following settings are to configure the frequency of the liveness and startup probes when splitServicesToContainers set to true - livenessProbe: - enabled: true - config: | - exec: - command: - - sh - - -c - - curl --fail --max-time 1 http://localhost:{{ .Values.integration.internalPort }}/api/v1/system/liveness - initialDelaySeconds: {{ if semverCompare "= 1.19.0-0" in chart.yaml + +## [107.66.0] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml index f34c71ac9..f907a4ea5 100644 --- a/charts/jfrog/artifactory-jcr/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/Chart.yaml @@ -1,14 +1,14 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry - catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: artifactory-jcr apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.5 dependencies: - name: artifactory repository: file://./charts/artifactory - version: 107.71.11 + version: 107.77.5 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png @@ -19,7 +19,7 @@ keywords: - registry - devops - jfrog-container-registry -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: helm@jfrog.com name: Chart Maintainers at JFrog @@ -27,4 +27,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.71.11 +version: 107.77.5 diff --git a/charts/jfrog/artifactory-jcr/README.md b/charts/jfrog/artifactory-jcr/README.md index 7df9d9348..307a46b3a 100644 --- a/charts/jfrog/artifactory-jcr/README.md +++ b/charts/jfrog/artifactory-jcr/README.md @@ -6,7 +6,7 @@ JFrog Container Registry is a free Artifactory edition with Docker and Helm repo ## Prerequisites Details -* Kubernetes 1.14+ +* Kubernetes 1.19+ ## Chart Details This chart will do the following: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/.helmignore b/charts/jfrog/artifactory-jcr/charts/artifactory/.helmignore index c7eb1e274..b6e97f07f 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/.helmignore +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/.helmignore @@ -19,4 +19,6 @@ .project .idea/ *.tmproj -OWNERS \ No newline at end of file +OWNERS + +tests/ \ No newline at end of file diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md index 67a048985..45a70356b 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,9 +1,29 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.71.11] - Oct 31, 2023 +## [107.77.5] - Jan 16, 2024 +* Removed integration service +* Added recommended postgresql sizing configurations under sizing directory +* Updated artifactory-federation (probes, port, embedded mode) +* Fixed - Removed duplicate keys of the sizing yaml file + +## [107.76.0] - Dec 13, 2023 +* Added connectionTimeout and socketTimeout paramaters under AWSS3 binarystore section +* Reduced nginx startupProbe initialDelaySeconds + +## [107.74.0] - Nov 30, 2023 +* Added recommended sizing configurations under sizing directory, please refer [here](README.md/#apply-sizing-configurations-to-the-chart) +* **IMPORTANT** +* Added min kubeVersion ">= 1.19.0-0" in chart.yaml + +## [107.70.0] - Nov 30, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml. +* Fixed - SecurityContext with runAsGroup in artifactory [GH-1838](https://github.com/jfrog/charts/issues/1838) +* Added support for custom labels in the Nginx pods [GH-1836](https://github.com/jfrog/charts/pull/1836) +* Added podSecurityContext and containerSecurityContext for nginx +* Added support for nginx on openshift, set `podSecurityContext` and `containerSecurityContext` to false +* Renamed nginx internalPort 80,443 to 8080,8443 to support openshift ## [107.69.0] - Sep 18, 2023 * Adjust rtfs context diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml index 753e010e1..90b1dea4c 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -13,7 +13,7 @@ keywords: - artifactory - jfrog - devops -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: installers@jfrog.com name: Chart Maintainers at JFrog @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.71.11 +version: 107.77.5 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/README.md b/charts/jfrog/artifactory-jcr/charts/artifactory/README.md index b77f68437..27dddac45 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/README.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/README.md @@ -3,7 +3,7 @@ **IMPORTANT!** Our Helm Chart docs have moved to our main documentation site. Below you will find the basic instructions for installing, uninstalling, and deleting Artifactory. For all other information, refer to [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory#InstallingArtifactory-HelmInstallation). ## Prerequisites -* Kubernetes 1.14+ +* Kubernetes 1.19+ * Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) ## Chart Details @@ -31,6 +31,13 @@ To install the chart with the release name `artifactory`: helm upgrade --install artifactory --namespace artifactory jfrog/artifactory ``` +### Apply Sizing configurations to the Chart +To apply the chart with recommended sizing configurations : +For small configurations : +```bash +helm upgrade --install artifactory --namespace artifactory jfrog/artifactory -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml +``` + ## Uninstalling Artifactory Uninstall is supported only on Helm v3 and on. diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/large-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/large-values.yaml index a832906df..94a485d6f 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/large-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/large-values.yaml @@ -72,14 +72,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/medium-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/medium-values.yaml index 979b7c3da..35044dc36 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/medium-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/medium-values.yaml @@ -72,14 +72,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml index 52861f86e..a81162f0d 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml @@ -95,14 +95,6 @@ event: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml index 5c2e4b366..5306e00e0 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml @@ -151,22 +151,6 @@ event: exec: command: ["/bin/sh", "-c", "echo Hello from the event postStart handler >> /tmp/message"] -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "echo Hello from the integration postStart handler >> /tmp/message"] - preStop: - exec: - command: ["/bin/sh", "-c", "echo Hello from the integration postStart handler >> /tmp/message"] - observability: resources: requests: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/small-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/small-values.yaml index 1abc64e67..70d77790a 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/small-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/small-values.yaml @@ -72,14 +72,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml b/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml index 43dd1cd95..4ecdf50fe 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml @@ -247,6 +247,12 @@ {{- with .maxConnections }} {{ . }} {{- end }} + {{- with .connectionTimeout }} + {{ . }} + {{- end }} + {{- with .socketTimeout }} + {{ . }} + {{- end }} {{- with .kmsServerSideEncryptionKeyId }} {{ . }} {{- end }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-2xlarge-extra-config.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-2xlarge-extra-config.yaml new file mode 100644 index 000000000..7eb8729d6 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-2xlarge-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=200 + -Dartifactory.async.poolMaxQueueSize=100000 + -Dartifactory.http.client.max.total.connections=150 + -Dartifactory.http.client.max.connections.per.route=150 + -Dartifactory.access.client.max.connections=200 + -Dartifactory.metadata.event.operator.threads=5 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=1048576 + -XX:MaxDirectMemorySize=1024m + tomcat: + connector: + maxThreads: 800 + extraConfig: 'acceptCount="1200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 200 + +access: + tomcat: + connector: + maxThreads: 200 + + database: + maxOpenConnections: 200 + +metadata: + database: + maxOpenConnections: 200 + diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-2xlarge.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-2xlarge.yaml new file mode 100644 index 000000000..a4e0f9505 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-2xlarge.yaml @@ -0,0 +1,117 @@ +############################################################## +# The 2xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 6 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "4" + memory: 20Gi + limits: + # cpu: "20" + memory: 24Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "16" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: "1" + memory: 1Gi + limits: + # cpu: "6" + memory: 2Gi + +frontend: + resources: + requests: + cpu: "1" + memory: 500Mi + limits: + # cpu: "5" + memory: 1Gi + +metadata: + resources: + requests: + cpu: "1" + memory: 500Mi + limits: + # cpu: "5" + memory: 2Gi + +event: + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +observability: + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +jfconnect: + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + # cpu: "1" + memory: 250Mi + +nginx: + replicaCount: 3 + disableProxyBuffering: true + resources: + requests: + cpu: "4" + memory: "6Gi" + limits: + # cpu: "14" + memory: "8Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "2500" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 256Gi + cpu: "64" + limits: + memory: 256Gi + # cpu: "128" \ No newline at end of file diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-large-extra-config.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-large-extra-config.yaml new file mode 100644 index 000000000..4714acb38 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-large-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=65 + -Dartifactory.async.corePoolSize=80 + -Dartifactory.async.poolMaxQueueSize=20000 + -Dartifactory.http.client.max.total.connections=100 + -Dartifactory.http.client.max.connections.per.route=100 + -Dartifactory.access.client.max.connections=125 + -Dartifactory.metadata.event.operator.threads=4 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=524288 + -XX:MaxDirectMemorySize=512m + tomcat: + connector: + maxThreads: 500 + extraConfig: 'acceptCount="800" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 100 + +access: + tomcat: + connector: + maxThreads: 125 + + database: + maxOpenConnections: 100 + +metadata: + database: + maxOpenConnections: 100 + diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-large.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-large.yaml new file mode 100644 index 000000000..7212ba52a --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-large.yaml @@ -0,0 +1,117 @@ +############################################################## +# The large sizing +# This size is intended for large organizations. It can be increased with adding replicas or moving to the xlarge sizing +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 3 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "2" + memory: 10Gi + limits: + # cpu: "14" + memory: 12Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "8" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 200m + memory: 400Mi + limits: + # cpu: "4" + memory: 1Gi + +frontend: + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + # cpu: "3" + memory: 1Gi + +metadata: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + # cpu: "4" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "1" + memory: "500Mi" + limits: + # cpu: "4" + memory: "1Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "1000" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 64Gi + cpu: "16" + limits: + memory: 64Gi + # cpu: "32" diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-medium-extra-config.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-medium-extra-config.yaml new file mode 100644 index 000000000..6e0f72cb7 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-medium-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=40 + -Dartifactory.async.poolMaxQueueSize=10000 + -Dartifactory.http.client.max.total.connections=50 + -Dartifactory.http.client.max.connections.per.route=50 + -Dartifactory.access.client.max.connections=75 + -Dartifactory.metadata.event.operator.threads=3 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + tomcat: + connector: + maxThreads: 300 + extraConfig: 'acceptCount="600" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 50 + +access: + tomcat: + connector: + maxThreads: 75 + + database: + maxOpenConnections: 50 + +metadata: + database: + maxOpenConnections: 50 + diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-medium.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-medium.yaml new file mode 100644 index 000000000..c32007fc3 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-medium.yaml @@ -0,0 +1,117 @@ +############################################################## +# The medium sizing +# This size is just 2 replicas of the small size. Vertical sizing of all services is not changed +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 2 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 4Gi + limits: + # cpu: "10" + memory: 5Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 100m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + # cpu: "2" + memory: "500Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "350" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 32Gi + cpu: "8" + limits: + memory: 32Gi + # cpu: "16" \ No newline at end of file diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-small-extra-config.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-small-extra-config.yaml new file mode 100644 index 000000000..6e0f72cb7 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-small-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=40 + -Dartifactory.async.poolMaxQueueSize=10000 + -Dartifactory.http.client.max.total.connections=50 + -Dartifactory.http.client.max.connections.per.route=50 + -Dartifactory.access.client.max.connections=75 + -Dartifactory.metadata.event.operator.threads=3 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + tomcat: + connector: + maxThreads: 300 + extraConfig: 'acceptCount="600" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 50 + +access: + tomcat: + connector: + maxThreads: 75 + + database: + maxOpenConnections: 50 + +metadata: + database: + maxOpenConnections: 50 + diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-small.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-small.yaml new file mode 100644 index 000000000..5640049d7 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-small.yaml @@ -0,0 +1,117 @@ +############################################################## +# The small sizing +# This is the size recommended for running Artifactory for small teams +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 1 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 4Gi + limits: + # cpu: "10" + memory: 5Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 100m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 1 + disableProxyBuffering: true + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + # cpu: "2" + memory: "500Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "350" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 16Gi + cpu: "4" + limits: + memory: 16Gi + # cpu: "10" \ No newline at end of file diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xlarge-extra-config.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xlarge-extra-config.yaml new file mode 100644 index 000000000..9589afc24 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xlarge-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=65 + -Dartifactory.async.corePoolSize=160 + -Dartifactory.async.poolMaxQueueSize=50000 + -Dartifactory.http.client.max.total.connections=150 + -Dartifactory.http.client.max.connections.per.route=150 + -Dartifactory.access.client.max.connections=150 + -Dartifactory.metadata.event.operator.threads=5 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=1048576 + -XX:MaxDirectMemorySize=1024m + tomcat: + connector: + maxThreads: 600 + extraConfig: 'acceptCount="1200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 150 + +access: + tomcat: + connector: + maxThreads: 150 + + database: + maxOpenConnections: 150 + +metadata: + database: + maxOpenConnections: 150 + diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xlarge.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xlarge.yaml new file mode 100644 index 000000000..002d9891c --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xlarge.yaml @@ -0,0 +1,117 @@ +############################################################## +# The xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 4 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "2" + memory: 14Gi + limits: + # cpu: "14" + memory: 16Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "16" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 200m + memory: 500Mi + limits: + # cpu: "4" + memory: 1Gi + +frontend: + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + # cpu: "3" + memory: 1Gi + +metadata: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + # cpu: "4" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "4" + memory: "4Gi" + limits: + # cpu: "12" + memory: "8Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "2500" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 128Gi + cpu: "32" + limits: + memory: 128Gi + # cpu: "64" \ No newline at end of file diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xsmall-extra-config.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xsmall-extra-config.yaml new file mode 100644 index 000000000..874ee8391 --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xsmall-extra-config.yaml @@ -0,0 +1,39 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=10 + -Dartifactory.async.poolMaxQueueSize=2000 + -Dartifactory.http.client.max.total.connections=20 + -Dartifactory.http.client.max.connections.per.route=20 + -Dartifactory.access.client.max.connections=15 + -Dartifactory.metadata.event.operator.threads=2 + -XX:MaxMetaspaceSize=400m + -XX:CompressedClassSpaceSize=96m + -Djdk.nio.maxCachedBufferSize=131072 + -XX:MaxDirectMemorySize=128m + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 15 + +access: + tomcat: + connector: + maxThreads: 15 + + database: + maxOpenConnections: 15 + +metadata: + database: + maxOpenConnections: 15 + diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xsmall.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xsmall.yaml new file mode 100644 index 000000000..213cbb42c --- /dev/null +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/sizing/artifactory-xsmall.yaml @@ -0,0 +1,118 @@ +############################################################## +# The xsmall sizing +# This is the minimum size recommended for running Artifactory +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 1 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 3Gi + limits: + # cpu: "10" + memory: 4Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 50m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 1 + disableProxyBuffering: true + resources: + requests: + cpu: "50m" + memory: "50Mi" + limits: + # cpu: "1" + memory: "250Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "100" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 8Gi + cpu: "2" + limits: + memory: 8Gi + # cpu: "8" + diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl index a28776f87..33df663a1 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl @@ -320,9 +320,6 @@ Resolve requiredServiceTypes value {{- if .Values.event.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfevt" -}} {{- end -}} -{{- if .Values.integration.enabled -}} - {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfint" -}} -{{- end -}} {{- if .Values.frontend.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jffe" -}} {{- end -}} @@ -372,20 +369,7 @@ nginx scheme (http/https) {{- end -}} {{/* -nginx command -*/}} -{{- define "nginx.command" -}} -{{- if .Values.nginx.customCommand }} -{{ toYaml .Values.nginx.customCommand }} -{{ else }} -- nginx -- -g -- 'daemon off;' -{{- end }} -{{- end -}} - -{{/* -nginx port (80/443) based on http/https enabled +nginx port (8080/8443) based on http/https enabled */}} {{- define "nginx.port" -}} {{- if .Values.nginx.http.enabled -}} @@ -476,14 +460,3 @@ if the volume exists in customVolume then an extra volume with the same name wil {{- printf "%s" "false" -}} {{- end -}} {{- end -}} - -{{/* -Resolve fsGroup and runAsGroup on cluster based -*/}} -{{- define "artifactory.isOpenshiftCompatible" -}} -{{- if (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}} -{{- printf "%s" "true" -}} -{{- else -}} -{{- printf "%s" "false" -}} -{{- end -}} -{{- end -}} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml index 5a63f9c46..bfbc58698 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml @@ -91,11 +91,8 @@ spec: securityContext: runAsNonRoot: true runAsUser: {{ .Values.artifactory.uid }} - {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }} runAsGroup: {{ .Values.artifactory.gid }} - {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }} fsGroup: {{ .Values.artifactory.gid }} - {{- end }} {{- if .Values.artifactory.fsGroupChangePolicy }} fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} {{- end }} @@ -771,45 +768,7 @@ spec: {{ tpl .Values.jfconnect.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} - {{- if .Values.integration.enabled }} - - name: {{ .Values.integration.name }} - image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/integration/bin/jf-integration start - {{- with .Values.integration.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.integration.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.integration.resources | indent 10 }} - {{- if .Values.integration.startupProbe.enabled }} - startupProbe: -{{ tpl .Values.integration.startupProbe.config . | indent 10 }} - {{- end }} - {{- if .Values.integration.livenessProbe.enabled }} - livenessProbe: -{{ tpl .Values.integration.livenessProbe.config . | indent 10 }} - {{- end }} - {{- end }} - {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} + {{- if and .Values.federation.enabled .Values.federation.embedded (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} - name: {{ .Values.federation.name }} image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} @@ -973,8 +932,6 @@ spec: value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_INTEGRATION_ENABLED - value: "false" {{- end}} {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml index ff7c78c5d..ec0b8fa6e 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml @@ -44,10 +44,13 @@ spec: component: {{ .Values.nginx.name }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 8 }} +{{- end }} spec: - securityContext: - runAsUser: {{ .Values.nginx.uid }} - runAsGroup: {{ .Values.nginx.gid }} + {{- if .Values.nginx.podSecurityContext.enabled }} + securityContext: {{- omit .Values.nginx.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} serviceAccountName: {{ template "artifactory.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.nginx.terminationGracePeriodSeconds }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} @@ -83,12 +86,9 @@ spec: - name: {{ .Values.nginx.name }} image: {{ include "artifactory.getImageInfoByValue" (list . "nginx") }} imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - {{- with .Values.nginx.securityContext }} - securityContext: -{{ toYaml . | indent 10 }} + {{- if .Values.nginx.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.nginx.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} - command: -{{- tpl (include "nginx.command" .) . | indent 10 }} ports: {{ if .Values.nginx.customPorts }} {{ toYaml .Values.nginx.customPorts | indent 8 }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values-large.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values-large.yaml deleted file mode 100644 index 43b1b53e4..000000000 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values-large.yaml +++ /dev/null @@ -1,80 +0,0 @@ -artifactory: - database: - maxOpenConnections: 150 - tomcat: - connector: - maxThreads: 300 - resources: - requests: - memory: "6Gi" - cpu: "2" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "8g" - xmx: "10g" -access: - database: - maxOpenConnections: 150 - tomcat: - connector: - maxThreads: 100 -router: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 150 - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values-medium.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values-medium.yaml deleted file mode 100644 index 48970ef65..000000000 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values-medium.yaml +++ /dev/null @@ -1,80 +0,0 @@ -artifactory: - database: - maxOpenConnections: 100 - tomcat: - connector: - maxThreads: 200 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "6g" - xmx: "8g" -access: - database: - maxOpenConnections: 100 - tomcat: - connector: - maxThreads: 50 -router: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 100 - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values-small.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values-small.yaml deleted file mode 100644 index 898119539..000000000 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values-small.yaml +++ /dev/null @@ -1,80 +0,0 @@ -artifactory: - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "6g" -access: - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 -router: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 80 - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml index 02311d737..ab7c1d12c 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml @@ -42,7 +42,7 @@ global: ## String to fully override artifactory.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 # Init containers initContainers: resources: @@ -162,7 +162,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.2.750.1697534106 + tag: 9.3.1475 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -187,7 +187,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.81.0 + tag: 7.91.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -737,6 +737,7 @@ artifactory: {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} federation: enabled: true + embedded: {{ .Values.federation.embedded }} extraJavaOpts: {{ .Values.federation.extraJavaOpts }} port: {{ .Values.federation.internalPort }} rtfs: @@ -980,6 +981,8 @@ artifactory: port: useHttp: maxConnections: 50 + connectionTimeout: + socketTimeout: kmsServerSideEncryptionKeyId: kmsKeyRegion: kmsCryptoMode: @@ -1291,62 +1294,12 @@ jfconnect: failureThreshold: 90 periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} -integration: - name: integration - enabled: true - internalPort: 8071 - ## Extra environment variables that can be used to tune integration to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: MY_ENV_VAR - # value: "" - resources: {} - # requests: - # memory: "100Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "1" - - # Add lifecycle hooks for integration container - lifecycle: {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo Hello from the preStop handler"] - - ## The following settings are to configure the frequency of the liveness and startup probes when splitServicesToContainers set to true - livenessProbe: - enabled: true - config: | - exec: - command: - - sh - - -c - - curl --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.integration.internalPort }}/api/v1/system/liveness - initialDelaySeconds: {{ if semverCompare "= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 -appVersion: 6.5.2 +appVersion: 6.5.3 dependencies: - condition: grafana.enabled name: grafana @@ -21,4 +21,4 @@ maintainers: - email: contact@kasten.io name: kastenIO name: k10 -version: 6.5.201 +version: 6.5.301 diff --git a/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/_helpers.tpl b/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/_helpers.tpl index 86cca2607..827b6ee9f 100644 --- a/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/_helpers.tpl @@ -41,34 +41,14 @@ helm.sh/chart: {{ include "alertmanager.chart" . }} app.kubernetes.io/version: {{ . | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/name: {{ include "alertmanager.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Selector labels - -K10 NOTE: - - The selector labels here (`app` and `component`) are divergent from the - selector labels set by the upstream chart. This is intentional since a - Deployment's `spec.selector` is immutable and K10 has already been shipped - with these values. However, we have always shipped with alertmanager disabled. - - If a customer had explicitly enabled alertmanager, a change to these selector - labels will mean that all customers must manually delete the Deployment before - upgrading, which is a situation we don't want for our customers. - - Instead, the `app.kubernetes.io/name` and `app.kubernetes.io/instance` labels - are included in the `alertmanager.labels` block above. - */}} {{- define "alertmanager.selectorLabels" -}} -{{/*app.kubernetes.io/name: {{ include "alertmanager.name" . }}*/}} -{{/*app.kubernetes.io/instance: {{ .Release.Name }}*/}} -app: prometheus -component: alertmanager -release: {{ .Release.Name }} +app.kubernetes.io/name: {{ include "alertmanager.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* diff --git a/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml b/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml index 8b0af0633..25d81a921 100644 --- a/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/alertmanager/templates/statefulset.yaml @@ -230,24 +230,18 @@ spec: name: storage spec: accessModes: - {{- toYaml .Values.persistence.accessModes | nindent 10 }} + {{- toYaml .Values.persistence.accessModes | nindent 10 }} resources: requests: storage: {{ .Values.persistence.size }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" - {{- else }} + {{- else }} storageClassName: {{ .Values.persistence.storageClass }} - {{- end }} - {{- else if .Values.global.persistence.storageClass }} - {{- if (eq "-" .Values.global.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.global.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- else }} - - name: storage - emptyDir: { } - {{- end }} + {{- end }} + {{- end }} + {{- else }} + - name: storage + emptyDir: {} + {{- end }} diff --git a/charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml b/charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml index 5dcbfc1bd..fa3b355a5 100644 --- a/charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/alertmanager/values.yaml @@ -1,10 +1,3 @@ -# Added by Kasten -# -# The K10 Chart `prometheus.alertmanager.enabled` default value has been moved here -# as part of its deprecation from the K10 Chart. The alertmanager chart has to be -# deleted when we remove support for `prometheus.alertmanager.enabled`. -enabled: false - # yaml-language-server: $schema=values.schema.json # Default values for alertmanager. # This is a YAML-formatted file. @@ -43,11 +36,7 @@ automountServiceAccountToken: true serviceAccount: # Specifies whether a service account should be created - # - # Modified by Kasten - # The K10 Chart `prometheus.alertmanager.serviceAccount.create` default value - # has been moved here as part of its deprecation from the K10 Chart - create: false + create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl index b67bc0e84..84552fe47 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/templates/_helpers.tpl @@ -49,34 +49,14 @@ app.kubernetes.io/version: {{ . | quote }} {{- if .Values.releaseLabel }} release: {{ .Release.Name }} {{- end }} -app.kubernetes.io/name: {{ include "prometheus-node-exporter.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Selector labels - -K10 NOTE: - - The selector labels here (`app` and `release`) are divergent from the - selector labels set by the upstream chart. This is intentional since a - Deployment's `spec.selector` is immutable and K10 has already been shipped - with these values. However, we have always shipped with node-exporter disabled. - - If a customer had explicitly enabled node-experter, a change to these selector - labels will mean that all customers must manually delete the Daemonset before - upgrading, which is a situation we don't want for our customers. - - Instead, the `app.kubernetes.io/name` and `app.kubernetes.io/instance` labels - are included in the `prometheus-node-exporter.labels` block above. - */}} {{- define "prometheus-node-exporter.selectorLabels" -}} -{{/*app.kubernetes.io/name: {{ include "prometheus-node-exporter.name" . }}*/}} -{{/*app.kubernetes.io/instance: {{ .Release.Name }}*/}} -app: prometheus -component: node-exporter -release: {{ .Release.Name }} +app.kubernetes.io/name: {{ include "prometheus-node-exporter.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml index db0972040..6e4665c13 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-node-exporter/values.yaml @@ -1,10 +1,3 @@ -# Added by Kasten -# -# The K10 Chart `prometheus.prometheus-node-exporter.enabled` default value has been moved here -# as part of its deprecation from the K10 Chart. The prometheus-node-exporter chart has to be -# deleted when we remove support for `prometheus.prometheus-node-exporter.enabled`. -enabled: false - # Default values for prometheus-node-exporter. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -268,11 +261,7 @@ resources: {} serviceAccount: # Specifies whether a ServiceAccount should be created - # - # Modified by Kasten - # The K10 Chart `prometheus.prometheus-node-exporter.serviceAccount.create` default value - # has been moved here as part of its deprecation from the K10 Chart - create: false + create: true # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl index 2fcc6781e..b56a2dadd 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/_helpers.tpl @@ -66,34 +66,14 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- with .Values.podLabels }} {{ toYaml . }} {{- end }} -app.kubernetes.io/name: {{ include "prometheus-pushgateway.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Selector labels - -K10 NOTE: - - The selector labels here (`app` and `release`) are divergent from the - selector labels set by the upstream chart. This is intentional since a - Deployment's `spec.selector` is immutable and K10 has already been shipped - with these values. However, we have always shipped with pushgateway disabled. - - If a customer had explicitly enabled node-experter, a change to these selector - labels will mean that all customers must manually delete the Statefulset - before upgrading, which is a situation we don't want for our customers. - - Instead, the `app.kubernetes.io/name` and `app.kubernetes.io/instance` labels - are included in the `prometheus-pushgateway.defaultLabels` block above. - */}} {{- define "prometheus-pushgateway.selectorLabels" -}} -{{/*app.kubernetes.io/name: {{ include "prometheus-pushgateway.name" . }}*/}} -{{/*app.kubernetes.io/instance: {{ .Release.Name }}*/}} -app: prometheus -component: pushgateway -release: {{ .Release.Name }} +app.kubernetes.io/name: {{ include "prometheus-pushgateway.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml index cfad8760f..d2a85f424 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml @@ -17,17 +17,11 @@ spec: accessModes: {{- toYaml .Values.persistentVolume.accessModes | nindent 4 }} {{- if .Values.persistentVolume.storageClass }} - {{- if (eq "-" .Values.persistentVolume.storageClass) }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} storageClassName: "" - {{- else }} + {{- else }} storageClassName: "{{ .Values.persistentVolume.storageClass }}" - {{- end }} - {{- else if .Values.global.persistence.storageClass }} - {{- if (eq "-" .Values.global.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.global.persistence.storageClass }}" - {{- end }} + {{- end }} {{- end }} resources: requests: diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/statefulset.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/statefulset.yaml index 431c15748..8d486a306 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/statefulset.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/statefulset.yaml @@ -25,31 +25,25 @@ spec: {{- if .Values.persistentVolume.enabled }} volumeClaimTemplates: - metadata: - {{- with .Values.persistentVolume.annotations }} + {{- with .Values.persistentVolume.annotations }} annotations: - {{- toYaml . | nindent 10 }} - {{- end }} + {{- toYaml . | nindent 10 }} + {{- end }} labels: - {{- include "prometheus-pushgateway.defaultLabels" . | nindent 10 }} + {{- include "prometheus-pushgateway.defaultLabels" . | nindent 10 }} name: storage-volume spec: accessModes: - {{ toYaml .Values.persistentVolume.accessModes }} - {{- if .Values.persistentVolume.storageClass }} - {{- if (eq "-" .Values.persistentVolume.storageClass) }} + {{ toYaml .Values.persistentVolume.accessModes }} + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} storageClassName: "" - {{- else }} + {{- else }} storageClassName: "{{ .Values.persistentVolume.storageClass }}" - {{- end }} - {{- else if .Values.global.persistence.storageClass }} - {{- if (eq "-" .Values.global.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.global.persistence.storageClass }}" - {{- end }} - {{- end }} + {{- end }} + {{- end }} resources: requests: storage: "{{ .Values.persistentVolume.size }}" - {{- end }} {{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml index 7b75b7880..02e5c0bfd 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/values.yaml @@ -1,10 +1,3 @@ -# Added by Kasten -# -# The K10 Chart `prometheus.prometheus-pushgateway.enabled` default value has been moved here -# as part of its deprecation from the K10 Chart. The prometheus-pushgateway chart has to be -# deleted when we remove support for `prometheus.prometheus-pushgateway.enabled`. -enabled: false - # Default values for prometheus-pushgateway. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -126,11 +119,7 @@ readiness: serviceAccount: # Specifies whether a ServiceAccount should be created - # - # Modified by Kasten - # The K10 Chart `prometheus.pushgateway.serviceAccount.create` default value - # has been moved here as part of its deprecation from the K10 Chart - create: false + create: true # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: diff --git a/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl b/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl index 0436fa9e4..0810e3c04 100644 --- a/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl @@ -15,27 +15,10 @@ Create chart name and version as used by the chart label. {{/* Create labels for prometheus - -K10 NOTE: - - The selector labels here (`app` and `release`) are divergent from the - selector labels set by the upstream chart. This is intentional since a - Deployment's `spec.selector` is immutable and K10 has already been shipped - with these values. - - A change to these selector labels will mean that all customers must manually - delete the Prometheus Deployment before upgrading, which is a situation we don't - want for our customers. - - Instead, the `app.kubernetes.io/name` and `app.kubernetes.io/instance` labels - are included in the `prometheus.common.metaLabels` block below. - */}} {{- define "prometheus.common.matchLabels" -}} -{{/*app.kubernetes.io/name: {{ include "prometheus.name" . }}*/}} -{{/*app.kubernetes.io/instance: {{ .Release.Name }}*/}} -app: {{ template "prometheus.name" . }} -release: {{ .Release.Name }} +app.kubernetes.io/name: {{ include "prometheus.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{/* @@ -46,8 +29,6 @@ app.kubernetes.io/version: {{ .Chart.AppVersion }} helm.sh/chart: {{ include "prometheus.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "prometheus.name" . }} -app.kubernetes.io/name: {{ include "prometheus.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} {{- with .Values.commonMetaLabels}} {{ toYaml . }} {{- end }} @@ -56,30 +37,10 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "prometheus.server.labels" -}} {{ include "prometheus.server.matchLabels" . }} {{ include "prometheus.common.metaLabels" . }} -app.kubernetes.io/component: {{ .Values.server.name }} {{- end -}} -{{/* -Selector labels - -K10 NOTE: - - The selector label here (`component`) is divergent from the - selector label set by the upstream chart. This is intentional since a - Deployment's `spec.selector` is immutable and K10 has already been - shipped with this value. - - A change to this selector label will mean that all customers must manually - delete the Prometheus Deployment before upgrading, which is a situation we don't - want for our customers. - - Instead, the `app.kubernetes.io/component` labels is included in the - `prometheus.server.labels` block above. - -*/}} {{- define "prometheus.server.matchLabels" -}} -{{/*app.kubernetes.io/component: {{ .Values.server.name }}*/}} -component: {{ .Values.server.name | quote }} +app.kubernetes.io/component: {{ .Values.server.name }} {{ include "prometheus.common.matchLabels" . }} {{- end -}} @@ -271,82 +232,3 @@ Define prometheus.server.remoteRead producing a list of remoteRead configuration {{ toYaml $remoteReads }} {{- end -}} -{{/* ==================================================================== */}} -{{/* ================ Kasten added code lives below here ================ */}} -{{/* ==================================================================== */}} - -{{/* - Get the ConfigMap Reload image -*/}} -{{- define "get.cmreloadimage" }} - {{- (get .Values.global.images (include "prometheus.cmreloadImageName" .)) | default (include "prometheus.cmreloadImage" .) }} -{{- end }} - -{{- define "prometheus.cmreloadImage" }} - {{- printf "%s:%s" (include "prometheus.cmreloadImageRepo" .) (include "prometheus.cmreloadImageTag" .) }} -{{- end -}} - -{{- define "prometheus.cmreloadImageRepo" -}} - {{- if .Values.global.airgapped.repository }} - {{- printf "%s/%s" .Values.global.airgapped.repository (include "prometheus.cmreloadImageName" .) }} - {{- else }} - {{- printf "%s/%s" .Values.global.image.registry (include "prometheus.cmreloadImageName" .) }} - {{- end }} -{{- end -}} - -{{- define "prometheus.cmreloadImageName" -}} - {{- printf "configmap-reload" }} -{{- end -}} - -{{- define "prometheus.cmreloadImageTag" -}} - {{- include "get.k10ImageTag" . }} -{{- end -}} - -{{/* - Get the Prometheus image -*/}} - -{{- define "get.serverimage" }} - {{- (get .Values.global.images (include "prometheus.prometheusImageName" .)) | default (include "prometheus.prometheusImage" .) }} -{{- end -}} - -{{- define "prometheus.prometheusImage" }} - {{- printf "%s:%s" (include "prometheus.prometheusImageRepo" .) (include "prometheus.prometheusImageTag" .) }} -{{- end -}} - -{{- define "prometheus.prometheusImageRepo" -}} - {{- if .Values.global.airgapped.repository }} - {{- printf "%s/%s" .Values.global.airgapped.repository (include "prometheus.prometheusImageName" .) }} - {{- else }} - {{- printf "%s/%s" .Values.global.image.registry (include "prometheus.prometheusImageName" .) }} - {{- end }} -{{- end -}} - -{{- define "prometheus.prometheusImageName" -}} - {{- printf "prometheus" }} -{{- end -}} - -{{- define "prometheus.prometheusImageTag" -}} - {{- include "get.k10ImageTag" . }} -{{- end -}} - -{{/* -Create a fully qualified Prometheus server clusterrole name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.server.clusterrolefullname" -}} - {{- if .Values.server.clusterRoleNameOverride -}} - {{- .Values.server.clusterRoleNameOverride | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- if .Values.server.fullnameOverride -}} - {{- printf "%s-%s" .Release.Name .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- $name := default .Chart.Name .Values.nameOverride -}} - {{- if contains $name .Release.Name -}} - {{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/charts/kasten/k10/charts/prometheus/templates/clusterrole.yaml b/charts/kasten/k10/charts/prometheus/templates/clusterrole.yaml index e17438810..25e3cec45 100644 --- a/charts/kasten/k10/charts/prometheus/templates/clusterrole.yaml +++ b/charts/kasten/k10/charts/prometheus/templates/clusterrole.yaml @@ -4,7 +4,7 @@ kind: ClusterRole metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.clusterrolefullname" . }} + name: {{ include "prometheus.clusterRoleName" . }} rules: {{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: diff --git a/charts/kasten/k10/charts/prometheus/templates/clusterrolebinding.yaml b/charts/kasten/k10/charts/prometheus/templates/clusterrolebinding.yaml index 82814c305..28f4bda77 100644 --- a/charts/kasten/k10/charts/prometheus/templates/clusterrolebinding.yaml +++ b/charts/kasten/k10/charts/prometheus/templates/clusterrolebinding.yaml @@ -4,7 +4,7 @@ kind: ClusterRoleBinding metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.clusterrolefullname" . }} + name: {{ include "prometheus.clusterRoleName" . }} subjects: - kind: ServiceAccount name: {{ template "prometheus.serviceAccountName.server" . }} @@ -12,5 +12,5 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "prometheus.server.clusterrolefullname" . }} + name: {{ include "prometheus.clusterRoleName" . }} {{- end }} diff --git a/charts/kasten/k10/charts/prometheus/templates/deploy.yaml b/charts/kasten/k10/charts/prometheus/templates/deploy.yaml index 59790a8f0..93f93c44c 100644 --- a/charts/kasten/k10/charts/prometheus/templates/deploy.yaml +++ b/charts/kasten/k10/charts/prometheus/templates/deploy.yaml @@ -57,7 +57,11 @@ spec: containers: {{- if .Values.configmapReload.prometheus.enabled }} - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ include "get.cmreloadimage" .}}" + {{- if .Values.configmapReload.prometheus.image.digest }} + image: "{{ .Values.configmapReload.prometheus.image.repository }}@{{ .Values.configmapReload.prometheus.image.digest }}" + {{- else }} + image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" + {{- end }} imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" {{- with .Values.configmapReload.prometheus.containerSecurityContext }} securityContext: @@ -104,7 +108,11 @@ spec: {{- end }} - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} - image: "{{ include "get.serverimage" .}}" + {{- if .Values.server.image.digest }} + image: "{{ .Values.server.image.repository }}@{{ .Values.server.image.digest }}" + {{- else }} + image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion}}" + {{- end }} imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" {{- with .Values.server.command }} command: @@ -264,14 +272,9 @@ spec: {{- else }} dnsPolicy: {{ .Values.server.dnsPolicy }} {{- end }} - {{- if (or .Values.global.imagePullSecret .Values.imagePullSecrets) }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: - {{- if .Values.global.imagePullSecret }} - - name: {{ .Values.global.imagePullSecret }} - {{- end }} - {{- if .Values.imagePullSecrets }} {{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} {{- end }} {{- if .Values.server.nodeSelector }} nodeSelector: diff --git a/charts/kasten/k10/charts/prometheus/templates/pvc.yaml b/charts/kasten/k10/charts/prometheus/templates/pvc.yaml index a91114cc7..a9dc4fce0 100644 --- a/charts/kasten/k10/charts/prometheus/templates/pvc.yaml +++ b/charts/kasten/k10/charts/prometheus/templates/pvc.yaml @@ -19,17 +19,11 @@ spec: accessModes: {{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }} {{- if .Values.server.persistentVolume.storageClass }} - {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} +{{- if (eq "-" .Values.server.persistentVolume.storageClass) }} storageClassName: "" - {{- else }} +{{- else }} storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" - {{- end }} -{{- else if .Values.global.persistence.storageClass }} - {{- if (eq "-" .Values.global.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.global.persistence.storageClass }}" - {{- end }} +{{- end }} {{- end }} {{- if .Values.server.persistentVolume.volumeBindingMode }} volumeBindingMode: "{{ .Values.server.persistentVolume.volumeBindingMode }}" diff --git a/charts/kasten/k10/charts/prometheus/templates/sts.yaml b/charts/kasten/k10/charts/prometheus/templates/sts.yaml index 61099ffde..63851c4db 100644 --- a/charts/kasten/k10/charts/prometheus/templates/sts.yaml +++ b/charts/kasten/k10/charts/prometheus/templates/sts.yaml @@ -62,7 +62,11 @@ spec: containers: {{- if .Values.configmapReload.prometheus.enabled }} - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ include "get.cmreloadimage" .}}" + {{- if .Values.configmapReload.prometheus.image.digest }} + image: "{{ .Values.configmapReload.prometheus.image.repository }}@{{ .Values.configmapReload.prometheus.image.digest }}" + {{- else }} + image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" + {{- end }} imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" {{- with .Values.configmapReload.prometheus.containerSecurityContext }} securityContext: @@ -106,7 +110,11 @@ spec: {{- end }} - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} - image: "{{ include "get.serverimage" .}}" + {{- if .Values.server.image.digest }} + image: "{{ .Values.server.image.repository }}@{{ .Values.server.image.digest }}" + {{- else }} + image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + {{- end }} imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" {{- with .Values.server.command }} command: @@ -264,14 +272,9 @@ spec: {{- if .Values.server.dnsPolicy }} dnsPolicy: {{ .Values.server.dnsPolicy }} {{- end }} - {{- if (or .Values.global.imagePullSecret .Values.imagePullSecrets) }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: - {{- if .Values.global.imagePullSecrets }} - - name: {{ .Values.global.imagePullSecret }} - {{- end }} - {{- if .Values.imagePullSecrets }} {{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} {{- end }} {{- if .Values.server.nodeSelector }} nodeSelector: @@ -359,30 +362,24 @@ spec: {{- end }} spec: accessModes: - {{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }} +{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }} resources: requests: storage: "{{ .Values.server.persistentVolume.size }}" - {{- if .Values.server.persistentVolume.storageClass }} - {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} + {{- if .Values.server.persistentVolume.storageClass }} + {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" - {{- end }} - {{- else if .Values.global.persistence.storageClass }} - {{- if (eq "-" .Values.global.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.global.persistence.storageClass }}" - {{- end }} - {{- end }} {{- else }} - - name: storage-volume - emptyDir: - {{- if .Values.server.emptyDir.sizeLimit }} - sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} - {{- else }} - { } - {{- end -}} + storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" {{- end }} {{- end }} +{{- else }} + - name: storage-volume + emptyDir: + {{- if .Values.server.emptyDir.sizeLimit }} + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + {} + {{- end -}} +{{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/prometheus/values.yaml b/charts/kasten/k10/charts/prometheus/values.yaml index 535de34e4..9ae23251d 100644 --- a/charts/kasten/k10/charts/prometheus/values.yaml +++ b/charts/kasten/k10/charts/prometheus/values.yaml @@ -16,7 +16,7 @@ imagePullSecrets: [] ## serviceAccounts: server: - create: true # K10 expects this to be true + create: true name: "" annotations: {} @@ -315,8 +315,7 @@ server: ## Defining configMapOverrideName will cause templates/server-configmap.yaml ## to NOT generate a ConfigMap resource ## - ## Customized by Kasten. K10 expects this name - configMapOverrideName: "k10-prometheus-config" + configMapOverrideName: "" ## Extra labels for Prometheus server ConfigMap (ConfigMap that holds serverFiles) extraConfigmapLabels: {} @@ -422,7 +421,7 @@ server: ## If true, Prometheus server will create/use a Persistent Volume Claim ## If false, use emptyDir ## - enabled: true # K10 requires this to be true + enabled: true ## If set it will override the name of the created persistent volume claim ## generated by the stateful set. @@ -1184,7 +1183,7 @@ alertRelabelConfigs: {} networkPolicy: ## Enable creation of NetworkPolicy resources. ## - ## Customized by Kasten for K10 + ## Customized for K10 enabled: true # Force namespace of namespaced resources @@ -1209,6 +1208,7 @@ extraManifests: [] alertmanager: ## If false, alertmanager will not be installed ## + ## Customized for K10 enabled: false persistence: @@ -1226,6 +1226,7 @@ alertmanager: kube-state-metrics: ## If false, kube-state-metrics sub-chart will not be installed ## + ## Customized for K10 enabled: false ## prometheus-node-exporter sub-chart configurable values @@ -1234,6 +1235,7 @@ kube-state-metrics: prometheus-node-exporter: ## If false, node-exporter will not be installed ## + ## Customized for K10 enabled: false rbac: @@ -1248,6 +1250,7 @@ prometheus-node-exporter: prometheus-pushgateway: ## If false, pushgateway will not be installed ## + ## Customized for K10 enabled: false # Optional service annotations diff --git a/charts/kasten/k10/templates/NOTES.txt b/charts/kasten/k10/templates/NOTES.txt index a5acbf846..4f8db38bd 100644 --- a/charts/kasten/k10/templates/NOTES.txt +++ b/charts/kasten/k10/templates/NOTES.txt @@ -39,7 +39,7 @@ In addition, To establish a connection to it use the following `kubectl` command: -`kubectl --namespace {{ .Release.Namespace }} port-forward service/gateway 8080:{{ .Values.service.externalPort }}` +`kubectl --namespace {{ .Release.Namespace }} port-forward service/gateway 8080:{{ .Values.gateway.service.externalPort }}` The Kasten dashboard will be available at: `http{{ if or (and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey) .Values.externalGateway.awsSSLCertARN }}s{{ end }}://127.0.0.1:8080/{{ .Release.Name }}/#/` {{ if and ( .Values.metering.awsManagedLicense ) ( not .Values.metering.licenseConfigSecretName ) }} diff --git a/charts/kasten/k10/templates/_definitions.tpl b/charts/kasten/k10/templates/_definitions.tpl index d9b94c36a..73b49030b 100644 --- a/charts/kasten/k10/templates/_definitions.tpl +++ b/charts/kasten/k10/templates/_definitions.tpl @@ -35,8 +35,8 @@ crypto: dashboardbff: - vbrintegrationapi state: -- admin - events +- admin {{- end -}} {{- define "k10.aggregatedAPIs" -}}actions apps repositories vault{{- end -}} {{- define "k10.configAPIs" -}}config{{- end -}} @@ -212,8 +212,9 @@ state-svc: {{- define "k10.aggAuditPolicyFile" -}}agg-audit-policy.yaml{{- end -}} {{- define "k10.siemAuditLogFilePath" -}}-{{- end -}} {{- define "k10.siemAuditLogFileSize" -}}100{{- end -}} -{{- define "k10.kanisterToolsImageTag" -}}0.104.0{{- end -}} +{{- define "k10.kanisterToolsImageTag" -}}0.105.0{{- end -}} {{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}} {{- define "k10.gatewayPrefixVarName" -}}GATEWAY_PREFIX{{- end -}} {{- define "k10.gatewayRequestHeadersVarName" -}}GATEWAY_REQUEST_HEADERS{{- end -}} {{- define "k10.gatewayAuthHeadersVarName" -}}GATEWAY_AUTH_HEADERS{{- end -}} +{{- define "k10.gatewayPortVarName" -}}GATEWAY_PORT{{- end -}} diff --git a/charts/kasten/k10/templates/_helpers.tpl b/charts/kasten/k10/templates/_helpers.tpl index 7263237b3..7cbfc28ff 100644 --- a/charts/kasten/k10/templates/_helpers.tpl +++ b/charts/kasten/k10/templates/_helpers.tpl @@ -9,10 +9,6 @@ {{- end -}} {{- end -}} - {{- if not .Values.gateway.next_gen -}} - {{- $disabledServices = append $disabledServices "gateway" -}} - {{- end -}} - {{- $disabledServices | join " " -}} {{- end -}} @@ -1002,15 +998,15 @@ running in the same cluster. {{- fail (printf "Unsupported image format: %q (%s)" .image .path) -}} {{- end -}} - {{- $hash := $split_repo_tag_and_hash | rest | first -}} + {{- $digest := $split_repo_tag_and_hash | rest | first -}} {{- $tag := $split_repo_and_tag | rest | first -}} {{- $sha := "" -}} - {{- if $hash -}} - {{- if not ($hash | hasPrefix "sha256:") -}} + {{- if $digest -}} + {{- if not ($digest | hasPrefix "sha256:") -}} {{- fail (printf "Unsupported image ...@hash type: %q (%s)" .image .path) -}} {{- end -}} - {{- $sha = $hash | trimPrefix "sha256:" }} + {{- $sha = $digest | trimPrefix "sha256:" }} {{- end -}} {{- /* Split out the registry if the first component of the repo contains a "." */ -}} @@ -1027,6 +1023,7 @@ running in the same cluster. "registry" $registry "repository" $repo "tag" ($tag | default "") + "digest" ($digest | default "") "sha" ($sha | default "") ) | toJson -}} diff --git a/charts/kasten/k10/templates/_k10_container.tpl b/charts/kasten/k10/templates/_k10_container.tpl index 707c60e85..e9401da6e 100644 --- a/charts/kasten/k10/templates/_k10_container.tpl +++ b/charts/kasten/k10/templates/_k10_container.tpl @@ -630,12 +630,12 @@ stating that types are not same for the equality check - name: K10_GRAFANA_ENABLED value: {{ .Values.grafana.enabled | quote }} {{- end }} -{{- if eq $service "gateway" }} - envFrom: - - configMapRef: - name: k10-gateway +{{- if eq $service "dashboardbff" }} + {{- with .Values.global.persistence.diskSpaceAlertPercent }} + - name: K10_DISK_SPACE_ALERT_PERCENT + value: {{ . | quote }} + {{- end -}} {{- end -}} - {{- if or $.stateful (or (eq (include "check.googlecreds" .) "true") (eq $service "auth" "logging")) }} volumeMounts: {{- else if or (or (eq (include "basicauth.check" .) "true") (or .Values.auth.oidcAuth.enabled (eq (include "check.dexAuth" .) "true"))) .Values.features }} @@ -712,7 +712,6 @@ stating that types are not same for the equality check - name: kanister-sidecar image: {{ include "get.kanisterToolsImage" .}} imagePullPolicy: {{ .Values.kanisterToolsImage.pullPolicy }} -{{- $podName := (printf "%s-svc" $service) }} {{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "kanister-sidecar" | include "k10.resource.request" | indent 8}} volumeMounts: - name: {{ $service }}-persistent-storage @@ -780,6 +779,7 @@ stating that types are not same for the equality check {{- define "k10-init-container" }} {{- $pod := .k10_pod }} +{{- $podName := (printf "%s-svc" $pod) }} {{- with .main }} {{- $main_context := . }} {{- $containerList := (dict "main" $main_context "k10_service_pod" $pod | include "get.serviceContainersInPod" | splitList " ") }} @@ -795,6 +795,7 @@ stating that types are not same for the equality check - --new-config-path=/dex-config/config.yaml - --secret-field=bindPW {{- dict "main" $main_context "k10_service" $service | include "serviceImage" | indent 8 }} + {{- dict "main" $main_context "k10_service_pod_name" $podName "k10_service_container_name" "dex-init" | include "k10.resource.request" | indent 8}} volumeMounts: - mountPath: /etc/dex/cfg name: config @@ -814,6 +815,7 @@ stating that types are not same for the equality check allowPrivilegeEscalation: false {{- dict "main" $main_context "k10_service" "upgrade" | include "serviceImage" | indent 8 }} imagePullPolicy: {{ $main_context.Values.global.image.pullPolicy }} + {{- dict "main" $main_context "k10_service_pod_name" $podName "k10_service_container_name" "upgrade-init" | include "k10.resource.request" | indent 8}} env: - name: MODEL_STORE_DIR valueFrom: @@ -827,6 +829,7 @@ stating that types are not same for the equality check - name: schema-upgrade-check {{- dict "main" $main_context "k10_service" $service | include "serviceImage" | indent 8 }} imagePullPolicy: {{ $main_context.Values.global.image.pullPolicy }} + {{- dict "main" $main_context "k10_service_pod_name" $podName "k10_service_container_name" "schema-upgrade-check" | include "k10.resource.request" | indent 8}} env: {{- if $main_context.Values.clusterName }} - name: CLUSTER_NAME diff --git a/charts/kasten/k10/templates/_k10_image_tag.tpl b/charts/kasten/k10/templates/_k10_image_tag.tpl index 594504dce..958200d79 100644 --- a/charts/kasten/k10/templates/_k10_image_tag.tpl +++ b/charts/kasten/k10/templates/_k10_image_tag.tpl @@ -1 +1 @@ -{{- define "k10.imageTag" -}}6.5.2{{- end -}} \ No newline at end of file +{{- define "k10.imageTag" -}}6.5.3{{- end -}} \ No newline at end of file diff --git a/charts/kasten/k10/templates/_k10_metering.tpl b/charts/kasten/k10/templates/_k10_metering.tpl index d40c47412..95243c022 100644 --- a/charts/kasten/k10/templates/_k10_metering.tpl +++ b/charts/kasten/k10/templates/_k10_metering.tpl @@ -4,6 +4,7 @@ we have to start using .Values.reportingSecret instead of correct version .Values.metering.reportingSecret */}} {{- define "k10-metering" }} {{ $service := .k10_service }} +{{- $podName := (printf "%s-svc" $service) }} {{ $main := .main }} {{- with .main }} {{- $servicePort := .Values.service.externalPort -}} @@ -140,6 +141,7 @@ spec: allowPrivilegeEscalation: false {{- dict "main" . "k10_service" "upgrade" | include "serviceImage" | indent 8 }} imagePullPolicy: {{ .Values.global.image.pullPolicy }} + {{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "upgrade-init" | include "k10.resource.request" | indent 8}} env: - name: MODEL_STORE_DIR value: /var/reports/ @@ -151,7 +153,6 @@ spec: - name: {{ $service }}-svc {{- dict "main" . "k10_service" $service | include "serviceImage" | indent 8 }} imagePullPolicy: {{ .Values.global.image.pullPolicy }} -{{- $podName := (printf "%s-svc" $service) }} {{- $containerName := (printf "%s-svc" $service) }} {{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" $containerName | include "k10.resource.request" | indent 8}} ports: diff --git a/charts/kasten/k10/templates/_prometheus.tpl b/charts/kasten/k10/templates/_prometheus.tpl new file mode 100644 index 000000000..a49a8363f --- /dev/null +++ b/charts/kasten/k10/templates/_prometheus.tpl @@ -0,0 +1,29 @@ +{{/*** MATCH LABELS *** + NOTE: The match labels here (`app` and `release`) are divergent from + the match labels set by the upstream chart. This is intentional since a + Deployment's `spec.selector` is immutable and K10 has already been shipped + with these values. + + A change to these selector labels will mean that all customers must manually + delete the Prometheus Deployment before upgrading, which is a situation we don't + want for our customers. + + Instead, the `app.kubernetes.io/name` and `app.kubernetes.io/instance` labels + are included in the `prometheus.commonMetaLabels` in: + `helm/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl`. +*/}} +{{- define "prometheus.common.matchLabels" -}} +app: {{ include "prometheus.name" . }} +release: {{ .Release.Name }} +{{- end -}} + +{{- define "prometheus.server.labels" -}} +{{ include "prometheus.server.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +app.kubernetes.io/component: {{ .Values.server.name }} +{{- end -}} + +{{- define "prometheus.server.matchLabels" -}} +component: {{ .Values.server.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} diff --git a/charts/kasten/k10/templates/deployments.yaml b/charts/kasten/k10/templates/deployments.yaml index a6eb8ac25..b0a8ab9a2 100644 --- a/charts/kasten/k10/templates/deployments.yaml +++ b/charts/kasten/k10/templates/deployments.yaml @@ -25,6 +25,7 @@ Generate deployment specs for additional services. These are stateless and have 1 replica. */}} {{- range $skip, $k10_service := concat (include "get.enabledServices" . | splitList " ") (include "get.enabledAdditionalServices" . | splitList " ") }} + {{- if eq $k10_service "gateway" -}}{{- continue -}}{{- end -}} {{ $tmp_contx := dict "main" $main_context "k10_service" $k10_service "stateful" false "replicas" 1 }} {{- include "k10-default" $tmp_contx -}} {{- end }} diff --git a/charts/kasten/k10/templates/gateway.yaml b/charts/kasten/k10/templates/gateway.yaml index 07107fa28..1dd2f9d31 100644 --- a/charts/kasten/k10/templates/gateway.yaml +++ b/charts/kasten/k10/templates/gateway.yaml @@ -1,6 +1,5 @@ -{{- if not $.Values.gateway.next_gen }} -{{- $container_port := .Values.service.internalPort -}} -{{- $service_port := .Values.service.externalPort -}} +{{- $container_port := .Values.gateway.service.internalPort | default 8000 -}} +{{- $service_port := .Values.gateway.service.externalPort -}} {{- $admin_port := default 8877 .Values.service.gatewayAdminPort -}} --- apiVersion: v1 @@ -11,6 +10,7 @@ metadata: service: gateway {{ include "helm.labels" . | indent 4 }} name: gateway + {{- if not $.Values.gateway.next_gen }} annotations: getambassador.io/config: | --- @@ -30,13 +30,13 @@ metadata: name: ambassadorhost hostname: "*" ambassador_id: [ {{ include "k10.ambassadorId" . }} ] -{{- if .Values.secrets.tlsSecret }} + {{- if .Values.secrets.tlsSecret }} tlsSecret: name: {{ .Values.secrets.tlsSecret }} -{{- else if and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey }} + {{- else if and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey }} tlsSecret: name: gateway-certs -{{- end }} + {{- end }} requestPolicy: insecure: action: Route @@ -52,27 +52,28 @@ metadata: from: SELF ambassador_id: [ {{ include "k10.ambassadorId" . }} ] --- -{{- if (eq "endpoint" .Values.apigateway.serviceResolver) }} + {{- if (eq "endpoint" .Values.apigateway.serviceResolver) }} apiVersion: getambassador.io/v3alpha1 kind: KubernetesEndpointResolver name: endpoint ambassador_id: [ {{ include "k10.ambassadorId" . }} ] --- -{{- end }} + {{- end }} apiVersion: getambassador.io/v3alpha1 kind: Module name: ambassador config: service_port: {{ $container_port }} -{{- if .Values.global.network.enable_ipv6 }} + {{- if .Values.global.network.enable_ipv6 }} enable_ipv6: true -{{- end }} + {{- end }} ambassador_id: [ {{ include "k10.ambassadorId" . }} ] -{{- if (eq "endpoint" .Values.apigateway.serviceResolver) }} + {{- if (eq "endpoint" .Values.apigateway.serviceResolver) }} resolver: endpoint load_balancer: policy: round_robin -{{- end }} + {{- end }} + {{- end }} spec: ports: - name: http @@ -81,6 +82,7 @@ spec: selector: service: gateway --- +{{- if not $.Values.gateway.next_gen }} {{- if .Values.gateway.exposeAdminPort }} apiVersion: v1 kind: Service @@ -99,6 +101,7 @@ spec: service: gateway --- {{- end }} +{{- end }} apiVersion: apps/v1 kind: Deployment metadata: @@ -121,6 +124,53 @@ spec: service: gateway component: gateway {{ include "helm.labels" . | indent 8 }} +{{- if $.Values.gateway.next_gen }} + spec: + serviceAccountName: {{ template "serviceAccountName" . }} + {{- include "k10.imagePullSecrets" . | indent 6 }} + containers: + - name: gateway + {{- dict "main" . "k10_service" "gateway" | include "serviceImage" | indent 8 }} + resources: + limits: + cpu: {{ .Values.gateway.resources.limits.cpu | quote }} + memory: {{ .Values.gateway.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.gateway.resources.requests.cpu | quote }} + memory: {{ .Values.gateway.resources.requests.memory | quote }} + env: + - name: LOG_LEVEL + valueFrom: + configMapKeyRef: + name: k10-config + key: loglevel + - name: VERSION + valueFrom: + configMapKeyRef: + name: k10-config + key: version + {{- with $capabilities := include "k10.capabilities" . }} + - name: K10_CAPABILITIES + value: {{ $capabilities | quote }} + {{- end }} + {{- with $capabilities_mask := include "k10.capabilities_mask" . }} + - name: K10_CAPABILITIES_MASK + value: {{ $capabilities_mask | quote }} + {{- end }} + envFrom: + - configMapRef: + name: k10-gateway + livenessProbe: + httpGet: + path: /healthz + port: {{ $container_port }} + initialDelaySeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: {{ $container_port }} + restartPolicy: Always +{{- else }} spec: serviceAccountName: {{ template "serviceAccountName" . }} {{- include "k10.imagePullSecrets" . | indent 6 }} diff --git a/charts/kasten/k10/templates/ingress.yaml b/charts/kasten/k10/templates/ingress.yaml index 48efc0530..9cc2e7d77 100644 --- a/charts/kasten/k10/templates/ingress.yaml +++ b/charts/kasten/k10/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}} -{{- $service_port := .Values.service.externalPort -}} +{{- $service_port := .Values.gateway.service.externalPort -}} {{ if .Values.ingress.create }} {{ include "authEnabled.check" . }} apiVersion: {{ template "ingress.apiVersion" . }} diff --git a/charts/kasten/k10/templates/k10-config.yaml b/charts/kasten/k10/templates/k10-config.yaml index b8a4953ba..2b8d386f7 100644 --- a/charts/kasten/k10/templates/k10-config.yaml +++ b/charts/kasten/k10/templates/k10-config.yaml @@ -273,4 +273,8 @@ data: {{- if .Values.gateway.authHeaders }} {{ include "k10.gatewayAuthHeadersVarName" .}}: {{ (.Values.gateway.authHeaders | default list) | join " " }} {{- end }} + + {{- if .Values.gateway.service.internalPort }} + {{ include "k10.gatewayPortVarName" .}}: {{ .Values.gateway.service.internalPort | quote }} + {{- end }} {{ end }} diff --git a/charts/kasten/k10/templates/networkpolicy.yaml b/charts/kasten/k10/templates/networkpolicy.yaml index f775255b0..1467c54b8 100644 --- a/charts/kasten/k10/templates/networkpolicy.yaml +++ b/charts/kasten/k10/templates/networkpolicy.yaml @@ -31,7 +31,7 @@ spec: access-k10-services: allowed ports: - protocol: TCP - port: {{ .Values.service.externalPort }} + port: {{ .Values.service.internalPort }} --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 @@ -51,7 +51,7 @@ spec: release: {{ .Release.Name }} ports: - protocol: TCP - port: {{ .Values.service.externalPort }} + port: {{ .Values.service.internalPort }} --- {{/* TODO: Consider a flag to turn this off. */}} kind: NetworkPolicy @@ -116,7 +116,7 @@ spec: - from: [] ports: - protocol: TCP - port: 8000 + port: {{ .Values.gateway.service.internalPort | default 8000 }} --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 @@ -181,7 +181,7 @@ spec: createdBy: kanister ports: - protocol: TCP - port: {{ .Values.service.externalPort }} + port: {{ .Values.service.internalPort }} {{- end -}} {{- if .Values.injectKanisterSidecar.enabled }} --- diff --git a/charts/kasten/k10/templates/rhmarketplace.tpl b/charts/kasten/k10/templates/rhmarketplace.tpl new file mode 100644 index 000000000..e64022641 --- /dev/null +++ b/charts/kasten/k10/templates/rhmarketplace.tpl @@ -0,0 +1,8 @@ +{{/* +This file is used to fail the helm deployment if certain values are set which are +not compatible with an Operator deployment. +*/}} + +{{- if and (.Values.global.rhMarketPlace) (.Values.reporting.pdfReports) -}} + {{- fail "reporting.pdfReports cannot be enabled for the K10 Red Hat Marketplace Operator" -}} +{{- end -}} diff --git a/charts/kasten/k10/templates/v0services.yaml b/charts/kasten/k10/templates/v0services.yaml index 8b35acf7d..5135e58f2 100644 --- a/charts/kasten/k10/templates/v0services.yaml +++ b/charts/kasten/k10/templates/v0services.yaml @@ -125,6 +125,7 @@ spec: {{ end }}{{/* if not (hasKey $colocated_services $k10_service ) */}} {{ end -}}{{/* range append (include "get.enabledRestServices" . | splitList " ") "frontend" */}} {{- range append (include "get.enabledServices" . | splitList " ") "kanister" }} +{{- if eq . "gateway" -}}{{- continue -}}{{- end -}} apiVersion: v1 kind: Service metadata: diff --git a/charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl b/charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl new file mode 100644 index 000000000..8715f98d9 --- /dev/null +++ b/charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl @@ -0,0 +1,156 @@ +{{/* + With some of K10's features being provided by external Helm charts, those Helm + charts need to be configured to work with K10. + + Unfortunately, some of the values needed to configure the subcharts aren't + accessible to the subcharts (only global.* and chart_name.* are accessible). + + This means the values need to be duplicated, making the configuration of K10 + quite cumbersome for users (the same setting has to be provided in multiple + places, making it easy to misconfigure one thing or another). + + Alternatively, the subchart's templates could be customized to read global.* + values instead. However, this means upgrading the subchart is quite burdensome + since the customizations have to be re-applied to the upgraded chart. This is + even less tenable with the frequency with which chart updates are needed. + + With this in mind, this template was specially crafted to be able to read K10 + values and update the values that will be passed to the subchart. + + --- + + To accomplish this, Helm's template parsing and rendering order is exploited. + + Helm allows parent charts to override templates in subcharts. This is done by + parsing templates with lower precedence first (templates that are more deeply + nested than others). This allows templates with higher precedence to redefine + templates with lower precedence. + + Helm also renders templates in this same order. This template exploits this + ordering in order to set subchart values before the subchart's templates are + rendered, having the same effect as the user setting the values. + + WARNING: The name and directory structure of this template was carefully + selected to ensure that it is rendered before other templates! +*/}} + +{{- if .Values.prometheus.server.enabled }} +{{- $prometheus_scoped_values := (dict "Chart" (dict "Name" "prometheus") "Release" .Release "Values" .Values.prometheus) -}} + +{{- $prometheus_name := (include "prometheus.name" $prometheus_scoped_values) -}} +{{- $prometheus_prefix := "/k10/prometheus/" -}} +{{- $release_name := .Release.Name -}} + +{{- /*** PROMETHEUS LABELS ***/ -}} +{{- $_ := mergeOverwrite .Values.prometheus + (dict + "commonMetaLabels" (dict + "app.kubernetes.io/name" $prometheus_name + "app.kubernetes.io/instance" $release_name + ) + ) +-}} + +{{- /*** PROMETHEUS SERVER OVERRIDES ***/ -}} +{{- $fullnameOverride := .Values.prometheus.server.fullnameOverride | default "prometheus-server" -}} +{{- $clusterRoleNameOverride := .Values.prometheus.server.clusterRoleNameOverride | default (printf "%s-%s" .Release.Name $fullnameOverride) -}} +{{- $_ := mergeOverwrite .Values.prometheus.server + (dict + "baseURL" (.Values.prometheus.server.baseURL | default $prometheus_prefix) + "prefixURL" (.Values.prometheus.server.prefixURL | default $prometheus_prefix | trimSuffix "/") + + "clusterRoleNameOverride" $clusterRoleNameOverride + "configMapOverrideName" "k10-prometheus-config" + "fullnameOverride" $fullnameOverride + ) +-}} + +{{- /*** K10 PROMETHEUS CONFIGMAP-RELOAD IMAGE *** + - global.airgapped.repository + - global.image.registry + - global.image.tag + - global.images.configmap-reload +*/ -}} +{{- $prometheus_configmap_reload_image := (dict + "registry" (.Values.global.airgapped.repository | default .Values.global.image.registry) + "repository" "configmap-reload" + "tag" (include "get.k10ImageTag" $) +) -}} +{{- if (index .Values.global.images "configmap-reload") -}} + {{- $prometheus_configmap_reload_image = ( + include "k10.splitImage" (dict + "image" (index .Values.global.images "configmap-reload") + "path" "global.images.configmap-reload" + ) + ) | fromJson + -}} +{{- end -}} + +{{- $_ := mergeOverwrite .Values.prometheus.configmapReload.prometheus.image + (dict + "repository" (list $prometheus_configmap_reload_image.registry $prometheus_configmap_reload_image.repository | compact | join "/") + "tag" $prometheus_configmap_reload_image.tag + "digest" $prometheus_configmap_reload_image.digest + ) +-}} + +{{- /*** K10 PROMETHEUS SERVER IMAGE *** + - global.airgapped.repository + - global.image.registry + - global.image.tag + - global.images.prometheus +*/ -}} +{{- $prometheus_server_image := (dict + "registry" (.Values.global.airgapped.repository | default .Values.global.image.registry) + "repository" "prometheus" + "tag" (include "get.k10ImageTag" $) +) -}} +{{- if .Values.global.images.prometheus -}} + {{- $prometheus_server_image = ( + include "k10.splitImage" (dict + "image" .Values.global.images.prometheus + "path" "global.images.prometheus" + ) + ) | fromJson + -}} +{{- end -}} + +{{- $_ := mergeOverwrite .Values.prometheus.server.image + (dict + "repository" (list $prometheus_server_image.registry $prometheus_server_image.repository | compact | join "/") + "tag" $prometheus_server_image.tag + "digest" $prometheus_server_image.digest + ) +-}} + +{{- /*** K10 IMAGE PULL SECRETS *** + - secrets.dockerConfig + - secrets.dockerConfigPath + - global.imagePullSecret +*/ -}} +{{- $image_pull_secret_names := list -}} +{{- if .Values.global.imagePullSecret -}} + {{- $image_pull_secret_names = append $image_pull_secret_names .Values.global.imagePullSecret -}} +{{- end -}} +{{- if (or .Values.secrets.dockerConfig .Values.secrets.dockerConfigPath) -}} + {{ $image_pull_secret_names = append $image_pull_secret_names "k10-ecr" -}} +{{- end -}} +{{- $image_pull_secret_names = $image_pull_secret_names | compact | uniq -}} + +{{- if $image_pull_secret_names -}} + {{- $image_pull_secrets := .Values.prometheus.imagePullSecrets | default list -}} + {{- range $name := $image_pull_secret_names -}} + {{- $image_pull_secrets = append $image_pull_secrets (dict "name" $name) -}} + {{- end -}} + {{- $_ := set .Values.prometheus "imagePullSecrets" $image_pull_secrets -}} +{{- end -}} + +{{- /*** K10 PERSISTENCE *** + - global.persistence.storageClass +*/ -}} +{{- $_ := mergeOverwrite .Values.prometheus.server.persistentVolume + (dict + "storageClass" (.Values.prometheus.server.persistentVolume.storageClass | default .Values.global.persistence.storageClass) + ) +-}} +{{- end }} diff --git a/charts/kasten/k10/values.schema.json b/charts/kasten/k10/values.schema.json index 7ffd9e819..59c2d7fa1 100644 --- a/charts/kasten/k10/values.schema.json +++ b/charts/kasten/k10/values.schema.json @@ -2108,6 +2108,18 @@ "title": "Expose Admin port", "description": "Whether to expose Admin port for gateway service" }, + "service": { + "type": "object", + "title": "gateway service config", + "properties": { + "externalPort": { + "type": "integer", + "default": 80, + "title": "externalPort for the gateway service", + "description": "Override default 80 externalPort for the gateway service" + } + } + }, "resources": { "type": "object", "title": "Gateway pod resource config", diff --git a/charts/kasten/k10/values.yaml b/charts/kasten/k10/values.yaml index 43ac83d4a..1fe6ae477 100644 --- a/charts/kasten/k10/values.yaml +++ b/charts/kasten/k10/values.yaml @@ -404,6 +404,8 @@ limiter: gateway: insecureDisableSSLVerify: false exposeAdminPort: true + service: + externalPort: 80 resources: requests: memory: 300Mi diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index 1db82392b..bce8df9c0 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -4,6 +4,26 @@ Nothing yet. +## 2.35.1 + +### Fixed + +* The plugin helper no longer sets the plugin list when not in use. + [#1002](https://github.com/Kong/charts/pull/1002) + +## 2.35.0 + +### Added + +* Added controller's RBAC rules for `KongVault` CRD (installed only when KIC + version >= 3.1.0). + [#992](https://github.com/Kong/charts/pull/992) + +### Fixed + +* Added a missing `envFrom` render in the main Kong proxy container. + [#994](https://github.com/Kong/charts/pull/994) + ## 2.34.0 ### Added diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index 740598e2c..574750ae3 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -18,4 +18,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.34.0 +version: 2.35.1 diff --git a/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap b/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap index 632ec8342..e4a642bdf 100644 --- a/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap +++ b/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap @@ -10,7 +10,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -34,7 +34,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -60,8 +60,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -179,8 +177,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -279,7 +275,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-custom-dbless-config namespace: default - object: @@ -291,7 +287,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-admin namespace: default spec: @@ -314,7 +310,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -342,7 +338,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -369,7 +365,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap b/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap index 8e7ca98c6..48a17cc2a 100644 --- a/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap +++ b/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap @@ -10,7 +10,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -85,7 +85,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -109,7 +109,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -158,6 +158,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -207,8 +210,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -321,8 +322,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -410,7 +409,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -659,7 +658,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -679,7 +678,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -744,7 +743,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -768,7 +767,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -785,7 +784,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -799,7 +798,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -828,7 +827,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -856,7 +855,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -872,7 +871,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -883,7 +882,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/default-values.snap b/charts/kong/kong/ci/__snapshots__/default-values.snap index d4ad6f81b..4a3009ad5 100644 --- a/charts/kong/kong/ci/__snapshots__/default-values.snap +++ b/charts/kong/kong/ci/__snapshots__/default-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -106,7 +106,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -157,6 +157,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -208,8 +211,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -324,8 +325,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -412,7 +411,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -660,7 +659,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -679,7 +678,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -743,7 +742,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -766,7 +765,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -782,7 +781,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -795,7 +794,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -823,7 +822,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -850,7 +849,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -865,7 +864,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -875,7 +874,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap index e7116c127..7ffab2b24 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -106,7 +106,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -155,6 +155,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -204,8 +207,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -318,8 +319,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -406,7 +405,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -432,7 +431,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -680,7 +679,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -699,7 +698,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -763,7 +762,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -786,7 +785,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -802,7 +801,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -824,7 +823,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -852,7 +851,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -879,7 +878,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -894,7 +893,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -904,7 +903,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap index abecc1a2c..80ae7822f 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -106,7 +106,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -155,6 +155,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -204,8 +207,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -318,8 +319,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -406,7 +405,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -434,7 +433,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -682,7 +681,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -701,7 +700,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -765,7 +764,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -788,7 +787,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -804,7 +803,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -826,7 +825,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -854,7 +853,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -881,7 +880,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -896,7 +895,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -906,7 +905,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap index 4553dcf6a..f3cc17157 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -106,7 +106,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -155,6 +155,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -204,8 +207,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -318,8 +319,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -406,7 +405,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -430,7 +429,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -678,7 +677,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -697,7 +696,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -761,7 +760,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -784,7 +783,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -800,7 +799,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -813,7 +812,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -841,7 +840,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -868,7 +867,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -883,7 +882,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -893,7 +892,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap index 0ccaf3766..cadb9ee98 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -106,7 +106,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -155,6 +155,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -204,8 +207,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -318,8 +319,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -406,7 +405,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -465,7 +464,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -713,7 +712,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -732,7 +731,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -796,7 +795,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -819,7 +818,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -835,7 +834,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -866,7 +865,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -894,7 +893,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -921,7 +920,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -936,7 +935,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -946,7 +945,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/service-account.snap b/charts/kong/kong/ci/__snapshots__/service-account.snap index 0f47778a8..17b345ed2 100644 --- a/charts/kong/kong/ci/__snapshots__/service-account.snap +++ b/charts/kong/kong/ci/__snapshots__/service-account.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -106,7 +106,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -155,6 +155,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -204,8 +207,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -318,8 +319,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -406,7 +405,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -654,7 +653,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -673,7 +672,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -737,7 +736,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -760,7 +759,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -776,7 +775,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -789,7 +788,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -817,7 +816,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -844,7 +843,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -859,7 +858,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -869,7 +868,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: my-kong-sa namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap b/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap index 29857465e..8ff4201e6 100644 --- a/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap +++ b/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -106,7 +106,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -157,6 +157,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -208,8 +211,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -324,8 +325,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -412,7 +411,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -660,7 +659,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -679,7 +678,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -743,7 +742,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -766,7 +765,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -782,7 +781,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -795,7 +794,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -823,7 +822,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -850,7 +849,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -865,7 +864,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -875,7 +874,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap b/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap index 3acef92f5..a954f812e 100644 --- a/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap @@ -10,7 +10,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -33,7 +33,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -57,8 +57,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -169,8 +167,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -254,7 +250,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -282,7 +278,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -309,7 +305,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/test1-values.snap b/charts/kong/kong/ci/__snapshots__/test1-values.snap index c714105a3..4e3848904 100644 --- a/charts/kong/kong/ci/__snapshots__/test1-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test1-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -106,7 +106,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" environment: test - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -159,6 +159,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -219,8 +222,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -341,8 +342,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -449,7 +448,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -475,7 +474,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -499,7 +498,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -747,7 +746,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -766,7 +765,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -830,7 +829,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -853,7 +852,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -869,7 +868,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -882,7 +881,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -910,7 +909,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -937,7 +936,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -952,7 +951,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: ServiceAccount @@ -962,7 +961,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/test2-values.snap b/charts/kong/kong/ci/__snapshots__/test2-values.snap index ae0195d80..4e4688cbc 100644 --- a/charts/kong/kong/ci/__snapshots__/test2-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test2-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -84,7 +84,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -112,7 +112,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -170,6 +170,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -234,8 +237,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -266,6 +267,9 @@ SnapShot = """ value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - name: KONG_NGINX_DAEMON value: \"off\" + envFrom: + - configMapRef: + name: env-config image: kong:3.5 imagePullPolicy: IfNotPresent lifecycle: @@ -369,8 +373,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -474,8 +476,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -725,7 +725,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-init-migrations namespace: default spec: @@ -741,7 +741,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: kong-init-migrations spec: automountServiceAccountToken: false @@ -786,8 +786,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -893,8 +891,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -982,7 +978,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-post-upgrade-migrations namespace: default spec: @@ -998,7 +994,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: kong-post-upgrade-migrations spec: automountServiceAccountToken: false @@ -1043,8 +1039,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -1150,8 +1144,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -1241,7 +1233,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-pre-upgrade-migrations namespace: default spec: @@ -1257,7 +1249,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: kong-pre-upgrade-migrations spec: automountServiceAccountToken: false @@ -1302,8 +1294,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -1409,8 +1399,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -1494,7 +1482,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -1518,7 +1506,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -1561,7 +1549,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -1580,7 +1568,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -1644,7 +1632,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-default namespace: default rules: @@ -1862,7 +1850,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -1882,7 +1870,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-default namespace: default roleRef: @@ -1908,7 +1896,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-bash-wait-for-postgres namespace: default - object: @@ -1930,7 +1918,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -1946,7 +1934,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -1974,7 +1962,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -2002,7 +1990,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -2037,7 +2025,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -2052,7 +2040,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: Service @@ -2112,7 +2100,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/test3-values.snap b/charts/kong/kong/ci/__snapshots__/test3-values.snap index e61683608..19e84fa6c 100644 --- a/charts/kong/kong/ci/__snapshots__/test3-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test3-values.snap @@ -10,7 +10,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -34,7 +34,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -62,8 +62,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -182,8 +180,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -300,7 +296,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-custom-dbless-config namespace: default - object: @@ -312,7 +308,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -340,7 +336,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -367,7 +363,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/test4-values.snap b/charts/kong/kong/ci/__snapshots__/test4-values.snap index 49e0a1a6a..496dc250e 100644 --- a/charts/kong/kong/ci/__snapshots__/test4-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test4-values.snap @@ -10,7 +10,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -34,7 +34,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -62,8 +62,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -186,8 +184,6 @@ SnapShot = """ value: /opt/?.lua;/opt/?/init.lua;; - name: KONG_NGINX_WORKER_PROCESSES value: \"2\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -276,7 +272,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -309,7 +305,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-custom-dbless-config namespace: default - object: @@ -321,7 +317,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -349,7 +345,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -384,7 +380,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/ci/__snapshots__/test5-values.snap b/charts/kong/kong/ci/__snapshots__/test5-values.snap index 48c83a7a6..020e83507 100644 --- a/charts/kong/kong/ci/__snapshots__/test5-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test5-values.snap @@ -9,7 +9,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validations namespace: default webhooks: @@ -83,7 +83,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default spec: @@ -111,7 +111,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 version: \"3.5\" spec: automountServiceAccountToken: false @@ -162,6 +162,9 @@ SnapShot = """ - containerPort: 10255 name: cmetrics protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: @@ -228,8 +231,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -359,8 +360,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -450,8 +449,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -698,7 +695,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-init-migrations namespace: default spec: @@ -714,7 +711,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: kong-init-migrations spec: automountServiceAccountToken: false @@ -761,8 +758,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -854,8 +849,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -940,7 +933,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-post-upgrade-migrations namespace: default spec: @@ -956,7 +949,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: kong-post-upgrade-migrations spec: automountServiceAccountToken: false @@ -1003,8 +996,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -1096,8 +1087,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -1184,7 +1173,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-pre-upgrade-migrations namespace: default spec: @@ -1200,7 +1189,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: kong-pre-upgrade-migrations spec: automountServiceAccountToken: false @@ -1247,8 +1236,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -1340,8 +1327,6 @@ SnapShot = """ name: chartsnap-postgresql - name: KONG_PG_PORT value: \"5432\" - - name: KONG_PLUGINS - value: bundled - name: KONG_PORTAL_API_ACCESS_LOG value: /dev/stdout - name: KONG_PORTAL_API_ERROR_LOG @@ -1422,7 +1407,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -1446,7 +1431,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong rules: - apiGroups: @@ -1694,7 +1679,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong roleRef: apiGroup: rbac.authorization.k8s.io @@ -1713,7 +1698,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default rules: @@ -1777,7 +1762,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default roleRef: @@ -1803,7 +1788,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-bash-wait-for-postgres namespace: default - object: @@ -1818,7 +1803,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-ca-keypair namespace: default type: kubernetes.io/tls @@ -1834,7 +1819,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook-keypair namespace: default type: kubernetes.io/tls @@ -1862,7 +1847,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-manager namespace: default spec: @@ -1890,7 +1875,7 @@ SnapShot = """ app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" enable-metrics: \"true\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-proxy namespace: default spec: @@ -1917,7 +1902,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong-validation-webhook namespace: default spec: @@ -1932,7 +1917,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 - object: apiVersion: v1 kind: Service @@ -1992,7 +1977,7 @@ SnapShot = """ app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kong app.kubernetes.io/version: \"3.5\" - helm.sh/chart: kong-2.34.0 + helm.sh/chart: kong-2.35.1 name: chartsnap-kong namespace: default """ diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl index f5abde2ee..e47933627 100644 --- a/charts/kong/kong/templates/_helpers.tpl +++ b/charts/kong/kong/templates/_helpers.tpl @@ -890,6 +890,9 @@ The name of the Service which will be used by the controller to update the Ingre containerPort: 10255 protocol: TCP {{- end }} + - name: status + containerPort: 10254 + protocol: TCP env: - name: POD_NAME valueFrom: @@ -1155,7 +1158,9 @@ the template that it itself is using form the above sections. {{- end }} {{- end }} +{{- if (.Values.plugins) }} {{- $_ := set $autoEnv "KONG_PLUGINS" (include "kong.plugins" .) -}} +{{- end }} {{/* ====== USER-SET ENVIRONMENT VARIABLES ====== @@ -1644,6 +1649,24 @@ of a Role or ClusterRole) that provide the ingress controller access to the Kubernetes Cluster-scoped resources it uses to build Kong configuration. */}} {{- define "kong.kubernetesRBACClusterRules" -}} +{{- if (semverCompare ">= 3.1.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} +- apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update +{{- end }} - apiGroups: - configuration.konghq.com resources: diff --git a/charts/kong/kong/templates/deployment.yaml b/charts/kong/kong/templates/deployment.yaml index 70da44590..6e9bba8d3 100644 --- a/charts/kong/kong/templates/deployment.yaml +++ b/charts/kong/kong/templates/deployment.yaml @@ -137,6 +137,7 @@ spec: {{ toYaml .Values.containerSecurityContext | nindent 10 }} env: {{- include "kong.no_daemon_env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} lifecycle: {{- toYaml .Values.lifecycle | nindent 10 }} ports: diff --git a/charts/kubecost/cost-analyzer/Chart.yaml b/charts/kubecost/cost-analyzer/Chart.yaml index 87f687beb..f2908fc2f 100644 --- a/charts/kubecost/cost-analyzer/Chart.yaml +++ b/charts/kubecost/cost-analyzer/Chart.yaml @@ -7,22 +7,9 @@ annotations: catalog.cattle.io/featured: "1" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 -appVersion: 1.108.1 -dependencies: -- condition: global.grafana.enabled - name: grafana - repository: file://./charts/grafana - version: ~1.17.2 -- condition: global.prometheus.enabled - name: prometheus - repository: file://./charts/prometheus - version: ~11.0.2 -- condition: global.thanos.enabled - name: thanos - repository: file://./charts/thanos - version: ~0.29.0 +appVersion: 2.0.2 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer -version: 1.108.1 +version: 2.0.2 diff --git a/charts/kubecost/cost-analyzer/README.md b/charts/kubecost/cost-analyzer/README.md index feedbbf3e..3674e10a5 100644 --- a/charts/kubecost/cost-analyzer/README.md +++ b/charts/kubecost/cost-analyzer/README.md @@ -35,8 +35,6 @@ The following table lists commonly used configuration parameters for the Kubecos | Parameter | Description | Default | |------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------| | `global.prometheus.enabled` | If false, use an existing Prometheus install. [More info](http://docs.kubecost.com/custom-prom). | `true` | -| `prometheus.kube-state-metrics.disabled` | If false, deploy [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics) for Kubernetes metrics | `false` | -| `prometheus.kube-state-metrics.resources` | Set kube-state-metrics resource requests and limits. | `{}` | | `prometheus.server.persistentVolume.enabled` | If true, Prometheus server will create a Persistent Volume Claim. | `true` | | `prometheus.server.persistentVolume.size` | Prometheus server data Persistent Volume size. Default set to retain ~6000 samples per second for 15 days. | `32Gi` | | `prometheus.server.retention` | Determines when to remove old data. | `15d` | @@ -114,42 +112,3 @@ kind create cluster --image kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eee ct install --chart-dirs="." --charts="." ``` -- perform ct StatefulSet execution - -```shell -# create multiple nodes kind config -cat > kind-config.yaml < etlBucketConfigSecret.yaml <= 5.0.0`) | `5.3.1` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | Kubernetes port where service is exposed | `80` | -| `service.annotations` | Service annotations | `{}` | -| `service.labels` | Custom labels | `{}` | -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Custom labels | `{}` | -| `ingress.hosts` | Ingress accepted hostnames | `[]` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `persistence.enabled` | Use persistent volume to store data | `false` | -| `persistence.size` | Size of persistent volume claim | `10Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | -| `persistence.storageClassName` | Type of persistent volume claim | `nil` | -| `persistence.accessModes` | Persistence access modes | `[]` | -| `persistence.subPath` | Mount a sub dir of the persistent volume | `""` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `env` | Extra environment variables passed to pods | `{}` | -| `envFromSecret` | Name of a Kubenretes secret (must be manually created in the same namespace) containing values to be added to the environment | `""` | -| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | -| `plugins` | Plugins to be loaded along with Grafana | `[]` | -| `datasources` | Configure grafana datasources | `{}` | -| `dashboardProviders` | Configure grafana dashboard providers | `{}` | -| `dashboards` | Dashboards to import | `{}` | -| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | -| `grafana.ini` | Grafana's primary configuration | `{}` | -| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | -| `ldap.config ` | Grafana's LDAP configuration | `""` | -| `annotations` | Deployment annotations | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `sidecar.dashboards.enabled` | Enabled the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | -| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `false` | -| `sidecar.datasources.enabled` | Enabled the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | -| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `false` | -| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials, this must have the keys `user` and `password`. | `""` | - -## Sidecar for dashboards - -If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported dashboards are deleted/updated. A recommendation is to use one configmap per dashboard, as an reduction of multiple dashboards inside one configmap is currently not properly mirrored in grafana. -Example dashboard config: -``` -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-dashboard - labels: - grafana_dashboard: 1 -data: - k8s-dashboard.json: |- - [...] -``` - -## Sidecar for datasources - -If the parameter `sidecar.datasource.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in those configmaps are written to a folder and accessed by grafana on startup. Using these yaml files, the data sources in grafana can be modified. - -Example datasource config adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): -``` -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-datasource - labels: - grafana_datasource: 1 -data: - datasource.yaml: |- - # config file version - apiVersion: 1 - - # list of datasources that should be deleted from the database - deleteDatasources: - - name: Graphite - orgId: 1 - - # list of datasources to insert/update depending - # whats available in the database - datasources: - # name of the datasource. Required - - name: Graphite - # datasource type. Required - type: graphite - # access mode. proxy or direct (Server or Browser in the UI). Required - access: proxy - # org id. will default to orgId 1 if not specified - orgId: 1 - # url - url: http://localhost:8080 - # database password, if used - password: - # database user, if used - user: - # database name, if used - database: - # enable/disable basic auth - basicAuth: - # basic auth username - basicAuthUser: - # basic auth password - basicAuthPassword: - # enable/disable with credentials headers - withCredentials: - # mark as default datasource. Max one per org - isDefault: - # fields that will be converted to json and stored in json_data - jsonData: - graphiteVersion: "1.1" - tlsAuth: true - tlsAuthWithCACert: true - # json object of data that will be encrypted. - secureJsonData: - tlsCACert: "..." - tlsClientCert: "..." - tlsClientKey: "..." - version: 1 - # allow users to edit datasources from the UI. - editable: false - -``` diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/NOTES.txt b/charts/kubecost/cost-analyzer/charts/grafana/templates/NOTES.txt deleted file mode 100644 index 57e84cd69..000000000 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -1. Get your '{{ .Values.adminUser }}' user password by running: - - kubectl get secret --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo - -2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: - - {{ template "grafana.fullname" . }}.{{ .Release.Namespace }}.svc -{{ if .Values.ingress.enabled }} - From outside the cluster, the server URL(s) are: -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{ else }} - Get the Grafana URL to visit by running these commands in the same shell: -{{ if contains "NodePort" .Values.service.type -}} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{ else if contains "LoadBalancer" .Values.service.type -}} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "grafana.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - http://$SERVICE_IP:{{ .Values.service.port -}} -{{ else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "grafana.fullname" . }},component={{ .Values.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000 -{{- end }} -{{- end }} - -3. Login with the password from step 1 and the username: {{ .Values.adminUser }} - -{{- if not .Values.persistence.enabled }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the Grafana pod is terminated. ##### -################################################################################# -{{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/charts/grafana/templates/_helpers.tpl deleted file mode 100644 index 3a3ebd3ec..000000000 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account -*/}} -{{- define "grafana.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/ingress.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/ingress.yaml deleted file mode 100644 index 1c65e2113..000000000 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "grafana.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- $apiV1 := false -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- $apiV1 = true -}} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $apiV1 }} - - path: {{ $ingressPath }} - pathType: {{ $.Values.ingress.pathType }} - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - - path: {{ $ingressPath }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/podsecuritypolicy.yaml deleted file mode 100644 index 9a392c606..000000000 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - {{- if .Values.rbac.pspUseAppArmor }} - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - {{- end}} - -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' - readOnlyRootFilesystem: false -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/role.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/role.yaml deleted file mode 100644 index 4a0abd518..000000000 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ if and .Values.global.grafana.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "grafana.fullname" . }}] -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/rolebinding.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/rolebinding.yaml deleted file mode 100644 index 4f11d6904..000000000 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if and .Values.global.grafana.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "grafana.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} -{{ end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/service.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/service.yaml deleted file mode 100644 index a8059e066..000000000 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} -{{- with .Values.service.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} - type: ClusterIP - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.service.type }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} - ports: - - name: tcp-service - port: {{ .Values.service.port }} - protocol: TCP - targetPort: 3000 -{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{.Values.service.nodePort}} -{{ end }} - selector: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/Chart.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/Chart.yaml deleted file mode 100644 index dd81a9c69..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 2.17.2 -description: Prometheus is a monitoring system and time series database. -home: https://prometheus.io/ -icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png -maintainers: -- email: gianrubio@gmail.com - name: gianrubio -- email: zanhsieh@gmail.com - name: zanhsieh -name: prometheus -sources: -- https://github.com/prometheus/alertmanager -- https://github.com/prometheus/prometheus -- https://github.com/prometheus/pushgateway -- https://github.com/prometheus/node_exporter -- https://github.com/kubernetes/kube-state-metrics -version: 11.0.2 diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/README.md b/charts/kubecost/cost-analyzer/charts/prometheus/README.md deleted file mode 100644 index bb8fded41..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/README.md +++ /dev/null @@ -1,475 +0,0 @@ -# Prometheus - -[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true. - -## TL;DR; - -```console -$ helm install stable/prometheus -``` - -## Introduction - -This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.3+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install --name my-release stable/prometheus -``` - -The command deploys Prometheus on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Prometheus 2.x - -Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/) - -Users of this chart will need to update their alerting rules to the new format before they can upgrade. - -## Upgrading from previous chart versions. - -Version 9.0 adds a new option to enable or disable the Prometheus Server. -This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. -To install the server `server.enabled` must be set to `true`. - -As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data. - -### Example migration - -Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following: - -1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below: - - ``` - alertmanager: - enabled: false - alertmanagerFiles: - alertmanager.yml: "" - kube-state-metrics: - disabled: true - nodeExporter: - enabled: false - pushgateway: - enabled: false - server: - extraArgs: - storage.local.retention: 720h - serverFiles: - alerts: "" - prometheus.yml: "" - rules: "" - ``` - -1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target. - - ``` - prometheus.yml: - ... - remote_read: - - url: http://prometheus-old/api/v1/read - ... - ``` - - Old data will be available when you query the new prometheus instance. - -## Scraping Pod Metrics via Annotations - -This chart uses a default configuration that causes prometheus -to scrape a variety of kubernetes resource types, provided they have the correct annotations. -In this section we describe how to configure pods to be scraped; -for information on how other resource types can be scraped you can -do a `helm template` to get the kubernetes resource definitions, -and then reference the prometheus configuration in the ConfigMap against the prometheus documentation -for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) -and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config). - -In order to get prometheus to scrape pods, you must add annotations to the the pods as below: - -``` -metadata: - annotations: - prometheus.io/scrape: "true" - prometheus.io/path: /metrics - prometheus.io/port: "8080" -spec: -... -``` - -You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. -`prometheus.io/port` should be set to the port that your pod serves metrics from. -Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be -enclosed in double quotes. - -## Configuration - -The following table lists the configurable parameters of the Prometheus chart and their default values. - -Parameter | Description | Default ---------- | ----------- | ------- -`alertmanager.enabled` | If true, create alertmanager | `true` -`alertmanager.name` | alertmanager container name | `alertmanager` -`alertmanager.image.repository` | alertmanager container image repository | `prom/alertmanager` -`alertmanager.image.tag` | alertmanager container image tag | `v0.20.0` -`alertmanager.image.pullPolicy` | alertmanager container image pull policy | `IfNotPresent` -`alertmanager.prefixURL` | The prefix slug at which the server can be accessed | `` -`alertmanager.baseURL` | The external url at which the server can be accessed | `"http://localhost:9093"` -`alertmanager.extraArgs` | Additional alertmanager container arguments | `{}` -`alertmanager.extraSecretMounts` | Additional alertmanager Secret mounts | `[]` -`alertmanager.configMapOverrideName` | Prometheus alertmanager ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}` and setting this value will prevent the default alertmanager ConfigMap from being generated | `""` -`alertmanager.configFromSecret` | The name of a secret in the same kubernetes namespace which contains the Alertmanager config, setting this value will prevent the default alertmanager ConfigMap from being generated | `""` -`alertmanager.configFileName` | The configuration file name to be loaded to alertmanager. Must match the key within configuration loaded from ConfigMap/Secret. | `alertmanager.yml` -`alertmanager.ingress.enabled` | If true, alertmanager Ingress will be created | `false` -`alertmanager.ingress.annotations` | alertmanager Ingress annotations | `{}` -`alertmanager.ingress.extraLabels` | alertmanager Ingress additional labels | `{}` -`alertmanager.ingress.hosts` | alertmanager Ingress hostnames | `[]` -`alertmanager.ingress.extraPaths` | Ingress extra paths to prepend to every alertmanager host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`alertmanager.ingress.tls` | alertmanager Ingress TLS configuration (YAML) | `[]` -`alertmanager.nodeSelector` | node labels for alertmanager pod assignment | `{}` -`alertmanager.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`alertmanager.affinity` | pod affinity | `{}` -`alertmanager.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`alertmanager.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`alertmanager.schedulerName` | alertmanager alternate scheduler name | `nil` -`alertmanager.persistentVolume.enabled` | If true, alertmanager will create a Persistent Volume Claim | `true` -`alertmanager.persistentVolume.accessModes` | alertmanager data Persistent Volume access modes | `[ReadWriteOnce]` -`alertmanager.persistentVolume.annotations` | Annotations for alertmanager Persistent Volume Claim | `{}` -`alertmanager.persistentVolume.existingClaim` | alertmanager data Persistent Volume existing claim name | `""` -`alertmanager.persistentVolume.mountPath` | alertmanager data Persistent Volume mount root path | `/data` -`alertmanager.persistentVolume.size` | alertmanager data Persistent Volume size | `2Gi` -`alertmanager.persistentVolume.storageClass` | alertmanager data Persistent Volume Storage Class | `unset` -`alertmanager.persistentVolume.volumeBindingMode` | alertmanager data Persistent Volume Binding Mode | `unset` -`alertmanager.persistentVolume.subPath` | Subdirectory of alertmanager data Persistent Volume to mount | `""` -`alertmanager.podAnnotations` | annotations to be added to alertmanager pods | `{}` -`alertmanager.podLabels` | labels to be added to Prometheus AlertManager pods | `{}` -`alertmanager.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`alertmanager.replicaCount` | desired number of alertmanager pods | `1` -`alertmanager.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false` -`alertmanager.statefulSet.podManagementPolicy` | podManagementPolicy of alertmanager pods | `OrderedReady` -`alertmanager.statefulSet.headless.annotations` | annotations for alertmanager headless service | `{}` -`alertmanager.statefulSet.headless.labels` | labels for alertmanager headless service | `{}` -`alertmanager.statefulSet.headless.enableMeshPeer` | If true, enable the mesh peer endpoint for the headless service | `{}` -`alertmanager.statefulSet.headless.servicePort` | alertmanager headless service port | `80` -`alertmanager.priorityClassName` | alertmanager priorityClassName | `nil` -`alertmanager.resources` | alertmanager pod resource requests & limits | `{}` -`alertmanager.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Alert Manager containers | `{}` -`alertmanager.service.annotations` | annotations for alertmanager service | `{}` -`alertmanager.service.clusterIP` | internal alertmanager cluster service IP | `""` -`alertmanager.service.externalIPs` | alertmanager service external IP addresses | `[]` -`alertmanager.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`alertmanager.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`alertmanager.service.servicePort` | alertmanager service port | `80` -`alertmanager.service.sessionAffinity` | Session Affinity for alertmanager service, can be `None` or `ClientIP` | `None` -`alertmanager.service.type` | type of alertmanager service to create | `ClusterIP` -`alertmanager.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`alertmanagerFiles.alertmanager.yml` | Prometheus alertmanager configuration | example configuration -`configmapReload.prometheus.enabled` | If false, the configmap-reload container for Prometheus will not be deployed | `true` -`configmapReload.prometheus.containerSecurityContext` | securityContext for container | `{}` -`configmapReload.prometheus.name` | configmap-reload container name | `configmap-reload` -`configmapReload.prometheus.image.repository` | configmap-reload container image repository | `quay.io/prometheus-operator/prometheus-config-reloader` -`configmapReload.prometheus.image.tag` | configmap-reload container image tag | `v0.68.0` -`configmapReload.prometheus.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` -`configmapReload.prometheus.extraArgs` | Additional configmap-reload container arguments | `{}` -`configmapReload.prometheus.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` -`configmapReload.prometheus.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]` -`configmapReload.prometheus.resources` | configmap-reload pod resource requests & limits | `{}` -`configmapReload.alertmanager.enabled` | If false, the configmap-reload container for AlertManager will not be deployed | `true` -`configmapReload.alertmanager.name` | configmap-reload container name | `configmap-reload` -`configmapReload.alertmanager.image.repository` | configmap-reload container image repository | `quay.io/prometheus-operator/prometheus-config-reloader` -`configmapReload.alertmanager.image.tag` | configmap-reload container image tag | `v0.68.0` -`configmapReload.alertmanager.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` -`configmapReload.alertmanager.extraArgs` | Additional configmap-reload container arguments | `{}` -`configmapReload.alertmanager.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` -`configmapReload.alertmanager.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]` -`configmapReload.alertmanager.resources` | configmap-reload pod resource requests & limits | `{}` -`initChownData.enabled` | If false, don't reset data ownership at startup | true -`initChownData.name` | init-chown-data container name | `init-chown-data` -`initChownData.image.repository` | init-chown-data container image repository | `busybox` -`initChownData.image.tag` | init-chown-data container image tag | `latest` -`initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` -`initChownData.resources` | init-chown-data pod resource requests & limits | `{}` -`kube-state-metrics.disabled` | If false, create kube-state-metrics sub-chart, see the [kube-state-metrics chart for configuration options](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) | `false` -`nodeExporter.enabled` | If true, create node-exporter | `true` -`nodeExporter.dnsPolicy` | node-exporter dns policy | `ClusterFirstWithHostNet` -`nodeExporter.name` | node-exporter container name | `node-exporter` -`nodeExporter.image.repository` | node-exporter container image repository| `prom/node-exporter` -`nodeExporter.image.tag` | node-exporter container image tag | `v0.18.1` -`nodeExporter.image.pullPolicy` | node-exporter container image pull policy | `IfNotPresent` -`nodeExporter.extraArgs` | Additional node-exporter container arguments | `{}` -`nodeExporter.extraHostPathMounts` | Additional node-exporter hostPath mounts | `[]` -`nodeExporter.extraConfigmapMounts` | Additional node-exporter configMap mounts | `[]` -`nodeExporter.hostNetwork` | If true, node-exporter pods share the host network namespace | `true` -`nodeExporter.hostPID` | If true, node-exporter pods share the host PID namespace | `true` -`nodeExporter.nodeSelector` | node labels for node-exporter pod assignment | `{}` -`nodeExporter.podAnnotations` | annotations to be added to node-exporter pods | `{}` -`nodeExporter.pod.labels` | labels to be added to node-exporter pods | `{}` -`nodeExporter.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`nodeExporter.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`nodeExporter.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`nodeExporter.podSecurityPolicy.enabled` | Specify if a Pod Security Policy for node-exporter must be created | `false` -`nodeExporter.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`nodeExporter.priorityClassName` | node-exporter priorityClassName | `nil` -`nodeExporter.resources` | node-exporter resource requests and limits (YAML) | `{}` -`nodeExporter.securityContext` | securityContext for containers in pod | `{}` -`nodeExporter.service.annotations` | annotations for node-exporter service | `{prometheus.io/scrape: "true"}` -`nodeExporter.service.clusterIP` | internal node-exporter cluster service IP | `None` -`nodeExporter.service.externalIPs` | node-exporter service external IP addresses | `[]` -`nodeExporter.service.hostPort` | node-exporter service host port | `9100` -`nodeExporter.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`nodeExporter.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`nodeExporter.service.servicePort` | node-exporter service port | `9100` -`nodeExporter.service.type` | type of node-exporter service to create | `ClusterIP` -`podSecurityPolicy.enabled` | If true, create & use pod security policies resources | `false` -`pushgateway.enabled` | If true, create pushgateway | `true` -`pushgateway.name` | pushgateway container name | `pushgateway` -`pushgateway.image.repository` | pushgateway container image repository | `prom/pushgateway` -`pushgateway.image.tag` | pushgateway container image tag | `v1.0.1` -`pushgateway.image.pullPolicy` | pushgateway container image pull policy | `IfNotPresent` -`pushgateway.extraArgs` | Additional pushgateway container arguments | `{}` -`pushgateway.ingress.enabled` | If true, pushgateway Ingress will be created | `false` -`pushgateway.ingress.annotations` | pushgateway Ingress annotations | `{}` -`pushgateway.ingress.hosts` | pushgateway Ingress hostnames | `[]` -`pushgateway.ingress.extraPaths` | Ingress extra paths to prepend to every pushgateway host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`pushgateway.ingress.tls` | pushgateway Ingress TLS configuration (YAML) | `[]` -`pushgateway.nodeSelector` | node labels for pushgateway pod assignment | `{}` -`pushgateway.podAnnotations` | annotations to be added to pushgateway pods | `{}` -`pushgateway.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`pushgateway.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`pushgateway.replicaCount` | desired number of pushgateway pods | `1` -`pushgateway.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`pushgateway.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`pushgateway.schedulerName` | pushgateway alternate scheduler name | `nil` -`pushgateway.persistentVolume.enabled` | If true, Prometheus pushgateway will create a Persistent Volume Claim | `false` -`pushgateway.persistentVolume.accessModes` | Prometheus pushgateway data Persistent Volume access modes | `[ReadWriteOnce]` -`pushgateway.persistentVolume.annotations` | Prometheus pushgateway data Persistent Volume annotations | `{}` -`pushgateway.persistentVolume.existingClaim` | Prometheus pushgateway data Persistent Volume existing claim name | `""` -`pushgateway.persistentVolume.mountPath` | Prometheus pushgateway data Persistent Volume mount root path | `/data` -`pushgateway.persistentVolume.size` | Prometheus pushgateway data Persistent Volume size | `2Gi` -`pushgateway.persistentVolume.storageClass` | Prometheus pushgateway data Persistent Volume Storage Class | `unset` -`pushgateway.persistentVolume.volumeBindingMode` | Prometheus pushgateway data Persistent Volume Binding Mode | `unset` -`pushgateway.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` -`pushgateway.priorityClassName` | pushgateway priorityClassName | `nil` -`pushgateway.resources` | pushgateway pod resource requests & limits | `{}` -`pushgateway.service.annotations` | annotations for pushgateway service | `{}` -`pushgateway.service.clusterIP` | internal pushgateway cluster service IP | `""` -`pushgateway.service.externalIPs` | pushgateway service external IP addresses | `[]` -`pushgateway.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`pushgateway.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`pushgateway.service.servicePort` | pushgateway service port | `9091` -`pushgateway.service.type` | type of pushgateway service to create | `ClusterIP` -`pushgateway.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`rbac.create` | If true, create & use RBAC resources | `true` -`server.enabled` | If false, Prometheus server will not be created | `true` -`server.name` | Prometheus server container name | `server` -`server.image.repository` | Prometheus server container image repository | `prom/prometheus` -`server.image.tag` | Prometheus server container image tag | `v2.16.0` -`server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` -`server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml` -`server.global.scrape_interval` | How frequently to scrape targets by default | `1m` -`server.global.scrape_timeout` | How long until a scrape request times out | `10s` -`server.global.evaluation_interval` | How frequently to evaluate rules | `1m` -`server.remoteWrite` | The remote write feature of Prometheus allow transparently sending samples. | `{}` -`server.remoteRead` | The remote read feature of Prometheus allow transparently receiving samples. | `{}` -`server.extraArgs` | Additional Prometheus server container arguments | `{}` -`server.extraFlags` | Additional Prometheus server container flags | `["web.enable-lifecycle"]` -`server.extraInitContainers` | Init containers to launch alongside the server | `[]` -`server.prefixURL` | The prefix slug at which the server can be accessed | `` -`server.baseURL` | The external url at which the server can be accessed | `` -`server.env` | Prometheus server environment variables | `[]` -`server.extraHostPathMounts` | Additional Prometheus server hostPath mounts | `[]` -`server.extraConfigmapMounts` | Additional Prometheus server configMap mounts | `[]` -`server.extraSecretMounts` | Additional Prometheus server Secret mounts | `[]` -`server.extraVolumeMounts` | Additional Prometheus server Volume mounts | `[]` -`server.extraVolumes` | Additional Prometheus server Volumes | `[]` -`server.configMapOverrideName` | Prometheus server ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.server.configMapOverrideName}}` and setting this value will prevent the default server ConfigMap from being generated | `""` -`server.ingress.enabled` | If true, Prometheus server Ingress will be created | `false` -`server.ingress.annotations` | Prometheus server Ingress annotations | `[]` -`server.ingress.extraLabels` | Prometheus server Ingress additional labels | `{}` -`server.ingress.hosts` | Prometheus server Ingress hostnames | `[]` -`server.ingress.extraPaths` | Ingress extra paths to prepend to every Prometheus server host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`server.ingress.tls` | Prometheus server Ingress TLS configuration (YAML) | `[]` -`server.nodeSelector` | node labels for Prometheus server pod assignment | `{}` -`server.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`server.affinity` | pod affinity | `{}` -`server.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`server.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`server.priorityClassName` | Prometheus server priorityClassName | `nil` -`server.schedulerName` | Prometheus server alternate scheduler name | `nil` -`server.persistentVolume.enabled` | If true, Prometheus server will create a Persistent Volume Claim | `true` -`server.persistentVolume.accessModes` | Prometheus server data Persistent Volume access modes | `[ReadWriteOnce]` -`server.persistentVolume.annotations` | Prometheus server data Persistent Volume annotations | `{}` -`server.persistentVolume.existingClaim` | Prometheus server data Persistent Volume existing claim name | `""` -`server.persistentVolume.mountPath` | Prometheus server data Persistent Volume mount root path | `/data` -`server.persistentVolume.size` | Prometheus server data Persistent Volume size | `8Gi` -`server.persistentVolume.storageClass` | Prometheus server data Persistent Volume Storage Class | `unset` -`server.persistentVolume.volumeBindingMode` | Prometheus server data Persistent Volume Binding Mode | `unset` -`server.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` -`server.containerSecurityContext` | securityContext for container | `{}` -`server.emptyDir.sizeLimit` | emptyDir sizeLimit if a Persistent Volume is not used | `""` -`server.podAnnotations` | annotations to be added to Prometheus server pods | `{}` -`server.podLabels` | labels to be added to Prometheus server pods | `{}` -`server.alertmanagers` | Prometheus AlertManager configuration for the Prometheus server | `{}` -`server.deploymentAnnotations` | annotations to be added to Prometheus server deployment | `{}` -`server.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`server.replicaCount` | desired number of Prometheus server pods | `1` -`server.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false` -`server.statefulSet.annotations` | annotations to be added to Prometheus server stateful set | `{}` -`server.statefulSet.labels` | labels to be added to Prometheus server stateful set | `{}` -`server.statefulSet.podManagementPolicy` | podManagementPolicy of server pods | `OrderedReady` -`server.statefulSet.headless.annotations` | annotations for Prometheus server headless service | `{}` -`server.statefulSet.headless.labels` | labels for Prometheus server headless service | `{}` -`server.statefulSet.headless.servicePort` | Prometheus server headless service port | `80` -`server.resources` | Prometheus server resource requests and limits | `{}` -`server.verticalAutoscaler.enabled` | If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs) | `false` -`server.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for server containers | `{}` -`server.service.annotations` | annotations for Prometheus server service | `{}` -`server.service.clusterIP` | internal Prometheus server cluster service IP | `""` -`server.service.externalIPs` | Prometheus server service external IP addresses | `[]` -`server.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`server.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`server.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0` -`server.service.servicePort` | Prometheus server service port | `80` -`server.service.sessionAffinity` | Session Affinity for server service, can be `None` or `ClientIP` | `None` -`server.service.type` | type of Prometheus server service to create | `ClusterIP` -`server.service.gRPC.enabled` | If true, open a second port on the service for gRPC | `false` -`server.service.gRPC.servicePort` | Prometheus service gRPC port, (ignored if `server.service.gRPC.enabled` is not `true`) | `10901` -`server.service.gRPC.nodePort` | Port to be used as gRPC nodePort in the prometheus service | `0` -`server.service.statefulsetReplica.enabled` | If true, send the traffic from the service to only one replica of the replicaset | `false` -`server.service.statefulsetReplica.replica` | Which replica to send the traffice to | `0` -`server.sidecarContainers` | array of snippets with your sidecar containers for prometheus server | `""` -`server.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`serviceAccounts.alertmanager.create` | If true, create the alertmanager service account | `true` -`serviceAccounts.alertmanager.name` | name of the alertmanager service account to use or create | `{{ prometheus.alertmanager.fullname }}` -`serviceAccounts.kubeStateMetrics.create` | If true, create the kubeStateMetrics service account | `true` -`serviceAccounts.kubeStateMetrics.name` | name of the kubeStateMetrics service account to use or create | `{{ prometheus.kubeStateMetrics.fullname }}` -`serviceAccounts.nodeExporter.create` | If true, create the nodeExporter service account | `true` -`serviceAccounts.nodeExporter.name` | name of the nodeExporter service account to use or create | `{{ prometheus.nodeExporter.fullname }}` -`serviceAccounts.pushgateway.create` | If true, create the pushgateway service account | `true` -`serviceAccounts.pushgateway.name` | name of the pushgateway service account to use or create | `{{ prometheus.pushgateway.fullname }}` -`serviceAccounts.server.create` | If true, create the server service account | `true` -`serviceAccounts.server.name` | name of the server service account to use or create | `{{ prometheus.server.fullname }}` -`serviceAccounts.server.annotations` | annotations for the server service account | `{}` -`server.terminationGracePeriodSeconds` | Prometheus server Pod termination grace period | `300` -`server.retention` | (optional) Prometheus data retention | `"15d"` -`serverFiles.alerts` | (Deprecated) Prometheus server alerts configuration | `{}` -`serverFiles.rules` | (Deprecated) Prometheus server rules configuration | `{}` -`serverFiles.alerting_rules.yml` | Prometheus server alerts configuration | `{}` -`serverFiles.recording_rules.yml` | Prometheus server rules configuration | `{}` -`serverFiles.prometheus.yml` | Prometheus server scrape configuration | example configuration -`extraScrapeConfigs` | Prometheus server additional scrape configuration | "" -`alertRelabelConfigs` | Prometheus server [alert relabeling configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs) for H/A prometheus | "" -`networkPolicy.enabled` | Enable NetworkPolicy | `false` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install stable/prometheus --name my-release \ - --set server.terminationGracePeriodSeconds=360 -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install stable/prometheus --name my-release -f values.yaml -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -Note that you have multiple yaml files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example, - -```yaml -# values.yaml -# ... - -# service1-alert.yaml -serverFiles: - alerts: - service1: - - alert: anAlert - # ... - -# service2-alert.yaml -serverFiles: - alerts: - service2: - - alert: anAlert - # ... -``` - -```console -$ helm install stable/prometheus --name my-release -f values.yaml -f service1-alert.yaml -f service2-alert.yaml -``` - -### RBAC Configuration -Roles and RoleBindings resources will be created automatically for `server` and `kubeStateMetrics` services. - -To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account. - -> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own. - -### ConfigMap Files -AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod. - -Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod. - -### Ingress TLS -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```console -kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file: - -```yaml -server: - ingress: - ## If true, Prometheus server Ingress will be created - ## - enabled: true - - ## Prometheus server Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - prometheus.domain.com - - ## Prometheus server Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: prometheus-server-tls - hosts: - - prometheus.domain.com -``` - -### NetworkPolicy - -Enabling Network Policy for Prometheus will secure connections to Alert Manager -and Kube State Metrics by only accepting connections from Prometheus Server. -All inbound connections to Prometheus Server are still allowed. - -To enable network policy for Prometheus, install a networking plugin that -implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true. - -If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need -to manually create a networkpolicy which allows it. diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/Chart.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/Chart.yaml deleted file mode 100644 index 7752ccb44..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.5 -description: Install kube-state-metrics to generate and expose cluster-level metrics -home: https://github.com/kubernetes/kube-state-metrics/ -keywords: -- metric -- monitoring -- prometheus -- kubernetes -maintainers: -- email: jose@armesto.net - name: fiunchinho -- email: tariq.ibrahim@mulesoft.com - name: tariq1890 -- email: manuel@rueg.eu - name: mrueg -name: kube-state-metrics -sources: -- https://github.com/kubernetes/kube-state-metrics/ -version: 2.7.2 diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/OWNERS b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/OWNERS deleted file mode 100644 index 6ffd97d74..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -approvers: -- fiunchinho -- tariq1890 -- mrueg -reviewers: -- fiunchinho -- tariq1890 -- mrueg diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/README.md b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/README.md deleted file mode 100644 index 5c6456983..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# kube-state-metrics Helm Chart - -* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install stable/kube-state-metrics -``` - -## Configuration - -| Parameter | Description | Default | -|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| -| `image.repository` | The image repository to pull from | quay.io/coreos/kube-state-metrics | -| `image.tag` | The image tag to pull from | `v1.9.5` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `replicas` | Number of replicas | `1` | -| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | -| `service.port` | The port of the container | `8080` | -| `service.annotations` | Annotations to be added to the service | `{}` | -| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` | -| `hostNetwork` | Whether or not to use the host network | `false` | -| `prometheusScrape` | Whether or not enable prom scrape | `true` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | If true, create & use serviceAccount | `true` | -| `serviceAccount.name` | If not set & create is true, use template fullname | | -| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` | -| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources | `false` | -| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | {} | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `65534` | -| `securityContext.runAsUser` | User ID for the container | `65534` | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `nodeSelector` | Node labels for pod assignment | {} | -| `affinity` | Affinity settings for pod assignment | {} | -| `tolerations` | Tolerations for pod assignment | [] | -| `podAnnotations` | Annotations to be added to the pod | {} | -| `resources` | kube-state-metrics resource requests and limits | {} | -| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` | -| `collectors.configmaps` | Enable the configmaps collector. | `true` | -| `collectors.cronjobs` | Enable the cronjobs collector. | `true` | -| `collectors.daemonsets` | Enable the daemonsets collector. | `true` | -| `collectors.deployments` | Enable the deployments collector. | `true` | -| `collectors.endpoints` | Enable the endpoints collector. | `true` | -| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` | -| `collectors.ingresses` | Enable the ingresses collector. | `true` | -| `collectors.jobs` | Enable the jobs collector. | `true` | -| `collectors.limitranges` | Enable the limitranges collector. | `true` | -| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `false` | -| `collectors.namespaces` | Enable the namespaces collector. | `true` | -| `collectors.nodes` | Enable the nodes collector. | `true` | -| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` | -| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` | -| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` | -| `collectors.pods` | Enable the pods collector. | `true` | -| `collectors.replicasets` | Enable the replicasets collector. | `true` | -| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` | -| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` | -| `collectors.secrets` | Enable the secrets collector. | `true` | -| `collectors.services` | Enable the services collector. | `true` | -| `collectors.statefulsets` | Enable the statefulsets collector. | `true` | -| `collectors.storageclasses` | Enable the storageclasses collector. | `true` | -| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `false` | -| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `false` | -| `collectors.volumeattachments` | Enable the volumeattachments collector. | `false` | -| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` | -| `prometheus.monitor.honorLabels` | Honor metric labels | `false` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt deleted file mode 100644 index 5a646e0cc..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -The exposed metrics can be found here: -https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - -The metrics are exported on the HTTP endpoint /metrics on the listening port. -In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics - -They are served either as plaintext or protobuf depending on the Accept header. -They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl deleted file mode 100644 index 6ae0e647f..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kube-state-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-state-metrics.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-state-metrics.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml deleted file mode 100644 index 79045edf4..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{ if not .Values.disabled }} -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -rules: -{{ if .Values.collectors.certificatesigningrequests }} -- apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.configmaps }} -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.cronjobs }} -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.daemonsets }} -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.deployments }} -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.endpoints }} -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.horizontalpodautoscalers }} -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.ingresses }} -- apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.jobs }} -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.limitranges }} -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.mutatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.namespaces }} -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.networkpolicies }} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.nodes }} -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumeclaims }} -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumes }} -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.poddisruptionbudgets }} -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.pods }} -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicasets }} -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicationcontrollers }} -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.resourcequotas }} -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.secrets }} -- apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.services }} -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.statefulsets }} -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.storageclasses }} -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.validatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.volumeattachments }} -- apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.verticalpodautoscalers }} -- apiGroups: ["autoscaling.k8s.io"] - resources: - - verticalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100644 index 8518fd2cc..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if not .Values.disabled }} -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-state-metrics.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml deleted file mode 100644 index f78e48e62..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{ if not .Values.disabled }} -apiVersion: apps/v1 -{{- if .Values.autosharding.enabled }} -kind: StatefulSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - replicas: {{ .Values.replicas }} -{{- if .Values.autosharding.enabled }} - serviceName: {{ template "kube-state-metrics.fullname" . }} - volumeClaimTemplates: [] -{{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 8 }} -{{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - containers: - - name: {{ .Chart.Name }} -{{- if .Values.autosharding.enabled }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{- end }} - args: -{{ if .Values.collectors.certificatesigningrequests }} - - --collectors=certificatesigningrequests -{{ end }} -{{ if .Values.collectors.configmaps }} - - --collectors=configmaps -{{ end }} -{{ if .Values.collectors.cronjobs }} - - --collectors=cronjobs -{{ end }} -{{ if .Values.collectors.daemonsets }} - - --collectors=daemonsets -{{ end }} -{{ if .Values.collectors.deployments }} - - --collectors=deployments -{{ end }} -{{ if .Values.collectors.endpoints }} - - --collectors=endpoints -{{ end }} -{{ if .Values.collectors.horizontalpodautoscalers }} - - --collectors=horizontalpodautoscalers -{{ end }} -{{ if .Values.collectors.ingresses }} - - --collectors=ingresses -{{ end }} -{{ if .Values.collectors.jobs }} - - --collectors=jobs -{{ end }} -{{ if .Values.collectors.limitranges }} - - --collectors=limitranges -{{ end }} -{{ if .Values.collectors.mutatingwebhookconfigurations }} - - --collectors=mutatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.namespaces }} - - --collectors=namespaces -{{ end }} -{{ if .Values.collectors.networkpolicies }} - - --collectors=networkpolicies -{{ end }} -{{ if .Values.collectors.nodes }} - - --collectors=nodes -{{ end }} -{{ if .Values.collectors.persistentvolumeclaims }} - - --collectors=persistentvolumeclaims -{{ end }} -{{ if .Values.collectors.persistentvolumes }} - - --collectors=persistentvolumes -{{ end }} -{{ if .Values.collectors.poddisruptionbudgets }} - - --collectors=poddisruptionbudgets -{{ end }} -{{ if .Values.collectors.pods }} - - --collectors=pods -{{ end }} -{{ if .Values.collectors.replicasets }} - - --collectors=replicasets -{{ end }} -{{ if .Values.collectors.replicationcontrollers }} - - --collectors=replicationcontrollers -{{ end }} -{{ if .Values.collectors.resourcequotas }} - - --collectors=resourcequotas -{{ end }} -{{ if .Values.collectors.secrets }} - - --collectors=secrets -{{ end }} -{{ if .Values.collectors.services }} - - --collectors=services -{{ end }} -{{ if .Values.collectors.statefulsets }} - - --collectors=statefulsets -{{ end }} -{{ if .Values.collectors.storageclasses }} - - --collectors=storageclasses -{{ end }} -{{ if .Values.collectors.validatingwebhookconfigurations }} - - --collectors=validatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.verticalpodautoscalers }} - - --collectors=verticalpodautoscalers -{{ end }} -{{ if .Values.collectors.volumeattachments }} - - --collectors=volumeattachments -{{ end }} -{{ if .Values.namespace }} - - --namespace={{ .Values.namespace }} -{{ end }} -{{ if .Values.autosharding.enabled }} - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) -{{ end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 -{{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100644 index d1d01c64a..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{ if not .Values.disabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100644 index 1edb5afee..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if not .Values.disabled }} -{{- if and .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 583db5388..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if not .Values.disabled }} -{{- if and .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/service.yaml deleted file mode 100644 index 06c7bd484..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ if not .Values.disabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} - annotations: - {{- if .Values.prometheusScrape }} - prometheus.io/scrape: '{{ .Values.prometheusScrape }}' - {{- end }} - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: "{{ .Values.service.type }}" - ports: - - name: "http" - protocol: TCP - port: {{ .Values.service.port }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: 8080 -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - selector: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100644 index 76bd1d1d6..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if not .Values.disabled }} -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -imagePullSecrets: -{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100644 index c013f5265..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if not .Values.disabled }} -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - {{- if .Values.prometheus.monitor.additionalLabels }} -{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml deleted file mode 100644 index 95f237d7e..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ if not .Values.disabled }} -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resourceNames: - - kube-state-metrics - resources: - - statefulsets - verbs: - - get -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml deleted file mode 100644 index 49119520a..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{ if not .Values.disabled }} -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/values.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/values.yaml deleted file mode 100644 index cc68f2a2c..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/values.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Default values for kube-state-metrics. -prometheusScrape: true -image: - repository: registry.k8s.io/kube-state-metrics/kube-state-metrics - tag: v1.9.8 - pullPolicy: IfNotPresent - -# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data -# will be automatically sharded across <.Values.replicas> pods using the built-in -# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding -# This is an experimental feature and there are no stability guarantees. -autosharding: - enabled: false - -replicas: 1 - -service: - port: 8080 - # Default to clusterIP for backward compatibility - type: ClusterIP - nodePort: 0 - loadBalancerIP: "" - annotations: {} - -customLabels: {} - -hostNetwork: false - -rbac: - # If true, create & use RBAC resources - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created, require rbac true - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - -prometheus: - monitor: - enabled: false - additionalLabels: {} - namespace: "" - honorLabels: false - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - enabled: false - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - -securityContext: - enabled: true - runAsUser: 65534 - fsGroup: 65534 - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -## Affinity settings for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Annotations to be added to the pod -podAnnotations: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -# Available collectors for kube-state-metrics. By default all available -# collectors are enabled. -collectors: - certificatesigningrequests: false - configmaps: true - cronjobs: true - daemonsets: true - deployments: true - endpoints: true - horizontalpodautoscalers: true - ingresses: false - jobs: true - limitranges: true - mutatingwebhookconfigurations: false - namespaces: true - networkpolicies: false - nodes: true - persistentvolumeclaims: true - persistentvolumes: true - poddisruptionbudgets: true - pods: true - replicasets: true - replicationcontrollers: true - resourcequotas: true - secrets: false - services: true - statefulsets: true - storageclasses: true - validatingwebhookconfigurations: false - verticalpodautoscalers: false - volumeattachments: false - -# Namespace to be enabled for collecting resources. By default all namespaces are collected. -# namespace: "" - -## Override the deployment namespace -## -namespaceOverride: "" diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/requirements.lock b/charts/kubecost/cost-analyzer/charts/prometheus/requirements.lock deleted file mode 100644 index 4a4bde218..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: kube-state-metrics - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.7.2 -digest: sha256:695d0dbc2db8bccf5672145697546891da60ff12fbdb4f1bfc02459f4b755e4c -generated: 2020-03-18T18:57:59.00056179Z diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/requirements.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/requirements.yaml deleted file mode 100644 index 6e079ae7d..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/requirements.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dependencies: - - - name: kube-state-metrics - version: "2.7.*" - repository: https://kubernetes-charts.storage.googleapis.com/ - condition: kubeStateMetrics.enabled - diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/NOTES.txt b/charts/kubecost/cost-analyzer/charts/prometheus/templates/NOTES.txt deleted file mode 100644 index 0e8868f0b..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/NOTES.txt +++ /dev/null @@ -1,112 +0,0 @@ -{{- if .Values.server.enabled -}} -The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.server.ingress.enabled -}} -From outside the cluster, the server URL(s) are: -{{- range .Values.server.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the Prometheus server URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.server.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.server.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }} -{{- else if contains "ClusterIP" .Values.server.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090 -{{- end }} -{{- end }} - -{{- if .Values.server.persistentVolume.enabled }} -{{- else }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the Server pod is terminated. ##### -################################################################################# -{{- end }} -{{- end }} - -{{ if .Values.alertmanager.enabled }} -The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.alertmanager.ingress.enabled -}} -From outside the cluster, the alertmanager URL(s) are: -{{- range .Values.alertmanager.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the Alertmanager URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.alertmanager.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }} -{{- else if contains "ClusterIP" .Values.alertmanager.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093 -{{- end }} -{{- end }} - -{{- if .Values.alertmanager.persistentVolume.enabled }} -{{- else }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the AlertManager pod is terminated. ##### -################################################################################# -{{- end }} -{{- end }} - -{{- if .Values.nodeExporter.podSecurityPolicy.enabled }} -{{- else }} -################################################################################# -###### WARNING: Pod Security Policy has been moved to a global property. ##### -###### use .Values.podSecurityPolicy.enabled with pod-based ##### -###### annotations ##### -###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) ##### -################################################################################# -{{- end }} - -{{ if .Values.pushgateway.enabled }} -The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.pushgateway.ingress.enabled -}} -From outside the cluster, the pushgateway URL(s) are: -{{- range .Values.pushgateway.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the PushGateway URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.pushgateway.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }} -{{- else if contains "ClusterIP" .Values.pushgateway.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091 -{{- end }} -{{- end }} -{{- end }} - -For more information on running Prometheus, visit: -https://prometheus.io/ diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/charts/prometheus/templates/_helpers.tpl deleted file mode 100644 index 295aa01c5..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,276 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create unified labels for prometheus components -*/}} -{{- define "prometheus.common.matchLabels" -}} -app: {{ template "prometheus.name" . }} -release: {{ .Release.Name }} -{{- end -}} - -{{- define "prometheus.common.metaLabels" -}} -chart: {{ template "prometheus.chart" . }} -heritage: {{ .Release.Service }} -{{- end -}} - -{{- define "prometheus.alertmanager.labels" -}} -{{ include "prometheus.alertmanager.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.alertmanager.matchLabels" -}} -component: {{ .Values.alertmanager.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.kubeStateMetrics.labels" -}} -{{ include "prometheus.kubeStateMetrics.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.kubeStateMetrics.matchLabels" -}} -component: {{ .Values.kubeStateMetrics.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.nodeExporter.labels" -}} -{{ include "prometheus.nodeExporter.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.nodeExporter.matchLabels" -}} -component: {{ .Values.nodeExporter.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.pushgateway.labels" -}} -{{ include "prometheus.pushgateway.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.pushgateway.matchLabels" -}} -component: {{ .Values.pushgateway.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.server.labels" -}} -{{ include "prometheus.server.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.server.matchLabels" -}} -component: {{ .Values.server.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified alertmanager name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} - -{{- define "prometheus.alertmanager.fullname" -}} -{{- if .Values.alertmanager.fullnameOverride -}} -{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified kube-state-metrics name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.kubeStateMetrics.fullname" -}} -{{- if .Values.kubeStateMetrics.fullnameOverride -}} -{{- .Values.kubeStateMetrics.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified node-exporter name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.nodeExporter.fullname" -}} -{{- if .Values.nodeExporter.fullnameOverride -}} -{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified Prometheus server name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.server.fullname" -}} -{{- if .Values.server.fullnameOverride -}} -{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified pushgateway name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.pushgateway.fullname" -}} -{{- if .Values.pushgateway.fullnameOverride -}} -{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "prometheus.deployment.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "prometheus.daemonset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "prometheus.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "prometheus.podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.3-0, <1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the alertmanager component -*/}} -{{- define "prometheus.serviceAccountName.alertmanager" -}} -{{- if .Values.serviceAccounts.alertmanager.create -}} - {{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.alertmanager.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the kubeStateMetrics component -*/}} -{{- define "prometheus.serviceAccountName.kubeStateMetrics" -}} -{{- if .Values.serviceAccounts.kubeStateMetrics.create -}} - {{ default (include "prometheus.kubeStateMetrics.fullname" .) .Values.serviceAccounts.kubeStateMetrics.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.kubeStateMetrics.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the nodeExporter component -*/}} -{{- define "prometheus.serviceAccountName.nodeExporter" -}} -{{- if .Values.serviceAccounts.nodeExporter.create -}} - {{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.nodeExporter.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the pushgateway component -*/}} -{{- define "prometheus.serviceAccountName.pushgateway" -}} -{{- if .Values.serviceAccounts.pushgateway.create -}} - {{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.pushgateway.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the server component -*/}} -{{- define "prometheus.serviceAccountName.server" -}} -{{- if .Values.serviceAccounts.server.create -}} - {{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.server.name }} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-clusterrole.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-clusterrole.yaml deleted file mode 100644 index b68e9b6e5..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.alertmanager.fullname" . }} -{{- else }} - [] -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml deleted file mode 100644 index a6edd94a1..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.alertmanager" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "prometheus.alertmanager.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-deployment.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-deployment.yaml deleted file mode 100644 index 07f727573..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-deployment.yaml +++ /dev/null @@ -1,142 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} - replicas: {{ .Values.alertmanager.replicaCount }} - {{- if .Values.alertmanager.strategy }} - strategy: -{{ toYaml .Values.alertmanager.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.alertmanager.podAnnotations }} - annotations: -{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 8 }} - {{- if .Values.alertmanager.podLabels}} - {{ toYaml .Values.alertmanager.podLabels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.alertmanager.schedulerName }} - schedulerName: "{{ .Values.alertmanager.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} -{{- if .Values.alertmanager.priorityClassName }} - priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} - image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" - env: - {{- range $key, $value := .Values.alertmanager.extraEnv }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - args: - - --config.file=/etc/config/{{ .Values.alertmanager.configFileName }} - - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} - - --cluster.advertise-address=$(POD_IP):6783 - {{- range $key, $value := .Values.alertmanager.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.alertmanager.baseURL }} - - --web.external-url={{ .Values.alertmanager.baseURL }} - {{- end }} - - ports: - - containerPort: 9093 - readinessProbe: - httpGet: - path: {{ .Values.alertmanager.prefixURL }}/-/ready - port: 9093 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: -{{ toYaml .Values.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" - subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - - {{- if .Values.configmapReload.alertmanager.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} - image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" - args: - - --watched-dir=/etc/config - - --reload-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload - resources: -{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.alertmanager.nodeSelector }} - nodeSelector: -{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.securityContext }} - securityContext: -{{ toYaml .Values.alertmanager.securityContext | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.tolerations }} - tolerations: -{{ toYaml .Values.alertmanager.tolerations | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.affinity }} - affinity: -{{ toYaml .Values.alertmanager.affinity | indent 8 }} - {{- end }} - volumes: - - name: config-volume - {{- if empty .Values.alertmanager.configFromSecret }} - configMap: - name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- else }} - secret: - secretName: {{ .Values.alertmanager.configFromSecret }} - {{- end }} - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - - name: storage-volume - {{- if .Values.alertmanager.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml deleted file mode 100644 index 174c9255d..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.alertmanager.fullname" . }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - annotations: -{{- if .Values.alertmanager.podSecurityPolicy.annotations }} -{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'secret' - allowedHostPaths: - - pathPrefix: /etc - readOnly: true - - pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: true -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pvc.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pvc.yaml deleted file mode 100644 index 71c9ce79e..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if not .Values.alertmanager.statefulSet.enabled -}} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}} -{{- if not .Values.alertmanager.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.alertmanager.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - accessModes: -{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }} -{{- if .Values.alertmanager.persistentVolume.storageClass }} -{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.alertmanager.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.alertmanager.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.alertmanager.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service.yaml deleted file mode 100644 index d6c19a9c1..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.alertmanager.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.alertmanager.service.annotations }} - annotations: -{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- if .Values.alertmanager.service.labels }} -{{ toYaml .Values.alertmanager.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: -{{- if .Values.alertmanager.service.clusterIP }} - clusterIP: {{ .Values.alertmanager.service.clusterIP }} -{{- end }} -{{- if .Values.alertmanager.service.externalIPs }} - externalIPs: -{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} -{{- end }} -{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.alertmanager.service.servicePort }} - protocol: TCP - targetPort: 9093 - {{- if .Values.alertmanager.service.nodePort }} - nodePort: {{ .Values.alertmanager.service.nodePort }} - {{- end }} -{{- if .Values.alertmanager.service.enableMeshPeer }} - - name: meshpeer - port: 6783 - protocol: TCP - targetPort: 6783 -{{- end }} - selector: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} -{{- if .Values.alertmanager.service.sessionAffinity }} - sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }} -{{- end }} - type: "{{ .Values.alertmanager.service.type }}" -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-statefulset.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-statefulset.yaml deleted file mode 100644 index 5f191382c..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-statefulset.yaml +++ /dev/null @@ -1,155 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless - selector: - matchLabels: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} - replicas: {{ .Values.alertmanager.replicaCount }} - podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }} - template: - metadata: - {{- if .Values.alertmanager.podAnnotations }} - annotations: -{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 8 }} - spec: -{{- if .Values.alertmanager.affinity }} - affinity: -{{ toYaml .Values.alertmanager.affinity | indent 8 }} -{{- end }} -{{- if .Values.alertmanager.schedulerName }} - schedulerName: "{{ .Values.alertmanager.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} -{{- if .Values.alertmanager.priorityClassName }} - priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} - image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" - env: - {{- range $key, $value := .Values.alertmanager.extraEnv }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - args: - - --config.file=/etc/config/alertmanager.yml - - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} - - --cluster.advertise-address=$(POD_IP):6783 - {{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} - - --cluster.listen-address=0.0.0.0:6783 - {{- range $n := until (.Values.alertmanager.replicaCount | int) }} - - --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783 - {{- end }} - {{- end }} - {{- range $key, $value := .Values.alertmanager.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.alertmanager.baseURL }} - - --web.external-url={{ .Values.alertmanager.baseURL }} - {{- end }} - - ports: - - containerPort: 9093 - readinessProbe: - httpGet: - path: {{ .Values.alertmanager.prefixURL }}/#/status - port: 9093 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: -{{ toYaml .Values.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" - subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.configmapReload.alertmanager.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} - image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" - args: - - --watched-dir=/etc/config - - --reload-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload - resources: -{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.alertmanager.nodeSelector }} - nodeSelector: -{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.securityContext }} - securityContext: -{{ toYaml .Values.alertmanager.securityContext | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.tolerations }} - tolerations: -{{ toYaml .Values.alertmanager.tolerations | indent 8 }} - {{- end }} - volumes: - - name: config-volume - configMap: - name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} -{{- if .Values.alertmanager.persistentVolume.enabled }} - volumeClaimTemplates: - - metadata: - name: storage-volume - {{- if .Values.alertmanager.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }} - {{- end }} - spec: - accessModes: -{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }} - resources: - requests: - storage: "{{ .Values.alertmanager.persistentVolume.size }}" - {{- if .Values.server.persistentVolume.storageClass }} - {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" - {{- end }} - {{- end }} -{{- else }} - - name: storage-volume - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml deleted file mode 100644 index 0b01b6063..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml +++ /dev/null @@ -1,133 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.nodeExporter.enabled -}} -apiVersion: {{ template "prometheus.daemonset.apiVersion" . }} -kind: DaemonSet -metadata: -{{- if .Values.nodeExporter.deploymentAnnotations }} - annotations: -{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - name: {{ template "prometheus.nodeExporter.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - {{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }} - {{- if .Values.nodeExporter.updateStrategy }} - updateStrategy: -{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.nodeExporter.podAnnotations }} - annotations: -{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 8 }} -{{- if .Values.nodeExporter.pod.labels }} -{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }} -{{- end }} - spec: -{{- if .Values.nodeExporter.affinity }} - affinity: -{{ toYaml .Values.nodeExporter.affinity | indent 8 }} -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }} -{{- if .Values.nodeExporter.dnsPolicy }} - dnsPolicy: "{{ .Values.nodeExporter.dnsPolicy }}" -{{- end }} -{{- if .Values.nodeExporter.priorityClassName }} - priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }} - image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}" - imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}" - args: - - --path.procfs=/host/proc - - --path.sysfs=/host/sys - {{- if .Values.nodeExporter.hostNetwork }} - - --web.listen-address=:{{ .Values.nodeExporter.service.hostPort }} - {{- end }} - {{- range $key, $value := .Values.nodeExporter.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - ports: - - name: metrics - {{- if .Values.nodeExporter.hostNetwork }} - containerPort: {{ .Values.nodeExporter.service.hostPort }} - {{- else }} - containerPort: 9100 - {{- end }} - hostPort: {{ .Values.nodeExporter.service.hostPort }} - resources: -{{ toYaml .Values.nodeExporter.resources | indent 12 }} - volumeMounts: - - name: proc - mountPath: /host/proc - readOnly: true - - name: sys - mountPath: /host/sys - readOnly: true - {{- range .Values.nodeExporter.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- if .mountPropagation }} - mountPropagation: {{ .mountPropagation }} - {{- end }} - {{- end }} - {{- range .Values.nodeExporter.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.nodeExporter.hostNetwork }} - hostNetwork: true - {{- end }} - {{- if .Values.nodeExporter.hostPID }} - hostPID: true - {{- end }} - {{- if .Values.nodeExporter.tolerations }} - tolerations: -{{ toYaml .Values.nodeExporter.tolerations | indent 8 }} - {{- end }} - {{- if .Values.nodeExporter.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.nodeExporter.securityContext }} - securityContext: -{{ toYaml .Values.nodeExporter.securityContext | indent 8 }} - {{- end }} - volumes: - - name: proc - hostPath: - path: /proc - - name: sys - hostPath: - path: /sys - {{- range .Values.nodeExporter.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.nodeExporter.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml deleted file mode 100644 index a246b5881..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - annotations: -{{- if .Values.nodeExporter.podSecurityPolicy.annotations }} -{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'hostPath' - - 'secret' - allowedHostPaths: - - pathPrefix: /proc - readOnly: true - - pathPrefix: /sys - readOnly: true - {{- range .Values.nodeExporter.extraHostPathMounts }} - - pathPrefix: {{ .hostPath }} - readOnly: {{ .readOnly }} - {{- end }} - hostNetwork: {{ .Values.nodeExporter.hostNetwork }} - hostPID: {{ .Values.nodeExporter.hostPID }} - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - hostPorts: - - min: 1 - max: 65535 -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-role.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-role.yaml deleted file mode 100644 index a037eaa84..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "prometheus.nodeExporter.fullname" . }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-rolebinding.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-rolebinding.yaml deleted file mode 100644 index fb39ab64f..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ template "prometheus.nodeExporter.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: -- kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml deleted file mode 100644 index ee823bfd9..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.nodeExporter.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.nodeExporter.service.annotations }} - annotations: -{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} -{{- if .Values.nodeExporter.service.labels }} -{{ toYaml .Values.nodeExporter.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.nodeExporter.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: -{{- if .Values.nodeExporter.service.clusterIP }} - clusterIP: {{ .Values.nodeExporter.service.clusterIP }} -{{- end }} -{{- if .Values.nodeExporter.service.externalIPs }} - externalIPs: -{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.nodeExporter.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }} -{{- end }} -{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: metrics - port: {{ .Values.nodeExporter.service.servicePort }} - protocol: TCP - {{- if .Values.nodeExporter.hostNetwork }} - targetPort: {{ .Values.nodeExporter.service.hostPort }} - {{- else }} - targetPort: 9100 - {{- end }} - selector: - {{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }} - type: "{{ .Values.nodeExporter.service.type }}" -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-clusterrole.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-clusterrole.yaml deleted file mode 100644 index de5f3f2be..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.pushgateway.fullname" . }} -{{- else }} - [] -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml deleted file mode 100644 index 1fc32369a..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.pushgateway" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "prometheus.pushgateway.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-deployment.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-deployment.yaml deleted file mode 100644 index b680167be..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-deployment.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.enabled -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - selector: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - matchLabels: - {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} - replicas: {{ .Values.pushgateway.replicaCount }} - {{- if .Values.pushgateway.strategy }} - strategy: -{{ toYaml .Values.pushgateway.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.pushgateway.podAnnotations }} - annotations: -{{ toYaml .Values.pushgateway.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 8 }} - spec: - serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }} -{{- if .Values.pushgateway.priorityClassName }} - priorityClassName: "{{ .Values.pushgateway.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }} - image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}" - imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}" - args: - {{- range $key, $value := .Values.pushgateway.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - ports: - - containerPort: 9091 - livenessProbe: - httpGet: - {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} - path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy - {{- else }} - path: /-/healthy - {{- end }} - port: 9091 - initialDelaySeconds: 10 - timeoutSeconds: 10 - readinessProbe: - httpGet: - {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} - path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready - {{- else }} - path: /-/ready - {{- end }} - port: 9091 - initialDelaySeconds: 10 - timeoutSeconds: 10 - resources: -{{ toYaml .Values.pushgateway.resources | indent 12 }} - {{- if .Values.pushgateway.persistentVolume.enabled }} - volumeMounts: - - name: storage-volume - mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}" - subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}" - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.pushgateway.nodeSelector }} - nodeSelector: -{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.securityContext }} - securityContext: -{{ toYaml .Values.pushgateway.securityContext | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.tolerations }} - tolerations: -{{ toYaml .Values.pushgateway.tolerations | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.affinity }} - affinity: -{{ toYaml .Values.pushgateway.affinity | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.persistentVolume.enabled }} - volumes: - - name: storage-volume - persistentVolumeClaim: - claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }} - {{- end -}} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml deleted file mode 100644 index 5078abbf9..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.pushgateway.fullname" . }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - annotations: -{{- if .Values.pushgateway.podSecurityPolicy.annotations }} -{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'persistentVolumeClaim' - - 'secret' - allowedHostPaths: - - pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: true -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pvc.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pvc.yaml deleted file mode 100644 index 89d14ec0b..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.enabled -}} -{{- if .Values.pushgateway.persistentVolume.enabled -}} -{{- if not .Values.pushgateway.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.pushgateway.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - accessModes: -{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }} -{{- if .Values.pushgateway.persistentVolume.storageClass }} -{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.pushgateway.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.pushgateway.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.pushgateway.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{ end }} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-service.yaml deleted file mode 100644 index 864e0beb9..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.pushgateway.service.annotations }} - annotations: -{{ toYaml .Values.pushgateway.service.annotations | indent 4}} -{{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} -{{- if .Values.pushgateway.service.labels }} -{{ toYaml .Values.pushgateway.service.labels | indent 4}} -{{- end }} - name: {{ template "prometheus.pushgateway.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: -{{- if .Values.pushgateway.service.clusterIP }} - clusterIP: {{ .Values.pushgateway.service.clusterIP }} -{{- end }} -{{- if .Values.pushgateway.service.externalIPs }} - externalIPs: -{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.pushgateway.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }} -{{- end }} -{{- if .Values.pushgateway.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.pushgateway.service.servicePort }} - protocol: TCP - targetPort: 9091 - selector: - {{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }} - type: "{{ .Values.pushgateway.service.type }}" -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-deployment.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-deployment.yaml deleted file mode 100644 index 9c6d2fa46..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-deployment.yaml +++ /dev/null @@ -1,256 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if not .Values.server.statefulSet.enabled -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: -{{- if .Values.server.deploymentAnnotations }} - annotations: -{{ toYaml .Values.server.deploymentAnnotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 6 }} - replicas: {{ .Values.server.replicaCount }} - {{- if .Values.server.strategy }} - strategy: -{{ toYaml .Values.server.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 8 }} - {{- if .Values.server.podLabels}} - {{ toYaml .Values.server.podLabels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.server.priorityClassName }} - priorityClassName: "{{ .Values.server.priorityClassName }}" -{{- end }} -{{- if .Values.server.schedulerName }} - schedulerName: "{{ .Values.server.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} - {{- if .Values.server.extraInitContainers }} - initContainers: -{{ toYaml .Values.server.extraInitContainers | indent 8 }} - {{- end }} - containers: - {{- if .Values.configmapReload.prometheus.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" - args: - - --watched-dir=/etc/config - - --reload-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload - {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} - - --watched-dir={{ . }} - {{- end }} - resources: - {{- toYaml .Values.configmapReload.prometheus.resources | nindent 12 }} - securityContext: - {{- if .Values.global.containerSecurityContext }} - {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} - {{- else if .Values.global.containerSecurityContext }} - {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} - {{- else }} - securityContext: - {{- toYaml .Values.configmapReload.prometheus.containerSecurityContext | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.selfsignedCertConfigMapName }} - - name: {{ .Values.selfsignedCertConfigMapName }} - mountPath: /etc/ssl/certs/my-cert.pem - subPath: my-cert.pem - readOnly: false - {{- end }} - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- end }} - - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} - image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" - imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" - {{- if .Values.server.env }} - env: -{{ toYaml .Values.server.env | indent 12}} - {{- end }} - args: - {{- if .Values.server.retention }} - - --storage.tsdb.retention.time={{ .Values.server.retention }} - {{- end }} - {{- if .Values.server.retentionSize }} - - --storage.tsdb.retention.size={{ .Values.server.retentionSize }} - {{- end }} - - --config.file={{ .Values.server.configPath }} - - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} - - --web.console.libraries=/etc/prometheus/console_libraries - - --web.console.templates=/etc/prometheus/consoles - {{- range .Values.server.extraFlags }} - - --{{ . }} - {{- end }} - {{- if .Values.server.baseURL }} - - --web.external-url={{ .Values.server.baseURL }} - {{- end }} - - {{- range $key, $value := .Values.server.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - ports: - - containerPort: 9090 - readinessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/ready - port: 9090 - initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} - failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }} - successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }} - livenessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/healthy - port: 9090 - initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} - failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }} - successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }} - resources: - {{- toYaml .Values.server.resources | nindent 12 }} - securityContext: - {{- if .Values.global.containerSecurityContext }} - {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} - {{- else }} - {{- toYaml .Values.server.prometheus.containerSecurityContext | nindent 12 }} - {{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: {{ .Values.server.persistentVolume.mountPath }} - subPath: "{{ .Values.server.persistentVolume.subPath }}" - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.server.extraVolumeMounts }} - {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecarContainers }} - {{- toYaml .Values.server.sidecarContainers | nindent 8 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 0 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.server.securityContext }} - securityContext: - {{- if not .Values.server.securityContext.fsGroup }} - fsGroupChangePolicy: OnRootMismatch - fsGroup: 1001 - {{- end }} - {{- toYaml .Values.server.securityContext | nindent 8 }} - {{- else if and (.Values.global.platforms.openshift.enabled) (.Values.global.platforms.openshift.securityContext) }} - securityContext: - {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }} - {{- else if .Values.global.securityContext }} - securityContext: - {{- toYaml .Values.global.securityContext | nindent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{ toYaml .Values.server.tolerations | indent 8 }} - {{- end }} - {{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - volumes: - {{- if .Values.selfsignedCertConfigMapName }} - - name: {{ .Values.selfsignedCertConfigMapName }} - configMap: - name: {{ .Values.selfsignedCertConfigMapName }} - {{- end }} - - name: config-volume - configMap: - name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - - name: storage-volume - {{- if .Values.server.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - {{- else }} - emptyDir: - {{- if .Values.server.emptyDir.sizeLimit }} - sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} - {{- else }} - {} - {{- end -}} - {{- end -}} -{{- if .Values.server.extraVolumes }} -{{ toYaml .Values.server.extraVolumes | indent 8}} -{{- end }} - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ tpl .secretName $ }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-ingress.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-ingress.yaml deleted file mode 100644 index 5781b81c1..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-ingress.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.ingress.enabled -}} -{{- $releaseName := .Release.Name -}} -{{- $serviceName := include "prometheus.server.fullname" . }} -{{- $servicePort := .Values.server.service.servicePort -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $apiV1 := false -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- $apiV1 = true -}} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: -{{- if .Values.server.ingress.annotations }} - annotations: -{{ toYaml .Values.server.ingress.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -{{- range $key, $value := .Values.server.ingress.extraLabels }} - {{ $key }}: {{ $value }} -{{- end }} - name: {{ template "prometheus.server.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - rules: - {{- range .Values.server.ingress.hosts }} - {{- $url := splitList "/" . }} - - host: {{ first $url }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- if $apiV1 }} - - path: /{{ rest $url | join "/" }} - pathType: {{ $pathType }} - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - - path: /{{ rest $url | join "/" }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} -{{- if .Values.server.ingress.tls }} - tls: -{{ toYaml .Values.server.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-podsecuritypolicy.yaml deleted file mode 100644 index f9fc538a4..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-podsecuritypolicy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.server.fullname" . }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - annotations: -{{- if .Values.server.podSecurityPolicy.annotations }} -{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - allowedCapabilities: - - 'CHOWN' - volumes: - - 'configMap' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'secret' - - 'hostPath' - allowedHostPaths: - - pathPrefix: /etc - readOnly: true - - pathPrefix: {{ .Values.server.persistentVolume.mountPath }} - {{- range .Values.server.extraHostPathMounts }} - - pathPrefix: {{ .hostPath }} - readOnly: {{ .readOnly }} - {{- end }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pvc.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pvc.yaml deleted file mode 100644 index 7afb54aed..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pvc.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if not .Values.server.statefulSet.enabled -}} -{{- if .Values.server.persistentVolume.enabled -}} -{{- if not .Values.server.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.server.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - accessModes: -{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }} -{{- if .Values.server.persistentVolume.storageClass }} -{{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.server.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.server.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.server.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service.yaml deleted file mode 100644 index da7eac7f9..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.server.service.annotations }} - annotations: -{{ toYaml .Values.server.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -{{- if .Values.server.service.labels }} -{{ toYaml .Values.server.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.server.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: -{{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} -{{- end }} -{{- if .Values.server.service.externalIPs }} - externalIPs: -{{ toYaml .Values.server.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.server.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP }} -{{- end }} -{{- if .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.server.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.server.service.servicePort }} - protocol: TCP - targetPort: 9090 - {{- if .Values.server.service.nodePort }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - {{- if .Values.server.service.gRPC.enabled }} - - name: grpc - port: {{ .Values.server.service.gRPC.servicePort }} - protocol: TCP - targetPort: 10901 - {{- if .Values.server.service.gRPC.nodePort }} - nodePort: {{ .Values.server.service.gRPC.nodePort }} - {{- end }} - {{- end }} - selector: - {{- if and .Values.server.statefulSet.enabled .Values.server.service.statefulsetReplica.enabled }} - statefulset.kubernetes.io/pod-name: {{ .Release.Name }}-{{ .Values.server.name }}-{{ .Values.server.service.statefulsetReplica.replica }} - {{- else -}} - {{- include "prometheus.server.matchLabels" . | nindent 4 }} -{{- if .Values.server.service.sessionAffinity }} - sessionAffinity: {{ .Values.server.service.sessionAffinity }} -{{- end }} - {{- end }} - type: "{{ .Values.server.service.type }}" -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml deleted file mode 100644 index 37ac3d80b..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml +++ /dev/null @@ -1,225 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.statefulSet.enabled -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: -{{- if .Values.server.statefulSet.annotations }} - annotations: -{{ toYaml .Values.server.statefulSet.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - {{- if .Values.server.statefulSet.labels}} - {{ toYaml .Values.server.statefulSet.labels | nindent 4 }} - {{- end}} - name: {{ template "prometheus.server.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - serviceName: {{ template "prometheus.server.fullname" . }}-headless - selector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 6 }} - replicas: {{ .Values.server.replicaCount }} - podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }} - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 8 }} - {{- if .Values.server.statefulSet.labels}} - {{ toYaml .Values.server.statefulSet.labels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} -{{- end }} -{{- if .Values.server.priorityClassName }} - priorityClassName: "{{ .Values.server.priorityClassName }}" -{{- end }} -{{- if .Values.server.schedulerName }} - schedulerName: "{{ .Values.server.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} - containers: - {{- if .Values.configmapReload.prometheus.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" - args: - - --watched-dir=/etc/config - - --reload-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload - {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} - - --watched-dir={{ . }} - {{- end }} - resources: -{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- end }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} - image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" - imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" - {{- if .Values.server.env }} - env: -{{ toYaml .Values.server.env | indent 12}} - {{- end }} - args: - {{- if .Values.server.retention }} - - --storage.tsdb.retention.time={{ .Values.server.retention }} - {{- end }} - - --config.file={{ .Values.server.configPath }} - - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} - - --web.console.libraries=/etc/prometheus/console_libraries - - --web.console.templates=/etc/prometheus/consoles - {{- range .Values.server.extraFlags }} - - --{{ . }} - {{- end }} - {{- range $key, $value := .Values.server.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.server.baseURL }} - - --web.external-url={{ .Values.server.baseURL }} - {{- end }} - ports: - - containerPort: 9090 - readinessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/ready - port: 9090 - initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} - livenessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/healthy - port: 9090 - initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} - resources: -{{ toYaml .Values.server.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: {{ .Values.server.persistentVolume.mountPath }} - subPath: "{{ .Values.server.persistentVolume.subPath }}" - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.server.extraVolumeMounts }} - {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecarContainers }} - {{- toYaml .Values.server.sidecarContainers | nindent 8 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: -{{ toYaml .Values.server.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.server.securityContext }} - securityContext: -{{ toYaml .Values.server.securityContext | indent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{ toYaml .Values.server.tolerations | indent 8 }} - {{- end }} - {{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - volumes: - - name: config-volume - configMap: - name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} -{{- if .Values.server.extraVolumes }} -{{ toYaml .Values.server.extraVolumes | indent 8}} -{{- end }} -{{- if .Values.server.persistentVolume.enabled }} - volumeClaimTemplates: - - metadata: - name: storage-volume - {{- if .Values.server.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }} - {{- end }} - spec: - accessModes: -{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }} - resources: - requests: - storage: "{{ .Values.server.persistentVolume.size }}" - {{- if .Values.server.persistentVolume.storageClass }} - {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" - {{- end }} - {{- end }} -{{- else }} - - name: storage-volume - emptyDir: {} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-vpa.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-vpa.yaml deleted file mode 100644 index 854d02db2..000000000 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-vpa.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.verticalAutoscaler.enabled -}} -apiVersion: autoscaling.k8s.io/v1beta2 -kind: VerticalPodAutoscaler -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }}-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: -{{- if .Values.server.statefulSet.enabled }} - apiVersion: "apps/v1" - kind: StatefulSet -{{- else }} - apiVersion: "extensions/v1beta1" - kind: Deployment -{{- end }} - name: {{ template "prometheus.server.fullname" . }} - updatePolicy: - updateMode: {{ .Values.server.verticalAutoscaler.updateMode | default "Off" | quote }} - resourcePolicy: - containerPolicies: {{ .Values.server.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }} -{{- end -}} {{/* if .Values.server.verticalAutoscaler.enabled */}} -{{- end -}} {{/* .Values.server.enabled */}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/.helmignore b/charts/kubecost/cost-analyzer/charts/thanos/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/kubecost/cost-analyzer/charts/thanos/Chart.yaml b/charts/kubecost/cost-analyzer/charts/thanos/Chart.yaml deleted file mode 100644 index 5c5c39c18..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 0.29.0 -description: Thanos is a set of components that can be composed into a highly available - metric system with unlimited storage capacity, which can be added seamlessly on - top of existing Prometheus deployments. -icon: https://raw.githubusercontent.com/thanos-io/thanos/master/website/static/Thanos-logo_full.svg -keywords: -- thanos -- prometheus -- metrics -maintainers: -- email: info@banzaicloud.com - name: Banzai Cloud -name: thanos -sources: -- https://github.com/thanos-io/thanos -- https://github.com/banzaicloud/banzai-charts/tree/master/thanos -version: 0.29.0 diff --git a/charts/kubecost/cost-analyzer/charts/thanos/requirements.yaml b/charts/kubecost/cost-analyzer/charts/thanos/requirements.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/NOTES.txt b/charts/kubecost/cost-analyzer/charts/thanos/templates/NOTES.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/charts/thanos/templates/_helpers.tpl deleted file mode 100644 index 7b5fb57d8..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/_helpers.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "thanos.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "thanos.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "thanos.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Create a default fully qualified component name from the full app name and a component name. -We truncate the full name at 63 - 1 (last dash) - len(component name) chars because some Kubernetes name fields are limited to this (by the DNS naming spec) -and we want to make sure that the component is included in the name. -*/}} -{{- define "thanos.componentname" -}} -{{- $global := index . 0 -}} -{{- $component := index . 1 | trimPrefix "-" -}} -{{- printf "%s-%s" (include "thanos.fullname" $global | trunc (sub 62 (len $component) | int) | trimSuffix "-" ) $component | trimSuffix "-" -}} -{{- end -}} - -{{/* - -*/}} -{{- define "thanos.secretname" }} -{{- default (include "thanos.name" .) .Values.storeSecretName }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-deployment.yaml deleted file mode 100644 index e6d6f6a4c..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-deployment.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.bucket.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end -}} - {{- with .Values.bucket.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.bucket.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} -{{ with .Values.bucket.deploymentStrategy }} - strategy: {{ toYaml . | nindent 4 }} -{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.bucket.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: thanos-bucket - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{- with .Values.bucket.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} - args: - - "tools" - - "bucket" - - "web" - - "--log.level={{ .Values.bucket.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.bucket.http.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - {{- if .Values.bucket.refresh }} - - "--refresh={{ .Values.bucket.refresh }}" - {{- end }} - {{- if .Values.bucket.timeout }} - - "--timeout={{ .Values.bucket.timeout }}" - {{- end }} - {{- if .Values.bucket.label }} - - "--label={{ .Values.bucket.label }}" - {{- end }} - {{ with .Values.bucket.extraArgs }}{{ toYaml . | nindent 8 }}{{- end }} - ports: - - name: http - containerPort: {{ .Values.bucket.http.port }} - volumeMounts: - {{- if .Values.bucket.selfsignedCertConfigMapName }} - - name: {{ .Values.bucket.selfsignedCertConfigMapName }} - mountPath: /etc/ssl/certs/my-cert.pem - subPath: my-cert.pem - readOnly: false - {{- end }} - - name: config-volume - mountPath: /etc/config - readOnly: true - resources: {{ toYaml .Values.bucket.resources | nindent 10 }} - volumes: - {{- if .Values.bucket.selfsignedCertConfigMapName }} - - name: {{ .Values.bucket.selfsignedCertConfigMapName }} - configMap: - name: {{ .Values.bucket.selfsignedCertConfigMapName }} - {{- end }} - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- with .Values.bucket.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml deleted file mode 100644 index fc0face08..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if and .Values.bucket.enabled .Values.bucket.http.ingress.enabled }} -{{- $apiV1 := false -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- $apiV1 = true -}} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - namespace: {{ .Release.Namespace }} - {{- with .Values.bucket.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket - {{- if .Values.bucket.http.ingress.labels }} -{{ toYaml .Values.bucket.http.ingress.labels | indent 4 }} - {{- end }} -spec: -{{- if .Values.bucket.http.ingress.className }} - ingressClassName: {{ .Values.ingress.bucket.http.className }} -{{- end }} - {{- if .Values.bucket.http.ingress.tls }} - tls: - {{- range .Values.bucket.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.bucket.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $apiV1 }} - - path: {{ $.Values.bucket.http.ingress.path }} - pathType: {{ $.Values.bucket.http.ingress.pathType }} - backend: - service: - name: {{ include "thanos.componentname" (list $ "bucket") }} - port: - number: {{ $.Values.bucket.http.port }} - {{- else }} - - path: {{ $.Values.bucket.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "bucket") }} - servicePort: {{ $.Values.bucket.http.port }} - {{- end }} - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-poddisruptionbudget.yaml deleted file mode 100644 index 418a48d2c..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.bucket.enabled .Values.bucket.podDisruptionBudget.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1" -}} -apiVersion: policy/v1 -{{- else}} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.bucket.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.bucket.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.bucket.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.bucket.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: bucket -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-service.yaml deleted file mode 100644 index 9b656eb2a..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.bucket.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - namespace: {{ .Release.Namespace }} - {{- with .Values.bucket.http.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - ports: - - port: {{ .Values.bucket.http.port }} - protocol: TCP - targetPort: http - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-deployment.yaml deleted file mode 100644 index 8bcb5b4ac..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-deployment.yaml +++ /dev/null @@ -1,129 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.compact.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end -}} - {{- with .Values.compact.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.compact.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} -{{ with .Values.compact.deploymentStrategy }} - strategy: {{ toYaml . | nindent 4 }} -{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.compact.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.compact.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.compact.http.port }}" - {{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: thanos-compact - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{- with .Values.compact.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} - args: - - "compact" - - "--log.level={{ .Values.compact.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.compact.http.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - - "--data-dir=/var/thanos/compact" - - "--consistency-delay={{ .Values.compact.consistencyDelay }}" - - "--retention.resolution-raw={{ .Values.compact.retentionResolutionRaw }}" - - "--retention.resolution-5m={{ .Values.compact.retentionResolution5m }}" - - "--retention.resolution-1h={{ .Values.compact.retentionResolution1h }}" - - "--compact.concurrency={{ .Values.compact.compactConcurrency }}" -{{- if .Values.compact.disableDownsampling }} - - "--downsampling.disable" -{{- end }} - - "--wait" -{{ with .Values.compact.extraArgs }}{{ toYaml . | indent 8 }}{{- end }} - ports: - - name: http - containerPort: {{ .Values.compact.http.port }} - volumeMounts: - {{- if .Values.compact.selfsignedCertConfigMapName }} - - name: {{ .Values.compact.selfsignedCertConfigMapName }} - mountPath: /etc/ssl/certs/my-cert.pem - subPath: my-cert.pem - readOnly: false - {{- end }} - - name: config-volume - mountPath: /etc/config - readOnly: true - - name: data-volume - mountPath: /var/thanos/compact - resources: {{ toYaml .Values.compact.resources | nindent 10 }} - volumes: - {{- if .Values.compact.selfsignedCertConfigMapName }} - - name: {{ .Values.compact.selfsignedCertConfigMapName }} - configMap: - name: {{ .Values.compact.selfsignedCertConfigMapName }} - {{- end }} - - name: data-volume - {{- if .Values.compact.dataVolume }} - {{- if .Values.compact.dataVolume.persistentVolumeClaim }} - {{- if .Values.compact.dataVolume.persistentVolumeClaim.claimName }} - persistentVolumeClaim: - claimName: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- with .Values.compact.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-pvc.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-pvc.yaml deleted file mode 100644 index 61fb72844..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-pvc.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.compact.enabled }} -{{- if .Values.compact.dataVolume -}} -{{- if .Values.compact.dataVolume.persistentVolumeClaim -}} -{{- if .Values.compact.dataVolume.persistentVolumeClaim.claimName -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} - namespace: {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteOnce - {{- if .Values.compact.dataVolume.persistentVolumeClaim.storageClass }} - storageClassName: {{ .Values.compact.dataVolume.persistentVolumeClaim.storageClass }} - {{- end }} - resources: - requests: - {{- if .Values.compact.dataVolume.persistentVolumeClaim.storage }} - storage: {{ .Values.compact.dataVolume.persistentVolumeClaim.storage }} - {{- else }} - storage: 100Gi - {{- end }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-service.yaml deleted file mode 100644 index 1cdb1e8f1..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.compact.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - namespace: {{ .Release.Namespace }} - {{- with .Values.compact.http.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - ports: - - port: {{ .Values.compact.http.port }} - protocol: TCP - targetPort: http - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{ end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-servicemonitor.yaml deleted file mode 100644 index 025d093f6..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.compact.enabled .Values.compact.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-compact - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.compact.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.compact.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-deployment.yaml deleted file mode 100644 index 5cf998151..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-deployment.yaml +++ /dev/null @@ -1,159 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.query.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.query.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if not .Values.query.autoscaling.enabled }} - replicas: {{ .Values.query.replicaCount | default 1 }} -{{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} -{{ with .Values.query.deploymentStrategy }} - strategy: {{ toYaml . | nindent 4 }} -{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.query.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.query.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.query.http.port }}" - {{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: thanos-query - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "query" - - "--log.level={{ .Values.query.logLevel }}" - - "--grpc-address=0.0.0.0:{{ .Values.query.grpc.port }}" - - "--http-address=0.0.0.0:{{ .Values.query.http.port }}" - - "--query.timeout={{ .Values.query.timeout }}" - - "--query.max-concurrent={{ .Values.query.maxConcurrent }}" - {{- if .Values.query.autoDownsampling }} - - "--query.auto-downsampling" - {{- end }} - {{- if .Values.query.replicaLabel }} - - "--query.replica-label={{ .Values.query.replicaLabel }}" - {{- end }} - {{- if .Values.query.webRoutePrefix }} - - "--web.route-prefix={{ .Values.query.webRoutePrefix }}" - {{- end }} - {{- if .Values.query.webExternalPrefix }} - - "--web.external-prefix={{ .Values.query.webExternalPrefix }}" - {{- end }} - {{- if .Values.query.webPrefixHeader }} - - "--web.prefix-header={{ .Values.query.webPrefixHeader }}" - {{- end }} - {{- if .Values.query.storeDNSResolver }} - - "--store.sd-dns-resolver={{ .Values.query.storeDNSResolver }}" - {{- end }} - {{- if .Values.query.storeDNSDiscovery }} - - "--store=dnssrv+_grpc._tcp.{{ include "thanos.componentname" (list $ "store") }}-grpc.{{ .Release.Namespace }}.svc" - {{- end }} - {{- if .Values.query.sidecarDNSDiscovery }} - - "--store=dnssrv+_grpc._tcp.{{ include "thanos.componentname" (list $ "sidecar") }}-grpc.{{ .Release.Namespace }}.svc" - {{- end }} - {{- range .Values.query.stores }} - - "--endpoint={{ . }}" - {{- end }} - {{- range .Values.query.serviceDiscoveryFiles }} - - "--store.sd-files={{ . }}" - {{- end }} - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - "--store.sd-files=/etc/query/{{ . }}/*.yaml" - - "--store.sd-files=/etc/query/{{ . }}/*.yml" - - "--store.sd-files=/etc/query/{{ . }}/*.json" - {{- end }} - {{- if .Values.query.serviceDiscoveryInterval }} - - "--store.sd-interval={{ .Values.query.serviceDiscoveryInterval }}" - {{- end }} - - {{- if .Values.query.extraArgs }} - {{ toYaml .Values.query.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.query.http.port }} - - name: grpc - containerPort: {{ .Values.query.grpc.port }} - resources: - {{ toYaml .Values.query.resources | nindent 10 }} - env: - {{- toYaml .Values.query.extraEnv | nindent 10 }} - volumeMounts: - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - mountPath: /etc/query/{{ . }} - name: {{ . }} - {{- end }} - {{- if .Values.query.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.query.certSecretName }} - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - volumes: - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - name: {{ . }} - configMap: - defaultMode: 420 - name: {{ . }} - {{- end }} - {{- if .Values.query.certSecretName }} - - name: {{ .Values.query.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.query.certSecretName }} - {{- end }} - {{- with .Values.query.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-deployment.yaml deleted file mode 100644 index dd993ba4a..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-deployment.yaml +++ /dev/null @@ -1,151 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.queryFrontend.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.queryFrontend.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if not .Values.queryFrontend.autoscaling.enabled }} - replicas: {{ .Values.queryFrontend.replicaCount | default 1 }} -{{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} -{{ with .Values.queryFrontend.deploymentStrategy }} - strategy: {{ toYaml . | nindent 4 }} -{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.queryFrontend.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.queryFrontend.http.port }}" - {{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: thanos-query-frontend - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "query-frontend" - - "--log.level={{ .Values.queryFrontend.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.queryFrontend.http.port }}" - - "--query-frontend.downstream-url=http://{{ include "thanos.componentname" (list $ "query") }}-http.{{ .Release.Namespace }}:{{ .Values.query.http.port }}" - - "--query-range.split-interval={{ .Values.queryFrontend.splitInterval }}" - - "--query-range.max-retries-per-request={{ .Values.queryFrontend.maxRetriesPerRequest }}" - - "--query-range.max-query-length={{ .Values.queryFrontend.maxQueryLength }}" - - "--query-range.max-query-parallelism={{ .Values.queryFrontend.maxQueryParallelism }}" - - "--query-range.response-cache-max-freshness={{ .Values.queryFrontend.responseCacheMaxFreshness }}" - {{- if .Values.queryFrontend.downstreamTripper.enabled }} - {{- with .Values.queryFrontend.downstreamTripper }} - - |- - --query-frontend.downstream-tripper-config= - idle_conn_timeout: {{ quote .idleConnectionTimeout }} - response_header_timeout: {{ quote .responseHeaderTimeout }} - tls_handshake_timeout: {{ quote .tlsHandshakeTimeout }} - expect_continue_timeout: {{ quote .expectContinueTimeout }} - max_idle_conns: {{ .maxIdleConnections }} - max_idle_conns_per_host: {{ .maxIdleConnectionsPerHost }} - max_conns_per_host: {{ .maxConnectionsPerHost }} - {{- end }} - {{- else if .Values.queryFrontend.downstreamTripperConfigFile }} - - "--query-frontend.downstream-tripper-config-file={{ .Values.queryFrontend.downstreamTripperConfigFile }}" - {{- else if .Values.queryFrontend.downstreamTripperConfig }} - - |- - --query-frontend.downstream-tripper-config={{ toYaml .Values.queryFrontend.downstreamTripperConfig | nindent 12 }} - {{- end }} - {{- if .Values.queryFrontend.responseCache.enabled }} - {{- with .Values.queryFrontend.responseCache }} - - |- - --query-range.response-cache-config= - config: - max_size: {{ quote .maxSize }} - max_size_items: {{ .maxSizeItems }} - validity: {{ quote .validity }} - type: "in-memory" - {{- end }} - {{- else if .Values.queryFrontend.responseCacheConfigFile }} - - "--query-range.response-cache-config-file={{ .Values.queryFrontend.responseCacheConfigFile }}" - {{- else if .Values.queryFrontend.responseCacheConfig }} - - |- - --query-range.response-cache-config={{ toYaml .Values.queryFrontend.responseCacheConfig | nindent 12 }} - {{- end }} - {{- if .Values.queryFrontend.compressResponses }} - - "--query-frontend.compress-responses" - {{- end }} - {{- if .Values.queryFrontend.partialResponse }} - - "--query-range.partial-response" - {{- end }} - {{- if .Values.queryFrontend.extraArgs }} - {{ toYaml .Values.queryFrontend.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.queryFrontend.http.port }} - resources: - {{ toYaml .Values.queryFrontend.resources | nindent 10 }} - env: - {{- toYaml .Values.queryFrontend.extraEnv | nindent 10 }} - volumeMounts: - {{- if .Values.queryFrontend.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.queryFrontend.certSecretName }} - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - volumes: - {{- if .Values.queryFrontend.certSecretName }} - - name: {{ .Values.queryFrontend.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.queryFrontend.certSecretName }} - {{- end }} - {{- with .Values.queryFrontend.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml deleted file mode 100644 index a9da03205..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.queryFrontend.enabled }} -{{- if .Values.queryFrontend.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }} - maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }} - metrics: -{{- with .Values.queryFrontend.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.queryFrontend.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml deleted file mode 100644 index 2a9288661..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.http.ingress.enabled }} -{{- $apiV1 := false -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- $apiV1 = true -}} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend - {{- if .Values.queryFrontend.http.ingress.labels }} - {{ toYaml .Values.queryFrontend.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.queryFrontend.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.queryFrontend.http.ingress.className }} - ingressClassName: {{ .Values.ingress.queryFrontend.http.className }} -{{- end }} - {{- if .Values.queryFrontend.http.ingress.tls }} - tls: - {{- range .Values.queryFrontend.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.queryFrontend.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $apiV1 }} - - path: {{ $.Values.queryFrontend.http.ingress.path }} - pathType: {{ $.Values.queryFrontend.http.ingress.pathType }} - backend: - service: - name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - port: - number: {{ $.Values.queryFrontend.http.port }} - {{- else }} - - path: {{ $.Values.queryFrontend.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - servicePort: {{ $.Values.queryFrontend.http.port }} - {{- end }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml deleted file mode 100644 index 79d489865..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.podDisruptionBudget.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1" -}} -apiVersion: policy/v1 -{{- else}} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.queryFrontend.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.queryFrontend.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.queryFrontend.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.queryFrontend.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: query-frontend -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-service.yaml deleted file mode 100644 index a7b3d7d0f..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.queryFrontend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - namespace: {{ .Release.Namespace }} - {{- with .Values.queryFrontend.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.queryFrontend.http.service.type }} - {{- if .Values.queryFrontend.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.queryFrontend.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.queryFrontend.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-servicemonitor.yaml deleted file mode 100644 index 0da1bf8c0..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-query - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.queryFrontend.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.queryFrontend.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-horizontalpodautoscaler.yaml deleted file mode 100644 index 8f847e1a1..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-horizontalpodautoscaler.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.query.enabled }} -{{- if .Values.query.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "thanos.componentname" (list $ "query") }} - minReplicas: {{ .Values.query.autoscaling.minReplicas }} - maxReplicas: {{ .Values.query.autoscaling.maxReplicas }} - metrics: -{{- with .Values.query.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.query.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-ingress.yml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-ingress.yml deleted file mode 100644 index b4405bbe7..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-ingress.yml +++ /dev/null @@ -1,132 +0,0 @@ ---- -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.http.ingress.enabled }} -{{- $apiV1 := false -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- $apiV1 = true -}} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-http - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query - {{- if .Values.query.http.ingress.labels }} - {{ toYaml .Values.query.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.query.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.query.http.ingress.className }} - ingressClassName: {{ .Values.ingress.query.http.className }} -{{- end }} - {{- if .Values.query.http.ingress.tls }} - tls: - {{- range .Values.query.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.query.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $apiV1 }} - - path: {{ $.Values.query.http.ingress.path }} - pathType: {{ $.Values.query.http.ingress.pathType }} - backend: - service: - name: {{ include "thanos.componentname" (list $ "query") }}-http - port: - number: {{ $.Values.query.http.port }} - {{- else }} - - path: {{ $.Values.query.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query") }}-http - servicePort: {{ $.Values.query.http.port }} - {{- end }} - {{- end }} -{{- end }} - -{{- if and .Values.query.enabled .Values.query.grpc.ingress.enabled }} ---- -{{- $apiV1 := false -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- $apiV1 = true -}} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-grpc - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query - {{- if .Values.query.grpc.ingress.labels }} - {{ toYaml .Values.grpc.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.query.grpc.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.query.grpc.ingress.className }} - ingressClassName: {{ .Values.ingress.query.grpc.className }} -{{- end }} - {{- if .Values.query.grpc.ingress.tls }} - tls: - {{- range .Values.query.grpc.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.query.grpc.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $apiV1 }} - - path: {{ $.Values.query.grpc.ingress.path }} - pathType: {{ $.Values.query.grpc.ingress.pathType }} - backend: - service: - name: {{ include "thanos.componentname" (list $ "query") }}-grpc - port: - number: {{ $.Values.query.grpc.port }} - {{- else }} - - path: {{ $.Values.query.grpc.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query") }}-grpc - servicePort: {{ $.Values.query.grpc.port }} - {{- end }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-poddisruptionbudget.yaml deleted file mode 100644 index 0b6d0c3c9..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-poddisruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.podDisruptionBudget.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1" -}} -apiVersion: policy/v1 -{{- else}} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.query.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.query.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.query.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.query.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: query -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-service.yaml deleted file mode 100644 index 24d4bd939..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-service.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.query.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-grpc - namespace: {{ .Release.Namespace }} - {{- with .Values.query.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.query.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-http - {{- with .Values.query.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.query.http.service.type }} - {{- if .Values.query.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.query.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.query.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-servicemonitor.yaml deleted file mode 100644 index 27b60ba17..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-query - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.query.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.query.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-service.yaml deleted file mode 100644 index 55d5c968a..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-service.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.sidecar.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }}-grpc - namespace: {{ .Release.Namespace }} - {{- with .Values.sidecar.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.sidecar.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.sidecar.grpc.port }} - protocol: TCP - targetPort: grpc - name: grpc - selector: - app: prometheus -{{ with .Values.sidecar.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }}-http - {{- with .Values.sidecar.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.sidecar.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.sidecar.http.service.type }} - {{- if .Values.sidecar.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.sidecar.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.sidecar.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: prometheus -{{ with .Values.sidecar.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-servicemonitor.yaml deleted file mode 100644 index d826a0bf1..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.sidecar.enabled .Values.sidecar.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.sidecar.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-sidecar - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: sidecar - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.sidecar.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.sidecar.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-deployment.yaml deleted file mode 100644 index 8180c1e54..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.store.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "store") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.store.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.store.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} -{{ with .Values.store.deploymentStrategy }} - strategy: {{ toYaml . | nindent 4 }} -{{ end }} - template: - metadata: - labels: -{{ with .Values.store.labels }}{{ toYaml . | indent 8 }}{{ end }} - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store - {{- with .Values.store.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.store.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.store.http.port }}" - {{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: thanos-store - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "store" - - "--data-dir=/var/thanos/store" - - "--log.level={{ .Values.store.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.store.http.port }}" - - "--grpc-address=0.0.0.0:{{ .Values.store.grpc.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - {{- if .Values.store.indexCacheSize }} - - "--index-cache-size={{ .Values.store.indexCacheSize }}" - {{- end }} - {{- if .Values.store.chunkPoolSize }} - - "--chunk-pool-size={{ .Values.store.chunkPoolSize }}" - {{- end }} - {{- if .Values.store.grpcSeriesSampleLimit }} - - "--store.grpc.series-sample-limit={{ .Values.store.grpcSeriesSampleLimit }}" - {{- end }} - {{- if .Values.store.grpcSeriesMaxConcurrency }} - - "--store.grpc.series-max-concurrency={{ .Values.store.grpcSeriesMaxConcurrency }}" - {{- end }} - {{- if .Values.store.syncBlockDuration }} - - "--sync-block-duration={{ .Values.store.syncBlockDuration }}" - {{- end }} - {{- if .Values.store.blockSyncConcurrency }} - - "--block-sync-concurrency={{ .Values.store.blockSyncConcurrency }}" - {{- end }} - {{- if .Values.store.extraArgs }} - {{ toYaml .Values.store.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.store.http.port }} - - name: grpc - containerPort: {{ .Values.store.grpc.port }} - env: - {{- toYaml .Values.store.extraEnv | nindent 10 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- if .Values.store.selfsignedCertConfigMapName }} - - name: {{ .Values.store.selfsignedCertConfigMapName }} - mountPath: /etc/ssl/certs/my-cert.pem - subPath: my-cert.pem - readOnly: false - {{- end }} - - name: data - mountPath: /var/thanos/store - {{- if .Values.store.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.store.certSecretName }} - readOnly: true - {{- end }} - resources: - {{ toYaml .Values.store.resources | nindent 10 }} - volumes: - - name: data - {{- if .Values.store.dataVolume }} - {{- if .Values.store.dataVolume.persistentVolumeClaim }} - {{- if .Values.store.dataVolume.persistentVolumeClaim.claimName }} - persistentVolumeClaim: - claimName: {{ .Values.store.dataVolume.persistentVolumeClaim.claimName }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- if .Values.store.selfsignedCertConfigMapName }} - - name: {{ .Values.store.selfsignedCertConfigMapName }} - configMap: - name: {{ .Values.store.selfsignedCertConfigMapName }} - {{- end }} - {{- if .Values.store.certSecretName }} - - name: {{ .Values.store.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.store.certSecretName }} - {{- end }} - {{- with .Values.store.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-ingress.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-ingress.yaml deleted file mode 100644 index 43d3c6e1d..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-ingress.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.store.enabled .Values.store.http.ingress.enabled }} -{{- $apiV1 := false -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- $apiV1 = true -}} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-http - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store - {{- if .Values.store.http.ingress.labels }} - {{ toYaml .Values.store.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.store.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.store.http.ingress.className }} - ingressClassName: {{ .Values.ingress.store.http.className }} -{{- end }} - {{- if .Values.store.http.ingress.tls }} - tls: - {{- range .Values.store.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.store.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $apiV1 }} - - path: {{ $.Values.store.http.ingress.path }} - pathType: {{ .Values.store.http.ingress.pathType }} - backend: - service: - name: {{ include "thanos.componentname" (list $ "store") }}-http - port: - number: {{ $.Values.store.http.port }} - {{- else }} - - path: {{ $.Values.store.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "store") }}-http - servicePort: {{ $.Values.store.http.port }} - {{- end }} - {{- end }} -{{- end }} - ---- - - {{- if and .Values.store.enabled .Values.store.grpc.ingress.enabled }} -{{- $apiV1 := false -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -{{- $apiV1 = true -}} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-grpc - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store - {{- if .Values.store.grpc.ingress.labels }} - {{ toYaml .Values.grpc.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.store.grpc.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.store.grpc.ingress.className }} - ingressClassName: {{ .Values.ingress.store.grpc.className }} -{{- end }} - {{- if .Values.store.grpc.ingress.tls }} - tls: - {{- range .Values.store.grpc.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.store.grpc.ingress.hosts }} - - host: {{ . }} - http: - paths: - {{- if $apiV1 }} - - path: {{ $.Values.store.grpc.ingress.path }} - pathType: {{ $.Values.store.grpc.ingress.pathType }} - backend: - service: - name: {{ include "thanos.componentname" (list $ "store") }}-grpc - port: - number: {{ $.Values.store.grpc.port }} - {{- else }} - - path: {{ $.Values.store.grpc.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "store") }}-grpc - servicePort: {{ $.Values.store.grpc.port }} - {{- end }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-pvc.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-pvc.yaml deleted file mode 100644 index 85c83f4a9..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-pvc.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.store.enabled }} -{{- if .Values.store.dataVolume -}} -{{- if .Values.store.dataVolume.persistentVolumeClaim -}} -{{- if .Values.store.dataVolume.persistentVolumeClaim.claimName -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.store.dataVolume.persistentVolumeClaim.claimName }} - namespace: {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteOnce - {{- if .Values.store.dataVolume.persistentVolumeClaim.storageClass }} - storageClassName: {{ .Values.store.dataVolume.persistentVolumeClaim.storageClass }} - {{- end }} - resources: - requests: - {{- if .Values.store.dataVolume.persistentVolumeClaim.storage }} - storage: {{ .Values.store.dataVolume.persistentVolumeClaim.storage }} - {{- else }} - storage: 100Gi - {{- end }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-service.yaml deleted file mode 100644 index dd912a8fb..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.store.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-grpc - namespace: {{ .Release.Namespace }} - {{- with .Values.store.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.store.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-http - namespace: {{ .Release.Namespace }} - {{- with .Values.store.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.store.http.service.type }} - {{- if .Values.store.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.store.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.store.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-servicemonitor.yaml deleted file mode 100644 index 5ee7d49b7..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.store.enabled .Values.store.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "store") }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-store - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.store.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.store.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/values.yaml b/charts/kubecost/cost-analyzer/charts/thanos/values.yaml deleted file mode 100644 index c0f2c6783..000000000 --- a/charts/kubecost/cost-analyzer/charts/thanos/values.yaml +++ /dev/null @@ -1,800 +0,0 @@ -image: - repository: thanosio/thanos - tag: v0.32.5 - pullPolicy: IfNotPresent - -## PriorityClassName -## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -priorityClassName: "" - -store: - enabled: true - # Maximum size of items held in the index cache. - indexCacheSize: 250MB - # Maximum size of concurrently allocatable bytes for chunks. - chunkPoolSize: 2GB - # Maximum amount of samples returned via a single series call. 0 means no limit. - # NOTE: for efficiency we take 120 as the number of samples in chunk (it cannot be bigger than that), - # so the actual number of samples might be lower, even though the maximum could be hit. - grpcSeriesSampleLimit: 0 - # Maximum number of concurrent Series calls. - grpcSeriesMaxConcurrency: 20 - # Repeat interval for syncing the blocks between local and remote view. - syncBlockDuration: 3m - # Number of goroutines to use when syncing blocks from object storage. - blockSyncConcurrency: 20 - # Log filtering level. - logLevel: info - # Add extra environment variables to store - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the store service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Data volume for the store to store temporary data defaults to emptyDir - dataVolume: - persistentVolumeClaim: - claimName: store-data-volume - storage: 100Gi - # Number of replicas running from store component - replicaCount: 1 - # Extra labels for store pod template - labels: {} - # cluster: example - # - # Extra annotations for store pod template - annotations: {} - # example.com: default - # - # Add extra labels to store deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to store deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to store deployment - deploymentMatchLabels: {} - # Override the default deployment strategy - deploymentStrategy: - type: Recreate - - # Enable metrics collecting for store service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for query grpc service - service: - # Annotations to query grpc service - annotations: {} - # Labels to query grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # Optional securityContext - securityContext: - fsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for store pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - serviceAccount: "" - -# Query Frontend Component -queryFrontend: - enabled: true - - # Split queries by an interval and execute in parallel, 0 disables it. - splitInterval: 24h - - # Maximum number of retries for a single request; beyond this, the downstream error is returned. - maxRetriesPerRequest: 5 - - # Limit the query time range (end - start time) in the query-frontend, 0 disables it. - maxQueryLength: 0 - - # Maximum number of queries will be scheduled in parallel by the frontend.\ - maxQueryParallelism: 14 - - # Most recent allowed cacheable result, to prevent caching very recent results that might still be in flux. - responseCacheMaxFreshness: 1m - - # Path to YAML file that contains response cache configuration. - # responseCacheConfigFile: - - # Response Cache Configuration - responseCache: - enabled: false - maxSize: 512MB - maxSizeItems: 0 - validity: 10m - - downstreamTripper: - enabled: false - idleConnectionTimeout: 90s - responseHeaderTimeout: 2m - tlsHandshakeTimeout: 10s - expectContinueTimeout: 1s - maxIdleConnections: 200 - maxIdleConnectionsPerHost: 100 - maxConnectionsPerHost: 0 - - # Downstream Tripper Configuration Content - # downstreamTripperConfig: - - # Response cache configuration content - # responseCacheConfig: - - # Enable partial response for queries if no partial_response param is specified. --no-query-range.partial-response for disabling. - # partialResponse: false - - # Compress HTTP responses. - compressResponses: true - - logLevel: info - # Add extra environment variables to query - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the query service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Number of replicas running from query component - replicaCount: 1 - # Enable HPA for query component - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 3 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - # Enable podDisruptionBudget for query component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - serviceAccount: "" - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - certSecretName: "" - # Extra labels for query pod template - labels: {} - # cluster: example - # - # Extra annotations for query pod template - annotations: {} - # example.com: default - # - # Add extra labels to query deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to query deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to query deployment - deploymentMatchLabels: {} - # Override the default deployment strategy - deploymentStrategy: - type: Recreate - - # Enable metrics collecting for query service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - - # Optional securityContext - securityContext: - fsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - -query: - enabled: true - # Label to treat as a replica indicator along which data is deduplicated. - # Still you will be able to query without deduplication using 'dedup=false' parameter. - replicaLabel: "" - # Prefix for API and UI endpoints. This allows thanos UI to be served on a sub-path. - # This option is analogous to --web.route-prefix of Promethus. - webRoutePrefix: "" - # Static prefix for all HTML links and redirect - # URLs in the UI query web interface. Actual - # endpoints are still served on / or the - # web.route-prefix. This allows thanos UI to be - # served behind a reverse proxy that strips a URL - # sub-path. - webExternalPrefix: "" - # Name of HTTP request header used for dynamic prefixing of UI links and redirects. - # This option is ignored if web.external-prefix argument is set. Security risk: enable this - # option only if a reverse proxy in front of thanos is resetting the header. The --web.prefix-header=X-Forwarded-Prefix option - # can be useful, for example, if Thanos UI is served via Traefik reverse proxy with PathPrefixStrip option enabled, which sends the - # stripped prefix value in X-Forwarded-Prefix header. This allows thanos UI to be served on a sub-path - webPrefixHeader: "" - # Maximum time to process query by query node. - timeout: 2m - # Maximum number of queries processed concurrently by query node. - maxConcurrent: 16 - # Maximum number of select requests made concurrently per a query. - maxConcurrentSelect: 4 - # Enable automatic adjustment (step / 5) to what source of data should be used in store gateways - # if no max_source_resolution param is specified. - autoDownsampling: false - # https://github.com/improbable-eng/thanos/issues/1015 - storeDNSResolver: miekgdns - # Enable DNS discovery for stores - storeDNSDiscovery: true - # Enable DNS discovery for sidecars (this is for the chart built-in sidecar service) - sidecarDNSDiscovery: true - # Addresses of statically configured store API servers (repeatable). - # The scheme may be prefixed with 'dns+' or 'dnssrv+' to detect store API servers through respective DNS lookups. - stores: [] - # - "dnssrv+_grpc._tcp...svc" - # - # Path to files that contains addresses of store API servers. The path can be a glob pattern (repeatable). - serviceDiscoveryFiles: [] - # Names of configmaps that contain addresses of store API servers, used for file service discovery. - serviceDiscoveryFileConfigMaps: [] - # Refresh interval to re-read file SD files. It is used as a resync fallback. - serviceDiscoveryInterval: 5m - # Log filtering level. - logLevel: info - # Add extra environment variables to query - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the query service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Number of replicas running from query component - replicaCount: 1 - # Enable HPA for query component - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 3 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - # Enable podDisruptionBudget for query component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - pathType: ImplementationSpecific - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - certSecretName: "" - # Extra labels for query pod template - labels: {} - # cluster: example - # - # Extra annotations for query pod template - annotations: {} - # example.com: default - # - # Add extra labels to query deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to query deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to query deployment - deploymentMatchLabels: {} - # Override the default deployment strategy - deploymentStrategy: - type: Recreate - - # Enable metrics collecting for query service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - - # Optional securityContext - securityContext: - fsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for query grpc service - service: - # Annotations to query grpc service - annotations: {} - # labels to query grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - pathType: ImplementationSpecific - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - serviceAccount: "" - -compact: - enabled: true - # Minimum age of fresh (non-compacted) blocks before they are being processed. - # Malformed blocks older than the maximum of consistency-delay and 30m0s will be removed. - consistencyDelay: 30m - # How long to retain raw samples in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolutionRaw: 1825d - # How long to retain samples of resolution 1 (5 minutes) in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolution5m: 1825d - # How long to retain samples of resolution 2 (1 hour) in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolution1h: 1825d - # Number of goroutines to use when compacting groups. - compactConcurrency: 1 - # Disables Downsampling data - disableDownsampling: false - # Log filtering level. - logLevel: info - # Compact service listening http port - http: - port: 10902 - service: - labels: {} - # Add extra environment variables to compact - extraEnv: - # - name: ENV - # value: value - # - # Add extra arguments to the compact service - extraArgs: - # - "--extraargs=extravalue" - # - # Data volume for the compactor to store temporary data defaults to emptyDir - # dataVolume: - # persistentVolumeClaim: - # claimName: compact-data-volume - # storage: 100Gi - # Extra labels for compact pod template - labels: {} - # cluster: example - # - # Extra annotations for compact pod template - annotations: {} - # example.com: default - # - # Add extra labels to compact deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to compact deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to compact deployment - deploymentMatchLabels: {} - # Override the default deployment strategy - deploymentStrategy: - type: Recreate - - # Enable metrics collecting for compact service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - serviceAccount: "" - - # Optional securityContext - securityContext: - fsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - -bucket: - enabled: true - # Number of replicas running from bucket component - replicaCount: 1 - # Log filtering level. - logLevel: info - # Refresh interval to download metadata from remote storage - refresh: 30m - # Timeout to download metadata from remote storage - timeout: 5m - # Prometheus label to use as timeline title - label: "" - # The http endpoint to communicate with other components - http: - # http listen port number - port: 8080 - # Service definition for bucket http service - service: - type: ClusterIP - # Annotations to bucket http service - annotations: {} - # Labels to bucket http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - pathType: ImplementationSpecific - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # Add extra environment variables to bucket - extraEnv: - # - name: ENV - # value: value - # - # Add extra arguments to the bucket service - extraArgs: - # - "--extraargs=extravalue" - # - # Extra labels for bucket pod template - labels: {} - # cluster: example - # - # Extra annotations for bucket pod template - annotations: {} - # example.com: default - # - # Add extra labels to bucket deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to bucket deployment - deploymentAnnotations: {} - # - # Add extra selector matchLabels to bucket deployment - deploymentMatchLabels: {} - # Override the default deployment strategy - deploymentStrategy: - type: Recreate - - # Enable podDisruptionBudget for bucket component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - # Optional securityContext - securityContext: - fsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for bucket pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - serviceAccount: "" - -sidecar: - # NOTE: This is only the service references for the sidecar - enabled: true - # Enable metrics collecting for sidecar service - metrics: - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for sidecar grpc service - service: - # Annotations to sidecar grpc service - annotations: {} - # Labels to sidecar grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - pathType: ImplementationSpecific - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for sidecar http service - service: - type: ClusterIP - # Annotations to sidecar http service - annotations: {} - # Labels to sidecar http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - pathType: ImplementationSpecific - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -storeSecretName: diff --git a/charts/kubecost/cost-analyzer/ci/aggregator-values.yaml b/charts/kubecost/cost-analyzer/ci/aggregator-values.yaml index 42e6c3593..523b9e81b 100644 --- a/charts/kubecost/cost-analyzer/ci/aggregator-values.yaml +++ b/charts/kubecost/cost-analyzer/ci/aggregator-values.yaml @@ -2,11 +2,16 @@ kubecostAggregator: enabled: true cloudCost: enabled: true - aggregatorStorage: - storageRequest: 5Gi aggregatorDbStorage: storageRequest: 10Gi kubecostModel: federatedStorageConfigSecret: federated-store kubecostProductConfigs: cloudIntegrationSecret: cloud-integration + clusterName: CLUSTER_NAME +prometheus: + server: + global: + external_labels: + # cluster_id should be unique for all clusters and the same value as .kubecostProductConfigs.clusterName + cluster_id: CLUSTER_NAME diff --git a/charts/kubecost/cost-analyzer/ci/federatedetl-primary-netcosts-values.yaml b/charts/kubecost/cost-analyzer/ci/federatedetl-primary-netcosts-values.yaml index 1362f872f..ef4f03856 100644 --- a/charts/kubecost/cost-analyzer/ci/federatedetl-primary-netcosts-values.yaml +++ b/charts/kubecost/cost-analyzer/ci/federatedetl-primary-netcosts-values.yaml @@ -3,11 +3,7 @@ kubecostProductConfigs: # cloudIntegrationSecret: cloud-integration federatedETL: useExistingS3Config: false - primaryCluster: true federatedCluster: true - federator: - enabled: true - # primaryClusterID: CLUSTER_NAME # Add after initial setup. This will break the combined folder setup if included at deployment. kubecostModel: containerStatsEnabled: true cloudCost: @@ -17,7 +13,6 @@ kubecostModel: serviceAccount: # this example uses AWS IRSA, which creates a service account with rights to the s3 bucket. If using keys+secrets in the federated-store, set create: true create: true kubecostDeployment: - queryServiceReplicas: 0 # to improve performance, increase replica count. see: https://docs.kubecost.com/install-and-configure/install/etl-backup/query-service-replicas global: prometheus: enabled: true @@ -26,10 +21,6 @@ global: enabled: false proxy: false prometheus: - kubeStateMetrics: - enabled: false - kube-state-metrics: - disabled: true nodeExporter: enabled: false server: diff --git a/charts/kubecost/cost-analyzer/charts/grafana/values.yaml b/charts/kubecost/cost-analyzer/old-grafana-values.yaml similarity index 80% rename from charts/kubecost/cost-analyzer/charts/grafana/values.yaml rename to charts/kubecost/cost-analyzer/old-grafana-values.yaml index 61039ebee..7843bc9a3 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/values.yaml +++ b/charts/kubecost/cost-analyzer/old-grafana-values.yaml @@ -1,55 +1,3 @@ -rbac: - create: true - pspEnabled: false - pspUseAppArmor: true -serviceAccount: - create: true - name: - -replicas: 1 - -deploymentStrategy: RollingUpdate - -readinessProbe: - httpGet: - path: /api/health - port: 3000 - -livenessProbe: - httpGet: - path: /api/health - port: 3000 - initialDelaySeconds: 60 - timeoutSeconds: 30 - failureThreshold: 10 - -image: - repository: grafana/grafana - tag: 9.4.7 - pullPolicy: IfNotPresent - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistrKeySecretName - -securityContext: {} - # runAsUser: 472 - # fsGroup: 472 - -downloadDashboardsImage: - repository: curlimages/curl - tag: latest - pullPolicy: IfNotPresent - -## Pod Annotations -# podAnnotations: {} - -## Deployment annotations -# annotations: {} - ## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). ## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. ## ref: http://kubernetes.io/docs/user-guide/services/ @@ -140,19 +88,6 @@ plugins: [] # - digrich-bubblechart-panel # - grafana-clock-panel -## Configure grafana datasources -## ref: http://docs.grafana.org/administration/provisioning/#datasources -## -datasources: {} -# datasources.yaml: -# apiVersion: 1 -# datasources: -# - name: Prometheus2 -# type: prometheus -# url: http://prometheus-server.default.svc -# access: proxy -# isDefault: false - ## Configure grafana dashboard providers ## ref: http://docs.grafana.org/administration/provisioning/#dashboards ## @@ -195,27 +130,6 @@ dashboards: {} dashboardsConfigMaps: {} # default: "" -## Grafana's primary configuration -## NOTE: values in map will be converted to ini format -## ref: http://docs.grafana.org/installation/configuration/ -## -grafana.ini: - paths: - data: /var/lib/grafana/data - logs: /var/log/grafana - plugins: /var/lib/grafana/plugins - provisioning: /etc/grafana/provisioning - analytics: - check_for_updates: true - log: - mode: console - grafana_net: - url: https://grafana.net - auth.anonymous: - enabled: true - org_role: Editor - org_name: Main Org. - ## LDAP Authentication can be enabled with the following values on grafana.ini ## NOTE: Grafana will fail to start if the value for ldap.toml is invalid # auth.ldap: @@ -258,7 +172,7 @@ smtp: sidecar: image: repository: kiwigrid/k8s-sidecar - tag: 1.25.2 + tag: 1.25.3 pullPolicy: IfNotPresent resources: {} dashboards: @@ -272,6 +186,23 @@ sidecar: # label that the configmaps with datasources are marked with label: grafana_datasource -## PriorityClassName -## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -priorityClassName: "" +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/data + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net + auth.anonymous: + enabled: true + org_role: Editor + org_name: Main Org. diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml b/charts/kubecost/cost-analyzer/old-prometheus-values.yaml similarity index 99% rename from charts/kubecost/cost-analyzer/charts/prometheus/values.yaml rename to charts/kubecost/cost-analyzer/old-prometheus-values.yaml index 392bae709..bdd91396f 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml +++ b/charts/kubecost/cost-analyzer/old-prometheus-values.yaml @@ -43,7 +43,7 @@ alertmanager: ## image: repository: quay.io/prometheus/alertmanager - tag: v0.25.0 + tag: v0.26.0 pullPolicy: IfNotPresent ## alertmanager priorityClassName @@ -321,7 +321,7 @@ configmapReload: ## image: repository: quay.io/prometheus-operator/prometheus-config-reloader - tag: v0.69.1 + tag: v0.71.2 pullPolicy: IfNotPresent ## Additional configmap-reload container arguments @@ -361,7 +361,7 @@ configmapReload: ## image: repository: quay.io/prometheus-operator/prometheus-config-reloader - tag: v0.69.1 + tag: v0.71.2 pullPolicy: IfNotPresent ## Additional configmap-reload container arguments @@ -387,12 +387,6 @@ configmapReload: ## resources: {} -kube-state-metrics: - ## If false, kube-state-metrics sub-chart will not be installed - ## Please see https://github.com/helm/charts/tree/master/stable/kube-state-metrics for configurable values - ## - enabled: true - nodeExporter: ## If false, node-exporter will not be installed ## @@ -543,7 +537,7 @@ server: ## image: repository: quay.io/prometheus/prometheus - tag: v2.48.1 + tag: v2.49.1 pullPolicy: IfNotPresent ## prometheus server priorityClassName @@ -1295,7 +1289,7 @@ serverFiles: regex: true - source_labels: [__meta_kubernetes_endpoints_name] action: keep - regex: (.*kube-state-metrics|.*node-exporter|kubecost-network-costs) + regex: (.*node-exporter|kubecost-network-costs) - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] action: replace target_label: __scheme__ diff --git a/charts/kubecost/cost-analyzer/pod-utilization-multi-cluster.json b/charts/kubecost/cost-analyzer/pod-utilization-multi-cluster.json index 135efa47d..6839559e3 100644 --- a/charts/kubecost/cost-analyzer/pod-utilization-multi-cluster.json +++ b/charts/kubecost/cost-analyzer/pod-utilization-multi-cluster.json @@ -612,24 +612,6 @@ "tags": [], "templating": { "list": [ - { - "current": { - "selected": false, - "text": "Thanos", - "value": "Thanos" - }, - "hide": 0, - "includeAll": false, - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, { "current": { "selected": false, diff --git a/charts/kubecost/cost-analyzer/templates/NOTES.txt b/charts/kubecost/cost-analyzer/templates/NOTES.txt index 75da274ec..0288f012c 100644 --- a/charts/kubecost/cost-analyzer/templates/NOTES.txt +++ b/charts/kubecost/cost-analyzer/templates/NOTES.txt @@ -1,33 +1,16 @@ - - -------------------------------------------------- -{{- $isEKS := (regexMatch ".*eks.*" (.Capabilities.KubeVersion | quote) )}} -{{- $isGT22 := (semverCompare ">=1.23-0" .Capabilities.KubeVersion.GitVersion) }} -{{- $PVNotExists := (empty (lookup "v1" "PersistentVolume" "" "")) }} -{{- $EBSCSINotExists := (empty (lookup "apps/v1" "Deployment" "kube-system" "ebs-csi-controller")) }} - +{{- include "kubecostV2-preconditions" . -}} +{{- include "cloudIntegrationSourceCheck" . -}} +{{- include "eksCheck" . -}} +{{- include "cloudIntegrationSecretCheck" . -}} {{- $servicePort := .Values.service.port | default 9090 }} Kubecost {{ .Chart.Version }} has been successfully installed. -{{ if (and $isEKS $isGT22) -}} +Welcome to Kubecost 2.0! -WARNING: ON EKS v1.23+ INSTALLATION OF EBS-CSI DRIVER IS REQUIRED TO MANAGE PERSISTENT VOLUMES. LEARN MORE HERE: https://docs.kubecost.com/install-and-configure/install/provider-installations/aws-eks-cost-monitoring#prerequisites +Kubecost 2.0 is a major upgrade from previous versions and includes major new features including a brand new API Backend. Please review the following documentation to ensure a smooth transition: https://docs.kubecost.com/install-and-configure/install/kubecostv2 -{{ if (and $EBSCSINotExists $PVNotExists) -}} - -ERROR: MISSING EBS-CSI DRIVER WHICH IS REQUIRED ON EKS v1.23+ TO MANAGE PERSISTENT VOLUMES. LEARN MORE HERE: https://docs.kubecost.com/install-and-configure/install/provider-installations/aws-eks-cost-monitoring#prerequisites - -{{ else if (and $EBSCSINotExists (not $PVNotExists)) -}} - -ERROR: MISSING EBS-CSI DRIVER WHICH IS REQUIRED ON EKS v1.23+ TO MANAGE PERSISTENT VOLUMES. LEARN MORE HERE: https://docs.kubecost.com/install-and-configure/install/provider-installations/aws-eks-cost-monitoring#prerequisites - -{{ end -}} -{{ end -}} - - -Please allow 5-10 minutes for Kubecost to gather metrics. - -When configured, cost reconciliation with cloud provider billing data will have a 48 hour delay. +For the full list of enhancements, please see our release notes: https://github.com/kubecost/cost-analyzer-helm-chart/releases/tag/v2.0.0 When pods are Ready, you can enable port-forwarding with the following command: @@ -35,4 +18,6 @@ When pods are Ready, you can enable port-forwarding with the following command: Then, navigate to http://localhost:{{ $servicePort }} in a web browser. +Please allow 25 minutes for Kubecost to gather metrics. A progress indicator will appear at the top of the UI. + Having installation issues? View our Troubleshooting Guide at http://docs.kubecost.com/troubleshoot-install diff --git a/charts/kubecost/cost-analyzer/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/templates/_helpers.tpl index bf5da954d..9ab1459b9 100644 --- a/charts/kubecost/cost-analyzer/templates/_helpers.tpl +++ b/charts/kubecost/cost-analyzer/templates/_helpers.tpl @@ -1,16 +1,166 @@ {{/* vim: set filetype=mustache: */}} + +{{/* +Set important variables before starting main templates +*/}} +{{- define "aggregator.deployMethod" -}} + {{- if (.Values.federatedETL).primaryCluster }} + {{- printf "statefulset" }} + {{- else if (not .Values.kubecostAggregator) }} + {{- printf "singlepod" }} + {{- else if .Values.kubecostAggregator.enabled }} + {{- printf "statefulset" }} + {{- else if eq .Values.kubecostAggregator.deployMethod "singlepod" }} + {{- printf "singlepod" }} + {{- else if eq .Values.kubecostAggregator.deployMethod "statefulset" }} + {{- printf "statefulset" }} + {{- else if eq .Values.kubecostAggregator.deployMethod "disabled" }} + {{- printf "disabled" }} + {{- else }} + {{- fail "Unknown kubecostAggregator.deployMethod value" }} + {{- end }} +{{- end }} + +{{/* +Kubecost 2.0 preconditions +*/}} +{{- define "kubecostV2-preconditions" -}} + {{/* Iterate through all StatefulSets in the namespace and check if any of them have a label indicating they are from + a pre-2.0 Helm Chart (e.g. "helm.sh/chart: cost-analyzer-1.108.1"). If so, return an error message with details and + documentation for how to properly upgrade to Kubecost 2.0 */}} + {{- $sts := (lookup "apps/v1" "StatefulSet" .Release.Namespace "") -}} + {{- if not (empty $sts.items) -}} + {{- range $index, $sts := $sts.items -}} + {{- if contains "aggregator" $sts.metadata.name -}} + {{- if $sts.metadata.labels -}} + {{- $stsLabels := $sts.metadata.labels -}} {{/* helm.sh/chart: cost-analyzer-1.108.1 */}} + {{- if hasKey $stsLabels "helm.sh/chart" -}} + {{- $chartLabel := index $stsLabels "helm.sh/chart" -}} {{/* cost-analyzer-1.108.1 */}} + {{- $chartNameAndVersion := split "-" $chartLabel -}} {{/* _0:cost _1:analyzer _2:1.108.1 */}} + {{- if gt (len $chartNameAndVersion) 2 -}} + {{- $chartVersion := $chartNameAndVersion._2 -}} {{/* 1.108.1 */}} + {{- if semverCompare ">=1.0.0-0 <2.0.0-0" $chartVersion -}} + {{- fail "\n\nAn existing Aggregator StatefulSet was found in your namespace.\nBefore upgrading to Kubecost 2.x, please `kubectl delete` this Statefulset.\nRefer to the following documentation for more information: https://docs.kubecost.com/install-and-configure/install/kubecostv2" -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/*https://github.com/helm/helm/issues/8026#issuecomment-881216078*/}} + {{- if ((.Values.thanos).store).enabled -}} + {{- fail "\n\nYou are attempting to upgrade to Kubecost 2.0.\nKubecost no longer includes Thanos by default. \nPlease see https://docs.kubecost.com/install-and-configure/install/kubecostv2 for more information.\nIf you have any questions or concerns, please reach out to us at product@kubecost.com" -}} + {{- end -}} + + {{- if or (((.Values.global).amp).enabled) (((.Values.global).gmp).enabled) (((.Values.global).thanos).queryService) (((.Values.global).mimirProxy).enabled) -}} + {{- if or (not (.Values.federatedETL).federatedCluster) (not (.Values.upgrade).toV2) -}} + {{- fail "\n\nMulti-Cluster-Prometheus Error:\nYou are attempting to upgrade to Kubecost 2.x\nSupport for multi-cluster Prometheus (Thanos/AMP/GMP/mimir/etc) without using `Kubecost Federated ETL Object Storage` will be added in future release. \nIf this is a single cluster Kubecost environment, upgrading is supported using a flag to acknowledge this change.\nMore information can be found here: \nhttps://docs.kubecost.com/install-and-configure/install/kubecostv2\nIf you have any questions or concerns, please reach out to us at product@kubecost.com\n\nWhen ready to upgrade, add `--set upgrade.toV2=true`." -}} + {{- end -}} + {{- end -}} + + {{- if or ((.Values.saml).rbac).enabled ((.Values.oidc).rbac).enabled -}} + {{- if (not (.Values.upgrade).toV2) -}} + {{- fail "\n\nSSO with RBAC is enabled.\nNote that Kubecost 2.x has significant architectural changes that may impact RBAC.\nThis should be tested before giving end-users access to the UI.\nKubecost has tested various configurations and believe that 2.x will be 100% compatible with existing configurations.\nRefer to the following documentation for more information: https://docs.kubecost.com/install-and-configure/install/kubecostv2\n\nWhen ready to upgrade, add `--set upgrade.toV2=true`." -}} + {{- end -}} + {{- end -}} + + {{- if not .Values.kubecostModel.etlFileStoreEnabled -}} + {{- fail "\n\nKubecost 2.0 does not support running fully in-memory. Some file system must be available to store cost data." -}} + {{- end -}} + + + {{- if (.Values.agent) -}} + {{- fail "\n\nKubecost 2.0 Does not support Thanos based agents. For Thanos, please continue to use 1.108.x.\nConsider moving to Kubecost Federated ETL based agents.\nRefer to the following documentation for more information: https://docs.kubecost.com/install-and-configure/install/kubecostv2\nSupport for Thanos agents is under consideration.\nIf you have any questions or concerns, please reach out to us at product@kubecost.com" -}} + {{- end -}} + {{- if .Values.kubecostModel.openSourceOnly -}} + {{- fail "In Kubecost 2.0, kubecostModel.openSourceOnly is not supported" -}} + {{- end -}} + + {{/* Aggregator config reconciliation and common config */}} + {{- if eq (include "aggregator.deployMethod" .) "statefulset" -}} + {{- if .Values.kubecostAggregator -}} + {{- if (not .Values.kubecostAggregator.aggregatorDbStorage) -}} + {{- fail "In Enterprise configuration, Aggregator DB storage is required" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (.Values.podSecurityPolicy).enabled }} + {{- fail "Kubecost no longer includes PodSecurityPolicy by default. Please take steps to preserve your existing PSPs before attempting the installation/upgrade again with the podSecurityPolicy values removed." }} + {{- end }} + +{{- end -}} + +{{- define "cloudIntegrationFromProductConfigs" }} + { + "aws": [ + { + "athenaBucketName": "{{ .Values.kubecostProductConfigs.athenaBucketName }}", + "athenaRegion": "{{ .Values.kubecostProductConfigs.athenaRegion }}", + "athenaDatabase": "{{ .Values.kubecostProductConfigs.athenaDatabase }}", + "athenaTable": "{{ .Values.kubecostProductConfigs.athenaTable }}", + "projectID": "{{ .Values.kubecostProductConfigs.athenaProjectID }}" + {{- if and ((.Values.kubecostProductConfigs).awsServiceKeyName) ((.Values.kubecostProductConfigs).awsServiceKeyPassword) }}, + "serviceKeyName": "{{ .Values.kubecostProductConfigs.awsServiceKeyName }}", + "serviceKeySecret": "{{ .Values.kubecostProductConfigs.awsServiceKeyPassword }}" + {{- end }} + } + ] + } +{{- end }} + +{{/* +Cloud integration source contents check. Either the Secret must be specified or the JSON, not both. +Additionally, for upgrade protection, certain individual values populated under the kubecostProductConfigs map, if found, +will result in failure. Users are asked to select one of the two presently-available sources for cloud integration information. +*/}} +{{- define "cloudIntegrationSourceCheck" -}} + {{- if and (.Values.kubecostProductConfigs).cloudIntegrationSecret (.Values.kubecostProductConfigs).cloudIntegrationJSON -}} + {{- fail "\ncloudIntegrationSecret and cloudIntegrationJSON are mutually exclusive. Please specify only one." -}} + {{- end -}} +{{- if and (.Values.kubecostProductConfigs).cloudIntegrationSecret ((.Values.kubecostProductConfigs).athenaProjectID) }} + {{- fail "\nUsing a cloud-integration secret and kubecostProductConfigs.athena* values are mutually exclusive. Please specifiy only one." -}} + {{- end -}} +{{- end -}} + + +{{/* +Print a warning if PV is enabled AND EKS is detected AND the EBS-CSI driver is not installed +*/}} +{{- define "eksCheck" }} +{{- $isEKS := (regexMatch ".*eks.*" (.Capabilities.KubeVersion | quote) )}} +{{- $isGT22 := (semverCompare ">=1.23-0" .Capabilities.KubeVersion.GitVersion) }} +{{- $PVNotExists := (empty (lookup "v1" "PersistentVolume" "" "")) }} +{{- $EBSCSINotExists := (empty (lookup "apps/v1" "Deployment" "kube-system" "ebs-csi-controller")) }} +{{- if (and $isEKS $isGT22 .Values.persistentVolume.enabled $EBSCSINotExists) -}} + +ERROR: MISSING EBS-CSI DRIVER WHICH IS REQUIRED ON EKS v1.23+ TO MANAGE PERSISTENT VOLUMES. LEARN MORE HERE: https://docs.kubecost.com/install-and-configure/install/provider-installations/aws-eks-cost-monitoring#prerequisites + +{{- end -}} +{{- end -}} + +{{/* +Verify the cloud integration secret exists with the expected key when cloud integration is enabled. +*/}} +{{- define "cloudIntegrationSecretCheck" -}} +{{- if (.Values.kubecostProductConfigs).cloudIntegrationSecret }} +{{- if .Capabilities.APIVersions.Has "v1/Secret" }} + {{- $secret := lookup "v1" "Secret" .Release.Namespace .Values.kubecostProductConfigs.cloudIntegrationSecret }} + {{- if or (not $secret) (not (index $secret.data "cloud-integration.json")) }} + {{- fail (printf "The cloud integration secret '%s' does not exist or does not contain the expected key 'cloud-integration.json'" .Values.kubecostProductConfigs.cloudIntegrationSecret) }} + {{- end }} +{{- end -}} +{{- end -}} +{{- end -}} + {{/* Expand the name of the chart. */}} {{- define "cost-analyzer.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "query-service.name" -}} -{{- default "query-service" | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- define "federator.name" -}} -{{- default "federator" | trunc 63 | trimSuffix "-" -}} -{{- end -}} {{- define "aggregator.name" -}} {{- default "aggregator" | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -20,6 +170,9 @@ Expand the name of the chart. {{- define "etlUtils.name" -}} {{- default "etl-utils" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- define "forecasting.name" -}} +{{- default "forecasting" | trunc 63 | trimSuffix "-" -}} +{{- end -}} {{/* Create a default fully qualified app name. @@ -39,14 +192,6 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} -{{- define "query-service.fullname" -}} -{{- if .Values.queryServiceFullnameOverride -}} -{{- .Values.queryServiceFullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name "query-service" | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - {{- define "diagnostics.fullname" -}} {{- if .Values.diagnosticsFullnameOverride -}} {{- .Values.diagnosticsFullnameOverride | trunc 63 | trimSuffix "-" -}} @@ -55,10 +200,6 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} -{{- define "federator.fullname" -}} -{{- printf "%s-%s" .Release.Name "federator" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{- define "aggregator.fullname" -}} {{- printf "%s-%s" .Release.Name "aggregator" | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -70,6 +211,9 @@ If release name contains chart name it will be used as a full name. {{- define "etlUtils.fullname" -}} {{- printf "%s-%s" .Release.Name (include "etlUtils.name" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- define "forecasting.fullname" -}} +{{- printf "%s-%s" .Release.Name (include "forecasting.name" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} {{/* Create the fully qualified name for Prometheus server service. @@ -113,10 +257,6 @@ Create the fully qualified name for Prometheus alertmanager service. {{- printf "%s-%s" .Release.Name "cost-analyzer" | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "query-service.serviceName" -}} -{{- printf "%s-%s" .Release.Name "query-service-load-balancer" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{- define "diagnostics.serviceName" -}} {{- printf "%s-%s" .Release.Name "diagnostics" | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -129,6 +269,9 @@ Create the fully qualified name for Prometheus alertmanager service. {{- define "etlUtils.serviceName" -}} {{ include "etlUtils.fullname" . }} {{- end -}} +{{- define "forecasting.serviceName" -}} +{{ include "forecasting.fullname" . }} +{{- end -}} {{/* Create the name of the service account @@ -140,13 +283,6 @@ Create the name of the service account {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} -{{- define "query-service.serviceAccountName" -}} -{{- if .Values.kubecostDeployment.queryService.serviceAccount.create -}} - {{ default (include "query-service.fullname" .) .Values.kubecostDeployment.queryService.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.kubecostDeployment.queryService.serviceAccount.name }} -{{- end -}} -{{- end -}} {{- define "aggregator.serviceAccountName" -}} {{- if .Values.kubecostAggregator.serviceAccountName -}} {{ .Values.kubecostAggregator.serviceAccountName }} @@ -202,18 +338,6 @@ helm.sh/chart: {{ include "cost-analyzer.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} -{{- define "kubecost.queryService.chartLabels" -}} -app.kubernetes.io/name: {{ include "query-service.name" . }} -helm.sh/chart: {{ include "cost-analyzer.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} -{{- define "kubecost.federator.chartLabels" -}} -app.kubernetes.io/name: {{ include "federator.name" . }} -helm.sh/chart: {{ include "cost-analyzer.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} {{- define "kubecost.aggregator.chartLabels" -}} app.kubernetes.io/name: {{ include "aggregator.name" . }} helm.sh/chart: {{ include "cost-analyzer.chart" . }} @@ -232,30 +356,30 @@ app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app: cost-analyzer {{- end -}} -{{- define "query-service.commonLabels" -}} -{{ include "kubecost.queryService.chartLabels" . }} -app: query-service -{{- end -}} -{{- define "federator.commonLabels" -}} -{{ include "kubecost.federator.chartLabels" . }} -app: federator -{{- end -}} + {{- define "aggregator.commonLabels" -}} {{ include "cost-analyzer.chartLabels" . }} app: aggregator {{- end -}} + {{- define "diagnostics.commonLabels" -}} {{ include "cost-analyzer.chartLabels" . }} app: diagnostics {{- end -}} + {{- define "cloudCost.commonLabels" -}} {{ include "cost-analyzer.chartLabels" . }} {{ include "cloudCost.selectorLabels" . }} {{- end -}} + {{- define "etlUtils.commonLabels" -}} {{ include "cost-analyzer.chartLabels" . }} {{ include "etlUtils.selectorLabels" . }} {{- end -}} +{{- define "forecasting.commonLabels" -}} +{{ include "cost-analyzer.chartLabels" . }} +{{ include "forecasting.selectorLabels" . }} +{{- end -}} {{/* Create the networkcosts common labels. Note that because this is a daemonset, we don't want app.kubernetes.io/instance: to take the release name, which allows the scrape config to be static. @@ -287,25 +411,33 @@ app.kubernetes.io/name: {{ include "cost-analyzer.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app: cost-analyzer {{- end -}} -{{- define "query-service.selectorLabels" -}} -app.kubernetes.io/name: {{ include "query-service.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: query-service -{{- end -}} -{{- define "federator.selectorLabels" -}} -app.kubernetes.io/name: {{ include "federator.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: federator -{{- end -}} + {{- define "aggregator.selectorLabels" -}} +{{- if eq (include "aggregator.deployMethod" .) "statefulset" }} app.kubernetes.io/name: {{ include "aggregator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app: aggregator -{{- end -}} +{{- else if eq (include "aggregator.deployMethod" .) "singlepod" }} +{{- include "cost-analyzer.selectorLabels" . }} +{{- else }} +{{ fail "Failed to set aggregator.selectorLabels" }} +{{- end }} +{{- end }} + {{- define "cloudCost.selectorLabels" -}} +{{- if eq (include "aggregator.deployMethod" .) "statefulset" }} app.kubernetes.io/name: {{ include "cloudCost.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app: {{ include "cloudCost.name" . }} +{{- else }} +{{- include "cost-analyzer.selectorLabels" . }} +{{- end }} +{{- end }} + +{{- define "forecasting.selectorLabels" -}} +app.kubernetes.io/name: {{ include "forecasting.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app: {{ include "forecasting.name" . }} {{- end -}} {{- define "etlUtils.selectorLabels" -}} app.kubernetes.io/name: {{ include "etlUtils.name" . }} @@ -313,50 +445,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} app: {{ include "etlUtils.name" . }} {{- end -}} -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "cost-analyzer.daemonset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for priorityClass. -*/}} -{{- define "cost-analyzer.priorityClass.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "scheduling.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "scheduling.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "cost-analyzer.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "cost-analyzer.podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.3-0, <1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - {{/* Recursive filter which accepts a map containing an input map (.v) and an output map (.r). The template will traverse all values inside .v recursively writing non-map values to the output .r. If a nested map @@ -398,31 +486,626 @@ The implied use case is {{ template "cost-analyzer.filterEnabled" .Values }} {{- end -}} {{/* -This template runs the full check for leader/follower requirements in order to determine -whether it should be configured. This template will return true if it's enabled and all -requirements are met. +============================================================== +Begin Prometheus templates +============================================================== */}} -{{- define "cost-analyzer.leaderFollowerEnabled" }} - {{- if .Values.kubecostDeployment }} - {{- if .Values.kubecostDeployment.leaderFollower }} - {{- if .Values.kubecostDeployment.leaderFollower.enabled }} - {{- $replicas := .Values.kubecostDeployment.replicas | default 1 }} - {{- if not .Values.kubecostModel.etlFileStoreEnabled }} - {{- "" }} - {{- else if (eq (quote .Values.kubecostModel.etlBucketConfigSecret) "") }} - {{- "" }} - {{- else if not (gt (int $replicas) 1) }} - {{- ""}} - {{- else }} - {{- "true" }} - {{- end }} - {{- else }} - {{- "" }} - {{- end }} - {{- else }} - {{- "" }} - {{- end }} - {{- else }} - {{- "" }} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus.name" -}} +{{- "prometheus" -}} +{{- end -}} + +{{/* +Define common selector labels for all Prometheus components +*/}} +{{- define "prometheus.common.matchLabels" -}} +app: {{ template "prometheus.name" . }} +release: {{ .Release.Name }} +{{- end -}} + +{{/* +Define common top-level labels for all Prometheus components +*/}} +{{- define "prometheus.common.metaLabels" -}} +heritage: {{ .Release.Service }} +{{- end -}} + +{{/* +Define top-level labels for Alert Manager +*/}} +{{- define "prometheus.alertmanager.labels" -}} +{{ include "prometheus.alertmanager.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{/* +Define selector labels for Alert Manager +*/}} +{{- define "prometheus.alertmanager.matchLabels" -}} +component: {{ .Values.prometheus.alertmanager.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{/* +Define top-level labels for Node Exporter +*/}} +{{- define "prometheus.nodeExporter.labels" -}} +{{ include "prometheus.nodeExporter.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{/* +Define selector labels for Node Exporter +*/}} +{{- define "prometheus.nodeExporter.matchLabels" -}} +component: {{ .Values.prometheus.nodeExporter.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{/* +Define top-level labels for Push Gateway +*/}} +{{- define "prometheus.pushgateway.labels" -}} +{{ include "prometheus.pushgateway.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{/* +Define selector labels for Push Gateway +*/}} +{{- define "prometheus.pushgateway.matchLabels" -}} +component: {{ .Values.prometheus.pushgateway.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{/* +Define top-level labels for Server +*/}} +{{- define "prometheus.server.labels" -}} +{{ include "prometheus.server.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{/* +Define selector labels for Server +*/}} +{{- define "prometheus.server.matchLabels" -}} +component: {{ .Values.prometheus.server.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.fullname" -}} +{{- if .Values.prometheus.fullnameOverride -}} +{{- .Values.prometheus.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "prometheus" .Values.prometheus.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified alertmanager name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} + +{{- define "prometheus.alertmanager.fullname" -}} +{{- if .Values.prometheus.alertmanager.fullnameOverride -}} +{{- .Values.prometheus.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "prometheus" .Values.prometheus.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.prometheus.alertmanager.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.prometheus.alertmanager.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Create a fully qualified node-exporter name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.nodeExporter.fullname" -}} +{{- if .Values.prometheus.nodeExporter.fullnameOverride -}} +{{- .Values.prometheus.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "prometheus" .Values.prometheus.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.prometheus.nodeExporter.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.prometheus.nodeExporter.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified Prometheus server name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.server.fullname" -}} +{{- if .Values.prometheus.server.fullnameOverride -}} +{{- .Values.prometheus.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "prometheus" .Values.prometheus.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.prometheus.server.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.prometheus.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified pushgateway name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.pushgateway.fullname" -}} +{{- if .Values.prometheus.pushgateway.fullnameOverride -}} +{{- .Values.prometheus.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "prometheus" .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.prometheus.pushgateway.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.prometheus.pushgateway.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the alertmanager component +*/}} +{{- define "prometheus.serviceAccountName.alertmanager" -}} +{{- if .Values.prometheus.serviceAccounts.alertmanager.create -}} + {{ default (include "prometheus.alertmanager.fullname" .) .Values.prometheus.serviceAccounts.alertmanager.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccounts.alertmanager.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the nodeExporter component +*/}} +{{- define "prometheus.serviceAccountName.nodeExporter" -}} +{{- if .Values.prometheus.serviceAccounts.nodeExporter.create -}} + {{ default (include "prometheus.nodeExporter.fullname" .) .Values.prometheus.serviceAccounts.nodeExporter.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccounts.nodeExporter.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the pushgateway component +*/}} +{{- define "prometheus.serviceAccountName.pushgateway" -}} +{{- if .Values.prometheus.serviceAccounts.pushgateway.create -}} + {{ default (include "prometheus.pushgateway.fullname" .) .Values.prometheus.serviceAccounts.pushgateway.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccounts.pushgateway.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the server component +*/}} +{{- define "prometheus.serviceAccountName.server" -}} +{{- if .Values.prometheus.serviceAccounts.server.create -}} + {{ default (include "prometheus.server.fullname" .) .Values.prometheus.serviceAccounts.server.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccounts.server.name }} +{{- end -}} +{{- end -}} + +{{/* +============================================================== +Begin Grafana templates +============================================================== +*/}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- "grafana" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.grafana.fullnameOverride -}} +{{- .Values.grafana.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "grafana" .Values.grafana.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +============================================================== +Begin Kubecost 2.0 templates +============================================================== +*/}} + +{{- define "aggregator.containerTemplate" }} +- name: aggregator +{{- if .Values.kubecostAggregator.containerSecurityContext }} + securityContext: + {{- toYaml .Values.kubecostAggregator.containerSecurityContext | nindent 4 }} +{{- else if .Values.global.containerSecurityContext }} + securityContext: + {{- toYaml .Values.global.containerSecurityContext | nindent 4 }} +{{- end }} + {{- if .Values.kubecostModel }} + {{- if .Values.kubecostAggregator.fullImageName }} + image: {{ .Values.kubecostAggregator.fullImageName }} + {{- else if .Values.imageVersion }} + image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} + {{- else if eq "development" .Chart.AppVersion }} + image: gcr.io/kubecost1/cost-model-nightly:latest + {{- else }} + image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} + {{- end }} + {{- else }} + image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} + {{- end }} + {{- if .Values.kubecostAggregator.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 9004 + initialDelaySeconds: {{ .Values.kubecostAggregator.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.kubecostAggregator.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.kubecostAggregator.readinessProbe.failureThreshold }} + {{- end }} + imagePullPolicy: Always + args: ["waterfowl"] + ports: + - name: tcp-api + containerPort: 9004 + protocol: TCP + {{- with.Values.kubecostAggregator.extraPorts }} + {{- toYaml . | nindent 4 }} + {{- end }} + resources: + {{- toYaml .Values.kubecostAggregator.resources | nindent 4 }} + volumeMounts: + - name: persistent-configs + mountPath: /var/configs + {{- if .Values.kubecostModel.federatedStorageConfigSecret }} + - name: federated-storage-config + mountPath: /var/configs/etl + readOnly: true + {{- else if eq (include "aggregator.deployMethod" .) "statefulset" }} + {{- fail "When in StatefulSet mode, Aggregator requires that kubecostModel.federatedStorageConfigSecret be set." }} + {{- end }} + {{- if and .Values.persistentVolume.dbPVEnabled (eq (include "aggregator.deployMethod" .) "singlepod") }} + - name: persistent-db + mountPath: /var/db + # aggregator should only need read access to ETL data + readOnly: true + {{- end }} + {{- if eq (include "aggregator.deployMethod" .) "statefulset" }} + - name: aggregator-db-storage + mountPath: /var/configs/waterfowl/duckdb + - name: aggregator-staging + # Aggregator uses /var/configs/waterfowl as a "staging" directory for + # things like intermediate-state files pre-ingestion. In order to avoid a + # permission problem similar to + # https://github.com/kubernetes/kubernetes/issues/81676, we create an + # emptyDir at this path. + # + # This hasn't been observed as a problem in cost-analyzer, likely because + # of the init container that gives everything under /var/configs 777. + mountPath: /var/configs/waterfowl + {{- end }} + {{- if .Values.saml }} + {{- if .Values.saml.enabled }} + {{- if .Values.saml.secretName }} + - name: secret-volume + mountPath: /var/configs/secret-volume + {{- end }} + {{- if .Values.saml.encryptionCertSecret }} + - name: saml-encryption-cert + mountPath: /var/configs/saml-encryption-cert + {{- end }} + {{- if .Values.saml.decryptionKeySecret }} + - name: saml-decryption-key + mountPath: /var/configs/saml-decryption-key + {{- end }} + {{- if .Values.saml.metadataSecretName }} + - name: metadata-secret-volume + mountPath: /var/configs/metadata-secret-volume + {{- end }} + - name: saml-auth-secret + mountPath: /var/configs/saml-auth-secret + {{- if .Values.saml.rbac.enabled }} + - name: saml-roles + mountPath: /var/configs/saml + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.oidc }} + {{- if .Values.oidc.enabled }} + - name: oidc-config + mountPath: /var/configs/oidc + {{- if .Values.oidc.secretName }} + - name: oidc-client-secret + mountPath: /var/configs/oidc-client-secret + {{- end }} + {{- end }} + {{- end }} + env: + {{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }} + - name: CLUSTER_ID + value: {{ .Values.prometheus.server.global.external_labels.cluster_id }} + {{- end }} + {{- if .Values.prometheus.server.clusterIDConfigmap }} + - name: CLUSTER_ID + valueFrom: + configMapKeyRef: + name: {{ .Values.prometheus.server.clusterIDConfigmap }} + key: CLUSTER_ID + {{- end }} + {{- if .Values.kubecostAggregator.jaeger.enabled }} + - name: TRACING_URL + value: "http://localhost:14268/api/traces" + {{- end }} + - name: CONFIG_PATH + value: /var/configs/ + {{- if and .Values.persistentVolume.dbPVEnabled (eq (include "aggregator.deployMethod" .) "singlepod") }} + - name: ETL_PATH_PREFIX + value: "/var/db" + {{- end }} + - name: ETL_ENABLED + value: "false" # this container should never run KC's concept of "ETL" + - name: CLOUD_PROVIDER_API_KEY + value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API key.This GCP api key is expected to be here and is limited to accessing google's billing API.' + {{- if .Values.systemProxy.enabled }} + - name: HTTP_PROXY + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: http_proxy + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: HTTPS_PROXY + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: https_proxy + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: NO_PROXY + value: {{ .Values.systemProxy.noProxy }} + - name: no_proxy + value: {{ .Values.systemProxy.noProxy }} + {{- end }} + {{- if .Values.kubecostAggregator.extraEnv -}} + {{- toYaml .Values.kubecostAggregator.extraEnv | nindent 4 }} + {{- end }} + {{- if eq (include "aggregator.deployMethod" .) "statefulset" }} + # If this isn't set, we pretty much have to be in a read only state, + # initialization will probably fail otherwise. + - name: ETL_BUCKET_CONFIG + {{- if not .Values.kubecostModel.federatedStorageConfigSecret }} + value: /var/configs/etl/object-store.yaml + {{- else }} + value: /var/configs/etl/federated-store.yaml + - name: FEDERATED_STORE_CONFIG + value: /var/configs/etl/federated-store.yaml + - name: FEDERATED_PRIMARY_CLUSTER # this ensures the ingester runs assuming federated primary paths in the bucket + value: "true" + - name: FEDERATED_CLUSTER # this ensures the ingester runs assuming federated primary paths in the bucket + value: "true" + {{- end }} + {{- end }} + + {{- range $key, $value := .Values.kubecostAggregator.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + - name: KUBECOST_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.oidc.enabled }} + - name: OIDC_ENABLED + value: "true" + - name: OIDC_SKIP_ONLINE_VALIDATION + value: {{ (quote .Values.oidc.skipOnlineTokenValidation) | default (quote false) }} + {{- end}} + {{- if .Values.kubecostAggregator }} + {{- if .Values.kubecostAggregator.collections }} + {{- if (((.Values.kubecostAggregator).collections).cache) }} + - name: COLLECTIONS_MEMORY_CACHE_ENABLED + value: {{ (quote .Values.kubecostAggregator.collections.cache.enabled) | default (quote true) }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.saml }} + {{- if .Values.saml.enabled }} + - name: SAML_ENABLED + value: "true" + - name: IDP_URL + value: {{ .Values.saml.idpMetadataURL }} + - name: SP_HOST + value: {{ .Values.saml.appRootURL }} + {{- if .Values.saml.audienceURI }} + - name: AUDIENCE_URI + value: {{ .Values.saml.audienceURI }} + {{- end }} + {{- if .Values.saml.isGLUUProvider }} + - name: GLUU_SAML_PROVIDER + value: {{ (quote .Values.saml.isGLUUProvider) }} + {{- end }} + {{- if .Values.saml.nameIDFormat }} + - name: NAME_ID_FORMAT + value: {{ .Values.saml.nameIDFormat }} + {{- end}} + {{- if .Values.saml.authTimeout }} + - name: AUTH_TOKEN_TIMEOUT + value: {{ (quote .Values.saml.authTimeout) }} + {{- end}} + {{- if .Values.saml.redirectURL }} + - name: LOGOUT_REDIRECT_URL + value: {{ .Values.saml.redirectURL }} + {{- end}} + {{- if .Values.saml.rbac.enabled }} + - name: SAML_RBAC_ENABLED + value: "true" + {{- end }} + {{- if and .Values.saml.encryptionCertSecret .Values.saml.decryptionKeySecret }} + - name: SAML_RESPONSE_ENCRYPTED + value: "true" + {{- end}} + {{- end }} {{- end }} {{- end }} + + +{{- define "aggregator.jaeger.sidecarContainerTemplate" }} +- name: embedded-jaeger + securityContext: + {{- toYaml .Values.kubecostAggregator.jaeger.containerSecurityContext | nindent 4 }} + image: {{ .Values.kubecostAggregator.jaeger.image }}:{{ .Values.kubecostAggregator.jaeger.imageVersion }} +{{- end }} + + +{{- define "aggregator.cloudCost.containerTemplate" }} +- name: cloud-cost + {{- if .Values.kubecostModel }} + {{- if .Values.kubecostAggregator.fullImageName }} + image: {{ .Values.kubecostAggregator.fullImageName }} + {{- else if .Values.kubecostModel.fullImageName }} + image: {{ .Values.kubecostModel.fullImageName }} + {{- else if .Values.imageVersion }} + image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} + {{- else if eq "development" .Chart.AppVersion }} + image: gcr.io/kubecost1/cost-model-nightly:latest + {{- else }} + image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} + {{ end }} + {{- else }} + image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} + {{ end }} + {{- if .Values.kubecostAggregator.cloudCost.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 9005 + initialDelaySeconds: {{ .Values.kubecostAggregator.cloudCost.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.kubecostAggregator.cloudCost.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.kubecostAggregator.cloudCost.readinessProbe.failureThreshold }} + {{- end }} + imagePullPolicy: Always + args: ["cloud-cost"] + ports: + - name: tcp-api + containerPort: 9005 + protocol: TCP + resources: + {{- toYaml .Values.kubecostAggregator.cloudCost.resources | nindent 4 }} + volumeMounts: + - name: persistent-configs + mountPath: /var/configs + {{- if .Values.kubecostModel.federatedStorageConfigSecret }} + - name: federated-storage-config + mountPath: /var/configs/etl/federated + readOnly: true + {{- end }} + {{- if .Values.kubecostModel.etlBucketConfigSecret }} + - name: etl-bucket-config + mountPath: /var/configs/etl + readOnly: true + {{- end }} + {{- if or (.Values.kubecostProductConfigs).cloudIntegrationSecret (.Values.kubecostProductConfigs).cloudIntegrationJSON ((.Values.kubecostProductConfigs).athenaProjectID) }} + - name: cloud-integration + mountPath: /var/configs/cloud-integration + {{- end }} + env: + - name: CONFIG_PATH + value: /var/configs/ + {{- if .Values.kubecostModel.etlBucketConfigSecret }} + - name: ETL_BUCKET_CONFIG + value: /var/configs/etl/object-store.yaml + {{- end}} + {{- if .Values.kubecostModel.federatedStorageConfigSecret }} + - name: FEDERATED_STORE_CONFIG + value: /var/configs/etl/federated/federated-store.yaml + - name: FEDERATED_CLUSTER + value: "true" + {{- end}} + - name: CLOUD_COST_REFRESH_RATE_HOURS + value: {{ .Values.kubecostAggregator.cloudCost.refreshRateHours | default 6 | quote }} + - name: CLOUD_COST_QUERY_WINDOW_DAYS + value: {{ .Values.kubecostAggregator.cloudCost.queryWindowDays | default 7 | quote }} + - name: CLOUD_COST_RUN_WINDOW_DAYS + value: {{ .Values.kubecostAggregator.cloudCost.runWindowDays | default 3 | quote }} + {{- with .Values.kubecostModel.cloudCost }} + {{- with .labelList }} + - name: CLOUD_COST_IS_INCLUDE_LIST + value: {{ (quote .IsIncludeList) | default (quote false) }} + - name: CLOUD_COST_LABEL_LIST + value: {{ (quote .labels) }} + {{- end }} + - name: CLOUD_COST_TOP_N + value: {{ (quote .topNItems) | default (quote 1000) }} + {{- end }} + {{- range $key, $value := .Values.kubecostAggregator.cloudCost.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.systemProxy.enabled }} + - name: HTTP_PROXY + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: http_proxy + value: {{ .Values.systemProxy.httpProxyUrl }} + - name: HTTPS_PROXY + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: https_proxy + value: {{ .Values.systemProxy.httpsProxyUrl }} + - name: NO_PROXY + value: {{ .Values.systemProxy.noProxy }} + - name: no_proxy + value: {{ .Values.systemProxy.noProxy }} + {{- end }} +{{- end }} + +{{/* +SSO enabled flag for nginx configmap +*/}} +{{- define "ssoEnabled" -}} + {{- if or (.Values.saml).enabled (.Values.oidc).enabled -}} + {{- printf "true" -}} + {{- else -}} + {{- printf "false" -}} + {{- end -}} +{{- end -}} + +{{- define "cost-analyzer.grafanaEnabled" -}} + {{- if and (.Values.global.grafana.enabled) (not .Values.federatedETL.agentOnly) -}} + {{- printf "true" -}} + {{- else -}} + {{- printf "false" -}} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml b/charts/kubecost/cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml index 88fdc7646..c0b44911d 100644 --- a/charts/kubecost/cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml +++ b/charts/kubecost/cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml @@ -1,4 +1,9 @@ -{{- if .Values.kubecostAggregator.cloudCost.enabled }} +{{- if eq (include "aggregator.deployMethod" .) "statefulset" }} + +{{/* + A cloud integration secret is required for cloud cost to function as a dedicated pod. +*/}} +{{- if or (.Values.kubecostProductConfigs).cloudIntegrationSecret (.Values.kubecostProductConfigs).cloudIntegrationJSON ((.Values.kubecostProductConfigs).athenaProjectID) }} apiVersion: apps/v1 kind: Deployment @@ -7,6 +12,9 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{ include "cloudCost.commonLabels" . | nindent 4 }} + {{- with .Values.global.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: 1 selector: @@ -20,6 +28,9 @@ spec: app.kubernetes.io/name: cloud-cost app.kubernetes.io/instance: {{ .Release.Name }} app: cloud-cost + {{- with .Values.global.additionalLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.podAnnotations}} annotations: {{- toYaml . | nindent 8 }} @@ -47,94 +58,20 @@ spec: items: - key: cloud-integration.json path: cloud-integration.json - {{- else }} - {{- fail "Cloud Cost requires configuration secret" }} + {{- else if or .Values.kubecostProductConfigs.cloudIntegrationJSON ((.Values.kubecostProductConfigs).athenaProjectID) }} + - name: cloud-integration + secret: + secretName: cloud-integration + items: + - key: cloud-integration.json + path: cloud-integration.json {{- end }} + {{/* Titled persistent-configs to be compatible with single-pod install. + All data stored here is ephemeral, and does not require a PV. */}} + - name: persistent-configs + emptyDir: {} containers: - - name: cloud-cost - {{- if .Values.kubecostModel }} - {{- if .Values.kubecostModel.openSourceOnly }} - {{- fail "Kubecost Aggregator cannot be used with open source only" }} - {{- else if .Values.kubecostAggregator.fullImageName }} - image: {{ .Values.kubecostAggregator.fullImageName }} - {{- else if .Values.kubecostModel.fullImageName }} - image: {{ .Values.kubecostModel.fullImageName }} - {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} - {{- else }} - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz - port: 9005 - initialDelaySeconds: 10 - periodSeconds: 5 - failureThreshold: 200 - imagePullPolicy: Always - args: ["cloud-cost"] - ports: - - name: tcp-api - containerPort: 9005 - protocol: TCP - resources: - {{- toYaml .Values.kubecostAggregator.cloudCost.resources | nindent 12 }} - volumeMounts: - {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - - name: federated-storage-config - mountPath: /var/configs/etl/federated - readOnly: true - {{- end }} - {{- if .Values.kubecostModel.etlBucketConfigSecret }} - - name: etl-bucket-config - mountPath: /var/configs/etl - readOnly: true - {{- end }} - {{- if .Values.kubecostProductConfigs.cloudIntegrationSecret }} - - name: cloud-integration - mountPath: /var/configs/cloud-integration - {{- end }} - env: - - name: CONFIG_PATH - value: /var/configs/ - {{- if .Values.kubecostModel.etlBucketConfigSecret }} - - name: ETL_BUCKET_CONFIG - value: "/var/configs/etl/object-store.yaml" - {{- end}} - {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - - name: FEDERATED_STORE_CONFIG - value: "/var/configs/etl/federated/federated-store.yaml" - - name: FEDERATED_CLUSTER - value: "true" - {{- end}} - - name: CLOUD_COST_REFRESH_RATE_HOURS - value: {{ .Values.kubecostAggregator.cloudCost.refreshRateHours | default 6 | quote }} - - name: CLOUD_COST_QUERY_WINDOW_DAYS - value: {{ .Values.kubecostAggregator.cloudCost.queryWindowDays | default 7 | quote }} - - name: CLOUD_COST_RUN_WINDOW_DAYS - value: {{ .Values.kubecostAggregator.cloudCost.runWindowDays | default 3 | quote }} - - {{- range $key, $value := .Values.kubecostAggregator.cloudCost.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.systemProxy.enabled }} - - name: HTTP_PROXY - value: {{ .Values.systemProxy.httpProxyUrl }} - - name: http_proxy - value: {{ .Values.systemProxy.httpProxyUrl }} - - name: HTTPS_PROXY - value: {{ .Values.systemProxy.httpsProxyUrl }} - - name: https_proxy - value: {{ .Values.systemProxy.httpsProxyUrl }} - - name: NO_PROXY - value: {{ .Values.systemProxy.noProxy }} - - name: no_proxy - value: {{ .Values.systemProxy.noProxy }} - {{- end }} + {{- include "aggregator.cloudCost.containerTemplate" . | nindent 8 }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} @@ -161,3 +98,4 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/aggregator-cloud-cost-service.yaml b/charts/kubecost/cost-analyzer/templates/aggregator-cloud-cost-service.yaml index a0ea7deba..96a05b511 100644 --- a/charts/kubecost/cost-analyzer/templates/aggregator-cloud-cost-service.yaml +++ b/charts/kubecost/cost-analyzer/templates/aggregator-cloud-cost-service.yaml @@ -1,4 +1,5 @@ -{{- if .Values.kubecostAggregator.cloudCost.enabled }} +{{- if and (not .Values.agent) (not .Values.cloudAgent) }} +{{- if not (eq .Values.kubecostAggregator.deployMethod "disabled") }} kind: Service apiVersion: v1 @@ -16,3 +17,4 @@ spec: port: 9005 targetPort: 9005 {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/aggregator-service.yaml b/charts/kubecost/cost-analyzer/templates/aggregator-service.yaml index 275a2db3c..7e487aff1 100644 --- a/charts/kubecost/cost-analyzer/templates/aggregator-service.yaml +++ b/charts/kubecost/cost-analyzer/templates/aggregator-service.yaml @@ -1,5 +1,5 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostAggregator) }} -{{- if .Values.kubecostAggregator.enabled }} +{{- if and (not .Values.agent) (not .Values.cloudAgent) }} +{{- if not (eq .Values.kubecostAggregator.deployMethod "disabled") }} kind: Service apiVersion: v1 @@ -16,8 +16,14 @@ spec: - name: tcp-api port: 9004 targetPort: 9004 + {{- if or .Values.saml.enabled .Values.oidc.enabled}} + - name: apiserver + port: 9008 + targetPort: 9008 + {{- end }} {{- with .Values.kubecostAggregator.extraPorts }} {{- toYaml . | nindent 4 }} {{- end }} + {{- end }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/aggregator-statefulset.yaml b/charts/kubecost/cost-analyzer/templates/aggregator-statefulset.yaml index a03335240..6293e73fd 100644 --- a/charts/kubecost/cost-analyzer/templates/aggregator-statefulset.yaml +++ b/charts/kubecost/cost-analyzer/templates/aggregator-statefulset.yaml @@ -1,5 +1,5 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostAggregator) }} -{{- if .Values.kubecostAggregator.enabled }} +{{- if and (not .Values.agent) (not .Values.cloudAgent) }} +{{- if eq (include "aggregator.deployMethod" .) "statefulset" }} apiVersion: apps/v1 kind: StatefulSet @@ -8,32 +8,16 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "aggregator.commonLabels" . | nindent 4 }} + {{- with .Values.global.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.kubecostAggregator.replicas }} serviceName: {{ template "aggregator.serviceName" . }} selector: matchLabels: - app.kubernetes.io/name: aggregator - app.kubernetes.io/instance: {{ .Release.Name }} - app: aggregator + {{- include "aggregator.selectorLabels" . | nindent 6 }} volumeClaimTemplates: - - metadata: - name: persistent-configs - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.kubecostAggregator.persistentConfigsStorage.storageClass }} - resources: - requests: - storage: {{ .Values.kubecostAggregator.persistentConfigsStorage.storageRequest }} - - metadata: - name: aggregator-storage - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.kubecostAggregator.aggregatorStorage.storageClass }} - resources: - requests: - storage: {{ .Values.kubecostAggregator.aggregatorStorage.storageRequest }} - {{- if .Values.kubecostAggregator.aggregatorDbStorage }} - metadata: name: aggregator-db-storage spec: @@ -42,13 +26,28 @@ spec: resources: requests: storage: {{ .Values.kubecostAggregator.aggregatorDbStorage.storageRequest }} - {{- end }} + - metadata: + # In the StatefulSet config, Aggregator should not share any filesystem + # state with the cost-model to maintain independence and improve + # stability (in the event of bad file-locking state). Still, there is + # a need to "mount" ConfigMap files (using the watcher) to a file system; + # that's what this per-replica Volume is used for. + name: persistent-configs + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.kubecostAggregator.persistentConfigsStorage.storageClass }} + resources: + requests: + storage: {{ .Values.kubecostAggregator.persistentConfigsStorage.storageRequest }} template: metadata: labels: app.kubernetes.io/name: aggregator app.kubernetes.io/instance: {{ .Release.Name }} app: aggregator + {{- with .Values.global.additionalLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.podAnnotations}} annotations: {{- toYaml . | nindent 8 }} @@ -67,139 +66,82 @@ spec: {{- end }} serviceAccountName: {{ template "aggregator.serviceAccountName" . }} volumes: + - name: aggregator-staging + emptyDir: + sizeLimit: {{ .Values.kubecostAggregator.stagingEmptyDirSizeLimit }} {{- $etlBackupBucketSecret := "" }} {{- if .Values.kubecostModel.federatedStorageConfigSecret }} {{- $etlBackupBucketSecret = .Values.kubecostModel.federatedStorageConfigSecret }} {{- end }} {{- if $etlBackupBucketSecret }} - - name: bucket-config + {{- if .Values.kubecostModel.federatedStorageConfigSecret }} + - name: federated-storage-config + secret: + defaultMode: 420 + secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret }} + {{- end }} + - name: etl-bucket-config secret: defaultMode: 420 secretName: {{ $etlBackupBucketSecret }} {{- else }} - {{- fail "Kubecost Aggregator requires .Values.kubecostModel.federatedStorageConfigSecret" }} + {{- fail "Kubecost Aggregator Enterprise Config requires .Values.kubecostModel.federatedStorageConfigSecret" }} + {{- end }} + {{- if .Values.saml }} + {{- if .Values.saml.enabled }} + {{- if .Values.saml.secretName }} + - name: secret-volume + secret: + secretName: {{ .Values.saml.secretName }} + {{- end }} + {{- if .Values.saml.encryptionCertSecret }} + - name: saml-encryption-cert + secret: + secretName: {{ .Values.saml.encryptionCertSecret }} + {{- end }} + {{- if .Values.saml.decryptionKeySecret }} + - name: saml-decryption-key + secret: + secretName: {{ .Values.saml.decryptionKeySecret }} + {{- end }} + {{- if .Values.saml.metadataSecretName }} + - name: metadata-secret-volume + secret: + secretName: {{ .Values.saml.metadataSecretName }} + {{- end }} + - name: saml-auth-secret + secret: + secretName: {{ .Values.saml.authSecretName | default "kubecost-saml-secret" }} + {{- if .Values.saml.rbac.enabled }} + - name: saml-roles + configMap: + name: {{ template "cost-analyzer.fullname" . }}-saml + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.oidc }} + {{- if .Values.oidc.enabled }} + - name: oidc-config + configMap: + name: {{ template "cost-analyzer.fullname" . }}-oidc + {{- if and (not .Values.oidc.existingCustomSecret.enabled) .Values.oidc.secretName }} + - name: oidc-client-secret + secret: + secretName: {{ .Values.oidc.secretName }} + {{- end }} + {{- if .Values.oidc.existingCustomSecret.enabled }} + - name: oidc-client-secret + secret: + secretName: {{ .Values.oidc.existingCustomSecret.name }} + {{- end }} + {{- end }} {{- end }} containers: - {{- if .Values.kubecostAggregator.jaeger.enabled }} - - name: embedded-jaeger - securityContext: - {{- toYaml .Values.kubecostAggregator.jaeger.containerSecurityContext | nindent 12 }} - image: {{ .Values.kubecostAggregator.jaeger.image }}:{{ .Values.kubecostAggregator.jaeger.imageVersion }} - {{- end }} - - name: aggregator - {{- if .Values.kubecostAggregator.containerSecurityContext }} - securityContext: - {{- toYaml .Values.kubecostAggregator.containerSecurityContext | nindent 12 }} - {{- else if .Values.global.containerSecurityContext }} - securityContext: - {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} - {{ end }} - {{- if .Values.kubecostModel }} - {{- if .Values.kubecostModel.openSourceOnly }} - {{- fail "Kubecost Aggregator cannot be used with open source only" }} - {{- else if .Values.kubecostAggregator.fullImageName }} - image: {{ .Values.kubecostAggregator.fullImageName }} - {{- else if .Values.kubecostModel.fullImageName }} - image: {{ .Values.kubecostModel.fullImageName }} - {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} - {{- else }} - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz - port: 9004 - initialDelaySeconds: 10 - periodSeconds: 5 - failureThreshold: 200 - imagePullPolicy: Always - args: ["waterfowl"] - ports: - - name: tcp-api - containerPort: 9004 - protocol: TCP - {{- with.Values.kubecostAggregator.extraPorts }} - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{ toYaml .Values.kubecostAggregator.resources | nindent 12 }} - volumeMounts: - - name: persistent-configs - mountPath: /var/configs - - name: bucket-config - mountPath: /var/configs/etl - - name: aggregator-storage - mountPath: /var/configs/waterfowl - {{- if .Values.kubecostAggregator.aggregatorDbStorage }} - - name: aggregator-db-storage - mountPath: /var/configs/waterfowl/duckdb - {{- end }} - env: - {{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }} - - name: CLUSTER_ID - value: {{ .Values.prometheus.server.global.external_labels.cluster_id }} - {{- end }} - {{- if .Values.prometheus.server.clusterIDConfigmap }} - - name: CLUSTER_ID - valueFrom: - configMapKeyRef: - name: {{ .Values.prometheus.server.clusterIDConfigmap }} - key: CLUSTER_ID - {{- end }} - {{- if .Values.kubecostAggregator.jaeger.enabled }} - - name: TRACING_URL - value: "http://localhost:14268/api/traces" - {{- end }} - - name: CONFIG_PATH - value: /var/configs/ - - name: ETL_ENABLED - value: "false" # this pod should never run KC's concept of "ETL" - - name: CLOUD_PROVIDER_API_KEY - value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API key.This GCP api key is expected to be here and is limited to accessing google's billing API.' - {{- if .Values.systemProxy.enabled }} - - name: HTTP_PROXY - value: {{ .Values.systemProxy.httpProxyUrl }} - - name: http_proxy - value: {{ .Values.systemProxy.httpProxyUrl }} - - name: HTTPS_PROXY - value: {{ .Values.systemProxy.httpsProxyUrl }} - - name: https_proxy - value: {{ .Values.systemProxy.httpsProxyUrl }} - - name: NO_PROXY - value: {{ .Values.systemProxy.noProxy }} - - name: no_proxy - value: {{ .Values.systemProxy.noProxy }} - {{- end }} - {{- if .Values.kubecostAggregator.extraEnv -}} - {{ toYaml .Values.kubecostAggregator.extraEnv | nindent 12 }} - {{- end }} - {{- if $etlBackupBucketSecret }} - # If this isn't set, we pretty much have to be in a read only state, - # initialization will probably fail otherwise. - - name: ETL_BUCKET_CONFIG - {{- if not .Values.kubecostModel.federatedStorageConfigSecret}} - value: "/var/configs/etl/object-store.yaml" - {{- else }} - value: "/var/configs/etl/federated-store.yaml" - - name: FEDERATED_STORE_CONFIG - value: "/var/configs/etl/federated-store.yaml" - - name: FEDERATED_PRIMARY_CLUSTER # this ensures the ingester runs assuming federated primary paths in the bucket - value: "true" - - name: FEDERATED_CLUSTER # this ensures the ingester runs assuming federated primary paths in the bucket - value: "true" - {{- end }} - {{- end }} + {{- include "aggregator.containerTemplate" . | nindent 8 }} - {{- range $key, $value := .Values.kubecostAggregator.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - - name: KUBECOST_NAMESPACE - value: {{ .Release.Namespace }} + {{- if .Values.kubecostAggregator.jaeger.enabled }} + {{ include "aggregator.jaeger.sidecarContainerTemplate" . | nindent 8 }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: diff --git a/charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml index 883cd6683..ada60fa01 100644 --- a/charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "cost-analyzer.fullname" . }}-awsstore namespace: {{ .Release.Namespace }} labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- include "cost-analyzer.commonLabels" . | nindent 4 }} spec: selector: matchLabels: @@ -29,6 +29,10 @@ spec: {{- if .Values.awsstore.priorityClassName }} priorityClassName: "{{ .Values.awsstore.priorityClassName }}" {{- end }} + {{- with .Values.awsstore.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - image: {{ .Values.awsstore.imageNameAndVersion }} name: awsstore diff --git a/charts/kubecost/cost-analyzer/templates/cloud-integration-secret.yaml b/charts/kubecost/cost-analyzer/templates/cloud-integration-secret.yaml new file mode 100644 index 000000000..d52f82d8a --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/cloud-integration-secret.yaml @@ -0,0 +1,16 @@ +{{- if or ((.Values.kubecostProductConfigs).cloudIntegrationJSON) ((.Values.kubecostProductConfigs).athenaProjectID) }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: cloud-integration + namespace: {{ .Release.Namespace }} + labels: + {{- include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + {{- if (.Values.kubecostProductConfigs).cloudIntegrationJSON }} + cloud-integration.json: {{ .Values.kubecostProductConfigs.cloudIntegrationJSON | replace "\n" "" | b64enc }} + {{- else }} + cloud-integration.json: {{ include "cloudIntegrationFromProductConfigs" . |nindent 4| replace "\n" "" | b64enc }} + {{- end }} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml index 94d25aaa0..ec431857e 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-cluster-role-template.yaml @@ -44,15 +44,6 @@ rules: - get - list - watch -{{- $isLeaderFollowerEnabled := include "cost-analyzer.leaderFollowerEnabled" . }} -{{- if $isLeaderFollowerEnabled }} - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' -{{- end }} - apiGroups: - apps resources: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml index f7a4dd74b..9b81ee367 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml @@ -1,9 +1,7 @@ -{{- if (.Values.kubecostModel.etlToDisk | default true) -}} {{- if .Values.persistentVolume -}} {{- if not .Values.persistentVolume.dbExistingClaim -}} {{- if .Values.persistentVolume.enabled -}} {{- if .Values.persistentVolume.dbPVEnabled -}} -{{- if not (and .Values.kubecostDeployment.statefulSet.enabled .Values.kubecostDeployment.leaderFollower.enabled) -}} kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -35,5 +33,3 @@ spec: {{- end -}} {{- end -}} {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index 61a627d1a..d38cc6cef 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -1,10 +1,6 @@ {{- if and (not .Values.agent) (not .Values.cloudAgent) }} apiVersion: apps/v1 -{{- if and .Values.kubecostDeployment.statefulSet.enabled .Values.kubecostDeployment.leaderFollower.enabled }} -kind: StatefulSet -{{- else }} kind: Deployment -{{- end }} metadata: name: {{ template "cost-analyzer.fullname" . }} namespace: {{ .Release.Namespace }} @@ -20,9 +16,6 @@ metadata: spec: {{- if .Values.kubecostDeployment }} replicas: {{ .Values.kubecostDeployment.replicas | default 1 }} -{{- end }} -{{- if and .Values.kubecostDeployment.statefulSet.enabled .Values.kubecostDeployment.leaderFollower.enabled }} - serviceName: {{ template "cost-analyzer.serviceName" . }} {{- end }} selector: matchLabels: @@ -83,7 +76,7 @@ spec: {{- end }} - name: tmp emptyDir: {} - {{- if .Values.kubecostFrontend.enabled }} + {{- if and .Values.kubecostFrontend.enabled (not .Values.federatedETL.agentOnly) }} - name: nginx-conf configMap: name: nginx-conf @@ -98,14 +91,11 @@ spec: emptyDir: { } {{- end }} {{- /* - If Thanos is enabled, then enable ETL backups by default. To opt out of ETL backups, set .Values.kubecostModel.etlBucketConfigSecret="" */}} {{- $etlBackupBucketSecret := "" }} {{- if .Values.kubecostModel.etlBucketConfigSecret }} {{- $etlBackupBucketSecret = .Values.kubecostModel.etlBucketConfigSecret }} - {{- else if and .Values.global.thanos.enabled (ne (typeOf .Values.kubecostModel.etlBucketConfigSecret) "string") }} - {{- $etlBackupBucketSecret = .Values.thanos.storeSecretName }} {{- end }} {{- if $etlBackupBucketSecret }} - name: etl-bucket-config @@ -168,6 +158,13 @@ spec: items: - key: cloud-integration.json path: cloud-integration.json + {{- else if or .Values.kubecostProductConfigs.cloudIntegrationJSON ((.Values.kubecostProductConfigs).athenaProjectID) }} + - name: cloud-integration + secret: + secretName: cloud-integration + items: + - key: cloud-integration.json + path: cloud-integration.json {{- end }} {{- if .Values.kubecostProductConfigs.clusters }} - name: kubecost-clusters @@ -232,6 +229,9 @@ spec: secret: secretName: {{ .Values.saml.metadataSecretName }} {{- end }} + - name: saml-auth-secret + secret: + secretName: {{ .Values.saml.authSecretName | default "kubecost-saml-secret" }} {{- if .Values.saml.rbac.enabled }} - name: saml-roles configMap: @@ -260,7 +260,6 @@ spec: # Extra volume(s) {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} -{{- if not (and .Values.kubecostDeployment.statefulSet.enabled .Values.kubecostDeployment.leaderFollower.enabled) }} - name: persistent-configs {{- if .Values.persistentVolume }} {{- if .Values.persistentVolume.enabled }} @@ -277,8 +276,7 @@ spec: persistentVolumeClaim: claimName: {{ template "cost-analyzer.fullname" . }} {{- end }} -{{- end }} -{{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled (not (and .Values.kubecostDeployment.statefulSet.enabled .Values.kubecostDeployment.leaderFollower.enabled)) }} +{{- if .Values.persistentVolume.dbPVEnabled }} - name: persistent-db {{- if .Values.persistentVolume }} {{- if .Values.persistentVolume.enabled }} @@ -308,15 +306,15 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} + {{- if .Values.persistentVolume.dbPVEnabled }} command: ["sh", "-c", "/bin/chmod -R 777 /var/configs && /bin/chmod -R 777 /var/db"] {{- else }} command: ["sh", "-c", "/bin/chmod -R 777 /var/configs"] - {{- end}} + {{- end }} volumeMounts: - name: persistent-configs mountPath: /var/configs - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} + {{- if .Values.persistentVolume.dbPVEnabled }} - name: persistent-db mountPath: /var/db {{- end }} @@ -452,12 +450,12 @@ spec: mountPath: /etc/ubbagent {{- end }} {{- if .Values.kubecostModel }} - {{- if .Values.kubecostModel.openSourceOnly }} - - image: quay.io/kubecost1/kubecost-cost-model:{{ .Values.imageVersion }} - {{- else if .Values.kubecostModel.fullImageName }} + {{- if .Values.kubecostModel.fullImageName }} - image: {{ .Values.kubecostModel.fullImageName }} {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} + {{- else if eq "development" .Chart.AppVersion }} + - image: gcr.io/kubecost1/cost-model-nightly:latest {{- else }} - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} {{- end }} @@ -530,7 +528,7 @@ spec: - name: etl-bucket-config mountPath: /var/configs/etl readOnly: true - {{- else if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} + {{- else if .Values.persistentVolume.dbPVEnabled }} - name: persistent-db mountPath: /var/db {{- end }} @@ -562,7 +560,7 @@ spec: - name: azure-storage-config mountPath: /var/azure-storage-config {{- end }} - {{- if .Values.kubecostProductConfigs.cloudIntegrationSecret }} + {{- if or (.Values.kubecostProductConfigs.cloudIntegrationSecret) (.Values.kubecostProductConfigs.cloudIntegrationJSON) }} - name: cloud-integration mountPath: /var/configs/cloud-integration {{- end }} @@ -601,6 +599,8 @@ spec: - name: metadata-secret-volume mountPath: /var/configs/metadata-secret-volume {{- end }} + - name: saml-auth-secret + mountPath: /var/configs/saml-auth-secret {{- if .Values.saml.rbac.enabled }} - name: saml-roles mountPath: /var/configs/saml @@ -620,7 +620,7 @@ spec: env: {{- if .Values.global.grafana }} - name: GRAFANA_ENABLED - value: {{ (quote .Values.global.grafana.enabled) | default (quote false) }} + value: "{{ template "cost-analyzer.grafanaEnabled" . }}" {{- end}} {{- if .Values.kubecostModel.extraEnv -}} {{ toYaml .Values.kubecostModel.extraEnv | nindent 12 }} @@ -678,6 +678,8 @@ spec: configMapKeyRef: name: {{ template "cost-analyzer.fullname" . }} key: prometheus-server-endpoint + - name: CLOUD_COST_ENABLED + value: "false" - name: CLOUD_PROVIDER_API_KEY value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API key.This GCP api key is expected to be here and is limited to accessing google's billing API. {{- if .Values.kubecostProductConfigs }} @@ -713,24 +715,6 @@ spec: value: {{ (quote .Values.kubecostProductConfigs.regionOverrides) }} {{- end }} {{- end }} - {{- if .Values.remoteWrite.postgres.enabled }} - - name: REMOTE_WRITE_ENABLED - value: "true" - - name: REMOTE_WRITE_PASSWORD - value: {{ .Values.remoteWrite.postgres.auth.password }} - {{- end }} - {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} - - name: MC_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: MC_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} - name: DB_BASIC_AUTH_USERNAME valueFrom: @@ -750,13 +734,6 @@ spec: name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} key: TOKEN {{- end }} - {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} - - name: MC_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} {{- if .Values.global.prometheus.insecureSkipVerify }} - name: INSECURE_SKIP_VERIFY value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} @@ -838,15 +815,11 @@ spec: {{- if or .Values.federatedETL.federatedCluster .Values.kubecostModel.federatedStorageConfigSecret }} - name: FEDERATED_CLUSTER value: "true" - {{- end}} - {{- if .Values.federatedETL.primaryCluster }} - - name: FEDERATED_PRIMARY_CLUSTER - value: "true" - {{- end}} + {{- end }} {{- if .Values.federatedETL.redirectS3Backup }} - name: FEDERATED_REDIRECT_BACKUP value: "true" - {{- end}} + {{- end }} {{- if .Values.federatedETL.useMultiClusterDB }} - name: CURRENT_CLUSTER_ID_FILTER_ENABLED value: "true" @@ -895,24 +868,6 @@ spec: {{- end }} {{- end }} {{- end }} - {{- with .Values.kubecostModel.cloudCost }} - - name: CLOUD_COST_ENABLED - value: {{ (quote .enabled) | default (quote true) }} - {{- with .labelList }} - - name: CLOUD_COST_IS_INCLUDE_LIST - value: {{ (quote .IsIncludeList) | default (quote false) }} - - name: CLOUD_COST_LABEL_LIST - value: {{ (quote .labels) }} - {{- end }} - - name: CLOUD_COST_TOP_N - value: {{ (quote .topNItems) | default (quote 1000) }} - {{- end }} - - name: CLOUD_COST_REFRESH_RATE_HOURS - value: {{ .Values.kubecostModel.cloudCost.refreshRateHours | default .Values.kubecostModel.etlCloudRefreshRateHours | default 6 | quote }} - - name: CLOUD_COST_QUERY_WINDOW_DAYS - value: {{ .Values.kubecostModel.cloudCost.queryWindowDays | default .Values.kubecostModel.etlCloudQueryWindowDays | default 7 | quote }} - - name: CLOUD_COST_RUN_WINDOW_DAYS - value: {{ .Values.kubecostModel.cloudCost.runWindowDays | default .Values.kubecostModel.etlCloudRunWindowDays | default 3 | quote }} - name: CONTAINER_STATS_ENABLED value: {{ (quote .Values.kubecostModel.containerStatsEnabled) | default (quote false) }} - name: RECONCILE_NETWORK @@ -962,38 +917,6 @@ spec: {{- end }} {{- end }} {{- end }} - {{- /* - If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true - to ensure that the custom query service target is used. The global.thanos.enabled - flag does not have any affect on this behavior. - */}} - {{- if .Values.global.thanos.queryService }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: {{ .Values.global.thanos.queryService }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- else if and .Values.global.thanos.enabled .Values.thanos }} - {{- if .Values.thanos.query }} - {{- if .Values.thanos.query.enabled }} - - name: THANOS_ENABLED - {{- if .Values.hosted }} - value: "false" - {{- else }} - value: "true" - {{- end }} - - name: THANOS_QUERY_URL - value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- end }} - {{- end }} - {{- end }} {{- if .Values.oidc.enabled }} - name: OIDC_ENABLED value: "true" @@ -1049,13 +972,6 @@ spec: name: {{ .Values.prometheus.server.clusterIDConfigmap }} key: CLUSTER_ID {{- end }} - {{- if .Values.remoteWrite.postgres.installLocal }} - - name: SQL_ADDRESS - value: pgprometheus - {{- else }} - - name: SQL_ADDRESS - value: {{ .Values.remoteWrite.postgres.remotePostgresAddress }} - {{- end }} {{- if .Values.kubecostModel.promClusterIDLabel }} - name: PROM_CLUSTER_ID_LABEL value: {{ .Values.kubecostModel.promClusterIDLabel }} @@ -1076,41 +992,6 @@ spec: - name: COST_EVENTS_AUDIT_ENABLED value: {{ (quote .Values.costEventsAudit.enabled) | default (quote false) }} {{- end }} - {{- /* - Leader/Follower has baseline requirements before enabling: - * ETL FileStore Enabled - * Bucket Backup Configured - * Replicas > 1 - */}} - {{- if .Values.kubecostDeployment }} - {{- if .Values.kubecostDeployment.leaderFollower }} - {{- if .Values.kubecostDeployment.leaderFollower.enabled -}} - - {{- $etlFileStore := .Values.kubecostModel.etlFileStoreEnabled }} - {{- if not $etlFileStore }} - {{- fail "Leader/Follower requires kubecostModel.etlFileStoreEnabled be true." }} - {{- end -}} - - {{- if (eq (quote .Values.kubecostModel.etlBucketConfigSecret) "") }} - {{- fail "Leader/Follower requires kubecostModel.etlBucketConfigSecret be valid." }} - {{- end -}} - - {{- $replicas := .Values.kubecostDeployment.replicas | default 1 }} - {{- if not (gt (int $replicas) 1) }} - {{- fail "Leader/Follower should be used with kubecostDeployment.replicas > 1" }} - {{- end }} - {{- /* - Checks to ensure that the named template returns true if we've made it here - */}} - {{- $result := include "cost-analyzer.leaderFollowerEnabled" . }} - {{- if not $result }} - {{- fail (quote $result) }} - {{- end }} - - name: LEADER_FOLLOWER_ENABLED - value: "true" - {{- end }} - {{- end }} - {{- end }} - name: RELEASE_NAME value: {{ .Release.Name }} - name: KUBECOST_NAMESPACE @@ -1125,16 +1006,16 @@ spec: configMapKeyRef: name: {{ template "cost-analyzer.fullname" . }} key: kubecost-token - {{- if .Values.kubecostAggregator.enabled }} - name: WATERFOWL_ENABLED value: "true" - {{- end }} - {{- if .Values.kubecostFrontend.enabled }} + {{- if and .Values.kubecostFrontend.enabled (not .Values.federatedETL.agentOnly) }} {{- if .Values.kubecostFrontend }} {{- if .Values.kubecostFrontend.fullImageName }} - image: {{ .Values.kubecostFrontend.fullImageName }} {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }} + {{- else if eq "development" .Chart.AppVersion }} + - image: gcr.io/kubecost1/frontend-nightly:latest {{- else }} - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }} {{- end }} @@ -1202,6 +1083,15 @@ spec: {{- toYaml .Values.global.containerSecuritycontext | nindent 12 }} {{- end }} {{ end }} + + {{- if and (eq (include "aggregator.deployMethod" .) "singlepod") (not .Values.federatedETL.agentOnly) }} + {{- include "aggregator.containerTemplate" . | nindent 8 }} + {{- if .Values.kubecostAggregator.jaeger.enabled }} + {{- include "aggregator.jaeger.sidecarContainerTemplate" . | nindent 8 }} + {{- end }} + {{- include "aggregator.cloudCost.containerTemplate" . | nindent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} @@ -1227,39 +1117,8 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- if and .Values.kubecostDeployment.statefulSet.enabled .Values.kubecostDeployment.leaderFollower.enabled }} - volumeClaimTemplates: - - metadata: - name: persistent-configs - spec: - accessModes: - - ReadWriteOnce - {{- if .Values.persistentVolume.storageClass }} - storageClassName: {{ .Values.persistentVolume.storageClass }} - {{ end }} - resources: - requests: - {{- if .Values.persistentVolume }} - storage: {{ .Values.persistentVolume.size }} - {{- else }} - storage: 32.0Gi - {{ end }} - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - - metadata: - name: persistent-db - spec: - accessModes: - - ReadWriteOnce - {{- if .Values.persistentVolume.dbStorageClass }} - storageClassName: {{ .Values.persistentVolume.dbStorageClass }} - {{ end }} - resources: - requests: - {{- if .Values.persistentVolume }} - storage: {{ .Values.persistentVolume.dbSize }} - {{- else }} - storage: 32.0Gi - {{ end }} - {{- end }} - {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-federator-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-federator-config-map-template.yaml deleted file mode 100644 index 72a326af4..000000000 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-federator-config-map-template.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.federatedETL.federator }} -{{- if .Values.federatedETL.federator.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "cost-analyzer.fullname" . }}-federator - namespace: {{ .Release.Namespace }} - labels: - {{- include "cost-analyzer.commonLabels" . | nindent 4 }} -data: -{{- $root := . }} - federator.json: '{{ toJson .Values.federatedETL.federator }}' -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index 97a391824..1b9b03222 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -1,5 +1,5 @@ {{- if .Values.kubecostFrontend.enabled }} -{{- if and (not .Values.agent) (not .Values.cloudAgent) }} +{{- if and (not .Values.agent) (not .Values.cloudAgent) (not .Values.federatedETL.agentOnly) }} {{- $serviceName := include "cost-analyzer.serviceName" . -}} {{- if .Values.saml.enabled }} {{- if .Values.oidc.enabled }} @@ -101,25 +101,22 @@ data: } {{- end }} - {{- if and (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) (gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0) }} - upstream queryservice { - server {{ .Release.Name }}-query-service-load-balancer.{{ .Release.Namespace }}:9003; + {{- if .Values.forecasting.enabled }} + upstream forecasting { + server {{ .Release.Name }}-forecasting.{{ .Release.Namespace }}:5000; } {{- end }} - {{- if .Values.kubecostAggregator.enabled }} + {{- if and (not .Values.agent) (not .Values.cloudAgent) (not (eq (include "aggregator.deployMethod" .) "disabled")) }} upstream aggregator { server {{ .Release.Name }}-aggregator.{{ .Release.Namespace }}:9004; } - {{- end }} - {{- if .Values.kubecostAggregator.cloudCost.enabled }} upstream cloudCost { - server {{ template "cloudCost.fullname" . }}.{{ .Release.Namespace }}:9005; + server {{ template "cloudCost.serviceName" . }}.{{ .Release.Namespace }}:9005; } {{- end }} - {{- if and .Values.diagnostics.enabled .Values.diagnostics.isDiagnosticsPrimary.enabled }} - {{- if or .Values.global.thanos.enabled (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }} + {{- if (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }} upstream multi-cluster-diagnostics { server {{ template "diagnostics.fullname" . }}.{{ .Release.Namespace }}:9007; } @@ -252,7 +249,7 @@ data: proxy_connect_timeout 180; proxy_send_timeout 180; proxy_read_timeout 180; - proxy_pass http://model/oidc/; + proxy_pass http://aggregator/oidc/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Connection ""; @@ -263,7 +260,7 @@ data: proxy_connect_timeout 180; proxy_send_timeout 180; proxy_read_timeout 180; - proxy_pass http://model/saml/; + proxy_pass http://aggregator/saml/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Connection ""; @@ -274,7 +271,7 @@ data: proxy_connect_timeout 180; proxy_send_timeout 180; proxy_read_timeout 180; - proxy_pass http://model/login; + proxy_pass http://aggregator/login; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Connection ""; @@ -287,7 +284,7 @@ data: proxy_connect_timeout 180; proxy_send_timeout 180; proxy_read_timeout 180; - proxy_pass http://model/logout; + proxy_pass http://aggregator/logout; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Connection ""; @@ -309,65 +306,26 @@ data: proxy_set_header Host $http_host; } {{ end }} - {{- if or .Values.saml.enabled .Values.oidc.enabled }} + {{- if .Values.oidc.enabled }} location /auth { - proxy_pass http://model/isAuthenticated; + proxy_pass http://aggregator/isAuthenticated; } - {{- end }} - {{- if .Values.saml.rbac.enabled }} + {{- end }} + {{- if .Values.saml.enabled }} + location /auth { + proxy_pass http://aggregator/isAuthenticated; + } + {{- if .Values.saml.rbac.enabled }} location /authrbac { - proxy_pass http://model/isAdminAuthenticated; + proxy_pass http://aggregator/isAdminAuthenticated; } {{- end }} - - # Query Service Replicas (QSR) proxy - {{- if and (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) (gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0) }} - - {{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostAggregator) .Values.kubecostAggregator.enabled }} - {{- fail "Query Service Replicas should not be used at the same time as the Kubecost Aggregator" }} - {{- end }} - - location /model/allocation { - proxy_connect_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_send_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_pass http://queryservice/allocation; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location /model/assets { - proxy_connect_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_send_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_pass http://queryservice/assets; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - # to get memory profile from query service need to prefix all request by queryservice/ - # for example if you want heap dump from query service end point should be - # /model/queryservice/debug/pprof/heap to get queryservice heap dumps - location ~ /model/queryservice/(.*)$ { - proxy_connect_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_send_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 600 }}; - proxy_pass http://queryservice/$1; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } {{- end }} -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostAggregator) .Values.kubecostAggregator.enabled }} + +{{- if and (not .Values.agent) (not .Values.cloudAgent) (not (eq (include "aggregator.deployMethod" .) "disabled")) }} + # TODO make aggregator route the default, start special-casing + # cost-model APIs # Aggregator proxy {{- if and (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) (gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0) }} @@ -585,6 +543,14 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } + location = /model/savings/persistentVolumeSizing/topline { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/savings/persistentVolumeSizing/topline; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } location = /model/reports/allocation { proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; proxy_pass http://aggregator/reports/allocation; @@ -651,25 +617,193 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - {{- end }} + location = /model/collection { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collection; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collections { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collections; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collection/query/total { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collection/query/total; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collection/query/timeseries { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collection/query/timeseries; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collection/query/complement { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collection/query/complement; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collection/query/complement/cloud { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collection/query/complement/cloud; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collection/query/complement/kubernetes { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collection/query/complement/kubernetes; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } - location = /model/hideOrphanedResources { - default_type 'application/json'; - {{- if .Values.kubecostFrontend.hideOrphanedResources }} - return 200 '{"hideOrphanedResources": "true"}'; - {{- else }} - return 200 '{"hideOrphanedResources": "false"}'; - {{- end }} + location = /model/collections/query/total { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collections/query/total; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - location = /model/hideDiagnostics { - default_type 'application/json'; - {{- if .Values.kubecostFrontend.hideDiagnostics }} - return 200 '{"hideDiagnostics": "true"}'; - {{- else }} - return 200 '{"hideDiagnostics": "false"}'; - {{- end }} + location = /model/collections/query/timeseries { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collections/query/timeseries; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - {{- if .Values.kubecostAggregator.cloudCost.enabled }} + location = /model/collections/query/complement { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collections/query/complement; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collections/query/complement/cloud { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collections/query/complement/cloud; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collections/query/complement/kubernetes { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collections/query/complement/kubernetes; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/collection/cache/status { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/collection/cache/status; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/networkinsights { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/networkinsights; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/networkinsights/graph { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/networkinsights/graph; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/rbacGroups { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/rbacGroups; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/teams { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/teams; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/team { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/team; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/users { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/users; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/user { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/user; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/debug/orchestrator { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/debug/orchestrator; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/prediction/speccost { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/prediction/speccost; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /model/diagnostic/coreCount { + proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; + proxy_pass http://aggregator/diagnostic/coreCount; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + #Cloud Cost Endpoints location = /model/cloudCost/status { proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }}; proxy_pass http://cloudCost/cloudCost/status; @@ -718,7 +852,27 @@ data: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - {{- end }} +{{- end }} + location = /model/hideOrphanedResources { + default_type 'application/json'; + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always; + {{- if .Values.kubecostFrontend.hideOrphanedResources }} + return 200 '{"hideOrphanedResources": "true"}'; + {{- else }} + return 200 '{"hideOrphanedResources": "false"}'; + {{- end }} + } + location = /model/hideDiagnostics { + default_type 'application/json'; + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always; + {{- if .Values.kubecostFrontend.hideDiagnostics }} + return 200 '{"hideDiagnostics": "true"}'; + {{- else }} + return 200 '{"hideDiagnostics": "false"}'; + {{- end }} + } {{- if .Values.kubecostFrontend.trendsDisabled }} location /model/allocation/trends { @@ -728,8 +882,10 @@ data: location /model/multi-cluster-diagnostics-enabled { default_type 'application/json'; + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always; {{- if and .Values.diagnostics.enabled .Values.diagnostics.isDiagnosticsPrimary.enabled }} - {{- if or .Values.global.thanos.enabled (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }} + {{- if (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }} return 200 '{"multi-cluster-diagnostics-enabled": "true"}'; {{- end }} {{- else }} @@ -737,9 +893,11 @@ data: {{- end }} } {{- if and .Values.diagnostics.enabled .Values.diagnostics.isDiagnosticsPrimary.enabled }} - {{- if or .Values.global.thanos.enabled (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }} + {{- if (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }} location /model/multi-cluster-diagnostics { default_type 'application/json'; + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always; proxy_read_timeout 300; proxy_pass http://multi-cluster-diagnostics/status; proxy_redirect off; @@ -750,6 +908,8 @@ data: # simple alias for support location /model/mcd { default_type 'application/json'; + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always; proxy_read_timeout 300; proxy_pass http://multi-cluster-diagnostics/status?window=7d; proxy_redirect off; @@ -762,13 +922,35 @@ data: location /model/aggregatorEnabled { default_type 'application/json'; - {{- if .Values.kubecostAggregator.enabled }} return 200 '{"aggregatorEnabled": "true"}'; - {{- else }} - return 200 '{"aggregatorEnabled": "false"}'; - {{- end }} } + {{- if .Values.forecasting.enabled }} + location /forecasting { + default_type 'application/json'; + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always; + proxy_read_timeout 300; + proxy_pass http://forecasting/; + proxy_redirect off; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + {{- else }} + location /forecasting { + default_type 'application/json'; + return 405 '{"forecastingEnabled": "false"}'; + } + {{- end }} + location /model/productConfigs { + default_type 'application/json'; + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always; + return 200 '\n + {"ssoConfigured": "{{ template "ssoEnabled" . }}"}\n + '; + } } {{- end }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-ingress-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-ingress-template.yaml index 85394080e..03fb95bd4 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-ingress-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-ingress-template.yaml @@ -4,15 +4,7 @@ {{- $serviceName := include "cost-analyzer.serviceName" . -}} {{- $ingressPaths := .Values.ingress.paths -}} {{- $ingressPathType := .Values.ingress.pathType -}} -{{- $apiV1 := false -}} -{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare "^1.19-0" .Capabilities.KubeVersion.GitVersion) }} -{{- $apiV1 = true -}} apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} kind: Ingress metadata: name: {{ $fullName }} @@ -46,7 +38,6 @@ spec: http: paths: {{- range $ingressPaths }} - {{- if $apiV1 }} - path: {{ . }} pathType: {{ $ingressPathType }} backend: @@ -54,12 +45,6 @@ spec: name: {{ $serviceName }} port: name: tcp-frontend - {{- else }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: tcp-frontend - {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml index 8e0f1ba1c..2bfaf5bd0 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml @@ -1,6 +1,6 @@ {{- if .Values.networkCosts -}} {{- if .Values.networkCosts.enabled -}} -apiVersion: {{ include "cost-analyzer.daemonset.apiVersion" . }} +apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "cost-analyzer.networkCostsName" . }} @@ -38,7 +38,11 @@ spec: serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} containers: - name: {{ template "cost-analyzer.networkCostsName" . }} + {{- if eq (typeOf .Values.networkCosts.image) "string" }} image: {{ .Values.networkCosts.image }} + {{- else }} + image: {{ .Values.networkCosts.image.repository }}:{{ .Values.networkCosts.image.tag }} + {{- end}} {{- if .Values.networkCosts.extraArgs }} args: {{- toYaml .Values.networkCosts.extraArgs | nindent 8 }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy-template.yaml index 2cfa39c20..812956f41 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.networkPolicy -}} {{- if .Values.networkPolicy.costAnalyzer.enabled -}} kind: NetworkPolicy -apiVersion: {{ include "cost-analyzer.networkPolicy.apiVersion" . }} +apiVersion: networking.k8s.io/v1 metadata: name: {{ template "cost-analyzer.fullname" . }} {{- if .Values.networkPolicy.costAnalyzer.annotations }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy.yaml index ba58350b7..77a062e9f 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy.yaml @@ -1,6 +1,6 @@ {{- if .Values.networkPolicy -}} {{- if .Values.networkPolicy.enabled -}} -apiVersion: {{ include "cost-analyzer.networkPolicy.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: NetworkPolicy {{- if .Values.networkPolicy.denyEgress }} metadata: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml deleted file mode 100644 index 57bfcfa78..000000000 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }}-adapter - namespace: {{ .Release.Namespace }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: adapter - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: adapter - spec: - {{- if .Values.remoteWrite.postgres.priorityClassName }} - priorityClassName: "{{ .Values.remoteWrite.postgres.priorityClassName }}" - {{- end }} - initContainers: - - name: kubecost-sql-init - image: {{ .Values.remoteWrite.postgres.initImage }}:prod-{{ $.Chart.AppVersion }} - {{- if .Values.remoteWrite.postgres.initImagePullPolicy }} - imagePullPolicy: {{ .Values.remoteWrite.postgres.initImagePullPolicy }} - {{- else }} - imagePullPolicy: Always - {{- end }} - env: - - name: PROMETHEUS_SERVER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-server-endpoint - containers: - - image: timescale/prometheus-postgresql-adapter:latest - name: pgprometheusadapter - ports: - - containerPort: 9201 - args: - {{- if .Values.remoteWrite.postgres.installLocal }} - - "-pg-host=pgprometheus" - {{- else }} - - "-pg-host={{ .Values.remoteWrite.postgres.remotePostgresAddress }}" - {{- end }} - - "-pg-prometheus-log-samples=true" - - "-pg-password={{ .Values.remoteWrite.postgres.auth.password }}" - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml deleted file mode 100644 index cad11064b..000000000 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -kind: Service -apiVersion: v1 -metadata: - name: pgprometheus-adapter - namespace: {{ .Release.Namespace }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - app: adapter - type: ClusterIP - ports: - - name: server - port: 9201 - targetPort: 9201 -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-role.template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-role.template.yaml deleted file mode 100644 index c62be765e..000000000 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-role.template.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "cost-analyzer.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - annotations: -{{- if .Values.podSecurityPolicy.annotations }} -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "cost-analyzer.fullname" . }}-psp -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-rolebinding.template.yaml deleted file mode 100644 index 2eda00d4d..000000000 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-rolebinding.template.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "cost-analyzer.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 6 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "cost-analyzer.fullname" . }}-psp -subjects: -- kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp.template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp.template.yaml deleted file mode 100644 index d33b9c2a6..000000000 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp.template.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "cost-analyzer.fullname" . }}-psp - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 6 }} -spec: - privileged: false - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-pvc-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-pvc-template.yaml index 79e393c8e..82a9cdcd0 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-pvc-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-pvc-template.yaml @@ -1,7 +1,6 @@ {{- if .Values.persistentVolume -}} {{- if not .Values.persistentVolume.existingClaim -}} {{- if .Values.persistentVolume.enabled -}} -{{- if not (and .Values.kubecostDeployment.statefulSet.enabled .Values.kubecostDeployment.leaderFollower.enabled) -}} kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -32,4 +31,3 @@ spec: {{- end -}} {{- end -}} {{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml index 662d0122f..541c2f8d8 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml @@ -42,19 +42,10 @@ spec: port: {{ .Values.service.port }} targetPort: {{ .Values.service.targetPort }} {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} + {{- if or .Values.saml.enabled .Values.oidc.enabled}} - name: apiserver - port: 9004 - targetPort: 9004 - {{- end }} - {{- end }} - {{- if .Values.oidc }} - {{- if .Values.oidc.enabled }} - - name: apiserver - port: 9004 - targetPort: 9004 - {{- end }} + port: 9007 + targetPort: 9007 {{- end }} {{- if .Values.service.sessionAffinity.enabled }} sessionAffinity: ClientIP diff --git a/charts/kubecost/cost-analyzer/templates/diagnostics-deployment.yaml b/charts/kubecost/cost-analyzer/templates/diagnostics-deployment.yaml index 5a5ae3cbf..a40833340 100644 --- a/charts/kubecost/cost-analyzer/templates/diagnostics-deployment.yaml +++ b/charts/kubecost/cost-analyzer/templates/diagnostics-deployment.yaml @@ -1,5 +1,5 @@ {{- if .Values.diagnostics.enabled }} -{{- if or .Values.global.thanos.enabled (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) -}} +{{- if (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) -}} {{- if eq .Values.prometheus.server.global.external_labels.cluster_id "cluster-one" }} {{- fail "Error: The 'cluster_id' is set to default 'cluster-one'. Please update so that the diagnostics service can uniquely identify data coming from this cluster." }} @@ -42,18 +42,10 @@ spec: serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} volumes: {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - - name: federated-storage-config - secret: - defaultMode: 420 - secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret }} - {{- else if .Values.global.thanos.enabled }} - name: federated-storage-config secret: defaultMode: 420 - secretName: {{ .Values.thanos.storeSecretName }} - items: - - key: object-store.yaml - path: federated-store.yaml + secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret }} {{- end }} - name: config-db {{- /* #TODO: make pv? */}} @@ -62,12 +54,12 @@ spec: - name: diagnostics args: ["diagnostics"] {{- if .Values.kubecostModel }} - {{- if .Values.kubecostModel.openSourceOnly }} - image: quay.io/kubecost1/kubecost-cost-model:{{ .Values.imageVersion }} - {{- else if .Values.kubecostModel.fullImageName }} + {{- if .Values.kubecostModel.fullImageName }} image: {{ .Values.kubecostModel.fullImageName }} {{- else if .Values.imageVersion }} image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} + {{- else if eq "development" .Chart.AppVersion }} + image: gcr.io/kubecost1/cost-model-nightly:latest {{- else }} image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} {{- end }} @@ -179,4 +171,4 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/diagnostics-service.yaml b/charts/kubecost/cost-analyzer/templates/diagnostics-service.yaml index ae3937cec..04a3e9ef3 100644 --- a/charts/kubecost/cost-analyzer/templates/diagnostics-service.yaml +++ b/charts/kubecost/cost-analyzer/templates/diagnostics-service.yaml @@ -1,6 +1,6 @@ {{- if .Values.diagnostics.isDiagnosticsPrimary.enabled }} {{- if .Values.diagnostics.enabled }} -{{- if or .Values.global.thanos.enabled (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) -}} +{{- if (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) -}} apiVersion: v1 kind: Service metadata: diff --git a/charts/kubecost/cost-analyzer/templates/etl-utils-deployment.yaml b/charts/kubecost/cost-analyzer/templates/etl-utils-deployment.yaml index 9e5b5b2cd..fd539c971 100644 --- a/charts/kubecost/cost-analyzer/templates/etl-utils-deployment.yaml +++ b/charts/kubecost/cost-analyzer/templates/etl-utils-deployment.yaml @@ -6,12 +6,16 @@ metadata: name: {{ template "etlUtils.fullname" . }} namespace: {{ .Release.Namespace }} labels: - {{ include "etlUtils.commonLabels" . | nindent 4 }} + {{- include "etlUtils.commonLabels" . | nindent 4 }} + {{- with .Values.global.podAnnotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: 1 selector: matchLabels: - {{ include "etlUtils.selectorLabels" . | nindent 6 }} + {{- include "etlUtils.selectorLabels" . | nindent 6 }} strategy: type: Recreate template: @@ -47,6 +51,8 @@ spec: image: {{ .Values.kubecostModel.fullImageName }} {{- else if .Values.imageVersion }} image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} + {{- else if eq "development" .Chart.AppVersion }} + image: gcr.io/kubecost1/cost-model-nightly:latest {{- else }} image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} {{ end }} diff --git a/charts/kubecost/cost-analyzer/templates/federator-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/federator-deployment-template.yaml deleted file mode 100644 index f77726770..000000000 --- a/charts/kubecost/cost-analyzer/templates/federator-deployment-template.yaml +++ /dev/null @@ -1,143 +0,0 @@ -{{- if .Values.federatedETL.useExistingS3Config -}} -{{- fail "ERROR: You are using a deprecated configuration `.Values.federatedETL.useExistingS3Config`. Please use `.Values.kubecostModel.federatedStorageConfigSecret` instead." -}} -{{- end -}} - -{{- if and (.Values.federatedETL.federator) (.Values.federatedETL.federator.enabled) }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "federator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "federator.commonLabels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "federator.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "federator.selectorLabels" . | nindent 8 }} - {{- with .Values.global.podAnnotations}} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if and .Values.global.platforms.openshift.enabled .Values.global.platforms.openshift.securityContext }} - securityContext: - {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }} - {{- else if .Values.global.securityContext }} - securityContext: - {{- toYaml .Values.global.securityContext | nindent 8 }} - {{- end }} - containers: - - name: federator - {{- if .Values.kubecostModel }} - {{- if .Values.kubecostModel.fullImageName }} - image: {{ .Values.kubecostModel.fullImageName }} - {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} - {{- else }} - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} - {{- end }} - {{- else }} - image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} - {{- end }} - imagePullPolicy: Always - {{- if .Values.global.containerSecurityContext }} - securityContext: - {{- toYaml .Values.global.containerSecurityContext | nindent 12 -}} - {{- end }} - args: ["federator"] - ports: - - name: tcp-model - containerPort: 9001 - protocol: TCP - volumeMounts: - - name: federator-config - mountPath: /var/configs/federator - {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - - name: federated-storage-config - mountPath: /var/configs/etl/federated - readOnly: true - {{- end }} - {{- if .Values.federatedETL.federator.extraVolumeMounts }} - {{- toYaml .Values.federatedETL.federator.extraVolumeMounts | nindent 12 }} - {{- end }} - readinessProbe: - httpGet: - path: /healthz - port: 9001 - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 200 - resources: - {{- toYaml .Values.federatedETL.federator.resources | nindent 12 }} - env: - - name: CONFIG_PATH - value: /var/configs/ - - name: DB_PATH - value: /var/db/ - {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - - name: FEDERATED_STORE_CONFIG - value: "/var/configs/etl/federated/federated-store.yaml" - {{- end }} - {{- if .Values.federatedETL.federator.extraEnv }} - {{- toYaml .Values.federatedETL.federator.extraEnv | nindent 12 }} - {{- end }} - {{- if .Values.systemProxy.enabled }} - - name: HTTP_PROXY - value: {{ .Values.systemProxy.httpProxyUrl }} - - name: http_proxy - value: {{ .Values.systemProxy.httpProxyUrl }} - - name: HTTPS_PROXY - value: {{ .Values.systemProxy.httpsProxyUrl }} - - name: https_proxy - value: {{ .Values.systemProxy.httpsProxyUrl }} - - name: NO_PROXY - value: {{ .Values.systemProxy.noProxy }} - - name: no_proxy - value: {{ .Values.systemProxy.noProxy }} - {{- end }} - restartPolicy: Always - serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} - volumes: - - name: federator-config - configMap: - name: {{ template "cost-analyzer.fullname" . }}-federator - {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - - name: federated-storage-config - secret: - defaultMode: 420 - secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret }} - {{- end }} - {{- if .Values.federatedETL.federator.extraVolumes }} - {{- toYaml .Values.federatedETL.federator.extraVolumes | nindent 8 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.federatedETL.federator.priority }} - {{- if .Values.federatedETL.federator.priority.enabled }} - {{- if .Values.federatedETL.federator.priority.name }} - priorityClassName: {{ .Values.federatedETL.federator.priority.name }} - {{- else }} - priorityClassName: {{ template "federator.fullname" . }}-priority - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.federatedETL.federator.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.federatedETL.federator.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.federatedETL.federator.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/forecasting-deployment.yaml b/charts/kubecost/cost-analyzer/templates/forecasting-deployment.yaml new file mode 100644 index 000000000..a277a03a3 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/forecasting-deployment.yaml @@ -0,0 +1,131 @@ +{{- if and .Values.forecasting.enabled (not .Values.federatedETL.agentOnly) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "forecasting.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "forecasting.commonLabels" . | nindent 4 }} + {{- with .Values.global.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "forecasting.selectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: forecasting + app.kubernetes.io/instance: {{ .Release.Name }} + app: forecasting + {{- with .Values.global.podAnnotations}} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + automountServiceAccountToken: false + {{- if .Values.global.platforms.openshift.enabled }} + securityContext: + {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }} + {{- else if .Values.global.securityContext }} + securityContext: + {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- else }} + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + {{- end }} + restartPolicy: Always + containers: + - name: forecasting + {{- if .Values.forecasting.fullImageName }} + image: {{ .Values.forecasting.fullImageName }} + {{- else }} + image: gcr.io/kubecost1/kubecost-modeling:prod-{{ $.Chart.AppVersion }} + {{ end }} + {{- if .Values.forecasting.readinessProbe.enabled }} + volumeMounts: + - name: tmp + {{- /* In the future, this path should be configurable and not under tmp */}} + mountPath: /tmp + securityContext: + {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} + imagePullPolicy: Always + ports: + - name: tcp-api + containerPort: 5000 + protocol: TCP + {{- with .Values.forecasting.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: CONFIG_PATH + value: /var/configs/ + - name: KCM_BASE_URL + value: http://{{ template "cost-analyzer.serviceName" . }}:9090/model + - name: MODEL_STORAGE_PATH + value: "/tmp/localrun/models" + {{- range $key, $value := .Values.forecasting.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + readinessProbe: + httpGet: + path: /healthz + port: 5000 + initialDelaySeconds: {{ .Values.forecasting.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forecasting.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.forecasting.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.forecasting.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: 5000 + initialDelaySeconds: {{ .Values.forecasting.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.forecasting.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.forecasting.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.forecasting.priority }} + {{- if .Values.forecasting.priority.enabled }} + {{- if .Values.forecasting.priority.name }} + priorityClassName: {{ .Values.forecasting.priority.name }} + {{- else }} + priorityClassName: {{ template "forecasting.fullname" . }}-priority + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.forecasting.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.forecasting.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.forecasting.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp + {{- /* + An emptyDir for models is necessary because of the + readOnlyRootFilesystem default In the future, this may optionally be a + PV. To allow Python to auto-detect a temp directory, which the code + currently relies on, we mount it at /tmp. In the future this will be a + configurable path. + */}} + emptyDir: + sizeLimit: 500Mi +{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/forecasting-service.yaml b/charts/kubecost/cost-analyzer/templates/forecasting-service.yaml new file mode 100644 index 000000000..41e69961e --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/forecasting-service.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.forecasting.enabled (not .Values.federatedETL.agentOnly) }} +kind: Service +apiVersion: v1 +metadata: + name: {{ template "forecasting.serviceName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "forecasting.commonLabels" . | nindent 4 }} +spec: + selector: + {{- include "forecasting.selectorLabels" . | nindent 4 }} + type: ClusterIP + ports: + - name: tcp-api + port: 5000 + targetPort: 5000 +{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-attached-disk-metrics-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-attached-disk-metrics-template.yaml index dc6b36f44..2c2dee9b0 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-attached-disk-metrics-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-attached-disk-metrics-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/clusterrole.yaml b/charts/kubecost/cost-analyzer/templates/grafana-clusterrole.yaml similarity index 65% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/clusterrole.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-clusterrole.yaml index d49193651..ca1666823 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/clusterrole.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-clusterrole.yaml @@ -1,19 +1,18 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} +{{- if .Values.grafana.rbac.create }} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.annotations }} +{{- with .Values.grafana.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} name: {{ template "grafana.fullname" . }}-clusterrole -{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +{{- if or .Values.grafana.sidecar.dashboards.enabled .Values.grafana.sidecar.datasources.enabled }} rules: - apiGroups: [""] # "" indicates the core API group resources: ["configmaps"] diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/templates/grafana-clusterrolebinding.yaml similarity index 80% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/clusterrolebinding.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-clusterrolebinding.yaml index 99dada9f4..4fc7267f3 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/clusterrolebinding.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-clusterrolebinding.yaml @@ -1,15 +1,14 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} +{{- if .Values.grafana.rbac.create }} kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "grafana.fullname" . }}-clusterrolebinding labels: app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.annotations }} +{{- with .Values.grafana.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kubecost/cost-analyzer/templates/grafana-configmap-dashboard-provider.yaml similarity index 69% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/configmap-dashboard-provider.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-configmap-dashboard-provider.yaml index 9b75d5a54..78c7717be 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap-dashboard-provider.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-configmap-dashboard-provider.yaml @@ -1,14 +1,13 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.sidecar.dashboards.enabled }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} +{{- if .Values.grafana.sidecar.dashboards.enabled }} apiVersion: v1 kind: ConfigMap metadata: labels: app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.annotations }} +{{- with .Values.grafana.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} @@ -24,6 +23,6 @@ data: type: file disableDeletion: false options: - path: {{ .Values.sidecar.dashboards.folder }} + path: {{ .Values.grafana.sidecar.dashboards.folder }} {{- end}} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap.yaml b/charts/kubecost/cost-analyzer/templates/grafana-configmap.yaml similarity index 67% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/configmap.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-configmap.yaml index f6a54c281..04d614667 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-configmap.yaml @@ -1,4 +1,4 @@ -{{ if .Values.global.grafana.enabled }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} apiVersion: v1 kind: ConfigMap metadata: @@ -6,43 +6,31 @@ metadata: namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{- if .Values.plugins }} - plugins: {{ join "," .Values.plugins }} +{{- if .Values.grafana.plugins }} + plugins: {{ join "," .Values.grafana.plugins }} {{- end }} grafana.ini: | -{{- range $key, $value := index .Values "grafana.ini" }} +{{- range $key, $value := index .Values.grafana "grafana.ini" }} [{{ $key }}] {{- range $elem, $elemVal := $value }} {{ $elem }} = {{ $elemVal }} {{- end }} {{- end }} -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} +{{- if .Values.grafana.datasources }} + {{- range $key, $value := .Values.grafana.datasources }} {{ $key }}: | {{ toYaml $value | trim | indent 4 }} {{- end -}} {{- end }} -{{- if not .Values.datasources }} +{{- if not .Values.grafana.datasources }} datasources.yaml: | apiVersion: 1 datasources: -{{- if .Values.global.thanos.enabled }} - - access: proxy - isDefault: true - name: Thanos - type: prometheus - url: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:10902 - jsonData: - timeInterval: 1m - prometheusType: Thanos - prometheusVersion: 0.29.0 - httpMethod: POST -{{- else if .Values.global.prometheus.enabled }} +{{- if .Values.global.prometheus.enabled }} - access: proxy isDefault: true name: Prometheus @@ -66,26 +54,26 @@ data: timeInterval: 1m {{- end -}} {{- end }} -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} +{{- if .Values.grafana.dashboardProviders }} + {{- range $key, $value := .Values.grafana.dashboardProviders }} {{ $key }}: | {{ toYaml $value | indent 4 }} {{- end -}} {{- end -}} -{{- if .Values.dashboards }} +{{- if .Values.grafana.dashboards }} download_dashboards.sh: | #!/usr/bin/env sh set -euf - {{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} + {{- if .Values.grafana.dashboardProviders }} + {{- range $key, $value := .Values.grafana.dashboardProviders }} {{- range $value.providers }} mkdir -p {{ .options.path }} {{- end }} {{- end }} {{- end }} - {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $provider, $dashboards := .Values.grafana.dashboards }} {{- range $key, $value := $dashboards }} {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} curl -sk \ diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-cluster-metrics-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-cluster-metrics-template.yaml index 640b6bd31..1f6dce16e 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-cluster-metrics-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-cluster-metrics-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-cluster-utilization-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-cluster-utilization-template.yaml index 3b12e5f09..c071de7c5 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-cluster-utilization-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-cluster-utilization-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-deployment-utilization-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-deployment-utilization-template.yaml index 644a8ea6c..7ce9c892a 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-deployment-utilization-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-deployment-utilization-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-kubernetes-resource-efficiency-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-kubernetes-resource-efficiency-template.yaml index 719fae54b..2b0c16149 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-kubernetes-resource-efficiency-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-kubernetes-resource-efficiency-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-label-cost-utilization-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-label-cost-utilization-template.yaml index 6ba7163fd..c9c4e79e0 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-label-cost-utilization-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-label-cost-utilization-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-namespace-utilization-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-namespace-utilization-template.yaml index 33524b7a6..76a2a4c89 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-namespace-utilization-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-namespace-utilization-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-node-utilization-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-node-utilization-template.yaml index aafed64fb..b7d94e211 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-node-utilization-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-node-utilization-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-pod-utilization-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-pod-utilization-template.yaml index 8058c4cc9..8bd3e0d34 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-pod-utilization-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-pod-utilization-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-prometheus-metrics-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-prometheus-metrics-template.yaml index bee726f29..876221e43 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-prometheus-metrics-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-prometheus-metrics-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboards-json-configmap.yaml similarity index 73% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/dashboards-json-configmap.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-dashboards-json-configmap.yaml index b4f901c2e..c4ad251ce 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/dashboards-json-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboards-json-configmap.yaml @@ -1,6 +1,6 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.dashboards }} - {{- range $provider, $dashboards := .Values.dashboards }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} +{{- if .Values.grafana.dashboards }} + {{- range $provider, $dashboards := .Values.grafana.dashboards }} --- apiVersion: v1 kind: ConfigMap @@ -9,7 +9,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} release: {{ $.Release.Name }} heritage: {{ $.Release.Service }} dashboard-provider: {{ $provider }} @@ -22,4 +21,4 @@ data: {{- end }} {{- end }} {{- end }} -{{ end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-datasource-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-datasource-template.yaml index d92a95023..ba4ecea8c 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-datasource-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-datasource-template.yaml @@ -32,24 +32,6 @@ data: {{- else }} isDefault: false {{- end }} -{{- if .Values.global.thanos }} -{{- if .Values.global.thanos.enabled }} -{{- if .Values.global.prometheus.enabled }} - url: http://{{ .Release.Name }}-thanos-query-http.{{ .Release.Namespace }}:{{ .Values.thanos.query.http.port }} -{{- else }} - url: {{ .Values.global.thanos.queryService }} -{{- end }} - - access: proxy - name: {{ default "Prometheus" .Values.grafana.sidecar.datasources.dataSourceName}} - isDefault: false - type: prometheus -{{- end }} -{{- if .Values.global.prometheus.enabled }} - url: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }} -{{- else }} - url: {{ .Values.global.prometheus.fqdn }} -{{- end }} -{{- end }} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/deployment.yaml b/charts/kubecost/cost-analyzer/templates/grafana-deployment.yaml similarity index 62% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/deployment.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-deployment.yaml index 1ece09a5a..4f11b6194 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/deployment.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-deployment.yaml @@ -1,4 +1,4 @@ -{{ if .Values.global.grafana.enabled }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} apiVersion: apps/v1 kind: Deployment metadata: @@ -6,22 +6,21 @@ metadata: namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.annotations }} +{{- with .Values.grafana.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.grafana.replicas }} selector: matchLabels: app: {{ template "grafana.name" . }} release: {{ .Release.Name }} strategy: - type: {{ .Values.deploymentStrategy }} - {{- if ne .Values.deploymentStrategy "RollingUpdate" }} + type: {{ .Values.grafana.deploymentStrategy }} + {{- if ne .Values.grafana.deploymentStrategy "RollingUpdate" }} rollingUpdate: null {{- end }} template: @@ -32,18 +31,18 @@ spec: {{- if .Values.global.additionalLabels }} {{ toYaml .Values.global.additionalLabels | nindent 8 }} {{- end }} - {{- with .Values.podAnnotations }} + {{- with .Values.grafana.podAnnotations }} annotations: {{ toYaml . | indent 8 }} {{- end }} spec: serviceAccountName: {{ template "grafana.serviceAccountName" . }} - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" + {{- if .Values.grafana.schedulerName }} + schedulerName: "{{ .Values.grafana.schedulerName }}" {{- end }} - {{- if .Values.securityContext }} + {{- if .Values.grafana.securityContext }} securityContext: - {{- toYaml .Values.securityContext | nindent 8 }} + {{- toYaml .Values.grafana.securityContext | nindent 8 }} {{- else if and (.Values.global.platforms.openshift.enabled) (.Values.global.platforms.openshift.securityContext) }} securityContext: {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }} @@ -51,14 +50,14 @@ spec: securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" + {{- if .Values.grafana.priorityClassName }} + priorityClassName: "{{ .Values.grafana.priorityClassName }}" {{- end }} - {{- if .Values.dashboards }} + {{- if .Values.grafana.dashboards }} initContainers: - name: download-dashboards - image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" - imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + image: "{{ .Values.grafana.downloadDashboardsImage.repository }}:{{ .Values.grafana.downloadDashboardsImage.tag }}" + imagePullPolicy: {{ .Values.grafana.downloadDashboardsImage.pullPolicy }} command: ["sh", "/etc/grafana/download_dashboards.sh"] {{- with .Values.global.containerSecurityContext }} securityContext: @@ -70,69 +69,69 @@ spec: subPath: download_dashboards.sh - name: storage mountPath: "/var/lib/grafana" - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} + {{- if .Values.grafana.persistence.subPath }} + subPath: {{ .Values.grafana.persistence.subPath }} {{- end }} - {{- range .Values.extraSecretMounts }} + {{- range .Values.grafana.extraSecretMounts }} - name: {{ .name }} mountPath: {{ .mountPath }} readOnly: {{ .readOnly }} {{- end }} {{- end }} - {{- if .Values.image.pullSecrets }} + {{- if .Values.grafana.image.pullSecrets }} imagePullSecrets: - {{- range .Values.image.pullSecrets }} + {{- range .Values.grafana.image.pullSecrets }} - name: {{ . }} {{- end}} {{- end }} containers: - {{- if .Values.sidecar.dashboards.enabled }} + {{- if .Values.grafana.sidecar.dashboards.enabled }} - name: {{ template "grafana.name" . }}-sc-dashboard - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }} + image: "{{ .Values.grafana.sidecar.image.repository }}:{{ .Values.grafana.sidecar.image.tag }}" + imagePullPolicy: {{ .Values.grafana.sidecar.image.pullPolicy }} {{- if .Values.global.containerSecurityContext }} securityContext: {{- toYaml .Values.global.containerSecurityContext | nindent 12 -}} {{- end }} env: - name: LABEL - value: "{{ .Values.sidecar.dashboards.label }}" + value: "{{ .Values.grafana.sidecar.dashboards.label }}" - name: FOLDER - value: "{{ .Values.sidecar.dashboards.folder }}" + value: "{{ .Values.grafana.sidecar.dashboards.folder }}" - name: ERROR_THROTTLE_SLEEP - value: "{{ .Values.sidecar.dashboards.error_throttle_sleep }}" - {{- with .Values.sidecar.resources }} + value: "{{ .Values.grafana.sidecar.dashboards.error_throttle_sleep }}" + {{- with .Values.grafana.sidecar.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} + mountPath: {{ .Values.grafana.sidecar.dashboards.folder | quote }} {{- end}} - {{- if .Values.sidecar.datasources.enabled }} + {{- if .Values.grafana.sidecar.datasources.enabled }} - name: {{ template "grafana.name" . }}-sc-datasources - image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }} + image: "{{ .Values.grafana.sidecar.image.repository }}:{{ .Values.grafana.sidecar.image.tag }}" + imagePullPolicy: {{ .Values.grafana.sidecar.image.pullPolicy }} {{- with .Values.global.containerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} env: - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" + value: "{{ .Values.grafana.sidecar.datasources.label }}" - name: FOLDER value: "/etc/grafana/provisioning/datasources" - name: ERROR_THROTTLE_SLEEP - value: "{{ .Values.sidecar.datasources.error_throttle_sleep }}" + value: "{{ .Values.grafana.sidecar.datasources.error_throttle_sleep }}" resources: - {{ toYaml .Values.sidecar.resources | indent 12 }} + {{ toYaml .Values.grafana.sidecar.resources | indent 12 }} volumeMounts: - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" {{- end}} - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + - name: grafana + image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" + imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} {{- with .Values.global.containerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} @@ -144,8 +143,8 @@ spec: - name: ldap mountPath: "/etc/grafana/ldap.toml" subPath: ldap.toml -{{- if .Values.dashboards }} - {{- range $provider, $dashboards := .Values.dashboards }} +{{- if .Values.grafana.dashboards }} + {{- range $provider, $dashboards := .Values.grafana.dashboards }} {{- range $key, $value := $dashboards }} {{- if hasKey $value "json" }} - name: dashboards-{{ $provider }} @@ -155,46 +154,46 @@ spec: {{- end }} {{- end }} {{- end -}} -{{- if .Values.dashboardsConfigMaps }} - {{- range keys .Values.dashboardsConfigMaps }} +{{- if .Values.grafana.dashboardsConfigMaps }} + {{- range keys .Values.grafana.dashboardsConfigMaps }} - name: dashboards-{{ . }} mountPath: "/var/lib/grafana/dashboards/{{ . }}" {{- end }} {{- end }} -{{- if or .Values.datasources .Values.global.grafana.enabled }} +{{- if or (.Values.grafana.datasources) (include "cost-analyzer.grafanaEnabled" .) }} - name: config mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" subPath: datasources.yaml {{- end }} -{{- if .Values.dashboardProviders }} +{{- if .Values.grafana.dashboardProviders }} - name: config mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" subPath: dashboardproviders.yaml {{- end }} -{{- if .Values.sidecar.dashboards.enabled }} +{{- if .Values.grafana.sidecar.dashboards.enabled }} - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} + mountPath: {{ .Values.grafana.sidecar.dashboards.folder | quote }} - name: sc-dashboard-provider mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" subPath: provider.yaml {{- end}} -{{- if .Values.sidecar.datasources.enabled }} +{{- if .Values.grafana.sidecar.datasources.enabled }} - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" {{- end}} - name: storage mountPath: "/var/lib/grafana" - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} + {{- if .Values.grafana.persistence.subPath }} + subPath: {{ .Values.grafana.persistence.subPath }} {{- end }} - {{- range .Values.extraSecretMounts }} + {{- range .Values.grafana.extraSecretMounts }} - name: {{ .name }} mountPath: {{ .mountPath }} readOnly: {{ .readOnly }} {{- end }} ports: - name: service - containerPort: {{ .Values.service.port }} + containerPort: {{ .Values.grafana.service.port }} protocol: TCP - name: grafana containerPort: 3000 @@ -210,49 +209,49 @@ spec: secretKeyRef: name: {{ template "grafana.fullname" . }} key: admin-password - {{- if .Values.plugins }} + {{- if .Values.grafana.plugins }} - name: GF_INSTALL_PLUGINS valueFrom: configMapKeyRef: name: {{ template "grafana.fullname" . }} key: plugins {{- end }} - {{- if .Values.smtp.existingSecret }} + {{- if .Values.grafana.smtp.existingSecret }} - name: GF_SMTP_USER valueFrom: secretKeyRef: - name: {{ .Values.smtp.existingSecret }} + name: {{ .Values.grafana.smtp.existingSecret }} key: user - name: GF_SMTP_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.smtp.existingSecret }} + name: {{ .Values.grafana.smtp.existingSecret }} key: password {{- end }} -{{- range $key, $value := .Values.env }} +{{- range $key, $value := .Values.grafana.env }} - name: "{{ $key }}" value: "{{ $value }}" {{- end }} - {{- if .Values.envFromSecret }} + {{- if .Values.grafana.envFromSecret }} envFrom: - secretRef: - name: {{ .Values.envFromSecret }} + name: {{ .Values.grafana.envFromSecret }} {{- end }} livenessProbe: -{{ toYaml .Values.livenessProbe | indent 12 }} +{{ toYaml .Values.grafana.livenessProbe | indent 12 }} readinessProbe: -{{ toYaml .Values.readinessProbe | indent 12 }} +{{ toYaml .Values.grafana.readinessProbe | indent 12 }} resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} +{{ toYaml .Values.grafana.resources | indent 12 }} + {{- with .Values.grafana.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.grafana.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.grafana.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} @@ -260,15 +259,15 @@ spec: - name: config configMap: name: {{ template "grafana.fullname" . }} - {{- if .Values.dashboards }} - {{- range keys .Values.dashboards }} + {{- if .Values.grafana.dashboards }} + {{- range keys .Values.grafana.dashboards }} - name: dashboards-{{ . }} configMap: name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} {{- end }} {{- end }} - {{- if .Values.dashboardsConfigMaps }} - {{- range $provider, $name := .Values.dashboardsConfigMaps }} + {{- if .Values.grafana.dashboardsConfigMaps }} + {{- range $provider, $name := .Values.grafana.dashboardsConfigMaps }} - name: dashboards-{{ $provider }} configMap: name: {{ $name }} @@ -276,8 +275,8 @@ spec: {{- end }} - name: ldap secret: - {{- if .Values.ldap.existingSecret }} - secretName: {{ .Values.ldap.existingSecret }} + {{- if .Values.grafana.ldap.existingSecret }} + secretName: {{ .Values.grafana.ldap.existingSecret }} {{- else }} secretName: {{ template "grafana.fullname" . }} {{- end }} @@ -285,24 +284,24 @@ spec: - key: ldap-toml path: ldap.toml - name: storage - {{- if .Values.persistence.enabled }} + {{- if .Values.grafana.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} + claimName: {{ .Values.grafana.persistence.existingClaim | default (include "grafana.fullname" .) }} {{- else }} emptyDir: {} {{- end -}} - {{- if .Values.sidecar.dashboards.enabled }} + {{- if .Values.grafana.sidecar.dashboards.enabled }} - name: sc-dashboard-volume emptyDir: {} - name: sc-dashboard-provider configMap: name: {{ template "grafana.fullname" . }}-config-dashboards {{- end }} - {{- if .Values.sidecar.datasources.enabled }} + {{- if .Values.grafana.sidecar.datasources.enabled }} - name: sc-datasources-volume emptyDir: {} {{- end -}} - {{- range .Values.extraSecretMounts }} + {{- range .Values.grafana.extraSecretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-ingress.yaml b/charts/kubecost/cost-analyzer/templates/grafana-ingress.yaml new file mode 100644 index 000000000..da2038170 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/grafana-ingress.yaml @@ -0,0 +1,47 @@ +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} +{{- if .Values.grafana.ingress.enabled -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "grafana.name" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.grafana.ingress.labels }} +{{ toYaml .Values.grafana.ingress.labels | indent 4 }} +{{- end }} +{{- with .Values.grafana.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.grafana.ingress.tls }} + tls: + {{- range .Values.grafana.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.grafana.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + pathType: {{ $.Values.grafana.ingress.pathType }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-networkcosts-metrics-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-networkcosts-metrics-template.yaml index 828bfa964..1dd36e393 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-networkcosts-metrics-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-networkcosts-metrics-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-pod-utilization-multi-cluster-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-pod-utilization-multi-cluster-template.yaml index 7559e9cc4..e74c75b05 100644 --- a/charts/kubecost/cost-analyzer/templates/grafana-pod-utilization-multi-cluster-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-pod-utilization-multi-cluster-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.grafana -}} {{- if .Values.grafana.sidecar -}} {{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} +{{- if and (.Values.grafana.sidecar.dashboards.enabled ) (eq (include "cost-analyzer.grafanaEnabled" .) "true") -}} apiVersion: v1 kind: ConfigMap metadata: @@ -12,7 +12,7 @@ metadata: labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{ $.Values.grafana.sidecar.dashboards.label }}: "{{ $.Values.grafana.sidecar.dashboards.labelValue }}" {{- else }} grafana_dashboard: "1" {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/pvc.yaml b/charts/kubecost/cost-analyzer/templates/grafana-pvc.yaml similarity index 50% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/pvc.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-pvc.yaml index 203ba02f2..d90e7f747 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/pvc.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-pvc.yaml @@ -1,5 +1,5 @@ -{{ if .Values.global.grafana.enabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} +{{- if and .Values.grafana.persistence.enabled (not .Values.grafana.persistence.existingClaim) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -7,21 +7,20 @@ metadata: namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} - {{- with .Values.persistence.annotations }} + {{- with .Values.grafana.persistence.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} spec: accessModes: - {{- range .Values.persistence.accessModes }} + {{- range .Values.grafana.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: - storage: {{ .Values.persistence.size | quote }} - storageClassName: {{ .Values.persistence.storageClassName }} + storage: {{ .Values.grafana.persistence.size | quote }} + storageClassName: {{ .Values.grafana.persistence.storageClassName }} {{- end -}} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/secret.yaml b/charts/kubecost/cost-analyzer/templates/grafana-secret.yaml similarity index 50% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/secret.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-secret.yaml index 176a0b869..df8b46dde 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/secret.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-secret.yaml @@ -1,4 +1,4 @@ -{{ if .Values.global.grafana.enabled }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} apiVersion: v1 kind: Secret metadata: @@ -6,18 +6,17 @@ metadata: namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} type: Opaque data: - admin-user: {{ .Values.adminUser | b64enc | quote }} - {{- if .Values.adminPassword }} - admin-password: {{ .Values.adminPassword | b64enc | quote }} + admin-user: {{ .Values.grafana.adminUser | b64enc | quote }} + {{- if .Values.grafana.adminPassword }} + admin-password: {{ .Values.grafana.adminPassword | b64enc | quote }} {{- else }} admin-password: {{ randAlphaNum 40 | b64enc | quote }} {{- end }} - {{- if not .Values.ldap.existingSecret }} - ldap-toml: {{ .Values.ldap.config | b64enc | quote }} + {{- if not .Values.grafana.ldap.existingSecret }} + ldap-toml: {{ .Values.grafana.ldap.config | b64enc | quote }} {{- end }} {{ end }} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-service.yaml b/charts/kubecost/cost-analyzer/templates/grafana-service.yaml new file mode 100644 index 000000000..3bf668ed8 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/grafana-service.yaml @@ -0,0 +1,51 @@ +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "grafana.name" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.grafana.service.labels }} +{{ toYaml .Values.grafana.service.labels | indent 4 }} +{{- end }} +{{- with .Values.grafana.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.grafana.service.type "ClusterIP") (empty .Values.grafana.service.type)) }} + type: ClusterIP + {{- if .Values.grafana.service.clusterIP }} + clusterIP: {{ .Values.grafana.service.clusterIP }} + {{end}} +{{- else if eq .Values.grafana.service.type "LoadBalancer" }} + type: {{ .Values.grafana.service.type }} + {{- if .Values.grafana.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.grafana.service.loadBalancerIP }} + {{- end }} + {{- if .Values.grafana.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.grafana.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.grafana.service.type }} +{{- end }} +{{- if .Values.grafana.service.externalIPs }} + externalIPs: +{{ toYaml .Values.grafana.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: tcp-service + port: {{ .Values.grafana.service.port }} + protocol: TCP + targetPort: 3000 +{{ if (and (eq .Values.grafana.service.type "NodePort") (not (empty .Values.grafana.service.nodePort))) }} + nodePort: {{.Values.grafana.service.nodePort}} +{{ end }} + selector: + app: {{ template "grafana.name" . }} + release: {{ .Release.Name }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/templates/grafana-serviceaccount.yaml similarity index 75% rename from charts/kubecost/cost-analyzer/charts/grafana/templates/serviceaccount.yaml rename to charts/kubecost/cost-analyzer/templates/grafana-serviceaccount.yaml index 024fb2dad..46f5e63f1 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/templates/grafana-serviceaccount.yaml @@ -1,14 +1,13 @@ -{{ if .Values.global.grafana.enabled }} +{{- if (eq (include "cost-analyzer.grafanaEnabled" .) "true") }} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: labels: app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} name: {{ template "grafana.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} -{{ end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-agent-secretprovider-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-agent-secretprovider-template.yaml index 40ee87e3e..3ebc1a4b6 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-agent-secretprovider-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-agent-secretprovider-template.yaml @@ -1,5 +1,5 @@ {{- if .Values.agent }} -{{- if .Values.agentCsi.enabled }} +{{- if ((.Values.agentCsi).enabled) }} {{- if .Capabilities.APIVersions.Has "secrets-store.csi.x-k8s.io/v1" }} apiVersion: secrets-store.csi.x-k8s.io/v1 {{- else }} diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-actions-configmap.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-actions-configmap.yaml new file mode 100644 index 000000000..e5c0f7705 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-actions-configmap.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-controller-continuous-cluster-sizing + namespace: {{ .Release.Namespace }} + labels: + {{- include "cost-analyzer.commonLabels" . | nindent 4 }} +{{- if .Values.clusterController.actionConfigs.clusterRightsize }} +binaryData: + config: | +{{- toJson .Values.clusterController.actionConfigs.clusterRightsize | b64enc | nindent 4 }} +{{- end }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-controller-nsturndown-config + namespace: {{ .Release.Namespace }} + labels: + {{- include "cost-analyzer.commonLabels" . | nindent 4 }} +{{- if .Values.clusterController.actionConfigs.namespaceTurndown }} +binaryData: +{{- range .Values.clusterController.actionConfigs.namespaceTurndown }} + {{ .name }}: | + {{- toJson . | b64enc | nindent 4 }} +{{- end }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-controller-container-rightsizing-config + namespace: {{ .Release.Namespace }} + labels: + {{- include "cost-analyzer.commonLabels" . | nindent 4 }} +{{- if .Values.clusterController.actionConfigs.containerRightsize }} +binaryData: + config: | +{{- toJson .Values.clusterController.actionConfigs.containerRightsize | b64enc | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-template.yaml index 78a75700c..ce1691ef5 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-template.yaml @@ -96,20 +96,6 @@ rules: - get - create - update - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - apiGroups: - apps resources: @@ -197,29 +183,13 @@ subjects: name: {{ template "kubecost.clusterControllerName" . }} namespace: {{ .Release.Namespace }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-controller-continuous-cluster-sizing - namespace: {{ .Release.Namespace }} - labels: - {{- include "cost-analyzer.commonLabels" . | nindent 4 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-controller-nsturndown-config - namespace: {{ .Release.Namespace }} - labels: - {{- include "cost-analyzer.commonLabels" . | nindent 4 }} ---- apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kubecost.clusterControllerName" . }} namespace: {{ .Release.Namespace }} labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- include "cost-analyzer.commonLabels" . | nindent 4 }} spec: strategy: rollingUpdate: @@ -243,7 +213,11 @@ spec: {{- end }} containers: - name: {{ template "kubecost.clusterControllerName" . }} + {{- if eq (typeOf .Values.clusterController.image) "string" }} image: {{ .Values.clusterController.image }} + {{- else }} + image: {{ .Values.clusterController.image.repository }}:{{ .Values.clusterController.image.tag }} + {{- end}} imagePullPolicy: {{ .Values.clusterController.imagePullPolicy }} volumeMounts: - name: cluster-controller-keys @@ -285,6 +259,10 @@ spec: hostPort: 9731 serviceAccount: {{ template "kubecost.clusterControllerName" . }} serviceAccountName: {{ template "kubecost.clusterControllerName" . }} + {{- with .Values.clusterController.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: cluster-controller-keys secret: diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml index b0562f895..4ea1444be 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml @@ -58,7 +58,7 @@ spec: volumes: {{- if .Values.agent }} - name: config-store - {{- if .Values.agentCsi.enabled }} + {{- if ((.Values.agentCsi).enabled) }} csi: driver: secrets-store.csi.k8s.io readOnly: true @@ -106,6 +106,13 @@ spec: items: - key: cloud-integration.json path: cloud-integration.json + {{- else if or .Values.kubecostProductConfigs.cloudIntegrationJSON ((.Values.kubecostProductConfigs).athenaProjectID) }} + - name: cloud-integration + secret: + secretName: cloud-integration + items: + - key: cloud-integration.json + path: cloud-integration.json {{- end }} {{- end }} - name: persistent-configs @@ -147,6 +154,8 @@ spec: - image: {{ .Values.kubecostModel.fullImageName }} {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} + {{- else if eq "development" .Chart.AppVersion }} + - image: gcr.io/kubecost1/cost-model-nightly:latest {{- else }} - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} {{ end }} @@ -188,7 +197,7 @@ spec: - name: azure-storage-config mountPath: /var/azure-storage-config {{- end }} - {{- if .Values.kubecostProductConfigs.cloudIntegrationSecret }} + {{- if or (.Values.kubecostProductConfigs.cloudIntegrationSecret) (.Values.kubecostProductConfigs.cloudIntegrationJSON) ((.Values.kubecostProductConfigs).athenaProjectID) }} - name: cloud-integration mountPath: /var/configs/cloud-integration {{- end }} @@ -272,7 +281,7 @@ spec: value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} {{- end }} {{- if .Values.cloudAgentClusterId }} - - name: CLUSTER_ID + - name: CLUSTER_ID value: {{ .Values.cloudAgentClusterId }} {{- else if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }} - name: CLUSTER_ID diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-priority-class-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-priority-class-template.yaml index 41c4fd7a9..7a176d72a 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-priority-class-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-priority-class-template.yaml @@ -1,7 +1,7 @@ {{- if .Values.priority }} {{- if .Values.priority.enabled }} {{- if eq (len .Values.priority.name) 0 }} -apiVersion: {{ include "cost-analyzer.priorityClass.apiVersion" . }} +apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: name: {{ template "cost-analyzer.fullname" . }}-priority diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-saml-secret-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-saml-secret-template.yaml new file mode 100644 index 000000000..e9a323057 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/kubecost-saml-secret-template.yaml @@ -0,0 +1,12 @@ +{{- if .Values.saml.enabled }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ .Values.saml.authSecretName | default "kubecost-saml-secret" }} + namespace: {{ .Release.Namespace }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +stringData: + clientSecret: {{ .Values.saml.authSecret | default (randAlphaNum 32 | quote) }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/model-ingress-template.yaml b/charts/kubecost/cost-analyzer/templates/model-ingress-template.yaml index 55243eedb..b55b2986c 100644 --- a/charts/kubecost/cost-analyzer/templates/model-ingress-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/model-ingress-template.yaml @@ -4,15 +4,7 @@ {{- $serviceName := include "cost-analyzer.serviceName" . -}} {{- $ingressPaths := .Values.kubecostModel.ingress.paths -}} {{- $ingressPathType := .Values.kubecostModel.ingress.pathType -}} -{{- $apiV1 := false -}} -{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare "^1.19-0" .Capabilities.KubeVersion.GitVersion) }} -{{- $apiV1 = true -}} apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} kind: Ingress metadata: name: {{ $fullName }}-model @@ -46,7 +38,6 @@ spec: http: paths: {{- range $ingressPaths }} - {{- if $apiV1 }} - path: {{ . }} pathType: {{ $ingressPathType }} backend: @@ -54,12 +45,6 @@ spec: name: {{ $serviceName }} port: name: tcp-model - {{- else }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: tcp-model - {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/network-costs-psp.template.yaml b/charts/kubecost/cost-analyzer/templates/network-costs-psp.template.yaml deleted file mode 100644 index 1dac8de05..000000000 --- a/charts/kubecost/cost-analyzer/templates/network-costs-psp.template.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "cost-analyzer.fullname" . }}-network-costs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 6 }} -spec: - privileged: true - hostNetwork: true - allowedHostPaths: - {{- if .Values.networkCosts.hostProc }} - - pathPrefix: {{ default "/proc" .Values.networkCosts.hostProc.hostPath }} - readOnly: false - {{- else }} - - pathPrefix: /proc - readOnly: false - {{- end }} - hostPorts: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/network-costs-role.template.yaml b/charts/kubecost/cost-analyzer/templates/network-costs-role.template.yaml deleted file mode 100644 index 1376b66a4..000000000 --- a/charts/kubecost/cost-analyzer/templates/network-costs-role.template.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "cost-analyzer.fullname" . }}-network-costs - namespace: {{ .Release.Namespace }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - annotations: - {{- with .Values.networkCosts.podSecurityPolicy.annotations }} - {{ toYaml . | indent 4 }} - {{- end }} -rules: -- apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "cost-analyzer.fullname" . }}-network-costs -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/network-costs-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/templates/network-costs-rolebinding.template.yaml deleted file mode 100644 index 4992407a3..000000000 --- a/charts/kubecost/cost-analyzer/templates/network-costs-rolebinding.template.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "cost-analyzer.fullname" . }}-network-costs - namespace: {{ .Release.Namespace }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 6 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "cost-analyzer.fullname" . }}-network-costs -subjects: -- kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-configmap.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-configmap.yaml similarity index 66% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-configmap.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-configmap.yaml index 52a6aa517..8f5b8315f 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-configmap.yaml @@ -1,5 +1,5 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}} +{{- if and .Values.prometheus.alertmanager.enabled (and (empty .Values.prometheus.alertmanager.configMapOverrideName) (empty .Values.prometheus.alertmanager.configFromSecret)) -}} apiVersion: v1 kind: ConfigMap metadata: @@ -9,7 +9,7 @@ metadata: namespace: {{ .Release.Namespace }} data: {{- $root := . -}} -{{- range $key, $value := .Values.alertmanagerFiles }} +{{- range $key, $value := .Values.prometheus.alertmanagerFiles }} {{- if $key | regexMatch ".*\\.ya?ml$" }} {{ $key }}: | {{ toYaml $value | default "{}" | indent 4 }} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-deployment.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-deployment.yaml new file mode 100644 index 000000000..9520cd2df --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-deployment.yaml @@ -0,0 +1,142 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.prometheus.alertmanager.enabled (not .Values.prometheus.alertmanager.statefulSet.enabled) -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} + replicas: {{ .Values.prometheus.alertmanager.replicaCount }} + {{- if .Values.prometheus.alertmanager.strategy }} + strategy: +{{ toYaml .Values.prometheus.alertmanager.strategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.prometheus.alertmanager.podAnnotations }} + annotations: +{{ toYaml .Values.prometheus.alertmanager.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 8 }} + {{- if .Values.prometheus.alertmanager.podLabels}} + {{ toYaml .Values.prometheus.alertmanager.podLabels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.prometheus.alertmanager.schedulerName }} + schedulerName: "{{ .Values.prometheus.alertmanager.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} +{{- if .Values.prometheus.alertmanager.priorityClassName }} + priorityClassName: "{{ .Values.prometheus.alertmanager.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.alertmanager.name }} + image: "{{ .Values.prometheus.alertmanager.image.repository }}:{{ .Values.prometheus.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.alertmanager.image.pullPolicy }}" + env: + {{- range $key, $value := .Values.prometheus.alertmanager.extraEnv }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + args: + - --config.file=/etc/config/{{ .Values.prometheus.alertmanager.configFileName }} + - --storage.path={{ .Values.prometheus.alertmanager.persistentVolume.mountPath }} + - --cluster.advertise-address=$(POD_IP):6783 + {{- range $key, $value := .Values.prometheus.alertmanager.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.prometheus.alertmanager.baseURL }} + - --web.external-url={{ .Values.prometheus.alertmanager.baseURL }} + {{- end }} + + ports: + - containerPort: 9093 + readinessProbe: + httpGet: + path: {{ .Values.prometheus.alertmanager.prefixURL }}/-/ready + port: 9093 + initialDelaySeconds: 30 + timeoutSeconds: 30 + resources: +{{ toYaml .Values.prometheus.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: "{{ .Values.prometheus.alertmanager.persistentVolume.mountPath }}" + subPath: "{{ .Values.prometheus.alertmanager.persistentVolume.subPath }}" + {{- range .Values.prometheus.alertmanager.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + + {{- if .Values.prometheus.configmapReload.alertmanager.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.alertmanager.name }}-{{ .Values.prometheus.configmapReload.alertmanager.name }} + image: "{{ .Values.prometheus.configmapReload.alertmanager.image.repository }}:{{ .Values.prometheus.configmapReload.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.configmapReload.alertmanager.image.pullPolicy }}" + args: + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9093{{ .Values.prometheus.alertmanager.prefixURL }}/-/reload + resources: +{{ toYaml .Values.prometheus.configmapReload.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- end }} + {{- if .Values.prometheus.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.prometheus.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.prometheus.alertmanager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.prometheus.alertmanager.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.prometheus.alertmanager.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.alertmanager.securityContext | indent 8 }} + {{- end }} + {{- if .Values.prometheus.alertmanager.tolerations }} + tolerations: +{{ toYaml .Values.prometheus.alertmanager.tolerations | indent 8 }} + {{- end }} + {{- if .Values.prometheus.alertmanager.affinity }} + affinity: +{{ toYaml .Values.prometheus.alertmanager.affinity | indent 8 }} + {{- end }} + volumes: + - name: config-volume + {{- if empty .Values.prometheus.alertmanager.configFromSecret }} + configMap: + name: {{ if .Values.prometheus.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.prometheus.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- else }} + secret: + secretName: {{ .Values.prometheus.alertmanager.configFromSecret }} + {{- end }} + {{- range .Values.prometheus.alertmanager.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + - name: storage-volume + {{- if .Values.prometheus.alertmanager.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.prometheus.alertmanager.persistentVolume.existingClaim }}{{ .Values.prometheus.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{- end -}} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-ingress.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-ingress.yaml similarity index 52% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-ingress.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-ingress.yaml index e22a76db7..41757e0e1 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-ingress.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-ingress.yaml @@ -1,32 +1,26 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}} +{{- if and .Values.prometheus.alertmanager.enabled .Values.prometheus.alertmanager.ingress.enabled -}} {{- $releaseName := .Release.Name -}} {{- $serviceName := include "prometheus.alertmanager.fullname" . }} -{{- $servicePort := .Values.alertmanager.service.servicePort -}} -{{- $extraPaths := .Values.alertmanager.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $servicePort := .Values.prometheus.alertmanager.service.servicePort -}} +{{- $extraPaths := .Values.prometheus.alertmanager.ingress.extraPaths -}} apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} kind: Ingress metadata: -{{- if .Values.alertmanager.ingress.annotations }} +{{- if .Values.prometheus.alertmanager.ingress.annotations }} annotations: -{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} +{{ toYaml .Values.prometheus.alertmanager.ingress.annotations | indent 4 }} {{- end }} labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }} +{{- range $key, $value := .Values.prometheus.alertmanager.ingress.extraLabels }} {{ $key }}: {{ $value }} {{- end }} name: {{ template "prometheus.alertmanager.fullname" . }} namespace: {{ .Release.Namespace }} spec: rules: - {{- range .Values.alertmanager.ingress.hosts }} + {{- range .Values.prometheus.alertmanager.ingress.hosts }} {{- $url := splitList "/" . }} - host: {{ first $url }} http: @@ -39,9 +33,9 @@ spec: serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} {{- end -}} -{{- if .Values.alertmanager.ingress.tls }} +{{- if .Values.prometheus.alertmanager.ingress.tls }} tls: -{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }} +{{ toYaml .Values.prometheus.alertmanager.ingress.tls | indent 4 }} {{- end -}} {{- end -}} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-networkpolicy.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-networkpolicy.yaml similarity index 79% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-networkpolicy.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-networkpolicy.yaml index d5471551a..c24a76ae7 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-networkpolicy.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-networkpolicy.yaml @@ -1,6 +1,6 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +{{- if and .Values.prometheus.alertmanager.enabled .Values.prometheus.networkPolicy.enabled -}} +apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "prometheus.alertmanager.fullname" . }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pdb.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-pdb.yaml similarity index 62% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pdb.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-pdb.yaml index 00e6c000b..123d24ee0 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pdb.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-pdb.yaml @@ -1,10 +1,6 @@ {{ if .Values.global.prometheus.enabled }} -{{- if .Values.alertmanager.podDisruptionBudget.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1" -}} +{{- if .Values.prometheus.alertmanager.podDisruptionBudget.enabled }} apiVersion: policy/v1 -{{- else}} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ template "prometheus.alertmanager.fullname" . }} @@ -12,7 +8,7 @@ metadata: labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} spec: - maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.prometheus.alertmanager.podDisruptionBudget.maxUnavailable }} selector: matchLabels: {{- include "prometheus.alertmanager.labels" . | nindent 6 }} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-pvc.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-pvc.yaml new file mode 100644 index 000000000..dea65e5e5 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-pvc.yaml @@ -0,0 +1,35 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if not .Values.prometheus.alertmanager.statefulSet.enabled -}} +{{- if and .Values.prometheus.alertmanager.enabled .Values.prometheus.alertmanager.persistentVolume.enabled -}} +{{- if not .Values.prometheus.alertmanager.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.prometheus.alertmanager.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.prometheus.alertmanager.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: +{{ toYaml .Values.prometheus.alertmanager.persistentVolume.accessModes | indent 4 }} +{{- if .Values.prometheus.alertmanager.persistentVolume.storageClass }} +{{- if (eq "-" .Values.prometheus.alertmanager.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.prometheus.alertmanager.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.prometheus.alertmanager.persistentVolume.volumeBindingMode }} + volumeBindingModeName: "{{ .Values.prometheus.alertmanager.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.prometheus.alertmanager.persistentVolume.size }}" +{{- end -}} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service-headless.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-service-headless.yaml similarity index 50% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service-headless.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-service-headless.yaml index 0a72ead40..2f68f4126 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service-headless.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-service-headless.yaml @@ -1,16 +1,16 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} +{{- if and .Values.prometheus.alertmanager.enabled .Values.prometheus.alertmanager.statefulSet.enabled -}} apiVersion: v1 kind: Service metadata: -{{- if .Values.alertmanager.statefulSet.headless.annotations }} +{{- if .Values.prometheus.alertmanager.statefulSet.headless.annotations }} annotations: -{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }} +{{ toYaml .Values.prometheus.alertmanager.statefulSet.headless.annotations | indent 4 }} {{- end }} labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- if .Values.alertmanager.statefulSet.headless.labels }} -{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }} +{{- if .Values.prometheus.alertmanager.statefulSet.headless.labels }} +{{ toYaml .Values.prometheus.alertmanager.statefulSet.headless.labels | indent 4 }} {{- end }} name: {{ template "prometheus.alertmanager.fullname" . }}-headless namespace: {{ .Release.Namespace }} @@ -18,10 +18,10 @@ spec: clusterIP: None ports: - name: http - port: {{ .Values.alertmanager.statefulSet.headless.servicePort }} + port: {{ .Values.prometheus.alertmanager.statefulSet.headless.servicePort }} protocol: TCP targetPort: 9093 -{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} +{{- if .Values.prometheus.alertmanager.statefulSet.headless.enableMeshPeer }} - name: meshpeer port: 6783 protocol: TCP diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-service.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-service.yaml new file mode 100644 index 000000000..838d39ba4 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-service.yaml @@ -0,0 +1,55 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.alertmanager.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.prometheus.alertmanager.service.annotations }} + annotations: +{{ toYaml .Values.prometheus.alertmanager.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +{{- if .Values.prometheus.alertmanager.service.labels }} +{{ toYaml .Values.prometheus.alertmanager.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: +{{- if .Values.prometheus.alertmanager.service.clusterIP }} + clusterIP: {{ .Values.prometheus.alertmanager.service.clusterIP }} +{{- end }} +{{- if .Values.prometheus.alertmanager.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheus.alertmanager.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.alertmanager.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheus.alertmanager.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheus.alertmanager.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheus.alertmanager.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.prometheus.alertmanager.service.servicePort }} + protocol: TCP + targetPort: 9093 + {{- if .Values.prometheus.alertmanager.service.nodePort }} + nodePort: {{ .Values.prometheus.alertmanager.service.nodePort }} + {{- end }} +{{- if .Values.prometheus.alertmanager.service.enableMeshPeer }} + - name: meshpeer + port: 6783 + protocol: TCP + targetPort: 6783 +{{- end }} + selector: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} +{{- if .Values.prometheus.alertmanager.service.sessionAffinity }} + sessionAffinity: {{ .Values.prometheus.alertmanager.service.sessionAffinity }} +{{- end }} + type: "{{ .Values.prometheus.alertmanager.service.type }}" +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-serviceaccount.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-serviceaccount.yaml similarity index 72% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-serviceaccount.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-serviceaccount.yaml index 521714df3..99257bbf8 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-serviceaccount.yaml @@ -1,5 +1,5 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}} +{{- if and .Values.prometheus.alertmanager.enabled .Values.prometheus.serviceAccounts.alertmanager.create -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-statefulset.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-statefulset.yaml new file mode 100644 index 000000000..26e05f1fb --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-alertmanager-statefulset.yaml @@ -0,0 +1,155 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.prometheus.alertmanager.enabled .Values.prometheus.alertmanager.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless + selector: + matchLabels: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} + replicas: {{ .Values.prometheus.alertmanager.replicaCount }} + podManagementPolicy: {{ .Values.prometheus.alertmanager.statefulSet.podManagementPolicy }} + template: + metadata: + {{- if .Values.prometheus.alertmanager.podAnnotations }} + annotations: +{{ toYaml .Values.prometheus.alertmanager.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 8 }} + spec: +{{- if .Values.prometheus.alertmanager.affinity }} + affinity: +{{ toYaml .Values.prometheus.alertmanager.affinity | indent 8 }} +{{- end }} +{{- if .Values.prometheus.alertmanager.schedulerName }} + schedulerName: "{{ .Values.prometheus.alertmanager.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} +{{- if .Values.prometheus.alertmanager.priorityClassName }} + priorityClassName: "{{ .Values.prometheus.alertmanager.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.alertmanager.name }} + image: "{{ .Values.prometheus.alertmanager.image.repository }}:{{ .Values.prometheus.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.alertmanager.image.pullPolicy }}" + env: + {{- range $key, $value := .Values.prometheus.alertmanager.extraEnv }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + args: + - --config.file=/etc/config/alertmanager.yml + - --storage.path={{ .Values.prometheus.alertmanager.persistentVolume.mountPath }} + - --cluster.advertise-address=$(POD_IP):6783 + {{- if .Values.prometheus.alertmanager.statefulSet.headless.enableMeshPeer }} + - --cluster.listen-address=0.0.0.0:6783 + {{- range $n := until (.Values.prometheus.alertmanager.replicaCount | int) }} + - --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783 + {{- end }} + {{- end }} + {{- range $key, $value := .Values.prometheus.alertmanager.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.prometheus.alertmanager.baseURL }} + - --web.external-url={{ .Values.prometheus.alertmanager.baseURL }} + {{- end }} + + ports: + - containerPort: 9093 + readinessProbe: + httpGet: + path: {{ .Values.prometheus.alertmanager.prefixURL }}/#/status + port: 9093 + initialDelaySeconds: 30 + timeoutSeconds: 30 + resources: +{{ toYaml .Values.prometheus.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: "{{ .Values.prometheus.alertmanager.persistentVolume.mountPath }}" + subPath: "{{ .Values.prometheus.alertmanager.persistentVolume.subPath }}" + {{- range .Values.prometheus.alertmanager.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.prometheus.configmapReload.alertmanager.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.alertmanager.name }}-{{ .Values.prometheus.configmapReload.alertmanager.name }} + image: "{{ .Values.prometheus.configmapReload.alertmanager.image.repository }}:{{ .Values.prometheus.configmapReload.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.configmapReload.alertmanager.image.pullPolicy }}" + args: + - --watched-dir=/etc/config + - --reload-url=http://localhost:9093{{ .Values.prometheus.alertmanager.prefixURL }}/-/reload + resources: +{{ toYaml .Values.prometheus.configmapReload.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- end }} + {{- if .Values.prometheus.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.prometheus.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.prometheus.alertmanager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.prometheus.alertmanager.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.prometheus.alertmanager.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.alertmanager.securityContext | indent 8 }} + {{- end }} + {{- if .Values.prometheus.alertmanager.tolerations }} + tolerations: +{{ toYaml .Values.prometheus.alertmanager.tolerations | indent 8 }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ if .Values.prometheus.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.prometheus.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- range .Values.prometheus.alertmanager.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} +{{- if .Values.prometheus.alertmanager.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + {{- if .Values.prometheus.alertmanager.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.prometheus.alertmanager.persistentVolume.annotations | indent 10 }} + {{- end }} + spec: + accessModes: +{{ toYaml .Values.prometheus.alertmanager.persistentVolume.accessModes | indent 10 }} + resources: + requests: + storage: "{{ .Values.prometheus.alertmanager.persistentVolume.size }}" + {{- if .Values.prometheus.server.persistentVolume.storageClass }} + {{- if (eq "-" .Values.prometheus.server.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.prometheus.alertmanager.persistentVolume.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + - name: storage-volume + emptyDir: {} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-daemonset.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-daemonset.yaml new file mode 100644 index 000000000..14f3f6703 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-daemonset.yaml @@ -0,0 +1,133 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.nodeExporter.enabled -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: +{{- if .Values.prometheus.nodeExporter.deploymentAnnotations }} + annotations: +{{ toYaml .Values.prometheus.nodeExporter.deploymentAnnotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + name: {{ template "prometheus.nodeExporter.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }} + {{- if .Values.prometheus.nodeExporter.updateStrategy }} + updateStrategy: +{{ toYaml .Values.prometheus.nodeExporter.updateStrategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.prometheus.nodeExporter.podAnnotations }} + annotations: +{{ toYaml .Values.prometheus.nodeExporter.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 8 }} +{{- if .Values.prometheus.nodeExporter.pod.labels }} +{{ toYaml .Values.prometheus.nodeExporter.pod.labels | indent 8 }} +{{- end }} + spec: +{{- if .Values.prometheus.nodeExporter.affinity }} + affinity: +{{ toYaml .Values.prometheus.nodeExporter.affinity | indent 8 }} +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }} +{{- if .Values.prometheus.nodeExporter.dnsPolicy }} + dnsPolicy: "{{ .Values.prometheus.nodeExporter.dnsPolicy }}" +{{- end }} +{{- if .Values.prometheus.nodeExporter.priorityClassName }} + priorityClassName: "{{ .Values.prometheus.nodeExporter.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.nodeExporter.name }} + image: "{{ .Values.prometheus.nodeExporter.image.repository }}:{{ .Values.prometheus.nodeExporter.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.nodeExporter.image.pullPolicy }}" + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + {{- if .Values.prometheus.nodeExporter.hostNetwork }} + - --web.listen-address=:{{ .Values.prometheus.nodeExporter.service.hostPort }} + {{- end }} + {{- range $key, $value := .Values.prometheus.nodeExporter.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + ports: + - name: metrics + {{- if .Values.prometheus.nodeExporter.hostNetwork }} + containerPort: {{ .Values.prometheus.nodeExporter.service.hostPort }} + {{- else }} + containerPort: 9100 + {{- end }} + hostPort: {{ .Values.prometheus.nodeExporter.service.hostPort }} + resources: +{{ toYaml .Values.prometheus.nodeExporter.resources | indent 12 }} + volumeMounts: + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + {{- range .Values.prometheus.nodeExporter.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- if .mountPropagation }} + mountPropagation: {{ .mountPropagation }} + {{- end }} + {{- end }} + {{- range .Values.prometheus.nodeExporter.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.prometheus.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.prometheus.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.prometheus.nodeExporter.hostNetwork }} + hostNetwork: true + {{- end }} + {{- if .Values.prometheus.nodeExporter.hostPID }} + hostPID: true + {{- end }} + {{- if .Values.prometheus.nodeExporter.tolerations }} + tolerations: +{{ toYaml .Values.prometheus.nodeExporter.tolerations | indent 8 }} + {{- end }} + {{- if .Values.prometheus.nodeExporter.nodeSelector }} + nodeSelector: +{{ toYaml .Values.prometheus.nodeExporter.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.prometheus.nodeExporter.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.nodeExporter.securityContext | indent 8 }} + {{- end }} + volumes: + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + {{- range .Values.prometheus.nodeExporter.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.prometheus.nodeExporter.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-ocp-scc.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-ocp-scc.yaml similarity index 90% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-ocp-scc.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-ocp-scc.yaml index 62b0ff2aa..e226f9bea 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-ocp-scc.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-ocp-scc.yaml @@ -1,4 +1,4 @@ -{{- if and (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") (.Values.global.platforms.openshift.scc.nodeExporter) (.Values.nodeExporter.enabled) }} +{{- if and (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") (.Values.global.platforms.openshift.scc.nodeExporter) (.Values.prometheus.nodeExporter.enabled) }} apiVersion: security.openshift.io/v1 kind: SecurityContextConstraints metadata: diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-service.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-service.yaml new file mode 100644 index 000000000..1ef342d0e --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-service.yaml @@ -0,0 +1,47 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.nodeExporter.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.prometheus.nodeExporter.service.annotations }} + annotations: +{{ toYaml .Values.prometheus.nodeExporter.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} +{{- if .Values.prometheus.nodeExporter.service.labels }} +{{ toYaml .Values.prometheus.nodeExporter.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.nodeExporter.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: +{{- if .Values.prometheus.nodeExporter.service.clusterIP }} + clusterIP: {{ .Values.prometheus.nodeExporter.service.clusterIP }} +{{- end }} +{{- if .Values.prometheus.nodeExporter.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheus.nodeExporter.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.nodeExporter.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheus.nodeExporter.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheus.nodeExporter.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheus.nodeExporter.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: metrics + port: {{ .Values.prometheus.nodeExporter.service.servicePort }} + protocol: TCP + {{- if .Values.prometheus.nodeExporter.hostNetwork }} + targetPort: {{ .Values.prometheus.nodeExporter.service.hostPort }} + {{- else }} + targetPort: 9100 + {{- end }} + selector: + {{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }} + type: "{{ .Values.prometheus.nodeExporter.service.type }}" +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-serviceaccount.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-serviceaccount.yaml similarity index 72% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-serviceaccount.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-serviceaccount.yaml index 42d8e4b6d..3cb68d8e4 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-node-exporter-serviceaccount.yaml @@ -1,5 +1,5 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}} +{{- if and .Values.prometheus.nodeExporter.enabled .Values.prometheus.serviceAccounts.nodeExporter.create -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-deployment.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-deployment.yaml new file mode 100644 index 000000000..18c0630a6 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-deployment.yaml @@ -0,0 +1,100 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.pushgateway.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + {{- if .Values.prometheus.pushgateway.schedulerName }} + schedulerName: "{{ .Values.prometheus.pushgateway.schedulerName }}" + {{- end }} + matchLabels: + {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} + replicas: {{ .Values.prometheus.pushgateway.replicaCount }} + {{- if .Values.prometheus.pushgateway.strategy }} + strategy: +{{ toYaml .Values.prometheus.pushgateway.strategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.prometheus.pushgateway.podAnnotations }} + annotations: +{{ toYaml .Values.prometheus.pushgateway.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }} +{{- if .Values.prometheus.pushgateway.priorityClassName }} + priorityClassName: "{{ .Values.prometheus.pushgateway.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.pushgateway.name }} + image: "{{ .Values.prometheus.pushgateway.image.repository }}:{{ .Values.prometheus.pushgateway.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.pushgateway.image.pullPolicy }}" + args: + {{- range $key, $value := .Values.prometheus.pushgateway.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + ports: + - containerPort: 9091 + livenessProbe: + httpGet: + {{- if (index .Values.prometheus "pushgateway" "extraArgs" "web.route-prefix") }} + path: /{{ index .Values.prometheus "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy + {{- else }} + path: /-/healthy + {{- end }} + port: 9091 + initialDelaySeconds: 10 + timeoutSeconds: 10 + readinessProbe: + httpGet: + {{- if (index .Values.prometheus "pushgateway" "extraArgs" "web.route-prefix") }} + path: /{{ index .Values.prometheus "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready + {{- else }} + path: /-/ready + {{- end }} + port: 9091 + initialDelaySeconds: 10 + timeoutSeconds: 10 + resources: +{{ toYaml .Values.prometheus.pushgateway.resources | indent 12 }} + {{- if .Values.prometheus.pushgateway.persistentVolume.enabled }} + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.prometheus.pushgateway.persistentVolume.mountPath }}" + subPath: "{{ .Values.prometheus.pushgateway.persistentVolume.subPath }}" + {{- end }} + {{- if .Values.prometheus.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.prometheus.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.prometheus.pushgateway.nodeSelector }} + nodeSelector: +{{ toYaml .Values.prometheus.pushgateway.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.prometheus.pushgateway.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.pushgateway.securityContext | indent 8 }} + {{- end }} + {{- if .Values.prometheus.pushgateway.tolerations }} + tolerations: +{{ toYaml .Values.prometheus.pushgateway.tolerations | indent 8 }} + {{- end }} + {{- if .Values.prometheus.pushgateway.affinity }} + affinity: +{{ toYaml .Values.prometheus.pushgateway.affinity | indent 8 }} + {{- end }} + {{- if .Values.prometheus.pushgateway.persistentVolume.enabled }} + volumes: + - name: storage-volume + persistentVolumeClaim: + claimName: {{ if .Values.prometheus.pushgateway.persistentVolume.existingClaim }}{{ .Values.prometheus.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }} + {{- end -}} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-ingress.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-ingress.yaml similarity index 53% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-ingress.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-ingress.yaml index 7c40ca634..2d3f1d283 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-ingress.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-ingress.yaml @@ -1,21 +1,15 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}} +{{- if and .Values.prometheus.pushgateway.enabled .Values.prometheus.pushgateway.ingress.enabled -}} {{- $releaseName := .Release.Name -}} {{- $serviceName := include "prometheus.pushgateway.fullname" . }} -{{- $servicePort := .Values.pushgateway.service.servicePort -}} -{{- $extraPaths := .Values.pushgateway.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} +{{- $servicePort := .Values.prometheus.pushgateway.service.servicePort -}} +{{- $extraPaths := .Values.prometheus.pushgateway.ingress.extraPaths -}} apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} kind: Ingress metadata: -{{- if .Values.pushgateway.ingress.annotations }} +{{- if .Values.prometheus.pushgateway.ingress.annotations }} annotations: -{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}} +{{ toYaml .Values.prometheus.pushgateway.ingress.annotations | indent 4}} {{- end }} labels: {{- include "prometheus.pushgateway.labels" . | nindent 4 }} @@ -23,7 +17,7 @@ metadata: namespace: {{ .Release.Namespace }} spec: rules: - {{- range .Values.pushgateway.ingress.hosts }} + {{- range .Values.prometheus.pushgateway.ingress.hosts }} {{- $url := splitList "/" . }} - host: {{ first $url }} http: @@ -36,9 +30,9 @@ spec: serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} {{- end -}} -{{- if .Values.pushgateway.ingress.tls }} +{{- if .Values.prometheus.pushgateway.ingress.tls }} tls: -{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }} +{{ toYaml .Values.prometheus.pushgateway.ingress.tls | indent 4 }} {{- end -}} {{- end -}} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-networkpolicy.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-networkpolicy.yaml similarity index 79% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-networkpolicy.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-networkpolicy.yaml index c40baa2ec..b6e41eedf 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-networkpolicy.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-networkpolicy.yaml @@ -1,6 +1,6 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +{{- if and .Values.prometheus.pushgateway.enabled .Values.networkPolicy.enabled -}} +apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "prometheus.pushgateway.fullname" . }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pdb.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-pdb.yaml similarity index 59% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pdb.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-pdb.yaml index ad5cc84a0..00f7e4502 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pdb.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-pdb.yaml @@ -1,17 +1,13 @@ {{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.podDisruptionBudget.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1" -}} +{{- if .Values.prometheus.pushgateway.podDisruptionBudget.enabled }} apiVersion: policy/v1 -{{- else}} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ template "prometheus.pushgateway.fullname" . }} labels: {{- include "prometheus.pushgateway.labels" . | nindent 4 }} spec: - maxUnavailable: {{ .Values.pushgateway.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.prometheus.pushgateway.podDisruptionBudget.maxUnavailable }} selector: matchLabels: {{- include "prometheus.pushgateway.labels" . | nindent 6 }} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-pvc.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-pvc.yaml new file mode 100644 index 000000000..ba22f5921 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-pvc.yaml @@ -0,0 +1,35 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.pushgateway.enabled -}} +{{- if .Values.prometheus.pushgateway.persistentVolume.enabled -}} +{{- if not .Values.prometheus.pushgateway.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.prometheus.pushgateway.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.prometheus.pushgateway.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: +{{ toYaml .Values.prometheus.pushgateway.persistentVolume.accessModes | indent 4 }} +{{- if .Values.prometheus.pushgateway.persistentVolume.storageClass }} +{{- if (eq "-" .Values.prometheus.pushgateway.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.prometheus.pushgateway.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.prometheus.pushgateway.persistentVolume.volumeBindingMode }} + volumeBindingModeName: "{{ .Values.prometheus.pushgateway.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.prometheus.pushgateway.persistentVolume.size }}" +{{- end -}} +{{- end -}} +{{ end }} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-service.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-service.yaml new file mode 100644 index 000000000..3e8811704 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-service.yaml @@ -0,0 +1,43 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.pushgateway.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.prometheus.pushgateway.service.annotations }} + annotations: +{{ toYaml .Values.prometheus.pushgateway.service.annotations | indent 4}} +{{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} +{{- if .Values.prometheus.pushgateway.service.labels }} +{{ toYaml .Values.prometheus.pushgateway.service.labels | indent 4}} +{{- end }} + name: {{ template "prometheus.pushgateway.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: +{{- if .Values.prometheus.pushgateway.service.clusterIP }} + clusterIP: {{ .Values.prometheus.pushgateway.service.clusterIP }} +{{- end }} +{{- if .Values.prometheus.pushgateway.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheus.pushgateway.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.pushgateway.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheus.pushgateway.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheus.pushgateway.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheus.pushgateway.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.prometheus.pushgateway.service.servicePort }} + protocol: TCP + targetPort: 9091 + selector: + {{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }} + type: "{{ .Values.prometheus.pushgateway.service.type }}" +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-serviceaccount.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-serviceaccount.yaml similarity index 73% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-serviceaccount.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-serviceaccount.yaml index b249d216d..1339e4b6b 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-pushgateway-serviceaccount.yaml @@ -1,5 +1,5 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}} +{{- if and .Values.prometheus.pushgateway.enabled .Values.prometheus.serviceAccounts.pushgateway.create -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-clusterrole.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-clusterrole.yaml similarity index 69% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/server-clusterrole.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-server-clusterrole.yaml index 7f9758707..367219555 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-clusterrole.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-clusterrole.yaml @@ -1,5 +1,5 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.server.enabled .Values.rbac.create -}} +{{- if and .Values.prometheus.server.enabled .Values.prometheus.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -7,16 +7,6 @@ metadata: {{- include "prometheus.server.labels" . | nindent 4 }} name: {{ template "prometheus.server.fullname" . }} rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.server.fullname" . }} -{{- end }} - apiGroups: - "" resources: @@ -33,7 +23,7 @@ rules: - list - watch - apiGroups: - - "extensions" + - networking.k8s.io resources: - ingresses/status - ingresses diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-clusterrolebinding.yaml similarity index 86% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/server-clusterrolebinding.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-server-clusterrolebinding.yaml index 995bc248e..e03d8e443 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-clusterrolebinding.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-clusterrolebinding.yaml @@ -1,5 +1,5 @@ {{ if .Values.global.prometheus.enabled }} -{{- if and .Values.server.enabled .Values.rbac.create -}} +{{- if and .Values.prometheus.server.enabled .Values.prometheus.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-configmap.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-configmap.yaml similarity index 61% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/server-configmap.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-server-configmap.yaml index 27d1c74ad..ca91b2d4a 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-configmap.yaml @@ -1,6 +1,6 @@ {{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if (empty .Values.server.configMapOverrideName) -}} +{{- if .Values.prometheus.server.enabled -}} +{{- if (empty .Values.prometheus.server.configMapOverrideName) -}} apiVersion: v1 kind: ConfigMap metadata: @@ -10,24 +10,24 @@ metadata: namespace: {{ .Release.Namespace }} data: {{- $root := . -}} -{{- range $key, $value := .Values.serverFiles }} +{{- range $key, $value := .Values.prometheus.serverFiles }} {{ $key }}: | {{- if eq $key "prometheus.yml" }} global: -{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }} +{{ $root.Values.prometheus.server.global | toYaml | trimSuffix "\n" | indent 6 }} {{- if $root.Values.global.amp.enabled }} remote_write: - url: {{ $root.Values.global.amp.remoteWriteService }} sigv4: {{ $root.Values.global.amp.sigv4 | toYaml | indent 8 }} {{- end }} -{{- if $root.Values.server.remoteWrite }} +{{- if $root.Values.prometheus.server.remoteWrite }} remote_write: -{{ $root.Values.server.remoteWrite | toYaml | indent 4 }} +{{ $root.Values.prometheus.server.remoteWrite | toYaml | indent 4 }} {{- end }} -{{- if $root.Values.server.remoteRead }} +{{- if $root.Values.prometheus.server.remoteRead }} remote_read: -{{ $root.Values.server.remoteRead | toYaml | indent 4 }} +{{ $root.Values.prometheus.server.remoteRead | toYaml | indent 4 }} {{- end }} {{- end }} {{- if eq $key "alerts" }} @@ -45,25 +45,25 @@ data: {{ toYaml $value | default "{}" | indent 4 }} {{- end }} {{- if eq $key "prometheus.yml" -}} -{{- if $root.Values.extraScrapeConfigs }} -{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }} +{{- if $root.Values.prometheus.extraScrapeConfigs }} +{{ tpl $root.Values.prometheus.extraScrapeConfigs $root | indent 4 }} {{- end -}} -{{- if or ($root.Values.alertmanager.enabled) ($root.Values.server.alertmanagers) }} +{{- if or ($root.Values.prometheus.alertmanager.enabled) ($root.Values.prometheus.server.alertmanagers) }} alerting: -{{- if $root.Values.alertRelabelConfigs }} -{{ $root.Values.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }} +{{- if $root.Values.prometheus.alertRelabelConfigs }} +{{ $root.Values.prometheus.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }} {{- end }} alertmanagers: -{{- if $root.Values.server.alertmanagers }} -{{ toYaml $root.Values.server.alertmanagers | indent 8 }} +{{- if $root.Values.prometheus.server.alertmanagers }} +{{ toYaml $root.Values.prometheus.server.alertmanagers | indent 8 }} {{- else }} - kubernetes_sd_configs: - role: pod tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if $root.Values.alertmanager.prefixURL }} - path_prefix: {{ $root.Values.alertmanager.prefixURL }} + {{- if $root.Values.prometheus.alertmanager.prefixURL }} + path_prefix: {{ $root.Values.prometheus.alertmanager.prefixURL }} {{- end }} relabel_configs: - source_labels: [__meta_kubernetes_namespace] @@ -76,7 +76,7 @@ data: regex: alertmanager action: keep - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] - regex: {{ index $root.Values.alertmanager.podAnnotations "prometheus.io/probe" | default ".*" }} + regex: {{ index $root.Values.prometheus.alertmanager.podAnnotations "prometheus.io/probe" | default ".*" }} action: keep - source_labels: [__meta_kubernetes_pod_container_port_number] regex: diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-server-deployment.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-deployment.yaml new file mode 100644 index 000000000..2151b4f8a --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-deployment.yaml @@ -0,0 +1,253 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.server.enabled -}} +{{- if not .Values.prometheus.server.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: +{{- if .Values.prometheus.server.deploymentAnnotations }} + annotations: +{{ toYaml .Values.prometheus.server.deploymentAnnotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 6 }} + replicas: {{ .Values.prometheus.server.replicaCount }} + {{- if .Values.prometheus.server.strategy }} + strategy: +{{ toYaml .Values.prometheus.server.strategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.prometheus.server.podAnnotations }} + annotations: +{{ toYaml .Values.prometheus.server.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 8 }} + {{- if .Values.prometheus.server.podLabels}} + {{ toYaml .Values.prometheus.server.podLabels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.prometheus.server.priorityClassName }} + priorityClassName: "{{ .Values.prometheus.server.priorityClassName }}" +{{- end }} +{{- if .Values.prometheus.server.schedulerName }} + schedulerName: "{{ .Values.prometheus.server.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} + {{- if .Values.prometheus.server.extraInitContainers }} + initContainers: +{{ toYaml .Values.prometheus.server.extraInitContainers | indent 8 }} + {{- end }} + containers: + {{- if .Values.prometheus.configmapReload.prometheus.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.server.name }}-{{ .Values.prometheus.configmapReload.prometheus.name }} + image: "{{ .Values.prometheus.configmapReload.prometheus.image.repository }}:{{ .Values.prometheus.configmapReload.prometheus.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.configmapReload.prometheus.image.pullPolicy }}" + args: + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9090{{ .Values.prometheus.server.prefixURL }}/-/reload + {{- range $key, $value := .Values.prometheus.configmapReload.prometheus.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.prometheus.configmapReload.prometheus.extraVolumeDirs }} + - --watched-dir={{ . }} + {{- end }} + resources: + {{- toYaml .Values.prometheus.configmapReload.prometheus.resources | nindent 12 }} + securityContext: + {{- if .Values.global.containerSecurityContext }} + {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} + {{- else }} + {{- toYaml .Values.prometheus.configmapReload.prometheus.containerSecurityContext | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.prometheus.selfsignedCertConfigMapName }} + - name: {{ .Values.prometheus.selfsignedCertConfigMapName }} + mountPath: /etc/ssl/certs/my-cert.pem + subPath: my-cert.pem + readOnly: false + {{- end }} + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- range .Values.prometheus.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.prometheus.configmapReload.prometheus.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.server.name }} + image: "{{ .Values.prometheus.server.image.repository }}:{{ .Values.prometheus.server.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.server.image.pullPolicy }}" + {{- if .Values.prometheus.server.env }} + env: +{{ toYaml .Values.prometheus.server.env | indent 12}} + {{- end }} + args: + {{- if .Values.prometheus.server.retention }} + - --storage.tsdb.retention.time={{ .Values.prometheus.server.retention }} + {{- end }} + {{- if .Values.prometheus.server.retentionSize }} + - --storage.tsdb.retention.size={{ .Values.prometheus.server.retentionSize }} + {{- end }} + - --config.file={{ .Values.prometheus.server.configPath }} + - --storage.tsdb.path={{ .Values.prometheus.server.persistentVolume.mountPath }} + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + {{- range .Values.prometheus.server.extraFlags }} + - --{{ . }} + {{- end }} + {{- if .Values.prometheus.server.baseURL }} + - --web.external-url={{ .Values.prometheus.server.baseURL }} + {{- end }} + + {{- range $key, $value := .Values.prometheus.server.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: {{ .Values.prometheus.server.prefixURL }}/-/ready + port: 9090 + initialDelaySeconds: {{ .Values.prometheus.server.readinessProbeInitialDelay }} + timeoutSeconds: {{ .Values.prometheus.server.readinessProbeTimeout }} + failureThreshold: {{ .Values.prometheus.server.readinessProbeFailureThreshold }} + successThreshold: {{ .Values.prometheus.server.readinessProbeSuccessThreshold }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.server.prefixURL }}/-/healthy + port: 9090 + initialDelaySeconds: {{ .Values.prometheus.server.livenessProbeInitialDelay }} + timeoutSeconds: {{ .Values.prometheus.server.livenessProbeTimeout }} + failureThreshold: {{ .Values.prometheus.server.livenessProbeFailureThreshold }} + successThreshold: {{ .Values.prometheus.server.livenessProbeSuccessThreshold }} + resources: + {{- toYaml .Values.prometheus.server.resources | nindent 12 }} + securityContext: + {{- if .Values.global.containerSecurityContext }} + {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} + {{- else }} + {{- toYaml .Values.prometheus.server.containerSecurityContext | nindent 12 }} + {{- end }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: {{ .Values.prometheus.server.persistentVolume.mountPath }} + subPath: "{{ .Values.prometheus.server.persistentVolume.subPath }}" + {{- range .Values.prometheus.server.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.prometheus.server.extraConfigmapMounts }} + - name: {{ $.Values.prometheus.server.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.prometheus.server.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.prometheus.server.extraVolumeMounts }} + {{ toYaml .Values.prometheus.server.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.prometheus.server.sidecarContainers }} + {{- toYaml .Values.prometheus.server.sidecarContainers | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.prometheus.imagePullSecrets | indent 0 }} + {{- end }} + {{- if .Values.prometheus.server.nodeSelector }} + nodeSelector: + {{- toYaml .Values.prometheus.server.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.server.securityContext }} + securityContext: + {{- if not .Values.prometheus.server.securityContext.fsGroup }} + fsGroupChangePolicy: OnRootMismatch + fsGroup: 1001 + {{- end }} + {{- toYaml .Values.prometheus.server.securityContext | nindent 8 }} + {{- else if and (.Values.global.platforms.openshift.enabled) (.Values.global.platforms.openshift.securityContext) }} + securityContext: + {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }} + {{- else if .Values.global.securityContext }} + securityContext: + {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.server.tolerations }} + tolerations: +{{ toYaml .Values.prometheus.server.tolerations | indent 8 }} + {{- end }} + {{- if .Values.prometheus.server.affinity }} + affinity: +{{ toYaml .Values.prometheus.server.affinity | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.prometheus.server.terminationGracePeriodSeconds }} + volumes: + {{- if .Values.prometheus.selfsignedCertConfigMapName }} + - name: {{ .Values.prometheus.selfsignedCertConfigMapName }} + configMap: + name: {{ .Values.prometheus.selfsignedCertConfigMapName }} + {{- end }} + - name: config-volume + configMap: + name: {{ if .Values.prometheus.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.prometheus.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + - name: storage-volume + {{- if .Values.prometheus.server.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.prometheus.server.persistentVolume.existingClaim }}{{ .Values.prometheus.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + {{- else }} + emptyDir: + {{- if .Values.prometheus.server.emptyDir.sizeLimit }} + sizeLimit: {{ .Values.prometheus.server.emptyDir.sizeLimit }} + {{- else }} + {} + {{- end -}} + {{- end -}} +{{- if .Values.prometheus.server.extraVolumes }} +{{ toYaml .Values.prometheus.server.extraVolumes | indent 8}} +{{- end }} + {{- range .Values.prometheus.server.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.prometheus.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.prometheus.configmapReload.prometheus.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.prometheus.server.extraConfigmapMounts }} + - name: {{ $.Values.prometheus.server.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.prometheus.server.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- range .Values.prometheus.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-server-ingress.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-ingress.yaml new file mode 100644 index 000000000..18a7835fc --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-ingress.yaml @@ -0,0 +1,45 @@ +{{- if and (.Values.global.prometheus.enabled) (.Values.prometheus.server.enabled) (.Values.prometheus.server.ingress.enabled) }} +{{- $serviceName := include "prometheus.server.fullname" . }} +{{- $servicePort := .Values.prometheus.server.service.servicePort -}} +{{- $extraPaths := .Values.prometheus.server.ingress.extraPaths -}} +{{- $pathType := .Values.prometheus.server.ingress.pathType -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: +{{- if .Values.prometheus.server.ingress.annotations }} + annotations: +{{ toYaml .Values.prometheus.server.ingress.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +{{- range $key, $value := .Values.prometheus.server.ingress.extraLabels }} + {{ $key }}: {{ $value }} +{{- end }} + name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: +{{- if .Values.prometheus.server.ingress.className }} + ingressClassName: {{ .Values.prometheus.server.ingress.className }} +{{- end }} + rules: + {{- range .Values.prometheus.server.ingress.hosts }} + {{- $url := splitList "/" . }} + - host: {{ first $url }} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: /{{ rest $url | join "/" }} + pathType: {{ $pathType }} + backend: + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- end -}} +{{- if .Values.prometheus.server.ingress.tls }} + tls: +{{ toYaml .Values.prometheus.server.ingress.tls | indent 4 }} + {{- end -}} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-networkpolicy.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-networkpolicy.yaml similarity index 61% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/server-networkpolicy.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-server-networkpolicy.yaml index 34ee1fc3d..23b04419c 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-networkpolicy.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-networkpolicy.yaml @@ -1,7 +1,5 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.networkPolicy.enabled }} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +{{- if and (.Values.global.prometheus.enabled) (.Values.prometheus.server.enabled) (.Values.networkPolicy.enabled) }} +apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "prometheus.server.fullname" . }} @@ -15,6 +13,4 @@ spec: ingress: - ports: - port: 9090 -{{- end }} -{{- end }} -{{ end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pdb.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-pdb.yaml similarity index 59% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pdb.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-server-pdb.yaml index 0514a234d..52ceeb248 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pdb.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-pdb.yaml @@ -1,17 +1,13 @@ {{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.podDisruptionBudget.enabled }} -{{- if .Capabilities.APIVersions.Has "policy/v1" -}} +{{- if .Values.prometheus.server.podDisruptionBudget.enabled }} apiVersion: policy/v1 -{{- else}} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ template "prometheus.server.fullname" . }} labels: {{- include "prometheus.server.labels" . | nindent 4 }} spec: - maxUnavailable: {{ .Values.server.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.prometheus.server.podDisruptionBudget.maxUnavailable }} selector: matchLabels: {{- include "prometheus.server.labels" . | nindent 6 }} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-server-pvc.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-pvc.yaml new file mode 100644 index 000000000..301a33e1a --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-pvc.yaml @@ -0,0 +1,37 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.server.enabled -}} +{{- if not .Values.prometheus.server.statefulSet.enabled -}} +{{- if .Values.prometheus.server.persistentVolume.enabled -}} +{{- if not .Values.prometheus.server.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.prometheus.server.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.prometheus.server.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: +{{ toYaml .Values.prometheus.server.persistentVolume.accessModes | indent 4 }} +{{- if .Values.prometheus.server.persistentVolume.storageClass }} +{{- if (eq "-" .Values.prometheus.server.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.prometheus.server.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.prometheus.server.persistentVolume.volumeBindingMode }} + volumeBindingModeName: "{{ .Values.prometheus.server.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.prometheus.server.persistentVolume.size }}" +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service-headless.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-service-headless.yaml similarity index 51% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service-headless.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-server-service-headless.yaml index 30e57620d..019803d30 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service-headless.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-service-headless.yaml @@ -1,17 +1,17 @@ {{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.statefulSet.enabled -}} +{{- if .Values.prometheus.server.enabled -}} +{{- if .Values.prometheus.server.statefulSet.enabled -}} apiVersion: v1 kind: Service metadata: -{{- if .Values.server.statefulSet.headless.annotations }} +{{- if .Values.prometheus.server.statefulSet.headless.annotations }} annotations: -{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }} +{{ toYaml .Values.prometheus.server.statefulSet.headless.annotations | indent 4 }} {{- end }} labels: {{- include "prometheus.server.labels" . | nindent 4 }} -{{- if .Values.server.statefulSet.headless.labels }} -{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }} +{{- if .Values.prometheus.server.statefulSet.headless.labels }} +{{ toYaml .Values.prometheus.server.statefulSet.headless.labels | indent 4 }} {{- end }} name: {{ template "prometheus.server.fullname" . }}-headless namespace: {{ .Release.Namespace }} @@ -19,7 +19,7 @@ spec: clusterIP: None ports: - name: http - port: {{ .Values.server.statefulSet.headless.servicePort }} + port: {{ .Values.prometheus.server.statefulSet.headless.servicePort }} protocol: TCP targetPort: 9090 selector: diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-server-service.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-service.yaml new file mode 100644 index 000000000..69f093c38 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-service.yaml @@ -0,0 +1,62 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.server.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.prometheus.server.service.annotations }} + annotations: +{{ toYaml .Values.prometheus.server.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +{{- if .Values.prometheus.server.service.labels }} +{{ toYaml .Values.prometheus.server.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: +{{- if .Values.prometheus.server.service.clusterIP }} + clusterIP: {{ .Values.prometheus.server.service.clusterIP }} +{{- end }} +{{- if .Values.prometheus.server.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheus.server.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.server.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheus.server.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheus.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheus.server.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.prometheus.server.service.servicePort }} + protocol: TCP + targetPort: 9090 + {{- if .Values.prometheus.server.service.nodePort }} + nodePort: {{ .Values.prometheus.server.service.nodePort }} + {{- end }} + {{- if .Values.prometheus.server.service.gRPC.enabled }} + - name: grpc + port: {{ .Values.prometheus.server.service.gRPC.servicePort }} + protocol: TCP + targetPort: 10901 + {{- if .Values.prometheus.server.service.gRPC.nodePort }} + nodePort: {{ .Values.prometheus.server.service.gRPC.nodePort }} + {{- end }} + {{- end }} + selector: + {{- if and .Values.prometheus.server.statefulSet.enabled .Values.prometheus.server.service.statefulsetReplica.enabled }} + statefulset.kubernetes.io/pod-name: {{ .Release.Name }}-{{ .Values.prometheus.server.name }}-{{ .Values.prometheus.server.service.statefulsetReplica.replica }} + {{- else -}} + {{- include "prometheus.server.matchLabels" . | nindent 4 }} +{{- if .Values.prometheus.server.service.sessionAffinity }} + sessionAffinity: {{ .Values.prometheus.server.service.sessionAffinity }} +{{- end }} + {{- end }} + type: "{{ .Values.prometheus.server.service.type }}" +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-serviceaccount.yaml similarity index 67% rename from charts/kubecost/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml rename to charts/kubecost/cost-analyzer/templates/prometheus-server-serviceaccount.yaml index 78e08331b..17ee234bb 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-serviceaccount.yaml @@ -1,6 +1,6 @@ {{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.serviceAccounts.server.create }} +{{- if .Values.prometheus.server.enabled -}} +{{- if .Values.prometheus.serviceAccounts.server.create }} apiVersion: v1 kind: ServiceAccount metadata: @@ -8,7 +8,7 @@ metadata: {{- include "prometheus.server.labels" . | nindent 4 }} name: {{ template "prometheus.serviceAccountName.server" . }} namespace: {{ .Release.Namespace }} - {{- with .Values.serviceAccounts.server.annotations }} + {{- with .Values.prometheus.serviceAccounts.server.annotations }} annotations: {{- . | toYaml | nindent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-server-statefulset.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-statefulset.yaml new file mode 100644 index 000000000..dc90334c6 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-statefulset.yaml @@ -0,0 +1,221 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.prometheus.server.enabled -}} +{{- if .Values.prometheus.server.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: +{{- if .Values.prometheus.server.statefulSet.annotations }} + annotations: +{{ toYaml .Values.prometheus.server.statefulSet.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + {{- if .Values.prometheus.server.statefulSet.labels}} + {{ toYaml .Values.prometheus.server.statefulSet.labels | nindent 4 }} + {{- end}} + name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + serviceName: {{ template "prometheus.server.fullname" . }}-headless + selector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 6 }} + replicas: {{ .Values.prometheus.server.replicaCount }} + podManagementPolicy: {{ .Values.prometheus.server.statefulSet.podManagementPolicy }} + template: + metadata: + {{- if .Values.prometheus.server.podAnnotations }} + annotations: +{{ toYaml .Values.prometheus.server.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 8 }} + {{- if .Values.prometheus.server.statefulSet.labels}} + {{ toYaml .Values.prometheus.server.statefulSet.labels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.prometheus.server.priorityClassName }} + priorityClassName: "{{ .Values.prometheus.server.priorityClassName }}" +{{- end }} +{{- if .Values.prometheus.server.schedulerName }} + schedulerName: "{{ .Values.prometheus.server.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} + containers: + {{- if .Values.prometheus.configmapReload.prometheus.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.server.name }}-{{ .Values.prometheus.configmapReload.prometheus.name }} + image: "{{ .Values.prometheus.configmapReload.prometheus.image.repository }}:{{ .Values.prometheus.configmapReload.prometheus.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.configmapReload.prometheus.image.pullPolicy }}" + args: + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9090{{ .Values.prometheus.server.prefixURL }}/-/reload + {{- range $key, $value := .Values.prometheus.configmapReload.prometheus.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.prometheus.configmapReload.prometheus.extraVolumeDirs }} + - --watched-dir={{ . }} + {{- end }} + resources: +{{ toYaml .Values.prometheus.configmapReload.prometheus.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- range .Values.prometheus.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.prometheus.configmapReload.prometheus.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + - name: {{ template "prometheus.name" . }}-{{ .Values.prometheus.server.name }} + image: "{{ .Values.prometheus.server.image.repository }}:{{ .Values.prometheus.server.image.tag }}" + imagePullPolicy: "{{ .Values.prometheus.server.image.pullPolicy }}" + {{- if .Values.prometheus.server.env }} + env: +{{ toYaml .Values.prometheus.server.env | indent 12}} + {{- end }} + args: + {{- if .Values.prometheus.server.retention }} + - --storage.tsdb.retention.time={{ .Values.prometheus.server.retention }} + {{- end }} + - --config.file={{ .Values.prometheus.server.configPath }} + - --storage.tsdb.path={{ .Values.prometheus.server.persistentVolume.mountPath }} + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + {{- range .Values.prometheus.server.extraFlags }} + - --{{ . }} + {{- end }} + {{- range $key, $value := .Values.prometheus.server.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.prometheus.server.baseURL }} + - --web.external-url={{ .Values.prometheus.server.baseURL }} + {{- end }} + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: {{ .Values.prometheus.server.prefixURL }}/-/ready + port: 9090 + initialDelaySeconds: {{ .Values.prometheus.server.readinessProbeInitialDelay }} + timeoutSeconds: {{ .Values.prometheus.server.readinessProbeTimeout }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.server.prefixURL }}/-/healthy + port: 9090 + initialDelaySeconds: {{ .Values.prometheus.server.livenessProbeInitialDelay }} + timeoutSeconds: {{ .Values.prometheus.server.livenessProbeTimeout }} + resources: +{{ toYaml .Values.prometheus.server.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: {{ .Values.prometheus.server.persistentVolume.mountPath }} + subPath: "{{ .Values.prometheus.server.persistentVolume.subPath }}" + {{- range .Values.prometheus.server.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.prometheus.server.extraConfigmapMounts }} + - name: {{ $.Values.prometheus.server.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.prometheus.server.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.prometheus.server.extraVolumeMounts }} + {{ toYaml .Values.prometheus.server.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.prometheus.server.sidecarContainers }} + {{- toYaml .Values.prometheus.server.sidecarContainers | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.prometheus.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.prometheus.server.nodeSelector }} + nodeSelector: +{{ toYaml .Values.prometheus.server.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.prometheus.server.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.server.securityContext | indent 8 }} + {{- end }} + {{- if .Values.prometheus.server.tolerations }} + tolerations: +{{ toYaml .Values.prometheus.server.tolerations | indent 8 }} + {{- end }} + {{- if .Values.prometheus.server.affinity }} + affinity: +{{ toYaml .Values.prometheus.server.affinity | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.prometheus.server.terminationGracePeriodSeconds }} + volumes: + - name: config-volume + configMap: + name: {{ if .Values.prometheus.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.prometheus.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + {{- range .Values.prometheus.server.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.prometheus.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.prometheus.configmapReload.prometheus.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.prometheus.server.extraConfigmapMounts }} + - name: {{ $.Values.prometheus.server.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.prometheus.server.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- range .Values.prometheus.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} +{{- if .Values.prometheus.server.extraVolumes }} +{{ toYaml .Values.prometheus.server.extraVolumes | indent 8}} +{{- end }} +{{- if .Values.prometheus.server.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + {{- if .Values.prometheus.server.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.prometheus.server.persistentVolume.annotations | indent 10 }} + {{- end }} + spec: + accessModes: +{{ toYaml .Values.prometheus.server.persistentVolume.accessModes | indent 10 }} + resources: + requests: + storage: "{{ .Values.prometheus.server.persistentVolume.size }}" + {{- if .Values.prometheus.server.persistentVolume.storageClass }} + {{- if (eq "-" .Values.prometheus.server.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.prometheus.server.persistentVolume.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + - name: storage-volume + emptyDir: {} +{{- end }} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/templates/prometheus-server-vpa.yaml b/charts/kubecost/cost-analyzer/templates/prometheus-server-vpa.yaml new file mode 100644 index 000000000..25a61f253 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/prometheus-server-vpa.yaml @@ -0,0 +1,22 @@ +{{- if and (.Values.global.prometheus.enabled) (.Values.prometheus.server.enabled) (.Values.prometheus.server.verticalAutoscaler.enabled) }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }}-vpa + namespace: {{ .Release.Namespace }} +spec: + targetRef: + apiVersion: apps/v1 +{{- if .Values.prometheus.server.statefulSet.enabled }} + kind: StatefulSet +{{- else }} + kind: Deployment +{{- end }} + name: {{ template "prometheus.server.fullname" . }} + updatePolicy: + updateMode: {{ .Values.prometheus.server.verticalAutoscaler.updateMode | default "Off" | quote }} + resourcePolicy: + containerPolicies: {{ .Values.prometheus.server.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-binding-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-binding-template.yaml deleted file mode 100644 index 76110e15b..000000000 --- a/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-binding-template.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "query-service.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{ include "query-service.commonLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "query-service.serviceAccountName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "query-service.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "query-service.serviceAccountName" . }} - labels: - {{ include "query-service.commonLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "query-service.serviceAccountName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "query-service.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-template.yaml deleted file mode 100644 index 274e50d4d..000000000 --- a/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-template.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "query-service.serviceAccountName" . }} - labels: - {{ include "query-service.commonLabels" . | nindent 4 }} -rules: -- apiGroups: - - '' - resources: - - "pods/log" - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "query-service.serviceAccountName" . }} - labels: - {{ include "query-service.commonLabels" . | nindent 4 }} -rules: - - apiGroups: - - '' - resources: - - configmaps - - deployments - - nodes - - pods - - events - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - daemonsets - - replicasets - verbs: - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - events.k8s.io - resources: - - events - verbs: - - get - - list - - watch -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml deleted file mode 100644 index c36565b3a..000000000 --- a/charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml +++ /dev/null @@ -1,186 +0,0 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "query-service.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "query-service.commonLabels" . | nindent 4 }} -spec: - replicas: {{ .Values.kubecostDeployment.queryServiceReplicas }} - serviceName: "query-service" - selector: - matchLabels: - app.kubernetes.io/name: query-service - app.kubernetes.io/instance: {{ .Release.Name }} - app: query-service - volumeClaimTemplates: - - metadata: - name: database-storage - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.kubecostDeployment.queryService.storageClass }} - resources: - requests: - storage: {{ .Values.kubecostDeployment.queryService.databaseVolumeSize }} - - metadata: - name: persistent-configs - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.kubecostDeployment.queryService.storageClass }} - resources: - requests: - storage: {{ .Values.kubecostDeployment.queryService.configVolumeSize }} - template: - metadata: - labels: - app.kubernetes.io/name: query-service - app.kubernetes.io/instance: {{ .Release.Name }} - app: query-service - {{- with .Values.global.podAnnotations}} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: Always - {{- if .Values.kubecostDeployment.queryService.securityContext }} - securityContext: - {{- toYaml .Values.kubecostDeployment.queryService.securityContext | nindent 8 }} - {{- else if and (.Values.global.platforms.openshift.enabled) (.Values.global.platforms.openshift.securityContext) }} - securityContext: - {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }} - {{- else if .Values.global.securityContext }} - securityContext: - {{- toYaml .Values.global.securityContext | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "query-service.serviceAccountName" . }} - volumes: - {{- $etlBackupBucketSecret := "" }} - {{- if .Values.kubecostModel.queryServiceConfigSecret }} - {{- $etlBackupBucketSecret = .Values.kubecostModel.queryServiceConfigSecret }} - {{- else if .Values.kubecostModel.federatedStorageConfigSecret }} - {{- $etlBackupBucketSecret = .Values.kubecostModel.federatedStorageConfigSecret }} - {{- else if .Values.kubecostModel.etlBucketConfigSecret }} - {{- $etlBackupBucketSecret = .Values.kubecostModel.etlBucketConfigSecret }} - {{- else if and .Values.global.thanos.enabled (ne (typeOf .Values.kubecostModel.etlBucketConfigSecret) "string") }} - {{- $etlBackupBucketSecret = .Values.thanos.storeSecretName }} - {{- end }} - {{- if $etlBackupBucketSecret }} - - name: etl-bucket-config - secret: - defaultMode: 420 - secretName: {{ $etlBackupBucketSecret }} - {{- end }} - {{- if .Values.kubecostDeployment.queryService.extraVolumes }} - {{- toYaml .Values.kubecostDeployment.queryService.extraVolumes | nindent 8 }} - {{- end }} - containers: - - name: query-service - {{- if .Values.kubecostModel }} - {{- if .Values.kubecostModel.openSourceOnly }} - image: quay.io/kubecost1/kubecost-cost-model:{{ .Values.imageVersion }} - {{- else if .Values.kubecostModel.fullImageName }} - image: {{ .Values.kubecostModel.fullImageName }} - {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} - {{- else }} - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz - port: 9003 - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 200 - imagePullPolicy: Always - securityContext: - {{- if .Values.kubecostDeployment.queryService.containerSecurityContext }} - {{- toYaml .Values.kubecostDeployment.queryService.containerSecurityContext | nindent 12 -}} - {{- else if .Values.global.containerSecurityContext }} - {{- toYaml .Values.global.containerSecurityContext | nindent 12 -}} - {{- end }} - args: ["query-service"] - ports: - - name: tcp-model - containerPort: 9003 - protocol: TCP - {{- with .Values.kubecostDeployment.queryService.extraPorts }} - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.kubecostDeployment.queryService.resources | nindent 12 }} - volumeMounts: - - name: persistent-configs - mountPath: /var/configs - - name: etl-bucket-config - mountPath: /var/configs/etl - - name: database-storage - mountPath: /var/db - {{- if .Values.kubecostDeployment.queryService.extraVolumeMounts }} - {{- toYaml .Values.kubecostDeployment.queryService.extraVolumeMounts | nindent 12 }} - {{- end }} - env: - - name: CONFIG_PATH - value: /var/configs/ - - name: DB_PATH - value: /var/db/ - - name: ETL_FILE_STORE_ENABLED - value: "true" - {{- if $etlBackupBucketSecret }} - - name: ETL_BUCKET_CONFIG - {{- if not .Values.kubecostModel.federatedStorageConfigSecret}} - value: "/var/configs/etl/object-store.yaml" - {{- else }} - value: "/var/configs/etl/federated-store.yaml" - - name: CLUSTER_ID - value: "combined" - - name: FEDERATED_STORE_CONFIG - value: "/var/configs/etl/federated-store.yaml" - - name: FEDERATED_CLUSTER - value: "true" - - name: FEDERATED_PRIMARY_CLUSTER - value: "true" - - name: FEDERATED_REDIRECT_BACKUP - value: "true" - {{- end }} - {{- end }} - - name: ETL_PATH_PREFIX - value: "/var/db" - - name: CLOUD_PROVIDER_API_KEY - value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API key.This GCP api key is expected to be here and is limited to accessing google's billing API.' - {{- if .Values.kubecostDeployment.queryService.extraEnv }} - {{- toYaml .Values.kubecostDeployment.queryService.extraEnv | nindent 12 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.kubecostDeployment.queryService.priority }} - {{- if .Values.kubecostDeployment.queryService.priority.enabled }} - {{- if .Values.kubecostDeployment.queryService.priority.name }} - priorityClassName: {{ .Values.kubecostDeployment.queryService.priority.name }} - {{- else }} - priorityClassName: {{ template "cost-analyzer.fullname" . }}-qsr-priority - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.kubecostDeployment.queryService.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.kubecostDeployment.queryService.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.kubecostDeployment.queryService.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/query-service-service-account-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-service-account-template.yaml deleted file mode 100644 index e93bf6014..000000000 --- a/charts/kubecost/cost-analyzer/templates/query-service-service-account-template.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} -{{- if .Values.kubecostDeployment.queryService.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "query-service.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{ include "query-service.commonLabels" . | nindent 4 }} -{{- with .Values.kubecostDeployment.queryService.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/templates/query-service-service-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-service-template.yaml deleted file mode 100644 index 160afc034..000000000 --- a/charts/kubecost/cost-analyzer/templates/query-service-service-template.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} -kind: Service -apiVersion: v1 -metadata: - name: {{ template "query-service.serviceName" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "query-service.commonLabels" . | nindent 4 }} -spec: - selector: -{{ include "query-service.selectorLabels" . | nindent 4 }} - type: "ClusterIP" - ports: - - name: tcp-query-service - port: 9003 - targetPort: 9003 - {{- with .Values.kubecostDeployment.queryService.extraPorts }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/values-agent.yaml b/charts/kubecost/cost-analyzer/values-agent.yaml index 2f46281dd..c74ea90b0 100644 --- a/charts/kubecost/cost-analyzer/values-agent.yaml +++ b/charts/kubecost/cost-analyzer/values-agent.yaml @@ -1,3 +1,4 @@ + # Kubecost running as an Agent is designed for external hosting. The current setup deploys a # kubecost-agent pod, low data retention prometheus server + thanos sidecar, and node-exporter. networkCosts: @@ -7,7 +8,8 @@ networkCosts: # amazon-web-services: true # google-cloud-services: true # azure-cloud-services: true - +thanos: + storeSecretName: kubecost-agent-object-store global: thanos: @@ -17,7 +19,7 @@ global: proxy: false # Agent enables specific features designed to enhance the metrics exporter deployment # with enhancements designed for external hosting. -agent: true +# agent: true # agentKeySecretName: kubecost-agent-object-store agentCsi: enabled: false @@ -27,30 +29,21 @@ agentCsi: parameters: {} secretObjects: {} - -# No Grafana configuration is required. -grafana: - sidecar: - dashboards: - enabled: false - datasources: - defaultDatasourceEnabled: false +kubecostFrontend: + enabled: false # Exporter Pod -kubecostMetrics: - exporter: - enabled: true - exportClusterInfo: true - exportClusterCache: true +# kubecostMetrics: +# exporter: +# enabled: true +# exportClusterInfo: true +# exportClusterCache: true # Prometheus defaults to low retention (10h), disables KSM, and attaches a thanos-sidecar # for exporting metrics. prometheus: nodeExporter: enabled: false - kube-state-metrics: - enabled: false - disabled: true extraScrapeConfigs: | - job_name: kubecost-agent honor_labels: true diff --git a/charts/kubecost/cost-analyzer/values-cloud-agent.yaml b/charts/kubecost/cost-analyzer/values-cloud-agent.yaml index 99b596c56..3f2436925 100644 --- a/charts/kubecost/cost-analyzer/values-cloud-agent.yaml +++ b/charts/kubecost/cost-analyzer/values-cloud-agent.yaml @@ -27,19 +27,10 @@ kubecostMetrics: exportClusterInfo: false exportClusterCache: false -# Disable cost-analyzer PSP -podSecurityPolicy: - enabled: false - # Disable KSM and NodeExporter (?) prometheus: - podSecurityPolicy: - enabled: false nodeExporter: enabled: false - kube-state-metrics: - enabled: false - disabled: true extraScrapeConfigs: | - job_name: kubecost-cloud-agent honor_labels: true diff --git a/charts/kubecost/cost-analyzer/values-eks-cost-monitoring.yaml b/charts/kubecost/cost-analyzer/values-eks-cost-monitoring.yaml index 71bcc2614..bd6f6b116 100644 --- a/charts/kubecost/cost-analyzer/values-eks-cost-monitoring.yaml +++ b/charts/kubecost/cost-analyzer/values-eks-cost-monitoring.yaml @@ -30,9 +30,6 @@ priority: networkPolicy: enabled: false -podSecurityPolicy: - enabled: false - # Enable this flag if you need to install with specific image tags # imageVersion: prod-1.97.0 @@ -51,10 +48,10 @@ kubecostModel: image: public.ecr.aws/kubecost/cost-model imagePullPolicy: Always warmCache: true - warmSavingsCache: true etl: true - # The total number of days the ETL storage will build - etlStoreDurationDays: 120 + # The total number of days the ETL pipelines will build + # Set to 0 to disable daily ETL (not recommended) + etlDailyStoreDurationDays: 120 maxQueryConcurrency: 5 # utcOffset represents a timezone in hours and minutes east (+) or west (-) # of UTC, itself, which is defined as +00:00. @@ -69,6 +66,9 @@ kubecostModel: # cpu: "800m" # memory: "256Mi" +forecasting: + fullImageName: public.ecr.aws/kubecost/kubecost-modeling:e59c4d9 + serviceAccount: create: true # Set this to false if you're bringing your own service account. annotations: {} @@ -113,7 +113,7 @@ prometheus: # clusterIDConfigmap: cluster-id-configmap image: repository: public.ecr.aws/kubecost/prometheus - tag: v2.35.0 + tag: v2.49.1 resources: {} # limits: # cpu: 500m @@ -123,7 +123,7 @@ prometheus: # memory: 512Mi global: scrape_interval: 1m - scrape_timeout: 10s + scrape_timeout: 60s evaluation_interval: 1m external_labels: cluster_id: cluster-one # Each cluster should have a unique ID @@ -141,27 +141,26 @@ prometheus: configmapReload: prometheus: + ## If false, the configmap-reload container will not be deployed - ## enabled: false ## configmap-reload container name - ## name: configmap-reload + ## configmap-reload container image - ## image: repository: public.ecr.aws/kubecost/prometheus-config-reloader - tag: v0.69.1 + tag: v0.71.2 pullPolicy: IfNotPresent + ## Additional configmap-reload container arguments - ## extraArgs: {} + ## Additional configmap-reload volume directories - ## extraVolumeDirs: [] + ## Additional configmap-reload mounts - ## extraConfigmapMounts: [] # - name: prometheus-alerts # mountPath: /etc/alerts.d @@ -173,8 +172,6 @@ prometheus: ## resources: {} - kube-state-metrics: - disabled: false nodeExporter: enabled: false diff --git a/charts/kubecost/cost-analyzer/values-thanos.yaml b/charts/kubecost/cost-analyzer/values-thanos.yaml deleted file mode 100644 index cc7a32b68..000000000 --- a/charts/kubecost/cost-analyzer/values-thanos.yaml +++ /dev/null @@ -1,149 +0,0 @@ -global: - thanos: - enabled: true - -# For Thanos Installs, Allow Higher Concurrency from Cost-Model -# Still may require tweaking for some installs, but the thanos-query-frontend -# will greatly assist in reduction memory bloat in query. -kubecostModel: - maxQueryConcurrency: 5 - # This configuration is applied to thanos only. Expresses the resolution to - # use for longer query ranges. Options: raw, 5m, 1h - Default: raw - maxSourceResolution: 5m - -prometheus: - server: - extraArgs: - storage.tsdb.min-block-duration: 2h - storage.tsdb.max-block-duration: 2h - storage.tsdb.retention: 2w - # these were previously being set by default. - # securityContext: - # runAsNonRoot: true - # runAsUser: 1001 - extraVolumes: - - name: object-store-volume - secret: - # Ensure this secret name matches thanos.storeSecretName - secretName: kubecost-thanos - enableAdminApi: true - sidecarContainers: - - name: thanos-sidecar - image: thanosio/thanos:v0.32.5 - # these were previously being set by default. - # securityContext: - # allowPrivilegeEscalation: false - # readOnlyRootFilesystem: true - # capabilities: - # drop: - # - ALL - args: - - sidecar - - --log.level=debug - - --tsdb.path=/data/ - - --prometheus.url=http://127.0.0.1:9090 - - --objstore.config-file=/etc/config/object-store.yaml - # Start of time range limit to serve. Thanos sidecar will serve only metrics, which happened - # later than this value. Option can be a constant time in RFC3339 format or time duration - # relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. - - --min-time=-3h - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - name: http - containerPort: 10902 - - name: grpc - containerPort: 10901 - - name: cluster - containerPort: 10900 - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - name: storage-volume - mountPath: /data - subPath: "" - - name: object-store-volume - mountPath: /etc/config - -thanos: - store: - enabled: true - grpcSeriesMaxConcurrency: 20 - blockSyncConcurrency: 20 - extraEnv: - - name: GOGC - value: "100" - - name: GODEBUG - value: "madvdontneed=1" - resources: - requests: - memory: "2.5Gi" - query: - enabled: true - timeout: 3m - # Maximum number of queries processed concurrently by query node. - maxConcurrent: 8 - # Maximum number of select requests made concurrently per a query. - maxConcurrentSelect: 2 - resources: - requests: - memory: "2.5Gi" - autoDownsampling: false - extraEnv: - - name: GOGC - value: "100" - - name: GODEBUG - value: "madvdontneed=1" - - # Thanos Query Frontend - queryFrontend: - enabled: true - compressResponses: true - # Downstream Tripper Configuration - downstreamTripper: - enabled: true - idleConnectionTimeout: 90s - responseHeaderTimeout: 2m - tlsHandshakeTimeout: 10s - expectContinueTimeout: 1s - maxIdleConnections: 200 - maxIdleConnectionsPerHost: 100 - maxConnectionsPerHost: 0 - # Response Cache Configuration - # Configure either a max size constraint or max items. - responseCache: - enabled: true - # Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be applied. - maxSize: 1.25GB - # Maximum number of entries in the cache. - maxSizeItems: 0 - # The expiry duration for the cache. - validity: 2m - extraEnv: - - name: GOGC - value: "100" - - name: GODEBUG - value: "madvdontneed=1" - resources: - requests: - memory: "1.5Gi" - - # Thanos Sidecar Service Discovery - # Disabling removes the prometheus sidecar from querier store discovery. This ensures - # that all clusters read from the same data in remote store. - sidecar: - enabled: true - bucket: - enabled: false - compact: - enabled: true - dataVolume: - persistentVolumeClaim: - claimName: compact-data-volume - storage: 100Gi - # This secret name should match the sidecar configured secret name volume - # in the prometheus.server.extraVolumes entry - storeSecretName: kubecost-thanos diff --git a/charts/kubecost/cost-analyzer/values-windows-node-affinity.yaml b/charts/kubecost/cost-analyzer/values-windows-node-affinity.yaml index 0cb104730..5770f0c12 100644 --- a/charts/kubecost/cost-analyzer/values-windows-node-affinity.yaml +++ b/charts/kubecost/cost-analyzer/values-windows-node-affinity.yaml @@ -14,9 +14,6 @@ prometheus: server: nodeSelector: kubernetes.io/os: linux - kube-state-metrics: - nodeSelector: - kubernetes.io/os: linux nodeExporter: enabled: true affinity: @@ -31,20 +28,3 @@ prometheus: grafana: nodeSelector: kubernetes.io/os: linux - -thanos: - store: - nodeSelector: - kubernetes.io/os: linux - queryFrontend: - nodeSelector: - kubernetes.io/os: linux - query: - nodeSelector: - kubernetes.io/os: linux - compact: - nodeSelector: - kubernetes.io/os: linux - bucket: - nodeSelector: - kubernetes.io/os: linux \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/values.yaml b/charts/kubecost/cost-analyzer/values.yaml index bffabcacf..95a858753 100644 --- a/charts/kubecost/cost-analyzer/values.yaml +++ b/charts/kubecost/cost-analyzer/values.yaml @@ -7,14 +7,6 @@ global: # queryServiceBasicAuthSecretName: dbsecret # kubectl create secret generic dbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD # queryServiceBearerTokenSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN - # Durable storage option, product key required - thanos: - enabled: false - # queryService: http://kubecost-thanos-query-frontend-http.kubecost:{{ .Values.thanos.queryFrontend.http.port }} # an address of the thanos query-frontend endpoint, if different from installed thanos - # queryServiceBasicAuthSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD <---enter basic auth credentials like that - # queryServiceBearerTokenSecretName mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN - # queryOffset: 3h # The offset to apply to all thanos queries in order to achieve synchronization on all cluster block stores - grafana: enabled: true # If false, Grafana will not be installed domainName: cost-analyzer-grafana.default.svc # example grafana domain Ignored if enabled: true @@ -253,6 +245,13 @@ global: seccompProfile: type: RuntimeDefault +## This flag is only required for users upgrading to a new version of Kubecost. +## The flag is used to ensure users are aware of important +## (potentially breaking) changes included in the new version. +## +upgrade: + toV2: false + # generated at http://kubecost.com/install, used for alerts tracking and free trials kubecostToken: # "" @@ -280,6 +279,8 @@ saml: # isGLUUProvider: false # An additional URL parameter must be appended for GLUU providers # encryptionCertSecret: "kubecost-saml-cert" # k8s secret where the x509 certificate used to encrypt an Okta saml response is stored # decryptionKeySecret: "kubecost-sank-decryption-key" # k8s secret where the private key associated with the encryptionCertSecret is stored + # authSecret: "random-string" # value of SAML secret used to issue tokens, will be autogenerated as random string if not provided + # authSecretName: "kubecost-saml-secret" # name of k8s secret where the authSecret will be stored, defaults to "kubecost-saml-secret" if not provided rbac: enabled: false # groups: @@ -351,10 +352,19 @@ systemProxy: # imagePullSecrets: # - name: "image-pull-secret" +# imageVersion uses the base image name (image:) but overrides the version +# pulled. It should be avoided. If non-default behavior is needed, use +# fullImageName for the relevant component. +# imageVersion: + kubecostFrontend: enabled: true image: "gcr.io/kubecost1/frontend" imagePullPolicy: Always + # fullImageName overrides the default image construction logic. The exact + # image provided (registry, image, tag) will be used for the frontend. + # fullImageName: + # extraEnv: # - name: NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE # value: "1" @@ -370,14 +380,14 @@ kubecostFrontend: # Define a readiness probe for the Kubecost frontend container. readinessProbe: enabled: true - initialDelaySeconds: 30 + initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 200 # Define a liveness probe for the Kubecost frontend container. livenessProbe: enabled: true - initialDelaySeconds: 30 + initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 200 ipv6: @@ -465,8 +475,10 @@ sigV4Proxy: kubecostModel: image: "gcr.io/kubecost1/cost-model" imagePullPolicy: Always - # set to 'true' to utilize images on the public Quay repository - # openSourceOnly: false + # fullImageName overrides the default image construction logic. The exact + # image provided (registry, image, tag) will be used for cost-model. + # fullImageName: + # extraEnv: # - name: SOME_VARIABLE # value: "some_value" @@ -477,8 +489,6 @@ kubecostModel: outOfClusterPromMetricsEnabled: false # Build local cost allocation cache warmCache: false - # Build local savings cache - warmSavingsCache: true # Run allocation ETL pipelines etl: true # Enable the ETL filestore backing storage @@ -496,10 +506,15 @@ kubecostModel: # For deploying kubecost in a cluster that does not self-monitor etlReadOnlyMode: false + # The name of the Secret containing a bucket config for ETL backup. + # etlBucketConfigSecret: + # The name of the Secret containing a bucket config for Federated storage. + # federatedStorageConfigSecret: + ## Feature to view your out-of-cluster costs and their k8s utilization ## Ref: https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/cloud-costs-explorer cloudCost: - enabled: true + # enabled: true # this logic is always enabled if cloud billing integration is configured. This option is no longer configurable. labelList: IsIncludeList: false # format labels as comma separated string (ex. "label1,label2,label3") @@ -540,14 +555,14 @@ kubecostModel: # Define a readiness probe for the Kubecost cost-model container. readinessProbe: enabled: true - initialDelaySeconds: 30 + initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 200 # Define a liveness probe for the Kubecost cost-model container. livenessProbe: enabled: true - initialDelaySeconds: 30 + initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 200 extraArgs: [] @@ -624,11 +639,12 @@ tolerations: [] affinity: {} +topologySpreadConstraints: [] + # If true, creates a PriorityClass to be used by the cost-analyzer pod priority: enabled: false name: "" # Provide name of existing priority class only. If left blank, upstream chart will create one from default template. - # value: 1000000 # If true, enable creation of NetworkPolicy resources. networkPolicy: @@ -662,9 +678,6 @@ networkPolicy: # - selectors: # restrict egress to inside cluster # - namespaceSelector: {} -podSecurityPolicy: - enabled: false - ## @param extraVolumes A list of volumes to be added to the pod ## extraVolumes: [] @@ -682,6 +695,10 @@ persistentVolume: labels: {} annotations: {} + # Enables a separate PV specifically for ETL data. This should be avoided, but + # is kept for legacy compatibility. + dbPVEnabled: false + service: type: ClusterIP port: 9090 @@ -693,25 +710,36 @@ service: enabled: false # Makes sure that connections from a client are passed to the same Pod each time, when set to `true`. You should set it when you enabled authentication through OIDC or SAML integration. timeoutSeconds: 10800 -# Enabling long-term durable storage with Postgres requires an enterprise license -remoteWrite: - postgres: - enabled: false - initImage: "gcr.io/kubecost1/sql-init" - initImagePullPolicy: Always - installLocal: true - remotePostgresAddress: "" # ignored if installing locally - ## PriorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - priorityClassName: "" - persistentVolume: - size: 200Gi - auth: - password: admin # change me - prometheus: - podSecurityPolicy: - enabled: false + rbac: + create: true # Create the RBAC resources for Prometheus. + + ## Define serviceAccount names for components. Defaults to component's fully qualified name. + ## + serviceAccounts: + alertmanager: + create: true + name: + nodeExporter: + create: true + name: + pushgateway: + create: true + name: + server: + create: true + name: + ## Prometheus server ServiceAccount annotations. + ## Can be used for AWS IRSA annotations when using Remote Write mode with Amazon Managed Prometheus. + annotations: {} + + ## Specify an existing ConfigMap to be used by Prometheus when using self-signed certificates. + ## + # selfsignedCertConfigMapName: "" + + imagePullSecrets: + # - name: "image-pull-secret" + extraScrapeConfigs: | - job_name: kubecost honor_labels: true @@ -742,55 +770,1266 @@ prometheus: # NOTE: This does not affect the external_labels set in prometheus config. # clusterIDConfigmap: cluster-id-configmap - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 500m - # memory: 512Mi + ## Prometheus server container name + ## + enabled: true + name: server + sidecarContainers: + strategy: + type: Recreate + rollingUpdate: null + + ## Prometheus server container image + ## + image: + repository: quay.io/prometheus/prometheus + tag: v2.49.1 + pullPolicy: IfNotPresent + + ## prometheus server priorityClassName + ## + priorityClassName: "" + + ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug + ## so that the various internal URLs are still able to access as they are in the default case. + ## (Optional) + prefixURL: "" + + ## External URL which can access alertmanager + ## Maybe same with Ingress host name + baseURL: "" + + ## Additional server container environment variables + ## + ## You specify this manually like you would a raw deployment manifest. + ## This means you can bind in environment variables from secrets. + ## + ## e.g. static environment variable: + ## - name: DEMO_GREETING + ## value: "Hello from the environment" + ## + ## e.g. secret environment variable: + ## - name: USERNAME + ## valueFrom: + ## secretKeyRef: + ## name: mysecret + ## key: username + env: [] + + extraFlags: + - web.enable-lifecycle + ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as + ## deleting time series. This is disabled by default. + # - web.enable-admin-api + ## + ## storage.tsdb.no-lockfile flag controls BD locking + # - storage.tsdb.no-lockfile + ## + ## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL) + # - storage.tsdb.wal-compression + + ## Path to a configuration file on prometheus server container FS + configPath: /etc/config/prometheus.yml + global: + ## How frequently to scrape targets by default + ## scrape_interval: 1m + ## How long until a scrape request times out + ## scrape_timeout: 60s + ## How frequently to evaluate rules + ## evaluation_interval: 1m external_labels: cluster_id: cluster-one # Each cluster should have a unique ID - persistentVolume: - size: 32Gi - enabled: true + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write + ## + remoteWrite: {} + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read + ## + remoteRead: {} + + ## Additional Prometheus server container arguments + ## extraArgs: query.max-concurrency: 1 query.max-samples: 100000000 + + ## Additional InitContainers to initialize the pod + ## + extraInitContainers: [] + + ## Additional Prometheus server Volume mounts + ## + extraVolumeMounts: [] + + ## Additional Prometheus server Volumes + ## + extraVolumes: [] + + ## Additional Prometheus server hostPath mounts + ## + extraHostPathMounts: [] + # - name: certs-dir + # mountPath: /etc/kubernetes/certs + # subPath: "" + # hostPath: /etc/kubernetes/certs + # readOnly: true + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /prometheus + # subPath: "" + # configMap: certs-configmap + # readOnly: true + + ## Additional Prometheus server Secret mounts + # Defines additional mounts with secrets. Secrets must be manually created in the namespace. + extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # subPath: "" + # secretName: prom-secret-files + # readOnly: true + + ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}} + ## Defining configMapOverrideName will cause templates/server-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configMapOverrideName: "" + + ingress: + ## If true, Prometheus server Ingress will be created + ## + enabled: false + # className: nginx + + ## Prometheus server Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## Prometheus server Ingress additional labels + ## + extraLabels: {} + + ## Prometheus server Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - prometheus.domain.com + # - domain.com/prometheus + + ## PathType determines the interpretation of the Path matching + pathType: "Prefix" + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## Prometheus server Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-server-tls + # hosts: + # - prometheus.domain.com + + ## Server Deployment Strategy type + # strategy: + # type: Recreate + + ## Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # retention: 50h This must be greater than or equal to etlHourlyStoreDurationHours - # retentionSize: should be significantly greater than the storage used in the number of hours set in etlHourlyStoreDurationHours - alertmanager: - enabled: false + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for Prometheus server pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Pod affinity + ## + affinity: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + persistentVolume: + ## If true, Prometheus server will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## enabled: true + + ## Prometheus server data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## Prometheus server data Persistent Volume annotations + ## + annotations: {} + + ## Prometheus server data Persistent Volume existing claim name + ## Requires server.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## Prometheus server data Persistent Volume mount root path + ## + mountPath: /data + + ## Prometheus server data Persistent Volume size + ## + size: 32Gi + + ## Prometheus server data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## Prometheus server data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of Prometheus server data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + emptyDir: + sizeLimit: "" + + ## Annotations to be added to Prometheus server pods + ## + podAnnotations: {} + # iam.amazonaws.com/role: prometheus + + ## Annotations to be added to the Prometheus Server deployment + ## + deploymentAnnotations: {} + + ## Labels to be added to Prometheus server pods + ## + podLabels: {} + + ## Prometheus AlertManager configuration + ## + alertmanagers: [] + + ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) + ## + replicaCount: 1 + + statefulSet: + ## If true, use a statefulset instead of a deployment for pod management. + ## This allows to scale replicas to more than 1 pod + ## + enabled: false + + annotations: {} + labels: {} + podManagementPolicy: OrderedReady + + ## Alertmanager headless service to use for the statefulset + ## + headless: + annotations: {} + labels: {} + servicePort: 80 + + ## Prometheus server readiness and liveness probe initial delay and timeout + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ## + readinessProbeInitialDelay: 30 + readinessProbeTimeout: 30 + readinessProbeFailureThreshold: 3 + readinessProbeSuccessThreshold: 1 + livenessProbeInitialDelay: 30 + livenessProbeTimeout: 30 + livenessProbeFailureThreshold: 3 + livenessProbeSuccessThreshold: 1 + + ## Prometheus server resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 500m + # memory: 512Mi + + ## Vertical Pod Autoscaler config + ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + verticalAutoscaler: + ## If true a VPA object will be created for the controller (either StatefulSet or Deployment, based on above configs) + enabled: false + ## Optional. Defaults to "Auto" if not specified. + # updateMode: "Auto" + ## Mandatory. Without, VPA will not be created. + # containerPolicies: + # - containerName: 'prometheus-server' + + ## Security context to be added to server pods + ## + securityContext: {} + # runAsUser: 1001 + # runAsNonRoot: true + # runAsGroup: 1001 + # fsGroup: 1001 + + containerSecurityContext: {} + + service: + annotations: {} + labels: {} + clusterIP: "" + # nodePort: "" + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + sessionAffinity: None + type: ClusterIP + + ## Enable gRPC port on service to allow auto discovery with thanos-querier + gRPC: + enabled: false + servicePort: 10901 + # nodePort: 10901 + + ## If using a statefulSet (statefulSet.enabled=true), configure the + ## service to connect to a specific replica to have a consistent view + ## of the data. + statefulsetReplica: + enabled: false + replica: 0 + + ## Prometheus server pod termination grace period + ## + terminationGracePeriodSeconds: 300 + + ## Prometheus data retention period (default if not specified is 15 days) + ## + retention: 15d # 50h. This must be greater than or equal to etlHourlyStoreDurationHours + # retentionSize: should be significantly greater than the storage used in the number of hours set in etlHourlyStoreDurationHours + + # Install Prometheus Alert Manager + alertmanager: + ## If false, alertmanager will not be installed + ## + enabled: false + + strategy: + type: Recreate + rollingUpdate: null + + ## alertmanager container name + ## + name: alertmanager + + ## alertmanager container image + ## + image: + repository: quay.io/prometheus/alertmanager + tag: v0.26.0 + pullPolicy: IfNotPresent + + ## alertmanager priorityClassName + ## + priorityClassName: "" + + ## Additional alertmanager container arguments + ## + extraArgs: {} + + ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug + ## so that the various internal URLs are still able to access as they are in the default case. + ## (Optional) + prefixURL: "" + + ## External URL which can access alertmanager + baseURL: "http://localhost:9093" + + ## Additional alertmanager container environment variable + ## For instance to add a http_proxy + ## + extraEnv: {} + + ## Additional alertmanager Secret mounts + # Defines additional mounts with secrets. Secrets must be manually created in the namespace. + extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # subPath: "" + # secretName: alertmanager-secret-files + # readOnly: true + + ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}} + ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configMapOverrideName: "" + + ## The name of a secret in the same kubernetes namespace which contains the Alertmanager config + ## Defining configFromSecret will cause templates/alertmanager-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configFromSecret: "" + + ## The configuration file name to be loaded to alertmanager + ## Must match the key within configuration loaded from ConfigMap/Secret + ## + configFileName: alertmanager.yml + + ingress: + ## If true, alertmanager Ingress will be created + ## + enabled: false + + ## alertmanager Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## alertmanager Ingress additional labels + ## + extraLabels: {} + + ## alertmanager Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - alertmanager.domain.com + # - domain.com/alertmanager + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## alertmanager Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-alerts-tls + # hosts: + # - alertmanager.domain.com + + ## Alertmanager Deployment Strategy type + # strategy: + # type: Recreate + + ## Node tolerations for alertmanager scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for alertmanager pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Pod affinity + ## + affinity: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + persistentVolume: + ## If true, alertmanager will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: true + + ## alertmanager data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## alertmanager data Persistent Volume Claim annotations + ## + annotations: {} + + ## alertmanager data Persistent Volume existing claim name + ## Requires alertmanager.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## alertmanager data Persistent Volume mount root path + ## + mountPath: /data + + ## alertmanager data Persistent Volume size + ## + size: 2Gi + + ## alertmanager data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## alertmanager data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of alertmanager data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + ## Annotations to be added to alertmanager pods + ## + podAnnotations: {} + ## Tell prometheus to use a specific set of alertmanager pods + ## instead of all alertmanager pods found in the same namespace + ## Useful if you deploy multiple releases within the same namespace + ## + ## prometheus.io/probe: alertmanager-teamA + + ## Labels to be added to Prometheus AlertManager pods + ## + podLabels: {} + + ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) + ## + replicaCount: 1 + + statefulSet: + ## If true, use a statefulset instead of a deployment for pod management. + ## This allows to scale replicas to more than 1 pod + ## + enabled: false + + podManagementPolicy: OrderedReady + + ## Alertmanager headless service to use for the statefulset + ## + headless: + annotations: {} + labels: {} + + ## Enabling peer mesh service end points for enabling the HA alert manager + ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md + # enableMeshPeer : true + + servicePort: 80 + + ## alertmanager resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 10m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + + ## Security context to be added to alertmanager pods + ## + securityContext: + runAsUser: 1001 + runAsNonRoot: true + runAsGroup: 1001 + fsGroup: 1001 + + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Enabling peer mesh service end points for enabling the HA alert manager + ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md + # enableMeshPeer : true + + ## List of IP addresses at which the alertmanager service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + # nodePort: 30000 + sessionAffinity: None + type: ClusterIP + + # Define a custom scheduler for Alertmanager pods + # schedulerName: default-scheduler + + ## alertmanager ConfigMap entries + ## + alertmanagerFiles: + alertmanager.yml: + global: {} + # slack_api_url: '' + + receivers: + - name: default-receiver + # slack_configs: + # - channel: '@you' + # send_resolved: true + + route: + group_wait: 10s + group_interval: 5m + receiver: default-receiver + repeat_interval: 3h + + ## Monitors ConfigMap changes and POSTs to a URL + configmapReload: + prometheus: + ## If false, the configmap-reload container will not be deployed + ## + enabled: false + + ## configmap-reload container name + ## + name: configmap-reload + + ## configmap-reload container image + ## + image: + repository: quay.io/prometheus-operator/prometheus-config-reloader + tag: v0.71.2 + pullPolicy: IfNotPresent + + ## Additional configmap-reload container arguments + ## + extraArgs: {} + ## Additional configmap-reload volume directories + ## + extraVolumeDirs: [] + + ## Additional configmap-reload mounts + ## + extraConfigmapMounts: [] + # - name: prometheus-alerts + # mountPath: /etc/alerts.d + # subPath: "" + # configMap: prometheus-alerts + # readOnly: true + + ## configmap-reload resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + + ## configmap-reload container securityContext + containerSecurityContext: {} + + alertmanager: + ## If false, the configmap-reload container will not be deployed + ## + enabled: false + + ## configmap-reload container name + ## + name: configmap-reload + + ## configmap-reload container image + ## + image: + repository: quay.io/prometheus-operator/prometheus-config-reloader + tag: v0.71.2 + pullPolicy: IfNotPresent + + ## Additional configmap-reload container arguments + ## + extraArgs: {} + ## Additional configmap-reload volume directories + ## + extraVolumeDirs: [] + + + ## Additional configmap-reload mounts + ## + extraConfigmapMounts: [] + # - name: prometheus-alerts + # mountPath: /etc/alerts.d + # subPath: "" + # configMap: prometheus-alerts + # readOnly: true + + + ## configmap-reload resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # node-export must be disabled if there is an existing daemonset: https://guide.kubecost.com/hc/en-us/articles/4407601830679-Troubleshoot-Install#a-name-node-exporter-a-issue-failedscheduling-kubecost-prometheus-node-exporter nodeExporter: - enabled: true - - # rbac: - # create: true # Create the RBAC resources for Prometheus Node Exporter. - - ## Default disabled since Kubecost already emits KSMv1 metrics. - ## Ref: https://docs.kubecost.com/architecture/ksm-metrics - kubeStateMetrics: + ## If false, node-exporter will not be installed. + ## This is disabled by default in Kubecost 2.0, though it can be enabled as needed. + ## enabled: false - kube-state-metrics: - disabled: true + ## If true, node-exporter pods share the host network namespace + ## + hostNetwork: true + + ## If true, node-exporter pods share the host PID namespace + ## + hostPID: true + + ## node-exporter dns policy + ## + dnsPolicy: ClusterFirstWithHostNet + + ## node-exporter container name + ## + name: node-exporter + + ## node-exporter container image + ## + image: + repository: prom/node-exporter + tag: v1.7.0 + pullPolicy: IfNotPresent + + ## node-exporter priorityClassName + ## + priorityClassName: "" + + ## Custom Update Strategy + ## + updateStrategy: + type: RollingUpdate + + ## Additional node-exporter container arguments + ## + extraArgs: {} + + ## Additional node-exporter hostPath mounts + ## + extraHostPathMounts: [] + # - name: textfile-dir + # mountPath: /srv/txt_collector + # hostPath: /var/lib/node-exporter + # readOnly: true + # mountPropagation: HostToContainer + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /prometheus + # configMap: certs-configmap + # readOnly: true + + ## Set a custom affinity for node-exporter + ## + # affinity: + + ## Node tolerations for node-exporter scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for node-exporter pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Annotations to be added to node-exporter pods + ## + podAnnotations: {} + + ## Annotations to be added to the node-exporter DaemonSet + ## + deploymentAnnotations: {} + + ## Labels to be added to node-exporter pods + ## + pod: + labels: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## node-exporter resource limits & requests + ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi + + ## Security context to be added to node-exporter pods + ## + securityContext: {} + # runAsUser: 0 + + service: + annotations: + prometheus.io/scrape: "true" + labels: {} + + # Exposed as a headless service: + # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services + clusterIP: None + + ## List of IP addresses at which the node-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + hostPort: 9100 + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 9100 + type: ClusterIP + + # Install Prometheus Push Gateway. pushgateway: + ## If false, pushgateway will not be installed + ## enabled: false + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + ## pushgateway container name + ## + name: pushgateway + + ## pushgateway container image + ## + image: + repository: prom/pushgateway + tag: v1.6.2 + pullPolicy: IfNotPresent + + ## pushgateway priorityClassName + ## + priorityClassName: "" + + ## Additional pushgateway container arguments + ## + ## for example: persistence.file: /data/pushgateway.data + extraArgs: {} + + ingress: + ## If true, pushgateway Ingress will be created + ## + enabled: false + + ## pushgateway Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## pushgateway Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - pushgateway.domain.com + # - domain.com/pushgateway + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## pushgateway Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-alerts-tls + # hosts: + # - pushgateway.domain.com + + ## Node tolerations for pushgateway scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for pushgateway pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Annotations to be added to pushgateway pods + ## + podAnnotations: {} + + replicaCount: 1 + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## pushgateway resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 10m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + + ## Security context to be added to push-gateway pods + ## + securityContext: + runAsUser: 1001 + runAsNonRoot: true + + service: + annotations: + prometheus.io/probe: pushgateway + labels: {} + clusterIP: "" + + ## List of IP addresses at which the pushgateway service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 9091 + type: ClusterIP + + strategy: + type: Recreate + rollingUpdate: null + + persistentVolume: + ## If true, pushgateway will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## enabled: true + + ## pushgateway data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## pushgateway data Persistent Volume Claim annotations + ## + annotations: {} + + ## pushgateway data Persistent Volume existing claim name + ## Requires pushgateway.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## pushgateway data Persistent Volume mount root path + ## + mountPath: /data + + ## pushgateway data Persistent Volume size + ## + size: 2Gi + + ## pushgateway data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## pushgateway data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of pushgateway data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + serverFiles: + ## Alerts configuration + ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + alerting_rules.yml: {} + # groups: + # - name: Instances + # rules: + # - alert: InstanceDown + # expr: up == 0 + # for: 5m + # labels: + # severity: page + # annotations: + # description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.' + # summary: 'Instance {{ $labels.instance }} down' + ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml + alerts: {} + + ## Records configuration + ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/ + recording_rules.yml: {} + ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml + + prometheus.yml: + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + ## Below two files are DEPRECATED will be removed from this default values file + - /etc/config/rules + - /etc/config/alerts + + scrape_configs: + - job_name: prometheus + static_configs: + - targets: + - localhost:9090 + + # A scrape configuration for running Prometheus on a Kubernetes cluster. + # This uses separate scrape configs for cluster components (i.e. API server, node) + # and services to allow each to use different authentication configs. + # + # Kubernetes labels will be added as Prometheus labels on metrics via the + # `labelmap` relabeling action. + + - job_name: 'kubernetes-nodes-cadvisor' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + # This configuration will work only on kubelet 1.7.3+ + # As the scrape endpoints for cAdvisor have changed + # if you are using older version you need to change the replacement to + # replacement: /api/v1/nodes/$1:4194/proxy/metrics + # more info here https://github.com/coreos/prometheus-operator/issues/633 + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + + metric_relabel_configs: + - source_labels: [__name__] + regex: (container_cpu_usage_seconds_total|container_memory_working_set_bytes|container_network_receive_errors_total|container_network_transmit_errors_total|container_network_receive_packets_dropped_total|container_network_transmit_packets_dropped_total|container_memory_usage_bytes|container_cpu_cfs_throttled_periods_total|container_cpu_cfs_periods_total|container_fs_usage_bytes|container_fs_limit_bytes|container_cpu_cfs_periods_total|container_fs_inodes_free|container_fs_inodes_total|container_fs_usage_bytes|container_fs_limit_bytes|container_cpu_cfs_throttled_periods_total|container_cpu_cfs_periods_total|container_network_receive_bytes_total|container_network_transmit_bytes_total|container_fs_inodes_free|container_fs_inodes_total|container_fs_usage_bytes|container_fs_limit_bytes|container_spec_cpu_shares|container_spec_memory_limit_bytes|container_network_receive_bytes_total|container_network_transmit_bytes_total|container_fs_reads_bytes_total|container_network_receive_bytes_total|container_fs_writes_bytes_total|container_fs_reads_bytes_total|cadvisor_version_info|kubecost_pv_info) + action: keep + - source_labels: [container] + target_label: container_name + regex: (.+) + action: replace + - source_labels: [pod] + target_label: pod_name + regex: (.+) + action: replace + + # A scrape configuration for running Prometheus on a Kubernetes cluster. + # This uses separate scrape configs for cluster components (i.e. API server, node) + # and services to allow each to use different authentication configs. + # + # Kubernetes labels will be added as Prometheus labels on metrics via the + # `labelmap` relabeling action. + + - job_name: 'kubernetes-nodes' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics + + metric_relabel_configs: + - source_labels: [__name__] + regex: (kubelet_volume_stats_used_bytes) # this metric is in alpha + action: keep + + # Scrape config for service endpoints. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + - job_name: 'kubernetes-service-endpoints' + + kubernetes_sd_configs: + - role: endpoints + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_endpoints_name] + action: keep + regex: (.*node-exporter|kubecost-network-costs) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: kubernetes_node + metric_relabel_configs: + - source_labels: [__name__] + regex: (container_cpu_allocation|container_cpu_usage_seconds_total|container_fs_limit_bytes|container_fs_writes_bytes_total|container_gpu_allocation|container_memory_allocation_bytes|container_memory_usage_bytes|container_memory_working_set_bytes|container_network_receive_bytes_total|container_network_transmit_bytes_total|DCGM_FI_DEV_GPU_UTIL|deployment_match_labels|kube_daemonset_status_desired_number_scheduled|kube_daemonset_status_number_ready|kube_deployment_spec_replicas|kube_deployment_status_replicas|kube_deployment_status_replicas_available|kube_job_status_failed|kube_namespace_annotations|kube_namespace_labels|kube_node_info|kube_node_labels|kube_node_status_allocatable|kube_node_status_allocatable_cpu_cores|kube_node_status_allocatable_memory_bytes|kube_node_status_capacity|kube_node_status_capacity_cpu_cores|kube_node_status_capacity_memory_bytes|kube_node_status_condition|kube_persistentvolume_capacity_bytes|kube_persistentvolume_status_phase|kube_persistentvolumeclaim_info|kube_persistentvolumeclaim_resource_requests_storage_bytes|kube_pod_container_info|kube_pod_container_resource_limits|kube_pod_container_resource_limits_cpu_cores|kube_pod_container_resource_limits_memory_bytes|kube_pod_container_resource_requests|kube_pod_container_resource_requests_cpu_cores|kube_pod_container_resource_requests_memory_bytes|kube_pod_container_status_restarts_total|kube_pod_container_status_running|kube_pod_container_status_terminated_reason|kube_pod_labels|kube_pod_owner|kube_pod_status_phase|kube_replicaset_owner|kube_statefulset_replicas|kube_statefulset_status_replicas|kubecost_cluster_info|kubecost_cluster_management_cost|kubecost_cluster_memory_working_set_bytes|kubecost_load_balancer_cost|kubecost_network_internet_egress_cost|kubecost_network_region_egress_cost|kubecost_network_zone_egress_cost|kubecost_node_is_spot|kubecost_pod_network_egress_bytes_total|node_cpu_hourly_cost|node_cpu_seconds_total|node_disk_reads_completed|node_disk_reads_completed_total|node_disk_writes_completed|node_disk_writes_completed_total|node_filesystem_device_error|node_gpu_count|node_gpu_hourly_cost|node_memory_Buffers_bytes|node_memory_Cached_bytes|node_memory_MemAvailable_bytes|node_memory_MemFree_bytes|node_memory_MemTotal_bytes|node_network_transmit_bytes_total|node_ram_hourly_cost|node_total_hourly_cost|pod_pvc_allocation|pv_hourly_cost|service_selector_labels|statefulSet_match_labels|kubecost_pv_info|up) + action: keep + + # prometheus.yml: # Sample block -- enable if using an in cluster durable store. # remote_write: # - url: "http://pgprometheus-adapter:9201/write" @@ -835,14 +2074,27 @@ prometheus: labels: daemonset: "true" + # Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager + # useful in H/A prometheus with different external labels but the same alerts + alertRelabelConfigs: + # alert_relabel_configs: + # - source_labels: [dc] + # regex: (.+)\d+ + # target_label: dc + + networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false + + ## Module for measuring network costs ## Ref: https://github.com/kubecost/docs/blob/main/network-allocation.md networkCosts: enabled: false - podSecurityPolicy: - enabled: false - # annotations: {} # Add annotations to the PodSecurityPolicy for network-costs. - image: gcr.io/kubecost1/kubecost-network-costs:v0.17.2 + image: + repository: gcr.io/kubecost1/kubecost-network-costs + tag: v0.17.2 imagePullPolicy: Always updateStrategy: type: RollingUpdate @@ -982,8 +2234,6 @@ kubecostDeployment: statefulSet: enabled: false replicas: 1 - leaderFollower: - enabled: false # deploymentStrategy: # rollingUpdate: # maxSurge: 1 @@ -992,82 +2242,117 @@ kubecostDeployment: labels: {} annotations: {} - ## QueryServiceReplicas - ## Ref: https://docs.kubecost.com/install-and-configure/advanced-configuration/query-service-replicas - ## - queryServiceReplicas: 0 - queryService: - serviceAccount: - create: true - annotations: {} - # name: kc-qs-test - securityContext: {} # Define a custom securityContext for the query service. This will take the highest precedence. - # runAsGroup: 1001 - # runAsUser: 1001 - # fsGroup: 1001 - # fsGroupChangePolicy: OnRootMismatch - # runAsNonRoot: false - # seccompProfile: - # type: RuntimeDefault - containerSecurityContext: - allowPrivilegeEscalation: true - readOnlyRootFilesystem: false - capabilities: - drop: - - ALL - resources: - requests: - ## You can use the Kubecost savings report for 'Right-size your - ## container requests' to determine the recommended resource requests - ## once the pod has run for 24 hours. - cpu: 1000m - memory: 500Mi - ## default storage class - storageClass: "" - databaseVolumeSize: 100Gi - configVolumeSize: 1Gi - initImage: {} - # Optional - add extra ports to the query service container. For kubecost development purposes only - not recommended for users. - extraPorts: [] - # - name: debug - # port: 40000 - # targetPort: 40000 - # containerPort: 40000 +## Kubecost Forecasting forecasts future cost patterns based on historical +## patterns observed by Kubecost. +forecasting: + enabled: true + + # fullImageName overrides the default image construction logic. The exact + # image provided (registry, image, tag) will be used for the forecasting + # container. + # Example: fullImageName: gcr.io/kubecost1/forecasting:v0.0.1 + fullImageName: gcr.io/kubecost1/kubecost-modeling:v0.1.2 + + # Resource specification block for the forecasting container. + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + cpu: 1500m + memory: 1Gi + + # Set environment variables for the forecasting container as key/value pairs. + env: + # -t is the worker timeout which primarily affects model training time; + # if it is not high enough, training workers may die mid training + "GUNICORN_CMD_ARGS": "--log-level info -t 1200" + + # Define a priority class for the forecasting Deployment. + priority: + enabled: false + name: "" + + # Define a nodeSelector for the forecasting Deployment. + nodeSelector: {} + + # Define tolerations for the forecasting Deployment. + tolerations: {} + + # Define Pod affinity for the forecasting Deployment. + affinity: {} + + # Define a readiness probe for the forecasting container + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 200 + + # Define a liveness probe for the forecasting container. + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 200 ## The Kubecost Aggregator is a high scale implementation of Kubecost intended ## for large datasets and/or high query load. At present, this should only be ## enabled when recommended by Kubecost staff. ## kubecostAggregator: - enabled: false - replicas: 1 - ## Creates a new pod to retrieve CloudCost data. By default it uses the same - ## serviceaccount as the cost-analyzer pod. A custom serviceaccount can be - ## specified. - cloudCost: - enabled: false - # serviceAccountName: - jaeger: - enabled: false - image: jaegertracing/all-in-one - imageVersion: latest - # containerSecurityContext: + # deployMethod determines how Aggregator is deployed. Current options are + # "singlepod" (within cost-analyzer Pod) "statefulset" (separate + # StatefulSet), and "disabled". Only use "disabled" if this is a secondary + # Federated ETL cluster which does not need to answer queries. + deployMethod: singlepod + + # fullImageName overrides the default image construction logic. The exact + # image provided (registry, image, tag) will be used for aggregator. # fullImageName: + + # For legacy configuration support, `enabled: true` overrides deployMethod + # and causes `deployMethod: "statefulset"` + enabled: false + + # Replicas sets the number of Aggregator replicas. It only has an effect if + # `deployMethod: "statefulset"` + replicas: 1 + + # stagingEmptyDirSizeLimit changes how large the "staging" + # /var/configs/waterfowl emptyDir is. It only takes effect in StatefulSet + # configurations of Aggregator, other configurations are unaffected. + # + # It should be set to approximately 8x the size of the largest bingen file in + # object storage. For example, if your largest bingen file is a daily + # Allocation file with size 300MiB, this value should be set to approximately + # 2400Mi. In most environments, the default should suffice. + stagingEmptyDirSizeLimit: 2Gi + resources: {} + # requests: + # cpu: 1000m + # memory: 1Gi env: "LOG_LEVEL": "info" + "DB_READ_THREADS": "1" + "DB_WRITE_THREADS": "1" + "DB_CONCURRENT_INGESTION_COUNT": "3" persistentConfigsStorage: # default storage class storageClass: "" storageRequest: 1Gi - aggregatorStorage: - # default storage class - storageClass: "" - storageRequest: 20Gi aggregatorDbStorage: # default storage class storageClass: "" storageRequest: 128Gi + + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 200 + # extraEnv: # - name: SOME_VARIABLE # value: "some_value" @@ -1097,6 +2382,38 @@ kubecostAggregator: # containerPort: 40000 securityContext: {} # Define a securityContext for the aggregator pod. This will take highest precedence. + ## Creates a new container/pod to retrieve CloudCost data. By default it uses + ## the same serviceaccount as the cost-analyzer pod. A custom serviceaccount + ## can be specified. + cloudCost: + # The cloudCost component of Aggregator depends on + # kubecostAggregator.deployMethod: + # kA.dM = "singlepod" -> cloudCost is run as container inside cost-analyzer + # kA.dM = "statefulset" -> cloudCost is run as single-replica Deployment + enabled: false + resources: {} + # requests: + # cpu: 1000m + # memory: 1Gi + # refreshRateHours: + # queryWindowDays: + # runWindowDays: + # serviceAccountName: + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 200 + + # Jaeger is an optional container attached to wherever the Aggregator + # container is running. It is used for performance investigation. Enable if + # Kubecost Support asks. + jaeger: + enabled: false + image: jaegertracing/all-in-one + imageVersion: latest + # containerSecurityContext: + ## Kubecost Multi-cluster Diagnostics (beta) ## A single view into the health of all agent clusters. Each agent cluster sends ## its diagnostic data to a storage bucket. Future versions may include @@ -1124,11 +2441,59 @@ diagnostics: # Kubecost Cluster Controller for Right Sizing and Cluster Turndown clusterController: enabled: false - image: gcr.io/kubecost1/cluster-controller:v0.13.0 + image: + repository: gcr.io/kubecost1/cluster-controller + tag: v0.14.0 imagePullPolicy: Always ## PriorityClassName ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" + # Set custom tolerations for the cluster controller. + tolerations: [] + actionConfigs: + # this configures the Kubecost Namespace Turndown action + # for more details, see documentation at https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/savings/savings-actions#namespace-turndown + namespaceTurndown: + # - name: my-ns-turndown-action + # dryRun: false + # schedule: "0 0 * * *" + # type: Scheduled + # targetObjs: + # - namespace + # keepPatterns: + # - ignorednamespace + # keepLabels: + # turndown: ignore + # params: + # minNamespaceAge: 4h + # this configures the Kubecost Cluster Sizing action + # for more details, see documentation at https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/savings/savings-actions#cluster-sizing + clusterRightsize: + # startTime: '2024-01-02T15:04:05Z' + # frequencyMinutes: 1440 + # lastCompleted: '' + # recommendationParams: + # window: 48h + # architecture: '' + # targetUtilization: 0.8 + # minNodeCount: 1 + # allowSharedCore: false + # allowCostIncrease: false + # recommendationType: '' + # this configures the Kubecost Request Sizing action + # for more details, see documentation at https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/savings/savings-actions#automated-request-sizing + containerRightsize: + # workloads: + # - clusterID: cluster-one + # namespace: kube-system + # controllerKind: deployment + # controllerName: kube-dns-autoscaler + # schedule: + # start: 2024-01-30T00:00 + # frequencyMinutes: 1440 + # cpuTarget: 0.8 + # ramTarget: 0.8 + kubescaler: # If true, will cause all (supported) workloads to be have their requests # automatically right-sized on a regular basis. @@ -1181,8 +2546,11 @@ grafana: # namespace_datasources: kubecost # override the default namespace here # namespace_dashboards: kubecost # override the default namespace here rbac: - # Manage the Grafana Pod Security Policy - pspEnabled: false + create: true + + ## Configure grafana datasources + ## ref: http://docs.grafana.org/administration/provisioning/#datasources + ## # datasources: # datasources.yaml: # apiVersion: 1 @@ -1197,49 +2565,297 @@ grafana: # prometheusType: Prometheus # prometheusVersion: 2.35.0 # timeInterval: 1m + + ## Number of replicas for the Grafana deployment + replicas: 1 + + ## Deployment strategy for the Grafana deployment + deploymentStrategy: RollingUpdate + + ## Readiness probe for the Grafana deployment + readinessProbe: + httpGet: + path: /api/health + port: 3000 + + ## Liveness probe for the Grafana deployment + livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + + ## Container image settings for the Grafana deployment + image: + repository: grafana/grafana + tag: 10.3.1 + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + # pullSecrets: + # - myRegistrKeySecretName + + ## Pod-level security context for the Grafana deployment. Recommended let global defaults take effect. + securityContext: {} + # runAsUser: 472 + # fsGroup: 472 + + ## PriorityClassName for the Grafana deployment + priorityClassName: "" + + ## Container image settings for Grafana initContainer used to download dashboards. Will only be used when dashboards are present. + downloadDashboardsImage: + repository: curlimages/curl + tag: latest + pullPolicy: IfNotPresent + + ## Pod Annotations for the Grafana deployment + podAnnotations: {} + + ## Deployment annotations for the Grafana deployment + annotations: {} + + ## Expose the Grafana service to be accessed from outside the cluster (LoadBalancer service). + ## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. + service: + type: ClusterIP + port: 80 + annotations: {} + labels: {} + + ## Ingress service for the Grafana deployment + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + pathType: Prefix + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + ## Resource requests and limits for the Grafana deployment + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + ## Node labels for pod assignment of the Grafana deployment + nodeSelector: {} + + ## Tolerations for pod assignment of the Grafana deployment + tolerations: [] + + ## Affinity for pod assignment of the Grafana deployment + affinity: {} + + ## Enable persistence using Persistent Volume Claims of the Grafana deployment + persistence: + enabled: false + # storageClassName: default + # accessModes: + # - ReadWriteOnce + # size: 10Gi + # annotations: {} + # subPath: "" + # existingClaim: + + ## Admin user for Grafana + adminUser: admin + + ## Admin password for Grafana + adminPassword: strongpassword + + ## Use an alternate scheduler for the Grafana deployment + # schedulerName: + + ## Extra environment variables that will be passed onto Grafana deployment pods + env: {} + + ## The name of a secret for Grafana in the same Kubernetes namespace which contain values to be added to the environment + ## This can be useful for auth tokens, etc + envFromSecret: "" + + ## Additional Grafana server secret mounts + ## Defines additional mounts with secrets. Secrets must be manually created in the namespace. + extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + + ## List of Grafana plugins + plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + + ## Grafana dashboard providers + ## ref: http://docs.grafana.org/administration/provisioning/#dashboards + ## + ## `path` must be /var/lib/grafana/dashboards/ + ## + dashboardProviders: {} + # dashboardproviders.yaml: + # apiVersion: 1 + # providers: + # - name: 'default' + # orgId: 1 + # folder: '' + # type: file + # disableDeletion: false + # editable: true + # options: + # path: /var/lib/grafana/dashboards/default + + ## Configure Grafana dashboard to import + ## NOTE: To use dashboards you must also enable/configure dashboardProviders + ## ref: https://grafana.com/dashboards + ## + ## dashboards per provider, use provider name as key. + ## + dashboards: {} + # default: + # prometheus-stats: + # gnetId: 3662 + # revision: 2 + # datasource: Prometheus + + ## Reference to external Grafana ConfigMap per provider. Use provider name as key and ConfiMap name as value. + ## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. + ## ConfigMap data example: + ## + ## data: + ## example-dashboard.json: | + ## RAW_JSON + ## + dashboardsConfigMaps: {} + # default: "" + + ## LDAP Authentication for Grafana can be enabled with the following values on grafana.ini + ## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + + ## Grafana's LDAP configuration + ## Templated by the template in _helpers.tpl + ## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled + ## ref: http://docs.grafana.org/installation/configuration/#auth-ldap + ## ref: http://docs.grafana.org/installation/ldap/#configuration + ldap: + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + + ## Grafana's SMTP configuration + ## NOTE: To enable, grafana.ini must be configured with smtp.enabled + ## ref: http://docs.grafana.org/installation/configuration/#smtp + smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana in keys `user` and `password`. + existingSecret: "" + + ## Grafana sidecars that collect the configmaps with specified label and stores the included files them into the respective folders + ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: + image: + repository: kiwigrid/k8s-sidecar + tag: 1.25.3 + pullPolicy: IfNotPresent + resources: {} dashboards: enabled: true # label that the configmaps with dashboards are marked with label: grafana_dashboard + labelValue: "1" # set sidecar ERROR_THROTTLE_SLEEP env var from default 5s to 0s -> fixes https://github.com/kubecost/cost-analyzer-helm-chart/issues/877 annotations: {} error_throttle_sleep: 0 + folder: /tmp/dashboards datasources: # dataSourceFilename: foo.yml # If you need to change the name of the datasource file enabled: false error_throttle_sleep: 0 -# For grafana to be accessible, add the path to root_url. For example, if you run kubecost at www.foo.com:9090/kubecost -# set root_url to "%(protocol)s://%(domain)s:%(http_port)s/kubecost/grafana". No change is necessary here if kubecost runs at a root URL + # label that the configmaps with datasources are marked with + label: grafana_datasource + + ## Grafana's primary configuration + ## NOTE: values in map will be converted to ini format + ## ref: http://docs.grafana.org/installation/configuration/ + ## + ## For grafana to be accessible, add the path to root_url. For example, if you run kubecost at www.foo.com:9090/kubecost + ## set root_url to "%(protocol)s://%(domain)s:%(http_port)s/kubecost/grafana". No change is necessary here if kubecost runs at a root URL grafana.ini: server: serve_from_sub_path: false # Set to false on Grafana v10+ root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana" + paths: + data: /var/lib/grafana/data + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net + auth.anonymous: + enabled: true + org_role: Editor + org_name: Main Org. + serviceAccount: create: true # Set this to false if you're bringing your own service account. annotations: {} # name: kc-test + awsstore: useAwsStore: false - # imageNameAndVersion: gcr.io/kubecost1/awsstore:latest # Name and version of the container image for AWSStore. + imageNameAndVersion: gcr.io/kubecost1/awsstore:latest # Name and version of the container image for AWSStore. createServiceAccount: false ## PriorityClassName ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" + # Use a custom nodeSelector for AWSStore. + nodeSelector: {} + # kubernetes.io/arch: amd64 ## Federated ETL Architecture ## Ref: https://docs.kubecost.com/install-and-configure/install/multi-cluster/federated-etl ## federatedETL: + + ## If true, installs the minimal set of components required for a Federated ETL cluster. + agentOnly: false + ## If true, push ETL data to the federated storage bucket federatedCluster: false - ## If true, load ETL data from the combined storage bucket to display data - ## from all monitored clusters. Note, if this is your first time setting up - ## Federated ETL, ensure you see federated ETL data in combined storage before - ## setting this config to true. - primaryCluster: false - ## If true, changes the dir of S3 backup to the Federated combined store. ## Commonly used when transitioning from Thanos to Federated ETL architecture. redirectS3Backup: false @@ -1248,39 +2864,6 @@ federatedETL: ## Prometheus) useMultiClusterDB: false - ## The Federator is responsible for combining each cluster's ETL files located - ## in the federated storage bucket, and placing results in the combined - ## storage bucket. - federator: - enabled: false - - ## Optional. Used when reconciliation is expected to occur on the Primary. - # primaryClusterID: "cluster_id" - - ## Optional. Allowlist of which cluster_ids to federate. If not set, the - ## federator will attempt to federated all clusters pushing to the federated - ## storage. - clusters: [] - - ## Optional. A list of extra volumes to pass to the federator Pod. - # extraVolumes: [] - - ## Optional. A list of extra volume mounts to pass to the federator Pod. - # extraVolumeMounts: [] - - ## Optional. An RFC 3339-formatted string. All ETL files with windows that - ## fall before this time are not processed by the Federator. If this is not - ## set, the Federator will process all files regardless of date. - # federationCutoffDate: "2022-10-18T00:00:00.000Z" - - ## Optional. You can use the Kubecost savings report for 'Right-size your - ## container requests' to determine the recommended resource requests once - ## the pod has run for 24 hours. - resources: {} - # requests: - # cpu: 100m - # memory: 500Mi - ## Kubecost Admission Controller (beta feature) ## To use this feature, ensure you have run the `create-admission-controller.sh` ## script. This generates a k8s secret with TLS keys/certificats and a @@ -1309,109 +2892,158 @@ costEventsAudit: # An optional list of cluster definitions that can be added for frontend access. The local # cluster is *always* included by default, so this list is for non-local clusters. # Ref: https://github.com/kubecost/docs/blob/main/multi-cluster.md -# clusters: -# - name: "Cluster A" -# address: http://cluster-a.kubecost.com:9090 -# # Optional authentication credentials - only basic auth is currently supported. -# auth: -# type: basic -# # Secret name should be a secret formatted based on: https://github.com/kubecost/docs/blob/main/ingress-examples.md -# secretName: cluster-a-auth -# # Or pass auth directly as base64 encoded user:pass -# data: YWRtaW46YWRtaW4= -# # Or user and pass directly -# user: admin -# pass: admin -# - name: "Cluster B" -# address: http://cluster-b.kubecost.com:9090 -# defaultModelPricing: # default monthly resource prices, used predominately for on-prem clusters. Use quotes if setting "0.00" for any item. -# CPU: 28.0 -# spotCPU: 4.86 -# RAM: 3.09 -# spotRAM: 0.65 -# GPU: 693.50 -# spotGPU: 225.0 -# storage: 0.04 -# zoneNetworkEgress: 0.01 -# regionNetworkEgress: 0.01 -# internetNetworkEgress: 0.12 -# enabled: true -# # The cluster profile represents a predefined set of parameters to use when calculating savings. -# # Possible values are: [ development, production, high-availability ] -# clusterProfile: production -# customPricesEnabled: false # This makes the default view custom prices-- generally used for on-premises clusters -# spotLabel: lifecycle -# spotLabelValue: Ec2Spot -# gpuLabel: gpu -# gpuLabelValue: true -# awsServiceKeyName: ACCESSKEYID -# awsServiceKeyPassword: fakepassword # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName -# awsSpotDataRegion: us-east-1 -# awsSpotDataBucket: spot-data-feed-s3-bucket -# awsSpotDataPrefix: dev -# athenaProjectID: "530337586277" # The AWS AccountID where the Athena CUR is. Generally your masterpayer account -# athenaBucketName: "s3://aws-athena-query-results-530337586277-us-east-1" -# athenaRegion: us-east-1 -# athenaDatabase: athenacurcfn_athena_test1 -# athenaTable: "athena_test1" -# athenaWorkgroup: "primary" # The default workgroup in AWS is 'primary' -# masterPayerARN: "" -# projectID: "123456789" # Also known as AccountID on AWS -- the current account/project that this instance of Kubecost is deployed on. -# gcpSecretName: gcp-secret # Name of a secret representing the gcp service key -# gcpSecretKeyName: compute-viewer-kubecost-key.json # Name of the secret's key containing the gcp service key -# bigQueryBillingDataDataset: billing_data.gcp_billing_export_v1_01AC9F_74CF1D_5565A2 -# labelMappingConfigs: # names of k8s labels or annotations used to designate different allocation concepts -# enabled: true -# owner_label: "owner" -# team_label: "team" -# department_label: "dept" -# product_label: "product" -# environment_label: "env" -# namespace_external_label: "kubernetes_namespace" # external labels/tags are used to map external cloud costs to kubernetes concepts -# cluster_external_label: "kubernetes_cluster" -# controller_external_label: "kubernetes_controller" -# product_external_label: "kubernetes_label_app" -# service_external_label: "kubernetes_service" -# deployment_external_label: "kubernetes_deployment" -# owner_external_label: "kubernetes_label_owner" -# team_external_label: "kubernetes_label_team" -# environment_external_label: "kubernetes_label_env" -# department_external_label: "kubernetes_label_department" -# statefulset_external_label: "kubernetes_statefulset" -# daemonset_external_label: "kubernetes_daemonset" -# pod_external_label: "kubernetes_pod" -# grafanaURL: "" -# # Provide a mapping from Account ID to a readable Account Name in a key/value object. Provide Account IDs as they are displayed in CloudCost -# # as the 'key' and the Account Name associated with it as the 'value' -# cloudAccountMapping: -# EXAMPLE_ACCOUNT_ID: EXAMPLE_ACCOUNT_NAME -# clusterName: "" # clusterName is the default context name in settings. -# clusterAccountID: "" # Manually set Account property for assets -# currencyCode: "USD" # official support for USD, AUD, BRL, CAD, CHF, CNY, DKK, EUR, GBP, IDR, INR, JPY, NOK, PLN, SEK -# azureBillingRegion: US # Represents 2-letter region code, e.g. West Europe = NL, Canada = CA. ref: https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes -# azureSubscriptionID: 0bd50fdf-c923-4e1e-850c-196dd3dcc5d3 -# azureClientID: f2ef6f7d-71fb-47c8-b766-8d63a19db017 -# azureTenantID: 72faf3ff-7a3f-4597-b0d9-7b0b201bb23a -# azureClientPassword: fake key # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName -# azureOfferDurableID: "MS-AZR-0003p" -# discount: "" # percentage discount applied to compute -# negotiatedDiscount: "" # custom negotiated cloud provider discount -# defaultIdle: false -# serviceKeySecretName: "" # Use an existing AWS or Azure secret with format as in aws-service-key-secret.yaml or azure-service-key-secret.yaml. Leave blank if using createServiceKeySecret -# createServiceKeySecret: true # Creates a secret representing your cloud service key based on data in values.yaml. If you are storing unencrypted values, add a secret manually -# sharedNamespaces: "" # namespaces with shared workloads, example value: "kube-system\,ingress-nginx\,kubecost\,monitoring" -# sharedOverhead: "" # value representing a fixed external cost per month to be distributed among aggregations. -# shareTenancyCosts: true # enable or disable sharing costs such as cluster management fees (defaults to "true" on Settings page) -# metricsConfigs: # configuration for metrics emitted by Kubecost -# disabledMetrics: [] # list of metrics that Kubecost will not emit. Note that disabling metrics can lead to unexpected behavior in the cost-model. -# productKey: # apply business or enterprise product license -# key: "" -# enabled: false -# secretname: productkeysecret # create a secret out of a file named productkey.json of format { "key": "kc-b1325234" }. If the secretname is specified, a configmap with the key will not be created -# mountPath: "/some/custom/path/productkey.json" # (use instead of secretname) declare the path at which the product key file is mounted (eg. by a secrets provisioner). The file must be of format { "key": "kc-b1325234" } -# cloudIntegrationSecret: "cloud-integration" -# ingestPodUID: false # Enables using UIDs to uniquely ID pods. This requires either Kubecost's replicated KSM metrics, or KSM v2.1.0+. This may impact performance, and changes the default cost-model allocation behavior. -# regionOverrides: "region1,region2,region3" # list of regions which will override default costmodel provider regions + # clusters: + # - name: "Cluster A" + # address: http://cluster-a.kubecost.com:9090 + # # Optional authentication credentials - only basic auth is currently supported. + # auth: + # type: basic + # # Secret name should be a secret formatted based on: https://github.com/kubecost/docs/blob/main/ingress-examples.md + # secretName: cluster-a-auth + # # Or pass auth directly as base64 encoded user:pass + # data: YWRtaW46YWRtaW4= + # # Or user and pass directly + # user: admin + # pass: admin + # - name: "Cluster B" + # address: http://cluster-b.kubecost.com:9090 + # defaultModelPricing: # default monthly resource prices, used predominately for on-prem clusters. Use quotes if setting "0.00" for any item. + # CPU: 28.0 + # spotCPU: 4.86 + # RAM: 3.09 + # spotRAM: 0.65 + # GPU: 693.50 + # spotGPU: 225.0 + # storage: 0.04 + # zoneNetworkEgress: 0.01 + # regionNetworkEgress: 0.01 + # internetNetworkEgress: 0.12 + # enabled: true + # # The cluster profile represents a predefined set of parameters to use when calculating savings. + # # Possible values are: [ development, production, high-availability ] + # clusterProfile: production + # customPricesEnabled: false # This makes the default view custom prices-- generally used for on-premises clusters + # spotLabel: lifecycle + # spotLabelValue: Ec2Spot + # gpuLabel: gpu + # gpuLabelValue: true + # awsServiceKeyName: ACCESSKEYID + # awsServiceKeyPassword: fakepassword # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName + # awsSpotDataRegion: us-east-1 + # awsSpotDataBucket: spot-data-feed-s3-bucket + # awsSpotDataPrefix: dev + # athenaProjectID: "530337586277" # The AWS AccountID where the Athena CUR is. Generally your masterpayer account + # athenaBucketName: "s3://aws-athena-query-results-530337586277-us-east-1" + # athenaRegion: us-east-1 + # athenaDatabase: athenacurcfn_athena_test1 + # athenaTable: "athena_test1" + # athenaWorkgroup: "primary" # The default workgroup in AWS is 'primary' + # masterPayerARN: "" + # projectID: "123456789" # Also known as AccountID on AWS -- the current account/project that this instance of Kubecost is deployed on. + # gcpSecretName: gcp-secret # Name of a secret representing the gcp service key + # gcpSecretKeyName: compute-viewer-kubecost-key.json # Name of the secret's key containing the gcp service key + # bigQueryBillingDataDataset: billing_data.gcp_billing_export_v1_01AC9F_74CF1D_5565A2 + # labelMappingConfigs: # names of k8s labels or annotations used to designate different allocation concepts + # enabled: true + # owner_label: "owner" + # team_label: "team" + # department_label: "dept" + # product_label: "product" + # environment_label: "env" + # namespace_external_label: "kubernetes_namespace" # external labels/tags are used to map external cloud costs to kubernetes concepts + # cluster_external_label: "kubernetes_cluster" + # controller_external_label: "kubernetes_controller" + # product_external_label: "kubernetes_label_app" + # service_external_label: "kubernetes_service" + # deployment_external_label: "kubernetes_deployment" + # owner_external_label: "kubernetes_label_owner" + # team_external_label: "kubernetes_label_team" + # environment_external_label: "kubernetes_label_env" + # department_external_label: "kubernetes_label_department" + # statefulset_external_label: "kubernetes_statefulset" + # daemonset_external_label: "kubernetes_daemonset" + # pod_external_label: "kubernetes_pod" + # grafanaURL: "" + # # Provide a mapping from Account ID to a readable Account Name in a key/value object. Provide Account IDs as they are displayed in CloudCost + # # as the 'key' and the Account Name associated with it as the 'value' + # cloudAccountMapping: + # EXAMPLE_ACCOUNT_ID: EXAMPLE_ACCOUNT_NAME + # clusterName: "" # clusterName is the default context name in settings. + # clusterAccountID: "" # Manually set Account property for assets + # currencyCode: "USD" # official support for USD, AUD, BRL, CAD, CHF, CNY, DKK, EUR, GBP, IDR, INR, JPY, NOK, PLN, SEK + # azureBillingRegion: US # Represents 2-letter region code, e.g. West Europe = NL, Canada = CA. ref: https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes + # azureSubscriptionID: 0bd50fdf-c923-4e1e-850c-196dd3dcc5d3 + # azureClientID: f2ef6f7d-71fb-47c8-b766-8d63a19db017 + # azureTenantID: 72faf3ff-7a3f-4597-b0d9-7b0b201bb23a + # azureClientPassword: fake key # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName + # azureOfferDurableID: "MS-AZR-0003p" + # discount: "" # percentage discount applied to compute + # negotiatedDiscount: "" # custom negotiated cloud provider discount + # defaultIdle: false + # serviceKeySecretName: "" # Use an existing AWS or Azure secret with format as in aws-service-key-secret.yaml or azure-service-key-secret.yaml. Leave blank if using createServiceKeySecret + # createServiceKeySecret: true # Creates a secret representing your cloud service key based on data in values.yaml. If you are storing unencrypted values, add a secret manually + # sharedNamespaces: "" # namespaces with shared workloads, example value: "kube-system\,ingress-nginx\,kubecost\,monitoring" + # sharedOverhead: "" # value representing a fixed external cost per month to be distributed among aggregations. + # shareTenancyCosts: true # enable or disable sharing costs such as cluster management fees (defaults to "true" on Settings page) + # metricsConfigs: # configuration for metrics emitted by Kubecost + # disabledMetrics: [] # list of metrics that Kubecost will not emit. Note that disabling metrics can lead to unexpected behavior in the cost-model. + # productKey: # apply business or enterprise product license + # key: "" + # enabled: false + # secretname: productkeysecret # create a secret out of a file named productkey.json of format { "key": "kc-b1325234" }. If the secretname is specified, a configmap with the key will not be created + # mountPath: "/some/custom/path/productkey.json" # (use instead of secretname) declare the path at which the product key file is mounted (eg. by a secrets provisioner). The file must be of format { "key": "kc-b1325234" } + + ## Specify an existing Kubernetes Secret holding the cloud integration information. This Secret must contain + ## a key with name `cloud-integration.json` and the contents must be in a specific format. It is expected + ## to exist in the release Namespace. This is mutually exclusive with cloudIntegrationJSON where only one must be defined. + # cloudIntegrationSecret: "cloud-integration" + + ## Specify the cloud integration information in JSON form if pointing to an existing Secret is not desired or you'd rather + ## define the cloud integration information directly in the values file. This will result in a new Secret being created + ## named `cloud-integration` in the release Namespace. It is mutually exclusive with the cloudIntegrationSecret where only one must be defined. + # cloudIntegrationJSON: |- + # { + # "aws": [ + # { + # "athenaBucketName": "s3://AWS_cloud_integration_athenaBucketName", + # "athenaRegion": "AWS_cloud_integration_athenaRegion", + # "athenaDatabase": "AWS_cloud_integration_athenaDatabase", + # "athenaTable": "AWS_cloud_integration_athenaBucketName", + # "projectID": "AWS_cloud_integration_athena_projectID", + # "serviceKeyName": "AWS_cloud_integration_athena_serviceKeyName", + # "serviceKeySecret": "AWS_cloud_integration_athena_serviceKeySecret" + # } + # ], + # "azure": [ + # { + # "azureSubscriptionID": "my-subscription-id", + # "azureStorageAccount": "my-storage-account", + # "azureStorageAccessKey": "my-storage-access-key", + # "azureStorageContainer": "my-storage-container" + # } + # ], + # "gcp": [ + # { + # "projectID": "my-project-id", + # "billingDataDataset": "detailedbilling.my-billing-dataset", + # "key": { + # "type": "service_account", + # "project_id": "my-project-id", + # "private_key_id": "my-private-key-id", + # "private_key": "my-pem-encoded-private-key", + # "client_email": "my-service-account-name@my-project-id.iam.gserviceaccount.com", + # "client_id": "my-client-id", + # "auth_uri": "auth-uri", + # "token_uri": "token-uri", + # "auth_provider_x509_cert_url": "my-x509-provider-cert", + # "client_x509_cert_url": "my-x509-cert-url" + # } + # } + # ] + # } + + # ingestPodUID: false # Enables using UIDs to uniquely ID pods. This requires either Kubecost's replicated KSM metrics, or KSM v2.1.0+. This may impact performance, and changes the default cost-model allocation behavior. + # regionOverrides: "region1,region2,region3" # list of regions which will override default costmodel provider regions # -- Array of extra K8s manifests to deploy ## Note: Supports use of custom Helm templates diff --git a/charts/kuma/kuma/Chart.yaml b/charts/kuma/kuma/Chart.yaml index 99862cc6e..7a93dbcea 100644 --- a/charts/kuma/kuma/Chart.yaml +++ b/charts/kuma/kuma/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/namespace: kuma-system catalog.cattle.io/release-name: kuma apiVersion: v2 -appVersion: 2.5.1 +appVersion: 2.6.0 description: A Helm chart for the Kuma Control Plane home: https://github.com/kumahq/kuma icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg @@ -20,4 +20,4 @@ maintainers: name: nickolaev name: kuma type: application -version: 2.5.1 +version: 2.6.0 diff --git a/charts/kuma/kuma/README.md b/charts/kuma/kuma/README.md index 52e005421..c1d3b3f2d 100644 --- a/charts/kuma/kuma/README.md +++ b/charts/kuma/kuma/README.md @@ -2,7 +2,7 @@ A Helm chart for the Kuma Control Plane -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.5.1](https://img.shields.io/badge/Version-2.5.1-informational?style=flat-square) ![AppVersion: 2.5.1](https://img.shields.io/badge/AppVersion-2.5.1-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.6.0](https://img.shields.io/badge/Version-2.6.0-build-informational?style=flat-square) ![AppVersion: 2.6.0](https://img.shields.io/badge/AppVersion-2.6.0-build-informational?style=flat-square) **Homepage:** @@ -22,7 +22,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.extraLabels | object | `{}` | Labels to add to resources in addition to default labels | | controlPlane.logLevel | string | `"info"` | Kuma CP log level: one of off,info,debug | | controlPlane.logOutputPath | string | `""` | Kuma CP log output path: Defaults to /dev/stdout | -| controlPlane.mode | string | `"standalone"` | Kuma CP modes: one of standalone,zone,global | +| controlPlane.mode | string | `"zone"` | Kuma CP modes: one of zone,global | | controlPlane.zone | string | `nil` | Kuma CP zone, if running multizone | | controlPlane.kdsGlobalAddress | string | `""` | Only used in `zone` mode | | controlPlane.replicas | int | `1` | Number of replicas of the Kuma CP. Ignored when autoscaling is enabled | @@ -46,7 +46,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.service.enabled | bool | `true` | Whether to create a service resource. | | controlPlane.service.name | string | `nil` | Optionally override of the Kuma Control Plane Service's name | | controlPlane.service.type | string | `"ClusterIP"` | Service type of the Kuma Control Plane | -| controlPlane.service.annotations | object | `{}` | Additional annotations to put on the Kuma Control Plane | +| controlPlane.service.annotations | object | `{"prometheus.io/port":"5680","prometheus.io/scrape":"true"}` | Annotations to put on the Kuma Control Plane | | controlPlane.ingress.enabled | bool | `false` | Install K8s Ingress resource that exposes GUI and API | | controlPlane.ingress.ingressClassName | string | `nil` | IngressClass defines which controller will implement the resource | | controlPlane.ingress.hostname | string | `nil` | Ingress hostname | @@ -117,6 +117,7 @@ A Helm chart for the Kuma Control Plane | cni.resources.limits.memory | string | `"100Mi"` | | | cni.podSecurityContext | object | `{}` | Security context at the pod level for cni | | cni.containerSecurityContext | object | `{"readOnlyRootFilesystem":true,"runAsGroup":0,"runAsNonRoot":false,"runAsUser":0}` | Security context at the container level for cni | +| dataPlane.dnsLogging | bool | `false` | If true, then turn on CoreDNS query logging | | dataPlane.image.repository | string | `"kuma-dp"` | The Kuma DP image repository | | dataPlane.image.pullPolicy | string | `"IfNotPresent"` | Kuma DP ImagePullPolicy | | dataPlane.image.tag | string | `nil` | Kuma DP Image Tag. When not specified, the value is copied from global.tag | diff --git a/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml b/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml index 8a0af998e..449e4eb81 100644 --- a/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml +++ b/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: circuitbreakers.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml b/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml index 5fbde85cf..654bbf928 100644 --- a/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml +++ b/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: containerpatches.kuma.io spec: group: kuma.io @@ -23,14 +23,19 @@ spec: sidecar containers. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: type: string @@ -62,9 +67,9 @@ spec: description: Path is a jsonpatch path string. type: string value: - description: Value must be a string representing a valid json - object used by replace and add operations. String has to be - escaped with " to be valid a json object. + description: |- + Value must be a string representing a valid json object used + by replace and add operations. String has to be escaped with " to be valid a json object. type: string required: - op @@ -94,9 +99,9 @@ spec: description: Path is a jsonpatch path string. type: string value: - description: Value must be a string representing a valid json - object used by replace and add operations. String has to be - escaped with " to be valid a json object. + description: |- + Value must be a string representing a valid json object used + by replace and add operations. String has to be escaped with " to be valid a json object. type: string required: - op diff --git a/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml b/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml index 79a541f21..b184e1955 100644 --- a/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: dataplaneinsights.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml b/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml index 1f0088638..9d0be07cd 100644 --- a/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: dataplanes.kuma.io spec: group: kuma.io @@ -40,17 +40,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_externalservices.yaml b/charts/kuma/kuma/crds/kuma.io_externalservices.yaml index 02be62004..038ea3f7a 100644 --- a/charts/kuma/kuma/crds/kuma.io_externalservices.yaml +++ b/charts/kuma/kuma/crds/kuma.io_externalservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: externalservices.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml b/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml index 5eeef6418..93ce367fc 100644 --- a/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml +++ b/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: faultinjections.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml b/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml index c138c08e7..9599e09dd 100644 --- a/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml +++ b/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: healthchecks.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml b/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml index 411c1bb2c..df9919d58 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshaccesslogs.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,8 +53,9 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of clients referenced in + 'targetRef' properties: backends: items: @@ -59,10 +65,16 @@ spec: file based access logs properties: format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + description: |- + Format of access logs. Placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' items: properties: key: @@ -72,8 +84,10 @@ spec: type: object type: array omitEmptyValues: + default: false type: boolean plain: + example: '[%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST%' type: string type: enum: @@ -86,6 +100,8 @@ spec: path: description: Path to a file that logs will be written to + example: /tmp/access.log + minLength: 1 type: string required: - path @@ -94,8 +110,12 @@ spec: description: Defines an OpenTelemetry logging backend. properties: attributes: - description: Attributes can contain placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + description: |- + Attributes can contain placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' items: properties: key: @@ -105,9 +125,17 @@ spec: type: object type: array body: - description: Body is a raw string or an OTLP any - value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + description: |- + Body is a raw string or an OTLP any value as described at + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' x-kubernetes-preserve-unknown-fields: true endpoint: description: Endpoint of OpenTelemetry collector. @@ -123,12 +151,20 @@ spec: properties: address: description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 type: string format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + description: |- + Format of access logs. Placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' items: properties: key: @@ -138,8 +174,10 @@ spec: type: object type: array omitEmptyValues: + default: false type: boolean plain: + example: '[%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST%' type: string type: enum: @@ -164,8 +202,9 @@ spec: type: array type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. + description: |- + TargetRef is a reference to the resource that represents a group of + clients. properties: kind: description: Kind of the referenced resource @@ -182,15 +221,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: @@ -198,9 +249,10 @@ spec: type: object type: array targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined in-place. properties: kind: description: Kind of the referenced resource @@ -217,14 +269,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object to: @@ -233,8 +298,9 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of destinations referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of destinations referenced in + 'targetRef' properties: backends: items: @@ -244,10 +310,16 @@ spec: file based access logs properties: format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + description: |- + Format of access logs. Placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' items: properties: key: @@ -257,8 +329,10 @@ spec: type: object type: array omitEmptyValues: + default: false type: boolean plain: + example: '[%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST%' type: string type: enum: @@ -271,6 +345,8 @@ spec: path: description: Path to a file that logs will be written to + example: /tmp/access.log + minLength: 1 type: string required: - path @@ -279,8 +355,12 @@ spec: description: Defines an OpenTelemetry logging backend. properties: attributes: - description: Attributes can contain placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + description: |- + Attributes can contain placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' items: properties: key: @@ -290,9 +370,17 @@ spec: type: object type: array body: - description: Body is a raw string or an OTLP any - value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + description: |- + Body is a raw string or an OTLP any value as described at + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' x-kubernetes-preserve-unknown-fields: true endpoint: description: Endpoint of OpenTelemetry collector. @@ -308,12 +396,20 @@ spec: properties: address: description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 type: string format: - description: Format of access logs. Placeholders - available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + description: |- + Format of access logs. Placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' items: properties: key: @@ -323,8 +419,10 @@ spec: type: object type: array omitEmptyValues: + default: false type: boolean plain: + example: '[%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST%' type: string type: enum: @@ -349,8 +447,9 @@ spec: type: array type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -367,15 +466,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml b/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml index ffae58e55..3c6a01d82 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshcircuitbreakers.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -49,228 +54,216 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of destinations referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of destinations + referenced in 'targetRef' properties: connectionLimits: - description: ConnectionLimits contains configuration of - each circuit breaking limit, which when exceeded makes - the circuit breaker to become open (no traffic is allowed - like no current is allowed in the circuits when physical + description: |- + ConnectionLimits contains configuration of each circuit breaking limit, + which when exceeded makes the circuit breaker to become open (no traffic + is allowed like no current is allowed in the circuits when physical circuit breaker ir open) properties: maxConnectionPools: - description: The maximum number of connection pools - per cluster that are concurrently supported at once. - Set this for clusters which create a large number - of connection pools. + description: |- + The maximum number of connection pools per cluster that are concurrently + supported at once. Set this for clusters which create a large number of + connection pools. format: int32 type: integer maxConnections: - description: The maximum number of connections allowed - to be made to the upstream cluster. + description: |- + The maximum number of connections allowed to be made to the upstream + cluster. format: int32 type: integer maxPendingRequests: - description: The maximum number of pending requests - that are allowed to the upstream cluster. This limit - is applied as a connection limit for non-HTTP traffic. + description: |- + The maximum number of pending requests that are allowed to the upstream + cluster. This limit is applied as a connection limit for non-HTTP + traffic. format: int32 type: integer maxRequests: - description: The maximum number of parallel requests - that are allowed to be made to the upstream cluster. - This limit does not apply to non-HTTP traffic. + description: |- + The maximum number of parallel requests that are allowed to be made + to the upstream cluster. This limit does not apply to non-HTTP traffic. format: int32 type: integer maxRetries: - description: The maximum number of parallel retries - that will be allowed to the upstream cluster. + description: |- + The maximum number of parallel retries that will be allowed to + the upstream cluster. format: int32 type: integer type: object outlierDetection: - description: OutlierDetection contains the configuration - of the process of dynamically determining whether some - number of hosts in an upstream cluster are performing - unlike the others and removing them from the healthy load - balancing set. Performance might be along different axes - such as consecutive failures, temporal success rate, temporal - latency, etc. Outlier detection is a form of passive health - checking. + description: |- + OutlierDetection contains the configuration of the process of dynamically + determining whether some number of hosts in an upstream cluster are + performing unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes such as + consecutive failures, temporal success rate, temporal latency, etc. + Outlier detection is a form of passive health checking. properties: baseEjectionTime: - description: The base time that a host is ejected for. - The real time is equal to the base time multiplied - by the number of times the host has been ejected. + description: |- + The base time that a host is ejected for. The real time is equal to + the base time multiplied by the number of times the host has been + ejected. type: string detectors: description: Contains configuration for supported outlier detectors properties: failurePercentage: - description: Failure Percentage based outlier detection - functions similarly to success rate detection, - in that it relies on success rate data from each - host in a cluster. However, rather than compare - those values to the mean success rate of the cluster - as a whole, they are compared to a flat user-configured - threshold. This threshold is configured via the + description: |- + Failure Percentage based outlier detection functions similarly to success + rate detection, in that it relies on success rate data from each host in + a cluster. However, rather than compare those values to the mean success + rate of the cluster as a whole, they are compared to a flat + user-configured threshold. This threshold is configured via the outlierDetection.failurePercentageThreshold field. - The other configuration fields for failure percentage - based detection are similar to the fields for - success rate detection. As with success rate detection, - detection will not be performed for a host if - its request volume over the aggregation interval - is less than the outlierDetection.detectors.failurePercentage.requestVolume - value. Detection also will not be performed for - a cluster if the number of hosts with the minimum - required request volume in an interval is less - than the outlierDetection.detectors.failurePercentage.minimumHosts - value. + The other configuration fields for failure percentage based detection are + similar to the fields for success rate detection. As with success rate + detection, detection will not be performed for a host if its request + volume over the aggregation interval is less than the + outlierDetection.detectors.failurePercentage.requestVolume value. + Detection also will not be performed for a cluster if the number of hosts + with the minimum required request volume in an interval is less than the + outlierDetection.detectors.failurePercentage.minimumHosts value. properties: minimumHosts: - description: The minimum number of hosts in - a cluster in order to perform failure percentage-based - ejection. If the total number of hosts in - the cluster is less than this value, failure - percentage-based ejection will not be performed. + description: |- + The minimum number of hosts in a cluster in order to perform failure + percentage-based ejection. If the total number of hosts in the cluster is + less than this value, failure percentage-based ejection will not be + performed. format: int32 type: integer requestVolume: - description: The minimum number of total requests - that must be collected in one interval (as - defined by the interval duration above) to - perform failure percentage-based ejection - for this host. If the volume is lower than - this setting, failure percentage-based ejection - will not be performed for this host. + description: |- + The minimum number of total requests that must be collected in one + interval (as defined by the interval duration above) to perform failure + percentage-based ejection for this host. If the volume is lower than this + setting, failure percentage-based ejection will not be performed for this + host. format: int32 type: integer threshold: - description: The failure percentage to use when - determining failure percentage-based outlier - detection. If the failure percentage of a - given host is greater than or equal to this - value, it will be ejected. + description: |- + The failure percentage to use when determining failure percentage-based + outlier detection. If the failure percentage of a given host is greater + than or equal to this value, it will be ejected. format: int32 type: integer type: object gatewayFailures: - description: In the default mode (outlierDetection.splitExternalLocalOriginErrors - is false) this detection type takes into account - a subset of 5xx errors, called "gateway errors" - (502, 503 or 504 status code) and local origin - failures, such as timeout, TCP reset etc. In split - mode (outlierDetection.splitExternalLocalOriginErrors - is true) this detection type takes into account - a subset of 5xx errors, called "gateway errors" - (502, 503 or 504 status code) and is supported - only by the http router. + description: |- + In the default mode (outlierDetection.splitExternalLocalOriginErrors is + false) this detection type takes into account a subset of 5xx errors, + called "gateway errors" (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. + In split mode (outlierDetection.splitExternalLocalOriginErrors is true) + this detection type takes into account a subset of 5xx errors, called + "gateway errors" (502, 503 or 504 status code) and is supported only by + the http router. properties: consecutive: - description: The number of consecutive gateway - failures (502, 503, 504 status codes) before - a consecutive gateway failure ejection occurs. + description: |- + The number of consecutive gateway failures (502, 503, 504 status codes) + before a consecutive gateway failure ejection occurs. format: int32 type: integer type: object localOriginFailures: - description: 'This detection type is enabled only - when outlierDetection.splitExternalLocalOriginErrors - is true and takes into account only locally originated - errors (timeout, reset, etc). If Envoy repeatedly - cannot connect to an upstream host or communication - with the upstream host is repeatedly interrupted, - it will be ejected. Various locally originated - problems are detected: timeout, TCP reset, ICMP - errors, etc. This detection type is supported - by http router and tcp proxy.' + description: |- + This detection type is enabled only when + outlierDetection.splitExternalLocalOriginErrors is true and takes into + account only locally originated errors (timeout, reset, etc). + If Envoy repeatedly cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, it will be ejected. + Various locally originated problems are detected: timeout, TCP reset, + ICMP errors, etc. This detection type is supported by http router and + tcp proxy. properties: consecutive: - description: The number of consecutive locally - originated failures before ejection occurs. - Parameter takes effect only when splitExternalAndLocalErrors + description: |- + The number of consecutive locally originated failures before ejection + occurs. Parameter takes effect only when splitExternalAndLocalErrors is set to true. format: int32 type: integer type: object successRate: - description: 'Success Rate based outlier detection - aggregates success rate data from every host in - a cluster. Then at given intervals ejects hosts - based on statistical outlier detection. Success - Rate outlier detection will not be calculated - for a host if its request volume over the aggregation - interval is less than the outlierDetection.detectors.successRate.requestVolume - value. Moreover, detection will not be performed - for a cluster if the number of hosts with the - minimum required request volume in an interval - is less than the outlierDetection.detectors.successRate.minimumHosts - value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors - is false) this detection type takes into account - all types of errors: locally and externally originated. - In split mode (outlierDetection.splitExternalLocalOriginErrors - is true), locally originated errors and externally - originated (transaction) errors are counted and - treated separately.' + description: |- + Success Rate based outlier detection aggregates success rate data from + every host in a cluster. Then at given intervals ejects hosts based on + statistical outlier detection. Success Rate outlier detection will not be + calculated for a host if its request volume over the aggregation interval + is less than the outlierDetection.detectors.successRate.requestVolume + value. + Moreover, detection will not be performed for a cluster if the number of + hosts with the minimum required request volume in an interval is less + than the outlierDetection.detectors.successRate.minimumHosts value. + In the default configuration mode + (outlierDetection.splitExternalLocalOriginErrors is false) this detection + type takes into account all types of errors: locally and externally + originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors is true), + locally originated errors and externally originated (transaction) errors + are counted and treated separately. properties: minimumHosts: - description: The number of hosts in a cluster - that must have enough request volume to detect - success rate outliers. If the number of hosts - is less than this setting, outlier detection - via success rate statistics is not performed + description: |- + The number of hosts in a cluster that must have enough request volume to + detect success rate outliers. If the number of hosts is less than this + setting, outlier detection via success rate statistics is not performed for any host in the cluster. format: int32 type: integer requestVolume: - description: The minimum number of total requests - that must be collected in one interval (as - defined by the interval duration configured - in outlierDetection section) to include this - host in success rate based outlier detection. - If the volume is lower than this setting, - outlier detection via success rate statistics - is not performed for that host. + description: |- + The minimum number of total requests that must be collected in one + interval (as defined by the interval duration configured in + outlierDetection section) to include this host in success rate based + outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. format: int32 type: integer standardDeviationFactor: anyOf: - type: integer - type: string - description: 'This factor is used to determine - the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference - between the mean success rate, and the product - of this factor and the standard deviation - of the mean success rate: mean - (standard_deviation - * success_rate_standard_deviation_factor). - Either int or decimal represented as string.' + description: |- + This factor is used to determine the ejection threshold for success rate + outlier ejection. The ejection threshold is the difference between + the mean success rate, and the product of this factor and the standard + deviation of the mean success rate: mean - (standard_deviation * + success_rate_standard_deviation_factor). + Either int or decimal represented as string. x-kubernetes-int-or-string: true type: object totalFailures: - description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors - is false) this detection type takes into account - all generated errors: locally originated and externally - originated (transaction) errors. In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true) this detection type takes into account - only externally originated (transaction) errors, - ignoring locally originated errors. If an upstream - host is an HTTP-server, only 5xx types of error - are taken into account (see Consecutive Gateway - Failure for exceptions). Properly formatted responses, - even when they carry an operational error (like - index not found, access denied) are not taken - into account.' + description: |- + In the default mode (outlierDetection.splitExternalAndLocalErrors is + false) this detection type takes into account all generated errors: + locally originated and externally originated (transaction) errors. + In split mode (outlierDetection.splitExternalLocalOriginErrors is true) + this detection type takes into account only externally originated + (transaction) errors, ignoring locally originated errors. + If an upstream host is an HTTP-server, only 5xx types of error are taken + into account (see Consecutive Gateway Failure for exceptions). + Properly formatted responses, even when they carry an operational error + (like index not found, access denied) are not taken into account. properties: consecutive: - description: The number of consecutive server-side - error responses (for HTTP traffic, 5xx responses; - for TCP traffic, connection failures; for - Redis, failure to respond PONG; etc.) before - a consecutive total failure ejection occurs. + description: |- + The number of consecutive server-side error responses (for HTTP traffic, + 5xx responses; for TCP traffic, connection failures; for Redis, failure + to respond PONG; etc.) before a consecutive total failure ejection + occurs. format: int32 type: integer type: object @@ -280,28 +273,29 @@ spec: won't take any effect type: boolean interval: - description: The time interval between ejection analysis - sweeps. This can result in both new ejections and - hosts being returned to service. + description: |- + The time interval between ejection analysis sweeps. This can result in + both new ejections and hosts being returned to service. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster that - can be ejected due to outlier detection. Defaults - to 10% but will eject at least one host regardless - of the value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier + detection. Defaults to 10% but will eject at least one host regardless of + the value. format: int32 type: integer splitExternalAndLocalErrors: - description: 'Determines whether to distinguish local - origin failures from external errors. If set to true - the following configuration parameters are taken into - account: detectors.localOriginFailures.consecutive' + description: |- + Determines whether to distinguish local origin failures from external + errors. If set to true the following configuration parameters are taken + into account: detectors.localOriginFailures.consecutive type: boolean type: object type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -318,15 +312,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: @@ -334,9 +340,10 @@ spec: type: object type: array targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined in place. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined in place. properties: kind: description: Kind of the referenced resource @@ -353,244 +360,246 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object to: - description: To list makes a match between the consumed services and - corresponding configurations + description: |- + To list makes a match between the consumed services and corresponding + configurations items: properties: default: - description: Default is a configuration specific to the group - of destinations referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of destinations + referenced in 'targetRef' properties: connectionLimits: - description: ConnectionLimits contains configuration of - each circuit breaking limit, which when exceeded makes - the circuit breaker to become open (no traffic is allowed - like no current is allowed in the circuits when physical + description: |- + ConnectionLimits contains configuration of each circuit breaking limit, + which when exceeded makes the circuit breaker to become open (no traffic + is allowed like no current is allowed in the circuits when physical circuit breaker ir open) properties: maxConnectionPools: - description: The maximum number of connection pools - per cluster that are concurrently supported at once. - Set this for clusters which create a large number - of connection pools. + description: |- + The maximum number of connection pools per cluster that are concurrently + supported at once. Set this for clusters which create a large number of + connection pools. format: int32 type: integer maxConnections: - description: The maximum number of connections allowed - to be made to the upstream cluster. + description: |- + The maximum number of connections allowed to be made to the upstream + cluster. format: int32 type: integer maxPendingRequests: - description: The maximum number of pending requests - that are allowed to the upstream cluster. This limit - is applied as a connection limit for non-HTTP traffic. + description: |- + The maximum number of pending requests that are allowed to the upstream + cluster. This limit is applied as a connection limit for non-HTTP + traffic. format: int32 type: integer maxRequests: - description: The maximum number of parallel requests - that are allowed to be made to the upstream cluster. - This limit does not apply to non-HTTP traffic. + description: |- + The maximum number of parallel requests that are allowed to be made + to the upstream cluster. This limit does not apply to non-HTTP traffic. format: int32 type: integer maxRetries: - description: The maximum number of parallel retries - that will be allowed to the upstream cluster. + description: |- + The maximum number of parallel retries that will be allowed to + the upstream cluster. format: int32 type: integer type: object outlierDetection: - description: OutlierDetection contains the configuration - of the process of dynamically determining whether some - number of hosts in an upstream cluster are performing - unlike the others and removing them from the healthy load - balancing set. Performance might be along different axes - such as consecutive failures, temporal success rate, temporal - latency, etc. Outlier detection is a form of passive health - checking. + description: |- + OutlierDetection contains the configuration of the process of dynamically + determining whether some number of hosts in an upstream cluster are + performing unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes such as + consecutive failures, temporal success rate, temporal latency, etc. + Outlier detection is a form of passive health checking. properties: baseEjectionTime: - description: The base time that a host is ejected for. - The real time is equal to the base time multiplied - by the number of times the host has been ejected. + description: |- + The base time that a host is ejected for. The real time is equal to + the base time multiplied by the number of times the host has been + ejected. type: string detectors: description: Contains configuration for supported outlier detectors properties: failurePercentage: - description: Failure Percentage based outlier detection - functions similarly to success rate detection, - in that it relies on success rate data from each - host in a cluster. However, rather than compare - those values to the mean success rate of the cluster - as a whole, they are compared to a flat user-configured - threshold. This threshold is configured via the + description: |- + Failure Percentage based outlier detection functions similarly to success + rate detection, in that it relies on success rate data from each host in + a cluster. However, rather than compare those values to the mean success + rate of the cluster as a whole, they are compared to a flat + user-configured threshold. This threshold is configured via the outlierDetection.failurePercentageThreshold field. - The other configuration fields for failure percentage - based detection are similar to the fields for - success rate detection. As with success rate detection, - detection will not be performed for a host if - its request volume over the aggregation interval - is less than the outlierDetection.detectors.failurePercentage.requestVolume - value. Detection also will not be performed for - a cluster if the number of hosts with the minimum - required request volume in an interval is less - than the outlierDetection.detectors.failurePercentage.minimumHosts - value. + The other configuration fields for failure percentage based detection are + similar to the fields for success rate detection. As with success rate + detection, detection will not be performed for a host if its request + volume over the aggregation interval is less than the + outlierDetection.detectors.failurePercentage.requestVolume value. + Detection also will not be performed for a cluster if the number of hosts + with the minimum required request volume in an interval is less than the + outlierDetection.detectors.failurePercentage.minimumHosts value. properties: minimumHosts: - description: The minimum number of hosts in - a cluster in order to perform failure percentage-based - ejection. If the total number of hosts in - the cluster is less than this value, failure - percentage-based ejection will not be performed. + description: |- + The minimum number of hosts in a cluster in order to perform failure + percentage-based ejection. If the total number of hosts in the cluster is + less than this value, failure percentage-based ejection will not be + performed. format: int32 type: integer requestVolume: - description: The minimum number of total requests - that must be collected in one interval (as - defined by the interval duration above) to - perform failure percentage-based ejection - for this host. If the volume is lower than - this setting, failure percentage-based ejection - will not be performed for this host. + description: |- + The minimum number of total requests that must be collected in one + interval (as defined by the interval duration above) to perform failure + percentage-based ejection for this host. If the volume is lower than this + setting, failure percentage-based ejection will not be performed for this + host. format: int32 type: integer threshold: - description: The failure percentage to use when - determining failure percentage-based outlier - detection. If the failure percentage of a - given host is greater than or equal to this - value, it will be ejected. + description: |- + The failure percentage to use when determining failure percentage-based + outlier detection. If the failure percentage of a given host is greater + than or equal to this value, it will be ejected. format: int32 type: integer type: object gatewayFailures: - description: In the default mode (outlierDetection.splitExternalLocalOriginErrors - is false) this detection type takes into account - a subset of 5xx errors, called "gateway errors" - (502, 503 or 504 status code) and local origin - failures, such as timeout, TCP reset etc. In split - mode (outlierDetection.splitExternalLocalOriginErrors - is true) this detection type takes into account - a subset of 5xx errors, called "gateway errors" - (502, 503 or 504 status code) and is supported - only by the http router. + description: |- + In the default mode (outlierDetection.splitExternalLocalOriginErrors is + false) this detection type takes into account a subset of 5xx errors, + called "gateway errors" (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. + In split mode (outlierDetection.splitExternalLocalOriginErrors is true) + this detection type takes into account a subset of 5xx errors, called + "gateway errors" (502, 503 or 504 status code) and is supported only by + the http router. properties: consecutive: - description: The number of consecutive gateway - failures (502, 503, 504 status codes) before - a consecutive gateway failure ejection occurs. + description: |- + The number of consecutive gateway failures (502, 503, 504 status codes) + before a consecutive gateway failure ejection occurs. format: int32 type: integer type: object localOriginFailures: - description: 'This detection type is enabled only - when outlierDetection.splitExternalLocalOriginErrors - is true and takes into account only locally originated - errors (timeout, reset, etc). If Envoy repeatedly - cannot connect to an upstream host or communication - with the upstream host is repeatedly interrupted, - it will be ejected. Various locally originated - problems are detected: timeout, TCP reset, ICMP - errors, etc. This detection type is supported - by http router and tcp proxy.' + description: |- + This detection type is enabled only when + outlierDetection.splitExternalLocalOriginErrors is true and takes into + account only locally originated errors (timeout, reset, etc). + If Envoy repeatedly cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, it will be ejected. + Various locally originated problems are detected: timeout, TCP reset, + ICMP errors, etc. This detection type is supported by http router and + tcp proxy. properties: consecutive: - description: The number of consecutive locally - originated failures before ejection occurs. - Parameter takes effect only when splitExternalAndLocalErrors + description: |- + The number of consecutive locally originated failures before ejection + occurs. Parameter takes effect only when splitExternalAndLocalErrors is set to true. format: int32 type: integer type: object successRate: - description: 'Success Rate based outlier detection - aggregates success rate data from every host in - a cluster. Then at given intervals ejects hosts - based on statistical outlier detection. Success - Rate outlier detection will not be calculated - for a host if its request volume over the aggregation - interval is less than the outlierDetection.detectors.successRate.requestVolume - value. Moreover, detection will not be performed - for a cluster if the number of hosts with the - minimum required request volume in an interval - is less than the outlierDetection.detectors.successRate.minimumHosts - value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors - is false) this detection type takes into account - all types of errors: locally and externally originated. - In split mode (outlierDetection.splitExternalLocalOriginErrors - is true), locally originated errors and externally - originated (transaction) errors are counted and - treated separately.' + description: |- + Success Rate based outlier detection aggregates success rate data from + every host in a cluster. Then at given intervals ejects hosts based on + statistical outlier detection. Success Rate outlier detection will not be + calculated for a host if its request volume over the aggregation interval + is less than the outlierDetection.detectors.successRate.requestVolume + value. + Moreover, detection will not be performed for a cluster if the number of + hosts with the minimum required request volume in an interval is less + than the outlierDetection.detectors.successRate.minimumHosts value. + In the default configuration mode + (outlierDetection.splitExternalLocalOriginErrors is false) this detection + type takes into account all types of errors: locally and externally + originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors is true), + locally originated errors and externally originated (transaction) errors + are counted and treated separately. properties: minimumHosts: - description: The number of hosts in a cluster - that must have enough request volume to detect - success rate outliers. If the number of hosts - is less than this setting, outlier detection - via success rate statistics is not performed + description: |- + The number of hosts in a cluster that must have enough request volume to + detect success rate outliers. If the number of hosts is less than this + setting, outlier detection via success rate statistics is not performed for any host in the cluster. format: int32 type: integer requestVolume: - description: The minimum number of total requests - that must be collected in one interval (as - defined by the interval duration configured - in outlierDetection section) to include this - host in success rate based outlier detection. - If the volume is lower than this setting, - outlier detection via success rate statistics - is not performed for that host. + description: |- + The minimum number of total requests that must be collected in one + interval (as defined by the interval duration configured in + outlierDetection section) to include this host in success rate based + outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. format: int32 type: integer standardDeviationFactor: anyOf: - type: integer - type: string - description: 'This factor is used to determine - the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference - between the mean success rate, and the product - of this factor and the standard deviation - of the mean success rate: mean - (standard_deviation - * success_rate_standard_deviation_factor). - Either int or decimal represented as string.' + description: |- + This factor is used to determine the ejection threshold for success rate + outlier ejection. The ejection threshold is the difference between + the mean success rate, and the product of this factor and the standard + deviation of the mean success rate: mean - (standard_deviation * + success_rate_standard_deviation_factor). + Either int or decimal represented as string. x-kubernetes-int-or-string: true type: object totalFailures: - description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors - is false) this detection type takes into account - all generated errors: locally originated and externally - originated (transaction) errors. In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true) this detection type takes into account - only externally originated (transaction) errors, - ignoring locally originated errors. If an upstream - host is an HTTP-server, only 5xx types of error - are taken into account (see Consecutive Gateway - Failure for exceptions). Properly formatted responses, - even when they carry an operational error (like - index not found, access denied) are not taken - into account.' + description: |- + In the default mode (outlierDetection.splitExternalAndLocalErrors is + false) this detection type takes into account all generated errors: + locally originated and externally originated (transaction) errors. + In split mode (outlierDetection.splitExternalLocalOriginErrors is true) + this detection type takes into account only externally originated + (transaction) errors, ignoring locally originated errors. + If an upstream host is an HTTP-server, only 5xx types of error are taken + into account (see Consecutive Gateway Failure for exceptions). + Properly formatted responses, even when they carry an operational error + (like index not found, access denied) are not taken into account. properties: consecutive: - description: The number of consecutive server-side - error responses (for HTTP traffic, 5xx responses; - for TCP traffic, connection failures; for - Redis, failure to respond PONG; etc.) before - a consecutive total failure ejection occurs. + description: |- + The number of consecutive server-side error responses (for HTTP traffic, + 5xx responses; for TCP traffic, connection failures; for Redis, failure + to respond PONG; etc.) before a consecutive total failure ejection + occurs. format: int32 type: integer type: object @@ -600,28 +609,29 @@ spec: won't take any effect type: boolean interval: - description: The time interval between ejection analysis - sweeps. This can result in both new ejections and - hosts being returned to service. + description: |- + The time interval between ejection analysis sweeps. This can result in + both new ejections and hosts being returned to service. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster that - can be ejected due to outlier detection. Defaults - to 10% but will eject at least one host regardless - of the value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier + detection. Defaults to 10% but will eject at least one host regardless of + the value. format: int32 type: integer splitExternalAndLocalErrors: - description: 'Determines whether to distinguish local - origin failures from external errors. If set to true - the following configuration parameters are taken into - account: detectors.localOriginFailures.consecutive' + description: |- + Determines whether to distinguish local origin failures from external + errors. If set to true the following configuration parameters are taken + into account: detectors.localOriginFailures.consecutive type: boolean type: object type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -638,15 +648,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshes.yaml b/charts/kuma/kuma/crds/kuma.io_meshes.yaml index 7e1848086..5b7a9fd65 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshes.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml b/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml index be0a3a7ca..4150c0fdd 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshfaultinjections.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -49,8 +54,9 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of destinations referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of destinations referenced in + 'targetRef' properties: http: description: Http allows to define list of Http faults between @@ -60,10 +66,10 @@ spec: of faults between dataplanes. properties: abort: - description: Abort defines a configuration of not - delivering requests to destination service and replacing - the responses from destination dataplane by predefined - status code + description: |- + Abort defines a configuration of not delivering requests to destination + service and replacing the responses from destination dataplane by + predefined status code properties: httpStatus: description: HTTP status code which will be returned @@ -74,9 +80,9 @@ spec: anyOf: - type: integer - type: string - description: Percentage of requests on which abort - will be injected, has to be either int or decimal - represented as string. + description: |- + Percentage of requests on which abort will be injected, has to be + either int or decimal represented as string. x-kubernetes-int-or-string: true required: - httpStatus @@ -90,9 +96,9 @@ spec: anyOf: - type: integer - type: string - description: Percentage of requests on which delay - will be injected, has to be either int or decimal - represented as string. + description: |- + Percentage of requests on which delay will be injected, has to be + either int or decimal represented as string. x-kubernetes-int-or-string: true value: description: The duration during which the response @@ -103,20 +109,22 @@ spec: - value type: object responseBandwidth: - description: ResponseBandwidth defines a configuration - to limit the speed of responding to the requests + description: |- + ResponseBandwidth defines a configuration to limit the speed of + responding to the requests properties: limit: - description: Limit is represented by value measure - in gbps, mbps, kbps or bps, e.g. 10kbps + description: |- + Limit is represented by value measure in Gbps, Mbps, kbps, e.g. + 10kbps type: string percentage: anyOf: - type: integer - type: string - description: Percentage of requests on which response - bandwidth limit will be either int or decimal - represented as string. + description: |- + Percentage of requests on which response bandwidth limit will be + either int or decimal represented as string. x-kubernetes-int-or-string: true required: - limit @@ -126,8 +134,9 @@ spec: type: array type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -144,15 +153,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: @@ -160,9 +181,10 @@ spec: type: object type: array targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -179,16 +201,161 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object + to: + description: To list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: |- + Default is a configuration specific to the group of destinations referenced in + 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: |- + Abort defines a configuration of not delivering requests to destination + service and replacing the responses from destination dataplane by + predefined status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: |- + Percentage of requests on which abort will be injected, has to be + either int or decimal represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: |- + Percentage of requests on which delay will be injected, has to be + either int or decimal represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: |- + ResponseBandwidth defines a configuration to limit the speed of + responding to the requests + properties: + limit: + description: |- + Limit is represented by value measure in Gbps, Mbps, kbps, e.g. + 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: |- + Percentage of requests on which response bandwidth limit will be + either int or decimal represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array + tags: + additionalProperties: + type: string + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array required: - targetRef type: object diff --git a/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml b/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml index b0056e5ad..afa0c4789 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshgatewayinstances.kuma.io spec: group: kuma.io @@ -19,18 +19,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: MeshGatewayInstance represents a managed instance of a dataplane - proxy for a Kuma Gateway. + description: |- + MeshGatewayInstance represents a managed instance of a dataplane proxy for a Kuma + Gateway. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -86,29 +92,37 @@ spec: type: object replicas: default: 1 - description: Replicas is the number of dataplane proxy replicas to - create. For now this is a fixed number, but in the future it could - be automatically scaled based on metrics. + description: |- + Replicas is the number of dataplane proxy replicas to create. For + now this is a fixed number, but in the future it could be + automatically scaled based on metrics. format: int32 minimum: 1 type: integer resources: - description: Resources specifies the compute resources for the proxy - container. The default can be set in the control plane config. + description: |- + Resources specifies the compute resources for the proxy container. + The default can be set in the control plane config. properties: claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -124,8 +138,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -134,11 +149,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object serviceTemplate: @@ -170,11 +185,12 @@ spec: type: object serviceType: default: LoadBalancer - description: ServiceType specifies the type of managed Service that - will be created to expose the dataplane proxies to traffic from - outside the cluster. The ports to expose will be taken from the - matching Gateway resource. If there is no matching Gateway, the - managed Service will be deleted. + description: |- + ServiceType specifies the type of managed Service that will be + created to expose the dataplane proxies to traffic from outside + the cluster. The ports to expose will be taken from the matching Gateway + resource. If there is no matching Gateway, the managed Service will + be deleted. enum: - LoadBalancer - ClusterIP @@ -183,55 +199,58 @@ spec: tags: additionalProperties: type: string - description: Tags specifies the Kuma tags that are propagated to the - managed dataplane proxies. These tags should include exactly one - `kuma.io/service` tag, and should match exactly one Gateway resource. + description: |- + Tags specifies the Kuma tags that are propagated to the managed + dataplane proxies. These tags should include exactly one + `kuma.io/service` tag, and should match exactly one Gateway + resource. type: object type: object status: - description: MeshGatewayInstanceStatus holds information about the status - of the gateway instance. + description: |- + MeshGatewayInstanceStatus holds information about the status of the gateway + instance. properties: conditions: description: Conditions is an array of gateway instance conditions. items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -245,11 +264,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -265,41 +285,54 @@ spec: - type x-kubernetes-list-type: map loadBalancer: - description: LoadBalancer contains the current status of the load-balancer, + description: |- + LoadBalancer contains the current status of the load-balancer, if one is present. properties: ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' + description: |- + LoadBalancerIngress represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. properties: hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) + description: |- + Hostname is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) type: string ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + ipMode: + description: |- + IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. + Setting this to "VIP" indicates that traffic is delivered to the node with + the destination set to the load-balancer's IP and port. + Setting this to "Proxy" indicates that traffic is delivered to the node or pod with + the destination set to the node's IP and node port or the pod's IP and port. + Service implementations may use this information to adjust traffic routing. type: string ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it + description: |- + Ports is a list of records of service ports + If used, every port defined in the service should have an entry in it items: properties: error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific error - values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + description: |- + Error is to record the problem with the service port + The format of the error shall comply with the following rules: + - built-in error values shall be specified in this file and those shall use + CamelCase names + - cloud provider specific error values must have names that comply with the + format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -310,9 +343,9 @@ spec: type: integer protocol: default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' + description: |- + Protocol is the protocol of the service port of which status is recorded here + The supported values are: "TCP", "UDP", "SCTP" type: string required: - port diff --git a/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml index 81ffb9b48..15156ae47 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshgatewayroutes.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml b/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml index 76eba91ac..5ec1b4267 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshgateways.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml b/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml index f97352a7d..20a819786 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshhealthchecks.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -43,9 +48,10 @@ spec: description: Spec is the specification of the Kuma MeshHealthCheck resource. properties: targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -62,14 +68,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object to: @@ -78,36 +97,37 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of destinations referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of destinations referenced in + 'targetRef' properties: alwaysLogHealthCheckFailures: - description: If set to true, health check failure events - will always be logged. If set to false, only the initial - health check failure event will be logged. The default - value is false. + description: |- + If set to true, health check failure events will always be logged. If set + to false, only the initial health check failure event will be logged. The + default value is false. type: boolean eventLogPath: - description: Specifies the path to the file where Envoy - can log health check events. If empty, no event log will - be written. + description: |- + Specifies the path to the file where Envoy can log health check events. + If empty, no event log will be written. type: string failTrafficOnPanic: - description: If set to true, Envoy will not consider any - hosts when the cluster is in 'panic mode'. Instead, the - cluster will fail all requests as if all hosts are unhealthy. - This can help avoid potentially overwhelming a failing + description: |- + If set to true, Envoy will not consider any hosts when the cluster is in + 'panic mode'. Instead, the cluster will fail all requests as if all hosts + are unhealthy. This can help avoid potentially overwhelming a failing service. type: boolean grpc: - description: GrpcHealthCheck defines gRPC configuration - which will instruct the service the health check will - be made for is a gRPC service. + description: |- + GrpcHealthCheck defines gRPC configuration which will instruct the service + the health check will be made for is a gRPC service. properties: authority: - description: The value of the :authority header in the - gRPC health check request, by default name of the - cluster this health check is associated with + description: |- + The value of the :authority header in the gRPC health check request, + by default name of the cluster this health check is associated with type: string disabled: description: If true the GrpcHealthCheck is disabled @@ -121,10 +141,10 @@ spec: anyOf: - type: integer - type: string - description: Allows to configure panic threshold for Envoy - cluster. If not specified, the default is 50%. To disable - panic mode, set to 0%. Either int or decimal represented - as string. + description: |- + Allows to configure panic threshold for Envoy cluster. If not specified, + the default is 50%. To disable panic mode, set to 0%. + Either int or decimal represented as string. x-kubernetes-int-or-string: true healthyThreshold: default: 1 @@ -133,9 +153,9 @@ spec: format: int32 type: integer http: - description: HttpHealthCheck defines HTTP configuration - which will instruct the service the health check will - be made for is an HTTP service. + description: |- + HttpHealthCheck defines HTTP configuration which will instruct the service + the health check will be made for is an HTTP service. properties: disabled: description: If true the HttpHealthCheck is disabled @@ -149,12 +169,14 @@ spec: type: array path: default: / - description: The HTTP path which will be requested during - the health check (ie. /health) + description: |- + The HTTP path which will be requested during the health check + (ie. /health) type: string requestHeadersToAdd: - description: The list of HTTP headers which should be - added to each health check request + description: |- + The list of HTTP headers which should be added to each health check + request properties: add: items: @@ -197,59 +219,57 @@ spec: type: object type: object initialJitter: - description: If specified, Envoy will start health checking - after a random time in ms between 0 and initialJitter. - This only applies to the first health check. + description: |- + If specified, Envoy will start health checking after a random time in + ms between 0 and initialJitter. This only applies to the first health + check. type: string interval: default: 1m description: Interval between consecutive health checks. type: string intervalJitter: - description: If specified, during every interval Envoy will - add IntervalJitter to the wait time. + description: |- + If specified, during every interval Envoy will add IntervalJitter to the + wait time. type: string intervalJitterPercent: - description: If specified, during every interval Envoy will - add IntervalJitter * IntervalJitterPercent / 100 to the - wait time. If IntervalJitter and IntervalJitterPercent - are both set, both of them will be used to increase the - wait time. + description: |- + If specified, during every interval Envoy will add IntervalJitter * + IntervalJitterPercent / 100 to the wait time. If IntervalJitter and + IntervalJitterPercent are both set, both of them will be used to + increase the wait time. format: int32 type: integer noTrafficInterval: - description: The "no traffic interval" is a special health - check interval that is used when a cluster has never had - traffic routed to it. This lower interval allows cluster - information to be kept up to date, without sending a potentially - large amount of active health checking traffic for no - reason. Once a cluster has been used for traffic routing, - Envoy will shift back to using the standard health check - interval that is defined. Note that this interval takes - precedence over any other. The default value for "no traffic - interval" is 60 seconds. + description: |- + The "no traffic interval" is a special health check interval that is used + when a cluster has never had traffic routed to it. This lower interval + allows cluster information to be kept up to date, without sending a + potentially large amount of active health checking traffic for no reason. + Once a cluster has been used for traffic routing, Envoy will shift back + to using the standard health check interval that is defined. Note that + this interval takes precedence over any other. The default value for "no + traffic interval" is 60 seconds. type: string reuseConnection: description: Reuse health check connection between health checks. Default is true. type: boolean tcp: - description: TcpHealthCheck defines configuration for specifying - bytes to send and expected response during the health - check + description: |- + TcpHealthCheck defines configuration for specifying bytes to send and + expected response during the health check properties: disabled: description: If true the TcpHealthCheck is disabled type: boolean receive: - description: List of Base64 encoded blocks of strings - expected as a response. When checking the response, - "fuzzy" matching is performed such that each block - must be found, and in the order specified, but not - necessarily contiguous. If not provided or empty, - checks will be performed as "connect only" and be - marked as successful when TCP connection is successfully - established. + description: |- + List of Base64 encoded blocks of strings expected as a response. When checking the response, + "fuzzy" matching is performed such that each block must be found, and + in the order specified, but not necessarily contiguous. + If not provided or empty, checks will be performed as "connect only" and be marked as successful when TCP connection is successfully established. items: type: string type: array @@ -264,14 +284,16 @@ spec: type: string unhealthyThreshold: default: 5 - description: Number of consecutive unhealthy checks before - considering a host unhealthy. + description: |- + Number of consecutive unhealthy checks before considering a host + unhealthy. format: int32 type: integer type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -288,15 +310,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml index 23e575e7e..fdb83f834 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshhttproutes.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -43,9 +48,10 @@ spec: description: Spec is the specification of the Kuma MeshHTTPRoute resource. properties: targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -62,14 +68,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object to: @@ -77,14 +96,25 @@ spec: configuration. items: properties: + hostnames: + description: |- + Hostnames is only valid when targeting MeshGateway and limits the + effects of the rules to requests to this hostname. + Given hostnames must intersect with the hostname of the listeners the + route attaches to. + items: + type: string + type: array rules: - description: Rules contains the routing rules applies to a combination - of top-level targetRef and the targetRef in this entry. + description: |- + Rules contains the routing rules applies to a combination of top-level + targetRef and the targetRef in this entry. items: properties: default: - description: Default holds routing rules that can be merged - with rules from other policies. + description: |- + Default holds routing rules that can be merged with rules from other + policies. properties: backendRefs: items: @@ -106,15 +136,26 @@ spec: to identify cross mesh resources. type: string name: - description: 'Name of the referenced resource. - Can only be used with kinds: `MeshService`, - `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of - proxies by tags. Can only be used with kinds + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object weight: @@ -127,11 +168,10 @@ spec: items: properties: requestHeaderModifier: - description: Only one action is supported per - header name. Configuration to set or add multiple - values for a header must use RFC 7230 header - value formatting, separating each value with - a comma. + description: |- + Only one action is supported per header name. + Configuration to set or add multiple values for a header must use RFC 7230 + header value formatting, separating each value with a comma. properties: add: items: @@ -200,26 +240,36 @@ spec: use to identify cross mesh resources. type: string name: - description: 'Name of the referenced - resource. Can only be used with kinds: - `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset - of proxies by tags. Can only be used - with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object percentage: anyOf: - type: integer - type: string - description: Percentage of requests to mirror. - If not specified, all requests to the - target cluster will be mirrored. + description: |- + Percentage of requests to mirror. If not specified, all requests + to the target cluster will be mirrored. x-kubernetes-int-or-string: true required: - backendRef @@ -227,26 +277,24 @@ spec: requestRedirect: properties: hostname: - description: "PreciseHostname is the fully - qualified domain name of a network host. - This matches the RFC 1123 definition of - a hostname with 1 notable exception that + description: |- + PreciseHostname is the fully qualified domain name of a network host. This + matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. - \n Note that as per RFC1035 and RFC1123, - a *label* must consist of lower case alphanumeric - characters or '-', and must start and - end with an alphanumeric character. No - other punctuation is allowed." + + + Note that as per RFC1035 and RFC1123, a *label* must consist of lower case + alphanumeric characters or '-', and must start and end with an alphanumeric + character. No other punctuation is allowed. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string path: - description: Path defines parameters used - to modify the path of the incoming request. - The modified path is then used to construct - the location header. When empty, the request - path is used as-is. + description: |- + Path defines parameters used to modify the path of the incoming request. + The modified path is then used to construct the location header. + When empty, the request path is used as-is. properties: replaceFullPath: type: string @@ -261,10 +309,10 @@ spec: - type type: object port: - description: Port is the port to be used - in the value of the `Location` header - in the response. When empty, port (if - specified) of the request is used. + description: |- + Port is the port to be used in the value of the `Location` + header in the response. + When empty, port (if specified) of the request is used. format: int32 maximum: 65535 minimum: 1 @@ -287,11 +335,10 @@ spec: type: integer type: object responseHeaderModifier: - description: Only one action is supported per - header name. Configuration to set or add multiple - values for a header must use RFC 7230 header - value formatting, separating each value with - a comma. + description: |- + Only one action is supported per header name. + Configuration to set or add multiple values for a header must use RFC 7230 + header value formatting, separating each value with a comma. properties: add: items: @@ -347,6 +394,11 @@ spec: type: string urlRewrite: properties: + hostToBackendHostname: + description: |- + HostToBackendHostname rewrites the hostname to the hostname of the + upstream host. This option is only available when targeting MeshGateways. + type: boolean hostname: description: Hostname is the value to be used to replace the host header value @@ -377,20 +429,21 @@ spec: type: array type: object matches: - description: Matches describes how to match HTTP requests - this rule should be applied to. + description: |- + Matches describes how to match HTTP requests this rule should be applied + to. items: properties: headers: items: - description: HeaderMatch describes how to select - an HTTP route by matching HTTP request headers. + description: |- + HeaderMatch describes how to select an HTTP route by matching HTTP request + headers. properties: name: - description: Name is the name of the HTTP - Header to be matched. Name MUST be lower - case as they will be handled with case insensitivity - (See https://tools.ietf.org/html/rfc7230#section-3.2). + description: |- + Name is the name of the HTTP Header to be matched. Name MUST be lower case + as they will be handled with case insensitivity (See https://tools.ietf.org/html/rfc7230#section-3.2). maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ @@ -435,9 +488,9 @@ spec: - RegularExpression type: string value: - description: Exact or prefix matches must be - an absolute path. A prefix matches only if - separated by a slash or the entire path. + description: |- + Exact or prefix matches must be an absolute path. A prefix matches only + if separated by a slash or the entire path. minLength: 1 type: string required: @@ -445,9 +498,9 @@ spec: - value type: object queryParams: - description: QueryParams matches based on HTTP URL - query parameters. Multiple matches are ANDed together - such that all listed matches must succeed. + description: |- + QueryParams matches based on HTTP URL query parameters. Multiple matches + are ANDed together such that all listed matches must succeed. items: properties: name: @@ -475,8 +528,9 @@ spec: type: object type: array targetRef: - description: TargetRef is a reference to the resource that represents - a group of request destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + request destinations. properties: kind: description: Kind of the referenced resource @@ -493,15 +547,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object type: object diff --git a/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml b/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml index f9c307168..c72f08ed9 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshinsights.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml b/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml index 83d193e81..023ce1768 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshloadbalancingstrategies.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -44,9 +49,10 @@ spec: resource. properties: targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -63,14 +69,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object to: @@ -79,42 +98,51 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of destinations referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of destinations referenced in + 'targetRef' properties: loadBalancer: description: LoadBalancer allows to specify load balancing algorithm. properties: leastRequest: - description: LeastRequest selects N random available - hosts as specified in 'choiceCount' (2 by default) + description: |- + LeastRequest selects N random available hosts as specified in 'choiceCount' (2 by default) and picks the host which has the fewest active requests properties: + activeRequestBias: + anyOf: + - type: integer + - type: string + description: |- + ActiveRequestBias refers to dynamic weights applied when hosts have varying load + balancing weights. A higher value here aggressively reduces the weight of endpoints + that are currently handling active requests. In essence, the higher the ActiveRequestBias + value, the more forcefully it reduces the load balancing weight of endpoints that are + actively serving requests. + x-kubernetes-int-or-string: true choiceCount: - description: ChoiceCount is the number of random - healthy hosts from which the host with the fewest - active requests will be chosen. Defaults to 2 - so that Envoy performs two-choice selection if - the field is not set. + description: |- + ChoiceCount is the number of random healthy hosts from which the host with + the fewest active requests will be chosen. Defaults to 2 so that Envoy performs + two-choice selection if the field is not set. format: int32 minimum: 2 type: integer type: object maglev: - description: Maglev implements consistent hashing to - upstream hosts. Maglev can be used as a drop in replacement - for the ring hash load balancer any place in which + description: |- + Maglev implements consistent hashing to upstream hosts. Maglev can be used as + a drop in replacement for the ring hash load balancer any place in which consistent hashing is desired. properties: hashPolicies: - description: HashPolicies specify a list of request/connection - properties that are used to calculate a hash. - These hash policies are executed in the specified - order. If a hash policy has the “terminal” attribute - set to true, and there is already a hash generated, - the hash is returned immediately, ignoring the - rest of the hash policy list. + description: |- + HashPolicies specify a list of request/connection properties that are used to calculate a hash. + These hash policies are executed in the specified order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, the hash is returned immediately, + ignoring the rest of the hash policy list. items: properties: connection: @@ -145,12 +173,10 @@ spec: filterState: properties: key: - description: The name of the Object in - the per-request filterState, which is - an Envoy::Hashable object. If there - is no data associated with the key, - or the stored object is not Envoy::Hashable, - no hash will be produced. + description: |- + The name of the Object in the per-request filterState, which is + an Envoy::Hashable object. If there is no data associated with the key, + or the stored object is not Envoy::Hashable, no hash will be produced. minLength: 1 type: string required: @@ -170,25 +196,21 @@ spec: queryParameter: properties: name: - description: The name of the URL query - parameter that will be used to obtain - the hash key. If the parameter is not - present, no hash will be produced. Query - parameter names are case-sensitive. + description: |- + The name of the URL query parameter that will be used to obtain the hash key. + If the parameter is not present, no hash will be produced. Query parameter names + are case-sensitive. minLength: 1 type: string required: - name type: object terminal: - description: 'Terminal is a flag that short-circuits - the hash computing. This field provides - a ‘fallback’ style of configuration: “if - a terminal policy doesn’t work, fallback - to rest of the policy list”, it saves time - when the terminal policy works. If true, - and there is already a hash computed, ignore - rest of the list of hash polices.' + description: |- + Terminal is a flag that short-circuits the hash computing. This field provides + a ‘fallback’ style of configuration: “if a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time when the terminal policy works. + If true, and there is already a hash computed, ignore rest of the list of hash polices. type: boolean type: enum: @@ -203,51 +225,45 @@ spec: type: object type: array tableSize: - description: The table size for Maglev hashing. - Maglev aims for “minimal disruption” rather than - an absolute guarantee. Minimal disruption means - that when the set of upstream hosts change, a - connection will likely be sent to the same upstream - as it was before. Increasing the table size reduces - the amount of disruption. The table size must - be prime number limited to 5000011. If it is not - specified, the default is 65537. + description: |- + The table size for Maglev hashing. Maglev aims for “minimal disruption” + rather than an absolute guarantee. Minimal disruption means that when + the set of upstream hosts change, a connection will likely be sent + to the same upstream as it was before. Increasing the table size reduces + the amount of disruption. The table size must be prime number limited to 5000011. + If it is not specified, the default is 65537. format: int32 maximum: 5000011 minimum: 1 type: integer type: object random: - description: Random selects a random available host. - The random load balancer generally performs better - than round-robin if no health checking policy is configured. - Random selection avoids bias towards the host in the - set that comes after a failed host. + description: |- + Random selects a random available host. The random load balancer generally + performs better than round-robin if no health checking policy is configured. + Random selection avoids bias towards the host in the set that comes after a failed host. type: object ringHash: - description: RingHash implements consistent hashing - to upstream hosts. Each host is mapped onto a circle - (the “ring”) by hashing its address; each request - is then routed to a host by hashing some property - of the request, and finding the nearest corresponding - host clockwise around the ring. + description: |- + RingHash implements consistent hashing to upstream hosts. Each host is mapped + onto a circle (the “ring”) by hashing its address; each request is then routed + to a host by hashing some property of the request, and finding the nearest + corresponding host clockwise around the ring. properties: hashFunction: - description: HashFunction is a function used to - hash hosts onto the ketama ring. The value defaults - to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2. + description: |- + HashFunction is a function used to hash hosts onto the ketama ring. + The value defaults to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2. enum: - XXHash - MurmurHash2 type: string hashPolicies: - description: HashPolicies specify a list of request/connection - properties that are used to calculate a hash. - These hash policies are executed in the specified - order. If a hash policy has the “terminal” attribute - set to true, and there is already a hash generated, - the hash is returned immediately, ignoring the - rest of the hash policy list. + description: |- + HashPolicies specify a list of request/connection properties that are used to calculate a hash. + These hash policies are executed in the specified order. If a hash policy has the “terminal” attribute + set to true, and there is already a hash generated, the hash is returned immediately, + ignoring the rest of the hash policy list. items: properties: connection: @@ -278,12 +294,10 @@ spec: filterState: properties: key: - description: The name of the Object in - the per-request filterState, which is - an Envoy::Hashable object. If there - is no data associated with the key, - or the stored object is not Envoy::Hashable, - no hash will be produced. + description: |- + The name of the Object in the per-request filterState, which is + an Envoy::Hashable object. If there is no data associated with the key, + or the stored object is not Envoy::Hashable, no hash will be produced. minLength: 1 type: string required: @@ -303,25 +317,21 @@ spec: queryParameter: properties: name: - description: The name of the URL query - parameter that will be used to obtain - the hash key. If the parameter is not - present, no hash will be produced. Query - parameter names are case-sensitive. + description: |- + The name of the URL query parameter that will be used to obtain the hash key. + If the parameter is not present, no hash will be produced. Query parameter names + are case-sensitive. minLength: 1 type: string required: - name type: object terminal: - description: 'Terminal is a flag that short-circuits - the hash computing. This field provides - a ‘fallback’ style of configuration: “if - a terminal policy doesn’t work, fallback - to rest of the policy list”, it saves time - when the terminal policy works. If true, - and there is already a hash computed, ignore - rest of the list of hash polices.' + description: |- + Terminal is a flag that short-circuits the hash computing. This field provides + a ‘fallback’ style of configuration: “if a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves time when the terminal policy works. + If true, and there is already a hash computed, ignore rest of the list of hash polices. type: boolean type: enum: @@ -336,28 +346,27 @@ spec: type: object type: array maxRingSize: - description: Maximum hash ring size. Defaults to - 8M entries, and limited to 8M entries, but can - be lowered to further constrain resource use. + description: |- + Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, + but can be lowered to further constrain resource use. format: int32 maximum: 8000000 minimum: 1 type: integer minRingSize: - description: Minimum hash ring size. The larger - the ring is (that is, the more hashes there are - for each provided host) the better the request - distribution will reflect the desired weights. - Defaults to 1024 entries, and limited to 8M entries. + description: |- + Minimum hash ring size. The larger the ring is (that is, + the more hashes there are for each provided host) the better the request distribution + will reflect the desired weights. Defaults to 1024 entries, and limited to 8M entries. format: int32 maximum: 8000000 minimum: 1 type: integer type: object roundRobin: - description: RoundRobin is a load balancing algorithm - that distributes requests across available upstream - hosts in round-robin order. + description: |- + RoundRobin is a load balancing algorithm that distributes requests + across available upstream hosts in round-robin order. type: object type: enum: @@ -375,8 +384,8 @@ spec: locality aware load balancing. properties: crossZone: - description: CrossZone defines locality aware load balancing - priorities when dataplane proxies inside local zone + description: |- + CrossZone defines locality aware load balancing priorities when dataplane proxies inside local zone are unavailable properties: failover: @@ -420,14 +429,12 @@ spec: type: object type: array failoverThreshold: - description: 'FailoverThreshold defines the percentage - of live destination dataplane proxies below which - load balancing to the next priority starts. Example: - If you configure failoverThreshold to 70, and - you have deployed 10 destination dataplane proxies. - Load balancing to next priority will start when - number of live destination dataplane proxies drops - below 7. Default 50' + description: |- + FailoverThreshold defines the percentage of live destination dataplane proxies below which load balancing to the + next priority starts. + Example: If you configure failoverThreshold to 70, and you have deployed 10 destination dataplane proxies. + Load balancing to next priority will start when number of live destination dataplane proxies drops below 7. + Default 50 properties: percentage: anyOf: @@ -439,9 +446,9 @@ spec: type: object type: object disabled: - description: Disabled allows to disable locality-aware - load balancing. When disabled requests are distributed - across all endpoints regardless of locality. + description: |- + Disabled allows to disable locality-aware load balancing. + When disabled requests are distributed across all endpoints regardless of locality. type: boolean localZone: description: LocalZone defines locality aware load balancing @@ -457,22 +464,13 @@ spec: is configured type: string weight: - description: 'Weight of the tag used for load - balancing. The bigger the weight the bigger - the priority. Percentage of local traffic - load balanced to tag is computed by dividing - weight by sum of weights from all tags. - For example with two affinity tags first - with weight 80 and second with weight 20, - then 80% of traffic will be redirected to - the first tag, and 20% of traffic will be - redirected to second one. Setting weights - is not mandatory. When weights are not set - control plane will compute default weight - based on list order. Default: If you do - not specify weight we will adjust them so - that 90% traffic goes to first tag, 9% to - next, and 1% to third and so on.' + description: |- + Weight of the tag used for load balancing. The bigger the weight the bigger the priority. + Percentage of local traffic load balanced to tag is computed by dividing weight by sum of weights from all tags. + For example with two affinity tags first with weight 80 and second with weight 20, + then 80% of traffic will be redirected to the first tag, and 20% of traffic will be redirected to second one. + Setting weights is not mandatory. When weights are not set control plane will compute default weight based on list order. + Default: If you do not specify weight we will adjust them so that 90% traffic goes to first tag, 9% to next, and 1% to third and so on. format: int32 type: integer required: @@ -483,8 +481,9 @@ spec: type: object type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -501,15 +500,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshmetrics.yaml b/charts/kuma/kuma/crds/kuma.io_meshmetrics.yaml new file mode 100644 index 000000000..fe9eac6be --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshmetrics.yaml @@ -0,0 +1,205 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: meshmetrics.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshMetric + listKind: MeshMetricList + plural: meshmetrics + singular: meshmetric + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetRef.kind + name: TargetRef Kind + type: string + - jsonPath: .spec.targetRef.name + name: TargetRef Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshMetric resource. + properties: + default: + description: MeshMetric configuration. + properties: + applications: + description: Applications is a list of application that Dataplane + Proxy will scrape + items: + properties: + address: + description: Address on which an application listens. + type: string + name: + description: Name of the application to scrape + type: string + path: + default: /metrics/prometheus + description: Path on which an application expose HTTP endpoint + with metrics. + type: string + port: + description: Port on which an application expose HTTP endpoint + with metrics. + format: int32 + type: integer + required: + - port + type: object + type: array + backends: + description: Backends list that will be used to collect metrics. + items: + properties: + openTelemetry: + description: OpenTelemetry backend configuration + properties: + endpoint: + description: Endpoint for OpenTelemetry collector + type: string + required: + - endpoint + type: object + prometheus: + description: Prometheus backend configuration. + properties: + clientId: + description: ClientId of the Prometheus backend. Needed + when using MADS for DP discovery. + type: string + path: + default: /metrics + description: Path on which a dataplane should expose + HTTP endpoint with Prometheus metrics. + type: string + port: + default: 5670 + description: Port on which a dataplane should expose + HTTP endpoint with Prometheus metrics. + format: int32 + type: integer + tls: + description: Configuration of TLS for prometheus listener. + properties: + mode: + default: Disabled + description: Configuration of TLS for Prometheus + listener. + enum: + - Disabled + - ProvidedTLS + - ActiveMTLSBackend + type: string + required: + - mode + type: object + required: + - path + - port + type: object + type: + description: Type of the backend that will be used to collect + metrics. At the moment only Prometheus backend is available. + enum: + - Prometheus + - OpenTelemetry + type: string + required: + - type + type: object + type: array + sidecar: + description: Sidecar metrics collection configuration + properties: + includeUnused: + default: false + description: |- + IncludeUnused if false will scrape only metrics that has been by sidecar (counters incremented + at least once, gauges changed at least once, and histograms added to at + least once). If true will scrape all metrics (even the ones with zeros). + type: boolean + regex: + description: Regex that will be used to filter sidecar metrics. + It uses Google RE2 engine https://github.com/google/re2 + type: string + type: object + type: object + targetRef: + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array + tags: + additionalProperties: + type: string + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml b/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml index 42b4cd47c..5d86a0bd6 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshproxypatches.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -43,7 +48,8 @@ spec: description: Spec is the specification of the Kuma MeshProxyPatch resource. properties: default: - description: Default is a configuration specific to the group of destinations + description: |- + Default is a configuration specific to the group of destinations referenced in 'targetRef'. properties: appendModifications: @@ -56,8 +62,9 @@ spec: resource. properties: jsonPatches: - description: JsonPatches specifies list of jsonpatches - to apply to on Envoy's Cluster resource + description: |- + JsonPatches specifies list of jsonpatches to apply to on Envoy's Cluster + resource items: description: JsonPatchBlock is one json patch operation block. @@ -95,22 +102,23 @@ spec: description: Name of the cluster to match. type: string origin: - description: "Origin is the name of the component - or plugin that generated the resource. \n Here - is the list of well-known origins: inbound - resources - generated for handling incoming traffic. outbound - - resources generated for handling outgoing traffic. - transparent - resources generated for transparent - proxy functionality. prometheus - resources generated - when Prometheus metrics are enabled. direct-access - - resources generated for Direct Access functionality. + description: |- + Origin is the name of the component or plugin that generated the resource. + + + Here is the list of well-known origins: + inbound - resources generated for handling incoming traffic. + outbound - resources generated for handling outgoing traffic. + transparent - resources generated for transparent proxy functionality. + prometheus - resources generated when Prometheus metrics are enabled. + direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. - \n The list is not complete, because policy plugins - can introduce new resources. For example MeshTrace - plugin can create Cluster with \"mesh-trace\" - origin." + + + The list is not complete, because policy plugins can introduce new resources. + For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string type: object operation: @@ -128,14 +136,14 @@ spec: - operation type: object httpFilter: - description: HTTPFilter is a modification of Envoy HTTP - Filter available in HTTP Connection Manager in a Listener - resource. + description: |- + HTTPFilter is a modification of Envoy HTTP Filter + available in HTTP Connection Manager in a Listener resource. properties: jsonPatches: - description: JsonPatches specifies list of jsonpatches - to apply to on Envoy's HTTP Filter available in HTTP - Connection Manager in a Listener resource. + description: |- + JsonPatches specifies list of jsonpatches to apply to on Envoy's + HTTP Filter available in HTTP Connection Manager in a Listener resource. items: description: JsonPatchBlock is one json patch operation block. @@ -182,22 +190,23 @@ spec: "envoy.filters.http.local_ratelimit" type: string origin: - description: "Origin is the name of the component - or plugin that generated the resource. \n Here - is the list of well-known origins: inbound - resources - generated for handling incoming traffic. outbound - - resources generated for handling outgoing traffic. - transparent - resources generated for transparent - proxy functionality. prometheus - resources generated - when Prometheus metrics are enabled. direct-access - - resources generated for Direct Access functionality. + description: |- + Origin is the name of the component or plugin that generated the resource. + + + Here is the list of well-known origins: + inbound - resources generated for handling incoming traffic. + outbound - resources generated for handling outgoing traffic. + transparent - resources generated for transparent proxy functionality. + prometheus - resources generated when Prometheus metrics are enabled. + direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. - \n The list is not complete, because policy plugins - can introduce new resources. For example MeshTrace - plugin can create Cluster with \"mesh-trace\" - origin." + + + The list is not complete, because policy plugins can introduce new resources. + For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string type: object operation: @@ -222,8 +231,9 @@ spec: resource. properties: jsonPatches: - description: JsonPatches specifies list of jsonpatches - to apply to on Envoy's Listener resource + description: |- + JsonPatches specifies list of jsonpatches to apply to on Envoy's Listener + resource items: description: JsonPatchBlock is one json patch operation block. @@ -261,22 +271,23 @@ spec: description: Name of the listener to match. type: string origin: - description: "Origin is the name of the component - or plugin that generated the resource. \n Here - is the list of well-known origins: inbound - resources - generated for handling incoming traffic. outbound - - resources generated for handling outgoing traffic. - transparent - resources generated for transparent - proxy functionality. prometheus - resources generated - when Prometheus metrics are enabled. direct-access - - resources generated for Direct Access functionality. + description: |- + Origin is the name of the component or plugin that generated the resource. + + + Here is the list of well-known origins: + inbound - resources generated for handling incoming traffic. + outbound - resources generated for handling outgoing traffic. + transparent - resources generated for transparent proxy functionality. + prometheus - resources generated when Prometheus metrics are enabled. + direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. - \n The list is not complete, because policy plugins - can introduce new resources. For example MeshTrace - plugin can create Cluster with \"mesh-trace\" - origin." + + + The list is not complete, because policy plugins can introduce new resources. + For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string tags: additionalProperties: @@ -303,8 +314,9 @@ spec: filter. properties: jsonPatches: - description: JsonPatches specifies list of jsonpatches - to apply to on Envoy Listener's filter. + description: |- + JsonPatches specifies list of jsonpatches to apply to on Envoy Listener's + filter. items: description: JsonPatchBlock is one json patch operation block. @@ -351,22 +363,23 @@ spec: "envoy.filters.network.ratelimit" type: string origin: - description: "Origin is the name of the component - or plugin that generated the resource. \n Here - is the list of well-known origins: inbound - resources - generated for handling incoming traffic. outbound - - resources generated for handling outgoing traffic. - transparent - resources generated for transparent - proxy functionality. prometheus - resources generated - when Prometheus metrics are enabled. direct-access - - resources generated for Direct Access functionality. + description: |- + Origin is the name of the component or plugin that generated the resource. + + + Here is the list of well-known origins: + inbound - resources generated for handling incoming traffic. + outbound - resources generated for handling outgoing traffic. + transparent - resources generated for transparent proxy functionality. + prometheus - resources generated when Prometheus metrics are enabled. + direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. - \n The list is not complete, because policy plugins - can introduce new resources. For example MeshTrace - plugin can create Cluster with \"mesh-trace\" - origin." + + + The list is not complete, because policy plugins can introduce new resources. + For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string type: object operation: @@ -387,12 +400,14 @@ spec: - operation type: object virtualHost: - description: VirtualHost is a modification of Envoy's VirtualHost + description: |- + VirtualHost is a modification of Envoy's VirtualHost referenced in HTTP Connection Manager in a Listener resource. properties: jsonPatches: - description: JsonPatches specifies list of jsonpatches - to apply to on Envoy's VirtualHost resource + description: |- + JsonPatches specifies list of jsonpatches to apply to on Envoy's + VirtualHost resource items: description: JsonPatchBlock is one json patch operation block. @@ -430,22 +445,23 @@ spec: description: Name of the VirtualHost to match. type: string origin: - description: "Origin is the name of the component - or plugin that generated the resource. \n Here - is the list of well-known origins: inbound - resources - generated for handling incoming traffic. outbound - - resources generated for handling outgoing traffic. - transparent - resources generated for transparent - proxy functionality. prometheus - resources generated - when Prometheus metrics are enabled. direct-access - - resources generated for Direct Access functionality. + description: |- + Origin is the name of the component or plugin that generated the resource. + + + Here is the list of well-known origins: + inbound - resources generated for handling incoming traffic. + outbound - resources generated for handling outgoing traffic. + transparent - resources generated for transparent proxy functionality. + prometheus - resources generated when Prometheus metrics are enabled. + direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. - \n The list is not complete, because policy plugins - can introduce new resources. For example MeshTrace - plugin can create Cluster with \"mesh-trace\" - origin." + + + The list is not complete, because policy plugins can introduce new resources. + For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string routeConfigurationName: description: Name of the RouteConfiguration resource @@ -473,9 +489,10 @@ spec: - appendModifications type: object targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -492,14 +509,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml b/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml index abfd51f34..1be95be73 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshratelimits.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,16 +53,18 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of clients referenced in + 'targetRef' properties: local: description: LocalConf defines local http or/and tcp rate limit configuration properties: http: - description: LocalHTTP defines confguration of local - HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + description: |- + LocalHTTP defines confguration of local HTTP rate limiting + https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter properties: disabled: description: Define if rate limiting should be disabled. @@ -124,9 +131,9 @@ spec: is accounted for. type: string num: - description: Number of units per interval (depending - on usage it can be a number of requests, or - a number of connections). + description: |- + Number of units per interval (depending on usage it can be a number of requests, + or a number of connections). format: int32 type: integer required: @@ -135,8 +142,9 @@ spec: type: object type: object tcp: - description: LocalTCP defines confguration of local - TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + description: |- + LocalTCP defines confguration of local TCP rate limiting + https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter properties: connectionRate: description: Defines how many connections are allowed @@ -147,9 +155,9 @@ spec: is accounted for. type: string num: - description: Number of units per interval (depending - on usage it can be a number of requests, or - a number of connections). + description: |- + Number of units per interval (depending on usage it can be a number of requests, + or a number of connections). format: int32 type: integer required: @@ -157,15 +165,17 @@ spec: - num type: object disabled: - description: 'Define if rate limiting should be - disabled. Default: false' + description: |- + Define if rate limiting should be disabled. + Default: false type: boolean type: object type: object type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. + description: |- + TargetRef is a reference to the resource that represents a group of + clients. properties: kind: description: Kind of the referenced resource @@ -182,15 +192,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: @@ -198,9 +220,10 @@ spec: type: object type: array targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -217,16 +240,201 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object + to: + description: To list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: |- + Default is a configuration specific to the group of clients referenced in + 'targetRef' + properties: + local: + description: LocalConf defines local http or/and tcp rate + limit configuration + properties: + http: + description: |- + LocalHTTP defines confguration of local HTTP rate limiting + https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: Describes the actions to take on a + rate limit event + properties: + headers: + description: The Headers to be added to the + HTTP response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The HTTP status code to be set + on a rate limit event + format: int32 + type: integer + type: object + requestRate: + description: Defines how many requests are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: |- + Number of units per interval (depending on usage it can be a number of requests, + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: |- + LocalTCP defines confguration of local TCP rate limiting + https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: Defines how many connections are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: |- + Number of units per interval (depending on usage it can be a number of requests, + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: |- + Define if rate limiting should be disabled. + Default: false + type: boolean + type: object + type: object + type: object + targetRef: + description: |- + TargetRef is a reference to the resource that represents a group of + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array + tags: + additionalProperties: + type: string + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array required: - targetRef type: object diff --git a/charts/kuma/kuma/crds/kuma.io_meshretries.yaml b/charts/kuma/kuma/crds/kuma.io_meshretries.yaml index d724395a3..307a44326 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshretries.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshretries.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshretries.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -43,9 +48,10 @@ spec: description: Spec is the specification of the Kuma MeshRetry resource. properties: targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -62,14 +68,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object to: @@ -78,63 +97,63 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of destinations referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of destinations referenced in + 'targetRef' properties: grpc: description: GRPC defines a configuration of retries for GRPC traffic properties: backOff: - description: BackOff is a configuration of durations - which will be used in exponential backoff strategy - between retries. + description: |- + BackOff is a configuration of durations which will be used in an exponential + backoff strategy between retries. properties: baseInterval: - description: BaseInterval is an amount of time which - should be taken between retries. Must be greater - than zero. Values less than 1 ms are rounded up - to 1 ms. Default is 25ms. + default: 25ms + description: |- + BaseInterval is an amount of time which should be taken between retries. + Must be greater than zero. Values less than 1 ms are rounded up to 1 ms. type: string maxInterval: - description: MaxInterval is a maximal amount of - time which will be taken between retries. Default - is 10 times the "BaseInterval". + description: |- + MaxInterval is a maximal amount of time which will be taken between retries. + Default is 10 times the "BaseInterval". type: string type: object numRetries: - description: NumRetries is the number of attempts that - will be made on failed (and retriable) requests. + description: |- + NumRetries is the number of attempts that will be made on failed (and + retriable) requests. If not set, the default value is 1. format: int32 type: integer perTryTimeout: - description: PerTryTimeout is the amount of time after - which retry attempt should timeout. Setting this timeout - to 0 will disable it. Default is 15s. + description: |- + PerTryTimeout is the maximum amount of time each retry attempt can take + before it times out. If not set, the global request timeout for the route + will be used. Setting this value to 0 will disable the per-try timeout. type: string rateLimitedBackOff: - description: RateLimitedBackOff is a configuration of - backoff which will be used when the upstream returns - one of the headers configured. + description: |- + RateLimitedBackOff is a configuration of backoff which will be used when + the upstream returns one of the headers configured. properties: maxInterval: + default: 300s description: MaxInterval is a maximal amount of - time which will be taken between retries. Default - is 300 seconds. + time which will be taken between retries. type: string resetHeaders: - description: ResetHeaders specifies the list of - headers (like Retry-After or X-RateLimit-Reset) - to match against the response. Headers are tried - in order, and matched case-insensitive. The first - header to be parsed successfully is used. If no - headers match the default exponential BackOff - is used instead. + description: |- + ResetHeaders specifies the list of headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried in order, and matched + case-insensitive. The first header to be parsed successfully is used. + If no headers match the default exponential BackOff is used instead. items: properties: format: - description: The format of the reset header, - either Seconds or UnixTimestamp. + description: The format of the reset header. enum: - Seconds - UnixTimestamp @@ -152,10 +171,21 @@ spec: type: array type: object retryOn: - description: 'RetryOn is a list of conditions which - will cause a retry. Available values are: [Canceled, - DeadlineExceeded, Internal, ResourceExhausted, Unavailable].' + description: RetryOn is a list of conditions which will + cause a retry. + example: + - Canceled + - DeadlineExceeded + - Internal + - ResourceExhausted + - Unavailable items: + enum: + - Canceled + - DeadlineExceeded + - Internal + - ResourceExhausted + - Unavailable type: string type: array type: object @@ -164,45 +194,47 @@ spec: HTTP traffic properties: backOff: - description: BackOff is a configuration of durations - which will be used in exponential backoff strategy - between retries + description: |- + BackOff is a configuration of durations which will be used in exponential + backoff strategy between retries. properties: baseInterval: - description: BaseInterval is an amount of time which - should be taken between retries. Must be greater - than zero. Values less than 1 ms are rounded up - to 1 ms. Default is 25ms. + default: 25ms + description: |- + BaseInterval is an amount of time which should be taken between retries. + Must be greater than zero. Values less than 1 ms are rounded up to 1 ms. type: string maxInterval: - description: MaxInterval is a maximal amount of - time which will be taken between retries. Default - is 10 times the "BaseInterval". + description: |- + MaxInterval is a maximal amount of time which will be taken between retries. + Default is 10 times the "BaseInterval". type: string type: object hostSelection: - description: HostSelection is a list of predicates that - dictate how hosts should be selected when requests - are retried. + description: |- + HostSelection is a list of predicates that dictate how hosts should be selected + when requests are retried. items: properties: predicate: description: Type is requested predicate mode. - Available values are OmitPreviousHosts, OmitHostsWithTags, - and OmitPreviousPriorities. + enum: + - OmitPreviousHosts + - OmitHostsWithTags + - OmitPreviousPriorities type: string tags: additionalProperties: type: string - description: Tags is a map of metadata to match - against for selecting the omitted hosts. Required - if Type is OmitHostsWithTags + description: |- + Tags is a map of metadata to match against for selecting the omitted hosts. Required if Type is + OmitHostsWithTags type: object updateFrequency: - description: UpdateFrequency is how often the - priority load should be updated based on previously - attempted priorities. Used for OmitPreviousPriorities. - Default is 2 if not set. + default: 2 + description: |- + UpdateFrequency is how often the priority load should be updated based on previously attempted priorities. + Used for OmitPreviousPriorities. format: int32 type: integer required: @@ -210,46 +242,46 @@ spec: type: object type: array hostSelectionMaxAttempts: - description: HostSelectionMaxAttempts is the maximum - number of times host selection will be reattempted - before giving up, at which point the host that was - last selected will be routed to. If unspecified, this - will default to retrying once. + description: |- + HostSelectionMaxAttempts is the maximum number of times host selection will be + reattempted before giving up, at which point the host that was last selected will + be routed to. If unspecified, this will default to retrying once. format: int64 type: integer numRetries: - description: NumRetries is the number of attempts that - will be made on failed (and retriable) requests + description: |- + NumRetries is the number of attempts that will be made on failed (and + retriable) requests. If not set, the default value is 1. format: int32 type: integer perTryTimeout: - description: PerTryTimeout is the amount of time after - which retry attempt should timeout. Setting this timeout - to 0 will disable it. Default is 15s. + description: |- + PerTryTimeout is the amount of time after which retry attempt should time out. + If left unspecified, the global route timeout for the request will be used. + Consequently, when using a 5xx based retry policy, a request that times out + will not be retried as the total timeout budget would have been exhausted. + Setting this timeout to 0 will disable it. type: string rateLimitedBackOff: - description: RateLimitedBackOff is a configuration of - backoff which will be used when the upstream returns - one of the headers configured. + description: |- + RateLimitedBackOff is a configuration of backoff which will be used + when the upstream returns one of the headers configured. properties: maxInterval: + default: 300s description: MaxInterval is a maximal amount of - time which will be taken between retries. Default - is 300 seconds. + time which will be taken between retries. type: string resetHeaders: - description: ResetHeaders specifies the list of - headers (like Retry-After or X-RateLimit-Reset) - to match against the response. Headers are tried - in order, and matched case-insensitive. The first - header to be parsed successfully is used. If no - headers match the default exponential BackOff - is used instead. + description: |- + ResetHeaders specifies the list of headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried in order, and matched + case-insensitive. The first header to be parsed successfully is used. + If no headers match the default exponential BackOff is used instead. items: properties: format: - description: The format of the reset header, - either Seconds or UnixTimestamp. + description: The format of the reset header. enum: - Seconds - UnixTimestamp @@ -267,18 +299,18 @@ spec: type: array type: object retriableRequestHeaders: - description: RetriableRequestHeaders is an HTTP headers - which must be present in the request for retries to - be attempted. + description: |- + RetriableRequestHeaders is an HTTP headers which must be present in the request + for retries to be attempted. items: - description: HeaderMatch describes how to select an - HTTP route by matching HTTP request headers. + description: |- + HeaderMatch describes how to select an HTTP route by matching HTTP request + headers. properties: name: - description: Name is the name of the HTTP Header - to be matched. Name MUST be lower case as they - will be handled with case insensitivity (See - https://tools.ietf.org/html/rfc7230#section-3.2). + description: |- + Name is the name of the HTTP Header to be matched. Name MUST be lower case + as they will be handled with case insensitivity (See https://tools.ietf.org/html/rfc7230#section-3.2). maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ @@ -303,19 +335,19 @@ spec: type: object type: array retriableResponseHeaders: - description: RetriableResponseHeaders is an HTTP response - headers that trigger a retry if present in the response. - A retry will be triggered if any of the header matches - match the upstream response headers. + description: |- + RetriableResponseHeaders is an HTTP response headers that trigger a retry + if present in the response. A retry will be triggered if any of the header + matches the upstream response headers. items: - description: HeaderMatch describes how to select an - HTTP route by matching HTTP request headers. + description: |- + HeaderMatch describes how to select an HTTP route by matching HTTP request + headers. properties: name: - description: Name is the name of the HTTP Header - to be matched. Name MUST be lower case as they - will be handled with case insensitivity (See - https://tools.ietf.org/html/rfc7230#section-3.2). + description: |- + Name is the name of the HTTP Header to be matched. Name MUST be lower case + as they will be handled with case insensitivity (See https://tools.ietf.org/html/rfc7230#section-3.2). maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ @@ -340,13 +372,33 @@ spec: type: object type: array retryOn: - description: 'RetryOn is a list of conditions which - will cause a retry. Available values are: [5XX, GatewayError, - Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, - RefusedStream, Http3PostConnectFailure, HttpMethodConnect, - HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, - HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. - Also, any HTTP status code (500, 503, etc).' + description: |- + RetryOn is a list of conditions which will cause a retry. Available values are: + [5XX, GatewayError, Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, + RefusedStream, Http3PostConnectFailure, HttpMethodConnect, HttpMethodDelete, + HttpMethodGet, HttpMethodHead, HttpMethodOptions, HttpMethodPatch, + HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc.). + example: + - 5XX + - GatewayError + - Reset + - Retriable4xx + - ConnectFailure + - EnvoyRatelimited + - RefusedStream + - Http3PostConnectFailure + - HttpMethodConnect + - HttpMethodDelete + - HttpMethodGet + - HttpMethodHead + - HttpMethodOptions + - HttpMethodPatch + - HttpMethodPost + - HttpMethodPut + - HttpMethodTrace + - "500" + - "503" items: type: string type: array @@ -356,16 +408,17 @@ spec: TCP traffic properties: maxConnectAttempt: - description: MaxConnectAttempt is a maximal amount of - TCP connection attempts which will be made before - giving up + description: |- + MaxConnectAttempt is a maximal amount of TCP connection attempts + which will be made before giving up format: int32 type: integer type: object type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -382,15 +435,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshtcproutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshtcproutes.yaml index 1bc3081aa..962413f0d 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtcproutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtcproutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshtcproutes.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -43,9 +48,10 @@ spec: description: Spec is the specification of the Kuma MeshTCPRoute resource. properties: targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined in-place. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined in-place. properties: kind: description: Kind of the referenced resource @@ -62,29 +68,45 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object to: - description: To list makes a match between the consumed services and - corresponding configurations + description: |- + To list makes a match between the consumed services and corresponding + configurations items: properties: rules: - description: Rules contains the routing rules applies to a combination - of top-level targetRef and the targetRef in this entry. + description: |- + Rules contains the routing rules applies to a combination of top-level + targetRef and the targetRef in this entry. items: properties: default: - description: Default holds routing rules that can be merged - with rules from other policies. + description: |- + Default holds routing rules that can be merged with rules from other + policies. properties: backendRefs: items: @@ -106,15 +128,26 @@ spec: to identify cross mesh resources. type: string name: - description: 'Name of the referenced resource. - Can only be used with kinds: `MeshService`, - `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of - proxies by tags. Can only be used with kinds + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object weight: @@ -133,8 +166,9 @@ spec: maxItems: 1 type: array targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -151,15 +185,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml b/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml index c55e957a8..57f875b39 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshtimeouts.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,12 +53,13 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of clients referenced in + 'targetRef' properties: connectionTimeout: - description: ConnectionTimeout specifies the amount of time - proxy will wait for an TCP connection to be established. + description: |- + ConnectionTimeout specifies the amount of time proxy will wait for an TCP connection to be established. Default value is 5 seconds. Cannot be set to 0. type: string http: @@ -61,42 +67,47 @@ spec: timeouts properties: maxConnectionDuration: - description: MaxConnectionDuration is the time after - which a connection will be drained and/or closed, - starting from when it was first established. Setting - this timeout to 0 will disable it. Disabled by default. + description: |- + MaxConnectionDuration is the time after which a connection will be drained and/or closed, + starting from when it was first established. Setting this timeout to 0 will disable it. + Disabled by default. type: string maxStreamDuration: - description: MaxStreamDuration is the maximum time that - a stream’s lifetime will span. Setting this timeout - to 0 will disable it. Disabled by default. + description: |- + MaxStreamDuration is the maximum time that a stream’s lifetime will span. + Setting this timeout to 0 will disable it. Disabled by default. + type: string + requestHeadersTimeout: + description: |- + RequestHeadersTimeout The amount of time that proxy will wait for the request headers to be received. The timer is + activated when the first byte of the headers is received, and is disarmed when the last byte of + the headers has been received. If not specified or set to 0, this timeout is disabled. + Disabled by default. type: string requestTimeout: - description: RequestTimeout The amount of time that - proxy will wait for the entire request to be received. - The timer is activated when the request is initiated, - and is disarmed when the last byte of the request - is sent, OR when the response is initiated. Setting - this timeout to 0 will disable it. Default is 15s. + description: |- + RequestTimeout The amount of time that proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, and is disarmed when the last byte of the request is sent, + OR when the response is initiated. Setting this timeout to 0 will disable it. + Default is 15s. type: string streamIdleTimeout: - description: StreamIdleTimeout is the amount of time - that proxy will allow a stream to exist with no activity. - Setting this timeout to 0 will disable it. Default - is 30m + description: |- + StreamIdleTimeout is the amount of time that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default is 30m type: string type: object idleTimeout: - description: IdleTimeout is defined as the period in which - there are no bytes sent or received on connection Setting - this timeout to 0 will disable it. Be cautious when disabling - it because it can lead to connection leaking. Default - value is 1h. + description: |- + IdleTimeout is defined as the period in which there are no bytes sent or received on connection + Setting this timeout to 0 will disable it. Be cautious when disabling it because + it can lead to connection leaking. Default value is 1h. type: string type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. + description: |- + TargetRef is a reference to the resource that represents a group of + clients. properties: kind: description: Kind of the referenced resource @@ -113,15 +124,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: @@ -129,9 +152,10 @@ spec: type: object type: array targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -148,14 +172,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object to: @@ -164,12 +201,13 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of destinations referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of destinations referenced in + 'targetRef' properties: connectionTimeout: - description: ConnectionTimeout specifies the amount of time - proxy will wait for an TCP connection to be established. + description: |- + ConnectionTimeout specifies the amount of time proxy will wait for an TCP connection to be established. Default value is 5 seconds. Cannot be set to 0. type: string http: @@ -177,42 +215,47 @@ spec: timeouts properties: maxConnectionDuration: - description: MaxConnectionDuration is the time after - which a connection will be drained and/or closed, - starting from when it was first established. Setting - this timeout to 0 will disable it. Disabled by default. + description: |- + MaxConnectionDuration is the time after which a connection will be drained and/or closed, + starting from when it was first established. Setting this timeout to 0 will disable it. + Disabled by default. type: string maxStreamDuration: - description: MaxStreamDuration is the maximum time that - a stream’s lifetime will span. Setting this timeout - to 0 will disable it. Disabled by default. + description: |- + MaxStreamDuration is the maximum time that a stream’s lifetime will span. + Setting this timeout to 0 will disable it. Disabled by default. + type: string + requestHeadersTimeout: + description: |- + RequestHeadersTimeout The amount of time that proxy will wait for the request headers to be received. The timer is + activated when the first byte of the headers is received, and is disarmed when the last byte of + the headers has been received. If not specified or set to 0, this timeout is disabled. + Disabled by default. type: string requestTimeout: - description: RequestTimeout The amount of time that - proxy will wait for the entire request to be received. - The timer is activated when the request is initiated, - and is disarmed when the last byte of the request - is sent, OR when the response is initiated. Setting - this timeout to 0 will disable it. Default is 15s. + description: |- + RequestTimeout The amount of time that proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, and is disarmed when the last byte of the request is sent, + OR when the response is initiated. Setting this timeout to 0 will disable it. + Default is 15s. type: string streamIdleTimeout: - description: StreamIdleTimeout is the amount of time - that proxy will allow a stream to exist with no activity. - Setting this timeout to 0 will disable it. Default - is 30m + description: |- + StreamIdleTimeout is the amount of time that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default is 30m type: string type: object idleTimeout: - description: IdleTimeout is defined as the period in which - there are no bytes sent or received on connection Setting - this timeout to 0 will disable it. Be cautious when disabling - it because it can lead to connection leaking. Default - value is 1h. + description: |- + IdleTimeout is defined as the period in which there are no bytes sent or received on connection + Setting this timeout to 0 will disable it. Be cautious when disabling it because + it can lead to connection leaking. Default value is 1h. type: string type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of destinations. + description: |- + TargetRef is a reference to the resource that represents a group of + destinations. properties: kind: description: Kind of the referenced resource @@ -229,15 +272,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml b/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml index 0e8b08c9d..ad47f508c 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshtraces.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -46,10 +51,11 @@ spec: description: MeshTrace configuration. properties: backends: - description: A one element array of backend definition. Envoy - allows configuring only 1 backend, so the natural way of representing - that would be just one object. Unfortunately due to the reasons - explained in MADR 009-tracing-policy this has to be a one element + description: |- + A one element array of backend definition. + Envoy allows configuring only 1 backend, so the natural way of + representing that would be just one object. Unfortunately due to the + reasons explained in MADR 009-tracing-policy this has to be a one element array for now. items: description: Only one of zipkin, datadog or openTelemetry can @@ -59,17 +65,18 @@ spec: description: Datadog backend configuration. properties: splitService: - description: 'Determines if datadog service name should - be split based on traffic direction and destination. - For example, with `splitService: true` and a `backend` - service that communicates with a couple of databases, - you would get service names like `backend_INBOUND`, - `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` - in Datadog. Default: false' + default: false + description: |- + Determines if datadog service name should be split based on traffic + direction and destination. For example, with `splitService: true` and a + `backend` service that communicates with a couple of databases, you would + get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and + `backend_OUTBOUND_db2` in Datadog. type: boolean url: - description: Address of Datadog collector, only host - and port are allowed (no paths, fragments etc.) + description: |- + Address of Datadog collector, only host and port are allowed (no paths, + fragments etc.) type: string required: - url @@ -96,18 +103,23 @@ spec: properties: apiVersion: default: httpJson - description: 'Version of the API. values: httpJson, - httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66' + description: |- + Version of the API. + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66 enum: - httpJson - httpProto type: string sharedSpanContext: - description: 'Determines whether client and server spans - will share the same span context. Default: true. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63' + default: true + description: |- + Determines whether client and server spans will share the same span + context. + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63 type: boolean traceId128bit: - description: 'Generate 128bit traces. Default: false' + default: false + description: Generate 128bit traces. type: boolean url: description: Address of Zipkin collector. @@ -118,60 +130,71 @@ spec: required: - type type: object + maxItems: 1 type: array sampling: - description: Sampling configuration. Sampling is the process by - which a decision is made on whether to process/export a span - or not. + description: |- + Sampling configuration. + Sampling is the process by which a decision is made on whether to + process/export a span or not. properties: client: anyOf: - type: integer - type: string - description: 'Target percentage of requests that will be force - traced if the ''x-client-trace-id'' header is set. Default: - 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 - Either int or decimal represented as string.' + default: 100% + description: |- + Target percentage of requests that will be force traced if the + 'x-client-trace-id' header is set. Mirror of client_sampling in Envoy + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string. x-kubernetes-int-or-string: true overall: anyOf: - type: integer - type: string - description: 'Target percentage of requests will be traced - after all other sampling checks have been applied (client, - force tracing, random sampling). This field functions as - an upper limit on the total configured sampling rate. For - instance, setting client_sampling to 100% but overall_sampling - to 1% will result in only 1% of client requests with the - appropriate headers to be force traced. Default: 100% Mirror - of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 - Either int or decimal represented as string.' + default: 100% + description: |- + Target percentage of requests will be traced + after all other sampling checks have been applied (client, force tracing, + random sampling). This field functions as an upper limit on the total + configured sampling rate. For instance, setting client_sampling to 100% + but overall_sampling to 1% will result in only 1% of client requests with + the appropriate headers to be force traced. Mirror of + overall_sampling in Envoy + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string. x-kubernetes-int-or-string: true random: anyOf: - type: integer - type: string - description: 'Target percentage of requests that will be randomly - selected for trace generation, if not requested by the client - or not forced. Default: 100% Mirror of random_sampling in - Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 - Either int or decimal represented as string.' + default: 100% + description: |- + Target percentage of requests that will be randomly selected for trace + generation, if not requested by the client or not forced. + Mirror of random_sampling in Envoy + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string. x-kubernetes-int-or-string: true type: object tags: - description: Custom tags configuration. You can add custom tags - to traces based on headers or literal values. + description: |- + Custom tags configuration. You can add custom tags to traces based on + headers or literal values. items: - description: Custom tags configuration. Only one of literal - or header can be used. + description: |- + Custom tags configuration. + Only one of literal or header can be used. properties: header: description: Tag taken from a header. properties: default: - description: Default value to use if header is missing. - If the default is missing and there is no value the - tag will not be included. + description: |- + Default value to use if header is missing. + If the default is missing and there is no value the tag will not be + included. type: string name: description: Name of the header. @@ -191,9 +214,10 @@ spec: type: array type: object targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -210,14 +234,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml b/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml index 3ab56942e..65474d719 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshtrafficpermissions.kuma.io spec: group: kuma.io @@ -28,14 +28,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -49,8 +54,9 @@ spec: items: properties: default: - description: Default is a configuration specific to the group - of clients referenced in 'targetRef' + description: |- + Default is a configuration specific to the group of clients referenced in + 'targetRef' properties: action: description: 'Action defines a behavior for the specified @@ -62,8 +68,9 @@ spec: type: string type: object targetRef: - description: TargetRef is a reference to the resource that represents - a group of clients. + description: |- + TargetRef is a reference to the resource that represents a group of + clients. properties: kind: description: Kind of the referenced resource @@ -80,15 +87,27 @@ spec: cross mesh resources. type: string name: - description: 'Name of the referenced resource. Can only - be used with kinds: `MeshService`, `MeshServiceSubset` - and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by - tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: @@ -96,9 +115,10 @@ spec: type: object type: array targetRef: - description: TargetRef is a reference to the resource the policy takes - an effect on. The resource could be either a real store object or - virtual resource defined inplace. + description: |- + TargetRef is a reference to the resource the policy takes an effect on. + The resource could be either a real store object or virtual resource + defined inplace. properties: kind: description: Kind of the referenced resource @@ -115,14 +135,27 @@ spec: mesh resources. type: string name: - description: 'Name of the referenced resource. Can only be used - with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + description: |- + Name of the referenced resource. Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` type: string + proxyTypes: + description: |- + ProxyTypes specifies the data plane types that are subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + minItems: 1 + type: array tags: additionalProperties: type: string - description: Tags used to select a subset of proxies by tags. - Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + description: |- + Tags used to select a subset of proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` type: object type: object required: diff --git a/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml b/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml index 111d4450f..7d598fb0c 100644 --- a/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml +++ b/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: proxytemplates.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml b/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml index cc6fa13fa..458280883 100644 --- a/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml +++ b/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ratelimits.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_retries.yaml b/charts/kuma/kuma/crds/kuma.io_retries.yaml index 865df1b2f..040efe058 100644 --- a/charts/kuma/kuma/crds/kuma.io_retries.yaml +++ b/charts/kuma/kuma/crds/kuma.io_retries.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: retries.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml b/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml index 135eaedda..69a4f709b 100644 --- a/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: serviceinsights.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_timeouts.yaml b/charts/kuma/kuma/crds/kuma.io_timeouts.yaml index b2f8b3d60..659998990 100644 --- a/charts/kuma/kuma/crds/kuma.io_timeouts.yaml +++ b/charts/kuma/kuma/crds/kuma.io_timeouts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: timeouts.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml b/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml index c74f9a90f..e299ef299 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: trafficlogs.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml b/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml index b9469c8c9..087eecec1 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: trafficpermissions.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml b/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml index 1e3158363..6fdb809cf 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: trafficroutes.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml b/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml index f85ababd9..7f9832df7 100644 --- a/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml +++ b/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: traffictraces.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml b/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml index a5fe905e0..c158f29bd 100644 --- a/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml +++ b/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: virtualoutbounds.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml b/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml index b202d0fb8..2dbcea457 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: zoneegresses.kuma.io spec: group: kuma.io @@ -16,22 +16,33 @@ spec: singular: zoneegress scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - description: Zone name + jsonPath: .spec.zone + name: zone + type: string + name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: @@ -42,3 +53,4 @@ spec: type: object served: true storage: true + subresources: {} diff --git a/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml index 50c7f6864..58a995697 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: zoneegressinsights.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml b/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml index 0754071e2..8f3e83575 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: zoneingresses.kuma.io spec: group: kuma.io @@ -16,22 +16,33 @@ spec: singular: zoneingress scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - description: Zone name + jsonPath: .spec.zone + name: zone + type: string + name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: @@ -42,3 +53,4 @@ spec: type: object served: true storage: true + subresources: {} diff --git a/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml index 87d2c06ab..66a51ae5f 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: zoneingressinsights.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml index fa149598a..28e26eaf7 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: zoneinsights.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/crds/kuma.io_zones.yaml b/charts/kuma/kuma/crds/kuma.io_zones.yaml index bcd73a05b..e750c6388 100644 --- a/charts/kuma/kuma/crds/kuma.io_zones.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zones.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: zones.kuma.io spec: group: kuma.io @@ -21,17 +21,23 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string mesh: - description: Mesh is the name of the Kuma mesh this resource belongs to. + description: |- + Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string metadata: diff --git a/charts/kuma/kuma/templates/_helpers.tpl b/charts/kuma/kuma/templates/_helpers.tpl index b209a99bd..b71b3f8bc 100644 --- a/charts/kuma/kuma/templates/_helpers.tpl +++ b/charts/kuma/kuma/templates/_helpers.tpl @@ -217,6 +217,10 @@ env: value: {{ include "kuma.formatImage" (dict "image" .Values.dataPlane.image "root" $) | quote }} - name: KUMA_INJECTOR_INIT_CONTAINER_IMAGE value: {{ include "kuma.formatImage" (dict "image" .Values.dataPlane.initImage "root" $) | quote }} +{{- if .Values.dataPlane.dnsLogging }} +- name: KUMA_RUNTIME_KUBERNETES_INJECTOR_BUILTIN_DNS_LOGGING + value: "true" +{{- end }} - name: KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE value: /var/run/secrets/kuma.io/tls-cert/ca.crt - name: KUMA_DEFAULTS_SKIP_MESH_CREATION diff --git a/charts/kuma/kuma/templates/cp-deployment.yaml b/charts/kuma/kuma/templates/cp-deployment.yaml index 5bf073105..61bb2d27f 100644 --- a/charts/kuma/kuma/templates/cp-deployment.yaml +++ b/charts/kuma/kuma/templates/cp-deployment.yaml @@ -19,9 +19,7 @@ {{ fail $msg }} {{ end }} {{ if eq .Values.controlPlane.mode "zone" }} - {{ if empty .Values.controlPlane.zone }} - {{ fail "Can't have controlPlane.zone to be empty when controlPlane.mode=='zone'" }} - {{ else }} + {{ if not (empty .Values.controlPlane.zone) }} {{ if gt (len .Values.controlPlane.zone) 253 }} {{ fail "controlPlane.zone must be no more than 253 characters" }} {{ else }} @@ -30,9 +28,7 @@ {{ end }} {{ end }} {{ end }} - {{ if empty .Values.controlPlane.kdsGlobalAddress }} - {{ fail "controlPlane.kdsGlobalAddress can't be empty when controlPlane.mode=='zone', needs to be the global control-plane address" }} - {{ else }} + {{ if not (empty .Values.controlPlane.kdsGlobalAddress) }} {{ $url := urlParse .Values.controlPlane.kdsGlobalAddress }} {{ if not (or (eq $url.scheme "grpcs") (eq $url.scheme "grpc")) }} {{ $msg := printf "controlPlane.kdsGlobalAddress must be a url with scheme grpcs:// or grpc:// got:'%s'" .Values.controlPlane.kdsGlobalAddress }} diff --git a/charts/kuma/kuma/templates/cp-service.yaml b/charts/kuma/kuma/templates/cp-service.yaml index ab05755c8..3b9c3e31f 100644 --- a/charts/kuma/kuma/templates/cp-service.yaml +++ b/charts/kuma/kuma/templates/cp-service.yaml @@ -6,11 +6,11 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{ include "kuma.cpLabels" . | nindent 4 }} annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "5680" {{- range $key, $value := .Values.controlPlane.service.annotations }} + {{- if $value }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- end }} spec: type: {{ .Values.controlPlane.service.type }} ports: diff --git a/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml b/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml index 6d7e4b275..c249ba15d 100644 --- a/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml +++ b/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml @@ -136,7 +136,7 @@ webhooks: values: ["kube-system"] - key: kuma.io/sidecar-injection operator: In - values: ["enabled"] + values: ["enabled", "true"] clientConfig: caBundle: {{ $caBundle }} service: @@ -180,30 +180,6 @@ webhooks: resources: - pods sideEffects: None - - name: kuma-injector.kuma.io - admissionReviewVersions: ["v1"] - failurePolicy: Ignore {{/* Failure policy is hardcoded as Ignore because any other mode will cause CP to be unable to start after all instances are down */}} - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: ["kube-system"] - clientConfig: - caBundle: {{ $caBundle }} - service: - namespace: {{ .Release.Namespace }} - name: {{ include "kuma.controlPlane.serviceName" . }} - path: /inject-sidecar - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None {{- end }} --- apiVersion: admissionregistration.k8s.io/v1 diff --git a/charts/kuma/kuma/values.yaml b/charts/kuma/kuma/values.yaml index 3a3a61c22..d2f9a3242 100644 --- a/charts/kuma/kuma/values.yaml +++ b/charts/kuma/kuma/values.yaml @@ -36,8 +36,8 @@ controlPlane: # -- Kuma CP log output path: Defaults to /dev/stdout logOutputPath: "" - # -- Kuma CP modes: one of standalone,zone,global - mode: "standalone" + # -- Kuma CP modes: one of zone,global + mode: "zone" # -- (string) Kuma CP zone, if running multizone zone: @@ -140,8 +140,10 @@ controlPlane: # -- Service type of the Kuma Control Plane type: ClusterIP - # -- Additional annotations to put on the Kuma Control Plane - annotations: { } + # -- Annotations to put on the Kuma Control Plane + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "5680" # Kuma API and GUI ingress settings. Useful if you want to expose the # API and GUI of Kuma outside the k8s cluster. @@ -381,6 +383,8 @@ cni: runAsGroup: 0 dataPlane: + # -- If true, then turn on CoreDNS query logging + dnsLogging: false image: # -- The Kuma DP image repository repository: "kuma-dp" @@ -724,6 +728,7 @@ plugins: meshhealthchecks: {} meshhttproutes: {} meshloadbalancingstrategies: {} + meshmetrics: {} meshproxypatches: {} meshratelimits: {} meshretries: {} diff --git a/charts/loft/loft/Chart.yaml b/charts/loft/loft/Chart.yaml index 55233c235..d781bde87 100644 --- a/charts/loft/loft/Chart.yaml +++ b/charts/loft/loft/Chart.yaml @@ -28,4 +28,4 @@ name: loft sources: - https://github.com/loft-sh/loft type: application -version: 3.3.3 +version: 3.3.4 diff --git a/charts/metallb/metallb/Chart.lock b/charts/metallb/metallb/Chart.lock index 425c50fdc..630f1f826 100644 --- a/charts/metallb/metallb/Chart.lock +++ b/charts/metallb/metallb/Chart.lock @@ -1,6 +1,9 @@ dependencies: - name: crds repository: "" - version: 0.13.12 -digest: sha256:bc3d2abdac552d6a886bd1d533eef9a432e5809a0dda4a85c7de4fdf2094cdb0 -generated: "2023-10-20T16:56:55.333731157+02:00" + version: 0.14.3 +- name: frr-k8s + repository: https://metallb.github.io/frr-k8s + version: 0.0.8 +digest: sha256:175725c494156eecae069340d366284a1503fb2977cbe7df0f196b468599a592 +generated: "2024-01-30T17:45:01.476353104+01:00" diff --git a/charts/metallb/metallb/Chart.yaml b/charts/metallb/metallb/Chart.yaml index 0d84a1f91..6fafa64f1 100644 --- a/charts/metallb/metallb/Chart.yaml +++ b/charts/metallb/metallb/Chart.yaml @@ -5,12 +5,16 @@ annotations: catalog.cattle.io/namespace: metallb-system catalog.cattle.io/release-name: metallb apiVersion: v2 -appVersion: v0.13.12 +appVersion: v0.14.3 dependencies: - condition: crds.enabled name: crds repository: file://./charts/crds - version: 0.13.12 + version: 0.14.3 +- condition: frrk8s.enabled + name: frr-k8s + repository: file://./charts/frr-k8s + version: 0.0.8 description: A network load-balancer implementation for Kubernetes using standard routing protocols home: https://metallb.universe.tf @@ -20,4 +24,4 @@ name: metallb sources: - https://github.com/metallb/metallb type: application -version: 0.13.12 +version: 0.14.3 diff --git a/charts/metallb/metallb/README.md b/charts/metallb/metallb/README.md index 11bbe7d37..fd21de582 100644 --- a/charts/metallb/metallb/README.md +++ b/charts/metallb/metallb/README.md @@ -17,6 +17,7 @@ Kubernetes: `>= 1.19.0-0` | Repository | Name | Version | |------------|------|---------| | | crds | 0.0.0 | +| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.8 | ## Values @@ -24,6 +25,7 @@ Kubernetes: `>= 1.19.0-0` |-----|------|---------|-------------| | controller.affinity | object | `{}` | | | controller.enabled | bool | `true` | | +| controller.extraContainers | list | `[]` | | | controller.image.pullPolicy | string | `nil` | | | controller.image.repository | string | `"quay.io/metallb/controller"` | | | controller.image.tag | string | `nil` | | @@ -53,9 +55,12 @@ Kubernetes: `>= 1.19.0-0` | controller.serviceAccount.create | bool | `true` | | | controller.serviceAccount.name | string | `""` | | | controller.strategy.type | string | `"RollingUpdate"` | | +| controller.tlsCipherSuites | string | `""` | | +| controller.tlsMinVersion | string | `"VersionTLS12"` | | | controller.tolerations | list | `[]` | | | crds.enabled | bool | `true` | | | crds.validationFailurePolicy | string | `"Fail"` | | +| frrk8s.enabled | bool | `false` | | | fullnameOverride | string | `""` | | | imagePullSecrets | list | `[]` | | | loadBalancerClass | string | `""` | | @@ -111,6 +116,7 @@ Kubernetes: `>= 1.19.0-0` | speaker.affinity | object | `{}` | | | speaker.enabled | bool | `true` | | | speaker.excludeInterfaces.enabled | bool | `true` | | +| speaker.extraContainers | list | `[]` | | | speaker.frr.enabled | bool | `true` | | | speaker.frr.image.pullPolicy | string | `nil` | | | speaker.frr.image.repository | string | `"quay.io/frrouting/frr"` | | @@ -130,6 +136,7 @@ Kubernetes: `>= 1.19.0-0` | speaker.livenessProbe.timeoutSeconds | int | `1` | | | speaker.logLevel | string | `"info"` | Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` | | speaker.memberlist.enabled | bool | `true` | | +| speaker.memberlist.mlBindAddrOverride | string | `""` | | | speaker.memberlist.mlBindPort | int | `7946` | | | speaker.memberlist.mlSecretKeyPath | string | `"/etc/ml_secret_key"` | | | speaker.nodeSelector | object | `{}` | | @@ -144,6 +151,7 @@ Kubernetes: `>= 1.19.0-0` | speaker.reloader.resources | object | `{}` | | | speaker.resources | object | `{}` | | | speaker.runtimeClassName | string | `""` | | +| speaker.securityContext | object | `{}` | | | speaker.serviceAccount.annotations | object | `{}` | | | speaker.serviceAccount.create | bool | `true` | | | speaker.serviceAccount.name | string | `""` | | diff --git a/charts/metallb/metallb/charts/crds/Chart.yaml b/charts/metallb/metallb/charts/crds/Chart.yaml index 255ac2b0b..6ee31afc6 100644 --- a/charts/metallb/metallb/charts/crds/Chart.yaml +++ b/charts/metallb/metallb/charts/crds/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.13.12 +appVersion: v0.14.3 description: MetalLB CRDs home: https://metallb.universe.tf icon: https://metallb.universe.tf/images/logo/metallb-white.png @@ -7,4 +7,4 @@ name: crds sources: - https://github.com/metallb/metallb type: application -version: 0.13.12 +version: 0.14.3 diff --git a/charts/metallb/metallb/charts/crds/templates/crds.yaml b/charts/metallb/metallb/charts/crds/templates/crds.yaml index 9b415acf9..febfc04c8 100644 --- a/charts/metallb/metallb/charts/crds/templates/crds.yaml +++ b/charts/metallb/metallb/charts/crds/templates/crds.yaml @@ -2,220 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - name: addresspools.metallb.io -spec: - group: metallb.io - names: - kind: AddressPool - listKind: AddressPoolList - plural: addresspools - singular: addresspool - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1alpha1", "v1beta1"] - clientConfig: - # this is a valid pem format, otherwise the apiserver will reject the deletion of the crds - # with "unable to parse bytes as PEM block", The controller will patch it with the right content after it starts - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== - service: - namespace: {{ .Release.Namespace }} - name: metallb-webhook-service - path: /convert - versions: - - deprecated: true - deprecationWarning: metallb.io v1alpha1 AddressPool is deprecated - name: v1alpha1 - schema: - openAPIV3Schema: - description: AddressPool is the Schema for the addresspools API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AddressPoolSpec defines the desired state of AddressPool. - properties: - addresses: - description: A list of IP address ranges over which MetalLB has authority. - You can list multiple ranges in a single pool, they will all share - the same settings. Each range can be either a CIDR prefix, or an - explicit start-end range of IPs. - items: - type: string - type: array - autoAssign: - default: true - description: AutoAssign flag used to prevent MetallB from automatic - allocation for a pool. - type: boolean - bgpAdvertisements: - description: When an IP is allocated from this pool, how should it - be translated into BGP announcements? - items: - properties: - aggregationLength: - default: 32 - description: The aggregation-length advertisement option lets - you “roll up” the /32s into a larger prefix. - format: int32 - minimum: 1 - type: integer - aggregationLengthV6: - default: 128 - description: Optional, defaults to 128 (i.e. no aggregation) - if not specified. - format: int32 - type: integer - communities: - description: BGP communities - items: - type: string - type: array - localPref: - description: BGP LOCAL_PREF attribute which is used by BGP best - path algorithm, Path with higher localpref is preferred over - one with lower localpref. - format: int32 - type: integer - type: object - type: array - protocol: - description: Protocol can be used to select how the announcement is - done. - enum: - - layer2 - - bgp - type: string - required: - - addresses - - protocol - type: object - status: - description: AddressPoolStatus defines the observed state of AddressPool. - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} - - deprecated: true - deprecationWarning: metallb.io v1beta1 AddressPool is deprecated, consider using - IPAddressPool - name: v1beta1 - schema: - openAPIV3Schema: - description: AddressPool represents a pool of IP addresses that can be allocated - to LoadBalancer services. AddressPool is deprecated and being replaced by - IPAddressPool. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AddressPoolSpec defines the desired state of AddressPool. - properties: - addresses: - description: A list of IP address ranges over which MetalLB has authority. - You can list multiple ranges in a single pool, they will all share - the same settings. Each range can be either a CIDR prefix, or an - explicit start-end range of IPs. - items: - type: string - type: array - autoAssign: - default: true - description: AutoAssign flag used to prevent MetallB from automatic - allocation for a pool. - type: boolean - bgpAdvertisements: - description: Drives how an IP allocated from this pool should translated - into BGP announcements. - items: - properties: - aggregationLength: - default: 32 - description: The aggregation-length advertisement option lets - you “roll up” the /32s into a larger prefix. - format: int32 - minimum: 1 - type: integer - aggregationLengthV6: - default: 128 - description: Optional, defaults to 128 (i.e. no aggregation) - if not specified. - format: int32 - type: integer - communities: - description: BGP communities to be associated with the given - advertisement. - items: - type: string - type: array - localPref: - description: BGP LOCAL_PREF attribute which is used by BGP best - path algorithm, Path with higher localpref is preferred over - one with lower localpref. - format: int32 - type: integer - type: object - type: array - protocol: - description: Protocol can be used to select how the announcement is - done. - enum: - - layer2 - - bgp - type: string - required: - - addresses - - protocol - type: object - status: - description: AddressPoolStatus defines the observed state of AddressPool. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: bfdprofiles.metallb.io spec: @@ -227,95 +14,86 @@ spec: singular: bfdprofile scope: Namespaced versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: BFDProfile represents the settings of the bfd session that can - be optionally associated with a BGP session. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BFDProfileSpec defines the desired state of BFDProfile. - properties: - detectMultiplier: - description: Configures the detection multiplier to determine packet - loss. The remote transmission interval will be multiplied by this - value to determine the connection loss detection timer. - format: int32 - maximum: 255 - minimum: 2 - type: integer - echoInterval: - description: Configures the minimal echo receive transmission interval - that this system is capable of handling in milliseconds. Defaults - to 50ms - format: int32 - maximum: 60000 - minimum: 10 - type: integer - echoMode: - description: Enables or disables the echo transmission mode. This - mode is disabled by default, and not supported on multi hops setups. - type: boolean - minimumTtl: - description: 'For multi hop sessions only: configure the minimum expected - TTL for an incoming BFD control packet.' - format: int32 - maximum: 254 - minimum: 1 - type: integer - passiveMode: - description: 'Mark session as passive: a passive session will not - attempt to start the connection and will wait for control packets - from peer before it begins replying.' - type: boolean - receiveInterval: - description: The minimum interval that this system is capable of receiving - control packets in milliseconds. Defaults to 300ms. - format: int32 - maximum: 60000 - minimum: 10 - type: integer - transmitInterval: - description: The minimum transmission interval (less jitter) that - this system wants to use to send BFD control packets in milliseconds. - Defaults to 300ms - format: int32 - maximum: 60000 - minimum: 10 - type: integer - type: object - status: - description: BFDProfileStatus defines the observed state of BFDProfile. - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + - additionalPrinterColumns: + - jsonPath: .spec.passiveMode + name: Passive Mode + type: boolean + - jsonPath: .spec.transmitInterval + name: Transmit Interval + type: integer + - jsonPath: .spec.receiveInterval + name: Receive Interval + type: integer + - jsonPath: .spec.detectMultiplier + name: Multiplier + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + description: BFDProfile represents the settings of the bfd session that can be optionally associated with a BGP session. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BFDProfileSpec defines the desired state of BFDProfile. + properties: + detectMultiplier: + description: Configures the detection multiplier to determine packet loss. The remote transmission interval will be multiplied by this value to determine the connection loss detection timer. + format: int32 + maximum: 255 + minimum: 2 + type: integer + echoInterval: + description: Configures the minimal echo receive transmission interval that this system is capable of handling in milliseconds. Defaults to 50ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + echoMode: + description: Enables or disables the echo transmission mode. This mode is disabled by default, and not supported on multi hops setups. + type: boolean + minimumTtl: + description: 'For multi hop sessions only: configure the minimum expected TTL for an incoming BFD control packet.' + format: int32 + maximum: 254 + minimum: 1 + type: integer + passiveMode: + description: 'Mark session as passive: a passive session will not attempt to start the connection and will wait for control packets from peer before it begins replying.' + type: boolean + receiveInterval: + description: The minimum interval that this system is capable of receiving control packets in milliseconds. Defaults to 300ms. + format: int32 + maximum: 60000 + minimum: 10 + type: integer + transmitInterval: + description: The minimum transmission interval (less jitter) that this system wants to use to send BFD control packets in milliseconds. Defaults to 300ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + type: object + status: + description: BFDProfileStatus defines the observed state of BFDProfile. + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: bgpadvertisements.metallb.io spec: @@ -327,196 +105,164 @@ spec: singular: bgpadvertisement scope: Namespaced versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: BGPAdvertisement allows to advertise the IPs coming from the - selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. - properties: - aggregationLength: - default: 32 - description: The aggregation-length advertisement option lets you - “roll up” the /32s into a larger prefix. Defaults to 32. Works for - IPv4 addresses. - format: int32 - minimum: 1 - type: integer - aggregationLengthV6: - default: 128 - description: The aggregation-length advertisement option lets you - “roll up” the /128s into a larger prefix. Defaults to 128. Works - for IPv6 addresses. - format: int32 - type: integer - communities: - description: The BGP communities to be associated with the announcement. - Each item can be a community of the form 1234:1234 or the name of - an alias defined in the Community CRD. - items: - type: string - type: array - ipAddressPoolSelectors: - description: A selector for the IPAddressPools which would get advertised - via this advertisement. If no IPAddressPool is selected by this - or by the list, the advertisement is applied to all the IPAddressPools. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: + - additionalPrinterColumns: + - jsonPath: .spec.ipAddressPools + name: IPAddressPools + type: string + - jsonPath: .spec.ipAddressPoolSelectors + name: IPAddressPool Selectors + type: string + - jsonPath: .spec.peers + name: Peers + type: string + - jsonPath: .spec.nodeSelectors + name: Node Selectors + priority: 10 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: BGPAdvertisement allows to advertise the IPs coming from the selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. + properties: + aggregationLength: + default: 32 + description: The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. + format: int32 + minimum: 1 + type: integer + aggregationLengthV6: + default: 128 + description: The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. + format: int32 + type: integer + communities: + description: The BGP communities to be associated with the announcement. Each item can be a standard community of the form 1234:1234, a large community of the form large:1234:1234:1234 or the name of an alias defined in the Community CRD. + items: + type: string + type: array + ipAddressPoolSelectors: + description: A selector for the IPAddressPools which would get advertised via this advertisement. If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: array - ipAddressPools: - description: The list of IPAddressPools to advertise via this advertisement, - selected by name. - items: - type: string - type: array - localPref: - description: The BGP LOCAL_PREF attribute which is used by BGP best - path algorithm, Path with higher localpref is preferred over one - with lower localpref. - format: int32 - type: integer - nodeSelectors: - description: NodeSelectors allows to limit the nodes to announce as - next hops for the LoadBalancer IP. When empty, all the nodes having are - announced as next hops. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string - type: array - required: - - key - - operator + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: array - peers: - description: Peers limits the bgppeer to advertise the ips of the - selected pools to. When empty, the loadbalancer IP is announced - to all the BGPPeers configured. - items: - type: string - type: array - type: object - status: - description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + type: object + x-kubernetes-map-type: atomic + type: array + ipAddressPools: + description: The list of IPAddressPools to advertise via this advertisement, selected by name. + items: + type: string + type: array + localPref: + description: The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. + format: int32 + type: integer + nodeSelectors: + description: NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + peers: + description: Peers limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. + items: + type: string + type: array + type: object + status: + description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: bgppeers.metallb.io spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + service: + name: webhook-service + namespace: {{ .Release.Namespace }} + path: /convert + conversionReviewVersions: + - v1beta1 + - v1beta2 group: metallb.io names: kind: BGPPeer @@ -524,654 +270,255 @@ spec: plural: bgppeers singular: bgppeer scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1", "v1beta2"] - clientConfig: - # this is a valid pem format, otherwise the apiserver will reject the deletion of the crds - # with "unable to parse bytes as PEM block", The controller will patch it with the right content after it starts - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== - service: - namespace: {{ .Release.Namespace }} - name: metallb-webhook-service - path: /convert versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: BGPPeer is the Schema for the peers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPPeerSpec defines the desired state of Peer. - properties: - bfdProfile: - type: string - ebgpMultiHop: - description: EBGP peer is multi-hops away - type: boolean - holdTime: - description: Requested BGP hold time, per RFC4271. - type: string - keepaliveTime: - description: Requested BGP keepalive time, per RFC4271. - type: string - myASN: - description: AS number to use for the local end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - nodeSelectors: - description: Only connect to this peer on nodes that match one of - these selectors. - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - minItems: 1 - type: array - required: - - key - - operator - - values - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - password: - description: Authentication password for routers enforcing TCP MD5 - authenticated sessions - type: string - peerASN: - description: AS number to expect from the remote end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - peerAddress: - description: Address to dial when establishing the session. - type: string - peerPort: - description: Port to dial when establishing the session. - maximum: 16384 - minimum: 0 - type: integer - routerID: - description: BGP router ID to advertise to the peer - type: string - sourceAddress: - description: Source address to use when establishing the session. - type: string - required: - - myASN - - peerASN - - peerAddress - type: object - status: - description: BGPPeerStatus defines the observed state of Peer. - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta2 - schema: - openAPIV3Schema: - description: BGPPeer is the Schema for the peers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPPeerSpec defines the desired state of Peer. - properties: - bfdProfile: - description: The name of the BFD Profile to be used for the BFD session - associated to the BGP session. If not set, the BFD session won't - be set up. - type: string - ebgpMultiHop: - description: To set if the BGPPeer is multi-hops away. Needed for - FRR mode only. - type: boolean - holdTime: - description: Requested BGP hold time, per RFC4271. - type: string - keepaliveTime: - description: Requested BGP keepalive time, per RFC4271. - type: string - myASN: - description: AS number to use for the local end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - nodeSelectors: - description: Only connect to this peer on nodes that match one of - these selectors. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: array - password: - description: Authentication password for routers enforcing TCP MD5 - authenticated sessions - type: string - passwordSecret: - description: passwordSecret is name of the authentication secret for - BGP Peer. the secret must be of type "kubernetes.io/basic-auth", - and created in the same namespace as the MetalLB deployment. The - password is stored in the secret as the key "password". - properties: - name: - description: Name is unique within a namespace to reference a - secret resource. - type: string - namespace: - description: Namespace defines the space within which the secret - name must be unique. - type: string - type: object - peerASN: - description: AS number to expect from the remote end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - peerAddress: - description: Address to dial when establishing the session. - type: string - peerPort: - default: 179 - description: Port to dial when establishing the session. - maximum: 16384 - minimum: 0 - type: integer - routerID: - description: BGP router ID to advertise to the peer - type: string - sourceAddress: - description: Source address to use when establishing the session. - type: string - vrf: - description: To set if we want to peer with the BGPPeer using an interface - belonging to a host vrf - type: string - required: - - myASN - - peerASN - - peerAddress - type: object - status: - description: BGPPeerStatus defines the observed state of Peer. - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - name: ipaddresspools.metallb.io -spec: - group: metallb.io - names: - kind: IPAddressPool - listKind: IPAddressPoolList - plural: ipaddresspools - singular: ipaddresspool - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: IPAddressPool represents a pool of IP addresses that can be allocated - to LoadBalancer services. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAddressPoolSpec defines the desired state of IPAddressPool. - properties: - addresses: - description: A list of IP address ranges over which MetalLB has authority. - You can list multiple ranges in a single pool, they will all share - the same settings. Each range can be either a CIDR prefix, or an - explicit start-end range of IPs. - items: + - additionalPrinterColumns: + - jsonPath: .spec.peerAddress + name: Address + type: string + - jsonPath: .spec.peerASN + name: ASN + type: string + - jsonPath: .spec.bfdProfile + name: BFD Profile + type: string + - jsonPath: .spec.ebgpMultiHop + name: Multi Hops + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: BGPPeer is the Schema for the peers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec defines the desired state of Peer. + properties: + bfdProfile: type: string - type: array - autoAssign: - default: true - description: AutoAssign flag used to prevent MetallB from automatic - allocation for a pool. - type: boolean - avoidBuggyIPs: - default: false - description: AvoidBuggyIPs prevents addresses ending with .0 and .255 - to be used by a pool. - type: boolean - serviceAllocation: - description: AllocateTo makes ip pool allocation to specific namespace - and/or service. The controller will use the pool with lowest value - of priority in case of multiple matches. A pool with no priority - set will be used only if the pools with priority can't be used. - If multiple matching IPAddressPools are available it will check - for the availability of IPs sorting the matching IPAddressPools - by priority, starting from the highest to the lowest. If multiple - IPAddressPools have the same priority, choice will be random. - properties: - namespaceSelectors: - description: NamespaceSelectors list of label selectors to select - namespace(s) for ip pool, an alternative to using namespace - list. - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. + ebgpMultiHop: + description: EBGP peer is multi-hops away + type: boolean + holdTime: + description: Requested BGP hold time, per RFC4271. + type: string + keepaliveTime: + description: Requested BGP keepalive time, per RFC4271. + type: string + myASN: + description: AS number to use for the local end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + nodeSelectors: + description: Only connect to this peer on nodes that match one of these selectors. + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: + minItems: 1 + type: array + required: - key - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + - values type: object - type: object - type: array - namespaces: - description: Namespaces list of namespace(s) on which ip pool - can be attached. - items: + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: array + password: + description: Authentication password for routers enforcing TCP MD5 authenticated sessions + type: string + peerASN: + description: AS number to expect from the remote end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: Address to dial when establishing the session. + type: string + peerPort: + description: Port to dial when establishing the session. + maximum: 16384 + minimum: 0 + type: integer + routerID: + description: BGP router ID to advertise to the peer + type: string + sourceAddress: + description: Source address to use when establishing the session. + type: string + required: + - myASN + - peerASN + - peerAddress + type: object + status: + description: BGPPeerStatus defines the observed state of Peer. + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.peerAddress + name: Address + type: string + - jsonPath: .spec.peerASN + name: ASN + type: string + - jsonPath: .spec.bfdProfile + name: BFD Profile + type: string + - jsonPath: .spec.ebgpMultiHop + name: Multi Hops + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: BGPPeer is the Schema for the peers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec defines the desired state of Peer. + properties: + bfdProfile: + description: The name of the BFD Profile to be used for the BFD session associated to the BGP session. If not set, the BFD session won't be set up. + type: string + ebgpMultiHop: + description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only. + type: boolean + holdTime: + description: Requested BGP hold time, per RFC4271. + type: string + keepaliveTime: + description: Requested BGP keepalive time, per RFC4271. + type: string + myASN: + description: AS number to use for the local end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + nodeSelectors: + description: Only connect to this peer on nodes that match one of these selectors. + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + password: + description: Authentication password for routers enforcing TCP MD5 authenticated sessions + type: string + passwordSecret: + description: passwordSecret is name of the authentication secret for BGP Peer. the secret must be of type "kubernetes.io/basic-auth", and created in the same namespace as the MetalLB deployment. The password is stored in the secret as the key "password". + properties: + name: + description: name is unique within a namespace to reference a secret resource. type: string - type: array - priority: - description: Priority priority given for ip pool while ip allocation - on a service. - type: integer - serviceSelectors: - description: ServiceSelectors list of label selector to select - service(s) for which ip pool can be used for ip allocation. - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - type: object - required: - - addresses - type: object - status: - description: IPAddressPoolStatus defines the observed state of IPAddressPool. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + peerASN: + description: AS number to expect from the remote end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: Address to dial when establishing the session. + type: string + peerPort: + default: 179 + description: Port to dial when establishing the session. + maximum: 16384 + minimum: 0 + type: integer + routerID: + description: BGP router ID to advertise to the peer + type: string + sourceAddress: + description: Source address to use when establishing the session. + type: string + vrf: + description: To set if we want to peer with the BGPPeer using an interface belonging to a host vrf + type: string + required: + - myASN + - peerASN + - peerAddress + type: object + status: + description: BGPPeerStatus defines the observed state of Peer. + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - name: l2advertisements.metallb.io -spec: - group: metallb.io - names: - kind: L2Advertisement - listKind: L2AdvertisementList - plural: l2advertisements - singular: l2advertisement - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: L2Advertisement allows to advertise the LoadBalancer IPs provided - by the selected pools via L2. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: L2AdvertisementSpec defines the desired state of L2Advertisement. - properties: - interfaces: - description: A list of interfaces to announce from. The LB IP will - be announced only from these interfaces. If the field is not set, - we advertise from all the interfaces on the host. - items: - type: string - type: array - ipAddressPoolSelectors: - description: A selector for the IPAddressPools which would get advertised - via this advertisement. If no IPAddressPool is selected by this - or by the list, the advertisement is applied to all the IPAddressPools. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: array - ipAddressPools: - description: The list of IPAddressPools to advertise via this advertisement, - selected by name. - items: - type: string - type: array - nodeSelectors: - description: NodeSelectors allows to limit the nodes to announce as - next hops for the LoadBalancer IP. When empty, all the nodes having are - announced as next hops. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: array - type: object - status: - description: L2AdvertisementStatus defines the observed state of L2Advertisement. - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: communities.metallb.io spec: @@ -1183,51 +530,322 @@ spec: singular: community scope: Namespaced versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: Community is a collection of aliases for communities. Users can - define named aliases to be used in the BGPPeer CRD. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CommunitySpec defines the desired state of Community. - properties: - communities: - items: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Community is a collection of aliases for communities. Users can define named aliases to be used in the BGPPeer CRD. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CommunitySpec defines the desired state of Community. + properties: + communities: + items: + properties: + name: + description: The name of the alias for the community. + type: string + value: + description: The BGP community value corresponding to the given name. Can be a standard community of the form 1234:1234 or a large community of the form large:1234:1234:1234. + type: string + type: object + type: array + type: object + status: + description: CommunityStatus defines the observed state of Community. + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: ipaddresspools.metallb.io +spec: + group: metallb.io + names: + kind: IPAddressPool + listKind: IPAddressPoolList + plural: ipaddresspools + singular: ipaddresspool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.autoAssign + name: Auto Assign + type: boolean + - jsonPath: .spec.avoidBuggyIPs + name: Avoid Buggy IPs + type: boolean + - jsonPath: .spec.addresses + name: Addresses + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: IPAddressPool represents a pool of IP addresses that can be allocated to LoadBalancer services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressPoolSpec defines the desired state of IPAddressPool. + properties: + addresses: + description: A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool, they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. + items: + type: string + type: array + autoAssign: + default: true + description: AutoAssign flag used to prevent MetallB from automatic allocation for a pool. + type: boolean + avoidBuggyIPs: + default: false + description: AvoidBuggyIPs prevents addresses ending with .0 and .255 to be used by a pool. + type: boolean + serviceAllocation: + description: AllocateTo makes ip pool allocation to specific namespace and/or service. The controller will use the pool with lowest value of priority in case of multiple matches. A pool with no priority set will be used only if the pools with priority can't be used. If multiple matching IPAddressPools are available it will check for the availability of IPs sorting the matching IPAddressPools by priority, starting from the highest to the lowest. If multiple IPAddressPools have the same priority, choice will be random. properties: - name: - description: The name of the alias for the community. - type: string - value: - description: The BGP community value corresponding to the given - name. - type: string + namespaceSelectors: + description: NamespaceSelectors list of label selectors to select namespace(s) for ip pool, an alternative to using namespace list. + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + namespaces: + description: Namespaces list of namespace(s) on which ip pool can be attached. + items: + type: string + type: array + priority: + description: Priority priority given for ip pool while ip allocation on a service. + type: integer + serviceSelectors: + description: ServiceSelectors list of label selector to select service(s) for which ip pool can be used for ip allocation. + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array type: object - type: array - type: object - status: - description: CommunityStatus defines the observed state of Community. - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + required: + - addresses + type: object + status: + description: IPAddressPoolStatus defines the observed state of IPAddressPool. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: l2advertisements.metallb.io +spec: + group: metallb.io + names: + kind: L2Advertisement + listKind: L2AdvertisementList + plural: l2advertisements + singular: l2advertisement + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.ipAddressPools + name: IPAddressPools + type: string + - jsonPath: .spec.ipAddressPoolSelectors + name: IPAddressPool Selectors + type: string + - jsonPath: .spec.interfaces + name: Interfaces + type: string + - jsonPath: .spec.nodeSelectors + name: Node Selectors + priority: 10 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: L2Advertisement allows to advertise the LoadBalancer IPs provided by the selected pools via L2. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: L2AdvertisementSpec defines the desired state of L2Advertisement. + properties: + interfaces: + description: A list of interfaces to announce from. The LB IP will be announced only from these interfaces. If the field is not set, we advertise from all the interfaces on the host. + items: + type: string + type: array + ipAddressPoolSelectors: + description: A selector for the IPAddressPools which would get advertised via this advertisement. If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + ipAddressPools: + description: The list of IPAddressPools to advertise via this advertisement, selected by name. + items: + type: string + type: array + nodeSelectors: + description: NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + type: object + status: + description: L2AdvertisementStatus defines the observed state of L2Advertisement. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/.helmignore b/charts/metallb/metallb/charts/frr-k8s/.helmignore similarity index 95% rename from charts/kubecost/cost-analyzer/charts/prometheus/.helmignore rename to charts/metallb/metallb/charts/frr-k8s/.helmignore index 825c00779..0e8a0eb36 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/.helmignore +++ b/charts/metallb/metallb/charts/frr-k8s/.helmignore @@ -14,10 +14,10 @@ *.swp *.bak *.tmp +*.orig *~ # Various IDEs .project .idea/ *.tmproj - -OWNERS +.vscode/ diff --git a/charts/metallb/metallb/charts/frr-k8s/Chart.lock b/charts/metallb/metallb/charts/frr-k8s/Chart.lock new file mode 100644 index 000000000..882f5945b --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: crds + repository: "" + version: 0.0.8 +digest: sha256:7efb8664deb296dbc6bc1311922b9b9203ec7c7611a07c7014e4aa92320f947b +generated: "2024-01-24T09:35:01.567823358+01:00" diff --git a/charts/metallb/metallb/charts/frr-k8s/Chart.yaml b/charts/metallb/metallb/charts/frr-k8s/Chart.yaml new file mode 100644 index 000000000..0b2e8693d --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +appVersion: v0.0.8 +dependencies: +- condition: crds.enabled + name: crds + repository: "" + version: 0.0.8 +description: A cloud native wrapper of FRR +home: https://metallb.universe.tf +icon: https://metallb.universe.tf/images/logo/metallb-white.png +kubeVersion: '>= 1.19.0-0' +name: frr-k8s +sources: +- https://github.com/metallb/frr-k8s +type: application +version: 0.0.8 diff --git a/charts/metallb/metallb/charts/frr-k8s/README.md b/charts/metallb/metallb/charts/frr-k8s/README.md new file mode 100644 index 000000000..fe4018830 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/README.md @@ -0,0 +1,96 @@ +# frr-k8s + +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.8](https://img.shields.io/badge/AppVersion-v0.0.8-informational?style=flat-square) + +A cloud native wrapper of FRR + +**Homepage:** + +## Source Code + +* + +## Requirements + +Kubernetes: `>= 1.19.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| | crds | 0.0.8 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| crds.enabled | bool | `true` | | +| crds.validationFailurePolicy | string | `"Fail"` | | +| frrk8s.affinity | object | `{}` | | +| frrk8s.alwaysBlock | string | `""` | | +| frrk8s.disableCertRotation | bool | `false` | | +| frrk8s.frr.image.pullPolicy | string | `nil` | | +| frrk8s.frr.image.repository | string | `"quay.io/frrouting/frr"` | | +| frrk8s.frr.image.tag | string | `"8.4.2"` | | +| frrk8s.frr.metricsBindAddress | string | `"127.0.0.1"` | | +| frrk8s.frr.metricsPort | int | `7573` | | +| frrk8s.frr.resources | object | `{}` | | +| frrk8s.frr.secureMetricsPort | int | `9141` | | +| frrk8s.frrMetrics.resources | object | `{}` | | +| frrk8s.healthPort | int | `8081` | | +| frrk8s.image.pullPolicy | string | `nil` | | +| frrk8s.image.repository | string | `"quay.io/metallb/frr-k8s"` | | +| frrk8s.image.tag | string | `nil` | | +| frrk8s.labels.app | string | `"frr-k8s"` | | +| frrk8s.livenessProbe.enabled | bool | `true` | | +| frrk8s.livenessProbe.failureThreshold | int | `3` | | +| frrk8s.livenessProbe.initialDelaySeconds | int | `10` | | +| frrk8s.livenessProbe.periodSeconds | int | `10` | | +| frrk8s.livenessProbe.successThreshold | int | `1` | | +| frrk8s.livenessProbe.timeoutSeconds | int | `1` | | +| frrk8s.logLevel | string | `"info"` | Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` | +| frrk8s.nodeSelector | object | `{}` | | +| frrk8s.podAnnotations | object | `{}` | | +| frrk8s.priorityClassName | string | `""` | | +| frrk8s.readinessProbe.enabled | bool | `true` | | +| frrk8s.readinessProbe.failureThreshold | int | `3` | | +| frrk8s.readinessProbe.initialDelaySeconds | int | `10` | | +| frrk8s.readinessProbe.periodSeconds | int | `10` | | +| frrk8s.readinessProbe.successThreshold | int | `1` | | +| frrk8s.readinessProbe.timeoutSeconds | int | `1` | | +| frrk8s.reloader.resources | object | `{}` | | +| frrk8s.resources | object | `{}` | | +| frrk8s.restartOnRotatorSecretRefresh | bool | `false` | | +| frrk8s.runtimeClassName | string | `""` | | +| frrk8s.serviceAccount.annotations | object | `{}` | | +| frrk8s.serviceAccount.create | bool | `true` | | +| frrk8s.serviceAccount.name | string | `""` | | +| frrk8s.startupProbe.enabled | bool | `true` | | +| frrk8s.startupProbe.failureThreshold | int | `30` | | +| frrk8s.startupProbe.periodSeconds | int | `5` | | +| frrk8s.tolerateMaster | bool | `true` | | +| frrk8s.tolerations | list | `[]` | | +| frrk8s.updateStrategy.type | string | `"RollingUpdate"` | | +| fullnameOverride | string | `""` | | +| nameOverride | string | `""` | | +| prometheus.metricsBindAddress | string | `"127.0.0.1"` | | +| prometheus.metricsPort | int | `7572` | | +| prometheus.metricsTLSSecret | string | `""` | | +| prometheus.namespace | string | `""` | | +| prometheus.rbacPrometheus | bool | `false` | | +| prometheus.rbacProxy.pullPolicy | string | `nil` | | +| prometheus.rbacProxy.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | +| prometheus.rbacProxy.tag | string | `"v0.12.0"` | | +| prometheus.scrapeAnnotations | bool | `false` | | +| prometheus.secureMetricsPort | int | `9140` | | +| prometheus.serviceAccount | string | `""` | | +| prometheus.serviceMonitor.additionalLabels | object | `{}` | | +| prometheus.serviceMonitor.annotations | object | `{}` | | +| prometheus.serviceMonitor.enabled | bool | `false` | | +| prometheus.serviceMonitor.interval | string | `nil` | | +| prometheus.serviceMonitor.jobLabel | string | `"app.kubernetes.io/name"` | | +| prometheus.serviceMonitor.metricRelabelings | list | `[]` | | +| prometheus.serviceMonitor.relabelings | list | `[]` | | +| prometheus.serviceMonitor.tlsConfig.insecureSkipVerify | bool | `true` | | +| rbac.create | bool | `true` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/.helmignore b/charts/metallb/metallb/charts/frr-k8s/charts/crds/.helmignore similarity index 95% rename from charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/.helmignore rename to charts/metallb/metallb/charts/frr-k8s/charts/crds/.helmignore index f0c131944..0e8a0eb36 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/.helmignore +++ b/charts/metallb/metallb/charts/frr-k8s/charts/crds/.helmignore @@ -14,8 +14,10 @@ *.swp *.bak *.tmp +*.orig *~ # Various IDEs .project .idea/ *.tmproj +.vscode/ diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/Chart.yaml b/charts/metallb/metallb/charts/frr-k8s/charts/crds/Chart.yaml new file mode 100644 index 000000000..5b71b0509 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/charts/crds/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: v0.0.8 +description: FRR K8s CRDs +home: https://metallb.universe.tf +icon: https://metallb.universe.tf/images/logo/metallb-white.png +name: crds +sources: +- https://github.com/metallb/frr-k8s +type: application +version: 0.0.8 diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/README.md b/charts/metallb/metallb/charts/frr-k8s/charts/crds/README.md new file mode 100644 index 000000000..65e636c6d --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/charts/crds/README.md @@ -0,0 +1,14 @@ +# crds + +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) + +FRR-K8s CRDs + +**Homepage:** + +## Source Code + +* + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml b/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml new file mode 100644 index 000000000..18c70f3e6 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml @@ -0,0 +1,404 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: frrconfigurations.frrk8s.metallb.io +spec: + group: frrk8s.metallb.io + names: + kind: FRRConfiguration + listKind: FRRConfigurationList + plural: frrconfigurations + singular: frrconfiguration + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: FRRConfiguration is a piece of FRR configuration. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FRRConfigurationSpec defines the desired state of FRRConfiguration. + properties: + bgp: + description: BGP is the configuration related to the BGP protocol. + properties: + bfdProfiles: + description: BFDProfiles is the list of bfd profiles to be used + when configuring the neighbors. + items: + description: BFDProfile is the configuration related to the + BFD protocol associated to a BGP session. + properties: + detectMultiplier: + description: Configures the detection multiplier to determine + packet loss. The remote transmission interval will be + multiplied by this value to determine the connection loss + detection timer. + format: int32 + maximum: 255 + minimum: 2 + type: integer + echoInterval: + description: Configures the minimal echo receive transmission + interval that this system is capable of handling in milliseconds. + Defaults to 50ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + echoMode: + description: Enables or disables the echo transmission mode. + This mode is disabled by default, and not supported on + multi hops setups. + type: boolean + minimumTtl: + description: 'For multi hop sessions only: configure the + minimum expected TTL for an incoming BFD control packet.' + format: int32 + maximum: 254 + minimum: 1 + type: integer + name: + description: The name of the BFD Profile to be referenced + in other parts of the configuration. + type: string + passiveMode: + description: 'Mark session as passive: a passive session + will not attempt to start the connection and will wait + for control packets from peer before it begins replying.' + type: boolean + receiveInterval: + description: The minimum interval that this system is capable + of receiving control packets in milliseconds. Defaults + to 300ms. + format: int32 + maximum: 60000 + minimum: 10 + type: integer + transmitInterval: + description: The minimum transmission interval (less jitter) + that this system wants to use to send BFD control packets + in milliseconds. Defaults to 300ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + required: + - name + type: object + type: array + routers: + description: Routers is the list of routers we want FRR to configure + (one per VRF). + items: + description: Router represent a neighbor router we want FRR + to connect to. + properties: + asn: + description: ASN is the AS number to use for the local end + of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + id: + description: ID is the BGP router ID + type: string + neighbors: + description: Neighbors is the list of neighbors we want + to establish BGP sessions with. + items: + description: Neighbor represents a BGP Neighbor we want + FRR to connect to. + properties: + address: + description: Address is the IP address to establish + the session with. + type: string + asn: + description: ASN is the AS number to use for the local + end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + bfdProfile: + description: BFDProfile is the name of the BFD Profile + to be used for the BFD session associated to the + BGP session. If not set, the BFD session won't be + set up. + type: string + ebgpMultiHop: + description: EBGPMultiHop indicates if the BGPPeer + is multi-hops away. + type: boolean + holdTime: + description: HoldTime is the requested BGP hold time, + per RFC4271. Defaults to 180s. + type: string + keepaliveTime: + description: KeepaliveTime is the requested BGP keepalive + time, per RFC4271. Defaults to 60s. + type: string + password: + description: Password to be used for establishing + the BGP session. Password and PasswordSecret are + mutually exclusive. + type: string + passwordSecret: + description: PasswordSecret is name of the authentication + secret for the neighbor. the secret must be of type + "kubernetes.io/basic-auth", and created in the same + namespace as the frr-k8s daemon. The password is + stored in the secret as the key "password". Password + and PasswordSecret are mutually exclusive. + properties: + name: + description: name is unique within a namespace + to reference a secret resource. + type: string + namespace: + description: namespace defines the space within + which the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + port: + description: Port is the port to dial when establishing + the session. Defaults to 179. + maximum: 16384 + minimum: 0 + type: integer + toAdvertise: + description: ToAdvertise represents the list of prefixes + to advertise to the given neighbor and the associated + properties. + properties: + allowed: + description: Allowed is is the list of prefixes + allowed to be propagated to this neighbor. They + must match the prefixes defined in the router. + properties: + mode: + default: filtered + description: Mode is the mode to use when + handling the prefixes. When set to "filtered", + only the prefixes in the given list will + be allowed. When set to "all", all the prefixes + configured on the router will be allowed. + enum: + - all + - filtered + type: string + prefixes: + items: + type: string + type: array + type: object + withCommunity: + description: PrefixesWithCommunity is a list of + prefixes that are associated to a bgp community + when being advertised. The prefixes associated + to a given local pref must be in the prefixes + allowed to be advertised. + items: + description: CommunityPrefixes is a list of + prefixes associated to a community. + properties: + community: + description: Community is the community + associated to the prefixes. + type: string + prefixes: + description: Prefixes is the list of prefixes + associated to the community. + format: cidr + items: + type: string + minItems: 1 + type: array + type: object + type: array + withLocalPref: + description: PrefixesWithLocalPref is a list of + prefixes that are associated to a local preference + when being advertised. The prefixes associated + to a given local pref must be in the prefixes + allowed to be advertised. + items: + description: LocalPrefPrefixes is a list of + prefixes associated to a local preference. + properties: + localPref: + description: LocalPref is the local preference + associated to the prefixes. + format: int32 + type: integer + prefixes: + description: Prefixes is the list of prefixes + associated to the local preference. + format: cidr + items: + type: string + minItems: 1 + type: array + type: object + type: array + type: object + toReceive: + description: ToReceive represents the list of prefixes + to receive from the given neighbor. + properties: + allowed: + description: Allowed is the list of prefixes allowed + to be received from this neighbor. + properties: + mode: + default: filtered + description: Mode is the mode to use when + handling the prefixes. When set to "filtered", + only the prefixes in the given list will + be allowed. When set to "all", all the prefixes + configured on the router will be allowed. + enum: + - all + - filtered + type: string + prefixes: + items: + description: PrefixSelector is a filter + of prefixes to receive. + properties: + ge: + description: The prefix length modifier. + This selector accepts any matching + prefix with length greater or equal + the given value. + format: int32 + maximum: 128 + minimum: 1 + type: integer + le: + description: The prefix length modifier. + This selector accepts any matching + prefix with length less or equal the + given value. + format: int32 + maximum: 128 + minimum: 1 + type: integer + prefix: + format: cidr + type: string + type: object + type: array + type: object + type: object + required: + - address + - asn + type: object + type: array + prefixes: + description: Prefixes is the list of prefixes we want to + advertise from this router instance. + items: + type: string + type: array + vrf: + description: VRF is the host vrf used to establish sessions + from this router. + type: string + required: + - asn + type: object + type: array + type: object + nodeSelector: + description: NodeSelector limits the nodes that will attempt to apply + this config. When specified, the configuration will be considered + only on nodes whose labels match the specified selectors. When it + is not specified all nodes will attempt to apply this config. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + raw: + description: Raw is a snippet of raw frr configuration that gets appended + to the one rendered translating the type safe API. + properties: + priority: + description: Priority is the order with this configuration is + appended to the bottom of the rendered configuration. A higher + value means the raw config is appended later in the configuration + file. + type: integer + rawConfig: + description: Config is a raw FRR configuration to be appended + to the configuration rendered via the k8s api. + type: string + type: object + type: object + status: + description: FRRConfigurationStatus defines the observed state of FRRConfiguration. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml b/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml new file mode 100644 index 000000000..b0d25c30d --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml @@ -0,0 +1,61 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: frrnodestates.frrk8s.metallb.io +spec: + group: frrk8s.metallb.io + names: + kind: FRRNodeState + listKind: FRRNodeStateList + plural: frrnodestates + singular: frrnodestate + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: FRRNodeState exposes the status of the FRR instance running on + each node. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FRRNodeStateSpec defines the desired state of FRRNodeState. + type: object + status: + description: FRRNodeStateStatus defines the observed state of FRRNodeState. + properties: + lastConversionResult: + description: LastConversionResult is the status of the last translation + between the `FRRConfiguration`s resources and FRR's configuration, + contains "success" or an error. + type: string + lastReloadResult: + description: LastReloadResult represents the status of the last configuration + update operation by FRR, contains "success" or an error. + type: string + runningConfig: + description: RunningConfig represents the current FRR running config, + which is the configuration the FRR instance is currently running + with. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/NOTES.txt b/charts/metallb/metallb/charts/frr-k8s/templates/NOTES.txt new file mode 100644 index 000000000..5b5b84a17 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/templates/NOTES.txt @@ -0,0 +1,4 @@ +FRR-k8s is now running in the cluster. + +Now you can configure it via its CRs. Please refer to the frr-k8s official docs +on how to use the CRs. diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/_helpers.tpl b/charts/metallb/metallb/charts/frr-k8s/templates/_helpers.tpl new file mode 100644 index 000000000..4e35f6fc6 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "frrk8s.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "frrk8s.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "frrk8s.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "frrk8s.labels" -}} +helm.sh/chart: {{ include "frrk8s.chart" . }} +{{ include "frrk8s.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "frrk8s.selectorLabels" -}} +app.kubernetes.io/name: {{ include "frrk8s.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the frrk8s service account to use +*/}} +{{- define "frrk8s.serviceAccountName" -}} +{{- if .Values.frrk8s.serviceAccount.create }} +{{- default (printf "%s-controller" (include "frrk8s.fullname" .)) .Values.frrk8s.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.frrk8s.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/controller.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/controller.yaml new file mode 100644 index 000000000..2d955da70 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/templates/controller.yaml @@ -0,0 +1,429 @@ +# FRR expects to have these files owned by frr:frr on startup. +# Having them in a ConfigMap allows us to modify behaviors: for example enabling more daemons on startup. +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "frrk8s.fullname" . }}-frr-startup + labels: + {{- include "frrk8s.labels" . | nindent 4 }} + app.kubernetes.io/component: frr-k8s +data: + daemons: | + # This file tells the frr package which daemons to start. + # + # Sample configurations for these daemons can be found in + # /usr/share/doc/frr/examples/. + # + # ATTENTION: + # + # When activating a daemon for the first time, a config file, even if it is + # empty, has to be present *and* be owned by the user and group "frr", else + # the daemon will not be started by /etc/init.d/frr. The permissions should + # be u=rw,g=r,o=. + # When using "vtysh" such a config file is also needed. It should be owned by + # group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. + # + # The watchfrr and zebra daemons are always started. + # + bgpd=yes + ospfd=no + ospf6d=no + ripd=no + ripngd=no + isisd=no + pimd=no + ldpd=no + nhrpd=no + eigrpd=no + babeld=no + sharpd=no + pbrd=no + bfdd=yes + fabricd=no + vrrpd=no + + # + # If this option is set the /etc/init.d/frr script automatically loads + # the config via "vtysh -b" when the servers are started. + # Check /etc/pam.d/frr if you intend to use "vtysh"! + # + vtysh_enable=yes + zebra_options=" -A 127.0.0.1 -s 90000000" + bgpd_options=" -A 127.0.0.1 -p 0" + ospfd_options=" -A 127.0.0.1" + ospf6d_options=" -A ::1" + ripd_options=" -A 127.0.0.1" + ripngd_options=" -A ::1" + isisd_options=" -A 127.0.0.1" + pimd_options=" -A 127.0.0.1" + ldpd_options=" -A 127.0.0.1" + nhrpd_options=" -A 127.0.0.1" + eigrpd_options=" -A 127.0.0.1" + babeld_options=" -A 127.0.0.1" + sharpd_options=" -A 127.0.0.1" + pbrd_options=" -A 127.0.0.1" + staticd_options="-A 127.0.0.1" + bfdd_options=" -A 127.0.0.1" + fabricd_options="-A 127.0.0.1" + vrrpd_options=" -A 127.0.0.1" + + # configuration profile + # + #frr_profile="traditional" + #frr_profile="datacenter" + + # + # This is the maximum number of FD's that will be available. + # Upon startup this is read by the control files and ulimit + # is called. Uncomment and use a reasonable value for your + # setup if you are expecting a large number of peers in + # say BGP. + #MAX_FDS=1024 + + # The list of daemons to watch is automatically generated by the init script. + #watchfrr_options="" + + # for debugging purposes, you can specify a "wrap" command to start instead + # of starting the daemon directly, e.g. to use valgrind on ospfd: + # ospfd_wrap="/usr/bin/valgrind" + # or you can use "all_wrap" for all daemons, e.g. to use perf record: + # all_wrap="/usr/bin/perf record --call-graph -" + # the normal daemon command is added to this at the end. + vtysh.conf: |+ + service integrated-vtysh-config + frr.conf: |+ + ! This file gets overriden the first time the speaker renders a config. + ! So anything configured here is only temporary. + frr version 7.5.1 + frr defaults traditional + hostname Router + line vty + log file /etc/frr/frr.log informational +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "frrk8s.fullname" . }} + labels: + {{- include "frrk8s.labels" . | nindent 4 }} + app.kubernetes.io/component: frr-k8s + {{- range $key, $value := .Values.frrk8s.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if .Values.frrk8s.updateStrategy }} + updateStrategy: {{- toYaml .Values.frrk8s.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "frrk8s.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: frr-k8s + template: + metadata: + labels: + {{- include "frrk8s.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: frr-k8s + {{- range $key, $value := .Values.frrk8s.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.frrk8s.runtimeClassName }} + runtimeClassName: {{ .Values.frrk8s.runtimeClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "frrk8s.serviceAccountName" . }} + terminationGracePeriodSeconds: 0 + hostNetwork: true + volumes: + - name: frr-sockets + emptyDir: {} + - name: frr-startup + configMap: + name: {{ template "frrk8s.fullname" . }}-frr-startup + - name: frr-conf + emptyDir: {} + - name: reloader + emptyDir: {} + - name: metrics + emptyDir: {} + {{- if .Values.prometheus.metricsTLSSecret }} + - name: metrics-certs + secret: + secretName: {{ .Values.prometheus.metricsTLSSecret }} + {{- end }} + initContainers: + # Copies the initial config files with the right permissions to the shared volume. + - name: cp-frr-files + image: {{ .Values.frrk8s.frr.image.repository }}:{{ .Values.frrk8s.frr.image.tag | default .Chart.AppVersion }} + securityContext: + runAsUser: 100 + runAsGroup: 101 + command: ["/bin/sh", "-c", "cp -rLf /tmp/frr/* /etc/frr/"] + volumeMounts: + - name: frr-startup + mountPath: /tmp/frr + - name: frr-conf + mountPath: /etc/frr + # Copies the reloader to the shared volume between the speaker and reloader. + - name: cp-reloader + image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }} + command: ["/bin/sh", "-c", "cp -f /frr-reloader.sh /etc/frr_reloader/"] + volumeMounts: + - name: reloader + mountPath: /etc/frr_reloader + # Copies the metrics exporter + - name: cp-metrics + image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }} + command: ["/bin/sh", "-c", "cp -f /frr-metrics /etc/frr_metrics/"] + volumeMounts: + - name: metrics + mountPath: /etc/frr_metrics + shareProcessNamespace: true + containers: + - name: controller + image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }} + {{- if .Values.frrk8s.image.pullPolicy }} + imagePullPolicy: {{ .Values.frrk8s.image.pullPolicy }} + {{- end }} + command: + - /frr-k8s + args: + - "--node-name=$(NODE_NAME)" + - "--namespace=$(NAMESPACE)" + - "--metrics-bind-address={{.Values.prometheus.metricsBindAddress}}:{{ .Values.prometheus.metricsPort }}" + {{- with .Values.frrk8s.logLevel }} + - --log-level={{ . }} + {{- end }} + - --health-probe-bind-address={{.Values.prometheus.metricsBindAddress}}:{{ .Values.frrk8s.healthPort }} + {{- if .Values.frrk8s.alwaysBlock }} + - --always-block={{ .Values.frrk8s.alwaysBlock }} + {{- end }} + env: + - name: FRR_CONFIG_FILE + value: /etc/frr_reloader/frr.conf + - name: FRR_RELOADER_PID_FILE + value: /etc/frr_reloader/reloader.pid + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - containerPort: {{ .Values.prometheus.metricsPort }} + name: monitoring + {{- if .Values.frrk8s.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.frrk8s.healthPort }} + host: {{ .Values.prometheus.metricsBindAddress }} + initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.frrk8s.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.frrk8s.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.frrk8s.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.frrk8s.healthPort }} + host: {{ .Values.prometheus.metricsBindAddress }} + initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.frrk8s.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.frrk8s.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.frrk8s.readinessProbe.failureThreshold }} + {{- end }} + {{- with .Values.frrk8s.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + add: + - NET_RAW + volumeMounts: + - name: reloader + mountPath: /etc/frr_reloader + - name: frr + securityContext: + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + - NET_BIND_SERVICE + image: {{ .Values.frrk8s.frr.image.repository }}:{{ .Values.frrk8s.frr.image.tag | default .Chart.AppVersion }} + {{- if .Values.frrk8s.frr.image.pullPolicy }} + imagePullPolicy: {{ .Values.frrk8s.frr.image.pullPolicy }} + {{- end }} + env: + - name: TINI_SUBREAPER + value: "true" + volumeMounts: + - name: frr-sockets + mountPath: /var/run/frr + - name: frr-conf + mountPath: /etc/frr + # The command is FRR's default entrypoint & waiting for the log file to appear and tailing it. + # If the log file isn't created in 60 seconds the tail fails and the container is restarted. + # This workaround is needed to have the frr logs as part of kubectl logs -c frr < controller_pod_name >. + command: + - /bin/sh + - -c + - | + /sbin/tini -- /usr/lib/frr/docker-start & + attempts=0 + until [[ -f /etc/frr/frr.log || $attempts -eq 60 ]]; do + sleep 1 + attempts=$(( $attempts + 1 )) + done + tail -f /etc/frr/frr.log + {{- with .Values.frrk8s.frr.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.frrk8s.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /livez + port: {{ .Values.frrk8s.frr.metricsPort }} + host: {{ .Values.frrk8s.frr.metricsBindAddress }} + periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.frrk8s.startupProbe.enabled }} + startupProbe: + httpGet: + path: /livez + port: {{ .Values.frrk8s.frr.metricsPort }} + host: {{ .Values.frrk8s.frr.metricsBindAddress }} + failureThreshold: {{ .Values.frrk8s.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.frrk8s.startupProbe.periodSeconds }} + {{- end }} + - name: reloader + image: {{ .Values.frrk8s.frr.image.repository }}:{{ .Values.frrk8s.frr.image.tag | default .Chart.AppVersion }} + {{- if .Values.frrk8s.frr.image.pullPolicy }} + imagePullPolicy: {{ .Values.frrk8s.frr.image.pullPolicy }} + {{- end }} + command: ["/etc/frr_reloader/frr-reloader.sh"] + volumeMounts: + - name: frr-sockets + mountPath: /var/run/frr + - name: frr-conf + mountPath: /etc/frr + - name: reloader + mountPath: /etc/frr_reloader + {{- with .Values.frrk8s.reloader.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + - name: frr-metrics + image: {{ .Values.frrk8s.frr.image.repository }}:{{ .Values.frrk8s.frr.image.tag | default .Chart.AppVersion }} + command: ["/etc/frr_metrics/frr-metrics"] + args: + - --metrics-port={{ .Values.frrk8s.frr.metricsPort }} + - --metrics-bind-address={{ .Values.frrk8s.frr.metricsBindAddress }} + ports: + - containerPort: {{ .Values.frrk8s.frr.metricsPort }} + name: monitoring + volumeMounts: + - name: frr-sockets + mountPath: /var/run/frr + - name: frr-conf + mountPath: /etc/frr + - name: metrics + mountPath: /etc/frr_metrics + {{- with .Values.frrk8s.frrMetrics.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + - name: kube-rbac-proxy + image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }} + imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} + args: + - --logtostderr + - --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }} + - --upstream=http://{{.Values.prometheus.metricsBindAddress}}:{{ .Values.prometheus.metricsPort }}/ + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + {{- if .Values.prometheus.metricsTLSSecret }} + - --tls-private-key-file=/etc/metrics/tls.key + - --tls-cert-file=/etc/metrics/tls.crt + {{- end }} + ports: + - containerPort: {{ .Values.prometheus.secureMetricsPort }} + name: metricshttps + resources: + requests: + cpu: 10m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError + {{- if .Values.prometheus.metricsTLSSecret }} + volumeMounts: + - name: metrics-certs + mountPath: /etc/metrics + readOnly: true + {{- end }} + - name: kube-rbac-proxy-frr + image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} + args: + - --logtostderr + - --secure-listen-address=:{{ .Values.frrk8s.frr.secureMetricsPort }} + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + - --upstream=http://{{ .Values.frrk8s.frr.metricsBindAddress }}:{{ .Values.frrk8s.frr.metricsPort }}/ + {{- if .Values.prometheus.metricsTLSSecret }} + - --tls-private-key-file=/etc/metrics/tls.key + - --tls-cert-file=/etc/metrics/tls.crt + {{- end }} + ports: + - containerPort: {{ .Values.frrk8s.frr.secureMetricsPort }} + name: metricshttps + resources: + requests: + cpu: 10m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError + {{- if .Values.prometheus.metricsTLSSecret }} + volumeMounts: + - name: metrics-certs + mountPath: /etc/metrics + readOnly: true + {{- end }} + nodeSelector: + "kubernetes.io/os": linux + {{- with .Values.frrk8s.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.frrk8s.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.frrk8s.tolerateMaster .Values.frrk8s.tolerations }} + tolerations: + {{- if .Values.frrk8s.tolerateMaster }} + - key: node-role.kubernetes.io/master + effect: NoSchedule + operator: Exists + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + operator: Exists + {{- end }} + {{- with .Values.frrk8s.tolerations }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- with .Values.frrk8s.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/rbac.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/rbac.yaml new file mode 100644 index 000000000..20460142d --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/templates/rbac.yaml @@ -0,0 +1,72 @@ +{{- if .Values.rbac.create -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "frrk8s.fullname" . }}-controller + labels: {{- include "frrk8s.labels" . | nindent 4 }} +rules: +- apiGroups: ["frrk8s.metallb.io"] + resources: ["frrconfigurations"] + verbs: ["get", "list", "watch"] +- apiGroups: ["frrk8s.metallb.io"] + resources: ["frrnodestates"] + verbs: ["get", "list", "watch", "create", "delete", "patch", "update"] +- apiGroups: ["frrk8s.metallb.io"] + resources: ["frrnodestates/status"] + verbs: ["get", "patch", "update"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch"] +- apiGroups: ["admissionregistration.k8s.io"] + resourceNames: ["frr-k8s-validating-webhook-configuration"] + resources: ["validatingwebhookconfigurations"] + verbs: ["update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "frrk8s.fullname" . }}-controller + labels: {{- include "frrk8s.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "frrk8s.fullname" . }}-controller +subjects: +- kind: ServiceAccount + name: {{ include "frrk8s.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "frrk8s.fullname" . }}-controller + labels: {{- include "frrk8s.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch","update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "frrk8s.fullname" . }}-controller + namespace: {{ .Release.Namespace }} + labels: {{- include "frrk8s.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "frrk8s.fullname" . }}-controller +subjects: +- kind: ServiceAccount + name: {{ include "frrk8s.serviceAccountName" . }} +{{ end -}} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/service-accounts.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/service-accounts.yaml new file mode 100644 index 000000000..9fb46d156 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/templates/service-accounts.yaml @@ -0,0 +1,15 @@ +{{- if .Values.frrk8s.serviceAccount.create }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "frrk8s.serviceAccountName" . }} + labels: + {{- include "frrk8s.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.frrk8s.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/service-monitor.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/service-monitor.yaml new file mode 100644 index 000000000..c6f91304e --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/templates/service-monitor.yaml @@ -0,0 +1,128 @@ +{{- if .Values.prometheus.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "frrk8s.fullname" . }}-frr-k8s-monitor + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "frrk8s.labels" . | nindent 4 }} + app.kubernetes.io/component: frr-k8s + {{- if .Values.prometheus.serviceMonitor.additionalLabels }} +{{ toYaml .Values.prometheus.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.annotations }} + annotations: +{{ toYaml .Values.prometheus.serviceMonitor.annotations | indent 4 }} + {{- end }} +spec: + endpoints: + - port: "metricshttps" + honorLabels: true + {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end -}} + {{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end -}} +{{ if .Values.prometheus.secureMetricsPort }} + bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" + scheme: "https" +{{- if .Values.prometheus.serviceMonitor.tlsConfig }} + tlsConfig: +{{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | indent 8 }} +{{- end }} +{{ end }} +{{ if .Values.frrk8s.frr.secureMetricsPort }} + - port: "frrmetricshttps" + honorLabels: true + {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end -}} + {{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" + scheme: "https" +{{- if .Values.prometheus.serviceMonitor.tlsConfig }} + tlsConfig: +{{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | indent 8 }} +{{- end }} +{{- end }} + jobLabel: {{ .Values.prometheus.serviceMonitor.jobLabel | quote }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + name: {{ template "frrk8s.fullname" . }}-frr-k8s-monitor-service +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scrape: "true" + {{- if .Values.prometheus.serviceMonitor.annotations }} +{{ toYaml .Values.prometheus.serviceMonitor.annotations | indent 4 }} + {{- end }} + labels: + name: {{ template "frrk8s.fullname" . }}-frr-k8s-monitor-service + name: {{ template "frrk8s.fullname" . }}-frr-k8s-monitor-service + namespace: {{ .Release.Namespace | quote }} +spec: + selector: + {{- include "frrk8s.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: frr-k8s + clusterIP: None + ports: + - name: "metricshttps" + port: {{ .Values.prometheus.secureMetricsPort }} + targetPort: {{ .Values.prometheus.secureMetricsPort }} + - name: frrmetricshttps + port: {{ .Values.frrk8s.frr.secureMetricsPort }} + targetPort: {{ .Values.frrk8s.frr.secureMetricsPort }} + sessionAffinity: None + type: ClusterIP +--- +{{- if .Values.prometheus.rbacPrometheus }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "frrk8s.fullname" . }}-prometheus + namespace: {{ .Release.Namespace | quote }} +rules: + - apiGroups: + - "" + resources: + - pods + - services + - endpoints + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "frrk8s.fullname" . }}-prometheus + namespace: {{ .Release.Namespace | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "frrk8s.fullname" . }}-prometheus +subjects: + - kind: ServiceAccount + name: {{ required ".Values.prometheus.serviceAccount must be defined when .Values.prometheus.serviceMonitor.enabled == true" .Values.prometheus.serviceAccount }} + namespace: {{ required ".Values.prometheus.namespace must be defined when .Values.prometheus.serviceMonitor.enabled == true" .Values.prometheus.namespace }} +{{- end }} +{{- end }} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/webhooks.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/webhooks.yaml new file mode 100644 index 000000000..3fa055bbb --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/templates/webhooks.yaml @@ -0,0 +1,156 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "frrk8s.fullname" . }}-webhook-server + labels: + {{- include "frrk8s.labels" . | nindent 4 }} + app.kubernetes.io/component: frr-k8s-webhook-server + {{- range $key, $value := .Values.frrk8s.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/component: frr-k8s-webhook-server + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: frr-k8s-webhook-server + labels: + app.kubernetes.io/component: frr-k8s-webhook-server + spec: + {{- if .Values.frrk8s.runtimeClassName }} + runtimeClassName: {{ .Values.frrk8s.runtimeClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - command: + - /frr-k8s + args: + {{- with .Values.frrk8s.logLevel }} + - --log-level={{ . }} + {{- end }} + - "--webhook-mode=onlywebhook" + {{- if .Values.frrk8s.disableCertRotation }} + - "--disable-cert-rotation=true" + {{- end }} + {{- if .Values.frrk8s.restartOnRotatorSecretRefresh }} + - "--restart-on-rotator-secret-refresh=true" + {{- end }} + - "--namespace=$(NAMESPACE)" + - --health-probe-bind-address=:8081 + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }} + {{- if .Values.frrk8s.image.pullPolicy }} + imagePullPolicy: {{ .Values.frrk8s.image.pullPolicy }} + {{- end }} + name: frr-k8s-webhook-server + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + {{- if .Values.frrk8s.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.frrk8s.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.frrk8s.readinessProbe.failureThreshold }} + {{- end }} + {{- with .Values.frrk8s.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - name: cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + {{- with .Values.frrk8s.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.frrk8s.tolerateMaster .Values.frrk8s.tolerations }} + tolerations: + {{- if .Values.frrk8s.tolerateMaster }} + - key: node-role.kubernetes.io/master + effect: NoSchedule + operator: Exists + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + operator: Exists + {{- end }} + {{- with .Values.frrk8s.tolerations }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- with .Values.frrk8s.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: frr-k8s-webhook-server-cert + serviceAccountName: {{ template "frrk8s.serviceAccountName" . }} + terminationGracePeriodSeconds: 10 +--- +apiVersion: v1 +kind: Secret +metadata: + name: frr-k8s-webhook-server-cert +--- +apiVersion: v1 +kind: Service +metadata: + name: frr-k8s-webhook-service +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + app.kubernetes.io/component: frr-k8s-webhook-server +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: frr-k8s-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: frr-k8s-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-frrk8s-metallb-io-v1beta1-frrconfiguration + failurePolicy: {{ .Values.crds.validationFailurePolicy }} + name: frrconfigurationsvalidationwebhook.metallb.io + rules: + - apiGroups: + - frrk8s.metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - frrconfigurations + sideEffects: None diff --git a/charts/metallb/metallb/charts/frr-k8s/values.schema.json b/charts/metallb/metallb/charts/frr-k8s/values.schema.json new file mode 100644 index 000000000..cb7b914c7 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/values.schema.json @@ -0,0 +1,387 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "title": "Values", + "type": "object", + "definitions": { + "prometheusAlert": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "enabled" + ] + }, + "probe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "required": [ + "failureThreshold", + "initialDelaySeconds", + "periodSeconds", + "successThreshold", + "timeoutSeconds" + ] + }, + "component": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "logLevel": { + "type": "string", + "enum": [ + "all", + "debug", + "info", + "warn", + "error", + "none" + ] + }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ] + }, + "pullPolicy": { + "anyOf": [ + { + "type": "null" + }, + { + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] + } + ] + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "annotations": { + "type": "object" + } + } + }, + "resources": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "tolerations": { + "type": "array", + "items": { + "type": "object" + } + }, + "priorityClassName": { + "type": "string" + }, + "runtimeClassName": { + "type": "string" + }, + "affinity": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "livenessProbe": { + "$ref": "#/definitions/probe" + }, + "readinessProbe": { + "$ref": "#/definitions/probe" + } + }, + "required": [ + "image", + "serviceAccount" + ] + } + }, + "properties": { + "imagePullSecrets": { + "description": "Secrets used for pulling images", + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "additionalProperties": false + } + }, + "nameOverride": { + "description": "Override chart name", + "type": "string" + }, + "fullNameOverride": { + "description": "Override fully qualified app name", + "type": "string" + }, + "rbac": { + "description": "RBAC configuration", + "type": "object", + "properties": { + "create": { + "description": "Enable RBAC", + "type": "boolean" + } + } + }, + "prometheus": { + "description": "Prometheus monitoring config", + "type": "object", + "properties": { + "scrapeAnnotations": { + "type": "boolean" + }, + "metricsPort": { + "type": "integer" + }, + "secureMetricsPort": { + "type": "integer" + }, + "rbacPrometheus": { + "type": "boolean" + }, + "serviceAccount": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "rbacProxy": { + "description": "kube-rbac-proxy configuration", + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "serviceMonitor": { + "description": "Prometheus Operator ServiceMonitors", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "jobLabel": { + "type": "string" + }, + "interval": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ] + }, + "metricRelabelings": { + "type": "array", + "items": { + "type": "object" + } + }, + "relabelings": { + "type": "array", + "items": { + "type": "object" + } + } + } + } + }, + "frrk8s": { + "allOf": [ + { + "$ref": "#/definitions/component" + }, + { + "description": "FRR-K8s controller", + "type": "object", + "properties": { + "tolerateMaster": { + "type": "boolean" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + }, + "required": [ + "type" + ] + }, + "runtimeClassName": { + "type": "string" + }, + "secretName": { + "type": "string" + }, + "frr": { + "description": "The FRR properties in the controller", + "type": "object", + "properties": { + "image": { + "$ref": "#/definitions/component/properties/image" + }, + "metricsPort": { + "type": "integer" + }, + "secureMetricsPort": { + "type": "integer" + }, + "resources:": { + "type": "object" + } + }, + "required": [ + "enabled" + ] + }, + "command": { + "type": "string" + }, + "reloader": { + "type": "object", + "properties": { + "resources": { + "type": "object" + } + } + }, + "frrMetrics": { + "type": "object", + "properties": { + "resources": { + "type": "object" + } + } + } + }, + "required": [ + "tolerateMaster" + ] + } + ] + }, + "crds": { + "description": "CRD configuration", + "type": "object", + "properties": { + "enabled": { + "description": "Enable CRDs", + "type": "boolean" + }, + "validationFailurePolicy": { + "description": "Failure policy to use with validating webhooks", + "type": "string", + "enum": [ + "Ignore", + "Fail" + ] + } + } + } + }, + "frrk8s": { + "allOf": [ + { + "$ref": "#/definitions/component" + }, + { + "description": "FRRk8s Controller", + "type": "object", + "properties": { + "strategy": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + }, + "required": [ + "type" + ] + }, + "command": { + "type": "string" + }, + "webhookMode": { + "type": "string" + } + } + } + ] + } + }, + "required": [ + "frrk8s" + ] +} \ No newline at end of file diff --git a/charts/metallb/metallb/charts/frr-k8s/values.yaml b/charts/metallb/metallb/charts/frr-k8s/values.yaml new file mode 100644 index 000000000..5addc75f8 --- /dev/null +++ b/charts/metallb/metallb/charts/frr-k8s/values.yaml @@ -0,0 +1,173 @@ +# Default values for frr-k8s. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +nameOverride: "" +fullnameOverride: "" + +rbac: + # create specifies whether to install and use RBAC rules. + create: true + +prometheus: + # scrape annotations specifies whether to add Prometheus metric + # auto-collection annotations to pods. See + # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml + # for a corresponding Prometheus configuration. Alternatively, you + # may want to use the Prometheus Operator + # (https://github.com/coreos/prometheus-operator) for more powerful + # monitoring configuration. If you use the Prometheus operator, this + # can be left at false. + scrapeAnnotations: false + + # bind addr frr-k8s will use for metrics + metricsBindAddress: 127.0.0.1 + + # port frr-k8s will listen on for metrics + metricsPort: 7572 + + # if set, enables rbac proxy on frr-k8s to expose + # the metrics via tls. + secureMetricsPort: 9140 + + # the name of the secret to be mounted in the frr-k8s pod + # to expose the metrics securely. If not present, a self signed + # certificate to be used. + metricsTLSSecret: "" + + # prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one + rbacPrometheus: false + + # the service account used by prometheus + # required when " .Values.prometheus.rbacPrometheus == true " and " prometheus.serviceMonitor.enabled=true " + serviceAccount: "" + + # the namespace where prometheus is deployed + # required when " .Values.prometheus.rbacPrometheus == true " and " prometheus.serviceMonitor.enabled=true " + namespace: "" + + # the image to be used for the kuberbacproxy container + rbacProxy: + repository: gcr.io/kubebuilder/kube-rbac-proxy + tag: v0.12.0 + pullPolicy: + + # Prometheus Operator ServiceMonitors. + serviceMonitor: + # enable support for Prometheus Operator + enabled: false + + additionalLabels: {} + # optional additional annotations for the controller serviceMonitor + annotations: {} + # optional tls configuration for the controller serviceMonitor, in case + # secure metrics are enabled. + tlsConfig: + insecureSkipVerify: true + + # Job label for scrape target + jobLabel: "app.kubernetes.io/name" + + # Scrape interval. If not set, the Prometheus default scrape interval is used. + interval: + + # metric relabel configs to apply to samples before ingestion. + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # target_label: nodename + # replacement: $1 + # action: replace + +# controller contains configuration specific to the FRRK8s controller +# daemonset. +frrk8s: + # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info + tolerateMaster: true + image: + repository: quay.io/metallb/frr-k8s + tag: + pullPolicy: + ## @param controller.updateStrategy.type FRR-K8s controller daemonset strategy type + ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. If not set and create is + # true, a name is generated using the fullname template + name: "" + annotations: {} + ## Defines a secret name for the controller to generate a memberlist encryption secret + ## By default secretName: {{ "metallb.fullname" }}-memberlist + ## + # secretName: + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + nodeSelector: {} + tolerations: [] + priorityClassName: "" + affinity: {} + ## Selects which runtime class will be used by the pod. + runtimeClassName: "" + podAnnotations: {} + labels: + app: frr-k8s + healthPort: 8081 + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + startupProbe: + enabled: true + failureThreshold: 30 + periodSeconds: 5 + ## A comma separated list of cidrs we want always to block for incoming routes + alwaysBlock: "" + ## Specifies whether the cert rotator works as part of the webhook. + disableCertRotation: false + ## Specifies whether the pod restarts when the rotator refreshes the cert secret. + ## Enabling this proved useful for the webhook's stability when it is redeployed multiple times in succession. + restartOnRotatorSecretRefresh: false + # frr contains configuration specific to the FRR container, + frr: + image: + repository: quay.io/frrouting/frr + tag: 8.4.2 + pullPolicy: + metricsBindAddress: 127.0.0.1 + metricsPort: 7573 + resources: {} + secureMetricsPort: 9141 + reloader: + resources: {} + frrMetrics: + resources: {} +crds: + enabled: true + validationFailurePolicy: Fail diff --git a/charts/metallb/metallb/policy/controller.rego b/charts/metallb/metallb/policy/controller.rego index 716eeb7a4..b7a0ea1a0 100644 --- a/charts/metallb/metallb/policy/controller.rego +++ b/charts/metallb/metallb/policy/controller.rego @@ -4,7 +4,7 @@ package main deny[msg] { input.kind == "Deployment" serviceAccountName := input.spec.template.spec.serviceAccountName - not serviceAccountName == "RELEASE-NAME-metallb-controller" + not serviceAccountName == "release-name-metallb-controller" msg = sprintf("controller serviceAccountName '%s' does not match expected value", [serviceAccountName]) } diff --git a/charts/metallb/metallb/policy/speaker.rego b/charts/metallb/metallb/policy/speaker.rego index d4d8137f1..146a0373c 100644 --- a/charts/metallb/metallb/policy/speaker.rego +++ b/charts/metallb/metallb/policy/speaker.rego @@ -4,7 +4,7 @@ package main deny[msg] { input.kind == "DaemonSet" serviceAccountName := input.spec.template.spec.serviceAccountName - not serviceAccountName == "RELEASE-NAME-metallb-speaker" + not serviceAccountName == "release-name-metallb-speaker" msg = sprintf("speaker serviceAccountName '%s' does not match expected value", [serviceAccountName]) } diff --git a/charts/metallb/metallb/templates/controller.yaml b/charts/metallb/metallb/templates/controller.yaml index 2b522d1b2..bb79aeb64 100644 --- a/charts/metallb/metallb/templates/controller.yaml +++ b/charts/metallb/metallb/templates/controller.yaml @@ -72,6 +72,12 @@ spec: {{- if .Values.controller.webhookMode }} - --webhook-mode={{ .Values.controller.webhookMode }} {{- end }} + {{- if .Values.controller.tlsMinVersion }} + - --tls-min-version={{ .Values.controller.tlsMinVersion }} + {{- end }} + {{- if .Values.controller.tlsCipherSuites }} + - --tls-cipher-suites={{ .Values.controller.tlsCipherSuites }} + {{- end }} env: {{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }} - name: METALLB_ML_SECRET_NAME @@ -83,6 +89,10 @@ spec: - name: METALLB_BGP_TYPE value: frr {{- end }} + {{- if .Values.frrk8s.enabled }} + - name: METALLB_BGP_TYPE + value: frr-k8s + {{- end }} ports: - name: monitoring containerPort: {{ .Values.prometheus.metricsPort }} @@ -153,6 +163,9 @@ spec: readOnly: true {{- end }} {{ end }} + {{- if .Values.controller.extraContainers }} + {{- toYaml .Values.controller.extraContainers | nindent 6 }} + {{- end }} nodeSelector: "kubernetes.io/os": linux {{- with .Values.controller.nodeSelector }} diff --git a/charts/metallb/metallb/templates/rbac.yaml b/charts/metallb/metallb/templates/rbac.yaml index ed6b8260c..5a7d53e03 100644 --- a/charts/metallb/metallb/templates/rbac.yaml +++ b/charts/metallb/metallb/templates/rbac.yaml @@ -104,6 +104,11 @@ rules: - apiGroups: ["metallb.io"] resources: ["communities"] verbs: ["get", "list", "watch"] +{{- if .Values.frrk8s.enabled }} +- apiGroups: ["frrk8s.metallb.io"] + resources: ["frrconfigurations"] + verbs: ["get", "list", "watch","create","update"] +{{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/charts/metallb/metallb/templates/speaker.yaml b/charts/metallb/metallb/templates/speaker.yaml index 1a4c7b2aa..635aa0a80 100644 --- a/charts/metallb/metallb/templates/speaker.yaml +++ b/charts/metallb/metallb/templates/speaker.yaml @@ -1,4 +1,10 @@ {{- if .Values.speaker.frr.enabled }} +{{- if .Values.frrk8s.enabled }} +{{- fail "speaker.frr.enabled and frrk8s.enabled are mutually exclusive!" }} +{{- end }} +{{- end }} +{{- if .Values.speaker.frr.enabled }} + # FRR expects to have these files owned by frr:frr on startup. # Having them in a ConfigMap allows us to modify behaviors: for example enabling more daemons on startup. apiVersion: v1 @@ -154,6 +160,10 @@ spec: serviceAccountName: {{ template "metallb.speaker.serviceAccountName" . }} terminationGracePeriodSeconds: 0 hostNetwork: true + {{- if .Values.speaker.securityContext }} + securityContext: + {{- toYaml .Values.speaker.securityContext | nindent 8 }} + {{- end }} volumes: {{- if .Values.speaker.memberlist.enabled }} - name: memberlist @@ -231,6 +241,9 @@ spec: {{- if .Values.loadBalancerClass }} - --lb-class={{ .Values.loadBalancerClass }} {{- end }} + {{- if .Values.speaker.wanConfig }} + - --ml-wan-config + {{- end }} env: - name: METALLB_NODE_NAME valueFrom: @@ -241,10 +254,15 @@ spec: fieldRef: fieldPath: status.hostIP {{- if .Values.speaker.memberlist.enabled }} + {{- if .Values.speaker.memberlist.mlBindAddrOverride }} + - name: METALLB_ML_BIND_ADDR + value: "{{ .Values.speaker.memberlist.mlBindAddrOverride }}" + {{ else }} - name: METALLB_ML_BIND_ADDR valueFrom: fieldRef: fieldPath: status.podIP + {{ end }} - name: METALLB_ML_LABELS value: "app.kubernetes.io/name={{ include "metallb.name" . }},app.kubernetes.io/component=speaker" - name: METALLB_ML_BIND_PORT @@ -260,6 +278,10 @@ spec: - name: METALLB_BGP_TYPE value: frr {{- end }} + {{- if .Values.frrk8s.enabled }} + - name: METALLB_BGP_TYPE + value: frr-k8s + {{- end }} ports: - name: monitoring containerPort: {{ .Values.prometheus.metricsPort }} @@ -448,6 +470,7 @@ spec: readOnly: true {{- end }} {{ end }} + {{- if .Values.speaker.frr.enabled }} {{- if .Values.speaker.frr.secureMetricsPort }} - name: kube-rbac-proxy-frr image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag | default .Chart.AppVersion }} @@ -463,7 +486,7 @@ spec: {{- end }} ports: - containerPort: {{ .Values.speaker.frr.secureMetricsPort }} - name: metricshttps + name: frrmetricshttps env: - name: METALLB_HOST valueFrom: @@ -481,6 +504,10 @@ spec: readOnly: true {{- end }} {{ end }} + {{- end }} + {{- if .Values.speaker.extraContainers }} + {{- toYaml .Values.speaker.extraContainers | nindent 6 }} + {{- end }} nodeSelector: "kubernetes.io/os": linux {{- with .Values.speaker.nodeSelector }} diff --git a/charts/metallb/metallb/templates/webhooks.yaml b/charts/metallb/metallb/templates/webhooks.yaml index 3b587a424..8eb0756e6 100644 --- a/charts/metallb/metallb/templates/webhooks.yaml +++ b/charts/metallb/metallb/templates/webhooks.yaml @@ -5,26 +5,6 @@ metadata: labels: {{- include "metallb.labels" . | nindent 4 }} webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-metallb-io-v1beta1-addresspool - failurePolicy: {{ .Values.crds.validationFailurePolicy }} - name: addresspoolvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - addresspools - sideEffects: None - admissionReviewVersions: - v1 clientConfig: diff --git a/charts/metallb/metallb/values.schema.json b/charts/metallb/metallb/values.schema.json index 5a92e56a7..b6373532f 100644 --- a/charts/metallb/metallb/values.schema.json +++ b/charts/metallb/metallb/values.schema.json @@ -299,6 +299,37 @@ }, "required": [ "podMonitor", "prometheusRule" ] }, + "controller": { + "allOf": [ + { "$ref": "#/definitions/component" }, + { "description": "MetalLB Controller", + "type": "object", + "properties": { + "strategy": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + }, + "required": [ "type" ] + }, + "command" : { + "type": "string" + }, + "webhookMode" : { + "type": "string" + }, + "extraContainers": { + "type": "array", + "items": { + "type": "object" + } + } + } + } + ] + }, "speaker": { "allOf": [ { "$ref": "#/definitions/component" }, @@ -317,6 +348,9 @@ "mlBindPort": { "type": "integer" }, + "mlBindAddrOverride": { + "type": "string" + }, "mlSecretKeyPath": { "type": "string" } @@ -342,6 +376,9 @@ "runtimeClassName": { "type": "string" }, + "securityContext": { + "type": "object" + }, "secretName": { "type": "string" }, @@ -373,6 +410,12 @@ "properties": { "resources": { "type": "object" } } + }, + "extraContainers": { + "type": "array", + "items": { + "type": "object" + } } }, "required": [ "tolerateMaster" ] @@ -395,31 +438,6 @@ } } }, - "controller": { - "allOf": [ - { "$ref": "#/definitions/component" }, - { "description": "MetalLB Controller", - "type": "object", - "properties": { - "strategy": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - }, - "required": [ "type" ] - }, - "command" : { - "type": "string" - }, - "webhookMode" : { - "type": "string" - } - } - } - ] - }, "required": [ "controller", "speaker" diff --git a/charts/metallb/metallb/values.yaml b/charts/metallb/metallb/values.yaml index be8cf112e..50c53cd4d 100644 --- a/charts/metallb/metallb/values.yaml +++ b/charts/metallb/metallb/values.yaml @@ -248,6 +248,10 @@ controller: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 + tlsMinVersion: "VersionTLS12" + tlsCipherSuites: "" + + extraContainers: [] # speaker contains configuration specific to the MetalLB speaker # daemonset. @@ -260,6 +264,7 @@ speaker: memberlist: enabled: true mlBindPort: 7946 + mlBindAddrOverride: "" mlSecretKeyPath: "/etc/ml_secret_key" excludeInterfaces: enabled: true @@ -282,6 +287,7 @@ speaker: # true, a name is generated using the fullname template name: "" annotations: {} + securityContext: {} ## Defines a secret name for the controller to generate a memberlist encryption secret ## By default secretName: {{ "metallb.fullname" }}-memberlist ## @@ -331,12 +337,24 @@ speaker: # expose the frr metrics via tls. # secureMetricsPort: 9121 + reloader: resources: {} frrMetrics: resources: {} + extraContainers: [] + crds: enabled: true validationFailurePolicy: Fail + +# frrk8s contains the configuration related to using an frrk8s instance +# (github.com/metallb/frr-k8s) as the backend for the BGP implementation. +# This allows configuring additional frr parameters in combination to those +# applied by MetalLB. +frrk8s: + # if set, enables frrk8s as a backend. This is mutually exclusive to frr + # mode. + enabled: false diff --git a/charts/minio/minio-operator/Chart.yaml b/charts/minio/minio-operator/Chart.yaml index 07ba40b55..3c5cfc2a1 100644 --- a/charts/minio/minio-operator/Chart.yaml +++ b/charts/minio/minio-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/release-name: minio-operator apiVersion: v2 -appVersion: v5.0.11 +appVersion: v5.0.12 description: A Helm chart for MinIO Operator home: https://min.io icon: https://min.io/resources/img/logo/MINIO_wordmark.png @@ -19,4 +19,4 @@ name: minio-operator sources: - https://github.com/minio/operator type: application -version: 5.0.11 +version: 5.0.12 diff --git a/charts/minio/minio-operator/Chart.yaml-e b/charts/minio/minio-operator/Chart.yaml-e index 1d5dc01f7..34504bb4e 100644 --- a/charts/minio/minio-operator/Chart.yaml-e +++ b/charts/minio/minio-operator/Chart.yaml-e @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 5.0.11 -appVersion: v5.0.11 +version: 5.0.12 +appVersion: v5.0.12 keywords: - storage - object-storage diff --git a/charts/minio/minio-operator/templates/NOTES.txt b/charts/minio/minio-operator/templates/NOTES.txt index 47b9aea9e..9766c6dcb 100644 --- a/charts/minio/minio-operator/templates/NOTES.txt +++ b/charts/minio/minio-operator/templates/NOTES.txt @@ -9,7 +9,7 @@ metadata: kubernetes.io/service-account.name: console-sa type: kubernetes.io/service-account-token EOF -kubectl -n minio-operator get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode +kubectl -n {{ .Release.Namespace }} get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode 2. Get the Operator Console URL by running these commands: kubectl --namespace {{ .Release.Namespace }} port-forward svc/console 9090:9090 diff --git a/charts/minio/minio-operator/templates/job.min.io_jobs.yaml b/charts/minio/minio-operator/templates/job.min.io_jobs.yaml new file mode 100644 index 000000000..412d453bb --- /dev/null +++ b/charts/minio/minio-operator/templates/job.min.io_jobs.yaml @@ -0,0 +1,112 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: miniojobs.job.min.io +spec: + group: job.min.io + names: + kind: MinIOJob + listKind: MinIOJobList + plural: miniojobs + shortNames: + - miniojob + singular: miniojob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.tenant.name + name: Tenant + type: string + - jsonPath: .spec.status.phase + name: Phase + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + commands: + items: + properties: + args: + additionalProperties: + type: string + type: object + dependsOn: + items: + type: string + type: array + name: + type: string + op: + type: string + required: + - op + type: object + type: array + execution: + default: parallel + enum: + - parallel + - sequential + type: string + failureStrategy: + default: continueOnFailure + enum: + - continueOnFailure + - stopOnFailure + type: string + serviceAccountName: + type: string + tenant: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + required: + - commands + - serviceAccountName + - tenant + type: object + status: + properties: + commands: + items: + properties: + message: + type: string + name: + type: string + result: + type: string + required: + - result + type: object + type: array + phase: + type: string + required: + - commands + - phase + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml b/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml index 24331b5b9..e3bf49be8 100644 --- a/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml +++ b/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: tenants.minio.min.io spec: group: minio.min.io @@ -310,18 +309,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -365,6 +352,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -553,6 +542,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -1107,6 +1133,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1157,6 +1191,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1715,6 +1757,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1783,6 +1835,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1849,6 +1911,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1917,6 +1989,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2455,6 +2537,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2523,6 +2615,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2589,6 +2691,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2657,6 +2769,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2998,18 +3120,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3053,6 +3163,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -3107,6 +3219,17 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + type: string + modifyVolumeStatus: + properties: + status: + type: string + targetVolumeAttributesClassName: + type: string + required: + - status + type: object phase: type: string type: object @@ -3368,6 +3491,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -3418,6 +3549,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -3939,18 +4078,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3994,6 +4121,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -4048,6 +4177,17 @@ spec: - type type: object type: array + currentVolumeAttributesClassName: + type: string + modifyVolumeStatus: + properties: + status: + type: string + targetVolumeAttributesClassName: + type: string + required: + - status + type: object phase: type: string type: object @@ -4300,18 +4440,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4355,6 +4483,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -4543,6 +4673,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: diff --git a/charts/minio/minio-operator/templates/operator-serviceaccount.yaml b/charts/minio/minio-operator/templates/operator-serviceaccount.yaml index 7b6442480..8ae899da6 100644 --- a/charts/minio/minio-operator/templates/operator-serviceaccount.yaml +++ b/charts/minio/minio-operator/templates/operator-serviceaccount.yaml @@ -4,3 +4,7 @@ metadata: name: minio-operator namespace: {{ .Release.Namespace }} labels: {{- include "minio-operator.labels" . | nindent 4 }} + {{- with .Values.operator.serviceAccountAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/minio/minio-operator/templates/sts.min.io_policybindings.yaml b/charts/minio/minio-operator/templates/sts.min.io_policybindings.yaml index b01576f5b..b329389ef 100644 --- a/charts/minio/minio-operator/templates/sts.min.io_policybindings.yaml +++ b/charts/minio/minio-operator/templates/sts.min.io_policybindings.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: policybindings.sts.min.io spec: group: sts.min.io diff --git a/charts/minio/minio-operator/values.yaml b/charts/minio/minio-operator/values.yaml index 03f4850b2..fc3ac0bce 100644 --- a/charts/minio/minio-operator/values.yaml +++ b/charts/minio/minio-operator/values.yaml @@ -27,17 +27,19 @@ operator: env: - name: OPERATOR_STS_ENABLED value: "on" + # An array of additional annotations to be applied to the operator service account + serviceAccountAnnotations: [] ### # Specify the Operator container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.12 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/operator - # tag: v5.0.11 + # tag: v5.0.12 # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -51,7 +53,7 @@ operator: # image: repository: quay.io/minio/operator - tag: v5.0.11 + tag: v5.0.12 pullPolicy: IfNotPresent ### # @@ -169,14 +171,14 @@ console: ### # Specify the Operator Console container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.12 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/operator - # tag: v5.0.11 + # tag: v5.0.12 # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -191,7 +193,7 @@ console: # The specified values should match that of ``operator.image`` to ensure predictable operations. image: repository: quay.io/minio/operator - tag: v5.0.11 + tag: v5.0.12 pullPolicy: IfNotPresent ### # An array of environment variables to pass to the Operator Console deployment. diff --git a/charts/minio/minio-operator/values.yaml-e b/charts/minio/minio-operator/values.yaml-e index 03f4850b2..fc3ac0bce 100644 --- a/charts/minio/minio-operator/values.yaml-e +++ b/charts/minio/minio-operator/values.yaml-e @@ -27,17 +27,19 @@ operator: env: - name: OPERATOR_STS_ENABLED value: "on" + # An array of additional annotations to be applied to the operator service account + serviceAccountAnnotations: [] ### # Specify the Operator container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.12 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/operator - # tag: v5.0.11 + # tag: v5.0.12 # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -51,7 +53,7 @@ operator: # image: repository: quay.io/minio/operator - tag: v5.0.11 + tag: v5.0.12 pullPolicy: IfNotPresent ### # @@ -169,14 +171,14 @@ console: ### # Specify the Operator Console container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.12 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/operator - # tag: v5.0.11 + # tag: v5.0.12 # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -191,7 +193,7 @@ console: # The specified values should match that of ``operator.image`` to ensure predictable operations. image: repository: quay.io/minio/operator - tag: v5.0.11 + tag: v5.0.12 pullPolicy: IfNotPresent ### # An array of environment variables to pass to the Operator Console deployment. diff --git a/charts/nats/nats/Chart.yaml b/charts/nats/nats/Chart.yaml index 51be34d73..a034eb414 100644 --- a/charts/nats/nats/Chart.yaml +++ b/charts/nats/nats/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.16-0' catalog.cattle.io/release-name: nats apiVersion: v2 -appVersion: 2.10.9 +appVersion: 2.10.10 description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. home: http://github.com/nats-io/k8s @@ -18,4 +18,4 @@ maintainers: name: The NATS Authors url: https://github.com/nats-io name: nats -version: 1.1.7 +version: 1.1.8 diff --git a/charts/nats/nats/values.yaml b/charts/nats/nats/values.yaml index 38f8d239a..ac51552f5 100644 --- a/charts/nats/nats/values.yaml +++ b/charts/nats/nats/values.yaml @@ -312,7 +312,7 @@ config: container: image: repository: nats - tag: 2.10.9-alpine + tag: 2.10.10-alpine pullPolicy: registry: @@ -378,7 +378,7 @@ promExporter: enabled: false image: repository: natsio/prometheus-nats-exporter - tag: 0.13.0 + tag: 0.14.0 pullPolicy: registry: @@ -564,7 +564,7 @@ natsBox: container: image: repository: natsio/nats-box - tag: 0.14.1 + tag: 0.14.2 pullPolicy: registry: diff --git a/charts/new-relic/nri-bundle/Chart.lock b/charts/new-relic/nri-bundle/Chart.lock index 960b2b3e2..75f0f7b1f 100644 --- a/charts/new-relic/nri-bundle/Chart.lock +++ b/charts/new-relic/nri-bundle/Chart.lock @@ -1,28 +1,28 @@ dependencies: - name: newrelic-infrastructure repository: https://newrelic.github.io/nri-kubernetes - version: 3.29.1 + version: 3.30.0 - name: nri-prometheus repository: https://newrelic.github.io/nri-prometheus version: 2.1.17 - name: newrelic-prometheus-agent repository: https://newrelic.github.io/newrelic-prometheus-configurator - version: 1.9.1 + version: 1.10.0 - name: nri-metadata-injection repository: https://newrelic.github.io/k8s-metadata-injection - version: 4.16.1 + version: 4.17.0 - name: newrelic-k8s-metrics-adapter repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter - version: 1.8.2 + version: 1.9.0 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts version: 5.12.1 - name: nri-kube-events repository: https://newrelic.github.io/nri-kube-events - version: 3.7.3 + version: 3.8.0 - name: newrelic-logging repository: https://newrelic.github.io/helm-charts - version: 1.19.0 + version: 1.20.0 - name: newrelic-pixie repository: https://newrelic.github.io/helm-charts version: 2.1.2 @@ -31,6 +31,6 @@ dependencies: version: 0.1.4 - name: newrelic-infra-operator repository: https://newrelic.github.io/newrelic-infra-operator - version: 2.8.2 -digest: sha256:1ddcf0402fed4aac1b4269379376b8a8d7d4c0a87c17fd8491b1a8d87e811629 -generated: "2024-01-22T23:54:08.952326043Z" + version: 2.9.0 +digest: sha256:567eec2f33e949a44f18902897abc85b9a7ed1093d5cb89eb9de439a8961a08f +generated: "2024-02-07T13:53:22.810865497Z" diff --git a/charts/new-relic/nri-bundle/Chart.yaml b/charts/new-relic/nri-bundle/Chart.yaml index d635ef579..9a84dc00b 100644 --- a/charts/new-relic/nri-bundle/Chart.yaml +++ b/charts/new-relic/nri-bundle/Chart.yaml @@ -7,7 +7,7 @@ dependencies: - condition: infrastructure.enabled,newrelic-infrastructure.enabled name: newrelic-infrastructure repository: file://./charts/newrelic-infrastructure - version: 3.29.1 + version: 3.30.0 - condition: prometheus.enabled,nri-prometheus.enabled name: nri-prometheus repository: file://./charts/nri-prometheus @@ -15,15 +15,15 @@ dependencies: - condition: newrelic-prometheus-agent.enabled name: newrelic-prometheus-agent repository: file://./charts/newrelic-prometheus-agent - version: 1.9.1 + version: 1.10.0 - condition: webhook.enabled,nri-metadata-injection.enabled name: nri-metadata-injection repository: file://./charts/nri-metadata-injection - version: 4.16.1 + version: 4.17.0 - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled name: newrelic-k8s-metrics-adapter repository: file://./charts/newrelic-k8s-metrics-adapter - version: 1.8.2 + version: 1.9.0 - condition: ksm.enabled,kube-state-metrics.enabled name: kube-state-metrics repository: file://./charts/kube-state-metrics @@ -31,11 +31,11 @@ dependencies: - condition: kubeEvents.enabled,nri-kube-events.enabled name: nri-kube-events repository: file://./charts/nri-kube-events - version: 3.7.3 + version: 3.8.0 - condition: logging.enabled,newrelic-logging.enabled name: newrelic-logging repository: file://./charts/newrelic-logging - version: 1.19.0 + version: 1.20.0 - condition: newrelic-pixie.enabled name: newrelic-pixie repository: file://./charts/newrelic-pixie @@ -48,7 +48,7 @@ dependencies: - condition: newrelic-infra-operator.enabled name: newrelic-infra-operator repository: file://./charts/newrelic-infra-operator - version: 2.8.2 + version: 2.9.0 description: Groups together the individual charts for the New Relic Kubernetes solution for a more comfortable deployment. home: https://github.com/newrelic/helm-charts @@ -75,4 +75,4 @@ sources: - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator -version: 5.0.60 +version: 5.0.63 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml index c71d2f263..d61b13236 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.16.2 +appVersion: 0.17.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -32,4 +32,4 @@ name: newrelic-infra-operator sources: - https://github.com/newrelic/newrelic-infra-operator - https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator -version: 2.8.2 +version: 2.9.0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml index 1ea9210ae..6cb543d90 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.24.1 +appVersion: 3.25.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -12,27 +12,15 @@ keywords: - newrelic - monitoring maintainers: -- name: nserrino - url: https://github.com/nserrino -- name: philkuz - url: https://github.com/philkuz -- name: htroisi - url: https://github.com/htroisi - name: juanjjaramillo url: https://github.com/juanjjaramillo -- name: svetlanabrennan - url: https://github.com/svetlanabrennan -- name: nrepai - url: https://github.com/nrepai - name: csongnr url: https://github.com/csongnr -- name: vuqtran88 - url: https://github.com/vuqtran88 -- name: xqi-nr - url: https://github.com/xqi-nr +- name: dbudziwojskiNR + url: https://github.com/dbudziwojskiNR name: newrelic-infrastructure sources: - https://github.com/newrelic/nri-kubernetes/ - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure - https://github.com/newrelic/infrastructure-agent/ -version: 3.29.1 +version: 3.30.0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/README.md b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/README.md index 56cadee19..923b6109b 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/README.md +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/README.md @@ -194,15 +194,9 @@ integrations that you have configured. ## Maintainers -* [nserrino](https://github.com/nserrino) -* [philkuz](https://github.com/philkuz) -* [htroisi](https://github.com/htroisi) * [juanjjaramillo](https://github.com/juanjjaramillo) -* [svetlanabrennan](https://github.com/svetlanabrennan) -* [nrepai](https://github.com/nrepai) * [csongnr](https://github.com/csongnr) -* [vuqtran88](https://github.com/vuqtran88) -* [xqi-nr](https://github.com/xqi-nr) +* [dbudziwojskiNR](https://github.com/dbudziwojskiNR) ## Past Contributors diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/templates/clusterrole.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/templates/clusterrole.yaml index 4913448e7..391dc1e1f 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/templates/clusterrole.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/templates/clusterrole.yaml @@ -18,6 +18,7 @@ rules: - "services" - "nodes" - "namespaces" + - "pods" verbs: [ "get", "list", "watch" ] - nonResourceURLs: ["/metrics"] verbs: ["get"] diff --git a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml index a557b5bb9..2cb4cd1b9 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.10.2 +appVersion: 0.11.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -14,10 +14,12 @@ keywords: maintainers: - name: juanjjaramillo url: https://github.com/juanjjaramillo -- name: svetlanabrennan - url: https://github.com/svetlanabrennan +- name: csongnr + url: https://github.com/csongnr +- name: dbudziwojskiNR + url: https://github.com/dbudziwojskiNR name: newrelic-k8s-metrics-adapter sources: - https://github.com/newrelic/newrelic-k8s-metrics-adapter - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter -version: 1.8.2 +version: 1.9.0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md index 31288586c..e5a1b0996 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md +++ b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md @@ -135,4 +135,5 @@ resources: ## Maintainers * [juanjjaramillo](https://github.com/juanjjaramillo) -* [svetlanabrennan](https://github.com/svetlanabrennan) +* [csongnr](https://github.com/csongnr) +* [dbudziwojskiNR](https://github.com/dbudziwojskiNR) diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml index acd232ad3..43fbfb9dd 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml @@ -17,4 +17,4 @@ maintainers: - name: danybmx - name: sdaubin name: newrelic-logging -version: 1.19.0 +version: 1.20.0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/README.md b/charts/new-relic/nri-bundle/charts/newrelic-logging/README.md index 476da5b9d..a0eb0c812 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-logging/README.md +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/README.md @@ -106,63 +106,94 @@ helm upgrade --install newrelic-bundle newrelic/nri-bundle \ ### Supported configuration parameters See [values.yaml](values.yaml) for the default values -| Parameter | Description | Default | -|------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------| -| `global.cluster` - `cluster` | The cluster name for the Kubernetes cluster. | | -| `global.licenseKey` - `licenseKey` | The [license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key) for your New Relic Account. This will be the preferred configuration option if both `licenseKey` and `customSecret*` values are specified. | | -| `global.customSecretName` - `customSecretName` | Name of the Secret object where the license key is stored | | -| `global.customSecretLicenseKey` - `customSecretLicenseKey` | Key in the Secret object where the license key is stored. | | -| `global.fargate` | Must be set to `true` when deploying in an EKS Fargate environment. Prevents DaemonSet pods from being scheduled in Fargate nodes. | | -| `global.lowDataMode` - `lowDataMode` | If `true`, send minimal attributes on Kubernetes logs. Labels and annotations are not sent when lowDataMode is enabled. | `false` | -| `rbac.create` | Enable Role-based authentication | `true` | -| `rbac.pspEnabled` | Enable pod security policy support | `false` | -| `image.repository` | The container to pull. | `newrelic/newrelic-fluentbit-output` | -| `image.pullPolicy` | The pull policy. | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets. | `nil` | -| `image.tag` | The version of the container to pull. | See value in [values.yaml]` | -| `exposedPorts` | Any ports you wish to expose from the pod. Ex. 2020 for metrics | `[]` | -| `resources` | Any resources you wish to assign to the pod. | See Resources below | -| `priorityClassName` | Scheduling priority of the pod | `nil` | -| `nodeSelector` | Node label to use for scheduling on Linux nodes | `{ kubernetes.io/os: linux }` | -| `windowsNodeSelector` | Node label to use for scheduling on Windows nodes | `{ kubernetes.io/os: windows, node.kubernetes.io/windows-build: BUILD_NUMBER }` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | See Tolerations below | -| `updateStrategy` | Strategy for DaemonSet updates (requires Kubernetes >= 1.6) | `RollingUpdate` | -| `extraVolumeMounts` | Additional DaemonSet volume mounts | `[]` | -| `extraVolumes` | Additional DaemonSet volumes | `[]` | -| `initContainers` | [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) that will be executed before the actual container in charge of shipping logs to New Relic is initialized. Use this if you are using a custom Fluent Bit configuration that requires downloading certain files inside the volumes being accessed by the log-shipping pod. | `[]` | -| `windows.initContainers` | [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) that will be executed before the actual container in charge of shipping logs to New Relic is initialized. Use this if you are using a custom Fluent Bit configuration that requires downloading certain files inside the volumes being accessed by the log-shipping pod. | `[]` | -| `serviceAccount.create` | If true, a service account would be created and assigned to the deployment | `true` | -| `serviceAccount.name` | The service account to assign to the deployment. If `serviceAccount.create` is true then this name will be used when creating the service account | | -| `serviceAccount.annotations` | The annotations to add to the service account if `serviceAccount.create` is set to true. | | -| `global.nrStaging` - `nrStaging` | Send data to staging (requires a staging license key) | `false` | -| `fluentBit.path` | Node path logs are forwarded from. Patterns are supported, as well as specifying multiple paths/patterns separated by commas. | `/var/log/containers/*.log` | -| `fluentBit.db` | Node path used by Fluent Bit to store a database file to keep track of monitored files and offsets. | `/var/log/containers/*.log` | -| `fluentBit.k8sBufferSize` | Set the buffer size for HTTP client when reading responses from Kubernetes API server. A value of 0 results in no limit and the buffer will expand as needed. | `32k` | -| `fluentBit.k8sLoggingExclude` | Set to "On" to allow excluding pods by adding the annotation `fluentbit.io/exclude: "true"` to pods you wish to exclude. | `Off` | -| `fluentBit.additionalEnvVariables` | Additional environmental variables for fluentbit pods | `[]]` | -| `daemonSet.annotations` | The annotations to add to the `DaemonSet`. | | -| `podAnnotations` | The annotations to add to the `DaemonSet` created `Pod`s. | | -| `enableLinux` | Enable log collection from Linux containers. This is the default behavior. In case you are only interested of collecting logs from Windows containers, set this to `false`. | `true` | -| `enableWindows` | Enable log collection from Windows containers. Please refer to the [Windows support](#windows-support) section for more details. | `false` | -| `fluentBit.config.service` | Contains fluent-bit.conf Service config | | -| `fluentBit.config.inputs` | Contains fluent-bit.conf Inputs config | | -| `fluentBit.config.extraInputs` | Contains extra fluent-bit.conf Inputs config | | -| `fluentBit.config.filters` | Contains fluent-bit.conf Filters config | | -| `fluentBit.config.extraFilters` | Contains extra fluent-bit.conf Filters config | | -| `fluentBit.config.lowDataModeFilters` | Contains fluent-bit.conf Filters config for lowDataMode | | -| `fluentBit.config.outputs` | Contains fluent-bit.conf Outputs config | | -| `fluentBit.config.extraOutputs` | Contains extra fluent-bit.conf Outputs config | | -| `fluentBit.config.parsers` | Contains parsers.conf Parsers config | | -| `fluentBit.retryLimit` | Amount of times to retry sending a given batch of logs to New Relic. This prevents data loss if there is a temporary network disruption, if a request to the Logs API is lost or when receiving a recoverable HTTP response. Set it to "False" for unlimited retries. | 5 | -| `dnsConfig` | [DNS configuration](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config) that will be added to the pods. Can be configured also with `global.dnsConfig`. | `{}` | -| `fluentBit.criEnabled` | We assume that `kubelet`directly communicates with the container engine using the [CRI](https://kubernetes.io/docs/concepts/overview/components/#container-runtime) specification. Set this to `false` if your K8s installation uses [dockershim](https://kubernetes.io/docs/tasks/administer-cluster/migrating-from-dockershim/) instead, in order to get the logs properly parsed. |`true` | +| Parameter | Description | Default | +| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------- | +| `global.cluster` - `cluster` | The cluster name for the Kubernetes cluster. | | +| `global.licenseKey` - `licenseKey` | The [license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key) for your New Relic Account. This will be the preferred configuration option if both `licenseKey` and `customSecret*` values are specified. | | +| `global.customSecretName` - `customSecretName` | Name of the Secret object where the license key is stored | | +| `global.customSecretLicenseKey` - `customSecretLicenseKey` | Key in the Secret object where the license key is stored. | | +| `global.fargate` | Must be set to `true` when deploying in an EKS Fargate environment. Prevents DaemonSet pods from being scheduled in Fargate nodes. | | +| `global.lowDataMode` - `lowDataMode` | If `true`, send minimal attributes on Kubernetes logs. Labels and annotations are not sent when lowDataMode is enabled. | `false` | +| `rbac.create` | Enable Role-based authentication | `true` | +| `rbac.pspEnabled` | Enable pod security policy support | `false` | +| `image.repository` | The container to pull. | `newrelic/newrelic-fluentbit-output` | +| `image.pullPolicy` | The pull policy. | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets. | `nil` | +| `image.tag` | The version of the container to pull. | See value in [values.yaml]` | +| `exposedPorts` | Any ports you wish to expose from the pod. Ex. 2020 for metrics | `[]` | +| `resources` | Any resources you wish to assign to the pod. | See Resources below | +| `priorityClassName` | Scheduling priority of the pod | `nil` | +| `nodeSelector` | Node label to use for scheduling on Linux nodes | `{ kubernetes.io/os: linux }` | +| `windowsNodeSelector` | Node label to use for scheduling on Windows nodes | `{ kubernetes.io/os: windows, node.kubernetes.io/windows-build: BUILD_NUMBER }` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | See Tolerations below | +| `updateStrategy` | Strategy for DaemonSet updates (requires Kubernetes >= 1.6) | `RollingUpdate` | +| `extraVolumeMounts` | Additional DaemonSet volume mounts | `[]` | +| `extraVolumes` | Additional DaemonSet volumes | `[]` | +| `initContainers` | [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) that will be executed before the actual container in charge of shipping logs to New Relic is initialized. Use this if you are using a custom Fluent Bit configuration that requires downloading certain files inside the volumes being accessed by the log-shipping pod. | `[]` | +| `windows.initContainers` | [Init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) that will be executed before the actual container in charge of shipping logs to New Relic is initialized. Use this if you are using a custom Fluent Bit configuration that requires downloading certain files inside the volumes being accessed by the log-shipping pod. | `[]` | +| `serviceAccount.create` | If true, a service account would be created and assigned to the deployment | `true` | +| `serviceAccount.name` | The service account to assign to the deployment. If `serviceAccount.create` is true then this name will be used when creating the service account | | +| `serviceAccount.annotations` | The annotations to add to the service account if `serviceAccount.create` is set to true. | | +| `global.nrStaging` - `nrStaging` | Send data to staging (requires a staging license key) | `false` | +| `fluentBit.path` | Node path logs are forwarded from. Patterns are supported, as well as specifying multiple paths/patterns separated by commas. | `/var/log/containers/*.log` | +| `fluentBit.db` | Node path used by Fluent Bit to store a database file to keep track of monitored files and offsets. | `/var/log/containers/*.log` | +| `fluentBit.k8sBufferSize` | Set the buffer size for HTTP client when reading responses from Kubernetes API server. A value of 0 results in no limit and the buffer will expand as needed. | `32k` | +| `fluentBit.k8sLoggingExclude` | Set to "On" to allow excluding pods by adding the annotation `fluentbit.io/exclude: "true"` to pods you wish to exclude. | `Off` | +| `fluentBit.additionalEnvVariables` | Additional environmental variables for fluentbit pods | `[]]` | +| `fluentBit.persistence.mode` | The [persistence mode](#Fluent-Bit-persistence-modes) you want to use, options are "hostPath", "none" or "persistentVolume" (this last one available only for linux) +| `fluentBit.persistence.persistentVolume.storageClass` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), indicates the storage class that will be used for create the PersistentVolume and PersistentVolumeClaim. | | +| `fluentBit.persistence.persistentVolume.size` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), indicates the capacity for the PersistentVolume and PersistentVolumeClaim | 10Gi | +| `fluentBit.persistence.persistentVolume.dynamicProvisioning` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), indicates if the storage class used provide dynamic provisioning. If it does, only the PersistentVolumeClaim will be created. | true | +| `fluentBit.persistence.persistentVolume.existingVolume` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), indicates and existing volume in case you want to reuse one, bear in mind that it should allow ReadWriteMany access mode. A PersistentVolumeClaim will be created using it. | | +| `fluentBit.persistence.persistentVolume.existingVolumeClaim` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), indicates and existing volume claim that will be used on the daemonset. It should allow ReadWriteMany access mode. | | +| `fluentBit.persistence.persistentVolume.annotations.volume` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), allows to add annotations to the PersistentVolume (if created). | | +| `fluentBit.persistence.persistentVolume.annotations.claim` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), allows to add annotations to the PersistentVolumeClaim (if created). | | +| `fluentBit.persistence.persistentVolume.extra.volume` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), allows to add extra properties to the PersistentVolume (if created). | | +| `fluentBit.persistence.persistentVolume.extra.claim` | On "persistentVolume" [persistence mode](#Fluent-Bit-persistence-modes), allows to add extra properties to the PersistentVolumeClaim (if created). | | +| `daemonSet.annotations` | The annotations to add to the `DaemonSet`. | | +| `podAnnotations` | The annotations to add to the `DaemonSet` created `Pod`s. | | +| `enableLinux` | Enable log collection from Linux containers. This is the default behavior. In case you are only interested of collecting logs from Windows containers, set this to `false`. | `true` | +| `enableWindows` | Enable log collection from Windows containers. Please refer to the [Windows support](#windows-support) section for more details. | `false` | +| `fluentBit.config.service` | Contains fluent-bit.conf Service config | | +| `fluentBit.config.inputs` | Contains fluent-bit.conf Inputs config | | +| `fluentBit.config.extraInputs` | Contains extra fluent-bit.conf Inputs config | | +| `fluentBit.config.filters` | Contains fluent-bit.conf Filters config | | +| `fluentBit.config.extraFilters` | Contains extra fluent-bit.conf Filters config | | +| `fluentBit.config.lowDataModeFilters` | Contains fluent-bit.conf Filters config for lowDataMode | | +| `fluentBit.config.outputs` | Contains fluent-bit.conf Outputs config | | +| `fluentBit.config.extraOutputs` | Contains extra fluent-bit.conf Outputs config | | +| `fluentBit.config.parsers` | Contains parsers.conf Parsers config | | +| `fluentBit.retryLimit` | Amount of times to retry sending a given batch of logs to New Relic. This prevents data loss if there is a temporary network disruption, if a request to the Logs API is lost or when receiving a recoverable HTTP response. Set it to "False" for unlimited retries. | 5 | +| `dnsConfig` | [DNS configuration](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config) that will be added to the pods. Can be configured also with `global.dnsConfig`. | `{}` | +| `fluentBit.criEnabled` | We assume that `kubelet`directly communicates with the container engine using the [CRI](https://kubernetes.io/docs/concepts/overview/components/#container-runtime) specification. Set this to `false` if your K8s installation uses [dockershim](https://kubernetes.io/docs/tasks/administer-cluster/migrating-from-dockershim/) instead, in order to get the logs properly parsed. | `true` | +### Fluent Bit persistence modes + +Fluent Bit uses a database file to keep track of log lines read from files (offsets). This database file is stored in the host node by default, using a `hostPath` mount. It's specifically stored (by default) in `/var/log/flb_kube.db` to keep things simple, as we're already mounting `/var` for accessing container logs. + +Sometimes the security constraints of some clusters don't allow mounting `hostPath`s in read-write mode. That's why you can chose among the following +persistence modes. Each one has their pros and cons. + +- `hostPath` (default) will use a `hostPath` mount to store the DB file on the node disk. This is the easiest, cheapest an most reliable option, but prohibited by some cloud vendor security policies. +- `none` will disable the Fluent Bit DB file. This can cause log duplication or data loss in case Fluent Bit gets restarted. +- `persistentVolume` (Linux only) will use a `ReadWriteMany` persistent volume to store the DB file. This will override the `fluentBit.db` path and use `/db/${NODE_NAME}-fb.db` instead. If you use this option in a Windows cluster it will default to `none` on Windows nodes. + +#### GKE Autopilot example + +If you're using the `persistentVolume` persistence mode you need to provide at least the `storageClass`, and it should be `ReadWriteMany`. This is an example of the configuration for persistence in [GKE Autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview). + +``` +fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: standard-rwx +``` ### Proxy support Since Fluent Bit Kubernetes plugin is using [newrelic-fluent-bit-output](https://github.com/newrelic/newrelic-fluent-bit-output) we can configure the [proxy support](https://github.com/newrelic/newrelic-fluent-bit-output#proxy-support) in order to set up the proxy configuration. - #### As environment variables The easiest way to configure the proxy is by means of specifying the `HTTP_PROXY` or `HTTPS_PROXY` variables as follows: @@ -220,4 +251,4 @@ This Helm chart deploys one `DaemonSet` for each of the Windows versions it supp This Helm chart currently supports the following Windows versions: - Windows Server LTSC 2019, build 10.0.17763 -- Windows Server LTSC 2022, build 10.0.20348 \ No newline at end of file +- Windows Server LTSC 2022, build 10.0.20348 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/daemonset-windows.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/daemonset-windows.yaml index e7ec27e0f..d9938feb3 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/daemonset-windows.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/daemonset-windows.yaml @@ -91,8 +91,13 @@ spec: {{- else }} value: "docker,cri" {{- end }} + {{- if or (not $.Values.fluentBit.persistence) (eq $.Values.fluentBit.persistence.mode "hostPath") }} - name: FB_DB value: {{ $.Values.fluentBit.windowsDb | quote }} + {{- else }} + - name: FB_DB + value: "" + {{- end }} - name: PATH value: {{ $.Values.fluentBit.windowsPath | quote }} - name: K8S_BUFFER_SIZE @@ -117,11 +122,17 @@ spec: - mountPath: C:\fluent-bit\etc name: fluent-bit-config - mountPath: C:\var\log - name: varlog + name: logs + {{- if and ($.Values.fluentBit.persistence) (ne $.Values.fluentBit.persistence.mode "hostPath") }} + readOnly: true + {{- end }} # We need to also mount this because the logs in C:\var\logs are actually symlinks to C:\ProgramData. # So, in order to be able to read these logs, the reading process needs to also have access to C:\ProgramData. - mountPath: C:\ProgramData name: progdata + {{- if and ($.Values.fluentBit.persistence) (ne $.Values.fluentBit.persistence.mode "hostPath") }} + readOnly: true + {{- end }} {{- if $.Values.resources }} resources: {{ toYaml $.Values.resources | indent 12 }} @@ -130,7 +141,7 @@ spec: - name: fluent-bit-config configMap: name: {{ template "newrelic-logging.fluentBitConfig" $ }} - - name: varlog + - name: logs hostPath: path: C:\var\log - name: progdata diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/daemonset.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/daemonset.yaml index 7b95d62e7..d0723cd43 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/daemonset.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/daemonset.yaml @@ -47,8 +47,17 @@ spec: securityContext: {{- . | nindent 8 }} {{- end }} - {{- if .Values.initContainers }} initContainers: + {{- if and (.Values.fluentBit.persistence) (eq .Values.fluentBit.persistence.mode "persistentVolume") }} + - name: init + image: busybox:1.36 + command: ["/bin/sh", "-c"] + args: ["/bin/find /db -type f -mtime +1 -delete"] # Delete all db files not updated in the last 24h + volumeMounts: + - name: fb-db-pvc + mountPath: /db + {{- end }} + {{- if .Values.initContainers }} {{ toYaml .Values.initContainers | indent 8 }} {{- end }} containers: @@ -92,8 +101,20 @@ spec: {{- else }} value: "docker,cri" {{- end }} + {{- if or (not .Values.fluentBit.persistence) (eq .Values.fluentBit.persistence.mode "hostPath") }} - name: FB_DB value: {{ .Values.fluentBit.db | quote }} + {{- else if eq .Values.fluentBit.persistence.mode "persistentVolume" }} + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: FB_DB + value: "/db/$(NODE_NAME)-fb.db" + {{- else }} + - name: FB_DB + value: "" + {{- end }} - name: PATH value: {{ .Values.fluentBit.path | quote }} - name: K8S_BUFFER_SIZE @@ -118,8 +139,16 @@ spec: volumeMounts: - name: fluent-bit-config mountPath: /fluent-bit/etc - - name: var - mountPath: /var + - name: logs + # We mount /var by default because container logs could be on /var/log or /var/lib/docker/containers (symlinked to /var/log) + mountPath: {{ .Values.fluentBit.linuxMountPath | default "/var" }} + {{- if and (.Values.fluentBit.persistence) (ne .Values.fluentBit.persistence.mode "hostPath") }} + readOnly: true + {{- end }} + {{- if and (.Values.fluentBit.persistence) (eq .Values.fluentBit.persistence.mode "persistentVolume") }} + - name: fb-db-pvc + mountPath: /db + {{- end }} {{- if .Values.exposedPorts }} ports: {{ toYaml .Values.exposedPorts | nindent 12 }} {{- end }} @@ -134,9 +163,18 @@ spec: - name: fluent-bit-config configMap: name: {{ template "newrelic-logging.fluentBitConfig" . }} - - name: var + - name: logs hostPath: - path: /var + path: {{ .Values.fluentBit.linuxMountPath | default "/var" }} + {{- if and (.Values.fluentBit.persistence) (eq .Values.fluentBit.persistence.mode "persistentVolume") }} + - name: fb-db-pvc + persistentVolumeClaim: + {{- if .Values.fluentBit.persistence.persistentVolume.existingVolumeClaim }} + claimName: {{ .Values.fluentBit.persistence.persistentVolume.existingVolumeClaim }} + {{- else }} + claimName: {{ template "newrelic-logging.fullname" . }}-pvc + {{- end }} + {{- end }} {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/persistentvolume.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/persistentvolume.yaml new file mode 100644 index 000000000..f2fb93d77 --- /dev/null +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/templates/persistentvolume.yaml @@ -0,0 +1,57 @@ +{{- if (not (empty .Values.fluentBit.persistence)) }} + +{{- if and (eq .Values.fluentBit.persistence.mode "persistentVolume") (not .Values.fluentBit.persistence.persistentVolume.storageClass) (not .Values.fluentBit.persistence.persistentVolume.existingVolumeClaim) }} +{{ fail "You should provide a ReadWriteMany storageClass or an existingVolumeClaim if using persitentVolume as Fluent Bit persistence mode." }} +{{- end }} + +{{- if and (eq .Values.fluentBit.persistence.mode "persistentVolume") (not .Values.fluentBit.persistence.persistentVolume.existingVolumeClaim) }} +{{- if and (not .Values.fluentBit.persistence.persistentVolume.dynamicProvisioning) (not .Values.fluentBit.persistence.persistentVolume.existingVolume) }} +apiVersion: v1 +kind: PersistentVolume +metadata: + namespace: {{ .Release.Namespace }} + labels: {{ include "newrelic-logging.labels" . | indent 4 }} + name: {{ template "newrelic-logging.fullname" . }}-pv + annotations: + {{- if .Values.fluentBit.persistence.persistentVolume.annotations.volume }} +{{ toYaml .Values.fluentBit.persistence.persistentVolume.annotations.volume | indent 4 }} + {{- end }} +spec: + accessModes: + - ReadWriteMany + capacity: + storage: {{ .Values.fluentBit.persistence.persistentVolume.size }} + storageClassName: {{ .Values.fluentBit.persistence.persistentVolume.storageClass }} + persistentVolumeReclaimPolicy: Delete + {{- if .Values.fluentBit.persistence.persistentVolume.extra.volume }} +{{ toYaml .Values.fluentBit.persistence.persistentVolume.extra.volume | indent 2 }} + {{- end }} +--- +{{- end }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + namespace: {{ .Release.Namespace }} + labels: {{ include "newrelic-logging.labels" . | indent 4 }} + name: {{ template "newrelic-logging.fullname" . }}-pvc + annotations: + {{- if .Values.fluentBit.persistence.persistentVolume.annotations.claim }} +{{ toYaml .Values.fluentBit.persistence.persistentVolume.annotations.claim | indent 4 }} + {{- end }} +spec: + storageClassName: {{ .Values.fluentBit.persistence.persistentVolume.storageClass }} + accessModes: + - ReadWriteMany +{{- if .Values.fluentBit.persistence.persistentVolume.existingVolume }} + volumeName: {{ .Values.fluentBit.persistence.persistentVolume.existingVolume }} +{{- else if not .Values.fluentBit.persistence.persistentVolume.dynamicProvisioning }} + volumeName: {{ template "newrelic-logging.fullname" . }}-pv +{{- end }} + resources: + requests: + storage: {{ .Values.fluentBit.persistence.persistentVolume.size }} + {{- if .Values.fluentBit.persistence.persistentVolume.extra.claim }} +{{ toYaml .Values.fluentBit.persistence.persistentVolume.extra.claim | indent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/tests/fluentbit_persistence_test.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/tests/fluentbit_persistence_test.yaml new file mode 100644 index 000000000..67d14c795 --- /dev/null +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/tests/fluentbit_persistence_test.yaml @@ -0,0 +1,317 @@ +suite: test fluent-bit persistence options +templates: + - templates/daemonset.yaml + - templates/configmap.yaml + - templates/persistentvolume.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: default persistence is hostPath, DB is set properly and logs volume is read/write + set: + licenseKey: nr_license_key + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: logs + mountPath: /var + template: templates/daemonset.yaml + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: fb-db-pvc + mountPath: /db + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.volumes + content: + name: logs + hostPath: + path: /var + template: templates/daemonset.yaml + - notContains: + path: spec.template.spec.volumes + content: + name: fb-db-pvc + persistentVolumeClaim: + claimName: my-release-newrelic-logging-pvc + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: FB_DB + value: /var/log/flb_kube.db + template: templates/daemonset.yaml + - hasDocuments: + count: 0 + template: templates/persistentvolume.yaml + - it: fluentBit.persistence set to none should keep FB_DB env empty and mount logs volume as read-only + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: none + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: FB_DB + value: "" + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: logs + mountPath: /var + readOnly: true + template: templates/daemonset.yaml + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: fb-db-pvc + mountPath: /db + template: templates/daemonset.yaml + - notContains: + path: spec.template.spec.volumes + content: + name: fb-db-pvc + persistentVolumeClaim: + claimName: my-release-newrelic-logging-pvc + template: templates/daemonset.yaml + - hasDocuments: + count: 0 + template: templates/persistentvolume.yaml + - it: fluentBit.persistence set to persistentVolume should create volume, add it to daemonset, add an initContainer to cleanup and set the FB_DB. Dynamic provisioning is enabled by default. + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: FB_DB + value: "/db/$(NODE_NAME)-fb.db" + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: logs + mountPath: /var + readOnly: true + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: fb-db-pvc + mountPath: /db + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.volumes + content: + name: fb-db-pvc + persistentVolumeClaim: + claimName: my-release-newrelic-logging-pvc + template: templates/daemonset.yaml + - isNotNullOrEmpty: + path: spec.template.spec.initContainers + template: templates/daemonset.yaml + - contains: + path: spec.template.spec.initContainers[0].volumeMounts + content: + name: fb-db-pvc + mountPath: /db + template: templates/daemonset.yaml + - hasDocuments: + count: 1 + template: templates/persistentvolume.yaml + - isKind: + of: PersistentVolumeClaim + template: templates/persistentvolume.yaml + - equal: + path: spec.accessModes + value: + - ReadWriteMany + template: templates/persistentvolume.yaml + - it: fluentBit.persistence.persistentVolume with non dynamic provisioning should create the PV and PVC + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + dynamicProvisioning: false + asserts: + - hasDocuments: + count: 2 + template: templates/persistentvolume.yaml + - isKind: + of: PersistentVolume + documentIndex: 0 + template: templates/persistentvolume.yaml + - isKind: + of: PersistentVolumeClaim + documentIndex: 1 + template: templates/persistentvolume.yaml + - equal: + path: spec.accessModes + value: + - ReadWriteMany + documentIndex: 0 + template: templates/persistentvolume.yaml + - equal: + path: spec.accessModes + value: + - ReadWriteMany + documentIndex: 1 + template: templates/persistentvolume.yaml + - it: fluentBit.persistence storage class should be set properly on PV and PVC + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + dynamicProvisioning: false + storageClass: sample-storage-rwx + asserts: + - equal: + path: spec.storageClassName + value: sample-storage-rwx + documentIndex: 0 + template: templates/persistentvolume.yaml + - equal: + path: spec.storageClassName + value: sample-storage-rwx + documentIndex: 1 + template: templates/persistentvolume.yaml + - it: fluentBit.persistence.persistentVolume size should be set properly on PV and PVC + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + dynamicProvisioning: false + size: 100Gi + asserts: + - equal: + path: spec.capacity.storage + value: 100Gi + documentIndex: 0 + template: templates/persistentvolume.yaml + - equal: + path: spec.resources.requests.storage + value: 100Gi + documentIndex: 1 + template: templates/persistentvolume.yaml + - it: fluentBit.persistence.persistentVolume not dynamic provisioned but volumeName provided should use the volumeName and do not create a PV + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + dynamicProvisioning: false + existingVolume: existing-volume + asserts: + - hasDocuments: + count: 1 + template: templates/persistentvolume.yaml + - isKind: + of: PersistentVolumeClaim + template: templates/persistentvolume.yaml + - equal: + path: spec.volumeName + value: existing-volume + template: templates/persistentvolume.yaml + - it: fluentBit.persistence.persistentVolume if a existing claim is provided it's used and PV/PVC are not created + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + dynamicProvisioning: false + existingVolumeClaim: existing-claim + asserts: + - hasDocuments: + count: 0 + template: templates/persistentvolume.yaml + - contains: + path: spec.template.spec.volumes + content: + name: fb-db-pvc + persistentVolumeClaim: + claimName: existing-claim + template: templates/daemonset.yaml + - it: fluentBit.persistence.persistentVolume annotations for PV and PVC are used + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + annotations: + volume: + foo: bar + claim: + baz: qux + dynamicProvisioning: false + asserts: + - equal: + path: metadata.annotations.foo + value: bar + documentIndex: 0 + template: templates/persistentvolume.yaml + - equal: + path: metadata.annotations.baz + value: qux + documentIndex: 1 + template: templates/persistentvolume.yaml + - it: fluentBit.persistence.persistentVolume extra for PV and PVC are used + set: + licenseKey: nr_license_key + fluentBit: + persistence: + mode: persistentVolume + persistentVolume: + storageClass: sample-rwx + extra: + volume: + nfs: + path: /tmp/ + server: 1.1.1.1 + claim: + some: property + dynamicProvisioning: false + asserts: + - equal: + path: spec.nfs + value: + path: /tmp/ + server: 1.1.1.1 + documentIndex: 0 + template: templates/persistentvolume.yaml + - equal: + path: spec.some + value: property + documentIndex: 1 + template: templates/persistentvolume.yaml diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/tests/linux_volume_mount_test.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/tests/linux_volume_mount_test.yaml new file mode 100644 index 000000000..83d2a2c11 --- /dev/null +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/tests/linux_volume_mount_test.yaml @@ -0,0 +1,37 @@ +suite: test fluent-bit linux mount for logs +templates: + - templates/configmap.yaml + - templates/daemonset.yaml +release: + name: my-release + namespace: my-namespace +tests: + - it: is set to /var by default an + set: + licenseKey: nr_license_key + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts[1].mountPath + value: /var + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.volumes[1].hostPath.path + value: /var + template: templates/daemonset.yaml + documentIndex: 0 + - it: is set to linuxMountPath if set + templates: + - templates/daemonset.yaml + set: + licenseKey: nr_license_key + fluentBit.linuxMountPath: /var/log + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts[1].mountPath + value: /var/log + template: templates/daemonset.yaml + - equal: + path: spec.template.spec.volumes[1].hostPath.path + value: /var/log + template: templates/daemonset.yaml + documentIndex: 0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml index ae98e6d36..b941f77c0 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml @@ -27,6 +27,7 @@ fluentBit: logLevel: "info" path: "/var/log/containers/*.log" + linuxMountPath: /var windowsPath: "C:\\var\\log\\containers\\*.log" db: "/var/log/flb_kube.db" windowsDb: "C:\\var\\log\\flb_kube.db" @@ -43,6 +44,39 @@ fluentBit: # fieldRef: # fieldPath: metadata.name + # Indicates how fluent-bit database is persisted + persistence: + # Define the persistent mode for fluent-bit db, allowed options are `hostPath` (default), `none`, `persistentVolume`. + # - `hostPath` will use hostPath to store the db file on the node disk. + # - `none` will disable the fluent-bit db file, this could cause log duplication or data loss in case fluent-bit gets restarted. + # - `persistentVolume` will use a ReadWriteMany persistent volume to store the db file. This will override `fluentBit.db` path and use `/db/${NODE_NAME}-fb.db` file instead. + mode: "hostPath" + + # In case persistence.mode is set to persistentVolume this will be needed + persistentVolume: + # The storage class should allow ReadWriteMany mode + storageClass: + # Volume and claim size. + size: 10Gi + # If dynamicProvisioning is enabled the chart will create only the PersistentVolumeClaim + dynamicProvisioning: true + # If an existingVolume is provided, we'll use it instead creating a new one + existingVolume: + # If an existingVolumeClaim is provided, we'll use it instead creating a new one + existingVolumeClaim: + # In case you need to add annotations to the created volume or claim + annotations: + volume: {} + claim: {} + # In case you need to specify any other option to your volume or claim + extra: + volume: + # nfs: + # path: /tmp/ + # server: 1.1.1.1 + claim: {} + + # New Relic default configuration for fluent-bit.conf (service, inputs, filters, outputs) # and parsers.conf (parsers). The configuration below is not configured for lowDataMode and will # send all attributes. If custom configuration is required, update these variables. diff --git a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml index 5303ba6b5..f02e7ead1 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml @@ -1,5 +1,5 @@ annotations: - configuratorVersion: 1.12.1 + configuratorVersion: 1.13.0 apiVersion: v2 appVersion: v2.37.8 dependencies: @@ -11,24 +11,12 @@ keywords: - newrelic - prometheus maintainers: -- name: nserrino - url: https://github.com/nserrino -- name: philkuz - url: https://github.com/philkuz -- name: htroisi - url: https://github.com/htroisi - name: juanjjaramillo url: https://github.com/juanjjaramillo -- name: svetlanabrennan - url: https://github.com/svetlanabrennan -- name: nrepai - url: https://github.com/nrepai - name: csongnr url: https://github.com/csongnr -- name: vuqtran88 - url: https://github.com/vuqtran88 -- name: xqi-nr - url: https://github.com/xqi-nr +- name: dbudziwojskiNR + url: https://github.com/dbudziwojskiNR name: newrelic-prometheus-agent type: application -version: 1.9.1 +version: 1.10.0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/README.md b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/README.md index a9b1cedd3..069b9a79b 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/README.md +++ b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/README.md @@ -239,12 +239,6 @@ The order to set the affinity is to set `affinity` field (at root level), if tha ## Maintainers -* [nserrino](https://github.com/nserrino) -* [philkuz](https://github.com/philkuz) -* [htroisi](https://github.com/htroisi) * [juanjjaramillo](https://github.com/juanjjaramillo) -* [svetlanabrennan](https://github.com/svetlanabrennan) -* [nrepai](https://github.com/nrepai) * [csongnr](https://github.com/csongnr) -* [vuqtran88](https://github.com/vuqtran88) -* [xqi-nr](https://github.com/xqi-nr) +* [dbudziwojskiNR](https://github.com/dbudziwojskiNR) diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml index 07a955dbc..95ca154ef 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.7.3 +appVersion: 2.8.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -12,27 +12,15 @@ keywords: - newrelic - monitoring maintainers: -- name: nserrino - url: https://github.com/nserrino -- name: philkuz - url: https://github.com/philkuz -- name: htroisi - url: https://github.com/htroisi - name: juanjjaramillo url: https://github.com/juanjjaramillo -- name: svetlanabrennan - url: https://github.com/svetlanabrennan -- name: nrepai - url: https://github.com/nrepai - name: csongnr url: https://github.com/csongnr -- name: vuqtran88 - url: https://github.com/vuqtran88 -- name: xqi-nr - url: https://github.com/xqi-nr +- name: dbudziwojskiNR + url: https://github.com/dbudziwojskiNR name: nri-kube-events sources: - https://github.com/newrelic/nri-kube-events/ - https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events - https://github.com/newrelic/infrastructure-agent/ -version: 3.7.3 +version: 3.8.0 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md index 74d7322a8..822956302 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md @@ -1,6 +1,6 @@ # nri-kube-events -![Version: 3.7.3](https://img.shields.io/badge/Version-3.7.3-informational?style=flat-square) ![AppVersion: 2.7.3](https://img.shields.io/badge/AppVersion-2.7.3-informational?style=flat-square) +![Version: 3.8.0](https://img.shields.io/badge/Version-3.8.0-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square) A Helm chart to deploy the New Relic Kube Events router @@ -74,12 +74,6 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera ## Maintainers -* [nserrino](https://github.com/nserrino) -* [philkuz](https://github.com/philkuz) -* [htroisi](https://github.com/htroisi) * [juanjjaramillo](https://github.com/juanjjaramillo) -* [svetlanabrennan](https://github.com/svetlanabrennan) -* [nrepai](https://github.com/nrepai) * [csongnr](https://github.com/csongnr) -* [vuqtran88](https://github.com/vuqtran88) -* [xqi-nr](https://github.com/xqi-nr) +* [dbudziwojskiNR](https://github.com/dbudziwojskiNR) diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml index b3921c488..9fcfd436b 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml @@ -27,7 +27,7 @@ images: agent: registry: repository: newrelic/k8s-events-forwarder - tag: 1.48.3 + tag: 1.48.4 pullPolicy: IfNotPresent # -- The secrets that are needed to pull images from a custom registry. pullSecrets: [] diff --git a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml index ba7395cd9..e26def962 100644 --- a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.24.1 +appVersion: 1.25.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -14,12 +14,12 @@ keywords: maintainers: - name: juanjjaramillo url: https://github.com/juanjjaramillo -- name: svetlanabrennan - url: https://github.com/svetlanabrennan -- name: xqi-nr - url: https://github.com/xqi-nr +- name: csongnr + url: https://github.com/csongnr +- name: dbudziwojskiNR + url: https://github.com/dbudziwojskiNR name: nri-metadata-injection sources: - https://github.com/newrelic/k8s-metadata-injection - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection -version: 4.16.1 +version: 4.17.0 diff --git a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/README.md b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/README.md index b0b5a7887..dd922ef13 100644 --- a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/README.md +++ b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/README.md @@ -64,5 +64,5 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera ## Maintainers * [juanjjaramillo](https://github.com/juanjjaramillo) -* [svetlanabrennan](https://github.com/svetlanabrennan) -* [xqi-nr](https://github.com/xqi-nr) +* [csongnr](https://github.com/csongnr) +* [dbudziwojskiNR](https://github.com/dbudziwojskiNR) diff --git a/charts/percona/psmdb-db/Chart.yaml b/charts/percona/psmdb-db/Chart.yaml index 3ceb9823a..28ff2bf6b 100644 --- a/charts/percona/psmdb-db/Chart.yaml +++ b/charts/percona/psmdb-db/Chart.yaml @@ -15,4 +15,4 @@ maintainers: - email: natalia.marukovich@percona.com name: nmarukovich name: psmdb-db -version: 1.15.1 +version: 1.15.3 diff --git a/charts/percona/psmdb-db/README.md b/charts/percona/psmdb-db/README.md index 129dde515..0fc8c12d2 100644 --- a/charts/percona/psmdb-db/README.md +++ b/charts/percona/psmdb-db/README.md @@ -93,6 +93,7 @@ The chart can be customized using the following configurable parameters: | `replsets[0].volumeSpec.emptyDir` | ReplicaSet Pods emptyDir K8S storage | `{}` | | `replsets[0].volumeSpec.hostPath` | ReplicaSet Pods hostPath K8S storage | | | `replsets[0].volumeSpec.hostPath.path` | ReplicaSet Pods hostPath K8S storage path | `""` | +| `replsets[0].volumeSpec.hostPath.type` | Type for hostPath volume | `Directory` | | `replsets[0].volumeSpec.pvc` | ReplicaSet Pods PVC request parameters | | | `replsets[0].volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | | `replsets[0].volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | @@ -119,6 +120,7 @@ The chart can be customized using the following configurable parameters: | `replsets[0].nonvoting.volumeSpec.emptyDir` | Nonvoting Pods emptyDir K8S storage | `{}` | | `replsets[0].nonvoting.volumeSpec.hostPath` | Nonvoting Pods hostPath K8S storage | | | `replsets[0].nonvoting.volumeSpec.hostPath.path` | Nonvoting Pods hostPath K8S storage path | `""` | +| `replsets[0].nonvoting.volumeSpec.hostPath.type` | Type for hostPath volume | `Directory` | | `replsets[0].nonvoting.volumeSpec.pvc` | Nonvoting Pods PVC request parameters | | | `replsets[0].nonvoting.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | | `replsets[0].nonvoting.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | @@ -172,6 +174,7 @@ The chart can be customized using the following configurable parameters: | `sharding.configrs.resources.requests.memory` | Config ReplicaSet resource requests memory | `0.5G` | | `sharding.configrs.volumeSpec.hostPath` | Config ReplicaSet hostPath K8S storage | | | `sharding.configrs.volumeSpec.hostPath.path` | Config ReplicaSet hostPath K8S storage path | `""` | +| `sharding.configrs.volumeSpec.hostPath.type` | Type for hostPath volum | `Directory` | | `sharding.configrs.volumeSpec.emptyDir` | Config ReplicaSet Pods emptyDir K8S storage | | | `sharding.configrs.volumeSpec.pvc` | Config ReplicaSet Pods PVC request parameters | | | `sharding.configrs.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | @@ -214,6 +217,8 @@ The chart can be customized using the following configurable parameters: | | | `backup.enabled` | Enable backup PBM agent | `true` | | `backup.annotations` | Backup job annotations | `{}` | +| `backup.podSecurityContext` | Set the security context for a Pod | `{}` | +| `backup.containerSecurityContext` | Set the security context for a Container | `{}` | | `backup.restartOnFailure` | Backup Pods restart policy | `true` | | `backup.image.repository` | PBM Container image repository | `percona/percona-backup-mongodb` | | `backup.image.tag` | PBM Container image tag | `2.3.0` | diff --git a/charts/percona/psmdb-db/templates/cluster.yaml b/charts/percona/psmdb-db/templates/cluster.yaml index 396e03aae..9052fe04b 100644 --- a/charts/percona/psmdb-db/templates/cluster.yaml +++ b/charts/percona/psmdb-db/templates/cluster.yaml @@ -191,8 +191,12 @@ spec: volumeSpec: {{- if $replset.volumeSpec.hostPath }} hostPath: - path: {{ $replset.volumeSpec.hostPath }} + path: {{ $replset.volumeSpec.hostPath.path }} + {{- if $replset.volumeSpec.hostPath.type }} + type: {{ $replset.volumeSpec.hostPath.type }} + {{- else }} type: Directory + {{- end }} {{- else if $replset.volumeSpec.pvc }} persistentVolumeClaim: {{ $replset.volumeSpec.pvc | toYaml | indent 8 }} @@ -258,8 +262,12 @@ spec: volumeSpec: {{- if $replset.nonvoting.volumeSpec.hostPath }} hostPath: - path: {{ $replset.nonvoting.volumeSpec.hostPath }} + path: {{ $replset.nonvoting.volumeSpec.hostPath.path }} + {{- if $replset.nonvoting.volumeSpec.hostPath.type }} + type: {{ $replset.nonvoting.volumeSpec.hostPath.type }} + {{- else }} type: Directory + {{- end }} {{- else if $replset.nonvoting.volumeSpec.pvc }} persistentVolumeClaim: {{ $replset.nonvoting.volumeSpec.pvc | toYaml | indent 10 }} @@ -413,8 +421,12 @@ spec: volumeSpec: {{- if .Values.sharding.configrs.volumeSpec.hostPath }} hostPath: - path: {{ .Values.sharding.configrs.volumeSpec.hostPath }} + path: {{ .Values.sharding.configrs.volumeSpec.hostPath.path }} + {{- if .Values.sharding.configrs.volumeSpec.hostPath.type }} + type: {{ .Values.sharding.configrs.volumeSpec.hostPath.type }} + {{- else }} type: Directory + {{- end }} {{- else if .Values.sharding.configrs.volumeSpec.pvc }} persistentVolumeClaim: {{ .Values.sharding.configrs.volumeSpec.pvc | toYaml | indent 10 }} @@ -538,6 +550,14 @@ spec: {{- if .Values.backup.annotations }} annotations: {{ .Values.backup.annotations | toYaml | indent 6 }} + {{- end }} + {{- if .Values.backup.podSecurityContext }} + podSecurityContext: +{{ .Values.backup.podSecurityContext | toYaml | indent 6 }} + {{- end }} + {{- if .Values.backup.containerSecurityContext }} + containerSecurityContext: +{{ .Values.backup.containerSecurityContext | toYaml | indent 6 }} {{- end }} image: "{{ .Values.backup.image.repository }}:{{ .Values.backup.image.tag }}" serviceAccountName: {{ .Values.backup.serviceAccountName }} diff --git a/charts/percona/psmdb-db/values.yaml b/charts/percona/psmdb-db/values.yaml index 4b9ee8ac3..23d68a764 100644 --- a/charts/percona/psmdb-db/values.yaml +++ b/charts/percona/psmdb-db/values.yaml @@ -102,6 +102,8 @@ replsets: # priorityClass: "" # annotations: {} # labels: {} + # podSecurityContext: {} + # containerSecurityContext: {} # nodeSelector: {} # livenessProbe: # failureThreshold: 4 @@ -180,7 +182,7 @@ replsets: # - 10.0.0.0/8 # serviceAnnotations: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # serviceLabels: + # serviceLabels: # some-label: some-key # schedulerName: "" resources: @@ -194,6 +196,7 @@ replsets: # emptyDir: {} # hostPath: # path: /data + # type: Directory pvc: # annotations: # volume.beta.kubernetes.io/storage-class: example-hostpath @@ -250,6 +253,7 @@ replsets: # emptyDir: {} # hostPath: # path: /data + # type: Directory pvc: # annotations: # volume.beta.kubernetes.io/storage-class: example-hostpath @@ -326,6 +330,8 @@ sharding: # priorityClass: "" # annotations: {} # labels: {} + # podSecurityContext: {} + # containerSecurityContext: {} # nodeSelector: {} # livenessProbe: {} # readinessProbe: {} @@ -349,7 +355,7 @@ sharding: # - 10.0.0.0/8 # serviceAnnotations: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # serviceLabels: + # serviceLabels: # some-label: some-key resources: limits: @@ -409,6 +415,8 @@ sharding: # priorityClass: "" # annotations: {} # labels: {} + # podSecurityContext: {} + # containerSecurityContext: {} # nodeSelector: {} # livenessProbe: {} # readinessProbe: {} @@ -439,7 +447,7 @@ sharding: # - 10.0.0.0/8 # serviceAnnotations: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # serviceLabels: + # serviceLabels: # some-label: some-key # auditLog: # destination: file @@ -459,6 +467,8 @@ backup: serviceAccountName: percona-server-mongodb-operator # annotations: # iam.amazonaws.com/role: role-arn + # podSecurityContext: {} + # containerSecurityContext: {} # resources: # limits: # cpu: "300m" diff --git a/charts/percona/psmdb-operator/Chart.yaml b/charts/percona/psmdb-operator/Chart.yaml index c003246ad..b9a284e27 100644 --- a/charts/percona/psmdb-operator/Chart.yaml +++ b/charts/percona/psmdb-operator/Chart.yaml @@ -16,4 +16,4 @@ maintainers: - email: sergey.pronin@percona.com name: spron-in name: psmdb-operator -version: 1.15.0 +version: 1.15.2 diff --git a/charts/percona/psmdb-operator/README.md b/charts/percona/psmdb-operator/README.md index 2a2a03373..3237153e9 100644 --- a/charts/percona/psmdb-operator/README.md +++ b/charts/percona/psmdb-operator/README.md @@ -32,6 +32,8 @@ The chart can be customized using the following configurable parameters: | `image.pullSecrets` | PSMDB Operator Pod pull secret | `[]` | | `replicaCount` | PSMDB Operator Pod quantity | `1` | | `tolerations` | List of node taints to tolerate | `[]` | +| `annotations` | PSMDB Operator Deployment annotations | `{}` | +| `podAnnotations` | PSMDB Operator Pod annotations | `{}` | | `resources` | Resource requests and limits | `{}` | | `nodeSelector` | Labels for Pod assignment | `{}` | | `podAnnotations` | Annotations for pod | `{}` | @@ -40,6 +42,7 @@ The chart can be customized using the following configurable parameters: | `rbac.create` | If false RBAC will not be created. RBAC resources will need to be created manually | `true` | | `securityContext` | Container Security Context | `{}` | | `serviceAccount.create` | If false the ServiceAccounts will not be created. The ServiceAccounts must be created manually | `true` | +| `serviceAccount.annotations` | PSMDB Operator ServiceAccount annotations | `{}` | | `logStructured` | Force PSMDB operator to print JSON-wrapped log messages | `false` | | `logLevel` | PSMDB Operator logging level | `INFO` | | `disableTelemetry` | Disable sending PSMDB Operator telemetry data to Percona | `false` | diff --git a/charts/percona/psmdb-operator/templates/deployment.yaml b/charts/percona/psmdb-operator/templates/deployment.yaml index a208e8efe..5ab469894 100644 --- a/charts/percona/psmdb-operator/templates/deployment.yaml +++ b/charts/percona/psmdb-operator/templates/deployment.yaml @@ -4,7 +4,11 @@ metadata: name: {{ include "psmdb-operator.fullname" . }} namespace: {{ .Release.Namespace }} labels: -{{ include "psmdb-operator.labels" . | indent 4 }} + {{- include "psmdb-operator.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.replicaCount }} selector: @@ -35,9 +39,12 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - containerPort: 60000 + - containerPort: 8080 protocol: TCP name: metrics + - containerPort: 8081 + protocol: TCP + name: health command: - percona-server-mongodb-operator env: @@ -61,14 +68,14 @@ spec: value: "{{ .Values.env.resyncPeriod }}" - name: DISABLE_TELEMETRY value: "{{ .Values.disableTelemetry }}" - # livenessProbe: - # httpGet: - # path: / - # port: metrics - # readinessProbe: - # httpGet: - # path: / - # port: metrics + livenessProbe: + httpGet: + path: /healthz + port: health + readinessProbe: + httpGet: + path: /healthz + port: health resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/charts/percona/psmdb-operator/templates/role-binding.yaml b/charts/percona/psmdb-operator/templates/role-binding.yaml index 3f4528400..fb2bdbe3a 100644 --- a/charts/percona/psmdb-operator/templates/role-binding.yaml +++ b/charts/percona/psmdb-operator/templates/role-binding.yaml @@ -4,6 +4,10 @@ kind: ServiceAccount metadata: name: {{ include "psmdb-operator.fullname" . }} namespace: {{ .Release.Namespace }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} --- {{- end }} {{- if .Values.rbac.create }} diff --git a/charts/percona/psmdb-operator/values.yaml b/charts/percona/psmdb-operator/values.yaml index ab989c846..37f58e237 100644 --- a/charts/percona/psmdb-operator/values.yaml +++ b/charts/percona/psmdb-operator/values.yaml @@ -31,7 +31,13 @@ rbac: serviceAccount: # serviceAccount.create: Whether to create the Service Accounts or not create: true + # annotations to add to the service account + annotations: {} +# annotations to add to the operator deployment +annotations: {} + +# annotations to add to the operator pod podAnnotations: {} # prometheus.io/scrape: "true" # prometheus.io/port: "8080" diff --git a/charts/percona/pxc-db/Chart.yaml b/charts/percona/pxc-db/Chart.yaml index 25ee4572d..9385cd5a9 100644 --- a/charts/percona/pxc-db/Chart.yaml +++ b/charts/percona/pxc-db/Chart.yaml @@ -17,4 +17,4 @@ maintainers: - email: natalia.marukovich@percona.com name: nmarukovich name: pxc-db -version: 1.13.4 +version: 1.13.6 diff --git a/charts/percona/pxc-db/README.md b/charts/percona/pxc-db/README.md index 490736ede..849cc956a 100644 --- a/charts/percona/pxc-db/README.md +++ b/charts/percona/pxc-db/README.md @@ -215,6 +215,8 @@ The chart can be customized using the following configurable parameters: | `pmm.serverUser` | Username for accessing PXC database internals | `admin` | | `pmm.resources.requests` | PMM Container resource requests | `{"memory": "150M", "cpu": "300m"}` | | `pmm.resources.limits` | PMM Container resource limits | `{}` | +| `pmm.pxcParams` | Additional parameters which will be passed to the [pmm-admin add mysql](https://docs.percona.com/percona-monitoring-and-management/setting-up/client/mysql.html#add-service) command for `pxc` Pods | `""` | +| `pmm.proxysqlParams` | Additional parameters which will be passed to the [pmm-admin add proxysql](https://docs.percona.com/percona-monitoring-and-management/setting-up/client/proxysql.html) command for `proxysql` Pods | `""` | | | | `backup.enabled` | Enables backups for PXC cluster | `true` | | `backup.allowParallel` | Allow taking multiple backups in parallel | `true` | diff --git a/charts/percona/pxc-db/templates/cluster.yaml b/charts/percona/pxc-db/templates/cluster.yaml index 2d47ce491..a581e01f3 100644 --- a/charts/percona/pxc-db/templates/cluster.yaml +++ b/charts/percona/pxc-db/templates/cluster.yaml @@ -473,6 +473,12 @@ spec: {{- end }} serverHost: {{ $pmm.serverHost }} serverUser: {{ $pmm.serverUser }} + {{- if $pmm.pxcParams }} + pxcParams: {{ $pmm.pxcParams }} + {{- end }} + {{- if $pmm.proxysqlParams }} + proxysqlParams: {{ $pmm.proxysqlParams }} + {{- end }} resources: requests: {{ tpl ($pmm.resources.requests | toYaml) $ | indent 8 }} diff --git a/charts/percona/pxc-db/templates/s3-secret.yaml b/charts/percona/pxc-db/templates/s3-secret.yaml index 60413f896..b801f1890 100644 --- a/charts/percona/pxc-db/templates/s3-secret.yaml +++ b/charts/percona/pxc-db/templates/s3-secret.yaml @@ -5,7 +5,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "pxc-database.fullname" $ }}-s3-{{ $key }} - namespace: {{ .Release.Namespace }} + namespace: {{ $.Release.Namespace }} labels: {{ include "pxc-database.labels" $ | indent 4 }} type: Opaque diff --git a/charts/percona/pxc-db/values.yaml b/charts/percona/pxc-db/values.yaml index e967e9753..6e90f9bbf 100644 --- a/charts/percona/pxc-db/values.yaml +++ b/charts/percona/pxc-db/values.yaml @@ -477,6 +477,8 @@ pmm: imagePullSecrets: [] serverHost: monitoring-service serverUser: admin + # pxcParams: "--disable-tablestats-limit=2000" + # proxysqlParams: "--custom-labels=CUSTOM-LABELS" resources: requests: memory: 150M diff --git a/charts/percona/pxc-operator/Chart.yaml b/charts/percona/pxc-operator/Chart.yaml index 5f973f15e..937c9f737 100644 --- a/charts/percona/pxc-operator/Chart.yaml +++ b/charts/percona/pxc-operator/Chart.yaml @@ -18,4 +18,4 @@ maintainers: - email: sergey.pronin@percona.com name: spron-in name: pxc-operator -version: 1.13.3 +version: 1.13.5 diff --git a/charts/percona/pxc-operator/README.md b/charts/percona/pxc-operator/README.md index 75b4acbe5..1c465b742 100644 --- a/charts/percona/pxc-operator/README.md +++ b/charts/percona/pxc-operator/README.md @@ -32,6 +32,7 @@ The chart can be customized using the following configurable parameters: | `imagePullSecrets` | PXC Operator Pod pull secret | `[]` | | `replicaCount` | PXC Operator Pod quantity | `1` | | `tolerations` | List of node taints to tolerate | `[]` | +| `podAnnotations` | Operator Pod user-defined annotations | `{}` | | `resources` | Resource requests and limits | `{}` | | `nodeSelector` | Labels for Pod assignment | `{}` | | `logStructured` | Force PXC operator to print JSON-wrapped log messages | `false` | @@ -39,6 +40,7 @@ The chart can be customized using the following configurable parameters: | `disableTelemetry` | Disable sending PXC Operator telemetry data to Percona | `false` | | `rbac.create` | If false RBAC will not be created. RBAC resources will need to be created manually | `true` | | `serviceAccount.create` | If false the ServiceAccounts will not be created. The ServiceAccounts must be created manually | `true` | +| `extraEnvVars` | Custom pod environment variables | `[]` | Specify parameters using `--set key=value[,key=value]` argument to `helm install` diff --git a/charts/percona/pxc-operator/templates/deployment.yaml b/charts/percona/pxc-operator/templates/deployment.yaml index 69d615dcd..f073b4f10 100644 --- a/charts/percona/pxc-operator/templates/deployment.yaml +++ b/charts/percona/pxc-operator/templates/deployment.yaml @@ -19,6 +19,10 @@ spec: type: RollingUpdate template: metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: app.kubernetes.io/component: operator app.kubernetes.io/name: {{ include "pxc-operator.name" . }} @@ -65,6 +69,9 @@ spec: value: "{{ .Values.logLevel }}" - name: DISABLE_TELEMETRY value: "{{ .Values.disableTelemetry }}" + {{- if .Values.extraEnvVars }} + {{- toYaml .Values.extraEnvVars | nindent 12 }} + {{- end }} livenessProbe: failureThreshold: 3 httpGet: diff --git a/charts/percona/pxc-operator/values.yaml b/charts/percona/pxc-operator/values.yaml index 725945f05..07f8a3453 100644 --- a/charts/percona/pxc-operator/values.yaml +++ b/charts/percona/pxc-operator/values.yaml @@ -53,6 +53,14 @@ tolerations: [] affinity: {} +podAnnotations: {} + logStructured: false logLevel: "INFO" disableTelemetry: false + +extraEnvVars: [] +# - name: http_proxy +# value: "example-proxy-http" +# - name: https_proxy +# value: "example-proxy-https" diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index fe0f09054..7197c87ea 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: console repository: https://charts.redpanda.com - version: 0.7.16 + version: 0.7.18 - name: connectors repository: https://charts.redpanda.com version: 0.1.9 -digest: sha256:977004c9b9eb8cb886229bf385619e90b137562b67ebefde04b9791ebbff88fb -generated: "2024-01-23T12:05:10.35618748Z" +digest: sha256:89c683c4ecbe02d5157c467f49975eb440d61e40a8470e7da722f459ca04701a +generated: "2024-02-06T14:22:00.096887653Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 2a859128a..bb9383b5e 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: redpanda - image: docker.redpanda.com/redpandadata/redpanda:v23.3.1 + image: docker.redpanda.com/redpandadata/redpanda:v23.3.4 - name: busybox image: busybox:latest - name: mintel/docker-alpine-bash-curl-jq @@ -17,7 +17,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: redpanda apiVersion: v2 -appVersion: v23.3.1 +appVersion: v23.3.4 dependencies: - condition: console.enabled name: console @@ -37,4 +37,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 5.7.10 +version: 5.7.23 diff --git a/charts/redpanda/redpanda/README.md b/charts/redpanda/redpanda/README.md index 257aee0af..5f609b6cb 100644 --- a/charts/redpanda/redpanda/README.md +++ b/charts/redpanda/redpanda/README.md @@ -3,7 +3,7 @@ description: Find the default values and descriptions of settings in the Redpanda Helm chart. --- -![Version: 5.7.8](https://img.shields.io/badge/Version-5.7.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v23.3.1](https://img.shields.io/badge/AppVersion-v23.3.1-informational?style=flat-square) +![Version: 5.7.22](https://img.shields.io/badge/Version-5.7.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v23.3.4](https://img.shields.io/badge/AppVersion-v23.3.4-informational?style=flat-square) This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/redpanda/values.yaml). Each of the settings is listed and described on this page, along with any default values. @@ -57,7 +57,7 @@ Enable or disable audit logging, for production clusters we suggest you enable, ### [auditLogging.enabledEventTypes](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.enabledEventTypes) -Event types that should be captured by audit logs, default is ["admin", "authenticate", "management"]. +Event types that should be captured by audit logs, default is [`admin`, `authenticate`, `management`]. **Default:** `nil` @@ -75,7 +75,7 @@ List of topics to exclude from auditing, default is null. ### [auditLogging.listener](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.listener) -Kafka listener name, note that it must have `authenticationMethod` set to sasl 'internal' if using internal listener, else use external listener name, e.g., default. +Kafka listener name, note that it must have `authenticationMethod` set to `sasl`. For external listeners, use the external listener name, such as `default`. **Default:** `"internal"` @@ -99,7 +99,7 @@ Defines the maximum amount of memory used (in bytes) by the audit buffer in each ### [auditLogging.replicationFactor](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.replicationFactor) -Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the internal_topic_replication_factor cluster config value. Default is null +Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the `internal_topic_replication_factor cluster` config value. Default is `null` **Default:** `nil` @@ -777,7 +777,7 @@ In environments where root is not allowed, you cannot change the ownership of fi ### [statefulset.nodeSelector](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.nodeSelector) -Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global nodeSelector value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). +Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global `nodeSelector` value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). **Default:** `{}` @@ -817,7 +817,7 @@ Valid anti-affinity types are `soft`, `hard`, or `custom`. Use `custom` if you w ### [statefulset.podAntiAffinity.weight](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podAntiAffinity.weight) -Weight for `soft` anti-affinity rules. Does not apply for other anti-affinity types. +Weight for `soft` anti-affinity rules. Does not apply to other anti-affinity types. **Default:** `100` @@ -966,7 +966,7 @@ Persistence settings. For details, see the [storage documentation](https://docs. **Default:** ``` -{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_access_key":"","cloud_storage_api_endpoint":"","cloud_storage_azure_container":null,"cloud_storage_azure_shared_key":null,"cloud_storage_azure_storage_account":null,"cloud_storage_bucket":"","cloud_storage_cache_size":5368709120,"cloud_storage_credentials_source":"config_file","cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false,"cloud_storage_region":"","cloud_storage_secret_key":""},"credentialsSecretRef":{},"hostPath":"","mountType":"emptyDir","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}} +{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_access_key":"","cloud_storage_api_endpoint":"","cloud_storage_azure_container":null,"cloud_storage_azure_shared_key":null,"cloud_storage_azure_storage_account":null,"cloud_storage_bucket":"","cloud_storage_cache_size":5368709120,"cloud_storage_credentials_source":"config_file","cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false,"cloud_storage_region":"","cloud_storage_secret_key":""},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"emptyDir","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}} ``` ### [storage.hostPath](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.hostPath) @@ -982,7 +982,7 @@ If `persistentVolume.enabled` is true, a PersistentVolumeClaim is created and us **Default:** ``` -{"annotations":{},"enabled":true,"labels":{},"size":"20Gi","storageClass":""} +{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""} ``` ### [storage.persistentVolume.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.persistentVolume.annotations) @@ -997,9 +997,15 @@ Additional labels to apply to the created PersistentVolumeClaims. **Default:** `{}` +### [storage.persistentVolume.nameOverwrite](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.persistentVolume.nameOverwrite) + +Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to `persistentVolume` + +**Default:** `""` + ### [storage.persistentVolume.storageClass](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.persistentVolume.storageClass) -To disable dynamic provisioning, set to "-". If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack). +To disable dynamic provisioning, set to `-`. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack). **Default:** `""` @@ -1015,37 +1021,37 @@ Tiered Storage settings Requires `enterprise.licenseKey` or `enterprised.license ### [storage.tiered.config.cloud_storage_access_key](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_access_key) -Required for AWS and GCS authentication with access keys. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_access_key). +AWS or GCP access key (required for AWS and GCP authentication with access keys). See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_access_key). **Default:** `""` ### [storage.tiered.config.cloud_storage_api_endpoint](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_api_endpoint) -See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_api_endpoint). +AWS or GCP API endpoint. * For AWS, this can be left blank as it is generated automatically using the bucket and region. For example, `.s3..amazonaws.com`. * For GCP, use `storage.googleapis.com` See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_api_endpoint). **Default:** `""` ### [storage.tiered.config.cloud_storage_azure_container](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_azure_container) -Required for ABS. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_container). +Name of the Azure container to use with Tiered Storage (required for ABS/ADLS). Note that the container must belong to the account specified by `cloud_storage_azure_storage_account`. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_container). **Default:** `nil` ### [storage.tiered.config.cloud_storage_azure_shared_key](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_azure_shared_key) -Required for ABS. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_shared_key). +Shared key to be used for Azure Shared Key authentication with the Azure storage account specified by `cloud_storage_azure_storage_account`. Note that the key should be base64 encoded. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_shared_key). **Default:** `nil` ### [storage.tiered.config.cloud_storage_azure_storage_account](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_azure_storage_account) -Required for ABS. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_storage_account). +Name of the Azure storage account to use with Tiered Storage (required for ABS/ADLS). See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_storage_account). **Default:** `nil` ### [storage.tiered.config.cloud_storage_bucket](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_bucket) -Required for AWS and GCS. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_bucket). +AWS or GCP bucket name used for Tiered Storage (required for AWS and GCP). See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_bucket). **Default:** `""` @@ -1057,19 +1063,19 @@ Maximum size of the disk cache used by Tiered Storage. Default is 20 GiB. See th ### [storage.tiered.config.cloud_storage_credentials_source](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_credentials_source) -Required for AWS and GCS authentication with IAM roles. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_credentials_source). +Source of credentials used to connect to cloud services (required for AWS and GCP authentication with IAM roles). * `config_file` * `aws_instance_metadata` * `sts` * `gcp_instance_metadata` See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_credentials_source). **Default:** `"config_file"` ### [storage.tiered.config.cloud_storage_enable_remote_read](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_enable_remote_read) -See the [property reference documentation](https://docs.redpanda.com/docs/reference/tunable-properties/#cloud_storage_enable_remote_read). +Cluster level default remote read configuration for new topics. See the [property reference documentation](https://docs.redpanda.com/docs/reference/tunable-properties/#cloud_storage_enable_remote_read). **Default:** `true` ### [storage.tiered.config.cloud_storage_enable_remote_write](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_enable_remote_write) -See the [property reference documentation](https://docs.redpanda.com/docs/reference/tunable-properties/#cloud_storage_enable_remote_write). +Cluster level default remote write configuration for new topics. See the [property reference documentation](https://docs.redpanda.com/docs/reference/tunable-properties/#cloud_storage_enable_remote_write). **Default:** `true` @@ -1081,13 +1087,13 @@ Global flag that enables Tiered Storage if a license key is provided. See the [p ### [storage.tiered.config.cloud_storage_region](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_region) -Required for AWS and GCS. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_region). +AWS or GCP region for where the bucket used for Tiered Storage is located (required for AWS and GCP). See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_region). **Default:** `""` ### [storage.tiered.config.cloud_storage_secret_key](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_secret_key) -Required for AWS and GCS authentication with access keys. See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_secret_key). +AWS or GCP secret key (required for AWS and GCP authentication with access keys). See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_secret_key). **Default:** `""` diff --git a/charts/redpanda/redpanda/charts/console/Chart.yaml b/charts/redpanda/redpanda/charts/console/Chart.yaml index 1d4cd0a37..5e487f101 100644 --- a/charts/redpanda/redpanda/charts/console/Chart.yaml +++ b/charts/redpanda/redpanda/charts/console/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: redpanda - image: docker.redpanda.com/redpandadata/console:v2.3.9 + image: docker.redpanda.com/redpandadata/console:v2.4.1 artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Documentation @@ -9,7 +9,7 @@ annotations: - name: "Helm (>= 3.6.0)" url: https://helm.sh/docs/intro/install/ apiVersion: v2 -appVersion: v2.3.9 +appVersion: v2.4.1 description: Helm chart to deploy Redpanda Console. icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg maintainers: @@ -19,4 +19,4 @@ name: console sources: - https://github.com/redpanda-data/helm-charts type: application -version: 0.7.16 +version: 0.7.18 diff --git a/charts/redpanda/redpanda/ci/18-single-external-address-values.yaml b/charts/redpanda/redpanda/ci/18-single-external-address-values.yaml new file mode 100644 index 000000000..b710777bb --- /dev/null +++ b/charts/redpanda/redpanda/ci/18-single-external-address-values.yaml @@ -0,0 +1,26 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +# the number of replicas should match the length of the addresses +statefulset: + replicas: 3 + +external: + enabled: true + domain: my-domain + addresses: + - $PREFIX_TEMPLATE + prefixTemplate: $POD_ORDINAL-XYZ-$(echo -n $HOST_IP_ADDRESS | sha256sum + | head -c 7) diff --git a/charts/redpanda/redpanda/ci/21-eks-tiered-storage-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/21-eks-tiered-storage-with-creds-values.yaml.tpl index da8d6f5a8..dc7e8e553 100644 --- a/charts/redpanda/redpanda/ci/21-eks-tiered-storage-with-creds-values.yaml.tpl +++ b/charts/redpanda/redpanda/ci/21-eks-tiered-storage-with-creds-values.yaml.tpl @@ -24,4 +24,12 @@ storage: cloud_storage_bucket: "${TEST_BUCKET}" cloud_storage_segment_max_upload_interval_sec: 1 enterprise: - license: "${REDPANDA_SAMPLE_LICENSE}" \ No newline at end of file + license: "${REDPANDA_SAMPLE_LICENSE}" + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/22-gke-tiered-storage-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/22-gke-tiered-storage-with-creds-values.yaml.tpl index f456972ff..2b9aa4aea 100644 --- a/charts/redpanda/redpanda/ci/22-gke-tiered-storage-with-creds-values.yaml.tpl +++ b/charts/redpanda/redpanda/ci/22-gke-tiered-storage-with-creds-values.yaml.tpl @@ -36,4 +36,12 @@ resources: max: 2.0Gi redpanda: memory: 1Gi - reserveMemory: 100Mi \ No newline at end of file + reserveMemory: 100Mi + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/23-aks-tiered-storage-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/23-aks-tiered-storage-with-creds-values.yaml.tpl index e559095d7..241ffb753 100644 --- a/charts/redpanda/redpanda/ci/23-aks-tiered-storage-with-creds-values.yaml.tpl +++ b/charts/redpanda/redpanda/ci/23-aks-tiered-storage-with-creds-values.yaml.tpl @@ -37,4 +37,12 @@ resources: max: 2.0Gi redpanda: memory: 1Gi - reserveMemory: 100Mi \ No newline at end of file + reserveMemory: 100Mi + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/24-eks-tiered-storage-persistent-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/24-eks-tiered-storage-persistent-with-creds-values.yaml.tpl new file mode 100644 index 000000000..1e11a8333 --- /dev/null +++ b/charts/redpanda/redpanda/ci/24-eks-tiered-storage-persistent-with-creds-values.yaml.tpl @@ -0,0 +1,36 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +storage: + tiered: + mountType: persistentVolume + config: + cloud_storage_enabled: true + cloud_storage_credentials_source: config_file + cloud_storage_access_key: "${AWS_ACCESS_KEY_ID}" + cloud_storage_secret_key: "${AWS_SECRET_ACCESS_KEY}" + cloud_storage_region: "${AWS_REGION}" + cloud_storage_bucket: "${TEST_BUCKET}" + cloud_storage_segment_max_upload_interval_sec: 1 +enterprise: + license: "${REDPANDA_SAMPLE_LICENSE}" + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/25-gke-tiered-storage-persistent-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/25-gke-tiered-storage-persistent-with-creds-values.yaml.tpl new file mode 100644 index 000000000..60f6eed3e --- /dev/null +++ b/charts/redpanda/redpanda/ci/25-gke-tiered-storage-persistent-with-creds-values.yaml.tpl @@ -0,0 +1,48 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +storage: + tiered: + mountType: persistentVolume + config: + cloud_storage_enabled: true + cloud_storage_api_endpoint: storage.googleapis.com + cloud_storage_credentials_source: config_file + cloud_storage_region: "US-WEST1" + cloud_storage_bucket: "${TEST_BUCKET}" + cloud_storage_segment_max_upload_interval_sec: 1 + cloud_storage_access_key: "${GCP_ACCESS_KEY_ID}" + cloud_storage_secret_key: "${GCP_SECRET_ACCESS_KEY}" +enterprise: + license: "${REDPANDA_SAMPLE_LICENSE}" + + +resources: + cpu: + cores: 400m + memory: + container: + max: 2.0Gi + redpanda: + memory: 1Gi + reserveMemory: 100Mi + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/26-aks-tiered-storage-persistent-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/26-aks-tiered-storage-persistent-with-creds-values.yaml.tpl new file mode 100644 index 000000000..b82f9b85d --- /dev/null +++ b/charts/redpanda/redpanda/ci/26-aks-tiered-storage-persistent-with-creds-values.yaml.tpl @@ -0,0 +1,49 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +storage: + persistentVolume: + storageClass: managed-csi + tiered: + mountType: persistentVolume + persistentVolume: + storageClass: managed-csi + config: + cloud_storage_enabled: true + cloud_storage_credentials_source: config_file + cloud_storage_segment_max_upload_interval_sec: 1 + cloud_storage_azure_storage_account: ${TEST_STORAGE_ACCOUNT} + cloud_storage_azure_container: ${TEST_STORAGE_CONTAINER} + cloud_storage_azure_shared_key: ${TEST_AZURE_SHARED_KEY} +enterprise: + license: "${REDPANDA_SAMPLE_LICENSE}" + +resources: + cpu: + cores: 400m + memory: + container: + max: 2.0Gi + redpanda: + memory: 1Gi + reserveMemory: 100Mi + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/27-eks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/27-eks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl new file mode 100644 index 000000000..f92ec7a9c --- /dev/null +++ b/charts/redpanda/redpanda/ci/27-eks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl @@ -0,0 +1,38 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +storage: + persistentVolume: + nameOverwrite: shadow-index-cache + tiered: + mountType: persistentVolume + config: + cloud_storage_enabled: true + cloud_storage_credentials_source: config_file + cloud_storage_access_key: "${AWS_ACCESS_KEY_ID}" + cloud_storage_secret_key: "${AWS_SECRET_ACCESS_KEY}" + cloud_storage_region: "${AWS_REGION}" + cloud_storage_bucket: "${TEST_BUCKET}" + cloud_storage_segment_max_upload_interval_sec: 1 +enterprise: + license: "${REDPANDA_SAMPLE_LICENSE}" + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/28-gke-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/28-gke-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl new file mode 100644 index 000000000..ebc096f91 --- /dev/null +++ b/charts/redpanda/redpanda/ci/28-gke-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl @@ -0,0 +1,50 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +storage: + persistentVolume: + nameOverwrite: shadow-index-cache + tiered: + mountType: persistentVolume + config: + cloud_storage_enabled: true + cloud_storage_api_endpoint: storage.googleapis.com + cloud_storage_credentials_source: config_file + cloud_storage_region: "US-WEST1" + cloud_storage_bucket: "${TEST_BUCKET}" + cloud_storage_segment_max_upload_interval_sec: 1 + cloud_storage_access_key: "${GCP_ACCESS_KEY_ID}" + cloud_storage_secret_key: "${GCP_SECRET_ACCESS_KEY}" +enterprise: + license: "${REDPANDA_SAMPLE_LICENSE}" + + +resources: + cpu: + cores: 400m + memory: + container: + max: 2.0Gi + redpanda: + memory: 1Gi + reserveMemory: 100Mi + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/29-aks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl b/charts/redpanda/redpanda/ci/29-aks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl new file mode 100644 index 000000000..bf5a1eafe --- /dev/null +++ b/charts/redpanda/redpanda/ci/29-aks-tiered-storage-persistent-nameoverwrite-with-creds-values.yaml.tpl @@ -0,0 +1,50 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +storage: + persistentVolume: + storageClass: managed-csi + nameOverwrite: shadow-index-cache + tiered: + mountType: persistentVolume + persistentVolume: + storageClass: managed-csi + config: + cloud_storage_enabled: true + cloud_storage_credentials_source: config_file + cloud_storage_segment_max_upload_interval_sec: 1 + cloud_storage_azure_storage_account: ${TEST_STORAGE_ACCOUNT} + cloud_storage_azure_container: ${TEST_STORAGE_CONTAINER} + cloud_storage_azure_shared_key: ${TEST_AZURE_SHARED_KEY} +enterprise: + license: "${REDPANDA_SAMPLE_LICENSE}" + +resources: + cpu: + cores: 400m + memory: + container: + max: 2.0Gi + redpanda: + memory: 1Gi + reserveMemory: 100Mi + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/96-audit-logging-values.yaml.tpl b/charts/redpanda/redpanda/ci/96-audit-logging-values.yaml.tpl index c760df54b..c2dbef2ce 100644 --- a/charts/redpanda/redpanda/ci/96-audit-logging-values.yaml.tpl +++ b/charts/redpanda/redpanda/ci/96-audit-logging-values.yaml.tpl @@ -27,3 +27,11 @@ auth: auditLogging: enabled: true listeners: default + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/97-license-key-values.yaml.tpl b/charts/redpanda/redpanda/ci/97-license-key-values.yaml.tpl index 3eb6cf4aa..b1abb8be4 100644 --- a/charts/redpanda/redpanda/ci/97-license-key-values.yaml.tpl +++ b/charts/redpanda/redpanda/ci/97-license-key-values.yaml.tpl @@ -15,3 +15,11 @@ --- enterprise: license: "${REDPANDA_LICENSE}" + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/98-license-secret-values.yaml b/charts/redpanda/redpanda/ci/98-license-secret-values.yaml index 8643f347d..f66a39ccc 100644 --- a/charts/redpanda/redpanda/ci/98-license-secret-values.yaml +++ b/charts/redpanda/redpanda/ci/98-license-secret-values.yaml @@ -17,3 +17,11 @@ enterprise: licenseSecretRef: name: redpanda-license key: license-key + +console: + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml b/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml index 030655830..637cd0f68 100644 --- a/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml +++ b/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml @@ -67,3 +67,9 @@ console: secret: defaultMode: 0420 secretName: redpanda-license + # Until https://github.com/redpanda-data/console-enterprise/pull/256 is released the console + # test named `test-license-with-console.yaml` needs to work with unreleased Redpanda Console version. + image: + registry: redpandadata + repository: console-unstable + tag: master-8a51854 diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl index 08187c9ea..3e1378d24 100644 --- a/charts/redpanda/redpanda/templates/_helpers.tpl +++ b/charts/redpanda/redpanda/templates/_helpers.tpl @@ -524,10 +524,16 @@ advertised-host returns a json string with the data needed for configuring the a {{- define "advertised-host" -}} {{- $host := dict "name" .externalName "address" .externalAdvertiseAddress "port" .port -}} {{- if .values.external.addresses -}} - {{- if ( .values.external.domain | default "" ) }} - {{- $host = dict "name" .externalName "address" (printf "%s.%s" (index .values.external.addresses .replicaIndex) (.values.external.domain)) "port" .port -}} + {{- $address := "" -}} + {{- if gt (len .values.external.addresses) 1 -}} + {{- $address = (index .values.external.addresses .replicaIndex) -}} {{- else -}} - {{- $host = dict "name" .externalName "address" (index .values.external.addresses .replicaIndex) "port" .port -}} + {{- $address = (index .values.external.addresses 0) -}} + {{- end -}} + {{- if ( .values.external.domain | default "" ) }} + {{- $host = dict "name" .externalName "address" (printf "%s.%s" $address .values.external.domain) "port" .port -}} + {{- else -}} + {{- $host = dict "name" .externalName "address" $address "port" .port -}} {{- end -}} {{- end -}} {{- toJson $host -}} @@ -862,3 +868,26 @@ REDPANDA_SASL_USERNAME REDPANDA_SASL_PASSWORD REDPANDA_SASL_MECHANISM {{- toJson (dict "bool" $requireClientAuth) -}} {{- end -}} {{- end -}} + +{{- define "storage-tiered-credentials-secret-key" -}} +{{- $oldCondtion := (and .Values.storage.tiered.credentialsSecretRef.name .Values.storage.tiered.credentialsSecretRef.key) -}} +{{- $newCondtion := (and .Values.storage.tiered.credentialsSecretRef.secretKey.name .Values.storage.tiered.credentialsSecretRef.secretKey.key) -}} +{{- $configurationKey := (dig "configurationKey" "" .Values.storage.tiered.credentialsSecretRef) -}} +{{- if empty $configurationKey -}} + {{- $configurationKey = .Values.storage.tiered.credentialsSecretRef.secretKey.configurationKey -}} +{{- end -}} +{{- $key := (dig "key" "" .Values.storage.tiered.credentialsSecretRef) -}} +{{- if empty $key -}} + {{- $key = .Values.storage.tiered.credentialsSecretRef.secretKey.key -}} +{{- end -}} +{{- $name := (dig "name" "" .Values.storage.tiered.credentialsSecretRef) -}} +{{- if empty $name -}} + {{- $name = .Values.storage.tiered.credentialsSecretRef.secretKey.name -}} +{{- end -}} +{{- toJson (dict + "bool" (or $oldCondtion $newCondtion) + "configurationKey" $configurationKey + "key" $key + "name" $name +) -}} +{{- end -}} diff --git a/charts/redpanda/redpanda/templates/post-upgrade.yaml b/charts/redpanda/redpanda/templates/post-upgrade.yaml index 3819ac70d..0ec2f0499 100644 --- a/charts/redpanda/redpanda/templates/post-upgrade.yaml +++ b/charts/redpanda/redpanda/templates/post-upgrade.yaml @@ -37,6 +37,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- with .Values.post_upgrade_job.backoffLimit }} + backoffLimit: {{ .Values.post_upgrade_job.backoffLimit }} + {{- end }} template: metadata: name: "{{ .Release.Name }}" diff --git a/charts/redpanda/redpanda/templates/rbac.yaml b/charts/redpanda/redpanda/templates/rbac.yaml index 767f13270..735442d73 100644 --- a/charts/redpanda/redpanda/templates/rbac.yaml +++ b/charts/redpanda/redpanda/templates/rbac.yaml @@ -121,7 +121,7 @@ metadata: {{- . | nindent 4 }} {{- end }} {{- with .Values.serviceAccount.annotations }} -annotations: + annotations: {{- toYaml . | nindent 4 }} {{- end }} rules: @@ -154,7 +154,7 @@ metadata: {{- . | nindent 4 }} {{- end }} {{- with .Values.serviceAccount.annotations }} -annotations: + annotations: {{- toYaml . | nindent 4 }} {{- end }} roleRef: @@ -175,7 +175,7 @@ metadata: {{- . | nindent 4 }} {{- end }} {{- with .Values.serviceAccount.annotations }} -annotations: + annotations: {{- toYaml . | nindent 4 }} {{- end }} rules: @@ -226,7 +226,7 @@ metadata: {{- . | nindent 4 }} {{- end }} {{- with .Values.serviceAccount.annotations }} -annotations: + annotations: {{- toYaml . | nindent 4 }} {{- end }} roleRef: diff --git a/charts/redpanda/redpanda/templates/secrets.yaml b/charts/redpanda/redpanda/templates/secrets.yaml index eaac69bed..7e472d130 100644 --- a/charts/redpanda/redpanda/templates/secrets.yaml +++ b/charts/redpanda/redpanda/templates/secrets.yaml @@ -293,11 +293,11 @@ stringData: BROKER_INDEX=`expr $POD_ORDINAL + 1` CONFIG=/etc/redpanda/redpanda.yaml - + # Setup config files cp /tmp/base-config/redpanda.yaml "${CONFIG}" cp /tmp/base-config/bootstrap.yaml /etc/redpanda/.bootstrap.yaml - + {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }} # Configure bootstrap ## Not used for Redpanda v22.3.0+ @@ -351,10 +351,16 @@ stringData: rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}" {{- end }} {{- end }} - {{- if and .Values.storage.tiered.credentialsSecretRef.name .Values.storage.tiered.credentialsSecretRef.key }} + {{- if (include "storage-tiered-credentials-secret-key" . | fromJson).bool }} set +x - echo Setting cloud_storage_secret_key configuration - rpk redpanda config --config "$CONFIG" set cloud_storage_secret_key $CLOUD_STORAGE_SECRET_KEY + echo Setting {{ (include "storage-tiered-credentials-secret-key" . | fromJson).configurationKey }} configuration + rpk cluster config --config "$CONFIG" set {{ (include "storage-tiered-credentials-secret-key" . | fromJson).configurationKey }} $CLOUD_STORAGE_SECRET_KEY + set -x + {{- end }} + {{- if and .Values.storage.tiered.credentialsSecretRef.accessKey.name .Values.storage.tiered.credentialsSecretRef.accessKey.key }} + set +x + echo Setting {{ .Values.storage.tiered.credentialsSecretRef.accessKey.configurationKey }} configuration + rpk cluster config --config "$CONFIG" set {{ .Values.storage.tiered.credentialsSecretRef.accessKey.configurationKey }} $CLOUD_STORAGE_ACCESS_KEY set -x {{- end }} {{- if .Values.statefulset.initContainers.fsValidator.enabled}} @@ -376,38 +382,38 @@ stringData: DATA_DIR="/var/lib/redpanda/data" TEST_FILE="testfile" - + echo "checking data directory exist..." if [ ! -d "${DATA_DIR}" ]; then echo "data directory does not exists, exiting" exit 1 fi - + echo "checking filesystem type..." FS_TYPE=$(df -T $DATA_DIR | tail -n +2 | awk '{print $2}') - + if [ "${FS_TYPE}" != "${EXPECTED_FS_TYPE}" ]; then echo "file system found to be ${FS_TYPE} when expected ${EXPECTED_FS_TYPE}" exit 1 fi - + echo "checking if able to create a test file..." - + touch ${DATA_DIR}/${TEST_FILE} result=$(touch ${DATA_DIR}/${TEST_FILE} 2> /dev/null; echo $?) if [ "${result}" != "0" ]; then echo "could not write testfile, may not have write permission" exit 1 fi - + echo "checking if able to delete a test file..." - + result=$(rm ${DATA_DIR}/${TEST_FILE} 2> /dev/null; echo $?) if [ "${result}" != "0" ]; then echo "could not delete testfile" exit 1 fi - + echo "passed" -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index edbf2ca68..b42ada292 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -131,7 +131,7 @@ spec: - name: datadir mountPath: /var/lib/redpanda/data {{- if ne (include "storage-tiered-mountType" .) "none" }} - - name: tiered-storage-dir + - name: {{ default "tiered-storage-dir" .Values.storage.persistentVolume.nameOverwrite }} mountPath: {{ include "tieredStorage.cacheDirectory" . }} {{- end }} {{- if dig "initContainers" "setTieredStorageCacheDirOwnership" "extraVolumeMounts" false .Values.statefulset -}} @@ -163,12 +163,19 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP - {{- if and .Values.storage.tiered.credentialsSecretRef.name .Values.storage.tiered.credentialsSecretRef.key }} + {{- if (include "storage-tiered-credentials-secret-key" . | fromJson).bool }} - name: CLOUD_STORAGE_SECRET_KEY valueFrom: secretKeyRef: - key: {{ .Values.storage.tiered.credentialsSecretRef.key }} - name: {{ .Values.storage.tiered.credentialsSecretRef.name }} + key: {{ (include "storage-tiered-credentials-secret-key" . | fromJson).key }} + name: {{ (include "storage-tiered-credentials-secret-key" . | fromJson).name }} + {{- end }} + {{- if and .Values.storage.tiered.credentialsSecretRef.accessKey.name .Values.storage.tiered.credentialsSecretRef.accessKey.key }} + - name: CLOUD_STORAGE_ACCESS_KEY + valueFrom: + secretKeyRef: + key: {{ .Values.storage.tiered.credentialsSecretRef.accessKey.key }} + name: {{ .Values.storage.tiered.credentialsSecretRef.accessKey.name }} {{- end }} securityContext: {{ include "container-security-context" . | nindent 12 }} volumeMounts: {{ include "common-mounts" . | nindent 12 }} @@ -296,7 +303,7 @@ spec: - name: datadir mountPath: /var/lib/redpanda/data {{- if and (include "is-licensed" . | fromJson).bool (include "storage-tiered-config" .|fromJson).cloud_storage_enabled (ne (include "storage-tiered-mountType" .) "none") }} - - name: tiered-storage-dir + - name: {{ default "tiered-storage-dir" .Values.storage.persistentVolume.nameOverwrite }} mountPath: {{ include "tieredStorage.cacheDirectory" . }} {{- end }} resources: @@ -372,12 +379,9 @@ spec: {{- end }} {{- if and (include "is-licensed" . | fromJson).bool (include "storage-tiered-config" .|fromJson).cloud_storage_enabled }} {{- $tieredType := include "storage-tiered-mountType" . }} - {{- if ne $tieredType "none" }} + {{- if and (ne $tieredType "none") (ne $tieredType "persistentVolume") }} - name: tiered-storage-dir - {{- if eq $tieredType "persistentVolume" }} - persistentVolumeClaim: - claimName: tiered-storage-dir - {{- else if eq $tieredType "hostPath" }} + {{- if eq $tieredType "hostPath" }} hostPath: path: {{ include "storage-tiered-hostpath" . }} {{- else }} @@ -458,7 +462,7 @@ spec: {{- end }} {{- if and (include "is-licensed" . | fromJson).bool (include "storage-tiered-config" .|fromJson).cloud_storage_enabled (eq (include "storage-tiered-mountType" .) "persistentVolume") }} - metadata: - name: tiered-storage-dir + name: {{ default "tiered-storage-dir" .Values.storage.persistentVolume.nameOverwrite }} labels: app.kubernetes.io/name: {{ template "redpanda.name" . }} app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/charts/redpanda/redpanda/templates/tests/test-license-with-console.yaml b/charts/redpanda/redpanda/templates/tests/test-license-with-console.yaml index 8ad14e93d..20fc8f483 100644 --- a/charts/redpanda/redpanda/templates/tests/test-license-with-console.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-license-with-console.yaml @@ -43,9 +43,17 @@ spec: - | echo "testing that we do NOT have an open source license" set -xe + + max_iteration=10 + curl -vm3 --fail --retry "120" --retry-max-time "120" http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{ include "console.containerPort" (dict "Values" .Values.console) }}/api/cluster/overview | jq . type=$(curl -svm3 --fail --retry "120" --retry-max-time "120" http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{ include "console.containerPort" (dict "Values" .Values.console) }}/api/cluster/overview | jq -r .console.license.type) + while [[ $max_iteration -gt 0 && ("$type" == "open_source" || "$type" == "") ]]; do + max_iteration=$(( max_iteration - 1 )) + type=$(curl -svm3 --fail --retry "120" --retry-max-time "120" http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{ include "console.containerPort" (dict "Values" .Values.console) }}/api/cluster/overview | jq -r .console.license.type) + done if [[ "$type" == "open_source" || "$type" == "" ]]; then - exit 1 + curl -svm3 --fail --retry "120" --retry-max-time "120" http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{ include "console.containerPort" (dict "Values" .Values.console) }}/api/cluster/overview | jq . + exit 1 fi set +x echo "license test passed." diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index c3ef32776..a0de8380c 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -413,17 +413,56 @@ }, "annotations": { "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "size": { + "type": "string" + }, + "nameOverwrite": { + "type": "string" } } }, "credentialsSecretRef": { "type": "object", "properties": { + "accessKey": { + "type": "object", + "configurationKey": { + "type": "string" + }, + "name": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "secretKey": { + "type": "object", + "configurationKey": { + "type": "string" + }, + "name": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "configurationKey": { + "type": "string", + "deprecated": true + }, "name": { - "type": "string" + "type": "string", + "deprecated": true }, "key": { - "type": "string" + "type": "string", + "deprecated": true } } }, diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index df9925078..ece008e26 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -93,12 +93,12 @@ auditLogging: # -- Enable or disable audit logging, for production clusters we suggest you enable, # however, this will only work if you also enable sasl and a listener with sasl enabled. enabled: false - # -- Kafka listener name, note that it must have `authenticationMethod` set to sasl - # 'internal' if using internal listener, else use external listener name, e.g., default. + # -- Kafka listener name, note that it must have `authenticationMethod` set to `sasl`. + # For external listeners, use the external listener name, such as `default`. listener: internal # -- Integer value defining the number of partitions used by a newly created audit topic. partitions: 12 - # -- Event types that should be captured by audit logs, default is ["admin", "authenticate", "management"]. + # -- Event types that should be captured by audit logs, default is [`admin`, `authenticate`, `management`]. enabledEventTypes: # -- List of topics to exclude from auditing, default is null. excludedTopics: @@ -113,7 +113,7 @@ auditLogging: # -- Defines the replication factor for a newly created audit log topic. This configuration applies # only to the audit log topic and may be different from the cluster or other topic configurations. # This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, - # Redpanda will use the internal_topic_replication_factor cluster config value. Default is null + # Redpanda will use the `internal_topic_replication_factor cluster` config value. Default is `null` replicationFactor: # -- Enterprise (optional) @@ -267,6 +267,8 @@ external: # The number of brokers is defined in statefulset.replicas. # The values can be IP addresses or DNS names. # If external.domain is set, the domain is appended to these values. + # There is an option to define a single external address for all brokers and leverage + # prefixTemplate as it will be calculated during initContainer execution. # addresses: # - redpanda-0 # - redpanda-1 @@ -417,7 +419,7 @@ storage: persistentVolume: enabled: true size: 20Gi - # -- To disable dynamic provisioning, set to "-". + # -- To disable dynamic provisioning, set to `-`. # If undefined or empty (default), then no storageClassName spec is set, # and the default dynamic provisioner is chosen (gp2 on AWS, standard on # GKE, AWS & OpenStack). @@ -426,6 +428,9 @@ storage: labels: {} # -- Additional annotations to apply to the created PersistentVolumeClaims. annotations: {} + # -- Option to change volume claim template name for tiered storage persistent volume + # if tiered.mountType is set to `persistentVolume` + nameOverwrite: "" # # Settings for the Tiered Storage cache. # For details, @@ -456,11 +461,25 @@ storage: # -- Additional annotations to apply to the created PersistentVolumeClaims. annotations: {} - # credentialsSecretRef can be used to set cloud_storage_secret_key from + # credentialsSecretRef can be used to set `cloud_storage_secret_key` and/or `cloud_storage_access_key` from # referenced Kubernetes Secret - credentialsSecretRef: {} + credentialsSecretRef: + accessKey: + # https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_access_key + configurationKey: cloud_storage_access_key + # name: + # key: + secretKey: + # https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_secret_key + # or + # https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_azure_shared_key + configurationKey: cloud_storage_secret_key + # name: + # key + # -- DEPRECATED `configurationKey`, `name` and `key`. Please use `accessKey` and `secretKey` + # configurationKey: cloud_storage_secret_key # name: - # key + # key: # # -- Tiered Storage settings # Requires `enterprise.licenseKey` or `enterprised.licenseSecretRef` @@ -476,21 +495,21 @@ storage: # -- Cluster level default remote read configuration for new topics. # See the [property reference documentation](https://docs.redpanda.com/docs/reference/tunable-properties/#cloud_storage_enable_remote_read). cloud_storage_enable_remote_read: true - # -- AWS or GCP region for where the bucket used for Tiered Storage is located (required for AWS and GCS). + # -- AWS or GCP region for where the bucket used for Tiered Storage is located (required for AWS and GCP). # See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_region). cloud_storage_region: "" - # -- AWS or GCP bucket name used for Tiered Storage (required for AWS and GCS). + # -- AWS or GCP bucket name used for Tiered Storage (required for AWS and GCP). # See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_bucket). cloud_storage_bucket: "" - # -- AWS or GCP access key (required for AWS and GCS authentication with access keys). + # -- AWS or GCP access key (required for AWS and GCP authentication with access keys). # See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_access_key). cloud_storage_access_key: "" - # -- AWS or GCP secret key (required for AWS and GCS authentication with access keys). + # -- AWS or GCP secret key (required for AWS and GCP authentication with access keys). # See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_secret_key). cloud_storage_secret_key: "" # -- AWS or GCP API endpoint. - # - For AWS, this can be left blank as it is generated automatically using the bucket and region (e.g. ".s3..amazonaws.com") - # - For GCS, use "storage.googleapis.com" + # * For AWS, this can be left blank as it is generated automatically using the bucket and region. For example, `.s3..amazonaws.com`. + # * For GCP, use `storage.googleapis.com` # See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_api_endpoint). cloud_storage_api_endpoint: "" # -- Name of the Azure container to use with Tiered Storage (required for ABS/ADLS). @@ -508,11 +527,11 @@ storage: # Available starting from 23.2.8. # cloud_storage_azure_adls_endpoint: "" # cloud_storage_azure_adls_port: "" - # -- Source of credentials used to connect to cloud services (required for AWS and GCS authentication with IAM roles). - # - config_file - # - aws_instance_metadata - # - sts - # - gcp_instance_metadata + # -- Source of credentials used to connect to cloud services (required for AWS and GCP authentication with IAM roles). + # * `config_file` + # * `aws_instance_metadata` + # * `sts` + # * `gcp_instance_metadata` # See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_credentials_source). cloud_storage_credentials_source: config_file @@ -584,6 +603,9 @@ post_upgrade_job: # - secretRef: # name: redpanda-aws-secrets affinity: {} + # When helm upgrade is performed the post-upgrade job is scheduled before Statefulset successfully finish + # its rollout. User can extend Job default backoff limit of `6`. + # backoffLimit: statefulset: # -- Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster) @@ -613,7 +635,7 @@ statefulset: # # StatefulSet resources: # Resources are set through the top-level resources section above. - # It is recommended to set resources values in that section rather than here, as this will guarantee + # It is recommended to set resource values in that section rather than here, as this will guarantee # memory is allocated across containers, Redpanda, and the Seastar subsystem correctly. # This automatic memory allocation is in place because Repanda and the Seastar subsystem require flags # at startup that set the amount of memory available to each process. @@ -637,12 +659,12 @@ statefulset: # Use `custom` if you want to supply your own anti-affinity rules in the `podAntiAffinity.custom` object. type: hard # -- Weight for `soft` anti-affinity rules. - # Does not apply for other anti-affinity types. + # Does not apply to other anti-affinity types. weight: 100 # -- Change `podAntiAffinity.type` to `custom` and provide your own podAntiAffinity rules here. custom: {} # -- Node selection constraints for scheduling Pods of this StatefulSet. - # These constraints override the global nodeSelector value. + # These constraints override the global `nodeSelector` value. # For details, # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). nodeSelector: {} diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index e423989a5..7cd93cead 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 2.0.41 +appVersion: 2.1.1 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 2.0.5 +version: 2.0.11 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index 8844cd461..e433dc42d 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 2.0.5 +### Upgrade to 2.0.11 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/2.0.5/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/2.0.11/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index 8844cd461..e433dc42d 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 2.0.5 +### Upgrade to 2.0.11 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/2.0.5/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/2.0.11/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/templates/configmap.yaml b/charts/speedscale/speedscale-operator/templates/configmap.yaml index 36b2e532c..6fecf2923 100644 --- a/charts/speedscale/speedscale-operator/templates/configmap.yaml +++ b/charts/speedscale/speedscale-operator/templates/configmap.yaml @@ -23,7 +23,7 @@ data: WITH_DLP: {{ .Values.dlp.enabled | quote }} WITH_INSPECTOR: {{ .Values.dashboardAccess | quote }} API_KEY_SECRET_NAME: {{ .Values.apiKeySecret | quote }} - DEPLOY_DEMO: {{ .Values.deployDemo }} + DEPLOY_DEMO: {{ .Values.deployDemo | quote }} GLOBAL_ANNOTATIONS: {{ .Values.globalAnnotations | toJson | quote }} GLOBAL_LABELS: {{ .Values.globalLabels | toJson | quote }} {{- if .Values.http_proxy }} diff --git a/charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml b/charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml index fabaeef7e..d4b47d2c9 100644 --- a/charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml +++ b/charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.13.0 creationTimestamp: null name: trafficreplays.speedscale.com spec: @@ -209,13 +209,35 @@ spec: during replay and associated settings. properties: inTrafficKey: - description: InTrafficKey is used to identify the slice of inbound - snapshot traffic this workload is targeting and maps directly - to a snapshot's `InTraffic` field. Snapshot traffic can be - split across multiple slices where each slice contains part - of the traffic. A slice may only have one workload, but a - workload may be targeted by multiple slices. + description: 'DEPRECATED: use InTrafficKeys' type: string + inTrafficKeys: + description: "InTrafficKeys are used to identify slices of inbound + snapshot traffic this workload is targeting and maps directly + to a snapshot's `InTraffic` field. Snapshot ingress traffic + can be split across multiple slices where each slice contains + part of the traffic. A key must only be specified once across + all workloads, but a workload may specify multiple keys. \n + This field is optional in the spec to provide support for + single-workload and legacy replays, but must be specified + for multi-workload replays in order to provide deterministic + replay configuration." + items: + type: string + type: array + outTrafficKeys: + description: "OutTrafficKeys are used to identify slices of + outbound snapshot traffic to mock for this workload and maps + directly to a snapshot's `OutTraffic` field. Snapshot egress + traffic can be split across multiple slices where each slice + contains part of the traffic. A workload may specify multiple + keys and multiple workloads may specify the same key. \n Only + the traffic slices defined here will be mocked. A workload + with no keys defined will not mock any traffic. Pass '*' + to mock all traffic." + items: + type: string + type: array ref: description: Ref is a reference to a cluster workload, like a deployment or a statefulset. @@ -413,5 +435,5 @@ status: acceptedNames: kind: "" plural: "" - conditions: [] - storedVersions: [] + conditions: null + storedVersions: null diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index 04635ba60..c55ca51d9 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v2.0.41 + tag: v2.1.1 pullPolicy: Always # Log level for Speedscale components. @@ -74,7 +74,8 @@ tolerations: [] # A nodeselector object as detailed: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ nodeSelector: {} -# Deploy a demo app at startup. +# Deploy a demo app at startup. Set this to an empty string to not deploy. +# Valid values: ["java", ""] deployDemo: "java" # Proxy connection settings if required by your network. These translate to standard proxy environment @@ -91,14 +92,18 @@ disableSidecarSmartReverseDNS: false # Operator settings. These limits are recommended unless you have a cluster # with a very large number of workloads (for eg. 10k+ deployments, replicasets, etc.). +# +# NOTE: disable ephemeral-storage by changing its value to "none" operator: resources: limits: cpu: 500m memory: 512Mi + ephemeral-storage: 100Mi requests: cpu: 100m memory: 128Mi + ephemeral-storage: 100Mi # Default sidecar settings. Example: # sidecar: @@ -106,7 +111,9 @@ operator: # limits: # cpu: 500m # memory: 512Mi +# ephemeral-storage: 100Mi # requests: # cpu: 10m # memory: 32Mi +# ephemeral-storage: 100Mi sidecar: {} diff --git a/charts/stackstate/stackstate-k8s-agent/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/Chart.yaml index a59a80a60..33e13e757 100644 --- a/charts/stackstate/stackstate-k8s-agent/Chart.yaml +++ b/charts/stackstate/stackstate-k8s-agent/Chart.yaml @@ -21,4 +21,4 @@ maintainers: - email: ops@stackstate.com name: Stackstate name: stackstate-k8s-agent -version: 1.0.67 +version: 1.0.68 diff --git a/charts/stackstate/stackstate-k8s-agent/README.md b/charts/stackstate/stackstate-k8s-agent/README.md index f27cd87ab..13a8f78a9 100644 --- a/charts/stackstate/stackstate-k8s-agent/README.md +++ b/charts/stackstate/stackstate-k8s-agent/README.md @@ -2,7 +2,7 @@ Helm chart for the StackState Agent. -Current chart version is `1.0.67` +Current chart version is `1.0.68` **Homepage:** @@ -203,7 +203,7 @@ stackstate/stackstate-k8s-agent | nodeAgent.containers.processAgent.image.pullPolicy | string | `"IfNotPresent"` | Process-agent container image pull policy. | | nodeAgent.containers.processAgent.image.registry | string | `nil` | | | nodeAgent.containers.processAgent.image.repository | string | `"stackstate/stackstate-k8s-process-agent"` | Process-agent container image repository. | -| nodeAgent.containers.processAgent.image.tag | string | `"76e11e86"` | Default process-agent container image tag. | +| nodeAgent.containers.processAgent.image.tag | string | `"718e9ab3"` | Default process-agent container image tag. | | nodeAgent.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off # If not set, fall back to the value of agent.logLevel. | | nodeAgent.containers.processAgent.procVolumeReadOnly | bool | `true` | Configure whether /host/proc is read only for the process agent container | | nodeAgent.containers.processAgent.resources.limits.cpu | string | `"125m"` | Memory resource limits. | diff --git a/charts/stackstate/stackstate-k8s-agent/values.yaml b/charts/stackstate/stackstate-k8s-agent/values.yaml index 6ea724d5c..adf35c32c 100644 --- a/charts/stackstate/stackstate-k8s-agent/values.yaml +++ b/charts/stackstate/stackstate-k8s-agent/values.yaml @@ -158,7 +158,7 @@ nodeAgent: # nodeAgent.containers.processAgent.image.repository -- Process-agent container image repository. repository: stackstate/stackstate-k8s-process-agent # nodeAgent.containers.processAgent.image.tag -- Default process-agent container image tag. - tag: "76e11e86" + tag: "718e9ab3" # nodeAgent.containers.processAgent.image.pullPolicy -- Process-agent container image pull policy. pullPolicy: IfNotPresent # nodeAgent.containers.processAgent.env -- Additional environment variables for the process-agent container diff --git a/charts/yugabyte/yugabyte/.helmignore b/charts/yugabyte/yugabyte/.helmignore new file mode 100644 index 000000000..3598c3003 --- /dev/null +++ b/charts/yugabyte/yugabyte/.helmignore @@ -0,0 +1 @@ +tests \ No newline at end of file diff --git a/charts/yugabyte/yugabyte/Chart.yaml b/charts/yugabyte/yugabyte/Chart.yaml index 2533172a4..2b7054045 100644 --- a/charts/yugabyte/yugabyte/Chart.yaml +++ b/charts/yugabyte/yugabyte/Chart.yaml @@ -3,18 +3,20 @@ annotations: catalog.cattle.io/display-name: YugabyteDB catalog.cattle.io/kube-version: '>=1.18-0' catalog.cattle.io/release-name: yugabyte -apiVersion: v1 -appVersion: 2.14.15.0-b57 + charts.openshift.io/name: yugabyte +apiVersion: v2 +appVersion: 2.18.6.0-b73 description: YugabyteDB is the high-performance distributed SQL database for building global, internet-scale apps. home: https://www.yugabyte.com icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 +kubeVersion: '>=1.18-0' maintainers: -- email: ram@yugabyte.com - name: Ram Sri -- email: arnav@yugabyte.com - name: Arnav Agarwal +- email: sanketh@yugabyte.com + name: Sanketh Indarapu +- email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla name: yugabyte sources: - https://github.com/yugabyte/yugabyte-db -version: 2.14.15 +version: 2.18.6 diff --git a/charts/yugabyte/yugabyte/app-readme.md b/charts/yugabyte/yugabyte/app-readme.md index 6cdeb3fb3..edad7f89e 100644 --- a/charts/yugabyte/yugabyte/app-readme.md +++ b/charts/yugabyte/yugabyte/app-readme.md @@ -1 +1 @@ -This chart bootstraps an RF3 Yugabyte DB version 2.14.15.0-b57 cluster using the Helm Package Manager. +This chart bootstraps an RF3 YugabyteDB version 2.18.6.0-b73 cluster using the Helm Package Manager. diff --git a/charts/yugabyte/yugabyte/generate_kubeconfig.py b/charts/yugabyte/yugabyte/generate_kubeconfig.py index b974c0f2d..f4c2d14ab 100644 --- a/charts/yugabyte/yugabyte/generate_kubeconfig.py +++ b/charts/yugabyte/yugabyte/generate_kubeconfig.py @@ -11,84 +11,209 @@ from sys import exit import json import base64 import tempfile +import time +import os.path -def run_command(command_args, namespace=None, as_json=True): - command = ['kubectl'] +def run_command(command_args, namespace=None, as_json=True, log_command=True): + command = ["kubectl"] if namespace: - command.extend(['--namespace', namespace]) + command.extend(["--namespace", namespace]) command.extend(command_args) if as_json: - command.extend(['-o', 'json']) - return json.loads(check_output(command)) + command.extend(["-o", "json"]) + if log_command: + print("Running command: {}".format(" ".join(command))) + output = check_output(command) + if as_json: + return json.loads(output) else: - return check_output(command).decode('utf8') + return output.decode("utf8") -parser = argparse.ArgumentParser(description='Generate KubeConfig with Token') -parser.add_argument('-s', '--service_account', help='Service Account name', required=True) -parser.add_argument('-n', '--namespace', help='Kubernetes namespace', default='kube-system') -parser.add_argument('-c', '--context', help='kubectl context') +def create_sa_token_secret(directory, sa_name, namespace): + """Creates a service account token secret for sa_name in + namespace. Returns the name of the secret created. + + Ref: + https://k8s.io/docs/concepts/configuration/secret/#service-account-token-secrets + + """ + token_secret = { + "apiVersion": "v1", + "data": { + "do-not-delete-used-for-yugabyte-anywhere": "MQ==", + }, + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/service-account.name": sa_name, + }, + "name": sa_name, + }, + "type": "kubernetes.io/service-account-token", + } + token_secret_file_name = os.path.join(directory, "token_secret.yaml") + with open(token_secret_file_name, "w") as token_secret_file: + json.dump(token_secret, token_secret_file) + run_command(["apply", "-f", token_secret_file_name], namespace) + return sa_name + + +def get_secret_data(secret, namespace): + """Returns the secret in JSON format if it has ca.crt and token in + it, else returns None. It retries 3 times with 1 second timeout + for the secret to be populated with this data. + + """ + secret_data = None + num_retries = 5 + timeout = 2 + while True: + secret_json = run_command(["get", "secret", secret], namespace) + if "ca.crt" in secret_json["data"] and "token" in secret_json["data"]: + secret_data = secret_json + break + + num_retries -= 1 + if num_retries == 0: + break + print( + "Secret '{}' is not populated. Sleep {}s, ({} retries left)".format( + secret, timeout, num_retries + ) + ) + time.sleep(timeout) + return secret_data + + +def get_secrets_for_sa(sa_name, namespace): + """Returns a list of all service account token secrets associated + with the given sa_name in the namespace. + + """ + secrets = run_command( + [ + "get", + "secret", + "--field-selector", + "type=kubernetes.io/service-account-token", + "-o", + 'jsonpath="{.items[?(@.metadata.annotations.kubernetes\.io/service-account\.name == "' + + sa_name + + '")].metadata.name}"', + ], + as_json=False, + ) + return secrets.strip('"').split() + + +parser = argparse.ArgumentParser(description="Generate KubeConfig with Token") +parser.add_argument("-s", "--service_account", help="Service Account name", required=True) +parser.add_argument("-n", "--namespace", help="Kubernetes namespace", default="kube-system") +parser.add_argument("-c", "--context", help="kubectl context") +parser.add_argument("-o", "--output_file", help="output file path") args = vars(parser.parse_args()) # if the context is not provided we use the current-context -context = args['context'] +context = args["context"] if context is None: - context = run_command(['config', 'current-context'], - args['namespace'], as_json=False) + context = run_command(["config", "current-context"], args["namespace"], as_json=False) -cluster_attrs = run_command(['config', 'get-contexts', context.strip(), - '--no-headers'], args['namespace'], as_json=False) +cluster_attrs = run_command( + ["config", "get-contexts", context.strip(), "--no-headers"], args["namespace"], as_json=False +) cluster_name = cluster_attrs.strip().split()[2] -endpoint = run_command(['config', 'view', '-o', - 'jsonpath="{.clusters[?(@.name =="' + - cluster_name + '")].cluster.server}"'], - args['namespace'], as_json=False) -service_account_info = run_command(['get', 'sa', args['service_account']], - args['namespace']) +endpoint = run_command( + [ + "config", + "view", + "-o", + 'jsonpath="{.clusters[?(@.name =="' + cluster_name + '")].cluster.server}"', + ], + args["namespace"], + as_json=False, +) +service_account_info = run_command(["get", "sa", args["service_account"]], args["namespace"]) + +tmpdir = tempfile.TemporaryDirectory() + +# Get the token and ca.crt from service account secret. +sa_secrets = list() + +# Get secrets specified in the service account, there can be multiple +# of them, and not all are service account token secrets. +if "secrets" in service_account_info: + sa_secrets = [secret["name"] for secret in service_account_info["secrets"]] + +# Find the existing additional service account token secrets +sa_secrets.extend(get_secrets_for_sa(args["service_account"], args["namespace"])) -# some ServiceAccounts have multiple secrets, and not all them have a -# ca.crt and a token. -sa_secrets = [secret['name'] for secret in service_account_info['secrets']] secret_data = None for secret in sa_secrets: - secret_json = run_command(['get', 'secret', secret], args['namespace']) - if 'ca.crt' not in secret_json['data'] and 'token' not in secret_json['data']: - continue - secret_data = secret_json + secret_data = get_secret_data(secret, args["namespace"]) + if secret_data is not None: + break + +# Kubernetes 1.22+ doesn't create the service account token secret by +# default, we have to create one. if secret_data is None: - exit("No usable secret found for '{}'.".format(args['service_account'])) + print("No usable secret found for '{}', creating one.".format(args["service_account"])) + token_secret = create_sa_token_secret(tmpdir.name, args["service_account"], args["namespace"]) + secret_data = get_secret_data(token_secret, args["namespace"]) + if secret_data is None: + exit( + "Failed to generate kubeconfig: No usable credentials found for '{}'.".format( + args["service_account"] + ) + ) -context_name = '{}-{}'.format(args['service_account'], cluster_name) -kube_config = '/tmp/{}.conf'.format(args['service_account']) -with tempfile.NamedTemporaryFile() as ca_crt_file: - ca_crt = base64.b64decode(secret_data['data']['ca.crt']) - ca_crt_file.write(ca_crt) - ca_crt_file.flush() - # create kubeconfig entry - set_cluster_cmd = ['config', 'set-cluster', cluster_name, - '--kubeconfig={}'.format(kube_config), - '--server={}'.format(endpoint.strip('"')), - '--embed-certs=true', - '--certificate-authority={}'.format(ca_crt_file.name)] - run_command(set_cluster_cmd, as_json=False) +context_name = "{}-{}".format(args["service_account"], cluster_name) +kube_config = args["output_file"] +if not kube_config: + kube_config = "/tmp/{}.conf".format(args["service_account"]) -user_token = base64.b64decode(secret_data['data']['token']).decode('utf-8') -set_credentials_cmd = ['config', 'set-credentials', context_name, - '--token={}'.format(user_token), - '--kubeconfig={}'.format(kube_config)] -run_command(set_credentials_cmd, as_json=False) -set_context_cmd = ['config', 'set-context', context_name, - '--cluster={}'.format(cluster_name), - '--user={}'.format(context_name), - '--kubeconfig={}'.format(kube_config)] +ca_crt_file_name = os.path.join(tmpdir.name, "ca.crt") +ca_crt_file = open(ca_crt_file_name, "wb") +ca_crt_file.write(base64.b64decode(secret_data["data"]["ca.crt"])) +ca_crt_file.close() + +# create kubeconfig entry +set_cluster_cmd = [ + "config", + "set-cluster", + cluster_name, + "--kubeconfig={}".format(kube_config), + "--server={}".format(endpoint.strip('"')), + "--embed-certs=true", + "--certificate-authority={}".format(ca_crt_file_name), +] +run_command(set_cluster_cmd, as_json=False) + +user_token = base64.b64decode(secret_data["data"]["token"]).decode("utf-8") +set_credentials_cmd = [ + "config", + "set-credentials", + context_name, + "--token={}".format(user_token), + "--kubeconfig={}".format(kube_config), +] +run_command(set_credentials_cmd, as_json=False, log_command=False) + +set_context_cmd = [ + "config", + "set-context", + context_name, + "--cluster={}".format(cluster_name), + "--user={}".format(context_name), + "--kubeconfig={}".format(kube_config), +] run_command(set_context_cmd, as_json=False) -use_context_cmd = ['config', 'use-context', context_name, - '--kubeconfig={}'.format(kube_config)] +use_context_cmd = ["config", "use-context", context_name, "--kubeconfig={}".format(kube_config)] run_command(use_context_cmd, as_json=False) print("Generated the kubeconfig file: {}".format(kube_config)) diff --git a/charts/yugabyte/yugabyte/openshift.values.yaml b/charts/yugabyte/yugabyte/openshift.values.yaml new file mode 100644 index 000000000..d2784b23e --- /dev/null +++ b/charts/yugabyte/yugabyte/openshift.values.yaml @@ -0,0 +1,4 @@ +# OCP compatible values for yugabyte + +Image: + repository: "quay.io/yugabyte/yugabyte-ubi" diff --git a/charts/yugabyte/yugabyte/questions.yaml b/charts/yugabyte/yugabyte/questions.yaml index c88fd43c0..6befa49e1 100644 --- a/charts/yugabyte/yugabyte/questions.yaml +++ b/charts/yugabyte/yugabyte/questions.yaml @@ -16,7 +16,7 @@ questions: label: YugabyteDB image repository description: "YugabyteDB image repository" - variable: Image.tag - default: "2.14.1.0-b36" + default: "2.5.1.0-b153" required: true type: string label: YugabyteDB image tag diff --git a/charts/yugabyte/yugabyte/templates/_helpers.tpl b/charts/yugabyte/yugabyte/templates/_helpers.tpl index 27697d799..7d80ece43 100644 --- a/charts/yugabyte/yugabyte/templates/_helpers.tpl +++ b/charts/yugabyte/yugabyte/templates/_helpers.tpl @@ -26,7 +26,7 @@ Generate common labels. {{- define "yugabyte.labels" }} heritage: {{ .Values.helm2Legacy | ternary "Tiller" (.Release.Service | quote) }} release: {{ .Release.Name | quote }} -chart: {{ .Values.oldNamingStyle | ternary .Chart.Name (include "yugabyte.chart" .) | quote }} +chart: {{ .Chart.Name | quote }} component: {{ .Values.Component | quote }} {{- if .Values.commonLabels}} {{ toYaml .Values.commonLabels }} @@ -56,6 +56,89 @@ release: {{ .root.Release.Name | quote }} {{- end }} {{- end }} +{{/* +Create secrets in DBNamespace from other namespaces by iterating over envSecrets. +*/}} +{{- define "yugabyte.envsecrets" -}} +{{- range $v := .secretenv }} +{{- if $v.valueFrom.secretKeyRef.namespace }} +{{- $secretObj := (lookup +"v1" +"Secret" +$v.valueFrom.secretKeyRef.namespace +$v.valueFrom.secretKeyRef.name) +| default dict }} +{{- $secretData := (get $secretObj "data") | default dict }} +{{- $secretValue := (get $secretData $v.valueFrom.secretKeyRef.key) | default "" }} +{{- if (and (not $secretValue) (not $v.valueFrom.secretKeyRef.optional)) }} +{{- required (printf "Secret or key missing for %s/%s in namespace: %s" +$v.valueFrom.secretKeyRef.name +$v.valueFrom.secretKeyRef.key +$v.valueFrom.secretKeyRef.namespace) +nil }} +{{- end }} +{{- if $secretValue }} +apiVersion: v1 +kind: Secret +metadata: + {{- $secretfullname := printf "%s-%s-%s-%s" + $.root.Release.Name + $v.valueFrom.secretKeyRef.namespace + $v.valueFrom.secretKeyRef.name + $v.valueFrom.secretKeyRef.key + }} + name: {{ printf "%s-%s-%s-%s-%s-%s" + $.root.Release.Name + ($v.valueFrom.secretKeyRef.namespace | substr 0 5) + ($v.valueFrom.secretKeyRef.name | substr 0 5) + ( $v.valueFrom.secretKeyRef.key | substr 0 5) + (sha256sum $secretfullname | substr 0 4) + ($.suffix) + | lower | replace "." "" | replace "_" "" + }} + namespace: "{{ $.root.Release.Namespace }}" + labels: + {{- include "yugabyte.labels" $.root | indent 4 }} +type: Opaque # should it be an Opaque secret? +data: + {{ $v.valueFrom.secretKeyRef.key }}: {{ $secretValue | quote }} +{{- end }} +{{- end }} +--- +{{- end }} +{{- end }} + +{{/* +Add env secrets to DB statefulset. +*/}} +{{- define "yugabyte.addenvsecrets" -}} +{{- range $v := .secretenv }} +- name: {{ $v.name }} + valueFrom: + secretKeyRef: + {{- if $v.valueFrom.secretKeyRef.namespace }} + {{- $secretfullname := printf "%s-%s-%s-%s" + $.root.Release.Name + $v.valueFrom.secretKeyRef.namespace + $v.valueFrom.secretKeyRef.name + $v.valueFrom.secretKeyRef.key + }} + name: {{ printf "%s-%s-%s-%s-%s-%s" + $.root.Release.Name + ($v.valueFrom.secretKeyRef.namespace | substr 0 5) + ($v.valueFrom.secretKeyRef.name | substr 0 5) + ($v.valueFrom.secretKeyRef.key | substr 0 5) + (sha256sum $secretfullname | substr 0 4) + ($.suffix) + | lower | replace "." "" | replace "_" "" + }} + {{- else }} + name: {{ $v.valueFrom.secretKeyRef.name }} + {{- end }} + key: {{ $v.valueFrom.secretKeyRef.key }} + optional: {{ $v.valueFrom.secretKeyRef.optional | default "false" }} +{{- end }} +{{- end }} {{/* Create Volume name. */}} @@ -84,18 +167,21 @@ Generate a preflight check script invocation. */}} {{- define "yugabyte.preflight_check" -}} {{- if not .Values.preflight.skipAll -}} +{{- $port := .Preflight.Port -}} +{{- range $addr := split "," .Preflight.Addr -}} if [ -f /home/yugabyte/tools/k8s_preflight.py ]; then PYTHONUNBUFFERED="true" /home/yugabyte/tools/k8s_preflight.py \ dnscheck \ - --addr="{{ .Preflight.Addr }}" \ -{{- if not .Values.preflight.skipBind }} - --port="{{ .Preflight.Port }}" + --addr="{{ $addr }}" \ +{{- if not $.Values.preflight.skipBind }} + --port="{{ $port }}" {{- else }} --skip_bind {{- end }} fi && \ -{{- end -}} -{{- end -}} +{{ end }} +{{- end }} +{{- end }} {{/* Get YugaByte fs data directories. @@ -130,12 +216,20 @@ echo "disk check at: $(date)" \ Generate server FQDN. */}} {{- define "yugabyte.server_fqdn" -}} - {{- if (and .Values.istioCompatibility.enabled .Values.multicluster.createServicePerPod) -}} + {{- if .Values.multicluster.createServicePerPod -}} {{- printf "$(HOSTNAME).$(NAMESPACE).svc.%s" .Values.domainName -}} + {{- else if (and .Values.oldNamingStyle .Values.multicluster.createServiceExports) -}} + {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} + {{- printf "$(HOSTNAME).%s.%s.$(NAMESPACE).svc.clusterset.local" $membershipName .Service.name -}} {{- else if .Values.oldNamingStyle -}} {{- printf "$(HOSTNAME).%s.$(NAMESPACE).svc.%s" .Service.name .Values.domainName -}} {{- else -}} - {{- printf "$(HOSTNAME).%s-%s.$(NAMESPACE).svc.%s" (include "yugabyte.fullname" .) .Service.name .Values.domainName -}} + {{- if .Values.multicluster.createServiceExports -}} + {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} + {{- printf "$(HOSTNAME).%s.%s-%s.$(NAMESPACE).svc.clusterset.local" $membershipName (include "yugabyte.fullname" .) .Service.name -}} + {{- else -}} + {{- printf "$(HOSTNAME).%s-%s.$(NAMESPACE).svc.%s" (include "yugabyte.fullname" .) .Service.name .Values.domainName -}} + {{- end -}} {{- end -}} {{- end -}} @@ -148,10 +242,25 @@ Generate server broadcast address. {{/* Generate server RPC bind address. + +In case of multi-cluster services (MCS), we set it to $(POD_IP) to +ensure YCQL uses a resolvable address. +See https://github.com/yugabyte/yugabyte-db/issues/16155 + +We use a workaround for above in case of Istio by setting it to +$(POD_IP) and localhost. Master doesn't support that combination, so +we stick to 0.0.0.0, which works for master. */}} {{- define "yugabyte.rpc_bind_address" -}} + {{- $port := index .Service.ports "tcp-rpc-port" -}} {{- if .Values.istioCompatibility.enabled -}} - 0.0.0.0:{{ index .Service.ports "tcp-rpc-port" -}} + {{- if (eq .Service.name "yb-masters") -}} + 0.0.0.0:{{ $port }} + {{- else -}} + $(POD_IP):{{ $port }},127.0.0.1:{{ $port }} + {{- end -}} + {{- else if (or .Values.multicluster.createServiceExports .Values.multicluster.createServicePerPod) -}} + $(POD_IP):{{ $port }} {{- else -}} {{- include "yugabyte.server_fqdn" . -}} {{- end -}} @@ -168,7 +277,7 @@ Generate server web interface. Generate server CQL proxy bind address. */}} {{- define "yugabyte.cql_proxy_bind_address" -}} - {{- if .Values.istioCompatibility.enabled -}} + {{- if or .Values.istioCompatibility.enabled .Values.multicluster.createServiceExports .Values.multicluster.createServicePerPod -}} 0.0.0.0:{{ index .Service.ports "tcp-yql-port" -}} {{- else -}} {{- include "yugabyte.server_fqdn" . -}} @@ -213,10 +322,10 @@ Compute the maximum number of unavailable pods based on the number of master rep Set consistent issuer name. */}} {{- define "yugabyte.tls_cm_issuer" -}} - {{- if .Values.tls.certManager.useClusterIssuer -}} - {{ .Values.tls.certManager.clusterIssuer }} - {{- else -}} + {{- if .Values.tls.certManager.bootstrapSelfsigned -}} {{ .Values.oldNamingStyle | ternary "yugabyte-selfsigned" (printf "%s-selfsigned" (include "yugabyte.fullname" .)) }} + {{- else -}} + {{ .Values.tls.certManager.useClusterIssuer | ternary .Values.tls.certManager.clusterIssuer .Values.tls.certManager.issuer}} {{- end -}} {{- end -}} @@ -256,3 +365,51 @@ Set consistent issuer name. {{- end -}} {{- end -}} {{- end -}} + +{{/* + Default nodeAffinity for multi-az deployments +*/}} +{{- define "yugabyte.multiAZNodeAffinity" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: + - {{ quote .Values.AZ }} + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - {{ quote .Values.AZ }} +{{- end -}} + +{{/* + Default podAntiAffinity for master and tserver + + This requires "appLabelArgs" to be passed in - defined in service.yaml + we have a .root and a .label in appLabelArgs +*/}} +{{- define "yugabyte.podAntiAffinity" -}} +preferredDuringSchedulingIgnoredDuringExecution: +- weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + {{- if .root.Values.oldNamingStyle }} + - key: app + operator: In + values: + - "{{ .label }}" + {{- else }} + - key: app.kubernetes.io/name + operator: In + values: + - "{{ .label }}" + - key: release + operator: In + values: + - {{ .root.Release.Name | quote }} + {{- end }} + topologyKey: kubernetes.io/hostname +{{- end -}} diff --git a/charts/yugabyte/yugabyte/templates/certificates.yaml b/charts/yugabyte/yugabyte/templates/certificates.yaml index f8dd4acb5..07fc2e5f5 100644 --- a/charts/yugabyte/yugabyte/templates/certificates.yaml +++ b/charts/yugabyte/yugabyte/templates/certificates.yaml @@ -1,7 +1,7 @@ {{- $root := . -}} --- {{- if $root.Values.tls.certManager.enabled }} -{{- if not $root.Values.tls.certManager.useClusterIssuer }} +{{- if $root.Values.tls.certManager.bootstrapSelfsigned }} --- apiVersion: cert-manager.io/v1 kind: Issuer @@ -37,13 +37,38 @@ spec: ca: secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-ca" (printf "%s-ca" (include "yugabyte.fullname" $root)) }} --- +{{- else }} +{{/* when bootstrapSelfsigned = false, ie. when using an external CA. +Create a Secret with just the rootCA.cert value and mount into master/tserver pods. +This will be used as a fall back in case the Secret generated by cert-manager does not +have a root ca.crt. This can happen for certain certificate issuers like LetsEncrypt. +*/}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-root-ca" (include "yugabyte.fullname" $root) }} + namespace: "{{ $root.Release.Namespace }}" + labels: + {{- include "yugabyte.labels" $root | indent 4 }} +type: Opaque +data: + ca.crt: {{ $root.Values.tls.rootCA.cert }} +--- {{- end }} +{{/* +The below Certificate resource will trigger cert-manager to issue crt/key into Secrets. +These secrets are mounted into master/tserver pods. +*/}} {{- range .Values.Services }} {{- $service := . -}} {{- $appLabelArgs := dict "label" .label "root" $root -}} {{- $serviceValues := (dict "Service" $service "Values" $root.Values "Chart" $root.Chart "Release" $root.Release) -}} +{{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} + +{{- if (gt (int $replicas) 0) }} --- apiVersion: cert-manager.io/v1 kind: Certificate @@ -65,28 +90,29 @@ spec: secretName: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" $service.label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) $service.label) }} duration: {{ $root.Values.tls.certManager.certificates.duration | quote }} renewBefore: {{ $root.Values.tls.certManager.certificates.renewBefore | quote }} - commonName: yugabyte-{{ .name }} isCA: false privateKey: algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} encoding: PKCS8 size: {{ $root.Values.tls.certManager.certificates.keySize }} + rotationPolicy: Always usages: - server auth - client auth # At least one of a DNS Name, URI, or IP address is required. dnsNames: - {{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} {{- range $index := until ( int ( $replicas ) ) }} {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} - {{$node}} {{- end }} + - {{ printf "%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} uris: [] ipAddresses: [] --- {{- end }} +{{- end }} --- apiVersion: cert-manager.io/v1 @@ -114,6 +140,7 @@ spec: algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} encoding: PKCS8 size: {{ $root.Values.tls.certManager.certificates.keySize }} + rotationPolicy: Always usages: - client auth dnsNames: [] diff --git a/charts/yugabyte/yugabyte/templates/debug_config_map.yaml b/charts/yugabyte/yugabyte/templates/debug_config_map.yaml new file mode 100644 index 000000000..a15c4fc9a --- /dev/null +++ b/charts/yugabyte/yugabyte/templates/debug_config_map.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "yugabyte.fullname" . }}-master-hooks + namespace: "{{ .Release.Namespace }}" +data: +{{- range $index := until ( int ( .Values.replicas.master ) ) }} + yb-master-{{.}}-pre_debug_hook.sh: "echo 'hello-from-pre' " + yb-master-{{.}}-post_debug_hook.sh: "echo 'hello-from-post' " +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "yugabyte.fullname" . }}-tserver-hooks + namespace: "{{ .Release.Namespace }}" +data: +{{- range $index := until ( int ( .Values.replicas.tserver) ) }} + yb-tserver-{{.}}-pre_debug_hook.sh: "echo 'hello-from-pre' " + yb-tserver-{{.}}-post_debug_hook.sh: "echo 'hello-from-post' " +{{- end }} +--- diff --git a/charts/yugabyte/yugabyte/templates/multicluster-common-tserver-service.yaml b/charts/yugabyte/yugabyte/templates/multicluster/common-tserver-service.yaml similarity index 100% rename from charts/yugabyte/yugabyte/templates/multicluster-common-tserver-service.yaml rename to charts/yugabyte/yugabyte/templates/multicluster/common-tserver-service.yaml diff --git a/charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml b/charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml new file mode 100644 index 000000000..eeafcb1bb --- /dev/null +++ b/charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml @@ -0,0 +1,21 @@ +{{- /* + Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export + https://github.com/kubernetes/enhancements/tree/master/keps/sig-multicluster/1645-multi-cluster-services-api#exporting-services +*/}} +{{- if .Values.multicluster.createServiceExports }} +apiVersion: {{ .Values.multicluster.mcsApiVersion }} +kind: ServiceExport +metadata: + name: {{ .Values.oldNamingStyle | ternary "yb-masters" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-masters") | quote }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "yugabyte.labels" . | indent 4 }} +--- +apiVersion: {{ .Values.multicluster.mcsApiVersion }} +kind: ServiceExport +metadata: + name: {{ .Values.oldNamingStyle | ternary "yb-tservers" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-tservers") | quote }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "yugabyte.labels" . | indent 4 }} +{{ end -}} diff --git a/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml b/charts/yugabyte/yugabyte/templates/multicluster/service-per-pod.yaml similarity index 82% rename from charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml rename to charts/yugabyte/yugabyte/templates/multicluster/service-per-pod.yaml index a26b39018..15e09dce8 100644 --- a/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml +++ b/charts/yugabyte/yugabyte/templates/multicluster/service-per-pod.yaml @@ -11,11 +11,19 @@ metadata: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} {{- include "yugabyte.labels" $ | indent 4 }} + service-type: "non-endpoint" spec: ports: {{- range $label, $port := $server.ports }} + {{- if (eq $label "grpc-ybc-port") }} + {{- if $.Values.ybc.enabled }} - name: {{ $label | quote }} port: {{ $port }} + {{- end }} + {{- else }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end }} {{- end}} selector: statefulset.kubernetes.io/pod-name: {{ $podName | quote }} diff --git a/charts/yugabyte/yugabyte/templates/secrets.yaml b/charts/yugabyte/yugabyte/templates/secrets.yaml new file mode 100644 index 000000000..0bd903457 --- /dev/null +++ b/charts/yugabyte/yugabyte/templates/secrets.yaml @@ -0,0 +1,7 @@ +{{- $root := . -}} +--- # Create secrets from other namespaces for masters. +{{- $data := dict "secretenv" $.Values.master.secretEnv "root" . "suffix" "master"}} +{{- include "yugabyte.envsecrets" $data }} +--- # Create secrets from other namespaces for tservers. +{{- $data := dict "secretenv" $.Values.tserver.secretEnv "root" . "suffix" "tserver" }} +{{- include "yugabyte.envsecrets" $data }} \ No newline at end of file diff --git a/charts/yugabyte/yugabyte/templates/service.yaml b/charts/yugabyte/yugabyte/templates/service.yaml index f44ece98d..f3fc56a83 100644 --- a/charts/yugabyte/yugabyte/templates/service.yaml +++ b/charts/yugabyte/yugabyte/templates/service.yaml @@ -24,7 +24,7 @@ data: {{- end }} --- {{- end }} - +--- {{- range .Values.Services }} {{- $service := . -}} {{- $appLabelArgs := dict "label" .label "root" $root -}} @@ -46,12 +46,29 @@ data: {{- range $index := until ( int ( $replicas ) ) }} {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} + +{{- if $root.Values.multicluster.createServiceExports -}} + {{- $nodeOldStyle = printf "%s-%d.%s.%s.%s.svc.clusterset.local" $service.label $index $root.Values.multicluster.kubernetesClusterId $service.name $root.Release.Namespace }} + {{- $nodeNewStyle = printf "%s-%s-%d.%s.%s-%s.%s.svc.clusterset.local" (include "yugabyte.fullname" $root) $service.label $index $root.Values.multicluster.kubernetesClusterId (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} +{{- end -}} + +{{- if $root.Values.multicluster.createServicePerPod -}} + {{- $nodeOldStyle = printf "%s-%d.%s.svc.%s" $service.label $index $root.Release.Namespace $root.Values.domainName }} + {{- $nodeNewStyle = printf "%s-%s-%d.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index $root.Release.Namespace $root.Values.domainName }} +{{- end -}} + {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} {{- if $root.Values.tls.rootCA.key }} -{{- $dns1 := printf "*.*.%s" $root.Release.Namespace }} +{{- $dns1 := printf "*.%s-%s.%s" (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} {{- $dns2 := printf "%s.svc.%s" $dns1 $root.Values.domainName }} +{{- if $root.Values.multicluster.createServiceExports -}} + {{- $dns1 = printf "*.%s.%s-%s.%s.svc.clusterset.local" $root.Values.multicluster.kubernetesClusterId (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} +{{- end -}} +{{- if $root.Values.multicluster.createServicePerPod -}} + {{- $dns1 = printf "*.%s.svc.%s" $root.Release.Namespace $root.Values.domainName }} +{{- end -}} {{- $rootCA := buildCustomCert $root.Values.tls.rootCA.cert $root.Values.tls.rootCA.key -}} -{{- $server := genSignedCert $node ( default nil ) (list $dns1 $dns2 ) 3650 $rootCA }} +{{- $server := genSignedCert $node ( default nil ) (list $node $dns1 $dns2 ) 3650 $rootCA }} node.{{$node}}.crt: {{ $server.Cert | b64enc }} node.{{$node}}.key: {{ $server.Key | b64enc }} {{- else }} @@ -75,13 +92,20 @@ spec: clusterIP: None ports: {{- range $label, $port := .ports }} + {{- if (eq $label "grpc-ybc-port") }} + {{- if $root.Values.ybc.enabled }} - name: {{ $label | quote }} port: {{ $port }} + {{- end }} + {{- else }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end }} {{- end}} selector: {{- include "yugabyte.appselector" ($appLabelArgs) | indent 4 }} -{{ if $root.Values.enableLoadBalancer }} +{{- if $root.Values.enableLoadBalancer }} {{- range $endpoint := $root.Values.serviceEndpoints }} {{- if eq $service.label $endpoint.app }} --- @@ -94,11 +118,12 @@ metadata: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} {{- include "yugabyte.labels" $root | indent 4 }} + service-type: "endpoint" spec: - {{ if eq $root.Release.Service "Tiller" }} + {{- if eq $root.Release.Service "Tiller" }} clusterIP: - {{ else }} - {{ if $endpoint.clusterIP }} + {{- else }} + {{- if $endpoint.clusterIP }} clusterIP: {{ $endpoint.clusterIP }} {{- end }} {{- end }} @@ -116,7 +141,7 @@ spec: {{- end }} {{- end}} {{- end}} -{{ end }} +{{- end}} --- apiVersion: apps/v1 @@ -197,6 +222,9 @@ spec: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 8 }} {{- include "yugabyte.labels" $root | indent 8 }} + {{- if $root.Values.istioCompatibility.enabled }} + sidecar.istio.io/inject: "true" + {{- end }} {{- if eq .name "yb-masters" }} {{- with $root.Values.master.podLabels }}{{ toYaml . | nindent 8 }}{{ end }} {{- else }} @@ -214,62 +242,95 @@ spec: nodeSelector: {{ toYaml $root.Values.nodeSelector | indent 8 }} {{- end }} - terminationGracePeriodSeconds: 300 {{- if eq .name "yb-masters" }} # yb-masters + {{- with $root.Values.master.serviceAccount }} + serviceAccountName: {{ . }} + {{- end }} {{- if $root.Values.master.tolerations }} tolerations: {{- with $root.Values.master.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} {{- end }} {{- else }} # yb-tservers + {{- with $root.Values.tserver.serviceAccount }} + serviceAccountName: {{ . }} + {{- end }} {{- if $root.Values.tserver.tolerations }} tolerations: {{- with $root.Values.tserver.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} {{- end }} {{- end }} + terminationGracePeriodSeconds: 300 affinity: - # Set the anti-affinity selector scope to YB masters. + # Set the anti-affinity selector scope to YB masters and tservers. + {{- $nodeAffinityData := dict}} + {{- if eq .name "yb-masters" -}} + {{- $nodeAffinityData = get $root.Values.master.affinity "nodeAffinity" | default (dict) -}} + {{- else -}} + {{- $nodeAffinityData = get $root.Values.tserver.affinity "nodeAffinity" | default (dict) -}} + {{- end -}} {{ if $root.Values.AZ }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: failure-domain.beta.kubernetes.io/zone - operator: In - values: - - {{ $root.Values.AZ }} - - matchExpressions: - - key: topology.kubernetes.io/zone - operator: In - values: - - {{ $root.Values.AZ }} + {{- $userSelectorTerms := dig "requiredDuringSchedulingIgnoredDuringExecution" "nodeSelectorTerms" "" $nodeAffinityData | default (list) -}} + {{- $baseAffinity := include "yugabyte.multiAZNodeAffinity" $root | fromYaml -}} + {{- $requiredSchedule := (list) -}} + {{- if $userSelectorTerms -}} + {{- range $userSelectorTerms -}} + {{- $userTerm := . -}} + {{- range $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms -}} + {{- $matchExpr := concat .matchExpressions $userTerm.matchExpressions | dict "matchExpressions" -}} + {{- $requiredSchedule = mustMerge $matchExpr $userTerm | append $requiredSchedule -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- $requiredSchedule = $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms -}} + {{- end -}} + + {{- with $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution -}} + {{- $_ := set . "nodeSelectorTerms" $requiredSchedule -}} + {{- end -}} + {{- $nodeAffinityData = mustMerge $baseAffinity $nodeAffinityData -}} + {{- end -}} + + {{- $podAntiAffinityData := dict -}} + {{- $basePodAntiAffinity := include "yugabyte.podAntiAffinity" ($appLabelArgs) | fromYaml -}} + {{- if eq .name "yb-masters" -}} + {{- with $root.Values.master.affinity -}} + {{- $userPodAntiAffinity := get . "podAntiAffinity" | default (dict) -}} + {{- if $userPodAntiAffinity -}} + {{- $preferredList := dig "preferredDuringSchedulingIgnoredDuringExecution" "" $userPodAntiAffinity | default (list) | concat $basePodAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution}} + {{- $_ := set $basePodAntiAffinity "preferredDuringSchedulingIgnoredDuringExecution" $preferredList -}} + {{- end -}} + {{- $podAntiAffinityData = mustMerge $basePodAntiAffinity $userPodAntiAffinity -}} + {{- end -}} + {{- else -}} + {{- with $root.Values.tserver.affinity -}} + {{- $userPodAntiAffinity := get . "podAntiAffinity" | default (dict) -}} + {{- if $userPodAntiAffinity -}} + {{- $preferredList := dig "preferredDuringSchedulingIgnoredDuringExecution" "" $userPodAntiAffinity | default (list) | concat $basePodAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution}} + {{- $_ := set $basePodAntiAffinity "preferredDuringSchedulingIgnoredDuringExecution" $preferredList -}} + {{- end -}} + {{- $podAntiAffinityData = mustMerge $basePodAntiAffinity $userPodAntiAffinity -}} + {{- end -}} + {{- end -}} + + {{- if eq .name "yb-masters" -}} + {{- if $nodeAffinityData -}} + {{- $_ := set $root.Values.master.affinity "nodeAffinity" $nodeAffinityData -}} + {{- end -}} + {{- $_ := set $root.Values.master.affinity "podAntiAffinity" $podAntiAffinityData -}} + {{ toYaml $root.Values.master.affinity | nindent 8 }} + {{- else -}} + {{- if $nodeAffinityData -}} + {{- $_ := set $root.Values.tserver.affinity "nodeAffinity" $nodeAffinityData -}} + {{- end -}} + {{- $_ := set $root.Values.tserver.affinity "podAntiAffinity" $podAntiAffinityData -}} + {{ toYaml $root.Values.tserver.affinity | nindent 8 }} {{ end }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - {{- if $root.Values.oldNamingStyle }} - - key: app - operator: In - values: - - "{{ .label }}" - {{- else }} - - key: app.kubernetes.io/name - operator: In - values: - - "{{ .label }}" - - key: release - operator: In - values: - - {{ $root.Release.Name | quote }} - {{- end }} - topologyKey: kubernetes.io/hostname - {{- if eq .name "yb-masters" }} - {{- with $root.Values.master.affinity }}{{ toYaml . | nindent 8 }}{{ end }} - {{- else }} - {{- with $root.Values.tserver.affinity }}{{ toYaml . | nindent 8 }}{{ end }} - {{- end }} + {{- with $root.Values.dnsConfig }} + dnsConfig: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $root.Values.dnsPolicy }} + dnsPolicy: {{ . | quote }} + {{- end }} containers: - name: "{{ .label }}" image: "{{ $root.Values.Image.repository }}:{{ $root.Values.Image.tag }}" @@ -321,18 +382,20 @@ spec: - name: YBDEVOPS_CORECOPY_DIR value: "/mnt/disk0/cores" {{- if eq .name "yb-masters" }} - {{- with $root.Values.master.extraEnv }}{{ toYaml . | nindent 8 }}{{ end }} - {{- with $root.Values.master.secretEnv }}{{ toYaml . | nindent 8 }}{{ end }} + {{- with $root.Values.master.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} + {{- $data := dict "secretenv" $root.Values.master.secretEnv "root" $root "suffix" "master"}} + {{- include "yugabyte.addenvsecrets" $data | nindent 8 }} {{- else }} - {{- with $root.Values.tserver.extraEnv }}{{ toYaml . | nindent 8 }}{{ end }} - {{- with $root.Values.tserver.secretEnv }}{{ toYaml . | nindent 8 }}{{ end }} + {{- with $root.Values.tserver.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} + {{- $data := dict "secretenv" $root.Values.tserver.secretEnv "root" $root "suffix" "tserver" }} + {{- include "yugabyte.addenvsecrets" $data | nindent 8 }} {{- end }} {{- if and $root.Values.tls.enabled $root.Values.tls.clientToServer (ne .name "yb-masters") }} - name: SSL_CERTFILE value: /root/.yugabytedb/root.crt {{- end }} resources: - {{ if eq .name "yb-masters" }} + {{- if eq .name "yb-masters" }} {{ toYaml $root.Values.resource.master | indent 10 }} {{ else }} {{ toYaml $root.Values.resource.tserver | indent 10 }} @@ -363,10 +426,13 @@ spec: {{- $rpcPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $rpcDict) -}} {{- if $rpcPreflight -}}{{ $rpcPreflight | nindent 12 }}{{ end -}} {{- $broadcastAddr := include "yugabyte.server_broadcast_address" $serviceValues -}} - {{- $broadcastPort := index $service.ports "tcp-rpc-port" -}} - {{- $broadcastDict := dict "Addr" $broadcastAddr "Port" $broadcastPort -}} - {{- $broadcastPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $broadcastDict) -}} - {{- if $broadcastPreflight -}}{{ $broadcastPreflight | nindent 12 }}{{ end -}} + {{/* skip bind check for servicePerPod multi-cluster, we cannot/don't bind to service IP */}} + {{- if not $root.Values.multicluster.createServicePerPod }} + {{- $broadcastPort := index $service.ports "tcp-rpc-port" -}} + {{- $broadcastDict := dict "Addr" $broadcastAddr "Port" $broadcastPort -}} + {{- $broadcastPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $broadcastDict) -}} + {{- if $broadcastPreflight -}}{{ $broadcastPreflight | nindent 12 }}{{ end -}} + {{- end }} {{- $webserverAddr := include "yugabyte.webserver_interface" $serviceValues -}} {{- $webserverPort := index $service.ports "http-ui" -}} {{- $webserverDict := dict "Addr" $webserverAddr "Port" $webserverPort -}} @@ -377,6 +443,25 @@ spec: else k8s_parent="" fi && \ + {{- if and $root.Values.tls.enabled $root.Values.tls.certManager.enabled }} + echo "Creating ephemeral /opt/certs/yugabyte/ as symlink to persisted /mnt/disk0/certs/" && \ + mkdir -p /mnt/disk0/certs && \ + mkdir -p /opt/certs && \ + ln -s /mnt/disk0/certs /opt/certs/yugabyte && \ + if [[ ! -f /opt/certs/yugabyte/ca.crt ]]; then + echo "Fresh install of /opt/certs/yugabyte/ca.crt" + cp /home/yugabyte/cert-manager/ca.crt /opt/certs/yugabyte/ca.crt; + fi && \ + cmp -s /home/yugabyte/cert-manager/ca.crt /opt/certs/yugabyte/ca.crt;sameRootCA=$? && \ + if [[ $sameRootCA -eq 0 ]]; then + echo "Refreshing tls certs at /opt/certs/yugabyte/"; + cp /home/yugabyte/cert-manager/tls.crt /opt/certs/yugabyte/node.{{$rpcAddr}}.crt; + cp /home/yugabyte/cert-manager/tls.key /opt/certs/yugabyte/node.{{$rpcAddr}}.key; + chmod 600 /opt/certs/yugabyte/* + else + echo "WARNING: Not refreshing certificates as the root ca.crt has changed" + fi && \ + {{- end }} {{- if eq .name "yb-masters" }} exec ${k8s_parent} /home/yugabyte/bin/yb-master \ {{- if not $root.Values.storage.ephemeral }} @@ -480,10 +565,18 @@ spec: {{- end }} ports: {{- range $label, $port := .ports }} + {{- if not (eq $label "grpc-ybc-port") }} - containerPort: {{ $port }} name: {{ $label | quote }} + {{- end }} {{- end}} volumeMounts: + {{- if (eq .name "yb-tservers") }} + - name: tserver-tmp + mountPath: /tmp + {{- end }} + - name: debug-hooks-volume + mountPath: /opt/debug_hooks_config {{ if not $root.Values.storage.ephemeral }} {{- range $index := until (int ($storageInfo.count)) }} - name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} @@ -492,7 +585,7 @@ spec: {{- end }} {{- if $root.Values.tls.enabled }} - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} - mountPath: /opt/certs/yugabyte + mountPath: {{ $root.Values.tls.certManager.enabled | ternary "/home/yugabyte/cert-manager" "/opt/certs/yugabyte" }} readOnly: true - name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} mountPath: /root/.yugabytedb/ @@ -531,9 +624,86 @@ spec: - name: {{ $root.Values.oldNamingStyle | ternary "datadir0" (printf "%s0" (include "yugabyte.volume_name" $root)) }} mountPath: /var/yugabyte/cores subPath: cores + {{- if $root.Values.ybCleanup.resources }} + resources: {{ toYaml $root.Values.ybCleanup.resources | nindent 10 }} + {{- end }} {{- end }} + {{- if and (eq .name "yb-tservers") ($root.Values.ybc.enabled) }} + - name: yb-controller + image: "{{ $root.Values.Image.repository }}:{{ $root.Values.Image.tag }}" + imagePullPolicy: {{ $root.Values.Image.pullPolicy }} + lifecycle: + postStart: + exec: + command: + - "bash" + - "-c" + - > + mkdir -p /mnt/disk0/yw-data/controller/tmp; + mkdir -p /mnt/disk0/yw-data/controller/conf; + mkdir -p /mnt/disk0/ybc-data/controller/logs; + mkdir -p /tmp/yugabyte/controller; + ln -sf /mnt/disk0/ybc-data/controller/logs /tmp/yugabyte/controller; + ln -sf /mnt/disk0/yw-data/controller/bin /tmp/yugabyte/controller; + rm -f /tmp/yugabyte/controller/yb-controller.pid; + {{- if and $root.Values.tls.enabled $root.Values.tls.certManager.enabled }} + mkdir -p /opt/certs; + ln -sf /mnt/disk0/certs /opt/certs/yugabyte; + {{- end }} + command: + - "/sbin/tini" + - "--" + args: + - "/bin/bash" + - "-c" + - > + while true; do + sleep 60; + /home/yugabyte/tools/k8s_ybc_parent.py status || /home/yugabyte/tools/k8s_ybc_parent.py start; + done + {{- with index $service.ports "grpc-ybc-port" }} + ports: + - containerPort: {{ . }} + name: "grpc-ybc-port" + {{- end }} + volumeMounts: + - name: tserver-tmp + mountPath: /tmp + {{- if not $root.Values.storage.ephemeral }} + {{- range $index := until (int ($storageInfo.count)) }} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} + mountPath: /mnt/disk{{ $index }} + {{- end }} + {{- end }} + {{- if $root.Values.tls.enabled }} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + mountPath: {{ $root.Values.tls.certManager.enabled | ternary "/home/yugabyte/cert-manager" "/opt/certs/yugabyte" }} + readOnly: true + {{- end }} + {{- if ($root.Values.tserver.extraVolumeMounts) -}} + {{- include "yugabyte.isExtraVolumesMappingExists" $root.Values.tserver -}} + {{- $root.Values.tserver.extraVolumeMounts | toYaml | nindent 10 -}} + {{- end -}} + {{- if $root.Values.ybc.resources }} + resources: {{ toYaml $root.Values.ybc.resources | nindent 10 }} + {{- end }} + {{- end}} + volumes: + {{- if (eq .name "yb-masters") }} + - name: debug-hooks-volume + configMap: + name: {{ include "yugabyte.fullname" $root }}-master-hooks + defaultMode: 0755 + {{- else if (eq .name "yb-tservers") }} + - name: debug-hooks-volume + configMap: + name: {{ include "yugabyte.fullname" $root }}-tserver-hooks + defaultMode: 0755 + - name: tserver-tmp + emptyDir: {} + {{- end }} {{ if not $root.Values.storage.ephemeral }} {{- range $index := until (int ($storageInfo.count)) }} - name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} @@ -542,25 +712,24 @@ spec: {{- end }} {{- end }} {{- if $root.Values.tls.enabled }} + {{- if $root.Values.tls.certManager.enabled }} + {{- /* certManager enabled */}} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + projected: + sources: + {{- if not $root.Values.tls.certManager.bootstrapSelfsigned }} + - secret: + name: {{ printf "%s-root-ca" (include "yugabyte.fullname" $root) }} + {{- end }} + - secret: + name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + {{- else }} + {{/* certManager disabled */}} - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} secret: secretName: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} - {{- if $root.Values.tls.certManager.enabled }} - items: - {{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} - {{- range $index := until ( int ( $replicas ) ) }} - {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} - {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} - {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} - - key: tls.crt - path: node.{{$node}}.crt - - key: tls.key - path: node.{{$node}}.key - {{- end }} - - key: ca.crt - path: ca.crt - {{- end }} defaultMode: 256 + {{- end }} - name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} secret: secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} diff --git a/charts/yugabyte/yugabyte/values.yaml b/charts/yugabyte/yugabyte/values.yaml index bed2222da..8167c76be 100644 --- a/charts/yugabyte/yugabyte/values.yaml +++ b/charts/yugabyte/yugabyte/values.yaml @@ -2,10 +2,15 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. Component: "yugabytedb" + +fullnameOverride: "" +nameOverride: "" + Image: repository: "yugabytedb/yugabyte" - tag: 2.14.15.0-b57 + tag: 2.18.6.0-b73 pullPolicy: IfNotPresent + pullSecretName: "" storage: ephemeral: false # will not allocate PVs when true @@ -21,27 +26,38 @@ storage: resource: master: requests: - cpu: 2 + cpu: "2" memory: 2Gi limits: - cpu: 2 + cpu: "2" memory: 2Gi tserver: requests: - cpu: 2 + cpu: "2" memory: 4Gi limits: - cpu: 2 + cpu: "2" memory: 4Gi replicas: master: 3 tserver: 3 + ## Used to set replication factor when isMultiAz is set to true + totalMasters: 3 partition: master: 0 tserver: 0 +# Used in Multi-AZ setup +masterAddresses: "" + +isMultiAz: false +AZ: "" + +# Disable the YSQL +disableYsql: false + tls: # Set to true to enable the TLS. enabled: false @@ -52,25 +68,33 @@ tls: # Set enabled to true to use cert-manager instead of providing your own rootCA certManager: enabled: false - # Will create own ca certificate and issuer when set to false + # Will create own ca certificate and issuer when set to true + bootstrapSelfsigned: true + # Use ClusterIssuer when set to true, otherwise use Issuer useClusterIssuer: false - # ignored when useClusterIssuer is false + # Name of ClusterIssuer to use when useClusterIssuer is true clusterIssuer: cluster-ca + # Name of Issuer to use when useClusterIssuer is false + issuer: yugabyte-ca certificates: # The lifetime before cert-manager will issue a new certificate. # The re-issued certificates will not be automatically reloaded by the service. # It is necessary to provide some external means of restarting the pods. duration: 2160h # 90d renewBefore: 360h # 15d - algorithm: ECDSA # ECDSA or RSA - # Can be 2046, 4096 or 8192 for RSA + algorithm: RSA # ECDSA or RSA + # Can be 2048, 4096 or 8192 for RSA # Or 256, 384 or 521 for ECDSA - keySize: 521 + keySize: 2048 - # Will be ignored when certManager.enabled=true + ## When certManager.enabled=false, rootCA.cert and rootCA.key are used to generate TLS certs. + ## When certManager.enabled=true and boostrapSelfsigned=true, rootCA is ignored. + ## When certManager.enabled=true and bootstrapSelfsigned=false, only rootCA.cert is used + ## to verify TLS certs generated and signed by the external provider. rootCA: cert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2VENDQWRHZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFERXd0WmRXZGgKWW5sMFpTQkVRakFlRncweE9UQXlNRGd3TURRd01qSmFGdzB5T1RBeU1EVXdNRFF3TWpKYU1CWXhGREFTQmdOVgpCQU1UQzFsMVoyRmllWFJsSUVSQ01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCnVOMWF1aWc4b2pVMHM0OXF3QXhrT2FCaHkwcTlyaVg2akVyZWJyTHJOWDJOeHdWQmNVcWJkUlhVc3VZNS96RUQKUC9CZTNkcTFuMm9EQ2ZGVEwweGkyNFdNZExRcnJBMndCdzFtNHM1WmQzcEJ1U04yWHJkVVhkeUx6dUxlczJNbgovckJxcWRscXp6LzAyTk9TOE9SVFZCUVRTQTBSOFNMQ1RjSGxMQmRkMmdxZ1ZmemVXRlVObXhWQ2EwcHA5UENuCmpUamJJRzhJWkh5dnBkTyt3aURQM1Y1a1ZEaTkvbEtUaGUzcTFOeDg5VUNFcnRJa1pjSkYvWEs3aE90MU1sOXMKWDYzb2lVMTE1Q2svbGFGRjR6dWgrZk9VenpOVXRXeTc2RE92cm5pVGlaU0tQZDBBODNNa2l2N2VHaDVkV3owWgpsKzJ2a3dkZHJaRzVlaHhvbGhGS3pRSURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsCkJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dFQkFEQjVRbmlYd1ptdk52eG5VbS9sTTVFbms3VmhTUzRUZldIMHY4Q0srZWZMSVBTbwpVTkdLNXU5UzNEUWlvaU9SN1Vmc2YrRnk1QXljMmNUY1M2UXBxTCt0V1QrU1VITXNJNk9oQ05pQ1gvQjNKWERPCkd2R0RIQzBVOHo3aWJTcW5zQ2Rid05kajAyM0lwMHVqNE9DVHJ3azZjd0RBeXlwVWkwN2tkd28xYWJIWExqTnAKamVQMkwrY0hkc2dKM1N4WWpkK1kvei9IdmFrZG1RZDJTL1l2V0R3aU1SRDkrYmZXWkJVRHo3Y0QyQkxEVmU0aAp1bkFaK3NyelR2Sjd5dkVodzlHSDFyajd4Qm9VNjB5SUUrYSszK2xWSEs4WnBSV0NXMnh2eWNrYXJSKytPS2NKClFsL04wWExqNWJRUDVoUzdhOTdhQktTamNqY3E5VzNGcnhJa2tKST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdU4xYXVpZzhvalUwczQ5cXdBeGtPYUJoeTBxOXJpWDZqRXJlYnJMck5YMk54d1ZCCmNVcWJkUlhVc3VZNS96RURQL0JlM2RxMW4yb0RDZkZUTDB4aTI0V01kTFFyckEyd0J3MW00czVaZDNwQnVTTjIKWHJkVVhkeUx6dUxlczJNbi9yQnFxZGxxenovMDJOT1M4T1JUVkJRVFNBMFI4U0xDVGNIbExCZGQyZ3FnVmZ6ZQpXRlVObXhWQ2EwcHA5UENualRqYklHOElaSHl2cGRPK3dpRFAzVjVrVkRpOS9sS1RoZTNxMU54ODlVQ0VydElrClpjSkYvWEs3aE90MU1sOXNYNjNvaVUxMTVDay9sYUZGNHp1aCtmT1V6ek5VdFd5NzZET3ZybmlUaVpTS1BkMEEKODNNa2l2N2VHaDVkV3owWmwrMnZrd2RkclpHNWVoeG9saEZLelFJREFRQUJBb0lCQUJsdW1tU3gxR1djWER1Mwpwei8wZEhWWkV4c2NsU3U0SGRmZkZPcTF3cFlCUjlmeGFTZGsxQzR2YXF1UjhMaWl6WWVtVWViRGgraitkSnlSCmpwZ2JNaDV4S1BtRkw5empwU3ZUTkN4UHB3OUF5bm5sM3dyNHZhcU1CTS9aZGpuSGttRC9kQzBadEEvL0JIZ3YKNHk4d3VpWCsvUWdVaER0Z1JNcmR1ZUZ1OVlKaFo5UE9jYXkzSkkzMFhEYjdJSS9vNFNhYnhTcFI3bTg5WjY0NwpUb3hsOEhTSzl0SUQxbkl1bHVpTmx1dHI1RzdDdE93WTBSc2N5dmZ2elg4a1d2akpLZVJVbmhMSCtXVFZOaExICjdZc0tMNmlLa1NkckMzeWVPWnV4R0pEbVdrZVgxTzNPRUVGYkc4TjVEaGNqL0lXbDh1dGt3LzYwTEthNHBCS2cKTXhtNEx3RUNnWUVBNnlPRkhNY2pncHYxLzlHZC8yb3c2YmZKcTFjM1dqQkV2cnM2ZXNyMzgrU3UvdVFneXJNcAo5V01oZElpb2dYZjVlNjV5ZlIzYVBXcjJJdWMxZ0RUNlYycDZFR2h0NysyQkF1YkIzczloZisycVNRY1lkS3pmCnJOTDdKalE4ZEVGZWdYd041cHhKOTRTTVFZNEI4Qm9hOHNJWTd3TzU4dHpVMjZoclVnanFXQ1VDZ1lFQXlVUUIKNzViWlh6MGJ5cEc5NjNwYVp0bGlJY0cvUk1XMnVPOE9rVFNYSGdDSjBob25uRm5IMGZOc1pGTHdFWEtnTTRORworU3ZNbWtUekE5eVVSMHpIMFJ4UW44L1YzVWZLT2k5RktFeWx6NzNiRkV6ZW1QSEppQm12NWQ4ZTlOenZmU0E0CkdpRTYrYnFyV3VVWWRoRWlYTnY1SFNPZ3I4bUx1TzJDbGlmNTg0a0NnWUFlZzlDTmlJWmlOODAzOHNNWFYzZWIKalI5ZDNnYXY3SjJ2UnVyeTdvNDVGNDlpUXNiQ3AzZWxnY1RnczY5eWhkaFpwYXp6OGNEVndhREpyTW16cHF4cQpWY1liaFFIblppSWM5MGRubS9BaVF2eWJWNUZqNnQ5b05VVWtreGpaV1haalJXOGtZMW55QmtDUmJWVnhER0k4CjZOV0ZoeTFGaUVVVGNJcms3WVZFQlFLQmdRREpHTVIrYWRFamtlRlUwNjVadkZUYmN0VFVPY3dzb1Foalc2akkKZVMyTThxakNYeE80NnhQMnVTeFNTWFJKV3FpckQ3NDRkUVRvRjRCaEdXS21veGI3M3pqSGxWaHcwcXhDMnJ4VQorZENxODE0VXVJR3BlOTBMdWU3QTFlRU9kRHB1WVdUczVzc1FmdTE3MG5CUWQrcEhzaHNFZkhhdmJjZkhyTGpQCjQzMmhVUUtCZ1FDZ3hMZG5Pd2JMaHZLVkhhdTdPVXQxbGpUT240SnB5bHpnb3hFRXpzaDhDK0ZKUUQ1bkFxZXEKZUpWSkNCd2VkallBSDR6MUV3cHJjWnJIN3IyUTBqT2ZFallwU1dkZGxXaWh4OTNYODZ0aG83UzJuUlYrN1hNcQpPVW9ZcVZ1WGlGMWdMM1NGeHZqMHhxV3l0d0NPTW5DZGFCb0M0Tkw3enJtL0lZOEUwSkw2MkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" + ## When tls.certManager.enabled=false ## nodeCert and clientCert will be used only when rootCA.key is empty. ## Will be ignored and genSignedCert will be used to generate ## node and client certs if rootCA.key is provided. @@ -85,33 +109,58 @@ tls: gflags: master: default_memory_limit_to_ram_ratio: 0.85 -# tserver: + tserver: {} # use_cassandra_authentication: false PodManagementPolicy: Parallel enableLoadBalancer: true -isMultiAz: false +ybc: + enabled: false + ## https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container + ## Use the above link to learn more about Kubernetes resources configuration. + # resources: + # requests: + # cpu: "1" + # memory: 1Gi + # limits: + # cpu: "1" + # memory: 1Gi + +ybCleanup: {} + ## https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container + ## Use the above link to learn more about Kubernetes resources configuration. + # resources: + # requests: + # cpu: "1" + # memory: 1Gi + # limits: + # cpu: "1" + # memory: 1Gi domainName: "cluster.local" serviceEndpoints: - name: "yb-master-ui" type: LoadBalancer + annotations: {} + clusterIP: "" ## Sets the Service's externalTrafficPolicy - # externalTrafficPolicy: "" + externalTrafficPolicy: "" app: "yb-master" - # loadBalancerIP: "" + loadBalancerIP: "" ports: http-ui: "7000" - name: "yb-tserver-service" type: LoadBalancer + annotations: {} + clusterIP: "" ## Sets the Service's externalTrafficPolicy - # externalTrafficPolicy: "" + externalTrafficPolicy: "" app: "yb-tserver" - # loadBalancerIP: "" + loadBalancerIP: "" ports: tcp-yql-port: "9042" tcp-yedis-port: "6379" @@ -138,8 +187,11 @@ Services: http-ycql-met: "12000" http-yedis-met: "11000" http-ysql-met: "13000" + grpc-ybc-port: "18018" -## Should be set to true only if Istio is being used. + +## Should be set to true only if Istio is being used. This also adds +## the Istio sidecar injection labels to the pods. ## TODO: remove this once ## https://github.com/yugabyte/yugabyte-db/issues/5641 is fixed. ## @@ -156,6 +208,22 @@ multicluster: ## failover. Useful when using new naming style. createCommonTserverService: false + ## Enable it to deploy YugabyteDB in a multi-cluster services enabled + ## Kubernetes cluster (KEP-1645). This will create ServiceExport. + ## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export + ## You can use this gist for the reference to deploy the YugabyteDB in a multi-cluster scenario. + ## Gist - https://gist.github.com/baba230896/78cc9bb6f4ba0b3d0e611cd49ed201bf + createServiceExports: false + + ## Mandatory variable when createServiceExports is set to true. + ## Use: In case of GKE, you need to pass GKE Hub Membership Name. + ## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#enabling + kubernetesClusterId: "" + + ## mcsApiVersion is used for the MCS resources created by the + ## chart. Set to net.gke.io/v1 when using GKE MCS. + mcsApiVersion: "multicluster.x-k8s.io/v1alpha1" + serviceMonitor: ## If true, two ServiceMonitor CRs are created. One for yb-master ## and one for yb-tserver @@ -231,9 +299,37 @@ affinity: {} statefulSetAnnotations: {} +networkAnnotation: {} + +commonLabels: {} + +## @param dnsPolicy DNS Policy for pod +## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +## E.g. +## dnsPolicy: ClusterFirst +dnsPolicy: "" +## @param dnsConfig DNS Configuration pod +## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +## E.g. +## dnsConfig: +## options: +## - name: ndots +## value: "4" +dnsConfig: {} + + master: ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core ## This might override the default affinity from service.yaml + # To successfully merge, we need to follow rules for merging nodeSelectorTerms that kubernentes + # has. Each new node selector term is ORed together, and each match expression or match field in + # a single selector is ANDed together. + # This means, if a pod needs to be scheduled on a label 'custom_label_1' with a value + # 'custom_value_1', we need to add this 'subterm' to each of our pre-defined node affinity + # terms. + # + # Pod anti affinity is a simpler merge. Each term is applied separately, and the weight is tracked. + # The pod that achieves the highest weight is selected. ## Example. # affinity: # podAntiAffinity: @@ -245,6 +341,8 @@ master: # values: # - "yb-master" # topologyKey: kubernetes.io/hostname + # + # For further examples, see examples/yugabyte/affinity_overrides.yaml affinity: {} ## Extra environment variables passed to the Master pods. @@ -301,10 +399,23 @@ master: # mountPath: /home/yugabyte/nfs-backup extraVolumeMounts: [] + ## Set service account for master DB pods. The service account + ## should exist in the namespace where the master DB pods are brought up. + serviceAccount: "" + tserver: ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core ## This might override the default affinity from service.yaml + # To successfully merge, we need to follow rules for merging nodeSelectorTerms that kubernentes + # has. Each new node selector term is ORed together, and each match expression or match field in + # a single selector is ANDed together. + # This means, if a pod needs to be scheduled on a label 'custom_label_1' with a value + # 'custom_value_1', we need to add this 'subterm' to each of our pre-defined node affinity + # terms. + # + # Pod anti affinity is a simpler merge. Each term is applied separately, and the weight is tracked. + # The pod that achieves the highest weight is selected. ## Example. # affinity: # podAntiAffinity: @@ -316,6 +427,7 @@ tserver: # values: # - "yb-tserver" # topologyKey: kubernetes.io/hostname + # For further examples, see examples/yugabyte/affinity_overrides.yaml affinity: {} ## Extra environment variables passed to the TServer pods. @@ -328,13 +440,16 @@ tserver: # fieldPath: status.hostIP extraEnv: [] - # secretEnv variables are used to expose secrets data as env variables in the tserver pods. - # TODO Add namespace also to support copying secrets from other namespace. + ## secretEnv variables are used to expose secrets data as env variables in the tserver pods. + ## If namespace field is not specified we assume that user already + ## created the secret in the same namespace as DB pods. + ## Example # secretEnv: # - name: MYSQL_LDAP_PASSWORD # valueFrom: # secretKeyRef: # name: secretName + # namespace: my-other-namespace-with-ldap-secret # key: password secretEnv: [] @@ -377,6 +492,10 @@ tserver: # path: /home/yugabyte/nfs-backup extraVolumeMounts: [] + ## Set service account for tserver DB pods. The service account + ## should exist in the namespace where the tserver DB pods are brought up. + serviceAccount: "" + helm2Legacy: false ip_version_support: "v4_only" # v4_only, v6_only are the only supported values at the moment diff --git a/charts/yugabyte/yugaware/Chart.yaml b/charts/yugabyte/yugaware/Chart.yaml index 62bdc3625..228eaef2f 100644 --- a/charts/yugabyte/yugaware/Chart.yaml +++ b/charts/yugabyte/yugaware/Chart.yaml @@ -3,15 +3,20 @@ annotations: catalog.cattle.io/display-name: YugabyteDB Anywhere catalog.cattle.io/kube-version: '>=1.18-0' catalog.cattle.io/release-name: yugaware -apiVersion: v1 -appVersion: 2.14.15.0-b57 -description: YugaWare is YugaByte Database's Orchestration and Management console. + charts.openshift.io/name: yugaware +apiVersion: v2 +appVersion: 2.18.6.0-b73 +description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring + for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB cluster + with multiple pods provided by Kubernetes or OpenShift and logically grouped together + to form one logical distributed database. home: https://www.yugabyte.com icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 +kubeVersion: '>=1.18-0' maintainers: -- email: ram@yugabyte.com - name: Ram Sri -- email: arnav@yugabyte.com - name: Arnav Agarwal +- email: sanketh@yugabyte.com + name: Sanketh Indarapu +- email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla name: yugaware -version: 2.14.15 +version: 2.18.6 diff --git a/charts/yugabyte/yugaware/README.md b/charts/yugabyte/yugaware/README.md index fa27ce3e0..0d190c0be 100644 --- a/charts/yugabyte/yugaware/README.md +++ b/charts/yugabyte/yugaware/README.md @@ -1,5 +1,7 @@ YugabyteDB Anywhere gives you the simplicity and support to deliver a private database-as-a-service (DBaaS) at scale. Use YugabyteDB Anywhere to deploy YugabyteDB across any cloud anywhere in the world with a few clicks, simplify day 2 operations through automation, and get the services needed to realize business outcomes with the database. -YugabyteDB Anywhere can be deployed using this helm chart. Detailed documentation is available at +YugabyteDB Anywhere can be deployed using this Helm chart. Detailed documentation is available at: +- [Install YugabyteDB Anywhere software - Kubernetes](https://docs.yugabyte.com/preview/yugabyte-platform/install-yugabyte-platform/install-software/kubernetes/) +- [Install YugabyteDB Anywhere software - OpenShift (Helm based)](https://docs.yugabyte.com/preview/yugabyte-platform/install-yugabyte-platform/install-software/openshift/#helm-based-installation) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/yugabyte)](https://artifacthub.io/packages/search?repo=yugabyte) diff --git a/charts/yugabyte/yugaware/openshift.values.yaml b/charts/yugabyte/yugaware/openshift.values.yaml new file mode 100644 index 000000000..6e797bfe8 --- /dev/null +++ b/charts/yugabyte/yugaware/openshift.values.yaml @@ -0,0 +1,24 @@ +# OCP compatible values for yugaware + +image: + + repository: quay.io/yugabyte/yugaware-ubi + + postgres: + registry: registry.redhat.io + tag: 1-88.1661531722 + name: rhscl/postgresql-13-rhel7 + + prometheus: + registry: registry.redhat.io + tag: v4.11.0 + name: openshift4/ose-prometheus + +rbac: + create: false + +ocpCompatibility: + enabled: true + +securityContext: + enabled: false diff --git a/charts/yugabyte/yugaware/questions.yaml b/charts/yugabyte/yugaware/questions.yaml index 11378b60c..446d616e1 100644 --- a/charts/yugabyte/yugaware/questions.yaml +++ b/charts/yugabyte/yugaware/questions.yaml @@ -15,7 +15,7 @@ questions: label: Yugabyte Platform image repository description: "Yugabyte Platform image repository" - variable: image.tag - default: "2.14.1.0-b36" + default: "2.5.1.0-b153" required: false type: string label: Yugabyte Platform image tag diff --git a/charts/yugabyte/yugaware/templates/_default_values.tpl b/charts/yugabyte/yugaware/templates/_default_values.tpl new file mode 100644 index 000000000..b55e7ba81 --- /dev/null +++ b/charts/yugabyte/yugaware/templates/_default_values.tpl @@ -0,0 +1,14 @@ +{{/* + The usage of helm upgrade [RELEASE] [CHART] --reuse-values --set [variable]:[value] throws an + error in the event that new entries are inserted to the values chart. + + This is because reuse-values flag uses the values from the last release. If --set (/--set-file/ + --set-string/--values/-f) is applied with the reuse-values flag, the values from the last + release are overridden for those variables alone, and newer changes to the chart are + unacknowledged. + + https://medium.com/@kcatstack/understand-helm-upgrade-flags-reset-values-reuse-values-6e58ac8f127e + + To prevent errors while applying upgrade with --reuse-values and --set flags after introducing + new variables, default values can be specified in this file. +*/}} diff --git a/charts/yugabyte/yugaware/templates/_helpers.tpl b/charts/yugabyte/yugaware/templates/_helpers.tpl index 329dba6ce..2ce99a3dc 100644 --- a/charts/yugabyte/yugaware/templates/_helpers.tpl +++ b/charts/yugabyte/yugaware/templates/_helpers.tpl @@ -169,6 +169,57 @@ server.pem: {{ $serverPemContent }} {{- end -}} {{- end -}} +{{/* +Check export of nss_wrapper environment variables required +*/}} +{{- define "checkNssWrapperExportRequired" -}} + {{- if .Values.securityContext.enabled -}} + {{- if and (ne (int .Values.securityContext.runAsUser) 0) (ne (int .Values.securityContext.runAsUser) 10001) -}} + {{- printf "true" -}} + {{- end -}} + {{- else -}} + {{- printf "false" -}} + {{- end -}} +{{- end -}} + + +{{/* + Verify the extraVolumes and extraVolumeMounts mappings. + Every extraVolumes should have extraVolumeMounts +*/}} +{{- define "yugaware.isExtraVolumesMappingExists" -}} + {{- $lenExtraVolumes := len .extraVolumes -}} + {{- $lenExtraVolumeMounts := len .extraVolumeMounts -}} + + {{- if and (eq $lenExtraVolumeMounts 0) (gt $lenExtraVolumes 0) -}} + {{- fail "You have not provided the extraVolumeMounts for extraVolumes." -}} + {{- else if and (eq $lenExtraVolumes 0) (gt $lenExtraVolumeMounts 0) -}} + {{- fail "You have not provided the extraVolumes for extraVolumeMounts." -}} + {{- else if and (gt $lenExtraVolumes 0) (gt $lenExtraVolumeMounts 0) -}} + {{- $volumeMountsList := list -}} + {{- range .extraVolumeMounts -}} + {{- $volumeMountsList = append $volumeMountsList .name -}} + {{- end -}} + + {{- $volumesList := list -}} + {{- range .extraVolumes -}} + {{- $volumesList = append $volumesList .name -}} + {{- end -}} + + {{- range $volumesList -}} + {{- if not (has . $volumeMountsList) -}} + {{- fail (printf "You have not provided the extraVolumeMounts for extraVolume %s" .) -}} + {{- end -}} + {{- end -}} + + {{- range $volumeMountsList -}} + {{- if not (has . $volumesList) -}} + {{- fail (printf "You have not provided the extraVolumes for extraVolumeMounts %s" .) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + {{/* Make list of custom http headers */}} @@ -183,4 +234,4 @@ Make list of custom http headers {{- end -}} {{- end -}} ] -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/yugabyte/yugaware/templates/certificates.yaml b/charts/yugabyte/yugaware/templates/certificates.yaml new file mode 100644 index 000000000..ff4b7021a --- /dev/null +++ b/charts/yugabyte/yugaware/templates/certificates.yaml @@ -0,0 +1,99 @@ +# Copyright (c) YugaByte, Inc. + +{{- $root := . }} +{{- $tls := $root.Values.tls }} +{{- if and $tls.enabled $tls.certManager.enabled }} +{{- if $tls.certManager.genSelfsigned }} +{{- if $tls.certManager.useClusterIssuer }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ $root.Release.Name }}-yugaware-cluster-issuer +spec: + selfSigned: {} +{{- else }} # useClusterIssuer=false +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ $root.Release.Name }}-yugaware-issuer + namespace: {{ $root.Release.Namespace }} +spec: + selfSigned: {} +--- +{{- end }} # useClusterIssuer +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $root.Release.Name }}-yugaware-ui-root-ca + namespace: {{ $root.Release.Namespace }} +spec: + isCA: true + commonName: Yugaware self signed CA + secretName: {{ .Release.Name }}-yugaware-root-ca + secretTemplate: + labels: + app: "{{ template "yugaware.name" . }}" + chart: "{{ template "yugaware.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + duration: {{ $tls.certManager.configuration.duration | quote }} + renewBefore: {{ $tls.certManager.configuration.renewBefore | quote }} + privateKey: + algorithm: {{ $tls.certManager.configuration.algorithm | quote }} + encoding: PKCS8 + size: {{ $tls.certManager.configuration.keySize }} + rotationPolicy: Always + issuerRef: + {{- if $tls.certManager.useClusterIssuer }} + name: {{ $root.Release.Name }}-yugaware-cluster-issuer + kind: ClusterIssuer + {{- else }} + name: {{ $root.Release.Name }}-yugaware-issuer + kind: Issuer + {{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ $root.Release.Name }}-yugaware-ca-issuer + namespace: {{ $root.Release.Namespace }} +spec: + ca: + secretName: {{ .Release.Name }}-yugaware-root-ca +--- +{{- end }} # genSelfsigned +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $root.Release.Name }}-yugaware-ui-tls + namespace: {{ $root.Release.Namespace }} +spec: + isCA: false + commonName: {{ $tls.hostname }} + secretName: {{ .Release.Name }}-yugaware-tls-cert + secretTemplate: + labels: + app: "{{ template "yugaware.name" . }}" + chart: "{{ template "yugaware.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + duration: {{ $tls.certManager.configuration.duration | quote }} + renewBefore: {{ $tls.certManager.configuration.renewBefore | quote }} + privateKey: + algorithm: {{ $tls.certManager.configuration.algorithm | quote }} + encoding: PKCS8 + size: {{ $tls.certManager.configuration.keySize }} + rotationPolicy: Always + issuerRef: + name: {{ $tls.certManager.genSelfsigned | ternary (printf "%s%s" $root.Release.Name "-yugaware-ca-issuer") ($tls.certManager.useClusterIssuer | ternary $tls.certManager.clusterIssuer $tls.certManager.issuer) }} + {{- if $tls.certManager.useClusterIssuer }} + kind: ClusterIssuer + {{- else }} + kind: Issuer + {{- end }} +--- +{{- end }} diff --git a/charts/yugabyte/yugaware/templates/configs.yaml b/charts/yugabyte/yugaware/templates/configs.yaml index 932effddd..5c67697fc 100644 --- a/charts/yugabyte/yugaware/templates/configs.yaml +++ b/charts/yugabyte/yugaware/templates/configs.yaml @@ -31,27 +31,31 @@ data: log.override.path = "/opt/yugabyte/yugaware/data/logs" db { + default.dbname=${POSTGRES_DB} {{ if .Values.postgres.external.host }} default.host="{{ .Values.postgres.external.host }}" default.port={{ .Values.postgres.external.port }} - default.url="jdbc:postgresql://"${db.default.host}":"${db.default.port}"/"${POSTGRES_DB}${db.default.params} {{ else if eq .Values.ip_version_support "v6_only" }} - default.host="::1" - default.url="jdbc:postgresql://[::1]:"${db.default.port}"/"${POSTGRES_DB}${db.default.params} + default.host="[::1]" {{ else }} default.host="127.0.0.1" - default.url="jdbc:postgresql://127.0.0.1:"${db.default.port}"/"${POSTGRES_DB}${db.default.params} {{ end }} + default.url="jdbc:postgresql://"${db.default.host}":"${db.default.port}"/"${db.default.dbname}${db.default.params} default.params="{{ .Values.jdbcParams }}" - default.driver=org.postgresql.Driver default.username=${POSTGRES_USER} default.password=${POSTGRES_PASSWORD} - default.logStatements=true - default.migration.initOnMigrate=true - default.migration.auto=true - } - ebean { - default = ["com.yugabyte.yw.models.*"] + {{ if .Values.yugaware.cloud.enabled }} + perf_advisor.driver="org.hsqldb.jdbc.JDBCDriver" + perf_advisor.url="jdbc:hsqldb:mem:perf-advisor" + perf_advisor.createDatabaseIfMissing=false + perf_advisor.username="sa" + perf_advisor.password="sa" + perf_advisor.migration.auto=false + perf_advisor.migration.disabled=true + {{ else }} + perf_advisor.url="jdbc:postgresql://"${db.default.host}":"${db.default.port}"/"${db.perf_advisor.dbname}${db.default.params} + perf_advisor.createDatabaseUrl="jdbc:postgresql://"${db.default.host}":"${db.default.port}"/"${db.default.dbname}${db.default.params} + {{ end }} } {{- if .Values.tls.enabled }} @@ -140,7 +144,7 @@ data: {{- range $key, $value := .Values.additionalAppConf.nonStringConf }} {{ $key }} = {{ $value }} {{- end }} -{{- if .Values.tls.enabled }} +{{- if and .Values.tls.enabled (not .Values.tls.certManager.enabled) }} --- apiVersion: v1 kind: Secret @@ -155,8 +159,8 @@ type: Opaque data: {{- include "getOrCreateServerPem" (dict "Namespace" .Release.Namespace "Root" . "Name" (printf "%s%s" .Release.Name "-yugaware-tls-pem")) | nindent 2 }} {{- end }} - --- +{{- if not (and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io")) }} apiVersion: v1 kind: ConfigMap metadata: @@ -182,6 +186,25 @@ data: docker-upgrade pg_upgrade | tee -a /pg_upgrade_logs/pg_upgrade_11_to_14.log; echo "host all all all scram-sha-256" >> "${PGDATANEW}/pg_hba.conf"; fi +{{- end }} +{{- if .Values.securityContext.enabled }} +--- +apiVersion: "v1" +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-yugaware-pg-prerun + labels: + app: {{ template "yugaware.name" . }} + chart: {{ template "yugaware.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Values.helm2Legacy | ternary "Tiller" (.Release.Service | quote) }} +data: + pg-prerun.sh: | + #!/bin/bash + set -x -o errexit + + mkdir -p $PGDATA && chown -R $PG_UID:$PG_GID $PGDATA; +{{- end }} {{- if .Values.prometheus.remoteWrite.tls.enabled }} --- @@ -252,7 +275,11 @@ data: - 'container_cpu_usage_seconds_total{pod=~"(.*)yb-(.*)"}' - 'container_memory_working_set_bytes{pod=~"(.*)yb-(.*)"}' # kube-state-metrics - - 'kube_pod_container_resource_requests_cpu_cores{pod=~"(.*)yb-(.*)"}' + # Supports >= OCP v4.4 + # OCP v4.4 has upgraded the KSM from 1.8.0 to 1.9.5. + # https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html#ocp-4-4-cluster-monitoring-version-updates + # - 'kube_pod_container_resource_requests_cpu_cores{pod=~"(.*)yb-(.*)"}' + - 'kube_pod_container_resource_requests{pod=~"(.*)yb-(.*)", unit="core"}' static_configs: - targets: @@ -272,8 +299,15 @@ data: regex: "(.*)" target_label: "container_name" replacement: "$1" + # rename new name of the CPU metric to the old name and label + # ref: https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v200-alpha--2020-09-16 + - source_labels: ["__name__", "unit"] + regex: "kube_pod_container_resource_requests;core" + target_label: "__name__" + replacement: "kube_pod_container_resource_requests_cpu_cores" {{- else }} + {{- if .Values.prometheus.scrapeKubernetesNodes }} - job_name: 'kubernetes-nodes' @@ -322,8 +356,8 @@ data: - targets: ['kube-state-metrics.kube-system.svc.{{.Values.domainName}}:8080'] metric_relabel_configs: # Only keep the metrics which we care about - - source_labels: ["__name__"] - regex: "kube_pod_container_resource_requests_cpu_cores" + - source_labels: ["__name__", "unit"] + regex: "kube_pod_container_resource_requests;core" action: keep # Save the name of the metric so we can group_by since we cannot by __name__ directly... - source_labels: ["__name__"] @@ -342,6 +376,16 @@ data: - source_labels: ["pod_name"] regex: "(.*)yb-(.*)" action: keep + # rename new name of the CPU metric to the old name and label + # ref: https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v200-alpha--2020-09-16 + - source_labels: ["__name__", "unit"] + regex: "kube_pod_container_resource_requests;core" + target_label: "__name__" + replacement: "kube_pod_container_resource_requests_cpu_cores" + # Keep metrics for CPU, discard duplicate metrics + - source_labels: ["__name__"] + regex: "kube_pod_container_resource_requests_cpu_cores" + action: keep - job_name: 'kubernetes-cadvisor' @@ -387,6 +431,7 @@ data: action: keep {{- end }} + {{- end }} - job_name: 'platform' metrics_path: "/api/v1/prometheus_metrics" @@ -395,6 +440,12 @@ data: '{{ eq .Values.ip_version_support "v6_only" | ternary "[::1]" "127.0.0.1" }}:9000' ] + - job_name: 'node-agent' + metrics_path: "/metrics" + file_sd_configs: + - files: + - '/opt/yugabyte/prometheus/targets/node-agent.*.json' + - job_name: "node" file_sd_configs: - files: @@ -480,6 +531,8 @@ data: replacement: "$1" - job_name: "yugabyte" + tls_config: + insecure_skip_verify: true metrics_path: "/prometheus-metrics" file_sd_configs: - files: diff --git a/charts/yugabyte/yugaware/templates/global-config.yaml b/charts/yugabyte/yugaware/templates/global-config.yaml index 925e1bbb7..4d7f54f45 100644 --- a/charts/yugabyte/yugaware/templates/global-config.yaml +++ b/charts/yugabyte/yugaware/templates/global-config.yaml @@ -16,8 +16,8 @@ data: postgres_user: {{ .Values.postgres.external.user | b64enc | quote }} postgres_password: {{ .Values.postgres.external.pass | b64enc | quote }} {{- else }} - postgres_db: {{ "yugaware" | b64enc | quote }} - postgres_user: {{ "postgres" | b64enc | quote }} + postgres_db: {{ .Values.postgres.dbname | b64enc | quote }} + postgres_user: {{ .Values.postgres.user | b64enc | quote }} postgres_password: {{ include "getOrGeneratePasswordConfigMapToSecret" (dict "Namespace" .Release.Namespace "Name" (printf "%s%s" .Release.Name "-yugaware-global-config") "Key" "postgres_password") | quote }} {{- end }} app_secret: {{ randAlphaNum 64 | b64enc | b64enc | quote }} diff --git a/charts/yugabyte/yugaware/templates/rbac.yaml b/charts/yugabyte/yugaware/templates/rbac.yaml index 907f9e1ce..c1e2e057a 100644 --- a/charts/yugabyte/yugaware/templates/rbac.yaml +++ b/charts/yugabyte/yugaware/templates/rbac.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.yugaware.serviceAccount }} apiVersion: v1 kind: ServiceAccount metadata: @@ -10,6 +11,7 @@ metadata: annotations: {{ toYaml .Values.yugaware.serviceAccountAnnotations | indent 4 }} {{- end }} +{{ end }} {{- if .Values.rbac.create }} {{- if .Values.ocpCompatibility.enabled }} --- @@ -21,7 +23,7 @@ metadata: app: yugaware subjects: - kind: ServiceAccount - name: {{ .Release.Name }} + name: {{ .Values.yugaware.serviceAccount | default .Release.Name }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole @@ -29,43 +31,172 @@ roleRef: apiGroup: rbac.authorization.k8s.io {{- else }} --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: {{ .Release.Name }} - labels: - k8s-app: yugaware - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile rules: -- apiGroups: [""] - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - - pods/exec - verbs: ["get", "list", "watch", "create"] +# Set of permissions required for operator - apiGroups: - - extensions + - operator.yugabyte.io resources: - - ingresses - verbs: ["get", "list", "watch"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -- apiGroups: [""] + - "*" + verbs: + - "get" + - "create" + - "delete" + - "patch" + - "list" + - "watch" + - "update" +# Set of permissions required to install, upgrade, delete the yugabyte chart +- apiGroups: + - "policy" resources: - - namespaces - - secrets - - pods/portforward - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: ["", "extensions"] + - "poddisruptionbudgets" + verbs: + - "get" + - "create" + - "delete" + - "patch" +- apiGroups: + - "" resources: - - deployments - - services - verbs: ["create", "get", "list", "watch", "update", "delete"] - + - "services" + verbs: + - "get" + - "delete" + - "create" + - "patch" +- apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "delete" + - "create" + - "patch" +- apiGroups: + - "" + resources: + - "secrets" + verbs: + - "create" + - "list" + - "get" + - "delete" + - "update" + - "patch" +- apiGroups: + - "cert-manager.io" + resources: + - "certificates" + verbs: + - "create" + - "delete" + - "get" + - "patch" +- apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "create" + - "patch" + - "delete" +# Set of permissions required by YBA to manage YB DB universes +- apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "delete" + - "create" + - "patch" + - "get" + - "list" +- apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" + - "list" + - "delete" +- apiGroups: + - "" + resources: + - "services" + verbs: + - "get" + - "list" +- apiGroups: + - "" + resources: + - "persistentvolumeclaims" + verbs: + - "get" + - "patch" + - "list" + - "delete" +- apiGroups: + - "" + resources: + - "pods/exec" + verbs: + - "create" +- apiGroups: + - "apps" + resources: + - "statefulsets/scale" + verbs: + - "patch" +- apiGroups: + - "" + resources: + - "events" + verbs: + - "list" +# required to scrape resource metrics like CPU, memory, etc. +- apiGroups: + - "" + resources: + - "nodes" + verbs: + - "list" + - "get" + - "watch" +# required to scrape resource metrics like CPU, memory, etc. +- apiGroups: + - "" + resources: + - "nodes/proxy" + verbs: + - "get" +# Ref: https://github.com/yugabyte/charts/commit/4a5319972385666487a7bc2cd0c35052f2cfa4c5 +- apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "watch" + - "create" + - "update" + - "patch" + - "delete" +- apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "list" + - "watch" + - "update" --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -77,7 +208,7 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount - name: {{ .Release.Name }} + name: {{ .Values.yugaware.serviceAccount | default .Release.Name }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole diff --git a/charts/yugabyte/yugaware/templates/service.yaml b/charts/yugabyte/yugaware/templates/service.yaml index 49fd54051..e02bb3d83 100644 --- a/charts/yugabyte/yugaware/templates/service.yaml +++ b/charts/yugabyte/yugaware/templates/service.yaml @@ -40,6 +40,10 @@ spec: {{- if and (eq .Values.yugaware.service.type "LoadBalancer") (.Values.yugaware.service.ip) }} loadBalancerIP: "{{ .Values.yugaware.service.ip }}" {{- end }} + {{- if .Values.yugaware.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.yugaware.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} {{- end }} {{- if .Values.yugaware.serviceMonitor.enabled }} --- diff --git a/charts/yugabyte/yugaware/templates/statefulset.yaml b/charts/yugabyte/yugaware/templates/statefulset.yaml index c6a216c1d..f529ebbe6 100644 --- a/charts/yugabyte/yugaware/templates/statefulset.yaml +++ b/charts/yugabyte/yugaware/templates/statefulset.yaml @@ -25,8 +25,11 @@ spec: {{- end }} labels: app: {{ .Release.Name }}-yugaware +{{- if .Values.yugaware.pod.labels }} +{{ toYaml .Values.yugaware.pod.labels | indent 8 }} +{{- end }} spec: - serviceAccountName: {{ .Release.Name }} + serviceAccountName: {{ .Values.yugaware.serviceAccount | default .Release.Name }} imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- if .Values.securityContext.enabled }} @@ -36,6 +39,30 @@ spec: fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} {{- end }} {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8}} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- with .Values.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} + {{- end }} + {{- if .Values.zoneAffinity }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: +{{ toYaml .Values.zoneAffinity | indent 18 }} + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: +{{ toYaml .Values.zoneAffinity | indent 18 }} + {{- end }} volumes: - name: yugaware-storage persistentVolumeClaim: @@ -84,15 +111,36 @@ spec: secret: secretName: {{ .Release.Name }}-yugaware-prometheus-remote-write-tls {{- end }} + {{- if not (and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io")) }} - name: pg-upgrade-11-to-14 configMap: name: {{ .Release.Name }}-yugaware-pg-upgrade items: - key: pg-upgrade-11-to-14.sh path: pg-upgrade-11-to-14.sh + {{- end }} + - name: pg-init + configMap: + name: {{ .Release.Name }}-yugaware-pg-prerun + items: + - key: pg-prerun.sh + path: pg-prerun.sh + {{- if .Values.postgres.extraVolumes -}} + {{- include "yugaware.isExtraVolumesMappingExists" .Values.postgres -}} + {{- .Values.postgres.extraVolumes | toYaml | nindent 8 -}} + {{ end }} + {{- with .Values.dnsConfig }} + dnsConfig: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dnsPolicy }} + dnsPolicy: {{ . | quote }} + {{- end }} initContainers: - image: {{ include "full_yugaware_image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.initContainers.prometheusConfiguration.resources }} + resources: {{- toYaml .Values.initContainers.prometheusConfiguration.resources | nindent 12 }} + {{ end -}} name: prometheus-configuration {{- if .Values.securityContext.enabled }} command: @@ -120,9 +168,13 @@ spec: - name: init-container-script mountPath: /init-container {{- end }} + {{- if not (and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io")) }} - image: {{ include "full_image" (dict "containerName" "postgres-upgrade" "root" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} name: postgres-upgrade + {{- if .Values.initContainers.postgresUpgrade.resources }} + resources: {{- toYaml .Values.initContainers.postgresUpgrade.resources | nindent 12 }} + {{ end -}} command: - 'bash' - '-c' @@ -152,12 +204,46 @@ spec: - name: yugaware-storage mountPath: /pg_upgrade_logs subPath: postgres_data_14 + {{- end }} + {{- if .Values.securityContext.enabled }} + - image: {{ include "full_image" (dict "containerName" "postgres" "root" .) }} + name: postgres-init + {{- if .Values.initContainers.postgresInit.resources }} + resources: {{- toYaml .Values.initContainers.postgresInit.resources | nindent 12 }} + {{ end -}} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/bin/bash", "/pg_prerun/pg-prerun.sh"] + env: + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: PG_UID + value: {{ .Values.securityContext.runAsUser | quote }} + - name: PG_GID + value: {{ .Values.securityContext.runAsGroup | quote }} + volumeMounts: + - name: yugaware-storage + mountPath: /var/lib/postgresql/data + subPath: postgres_data_14 + - name: pg-init + mountPath: /pg_prerun + {{- end }} containers: {{ if not .Values.postgres.external.host }} - name: postgres image: {{ include "full_image" (dict "containerName" "postgres" "root" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} - args: ["-c", "huge_pages=off"] + args: + {{- if and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io") }} + - "run-postgresql" + {{- end }} + - "-c" + - "huge_pages=off" + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ required "runAsUser cannot be empty" .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup | default 0 }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} env: - name: POSTGRES_USER valueFrom: @@ -174,8 +260,37 @@ spec: secretKeyRef: name: {{ .Release.Name }}-yugaware-global-config key: postgres_db + {{- if and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io") }} + # Hardcoded the POSTGRESQL_USER because it's mandatory env var in RH PG image + # It doesn't have access to create the DB, so YBA fails to create the perf_advisor DB. + # Need to use admin user of RH PG image (postgres) + # Changing the user name won't be possible moving forward for OpenShift certified chart + - name: POSTGRESQL_USER + value: pg-yba + # valueFrom: + # secretKeyRef: + # name: {{ .Release.Name }}-yugaware-global-config + # key: postgres_user + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-yugaware-global-config + key: postgres_password + - name: POSTGRESQL_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-yugaware-global-config + key: postgres_password + - name: POSTGRESQL_DATABASE + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-yugaware-global-config + key: postgres_db + {{- else }} + # The RH Postgres image doesn't allow this directory to be changed. - name: PGDATA value: /var/lib/postgresql/data/pgdata + {{- end }} ports: - containerPort: 5432 name: postgres @@ -187,8 +302,17 @@ spec: volumeMounts: - name: yugaware-storage + {{- if and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io") }} + mountPath: /var/lib/pgsql/data + subPath: postgres_data_13 + {{- else }} mountPath: /var/lib/postgresql/data subPath: postgres_data_14 + {{- end }} + {{- if .Values.postgres.extraVolumeMounts -}} + {{- include "yugaware.isExtraVolumesMappingExists" .Values.postgres -}} + {{- .Values.postgres.extraVolumeMounts | toYaml | nindent 12 -}} + {{- end -}} {{ end }} - name: prometheus image: {{ include "full_image" (dict "containerName" "prometheus" "root" .) }} @@ -214,6 +338,9 @@ spec: subPath: prometheus.yml - name: yugaware-storage mountPath: /prometheus/ + - mountPath: /opt/yugabyte/yugaware/data/keys/ + name: yugaware-storage + subPath: data/keys {{- if .Values.prometheus.scrapeNodes }} - name: yugaware-storage mountPath: /opt/yugabyte/prometheus/targets @@ -235,6 +362,9 @@ spec: - --web.enable-admin-api - --web.enable-lifecycle - --storage.tsdb.retention.time={{ .Values.prometheus.retentionTime }} + - --query.max-concurrency={{ .Values.prometheus.queryConcurrency }} + - --query.max-samples={{ .Values.prometheus.queryMaxSamples }} + - --query.timeout={{ .Values.prometheus.queryTimeout }} ports: - containerPort: 9090 - name: yugaware @@ -251,12 +381,18 @@ spec: resources: {{ toYaml .Values.yugaware.resources | indent 12 }} {{- end }} - - command: [ "/sbin/tini", "--"] - args: - - "bin/yugaware" - - "-Dconfig.file=/data/application.docker.conf" + args: ["bin/yugaware","-Dconfig.file=/data/application.docker.conf"] env: + # Conditionally set these env variables, if runAsUser is not 0(root) + # or 10001(yugabyte). + {{- if eq (include "checkNssWrapperExportRequired" .) "true" }} + - name: NSS_WRAPPER_GROUP + value: "/tmp/group.template" + - name: NSS_WRAPPER_PASSWD + value: "/tmp/passwd.template" + - name: LD_PRELOAD + value: "/usr/lib64/libnss_wrapper.so" + {{- end }} - name: POSTGRES_USER valueFrom: secretKeyRef: @@ -277,6 +413,7 @@ spec: secretKeyRef: name: {{ .Release.Name }}-yugaware-global-config key: app_secret + {{- with .Values.yugaware.extraEnv }}{{ toYaml . | nindent 12 }}{{ end }} ports: - containerPort: 9000 name: yugaware @@ -293,6 +430,9 @@ spec: - name: yugaware-storage mountPath: /opt/yugabyte/releases/ subPath: releases + - name: yugaware-storage + mountPath: /opt/yugabyte/ybc/releases/ + subPath: ybc_releases # old path for backward compatibility - name: yugaware-storage mountPath: /opt/releases/ diff --git a/charts/yugabyte/yugaware/templates/tests/test.yaml b/charts/yugabyte/yugaware/templates/tests/test.yaml new file mode 100644 index 000000000..89d02035c --- /dev/null +++ b/charts/yugabyte/yugaware/templates/tests/test.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ .Release.Name }}-yugaware-test + labels: + app: {{ .Release.Name }}-yugaware-test + chart: {{ template "yugaware.chart" . }} + release: {{ .Release.Name }} + annotations: + "helm.sh/hook": test +spec: + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + containers: + - name: yugaware-test + image: {{ include "full_yugaware_image" . }} + command: + - '/bin/bash' + - '-ec' + - > + sleep 60s; + {{- if .Values.tls.enabled }} + - > + curl --head -k https://{{ .Release.Name }}-yugaware-ui + {{- else }} + - > + curl --head http://{{ .Release.Name }}-yugaware-ui + {{- end }} + # Hard coded resources to the test pod. + resources: + limits: + cpu: "1" + memory: "512Mi" + requests: + cpu: "0.5" + memory: "256Mi" + restartPolicy: Never diff --git a/charts/yugabyte/yugaware/tests/test_resources.yaml b/charts/yugabyte/yugaware/tests/test_resources.yaml new file mode 100644 index 000000000..cc793a585 --- /dev/null +++ b/charts/yugabyte/yugaware/tests/test_resources.yaml @@ -0,0 +1,40 @@ +suite: Resources verification +templates: +- statefulset.yaml +- configs.yaml +tests: +- it: YBA container + template: statefulset.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.containers[?(@.name == "yugaware")].resources.requests + +- it: Postgres container + template: statefulset.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.containers[?(@.name == "postgres")].resources.requests + +- it: Prometheus container + template: statefulset.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.containers[?(@.name == "prometheus")].resources.requests + +- it: Postgres-init initContainer + template: statefulset.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.initContainers[?(@.name == "postgres-init")].resources.requests + +- it: Prometheus-configuration initContainer + template: statefulset.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.initContainers[?(@.name == "prometheus-configuration")].resources.requests + +- it: Postgres-upgrade initContainer + template: statefulset.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.initContainers[?(@.name == "postgres-upgrade")].resources.requests diff --git a/charts/yugabyte/yugaware/values.yaml b/charts/yugabyte/yugaware/values.yaml index 0889621e9..ef7dfb6db 100644 --- a/charts/yugabyte/yugaware/values.yaml +++ b/charts/yugabyte/yugaware/values.yaml @@ -2,20 +2,22 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +fullnameOverride: "" +nameOverride: "" + image: commonRegistry: "" # Setting commonRegistry to say, quay.io overrides the registry settings for all images # including the yugaware image repository: quay.io/yugabyte/yugaware - tag: 2.14.15.0-b57 + tag: 2.18.6.0-b73 pullPolicy: IfNotPresent pullSecret: yugabyte-k8s-pull-secret ## Docker config JSON File name ## If set, this file content will be used to automatically create secret named as above - # pullSecretFile: - - + pullSecretFile: "" + postgres: registry: "" tag: '14.9' @@ -31,36 +33,46 @@ image: tag: v2.47.1 name: prom/prometheus + yugaware: replicas: 1 storage: 100Gi storageClass: "" storageAnnotations: {} multiTenant: false - serviceAccount: yugaware + ## Name of existing ServiceAccount. When provided, the chart won't create a ServiceAccount. + ## It will attach the required RBAC roles to it. + ## Helpful in Yugabyte Platform GKE App. + serviceAccount: '' serviceMonitor: enabled: false annotations: {} serviceAccountAnnotations: {} service: annotations: {} + clusterIP: "" enabled: true ip: "" type: "LoadBalancer" + ## whitelist source CIDRs + #loadBalancerSourceRanges: + #- 0.0.0.0/0 + #- 192.168.100.0/24 pod: annotations: {} + labels: {} health: username: "" password: "" email: "" resources: requests: - cpu: 2 + cpu: "2" memory: 4Gi enableProxyMetricsAuth: true ## List of additional alowed CORS origins in case of complex rev-proxy additionAllowedCorsOrigins: [] - proxyEndpointTimeoutMs: 1 minute + proxyEndpointTimeoutMs: 3 minute ## Enables features specific for cloud deployments cloud: enabled: false @@ -71,6 +83,10 @@ yugaware: # Note that the default of 0 doesn't really make sense since a StatefulSet isn't allowed to schedule extra replicas. However it is maintained as the default while we do additional testing. This value will likely change in the future. maxUnavailable: 0 + universe_boot_script: "" + + extraEnv: [] + # In case client wants to enable the additional headers to the YBA's http response # Previously, it was possible via nginx, but given that we no longer have it, we can # expose the same as application config/runtime config. @@ -79,6 +95,10 @@ yugaware: ## Configure PostgreSQL part of the application postgres: + # DO NOT CHANGE if using OCP Certified helm chart + user: postgres + dbname: yugaware + service: ## Expose internal Postgres as a Service enabled: false @@ -91,12 +111,12 @@ postgres: resources: requests: - cpu: 0.5 + cpu: "0.5" memory: 1Gi # If external.host is set then we will connect to an external postgres database server instead of starting our own. external: - host: null + host: "" port: 5432 pass: "" dbname: postgres @@ -105,22 +125,65 @@ postgres: ## JDBC connection parameters including the leading `?`. jdbcParams: "" + + ## Extra volumes + ## extraVolumesMounts are mandatory for each extraVolumes. + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volume-v1-core + ## Example: + # extraVolumes: + # - name: custom-nfs-vol + # persistentVolumeClaim: + # claimName: some-nfs-claim + extraVolumes: [] + + ## Extra volume mounts + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core + ## Example: + # extraVolumeMounts: + # - name: custom-nfs-vol + # mountPath: /home/yugabyte/nfs-backup + extraVolumeMounts: [] + tls: enabled: false hostname: "localhost" - certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDVENDQXZHZ0F3SUJBZ0lVTlhvN2N6T2dyUWQrU09wOWdNdE00b1Vva3hFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZERVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQjRYRFRJeE1EUXdOakExTXpnMU4xb1hEVE14TURRdwpOREExTXpnMU4xb3dGREVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBZzhBTUlJQ0NnS0NBZ0VBMUxsSTFBLzRPOVIzSkNlN1N2MUxYVXhDSmxoTWpIWUoxV1FNVmcvai82RHkKazRTTmY0MkFLQjI0dFJFK2lEWTBNaTJrRWhJcVZ4TFdPN0hkWHVSN0tYNGxSZWFVVkRFTUtYUWNQUC9QWDZkbwpwZVZTUFpSVjVHNHNxTElXUFFkTVdIam9IQWx1aml5dGJsSVJUUWdLU3QrMmpuREFDN0dxRURMREdhNXRUWEM2CktRWkNtOERlaklOUTMzaGU2TDN0Q2hBRnhJM1pwY21sR0twbzdKVXJSUG14Mk9zTHFRcTB5dEVVK0lGZGppWHEKaHJLeFR0NUhHM3M3ZUNWaTRXdlZPelVGUitJbWRlQzBRZTBXeG5iZlZUMnJkVitQL1FaVXhWSEVtWnBPc0k2LwpmczhlK1dsMlduWXY1TTg5MWkxZER3Zi9lMDdiN20xQVRKdDRtTGRldzBtd1V4UGFGT2pDMDh6cU94NmF0cGhLClU1eHNWQmhGNVhyME9DeTQyMzN0MU5URXdWUEFDOFcwQmhHdldTRXBQTXNTKzM1b2lueEFrcFQzL01ibFpjNisKcXhSYUh6MHJhSksvVGIzelVKVWxWZFkxbGl5MVYyVjNxWEU2NWlsOUFHZ2pIaHhBNFBwSktCbzZ0WVRUT3pnTworL25mc0toMk95aE8zUWxBZ0JFUHlYUm5wL0xGSTVuQ2gzdjNiOXlabFNrSk05NkVoWEJ1bHhWUWN3L2p3N2NxCkRLSlBEeHFUQy9rWUs1V0FVZGhkWG1KQkRNMFBLcngzUGVOYjRsYnQzSTFIZW1QRDBoZktiWFd6alhiVTJQdWQKdjZmT0dXTDRLSFpaem9KZ1ljMFovRXRUMEpCR09GM09mMW42N2c5dDRlUnAzbEVSL09NM0FPY1dRbWFvOHlVQwpBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUVGTU00SjA4WG8wUGY1cTlOSWZiMGYyRzZqc1FoTUI4R0ExVWRJd1FZCk1CYUFGTU00SjA4WG8wUGY1cTlOSWZiMGYyRzZqc1FoTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dJQkFBRmxrWVJkdzA0Zm9vT29BelUyaU5ORGV1aiszemhIeFQ5eU9iSkdwREZIRitoZQpuY1ZRWGZpMitHNjBWY0xuZERsWFhmbDZLOSs4ME55aEg4QjR1UEJNTWhoWG01MjJmYnJac1dFcnR3WE1rM2prClZ5UVA3MGk2NHE1ZGVrZzhoYzI0SXhFUlVsam9XM2lDTTdrb0VxaG15VkpGeDNxMVdobFEwdzNkWVpMQVNRclYKU0RpL2JGWjlqOXVtWVdoc0Y4QjFPSThPVjNlL0YyakU1UCtoTlJJazAzbW9zWE1Rdy9iZ3ZzV0hvSkZ5blB4UApHNGUzUjBob2NnbzI0Q2xOQ21YMWFBUms5c1pyN2h0NlVsM1F1d0dMdzZkK2I5emxrUW56TzFXQzc5ekVNU1R0ClRRRzFNT2ZlL2dTVkR3dThTSnpBOHV1Z0pYTktWWkxCZlpaNW41Tk9sOHdpOVVLa1BVUW4wOHo3VWNYVDR5ZnQKZHdrbnZnWDRvMFloUnNQNHpPWDF6eWxObzhqRDhRNlV1SkdQSksrN1JnUm8zVERPV3k4MEZpUzBxRmxrSFdMKwptT0pUWGxzaEpwdHE5b1c1eGx6N1lxTnFwZFVnRmNyTjJLQWNmaGVlNnV3SUFnOFJteTQvRlhRZjhKdXluSG5oClFhVlFnTEpEeHByZTZVNk5EdWg1Y1VsMUZTcWNCUGFPY0x0Q0ViVWg5ckQxajBIdkRnTUUvTTU2TGp1UGdGZlEKMS9xeXlDUkFjc2NCSnVMYjRxcXRUb25tZVZ3T1BBbzBsNXBjcC9JcjRTcTdwM0NML0kwT0o1SEhjcmY3d3JWSgpQVWgzdU1LbWVHVDRyeDdrWlQzQzBXenhUU0loc0lZOU12MVRtelF4MEprQm93c2NYaUYrcXkvUkl5UVgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" - key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFV1VWpVRC9nNzFIY2sKSjd0Sy9VdGRURUltV0V5TWRnblZaQXhXRCtQL29QS1RoSTEvallBb0hiaTFFVDZJTmpReUxhUVNFaXBYRXRZNwpzZDFlNUhzcGZpVkY1cFJVTVF3cGRCdzgvODlmcDJpbDVWSTlsRlhrYml5b3NoWTlCMHhZZU9nY0NXNk9MSzF1ClVoRk5DQXBLMzdhT2NNQUxzYW9RTXNNWnJtMU5jTG9wQmtLYndONk1nMURmZUY3b3ZlMEtFQVhFamRtbHlhVVkKcW1qc2xTdEUrYkhZNnd1cENyVEswUlQ0Z1YyT0plcUdzckZPM2tjYmV6dDRKV0xoYTlVN05RVkg0aVoxNExSQgo3UmJHZHQ5VlBhdDFYNC85QmxURlVjU1ptazZ3anI5K3p4NzVhWFphZGkva3p6M1dMVjBQQi85N1R0dnViVUJNCm0zaVl0MTdEU2JCVEU5b1U2TUxUek9vN0hwcTJtRXBUbkd4VUdFWGxldlE0TExqYmZlM1UxTVRCVThBTHhiUUcKRWE5WklTazh5eEw3Zm1pS2ZFQ1NsUGY4eHVWbHpyNnJGRm9mUFN0b2tyOU52Zk5RbFNWVjFqV1dMTFZYWlhlcApjVHJtS1gwQWFDTWVIRURnK2trb0dqcTFoTk03T0E3NytkK3dxSFk3S0U3ZENVQ0FFUS9KZEdlbjhzVWptY0tICmUvZHYzSm1WS1FrejNvU0ZjRzZYRlZCekQrUER0eW9Nb2s4UEdwTUwrUmdybFlCUjJGMWVZa0VNelE4cXZIYzkKNDF2aVZ1M2NqVWQ2WThQU0Y4cHRkYk9OZHRUWSs1Mi9wODRaWXZnb2Rsbk9nbUJoelJuOFMxUFFrRVk0WGM1LwpXZnJ1RDIzaDVHbmVVUkg4NHpjQTV4WkNacWp6SlFJREFRQUJBb0lDQUFmY2lScDlOSmxSY3MyOVFpaTFUN0cwCi9jVFpBb3MyV1lxdlZkMWdYUGEzaGY5NXFKa01LNjVQMnVHbUwzOXRNV1NoVnl6cnl2REkyMjM5VnNjSS9wdzcKOHppd0dzODV1TTlYWVN2SDhHd0NqZFdEc2hSZ2hRUWFKa0JkeElDZzRtdHFuSGxjeDk4dE80T1dPTmwxOEp0dgp4UmxpaFZacFRIV295cGtLWHpPN2RNWExXMjdTSStkaGV2Mm5QeXF1eWpIVEFjT1AwbmxVQ0d2dThFMjkvWWxoCkNQZVJTQzhKSEVGYWxNSFNWaGpJd2ZBVWJvVVJwZU1ZSE15RjVTK2JncGZiajhSbVVUR09DbHRkWGJnYjhJai8KN0hROEFlQkIrYVFKTDVEVnFRN1JWN1ppQlMwR2ZyODlHdXdEMUs4em9mcktPdURkdXpjR2hwZk9MeGpGdmhTOApSQ2Y1Z3BFMzg0aWlHc2tWZC9mZDJLK3NhSmk0L09HbHo0aHhhc1hDcTN1TXB5OTZPNFRrMXZzM3BXdWZNVmJXCnR2d1Mrcjhvbk9uOXZqa3lqOU11eUpId1BpSlNGMUt0ZzhPUU5WMlVST0xXcHlYMWk4Z2xoMXdSelRTQ2diQnMKZ3ZxWkFvaU1pWFh3SlVXN3Zpb0RLZjI0TnZvcjViaVNzeUh0MHVKUVZJaW1iK1prTFJwTWdwRlkyTlcrTnd6LwoxOW9DS2ZUVVpWNkJia09IK0NoOUowLy9hTTRGNnUvMTI4V0UxalJQU05mdWQ0b0dpdGVPNXRsRDNWSXRsb1hlCjNyWVMrcTNuYXU1RStWc2FRZGFVNzhrSnpXYmUrWURmQ1JwWGd6TkloSkMyQ1k5d0RSK3hIaVFwbzdLSHV6dngKUkpuRjhIcGwzdWhIdWxEam44dEpBb0lCQVFEeGxhVVIwN1l6TGF2OVZtamZCenpZMjcwOU9tWnhpa3NtRnlhWApKTkJMQVB3SGdXOEVCUHdKOEprSDhXR1NTekp1OXZGd1JDVEVqZ1J5dWUvS05DWnNmUWF2UDg3dzhablJHaEhjCklHUUV1MFN3bmJzZXFJK1VWa0M5amZjaFE4dlowM0dQTGZ6bWpsSW9PNkNLTVM3TlV2Ynk5MksvOHRVVWRtWWgKMmJJa2N4V0J1RDJoenh3K1ZId3ArWktMQ0FPZi9sOG8vQ20xQ1dZSFNGdVYzTkl3T016Z2FKaExJODJNR08zQwpuODZTMXcweGc2MHB5dUV6L0hXZS9JMFZkRGNsWlgyNC9jalVBb01kQlkvSGY4Tkh2ZUNhZExQeXI3eGpRY2NLClAzN0RhdFRyK2RTZ2RoVkxzUDRRRzVVZEZxNUlMSHoxTXBkb2xXZ2pDSlZqcTZMekFvSUJBUURoYXNYdVRzMDIKNEkvYkRlSGRZSmw2Q1NzVUh2NmJXL3dpYlRhd2dpbDh5RUNWS2x6eFY4eENwWnoxWVhRQlY1YnVvQlArbjZCWApnVHgzTTJHc2R5UU1xdGRCWG9qdGp1czB6ekFNQVQzOWNmdWlHMGR0YXF3eWJMVlEwYThDZnFmMDVyUmZ0ekVmCmtTUDk2d01kVUEyTGdCbnU4akwzOU41UkxtK2RpZUdxeDAwYmJTa3l5UE9HNHIvcDl6KzN6TmVmeUhmbm94bTkKUnQza1RpeGhVNkd4UGhOSnZpWEUrWUpwT0dKVXMvK2dUWWpjUE1zRW9ONHIyR215cUs3S21NZExFa3Y1SHliWgprbmNsV2FMVFlhNEpjMjJUaWZJd01NTWMwaCtBMkJVckdjZFZ6MTA0UXluUFZQZDdXcEszenhqcjRPUHh1YnQ2CjZvTWk2REdRSVNlSEFvSUJBUURTK1YyVHFQRDMxczNaU3VvQXc2Qld2ZWVRbmZ5eThSUFpxdVFQb0oycXNxeG0KblpsbXlEZVhNcDloK1dHOVVhQTBtY0dWeWx6VnJqU2lRRkR4cEFOZVFQMWlkSFh6b3ZveVN2TUg2dDJONkVELwpnRy9XUVZ4S0xkMFI3UFhCL2lQN0VaV2RkWXJqaWF5ajZCYTJPR2RuOWlrbFcvZklLM2Y4QzczN2w5TGoxQUVYCkxOL2QvREh0R1BqcDYwTVgyYUxZeVZzdlBxL3BvdENRVVpkeDA4dFhRM05nRXRmVTN1cDFpNXV2bU1IZEtLTWoKOTV0MDRQRTA1aWVOOVgzOEcyYkJhTldYaFVJcUxCdDJiOUgxWmxVU3hQWnR6TGNObkgwSHJYejJMU2MxMzRrYwpueXdhQ2FWbFdhYzJSL0E3Mi8vTmxkUjJpWDBDWDEvM0lGcmVGUmtUQW9JQkFBbGt0S2pRbWRhZWx3QU8zUW1uCm05MnRBaUdOaFJpZVJheDlscGpXWTdveWNoYUZOR2hPTzFIUHF2SEN4TjNGYzZHd0JBVkpTNW81NVhZbUt2elAKM2kyMDlORmhpaDAwSm5NRjZ6K2swWnQ5STNwRzNyd2RoTjE1RURrMDg3RUw3QjNWZTFDOXhvdEZOaFcvdEZxRgpXbnNrdEcvem9kSVpYeVpNNUJQUmloamV3MFRRVUxZd0Q0M2daeFR0MjdiaUQxNDJNV0R5dUFEZU1pTHdhd01IClJDYXBxbzRaSVdQSzdmZEtoVFo0WmIrZFc0V3A5dC9UZ0U2ZGJ4SWwyMXJQOFFZYzFoT2tpNjduWHBXczNZOG4KYytRcTdqY0d1WlB1aEVMd01xWGcyMGozZ3duOVlTb1dDbWo4Wm0rNmY0Q3ZYWjkrdUtEN0YyZncyOVFaanU4dApvb01DZ2dFQkFPbVVHZ1VoT0tUVys1eEpkZlFKRUVXUncyVFF6Z2l6dSt3aVkzaDYrYXNTejRNY0srVGx6bWxVCmFHT013dFhTUzc0RXIxVmlCVXMrZnJKekFPR21IV0ExZWdtaGVlY1BvaE9ybTh5WkVueVJOSkRhWC9UUXBSUnEKaVdoWENBbjJTWFQxcFlsYVBzMjdkbXpFWnQ3UlVUSkJZZ1hHZXQ4dXFjUXZaVDJZK3N6cHFNV3UzaEpWdmIxdgpZNGRJWE12RG1aV1BPVjFwbHJEaTVoc214VW05TDVtWk1IblllNzFOYkhsaEIxK0VUNXZmWFZjOERzU1RRZWRRCitDRHJKNGQ0em85dFNCa2pwYTM5M2RDRjhCSURESUQyWkVJNCtBVW52NWhTNm82NitOLzBONlp3cXkwc2pKY0cKQ21LeS9tNUpqVzFJWDMxSmZ1UU5Ldm9YNkRFN0Zkaz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + ## Expects base 64 encoded values for certificate and key. + certificate: "" + key: "" sslProtocols: "" # if set, override default Nginx SSL protocols setting + ## cert-manager values + ## If cert-manager is enabled: + ## If genSelfsigned: true: + ## Create a self-signed issuer/clusterIssuer + ## Generate a rootCA using the above issuer. + ## Generate a tls certificate with secret name as: {{ .Release.Name }}-yugaware-tls-cert + ## Else if genSelfsigned: false: + ## Expect a clusterIssuer/issuer to be provided by user + ## Generate a tls cert based on above issuer with secret name as: {{ .Release.Name }}-yugaware-tls-cert + certManager: + enabled: false + genSelfsigned: true + useClusterIssuer: false + clusterIssuer: cluster-ca + issuer: yugaware-ca + ## Configuration for the TLS certificate requested from Issuer/ClusterIssuer + configuration: + duration: 8760h # 90d + renewBefore: 240h # 15d + algorithm: RSA # ECDSA or RSA + # Can be 2048, 4096 or 8192 for RSA + # Or 256, 384 or 521 for ECDSA + keySize: 2048 ## yugaware pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ securityContext: - enabled: false + enabled: true ## fsGroup related values are set at the pod level. fsGroup: 10001 fsGroupChangePolicy: "OnRootMismatch" - ## The following values are set for yugaware and prometheus containers. - ## Setting runAsUser other than 10001 will fail the VM universe deployment flow. + ## Expected to have runAsUser values != 0 when + ## runAsNonRoot is set to true, otherwise container creation fails. runAsUser: 10001 runAsGroup: 10001 runAsNonRoot: true @@ -150,15 +213,66 @@ ocpCompatibility: # Extra containers to add to the pod. sidecars: [] +## Following two controls for placement of pod - nodeSelector and AZ affinity. +## Note: Remember to also provide a yugaware.StorageClass that has a olumeBindingMode of +## WaitForFirstConsumer so that the PVC is created in the right topology visible to this pod. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +## eg. +## nodeSelector: +## topology.kubernetes.io/region: us-west1 +nodeSelector: {} + +## Affinity to a particular zone for the pod. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## eg. +## nodeAffinity: +## requiredDuringSchedulingIgnoredDuringExecution: +## nodeSelectorTerms: +## - matchExpressions: +## - key: failure-domain.beta.kubernetes.io/zone +## operator: In +## values: +## - us-west1-a +## - us-west1-b +zoneAffinity: {} + +## The tolerations that the pod should have. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +tolerations: [] + +## @param dnsPolicy DNS Policy for pod +## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +## E.g. +## dnsPolicy: ClusterFirst +dnsPolicy: "" +## @param dnsConfig DNS Configuration pod +## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +## E.g. +## dnsConfig: +## options: +## - name: ndots +## value: "4" +dnsConfig: {} + ## Don't want prometheus to scrape nodes and evaluate alert rules in some cases (for example - cloud). prometheus: + ## Setting this to false will disable scraping of TServer and Master + ## nodes (could be pods or VMs) scrapeNodes: true evaluateAlertRules: true retentionTime: 15d + queryConcurrency: 20 + queryMaxSamples: 5000000 + queryTimeout: 30s + ## Set this to false to disable scraping of Kubernetes worker + ## nodes. Setting this to false will results in blank graphs of + ## resource utilization for Kubernetes universes. Useful for + ## scenarios where only VM based universes are being created. + scrapeKubernetesNodes: true resources: requests: - cpu: 2 + cpu: "2" memory: 4Gi ## Prometheus remote write config, as described here: @@ -179,8 +293,10 @@ prometheus: # Arbitrary key=value config entries for application.docker.conf additionalAppConf: - stringConf: - nonStringConf: + stringConf: {} + nonStringConf: {} + +jdbcParams: "" ## Override the APIVersion used by policy group for ## PodDisruptionBudget resources. The chart selects the correct @@ -188,3 +304,25 @@ additionalAppConf: ## to modify this unless you are using helm template command i.e. GKE ## app's deployer image against a Kubernetes cluster >= 1.21. # pdbPolicyVersionOverride: "v1beta1" +pdbPolicyVersionOverride: "" + +initContainers: + prometheusConfiguration: + resources: + ## https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container + ## Use the above link to learn more about Kubernetes resources configuration. + requests: + cpu: "0.25" + memory: 500Mi + + postgresUpgrade: + resources: + requests: + cpu: "0.5" + memory: 500Mi + + postgresInit: + resources: + requests: + cpu: "0.25" + memory: 500Mi diff --git a/index.yaml b/index.yaml index 7ca9dc514..4d8f4105a 100644 --- a/index.yaml +++ b/index.yaml @@ -80,6 +80,63 @@ entries: - assets/datawiza/access-broker-0.1.1.tgz version: 0.1.1 airflow: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Airflow + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: airflow + category: WorkFlow + images: | + - name: airflow-exporter + image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r448 + - name: airflow-scheduler + image: docker.io/bitnami/airflow-scheduler:2.8.1-debian-11-r4 + - name: airflow-worker + image: docker.io/bitnami/airflow-worker:2.8.1-debian-11-r4 + - name: airflow + image: docker.io/bitnami/airflow:2.8.1-debian-11-r4 + - name: git + image: docker.io/bitnami/git:2.43.0-debian-11-r9 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 2.8.1 + created: "2024-02-09T14:31:09.856191433Z" + dependencies: + - condition: redis.enabled + name: redis + repository: file://./charts/redis + version: 18.x.x + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 13.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Airflow is a tool to express and execute workflows as directed + acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task + progress and handle task dependencies. + digest: b5c46cc38d883ca225ae74247556a976eeb643c62757829c12c9eeda197799c9 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg + keywords: + - apache + - airflow + - workflow + - dag + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: airflow + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/airflow + urls: + - assets/bitnami/airflow-16.5.5.tgz + version: 16.5.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Airflow @@ -2509,6 +2566,38 @@ entries: - assets/bitnami/airflow-13.1.7.tgz version: 13.1.7 amd-gpu: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: AMD GPU Device Plugin + catalog.cattle.io/kube-version: '>= 1.18.0-0' + catalog.cattle.io/release-name: amd-gpu + apiVersion: v2 + appVersion: 1.25.2.7 + created: "2024-02-09T14:30:39.232685861Z" + dependencies: + - condition: nfd.enabled + name: node-feature-discovery + repository: file://./charts/node-feature-discovery + version: '>= 0.8.1-0' + description: A Helm chart for deploying Kubernetes AMD GPU device plugin + digest: 589af86bce648c0227954c8790a5e04b14308a83ed9d69e5a8a5bd748acde06e + home: https://github.com/ROCm/k8s-device-plugin + icon: https://raw.githubusercontent.com/ROCm/k8s-device-plugin/master/helm/logo.png + keywords: + - kubernetes + - cluster + - hardware + - gpu + kubeVersion: '>= 1.18.0-0' + maintainers: + - name: Kenny Ho + name: amd-gpu + sources: + - https://github.com/ROCm/k8s-device-plugin + type: application + urls: + - assets/amd/amd-gpu-0.12.0.tgz + version: 0.12.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: AMD GPU Device Plugin @@ -2609,7 +2698,7 @@ entries: - annotations: artifacthub.io/changes: | - kind: changed - description: Updated documented default value for application.instanceLabelKey. + description: Improved documentation for various ingress setups artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -2619,8 +2708,8 @@ entries: catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 - appVersion: v2.9.5 - created: "2024-01-23T16:21:03.497014854Z" + appVersion: v2.10.0 + created: "2024-02-09T14:31:08.682483776Z" dependencies: - condition: redis-ha.enabled name: redis-ha @@ -2628,7 +2717,46 @@ entries: version: 4.23.0 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. - digest: 8095830a4888f1dca991082de6327a722eb2b7ca99ffa61c1a2faf57bd91a368 + digest: 185bca83d12a9a6245b766dbc71cb341c93daae8b5e1fc6a031f26b7e629e5c4 + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.23.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-6.0.5.tgz + version: 6.0.5 + - annotations: + artifacthub.io/changes: | + - kind: changed + description: Updated documented default value for application.instanceLabelKey. + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.23.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.9.5 + created: "2024-02-09T14:30:40.04247417Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.23.0 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 63026ee221cd3778ba74c794094f543a12df2d2b74988593d3307717e99c602f home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -6171,6 +6299,39 @@ entries: - assets/argo/argo-cd-5.8.0.tgz version: 5.8.0 artifactory-ha: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Artifactory HA + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v2 + appVersion: 7.77.5 + created: "2024-02-09T14:31:14.467956316Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 10.3.18 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: eb29e5dd197f2c9d8c0e3121e4da70b23bb5e5458b5c35fcc141dc664cbacf50 + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-ha-107.77.5.tgz + version: 107.77.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA @@ -7650,6 +7811,40 @@ entries: - assets/jfrog/artifactory-ha-3.0.1400.tgz version: 3.0.1400 artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Container Registry + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v2 + appVersion: 7.77.5 + created: "2024-02-09T14:31:14.832172511Z" + dependencies: + - name: artifactory + repository: file://./charts/artifactory + version: 107.77.5 + description: JFrog Container Registry + digest: 912936ae13d65083b5f0a4d9998449b78fe6c8812cbca1984fdb495f334723e4 + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-jcr-107.77.5.tgz + version: 107.77.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry @@ -11719,6 +11914,48 @@ entries: - assets/asserts/asserts-1.6.0.tgz version: 1.6.0 cassandra: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Cassandra + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: cassandra + category: Database + images: | + - name: cassandra-exporter + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r436 + - name: cassandra + image: docker.io/bitnami/cassandra:4.1.3-debian-11-r85 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 4.1.3 + created: "2024-02-09T14:31:09.931559258Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Cassandra is an open source distributed database management + system designed to handle large amounts of data across many servers, providing + high availability with no single point of failure. + digest: 08d04a4e0af87e29ec2e4d0660ac4c116c7de4aad7f811d9b2ba1fc629996648 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg + keywords: + - cassandra + - database + - nosql + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: cassandra + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/cassandra + urls: + - assets/bitnami/cassandra-10.9.0.tgz + version: 10.9.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Cassandra @@ -13093,6 +13330,40 @@ entries: - assets/bitnami/cassandra-9.7.3.tgz version: 9.7.3 cert-manager: + - annotations: + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E + url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: cert-manager + catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/namespace: cert-manager + catalog.cattle.io/release-name: cert-manager + apiVersion: v1 + appVersion: v1.14.2 + created: "2024-02-09T14:31:12.389004266Z" + description: A Helm chart for cert-manager + digest: b75a618d24c0472cdeffdf5ed57033bf6d9c3aec6b2e02dee1aeab60fca2282b + home: https://github.com/cert-manager/cert-manager + icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png + keywords: + - cert-manager + - kube-lego + - letsencrypt + - tls + kubeVersion: '>= 1.22.0-0' + maintainers: + - email: cert-manager-maintainers@googlegroups.com + name: cert-manager-maintainers + url: https://cert-manager.io + name: cert-manager + sources: + - https://github.com/cert-manager/cert-manager + urls: + - assets/cert-manager/cert-manager-v1.14.2.tgz + version: v1.14.2 - annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/prerelease: "false" @@ -14738,6 +15009,27 @@ entries: - assets/cloudcasa/cloudcasa-0.1.000.tgz version: 0.1.000 cockroachdb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CockroachDB + catalog.cattle.io/kube-version: '>=1.8-0' + catalog.cattle.io/release-name: cockroachdb + apiVersion: v1 + appVersion: 23.2.0 + created: "2024-02-09T14:31:12.506752473Z" + description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. + digest: 8f4f8e3f71bd57ffda8a167885e6ae44f0f87a118b873af16380db1b8b9facac + home: https://www.cockroachlabs.com + icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png + maintainers: + - email: helm-charts@cockroachlabs.com + name: cockroachlabs + name: cockroachdb + sources: + - https://github.com/cockroachdb/cockroach + urls: + - assets/cockroach-labs/cockroachdb-12.0.0.tgz + version: 12.0.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CockroachDB @@ -15972,6 +16264,47 @@ entries: - assets/confluent/confluent-for-kubernetes-0.174.2101.tgz version: 0.174.2101 consul: + - annotations: + artifacthub.io/images: | + - name: consul + image: hashicorp/consul:1.17.2 + - name: consul-k8s-control-plane + image: hashicorp/consul-k8s-control-plane:1.3.2 + - name: consul-dataplane + image: hashicorp/consul-dataplane:1.3.2 + - name: envoy + image: envoyproxy/envoy:v1.25.11 + artifacthub.io/license: MPL-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://www.consul.io/docs/k8s + - name: hashicorp/consul + url: https://github.com/hashicorp/consul + - name: hashicorp/consul-k8s + url: https://github.com/hashicorp/consul-k8s + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: C874011F0AB405110D02105534365D9472D7468F + url: https://keybase.io/hashicorp/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Hashicorp Consul + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: consul + apiVersion: v2 + appVersion: 1.17.2 + created: "2024-02-09T14:31:13.872190112Z" + description: Official HashiCorp Consul Chart + digest: 0d4b36076dbc0baf4ab7c6520688e35a618f647b412f5b5a3a7f47d7b52d1c09 + home: https://www.consul.io + icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png + kubeVersion: '>=1.22.0-0' + name: consul + sources: + - https://github.com/hashicorp/consul + - https://github.com/hashicorp/consul-k8s + urls: + - assets/hashicorp/consul-1.3.2.tgz + version: 1.3.2 - annotations: artifacthub.io/images: | - name: consul @@ -16684,8 +17017,26 @@ entries: catalog.cattle.io/featured: "1" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 + appVersion: 2.0.2 + created: "2024-02-09T14:31:36.181461841Z" + description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. + digest: ed363aae17afbde55bace477a1828d21c971127c99d0cd567ed65673f8ea0edc + icon: https://partner-charts.rancher.io/assets/logos/kubecost.png + name: cost-analyzer + urls: + - assets/kubecost/cost-analyzer-2.0.2.tgz + version: 2.0.2 + - annotations: + artifacthub.io/links: | + - name: Homepage + url: https://www.kubecost.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kubecost + catalog.cattle.io/release-name: cost-analyzer + apiVersion: v2 appVersion: 1.108.1 - created: "2024-01-12T17:06:51.840530718Z" + created: "2024-02-09T14:31:15.903350788Z" dependencies: - condition: global.grafana.enabled name: grafana @@ -16701,7 +17052,7 @@ entries: version: ~0.29.0 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. - digest: 2f5ded432818ec345f1ac834df454611ae49b64dc9dec5d856be76b71f508d34 + digest: 95ada1e956075b8e401e954bb0dd5cc92149bb532d6fa1fbc2e653a6b862ecaa icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer urls: @@ -17671,6 +18022,28 @@ entries: - assets/kubecost/cost-analyzer-1.70.000.tgz version: 1.70.000 crate-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrateDB Operator + catalog.cattle.io/release-name: crate-operator + apiVersion: v2 + appVersion: 2.34.1 + created: "2024-02-09T14:31:12.657753402Z" + dependencies: + - condition: crate-operator-crds.enabled + name: crate-operator-crds + repository: file://./charts/crate-operator-crds + version: 2.34.1 + description: Crate Operator - Helm chart for installing and upgrading Crate Operator. + digest: f772071d314c379bba917a3259031271a0a8053362b93121c8cd58c30f1c7087 + icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg + maintainers: + - name: Crate.io + name: crate-operator + type: application + urls: + - assets/crate/crate-operator-2.34.1.tgz + version: 2.34.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrateDB Operator @@ -18112,6 +18485,32 @@ entries: - assets/crate/crate-operator-2.16.0.tgz version: 2.16.0 csi-isilon: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerScale + catalog.cattle.io/kube-version: '>= 1.21.0 < 1.29.0' + catalog.cattle.io/release-name: isilon + apiVersion: v2 + appVersion: 2.9.1 + created: "2024-02-09T14:31:13.291031779Z" + description: 'PowerScale CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as an Isilon + StorageClass. ' + digest: 53af8b38e05a03aab45e4c580df3d2110db781087a245977e807e9327227ba32 + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.21.0 < 1.29.0' + maintainers: + - name: DellEMC + name: csi-isilon + sources: + - https://github.com/dell/csi-isilon + type: application + urls: + - assets/dell/csi-isilon-2.9.1.tgz + version: 2.9.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerScale @@ -18189,6 +18588,38 @@ entries: - assets/dell/csi-isilon-2.6.1.tgz version: 2.6.1 csi-powermax: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerMax + catalog.cattle.io/kube-version: '>= 1.23.0 < 1.29.0' + catalog.cattle.io/release-name: csi-powermax + apiVersion: v2 + appVersion: 2.9.1 + created: "2024-02-09T14:31:13.299371115Z" + dependencies: + - condition: required + name: csireverseproxy + repository: file://./charts/csireverseproxy + version: 2.8.1 + description: 'PowerMax CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a PowerMax + StorageClass. ' + digest: a6bbd30f8688cf92237d0e5c15708c04276c1e22aa7f77e8e14179975828c1ee + home: https://github.com/dell/csi-powermax + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.23.0 < 1.29.0' + maintainers: + - name: DellEMC + name: csi-powermax + sources: + - https://github.com/dell/csi-powermax + type: application + urls: + - assets/dell/csi-powermax-2.9.1.tgz + version: 2.9.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerMax @@ -18317,6 +18748,33 @@ entries: - assets/dell/csi-powermax-2.6.0.tgz version: 2.6.0 csi-powerstore: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerStore + catalog.cattle.io/kube-version: '>= 1.24.0 < 1.29.0' + catalog.cattle.io/release-name: powerstore + apiVersion: v2 + appVersion: 2.9.1 + created: "2024-02-09T14:31:13.304179769Z" + description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a PowerStore + StorageClass. ' + digest: 93d4d23a02d82c410f48e9d81d80a6a1e73685f123a55dc171931500b8ac0809 + home: https://github.com/dell/csi-powerstore + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.24.0 < 1.29.0' + maintainers: + - name: DellEMC + name: csi-powerstore + sources: + - https://github.com/dell/csi-powerstore + type: application + urls: + - assets/dell/csi-powerstore-2.9.1.tgz + version: 2.9.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerStore @@ -18475,6 +18933,32 @@ entries: - assets/dell/csi-powerstore-2.4.0.tgz version: 2.4.0 csi-unity: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI Unity + catalog.cattle.io/kube-version: '>= 1.24.0 < 1.29.0' + catalog.cattle.io/release-name: unity + apiVersion: v2 + appVersion: 2.9.1 + created: "2024-02-09T14:31:13.307555508Z" + description: 'Unity XT CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a Unity + XT StorageClass. ' + digest: b2d7994312382a0bb2253e564a9c09d3314652f6fad0db8cd83b3025690d65cb + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.24.0 < 1.29.0' + maintainers: + - name: DellEMC + name: csi-unity + sources: + - https://github.com/dell/csi-unity + type: application + urls: + - assets/dell/csi-unity-2.9.1.tgz + version: 2.9.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI Unity @@ -18604,6 +19088,32 @@ entries: - assets/dell/csi-unity-2.4.0.tgz version: 2.4.0 csi-vxflexos: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerFlex + catalog.cattle.io/kube-version: '>= 1.21.0 < 1.29.0' + catalog.cattle.io/namespace: vxflexos + catalog.cattle.io/release-name: vxflexos + apiVersion: v2 + appVersion: 2.9.1 + created: "2024-02-09T14:31:13.312875396Z" + description: 'VxFlex OS CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a VxFlex + OS StorageClass. ' + digest: abea54b84504254bcb9441b4da3b11e5123ad4de2caf111f657309f5bc88030a + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.21.0 < 1.29.0' + maintainers: + - name: DellEMC + name: csi-vxflexos + sources: + - https://github.com/dell/csi-vxflexos + urls: + - assets/dell/csi-vxflexos-2.9.1.tgz + version: 2.9.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerFlex @@ -19252,6 +19762,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2024-02-09T14:31:13.19784614Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 1.0.1 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: a549e5c2a0b53d7af07a8b3d61d918b5a4a57e0e9e774ec75cd98b8bbbd980eb + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.53.3.tgz + version: 3.53.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -22927,6 +23474,29 @@ entries: - assets/datadog/datadog-operator-0.8.8.tgz version: 0.8.8 dxemssql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG + catalog.cattle.io/kube-version: '>= 1.20.0-0' + catalog.cattle.io/release-name: dxemssql + charts.openshift.io/name: DxEnterprise for Microsoft SQL AG + apiVersion: v2 + appVersion: "23.0" + created: "2024-02-09T14:31:13.314639958Z" + description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server + availability groups + digest: 1c237f2131565aaa78636e51361f9e4f44ac3f2ad1820e45e4eff427f82f4fb2 + icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png + kubeVersion: '>= 1.20.0-0' + maintainers: + - email: support@dh2i.com + name: DH2i Company + url: https://dh2i.com + name: dxemssql + type: application + urls: + - assets/dh2i/dxemssql-1.0.5.tgz + version: 1.0.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG @@ -23631,6 +24201,30 @@ entries: - assets/elastic/elasticsearch-7.17.3.tgz version: 7.17.3 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.9.12 + created: "2024-02-09T14:31:13.406319855Z" + description: External secret management for Kubernetes + digest: 053be5a7748614fa0cbdadc37772799af693b4648d115f3a2e25e576f4ee3fde + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.9.12.tgz + version: 0.9.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -24442,6 +25036,38 @@ entries: - assets/f5/f5-bigip-ctlr-0.0.1901.tgz version: 0.0.1901 falcon-sensor: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrowdStrike Falcon Platform + catalog.cattle.io/kube-version: '>1.22.0-0' + catalog.cattle.io/release-name: falcon-sensor + apiVersion: v2 + appVersion: 1.25.2 + created: "2024-02-09T14:31:12.675401516Z" + description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes + clusters. + digest: 944637e5175dfc49b3871be0500812543fdad536d3012ec03fb3760fb51f7bb0 + home: https://crowdstrike.com + icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg + keywords: + - CrowdStrike + - Falcon + - EDR + - kubernetes + - security + - monitoring + - alerting + kubeVersion: '>1.22.0-0' + maintainers: + - email: integrations@crowdstrike.com + name: CrowdStrike Solutions Architecture + name: falcon-sensor + sources: + - https://github.com/CrowdStrike/falcon-helm + type: application + urls: + - assets/crowdstrike/falcon-sensor-1.25.2.tgz + version: 1.25.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrowdStrike Falcon Platform @@ -30367,6 +30993,62 @@ entries: - assets/jaeger/jaeger-operator-2.36.0.tgz version: 2.36.0 jenkins: + - annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/changes: | + - Update `docker.io/kiwigrid/k8s-sidecar` to version `docker.io/kiwigrid/k8s-sidecar` + artifacthub.io/images: | + - name: jenkins + image: docker.io/jenkins/jenkins:2.426.3-jdk17 + - name: k8s-sidecar + image: docker.io/kiwigrid/k8s-sidecar:1.25.4 + - name: inbound-agent + image: jenkins/inbound-agent:3206.vb_15dcf73f6a_9-3 + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + - name: support + url: https://github.com/jenkinsci/helm-charts/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.426.3 + created: "2024-02-09T14:31:14.137662786Z" + description: Jenkins - Build great things at any scale! The leading open source + automation server, Jenkins provides over 1800 plugins to support building, deploying + and automating any project. + digest: 1683bd62091a639558c2da27c60112c825cb7abfc241c661cefccbabcd73bc2e + home: https://jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + keywords: + - jenkins + - ci + - devops + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + urls: + - assets/jenkins/jenkins-5.0.13.tgz + version: 5.0.13 - annotations: artifacthub.io/category: integration-delivery artifacthub.io/changes: | @@ -33622,6 +34304,62 @@ entries: - assets/trilio/k8s-triliovault-operator-v2.0.200.tgz version: v2.0.200 k10: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 6.5.4 + created: "2024-02-09T14:31:15.342822958Z" + dependencies: + - condition: grafana.enabled + name: grafana + repository: file://./charts/grafana + version: 7.1.0 + - condition: prometheus.server.enabled + name: prometheus + repository: file://./charts/prometheus + version: 25.8.0 + description: Kasten’s K10 Data Management Platform + digest: f28091df3e1c37e137a1eb13c5e7755ae5f172d13886dd90eb3746307aba9277 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-6.5.401.tgz + version: 6.5.401 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 6.5.3 + created: "2024-02-09T14:31:15.331172466Z" + dependencies: + - condition: grafana.enabled + name: grafana + repository: file://./charts/grafana + version: 7.1.0 + - condition: prometheus.server.enabled + name: prometheus + repository: file://./charts/prometheus + version: 25.8.0 + description: Kasten’s K10 Data Management Platform + digest: 98e069fa48ff5a90ed2856476afd9206f37233aa4b320cbcaaaa14796d838615 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-6.5.301.tgz + version: 6.5.301 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: K10 @@ -34619,6 +35357,58 @@ entries: - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + images: | + - name: jmx-exporter + image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r6 + - name: kafka-exporter + image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r140 + - name: kafka + image: docker.io/bitnami/kafka:3.6.1-debian-11-r6 + - name: kubectl + image: docker.io/bitnami/kubectl:1.29.1-debian-11-r3 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.6.1 + created: "2024-02-09T14:31:10.419201787Z" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: f21cada330f5547c62820dfb50b58100f6bf2c1109327b5575567e0650d57468 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/kafka + urls: + - assets/bitnami/kafka-26.8.5.tgz + version: 26.8.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -37704,6 +38494,33 @@ entries: - assets/bitnami/kafka-19.0.1.tgz version: 19.0.1 kamaji: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kamaji + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: kamaji + apiVersion: v2 + appVersion: v0.4.1 + created: "2024-02-09T14:31:12.452573574Z" + description: Kamaji is a Kubernetes Control Plane Manager. + digest: edd7a1f071323baa8ba0cec39f209b192c1452b55dd3e2f98d62b8750a1e4a2b + home: https://github.com/clastix/kamaji + icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png + kubeVersion: '>=1.21.0-0' + maintainers: + - email: dario@tranchitella.eu + name: Dario Tranchitella + - email: me@maxgio.it + name: Massimiliano Giovagnoli + - email: me@bsctl.io + name: Adriano Pezzuto + name: kamaji + sources: + - https://github.com/clastix/kamaji + type: application + urls: + - assets/clastix/kamaji-0.14.1.tgz + version: 0.14.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kamaji @@ -38328,6 +39145,31 @@ entries: - assets/elastic/kibana-7.17.3.tgz version: 7.17.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.5" + created: "2024-02-09T14:31:15.595528005Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: 0def00f6ae7c6d73b3eb2330b8da75c791e4c38e5ac90e30b127517853168b87 + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: team-k8s@konghq.com + name: team-k8s-bot + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.35.1.tgz + version: 2.35.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway @@ -40312,6 +41154,33 @@ entries: - assets/avesha/kubeslice-worker-0.4.5.tgz version: 0.4.5 kuma: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kuma + catalog.cattle.io/namespace: kuma-system + catalog.cattle.io/release-name: kuma + apiVersion: v2 + appVersion: 2.6.0 + created: "2024-02-09T14:31:36.24068617Z" + description: A Helm chart for the Kuma Control Plane + digest: 87e8cfba2d9e108bd5ebd700a8e96748206879f2d9eb793707065f91205d9a95 + home: https://github.com/kumahq/kuma + icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg + keywords: + - service mesh + - control plane + maintainers: + - email: austin.cawley@gmail.com + name: austince + - email: jakub.dyszkiewicz@konghq.com + name: jakubdyszkiewicz + - email: nikolay.nikolaev@konghq.com + name: nickolaev + name: kuma + type: application + urls: + - assets/kuma/kuma-2.6.0.tgz + version: 2.6.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kuma @@ -41166,6 +42035,41 @@ entries: - assets/linkerd/linkerd-control-plane-1.12.5.tgz version: 1.12.5 loft: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Loft + catalog.cattle.io/kube-version: '>=1.22-0' + catalog.cattle.io/release-name: loft + apiVersion: v2 + created: "2024-02-09T14:31:36.267068294Z" + description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual + Clusters + digest: fd24e7fd3127542b5f84c5435eda2c341568b36e298e849e8e30b3cfdeee145b + home: https://loft.sh + icon: https://static.loft.sh/loft/logo/loft-logo.svg + keywords: + - developer + - development + - sharing + - share + - multi-tenancy + - tenancy + - cluster + - space + - namespace + - vcluster + - vclusters + maintainers: + - email: info@loft.sh + name: Loft Labs, Inc. + url: https://twitter.com/loft_sh + name: loft + sources: + - https://github.com/loft-sh/loft + type: application + urls: + - assets/loft/loft-3.3.4.tgz + version: 3.3.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Loft @@ -41770,6 +42674,50 @@ entries: - assets/elastic/logstash-7.17.3.tgz version: 7.17.3 mariadb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MariaDB + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mariadb + category: Database + images: | + - name: mariadb + image: docker.io/bitnami/mariadb:11.2.3-debian-11-r0 + - name: mysqld-exporter + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r6 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 11.2.3 + created: "2024-02-09T14:31:10.560899978Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: d8c9b5d2273147416f74357fd48c1a7bf74edec9d079834ae3a5333924620e1f + home: https://bitnami.com + icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mariadb + urls: + - assets/bitnami/mariadb-16.0.1.tgz + version: 16.0.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MariaDB @@ -43628,6 +44576,37 @@ entries: - assets/bitnami/mariadb-11.3.3.tgz version: 11.3.3 metallb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MetalLB + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/namespace: metallb-system + catalog.cattle.io/release-name: metallb + apiVersion: v2 + appVersion: v0.14.3 + created: "2024-02-09T14:31:36.279713775Z" + dependencies: + - condition: crds.enabled + name: crds + repository: file://./charts/crds + version: 0.14.3 + - condition: frrk8s.enabled + name: frr-k8s + repository: file://./charts/frr-k8s + version: 0.0.8 + description: A network load-balancer implementation for Kubernetes using standard + routing protocols + digest: 201260d67c0960dddaa35572e5fbb2a774354013596ecf6f525016d216d9e487 + home: https://metallb.universe.tf + icon: https://metallb.universe.tf/images/logo/metallb-blue.png + kubeVersion: '>= 1.19.0-0' + name: metallb + sources: + - https://github.com/metallb/metallb + type: application + urls: + - assets/metallb/metallb-0.14.3.tgz + version: 0.14.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MetalLB @@ -43762,6 +44741,32 @@ entries: - assets/metallb/metallb-0.13.7.tgz version: 0.13.7 minio-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Minio Operator + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: minio-operator + apiVersion: v2 + appVersion: v5.0.12 + created: "2024-02-09T14:31:36.291490399Z" + description: A Helm chart for MinIO Operator + digest: 79c4de7dcf753469fa969ef47ec377a0cfe630b23bec263dc0407e8ffc7391e7 + home: https://min.io + icon: https://min.io/resources/img/logo/MINIO_wordmark.png + keywords: + - storage + - object-storage + - S3 + maintainers: + - email: dev@minio.io + name: MinIO, Inc + name: minio-operator + sources: + - https://github.com/minio/operator + type: application + urls: + - assets/minio/minio-operator-5.0.12.tgz + version: 5.0.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Minio Operator @@ -44205,6 +45210,50 @@ entries: - assets/minio/minio-operator-4.4.1700.tgz version: 4.4.1700 mysql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MySQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mysql + category: Database + images: | + - name: mysql + image: docker.io/bitnami/mysql:8.0.36-debian-11-r4 + - name: mysqld-exporter + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r5 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 8.0.36 + created: "2024-02-09T14:31:10.63204707Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MySQL is a fast, reliable, scalable, and easy to use open source + relational database system. Designed to handle mission-critical, heavy-load + production applications. + digest: df461fab2b95fa932a4e6d29e718cb042f58cd7497acab55856159c68d916a2a + home: https://bitnami.com + icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png + keywords: + - mysql + - database + - sql + - cluster + - high availability + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mysql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mysql + urls: + - assets/bitnami/mysql-9.19.1.tgz + version: 9.19.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MySQL @@ -45757,6 +46806,31 @@ entries: - assets/bitnami/mysql-9.4.1.tgz version: 9.4.1 nats: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.10.10 + created: "2024-02-09T14:31:36.353589691Z" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: ef02b1840e053f5cb93921c2eaeaffe4b84f72bdc08cf590ccd5b065938a317e + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: info@nats.io + name: The NATS Authors + url: https://github.com/nats-io + name: nats + urls: + - assets/nats/nats-1.1.8.tgz + version: 1.1.8 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NATS Server @@ -47219,6 +48293,88 @@ entries: - assets/f5/nginx-service-mesh-0.2.100.tgz version: 0.2.100 nri-bundle: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: New Relic + catalog.cattle.io/release-name: nri-bundle + apiVersion: v2 + created: "2024-02-09T14:31:36.841109283Z" + dependencies: + - condition: infrastructure.enabled,newrelic-infrastructure.enabled + name: newrelic-infrastructure + repository: file://./charts/newrelic-infrastructure + version: 3.30.0 + - condition: prometheus.enabled,nri-prometheus.enabled + name: nri-prometheus + repository: file://./charts/nri-prometheus + version: 2.1.17 + - condition: newrelic-prometheus-agent.enabled + name: newrelic-prometheus-agent + repository: file://./charts/newrelic-prometheus-agent + version: 1.10.0 + - condition: webhook.enabled,nri-metadata-injection.enabled + name: nri-metadata-injection + repository: file://./charts/nri-metadata-injection + version: 4.17.0 + - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled + name: newrelic-k8s-metrics-adapter + repository: file://./charts/newrelic-k8s-metrics-adapter + version: 1.9.0 + - condition: ksm.enabled,kube-state-metrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics + version: 5.12.1 + - condition: kubeEvents.enabled,nri-kube-events.enabled + name: nri-kube-events + repository: file://./charts/nri-kube-events + version: 3.8.0 + - condition: logging.enabled,newrelic-logging.enabled + name: newrelic-logging + repository: file://./charts/newrelic-logging + version: 1.20.0 + - condition: newrelic-pixie.enabled + name: newrelic-pixie + repository: file://./charts/newrelic-pixie + version: 2.1.2 + - alias: pixie-chart + condition: pixie-chart.enabled + name: pixie-operator-chart + repository: file://./charts/pixie-operator-chart + version: 0.1.4 + - condition: newrelic-infra-operator.enabled + name: newrelic-infra-operator + repository: file://./charts/newrelic-infra-operator + version: 2.9.0 + description: Groups together the individual charts for the New Relic Kubernetes + solution for a more comfortable deployment. + digest: 59930096ba81e9b31081e6812f5620e15207adcb5fe15969176aa6ac395ced05 + home: https://github.com/newrelic/helm-charts + icon: https://newrelic.com/themes/custom/erno/assets/mediakit/new_relic_logo_vertical.svg + keywords: + - infrastructure + - newrelic + - monitoring + maintainers: + - name: juanjjaramillo + url: https://github.com/juanjjaramillo + - name: csongnr + url: https://github.com/csongnr + name: nri-bundle + sources: + - https://github.com/newrelic/nri-bundle/ + - https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle + - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure + - https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus + - https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent + - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection + - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter + - https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie + - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator + urls: + - assets/new-relic/nri-bundle-5.0.63.tgz + version: 5.0.63 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: New Relic @@ -52409,6 +53565,51 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + - name: postgres-exporter + image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r9 + - name: postgresql + image: docker.io/bitnami/postgresql:16.2.0-debian-11-r1 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 16.2.0 + created: "2024-02-09T14:31:10.939884776Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: 73825bd7730d31d4eb7a659e62b81230b0589c92a85f3cac68a2ae06ffd09a1b + home: https://bitnami.com + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/postgresql + urls: + - assets/bitnami/postgresql-14.0.4.tgz + version: 14.0.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -55320,6 +56521,28 @@ entries: - assets/bitnami/postgresql-11.9.12.tgz version: 11.9.12 psmdb-db: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Percona Server for MongoDB + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: psmdb-db + apiVersion: v2 + appVersion: 1.15.0 + created: "2024-02-09T14:31:37.182537322Z" + description: A Helm chart for installing Percona Server MongoDB Cluster Databases + using the PSMDB Operator. + digest: 2f26287ed89cdbf6274268eedf0727dc560eb95f5abc13d73f273a2702fbf5a3 + home: https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html + icon: https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/operator.png + maintainers: + - email: tomislav.plavcic@percona.com + name: tplavcic + - email: natalia.marukovich@percona.com + name: nmarukovich + name: psmdb-db + urls: + - assets/percona/psmdb-db-1.15.3.tgz + version: 1.15.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Percona Server for MongoDB @@ -55497,6 +56720,29 @@ entries: - assets/percona/psmdb-db-1.13.0.tgz version: 1.13.0 psmdb-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Percona Operator for MongoDB + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: psmdb-operator + apiVersion: v2 + appVersion: 1.15.0 + created: "2024-02-09T14:31:37.207016779Z" + description: A Helm chart for deploying the Percona Operator for MongoDB + digest: d0a48d588f7c495505d9a94c8e4703ce91ea009c4d8386cc6d05b5f282e4daf7 + home: https://docs.percona.com/percona-operator-for-mongodb/ + icon: https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/operator.png + maintainers: + - email: tomislav.plavcic@percona.com + name: tplavcic + - email: natalia.marukovich@percona.com + name: nmarukovich + - email: sergey.pronin@percona.com + name: spron-in + name: psmdb-operator + urls: + - assets/percona/psmdb-operator-1.15.2.tgz + version: 1.15.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Percona Operator for MongoDB @@ -55681,6 +56927,30 @@ entries: - assets/percona/psmdb-operator-1.13.1.tgz version: 1.13.1 pxc-db: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Percona XtraDB Cluster + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: pxc-db + apiVersion: v2 + appVersion: 1.13.0 + created: "2024-02-09T14:31:37.218497927Z" + description: A Helm chart for installing Percona XtraDB Cluster Databases using + the PXC Operator. + digest: ea30975e4e054423e9296ed0ef97080392daabb06b4cf6af68d236ba1fcaed51 + home: https://www.percona.com/doc/kubernetes-operator-for-pxc/kubernetes.html + icon: https://raw.githubusercontent.com/percona/percona-xtradb-cluster-operator/main/operator.png + maintainers: + - email: tomislav.plavcic@percona.com + name: tplavcic + - email: sergey.pronin@percona.com + name: spron-in + - email: natalia.marukovich@percona.com + name: nmarukovich + name: pxc-db + urls: + - assets/percona/pxc-db-1.13.6.tgz + version: 1.13.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Percona XtraDB Cluster @@ -55880,6 +57150,31 @@ entries: - assets/percona/pxc-db-1.12.0.tgz version: 1.12.0 pxc-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Percona Operator For MySQL based on Percona + XtraDB Cluster + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: pxc-operator + apiVersion: v2 + appVersion: 1.13.0 + created: "2024-02-09T14:31:37.231490235Z" + description: A Helm chart for deploying the Percona Operator for MySQL (based + on Percona XtraDB Cluster) + digest: 472398808b924b3ed8f6fe2cfdeda46ce2130bb484563f6660ae359a56826ab5 + home: https://docs.percona.com/percona-operator-for-mysql/pxc/ + icon: https://raw.githubusercontent.com/percona/percona-xtradb-cluster-operator/main/operator.png + maintainers: + - email: tomislav.plavcic@percona.com + name: tplavcic + - email: natalia.marukovich@percona.com + name: nmarukovich + - email: sergey.pronin@percona.com + name: spron-in + name: pxc-operator + urls: + - assets/percona/pxc-operator-1.13.5.tgz + version: 1.13.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Percona Operator For MySQL based on Percona @@ -56174,6 +57469,50 @@ entries: - assets/quobyte/quobyte-cluster-0.1.5.tgz version: 0.1.5 redis: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redis + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: redis + category: Database + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + - name: redis-exporter + image: docker.io/bitnami/redis-exporter:1.57.0-debian-11-r2 + - name: redis-sentinel + image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r6 + - name: redis + image: docker.io/bitnami/redis:7.2.4-debian-11-r5 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 7.2.4 + created: "2024-02-09T14:31:11.20203393Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + digest: 2f5e14caa60d29eeb18cca57d83b92b3367dada622c4ff61cb62ea2bf54a3c12 + home: https://bitnami.com + icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png + keywords: + - redis + - keyvalue + - database + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: redis + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/redis + urls: + - assets/bitnami/redis-18.12.1.tgz + version: 18.12.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redis @@ -58670,6 +60009,50 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.3.4 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.8.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.3.4 + created: "2024-02-09T14:31:37.649273222Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + - condition: connectors.enabled + name: connectors + repository: file://./charts/connectors + version: '>=0.1.2 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: e4a36e0a2c66d3439130a82e381144ae9e2195c6da745d1f7922532bc181e1c3 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-5.7.23.tgz + version: 5.7.23 - annotations: artifacthub.io/images: | - name: redpanda @@ -63055,6 +64438,43 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + images: | + - name: spark + image: docker.io/bitnami/spark:3.5.0-debian-11-r22 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.5.0 + created: "2024-02-09T14:31:11.346357663Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: 343482c693429ae166243840c31cd96a6e0acd9ca71d47bfcc501e8079626279 + home: https://bitnami.com + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/spark + urls: + - assets/bitnami/spark-8.5.2.tgz + version: 8.5.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -64505,6 +65925,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 2.1.1 + created: "2024-02-09T14:31:37.74382007Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 3d4dcc7b51b3eead7f8fc63bb3fcf06932b1494774ad2da8ff6087768816d989 + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-2.0.11.tgz + version: 2.0.11 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -66766,6 +68217,34 @@ entries: - assets/speedscale/speedscale-operator-0.9.12600.tgz version: 0.9.12600 stackstate-k8s-agent: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: StackState Agent + catalog.cattle.io/kube-version: '>=1.19.0-0' + catalog.cattle.io/release-name: stackstate-k8s-agent + apiVersion: v2 + appVersion: 2.19.1 + created: "2024-02-09T14:31:37.763176415Z" + dependencies: + - alias: httpHeaderInjectorWebhook + name: http-header-injector + repository: file://./charts/http-header-injector + version: 0.0.8 + description: Helm chart for the StackState Agent. + digest: fa56bf93b4b323ece283d2062079c147611205f545673d45988b94db3758a78c + home: https://github.com/StackVista/stackstate-agent + icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg + keywords: + - monitoring + - observability + - stackstate + maintainers: + - email: ops@stackstate.com + name: Stackstate + name: stackstate-k8s-agent + urls: + - assets/stackstate/stackstate-k8s-agent-1.0.68.tgz + version: 1.0.68 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: StackState Agent @@ -68861,6 +70340,51 @@ entries: - assets/intel/tcs-issuer-0.1.0.tgz version: 0.1.0 tomcat: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Tomcat + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: tomcat + category: ApplicationServer + images: | + - name: jmx-exporter + image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r6 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + - name: tomcat + image: docker.io/bitnami/tomcat:10.1.18-debian-11-r4 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.1.18 + created: "2024-02-09T14:31:11.376730194Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Tomcat is an open-source web server designed to host and run + Java-based web applications. It is a lightweight server with a good performance + for applications running in production environments. + digest: 1a0f31f55c86024d53daa194b5c50392c0d007f59330748cc668f4f0d4d8188a + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg + keywords: + - tomcat + - java + - http + - web + - application server + - jsp + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: tomcat + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/tomcat + urls: + - assets/bitnami/tomcat-10.13.5.tgz + version: 10.13.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Tomcat @@ -71878,6 +73402,33 @@ entries: - assets/triggermesh/triggermesh-0.3.401.tgz version: 0.3.401 vals-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Vals-Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: vals-operator + apiVersion: v2 + appVersion: v0.7.9 + created: "2024-02-09T14:31:13.322000425Z" + description: 'This helm chart installs the Digitalis Vals Operator to manage and + sync secrets from supported backends into Kubernetes. ## About Vals-Operator + Here at [Digitalis](https://digitalis.io) we love [vals](https://github.com/helmfile/vals), + it''s a tool we use daily to keep secrets stored securely. Inspired by this + tool, we have created an operator to manage Kubernetes secrets. *vals-operator* + syncs secrets from any secrets store supported by [vals](https://github.com/helmfile/vals) + into Kubernetes. Also, `vals-operator` supports database secrets as provider + by [HashiCorp Vault Secret Engine](https://developer.hashicorp.com/vault/docs/secrets/databases). ' + digest: cf6bb7a6724ede7314d926ccc89dc4bd88cc24531eaf4d3e377667432173a023 + icon: https://digitalis.io/wp-content/uploads/2020/06/cropped-Digitalis-512x512-Blue_Digitalis-512x512-Blue-32x32.png + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: info@digitalis.io + name: Digitalis.IO + name: vals-operator + type: application + urls: + - assets/digitalis/vals-operator-0.7.9.tgz + version: 0.7.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Vals-Operator @@ -72477,6 +74028,60 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + images: | + - name: apache-exporter + image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r2 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + - name: wordpress + image: docker.io/bitnami/wordpress:6.4.3-debian-11-r4 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.4.3 + created: "2024-02-09T14:31:12.239519932Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 15.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 766a0cb3e8bf5b88be2a4111d3578292df895e8ca7240d6ce8b8a2456f881d81 + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-19.2.6.tgz + version: 19.2.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress @@ -77446,6 +79051,32 @@ entries: - assets/bitnami/wordpress-15.2.6.tgz version: 15.2.6 yugabyte: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugabyte + charts.openshift.io/name: yugabyte + apiVersion: v2 + appVersion: 2.18.6.0-b73 + created: "2024-02-09T14:31:38.417075545Z" + description: YugabyteDB is the high-performance distributed SQL database for building + global, internet-scale apps. + digest: 034bb533c87e8f6dea9c24c5023a4ae8813b14015ec87695a1874002266b47c1 + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + kubeVersion: '>=1.18-0' + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugabyte + sources: + - https://github.com/yugabyte/yugabyte-db + urls: + - assets/yugabyte/yugabyte-2.18.6.tgz + version: 2.18.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB @@ -77602,6 +79233,32 @@ entries: urls: - assets/yugabyte/yugabyte-2.18.0.tgz version: 2.18.0 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugabyte + charts.openshift.io/name: yugabyte + apiVersion: v2 + appVersion: 2.16.9.0-b67 + created: "2024-02-09T14:31:38.40149703Z" + description: YugabyteDB is the high-performance distributed SQL database for building + global, internet-scale apps. + digest: 7064fdbfa5d6b5cd5330cddc6de6d3860121eeb13d431d7f097c214811341594 + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + kubeVersion: '>=1.18-0' + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugabyte + sources: + - https://github.com/yugabyte/yugabyte-db + urls: + - assets/yugabyte/yugabyte-2.16.9.tgz + version: 2.16.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB @@ -78143,6 +79800,32 @@ entries: - assets/yugabyte/yugabyte-2.14.3.tgz version: 2.14.3 yugaware: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB Anywhere + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugaware + charts.openshift.io/name: yugaware + apiVersion: v2 + appVersion: 2.18.6.0-b73 + created: "2024-02-09T14:31:38.455949777Z" + description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring + for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB + cluster with multiple pods provided by Kubernetes or OpenShift and logically + grouped together to form one logical distributed database. + digest: 4ba2bf730ff60930c8edbff984d10afdfa0ce05592ed1ceec286cd0e4163936c + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + kubeVersion: '>=1.18-0' + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugaware + urls: + - assets/yugabyte/yugaware-2.18.6.tgz + version: 2.18.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB Anywhere @@ -78299,6 +79982,32 @@ entries: urls: - assets/yugabyte/yugaware-2.18.0.tgz version: 2.18.0 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB Anywhere + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugaware + charts.openshift.io/name: yugaware + apiVersion: v2 + appVersion: 2.16.9.0-b67 + created: "2024-02-09T14:31:38.443591141Z" + description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring + for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB + cluster with multiple pods provided by Kubernetes or OpenShift and logically + grouped together to form one logical distributed database. + digest: 74b703f49e97e53d56afbbc59058beca1eb8387228071d7d6e869de5ca91bc8b + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + kubeVersion: '>=1.18-0' + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugaware + urls: + - assets/yugabyte/yugaware-2.16.9.tgz + version: 2.16.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB Anywhere @@ -78810,6 +80519,43 @@ entries: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 zookeeper: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Zookeeper + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: zookeeper + category: Infrastructure + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r96 + - name: zookeeper + image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r8 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.9.1 + created: "2024-02-09T14:31:12.332570262Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache ZooKeeper provides a reliable, centralized register of configuration + data and services for distributed applications. + digest: 383cfed5c1ff446a87b8d7e51c2b686279d29740055c79c019f2febe2a63d722 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg + keywords: + - zookeeper + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: zookeeper + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper + urls: + - assets/bitnami/zookeeper-12.8.1.tgz + version: 12.8.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Zookeeper

bU2mA`Yw^TSd4jXWcrd?YAktOAo`NZJX*Xl z(0oZ%78qU|PQDyl5wBenI=-Z$6zE+OA-+r;XJOpSg1~>-b3AwRR2J`L#w$mBuVrgr zKXm(6Yf1^#o(ub4ij?NuN>0uYV-dxT9iO&3&XraYCT)4k`jXSFn(UoVWA^i|52B_7 zLx(jQG556COnHv|GTNjRNpl?4n1bY(oH>-z`;>J^+C>m!=nb3=M40;#)j5R-P@aNK zb}r1Aat*|4p5H~|PJE-b>clr?j7HS+;+ut9k-Vu>6U8gFB8pdr4#Izc<`blhKov8k zViBooFZQcxOG@6L^3?t&sd>A$N*UU>kYuSe!P0iLDsQmq77#=WY@`kOXjjcL?U9HS zq&HV%b{$OQJ#JIVnR(=g2}F%VOQBDQBX1Bba89$?Vv99e9L13*JnmBMa~yeei!58` z(IR7OSgwq-*XcfM5H&TI9o+#0qPf>QH)Nski zE5UF4sdfLiqXl4v{om<}g8$da@r%>P`@j2m%J2Ua3&8!TmURJ1tJKRqDKcyg9rHui z%ihW6-8~mu-(Bv^Su0!Y&E4~(5sDVbS@oR6X}CS^c~2|~I;Q>5xE(eU9-e?cbF=S` z`@qMv62C|Co`Zy?ZKv7}77>vXJUfJe*pFfR;0buM5nrEIBF~JWD8wEukwTe7EWis5 z_n5^YOUd;dTubd-N68X62r_`sYa0mr>#yx!NejP9heyr%GJB=JYs+22m`x5IMUY(| z&HlfH!D>d$^Ja{p?c)3WzpD5D<5y=d)cybD^^23^$Nm349(n&K1K%a%&Nni)?UT23 z2AqT6E&0S=;Cal2sLKpH^P8FSb-WHkh}2A0ya1bd#cY*;8Zq-3c}{<_TkyCJFLG`X};N zll6S=e+Dh<@2k&Q>rVq1E|Mhy6~GWY!*Spzpw(`rtsKgj3jM#RcET<`QjA(>t-~Uo zKZDj;`^8!NIBPd&ja3QvwE^zy9pTcon`{T14BImdSGN##qg71gyw?A)j#|gy_us+) zyyic2)SNqh09sQbM~WsR9#LxPphN@%$G`~zk1a(87ciLQFtngo!>CO}0q>hri9xc%P2p!JV+lsN6QYTJ*FZcmPQ z6f5D>{NJPyRGnjRq+x@#W82BZwrzW2+qRudY}>YN+qUhAC+;ur?$&O7Rb5^EyMNrz zQ|G$Qxq~WCRVeJsTV#8l6{36JdYHbK*4&3)-Gj6TUSOCVnEQ9S?MAeOTJcJV2%FVrt&1L>1O_Xp)i0PFz(fTRFziaWl2 z3WJOJC(Jb@ogu<^FhA~sZJ0Ln$kTP=K-kx}L8)yri?6w+KJHZkfH=V4=IdfjzozeN z9Pqt$0Qh=ddpU?JAw$TsI?OYpJln8V&D+e+10vo`p!ZZXGQ{EuCqKzIyk>lD4u%2= z`vMbXl}pbZ2NrsQCSDsr0%IiFw#5fO&Vj7u2#I^;f?BJxewPUDcS2<_49^2ygBC)A z_{9y(Y49F*&XRKn-brwEZf7w1a+cmts14illF)_?|A=m4x->J{%S;hPUn5SDiUpZCMVUhjxif}!^zdENs?_(ZR4p(`43(`Lnj+-to zo}CiApUnlYvEsl2d?4(ZO_WHM(CjPcgYk}WWflB;(mZJDWypN(S1D|Fc6?)S%OO^0 z*iDe!IWXcV()`Ouh~xiGpxu%-Z2Cz_ck^80P>**q-RTpAjp zWX9KU6J}0nk6k<-Vk9SMm7x9^a(hz9_=Y{B4qX^AYizMU(UhVU2C`}3ge5iwCfgb- z8IF-|h1pG_l>H;?=S~N~9f4Ls>(xyo-3Oo!S~JQkq$8nf0)#hzv{Gqr3|)w{C-O8! z${aE0g9yKGXC{d#n?Jec;+ivs|AGL(b~gB9$t{_qa~*BBqXheSn=9G&|! zDCh{k5{SO7Oehh@w9n2ZX-?whuT-a#bdC=|%q_O_J$IZV6I5@8nIesjm%gZ8My#?W zprZF&I`dgBuOvfi@!E1y?46DcRo5n%g}((V@Vq`wDW>K4;p9A#QkJRGn_Ef5 zgR$#qUUC}xC3}?SrVc1>lF~%)*dZ-^&L{}T3O>nGfT3=Y)w-m-7FRKuoc}=)os(Cv zPMA$cmZ)GmLUI}!$v6vqi+d46lK|dWI4$$KD>bM*!)g0WxNP;<3S%7K(_Bm2`+9xe z3cqzE88}B`8YDA+o=u^!Ix7oJta82Lu{m40>OPN=J~Qc=%P`y_e`(=qim89g?#uj z39Bxm+NHMAN~_6)(U`)}0(dV5i5@1I5KGpa(j7W+)*a`ttf!PyN)rtH<;A`Az3h=2 z_A72**JBSow8|qo3>UKwEooxDBoS*IsSDI%$Qf2rOg3%{O-f+Q27hx@PA1}A^l{k94{1ITyPLU zrr-4q|CTPG6pAW>Vy^}{iOla)P@9^*>}~Y@$)%I>!sZ6-O?ti|avLDhv z;s?KfHz#8tGa#@H62h)@$|h=Hk3s!uEf??W4T^XocQhVNEpfkNap4MQy;j_`yz$h_ zmy3O3J;t`D%)7}fX*C;I*gPhfAG}3Dx#$w3Ot;b(>zY$TqBB?(j2tuE#WLs{;<|}# zFJ5p^Xv62s{PkHCrwyaV;j{tW=;eZg=O5lJFUs3~=NQPo0aS8}?*}r_^kgLyyl4zL zy*{Axv9fx{3#@ViuvD%vQT8AqbGM}N2>&vDi(}Vesdw1XYY)$cT(nnZ9OrKcx7)I7 zHeyVdvHI0ne&aJZk|Pc~8X>=l%}qrM`5^}_UL5{yeS!d|F=^_TC7I^Ht<`t$NYuoS zhuSFisJieC&+9x0{~Dt!_XTlEsU_9YDBTd0jV?>LXltYtAm%Cg#+T6-z`5X)Pd~_y zj zMP&EPD-%)oag;83uhb7|`}@A1PokoSYfY-4ds8FXC~UZ-J)9ZC~%gUZ650g{uzNtj@&<&+&=0>D|?Mz3_ z@`jz8b+^M`53XxhznL#A&}(m`c7#pKzyTdK5H&(D_u?6-giiW& zr~%>0c|wZ{68Qw;mHX9VGEsPt^07c^5cilQi|5riCRkSA_7fxKMm$%xn_&;9*jsm2 z5hoY6YMY2w?-KP!Z~4l*&`94Wgse(prcEl)9+l9%BD!- zQmyB&iKi~$+hRt(Dfrg2r&v|5n<5I%ojXV|DUe-t)+W$VwT*^?0F%CP?M_GjD~iMj}xpqcM1u%7zFjraQD_U^b~RkY8*Nl#ok%2(I@dYO5%$+G=3JK-s}28JNwk z-{>6~_oaKVZQC@TOjEa5Kd-?zZo#i`Mh)(^`rBJdQn6khW`Y2DIE9tvPEGwGsYBAc zz#TAm5-`gb@`<(d4jf~Q2YY+^sjehs*eqc%yH5oXg8L2PykA+sw08L^y%qi?BO@~V z?er}wP&w$dg`>W%9tQ|C+KevML8YTl0eQksenQJiaTm0~TD{ah&O&i@pqkerBk;Dl zFsa#e)kwf*m`)mpm@~wwe`QVYE{$$7@eW6EQwe5^zT6~dw^!Q*LMER(jiF|mlm#?g z@<;jND^(BZH;=HJU!wWtr&hW_okl9@6~r!g=n$mjx4KC}Cdu6Dt5ng?{s%w%oTuookt^j>`yui-k->5B$Y#Y_8; z5eeNtL4H2tgcKNeFXz%nTpS@lZ~=!&wwWr(PX|a)#D;jLv<_|0MnAVIh!v)syE%$C z+E{}|23ZvqQW=DAS?+$&;fkzLJaAr-C1G%oEe6P%$685uW{>ytN*Z`nZEE2r)LEf5 z36GGgNq5Bd-(hTXmy4@gKy+<>#XktdjSj_q{p3!*=lU-Q$D(sQ|HAQcLDB>4!ZIRW ziF#Bo%Q30QV1+~#WR~z&BXcD(aN>L^A~~qCFtenEuh`U(AM@=sr+a>a)bcmk89_gN z7_~AByj!T+h_7HQB`SF1=R2v86)+2>b0Mx@eidxYF$~3K@N{=PGu;ObXQZ)8J4W12 zne5Mh3|!#}th8oJ&TU-ylUGU+qH3X(9P>G`it{TOO$U=2lam?aCaE^it`xoXrUM79 z4Y_vdHmrJTfz2?Wq=7b%kUvn1@t5G3k+xg}Od#eBCSAE`Q)*A`gmn%Uy;A3{G<6_N z7W$X60^M5Aot(Y2)=o|t{U-|}yg5&8af*!zdp7bEhfzQ_RlI^%2z1e1V2muFWESGu z^%+u{wJaS1H&tn83YvGRT5p4qIhvLHa4!5HUJVDRrHs9_Qjbb?h#qZ!**H?n-)G6C zz0IMr54#qAZnYfk_A8X37t= zBzVG3Zi_c)CERkBqwhS$vm)1*l2R&{loKB)<8XMy-^svw41*OgW#XzYyr6xHv|!& zaQZ|d|AeOy8>BOULgrd2BiEy^s;%AQz243!Ij&D6^PC&7cr+4`R`F7qOW_m%5~Op< zoqN@TXF<)Z*^Z`fP9^Rfz_ULIv#cjk$C;a+5cA7=@8HZ`1DOLMpvY(Yu_dma=-<<7 zhD2OjpyM#X9eP>9$f_1(L3GJx$jMQ-l(2Qcpcj6hCkeDflvAM}nIj_@1{Zb^^gDCq z0Tu^-jw+8hT6q&1YZYj60VJ}<<&TWKNF=}5cK2jxs5s8qCcMh{py}5$$0Y;v&&Lt>!^u}97}P(M`U9E+eb>#p$h|-W~{i* zVkCG6M5E2O7hvBgO*oIi96KVXK-O90=e40TgA7t8egST+*9j-z-_M4yXkFL-YeFu* z%}(PNf5)S?Nz^)e9uP`ppxT!h1g3k#24EC&h#l6T2I6fdSzA>jhY(FDXD9Xq0?e(u z-2x3j{W$HG0PEg4<~wv3ccYPsgso6osppj=ot5>{mY3BcfJaX+t9_;cKSFzdAg0K~ z@fZ+fZ+?*s<0+ql$Ya}!m7)$ax-%S#aYt0&kBc)t5~FNNIS^b3(ku!Y9E-?zr@=YL zAJxDX{jyr(m}tB_ugxw0bVm^3)$M!D_)6aY<48HxO}iA-R()7+NMV3zvLLeRgPPsY z>I0t>7Nd?l0%&Q-P82J$qc304SGhT~M!LR8xWZZr~DQLnhHvb9= zI>{%8A$_mT2=+vA&;I;8R#aM8Thk;iu^ZbuRK( z`j2~wMk-ukNza?~*tm~$)8&p=#KyBFbP}1Us0Uek;#(5}Uw9yVjHR?~%dXf0aX@}n zX#&OI{3L+lsruk}pILgJi*5C?*m&aEI^A)KEi|7e8;Q9;nP;@cs=9YHR8!t+1 zlkgLpphHm-FFS5Mm83jh}I4HZClrh$J{X z@FbF*{|pm4u{%Cy{K)hhwSn3kRoazt`Ngh^&bhsQwdu2LhFW&6pO+cc`o1>p&7g{I@2@$NsieHV#98;d_!J5 z$z3g@@-TkjILD3&3`1TjOUyk5Pfyw+Lv&v`*lyEcm^kX;3P}LiTK1)2&kE(RtyOm6 z8p~|e{BM#ZRm^!}>TJ{@pY}S=*Pq5_*d&JsGY=wV8HwrlrUaM#@8s>$kH%}ALs`vG zk=fb261xq*%M+@0z?&NH>tA+gr7RB&7R)h(gDTeUsPpw<#0U*`DFe6%9=P+liuKwJ zS9%r)OG+~2ue9DXqQVi)^)cdC)Tdkm$pYVrUAL;1Jh#IX!>K8pI@bUET216#tHCjN zP-RV?ciKs;4C?^xv?>}IZ^t9Q*dQs66mrV_WQnV5!4rfxL%A)+?vQd~erKS~ki%w^ zB>$D_rLkgN76Bh_SK+~5t3%ULS_kyRcxsQFMP3x&dOpmwT`+RkO$}#Na<7EPTH)3p zXYE=xvo<^K(icY#PI|_clMPUP1I)_JJ-qqr_j*021Frb-Gny_S^rXNw z2E&(qyts#GATrP`>V~dd&%xu<+LEzGHLo;x2QHudK}1)93=`cUz2G)!H-_WQ zK&l}!)Jpowij8WT1N6fnQ|kP)Iia&VkOR9I11dlF>gM#$)&Lt5NAG=U6n)>1rwNnq zYqN0NWSgJ8DznI)QEj_=EP>)sc^tx#YsL$xuVK*~8rxWK*0m#<0rGgpXzLZK*R}fs zqp=Xr+TkdBu7R8n*{&#tYtV$7EfsRt&fXH$mWj^J53cHwMDn0{6__DPjIimED-(k- zVF{3q?=-Qzv@z5YO5I3=mbq+iuDGxCDdIaSX<5FdQtsu6Dpruh*GFKX&@43Wpkw+O z0_OUSBr@;RJ*2XG#hxD}>dQB&k~84lDNZifb8CMd7R3}_|DAJt7kuV-pcFDvO%p|w zdlpf43_x+g3Ij!#$Tj%!NFBDzpj!**5K2znM%Bba?!DgA2E;-xz&Z8A#SSS{!CpF& zl!4ZUfmW%@!qLJ4RfAK&k+^kl6k=C6d1`9`i!=eIxIZ%-V)~}O04Gw800Hmq9|T&_ z4dTQ*=VXcFUqGNL3Q~$gJY~CW{0oN@ka1DUf+y=wPoLi|78utQ&Fz;i!z|px;pdHz zNCr1R0o6_UNdz2w28`+1n42m;AuC2AtC|;7);3C7HT_0vo&gOgaLb#0#PINPws>8Y zgCCa6kd-P`I5fwvE!L7*i58BOpQKNI7y_eT|2lELOHLUSpQM_>xD|&rdC-yu4O@Oa z&;%N4E)j9?X%|>D#f;{MU_C!%Pd0Q5pk{XAKC@BKlxXb$@PdsQr176smDHVtQ?}5% zm5@#Ir09*Zo`7GZz=3OO(5sqz5R$qb&zMy3b!{TM9ck}yPL0{oiS@~!T?A$&OXCeXtqJ z(R|)`W}lKl%E+9Mq+&;;2ZUxZyq^53dIL-)sdIh%zr5dnx(mdeN=qcX zowRFfIpg`dELCFFylqE?&Rf3^(!xWE<|yj74{Ni2MmcozK+0V|n&5R*=R(rHN~t{? zfTM<0gA9&fFP-=~*d|!W680D1LZ!@iu-pB{s1-Lg-eY8)dyjkLY-yq`GikB;bTx?v^>ahCDJI|h`?C0JysDDqRM=b_E zmC;m9el{Sl+w1<2vkt(+#qWCz_;){!lMRI)x8?)FNTqE9Chz=^U5ligt=gXjIcpm% z7&XIgH%s;C_#N_ayM$rBtNVVd6k2?6=xSuWY@EII=1e&ad9{aE}ZJ$tY9u*Q|OvDiq-Tbm)?1_;%rurn=OX z?L$GL7;L@XxB+n)q7hGQAKW@*&_k^&oHM1LTxWsT4?@d8+r3x=P;ix*fF1B?W;;?rFQ13hMHiyJ4|}KX(ir_daf@Y1Z7eg~l~+w4vb$xvK0% z=URiMuSRL#C)^l??ORY0ICVzU0<*FHf{{O|Jrce*qr&;Q_o(Xr^-7^ma2put`X0k! z$5%UeQp`i8M2?bTR+H6?WU@t8 z)%htucvWde)zxQ~uvu5S{We9%wnlf~qzi6MV~{Cny^hu?_jLNt@DApEwuI5Q9awXh zqH{KGUT-BY8MfE}YaXU5kK*zp=&Ct;+mjau9l)O3V!M~~R|{99T5ElSTG+{y+?8A# z2Znf&G?^l6zJ0b#o!2x^5o{{pujBMzgK070=Ewz%sPv;RFj=vF0*q{|x(3*z;XVY5 zS~?0a{!we3Cz@cp!!XzvFVMsBBBBL^Tp$8iW9M@w3Jdcb(bO|zj-O{UNmgMSVlFN( zu)p3Q66X(?0?ET&Cm@74XBT(AR&(11DJ z&*M(?J);tkC&M6?%uWGSC{J67BeOpju|dCcl*#2w&#L<@xpV1Q^?mW zFjnk=p{7dj2+DD`e@fwVE8zr#DSYh`4r5IgNrdh;_vdS4tWscgt@o!#h=26O&^2rR z=svc!5A%_?W?shN{I8Eeug|L)(4A)9_MxvEI&A;UtdaAe|7`WDSCDH(0vAiu{b(>{%+qMuPU{yj;t+v^HK}qD__mW%01)=?J z)@GSWF_kKGi~xwFYgGdWYPJFr=~40EInQ)PRV1(1biROBKdUMXnf zx!na{I*3McW>W0SsTy^cP`6+)s7bJ`;<*r%8p*c9uBgXG7`8i;ZL~(c@XYJ3ECEao zOj;d*Dc1nmy?*zH#aMu&S4Ds`fjoVni1WYNMXcFwj2tnH174&9;a9U2dz#UVG&P1C zH$=UXp$$cPK>M$nL&{)7Cxm726x)OM8tsL0Q_J^b+N02!u5L4A%M)S6B!R8%1Dteo zpQ0q&!s^!Ms@yEG1e|$h@JX3?c`aI>ThVix5n!#gU`k39`0aNSz21M0C=t z7NxMwol(Cl`}p=it>PPGLk-DRt4Q>MlzdV}IT%$MlLev@2*~#>y(hEm`WzXHu{X3O zc&}e#ZBu&U%4CX zclv+R;X0dVH{0TW_?`X~f{s(O_$FmCI?idX34W_ha6NkKZHjDA0eEy0X88VZ^ z4KRmDVP)7Y9%EaT!}a9C*S9}8zPvc~MZglg`*Wr()eXlP1>(UKSO^ zx3cl}tZ+H%aNBN$Hl6vwej^0YZ4Ua8awTAy}k8Xa>$rSmjNbSlM)T;kxdRQqavsS(}XAhJ7QHqJeu3gXXs>a zdgbdbbUaXRz`LE^gU4+}Y1#~tPf4Z(Zk^HaBswM9T-3U#>I|MVSl*9*el?``uWL?* z*@y?9*IKk9VyHhgYU2Ep{3?*aA3DK(Ts0z0SF(OhcAe}fhfnc^E)9|1qOGM+0Jd{P5h0L40WNDO2C>bUhi-|lG4XM?G zOB45g5B8~)G1ZWQ7H1Li{)_y>Qc|F1H>Ss*ANRb>6hf$0DnJClIaF^EuK560N_z6FQ7p~%Aa{XrQ(iuvx6gNW^g+v_4!(_6J=X&V426*{^4 zBi@fV#ErpR9~PoHzV_Y_(Vnl^*g@L~`*P+z+WSBBQ{~ZKHTS1)O^@YA^DM@vv>2)Q zJX~DTr2H=5{I&?N~W#vvEb#qok5;EA;+DPD2c5{}XYk!ssR^)F0JFS6~%W zXEKHyS~InGKtE=lt49AGa&y)J4sGM+-@KaPF8aO>s@XKzL1D#;33yPt26gqf9lpnt}~syJR=7jrkY4qMof&Tgb#zFr<}CwG3{Av%8&88>|JoQAw$ z`8tj+97HRlVZ)nfWh6R?JB-W*9Jsw1h!=@2dLyd-Q<2@Png6ttb2QyO-dX{6>^O)5 zFWxU20-$Ikt}=+XJv-R4dvia{b=I)qB{G*l6Rt>wLTID9de;h*STZw}_yJ3vZ!i~A zZ#1}EDsBhroNAF=n$vkwZ_`0txe$aQZB?8kG2zwk;fx^zkzmAqFva%%-Z5I~#cak< zqK@ls?DZyC@68L>QWFP=|Mn7FhJ?XiQWqP)xMCSuBnt4O-`zTcZf$&AJuTxrleBi{ zhL@zF{)VB#4=vuLITJwSy44lyr%%hz>nZcZe3v)g^g`U%Xk+}dTILrmxJ);j0l#vH zDS$kkms*9wvGD$BjQ1RLO*FIQoKI+Bu~)oU@Lq2wO;kV5_GYId$YCcB-0hfLP3A0& zth$c9j5t_1mpZZC##eN)F)}yM^I&Gi7=KKli?rd1<9Dlst-H9H!s@SZMLsCSt9mgJ zwg->GGIIFVkt=)iF1i1nIydFTu@ecInwEZ1<^3~w_p&MkZ)N(gwzw922<#0hjex|^ zqe{S3U5Mgrb@TVrIMLd?Y(=f0y|O|je!1HAowu|=w#1}t|CKen{z;T`JaF-;jUEEMfT>I} z&vUZw<`G5(bD?zXpj4I4#|XM^LlSMvg+{wxSgZUBw^}9zW7)nUxx;?g)tnObm+Xvj z$0PV!wQ_#s%m6!ul_$h%-aY9KaNvTytbeht92GxU3usS|=89t~sVH%unLkz#fs+cKEHQ#ERBziJIj=@Jj#e75*<51 zIbDwtUVF5I@SIeLrkI7csJ2juTMeFJXdv+ewUKNRtV_qnyR%9~OI_C|DGXs^jTJWC zQkv_D47Qx@c6psFmkN7%Qo4=c4&^YklaJVn6>Z_Ja|FE#4!Q|ByZ%=F_b<=OH~;HY zh(c<>RaIKYr+rx&!<-)fyZ`psBhZn*$+bQvXz<$4jzQ|O#4yO)OJM-g_ThNec7~9E zcEi%|Y}1jmgxyyL?az3=L)tsAVmWU};o~K0=pzOFA$@=!L+W!iKto4lSZze0VqG-(A* zPg6LX{8$RcFK+-1?mZ$n{gGdQ*Jnq5z|#Fi)Q=3Omx~hy*BbIaNPvIGesvdwJY+`m zAXG;!nq*GqN_WZYrW!$AxBftxd;*njeCJo6;Dqe)iEp#-lSedA8%5n^%kK#Lu|Q` z*7Qlq{0o=a{cmFP$GS7ZcBK%#8P`5N9`dT@%k}44U-k9x)4d1-T%^jD?{$zGO`4F# z;Boo#m}Xhigh_Vyo7nZU!|-x&cdUP2S;o41tSis91a<&)gQ-uzzYgVZZ~oFRe})MC zH{}*U9^ToLKSkY~9KjJ_cd9At+g|@ozprxgZymk#P z=A`Xe4rv?ZVP0voMQmSkoluk~z2cCswGx4iQ8?*4KB|by1vEjr-+VIwR^5ZcfpORN zqiz|HbMn}i*X{TG!1TSTaEbHe>~99gn(ixvv5-%W}-R@HHdx_xiO^8 z$~2i$QUVoUSkQvd(fq1z05kd=cZ8?z`=U|}z+})rSp!t1G0grHaea9cKlNoHSPzK! zj{8=U`kUO=A~H6z5FNW%E}aqnZ2iTfr3e0z=4yXjA>5b;2Q8PHiD=zdF#Q2zu;EAown7?0L6LR!7tM!%Puve|Y6^EmL=yhtnSxoVkl6Hs6 z%Bxo@>CD1itA^)rW!uzefw>-BR$}azy*#!EV!$nNC3Bgj!N|gQBkXfw)eRxs24{gj z5MS@pz$F~;go6HTpU`XQT&;!B6QhB8HjF}pYuB-iP%1c;DMejV2UFgn@Uv~HRa$0Z zI3w2`aR#v7I0{BYx2X6~hBfo}$UYFbxwqfV@S#8KO)ahc6mzT6DB{lgyghN8At%In zqVm)AfHNa2%_V@jBMrmTzIhMM#y-$4%dO5o`$5vZfU+N9$-{IRbF!BE&&2%6e>Y3S zW^kV51UcY=LCOn;UE{k@nBef0YK`D?8cj+SAQX2^f4F3knUwd`TrH;wL$Fn_-)y@V zB^S6DF8{6QG(;luKM3m&f_8~$rgbe|n5|91jcrOk)YKWGzMG4 zC6Yz1Mv*}guR&W>-k?Q@gQP@*!sAYNUhWEl#RAREAbObP1mU%PDz6@*n{CeTIb6>s z?g51^1H;be+ev}prm<(z9t@zyP9;S71We>XzmkYW;h%1UZ>)M)K)4$FFcJ@3s3Soy z@_25hU|1k8=C-*=Ms!a_3u(wMMePf$@&{t=TYy)j^$Gmbb#yZ*P7|FA+Ri9C{iMuQ zF}Z%BLvNZGV?aR~UiMp$F(UAieU#fJ+WVakNxpMCkYpqF?DLc`d!ksc7w-)8Tp}m% zPeS+h@APiWqOu&$NA1QyxciqakbwU&4Z`QMJ>=otMTIC)9w}8OLJO;Rh|CLTWMW(J ztPRCJ6b%S_RVGZR*Bg`iIrRD50J#{^u{k8`qyU9En@Z#cmFIF4m$Wj62JBEi@)Vfuy*Nv&6oWg%RJsWQve^Q zmxt$zqECMU`G_(PvCF)`9PwQg2ac^9)`07sEi*=lQFsH+PQ#MZubW9y?8L^8BEzn4V0CGVF3Q%cG^n{%@~<#$ zpNxNwyA8<3Gv<8Lvi_c4A5l{{t;m*EqU*Ky1QDGa@$MMq;!~~$sLcj5vtTYuq_eFX z;gq_lvhhcatf?e7z+_~}G*D}4sO>9P_cInqt3-wn@hT^SIsOvDd~ajjgB3w(!=!Y3 zZs5)8_ak}ZH%CQnm(44+ zoK@y?UABadz};Ha&i26M8en2d-ScB^X-PfqKJWHyL*|ph?RaAYHhP9F2NLT;xCTrv ztxtkMZfQ=6RY|vG_`V0J@8{)L zTL7;O#*prDu)?$3D=q1-Uv%U={B;nWF~hJDsqAmTv6|5Pm8eF;Yn{r9)Oqdza1Fik z2nVYMWLz$2o!J6>ZbqsI}lQyLP*xD>G{ zp$+gLqGO;14mCCAPw=`ALvCT*Af^4QnsK)xA3d!8Q(`Mdt))U)RYoE%)0G<9AXqtD z%vDo$vRtp1)}iu!>-Q|*D~~yYyda9BDJ_Ia(EuS#5Ioxos^|cr76mJV5^I?_UH2Q> zu*-#UK*qq&jWPw8g3~ZRFV6BZ;pt3peeuAK`@u-BRNH9rFnx3lf`5v*rR@9$KSli3 z5=a&7Hj`=k(Z6lD&GD(JsF%64<5<1pa#SNPobRBS_sp#HQn(`}h*HmGs}>wi8D-1O z%~l1ny6<7XwDm=%B78@Za(oNjG9F;T)D=PKK>RU@1e;o^)zxvxfy8Kjvo8F#a4cyc zru^+mC5)k6O~wWGhl$-PC@cEfa{KwFGjHx+QG{)7mRkr_npF1BYwGca8q?gQ@T#9g z5}eg3)&XH0OZ5fZluX^Wms*GAgbWHylW{2W-WJ%h6Bj6*t6wUiY2;;T*|k+CUQK%3 z@zvex^knC4Hp8+7^Ok$&_n0YM>%EoYUj~_>^)-F5z^thH^u1><;%4UQ%SF!~XZ(!O zvHDM&3KnA=Y$dh1>}%XHIoiC9mb&^N?`$b<_NiW3m|FfXVT>x@Sh&anO<%qU&LGt zwm%n%h=1HKftj9*xek$FLT))OqJrEtjEy)Tt- z|2!*S1)NK?6BIj(J_YLZenv%(0iHjI`^*nNQ(t znj=P!y9>Yjf_zWQ>3~oddFB-tjm^r`yXwf3-*8PXo@#|U*)oJ$3~WVq+;Y#TcDivo zhb9GdQE`(wM+Q5+@riCwG4{H%_sXEDtAuhukkI2Q>EdN~Oe&Zi)c+){-Re@>nZwel zJqXr#(@RZ1xsoZ^Qc*-hls}qxS{e<^uf08zkHS!0QqnK!;*Ws*s>Oiw>^+Axedm$R z-H>lt$(CBgwvMNdnF>Cvj%OLE8HnIpASRn@l!&4lht3ybR-&oZtM`d6x#;CXUEYJA z>sDeHq42MfbIn9@CR9rPqDu6;X1Lt$8`4 zS4RppD-0q*bD@ljA(&4B{V_8|^1m(ATlgG|{M|q~VkS<9dtE^}S{#<;jrcYlb(=3{ zg-=IP&&!_MZp0&_2o8s#12cY%$j5BqzlbK9l920z3oSMVzwiK8(=$EzOl>C071BN7 zce`jG;>*+;?sD;!L4jIV^ZlTYOe-B=sv#(P+)%L^vQydhvIFP*S!9(k7Bk_hl1B+@ zG(Lw`*_{SjTl+_K+2A%~SA+(#BAp0jdEy(Gx(cH(8f>AgY~Lw|Gt9Ln{pqLjvLesy zyZC)R$c+^V?U`^ffx{VXUTl`8qD?rzQ6r@5E1ARXm_Esa7?r!fwNiSJUN~OD-e%t|TRzM@O+=bRFRBhZxq`InD@8Ha| zMYsM@YL~0?jlRU4M*Y}k3a9UohZk@<6dFjS^=|__Al9QBncIUktrvN)(^=(zQOKYz zSe*ptTDc#OPRi3f`Z&xJn-{r&q5hLBpIsRu_`)68fMw@lfP$P7GF0a5VVS_6{0!&y zk`uDjc7nAg)}6HqL}D}gw;k6&{2LU-~^*0G|hdNp;LaBFv@xTbG0`bsK*8tb++$+CE~%OsBek_^(M{+e!( zXLShGalJ~=&UW0g-{LAf%n8xS5wYsdzPOTUjJ5iFRn73`SnncmYvpt@Qv?AgD-Y)yhXp^o`1vw!}-IJ1q0S67%qGL=<%FQWSb57Q;1?aXv`Vzxb(8XT$u4vdugafcbghs$#c9@J-tb=O zwrLHnnLNvc8*&&rtli3A*1HtO61izbC+B(=*!}@ooyXD6$I0_80Opplw48zK!Q9x7 zoe3LOe81~|*Z0%C{|Q0)hMufMt192j#fjSlP2gS(a`a$B1md`xZttA9@ev?iJTRSn zB6Doi*MW4d*g|y3F-o#D~61EVr}R z?5`#5g36bZ8)y3FC~_*)O$uG!(_TDQ`>qjcy)tb_wj+dTyv29Fbuc|Y7`8|lv?}6! zHmc9Ny*XO!&>F~V`Ebns~2f6Ss29$ymYx? z$Go79chd`hO#vFalpjuQ0Xx@5>Do2FDHxVwbVNO0>d_}=`g zIU867M0MT*H^QzQALV@EM_;YDv!59#mhM+Ve7SC9C;lm#Z~E%@{^h`bY4Byr-t+<2 ziP01}2^?WpDR-re@6e(T*N7>46#Jvcvm}+?E@*k4rOxc_J>W|%9zw~8Zhhz>_5m%<$a6HZIt7q-) znRlGoMoE{aGRc}X>LC7e`O=q@T7#^3zHkgs4_Hv+Hpn6OraxZ`_{*erFb-8k5B;|a zw$R9g??Y3aw!&jU;|LzC0=rH#>}Gr)wr5t1IWadAcUIdq+;o?}@E&DYY>&t{m7ze- z4c3o%l+g_#+{}&UynF;~f-5#-Jzd&O>V7wj*#8;Hh~tV4hvIBJ?sewSqNvN1goWAG zjctln!#Ez&n)T)Wdp&hw!~JQXf4lgz30gZq6p?&R{z3|afMiIf`q8i-B%>%h399C#U}dp{9QQV>Oy0+Yj7N~s{t~TD93Gg z1z#a_cUhD6+%pB?Z`g8?;Uz8H5bc48mfYJBDQdhdB^Gb}Lwwg?9^*lGnl#%A=Ng!# zgzB{hhR`(BEf;cYBuP3kHSDBZJ{&lIqQ(_Gx#NTOkKNoK+;ZW-+XP_7fg4NNR7IWZ zeS_8>Y#h=OE65WaN5o9FPRsct-TH?)9^G8VcaB;2tC*+P>#@}Tt+v3T4E`j+>fU@^ z?CR>r8cUY(MIW;z5ekORStU@C3A?>BVm)`K?>a2jUe(tP6HBUaRl3}s*v>HA?ux( z9$#+jH9O!N&VADxV)`(Bs)^npXV+p>^ftiS-Q_M1-BGGEkXhraupVF(;$JDpuD+Ni zvYP7m>djIax_z@7pw<&a{9isXeSJseY2NInOdU{ocEwiwMy{M?X12f0P5i8tKTVu>|L9Hpl|@!%KMy;;y)OC?h3a5|5y(8#t+Ns z{4mJ?15b;Cad?~2CC6z&qthmMNCsW;dzZeKHa@d048?%d0DD_jj`FefR^6#H4AwoF zwQ=BTknDgku80aM$!kj?d;U@x@7n=>l1Y7PxF4wdmiiq|SgMFgra8b|s#x5(ESJ-f zFr#+_M|+>m{ASTGQux}JeCOC6ne_WV#AT`vh7E?cquJ%pSZeAj%e;$+$_68C@ttV{ zfDU1V*x!-K>^7zWs(s2TP?i1 zP1=vom?5g<313FPSNz;~XHdnM$QqPLy>1h3T#*fqMd*dFXE{;#HX!Cb>T8NjUxcxO zB2@+1fd_Xo7_BJ0(B_SdgHC&fnxfg5V{yf29(z1jLR#Mgp7h0?%{9K~pc_at6S_{MxkPu}u|c zlm3*G=82eE#3wp`Ui~>>lA6uG#IQ>0Zsz87myWq34FEr&itHInU5(l@mV+&%JfFQp z4(&~pXG1x$2kILCMqYM-6Q*$FG>F==`Rm*Q`ylvz8>1Azz!KSZ1ui>(C$=5FaIglg zMzUsvtWDjRm}bO!EQu*h4~aE%__%#7M)>Cr(a3%?+Cqp9Bn|b^_=!U--<$BB58ui| zfk&`gwQ1&ddvwrF;%`9IT3ytezuXVN5ZD_d!OO`ND^GvoN$bx8KU;)7?<|~lE(5vb zb+98LEpxEMTLdF^+CRsrI|_?>nUPN>*v)PBz`c;c-VH(|qYHc(N#N*c(&)AskmG1j zP|ze^U;>y%5m@od-iiJW&o=WtB_3|_4F0)S=r$8vjh7cmyP7?t2(8n!R!2iijC*t&8*)5tD6zLjboALZJz?qFy9%l-R`QIEajrC55XK>(65P8u8E$M^aXZe&*>$ zw>+-r_jsmx8V>%#C~xT&*iuD=n%HaX;BehIrzXF9Tcm4oxEte`Wn=PsXNa0N8QFqw z4N1&-?Nd;YFNh!5XD!kz5f_mZ0e^K}0V|SI%JQ$V`Jcg2eYD-23%y>i0^DNJ_L8by z$wj8mI-CdnYhC-i*C2tPy#0RTr(XZf^K*&Z%e&%tS6tb0Yha{9(fHLHR*j`gA&0d+ za8jT{X*I5&O8Ec5vNHr(pC#7&87M~@foqcr47ppzzQMFE$r|;J?|U~c{gX0kz}EeJ z)#tkam!A&c--AW%?1SPMg-!$=pe7eGucb@wTIU1!_wx2_^!p%P^UqX4APMeHuFlXf z7Z=XS0V4-fMnO3nGkd}67HZPE=^G6@keZuNzdr+sYz@?_{HdY~P(N;;$U>$*Nj{q) z-jVD2K#qg6pk6SZPY4mS&)9$Q=+e3?P6Wc|MR*Gu4eh%rWA2u*vP8fV=OvFF(8(v@ z>FG)A&;J93KzhIbpFZaQyq`zb|80@p?XWtMf2pjjGJ1Z)jCi@DKqxYT=40S)II-zA4=ID;?~W|WK;Gt3+$OV$r{tQw-8-( z*bBOESRn8*`{NT4EbHL~Z~1Y$8Xm=j4x9oS{I&Iub(A>mD25?k`tzjiN3FjVo8rV1 zZ)v5nmW%j1>mgbVBhPy zd6Of5=6uV>2xRs-fLdBnh#W{(3&sgm-&{NH%_j$WbnZBbPbIJoyEvn>7yRez_KVl; zWBmZES!Ov&5V$V_ikx1vte=_%*f3}L9tU3>x z24;&0!P>Fpb9niWwi~T9v}k>D5{Om~x>5Omt}87vP`tMbDE^{@)~a%3*v7RzKl({T zs7Z(ZW_=AU%#172EgxL`i0n1Op9SJF?!`KK&DKhB;87I*J-TN7;D2mE z$ii)Yu_b;lo!>ob50yv(Mn%SoZ3;yJpF!lWYd`e-aDf$xHZ38&kP2>rp(N=ViEs-M z*^%l=yQS^X7Gpo%`LLl)+C?hhh}RyZ7IUPI+_2Pi*0^?Wywgpk7~OrljfEHB;7j%s z#<=(o4+b#(!S|P)8$V)4z&s9&J?i$aZLX|~(@~U1aN$!^{%pw&89NtjWpmhZXzYHak5pqVHuof<}j#2RW{++7_d_re5${ zp7r%N#@cx&uuxTcy4A+Yxh%|qo0(GI8Qy^3obh>K_AKQ&wquAmU(ZL?&#_Sr3uTFS z>v6=b-1AEP^4OkYxd<1{r7X+ZS#kb`E!3~6KaT>)BhZMUI4@;GMdknYjpOz8-=UlE ziO3+Uxqzu)vi;R@JqwfkNZyJY?Hn$5nCe(J0a9C(R*kN+h-L25K?zT@EhU@(*T1an zO_p+=$RmUVtv|LvYt~AkEFtm}n!r;g8OJ>Dc8S>M^5~CE=5m?LtjT1ZOVtj5lf9^y zJiZ+0q2hh=GH)_@x3*8aoFBGjPha;!&ssTtSd%)MyT4|eNXhBsIgpMGyO46YKR%|X%Ki_#JDdMi*?*rN zzdkAYf1Etp|J}#)|FQSx%Z(h@-r)ayiu~A~QMW{ZShzLE@&p^CBz|hLc?n9o4%;6p ziAn$^7OF~>1ul|3F|RT6*F4*Ol8HPgmy=Zq5a@2T?Hi2wkQEe!Ara_1Aj6=Gjzi z>9Br_OWPb=IJ6(1vVr|JC4r_Rv{;-!WDmTIPp;0lS{6QNi^fdgDh^Vf%+>WWR|0{E zw`}6V=bVB6ZodHk&$CJFu%bSg`#+!m)j#Oh`2WHFVgED#{}eyX|6k@Md)bVS&L;7z z=5@ZPa&_-jBW=qXwg;B*1i5()T(n)=b1e_J;P=bn^liD?z#ztVaxwRg!BR7CZKhQF za>jf62XbMNlx&M;+SYBFuLX=YzV>;#ICuUw_0Kk4LCV45C%n?%+ zBF~aBtHm z+Y1Za)l+)Rwn5iGQ+0UuUDXmq76@bTEqk~*av$i9*7E?TKx_F|hsS4W$n(zA;E;pw z6DO(bTaVhLW0&GSQB(U}BCEW7dYjA>AAm=95PA+9{b=Y79?oEMii$j5W9{5icH$4} zZCh8d8Ic}3IU|g%-qq&K&_W;4{?^>${|fVTv~-?Ub@!1@*0RpMvW(5+^(xrHCKL{4 zzAn`If-RbS;1fob4J|RFdI^};><{f5-C6q$m*R?7Gq$~}jPeGN~G*#~`&ZgGvT34b6BEM8}o8e_T5=dOI% z`J7Khdy%OjL1I(C@ZOL0}^VVICY+WJeQ=~uk-ybH1Q{5DU4vd zSvFNZ!%k$&`kehz7#n^Zv%iHD$6cqDIkC?Vt^W4fgG;ic8Z0{}8<)SOqOCi9E!9cOzVUuD7aj(boZ4Uz z`uX=5!qU+C)jR7IgSXaEG`G`y%u~faJVllAmip(>=imc3`LtREQp5SEkb zV%>OVvEbO(7vu)bGIh23vVM8L&E}eR@IK?+h^qK=rCmF^n4El;s%$)jCPi62fYlUb zd6=eC!F&!S*nAUG?kd6Et8R{& zZrEPV3jw*y$L#Ev1y48I&$ViNOXn$AbZ^yOphfqVd1=CB^zeN@E%S0&fKu}@+%L5P zq2Z6GIaqGs&*b`s+ITL>cgY-mg6eR3l+V|N3qAO(Zi6Y4!>Z(!n66rC|G`Gy?|=7V zZtw96#s4_w@^QjIpNaqMclx#X&t9jq_c{OLll;~bKR!Z?=UNiSCk^%7(C7HO`Wp$k zGZSgPNFBUm_V=Z+Ho*bE*Qf%~HKfe!ix*5M2}@vJv8W(Bz*u?Y4gm4q5lG|gJ}L7I z0H}6M8wD&WlR|i3*cOj`UZeur;Asj~4DwR7pQE{T3tM0(s_#UO^LtS~!Q&1^86HU? znSrRnMr>9?OSR1smv3aXqgBr`D9EH#o2fPl>Y<#0-pEd_F4*l8lcK6j-QCmE(aF`t z=&F)Bnk2G3z<%kIKIXg3l&{@TUqd1lFqPubsDl@F^@ zeeT~`RVMS{Vlqh{*>>ya`J+>Jp}|yS(`u&LOGUP@ zSM23fxHq;Bbcx8&u(uD|-F+nxGv*yG_k6&6{im<-E!&XU_GXoT=J(v$BN>0-rO1So z>?Pt$oA>_oHB&8NImDmmkE4YYBm3S+?`yI~N*bZ(%UX6SeMkM%Wv!>6#Pw)%Ke`DU7iFDoqJy3px3Lwwr{~YW$>c8#vKIi{@lHYR> zdQ^9P8G;|yL4ZxH;Z=Ynla!a@#70kEIsCTwEf(_0L50*YfzNno$tC;brOxtv`R06mpsR{BI*h zH_t!FewYaMF^a#ff&bD!?9}tW_xAQbpZ`zs3&?-w(5Q_7rP^)m$EE_{zgy)uxAlKt zagEey_&3G)r8D(u0e(r(Yl>(qwz%HHu*>DLvJ-gsdXZ(#0{f1uH87OC*L)Y?CgLKR zot=$nyNTY@?5XLl)Nc~MVBNmE;!~Qc;AYO^d?_UgccCCl8c#9}cuFee<>ss&OfUW`V z^7@vK|20a}hBUB5wx)NY^^jDvd{H%yVs#vnyLiqPkRQGVhut zSzd^1`^)Y1id+2)2~Pi=R`A1xx&KD9;RMX3;wAR(suH(~JZ`y4ZNBw_RA>BGK_qJO zf12q2N#cJxhy6~S|91~MpZWi%_uVt7dZbQq*S~TRx%nVX|kBNbUC&bmbP1;AUt#a`~BWt z?fm!myL+F{|EKs7{r?Yj>!{iZL$wifVcj$12FT0i!+LZ0Xb{gfc^P=?6-NH8?qHJg z`@Ce^xHWY!ASGt{4q(dnwhdu}YhI`COX3=*!tv0(XxmYlau+{_Zmq!_D@V>6z`sgU>}mx4XaM5#;FV?{Dnq&yQWvF+N1{Px>6 zxYv!5X34b_6VNy4^_p#22Rhdt(Dv#}J5?kUSq$Qp{)Sp-J0dH@-AR0`Ic(mUaxYjJK#N7 z)GxWq$839VufJWp$5>J3RX$b%@y+0>xt-6kW?KfCD$2J)FU3-*yWqpM z#Mghit7RhrPtIZAuN?`p1ZyBTG2=W{oD9Kz^bH)KizZo~cfL;3R)x3ilE@T~2Dd*cxVY<`bsqb&lCohUXZ$MTji`4b^J9U2x zmzy>H%RKuzzs1J&KQ{R&?bk@MX|rwT11a*@c|bPoVnx~fIFaQ71jXA$Jl%LoWR;hE zDxB-8u{LmjoN_7k*27)NtBQ|j^Jn+ndz{iA3rtrKVZo@FX)q!{KkwWr05bpEu zgMMr2fA4Gf*S}}d#9_*W^!U-|j6s!L_Gk;K{e~Z0fOZ^Xe7)y+Kdwc!HwFA898)VrF-zaP? z-)Mw{jY};382Z6VWY??5aMU^K5X)=bwjDPiv+xI#ef9_#{&gH^^ZIXqv&M^Jhv252 zXFCY4CXd-)*4bY>n@9yHVX(h#mVDNv{~syoi~Ls8|8D27U$6hYx3_ornf`x@-}8ud zA3aEVlX6DyLnXDrZbfG6@}PFCycX1q!iOlD0}b(@v7syRbj&BkSmXeq+HXsFi9 zlE=sp*mu<0%9ZW)9sYR_lz&1=t>mmO#B0b|7bYitStsAcR0 zL4CrRXL?9Uo}ryh8`z)`_m(Is@JZkD@!bP2W0-qhB~UNpi9ICM40#Lt<6*mh*zSbq z29XBWFw&+FReWYf_6cXIg6^V^Z{ZTNmkivmov6@DA9>EaZOdM;o1AG#o zjqurNB3)vGfvFznc^M}eHADoO1&Qs`%>3^#PaA$?bJ{!uVU}mt`pqA%-f=fTv4($`4d0@ z=))RhNy0vWdW~t-|G5s~FEqzY@^N)w$-=vi%*GY#YV?-TUsXsCakx zs@@K!aBpIxHz@Y-NK)Tk3n||FOs%w9+Y(DY`wOOO!*jYs)7aG@`iLWCI{1T+$EY;5 zSWzbTNh+oy-ek+X|3M~O$P<7vA>x*i+P}L1`AO~A8zT*^hfTeqMK~A-UK_=8kkvsg;yKLfbuvs=ed2o7mKAD_-}dtb zi9NzQ!=#ZOZT^{zx{ri z+#i%cq)85@*tLH94Tsy#{8jSTGWf_klk|tMLa1GH)T?J1bHj_rJY0`DDhKpWGu`Jdf>9sj9+@EQO8ll*?$ye#(;Q9<2) zZ!zun^O-C$%iu15p4*2DS~uS&oV}*3V3ygtg8#A*HcL&PF6hHl$=kj-9}dqizirls z#g$-xXSWA?A{)~rv=8;lU!tX=rz;piJZny6L?R2}J{lA~&xAOcK!Snz7K*lUX zg!woG2fqd1c@OpBzZ2mpHX=O58ieO_G||8BZz=uv!BW7w{JuQkIr`sg;(r}}rvIPj z7oh(hS%!sQ$^+hm{5Sl`8&dS<=sr{RRj7^V`NYyERl`yjcr--pU6GP{LnY7RleC!e z%f+1adn?{<@QTk>*!~560s2o1(tZN`r(XB4S^uru|BV0gNq$S{nGT%1$g`x%%Osmp zc|5=~yaG{iewkMgHh;sXKrudQVW~}uN|~{~oL01!l>ZSgYo(z6*Fn3t*Y37D?C*bP z|Laiy;hJ_WPk53#p0Rw=O7Y7gDTUNg5`X%dVXNEACF$@#w^ni9=L@9&E@(dig3&Y= z{~l03v|~~x&)gWnjWvp>#o~4`9br%?4t7PUZ+Q4BFDsY9E}tZJCG+u}sE*n0Jui35 zMYe11*nhOuBi>Nd__C_x#Zcl6azKo)TT3g9S>w723k_wQ=@IUC3t!k&(Xm0!6WYGHU<%2f6(nQm2);PYSfugac=B!MT`RF~`nI!YGdQ;1( zvVN;&qlXA}HW5rNx*vCz+EgZ161aJ@mDurxG2lVsM7oyV})<6CM%$)u9o6%4igmJ42S-etb4-AUy z0K(J7ylBpZxjTv%^CB<>M5{i}CbH6O?!)@}i6_iUV@y%$(Oi^M50&dZcDC22YV|@j z>gzN$FsA2L8n)OoOWoP>%T_QOf2d^BNs@{WqX{Nh6WeO;R>pXi&w2VZ!eY(dvHd7r z>h@1f^T9DJsvOGR>V&D_5O6w)cC(80NikLe5!;5c$H41-rDs)8+Xt&VdI~cL z-TqmsFG5}CH$9u%+M9C%>#%*ywugg@tI^5eW^{Iaefe&C$2_Q6iQGPBf3ZvP8(EZX z_%81@T;}7kD5^c%61gm8<7zpcjf!$yrS&_vNftM*6_duL@~(bq%!{e00#{|=>MTym z=EZs5=zE;zZG#z17_^Nx|B{!RkXm5=2v@xT2vrtSTd~5ZcV3YSEt0v1XHzq+mit&B(Q{ifJ zX2oM*IFCs+0&-rzGrExl7 z(P~bSV-QaZBtRnU>8dHS~7*|R$heqsDe#_2t0{-XuiVV_sFZN!7h?4 zuae2rh{y2=Vs)22pfvYY_ZoE7+$`ry8qNbWHz^utDFyhn##Jdq<2a|G~mgj_zH^c*w zt>*ahqB*DPTKLHTy)XEpIeUdDCnI23qfiG$QZ!#l3ejvlPa9jK2wn_HUqvZ+++6Vj zPjTRegv_La`gPSz=vta&jjd;{H|MVu!Hgb!hu&qo#OSz%$7n{ zysSoALT=oi2ex=A#V?I(N-dspl*EJg3IXx@OKz6=c+O>W8sRS3=#y-chi{jnT9iwA zl?$ml4&PKXGY$!6Wi_g%t2&nBnTVAD%_jiW)}Xrhz*8cca-CLbnwQhSv6o^Fqs#-( zH$O{V3+*Ae9==>PzfDx5GQV9&GW+mWKfR4t4&@im&q6QM(~|P%}HZl zN>MeXDXFB9;DEwRTn2eHUR|OM%B9>|26-=D4SZNKDKGztIP_dDDn-^7ie!pSJy{%BkEwX4xW5?d5;CC)P1( z;3@eyPzF0hNAG7XG{SIIPsXLv+{^4HtsJ9n>*(=0E=M~^XjF8^!)ppO64?{q)c|NA7r7wn2x zl_)d7aKjD29%dqA5Fe0aQ&#Zt9iIx>-ZBMR76m}6F*y@y%BE?4i=b#pHr-*RNO_gq z3-I2M>pY9MUa(9|!Ij5e7NwXZk0M6+nE&yr&E93{6U#GrQw@m~qGV~3iS}0ebT}GT zc`3GDut7eb=NbEPFl2F3%B}V^sdnN2arj&9+h5CF_6zSW7iIpl7*|{EBo=%Z zpDXj9w_dP!KV6<(51}nU%yA$^TX^eVE!NeX|G{@Bm*1YfefMp99)IjUR-XUv;eMxH z|FhfMJM4cx|DWRbf}P?HVB;CjrXtO!TU#$)uzq{L-|la1eaU_RG$IyFl7a+kMv7cS z-FCO#job@8^}-qQEFJ4uV=ay zW>H?HMLW%>()cAKmKPc>$sk_oaaK8#qJr^6r>CQLH*c>-gLjwToPRrd`|jJ}=7f;-SaY0?X^v(J>97(+5|BRig*rw8d|3>(@tMD5xiPJIA|7Y7buI%WKwAi zId=PGi%sbcx;VE#NWsQ=S&DJRmQ-0}NoJr(7&vdCmz$E01^(T3ZNk)E@sdOK-LHr& zrGz$?PnNY$UUw6HdOAA49Nt|2aB+5db8>V3?h^h!dHZ&BbAE9a?W}y{{PdXzZvK3A z=Fhw|Ww7wW)F+yc*2ti0L6K3hldB7MW4?rae|0YHM|9fz<|EwBSV*ka#gj~wF_RfD z-Xd&)CVL%8Mk;E7ExPgT~pT9O0;dPn1s()`_k*%ay<(4Ojbtn4hLyo5U zGIul&-AoS7*(6sRMlBf}BJ~eTYZ-h!Me=lpF)u0+FQtuOJZQ6Fm87Yi9`)(daoJ9C6CgVKB{DfCbRY*f z5DZk^@ZFBZYnO-gL*4cmRTS>NRO}7}k z%qwxsDy8)KDJ;8V%53fG15xgLWd^(FRth4u^wR{nRfigb?x{ng)c%BUI>owNOYqs( zVxHd%cDtBPpI8Lp6OmE^H5E*-pk|UK6`5AQ7HEwQYME6xtdvc5TMB-s+M0>95Tyjj zFOb`S_7`<4D@0*s;gcHq*l~yjjc(_Raa#kOAH$dsm2TIDAV_b6+vd9&;}e zLDwE&V2fnqs_h8;QjM#&!QHoXmz;w%nTYYzI2A@5UVS9A;HAhRFi;fZqLt_pNCQN9 za&@l3reMC%Y`2go=xGAZ%)>yl9xG91JT>6?8ttBOwRkKd?YZIgH(ar!cDK1=TBQ3H zI7I`gGh)|oP6jaVcSq9k{)bsIp0O-vX`U&O#z@3)q+?N(V$2nxJGnY1J$21|n#WbU z>QoKv8ewTH2FQNWy}9Y;JPK^izUJ}o=IR)Gxc;i8I$owaZRL0-pfFQzp7dhX6%odw zQbg)dvP*&cA$C1`a&z+?wVnNojMS&18?`H5RWc5;T7kNqC>;m$0jUidZ-ff4x~eyg{lGL=Vkc@vn!?uBpv?w6W4D4uh(-ER zz5?cgX|clgx~i>wBzZtpNPC-b7h3ek%FI^D?bgd=yfBRZQSGn-DYSFJSWT3LKTb|m+V%EjKyVM6izIB=kp>>cs3U8$MHCxxMg!2RE_i5x7BovZbdep&3Sp}%sTdq4sgeuYSQhG zUeBpVQ=~2y;u`2XwJ?HopMp#I5W|i(9v!zLiniEs>)RTl8UGkqnh>cyzw+7BM2_=& zp=HyWlG#7dHlUTedB43M=@YytrX`PsWZ#`!0ei1<)@$#zdwZ}^eod2Gb*Zbq*!0kC zT0^vfDrCu$?4`~OFqsDK5WjMbcGlSN=IMQ>ETHvD^HZh~9+^_76fKHDd?nzQNCPxR zi3Ubw1mqYMwS<^8(j+JS+E1tNDAj3ErY!P6$x&E<;hD_@0FSP*&5vh*5$-upsn=yXu`5NUd@g z-jTbn_xrC%mpwBLRv?3H=c7)ivwJhRf&qKrE)gkPib}Gz=MJnrmvrE?H%~;fR$%hd zgSegL`JGyFE#atnzt0mTCM(H#TqznAVMt=6wv%OBiXM?(VL{GS%kg3?0{n5a!Km-l z_7Ww%6SJxM_k5w0>1@jMJMFD6*(EQ_{6WM^P2OKf{6sm<3(IMJJ*&z!&B=^$MWQB8 z;c0i6EW|jOXkB)*53@7YZ+B6afZ2u#Heaf=$*b#kKc1hSU5~y$zeJ;WQsxYNqT~lBE6DmbC*VL%Hgkq>xA(YP^9rOzT8%kx4AZ+!5E7YOw|P+T+PIVhc4- zjJxC?GL9pn07f9tUX^*lr`m`Dsx|O|T((Ng@QKj2OBy+}a#tLKFvwGuWEH;?QvEk) z(I82a#oVhphK)lxD`%-UW^4e^U|4w47?CGQ3cggGsmWY^?+%M^=Q~z`tc0E_H^KuX z!g8U7mT_JhA59_|f8eE7a0kOHYU5-tQTkV^SPoXdVo?^k6!I1Mey}EBHc80WX*0)Lv6u#h-iAc>%b2RBKYPqk|y$=FXgQ{;rHkD7qR1s`L&48fM}Yg5j25aLWd zJT)ij1Amg%apv)MqkDx&gKOrHENheAnSG8GCmb2DZYd@gx0;}lu^m{$t=Ag3A~_r( z&~_?bR=63BTrlTC~P;9peMbL5muqJqybr8P!e1@HdpzQ)`8`IzTEROSj_=o-vDxEe!&m@(je~TmsGLszWTJBp*jjZXzxsqA)DZpvO>Ie-u6q-nrN{OCX zEDC|ii2jp#nM{++W_w1Yv!1aQ1BWpADv?%JHD3h#(kz)&|Mh?WKavdxz|W&>k){zU z%rO%CEU(y%-zx?;OQtiSh#xknNL1#x#rE3W?pMxAZ6pH`x9)q9>V*u`3VA12T{cW$ zx8jQOibZJGRSOigjm7%MvyBNuuc3y6E~%)U$J0bWB(_VGvD>_wIoD02)S+j{>~}Xl z*!!V_-O+3xk7UfCK8+~jq(oZ};9;oEZwL=5Sx*{yjgDn0SyD+jcpx5Wn}sJnwlSzE zkto#PKGjaGB0*oNH|PAWS@sCX1Ds)G@t`joAOkm^qjk7P&rXMX@z5N6^SwmZk2HD} zN-i+DMs%@a>TQz6ICJU^4iuS;>p<@l>Db3+#mXc0GJ@Rci0D$U(BlKI&}!t&7%h_w z%XLCO%+x)Ho~+g1nKIpb#J*+y0e-9j?yIlJCtCk{lqS;bNJx5$JWUHG)QvTw4nl3) zi5#WXAUjHkiIBUKF82sq{$Y3l)pyi~-inGF3Ql(`W#d$m*2D{h1*>DYF~gA2;)T8x zA2YSQ<>QF-Vwrq26;-rjTijt0R{UzthiSZ_b2S?8l24c}l9*>>EzT{Z5(?%ES+P0K z7N8T1^9-y!6`wNslvVr@#W0M~IgvMfDkImpi}To2#vxQrX`l?>VdNd%OHUhpp_fM9 zoth(>PgnoD8=>eM)${5iLvjpvFwg-e6epkfFk)^vy$#9fUckWCqgGxd6J~!AvvCwK zwp^cv4xKu;!wY>-Z5Peuc`xgm?)pCmgVS$Jh!O-74X-Y2Z%5>VXgXkI1QWC)`;!dH za%h&1?AR6Uw$2H(HS^~guHnokrof{`JKimQ$uQCS8&ul@hGpqP?{H(zx)E4O}@hv{vS^#j}vEsZBqpPdKCfoPA5!WkY;M zEmYfK2nKG`j|8m9j$?KUULbA$P*aXJME3?BWG{-sNFc^~wI#phfmFs>+2g=a~=c zx#@4YNT25|fB5W09;;>>u`axrw=s84W2*gK5uUS}%ca*1Frbw?J2VNN(aOAGdgwSi zxRTx!A&}!TDJqC}OR~jdJ?5jzO`HaUovYXju~H|s*hcl)*Sr9;GVbv4jAxlhl@&Dy@OA!s6M;_Ychuv^Uw60^}z zE7dK?GIX}GYL)|JSDKGCKLTU`XOqN>d>>C^S zXOWCmd@3Ekb-{C8677Z-WG1Gikdi@FJM{|CNUb?3)i|rL+^cJ$L*rvy{GE5$Osojk zkv$(SESEf66kijcJ@3|X{S_0njW5cfaN>PG-iKweZ$#L11fKCkS)-(u@- z{DY>mF5vT9cO>{Z_q^Oq^Xabj3ZPrIV&y`gNT@dZ{Lt*K&cuT@@Gs_I`S9#VWS|ht zoo8yawQ;)ai695+?$f~Av*j!cq5+;|yZGjLJzTdb40Vk##P85NUYm_zY$M?aY8p{s zY&hDxefmj5k|~iUwlzre7X zaVcU&;dpA9$Oe|r5UuSvTC44r@7Gd~BsO%l#W8enhJ(S53G$2=SY%DG2+TCvTuz!f z{Ez{4>3|MU4#`V(fktgez+ zM}4ESD@Vv#C(#&pf%-%&kAnHH_zr!}_GC!wu~I-7P>F2HqSKSX==$vBbTm9WxgLBM zv9YP){^Vlnu7+3eal^rYy|gvYU%AFV;7Ihyk$CO00O}!1S{i_PXi%3UFS8-e$2vsa zFhWSoE5%qO_o7t1zskpXD%;bt7`IJX{Kz)uh>MQcEMP%#PHsqN9jtNgnhs*e@8?YxYDCkAn+t8}E_WIO|4Z=s?I^ zyrK<5(F06?IMf8Wvhe1wPmus#n?;m965DT zJSMV|CPc>hk9zG6?0tTl-(#+z&;9F6+f@@#|$;1W&WqE~=*t7#+&I8CBXPJN!aY*JJmF6T!mu&bXLyMOY zCtRETAn9m0M2S^dyQ@&gAu>oro*8jDs^BR%22EMNA6{TAl=dPr_In*p48d`J05-Tj zl{KHZZr;Q?-U^1Hbk3h!&BRcMvUcs_VIEx`hv1)3Pn1 zjLc9%e!9Joi?LZJ1;ZJw3a2!hmZ3`Q&CNI39Pv^L!90ToySkR_MYsR@pa(;I(cSC3 zKG3a|$PL6}<>Cz;mEbl3I8)jwunTeWfLJZ*+SdHz4C9e}PMyA6GF zv9oakp&>pLO15FPt@a>AWeKDwyGh$yca2EYFKaQV)=C<+*}2UO*SUk}Z;O-rBwp~e z7PRUX)vPIu_59RG)N1@TN6bFtqQUgz){ab#SrL}tQA&d`*czPv-HF`ALJ7F(+~kqD zQzO3>0J%USZipVrr_&^x+OE5lO|POrmQ5QHL{S8KzTUK9JH(RE?sjePopuZABVpLi zce$(>MAid$xA`{jZr)z8^K2?)U!>%9Vpmf80@9*uu zruGgR%xzH6qh%qACN99eedK~909s#fnNo^hHfY7hYH115Kk2KYK$f`OyH02WC~I&v z8~6`f2%@FQQ=}7y-GD#<`#}mPS!oZssbHZUqUs#T3T$;Els9!>f91N{ z`+&71rlNodrZiiikZt5LM&zQ#Jd{pm#E%Jqt0;`k!QITK&i+Bdp*Anb6V;a2&r&jP zuy`>qNRJKJl7NuVEJzpTq-x^89cx?nPLd7@zU6FSu$T(7yv_wa8WgDQ$nX?hma}dD4nZZ%f2#i-~-lQMIu>++zCiUvA{Fj}&J z%n!(`5_K-&&PWSZwgwWS?TPIs_5i^S2)C!P5#f{4B)b!k&b{nw$c#6_k+VD&Gzj~c z#TY)1jXO(BONn3hdvH!sj8%HR+VUXDk~|!+Ds1bHw#gt49JfXUj?It1YixhZ2VpWZ z)Bw+dyA(mowc#Sg;zS8Y5x_Ax9-$V((RxMN4E7r$Qh>PRnxi@6X6-nk(iR=VG0-Cr zhODXgJ`oRWa8C6){Xr<6iAOPBR2c0J2m72%ugjze6cwxSt}17pn&xIf0<>H+_-RNQ z_vB+(s^fXrwdstU?D(91`;jCa_$U zLd=0opw|t`oGst5o|k~c+(GLHVeM22lRQN$L7UxRJ`Olk z#CSPf7~lS_AThXB*zh*N7m8>4gQ%y9lX-PwaVe(a@tY*Wj8W_X8If4iI3zd&{;LM2)NujMK8%6Q_Kd>hlb-tx)qvosm4#b}wMQ0+7^vZnA;=xZa+ZyYIQ#mcW34E}4KXNrtlSIX?vQ zu+cg1(sRD=_HLweMI#altkX4VjEQF`h8Fgn;5aUGDO;z56PT?rTo`p@&T7|eo>gKB2Fa~hYcg1UoP3AiduEPie7<1mFxUjr41UN%UzPi+8o(nFc>u@V)k-dNvuh+ zz2i0opdOj}C9lYYddWsBh-ilr(LG1;fqRqnFGZyhP_zR4ZJOWKV$p$^?dY&iod%64 zhL}*e!{S_M&mYjaQwo?YF~FY3z%{W;pcy2%PPWZANoO!=KR@I$PlX$x9wD-0iI6Xv zhBwe(1Ru``;HVB&ZJR7;^+;Y+tt7*t(=-x9^st`+!NRU7dg9h)k_S|V?gzxlwaRd> zKCLEF8-pWAZ&p)GGCm$JN*#woWDN1h=S5nxe+8YbURogO!zqHcq}F?}Gj-qfi1K410NP&b(?3n9(cOAJDb)c~R!~LV`J$&4mQ{ z4h{(TfFoOz*eciOR)mo@JQ}laLQiXG+{pE7C4=QA$Dk*+KG|gIdSq?x6Sc*^OJtRo zPj8cXqHXh<^k$3sE&9XrG-lTVOe{m;99*YX4kI0`t4Z!#KS9sHPkj01Pw2Ee{_@K& z**Ay-pGar!${u(b%bf-W^$xB;p1BIj+qlXI#A!{M(i$XgpQtyNkcNd#M|XZ?h$MDN zbjKLlSRccTm+@FJd-bxhvm^G2Qro2$w|WUMM9(*Kj!GLl&nEeHZCl&v>yaaOuLE3) zJmxmMMJFN$^Q6(etOcNm(2;P0X+5Z~=iy*9O55zH=Q$>FMt4b?x{Odb<1(3MJY`X5 zO@~g;Vq=)J{aPHY-DF_sNut!`b}w!yyJifw?aoaKu&MsrG5 zC4eA6Gzg}|L#1BCRL1E=I~G9GASSz@q5j@i`o%FKW{O8eZIeo*PgeZudaJ3%cq?Z7 zKFJqAqzgsR^M!0G1D$rSX#+6fVnrUm&8HHL-~ekUt9+jPiWrku)*y`$Fi_{fgKEBd zcPbgw(jeV=aX(rvge_1c8EC1CV%xINDn~dGR^>q7k@<)Rh9RLgddaoleeFjP*CN2J z)BMt8sN-8ln9erI%ds#%_o&SCD#Bz-6M_NATfQ}>)9xOwaDQr2i36rI6a$ZaN@_(A zf=_{69E6VF;QCavF$5&pYad4RrTsO}?A~e{Y{TK$g>*HqtGzY5>Qf1~0DwS$ztip_ zbrrnQ==2a_dWEdQ!r(U`u<%_guy88f=tK!GCe%hl=_E{aMAEiuDRZ8Y=UCf}q^3{S z!G3?xC{@hCR9)}#_?~BD5s%V* zI&#E+_y4T;?bn{drewtzw)>XrzQw20QWwShlLSe%MVYXg7F57>Z0UuU zB!ZF?^EaDy8w@rj;YjX^o_vK`dQR`-aIw?O=rZH+Xu{ zy#!?i@cBo0+mFcA_z(;(8yj3UQj|V*m>Y08&+N#Hc_0#=bU@`> zP{>@97JB7L{sLI9Vp?(%m(V*xF2AX7gB`mPAWC$w!;)lWevxujn ziWn~vs{uJM9Ey_%x~KK3MWktKI9!DR@XI1cHz$^&1E$7Vn&$-?X5qdU))-a!pAlEl z_H;nC`)9vHYb3fHd z_7?ewb*1uNdyjtmp3mBS@?speVe>f9$N>RDUSdVpLc-VEyQSbU-WvhqDN-?V=^%2p z9kGWbO~EOylYdLK^N4lak`Qx*o^8|*hlP*!iZKKzv`s}!H0Yfs72s2N2H2q{==Kz%F5NycbwYl+0*dorWT zhv}jMr6K$@5VM|kvg1FbF-9Sb=fXzuoF+B^2p`5SOWGF9-iee#JstV64&u$#H?{1gG#L{n883=Pk0Em7{+D2Dw6kHpN%*=+oN&f>@fK> zPm}D9Bb3|3RDgjTepH?f3UQ#9FXS>KX-`LXu0<~U5qS-m(q&%FOwI>f4VqDcjrC|_ z)`)$(m`bmxmx!Sni1qWzISr4+7%f^ngfzNGWGG!mDsvIKxLVSMPucJ&ZgeD#d0qoT zu#oLacTlbDVkHP7IX1RhxFtK%{z~JB!Q#%p`H#~}NszZq%>kstEu|o}5aB*zCS$+7 zLCao~MM4{~L)G6)vj*XwXJ}2BIX4)In|k>+$rg{V zOxB~?ET|l6r=RN8;p4HCU+zKhj}an?3UAvAVs zvX ztIV;A-6+g71wq<`dBoW7lB-UCX!FV;XtT@5q%a^w3Ni6iYLZC$h$%|Ai!g;sQp;b-+ z0_aeU(@t0Dt#Y>C>1cAFDplu+;@$zV43u(dg4??Z-rw5NPzkPb!Ei7zl6+zcA$L1K zT$zQCH?yau2lw{L0>eSUU`l#gsaqnXIrXe+jZNIiwix%?3n{+KWu-RmH)THm2J#bW zZA`^#)p~p(4VqhWyE{(vMGTm3yXY?+i&mn`^38N}^#Xq|*nZt)M~_JT?D{(oDidVO zZJW?12(aJ?Oe#stE|Xf4f0vAjx}rjQs@^y!MZwE?Ub@`w8hJ^6HT2JHwUeSaQLor& zC}WoL^X(vbsBTfS!?V=px58n8_> zBG}@ESGhX2o)-XJLU~rZ@KaviL5Ls-Xu2<@zX)#g4pMOs#39DQ=1S4Fp@nA9J?-y3 zb+krH73<9fk#mk2Mn2NEX@MF{{Y||Di<(;+2u2)3Yy?RIJ8=$b)#w4uTCmFwUc(2H z*o6l^&8M>Ni&2g2Z*a_46_r3Fs|!LSc`X|gy{{Bqrx9VKZBOklBTL4OrRe#h4fs7s zwu%BGA+&a+Q>%U31LCCKbPxPc7o`%JAQOmrv4zvZTv^YPT0^s5BfZN3Yy_PmgzrrO^R1IDJ4vNF*xvB+e zf+TAkuEz|XN-4(vQo8DOmQz`SZ;>lLSS2lPeM-Kh)7TgX>+L&Jv;O-Z-ke=up52@c zN0%oTXTz(L!P)5T$(ysc!_mobbaV3UkS@l4NHNk*4Uyd|nI*Cyuh!K>N&=9!5WtFV z!($i{^a*AaZKBY?|FF5t_SH};5Z>W3V2nUTdI6#nG>Lp$Dqe^2E7rhfLK@BnLkcE? zK?n)QU8mR?=>mw+8&_)xjC{4Cg)S$TS(@f2825U0uxW3+ECSCk#VGAr?D=Qt0FZ&s z22=ouK*#oCz%)!&F54*ToPOsCx?FIf-8sYP`B;dIy_b`F`B1IWvdq_|?VkYWhWYi;@2c1Ag z?(c^e^^$;Apoi}U>z}#OD9F*Xl?151VGDr`7n4cyxWc^9c+yWPRTNXmiv7=v|74^< z8p5)JO;Tr@tI1IE#f;x;9%Q0GmFNS=YbX*-7HR4iUg_Cl0$M#GwJRR@lW$h5)y_8- z7~`$8Mrn)rtMnybEF1QP7VmO;Ah5_fC*Y!tb;@QS;$o^oV|`3kciB z-qL-o>(-TtqRO?SmgSX3Xf<|SAE=T|lC%?u0135dBE$WprmB`E~9?4QuIiZc!2H zHh3Q?*2#1tyT9jUvs#~5(BP$-ychk>-YYUDnAPv{46^0&%e;bPaKoptanG`Qc5+J7 zVF>DywilQjS8d4CCTI&mf*^(&lVX042zQcnkIsJwnV-cDtrK+1kg$+sibrglvJ%@y zXd!6~?7Y&!AE5OA&x`+TeIo#Y8mq9W)|z?KUEl4sBsa%VSsEyA3X(ieeL5lPv!V}Y z(C%t*3}a(4fllf)@=RLw!}B)y@wm~ZuS4-CKl#gR&W?opmn6~RuOTjdi86x|xy21LWSj346DbB5<*g8x!a;oJ$_ zGs&Q#d-^?NY+LdAsz-DyZ}X`Mi&@qRJks_(v*uZ?+Fq$uvjzEV*j1UQAmqEr$tSFU z6{fgwv}NvvVWPa`O4Kbf5-O|)o#t4d$^_^+tL)h3(|RAr$7b5eav~Yh9vxd~n9G{< zTOvBo`6;n)0>Sqs;=nuBF$m&umd9Qev56n(9kx5x_-2dKV0m;6#bqnsxcPHNHeWe( z;aoGG#i>9WFgOh4n4@hAvnpqKS+&yS9%D?*vapv!A=qC$klhzY-MzlENllY#wz!3W zcGdT(tH`5^3>Aws-Bs_rvY(|BWn)oR$pi|WNF}ExF+of)nQc|hzRgpfP1zs6W+0fe%e>;Z=@UyTHi6g$nl%1B z=C%2a=NUWseuxiX|9|>gt zbk;4|dm6V2_BvRY)lA4;V9&DRS}YUueR_U*^7j1Z&lb^xvr^2HEVdapHH?p>5~k^7q9Llu$ecFx=aY-KYHg)~*sN&FFqID*WUbJy^&e5>jZ01FGZ?6{t_y%lJfKqe& ztmhPMqc%D86Ue{7+|(NGShr`l6y@Q_5)?TyCGmB{qH`+aBUmpCa$WQ~`eg~p_+W$F zEE8G3kYNm{45Jn#<3<#&at39D3EYcAU$%8U;MtJ3t(g|sbDY2Ds3f>rn#({VNn*)JuWmm#FrCqpD=+1K(Dl6(?&?-6BeDm8+?Cu zJ^Jq5@Fr>)iBGIR^;LUoXi_oVRjlfbDUc#ldk$0k5^$hoO7sBI<4V7(Gq# zZpLLoZtXDfI2Hv22|OvG#I|kK^Ohy81nn25imG)wSINc->44~n{Vem$1b>j2quWyO zJ9rcy;H4yKCf%-!=`m+hdvY)eyAD#}`m04?ce`FtB7~-R@e4LWOUXHaQmfU(<#fq4 z-D{}zZ8UPg^3@1|fgdtcM6vZu3Y27!ttK)wyq;WLgnc_*?aG%)Y4{9lODt- zi_F4P8UkZ^lWxK|Ra*wy^L^fh>R0Q$=sv=FT2Q%^G9i`Hw4c!bcgAk3wg7zqUjng%@NwYSx*KQ(*c&lc6$7akzG@CIa zL+d}B4jUj`r0IPO`d9j+bRM@L4*#4#-jsZN2Z?ihe`w_#*;!xIUwC=cpCz82H_X9`ZY7~ zjE%UU*P4}tL?J?dJX`vT>DoP5XTr#5QWPjtkh0+}I%s#IV3|s-Cv~+vrwB`yRCPE3 z?S2Qa$s&*G8U@zI;^ly04x?}~N7wz&X*y}O?_Psf*DI#0`74uHG`YXEEI^OG@l8K` zW#Z3l6$JLi{iB13&66sbdcyc? zmtYx8hiR{o`(0vOtz7*m$?Se@{9YO!PXJj9Bp}D+l|IoKsBRl%cg|feV#a|-YloOc zqXEFqv(y04Jb*mm2c+q1z9lu^-W3+WR%mug6SS?wDe z*L=YrA$(_;{HmQQn=onD9i^YaxizE&)Da)kf4NY(<8%Zc370<5=;(jdo~a zIDOz|aP=Pxu@G-XHmzp%?5l+%zWK~%71=~O4C^wnV~S)N>%|%pGIIdRX5Nn6!SicO zV<_=WUgT*$g@cCy;{lJ5(j_^q{bd4?iR}uMIj9S#lPZW`-=Lk5=wTgyV2F%~N<(pz zwuMmdjo~IzXC4r`sFk}N^i|7B4FK>PiW$d{WiqR^n1UmU=pQ-TBL)U3EeXt)B%Q!M zGpgkUyC#7ugu-m2w+Lf{zG~UtV)aV~q7jgyX)?pez`U8*P`K!DwMM9dl#x*y@{ITi zzp6!Mn}indd41(ZZWZVvuhd@UsjYq_>T%QRpKs4@MmKMVqaV+%&%gOIM7l6Y$V1Rk zwC7lNi9v;|Qu(7OlgU%mW>@z1j3aPbgnt2$yY zsc^Go3xieomGAfue3NPlL++Tq%WmEdm9~ez;3Usp*+F*wbvRmk9fA&pV4Sj!X~K;u z{hf&>ITNhK*_=N@b+>%tytA5c!lR%}*X*23JHv&pbu5p!7^~$j?9`1FaBAzoq`VZQ z*fBATs`mWj0h=D7h83|7yrfS5nU;FZOR58K97BWFo{;5P%ZH*{*5*r_t7rSp^6J$} zYwf;~{#W`+bc8SohH0DN#9EH?FNW zL&w$aXot=62jiwdsY2f_MUhJ-Pdr7Mb?V|1^w<=l#7=jZ$Rz4uVPdOy<^jnRgai&- z^U$QjyL#{@l$oac>OUde{E6KrnMvw@`XXj&awqgLvKea9b-ZT|o=)mM*xT#F$FipSEz*w5#ETXgoa{`*y69JciG{!mb*{0l7%Q>bvn>Ov&0|5K zp4&8KuPYZ?DRq_V^HYqEXiU})yH)!PqD8=`1-O~e<8Uw_-`QEA)oSsJ7lntXfL{A% zrItVfr&k=Vnq&EB+`CurPGL4PW@2649{%y&+aE5@(4)jtJdya;DYyoq9-$(o7}f9l z!}1CBB${-)EYAS9;RY#LWC!SQ`5+7Gr+?-#Z2i8c?K2j@5Ga?dSz=* z4d`*i_^iT}@N_S@PObH~UJ{%H#_Mg9=W}+a=p+hBdC97A!G2LnA4@^&(|1C9sUMJB zLTimcLycIN(|6wvZ%%H8r+$K>jxTkS_Wkfe8-U>J0geZ&cDiG;MSNAXOdkkAwc_%$ zyqR?<)MBHL(PI+0dLr9x)(+Z@;+TDZLa`h^L{|Xj|iN;)V<{}%-CrXF~%Ep2kA0Dg| zN*66lCct<}Zx(Fffj9Ow32zK!aN37x*+jV{u?G`>txL(iYY)yg%~9Ict`#n|PfTRv zCty+u)>lQqFHD4h9aUGwl(5-|3)3Nvnhx6IX%8i5QB|a-s;_ycW85dvbX>NR+}nys z^=FIQb?B=iu6;#ZgU|XJgMFvle*Nq#zSpzS9e&APyZ?HL(Q$(wlYUy44^6y&biiJ_Zx0%grU9@w$M|-~ zxoV8oHL=$S#%wIBSH2Skng*;R8Z662W{r5OiA!XVyyW5Th&N;;#IwQ3D1E}?d)k+z=V&hT&?iE$UwZ$VlbE{@E2@Pt()N4s_B+iua&eg z0#?R^QaA8^UOF(EEoQEYtV&9eKDC1-AiWQn37%FngfcUP*p^#BPJxf0nraLBP~*C; z))gC!dpi|9ro=jxntL?%?fU_jGWgRi(`2UV%|G z&jfo}%@)!aDlx@gn=PP_&mGwP#-*rUxjqkxC&&M0AlPO-cN=S|7Ff>m2OXJ>Sw0}z zHnW^3^)-glK#QVCA^2W9ARw?uuLhmg0~{jcl2ke7xv?3SGobS%1C$ixEd}63FR6gV zdam{TKwi0_!n?~-68pgnbNkve8H%J5*R^<=(|2jBb-$M3YvYwIL{o0)79{5cQ_a@ z{UnPNvBH?*asd(JZ|c@KD$w*S!kQ1QV(Zq}bR-vvrHPXv~Kf9pi8-|FpwL(eCH5eT_xj1%F7+904vQy&r$}}l8}+c#?%X7 z$Ff};pY;+-b>b?pd*42>^DD@9Z#JOrj6ttbuT2-cZlp>_EbQy##7=Yp z9!tOgtB_Xv-=ik<6~P&_0G48Twp);L7<@^~KVy8a;tH zlcnjtCK7P%9pp}kHhqnfY?4Qe=Hw9g=nFq!0Y`&5NSY*=Xc7Caj`1(01A56bMzXt& zaHNiJwrf)ORUz0Se=R8bgX_MS&fcLW=H)J!s~AZ+uQ5Ea(#J7PK{cg zW|9qzmSq1s+70T?^tNrWuhE*c&R@@Hjco-JJ!!tljR?0|5z+Udsuk(ws2;qPPuS_{ zUq^#?mp3QpmuJ_19sPEGIe7cS>DkWNf5LzN@z>FB7iTxu=Y!$S+jrj%|KVD*2l?{s z=C6*}5gOv2J+M*iKJrz~`O|dz~h)rCg5mquivJCC8Y8* z6~9Gx@4f;p3To~G-#|1c3WeNQ1BZkjWl2gJKQu9?eyFLJai=+fd+ET8h>&fQG38ke z+$;OWh;MyGZ4-h9UesGCOJf2uw50s-V?ypFZ(vS;0$j8(ttz=~EqQW@}kg9W~d4T=sgz=Ho&ML4v+o zq$%P+O9MWMpdf%YYRu0F6r&5%CjfmdU7ZK9C;S|9e5C$W&UC5cj&4+enpen;QoMBgLG2WG4dtj5P_gO(M%5)FUn?ULLTQGMOhS2e}cw z6kOY0?a;bbT%%$DNkDY)&In4NqX%6JR*{V}IiPqMHdL>XOWY?~Y8}l^du^PZQwQ>` zaz|a|@k{bi*1)4F9T0j=cxR2GiFNpTq}hqorXY2k+)`TCuB~ir@=$q&MYtCQMU~?; z?Xq61l@_ouK;_hw-C!gnP1~%A)qic9`_uq%G8kzwU(*u2rbYfJutGXag5n(`Be0qx zoFvCoNbwEd3Qs_Ron2U;eMD)%6RDK$dOa~(li8)wfyr!}qA>W+!N^Nqi4kaFqhA)H zOoSYLxou9r)wVn;P}D=$!_u9#18l(XO`7Zymfv^ut0;vRe+h9DFH-C3^;*M~wAv3=d3OZ7kwe8y-$0uNh4REj7RE8iAuFoCix84+p z3(!|9Dbk6l3V_%s8cNOx#Rkt&V}RU&fU6`&3}A)>C}M3fuT(Q*NS|*$4{1iF&~pPC zJKooW;TeRQB@`2~F%MfI-+jeS?Rki6*|8A#D{My*ISHlAQcs?R`42@l_3 zA{j69MHUB2(fMbSSUycCmJ;I&S(Sp%x0o@ufHZ)a3%Y^xHy6fY>cY~GU0r-)U^;(u zv5Su)X5hi=&Wkva;{_NNM&(|&d)Vpi?H~PV>q`?J8bp(EabxPi%wXsUKoufHfl4-N zF6~%d{g)>nO*WdR58?GMA7vuh|< z5``0ZP5iS*3Eg7Y3~4nX_UfLEsxw(-XW9La90mAbaLKJ9fr+l;(44#%z3%JRT?^rp z$Z;tOo{bZ=$;_^7O&3Wltn5A4L4Ps&lwS0@N1X$>t6J-IOlxL%z>pyYM3g#_LHn-M zNoq4G%7mvH`C`Wg6siHMw)gv{!M1ke(>PBivT?3RXye6$gTB!MQT1BPVWu7*A6uSO zVvBZY2j83*&Bl5?8@5*_w+lF)>iYhHTep5A-wqe}T{-Z8#7rb1On%S4-gD86v1k4E z#pwH*+oVUt3R**x+G8jvlnlXcIf2rvo?=uv^r&Ys;zHmiaQ$1w#8$OH`E{8^A3|{^ z;6ai3+$OEzd3#V|$DGGjM{>!B7T`eZbTrc}Q&QRP39+$tm!{;0(&rzzE7)Vc8n=Vb zeRo(2>L-@-GobCLJMp60(l3F`k;vfjw~!+a4bb5pYEAs7s}nPf8n&r{E%c(9P0;N(*)(qXDM2J%QFUGk;GpO$pEI} zoubv>slg;j$1$i3b_t4{XjTU|`Eh^m^)b$&uAZe=!IW?Sofwc#a;bC-F=mrk9%DwJ zV7uzMU8Mo+PGU8+h&ec($YWhER0DJ)E3PULZy&Qoc9-Q3nf}1D$E0F|JjPG#_Kwu` zC?ad`fG!;*p;r{Xz9;;m@U9`OABExO!X+U`<1&dTN*Sr@##w}fH$wNQ+wCBWTyZIx zcr2j8O3izJ_3rv6BDPSix0VJJiD%Y`OJ3CP*=`QJsAy@9qgU?QMW*Zgq5q$~w_9!` zHxh+?&8NV!cXp&6vPkN;N9*y1hSGSn-Rjng>api*Pl#X@NYM&7X!k_;=8O35 z&h?(F^9JYkJda=CyuugA1ge1gBPCJl9$V!IPm5JRCK5m*Gm$^a;l8%=wXSzvUw%)e z-okPeR+e4Ja%b5+Y@2R zPkIunM0NaZKhR@LXl5%4jV= zXVjg7*1$uF3YaG39P%5Lxx{vi-oO)}W&OG-JIYo;uEwR(n-z4sJK;;McbsM` z5ni-FXo!~e^nB#gi?fmN6P69ef)|Fd&|X3a!>U%LmY@L8J?KXx`$1+`R(AX$yt4(`XDBvx)tmr++l@ zswK0DKa8leDaRNv8i%kNP{RBk3)#;_w(?avWqm8qX#8lEIyP*#% zy;Lcu`gdrZ-d$*luwZ86ZZtr-sG$|pvzWnEja+1+(Xa|&_qtz6IW9{fye)rfNwt%K z3UbhBv`e;lI+s>&J6|>0Rxt{g{VzopNJnEv66yy$M#|)oX%WGUxkF$9n^1RQew!Lj ztetd+LQWYE$nu>CT>mc+TszxZZ4D0n%Bc7ATqI~KmpcJX<$A7XRAv9+ftLlbqi4do z5uev+d?e@Da`;Hz(itNkiDK~NW8-7ncs^SHk^gFZtXU1@BQX;ZkdLG%wIX7+Dr1z6 zqMXl7mPtOAh0%RfC2Gh=7~Fr&efJ6tG>yi$sg1H#vU;>lEq@Mxt{Z?8XyRY9V4)mq zKrN)?C{t`w*C`snHiXMtr_p%%5)w1Md?^)xd63YM@wv#rkgv>Ml>d2_I0SG~0onSl z9By()ESKM!>TL6Bf?Mi36ilQyT(?$f&Za(tv;e+P8r%s&&buD>v3A6TofQIkXqps6 zBL;Up!{44Czd1e}9K*%S?}n{3&la+ml<+DQ4P5ELn-4e_CngQ#AM)^*D>mCrG>Y=a z5qhF^bcE^)+*R3@!DMyuJVb6bqGE~+N{`D%oBRnZZ0)vSN$NvEBmXs9eDm9*!;8bC zcfY?pJUh93ef;C^(y~YDzsTt973T}2W$J@S3A%CuUeO%lGgG2~qD>R^iPQKVlaaMx zd&@;Bm)MMkbC6E3OD_%dG;*O@Rwu;&SmoizzK1$2)c7hY`AX@u8^8_0RUG~7@cmC4 zFA#|~4ZXI?gxscW#HcOD(pFltXv@iNr`#{{p$(0q_7z)*%@!H4fZuFddj~S*xEd;) z($Mn;evcv92`6biO;}kf&7lNw#dPF}0yK0QjYFuhOUanskeMIO6DE+tD#?xoUYI9a%O zU%ot08db`u^ms$-ek;xE>yQ(az$qvvgr+$I^cO8{83WfI{i|UB*KR!M!AeGK430WV zEcYed-trqfxveu&w@8-&o<~MGqKsMGVULvYeVZeGQ%Ux!jexhOg#*^SRctgW3#VyY zpiVetrFlJP)KjWpW#4-Gq$cKrm{K9CRw{djYNvGP4h9^`J&rT3<76-|Sfim9MifvT znt(Wze!c<<+GQ30(h<3riZyrsBcY>j*V6zKC9T<(Vh49S^eIQ3VZvkd~c`M#tIZ1QVCaA%_h^m0;ZcEQ`va#HkSMGs5=k& zd>-b~EGR?44Gr^5Iw#PUF3&92TZunFl~k!IWLRjbCCgPgOwBP~-G#k=%pP(fYB0!e zl6cOlzp98DGFz3h!4rE1(2S8X2H!|cuLWI|G;*$74L+3fwi_B;CDWMCC(}FV+@pYx zQ0JBm$4(5>>AxRbygR*A0iu_K_7E zp8tJAY^oF(egq!7p>~RM(Lc)%F>Fp!3huJBJDQYte3xbyP|PD6s(6@P30QqNOu4v4 z)C+#aLbMwJlQ7)dtIE+|L76hNJAnT*OV9NzA*S|{EFH3T$-|sEWhGPqioSS!4_TJ{ zaH2-=ozy0`oLh;&wsVV9m0f3!?bpQP4Bd^C>#)+PAp0f{oyMVnRL+1YIJpFT0=3D! zH1A%T8w8vyvfyL%d?%{J=9tGfH1-_519b2sOq}e#Xi@^dmy`!#=!;rmEj=WtFdhVi z%OwN}pJeAKrR9sfJ0^*GNCWW9|NH;^U;p?2{15H?Dv`CnF#M|X^a1kfQ&Jy@Q!22g zTC5U}DZ4D2#C(onH?|9}aU~AoBUrfuKJi@|kQ=&i8fR!=Kvs?-L^i456D3RJ>DCpU)C2gk=iFW<{Bp~=m75+tvO$Igtsobsq7wyVEa8TbEc3Ip7r3sIuP^81l`nW6vdok(Ns8S1Ez$3jRg9z>QmBBa@6aZ z#7pbT!a%g=KYY|m9nj(=+st|w;sKvkrrmXJwTpPFv#2CLI$K-9)wg@jE#Wcv#pTQ{ z6hd8mKCg&E7%iaQE7WH(MFC`GZEd?HU8ko?hz}SeAK=g4mqPiYm#$~oU&ma>uXgsw z``i0F`(KYn`>(uLUyomnM|-YjbJB_oO<%u+bluR6xW=goqKQ%GKRO55i&GZY~%3_VfTpVf9rvtWz% z^ALmz!Cl|Zl$?3eB96jbop`6xw?m>1AwjUz@1t0o}mX^{4 zmw#WK^36o*u$PPNCRq)py}Q>uEr zJI}Kjh3NzOOs{qi(R5v3Ltlc_ zz1am~|lEB&IV#HVpX#U13!$hPp=vYx7SVFI2i5 zH3gfXRB~NC%Zd>-a^>qtr!&YJsEuhE*RYmN`R;$Q;W*A_gJiA^2cWIzvR@n!s6C}$ z>BL_L;D}pd(L6jm1Yc54(_2~r+_a}g;Q{j(gwG)2?gfWwNpCwlT} zG{b3^%T)Obn{#U{#ly4H7Dy07oUr3!1;tg4sEwfk3LIN?<7{bcu8g*Yie9Vbt8##M z=Yxbr>N42~>m0F!ZsKB1aOIM~AH_8Gb@fGa)ugos?ZW+j_%lW@Xfl|~4l;SG6@4@1 zK~_*bO|{~?*_DV;lUakc(^&tSsv}Yv@+(i2Z+CW}!d6&u$l?h=OqVGxv)$}pQkewLmk4wnVPq_^stJNMu ztG=*y4(d>7Ds)$~$F+xF zmcuNI;xPiq9CFv0kVxEj77BG_a4ND7^3&4LuRir07)GCb?b1f$y~ueyTemzvZM@Ja z96`EI-9pXlw@ov>ZyuO%$eH$LryhE3uS0f+&M&i(bPSEr#VkNhqj6~YgX+_ys=j>7 zNO+4KL$(c_=?*gT>AV|87BN-q*i^EWtX4yLWd@K-&{5TmAVA;oY{!xhEKK4Bgz(?% zwzS}(+{rrZy!yKB@@UaUTL66Ii0LMAc_gK3tg5K4B!+57vD<`&0@EzaLlA6+9UKPI z$!IlnqJ`N4zg6QzwFHWQ+Q^%omA+3qh?$hBaCX%N*A-g`J2#Zsm>HU1 zd?Ej#U;RA0T^&&#vG8Z_DhGd^XkB*o%L*#qkq&&G2;XDvt5?ENsmSC$EW+R0-v9cO zvi|RK2DD;W(FYYueP14I1-vNtGLz?FwnX$%GRq!ba5AHj`6ZOz39`>4?wNm@$xRcU zk}shXVLFX@KCo7)e87gwP*t6E%#Nr)W+4HXJ%WQ76-NHNCA-_$zj7Qn>O*lsQSu$J zggO~2j?X)KfwhxG#106(5tr%Omp?TKu^YrZULc;b%qN20D9!909~)L3G!V znTg?m3_I5}?!wwqs!*}AfjY@d!YSScz6QU-R315XGfSUdRB?2F`eZcU z6>KTC2K3?usl0ka*)6j;K*=T&_#zRu{bv*~^TJhaBhbdryRkA9X4 z;72n2>n}s{5v%i;mH*62D5#@e5VL2MYq+e()T1m5$xFCSQ_b|{itYd_zZqQ{X?Liu z@jyPpGLt|){G`yC_F7|P+K=Hi4GU_m)49ZTpz&-Kv3 zS1Ui%`@x1Y(M@$A9h0U5+UgL=s)mw}@&J{n?C$RFN@U>Ia6TKMY&sXI8!ZTjh=ry- zcJ!AlyImbrod_LEeH&A740%v{yMlDc9(nzabV!f9drdwPoz^8+!#Yi=jwUPZs!|VK z?OF1Xhy4W>{FySmhdFIL<~X&U>7&t)zn{%Vt%Wj-qIbM;!*|EsHb!; zt92De#6a?dLy>`-*iUlx(NoIi%f#FfDalp)*`E)lMJ^TEYEYkwCiy&Vt6^srz9_O= zwK0t1EIP$-TFCBhw8>?xe86FruVi1p8S`)-bhg=`S3TMCC_LbRvk|!0@n&K355)1U zaeW%bZ=vvDp7Vfp{#2Z&0>!E+(rB%L3D|{2mr|zy`9W+T2YgjNP(b1Vj39@?y*Po5 z&p!|=um|>Oc!7<>gPFly*Sk@j?_v9_v_92pP#?C(Ou#GeFdKn~>@O4i{dSju%RkcI zGKTeuc9wy`!}ryF*LUp^+e{0(`b;zr{@SFT*F5;p9Q-)AJUlu*dE0Ekzt4{c@7|yH zkJX=N7w3oY$J^tJ^gF98w)*@0@DI&a^W?05`Q}~!b+gs%fB)_e^5dh!{^j}c;nC&b z`0%{{eeK31|}<5nbu@iGJ$?N9=II2Ps7O!1Rl)D?ztzPN>eCB&*l^PswHLnR851f z*^T}$84+~$NGp5%hCbRbtiu4ATKA1R=`sq~SNf3TlILvuX0K`a#$s1`9eH6skGFQx zf`X{}j>sxeXqZ@-Ga;eJ?Y*wuw?C2*=W?4VXRnWtG)#F9T`?A=cTgGns_nm+{XuS0 z$MYu)_C&U6o6R9!&-kIfC&Bsw>RU94x0Kyua3)c=IQlq~WP*up+qP}nww+9D z!5kNZvswUhzKO%p`{uu-SrNf#&uoXdvHFfCw5CPzB%4r0tmeRHE?jtN(gT@gx--~_ zaW0++b)r0JY9)mK0Dgm`!i!Gi8?z)^7#YJ_h;N>23={I{QiJ=4ekK2j;dsv3u5Gfb zZNG4zr3_^#E3IxC@a27SkV&iaCVF;3tx)cz-i{C@I;Y;FhhNrf1IJi$h%tzR%aR`< z@FU%waJZGmWd3Om`neZRG?GnPYU0&f6{${^^1Dkg)O+aAZdqVK9vk4bN%V?a9D3!} zXZ6H}n3L{hc~Y{y`8G+3SnPZ(h_;FazDu}nNmen)*pvkeRq(HZOFst;TMR$5R*}!5 zN+al3npb?O>XDCP9182FA=nqGB2nzN`0wjCsd~vNdyU!JO5f=n^cQg2j5g{au}hFE zRu6LWNh=(#u)A$K9d!zmn+dAr2E8r9>}ZFt zZj@+vCIY&|_>z;QXZ80Is^I81#CIy?g7$lSBvJJ z%7GA_;0Pq6Oz%SJhxR-KA!hq`Rdj+f7trct#R{0N^gE7Jthht%jlyQ!jg7r(mec2| z0%5L3G>;#QwiTCd(^yRys}nq!^_a{rwAxK&K4q2^Wp zZgIu|uAc6TwroV9QBoCkgeidJaAb?l!>v1*-= z>yVcJULx;Dj~TaG5u(ZYhXp5u&?1z92I0p&&yB%UcZj#%=eYf?S!VaFqa&y{2{;C1p)NC1Z0X$UCF^ zdORx20x~+0yB5w z-l2Z#f}(!64*BYW@C-xz$>(yKz*7K= zfC|kuR;2Ej-=_}}+@)+XNOWC{hfZ6##I`o_gW%|8DB8r2D^tC94^yJMv8+c01s*L?`Q>MZC0yV=vrcSbp$MPAFNP6O5eD>kwdJABr; zn(OnBr-%^~{J9@wuwk=u<06H^gnJ4oDn*UPSQ>I7aHJ$-CT8L!N0ZKa=-@E+9 zKYQiYla^US#$y5_jv`>wDX!2oZ4&d8&BV-Ka8(zn)|TO!g|Q)`RcEV_kxNca7^}8&R?q|GnXHD} zAueXwoe7IETk_iT?ZAd=@)AaQ;tw%XHR4k#7ArK1lrVh0=StaFPDHYTz<*^9O^b$J zjx5e{KF*{m#L}AGtxFN)0QvPZ`BuB(NX&bjE&o!OMkr<@hJrRPqpbbwPBjX(D-2|q z5*FRu8AWW6wP=Y8L@9fNh+*EdOwMB5L4vk`ZfKL@Lj9;^Y6;fkAC-j*lwIw%hkI*Z zQef;PBotIKAdEVVJRMqlmMt1>Bk)s{)v3(9gv3-s%ghJwZ!7Yv!@A|;U6(ZaR@sGtK9Q~0Am14)WHIs3i1lmUxJs{n46JGN(Iks(csIkXTU0}YsmNC{(YA1YW@)MX z1<(~&hIo1ZZa#^G{bxRO{(3Pb6}_KrUXXM3`Y~6?P@aDYz0qV}nU<@_*F}2(3{+aBr87y?&YkNzURfsOKZf?(e+db`iIN8pqOLN+2Rk+oft1P%W#{E193|Q z^#MZmAN@Bjto>)@(eflJ8O;#m+4Rl`I8l?`U5|XnfA()kr?$*t48LP#zKhksgRVZn zP*P^ZmIyPJtW7eKeYmYgEmEfDVDE@gz;u)6`Nc9%4+12V? zP4k|Z(yzObRs6GlqrLN;Ivu%d%&k2og|MD|EQzcupd(8P3-stYEIo4NfZN#J4&cV0 z*7BHiYKq(hBX^gc`rw`PoX^D17Kg{8^oYCBnvtMAFch`+hFQQwg7e_LNX#N&n~2q8 z_lqenb=nnQ4;5>csA=OhqLYjw5*anDlRS%lax1Q21*zt~Rml|myzw6A?sJ34yrE1} z3wxtX>;i4RdZBM77(w=4OPEd1NW!BD7I#L&hCMJFN-l==S*FlHjRJL}#vKrTaxIC0ui zVNT+ZeSKM5FU^V!V_wJTo~P|VVUb}Z=ifxlEkiU1slvQsrQOgusSL655c@7>EA)0E zK^Q)ZLeGX=|FYzHNMR_nh`g0|Li;q;{J<;D@r!Lb-)*&rDc&OKvRpf>GL*UM&wR)T z3%0@U!USTC#?;kIUbBWF=oiHe$=Wk1H46c(5{wZ|==|Z1Nw7B%jH)1NWG9EB3y1*b z0JJQ|Bl7Dp$JW#5>)&J4^3bKfm?n1{gUQ-Hl1e}>lefDt8YsWZ0e_r=dfbfgkAcQ& zp^Lhj1ES8MuDwKMdXwNEAIVAxQPNxmQD?PsmL~6A2AnevT zYg7J`y#k~xH~;8`3b_SO$Jzfjv%#(yiIjj`oed6v$7dgK4tQ1W^(Er#lI^Xcc$#Ko zw3yFNTTF`oUGSAktG8+Bv>7wRSJ1rAU!#8Ua@BaaE$`0jE1HsM&^=SeLG(W=!XN;5 z_Hh&{jBYW9X;L*qwXv`rPlmBB8K4Uk7{zv`lZ2&u`1BSA6BiS1ZR<}F(Hn1**b3mX z1(t|vgJxgAnvxyN6P!lbm0p%of(hm!aH*J;Nk<|f!-}Nyd6`B$nwK<}uW-l8{MuL3 zO;GQ2rST?R=^#x-X87KHr-e#9%q!jc2hKEfE=YA^gCr_CUPK|ry1GAM;?|B3kej)c zP8}Ez4`*BO*B3vGwzte9-tB;jFb%TtZN>X_-SOJdA_o52+2TTVuxBnd<%xo7NBRiz z4p$Eqv1-uF4@2ZfUF`i$iCCrdo&sK?c9>`^8eQs0qI48MTn;`m2%(UfD@vPA`{4NC zp{hB%!1>>YaxtjV$`5pg>^P0yT%~eD12@K1=Vw!qs-ED8rJmL`lqubLf+<&<2^z%6U^=n4xY9q~4W+9wHUoOWY#a;%sIi?~5%GCgC8$>i0EJ66 zC74f@ES2bSRh&!eKEHOSmUTDs0s$rIGv{?Lk~8#+JzBzQ)kc|foE6vZMkCdRUY<+|m-*arX=@=rVv~x^2uPEP z*eMD|y-K!Q!=)0o1n#EI&|CRNn)U$n!Mu=`s3-7hlPXO9G@UV8+g018MPKjNjUN6j zbx2wMtlRpD&*axsH3lZfXM9sWP(r`+*fp?N7I*uh&Ev5i}Vp z6hnVj83ie)y(l{A%vH@QH3{WHHhH9%3-hxs72;P^6swc48i?dO!Pw`7Z6thV*NegI zd}<@iJ9m~-=DRHoTc+h6t8=!qcX@>O4cG;lO$A9V`G1ALN>}e_!Jd0gqB?IKpH$;+ z2(#s&Hd4=f9I8xnv7(D6E}9=D)GPf|pL`fFtAome!5LHXD_sI`G~&9hK8zBgsINnPk?hKl3WD>*L8Q2 z{+e@dcFnnOq&mNWBKPUi`n?GD9-4}mF$Tbro2d5It}?uo9Tcyy;;&Y8zIrUODwDW$ z16t)BzmwZ+TeF6Ww>I58ZyCkEaxMI%Uu&s8bYpyarn8jh>al}we8iK@AIuQecXvqA z#|6L>uhop!kRq8_M=w$wDfE);c3Wa5>JLLDsK+3A@&q4{Gb?kAJq%an192O@Gz(`k zh$|eoCc8lMjH^j1^a@r|WNeC1?LS)MWr^fUlkV*0D+gLKe>Eq<5-5_QR~%;yCuVp7 zKF~EgbPrAF7dQwiYB1ah*K6>sOUTsw+M!x&pl_z)6xDfjbtM;rn(P2Jk$;MwSu7?n zq4^Qch92-2JvNNjLndBynk_};+Qi(`oBm>0{V{th-!$)lB_-!oTe-uyaWgi2KW2hn zmYAZ6yl!rj>%kQ-v$SkL$x!G^ry(GFinip0qnIP%EbnTZz(c!F_aC&Oq*|*R@ROXU z+9`Vn@(f>9r$a$8-!tHAR2*&IAcr+q3zTauc~Y_o0rE9M0jja7$Xk*Kktp>pRJuTi zl0zQ{GH zud{EX^_y^iPwoI>BKlJNB`@T{+YBeLpXUiYeBG2ai-8vV2v$Z~ejy){A?TuaP zHN6g(RM5RR1hvG1kb1&nB~eHUe3s_}!42s3Qe5d1q zlVL`r?8>5X+b@h5QKjiI01qs8e@FpLscd?yK9$&4yxBABia8I~^>sJGnXs8VqkVrqyT84Z>j z2A=8$E>4>(>yIvbbr_+AH(g)!H*=n6rl-UX*llS|lW-SEM=;7ywDAsKcw6<_vJl-k zrrGc=%VN8TX+L{;lDzax4%iwUh@cB}G^o_=-rXQ6@6kSX*l%Xyq_FwXzV~!y_vM{IKK$jPBq$ie|Y#9y#F4prJP- zh^CtPxakH&oZ_9n4sGmf&v(b2Qghat4$pe{|C62#E>pHbD6Fhma`D!wvco&HcUTYU zj9v>?;hl(64r?~ zZT60u)q#bmDf|{bZ07Vg-U#dnJ=jO4&ehiNplN$c5GgrR|9-D-reO~3Iy-hLKm;o$ zxU_gvSMWZ$>6oGK!x+n5_4@Fz8rd>2SJ{{pr{F0rD2Jx+k8EVW$m0+=G@jEnd|t#N z4E#$m_zo&BsiJ3z*c)^}XX$Mo82@Xs|2?#ukwNgrMi98x5Kdd;X& zC}v8}WH|l|2rMCnouA_^AL{Sahwnp=A)EQhnLc~haMkijFyjGs`mY6Ryq396bub&8 zkceXUdm{HdXV9`=Pjqf|JF#Qm`^bI~za*l~WqR<7#dsI<1Pv8{+z=#a)NnI-{#GS7 zJI?VNAPkzk!Nt$}hcBDylqB+ZQ*FFl7R$+ja~l!&5R6N!gj57jy;+(dZ%l~5U0TQzQ#-}Cp5tcX2LTDKldiTioVbUpY z^7Kdt(x?tB+QlC8BrMnikM(g}9P*%E4^}k%>`rIJ4|J;7a^2wLBJQ}Twxh2;dLIdl zpGPqrD%fwvP`Yh~ZslQ#X~8WlNY)*?8AeJT?Ark<;T9xOeBmh~ZwXw$z;04G#fGfn zqA#*c1TSb0OwY$6S>sIBcY_IbEc8abw{+Vr+q0i4TDB0{0jYKp&fKCkF@p}I2ol;q zt8P#dhQy{o{=BEeAbkt~rbM#NQ_v~wbGtvU^fH^yna)toH;19H!3O2!PlW#V-HNFD z;1m=&PDhi7DZ3_;v1};t+=z%1XOhw)gz`bk|MK@vpoW_^LaN^Dj?BeOLN9F+Zn)Y| zcDxQHkndGd>wx_Sk_wTv{m-OtZ z6|~v5&B7Am$LsX1uo5~RG*~UhpsN`N5#^I`nhn>`d~j6wffaRoQCn~y@G_tZM;)Eq z5mYU9bQ0N7=_~adtxnYZ7a|-7EPK9_VBP%$dy~o!&oPgeNNfpdEr{}0y;1jA7Fpw> z-t;B+M_AFn=lWyfZ)8H1D6jour1C)@?p47L%{rO~`#ZtuB+u&Fk-Y9@KL;f|eSL8t zc}FW5+8G!^apojQiVLZ{tB$Nq1v!4gXpt-pk+})?Qg>P<5+Ews~roKEXa(nYESr_o9aSc zIxeU`J)7^7OX^XJh-F^z&;}X~NCsJog++Jk!{B-A@9K4Pk@){0dR4FQgCsPkzpo<# zq)_}h`t3;WbXbd;6v)V(eBbodLzq(RZ0C;mvO6&A?m%GqjD&QQ-bdET?l>1X_W;&S zv2K+l>QS)$jDcbC98@3TUdOz-jWR4^r2)T+FyG4|Gb2{3-niVHaN9#v)8CdFeXW=D zb#jFVK4IEYR!<~}n)91Z^DMrXNN)RIr;123gUfa7n9{M0X2sF1ri%`0GYe4ky|*T8 z(0M^(67rofciN&#*LaBQMm#4u$Dh02FK3n2TVSP#K)S!L9wZ2(6!!8le{)J^EQwWz}#%Ft|*VrJE z$ntaZhpF526=bj3>)LTI)+^D>yZy$zldwO*%|c`IcmO~eDtI%Zmn2h=hXjTh+vkw7 zc{-ms*0l!G3&CoPO>=TcyYlD0HCQ^Zej`zD&m-NiFAB`Pf(G}8glyJOXTvBjrP8D; zo0Bh1dX~7}!Osvm6c4M5t%M1T?{11vN^R!vSK(PF9oXs)@+q|`K)7SUs+BYJnkdgf+dq*l3;N&6GqG2{J;K^Bd zkxnp`M$r>Rj4rE#@W{~6-48i~_Pr_@d6>Y$=*L&ElBD=qtH(i_mR0pT9ruD6XJmT; z6x}kxh-4!5c-rCtb6RKZ zanvoi>YsSHN8s(U0=mS#)?s@xV2oqdXN|M^_XjVZ7?$Zl$t7ueH3 zYHz|MrC6Y=z@flX`bdsEF^^H9T;Vd>T8xg$g^UKzLRH26xsSk6$J%Wy_+m4HV~K}- zbKabc%Rkem8J<5E!2>2l>ul}+c;PlNPC!Pd6}c+d-$UaYKxSjxS`-1p2dJxDF6OL# zrLVy6c?1j(A(oY253D+3`*3m0GWD0fBil}BVXe5ln)80->U_3ejD(#NIdK^93P5jk z7ph`z)&jH;UaDwD$O}YYF5uGvu^x4Momt zv?YVP|2i-IPG#hBp}3!Qj>I35C;z_O)bcVmuo5p2;oy5TJ&-_~W|Agyp1Sg0Md^M% zz?6D)h2*;)yOGw*+mj301W!97#1doA-C>w0)4>w~$kRXRKXvJZnnMKx>|_}W-`4Wk*M{;wP&Rq-5CrvKSNFS1;ksk{;&i{szik`dz1VBa6%-{x&k$xb(MJj+(Eyk<^ z#$sYB2vE^YupU&r;o>4&o0qq)+@9N5Z?JkEE$%bOSY{xjZ@D>#hD)xRz0Zu0FZYUh zB*@WLwHAQ~1#Z(ktz}W!3Y`GasAO!-W|mO{Df* zn4?|ySgbqnTzHP-2x9kz*RUw_CCEq_9UxEX6(dUwYi$9Daqd=xZtukC;Ryu^VIkg^ zR34G`bqc~Y`f1F`04YLy;SbRS$+eWaT(gx|t`jMk8L)t5CHfY;N3;FqsUnQ2TIRQm zKmz0rzp@0o`ot7dTk6>5Rax^R!Atctd70Wc;dSruX%RbSQPi2!fE?y32PkRn4fU#} z;>aMH@JaOj+neiv_v?^9im95L^}Vw)$@CQ>PZkJ?(^ju)U6~SOy^UH}$tbT`8leXG z3_pz-$>HGax5|j<=u{v*1o5Mbr4y`=N+hYzG|Up2C%N`%kIuP9VvO5WjnUWX(r&3C z5n8etgKQxoq|c?)0#(ggu?Z&D<3sNF-e%(~;W|y94p{9ZONmVQPHb{4{&pod34M9X zJ3Lq01+`5~`u?yh1nkmB-0&SM-xI^X6XWbr7Gu>9cf-?3`#b-+HAQIztyt7ArEZ0# zH3)>dHWk&bb)1-6#9wl+LW7jD%HP^8;2)n4OrD>Zr$+yK$V8O}Ju$v2ds!_W%!Bb< zjw#bS8xCr02gwGT@6r~_}#FdVa@K+ z!;ep3N%gI5uW#t~`mb!y&dQ>C`Fcb}MQB%WPvl$09g4TkJj`=Q9IhkHS#dHwR_WoC z+dU5#{zP`2lFpysl2`kR%#%GKQG7hwG zyAv+>oBA@P5L#V#^`C#LcIo7L=$aKA8iJGZ9)iMS)sSf-d^o`WsqU-mbr)Mn>^d#* zT0;4A_KkF3?44$Ln@@3h^KrTz0xK@mJ$c9&#jBCOGQq^By!}tTX^3p>S5gIAWcaK3 znY-pis4bDD^2}UiR1|5)${b@b#fRo8^Odzdz@U5XL3*egL0)4pvT zl8gCagddbQZ?q}}8aQRslu3V%&HJ(#BVspUVDV)Dkl2AA7YF8a4of3`CZ#&p?qU@> zWWr0m8`)Xj673%j4aef;CC7)%hB_^*y z`*@`J=%}3Qx$QhSkh-7H1c=q5ZCiua!vy~hq->3YaG_u;Xfn_5^OmAPARzDY-o)y% zS_x5_)YysY{xA?8C>DSw?N2aCMbeemIT(S%X;-UJh9KkO|@{RdgIxpNm*vsp}!LIEJ z@LS^YC4D>RS$BJ=qrTh}>y&A&-|X9bG)d+ASq+4I#cwM6ZN}`tHH_;-M1MzR-c{5< zHftLg)VN{kJHGfx=D95U6ST0aFhyIJ?$7S-dwtvX9M8KsmpNDeU(fo@ zT61<2uDBD+y^o0tZXG%i!%_+U)E#;ipnZuS)CG{iWQl>wVOoLtEDo6MDmx5j4ioi# zDBmeHMreLwutxb)J}g`MD&_}l&a%=b{n7J8RWLc@(2pFRO&S6fMDr+jR2``q0aIss zO)x1NhWy*sFwBWBde5e+h+WI|5Og_=y)bz=#?5>gk>@Pj_&E!Kv?J?wU0zpE!Z#OS z%2epP|DhCOnfPPdO0aD$9p0Ni;s{mJeqHhfW(rE>FK)U0kMf&snV07y-FX-msmXIkkKIaf_sL^T?i9^JMK6w@leh`iLA?!TbJ$gpIMA=`5C-md!*KhYHt z8eAbDKi>LLLG}m%MgIpnR=mqJy3EDuvGrc92)-#79Wt#6STbHaT%HnCLEwlcpCM5y z2ElSHU-CX+n?KsN)~TQ0k}SO;^s1*b3SQ3(14wuJ>=Sgnw6$qr#O4|R?(dDeVx^RmYwGvX+S^aCbgNdVg-pCT5mQ7G>eBXu$9CK1i9EqJ zt2Rg(baQ*eIJTlEIRF zyVR?<7}$19;O{)n*z4EttZ65>r)b?2MV7=c7tX7ODOy6;=J}RcCcy0IE`2fQvKVem zUDOeJICsYGbHl^$3nf4XkGEjlSrfgXK`PR5`2m-zas6$uljHscQk$Q_`q} zcB;Yr@vZrg)fj+GD8pEu)*N~pZ(Vr!Hn38I@ujR)LYrWuBDSe>Pi64a2{0?7?v|pn zV$ohX#h*slqySBUVO3V*vlnVg=Z98|=Urifu|jWNKdHi^_*+QOt*`0-a8%a4|K_O5 z3k&V^Q9c;zI-^s{t;OJEp1cJGKnyp(kXIz6)~8gZ+zb}%H19%Fik{G09tDLCtxu4_FA5m9u_@SNBXY#4S%|Wd4kos->s2TczsSkV(L?t(()oHq5d^Wm3$jiV+RS3 zoh^$;A0Fz9%ci@YoYTMB|4mXmaAiw8D0$#Fy64T=6VvWGL`$7O zY%U&2HO2^xbOERcdKU)bS19L@6b9hpvJFHRjk?U*?`*WH^MP{9);^rG`o`x3_C(jB9xY zg?NTpg*WhaNN#=)^PSSpJ?~(ttflHraZkn3tVivE#}cmi(5^{My_av2Itk8vt0xdN z{j#1ckG!2EAW4Qo3Ax5CT=|0)#B0o>BGtRQC_@8DyU^5w>xl6ebh< zQB&Y=5JD6o&blg=;S_zrG(@d;+=?uz^(6LH5U~Q;9f@Rsw?C&6NuaQY&TNgS;a0~; zMdoW~(DJ&!9PjMSpyoSUq5L;}@H}NjfQ$rWHdDb<(C#IpcNh&1c{`Dale=IqF&gEg zoucOZ#<*9|F(0f^H$I1r<`#Jb_WA`!4yEjQ;mBz{BDM@_drR&^)PSCDavyPEvh&Zx zfIBY}Dfp&y{fDLo(@7Qf0q1~^0pAD0GOKix_h?!(xS1vB@hSx=KSKG6ewtB0Y(!FR?}WVaR5JZ-SUe}##h-vOOf7v!!{Ws|=yqu{5L5oHup)~!w2Ydq$~(s-cq`o<5|U)NE-|&2&xP`c3&2|2{EgU@FU-jS3DI3EwQzD6+^{; z_Ya)BX{1_WLvTI_o{M@D-DlwgF>6Z4WjXpbt4I3sW3U@?GYORs6;FVa<_VT4BgI1&ctq&1w*uW zHm*J-cAEm1Y|*+%EmSY+h7nxLhUjjc4bF4e*htr=NGu{60xIk|o>1SLw!ohd_da(t zqIK-BDRXE>#NZ585l=TYk7M-bUv|0E|MIGpy2UFiwCh;`o1RARFAhQ4R_Q{D2_FeD zGk3V1%HA|=WoEWR+U!SLz>%;6&Mf#OFSvXhgV`Qkp6v<^ZnT~|0PQ9#;+*_%HUmTD zA#sr}#afgiYU#%p#+LXB!pg_V6RE8Dt%;NtiI3Lf7qGb7>(y>*n{umzrZ&{r3_R)v z_ASa-^Dv@Ct8R{!Fl+o==FtyZ^O1Np!znQ!tpuaoLV-Tc|Hi7Uk4@9ZtC~^a7G-ou zL}8ppW8CNzaD!S$F`Jm!`Gg4)9J6Vo$CH*is)Z$?gojnCr>~ zc6H9^+nOp~;$(t>SD|kg%SWPRt08>{H!A7|-{s9kI9o9dPuPTFn;e`<1o%Z5S!mmW>X6Bw*zG62NiqpaqFJ3`6`BLy$(hDUu>vB z$vi{LNnC~^&8o@(U)n>)8;MEzdr4L%5Yy$C4E-f==WTEs!8e;`$x_~s-L_77jENM% zQ9rU4ZIA7YKt07$0{TO3+(-Dl1X}-dqHIcy5PP%*GO~bvil~qgK22quc~h1=@Ly_2 zDbT+fiyfzPBrTzi)e;+#>Yh7(-Cb@}hz&>I@tPXqukrhft0l97!@<>k0>W9^<2%k} zyZLx}o@r633I3{@5*(J56d3rOae3y@nA#-dFL*LI%MY*e&3%h!K&DW_)zUigJ(&Gc zHG4WVIj(al-f%^D-28dMcESCWEh(Oei7V4W?UE&~Hh#eyt5go;g>w6l`jfa@%u!IP zKxQJ72_Vy;#4>jOqco|;v;}*Th9yupC@%bt##FuBuN~X5WKsj++=CzYgLEg+m{j=uF@*cRlc-lYgySG?29j zfgfBa=7qQ(dra?s&Zoai5IZM)eP=}-lL}Up<0l+r7>oz_-ikFPiv1BcG`IA>4gCoB zf4skNcN6s*9?a{h!u@b7blX^Apegs1;J)!9_Kk0;(}xM)UerQm>_CjZd2W5~`zo#m zc4dRsU{-)nzku?tM-eF@n3Ju549HMbwLnM@$A}-NC$y1{^T)Sad`V5gVUoKN%eFDi zL9bG$BCb1%_o!b~o4AWYGQ%}l^AscX7{k3P>%q`*05IP<41ntN`M+e!P09ur;i_|J ziQNTHW7}oddOxJZ*3IFK@$11~E|tGfC^W(8s*tHb-(8RAu|DAt|Hbw@7FOfr%}V=B znkW=Ww&W`<6Tay{RIe&NXY+N3*8aR%2zTL>s`*R( z7NDf;18d=oEmwzMK@Aacq8^;Em$tJP+Qs9 z47^3Dm}_LKe{D|#phHq-Z;nP2MICpgkQZ~@6+}0(8mQk*n5yCMDvKIP{XmUuv=xw# zWaEC2S*4iR0h>QxY9W|NIU_z*&co)r3D05tkl$?_?T|kcuKqTc7iP7>kEA;@HA@7w zK<$rYb^PTi~&-$oc0J*N!{D5;_ zb^mkjaqh)ZDn(pLNB&O?7mLFTv5>tj!oB9{o zkAAfLC4LJ->5X9*sM1ts#+4)1O{!wn%?UGB?+$12qRTpL27-hI%iRs1vlQ|Anq1n7 z1((di6IL+~X_aMr@VDpIw_k3?nrS@>sgcfrhUG6fcR1D$=7ro@!6 zMa;H;d3fyU0&(qkk8(AQ6w2*Y_h5P9^m$@TC_!Ehr$HmefqxU<&Qw$$*X~iD`gmuz z{)?m7;pAeJW?aTGrdu5iHPyBiGh06o_rJ`&()alN zu)|l@_dWpHz81s_>-XIc@I-V-X{}F$>#pYz{_|C8{(SA8U-6y;74Cd9Kl_vi!!6Qo zAQb$8!2z`w6+v`3)6hY!#TC@^wgd=kKqR5oX#-aF!T zA)g^>oO$!|!Vc@HJNq;3Hs$Em({+Mo{MLjEYny3IR??!Hv|wiE>1$1pu_f;fOZ=D+ zPr+kj%0x5VgetAXQ(9K7_9wnhpU9}BWVzuN`L`!PRdQB$j)Yyy|0s9v=5!1U%c97VmS(ym=`=f|I89O0pjr z-^EfB=*?a-rm#8(1v%2-C{p+&FKr^0h4yzzbQd9XHQsi|CDf^k0iBaDN$DLtmU+lU@>x}K} zdl5|C^;A4?&S4wyp4xmMFi=-U=chu zl*7cLuhAN1wv}q?1RF)3{B?HoJm$b~F{0X5E83D~pQ8@eH!z!W3lo9?+IG2kdQo#s%K8&cQhk)azr& zseUqbTrR@(JtU+Si!mMRj>yzIw7_jb*9iVnCi8VJOG9+1W}Jqr{| zV?>q}3FcV?uWd1&fc_5e|1~&eGrMkUoz1v{+QAE%ky>Z2}HR_yp6|L~5OTmTyg z{w)TwVAm+YYc>MgI(sfZzIJ!K)4qphukTi3grf8fnS7p+8J|lixk%Mcz#IY?S}!j_ z{z?{4~z;W=|tyOwHxk&-9IfSjfLXgC3Xqg=AgqbhYo}s&eh(ZKbM~N-iK_tfHN36J-moaUfMy@ zy<|sxfI|a&DB%_v9icsAVI&WmKKWP7t(WkhehVXEcd-c`Qt4No^l%~<7kE4CBpdYi z12J{@jS{D3Y*`-a^$;& zf6tdcrVw8j9%ltcoSr`p@ee-obQ{=nD0uI{bDOu<9iU}-Nw2&7)3SlvJ-#0X4gtW9 zuc0O0yp9jV30(>_W)V5=3AGF8D)FMMowgIrHUo_;%6D$%0jj`r%llTx!b&%DJDb6K8V^#1f) zs|HdXJ?6qAQ&gTDaHJQ=C|=S3!!FW0x?TGXS{6ODFY5;PCB_GJrtk6PYBQsjEQ9pA z4s@VX4Tkg~$k}Im5185K_|6Ebgewj)iG^qe)hyj%#WZX2k)8rWTz$&P8D}*UZoU zWckf%am&9!^qK+gaL<6Ps_Tb00NISCAD~Cg!lTw7P?8;>_=)pj$i!)3i}|6FB z81=S_thF?flYW{rSMbs^qCdy|M9Ez0k-~rS%(9mPWb&*Jgm49Zz=wc4{2idpcmEovO0IS5_roiMDQwTJu3`(vP&Uu9 zQpNRNVPmleBJIaet{xQX0`=TP7fzt`f6H`FdVS~-1yjIgsiBDaXB5D)l~PJ*=k&mt zh&}x5tw_Pdj#$ghrZCqB*jTZEB(zge%HYb+LrwfqIsITQiJT6_oyVDYb68&>M?+ePZxw^s-*^*h*Sw=$bu4v$~q}N$ikQ(Zd z?5;B=YE4RDez&4GjZJxNslrktM_5)s5A`uvNAOrx1Y;7{kY$%onMM#;1+MJhIYJ_{ zYuFG63%cDr)Mp_!M&e5FYOXz@G8)U2{=|nRZ$k0P=T^}yjwqkpNOyDP>`Rvp%$mM4 z^gW0iyLP{LP_OjFrqa;P zk=XKtUO=W^uV!F4FE2jh*n6@k`&G|*OQzP|9R z^5biMv{x_Q!e^97CDcQaKjszOD+)TNlkpjyq9|1~S+Hr>^`Xta{08xUNRQVNc@mQ^ePvl8VlV?jxHmRO#-72z-eL~5d^+vMQ86;}L~Tg#o-6w+O8uY5 zDHY*W+0U6VYXAHegt!0jdF^CZOoAlT;vrxDwx zvAkVv2OiNmZCv?8oy}{18Ua~UxxnLI{-4GXo%LHRp_(YdWU=wE`_I|>aoxv09%5RR z7Qk?T5j2)z;KR9W{ihXPl$M_{R>n{tawD==6zQSM7^mCqM+H`(%lh*J7%e8`qyT1W z$}5~&X(v>q%G1BU=8(pe#)5Bbx4x6+AsG7Wn^c7pHZ^HQ4L-D%pB5KF!~<{Uqe~JO z2ET30M`KyCUHN3K^7)KZN&UIyD{C~uJ|haeR#jyaGHrkddeaE?sHDT_mX+oHY0Wu* zpe>S~rc(me<01PMv5lq0(pWhuk}lLFQnZam!KH7K3Iu<8S@-u}WOn81S#)&AGQ6fO z07u(8?&z$W;fjQpDR;EFP&O@JCPg(#r>ZK%mqhAcXd35)d1*VmJf;MDAv^1cIV&c7IU zm5*X`HC8R=^d+ch?I6}6$rx9o-;{*p`27Gf4?;dBBwQ=yUyPQ6kl99oo-QK0w%BDr zG#4@sB7R5&bx#|{!#~2YBEf06aUqU!@Oe3Iem7Dwx`MyGBJpcdwDZeGpxXSG#oK(h zuBu&Z)<&_s6(E02QKT=!(O-rCZs5^+%34+;)r2TG!Cdj`@|S3a!#?{6Q@RTuf`O!Y zXvIv?sz^6kGZrPUy=6(SaN=vu*FgYC*uAH_7pg=XA(qDz>Fsr6iplevIX*wDMW#xkUa*{CC#$tZnFNZbna|DV%iiIRI^_2f6~38C&-FS8P~4b z38PXv&ITgn#q2XI2=X%I5XYXGsT;CK-LT0{TZ>C9iaO^RMH*pprJl5|Rcg!U>WPoC z1SP@I!|_Vj>tU1anGM2pAB(lJ8EHci$%_jv${BOR$^@{gF2QnTf_Ayq*2>GNE(d(Y=Rlr2Y_oMmRwx$W7&9-n#lEWZ(-;2M*V zh4}CEceGRxXm2u`^!JB0*=RSXG9*~lZ`ddDy7X2}%yKwa?cfwyt5qNF7RGeQA2W*A zcRW7XzgG6`0$&^7&ysKdJPlBG8QR`j4|M-pFGj>CP1BhrCt}oNuIO-5zJgF)5IQJ} zOrmuv(q^4XI5sGIkHpBSNYexsi$g zREc!i3ed+R8}f((${cW zs4)5Z$f(+pv_A* z>1@|h5BFCheR37s$ceK}iKx$Mq*3tHc^Fi2o_J=h@%|Oa$`qG*`AmWItS$Zu+doMh zL7cy~t9;=jT739xfj)c?=;y?pHLEB65Q(pyq0k62PhqooqQ5sH=UrCa9^=Yp&p+pK zI9&#?9=~RYIHs}HWObe7kH@yq;m^^L2dun>zbH#Y_K2;Rt{-;JL||>D*~K>`lN5VB z>qz~Sk9O&DR^%PK7BNLWO?6j$stV0e?7aK$gvrEPI)Kte>Tu&J zq8rW2Vy`3K!gkZFfXG>enzcW1LBk3q`|%13mf84Iz%VX=+U6+IDmlJ2?E|WaEjR;h19FMQ-c*W=x+bn+ zUaBHTO8~=6Bcka0m=Uv?eMlZFreYp{KNU;nMN4&X2Pwz@BPkNT;qDTc_k1(CQrF#= zege^bG+k`QNSnkQ9gm%VG74h~m$PRwyR9AjzWMyB@~kRbDb{t$`=(cs?TGZ%6O62| z#V2sYjedVFXFD;4ZQku^Smf1eZMlcSHfAo)Tkj+4R0Do}@al1(csQS9W&+}!lJN&3TcBYQ4A&4<92fR$}Ieh_Ya-adRS3)B2>6C1- zxJisei08J}@@Ur0wpwPn9v`OXJwTeh~8Ua%H-;$OPl_&_m47 zAT}iir&?;KvATLQnb_zV5HcCWa+k`|kG}O~6A^TCd3;kDlhQ0rNX3jj*mwJSzFrRP zbo)N<+YjtT8D|d8oITX!@C*9fP2Ij7?etLWd|uV0NZ-4D`gpvWydrus69^Qf91a09 zRDM4>zqiydCcMr?95-@=cSaKm`agdT?XDR@htDt~<@ES`UrktsL;L%FPet|gyxy-p zq|9Vrffm(-H$CpuY~H}(oB=M>-;tmETfn0piNx`_df}`!{lOYS+vl6B4@^8t=*fSn z)w`=ope`McEgz3Nl}V*HqhFXYSMZrEG%8118gqv|`gKfW7f)+H?RTdOKG&R&$04N# z{`m&HKdF4}4A}Sh0Vi+(8z3sRL^^nB1Og=D%wH!510%6mA?M3lEGI>dpLb&C`;xK4 zoj|pAZgovf$|^`yg+TE(8DhTr_#)_p#O3kNl5^VRzuhwNhAIO4J)ci&Q-(dps4XYAW?N4<2NOEkEJsqkt zkkT=hoQYQ4#>+nZzeK6em@&_PjEzM^zI~T;p4=UBOGhzt`+T0x<(&Ho$d#hd?x4zjWdg5pm_qW6l+b=vykiJ8gqDm{0cs zsv=+KU*S;;58$o^mBUP9{)`56WBxNaKLh|gw}4;0i_|9vW9V;_y*%HaBSf*^oulCw8f=Q?IXpa8t>-@8zuv>xbDX9^VNV68-5pmlI-o%c0EWYC z^yg{|p`lb(@qq95DV5KihXKo(;4gRD+YNieueZ4~`8k0l#zlv+CxE2?cX^(K{)hW{ zs3xhje#@I9TdJ=Ld;;{k+imxGRncy!?B|ON)%d~b2KE!6{<4z*X-)po7^VmPbVUC`67w0;DN`k>yWs>nxsG`Kwf(|(T}S}pEyU4 zgJk35;aoR4_WX9J1Ul9LxnLMu*nOVwHwT{MK^kvGte%DwQ<>PQ&Ha>JhkFaAu>~*R z2%08Y!EwUh9#Ibdqy@k44ujqa|6WB`j*&BsQw1b}bKm)28=efGsN8KLwR(sJBLGpP z?{J^a#S}t}7}E=YJLto4Ok;kM#CTOqgTOMB~L+5`4t)ojfz+#T@(b6Ejy#o9_Za*DvD@9aQ;$)LqhD!NLQ*DBapm$i8 zNG=!P9*z9;A+*!I-@a`xP!(P`D-Tivi5^?0HLxJzHApAH&WVlE# ztxPa^nYI-4w4Ts+RCR6DUh4cy;MA(Tq|4LAch42kpn}>{E+q`O>Mlxh3ApAK*JF_O zIAJ-wm^Z{Awq^w61FMyVl64Y&j^~Mj%{YcI)}n zv92Mg^lsvm_N&ZBlk3;(KLwnw-=n(CQTSpB1Cp|>o3G=Q4FjB4Y{*(la2G%ID3&sk za<*B@{2As|;#~e5Y?uV`mvXvUucpUgC>Bv={zktDbeLEX{CE*X=Zh{ZQ?WOIxG zWc(GsuX(VQ(xx;FeIM+{9vZwZkP1o4D>-#J6LNaI?*)+;e+dKbVi{vhhA1ARN(4D` zst8ES1XDjAWa93NL0u8ccaQxV|f zC3>Jz)%Rp>6loEL%G{8VLpp`cXrtMs8Hb7)t7s1=479;IRtI5dojGLFo11 z96N#*W#zayu(kFhfZ#B_e$Jz6w*_v!>d<`9>1m(age3`zBmX$7pJ3Za0SUyn8r$X* zqt16W!8+wgqPU-_>CNl_TdkK0NBCU0aUP`=paZk%PZ(r{8DaYaVqfQXUBzH10mL@H zk1ceCJCBqMvjX0uc3%Rt<*#)5w)J0zPRd^>tAwX)^jTia&*_q4r;vHoRLN9Ztvqp#ZB8%CJI zR6h5p%+EC0gn~l>12z!S2#0{qb>wT5Dj*N0(Gei{YY0C3e(nk%AwhHoQPwi}%@dOM z3jt~ZZ!wr<*;`qf-et(BbOpukk1g>k+KF*Sm{;ZKyr$lnqckZ8#9FUP4!oSasF95= zF;kN#jNGqZ1@uhpyDCarF$T=nWOF=NHUeBvpaq)TE6}|)CT%8r<_I8r=95!m>=2@i zFhP0P^E5bKfvVfkqV`6qzz>l_fe3@O#>Am;82{*H8ko@Xz}?_WyJf*L7}kN2ID`al z)5U!e1kt0=1i@-Xx&6*VE1IohHR~v{nvIrd4d`J-c zfD-VH_>4X}DV{0IwJL~pCX!S)ueo$}EZp6Br%C?G0|Hjh9x`gpY=*=K$TNRe`5J2|m zz*FM^B0kr8*VxrsZuNbOTCN5!T-WbW{rXS^%cFxsv4o_zq!aYaWLW>3j9WAgW3+;> zf1l6b4qJFoQt&r6vV|`CC`F~Ch7y32F-5~~0gv~s1j?Ko#P9Ei6h%LtQozZKVvqN` z_eU&aj)3p|;X{V|j$vlj_hk0>H#cJg?N`lCj!$ukAULn*`(pE|+GrDC;)hS_SAE{dVrv4#E$TdJSF!ZB~e*H>V5Uj(5@~ z-8U*#SGSZZ>pCocB1`n>i#+_G%8|#NbT4;1p^zUC&)lUgKW?|738DH!R|rQrP7IMV zH{i@zN=paMiy2ET#?wac=dm`n-&U;H-eV&i_{7vFTzA{;zla`FW4&XCk?4{IOLbmlO@a)DK8OKCvOGQ>Z{f6t4D@W&$Exd&dH9kp)*r&4Mb?~MA6ycYxUcpXqdqlf~7WR z0En>kJ+UIFg-`UJZgR@>OVioIV=+i)Z{SBLen-iw$>)7`>QG+PaK_Bvi`W#KJcfQz zr;+jsH8&H=#2xu9+n+awM(?0&P+cJ_0Xu~M#`TBMbK7R!Ke0BikCz(IpYga$DdEi~ z6-4_kwT&S3a;CtE9m<#$Rq-koVA-VvYA;^CTkSP2X>PmNQC_!gW&&@ne(a!6X5sN& zA>_LRFjJJZV@&fx{ZfqgLCaE*&h0}Jh>xV=ygz7cKo0t=*& zHLl3QAi`O`>^dNUoqU3G24_^Ycm=-D^76r>2{i%&?zF{r@}MJ$6e(yARA4A|mgLY4 zT;3XW9TLSRdlZS9@Y!q@Ej#P^SFz30C)4 zzf8)ir+oh(!oVdGz62Z*e<5WY4R@FpqZ1Hs7x;cso;DZy=`yu%AxL~YNAUKF+@V6( z))Q+RzlLB${QNmlw)TMqxVcm12npo5(=SPwxzh>XFs;Skz!$`LTL*L^Z0|A70Vsb3 zKAZ&e=Trr}WGNea{7>0l+NL4=$rz>F7cm4>){0c^rW5$nto1`UPs)d{eN(Ue>?(4} zjQh?(KKQhL1T7J3{opyltwf5EfYAs)5(u82Lj=0TS0WKwqE;gDPJ;$589yKSY5fpE z>Wstr1xLks5eI$)O2B@~Dt(~Bui6CroIJkqUhJan-ABBz94*YgwX%B`(97 zP8+}MGokKBhCthkYnb;;A=HRo`*vHS zoqcP2wl|Gq9!~(DKC8zZpN)OoQVQdZQz0rO%I~o3GDTuaBh2;J87F5Pfw1^mrCmL2 zWI=zdlhS$w&qD^1*`$5Jg~^4hkhvEoj7vl56f(c3IlgB>!O|PC@$0n{PQPSU7&WubW3x59Abv@*DXGQb}Bl76cMC zvM*J-F{!b}p&3*OTxw^K zWR9-O_t}9hqpvsFBrTLPabra1v!oFho>lCR&%2V?nyiHh+Bk7!Nk%`4ai9nxYb7kvfXbZsSt$k$wV)N(6Jv|FSg( zvS!T@X(6M=NU0WQAsQ|sJ9a?0O7llah&eVJtxA4CC89s0rP@CTtufVLNZEKHLpwyb ze#kQLBib)0>V#aED6GmFtIW{y(DRUK`f4s+?kWuxp*g3DSy8V*ZyPQ=6wAsp{@kox zr3@|Y>|A`}`hKfgm7?Q1^fCzu2zFtiS;$&3C8hdM^;$^%PR!sF~&U|M-(7BOp*KP?Qu!h4^U~8|>ronYcgWUa58Guy(=v=k5SEC^e0D@1scaajY_jUj>@_#?JaX@%caI1CMp|sj zhTlIR?#*ps?e4OE6AHS=KqW2r`@H)i92V6xWR;rqYgAnrR+5vk_bXjfau|;)R*3h$ zVZ|bW{)zZJ2x^~t|2powDkFmNj}RO&<6F@89?dauwMRJ%OpB$=s@i8zQLym!i{vhh zsRO;O68j7TI_+Hw{yH-(t(0E9lwXuUs*n6(^(&D2Ps!KE<-({*PFK8z_83MU(c!J_A*P)4*UyghWur`~U=FTc)3nVBxxW=ZY_Vus zl^|^DwtqZGD)|v3?m{-&JZx$Ig?INutTiO2WGgL&dEENk*E3+8UZ6j|J{s*xd~~57 z`Z1~q7OjB8_Tc(QZ)h?7ZeWsfqm540^&Q0J>x?HWdp4Ce`=(}zdM%KSdWkGE8y5RK z9bR$fhj#|Vse$DXHAGE!keu-i>5B69;I`=s>RZG+BF0*~iuSwV(?e>*bIQfpbtocz zPT;S&H-z{1858iC6v^hzMuG2N&D+09b60R5Z*3Z$tQ-D-)(If#o#!8c?z!)o@E-c* z-xp5qen0SKuu)VG$9NTSqy>W8>t47}B3aJOSgvs3jw5)r?S$!0o-ckBs-+40vs@-w zm_s2^&9OWI-wHvuc0g5YTve?>Tx$R!MVuapW?L=(mDY#kU>#M+z-g1o2c?R zAw{t~^dR)wMqC@3_sBW)2AyK<&=-iUcfe%lhihA0!?u0Z57Q`*D2e1{c~++An(#o;$;Sl9yIxK1Y&S;JfMDMGCNn|T`QL-1*K}^*J#0<% zD?*T(bfIfUm*sk�g>&t77eV-DMi$4Y2a`X3ckY0D}1@da0nYK!2WbI>@bNHSe~^ zvy?&MQbTDzE(fd)dse$uQYQX05v4t7-&di@{;_iXnPCB)C-(!z!KCyYRD?;%4m430 zL0e`gHB_DHShO15$Py%z)h`|;{cbbvWQ;2(1dF<7%Bp%g>1SjN$2B$#rj$Z^j(cvn zq|A^Zss#odvu1eq7UTpKqcE~KRk74wGkRuW;=hboH5w8lPvhEl6b0z?j7jOToRJ?l zWUol2N{7*j^HPa81fEPK9@+O74>mmRzR|D_K3qA+S_tAUS+fOtbp?BIM{--;%m$Z6 z!3bWq#OF^GWy15B1^gmab{<-> zygnK>t$pxm+Jt3mrW%ox*!DRQSQq@@hAbk|v?^HW2O)vN*sHT}Y9Qh@sll+)+A2G2 zagyNaqHumlHg8b3+7kEksr$oO1}Z;nCm&La9@X`~DPwuHsjSTU7Jy(wQQV}IANJ@L zw~d=LsE}HI#>0t@N(!kLM&CiN^0+_Y!9y;Ar6_;iM#gwBzKb$4dedioETpzEzVznH z$(&Y^Xo=2S#PFmpcd#;RGbd@~?16&JmCg;A^jf;W)G$3_~=pVwnc~Ad6-jbpgvVwV;!Q4{#8Bv(FdX9+1pn=*qPu!SVy4}8=+&D!4e}OLKK=NFq*$X`r{B$ zk1)L1aDBq-;ChkZHK^jfY>-y=GY5AReI(2I+W1GU3LIfcQfUGSLFk~YxI}$FGG)(h!H(LJE>S^2Irk3|c z(JRe=)29;H7HPCHQ3ZS_kuG@5(W2^KE*Yqu?BUG8F)q;OjjTDMA8XJU{9tC{MkDe)DtzE zk8rp0f%IHQ1;cKhosCtJ)+J(~ViiHhPjj8-xEC&sK?1G47$HHF(+Wy+m0b3Gt{*R! zg)w?N`&%hU5eg9Oe0hD-Ok?I3AWm>)GRKc#108-65sZn_f{({(_9AtIOM!GxPo)8mfICN9fonn1WDrqw!v5v|Y{h8jq1}a~<|%4Rozf?f{5d1jJwbZEj6( zgquu!;#CV!XV{y}Ye`_Sm&MxY{5$A&+B(D`B?x+Lpo6W`xu2Kgf_{&kg-=IdgLJ)o6(oKJ&LsSr5AM+ImgbcWyq?8H%L`Sjqh10qIn>*g-a@4~b zK=;y)$@Ih@Sr2?W{CaC6*^(nz-}`c89djm^@;Un50IL2@5`6(zs$&@PqRXsyH89B> zqi2qkjp+REOWNJt(dW5GR%gD2jYxQ&vd;_g z-&&ukF={_8Jc!$261fK*L@XpaL~JOP2VE+$2OSRaX3?(j^DP4+A^dGj@Q8@VFcKlW ztxiaRn^oICHi2VpN4<>;Jl03%K^7>UsABh&$oGkN}5fp>fgFktZ<+CAbCsRQgn2 zZ2I-q$4^wgYQyTRwdoDXwMe*&%(o}!)DGMz7Qy%(cmq6SkLl9StCie4Vr&KeZ|`i) z3+K*q#d_W*r^8>$@!jU0o)3L`l{{n+eb=4P<(K1s{pb3K_cq_k3q7KSV(mY1{hDp?{d1qDfNgKY<%U5hpT+=R$Ath`M{C`m=Rr*YKEqk| zA#363{Wd#MLVAI%Jn2yT{ny}5akk?UrbbhAK0d_PcBx8gd24NdcSxxpstC;Dunbdh*4JfF7vG*ZwMc_nw(043o$tDF(4HQ zGn=fN4{cg}$Hb}I3az~>9pD;F2cAW=%qD8=ZlXr7rz75(r9L_eUV7c!rOfM#Fo8-%S!~2o130AOY8y>`5BDW3Np>qu*ix7jjKa@nS_A= zzfj#MwU_z^eBjXeza2~04VaBMoQkb90vhn$A`CvZUeCsH&1*uaDtpa21Wp*qteSV<>x*mf_| ziilC_PZ$LBc^W3U-Nctbt$DK__{ve1+|@>WAe(_zK^X&Q%ImOs+N=kOP)Co;EeR|+k#(+hn0Z9K=? z8pm|itU6ub7$#6eO%HI}+GP>>IrlmM$MuFnlYSG^plg_J9~6r11eGND-%SU=9=Gtq zE2#wCMhX-5>Y7l!g21gBTvH8AtDR8pIoEqKN*{ubhtyut!_#Xgj8jh9D^`<5&ImF& z_r+-7Leq_~UZBJ2A-5<@C8dHNSl|;Uo`6k~C$_r?%22uD%IE{@GJYnuvx&6I_61+= z>BD_#*O_x2hnGKi?Zk?4DV%5?%NFMJ%Ko+FQoe1)v7}zpaqNh6{6qAd|NV2#BG(0 zk;z@DuH|5SiD23iQh`uZNGbL&Bo<^vBV@hkBB*z}pJ^)y$yZLgeAqHfKJ+)09V?J1 z+R`w?^oJ`k^Cl{1gUN^>V>S@=DhCTZC^30?q%{4`=!+d8BbsB)u3x3n4yvPByhC*L z5&f~FG=jZ#roVKTWUgGuR?tRbJ=LP;>13n@I!z09j`7ppymGRcfiaufVSq)&5URVS zz~;l+w+Qc8qxu^Q-oHl`?S8Dwp5wb_A#ubW>og z5rTps=z2XeUggv!^BZMG&F!U*+ID;m^nxdxq_{?tG|`C;pPquook`m_K?axR53R5Z zw=in_&Fs0=B`GOA6B8}9qExEA_Wy*;x?pwhmF zXyCvJXUakS!5$I@pi+9p!`_sYbORI@gJkEyqJ5SE4tca-CpQ+*8InPP*5x=!X4Be< zM(B)aQ7aw%z-dxiMpcTD6XXk$?J&e!De683S;(yd0qVb>*Z(iPY}ew$kz_*15>bOh z-VFP3(^hQ5#lDs4^o^RNp@rXrdxnFiGcA|=TvsB(wszRhrLh&tWwI6OWAtw5Sz`^? zeO1vLm0&2|wpTLIc9q3lbSQOZ24!f|4ro|3H-?h6P^r{HIobAyxd4_nu&J`P`PVbi zd$Kt~YB}N1{}nBpBDrE!CnJtDQrEx$(y|rB|Io5OrZnb7J9Y&S|DG`aHYhbIWzDt? zVOkne|G_}O$ZUY)FT`#w2`d0~98TW`U)P|*TjUM?4e`jI6PQH99-Ae_PV%!97A%M% zfIKM3q(ifhklXlfr(!pMU&E}XT>@!wrL+bP|EfE#4MstIZIp0=RE+PP24ZmmMX5&8 zTEs>4Pqhl(lgZ>)d6I-Ljp=il4&It3!{2wNw1c^I$kSO)XKc!C32461HJM4mcGg%{C z0NTeuMSFHiovHF9=+y&;>GUev-d;x_E|*VyFru8u-=`=14rOJ94(QHdN<~q`DY$4y z#dRdEN;%f`f(!o-JPyixKY$Z>_Z$h>krPKs#Ri7S19AjB|FjBS?obt5s!35`P9?>@ zo`qxd7?N$HSh$mSNy>)49}1@a!rYF?QqUaXxpq%B3WHQ z*B;C8n^ggvQI&0EZ2-n-(^HWXWf*|~d#GZ;Esz5@9BUg%;jL{mj&ALan(2%fg_>w%|cl_#*B|Efm2 zbXNqle9CI|e=)J%WQbqgycLdn(>0*aw1**3n3#dx8HSk?7ek)yLz`U$Z7K2D)nDD< zZ_)vCu)!AH4F4)pby)pU-^_SZ%*z#s0;&b|OBT@aoQEF1ns~^0P83^UvjxK*j++!JoxA4?h3DGBK(? z@k8BKK)ms6*xgkyhh0!EqB~+M`7bRMW@BdlNK=F3^B_az#AoxY;d(iosg`6H`p8rH zJ~933o6KRpaHyzB5KSxBt;$~>e-N?jHc2-IU8L4qdR1J|6@|Hal0WaU;^pBbF-bir z(zCq&p}7ne-XFSDS}8c?;)GqUtF9$J|GAzfI$d`b?mTWQL~}g*#GEOKHI4H0dm+TG-ro#&*SRGRVOy;kS7Emf>V8xXmKi21su8?IrNu`TulbX6(Tbus*NT>- z=pm6xRC6WNe+*@WmdwIGHD(Tnc{;aIhVJh{E3xtDe|*s$*P@~ zorMN-dEo`fbkfT`a=qd2bt`j|E{(!E&kw{Cg7nEbn&89MAHJpW<#jyiBlNz=`RpB} zt#SYKd8xle?~Bm75yLX2Io;+yR1_ag9BMJ(J4qS7jYe`PVY|5o{G4H7iWIg4Mw*BO z=x!zSt<{Bc<-!t?eVASBM$L}d6+bRu%?np&$6Kpg6C*80ns@=lYr<5j&=8q87Z9tsAScl|WQ|g9za$O~X$)D)i9Fb&D$s_#MC*@YC{nYT5j%JYBzP5u zk!nf-bZ-%bBo9Dai^ic{V7eN##X46dya0pq^Ru_c4O?4DMMx&Ir97i>x2`R@$ zFs5SJX)-+mAGVwB++N&pSP9}!MkWLIUOyvEd^Pa&YtqpUv};*d_Oq3j(%_;1^)`m) zKNe|O1;adoM|Y{in)jw@Cl~sxauHmn!61QNAAHUnCNEju(5(1K+S6)`X+7;FF$iBm zAM-nN#F#-8l;%y1|HaVE-%g*XP8I}nwr5*I$jG6_lSUiWp9uC8wy};Zt1g)H3asqD zHt9($y$11Dm$d5%XRE8@%^_4{OL01^P<8!1>=6E{XOUHCA%6-iVrW2f5$AYA%XYzTZ0Yw$e3XilwCX}s zLR4V>_S10Ht9lL}bF#LH7t^R;(~vi!ouO){B>$ZOYjc-kzJa#+rPH|93Q|kEA<0Eo zT{ZS~zD6rM$75@V^56Sq-~Uf35Ph#@&&X!23rA|s|8+FMQ%|({f0P0>@yiuQEY~SL z^pzpwbd9$OfcRlfV8Sz+g1|7E{-!7=#_S(?$s{LL z(aZE7VNe*Z!7xzOb36u&7;agXMVLq!g_ua(IS?fdjl`PmQ4EGHP*T_7fU(3T2~!jM z!lrsLP%M(>>HEBMEoGKs=u@eeM@A}Aq>ohDrZ-Z0;U)VAlPcRgCVqF43)Gz(5} zeAn9JtBgbM1(gC_da;nds6GGku+W$uR?6R#b$pJd`lp|%G;1DFIBM0x29=@`3xlK_ zaY0`~p%7Z`7DkR1Pb|Ca)Rhu_IcqK&0tyOBW3s3Vn%Rm>$898ZC13{1Wc9p*A@Zq% zR7zw$Um$udVW9II9qVY+*w|v!H1{cU0MGk{lpf@4zn89Heu=+rz?5 z_V@Pp!9};l2AzR?-~THNN}~7dxxQWwwPI zXGL)>WoTFez~(3ubYPlTUR^YBrsyVW<=%BeVE13Ni^M@*vCTz3#qcR%z2}Q z=_fr@(xt5*pMSO)J#!HUy&ygz?K`O9YEtD0Hc# z;l@%UoV^5`)MZjj%%i8r>ncgZ8)BOYLmrG}DF`P!$`y5*N(&DSamUs??-F|D66{t> zsVo1h>#VlC@A}Ei-%yAnN{)w7T_1g~vPHZUbZ(BdM(iwOCX04&dRZNCKwC5 zu{C$db(+=65vZKd*>uVg4!a1;9fG8vKA;Q2YB?bIY310!_#zr*yR*S-2}53zXkOV7 z?PGRzjZloim-VyEESz7=E1vOOIP-rKMQOYg*CD5DTCWAq8)5D-B|kVrfKMN9*TzI}e|vCla8L*Q=^8@6y#Z^!&*Gt*D5cu3w}#3K>{5 z+tbUWV*?8*sZJ_9HeJa|4qz2`gX=aU`)itwY570cd#C8iy0C3Cc2coz+jhlC#kP}* zZQHhO+qRubDz;T|^{#r~5B-h*Zya|Yti5uuaS2mLkc?K<&@WmbG zrgW4rhn6Ax+G_FmR2CR9Wv2pU?c6JZZiL}F+?U&Fp55mnW4rb1*@0$Gi6}MtZ}5y&d5_(y2qoiT|Enz`8cI6S;y`R0 zGDV(e?LV8uBM1LTxckDq7NFct_qP9-3!7@_EnF6p( zw|Mog?Mp8C6AkxtW-fkTb&OkfYrn5j&@LL(C-{%!cW17>apI{N=-SBE1GV>7#0iBg ze(`i;=s11iEq#Z`O#~DTQ#57$Qbpkx4scJ{^X#DP^yfS8sPWL%1YKEXnL+h`_le}j zOZw3tCkIj3b5z)DYZR8+*0#xYKA|5?82#VQ#NnU8Vz67LwiKxFj?Kah0W|%OniJ!& z84K02O_ZY_LuvCt$$fV{>YMCuU%V%oA*!~6_XJ$DM*~(bI73gT)fg$&qb$V1MQ2BM z^HwTjlm;4LGtj8M39guagAS!mKoqN^rimbv%sVfI;MomWvTslJX^gI@T2W)25ndK{ z7CuH-%ksWeS7cPMo1uP))7{Czj)54$vhw(1uGQqMa1GaiL<}7aL8D@c&l7JcDyV=0 z2Brff4F*2!QX9bMFtFFF)-Q&%H>Uf)1}fYhRG`XAiSl$~EiX?(kX23^!97Q;^`0BS zCyA51$*cPd2+d*nBnNr~%Nn8A(BQuJzfQ3}(qGhO)|NB)-NO0AvF|uF34BXCdBKA|EH)G< zaC_$YspJq8dO}Gws_gZ4^p_{*7klsNsncE7i#onqnI&<^g0b*d7U-QGP@-Q=SFEJ^l zQ9GQTn7~my*QXEzX~0A9@ctOi8}xJJ`*Q=E{Zs;}I08~Q#;Jv1)p`=))3lr%Xq0++J5uS zl1GPE))(rQ%bM==ZLV-{g%4^x+^;vwhA;=}UbXI`H*!DnQ>mEF<-&OuYXC?KsV13j z=0N;iQEY86G`goHE0HJKK8e74MiTfI3oX++Q0)!k@<})krc)oqdmo8jRnRlFLPD$= zk^g_c`2WTIqC-VZd)pa5KcX7Sk^&@jNW3KdY-ZJdY1{+9+&AD{UtDYczKDIOMqo|k z(IeQeU;HK^V;09RJ`|F>qw{70czSEct0My` z@-3(RAgcSI92_Zzotcs0DwzH@{j-&{@E@FMZKOE&O1Aek8cx$Jrz!ML3UkCJOzUmz zVFoMKK`Ok(8)&xsf)F{doz*9H5=MibAaNL&wLJO)b(QcHE;7H64i=zX^@BF%&pns= z75iS5Fg8USr)ItxWurQv%sbQ5{9T{mC_1FarJ`1e%(B^(+4%gMvER$WFKD=aL6qt$ z5Ff;ZlGShV6;v~Ywq)c;qhlcxo4>||O+8i*a=gGU-N#i)mG81oDK7Fj{w=vj)6ou8 zBuRRbbrgrJ67gte#=Rb4l|xf-!czejdB}v(eIWpU%!|L+#*&OI0}lSi?T6}}a&yq$*LfC^jD)n-bR$BgKd~QLuDzqT$noBzQ zwN`z@dqh8L)w}nQ#KPm=AA8R^_PAAJ;*N%+o144oRk_HgjZ=4HrLbu+7HEZ!!CaRh zy55U_=@yKf5QEp=B_P6d*!_NKtyiFI>oNPO^76(obZ(+0EHlzgrnmyFYB7`e(6AAO z#dwtjy6>4#PfAS< z!NdcDKdqb$8&#O4#+aQ5-oa8a(ww+gkDK;k=kzIKIRE@Hhb6^cq6n6I<-F?j`2!7o zy`3hZx)s}%b%PVBJd9ecCI38WJgg?Rm35<%Jg9h?>$Mqsv=|Y`^u#O97peW*5Hqoh zu=$9i$S}PlgR)CH`wvMkuV0|c8N zUE-{z0hAd|(Scrw%#B2t2Zjvru z$07$<$7vDx2b|4M|I-)uxhebo*<~mzU$Arnc8#GrAsU=x;4g~nj6d0YKQCK_hC;s0 zs5}IHV&lClbnf9BTNm-ABOn(@418^tBm6?nP2l$6c9&H&oQBKqgZ**)bx}>Hj!Hv< zcvIAf?!6j2p(J4d8$ps9L-S}{d+@GddX2j^9iCjg_jDElb|x0B6?v4GuF-vjCG3;V zUAOl@6td$(=(``6x={KCdv!GnjaFw+*11RaYCXI2win9@&sdkTDKk&S?^1!P=g4iEspB4ad+#45G6+6=?Fw7@2IkT zhRg#|_*opux_`AH9Mj{#2~;^=^y@hGAt zQa=42@2MOG$bDDYe&KJ)d$%m4`WN%O#>l5JTM*oVkTB;#iW|XVY~dGM^S)xN25Dw6 zlZJagX~rO3PWE<0@@7Qhdc?V1lUqmgslxBXA%7^1kz7VJ8a zix4ZwX-!xli3lHpbYWt0TE$on@X92-Edi>IG4?Blx*W;SHQ)cF)rZmWByDOY_S zd+}n_Ru714q6Q<%(3OtB+x}bSjH;dB1ieI+!@NQJ*I>S*Up|{I5FDbibTz&yW1@1l z_U{13jvLM8?SilOALjvS-n4mJSglj;IdPEaow%rrDo_zrC!2X`+bF|MRu(pELG-1H zr{yl+9nZ`HMwKVBGu#sC^3pfrF_Y6_n^`L2>+H6w-7~$(gdGy@Vb)9`kxMuLrUj-?PW!UJ1U62i@F*GyyTq%mU8FTM%&p1v8(*#`JD zLJ9S*fBzsSrM^!qyTDA+pPJSwTZncA4WfX>R$95`g}5wzk-JUn^p3?2H#7=|+~g;D z=COgj`SoKR=%}@48L2M|e^`H13X3d^(z+l}UWd2;T7@cG?Y|hxcl1*iNqg!;`XF!YlJ%E+%EQ!ik|`P3wAh;KR0Xr*Qia-lD_ln)(^^_d zAP!8#T-J_mKLntIBam(re;@cAo-bFUKo`g*Rv;f}f*4ineBf>}K(0x4GMS?nSZ;J_ zE|V7xh&ULj$~sVxc5b0I* z(LjzgLOB)lzUpu;VE-VXI$;Sc&5ER`tGr7n`8bfz?l>MB2i-}N=J=exTpY#mc#C)8 zpVRM%-jV-8iTX?bI+|G5d<$=zX{s%N2&b_ecM2plsw8~B@kds_)xENRr=I+(C<;2C zk&7=kq?*~B>9FVFE^Wybnl61jAo2=Y#-@0=gxsHCg`>s4g;3`)5=tr{_Qm?hr4aCb zdD}U4mCy0=VSj#`)#HCT&HKz15cs${y}lIa@p^q2Pn@;g_V%@Rd1di@eLL=&s(I-3 z@x4pW`GmVTI9}0alk3Ro?b?n7JI9R`1Nl2KN?B@dXR#@W* zQ^oj1z|aF-dr>)Wf)2yNW^Lxrq}Ovf{r2gGUw~DUh15Q`E%*)*)Q#U4vl6Utx6cnH zh)pvFXA9Tk#6Z)Fpkz%5-m$=E3pe_;bV1T-%hq)@f@^bJWsQsa9k)BMh|lO>^z@>4 zGtht^2vGstIl@g)AFP?)U1{R7|8P&yfV{p6Gc?h|8KmQ@KP4v_syX=LL_y>M<*6y!+>nb=PG19yF zd`NYY2+kXq)WDl`=Pi*;Z}58XNV-4GmA5t5b_xD9)t3oZXeQ;DhHc9tY)sZP4MgR! zCie|=f~OlC)}j==D(%=>_;w821+xBl{Fx-zhJUaFTXw`-@M+8uTb zv?{T=)wj+(5UFFz6vUwx6DW>Q;DPCS{D8FLd2g(?47b+C;p5g`s^Nc)CAUB zhI%&#fI~G+BWqoLmJX?;qFKjciv+h^bjF5Ztlx9IZIU;1+ZXi6G|x`&>)UPOP@Xx$ zihUe^_r($8vnd+8Q;oQ=EgAcCiSW2UK5KVFvL=Yd$cOZK=$MM1F45)p@5UyqQzHd? zim<|1qXBt}?tW!gR=*0Je)*TWDZllcLX-~;d|3}p4SQr%U)jPxaSY;EUX#*;mq(gJ ztjdRgTA6#SyDWw3B3#mgI&o=!Lgd2@K*XCahoE=HlN? ztp9V($_)?h@3Z%#yUvVhBdJ7bBk+ha`{#e|(*x)F@c!T(_^fq(^iZ^R2>1}NfT!{7 z^zI;JZ}6QIoBfD& ztuMCYSTIfbelpO&a$GzmfLczX8L=eKz6-ynjn(|9hPT_hsO;g*%-GM@B zBwZUbXs41mhC#ajp%4j7;}p=h0uu=KVNF#nEy__IojwzYZt3bBz68?O{7jqeZ^0#?>{UJ{Z!L;ohS*nOCKP$T4Dt4@{P$ z1A&+u;P_xJqghswHgo%N1X?r;)YMy5Dc^RtBiI_-XO(DHR62^sX|rAXeoJuDWWxX+ z2fqNzuZE_C%2cY2zX(E^BNON#elF@s8S3N1T+$rbI6ART!A3z?xzpLad|bc{KsJc)<&u&j;q_;wk8JKDcf#sFhX z?@#{igZHT$mzMLG*Ja!55_?Qr*rm)f0Nux9Rgv1UMg(+Cn1Iv9A|yEwAjKD)r|2r8 zP|gFnMq|%Vwv2jAXQCNwq%v(ECpQD9FS-_ z!CWHfsZSsrP{7IK(U{kQ=i2Ge2Q#NjtPG*-c2frQsl34Xhpp@^>pYOOr$U>}NJAAE zX|kN45Jj>@9$&I2;0}nsi$*x;T4id(l8-y`A6uwm59FsG#Ps%b7mbA9u)+QAf9n<7 zf+MmyyKIMF=V^5A&-q2&Gqd?Sffst&ESux+vG#xv+r0gKeOEQAv<|+b_5u#^Eu=v( z$&9;mmVR>DViFH(qXcC22;8bbhksa2lNohYxrAwhCPr-aBGxGIylpGV>!y{iz)sS^aHau7pgI}znPIOIRoOrzR(4ESVQ@+(t`JUFjDV`{eXx7Wfqp|E z(U#i{RzK|ziW`l-xvwEp@6D4o**sTz2V<3Znah(b;Y1E@2C|!FT{^qy7r6SdHbOh4 zb?(@g)KK{yT9NgOI&k-cG}I5`&~L!O^wUn2-LLz)j_ST;Ovu zd(}q?^7z5^1=bYgD@OWR1UVsfnLB&ji0p|z=qPJam(^r-k#lqeKwd@eq_d&^A^>QU zsIZTylh96L5z}*qXjHr6m$Htd{qn4o_M1%?|LH39tSs3RHhN z1UE~u^b#{(lY0MTq7I(gWHZo!z%=F%qMuunP)Q_|hGBUivha-MOA6c73I7OlpHjPyJ5&(6~aFNkbofUz@d>{##J{VUJr_o?{Vt#=X%f)Tl z0m)fhsnFIW;Jnx?8H8>QKZJv;)Bt;o&_?gPNX~%c!5;(lsbP}{23J38k~yLpIriS? z5Vl=g?-j_vcLw0M?*DV3BtUOWEu##jEg2*!c&9otp}gcoKq?|yzzlZ{T-mQ5Dk}lP zJZeZ!z6RtI#SRP+R^19uEePiiL)zDsNfZd#QZvIKnL5gwDuuX$#SFyiw-VE1Lt4l- z(^F&D8iW3ck$M&sPH+|$-q?i8nvU%=_tgkHc$z%dFnw@`1*;m6eJusvA6kKbZakzCUKQ#HsqmjP<TZIDc<6%u@~!Pvk}FT4OMc9kcV_ zZ_JV4ijacvY8|;3qy0*&aaZ55ye(v#NGAvF5&E2i9H7O@Zl(W8Nh`dEQnnU`UPeld z?nB)sO05doN44qzBqNL#2^_~fu{DVs+49NP##$G0M@b0_1T`_xLj{XQvI**t&Djd$ zo=*ARZ=2|kv3>Kn&h)-N0tahr_w)*O%Y-2{z^`ZYJBST%=(zCalm=?F>}9MKOTaGHR?(~9O%wI{8gnU z(5aJ-hzsYYhJH4zKcU9(rB96he8BJQhE^!aXYx7bdVroBYiBBaMkAb4wOY~&= zpdq7_*ll1D6@{=AMt5*oKEJEy#nIK7HvnJH*vZ|Xq*oN!fAi$$pX>Abyg^0R1>%Nd zXx>l2vCt0HH5Y)3BEu6_v?IxD>8U1 zqvrsaLm%g+I20E&VLA1=*3LMT73l*g@?i8Me7{D#@hoQCy3kAdlg0lU$w94_*wU=W zD+cJKz_c(tiJ5#{B2Aco+wY(emif2oY|8o-99kdY1{sLFvHB7-UL{2f9$omWapG;u zs5yJFm_3)>F-2$v(yQPhL#Jrp^itK_CN)(Zgf!e&a;OzQ8I-Dic8wcDtH_LQo?K4# zz{H1s>^jLHHtTpRq6L`QS@`~@n~ue;bCI2xeB*<}` zC5oyU5K=LMD~2%_hmcv2wIOGsGxHcp*`g|ya61db_xg0Uf_yMpa3OTYKaChOD|^_b z8hC}+fywmJ{ez`g0Huw7e!@Kus4(-$uxiFAVG1o$85#|^^^#Z(`+N+XW~Q@hZt;($ zQS(*selfc;aq$*RJT_4&6G1lXdp}DFfm}o-}@nB=cdF}QX$L`&nyie>q4@d^iUgmLvSik{sQoyiG&>T8y2`h;Z=XeMgc4V8!%PHgy;Y z!HOLgkLS1%o5KNe$44IHy$iK_cQ|SoU@x{_QZ)?FgSI}c#Lnc?C#k!Im-j2yW6&{I z@42Z(G!Qf;&%Q4#wz{PW;>)|;%bBH>jxP8{HEun=su>4zj&jO_JUqbkOKceUQ?H(> z%!l}xZBOlxydQcDm@iA;K@RT&mu^UY`v$JPaQls0P5_XZq+LTp>QZ z80>fZCJQycCwE^bWgnvw%h*G#;48U&Dn3g9O@j83dT8LodBoDS2wxHrzYW1%F%S%v zhS{;$ERlR4g7fe+*DOh}1FTbZb6mp7P3HzpSbm5>)yboRr(>r#|%obt`!fZ_2W6}ISoW%J?Qs%7j5dKD$zkK)=~(iz;aXJ z2FP{b11|10bf<;k2_=m82x3;^$s})+0rQ?@fEZiU7AAyxtqH1S82PdtEJr~7GD;_d z9#yBX9%;Q#1Zt#~thbBJ41Zwf11e+J=qOFJ~QfMj|dLZGOk2f_A=lRfm$A zmN(3f8l4&{A$@j_>C0W^)iK)*uL5R_9X^jIMPi|Ib)zX0~zQ9!H(; z;{R})z)IMExXri7#=qRA0f5`oAMOD)sL5<07)bhu+e9ge$0DAIDI5_ha{wbCQs&A4)dLUbO`#8V#P_bW zE4}*dd3^aw2u5Jrdh4~?U`G%Np?mlbv)N`VFV+EIHfOx6Q(u3%-6*tD*2e4s{Uj$O z?jK<%$AE~2Xb(llrB)hndsmqAT<@h8;`*t{i-Eoo- zb>flP6rT2{Wvlqgeu*iH%L1!sPc;;R#Z7RaCu&2=O_EOrs6TNWbTa)CHo?el)3A{$ zdQ~RHLnGg?uds!P_%7}by*{KBc5wY2tud+WVjw5D z+-e$&YO;kxoqt$Qm4)pJ$7!#8=+)610VUB2Vtb1hUpW098=Kb3h+TR%dDwf=>;2Hm z?SD4OCLwvzb&Q+wV@hk(A8|-Y2H5)24Rp7}-G#z0GNyiz`*D9x9z)*(!fYA8~6A3cFoBR0->jJSr_)I z;P3mqJF3m__d55-KYegStug2I3IhqwKqw%wa4e2o;t<7<`74^0+!^PY8s_)M9TU)v z9G*E}_hU;irZF&x>#*-{27Xrbn^RL&?ba1cyrj4@uhw;GD`8g~V9eY4@@Cj0AdfaF zG|h-^dTC+wM&er~FaQ*PO)tkk$gsRWU*dBRWHW#aK1SQe-&gSk9i#Myjfj)pD_)KX z(Zk=R*dA3%eer*LAl_f39_ckpDt|I_brnV6;{QmX)e#tJG@H%wetTSf^v&h-Y`OV4 zSo%rk zow@k->;hw)$Aj2{J%2CF3>*m{mi+xTy4!z0*xxuh-_JxfMkcL628`cD#b6-<|3?e? zZu`(w5b`y!e`j8s(_0iq+!l4(YJ;ooHIrBWy%Hi5--4KzzIbnaG$cj-q;4j0{Qm3x zp}S;`qu7!0>fgCeu_0r@i_kCzgLDeH@)AkYzI+azm#0EFbA4V>w{{V+#x3*2B&+ul zZ=N{pvrnBMY%KMyi|Uq{%;JS$3>#bbf7u;bJ$U6cAs-=Q3j% z$;uzim47-qi*#$eoYEy)`d`vpdw)dYI_4j>Ie*VwHq{uv`<9MezgA_q$W(jPa!OKDQ9=RHbQYvEqE*Zckm%mVquC4#CStI`e29l+;0YipP0^9S%(&fDDG<@ZOKLO+F$ zE;UN(_g**s%LK%u*YA=7(R}J`R#iLXOv!yd=5ddfPS9d4*wy5-Fjxh+JwFB`?~4i8 z&zCY2GfR#on{o^MMEjx&FLTSaC1bsxbE&@YF?`_RDH54GD5^?V-Uv`B0ZQ(%4*VbYr|{9z67UFl=j1c) zQnN_--Vv@a%?wxJ2pg^NYpqZ#tx-MA3_mUS@^r@KCJnP!8k^v?T5FtQ;PzXoN5c`G zqpP0sOX|1_zY*35YU9a*+8g`=<{D!&DP&^&4bRUDjFI8T)zzPc3-qeZu=Gr2_?Abp zNIw}Z6Kr6a?B=$uEY_Q62)Xw?z`PmA{|!L@{tyUL^>14dA*^v<6Pt(G<|D5&Ih2Ex zq#BV713j#rf=_=B73+fC!eX zVLLNJxRZc(CD2>!AUnEuNmqaFRFI!P!VkP+-9^x=JuJ| z==RGA1ok&TJmy6`>MAS3>M&uRv4LsrX+pIOxv!Pv|gxLtG_pamq2L4z)a55jAWB)jtWmhmh$UAP#?bnJ*&{F0lJjHgk4eX>184M zC*VSi55k(@A`AdqqW%dyoFg5;o*2-_NK_3n2qx!FfNAQ61%RzHDNz0})atPPVO>D| zVL#ScG2;V~)_a89urh`8EolJ!v_mAI|0(0BmagfBr4{h@$ZYx^go>jVO_&OXR0vSF z@4(+U>1#Dm&C+}W?CnNEm}Z$9GGMH~s0mM#IXMfIAbYXq{uL(zR}O^|?!QvI{@kbO z2ez%^+@(HxiHqKj--GW4N9X=AOk9~}7@-QPAK^Xo1%!?b%bhMgqATamQ0c4nS{AiE zi+YwuH=H?=@Z`4}GxqG{*hH(wlAb%S0H#?q11_|=yLfC`1SSI%awbd6aa#eP)oKI3 zrkk1;QK?nOWFVi{yI(@t)4$hut_6Hw4oU-GeLvqHI!k+7e?Q-yE>g(z_qzZ37+yb} zy*Rzjy=U%R`2G4ZZszgIQkPh&1CEzs@SnOw?XhQ@0CYUp2%t^LmplO-CeHt6OT?a> zBwqC1c?6P(*XZM|4>qO2bS$4~JMlUV?78lD^O+!LEmh2c_F0!iRbVdRsFY0q{uZHM zVFU|B0+Ud-3xUeW2lr>X%`g%$!6Y9IJH&fFQ2Q27nU$kzAh?ZQ7rVp>EPjR!9v4oC z2%OkowgIV@#;jWLoP*tp<|u=fYv0A=k@LHNG=J~Pk$(re&I&P&Jg8k6eI(az~@ zJzKG>AL{_+G1m>F8yBD7)hc#8^8pG*HXh0go_5O=VymIc{d2Wsb}a9wWhM; zX+?O`y_^FIz`%Pb(s@}8w(Yd|g1kMM8zSlHF2v&u#Vue8E2$LQ9HzKZnOY2q*|p&5QOqU}{rm<8JG!Z%akQ)Hs;Z3KXi zAj(w4!v<*Kq)4Oz9T;C>MkRXdjdAm1P4&-&V;T6#y^b5KQlyUCX@*4|4>ua1M4a@7$S%bBt4!pbAy&t8 z$pQtd9K4wPsN)X8bt7WhKvl3=A%ffnpE8D6R^95K4_&DT4@<<`IiuE zxQ|RCC z>iu7V{2?AY{{`|h^8X9+SHi`Xb|$#XFT}9jB*7RCIhCI3{~`1Ikl^gA^5$SgeZQ0W zmS)d9VVl3*x}$Z-j)qi0PBD?s669P{?bw_w{7quECPqv{>;)y{ZN zfo9Z4W*r^=86_WA5?J)zPK_DP^`At|EbKPlZ-?=7MT_bNYI*M)lpp!miwQhDf+7 zCv$$ai}?nVKj2l`jeJ5Vk4y{uFC*kaPO?mcJNOJ{WTUWT)uGFj&^6Xt)_qU3QkWEi zs1ts#+2g_LHtyq=aOm~t=`)pJp&{}Sga&HXa?3$a(wnOmi2`fjeCo~sV)MF$QV7@- zQvaSc?28~+MaT)YS9nEop;L4^b-j5`SQXf1=xi-*`xXby>LR~_L)HAy2asP&cC3Um z>WiL&JpK9X^?>A%L)bWYUcXps+K56i8VbrXz%LJ0KRhqb7`9SBHmfcOu5xaawPP+e z`wW{)L9eif+PdjY_=uQO#e~F@HWm?@Sd}O*C&bS~wajc?VIgTGPomDf&TI}8R zaBJo?M^t0=X} z^?3n0{Qq}gKZRE^_!e%N6(7dXsED7Ct(lkS;+;R(Ar-N>^2hW38(&mtTaRg6+J|{* zNpyZ%()PPTWByJOhHN(JuWd70Q3OHki*V3w#>3m>x4PsYN@6|;Z1xY|*8{RWkb2)j zZt%K4>ETOQu8+j+o7f(_feVF$2Ezgs0`s5rkPDvWn^uK_X9#B;AU&*qgAU}$@`xJE zs9rpcFa47q#?qI#E83Zkxi;~dfc^I-IH8R>R9D&k$^Y9fct=Xa9#p8+1yt{An+kT7 zd$yW&w%}II(<-g9T|U&3VK>iFY~H&tb|0+y@=<3aHpbOEwtla$oVmg`q?68<;r1@w ztWvG1t;u*#s?$@=2%flHFwAU5^P_X*_K0$}{m^vz7DtVevxnbC*FRhLTjIsPy}xzl zg5+jBMrKR4(*9)L|1dGNBBj{J(|gcxXn0~6k0CME54)A{q=HP7*=@@fMzUVk^J=_iZ zC2Y60j*m7X;N9qReU;P8rPE{(Lob|m<&mn8K|g~he-iydNv0_Flg~YFFJiK=vRxGtQ6B zD>%%-{yvrij;UeJH#HVuwUGki;wQ~R>P(e~lxRcFb{+a~&YI`Vc1AWRcG7I{{;Qi^ z8xnB+l`ak+M0sAU-HRfh!rBijY@|A3PYxZ^ZfGvB39rdc#e?Ig0;^rwFIMTeg~MXl z{~%fY(<^uFQ+%Mn14tJ$!v2*m%KR%`Y=BnlASpGPCdLLHW;9;KOO_qaJ>h=^)$ySZ zTkT>m7u9X~j94v>HIksfQ;9KZ6(7GWxaOnRCKJWjw&-RcItcuzpf!;|S!#&HR-PyX z_Iz=PRbLOXbdl|Bk1?WRy;r<_Q4UIS-EZDXwEKY6M^>eFLzkT_pcJslxoe z@>@ggS8#_)hI3*CRwhG{2!6&bn8GHPf1hUNhgI@E2wkn`HE@e`v-E3+xwj7M9Hatp z@8q2c-rs7uCr|iFAm7u9z)MWHTK4vBQ^DETNJ-}MW^BnwawIjjHbmK)*MU7!6o@nYroJtg#rGV)oaOD`{U$US!Bc>dJ{ zOLnR)21M$)FjawT!7s7onqDIA)e2$l+!q)0ZeyY#9+bjNVi2v_JEX;N+g(OdO3;(A zfy=>m+;aoQawu=S+jnvS*M6vCGv)=B;mCm`u1Bb|p!VK5a>qslgRf(wL-_W-lPS|lx%v{}eANX9Os#E*hLMN|DoaZjd2WoMI<7TdOVq zV_qcc<|<5p0EV3j@+HRl*SsimO#JR>JMm7c&%A7jtPx4(DUV9j?M^U{btpvr&G&9n zrJdK?TKy@iJBoMQyxZmOwCYFEZ03BPNj=U`67nFo1CDsMKPIC?_XnBc^mj8P_;gtk zmGL~ktPxjNQ{dRTuzx_7h`*>vJe@c8Kp&YQVw$b<mPd<1~_>X%rP>v+R&jMy{JLluWWCx|Y*AJrX^<|k;*^gkS(%1~cEOx@(Ae*;D z_>@CN4^|^1u;ueWb~(a9uk;mx8g!4)`1$$<0?`dyR zsn(JYTXmF;^&qX|u(}tnnDC+$iTI_0g~0MPYqJj6Kw*EoZ0cMP|A?^1#j>zjie?5% zWEvAyyWV-y#z;FDpv0DrW+yL-$SB{d#+%_a7-(tf_kFPITFtQF%n7lKAoKF}ogL22 zX<4oo=qKu004USAbt(nTrU$OF6sllTgobg<5!x5`;zG2Ce((~)p#j@VFgDoz`zfVX zci-kEq;;*X*9GADaAP)k^E#FXl4KsgEHre!+V=F`)Pr6 zcb9O#?>AF%S^{4}>!ffNhOkSL;9gau%$`IrtZ2R)?%~wW*cKiI?EH8ugR(0sjSDgw zA)Jn9FNZoW-wbhRc*aq0vB+LPZa5x%@cKlWC&d<#6;^zcM$IQPX0ODxo*t^dHxtc= z6vA3Dw8W<&X@#vioXECr?OJPHHK^BE<# zQAy}mi&+N_BB}x;xIl0fp8eoTWg5rVC5@EN@68`FQR<;+9<{Cni}B5>cAHDSOdBmp z85IBSmC%Hvko4JQ@TcY2rgf-oeMl=tgn9Z|>}#Tcr2t)Ht^vltvq|LPZy)*RIS=ofj$5XcxTPXFo`Q~uE} zGBLz!b2tp1(7koGCUEXFmG~h(?A?`2bxsWGoIj(dA(@6Rxm8lB9icmvmBW&0`g@B% zaYw?^NcTzzMb*wrEy zws}B=mt1@DAw%tP`61&WkeIQ4*^%-K=|jd^Wru}|9_Mf@-`glM)1^FA*+iaj?9 zWz>Y1-z0Ush|Sh$mYXrRhf83!DI;8j=iTXtOo4>-nND--x*xSS*nS5{#md(k9~w55 zH%3R&n=|jSaO9wM)Om}{h4@^>v-CJEnM`Aokycwh-_gynPvg!`POi7>AhHXzNb~?&}^|4&&;FCs!3PjrJg9EHx~Ou3gU%}l7&AK zMpmey$Mgdh{5ojQd|qrqYH8sb=h%^l1V~)rM9lDrS3+puU2FfOP{!Ev9@IS4l1@e~ zM%Ng}CX2=UuQ0P++O4KMfP<`*s9Cx0rybQjSyCjOs(O-%%lUS|3-1~!{zw>Ouzp8} zEj%`NRs5>pZe~8U{ua@__s!wHrALlhs3F>K8uPD&5%m!~Z9Y3=}Lnl zGUa3+k8WGL$JVS?7ski!*s6k6z{f9=%Ji+8&29by0*!*TNStZn+?Ud%U}D88<(;a* z$%+0h!fzSl`_P+J5KByn1OI7ZY;z%qM5>%z^a@Ik9_6)6OQk~Q=cze`+(`XCIwB)= zluLfPFw;$SpXm2BF*Q+Q%J*Y0#2q@Q9u&>`$6`!2Nu{Ls!3K|g#cDEW!%@=Y0d3xP z3oR#KKXPb?ZZzc3^2-Ep_b>D;vvBz5G2pj7Q(%<61YiF$*c8w^EZ19-DSk{CmL3c~ z`^O=bTMK#ZHE%%#hv{cyn5y*PScakQgI$*jTUWK#|nEPdxSz+PFekj1X>J$Bck>ZV?TA;1kK3U3lao z9`giqZqW=q+7Q+Jg0);hO| z%pq(mtsV3o`>dW=TFJh+pDcO}@c=UBReN@c_Ce-53E)EVC~3LeWXVDvGmj?j(d4(&nWa9G-n)XqWN={wgOg*M01%yyE#afZRCw8=QFV`BL+xd!8< z$zaqh+cojm#pp9O9qdd@Oecn@T)GK%Y>`tZksHP+LwuDUrCJLdoYwz!%LDwHabCIc zSNy!M=A{M`*S_xe02>fJekc@yc*SH5o90BS`x@oVM{2z(b=e9DbJtvj<_Y^lZaXnD z|Kjt0<1Zbf-1U)uVrB=I&SbtQ+t+706)9M^lyr(-sO|bC(=4A!oL4_Z&81=F*rld;jPI|a9G@ASd4d1 zVEHxwb{|gEd=*Jnh~%2Hj4B}5yo|)DVT~m}4q10%g6cA(ed{o6#f%4@)}aNxvV+1k z!lIXf@{$wW7T#~e!HsP7H?og4Dz2m9gs|CoC4r25SHD5GLK_iYaS5r{8c+!ltyiij zXCU{pip+C4#CsnqhstbbkP%cN1%l6u1)iX zjKN;23JjRvkJUJ5$9XrFDum`i0sdu4Ce5h&=`EcCd0GzWHs!YkRLnWuC)!BJ39fX6HcnbtxQ8Nx1&}b{=BhPz8eG}WaKXWBV_DWWdNyQ{q>0jb$zA{3!O)j)x@NVAsCKI zXFH^9iC{!-{8z{*gsZzq=hDUdae}PMAJ1+=@v23*j17=s2o_j2Q!QX9UUN^ZUx={NWCM%+Ied)y5t3X&OD8 zz*35g(rzLj;M~aD4hS6{+8jcP9bU9QKMGV3)rM^k^)JHv*T{Iq=)UP48k2y>!%VCr zl5ct_*DfL_Qmx1n>ovCEBJTAQV)+MF(`Qj~pu3au=GtW=lPn0l8bZgvr>&e^?tAf>2HfZY?`xi!iM@M}S3lv3qwQ52G|}YTM=bkaxB0#yTLT>>88ErXTBV zetr*qj%gqL2gzt^uj|B2+n~?J;Pgj48j9&P)p z(x;Y?U>|VUDRxi@Rgi&>0i66%`X2^*Q)^b1DQQ zUC~@;&3~kPeajY5rXUH&u&*)8%M~{qB~_FRcH5JimIA7p%=Iy)Lbj|*NUH5?r-kJT39+ zLMz`Sq9zcrv+*Xwnjj3bRs&@s_YB065uS#Vi+ycuFTh}kCKE&%7mUb79t)q$)paL8eS8htw?yO!>NIU#sLwYDzT+^;eN}YpV91S)pd6@D&)IeQ%Q7PUfw`z%PyBk_<*As!mt-U8TJBEZs;zos!zg_7b@^yp40FbrrfpNluXgVIA$p|%Dc8UlT~jHbw54oYFH zCm*FHF9K_nW6k1oVPojiga~85Knl;&zU!2Yy#v1H|Fg8jL$kJ>7V8kS(0jx1sX8K* zR{vLgTe{H6UzpK-ptnTk;<4{saaHF>wImDi-c&rWrrfQ14J=8TToZQ@XMO@$iSCLmv~)k!{K)## zJ1m^O4%Y$$7qBSueE$LwLgQ^0%7C!weAi8haYMKORmlW2KF4~ciW9UFB^=)^edec9 zH>~Ydq`cfiXnY6AHguf5#nBy&!8kM7p+H75)Q^Vey~~7@yr&^LzNtt2u!`n0Q+sLz zPLew_D8~qm%n>tDOFpk~Dy+>su5GW=6au6sE{fse1Q1lJ(&D5TwvW-A6G&Md-Ue7^ zs8m-)lU)h0rAFSBI$7}`7RPqCK#jAzVh4PXlHf8614}HMtZ)j)HgVe!+W3^HjphMU zR?PJghMT8cGy+-~BCa@-sw``@wtPa}#s@5l1UAMq{iT0HgL+m9*E5~#n1uY{^?l8n zQxcVe{ralFn9nTjXqkX@+tsZS4LEkLS{QD^e@)4P+em9{1|kZ5_CGk|#lLaJRJU6H zPn?nR6K9Oiab@M(8;WyLKGsAMPSs>O{#vE;56)PFQT06j_Js*M(xun&TQXl;L4-K~ zfHz#JVu+1-DiCk3{Ts7wPVMdyBi(3sH0o-Bh)cl6QAL}UjDF&b@O#GTe{n{Qw^dvs zW2|26#yM3xyvefi7=18#-$INA6GY{|IHPwkx$$%18UY%KAgB~hJ2dwDfPrQG|i?v_I3!MO++FfrQlGO7O#OaDTy}Q#$Lzp)l|cJHCUTv2ze)o zBp=wQu~~^Wpv39+sXagXvB%d zawUQ_RrqT(qK#pdZ|4}&Ly)-HA6;Qn09E9$SD9phym2|L=vu~d|$wK{xPWa z3OKUf=qj_%08mu0h_OT46g5LkeBgamrAXXnw{}LyYU`XtbUgHPcg6V>AQQ)*RtAa*UJLUCG0oxMk$pyRAuhp1DzrpnR+JY! z%cGChLbozOYM)M{zN<$C>q3H- zpA}l(A{8D9oAu6c^(+U#Y0Mh$ZsJxo0So%FtQ1rI?{Mfb=I7{*5Jsjr!~WfiKd0i> z6hZvUZ;x19c9<}ebf=YN3gUm4baUr)lZ63*qHc$3_C3cczTgD(j#FF@hz*{Ih28IG zWlteX7U5SjFbkf_@F;VcPC_XqoH`Ir1-`Rh@#1Tr93`>$$X)br!`C{zD0rK9Cerf3^QBx!~J1{~6}hGv&9 zE-t4Rpgtt?a0X0y;OtlVoi|E?^h|yCJl*WS*l4pz*J=mG{AzPMO@mNl8*4oj_ip;V)y;w-ae(#C*J$DrA^$%`V*R0kfV$$P$ zL@d|_bGV?{l-04dThySniPp76nMK>QSKhu>f*&LLfrP=y@=XEccQ7V%z@mxYH4hZbFy-yNyIx` zWJWa`faz~10&|EGj<$--LhE%A_t$Dn%+8w)N4tc=p|MDA$(G}!9S5NP8vjE5Yv|`2 z3R)eJ^#|QEfJR>QELUFH?n44`RN7$ryjB|{K>x15OaiRHq|d01692mbvqU)^EG`h8 zIt;YMsXC{b8)S!C7pZivC)S55}hQm0j$5Yc;IaOMn?Va zhPzBIAhoKfJni!=ky2b~@ZdjcXrdTTa;_rt_3H3sGAF|y?+#1BT-2-Zhd-~qjq&KY zKcBq~wZM|WG#U=H&;Dc-@hXg8Ju7g7Pc{d8X0m^OjkDs5oek;;^(IUxnl>j2##nY2 z&AdTJ8g%6TYw3QLE8e+|qk~NBEwf zG++M$|7Y7uLzVl6an+8{j&94^H9x3x^M8ciohR|R?x9};w`xT)Y@}mqJRU9peW2P2 z^u&dHKSM)b*uR^0ZSE`d_{%k_{}BebX4qS7zsW0RKge~WV783754^#Mu*Pp(BojA#L^__An ztp|=E=TV^@P78~K6}rcT?G`0r^QFv*2NWUxsj?x3U`kek=4_T69^B$cgIn(~sX~qU z@|YuzWOj05$V35AZYy@hS%%*UA5d(iTvuq27Q~O=cx~ydSE9y!CN=L9&CPVPWz(gp z3S*1zgt*s}VPxLR<4|Dp%ct5UIOrxWYi?P<9^Xc2pKA533DFbHbID)DiPt;BKiMNPZmwIBW!zBdJA4xVwc~3a z{27KiD8A!BQMcIaq^C0KcA8L)(>+oBJycHWzDspC8W)Q)3D&>y2Y~*2 zprWp;97&Ki(5&N0Ky1WW*N!>0BmmI=sX=qb)hUP6k@}a>-`4c%*gvgl)O>1pCoOqb zU}sj#QOX1jv2ts3rsxHDQaV#p&tuDVmXUH7$7VxpH*!@Ro5%zJ=$}-^)@_DJe-fh1 z`QtxT7>chyK?fH|c|I}$r;9KBCM(R3V@*xxEJ zQMUHu<>_Bpe7v<;)OfL*_m6GV5|*&vlVCN=XZ-T86kVZ9nN}`rw$cvU4@X0{4PK&4QHVc@Z)p_L3Ll zxC^797T{=b66|hp;Wa;0aYJ`$3fO;V8-M!z;udrWk^5zqGM7XH^;O$!0J?Wq2<-Qr zfw>7u13$o&yg-d4-MGwp4(npKe(@wBEj}NEGz)3~tbq&wjx1k3s>>5(D)@8S(>F9+ zj|Um=308S7JW6EGT(@_V9YID9%z@@!ve@pwLyDHpT+iVvvq43<8h3!JQr%T4jwB)@k6|$912N4*P1lv6n=0EuKv}kd z5vB0uk%+VOUS>%*5tXy>)tJ&wNTdYWALhBCWmbiB#`MautAx7yV!#lLYs8vbc$?60 z3}!v=U`HV(YLyw{N&z*>PwBq$XRV}SM$6ioRd32S-g_!7s%zV6R>3jzQgX#e%CP4= zbZ4#-aocr|9yWQ{#~b4IuLa)W7S+9GZVQ!Jy)hlei<;L9usag(X5$sR)=$e-X^hAL zk=XVb&gw1=X8s(tJNqoUh_MPx9gMo7mTW8eA7^PZPFf6nv<<=aVK2d5NM6{!{3-!c znR6|~A*>~jJO_syqC;Xl2aP#tfz0$~>vK2YI^N$N2)Fc+prp@hw1*De zb|AT-pL&~rhP!|Eh(ri~<|Ipt$iN##ntYW#n(6|*KFCznHgbKR_N)F;nYWQASpA)0 zF;E|?FpusV--k`(u3Ylx>AE0 zw=sM2XJ2XFW!`AfAxc=a!isvL7FS{hgT-i&Svu0opp}h@wVWAlN4lkczD~QaqyA?E z(-WebJQ{6lc~Fw@fH7T%mwWql;Pp#BH;*SpLG$(rJXv1&4esJ=7b&*>==`fe3GE1} z7Ue8L6O=1EVsrx07cAbhJa!kNZu;OxoLlogAxFZWrv`66=g)iLUu9YJzlaFY=VcquiA(6bJ0237-VGBGm;c;chGURL;i}`6Tmqj?yU-q}T^|5h z);vq7%kbEZ5Egm}IpVwxp(wPhNb)2KIhv0-xWrVKo}B)1w!A+(k$agW$Hj6*4av`1 zr_UkY%{nWi7e#N?vhr+sPT3|$<>LLECQY+#nWrJyxQZokJc7m%oVp%tk+xFOjoKUGuoe~%7(2~ne zVus$$Yo4$AbRbSZ%O;vMN29~g+^(9EQJ3*d`Biae7E*_GxDCw47x-#OtpR-!*n3qY ztATp50@(ea>kY$Ov)e&Bs{`cFr_5Ov7!SDngJU^OVVnMv4py}F7#%G)&K@~ z4l23x+2N}-H@Qq#>t!c7_?a+X0m^F&$soj=Eh+~^HL%cLmy2aGurPMypIEKFMPZ>?`H=c zs~@HY?^k`kUfhr0KDOu(@K!rMcAP6Z+SuK$n7l3rB7Y)jEoHtpetZM`T^S3B@P37< zV<$O*!#yoX80ch(EiYIu7$JurEp<&%D@>xKbZDI+yR#3>BDt54AVh#$c#*uT@16ap z%05ffcNA?y2nYw}hymN<33`&m;T?^m1Zk1>VP5JheD5x5YL#4C8Sc0A(vYG7ttm;g zLVd+MqP91)S5@GyW3Yr3>ii4Q<23M5CKoCo1b%NwcXlSYqWgS0E4?8p_!-u>3>=V2 zPS-3yr3PzyZwhvV`(=SfKaMeo6KFrUbYD&`xC3m2cA($ZSC@B~unnbOvLLe;r;Z)G z$-uP8kM*4Hda~90R;fB>KsZbCQIqb=+$YpeCea=uv%!xHd5 zyz{7TKYQG|LM#5TrA?^s8HGSsA$XSFIWypX2I+mMuq_kv61?SSFzcC?L;srMsY-K` z-zNi(B&8#ZPWpK6gS&|-zRUpOjMY7rQU#OW(G($&5l{yfo9b~4LHn_O#KA7c#i7&J zsszy&>Ay%vfnp#}oy6BGhjaJemP6+3q)8!JO~PkB;^gT$Dgt!%WddII zv){e!EdsPG)O|7@DYMAhudSU@A16U|13E2kZ8UiooBMdt-f`=rQA1^&J0ycg;!sCF zO~>-nmf#@K)u+@KOF<25oawkC)+QG21HYvZ-@ix!HpYIy>CuL za86Kn8m+M9kpm->Kzvx5`-2nvTD&}NWxq4ph_a0<8ZTV$L%cooD>ShwaUOd1UjGT# zJ7*u^jDiY!wzf~76NAR+HRjgN5AB7Fi>qSWm-&QC1+3x9ey?LSW7fZ+{6_anf#DCQ zbq6Hde75rxZfK3rJTRrdGr+9^GQj8E>q*cW8>)n4T=DFbRO-MBRviEM6KFwv8+%#k zdUv$Jb-lT(hqxG9P&pi1V6kBvTlinD?(Ib9gLAP1K7s9A8`5p&k@7bG3hPjMCpDWb ze8GLb10L&8RcFQbp1Km+6|E7-*%$o2!WZ?js2v^zYl=uw^Xa&X7-ZSAbC>%&zwGJi zW}eQrJ|?saX71OPf)Y9yu??q?4rkgq4ig`ey@9S+j+(^s%v_bp{Pb`Xl!SLv z|5VzfWC}`k;#7yHRSX zC4jAxe5vB)ymy-Z3>PrtjGbv@_bDoo1#)Uybj5?L%3x~xCP%=bedjO%?D=DR< z*v=Me3wRc%$+{uuPqCe0x`HqWS65PlGbZN!Crr;3F!z3<{Mlrb#JW${@if3ilY0o{ zZU@I{3@h+YIl~@5(NdoRBMU09$&?Bmc$yAlv@KZy7U&m(K+8wnTxAnWlA=3cPNt;% zml;+k>AHxHvWgx_oQRt8gyZKlMB>Ep7wxd;c%?DJ?{>g!{3hlg(B1p9Cd6!8U=Blc zo;nFLdCXxRbis(te6IQoY4Ann&1T6m&xTZ#serirFYM^@uekh-<3#nKpmly?HXGxZpP3JocQ~%`%~*hkop&431K=mDYy9%}3OT`-bN_X%y!9__ z5^E*1RFfsMK!=KEFl`cTz;*>F-_@wtO(D2~q*4%~ot1O3+k*mnHp* z@KDdWDZNuE_g#p>WWz#TQ@MvEr*wVmu|=`-+t;7@PJqm< zGCnv9n3z05aPq=CIg`YktRN$rI?0!C=_L`sf!KPGK7~PAbZe1ELZBoNL7rrtP9cZxD)qPU&0P6A;_mg&%Vmtj22;(Q}Tl52q0b=PN+A&IUFjYg0H7 zMUtT^#vT^5?%nSj6+`Nl5h(B(Oja}*=G^HTNm-*G!J*X{#{7NyV7?SQj*_0P+BK{!a)~ND_QwZzm@17K}980HfA=KW1wEu>3EA)v;4ZX3?f*^a15f z!M`ymscWreEkik8G^R$fpg(O#MlV$w-`~~oN;`<(%gY+q2~>xEL{>ja8K}UAZ%&wy z`n$03J4cL(_{0}fIe}nQboCh!FiK@_U`{smOp^JHqt927K*r+29`*Z9eA(aR{XGE^ zz{_Z`U!m!AvTFPBC!uw@O0|uXltBoduGADezM-T8oCe; zDT~10wriKnersUp3%@IqnQM|dm5!}werx)jT?2prHu6oF`J7`{Q4pqW`ZbA3{#b@5A}!LkTPY~rMYGAKOi+FF#%9sA@REvc+AjIDd0vTA-1GhPF zh@|7a=(>;v()+dWJIH7YCgU%iljGMA2NxouJd(Y5LeTG^g|@erqKwO%rz>dZDJEN9 zPUhwTT5oA2W1v@>1g zqkR0}zkScv3Skhe?nX)9q&uys>%F9~+vuJw{^L6?8tbQkJuhzj^&P)pu@Q%p{-72h zL9iLhN1n$1rSERy3~%*rL%3V~%pNNU0j47eqC-h++v71=N(R&xc?uM*Wh=Jr+Pg_O zGYe^WA#iGB^{4Ct7bNqlIX$lvwxgi}_#eL3=?^ z4;y(6%jSoc)qNEF7g6N}ew%2?V^~Ri(4kR}V3f3fz$t@6d^4eGqeEtZY=#|ifMS32 z=>p}3U0)eS7^;8ZX<(@cava5j1Ks}h9V!0$j&)Y3#|D2cAv+jB>0Wyhjma+ilQGfW zyOu`eh4cyQd{{PgKKwiyEvEfEYjl2=z8Tb1mE6~8@RwRPs)mBP*Q+v=yaCv5XEy}a zeBOWNkivPAYrm*i-p9@B-7ozbZB^679i<22UEge<2A`BzU@-{n8wWYjaJYHgFfsxK zgV+DIU0qT8rAhf(^=xbwD`ndJjwnmQ{vs35rx>q`Dw{9F0d)M>eVV!S0Uf`5fs^_e zMAA0Qey0R|;9Zt#riTc3Xo5c=g8{bVN%(b|DOiN|a%D+7B(2LTwswCG8eF)SX+ zh%fUv*(w_CFY1g4^*dHr;ods$Ics5+kTh;&odg&Yoei1Fq%=H&+t7^Kv*w&MeBAxL z@0j&j^XCzVJOz>ScTVH zUB5G8JFr**7<+`yrHJja|3V)BGYbl{V6>oAtzSmcA;oN=y&5{~)F4Wpk>Dp6o7n+(lz6Efq&|)`Q6B<$3<@V}V zDVPc_4|k6*s|^1PgR%_!1BOBWIFZk8kNh15<*(yJbno*|&2kx(v5yFN1&Oe@iu0G6 zKbgU>sA(Si*Dz>dIO6~U{|^Qkv`GsQLTHBOAh6k+B)Ove-!b2!>XL$6UcGNN>!LCS zIi7v&Vhh8DfoL^bzl>i)%;sdpcUAhIV#Ds+&0*&dN4oElW$jXdvllXlsstgOx(Thq z@&Ha4>CwXGOb($!`6{3Zdd~EgHqM5IE{kE6MC2wvi#ch2)d)bF6Wb1%BK{_q@2b$_ zxt@cCG?&IJUng$0&=tQIpx~B2%P0?x7p&p!OD~HhwE%J~?uCd&$j9xM6Wb-7=0D@a zks0G3aN{K3V`qb0K&_(zpU^Rafb~{&6TaIn8Q`NmNBp)9d!}Iw_g8s@5hsI<%51Ut zzKc|b3HAJSrTgE?qr&L0PYsSSuoY)HOZ=HPx@naAbhdKJFw_j+>!s0O<a0b`=vT zs&a~O^BMbsEMEfWJr{qNW)M@Iq&eI~qvwF$6s4h^sRd7vCWy5cHOfWd31(n3hZ9P; zd}(=I4;)fnvIQGnoUkW#aqL=!4C*M~J-HRKef15EZ`zTi%uJpMnAn7rlP^Rs_nIeZe&KP?r}_2V$GcAaj{Ipuf&z-PsC3 zPekI+;W&y>T;q>0imIrTZt8{>o$rV7!`1r$=dr)n(Maa)8>8*J`I`%@JT!2vnueVE zKh7g^9o5WP{I226lgDft0>Q?eF6%`7SMrP%(00037xj4NX?Q->HkbD1`Eh;9+MxRh zi5;)mG~}bpvUKk#K>q{&ALtQzloUxay1oeC-C92w(X%jJ1ljkdo*C1xk>ia0>52KO z&+fL@Y*)??=8>k8=C;Axs6DaKW^?Xmdj0U4^YEBGG-AGrcg;XtY6l80Qs)&AeXy1i zr0=@^h<5h<*JzJF-m;02Tk=A+Othv^tbe@w@lqm+h}Ba0k?CX`gpk3RZI(_ih`<^P zO31S)ide*Se}30DvzIXc>23cQ;OlS@? zD~+#tm5?*-?*jxGuAPK@7~usI3n9-*egO0s+}K(+!R^=e0>#`j5Yaj##=0fpyxCc- zD)cR?((kz5cN_Xie@@h~uC4&cbIvRjWY@5yLRIr=&fj60e~-+`JZ`xDuk08t3w}pw3L!3#wi1(=aD7$%^a;R#l^D^ye zt6BEL5}Ynkz!S}PW$<85YE9?^?t3M~vgVJA^oEo4ukM^J;pi<&wlB6On~LKK+=ek{ z;V<_ZxiF2+E6o*m5+AsD+_N;r@}joh*2rI@b@UhhWj!X~P=b`-(&t`XhO8;+S&hBU zbJfX1nYLb~rpzh4Hr>if$fuW%Z*iE-ML}ppl>U+E={tGH9=|6o9$>??`o+9s`l$y0QDJTbP zZ0<~b-h8s#Ft*T(gQSwBMj1UmNRsavy3Rw|Okq?{B^(_w9ed^jSF{4$sW-cg3+?aJ>l;M&|L5!Q*>AUeZp5C8d>)fc;P(;im-c*BSRAjQo}4H!;+c;-ZMX zN0L))#t4&Yb9?!7&td;e0vna^8y_CR$A`n?%EUvB7dIg5OQg&Ec8LtP$k7-D#Z_o^4F{(no%%4PNL)S=-sW9*C_%MB^aqaz^z{7={|xWL{bNA) zzJl&rn+K2{W{Sjnd0qBp2hSwq&jC7{q59ZwuYeGd`t^+8SFn`n7aW^SpUy z-=2hVrVwt#Dw2RRiZ?}&F`e_b;X;={M=PvjxW5HxxcF9mHe7b%DA7B@UT=GRNC1Z( zs*FhcEb0^Ui*Y$BYjGfhbNTOgy3a&CUtM$tbUo3Y%)OfEhrKLttJipM^A*e-lit{G zb1UE-l^`77PmU_S$@+B|@cDmsAGM7{bJVdQ_Vl^kA1}9R$Ye*o@Oj-EuQzf;Wg{Zq zcMgYUj74Sf_&l$75BczTT>+bLYCZ@M8mfSUrxo4@diwRtXsu)ka)hv+?B%2;cni80 z?!$&W`noXz=Oe?440bm!L~}$%djcU190c@Thd?u+&2lbcBonso57oj$(iV*?!d(Q8?{8%AV#P$&%SlOjTgKCs1ohonIaH8xZABUr0 zF-b%)DR?q!th}@n#;xBIxkudiuJ<;#7IDzn83xS89}+Y4o-%)kzd$S@lc|c_O(EgJ z%0bnVcQP6Bv&+d#icbt3bbQGC+651u80;ca4VUr-WhC-?e`Ax!6tU3}B#F~P- z2~2FL&za&vqc2`OT!k1>a5p>91iTRs$6YSD%;DVij1I#WqslJ7b+MJdD?Jda?S&SE z78-bFt`lvPeVhSoyfTkzv#`_^48^1752inK`$-FV80vkvwC@r#Fy%k@M%yZV z{m>r0H)gzFP3;#bZ3DQ&QUmOjaY~?AFmp`Brtr}~ERSt3#f3BaG^*d-gcKVS2h0Dx&1Gw4f^E1S8zn*- zH9YZwbI-w#N}y)qOf7^)+AIEixCQ+H{ie{h<;*ECG{1Q9)FI~=v(a=tpiiBmbuDzf z4@tL4JuO6%NVs681r%?>Kt#5GO`J&0h8jLN5|lO>1x`lMap77rgR9u%@Uoezsl?s! z%Ht`>@M>qr9hux9gs`-d#)6x#(&3pnH$%+8pM^Ge7HF8To0r_C^5TafP&*8R38VV; z$Dd(*V9B`MsC67`R$ZF0?K;zha?AcV3uOUU!9%}filj^$IwtOrRdgoOy;jTpT1k`{ zh$+5Zt}DrMUIWdMpJLXY*~s@>z)loKo6GU94as;7GcmWE=mhh>s7yw0#~*)-wl|jJ zKI*MIxM0uF4%WT(7o&j+bh;k95234Dk)o#MCMFpBe~drb-ij%w7|}VNG26IW8Mj9zvG#W1FFfA~L8+iFGW`QvL0kLq3nDC<(^09faqC+A!eg zjEpE@%Ta=k8Oe2ccmFA-UK=a{d@Mk+CEv`G>|)Tjf4Vhth#AV%K+w2l!hU>}{5MTH zsUu0>9z7|*(g=i9NFTZzQE!o&5>IfI^_rDm>8a@U7WCn+sjr$%=|80A}k78{Fs-w$zci zGnRYQ80oF!4TnY0ouu8G0sL`Mw}O@)sdXi!{9Xunvd`j_j~6rnA>? zOJkB2`|9%$IIXPfGkzZaw`hVR#!*IJBd74Od@ zEY?_w0q8myJ!H4PWaD@_v@qs?dFEvohPEf%o{{Flp1PUmSBOC|4JZr~G_i`Xo- zhAW`4e{9Xw9aA?hot2Ciwi(YKliqJoPZ*Vf{;GR>xSGl_j#PT<=x|+L@oE5Zyx%wt zyJ!XdRgchi)({NYxYmorl=Y@xglof4bkR&`vu^LKwJF&?=M=fNT2?cZZ#UH}X?HJL zqQ`vprl=T{ifb*5Qi^Z;b6m?rlP?;Y&w>fc5!;0pMy7*n;}kLT-Bk0v_=4krK8NMJ zlC{@PWfQO@oC#&V@y0PZP5b$YplS9?D|XWMO|65 zT}{gk*+dflqIa7O%e*{E5vw9Kc8qxmcsE zQaqOgWwkHu7!_MSwj%wG3CYqMC1g#q#mSoe#qgI8K3p2gjbMtbCU0=0=lSG^ts|I&5qjsyBEO$aR>`Wg8%rFc@Y4XyL z2Ogr~hzd_7o9uUM^yZhCNt6j9M7VFP*(nn$8Nzx(?T9gz*jW9*FN}(uqj1rwP$)B| zfsy#U#1EMP+^&~uPDb`y>=nQ8KHmsMpOhqVwgu~kK*!Ull^*?T zs6xz^0((bt#ZeiNd`kEUS%571ih`3()GO{?5eH*#Q&y~;*DPw-OMx_Ht4V8X24l@3 z>by>czYkkdgKw1C`4oYe_1C^!CE_;R+TBzc^Q$=kmT8asuRq&on zt|Zk9p}HUai3;bp^6H2|4@B?=zb6fB!SlT`Md+D2Vcu-d!Ebk+9?gg?@2qpNSaK=R z_g_flvtbc6ptH}w^kcUMG9u9o(sCiQnd6TPxn<}yZv<)4P*jrE`JSA_@?$y&L6r`h z4HCkJurQrNnxn<&dPCC=byrvni6y#6Zqo*ccYnqpxz{_WY0yGMClfi8CfE8E)dq#r zQ;xoe?ek(6o%nE7I#`PKJbAV%~iIoE4E1P5t?_y=}$ zqCSy8Im=DQ=!+(MB1wK?;c1?W=@+UsURQy9qG+?CwP6+9%*6ejm7U&$JWRchp|>(E~ey)l?ChOg-Smq*}Q$cZ+t{D!m`ha z_^7(5NOFlKx1qVmg7LcqtuNydMkH3n(P7A>a$y8j@f=ueRI?mh2l5f|(KGJF7A<9j zHRN9B#hXsA%g;-L8ZHHg6e&Dm2R~0k6D(*j{1Iv#q@vC)q{16GA}>f@5iRb@OK;jq z&iFifa(RX(KmwI#xP9~*K5$8Ce?|SMXMp6kG)o|UIzyAj;G*u)YCgl2-mxv)#{wn9 z45)jVkqF_0{@B4|lMWwN{R|1`_sqSy+s#QV_wLlQ6Qd=ps|=YdLN_0V;ut2)3}14% zW)V!eXiZZ-V=={?DrYKw#73LT)Bei6 z@yr*mYt_04-n&+x&%-I&@YP|cUiOJT0`HVUW$|to9B!l14w}%E@heD@ zw8RT{rf}oc0sWomdp%2gIMFXfqq?^P1-qUE<@nUlZ1(~`Ec&P6Sz#3#hL2G>a}5XQ zDqacJkwS2F(aJF_W{kK?CI+l9=Y@mbL18?D!FqrM$T9&7_AejAI%JAudS?Ua?`*W9 zjwA+KCTiE(TSad)QdA5+7e{3kCkZ)%5WS!Pr{;Uiiy04ipqcWvYsQDwoKMyi(&koi z$NsUDSYD4$pJIOFC}=p1Sh-Xw2Nw^f@xo*7NX=Kb80~1Uay7nhAm5o+qj+JOfZUHt6d}-zjB9pwo{uhVA3ZOYWS}z*r+Jfo z&(rPD5j9g_K2BUivy>u%I~U0CcC^0a+w~|%qQ-hk2lcOcmwwZx%jV_^!*0Bpm1zM$D4|m<2q07u_R)*}^pO2}K)C;NT+p z=#pb+pmO`2S^EN|F7KoJ#%U2V{y!|!UG}XY%8rbv>|;hG40tJWQfb&ZN(ar+{dsmA ze{;f|J+UXUHYq(-H%egc+IHr?$GmPcc?$78)Q|NH2!)meGc?UxA)TVQfVG0il zxGBu`e`DgBSJ3x{-aE;UU}+tsON z;PO}1Iu34V=2bNn1ywNxN9(%mA0@g!!l(T_a)G+w<^Ah$O6Cp_PHqCvyrkyQt^-*j zIw<8!B(;t?Bbq1`k=gpxntD~^;eQ}$&ly@M8WN(4NhzjYDa1o_5=0b7W-sf(Dl!G; zr8E|;g(VlWq9zVVSTe{IyN1+V{d~d2o`WR;zWU)ot&pQqn13LT`BD3}Sb(Kg66~^U z)+&FeKxixDhQ2ckyY$^w+L4TadqH1tY>fbJyb zpyn7O4}LrL`0@`eZIORc?lNdVKT#cKpaNIX^<$1mm1y10d@l}5BwKMhzjWHq8;oy< zuxVGo_{y_E`BZwrPE-+v!Sp|x!3}K%)q^pM)qXyiMIG%DG6?KZ?6Do*mkof&v*XS| zY?Zp%T3ll}2Ln@Ly4JX$CiJ(5CuLTj*rX=!=-Too&0bj!JlsOdgxsD#uH+7xny%74GY@Ac5#l{?@sp#Tn^ht0gF&HZtDV z7#FMLVj($TOS4C*Z^%88pr?BIJh0wdS(~$7`)zEYzoZtw1SBejP{0iRiegSzOQp!Z z2a>AeIP}^Azj&KZL>|r09SLd(EBq(!$JOQ5%-l1d=tKt3`3_$_$ipD!T#EP!zCOYV z?@p?BaGZ1BY|9_yd=X!_`8i1vTk2ey3N17+1Ee5HB)Kzb7v`rJF*KEeq@?4c?hDgh zgmXh$CL*E-{h|I>QnrHk17Ad!)b+$8N2C>s=p=EZ%b;+GoS7T#artfR)o)}(u);#^ zd>mxFiDvXEHXbJL8!}$>&9BmUDIXJF4Cy%eABi7@MpL>|QzUogF-c)AowJ*v(ajN% z+F`UubAVsrXS`sB$b9KUI<9UZrT0v()t@780r&r1Jl8z&8pI*3+#cBwIV#XS<07lZ zx0CmTeI1ZF$=7}p@Xle93R53L9T6MuFWYk~)}q-P24PswUe||1SZ{ouiwhsi(10rx z35V`Apl@`J#0kfXh=A~=3!2j(9BP?4m8SA?cEK(fE{-xtsQ2Jb@w%sfqjsJjRKu4o zE#qoqy=mb_jprT3Tf%Sif|Z|C*dQZNpXLMUS{tb*I+W!Vx-& zy5Vh@aM@UYbkqkCAU`^?9cy_tdul|NO25CYC6MRTC)Qgq0Gz8W=@xM>8w8Biiz(ec zP@i2G=H^`@(>X)Px-pnku0FT});TPBq4V%ayFCYNM8zg*=Z6#;Ai|C5YLg^dh=3y7 znZYxCjM3Y-(|aX3-x6O8iZCEe_%U3suHs&k_}+N%8MGgfiz!QyBnZeQOQkO61^Si*!pqH;>8kSX zY;TI`?CWfvkL?MjOuHCl(-iV~=AS*W48=xn7^BLE4E;YWO_z}ur{^}P_aV`AQuOc` zJn-75<}}kkekkJXEXSE0eK6c(10|)36M0m0ax`Zax3O5T^1jYOAWq($&f6{?W~#1d zbe~OIEF9*_TpuAmeY*VVk)7e|6e&`1n0&A&XW1)YZNcgN)APYtT%|93BrPhY=iDE!yU|BoL%T9yBwe)aTGFaK`??#-_WLu`Zp z{BfS0!Kea1-_PShc{mxVsgWc`TpV6ff5Hy4#zWI~$RlfpHNk)XQ2I7tUylQ-hw9ga zO7?*K=a0v6TntdtdC_)Q-}hi}F~6_OgR##PpG3?r0)%V?TAl{sAQS0~WICmikq>3b zCe#O_5^qYVHKZ={t`C;q{YzY@Jte9T#s8Jw0+Pi-rSkplVDP_1Vjf-1lze|4YMnJm ze{I~#mOnI>@xg}=9|qI>_vY(t9rM6llXzk|)V}y2d*V%dNoRW|nQ=l;Tr;(_bsmjO zys*kGGYeAThojNa(O*8K^5@%_MdwpK*5t!u`%A?mkCDnvG;aM?sj~iI*0C~I{M0-k zU5y6+%sgP`kp;}(D4?2yI~pB5`%88ZHjBw%@CW&h-I717`^F!0#q^KNAKhvte+>Q@ zreOa+|IgCD%uj zAW5wEn=6=39WQF9Y0u*%2vVi`?Tksu{d8}$nD;-(hl7K()A^s$er(L$uL%uoJQIy$ z`%02_7V=4^BQNdjs8FeYup0G3o$&) zn1~0X!(|nQ{MXu+YdZP6VNW0XM!Z`9lK(~%p~HA%ZZ8Pb$bUyqj#lNruO9XC-*#YC z{`>uRlBazm2UZEpSjj(AnapO4+R#Yf#;m#polA2I?Ru%Lm)bTXosr_snX#SaxYFM{ ztwR<6_xRxkt2%y+y7&L1qsJ@xA0IyZ>PgT4w*l!vKOYdXtb)v4X_kb_)!*i-LH7HP zy_6mtpo;#Nd8hjrHT3`V(Zi!P`R_^Z|Fadi_n(KCJUYCjYC0Gwrpb^c;)cXLW@E~O z!QkE7w-;Z3c7MV(k!&`!IUI&VH5J!GE#e@(jvovLr^gq^r*FUgjB{OYr#!I%#Q zzPOG8LH%Dm>EC}qem5VaQdHW2*x1jnKYL{UnX0p2fA-k?+oU-S0-M9^>(8E$dp2iU z_O4z$UuO;H53%>H2eo)62mx2cKnQ9uz&sR8PPDEIq=S1kaykeVebCHx=aI zG}}+J)}IbOvn%-NVE#1y(|p9A4(tn)ky(E__$>YJPY3CSr$1>r`6=_R^b#4Q$io8` z=^TrgltPl>FvT}A9GXYPwEy8yBsxwsIruDH#{oIWWoAjQM-#56$z`IL^hBgtq|?nf zG(#VzLmpZej6+ZQDR!r8%w~I-E#)9PnKAj1WSdC7o+}#ETzLm%5&crQ{gn*4NmfEW z_gQd%G$MZx#RBH(`%|j!=N6vabaL?E!D!`Iqr&C+!RPtvFayl(m$viyk1M^URI#wa z96i!SX78tfEKzdk5SFa6mP)vaci{%M|G`X@ww>4WmcuCKF|S^nL1 zl7<%I0Lo9Fd_s6f^zxeuKF}?Fo8?sCPlx286AU_SV)3rxiQ5%_*)AK3^T9e);LXAy&URe>P+rnyfz0 zu)VhSEXVf2=WAn_L4MCz^k)lLeDFVrN9Vlqe~>@P--!<6(KzSo;cWi%(u_@4pBHZI zpOe4;ecs^D!63Zyxg^7Q5lau2Zd-Ej*~aVtVACHij=w#aXJyVFEmqz?@(l3Zj?qr{ z_L^AMliFQC$p|g&PX4;H`c%~J8I+IGYmFZlR`kD=KMhSp&@dyM!;`rukn0$A_Md0Z zzFO7)o;`fl>wnvT#c~|8qXAuX&lvq}^w+_1_;RKKt)oe*Amwq)Mv!7Ru}~~`J02Q6 zG0*)sn2L}sWgMR-mqvas?#E52IJjcB*TPt=hFM?fKP)%l(PS_ru@oWGQ*>Fd>DNFt{U1I0>d9*TpN9{hJnrd# z8*p##7-P@b_;s#h!Dvtr*10EXoJUsjFiU?^JcvCfSASKbiDzoC`JA& z*C!=2nW)v@Ni2Lt5|xLiUnV@zLmmz8nVx*EvMhO7Tm_y@-pgjh{Gpjm${6p>leE() zWz9_TkVTpX`7rtF(tnxk!$fJCxin7_Druw{Q=>uJciwAy?3r86bDNrVFv!>WoE)Va z|B5Sr{AXKjD4LKVxlA-s+R&;u zu@~9E??j4Fw<3|ld@jTEt3kftjAPgY#zXQhu_0GeJzug+v%njt0AXffS6o!0;|?Sv%ezgm!V$wZ3>1Cq8} zXp|p7wpGV=tL#ah$IP22>o%?xl$J{ntT;Wu4696T2~!zpz6C{YoPuTM9*A?Nfk9CR`P$AxUU5 z{o5PE>|E|DF=dgtY)meT^y*Ni56Q*_Us$%;7=qVSU8%!4;~K`oA9^AaFb~b`lU+oT z&r;SQ*@P=CZx08AY`nrOtt{==0@2z{d!NeFRI%r#yvB>~&dJN;*9Oy<6YFQBv0*9c z`EQle2IsNVsesjpB*ZLCAYZ)awdFo&b-9rHMO!si7Ycu zI-RE!yJwK5^1wY2c`VlIFg86OrU$OF(T3UY2KVj_V&UhL$mEyxJ92&J%;Qh7o>=&c zP4YjtF~@r}j;Rc@3{P!!s+gBvQ|YzZx&MNpb&;@L5*D(ol>+Kc)C2 zO63^{b)TbyWTKVPF1Qh12KVOKpyy2tOC8iN&t7mciG~X$bQUi> z|MD=M;3-!!F~*^PCjNx!Y?kDBo_W_3fj#|F)sp z2F34FTJVYh{d8}5G|8*r&B?<~J*4r%ucV0nEiM<`nzFdngJ7SsFOtA=lE>c$xn$Otg`JvrvR3G%H%o@5+T=Ss~u= zQNH+l;V=9YGpV@JEYdT>XuN>(u>8*pe-XYvKlDp;=u3Yre#lk9#Rl2$(r=3zy^DXg zy2P)E(6soq$_1tQ&qgX)_(i6sFO8L@fbvq@Uuc_G^Q_z2S&CHN`jO_BxZN14HT9;8 z2r{@wUZiN6ij*m~+wQHoAg0PXBM*lQf67(IocQOGtGt`)UlhWh86{#&{R7+7n1tAqJ zQ-NvzL*CkcUX)|C^3gr=Ln^W-S+4!O*o-MwCP*f&&gVM++FCUP2^gJa`g@~Hs?t#(%UR6YG*Vy9;Je!Vm5iI$5ifuE|Z9eh_GnJrHHIO!+1ppT=&4iGVqDMjV2EsP~?uz!{?Hn=61(jK8Hjr4i3)t`^DPD8GhRi=m+C(p^z!-t{$ zF=U~!@I8C-nrG|F80}K?mDZ0Rz2=z%yO^aILCMu$S8`m~s<<)#*5(k*ZslcRI#+~^ z20ThT{ASTOly2$;l@peGTogEUG&*`R`df-{6^-oGXoxq}7K8D;MBx&PSk|>7KiAvx ze1L#s55hyyE})=;+Z`Pka0SHeiE#Y|9w)l&0orZZebxMk1J3 zbzX?;I6ix6lQ7y^kh#%D%?YT;Xg^OiY->gQn|WG|1{YJ7y%-jCLDx;SgXX5%c}&~A zY`D3l+00=+UuoxKLSC}$Jpa15I4epoALdQ7zuL_)`SOI+qruC_Mg^q;(3fN>!exUD zoSU?)$I_^-`TW+*+N+s2%IwFZKzKBG{`>E9SGMd7M<$ompMM@MF8J0)_t=6Rj9Yu4 zB5{!FG3-W@lnqOv#bq*1?{H>~tl656O)^a~Wz=VKRP?tP#C2)p8I^>^0GGGvMUa__ z2-k+y3iEqPlzCl}7UQ^@+rNXXXs`LZsYJ8bNmc|qKb_H__bY(`hX4OEWkISKj5ID5 zw1)pb`s&e&|Hq?8j~+hk`TsWH_umh{ATu65H@5gxXVAAX`#Maw#hbF{n{0Vf?%Ae(U%GwQcQLc<_9gtzs&tSRp7&*^ciA&cqi9GV`vH2$t&y(?( z-;jg&R@GZ`_0#*k=LLFWy`M7Of6X>JNtAt6Pv#|4zz; zE%P{plb(3w;#`>@{;)easkSbqEXNXFIN_}**h2IMPE$(YRQlwIjQt=!%i!#}dj%_c zibA1WbdOk}tM;_9f=L?2`7P-EEA#)A^$c!<*qJA5a%KN(P0{Q%##s$J9CNB){Z#Kw zSxxI?Lw3Z535g5w|B33^=PuMW6O)57)-m-~)(hGYA_8AHF)1z07X%Vc5yrABshb*d zAw@$wuA@BkC6ThB2WS+;DZ%j2@z2?cvB?+xP@~`rTN+Av__b7)LNppY{SbxPQd-XT zzsdN|W|+!pyPH>7-TH5G`qUWzCzDAx{_iANpfBk(m~nHVJ=2{GNIO&AM+r@^&dF{# zjY;$A897q88+kOyzLNb%+JZa|lQ{DLJA|Sq#&$%;S?x+nuA=DCu?lM;xz*9=;lYHKK>R;X8OsE;V4=W)*ed@p}%GDlkV3UdftY zimqTCsjyy~f0uHhLbj&+181JkwAWoEHWi`y7&KgKZ)Rq{+0?}T%dxYWH*k&r@5yLl z+W+zCxWj+%B&h~GNRkZOYQrq3E}tR{+rtAh>57M}*8Az(3(;iMey!U4-FM(!j59sA zfu>hGU|3;+4&zf9l(HnNz!xZr%kY~dqtPl<4^nCtL5_Y4R*{|JFA&Ca80TPO+V}(# zAJdFGiBPa&kk6LCDAly3ijwZh>R`qmg5n~otnG_4=r@}+UwU|a9tGj*J-4ssbwWV! zWM!iC8UXZGyv3HhS&Q6K>v(3g4uh@k5+gNM9qKHyjBKUSFe~03so$aE6Rk8D<+;?M zxGb+PdfQT7sffagUh@Le+apz>;3h_s@cPn@1$1tVMr{VFPgzAyNmj^AozLp>Vk-Ts zl?pMNK*8%tWVCoYDUwSw8uEbjzYv|vS7yMPRd=@+G{N{z)(Yo(`S#+&n-{NNDwm~^ zgX5o4w9>DBBm0hQ(qDLf8RW||VI@enE){ik`QrR5$fIr@g#rZxdqH}pT37-l0aQ|) zoA^T2(D|e`%$!&*GdSA+s%;X!W5aUCF+-H^%UsXPbGeEY&S;fl1eGgW=FnEjl+l?vPo@TPJlDfaW!9F@Ym9yJKh-cYBTv z#Wj-TEX3loS}Dgu?=Gs2wJR&df3}LFLe`A2;e_iT!^q(*PIc<77Nb%+vgfd_3cifQ znIZKquI5N-Tv;mq$(3vsI%n3Zmvc39mC})Yjkk1_yqc`83RvB+E9F{qxQa8qx+^7_ z#1*qDc?4CM+HNjsNS9&t9vY=XFV!D_zibx?!VK9FiNB0b5U|C`bSSb&jpp*o8Hu8GtBh` zXF>~y-tYgX{;J3ufRJ7}b^)W{{t6fPJUas?3PB#OAX?{^cetFx#+rQU5IbI@qv{Pd6Pqk$6;R6-frZ?z`+6Lpr|jr)$eu-vpmt@if)J$$4Vq{X zqvdiHr9l0pBo+T>5v1mEl~c4rLK;VGxmh2M4^mq&eYVNgwqo!9?l^FxS`2Qg^Pq;kho23-mS#{#Zkg z*9XInf<0ySrc^QQ#o*y#?>qBq>5^+|V*iu*bfYkU_4q&Y{+H4C^t7}8yGX?Yb~B_y zVE|weT6lzDIv89QGj?u1k2oBB2i`hXKaN7{6snHFcjuhBgVf0Wqd9lqpf+GT^Z)Va zbZpN5kGuK*Zc@?y>me7^Jx-TFK+nC6A>f}03aG7@!1RNw_kpY6P;2m$G`tHVxKIO8 zXd6vF*rUsdJqO**C}*YSzBXg2;)eGg*BL*2b$PBoxO{aXA4tD7@?GgVf@fgw^*YPn z;Wuwk{0<=!{w;&Qgz@@|Mn`B~#P{U=I!Pi(BRP)1xl_`%aPt|5rW-uptE7p#VGhpO_fo-qjQWxQ^(_pAQCw zxK=s>-{E>Pb%W3vAxoK;=r^JD{u7Lbqm$v0f7G*S^6=pKGPc(lxZb1F$Gsa3GGx%e zFFB0KbXk`Q8g62EVnosj|RdT*UU@{s4GVPQSyMZ6(A@v-~vHc|`w z?~DPj-Tyl|GVK4!c--y(?Ib<2{qIoV+ZYDgBf(opmmqCyO-o?f8?XMi0@eObZ1vYj zP3(W8Nxzb6@ZY2Hk-7gjnmq07|4x!(|M%e^U|=)xdAf!NU_VBAW&DQ&H3|{@qcU~~ zy;Oyfvuy~lpCwV46Ia(k!4dYr;t$1l`hDMbAA=eyNDZ0@m!ZSk&0rc9eEarBvqAZ2 zHYg5fgAK>C!G;6cU<+|g2B3KZG6x9L@QXDPW;$qw0W7RZdMYt%Q@tB)MM6fw3WT6o zm|XXwFw1*CfZpdIpDlYg+$Gr;zR*^6C3di=o>dnKBWx|30}P9jr;JZgJO>=M6|P_r zi{j;45%Ud_B(v$F02Nznqd*upR!6}%w$(=>AKhAo1VOfyTndjYD#G7}@xrE4DQL2- ziV{v)S5*vvhnKbGy;}k=+bY(yGi{|Kso+hw#-idl+e)uScv{-bd=+N6e%KXS>Tq7v zm7GpgLP6W=uYg3|3Qxg{ww7%mNs9_NwO_>*ra}o`b=x{^ zs?HWPvB6!7%FsPndmpkQV7H)`bD^MldwD8=cGEFhMb~ag9}{=$Rw5-3-1a(Y;9OT- zG@Nc*9WseEauCkJyzQkjn6Il?hWKqQSH%Kb#=DY+s6m6<>!5*#i&`*(%5m1f6Svi= z4r#oNsX-kix%D>`(8HS*Z4p@9S~EM0x^j+Qt)d-e?W$+zrul88ru)B*0zb1xo7jJTkyO(oz&ii`lc$CF&*RSj zZ#Ss~*-I+A18{wR04@V30BiwP`K@YKOGL5ZK{I;GJWqPO1adS((HVGueo3Do?oMQI zWOwZqFNfg-F`C0mK}3U*T$XXuiH*|CiL0d+W2Zclk`}Q@d?M>B4ZhM6Scxe3mvA|K zcJypiqT-0EXb)_{zd1s|{Kp`|y(@in$?Spl%wCs;d_BGS>&V3|S(T>FUXN|{W!hl; zXIECaPXp@Kf8*l%?_|>X|Li0=Um8|5QQ))Y&WrQ0E~F{1!lpREitMG63YXYm2H)~f zVI7WpmuUn0zhWc*w(S3Se0*Zs|EEWj&i?Nrl}`SLtKyVV9Rt|wFkTF2D1|5^w{e>z z1HTf#TS-3djX(9(ETPp^i%ge{`Y>TE#=e8NBxQ{1W(LCLPC8lOhJ)9ajAwl z5C-iL)^4s(LJ{hqoY8-XuSqwAxTjY3-_aSQ&i+p(X8eznlhe-r?<75f{kOSpbi=^o z3kkRw2= z8GK&C7);k;M54eY!R%A8fZ5RNgZIlYBXR9enr9$e!YBfZ2u7!JMR#np$a z9Hr3fgLAZ6p&0yneg)=Xnt8)Tm>-hARDEwa{WCozfBA#u;t>DgKeM~|P%@eZvrp>; z+=da%yeGr#bK*T2PJ>V0lVQF}yeI$f^}(+}8lrUuUR}J*ykU|eY__~%IETR@rAyK8 ze@8=6-~Zped~xym<#09MSVm3%KR!M=)%*YGbadRE|L!F9L9xogf5B)4$jrp^Uf~Hu z6lEkB)lARqMF2a1do|3}=ITNw8tAnBE_50vwn1gpPLEu$rhaHgOSHXO4(~?V6COk}dh%5pXhU;V=3Z2u>49Mu0!WFuM8NfVopZIUl{IJpq ziV5x~$TBnwgPf0Vn3C97vecroXrD^ioLnn3p>}Pt2}+lOOBQKB#`N-n11OcPXiYL~ zulcA<>%WZB)qhtX{FI^<$a1_?we@`OH?#(`AQs;f#(omvWr637hTwVub7~mE_!iyl z_ZKkt@oyjhJ|HAQ>HeA*qEG7c0NkT>3LtYf=haD;9$=mEFuF1P%<3OACbe;{_8re7 z1$0hMyTU(tHd0UEM|g{;Wz438@uH;c!Z=USArbn4lw*G;`T6-0QkDHF;pc~f-@y>P zM<9ccv})0*rx64wq0S$q70+QFgb|#R+JNLJt6;LTCHhS7lh5253T+^`idMlr2%-#u zk0z&&0L383-H&|1UIwn`FoE$L#r$7x)TOVJ{v7}S N|NjW|>Inei7628Ito8r^ literal 0 HcmV?d00001 diff --git a/assets/dell/csi-isilon-2.9.1.tgz b/assets/dell/csi-isilon-2.9.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d59b4892a483782ce6f1229b2431f0d51438efb1 GIT binary patch literal 11582 zcmV-EEy2Dc zVQyr3R8em|NM&qo0PKDJbKADEXn)pB{|AiRH%;!dKJ0unNALQ~xVF-2>R7sxlb+sA z#{-d&gkut50Z6t^+W-9x79a_JNwh2{IX&h~YlQ@M7Yksq3+ygDNn2FXfV0lo0t?k% z<1qMYzfZT@?Y@5b68?6(-TdF96dN5+yqUpL5yqNf5LnHgDXJ^(_~^>@`}*leE!7(!g)%PWZ5~4?;{W zbD(04GiU*s zmco+y#KS^15W-4fElqn!kU5n~tlKwlq?WCc&RbS)0;r_q>Sg<7`xqrp1Eqq#4j{Mi z>P7o?`?!ISWH^!wu2dZeZsFDI_6vX@h@}6jQ#&rWI%@yT)`SYUMqS2z(lU&0rPUJl zE(i|PBIJxJUIQArQ$#Qvv`oF0t=Q7tDtHiRBD?LQZoAvCefQ4oJ3*3_B<*$mw`H1X zzH(^kcR*jn{m?CJ|GheDzk%;~sTN$&f8}6$GHhi&wJa5ehq`7+6!x*gf+#^rVI0Pv zTj}@JQTsJiCCn4+sEE;dzv{MMXeOB9YX^V8=O`d65;P9bX%O&R;@fH2Lro$C7tKS| zyv2ewJMf3Hxqd_0jO)KXnJ(we#sNAfGrSCxsoYCG1blv>!KZH;2T1FP6XFS?&iIn4 z9vYKK5J{Mlh%Lh@5n4o8P13`PAPJ@AA-Y{qZ=t8LKvbeR*V>Ze$P+{tn{m-NKvD+K z34|%zvu*UuOyZUX+UmC3?myY{lEyQQiwJ@k`a9|t8+geXX%rfAq??Bgs7s=5xww%% zbhea=hltr1Ab=cwlH5gHsKx<8Xc7^R&ekZPQfVF}RZP1*%+QpiQta~W1PwYvqy(PL zsQ3TS+2DMvzl2yJx!}vdkIT19+8ATuj36#h$aQlq#)=jnp#B{Wqd-^x_2_TM?W5Ok z+DGkf=lJCzO8(vL>Nm%~H43cw^*7C-5Z@WK^#c!K;=RY4K3-l#L)~G%q&DI(Z7h`=xm54Kb~G(AfI^DCuqTM zQHa?(0Uj?^TJ4P4Z-EmZP1ngXW0B_&f}S7HkSdMRYOT|N=yEs+lCs)BFrb2^R760N zO`q$}D8N$^pl?HbXIG<^C9o9{0Rr_~jX*IlGb$kvnMG`PiU*|UEE zR*FQ|L4(;PS0f`qdT7Xkb*_}Aiz?)EVt9lDL9o9@7V$4=M9dw+AwQrkjyN_T$yn2uw{P6~fHdtAE6qBvA3lRJ^5X!I#RdU<#or_t#MJ z*p%d&??+OhK#znPI0^$WVG@YZSQcn|Ga$gK8J#1a3KU_r&|T4Iaw&+B0Cp(N=p0NE z&?@zuuqz9KBKqI9Zdo^4RA&I@oQfXmtgz?=blS0>G+~74DQtxL6_0qp=j&8-(HZiL zyjS*{oxT6<=xmobB!6$)g&OSK|Bm#6AoYSU``u?;(CF{ILY2k=T41TCkh=_o_(o4A zk26L*z1~3q?A;LNy9>>!5O{6nU|AzHyChK{#Ke*uYMwIW8;xAr_F0i`>rf-QtU`u7 z*nB9T#{d)cEap6upu`LZy8C@9D~jYg4azsl`@?)|9H5!}LGWc1&&+dcA6QYfWIhqW zTJz6{R3w*?UXP`*LG%ZH%ZQK*8o>yTw5*e*l=#=O>p;ib=mtAP-m|*{B zK@}M?kNiy4;_c)Lb~Y017HAc28JkEj?QCOaQUlT5XsjR~aOsLEncqr;J&#EF4%Qtj zePxy+kb~$g4M-2>pWVd@@mi0%n5Ce387f@DG`^JV43Eq>;3&i@R^zO2&_mfmwM${d z{crVn^p=9EHHyq~Bgh;JKOhp;=9z?rnG4${6vjdvCUh@Z$8Tv6=s9D%1;iR+T$eXG zrl!0^EL8MUBR8n3iZu?bxo|ofjJQzg@G~tG%AL!aDBF04=~gAE7)YmDS-}DIf$cLv z4A_#Uyy?Dq(a2E)?~Fn=!fJ6rSTB~60*888*Mlh$G?J)f*^U)5T@M9>&DA2Ytmkw^ znB{#5B}acd&M1;ce>*-z$FE*DTrzYaZ7ZZ^oE7g{;yW5w#C!j-+hSAbB4w)(D$;svY*)iky%LNB znbEr*GJiGUBO)Y~dVM$Q8*IBuYZ>{a^hhNrn{S|_i0|f&G^7Ls`$Y5uv*5UWW4<6_ zKe>H^^3@s$0rsWY8b35kIpeHlp?H}2)HnK)p2D}7!jzeD;Sq#A*eAD8wYaeW^DRvg z=*5b7ocXei-YuollWz_@(nA-s9ED@T$n817zE)~tYICFcm4px3iWhnq#Ar>S^2X`` zgguy6w$0E`ZR2ZcHxooI(vKig?LsrBEB#^l2#r=^JtBf~zoNZ`$$Au1_5_L-mLrPF%gJI7K==v=!r@XYUoc2Nq7~q+WAy9f?_NU|ADF7A5 z>A%t0_*|mUa+)%!Fc?6#*n`rIo?6I^#XSmTGqTQ^EzS(3#>6(lc$<+^JYXMMfej zZZs7xv>*g6Zl;Y7bJ!G%MQy>?W@jodO9)Qa4ESD6Uo$P)ENM-#8Id57R^-8McGPSl zv!eCB6gx=U7BE;O+8oKZAt8QKC1_5(t-Ngz$I7-XzRN(a0Fex4XNP<1Ag+Ry8^{|# zmam}B_|>$>9j@V&EaQs99??44M#6Rv3MT_LreK#IPiV@ckAXIvBY=ASNA4ob|>UInE1V37j0>DhA#k#8#$d#5HA#h!qZc#!F&_0}a*k#<9KgxGM(vrBT;s+`gZ# z(UMWKu|-3Ip2@@Ta8c2}udVWu()7A(*L=o(G9gAWiA^=L0V@-A*5gbnfvMJ6^y&g; zfi@gcOTkzOAz{kc0dK8Yq)ioL?va4bsoe(_ONKZ@7!VyMTaiY6Sl|^w1bYhrWNm3` z_Yi$_L)I;`qa9%?B*M~cHc5l{g6Qg4qG^EHja6Ut=ohg23_H)ImO+TYaL<9?U@2rc z2j$)~kB6EEh|cUD_nI%!t=*Q_i!(GXZf{HQfV5M)w@rB`#IPBzG`9ihmXbZxZ0-%Y z?a)>fU`FcDkf{Kq7z>dHL|B)pcuYC(5~I0v03GTE#O^@t4IS_(40lNf94$R0dZ@X% zzUc#mc%*CVsnqP>QK@A7fy`#aQ$5tY$M2+9teFHH7i=4-w#3AtFeB0;2Fie$1@&sKN3_V0+d zRB@#ZSbQpP9vg=}e{U@rUSS$&W$FQ#p5*mC<#nM^XOnj@J;p@RfD-1dVWV9u#OKC^ z2BdDR=3_x(6jb$3n(M))!i&0cU+cO)A#B1Y_}v>66j{%|8bDSP0=d&`f*Sg z(4V3a#=YWka9G%TZU%hxnM@Bjtv7}_+Bm)tIEzHzjN z)8I%dL2zhxUWm~1+qRnc*+!Mo|1(vKAGuVQMD-BpTqE0Hrj1-UbX=J4TF4)Qu(TWB zkk@H9eDvc%=%1%PixKSP+htp|T(XvO{M_NkoZ~n_}BOM%|(Z%W2+u``#cCT~r(eWcrnKH-R zv2RZ7ktEI0dwS|?25#agW8AP#M+0PJKm!b@kcePyCMH%&(CJbU7*SeS_#kblq#9#0 zcKtJ!3-%P)MYzPT(IxcIXi>4R4YjB4I1zHz12}-ER478qgOmKKz>Xp!KWP1x_zE7_Y7&xksd-Qx|^L7~q zRsL2zK(mb@rpfj!)0x-se!Zo3iL0=gv>W=*?5H0gD(UG`EsX1v>l&GMYu1xHapaK% zyp38@tQRRR&=gDRRk>SrV<{(1IdqzV8aq73WwO8vWebjrnPzn3hJi=Y|H6WO6)Q}3 zGFfk>e{n_-PNcSRFOE-oD6_75R#AjQKRvy{(JEFaQY`6|wT^pcsPS2rn2bY@rbXgX zC!NV!DiUV=bj+(mAp5A1YoaZm_(%TFk}F)*sg7S`JoB(pB#gkhL+d}!0`N{)GD*~P z^t%SuIIx>k8)@CSL zGJ1#b6zm4m;^Nrr(3#APJpH2MV}(1Oq=)98gv}`<1dclsR%QxXCL4b!{e6^rDH^W3 zZi|*X@oe;|fUU%JOk;fpmm=JQRJZFX_Y@Am)3I_@ZFax=?z?7&h33^EYT7^D?_RxX zHmccUL1-3&Y4M(cvA5C#S?jX0hX%&xSUO)|MU}BjJuDoJ1N5^NM;Xszv!qxfhLKyd z5-X0d4~jO7DlOzpaEu96Q47ADFA!#lDVr2CXk&v%D-Sq~BWsL7<5JntHYNL3*#H2{ z)*%;U^Ypg{R)Vpl)mo##5jbnOP0A4J1p8RILGBiGs;z3nlXyf;$pWvmg+tqJtc@`EB7EqJNSryl$a zvDTgfvuaOC#VCjcqz_t=4bib=Y0FVVs2NvcQ7u=hCJ*EimhKHmtKzFj2KN z8wq~5)-$IEv(wf13gMrzX<2Orr_i9#26Z~4%O~$^q0Yw)8N0rz+uTGgbagSQv=mZZ z{Dwx6^)W`M3H&Il9G8zRtg^Nn%nh`uxv>HjXWlr&5%#EBqbq@7{~?JcPrfMo1wvd* zh=nnF9Y_1sQTzC%5#m$60vSVP>`RmopB>M3L;)xs_(a4(?y}vmdV5TR;ccvd7WR1( z-@ZJ_8+K?j`!|~b6z0I@;<;V{j^{n1V8rtvNL+e)=qx$rUhrGQXNoYC1ZcZTzpf`; zA#TG6y*TvWPY5eL9X<*VkHfO9@B3@P9PA3Kx$ zoAr~E*Pv0hd!F+QO^e5qyj`59Mxa4IUP6+h{H~2Fz#RW_3q09}0M8c}PE!)Ew1)sA zj;Pu9ygD0Y_N8H$#)goAaSG z*~6h;qp?St8iJGG!PK;b&=q0OXPQ6=0*+r<70_v@>nKFRNST;&+kv30XR4aw*08m^ z#VCu>5W&4D9uL|`VaYihXJ{A^Hd)Y_LTMteQGk^e=VoK=j0-ZHpj$3(h%nl{#tcB6 z@xr}GmmHk;(0fS)8k~a$F^5RT!MSEXggJT~7M3co2iBPO4W-u88eA|?kz*Yls$-!6I=L1X$u(Ueafm|e``Et47sH9AA&chokpS$nBs+#|)S+JLEfSc$4>+W~2Ugzfj>zCc{p636j zcrsa2j~X|W`8_l-zGSDK$Cpes;yh(qX)xJ7KYm2*v5kz^Dlz)=PbWW{EhZ!Em6V0o z=+8eJtyat8v#vE`9*|5LS24w2JG0XjCyiSj-JdG442cucpN zw47lwhd*ZzMDeSgyP`t8?6G$WTnES$%+} zB;dEknJWzpuQ%ImM$1h|%UWa6)L@>KmA1k|C(_P%P0G0f;#4%(mPwn|%AM)kgDl@2 zcg3u!p&LB7KQ^N-!H6SD?i69>Y-_`8f;4RLD=_2Wuw=ssDDXO!eC`yp(ffPS8Fo~_ z$`yj$JJRD^_>{TIY8hHkQme*l!nc@_1#KtQg?@ugvy`bNnOUmVzqS*g?B)TfTn`sjZPSJC8 zFbz;M_0O#VGK~enO4F&(k;CxR5R0cPv?)0QYeI%S8!(s8E}1T&kd%md#=+Z&p?0$l zbw&G4DuET5uML~c4LM^D3Fh8|R5OyseG~Uci0|H~k>)*g)IccS*tOm0jC1`2nI5g% zrwGM^1b%14MXl-x;ThlAgw{ZppsY2gD(dgC122W_w{WpjJVYF?XA`6S~Wvc3n< z!bxTZ}pD=~qAm=0`9myL>ax+#WrE?MX+X-@^ z)S@TJPw(`LM)3_{p2?xyJ2C$0a893AER)aaX?y8DQ4w|qbXieLtNtkaD=6&u62+R&hFdxce_VZ)B0ne#@mFvXl14%ZEA zTXjsW{2fTn8e^_cvP8IeQSq_|EqvT+>9=e}$7v2#&PLm8XHx2F&TKq7&O#+@l?57e z=G`yXm&5b^_2ucieoknDD19qvm$giQgl8x7LreP_NDu2TbAh%YjkQODc z?z;(+sky^eNVe_en=|oKO9&)4YmU>*yA^W4&4c?`!XS2}ZDHTn8q~?hj|Cz9=bz1D z9pkLpO1xELgCtkXxYf1PLJ;iBljD*ikXXAFCx2|gRWv6@a(l@T-<`bZcFRgC8WO%# zRi8bR0k~yy`kpxKs~8tm*@H`2vkTNRaFs&#AJ=D-!S%R5x)_|DUJZtq*Js1aw}T(9 z&j;f&nNw#9)`I_ba8WJVd#KXm_&-fb?I5^dEB!t~3o2~YRBSmts|$KtQKoDYURrL& zIeWLNF>%2!U36^_A4kWf;$wC4s##E}Hg|9~zkM^?w(S7g+4^~SnMD5u;AM?&30lSLZ zF#qlmrF!1_FMH!k{o_#_hd)5<52_{EAu8|~9WzoKTv zZNW|STOD=ZDC1Y-LH|R4eBHl19}NeWR~3qWE?D(CK?b{dpGIWI0OHHF_b7j3klUqh zQu2!vwgp*vUlIH!FM^+h?H4MBo`mgRK>yt3ydg9BGU-L@+xVGkTP^+V*Y58kZ?{9; zE{RRmIA7{tMjV?CfxEt2;J!pe)h=kvwRr2YVv=M#JT8p>NK#NWUw37*ycN}p1AJa6 z6}955o+rIG-8bE*CFE%d`C?l67hgiM$cq0iY#Apf&1r^WmUfX75I#HF|)sX|MkNm#G>o(<`n>W(#O12z0z12~>+wSh7 z#<-XNZdGI4!e5*kv(xe(w`i;OL(NSw7)|2)c)?xS=r5&8P8!abxtMr|!=tBF@e5rq zo>s;G2)lCQ)@9L8HTe8&$lfm`mr@`p@tUtaQyd9jKUiGg( zoL&sh!JDv}3yB$4m1??@FDc^F_g6n&U;Q$wXn>2xxg}-`;1B)r_rpmIkSijlywq0B z(>WTBH;jigJjJ;%s#fENqw(Gv1?^EyN)m#fsF`RuGe znOy(x@UnvHT#uy}=M)wI7xdZt$<^@P_0@1RycquQ%YCUogR}|po=KhlJiYp{4*hm| zZ-Mq?ccRzY*mI0kobGreS`S)01OQB@>oV_J`rE~x0&ow~dF;C^d|*E_r~ za`ngl>BZHL*YAdxgR9}VzTDc1dN=DOPu}MY?wd?5K%?9g=0b$p6w{(t92?70yZ~98u$pVx^|`Bw%m!}_hs#X0dM5*;@$etN zfRb6uU~%}E+{IL>qCLn0%_6(MJvzF0|HI(&dT`#q)cE@q0xMl>OQBfP=xX>=zm(>3 zfon1u{zTRlLO1a&xLdytMK8KS&SS&T5z;-lGz+c(uJfK$`m!a7Ptit{F85z0fYQow-K%v(PRtH&p+w~-U#k^gFH^yj_;Z=6Y)n+jd~#QseI>pFq{vN; z3;h9?_!f9ws@qqeM4Qg|WXkI!p94FoW{N*u3LNAc5yNdi=TsDn=XJtJ@P86d5kK3k zICq|#{)Qf+Z(uuO$rKIHGs;wIwh*Bvuo{?LTF;9Xe9JBu)eFVPk0y%@`X-x?sR=?- zwwfA$$z}&aRFSYWyAz7DMrjDGj~^=`0571IvL!e8^i`_AW$iTYF01p|3F6CQZ*77|a@Md!d=4FL@7hWSx4`?Fk#@1kTHUJ{- z57>+k**lXpF!_+bXcg_v0~El|BxDUO(eN@~;^Jlryr47Ut-XLi^0gjnm>E7w@<-bj z{b)f#B5?3UT<^2>DV_h7C)T^+*f#&ady%{U>$rRT;%WYWlBe|kpR;&vub&h*v$EI8 ziyK3&9BV!F2TZB6$>928_`~%@|3m*GyUXI33&u{#rkX6A#X%W+pma98yc!QLF8brz z(93JS9gg3fUKOgog?ohab-{qRC%&XkJxrTc`{GkN|KTG0y)6CkY@YuwyRTp8@Beyr z^z!NcuTS#q@BS}6XuhPIzkr_m-1)WjiisUk?eBOCg?!9=smkv*yMIFcdtY(3<2^@v zx&!KAcfx$(7hFB0ad4gWQc$&S^N29HpfjbBqbzoq!B8AL!UHnbT6U4b6r4?y=y4{M zz*N(Uvc#h1QWEoW&sTIk;C_eN7pi>$SHG0!@Bfq+Nr0Gr@D&nv@p$CRBP^DCUK@c) z$k~KE}pHe9Qsk!{GKVdHa zYe~Gi_-f_yubW|ifBE%ejl?=FX1CZ=b*98Q$#bp&&mZ()-`7j`G`|CW%IX8 z0UQMUb`%5eOAiMyK?+#@8rlD0itd{C|EKrg_xJ4_m@{pQ1@7fNXuXlggAb=y{p)wb z_m>+S3EdrD;HJaa3p9&LKh=cN>Vs}#`tQNZyQy83kAU`=Ky<6Ot!s#~?X3 zNcO`~vZ|)Dlm8mmT1wHH(sIU`nq?&tR$&yPt&%^Og zHA3`Yh!WqLY}-Qf_8jo~S=6paj(VF{o>Mm8>^;A$ExOhE%ov}AhLPNMHTrT)>56!0 zXZQ7?MD1-mWGCbODZVw2PLMg3O5lAa5!Nz01zhJoxVY$}rr#^imFFhqgW0jw@NBi> zoxzxJbD)aV;$#nYZXJvJOWjo8zIbFhfjSE)VOEzqfpO~-+<{LW55Bek zDN8Ev7?loHsYjRu4JXBDU&epSjMg$VbVV4E((a&?ph~}2QMv(yoq;8QaYQ%3v|pb> z@^d{{zU{!hXycZ{*>GG%uF*A86)X$&j0-Y22c=XJg%n2~7X&RO5ok&M-kkc)3W99a zvQ4=HpSLfOFrDhHiOKAHfMUKa8PzA+ZK&R?`O-I&QkMiGS_>ZLm5ZH*bIy3;f>b~* z+s4WnaGa~E%GH}pRf|y$_$H| z(i|bmsG>MHCjnkhh{u^Pd+6v@x0}ZR*~ilo-9ia_dq7g;Meh3y(_ksc)k3S&Jn#WX zV`Eo6G`q-#4S)rgrf(ZXHrJb8*B1J^lL4XD5$U0Gm_}TzhvE$4EUHw}oXmMRSykKI zb?Mr;E4&Bt?z2T)m*z6*{SZ>~qC7`Ou`e@Qz?(1^c8j-xe#&_Bl=0>%&}8IycIbr4*gK1L!uHQsHd85sy}&13K;4y7!lnMQ_xt`0}o)RVeP!bN4&t z-D0e4lf~}KYH6B5K}6olsZ&kQrd+iuF_T9K`x(%*LaWP7k;hO0c3SkyERk~JcCtDohmIG+vfWr-h+n6iUD1$8g~OC z;W;P)L6X(OjlYM$^JcT*2HQ8{`3O-xdeJlC_V9jA6#NaSRP`X4X}SrF{s9sE5I(*; zx8hL!dcox`YwV28#+qxX-I8mmNa)7S*9n8aZ-jlOo6@WR6*&P8v{-8z%6c}G8rx86 zBb4kPIGSkgE&a?xsYw&uZl)=d2)7Pp_siY1kEc}ruacwey<~yfD*wOB%m3FeUcP*i z|DWQi-UM|rCFBZ~Tc5Vv4ATHL`{_Zf2Pr4el%TjIWk_M>lhDMwpJu?J5zGsO{eLc{ zLTkPh=6J+}YQdH3RBAwoGlIAP?-Z^U#N4ow+irBo-g2GJ&h(ERV4sBgDsS-}>HiVH zp%~udHKCY-V>g0F+?S6?E+gn!3D?t~X5;M-r1(S$%I4?~gcYagIXc?ZD8yN?cAEu_ z*?{4wjKDpw503oDQPdIy`ypwE{=VRURYU&2I?m<)JbLl^^@}I@|0$k>12hr@4xJ@c zM1I})x^dJ-#&SnE)mq?}Z?|I6*NtPRkkO27iDs-M3F6Bp%-scX;F#=HKEhMJB5gFm zVH6PbtAPP?_P1vXr6SqubmmkomeaP!!;Vja08U6!@3_u1;L}csDeFjp0+y>Fs^b8A z-u@aa=)apya};VRF(ru4z=%gY!oM#``|HMw$_5Q=gNRVAZv7TPGW^zF+f@KryLB&< z*4eB^$Y!cTOQ}T|XGEfz;34|e;(Q3TPADc zVQyr3R8em|NM&qo0PKBha~rv_Xue)ns6%e_1;uU z2buv%91jN*0Hnlt_x|=6i(Eu9VjYfCF6SNhv8^Ra(wlkPx zF57Fo2>$etPq*9c9vvRSzuj&(`|sY1y_bL5JA84pcX)7cc)0(k?%u)C{@$NZ_d&5J zd6q(A{-^G}+sbzCH}c>xWD-ltLeXm=eHfwuW%7C;f>v)7qI;F(#p$Kys5?)x$ zry>gQx)tID>7ip11ZXfBp$kP?r}(z8&gbPdX{`tsl!ZO?!{1+_z4rb=yNmu){qeVU z_lLr2oCE|5Vw!RZxPc@3(ZXBpH*gfiKlj^zYwtCD5|Pj+p+|}6HCo7Hp-&|g;N)LR z%8B1VD2B|5LXSk8-L4x5aS|~>CFAQJn$m#uI-PdMQ;SA)@}*Zv(?3Gf!s9g3js0K; z21e=GfQ1s%kZ?4SjN=(Wqfin)#U6Q%d`?${qxZ{e!b2j7Ks1zO#$ndl4TLV|R3JbD z(a;N)J`qTvvX*li&f<n6X*KLn2Iz9=4PHGmYr@Cm18mejOacXlMdUL|nL}DR`6rF(0m;f;CD4aDu zll2YbzMdXI8!aR>Dh)+1A1ldafvFitsGbnx@O029pclcG+|!g$t7mc@ksiWP6i^R_ zzp+Zw*SB8ITR$oOzrw+ihzAz{)%^eP@L)g7{|~!IFP`}SV?3=^t1%1MH4YT}-vO3j z7*4=uC?G2mz=wViup8ndO(Q+jB%Cwe+(peB%)@2}{-NPay`kZhsegTPy__|n`Z1Z} zWgvC+p7SYSvlG=w@~#MvDdP()ixIgTe!6TT#!>UXCg*3x%|RL6+8Y2Bzf;9aAAogn z(!YFjK0ZbL%ggcT^@q#hWOJpXh^M%R;>c4P1c)sql5>)yMFe~EG-xH$ z@q$Rg)j;@q)CQdRB$N~fVnRGlWDi*u(egO)MFUx$+~*vxL32Q;m3leyd#Kq>p1md% zLWqQZ#AqlT3Bl{=A_L@@5jT#15@J~d!LulFjr5%FQ~S&8J+#6E>(rk zelg&U2<7V`w7?;rkp&6mgzy!}CynIx!{HT7kFC-Y@WzxBpJ_DE`kRL(`G^DRW37Np zaUh5VNVv>GQt!;?fG(&s_^M}tZ~LC4D>5e7@1Ym@4?l4#Ne>;mU(T0uB5~-`aAxXt zOFo<0=6lfyl}>!=0NEN_j?d1fIVvTQib>kHNbGFHLh>bvAv&`ZvJ{MpG1>+}TV+f9 z8arsP3wBdRM95;fw%OEtJrlaMEt*YFe%~b$bbp zs&od!-9ilGLQ2)w?|Mk7rexuzw9}p*618Va??qC@V@{qbvC?}KD|zi`G!Vj4Vx_S6 z;tsbz|0tCDF6gXfSS;WXms}mT58L|(sUdS9|ThnVL`m*QgsZpS1Mcw32G^e9Q?B>fe^`rT)sGqb~tHyp(gs>Ay2|Jh5n{KDA6M zdWclb1vT5yf|m3*-OhnQ^^Eyy;Rp|h7G>l!qPCvqEenwvOaZHa0*9Ke)h;$9Hz>k# zE{gQKT;nhy8f2*FvzZ)g5)|P=w?p6c}iq8c7SLXY^fw63ziEa5S=0oO5qeTi9|#^u%{s!0${W9kr!Yg z8u`J2&XQYssQNnmba{y0(10MZ7LqLV*W0Opar^XUlKGhJIKXLS`lw#2u7eP|SO&ob z3#hm5A^oqSD_?C97BnQPLm-z`StRCc8Te`dqGg~q91*7swkK*=E!DbB$+>oM|N6m= z+C`Xu0anroNaWG+~Bw>1e;#_|Co1P} zCYl)I)(z0IwuM!@m?8$#nQ6S#w3_8ZTdHD$<_`j4&m%&df}An5Dbg4LmB3o+!Gs#a z>jJMqGc-f02;E@eBBt6)&`ymJfRzj_u=M5%6o)-O5mG6B2C88U5%Yf#NDyzysa&H- zFGfygnEL?{LP4GiU`9$Yg+3`A+aRwfq!;rc%c#t>7#YH}PHxl%Q9x%U^VG-?Ravpd zj@sN^80P;`BXdExQUrSOlJVU(H50|Rbg^8ZaJjf9T=mp;1Qt)C2_dC4M9b@din%q5 z*kwMN8i-V&e-qBo;2cff^-oTaPdw@qG-o$zW4?}o!(36JIlO`loDF~{TN0=7OoL#E zhwZXz(wK>_0}$@mFd41gm?`#xrI3U}m$g7qpHYCXNq~M(TDl#&mO-%<5e|yV53xWY zvS5*+a2MUEZ3qg{-(R6_erCH3J2R*Gndz#TbM(#FYLx1}k!4S0BjWHk=)l-NImFEow)!d zE5;rhtxJ=mX4`PG1X`GxtG2cTz8g)@>4(WBdObvn_)gA$8jjJRKN+?wP)aFe2B1>F zRxD78OCGaGX;;pcNgHf-5*23%e{_zuVia?GQyfhRmP<}dt-Ok+)h?x@^$g515YOUG zd$J+3>i+W>5@=jKtEZL1@)=Nh4Uom-=;(N0tf zpiQM&9HWH@8_tfl-u#l=2!|l7?>@mf81W1nTpnt6OTg8eSy(iRX-r5!JlJWQX$7V# z;H~O}$3nG1r=ir_Oo!)0%s0#Sjj_T+4CeltAQI3SHQbypVXKM(^lr@9(PAkin&TA# zTRQ+U@}Gu2n9qFlnXFr8lZPo62n)^dO~WTdRmTEd2RQr;Dh3PHfN+o@30KT=y9EYi zBLlu3i-BJsLXRyLO8KNyBd6AEiEfN&Rf-RE&Gxp%SwPx}deo+@v%nzGluD(KYc`a8 zu!hYfwxR$l>9V=~R0U%ih$-irjYkhPo8QTp04hfQ280_Ykyw5w?=-i(v0FjVdo;&% zR+bjvszW7IZh3%HhlS{d@y{t;;NDd4cIGQib4#JrL(S?Mk1*Gp5J^>R8tV#T5z*E= z)EufUw1~fu>6Cb~hni<>;?0S_42U5UZLUPdT#3Y--FR3KcZ;|bYOk&~NajWCfD@ZZ zPmP&$gLum{#-?Dnwpwy5a3q#Xv0KzyZ6WB*iT4?{!Bg963@6iWnfTit#72>43|6`{ z4JF|#9Q3r`&$+YoBeqco@)`*2|~NyuV(fWk@B6GP)q>nb=+I&P$~8QCIgN z!AZSoXwmF$B(zj6*g`@(X%JYT z$QZRKCuQQEPE&&b2HPkK)(D4d7u;8o_-T=tojtN(eBFvT5n{=Sby_JDhZ$)&yd~aJ znkp4d_*8uUsttrhDz&M#4DkxnKnaXHHS@g+b!hLmFVhnjoV-xqL6C_a-lYI<`V z=>pBN#wWW-t|RK;Qm)5pz-RqyZXUJ5b9}f=?o;P;T&upn@5N1UIR5~np z9wivU*4Ug%#ob93Y*`S4NJ?*+At&3QC z1TRk}mIkf4)Z+xlr%PVqGX`+1s}&Z4=?PWzS4Xey0S+xoqzK8xX-%UH=(dtVPVp~rmfuBTnoT}t_wk!s+gsmm+Ye{^V= zmST5-XnP6;4@>(4{bGu_0PH>jSd3ziyNa4sM@;V%Zwzopu}-5-UwXEIw!tQD!FV;k zC+i36b9I+Nd$nCw&E&d#w;rcE(zD>54)54w*G-2%I5KBHER;+MPkln6V}@d0XT&Xd znP-H8!YiczT7r83djF&7Kv+X!3Ehbgx&so<RIp-))|v%wzrF-*}nSEf#Oxs zY_Hj9xZ`nQ|K8h8{@!=~2C>>Kb%kyw9#Y_0Q=kp1x@bjs>~7Hjn^J};3Uo793(#X> zNIYrkCaS=AIJxX!jI?!aianyWL+x>3G&_(hN}G{$5(0+=A)Ul<5H5vY;$RR^107}bX7qYIY=ZQf(rZq@fh)BD&@qKZuZQF2hC&9HmR((`k4?SpZ-IbbU`aj4 zq^h`(9S65wc3_+6KglAJ>%TX0!={Z+JE$2M&yHgV?lStAKmoha!DXNpDos{3Ih|4u z1#G7D?8XkdCh~?5&0n2>FjXU_Jn&i4CZu@NNCjGk;39>^XRZAC3<+jEc#Mx3k_0bG zCn6zNgI67F)GAc?=jnDEAVAZqN7p2QRr#Nnz~gT6I9Ub=~q>f1NV+*VgU& z-_V-s`joMFNplhf*wg0^b0(zr?X_`iu$Rs^_J(mp+OsxlDZYq{iUI4x01_a!%qioZ zWtpmM(qOzX$Jb!(v_qE|N}(?XhUrcDQb~!XT-7GpO}_;bulmr)&!=8uI;=*`jCM62 zXpcm-GmeFN+#8U?KdDYCa3LJInEq%1qSzRf#;s9r^c??m$9>u8fIEl;f~YD>L4>6t zyVFfZQ5WC5+TJ$7ImA#+x3#W)ql z>D6Z;(dS8H;-hz1qVtG^69ptDK0}M|NU%VVaHDp7lv+e9!a4PQ5|#u=IY`HLmBHjx z!CnRgVJSJiUP@4$Cf4L&H^-7$9_j>1g(3wP*N32SEe(N0`ejG59^-Jj{`o)q3W&`!Z*pX1mpO9s9OXQyb}L@PjGNZVtJ zTt6xctN!@YLLdeBZfN*!lpTjGZKBM$U^!i;ifpFJBwDJNCgbmg6IO^%(R9THH&0e| z(HuUNSQQ|R>E`3*)lZH|{xw&GSCpg{D;zT{0A#h--aiDY1Z8m7nC!JT zYm7X$dn!0Ouymt9vA`$XhDnQd!z?3f*(w z)vUMm4vJV1#BNDFG>Dh;oZTQcl_W%Q#H$ko4E0iRk|qw#v)ZX2BUb1qu(#OVU+f+% zcH8at?p{~_d(>SZBE6yxyjXzwIzbj*HFnU)(;Li5XEo8gvlZoXiGz5dXj0KEQqpN63Z(>^3L8G^=kAv35+g)^PjW9SgNv+sa zM^AZkMm+^3g-cV_Ug_PmhS4+#Cz`&Cuj0hdXhe=4vI`5(K72M3w_Uq}0U-KYFtkMT6Vd}*0e zea#dsF|?_eq?MD2)rp#@_3N)tkxmi$7iw$K)Xpd~?fC3n?Z8wOgiIx+Ks{46RoQDA zP)Uhszfbb}wNLT?Fpipg&FARZjG$+d)5T;tRXgHE+Ps#dEf-oK+8({VNf6+a9nOpxaUp%e)gJ*BQs-w3h$QN-W#nW1mp%*z2pJTL+9N9x%3OOEe%zn|nrbM5 zk2TwYqotB=rCX~BP$@Uy=Ok@xbsgZTt`v=)?i9Ks5?+AmB8N#)i)Gl=7+!0+D<>jT z0us`E-BH&a?&v73Y(o#y7u}9dO|~ea)w&~DG^d-J_XMp^x=E`K)76r3Egely(01)E z(QwKhmNuAQ7v2uKCIP#FO`?+!pk6zAmw9K@ZF@CF%5WA_!MM@gfdGpbK>3omFMjt} zjdyPPew^mc?b?JI?yHjSZ@*x1M9Hlrp|?_!cK@3TS9LQl|=pwx`3UdAx zDogGuTTV~PbgJ@1uAp=38@L$9)wF-#9b{aTUl^qn@la@16GIlGnv71LXD#rZMxj#D z8$A*xu8dTQYGE^2vpC|ve< zFGZw~$H&u_0%3?wl;|1%Oz-&$x5BR}B*T9E9Wi>qEirnKJ+W9`{}1t`*%lX?DAW+w z1YFNN!C64YWU89XTPc2T1B_y-uAng>Q$4lfOkoyk6qp zB%p(_8(H&oDWnbE%;dy#65-eYKyYZ%tghWmNFy=UW)j(HWQ3Cq0qN9}Cy=PZ_Os?B zS@W=gD_J=mwIf z0oEEFJAFD>{k_5=omIhlYsI`FxoIkCN)x@!gztcc^ue3fKHSG;>SiwoaMruNSD+o2 zj7cMI$jwu%dhb?DzNIT-KFf?=3pHD?ZNR>-rt8&Tp7oE9$HU3wc{5*d_3A~zTS*s$ zE#<4dAG@O9v-WXs$vG$37q5;AiUb7vgtu&Pid%w&t1QNP0t}js0tzuXlKC?1c!GAo z=Ec0vPElgY0&(1&?m{E3m()fwaSMMZlmY_` z_xH7Q$mOf@K4YYF(;`^8+7q={_GMF|qF;aA(D-sm{g#fre6`p8D%4xNDooHqOQ&ys zH=_8*7g7Va1v zrs3q=b$MLD_AcQwvAH?3htO4Xygq$EVV~N(-c5MCk=MJ0zY|_x$p0*!wPnD>CJuI_ zK%o#w&H_@|lZ#nO8jbr(gWr>)k}?idzS`m}A&pz{@q~S9t&jMc;c*NCjZF&ak`>~H zJ$)Z5Bttf3!ZxF86iGc!BwxqUt_4@HyxJ=w)lA6+zI}DjEhK77^Ch26sGGBdizuNi zXsvKj)&^As<7*4&PgjG<=xRK?I2jH4m!tEutHJr%o6*~=ia-AcqRD~@LuG0M}KdO2Ns;NcQnLuK5&*x@)cB)#c*;3-T7@vRo`Rd*I zcx zW#;OElN^09T_J+w;hXVr^6pz>$jOuwG2e=96fQF@t19>ikzS{$W~ZQLE7cDjj^E;p z$yPSY<(6$_VHD5J))Kp{y@z0!DIuQ9C|+Nbr>bpaqxJ4#el(V<6a|Y;HcPteCs52; zQ}<8TQUi*`_g!}x1tsQEMlBm${HkZO$7V{I69&kE1+HF%m+e^WX3BR!wC{izgF^WzeuK#Ai^rh5OZ|8{tM)gO=hKbP>YFJD|b`^9E!L{0U--6r}4{cFi& zZscga1#l4RP=3OQ&xLw`Gy+drqlR&{c8JRJ1LS9;fcaXv2LHm>TFX&sUiRbpSn zFU!^o;4vAFKaK`fhRh-dzRaZoIV@^RGc^ov$LAj|%K2PEdNyM?`UOe$Um|O#$Tsr+ z$H~>;U*vRf7s%zf ze>PF0rRMGOd~klUalmqEq1_dc(~Dxm%j5)>Vuke_QkYlZI(mC`c78lmBz1K;JiR#S zUslkT!8V&P%^q>c*zCoAwep zP)j^~G}BTWJChTx5}EW+W@~I7Ig3;*vbL2b$(&(R)k8&XY_{{J+PWhN(RWU;e;x*F=kBR2*spPFe!tB{a^792eQ&Z1`Ur={5~x;L z>gKWdd@yer%wAIVFebuMv#nKNKI;9+Mpq6ZJ#&E5iKDr<0KCDALxbG3i5?F>jxQ9@ z(V5+Gl*p_i`*|UHmnV}=YB-Lfjtr{3Rt&VC`j>-uSC!7~m9d{28yHQlPKN#C;U!JT(_cP28wJVMLscnYzOlDUZss=4K^-XD9>;HLvmTsm@UQ#kLGnMA<^L2^n{po@ z{pZH~zc0JF{GTrl51;aXKE~rFbVz4tNm4ruCL?`TcJCY`Wl1m|DDwq!oHt5N<=nI) zao&N5`J-^k&O=ZF9PX||tnIax?)9;mdmGRL#y&y=QvuuW0-ZMX<=%XtWc`<(@_Wnp_>G3MewIg*(Gimc3nxSt zW_^5crQosCJ3eG`$Bh{laTHY!&~~X6H$hA1RIHmYFs_`H)wwbCulnUJH4LCWN>-klM7!}#aadp{J`U}Koa8_I?JiOTsqUBwhEN*;LUu!Bt@ z2lo#*c&Jc=ZGud!E@|A*(uVXzZ7euF_nfQ2vIkJu_mw&_`FV2HKRz9uHUF6^fP;YD zTv*^k;o-o&Pc|v|I}d^R+JPUX@f1&yAK7-6A-(N&I?kkjUS2C5S{vz(sUnw76f9>n z6tM$HTVZ2&1#0rI?i?`Uh=sz6{ZCgP&rd#_4kuR^ia1IEx!!UMd}~*SPVXo#2tQLB zy0U<1LyF_k$NuH;>h%1>S%qUl^IpT{Q}H>M)8LW9V}R8zaENDQK|(o!^TAS~kS&-C z6DwKB)g)K72tQc=Q}pig@?wH)2xq&QN4p(g9$Pc6><=IRakuD!uO2?|6s7fDMrqjy zhx#3?B zKn1DNC%1>1+k*R=1eH5#gX^vHHGp`$IgSc^%C?Nksyp&IN4l*euf9h3S0*mU%+mP$ zd~>WD6dueuW2s|6I1E!SH^cz_;exEbak%K^`NjFk`P-jsG!F?RY;J$kT*v+%)N-)> z!$p*Rr2xs|kR&+E**X{rEIN-JhE&n${Q{7xM#iC4$yrc$Y%`MYv_Z+FDje zuhr{2EBaq4&dUt@z3MzfA;6e2Ls3=A1d_~7L7O$^` zB=L_kDkR5u%J^#>mkfkDiGOX;ubaAWr-fRr1@p-(7%|;!CQlTUF$~#sQ?!yh=U?S$ z94bW2Z_#kdS}-lGm9{gz%9xo{NyCs@w$J)79?SWwhdu$hW7a;CfUEpG<^6}(L)a=l z;3YZ_VVm15XH#Qd9a-oWy}Qibd{vK=TVq4qSh1I1VdR{kEkoeK!(sSn$Ii$(cSiR) zc)nkn(aPIL6Q4@OkZR{{2Fa;iG3)TC+KEK}0GAAGWGGtIf8r=xa}@Nu)iGcD;qDx-!t$ofHVU zjz|w31LJ3Wea;6E=#j&%SeLjzS~bjzby2Jo?+<|KHnP4h&PB5QKB#5|eFl&Gw5HU! zs+Mya-zLy$U9S>!RxR8FxXs+z509I0=5FT5dm18Z8X+q? zSW!1;bgZyKK628fE%oB3+&)!s3SwOzGOthFCl&vXqo~CR_7|kR@E@*?4f#Lz4_+K) z;{Ol#51#UWJj&B(?ChWmPGD;&sM0JOdu^lzJi zXo54Ik@l>ePJq*V-bO#OCGv2Hyg6fnARMj%Fr4Fq+0nMLi>{XvE%0Z8#F7)$3J&Nj zRDY;~Le)xe@|T>3Gx%~dX92M&X$I5ScRHfiC)D+m9M;;OvWaMz#sldHVISdZwjymb z!HXy$=pPyi_=^4W*<8v<^g5jxmGkAb4jmvtkczeGTnFsBv%oa$2!J6v8b-$f^}G#C z;P2*CeW5nz*95UC2wB7;{I4ZxHxAlpWQJUAOwlR$+iS)8@1~2E77m4N~q4TX$v#p#^Q!{djGE{$*p{4-~4s|SP&^`IMdCyb}#J2?H=o)-)(6p z`sXO1Lh4!3VtdH}%Xq2Hl{9gx$FQ4T9V?3#Ip#27pqWI^2`^WZP!zaSyG}2b}K6*!jg;{7IV%Y5hOO zV-AN*0JECM})w9-PlnIpi_T+FZMI*|KO;*|Fr%e<1rGIWHog-TY$avXR=0^llTgkU8FCGK^P7CXr%2;+9U*U zoO%s&1Q0q2SO}NKCe;=sm`>;{BtDp`>^VTjHO(f%l7VP@O8ancOmLt%wE0HyAh4{f zO5iV0QYqqeg(Z1U)=)=PvU%npj9Twk(r2YI5Cz%KigkyYxz8Z$n%i%<-C<#nbaS!m z@!rtBHUidc+olThOu8}mAfu#H3R^d*d?z6ZHKzjR)M9bJZsp-^*Qq62py94k@GjF_rl2F<=ekgSQSo5`P z97?~nlSEi6&*njC2h78Psg{AHDbIK=-HE3mRJl%zuQ4d1{mf}_YW1iWGo9ZtL&l2C zi~0YS^4}(S-O3oSN&i3S9%beK{)?ykKOW_Iko^C}_a@b0ej4_dFGxlKde&A#ShU{; z>>5Eb;f{0pS@U_jFEnPTjebEUb>se{ADREIp6%9uYN8>BY#lzZVg2vz?`7Bj;mem# z>;F-nyfiDj0#dVvyJzaJ$3ANEjctr7A8Fo%P zsx{8pq}V1KcI{^Bq?}H4ns2=t{&>&b`G0*Ca0CB8=)TC>e-FDayHEW8F`oMTzbFa3 zNfZw?7Nqu7F?V5qW|wSkzYsmNS10d!Z5*~sz`g~Sy-Ozcg5-8Z8N*ws_>etuO8qML zF>gpu-4AYX$^-uCp5|2VfImqsxCj;&J~ zEYTNgU&3ajzk9!0=#$%B^cU@&T=R~#7D`{4R(%1F4QSI5Y}9WzO>>!x*9sD_N1QG& zUw;^%R5xMDRo?ZZo6KMEbB(>v%g8oiis_d_Tevt0eq<+7&y=31)ULc7XXAu!;`46T z$V+CtSwt$%)WzCZ?lPrXBvE<=(-ve=3ZsRV9G2Ui?qe#OBdZjvJ-#jFmETbVl$M>C zN(u@MbtXW~3{}lV(LE&(+w{hs7Uo`{)3_$#vZ%^mygBhct9g}dA|ZIwF3E}Dc zVQyr3R8em|NM&qo0PMZ{a^p7AD87HID(`@jzp5SQXHl{}Gnv(IojQtaXY|FEU6M1C zoYa;FA|VNDir@mEZ0$}S=)A^xvQuaPBuJ6E*>g!gb1x&4K%>#!Xfzs)hA(I%X7_{( z$vA0tr-Q(<&^vnRwb0+y zkH2}Xzm`_xBqUf6(^w|HH5}7-7TWx%hT}N>^T_*~cUTLE@Hvg8ZZE?QkbTi*k;F72 z9I2OhLQpS~gpaXL_EEs;oN)A0G9o-8k_bd2NhTbK=hYCpnNop#HGmL}{4fcKKx9t% zLQZKkL7e<6p_~LrG8A(*rwT7Lrx@DC0^KX3VS#X-Y6g{Vh=uUbUu#pQIz5##7VTzp zLgh3Wc|Myp0}_VK{CKWWUv<WO2`U zAlkJC@&&CmkkH7~6yx5lXSKhtvl) z)aH41f9cWn^*;suKgVH0#1l^dtM&i!(aYnPMg9Ns_~=>xe~xFbwpZIjT^27molGVA zzyAjvwT@biqt?-}R^z?M_YmWVN`XW&5;UNgQzAUn2}3kcwFDXvLHL{m9)P=`K8XYg zP!a`%BRM6g6Jvi$?3V*%lm|NUTIhu;P&c3I`~QD!4=q@NW_W=jCQ%{?l1jIZX-E)x z@JXyREb`eb4k?a&g6^rDLNf-4SKC9s8W3!x)DXhRXYm5Dv0DydS=&SKD3#N0Ht+B6 zJq);dj8B@OE+?87z3y3mc-A=bTD3j&a}*LGGL=4BSS>UP2@3JOA{d@J97Yht9A!JgDuV_r069S3lpN z_npC@)4%DR4bjyAb+7uTy_?=ue~7NmQK$ba`l;7HJwSxYDdC7b#9ZO8xTMo7fOr(^1)5J!_l&59E?Cp=P94WmhI51o=RPC}_av{9c$q~=1c=ar$SrW`W!)$~)Z?V-AvTR3J5@snOR2^xZ>M;B zcW;EUXat=!jI{#b(vtI+-b?SOhB6~;lj?5a`LXvJAczRZV#=i41cF<5{@ObR2%HG| z?@emkg7ZV~Z>AuTgdJR*tp%}_p z7%C)N-eJpY)eOfjU5;^*T5B1<)xQnhP5qTYPrn2F=93(qT^X6PFqx4FXGxr=@1gh7 zYbhSHVCFVt{+=ItZvgg;NE~2^Igy-_B^k7z8`<~yq4!#k&mri=1yZ(fNTibJF`b}* zauj1ZRYUG95(!sB2unLM#&iPamDUqfAf<{)BoP!*f1A2x+R8N51u&Wy_nYVs!!0G%T;i{%1ltO(I)jzbD6WrpQ}0v@?7+|w`wRfpAzYL00Ly*lrrSP{jU zBi>cb5$_zT@1e5?Jc~opuI+)|QnWJUQ;4>~hB!KGw_57IM}KRN$L*JI+J76jUz3B1 z_q7TxHHq|_W4{5IHpcKpG1U&cj_(s8+Nx{pUMR*0BZoK$s3Ip05s8$z3Ly2A38^b7 zocrfPq(_bL&<{*bk)Y8eB&c_-0DxJbCJ&K}A|esyp!{iIL3$;`d+^{t&4&lYAM;lQ zEeqXHJ%dT&ItjyT7E*uFM*3gXwSY)vU_=B_O>QXbh*zA1AqmvvrDhj~lrgXDto%IW zEn5YOWu5RIFGSn?3$U_AV8-l?`%GTz0oq1aQMf3SQg~5`0!9RgD-Joq!NQ8ImP*BG z0N2+V2L35&u583F5ywSIQE!GHuG5+Fo#yN{;e8g6cB-NR7cxl23_s9WGDA@^8xgJ~ z!$^fzR+%zKK8{eFj6y0>HDEi`8ykpJpnnt2Q1=QA-*zr8P(Xa88m84@Dc1NcBXh z#$?g7W)TeB8A~FmCK%#N#ut_#ng`gI0%1|YYgM(=y+AKaTl)t}Y@uV?v^Ulnju7S? zFYHW4BP58=iCQCFJJ=Y$WtA1N@0n4@dTgP?ee`ogAJ9zE`$hkJI6vOkdU9VOG=Hg3 z68g)_eY*;Cz9`irl33|Mz5LPN#8iD?QMjlW)w!12Mtd<|;!xwFCEhk@G`nb{dh5II zzN;Ugy7{N|-K$siJjNIpr6Fc-4v-)*;aF-3R<=DZ0pDr2uip312LG!)c>l{mr``T> zaP{*w{H2=9KJy0|`3u$bRjl=S8%ds!W%<%5*HRHOf2+9}?3~VZPt7lFRWG&96+zW_ zv6Hh}JDbsRm-#l$z^Nc{M-6EpgPJSGoM^BmO6*PR&2g=O4ZJf`sj(Q1$SGsV8U5+X zGsYax)LbBHP9-oev%kA)bQIQxsdme+DBMP376?7p#356&4uDm)9apdMID7DIl^#GX zC{m`%(K4<_+CR7N%nQ|j zv$}Uz1B(9&vR0fy8=b+A<|!30CzQ81CRirmST7-ud5d7YS(UsR&2H><2 zMuh`pJI0lvu_eovK%~sto>R-P3Ow4JL1v^m`~mfD3M)A7@YDZ-g%ii&A~lJyv8QmV z0xSlioKo4?Uxib#d0$ZV3S=PlR#b|PDdDip*4d2blV8WIlc_2 z!14-s1=0d@OWCbGD3`|bvW7ysFf#5I#d)Rcjm^3Znfxj7@6_;QV++)0kzPBNgIyxf z_8_*$1=jRkHEdW^Y`jA9``Qi|GxL75KuJU;dLa&G2UE+p%vgKf z5(ntj>;N53%kh8R(jCk2RBy~6aU5J_bEH!MDh#r}cbE^|=GI7%Q*@W%RZ=}2StSm< zwWF*IUSWW30Cr2kavJTjNRkI>65yt&mO3d!hRs*G4W*^)%$GdPf3u3r2ffSyhNdO zoyh^(txsl;#PvFW3Q!88%;x}wQysPCIvpVEO*O)waG_pA#qRWF%CvWSjpa1&5wW{D zdMAfUgC7k@1Yv$0y&&Gi)7ua;>`!S#8ZzoVm}OVhpK0$0A1|o1l=)Nm#P$ zUniV1UOzzfd(5MH6aJymM7^QWn5lmQGD_fuE?cs5t4q{EHn~vkWN(%c(c9`}nB1KG za#Kf)qxydjuli-p==UL;oCA>bO--463Y;=ZXE0Oc_S^Nue1Oi?GC^th0l~q0P9?dD zeDa>k>G|+x5tG_j{K#1n+vt?4VitQ*65zpE5(S8jb<~$w2uWt@{qc{~#B7+bwHb{d zW+jUXfNs`68as((0|n`7JU&n14C%j#!(w}^r;B6kQ@KDl9D`x5BXdbR`y$O3)p*t* zjoeN0`Js3863Bx`Yz~%jw&9f%^BI=Z$6>gzA_|~b7-Yf0!mF9FXmQX|Z{|<5v;az- zdPS7i44`!UtOl?&s8$y*-}K0Dd8l$R3&Yf>-$vb3Elt@yVq;07G}O%vx`lee4e~SL zVZJnh%0Y@)>3ZRCc5pO1IG!DNo_BEA(*M40%@C1(SqEOtAbd1K7G6P2r;a#sSPF}Zi1vLxQI{su; z%)C=W>6nwOSGjNEj>a9gX%@Z1Aq{{^CqR;t)*E_8Yk;3doHU(4uH2VqS#b!#E$b2s zE)=OCWbp*HAB@=N3e!oH#&d;4h-(%Ii>O&@Zp=3)c()mc$%ICtSxr>+>GmsSuj+Ol zErJ8Wtq$Mc{6G{3D4h)j5-t!p~2p6Hb=WX%ycVdR=dBP?{B=G_~S9(ek;`TOs+|NN(6 ze9%irtf&~~ZJwcpS4Ry~m5vel7xHwpxmU1}Jc|z?uc{zqDk%(KsG6$mh=x>BBD|ln zlgr*E{--jY59|Br#e|?2lGE8R8IS1$s{eoWRTXK(_&%y1y{zw>M%AMlF5p3;Ani!m z?=Q{&%JHAg)sH?6yn6h*!OTEr;O8o>yQ<57IJ>LJzhKs_4>Pka7@8lBHHM;y3ZI7Xyn4L z|HH)3*i;zkw>rQT=F6P$5xkucsXb8ApQ;}r6;eB%LL!O!mBazozjVkFKq#P4)*hLY zNG`Q!;inB6pt*)(__$#^uss4F%yd1);wQ4O^E|5S)o~rUQ@UdZ7&mKf`Zp7CkxEO* zXNba79EuIA{==Enb2B{ru|cPmK~04uku`X=_ z9UXHrD_ug?0@}_2@8unpk}j!l`n-y*mIlSw4_19`3W;U1M2l?PEwN*1Ag??5Az>dWZ3UQ|? z+ZQx52sfd?9vYF5-NPcq9K(5x`Ll)6a9b`ppRmzzccS4p8SifJyeoEP9A6n|Up-?w z)%3(z&G<}-7q}BIOL^rq^i*h8FwS6B#ArhWp*I+2cqb}sVz0U57Jlas*elWM4toXH zXiiFAm=u#+c~rf9R9A9SFVz(rjZ$mFYv6R370hb0cpLp)Xtty}j#D1yKo~g^73Ob2 z$CmpHexOl6qsb?99f)M~PvT4CJt%dPDAYG}k8I{3;VdKrGFDA4dr3BK%Q9gFMRKl~ zQ#gFDX80UA75jFg+-7|hG4T~h;e-Vvox2V84%4mM4cj!sGnD8>i54%M{zo5?WJ7&w z;3LA4QM8W^ovnj0rXi|lX*@OnnI*=-QsF7lp)XkdcqtJwvcm#3Tch?bC-;WFT+BdtjU+sNV5gC zvp6(_tcd9C9mU;}j=G`cDBTSz2AromMC?~Q3)jN=h$0#VB$DV2a(0+9;;lr<4dYHr z7s7AXBjiHK@OfR0kH~4K{uT@ygUPwbxD~UY6G_@x`hZf2Jx$c;F|m>~n)F~Z-@HD1 zAbye^i?vTfi&c>^*#pD>Onb=l^5X(AvDbK(h7;tUEXuPNl@@T1oRl@N5!LJ?SlL+*|B)0a_%&~$wDYsa`}3*=C7|#KTYdaqkGW?tq-p|-A{}H%=}Jyy#%~e zx=NHYM=<}6$VNbmLk@CrnUicz_+2TGs(_{yAlFvO&7&({l??2F%nPI1okjvOH^cdc zV_(@PzyA(^?2;qaOAV>N){$43tctTjDQcEDHZkkAssXa*o4V^2L|XDwsR$e0*DzTW zPyXvg=k#=NHXQEPmkZ8MUX{Gn@p26tFjrDSAE#=_DJM7(Cx^$al0uw_MdY6xwnWKC zNoRy5QdP};u2fH^7i9x8FZyZZ>E{_>n|N8kFSKU<%K2HK!rHkkb2!;&V~MpXW7Z0+ zE%*nO*FT^*Szk=~->ELoV$yfvzZ=rN-l}m5e&{A~9J> zZ2E7LN5ve>hRL~f5n0SfhkpNk4PHq?gGNZAiJYDsmg&b`m9JeXj)h#r}i+fxBt`)+%tf@K>V1chr5hCu>zdRn!U) zMnjt~5xf^#d6#PVY}-ATdhoLh@Godk><|=?tGH8WfZMZtQqgV4Lhe?E^&=r){AtF* zA5bKAUbC;+KHfkwR&FBaJ6OK0y_I;RHvkT@%zc$Boh*;u*P$c}>afbzDlEp!Odd`o zU!95+;)e( z+rioOMX%er>0R}2yI1}5-jBDZy+H-+jl6Vg;h*;|s$IEuYpLW2qGum)~`@i|Ah(C@6)p z-ZosigzJd}A8z7^f;RdM)hn*^s-u6b;_`;uCoU<^`kfyx&Tel8oo=uHW4T=9JV(X7 zmXGLP36rD<|4~~sB%04L7x|qU*q~hAs;Lkaw~u=2yBYM(-kl9@&-$m=SH1qtW@F$s zrTu3d4XI(91$Jy9*UmN3#(Syne&Qr%LMfTWvP_$TpGc6M1P{*wyrTebC$`m==BF79 zMN9MY>a@b5tOyFpSJzjquCPm8j;2?lR*_G`yuNyWHW=Pq4bE=Qez`dt^g9=~oo=^s zHguZE-vYO~ng03kw$r_+09tpTntPB+X7&oSjmdu9xp}+knxLuw*%JPsb2;3qnY9^D zHW}q5;X7sMo?c${Z}q4@T~FjfxKEMRTgL}w)i_)?`(Jltae)3y?;N#H*2UW_K}u0D zW`|gr`KE4L+Jr`(!JzZ2Vru`ad((T@yZQC@`s(81cF?)07*&dJFGL(tiRve|t$pwI zaEWfHT4_~&*zR?Cm#)>%L4~?n=DWGWtBUPA_^ir>W;?&ta`y@g^P96@Zf>s!XXm|N z*6OA$y(I3s!kLyg#_q|mT1IE(8H-2B(qk6zYZ<=LB7T{uZ_hdxH*aq*ull{4tHI_9 zZEeeCvcCPW`|-+|7*5ZA__@Ngs+TQ(GfSiM^Uc-m;Ogi8>Fw3|Ie43fzYcHCE^mju z|Gh#B+1{?nmAGcp_e*)EwsA>)CSR91?%7^iW0X<=ZZAHie7X1rnCbVIIL?!NWjK5Z zpiQW&kA&yj(eGBqaw{NTI+M-wv&&PR|4C4DJ;h_wKdsCEcKG_$>tg<=!=vZ?Z=dCP z&j0kB|LKe7f6AXaZKmmP?43=R?l2fb*_uA)nQk*`T_ zT*!v);FE8n;iJIP%D*N8-0Yek6LP9 zT>W@^arW-)BEN#RS2mSG~X0OV*pUNC#GOEpim)oTO42i;ECH1HjVapJ9NDc-- z9+4Joss0WL!PfFSh=g^Xn=y7yxsdOvoW5m3_K7qFr~0pZ#_v+^yM5og?&jVtXS~`p zVD9O%UD+AR#17?m*t5wkhquArxrC^Alp66T2guRo1l*^&9;$)Z2Ognykf?)lu)=I5Tif@4oRpL)`_5;q^Ixzjs} zSC}!?=b4<AoFYUEQqf4rfem2K46gdRGH_ z{TPt5cm)=p;ym7Y7mo4_Z_j%dH)jK#iK3cV1tB}{UNbJmISpaa9hRKmEIG4bu4^|s zt^2lfjY>~=Ri7NxT36Mq5T)hw5XJj)o}iK3)#Oeq>yJ_W=?)VW$B$gR-p}yaSN4C9m3qtq@ksoh%=xmD(?Bd%tf{76_tm3S0FWILIcWs`nH(5ZVmKBGY3L0V$w#ZFfA~?xZ+(1 z$f$5Z7CZTPv^JZ^H^s7Ko__)qt0(}J+QW^ z6~;lr=kq_GKgxeF_khF?PhaAiMJG<;EBPU3FDZFBboxW0mFj~d{ZlD=s zpP(1rVQ=4VhRZ2VZ6|?*P8t9p(|eoD5gBvHBE>Kf>O+c}gMlppeo#+Qd~Xk3a{?Bd zppppnuHkljZcb8te}WFZqhs_!5Q2UaHiv=zp0Nc|fEnI^u{>)8%ok1gzclSjbI)8n zBpNsh8g5X+{=Py11mjr!>W$&NRvh9;nU0Ad_Mnks>p2~9g1S>2MI?kHM?=K{#!>&> zC28JtuhZY>z$VFj79Jo@#tH(nux|5!j13EC5pETP+aZxCiJ?v1L@%O}V#)Z@ch#Ev zS!j=&&{z9=aCXec5p<=0KD6sWFo;!r`Fa(%mmT-`s?=5rgaU?BsVooe}B+$(%&}tf16hI>3aA}u6CH|cjb2%joggJqx z?4ZTb0xBW6ieE{>1&xvi6k$o{1f^EA5_XqeswAxZRd1~CQw=_A66K;yc@jxFBN`8? z5LECIK>{OtdNifi%^0ygKmtoD#tR^d-gnLl718Ol2m*FeFBT;N`WuijjTDt4bjtiY z!WA=^%-=a_P!tFD=6<6hghpDyQFPK^Fp5~zFs+5mw*t~g1qAD?s0)^GgO&zea&Z6OF_m%S8F9DB&c# zOs~uf>Dd8liN2vqG*aI(!H}Q(u zh3fm+Y~oKD69m+z0-YYPP215*eTMHc9gIUdfmsz!;^LW88U=|Snp1@!3kh;b<$Y5- za{8jzw@^876P22UZCz=m94_e%jd;Z7#6v?oi$i5t03Zk(*woT%jzTtS&M=Ld0-%Vd zhSGF^?R($As_pxs#&nhlsU{<394=ylSd9ObC?#;5_R1Pd=J2DL2v|e}8gn*7znRuH z##3@a3V1rlE0szJ1Hus&2uFxKKpBg+ooLN;tPf2u&l{L52 z>y*^Ot}S$@)x0UEgz}V#rV$1IBf3sGRQ-HJr$qRig4$V8?kS#+XkZ<+s#%S3S-Ed& z9~+xIo0WQ+=i`RWD&$d`S7s$OPQexvj)A2rqHtZ!T`1pY>CbvVM#-dJMR}Cvx7h*t z@w%FiMgG5sSN&4lHS&c_{A-ZMK|qbQLn3V?E5)OXTLXZNT|@H#DU}=&)VoGz%M}Kp zNJbIShVdMSG)SQpkVoa1TjZBEW>z9^N*h(7cRCdI*2I4N^AY_@M2dXTRa(y@U)<0x z2WUP@h61ITW;7y*YMrKo@x|26191|n#Z$~FgLN}pHfIflbg|-XhJ0__XY!g8K_Z!F z0w8a%T3AgDOL;d-NCRD84STOVsIJhy#VWT7wd)mVru^B<2%h z7BVQXPG7IkmMb=`@4owPh0IsPtyUm^KPBl}-3(kqbG4R+s^fIko`HsbDNA7elSBR- zl1#2d-o_?oKf6Gi66B*~Hd1TWF*5csj8G?0dqColEtG}40ixx|J7RORqFe#_rF*@X zk=I5Nm>f6=bSfQ!{i(e)+_P-q z3E%=smkAcwrlhZAfdW*5e-U|31pPPRON3uVc~fUIsv99A4>69w!CFH7T`6B4RlFK` zgHPc~!ACqfcq&xJM2ba;(k`a8Qi zB}Qo;c^#;N{V9z|g9i07}ihS~(%IW#=W)YJQOCn!UuwG(ZF5iN0q1;$mSN6FTcev1Ai#+UQtu?teqx=@e zLGJkUAU$AR0C=M}@Ni@nf8gfy6Cv5mIhDN&vMZ4fVCQR^j4F_~ThOZkrpPa>`rf48 zqmjQ*>j7EXBp|=;MkJKelx8VyrccQb2gfHHk3sM2dg}f0kJJnhs;kXtL}$qiIXm-k zplK!Y>ojHIqJw1}4^YmuazC{T5bJn0wUFf4zf%*^(^4KH+qOVHW?|UN%t-^KYqzS= zl-(mXmc~zR7kpFV-)T3LKgH361X;fxgZ!&mb-8b9-_*YCU)`LwzeV5F8t8|GbtoU? z+yp+31j2JnL!di&2ylR7uvowu4Nfm5MaGa()n}P=J{Jz+q*Db*Qzj&M@AbaNhZ1A! zgLQeM-YMb)2U=r5h=5YRa5cA{WJU`Ig0^@*c&Im4%EsUf@iCzSvq%vp!7{cQPmBUO z9uux?ON*)|j|0x+_k|3)8RcMqx|4O#p=lzF&(V#mJ%4*WZ8eiX2pGiW6iF#FUE0-m0MHhk{M^!2{{IVMawOZK4Wi)KDEU`$&l912te5 z5Ts$oI83D+jX5Pz5H1c74*r=4ZS@%IRH0a~w6X6)ipWX0@X&eI)B!Z);|RQLABrL) z8TxSdMrhgj;D`f!fj-(Ez$+bDWt{>d@uvt20MWQ-{EqO$#^K+Nyu;UTyhHEk12Ff6 z-8J7g%E@&t>(~%oLLemx(0e6)Fj=#7cg?A!-Gj_j!U6(fi~;CK7J}_M8-J1(=fv4) zqY-lV{SfSeX`#M_W(;b#DYS3jcLx1l|Hp6J=m#mAN< z5{3(e?-deeyDDZ13iV{nq6t&938?Us zEPXW6Nk_#2`X{3iQt*Z$_V2V&=Amv#{X6vA+jNsrM-h18q6y`06%mM#`&y;KZ;cj> z=2Yqsk~GRD6bym)LJ=60SRxRM&~HCd`8FA?+QyviD+++?3s$SP4(bV!tlR*dHK{5h z_AM*A%9@~~L;+H--kZHwAnBNpV5A73h~uXvStLBW-#n&K05+9|t4MBDNLqm$pcum0 z6~GXUIe}5cVggCUp{A+`S`4G>frl<3>kpBbhM-S>>pHEY9}^moP%Q#B4CjDAA`!mg$BN#@a!*YeP{?l=TRnk4Q!Y*43p p;B^z8e2_Xq$dJhU<~hLp`FVbxpFi01{{jF2|NpdJ;-dfn0RW9|WpDrh literal 0 HcmV?d00001 diff --git a/assets/dell/csi-unity-2.9.1.tgz b/assets/dell/csi-unity-2.9.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..423a9f5f61a4d40993032ab8c7f8ce44ae9b9355 GIT binary patch literal 9666 zcmV;zB|X|7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBzZyPt#`28)Q-(esh&^SNu%649^kI)owZKpNrH&{;EA~-no zE+w&EE%!*S9bKI7{=*E(ebeg2j+3^}<2_ts?UFOY;mmM`9Fmb1L7oaT?d^`4GU1d> zl7Bq#v$?ss`SSU5`ge14v-$7V_Oq>jY(0PRa_jlCXV0t;J%YvxH59 zludXa_IQ%O?%)94plG#LxXLeiaLtt#GVQ~+KfHpiaQk_<3E$%%{}XP0+geTWgfq<@ z9+KP+%fwp`=z6=uvaI;I9sWU6~ptQm$ZNq+%lu2dUv| z$RfTDu@cu@!7uqGS1C7KgGdb@DPmaI0XQEE4H0S%h%`#_m}}tITusebq$5!LKe(EOa4i_&W*TmgQA`6XIQ84PCuBEaT8Hp$M?^^X*qBWBdp*|+0b$jlVrewy z3VFk{=0^7tIg+{;^CStgbkw=x(;KN`-R}etY0(KlTlgL9g0~BMV8Vps4plEZcmHU& zV}BI}q@!i7B2EQ8ts`N^`DGZ%3DMIl3!7=i`@pg+5fO2-b6xMVKU*>Wk36OQzh+6! z^_Lg`7Tf>r=UdOWoA&?N%a@P#|7$#JYw*i=gWlfR!Q1^a*f~ExJNWU<`Tn4@Hs|Sd z)}T;T_Xo%!7_@{|hF~ZX-dTfVY0z9qNTop|nT~j+SZ59PKd?!ba1DLvUX$8)VFS9U z7>!Lb?Up9Nf9-U{gpD{2Rcp|-=D7RYUY3+=TQF^`zi9ROwwL$lil#YaLLH4U%6(`baX7zNJ25~QN!_4Dv~ zxZQzrAXue(wea<`@FhXeDa-U&8nX(7YT@gb;WL7uxEB9irM544y%qkCt4S5u3UyN% z^T2X9D617r9dnkL@kFM=$Q7XR4~DChC4sFMxQYSxrIJa4L~e##o8e~1_1ICh$1)jD zP?UTxyWiJa;dkK{3iY8J9rA0QfY4TEj0DXMiA^F$BOK2YDnQciWhv~e!A_FM8y-9H z??aa>B~^C=x;IRv-5&iT(h9z>n#mW5ffJ&QuqNjXB&4cQ{I_r2C<*C^)yeC zQ<;cp+6VhDQWFd+4u;3loLWBj;UrC_jY3G3Fc3?w$6RdIJ_IAlpi<_$6)iQyE`qf5BKHV?%JVxb^oW{i;cQ=Kcczsz{H48@3sd$QLk z7fzahir{Zox2+c)s$BxJCsZGL*G%;iaoKa9kg%ctNy$9(6z@4h?fNlKW3G}Z_SCgZ z@(Bl>XPHz++u;H~$Q$%N$07rk#*m>P=yJ^AzTzbxN`?Pmoe9bnkJ~#O;Ec2QS0xNT zNhAKNFyq&Qb8<%u><;KW+}e+35~aa4W~dPeve6DlG2z0BC7Iu9U{S=iK9U$IIMLK~ zibAURS|q$r9qJ;F37etaQZiVwwyKG=Ve=2P^|wBf0FYo!arLG4DAxRoAllt@Pl=$OS9X>l!+ zPQ~Xz#v%lsvde_Web}czdV50Szl9-j#bL;q$rX3Cn&!a11uzQ9urTL=cp_45SdvuT zFYjTj7m$W5(Yz1wVsf6u)+=5CWIL;%WB}6MafK01OMe+jp*D@CBzn|WatO?KSV4hq z=TzBwi)d=1_x@+6;&QImfBZwnQnK^+@4y)tMGrb!9;)}|fLpoe)@l~Y50mr~G`+<} zL^4GWTA;gEw^?K>tPObW0v)taMxxQ>i5LlNjFF)76de*qpf?J~1SYvQFlN^rIE%&v z$PFDLjmeda;fhZKY6)aapc&PWuuGme#D^TKGYyvsORs2jk|{Do0kR0u=vJ#RVKh!P zz%Q^8HC|D_fNvV8~rp23f*Vz6uSs3Pg$>9m-*?kfP>L=Y3);I(h@i_VbkUy3z}JMdV}(H&R`3 zRq5LH{;Cr71-mOi5$Z#CaShvN03b6Y3bn1fkB+)7zVP9YN2U+mW4Zr6Ta!#VWjG^l5wBstWsf;mpIif+Agien8V)j zz(?V3G&r^+lDZa=^Er2u9M$TzP}-pD{j=2Om>Ud(u!7=NXJQ_c-yOS#AZQm;)Tibw z)KeeHUvGsk>+>yk)M|lq!*q=r3+W)G2@xhz&=F6W5>nHgpwciAqp^XM+qs@%g0h5O z@FiSe-iktf=+5EBLuuYy7f%(cmuoh3h%={IdnOY-ih?*SY6RD;_rnuI*`chb8p|8F)j+7hpw1Yfl*Gwd6GastscLztL z5NBMAMDR44(kP84e9x|w(JYi7hM3~sXhWTBIUFV;<>B>*VZuL19lDj9kkSw$Ik~UP zTEkL6w~IGl28nM9O~`#26c+T?XoS!r`BFF>><4Z}$FAH>B>n_uj1rf*;kvWt9Z#CV zb`m*cB0*o|4|!=Pc2jA@aN2RJd!34p1py2bM$2B#8Ir1SYHWEb&T4}*^x;yo}h>GcF5+ZXMKjRZ(~%WB#fnvGz@0iEKwHHrUuo$IMaqBB5 zTykJh^{mAA%4$|GOY)IOwIx49)_GCKZn^jx-Ga2&ac~xM@Le#B+L}f6{GmSNboAY821H)_DktJMyaW+ zVqb5C+s{d1*`>Uu09KEa$8v5X_-G+3}9xiWO4CE57BB+b9D&IWim+$1J#G!VtQ{ZZ$J(WPoYSTs^p7N zJzY(EbGbB;&&G=j!dj;#wk8|flZ|JSjW7&1wl?j*FE=N^P1M$a7Zb{}Dv706e|CoB zT@nZYMWB%{gcs_pYJ?)%v zldIGQE@C*}YN28GwiQiy&CXvkO}-XfeW$&F?mX>%`qcUOF>r}5&@DY(p$B!_J@BBq z5V%@m2>d?~zO{~9!`6qM6rvle0Jus>+!L&cWiLe{jNm%_rQGij9v#9iEIh zJTXd42KjI(K0x>Xbr)3>sZ{IG-G1I(cS!L;#0@%l8W#;|`}@!CdV1RQzmg2~AiDvU zbvWU*oCmo!aVLi8SuRz)rO6M3Kx>)0uF?VrCe6M0V59$Bz)6 zxzsaqXFq+as|nt939@!yuDQCTw?IEn4T}3OnniV?4nJ-u2a~1jCcx7tZhMUq{t=w0O#-DrBH%}Y>RE@iTYd+tguuSj| zhNpHSY=OS#+Q^B2MR6GA>MZE#87c}Te0X_V+^scHs;aR|x&EAS`c9ZnD|>7Z|L)+R z5x$nuC;tyTai;;S8t{heekT0hc@}pPq(><;PhY30CtSuqy0%}K5Goe{=FA(SL24xc+@XdE-~=LyBwA2i^j$#xCJ8z zv_Jy4z>E~I4qKHen;{bkbnW6DYWWHv%QZe`kWK?zPKoOdi0 zb5~dyx>Ejq8gX52+6}v_P*jnl*EfwtTK8`Od;!iB0w~GLwlMO@E=3o_gZh zSZag1*saWQR$Tjv*j4jUp_mhGW~q7@M*hww$x=ACkcu?sse$jHHqTnf@?xT@S)WDm zM*ik`>RDmw$rR}EE19YGqdX(JJ*40e5=B96_;5Xi>`TSM#Z++ z^EMpebp+M?nYo;FEv_&Wt5rC;wOxnG)9X4=&zYm&FOE<4_Aicij`lk(+VEP*$*e*Q z1y5o(Y_@(oWoFzb!$Z=C>M{@g>B-)g!S2mxn67|*aJsYmg-M`Mwo=}D%|~d5b$jP% z8C`J`#6mUAAXc&{s+nx9K&oj;3&7Nh&1hc<&Y!$;SDm1vxm?}lno*Qoq8mQLEMRer zW5TO{KH1sZJKG-&*1NL>uV1}rd27?X0-x{IT}5pik~V>06?_vV`W;o;M#CCKw!#6iN-kr}_* z+H5Io#DvS-yxRJ1Q@4D!TRHs-0b0@hM8TE^u1?7M$fw)WLyGMd&N zX3TxH^n;pv4|u7;7f5{!3e)Ao)x%9audW@g!cyfZ=d}H^vSRoXNS3-lzTl&`dPm7=Mj35ymPt-+3;62tQ>(UA zidH)-@jgQ4p*DA?&k?oS`Hn4f6Ze_am?Np}0=TmLF84FX#$*9c<4lUwyy}0q`CXfV zb*>+6d!^+SuI9P6zDL>|vAJC@TD&o|m?VAEUog#Cz+Y< z2{p_2Iel$k9I>oP{=(Jq(%#R(Gb1wXtha9$tfnd+>%YdO@LowvhG)g#~zin+}P&vxjz1Yvje8Lq=I?z19yy6Yj zzQCtXe|A^i>uJ;fxlzVFaV)+6>t$pA*Y@Vt=HvY@U*&1t|F!E~l-0BMYW~S8349*v zTw&|OEvX|0EQcpQT^#Pe-9N0yBmR<%BJS8ZJUsdJ;_TOxi=#J(=Le@Jdlx&qyZeJd zz22PDGCY){o!?xr`1a)R&C&kg;&lIvl27Vj=A1*}!3=&s-nA(!2gk2ZF3t~*@UQdz zv$s2qcC?;E;=!EnAMYHW)ACcjR^>DaU-sk2<=IB3CwoUH#}~UN$LD7!hll%TD|5HK z=IfKQqn-0UbkFyHJFgX_w%-wWQKtoLIpz9iYt8?jr_KJ;Nhl9^57?6Zzt6U}XZHVZ zZf!l<|F7{p-2Pvbn!nP{U!rHuj$i0@VRr8UwCpK``W}S#-J?r3@4)Q#hm{F%TS{lh zcsP`9m+{IN=5H6d15&%G@~*8~jH$6prWNn(F4hO(>?)`m8+BL1`E`&Ra}9VF0- z+#Mw_5B*&Z6M))Q*RQ!DiY)ABZ-sK>#uwfM<*F5m=_^b^-j;sgT>O;_0-Vfm>AS;tf_UcA|-ehy0{ysa03dx(< zMM56%XKiYkg>bL!ECl8=HnPmrUyX{f)aKxHx3=Cjws#raNOe_vU%CIF65kQx@?MEA zv^mC)AG>z^s4sSugHOx4T~s;WskuhN;b7dv}L2ghz7YVkQq(2a*JJgT&-Lmt`n;-WddecrLV3{p&r(HdEJ^b|S;O)-&{>9PBo8tw` z`_=i2=Jl8G>C>VUf@7htW^yhc_ci_H_cgh04$xVgzZ}0zF6LEMGGilWJGwuLSSXu- z#%A()s;Nyu#?1Ks#LN}a2O-h2H0C$}>xZGVad$)`ujAgl{o+At4g$@bWtuTE#=0XRi;Yru07HmZXuC393zDPCgK|`)50c z7lZSipAL?Hx;WiA|M~Oim@)Fb?7Fvzh=T$CclYPBlau9wNriXEN=j4ZKdp4&%bB#x zHZedi?XT^}*6F-BJ==eM@Y_=6c)-O@qgD*}%6@GluUHnPRZ+hnx|GV+HPT97ZoTNv zQ=s-7T)NWW&e^vV4}I;t+XYC!Y{uW;jT&_=O)?#XkNSJ{>4i+<_dPC?*9T91?V&7&N@dQea9p1X|PR*?CA;a_!5X}K}2 zF?{hRhHBCK8|I3so4Yw+0a0VAEueZJcn8aS;h;}@H4t{4VvnqvRMQi+ODkD(BGhIh zKcB2+L(!`AEgY&IfXv0?)~ZytjZ>dPTyxNB&@tPKwc%$G=9!Ud8R(YbX(9YO0e{>! z^FZ5X{>J-Y?z}=ZJNvg#AakvH&B?-Laye&8`fIB6>^$beR<=!QHc?dM=g&@w`#<%R z`JXJy0(8$OJe|NUfa zOs4z2-bk2nerab1d6M)BsaXf1A!Ew;%kp;zNAP5~h|xt`JV|i;jq}Lp5ay7Jq%fGpO|wNq7IAp8J2+S`F2ftMB4#V@ zu_A!QF>xXtL791S z%{ja)Z_@I&8u2y} zD3e6qz&mYtc6W5bf}_}>H|EL2I@Y~4_aVS{!L!Xea;?W1)5MGNCPPYSP&}xD1fmL9 z6j4&$$X|V#DQRRR6MJJlQ?5h$@J+`KQs?&m`q#Tf(G99dw`fi8$c;!)PogUf_lui8FFCjdy9?Fs zi1zsPpn?>CAtG!{4V7-SbrK>Umo)N)D`da(Y2Qla6JV@KrL!Z=7ls@PsE ziS!_oD{}3QIV{e;a?-g0Jk`|c5@I?$9NssJ?w;-G_r#LfPsJew@4;PBTe)8}viX3( z&=#OXDX)DYobe%7@NUc%e{fm10W`PwtFDt7smZeYg4S;LZ0}opS-GFQ_UCw2&apuI z@meaFNM$b`RuclW0g77Tbm3hrqkO_sLmwZmRhi-i#U}g3sL{_2R6Ug`9be@H< zi%gA7m6P@wX+%@#|6r;yK!QYE(cAyz9O%CDgLnfDPQgvDZJ@9##J53Yp*g#eDh}Zd zjSL90)@7OE8QQ7$?k*Wx?0sL*PPZ((FEDU7^s;Lv5>nBIz|Lh}?=q2>y$KU(Pg@{8 zw@_TUD|`K$&JV{Y=lgv?>B1OJ3`K-gTo*UFqmaHyh0YK$ob3b90j06Tlk#G{&7~W5&jS}Up+p!Oi=sEx`{O}m+@dn)lKv%nn z|DyO9BhrzcF+AUNUWBk83p0brNUTN3tQ$byPI(6a4HNc4=u({{mf|2clsQ=n zYk}TZn|ucy!ZD;bza!Ue4-yuktBEF-HTJ)^aO&F&x3I^p*+N=x!S7qA54MT7zEfg0ra9jT6YdNnGZmroYf6}_-EmVpYn=fzS(Elkk4eM30NaSdQT}y|``VMpbRDh*R z@e9ava~>M^(ARI9uec8+_or`n(G98JK2NS%^Zt3bbw>ge|9VPhCOU3mknuv<%(6?y7i)@Y0fU>+XuJ}zk+eIMA)3cL}AVp*F1HqU%A4hGQPMG zZUb({A{tXc97a*_M$)LwMq*61g(LW*Am}rRz(WSmR#V zmS$4atu<@j>SQ?vp7xW_a4 zDSZ00)RL!9;nrS}uggKryGz*0vS^^m(uk-s;DyA`DomJCZ%qm=uwSLEjo_DUV8V=EkXPT!?Y^>N{QG;LOR; zw=VMR?FmgofhDJmfn1bW0JP)G47|qq$aiQ1{_xRc3;pHk*9Fq%0lxFvz&~V+?&Dk1 zh{nDkOSv5|v_FItDw`qgtQ7Wm{aUEFxO&UWbg8hlJwFaZ^`&P^E4U4`RjPDR>ag20 zk!F}up-v9x9v-Vj%p+za$qFs_+OxG@L!_h7lhhdV=bn~YjMZ{j0n>mV$ut&rpdmHq zvA<>sj;%6UZ6P&dW_*wH;5fN1raW8+2UkN*1HsPgQp5n8V)j z0Ni^A^4N-!9VxsFx~-D0h0+GC-OqMI*PZ*d(SdSE69Ue+2s~4B%|?8~|0;Mpr{_LP zBdFLz=t2X~JT1WgA>^k|kEP*HpZb}{Z`=ykQ+R`pjq^T=Yd?|%E~QL3OPyRTqIXeXkb~E2((sdG9~I7!CMIXc0S4HF!y{eafOKH_)6$R zSPQHkn$_4dQy&XEJP5@0gTU}v(>Lc-D;`^4vUIX_u<4!n8q^B00pK5=9%58EhvDjc z)A?61^W|4f+@T0|O75MTZ@K3rP34${^{QSL+FGbD>=>|DHlhgBXaS1qo#vwgVhM6% zecc1cG8DBNbcfL)XII?q%qHiIrPj;0!d3xap8`*~;TRd@#q8mG)Vs(e{$sUK@O||c ziPR5;zF>Hna6-r$EgCZosRS{}ScEMGR>=9OblOF$0X)V4T!-+x)uL3Ia!CwQenX#K zZVOw;!j#`6Q}1H=DeYmNB<`LHs7+sQKt?_*AS%$Tur#zrg5MXrZ#8r#JU z`0L!IYF1{m>&tpV6S-3;SLZILu(yAB82aX*6`*-Czl3O)TqMoWy9G9yO+l$ZKG|qD z7COq^g~Fs~R%|xl4=GYWc!PvRS1`gDD1_ZaL|5?c=VJ2GwlqwpJt}vB(#o}2N38B| zKYe#C3@37bubV}~6^a7&e2#++y!%O*pYzK_nm1WT4p5g`DRXt;Kv_GWsZRG)vw%*Ovut9=kX;n0GSgNC1t8ZI2e-J4MiFQOEEM@xX5y^iA4oo2-T4D z1cr)}(#edc6qsX8tVr{D3{KB#Q;akYzT2%}ho5p0^8_P}6{o*x!kniO*S%^pMg^Qw zG7m+>Q_Zbp3eq4V)UTJzp}Ap-Lt@Lt6^pTxv1rUa1lSHYLpZe!r`6@dgWdh(!Tw^K zn#mikP>FeEEx{qvJ&PhVAB)_2=Z??+4*&rF|4`Uw=K#b2 E0Kc6%od5s; literal 0 HcmV?d00001 diff --git a/assets/dell/csi-vxflexos-2.9.1.tgz b/assets/dell/csi-vxflexos-2.9.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b0fc27503fa6bf6066a773737bbe03e3982edf76 GIT binary patch literal 9634 zcmV;TC0*JdiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhbK5ww=zhKW6)0t^#yQ87WXH*5RoAD=Bgqrr@#|PlGE-Ai zE|_ddSd#=70A*{l`R}*zB0-AO%W@tw=Bcw8i$Hgy(dce88cm-QZ~8C_;eqmYZ-SX< z&2SX{ZJST0)9Ji9I8gs~I-T;rd;34W`P<&X>o1cEL~FcUGb%4PxK zNr-1&j3elxK7=9a4NuS|y$5z2!b4@JyYv>kDKJiG+(ke9&mr1t?eDcZ=>N+9_(!Yr zLuEIKgD2RBF0!Iq*^WU7n1i7yYl;){!Q!0mH*k_W=#)sZ(3D_>8*_9o8H+i>NR!n-k}yL_FT|X; z&<_pbOUfrgB)r>hn`!eDTHazf_9wt3gD~eHcsrzH%G&{iVJnHpjXRj#Qx@=U!$UqN z4G(b*zai)A!@}u`Ffr^=-E(Oeob?*|FIVFeVdqkqD20H&Fm15?ken{7mWU_nMRuWr_$(c^n`jIN~G#A2Z%+yg=xh%C=}m zQ-KF3|ftb?k7#;3)IvIb0TH)5{bK&Bxa4I zEzrMpk<@Y!`2|JSH7rr+5@|%`@58_^A|3X78l6H!Vj_wt+@3ii9{AmZ)@ub^+7-*N z29mRnrFH0LJZas%<a~C!5F^ijR^$&^1@)r`1sQfp8+jQJ)yg+>z;WQMw zb2obt(($PTpZ_wCe?(b?MHKVqMp{)hs$V@m=P2}IEZ;6s~8f(`xl)RQ; z`h;~+dx}{*B)4tzN|}#9cRl9Uvjhr8OHG{A#0L2B5Q$j=Mw;$P7@}KHts5_t5JhrY zkzNuUkrC2BB}^$9T=9TFfJm$Wn>CGm>4jIY93I5ME_xX8`4Pr)gay)db2%iX-Y?TI zyrd!VXI-TKl|u?Z0EuNzyQcK$FR*pp3)|1gW6_E+X>PghK{6m?3x|Tp+6XCbg*ocMi%N zs(&ibRY}Dhb6k=n_pEX~@_pdEi?AFgSG+JXjDvtk4S_=hv0y}cGnAnTcq7UZS~t;3qgB$5WOu`PL=(`#2)P7I1j6CO4kxh>+LTH?f%6#~ zF&bGmU|*y-3}@2aN<+)R81B_;Wk`i&Pv-PX6)ZLUEohdYG!EsOAu$&$^#ufoiV3iL z!mGq?Wp2)Ms=&`72t6zb{_5k!SsDs*NdvRc1w~DXsp)brl5LU@r0>J6&f+-IimUNL z_QIyWeRK8k!mc45@wtTwo=PPw&0t7;!O=Yt6V*d`;M$mIU&Zd6&|d46+C2quncjwk zPd?~L)bS}ji_*TDsF74bNI4dgrdzqK5h;tUg(4jJShM#Xy_cfBi#U}sAvy1O4jl0` zNhlL`&J68J!O0GO$_0&N!vHu@R^DkR5jX)bUm2qa-^oQ}wpZFGAPfbBOAjg=$-Qcv zFwlZ2H*NTqghVKNS0IZfI;Qpl^)hm#x8}Ue@yMMYBm7P_|Ba^BM23K;riav1m|J0~ zkk4$}DlOXWOouoPMQe+!mC0&BEXeGL|17nQHE?~i`!g0ljRRoeObWGG;f5rxsg*D2 zeGH6GNTOyikuC#Q@pm52KIhj9jv)ayRprlJVF}z5TawpI+38AZeR3nNJo+%MA zEOn;TB~0SW$u9Cp+dry99eS%E7awpbAr`DL5(y1{kaFdxOv-Pf-8Kee%!1JP6(g>E zP`S9Y3W=;Ur0jk-b3d(rYUV|2kC@8#ncm>7MoCyC2c!%|_~C=u>}VCjFM&zD(#>4? zz!gyK|KbM{rIE86v&5*Snr}~$k7JZ*4JDc5I&~)_1Cem_Z(tPlF3|AZ(dj7)z$XEq ziBz#To@Kxl!wJ{UxrD6zSOpvcx$vy-YLJ%@Ds`(p9KsP!)c*H21f`~pOBpNCG1KIS zDHp)hko8_bzD6Owg%JHv%ef!2eE?K0|5zDh1}H}VbBH?gDxlL?Fe_>=*~~}TbR1W` zlaiY&hYQw#pae4<$$bHDI01x)3LO+;1yul@2CBnV{x|Af^*M@CF64wry@=J`!e|Zi zgH#>bh?GJT4TK~>bI%Pq>;Krzsi%7AXVMqpW@Ouht3G@T$7+7>ZCuEX2l7 zUS`m&&stB;j`3&L09%@HZ3^V8j0?u6)y*BGJsJymko%YsdFV=eI3f>ns+9Jk48=H7 zntdcaFnxq#;vZ^>tjtct1tamen&2#Ws9x8Tm&YfY6=RtnM8Y63f#AZP8MrIG>(lEX zZ5hBVb*Sajs62#>_C=l4aCB7e%tZ5+$gysWObAcTk94byYFkI5{R#MYW{M3^pT>Hp zS`Btih}Q>EwZpELR}u?gQ@MpZG5;l@nxQ)mNf~#|%${pAGot4A+Zjq@BG3-sjdmw? zO${D!l!UVVn-1SaucKYGH>oE7O-GL_r&Io-^qQvZ97mw#z{`T_*hrWaQtkKw_9u2Y z&N8#!yViKEMg} zv!X&oNl0gnDu%lj3Uw9`Um~K5_8U&De%X?+ZmDU$iF&UAk*RnmRJ~NS*TE{O_XQxA zt`Zf|aLyuDV-P$fIOZD~z&aQiiwrH>VowdY)mVd&6gEe;ThikiLI}Q~&Z*kHbThTD zc5fq^T(vR>YkEgMa^+sjdjzpi0)47Bc$lNx5XX1cg31vnxRvW7!piHvgPEsY*8~&B ztJcT)+~QV$DcByPA+++%hf1Zivb<2vzMY~w zT9Yw|aRkGDuehz#KRYLNQc{Qg-U4NlL0TSX)38Sd;2IG&9dfFVm=)gF9CuV0MBTor zqeIR4eYi4tI&@@0@xy*kf~lZxsdIe_OwTCVBoJdKdQXYyzRj17B|5dEk2jxX@!tY&5Cxvz}#~B#chyr`i0z);#C1x@gHvOD^f= zIMhvR=2=g(QG5E_QwWF>mF8rLWFV(Q`5+ST?F{|={-lqBRLv0wktPNjWBPdemCb<`mEGBGMetS_79YCz_)Y?yZUUx z?25Bf8Jr3lVL^O#C~nq-0!70hPle^JhS49E2JISH<1#miS$MQea+NFBs93g(0nDx9 z#m!5zVD|Fmz5NT6&@jwGf?d?h_7f9&kLXB1oTcTsX`refce7I$7XpfGogW`1(T4gLnh#0 z4w<>#25aS=#!fp zBCX|=z`f2A)n~J=QdJu*Jj&?tMV9!Xa@O*EJ!h3POeS)rP`U@9a(QDmHueu84>di{ z=Y&)L?l6tXLs#XMvNUe{oXG!g$yZIcxjGwG6ME?8>=)WZG=M|r0M~uT??`gQ7@qZL z9D^_E|A0dhsF55xzLIHgQq6T>##3<^e%Q{_m)+mnRgG2JZ3W0n8l1|ps8qv4b);!b zK%p@i$CQCSqYi=dOB(Q;OdAYZiLXw+ZaWFnF^PFLkQPLK=2%P4-)zo#71S#91RMZU zp@;8}$+gPiMLFZ%hQP`R_jKpw(T_#8_pucX# zdww4O6z+e@En0{L@b=9F!UPy^iRAHDL6_YB@4V^!Si1lDW`FvW#aYy!*tyLZ|0p9v0zs24h!XX3MLgn1Y#s;G?3sYpQw8?{&F&>Z2GNTmfszGBBeGOg(-P}OsVp-PWN-SM)Q zglcAU0h6odbuD(6Y4Af#qLm5RD$+I=Sfq2fSHNM9!Rl9wX<-t3R~p_%c=UL5F@ne} zm@h5KWrpQqvaWPj&hUx?znoV-Cw8%~L&|pMrAF9lMNCEBRvi+FM|5K$t6VTN__~s` zp#arM%L{Z1A-&ht5%S3HYRoW|7Z&limQ{s7at+4{Z7LX7BGIW*F@GLkLB4$FbK-Q% zF1$8(7rm_!+1wb+&EK4LSbg;xq$|jL@q+7PHSETCX)LN7l$<*&3;9AzvnhQGmhU!X za;?QY=RRz17oJ|AGO^#Snem!s@d%d%Cj=e@#QKnYfwosSeeF*wq(F2M;G>u5oS3wn z>}L0tP>sAe8)o-Pkt;Y=v$XK~QN1p6x@nbF&wzZqr3p&rC#Y6SY>UjrqEn`5MO&>8 zF(SMX7ar?bXB*vh6=AlJ^L4E3^rdqZSz7Df@T3$ZbEI#_mT*`-uGV^KBm5gXk=D1@ zz{w`ts6{UGIu6<#+Dh$`Nk##LkxpLY+7vWxWvt>S5(gw6KVis%r?>wEUzn&xWpGB) zy<$*iwXh7MAzZ;oqMVP;tc=UfzygjqOzr1aPF!ZnncIkOtBo{^6PF!?0<}$46NxU4 zY2HOBmDWYbr;*m0cbMTRDV0Q1$Bp**O(D!}d;Z@%0l#ZCz*tBPAgYW|>C)ayw5K6) z!LWewOj9IVka+xFtwwuvAK{1hF`i-)$`N%D+ABI5+)3a^x)g#s;LgteSDYfd{#4Vf z@@?}hDfYlx9LMugVw({}1YfY8#H+`3{ zxUA(a>6rqShkxHW>i4e(!{N*3e8cJC>xy4>R;8DvRl2?mTC^q&rYdPH&Uco9 z`(>nR{ZLS;=LR96BIy-{h1M0c?CTp>d2ON^DRV0YeH((dOr%URebdVm69zcohx-*x z7zj4=Z21>Y6~8^)R$W0GLok+gdI9Os}Y8}s!E?fS3utc zY8AMrS(Q1MUvGNDlbfr-<>^W9==$X1{HAwteth!tP5JviF z`m13PHpLEgkuy{7%zpa8)QvKid6c(Q8L%kVgF=Z|glrvZh_az-Ry^hLEdTPb}m39d^0bgdL zl*K;K*LEfg1$0(-Ckx${Ih3n?V`LLcV4;>v`_$Ni!go==5pQ#|ZB0=Lsp2K-j0;#@ z(}@s?2XT;45{tv`+s@l6J#D9@N^8_kKdDe1Z#uk2!Dc%CZBfU6mpiq3pXW(4KV15Y zQTBCLQO)(+x)oGxzMU2H-AsISaAvuV&A*wjEO8@CnOQdJkC<^)?SH|Xqq#}n{**sf zX>Q~v{%Jx*o64c7nYl{-kZQP83QfCBB+%CHT&i(w!*4_Io+WEhj>7sG3PpPBvl7-7 zvC?H{T_kpekawZm6PvfotBYTMyLoppysn=Arh}o#$LwBsg@>hK4}Uqiyy*?Du1}6n zdPmoTn-52)Cw&#HS{GUE9qd}KiZ|MmpEgSZ^|l8-t>*B`~GB=Bl*d^H%p``Q#T7%||J zwe&*eI@5u@1&RWM->&M}uIT9%#-WQ1c#KlvIn@9*!BvJ)JvVEIH|y}Ncp#U3al$@E zNi`R1DHE8}U#eq}P%igVvw6K_8WtDa#u~||QH0~5i+)GV!Z%-Ae9}aJEH{^!F+4N8 zovTn{#Gxusx77kCXpwI14Nqn#dYuJ{@`?QT?4r&K5nTZ{Vf@KufP9hDt%;S;}MBb@8?{Ksz3Br ztG_ELK0O&;f4De(f0og{0nMsTt91WP2^Syihb_w=fh!X}|4p@eyEi;lW^chkk5nE- zRj~PyE84=b>pbU6Crj6ZU$1X2uLj2_zg7=v^Fuy2Vv~PEWo6>FM$|kt3-kReW}u{) zm;AhGOmyjduM`)ZXX?Ab(dqTOo3o4alk1Bsv*P;8J+-Bn%j;wdtg_#PRA0qhfjds? z<&5~>_ZQbktB>D>{kWkP$+*1uIJlDP?`H7p_2BCK==4VWqf2GI_?^@umalWRy9m;P zmQRt{L`G-~rG)X~N363f@p(e#^>z_&)q4gwxQN4wT7waLGeUG#TA-9wbdf`ki^qnG6sDJiI8O-bGo zCZYblD0WT7BJMRM{yDhvAp)X`By^N#wyUq@fBIAlLGeNgqpn zV!mqj`0`In>%YBzHCO-b^_$nv^`E}P<6gHbUjA%n<)C`Q6J5@|QM@UY=NDul47o{w z$XB0S%y0CRtDd7Rrt2sKrSIN49%12)ZLV{xugpFTCfWc}}T_V$bGf4}qk$LIQw zU*xH*|JJjdsaqOTwe6gOd#m$;`DTIwK6T$Jy)a5^i|iE*2I_f zS(yjVp4eabsnP%HD{EVD{nWEq|Gzpo*em;guV3#UJnR22@ocaDrxclQsq&|yr>^Gb zM%5uVC?~UFeMY`fRmevb7G1w)%bN8?*BQy5JEAlq?gCy3ULycx)6%^CuDz zrmuzIuv%11{5ip5vNJ?%&M^UqgrzV)j&`eV%PN4ehi?9&LH$joEnfGLGO_IH$967lsQve&uWQte04H+RVc732A^+&|^6KKl;AYtGtx0>1 zVw;3Bkkl=w`)VNfl^c+qAy`Ot(ZR3jSoZK2Qn~1s)B+-t>e_4TTx(hGDt+0#XXd{s zx&oLIANY2V7h~T(CvA`96FIV*io-e*(=r-NlY*bYubWCgcgsZmHRp8sQbX(YiuC(+n={>OH5FXI5-&^G* z$3%LDf&WxdHJvG3!9IHsxX2}WcQL%axjdUP~NDGMz!GRV0!;Sm|$~~q>w4k#TT(733 zyY_7^L_MUc7TK{y08=kmr0dcUcq=FcdU%_~)C;qw9Ay{t8V*8zR5WeH;RzZ65gT;u+kZYmKArEb;<=%{t}Gcr;nG zrIN$B3E1?;AB}HhdrMAjA%O)>monTEZc#<7vFW`r&}Z!e2r)~bi~4E{N!jdz^;G8O z9BtK3+~dhwArP=Ci3P@-cFf5pCk5&DI)GcPj*ZLkn- zS#c}_yKtD;IpM7j+#Yy5Zz(EA9DA*p3CG{WnJFiRiANCIR4?55H zf4{`j8=fFt+y#v&b7CBXqXaX7=*XOhoS~g85Q9vS7Ia1f=?1+-G=bRD))euS2#_6r z$sBxJ0tRUf#<;?!K2$h3>q#XVq`u%Sw1^&z<_S43+QCQIv9_ORY-2 zsZdc!BnF}zOZ80=$Aa+DEIVroD#qMGgP5lb^k_76%)pK-Kv*E@J_sc4Dcae8iHPL} zSJzn*Du+gJ7|u|dNVFrGGPHA0Xc<5P>Z%~3aVgNnXIwyJ9Jy3)q+6)rq2JBOvw7%a zfl*Hl^pBm15DD+L+iLeYCSsD_>K$I>1=Qzl^*>pOskUK^&cT~N7`3z5S^GtV;}nOU z+#3Xtgme}`EM7_yv^#H#l^EiXcFxewP(XqXUT&8b^U@O&FgaZ>8;wiKg(C=-EX$Z) zh&kT@zGYI3G?W zy&0(*Ma_ow+96J(2FlK6vg4bvzSZ6Q8Dd~KL>z=5@tC6>TiZ=#LD0mxsp^^UPuf2o zM!eZ55L*5KX9ca;=5Z!W8BcA~0s9mCeNXeb&wLEJLjzepbW!u}EuT`AVzk-FzP9W< YKhMwe^L;=6KL7y#|8a8)@c`ri0ARk+Z2$lO literal 0 HcmV?d00001 diff --git a/assets/dh2i/dxemssql-1.0.5.tgz b/assets/dh2i/dxemssql-1.0.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0ff34dcecb6c4b64e17f427dcf932d700b4723a7 GIT binary patch literal 5075 zcmV;^6D;f>iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+}bKAJF_qS&B9rn@foP7-`$-mNSrf;5VyN>4^$Blf+-J~5K zM6M*9L4XE8+q%T>v%djAQY1xNa?Wwucg7zQ2?C4V1+cqVED+sbtkfmz>`jT(!HmT0 zo5xPwZnwL;y>0)y-ERHAx7pkIrnkMb+uPpS+TPyzrrX=|DPFzJt)T0*B2=NIiMDyKkj1V& z3vU0_CjC}bn+aK}G)l@Rpae@zJ-DWNYFiwlys|7MSA;S$qKxVpOr%H?)uN$kVybnb z`kjs>*TID9X*x<3%205PTnC|uJJEELcBaVUPE0885T#J7j=|;pSWLwEQ7Cwj@JY*X z_+2xDO-)TGN2&TPA224A^+BacBBcHw(}HQL1&}fF)h2~K5hsMtS^%kJb3}{6wT{uV z1p7degwfCrxmMBHy`UTHw7&La_#LJ~{$CN6qWU5VV2S+S>}~ey@_+N?_OtwdinIp% zI3_96;0Az|V)>v5+O0J>n^FZ-0fC6@6FHAn=B> z87S1C4VxWlBV^(lwt$We+YJAZN0xS_=!6^AsDe3`*@Oe$P-Pjns7Ttaylfw~+AW2l zMEyO^R3CWCSi6PXblb5Y(ccIoJTy80JS|i7Tu03{mBH0CquMQX$&O+&!G6011{12#!g=fkqDPyOC(Qwv>0lOwMWpdZx%@s;XBQu7k2-Ls_O(t+X z6$&BB#wvB6o!*_R=)l0xWMWixcXQLXV@-SQ*6ZQ$AIImXNBe#7_VEgtNGu+My}g6e zv-5)=jt4m}T+zYd!O7YA!O7rn#|Ng;m@t(yqoUmB?1*l#nH^R;M>lvk*%oDoY`eAp z1v@`#5>mG00t=q5N9Z#N$`Cr&(o%1QO1f>de@;FO@CG&r4`{izJ z{_kvWzkHtmPmw-;?0na59o!_un3z+v%X<*xxqTJ1Ti!tR!Rr13BvkLe9~z6UulWA&P6^JcKzlSniI zDOxdh$;_+{nDtN@OVHvUv|I1dHDD`f(~KcT!3aZ=8oN!z2;Zk8lpM8LJs3>K6j`Le ztYsLDsafP`;Vkp@(af@B|72*&T4zpz;YQGI9gQLLL^&v-u#Oa!nWr|7YPhD1nN?A0 z)# z9bB;|Sx-XE3!N9EO^xpp5i-tKy?jl)v+n#q&-vP{?7F3tvwE5*nN+5O#Y z3zqu0PE?ua?m1iaz$d#FBq4(LCl9=H@AGDth-1MWrs`fyU6BmcDY7_F(~d>I42GWA8?S>Kx8HQTO;|z3A9zq$pgJPX$KawN~E{X{pP|+#8i61{U)cFLLsnEDU z|00~2a5BNjAI%)7d^njEFbx+WCN3D$ax2$TBAqf;(uSTxqkCuToH% zbaxEvx)M+s)g%l>%C(V*slp}1*(w89_5EGC^=z18$FIYc-j76_hsGxySv%jdbaO1R>>`vZ2NVx^swytMU_2t~a2U39ZsjTd&=^ zpgihBCS=>K7&VEACf1);$iaM=HVT73!0oNiM!pewwh3dR+4^qlsZ5i}%}4r~B;zp+ zbI07V2njRab0OV#3q+-f#&OCN>YB7oMC3mJ#R5NoL`bbHd_N;nT{72PB83*AV0}2- zJI%6$(XnQpxOYwD1odepH-{75piiQh@+Ht-{^jLg7NNOZ-}mnleqVdwKBq@X4f21A zBx0zPudc#JQ2@*2e{UiFV|Qz3_gVfwMOw>yJGb-P{unbN(5&4!hSs^?k(dWB{CkP} zMOmN4TO6JC;Y4u!YJxnvVX@#;3%Q~Mo>vUBioOn$rIr8Oy`yp(EmZztzh1dlu1qFA z@+c9M>m|+ZbT>B_^uyO4%+Kk;sX_jiXU9|6|1W#py8m}~Yx`OLKS^4v>}LN7?DjVd zvmr1<4OPial0OB*l&S8>CXS*a>sKg4-&?n%ON60m7R|S8j!A>61 z@;oxa$nv@Zb7gAUBPKeW9+xqG2+q41(0sn-K+C){iB%hTNE3g~ngA$RV_z^#CDpS% z!8P9K66moylp;;~&@<*(o}YPcQO>bgSfiL^gEac!l^B?Zh6M9C2)MoNH@h;)vwR_(Idc{)^BU-ijctUoQm;jXWuy5m zlIXpp8sG4+KuDqzsSL4YYy+e90N+s3(bV&W#AoaCZvCrvqQ-l9U zo6feszCxWQzu5`2%>Tc$vsv^1yxiP)NKZ&Myb-rXc!7I1%TXStJsEbEjyL|4tWxi%989HZ! zw}%I3=f;>T8)x~-ewCi+dJ9l%HfEDibEiSGx-rve(cWv#ey$~Zw-x(Y7Hn?Qzz45m zY?2XCQ}18y8<7)bKKP;c0=$~>Vuq$2`GKkMwP$*BD&&7)u%#0&BtCW<%g%r7>~1fd z|J->#|M?_o4Ni&HD7igH==vY7r^sQHQWjA@frNw?WMU6(W~V{3ladP56d8jF6C>vp zr+o4PBr>Au6+%Mvw3JVHWFT;ySOE^}iNrCz!N{G4|F4a}orVN}{O4V)!6RJDz&k@mX1*2bO$Nd#q(@Dqv78&Y_cS-<9B)muy zd$d)xTi*rhIx&AEa$){-Y~O^WlXmO7|26gA5lKa=;AsEAV3A1i3x>Mg3TT9+lU0)9 zmv$?-QlW^j^Y3LX7xVw^!C?ROK@dle-^P;pzq!4z|F^mI@_GO7Nz&T#D>2%wcFRtC z7s?)C!o*AgDQ}D{9y*3BiW)|PjQ;F8`rl>YEu-)=ukbBz% zcgM&}$2KxxH78sNu~4EhASq!A)_-2`qx`&K{c{#<6PET2`?Zh}tp7Z>U4Gthc-`q2 zwgT-=p2WtY9V5}HL}lC8Dd)%(xX{bUKz~!XJoj$~QA|15kZ#5>GK?Vbp7KasD~O4a zuNc6Q`|gCRDJ)YLyW?&q$)JRU!^m`W$|Im0KG>T)A`zwrEnE3t>-QgtzuMdkx}8Z% zBUGK}1`8f^XbFW*bYsI0{Yy33a3`k+QA8b8aKzn30ydtg-8!nHYh%IPJpjeXOO?rZ zOL#anJzFD0PZ2&;dL%DtG5vg^=8J{SJXpx>fcRwMOV`R;M!T=4=v&LrBE4bt9*{ZZ z6%OM?SJ~jax_6~->;n*nrg4={Q3|php$0(79<;~D<6@199SE$~6unf^J zc%#CGGhHIoC}Ya=dnAhcBgD9JZGsbJ!M~SAe%e&%f087=L=wgL=r+JI{on0%>-PWl z_H+FIlcY5ml;^vR15xna=&!P%GP0r~xYqY?4mKcFsA~2?rgxj5Hfnx54<#|GAS8^< zKw^}J?if-i;)LN%HgiM4$8?fPC#NE(OwG%bPNr;@3ocfP*ccqDpek}>a)HX^FV-_^ z+o;GwUfLXyYO|)9nWhAX_rt&MfsjD>41~6tD2+!b?TJ!@mqeu{4eb&rHzR}$rzYD8 z_kwzg>IGa+DMKJkiEM+>5*S?(9%2OUsFIOrRy*1j#)L9q&8}37ID;v`o_nXiB8XI* z1)Ei*C0;~ClMzv-%_*|PG!v#ui`Yp1q}Uk{$Z3H2fla{Z(*un%BKcoLH^uxIDPLhS{%-%{#zu> zumz^(VOr~^ym!Ka9j4AcRiQ-Gwup_%DhRb5ZxM#UA#f3)GM0_Pgh;~=YZM!8Y=}`W z4EI7N(nx_{Fq*)-(-YIq>$$DzxD^`Q?Zh$T#D;h0)9d%F0e|1A(EoOi&kU(M5q9ymO4Gsg(@xZETd&L?Q(L?iyrHKo%&F;Jd zsPcQhZBpiVX?Zxb1xl=UHJZ6!KEJ&HBRj!u`C$qyI7MERwrQLaUC#rs*lZ(@(Q;HT zqq9n7!_m?*xd+aaILK`TQxJ-hW!mjg)J57e0761Um3^G+U~5|`Dy$hI#;y;uhL~w+ zlr>}-gCv|5<1q6sl!Dzqhxlr|VNUaL<~I5sXDbkBI=Ad-a-N;JMYaU5N+hGVfL<*O zF-LLWA`MM;2}R^-Tp9P?iMNRGU>>Dt*5oQ5m5r`5GLdK}YXE;25@I0{=-g5C0!#;L z$S$aA_AXeHyn`tt59CE2WteXXdp~*E!^tA2s+*NLqux!0(qQj9Sgk9|^VC(gve3LX zcn|X%WSsDfAmtItn(&!l1GsXhA1=_bXzf0jC`(6<@Pu9=cUS2&5mqO`-C6hm{7Vsq z_mJQ`s;h{RlAp4n8?s?y^+1xa8ANVPIylVyXo3e1z`qu}m=jQ3c65T*u;>< zigryZq*aWCss#cZuN!^bb{+AHpuD2i1jo$bYC0{8e2w4@NB_*Mcut8@7dWf;U3QD) zO2jvWRMgCkEO*6$SBlKg!d|txC~Dk|qGKuII_CK`o%dl6pwdyNa7HE%z+00^ z-PTwI?c&zfd(f^9q{``)4C4bgg;yInrIkLqda!Dc zVQyr3R8em|NM&qo0PKBja~n6(V7}h`ihk&QO0m~7BqdqSvM#yP%GyL5+tFEyQ+uwI z4bC)4#28=#U??+||N9kyd4D0P7t7f_;e$;LfbK>EXmmG##*#4Qiv%UnLJp4>MCxEg zV)oT7rqO6LI@sU0|Bpta=Ks69d*iRh`%ezW`+Ix)`%k_ajrX2DJ@^Vnw@E}_N|h$^ ztI>^dH5>PDk_hKQ6HNtI6AvIHnlLdBLZUUpfQn&=Qqvj5XaWh5nxpJ27EzTjvhq2J zaRRT+sQM`zRh{MEr&IKoC>0fa0z2P*3*%t?w_xOtb~?*TWJnZd@N1*iBME(-Lt5^7 zBuUCYN5RwJZ(f8dlr+%}+4+JhSRjibG~*p8SDG-UKraxU(K*$GQDqwec_TmzhzTci z1i~XwD;|0P3PXun!Ay!6RGK70YK&k?!uQA{1(a(6Kc-WZ95t!{9z1}N6z6HA0Qh6!b%In|4F8iXPqnx@St!=Wkh@UaI# z_0En00$K=W0Hg{bB9yI6v)&^nMN5Ux=F@Zq+Az+*FfcC=7G#MK zN+hPygo9`^t89FZB7jG=?t5gJshZp*d{rl^%HP%2tv8KtcETZ3;xW9dQSmMZuOK3t zOo_q*JyDQIv7`}7n66AG{Xo=$9toMiYmzbzXSO69^Eu^M={Q^>GZ=z}sSpa8SQ3|} z(l8RC8fG|#Ia2j7fE|y9W}tTU|L`L5L%}t2JxmiONTi0lqutSPbTAC1ND_?vVhH(9 z#=9S$jCcLNvlQQUfA;rwKkV%W37>mrPQLD*k};uN6UtGliRS~xgt7@xJ`?}DN}UJb zCTM{xIQhxznzMS9-~>pLFdAC%;}ycdP1!Fk82>*>_4R*ASc>Yl6@U%v|I_h!)L8%b zclVy$um5+EB-$BxBvP&?F!nqelQ|kyKw=^k)k3Z&Fkghyt@61Dp<-B{&;Uuw*r{MN zTutC)_EP9mi3+({)gHi4OO%pE=oVRv1T>k$#X^|12xnG~QkU(P<#HVlJTQePFc@S6 zo~DdBp{pkF=2t6Xaul}MEM=_q(NidwG{nO&wC%N&oh29=1xLZf0`&qV5Xi~_aRosw zM9LzV7OS1nQS7e?Xqln~bXclVW&tEoWd1YlX@K(ps%jT}{ABB&FVIR)5VNjY23V>v zuw_qXz=Z~d+NvXt7Rx@F;$t8V5LGZoZaN4fNEPLC3pnQuXp9p^G!|mp@W?IPM>0}b z+dM-WRS=VvMLI>0_F`p= zm2)@JP4D~oA!KRfv|*Ky&}dg$Qa-oY0RQ7i#IYI132~jzsM2O!RVru!bk2p$MwGum z!t}yVq?n>Vr9ARU6iHM~&}NwCIkvk^1wbApf^rR}rU4$n*ZHg-OuiX?Gafv2c#M`2 z3O=Lr2H;bo7jEW2Stfv=I9rtij?O@&+7~lFWU109GwKiji78=hWu;9v)s1M$Q7$R5tu1FJ?9>_<)U;{WrU?v; zI2r7etu}vW?be2{e%1;I7Z|?JjXpcPTzhL=j7K>iFNh8oH=DW(q8r_2yVOF?M&KVL z@vZ%l!+qwA5hGgQg@}qpSAC5<6cNgAL&23`c&E);s zOiwX`9fNlVgoK@}T{{(6Ow4^|khY;&T5Pvk0hG;uSfZR7eQ0HXGcli2J`doCa5Fq} zoRQ(w&STgymXY}%O_O#W8#0VROS#5*-URp#M%g+T3Mo+~!p(RHQ>8@=78+PGl>tw= zS?BFCUQkmu$#PR0Zmw?`aVi6uiX~>~%c=^9LPMm2Q`l|d6pk>tO9IDG!x{?3uV5<>rjGE^(2 zF|Me@GUbQrrQoJO^YhONy)t3-kwl3ph6Tf9&tN|L4j6)6u>E=PpuT|G!-zOHisnCpUHlZs`BL z{e#^`{~zp+?)(2v(#Ma(N8a&=BzN9a9Z=Q{7kH0`pFVjXKl)~Uq8wpRx2H^v0r+JZ ztGfqoE7_<$5WIG7<*GjpF3rNuLpa#8KWTiH&Svxj4EzCPu#Cp{>67PK8jqZdixe1U zsWAh8PYJWzlR%QhQXhD~po4A8YlFeG#F(NXF)P0kacyJDws}U8MNa)?G^QFe?;Ta} zwcYwcc=qzllr@T}(Fz_0-pLHIjY$W@*w}<}m3c6o6HYthY-+dNA|MKgB|f8e1AB94 zUCClPD>&Npa^{@t&EJOWOcikcVp}lzcKdEEX)Ji*fCR4`qg>sb&f3Q-5|>EI^$Z68 zt^EI1g9a>zbo)Wp{j)aoDt&5ZOSWHS`qTDnHb`74s~>LcTU)m5*k*&Oymr4ce>hx% z#Dp0=bMV&z4Bif|KAl7y3!dq*o9J|<9HGW~3)Et0X`jHykH#!zY1G%az@hIer7|7! zd4?jWjG(O1hs8dC$sw>qYOO6dK;=!u4`mB1%LO>!{+8yH&P)4`554=hL-+l6= zssA55-M!cU?jkiNXSw;8O{Uf4?#RpN@C;@8|zrr0Us8k|b)l9DDC6k0$V} z7y(|4nnXmCNpVo1Up=X;&}PaOu2K&Gz)FekdaO_YFM(4YA=j{PAQ)3CJCDL>NYn(z z_N-v$o3wDP&-Qr*(OOh(owG!F;E2vALI%Fl{v5V-59i`85mEK@hXr9$<8*CVTZ?~@ znAI?UQ&y{pJokasns)8R6)19^b~dJYz@{Xlb@b*YZECBF>xNaAav4;C)%P+w2`f9R zu|v{Lac02UBab;aza0Nn^Q@?|mX;oRR4*~(-8y7+s|HOhr70+^sie;@=BX9 zerX+VUFy^S6A{I3@A|Xr|Kri_)3*Nq^j`nJi`1A0<&lLTKU`=1jHQu~jS9-=K`0~& zNrl;Ll+-mF~bI@xIO7-*4^VTKLYM+WYz;_^>w`RqD=!G>cVS`PB3afptGDQQBj9 z7esP*u)IU#ZT586rI%_m+di)=0_auK>jqe-rrxs0Ivs1a^=TXvxoY%n^G>h5bVQX( z?M<#S)$WN8>;>=wM0uIPT`SSTK`3EYPWHMJmk!s*kMBNyeD~?oUtDixw!QuI?$alr zymD-`S+>Z@iw~~To1MPND|cxRlw0iA^;7ACy@%eKOxbMtu6I`1dT&j!`^ofKCKI-L zX8laM(+QJP_a8ZNww*)UFGlxE(dV8$x4Hs_;%}&e1MzIe~;Vy|4*OX+kbbGwmO{WH_SgdC1F5Py%3WAVdrP?{u_4|GdBT`-0kdF zqSO9s8eTUw@??Jbf3w-<14-!jg)!*EfFy}^?A7+Ld>ANAG|p0{P}_VT2IZ+3`(=r8 znwOrV&I&QA@}KrXZuZ;V2`&IJEdFp@9(Xkg)uywPM%S>`HWoz*0lrFoODY3-Sk%Dv1!KYptt3U)V$xrzg94N*7kj}HB-A@503 z;c6+jJ(^bq{=J6v@09BLUofZI1%zK!&|R9dVM~b0L;Pj-s*UE5 zNMXdcss9{_!9U58Kxpt~6&?ll zuUetgm0k!A)0M_hMCd&VlGU3~M8BF+&&9l`%Ea7!Iwj$IGRNZcZ$z5UFUS(Pr-_`S zuF&#N)PI-u4&BMKV=tf)68rsUPBmy$+6HNpT6yQkXXlTC4>2>@-xo2zrYm?s!k^B( z;Mv*RGo5jxmj4Uok+@La`67*{Du|}0#9Noj1OV|OX(HEZ)c2X zU;UmEi4Wnw-kdiBzivQa%KMe#+u%5CMS$Lbq^#gCw`+;#-BJ|kE60%bx?@OtSq$mV z5kVTLzTNQA*AE`;bq0_AETN-sJ8<-84jb*6f$^e@)9iVdkX@@kjtOOO2|r5)m)<4# zzVCzkFaKe`SEDw=CH&7;eCO}r65!HedgUTAy6Bu<$)yRrt3-}|XUjTc(-8C{uHX{P zoQ6wymYs_>zlvQCLx`oz{hR++`(^*~E{k)=a0$YC1mF_hef;#!QF#g3O#-WmUc$RK zzZN-7ch4nE&Dg$#cUq=cDYopZ-#q<)nT7E)1qXwoU`GUo&T_4b6}58JaJtPpmAfCc zI-6tmHX*rdBK_o5?*w&nrE+_;hoRfBqIRCWr)N9Psg@XR;IFQtSpcwpnC*K(-6gl) zwYnC7=j+MrIil6q{%VA0xHLk|lo?m@%L^Hu2&;EdIy$|5eW?dZucv9d8rfb%&%o-s z!rwE#s`m;yThzEH(p#c4)AO&Cyu(zBGDx#sznngiI}NkI&2P-&M0s-?(U9k+1Bd!JQZZL+tmu%2kR5c0hO8=P6um@*0B08I)bn*R(2I|hg{FW+Rs?SaBc$#X{87mMr zDu0bdDpPlAg8*?}(JXwlqS0n6(= z-ubQ0|GNC|2*+^?I5wUCe>!f*e>u31|92;;xrIp*iXSv``%Xi98`=8!Uu7EOGqmOx z6}+~?+1fKKBhUMDI!r5X#8U94zg8-))%t ziM5;t6BtZ!CM5bc(@JJ4_#l6?g9?65V^o^N$pm<6LAq_(a_HAyHLBeqm_WyiM_Eg= z$QhYgX+IeS@yFWd=Ty0@gr$Q+c#?^UY`gjshE*j4ETzI5Rj8$6rliW*te^mqL~F97yaF$KJ_%l!MV#`Pm{jAR z=d&pkah!6hS3^57=rq+rD(CeXDmwRx3>Q>ms8fkUl2G50&h3l};^;wPvF+4obx&#) zj|t?-j>$DWUiF!uFcxiRG`a7LxT2yeyTCAva-#v*PPA%| zfmu9u;TAZGyvcr*PGhQ-eEJCxju-977mi9}b0cZa zHzU+Vs@s*Q#<+!GJ$jeggSCeZ`KU!|wWTsx(PKCj5eNxq+3~$IY>ugV(^|b%CM#37 zq2^`w+LGyqY#Nxl*Tb8?b<>5}op$QX=t0;s%Bq<}O0sIsyYkh7R;_l^jlL^#w_fEi zx}oWD@gzv**{3rzk%LZp*RZA@lBt?X@7d|v;kB0UYxrdS?rnhU$8wy%FxE~r{#iFu zK6WgoVjrQi@}|KfSkI8HVSObS){&ZuE|9Hz`h=T7oGpykC#Zic`;J2$-=#bF*M+5{ zd%7|Bu2oyfTTOJTwvo8DU`^(VsWL0vCZXGjx%JV3DxS#zYw6m6Pvw_%+KRN3(SOZH z7&`2~W_-sR+ZgNZzw!9#xE23>cke#_=bfb18P+dr0PY9lFKPc(hyG10z}JMSP8+by zXjy?3+zmUh%(;>!cx@xFB(ld0tdM$d2;Lil_lDq?Fa*n4y4e(L$fG>NtPd&#rG9Gv+Eg@otec^rCW3tM3OF1Zq*~t zs`Dd1sAb5#?oe0=)eH&QgZg>)f~T!fH?JPs?XeyAJdBpqZV>ej0%hNV3lUPTDYN@X zDh)$)?*w+GUe0dW$aO9PmzbDSepCi>*oq^S^7g^sFw9@UU2AG?9uQEwxz$^wK~63e zDw}S_OBiO_7A_13Qz_ePQxE<%rM6%^Kthzd5Hk7^S6esbM_lDXCKEYXl+t|lF2;VU zj5^cnq}rOwb)KRgB45_t8tJ04`bcI!P{^Ka%x{-4F}IE1!fSDb2Ih?VGk3!}K@L`! zR|ZpWnX)U_3WFZm58Dmd&%>vUJhIUpw^}H2jHU+gG@hbdi!^)Gx3i3)`Uj!5!~C;C z_k8q=)!F}fZXX-B>w{f5AR$s0>d#HNvBjAFBK@>pA#uxnXO>-CJ9E|#{A;?$yLSez z<-J}@!7aG9wPx)aP64%J_h7$=r0#KT^R{n!pL^Dfms|19R?MJn{Ifll&|P_G%jOuJ zC(#(aZ2FD{gPL2&{uv7H#zFo{v^yU6I`{jSkJt16)&0NLw6@0WEgk)_Y18@7-Ti~+ z`Ol|M@8iGRNh*4L;ytj3{EKJrv)i9O*kguMW+X!6!hr|5Vmzq?$B0Du9%bXIf!CO} z4wu9^RoVh-NDzBee*!1A*sHQw=71d><+1l&5jE%_RFip)!sRH~3q~zc91d4_9Tn%c z#1#mr+?S})(W0QTTWXZoBxTG&*g%m%040X)NNZhPSx?*GymQS*zARuiZMgik{@RJn xU{F$jWQQ0O=o@X!+i`|kQ$AON`)kAZ=|0`3`*iE+{{;X5|Nryq$4>y7008{3d?f$? literal 0 HcmV?d00001 diff --git a/assets/external-secrets/external-secrets-0.9.12.tgz b/assets/external-secrets/external-secrets-0.9.12.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ae35d7c9b90f9b038b8f68f9f547cbd24c8af513 GIT binary patch literal 92849 zcmV)MK)AmjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwyavM3GCCK8t)fZzRsz6!($ zj7A&<3<*9tTS6wr8@P)8rLX7s`1tsTmoL?SkB^Uw|2=u};^n`by!`%$lb7Fp_wwcU z|8jit^5u^w{{oJCn?b{qZ~@uB9Pd04j;(CTk*lNlPV5#yMWQ}FbE z{sd0OC;wx7JUV__*`A>YL5|E=#S?r0WBkc>wtjH{<2d{0@%Vp?PhK2^hzAVELj9Od zR(AkakiZ36AtJz>GVmsuAx4lu{9sAtfJ-4_ema>fuvjLuaX?p-(k&`Y3I}p1`zeEW zWBqx;5eq00hzP%)CM$@^1ahukayp9Wf{r4{7HAxk#lbDw+))Ny(+#b|ykJ!ZM6u>x+ zaG(y}LAv#3cOLpq{4+hJ1F=K^uH;)l=U|DspbQ7#N`H1Oar^C`IN(c~L?O6EC`Y$G~knfk^semPwptYjVKJ&PlC}XLX1yB6i0L;(eLC*5FtoLNj!>agoDlV1BTXE z;)*}3iEQ5D6_(RJJ~+TDxImJGF%(md<=a!RSO!dv+m4?Bh?6L~RKuKti}`yhE*av8 zhywr=Om3D4s6l{$3m_;+I2x;8Lo|m;Bmman3M2;wGO{y10P>SlaCqqUHILw$CQO1= zcDSJlxPwHPo>j}6C1MCbhCqntbHpS`(o--Wa{$*6M{pLQBM{+R*^o;}BF+IMAxLI; zth%~XBooN3d5y)NlNm5n6c8#9SClSYo&Kj-B5p=vT=(+xCS9ytsWX`V7IQiGP&PI* zRIAp9>S7K!5=Q_NE?^Yt`NazcLj=yQ&L!{|O%_YAMA1q^aeQDJ%lD^1uml|(1d6&D zNM6j<8j=`&lqa%QYZjKj(G9>$1 zjStMXO{l8#_-dIQMs*RG_h7NaWc~{*;kY6ja<`NRmjOtM@XIEUF%I$==_3-35A+{a z0Ilg?u7o738B+9Ep5%lna+`-axU#357m*4;Ur~@~oFdPf!75o-io4>7t#N>+L7*5e zOA#s-3QSV~bz93~xl6MoB2QkXiJ*#O)5|LMBj~Ndq6%?Kw4>!a#fK~rh-oM(jP0Y) zwS!P3>JJqKs2F8jNu^XDuf7TffyOcIogmrTAt4R}C9k%fb$OABJyXpu=90%z=u6#g zjXNZ>rVcUG9bpa@h$ylUf`ntTP#s&E2n1Ti5frLVE!j%U#bz*Q*hPty)S&W@8786Z zHl>grTY3QO(#+Rf)A!m_V{W+`SWvLQYgFt3Fa$#hDS1&Vr%;^46KCTPSz|_tx@K$0 zutcHmKBgy1Q56PXk+tGBOegPPY$!5=0J23QJ5t}rkn^ezrfgxk2WJ{<8YL@~`!J@V z`Q(#+>5g0aYGu!fV%ZC0>JHwiOH}T~xitCno6X=XZDKyJzdh$E+B(QE*tBqWnmV|o z;XzEp(kC$uUEV9E;WY{phQ&tC4t*8rg_`r%j3)6ZcyWAuERj^cnY_zUMDH#cUgHQY z&?_Fm2x{$_rh)(jForW6VS$l3qamZQ{tJK+n7)0hgfkd^AkpTEQt^vKqZ=;JDn&9Z zAyfXI68Sp+<42B|6!ead)s+YWx{5Cuo#P1UF|=CgDj^c@o@*iH;2^zg=~@~3TY|VS z5(EH2oXCDx=ASFHQj+6$FW%u4UB9D53X}~OU7lNwS0K2~eUx5z#o-5%#S4T)1D8c^ zObVeX-)@)-GhoWa$N?G335!;o$`8v8nsT@-i^GeoyxiXOH}}Mt55NTxh^=8HN8+>%&C65p-7!zUxxp($6Cqgz(-Z`dJXMsL$sf>KGl~*H5k)K0p5z9rQA{VN;Klb@ z&u@`%8CiJ;6jKmWCQ$e*h#8vWuLhCKBdmd)u5?KWWd#P;^sJd*DHqGv>T|r%7cGvX zjaofi#S-1k&|LB`m@E*Na2tdFHeX-quQ6Ht<(buiWYbM`AlXk7NmRI)=;0Eku2tb* zPc#gFHB-@M4+->ttppeik?f;!M~eG-V6N7wgmQ$rKt}qP zTXYKkbo{4dhkPr`i=c%mWF=Yo#%e(3igm8X;zzNJ=bdOe4D3T*s0Yol(LC zgE*!0a6ZQbi;Y8dFKGy3hN&cpAdu3zI^R-w(LXAQ{e8+4rXPivvn1BaizHki0Y-`l ztmG*Vk$^bjpu4g(rXinXee;PV?dR#ge^x`CmWc@fD@>+VUns>93F#I5`jJ5QSG|C% zgruyI(N$3W%aU>d2oiEe2l5~9_222%-=W!((%VMq#>5T`N;2}_XR^UXN~jLMUmezT8Bux*mk5R_%~Moc+duz9%3_^;y0;w6vbdsBeBvl)l9D!?xRJbitVo}Ah=>M3gK5?8&cVA5|{l0OM35N?bak`zD?@CzAOyw7C z=>=!bOe~q6ZJbFQ834=1>KwBU(_%=OuLCrJF&?R(o)jCdPsSIjUx}+tw|bx}G`HXb zV4+o2g|E}sx0r;d;86E;nEq^#$7(aexi^|PAWg`OZU}`SG_oRihR0|OB0NWu+k9@Z z-c+3J(AD;}6Hn-17cR@AQo`0=Bwr+9+Xh zQs|z<|M&m=zql0iG25iw3wn zS(1MND9O9>r$&hvfV|9`PODb#1)xUqbw0c|*;jIzmC|n|fh$YEH8QZ(tZC&+UcFLQ zSmabJdsMPit6BUNE#;Z}D_bg#n^EXvf;hiqbmr=qreVks*M2Q&BM{40mT1cNd5PvK z*PC8}>_8rl2#LJ1=;Xj0*6plQhSyE)Q(0G?Y*eP3%t}?9Qk|vBe3-LUHGErVugZ1f zTC7?`2`&CDH{TC{3xT2)r9YP(jQWeb3!ZA(MJwQuQPayBmeQ{K*{lw_&4s8Mm}(mF>s z=&Q$5(@RiE8TSvSGuyvL$<+q+tl=3HHG`sNkBXW;Sk%0UB8R;y%@mc2-+|Q~SY2OM z_n|r6N66@YE1d4Ys{SLfss$$DOGx+!jUd0sT?!pOJCgGbJTZexzSvKGcDu;jw| zP;Op~0(CIew+|hpwa2H#iCR+5C+|Ppyt*EXuVU9RTH?Qtzc0mq|8Vl-_e1>OeLSVm zm?h+3h7d6q0)>Dl%2il0dz=5?!NCOql!e;oafTL{7=|$KDbJ6zEgDA=AV^0FNhULi zm4{>+8Fi3FQ#rq8wvcC%D59^*L+nTyZ6t>($AjSMTH=?dZgA>pF-Ri3w9U2q2Nd#+)WZIW5wJf!8X0`xN~CI~ePn34f+5 z1pfHr;G04h4fp@oC5mFi_*lfdg#tI<|C5vB?|vxU{~wQk_+hyJ_woGx`{dsbUVV+_ z;THwT(S%_B`{a*54u1cA1VS{&1cAfinHkHE4#6mErkq*KwU9Cs7=O}nZmzZg{9Upb zBmh5rr~bsN>tsI1U%}z%5SYFY3DuQS(@d?Vb_9izz~2%WsSFhW#<7vxJ|o??YA@sn zaxoIK1yIT-T;A0zvx8pt9HS`IA#D*}VS$VUjyZUyOrZ#zzrU7kCH|4j!}IaM#XO6o zm7N%d)!OZ~_-s54Y;+ss0IJEG*|tO2O4=Ee@jL};QH^7PSNq-v@DWe@`B$}w)1Ulz zHk)G#4&BN4O2bNjYv-B!vE$@ohKZPi!++zWf8&RRzVx8}=dAkA-05?+Ro)pBbt|`2 zZLK*cx|Q-N_Ss(5Jlosinp|+}zl~!U_`7um28aLuLvZ-(VfRa=f^@BeeEU>&Lp|3e zidJL3oT%w5Qiw?qC1Jx7$9fVC4Y^Sly)^@kozrAiKTSR3EPXXlf@ zgTEzIpaL|?y=W_RIGSyANA_fyKnwf5@@2HQzzumeD;4y=;3~?NQF*@V0X|9%*Lwzh zI?%8Im2epu?Nn|fwg+g%a*Y-a9GVXg?`3()<03PA?Ejn<2OQ2@BYe7_J1+n?oxef{ zJ)XnKzaLn0fIrD8&VN)neQkAUJffO|s#(5G7?Iz5mrrq4)QYY5FlXEM-sawRZu(e5 zVT|3@l5u54(WTnx<#pCvyX5;imOI~UY|Lf_0q9vhL^6JU{JgGH;x5_Ycy0HG=8r?K z4w|{zzToGae=j&zH?M(b?P!N>{dEVWPe=Cz((<+R0&U(Zx-Eo@q`S39Z|NkAS9n%Y#|{G`8_KhA3x}+o=`abi2$81Uxf8 z3Ag}%&tz)FKV@9Y^Wq34XyymoWu#ibKD2gfc=r7?=zoiRXl5bnm>sfB|9f&=u>ZVx z@#Bjj|Kq(p2Ae?=)?s2pDV`B3O4QMbxf&aHjpv%X&QkEgIOdb}$$<{caE$RQBwz>y zJWVs|G%}G6%T&ck=F(jhIY*s4!;u4lkv_EPSpmUYoQhI0>hFMH5+WkNOWkQ%PRhfw z()&PvT1dpK`$}c1%8?9`<}nIRGZ#v(mtQ>r*UeIQRPDvs)I+(w?#YS^dip9O-dhLA zUBO(IS~DR0phvX0%8cloCp%ozX5?KtbdN>fpVW(@W;gznedg?l{vpaOzK>JpjOMkx zOg;y|e<7u%*aPM>YSH;L>$c>Ux(jT}Ja9Ai@M5CJ&Ka=op4Yi{H}n>frrS|qThngx zOKI7*g6ELC>IyHREg_imhpb9K4fJ%;;#7UDpF!vgz!SfOz|G+#7blIO-gQ!$-O$ML&^xf^5NED2>$4 zRBp@&j79+qN5(gQWD_y{)I9iiKsj64G;Et77XsNR$f{|GMraNoeBGOhk^zvcmA$okxNP+ITrzpD|zAAiWbs%mAXXyp33ugf14F+w6!4m3Yfdmo_c!u_|FD(@6}t57Hu)TT-d3ZU?CK> z;}k1;%uVvX)zRN3LF|D4*$f6-)rD)p|KGj%u@L|9;^gHIF9!U7AJ4A%Umc3hCc;qx z;j3O?B9@fl-xLQwzWtN-?6fq%D3`8ignG9e?g5jtB+`Q62*4PtXkRnH2pqx~tBOl< z@!YKR(1hsbgz*tL3=%Hr%Kok#R8;sn*B`7An`Mm`NF3U~Bh0gZ+)4D8{ws+?C{X&( z*uJcsYq-K(PL!bqmQswfJ9Tr;k^q}ikjuY*Uo)?p9U@^&r7Tu8kKEYqr0%vFYK>~f z(N|`-g_uKmPv8tFWg#X$`>)uh)_D~`P(7E?XtV>S_*rMC`6dtsjgZN6X<^^6+5?;D z(nX7Xtc@qLzoI}G)YaZ!H^XW-2HUPNZ-f0t8Ldb9bm0HY&UR-3+vNWj-xvA67cY)~ z9QeQccy{IgtcA!Pj-6%y6pfo(-?N~fnWDULcqfOiB0OOKeqK7sib4Drmj{lKZ`5if zE6&d~la&p5x<-w*61qmbqFFC5YxgHuzx;Lu>u==gj{j{II)5_IhW}4~{H}oizx#fW z|L^D775`UQ?IC7X1I>yYI^S-|v1H@_*gSQ!wS2>N00n=e!)pQC3n>e?@MBF#l} z>Ilvse@wP@RV@I*;ocUAs6gvkf}_yX)<}u&@%ZHB_&6o4`Ag5oCigF8)xMTiFfo-` zT3Q>5s}Dc`1zJ$%B(EG5MtAf;)3d9odU2D!h%gs#Dqg!|G{GtIvB4LCB2&TU!41u%?HMr8s`whsJWgk_=#ALWrDU9Zn zsrvnxEGBUhsp?tE*PM@YAHJsoojSE>(ll3k8UPYGKX8TS4Dlt(?56f$g#pZc_Xk8df&spt32ts;iOHVl|*Fl8VC^8YhV|h@=s(rq@3jzYj zO;-SO69*jDtVn}gFKB#lkn8FiArR7lpQhQK7b;QUIH0SE+7(GsC$osoCM$@EPX9ce zo{v6E6R{kxLZ`c!(HJo|wX1#{w4D3B`LL)1b9rH76!aQ(Qgm}>QD_dPj#~2ZOVlr2Sk}wCVnw#v^n#puNvj|Ii%ahp(3!Y}~1%j44K2!8tp%Z1&3Cm3` z2snc)6rDki?tSl6_Ro>r5bxb9h8E^O(7?{Uazo~Pw>yu_uVWOXchsaMwK@28Eewr? z$_QOPXuKHPuV5mUa``$LA_>9W5(i7bGLn!L1jwxcq3yBQ6S|f%B)ThfTZhts4!T>G ze{KFo?T*gdbYW;kb)y3O-{rrN5a5PtnpYrwSA?OWVXAEzXnr%6k0osvCA?5O>5Dm7 zC6T~!R5445C^*Lpg3`hfF%5MZUP&soo;59nsIvEF1re*C+6z%^QgH?BV{{3Z43hxI zF!I`->%vFw{@8R}*~@?-1qEnIXY{{Wnt#pJA#7Pe#RYetGuIA4uVQ&yd%241bQoBbB^bEG5~;!gQgCIc8O4y8L(`gzQn0Pgf8Z%hwd(1!hQ>8=51= z)TP4k3VjH+#5QM67X!u_FwTH+28^>yGkbdLH*1vfi`#O|whmY)q2_bp zBbRHo@AfU$Lxs*?u69g3pSEunYBG4`kt zl}6&?>Us(&1Fz36%LlS`Xt_0-Af@0->ngxFMkLHc-^dyO>K`o7%7bcm#xamF*t{4Y zGSxz&+`F&?sq$W&H;L+cU>_T4+LbJMLbRQTfYf@l8@Xy}()ik`GI%4~ReWy%dkQX- zS%ibLh$dAUC7)yQDnD8Qg;~`BO~PFD!!(@3C^99ssq8+WgrGpzjv`?ts@K#H{G79C zWxXq%np&or$8>t0j$eH+vLo>E`ZZl6ram)2oh>ne=I_^ttstq}UPO{r^-&(R z91Pi_G;~e7Y(6y&nkU(KHLW_l`i!?9UR7a?%I(Nu>gm~4+I8i3iZ0G6ok3>GoQ>5k zszT9S7oqLZTdv?-CqGuyT^T|xqu^Q^j`W1%B#I_+!k6}?lAImGYxQj~xuar6*Ep=O zuSzVdjK#VtvtrYhkZXf+h2hpd+7!K^Nm^?z#zgksWEDP=zcQo=h@3|lKo(}VvS`{( zcT8_n4eQ{P`(ABE&c7tcjwHyse^xUQZfwm8_@>ZshCAe&aY%z(#1sOtr*Imd_}z&hn`o@>z!&$DuRE+*G+bzMLb=1hv<%1}qOvXU)8&RtEh>M%4+y`JWd zRG$?;*IeBiqFM2?gzTC_m3~Xe{o#&|37{)R^bHtJo~kr=rLdM zwIcEN;4u16;xJl?CA^$PxAG7zjH7Nz>B`zftQ7mN|=7 zc98junpsphjKVNfHvvYH#+imHr5ECG|=Kr!+{FpA{k4WOK^Xg?BaUDoyuhiBce>J_V*LV6m5W9MBwLmAb9X z7FJnjqtL`5h3$s5KD-r+MLQmLKF!Mc+}^&gu_-m$k(&23HJZ3a5&LO9r_})nWwym@ z3G%w7v^772-H&D61u4zsTwV_M`dR}6C18fc9YWgw#wjyzn1oxj;lNhhztqZ5rUtGV zx5ZSMn^qnkJ53TiQ|z9c*!X|HMVtTmyn5F4HZebYI72HcP>ZiXSJUE^?X+OP(Sw;2 zuhwJ0)6$>znm3<4Gc44^EO0X!kDtpC=12s~W*ecu%UC9UURxDj%NLG4?p*)j@qq)? zkH!(%6hef~6o8#WYmfEDp!_rPo})4n5ggF4-T$nEy*@+%4KZ140p0hMv`?iOw087; z0Ct*)D&tYP;m?qxA6|B7`tjlhto+Nv9O$ZINo(VzPq2-EFvZ!UZXLt@E zSi$)D5x{f6lQ^cVnl0ISP3vmaz}8E$=)Q7A`&x#dJB&ONx2XB5dir_loA9O$sdQsG zu5G6|j!PmRObq{ESTLhx)iFA4oQG1`Na&As;4{wktGKr;yvGALt^1)>3qA8=*S1pt zqln&dWv&+#&^2NVhsN3t$tF{+nlvxQpn%X)~OrHs1WN$d(xz{v*?13+V z1DeR;3Y~aW!xr~YccLD_R@yhE9r1&5xUOq!N~xd5(QZ9JDiK8xuatpujl}1kL%9t37w7vgkLZTIFNIO%!ST@ds^9D4)zD{xqf7(V z*eYdOTU5>-{^0dN3i2BM!f355=X+7kO+S)W7h3%Eq82hP4|KvND|MI)le8 z+DtT897D_ugekE~&z5erGwmzWX-JXg|BTd^2?yhp8c(0Qwfv>jI>`%V1{W>Ef0iMo+MN!rRy5}>a!L#n=1n-)~FCBMjC z2cBf$NvgjXc#?CE2vpi1ADDSMM;mQn?9U_~S*~a*e!OaqFbi8{U zN7!a0jNk?_t9Sv==9qC63>rZ$npL7+c{{ow2Y=MCjgq*yBg*hq!T$JJN^Z3IMZ%vf zlr(1zYbvp4BH~0PIfG_Z<0}+LFhJ8N$~MVosBYNR+Km0$Hq%~hVJgDME^2&6S22zd z^MhAs&9^Oj)z?aNZxZw~ z%bJ_eFu)KD>vNjtpO4(cPhkQAx|*5l#+pQ10|;fBXN;35vV%}{kz0CqG)ayvv~5nG zmxyH0uW|Az&JE|(A?=AZZwg)ywrq&bFb!5PmUv1pwy~?n=SQ`Ti&WbHg9}o{Gq@lP zE=Yq5Qd`@>1u1<77o-PrLF&ON$Ygx5Nge8agA6GvfYy8sS1RGD++Vyx zV20-EN?R{*ZM~H&Ab<;qNv7X&k3!t0|F=A>?f0Edf6kH8bp3`Hb)2F|Xo6M&7J!nVV0k{NjVf$CtockJ zUVdGB$EH3wv<-81!Iyi-lH1@$FErDJ2m8W)9+UCOeBOZHTJcb`=FK9P+QHTJ!IT(h z6Y$}VG+go!MaXS^g`_ySBihQ}fE%s*bAy4(an^0|>iW4+sVa?bof4%#$&`zTf#w_$ z_VKxP1u!-qJ%jF>A>FYuQf~MZcr1ye;7x2*GlMHdPUq$k0_EP*r)u6$8``(qbVsd= zS8Z6lgw4s-N8lY|i)P-S)o|;DQ3@yDXM-Cr2k5xN=ehA~cUVnx*B#aq-*t=CjN7)x zXZu>==(T}(wMqn>MgDZ*!hVrL8_%r?I8FbNs;krfTPHfBG(rsryA$zhIW~&6xwy2c zXp6?GrZQk-w>MdZ8_d0yoArG(7y<6ZxFpCltGfYI5 zqRixcDNMGHVi!#rRqV5!Bfvf?P9d_u1bJ%kQUtlK&am#b>?Yj5a;H&9g`XNz^jxi@ zVmr7h%AQD4sx7J$^c4k(#<=ZW*(qcp6gDVSr_robM9PebM*i*;<$u@w8HiNzGsoHr2L> zf~v`R;;#Hh?Ip6Z$KMVBwt-kzSdH{`^lt5??+4w%8DW7~y(Ye@Z*Qn@uX3yU8L;1g z{TeazCW+`Fzk}4xKRr>ZJ3$K zl5gKAwN~m5svQB20F(&*NSAsf#;@8mZWxv!Riz+}m6xB_6&~ooM@;h<$4rK1HgY|XpvB}jM^P#=oum;0%i?;NFDQQN2o|1L!%-rjHR1K;c6%uOSH zVA|BqN&EZj_A;rC5hZp4VC{3-OyEG|TQ$8Pu>fPZsgn1WU34pJo+thJow1V-- z94J9o6&Ez+ttt;lzA(y?O6X-@NRCPc0~HLjAFgcDP)IgHXLph0@O_bw1BiqiBrynN z*O)A-Aku&fT25}$O>*jDd2y4~3ru(s1N6i^c22mvf?p&w1t7z&msxOHJSr_8XZ zJ(fl-7wI^t>bI&aj;>#N&;W+&!Z_-?oUNbEbS2duYvW{9#;P`};e@pFdn?2_Tr@~R z9_Xa zMp03Tys%L0Kjd|huI-mBs|)NWZf5l|o!!?zxDdQsA_4^4C<@aBn)>l_qm|3{ob{Dz zET??8+*G+06*u0g)ua};&->pz$PTw$x#;T}g&l6oWz|FTekxQ2+bIcQ3ym>VMzIvrGMN zH#TM{{{7Eh{M$hh4_NuzIg{#TsqDAYpswb(yAn{V%Wbe@P40Z;n+#l?mUw@v)_~X@E@7T3;Dz86F z>IXius966mU%OmoBk-sJ=w;}IiCF5}+metbKj%a&U3jZ_R@bI3yOkI%P_8EGir97b z5pS27>f}s1h46R;ra2Mp4eJ224TvGWrqPDkQ$>6rTvX z1_`OWQ5WYvu75eG$=Rg~FTiKCLSjin)A&Jxl%@ocUm=pI_l zF4`Q5c4?#6P@p?6*VRrd;6693a{iu4l0L**!m@GB+Nf+y>)P8SmzTjks^C9A->67Q zuaV~Y+b#RfUvF?R2hc#4JHeB(6-|WkTJsv~i@GFVtTn^9xvCK)$+9^C^YyUgn;A`r zBzs#e!%OHn$1{VK1gp7mbvLC>$65ZI6V1%tX=dmrYNP zyC=wZa@^-R)OtS{UyUfqufpaf)bF|hK!4udGQ%hmP2MdbwyIEg1=jJp$-tFOEjT zUoivjOVMzXve;A8MOt0CNdG<30S(fb?@|WotcN8Gbn1~yXBsWtc!cnREq7>|nbA$S zpS24;y+xa+3gfEkV1<+FCyQJVz;oCB2zWiU9I)dy*zpoF zxVPeD1Bx`yfFkRj0Y!FQ$ABWUejYl(qgS&4{+y7oLxSs;9lm_^ZZcC9vH>Ci4N(Zr zreLPVNb}&XVT3~|_-9Th+Tg7`vn39O0vV^ER=vE*uRSd|z5w|@Y#nX>d~DC_s%D~~7%}0CKR~l`PDhj$`I&?qa@>5!S zsLLB-%iRezQW>9WHbuY1rlzj1U`@N$S-}X;;H)<7cHYfUx9#THX}&p&XcG3~*xBM? zST$qoAE`C;(6Jv&WFIi3ESIo4iA9&m$%irCEsOcoH36t9VqBzf(@?y+x}NrF51=>< zERLEoud<3al5Beaj1bDd?!*SWDn-(Boyh5hmTA_sAgZww4Q zS~^g9SR5OjfvKVtAIEpPc3AdlB-~BlN8C%`jur_H(Zuc} zCW{ddZ^uiqik@iW^G5#WOs)sD%wO+Xt2cOPWjYc3d+18ZvR~sqJ_Jno zJVU^Qoy8C^F|ePHp8b6IfQg5XSD1dj?w~1^td$qZ)z6HIWln7gNtlZjc!RPM44T1F znH4BA_D4-pqD_vm8I-f`GblXxU(l*zTUg?Q@fIQPw9$ANXIUyzou93oy2hZ9u*ahT11DOCyf$@*IX;| z(>G4n$iJzAQP0)tFihgrS?0g1lG(XQ?ivPa_x-bef82nirLhWgK?1QXn{xHjlTKTo z#)bw4PFpLre@hs;UHd7vW!pEOx+%BiH$W2m{?aDiU;aTk`7yXkBY-Hgr}dIy65tp{ z>bq7CUteZL=cK)8)d-ZuKLuy|xy8`-62*G95vt?2`V?tB8Le%oas?I0MGnt(im-ZK*a4 zEKWGg8}j_+N>2{Yw%t(Y;|eww3KbjsT_gB;t~(RGqe2X zr{E(uHKFq;7e?TjKm;5Zj<9LjG^C%D=Dpjpd0_!9t*yD+qq*13u#0YH$mFC+%~E3qxaHD!ExfPoN4`R;B(dZgn40 zo3|rLXXEI;9Y-F}VWekA5l;t^&V;SqA!O(1;oclT_8dd(abO=CKeQ_^biX0IUObYe z?f#hq^atm8y`2@}^jlpJN7YZysvz~D`0@gvVxc~=$a_gzmw2CLPkeN>b{X61V(0L- z_Cgj4VBaElH=$9%DgwtPnhqpqI?-7cVu)GYP4S^{RYjuQ#{={F3-ey0d|(3#B;t0klC7)j>+LWBUkA34+}CCvu8S1eM3a3ksyxx#UeZMn^IBmg zcS~QNU0%QIWGs12=^{cV55Z*w#hkL$L&pZ}==}fs?6L(Q+v54vqf>-} z!MCNaB@DhT{|LS<0NfQc8-1cm1Ln7;G;r@+jOl+5DNWM8FBz2}^h+?`F(1ni1?BM! zQBXq^)DQ(V(8A*L@KI1*V*3k}(EkgM#8i$yUq(#&VGq2T#Xcl5cj{B3YQF_{OT?@m zP99W~6LUB1Tf0<_MFeMlVmTIX;jEinu0Qz%8HTe6@rRMY3(kvrildcL3skr-LOXFQ zZ}nm8@|KdjN5QGwaNT*Q?Ar#Rd&t{9NZo_f{ZGzm^e=V$8vcB8`RtuUXL1*;B-hF( z$r9|Hje1E3d)~*Zw?*q@fpp0xV{mQ`nmj-@sf#B4DwoSW*!UW947Khbp7|LLE`IK2 zHjwQfD0lHze2Ls%IcK{H)3gunWS@3|7!O8*mS9@| z-q*{!sqpbe$sG$-tX43Zpv$(=cR+_fnQR zfIlZBY|eCBn&8<~f24`V4080t%Ml_0m2CIfRGDHV#e$*@Me4BDQ!v}KHuXNY0kk!e zJ1y#Iu5K0jDi9+u8kuu2#&ohi9={x)Oe8&?JgIDO0;6~dPsV3cJB6n`G9TOI+_S_` z9weQc027YG6nkWq|2Hu*<^PWWCDFzt^}%8Z4mH|8Y%6wepZm{qr?H83qytct7x#!V z-QDEyxSZ)_ZW}NM*voyod)k6+rmE&d=MFfjX1tSN2_R38$B`8556=|#dI#e}pB1#{ zA+wM5==5xyPNQEic8Oc@lB7mHm&%(6w|Ia8mt1BJ5aV{r3HCvxfIsX#Ah2(T5z1gt zPbhQ1`JkG1auhM2^qR7}ugr1V`<%L~YCZ`UbAVQ{*c@g4$60noTDTd9PZ=ckt4dYnOx~rPkQ<-%M#nNDd5`;6^1I%D>i%2L@#Y$4I#$1fqgNfe5 zBgsjefGW^P_ToitFg)AoADU`rTDfVh=!LaQilgO=h>ITFHGf0@K38?Xy};$wE! zPsiNT+vX$kg<#(Q`&L^QQipHF*$0#ehzZX_*4)#UGIY+mE4=0Xp{9j$?LJ;70ZZ%= zB0@!4WnLQ(97RP3x1N-7vRRy<1^|p>jjS{P1}n>8Wf`n24=rZc=O4?;A~_O|W}3!& zH1yNlcd0VoH4l!*5!1PG$}H#2+iUgCID2z2+bHiNdE9jV2GZKraR`e`O9btT6H&F!WNQio2Gr^K45+i0B@C$ZQKL@prhmQbom>CU zyGmwV<2r{!Pu08s`T54APe?Ig`yiihCLb=&&-TubXJJZtli*&HFxWT~P%&n~?p%m` zaxKPl%50%*YRi245h}ACsspQy|Dr~}(%pOk)60u*I$u!=;>^-*2+tCV)ab3Wd>Qm4 zWY8+646;oH9!v_~LB6Q;;a(+N{~OZQHhO+qSXVwtKa0 z+xBYPwrz8I?=$nCGZS<3Ro&E0MO4IF`DEsc8BbjZ5YS~Rg=oiv*+U_{i7p97+99)4 z+VjQVGbnm$9i2V^u|knY($#yA6axdIW)pR2bcE6+pYoCi>(={k>>jVC71`YhMlFp5 zs5#VpeFW^>n8??C?QGJ3XtrQ3m&L1v>H^YgKHc0xBOg^f5CM)H92ZEr@42V$EYhf- z&7!4g9L^1R)7+EemP2VU;Hx+Sc#Dy4749OCmVy41;=tca9v8d?RLs1+w5cUF^|*eV zKTjMJ!lo5_YkoX{uKY+qomTaQ#7$S)_fL+J`ABl__FGjWcquC7<<*G(QLUR1eGk>g zqskl_1|%{m>`JD-l84(5S=z`^%zpSld4<~j9Mp`1U$bqA$*HXNMpY0-mjGDuRbGP+ z4b8-X`r7j)=svHL7a`S$3oml4=YTlAj@h%e_$&nP19XcvPD)M2nx8(q^(-PMb__>va=~C%XA_tR#5r3X{h8V;3L+l zYP>;|KoMvMStg9$aRkoe~~J9EZw0`V*fUy^|lOEml_X$Y8~ z^EUCnhi+GC3xoM(`1Q@gqhjH)8{?OvDYS4h%L~O=Oq9775%f4^93ZEx>%bjC2*m-MM9ArB$yKMTmo* zCw6;b3@=MNq}Vi&50P&NaZL!L@O1HOLW9xujfb-bJn!+JM*vl^(j8o%p=yx-BEstyC4+)Iu_hwcWIrM5G($S?`G;i zAv-9-iXEzYBS2I>s<>d@L8T4Y(2?xtMw`J}~` z83yu62y1Y+Wd#_(@NKSIhYcM{P=#Q;yF4qE@5?6b+1XQ9kkTQsW=D(0V+ez&NnD_8 zZRCcs*up>u5eG${QvZ;H!UYDh4Asu>6X{;Z*tZE#_fbq0XIt-n*vE3kBo(x17_|Ej|RDBrn*Q&Qs>%N4njbKmo-u zs1&5R5IEF;BhYz_Y?F~D9(MbH^QFOzmp1So1v4m{M-!)Z-vSr|$;S99TxtbX5exes zRRD+q5+e{N0E02)UeX`HE*3|@LZI|y1cv~~91#lkI9a3SEot4T$<58p7?lu8-`*2Nwxyia5tMlOra8~-l+Rt)kP$fEbte^9uic+z`_jRG3 zC2=={e}w9rYBZ&^Ydl*sD-1u6l`E9RNunvq_-n|bx}{KZ(LMo4YBZpZqBw zWzX4-P~FSN*qG6ol8pnDQ9qP41X9CkR3_^d)er^s45;Gd|JIe1`g#85;5qCntgl_I zriyL#V(Wox^dDWy_%US+4H629rM&m!zcGOzqDYN)9ekW1v<8>|Jw^R<%IhVg)a5UQ3IQDc{t$X0#*pXk;OeE*DCPLM^(MWRjz zW%&^_+w7FwM!$4JyuhT!)yefV7)&_>Fh;X{Lne5B>(B0=YyG&%{6h1Y{$E!1trzsN z$J{n_$o&d!=ca>K7$mNr6PUewb)|58@oX8`}3v*%xcwN&YLT zv6vnrl}7cB(>HuR)vc<3D0@8kH*2azss@&X@EvPz_m5bwXL-lBw9lQI-<;%LaWBa8 z0$(K4@M|*Tp1Xa1&d@7Ofh0spDtb901dsAxA9=&*kpOS*;{+73wZyMf5B!(gc0s6tediCv0Hx_dCng$QAj2GW)sk_vOaJ2us zn>*!G9uxCeFOy@~ck(+y5KnG7Vryy%)US16cU5pW$M#k~;h)o+5ukkygcw||Q){v1 z1cgPY-WgZSR#4x-Mpqyqbx|Dd;%Ikdc}KbWcW38An&a-l2>> zRkE@Sx6Uv-I$8hhS`9f5&8d3UW5rkXs)>KEOrT*^wjapUUT*+Lob#PFNt5j4Z|e{5 z`*R>bKg8-RB{MK>kyN#5%s*abZO|nIBz0|$!vJ#ib_7(T!(DGg-1qoYIWHyDT47gX z%vI4Hh1T(px#Iy^l9t z9*o7pCE}_#nPCgCE9A^1c~3nD{YcdYEw(ITCY~O5XPp-VQ9w$(3q0XL3k|2v798)m3bCy`xNbL4u;Z>03Jo;NNTgXbg{e^pUXF*j>LRxo zYTe=x=kIUg8Bf=3JTok5Kr4v{Xp~iZVAN0=|BL-WTn1v{&jDTw6WJ<9(kAy-)AXoX z*H95>wbq!;DtF>)dvCPN?BRi>rlEGOj@yqJX=C2(^G2DkrT{Xbu21T@=Sp5><~tiV_~nuLJVO0o?3QixrDMyG+l<2{b3u#*O1_5Xsw^+6zt3Ux7 z1**BsvxKnMY7w2@^E-dWgk7W76VGDjt1rZzFFMggC$^c$_H~S(0X_x&u*i zOOuJs!`U(n;Nbk)IP#@5x0&+1V&LgV^GoWBrPGm2hMMpy+`=}PG4;eJD(6-dQ{H|4 z>*5d-RBxsrJTPiCL2f^c!RFo7LJV68uRlaLfNz`d}L+R|X0u&jWIx~G_N zBq_T5KF6BO%VJ`En}>B)2VEPUion)^(3%vm+f0mLEE>F{XE4*!!?b7&)W`LPs0cJy zPitbeG`8HMT^9*o$=T`(O1In`3#0!UO(Hw*51V;>eScsX#;@Ie=N?@v@A|I#eC2D9 zpmvSk?3^URZfe#$QWMCxYI5!XP75ziMHgQyp9y$L*gkrzk5q~Mlidx%R&x4heLqSg z<9#}0d;Y7VRLkCHJd6PX;RO98+Z2Se(`66zHQMDf<;*+Si+Ui|reCO-Fo| zw`urCg*1}%Y+kH3U%*XohyYJL@Gh)YAw};dUqbVNxriNqKGVKCn6UeeSl*rwg|hR7 z$dq%Od65$PJZXtfIJ+UzyiBh^E%mDZe}UY4L59$mN$t{R z6B2@Fi6R9}gmLlz1LB6rnYYNgo32O(336cbQotA@|d;?Wu zVMu1^{?gJ@lRPlUkfDL%P7*7cSc80P8Y>Q1h4&jhhY;V`26tSaMesADbB!>YcQ+;X zu}#}VKH!WSThtCI#*?MZ;@i!v73A|dB?FvWaB3t=jwRE3z#k4 zba&%dG8!r5Bg=&a!x=1A`lk+f%w*nQN|u|VCb{3Hw&4FCq&e}wk>>OJ{~*oe z0@{0)(^?);X+*XEn`rJ;{SVQ6fJ15%s6xjT$@t!l6vG`ikbl^*EVQl*mI|^^1{+g1 z@O;YQCafu6mwPjIery$)V44FHm`+R4+;t&5c4@zYnSGB*4;TAN!=%(`1H1}GdvCv zp*M85br2{9fFn&y zlM;I6&dEiS4tN{K3g$~h{X_7s(YqYyHLKtzG~2q#ilx>En}}7b+zlnAbb3R+W~OHK zn2fOf${OZIK|P7*%mdeprd3;mrQt&Q^ej>h;z~V8MKlUbmWW8vlrvJ2J zFvxoqvw~i}e+}XV+Rc7IYK^k;zbz!mal$yoGO<4i;ieu8V`9nc3Ce(OX~BPMZ3ju6DnjJ1xELEscWfYxjG)AgH{hfx zzP`_}p|NPePRlBQeKF!TLhz_?g&wfm@6n=(@#L-M$(2$b$S9YbnRs?IRQs-SI%dsn z{QVfS2}Z0eZ2c&G6>vY$!7N1#l8LFRR`2H(fg+{GJV@dLbp)x{vW&S2haaygm%=a7%po$HjY|C0b+W&qn>M#XF$%n`G9? zZ$JJ?*9PsVoUPcd4A^5xTZ7LR(Ke=#S-x9dHJ3c@(LhtEt}Sg?5o+BIJEO zwU&6K3}c>ew6!ejNwMq%v1>iV+2;ga9bwr-uebB|u{;A3&c&AY75Unmp852UT1N?#cI zPtK9qAPex|a#^Mzyk)W+46T$@ZZZ}55i&|4UC)W?SO_Kf|3$=Mcbc|M{y#*#kaAB~ zpq&9|282lAK0usO+&xM7btwcQJD{10u*r8n><`O>*SP@Q5K9+9`h%N{@NG0P2my>Z zBdqvplMU9q{K($_5OL!!ap&61y}^2S{F4b2v^@b+_p>vS-tn0Ngi-@iu#DhqZ@}N^ zJ>y*QFAXEPvO6Y`VPo;YkkruS6NOgdH}8<85nzkt;;?!%<6AiM;EFq@CbgW*5<~1x z3^H|29pKjy#_87#js=M30KM0sLv(J+gQiItlcD5aLLrCd3XDK8Z%>;f;>xTdAWM8C zC#99gvADYnl|B4!xH(z0yYhz*#Dx#L!7FtwDT zy=r`GVR_V!UP*3nFVbY2){TquC_$nkq?@dCSoy281s>nFq(>WsV(2DH_khH+k|--Z@exx z-v%kg_!V~jaxUA80?;6*-?if!Q>V1E#@Hcy`hCrKQ+faqTcOYcZ1J=;36S-< zE*OxN&uVd%aYVN=XQHX8t4v%wDC2`M(t|Y26K1o+tpK6Uy8MmCG<;sLqHu&YIRT?J zlBPZ6^ylFrru>JlY^Co=t62x;*yrN ztEYUDJ#E^n@nu)@>y-lt_5y31l2MM#ltYKWc(^n9Ug#6cKRav}+nJJMmN2<8OIQJ! z+37V@vlvCuV-6@ZXUlp2yq#~2rV!v(s2u0!OOaw!sKBXGS%-C}QY8bBOiiP|C@T`J zZMzbQAd-#NmYDwY;aS=8cW(Mdcwi|FaAGh2)hdenWJEm9l!$)tXcbZ9jl}+uAb2Ac zu*STNzM4fR&5V*rU{ul*?+U|s8!OI2wMM#@G`(n?WCrqV-2iZtYz zu++!t$ z$|=)S6Z2{3byXrq>Q)7?>cH>dx2xxH=e74vH}$#@q%OhAIuUJYa&$AKS`~~Xw$QWN z)y{d^bwlnB?S66n=9=(yfZA^{Ec8?H+WVItzl^=O?hQ`1P=0*!X*M{UXN6J``i8b! z2SZsAZFMRkn?h0>M(3h{79{ zMZ(q?#RV*Y?F3h9p#N)&a)00Z@R6n5ECguFJr+e&vp32z$LnikDI3hwrIuM8?1EyE z#kA;Rn?EFe&OW5C;1mFvCOW`Ho99MS#28kc_I=#MU-3;L4-v;wcx{w6 zSSX_UvrxMod7qmbnFd34Kg#)MpsaQZT#RfBCw-F#jHrU&G%q%hLaH4oxm4RPvmKkk z!#iJYAC`zky?q>0k0zwNI8caTW3|kFh`Kn>j_c+{lLr+*CMDeP4!V%Kna@u_52e@T z&|6!bKNPAGqt2|DL1`Zw&sYO>kay0zC@&G$h!Y1@LNF?M=>#a?BHZ@0GX z{OSJGl1AU#_xK;T)b*;Tny2W#TqF zMUS|}iE9~TMd`y|r-CVIUC^}t?eI^SuVN}>?d2aBLiienff|+Lgy6})#fD;}CMryU z%!9$p`4xT@eO7jTMMYx}pasRx?&>Q7+}Aw=n_=Tx$CyQj9p>=~ztci|LZk1qMka~q zKVT;iV5diKu*1~}B(THRvcJaQ*ijcq8xh=pE=ZCBp;8n$_#igcM7caT|3oycMxt$s z2M+;@t6vf}6bP#fskQdgXB3nU7VwHG!a#~?6T0+5igm8G^A?bFA=ceGPEKF_rV;ZO zOjZZ-j|%d53zjhhZDz)v!NfLrfD3hBV50x5xc(l?Gs4X4dQ%u$iUHdnHXQ+nyM(zj5h1~T8jho2PJgAw_RUvaN!Iy zUT)yWA)yFQ-%wQI5`pK#gXm^FXY=04&C}yE=$U@dI9$)qP!J|?=~Noe0oOL^ZjqTw zIXP-#mXgK@T`=t}yJRRI+X$<9Ry>Kg-IvVvDP}}(>HN%O!t% zP=O7qFr-g+sZh}6_nr|hT2HlpV?M&Q!ZF)9q_F0#Rxx}yMi+Ej@+}*eis9(=@-*dT zAOoVslJv@NOOKRkVVFgHr9)Y^JY^D(2bGQxbfq3Y_aJbf*C}vLIFe&)(qh+r{$rNd zpQneLbYi2jAV*X3CUP~{{g7hIh^HMU)mdp(-4Oa~I5T-`Tey8o`>&f=Ji}_oaDiwq zyxk^GITaq6^um$?pGSCHunG{dl`y;x?Ax z#G0RnZJWrx@b3iMRJGXd^uBVC!>eY_T1`C@Ozwv55M|prwWqOT)%AxrM?V=>sc5^V zskO1sZ)@0*Q~t6b1B#H;uQ1n?;WYR(_R28Njf`nxah&ZsA_mReVkN1>V49*055}2=GhhT2Ta}L+-I*rS`N%BLdtg3uzMhanZb|ZdLBIaJ^Pivca}^ z0lG>`3p^Gi_$xKbP78J-H?-pX$Aa0PRYaXZOKDJD6Vn`#q*YuiUPgtLJq1MQEuI|? zgD7AX3faUPbDof$5i1CLtZi1qdV&T#(cy3HO5BOo&OAqa^#NerU6lPgORiRUSQsrV z2~}qkw3Vfo;VSFS^YVn>itylU0V$zoe}oKM>;JZu4Q|9tc7BVeGXLi{h*Juc5o2nx zjc8r8J*({{n5OCe(m6j#20xPK<}|fN=V-f7507EL_{0KzMj{pNv(i3T8eUSKYa_<&!3Tu${sou`|v zrjR5CWtt=SU$b-=I0NX9!!{ep zN(v#xg`n)aC@W0ym7W)<)$7!(D=EU`X^BLvQ6xKt9xen-?pr~?TXh7;$mAbs#NvYs zcPIq8YpG=YmI-^S-i&sc!T1WDAc1okZ!u{RuwJ9X_L#ePxT*=(X32`*J0T7!uhz6E z#7!VMwMbyz$Br~V`poPZYX?1Dr89!q6bT{4TpcoHjTzIJo>?l=C*5lUY za);&2dD@#MoD!Iuo0kG4B!n`F+5jxY7dGNt^>%sIC^seIi68|EY>KhV*0Y;H_wNB; zuTu*Tade(uuu8dHtqsO~P+>H1W}`_@RH;BqaY&)l>UzL+YGs$1q$PW9fhNuDt=n;$ zi2Zf4w@~b;P20#E=W?-%S~lGZyoh^-NnV_~N?bX}4I-STNH3{_KG0Z6pv9H^UI%DC z%^?eN;6ShLgX{D*^^8@c^2fs}Kfq0>Ka-2jPblQB<28fgvb*6LE;HOq<{bC>4(n_? zlFiLEnTw4nR!4hy1XIf7WLk<%S;}OY+v*Ki~(Ol z5W~e!M4cn1WSC+%1uMrZQE*SGm?)vH1AZ=&e#^1h-(DqP_oMo{LRPAjO~Zs#RM?H5 zJ9Kv;JT4?JY)D0&!O{P|S-|RvqxgdujA9ac%HAY@m>GpQ7A{ifDr6~vlE>Y25oHdO zQW!#7!lEOJL5W+{;3jvCp1z<1ry<8L$Gi5-Ydnyw>s25*d=qHEQhZjq7phUX>h#?$ z;&mRiGhNG>z2nhyuMMt%%vNTDQz*4$I#YOa-j5S&lM*h>koo-&3I(XWJ z-lo-^embr{)0L5-1D_@pDw)A8^R40E__z(~<1Nr>0t9ZcwDFySEeNAqiiw@z2!>XW z*)5`J_hm^K#t3MMDUW0^m0DpC3nC4Gu3(GhD_9EV0@*Rw|Ih#jXEV^YUmof9I$|_a z8GXURYCbCsfJ$=B_V)-=fJ0M>Z25nJf4-dFrzgQI*a<7_;igJ20x`ZoZ(J)g9r>sF zsGm67x)9`YNI>K3jbe=IJ*AKio$$NuX6awPnTBL6M%idx@rEEH7;KUTJobym9!M4S zC;_-$>W)@c5Fan!ZG7ASy`xlGt_Oha1H-7a$~TD7YZtEoL}^?fD9ki#hEr=Ya@$c` z7pKC?0pPVR8+xea4cwWrw7nj@Sw_Yk`~lP9>NYIfF7RBPX(o+oMiprur=-s=&6J~9 zY~25OXIQEePfOk=s=3&2G#=$-uR<9D+V{d(Ll|DLkytNb%hX>4;(YeDq!8b8map>H zvm_9Zo?AYf$D$3~z>&2I(U5hIq5skQzODeBLQ3bXkSz{)Abma}9^cKFfUd4J5}g$cx#SLw zC^TzK{32RGf?bbFZ_5fb+8C*xvCG`JE%b-1eALg0(}!KsAXbC#tq;LRcNas};j@u( zZN?jt9~~yj%9D6bG$DG7P zt?;aL?bPYrjzkMP9XFY3;KOhu0J7x$hctF zO$-Uga8N|A(Tn1e1u6E^Sg}{IR8=*mFh6<;4opVh<$2~qZDu}B z*4P!3=6yzq{(KA4tm^DR zJmuSk?PzCajclVs>0BF2Jv7#x$Ar_*TJ~;6IXU5OtxWI|mDjU*fEu5(@81VFQ;4{k zS4>f=5TpLtmehWCt-$mJ#zk$jew!S%{p>d=w+n{%1VgI2DHu_b82sxBHRd3kTGa%~ zdXN+C3m!{&y}P#N>4htg&dLq)K?+!i$mPQtC<=WP55a67rSsb3OH7S}rqRF6;XQT@ zc{yc_pZ}n1J1uIZbeau6JNlf`mZ*a(8bQmI8a_6%0P}Q87l2 zZVp;A=GgKvwZIRuJ5Ex)Qhng!Tf(5r!p2q~CVYJ3ZFs{bmxzUNIAxkD6~(=cDGTxW zhVKGClRk%Dn9w30PJm_@UfRl}7@0IURC>2bOynUL6$#1CH8fHV;v%p(yaFF4lRr6| z?$;H(+D_|Q(|s;rkn+{j5uXr8wB=>9d#wv3cO$YucbtwUTvYS?Ft#hd1lBd{z`TxF zwj`VLYa@{}*_^W2lUbAJWNxtskbhS)+|xT}4Z}PhRaCEM(&@_o8zm!OBx~+Zq~OC@ zC}Fa+6-0gZ4|KMgE^p1q5&YdZG1&u3hYlcx6rKK8PI{#Rp{kIVoZ3DYwC1g<5O@(A zjX560vO!gjP+Imu|F}rPSiM9UHDH`l5=q2b>a+o=Ruo3ug_Ok~v%29C2V!>!baP53LTT)V|U9O7RZtZ%+ZaHqXI-@J3~~|c{D^F?8F?Ff{;~6!@D9#5$)_=;Z|36dg2pIL6Gc8 z=5~d)oH}=)dIePHL&z?RSgIX;^4ikeiHJxDH?HqYQcZLua8N_D=d`Vg_x)Rw+CS<* z%F;XNJv4Q5VF=KZ0;ebLw6)n*W+TV`-fk8>KKFP8L{!+kuB;=-yAYTT4f2X>X<9q0 zq6GWh@lAjCAvIV;fD;DLU}6;F^b88znoR`&kduU(3F7RdK|GRc7~HwJ7mA_h(E$#I zH-8PpY5Y6AikfeRT_@sFxaa%7X^#3GZ3K^a z^RG-X65|XLitCv)BPYH;ZM-a_iU}0oq4;eXxC$T#h&m2E4>|idXH9TbXauv|+C&So zl&RFdjTn07V_*tN3o*|i$nu1QB+8Eo#=Kc#D1xB^p=EiDmcanmabGA968`-%XLO3Z z|LTuy&vaB@US5p8qnJG(#OhVe@& zZ>dr@l#>WFXf?SCKJvEf^8(hL5aK&RIgs)m(YxqY$T*DV)+McT@UfCdf?mgOQau zu!>ljs32%w4IVS@BU=&hY-(pS&PmUQeoTF(L$6|H6%vvgNy9q4E-lHV_T$3}2W zix!9ZDcq2#!G+c5%chF+Br;i0oTP#h81ohA!!CY-(W&T_UTIbyhxoZ6h!5OT7aKJ% zDPkoQQxXKfIV2KOOPJ1(NxKGHa*VUgc#_B|tnD&?5wfq((EmutHAdOrplQBsdv9n@ zWgNg8;q84ESLy)>%0qNM%|f}tx)uM>S7Xh+YS_iAP*;*QYvv^a32dpb%7h%?AdP5P zYHu)!zv*1dUdhHGx~I=ICC^c0nf~YftI?eNpeHL_u9Zz5th0jM$qSXVssXOjDI;qU zDDrSBIpNS#x9GeeTMDlYGIE;})oZw~1L38j#(;6~5B%I_!x&!u7Fotitam!U;cm{X z_Yh*T3X@|>DVXA9w09;D>%D9?ghmEyLrhUN`Iqk<6D~ganHvIm79)@-6^8d2TTbn; z_u&i<;Rf3t73>3`8}kRC@WnxoW?C|B&d=k zv55EAXY!+7T<0t(gm~m4R6=P|mp8KfeQ*qM20x@7WIruo8|mlYO(Z*Bs8aV69ERcT zQi~SX0zMn>qSa?KTc8%$RW^eSeuNg+^O8sWul=O^+Kvxjg8Yj@r4EX_hQ-^a3Nskm za~#0nH)s%YH*@knBPX8rk8cy5X;f@Uiy?a6o%N>=Vh1;~i&=2mu!R=tJ8>bS^S5?& zv}V0HFBW}7rwvxWt3Lj*p5k3{B6rU0anT_epjEOMsV9y6iYj`=NQzhyEmKPUN>1() zmwW|hq?d$}^@blgqfWaat79LO%HBYgx{n{mt8d;Be*YR{^@(1V0g{m2E(aZ?fs7#? z+Y=S7-z9&LaGKi2wrt`EIsjVgU8z3&82di}q3)Ldu6#aJ9gC^Ob@m`4*Rx;4bVhqV z{&pCd(^RG>xv{~Ei7#Lt=+s{vt`u|C8RSM;FnhgIhztkrP{58WdB|TTnSZ zGpKK$?V=EKpiHnRdz;Gj0g*?{qEVzYPL0*4a=%41X&!h^|!ket2=>W-zKW_7RX^Ou_Qek8Rk^U z^UC$c!<_g>Z+)J{$<(ttP=uD!cY9$B3xgP5*15+4L~qqhFj94dLUrE;wl+HUvqtt& zD$bS(X~SK{6*ATEd#S~)gri*348>gb(i1Ds4rYc>Sq#()fh6{L4gy=Ylawwk04Vbo`>IDt=4vw5GjociL=vgsvLNJH{dScMhUFE|CVfq$-9%aF6 z)>wGw#1s8zBAh>f<3WwM&FO=QBmTb72(-^C_&kb2pUL%Zz0nO03De$d8dV=h)ul?1 z-Kjfw`Y5<{U80&Ut2(dR8NmNrE<&!#A%4)k*7&Sf;=hEjMEU9+#g0xC2qJ3hmT(rh)h!J#P5M&dxl?XX zl#9gx*I`Kn?-hm@F=7X)U(oCT2=zBs_hokJ&C0`V{84a1_kLyD2pXkj5*{!wL$%jp zs~>-mfeA!BSaAV#oIl63`8RF-dZY!n;F`7`g;x6ZKzH-1INg7Nc=YT}HgL3?k(dhSCo+?HJe@TW76%GVIp8 zWE#xKBag7_3ExXOi~K;X<+R~eVjqfU{GxU@B4L?sqcsDXu|yskqA`pC}PYOD^X#b z;lftB}SHbFT#=cL@B9p1|};8+n?GlwhoLNz_65rbGr5~Ne?+*q%psWHVv z-j5up?+3~elRzZ4TZE`LJ{(0P>E4RW0M`4(wjR4$j={n=`-(*h!NgLtTJZz=qx@@+ zpSmDJf(nS(RHNGsQvxJ7$n|^QY9@0hF9tsj-bsgyEK|#d1fiMWwAtly%sp6ZG@tQx zzZ3er`MtsV`S@B}YsCL{dETGl&+2yn{v3+p|2bQGnaR!mdXwK>BV@19?st;-d9=A{ z&&d3c(gK!;aAcC4uBFH5z4>()>Gpy!{QGPu+E0$N{}~@nlewPmX&WQVt(|F!6}4sO8$xZL{rM#M8miR(Hx3xoaUf)&b4` z^}J!C4zmg%GV~pnLV>%3=FCFxfHbjWQ3QXT6EmY1o$FJ0XMa&>Zj49==`6J7ZY`VU z{f`Od&RADT$%HlgfUx^5LTV?L+p>D^T;hq;p1FcZo$B z3M#SYN=m7Xh{aEzw#m;BrgVZRpvidD9sr@?WkPE3#A#MH#wm6Yb2Gc2L|af+P_s$M zTH~)&LcWWq>)YL1)tzwfbUrFUBaCPR7_E7SexY|~RGr3=$e5!W1dEf;65EE_!$?y< zMmB(%5+v1Pk@-##DkVjuHqpXwOiI8P*%6SvrY>3hS%ssuiE z;whS9d^~9iC5u5v_PCA(JEfLU%7Uy zku_079IiI;t3!a+Mu{=a&=HR0f%zbrM`c9qEKy1 zzI2E%Y9Sw`un)HG+e z&uQa<`JmXRK$iT>VRj3@#R51bl1&R=vS_NgK&yCPe{^U?mCR&w{zeLF3bN<%r-yKQ~iQtCQOi0dLe{y@oz4&ly5j@xPEYn%q8-!9Z^ zZ1PQaHU6{Ii`NMnMpeVt0XilJTj5#{SYsIMts6s;W~WA>jc%OFyXEklPqMVVXhPfX zBACCGlYo!$T&YXGPlgR&nJQTisgpLkxTwKw6p{x+r_`^G;h?A-+sze z9B*F?tGQUQMzVb9uoVYkUJ=%ngy(XLlJtsGN4I9ASAuX-=RfKs07_5*rxrqFAJ%rH z$OD696J(KVJO<;Q)QqTAaq7dSNUn8Z@ZU@#?pIOJ-m+P|BF(Sf#hZI``4Rdh&#&I; z>FJ!GTc3YF7neh8@clm*gj%;hP~Z9+-}=qsH-}fvnNjLKcz13`o5jA2NaWahy3P2l zTkTq6woeC2{Hk)=&G5M0&6B}H1BHiKBtso?HxoSV29y14W~w0nShb?DhcP|C_E%_g z%KHDQDjraI?)QE_oc&-v+0@Og_eHAv&HY4CB1lT7S~1I6lb7p%{NmK)>aysl2MSoaedqv6bun6cig5@FD5b%`+G zIRTaUxha%XXxY@DgxfeKooy2Jls9Nl;?Eqm3;(EOcd09efczZ4R_q zotz4H9V}2O$@e5kMG(VGH3dk_Q#{z+lFa;(0DO#G=s$LlIT1&fXHR-@j`5xy9wl?8CvW9aV<9PZ&`F*R?&q`-hIT?PWC|S}c z00*^OmXcGAuQuLy?FY~onO6_*r)5-2J=I%ivvEvZ*%w}SqHt$O&BJ`{IEG(jTjBLq zPOmL}w7h#n0!U6~-k%djRvE!i1ZKh6qgSSpxf zsQ{LUg-*6es>eBqb$%lzJ!!=)M0MoFu{HISz#FEs#bzbU@|((u>x1)`@vQbehZ2Qm zrHXDsI@&aA@YzlpO@esWP&76n14UKIAFBdUIqeBaj&Q-48n~OT&y2i=5tq4KZ!UA70P{y>S0FF6uIJcnS8Ge|7!80_z2vFC>Xf%sKeU?s z#9TH4@wavUfqVP3*<2?pcM%wVVy!elvH*{&~ zZJ`ZZqwmaNr7N!dYjTOBiL=M2v{v}N@xpY%746vGNE7tM@PX4U0&;E$%07&ZR?ev* zZ$dL5!ABk~+c}@VUS|~72jO%=m5*6kxS`y|J}e6HPmUx(oN8h%c=L|0@MDZGzlBRL z=Gw6vcPz*lZ7-htP5o1$#pQcpNP)4BEyhd~FEtrctl;&ve(%toCaJzOulLUXnxa^z z<}p>NX=x7k7wOZyQ^W9_`gh!NJMe8_?VHxPTx?W%!QV;*VFF{@fLcP9HoOnD^yw%A zNoqP@7r3ups!H_03rx?yOMCJ)Kf1LwSjLkHD_FHt*n?M0^fyY8qF;c7|BP1Nnq7Rx zXceO}Au45RU$RK*QDB#dIt(oj~$?>ti%%+D#?=yyt0i6zKWX=g~S+q0Z3{r#d3bxI^nKf{>WeocERRy;n7Q z4RVHCt5QLV5AVr6{$1fnI4^EK3ICROlARVT@vakXkFafuw3*Phsl)S4At1*scVB zZ@H%6R`pyvS3wVNNliI;!E=2u0O}}^X6W4xX=Ufkn$MOc1g|Xt}Gu^-e*_5 zDLFc=93{KK4!GY_`!^>A6zHf!f}K;cNKl3eao$iIMaWVm*T}_ODH-+pSj^iH*X6ww zxe*St6A@%W^{2B_Gh7|St<3ypYDCs3Ry~atwb70U>d5M7fs#d3%vsCb^--QirlhS} z`RnVhsO-SP)<$tlyH}wnZ$3~*LdRt1oWB+BR4L(#*VFGkuAH}SmAuV5QqS*^9CEnS z*zZtm$!TDBwx(>tZ8Xte72pl8JnB;ev+E~xH+8xT3f)y&43WsXLc`av(F%Q!pV}1l zNz|-LKi4LRy>0rYK(^W-7y2IK>fG2ZVh7VTd9_I}|!JpEjnNNX0%xN1T_?5Xp zOa_a+|DOC#v|Gh$({>e}-aOvZ|A2Kc6P0@?2?7HFwiJQ}EHt#@kCwY+Yv1v)*cN_y zZ+d*-Q&>}X_?Im92nC-{^(oNRNunZ_v{c#!jEE>EDNP8JzC2bDq9xw$7V@CvWLO5U zV2L6b7m}}<7{E>#HjykgiS`tjS%QADY~of|)hp9Jv&s)EhF2g8*veDkizQtey4X!< zAH3N;iUKKd%6n~YSl2*HfzBDvj&Veq08{0P}ttJ$xm13xu!XJPq z+SCBTt7kYa${h>Q(5dt97XqHM@2uU-n#S8|a3_;rV;#Di+`AmT8FcEeMx&5ibn5#m zSmffG4oDFyit|QCHb2uYos`EDYH0N~D zYQkUsEq&YJs-Jb{l|Sx;0b+V_f8n=`BDf(s2b*Lf)BIH%^9PmNA|Z=MiyL1;)GBe1`!|Dd&XqQg zPtM-?W69487N(sMKb{3Q=R20FmiTY7&q7X%ffCEhf3~B`n*!H2G&-yxu+u2ED~rw1 zXN@0mpj~rdzgPs|(x?q7pyS%!G1Tuc^_W|KId>hAw(N;Y3J(3@dGe?A*xf_Ez9B#I zlZ><1vXzWu)Rv4RL_NgQb0Z`o8%2V>kL4HYe&f{f`vgvFKs!N9#3`|WsQbD^bBQVLRu*qFJ}t21Kef%O;!Gqz zF7Q&OqkpX!fXWvZ{XyYcyJyrxm+J4x{>}V))iT#rKWOzMrB4!(ty>&6@JIB{g+S2% zPHaeCdqs@lLE`Ra1VVl_9?!`(W{p#PcFSSjVn%a1WM49m07o=A|8Dm~UUz^u zfZnPwb4LBov&*4ee=hI4&$mb{|F4C=e|vnsQ?dNPW}r6B&1p3e&vJ9F_%xiI4Wz7h zv9lWRDaPKOAP?+^9OzDD33}+te@v*9AKgrMqxk9V>UuO=^ZEc8ZH%Z{&Jx>S6T`sa zj1dAmzPZc7P3HeGoQayp2VSk}Gdkat`jXb!ke=r|7;v}}e~xd0ZL_$a0vvtPoi-It zUA)&iPb{k2jam8%E~o+vA;~WoHlH`_6ZPuN!I9Ns7UxilO{QsP;Ijsu*fR`&cbFgi z#X2zGvDlm<HAlBDnRs+Y=T%KtZlm5CRhMhFT@|$ z90QYU>@EAB2QzD8p`rS(&U*~Y4j<)B0unlDq!pVqb|0I~paiByKkC31=E_l3cb~vm zC@#rKA!EcV$qczK199|--z!<01umR&f<2%9&!2C(c=z8g<}?1U#G~IxbAg|Phu`#X zJzuAU+GvWoTeGm8HIO@;jo?p&Esqe<^sZJvv?*#`pmhZJn=$jdEfG8iTZ#U?f5MF} z1zItZBQ*!M#TYHb+}Dk2=qBu$lNcObJY3{4!{CB11rG1J7c-wGz5!_Jq(2r&43=`P zaQjrDq_E3^ci=)~YqZ510qTQPxI zVyxr8dfU;D4#M_Tx^rHpW?a;3C4Z@6!!A?)kZz8ZC!mDE5x)tmypzH>l{X)e)aYSJUFIWl`g(6rljr}+9 zy>&Wt8~t>dP_}$x6HHw)6FwG^JBOl3%GZvbY~WxpocbwU2LihHpHDi3r2+bZz-Edt zt%WMmetnOr zo-g?N2-1J$`oB#?-rzmwn(qi8J?BDO_I;sU3g|o&{yQaHzb`ytx8c_~&ZV)A{d!2r zF4gra4JqZ2GTUJO`dn2f=mIR{fK$nuG%%!U(e9{zXdk0en|49Q3Bj#MzOoyoo0dC?;+CY!EUR;^v7QJwswSs=VwCj%j6wI>FaFsB@s8*vqRO|&J) z628-SILW3|Fmf*394@8zun)+mb=WoJyVLhCLj9QNmz~K3X`olcape%!v)N_D33M4i zv<`SBn0r0TZT9fKzh=IbLPg;4cX(T-ubdlOY{t51!p``rZ#HNs+d)ojFHn=2D z5JzPt*4lr6*%lv)q__fjKQ{Yu#{0YhX_A8x>5}x?w*sPZ#0S@&27Jw0Gg40ah;x)OH=Ow8)*DVFuFhsQ(J4CT2D5;v|h^lk!dfX=p|LSN@DuWGoRrcatu`!}Jj z=e(zPaI3DW_uRnhLxm3O-|tTXGvD|7Lw`%YPGl zx@lIW+eLk_8b$qe>6OB9vywzQEQ2cmvc-y?-x*f<_hGg}iY8F2lFnUwgz$>z z%G7C#M4I;Pu&_8^I3kwGUg#n`=(|BzEQpy13^Wn`h%9k08ZEi?)J|JzdBM=vY8=^e zKX5K*YBZT5rf@Q}1@f%uR4a(6(7W`q6kKD#Ob|RhyHs~mKN~?RY#i9~gM}Sw?(TvG zDLrv^kovB$jZHBdbkE;yf!_lutZ+^ggc z>0*0{fVy>9fjPCd-!v1+Xmx>>S*KiJ%Mdr%x+uf9yh1dPFES1!k-y|#gDIc5<0cf_s;2jmOqxWDuOuh%_nGb0ZK9c?dUSFcza@53vyCkdDHSZ8t-5;#mg6_ zh`FClJy!Of-cjo@;6#z&sgF;LM;E`-#ro3HN5Mt3r)cQ~U#S!O-5LNGu)Jn8IF6*E zL*^98BE}ZUCMBhkJ$T+Ex098O_#w>RQaS5RnYq%iRDH5!XBD-|CY?>lj)U;b-y}5i z@;e5r!ueU9CtZbDUdt6l-2Wn@D3;qoizL0_h+4()h!NoPc~r`$JzWeI0MG%}?SRNH3zVZ1#k-$I_IB4T~>12Yl$IhRTd|1D%CA}E8$`w7> z{rIBa>DPIU?sZ?Q_4j0`_6?ZQYi={l=Q<6Ayi_#khjroT^?uqMTv{SL7p>R-sP z{BiJOoW{Ze3o4YO#pt?sd4luj6oc#P5qGJHV{lq!0Tn5E4jEvxa_v7!e%7bJKgN>1~j2{&7F0@e_TiBJl5l!){+c!aDt(bGj zB{wg8Td|HDXcbv#VyEYq+K9q7^dacIFBA`LQ&H`wXJ5SihBL_1wFjaEx(op9s4dT& zaYC|d*s>uQL_$qF==OF$OtP5{(C$ckf?!eSyg%m(Mdzg%{MkJMRUCRqWD}YjM$gCS z*R!&;FH{28S^3*!709BuypqU;FvThq2JI<3SaIx@9(1|imTcmx1!QN&896*nhd5-^ zbnSIhyI`)a11T?zf_d(dK&E(uN?ZKR1fAY@k{ydQbPdm|E-zDT^5G{DrlLoWV4~a4 ze6E3Q2kRuv^yCjC6iE<5!dV4pFO#p(YGlNw2t#a|1L%y30=avt(gQ#DSDg3gTE^5D zdQ>jf43>IIWA25lsWxiFa`mTT4=)YQN9)xay5t*Z0eB7k_aII2&=rw3w3s_8NNuH< z4No2fRzy6@0?oF)>MyN5$Mpl^?@Lp$N++w39X!jNew$XO&tAi^ZT!|)sp~_SccXH? z`>&j1XUZ}_%oMp!ycgF1uQfYp)!_XrJ;V(1;V8e0z=xy7EWs&RPUcBw+-vwb2%Z(i& z%Z+o2#%(S4slZso{*dA(E@r~z=(X$%Hy5*?i|K0$6b|kd{J`pA%8$#vWgqO3Uka2q z?i1~q-hZJBZ%+4leeU;GdTA{O-3|uDEMrp3DERd*taOYSW5grID1IkV z;0Y>=co#;D)vHIJ;rcPVoa9ZNxJ0YyU}f52Zx_e~YL*_i>fcMd)|@E!N!yYzj8H_g zO@Tw67*)jb_mhlGOx+m$n6>u%XPL1F9NA?*`5Yy2>ksV z2z<9qjhkP|*@-Sjl}jt_w^r4p7W&#_3~&(93r^OBD@+nE>KbG>1e%rgZZ$j1R_Y^m zmX*~%VpQU7SUeWFn#9kV{QcU`ro}dG^vtX#P7r|kTAEQ7($jz!60w^8jqKxhx}Rg_ zw)^UK3M|$R5iU!OP7x~MLCO%od@W$jIYX?C(4wHa@-Dog8W9|S_RTRh6C|e6)V3*E zNP6Y`_zLs;I))J_|4<&J=e$7Ofa zvh6t)zMWNM>(8JzI7;L5gN71Fov@lvHp{cCvz_A$qcaE2+RUL%a)jz)gv10T#CrBU zI175D%c3+;q+*LQCneb>KBJEgdR&MzI!W^n8{*k=($r}(?e;SS{ql7N zO1A3BQ<|CFW_Z5;M1Q~z_8a?;-fuTe<0sJT*8d7X=GxC4|7GhxH>YtFoYjN8#I7^x zjp;BPp_R;6aq$+6pTbl$6^!SxC(au!6pyc=#@B5ZyS)*^rMynZqo?$FI^Qxy#ChL? z6tomIMh|+RPKyMLce=VW^^x$mI&sHC+3z_{IWkSgJHa)aAKeukW9AVUfP4#70d+%; z&d%%yl5CVHQo#}WWxMg?A6-TOZE)#V--?u3e@i0UH59_D^Q%R2=WZ{ zHB_rzOooV{>Ux0{k&*jB?$Lgb%+7_XKk6V2_ooV=`MZa@Cqq2-)$8PNKFz&&#GpaqV? zpBIr{Ku%%VgQi~D=}XVg<{(>M*f_di*s3jn-}CZW_0s$ocYm9?{c&MZ;oq%giBhbz z>-{b_3_KJ{J1lDkUa2x31K2)tPm`iLN@%rLpaN^Anjr1#9v?VecQV5=OW;miglXJG zC^~xHBce(|O+2|>0f}yAdJS-pm;f8G zD40Phoj{4SAF1@o_MwfQ!TaJgaRe_j^J{A{y>pu%_sJ-aTsrp=D6?quKOIjo>j8F) zK*+W>A~WS{pny?;eRw`zo*Y2S^7?i517E+0%D5ISWdiL+)?sDFI%iHoJU3T^6yfx z94i-p2S%N83KyVgD1$)vjapACE7e5~mCOWdu%~3@CVJ4}o`4-AT3IwK3Zn}(bU|B( zW#)xJW2~n*P^m`kf~lF-GSbxTS3*Zl_+_{M`b{i#oF;c96IK$b_K~ceJ@{GUk?rMK z-frVx<&Pamu@-l`2;1$KDG7lij&E^vQyd1{{edIG!$`uQ3l^|HioQCvRPv-*eWE_* zPq(gS>ZbDRGL_%Mg@lO{Ya6t%|Eh z=(zXVbkril$^kY`8F3mV5)}`t9IDzReuSvIai+7$pWlvP!?4(thFSmG9npg*i|X-$zmB`zUcqoX=9obho$Zo!80iAZX|5`q6dfC*JKw%ZO#DN7hD^uA_L| z|H+Z3&=-ncfF7wd@w;d=j~9IG-VX66f33|j{;K51=6?SyPYRu*<_g+ot>Svd`(MvR z5lP$W7_#l*IT4;1-hzSA-WZY?M3U{`scYm0_s3g9L?Y-IVz<`1kzu5(33xsmm|C>h zBFhf%W01E#F+Kaz5U#gMx<84-O*E1sRNYx1RGMW-Y>wLri{$*KYiL+{)!V~0?W>TT zS3Yq~SKl!9@tzrq<%W;}Cirp^S*+QkbnrNXjTgnOid;IdR?w3d43j+J_dg|de;dA{ z?DS3cwTw_1oSIZVqdM|cnYwQ^WxDJBt_0uslWQ%2bV4fjJZG93Hg5k|6YGLwR;8j@ z-Zj5+qVd;Ve>htdzV@F$ zI3-15IGWl1U*4ZoRJp5PP~2Sj z)Q$!>6+V8YjyvY`wqIQR@C!%m@d{l!n%;&!6zJ|-R4;o3>Q3m0 zthQ$rn|@Pq#p6xqx>s~xp|p!^KNGn^mwzBlTmE2l?ZExgb$Y|k64h|RvLRpTr<6jw z?27gZ3FEsNc-km&Z4herNM&wS#ELc`%3c&p@Qa@~0=4ns1B6zcgq_%h22J#Qq$7BI zON{Gvq8aqZrq*iR2)hyl@&Jmmi3a*44J`xo)~o{bU@xTs(<}Wob@{6p#Z$L;S4t6r zYN(+>Z)&*a5T$K~Xu*HY)p+>l!wL(yWLVplzpU7tHmiixjCaCCJXF*UUx13CE0H&< zZq%IoW*02qVc-u-pkheNKqIT&%{Asgbdj;b3Nn3CoeZcLLYWe4AbHEp()i6yovUp;6kLRs&?Q40Wp=yO}0zXCN;2NQ@=F8_uI^7|nfhnq;RvX9Mqr;0HC zMJxAj)fTH6LjM*1oFZCE66Y%*l7eo4?8>piw(0bPHVPj`76>MANNSzKe0514e95-x z!1Lyg$CAyZiG=!jFbi9Xa&7qXW0YXa*Bjc2#IsaAk*C>L>1E&8Lbyho*2?jfFI5X0 zIEkvHMJ@7So3ONbbNDgyXF7QCzBM-u;K(*$@Z#kvJfY_N81=bKa8^JQ@ryUL1IuE; zPhBmn`0N>rqxtrSlgzMDRVK`;?F|?GplmjNY3K9F;R%;(BqjL$_Iw;ewXh|J5c`m< zzZ3(?`a65G^xp#JWrJ!xMFUf>6xo5EC@qMVC!c(qp}!MD-3m`ycI#ztPM9p`)!f-? zo9=L(;bXXtBTz8J5Idd@qr)p0AjLon{iiS{X!4Flh z3tw!JGN|P8Cyn#wHGk=G&AWa75m+8@vLH|UeLΜIxh(l*^L7MZT65aff$yT)|is z3s-U%tjJG?F(%bWHylAHQ>Ucx+l0G;N~CK-G^k%g)JK2%J@2{^0f|9xf|imfD9V6K zI^qb9DTyWPphFuqo|qMs(V<;5X`t7D`P<~F`k9wCbYalf%XQ4i2im!B0-{M&QRcs= z){X?K!}`ci7jgl$c<_jyvy`$##W?yU_|N+*=(=5Ar4Z{2$Y?kYscp-@JHW23TnKsP z0{Z}f#~O!y!)2bNezu1Ff-BK-rEr}kYpL=CG&~eNuj5bp)Ojf`fDPXMi#`>JWq7Vr2D$AnqVHX z^N3O9$<&NdOmTQ!2Ejl~KpG`eSMoYo{)i!fzCgDX{z)FY5PyzcK3Qu7s z8Kh02s>$NU>(Whq^hvlH(wP6b%3rX#-$1H}Rp36>Os?K&zMz+`qggd>Te}PXE^(mw zO88n(*ubIV|BK%L6O~C*ymQ69sAQbxf$INQWP0Ub(-gr?Wm)xqZBG`rO*8XZ>bBCC zFk8l$)PTdY5o%4~>jeV7RMCJ6P3QBa%*c8xu4HqMaX@(LuIN>9Zf5F~4EPXq(+Uq1 zPyZkA!73j#Yq5F+?LZzgsu{hfRIz3=aE^f7_OxuXhe^IJYkm?9nB{*x_QkIGF0Ytb zzM}K^`$Qn(khb8^l%DrTFUNHGH#iEWO}TGK$@ z{w~w$`Ilig%C^L3``9N!3FB+|*$}D9l^~MA-IbYxQ;+yt#43pIfBZs~J|g`A+aP_I zVl}ItbKiwQnI$$IzhNQTPglY8@J-a&zre--A)n*8i7G z{`9~oQRRgF$p#w~!wO38%yBs#JxaM?+)1R0HBQk!*@Bm^JVFdLyZ$<3{A>-FG-v8+ z|EzexNG7VG+lsiYGStWI3Q4IA{2BH`+dNpf-7=u_;gCJ-x4e4*3yQ>K?$il=PwY&M z2h`#?m0+(yx?(V`Lg-9C>Pvc}Pz;02Q~AZ~NNOvL?-&yXwoxca!Z4D1b_KBR7;>Y( zO|u)~B=d;Za%SVDRcm?y!3}&SCxBf(5?^b8)pa4@oomY9W6#yxA*0Z&R={$}4X795 zo=?}X(9FXS2^>X`N5q9F3AoZTI*2sxW3X_uPW@>Q&THz$<$zDU-@7+I25kG z2t5hUYleTjTYk`6(|eoZ-TZv~W)Y+I1qwbcXxOrFD?K%eZNz_XK(yDf9? zru%lZZI%npRqbGO!}LYdvv~r2rv@l0jcDw3NQ1F#-S|`A+>;q*zf5zr-=W!{WcFhBJok9`h{<$KHV*FIZ_ zswbqg@MJ;gIe%h1Q^?671i=t^O7C{B$7uDsAbRd55!;1spT`NGiT(I5sjQ2EtZGRv6)&?qNALV(9$?LXQAh9;I`o4~EW;*QW%Q51 z*F+Y&<>k1`eJocR)qhCk@%{fLmG5%a`?BgO+x;aMB*HRw1|LhS`Owu8Hc2TtDRKz@ zTsF?oMtY*fx{3o5_DuZ$l#3JU@+nB4_LBV+!JeBqQk;; zY79_BUjmYlY>o6mCOmEb2aeG6#N!gfKTdTDuY|x{l@JuO>nI-tx|X*$a~F3jWp0aH z)WD+=I;-sm;V8{8Cvz*yG4{XviH_1X2t?J=G0_--t5`G6k4F5I1-8C;pjt>M0*NlV z6umb5B467UgZTIi(6PyZm15lBMqWiVnvn~~s3KDsmi=r9$28$E2FO>Rn6vXG z9>b*l%n4!NjHt~%h>@(|G&c`c&_3+XBI}+f`5@YAJ2~)q0wzdpM)0D(N zWHf4aP}I7Gx+Sy2=jwEl{+fa*g1~R%@x9jG_<}OoJKDxp$rNuByp%%ryx_%o`9}j{ zNu9g_i4IR5R>}*U!TLY>3y{vV`mG_(;99E#1nIbVw)TSVj4$jd|SSf{S?ph~}?C{GRk~53JzkA^JBzd*tiDnWQ z!@XQC2khbI;@xfwX0ROC0ft)lIn&YOlEaq4`gDst)JDi}#w*#d$Q8Nzbo%gNm>yX{ z?nRQejil$$>Bvbm)XqIMUDTJA*8+ZBcb z@i%>E!j!(if%OvTpm!;f+Ge)==??jiq6`5Tk&s{WJdoxYqDS^$pHuxiY9*%)i{P>c z^fL9)D#x-F%Furt4(AbK7#(h$An>WbBGDhwM*ehdrq2ZEuZTlZne8_jiKF&S+2k9C zE;CIz4%(nhB_ud2j--hlB04GwO8Nialy7z5|4aGeBr_~sh`3Wt!BY)FOPLhNS(dN) z#eEo=9n|A4Tt&O_RgMZMHKcnbB~yXtRZZ%Q!?Y@KLQZ7Ivn{TLGP^|7_9QOqPgE^rU?Hk)#gRT2hP3gXq z8#U2pOnR;VIsZ^CdaDn2M=}X6fbfxr?xZw_QgpLq}ZlY6%v~}fq7Q9|5^1;a=}U& z^J?X$=45M#TgV6-Zg+ARnOJdQupilS56>8q`iXj~5Jokgwx=;3eBcx8gmLf?jLr-M zKvKksZdFB}`2ui$N_+wv)u*|{-X^dZa|GV(b~29*L|DY(vnpUD7qa3CV3?uKeoX-N zLd29Y2!=?#HV;}bL*L?ec#Ugwwra^^i32dd1j_`PFG_U85g012bYK`N`oxyN@@v<` zoEFOyPX{iwDaawS85?zS%)GEHE$+Gu9O--WQ#pH(MScACcTCRg6AlP9wf-|B`3vw9X+ zeMFokNxqgrfIpYr?^L|vH^~tO-M{saQowrxX-2;&x8Lca#^*TB^jK*{RocBATLrAp z9s@b=p#XgHF1t3>a$Cx9BfNe84}Y7N$wp=;pNHfL6Df)$R`OCbFedU;eLMZ@1UeAe zC7?#MxTqEz+(ry8efAnrY5GyzG#xHG1;6VD1WNOuF0wVKoDnl0B-7R}LatPWc!y?c zWfRdmDVgh)`Jq>{Gq}#dx7X)do2W4|k_*@PeIHg7OVPW|QCPD??5%v${#z#q%f@~{ z#C>1^?BuPa4F$%FTW3rUeZ3^@xRub~7OpMf>gEBjATwjUGALEdqkCBwzkmykzj&l! ztOA@zsj6FB*9-e`LubNirShSbYCd%aTq6kNvAnT+&p0wk6Yeq`?o%i}EJJhphx)ZM%tKc?C4NYON zNlvx;5eqRGkzcb4@?3(XgV-L$ik;6t`}DNk^Ko*$}fcck74FfJOBR$S46W=KX@(39wGzcZShH=n}Rb`ZW@}S7c z9+;Euvk&;p^%3f$!XB1-?`m#1`F|w+o2r-$B^Jx&3)ql_@dH&P5=EL`|U2}qD) zfOZe6a`bP}tlGY_Iu5fxR^}`>Ng0%1yN8&z@}f0P6T!#- zN613|-@TGK4yJc6 zK{&=NuCT(faEPw3vX1J$va?re+U!Mxl_|_;Oq5(&V^R;#)EkNN;*Owh)qnCgC5En~ z@<6@dnz@#B@Dy=gsg?!Q3;X1>zv^L>c`zg6ZhTH3@5dHeT zz&1cwv(xT9d{*4~MTY;%KPyV(nzY$bA&gs;u1}^WSby5+o&&CVNK5$=ZEMdDzD?_7 za5AFp#C7hAh&rcPuu(n)>u7!Et>HmCa}f~Hi9k)*PbD0sr|&TVL!Q-@@UA;Ougv3c26P5-H$k*>LX}c5eEQ z{*WEXbIN^Nc+}eO&~r+}wE?umad}NRpdkelE@=$2OuyP!4|2TG@WME! ztY|FX25EXf`(~@NMxuvm`>$Pg%71pZB2XdA(uxcbIJb%sp_vIoITggFKmY3O)A(W` z1iD}r{q=1|K3$BLF-N7};v(Y%=gFDfBf;$JRf;4s1kPRS{xf%7y{qht(TEccQ;h-@ zvupWH0v@sH2@fjvlRW~T<9lQ`e3vK z`m13Lq9!T*6{aA4orGB|#Q5HxF&$3uuc|T-HfP{XovO^vwMTqyWhPnGmo(7^VNdEj zSwm^MhJdA53IrF*T3#=TY(iufPFjnSYXfU7WnO7OPWbNKi-TYuM92Z(a*?yR3nSj; zAyR9=k?cI>`w!Y-LerKvlr*Z#pJY~?hP`vSGv?;lz8XjV7=uNk>)YtSd=Uk3npkTL zwx2F)sQy4iS@u%jO2M?g{(ttEzgKK;Ok4f&9&uP!U=?^8C`}jVyD@}I{exH#M72Pun>bkb_0;&4&DJhX zOU3qw+YI>|RZ{=%%sQuEw3{@+f&GcJ+~ z*hqT`cwq?{mNuS5&)wG$e0q5N$o=j8>jM{n@!ge2a&4l0aaeEY_f)lEn)6iG$F?$U zuUz7jWywzy>)^q>{nxKMF`a8H0{$=JilO3=GR&?Bx;VfPa1c@pl+Y&lseHo+r7)2G}cq4hM^ z)FtDo$`z=J@EB{bTTh1=N^d9{`iBp}MIM_J!}eayO$u_~9{*EWI39>8EQA^7F1QWq z2~-QgIMTH@Cd4k?EL730fHE+e4*yeK^E7q<_)_A(yc1nR;8`|2XfNj@#LrhRcuMsv zQ`lIn|5~9xy0u1+OphirR{J^WLMm;0SNz*M zYxvOb$Cnt~1uu$hE)0B-YV#QHd|W^KI0{BobiUE`K}@w72`o2IqR9=aI! zx7BDzFwjh~NqYXb7qT#PLwjfa{Pz}beEwW0qsUBsflNxEsY^YXKT89&n53gU-L=b{ z#M@?dG&}EZTI2oLUCnS|Dn3mn0H=8+eAzY-tJMn65afW+53@m8BIFI2J5+=7r%ddyF^)INVK^sVi-HiY|bd;a$}#C!W* zyhfZlxZ#21#N9|vJDk)7^qQUmu4o4+w7YC}rwt71v5bn;Wy&5~Doo%a+}iawg;2V# zZD6}gMywvutcaL5&@2SX?x`Pvt%0z;*W|uE;kLYf<-`}Gq{A6pG7UaHjmsTQb4b35 zvXO-+0uhDAB;U&g6br3H7sBWqt3pPm>SU$SQl6q>60>wIs!m2z!9X7BG`6AnRQG%T zt4n70nea+X(E)%_PSNN5F17mD>4G3sg}s3q4}tZ_C`5PSzim8(QLu*T=|awDu2&@= zTvzxMohkX!=Z2qe2oFH7Z`1!h&qd0WTnqvq%5`;pLZ-^W=7+P; z+T|00Ui77Z#^H!qp*1*!vY~O2F3&jb`Y1pxZ-PlCHOiM;rOku&wMQ@rn?-qw-W!b4 zTYChjBm&<)2z(~^qf*U%Qz`Mf-F>hBVKKAtaUc3v3f zxz<%~jh-_$iD~#X{J9PG&@23VFmY`+*d08X?XV(VHnkIq{hRb9X(W&YrEeIRoTKO+J#3m!1w{9I(BFytfD@HVVi`NLq<8h|~ z&C_I0FM(OPY)A`6gWC}24Ht?>=K!v&ycm{L9tseB zF|2+LQynMapJTVWo`@0~?kGQ~jU(p=p=-oS(F`%$;c2nJ&wW2EL|1(0pp}NVSTE5C zDMomFzCSQuOv4*S-($co(kj*pc7Z+J!&&TbHsuKLUp2rHW1j64~%7Ynq$+50+YJbxsd~wnI2FE^|DwagfpLCK|Qd(Jrv_ zip34v!pYLe6{?{$$=M71lF8B_5q>9;VdYdxm)G1Vg%G8q)g@*#-kos+zu{e8REEd1 zp!&Cp9tyQnz?zWvie;3)Zsy>~*T@RV7z(oFj9nyHIF!3_NcUJ-!r`PlCSY2T!BaIS z+o8ih1x?Q}swkzF3Iw4naY)pTwDAIUuTuKk<{NO^(hv|TwVR1LwCB;Vkyvngko#MN zU)5oD-VcK90l!)-TG1)Q#=g|MPnk=o#uKAm;wC|pL{g9|2Vci#q&eQGJ%j3V5G=6QAP~|!jI;`4XVA#_~fa|M) zT*~W)u%q*xP7LKSd?y?E`T2t2GS!DaNz!0fA|)^Akzkg}(Y;Jkj_sEMDHD)X%AxlQ z_va4-{NbbR8ZEmJk%1JP7TM%X?g|sY=4AbzC6Vg}diugIXgu066_^~7->#p8Hcsvw zZ%EICHapcFRG^JTR#(PKQ&EdLt6FA)4RmMAIxC1L!p~0;ExRr1{x2XxSn_X$e&=I^ zW;O1>ZlgG#TqMep7`fFGq_G4&?1x8HSVz{$DP*g%@WWGKIaTtiV4Sb!y^dn@ML*-r zA6gTX>Y2z=?+;n~p7Dja;{O+0{}?07|Gv?}W81cE&mP;hZQI5k8+&Zqwr$(CXU=?o z$v@9?l2b{2I-PX7UUbq`wQAkh6>hbmv_#MP1zl~}r$W;ji3?l;+YP10h(FL8;U2p8 zp(8^%nFr9Cc`SmUYG$bY+bgudR4SaOLo0nc*a^hqgK7Q`PVtD?Rp&4^pZh;*J8~Gv43a%gdYMUcf^JHwG(azto$q}(i(KTEf`@HR2|rNs*Y<_p zx)=ZQH!SQxY;TXiz_=gKEzZ!Fh=Aw<<~Z#~DfdVleln?}52|=VF_qjtG0rOnL&@EW)sarrZ8n8gQwRA2H|}9OpYz|1*El9Aj)uDt z@YB{nZV+#DgKA}~e@oV3Ta4*0EfXkmsW1g$KrPNO$3D%baJd#!xCMHa^Bx~(*oqs2 zUn$6z<)9mbQ}|?r5sglLP3NjNJz9Y)W43l~6w%&5L8If1{xD~G>t~1fD(Ua!!+eC= z?W~n!n50>eNIW`978E(s-T{qk)tmS9GBHMM4oCk|#8;b8lE(SDd!SjX@p({@gqr~2 zXV+DvV2Z*pSDD;ZdFP*=jIIa8p-wX6bOHiJuYd}W<9{fY@uKLJ?kKp?)9a&lRI;QY z$A*59M1vTGnN`2VLXdBy$MPJis4^6*SV_N6*(ITOd_amsSf`CvK7n_;;~DM6mCJfR zRnwcmPU;q4Z*cV%>5TLw1cqsS2bg2Lc3uanHVJX_WPf{wib8h({9e*-qMPr{E%cAT zUq94Avry!Hpx@}E@UD}Q4b+0mZZV-FX>>f1D$qU!Ga3F(&d#LTwczW@)u9^k06MWX zz}pES|CPyr$k zY8(N-KrQ`@E^7cGL!?c;&G^Qa4{>Y`A~rA2#sr-gr>yoJ-!%zZ*OdjCl7zB$6yjyD zxN;6mnrJJlVv7fg$e7I_ZzhtEq#ZE2K-*Kb2}{w_El+j_2B{gYeS|`<)>d8=Xvna0 zT58uvot%5!aRdKft*QSmgpB*`U(J!gX%{4&*;^{gs=-l0k*Z0FHHpa zcE3CLTPw~<-H}m=t>n>_lDdS(UyhdwLs8Z)G@Lqn*5OL3zFdHEf;A!f|=!S-b~dSXsM4a^|N9H*Nichk&$0zzJr&;?rUIAvU<*Rv|{Ejd+CN0Eqp8 zqVtW+TVCJ%ZX;rAc;%hhh)o)CB;xfNa4dw47fK(oBSY6>NRwg*c29XyvX?y2+ULAZ zV7-X(!e6sX=#-dR8lkBi$5LKH0PHweNR)(_LyRSrOZhH`s5XO=0n&m=K*6?*_xb{> z^w;M~^D3<@()=wH`rUnA5DO1~eXeCP%Ks0aD=d1*IpS$QW{L|^O8}HQ4f_v7$C^lI zCyoyht!q9gJfgwf=o~6|c;#()`RW;KtB4XzlDcy*MP!`*B2-?O48yt6iEDU*y=ZUS zUnAEmX%P#UbTT1yxGg#;E&|IeVsZF?*7OX&n!IR71*qtT8-BoC^{|Jv=tdc~h*d(t z3td<>!JFdGfXa*?Z85`zG-55kM3d&`ob1)GnZ%nqHWo`!3<%J;0Md_udi;yj!X$a6A<$)}g+L2l|E??LzEt%lxoEk1IK@v;GF z?Z1HTMO)`=m{R+h72_OL;z(AhkPXEPf$|3!+H5IoQNcuU}F+ z!x|%JASy!gtp8hZND^hS%dtamJff68yy<@kCJTlQo@AoyT^A$~*=oKM5`CKR^XnDq zr=R6&Xvl{xVp6&ayA(F1g~_ZiMj^bBq1;SPnS|m*sbd68=mk4G2yO|q^Bof3B%UAJ zFT5^)D~0+?wQ!YBtcBI+(Ug3MWcT|#q_m<&rt{{Ht1DHOXSpWWRsLKvdH*T+?~W-^ zNuued?p%REScYx3bRtZt?%aq%G6T6c1SPJ9f-;4=SAN_+=Ef4|GY;nxs6K4Vj+hVHFw(*f|{H)%H(%YCu801R(wi&Bj+R_F0q?Oq90s%ESgnJjJ| zhF%HogT4OwVX4AxJkIgAQV4X@q?&cN+P?#93p}+3c6uz&Ed)7?i8s8yC0@_?A^KDF zK$R8b_3ZOrFkKRKMdv6Pmj)#@_M&MK-ja|(A_Om#~?V$W||bP2>*4Z$O$)Z_dj<`WA6XlG1B*u|F=7~1zo6Q z2$>-kAWSK+qYg8zJG5fuYR($KCfvfHsXd6Ufq4QcZ6{Ympb>6q+ZgV+C$!CN5alSm z!XYxAn)lB!G4Fr&*jQn+v=am9#KqJ5o#45aC;7Y!4}hxg-G2rd^xgjqvU=(+La808 zq3X8h72WR-U82a8lwf06a;9ya9)!2Ld;%n~)_4RncBYee{6B8qzY=q+BrPMx*J3N_ zx=8E4v>Or~$)mLrQOa~e6piUQ`flx`zTZY6#(k4rbMz5$bolQj)_xQJLK%QU6+ zqNjmmLSz>^a25$`B6DYZC|<%Dy?{;r@HecyztIt`-o^hF3WdS1J1?hlqR!jSRu%pd z8>%^iVH6RM`gk~GPJc)9zV*cX@=ZF2S)pRxAk62nd(N(Q7A9{r7RI>_l&1~mjRBZg zRz_^G4{)fnb-=DpDPGGWD!km3SflQDSjzE?_x9DnP?UWH^j4^+aPe_*Ly+!LzQtx% z1z;JB@wVIH_k2w_LKD6=Hc+d&mXtte_;u!{r%4lD*PPfBr7{|JBYAkT4 zA=UG>oghEPce_Pk$NJ+J@w*wIe>4J1ON0bEcnB-eTUOMU3`_6#&c6ZIp!`V7-Z>)^ zxs8{1jm&C-XgbKUEu6JE7&xsr=nmn^N53pm0_y423(P^4CYN1xD}y0X^-AhgkHa5S zEd--jpkeoUNW4-6yq-k$^OgQH5W(};)EM+I)1534*oZbx7}`ZFtd$9zv2aW7VdMa@ z==B1Tn^Jwrsn$BxvHz6n+ynfl9v!^174Fp}?(C3W-ZWSa3oyB6*_{(&DAi-|n_*J81i9dtVoKfCH9r zH~TMuuL<^^iA67TLDdUck-5Kwv&E`-s;xVl;`I$@TF5Nk>yoA(&qn&g~K}1P>LGc1awRFBA5 Q-c0lJ(wfh}Un zn-zT2iU2S+7Kgm>c1g9`8ZDbd<@DuI|4^m*pOvJ$yN4h7?-hw}%<%2`_5AB*ZU9`D z2|v#idN^w*5cTWx+B!Gglw-b?^ns(J4^AYP`0;!G_Gyd8*1{M%vEv2(W2(lPjwCUb zlJ)txvG$>4ER!FBTR}4PU96~twhEgNp22SiAd~Lkc-}ee(e*%5Vt*mJGuNphi>1OG zzt&0za1ql4aLA*PD?gPz2l4iAM3($?CG47MD0)7wit3)H99MCs7BL`kR4Q>LS=a>% zP`)EHK~Hb0z--5A!v!_hDq(zF#kn_AUr&PC=526{+Gb4vNlJ^0q(RzjA-TGJ>N7!W zeLkcNz)Qw8T~9?!-`SK!((1z90*`tCuzA$k|H*Yg@5TJDnIW2+XttrjN^8=#En8b^ zD5zbU8~gH-xFeEd3G5cNS2NG8fEE$W>>7Q+6Qscr6N}Z-YntH}q{pjYa&f^vXL^gD zr6r4?=wid=42Vqf4sO(Svbr>O5Pc=@*OLl#3aO)!a)%`FjnL+Aupj=4cK2n{Kw%?L z#NAB&G}e6DWgPK&t}g{`F0rOxuq8yT&u^(v@T6_L*J^^MVZqU(b`WJwn$@ZJGOea; z{KB#OHQA0q?1iWH%0WBcO4D-_y7mZXaiNzYS8ble@i3;lkTnF0lpXH5^|A`j6k}Rk zFsU#MX<{rIqe)y9SDCxbmVvpLac+^ zF6LD)&X5;KF(I$GH*-3)sXeuZdE}sMjK{%TaxhjI*Mb?v_qYadUr2PWfGsSxQt}_O zQfJkH1~>MBiG~%Stp#~2U;>AP#Q@GgLch zO5s6y9D&pTA^v^5_yH?P66J&hF&t^cp;Y;r(Z_K!4*VLGwe6bS{VztG0gT?}Ftf?v zbth!yjNZB&DF79D#F;U@q;t5qK&7lY?Z+UL5E~qa>j_{@nD$VHgJ|k=X1)-nQDls2 zkUd6NdjQ1M`x(6aCM9$BNzp3bVA!flJSrl_p%L(=+X}kZDB&ASs$Lij9r+D@f0R8_ zx@oa07Dn=ayxl5bjng+|KL~DYN9^eIvTrsivWl=~upLlJTBz~M+1YsfhSESUj0nBj ztf-T4N`2i4OI^Tj7a}vRnmn?hDf_2XCEqcPY?43=^<{%Z&5MXG|nmp%vXM_iPd=wtqP2C}?>nA`gW(e<~ zWy#AOVfZ@CpV2g%kxq}hetOtO77FDFj)uCnu zwSM}vPnoKdv1}~&Im2x|Tm;Qm*0%T+vjyC z{k_?Izpmi*dRjX%>3aczm1h=@c!d^LRAKtO!#+!L8vYM;$8jn7Y@ELbf4jm{s9d8K z$m@u8lR#_MY$zfN)$kvBGHd#r^d0s%vNy=|BR#UTAY6vwlIhV1myTTDXfb#rSyL6b z!Y2NLDUn5TE)+IDAt&q2td__OLFR<2*bY#t5&$dY@Frx5iIWP&avd*O1&tfj%I4Y% z;4xeUB85PTb&=4i^1}T@Fd50C36~5KMV~neVTzLA%ct>--1C2nE2La~D5sH-bC2AD zSainD&|_FKtFM_|~xI}I25j=cS2tjC?g^WiBoLNk7MXH$^_sgG4Yve?Rtysfi%P+0^$T1OX9n1#| z;GH6~8AnK@Qr#fR6XT1MCEMq+Rhk-ucX5v{lpU!%Ua19z$d*ADwbEy^g&tQC`B51{ z;U_IpRhr!XUwOAS2;tnLYFKe?!TVz^RESB%?VjSRZuB_NJvxY$-Md2MYOx?DHJ%f@#gt~)9cJV-I4>yVA<&)X+W z>HxLB@ce6;DWt2<-&u=iB22m1=DH$S*I5XX41J}nEU^+g>a|3$(azyr` zze?kH1km&n{E#Es1oId)B@=JoVr^Cg@+g?!qPDG=xC|fzg#RSF9|8;ltkuD@y$EJG zGz$l0FjJ{L>N#`==b#u!R>wU9%PJ5Qu&_NT>+r|`h2n@2h>Oi(AQ5_}?D$ZD6!qh(+L1-R0c;`=}urP`I7;vuqdF;Ki`MPQ*#E($cR%HOOeK=0?&%nRE2(;^IC}#N(owh z@f>Yh2|6@LM(`{7hh7nRmKcjwW;nD6E;SF(zr@XM2vb^UYXr?L5y#QIdXeNfJo046 zND3CDiN+p|2t%6@EoJfr+Kc>s^HcFxAXhjnA43=R-U)^DgfS#WAV~Qb-dAjN$HZ$7 zS;C_>e{YjRO~NkHuX!KB&6*Px@2xPnboT-U`cZ=r`;x4zJX?adY4hBqUa8wiH{Hbl&2t|6FT9XR zG-!ca_7BIRY-|^(#M*dSZy0U#AT&Rfn?B-C?I+#UX#Uwsn0;EN(1~(Sw{)jcVU9s_ z2?XfB2Mg@GcL&gvjtM$i=%c`;b`G5V)#+?Do<4+Xd2B0YL1<&QY}NMRlLr@X+Z51j zc=6!PnMxkJZ9g|ddlp=j`sBKHlbt0?qta1sQ6Uwd)D7z^XAlHnz^N+hQ);HtScTr@ zOCe#gC6sK}cjjt!TIMZ}zerU5fXlY8e^wel*sXuioN+HSznc)rBvDR629gktX^u@f z!`3q@*<>9?m$5cXoj|&v`H!O5>u+8{UwixsbvNv>Z+ug<&&H9}+yjZ+$b4s!*PMAZ z)h?q=XcO<-r-J4doQFx(F1cTu%55Q{%|nyvGrp6R_K`gp*yH^iB^80Gg@_D<4=%58 zJZhquqjsCsi?IjPpnmoB$fV}p+N7y}16MeAG}OtgQ^RpiVtoZ(3D$Eggu_t7sBH^{ zbfIYuBi{@IQo`%ijbfc>em+q-)db*klQx2mXQDNS&}_3Zx>vX7g>fTx3$6-lKn zT2)6wAc-(O&YcG!8w0pthF|+%Cp_%x zv*%8E@+BaqtLcmLtsYaFZ?D82;;KwV>|(!Eq0eK#d#H-3Sp5cUgsp7S~AqC_KD~0RZ;?>-; z*y;A34%lWa7}??dzP@WwVq^LCisVIvy(WJY0@pZ6wylftH_Ch#lsVvOAzsALe+iV< zI)lv9@)TTUdC5k24wPZ9W=rTG9dV-}gcQRI>C5nI&<4M8b@#frk%iE?J;+_ah$JW=aEs5XKkX&r--X5>k? ztu+Rzi6{dK`XfX@h1wOGoceLIC`^eL@1X9*o0$9+7sx;vLXmOy+G#5@SK1cn z*nfwLV#pDJ9HmKf?~+2~X_qRZYLQ0RZR0w5#;0l>vthdxu5g4w+FDKG?3aFMZSx(T zJ0;QVDeQyf{K2oa#mBst88T8?aqf#pIPi3o@yBF!SUO&tU1vk@!%SnEa;$W8x=IC- zV?|^JB6FTxct8V-;NlaYMx&>`Qlx3rc6--*@w`6|b`M7KgqsUm7$gz!L1_*P{Ei_#Bs}r>31<3|ZZB zP~;%~_=2Q?C?F9rQ1H+n6<8pN)UN|X_2T=%OwhYBfyuc3+HZ(~IMGba=We%rkf`GH z+i0lr5K&L{!GZWhQ2f(5eiu@yiklq{=i8hq;ELepkZK@w_PG^Ns`iL3SO=%S+t66V z`_0^(!gtSzTx?AD_q*K)`HUV;4v&|s5bxKI|xUVbogSyDS zAJUS5kdzv%k<&GLjvndyQLytIpbW$JwFn`CqAxqQh{Xp-cYVBMdz2h2Z1su$P)P2SHhNo(Fb0sIswIPzWx(Y6sJ%@?2LfGf`t5GMN zCoKR`B5f$Mu;|Mehzt@=h$mZ0zW>qO>8r7`vwpnS+x$bkXE-FNiMMhFLNPdxXu#$I zW`Tq^l%^#%R4%*#0VSqONT|UO%p$qZ@}kjh>U+V1HF>}Gr@GQ!vP>eD7-W#b5fZCG zmJ*roIN1sVX3Q8(1VP35B>({FK#plS5TzWg6NleOH`hY~uq>o5a{ppp^gN zjU_li%2LtlusbPTjrUX?2PFZzDEUZO4Raq_7HX+*+7a#CR{{^PxS#jBT;efU7>?W2%Hp^{ju%Hwe(leWyNoGOEdVR8dK(qxec&Pz8-fktP)QmQRXQpu?v`D`5^FHlLN*ddpWl z(qvA*9%`^eE~kz)05)7Fc70WCS|I3Ii$lUL1*<9zZF;E6n-uhEKZtKoG$$Kw5TSh#$MnzFX4jXXOYcsg%^OJ!1oii5fF zif11~46A2fSD3(!!K@d?X9y1r7YO_+{x&Plv>x;e)(3yApV#Nc!A=j%_Y}*L8Ct+?QP;cJD^PaREACzYUa|gwM;kuN}#900MJ#9@WGw zUs@;tPiM7`V7#rT)9T+3AZ>Z54Ae6I#x~-%2mhryRx6ov=Fl}-3PI%XaxMy} zd2^GdJ>&``+W}*1AHSqAxmGRv)rB~vy6!bbL29K3A~t?EsA`Dr3dUonwy@p(x4%Y5 zxD-z1OPg|2xK3my%#Ga^OOD;aV=Qqm06v4MFHpAGgT-phP&uRB)Wq~kL5zzN!Wkwi zuuUeguvo~&87M*+c7jnr2~`7J^hHv;FoSzzIcWvCh8BC@-ivc@?Lyu)?|=aU;e;=L z=}77Z0jfwtD#|;>B}ucLD=hDf%WIaj`SsoWB|c(Le*L7f@9dAxX+Z&ru- zoCdq)?8ApSyl-G0b>V*g?3t(i!N#5%%BQpoq~*PT){>0vY^e>#^Wd{QywXuQ1E0ow zCDlF^%f_`Kko%sIKeGrmyRi*THLD40Pt8k7BXm#%$p{X_s*_V4uC=-1npWxnMRPw6 zErY#Vv@Z3GEmN8sLevJN0D-xF6Yl|rjrZr+*N;j28!?9@g2Wp0e~h(Gv%P=ee~fik zYk{GxdqdYW*}sgCC^Pz(uV&%=@>Smd_-d(PL7?1@0#P25DN%E8Waz!n*LQXWNjhV+ zy+0y2b%sB9sWk+aYrR81VuRQ!n9;IEQwuPhUP~{Ec_tRG7L19`>>M9H74P>pT6FeV zP_tim#}Zh^q)CB?zgx=zdn)~mo9X7HuHSJqROG~ZbIxSu>gH2q9aIY4NxI$~8)@60 zt6aKLR)Q9*FPK#oqmSuZ*=X;oj#gkZwbYGAi5p`Y?J$Vq-N{SSQ0@$&_>5U=HY+R3 zFgSRv(E1$AMOM~jEFvZ5s{WH-zIu~|Pw0I{vJpm=66$$xc3I#CMY}11Cv)`OJcH@| z5re5XmL}%{x3`ZYW=3gFS|w2Xl`Kj=aiGbvJ+mMFXHXq{y<-lL%*_|30a4|hlf1d; zCE^jQ7LeVUBVJd?#@@0av1kyn!#xzuIi1%qi;Rd;%(U`?xdU=UOg}(^sGKMz=`XVM z!%)NvrxjG?S;~|Tmu)14ZXV-^jv~iCtaG?(K*Hl6{69r6Z?z4lK7Ty>zUQEybGADQ4J+n2ToL~Y@y#V%w9t{U-ZUt#xwzRi zx?X0^%M{A&_>1eR?SWkX;E^c7SRY}EH*Dwnd2IE7p6vvFx@-qppB*)=n5SDe(~?#Y zUw@oxPE0x)-C&)WA`V|ZhZIp8Juj1UV4wO6qt@6jg|v2G=+?hAO2vYh!D}U_<63e%nDtc4=BDr@3t3-C za`i25W=senZ7wK?UtArxKcbTI{HZxp^Ypo{7pA8rRMZVnov%zSSLOVlaUfq0C`hwt^J4VWp}7abR;sqZ`8TJg-WE!w9)t_qi8P zk1&Y9Ts3C1tTl<~{&at7X_jq}bxDil+Myz_PxZxoQ9(&_^!Mz>2(xNEJ| zT*g(|<-IV${=Ws)gzrAO#XQllMz`}!o78`Yl%(>7^nRx; zEhI6{xQr9-_~s%y@olJZg()%lv@}b2Ku(R`8HC(D%BQ`TmkTjubS_}DDA&0}hLLK~ zCM&zEDD^%0cAuTb;=dL7JKRR3q0x zgLaO^lmFc&a~ov6wx=6s2?3P~gUHqrC9f~Gq5wclv+^!!xe}W{1S!&smrCk1OVWnP zX2H&(2axyS@WX+5x&os*7{+Cn2`oq>N?;uw)% zt^phGkwQ}Jr9lf@0&Bcx&-o>FfB=ca?_nR3Whej&G2rx<9d0;BI*_~g9YbkxD;5rP zV4!1oDE|NO>QU(d&VP87lo9#=@aiq^FJ67R8Aqv?mvR#VvwECxShZ)jmQMR0UZqC( z#j8fYcooDb5rLY{Vp1LlGv*8$L*#Lb=ncSy-5e`~ z6d zK$bzCTqzO{7h*18@D~8OBrH^9e|?4)_qL;F{d^CzwSaC3^N4Wq-2EF?S_suLt~&3w z<&pg9BBxMIY#GbR>!vWds9a+@buv8wj8GVdY^F!L8C#VyR|880;zvNbeTZnFc8;&( zv$;8aWpwSHn)_ACiWOR$|Q53IBtu z%pRbD#OW8-?MnkX@oh zrifjFUABo`;%1G+=LVCZXW_%BWJU(bn+UpztW*`X+`0sFM}pMC3ia)rswb#`+SY3pTeAeQPLeBw zwi*5hX=B{ROq?W29B?{PnOPViC~z5}?nadow!a_mUx2CtrU7LQ33o?(5_L4?9xK+4 z+XD+sgQr;Ofj70@qC;;St1uc^A5N|ajjDcv@($6GsB3Z)qcxx#dO3r9)y9QNAM8Am*eW+VsLU=K3=SK#_jAz7amSKfXAUo(!JQ1t1cf4FBPy zztNSvd$D|Q0HeMuIu3+xuFYJaH?zjFXI<}40zWol6IeP0q@wU(Qk)GA4AG{2mk*B3I89ZsgHR+4L6n!u?v(Kro;czyV%YF1T3crdlVtqIm{FQv|+IgUi~))lccE@Lz`D^%;UO2R0lv zf8g*KVWj|2Nyq;8(OZ_Q(+uG9`5 zlpG;C{oYh6O{7$C0pFU00|SBuXwPckU|;gpN=^C#0WT1_rSt&x0QcSI8+v=B)tCnd zslaWYZ&1kcrKARx_%q!W+2m%$(2)$kQ+=pZ*em{?b|Wxh5l)tKWaU+Vp8EMk^tehi z`6c2QLc>3Z-w7~yjF`VweCOk)9I57k(p}Kv?ASpD^3X&=+o$FCOr*zJVrrE-CPECL z5Gdi3=eO*(us0UVE!4&P*JbZ}^!(ghbvtgANy%RF7B{GGw2>%;dO9aC8P3D zkF7WB(({HGi1YC}@163-5E)eFAICjL*~~^a z>M;);bY2(?Ev0QInDBlHr)e2+N*b1Cb$;_ijqI?2$?7SB=`K>J=dU4s&`9f@e^V@6 zcLi(Wb;;0J>YP@Zu3znRv@dBNI9`^*FA@;yZ`x<9i2q)!f3GaV57X&^oz`T1baJ%h zo%INdcQT8eMc7(BjkREXS&24|n0L458Uld^$6nKG=8nllG!((ycyrh&7-Gq9Sdy7U zfSIBEeYW!j+%vf~1+(3Fn!f z1+VM0VQrJzNVT5v#Xhy8;>@#IZ-+pu~p7Bem$8?*uU(-60 z7X>H|(W|z*1WYu9?sqU`#uAvH;+>#PzX7o{NvzstD0yV~WPt7D%cmL9y=0#y4h!b` zgfnkAHbosY2ql>d9GCIECE7Tu6k$z!EFg@78mBsY5fP6<*AC>5A_e&CEsjA zAmUGKLycrfiZ(v9k4c}3(^|-P)SbvJHI*{_q7B#Os3X9l`R@}yYS&9&s^=6wP6?df z;Db<^6H*t6#dFn}0$^aUAOMHz&5wT#h_yJfG~U_$USF_kLJ)5Y^e zUQb-DNI)S)tg^mJD4QIPu<~I8dpQZb8itRzYs_SpH&*N*)21*}x%@%`OP+Flzo)Is zIx}t*!#Y`R3_1o0>}4nUEI8M%x#~T*3=41ShNKY%k-?+^O+QPdQ`j&*>gKqX-I`$9 zcdZ-65v0_;PXuv9wKll6E_6CEQLUd(b3=0f4R+l(xI~0R4Q9_Vm2(v`k7UT`I1dq9 zc<+H~n`Z4W9F#BBagw~+#b~w&@^i>!0S7!CR?iPtAHKpBRq^GmvwRN!jmuq2a>)y! zH_A$hXeur}!qsK@h05gif5@|B^R9ELmE>jYe+vMMXa)zjUfK;7!J5WTrAihk)8J{F2Sym-2q{X*yUe^|{dosjJ_e`f9)N`_u?#OOVLa=Ma$z#6|t zTyLzr{S-es_xWqjmw})&{9)0y!eD;AF zGm|v>d2C~Mo)Tue-DvEjo)nIZ<``Iv{0!eW0%Dr?{fO!1pxpi}6eK3rczyQ7Dta@f z`BiBhKq?FWr1;#3gJP||%JG9!<(wbq=4BHe?ijNgeM9+87k{^in|I#Xe|+i52ZEY# zcl?Zu$mQgq-26Ng{P`ZyjV##uM2ea=fFbAT2O|E%)zRL_7$wU0dsB2wA`Zx$3#0G{ z>eR542hYDIQtZ8nlO@H^dVnB@9=MG!#kM3$OQA)fXYDPT89QsEhnBx7gJw+$bl^9j z1Q?Tzt|!IH>XEy2PrJnvsDfPR--9{uE-SvO*R(7C32D}bj7RA|p!I{mHDNSSHK_jU8}`z${^kAolDd`#{0N3M^LMJ4o2k3}sMSB)&Eelq!1(xxdgdP<<1hCd$P zj~8Y`ulOS~o*y&1lH_N2q0o~@IWSYTP?35^507lT>|~nXZJC}mfiq4#dtq!Ho&ld~ ztr*e3?ctOH!vBESk9{D2b)~x8!f?fobQ>tRUdl8CN=A^Rr%=2D`PLdv~{bf93 z&G^|6i-XHE4R2UnbL% z6v;EB_&X6!IfT;{D;*U=`sNF}60o2<1p!G4`a)&nE8|4oC#K9CSu67nmvIq^YJVXA zi@lF@bCQls*o_Gn+b(D=IJ$$)v52)&HkT5M%ILM$Ln8z6(`!;3W4**S-))~`1h7dLU z&b%&481F+s9(+SBKxRo;ij&+|Wi`xm^cciarO1E8n?{7WP|H-c0MU{XOJ+YavMOiY z_%O?GtTOUtxj6t{o=iMu|7<@NW@j z4V{xh=~F2$^7BlpKqd}F1)X$$ZC;$um5aBa10L&UnqE4Jn;2~t&g`tkj=XAB)Y|`B z5WvZ5C*H^fimG8iZLco%-2s-oB>Hv@mA-W@kSC#wXPrqE;|P)LwSZ!?n68w=DG2;(*uM{3=H-_xC$zCPwc!?xe>j z>H4`xESZRox1d8BwMFGYSH`uC?9_FXX{9QYik-A3yWJ$~Vtr}k$|UDuMa}oq$~5nx z_h(qiD(o&NMi1qnhsSGs8ZPv9wD&Qfxp)2oxe_{PQ|Xt@E=LQB-cemU-p?G42s96IQl3rp9NA9~ z$9p@%&(Gn-pYIFbar9j%C=U=01e8-BaCj%-UXnhA@G+P{hSo6VK{0SW|BYWSi@a_h z7ci%Q0;nNew$TtSaV;s=V=L|lW-17 zK3{X3G5~`S!5~l+ydahR#%@t-iN3eZGY?=pd&eJv*_R>1fKm0Qro@jS<8yfU{O1b( zVNLxz=Zjn~!C`q01nflurkF$UbN7b$8v*~*hb7f4h+^WHzy+?!ye)fcjwep&uM(2-@C2)?Z=aE-2_H3NY$6%9}fURvG5E zaq-R&j03tGcQPdW?aY00H>lI@!8pNw5J(avp^`u+O6sKSaRA7WDfC}O>_0eSu7Uw^ zD9eJhNw8hOFvIVw-PhC80f4BV3%-#%KU|zoCcK{y6mP(8=~!}xF-ippGHQkbLqsv+ z+k4p8vnkqEcMlKl_w(Idzc0s%L0t@LIm-z5@2?^q5Zy^p?-&IXs(3%30ZgokccGGZ zghWac=u%?uFLv|_2p{g~T#Wl42?8O#fS)I+@khMqZ@+?r5?bQ4bs?R$rk|i7=O7l4 z0AHGxIPHxjrduN>fhdB2*Sfs-3%rHpO7pw4IPWarlYF7FbN{war|zU< z;ggCz=Ky_|XD^Vhx5)*b>($m|pcwbq6hq|cAWN_3u%7Lhz#l{!LHr;W)6mUqeLTaB zzil%bCC-VkPZ>tHSN+oK$&nD@bDj) z`c|iN1&g*ZK35o(8@qgs3^W}$cux@i9MmV=p$u?OP%0T!*5_Yv80rIp*RS1|Jev2P zD?dlSGC$nU?Dty#9Y7VxjQkZT{nUbz>wSD;T!C`XE%mCmIM`0skq;0_5uJo z#{C2>B&R_DkZGwi>;H$VcM8s|iyC!f+qP{d9ox2TJDrY=j&0kvla6ikjqT**`~O{a zcI}%rSJk{)wW=n@7|%0i(i_A71hpLa++~IH4d~O@> z_@Zf*6TKgu_0IirRVuW-5b6OR<`Gzf`J0#wXLoEy*HTYwt$hz~vUh-v!t~oaD+@BGVw4q!i1;wxt>)aSg=pAWOppO|H z=+Dg$jJs9;5;i?31>UueM&5b*MA_euPcsW!LeW(V%%hUD%bt zdM{>gvJN%WkSx(#Y~xl{CQ_5oqt@W>g+rn$W$l8mmWKFXcYUI z^@}7NiENOJz?yKNwqjYuvzH@KNtCb#OMf3~Y8D*Pu*gjgU2~(fw{I#GjRoi1`QiHG zIIG)Rt&?|nyK3f(y?CFHOW1c9Tw7I_q;?v`dBp$cgw-O2`IF7wBz07kaf+JahAEPD z96m*puq0#SyzV>ZAqHWL-@C@`Q?=>4DMq_1DskO#V||a&ctil}mH;y> zAS=EoFX^Ic@Ya>PXdEBDHGMcE6XH{ia;|iu?MY`p6BCf6TizG5)<135+qcN zm*ggZ0aCkYadibn99B}jxH(e2#F?Ybs{6Pu&n|SKY>cJ&b0u5VU0$Qz+r-& z6}R{SBI@E>4Wp{`1;>>uw`jOt`Q}xZmaJHNSisYgH}vGE^4Y>3KHiFt1!W<{;Lpp< zi9Xc=jI)(=6;ndnq+hz;K};(Lip)YdX;KRIzxfq0sR_VQqyBQxh__TgLqo3wVA1l7 znfqd*e2L#*cr+w3?L_E;Lo1aHS3T&ba>0U5Wxx_0iG-5bD`p2o|FFG9icZz)ii>x- z{ivk8ndWw}6^=Q7OQi9Zst#^d0ZleezDpcE-Wl%ra+%8F3B>Pe$|PJW^Y5UtQt?#- zNPmyXfJi%(35OkbJc1&(XSjHFERj)d_ zEIM?6E#7jCW81JpZjr}aXRWKJi8}C)oqLYAs|vN&J7~(KJjjT1YdFcD?=(6kC-st@ zaexN23@S6m=V~<$cw>i*D*82i&}XpV;IB|!#1q#xi3hxIp!$*Oqa=4)Ix_t=IiSlb z2}wDMZH>Hvr6UTG5GDDDhUJ}sBhXI3z{78X$5{)Okfq&3p{0NHHaa-sq{}RGPa2JO zdbLjx=vF!lS+9AFgj=hj6LmAH?@JX|cPkF#8O$(Eb;{s9$rO^(PzTH~bTL%%_c7=u z%!R=Fo2fEG7~Es+MR@Vza2=F}B#oHdVaRRqywG**eAbls%o0%*>5I(q_!N1hFFptx zW7^(uI5HFqF2(P20u@Sd3`{Ye5+ZpJML7D3OoRVa=bQ0qK8w(N$l(AK^92&NYCylA zaDJg1@w@tY`3=jBw<)1iqqSBCZz37SKpTsvYO?IeyEnO3onKE+SC%cD2h&oEHE3%q z(ofo{CKS4Y=XtB*;Yx-VeMn#D_nNWBm!dI}71f8Uqwv#Or*$S|R96Y1X6)Kkp>8Qc zccd@7;Imt3bRRFHrFSmsUg@c|Lv9_)C;yEzcwf!oXwVbWoKpZ5(c7jKy3{r#zBQMY zK|{ro{J?{1FQ_cQDR9QHUml1|?-CwZvKX6E^(G#-EWF{L?dh}jPLd_93ac?-t6@v# z=bdM5+DM5ZCQVPUniOgs=~<#+h9^PG4yQYW(y!o}WGibPUirbXi@Csq zOLUJoDVTsVc~M&LjD~U0C-+C?Wd+mw?s{r*JG0zRtyz9vP_)qjQTlujAY7G{^@}k% z&lFy;OCQm@6Ih2pKY4fJ^Ww`a*(FZbk!W9Cet2=@nGlxhU@(IgzJpLnpHl{DlMZHDtwF%ucy#a*F}Kvc6&pT}Z!5`yH!i1Mro z`~y!zxs-5S778UC0E#6>D@Qk31z;uO?tqcew%sQQd7P;=xI^YTASy70Akt_xMo2AN zYmd_WO@Kxafp?ci7!DCVP-KI`yBj_U=ojtS@zg8*#M}`$@6l5{%+G9C~S4Q z6rrUU3?&(C3~GUCriW@pb#!eGB~IzyvRQYyom^T-tTghc`ylVJI_?TgWbn_iigzm} zvowW5X)Jreq35>~+e#`B^uhewFX;V*-BS9VAyPIF$5K%Kv{^V%`~&$>f6^jO+T@C1NoMB z-IXr^=&*scZkl&N*h+l+{@VFQOr3-?f5o-IHe%O~WOM&b@w-5nIyxk?bkJzR!dfG3 zxqw5o^e7E%Oe_i~-Kwkh$pt1ofo_0&Q7xZ}ft4KQakN2>obH(dQT_8vR$&xo!g*6F zkd)ZM6fOoO>K>9Vu>JT#hTqRB4Hpe0)|iU>)$%cUU(T6I=dxX$tk}mYAYo%+;~_05 zo}{J->Yw0|c#7^*Bt_U|DG_2TgL8VeQBZm__jrHC@v^hzK88Ti8r&LMV&4Vn7o=Q_C1YLw$g6+ZcX${ZVOW*svA*Z)#deeK~v>5Tk9>9aW}tk zH}U`@tL^j^-1Cd-cFF{M862&0OK^8kcB*QB-*I0TlC45%?`g$e_fq3%T+4*KDhCJ2(UJTMn ze`7+nEFsK7%YETyo@ip5euOPInBLwh0>uV3JYEGQe1T%vbx5MJb|AgQiCTTB6uJ3_ z7(a8%ZN}_Li|n@iw6|x}l=LgTESgkSE$Es$TdeH&BvC=cp_>`Kg(`2^#r{QWFfn>_ z1rtRQp*Soa)5O_g9hGU?O+E7Z%L_qusI~S%Et3m(_p?w>m) zDPSLWxAHAzm=vj_<4yG3mud3%Tu?8V3C2 z6Qs=}1MAJ74tXbgm)RhItW!Hk@CTkB5y z%cK7^?QhV)D~X&%e>ZyDkrCiu#FC`k`2Rsi?**&yxr{LhaXG{x_=n;T5z8|`luOThXwCK4YX3N|_6R;?(XeF;<_-@10SVf5W44(#?i1T>t{{e#$a?6exPX*=+ zg{9Rgkspk@H@EN4S$%0U<(}XA?Zw?QlkwMP=pp#x4a)CW^v~aiUd&(L3yFyqpPxH2 z%(}d?3tDzX0su zzq(MN0@0wzyX>&$Hch{{RN8YE&-)4yB_oZPF2AVJe&amdV@z%F{ZD%PzKSob9qIO2 zGU*pk^6)WQv>9UMPDRfKH>L+LkZfHalXnD3TZa%ZIq@%Wg?~0t$b%D{N-LiFWr~hC zGztyVgtP}M_rq?T723{Ymb#Cfo0W|kwbBL^pS99$L#pnZRT&i@lgNo^fHJt+t`*fK z*=C}@9y!hx+zi)dSjj3=UU~NlQzO-ST`%8{TK;Odm!SZUUw zLC=6tQ69%nnO6f98EX1q&LS?5td^FyAtB;wdiudql1$ns%hi8lCZE9z1q_(~-EX{Y z{|^%apmotw`9$B14(kgABO~){dJt&Py!VRP=*+5r`oN~b-k77~u zKT6Uq&&FPZ%`@OMlD5AEaRSD4I%4L2?`a#%kPcPMdlUMBx0JMy9zI?ezdw(@)q4Ot zzj@olnRMZM-k!sW$EKR;5PS-G%J8&)88{1sP?<|!{np%vbG7(qf;H@NdY8hNRtP>B z6fqM118(&AxvSjP8#=kGP%?1~tT0SuTsrI4li>6%N=0RQ?3*tj_7CDgx}1+@iyJ_z zvHc!H)9zBSIKYv+?o*|7r{CrhHyNsEXMuE5ce1^T{7tBSXOBYkqYlkuW+pH_W-6E! zROU@E$^iz|Zsn4k^l8~2a{DU`ZhTg#7R05Bw1nN?TTEJHl;_&Uj=v%+tT_jpec4&@ z{Xf)=Pe(9UH;zZ+1V^o#VjDHTT<-LAUEL5xUX++{ou(B(dJb7&MQMW!S`2p%JTdIC zW}YCKti-%h6v_Iy8S?MH-jK_8dBvo#*;-zq?3Pyc$L+j`pCr$~&- z`PpZX8(p@$5>fWkWYzizZTV=DeMq29A|oPJ3(GKe$4vvkTa{`KDKtEO*FZH#hT(<* zxXsL(Wk9C)K*UZaKEF{fsyBZLB;hW3c~mZrYIRY)fOAQF7Ua5?%L8G{+3%~a*v1q>$&eMn)7|_7owQIw5ttRQTwx9p zV=*A;6Ct9Ysr^T*)cO!2&zzKq+#daQ=BudY91J*i0#YUw{KGNXj*F_&QkGrTx1u>4 zUu&0NTP&P&k*ex#l5H$yiv0rpwy9^kJhSn4N*0H*{1dex&d5W0C-3+5PWJH2$+^Z< z^ZD}KC-2eNCu zybb5?n2E9CAO4(tjIa=vGWVC;T{pt6X#fmPD&M(TAbv!94?^=bc(g!kLG^F3q^LQQJxnlFdw+nJhKC zB3!UR_?o5BjTjrp%~%%C6vadQHx87^JC`sE(}<3!0rehTxG@bzYU3LfPcmY6`61GW zqFj{t9qlytMZ<&zsY}c;x&S9ltwAKdDR(L9%AfEe*MaYeSUn0HQ$8zdec7(J0GSbs2IpZKgK;ppgZ8 z{P~DOF)xe~5`}9}y81g=z!QDXCmOri5gm{WB3`1_$zV%jIka+wDvqVN@CTZdzRlJu zE5GOT>jb0ZeOf7q>!*lJwlD6M%dKKvz-|8OgBAVcfx=CffSFUoDltz0^&%lmrJ=~~Mr9nCxHsWW6g zB*r&8s=@#0uU`~T=`oa+MwR&5&zFeXwKlB94o@~th6pbNF6ux3M+>hu$=7)ne416r zfOsO9;RSa3G<7V5y7_dof1N&h^Osa-c*I$4&6}*JP}mr)(~j*HNVKXIOSJNLT+Z3W z+1q4z7H%Lcbyq^%bOr}6#U*aeKZ5D%brC2KNifO-kpROhK~2x}iN+K^f(5QWILFq8 zIvI~q;;AB->T@6^mOoeR!hs)t*SQV6?L9pKDE!7!WLWaqE_fPY3hyS(7A${h#;aAy zK6$P@bf-pQ@-yH^dWPr+r9uLaz?3 zjwA?VD*w7Nz?0IJqa!THW+{;x?q1xX6>G^3v!Oydh-n_wa#NxW2fYC>npzoQV8V!!^ck$ z_J@UOma#~G&~vvDL=;56X;~vB)B21Wi1EhOLUoT<8lqUA4?S{|5u!)S&orC;!Jwb z+JEY*$F`bLH#@&eyp`&c<+PKp4i0*vC50k@g=HwUmB&lvBDZek2ttkYV?O~8_-=3G zws&Tc7#mK>`Ie^K{p_CFOJ}A%Ae~JuYij*T%8iXcQ|ioNQxd_RhcoanBFt9J*+TA- z^4i|Fipy&G8WO?N(*ZR}UP)f8h_JlYasY@#W|B%PsgNQCR)Q*O2zmZbT%^?N!24cO z!(Mc3>L?FN7}$$r$}Upz_yJQoyqD*%j3}{(5O-0{@trJad!>-aa}l%CE92W)!|qPz zu-ZGN33<`eOTKR!FaJfp!c#)*$GB*K^!HeqMe6tb#od9o=|kK0V^(+PS)N}?RSswQ zika{*Unxi^*<^R&D{^%o$sP?L&AdVN5Pc%LS}U>2GTEfYyVyhL3|*+3#M0v58FeOg zZYs&xd}3gUH!7dT&>?@#xs%@isKAz2EY7%VmMXWB#;@(4N+g#VB(h69wG28f#HXm6%Hw^GCZq!n&?3(={vv@@-v=A^BVcO~k|QSX zduGqLnQ9ECU^NRX?n!H?zlWKi9pOlqrvGJj!=e_O1RHo;NlX~m1omDID1-SxoABR5 zE!_rpA|3ED1)VDcB*wt((}6E!b32)SzZ<SEF?-?@??luul!+52 zz%wnkFUZ9;dsiK?uMpTgYE~-xb>0<=vI-FU!bQu=;2C2wEUny%b$>Ssrx=^T{$?-- zy_&Nw_jC-B*x38R5MM2U0*Uv^+9k$9OXUMHz;X0-gZX{TqwNixJP74WjTDd|!7tms zG>FGsKBK!2R}<1TtNjA$E_&}{{g%4Vobz|mlyCvbcN`f6DReL`RK(W01^%2d;N(I7v# z16+1~*+q@88w{v*w6eNX0C%A~l_NL~R}EEXAPBLOF3QG>U1ssV9_&9w<;A${%P$Ke zozos#oN=F8s*JCHn=6$bS#@8OO4c4#qPG59SKZ+cd5%ftflTr5^EtfYVzagv(`_e% z3^*(s<*}B5W47tA>RD`NxXst$tM}yu4{P-WaIj<1!=nwmgKN6a(<=sWhrSLD zVAr{sDEipJPBj}@Gx98UjiwbR_xwantU{)(@Q+#T6@Os(v=N<|?-j3N;Qy?qk2_~K zURfmq2W(U)Tio!ELb8);ZkVZcRgUx&aeL?}2ik80g>f6JpHL&VMyPe+%a!K3gG52e ze=MPDb_FKdzd>&u(wkz*lMMapW+>PVt}Nx%#Zr?B!DVQQs$)6gxXj3I0z2>4SNjRU z9$Yp&!B2zzXd^WMIg*@d)&8=`UtZlCb%eDk3(*@ndHOdYy!*xhW z=v>XL)JCcUK-!bk#CMCi)9&il@>DWD73)i$Y8jb6t`?f@R6<|_)x5|<|C{E+C$%j z{X#!v?6G@za=|}#J-q@BS^#OT<=bbM9L8G)Les=6N^1}IsV+moFcT%;)UOzppncRe zRKfvymjUq0^@r=X9-r>j3I#eU-d8iF51R%vpGOlX!=C|g&ClU26%XMp5>5OCm&kT< ziFzUK?)-Q>F1ONMM-bx}pVKt@cQwU9n{;PF*CwYr-h_kOqjfD00-;OAr8><=POn(* z6%4-oY0eT7LT2IH87IZfd;mtr)6TyLpKNv^hm9H!3%LW zxjxEW|1eQ^Tl_(YNZgQ(?Zhnj%+rgF2OB?*oRR6PpkaVHdY_w*AUk)>if;{=w8{QM zS?14Cz(Tz|(;k;>y%LU_eh4v|D$1sapi~nJ@I+l&Pyhuzs9HJd*DG4RFuQrfbQVzL zoiL$Q)9eObcYI^dgdO5Bkk2nh@EX~F-zLlgW>FRNDy7mCd|epEW- z7paO=0+kvY57wC#UeDIJtv@d*6!^MvaCcf70$uY{Q#LpvHmj&LNE`4u$nAsxT3`*# z+884L)n0?ETZ2@u=a(6J{x2J=hQ=Ej1jv&$lEGS?)*%uQsoju;3E=7=G=oh0zRdf7 zsmF4S2~Z70R623>4DZ)`m$_3#M9lSU57AL^q0ya_l+l`3?*QpDeYP8ZYw0w*e|0Fc zVsPo2dG2#1v>7}z9W9Wu7THcCs<|#$S3KC z!KQ!-w-+}f;E)8Yf}ol%zSfkOf!ULrh{d>%IBP;Vd;&ialnWu6rw>#=U+Q)28Q8+ZV>ve#N^s`OhQX2U!=Ly)vuMqvus5tfT zUM1u|T_qHm;wpUaK>sN9+D^$g`dKU-RieV)Px*`&HctEe(J;($4!)!wt}fUZ<#z`; zcJjg+?M@UovcV>C;y%dM&(%|6^WyZ1VzA}6RPhk`FikbhA1kDdNvFsZ26i8kOXvzi zS>jEU-^~Hw3l{X!O!(59V!@+aXI?R ztFvEkD<7wfQgN)^owOuL)r>V(l$_-xe^%4tr?#nAG0Ys4nRq5^9c*ZD0y4dz`uk0b zyS5JJ7MYDUJy61GO4AUaA$WTVsT9N-aA3)f7cD>u9Kh=D>C`j49rynf4?&w2gjako zFKlV1x(PvgYi};>=U_ZHwe?6r)^>M~+j2`>G)$)0=l|Wn8#tP$5nAc5Ez|aILIwxr z$GMtwj0^Q))7>%UbW-{4x0>#HI};|oCww3$Q6Q;y{3ArQ8K^7LTyn_!Kg|9!#V^wt zko%IYZZOw+hi1XyRdB+f0UMDORzvA@B{-OhcrpMI4Qz&;a<=Bb(d>-=<|_cgPaN*6 z+_<{faE1>L&M8ymFAp!(lqG}`G<8!rb&#!EJ#IEdybDaZ8@5!?XYgI*R`N&SRmUz( zyv#UgKv(j_m?59`RnqW-e1cAdx5}eSDl>t{Ec*lTh^$c}?vG6B>buR16$pfOS;~3M znP!`^cA*cRt8j4qob6Cu;p~4Mr-zS4>lnCWps2U|Mfd3gqIp`Cgs$q#@|Ez`%9^H@ zdii7$0AvIUX#4@SJOVw#W`qui^MZ@{NZxJIx@)HN-36b6cC)ZOmVWP5+^V?#{tQjL zD&pJ#1r%XaTac_~)0TOjl{UjTEq73zl%2je-bMZ{ic=h8)T+W}9mbmzp7NHJjBV{$ z*h`+Q)=KV%@9)k&*lKgfhvsc;cw?9SQ=y~>G_|8=5aYUw4kpqJ(7wv3N^`rXYr#^{FE~e=y|erj(#T%YY`AB*ioI581cqlf{{N zL@6=?wIqXF8(->vG2Iq8S=zqZb%x2K_|!_!L(NE~5N>S#(t^4|>*;8m*_hnYC{zrj zi;xYQt9?95g_e_C4WUkfCm+L#AsKRpdCA$ieBJu_wvQSe@87M(Qj~F>>~c~%M8xkL z{7Y$S{~NMVfJ~#l0edl+P;$LWgZ=4et?Qv(Hf|$q>Bfs%eNwT zy^KexOYejXMnC1wW((HIB!ZkreuHa|3^%j^PmPW$4dUqTCQWDwS^IyQUpInUP{!fu z7MrYwW2gTaQhn}G^#0jX8+99ytD(!bShgp@uBRIVn0q;;X3CG$$@01(RqN%e6%0DD zYm8C5!vKWk4;fMGUe6h@tq->9GKmNourjkAF&+LK2bRyMAynwjYQ1X4t03BbP5M;4 z(SC-U78_MX39}B%)4eX4Hrtb&EJH_}W{Zl0R|6F7_P-+$PM(nyn&=Z76;f54Y{+b9 zu+e$(az~{bTEuFWVZJ)Hg8O>LEj#V^mWFM1i%POjhniDN>3@``QZ>50u$+BkP+j$} z@;YGy=@9VDH}{XU_{TD0)m`1)9e=}>X8(v&ka@vj>k{Rw5E{Bzmo$As%i;;is^(gy zDqE6JNs3g^(sR$B$-Vv`<>^@ZlL>?tc#&z`f67x}9UegZ?#esS8|4%IUJV<3c`|jQ ziP6BK4}NrtQ74j+0?5l*;Sk=LX{@Cc^PUFy&I;SY+`M= z?L$qdSisfYkvVsT7oru)tGgwOrA9>wA%hE8ks`a9HPy$#zU1B;C7?QI zH-qYfmdi>$8{`l&toYbS>gat0%5(KQs4BF(f-PIoy2Mi{qc?Wm1cSWvZr%FN-EC{ftrtD~DV?$~GilVs49;&L|G+CMI znSMk-+5?0d%aaZpB`fkuz)FH4v?+*!Oi7K=L;a6-^zVpddtZOZAJ}610Wc!0N&3&5 zu3~w2OBa(l6y(2x;lON}%aV!=V z-A~QAh%6ypE`s=(XFjTdh@X|!btb#5*M&+se5B4aCrBa&{p)O2Z>Y3>*DYwqBz5<* zJlCE4%5{=6SRgh@_@1Cx(46Ib^afK^Er_A;pglEAZ(%-R!L4$kuX1%}fN`zIzf}F} zWluKmDIJ+Jc8Bic>Tdm7ulxBfD{whlh5)1RW>2pr;BQwTl`FWqR-Un*E*s$zm`F5$#M3n?;U0!-;z=m$a5$Wn2XD$r>;GLZ<0a2{iLQoyMU?;x?A?h>$QE zLN@7t4o%uZ0^9IE9r|;(TKgl_`cb+SP-M7BA7IxpbvVM@!*tvsuTyQo#`6>X3~a3Yw|ENK zqgv~p+lLhg^6FL;z)m8Wm6OHibGOtYf8yH}oa5-Tm}emTp9@n6SH+{q zjZiA=%bvE!3K%h^|8ygTKYp(-Hw;p$C{asrjC0TEnN@)I{S#s)*!oCL`yY~WFs%@t zH*uI%&I&Pkm?G3+q2To+rnpDd%nF_5mU3Y7^-Yb=eEKKwUnICf4EES$x-o818;U*r zLJ3hgFq;LC_oBG4)Lb*#;!n#Dg4@R*Cu?e-d#9Ufo!C2-q=a-_Z1?t6^OikN;t6g% zW1$Gv0%x$UFkt_%ncDMY3E-GQkZ1fPDN+V7IL2&oUS39pT69-j8R~I(OO+a^^s9}` zW55f4$a`n6!au~8*ASSFN)K|1wkTZhUj@#^M$C=B?UDG`l-yVRU#}UzpCwy9o;Lc~ z1NW?NmU<=LBsCCxRGOEXCCZ&`u?C@I>qOC#MY2{jPB|3sNoWzPa{?+3IGgP2_;QGV z^=f|__RfJEw`TrdDc&3)pwQ^Bp5I{w`XPCUAj}}7my@Q0h!Y3rd>CA8<$N) zkV-X{swg--0eAix9Y-^DSX=+`#Ic|qnq**6OPV2xBZ;DlBcsIH1(uVywoqD3qaffU zMwW0Ue5z3-fT}o*JxuD73bAB%%Wr~2Y1Qk-zrT#}vEVYMV>m@R3^?2;e#DB^iKK#8 z<+uO-O?%zTONX1Vs9hnic7@NeG%1}{j)L%1^D0ol(zU&3)OOsvppUEk7>kDT*^RHr zflnL*3S7o)k~ny`b=v)Z+=>POlFe77I&>SC4y6b z9v=x(mW|YkSW}?6b=5`o29$0g6g@HW`hnVPWXpN|unm zUl*p*B+_T(ygZaK;C(z@EM;TN06Re-}vd<5im*nV`CR2K1MoL zzYC;(=t$eJn9o-m7)(X5`zS;dv)htHP1Y4-mlz(>NpvN3)M?|N%}bXbc_|KI%OJ_+ zb4`KKPt|4H$bUrzW@Tohr-0pHkyQ&7{V%Szm!&gr*=Te^#b~&Y&YBGf9QA&+<21i^ zd2Gh1W6y<*OjUuX^Pr8Sr`3wjL2OPSRK=g&N3=>^o=RH!V2|o*Sr3-ciS5EA)S746 z?LXYHG1Nl8nxA&K^tK0}!p;=m)O8a?Zcx$heqj>U6@A}Hb`^zxi-x?JS=22p?68|Y zQURQi=?N;+KoKBE7LXp!7b{_@<@G3x4`m$=MZQf(VR}Qas|cqiHH}(q>DR68=g&K$kV;K%+r|ltzmw zX@u`No9~MOZ21g=iP`~bAtGF z659(u;Y}VyE(?ic$=b0Qp)Wn{gXo?Do71y|z6g!X4chuoqP_JEL({D>3#xpm)XZXPSVl-Y}V_txJVIQ#%&yXiBm?xJpB7 zJ;v$qM0E|Ta*W(QI7)0|ysmao6{;3Fw|c~>aQn{N!*s&rOs+4T+f43m_wtE-uO=m~e-GhMw>Rw}^ zzCFj2-Qx0?WqudCWt~pZ`V~zW4qijT)nV~5Mrg#-lq=bXg!K#iB-YRDiUHZ)0l)&9 z*igIj=hfwU? z!g8?-xA9;GhH|lrau4H`5$aUhR8$o@R8%-Hkvz?cimw0GK-BDV&S!qe0;r3c;{s)# zs||!h@(TBWqYdlBj34VN0km|-KO*q)4s`2I4_Q&@C(rglapoXUQI?=TR-h&DX&i>@mm)ky>$qciCXriz z>^F1-TY^afZ?`dxaQ6;u`)%Y zX8uOiOW(1S;yAU!eWjGD1&R764f+T*@;^z*>0gM-d-)4iJ)84rv1~=HFc>U+8r-1@ ze`D!lz{!wIa%|zG;f9$j=+Q<`88200#GBn(vrRl6+}6ouZ_wm%2ixQ--&QKVe%DNU zM@wt2mX0G zNUdD5IbW3RsIH)lUkP{pW6FxDmU5u@4RWyYya}Vks9MNE5K#DiD9s_W4CI`{2tJV! zf&2Gc!!)r-O2Le|+a{?6lF0MC1F!Bqhdh6T@LG4$aijo(kbCzw$Qw1;Wg#I$EhT_` z3R}=L1e;vu5GiXKna0Irgl%8sWh~4Q+P~BkYwjp~6fp?fEQlMwnnBfG7Pu|QE7pXK zWe1w#9ypFLG|D#Jx0p|AdEenmjJF$bEYOmI3u>Ry7w7RtY9CF*6HZf*`_c{noK5e< zL@Z4w8ewPiGlb*&Th|{n6%5JKGTD6GPK!h_YMRfyZK`C@(^R-h?n@IbDwIt!SZ%^F z0Vi2yc9UoYk~d5GFcCC0=PAO%GzZ~RDspV~(1m2=Q?kc=3wYMVj)T^~wlVB>{5fAg z=7Fh6%we4uv-l-?qGj?lt?j8`3#D4}2><1|JfSQSDj1qV{nN#%yWM@afHf<6Cr0(C zWDYWR6;W9&{6JyZICls`;0O;s5=2Vb3oBfR2m<~cVW`hO0ILbkYo3cq1z~nY`u(Klw=rQ!}|?x_V!cI3J!$a2GmYbTwh+S}n)Q{42({-T-RYCMTU-eh6ZdS114eMP>R zUsK1w`^i@WTN?{iZvE1DMWyKv?T}hl3|$x$DJ`*)Q6LBFqorM@5=OpFQXZV2YPz?B zlBh=b>u3!3etYLY*L|B{pft2&)Dc3}P`KH)VM7Wz*>Fl9DFw41UZDTnrd2gmg2jAA zAzA{>$uCpK2$mr-P&4^=rD;Cm6~`%f=954qF(#?a*>zKhWj07=b{i79*k@fWuM(Re z=P45m1n_mh!xVQoz8uvftkYriMpeJHflM>~;9)-+Cd}U4i}{_DP!vya1GGlIi=hYB zsds$Pbt^~)D@Cqy2GQ!YXk#cRzvZD`PZkMtS2rE00vxQk^maU8J#e>FR0{YySGcUV2%Lwo$Z@dZVw2fCHZc7x{V`%>m4 zuCThOcWWhJW-i4^!MU{REOeUs&DQp!gYKpY?ki=9`Jw`wKB|4#0O2FN7|YS5CqWNg zT<+cwFG(0^njgOtth=|Dby_n}g~cTRZhFIheD3C&(v&x9B}ccLPQdL?x?gl}4fz^` zb!#<$_i(KHN<_5KfK#Z(DZ#YA@a16@dfo&!Z5=yUD}`H}sd%ba!XBH@pCjmfGXTVR zn)evE!V%6Xpt|C)I7J>O@$&TOxaQ4gdUkMP%S`Rz`wa6}s~R)JNANOaS)S|Woya~B zhANDg>Owkhs8p~@+L)7kI<9YgPKAwtlQ3~+EYRK86q>l4v7}LjdrqF6_r3~E!Ff5v zFXk!B8Eqwp;^a7v2d<1+d5N3(KkneUDoegk#g7kNUW|67!t5}TPkovi%WS|l;8jOW zD}S0nmMh$@S58T0qh(U8{UlOx@d^-A0XR5hta56qZ_ScKpFoI~-3fecBZZgGHGp$W z_Dp;tPoQalgaD|)`T0w&%uT>K$fcSp0_u%hC=?nW;66~tPoJ1#BkEo|idId=)|hB| zGV<+O%rO{A=r$`!2%b8oe+7>i$cRtUim$K3Vx!@zgNRWQNyIwL3Ck!@5HF0&UrD_x z74v21Z~;t$rBHPy{=1~3P`fJjueT+^h7V-;5cRNV^6(TlN|y+)L?NpXOdq+EOF08M z-dEuw@c~>CtrSqAM*cG!fdQtE)i)eCedZilew=at9b7yykOmT^V@BQy5JeUU@Br)( zo!vd2MU*d1@}zTSAvb=XZukWst{f^4K0Pr-;l6@0EmMPi4C2W{Wh-W_ev|#8_tnYn z;1;55NLrTg_nCD7^y2rIkT#00;NT;y3na&!kBJY0$;2nGtNX9KdkafPshy@4?|D>$4WL~A{0=&*W^o<@>g{Q?Yg_+Li`2Q?5p)>mvyCM}jKi3e z11bSi~Y2SK?QxS=GRh9n1g1(Te|;? z7dd`$oks?2hibTA)GGb%9g#Z`buXo`@+2n&@$psuRZ8PWPPKp}g41V*va0)6G!DM+Xl3XRuw|d1t&Z`e z(>if5n_XpAgjZE>+64KlZKSwYD(b!NkGJ}gz7dl1M95D=x5A`nJ9Wyyx(l;i$t{8I z+)J|$G$<#YJ=!Cb0->F23AgTI3@Xq1*tI{i?nn$GU5(bc>k@#)9HhNVR7k$~HS@^u zi=#)pl5Ulv)!B|fFE?1@za$E&ENnf-u{DejaWwQE#g&6h)!oLGRSGzvl*b|!hgl%a za*G;$c)pYy?T!{(o7Uf;67ZRnYlmv$D_?Svl(B_rL?n;O#~w-vmCybvl^#Q69)j~4 zj93k&>B+yt< zSrZyrrGh1$Mm_;!Yzo^%i%hj#o2vvY(d)fY&YXx6&uk`2K^$mEOEk5b2kYd0T+2Bw z#R`PAS2cwJaJtcI4ych}cYfV@QIy$GUQOu-4EEm60gN9wzc{y7+}da)qJys%r-ZuM zXLshe0caT|qGK3sA^ zzGKU3|1iv z_tF8iIZw3(B}4Jr(bdp$p*4+I<1+Vd`{Kh5Mg&qC@njf%Mk+-WJuH7#wcADni8SdL z*tcR$>qq|imdu-^jVhReoCJ^OL)zec+8l~tHa#>yC*nWs3Wm~V5$|}bn-j~aF3wmN z2p6RRimX?{G`OFe0A_0LT%)If5kCp5S3V>(K}#{h8uNyB`0$YDl|jN0zKhbXTVvB3 zEC53$yBn1F{{;di{o28MHdsNIY62Rp+~7s+;Q>wIv@d8#85M}A6PD3qkBeq{GTJ*~ z;Te3`$v#w38GJyt5C*mAD5Wi)!3;-&{TwOvRSGfNMZ;ZrX~CtoJzgmCP|o}grjC(w zag0@1!;QCCK2L>L6);WLlBc4pyLh;fISa`xO$R;;7<5*)55N_@NfqNsV4@|{$% z0$M*@-Q2zNQgQu2={!L|rbq-g3CskkHsYNrzVzg}FOykUKshFgo4}L+f+EB@Wb2K5 zyKoN02Ow_bOHqA=!t6l-eWy1R+}^r#s}(k-g|tB zUDvo#!kc@1RfpUVeZ(PeN{rywZ-_r{2^|kNRsIT9s_pZkn zY!a+~SrzB5sVix&d@Th*FZ8l15|bAm%Q|?mA3dy_b^>P!oVu$gaP}5X{qz%R$S>L$ z!Jl3iQS-x5+a2hl(M_H>&>X_Zlzlpmdua(eWEVr6clX5^m*acztqIzPpnVA1hrs=8 z8FC2igO7j6UEls8R{5vSMtp0IPx6Ju(%z>>!Phqlf*h&xRkjDC>MtD_ z5gJ9fQkZJ=Rm2d?&;SmU5p-Y|`=Z2D!&ANN4e{O_Q|653>Ezn45c&^#ke0#M&vkw> zeLHea>Bx}gNm6hnvgU&tTe_|=0qRf{ga8Se$r>08&lj1l8HQpoU7L&&l6Nbvz3tn0 zs$%H?V6s3AXWuirl;`!k-bsD5rR#WHAVG&f3MFRJS6!BKiZPGq3NdX6jTR_+(5!>L zb2lgWDWwU5y9J7Unep;eu#quW;GtRbK0_J2_WR-XZM|kojVTpfhTz)r8Mcbona}^o zu?Kzlc;KnK`E>FRKjW$BuPmouo>U@0KF!mMUu8@} zZ0vAhpy{cv%nSn+-z1&y<>gGq@4!71j8QB;^%+hM5+;k`@{O(}c`z+~s(2pwj-ZIs)ge+Wg>Klu%pz1P8BU$qmmSxq9h>k9k=#NME!`2xffvip;1QZG3s0 z`~yNMVjM*|YjFdq+}}@f*qt8c9sgS!-ZP_rfKtncD<;)v5vfCGEA_~bc|ruaM?!r3 z6so-t+|x>+dWr<~$n}Yx$=i%3F=Fj{v;$C>P%;j6`^zj(Mbo2O!ACM>iqS%Mw23 z3rQ61>*L@UW#om}GuMEG%A3n_Pby81DGsl(Jd`ze^Now|F$yL+A7 zjYB@;2wfJw`slX|F#;1)uy2UzXmvh(IlLGNUSRZ9V}}cvqzia4EUVkPB#k>(QJ`ZM zo&`@@cc-T!w4D!e6oIP8qO{z*;wzJ@DGh@eP!5`22(>AKfDw6-S>T9!Xt&?Gi)HFhn;8D-Y$%wSYC#PX)G$r^4r&;?1vN~|ki%vFYC@U)@?uY2=0%+EN6J0x z5trjC)Oml-`o|GSUiJ9u0 zLcu^or{Uw`Kc8m&nOVW7swWj z=JN&Mh;W?YRYejx1ou6|WR94)$!-qs-&3Vn3tQQSDh-~Z{x1MfCYXHu}$q< zLPKM@cm zB#&ynq2nfx^5MZ9y!D*9Wl2lC(EKlk`V{=!GhX5T3ZX^OsV%jaj+`J}5l|O{;lB1l z9>D}XLie$h~y6-SM~1?VOHy^X!djpKQZlV&zje#iz?_%+j_b&1*b@A!P5n4d+8)4+VDnH zzlc#L@}?AbV$4vKC2Qq)lL4rvm!b;Ivm&>l!edXBsuHHyHw*LlW@2Sv&RJrU52Xfa zuATx@JT$~}81)ytXX@6p@>bPov9fTDJ_?S-N!B!HW=c~CX-#waz%yKiRYjC=npgp6 z`VW;Oj`Tz$jxr&r^0sKQLuwqJ-P%e9dCrEyJmrC6v_grXkGy&&L`MI~arD45$gp1YRfbI;X|!ID04?VY#JW!FBYZ zm?&u7-pUC?7LcQP&Y-(~q8#Jp)@-eHI#GTpWN?Wxfwk*leVEu=?ve1Tl&9_dC-6>& zASc$*+MT%zR|~{JQzrGDE-7#`Zbu2+Oblq0&Le7d>k^(QUl{CGj9nyula*S&FrcqY&3PTGcvTY1e!#K6hG`C<}%5ou$y$)ysMHt|!-$j{9(_8!3$a?obJEN+{jt zLMw1jj0nvNPDDw0mIt(Fs<48|H%VQ)2h})n`PS~ zhSiaFK*IqIyY4%nVY>x1+%n`ag?2G?Dl5|EWhZdiBwVN%TuY+RetR$h^b+=u$Mg z@kE}u7#y>Rv}q?$Oxm;q6_qy4v$%Azt1fih9_n6f+B9FL1{}TkboGQCE~gWtvvJN2 zAJ{1~JfLT$2XucSKb@^<9tFhg-Fb+*U2^|=xnNZye`_96AMcD?n&4yvBxw4&>FM;y z&s+*Zf=)g;P9eRGM^da_YoO6Sn{)Id+}N7TO{ZgVBKzfPDuNb#Sx zCTiL1DEp~Z40~qRA+VJtUO?Z4k0}DwCfD9|wKh&8D9X5;a7SsaBXDP)>X(hfbRZii zs)hlFQN@6LNqf)SOOI-qy^j{SmWFmBTuTRb!l3yAx%Go9@2Zmqd>QcNwifVZ%lQJn zY@hF__>yx>Nw8Zy;@Ri}N9>0j$7qD(Pu7B;#5O+V91RSh^Wh>} zwx_r*TOclhxR^5p;30$gzt{rWF&;GxG)ZY!pAMXZ}@w;-KbYmnoFoKV*$pfp`?eVa3E!RlljZ0QH zC58{dgs91$1E@58s^=8R+cxzilqC}?lk5znh%K?C{rowYGn%LTIiL)rG{F%@T;^YV zgwhtK?o7F{J_WJeF_3S;R^%8>j;WB#t`j{Owo7XXNd8rU#aZkqOY)gD_p^G?P zjPQ|t*1D-GikLtlQ%Ky!-QxpG#Za$dfxGoaAp=T?4Q$$Xhz+#cDYH*sR&3ybGN5?v zqLi@@WfZW~KQ6X`O<~1p6-6w{jIIU@;*C#K!-!APT+jjOOCIW`3o}?g$#HqY=7(x# z4Qni)^O9%f;l5}Naa^l8QCDJ>Mor1{$Vi1D7^}ZbF^M^7%jI3RpSJ12YKBm?s4;sU zEcxs4nMs|kZ{w!nj;j$Iq*r>sy0@6A3$HT#fyoR&Mfx$f()F1dMUt&`%SSERXNj*q zo5&XZ?aNgtL54&Y%RHC8#4l5tlh}tT*2M-hMw0}wigG{jyMf%S59K6sRBPRdSn3XFr8{lkjh;#A0W5NXq<-NfwTo@b!{T;e4OOA^aP03`&&F%l zNet6N>9XF&Fm=*m>yi~~I88jDL_Z>7Bb_;A)%McIE zg(2vNM%^FuI?DY-B1(x|<=+}HYz?iRtQX1w>phsq>6?|zyo1@RD5x@gH{Zw*7r#lP zhFmsOF%MPDLlyH=Az7zi#axl78_4|~IX>utdq}pYB9MyR9akVVmnW~{aDu5gSP)EI z936mO5D`^XM(`gwiQ9c4 zeL>>p%{zcdL}L_#t1+0$MG8Pz!34(w2y6#iyVTwg{7jOyn==D0O{Iu|54Ues#!LZS zKi=Qp+zCRO(TFBPm8~s>3@%ZIr2hiem}5rUS;91dn8-PcDFqWkP$aHJx=ToR2w7Da z0lwxLS^`FCrTAhys)4NGro@c*Z}02{TP89A;L~+$MMvk)A%ZuIu5gT)7r+R5mg<3p z@t_2YjLHlTPJq#}tPj)V$SiG~L~uPNZ+|te)QF5A5q!o>x?on>A>1P?^;LKn2Lf%ZUvgWaG}9MHk9+Um?}vKsWY*Bo=VeqycaR37`To zS;-zB7bcaYlv1t~f1#fIE~9RVAG~f%cJA`j^0;(nJ*fKdcpfbP6B1FvG0zZbO~~c@ZG6AE z1jta5Xg*8;hu#HX2*v|A6MXX{!x=K^UU(%?rgg9xS9m_!UgjzEf-q-!KX0Jq0yOQa^R#4fp^$O^}?!?$U2=si9@4rN}Wlu_|| zLrhiXyhy@lu9D@97)le(k$we}gg$=KcZkXS(+a~+Dg~eum`o{65ZtX@aK@g#(DB|P z3#tHIvDB~>&bVUrb!^ED!7OK5D`=Ec;0?(TOBogvegQKeuce&}QiBm$VMfUk5d~~K zPgBY=fkJYIz`H!j@E}73l4w2DYB0ht98i|bmk6gcw@${ZR3cT5auxH~>fV3)rBF;F5~mas*C?(tr6@cbN|LjBA*Rya$|`jtkl!9H zveHH1Y!t%`o~do{d^W?swJsyL$QjC_g+Lo7H{*=ar9J@W`oo8b%pzF#J#`T)1UIjZ zZZZK@5zr$x+6H0HPb`q@zi7@r3e4Kdw)#HyZDn?V2$x?d<}{H!-Ue#tXbFW>&0X?o zDNaH>L5z7sS4hZGTEzk^TnKn3%>|eM1fzwaAC6xsCQ6nO6R9s2tq{p_DCI9jyP|cW z4&VHU_s8$?NT(X@OUN$faBeU>q~Vc_C=ovXn6um;=kh4$*ILnI>o$ z(dFgq7w6|^!?rxI&d{ADy@T|F~xpS0LqXuBF!RF(#MiU7jm z>jh`4i!C!55JAu?A znl31P*tMSufP7T_3jtR~;tLv?$?DJ)@HL4Fb)u5kA($hA7>;CWd!+V?Al{!vo z+)5TJNB9Sg-SkdQ=KLr1{?NA={6DHK_|?K0z*HlP4#s~ zrL*_K=!TJc=i+tiVG8Af>-X8ntsJ6>UDke&KIGw7PKj%F*2<>-$tfv}>I`K$BZ^k^ z`{_78ux4ocX7lbepPW%J!$~4FEt*Ac=W^~Bh?i9rjd?zWoLfpWHJf1NW;xN;O)kl= zBE2cZj9Yf2IbI>+f+ieuNcriw+;uILn=V~#ge0Q%c0N}L{AGL3Xs%j?CanpY*)Q)~ z!`eT*$t$?2d+f;xDiIG5*3=>H#4n`jSOHBP58@fj)E%5oRjJr#7?bxKco~L#qHmlN zoefG9=*XsdC_>va24;APXzs`A+^aEtFR)n#t8#*OY635{qnZR*vj8)V5gU6@Kf)Bh(f*xYz@T;ugYnIz@Dc@I%S58jV2X#4_;skRb4XBj`SRsA&;F|~_=UNrYwS4B7CLN0DgSN1 zLV_a1Ib`dNKt)r7efxv-C~}CEDZ{^`_@{l$;ey_lQ%QEF@R9S5T@Qv{x1$6@Zx2TZ zhTcDhq4#K(f(j)%thwMQZlmL}q_r-uZo(v#t>gjNQT%7Znag` zvs6n&QOImsTGMj@tS6J{JWxbQ%!lC3GR@Y2GH|{T5SLX8g;Sj1 zUC+L4k5|^%%1%?tIi4m6h_$6~$_q9}j+9YS@m3ns`jFydlrFSe_uS&M=f>?MkZ1P{ z5-!)e$8EINz`bB+2N`bhEpf!(OT;;xx2){!Jpp-JK%L`M+ds2g;@j`O{R=ohF;V)4Jg*98y*KE!ln1l&t-`{wPN@!gxj`|-OsI|e96wRkXHUxFV|vfR;CN}ctD5PVP% zY~37aBDlfoeE8qPi;@>ypkz7Zi&3HAtZJE;&maNdZS8G3yiVs!H-7)tmTHjG z1U()1=mkZ4L6Rplc|%kc5P&k*P?_JdT18t{T-%_qI^D}gsMi2M)+DP9w#I-Dz+jM4 zmi_(W{Kc#D#-C%t2jbfP?(_i+3wR&$Rn$0PgjhC+G5h-{Tc#uNf1B)(?6*MC!@x+v ze}A=X?6nl)V8jP7j@jQYU!T8jKE(pTBwPGmcB`i%z)Q)?%oh<8Z@ocb>wmax0s=kF zO`aq-G{MpO5=>_AX?CL$bJqGQU~GOG@hFWiS-kxX6>!#gU^BJ8n`W_0#)Myj`>V~W zxErf9L&xqDv@OFBjD^I;Zy236@ZXCpOMgI(24tCN7L3FU>))GxH&?TnZvqpXVVGQ_ z1g`ItQsol7*gRW`7^ZR2<5jH#M^Vmjw!WeyL%%g_QYH?*VR(fTG)HfE1QVzP*cnXt zCVSr|2gi(VDFQwKhggjCV=65 z^S(HWBDzd(7@gtf91TjixXphNv?>>6<_f{_8gQw2W3wQB!87aq`C^Z!%@go2!?ZHF)RZ$>P`=m8lT#< z9A$N831k$ElSjB#bMg`mik)8-8z0JX!_?xktYI5lLI26CdV9q_2o8K`ZfGd~ujH%$ zef~eg+U{(mE)H%jS~*z5p;QHy^3FDy!sBhawsd9dbcGnhF{-mSEzglkMyZ(}viOD< zCErk+U@JFejsC`r-s7s8j%8m?h3Gc#y!*>|E$+iU?qVIA*~U$l(V1OrVHKMm%(UGs z;uiL>89psetpzqKJYBKfJz%K5wEcu;f#ywD1s*A+v~0dQVpxbZFZ#t9kj?qOzx$uf z_3Hzi?Azv()f5M>U%%ddGKp2eEP*SUGbiH2 zP)a$@C|i5z6n0IR!MWyXU+?Os_jn2NDIQEI!(`5RasV2$d8eMLlh=d#77uavR<($} z?*G5V#*cENUYozPHuu#0X=sOS+vLBVL_gVDB$ zKZ|(}oWE)<{Qt$p`HL$5fAQ_BSAqXON~`eyEan@Q9v1VFh7IYNe|)At#$47(j3_ZR zbZrZ$t;1n4AC}#Qy7INnENv{0`TIQChV{z1{#xG^jAH-^p_z&bXxfTp@h&^sE6pgq z1XE}SVNBug;!oN++!aL|i~G=8XgH&E6DgOg`As&3zc)=r<^fxO(QOO<*FGwrmXrwI zKI6aD?>FyC?xeGBreHERUjM~UQt~k1X-|4+;iHU2u{v%)dG+_|=|%f$>kSx`pfCuE z!E|jly_ey`T;-`5K&&92osjg!nn^kw(AAh?-qhcyVnznzN-(Z$jhyHXw>wNQ2J)W7 z6w~2M5koSeqMfS?T-{!8JD2FDbKy6z+s*yNzlU+oG@zYboX2Nv-5Db2@gHbL8M*{# zui`DtYnwW!RwBe0fSh6t&YWJUj4V0qIuTtiDLMQ)G2t@x(!bA}EN49~ggMUxvvhOns+)z$9*%bs{_XPPPS*mg@obn9qC!4KrCE#qK$*FQZ|aSJo^o z($Ga4-`B{!)+9lVKeB~g$hC-y@S7*q#?^;)3BRa>Sb>`ktpjve=0k-YQ zHd%4!=j`dhj)RfCK>N}eq9u1!6a&|(;(+?Xdk2Rqrn&@IYPm_dn$ut%th^q`e1-#S zvtHarE8eVZuRru@@A_hH4U(Oe%F#_@#wDsxSYEgRS#-;8yn zf7hwv2+Oqw5gg1IU7j^j?IK2UDc zVQyr3R8em|NM&qo0POwycH2g_FAA@}^%S+KH9lEsf|4A&xyFH7|7mK#8)Iq_cK{ZKwW3en%Cb)H?qlfX^wYe>vjA+JgRE_etiJ{Jib1fJbpSkI_j@jk*BIO z>R7xwf0;a<91guvUiFsrxlY@aDsd;M^R_OI#j3O_ee&s_pFaP~lg}PM|Ln=1pZ#s8 zH`Xh)o=Kx@2Y#&8qI!3w)@CA2x+6p?8(HYZB$Z85z^kdUW6M=`EGk(yrK$&C%W_i{ za-HDvea-EQQ(oKtCs*xECD*Dpxh{{z-WQ)AO&&j<943c*gRj%FCD9p_RsKD*&%T|{^E8(Q4)D|uP{0MSv(&KpLo~OOr?v(Dt(G?v-2B$4+8$3; zHXG^SU?ubNKpLYOb6^{qROMpFF2MJL^N;3ebX%v&9PcDsk?~e<0dZdYrLs)mw`Rq^ z$^Yp7zm`R-%r7JW+h*}(3 z&Nt6-m~cmqMX7_iL#sTDyflq0?CfT1*NYu>rRv0wN>@#imm)W!R{v=8T4iHl+H@(T z5wkV4NUI~JxF{1E&QvrSR%@~&c+$u4V8<;t_gm^HKiiZ%SBD8ik)S?1|d zWLlKE5xQBb`X)EZtr@NtZxwWL*5JTXy;`X zN1`nYWsHz%lV7XCuFtGpEbJt+R@p`hjelONdZta@tg*vyOJxac1n-Z=)ZAE%Ze(4K z#zNO(r0QDNBYgkAH|t6r3)9qjx!4i5*_U=1j_FHWsTZ(#@p9N#jUCBM3EehT+lagr z|KsA@*Y=#OWD|8T)4EWy#2)NR$4DU9{spXo5>>6{`FqhCmBC@N9oCBOQQN$I>1$Q2 z==4}Rqct28#kxkA%%*=`+7Czy0WtB51aFV&@EYJHUbaOM(20hFNrwsAmZiB-HJr77 zw5raLLBJP}-l(~%?c!Wc6Z~}g!y~@lGrPdLQuV~$?r_)Bl?F1hT&S`+z~gj~7I`u+ z&dWxNZ`zrvOVucYGg!)NH5O{JnBdXL zQ`!CW6rj-LDp zrhre9Z=My!~{hO}}H}(6_rQCy)LlZt`X+q`d(1tp65tMf&B0 z23Yw4@`hxpD)c&7GRyvIZA|d;*z({)3A2=RSa*d47OLmmG2M)IhMfhwi=N<6;Bflu zI6zd2FJ5L%*fqaGy{%f)#P=P&&3BKR-b9? zXP~+YU8V||x_fnL?|r38KMkJp=~9+(CpP`IZ**H^EI|laindIs0XWH0)XF^oa<+}M zRVM8^15>14UeR`rX!}OPn=f)4c>nC-*$PB6`moX&E-)Shn0=$MTfCB7m;PRY$vuM0 zKrZ%qwOI_*>6IPHN-h-8FO#c%KR714$RMr!H*?}lrb;V``3s-es9C~N&XlO~vP6kS z3YG<-HPTP*kj8W$9P_C4A2miW~mD}>LM{)VXU8nhu_4G5rjn9o2pyzFw;_aR{Yo|7m zjSghRdz}9}D15-)y@}?(d3JFRd-=}Lg_6lerf?!XKLw$gITU<_^q^`X&BRS|5BPU# zZ;SAXVXdC|w-IdxoRY*JR5f$^I=z}{Wo&D7Bid_4wvArNCQrqU1QimyK@ATK1R`zg z8dx7v+ZIN@gWQ-_nS-NePoIG-?&f|hvh>Ia<96k&mZ~hvwfBiVu5E3%zS2dWS{21! zFd#1yg@iMY^>lt~w#Lzu%5|?J3*D{{DxD=fl!TsnrTkoH7xd#f4KosniRXMN(<@bG zj=t^UvH~K$N9%#1n;4nYjK1j1Q%4eUS9n5F!}gdKN~JQ;b*;wKz1C0KW+`5&W~sBW z_~!e^s2O~7=7yoHRH9hWMZ&c2Kx3s!l`*nj^XubauPpItD;x7(RCTUl@oCgvD(~>q z%VCQ=&&&aeBr8=m39mW&-VUy9Kl{*m7W#sS{S*ZZwQhk88PAvdi~P@IQA#FacHs6ULx}?&obyB2xowkLnt-z(qOqD4a zQD|JU#DUNthTFG~3vDk#>Z8v_?2K52vQm*9cV8@YWC5li`|e7XaskG_O4hPb#TwN5 zVB$U6g+^ZMMjea4FI7o*G|tD8W|t)G8jmbH8HstW3g|pvRhIs&Y{nKh*i3BYotXY;jX%w8}gfq1U#m1Wmr1VoZtT|Z7%R^~`5*(?uiw+F%PNfs%5@{L+=Zg6y^ z*6?=B8Bo20zK+S~$9oBKQ6*C)9-$dP7W*vE+VyB0HTpN1YfPcV&H-_+Oi5@q)>>tM zER0fO3Zp*p&h#k^drIA%o=m)f0L?v9?hc0Wnn!UgMxz}!5NEUS3)^MNAfMK%D(qSZ z$ARAiCCtg7S=q>#?JTI9gDltWm!USJ_ z;ohD2qdG-;2wEm*aVi@nK-duWi1wPMg~R`xs=B$g(bJQt-3{Yx3NuONosC&avF(6f zsjpPIsXdt%W)i&p*1p_t+G;TT$y{Y@^l+|&+=yvYx54>-t3{TZ)E+RW?*}vxNv9FL zj4k(f%}l3Lvs9os7~_K`cE!I7FjO~cRavoFB#Bw-n*>Zg{Lma=lL>Xs^k+31@z>DP z{>7%S3f51EX_c8smnyx2Ve=HGE7eHLpC|T-JMq}g1&rX0E;?ua_A`g3hYvV&_~9>k z=6c7;D{cGKJ8d<>bz0IlseP8F-axfgdZNR0o7Yg5=(R3k#pj$3}QHjP@@?f%>{>0h3JyWRGQxbL`$ z$Qq*p&|edhx7#?s;%I!c)DQ_hjtcxPhkU{EA=G1vYohLzv(l1Y^9go+Y zw=|QQGXVj!OY-tZl{UH-H)^)j`fAUJ)01dKC?(2B!h_%qw8Yx0bJAn*#P1wyC94K9 z^F=Mel?Dw*?61*&VTc#Rn%@LfG#dRG4BiTsU8yp-j{J*TNiwo1`erh>dj3EY&4ZF~ zdLmAP)p^vGvTc^CY~b%~f8d7jDsS)F>6{RVBN`kP1bN7!QFSRPdSv>^lq{Ed<2q#r z0T|PO(B(qrrD^EUUF8r%dXUPgP-Rx>yliNzaw9sEnTV5ZcGq>@m&O`>he|LGIya!g z#)It08Ye^h>Wr``)tSKk9cbKA#^C9mPVT`xr$bgUIz`t-bIu@h3)}veBdTigC$$B)z zcigjXcnq+aj@7`2%iuSsp^-4K9+9gv)(qJ)ADk7YO)wX!%(dHSUVmEtaC4lMwr<^p zm`Y~;Lr#Ri><|nQE?c;-mk`(IZ5W+#2Q8oUO&EdW9}lqY*qfI^V_|Nh=m7Tm+W+|j z0JI#>#p);a4x}C)YC6sY7ayPgrUp%U16Nh+>pbh)SNN&hT4%cl4%ZqLv=&Unav8A# z>w0wmGjtY#EAhHrM^ICyX(S;6xwM>Xdt6ks$S(FDi~(OwbmG?m|KBwrLx>o z?D;omU^59Mr*n)rt2;J%E3~nR|08XHXjiq;G&i{Kdhc7~^AdRws0^i8>YLby;@6*B z>)e;8C*8v&v#eIe#k7Wp+>;Z%6cQ7E59b?gP5mPoY`r~0(0I^l+bq%RaxR83#H zxCn0GfV;KEUejgJM)0E*a5$=SEHYIn{Fl9UFeq(|k>uS=+yw1`U=QjP#sj0r#(rnO z0fVZY3GA(b_T<_@LHsyaj!;1&@d8;5Sluv4hm0Jt2f$0!ZqeY}V3%${ljx-(@l$jJ zqfq$#ZFl4C%Zp!jJ4mbDdOt99q&F@M2gEL-rt*i{izqzYDaV5@tVus;o?dvMsCjB_ ze;<4L(&d|s2L?nQdzU5icF08lqW4O!tt4wyRRol>5C=kRP5S853tC-&6fct#JOu>hkaLc3HKmSIpKZo#=spVna zmpFmoWW!P1z$bvFtu~oAD35Pe)REtYXNzMS#9bDQ+bF%G{^KyI$qq06WlR|ZW{kT` z7#rqeKe)$qg5KGnf$x3GfiigLAp_7Q(@`#<<%<17Vt0r4Jo!=2z#KSnsdr5+Q#BfI zn}aueuLgN|6zzW^irfHCA$?kb+TB*Bsg+zo9vV4s$k|kfvD|4}8#D&j%IM-+g^6qK zlJcQK_UlD{txC(TrU^En>#2Y%)wUTsjL=PiF4t}>V(|IH+~?ffKI~AakUCxtmw~+x zN}*O&v&JxN@hC{V*@pz6GEABU;}qD!d6k0HzR+*i=!$5B67U`cNvu;&oZFxD1Ho~V zzt|CiXAuN}zo1;G%eOBtwqB~HZFHT>!W?jn?LkwRkYeGvLIz4XRY59~-J@$&=kv92 zHhp^rhGJO;_qmtd_hfPed3;TAube9@q}p{p_0F)}p?)!A2NmGq$oSA3B8|9F1;lSU zP92EC)Qz3FhEQoAAsFPz1l>n+^u)0;pZXi-D#Ls(I|+&(Xcr)VBIOVsTs<@Ux20fh z!Qg&jrWNmdTce{HBK6xwGl6oRsQqn2f|8(I#lmP|Zt^BwDznYzBkODGTyZ?{35U>f zzLufpuXBlsYUgMDgw>~~U3CJ& zDaE6UlhH4nJ=Tabua;TDRZ`0YM{86(02+rx*L9{K)JJ^&a|$a8Srx zMd@v91^l&c_uvZQIL`0RI$PgmXo6byMz-g#FYH{H!EIchv-99q``>Gc&d$3lZHvt-M=m(}4ef%xtX8+&g)h>XrSBtp7L<@#g&09+6dBa{LgxWB`gl zQ`}>~i8t|n;ZpZek%e=B*$HW_!1-Y1<67HGwMF9ycu<9UpPME~DdwbFYP4r(r7zuQ zoW^|rOa_bI9~W&$LF+)ut=F+VKk#}4 z2_W>-U;xn83UewGyHXUQh8AX0m*;t*KHr1Lg}V8C!Z~dq!6vDkRBE;7#}F@(bUegm z?Z|<6`DSUiVJxNt;nJ+2IoBtU&62X7DTtnWr7Zx((C#f{-u7KYy?kFH49LQW!$Z&) zZ=XTnbmKjH5HzCa8~bo{2>~G+B1k~oGe)O529z+#ka^k97ppch*b8@znZ_TC=gy>S_2zY;OOUkcDCI{;(0ZXTS}+|KKQt`;P!r zbZ^b?#8q^=>oBn(^lXrc@%Gpmy5pAB*|`unwR$Rc#3 zNX)|3vfXiP_6?vtcztX;B@5A%AP5r@_lmX1SN7_ZWz!4&44oYq`_?Sg+6jKJqgH$p zXXmT~+$M2OLT1g1ULbKAf2CPfqMs@=4J0&f$N3phrojvUQ3%vfJGd?aS@C+uK3Xqq zTL?)-9qM&v259MkD=T@25?t2g%Np~H{wSf}3hlwPwx?^1V;&X8{d4jKW(=7faOstSV(8P4uE6=Uo5(@$f1BJ zlulBCJ6Tt4VMQY}sk1;tfxPA_uYj)HYE+O5KM(D2c+j2w-SXR97WqGst~>U3>L5<> z+ORMNsA+&2d$RyX0XYSD?0y4b7`hy=iI0Q4EpJI0*m?qp1V^9k9-6evDhsRstb+xD znEY^kXk5Pi&^1R?H$-wcTlWysVISi5AMA#fm8dGj55)lgpMK(GF6i{dWc$VP2b>je zx`Sl6JfxDU&R4Qthj=+o8Xich?yBBoEtgGiVD1zJqYuYD4iA?L&7Ua}*?rrJ$Jpxv z0Z=>y00`E%rFqi^;o#qNe(c;O-EVzI-ulwz=HYsEa_{JJi?p%|R_t@z+yw1mgbpjXrSnNGMJbab!1;3j4i8uUX_2q;5C6WWIiah*6N^Jsw2~Daq-Y-9S%hO4Jw1Gt`}k!T!074WiXVle z-|jo+_MG`Sz|w9LQ~hm)Jeu#NQkO{&rgVtwbgm<3hTa5q3a0|z2A3QeR00F_HnDgN zGD{}Rrcp6TN~Np=0DaJDbwPAD_i8*T*!K% z(~OzE$W5s2j01m4xMHAHXIOCo8v0SsMADY`0kr83B7#?O!_w?lysXa#O{b5|s>H^_pkgA_WleTIoT z;F?uE!|TKqub@b_yz8u%XbcTLo#myh*AwyFQZtxa8v(9i1R*vQ01Z8I@FC!@N>M18 z5eT9~_=ZD6_NLHf!rg~mBLJ?hd6-opOWyjtY-*jgr1Y|3+1^(GfL;PbwWxL5D6+EP zHLQ$6SVUNCOOulTV9~ZkXf0SUgd46~40Ho?ZwEgeGKK)~+Ms=xCqRX2j(0v*_ZryA zA-m;61$GY|dM+u{sfLIHa4!DurXzvM6AnVIKc*ckBX&Pt#Du4MAHr4&YYvqMIzT z@xFZ#Gv-1+Le55t>0blu?-z+Dr>S_9&wU-I;H~L?P(r{pvsA?@iLjKYq)*spXbk+D zdyEO7ca*CbnAJvZL+?HhK)K@xmchJ@u$Rtp4Zv=vf6c2ej{j=O>xKm!qQz z{NM4DC!dbSV)S_O>Ey}eDg61vbpOskRO+41TsH!>8|rWyRwf&sfxv2oYRM2~jvZw; zVtVz=oHz`JueE8Woch{9l?bu6&(ApM!t3(AZX){xH^w(ztz^2y^mw*EccNTr12)qD zwi}>RMD|_|y)coL*o5)4L4-OXK4SDqiBv;k7_zS3UH18;i`iMwK9CxGhY z(f+4yfl&vU15WmaeF4Tdg)l3GM7EnlArJSB(SioVb*^rLSgb^gAB`?6*(^UF{WRfd z=ga@!qyG*}@$=93{u&9|Bv+NAMfR-g+1slYGp?|MP$S-zKh+fOaUM-dEZvab9bC5L6p?+F>x< z@g&GXcVl;QipwFNR-o~cyU{H(JizQ*1rc_)|~#V8_j7Pp5YB`9ktu*lqr zXLKm}&G7Vw64=I}oY;(lI-JOD`AGtGg`vuS< zz@U`kFyg`e`1; z$(Ycn7I4owIRZ25a3WC7lr3WAwf57}B_&U%Eu7D-u2%RVe%I zI!Seb7C%lwddOq_mb*FSULxbsot1=K75TVAn5!Cu^V;p8fhs@Hs@CthK*^TmIJv8O zkS}e|RfBw;yKem;+>ht(i@OWuN7sUfMB}m?-C80Pdh{S+Hi-M8vI2KZZ@ZFwzXL zTNjLCd|f5FE1>iTMpwhgZe)&O*HWN++9+RllyWJ>3_{q5M(ud8@ssm2 z%kXsD9E+zWPKFL@-N;gWeR}R{zpJvTr9GF$JmG37K^D?rZt~F+*o3suZMM}06nS|i zq_`aF#d3kKPtWfbpqFXoJShlw;TzkJ^a?9^svInmfktuZ)5xSK)eR5e<9a?Q)s6Gs z*WwbV8sypOa*Hx0xAwqIbu9#j= zY7ejN(=G*u`1f~xWBFFm4H(HYX1xPs8_*Cee4{7gg)4fi>xC@yf1;!9@n=Vee@U|^ ziTw2NFUgbH{L|zwe|h%jL>*;^pB??>=*jHp*+Ern%cl?Ksha;eef%VO{PZtb^5p5! zVKSRN%aWt)+0kQl^!QMH`s5&7B&Z*SH*r#`=0?|7H07EV3g)YEX;aRwbv^=c=F^=H zCoJ^Z_zRua=PcVQ+GtaJk6YwlB)sTBdL4`>A|{$=AbL@7IB*!0FRD5()4Yxc9`xVV9J9~ao9GLx)af9xtlV<&_-{ozZEW1^w{ipzZOexoJc6))a5wd9bi zMhn?AGF_4f7pyj8;fs0NKcre&&CUMXG_q0iw!pva>TZa9=);Q&|^1w^KTs z;)m>wW5E7_sYItIX3Lq=ho>jzSX|Qd{uft~w*UL`#aCyq#p#PTZ_oaAc6##m1w5rU zUY(tte)i+(=}C35IJr6d@?>%L=H%=jkN^1}FTPjr|MC91d4K-r|8Y3`pC>mrr;GnQ z`$qr&&;I%2;fs@-vzx{2>OD0xnV>TK!{+ML-Y*!9_=lY^gOhQZ2mvl!DZZTvTrAGD z+7%bhk`uLo#PErjvYe2}DmPQ6k$0bb@?4e+Re$oyyZ?qn$e%+2l1$Y?rjVjdvd;?2 z)T1_s3DFo$?txb=AE_W12>F;%6LCSj2DDK-Fp;%&5a1+Sje1PvuXA%HX0?)_Acl48 zBin;;Fm%u+GPUu53or~+rZ2yL?8C|J-Q!aMJ$}vBhp$p~4yXNCT#8Y&)}!r+B5vb{ zot<5AL8T2rQgh)eK_sqp+3{Y@t=l+#X=m3G524{?QRtQ~9jFcGJaj7SvfEEIdS};h zSHB0?{qauEz!TVZ$h71_EBvB+dmF5Lcn;!uadg_APkZJUJ#-W%2+ER5m0*Ewx)*{w zq0!<;4OfM9#j7YLh}dsc>zSNkPzIPCx^`6(n!{StJv*{9T#OQOnEjH8wf)tf=J&T$?H`eFV0&FmsY{Ft`VLrxYt~8j(svtLM^>os?n4zOh*9 z8)Y{j2fC;gbZ@7y6ZrfvVj~Wm1BYLybCEY+UEO)%K4p2P+K8idn39Uks$+h|Xvri92g4nK~(+5c^ zKOcbgg18Mr(796U?kkL!Ba$rr{HLEh9sK-r_@!T!Br6RBd5nJgY2Frv{rAs5)96Nb zee=oW!M>XO^pgt({`u#JXk%io(=FO@pN5NN|Ag(>Vkmbu&{H2a<2+Hu08q+Dqt-FE z>A^kqfu44Ibh{OJ(fS(^Sw9~DSPy^qEuuwzT@PnuF9{6`-m%(^` zTbV(susXdQ;d3jMV2O^=4=CbBMF+{xd;ZNC6v_aw7%Fu*P;RgXfCt4j4x*KxPDlW; z5_zM8-{gn|xOEsynee z?#5%)0nnhss~JGELQIh!-rkf}4VKW?GCA=TBsD2TcFhq45Ju1iFtp?H-EB&XxGiJg z{KYH5YW@H;?8a!E;bJB)AdtocEWzwC+`nClH|M7UJ^s>w0rK4bF%fSyqgzX|_u?gp z!|xk{1z(=LW}1NY z+0Y8}y>zJ|I7?G&Tkawrz0Dix!U<&$f_7k#rh_vR0j+}!N9{SH9$QH*$OdDrcL=do zhj~Rh3-NKVb2q>uPa6{R5o!py4{RcWXxi>@g*YbhBi9L9w3Ng_TuWIlDB9P>U$bHY zl}ANe0-+OJucO?tfSCNhz+k_0Kqma@0A=I`rpCxcoM{6$pVMj2BUIoXA&GN`9zmyr z4c@kkW9VSV$0>1&DaC6N}=7-hz;6azP%DFaSE+dnqt$_3#VGf}D9&<|$~DssELIYV54+zaimZ{pUmCO==1WOudk`~yb0otA~=pg$K zMF`(AP{h^tn{!}28XaT}5QK1>pr-Ez(!@LJO~(J{7vhsoK@{)pnMPE#Oq)EV=u>Cg z4?rFefB=HG+Pt9)V^?r@z$J`FzCP_;@qMY#1jN=g7GC=EA@G0*I3eQE`S+*$K{z`m zgKvkkaHH$1Ldy&uHMK4ZRof%%9CQb}o<|~wOKqo#>&~xTtqTJc+sX{og7fcBF+U!Y z)H8N>U~=?arR%g%7;h4AJzN-j6F;ZVOr_F%Zq=w8ki2D8DJ+u=Jwy;%IRn{aDEXDAZd8Q2kAq_X(624JwSOy87SdR(d@e(B=+QGI0}*NtD#WAR2= zIuCxqc}72UJT>U=+^WZjY#9L^1*!usNN^d3xPMTYn*EMH&1a47ig(D8b@Q%s%b^yF zbv8pwBVPKflt7~%A(Eu!)mtQ%!g(7)d5baP?)POB zcG5$J>#*hyDqI&6&LO)&pA7AWz;3ojd=lfq-TjRtNY2#-IY7N{x`!3BG4DfdU2n_f z1$A+XJ={uVjWkytLrMW~l+$)yVsS!)J=hN*1>>r{5m-gtLXpB!mr1R4Ge+xtYg8@H zo{Q-bq_vfqSk$_$_|f4MMG7=m`gyWWK$e!D29JZw)0~#_Sts61V3x=0A{jVUNS!Rh9R_@peT3`3=#n6_xCG18v z`0wI7i-9SJ@hd4jrVG&HaM=(UYwPA@TAY=6(`&CO%m=mC6eehINAy5$IWsDiwUyTC zFp$0@Bvc&(%QSd@>`o5`g+w5hPM_dyzI5=252v;{utzTmkiL$}dpz(UXhdeDqLo)F z>)!g7MlZjkI5nK<{fnbfoZBw`7iyvn=;M8(#86BL4*#5Idn^uvUF;w>UQW+-_B=Or z3o)8sw%I~8w+k$ImDFvSP)0H2Nd;F+HaqYO959j~Mlb91cQ&XkjVJ>T(6keH69Bc&l$bs$4<7F) zN7Dd^Kdi}Uf|7#M!|8xEPi7fNBKG4XvG4CukKHYutmOOe{1iVw+`|gSd~qy&vL{*b zLM$yV(8TvL$gm)cA?*{-hm6q%EeV!Z3Rx~%k_AK*wxbqACGoK0*qvJ5u#Bwd7|Sd! z|Hs9*ujAC;k13^$YN5Tq%zj*Qw+p1;YD3CvP}velX6Ja!dA@ihD+=4e`!1G^f)-+*88qtqG_jCX^9{^S-*95xJEoJN(F$E$e%JbDieRzmjmyLWM4Ygl5Kc@6x2A_|9 z8XEA=qflSz%~-g|cn?v9#6~U`sIvoQ{Lre}+eF$EF0N|dnpv_XAqpGIWFsTgv;fe5 zwkC&dwBK~0H9}(H=BrZQlmJ697N$*?R@jH2v@mdA*W#<8;`@dX)pkSF=8nF@(?@k< z`^f61mS}KuT4W-~Ucg1%ke*72Cg2=eRZ|2o=yre`=(Wd?vR;6N04tI?M1h!c>=ga* z5;3*?Pemf$t}AC2!wnrfx4EWB-jq-92x4||(4&bswE~AxrOBK8T1~>{0h3K6P!uhI zl^{j{bb`Sc=n}Hz12@)^3lFeGnic?%wj{)vVCY|N_$x?=e(Q$sSdsr(Oqs`7ZHbuM zUjYnh8jad6vK@682Tql!7Y@&0#?kj3=)>s3vn`3QPhTGN88YYt&UI|1N*FiWbFET3 zO^Eeoc|CP;#6DWqhjfPu1BTb+XfJG8yM>(Hc1!GIc${hgK+!!Ek z%d*K6e&U76NF(ipJ4-&7Sff{1USEVtER->}$J+KsF=o*6DlhXDc%~q~gpU?Ue=~)( zoFM{%(Q_n*ROCh!5ONd9QP3oYtD|&oM{D&A{Nzzo$(r-&bSYltWp0;mf9%CDpKxVQ z95{2gQ+f)u1ypjo{-K?^W6|bSi#l$qMqq z9K?3;6G~c5x{Q<0{QqQC9gClSV&P2zOEfJ)PmaVy{QPt88-krY7Nehj5|cOh*W@+U zGaB_?cZoj7UQ6IN8eQo^FV>Ld7E>+fum=cbu@zLr>x?&3<_9E&4&z$5bHKROi!{;5mlKDb$`^1IT= zCO7jO6~pKHwQlGT`xiHIyp7!MzMSqJTyB`dA3r_jZ&I2fDohdF&-X1gu?79~ z3ruWPUScr8**PMI%S!C_3I$O49}nsTZ-pM5X;tSM%*}-~1}a8=$co#g=9ZGGR%!)G z*uif214XF^>L9K+TYe(;)Ek#4n$3Cc+k3Zu7uoBB8@pAtklkCCVSCb!1iG&4{cgwm z-EQ~W>3oB`{j{5DoTn;4?u;UvJNV8T>=<#%7-CPjXmNVL2I0R)NzNG6W(J!8nH%K$ ze#hIuwT==FL}2}$<~H^QfR|ckU&=z3sjBUj_F8A^T-VL!lm>hde&;Q(ymmR_ZQEYC z!Ex74U(ydW75>xXY@80iA8br-S%l>@uwOm6i_l;y;JpsQ#)o!iw(ZY6K!--v^KJUG z?>#_wb(L<@TV16O(Ai?k-WG9pA6EM4W7*m7E1u{g4yUSWU8%aEnx7`-Pba~8xpFk| zU1&UuyYD*q=gE~?+xZ1gU=KffvRw=HB!D5XuCwbE!pwH1sThr(jJNheG%av-nk;#Fi@WQXv_p%NEZ~8@~zPFpj5-&!d zw3xmYf+t*>QdVZE8LVP!M-v(R%mFumUMH0KHYSaug?`OpJknV(!D8CKLb-836dy!z z9RTBP<6BF{*fqVjJgTACp`eT}H)DK38cH*`oaXf5^kbKEms{H3c*^*V zV{x?Hs%kw58QMTqHhCRjU(fSJSU6N~UR00u2Zn#pQ0)1mLK=GBF{!&+ z)dc;(sklCG28K|p%#KMG#6HW+8Bk$FKxf$!cQ zv#`5m-f0q`hYii{mqah?4$6M;P-D8i6mx9Gi~9(xD*tXu_ih1Cwh5hVsWu>#*>=A} z=WIUrW%DjRO@d@_&JY424?|r5^qAE0e$F&U$=qF86LZ2tVd8esGx1QcXCeSTiv*Ja zdgDQQX{3K~o@804Jlr$9YGj+`4ZCQuNLp*CIwR+O+gJE*jq*LwKXe5T=Xv3({X?|| zYP!%1)8l10O8>(BLP2~fy#r_>DfD8Imy7*4vdj6q=4}m5`c8lseEU)_!enU7HM&_U z_<$D6j!@{fLBAKE%u5V!rF#?1Qx4dS_be>*k7(2vK-?#%FMWLv2A-p|%_abeyX_V~ zVaJ>*o7w?8z-G{15)OeGfZNBkVADXo1B^jMNx+4?2ri3J=!M&Vp{^N*>RyM)jw+~R z&R*G9YjKg6SME7$`SubD9^#fALp`D3vAsQx#X+;GkOn55-!oO@*Q#E>TePy4Wuw$F zq~9fKKG$^Ao06QFQXmuB@mJo^}91261L0PF?K>aQ$Lzu-!T=Ma!XH z-Hvd7Y*&ASe|0;<-%;wi_Hcog^jA43y!L|bbw9QHIduz7p8|Fle%70@r3jcYBvaR5 zS6(w~QXrdHLWd+-Qj$x`63Lj6?JP>x`n=0HAG!6^-bKa9jxuHQRO5) zS_0?jHhvmV<`h471l$|jN@t4aS*d!JLx7c2E=hKEycL5wdaZP*zCS${!NqLNdcu-} z#fj>vgm0;CTt^dsG)@{}nSR5;I{hwn?H^oErA3AnWwT8i(21su@B<=y;!QJWC}u1Gz{fq;rAOK@ z5Fv+>g<&O`s;j~k?8IaMZMTyIF%ME1w6==g+6lX3_b*h~CH4nbp2i5}u<5!j;VzFe z((O`&GB7E8%&Q$y#SwqF^t=lSXRPOdsslMNZ_ZDtIhR^DWZa*Kmu~rjW)|Fz{ckWy zShvE^(irje+qdVw0|qaOI-su}B=mNdx_XD*?*y91%SerIUOc@Vo`X>A&YX&!H%h#PnA1~jUFZ_u8>+`Vwf&{?TlcK${jjYPHyt6 zyi!>%C%Rr7*uM_m+D6{Z+VqMNGa&9w&aCDE9k{meoj$yJ$3sG+I~K{&1FkhlP`~<8 z`=j|Uxz;y4JY4LdQf(b4u7hiEuvGyPRe-DJZB~;Va^&(`4nW%7n;jq|L*-$qHi<(K z-`N!d)vA5v^OLsGFE9$-6-V9yb~(LGsdev8b~+_(2SBX5RmysDQ6q~hzQVdQo$NU0 zZy&0`<6`067{bAYC7)fa@=!gwlafNU(4~XDcO0=AE?LGDW=F_MUSWKMJvA2&1RPv} z49XRNr!(}gUk{wz_p-<{w|(UOk)=309}DS#X925Pmf}*qSLx^8jIzj^Wjn+2Ij*$e zLMNqaWR}%tKa7$G}&swydqC{?e@%jt~DwaxSio~t}`5v5LFzjJuqNXs& zB)Wi=j$2UH$<;HH(0!F)@y~7v0?a}e1lVZ+lorEt24Ox`Y0oNTIpMa*0%Nf{oSI=J zoj*=VkC3}@aF9>1X99z^1EaoHH5#PJSO{|k-gA%1+5v2u7slgnF*oe}lTQHY0)Vvg z0E95-f5WxIJ2WM_ zJA-|K$9Jxf920`Ye z$(xppAvfUe?y}KZahQq3EVLQL@N}3t!Oic;q+=f}z?BSo$Xrgwfp}Kvvz3yi zD~i=D`x;Zk{^K!i8i+3f1i5{^Cb7y@n9(YUi-)MRY;(=9z=mHCdphti(B2IlgsxC+ zKZy3f6mn*C(KejNtAz|4NC8T+SV_wvyAp5!6hH(BDdVn*2`Q>hnO#-Q+5sfgFqU!1 zb%B1o$Y~lh-D7ze#%w^uAb`F_8$QaJk2;drOhIlX0aHWHkq4y&tV06W`nv=Z;&E52 z9%G&oy@mpeF7h;2M!d7z^e%K`>rzD5A6C-um8XAnolBRAHH}I>o$HJ{<9?<*pnZr{ zBl{{E@gXhL6>W#iYQDojc7T0@eFZZ-*OEysJLjr`4q9gqmzXOc1do_hDK}qbLN@k# zXok6r{p30CzrDN9!CgIYe-on*uq-Kh0+h7^KrvM4Z_ud88hPuos|- z7Wrb?6l=6_xf^XPW^Kc_coao?iZV27gC2tg^MGEdMh0#WSqfRt@}{Lr8YAlB(Q3&hS>IYukHg+uPr#q$4{6bWA{U z6{wy6{?pgrUc7yM^6CZVdfJst@``_WcXs~s&fPYwAk3V2)Lx8KAC*?{yf-&!J@HaT zK8IYcvvY^b71ma;q7?c@2uP&Xt;Y$rq%k1F*^f5YYY5dEKsi8ZFP@9cu2tRSM%j@u z(M|1)&d#TzmcDkuw9?tx`LtWUpj)`$p`bfmA>u!vJLAB@)4oJ>FH}o$hV~9rogKZ| z4tmYi68d$a*9JC`_T&%fwLhTO z{(xTl1A6V3hFQOABz|7a}JPYgqr~@rVyMZ#F_E(=lyYJEcZSZ z4~&Gf9lQNl0GqABYZ%LHBbnW{R)HG+unV>s6mYxc>%-vLb{`T0FI>;Js$Q8GAP)}R zi}zKHB25PxDzP`&F|?7?x=@`xT}jhKsCD*#{y;p}%DmPMoQqrc+^@oa4X~n6m%JUU z=>Et(w^>wv@5nv3LpR-SORCkPEoA+Bg>d=<=HeHCx!8mYd#*Ex^Sn>lJ+gqCq*Tp~ zuCMZPagdb;?gIJ^S%gXOv2EHT!=|w;(vm>g_ivS^UzBaBP4gPNbra!CT3v&~;s%Y* z;FR+tbU}4`?&~NsQo}X-LNU-*oW4F2Rnac;5(3q%Qcvm)dLrz{EFLc*r-+Qc`O1}9 zz|xE4(hK9F1?C}T8Wd|S7WuUbqiJ}7+S0pfVqYT7N;I{-F4Cx^G&J9dN41g^e}nZ6 z{nDVzrVOG@=?8=l(sF35yAQw z7fmf2wOBh_`E#jOx^(pvqdKJFJ%{gsIfIIN7;0(@qd126B^k7FfFq&55-38Faq9{F z$c+zF__!M=)QR?0W&i7pL^Q2x?_xqB0Sbmz6z z?HW($P)dU3F0mRq43^=1glw<^!+!)^XAftsTTYiO3ifP2;ut9gsodZ3DAabf?I73@ zMCbPTw=XWl>u=xoYIQL0wS;3C*p5|rGP#C|-Y)9jG*-Lv7%%}`!PGSE?73dayqw}G z37SF@$3%jqyjBo?q#y|PcxU%EK^&=8W~;n};wTBN81P=aD8SK7o|=PQ@Aa_*N-`J` zi05r(np(*f@Mn5|Cu5O!b9C1z8TCQ~@h%{%Vc-sSB_Lgt0R8y<^@Y0&IN=TV2O?zb zVFG2=J}b1oYAa(|Mj>W0b;%ljqT=ivHBE?PfJl%7)uac|-1WpRg2*w=Zw@7Z9YDpc zv21S?o>0ivck}+v-_TG&2~b6148o`yH3?P(A>K_S8HHejlr2X!n8VP!LQATa$#{l< zOinkF$^gVSEX)G9Iyf!j$!F&-p;kyy)rxC~v)poa?wRlFix3Dc1V;%A&^T43`_Y~e zXXkj!QS36Tc&$7q7{2gR9&29^mL2T2NE*&c!+medg&|>ax7Tb431?fq2wL4za1RQh z($^Q2O2Y(@54vw09oi-ncX#MWY<14soOYDq+ z*CEp69sc-^zJc;iEKbEtm+L(NGvsrG==*pEaJN7RLgv6jfR5tWuuct@;g~?=K$s3e zw${KwyaeYqv1O9cV-FN=#>&T_Ez94futi|$Z4BTXev|M7~*!vA__*!wq?4f z(I$n<)Y-Hi^x?)*#!>MudU*h^wckgmP{1BE@=6(6G0Q6K^yBpg`MPc~M!dnq5nACG zgr-}M%iaH$(E{heLEi=C8p2{-kS`i!_`uNu+Zn+=RuNV!B)f;$od~e{>~JS~<)ZhF zITlZzeA>mWf-=sHh@eBG(X_e8nss1Q4r{gpP|4}*5T#IN8($xXdpc0<84WfZeH2Wk zk6jDv0o5@oMz|4MV9|CK>mCi5cpq;A@$By8J>Y{jgk0^#sGfVrq6_NTjjGx|F%LQ`(ZDgtf1*?$pYt2#_)P6NpW=s~)ee&c}R&#@G z<}@cCD&kr?b)_YtA?KaExOgclX-v{AYe*aiExidU2O?eyHb@HgT-P_U&V0ofHzvF( z8ZlF<1gCGK>Q!EHwdNd0)91rp%;N#O*t)?59lRno0e1~>8ybkSyJDN&r)-V2ja0H( zqK}sII1-mmww=RZ$WBB(9_-rY6FVWKPwwqloY!iezvoe4YHMx+CpcO!C`pvo(Jf-z z1Dc5sI;Ok21D?QxV=>oyGLyB3-GKoGFQNin4JZ(0|=Jq4z^EJ^{>zNI|dTNP&HK{*TBnFQ|GA*ZNsxq597kC zw|}((O~&EoQ#RUC)j7evFtet%Ji~U0ksDahfLz;YBj!|o5a$R0P$M=5edCOM^wQ;& zetAcD0rf}4?1#WYZT=4be%I|{zaJ#d;qzdl@5{Gg=F;YSmD@iSqpH>`)htzO9LJqW zqrQ9dl5v0SKS?U|FOzmNb{M~*D)8N#my=&;!|b@Tb7vq16oFE8beVka zf#2%DK5-U5FLkrC>m|OWDkH^AVCV;cYik$!l`ge5V3LM+U@hg&ZZ!1Cj$P|h+y}Is zytPU%S1Dtr{ZB;MPaH8kU_Ke;)(;;TzNEy*X&>UW~*YffH_VF_9Ba zdWb+B9>9N^4IX$+W*J_(^qmE6d+n`@)-<8Z_S9mn>6=rl+K{;-a}d3F)@df{q) zSUrJ~H7ixR+E~yrVNnM5tsO!26`~RS&6oJ(Vs8mq;=NI_@G~M}fDYLQ>b{#WHx$Vi z(H=N58o*ybeJ4CEFG&TsdS=kiQAt`$SYuAAb91%K!71G`{)`>a6!YK{Wl_(7fCcY3 znO;3J&sDj8?Rur0o$#~*H;g;+IDd){u)0d~nBEB<9OfN^D zjDDE*<5@9&(QZM!96qS!Z()_z>E+11b2J(Y|JP&Nytf%+yYakWU7^ij*{8leOltBE z9#1KZnC1*MLWpWq<_V6^-HGiS*hOb+*_uvSNq%l`wa8StMz6nne;il;zx*KxCdNFd zfsG^!ZB?sOW#G4g5?=)V#r~kBs@1Kj?N`stiCsG1^09!uyPb9eG%ZUfaM&RSIVLY$ zNMaN~qQj$}_J=`6_UR`s<=;EVf-JAn{sghLH_oW$5e6M=?^BkQoCkUZTm>RtppJo+ zCwIf`w8`KEJxUidWdLM7q(nMH9cpyRFu06&>|;DkyN%$d#`G#XKKQe0XGNa!{$4(R zasKAT>B-v{&wqe}+g}nGROjBIkq5nIDb&oo5b=f))(!zLZT zVX$;zI6ZId?1a5HhEA0o*ag_xUWY8Q6N}(ETcZ)P#zzy7JCJji!9oLU+25}L=;L}+Xy>QXaVf-t(79|37L#cQOWWZf? zNRc>(DlD*ZHWzL+0w=*($ZMTvI1N^%7}DJ#I+0Z2vZ4AO*6>o7#$gP(It4XGxxiu= z6`shTt=-W3pYA;yq*macZ|+9L?yt44JHtEP^|&S~wOrXI**Y8tu7%f+-Ss16*cfYfZm?#u2J z`m4s`J8NSnl~oPQ@NHs%7FpwgMdE?OX(c(*T_t0O@d+BS1hdtoFPk7<7&o;y*Lsgv zf{nob?7IsyG7?2zscsyX{Wybm6KZd7;^K+0oJ=7XOd4>f!RZLY3j(G_*es4qp*YY& zJZ=z&8b}l?-+vwtl%N2*>rMAC)`H6Cp?#mUN&Cs3K;smE(oQgNrq4)jQAN=a zL&~8Md1F*D=SzM_B@d{OVj_d2! zUb^L4G2{n?j|NzQP>+*b(xomFE3+_&BBBa&5=#`p#xpgRbS+h=t|kxZ0rX|4#j!1} zjH$0#sudaRpvp!`c9nrBv|u$t8Ozyc8o6)@<+7@ZoYF86R` zXXi1Z%S^XTqUVVVfyQ>&S%+p0ihrDiCJj-mmA=NKKr*e)6xr$EMp>6B-4GY+G7Xpj zOSv5U2*FEZVkRp}_tZ7XFCab7YAv&ZvjU(#T?VJ0a8CdoZ78%lV%eO|3wrNWUcnke z5U(4G^AGF@_|^SFtiX6~*okz&NwV1s5DhAs^s4m`S5Dh#p62Eu%K=l0trW^a4>s(2UCPHCIb3Zd+fT zcDTCUL+xfUCM32);0MGpfLLm0)_eQ%f~vFet;owg3AUi}#mJsK`7~-o22H@3$90Xj zZZZ^Wg6+Lwwa^ZbCx)j3<9jCX3$_>4WIsFKOcB($ql+MSCnBj$^l}HKK=VZ~n6vX3 z9lBHH+eLWO24e9}C`N(e2nXCn#w@}H0B;A?JGIRJSiGR1R;#Ixu~x48i+_V8nh+u& z{3tME0z@Qmu|4D7IXicu*G^bkmnpRrc4)uf^QFx9jQiEM(HQ`Y3`bB=3^)~KVjQK7 zqX9fXN;=8sVK{I{KkT&BACt2t?f4)?OYay$6b%)36ru`DH#9D)?7P-2+9h2*U#?yv zbH@BA#mVVQEZzZ23!FBt)J&Y46rrA+jd@;mtx{Zxpt{8u_#b0QvL|%*YL2pi+4sjP!?tM*nsoEWsD!3~Tk1#N+A?8*lOK`1)_trlGLb znX9+IEzCiGFE;~c{?0%S?vHlS5AXV~hI`SIyImvz<3&60s2qx~=z6jfRb#m`-iqF) z?;+Ln!vn6oArPdbb~RJAJ*b(g3cUuridq3402~hf_pzXINoNp_bzA6FEP_%XKhJz< zRX0aoh2L`cFW|N@zGi=k$*2WD4PiXixAp|wSN0KE(YxCn_-1ioU<#=$ozh{@V#Q=iplo zqq>Gw$+xvEO(ns&eGb?oLCL<0Fl9RCsoxoAP$dWw;k>b~)c(=oI(!u7xD6jRJmM>6Vy3|)0rFzAdoh87k^ z*;)R%%nR2M#(cmqSvlum9Z~0tWfQ?#dY2woQiQIDHxJ+yKVk*L8RVA+L3Ab2jmSi6b=A ziy8J{&_^$%2`D$}$TxRK;_yno&sXg#xSCs!e?sz8h;iNoQ68-RbihGYRSV8oFcuT7 zbSlE}Jx{4KYz=)>9z5Ppj;29iK?tW1Mf4p`F|9muH~<7Oeauk1QODiwp2UDJpC9f` zy`Ofe#M1jacIJvSlG6_ z>}*?S)A-%N(7?ELszH0(X!7!;Kb9_%O{8N6=C+gbGw~Iwka#wSLE z_Xt#Vbx~TUZ=M^>*s&dQ4=3kmft#UMlr}Ch)^El>37SGH`QTu3!_BDRno@>ZwBk}) zNRSkorFX=Jjl+v!05Hb_xrQwXg@t^AlhK9ir}+QgnF#0F>zu8m6tn@0%cf!bLd-BW zZ%(*3h;;y_=`t~mEHhbWx9k?g5A}Lx>CHmvC!zgj*+}>+lUQqvG zlh_yx^X=*R8{IZ)%p-#20i+h|j z(PjthVVo<)#r&`bgWs}TB&d6SPZO>C?$VFOe8{!~*fFI3cG2C)iJCI0F7_!RkK)Bp2 zvp1`0WA4*3hdQZbK;;!mb+r!iwwbIqS-)K7`@KeB|LiQ;_D9d};=u8Xe~gb{Ap3^X z5<}K<5hTqsoKcdMW+IDf**&c6*^YZ29MKTj1=*opqT6IIKexwpDa#B4U_IbPU+5UN zqer9RY9c**x)`vji;b0)#6U$R(X+5`|NUKu&r6z&N{Ti-UnGYYLmI64fP@8b44D-< zyG_7RDhmG2&U7Vg$uvD$=8)>7md(rsnKo|_9OV3WhIE7|EtHKXlMZS0l*^@I}?lsP;yvVN=iLkC9 z0HGEKetk}!4MtUQaXt~T9@sv<8eLt++^1*hl7oV$5}gr|=wbZy4*({w!IYy9v1Z2UKkDa99dt;qM~yenxj2Y+{usP9Wfl(K`V< zi`=Fk<~V(j>V2Y9zwb67ZSX4C#&x=#^YlJq+#OIPKB*@ybH+Ws%QU?sL|W#X&B}a} z)E-CEUOa7O4^&h<+;_?f;F}=Vs9$OygKe>r(Ew=0-S9{+^#Wb1jyPB!!NOxS80RH5 z>;z&*>PBz1_p}aS&qWzbk(Tb^rZI7;+jE#g5Y>Emeb$w`EHgP4Q6}HU;g<%TaT{2P>;urTz6;2VVrHU)+EGgJXQH z8XBW&QW#^Ynn@OBj#)0%n$B+UX@Oq+QJaXr+av1ivB4n>v$(y64ty|OT5iuVv%aIC zcBd2s@O=V4d}W0kh%?8sfu{ga{Dz1%_~Fs%o9Fx8v@o_VE>*FjPHTl&Z$1}C{LNLF zq7|Uovt7oFJCF={fbyT0Lf4EwG{}y;a|2?%RSKqGyMHe9&p}hdJD6ZXT1kg_zEYUE z<0<+iqs&%6zUki8Gc&n9n%Ip>%XDsa0>)$CI~IGFKVjDJ=y>FZI~w~;VtYs6FC+2u z4||ZH4kN8}=I6t%P9OTgyM6l}zIh%`f#CP*5TE_>74F4<{S98{nQpnv z9k#eRG7x|7TobnxynTHZTp11~-nBoVBlR?-o_^HVj+}1u+0#(9LB-~?r%o^GYDJrL zqMk-%Z(5q)KU&>LoE;bC1OjmY`_gcpVOrW+qa)(Og_6p@5PGe8zuTjxf+*Q+dfPRO`e6X@@x3+C)IS9+!9){1b zx~-#~4TU0Ns)@=*h=0+-5n`xx#MZXYEsICo3k7kgjD#32Bq44oB_VDpCLy*8_8cxM z5oT2J7*?v06mpbfEi75j@}`#c8h(SKo>yvpfI4C&b07n0j81deC~uIqlH9#P4LSAL61~*?Wr@MJQid z(!}6Ce>cF_Dsznyq@w>Gi|*L=!Gz!YEM^2gF;XR2WPlMQ17Z=^ol zCxK<%Yt^)M5dMK>o`N%!8#XFZdXjU{02oe2NnKWeD)O{33@9TQp~nX{?U~R9O7nXK z+wclI1l)P?_>c?S56>|mT125sYgsAJBWt}HTiJ$%IuF9pU=jOB{qh{jUir3zsRJO2 zrA=>~Era$V;&yTzWJa?&`IAyNpZM`}=2;ysjysw>jZjGNbryp%zcFf>6Z-;D_o3;ZSSg;#@AE?1?cf-|q{;hU{ zrnlX0$YyygMhEn9r#ew3jlJ;~AY&R965Zvhx>O3aVDc>f1R8M zcjy5!NKWd78N_P1FP7#VWjCX6^8f8KQnp!+-*Y|++bkmV+(7CkLmEWUQNk4EMRk%6 z7<0pcd5}B=(SbQSypft!kaM=r9aFy?4syu6Pq9Qbes%n$FY1!&kX`d&qO@OsS7U zQ|jF zrEWNmfvVz0@KAuQl3V$b%fDMyhXB>7CrsBiLeJ;+(6RzkL$zN6b*?C;%v|MYSHr<- z1}^57#0@w+LDgAlFx=I7v34z^%)zA)`J>!m#Y$ZQ&xlfPW{QW-@L6Y6QZA@=ZG>sl zrDZ|iN2^;K$r|gakeZYwiBp| zR?aJw%&rgrVv z?<2xG7Nft(yl}*a!KvuDpwJ;!DtIFrO-MdyFHC!2tKV^gRVR}pLTMksrY2_Tk|gu8 zhj|Rqs+7V~P+CmqvLQr65{|mEk+)&rVwZNcI1dmKDv@ooEaCtE^FY0CR0$|iiOeV_ zDe=XD%)u^))F#YA6F&_a^-knx%Ty!tBEaAdT^~0}sP|Z5J%~aOCbtKK%a*hTyd%2Y zLtF=ps9I`f0!~@6q6<_P0tG2CjjpX2W*_THm1<_VLIbn|C*@IuC`9txK74ceZKcW= zUtV}KKeb}la^I3rWrenDOPZEY-MPU)NmrpAffCQZKP3`+ts6>qgkuT|V94d%fsx9i zOpEKI$>XC5CT(s5(&{*~bVqvN*|SmnaZ{ND=m zKRAOQ2mL>QdH*oL|KZo}RD_K)JQrbLV~cxXzzi{yHh34ZthoclUi2YBHJgBR|K|7aBh1hcIj?L{2kOtyI( zt5uw3Yo(e7U}Az|kSNcmDn}ERM^nwv8N9)H5|*h261O`y?zCs1Q3&cJK2R8(0QzZHbD+21|#^7?F3nZ zuq5&dp2kk>-xBNiv?Fzk55YU`i{yR5->$pe03547N*of{8K`|d+*#ToydZ7|Np3Vl znfo)1tKveSU@508*oe=?2(Y3?Q=jw6qAr$w#R4#7MeI$Ns2DHmTj7|$CyqD-i)?p~ zG5#J3i}@k@i-4HP9uQ&G#i)umy1oL1)JojEnqZHm(DeZHtRIn&7z^+%T$MUgP-X%@ za-ie7KoYM-w#P6fA+ zEq%OL-F@>;pWH3veLv2a7UVlo8a8i^tkUyXJGV zQF;QYed01orWNZT_{%HC!h^B!{MX@&7ngtC*?GRbWn6CC?v5k}429`p#b{ZEl_R>9 zv6@nz!x*bL=yTLWusNL&&Y7$g+Cw|K!>5{e<=IOcAT^7QC$IoE#8N75=GCGEvoHRZB=yle@A%N?lsONDus`{h=xp0S!L)f5KGVpx&+LXmk`4c&n$nk6?P2&YnFfrVF|iU_hoZn*IY zQ)$+VsJ%#pLgize6}KySJi~s(W(&=DTLonS8xmMJGb1#5wzopjV7JeLBDQn?{4+$$8J9X zVeka~_72k`B3DnHlssc?su)n4b4+I{_|Upa6Ch9IY7wynPM^pRvV;~Yr_g79fMbR; zIvQ{=TC`WtB>iS2Ygs9tn!;lP`RK6BI8Y6wAx;*#RO%F=ucX&n%?hKaUV5`g%f6`= z5X=^{T!z))tN%9{lMtO^h$X#T*QM&lO9hb4tJiehQ2v1-;-0b(-5$LhZT$t2iPYLP zYjr*unH;ou{T(v02$iHZ9-fx*L0C>J3wXwN+u_D4bGMun8W9y}y5P~}G_dBI_?1tE zDP~6YOrN4($0xOXak6I|&W#_B#aDHTmYa?i^IV1m0w2PRU>Pr72fPN6l@dr-xd7ic zJ$eVLq&5O={HVAyjx{?;OxO%(d+3u?;D6dcpH7kxAD^mUC;l9N;*|Y##>MyG)2J%F ztE$LDhnV4Pt_*Y)wnlvKBFM`kt+Oq_!K5O7=0L`f?OZWDgDHVl2)fr-ff^l~-|2!Fh^| zEvLl`S9wCqOL+xV7*`p=QeaMj%D%`8VGS5!MClMp2GNWU>Ry@dTc4$%j+Q2$5@O&} z$uv?pz`c0!e9(wD&`3vH92$%!gw+eDMWGxP!yu=WA$Zs($|A|1T^qZ+vR+X0WnpA6 zfx90Qsu)DTw%nY~HFhaXaH^Rx)U_)N@FYv*86&_HsQ!|RELadN$ z{36?|na}o#%pfiz{KTQN_=e6|>H#~XQHYvYfOO7|pnsD)zh5#^y3j51cCgHDyrY<9gTN^BH zQ_fNxRMK}DhE9rX;EYhj50P>TFvHSL`)x=ErELi_$}3rT3)y(p}{`5QeGh@)2$wMP(f0OvDkC zm&*!C!1$To;$UepVHh1EV6>kj`Ww1a_L?K-kn4K}Y#CDdwvr;S)0g z!|GDM8sQYH;prX8U!8S2=y25$M*8PhG`QXR#w$s-cD$6H)0)P%gJQA0-oUZKAc&|k zja*3%7X=IweE2aVo_eF1nAPSbI%cJ^nI-5GpWdH1dKtcy?ocYYC`lu1WN+&vu@zZn<-QKFSWMzUua6&{Qbaz*;B;yP3q2cW< z8hsFdjlenM?rvBwUj(Y(GjxGwL6)RRluQ?3>*P%J;kHq>SqR&u(4@@3TAJ|ovhh8I ztd#;^L{qR|3bZT{4cxoQI9bQClDp>#`t6fy@eCT&vQl(R-y~vA_#xfo=T_GtSxTD!!|U+413_GtUBXpMsMWWD3!arU%a zOdgv1pU52! z(2=m`{-R>nV*{hw6A_dA!ILr|M0t{v7tZ)I=PuAmBO%qu7)5^YgAR#k2jI1c}G#|!=Zki?~@@IXi*ehsJ5z;WLNOzHJ#Yf$N@Sg^u=rAljkYLzDRpR8#%_6wWm z`&^Sr1k`G#4|-KrgxsQ-(PC8030dAa5gc)Reyz;`fMw2u4KZ%Y+fImS<%E2J6#exC&!J z1ypIoO6O0V-xmPI^*|}^nb8Dbbiq5^ayQ~r722t!=&TkG!Z6#Zs>4K1Vl4m%VYC2t z_Td*W7Ro|xFzYJt+Au27SxYHd9nx~TtDz`0qjvzsW>j+m2$sFyWm2}PDA+?`S`IC3;r+VHC>4jWX56@SIP>cd`(u0@e(RV6N=Ozfdf zbSe~`D#iXv#a?Pfhhovb64kP5)i2&l!)RYyt_=Hadd3D#BgpU~EixQ{!EFQ#)_fvP zG0F!B3DZ|`&XO)KS0swGtPIkMsw`*oWZK^9V)xUei*g+w`W+s$aM7;w!;=-C8t!kh zG&D~N!#(5d0DJYbF8tpmL)Jqle5ynu`(y}TO(Dn>1JaJ;A_7^dOKb^>#)`DPGAtr0 zt%@{6A=;Wska`WtDe8qH65yB?=5Hdj-MOs`?>?TLix^$HXIIe$Drb&TSykv$31jx8 za6N%|cp_wBGAY1`fIl+UIT#<6&JhGhVUa&U=+0!!Ob7#*AhnE2EH`+(AAt!9dw(Og>Q))C^aopP5aF^zZe)|mESjBVH8X*o_4v$ zuobUeWoU)&d!1ne^=G}(u=Lfq*09k2L9aF*Z!P`=w-)wE)O>R>F1S5p(UH;hLDrco zeHEs4Gx9P3nj|u$oBE{u-g1gFAt`SD7w266z1d&90EB)K_~a<>sht2Q7S#NcB)V6be>pgYRUYDraCE=>1a}W=G zYxmTTI>vt=9b;!zpQ-5+UVmRy+h^O422ap$hexL$jt<7>M~DA_xCN$8$WO^n#XOTa z>#Ax(TX-!#`s34MR90qqDlO$on0qqv3Xa8u1V3FI%~3G(m2sTRZ0G`9rfPF2td1cu ztqjwnF!WPWgr_MXh$EG5G+4yvDlE(YzyC%*`~VaEhab>Ku%Oe?`LBJnHF_b|O%c>Y zWX#tjHD&MkDToN)@30<$?~`2>203r5UWA~yhTt*GpRTLvDZ=&|iFv`kQ1)I}#TSDh zQaT8iFL=`uDYQp&5I}-bb6rF^ zkx_TAUQ@KD!gpU5A)EObL3n} zary0&E_8N0G4)80p-xL$E)VSh*gK0yFWIf0b^~=wyn#CT54)vxErEqGw+!WwigH%m za>xl&+C=jy(dC5Pa5ye8q00;{-&z@{&dTHe=6dz$OKV5p9_j;!7Lb`n@CCIrGV+x- znmU81tn0$`xiglE);>$7(+E=)ji?;0jOnzW`)MjxCq%7)&j2i^_-E;zPqkgHh2i+- zNelwmrI4mf#W47(jHVzqf?!6Xu+-x!sVrTLt6_g#=Y~Qm>(#n$g)0Z7>#|+SM7ib~ zf!s$5E=#FB-3wzn@}qQCUFL==t7FjC0O@mgyk{2)VRo<>R8E8d+2%bZSH^8-oGy2lURGd-OMS~b%WNp8I7e9 z1zVe3DzA;c=qrL@smxhn1PmeY^^AO>&3M`H_Zs=aJ|-s73*k(sfBD)%d#aMGmy=op zQ`~J9%fx+w*`Ts&k|38Dhnii}u&UmfC~JZqtg44Cw1 z6h#~Nq^8ZtGxQu5m(C?vml0iVIVEdXE_QD{YEv{IKP8r^8{cnWBQ9op^7Ma6;(Nq4 zI!MxmILF^3w2>Kly?bb*ZFg*=R`tjYzMLh=l^5WQdE(TX4W6J+w)dY9j;V~G$+r=l zF?5;7VI*U`<|*v_KGTBngd;ppxo(5>>lYVOBm!v7#ti~4xOam?}ilmQV;fA&*oEek=j zMxmbAODsy+94eXvtHN&TgeT~Cn#AZbN-oQ>ue0AEr!1KteTMs*OmN7O4c`v=c5_j* ze}Ur=!eeuh5HyNj!f;g5V|drfo9!)DLXs}8iLngQGx~3;m|2x}>z*`K6zXsQ{`P4a zL`fd%$yy7RNJ7Qce?B-ZvgzQMWqz5GmnA68DI_+|NB|@rp`)n+_$kSzeoX!)B)6Sc z+gpDP!WW+ZeCw~?i_6J#@2`J-{nEqR;nu6|ziz*{+Q%^txqKDWAJsCh-340@nuG$*ppC-Yy0Q=%> zTkkd>=qnuZjZ)oFNl?lJLRz%|RY!`H#~_I0F~v;WVoOWo4IyR-DMqR6&%`afL<;W2 zN<_R`vyFHbr9gx)J-_^LPGSh+Ll`NdqMgnHl zrc~b(5#C6-i=p2Xi%T;S2PE~Q_M}d;AQh)E{sZRCCh_N+Dyne-i9V^nT9<}dIh!S! zWCAsg!4f`!tt*jFCr-AT1knJ;ent}0D@Kc-BQbaDaGIj< zRy;Uyd`+?h6nW^{&xq8wB(UnVv8@E@!|&lrSkaqe+>rzljNE51q1E3KgS`mxP*-cgYyJM*w11i z75JA)&g2OMN^YPmkM}skeJV8Il=&>DHel%X)s$Y!o;GlAphU}?n;WHRP`6ZkQBIOScxh?{4pGJ@WsDcy4bue;6Eq%?(`0if}8FoG;3M=6*yb1c%5^Q(*R^ z!LQ&p7Y9(Dp_k9$W|tP3*Jv^~PB|i~lyDW}3l46aK+YV1o^MU2vOPRG<7I(Wq&Qd~ zp)=tZBUnO&r+%;iyg0<-W>PNxfo9?hHsykmLF2N>Xz;`4-5soQp~x@1o)yp`@?-(d z{3VmCwW!KC3;ZDn#7V<{lKELanUK$D=#>rNh+@4J9p7pL`nS%o)gMox+TMOKvZI5U zpE0r3sTQpL<41EgLBs!~-ha|zWs`i`9h*3;{k9E4hWXJfU^qPEXH0%FOJasUGhL-p$9==|bu$0vsuXGb4?IX*ZVATHgE=}8iQND?Nm@ZrQBB=ht%OD04a zE{a3chdgFvj%8q{hVCXQj_Hg{3V%6Cp3NWl(kwC#K=U6d&QOwx83D3ak}!VE%WCO} zVcGIiCAj_#v+CBc~w+uK65t8Azhs#oFtpvF1(f;m6r-mAasxdLe6SMT z+pofHhs4i~5tE=A5MS>AOX1O8lCO;wm8viMm9vL8c=5PKA8w7N8M*cuzPQ4RFEXx1 zM2KI7$?vLIv82BELjUFmS2zyE=3%zWHw?!#&_w+ziOciNh-2uOGXDv}5O2#P&{&cU zCCq;F!N54NO^k16Gk1*YD%S4fpnk2TYGFvV<8TW(Wnl`tV_m~5#XUvwC<**%mQc3w zpVSkrZ~QQ_{vQ1&-7x+zzm4d1uu*&Q!^q_4q8H|WY0IxQ_a?Aj{|NiQy3k~|aqPpB zvyx?Z92`q+i|(bAlEoBve00H7m89H5{TPO`d;Pn+joVvMQQiv3p4or)?z`ISR@ij` za_OGS>Z|T}6ZiPCOVh#tH!Sbuvb4NbE7I{v*?x|I2UM4)bt!f|J%12p@qA#;lPesX zJCeR3_1KQ!YA35e?snMjs9NaWUZeWq-pYq6`NXBu*CwJLMCcYVUV)-pL6c%^EG>!;f2b0xYEMl9 zM<4m8Kgv@5TdmJ~dF?4&Q(=4NlS4+~%dl&o$vmHHj)HmY zU;8A2$ofX^4PN{-2@i!$2ub3<<>3^w(EtoQ^gID;@#fCDw=LacVnnLWh;z(;QAHSO zg`$ME!C8s};zvc)QHch^aP=Ke(Q}b)MCBiV@KKyM6{zuA+ag}r4WW3D%d0ks^@%f? z7GNBPDvq*hZKC-@?r(3%E|9`wQ4I@A(3Xl|X0W5LJ#|OYv z>+~27vtpl7F>Cf5oMkGvkCCf0OAeI_T;CDf{9zzq*sZ#Yt7GAa32AF!?QZZsrb(J} z5i@KS8Y=eB=E>exq9`Cw>Q{KNfu0I?Q+~d+*15YIsCdTwlzs)m-~b6$Bi;!Jf1rQn z3By&PubD_cVOB)I6}|`uV--0V916iI9mheoNa03a+962pT;voWD(qq{a*KE-Cg>!kKxMo!+`J_5CY=q{-yROs zZ*`b(S`2V}3b#**3Ho~>;dnw=1u=BLkQyVpDGF}}{wCZ3XH2go0s1NN7@6ZFXZ!U& zi9+Mk<8x7j9|%eqc8!s6nNfx#nq=#-NGTmX{Q~Ls)~PnUyR&=+y4|i$zrYl*e56lxS$W3Zy>%)!_uj z-$1QeY7$)wcy}j@yQuVfcWb*H2QooP);we6P_LV2(o0RgoJwQr5Bx+g%%q!FtM%&0 zws-?yG8ibbDeG+tiUdAqFU`a+0O%a5U`?%Ksa}axckhxsRxw31JGM>~>_|L?f!j>3 z3+>dNqWHHDA)I8_AO+niB&jp0GO$ph@@ECGxnFf^MePoK0=?9Nt?jl&d9l~1iv&OV zB%*Tj=lJkJ3B`f4RKSq97SlpGltI8Gf9jK%vOzT~hR8KgL<bjmG1`XSjaKvHJ?#*iTQahnBm|Ghf0klQ(+^$ygWHdO#;N* z;1ZVvqmme?;-kUfBUMsJjfpAR!F2_vD$a&z4ZIE2{N=ERS9mdmN$!-DtdJ~MDIxxh zMrf=2#NlgSwsjGeb3^=3G^DW9)PhN&1>{AB0 z0WWg~jKhzjBBM#7&iOO{8jB`m}lS zL;f6};a_+!el0@{8c`7CEwXdocLZWi>fR<9d=OV-$k882Z9vWS*>$h0^=Ey_x|Uuo z4XV~RxqO8%4ng;l7~7U3Emq?OtXNG%-$VUY=f=GjXP?@&?hb|irQlU=t|j@M@|v@H zplcrdSFfo$*3t&;H2m}CH5Jf>aCH=4m%0iixg5MdIs5qbVtjb`;ppt_=xosM*j8#H z8V@??54lf6B~vmjL3BF`j9k8$BYGVS3=yr;$)7%)9$cKh|8TxsCx;EaoMvetPh>+^ z4~MUJw|0h&82)^Ie)@$l)DMjYigt4oD|mj|YV6)tbN3F%=i`H;lk=kw)~QoBSh7si z)8mWt<9A2zKb|+iu;@%2hBpwvDAADX3Qk(!xf-|n-`1Oc z`~Iinllvo3VM0yDNDXxOcy@Gg{`O28c~FiNe#Wal1Fla$>G>D1Yq<5ShEU&rSMKU*h$%c;alK&e&){H@ZEoRAQJ zfkfcoH&5AORGu4ZLGEma3o{m2YZ2kVW*js+2>UW4XL!IN2@v$?Goh@jpx*#M6Y_0Q z3{0x7IfUm1QrX2^C)wJI*GRa&UKfCy=EO#a0p4gG-wl!7u>*cW%!UM@Le?G)yB)Xh zH?g_6F9SdNv6$RikS#vp3p1#0lOAoBH99PS_TqI)HB|9)Hv5=GT}!9r=Y)2JO#?sl z$6=UZN?lbtEK_ZDy}=9Gb#d0Jd3N^e+9HOQ@?}U_X9>Nw zgKi|PR#|4t=|S3hpX}tVp|xrfTUe;O=VswH!q!T6hTMak7W}J}tmCnABGz}7hOQcg zTZvdL-5GKpBG&P*5wV8Hs)^{@aNYg2)Mz88y-L3}dJxvtrz&+FX!RwrO?K3UM>0Y6 zWG4k9=U6#E3q~Y!>}ztS$miN{aI!*lpO0FK*Uw6wj%HmXwewobAcS?5*qqf}hp9e< z5jFd7NoJM4w6z_gdSP9}o$uLjr_)hSdRnB2E;MaAi1wky611#i+>xH z^d)Ax}gX4+#DE{6MW`<;*Mg&uIgP+NW!DO0eWl&>biNRab zawVyV{Jgz1r;q~`$Jfb1PiAGLO{!NOp|J>ZC_?m8%*u>L!mmu_{E!EmHNu`z1O}oc z0X1up5L2VHp0QQbL_XNTtpm0<7~LfCGls6>vq>&60-aCwqB>IgjwUe z?aw|%Lp4aApOSi{2yHmmtKTYPf-G`{GH>rVJ2o7{%|8cu#y7KQp-+`2y~rxM=rYz? zVOL#Ee623m7t|_yYk~f?I%?h-udt6b+k}Vhp2_7_(yF*{otK!5MNf((I)s0-r2e|wvs+t!1n2y`1!T7 zx7`1!<^SK0QXV8Y<@uFXRUSrdo1KKP7zWfHsMa27XF@5#hG> zP{1nge7hdxN`)VJ$`7>g^Tubv z>w{I!NqaN4CH2MH@q+*&k#uj)(S~9kF=jVOc17Z;bCqQ(59c)V zYfXR2_EMSj?2EUkbL57hT-ADC8nfQp#PTiOkLmPp_gkd;L(uyHDLrE>&61pbTQj`G z>Pu2vYvsY{&4O=`+yzo!lGy@+l1ZFc9v1P9g%mau0m>_UaCZ{JpOYU#7{_-5I) zk_bSGUza2fNnAZ%wC~gQo6oO(p8npRCG13%Se&0$GGN8o zw@xk#vomFa&)7YuA)0(O3(bY=^HQ0@1s*HmaYDc+KU-L|bbX?@O1JkInr`d=mz{1s^k` zOE;D@$y1u!O3Us3uwV@<-sZdP8h;vLz#Rt~k^sDg zUZNuOGB3)K|MBNhQ}I7gOyUs7481`0Sj9BO!5$pXL{bGKB9ykuN-T@~3j!L&!irT8 zf6k9(Z?)0rJ|4YBqyxFT5nQz-(bwiK;2y^b0|Bh)j!FbzULb9nxdHdkaN$31(=OoW&|BQUgjzIc$p~Su@{N7Q9ea*F?+uRn3)I_Zw9XD~)`)zGY zM#LYM5f_7;vShy5w>iB4fMivtjkzvN~;AUF8HfkFd%LXbE}YbpzRy+yK7~ zWx>h4Wj;X!nJcIm7!`c6g(md`K((`i)~hthm^SoY+3sn=2llU9f8Ek3C@`RK;a-5q z5|#u>w1>_QPK)sC^W?1-pL3Xtmo zQg13}#7nVCH_U`l>eQpMMxiqj2Uyy!L&ik_k@}fX{}-z#Ngxvy_=GCI%cgu(BFbTs zXSzjNkj&?KOah-_D%_jc49hIM08HWGXL{oW$Qz83I9ec;kNzkhRdq5>0F zNL9oPj*=;fH~k>;Af50~EBeHY`CNv~Mn(!;K6fO46u!$-z7oYMNj~@A0CWKNutaDS@i%a>8$SynzJBU6a!De>7NF0P-rAb=tI^)|*64*;`B8|o4RkXj z!AzOLLSAKlY9!Yj+$Cl=SlY2?cuFY484gtoC9WbjhtW)_nFXX~*pJvucxQ8tvX*3I zDvkLC_vCG;EIdhw*GFg^-S`WNB7BWAf2#7?K&w=r4E%xovOX1wbig(BS%wk*oJJ%d zELxx>WsqouB_fFkXX-jda|)~*d`ruI{l#dcnwV`^xZR87<#{^I{7__M{TWAdnVpvd zO>(Av=3}GGM@Cu`cE;Lmmn^3G(>2M1*7siTZf$pEjb^p2W}avd$=@Mqo@D{lsR|is zCq(X0SsurnXe35M7@7!EIz;m%#2bP?z@`N|;7yWU0lkeD>MMe;f?Y2C#P~*&)M_J8 za*qxf^3dJgUdN;ct%G7?6Tk_gB=937O*rhURWs-_lAftjf2+A2Pl&;*RH#LbN zuZc`P4GD`I*~>~MaOdnAz2sNJT2`#y1Y_SUkq+I2l8NopFm&Z5=5gY-K(QxBG3 zr*7{y-1>%&7a(qY_3RUFOda533!e8Exaw&!R)SbJVby+3)=tO6|2Y}IJ3dfje|UU$ z@cx&h5C3DC)TV~jf`^gd7Fm+qqDrD$WF)&qWx`wSyp3upH=z~{i!7m>H7|emZ%p7* zZT0Fk^$MMw^Kz(CtI1}rb~|VApt{^?=6R}AmM;!5WzsF9a%H9UL=rkI%a$G6cjoHu z*P?|EH8$I~i*u4?Nk-ynkycsjRPm7y6x>`k4@Hl*PBT0qpPO6sQYh4eeAX7alda!t zyPDS$bHQCA&B)x(7Khf86%a(0@XEuNC5Lni#BK!eqGamvqeH|OqSD(}T8fhCTPR{t z%oX2iEduD@X%bs-kCN&CK6`(nV^hyRYnf|(Hx;=+FO6eRJ#VW~z`ZvVYQSo!y!&Rv z?V<8nz249=t1FP5aI}o?4b*Q)q3cL#+?3nbF_oKB{)#8Ve)v9)7JFc}(OYw6X#$i! zH8r!^7JSyRb-N8uVR&s`L>L)`OBj{=0V|yHhG2VVIT5pM;YDPEgGCVGJwwrs&sdV0 zDm?tTyoXSal6}x`rOdM-M4gR7)5aI8{E4Dun&fPV{^9P5;41~Wmg-jnJAokNha}rW zw@5edFmULx9yKxatFjqq=c}txK&j3~dv6=>>5-NuXsL^S*U7d5woSsVcF@6a2*Yz@ z5qjtfFZT3pbf^-@wRWX)tqY3=7>%iV?>(`s47v|{E~dB6YH>*N`5qd+gJk5xCghA4 zUITyZ*^o6iuzeNV>~Qp@*M)f6av(8b2emuSd$N^u;aPY~{YF&66}O>(pnv8GtKL9Y z5062r{jpi{PW^3-v9?HM_Z6?~`<6f>>x0f>7CJ%j={3oXxyBX0s#&1?PSTF;7 z?mYT`KFDJc04zSBed3Jhj)G#UY+i3)V&*GttcECIvn(Etfsy;B9{s3@d^gOodjq6~+59Qv`axI=Lgdtjga z7qEEdfJ%I{_BH^B%rO)AF-o)KnuHh;VY(RN363d71T3rAY&1Yc9*^lqisk;Eqin{3MVjmka^s0|D;dX{a^a| z^bh{fA^y*c?P~mo?H8}MANT){%#)WTWJuTVrRw?=sKXq01Pc7Fzh%4|Lz-GPyR21 z>h{|PTI0X%zN()8wss%Se-HB9oByjYVUOFuJ+=Y&D471$b&hY@KwKL@11LB1uc+MM zyl1<7I?ba<#u?&etMB%pcIL-Ztmx~N)1Z+`9_V^0$zMEe{C~Ta z|7Gj>^PNZj{}7MOV5C6-sC^Pv8ln6XE=7z>SbfuQ21MSx-u9z(=I_W&MTchDQtECg zf1X`HN!H~naW7SiHC3U2xs#-R=Fc(187<66rXsLthdd}M!l*t92cRv3kIpf8WYFL3 z)0zJZt?8H0|GeDYs>Xlb-hKWk|3Ap{F#Nxb_o!`P+p-Nv2K49O4D=m<=8;t&WOvxn zeArhS27ImS~(YmVc zg(h+~!!d&pRY`m=cLlj;7}k-(dahFku3l5!;;s>sMjHiDF|8UR^wn8)G*|0vhDw7O z29ck!lv-z{Ucxq3Moha(yRAWErdb*^2AJRlWLyNH|CMOTZ|qitePzx=!0!9E5*8nqFedc3Q;rsb7~;_qFl36tl22`L)c-cxH5c$Bwc7h zY?a1VfU0~H_{$P|sF=rn`r~NNsTzLi?x?JKzDS*>v^EU1Y64D9@y`i`>p^EcavLDM zp1d58hSGaWh9$7Iq8VTRNt7Oq=l}Z{eQHme{pU_C|Ht-=7mxX$9_0B`*nj@JT^K$Z zeSQl@pU`I<+7LWBI=}ea@yQ{C^Ew7k(^k^XykB#ULkw`MCZc;(4(3f4@wy zIh%zz!c(6m-(><=oe``q>+4X8Q~}hx+22#1HcL^G!8J@HV3A|!k>CECKP~)!d8aS!Y1RL{s>c7=dbRcZk^eu$ zvl{-t0#C4ivwdKt&Q$ksrK+ueVL9rF`x5!j+)uxt{m7XN2!d*{{T`hSQ=*?+5$ zjcYM3(>GVFjsHL_Ib#`#r|W3w4P9vj)+HqT&;F2%3+8Yg49TCM19f>PmJDR9tr*yr zW~3p>aKNI4%7+Ncdhi4;8+Eg23Ra{eJ4-8CT#lO=i|9|w&qOZ=iaK(Pf2W+1e|W;a z%CzU}o6o+m&l~zVOD-}TC4P7z$T~EvNGle7(f~+AT5LqAGDCF>AK7%2OfLXVB?or3 z#vdq8Q;0w5h+_y=TsUT#AIYg<$80FNe<90WNHNUPZ;OeUnd!zLsfzGSv2qKUAQhcYP1S(-y;T{55JkoXKo3v^BJ4F@ezRwnizkBg+W zjXktB&*{5GheppHU4Xyr1{t1h_`htj}yxV~PW zGS(V1A1u)>G5Wiz{P&^SMr5u*dH?K~E45smO%jFRb0ST_ha|$igNj!>)v1*t-Mw5OU^?n)=;Wl5%@etXqj_O_j55BZNJvPD97Fwnc70-k0x&DD^xUE~3=)=P05; zuY1e{okCUWeNB2at${JDvc4;4eD77$pH@o+zjtTKExLPLAZ-ChD9nNl)B;bD0_;K2 zB@TR%tRF9spK(gD+>fFK!k;;_B-eT$n|A;RmY-&X;eGt{=tP&a7)BqhPOHYUvb(jaiNgal09-6@_~HSXlxXTj{PHk{oDwAYY!7%$g|Aucu_o}6h}z*Tdy58909 zPh@nbPltMTsZ*!i-LiD7NlRy)qmFrMsp3elZV0SXehpz z!B;>X?h()!4r?ROScNbTVk~s5mL(CcXi<9|r%KgoZ+(&n8kN+V4FrKvmS$6Z z`sthbNL#2VQ&aH0xxHbjR9J7oB&ZNQS=P{qJ@5C!(y$#bWnPWD?xv)YFGC#!@ zanUT6`fMiTn{BZaHf3|}8i|mIUhi&gIk}BGf;y=_nQ)m_6Zg~`XG*(j&8FR>IWClh zv~+SkOZ^_m@RMXVhbVhV{8Q!!_!MUZLNz3DNcYgT3Z7)f5$~Q9U!3<$>kA7DPf{Gy z8JSqlFDe+xK@v0knVE+o`?0T5#h{003;)z;9kO&rNoW106q1dogfSJ-Gs>#PD_hf+ z@?D$KLKl>kjd%w2=B#z<4H{t@kd}ql$U5wxfY1CxF!oBa1qA=$JlSBDGx^p`MVdkm zUki!a0U{(!>x*LVvx5x#tdi=tmTXo9o7h9QjqF%ULad@Li>HWRVRmI{i!`%2eeY_+ z+G|V?T~sm9oa2z>^F1_t2U%e2Da5NA=<0j!Y@yd-%+0pCYG7K^Obb9}XWck9p65z% zHHOp&gndfaK(`J=t*g!~$%Nr~C4aDouJFQ$*Pg1pSJi zWmrb>W%G1G(F|u;SzJ~MOKW8gn!;@_pGr3wVGPHJB`75HsvDc_e$ta(1s2`;FJh~< zP12m=Odfo67X*C_(TIr{f7U6xhW{xG3=4KYT(6Eu-N~UgPh@0b4W3lS)__%~yc6V- z+Ps!XxFzxYAnLa9+LqX|_xs&1#oLPtPA3223@u9hB{*dh`;*#^7XH`F#Tx0+Qw0(v zG4n}`GmGRZP}UF=F!^9MqOe->HUBL?$>`1QD)C!WlkeNky_k z2!B?`Wc>+}`P`4g`Ul?k;pQcYH|cC>|LWnu{^bwLTNV2jMaeYDS*8EAy#UA8UG~8a zR4NDY;Qh(j$F~CGn;oM8dar*kv12 z4UP|gIr?yZe0Fqkd}?dv$1IuGDL)}N3X4Q9=Ht3KO%sZLf}0L4SgNh^<`3vV+FppL z@enURp*TbdSZI(8Y%!kEB1#=N*(g&Jk0svKYse`u&tn-re8bWh?0$HGVl09d`r$Rs z7!h_(Bm?M(q=>|nVLwF4M1Dw<5Rr6LMnkty2abP;GN0wbG^R#h)F8gN0HsOjhT|UP zlkvNwv(xc`btd&6Vht~K@joim^>zf_AFjS_n&JS0IdfKOZC0ibSbfXRVO1@kzCZke z4cDhZg@GI%pN;?a_UPjD=)=2J;_=xU;UgVKj9c>T(Gu@0!`Po z-HIw3KO2hoI1K9)`|17J+41Sco1_2fK3WBG))DJ?cWsc*y8b)s8U$<)7r<+$8S%h5 z#rDY%V!zl(w)Aqj%l=C5I>WIZy_}r1|LgBZJhoq6)<&zsV%{Df9G#pUU7U{3e;(9n zNG9k$tFvHH($YlM-L&3BTAH_SstTqOoCFAq{Yn$%YfzV(8{PDN7P^CMI6gf5VDB5` zz1Z8_grqTigWA(lRCL2YcOB?}%h}o6i(igD9RFx#p!KWOrXi}pKNuezeQ@kuY7kjO zHv@mOs!&^UVC3bi;30_P; zWZ8>fk~rMo8o~c;-^EO8C{gOro?dOBr`Kq2zj_4YNWa6(x9xh+BaaL7`?t5~=@q)W z+v7j3(cPV+HOmSDNV6c?e->f?8eb&wg}U6uXdevzpE;oQ;)w1_DaILzr~NDT+nZE3 zSwvBxUEx0i|6)QS-q~SgiW`P&=yQG5n?3&0C2?;t+r4kn)(3s20j9!)ZhU zpF;jzW*=pZY{RFw6;-QBWbWPGs>bf_M$TfRr?#p> ztzNU6a{#cEYq5NH0CJY@V8`wN$>wPjSW68sGpYb?GRa4%%*ANLOchUW`Fge2{!Tl1 z7rj77(7Sufo*Fw@`!=C!M!D#O?nSBTGprF0rie`LTX2PwGL6Wt&S~U1#6uJ@{846opE+y>oqyAQyrs#QWt zvxFr<678Yk`N3(`d|C8E%EcZF((kA{9}io)lZS2HdFhzwVN7epXeMPp*j3D$`o)3x&oz02(0 zZgjttniZiS&mzk~0ou88d{CxQ+dHqoj$#{3qc*R%Hw6hdBkYGbv(|1l)CO!g_$u_R z9?n{ggR=npi_aEiPm^lUi#%kbI2Nl3Y@iwwUeY$Ne+4F>)vT4Re8 zzjuRMM?(tnpojIX#12O~*;5Nr{5Zd{&cc1{&6fB?_|AHBv znf2R^%-UVUbSeCxa3L})G=;Cz>U53p;nwTfMQEEWt22Qf?yQbGF*q6oHQIZ=q_)8ZjKqcj{y1#vjjrzIb^|h<9d6;0@A*iTpMW;?mt~C=EM5t(=|0#>y6H})>aS4=i`H;lk=kw*1k4r_KOM@ zLBK8o)Hna?wl5EMf`l>4lE_OVKgLKcsoD_Z=~X-XP8Q&~SHauD_1R zoZJt_l9EY-T(X2z;s?<&U#pr}vehaO*d&CN?fcHHnnl#QRo~w++PaO`eGZr3RPBC- zP9MX2H)Q%1u9E48ZQ5yRa?c_PwzMdK@J7n=z0QOEFa&!EKk`WGhhc^(-G6#3sc&K0 zjtYW^mhxfH``)|5HC4S%;O|%L5PAQVMP0r86<$;;T;auLHCzaP=GSc-yt-Iuz}VXw zrFdQoShGU-yh}wJdLLYy=_+o5I$p4JyQq~|h39E%rCQS2$ci?^-L3m? zh@D`36B{Cn=n6JO+YV`Q<2jQF1j@4d+qOuJ280pVLpXvC-+r-7h_3v9X%eb&Ng-_D zJ@NpyyqQPYffb?&kIO zC1$?L4^!>Y;xSK5(O@k-hl-e+X5^Ygc#6aF;PwQmTtJ8=D9!LS=U$iwek9}1vIJ#G z!bSsx{3uFpP8F1+qL27%;V6HnTXUKC$Y!DpueDyPykfoqqVmIKrVBJZZHb` zSmh5xLWvELRlG>Ekvsn1Fr;MhOP^Z3Fyv3;3G*!xJ?9aC%V3ddC2};{dB``khzG?opJKQ>{KX zI`h11XKK?z!Fy@Y{$-u^;)s1v&K8&;$A{&MERVj25Ft% zk~shD{+_34gy%SBe)Ln8w32@CsaN@-_7Ha|Fa~*D@gqfPmBD&^Wx?6O8)QNmoIl8<^P9x zZomD++qyuXUHZYu&)F==$iGBJ)vMQ#|Dj0#_#uh#qeSnP==)j(bUqcf>3m=?`5sF5 z26hq44Ozr=f77kURCaYc3!-CJpVn&({TS&zqI{UcZu3IVU;|~EuwN~d{9pA z#~s7HV^|WBU*(rLi!sBn1&5dh8A-*hPG_<~W*auc#h@X{bCAY#ihCLAqXDd=3jkd;=y9jq5KI=TS6}W_jb#_EFP~i==q(a>_tCKA5UA;6DZ`<)N(9 ztT1=q#(C(?@!Pip550SH^8Rq(p|hj&kH_-IPsfJ?<65AC&j&xA;(@#t(9BG#XxlFa zs-+;_4fL(J`SZ#wbpsD+mv;lN$mKKeP|EoeWjJPH{v1R;ne+GRI&h#4`hBOdSEM?$ z99o;CBlrFf?7|nq+5L`yZRfuiTf5cs->c^@9{2x;c)qjqpSFb?hlj^)yJ6e5^AaIJ&?C!87fPX8&k|=><2{}o z|D%Ebw`4T$)kYitf3;mZ|84E=Jo5jCc)kPv{{$T<;YtJ?BoyTohsdYMFTLndIwL>?Z*Y!7`rPhyH0x`BM0gh4VgFkrjHh-H3ECrLKP;Ru!3 zQ0W{ocmmcHD2bzmvIgS_RGPaCrDr+-=mmfuFLSjD>#Ziz< z;weE9xyBSs+;U;wCbt-b)*!(GVGH4T^91=3O(2IT2DFTLU!tkex_!qjx_zI`)|Q6( zPrdspI*C3{vSjXEi>dxQ<>dXt8`$?%~4Rh9qwmhi~`AK=mN|JPb~fl3G&vz)H9xxGabpG3e~>P65zr%WhT za!7UT-gXFuLPG(QGY+qAl-haM^3#--8`L38^E15c^}*xuq&%Kjd=!-~?=#E%x6mik zp}peRZz--{AIPfO_Mu!;TPK4!*POA;XLu^}A(`*&7aVPXI^Ay|M2&C&bAH@sWDlSP(gjPDsV~Ua(MI_EYqa?+d&p=lW z<`=Xvc!g=?lh8c@rLe?_0GQF=C+MA@U4dRZO{Ahe$Ot2WA0a;sy(9*8b%tp$!(krr zBW6+C6B*o)`;pYmAP8J6EMpELpVAW% ze;I~DBmq`U$q);&3N0I*#TlE$7MZ2SFDtc;HRQSDtvo^RNKEGBUl>ejAlq1& zXMDc;C`%$fTTq@(Ge5)#{Q4uzC*c2$7$3zq+9)O{OpuR;lO!twZ$2q149hg_6-%}x zpnQD>IAwJ6Cdsa%#1H8vA3gq`%_l0KGD%`DnLxM{HG#EHKV^P^PjN=Tr74L+x`(#6 z3g%l4h+4!zC~vGtOqm}=R5x`yI5|d_B=$3cDO@M<7qPS(lXp3g;xUO4_JbKrLv4Ww z2}eTqbk5l`d}>ROT|H(*CA5(vA-gLkWu=%Mb^c|^5S6u=t3|74X!9?5;45bD}8oQ5+iFQ~_v`3xHy>&9`NGL?YJ@o9>VCTaiR)aL$L&L4n^U?Nj z!z{uUDIV@Ayg7NRC4!h-T$1=AB-wD!NUPht71`j#n019y>@rn2T#y$X=3xHM|M@>& ziMywLtW=AV=>^D*!^VKb{Y1xVBVvUNg*06G29u|e(w4C(3fw(ga|*~@ zkN>!}^?3jLAdk)e&#g}H8n5GF12I1G{5sFKoV}l*pWYlPM>?tDa(a%bo0%${=1`7M z%M6LAc_x){OyFnX80Cl)*cMyu8wv#X{T_6z{9hgO|CuMuzyBR@tNl+c{@1JR?Z^Ay z2YHsgNiD-|$hq?W^11TJz*ok=XMQHtqg)zmQM+XNAdGkgGyEeBlC*NO1NV?epVJIe zT3+6G+6~FE%4P$##f`(MerKWdT!57ps>*hW@%?hhKlfwh|EmoC(INiF^PQ^y*Y>NI zkNTend6w4yIHUZ1^gIE?&0FEXHq6H)-agy=RQ_MEN|9L|=KZE5YI6tFzIRkU(U-9KE zNv=fHgX{8{+uQm!=bEcf=P0wfT-_jL|FADiTR;~pQZ=G5OtbiN~b=tTPtVEDc~rQ2AoU__Wbpu)zEq7IvV^ z2oF!_CA(M>*zBqKzUZ*|+S2c3225L}X3!Qi9HMH37BrNJZ-yKEr>>TQS2zySgv7>o z_+4lM#9v8>seo?ZQ5xdoXq$~SKn@x@g+g0@_(=+I(xR)>QR{|})&U1 zirG;7;w{Rb(5Cz?;16wkXp)7}-Kh*@QE3r`MfZMQ>urUhT7uIzCYbM1);NT~5u$gk z5sT;n&X_C;vhWg60>1)ey}lWE$PXo#%AQ!;zU#9Rvx<5u!#}Lm{%5rY^lYn$mO)QEftc*NcvWATDS&J zKPg~CE)johy>oCcP1H4-oY=OVoY=N~V%xTLV%xTD+qP|;*!tEaoC zXKK27X7Al=t&Pc@)XwigIf#T8p;b za7AcEm@gchlB)Ole$S5icjgxtc#KonwrV7pmzz!qQ_Goy#87NwWj_b9qiTe*{|_Ka zrdmp71|D9jSeh2Y;HIjF_pw(xG{CA8;8m~l0NC)ja|gT-&c2ibzBJ>{zN0eML!%Yc zYFE0ic$y%Jp$$Os-KcVGu0Q6vy$I}8CZ-DFP%2Tc7kKS!@zz_D|XN_moRZ_IT z$L~J&*`YFrF&zCJLEfiPZX;P|2SfAQ4FgicXZk3hovaJ10X^kvQ~A+SaxNJfP|>&c zUkzy>VI5+p!l`0U+(0-b<$GcV$3JOuhzYZU=);e^3cwz+qtS?TSc@9$iT?iKkXzc^ z();2wy68kRn`&!FzX2CCC<7a(5zN~|hJBwULYfITjl}+;Ypjs!J&F{TNnd(T&OEn2 zuMl1x+n&3{7(QM$g|n`eA&;L&s>FskGv%<8)<_p+p?{Y^Ns>E)*NXiAl0LF8bItKtaLV z%vVN-HDuQK&Q6b_UC(G(<=X7 z;?HkJ2y`Got@F~-WoHlU>W}c7ag2Pdih}{8iqr$~ry>5Rw&$E|2_=-no>}m@veM_) zuZ@YAMZX1Yfu|VXX7hF|ITGYoS^VOPF*mfH7P*5P_LORy4)qclQPpdt-4&fitF%o! z#)<1X;k0c7-kF;240Q8V#Zm`S%W@W0XpTeaPGmDz+>no*c(s@zG6xabM7D3#QCOx4 z4?t)hAQ;l38Oz_&)hkoJj@tKItZ`{m5BeG?mK+T?%u9hAEGJ12_5r zh`vHpkv~LuASD9pxuBg=h1+XDKUU}IS<3V?-i|J6&p@PIzyKIN9@Qr}y{drz{Kbzh zuuiZAMNzF%wOaHKRWyEzIIz4-C46oTueGx?B^>P)pCVRlQ%~#JF6& z0>MuGz4P?clCFw=&DTHm?SkcWm7K$Bv?U(3CxhxZ2ip-riFcR>^fO!lIlcH{7 zhU8}AbC<4EK|_Pz$<6Zd_PTrik{_kOIE+2z*X!cu0=#`06h~gu+Whbq1xH*smZgfY z(m&P@{#V|e_U_gHJ3FOjjG5?(E+@A!oqg0gB}g~>B?yl8mr{8alv+q+b+sij*r+*f z%NU4MUij&+f@#g)=gTfle2F0nTw zh`t`q38^X{YbINNtr^?~4oW|?!Wl-Hue`%0FA&JWN?g~(-5VGti~0qtx>+ErLX9@a z&CBOpJk!)&i0`J=u5{%M3~BiJrLE{vS7*}mW+fvLX6ElNRlYBDU97p&^JQ>P&* zz|gB)yqx)<=tD)EPpae5+z*bG%w63c8qVWb%k%6b%kB!Vz~s{(R$1G|LHmm|?N#KY ziRR1TEtqd2%O^MV4iC`IvW572scC;Yib`?5)@04F)1x=E4@@|x)v_^kXk<^*Oi1%o zVixA(Ms+*4;hXI$6I?4Y401FJb%G_wr7HK_pqF^tvYZ`h1eS+U8xt4WUbEfDJ@gWX zOb^bd9oUX}rpHyQ4{zm`EUh9zMh)gwGmPO142$#K{;0WLu#9Un6jAdY5K|2eocc6dxT`R2&nNM}WjUxo5zD~6L; z$!ovWFdf|Q;wB-&Kec{_SEj8YDLI9RuSu}zTZ38(=hVxPuGq_Jb5UTka7oFlK$R4P z*h81B)m?NzC1cOf=xT=Pf+aM`K_q=G4(VnN2<6ai+QT?-uQz<8A-T4fGfx1HT%g{( z#+!kKlSqnJ&4{xfO}pCH(;pNH=P~iHN!q&is8vlRt`cp(AhZ=nJtdt)rn6pZV8{e9 zlu@oNYtERTkLL(pY(qnXfZqWA=DT_#i1nqeXTDLn`_~wB@pVk25rnv2>x*2gw(U=k zPgpw4RY(XKNx8KvYipZ8PCTHyOfccsOsWAVsWvU;jF^3n5p21IxV$A)5?lDOX z-xw3LK{hl^&NJY z@slh$faNC8Gwwu|1!3WH62%)TNlT&|c4LDofq>FjOA_};Bjiwjf5#*$xqSJosKN>e z?SImG1f~9Q&mg5HtQLaX`_KXN!p=;(YLC`2y6aEw!& zjBQM&{Nvf$9#t~jV@?w-%N$2&FP1P@$RTkM=bClYJpbqL7A4dJns63$2wgM~Mq0o& zL7X-t#eL4b>rNAr$yY^4D5JS4tAEl_vJAKS!t9r3v#n~mj40tc1 z)uORjt|1=J!>801^j(yDjvQCTp1qhDqb!ujgCL6=(MzN2xHQI0S6U_j`uUTA%vxah zs`r)GlBuhsv(ZQHgfCpJRC&IzmV-aqDFt`G2W7C+a*E||4ESQ=IWX1GxbO4Jc}33* z9wAjE+leH8WLkR8^~KN8@%2O5C8KsM4ku6J*gR)$XS&HsSDUDT?GF75!4f5^i7NVR zrkWI3#S})uJBAg#3g`nQ<^C<(rO)N{((NEB1k-9jxqn(-7PXhYqbMDhPMK>)|D-sw zz+|anPpuT4IT9khgW`nVob^^Y48nzAXVvuYzU;MpuFXvaU%tb0TRfw57pW--lRQr> zV@Fydd<7{UxXV@mUbNj2K(hC1>uLJtq%n;4PtrI3jpSC|5xc)bn^L|Y4UW2C`2HbW zD^cRhgz_L5b=hr4m3jY_ywtMbCWP8>0A*L`6Nio*C#$8#NLCi?TN0*2j6m#Zl>pXW za6AFoTwzj9SGAia>0uW>Q0qKYVB#BMy*;$>>dxVN$b-SiO*9)bm_5+kE1D9`497iE z7FVx3f2Yy=c{baFY)Q4<1brc~!*jBNdcHxmUJ`G5I8pMT(|CrnOs`v4Ts4v&Yi-;% z?Z|9VmmOFMg*XcHqO>iCbJ=`n*mlH3pv+%nd8{g(=hd9s0da0!q6}wOGDXkJZHm)2D2GNokMz7lxBs=)Xywc7W)cWjwuaCDqY)Am? zU;$@IfY4F0H^AdCMkx0i;3sGr{n;zL7piy1R)?oPboGb$_tAG10|}oW(yph=IDn0? zy$462^OK*?_q(79!0+|`8JYbFKwSkdSIeCQ-y`a41#Wc{7zk~ z)e1+aBpfOXYE(AD+>3LjB{!mOhvS|8*k*A#=>|dcvUc_nNwgM>6*JNIxB~9{YkrM# zk9HisfdYroZM2%TZGO!(8h%+wMSV8k_sLopRnUv>U4*oaA#Vr?t}b|7=>x`Q)yw=B zP#y~I7eUh`7d^J#saC31`$({>+r{FiOn5ty6whN?Ys$QqJFXSq0KwQRO^)%xT3xL^ zox5&L%=Q(SJ%X$Z@R>G0XGSn_tX%S#Ypfbc)tBt}$TE3IhhUp5*+lTm7_MjoNQT7n zG*N}f@xMZ)XbePtM0dn(e2z*|=iPx;7jno;_YC0Sk>vb8D_ zs^>x3i2MA$KjYAUPewXk`rwswdXb7hp{?fiZGW2SGbN&1w>J3Po4QWtcbY%t0_TH& zB68_i^v7JWG*|z6ij7$}=b=Qy?%n+K-|Cbf1j3TNARL9VNB#f;T22`p@CfpyENHb+ zd^KlYxVkynYKf}jU?S)|wMmoy-S7SLtT|Gm^e{3i^d>?UGeoe=`7T1k5(_AWBT2*h z!=>y2EA{SXDU2xcVMAVDkuV^LZ4)%k>*Z0ID}TO3fhh9nhQF`GY9drKN?+8<8}SrJ zq43=7Z}k(E(ZGrQPHkKjjSbQ2AOBL`1!|uJDSt#BDEQ-m9bbXWCAyl6uRVG-f0gal z#!lh2{#v?;C|=5b22xtwWteEXe;6-(zFm-F*6lljQH+G!)NywTJU0LLvIZGVoPtJd zx7Ej|^?dt@SDX*aH|W#4H9DemL5KddvW4iBQK$Ed{>e+;xv-%lkU z1jDhG)1sEv&9(Ej`A_)v@)VjUTou_Ja}(5DSw1gv#$P9P?4l`=R`{)HZy?XNy6%*& zK(&+EiC<2kKI@g#-}2{o*wrx77`7Roi+BJZ@6X{z$M4zs#?sE$UU`S*eps+OSB!yy z=6=s(8NMp>eyKi=`#b;m0?Z9H{1Z=%*;WmnTtUStN8f1_HnTe@e@k=y5YN%?o&(NE zNg|09VRSeHrh@Ppdm7O3V9F6G5_x0?Cj(6n6N3B9PEGr=#Pmk@4wnjfP(dr_Z4@7!f@* zExr1l4PVUY?B{UPhl`O;Pn$wx2ej0-BH#V<(qHbr4(Q+Z4&Mu3akUFdZ`H;d%B8M9 zd4^uI-=A1?DnrP;rWcn-Pd+MXq|+8$EDr33Sz~8N$>CYH+0k%zpcK4^QOJohcbuP{ zwnPYSmzx1rqK=U|yE-~=dh)phDbIkx!NKisfMiW59-y`zC8&kqs8$+dLm!|IXx;zx z{MfvD)Vh8IS8*?rmf-bzM%AS==Q9%pqNV{+`?G7XX}dx^?c%yr8}Q;(+c^7lK?R^P zU9o9}a~=nn=_MTl<`*%3zKcJj=K{3QPsyR2DVEt2E_9l^K@MUpG9m`(9S^_$ikLsG zwKScmNqM28c2ccN1v1(2HJuOtmZYnnNbzj>+#Dx?KwzQc^fU;u#2wjOU47fCrF%nY zwzW$K-m(C2|48AR(Z{&G_2wRVuDt`?Qn>jQ!0kUE+`MLUxrUGDV+(I#f9ET_GRENgqB+1{=CX``?;c5 z1L)Ic^bYvm|J25O=^YiOO?oGngR$rgJGBgB)mZ`jJl&O_0eF6Q)~x`)h{_oNhV88F zHz4T24n~}xG+U4w4ujZN13UI6A!41Ulu`aPj{!87RG}dOY*Mm*Y}m5L{ZZ@ovNSp>xBv6R>72x6#Dgr*&#CdHjnV)&~{tUC@QryR|bDItSJkcrSO0N3Rkg0!V}`(Cp665i>UGTTxrgt)*Yp9ymu#c?UU*-#qFI!d zNU3tnXnMq+&Em$UQ9S5)v*(vGQwyNBTMI)gHFSbGH!WZz-UBX zm}Q2E2uio-f{jG;Xtl5~^@bxm1ld~6p4=-LPi#JhxvPLWNX^=P z;tXE3%e^}e*sN@`~R^HOxZ(iS+#?L=lE z<;@O23A2vI`}?yn#Hz#$+qH|k)Cqu!-<(y#wDE`jWspH6%!;$bqIc;l)K9DfPrpKT z)LiP(9PVlwEgk07qO}aekcv;jQpV?V_+O|wpvKIdoIPGIA17;tS~5*6L3DIt6leYt zWyqP?D;p+DKQ@H2X<(TFm4`XvX7EhLPOdCBkiWM!FBTQuyMQb(o9Pm_e4RbG%AuRu1)+`xjE zU8c8jnWv-zEIo6~x5?g^_g`FNITlqOCmpjQY#nv!YxQgkSh$Eb<%OpKh(msz9H?2u z*ZL6+DtKP5pVJ#L5XX9GZe9=K$WED%)@bznx5N64EEW_D?+Zmzk5=jn75HZVC5<_( zIK)cJb_UHMk}{t)4A_nMVlwt{%GK0NQdc=jW%v##W{LJiQqu7L6rGZgZj6>?qxz>W z$8lcH&V4BIG-)EL$1mZI{UBj+cbz0vWsw_JZv4i|sscWl%7wb=v}q(+ppw(r)aTUS zb}s~SYxuTw_5_cBcZ&pP@(&zJ3=A9FdSLQV1`l1sUR$fGzDstEZ;RG>WN0@UILT z8y2a#aA6Q?3mW<%uvXEO`aHCt`R@p@$x4)%Rhc7c&Acm%BEHRA?a7+p)dWe&(=RbU zDfCJ*S$~JW$xo9Z`yN~rjMS9!r1?tqzv&HYwO~#Z@+{)AvuClAUAX0BcWe9ZOYvXe z%s3=ti*tH5U&`d#SRT)q>e4o5VEvJXqO^~x*+})~MH-0S*uLT-GOs?s5FQJD632D? zQ}@PEOf#PDh>elZUx2eKceS!@`UiJHKJBC_rmFT3F>>(Es;jYmz5kwULu-l6=hGsU za4)`0mXEjltwUz~LTpRwNXz+~zalzh82`G3Mg*P??PbzZvpgq1J?--`GOG1^t40%G zSB!jW)49ncjE=mYS7#3sBGz#zF@T2w;E(lW3fHiyyIG;3GODrE367$lKSq= zoHISJaTHH>iObQ?*aUJzJk9`jI|;PP^y_ftO~SM+-f4Rj)<&*ZJ;f-c&~s8+M_v@F z{y`O*PK+n0^NtYR4xj5vpYPgh35oYq7*Mb&FY%T3(g+7NmQ>xu00Xw zP>~G@5Q|uKR$SbCTuy`wT5)NvS21K;nttDqb^c09Z)*vaGU}{*sBM+OruV>Z0DG=& zp1wzAK?r_iggw7wP;#%>{ew9H45r3wSya|9q-X%5^q2W~>ku{Z3h5L4R^A(+jEqJwBm` z5NqY8xaE%Iv{8(EL`YSzrBt{s`Bh&6*@HBQQ~}?XFIaytb}83a7K_(5pKsNspSy@F zNW+*ent#<7FEi}iATH~lT1|pAfL`Q%NPp;uBmA2c#FKK0t3JQ%q8XoF<|AUvoL5oI zDs9NKsMZ?yx(LE`k>An^LsC;RI|R=XJ#pEinV>)r@G#aul)wO}sgm~ju_Ic{Rvq=21; zBE{`x+)amxyS%$Qct1OkOkjV>8B-cF!Z^_i)K+3OE9koXC1+6iRj%pj<=NQHYxv45 z23)#SY7Kqhnm*o>m-a$gAtt0)EBC22eR>fYTXY&T&2*KA)phdJzBGnr>G%GBR<6rj zqX_b3u~_-pvd;%L3%lZ*rje`|If`2NXZsLW&p{QJhhrXLVp8T&DJ(cX`j_Y}=Vv<2 zlK;jMOyO?y+fz;u-Wk(<+A>Nm?M$y8uQsSAivho)~|?|1tPh}Vq_Dr!#F?y+YN>vnRbAxuw9I@F< zV%5wgDoPZT%zz{X?G~Zbi9la{VT_I2@z;Ca3{tpS?6A>HKX=Zjw#R*Ty>e39f_a&i zLvj4Hks}|;GmJKJ{gG(D;Z=OAHkXv3+TJTv7GN4zqrD|L$eQ79koSUIgS|AXu6^IL)p!HIngP)z>AXaWwn*2h+zA- zt|z{->4cNoOt4t=vVB=Bn(>qeS@ORn%r!QfmV`!*8jI+bk*`BW_V@A{if%G2NWdNE zR3IRZT~g{*J;0L?{7%&PrHc0+ToWQZiq*@vE->N|QN@n^X2ZungfUIHj)4$g$aQus zY5L{MA;O;DHKqiS%<&V%rCl@Lr=ZE?NU1SYD8B`#s*I!StE-*Gv7B84X)g|J8TW*6&bCJe z7CmN)NTpS2L};Gq=1>hr7nU2|+v6Q1vh|j>lqT;A=-LZ zWuwipW4FRA(XD#tI;lz2mJS>S!J*Vqm3{Etk#8t@S*!WE1#6?cYQxYqzbGAZ$f7<+ zAzJVYC?bK=MgXML7S`Ay63th{%3)*UerbMRvo=D9ca`0SQHWQAA(9skeYbUJqKIb? zXD4c+xJJUluDeV{xy_EM+m=4rNip}hDKR)%DJNt~62^pXnSDfhJh!XD3nv;{e!N>wMAq;}4rwd3tIW4? zx0>)k=9QUtf-h|18vPe!^^@bhsL>`hb^&Pajsl|igMpbglMlpd@F9-M^ z4Pis2+zBDoIW3FIsU_t32`;)PDcp`eoZ0wwGA1~q_+F~-LQ*qCts=GA*&L#J3)FKE zSfr~cfU)BcpP~C)3uE5ZUG8jbOl~jbAwO;p$HuUq?@vxsbj-Q;PL@M*W%${! zT9(?ZZZ9e%$8#Cu%dA-pu=U92@l|EI*YvSQB2M|jyTaXs$;ecI*JFk_O|rE!eq+<0 z-!q%S*$vZi-XU*c*AjfTYT5h{UZ>a}#4OU%|(cEKwI=~T=RO63i zNmQ}!AmM7XYGz|`f_+eFP{KO&085iML&^MNkkW)Tf?6X|0$e{UIfwL55@#=IM*o|wL zaC>SttJxQA*cE)X!?l*%&iYaFH1C7~;!+QSbmK`>)b>10m*?D zjmg8h6*>0_A^mZE=|(*eCE7ec%#?oUKPSRlvfx7?6CUQAx2g~L*K`m2F^+in>aM~t z^_R@Jn*ZRIX+pJ*Ig_S|Y;42+^jVf(nFGy67UxH-7VFBgFWxQ7HJ2K#`1|<=#&UsYV^ zoV46$KpQ(&>&~tp6X)x`^P}3Qfg=M}G~fpCaRa#8{T@B+{-Wr``Tih~^ZnG(8I!+p z528D{UD9sQmpo}|y5|GUMEFw`}NR5Tudcax2dF6 z=&*!5NQr+DOgna45Dtwel&TDRbADEv0bN?yt0{Em$1X1Y{2R}uQc=}y0F`&_?mR+2 z8A5d2DOyULR(Wy%juEny<*qB3&UDzk$sX+866IV|@eDg`@6lB0 zLB>b5DC$qK2ih~N#))d)$oX))><~`kym`=O2+h5UGN`NMvgMRh-K+$7$Ofv<+elf2 zS2UOCiaW_jkT;oQ!EBc!0-j<^$!IkPHpG~zZ44}^>)yG>_s_?!@oj=XCtnV%_F?a&ITGzoo%hW5 zz>42ra%pz@$Sid0p6@|L-s5fAHX78>PXo!ug;_guRm&Np7Xn}Hh5%iH=KfK1Jh zM1P#^KQw39mH1B!5EqyK88fBTz>tTE4`!JNH(Px5 z`xr2}$3B#D$B;!EypyG)0xD8jwms6nDv455g`b9FJj1##@h^_`11$wUfN#XH8+kOS z74|em2R(Sm-EW1Yqq*$;9|IRvFNOz&daWZZsSc1Aru)*df{014*b)ltkVbUFGw^~j zrGr|NF_zDL2P>kEFCsU31IYr-BUTDx%!>q4y*)pNBj1nSa*V{^1`hZel}AmUNPlkb z_&4t%X=a<5&3%PiMG1;?^=wAdB!W)LHsj)#FeRqyDrT!AgGOTEAyK*|@~V3X|2Id? zIaBJ5`gR zix-s&kyW13Nite@kv6!*JB`k@syd4HG10Dwx+5-!76OXA6|BMKJecE#*odkUUZbdkmW7hj1K>X4c+%SDNxBi!O5-; zg|jYQOk~l)kY$=D!BBO3uLk+)4^{Y5(v;E^k&RwFl1V38P& z4OdF6`XuE$PoU@u=#-_25@(ZXTP;n>9D#|VL?dH6J;&Rp$_|pPM=E(ZJAXbpvWikn zt4$v017f}W^yWbwC6+7zl_m#JQuMpv}>GHyh6z6zD3kq^o_96RJHyYxcETDvuDG6Y`|@6TfqH@2Uj6Q`O*o17<@3cB`wr`T(yz`eesq_u6vZ@^iGU zN@cQXna&QH@+Z?_v?{=J-l+l_j!4a7S<$@KE+%dWQl6e2zfWKW{i=mB%0d*gKRdzO zW??D9@*~nriX)n+j8t)!lsQnf^yZ^Rb7=N$62-qwtEch|_znBBjO%%iVw`1pw-BRL z;d<#^xC_67az@w)Ti9^;LP&307B&&@LHtW;9w-R2P0jB3MksM&Gl?h%ajdo z4ued%(J)J(VI45*lyX0c{mf!90#ydHLDVG(N46}Y3c;-D%4Rnn3O;;I?F=83=$%zp zw~<|2Y}^(Xkk{Fp+8xeE`vyeGs%{MJfU76|-d@Gs&Jzc`i9B*5!b6=#Tv*Vc87g@b zVQ=YH>Ji`SQr^=6p4iDz=PkCv4l|lqT2o5URA^`-cFt@s8RZO@&#!h_n%uH_*xulrKRjU1 zF@%A+nt1J7iw-xl1d);e==wadd0CSHNG=eZO?K|XT!sC+wj5T2u4Pas{i_9yC&}er zcnWm-nNiFUX>42&$(T`K-)OX|4DgT~hhwH5FNV;~^u>wVw(axla<_bu54*Ftw3;Qa zmRp<0G+%O5Q3{)A>4wey~>S zYyqo7U!|G#&~8j~vpklo-YQS#ZgwnHy~@Xyw4SEBx(>VF*?bKWx%8~?WEXpM55 z`lAqM{C>9fWLATL`tDf;Z?LIERO*^x&QrFgbJ8<8vSOSY@Y6lBfrIfTi#cx^m@n_0 zu!I_)SEWxsvO?w)Xxm+Cj$U9^nl@_{@v~&50tc*;E(@BRNI;3piuXY>){6u`%1)|JdbQ1kJMQS`wow6mDaN6i`gR1u5X{;EaGHq@fK3d{lV62KFSAm1+t8xe|L61j+q((Y!=BkHG4$4OpF?FiZz}k8~(}E z|C6h;mapw{aWtt6+W39mP(OT?$cU5KrITQ4)Tl*a$JWv&s%X}mG&61aw)H!^QK_l9 z)Nx0P*h~xCOdQ%w?cG%E!jwXCV}b34$)Yj-&Nh8&eeL=xfd?nETlC)S!PEgDncuA_ z#NQY+r?qr;kq)_$0=kg^w2|<+o~F2Nxoju>ZtcWoop8H8*Vt2@)BIKYsXo3_bz-|> zV(aOV*?Baf_p+Pudf?adzVl86yiw6*1Im{UpK<@k z(cci_2_atpmwb}e=tf_R{JWRTj9BZ`yN7a2w@JRI#Ib)?BnNKX13Q}FD@9wk>vOko zmB+B$xX{Uql#|GgPB%7YG&J^__a({HTcnW&W0eM<`;O@E$ZESYLhmr5vol0|##bg{R>(CLtIU>17O_Gm? z==`_jgk(blmS#Z~@sFDyM}adRFfDqGg(*IiDf~)1RvfJNTcb(#t&z*YmFRwe+8>C3 z%Jx>5v%E!|>#BuP$f;J}kT)i-vHyl^@eAjM=t^RywN z6ha4?^W)rWp3UV{N2tt9Ww4uBFsNzo$ydT=p(Eah<%yl-VIDo=9 zG(R&}ky9!BiH^eX5nSZ>K^omUrzkl?mCwtp8c#6(eQI{)E=l}UqR@d8 zQVE&jQWF{nul&7U0P+XTCy$ZkZzld3aGp3GA?{D)?|1PGsOlH&$cdFvr>VX!@Nht! z_fsc6ZpZj&3OqJM2$DEf6Y0nOit{q|rAz2b+7>%Y8thO-91q=Kt1LLS#}wpgxq7im z!66+eq?W+f80LVAk{k_n2Tc%-Ocai6IHy{I$XuF?MZu2{3vbxBL1}+-3rOEXoDeH0 zLWVqOH*02L0ce$xY)yT*7WU@#TEZ7lm>Oh4q)NZF^jy_OphW^Rb}iJjQ_Zv16%BI` z!!>EV@U&@842x-);qkA4L6)ZRx2U3lOpXj@#Rw1T#;J3^{u9JnWOQ%ktGDSfa_M51 zQ{iDX?;Ig=IjOy*#N&wRsb`Jj3a%6tErxta)_8OK(Oxk`S&-ShdiLtX-tMGo5% zvKJ!HY5#?DnU*j{+9|DcF4-Z(Gs3+|X;nBN{k@ncyzLmyp@`JtSyl)0&(c#yJ4?CK zwutp_UGrLouo>A}YvVav_0;)Vbp6V`m_y3s_eJ-nj6Jzhc*kqUa(TlfbHr&SjPy3Y{%>S+J3G5bO`ZXAPLYE)XEb6?A9$4+d zHPy2!yzY449o38lzsg(M{TQD15Js-r&IXjzj+E8+P!m47z}*tR7*K{{34E=)*fMS0 zghNUPflaFo$&}?iebS&U*{r9>EHwW6*iWy#xhd-cPF*%U{*SOD(fuz3WsG)85mIFH zucofz0r04DWZSt#)-Jopfg}-PNpo_n1G%*+=ofJLySa%)j{`V`!Qx~-tj2(2>1ul` zok6<^>D@n|Ik3d_Q|A3dQ4U)S;29G6dcTKog^37NR-Ct44`P$Zh_kI8i7=RM7+fhV zAlVe=CC8Afdda7Vm5ECF&HU&829)jGVNv2~#?6Q%gk=))z@wFsQ4{LFn9JxoxFc=U ziKtG4i!j5IHDiDNV0DL$^Hc-(!HUhEZG-m3UE*Nb+&Hny*vJDbS1)pbWAS3+!#|p2 zX(u<%_@~#oXjlCZH2t{9OYM_XZRUbRlp74%>K?t6{ot7JQ@UxGVnYXrNwONrFD>rIU*N`&zXdzd}C zJSn7Y=W9yF!-xUJvjz8yOQ~0YtjHW$R+Bo2JhVw!;AkARnYT+p=YYXz<=WJwPpSdO zhnVf1SJbI*+FDv7P|gizIhGe)8{3zVFc7kEh3VcEr#%b4fKXml&To#aJN`Co>>`O5 zqZvH9onR~G;CQ*^bwRCS5&u*0rK6v)uDD$)WnGWiUa56s=iMhgej#C&b8P4#M7QZk zFU^MD8|hyUF?crwD?gH9v*gNT5`+#`tzj^tu6RVvkldzgWr+bpgjK^OA_Q{Jle3|er zM0Arq1`6^7e0Hd<>FI)9ABQZ$Jegg&l_KzP@bD){lUg{qn>bjQICz*iSeod+q3P`S z!y|43cffDzlI)yK;=30aCu2ZI6);GVsB0)k8DN!F*M#L2nxip7t?FaW353I4`O}i8 zq}q2d47Jwi?UMK1d?RX@66)_v9HYog1Yg2phtI@!i!dDwg?|y(zI9#xaakQ;pX!X) zK#XEDwzk1NS~oJ%cUnHCA@f|M&O}H@$HBovhb2nHr9}qS(_IUfT0=z-u9n$#XB5of zI+4$7dq5R}{(V_9>p<548ycMUNk_+^naUAMh3zN+btsu1Vyo;rd?X0S>US=~$ZN8Y z1NQ08IhPwBP=B@udKZ{$_uE^podQ$e+$^@D?|LQ+erMC)$X%4i=k9Br7Ec+V&NGpqct7Q=rMc+Sr#%>*oE#Efn zsv@&qgf2s^@5}*YGjAO^cV=6ph6jRao7=&_8*Om?j#{_$-K?M!&(>xMsGu#-FB-Ek zUxTE><=Gu=IIH3AZ+)(XljxAlPZ5JWxKH&;(zAdlqGDfDDJs74&mUd?$qJ(uHv#^( zQVx*Q^f3GNM{#Z;&kZdxY_&+8)2dPt-;u)_n_sE?HmEgUZq+m`Q|kO%2nlj&oKY3u zRk1;8x)!w=7w=A>`1}MnR}-Wxqnth{sZP4nITqz!q`Zxy1g&_3Je*(Hldtc-nwqx_ zJvUDJHEZk(y{py6?$JT~Vsvsk!Ez8W=`osXqCLf`!m8=nuCbh)SATDcRnhqJDJ%a^ zZ|DcZFnGe$oYx?eOQ1Bj{08W;GCRWu5rtuu2+`P3PhO1oY584t!5w4TKr5fsxe~if z#+Pw$BK0CR@pY!t;#3GC$J7~A71nb3w1z?Bf;&T+8UZsU`rKcJ9l<9@6axogNGewt zN;fp|;&Btl-oLuO@6RT=$bXF&nLGqb<+Zp<20NzkjG+_bA`)3hlf3n}QZGcYXCS1@eTqJ)d0~C5J9Sv|jw$MBtaDwX_80MZfgFI8spUc?=s`Hq;)P9ejiW z{4)jSt3!=TNg)~E`&MGf@x;W>$>Zo}7l}Nmp`UWq2-<0G>pm43 z-c(U@f&N{xn{UyjwhZ&H`P-+4l0<4bgTJ?BoIc$f%D<0D%b4Nezc6@8q=6h+^z^B-3% zcteu*-tgC&UWJ*ES()+BzN25?!Gu`6l$If^C!eSVQDa?@ZFYEj*2XLC>FMY=dkcBb zronu|)mc#pfn)XkxWBaP@%dWd=!9lM+pzU~dPhc&^4wI8QA|vqV;#X+N1RHVD{nK^ z0oOPDL}uWA=1#Snz2n}&+#0hE#n7z^tVa}wD)eX|uMbltBvYPb8xnQV?(|+zhbukm z2c?Q<+8XR*hqmta;tIL>v70=?wBdIrLVU6}0*#AQ5MIG^S1fe78 zLP+w_qkMkK6$JkFB_C=#*>P3@%Itpe+c`q?;Ad>{N~B1<`zE-V2HG~F*cF*$S81nR zzYl=K!P_(bs?u6>ybgWlrG7=Bk_%*$(=$yb&5bny02I=fkdKyVqMWJ_Ik+)}V}M9a-Aoz!9( zabQh7S095W!g~RfRE^bQ4~9zspNf!hfz@L z(9Rx-CWFSSfKEHi2c3n?SUid7BD26cH5X7)uRVu=Qyt}d!h4f>vu0fg8QXZP(wmcG z%(=SnpuWrVD-i!JvKlEr_9yG=8>sK&cpghU&FQM;FaA2#4JVUuRjL1nwRet7TL}2o6RO~a%E>1%!DIXqn zxsVXsEu>*}2-;;TSy($UGd|Vb_DLNLlg{7{RK&g8KNX^16Dr4MkJ29NJ+g+q^Lq!| z6xBeA7lj?B@m@#oK>WBayAH(s8!CeaNFj$(Gi2xT&w$AsIg{MGEp=x)FyUD4f>Cav zwqXebWx1NF#3LbX;|L^Jq=#)8UB)IAQpyM-Nf2uK3!n3SSGzM7Qi(QgF=&#nC7PAG z+HtL(0|~o@mt>mApZZC`8U<~sRu1Ep>WTr~de)e(2R5P`6Qxi`pCkQ#oi1)o znoZ;}+!f!{ZhV%Vvg4#nD4Y5!9^=n+hl3H809G=SIqHEwA{mtXL4V^Gmd&v!VaSNM zQgsIJo3vO8qKx3#*%2z5)^z7f+GcIN<<6ww9G)5k3T-S288c@Tl!_%;Lx&($j1je8 z(*9a62D2s>#IDPL1V}w>y*2T@(7ZfM3~0#-XylzWtAyyiBWm)MOekh_iZA)}VfqL) z-Aad{R}|S>Li#2^ylf?Nkf|fC`T>Qo#+HeRZH2REc;#$tzZTt@lU;u{(Y{%Xv87WP z7@?^z6>VR~kt1_*1L5ggeZi0|**!igsp4~uFdF#lLBBYRnDRW3IU>jNm`9qxMq_O; z57soPw(T1x_Nv$}eD`vO&bD#!{C21S+X~PsWpdsxEaqsBMWPZk0hLjUDuGO%GGMEL zPpX?xi5Z%r>>v-;F}jFzy@#CVo$SVrN#i6IE>NVinYN}q?=F&mR>fXE9NyzQ_${10))yGlR*X?BXz3q42#Sy4aP~$2ly0e9IY_=J6-RS2;iQdd#Ir=oCXSBF@;;-i2uXR7G+opC9^&)yV-Q z^Bl&N6sF0DQ@rVN<%Rqyrx8j#vu4AYM5i(E;r(^%Zk0E^LfH$)fN>gz1-AZVcl7wyMu@?v zizS)rj0>v$p|Ep;jZ&K)Ih027qW6Gn)#}K;dyT|AH!3@_oR=j z{>WDaIq?Wp!$^9#{cLgvd{xW$n`S%AEPrLRFGdi%)+Cz`r-ZNPf-uR4X9Pf-5n<4p-r6XtCs2ZQ^?KI{pVB;$>stHM z_uf@&$b&h)Cb45&wWu9PR}v&mdgJcK_F?XgCwFvevl*Dv;h=Ej#>Jq{Vbo}%gEHmp zc9!1dYWzXKDUo+E7bbJ{zNvNFu65G~n{sct_q}YnUw6EqgLQ zg@nD{iEAhnCh#6U>rsY|`DVwQ&pGJbijSz6M=3^s^GSMcgwGAiNPMGV2D0<{e zyn9(b?(Sbzz16C-OSuC|`I_o6x^X~YA7sCYx#w|D^sG~W_lyE}Df#C)+;#I(|6Gul zf=@9{3i0s3x8WUsB&%~!pof0?mi{){K1k<-`X<7g1kKM4YuMeG=QKo3mis1BipQMU z>JL2yaCI1W)#0o;qtmU4?V+(Z%M29+R3lGY*O;OKf;XU0rGN*uS9*<3nyGw)mK^lZL zKk67Z;PrW6rzz`qPq?nE{>&*nE1>`8$wJWY7L!TyfvodxzWY9@vH%gI;(Y2Cu1s<- z8ozdzvhpueiMrgL@)ax*2dc`{pz3C(ISw1tIT4>^zSjD*P4z9?urtcE=_QT})ZY_4 z%jY74HR}8i`PKfulaT_g_0HHs<>=%*fQtE*Rs1P)*Sn$!C|ksZ%_~=*M=AM@YY=`` zkYm*7$WYsj7J>+~@&QgI1unMoLDX+K!Q@^<-F=nEHx&Exsy2YL*5V-UyE9EsEo=y0 zg|>qrr*ESz(G8G`2l1CUWkPL(!uKvcf1<`=1QS|uuD$ZZ=6SF;Cy_#E!Ju!1pPWjs*hXm^EjU|s}% zt)MlP-xj-C7TLeGw`QBT*R_>!^mGKc(rh{Ht9doe6lt4ac!+1?KXy4Ak-7z$uoOOxSpF(F(^S$+WOWWfiC`eR4SJF$PWcds`v> z$j|eD9X6T~ZPb3#FGPOLLOTVhMLEJ9x#}pl2{My8l(9t5H^OWTvu4SSz5XX#hvIM5 zljAwv>af^&KiK{kxNu7N#pK|)8uUr{Ck6F~ZwrTJ=lkF?xD^Or9bB%3t8RY;L{_X` z2M52451Sc)okU3-wzb%2NbZ|~sxMNyUl?=6ShLZ7VXtjVy!`fXaZ7@(xwUyMrOxhJ z)fFb){%-XgRavE_52)>`Q8aA~h|%JVcozj$ayZTmf~9Dh@?0g*I9x6TH2HL@6j~+v zun>*=F%{rG!Wd!+V@W|lT#U_MPDl|)PAPZBJ|NW4zdC3{84!)#rV_!%{*q=&!0I#Q zfBlE|iaV=t!5;hHGQ-=Smc(*%`zjSMVeKrRJct|I*y7_~w^!(vO{M0UB%QT$`<0I{gzEtV-roYbG3~jiRLo;l64n_SV^p--jJkX6aH<(NJr%P1UWSQe-O3FllvT;xuqF$RlX!j(;BTz@iZC)!zb;ea1!uli z=ljvOo05fC{roRY{99wnMBF{%#(YGA#ssTj#!S@5&oV&tApjOoP!^M4bg1}EZ|c^> zy2M^VPvXJtEs+eqOUjwTt^g#PhHO36geX7MmYr@?=>g|=WW%QmbnyNGqEx$4&vv4n?5>vx+B2OZ zvH?1NHDCNEa_>)Zs9X{F#R(1{RnwNi%2QTqqO4t3^eyh_8+&$2w*9I5oQ>ckIg~BI z)-c`@Mi3OJQY?fTSK@9yLsR&ILcU{z2e$O^ zxQWby$-v&O(G%{o?kVe7AjMkIz8nP;Jb7aj0M#TLlFQ(|;g4zEa@m#pKOuDC z06COhE3(u+1dmWoN&-?2HbLERf&8ybN1tp~n9k*pxt}qezk$DyiK;!PI>HxlE@I;U zlb;u?rV0zs5{&aex;TV1@u<>LJ2eoO(s`yvNkYrG_GLz7bHUZZlmJ)L4oF}pcj@`h zA86t1kiyw`!4x#6)y_&wpZr1jCaKe;&*UL2xNiU?-9d(VeYACQrQOm>cA1YttN%&O z*~^LSMvs8f2X&qF;37dK!=RC(nItqiK^$A8Jfaab{A0v9NM8ua-CL}SV8^|tCbykf zSl&z{N|QIH)obFI#1E+QUFhb~%)?$|IR&2kXU24}>+<_r=8b?Vs zCf(n~d>&Aj(6%A?!a_Ps`^9|U^XQoWPRHq|t!zJ#_7KFsl&7Q)IKzO+RE28Wg1nFa zA8`EmTXw+@7-A2<&p(n|_bGiypp<3^XvhbFX#$^!<+fcZkbr{g^B>^ig~a_?U0^Fz z21iqT`aigM$l(8pi$@@2f*d<_mR;Gatf#CH)3VHkUW6GMX04AHjz3;WHJA$O>b2|Q z6Qo6FqU1>h+F#?|U~eR2_EpPmWBifcpbmTbZDnHJwW61Iplg~DN+X;ukE@SeBa{6H z4W7#s^|n}1q-~CK!F5%@f(ic&Kn3(w6Evu^=ul~7O65B^?)FZvK)g&)Qk$zV$pwu; zS){Qt(Kh7@K&+fC90ic4m&JNdiXR$I;S{ij>YpUPgYGY|f^*%Hr7dXC1)2AcmEn~J zg;y?1mwB!J%xpwKR8OFjA>x)TMo?yinz-Y+*Gwh)MhqtKm|&WzPl4a`JFJqmdAI&k zxJ6o1rp~55bse;ggSMudt9XVlRQb_>%mauZ+yvBA3xR2at0Cz%?o024X(Q>iHBFPt zC+8lhA9b5WxwLZqj3<91!1BuGlk9Z{SV4Fs8QIa4yu*qSDN_FVxmao^o5;f6tGwvsG6a@Vn&te<8b05;w1+7k zpTXuhm{*DBD#A*vqE%{tCO#Lj{#RDK-Nrtu6LcPG`%d6<>tzi8mE@;KyOuH#%Q&$| zNrG#ou|@rNhTY}Pu_4!IV)NpFfZSPBeOewX+S#)MVd<)1BDUA_-UJfQ>|_#$5Z4m? zr0-}10YkCp4?!2cU}zs4ca@iA3wockP^qT8Y6mAXZ4pTsXS>WbB+#iH2Rb#rC8#dk z#sP}6_*T!J0pqf*c(N8%M$P~wC5SrEy{AjidGBu}aBeLI-3#F1ZlR6weedt%qL>Yj z&-y$w{<7IsFj2=(DG}kZZ)Z#<8?4G8I^ndI@#6*}92k^Kxz0?F9Y=)6w=L`oF>SQK z%LyhaTz9L-<<-Ti`E?BUwqM8vWHPUagn zr&P;gKRxQnO=d4v@O6Jiigu`R|MtJ5YIw~59aV3;{|{8H*7<)%)mTQ>L~n^0w$r46 zOX~RpV-%GP0r z?xrj5uUlgTA=>g`sjKhq@-C&s(AZ30+2udN?QZWrZQP4*&cE+<3h|IE|Id^<3SBOH zp#^CjSjfg>BPv>kW?RAiQQQZjdh@XKBcu{F#!3|uJ|DMDE{Sc2H4o+VU|_P~oaD_S znnXtjnQ$`By4Qfmpke7(cmAa5W%hSsLE>eMBU5*eXuPmZ;Rm;a8tGPk=JtlOYxdjQ z*;(OV+%xw^!$oHoEeULn#h1&8y585PN11~Q8m5?*+4KTPSnc z6II>S_G-xXSgBhAhO*E*JlB$ zanIWV*u6Vpltx%u(|tZaAj6hyM+EjiPO&1$iz=)(Q4y~5UQ$H1lW-ld_k8j%-h~_L z{=vcAJhKvyus@epfv!$MwtM%E5#RY5+dfk$P#k;;d}W(~b09zH9bq?rz?0az_$NI! z*%?i|9xd7VD?O8OgWq8lo(p0;ex-LY&!KQopaqc@V?rbgnHK9BnWv0V2o>EQcfHiRppx+)SrM_cs__xHCs@;d06d zuvEqR0@?h2IROjo>bkoda^bx{+Hl^bLIhc_E2$>`yL3Lmiq-WN8^eDm>r?$_ewKrG4io8uWH_Jv?}=tmipru9M9L9y=d%2A)-LcbpQb+WT04>UeX? zforVR@*N7|QdElxuw1~HG(@1DWKxGTld%)iU$0)&P%&us90EeGynfKb2R0yauM|Sa z?V#@hf_-=7Oat~Q!5Yi-3f?vMM`d;ZjMMOGR4_C$NYXp&mEwV;-{78G*`w;Uwy(3+mXfbeQJr{>drz^4~!8fb%V4%%F}%f?*Xy)Ec|tM^`SB#?BPR4dX z?cGPMM0~)X?i{-34|h4GfG|Wy@oiN$k}h1d*PKpO7~}ORo|z)e53*<_So1eF-o4Q`^V2~D4R12eU*ONIgxBS>@tbqs$!TkSo}ZUcFtezOYE&&8`7 zbu{f9u$0iyxHpE-Mg$8tv43%IbEb@TP_A?_$u-u4b3K1FCA0_3te z9G80&=}L=nDEJk@WnF!&CDfK6V>%ASQ@8$V{|{g~$gkl44yJ?e8ujDY90v%#dw$#V zUV%nUR&T$Fn4>(*nZS0zBq5%ViwEIQau&N;^Cwp5q=LmD=SY;gkDUZ0k37_FLo=;^ zN9t$6#PjbZ7v*M43DZ1l^5z7BC}iVH-*Xfo8-?p;!XyvxWZI9H0<-j|Oll=>0Wm&7k`c(;U-Om3_rK@7Q+twby$WI&oACYtiIC1hoV@Yd^Vmz(B zWz%p)#NdMEGvVqw#ab$h;!;CI*5-h5N)vNCO0Yg`IbS!03)j&-I^*)7_ylzGXtzUH zimI}glqYxNm%(K>NA;PvI%4WMvbKTvX!rG>!;QNt!GGCC5z6`hS1O&_uT})?sQ~z0 zg0)q}b{=1?&=^fBI~&jpWzPMb+)Lsx2FHIkyrN0IT& zVJI2EIFLf^>dvRQNNjZQy806tI2Wl#4DtfgV?%T8>3Wf`bS7#+A?k$tYf102>wE34 zFHLV4&J$W*c0GNTvxht^XDzvHq-@kPU?pP%Jt}9+mm2gw_eZpJ61H{We~#-ZPB*Gr z{^ros#(W>O1)&*4^09z)oNCX+xRx`FY_AY~^M<>j+wp=N@5xqD}<|R%FFsl4dRkLMR z?&90#+tn&%QuSudR?;y2jtal2KB_7K& z9buJcu#&4E5?hquU9f>(ko=#}eP!bX!OI=RYX6AjLay z1v?Zje8XMShl@z39 z`Ex%*5;;6pxVG4n(${RLQbMj1xiNitQZtSy`{LfWo`&$dofQRMNnvC4lT+I25pje3 zxu7Oe2ud42GbM(}jCX0tHil?3s9O+u)BC@Y;wJ3!+v$PErg~l`SXg}@Rscss>tc1B zLE99d?kg3u%PWl1Rolp#;_z?V@JY{e%c!knl3X<_`{CM}B}d!b?$V5MkOrdncaBFh zL|2C`r^hAT&%D0CqQAe(@FfJg(J}tf1GzmOG3fQ4@Vl<&#)C9^$D8@+_@DaaJL5bX zC*FcI>;qeM0&mvWg7^#gpz3nfiM#lDHsb$iZ}F}&zFL6UBzP8VnVaTXx8P-jXyP|((D?=~_|g-1l+=@e2hgg_!K`o@l^XQ&jYNdA(JGT8Gc&9k z-mO@~@tP-e|Gu`P3*H;-9MO&u{_f9X=^~A_U}~(=S{psc>Mg`1^T789(^<@r<6oid z*Y#dM7MGy}%dAJ%qBXA7ps3dL-I%d{L#&0D0$at1n*b&=3*Bkk=n(OEGl zT>@t8LEGHMc{C92VHQnNq4#bQsT*mSzfG1(!P<_KtPr*sI%h@ZU(y#Ua0#uZvS2uW zZ?qp<(-Y_E!Ke;8oLQKHH-0LeZ&=226N}j$ESM2HgBwEKjr$A@QT}_VleiiJ z!Ym1wK>orY3#yPxBCpD(cvF~(6ZL($MfS}e-Z2^{`+8YWARU-b|2Q{@^S$3?bT!u_ zhXm-D`zJXf9o<^yS|IPY#I8z^`&zQ-FPJqRaUvihA{y{|L;U08<%Rp_{qb<}aV6-ItyGH0AwqIB|Do*1I zZ%Btydcvkln)&9?KBJZN-*35l+JDI1wTb_$+#O`E2lFziu0r>QHNir}DOdbJqL(}k zlkwm4345F-&DzPPw!FeueXnrrv`d z?kfl+-14L{(X44|h_fIby*R(XWou1A4zr+A%S54~9R1GXw9bQEP{X0LbpcWwyg7Ur z|JuA&ZqBzFPef%>_=|@C8G+J*1O75@2$C1?0`S*#_@I!7iphF3YAK+CDe~Q_{8=Xd zMSJPT;G|&F2Hk0m(apC%bImX5;a)+EVP4CR?1g zh(e?uFv#LNMs^#m!~Wqq^`FCo9|)v(oYeEMl@Ftin%LVLrU{t_E1MN+kU`=#aTP3D zDTvt+6tuS7ZjV223eHJEj5!(zShVZOUBOVWWfT~vd%eB1I+R+WHSe;R2&Jgn3k*Mo z3ZL)YF)dmnD=PedJObpt7^irnsMUYAs40}$)b$9kkvr<0_NG>AhGR(!`TDrJIyzJb zfQ}r}_Ax$9wP_A%tn9icStGrECt)=jX5b|W7?n_4<%zrS>maST&GcpUD>h6f7mY?! zM2Kp%R*@Pt;?Z-kz*gb?y7qMsM;`fGT;)}s#Yqx3W|}|!m?Y$oSSr@^DawA#4ON0b z`or+Yh@Yi)q)#+zbE1aMBODdR8+{wm37HvPsD%UB`t>o=u)5VivFbk69x`KM%e$A4 zaK`(hH&5g<0To!Xqp!ktR_0_ncW6Gorn3xd#5PZX+GEG;V33ytw3ZoCQD6b=&G_7l zBqm|^adLJ~kB7}|c86gMx|)lFFnZtW1f~rW8a5(%&eUufmby>LND?%N=T7OD8e@Mp^@ zOhQWR1%-K#o1v~*^8r3uE|pi|l`h98i2k%;z0Ji4zjrctdnpAfly55ZQVXn^eo$0J zr7DGrUjC9~eK_{CC}fbDvqp+kVDCbm=qqAfw~w}hc4EGzmPSUsVkNLY-PVz|hOXrUbZBSm z%B6M1>*u&IQ&>1O`U3@`9C^5&vnQYBt)ZZ>1C+Ws8$N@S9z!}v*t8Gqvhf|O zQ6e=uq-n+F?UikYD_e7zcfk<#CEW*&rMcl4s~+aKjw%*Q?vkDUf(iWi5-$81>V+dq z9Q|aT0_)#8F9bYMhlKbzi^jvp7kC`kDG2Ldo`Z~Vs}^ly_$U!2%*>>q=E6z3hqdY! zSKL!+Sh`Km?%;62(ql{~i~dpH7S3O)9nLK7T=ID*+-NFZzG&3{t(z1&IK2zqO=DKO z)+Vc2;m1fR(Fgd9*M*)ql+U-n2d)7FvCD~my=&s>=QqkH3b=0lcvIcWp0vdLF@%$J z)r2BViery{fW!;vti%_P1IwpRIB41i3n^^JuTNikERK|5uf-im^1kx(d2YA|@3{7V zqLU9c|AbN0t`Nqr$O&Mx1K9^HooCYD*%bnqq(T#Ez=@>O+frEyn1xu$#AtFpo`c}A zUTq$WY2}*7g`i7#%!DjPh7_59HgCAr+61Jo`pZ^~X zuDPzGR=nTQp##TlC@f}qI14FzNhie1G>o!aGI zloAUCG~vY?{fATK2dTKkO%~#()y{9rTMOCm=?QKubUpmzeQtPGf{Mq30@g~MV^ViT zIcYh6VSOAMO=3&JAt2d|)~*>@8bNBZ-mor<#X_IiSwPhV!*kLpXtDw#c}Tk8Pry28 z#Rwdv7KC9K?)hK#dNSKx#Yf0i+guc;-*VV!?t^vZxkxP7AEs5o|IR_aJ{b`y$M+RI zWHtYYDY0VmK`?lAL1Vh60!_!HL(0`ErF5$3 z$?rhG>KK?!D@$k5Q3lajApdbF_|9hXn7@NIM_7wrEP!Pc84shX93t~pbaG&!5?hgn zc!yFnhhV~n%i`Ch2!oiVRsryWh4?AK&oW?8Ofoppi z1Cy20&eW1pO!|#A6;G|loCpGXL&Xhm(YZW%y)FvcM+1+sx`yXhGa1ed2$R}`VH<2y z#D~YtO|ZnRs0P;XOBS$g@2u*Dc#IY7lr$K?sON*n)dTgLXCT6DU=c&pE^5dyb{8?6 z+U=7$lS4Qa@2Z?YvAt#0U$9^st_qq&i=&6 zTkK9JUrSoMkNffqW`2yo0F31Gv(vl#u0TKp><043NkQxwNL#7h;H&2H^s{jz%=M6k z3Qj;qr(VUGnCjp3G)gxwf3H6v*5%VEiz~YP2xnVr=dxy91Tyj^)3N{h)qQLR%ZTax zJ+7n)f4EHa(uE4Z`98E%^FOgH+T2>*o@1Kar@f6Ax_}@IP*5;zj@4S_ z`}85HtxjuAYmKqnvhZuq|KP9)|`d+)DW5On@#sXTADDOw*WAk3}&C*^4B*2UVbDmpXSDX6y){Z0Ruo7zzT(VwyvxE8VZ|kygU*O zvz)Y)R%idcW0TiCHZ?P4UKmOfe$e)%^)_gHEo9JOyw}}Rh&s>^rNwb%B;drEK2TBS z=MSr`33q$V>T^?k5{`_;v&3Amrn;G)K~$Wmoguh@>iyv3THDYPd^v(KXX>ynHL z^O%vbz;qkM?_2d2%gLlk8f7I-J~)E5lHLy?sB?PH^X zyUGa@KmkF*G#D+RgNtv9-0}x=ug7A>gCiD)^p_4AY-rV`PHRHnJrZ=Ly$t+LAkSHY z&B<+|WTi0nkNs!Djev0)1#JdaLDH?`=rsl55Sp1`hM~@G$PAyXp;cC;$JEHDn^^J_ zbkY1EQXU0%=(;%qII)hgImn*6HRt8C^STp*qfgS;gfirTdWDCx5C)bA1)59! z_QNv&&6o%5)O~Fx`VJ+sGUf{Sy>$T%`u=n@r#@w}&DZ?h#-7iGqB^x+Z2p^7t~l!z z_|}E@dY+>u6O)Fw-EXt*Q&KjTA{6}dIr3)xp3>^yeX`kTmsB#+ihh1p&ikDm_$fZXnf z(<%>ao12cMvv_|65cU`8rHviND`}3)d~R}#p7&$Iax86iB*@-MagyMn|G0O-GKwJazVTVj0giuQtJ!J8-#Dz>|I3O9nbF` zBiRujp~nrhL!olQTBChdS(G}j=vOj&Dw~t%kmeA8eP%Q)+c7IS^uq4(y6yM=^w7C*zf$Js z^?BC4eXFQ${o8vus)6hvNjZc;Fnfp={A4$b0ugaX za?ljb*mrI2o9nf}SP zsriTgD>BzvPlV?k`r~)bofAe?tibFxBWfo~(yCDcE>56jQidcsDRf?gB|f>W?iUKf zEqReu0d4BWhhO1>6W&nX3a$VG$;cvTReD+>-pHXcG#|Z*ZLR}QB8}up*%&C2UsD|k z7)dp}qD{RBO$U3dQyNI~A1!|tp?5h9G*@Io&yFcwJqwtQE1_POrswv|*+VaSLu=@W zM0+$a@X%83HEH6XNyFTvz4l>xEd`%jvzmtkTpw#NR*Zp2aAIrvlKR+Fy{JbSt(9GMZhIpd7JZjNza<04H=1zc~|34Z##3 ztW#x~1`VsMPO9CGyO(;eGCHrCK{GpB)3e4%(cmMjI<5sN&)pMcTrn7jYdSc%VTio`y^ath9hQMb9#%JQvl zQu97mRIQt8!^g3wErBR=tkz%YMCdiIxcbW7r1aKw0>C}KoBwM&Cgd2@)GMt~+N~_b z#$n%0Zl|~)6&;!e8eO4mqL}_ObYj$wrljUlXi{?&hI+lPqIF_I9ay$dq_yB1_^S}! z!74R|o$SjuXIkIo209+*>%rn*Kw8U}0awaKD1RzI0k+h~SylK98TK~i%PRF&^$dSs z#2tutI;b&=W*1+Fer<*=-)KrX1yMD^%1HDY?5$eeY8Xt--K9f^&0qlq>FPUC?m@JQ={ca3|V$-ayQ zmPHLyEPBB%*Ozo?4hELx>J;Z?24t1*!VC1oM29+SvD~QE%dgUQ*Z9HPsWL0RZlQ2ch}B zU-o`J|GRw|yQV0*{rB3N6vv40@Acnz+L>PoppIS@vr7?Y%e-9>S+Ggh;WkQZLVL}( zG8ffWK~F2~gFz1m+2OGu$PulD zjAQpDw&4xJcI}dPwE z3CG8c7hCeB%6^1-y?QFUhBu=33;X3UYgFCscbz?h$XJ6qT}D`8Qn&jqDhC9-VPQWT3!ezg)6>_5yQ|ux2?Urd zr{s8Jj20~|3-iLv*_qczrM1?mBLxO7s3rj(GzLS_CB>_RF=9I5^;Q%rk>A~KKx^lD z>Zj$)_q!rSn290371G|dJRu@Tupy%Z+pc=E-$=(-OK=5`iXgac;Fd(SFWC$DMh@Hl z6d(?~#PFFXiN}77Z@GrFKxhLs>#&bxWWx!snv%VoT(RPa?Y9WpuS+#T+ikdaN+mKi z^&-~i-{^N;A7BigIL}{SqRgIYMG&$=8ZElEBDf&4C!3;w9dW_@+n%S>VeUUpBz(gT z!GJTdqMdwFLK`YY8sTW{q9zMtI`mLP^PVkO2eBH`FI=&*aK#ZwZKkdkjVPJ}pbegS zFNL$Ks-6P{I~LXhX^N`%zGs8%dtw`BJ2!V$;PFo@7R~-nR^KTuVqWL8lx}_MS}Y3y zrtiH07S_+s8&srFN8l16${I}*GZ zdAbLE&Mi;V@88w){XO}M)jh>8AfBe78Dg6#5FEv ziwDzegC61QpdJLGFvj}1Xj-#*uOB)L!G^xtsG}W0OLGvrnmk359Hr=!IH?#h^NtYr zA}LcjaDA)g8uyDvPlyh2be?yyGopD)%#F*d=SudY(@nBbtXWCuoHVSNqI@7Ix2%D1 z)$MOWf6Z_%b8&?+Y*LoR3a|!)uRTes0%xdp*yRe@TgD7gFHR=SNg7jBfaWE?25jft zCCTmcrQ1mIB)3?atSky5BPTe@k5vhgD|2V+y=1SH*BoX2?9Eahw*rUC&j%n5AC;0j z7v-0V-HhmmxQem4i`9IRT&fhYhoWXPHkf+LPlBtCxVPqzm0Li@i#k{W{jl?8897%Ly@^kf;62?9n zRKZ6Q%7n==v=5CmAcBw{jTs^Wtze0ls*lOzK-iWE5e7H9@G<--D$^0^!yfVFz0bcF z(W%}o^cH}s38iX}IPJ~rpbv+~2;+|l*A5H0rlh<#o7Gfxz&-JX%eI|g4Ub*Ea(C@z zmPT(9#GR|SYy6$^>I6N#dm^X?OO>3smOQ6k_jI3OQ9*;4AnKHX*n=8EHk499CDU$B z?ANMU$+loS93Sd2lQf?flt++$*XYe&TMx=J^vYiKgwvu8k6n`ly}?3V_9}~o3s$t2 zks(*ym*yNm8`|Ee5E~c60XY_Hc6Eof@}RY4t1T?VDIe3QMf~%}tCQR2O3df7ES%U}%gF}PMvPh(eLU_|9DEYida#q0LUB!WyTg=pco)cLR(#J! zUh~EziyjmJudYDUzA?^IeaNUB4?EAtFE8q|EIW!1%@Zlf&nM5*r)~0_nJRua{BK^l zP~0U7@@s)fQW4!uf#axvFva8QXrE+pe-PxCc#Sue_*uV*chMN9lNPBu@#Z;lCL|vd zm=}^L@oGS$O3!^9!-6MV7Gm_%`X5i9{GWAD4ySQ2v@wv$+eO7g1fp-O5D8aMgx&T5 zDPe)pSN^uq!4bY#{wKAwvvDo!(%??a5FgkPO3~oIMuhmTVejDdi{C+b1`jHqkkteR z!z-aYDH5r9_vc`uGu9g%|qCdhfQ3<5yy9F*Ewf@E-jBRJb;xa1(={ z6Qh0j&ch>STibs({_Fapx(EIlUsB>~J!rD|7yP+syK>PjAkJ`U89+th_Y|AaB(N@s zet(h3?GEYqsKjC_Veb+B_CfVp@6Ij5L-#CCi<Hlw(X>q-_b88DUF59s$Gj$%H31I*aePu_}Zw8^^^TkEFkyj_cG z{4w(06lwziG-=c$XNLKk8X1PaMiz8aGCRjYzRcWQ zJ@<%%4DL+jBYHqq0xDia^`Er3(L~ZdCmQ7v-L$yP6!PwVJw8w$PLR?kq#|MAGpdA) z^@w}o|J1m1PmY!~$G&sEH;M@vc=U62HgO-JXQV@FKkM&e5|u%1r@M83n8}%Q+KvG--kN|^%ppzQv(k&h6;H=~K6 z{`9*Cy{YZ+-05>afbd&*DovqpsZsuJt6c6+R00YOvHB{>C-+lLtu&=%)_FHvidG!LfvO8@6T2r-J z86nn$DA3JXL&p}@;$+|iNs5?u>CT>(^QLu3f>~-1hlViK*^^A_`ffqs1@90k!!Cr(nTTe z4CjzQ*u)5(q)S-#AXy*>Bwg&1FNkU@QeiVR+Mhf1)sPKifyjx86`Oi2Fs_2=+9bBU zlAu~rT!;NE3GHVIIXO8ug0~cLn@_n$y8Q7(JxBZ22c~@>ic+#5^stcRVU6g( zXP74nfK#1;Y~+hU`IZk3w2^RNYT&y3g%cf^C$gF{rc#M~_*kC@npEEG2Sjis#Mj#G zNn4Hbl^bx_e-)sf$%9{!4JR*sgZ1D)9Uh*RegCcX&l3Xmd<|j!iVL_)=W&O_Y*$*( z@;r*+mKFYFpV)Gs|CkZmJ$z!y6V!DrxzWleHdHt3@`%u~Qppe)(HHg50_COKXcwh> zh4j`eJpG3(BM9Jz74D`MuxluP_f!bPFwv-!O0S{ly9iPUSNg+tiXXJX1QR#RCMuJ7 z8|%<4j)G&1Rx7uwu-EL{CzqOGuf#bFkxV)4hF^xIMQqEwV!rcU<#%HhD+d9aG&R&* zj3uqb6d}~{nJIfUg>@KlpJ)~s-4dHkO;La;nDOHjPD- zO}`F5xGfzp#M!SzjPZi=yP!&8-qLELr1!8RLES3f7lrY5m^&A{*KIHHB3~JOrZGh- zs1TuhfQ{Zr%@FLg^G*Jz9O@lB1d2x+(wl>!5JK)`g$azKcpW^B$3$Y#J?KT;%d++| za^+6KeMW=%KHDzGZW8n=MBfRBwqN8?qpo4)3Ys=mG82d{o+v+a`}b2Pcyy|>5WUmz zi?Y3BfyMx=TL`0BzjYpT<3S|}n`Y(dVHl_&-G|ekK~P2=<K+DvzdJs`Zx)vwIPbVEWv)=h%)<5EJVjG(9s8s zdzO-^pp&CivImTT$o}a`5yFR6S9OY%mw~|&{u*xjX9P&(r3i1Che7$3ECSljE9ox1hwr$MBwrwX9+qRR5 z?K`$@+qTV}=Xt-{wZ9*GcdhEWy8B;OS6#i#izu z#ndm=P;nR61cDSg@8f~bm**eoXsH_as)ZPxHfHA9u3FY+~u25v#7!OK1`Zo*!f2r?D=nfEJ#$vDyQUe0wvrb)(cF5KkWH$8C)YYflN?C73E7w3WMA4>FVs%qzTB4RXew)4I5Nknx~Xfn3;~;52kRg{-FAZMsH; zdrdT!TTH+kUWWC@3r2-k6~Ep|bB7+=@qEPWF>IIh$19s2d&d3B>vp$JSi*KT+~(Ex zhtlYW^@3CVxs@2+)wDwF;*bOTS+DrS_TO6U$t05gVxGlH%LC?Q5AP>J3B@3uYYkgbUZ(uj24%=f!ccTG&D!%x@>l6 z-r!~@!Cl)#)8Gk^GG8ZQ{B-NMmZ>q6vf!|{tm#L$cw{o2`#CqLqQ;xd^VW*7TWtJG zECb-HwkyC_{B2(i?1Q4{82NM;LS{Hhy(cQbr!|OQM5p^dL(~d%;rhq5uXvjU8o-si zV~-nYZIMmpbN+pOy_%A-ILgFvgpcMRgA^U()$^X`yysbae2I8JP;?yhr+W@}w}$Oq zahj@%ipw-EoIis1l&OpYwei+x@Q;;t7Ney+Z5?G$O~G`j-!RK)tN+<0go;84 zMvOKzU498CsXoGw9~YJ_7ljpd9P{GsFmMIhnl%gCso48OIg|$725QIYVN)((1;q3H z`#2Ng=bcS#&qzj{ocMUL92Vqi-+_(Su_vp{dtP%_;B`QravuOjWE{Ct{UU&W-X`GW zco%px+vb1#x+gy0Y1T^3kc%ET%gEk*>_UF4iIjX`+O^E_PV6^XXspefdCRu#SYPAP z=Q|NNkipp%p)+^xNQSPuYtg(?ptD!&`OMJF57)+9-BzgfnY>4LqD3>AIcgOO4$e)V znn@_S2CEOCW@a&ew$~j%}sZko|_v^CX{yk>*)A)VZ)X^0xoyYfN?mxONjWTatk-1XZIrP z1)xOyRedC@*L*D2YBr|Kr+iK7`~K|DGt_UFL+~~GetF}M@YkGns10lV7C2lH-)>iI z?iM9s3=$q=l{T7gZe!)*8dG-6vfk6^n5clch3Gf-3+0=Cr*UFh#Gr@& zrYgKrxb2SUk!FeFpF35w=CT%^{DWCgzH8uw8t#CQ7$5j=S96%nd0Oe9KtQ1aTa6H4 zxeWxYQgtU@^St9*_z|0v^Tsic+8rUobz>AAe)c1gGL5?ORbY?;W1^=E5}*VX_hX%u ztw>~Gbu&dO_jcHN-A6q{W@DPf5aXadvCvOe*6AC7?9apvi8&=$H8 zh8j?GzOr*v*%8(%h&ybm2@tYiE(dl)C9^Nc$yn#}Aqw)}e)#NIz+&IbfWk&frVJnk zcr=64Vq++XVi%wu0#tERa<5XeH?U3SVDSS(e}ZWgvMAh6Q;y0pmYdzS;CUmaQ??IQ zk{#@!B2mFP$MmWh1{*{kxHuZ}R4Iwu)D77uLHxS*R^_xi-EYiS?n(~m6erqoF4OJh zd5=h{wMvp1sE?-8>s+(QtI3%ot2``5{fL@{$##vrvhwWFAZvuviZNexQk<@dE7d8twuwxD0_^r%GJU1Fn zhr5+z;D>wk*jQNI4%u*`-#NhlVZLJvxtPCCt*C{ZcL3knFgAkv-XjRe5`>D{AR>qd zM1zouY~S0F$iGv{*&LW@sV?f2_|Vn2#YkdO5z%!z%Y_-pAlFK0dHP}^?!9ldMC9I08M<_CU0-i}e=`}D zA)5#P%i@)V{;J8=$x;wONy1&v=4MthaJN1Z=W7feglDzo6(x5X-HpIrHZ-&McNc>hG1^Vh*5o2 z+C&f~&Z-xZc00o1pJQ6!6YcB!<)!88n_@V}=jnZ4@1NJ(>V2YI4&VF3{Bbuozx&te zs9Cq+Fe1y~rCgDu?#J27mNy&4GphT;tyGEiiyGP>O8PMgmEK`SINU5Am{}sje0PR3 zpI16eBE3R<`_9SJ0je<=X57x4dVpS-MFuG1%YgolU-UsMsRCkpn9*!t`bg+?IRHz| zf*l#0)s_VuA5l&=^zCc>Mcw#;NsoSd<$0S$WUw;Sm~R17Di;0`EH{yBdD(G2^Ct26 zOdHJt+UxH9di6%q++7Mz28*^+c_-)m+7HfxJ1MegLQFRsP?+W=%x-k_uO?Xjo;ccI zYLQpQ7=TCacpHwv{`fGHIKbX5ex#m*y*|SJl9}T9rTE>h3U2wa1`qvJc~nQqM7i%&l`ZZKsUcO9eOI;nlyhSG0%ix6t%E^iqBl~hdC-*Uv4>nGS9w>6 zEnx(kT5_1B(~~h%^(aSnFI8<)h=FwYvlR;X0egSBUtdzo4HUY*T-HLg_gwZ83f$VM z$W2&a|H=jCL)H-j4Wr*OnP}s~3xX8t1$Y;=TVn47%?~xeP197_gaEc0#Y!`h?3c-Z zX;*za!Ma#HL<($Y$B2z8@DFl({?3k*iqFyOdONRgZWL%X4yq$2^ysnE0q`T$*U&SF z(+YHZnXH>Xk9zP{kP9t(c;!O|+b!mcgWF4NmHrX7{&ZyZdwFMa^+`}!JG@LNJM35w_CwpFEN53`Ff=S(%@zy_*n_5`7 z{UyPSq?Q|BM6TU*)=sXI|AXp4Q}-)*3Zg^&$bu@Nj(PxDuNV}|BW4yaa z4y{Q>q7jdj*p{}BN;IZL*@v{Zh>L;IA0~ZtW@Z+|fR_n?i0LLn7!^qO!y74LJA|J`q;9ea&W zP~o!kC$oWzSucOETXLu}-E5`IW@y5wp<6RNlE7245m$SVo7Hg`zMm_+eH2ccy%X1k z)5cZjKWi>h$yVwR>|?<#xAL>gQ3L4?vyUYZVa)oy)P4G{WRW&K=|QVTp?kUHWQbimW(1=VjZ?f+ig7Zv7~uY@ z9|*!lQ-A}<9@SG22T2E+@P$=eFfA;W?TbztBp&H#vUUeK#5um6(e`;1&r`IJW#%)K zH1j?DvIA)_(8fa^N?A>G&*N=>sMGA|RW#4>1;|xda6oWg9m4$00|=A>EUmm)B|G;Y z8(sVPd-B{eJFMPyqcEhTdS_57Z(_Z!Qo5e6M+fzBop?8BYh$wtoDowAj%xX0UGrBZ zLmJbQ|6D2>`6Ytrbtw;V3NfTKhV?|Et7}IZTyDcmLTX$LEOB7z9K*}Nkx(d;z$rgs zW8?LN31NrvW;}Rwk#MH=zY~1tHA3U#BwiT|)m?vbbo&_|-PN~yj8O07zc{YdK-w|b znbKDRwK|#92-Uecreo^21t#qrXAe5sVoD_=6qn?wDZtNP2mGb0y=BA$BN2UzTw5({ zOY&!q2$VpNzPs@8pCa3m`$*Ca9m6M+o|SYwC+HA5IS39E4s|8T0>~N4gf&M zEbW}5q?DGv0?9<>Ac=V#X&Zw@wo{s<2l84`3>?+Km$EaD4Q38|MOw;d5y8W~3J*(v zmyDQdva$(IsRuhXcvNUr^<)-)E5&QWi?(^9GBT?PKOd)*@t<%}^AnrkcFBv{Ad3sd z+-iq%CZ-@m>V#Mz*oq=r_{eOSa4}y`>e5h`NdXSyJh&cq8dag>lGOQQ0(A|<@^9$I zU&-2OKqpvFPoCVo#GgOk0PrUhtAnrn)9w`#R+CFBn1&nAx-mSiy--%To$KeHNwI-#bynzQW-gd z?Zuvp?2!y+;NND?qUkxHCAus_SB7Cv84AO3JAk>wFHO z!GmdSo2YgV2(}qq_s5WIzU>rqXc)81*puARhR8DPlV*S+hiB1jP7EVP*XjMVsm*(2 ztl7=``I15?)OJsoyh6eHc27gN8{`W4_C6mxr4COYhzC^TQdc?FQ_%$rqj)kT!l~Tr z?3Z<}k&$kL6-2WuSGn3+(R@7QkT3An+}Sh%19DW&Vg{aRc80CU zLTa(pwj9|}(omJIcr!!yA!Pu-59hXS#@H4X;L2(d6>A#gq~OfBl}j?uq@7+YC{_ya zlJ{$^JiWBA8uU=$%=-uogL5j~wN=_Avz8lNZjI^AeIb3ZU&h$+VxHYreBxqk{2>M` z5cAByNVjl;I*#WVIGD~EF(n5jupi#)1&_0Mh4Yh_|G3vz)4Y0`+~n;e*+oj!#<-K7 z!BQkS@lS5;DyFHa z10nI}zLc`>o+@>v$zV7Ju0NeV;XIp)-%u`g3ax-Uw=HOIYfo8=C6-9efWy<@l0hDv z*K-SiS$a{AS&B2Qo2!X?t($A<>2oU0R32D9QVoV=*nspnxv2JVnz5sd8qp`6!`2(V z4$4#pGkt|Aj}Uh$Xd$IL#Q@7BvmJWnOS?hpB}FpXrX%W4Ig+-K?;FU_aW|3apO3F( zfn%kU+XmXPb^#o&O$!<|pgo%ugMg+=a-2Tsp$XT3ShvJsc1#wi-{y7mkCHSz&0E+= zsn`@~DWXV{B|UTmGVX1kPfpVJ(u;?+cdqked0d#ZOjGW)t_i{l{6Hq}g1BI_Afs?& zN4lL_oJsAPP;IfYl+H5?cHjD$SYHXJ^Jb<1hU+^)E zfx{L*CBooZ*FhS59ooCP3kV2lD~DhZnLsQXda%fn__O6veg%YB9x%1FECN7_ z(es0s8_tm;eqLtt*&?uw?NSG!UI79>oB}Dj>@T4Vr>Ln5N(y~N{58j)GL9M5WsLx% z6tuN7=5i0ctpEGQH`A40Cr~XWkWWC#Uk0EH@Sm$0wP(}H*GK+4sD0-Qkcp$H=Ir1vDV*K8dfUDir=_D)GmS2vqFHhmrHUxR1? z|GM3QT}IO>kMmFJgLm9Brr#=I?F@f|l%dsXh~FsC{1d+)(hSw`>lR{BEH!I;9E2Pe z3$1H;fu&rEUHs**$3O{owV*>NN$aLtETN7SoF$wAsVA9RmOg?fJ>X7)R9S;dJ)qHq>o_rWkFtFZ<|3XOeEwdT!`vi8I6HK!0+O2i6<+XlSLjr5BA- zxr)r5_sR~9&XRpp4%eEkE2BYPOjg8~3Z59*K-*hpVWz27(R09l?DHwX)%fc6pg9+k zd7w>9xv6~w+MRuL6AC#QCz9B{OfHWb+XDMK=6n}#-4}Qzly;)Vpga@zL?obQ^eW<3 z)a=QdgEtx=yHKlJl8E2oH66&PXFu#IlYwgaI&GlU81#nf(vL_awl{e$3%R;IcTZlScTDUK>grzSW{4V2oHf^43M}51$iyhwXg9uCE1s5`FC!fMBj1 zmBX^iF3k>^e{WwJi%OGRqESZ%q4OZ1Fr_iW7##`BXJhcj(44ZN!4(O3^rKIO5q`6W zrgK5>_)Rz2b&MLHq&t}=Rd_kMXq}t5-J6t7gDzRENZYx(43<FYA8MU!#d}M+^J}tz(Vxun4x;hst_q2rhC)GU}Z*pfTuYQz&s; z+7)Gc@aRIWFp3}kPmgFyuvhnAaM04rJOg{;pjG!DPIIyfb_&bu`1!dMBZl_88ofi^ zE9ixIpA-95M>IL;F9T%vE1add{Ho8tIT^gCq_6^kHRKxe6RKkgW>E~rVy$ZP!TM4P zxuolj(`>$R)Udsn%286WR=D`sB5ZWwC!uR$= zQr5^{6-qr+K?xcrackzdN39yO#GXR;%Cx93BPHt%MTfpDX?--A=3cj1`1QD6LYui` z8>{4`WM)zl1aca++7m>cxb6O@iX!SNV;8c`$f~lRyOtW-82Qs~pj$TKA>8K}EWJoT zrhNdVwHIN=o{_cI(iJHG;>?tLPpscN*XI+XB~wgoNkcz0_>q7#)gOsIJA3MPS7sq@ldvzXVIn zE?xoIeX}H!tMgOjIfV6M8HAItPf7oL#*PMOgKAcko-SU^`sb%tf@&6KCG9`&M*#%Y zUxQJar`^pZME9jLw~QjHi1kzyZK5<80Lj*!#l>qdvSeybKRj& z71n{J+{kEQ)1iu*r0U;24SX3cu7f{2Yr8RB+)PT^I5I883cl-~&P-!6t(i&|%x6}0 z)HCGff>Ogi`#?^kw(nR$Wt3x*DQ!6%v3EvvZKn&ViQ>BnTwwFSQ)V82hvE=A_fcp* zE9qu92T?9Yd@d7eO{R9D=c`hA=|&TSU$$G)MrbDqyNmS?r{fXQwNQ&W#DeTu^wk4j zZTHx$(kJ_{RF9npfbuIIX|_Pk<#cPlPe75j2`w;LxgT?AdDzf6zumG6twSA9`b$z} zaz-YTyHP=C1?9+st_o8QnizY$ zVu2qo!<~-NvDDzE6Rr5=E;zpMHXj0F!=uVS|NiEZOkp_ZGqfz*?AiKhyslkcF4-_6 zP*qns=~9x5kERv>ubRR5nRu&Zq-q@S^v8QPY!sUYRuZj1QsZR)>az%EePGqp9ZvY< zosj?a>m3;NCpEq4r|5nYCy;c|jTl6^S}G_^gL~iuD-~fwx|UKn;Ki+eAz23?(lPLT zKPbI?@9*!wefvJWA5Z)EzEvd333&S4oz|P>_`H3n4VMg;bo+kMxP0_D*?3c{-0i6i zKVMaFwdRZzNF*q}BLLs#h8!5UCtHmX!qmRly(Kd!DKYur%=bcbj55 zwo((BeiLyS>p8N?F&G0b>ebwtKMs~JE)OHWvAmMWNz@E)#tK8}r&i9#YamMc_vQF^ z#}^78O})}B6DH81n6JNN;D2V*dfq`F6q#ZsQy=a{#O%Oo&0Zx2Q@#eJY7=fwoX-ASr^wKX5i@O9&jws~ zn;m5V2nae1rZDq|Lp;hJJV&!IP2T@^sqy0Yzokaw02(G%N+gf69)aa;|2ddqkyiCF z?Sn&XDVT+C3;urXB-c8()FYPqseS4kV?%o@_WdWf7caN9TLtE0cltUO@+}6jco1VH zseTFKmiTw&QOt3c6t(m(@Sfobro7#uApr%c_!IP@jQFvD~dcGyA~=I;-Etm zl*~65bu*d<4#f4AyH>KGPyZ=L>P}6s$kzjJpc)T?G2 zVesH?l;x2f^QM_O=~o-(xZ}8>e+%<=d;RFFUP>&vXecYbE=SdqJ_f`wIoVjSobp6I z!q*{M(OzEZ4Xdr{@ z{t^$*`N=mBd{hVqlmS&{WAl^|v69ZW%RejOEL8l3_O;u@K2FYIyy=V+N z%b9;$G;}Xgxph@OuX^P&-Wgxr4W%Q5`cUbskCa?& zz(Xz_|7MvY?kp%e#bwd5({Z4%X&xKE7K%2C7nbS6*&*DKNHN}R3v}(ol*KRW* zt<&d_v+~7hlG#1|72ECo!s+&Kwm6+E_vTW1lx)z+&tiqpyotH@TQGCU%-JXC)*P?MP9^&8anmUC_2Be=6rE3YArw zAv^zE{A#7n(CakM=}>U`wlsfoPnHQ~Hyv0$pMaDrinqXLEXZ$VlKDv8(Pzp;*Uee4X8Cu?NDGqwzF6st#;f|gGHqVXWk<%*e?6G#C zyO1b`Ji~N8UDe{{@!(VD%N%RaP;c>QDsmFJjn4oJ;RaJB6XC`BpdIctwrMw}`Mrk0 zw)ss5rekn9K{;TtDVKlaUi!l)Seq#f8&cw&nkT(@?8O~Y}pP)ydP#|-^ zp-+Xx3U!Q0+Z78}V?5HDRH8hTPms{CeS05rje`>?Q{E`HGijGG6J^IsOWeDLcYb$@ zc-zE!n1U4O`YMG^9?p#YC0|kn=eDff>^ILhZueRLc?`j>Nr4?P$<$ZV$6 z8gCiG${t8Hg+&65aXu+vA*xI+6%*RD?_wjBWotXqjZz0O!ZKsKi4uzXWvU=zP#+|g_3+5#lX$FL=L?6ri6G$TIZPuu^9HD^S>&liZs`x=l zQk0@HRd*pd(IHO%)w)5BW~)@|&y@Gci=9+O13c)`M=9MKMZt-=BS0>hDE6mmaABf} zSDE~}j#S+yk`XcCi>4!Nm*J?kWUxa=ewsoPV&$-9*p$qev45VQlPz$4hHHM9K8efB z!S+n_U%4&Yg3mxRm>7@;0SiWFZ~G3T=-ppLx#}70VzWxAU^?6V>~(NpNyP0ldhi=+ z1ferE{r-Y&J(k%taCjcw6LX|=^~t-79*vKdDMV1nIxVJ`sWbd(kZjMTHX#}-TsmvV zE6o3N{j~RFoJ@vZjsuR1?8tLY;U!Rw=>L?EmI}K~rxpCO&iH$tj7sabN=F>=SiW+H zhXwlco7mn6xjPdJeD{cLi;z;UfGTi@16)V4dQxy;5QEFfQ((}x)rQsRM;W7xM_crD zJ#v@V)>sTu%aMr)!!$n(K$@)4-f|fhzlrhZXAi^L)W3;=*-Sd|Zm)2dFX5Ni^$O1s zEO~AD4-8-_y5F8qZ3K?Sol?PTN-*`0%5;W zqQjKA>i{X)C2$t)anUo4YmZg@zJp413&@av&iwxBjwP7^)ZQ##F4oZ5%%sB>g6-=u z{b`p4og6fVOaZ(Ibe3=a1@*+m^Me1F6(m_Om@(zu?!f$q!dYRHru%l^>pN?kh4?jY z3-$Sa6Z^ate;Gb@2Kzarlowsy;SIQ!X%(tK=agxgH9U$?%jGcm5CO_`@LGK3Ey7?~ z)^xz@E@o_iA(J_Uc-)`doBTsMkmZdhJYfs=R$Jo!%dT^oD})Ms?ujg%y*Au93)mlg zBt=`LBQ0FfA40S)^%^&=P^s|CdT>aa23`5Egml1GWXeDJJCg~5Bbb5l7Ri5RH}9)g zCP5<@gzF4cOnjO5%d?xJaXLK+E6s`ODPMCZ#syiQ0;H!ouPvkBt}OkCuteH7 z&!_pCS%Bjl@287;n`e-&C9+2AST&_9-cV-O9B@`+Hrus(8RZdkzTYykfU*TlR*<>M z>NWF@UAk)T-?Efz#Vp5$UZBQn`nr%`kS7%zO1xx(x#Qj&R4S#Ei_xbfJSOD@Z7eQv+Sj zzmPp4Z|LIWuN27`_drFU!y=-!7HSZ!{)HQ%mdqe^33{iHCao%@;Eq$i|8flU2mFnp zG|tSpX}^=T#p2<1uN`1e0UA053TbXSD6V6KN)eSz65YlfZzDKw6(`=V&Td=QERUrQ zFcxpASTBB*{Td7zUQHSx4zZN>ZnhLJ+$y<&K%clmLg21Ptadm#dd>Cf=l{q`LjWw2 zSNMcUm*cCrt*@3sA2JPAaA^eRItC3>4SL1{vz(3k(WsmT zs*@M{#dU}DjF%?pr^t%cNis88KLt^E61yQ_ux7L1E{;)th%w*#Xh5mpMk9u$5jk&5 zp1`;C$8`qhpNwc)6KR|a0@zW8cHPB<1WC)rxB{g8n9A#Riqe2z1i!7~iXs~ZK)BxK z>P=c+nJ3Le9=KIIcHF53;`P=@|FW)I`ir^c=vH0@2|A#6Tqx>=Tc{URy~TT;dLuS% zXN{6^k7c5(Y;f7XOZ~B2=wFTYP&LP{d$ZYT(YFHxcnB6j=%A8;|l+oJ>iiy_VQGRxin-;cD;7ctm#Q5 zEIRL%H!if}^`e%8X%Q~7^{gH5EY=&yMf2^1?W}H+H3zsZV5gbQ0hHMNb6(icJ?-)X0Lwe{!gRSS-8Lq+mA@`IY9& zadryPRXw(Y@cv-3B3qYcSzYyB02%NzSExV>|4ORakqFknkLMX|0exWNNu;?1E1gWp$V64u$g;jq@l#e)f_utzb~bBruBU3CZCS+ z&hS`@mY@9?7JTIU@qGK^$ydPrt$kMi#rK=ZK`}=r(I~bPk<$|bf2UUe>mA7#} zps4GlWd-ISb9(Gb>+$rKkbg(_vZWAkhro}VAN~%8!Lyeso(GW=V_#{*7pyGhI{ogS zic2e{!liz5xbsh4?Dl&kSo<0+v}-31g|b*`P3106_|wKwj_!=3>(19p=X)+PMC;!jQ#1`4#om~w6e7KKY(MV0T`+t(^Tnw2APXws} zjf}#d7Wr|KPzNDv_l;gGvRhAOoy2?1aWCFrj(qX@{=AAP?`HfY(WE4TbK&;|DNdxi(#5pB7g06AO^bz?T9wjY6 zg1)3~OvYH3W^U}z5*wDC>cDXo2GBWl2W3KBKe00|R!xnf_NS93&)9_qXp#NQeNlQu zK+YUXl&NS;6l6P%_c>_@hQ&I$x{VBB6G#HeUgr>1!I(ynk^PQqWsy=Ga{~+G&q_tf zkoebvATE5u=C}gb=r0^54{w+R1id7giaH0bH(8sRXqoMiySW8<+(&7;Xh@CvjY6!T zxn|w+h-GEHpu!nkUs(=aQ|3@?W_N$85ajwueHj#CSQKm9tnk4Q@f66=px|-yc8Ra} z70@F{pXWWWksMxI|I4d369F6_|4aI$!CkC0IULcK_W5B@AmSBRJopy$%N)Rn8y)fK z6dDq6rv5W>1tBzluM0)An^W&EA*z+nse>sk$JoE;Bi1ud1ExH+NViSKkmsxLmg< zqwu99zCT0(ovo=tr-!u^$K; zP;1%v;Vzy{0Zk>pYmk^V8EUVrgn;6UtxJo*{2Ed(M!-ZemxCE1 z;$@O4@ZP-VuoX$m-31&mWdMBD;M^)~qa4$#?SSiX)RaGkVoLsXN8vl?qJm`sLnpj^) zlo4|N6=*wG!$G&4ujI_}+}g%ZI`IH1iq4UPZ(D!Gsr_wXDn@%uZybW@MNHH%m&NBk3xwyI{6tS>iY--%=JC=y8Isges6ECZ_fBN9dv+zxeIY9)PxA_zkpW z4~Hj=!R{4iV)Pj3?&!6qLf!s#aiQ;DW@OJ*Xz%M+^sE`F?L7e_TgFeqo@dKmY2Sp5=WYw_>+g0Gp!7kv5004jSpzGH9mD2&=R*ZTT@FYVPv8c#;H^XCzYW|@l z;-dR5!UFtnR2RVnU1ta(_nww+6-#4sayD9mg%;kZl*-(scV4=t)JKWNqbitDdOueR@$}WYa+kcx+HP4z@rl=dcx<8 zZ>nEa7Oo*}$i>EC{@{Wp8rUdBqMxuY+Z`E{cNK6hK$$6CEz%S&$MOZ#ZIqgp$R;CT zgH6BXSW{!4ma3(XnrwSv+nFs5Ca=7b)p(|ms(Pk| zsN~`(Gb_Mu5RCVd1M&A?k4ZzmZ_uTd3YX6F zu9v(6K?bjQNenO{gv6u6m2Ol0Qg^{ncVJU@WHF-U(G(7@@~_4>oTf*pH5|4M6Se28 z=IHyaz$GK>E1Jqo4GRz6cz2kmMKvD3u1dXf#Ui_`XL=_Dg^0lB>~QH0k`g+c79JfGjV_v zIuwXa0Qa^>vzX8srg-+sLcgVfpbK6DE!YsQLiQ-U5{ADZ-;*_bsbMTohB(%Y9hO@a zgf?jWJXn%{t< z5r!DZa)#%sTj0##?fk!NjI6b#YCGDi(AU~sClSY>g-Z`I%IdT|+Fe>ZNyIBfzk;w4 z+}+8?c#>)R-d*tEI~*b8t=oI=3fEIdXt95eDlq(~cJwX4Vsw;;yoxxg#m_i@#YhFY zdj$78OB&{taL6}@IDbP{CinmL+B}kqy2N`myig;rC3$JLtL|zOhO)k)_==B>0}Tis zEFUo!Zx;u(6;{|a_4Uq&Ev?)XTur1+x&95z_b{ zANjQ?u|zXSU!df7?y}Hd7l5)w@oEGy{B1TxkpN^j2Aj&;as(#Xfer?VL@(3mJsUo} zMj{TgCPm_}6*TT+7K5y@C{r_2_IMDzDe!8nB_jbYe)ejf(#juj7;F1c*TQ5mS*DXW z2|$6J28@EmcPi$+4X~Y2F{rF8yUZSu+SvE(>Oy^R$Gc>U-4FotKgl9I6CIKW`5S_qlM=VVr*a24 z7kD%xOuT&JlYc%FZ=NJp6EUZ>3fJxM<_0 zT7>n8Q6W4Z@ku&4>d0~C4k7sFm=@`{z=OARYs%jSg9NPv>M{Sm0P}uM?KVS(ImlTS zSb_B+dRc6ZxiJ`8&4F}S2319OGcz>X5{xkRgdcA0eq;Qla83ZDP!+WhYaGVh9^;aPJST^i-zEFJGP% z_A)`p#>_%+?Lx?U%#Uz?j2qf&1a{=zTZ4%Hw-q#vlzHy1e?a{TN2hh3Uz9=9>u*@t zPIubNsCbmD@r1EO<2eJvw)LDyw-=% zU?HrR7JNA)wh<+0DfJs#IVCp!*=Wx5v*T<;fZhB$@aQ?BO-|U!)+hh2^ zP~fw{u)Roltv9aQ3I*W(R{ImNY@ z4+J#$TeJW34Do$E^wY-k|B9t4uI)yGeC|s5|HT%=GMQdT>#j@HcBj+f)k?W1h?WBi?VgvY+&|+|Grzgm0Zh^xHn%H2(ClxBw z9VndtAMlI6P;yq%l4yA1(+EN}so4w94=cvD;YV88x3=hL(cGi}34gEBGb?fe6^(DF z&yw*U>n)4Q&Jms(5Dls@ld#C`o+?@e&fk70`u`wd$QJ$w2@`c3PN_~@;kc>KhuTUB z1P9BB)y}G1V53o3CqDkb^XI5BUneFFl@1e=>bifZ$lb&;yI43f+5CMGC8HQ;dx_eK zc0TRK;rDapnMk@a6YzZDsAs4>B#M{=fEJBpe^5G+=x{eqi3m_~VK@bw?U#-YhS~1o zF&KJLb_+ju@Syi4SEPn6+_#xSWq|KiCpG!M_`0Xy%KArL+i^Nc$2L0Z*tTukwr$(C zZQHidF*>%n=llNGUTg1NUwsFem4l>e9?dywjO%wls6fhHCJQWuu3K&97_9d~Nd;`@}}i8Fx_4t z6WOpJ{Q2CNrWg9COMpMM;br;-8hZQqrl5jbRb0Nx+$pp~RQhRE4 zV)Z?r4(u+;eJ*Y*#3)%%n)F9xN~kcL|MZ~!sTsydPm!##7-6#$WRxelI#kU1Gdu-cb=YCuhB1)XG@~=^2n}kn0n=#XRDlg8*HsrRcxp9^Er} zw3!N%lH)=wabAEJf*JI(?DkAS&GW`I8;GTH!wtltHOwU&B2k|gb;$p+9~rhgS)E0F z0vCNv4ft$OMQYt^j6gN`%?IR&UP{>6bF8N!dTMvV05=N#BlB!ev#Ky>DVKk2vLQL8 z^3Zb)BS~L=pO48rS*9=826$doS1U_hp{=tM8*R~ufYkgq3_++t28IQO#lnraf!hQ$ zy&!(1?pR9a>poH(F!=EhBg@}c;$P^n*pJ&04t9h`ok~$2{&VfPdXDpQ)sP{R!WuFI z(ta!!Pe-13V3QWjm>r#gYNm?lRzl&KT_V%u@-9GwY(FIsyzEF!lt&^{)qb)kv-_l4 zAZfoxyI0|jR4teIy=|XEj0OEgQ*(TM+*JLZH%&!XrB$cay(K8F}*$>JyzE4biumazny&$6dt1fB+ zu%^&yCZq4vcd$oi8a4z?!JyEUA?zpHDvgkxtsy0uQ&2i$ep;gYd2s?+IVb)gg6V@K z!X!fbr55(03b^?|LhIIgTIz%H75iT2-u*SX{?y#|$$y~}&9e!s$GJ7ynKAqaWNVaZ zC2Li7faMsr!<<0S4COV$Z6@fLO=xkX55*dX6ZgyKg=&K9IQC|=F`ikp-iDl!5bP^c zd!-5s(3b5`u1}IMqD%=lhZ>G0Kq#I?DSJ(Hk~qBtlrXH)Z?%wr_dfbcyd(f3FT$b+ zsdqAe0t!K>Ol4sJ*R3Eii;5MP%W^N{NG(3f`xdKI*i6zN@T{bTHIykS-gG1U=47@d z`=1KLO;lzAV}R-wJ)7w`rDnu)u|WgHV^2C>c}wcBigzIsjQji1>WkfNk>a1(DVLSq3hbNN zSTiw8Ex47mmh#tbde|J@2zu*#aI8th0R9HgNUZl@^(CVGgzpwcg@(ey80MWnZzC>H zTz}lUU0&$a&0*)`mB7O|-Yh*)YB#w4ZVFj})i+&PG2%h$RFSa~{fMGg9D<`zzNON{ zL=?vD@Y`>}i3Bh3Cy&|aGm_HLV=xyujP20`awK_P*cLDCc(YK)A(?XE6iV_hhk!Hok7UpFDHfF&N{Buf6E>erWX9-*3 zB>5&nsz0?s5A4V4xs?D9){A@Ri3(mIZ!P4J!0BRFxOJ)#-r$%X$V@Hp?PFAE^t<+Q z&+;l8IiX~G6$5v=M!s5LJZlgj97TDgRpm!V?#GI2DwhsZ;%T#Be$JDdy{W-pj6G)sGq31#!C25c)e~lN8!YzRHpeTm@J*lDk%uoRZEgDSyYRgMF6gJi-GChx_#%aQBylGeaP0h9O&yTW){NI+J0p5i^-)U!HaEDoqr zUxC7eu1nf2K2jAqdJ(9MfB!l6A_9NKjjLGUkv&JHX7z?Mfh{6anFtk(=ujh#3@&0w z{(sv*P{V*W5Cmg|75L&qg@7V3`;Ym6z#j@o2O|wc3=}EMMZYd(KH`@3^MS^KmcIog z3>w$YpMhG8E>6O<+m~!QK-pCa+MHQ2O%;DX#y^y@IOTqWgN$m7fPCJ8(B=Fcn`ZD| zhogmIr$ksT`u6)#hi;%^H+64-{k^4NDOM{?kL-(BIh#K|5^FmdkZREK=9Ry5=d+w8 zTe+J{`_gdxchzg%Y{u}f@3#w~gpVhKQ>X7e0DLye&ra9SqGzO}99e+H(6Poe%EOBo zeAz(wvYefMJ>z!7k#>y~b*9BjO*eg7fvc|-S`%lst?qrTB9y%fYF=;YX+O+$|b1|J5CRu7V= zdbrh`G3Cy)2tu%JRnx`|#=HP~aJSIcW);a|n`jPUqq$q2q1Wl;sQ4uWQwO?rC+MDw zu9m`MA$Wql#B;nH@K^8E{{-P3TPNCs{wJ*?^ZC}-n%m#x`cu#4#ZI(gMrAI}&(Hg5 z36sMN0$U_xFynzN!xYm`N8Z}voNqb&Pbk_~yW{O!TbhD4PU?xU1gnu{h1ym0I2-X~ zqnXSW))WnyjOw-Va+n&Ozj?mC-RoIq%@(7g^u^btnN1V!>lktA){(FTm zs16RT2IK$91WjR%fW}nKBBSqRiQ?P6$7T>1w>eHZ#ZT`FGlf=*aLHm10o zE8LgIt7$Jbc5br@d^^jB^Ne&nO9y$c4utFvd34;`D1P`o=6%Ppng_u*=gp6!OG|*q zRvzIkgSaj?oWu=n>Jy=hKDj1U>fU<|F2))nwpI-xCW^6qhj8x$<+iI zWTk-9s`Pkd-()qANmu?{jD>e(M?BB^sFRgB8W`*tAyN&z<8Te zT#S$BO*g(gK7QKRy6i@T&NbbumLwYL%k|IURXX49J(%0!0b_iF#%gDa~WKCjjswpPTd}IC^y6Mh;BQ}Js%|}~6>1gWn z(SH$@+R+fV<9}K~EK>C7M~IlCkTtjwoIN3Y=F}7Fn?b?8Juh#Mua&GAe6uvOwY?XK z$>Bb83t?Z3H}je~#mGEx7(ZoyPb=GKxYVRJ z>A?o{RrLh?C3w-~MzVfrH%gx}EzoNhV@f68s6KoFBkhDi%EhCq-#Qtq-=Cj1qx%^B z20Xz1Joe>fXY+dN{Oa}fX`!a0^rNSZu4ljD;y8HNkl)*m4QifeXiGh^+#2U&X@wEvuOY9sGq~&D0=H#;K%5BXZ6^XKN zZ)*rh24(yzEdVOoXl^QT%_KvAXZOSD(?S%mS@NuubtV$wb^=cW#(BbwS?B{D{@+ER z=j$@ovwF~-9y<(8QhFlmB2Mz&*XvPf5KQutlOyON%nl$T@1cCJXM)vkX^$T7*Z|ZKj#Wvyhb#ehXIHfk1hW z8wwFA+z-0?d(pqqtv_BufmDLif<1_Y({HT0lPM#?YhM+|15L!yvTZX=*ED&jEEpX>jhD}9@0@IDDldpcX*k1MX6h83J$DU<3F&>7_^$~q)Mf|zK9>#4vBsG$n8tIyO6wf4uc zWQLAJZ{j$PMU@PyWU)o~KLzK4`+tzXrHZF1MGogd-7N4Srr1b?=;>KN0$tF{W0?$u zdX&h{Q6B(L(i;^Rv3g9~s3n{34m!h>jvCDE`kYbT{5((~A~0{CQaMR&3B`pNLrt74 zE^^}e@8Xb}o9_Qv914V81{8+($ZrP@#i0u9{gY3I5!Q8OyeoZ-e$ z-`_rX)frMf`gA^_x$30n<~WGMw?ngq0~yl(kKhm*-qimHwGAsFK6i{1peMVyiuc`q z2q45JP>xz=oz5wFkKCrSp*9N={fDvNDIiOEQtm0$SnRg2rcQ@hexOph*G0rMvR(}J zfQK^1z(*5)IZVvYxT;r->T5&i2(0b}rLG$b_;3rkHPSx}+)B5B0~PDVLeYf8EoG_+ zi^n2Q*0XwJu1Et2bX@v)P>%W=!aRM7OgAHAk!voaxW6v|hh&_$FkdXfk`^y*6t1F1 z>AZ89nGU&aHkib>{o+AEpDkq{o`b2i3iTdFELWw`B|@(UM)p~WO?F@74TDS}xo z0CXBB3%zkj-og{ij{PKe?8h9}-RS%tkDPuaK{)%+?E)gm{ORJ!nc-Yrfvwjx7V$Ou z(VR!NwM&W>UJs`H;_oJX;!9Xqza5{3M@z7jEdCAg`%(ooFVdN{B-4qndMr(za}WCR zKfT|3$QN;&OV6p`b_+1+$}sqH+`equClK_4#{p`Jk8B=mP*ts z2|khKbRoYE3F{Pkju~e$AJ~^6r)g7nStsIV1A;^f0rL=Bt0{NkI<{W5Xh(wVLXX*g z#o1Awllz@kN|3Xs7(drFy+N{Ue?(sAdvHuHURzntJPk>X=~a$v(jtX1m|4$H{3;kz zPxhq7Fb5?EG(Kn2>N+FE6$k7bCKHYP)1G#2;&E){zxwimDp3H1VHmo$Us$|dRMW3_)H4OS(lY34L%AFc*ssEM_@J7%D)O}d(AY9xGCxqZE01P zYbDkE?nYZ$B6lUqjSPn6FuXAtBpRTfyXZFm!di(mz;QkpiY__Vlr6lMLbrzr?&Iff z&g2l@6Tf1skp{U5(_D;r*70s8U8pwU8%Kz^G>@Tbo55f9HE!C0I3Gm4?*&_Sd@l@%mO&bfyf-i+~`(8V6-0& zHSM{tJWQnEvb%>}6=E#K{)n`0`2$T0#7o(%KFG~qJoeBY|5s_NgZnUCo?A;7s_;mv ziD1++|@+kx@pf z5lox%vbNe4LuH~O((q&B7fRNDkc+zV%gEJhXi2lt#?-GF+vKm~_*d19~DKr7~h2|Z<0%_I6Qnuc^xX@wEXrO+s2suXqZTBXaJTBk=wW|0DhX2 z;Vgqx#^=U`h5vpbH<<%G0Gbh(<-ZX*7O>J^%f=GcDP;^j_)3g5|sXC z=AL!{F*9S9R?|u&LQN3y3ze)=>34*$XbSv^oiw7*Db2-Y``{*Rr5_aUe?iRZQa0R0OXyfBINH zGgM`G!_FI-Ns=y&Ddrf&WujFxrhPraY1>>Qj7H7{iNJg{$Wed& ze>iTz45~FWazjBfu`Q5V2xlX#Nco zXeo#4rMx~2sV__v{ixi>>_k4b(m_gqrR!=2oU)fE9%&aU3d&>hr8@Vh`b!jSpy_d@ zV_ELtoKH&KV&0vo!$NmQ35How+8m&w0^*oEfX#MEvqwPF?Ya4yXJGi>mU}y8j*$tL z^)|FkA)7QQ^z4g1@ty*?mFS+W*o_v6K#3aU?`3mM{(jDJ6O(x8Ez5(I$9$JH#}jB=PYbAYnoNNIrX_k z?Cg%B+_T6Rdu5{CgM^jQC|3ony1JWTywh_1%uzQwik=`)OeapEsK8O1xM(SSwg*o^ zY%7+PUF*f$n$OXvh6kCnZ_DO%cyJlCR}zZwU(gV4iGrn^s_%6OlE*UV1~SIJ9yNI=ga z>i!FHgT*zhRV7eDRkeD3;D{l!h!Yf-u%-;>Pz#YQ^3u5-`Q{*Qc^&qWn%T8&7hrk;4gl% zLS#uC>M7uVRs7BWgPQ|0=OnQaYxmt$>O0^yx%BiRDy4s6 z1M>&|!(ADqBAMl88SAmI?^G}L=l4bTyUU-pWZFNz&x*TBGf|f@6;8LsvRsRdqVY#9 zNV-f39NFyhJlMho6$p)C(0mdV4~JFmaqP6LvUk)Muzm!Q=yk;F-h?X|;+;YPZB|wn z=eDs@3X-oE$X*NH!Y@LRD?72I=$8hczYU4OO*$QhP{Ne_=(7y8U% zOFo~~r<%jG(xE&+S($jl1$n$F-@a}=HS`N_4$cF`&h>o#_~4t9 z@O!tdEvZCL-%k@c0d z6?U@v(@5_te(ziE_f0H(&)egX+ue6}ZQG87DQ0Y*^fvi{^~H<8Rn@t8_s|swuNFFkM5ebf zBYV$bA_vyB{>D$!D+tehn>vDc3w&e1j$PniBZ=bgNyE>{oe783b;vt1+5L@CiS%L5 z)I#28gqEAZXL4ifVFR9df2AtWnswV{@}i$e?X@JcYEZT%ajo7KwP7#J#6H;mTC&7y z1lPX-J9dEl!V5tVynx%_WFP|1kG*JXgaKc1fftvN4OT4)d+cA-E(k_h!DPvyG9D%e zh6EzRd|XM68U`f{eu{{{2lUlL8$rPe(!UWx4%K9I(J_2=Q+9}atTn^uBMELBm%4sh z|1=47HnK<5F-o1)M|OupL1K@aOdnIsOjpG=SJrEm!VE7~tF{mXEbu5p?SZSp#>P+1 zV=5B08z3yZu-{G8VSRUnhxC(^)>x6=Kt_UD=~W@LdG; z@zgBdWR@u!Vf+xLoqiQ=h7`TnzaIj5OX2Yt)Dant?ER(TeicOOHM`ZSeMm%@52V1R zQ@P?H0oLcN$zGqMxCwmrpUZNAUK3+A2{t=z#!Vx22{vJjKld@hWU)eST1#U&e*_Wy zJ3r^dYk0YUL~y!-GWW|W;EzaEPw5R*1Go7DEBYTra`5)8^gkYwHuW~Z%V3q&v>W~~ zh_#@cYeKB#gyl(nur>6%-4A8>+B(zUtOY+*WeOXg+mP?L2m(Naqdj_g<%G0K%YZX4 zDv`)Hhlbx&d2ALR%3z*HH$BhOpf`Em<98YsbepZko3@gHDyy}o)W!nVIo4cC!TH0Q z_ywoIz{EWDL|HHwN+LKL8c51u{@I>Wd|_a3&;o4FeM>urBq1($@m}^Z?-g&I_3j-h zjuUUKXU!+fqL*dSjn{e|4Z*JcmUQVr__-bX9K4EF*@D+R!lDCP$*p3Y-#j*9jlC!* z>nUQ3Ec=boE^yQ%3Nwxw*={7it6$w5zeXcaMO;JYPBJoy)gFzH!r6qiNd{%zC_cQI z!CHYZ1P<11mr>BZnstfRG_?xC2+5;1*wy(thhk)7G$-vcp&c20f%2KYsimFEF!g|} zynnZe)~fD`SF=-57Pej>mY$zLgIUy~)(8ydR3mNR-BR~Hz9>f3?IqJBo_;cmfiFxU zsjV6>CO!V8QLsTwB+1mmdJMUJUdD#x^gIRu-vMeyKWd+^h-l8j3dI$(khMF+$ny1jfP;0L76V)ZX%;`Ap|0Pm@S0_%47rWZgtc#w>U)eCp^1 z2N*&U0#d{$kh=@s#H&x1(FW?WDev@CWeVXrUwS)RP9Q&inJ{XS4=oGcx-Rx`G?yrF zYrN36To>Sm}q$%Z%y!3rEgrkU}Ml)C*HG0<|QNL{X4& z8d!sC=KKDF(#DaE81so)Btrt{CrlTv`i98pr}%~(|#Q< zfJii=kY$h@Nq!@YFs`Y}pvK!*Ke68Kshm){w$3~J`3Y?x!sC^iaj1zFSo%4bEuXE^ z*pu@OxTmAM*>g?*=bh~N5{34&{9Uo@4eM7%J_@4kjm)t7$sJ)X>dzPXIHjH0Eyn!U5LWvfPYTus5RC5trKQLLp#(0GH-rpZEsfp=;mMsel*4r`~#4fEq6X z{0i(U*5_<3)`yE^r@288^qh9}?+5Yu|MfxaHcJ8v?^y=rdQ$=UjtIY^Kv}o85rl(v z9F@NuT1tlT4;ugB55$roS8PQOtT&ke?C8uk2?SP?mo<+e^)L&&)N%=KiE7se!UA0N zcGV~zb|QUa1SCKsN|MPtfEajfC|nrpG~@CkbBZkPObrymojoINka&JyDm!r~AV@GE zBUXgVCFPVeJK(a(6Dy6TI`morEnO){Z+V;vslCWi(P>ty08PdHPtx7XpZq*S625V0 zt!F0EnfCxkyYK{6s_5XW%(gRC1QIh}FY`und=H1+l zBq|_ft#l*_n+7zsj3v4Kp{e?@dn((+D^zHd&H6-z2-xxDM~mdSYI;RKuQ{>{!E%8g zV9Y1D&$+!ggdff|4E0pjGUk@7tZ2`JJ!-e@gzO+rojOp7s#bRZG|t)|h>oyJPP8E5 z;pkp8#u#yEXRhF0o%dt*#ck*8mu_`lnPLTl$U*jT0JhxH0N>27Vtr$e+Qot}Ffqt9 zGcGp?PVQp;1#A4#le8s=H9XtZSEP3z02<$EwK5RC@!ZMo<{3m-+g1JewIc}k0}ahF zJ&n-%7c2_$*-`h_4_F!r?oTzGcGqm1fU_|44EgY!m08VU8vtS^Q+XwI5|Eh6 z>Rj>^722&m#eHM&+y(@xsvL4PUX4GMJaw$xOP!p;jnLa|2%jG^^c5cS99@;VKMqjJh?cT ze(TkuY09VDTA@r!1Yg%~DMd{>%I3<~5;Za-qi(V3fbbj7NuFLYXpiJPH1U?F7}3g* zwHF}Bt5E#K31>27P518&DcY@>)T>nN>V>3!z;WdU^u7m|8fNrT{(Hf3a;giNgl>c`Sc1@-7p1U8i@hcs zs*&C6vje4Pzkpm45hp|62E`iR6`X)cG=(W7S!v)OHXh*sVB>*&EC#$cV}@ZA8I9fT zsGcdeB#M1&6dewVQ-SE%Ah~Q(NUTC>&(jgYm@^wmTcwz}q$6mvW=4jEYp`L}D{aTG z%FLbBAg}4R7a0GzaVZ>O;uOX1;XY{AYglQ^JlYKEzSslFk?j+5VA^J8jh}@<^66FC zLs6li5`VD|pAu2V_#^cvZY27|8yV3QYAXuyeABr?w3~fE*5}z)RAH0L!+{t|#H1zl zJTHFLxI*OFf@K8?*bFq|sNsa9p4^s2RZ}(6{R795Oa6i5=eV~-(qaRqR2rfgwMsof zl#NCj()kGcI!imcP%*<4Yts@8%2?6*8U!IjZ*YIhsk7_cDQ5U(_zwaH#LC)y^2~n5 zN|F3rMZ_uL(meT&iZV+O&!}f#6^Q?;rT-5cw{KFD@#}5E@Tn1pr4T0sq`h6(W z(P7rFSt?*lFT$$>o_(pCB*Lhh;4|UDq%iXoco3B&Vn3#4Gt$?2w=Y@dvjp*uXIbGL zCx1?DLiBDcuNvR!Ez9R!n){YtnY*S`eXhvd>HXJ^OScUFc)@wR z^@I`fw%E5-hy51Kgg4q`IjU<#P`w7&@oU)YLY^JT==bWG1+>ZT<%x$1W8Ond?-Giq zT!0<#F!8nxxKPBh8I$bzhJM^sD&MRS(Y}Uu_CCjd{C7u_I||F&ASJ+Z`uV@{`1P;r zXaDCn_vQHB>%4B+i0kEZ9;o35EQ=x5DqUG`4@tZFT%M{m7dbIajJsBFMC{!`h?hEi zSg$oQ4r=ed0f@A^Tv#bJUcb7_{C*o?=#|8zcM2MR1ikLA`g}lRvqr^J_p`P2YE$z1 zvh+Sg)e!&eUpubyj~(}1(t)q-*p39qz^3iSkvBQ*Pf=CvZg}eu6(#uU;_cAFC%R^9 zMfOiJRYq^IckG3)5Vcc66_2pwnifKp4!~8!f?$=?OK3<_FX5%_zkjf?K`^l*WrJW0 zDerR7%%6lSv_8TT)&P7tn)HOezl&$#4&U4rs&~78;HYTu$9Y@lB(}~OGBdC)a z^j>`h+fh+HFpN8;g53ImOMRDU8d>Bd>rTm7xTfTKO%>TeD!(nIhYTnTM3Sk2X_L@v zfK*tS%`}#Q2Xw&nu(H;y5oGYtxo0ESK3mo$c5yPOi@S9?E#FM|6+?cKl+ap*(m6L~L!P+MIflhm&?eD>RZsSEaYju*KrV7A(H zh^f8+7pnp%wijF!Bw-1(eXO4qBjTr0No?k^7rPP^KYaoJ*%!@Xx*ovZsX_5)Mdd7y zPzM}``zJ2F;VAZ6%&|k0CwqhPE*i>z;c>~^i->XO@D6>jQiVTNfLg1@T-rwpDN}SB zvBKecNx#R80x2N|+P>bOg)}T{%JJYs%x_Kp^RvW1tI;aqtb zCoBiZsE_>0NTbI@AAyG>`+MDav*XJ;A-3gl^0`|cUE^2VOgn-DJ=6}}ODj7wLmPqa z2gQ3>F36C{9?Yz9BtMk2z%idOM^)H& zJKd&&!lzP}+iOIF?rr5#mHaloov5G^o?T+3PP4dz)c6UF5ktW>g?_H8!5D3(vNmK_ z4Q<&)u#`oLjq^}4bql?tn?Bf%-N5GOas9|FAkQ^pG*h=gH~JquzUCm~c-b^SQlGrb+=nW3`NZcFlQ z)jKNq?PgCfGYj7$u0i+8kW=KVgiBJ)oCKZcJ<%c%!D>bbmV^pZy8g>h9f*!Ig*ff& z?@JdZ_n$^8eF!+vGh7#NL$DDa<{|HOyeqFj4= zu7~r#SpV{Ir1zs5;`8%97U zp{iMn#756hE<`vSv{2j;FA!!6Tqw7j%i~IH@9oWl$aFq!m*sJwRdNq-4hnMGBClXJVQhvt(x|r}WP2*mTMuw5x8ry=+`W|i z2au~oC#w9uQxvYcEsGnt1>Gc+3JQVq_Vhx$S*ko3L_IA zbGtd&+H4&aCDiWW>}GR+e&X64k8B()j05b>>ELvCRK^t|VEgzn_I+E_)${iKv4z|f z{74!6MN#3a|9g29G(t?RPE!-M;LyBfWu;*iH#)U&D}GRo$ryoyHiYL*yDaOts0oj< zvpNsrK6tW0o@euRq`tYzWi^aouVA8Whrxz&{h^~Juoz1eT3a+^35Kr+7pSE}0*o8r z$3++()S~nV_iNb`&lM@m0e;*I<*VAQ-lO}gx$e@^{ylN6n_{Pm)z8`)-_{b1677Vg zr2eeS2dRbLc1{@-GeiVa7g-u=5odI+iJ9(^B?ecjCx`3G81G*6<<-h)S>6h3!V22| z+bET}5~Zw!c1sID_r^1bty1`Je~AgL6GAV2q|N^9@|I$hP=S(Wj$fesmPOQ_|1HbL zfu$R6=>i@DU6$|Yx<|F`+momYy`#xTEuF?|Rg2fglIFnQ75%b0!j?7v;oLn8z!8`;&z2YrFYcE6B84kl3IL)$0J z6RN7i3h+>&hMh4YkqZ5#@S0&0>)ZN9ilEYY-)#KT1VsviU+d_DJ)UHd3k?UDgf8?#*!m*I@3NU?oFeI|Af%RLS8eOy=F}5X`N>$GlJle@+DeSUr(b zF{{wozk)nd00|kPW_7*9OKJb_RspB`PoHh6iQt7&bLJLpjC%|dh|Ip%Xg)9Q1Mwpt z)neC2W;ls4iK;sx*%Br4m60(`fwir?WUKxaJ`7U-R9WP*Dey(^CcBNd%vg9W)|r9J z*9Pq;F1WWjKIwxR^XWf3IMgk>QR*7d{}6KO3{5iVCi0cyM373q(&224N{LkSEEYL7 z>CeUh?d6@Kt%*i-U2F^;Z>1p(ox))Lb)l-r!S)taIyRG;p$y*~EzJo+El30FetI zX2QfXPoPZOsK=9NYsM6>(u~Yy1&QG2CmOidw(W}{d37XDfz%g~#Sdf--tQk2NJ_Oqo`qin@Uk7l=a57DhmVXhBU$ML*m?dMt)c z<|8nnpN|j+Rr#&(W6Ae&8<9;&!E9Xl+LQ3j>{eE)ZDVx5zvG>=yg=pd{>o7WvD8AkI zRG<8wXb_=8`sXK2fdO(w1B^JKm~0Vx*QSLQ2YzO)=CJBFxWLI}JTpvsd#UvbK$0IH z2XJcZvHZY8NTu2boVRSsJJo{m0}Ou-UlNwj|Dgk?fsLAcJh98PVzt`@kzEGc zEY94#Bh&E1JI&Q#CDL6$q2i6h-T(S`Yj$!nBI9xRtIg|gbMyaD za-Nqr^~QvCN5I-_Jw_md{)~5u>Af@ls=};qL9CAyBS$*=>k;#}={LY2a$YB3V^*S@Tg7clp^zzUj zH^K6(()C7~$;8UlM)amj!ekO+;vdf&mR`ket>q>Wj^e438MkG9Zi!$1eJ}WK^AsjF z(fH(p%U!=5D1@^_H3*Ox_cNWTJ000~NnsXW8LASQqN^2^P>)jlan;uw<8--4E66+) z>?G%y45>s^MS)wi=;S0~P7+8&mFPV~ZvB3p-wz41{pE&p^P_GEMRoYa@iGe^Nw@dR zIs5&Q{5O@c&e>0z_#S~cfO=-3k2e#OZ$*kh?LcrYZ=aSyQMX;HiH zgt8fk+sgq@5V}oq(0Hnn+!f$g6~^=7h_+<$YF8b-g<78>C6)?xa!LG^e<4uO5`EP$ zG?2dH5y{Gk409L)lL<<>5|wJaA2|xj`DHVXpax=P6%ZSxWxmWtjn?xy;B`{OiW-AN zS;YCrqDo3gYm6LS1l^8HMR}tXn|pn4Ubu2c48+~v9MUg&-d00>r_Di*Yg?Vhb!Zwz zxdD^2mTvY~_}fS{;_%CyuZEPcnyuOboy4}6p9fg9p&^&d&M_jt}gvw(|Z-`Fa zeux(zlmUik=^X^B^)*Y<8mv|^ zMn{EtNv~f(kcykh|5_o_eB2LrvWAk`();IR;pud3(5sN%LsCbdNx?v+jq+4c7|??>$SYb-n-&)eB5=l8?( zealc4&`4Lq$Z_Aj8b&E=4D{odnSpiF&#QbdYYxn)>FR!?9jfeLb){p4!^)@gk>HUu z!3y{)_8*C{-;(&LF{|D>kJVo}&Fy`okp}q~`^H|r?q|X-x-nS2-s}R7hf(5TN}UKZ z4_9^$x18|6plKAygs$uytEC(UslS}S*MPY;2-zgC@y2Xapkmupd|{uik4_wf@ZO$+ zMZG79pZub!;3mF5V&B32f1)TpIDjuiwF7y`ja@(Ls69_XSX+tIXVQX&h<1Z+EoHPQ ziyn5giqCF5ldI`dId%`;e$#V0vwiW}G*0=to<{sLUaNtPrm)!sFc!Z7U{#{u7l@2DzZx{eK2gOSLu8rxN-M#}JNs)i z*PG0Ym#g(NK$IUxFfVUq%Ly=0{H0Qqb6&wvRDNG8|aEQn^8-w~6zDj;|t2tvbm6 zKHsJRe)*R}Hv%-w^|>#mZs`sl3$!!jkx5T;f~#&53UKT?k7fQ@UF0l# z#rsEcdt%;eqm&4}f(1Y8Rx) zerFA4r@dlEZZK@QW_P!4pV1`PfmZZ9vE44jCyNyBJ~G_kau#jT__PRVoo4A!-q^cVH9zgb`bQJcrccZ3+4HenGrJQZ;obAzu_L9Fl7 zS>63n^$$p)z#)9!7kw!;ti;~$&q>;lr(twmGn*u`PE5@jqzw9I>~XiQu?Ey3mdf!A zn#4^XLt9(h>-9vkn_f>(&!g|H9bbpK*6-o3#M0TPTrQuF!|_Jir>9(Q_pWd7_0G)S zEv;I{NOAAD4(iHHf0LOVZxG0Y?T#Zr~^$e!l}@w&&-q#a_~)!_RO zBr;Z2)6>&Hy~q7-m-m4P;(h0@*9uQ6UUx(qe~~o2AlZJ^U}#QDqo*p;8@taPC9K3W3u`0Y> z^s7J!+ByHM0RQ`O?>por+qMTYyLK^bxKPwLCuyI=&hsW#_w6~0EO#jiao~k(U4tJI z1FdU1&Dodj2dxX(=#z$Tg^3?MGqxfl7sn39$Z@H*SvfdWZ=Ksw@il%2dGdto?W`)K zVv0NpRXu4=_ugRW{kJmL62P7<@nllZ z3m-gmE=93BR>QIcFkJr#Ya5WRT5*I_vGe_sm@sm|dN4YLU$ff02D|L*j@C{vrGRd~ zay>$fxCHW&<2*`lk!7NR(B0DcY{h_WkWo-6qrBe8jJt`uGjYl!*U`EM`Wj8{aeABu ztBESry0RBf34_K>l(0I@I*s-%{ZH;;rYPeNO0r&V^5|y%l${6B6xY5ElycbMel^9` zIhMGm3k-?)jKCt+!j8AJDU~2Sbj>{UpIvjLBZCxLRMDydr6a$x?NU@yb&nQFW|Lyq zcnC#lPLUa<^XDjT4Ir=GLHpJ?R{j@T?-XNO8+GfJZDXyn?W$F_ZQHhO+qP}nwr$%y z_3eM}le3d^G5dHkGj3)wM>5h{>+ONYZU+6{((rN>0Ip?~8SswU?(Sgow&ssPD_%v< z=`csw!RdB$IOPvM4c};JRM?_XOT{aWq$_u=AGSRW)UOU)4%m7}<&s9p;TS8h{pFU% z-F%nRW9Yq@G zP(YJ`FEMKcsWI;YC5Z=}I9)qu-*)7T$-m}AWze{!h%<>ucg-KJY*x1FQv2sbVRw@6 zD!nM5&s-tl%(|ai4lO4%65mEyZ5CdHRy;YwC7h6F$FsZMd!Kf*{3xz~e2P0aSX2WY z`6C_%AVcEZx|Su7S$@VEJh@8NV9a)e?VOZMR&m{ilc9Xv?CM@LdJ<6x;tVQh!4Sj1 zT$gym*$r>reig23?qHuB4Du{kUcY5wT!FbX$eKH8_|o~W8p<=YpM*=Ds#wz0IpBC% zlDC-Zb#^ZOEGyU;I39Cl$VP`r$jNEF-q0aYeIh(D9ONqTKa}m109xQW=te5po?02Y z=Qfi{JBMGT+;BNN4gO7 zYYM7&-XJ>2gX43BNBb{wSPrveo?S;P8UV(Za_1`MjcyA%!L?6iOV^pJH+jnbW#d8N zBmGD`O_drHV3EpgT&Z~NR_TR5O}D0razH4bNX3_+<>;4ZJ8bNF$CjpagseM-ALfpO*z24?<7Ax49|ZLzT#lTW_q`T(~%Em8!>asS7&U9N9gV?m$9`rti_C>)ybYs7Y%TBSJj zg%m4hdUusF;tZZ|rc4KnMjL+56YnXktIz>8@SgR;5x3ZZJoxjAvn2;i`VVKDb{dgt z;uD*taQ`bo1aYJ*_VV4h7Cy~TXFqeEFCn4w7NIXi zBH|ZQm1p@|a{N|XN^POsF?2EaMg*>bW`>EuZw*}4v#AW(TH#BCT&Q=vugKDR7cq>T z&X?;ep_uCff*gQl6-T(83yjXUZr3X^PR!Xvpo<@SFCY%z^4GZs)NG6TP2*_l5|Cwh z-^Je(rTnh`JBBq?Ww`m4d36?^rN16f4NdkDU*i<$8i8pjJk&9q?uzXrp}4i*0WL%g z1P*eB40Gcfa-bRxCqyb8lyd2cDkQUuRT3B1iFEo}`n$`$VDA?bMPT&Imzx^TV2|V@$e4^pjF04WnU?~Hi1saFgT4YMYAS?;tM;+B=R6r3|E79H@SF4&HZ~U#&dT*}BI==tc)I~4f zy02k_IQ|w2m43<;B;DS0t?+l*^qT5#ycheH>Avu=v5_iH6k;^oU3Nv7js5Sva2hwvW?lK(T{epC|BN@AVMFAtA-v|0Wm+g;QS{$=10|_dDLgOOgNzr%vqUOiG0&8u@aFw%=rfS<*hcF@Z}$8 zIC~Q&n2+l}*h0|Gc8{kGw!x3i&aS{0GfwYpyy43esPhJ>l?#OnquT}ZpUuU1Noc= zTIbw3m*CmgxFQ?Fax;hn)k_Z zE5?ipRP_c%Fyggv)>BPOyN?_94+bniG>sGFju=8yw#9Rx)vqqGLS4`Kh3<3m zi9sK6`3c2YUCkMlKFq?b!D#GaYD2VT&+C_Kuo93z+OW%dnld*jTAsUU5!C6Fpy zb%ek^s1iQ=ipL?SGDi~5A9ONX#1`8BO2Q)?)K#fgDY6R_QAJW)BKzO}0CBYgPZX;4 zHj@9M8)8g5#%Y2VyT<6WyA-cp02ezFbTqLktxR!^D!iugzYN!Xo0lYwKdy-qSjRLR(7!M3QCJJ?>n&qiqQD7K_%vMbgSst$$aAvIRI z3U42uBp>h^++F|b>RN`dwIpS1JdRidrM`$uGWhKxgm_)_tS^{oGh8H7Ctur`1AYU~ zShFf%Y@>+NJ`tX)#2Z28aKa!ReKSLcyJX-}^fST)fyErY+*_^Fauy#2fMHWA|saqP-L$a zvX43rmzX7iN4Eb?+zsb5>z+|j4v7lG?Q{cl9A+9plemn=&n1>T{GCU&(HGfQIt22K zk#`bdw4oYF1$o7WnVu|(jyU!m`~71Z>N+aKA!f(_)1o=!S)($eN8A=~cil1< z(9ed7qg(fC3$(wkUGL}ht>FiS(vMA!6Fh)CF4f@8%11y`igcY9PVIQvYa@*}ae z5U#|#f9gBnA`Rt)d%hx+jt*e0)BPv9KwNsLyEZPW!g1>3Tko#Pf3IO|&jl&fl^xJg zNl6;~0#f-9n0ca5G-IZl<6NI1a33W3v6M^m#)&HX@FjG8?@ED0GP9gM_)h!VpK{_e z75IAd^XaqO{`PyRNjcW3ZzLF^@+a@@eNGiK=mG~j$C0VHRnm(y<79+PYa*WcD~O`( zry6=ui)_4^RK4t{eQKjNP9zo2jK{tWa2E`uiJ)+c2)dd%!W5;N_mJ7eNkM_BsiPxv zNQKpqYQoRK>hT}Py$Z%@x{ADNM94n~zWs0yM*_hJzH+jb9#QM~WV8$cJ3r6TylubERO7EbU}CRP-+AKm5slVb6bi)+Wv) zfK(F6)Pf;i4UPOZyFukBFuZ|(x|PlHJtA(FRRup{t{RKe)?A$vW{ff0z>)b!u~PlclSgGh7H&G;8WOB~49C#@NT1hdV?TL@c{zTstL{AWI0#2v04 zRBpOGzWh7AT=WJVv8y6lZve=`6tNa-MD}b6Cmks8Io-=t?Tc!t8>A@X>X@LJLsiEk zQX!R0l=NTQG=wPn2e#5hzOOnC8hm_w++Cetk6BpagRT2viDCZ+YDi$QL$IcOHo~Ce z$XV_ky&`JRUiT{fJ|X8)6Mq%a>2#zwfcM6Ghi_YviSKmYU+;-`@A_kxv&O5Sr+GWL zI|WN1cXyA(gauKKuCy0r)Bc6xu!cLF*s|On(O{iBWcD*q06|I>id09s--2bI75%p4 zDT!(dAVCk#)jf(=MyN9gc|9*fwp|TuQSo+}W`_|6`B#pu$C_Q}!OSMOE9IK;xYyc~ zM=&TL72cdD?KE4Mh4&VgW;ae78E+fPLn%@+j-5D=T3wlx0J*`@k&A z$bF$OPMtwYZzE%^Ds1~*TXRc>GSa6E`xGEe)3)pIW_ioi6uv^2Noa`31j(T6%1C z-awio&(AE`6!Hi-lL1}fd$)6Vebvo1@wUZhWHwApSl22I8_@Fkop($u9AiFX(nr}R z*w-l0FwjM}3H`rE?GT{`s;`wR5sBtP52q-iIe+`)o zFEZ+Xb}wNHVDx2@cc?w2HaXX2mBldk?SHgn&%ojTXvwJ5j->ih9bgXx(U$zvn3O5K z10c^x`7OF~l-5s{%T9%=nraZa{o4Q}m2mlobKS*%*c0AV=;{*&2@_gG1Fb-Wgiz~Es>kI&lxyg~nb>gU&ujyHYd z%$nq0O(eAnp8Tb-Y^MoLn!E!{fNTP@7D>x%FdFi&<_z@H(bA&wwqxS)p@ZvL_j7pG z@I@Mf%j0%`8PWAs^Q%uk|BBKBZY<6Jw_f1~`&f-Ac_S zbQ<1}5m^LfSo&+8Nwuzat^XiVki->e8tJr{%DNVklH{`bZ|dTDi+ zROe;R`NEy&%07ckQQ_q&78)Md&7)bT)CFVAlQ%)1M?Vh2^e;*MD&c=*>fPYMA{#!+ z#c;JZpr>kKhnr8Ku*XE>h!aEq8%e0E3z?tyTOXN6(3dGz!p;Jbm~T$zQ=={x9v#f1$ie@QMtvSkDOZJ>I}L3M0-;N}K=Y52%dTsw!U{)% z5|YmdRRw+~am+z_3bX-bQXhIA&$zihw~l5x&7cV_8%xd{C}>?(PSPjnuxtevtV3oL8~-VMN>FU6xw3P%re(1# z>+~g8xP23WgBAKJ$pxU|3=jvb)0`^TI?pOyqTI9nFb#MqP<-zY;+mDgh)Cyb0YPR|?0-T8@6oL{u)gP^23@s! z8oN4EOChY(TF3h4t2Os#Tsn27j<)*6jX)v6q+WRAGcrK1rf9*<0x#}*bLMUKZaOTJ zzG%f|MEGyxtrjq$1I1Wt)}Lzg8H90I4e56@%%+#vldfVmuM9fweAaOnsZ0UGo? z1ZCPCH_ewWY2J2mQzF()?alDF3VE_43Q2Q~b?seJt&J9$kohu>(mzXDbb?To!gcCYB1zWvP5bg=04r?U@8pBrZPG*QR92=cc>0Z;mC% zq2*O#5g?MWv6dVxiQ*Z?6O6A|w(XLPO{KIIS)C$OUqBF?KMKE%JfzG=vdgL@J$x0G zh@bV+ND1D!x!LZxW4g#8%c0xxJ)*dH1HOs zE}##Uj!(bOu+|WK0&y$m)m;$gu)goe7>{V4!9)mIKmlxn97~t~&RZK@$Ld(fzWKM0 z<}4~K!zS#5%)lANMs*r(O_eUEA~pA&r5Z%T?;lC5p$QvqGQ0>@bi_w%mhO$Y7*MBH zlaFNUxT<=DzUs5%+KK37e&D%M=kf%=S$20)Fb1QP0|2*od?*Sm)@;<$WN(~SFWo>I zdib76bCeOCd1;ovvdw9x8rJG8##Z_wP2=pxmAvL->p4q{MELv-sGEvR&}2BVhOA)O>pCmKjwF<{P{D&CIhL2q^b$&@L`?X4snQ{+AFGVq zj2vpxN9l%jQZ;;oa;qR_e?dcZ68 zB85BJ7HPgEhQp@CX|Vmm9ld`)-6Ieb@H99{;TueazJV9aZhhcJePY`*gNK|G zAdRc_>>!=>#2w3R)afa+Eb-QiNlKE?J%nL1tL%xO`jQK%)T1_o(IzV}XMqt=H?{wH z_|~^~pQ+Gpj9$!Kc|PdXKQQo@qssm@YC)94q-^d zii+{CNXFOvT_O)yGD6LQvkJ%^mJ5cVtFQb^UK$U^|J(U4$l8xiQ1=EwHM}YBYpQy* zuCM0g7?zUr7kOSPKae_WIDsv{o|mh^h;pBXDJy;)cv9gW!@$6@#9-x&&9*kBz^6I3 zGu`sr=zi%abWk5sQwhUv&8kg1K0>O7uSsaSSx5K7cRii5gE?bjmicR9P9=rVi|X zjCZzUjcC-69yu0!)^(t(92*}bAXbQ@u4FsPzHUtfzS&qD7J155LRUBfzTSghkzHRY z*ro}t6eS>lQL5cKe}K7X4JL^@U^1{LZqrvL?IJ8yP4m0nfTmsUG%%4qAeI@auF(J1 z121RtS#f&+augeLY3J0_9u9VbdS-DxL&~PD&snLnsPfD)jD4A_lB7#DYGs{o-qs$Q z#tD1Scz%=yd(^zw0dpk>ZohmsQ0__s%mVvhw7T$1UE1g|+hFmY_HBDNL^{8LIbC)W z1pdm#*RpmO=J?D3%wlmD&G^j4XIi@^hrJJ3Z-zB@5Y4v>%~@=w{w%`Z2*X+8_Fh1+ zf99+J{9ecfp5GZb--bPb_TsE=etPZgSy{a zZ;qm6J=|{I0{L(RF6+@4#D8gR?R$#sW4bMO`P(5tMtZnHt~H-nb06p)><9F4k)VwK ztRVfKICu#v+b(yG5wJRU1Ui2Hsv}AF5pG|`pO?XPD^O}|xrGJVh*9gJaQKFw1Cpc+ z4E^U&{iFiK7c3Ff1}qbyA%rO|a=4hrK6G)V0OiDr;`u&aV2(C&!$ydOX)9A$(Y5&=v_8|N@cnOLu>6>NI@XtB7tF-FaO}1_~m&D{tIkmf;oq9E8 zjkpK?LtvTj_&sqo9G6gVg+OlfMlx!``#TV9{f06G>V;`r>3ui_s0oHsre$BU?5LK6 ze7d$(wVDI+^t}2Aj#butD-z=T5vbs)D>Z1Y6o%jH16*tM9>K$gZ5%B6nr&R1&b3f7 zahGOF&CK6aHsuAsP>wpo+md*_j*EId2D)X^Oq~jA*ER~kE?eaKfE7mnu~VD=Dy+i1 z^8+b`(^*%hcGde#8ql%%DM)AR_abe)l(j5lWn=l_c0xm;~*SX8W&?=j|A+2mA=~EG*-LS&$ zgDTJ@GY;8Lz7IZncRz~U%rE%Q0w|7whQ%#~21)dd_MrJ2OnNv?{DE@g#{>ha)0EPB zu+JP&lF(upNsu-sPdUvrfqu)7A^EJkF~bmLC0e5}XeA@^d>2HT=R&L{(3C&3b~jdb z2TmKZ12^rn8r3sj%NNECF3P01Q0)uiElMUSel2Qr9hY_iPhB1S%4DC*P|p*OZ8h&( zf?cUXD@F08tdGTLRmGd-F9LVT%JNh|;OD*H=R76*ZW%`e_wAZzFs_re6G=d+-~!jlZ06x4iDfFz*9=J z0Z$D|c|fumI*`)nUPcd`iwkl|j-xaXr)=D?!ivaAOlixkv)B31+7uz%y{;TY^xrUpI~WXWSV%3pV*n)5aTc#Q2`-Q_of1?ocbRtID+^NgUc>sJF@WIHIi z6x$N4rpB4441OQ((7t*Svz!V+nO{#}WXH>A&+mPS9MoSnw!e?*7<1S({y_S$J&;>I; zoOJ8iy8Xk^=h?C!B|YDk-V144P0V>ns5+imF0!b$ANdvMSV2GANKl~*m5StTywYcJ z@t>>IuVO=qQ{eYOD3K(@;z*aPAdJQo)nsarr-wkFS5qK=*TY=eXC#^D@ZHjH;WyYC z)>k;zVBkFj)Xxl<0kO-Bys#^@_7o z$rkUV73S@=r5!zgCdu=zY+mwbl=jisi_$^BBcFsyx&Y+*(bPfwu0z& zhT}-ONNn%cg|aD;)9C&kf=4tblDtfp_dMV`20BGE2-R8QfmP!{J0}!Fs51G=yLF2l znvz_slm(1&E)Fk<=R*_x0sdYEc}(Ej2iQQaH)NNn#wTapWPnZe`B=s_X!{ z7ODSm>$ENHcxDsMjqt%ndG|uBl{Hq3%F&^FA0CH{Orcu_HiMz2SE$qB4zJy2Gak|6%y(Azs##&>qr%*B1<`2GG{N6WR^NF~{)bhnAZy+kIzIpswGaKC`+FzIQ1I)71@P1`&2{ zW~jTzBoEVHl7mdYVsWye59rd>Bzn-Y)MEH1NB1sPXrwTj)ps&VArQxIyIW$JsJqm| zzLXIeecHY;!WW|`3Fjm2eMPHoslHA=BKY~t;d5sgU1tergIc$bQR0#l1p5hU8dX2~ zP0{@i;k{{}eYwiVa}qel*YK#aLE-BK)I9!n&M}>ewS!yJwnF#fCBjVD2Np zEqB7AE)?Y>h01!Jm{QRi^aXDzE2}h`#!)T1p5aTt%TCa_}?FmM^zN(J=h=hW__wQRRq#_|TPX$_|zXH^BQ{>C_ z<>5v`%X`v8L3G8GBsaN&-Q9o3(c*>IAp)B1JTeZh^G+ex$X_g>YY4oZ=81}DUFu>7M? zcS?(@AyPDIZBcuCX0Kt9kiUuu*;_bGUiBuzJ|DL+?nlKO1NFcY;11DIkToEK;Jzf! zGOw&&HfeR->=Z6~fc8v$*Z?89(i0(tynmNdzTAs~;!^mLoCQ)U3YDC1H;zs(w>lyU z1}5TI|4^?$#YKJHa9J{&tVE;L`Qe-aYDZ7DlEkSh_cZ+yN(L2xCY=&V71Pa0kS#PQ zw(R`8)Gzw&ld51hF4;7ip9XnqIa;XyWx3v{xLW@tZE|V>_}Nbcb^b|1rxkgr3+BQL zWtbrKu&<3XsFhxPjQj zZfN!lPVp~`#4;qa5K?B%jcg3sZ2R>}UB;f!kJwlA-Oj4{-)U{Z@^4CiBh7m5A8j&K zr4RNSn-+NXPZd~Thc`Uq_aOw4Fe@w6Mux1wvf2@|igW)PT?(gI>z#Ac*ftQMZqqin zb1?B&=*ZeSrl(Z*1luy4Go{+EuSl>bS1Wc@={nRPCm>=N#PgA_8ZvHmg8~U8OCc$u zkn%R)57H0klTJH>=T)78_ORU5)D~0h?Tcvv4wy2JVmFL|Q&UpLAjZg|W3gQ|s^gkW zzozEvyQRDOrv%dVe$X-)Oou5Ot#(ge_&F)ezy0h~k*8y2w_po;p1eaYiA(>3I*PkH zW9t19Vs;Dos5r8*d2ctQu?$=b%B?7&V?O!uJ;yS{mgl|drMiySk6RbsW89j*_x^D* zG+X^Q$nnSE<{Y#|md+Y1%v3Y(tJ<8qkoEPmIpS%!Gd+1_Tmi3LPJ9Xh&(L4x0$O*t zDm~VPa!?8c;w?8l9Ykw}rD9Qr?CGUdunka49}(b?tH}G>R_6K~YKj=XQ@V1y*JaZy5lhWQ_yOtCyKF_(($Cv;v-kZ^W0@e2j$r(aj^-&#tYbK;ZELH z>MVkYeE(?EG*=!E%nTts+osln+12#!FNIftn^patLp=|ENNK@mmDmL<{vTW7uVlHg zLRbfqg87b_tDGOq&+{J!0&rwx1J^vC(z6X{8a>Pe=A*O$dnS>dkMDl#F!BP6AEoV_ zQ9tIESA#F9g%T{;^~mwZalzit44gM|;UNgIXgsW7LD=Y6Y39-k>3-9UTq-8U#Q2*+ zer`C~{iUHHvjg&meRA&)7CaBF@de>L)}CRFxT6pWP1AKP7k&ZPkQZK7!mGpRh~(Q` z3cNO0@b-!nQ!s>(4oIW?@;3OaB@8RwU$(*gbqATD9OWtFzLhT)3DvlaM0BA+K&RF8Xwi0T~1+N)>GHMS6@q8K75rmtuz6vItRO7 z?bq1z11H^iop*unf*Sbdsa22iX|4ZBDNZ?m` zU+Cff+(Guj_Ij9tpk16R;E@qe;ijSazMBZ1s5XwY#Y9)B=`yD0)r+7{ISTl-2$*D9 zdsm06mSAL{2mZ$+sQS+%a1R_0m%n=b8u(Z7bNzR(*)-k)z;cdB7*0lJGXhw8!gqmT zx3ST(Piw#NG++&OHa{mF1gj3fZ%-8(f-@`Uw@y*~j`Epg#y(xMllz9>^2~KBNZh>2 z|27dqEhviq0^gQQunwkl+UZVs@G>LmLfu6_9!7F_vX!_AbXRO}YMpB#5lQQ2eD-mn z4oJ88sRh`(l(JB^@Rf>{rPM3IQ9*G+$H&0O(`<_~wcTaVP@r77Bc>Quq3uco_Clq? zy9T2IzKN=8mz-NkUGTy9gME3@JtJvpr@gm*@cj^@^eq+(yyVGdIiFxRFrA7de%hGR zo}NoMlB6Q=TzZn2MFLL^fs$-M$g-T1i6km>l8XB|8qr0vH(V^dpspLWO~2@xYFVzp z2g-uOL2S^89X~`mU2>V@$S&;_J|nSuN1Y;Blld7&J0VGSm^V7@$#}4hA#cAm(E!;Q zA?~4tbVIS;6o0dJot(RmMMaxNebaxDG zMM*AknD^5FqVcyPja*%~w57{bp$J1tLoGyzxx->oes{lZJ?HX92F{t!dwmLtIW0n`Yuo4D@YDTg%|@MDR8DYc z{F-WtY3#^s($GIBVCwt@nW6%gu4wspgGDgLQdHN&j>Lxsxxrlm2k zlzLK^s)!a#xKmJALf&~x+^Fe8;1#Afvh>l{(e^zm%Sm|{rowDl4VAHWeCrEE3jalc zEojr=4#i#vR8jPXfP!e27*~1a+8e4o_Jg9F-&#qvsA%EV-8pHW!U}k+IDN~C&r~pb zN+^}>ewq^tFFKU-f;eU{)7&cIkTOY3IAyqSR}BA|W6X%5X@I=@x(y zR}_kgF;a`s*6sOxo?NUouFBBl+NTJ%j2u_)VuoC}8C;P2uAZePf0rtxxUR-@nSp~h zj@;A`2#r}pZZSFu^6%eOBVjQCVf<8^zoGutziml)lrU3aWcr*$$<*c-G;?(KdBhwd+4aSb<5^N@f*V=*H z$V<`rJ%kiLgqO>{T?Dtw{>7@l3yNLa*cUKBx03p*K}i=XO2PlK73Jw{T35~643-?E z_<}n+057tYh2n{jSN&JJ#jbx8B+EswC^Mi_e0Oz}or)G+Sdstj^T(!aQycoP&kP| z&L}wUxh#sQe~s!;!3@@@a@_JJPA}0~99g}dd!G{AoQv634COe>v@e#Gt7kI0aJiNc zytbsWWQLSrA$Z8hvfzH#ba$H=jq1FhB5af7b|bXi)l|7*_Xpc(lOw@~18kORWjjxD zV=N&yU1NcV0(C~*W;N~~iEfO9--VjVR5lMIS*H@#m$%*APw>jjm(}eX zEO!sb-5dT;v&SdQ7TkAt-wx~R2X{#iJiJA13p_5ar&mCY&F#~dzL!_9$>Z(glL2-> zPR%A5&(7`%_NQk+j?L`@tao?c4D0I~KRDg%o434oxBE{F3hM<@@>*3U@6~rs3HVI5 z(kBnNM@$avcaF?F*k{Ph-e%c99oZxN!KsB$-K-iBpR>^)q|Z5rS4+;?v!}H`)C}oT zEAWbwVJzGyZ$2#VSed*5$fxJJf~HZC$E0{`fq_{Du?>jzK3~0(OovJtGn$_dyJ@w56@Xv3crvR)`b==3wBh$FDZ+ z>cpMW3T7)@2J|bD8bdo{h1vpVv-X3i3GpMBF5-pg6<6=7Vs(aV{zvC6oKf%xt;0@e zvr&dj+B@aoT_~LF;`T}OW!@{MSJ3CjO=a{>9p2V0M693L^mS{PkY`ch248(Hg}FJGH5eqwGCwV#p40Sn3LJmc{GKy-8Pj=r=TtBEA_peWkos{ zn`o-i@-hnJT%moH zq!~dXtj5gzrX8~1U;7&KTi+D3^ILb+>F(qH{HvkQb*$XzXlZ6z{}`{dKj|DyD?#cz zUWrsRAS*1qm&VorJEAwuIZbVg!BM8Zq{e7=3! z+bB4A5xLp!=HhPuU)4&yY-Ju7uQ4GaFEm03^@Xfn$2&OH^553jq^G&m6U4N$y0uMD zpsrbUQCs!ME$mNTuhGrYTdjY1^=8-jD6MQcteay$hBNd3lWc5^o{A8o;KraSS5Qg3 z_`~)e5{Ebphiz0jrB&Hy(5gPgtH{8_?}|>8b?KA)BLuVcx#ZEpn3PR(VjG_}4IXsH zMa32Ten8Y1#_%a(GIE(-#~E5oTA%qfE_6? zYBZyU2Q|xRBPGc&c0IGKCZp}7#xkZ)Bf@%s3V#z%sanbE%z1Nd@BEiZB(xANN{^jL z{0#rIGkZj#C;l_>$-3qv9X)8DWHK4m(`4X?|7HQubf_GDRELMS2+%3ng$lHwVUe;E zJ7#z6g&9<*n0Wl7Skmn( z#MQv)XRM&h#&i84M@ZlDY7N1BE^TdW9@9^X3g_*KwMvUcR_*S)=k-J9P4$C85v-nX z9;c4ed2oKcXhS=Cm#9hM?cw6QDOXyUE?(3l7TpFdupl#XV|f-+ig>MD>;@} z<{`4o=J^HZO>#1NSMToPun1)Wdc_Tm=X`xYCvGRJ$3tR!b}78X;cG%HoF}g^R0(y{ z5SxD`Vi;B3wJK7#vOAvtO0o3ta-Y*V+;!iXd{8~wK*KSy)RX0a_0YbMM&vLrB~!0- zFRq)f1FSus%HMP346DHI;V4l|hGnhqw1A(}tc1b2!GFDq&WRFyZt$4}pEigHX3R2# zlLX(ZAK>{De>FFi+<|gRLPOZpBPFF^ey>^x-x<_IV6vVxo*S~ zm%E%t{@sv61Wy8IEcvd{OTovM!Tg0r&z_$(0ImtH@7xKKd>rr_F9BVj(Rd^cGsW;A zT04xCqa)Q`#yh7~p;ELz(SKldjkM4*t#7m*4xmtM4ChU^`2iSk!Q3P#9gIv3a){A; zsPQtr{$J3~H^2h(-#x!DiM*65gRHj!)Oe~OLyo|B#lnLgdU8q6#HcVv+>1+eFoEP^ ziY_hncEem*v-E)N@rv1M)l=h%%>ht`?>L99SIMb5zYxRKf~4I+;5+rlCVVkHD<7TrB(@U{JDi!t(E4;6ZaHI&{Z z%w$lfCC3r@g5t4O_FXNqO~h?3tl_4~_dfT5y40z`An%E|R&OX+IJOQT$MRT#c^W@6 zRUD3~$Es;WA~hmNU?F!O#G1vb=nXPfN?$kvD|n&0K&%jnklJjQ$yyes_!8oAUurMq;C&S$nZ8i71j>PCJwPGWCCVEDv>*x7)|Mg?w7lwPh74d&9h!DJHwcKnkm#{2yeZFta?Op7a%tY^Wc9h<5 zI^JZc)Yy%Qe^lZ+oW_+y0D9%_${$4QN&AakI+yl&BDl67AdC1O?Z8Tpz zUT)z|^*0K+CgXInad>)o|E>jmvh41mlbVdc;^(<ysvC*~gVqi#>Hj+`#Gd^tgKA z)B`M)%+O9tW05q!-Jad8Wh6X2B=Bq^?^WHK$rEwg{3SY{LmITT&WHk#y|{y>QA;Gw z3+;HF|5)uj`Wt%z%2*5?{q|<1{J<|T1SeKaXA?8yCjJyQze1#)L0Yn$DkmyMt@VM1 zGPP-S+4RK5`<_1(XetQ;H9?N(28MKZk*gRn&%ds+vjJd;AX~`<@pF}X7kAY-x#oPF zp9br~5DD2U@|<&hb;T;vB9r>Eythp4gF^Yf(n;S_toE+)>n6@e9s+o~cj=bp6;%NL znx6Tg#7pgE*eG^gvkF*Voy82wxvR60GH(41P6dv~TCdE1ccd9Cv<9jahAT}sK(jsJ z%2I@NooL-o+Vd-z%E{G1)qs=7LCIo<#ae#x#x{*W_<$jSGp>i-0qsINhfb5>+u<4R zwwg=MIiZlwh}=&pA9~o!2B&ZUTfn?71@`O!j_?3md4yO1?NZnP?Kh~oAEeqj4VXVG z<1Z~VKdXK}AFe-V+bc`&F&{B6V4piObH8II=;va3C2QGvk*kM}Yv2a8ROh3`J#lB% zrvY-O`OedS}r_xwXb_3i!pvS80TY8$k~le-Hu>` zj$lDHbhH}LkxwA`ZSH1zr)#Jrj`GYWM$Rhmo(BvYN!1I3s4OZu@?UW2IJ4?KUG;!H zl)p047iu<(ZUEwlRCP@aDeqw@>EMtx6+sg;&(%Ixy#~RVmI08E&;J9xKtjL7E)MQ} zBIdi`^7s{gdhCW+4~wmvgR%4$N?%GB4&xEih!DYYtH^|AxUK%Mm9WbC=W$CgbvJdj zzz(-VTUJmhON&G+;)FxF?ZmUShKz1Px_6SnmHCX+(rjnjw6e7Tf?6A3C@iRj1nocM z7Q0#$;<-F>5YRLwR8Dy&sa!+I9a<4Rx0*?J%j<*5r)y$xqAV8vgdC=8`xe9xu0<}5 z$Brh6xK`E!=U~w4dY&g@3i#3sCfS6X+Y)FHJ#H|pt+=X5*r!sX0$U0-m)ouxAyVwG zO4A${1m9=1Z{Y^*#4BxqBgM#93fC)!^SM7{f-FVMXY0nRrN(!u zNbPbHbpoRX1k>IU5VZ|)G{8a9jx^dOt!!y^M^w-*I)sM`Ss6uk5Y9~paQBkU!cOI; z2?MseucRC;SoASOI6i_0oo->ng7oMVp-PE})2wXlZ&+{qB!<{wE{jlFV}sC^SwiO| zlYBncY9jniUshW1Y{Agf7udIFr$^Yg8I)vmEiOwF34*l)!HBq>+`MWAc-@eKoXy0t z6daP7E6Em8tw7!vP8}AaEjuAB zgg+RAwmdcetx`~y%Vjqt(mFA&%-lfnD4eNte#KIl;q52bg>c&_cmu!4gk>Kaq}HBm z$^U=$-o49hJ}6oUf0 zo0&8Bv)@&F*9%|)D6rXjHtxNWMfL})~y-v zg8p@;NpG{3Wx?p`i8Kpjn{Ll^`J)nJjrgQa`H>QAM!+%PpXZ}-C7urNKXBj=DoWk* z@|^Na+^Vga@gxx2S((b0m4{7CmYz^{Pm_|YShA!!mn%#+$(-sS*>??gu7LeC_47X8~0>b08>qog?pk?0s~uiql|I5 z-J+=hQW?CIGMhYR&LhJ$n*=dyq@0o;QP<8z&UA{^n23TDY$ZYwcjN&ob$FyzvkVMV zQ>8HjV8kz!uNis4@}p_>&)|NuMSx(sOp$O!zc$9&&#Ws8I-m1IP4tX4*r(~bRH`;K zQZVdXP_#qA78WZNOp;ub+6Eg^HZUj*zHVBDbiz`yY(6Ega#=D8#c?EGyJj??x-@ZU@WjBg@!wZNo$&Y#uYjUB%30+es4FfRn zuC1(Phv@W~*YCpVGqv5|KkRsw(ZR4Sa{c-pR%=3aw}D3~O^WAsv3U++f@I{@UQ0ls=FmmmJSxu8=x9OsQcjX zQ;qUmvLw6(Dm_#Caa@@I?evvAWeGJFHcalZL>;07QCI{^ucu=&+mylfjr?y zG`-uP%}>Rhkec@V?Xt6rW>iW(%NUFph!0+`uO24q0@>y)VN%j! z+iw%D3oZ&?^1rj+ZC`7Nu46A=1zy?Rk(RxwyJ8*~qn)rjUM_VW6lQoUzJhV+#zJBe z!d-Xm+T8N8x5+0`(sWl&QnEg+l&lYW1@pfO1Ln3UXkN+*yT@qrJyXHD z^1r@5J+0<{ou8ebem&%WeTYlve<`J_JqIj&m#(??UQAasrwjJ2CY8&#FQnQSzb2Pr zy)F1+S(2mVn0!a&l3$8qJtnX6WcsULlXq7y{$ui*CoGq2@+wtA&78C1IeBySdU8HJ z{nexAo+)_>O0wUwbm}CuDHk0w+(hz)JkidX30?D(^(MkXz4)tJz< z@eB1_x#kBe33EybS%|`uf+xgVO85<_%3@poUiAcSxU9PB&7HKm+9>c?sU_B_FBfdS zu&ukKy6Wo@S#{lcb@)u5Y%dbX_#(SmU$wk1Q|L$5QoI^-zv`8EsxwQtVGRlAbe|B_Lap7Buczd~E}UzRK!dX0B280g%SY3L9;E5Mm|GX49kjIay&DkZ ze_$0#rTeDZ7z{(Z$TE@?LduDI-fN8K#Q3f+u3nKN5a=+lBVlV3yIyZVzcMMrreuVc zB~6x!D;!&Y1FcOb^rcP?l0X*V3KngXgAjVl3O=`PyDSrTO6}T6R-oP}B`Zqp*r|8R zCW_hNfuDmFD_&wU*J_=ym5IvNB^0=C zu4ZtKq1))kx9vR7TrF{8VW4wZxcW4=O!2<({wUQpS_`Yo{(JSXG0wo7E@r`IYU*RL|P}U zy|&LiQ+-|hWH^dH$ z?j!tK)DCcW7{igN_{q#uB`kze{9+JeJxh0pSTz~eZQAiyf_oxu&;ZIfH0;aG=d zVQLdRhi0bCqXh@LWK4~?vz1)S^7gAt!IQA)#M7mpI%Ni`SZ`e!mqLPk0!=n{dmB{vvB^GlIiKDTw;a) zheCk0=YO4_Kl}QtI{w$Qr_YA`uMcqz_+K9Z|7&M|9TEZz6!MErxqJzY!yPYOsd{%e zU#ZqLxas91Rc{Y4Ujxk7gJHgEB-sG;RVPfP7diQA0Q>qRoM8jl*GG4eeE_hp+J=qr zlT}}c1^oK!U7##ejn%<^oNT22^dEk@Hu}K|>MC#74A{*k)Bq6sq&sFfD16Xz~t&ZHy}g$~_- z+K+#|D<`I*k%6m03#>ZgTN?$Yqk8q=YWBGNmuf9qX0A3jfAn6elAmY#g7s}jQz(W0 zKH)i%-xEpJbejnptoCWHR&osV*AXT3`HwzrIqIZIxd~S9^)DEePmtOij`SKXQtGZ4 zD%DSRU?l`b8A43JV+gz4P$jW`mEt|i0Yj;MEF^9rbfYn}SbaF`C8=I;viF>(5h$l- zqS*Z!E8?M$U;?E0Z6m|IKod- zaETZLA(uOGBBARh@9LwLlpfs66=F0^n{CGCil&Gzdm~;G7)-|_(8qR;)Q$T@qA0Z6 zN~+j*!_5a_ZL}FQt#q*KeLO&E$5ycp6>wj$!|IH_WCvSM*IS8{>e`D&LiOCxLd~A4?JNCf$8dV zjVA01ZT5w`{&km{s0gDXxkBT0G-)=}t!uhMq!70$w*c`Cj$QtI27- za@xmsGcxmiGlD<;uHKAxCo--^s2hgi>C#qnRP!!!MyOJotYc7*FUSnM?Zd&4LEhTR zp_9o3)f!nAn?&PamMl+oWppeE8*FwXA+jCd9}BuQX9l<+@#NUGkWC4B3BXu%wa!== zW90^?nY0aUEOh1J8(n+*X7qwB3Yr38oScw<0dT@MtXQz`+4dXwfc^PhSOS*hT+XVc5p@~6N2Rc+CmksJG1tQ3u|%k9mGRC@RP zW(55+znj54zZt2o--M5JfUKHr=Fe|Nvu(-b_-tIT^;jKl-?*>djDAt;esZESG7ue+ z{CB9$N2({g``TmIlhqr~79Vd>!m&*2CQn(BZ8Z#pVGv82FIYMyD8M0>Z7xazJQczU znp?Hi(Q$l;hq1&c5ZuVRd5{8u)v2xUNtMF2m2Z`t+F2F1aVjd+a_d!bHJ%MdPf;B} zqX*D58J^Sq>G{{s{&nBEFk;Z}S1<2R&Jj-py1MIYx&L{(JH)n@e>1N2pG%^aTFil7 z(Qi^PJXVcr+;Xgv>e1?o*mvy?o|n(QY$6(-^VMecoSe3jOB<46k4ntC3bU0lsA8^* zg05DytOSsh`OLWTvmgr{rCYTOGKusE{ zrkd;%6EcEtG~aJlX2?OSgO~N{;Dmb~Ap(3@NxoApY(p_w=P_y|Jf#u5q4}0LW{dK0 zeMiU=l2ai~(Z#Mcwwv+yj96hBS^JD76x0ZdAMfdBE_-#}h^tJA%K4GkSkSV0KNM|5a195c$gqSk1E@u0Dan2x}9xthyom<0EZ~RmL)iN z6ri_bBf|i_H)1`;`DUfw3K!CFCcLNTyJ|zT@vhBm2Mp%NfW@xSSr`G_8ct<`4_%_v z^^)>zQv{3+ZGe`#33SX|iZnDyjoogay*O~m-Ej@rk^{EnfGs&-OAgqQ1GeOVE%_-} z`I@h0`=6Q@u_+H=0qnB>ou7VLxBor;^2@>g_aUyq{`ax$f3^K}a0}oyw%=?6tUM65 z0#^GNvIAD07%YKa192o!N4^bxCR5)VBq?+4P3+3dIjx&lCGFKzQOG9(CUAk z_P_II=jZkMf9GEh@qZuW8ti``!Twj)<9fM!BQ^>-XqA0zp zr4#$m#8r%S2Ej@TgDr5d1wPmoSfSVkGhmf&2buv02NqV07g#WI*d$vDHiwjH!9UZ&_|xkH%-X<5>nU z13cknwk31($r&r}STO0o(kz#?7In4y&>#S&Dp;?>)uCV0qD14{Y9mX`cf}9ddiK=; zh=RPzlWdc+*Q$X~e|1BWVMcbb30Mx>!WFsKe#hGRT~Pxz;0L;i;6Q0e^~WM8g)Cb~ zkEw7iq0-e{@;SkxtR-9@CbHG^uB1~^s2RWwXY zeG*>H>!YgDNGcdsvtajJmLUS6W$=AS>=|kyGDnnw^f9_p*fz-jKl?GI&D((hJ@|^Xy(+~)`J}Y?e_n#pFKT4t=s>n?!m-CZX@wP#IU0DNjvea!g*b{ZKx0fQ&tfu4XW;WqgKs+2c40|sZn;0*XE z&VcH6jc^B4Ux;-G%xFgQguTjVVw0yjk3PbR^t-0_h-A7LtJGDN(N>dXqOsa0$5u$< zHKRAHW=N(e-?|X@TT(8SW-rm;Eb_2kgK)wY=7LMY?rBo~MUQw&ez!I5kTJ=H_i;Tb z4ShvB`V`T$O*g;IZ^f3lX)yC+KyIM$I9eQcL#1As^AsZK-ATM7S6s&c>!d zJdY9BG1jzTc{w60k+P{j3`sJ6%j~zsT%Ybwf-TdMW@3Si+Z18crwP%s)*^rzRI_z<_iECwIsS-)_Cr3(#cRtD3CLvsG}RS65(kKM@643R!}%3TxM3 z?9de^Q%;rIq2>Y-d{VV#0K}V;k`*hM;d~KBo-kJ{(oLKprx7m%VAs26S+3B>7< zidI)5*7<`mZi&DPK(86 zrTAGp*|vh+RLWHXe=Kg@qrj z3lAAPgONhu{L~E~L`H=S0)1430ZZMNohD0`ypQ3fm++t!mrM<8)jLV3lp^7Zod-0= z@F%S|7KfSY({G;91t|-@SSZ;S?g6G?mXYtSudkX|QJ#|DzrDJ|wsofpw&1d4g@!2c z1fMW->Y@W^HHN>!*Ny$y;3>k7daU-~&|rr5`y3WA7;qU>UuMNs*Fm9S_vMVg*Z3FB|n z2p>McF5tdS$Ue2~0{KY|qP)g&J&rFH}y1O9nF8WU@oDTTiOz=3z3h;4#gn~-yl29vu#of(oA&-8I-tDF`LG$R}FO(+`2pGG{4( zZ3O2C4hb#DfPqMEWyw~(v^d}ZS~=9ovTwS?zSp65EIRAPgcq%NmT}1vk*5-8D2VBx zWJCI%g*0po*rMxo=CEfG^@GgVToe#Y6P_EfDW~LxN0DEho}M<%Oqh$n*WXt1h~uWF z{*IX%UCRK-L>VAwyJ{Qa&~K2TR9< z=inldp8ddxQ*#kSpHrHg8J{FaXJ5(Vev`eT_q`20Z$j^w$zIWWzS^ujdQ3##j4;z+ z=V3HiT3%@(XDWnsN{#^7DQr^!qkx&cW5V@Zvj9?P>+~?W)VR5w@q_lsus{qZkcE4q zQzFLT)h3y*U4UANv_a*lc3Px1R$v9j4aHR*mJ5W38u`GSVoidvUBM~&5yL=ok+U)G zr7;l&DcDMc0>MaJwa?(85*}&Q&<(@XCITIyGD6J1k?K~(=rpbV8QOF{z!WVl39Ca{ zY)buy$2!V_&gVQ)6Fp-M6ie47*ucO(!?1HfQCov_sS&xbQSd2;xEaPO!PiZzz|2a? zviX#}%4NxDN_a^mU*t5CTKUnq>1de?G>puNO0}`P;nA#MG~MDby>U$4e771HtsIL2 z`V(oTaB0J&wT%bc%eG{;bsRfnaq|`eRtOcpLfmsEr{o7wGL3nkSl@zVr2~x%w0ZgV z1+?WhihINJ!V{7ELb;2O4XS5OI{|a*Ze(D~4q0u=4b84!zk3t28~leIuQEC@wgr+C zm)88yz@wCA%kxC6G+dwM;b{4F8%Z0QxYWcNga|jw;6=la)~r}@DfunKy{g8az&6$Y zGW<*P*^s=pC{1 zxhN8Sa47kDrM_30-D^SKGqw)2x)qzkZ5W*VF}Y*lyj`tWp6Y#OmmgT6A~$y1Fr!lP zS;k<*Kz#6eef7|70c4xAgh@$@ZNE*}tSyFhMC%nZFWQ)Sedb$_$|fvO&a8XM@G~Pf zIdm z(MKoCOIEB4E<;>HFF{{<&WOOT*)3}@N7V9syytz1#Z6163`)#_>}HCrS+OgYhfVmM z20o*Oy`lHN+Z3|J4pxPYep`F5S@USo^C|k3mVOd>E;zH-hrwJ8s8?DtgPB>b{}kM`X&dKTjVs$wqw*0YU7vu?{@E&;yugB zY?HiaZAkuB&adp6X%qfmoE5OBkE`zj+ZW9U=`AZ1W9qfSNV3q3zt}69Vt|+ch&~kd z3Q?AsvF5k5iIA0^c%=GuxW7^?AFVx`OaNu97`*O#b0e1HhvnRf2lT= z>vbCY$&j>6mZ1B9W#*1&&7h71vK_G(fFexu?Uej@%Zh@ha7b@SDb|w=czB14)-F$* z(}hGjUWm5fe|t}pR`&$iHQZ7qjc6l2%*GUd%(h1LzA`Ph+w#=~&JIOt_h3Izf4&8r zN}DrlNW0yR9%=74 zv7+kxxDT|+);K{fJ>&hVSyaQj8zv>oBXhNi6Od*p{XyYtgd zfC3bk(^KX`Allpg>h$!K9DSulMcEzzVc&}oJs?p15*g$l-u?JPvKqyJl#<WX9y zJ~VUHqNveEs*9m1saVX7< zlmadFg`! z8x_519_pGpSLzUTT$*EqZEaQC^EmdHfGd`(<7hu3uf4o4g@@_-ZyUBzIv+(ZxlRDH z_2jzf+lwe{q-RU9iY^V!b~Ie0=<_N)<0|Qs-j<+@@9P1UHNv>l8kuUYrU=!#TD25+ zaGU7+Z4;=b$V=JlYvz(l5#_{Y-{HmZRI%;n=<39Xs&4KUtGc#tYjr5uB+s$`+F^= z8RLAo%(s7;bGj5t=>=)dEUY?gOF;^{S`%K9&6>ze++{7?39oPOr{tYY5#(S)Jv+s@ z0AZY~ZE|+nXFe_E+N5us$o9T;SBtRiM~eDTkm@#6UErWutOa8=alX5zaRx z0zfFf9tx~zmxQmA^A54MSM=Vn=qpwvEboXF+2PVgm-=U2rpyVPT7i$CLG9-^TR6pR zR2shA5q@*jF*tmyqq z%Ck+;71UN&e$88k%O+xzms;z$oNcZj>f{noK1pIJz1(nN<5*LBC3W@Bx;Mt5rzt|? zXsdExm)95~W_(`KX=gtFBWCmO=JJ=xdNi)2^e>8aGMbW$d<#h&gk`}b0&@Xk3Dlt? zRFX1T>k}ALtfWgUp?B(oCjFzOMMxT1vtptxB1G3xFfI|}mr~@*^Tn8y1yw>zTL@Vp zHo)6inLJ?iI>^_0Wn&!cHpCW-A7*L^#T>?MRx~Qyw&s-dVy7OdB1*i+^09oDkLR`A z-)|Yq0pop_kLbO84FBb0crYKuhxr&@%m?@}BSpX-zRbt;W<{90?H`?7|!#-&9j&|=01K=0yA3bmYe3X~; zar~rvcuIS4|4wh|M-$7338ii=wFcE9OI^qj_8G9srV!hia)J*WpBafBcBV|!8$ zKH_+P>i!OS7p&L(xit6u)q&PE|^>fj#M zI3H_|tlho*towOdBThm`7O}q8Zb=x?mwJ0!yTv?8SM_wdBVtVT~?Y>eJ%^P@k` zmWlSs?&p>5oB`vtjrYq&@uZl5hR2xDD9xwcfBO+VxQCXCKfSu_5BB9ghBxt#>3bd~M>jduM1r(Zuk zJFnyafBp6OfdBs?t^xo5wAtx(}|tQ=k6)+oS(ARVUOp-;D5(9UcEXtq20RgaN31 z?*I(+5e{f~9GjyTj_iH?x)QTo&ut<)-7a7SL@36 zFBUBPUA%pJMzi&jVw8uhfc}d$%P+28{qgC$%FkhNaSzTx3qkl+9fQ(QAGx@CWt$8u zUml;Uh%!}0RrL{{s=zjCGPaog2Eo}CwGUOkLIW=fL=KEzhdY3J2{0QLzaQIn0BE4P z*V^Q|P9)lWuyPn$;=x|K$-VZ_H1z0j^j3h20;303*0KVMmFbXpcvY9zv=goCD3Z6| zzPolCD^M>S=iP%Ha7&;jjOPH84n;?e7ue#8gGv+%c$S+P#Av#BDlsLOw$$ThodO^? zd6kn(x?B8ZbG-%Iyf4+ ze^Mg8)g6}%rj^vhh|u_9AbWtabw(gH#2%S)y*dNM{;rK7cETDu3?zdU9Tf+No>Vn` zO%{#dr1Bj8wjB&lb3>E0$$!8!x7a`adKYklR%ZPVKV8@6yM}}#6qDyE z0-d~u%Evp9Uxpd?-H+=+-13waQHa#$*(#QUZ9-$!L4jF_w`f?BTUPM-7892K@YD4p zrD*LHeP}j<5f|06nejm`P_WdnyWaf!yK4wPA&DpoCf5Rjm&xd_cjd%1G^*?_5QtkF z1rDZq^}b!7>?u% zho&h+*$ZycCb5>3OCgzQ0JA_vk?JtdrAF=t;Mb5iCIEn_WCg-Sij9eyxn((LdBO}t z9m-JI9o4rnB3CzBf3VaS3*B-51T z+mSV_(8Os)-K~~XadobV!mWwkxZvXl$!u@Gp+6-tv-ZOMVaH_q<#Lo1jW)np>cMR_ zks=Lqn|6$>^5W_hK>^L(-sgdv;{`nc0?O_&*DZ_YMq;S zB(>F*zL7Iz5Hm&!w&1d4ja3FBN86e@(wsI@)!EES!>p`nL07D7j$P>NS7(Apb8?63 z#YMW}x%cy-d)E?P7Ywa~!&&_si$ol{Hwa+ck_cMslzl#Qe0f6k>#qqd(HhngUIv^B zd{$}A%7eOeQt*-$oKC$jduK*tyWEH71EimsC`+-@*n9c5ioWN-_ZnMtGvzdWPwIl% zfJ_*gAyY5KT9WyuP&$5NtNP@E{eB_Qzu+Gba%}N6V5;U29b-Ds*sL0$W++;5OZ}y` zrX@Gs`Y3H|QEt#2tMvzi&EOiCu_e9bqQI;Juv6$Hlg2hpBNvyi$y#JQG3G6oQ7Bft zEW>AK^WY`nupS6hodHNxwvqhSD@dTvXQ;W-w0k-np9JV8sRX!^GB0s0hRz{uO0C#kGxJRW*oUw|u+LHts{^MGU;I zxdJe|ho1z~B9Z~vjXH~S*rxi@f!xgZ-2?C7)yLce*ttglcgzGCH4q!EW_ zt+olgRrRNU?4jF>ssTdC-I6CuoILG0MU*=ODr^y1O&OUOSxEPQ7KSzvqu8oJ*7N`( zO+<^}5d;6GZv4}CfkeZu2fRfn=vY_C4ibCBs5H=NMH&US$l*KzeIV8YgVZOY?-*NG zvDZJPVMc+f2S$lJ-vSXs=qF+KYk)TeJ4PSn;<3jX$>M_H3jWm+y3i7~&@m1Z)Zm3M zM1(K+R}VLDdssu`So?%HL~&=9$Avri*Q2R!2N&=w;StfNKZH?4hDt;?x)V|n7dGKv zy=AG`a0>tG9a<4T1K7;IVHW-sO@Vmzr9=HzR49gj#fN3|YL*xybe|B7%Ip263$NbP zR(&x>hVie+kPiQf4e#hVa6cHNG1Q}Ho8iEaov@Fdt#$;7=x*<^?p*;Reft@XZix;a zsduk8S@u$`{8wVB_)&DXs750m>iV9fE0!}Ue-EinF)qS){u`l#*EEUgQ_V#p_}r^P zx~GS8ue{%(^21R1VW|8tRDKvLKMa*0hRP54!%+F*17B_RAJoKWx2$+z`G=1B4_}@? zJ^Qj=|KZvBQ2*hBTtoebk5~V}?XO2D|L|5f4tI8nKbX5sr5|k9kO?2mdMs z*+_;S)m#vEzs`8VOMN>q0B*@uhp({Jx2YzK}->uohr~i=Gq|ToG{+Us*?g@{JvcPS-ap^)y|dLCT1tzmaA#??aZLswpuo|`*+KP zOGN^C$!RtklhKGAvA=EjEzP>{T}x4U_ZUlzLz?Ymww(an7B9D>2bXFn*rE$supXT1 zXOuyYyzQ^Ums;x2;H4jRvrUTyQ$j>#3N`e?Xd@?gOqP?gQG1gGYsI=u^hSELXK=LZU_b|RrIo`VlXLcRCaODLyxmb z=x82oRrIJx33e03o*mvybq`$~9*r$J$;Hg2?vqgrZKoW2zXPDo5G$#=)xAeOpi!NJS_Aw9-7pMNSq=MFa)&F=DCNeF;kV`@ z3+vWsH)=njmsBo6VQsdNR5HQ6$E(5Asv#VnUX+bwE%{a8g~}K8`JvfD6uexnl4+i)sG1aM87vJgh zD39aZEt%qds+9Fn#$IMH`(|LN z?yodnlFpIN`~v~mt3U8V!FNW5JVQa3=sosQJ#8k!mMcQLU8&iT$fx8@SE}fY*=jAA zQ#=~mjR(AI^tTNwwtuk|n?_NyTbWs!iF|=ngf6sKR}Z$-!F2txE4^ZO&MFxd=UM&*p4VX8tI$N^^x%32* zc1Erm0D%g-ss$8qYk=`tiQ{0xuXen(QPT=v zytJQ8H1fYb>K2E(1)*dqc)~8lrma9pRkCw$)YTe?$FIdzg!^u@^&ogRIQw)#1)=3x zbf)B9)icC`?oL>a10OCsVTU^?rOo*la{ci(-Oqs1>dAm%aLCP)Arx0ldJ(mN78K}R56DPXU?R_LSmYs(q94Z8?jZqbrs|@%u}30rIR736 zXGjl3SJ!Te%4)Jm`jJ=-!?8_PIR4>u?K5`IJk&_m*Xn#)K9_WR=uu+4+p6cGw+SlwM zU2gNwwuku8V1N(SC28la;o&MZ(Uk2rI2^j2C$bvc+|X_%O1T#6(;CsUzhnVwY+QW# z+sebC`0|1!jNgK@%vMrHh=@S1b^d{iD;5-3sY~5~ZxVYf3TdL?zJu=pfQZRF**i>4U{5OV;F9_nWawGY(HKCG{p`(lLWz_(i$z1e&kAAEwm z7RI)s5N~NBF%)5z!u*-qJl=-Ar?iNTgt8m{ks)nDTm>>led|5j`p15tO(O_k7nH(b zK`yaU{EX?6sV{zbryfhiit?PW3~-r(mPa3h6E?mgH*L~PsARaRehN(WkO?&D38*2UxHGd9M z^9LxZqv8+J?NIM$sP{9}`}vsleqbNQSNnm-V{84uChxLyL6c~qFFoL3eAh=O!2pYO zArz+$D~Yeac43UbJpsL!=ybdYfZmYe7J_YrlfPTeW2B;0FZUvaKcpL4DizQxTmUh>kDSwFjpcL?yoO9i-Aa zxLE&uB~+!gMdt|aAF$GA&Ni#J41y}-C(XWMT^u&#TG4|JG3!dN_h~`L{KHFN+tjI# zB1twyTVQ@%lyzKmYh!q$A#|x%IIT(jC4IyfkfHQUY zc|`2o01&{|Z=hGyAVdp|ClANk0m?_gtROme{MNq6GI58I8yeShMRUI1WESqN(&7E*OV7X5S<-xfbn#_W_jv_6+^QSGJ^p! zgt{j?A_oJ9H(3QdyzwHI)+hSRpnG$P!#l$*U3~<<$NKt3Z2htrjjq2Lld3l9Z`K zMC}0`UZ<2xcHh1)ZTJuGh#-TT*d0kOEqop;u zI&T}CLoGpjwu9O#;>_wZDvjpH98-ZULUUU`tAjFI&4T0u*V45!tc%gVq&(Xc@pgf? zp|_EN;yk;=fOcb}ev=i2Fcr`FVxhP!_VD3#IP^dVJuGN%cU}z;*s?6wZTS=K z(mvw^8o~l}YUmkX@L9%mW=6-DBZwr{))s4Ri=(HA+LC+ME$+0))x8Rp44pjmNNbb1 z#!>GQ!{UnR#MY9Nl?h>CFY`v8M7Xp@{X_xZzwovtqqoDg;{M%8_W%!xVE6i z=nj|;f)i$xeI<&)E%>z*kSyQI;7Pmy-4D+n;3HxltW7=`$kCgtNnY2N!bQ2`W%sP( z<ng#Bc&y^(`y*8S^WQhQaquC7uOO49i3xLXR%T6gI>QqL%vi_y@XT zp#)~VN{xxj^{e;Dq89@lPiAolIChAmlJy)6H#k6XRjIPl0Z+lpA# zt+%$Vml)X5dmF~nbio#EpOt^B-g}INht`-`d|H;Q=&Vqx8|t_Eax>qL=-I6P@+B_pYUkf{2>@Tw`IGs>(Qz9i|4Nw?aky zQ!N~<0<()V=sh-l#sOu)sPIJk#0K{^hL7)z4Y@cBtzZzQUn{5(ExAAL2%#MB6)oth z*AV|7`&zq#(m6o0&^W|eap16q(%GgLxDu(MbaR=1e4SHpr2*GwW81cE+w9o3ZQHhO z+fF*_%oFA=NLsysUXlw<8IV$+?nII ze_WgR1F3g7t7R#$DdtOb_O^gYS_15iL%2q33hlkaUZGwf^lf-%1mJ7MT*pCPSr2Sh$6Z z3(}~(((p^1E|2VHl+S+>qsy9dS!vDUlCnVMMS>$sR z0fuP4Tw2`-+^6zy3JUC88gX^5W`0t!k$Zty|M_@5g%p$IINr|6tefwjdEM9<$4jAp z)6{f=6pFFYU+e=uATfu3dapcthb9>H8s1_tIl?#L<_1^UT05hrUey)NV2?lk1sKvs zb9}C$=HP&&1tub?SyR`wb`dj)F)Y{oOJ_3Q5+zJEmUs2AHo10oc2>2Xv#`(-U|-NE zk$O(NZyni*LsH*s6WK{3`dcl*A0Aml^!JhxX?^gWpjq>n$Udrj!mm+CaiF&GZ@!QF zPc8WGlh4P?N7u;jH>8aCZzU8|JOV zcEHYuO3rfqCC-zK;!Ol88eS}4OAV7fHJIPbUI5f|Sq`r>8YQC{t-IXbE^mJBg8YBy ze@zlnQ$<#OV8qXP@L~SXd2sUI|C|SF?SjdjW*5|QYPmZ4V&t6o1vyWK0wK37G9a4~@ZqcIK zECFC1GNe*bcThL$BA#;pv|8~aw(yHZGbDalh&&Oieh*jJZh=pKKd+;ulQ*kLXYqJe z#TVwO7|UZ2msw}^SZGO~R$vguFrI)L%Or2J*-~akTJfyT+UvFDeb>q{I7_fq8gn+U z*?ZM%0sFDNf=~HqX%)J^MkP@QsDh8!;&5$|iakoA5iz(tiluWF7`TfpYkRMS7)}11 z5|)%q6|{6ztzYZyL_6wmRmRV$@L+cNAtdlKsrEU9+eg)P5ot$m6B<1P5lhf0m;Rae^2D7Rmg=`13I+9bq{woBL*IGDV4H|TN=}I;j zPC2$(m|l>)0C4<0?%>goCas3h{Sv&;nNag`JHaKw{iNNe!Kt5k#=YB^6pVgUDcO9k zkTuU^=ir0l#q+BBM{e)(Ns?bwH+M^(0W5WqDtTyiot3a`x}DBP@Q2a{;3=1qWa?CV z|Ezqhp32G$0fUUnU16!ggd}XffL4L%KsH@O3T)7L6a+dseU4w$)n2holZh!fNyFtb zMtu^MW^FZpf;0eg-9tjL2g zcBU8lYJ|9~Q__ri`Zt4{*%Pd-*3CAzg;uoWtIops4kjC;-5U-t62#2G#eA6bCkD|H+Glbvvk64&q@==}b%4)X$lQhhD%^S4u;t}hhr%auu=V;#8q50zL zRt|DLnl&y>zcam%u+WBmP)*PdH;ZieOnOd|dY^-YlzutrxJe(4IWylikUXq2Yd3Zh z>7#P-q8r@QH-hvjw-Ok(J`BjH&9y;`Z;|WJe;rhp*NF2`e!nSvp9p@-Q3eR+eIB3u zxVs+*`k4grzn@Rd*S)`AV*;$7pL&ctf>`wVHrJ*JMaO(8PfIdxRLKsBg&dGVd40&aOrA%gLVD%RQ135vsH3N99SYKz}c&N~`J*{uhvXwz| zQaSmaTREV;Zl5i6{Yx{&#qcvOYvGY2pltljtq?W%k%f4iLTzI?Ii6 zmNpb#YTPbDfQel{Ae=~MTTq`J%8+-(lLME{b6Tv?fCTg?Ve1sm%iH|f%Zd5EqK+_s zcQRQH+diAwc=yuO@&vb46)yV*3=H&8NRL@2*-6tR!>_WY?_Y<`MiJX3s26oGwh5c{ zQ7`I>@?dgFqtD)5k!S{No?_|$V@M-IeH$*+S(47AfY!-KcFc1xc}##{pGk57X~MEL zpe#E+&L*U2*LeTbq{jGM#^D@`|A>#GnoyoVA;C*4_bU(gAb2HkcOHj3#I0O}8MGL? z_8g{eur}y_*|fg8ebRk=YhDY$FObb@hh0VZa7US%A7JNMlmGQEBK@)8W4q#eZTj{A zh)?}7zk#FXYjy6zeiZ885JjUhPfR=bfrDZ zp>4XFm*Wd%RLxI`FjLWcPUQ&yxJYL`!bMnsvXu_jjfq%)1Uapf9QPy;O@Ur_%PN{xP)vj9!2}Ww|+HoY3zKy-^*Zrs)D6d zgciFHqfKMlgt1?^*}Aeu1+A@ZFP`O z?X4Qk8NvnHTA`Kc2_BWE?9*Chl;KnB>~uLp=(Z|pA(rh#+UPpgt<9>gvZX&@`MV+) z%kXyF9**zJat_n7OUbZfl5%}J1yUr}a*D9|^ynF^V($k@%3qzxBAdr6Lp$(e->X*% z8WE&}bnzT-@#_LzEwRjF-_gB)ZJ!CR)^E^IZ^dh!wt#m(pn1CSy=L~Gj4mHN#WBO| zJJt@&GVb)iW(@4;Hvli&G|5SBNpXuP*d0@r)+ob)b?XIAtjEJKpchTr^b&$!wy~C> zD?!t5p5lzUa(C~Q%}?&^2+|k)dDm~VOdZK5Topt&hV!M`d2y!wI@?lMW0h9YyE9nx^vHqW zei|eT%Xnoo87g(`MG+8_04p7D!OHKG3C?WM^p}iG@8NqYU7sHNx~K4uG+_{Hz^{yDqz*`{MMb* z*d!rL;(;5CK%7 znPrNf$&s@-HY{be@#-5?6#Wt3GsJ2uY&%cnUtk2TkH=u2l~ znF8eQxb003dZ;kqW$$q}&Qs z%-;v$o-(3A9RY}UQ${;bkCAm!S&@0sHX6wXb*R%8%#u^QN;Yefwp~@WC-a~?0h0iR z!9@q)kVCdJbE5rDQ7RC5vB=5X4kJMSSjz$>OF)3E*}(cckta@ zZr1EO5)J;5Z#NJ`VZ*tT22Q_b`~gov(bW_Epy#l1nS-vk;_olI(ss<}{_mtfqqele zLZ##VN2d_|`39JXv!_$X)AioSL9Ti{cmqIr8~bzS1^BZn@2Ci37NfNQetu-xPM?KW z5C_{%K+Ezy=C^152wPup&6RCn_(tAE{r!Q|pZ#hrGxXK;;Vr3Fc6u)D9iq9l3=^0S zyWD0iO8UiwH;P&K94}zRF<<&6GGH5H?Xq7!4;Zw9Y|fuk;xFDxM1#FHStE8tNTb{-k7}Dq_Vn|DN_v&TFyL#)oN|UUY;Fl zJp59ciqN&S6n;ou?3DoT@9s??jO^p-{$l_t zP8s<2E&X=lc>@@X%?A7%{&+}a$bSZLJg!d6-+u4X#Tny!fSI|iE(R@>I^X%Ynt244ZU8x70Qx<>HmOWF{lHln(ig z??C&X0rgeHF^(w2-~==y{WE9AAr;_gZS8HrBS(uyJ@tf9<7o2EA>m(p5q9Q)e_yFygdvBq5ReZ%Q z(V1suQ(^J9qNtU)%abb$o2*I1Epz3C|Gt`>%KNgZ_)5x)?ZzJi-m$I?Dt9yS6@Uc4 z9rbC7l#`Yhthm*t6J?>>MY71cdh+?7x2M&tZv3x$AzH%9FU!b~15RY{bvKo>>93{u z3sUXFF&@_}rKs>;2l@0Pzy#B1Zd$uQp3RB5X$@>4m4zMZDp$tgXo3TS{+E!w1SKb_ zvzyb`mZnbDBRqLrWkFDaF;q3CXJFfFg4|lMjC@~;D%m|5GB+7`ZlsR-rn9?8G3Y&o z^(Lxb_aPV#&l~$stJ3~f@F^LSjr0oy(0ML3u7mk%fJ%%AT}F-wZi%LTut5vjF%>60 z?+PrVR2Jlf%xJ;lPn=fL-8 zz}Ld}*Wu~UM27vn!TIy@WJHkH;+VJ``n!&u<<*Jw;rIbc)l_rg){mDBn;p_; z_UUMln;Hfh1Aj+8O>Z9V?){pQ=>6^>y%pAt456lTSCq$L%7t}}wm&0T>1!}f36 z`J6f}MTW{&7MIlHDFKy`d!LXs6fqO)0g-+;4WMd%y zA>9LU5xF}7zj_co_4j9OKbkpV*d6p!0=-LDlb40OTO+sA#&r*N%hk8oG_gT zeN8NSxf ze$R*?3u-ox4sK(gy35Ae>8LF!az+RSI^-SFrhNy!-u3r7{)D{ z<~qfy`#RZHuWWE{Nh&RWmKnPd|M}+7HqMhbb}MP+Zwg}z%iBCr0ihxAOjQ(B$Y(AJ zseF{6)tl;36BVHG0m`vtl^7ICS5v3VS!1qOo^JH{fTsJH(`(EmXwap`(Fs6pySt`_ z)y_AusrJmu(0$i4&$314NsN2ChXrt8tL;ja9Sd8n**{B2a>E)(IrQZA?*7JFV9#Qb zsj%gXW6|uR?<`EQHY^<)51)pLHR_F7SBA>F#w=Icqjhp=t z1(}Wgr5cYEniN|n{F!;HJF6g0PL+8`4ZHl%1`wxk5a>ML@>L1M43iC# z-Tg&sx`=;;Qj4#AZc63i9b#J&uBfJ?(7Fd59E9Di-Dyhcj&-GU3x;@AP+gTP(*(}^ zMyX99`#Objg`bm{G2^Z#>%k|Bs%<%xy&2ozi7otxFQeZDuSKGplHx%mb^W3`SwHM_ z+Vw@}f%YMLPo_+>0W8(&XMsGW+_blG9W_s^qywo_rF8VH?{_-*8{vX54q|fsr{u)YGy>- z;@iya@oR>~fx{sltx}YHFG&8(BnYB<8f<0~-w^_WXWNKrT@Gn}6MM9(H>tVxD19+- z&%A5gWC|%^T3mC5Bplx3q;(xSpMQ-eqCr8_*{tvNddWc4isu2_i70UwO@fPJJE>{q~NDA`LpF z56!*a@^^UtVV0BnZI14Vy%6$-gf@o!;%-~->+=pRDMH?Yo_C$k;v9;Z=LccCfa`NB z$kV^g?O3kbVBTz69r%xJaNRX0@uYsWVb|VxJw-hNz_7(V0s%7TMh31c0;ym3T&k;|OQ<0YL9j&C1<1oM&QM3^oZj#AJNa*=P0tDqK>-T8cIzTHLy6*U#5V z9BaMEAm<;bKo(S@-b9Au9zp8)m1&jH&kAB<)lje z=xeUMb&t`$91la7xs-fD1l?lI87(X0IbOiy&n?{%HLDm@K0$>lx{nPRrK)EnUVv)P zEnNt?YT_wgfO^h#EBy)^d2qHsscIHR4@WHVX}`0)WsQ~;C=+7xvHArY>_V-YNQIZTuh1wSt03Oq?=`5` zy_?-zQJ34l<5KW)Q^p`&+W$h480$Pm075m>rP8Rv7P<#2mKQ7M} z7AlrLZytXBeh(1b4+#EdKMV+n{k$3c7cC8vF!Swx^}%l3CwH3%>FzS@@evto%gMXR z&#mQI@NoazV;zTOEF#t^FZC@j^`|Y=UW&k>*sM1^^q#n=SKvcb2y!_hp86K?*hn;rP6nF)Q?f#=OH{3smQo=?~Nr&U~q^f}PtpKR^cakbQQi zWigUaYX3b!+oJM&ukhE}YL>mrFA;-#x?e+my^0Aq;dINMiKMF3U}*aKiDG^>2pqlU zsNq1DDx-fI3vsq><+*`giKo7Dz!_pxSzjPuiPyZ653}$nPL>2nf6+2oOZnu z6xd}&yA3%kNd(Nc+aUyf9q$gA*u|*X#r}F)=yih}3zfMrww|mJpS+18Ti^Rv7~e4l zcO4m|mS}eN`fCV7H(e1ZMR3qJ8%!z;@ePT^*cqn7Lv#4#gfHak$Bhr zdv@jI#K2$cF{4q?w$DEYJ;nlBG8Ybw6q*SssGSkaDtYz+U=2yb^m!eckv5uX2PQaL}Em6ZJaf$C=E?QO(C8R<1LPq^W6^Hs#gH<)m-X z7Ojfsq0|#mKo>ag(}#2>WVFL$bKpl^bZQ|8&hznjBPqb@3dU`JyvDA(Bs5RD>aGh- zF(fn~D$y3ge_n=`K_X2imtXD1CMH&Hk(C93zl_{iVK+knZ}4$NQDFES7^4uo2YO9E z&%M%hFag_688e4ZIpRqge+>2s`z=o!Y(vrbcTukbY2{!mzqYzIvoeZLFL9A`}+)^wU02dz25ZDpQsL^F+GO{nhnr~XT%05dM9|fj7f63 zFAut@P>bivY(93M-+%bHK06p0Cx6B)l}q@Jo-G7utp#qS=6O1k&@D>aIFXe7#GjJ% za~bQ@hk20f`%PRxHu`OzMa68s{N!7zZs)RF`&hT3i@(F8(s?tkuqTP+fG_jcktd7< zicgH?-#;Y$EZT`{>9;>#c6;PGPhwf$xkgt9$F$4vH4NcNxjz&{>C_ZvQp4q$r^C$X zm-M^#iqpgfortU5Psg7dRnxj}y6{WrOdAZk7KZNrO4F{^iC?Hq@1wCxIcmB_4{BET z6ou{x2Z`4W%To$ht2`_cy9`gYFG5umn+O^|i#lZRx1*Rp3JY^k{hpiG5k3iilyg2G z)RxOTNbMB}9kn2762T7z6}%zcBm0Wcg@s=~GMt5Qq|*4ocDxh=ciigMf|mK#GKtz8 z5fS@}<##mCni}&de)9@=3R3iI(LL-YDofuaSfJ2`=|pAHE!pdjHfWp;G>Q$>o3(K6 z?W}Ak%WlJf^N|@*Ytgk!Mb^q?(v{X90|BMukgU3+%&FWai=Iz4i&V;anNm|?)zbY) zqcz5njMVgG3hdV<>d9~B*m?1;FOc+A1Gr}clIY;cw!v8TS2m1X$rgJ&Ek13^t{cTAZnr zNz^*A$`vzdc0AT8`Pql?l^;$VKd2SSOs^hRen3xGATSfv42=r~ZH5O! z!8_C_#a7*OlbuJaT5xa)m&*ZYwz@VwN#v#d7^NCuWc+vpljkgwW2lkeIw6_*gusdq z0I8<4oFwtVqj}*t5Xiot16VE`*2L*|u1tqief6Q)wlVToTdXG?`_yaVxZjYdc1ikX zkd+fgL_dC9h2V5e^p-BhN*@_gK@zdv36}13 zo`3cEk9sM|M1pxMiScTpGZL-;LDb3`$xLD=5Ngrjpq##>^G)!2Vj-sT4~jovdZX}7 z>OWk%b!={F?5>^tGd#^iw>FXC1w_O6K;!~$nt>Oq}_dM!4Y80XIyv^36Hv>_;r!)TcIAz(lfP!QpeuxfhL-0Q%i zgh@c{krvsPo2E_@u{l{qr! zFQ5|Q?>1y6FG}hLwA=S%00E*kZ*i);&lZ6!u0M|^CplJ3``Wr1PNf0`cXRCMfSUM| zM}JNUVUQq>MIB$fcB}=!1{pkFA6#M}^HaKE>_?&PF8nx<5b#lmZq;Dhqm#ml#jcozZ1aqwFGz!DW|-c!dFZ=i$~EF!JfE&SE_{{+Yf&)%o( zR&p^MjgjkIA>z~MYu1uLT(RVqLfX&!nggk6bmY_pq)!$)EG05kb7~bb_&{2c(yeZk zv~JUREn9zlydO?)MEUEdY0zF78z$0P{LlYSgdC5SB%Ll?=gzxp!ah%F`AMfqqE3r; zEt3l3ujKL!yLO13k`|@nm-Syalec~Bg;RT~IH0=iOAKBuRZ3E+VznzG`yG||bRq&& z@KXHc|5&{7&@N@!H-J%@=_+y3>$~9pcY18sEgAj_ay+$a)QTtiV6QrMQ|G#n?fiPY zAK>$+D9hh&v>Li^A+O`wh&08It&D-<963*%F5PiU87S6WUuFvWuK5L>wVe|286K{U4 zBsmxBdFq@tuP;BQU%&0M!T5=C`4vd}NPph%=0}IPU+yU>-$mqKC;nn9-?rwjPG&Rz zPip*ZY&Cy%qIrDX5|~{pA@9>4B_j#JE%7B&(;|XD7mdfK*S6dlK!Oz!>?Pk5@x;RK z!B9&WC}%T$F=0@8ppcS5e76n{l8nznThPRg)!h#8tua&IYC02rQGF8kGu*zTdrZkS^>Mir*!aRJi)(j%1A`n=`*TD1Ki#QG={Pi83>Oi>EK9|lUN`$7CBo@P3-9%94 zA_1Nd#$llfDx?J`wszr>gk*N7u6b~vvD5N7IlfgTmQ&pyk&@AE7l?dn@nllN3A7Fx zI70wp84f1`*v&?lF;%1qf$lqc12G(4WaI;tbUZp7E&(1fgQ4Kmit+{t7m<=MhYJqS z(%+BBMxIx!sw6HwqqYha#-$yr+M9LFtdNz{5M|Wtq81t`KCD?#K^;hnOqHM1+42VU zU;oEt6Ph=Mx<~(2<4cPHaNwC-k|TZU{Zx2cvKbv#LICd)$ccX$!y| zoF7Prk4349+WhUQ(z7fy^+SPiI$EfKt0|srIs9$+H2uo0-T(SS_E~Q}5MuRYID9+J z*qnd;6GL&T2xW33MC^-Z#7i!`tF7_hl#-06J?mXvmKlW{^H^#>Rl=MT1Hv!bqE$i; z&Hh3z(HkiSPhFtg>%7jo#mBqUSotIkkz2^O$fyVkf>Pl~O*u`f-Z zcny(IxgV}+u?rXjXhtDj{m|cKsUP|~9ljFu3HKlR3zx00T87et6H)p^u&`qDTglPV zFAu4G-gg4B>B6;=i|ZSCHi7^rQU40Dsp*;N?EpQYfe<)CyNJHATUCi$nL-w78;u)B z?H*tqUSlGIt+r2BzPxVzLw_}2f9S7Ozz_X3r(oz)B>K+D-Y!FIitZR2)7>yEhW zG>^r;iMIsD?q_9R4&HgEX}xM}fHtHf_%HlBE)~f^d>+vQALTh}#F!|Bgn4s#`F^|Y z$@oFseHpjbj7S5U{rCB|-WsZwnc!t=-<;C(kl-5Xo+%+*3XY8Q|758HJ?Bw!V*1S= z$~o{H&CIszdOlbCtaN2aJqbMov0LMM5RARr)B68TcmfM}_M4tW`8W~XGVih-^}I9p zgTE|qgdaL`Dx8BUdQU%R4Bv_s*GP7Lt5GYpJH%6JZ6w2J|zla za%K46K-GvK)|BEOA#YMexQ~%?^IbKXjvI_HbG%!T`7o;QuDsIfe!OmSnv~LHP4p%L zV5^M4u(akEg346V76+K^Mx#dASIC3pfVj$3)C0S{uK9S-Q;%V3#wepnPruiy!-Dp{jR_}a=mXYf^%9Yt6U$^S{ng5WNt~LQ4 zb)hX5ecHb3bq`$N$otp{SX{-qq!fcnRcNTrqJ=DH8w4{C8oeJo%XK0rNdrrHifpWp zQa5R;hkPV31ICP0?IL}SrNM4Tb8<~wwu-t}$NtIO#uZ2XUF~H*`rOr|kr)Ks0>ZQP zT@SUS{s8U&!&9FgrXRPRt7uD4*(mcV*C<9E4tb_`*Lmb{_4tk}?+A~*zeN_a%N%bG z)K8aH+a7otwB@t)Asry+QK`jah}IWuc3JF~{tKv*lcE1NP|XpEa{Ir4DxaD?*-I*> zBCO_(DJ%jORsw!ZIle>%B=-B|KXpPSQX<$OWYRt!3WP3fB^cHvk zgpOh7M^CTZaQ$@SGU^NB7j!cp%&);_4KuwR`xBRQRf`lKDm{D?`6}dC1Dt~Eps|7T zw8woV3Sy>#bxztiBZl z=r<*A=gV)Mf8T3R-=A=ja&|XqI^BZUJ4lqyC;WUrje6U1{r3it@>BTIjZ~iIcsSuK zS!*|S_T^w$^{$=x#C-|N`ODbp-+f@|A9R#)SpIn<`f9xo3xIeTzrMf+w3Vu1~8haT#MjW7)of7gtI~u+dB~mBno{F0hUS?Z#@33OAI#c;NZ{ z{IDwlLL?QuRo8BcN{CVu^-)%>Sm`Z`m-uO)0~`1!#ZJk_zNKm%QmK2;P#QdfnxwhK z|A>8lWD+s0GTcc=Lgg&nO--KNXzR~mt&8noe;b2T{FjIWA^o0XnYu{uw9J5Sd3R9L zGt2V6xS_|%+7Mz*HtMe&#aq-gOROkscK)M%m~|A~0N@f1hWpA~Sr8_n`uIJXBrOtt zzL88*re|)X@U~{AiqgM$vF==l*f!mG0jJlZJM%}0fdjUCK>C!qjz!kXoG zv`|!ZgZ+ot$B?-x0^+)+C%vP!?1 z^F)v5VGgD@OVTKf1oDLiSt&OeW|Y%AV}S)WF@EQU2J;pm;~>a1^9};zAA2pNX{Ztg zW(&cL9p~=OXs&@*cQkIrvHHGYj?m%)QE@tM)xH$WzEYXvrMxSX&L&%=r}pbU!k}*- z>qXFa;ED5SV>ue3tp;I$Zj1vBsaRE%VMYpvMa>vclSQL=VrKm|p-3NBw;vZ&&Z`h4 zS^h%r0E2o%n!Pf=67G~vd!&~&T&i6~$p&u6#~0tGOd~KKxYZ3_Uon^F$gZ;HKDJo0 zQ?5HTUjLv?z{-$J_^-D}JD99T86|)k$*0HV$)1jb+J=<)$?Ip^xA*DBh*Z zIYf&H&E@s*emaWnxr5t#6ZBBxA?N^0pYkeHhWyT2QnLA~%FMTm<(z}Us|q?t0JcgA zN;p2PV-)D1=#5&u5yUj{aN5ZqRK;S54xiun?PT#~EF9{gT`#QxF<9@?VU_9RX&^9S zElmtllsT?KrVrUCBCP4ybLh*X?GSL-?YhrIp1b_5D%sefJZW-PnBpH@gww=l{AlJLNSmW7cxuMVGozRsxci zV6@jrb7M2VBkE&{#M1$j=GW$WT(0EQ=%)u#RKmuIFB2h0FNd^ZVS7PU&W5|rL+TL- z8M6(njSb3UfTdw+bkV5|SZ;fXI0s(8ay`+qWp;&R-9R`i5q+=RZhdjN$7BO`-+Toe z58#7HMF7nc2f9KL8T71tus{(Nra?QxvieJs`mdZ&P^u!$5r?==5aF{(Ns?}mgarC@ zkJJH^gLTSGGaxd;*Q3Tc-~b}Yx-t4#bm|jzXUvMpy`}S1LLE6AU1AzF4w=1slyth$ z0#-1BRtQ2gVup2kb7f=JTS#y)5R0gKKh1s;!WG8O@cv(oL%5Pdf@WA^?YV2r(pLf&yc{?*HxDXcFONL@`J|2=u00rIq)1C( z`V9R|mFhO*ogT3JCpeva`u0GOFu1evKDR>0`I>y6fJ-y3Mn*16m?d09aun0~IW6Rs zB(U)ANr^^_vE8B3N-YcdFgTEYJ>*n{dsL1KikKrD5$7)6xtB+qD$KBd-V{zt3V*Rh ze`Vx_dN}IrGgA%!XW{Q#%qQbVii6tRmRk5GJJ~=Q*e?6IFW;Ugtv%k6#)2C7KD$K# zxsg|#453Eib~Je-%W&+lDB-Nd~m+W$q0c<(R=G7tGZIHYZ(Sc?(mIX+5 zqSxjqR^f%s2S9U-KD4(1ybC-L$TeiX%M+CRe52Ab?^jP>!>Gudb;lF*r0Z|-sZt%9 zrHrChs4*Fx<4t9YFPc*q2Fl#H!b}I*x-qfr7)7}*-P&sD4gg5bTw^PYP%eua{2$@y z%;&&3RS0U6F#x(w(1swSFabd2w@dP1jagXM7RolLp?8;S~f_;nn;Hd#uCLufk&eDM_<&c9DVbXR0Z?}N(WJvTq9!7 z(@T@YNJ{oe<9Z}c9xu%jwN($|^kvPDgm@qAbY#+DL{xN#bN zanq4dM(5UYQ70Evb#kn?>O)KRk!oUt55;r@_G6hl{FxI*D5{0Is1;369*<$ zRp)n!^f>`x4cG;+e)%@4d&Y@Imj_jjw&*QQwfr>QCjFoE`OFGl&`S>Wtqx*!ZD}C( zSaFq$0KW^EshZ^waEAPk>z3gKupyuyRl)ia%xbOZ05Z@o3X1@mED`q|8;vjYG2~$R zdOg0b!HDy=j#EBF2ET%(1={s5d4z}Q?v86#$JCGN?MYdwa_T=6T#oBEIB%YSsUs$! zVAs#j>#eTZmPt^QP6Br~O?r!>Z9nO9F!L0Zm6pwF!q#J#lajga^N#wSRy{y>eTP8W zoT8Sr9#Yrn**KJ_y|nTTXoiQT485)mhlx>6*8-U&IgLHFDu;Wu3J-;;7ddP3Zx^>i z1wQ`JxC`I8t!mf3lxw{CB+m9sJPrTV@YSBXL5w`tBcH2k*8?{@i0g?RZP$ggina$@ zhwbfOc(v>|`|aZJA;?)%V=l?2PJYVvjd)RTXV?r9MoCxV?AIe%+^+wlp zUYN~-{Rq{q5l-M{zPgj$EqQr5kbiyEJq$1(JnJ({iI$o(;Y2U?D4nwVdowUqr;v3L zy>C;^fZJA#jiAr5_4>c***^8Z!zl|!%}@8mjRVFg<5^p73%ZFE_|`e?5r!Wn45La?4+D#ay2q%;gQJ1f?dDKthGL( zM{Qr=o3tI|Ez~bsZ|mFG8QM+6=`mKT#>%wp?7-E;Yx1Y*6IGYk$`OV&OA28Y%@9&_ zR->eL_oO62+ThYeSz-OWp@~{m2e0Ihc;Pj&jLL<>jj-m;)EkSqrj{;?9#uUJbcsr_ z<>bsY;CQQnsFiFf>q&gsGewe%T%mcR=OU8ES7vF`FL`Apb27tu#VR-w8rDTz)Cr*_ zCuX8ybnlpP6D&Xp$~oRk+IKUSN>+rKF|U021C1tc>%k%RiutR@ds@KNG@)noOa{&k z4<5Z(_VzJsn`e?rAqr|x>a2+o24}sDy4Qq;4Xm=RD0w@qRQgKkzR)=;qP?uVNOBOJ zj>vQ>N*+xnG0QHaj2}dmdKGyzl15XOzD+R5;FtYdHC zJBnw#_ki@sFpt2@uZY8iXzVl&Z042tsV)gtVhNguNyeJNOw-2>FD0>%4kJWq6y?L4 zVx&A#&Y~NH_T}p{1_lD3C^(zwgCCX~+BR!sU~%kFm7OvSvc{U(q@x?B+O=ekq~;Ny z;8&huh$xH}SLD8f_Scw-3go<&?iJ)%8ALu59QcYAkiS&bm{1t;9p}YSC-59BZ^}v*^AqAhV9(|<- zX2=fAYa9wvEa8j*t0N8G7|bdB<`&8VOh@uTw$F*4v`MzdcFu9fXdBc^MLmH&!R^Wv z(v_lVa14dj=D))`M(w>b)ubb$9BA5`(v%1`hmmY3GQ23!30675$c<CxR(_T-6aW{N_B(yU|?OzET( z6Mr|FRhH=Jc(A`YgyQ!it^|&`T}GAjJQakB zx~rW8c@Bq=K&-1AJlzw{D20?#we2=m#3mpmSge34sbFG0)=`T4nN=e>%-X^fM8#H> z46kyE2;n^?30|5|ww!uUDDQ#y1ndRjHpk6K1Ta$7FIV{>U}KymphI>$xVr#|!|DXR z3xkJAe`V37rRPY?l2w6_1T=Bf6+;Sk`gj=&<#wW8RgLva%ZgW>hJ~23lirmx z=@;|{O9`}y#7(^MR7}&AM`li-)VUl=Kze%Lih6*de4vpo5rBG9@%BoWL4B`or?nA1 zui)Ijn1brJ3hgli9}TcJ*Nw!_uk>yZ=e*N^k?F*O=*m+Uz)(sQb#BVq<%9}{ zdmgzJB$t)b>=P5}ibC8U*JYO0kzcI~Glhb{sKegEk(pEA7L9vnZ7;jW^%ek#f6+k_ z8WRtwE!0VLG*#QB-O&7TI$Dym#kUd#aWN%n7frphepwY!8A-G+EQW@TqNxy4$s%rj zGX{u=(=xV6SF4wKqJ;ms*+C9;D1(Q!AYX@NeemAJ6LZl0gEy*$8Gg&|B(tTrfd^tp zgR`x#qUmght>^lc?Wt6Ebd$E^_BdUGveaI6qfr2k)4fH~Kf-gM)b8kD6E9swS3(48 zx7@6+(@;xtdc2y{-XaL&C| z4)QN?La_lSXWL4y_9@bAmIr?tiDI^1CB|~E2(`EF$gOQLqfL{swrHFaJkA+@XS_s` zTG|s^YfVb6Z{svv-WVBkt~B+bx1ZEy%Y3*@3;#4UE~~kbcD@x0>N&4K@DN3od{#SC z^lt_5=Lm1v5{)JLe(_Va^Bt;DkqQbx_3sey7IIN&Xi^z@;#3HHCWJ^MLz;pixTi@87NfWM{Ol;e>GqE|b zZQGgHwrv{|+qP}n=5zAyeLkEI=MVJiUR|r|u8Wh4dAOA!>GrDj8XpQffkXRQYlv%= zbYs=u<81sUDh@>k$h2lM*VdA@0fL!wsma5KRKMa7FGCpOK~&wkR{iTZNEE-bp2~kF)-W%N4dR!x*j03n)*%r7A&@k8xrv$7)dj#}9EPGaUc2OL1N0t^2ZrQVp(Y3fM7=19CJzy$cH;XJq~mGM z*1C;!K@UEUBAyh+)m3xj3mZ^!Do@jez)o`v)#Lb_!UHbrq)!VgrI=*eS$n;AxRHU$ zcV19QF^LjK#aXoT);DDl*-7SH*mjl*$R%Z41G?>BCv4(QQMYA}_y4Kz4Ox6K?}*j$ zZIurm%uvae>sY+eRRQukTlTD6@<~KjLo2ZIiCgm2ov#D1lu$%w0hB;2hmYGqB0*P( z)4~RmvrFnYb#9%$sret|M; zlY}*U{T@Yd2M%FiGNRloiG+E}PZ^~w`4|7--}2V9{lMdMMXbT~;6zibE_p4O#=Ild z?{`U=TquNw*f2tN4{C}cmDbKTyR>s-bjxSd03aC-n7miz_kY2{yU_>QK9`TAK19*$ zwu+Kkl@+~9Wg_EC>Hg3RcXiNt z&riYlKvAo}CB`uK$yqu7>K0$jD17kdbRDYfRh)FQ#UnWLb9(#uz@Zd!1!n=?4I-G` zSk5sj0lq#Y9DH6oG-55$r9_@T!tfj5YJ$)k&nk+0*R{8S7v6RJFU}#X?hGA*?i-yc z7LjK04JygzGd5q{#@p@}-`Dr>7^kO5pbD>CZ{43>Ywr4_C$FSPc0y@R5{Yn-gdH0v zV0m{3I?E|KB9%%UNeoQ*_+3VxQ3!FRPqszL>l zcVvhaIG9!pMs&KMF0MIvpZ_X2_Zp$V_!YuSh!+*79+M(7IU2x1`ddc}9qH>1Y>CuH z?2|`n<9!khq?s{U7FVo1O$=lu3OO;atXUuxmz_CJPq#w5izkSHeb?CDg*mUH9Ee=v z>&G(DmxJ!Vo8^1)FRQgM7J{*C(%^bm~MzjPN;SZRY8f_JyX%E#j$bWAVjIgBja|l!B z4Mu%%IQj(!`1Su%705C0>E%3A8WeSz*22A=vmY@Kr@gIrI{dOb{rVUvc^#Skm^gag z3%yC^S9=>&LI|NqY#thg7Q8dA5A9@0gz#v*Cl98X7+rTAqw;92fT|Y0OO(i*o)mc~ zocFD>!unfWZ>|^C0vjX&Jdx-4WQ92+C@9nhYng-NW8lB3S0UdhvL_DeD42|LOmiqq z9#*RM6O86uqgx9DlyRW}$_6ErM{od?Ox4DSk+|{(8wm8q(H$d11duzsf|&n68S%j_ z@;(*bjX9(es*H)sWX}OlyY-6)6;1S)yjRH6~Edb)APka(#2m8#j=m57#Q?uqjEg17{a}XPNg&D zw{D7X!>D@P@S3s{Zw3gI-2&~J%-!Tr(5y~(@5g=E&KtPxm)^Izj@*{u6bY}qdC0Hy zIR#sf3QT-PJh;^)N>OZ&ZNgqYtXB?GJ|GaU!1+wXE%+e89PyDWsGadsZbzARW+0dB4jEzc;V~>#DQE@AA>$Ni6VwQn=bChbv2l~Bp#`b5Uq-@=Y{*2I zEPebv;*NOUQRz;Yl7dlQl4ObJ>dJqm*=bYhOMO=@bIjc z`$Hu>IDVHau3fs}!yGxEl?fafski!%e`Gus%;IAOO;-z<^jHtVL2Rs$*)vEwEg0yH zF7|^ucn>$n7)mzeSF_-QyZuYU%u8mYx;o!50fZ_^UikJ5Z0` z`gU01Rt^g!_P9TNHx(4yXqtw4$FmM`U?Pj6D)PRL z`%6#4XXj7Epad^I+?ZpXl!bsN?uLFlL|E!d6rVqSK2B|-Tfm7#wrFps_DHNS==uTC zJulRD=cdw3US_R6sQOS*wjNTkMGq!%ur7yAb#({kREf(7^eh~EU60yrc#wp4UxoEe zz!8034*=e0gfBDhqKKrX-9&b*Wfz=llp_y>8Yb`zCF~=8NK>#xwQ1ltg?fMX2n^v;)aSBa+NA9<>|Np|<)e_FDP6sxw)4cetJbI&P& zG#;0_OZj-xCEV*{oQi~+M;I$cp_YlT1e?_u!3*QpO|o%0p2EFganQ8pMaRBNoOuh; z)Y^=+CX${RPuGa~{lB=pfojOF)+rc`MyYm&n!lBjo^@2jD4tlqDbc&U23WbxI?fQY z@-wx0$)0bKcKXd|)|rN@9w1G=V8w}Bm@md-L&v29Xv5FPUz$W;L5wXpmMp@Xk)Pqo zEW#ET4~}Ku>1n+8wd%`133gwwrsXek1~~*Uqz8f*h-=@i77opS&#pP-X5rvYmHf%{ z5d#ARw+4j7t)cqU8U_R;<)La2q0R7rgT4_6Vm^54jSDRlUTBEKd1MC*egz~2e7g8TzJ5P?oxV}3Z0zAE_B5`S3yOhJxkb%a&A_CCmX_5tqO2?T zk@FGDsIcdB&CAnSjVCT)&4CciWi^pj@d?EK%|$v0G3XL;YJlri5l$2)v@F*sh&AsX zgzge~Aj2r@4q2*><(p2Xoe^iPRnIY$kFG3ymYRGl!H&~d_uGrrrEE%R8mJaBO2) z;DbKZImI%75d13Bs+g}F$xj>hC$R`ZfWzb^L)V>dEj5*2+ixaAiH7^vz7WlcFrPA^ zhfWsL^|V8nN5&)*_IU@;5POMF(#yx?>C@TJ+uU6_6Vqk%`3S0(mqS{xOz;==$8aIj zNw@D?*ZjKw0lOJSPiOn*+g8WJL}6lLOS2DdKu%+&%PPq}xZdB;t3({YZRpotnc7P3 zLE*td%gtpr)*l@M5pX`-G%ry}+S>9_$;$;@D)d>_Vz4*TbD3o2Q${xwaVHrqoh4cK z8#UH}(pnX(1XZQE8aTK%{{3zfWI;7-6(*)m^$sj52W0}e(plEOPXc!KKb}TrrWd0b z;qJE$f?^g5)z$(9G4fC9+?c?@cSjF&xrDA+>&H z=|_*Z(&8r!KZ3M(Aq{*+e>ZN?BG?NyQKhVD1VKCBS1#7v`!D0+Zs{ik1r9ijT8TAX zz2m8cuP=r^V5E8sH9xK%@Z}x=oU6;T`0&Th_N~UtcT0+Lez?hawo{hWhO`70aX}{` z-Mw)c-_@-QYb%ycKI}LIe#4mi%Vxu+(@cULgN?30bM5SJ+4vD36CG%WEdEGR3pW%o z^QZvfUgdopARgfRFGOQZQmXd+6%G+EOsHhX5Wxs0kXNH_)RX#@1)fCB?7`o%3XG8; zm}bl&QkQdIJ;o-Wa-(m1W|UORu54BFILpk>sofb852eaL=~O(MwkCw(*ak#Zl9 z-w(B(#WGCCJ`qgoWufvHHN1v>3dPN;mo`A+1>9`U>&5PKR;T5u8Sr#ee)CBc&6y7J zeEcz4wz^l^L$r9Kw?njJn)ZPu5m_y4xxB6V$b16y0lkfYwY8g9 zfaZKen!5*>w+A3=m-UmKVH7VCW+S?VLkN%E_i>X4!Q$m?Vb}B4Lktv}LJ-P00wTlz zPLdDWqBJSb85`MjAIdgN#0UK*+3T17r_OLz|6x-!U7@C03=0!{!`Nj6Z!<<5$~nKV zkZBmK59al!iLX?*f(HZ$CQgzrRj!*HdbKo;M*PqoB5G#e zG7VogPE!VQZXGXX z%jviFpuC@gCTe3QPR$5lxKH247Jk-Oz;vJe;vL{`(bGMk=izH195_}FwigLGHb0?x z`7!|R46#3`SEZ^=V2~mdC#URPs3BcTf@G)nX(9VN@&wM{r?>}XB{ZC%ZTMCD{g`Ch zdw!Q9e<2tWOMC@f`xGy}e!KpwTmZ~{_ca)Z16JZu9};A)DMEWoc+Lf-9d|nU1wt4& zfPS62cl8U(jx~~<3-q*93BPJ|>eHimhcr%S=g%m4vERT9WGT%-vk15+gy!`O!&W9v z65Bhv%+(%AMKTo;lIzjk>>05P0=1h%pOoA0Gi&2d3VBb_Nk6&D|KawnV z?ypJnDa(ZmF;LzYXGzF^9OA5{0yHRRrzj|K)a9w&8^qjTN)of^WehpohT=~9gSp>1 zI752e#LN_*K|px_#FZ`WTP8Q;wT zb=gdSZZ;5zVL;s|-xK%!i62Y%2l3)4v^*M+Hby43bf6AL@d~>ir0j{p% z;D8-0c=4?-JGwEBq5iPWRnXd3e0kn2nukNA=aSbD9OuJxcaqBegln{<4f>$Nso$fB z9(GkKoiHHM-<--$x#EX&+8zbiZ5DxW{hs18-Gn z#}1s%Yacra;Cni6y1438)jo<{9ul}c(si~>&003MWHVb#L0UEkBdrhZ&@g)?hbm9F zBg20D=k+O{bKH72ic7N7gETLX&2R3h?Mf#@V~k0a>`=2^95kCn>hMa~2mI&X*~zl$ zrDiv>J2^ex4h|k~=Rv%~>h)8(up$IGpfrI_p>mssU ziP{&N!mwg+bh}+Zn;m(I$6aJ-Pbx$SZ1QInXvBnceSw`nCDopJ2>A6u=Zo4_-31qB zK*klRb6OtSB}5;4n8l+7s0R`B`&Br2IcCnL`@$CVo_ePcIHqTU)VN-4xI4MH6E?~v zWFTa#`C&&NF)ve)Cz5y>OrhOGLHN*4(4vQx+&@{5$E{_tz1&uxzyQ~DgiJ$8mMwxM zI%r|jojoW@0|vD~msqCWhGN}B1US)9%@Ar7KjkyASO(SUNjD=fxpF1Dr_$N_$Wf|8 zTFbS>TkqJ@!fa<#YMIw!Bi`oxv`XZfq^%P`d;K=0l=wAbJNE7A+S;+v1*jtVE5|_N z?xE33XQI=6Tj|;7&N@T%gnt6_X25T`^I*4R)`EQ$bLo+m$cWJ3W>C5v-_nqK8uF{`h?Eb1^h}Cu&G+eMG4QV7F(Zf?%JqgPsYynGh zyPuU$OL8h#^iyU1{U2$H5%BBzdr%B@*oe``(`V8vX>A5d$eD+BoZczr*e{y)8}HA3 z{w#Sw-0LfNvFJ~H@zToKirNJ2+v}z7n`*4A4R?yyhm_BH^iW0D2i^DAe7GLmFB2QV z)~6Te5l@vrO@AyS?sim7z)cOm$zzgU$rPFMa)T7(J-2CGb}CZ4?jK6!-UN$6d)%eF zSa1n7Wl&7QMfsKu$QC0$bsA!=Y6M;1m1vRZe7Vw9DiXyeHE`Cy$@U!}zYD0`k2h|pA>vJAr7e_Ao z(O2WP$Mn6&^L8>1P-xasc>QHYXMyzILv7v0eD})r_lb@84QOs%@$hIR*wU>Ttaq(> zEq8@6N)=(zG*gR4e?wT1r@^&Vm=7hf&GL}t!+FKuK!r|T%IjBMK^?(VK!K~XpT(&e zWzRSM0f(@wwHjLGZ|q+fQ5n>`zsPW;N60oK&ynV9$CCv64IpzKLe5znZGtj#_YlLR zCD%q`ed722fS$|C7T+J_JI*(%EmcUKuAe}t_)2w|px?r=Dh~EzD)nlE!_L|`ETseJ_Gz59L;@E{2D-Ba6bFoV4ca_ zV4om*{u>gfazSz8eqoWxCr?X~)SCb|;aY=w;uIn_d#$NoZiBF5vYJ=tipwOVK6TRj zGe*>NFAwW(k#D(QJCHgx{A`CG=-&{1carOF(g6=@3Am?#d361!N8d*FO<&V>Up$_R zLqJnes6L=LB3iHIUJWCTAP;U;2#K3Opi}k(lpk7{v0);cDlKjLgBgs4;zvhT)%iy+ zmov>K%8Cin$V4=jB&mWdsydN9&Wx?nU*i6Ap|s*a2iozZF43BXDAuhl>=1s&DlITU zXBLdFf@?iaE{G6m=EoD7hY%5^!)SdA+Sw*(fk}v85bJk=DyPxNi3{du%=pcI8R&|s zO%z9rU&kBOSH|xF&c=f9Mxc=4pS?F-!@l_<=DX&286Y!>AdkHFmSk&U)ET+FfFbxt zFDz{=gDs7omUDZ_bn@fc$k=CDoaTE` z0%{~f4)H-Frno3K8)I?E9hJ`5F_h&Tgu*3Ws04M((B4cRirA@cN zn3WEhPERd8$6Tl=jvnw-Pi)DJ>*T~k;D@;f)b(ryw~bry-JIi-R;R^LciqS?INgBm zQMq2&N>xR$C+3Wzm-!IPMSmr_#truLQiU&^S5?(lFI2=BX(xSBLQ2h1I?w*cP_R`z z{IQA-F2M%9<CG1OP`3@U5jh~%1R^yAC5Z8`79>*vs~;P^z0nn09xxH|Hi%#^v#C>TkdR^ zw>!%TmVq?NYx~RH=sr+@9=kiRx(DD(FQ8O8_(xw0gkCW~k3#r&tP2;Qr>O|y0PsSW za0?*-F@8dTf=rGd@#UN&FLcwV5i&wq@`BMA$D}^+wzIS4t=jKkKy84Tt+z z2}^=Mrr9nua6r9JY^*N+28CZUf3U{s0A&V$u88VVx@VErlv%?^lz%E>3 zT0drImQFsa7#12HSKf#zkWGhefIies0f5>NUDhU0ByKL>`~c^2Q7 zIJ@uX&^I=DgQ-<})IQHbe4x&((&Wn1D!`Q{%w%SU&c0|_5+us?<6rY$Fdu&eoGuDJ2B zLmUeX_tKM{ogWUU?_s}uLSLEefb2N5?RH#) z6-ix4*}MUWDeYx$03RO^CEu=q-MoXJdnL@duU0=Woj=IR-2+75447j!aPKhVl4P%a zR(w1h2m*a*PU5aTj6kmnNUufLtsfZB^yN$x%M>$y77n)d7c?(AWu)k-uNG=6`Fl@` z-9F$lS`6=dMsxoC6yV5VkB8%iX|2z6*uEV1_vwKC_JVruLUm~|kbIlwkIfl?cvxTN z(bsHc(07M>_3HNLNL3X8s9C`;BfUcio}P8pSdMzT$=1*)iX>Bv_AnRo%Bd zq!nF3L!AZVnj9?~4QBdmf7QaUR36=2JodW^kS3f^VM`3W;1_5Q@vH0WWg@#E04|fw zF4LH!DeDdES(*qIzULpeo0xx?;2$`7JH@^?V`oJ%2?VVf8}}J*ORl%=~wM{RfHjG}Kfn z9+PFDCk{!p+gGtNm=20#mAM41H{w)>n%Ov zG>GV>h4;>uvzshUAYcBSbAlAif#Vfnh9#+Y+sUvGv}JSA^MxYTxLj)K(By?V zQha}I*L+`Lw_<925mdZQ_b=Rs;VGKMra|=iVmU?KpxK+sXCAA>`45f^ANi9maAFWDby1== ztc7>ouJPf6nOrj8R3_*|W57j__2ivozR5}rnn$SRHTqGG7CmN&`UoFRkGs^QiLLh- z_ri2Yd%1KMQBx!9AEZLUplE@N$)nE#2L8Z(y(;?fD&osbgJU^e3)4}X<&LL_77eEr z6+7*hH>?BSLxCq|bFy+YBMRhODt)nTAg2UNAx%_2>%IjcjzLJFjZ zYk+aIRl1<6d6R+0x#u1oT(=_MBqWJfsaY05t=6Xd39t9}LubN}ZvG{rCWuMEfK8C< zBWq{RVcaXS|6+E=j$q=&qgtF_W3En4wJ!LyD^8d525?9bd$w4sA5FWoHK17iJ=>yL zO4in}$D@i1ojT!@?L3Z%+c^YfiTB$Q^_NH2@Jo8HzO3z)nPpwHZ2FAd$zaovuDwSax^@Bh8y&EM9QaT^v3s6X4}`lxjr zGepqH6k5sD^Y-W>8-9R*c^9a?)OsGGrw`TA(vsm8?vi+3w}$X8GHGsQ9m*-7h4WUF zDth7xFzPzyKUe0KxI;BTVKril8k92#pe0qCN$Ir~Vu2IkUcw4q{l~J21&>1^gc3>Z zcbx0zOLR>RR%6dL_BYqk1>A)=C^f5keK#~cB^007s`3bAztLWWH#M4WGbDm5Phg%h zyQd_;h7IDaC#flgKN(S*E&@VJbn38xm26qoa`)djfu!2Sttnksb&bPcZ&~}Gk%vf9 zQAUnorZGj#VJxfK{Y18$2p-!)t)eS1v7CHo>|yJ3AIbdKX$5TN9#C8el^fV56M+FU zu#^HiS+QvRH9tgEpdd6b6TX{EqI*(lm75PL=>D}w#7A8gjL)2I7Hs4Fd0E3K_)>I_ zm}};wVa9fSWGyg3c9to~cKzvKJEjtttLcCre%@Nz$T5gDNe-;`cve1gWm2#@jpkxv z#kEh*1QHU4FAIATVR2eTv)z{%0Pa*AcJeY=u1H2 z!2#;ek;Iur$T0{Nb||SZm4TYvfVp6fpe^_q+O4-y>Z&E3ZeYnfjj~f*YlXi+efKMz^WA47bhtkZq z2wS)u+ws80WIYU8DMQ=v3KR#(9NS}pmd;GZDbs&phw8r^>-{;>fn>Sdl*sIr?m}=( zd!_7q>ymSP57sc04iYYXC?GpAo+AzSk|6=B!FmnVE-hjNR zFck7_u;uZukur2K(_|#t7#;nQSr=DY(+WN*BH~n0w(I9y3$$Sk3tQI5F)eBC-z!8! zzyTAvSTsh$dbLDkvw}rdvk61HBcj>YC=ljAmQ=HIy62+ zxcz`NJ5uXJgOt6muwo%VNraE^wOvySzN4|FJkVA^tIsicySW)$zMic1!wztIdwx7U^rZ)U?_VC?pB^4w zoed3r&0LPX9o=m#BrY_#GQ=pSJ1M7poRdnOc({%~sgBn-OESprd_Vl4sMJSF4qhN* zg!ghD|C|uqD7*WdVslp8T+xPsJqLWd3;pWXe?q_O=FP(!9S{7etS00b$5t<3Jz?zr z$un8G#EZN|n)NJKb;;R&HoNk)gkzS5&y+S>5Sz;`ELRx9M@agv5?n9--AqL8N!lCe zmC|P`Px@5*OR+)^$GLs^rPEWHGjQ(C>}%GE5n}zj!rICpU#?t#{IJa}8eJ6Pyuo*2 znd*Et?NwlfuGuR}dkWMPX%E1f+>U=+9~KsvwIhU4DaBG>Pa8_Gry}4vWwjHb7zG~?t=!GtRt%4QS)TBgMxRRvV z&5n$yJNDb-rF@1-%c6WrqcR_qH;z(>6_Dk)Sw3PzHmHI4R27|+5Nps6_+m(VLz##X zD0h|OKVm&}Ur45dwo8LKaF3{s`w6M`arFO+eODsXM-LAbz@P+XNzE!g-69n=4k+A3 zyrk9};3z6O1{Jl>;itQ)I70bab1(8SQs9A9I9DYD&}I?yOxzcIM6~|`-^0LKKkW`3 zme!*qLJb;r3(!xJNy_-KdDL@?Oo3%~=nPQq8>C+7D7W6#+mhR=@Q=pK8BMRx>Ip?( z&uP~~kX0T@ZbUn>C$bJoQ=tnAxjC22%SpOQ?NCn=Xjjl#-D*B+!D!Te6+fzetqm0v z)hND2oEWn0yKj>W)LRVuYH)qpk$eNTWvRXozJFlL)|5w!^w%CVb0#gvo76k*O#`fD zM8>=UuvRl|KYGaCN;tywLj}au`>gEl18SpuEE}BPgt6~{>`zhb+arEbs&BYAEa-c^ z2zijp8K9lv7Dl+3X+1BTJqUb)-0s@NNdSi6=ZX>vU}uYc9}tzpd$HeBL*eZ>?5l-F zyn^i5>n)0X3hM8P4l42pG;Te92SSTZm&4jkw(bg6*n?HvGf$`s^-EubxXkCZ98z2! zI}SNcfCVaFPZAg^%KC-59gAv+*t{0YuFjJAegHc3NRa;?+Qfb6o_8JRHC4v;v&Uu- zg7^2Z?<&hdPppee?%z*eys>OR?Y)ri3=s*JkI&BM=k|cW>JyavCd9F$aqQYhlLNY(P|D8dd&%eQV51V zwj*}oC07&4TEVn>2BRd3;@_DtuYEm-C-U!3Er{cnSUa4pa>sAmxZrIww=(VOb(iQb zs@*fG(1B83K8)8!JVQf2NPR2iXc3;U^rYoiT3H8a<7~B8E)mmFzz0hgsEDd;XoKGs%7iK5e$;a-}0-7RTi%ZGB z0MnyU0B(=wogsjxl;-nykGuf9>zN$d_aK^FGVqby3u=5-B4kgQ2xZC?HKt}al<6Mr z>RN?e+)Wj)rsSm4>0re=+bUK=Oqp|g*9@ZF4z!&&Z22Gn%g`srfMDuR$UK=0P{t!* z=2`lie-p>$9neG?2v}Ich*CfLqWk+Y;@ecT1=MR=Et)kj~I$3?YwkTU+ z7@D@3odh6M;{DR&dw$5pJ_B5D_tjVcST@)2{yzRJjp%RR_x`%v>V$jKsH(4@>Xhj? z7{k1k4a-C=-d|mGB!?0eP<^c4-Lv?=Xue z>wcADL4QN{r~UX1HuPi6yndJLaTG7|4eb6HpMWz#iR?W+X}DxLJ^j3yUtdA6UM&Q` z8;rC1f!wj4Pj|HRTw(3r{+xJ3j_RZTtbKrZ`hCQ&fZNA7e} z5UrFVLn98>6s+`%rWg97@;bcKVvc~m78Ta)43X62a3u_;DneJVV+51>8ca;a*Gm}g zJ#pVr(~a+9&uf6>SyO2iBx1daEh;^zOGUZ=3&e@jm?k2)RsQ$aG7;kMz~y9celI@< zgcbbzf53w`R#4972l6uhAUF|^7_lVg)tcbIw4@gmhyhJQ7YOQTm>JcQzi0Jwdgy=r z{$!Pxnkq?r#f3ErKpVej9TDLSz8&TJp9SA8XG~rQ;_c@2y<~v0YW%U*gN!LX8qF`e ziU+Q%`S*1J-33?GbhAGROlr4<5uey)%0u3Rn*U@b1f@C9wd1(~<@G93`HGp({{kEb zEV%+AF#X{70PX+05s0nzs%PcN*(+h))Vzn<#r${YR2*{?NF)ZRq)#Z88UMx@JiRyd z?(4dXZv^hE#E+vr=I7Y9kGyNW6ftOvE=V_PAcl@v!s?VI@V2xD>+A}#IOdl;vN_Tt zw*13womD}wRW=H4trco%X;MHdk{@ZZ3u)|m0Sc}TDCHrvcq1BQs6-k%)j;CD45sFx z0={i*;g)*r1grcTQ>=zpJ^Rk8&M?s?M%6f@I#6UTBzLD=pFV~1Sdu?XH%p>{J$#Tu z^}4cIolF^g?scu+=%1IsqLIsVRc&swN^Q3pq2k<6b!`B`RE`k2iWG+iA)x({d~(8$ zaifY05kElYdzD%VffYO}*-0P*DHNzri>Ugq;?!Fd_3~m4G!=?;)pk)6wy&Z9fyGOo z#z$V{KnscG-_WkrgL>`EU?6-?%V|^-O#4cEikxICuhB6^WTTpU?TO&?}#p-=ZmLJQUa27p?XuYA*`SG+dTQ#u z0BW2DU03fZY*-9cY&Uxa@_YM!IIfI5YOqGjo~wc_l39hY>lF*czmCBy51`pp7hI!=TV>VGJODdKMu4v|V8G2< zgAU41_UZsYPp%>*I&%QP=_k6Wbl7dTm{=WI`a*ed*2I*oIVvsL)2K1s)yn88a&NxJs0Zh^Z>vKmnO;VH2v=D7*7;u{<-;*Kh&{LmO9f018vCcF~ia-H& zli`jZO*>vzweKMq#gqws&Qa$KHE1oyp=i_tr&jtOR}nsnh_6ngUt$!iUT+y}iSSVj z5x?ySy3}{Tn0tg@J%Yx<0Sx|M01AlDk?bwxZ@|C*zSMC5(2ijLB@0^iE;w*g`h5O`mD;_sv& zRe6ufvmXN|!NKRIQP8122Jysi{RD&q7?bsGFpr(O1|bzE8;bkdP1O=gq7YhI)ZKYk z!ENaJ@&qL@kQy(y+bGZ@_$}3jY*XY25=fOi`dR1Vm|~Py{!^5s#Tag$D8C6j-7Ar+ zb0%tlkQqjP(f0O>e7P$4){~$I)zeIX?Cwy4_N=Pas_T- zR$)X=ClC_V`USIeT173P+c%kuIvN7#Rf~j*=bCu892%WxT!FVTM-uQvL6!M1W=_-p ztaF7-Kz0Am0U&yGvrPv*f)WEg-{1u=AH;kZ{tr3S?`zbWTHY_<>i+`YSjkWhSr^sk z29Ov#Qo9C$n3^9S(F1Vw5lYP(F>?jjb{)4_bZR0j9S@E>NWB+M;(ZX<4QWd1&Vqo$L>yA|HGmXL@7r{v(r9R%5_8fSfuIlLAME3vx_0{zI8%F|45tt$^sy!)@|m5IL#XH?#!OH% z(ZysQ9j7$qMb`ME9Pid?fsbkaBDeZ6hc9*SNd=my^qOb@HT0efHuU!QYM3ng8){69 zt1Yp1!KEbOy@utKus*UR;pqPlgP9)VQFK6#sk=TQM4g_zQvPs$Bz&^@LqSw7!*&-N z8ACN5pS~^~b+9wY&CvUL-JL6MQ1%zD-sZ9n3N6@oJ8M_0)3B>NU#Ey)k!5IkbtZS* z_0P9S-v>2mq=C2iuM=EQHU9=^jcl6hy~ZrUX1!E1y+nwzOErZbj52qgVaHAQ$bKL1c2p z0a6M<^nmpE7+5iw(Judgl!oP=ecr6)XJ4*p_yRJ|J)Xh~-)3f|k$|q8N1ILnR|ne~ zeniXi+2Uh$_fKuT`g#cfT@VsaH{LQg`m#ou?lTy6g#BP;RK72#8EhNUA#xUbTKmsYzKRB|aw z;2*MiHt9#Z^`peloM)E>96UwGo%8W`s>Zg*5ktD&iy~ZxEcOusYW1$#sz{ltjwvyQHPN85)}p#+?@QJQkW+ov1HIE-zR@f3c<<@p-ekYqc}95V z`fO<;6@IC#>Moc>pIKZXda(&WZ!Tl94Smh%&$6DGU zX}Vp-;y`EA?q$p5``u_deHpdSB$tW{5+yJBc0=ZQb2d{tm(M8l^{C-PzAi_tL*wWq z#E=U&3m0W-O+`PzA$$fG1>a{*-F;68a-Qm4;EN1&6ROWj+9uOa#>>{`Fa%`s?I#5l zi2B9>*QlWGm>gocI1dYmvSIHz-V0cMT_UtQ|XAhH@d2by?! z%P`ObE4suJHbKT>ZSUE23rY5-uf!_m8af|-SSuRon{BM2D3ZM^rnu8*mC+fj31=46ge)7Yaj{iUda;wbnq;PD(Ivcn@B@*JN4T z9rJ~B0MxXO-RO5wqn}$|WOoTW@xCu$9W*iZo!b(@rhqJ%o6c3fbsgEYM8W>Ox2=nm z9YDaNi((@V>d?`tY-y|`uLw#ob1P`{S>UV$H=@|Av2?3&yfPQ7j>|Ye$+SF~trw!fGoM|F{%*DJC z-xexW3g*gfY0f1) z+U`N#EA68vc_3@bbaKklTF_1)IYrsEpsCuZA^w0wowFr;Mj>S!Nw*xAN){I3=6yi^ zJAEJagM$n7M>ET=j6P0M1&zYOD}Qy*B8-?{>EP^*H*CPh4{F9C<}SUQvkJ>F?MbJ~ zBOnoUas(DCArw*Q+3%=;byKP3<{e*>RNp;+m{{Sz7OMK2gStAHk2F+&5fgeCJA06b zLxOYqkCHiZLl9NEN^FY{hM%EL3RUN5C#onWI0FxQ z`eN&r(}*^l>G@MmGWF2FKJyceAH4Hfd~)&cE}SGug`e5iA~xPD7j9&XC8x9fZp3zK zoPVa;SUqLW%x;z>7IZYtx4T=z!j8sWdmL=3ebhS^RLwipxcnq0OP3E1!4*XDr`O@v z1*6cp5WKV1&AaJo@YkDP0_4U!i?NdjPI!MMY6%f>Cy|MyNX!I}xD797Vp+wAZdQkp zn}S>PXB$Deme5{}C>341`!ws)6w+{5+ykl}Q5WsjDStW>DCs)y#w}x7CV@>fkN~Fz zWFZP_-y7Jy18$sfo|%L^Hggoww}ajXWli?m3h&j$Z`eYOh;11~5poV__`aIwY*Ba; zkvBfYZt*=hO?z;1NU=5Jbk5c4>>!0N+NcnktPlvnYUAJg+H5OIT-DBLYM(~6sShl4 z!-8{8;W$w6&o8c#yhHzJDtof_Ug?I@^CRhi7@C-|Bufn@2cvQoPYa#AgIz-%;Vy){ z)JqprWqIEvS&^QGsZvIZi@k5r+__!Gq{#qsM0JAv`#_97LHayWDNvwWy8ytYexuPl zfZ+1R`8)UGPwXmypwx5*Cy-bz08cgKPth90P9RKB*`$d5q<(UGtuH3X!@p7CU)=;{ zI>o{W2a{QZ@VIdwsdoPP`_>;g-M?^wgN+a|W$JD?p0Vaxy8hf}1+3`J6qs-Cxc$;K zP7*`{g7U*P@Y^=)McZ!$F#xy6or?T7eMWnX6iFvz%LDu~eCtOs|56;RV*>F{?zK$s zB^6`>?u())^J793U;rvbUh{J~*Msa0(`TIMr~GUQ@R1Mk&iCHuzvV0~gl7pTuu_<# zi(;Wm^e#E{JBq54P@u3nfP!qefs8~z`BB)TpT<71<_M3th z2Q7EpiG(`pGa}NmBIx`{o3rxZLD!LqL%99@@nZLCiPJf`V-6&#l$8)o;r>93!XWaJ z8}$1$5W^kq5hOQKKl3GqME>XQbczTScLDBxqcjLUrFF3*<#r4mbH7v|ryTnt2yQ)0 zN&}RBO0X0rE&6KeaOO+wieE_mNGvp15=q>>MkWIZ)hbE|8Ti^E&0CdZ7*Vl})}cVu zw6ov@;N4iqG7Xi>>0(4bfkFliBLyy~M~ybX770W2=pK}~(HdSvbjtX0pCZsy!?kR; z&E+{wTX@2|36N78!=m7d0r!^sHNJUqw?mk4K7#LIfaC)Cap$g z%C6XH*cCOM%W#BJlfWrIs)xCf;Hj0+?OGX#xlPYv9H0yF7FiTfe|74cR*ie-oc{PS z_kU;o&k}*)8soq0n)tuF2L}h8{%0Mj)BiN-9y2x!0I&#~C z=BSS=IrIM|0>L%mKR??y@t;S--H!jSC3XD2p8u~cKwQVo`FN`WxUts=TYRzK@RbZG z#_jOIue~wKdfTAK)eXH5k1)bnox;gE)R_Y>Y(@VU3jwWN;z zublob6(Fo*1A+~#CxBPwopQyIysFyy;sIrx>HiXez?$g)-i|5%?~aCh9sOTN>gc~a z{azMve4;3AgoU9-m`;!Gyeb1ZWsS+E$I={e_CsM2Jq<< zvr_{-X0nQ7#O%ZL{@@f;)W9_LR|pW4^>}5JZmf(e*+QC8&cuy2-*PWkD)+v_A5qN1 znz?W?ZQ$WGaHu;Z%+F;T)N;t_jAV2^Xjc1#7~Q+VI3rmK6Tx8fURl52LIP4W#WyI} z1~Y={I}^qvLojgaN7I9!JOH+0c^}zK_4%_AV|$egVlDC#&9}Bd%XVI(dCO*K&$hOd zslLM51UNNBd*(KBxe*A;*!1ypl}*r;?j-THRk1X6bDbLd(rLCU3N_7lb+Oh>HP3lX zW9F>a&A~GBZkq@Zzu@oC|A^wCf5T!vpR?xn(gna{}FkqCHKjI!ocoqmj_Vg|!Qu?kdtCV?(<|Hq%;Bs14 z#ah4|_FEhw+u}GE=I`cw9`1iN_@nUPd+;v=0vvyrffU67N(+|~)&;v)4)|{{R9rA% zCXBveOaK&RK#HRX&oaQhf|3+7+#%s(A=_XrOVdX%iz7t1t9Ld*Y7N(69FhrLAMRVj z3vxqxFpIM=GJ=wZ1Pr&hZTpLBaEs`T2!t6okPitnkQdG%(o5tP&!T`?pXMEsjnNNm zw0Ykuu5R4uUpNhgaex?b3X10Cs%SOhTB&%(2-{Lx#RSIV{>BnsQ)_Ts`BtvxU&2x4 zeqAdbol8aMO3`4?yEa#fntr5X><4O?)O@Vs6a8P3;@|oqmflvqi+Sw#8grJsl6pU5 z{4qycwe|18|#$(jPX@23Y7da0PwFj980(Wk-C^oA;8G z&Sx@XqTnFa4v(EE^h`wvT67& zH2}9I&a{{SPcnE*#rC_|EXw$u?49^#2m=*F+KFyw5wWru z*U8~0k_Q~@+1%4;13o-PX;!g(EhenoSZTI+mUpi%j*r^SmLp5E-Zq;?lVWy6%agNE z6Kntx#|v0uHQRNHPw(-OwKLY)bk!F4P~8}#K!Y&fj%3rdod>^;3AeTt$s%<(R z<^U@I1HueVH7|4zd_;5BLQcI{mzmD2VJLO_i2a!2sgCh*9ik`@rqZR~IU=gmqxZ|9ab$z%Z%!_0qpNQ(&-MhIQYqih z6eUpJAtsoVHI9Ys(qB@+X_R&r$V?e(>&r-E>Ja3b{qyLTSMM$>w+cHUW0Zl-r37B* zK04lk-NeF$2D@BKEz~pyCE)*i`2#s-|F{t5UpN1RDQO@E4@W?&f_c7oNo@_XTBEe4 zqf1Mp*oX{#6=vFi)L&rZtX%|g6+)~N0R3pdvXNCyLJ3aF1HHjj7!Sy#r~c+4U;X@k@=1xw4`C-S}L_1ix%y&%-$8x{hZ~tG*iCUSPB=R z?`$=gR~Xw+Hm5U^{R|1{l_R3*e8!R); zPUJcHdP*fC-5Hh**jTx_Un;8qh~}+o=NFE}=7r2-{}^U4!sF`gHIIGI=b5UOprT4n zLC$c1tnUGZCx(=v+V{+5K6`j-q|&dXHKTpk_K+)?4zP zFh{Oi?X+L`Wn{IFKaitYHhGP*2@Zb7BrC7WESq>!_T8IclBs9NrM9Jr>NN@k3gMDH zb*pc&zD^OD`~)*}3+I)Go0(XRd8Q?JjR>VFTC=`lR!=6+%r8f|tU+vLpEBsI!{_>I zko+n<{VKX725GHVdgjpTtI7*PK_pSmg(CBZ@<9?+$$91^zo+;h_CI|p^aZQyMbA|r zYV4r3rdr11((dAmww4|@Z~HuqPdt7|Ti@2Lw%gxU#}Y?Cscw;Duyk*nkAhQ2*L57) zEacjH-h3={K?M4dz&v?7i!3m^qWkn_Ef9pfbQU2`1_xEyrDM%4r8JAu1;rUklQbmg zRp_Ibpc)-oRo<6qZV{@OKc!cc@giP`Ux=3A!Q$P5#4sTfoH47=>I;s@~h-*F;IlIk4tlnx3|>wX4(lJK5T@K^u0f))_VOEVgxE z5;k2wU=rrMO6Xf7lrFzr-Q+5%+Q`+Om3REX_dwChwloX4j^LQ+=I5YE zBVbcWRpTd=Gh0Cv+SJ)ZL7Vkm`4oyDP7ujNgv;tU2tp6WbYekKz|cc4-DoSVg;R6W zFikO?$5P~uVpp+IXGjKW$I@kD51^=lL|7(f3FETa9e<|Vr?(B8=ziUaK z9xwh^7ysqkgr~TNcrWZv834Zv0K=E43jp&Cq(=U~MBEpdn)v@{G&1o&_lBd6|F0u; z{D0;6{~b4P!_7s!7d_Yt==H#d4daIC3BM?^p@cy3L_mA?&oRneD^kJi$%Z9Ti&K;q z#qdY(6z$0ZqNCY)f&XI+fqyB-oYAti8%TNgDT7%mz)Y7ObaLYV3&#DCsVV-$zKQ?6 zGkmr`?D+pWQpf*S&i_{#|L5Bg1HMSSpZkvU^YD3PBmG|@?vG53@qdP;_@8_G`yKsX zN9yRmJN>`U_&?taq5ssy`*}#IivIi2jASTXf%dPF{tpj!o|*c;-BB0+XDz9ve0$8d z#j#9mV+s{^US*^UP-VYuA(wnqP_m(Q@KaQ`%vH0H``3t{t-_IS=(C=o;Q8*1V(ofOvGeoji{I4kv5aX4 zZ&2%^D89xi$Iw-RWHpwPHtEfA!vDU5N-LTq8cX~--^fHeprJSIJ@i%-Bs1~YU$i!M+m zBTCWXLqD6r2yiza8Ei|4rhU6^=9sni8YWArWq6;z_G^lq9kCyNBXlM?*48K8#JQ~l zTW*%zgR=}@rYOQNxa70iuHK2w5TN{YZc7ZQJeHCBc%YX2l9ccznsg(2VxY5`TbM zlIXoCFL!{aFs#6==ijtZaQdmwqadc2mTv&`C~>XmXeBLHS`;n7;4CO-WUl^jp2VP!{0W<@Rg^&pnn*12T!LI1dpV9frq9j6revy|YJSi^1PUzybM4}xR$ z*rzB<=a;`>wt;_b#v&99reDQO`sBtxbR0u!u{%rFIB`y0e1XceQtTz)a=sy z_9(`0QjD|nmoLs?`JthqWJt;86a^v7kgTByBDw%8 zteA|vO50t#F%Pi_@bLAs-gp_*dOA%^kHTvm}pV!}okRkht--)+{b=0QA(=yi7iZmkG=!<&oGHy?Rt4nuk49 zhd>o4pr;@sYf#bJ1cp2)8<$$Qw#xpYK&?o0yc|TseMacXsF?}%;8^OV;@sqtTRa+U zR%FQL3F~J8xml`&vE*5tRdfO7;AmC7pcD+IaB6aTWsnh4D$X&PMRcTIsf;;I`rqnb zAGVESB-}QbRK*siS7Oi~H0nqRb@d+LOIG~qRiAk2H&|2IQ{g9g6h)x-zSk=}2>0q; zCoF%ocr^zMZCLNFr&B2CM|JE+5eLNCxh#TV1}L8Q)ExLWRz9P<48;MDqu1Lu1(StB z&9}&Jf&z(wT{4`FOQle0q&D$JE1b~VF3C{LNP)_wwGGy=Y9&!Di%9)iaapV+R9fo2 zL1}oc2mNBSHHOh8m-I9)#Is+9v5%)*9?@r{$ijt<%LyhK6Q&IG>Cf9Gk+Pv7=}1&6 zZ(9Y4L}pamW*&-8;8`}t_R(6&_OeJj8cWqtV6=dJI$=X;)=&ziS-IRtGvRefKqsvMG-mtxp)?a%WTW9q(DqSg>4&Ko$!>6&I&Xdekl_37JP8*pQ zp|}#c3FnnJK}(+|S(cDDaipJH`fKxTk7W}#wNWc-Gz<0ZIt%NG&@3z@*3zh?UYLh2 zE%eT_us=mv8v1q|;VmmSFiWtCJ?B~tA+9H~YJ!4t!&54gIdqvvt>A8MQno8d(B&*O zH8D!9G{-M*UukkrJ-sWhQ~=533d1z`#Tii`Y6s)*dVb8RxI*fiZ1C&&61$!hUr%PUf+cz4W}@jUp6TKm3Bmt6T3=K zRwywits0PWZ4#@}suHQubY4yonaIX2Z()2{)ZIp+aXGcMpBZ-IYyOistr?0C%`|V2 zg=98;d`XJwtq9G?Wr{Ks(-B=};j|()qU;S+`teqldlzcKIP0gv>0PIV+)m4S5gw1j zxKebdc^rjz62>1bQWLk~d`j;kciZ48;$Gtn{kCc>v?fci|L_{bvL-O3`|#5z6bHH_ zAp#-g?ew@p?(=89-|;joe^j=%Blowh(?d5kt$P0tLXyr{#Q3XOFh+|R{)^OP|MhHC zvj5uMJLum3*O6=lRUExy3;dmLfm|MXpvD4>kUs(EI5;u74l)dq6y4C{9iVXvgD@Vm z7iRrU8Dx_b&&HFDCk!kk&R{yvzxfkNv`9a9Ay5%G`bXz4#A7t+vp6w1^vl4~pxJL? zR>-6sZ0oJSqf+^6fpA5bDHq0B|FI)#wSpD%r3IQ5S&aRVr1&@FXDG;jF|f!2d>h}w zG&nkcQ52He|LmWv#p4Ku)9>o=zRq#VU7PKOJ?JjM1pR~w36rBZczb@#3P{JgX&4`Z zA9jaB!P@Tfzr?pT_7<$Tdx4_$9j)~p<=ejYjsK-x&ssyC-hgV(j&0{UNZ#O*Ur(+6*s0H zCnzS9@VXp~qMmD1tf57GWQ!_1B$vj>k`P%X*Gd~e*0T6mjj&i1lJuf;3brf*mZMT? z4RLw=G8^S$=q{tf%2F7{*&3z+MFiz*41WF4`QAU+RLB39cKj8oN&mZB#{b;e?fk#i zlDFTMZm?2kJA?^@D*NUaZ*nUuJR zRg@kmFkk%hF+T&x#Tn=rOEqHw0LC%S)Brq%F94n201-b86R!Mqo;Co5T23w+5Tpqx zv?*8Tiq|s5mDpE(i2EB%i~Mu0Bju(?`Hv@I%5|*g(QF*%I_mtpqE##^Din+PZ-!R3 zNe8Zf500e*Qu~eqO-~KtSrlyu1LdQ@_EAwDX7dCcg4Z*WG40{TSY9hXY$R!j>AZ?U z^%})$wYdjgzIgR&!vn8hp1nEQ@W93CyI)?2fBf{~WJA-r8vS_-<1yM0dQ)-iY~8kN zPR(31f>J)VTt)AJTsyzv0Y%Hc;Q^_o-|&D{)lPqxdixCtMxKix-s6-(s`)>o11nJh zH}L7WoNXBPm)SsEhJ=kJIzFPY$3 z6aXAY^NlAU!C}nIfwbbJ4}QccfWA*#$uNL1V5XVd42(lm0SRFbe-oH(JmL5hG!F;~ z2xF4Lhz>2nK8&I{z?|*GI6%xslm2n`=H&G9#ks8S3V|6xL4V^3cyV3i_F?>8#`qSL zz5M^#`w}ooiYosB1hj;eOB6*3t4F7M=&Y(fXQrXWn(iK^nXB#YVZZ@;vNEHplFrIZ zGBUfT=o!QVkHy7kcyO#Bhp4Q82nf1fc;SG`|I3KXtUMyGs_L2^ zsQf;duFQxR5icTMM7((K_sqIzWoS@!G>&5>iww}@REM!1S9D3>jP;ZkRLE&!6*tIY z6ebmbonbEi?cGhH-3|S6)e@kNf0cgXN@6m8@u5FUVxljfxtFs0&osWMl-ZBtgcWYMhr0a098x{2@(g%&@*P5fB-8Z znT$JQGM+695|9-uj$$SSfT9;f0hKq)+N41yPn?Azvdz2|>vr1h#Ssow&=r`#_F}2I zUs&L<#wT+}XcUTXi*wc%kyT3&?*bjKJyyQ4Aq|`bB5#R3^b&h$C0c|^s=|5c^wR0{ zx-yzq>Ws$OEmvht=45dQq^CzF(r&7K^x9dky;OCcLUrqC161de)RoGCJ_-lslhidX zRU!slS*e4`dTnLpB^0-bgH(!60#2eaTNq4~5OA9^#+Au2tQMPXv)F!`_eAXf8-e|| zpQ!tv{@j4~{%6%-d;i~(XCK)AFERxG^MA)0xS7aPNYjlTaM^u~WNlDFl53!VVkVD>(ClXV_)76o#XHq@T) zQrU*yv>GqUB|)Ntd0A;@FoWEVw>X>Ex!w)Zl#bB{v#SwfSJD~Q(v6l;fUF8t6OG0J z^Py%{U9y2b+}Azson#j0byGD)jnRa(T?2!xdsw7{{cYQVyn!cB{+ocjs4>@H{DjK? zo?LIwD&PLUueTllu_ezwu>TLnU8KNic##hHiXcs}swNP@EW26?iHpWZlSL4Y@_g%ya(Cf-N`O{7qvx6w!lEI1V0dDdMwR&+b? zN}}55I3PiF1ge@7P%fwwIo6ZX+tyI30-9>4yw>%CXgAFd@YfG)nO29+L)eK*IX!ckoY-nY|h8crAVmJk)-vFzwumr)$ z@Mv}vLgtICm5qiW1#&`BfP6r_0dqBpT`e-!<2Rv2El7g8M{8{m+OP|fw97T7lH{~y zm^GV?ipQwyup#r}w7W?{tcg-A4E& zFAb`SDj>K~;Gl$HREGy;@XDExbc-Ws!dgPvaR#@dRgIvbblEG550W-8Rtq(Yw>NOb z;^cCUvxpj5qZdKVXj3hWO~pB-lXhcxp}vj`XTehDKr9`cBfZywlbVlc(}=!2aP-8@ zNd}R>r;?QHJ2l2C)gMMFPBwE&CSXhaNn88duUwmBMS*8EXu)HQh_cR`cNSwi1!O50 z!}2=vY=Bi{=4e8sBvw(7!^XWvu6>CXc8L~b1q63$DoY@rYEVu_QcXUct%zaCowsAb zMqQ@NX!)^Rd!fTTUagvgLb&r<>CHV)E ziwjMJC`&LCV@$K4i3UKKMWdUihD#nl+kSm53OHE{c|ra?_-5 zBy~|E8%PUB-6P8aco@#sP|Zy}%psKQXcDxQz6pide4`a7NSvtiHP(?d(;KIZA_JIL zPy1$JwUzC&iwkVu23T!U^H_i9g=)GQY8)G<>+;D)eZ7%^0#z2A3h@!poz)W?A}*I5 zHDIs>g#}Vy=Dd*~;#Ry)xf4;7U{U1d1hE=wUMKnR>=Wvd>gg7nT#`-+Rv*>bC84zl z?vS;vdeqq+an^8L>%89&3iypm6OqZd_Ly$(D0;2k0sLZ=NssYYW|6TSaYgm3rvbY_ zQI#vkM!JjM-?hkpU0q#K1JoBLFmd~Q8`gN|gs>Zf7+Wk~{<@}Ojf!a2qN&@hAo6=* z=M_tl8OHZWLiKF~Xl9()ps{(q5L(7!cZD~=kXeN1xMN0ZterElNl-c>TLq$W(mbT~ z3|EHSEYd541Bxn0SW8E?MV;jL@{HB`%vu&f99J`Knfh6DTqfS>E|BR;Mn|hC=7}?$5H^YBRF*_Z^(Z0S$*l0G z*|{DvAF^g~fr_JuVA~$@GTua|R}bWR0_%XdG9*EaNT4@28$B`mf(yvSEFg0EalEn= zh?NHem4R_L*x66 z&+G~!w=J7nV@cP^da}^vl8+NERC(a=__h5btj9*Q8FIW#e1pe$=vu`&CAx#Y1(q`e z7IypccvphvS2nPO5K-=wim^?#T$ad`u0XoTm?}<3g9s^i6N5!{sCJ}A&K~9Ukf4cc z3h5~J`-d=16QA7MYezB=c8Z*JM#-KAlUYP3hfk&?hgmx7T7Sc1u>q%IIJO}M zB)jqf^oj1A>W#F_dg$}K&LcBrXH1vPAz?Dzj1Tf)w4R0+y-@lwXK^C+K^-<)O`6M| zw(7{gHAytA>(!bh7}-gf6gar;b~}_B4J(I;+Xscq=FKk>@j8KM8#`A$E07oT$`D9z zf)!bFrs*W_skL0P7%KXZ3Z1byULIzN5Cy12|wL->FG&LJebb(qejJH}< zG2T-56`k-LGeO#x2!a~OQBYy3o#vOf%SU9I6B8!lF*84tDLst3n?*ixOvIavAbAlvjHkzx= zHEUpD$Us4>GDb4HIT-AMwu0gh8&*#_+YY5U|49+U4Q|eF8gp=N&LFi;l`HP9D+*BL zO*nYp`w1eT6v$;Hna7rhb}~+`R9K03=3_uQTM(oyDyQ9V8OXWc>~fW6?&63mx}>SH z$S5K!K~RJmSGM-GDl7@I1Q??x3?9zu<#t2UfRS}g(KV(hh!A8=?`G#oF>7(#En&%V zdy}lYbRCh$U;rvc7Q!J~ac&XlxvW+p(o})dAn$RJO9!bhIo}}i?t&eaGe=O`ao(a0 zCGP+yFP$2ClhlMRiVlOtAix&WDA6@xUE|YP>HO%aW0TY4Q)4sZ6P~dbFjPUva0MZ@ zbRn_sXe6>L0kPx)#L@=u>nA5h2y7vk7eo;hARu&kz#_ofG507WO*l{zlCB#dnK%ba zkOWU;`8lX+0`VCZRGbb73WbpA25I^g2r5uy9tcXt4xXsVmQ$`VXrU^xBH%;;O0;U> zO%}?4m02nyoYP-pH63M00|IzPJG}-GQe-}uj$hte<7NGpsp+N-l~~QQN}kvlQ#wIt-Y&v<4};A=;$PU+TzQ#p)A>) z7(!^s0T@dqIFcV3oAe5S#>}Q&H8QPr&AeHsS-#Wd1X6xj}Zcm{Af1Mi1kLK|bJT^7ejfD=*G%-G7 z94a!vXqY5xWkD)|imXC>I5WZW0WV9?-x!0yvRu_MVF=O4ivtS#$Uto^3nS|pn~hQT7$z$daMBv_ zv4^2!GPH_|vFaFuhdw&Z8H}v1mA9&5O#WHYu~p2Au3ZeyxrsDo;IWFZUPf_eueCh1 zjBAm#i^DY+k*07BaV*c8F2~(bMZD zO1T;ex*Vci5BV>Mk~7eGC%Ihc2FnfZfT7_e6gXA`C!RRAWgU1UaI)2OWM(*)Sy)&u z?B1PGV1-gTDbvBGet#KbTh_%pNV`7JnbRP~St1=>P18EO!{C!gLs9cl-jSdce%&Y@ zh~z#kP00dxLJnkgq!RTR9$&o7%|exdlBQO1%(o0GyH6Tt_yhuD-@**1moGSPrgo=k z$xUMbUQmZEH41q}NxTmz;c=Txg|oqcTIW)mA2>o=sX?GNBBc1xnb43cuXj`w1rZK= z=0lk8Y!HV7uGGl!k>y0N05B;87R-T7&W}`u$nG=J-M~?ch_qlgsHf}0M@573DVd%x zsz-udXT$m<46d$;N=y3qqIJ9=37Wu)GZh=}$?}k91Qiu> zkcScn1MamGTYxz;8ru(Sx*RgnoGU`jYAow8z-rp0q7~`1KM7unDD%*z6m0NFT$g^U zo<*jjBW*p4K-wyUVHE-S917r01*(EEHBiXBa-h~xhgRC{s(>PcutTDJqE1{M_L+7Vco2YoEEyd`nl+WZdkJB9@CjGnMQh9zEM zV%r%<)QQ?M`ZAQD^IPxM0>WKe0vc+iOfbuutgWFNu6wH+oT^q+3JEe+ROLY***IP7j)z_sZ4al7+BU%-Qxj(EZvdXGexBUm)X@R3Sxj?y)0U?(%AmCyKP%mdd zJ{Kf+ta%$lgs2XJ=i!lJJ*vX%*u+8<)KQ=9qyKZ%QeV*spk?< zr>iFb=zU|BhjUp;7e%lOlvJnyW(=%IXO2&=a3wFYf~c!-x~xJ}mPLLDxCMl%-5Z4> zTeYE323$!L4^E2fBhonzBIKa&-VSL(17%_uwvbZS)vZV4vW z1=0wI1@x&p=%_QbdSu)ek$x~h5Hc7R0qI%X5F#6NCYC# zgtsKBjNtasxz>O`TTiZTPT})&&6CobB@7kakt+ZhERO4PTtoq{=EmjK?kKT|K6*YM zyZT(jL1Tso9?$al#s`bQoGU2Ale5>ie(qJZVojaYL=7Yr4J24K(sm6= zFb2J^7vFR!fiU!#0C@yl%?v2O{wGd}O|uRnrZ5JVEX#bexL~6f!RW*}RveB(G_eu} zUtiV%p<`FWbxH5KiON!9S$>-;XmE?f)%u;;t27m(M{0ggYHwV%EHSYpVU2r{vY!5d!JhuUzW)BfWx3wo+^T_PAh&3(c04-LSan&h;j+Aq z+eaR!p$IW)hQ4U0)*`tJXz~&gxr>e8fV){7NIP!uFq zB*_6M7p0N_L}3mhr_;Hqk_VvE4KLUMSP{u!-dJUDwOrQ1q^L}nD`K=AEZS~%BcY;c z*zM2j*wGfBNSlkQTw&(OXg5yfLtqz^qVI34YYU@eGUnzYFNz?2Mmk;F?ex1B)r9lk zFaN6&$8fC1igJlD1Bk1#2$PF_`-zbMy*<6X9{Hc^8*Iz}mOR))(dhFrQ#20^2Q3Cw zi5nr~BF2i~PfT4FlF+2B4d(LYYQgT^F6pHfSPuJ<%c^iL_Ik?9uEwEfYI2PX^GR8R zbxJnJq}dk*m9zS)E*d8d2C#~7vMTEe8UouvIt|WDd5$8C6@~@jAGVQ;amIpb!Aw(v z8va)l5cy-C)wpuXd-iaQ1WmTlZ5cC$JpNO`8I8YqC_?k4x&As%6|rh=oE<3@r7IrE zkeiV0Yi$g1Dv*=3w>SmEpLz==UwG^CUNH%fWR6PcSmj~m!wVq!kaQG=FhqjdysXX& zQpubNR1OJJNrec}xD?QxbuB>cXRki7*Z+cmch~i71ES7<{r&x(^}lCT?_hiVZ^hGI z|K02VS~ASr+W=$En+Pn{>Jh@r6afCMRK1)-df{xyY371M=uWu;zNJ8-@G0(YiFe$5 zfv73NQY}ViY3Hj6PYD1?f67rp?;Yf)a}Yj{!x_(FGOqBciPHru|iPQB}tGf7pN8EfVR=W*!ZkX z#M~I13*((d->kIfB35+OKS>J`wjow4!p8vZYSk(AXoDeOKm_GW9NRk1fUIXwh8OP$ z$X)BY76wia>4kvU;tSr$;sIHj6ka?D@{!AF+d)1we!ieFML|UxCD?dW*!`GUjDtct zexyg-i6eRAfDpS8Mr{~Ej&a(`Q;UrZhZ|j#B_=3^`6LKQGQDwXByU-hc;v}m15gNQ zsA)4uqQ(*TljL=Cx}Q+XGOeIU40~*)N{po`rsQ!N78%wrrgsKrK|W~yyQY64GGUR< z>9uxBhR!%;;{V%wCetpjv&h}N3B;bjS81UZ)yO_yS^2EcTqMRA^2vPfcO98VmXorqA>Rop zrmbRxm7+haYH({KB94a#8ID1KZkp~Pn><`O)qc_!%d*LV%4y+?saBG%7yej(wuLio z#~IU;aKq{;>gLApQP_Zor)x*#@=K%*2M)7bR-Eu;R?Pg%K(kcTQ!fClW=94Qo4sIY2vl+{=cn`qPZ8zUawg2!2cIAz5c z^dx|$c|2iQT`MycsFh`&@lQm)R;L)VuL*SspNiDJ8O=}UN5(c!k4-N5u1Qi*B7P_7 zwiqnkG&Y_0my@=8Y}hGbx)qrpUf#JmziDi0B0n7pY1@jR#tDB zbp@ieR0A1%gAsbta-HBfajGhDfuO??X}xY;9^U3hHu~ZY1vE1ZCEFcEFyy3@4chR4B_E0)*w;nhB$Zy7q?;c6t%3`)hJ0pX5AQGuCM})r{qH* zLui$oU5zGGSQK{p3NyOFJU%fBPBNSh=n0$1ZXcd>Ovgw!v8kHXQ|(T`TQ!2nYYYFd z%6aG|s-+n<0t;|w$Oumnc~O+-gLVc0Fs$(%SKM7=lkj3xX%tG;kQ(t&sy3lQm;^Q> zcMw{>V6XK_Cnx@!SPzU(m{&4>sAltoPSOdAHBb{xr;sry$vm8pRShqXRmDF7aoBl9 zR*8gSw5kGw#1w^A!}TMA0K15d*WB@`!h&=S)w@5EU^C|OG+PR)nlW-TwiHw+J9CrR zwOQsNHCT~Z9o(nJ7!GHWgG^l&vks_yMUW;~RTHq%EfC^Hv64{ay_W_ZRlZ(+St6av zte7iro_EVN1`$`xItov4{KHXGjAXTf(Xg=(jK3Hs zu}28n8`RP|U(A&>UcTd_m8s)6B=#UK%rDSW!$K@%t zr1-pyFHmB^Vp!)JRYuO%v7E>di}hjeC-SH$6S!_~6HobYehK5hVMZggpR~P6)_w_{d=J$Y9{qy~2-yD1P)TGC%w%4UQ2@ z1!tf*{s+M_g_56$FGh8eIyC|f5kw|FK14+2*kaKb zJ`Q!6^(I!O?CedekS2?!mf10Q94}*4%Sj||&0ZiT($DKB-2U6^u~x0i3_QyJw|8LB z>;E&@+uyeTZp9M{QWfO&xQ|$iW95<4z?qEU>|9R)YOH1F>}_DRZSEY;+}Sd>QB+}0 z5Mc@OHH^6qU>UaqO$Lez=Zw_^B90Z!MMjf>D$80X1pro&PFPgN>_kp-7TmoGd0paJ zNh4b+NtPIc3^*R}0>Xr9^>LKfjfoU=4a`Hpu@X>Jc~0Ol%tujH0S}8%BET6uRJ3v? zMG%&Z7L2O0GQuisK@bH^s9{CrH*UmKu?84$vI;Gv4y~#{lu3DPhZwMevj8+!SZ^$l z5Br6p%4b7PgS`EQTxHomd3j!%XH`BwF>bso%ShWy9C~Z~GG2~PjJRJ+jE~k{sJfI# zTM;yOQmQV(A+Tc7c$=51E3gsyMnTed27lKTMZ~ctS zPE8?4Pq&q=->1Uo{}FNm4WX5Bc|kc(q@L5LOTFT>dYsTj(e$u0(t6(wrE1r!CSMtc z9gY<(k$(2wr`IQ+{MVqdsB3DK;bf8MP8z}fTNXq9_w{-4|9bj!xwiao#X~#)*+XE& z8Ua3QEJ_mM+A+3MkyQ<<1h&k??;EdFbj={(K=PX}3tSl>b`B!!nQC8m;(3<=dCeG; z8g^WjO%x!Y8K(eyG^RSpglB;S=RuyY2ojiZkpc69C<2bv5s6h^hGGTiN=apTXpk+k zg19J9ca&N5yj?ELns?`_9d}(*TT87T%lf-o3DZr87teB>_e?KmlURR!s(^ zjv>-04KP*5uFX>!(*=1PJApbbrtPZG6Ik`YzOuD4m|7te5Dkc)ZiLe1tXa6Z zinE4BeZuQ7>}g0{NEBf?rhPq%Y1E&y!O|zqVLWbCVevpQ+WP{t$x8q!!*Q2Qkug>} zLTcYY)ClExIKD8Kz=)k5kP5Kv?u%(Dm(+K>lu4oW~P z%X+B{1kLy+t-#T5p`$n|(Rmy;S1UsaD>PiC13}VcK;&ei)-og}tkGzziq3XV2_=aY zkqzh_*w|WJ-=eH?(5wpBJVo$K1zG9_NRT*aq%2ew77_MUAS#1-SSZW#Y$l@Sv?b67 z>CgeTLBOg|TA=|Q;nS9)$~&ug&6-v%QGX!yw8|RPKb+Z+*6W+LPzbm z47f7nW|3Zrt|$)pV5TOOw0w3u71fwO%QF_(MP@CF;Dpi5=@`1BbQeCtp)%V$Fo^UB zcm&V^u;Z3fI(d21MpbE}s@4Vn^aW+cCAf0Cl)gh;Qs=Xy* zYFi?k?h*oZi#WUl&yAKKt2vQw%-yyfW(Mvw4laTwR!PK}pmu-)B#QBQ2t-+)B^z*E z!J`#GmMdEzIu;S*ynx+`?UFUw*uT!RDi6#Jnej@{tgR^xg(s4;#_~Gi!#*)Ksw-4u zV=3vZC{_U;UROZNHC49w!1E z?-&SDQT7&8j}uS=;G3jSFLZ#H_-HP5K%K8lvvY#18UoBb?js!4ixoLtWN{`s^|GcZXegU430he%;FZ~4 zr?a(%I9m|qLbkBFzprmiZXj1E^m6@$!QR4Pj)UBq!QNE^#Z~=l26_uQmRrMTU8oYC zr9Nv`(4;bl014*+O!>KNC#lseAq7C(#BZ)Dm@iC*^hw%8SW!?`)y=L==>a(I^v3#`TVY zoa;BfldnC2crwn7i!TCvU8pbh0?|-(VZnGb05FQo6CeNO3zkq1NoAo~xHez3^jIe- z@FWy}+7U(GDIjqwf%kgB17NE)O$%F6!*tjkW*`ZYHJ!4*n}C4+zOZos9V5rKh$B7_ zLtwnPS=J_0h@hk;&_}v9@3Flasi&g^)Pv$v)8;v~cu}Yb-dM_`M zZ|mg7Zcm{Af1Mi1kLG9cqob2!Q&ZjeWP>wJjL)p!GBuq6Msp=uD;wvLimXCcv}0bD zpuaH&fyuF{En6o?#%9JxjfRsLjy!;ZR>sO3++s4AO!gqi;hSWce5PE48Og%LO;8?t z85!q802Qri<*B`AF%HyHgd;uz8tP+X^(BuN1TsEN3W~A4nEGY-l4fM`I?|aJPA7}^`kQ_jLKq-LtjFn`e*?Z$L zvd(n&CZSsYxLlG9t*4%JCPq;T9;dNDuLxaM*UDQ}F(wnOy-ut67hSs;taB4-4%ZZ6 zy^P`xJ!`YqGOk6|E)LgRM4G}i#IZb^=Xne)7LRqV?Q^U67qgx*m`I`2ASX3dM;hcu z@_r~bvsF`58)rtwCZ}gc$0unV8v^Mp)VM4{V%9izqoJ%xl;K#Ej=k=AZtCzA{FpQ+ zsIpXnl4jn}1uh7I8mA_Jc_(9?0~c862FneeIH7?fa&xQ(PCRjJ%R2Bz;AEs}Qp9j9 zv#_vS*u6WWz>23-QdaOC=Gc~Xsff<-o0@={_L+8iCI{X#g1J?Pi6k)L5sN|zt8p1@ zwCYfP6@^mP;lbu9J|0efb1Ldk?i7Vml*-AMD#3+L(15XO;20}`)d)&c(|cKHBq0?H zz`zUVBvtPmSIHbxt?aC3htEW&rir5K<-E2uuJ}DPbsD)89kuB@jkw||@2QtVfz@Hv zl56;O0G6x-5CspOAf>El2r)J(=S`6}b6G|jww@DIq{X`}brX&RbHD{y2s&V_jxh_elbe1>tb`otBFiniw)R zqSXBh4t)4#YWln4h`UgWaW9`tjXxST&2P=jS*KldoDQndaorJQ-GRaadn`6lnGNmUP5X=kX2fGBweO6I@B+fMj204{ z3XNq%U}H>>Se9H&jUtIbfDMk^N$@MC09h5Pj3&=Q$(+!0teRDI$sV_}dI72u)F8?T za@LLcl*JiogdH|tafEHKnOH;SR7=5*$aMwp!(DH&e7#jnoNd%Dj1?$OaVS=b6pFh; z(U#(F#ogT*thj4&DDLhuxWg28cXuE8dA~1zviHeO*1P=Ka@{&UQhq>3KI^+!;eMQnr~q~AzJ+F?`mvr>TK)!MnigTSY@y8*7W0` za&{_+b)-oP#_scWMVHl$s=oc@k=~%yj>tP?TrqOVBj8GF^orx3ggtIHRA}#jJ9%&-Ci}+AzEDZ5X zV5~ZKu)#<}PGGiWx4H4Ha?P9;0qTTCUA+dzTd>E2&L>bC z4-^oUvrq}M4&1M$ZKy;$+)1J0>>%CbSsiIlsz+TV3qWRb!+eg`?Ss?6{W*%&Tr#@B z7+Gnj8FXNKusfBo_dOpUI4;P^MfK^66{v$H8R5C>WU=lB(f=}dO~ZWq;*<=b4I z&E%YXGf@oP+ZX_}`p~F#P3hwTeTu63k&a)qZanO>+OGPlSjPBfm-QX zJ6c&IJ1JxA(@2n)b~b?-p^SFp>`)x!$kIV_Yq*G9(y44fw2^IpbsPJw`WqViDVzWQ zVi~;(J7@d-R#C*oIKxl&3en$&k$JQOzHyoe3gq86BHlFpAH_{gWw5fQ`f}hX_}Spx zV=dnILB$Tbn!pdyI%Fro< z&e`1DI7~0!KBA=mzw4H;lPG8+Mq%RTPka7z*UP44a{8*AaQoLEjjcyl_FM&p?zSy{ zJk7cVJm&Z0x(1F9X6$Zt(;3a~YAqTvZs;Gu-|^edq-n?7!_V{4d*-yHR?1Y_? z5=REgPX>O$h!B2C=xez$Aiw2Cmy(@n$LJe9$9^HO39YbwW*ATN4vwF^=Yzbm!@*hN7Fq&Ld)D!r_5SM_hYO0`c^mx&rSR$NbOus3?%^ zDMk2s@@G5uX^HaNNAlkax)RHCUJ|Eo7N;YTOH* zPVUCI;`jacLL&)J?kr+`baZZ{x{SuVHG9O%sOo?It`b?(Iylx=QscFIMmQ!d&bYNW z!Nkoi@VI^)%lZ7_AXcIm!y8+-ej2(HHJYxu_S-g$2ndRZ~i8YOVVt)Od{eyBUzgMJd%~Y-zs6%oxu!N&Kq9j=@ znBHe?7R_j#ikGECcU92UwxP#@04*{wMpF&wtr-EnsWJ&T7R5}8%anc z-V%E8!@3?-9ldV;x?fp+c$KdSvv{dffT^A#tz0z{O?zYM!iv$xc3b?4UegC*X23>Y z*lcmy8KvjnDC2l<1l%k!DU#(n{TGmW`{Cb(uVV)v&PfHgK6DgY6<*f!uO)C_UKHs4+JgKb!o7vF9%%^ zIDdYqM>9a`5Pi7_CF-OuuN>}Xo0{k=KYU1A1G9WJjTSv&!@$fa#zjeXtU%H{pqdT& zC;96&YZiW44ujWaO?U zND#&a&q4YVS$Wn1Oae2?dWFYNm;piCaK3z4gwt>V%NZ;mO(w=VDUBBVg!D2f41=}I&>=^3?mo(?rmKTz_8m|#$v0E<3bN$ zYt`HOJ%PzEcFBup+Ct%VL4`f|Ei;wvcwsKZ=8J<;S>@mK`eAN!2Q)oK)NfGCpo^;Q zyJ8gQ%#g-I8tDgl>^;T{Y_5;ng~{NN>U^J8(^X#9tN|9sSQZ;D-kt;7V;#=)Phqk? z#Z9io+!A#=_WB{-wDk{agmdBM!Qr9jIA546j7H|5XK0DvJU3Ern#9MYV!uYMC^)rw9^`Az+!24#s=wQA% zR5?8ciF|xQ0_*U)Sh9s)@hy4Q*8me4PHuG9keESrYNYkaAsJQcm)PLgisYre;qf&; zB)u{xce>x&SfHlZ%-1G0KXFz?bN?ijb(r ztxcty%ZPNC9q>khZ{?B~-)Cj2GcGTp6P^4vWL18r|FxCmKVn`bK>~qV=qpa#JOtub zjlHc!18+&=$FG^e)|0?6f-4#uj($diLsKNhd~T&KCk!7Ju={6M6b`;*$F6U6Z3_`d ziPHxgW3M?1z;m0ux4J~YOaarjvh!vEKi*@$yOWijYZr<(u^C{Co*fkVx9Wc^d<}*X zq_tpW#0c^?emQ7j`f}sH@|k%^mugeCyp^!l1vW6-*yRYecmP{e^yxW z)kVmhN%ziq_wFoVd;4BiIqJ{gf!6EluQYa?a|dQ_%|nK}`%eSmuY&_mmgiEKZ?y4u z{SXPm!NO}ER&`Co%cYp0!b=QjHB)3=Q5u)VfT1G;o7J>r6#5HAh@cE($0f@arpWce zf4#f#i0EE~4(t`V>q)dN5Ze3jvKdKF0#)P`Hz!>~FMXHV&t77x&PRlPHgRTMd0Ssc zPG^SO%!?@J&bj6KBce(Gvs*deR_&T@P7D2?661|@X!G=7mJwV9>cI)(TXRpx*(jJ5a?1y=<}H6s!Cl3JJORvGc?4o)#aVpDX;ojn@dFjiGUx1@J3-{=mO@z1}iESd^y3)0AP zLEH7%EP~g2K(B1=LtM5W(8tFIuWJLJ*VU&QX0L~`TgopJHxyiB-?+Dr^fb@r`;*_< z*#ha9Kc*rqV%nq?`nhw@h~LW&>-N6!kzqaIr8Jo3yLev~F&RzP;dLJyNGnqF4qCsg zqnOTSUOMl6vrVT!#h$(}$=unBpzD@nbCK(E3JG!*?r6+G8W)0OqY za#Y>an0G^&ZwwAn1uuu^8-wG^#)$C_CA9mbd2zSvMri?1m;mD}XZfyF1=|35e_DV+ z1EKzpFPjbJ^ozgV-sRKV6Kxv4Cn^Hex5@XM7d5x`7Fs!3$kN3 zN4i=wW(*n}rCH2x^uUT1N5aq__xy)zE9zf+U(&3?X8T*xw@W76Ltpm2jWU8xDI+WA z3^BfBG)MJE@pN>~+J0O7cM_5a1N@_PlTTxIG*|v3@7NE{m8d`eR z&7NgDH3(0aCvg9oP7ELXPnJL5(_Tc=g48yih+_nuNYWaKu~sF3kt3D}M+eBUqQILG ztc0}Mdoz`YM$qG^0LCa4;B*UI#MC`Tzzfvx`7{vO_wfwDq8)8^j0MKC8>pv^eC$?f z7@dQ#r$sK_8Cn0=vMB^V1g_#+&s1HIB?cku&HJ@4mK1>4zwv#=zlSJPXcmSg3^}uc zsc|1u7j`#cQQ=~%E}u+k^^K-d(J?9DKRv)IkiA_tAOOHC6v!PXF>gF9aoV_7avWw8 zv7s-PRKlem|3jZ@vd|_$ZvD9Z=Z~wby<|N?ZC_2Is}LJ>ZDKufxXGIl(H!QYC`MXm z!(@6dl&dLR$7Ve^A^dz~+$BT7EuCVO09EP=l9>`~3pesgv^U(wh7P-A6dwS@pA>NsI)G@LuQ&x?PXv^Db&XfbhcuC>@giTC8^;#0I6s4v=ac8;mzFTSsa z&0WRI#bEr17cxykPv!6Z7sXw_6I~rbQ<94=!(`{AeD zM2WVr7*)lF$=`z_+1~&5qnl&of_7a4*WRxQ;De6dP^mGNF%40qKdhGF^!y5lEpH3z z2?O_t{nJs^HW^Io7;Nis2CCR5s-93yqTseqBz7Z;3<~I0;3~Q?lRDTGG^Ki|da{tE zhk0V<S_+3^V(S1h3yycP^*XWsR>-Ha^E}N@@(TfijJf~uexlKQ_A~2!6uMr3 zz0^^r4qn0Z->{H-*!l6PO%1HdbLAAkv;Z@Ni+bQOWVJ`kfYVV{gw2aFAy6}&(C0Y1 zMW(`Ho}nyJ!LWw0DA+6~-=F`1V%~6+cyQdM{u<$(kK(`8oT@5!YyB6Q--gedt?MoK zA>*)|jlgdBIH-f+ydfE^gjP`(%4-OVIq#NJ3M!`-`7X=bgDXkOmN;DP{!xuPpTTix zuTPUrXIa6zJ-bjq_J=L40yh=!tvW}PH4n7Yz#+9Zy_JeOhG5Ws*FpbF*;hr~Lp}GE z>G3=Z@-vp6zm?yRfrAC|@kN6ij~gBnovR1yy)gi2y2s_M`8w{nk>4WbuNEDY2j|k< zaw6h9BT7In%r8m!%1Y#^QA4MN=AL(Ea{Fb454{53u2LD>&bW%itqo2W_)joalA z+v2HdmlONun5g$IQM_7`ar}_MsYFUm%AlSP)Ef}>d~c)?{LGOI7nEV1JXI?c7yP#Q zyjIfF-Z zw>c4MEM_9?go4@(KD!=d`l1jMYz%_~seni2JkR9Nv^5%+U;`B)|A6j0m zL)S9BxnB?sK4_J)m-zch!`#}a29f3$;)fdnS<-)Kw}^HE2ZUcZ95gL_jTwO?QZbI= zMqV3QoVBKZ$0OoL6HBGvoUc1-qsAus1je4RbSBw)j}Eqks>Rc_b`#~Hm&2oY;S@a(R4T`5*Ro{!~-t^-y;Y__79TS%Z~y z{pAHn)qviO>>GVMJ$N(`PJoI+ ze!T+K5$(W>3qt4jfZS`Cl>;K75!pW-qC6=lh?ONj*4yvpzk4QwDJQ%jqAp!sZx>7z zvU>*JfdMN)-OoYY=LnJj-x~uWVsXYYoP0VjnB*9&w>wJ{#>@6^u^VPHy4$X&TOI}1 zW!#Pd!_li5rVjF0}BZ=@h|AUlwtw@GTX!S=^SPJcattJUY%q0s)~V#}@T_R`i$! z;`i3*Z1GWIpETuy)Hpnj;Zn@>_X5R>P(~QpYIHfjoSIKYB5)ZHO1^EBX-XpdV}XnF zSw6)pJ6H(kbBXGLo?@}Z)|0(nic=q%Zio5a&oAYA3Ea+Q>` zf1}RsnyUZKLcYP<L7{y}_H-Hf`K5;sDiHijik9wiJ61j6tbF2Nz9oC+_u;uT z8t-I*hWmtC?l2ZDxNh8qp2~raEwZ+tM2MZ4R<^(zD)^}$b(^PXwg=r*0!R zx%%U-JGaca&}8iCr(vpoOS<#jy9jQcy0)E=J-)U1k48>)%dGm~*WZ1%OyZ3O1ixu~ ziYDJ?N@i;=X2Mop(`|J3&knH{GPnI9)9K0*O~(Z+R*=7;>NB`I?^)zX$TRkNDQNliX}{pSgOD&wkOPFwOx)bx5aU`;M7zz3X6gv~Wy)5b z*3Up4MMGwBW?QAIWm*2m)J7pj6>YC_E^wwld*zFmcQ8`8%kJ4KY_cDrjX$`2=*>*Z zES|#7UUkCtKJE@idh|F17`t!0&egpkrXS{rk~S@4NOmQ-S(SywiK$EICQzj)3|d^} z8=buKJ<|8eYNSh@<_o3GNS4ZNv2|sUSdnU78=~5ASv{|>q3;|*xrk$ST-Q5E>8Yki0>_C6aCYAQb(B2;2bpWL0GmTdmbH~5hW&DWAt#>baCx5cI! zNljBZ9;hRvCfTMF_(2#>`YYm1K;U7ST`U|z)z!_p3`0Qd7~_cXb_Lu*#4Mtuj|tkL@?CY+<22%F$kLyg#fvw+eHx4 z^Dce~jS)ZFE0>gN*q80L_7%U9E2h@_oYPc1BAO;Ahq7@9K?sH^K^t!5Xo~(KMqEE)I(|x{L zX*Y~&l7S}EI7ip|)0$c_Ob)K^2Er+^Xq4HawQOSv*l9B6x1A((h+#D51xYAq??0Nn zAJ!H&v9m(KeE+qaA(^-uqfNU|bLP)paWie{9+B}{foB<4#*mTGi?jXh#j zd`Z46=8^hPt`zkN|4|hzsb2_95DJrg#>Ivc$#`1S8|o-ruZa=7{6PA%0n?P|oVxpW z$y(=xH2A*8q<`5$F)l{;8LL|e$F9WeleV73!gv+Lf?~s z3G+`d6ZSlhF|haQ_agGlqJ@2q_^Z6c!db;p?f!H4w9z}QD$2LHGhSPt{3UEDmxFw} zd-pIP2;&WXM_~rroK3pjfIU1kUjub+8bPp85G-Nniz^X)`wG>+;@pg^1BUo``_CFZ zf6Mp@@gSX5ca|o}^g|3Sys=D`ytRKV=at2q3>eC7F#sd04%R&fPxP!Hx!cOIL;4|u z5yL|tA95Sfd*SN`K#UQ*^fCX5pSf9rP*b>1Z^82yDRhWlf7j=#|Y8O9re)cS_+K85%O z?wiLi7}Yy1}Dbr)2dc}tnmbXCHa#2slzHr0RkPCY=Xmi+kSV`a{A1bI_f z{qo9Nv~=d_XjVbP-(s|neTx$oL`H;Bm1U|HFTDG_Lw77iIFNKBr2_G^a4UJyh!fO*HxgfJI?nz)GAbY#S^zmWquUeEDcA_X_6w<6th~7AE{Y9udacxi~v>3uz%#?Pqe zU*I&}cH?OZ1ZYP4UC@P(F=;MHKZC)(Lu+j4&Z%kq$=UibU!!7J>dA8FXvOj+$U~)6 z-e<)v*;BF6O^&JuAW=A1MzS47STL$xw<`69Owe$Al;tP!Ak&H=*#GdS{D)rjSSBeV zvO4XQZD7KzbxD6y1MZ@1owX#Tg^ku+gc)b z-$I9%oo>|`5#RPTVLg~r_kDdm)FrsQa3c+^=z^EQ#(tBF@|=sikVnu)f>T`Lf*)T76(<}uLWxxA?awknM5UZyT9vC#u98d zCO_KM3OW*hDmNrNHB1wN>sdKH!DA_ZdY?Q3rMPhoxz~T5C*d^{v z_nqjF{1`%7pn}S$yC38P=3)LxW=kL+^2ao<{Dj7swK>QknHRcu1#; z#ssCKue<%$gejvx7lyAG9&Ufcf3pVrqf76qna25-d~Eh7p3U!n(Pir2I^LdGx2x`y zDkYu#VOL@gL_9EGI|)_LC?xu+D_j4eo|v}p&wH(8t-sj#Qq3VM$nQp+&185?(2B(r zhjcC-J?434NGn`}pX+;4>KM2W^4?s38WkEOr~7DJ$no5II3%}(zw_~X`fZ0}$%md; zb}9L~h8Xkc`nWafW{Tis@7tO7NYp)RTW>P-`cG?E>a{-3qBRXLGB;4CX1g7Y2RL=U z=e9O9t8|+B(qILNef(Z+4X3(oMPP2xA~)zV8c$@(!H)$$s_7zc9aa0~EY zi&FufuPdQPXT$70EF?&SM`eD+h=NDWP}=ytz?kV3i#faEH$(h5^GoQ+Q~t@vHjw)k zd3#B!lK?G!*tuD$G^=lQ8EaP4^Z3E99MA-VIcTz22|9NEu;bG`q zWJ+`yip<661+l&9zqsuy_$HHtHo1AzLoUZ0Oj-*1W-QOA6-7=_9d;Cq1VcyfPA!_s zQpeb=(P$ls8Rr7hz^Y3+!9pFI_qJ15_2ILgK~xpaW{FE3+7+13-55(>L1f&z`QLo? z_3ss{76Yv|ZTnSvN}Jy?pCe4aX;BZ1*P@te+L~DxgjmFsbB3exyJUFSL*Q)emfiVe zvi)9-2eXW&RP0;;-%{TJZK>S$uQMhWONlcBlfwedhKKr+iA4wzLdBI35A0BR&YMN! zUluVM;AzrLRm$GCDCG71P^V%tElzjI%Ce5G5ghRyEZ-sj(rL#gi4f#@QTHjajih`j7&%AJ@a|b$ey3+8HWh z5&x&30zKiCYU*$3su=yEdeY^(q23Nh85SEiyEkdWf8lCWoKs{ak$?Xi@T`n!W-~{N zRLblM`o{&m#0MXXj`!PKiM$4{sk(euEnkrGCT{i1lBwf}OD}&G6%X^s+fKZh>oDH} zB5cXlvnNfh-M<{qS^8T;R+yhhm0txxf1Sn6)hUWpXEW(S(>yfHV=w~PQ9ZOiczsJ@ zQeu)IUnZLS^7ZTasdZ6m-}NEM7dYb3uTlqdReomCMPg}4RT=CAUxT85V@otLm|tXY z$yX@hYGZK_ghk6|j#iqrl(5cb9#gYM_1Mzkmc-UaP~t1xOVcDwwyt+eB9kqU+{9)H zIAXp5lj`B^2xq7qSW8CX9%xLQUv`nkP?H>}i zxom6-MkDJY1^_z3R+T(GvY$tuqAe*_C$WdTBo|GKk!VZnpJXq}eB&IY#~SSm508eT z^5pc2jd={ihDG}mDnsYxtUmre){^-C;HL!=GybV<;KgPTnppO+sD)iY{XqrKjX2u-czlfB3N#m+rG2}Ph`o{fXCzo;(Zn%-LI}KK&ura2MNH}? zAH|0f1Af*8HMxA%DCMlx3du6(_CN^&WBF7t$Qh2~^D!r>Fl}@9N)_oczxjSe_2;;B zq>~}T3OXCx%G?39Q&`#q+mG5ee^?-o2CXJdmOCJgk!H&v8V(A}+Ln1I#mf_}~U%PS)60jPPw z>pC=f=`+8+NbYr>AnZZu*LxB>pG)dxdgq5-eNH0qdMv@B=doQ;xR#Ks3;1@@+p+lT zCbOV7#$&C&6HGbvz3B6FLka8&FB6K0IR$CDI&v$q0Nl=R8q|^5`JCH8AHrUtkOWZn z6|}$saIr+D;eWbP0DV3L2(=xKY-;}EYCogNZNH7-Wkx*Qcz~jCz@DbB`f@K;Z<{vH zH*Q@s}EdPo7-=S&a# z<+|2u;Byd#4TCIUXWi^9&(Mgry*8B;m5X}c=);~?F5R&|HXgrinLMx%bpb0b01w?x zS@>>?(KR4Dhd>`^2xqo||GWe1)3%4mueL{m+$C<l1 z0kP9y7dZTKQ-gwlZO>MoYepwP&5g$?){PtJ_y(uv-EtVE2grk^>pa2XQQvp+HC6`_ z3}N+oQqKh+g5H+sbi_iS>N19P6PRlN?t0lY>CYhFrYi(ajnz+MjzyS)m*Bl)>}CpN&E6F_^-$}I@?qM^Nc6Np#i z`9w64ZlKANqbzc}QgMHa4W4Ei$Ae_}-_n4?plv%Sik*A3C?Xzvf|si<2agWmeq2gn zCH{Lm`mC12QL-B0W6jlHUZXV65~8pFYBm6`Ox+Jvmz<9xndB=@qx1{ek43t_t`|l@ zGAjqwf0-&hD1#mkO~L)T8ot%tDx5z!R1m*9}V;dzf4*7_m`^7A@aa}e@6+GOc! z@OgwFDuOS^6*6ETvWwSSgA4vLaKoK)2L-s&@lMl#pX<|wM{h64e)aNSP3Kt}?6$u_ z!=U9M5gl8f-t-sOQ>bEq4d7K&bKl-m(Q3FuL;#$P;$8kK4^pJO-;D#lzHt6}y+2lb zJoA|71@P~RDju)<_In=hQ$nGXq8>Xmm%7iv@@alA5lx~SF7qyzPmoa$Oek=hu8-d3C1p{HL1tne3`|-sK{`<w#|3PgfB~>dqUe9~ujb>j&pZr#KLM7Pc?8^dG8@$RzN|U; ztH0j5zsWEBW{VZ|p8Intz)g>^Hz|LT0vKqw+WmMi?0*NmH0^er!xY`Tq=D%@59g~k zpR=w(&x$%k=qX$$;Y%oP4NnAFp*@2t?5tUwF0-KFn)b8h=?;gE=Slzz_#8wjwA)76 z<#(!a9=5tM?svMz)C>4{n_spe2k^R0-xPkvOZ)XQlMaR~zd}8iQZp4j&%jkO=ZmvG zTT9}Hm;86pFY5Q^bpc zU$L{oHoV0TGREUPfiEp42HtD5GG`tm+DsGz2N{aMy|i562N3WV@KD0w+2%4Q7)1nt z`}j1ZyXmvt)uInIp!Yw++7BK5_7a2*2Jd%?0xwF+E@3acN1`r8Eg-+gsT5H@<7dIg zT8m#kx9YszM|+6Xe0PhYT^1*6XLU9dqOior+^dV+UpLzp-H?vmTzR@F6FBo z@HsuV)4cdGefl!%dH#4dZq;ovgBo7EKZ9mKV;8ty#5PpgLAV}^CvJd7*GlDpktdgQph#8N^)7MkDF zehRzDJl+!t`)|3qJQ_I7?et6)jdMO zIw3$&U*+p+QNJUzT8B{-Q36-$jc-mA?rn_ffC@YVAz4y7h6J$@!8w z2O7GKr|5Nq*|PCi4C*`-gh-%d-RNDkZg###3RVk1`em}+PrV$V_h}bNH=^2pCQjR` zDB!)aSH)Do!y`KIb+=>csD|PWgbo0ArwQ|VJPua_Eg$~gM%8p|O)JLa+{D^l3S0$O zXo@t!6g7Rb+u~q7M65oig1LOKM3_?dbri_O;OTi#~)^rz-4pLW&=DOC*QfZ z0ErcT)!nl313n+AdUQe@=;eL4Zxw69VmtR-q_W!t0cJeQ{F{a{oQsL%$vxFx?Ll-I}AJd>sLw1KVEOxgUK`&=of!3ujPWY*me4 zO-!8e75-29Ox^eQe_Ib(HSfW9#kbu~(9260Breu-H4V1Qxw8J2T59kAa$f?Ac(&h8 ztr)_-=-#?qb$C4t%sgZ{6W#fB{D96PsI29FK?C~evQ2jJ0&a-~90mjVE>J-D9^C}l z9&@KJ?grq%_3U*;eMkS{IRDqoC;>Wyp=_5IR_wNi90&~CAF{*bpbxaKa(r5e0KZnl zcCLrna}|VL@w|;spmQ4Cx0&>tj)Qo>_Ol2Jpx-$BzKar+T;|gI)(gnJ0`qn~Y%z6EKn5CW)}b}PWKpl4GS#@rT*o_VP8cNE;bIi*`B+7?0XTFCtG_yY zyL9GDKTyQwk((&>0(_mnnciB&&`Iw55Krk!`EoWpEYfhbnwj&5|L_u9-y4F`jo{FE z7JkZ`)p=2?X>gT)dnt74e1DDp+TwQ>fSr4D4FcbhQBHNA+&y+)hl+0aUbn{ zIqY?$A>duPV0Xu@fr8K7Tv+wd)7EcRb%&R;d0-|y3dQ4``g%$C#b0iaZ*CR%v0$+Z z8V_xUfpYZyx#3$eDd}at%cZ%-n9ndAA5p9tvWZC&Q?IiN6becz{b92%30R5}>0D^Pc8S=p}6KfJ(Pn zsG^8SvlL{R?Oh>RN9?g4`b53-zL5UVLJ_)JW=|^Iz~u$&^P~h-^2_4Yp~Efcl`Tu} zS0&8xk#poEuG1J-I5RY(TxCExv(TM|BClE-lDNj3lRRA~GQw~=->2lHZr?ywh&X&j zS0g@ihF`y~gz*}Pi&(3o$jtnY=B$4& z`gpA<&j3n69QUHYnB)UjIA@f(<$F=#E;!o_7^D~eq0>EJmlNKB`8Cx=aztYycs^g zNF2)o|K{4+iJAhqKLj&7>i)g@96MVDanGNpJ8z!#C1)~v%H~_UTc{$vamPk*2X!U2 zZe67yv@je_IQ9inOLsMuyCPGCtRiL2WXIW>j8;jN&gPXvWAn$h67`|G3QGU8B(&^g zKM9FMDjF)z{;)u)5RG!T@wdI0i4b4@e*qxQPIbY^#??QfPANSDeM7rS)S=;|OQU)PUx# zNMMZI2zMXKz4FYg2p*BGN2z)7gr3T_o+3=l8hOq1@zizY-l>V_GmB8)w9!Qi| zf#xhzVTCoEt5n+7{4>gKMKh;~wAWlcgw?tgEUZCRgXYe4zQ-9WtR1XNExvXGB>qfv zD~|nmP?CbrNKL*75i(^#Wf<$(dxw*WpB$<-Rd~isJo0xWl1AMd*IIu^{Ax zL|moz9T-4-=JFh#D4NT=qvs%;vMPYL;WMm1YfM~W;+4*eNlUd zy)i_Kj-wY}GHI#pnzKgHyr;V`1m8G+)uy&c|8p+0F|lqkOMLu8Dd-bA9WB4#jO$|Y zsPd39CJRe}N$^6js{MKNbNZp_!8#<1YQ6Wzrik(tmjuwrs7rryMk}%KV)lHKC(+rl zY85Qs`}&E8cDLo;mob{;CsT~dN883f=YM*(k;vU5%PeZd4S7fZZ7$h5dQguzs@$C| zy))0f*eRj_+2IC=aVIt5EaacqA1Icd=`?fNS8OX}@DAI$3|}J%e_N}FBs3CFGgkSG zam`EN`tJl+!$;O?srhwp*)F`HO~Z}Ny<}iN4;3j@LPEfq-5oF zEF*nkNB{M_z7pNjJ4CMcC-KZJ2S>HBgWq&$h8?xVf zB~%7r;@m|}t#5l-Hbfm55nA~(OnwsqBu;`Qb6gj33aP5HX+F+RV<1sd&jY%jw6!`% z70Y2*A|av?r=CP<`6T`Qr+|(59&zuL-v04lliKj~$iG%e=af?yEN9-Gxbkp}b({Mr z&~(HWFq<-SA zb+(5N|MDEZ8i#zS*~aH11DqRlAPn4nYl9Sz<~1e;&KJt33~+{O1B7@g3@XJPsBaW= zj!;Ojn$>u|kIBVaw)K;J<4$KA7s_J`5l)ZBmSk3PKkJ#*>#qlUL($vE4`bQbRDRl+ z>V0}$*>=GK`SFR;lIeOUG^lDH5}Ss+D^B zIVp32#q>Uq`jX25P6?l^G~X>x{U~>tD*5SD84ob8I=vYf6B({Ajp3n>aQ2U)CRY=We$f3F)YRNHs2&D- ziwaG`=Pc_=M%>lN@k;>?Gf5LKhSqrU z1#cg(H3fchmpaN5uX*AN*+b9iRrmEX@2+(|$z4ogDa?C8Kh_pZ=!cNuc2Y}^iG<)# zztl+em3K}hnujzdcx#NZi^D^kJRek0EDVcHuyT81<~@T%H-c^IiJH5clz!-3<@y!{ zffZ-Rpdh8OpHi@gl6&|tf4E;k^9nx#|Gxm`3L5o^q8=lPY0I^Bhs^79kGpm#BTW5PzMsw&G!N+JKpG<-{s}ypFVxE^XWaS zOyXVY4wO7l4cz^L$K#iSSC^R?&d<-!qmDm{cH#H%Xi}pB;MH0j{m4JhdT8@^K0!bH zSkmem?Gw%u4X>p(R8wz<;Jui&^(4NLGLZ2#nYXHS_b#^1A^J9OUnAt`UIoGFbz@`W z@7Jl1)JzrEBw|8%dq^P~g-PYVYV%|6s81R=uD*|c4-gl4NZndpnHn@5ek3b7)S4O5 zA4|^Rv~<))2UTHa7^II>bqAtvm)HFLg8F+4$l`nJAPwIU^N8T({l(Vb{tJQgh+sJ* zu1x2?paXc~j@R4e`@H1uA$2OqEqw<60KTh4=RbTIl+G6N>~)>l^s1EhhKJ4*h{&@! z&gXOh#lJ=&=ZkJ~rWM%5*5Zx?QiwNG*4ABb;iAdzz_8L5og_LZHNLoiNT#KTBLhXJ zc!c@-)w|2CoKBT8F<=32#F3WxfMt2e2nA*EOD_#1IduUUfjIxLbAzs2f}Ns==e_W% z-5ZV{j(rg-rS2FO13vdVmk;FSoi(WXz-}>=D?OnK(P@+v%E&E)B0%i};Yn#e;F+v5 zya=1&DU?tf*t8iNpGd(QaxaaR_;FQD%+$H@8RITb#Rwn&Zywxn)m)wJc=+;B2$kT^ zH4|b<9yd;0RZK^e1<40$pkI&Hg&}8*E*Ghh#IGqz9^43+h+@^gWo^cW8KJx*(+)p`3eT@2D78N zYr=X=A0JufS7qqgefS>to!&ugaYjokjZKE2%o=6tr&W8NZSMj#E>TQT#0q5yr!%Q* z*GH|#AEyjBP}HXoLAq&&Pb3=N??WmvBj{RiZ~6U|XM?n!uSz`lD&h_v0_>U~$jF=D zqnN7P*Up`488$$iL-;{ECNGjH0Tz?so{P`HgU|_21^*2RW~%2Tq?F)umhv&Zaw=QB z4|Aq9EJs=;uPKK=P~IUSbGxI0-ka ziKc9t6l$K@>+=6*p#sj9;|x6{ahsV;IAe+;QV3c|M{dX1s71--x<4YzIgbuFYcrC_ zMM|?~dJ(fmB$YIZbs^5U--_h>krjLc zo6-^`L+^&<7wBXk-pii|+5J-6$*M|!XT;9COHb334ywn< zpkS<8ttf0p$~wp+8h>Gb(qY#c$Bm;FI<9;};e@0Tfk9o?pbM^B&64oU z6y5guSD*O|GF*sEi@{{tz}gkj4TChr7*J5lpG6B|blYbZ z;`QEqqx2s)CXvBkJG_owItg7q*v=+$2+%VS^$kpzi@|VJkwUIbgT^Z+iN`Cu6!9Kk zJIoqQmwf;KqO?#!s&I1sU1BKV30>|3B2Qe>SJswFDJ$hWe;RrXj{S*&5GnYad3=9q$&~l>*-)H5|?M;!DhUbK2`6nZ$ilc_R zITehnkyUFpY*2CXL{9#vQVPg%0I=AWl6aXKFOlcs`gq@E31v?Rn$#{#@BZwc=?oa) z?&3}XF*=k(92n{C&gJEP0ZJK_0UM7r$$wQlSm>H_v_}bT#QVWw^1t-ZKbq;qkD z{^^2pSY_B@wxr{b>6V#nRywbO6nCUaJqs5HcUt0dYwl6^&#~{pNx7wXio>>xScO+M z`eo@y4B9ZNGp2=e*`6M2>1z}i?*z7(JI*>d6J4~L4Efy|wkW49NpGLOVm zs`no`uh32^S8uv^Kie%8u+h(%e_E*hJm{ulAfJNuK?XsS!_pRPfo{&`VnKc84$>Mo z&2e5BCk4ycOkteL@bYO`S7z!yY4PZW0l4I1yXF%E%RXlaznq7F=X;YZDq!Qf5O3@K z3Nx~g`kYn6N?)2U!Qv*DZ!9h=XvQ`WDZb}AML?SGYUo`@(sT!T^kY`Ed|hi{gfq1Q*>1jKx2!YTwR)u$zenMUlCE>65C$UdW>7#k zEY|%2knXrqvI1+yXH2LE_ta~PL{U}%Sjt$CxjynYm4aV=_jF2LS(ymUbOg>^daC}-j@FiEzP4@W$N?aAGODGNr?On!NyHL1;Ue`P2B*z1 z08hn9inPWm4n6+l1FmO4g;!ZCnL<2J$ja;DGCW5|6`h5fR%OVU#RjWL%ulK|}O@;M^`qtkMQ9>N(e5PQ-U*3)fQ2uM#-1-5G zw(9T>bmk0ycw8m7LFB+L_wLx6CuL`2YjyZsZVw6pcy`w|-NF6DY-E^ArUme%nW(2i z-4C^J+^wsC;J;a_tk!jPr1F8lhGL3H8VOFNuVAKx$&PRMm2 z0-7q0N|-4n0bQP^|KJx7?H01#l&Gv5`&^$U)R8RasiOjto3~+Ec`1q;IS+?nfAM@0 zIiA>15_%yPuo>__9JzCE{!tvdVgIOm!Qzk+J{R&-(xRumAe5|3&{V P009602$3lK05li?Ctz8Q literal 0 HcmV?d00001 diff --git a/assets/jenkins/jenkins-5.0.13.tgz b/assets/jenkins/jenkins-5.0.13.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ce33b26d401e3f67ce5e42b287436be290e7641f GIT binary patch literal 71671 zcmV)2K+L}%iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ_dfPgZINE>fDKK)Tog7=M7JhXj{EBqn*a)1p-@$*<$?H*j?XIXF%F~h z414aMe)>5zQ?0SRQ)_H(H5$8rs@Cc|jh#QC>dzm_{7=jx z9R8{LyZg#c?tjP+_I(=R$e})K77)T=A`-i?WO=3oi75GH_&FS zT;DD?QlK1vKx5x7;SuqpG%z)uRF&pdy}DDL3_jPkZELu@HQd3U_e)#zOW-;d@fm5N zR)DQBDb>r>yh{G#+%mzzM?D&c7Lg;0L$`^>Q53Ldr807$xkWv-RF+d26W1$Qyd|qd zAt4nHJAOreFc)6+a+=zVR0q@Pv@DzOL8h9qI0$GM{m{4^#$v*Iv~Yx7Ix1T@id+I{ zO8CM!#BQPhhmlXh+-kPN0vFFp*(uD|e2fRABoVlY*8loztz2uAs_VIxL*f$5NGXk` zIB@P1fJwc8gFyc&QL|tZW`#}=!ACh9R6+-_ z!25Rm(I&D<;L;iI0{gZG?TFchahu4)G%OE8hu9wW z|1%`^7)KnP3P>U!uP_YF29Eom5e->H{3&)L5|(YEYo`j5Mk5@Cj!iup;r|@*Pw6h` z2xB*?J@qV``gm_Yr>-tbsz;9ZfGz3`YB}|xu#iSFvGK49OV3fVj!UZv0$55@wcIvh zEyX#BFnfFzv_<`)Gm7PngIURL2{yKjmi)9g-oA-3SQ`KtmcTa#1d;gDD^4haw)fki05P6)Tefd9@Iu{rxl(Tv6+iij7uI3fUDP$y_rD6Fla z%L(D+QVwH8d=g^bSxDrS#T&4~8tM^}K&pHm6E`3sD@TDVp(;qt!WtUJuABV^fC6k8 z9}8>fh=%Cs`tSlebSH3O4pB5F$fAA}Qr9IR+?0+*%A9rbM}*(GOw57L*~5`F7E>k9 z4&zrKN)acbTso+Dm_;Pyw3by^KrCnISOSn|7c4jCrJtxz zny4uMD!bIeZm|H{N6_ufnVQ9W4Ij0xy7JC1B)#6=oHbEV4J`Rywgr-Cn2JlVLShp? za~g^X-?f{CLP&g@geS!H&hUV^ ztcjwKqfW9rT!>jiw;bm<3c0)*!a-0rCc`;E>IKvnOt}920^B0PdwHBlmi1hMO0QP;6Jz?M73 zGo}Y~6}xVaSRoMuhlyVTcZgkgrjd>y*BO$?@d&I)GAo!Mutfy~b*!1?N;oK>Eb2u# zjO5=4k!ND*KVa27?Aykd5-P_0SQS&BN|^s`I}8t8azi}g4M=!SnrMh!2JBPpb)Jb8 za|Wu3s?b=EUEmUt<;bHpQMjy7(5E&jqbtgoGjNF_V>l#Dba8oe-a11xM4b=qv)f+x zu2Vo7+BvoPc8f}4(2CkQBcFzxYz-0dVc>Xr5_#@94j<#-ND{%2R|Nz_$V-ElLJmr{bm--_jNmLp7>kc{9Qac4O z@;ixWNPx+Ad=?RGqnMG@jyQfqLLa+``eYMebHHp&W0#Zi2?-+u4a+dVa?E%e4`?V* z&mbg267pRTGvF0KMZy0P2T`?Yq9S}%M~q)OTqbCu|By5Ws8fi2n|gmO=(g|4O!LMi zfKcL}#mSQ}a_Xp}g6ytu(lV3O^G=w!9~c}|K8oaAV&9mWgr#1oY?d3_^@Ep1f~o6#1E=mIDxq{E|58VM~5Nx%4)7t?8Cyu67kzE zjqL#;Oe54GC%4WZhBXx=chkfvMk3YI35b`)$^?fMO93jW{j&`~99eQ2$xolToLc;! zyb?E@$0$}}7FO68hvb#zsDxx_EXiDJb(_g*Yv>9`V?J1Z^3~*~I0VKJO~;Nk=HxNv zH}PPmPmqw{N|x)Clg{pOnBSRVM5j0uohA&T$w1(66nn&vm|{2Ou%@7~TLTpaZ`BG% zOkG$dR4Q>s=Zc2WuY1)!e(@+alc{_DDJCqEe<5TAaT67{t6oul@Q5d_`ug_Hxg);1 zj^|{X)T`B;MvdyeY_*1ZeA*}oDezC4IR&1|b?FpIr6SUIHc&L6wAkWgJsPX#gi~N7 zt_h>M-jIdae#cozAwf%azwzF5>X_RZtty+DrsMw#M541-j zBq=P+hoXB%b|&85y%4Eji9ha69+?+F9vHMn}0zAms*cX5EIv@4ZIVu z48YV3NUBF&$mM&G!r+X2QNqm^PKm$BCHsPG5)fZ#NX0q%61nV4R&rCf{Z&XKYEc*N z*#Q9pGYy?6B0is$5Ys>zYR*Qk+HL5n_Fu~8avB9n3Y%M6e)A;DtCv#ETHXC}1Pi){ z_ZCY@uLQ-RYwS>VOxYdgcMR+s=g^#IUI&|5ENa5;bBEY25>-~qLJvRYfzQiN?2g|Xja zx01UWvg44(0W35l5kKWIBUf|HHT$%NE@(sqIr*YNec41`B&aW&usmN_8bBKdc;L8B zzNn#_N*t5WGz}5mp$9;Gm@jU~;QcNixPhsv_(%feC8W zB^8DXN{}>uB`a7>m`VYu>iTbumt#C3$k;59n;k{%`R(I`1lb`C0;$-sjBVg6!s5}0 zut+R+yW2zW_ZS)w-x_oAZW9GD;H?Lw6W&Y~?rIZ#{U!)B?@-@dC3Mm0f4*tm3;vFJ zflDId&NKy)cP(HuXK19bn?;~6n?gpFgaDvP7FE-Pp;WaP2sLzwYqRDuTm?`|@wJRl zSI|fcGvIAKE?SDGA4Hy`2JnDv#vS2RbZSmZemJk)0c${FXjRoJGU- zrSH!8n2+=x8qy*#qgSCbaa=MY9cEz{i}y&yHA?L$XRDh?^3@RzMb#lA&CrRGCzp*-wfaY_%87b8&|Ajh}d*aluW zdo3lS?9T$yOh9O$XVk(jA4(7s&|C_1cO8(qg(|vxC0;rw)Ug@Dd{d~;nUVlbo;g^k z$Y%v_rqL`QY5+`}k3k%v&|!}Z1vC;0Pj`kKZy*5JC<^g#=vasap?JtGCzI$r3w29h z)RF2!fUDKCbJ}ZU7=9$6T81@#7A4zYPDM0s_*XXnrxAwc?S({9BiU9XF_~FI*y4qfI|GQtB?+q z>^4-j#aAx8%U6D4Z%Q>NC*+aby#EK)`T33E%2HygTE2*KVVc83Q_dR1!6+042-1k4 z46KSCN#F4ZjU)MJ#KyeWP;d%r=&}k&{4v39G!}!`#3>Me0-0iBCQw6(;(W)CNu>Tn zz;!m!`q!^olr0uf`A$59=JCyv9Yx>1Ra`o9{PhGB>>KYvehNtFz`a3ze&5!r@_QsE zp$oR<_aS!NI3)dXNZ6RVb`#a=Qk@`XpPI^i?d|^wlLSs}4#~JgqY;fCK_KD=63geI z%^X33-wH(#Td;dbTs)I~78UU%-%vxQ=x1R=B&hDY%-#v)8= z-SS3t5&_Et7>328uVr zytKdtscISiSE(k?i*}1QS2`4V7nIQH#o1NKqP|b8$oNz@zF90Bit6&@wZqsObh%Uz zs`E)Q%LAt>q|Y-h#^FdX>@$PaH#S(YHNg8R!Hf?=%vhB}v(y?G90R;IreD^3tAQ0v zCUHO|ylyV*`X*XeyR^QEXo%J|Te6-gIGl{;C!%v;c=<10%%Wd}Dk;Tb3Z;(~hn#~b zql1}RW+~4(OzZH32r1qVITMElCKC-@24^Fr%~^s4n+T(m+v5&EOrFIY_Si(P2!$zw z(MoNrQOjatif=3G6)I-m+%aR$$metDUMYP>S`f&AIxp88zwdxjhBXoO-5D4h@E(BC zb}ZDrlIu04;Unz32}-Y6dD(&LUd^4iUcL|@c*|$(1ujVY>75t2M~4#QTnS6?yCw>V zJ>gpyEk*O@{Cd1L${!I4)FX8h75ibVjTV-`NVgYKU@4Ra@5S0~U83UNCaNj4+>@`V z^Q4RcEfc0ye9>SDId&5pwY!HmQk}CY)p0l^$fDlB@iVf-6^N8nqJ5-cr~?wlE@4Wk ztZ2eYxQ>O+4v-YK-84p`TDe}{0;Bl_ zwk#N(o_|2nD11$6^%%mo?TG67`C=0}B=er}SM`{3Xi=}sV!!NRACEv8Q-1KCL*mhh zlsWic8;L6CmFhT-#$0H(a72DhUe8`_$CztWfAF5g9jiOeT>$Z}$43ZMl{^O&bnn>> zG>v=6a};6@T$r73*y=e6jK{nFkX{*2N`iUZPZq#b;OtjxRrFSktqJ-PF%T)Nifcl* z;Fm|D0v?9c1NiUc!H}qL*p_on(`ONOU1ST2k*6o%tX=`BnpdK^y77~P+icYKcFL2Q zy;p5)@7C;XTX|$~+BtOTw1h{akc@Cd!{+w>PIR)A zook)ktnKb@mnVC*s%`CWR|lWBYmI`|%12aijQkgyPJK9Fe9t_`cf8nBsBCLT7(o!^ z%M|e~hp=)o<1-u)7O8nlJ2;~={vp*Dm`X+|aL|Q6lZ!9(S_bH63v?>Jp0TIA? zN!utHs03Fm^)14wq>?pcXU4nVy%UW=MKN}ODifbf#1oeZY(yfaR3F4fZ#xsm5(<>a zD!)UHw7?pY$QrA4kHJZbNlHJ)g3Z&KK+rK^E*cC%f*EVT z!hKxlt1i?-g!7*v5uPMKE4B3oJdNZadpj`{bQ1I$#J=sSdouN&?BNmlf)dr7`EdJF zhn*etQAoY6@bt^UKHYpjAl(vPJJ5-lQzBKC;js?6yOk^o5iE^<$bGng@hR- zO6(xTB+*;!M-Ic@tR&1KwYhls4rJS5?21($je~F?w<~#7m&ZY>84|o2XmMc^1>id+ zkIZ7~z=1Ba+%&CRlpYrcK}aXW;KxQGrIQ&N#=hJX$47w^5ZCdEG;IQ|3cRvPnz@qm zLTzCjFmcEfjKpjbqKc^8g1)d@Kq&n|U(l$8iXMr^)Rx02KQQW-PZ{-lZX5Uz|k^$tTlSz!X!2TFx9SV#ELy-4NEZ#9rxccA}nWoG9-3 zUC~6pmDG!95ITN@);TTrM`+~I0e1BwBi9*(ICMB4EUd0M?-SC1gb{okP#Uo)!~uGs z16D4V*98WzbM9tcaMxf30ykY^kuS|L9bY^*Ck9uTDf0s%G_OCB*@c1yHn9>K^|dAP zBbjm3V4Naaai|P4Lm~+nuOkPjXU<{u14l5&PPDPkgJbFdKS44qPjiJk!~lHSWH4;2~3nW4H5tYK<{E~n+ zsH}X-gre{=z)vv|+Qjvc_+&Zd8+&hR=Oh_vEKUAzM8O`4ZsnRbFvuOC`5U@M6h zURFS2;uA#+D@LG!N-KUMmvJ^!4pv*U`efQfJ5`kaF)9i!U2bvW>_lUG-mVZnO9!N+ zcd0!(ATFJ%opU^8JrYSNQK3RR<$Hkn2b+`;YT1e$2?`)Omp8MxS+F(ExGvz3U_o1j z0fwv+hJ*!tQ-p1oWZ5X#q^R-mQQmgT2z7WH-tXHWbSRvq-xBisj?d_U6KyOm0bwgA zO)9xuYGChse#i3r5~Q_QvTP$q3a6@fj68yU#~*Q4lVe92!D*3dRLx(@#hf7z&qSfr zmn8Snf1$&Ro*0-g%GEbd)40Z5!r4i-iTv0bz%P6b<5@5!K9ijTe=r~x^+<|^z?mhV zVb2xj^K?#~BTb*?Tofw&viL0EF!VNImEXZY6d_Tj;nL`q30VX{CCo^>mY%jTYa_5lBm%cL5gBPl%=9vpPZ^O_M(BVr zPBTEWWB~zGdj9`VOB9FhU-Ny*E4rZ^pX9ED9jc_fd~j3Z!h}7-m~;Vz@ur`PpbO(^ zNc4Fdx{6#0f~5wCEsvCGIMN;te6?h)8_*7-+nci{Q!abPx`J(8+2|zAVgq%OV=k#N z%a|WA8`pMTIB@#(k@)H5 z5+O$vZ1t3<>LyR`u-^{#FNbH)7Zi8q-+JN6oR>-dfj9BnvhjlYF<;dlr`IfUES7y{ zg$M7%;ZTkB20XePX*)ls4TDuGr!XKjRcI~+EqD>87Iu^Q!ZQKuIU_#~vf~wka~lVd zHOBLkfiN2C&k}O%CMv%93cF!A(E-0&EF>4BbktLb(@Grn>tvWKZ95+nH6pM)Sr1YW;X=eDOZ|Am#?c%85HJ(=MZ3)5Bz*@e!3uytU*?WH6y3b_2&J&8?#O{mO7A7QV!?RQd9vzbO~q zO>o>rpiPyoM{?7};{m-(*zyK2?yxsxi(I_jk$Z7&40oxoW`Cv?iMF4zfQ+&z5D zLHr_NNJDAV7=@f+)Kh!9;a}RKjbT=`hKTUpQr)UEd(*l8-0z-uE^qqSy|0>1UUs0`EZzzOeY}~g3@!rZeQMVaV*9K`oF9B?! zR3eS3YfF;hx?9cjuHWQ8ej#LTghy3@gb94y`dTs)BP907@PX zv{n?Rs+FwCPG3f25>6eK$VEa6>-h39%tte2@APh}d>+DRJ zA;EARA0AhAmn=D}qDJBnt6X`Px>%r9yeH5K9u#S2nWGpyVm=TnGC2lyDGT-`(Ts`D zb36k=Yil`DP8j>lbZy|9s6-Uz5mI(2_(jc~XrDX-5jstD<$!G=yqrr34Ms&!6OxPePYm3pyER{Hgukrex zynffzU20t7DG;>NQei*TLqrajUkD!OTt(@&vU9}+o+egMrB>Dl9F7DOS7dQF-kD~zPU|l z_{h06_#`OaU?gh~&fX6b5hd;5#fV{eh*1z{(^PEdIYO8oTtGM7gd5wT5yX@O31q z^5Y)h!mEA zcwj*Sp=e4G1#O1v6$ehq@k)9S6x|%5bzY$eD~$hfw6|JHBMR z-RUS>$PLb)G-A)^S*lpp|?0bI^`*9gZTVGeCCPIDny~Ayn22obyy5% zIg!Y3XT%R#4~f<O z2R-)UPu~NI#9mekQI&=N27#sy$p!Y#?CN8 zA&r5K!oLg0v(nj}yN(JH@szB~cfRF1m=UHF5S#;*uZ_fyLPx07uc(bGB(f?RSJqbI zqgBL)QbMXK*tSa&G(U1&a3GOY0?0xO!GA4bF|LY?_bG>IJm)w;6REIW+tu>6^1Dzc z$q0Q`LX3I@-k$UYsXL&rZ_>yZS8ZjxpM^ubT^e>&H&Z+N2G(>dppacY# zDoNm+Wj$v>a#JBM5*4MeiixO9e30!)Nu&};x;G=(o+rL2r)6e^I3Qg=A|V(9?^G29 zR-tK4kxD-##fD|a++G-fJF-C&Wmot0rA*M{CU%Lrl-MQUcFn)DB`ewT5e`E<1B6IM zshSH{HS^vhp^+*gX`#<%@~I-cQ?fb{3HdWXuIQB{=*vjP83Mh%mW{0qxKO z9sK|Q@Bb&B02D{TkakDctkCDrkq6NYm2TP7Vtb#yMxZH!%2 zTaApVx*kZxM>}N{^608hK?&`j!c6q zX%}OHF0N2hbOA$#4z&HhfhZ=P$b}P)&uPpTJ1JE$bU{Z|(?VnReesdZAaJMrP&|75TOx531nXrzO@%#{tBmS$5 z>Zg}aZRi2C>G&44`KJG--|{N)*2eC2tJP|C`F{@he_GeA3+&y+xbDVQ{USK?E+zwB z=e{0R2DMMER_mzMZ?_Mws?)>K$M^529}f;%ohJ>nHSQd=u5Vih-EL>+deDBtY(h_Z z)u1>1_|%)&GyA-Kupe#QT@0t=qpst`E#jUIFSl8b)O%!bI*6txqciK~rS?e!9i2z_ zqs!ir?QRY3doQisNqApB>l|*^#~TkH&OY|;C!b#8!+5+m{&=~!?bWKz&K6s?Mc)dUR>_DN1v>2Z}y&U2mK@0YVF2R_2{|o zf7&}9pY;8$dOINZ(+lgHUZ9>~i zA!%=4%r@M;pw^oOeXsQpbaC%~YeY8QkF2wu`zWg2Y>#j6YWU%9de^&6ta(n3Do5BF zzkj-Vnw^~TDm3n8+xY~{Ywq>qJ0=2JdDm*J+i0u+4+^%_}B@z zcdz{O58I>TetTC)c<&(m-!#2QTN|`@^gEeb+rWnRT{~XEicDxH!HVbq?C&VQsgv zf4=ds7g%2H(sR!nTMa9^zivF;@7~;Q?^G(Yry8S2AFKW3><{BQajIK*$J^N(evI#T z*zSi;=l%BHwZl&DZ(5ViAehD#GJ6`b-79vz@zNWep3ENW;pP5z_t`#=I-TC2etZ+t zWcmkeqjhp&e?029oQ>my`{}+t>5QJPtLMR_TB+;|4my>iLBrl1><+hg;@b<~@9cU< z{=>0%e0{NTK56gNgW+^IIqml~(9UDO=6u?Jd^q1f3c~);{fB)OL(eZ-x2^Vlz3txaUtepWvubn`;Gy5xHHvegL5C^`F4?WuRYWw&ql4|iH8XQK~0k58`q-1tx(`bST@ zXVLItci5^s(S3bqvhmpJ*RPL0Z9RP&cQ1~Ibl85tm7v>i*W!zoah9haP-|%ZAk399q*xIR_J6j*!J8~1@=Wf00pY7E@#fKZyiaq?ee;HgccKtBh zdUmd{2KsOn*4t;ZOL}~Fvisp+`aZl5uC2ft)0g|xs8PMX+dgFO>7(UZ z;T~?+TgUE8e0tuuJENBxdAh4^oM@nf)`#Q$lbe%^N|l`U{aOXC>rU(7ZWLeiTidNx z>+s>F-EKA5bTm4BX^n4=pYEPd8Ylg;k5|W+jqv5fYG0A#!}q=h`rL0_9E={H#*fbN z{>BB|!{N{0bH2rvZcYS?$cyRFa z>3%!J_uDV_@!gBv-VT!Kd!HufH`VF!^yBG!`l&mfSQoA9$AhEMHUPRlxpA$n>loi} zdxMu2Iht0VFZ-S8`QhmKqTk)V=-*-aExDr44=r7I-aS4zzh=|+HH_xCGd+Fy*za7Q zw;Hev?bh^UP~Wb8{BRl!UXt$z)9HzQyq{drywc#Mb9;W!6%9wzGtEbB!6=`P`>hXR zNzTtZ$LS?G^W6B8xA%O~Zw-<)H8!bz-MK&XIiQ=CS|?bZZug-3kloPEQLA;?Ze8!S zczJvDzMU{=*PT|i{F}bUK@Ek z&$hRF;$OVq*|`sHZ$F$J_TS?!t2{(_boa3~IJ>0#v~x$!E*gHn-u`(15(VcIyFKe1 z-oA`F_Tj(_uQbr3ZU6o4)%)#nc=SYTht_s@+iiSe42VrBoP46$SLt3q$wn#v4tLNA6 zKW=Y4UpEe(_OExNgZ+cnw0qdPZXKMrs>ki#({Zmm*gCxK9JHsmtyZIZ(7J9VcU0rq z+VFal_mAQGgOkyIC< zV0OImfu1*lgN-A5>-6Q^Y8>4jKM(J&o=Gw`viJT z9u%aBxQt>e;%p|RHw4?dsJ0CW#h!1ZiOiJQ}(G-O>%$9p#251sqbRfg(*1YW1yoP*0 zIds4f8H|q=G!4b4Ho0YZMCKB;Ey}0H=a=VFO|>3~PgbO43S!q4TK5IX^cJNB)Z?3y z0i)I3Cmtc#baNR7H+i+MKVtdGLzzL*Xk-o5xn;YW8#qz zyS<2pdVBMd7yT%-bmU_6^;^I{oi-K&}TM>HTBaOi$SQ&a)MutxnQ%gjhjfe;Xfss$9`s9fCNF0}Bte?aI ztS#sSLt{FX=M794amddim{r@_F*YGD!gAV@i6Ugg@^r34<;=B-E(oOXzVwg85(?AA z8$~Pl8R9hrH9b`6;Z(*s@QDyJ9~1NudoKK<$C}u^MHDeUjW`gY!-Y4(10C>LGU^g^ z2^zJs(D6#Yl`(Mxoli-`A~n<3F<} z0fhO$Zt#>3-w4I}QRT!Fp-Cai6Ln)xWd|`0g&>v|zq$ln2i4AcAWR^+s1aOXn zP1Ny%Xm;p?o2a8s#2s|Ai6BTWj>enlV#qep)m?iN8G$O=hQkU$I1+i;L|PJXRL4O; zaF_)8Q;zr$g9lGA0^wF|8BSF$YyqhyHXgb~cm=&;+W%1gEl9056CXTX0k#B8jD-ihH^V_t$<|Zg z)h@i!7=mWmNi|8^k|V3(rT6kRu&VaNtSuaj_)W%|5cd8)bRr0~rsGKnQr>f32&Z4i zj*3VsNUC9aQfvYbz9TvE!-b2`1JnqfBb#jZ%S61(K2MsbofW zs(QeS`e0^j(~>DwbVcpb)B&$hov9AItQe>7p|~I>j&^5~E{f6*N0I|gqYI0u9p@x~ z3luo~`>EdH%*UQ%0Ui4;viHA~+*R}nOZL`SZRHWLW~`d>#1iIXfNn`)A+f4kL>1Tc zs^>sTQNTIEwwB$dJP0{7?-d%hfP$?;zt%LKhq7K_j|pP0V7RLOW>@oXzH9x6B6-* z5ID#o4Czl<^USS%3)hrVYqao#*&B(^E)_dgnD zOa;V0%!MaeL+AKeMlRwqGYjw(#E_B7j4!)w<3Reh19qyR1yqHslKm8u+d|lN@XElP zbGnMK6*&{(85EM35fuB8<7U%(>hTEbB~uKIvCi(x9N$tgi6P`43DA_|rP?p*BL`wH zI<`yB1pt*={svD)Xd*4mC`Y9$YKv$y%10J1LTO71FT`;<^hX_=(=-&GsMvguj&C>lTB(y5 z5G%1RH9hbqY{n#m_R5qr?oQ|gi_?DBe_*TYU9vh*tKyx(`2}XSxZbu=TA_Ovc* z3k5WYMU<4mOhwN2guaR2B;a(W!Zna*h}C5)9z~eqk>nhflUzPBgk(!x$woBtSAro* zYsS>+p7TXDZktClcNLB8a&oYYkcp{v(Ge5PPRjqpXoo3f+`n4L!%lW(V2-LUFLon` zU#q}>l4pA7(y{LZIhEm}^4w~4JQXJLb*;@u|H_ZpxAwE539hv{78$Nq<)zUD zgIP4Dej1YmXVp*cCKWqdRBp;Zj7Cr)QDBf4zJ-a)RJK@U`?M@!%_-|86_U+Kk*G!8 zCG=ViaVuS@>2Z;Z6%{r{C99aOg7up~rXY%D*@$^Y=^~n~sI;Km@+GYe4;qbX)hjNo zcRu&bkyH1KlW+mCwycTN2N()IxKv|i3nDOw0_)YniqS$))D8A)Bxf$i)-9eHhQIbtk ziR!t)V(64)lN=U+S1gzeK+g5A^O5^*AY`_ZF%roR2$TOpa%wVjlQ_J1a%P2`fttmO zhicZ+ucGpuEB{ceWe)>KYc2AlEIuZzh`~R?WXf|@8R7ez{j38}=GX;6YsBFwSH7_a4fe zgDHM|!x?T?0_Q~0vZPDqwyORETU9Vp;^dj1tgWFI@~|I+3zUjtd!-shNa{*Cvjc(1 zMVlLyfh;HEjtRRvR53|G3$7Uz72;j@EWL(=T3NHsU}0ed=!X$B1!%eS$i@-Q8L)hl zN9{!0Y7S;zKl>l%r@!hJGVWlpRLpBsEN<$<4-7m*w$NvzAfywAIn)>S76KaQt3`;` zw+0z{CqjuwD!I)j^66Y>Ky#2I=fc^UNG8ZuSgr*X)iVSxeme^4i2A5?-`h-F*aRcP z;T*s3Z1O_%XYgU}Mc8_TBoJ$b^fO#DM;_1kF(R2r`s_eTy`zE6~biB;mz1@Hk9zvz7p-i)VSrg;H6dLS|Odp%CAp*2Q7v@IQUk&}yTQa`MG@dEmg4BP)ah3~Ek6uJzS@MH_IAjUzgeIZEubDqqEBm?uGy=rOgXxyEhTF}9RR z<{DCI{J;kiY;>@4ZI_jej5YG^GG>^Zp6nDeKtw=3A^LZRBCj|RR+uu~io;|SX_>*v zVJKOTSd)64|HSao{QV1LjfwSmNP>`9GCHTAGkD5W_)oCa15)A$`Zq^H0;4dYjYVZP z$4o$7J8?0F6O#_gm*Mu4U?j2cL|}}@5)K>=E3x88tr7UJ@|xi0Dk(zy@}hs!J-F?6 zFOJKeUEq}*Diu=Hq*ks~%hh7xPk;RUjvvLgYmHmw;(>%`6Nm_L&0q6^$j$|l`%Sag#Ud(w`&IxLap-aY@>8vhjzzGu5UuA2 zr-kGWWtA!defzc!xh1swH^1{_JSJsHZ$&OpHdIPv!~B4Zx>!VHL?tIeY+_Ybh~9`w zmX@eWB?P(|uv89XzakTVRT6Q&l9#Fi{rS&`SYrxH;|%krufmV1=vR6rmsgKmmR|E; zWd=nZv$wcXZ)(pKEaEb<1n`f;^={gT?lPG2Re0u}&x+l;q z!3AjtBb8@N-DZ%+k&TJ#Hq|OhEeAuz3u;3g&D<%lB=x+A-ASGy?)=5&VdwMJ_{>fg)09NM>{VglJJAx7V2#@W5fj1s~M z|L(Cm5%FM{EW%L?DmcE~1ir~Xz7^js!P``145=4+1%cnl88zSNEhzo~zODvFpeKUU zY9eRSNeYw9JpQX;6TeQIs2jnvTZA8p456d!TGZ2|37Lyn;;BoA$SEg2;*tlP;z$L^ zht1)PwsB0>O>AJ3AEBAkRWNZq!NgwY=C0e$LB=2IekD>}N~(PQ3jYVu6uotPn>-_h zx300cie{neJM`@vznjEA0u_q<|34d{lZ9z6LmG(F{sV~qyTE_v0cZ<7LiehOUPJ%o z7upZ3W33JXe!2FKSjFE1e9;;vT+4T3KR-|<8M9S#F0Y=3RgwTSSE*#q%J{XgRYqrY zaHNyj{BCy1(i3s{*q7%M07mRF<11vPkhGn?v9OQZ;sjiu)3o#WBeY=cq8F?k$ z)Iew6NQN6M2rw*Q!CasCQW05^KAh{_F?e?V?_7NwFt}wkY}52 z6OXb&;fRLFQ_;^tPii)OP4(3hP%~ldreLC)g@u7e8Fgb&lc=GUsGsB`lfg$9^o|EK zj+U?e+yK&19wE7X1(FF>INgE7ZoZA)lBZmr)59ZDPILr`BdQ7x`tG%+()HEQJn*}q zAnximg`_p1R5IxRX~J(5P(KJsDalVSodQx6GnZF3Gt}qwCmv3CpI_2-zep!N<-3aA zkYIb3kYyD;Gj&=sv^VE{D$9kh{p=qJ5g~Nny1D3H92*Y_!p25E7TN#yZ~q3Ijfj&? znGDqp?;)VkLMQ_yHe?E_i%WSi|;`=9`MK!(5nC>LbCl5#praW;vbNU4s>ZD|1DO z3x0LHUOePXSFuz~F>eAzbr`S~o2$d6{z!nZs@!whL-&s*v#LP{o{7%h5zSyDP zP)Guob9lv#A}W3^e%~C#B*1q<8ppZ>GczliG$t1-WE0_l00xx?cPV0aLKJwB{L~x3 zD?6+Ldu5*_2U-H&HFJOHa=k?*nd*dBe63cB3D=Eo#2m{yY^YgVE=*>l=LZfipsx-; zQ!6!&C~z0nD=(YCO3Sm_0_F7Z$|9wgY007q%xa5gHLQ;ymmX&5DaNjF1;9Zd?1u~Y zL?ABIk2v~r?13ESkWQ6RFO_Et$bpFe3s%cu-L5iCI3g`MN9n_h9jY#e+9{!?KzCX@XVi>#}?Lv%B#G@QhR28PS!Q8013M-xFl$;5}Z~nSE(KE)W zS3*EZVL>w1)YtDGV20GCp^1LKhlDLTwUu8AHzbNfnQjmyKP@~KazvytaXq10XBCIB zn6S!rZD)54ez&N{30!HXwqM)Y-QC__i~~A?Y(7<(lSZ{bn@8Lh*ZvI+b{fRD&~NA| zrjgYB<RPU~a}_BUt2wFbNf#>gMh1tMs1C%*P|`b(wlPDWZ4FDWWk4 zgk%KslR?-q;EF%I2aYLxfh<|at=YBf`e zTZZIw?=|_C*@B0s)OzZDgwva=G)u;K71D@Wl#jJpfmb-=%3b=NB$Ttpi{mO!lv(^) zJn(j^jKM0WfG{@(oS59&zgmqrM!KZICZk9 zDM#`qtp#lUiXsYek8tA*`Sic959`VPJIX@uS;+V$LO&0=Pt@7{@? z^K0jFwW|#XmC z0k!?u>&TC6Q7f}fYEH0YkB)D587eyd1iOx%d&qMf66F4YP~C%!mrZz=d!UYwifC0Z z=o?Y#z@-L|(2QBS41y8d^tDyY2GBHCU@o+#kybyS zN1ETG3~P;0DoQL&VqO&HXj^yOSik)yk6*L2n+(Y!khiVAr%27BKb5lEKQcefsuVoHSATQaKb-enz?Qxz+}AciL- zJ>0Ca>W%oCU1gNjXpN+vb`!nH^qOkBa6qcJoLD^&Ly$uOX>W|#dor8vrI^G`lb+^BW^#N4VN@J&^D-jQh!xWjI7J_C#SlEsJBt+NbV9;u z=tL3mA@t?D`KdU=Wm}q^_h&v+Mxs?WSIjR1C3PMWL?@YJ$@gfkoB6Fsh9p~~q6oV_ z-#9z<*H87E?>Ni;QP;lVU*WBc1Z^73K!dshv4ei{iCuaKvMZlVU+YRAJ3L|KBC_b7@i9 zrsS0WA>;pVlktB{#Q%LVes)kROZcma_^ZkIKTpX2*OT)9Tg3d|FX#UY3HskB>Hj2A zKTp>G9m4+ak@kP5xSunVRR#X@7 z4}GM+$@pCG7qNTJ$j4C}s(bcTEGq$z^F{zK7BXmH{2Kd^*afW0Arl~#L6i!)*gr3j zv~17uJ05nloB%eWIzfwc+RhGv{~2@kEtmHL)5|hiYH%h)O__=A%*>JCqKI@F9=0i5 z1Pe^qM9cIPj?Zr;3*zWAX(d~I#Y|1Wyhs_VYx8mG%Z{o^Q7Bbds;CA<#au*6WF670 z^zB?xYr-$?sK_rBQ%&m9Wz!~ zA^$YQWS%9SgOg#1C0eGL;F#ptiO(G)gd7{1uraQ0@37cIZ!^X*A~dfgc&V7(ix+h+ z&Z|DnbJ;8B+Gc9#(<#Cg&sPse%yf%-Q$)r8`%N)LK5{NXm2O8u*Kv}U9D9}FNJ}N+ zLo@p!K7>FlW8+sLoxs1Q`gWebZG$(Ef8rw z9Yc1QNt|Dib*F3vu^dlsqJ~%7i@ZF>40GRKrRLR=>}tX%<^uapelZ_LmTyeF0N;EkgSi0ys*GlS z^M3@xxf%zPKc3Y%nYXVse)o^yY2K{D)4WM|nq-F!u0}EmZ+4#axmPL~jFgO>CBYR48E$bI7xuG9E7+Fr9dN4EYwXug8?wo-tvuqK zMhgf04_M|5fB5~wUa-{iT+ndQ2sFEw?P56}_!_i@Ov)VGe4EJS0~Q=*9^_@b=Bogg z4>|>UIlG$Qlfkww?CDk3HXpRX;w}U|&jy<>D6r&N;|gHYvMNwBQ@I$V!Ot1oHK^A? z`5VqN)x>O{#{z0a@C1uI-}z<{^2shN3(fGG1#e-i3@K+~kZRZXykK~St{P?XtE(!> zxA~gyO<4MqSue@@uBxdo#&(N@@UQ5^jg;Q=il(GgR`*$ieTzT_^LnkZ+t}OMY3weF z4+ZfXbmAQW!uXccV_u78@0f-{ES+^kjyGM9(&gu?)$*XE1|XAx7JtZWXui`tXKnOb z;@`dS$;HgeFGiNi)URHPU22JkN87O?R2(`Xi;7_SHg^`5zRb*bmvHCMM;SoNIm&x# zbN=d)&p5v(C)GHmb1&Rt^lH>A;4>fQEyE*nuKfGO!_fR>bS=>^p!SV2xXZx}vsgX` zkLmOVPd{SM&8csc%IcXUu^fNq-WGH62wiB^H)J|<@r0zUi5J^lXHAZC(MV<-6N5C; zkLA%wkpOQFHBulDD#?D{k|))s9L)lPiXxirISwE`tbFb~$AQR!X4t2xu&?tVIx_c} zfS@v=eGdSo4-;(!9LR*^Sedew;GIwg+13Q0vHa^h09*{2XzLHzcQm`YYl~(^Wid5T*rV?-!wwOK#_2+l124WyKb$C%p}6a8>9+limK#$gT^GtP;DyZ{G?`2bo%C zdj~PJOdQks7xWmCPrs=!Jqg0pb5J$&YhqX?gVAPVNoVt5iY$?f4a(B&=f$E}ujy)K znP4(mYb}2+kF&W5o)Yc9X2VsQuNU%{;z~dk2Ao`R-G(&O@hI^~C5Ziwr8GGCSJzXR z{4ZJ5S0iet7Fn86FIw%EHuC$uOP&MiwRM+qha)_aF^_48k|QL9_xUBBOF$9f(Q8pa zbw!Y{Q*>d`y2|Lntsqbl$zO&0ZfTYIpuyQ8d|#I<1PM0q`=sB$f;2d=%8+RoTaZ~) zXP-$rS-R-sC<;XSw;xPNq^A998`aa|mCFGU;c!HvbhDL-JxHWC#HHBQy42!gJ7L3w z*h;p(&$qfR|#xyxA^D`O&1NWZm)iLHO?wb!wUg+n!wRvb|=nQW?-Z{I4v z3rzMo_XhzbPrX|ACUcIXABUPiNofqfADZ3+6;_g?1bL2>LMQdHDHua>jsL{HR*E3{ z{rwStauiZeYwP(RoS{K)1#kPK^N^t4iKg$+Z)nNri9bmvbH2Jf{48_jYo)#znc@N= zEdC7{nwBB(O=P_HNQ7-1VYr7`3Gj?5)$;CLK_=bH6}3BW~BnE_AzBq^Q-Chl6&!M&li0wu3|}4 z`u437LdT`tL~WJ-iwj#NStX*6#Q*ipTSXJz73WqZcZ;ts6=IoHZ#w;(kILQPXKZvx zo^D7K&ZIJa-YxwHcH_|r`YyX8p);K2VL|VG_v&;1toQk@bJIQgn3+b_0X<(8Qutj% zB>p5v)hk|VyAkm~)B8hEOBqpLJU_qnNj{Bv2Sq~MC<;6fN+#Ymb%(tLr(0u;?~Kc7 zF5>O$+Jo$BYRe0_K7aV)Osqq)SEf*$pK}?DrLRk7$%9l9b>s{@URB(Ozvm*#gceYp zs>^Upzq3Qx@Py{P0;JlQsr6Vq;DC`~jyA~eX=y8S%gpWk+4;Zb^S{Xr;z(N({-Yux z=8yOBO8);^t-hPd|F+xM-T5Q`+dt!HnS#}cRH6frKXKqlDZhy(wZfz0+fAfjNDGRS zZ5E6`Ew4JGnP`^w@m$4kN?A8ZGE>AsU?`Kz4y`~}g89scRzzjRCFV5uu#ZQ?E)8bI zj0Htcs@&8yn$uX>o@AS*jOcUPX&a2<;t02M(OtyS=e>uRuOSQeSDMN=QS#PN9)*-n zX7Gw&JZr$C#)2mTI?C2jn4> z(a9$kW{rQ?W$*|6|K0Q-!h5*0&+-tnv3><+Btj*!?8QNNXE-n9(zi6j>kQG~P-(az zgG`!3u4oWKO6G%fNknY)_rIWMOnk}PLYjO-PDfMBP!N)dLu2O7P%;vG6NO|b64gZ% zLDp?mrX)x5>_n(q5PG#jMvfF+$v|PKN1`}D_s$CrZP9!UU4>-AFEg`DWSkZcq7GAO zc@ltclvCGT=cd=ayg+|lZGCjwbMX#cz70kpwu$Jp%px3-pWjJW{CgWYZrQ~w>O2!m z9^EC_pn^{kBVBp2pds<-gdps?D)qRC?aIbDB(@X))e5gvSs1%}s1&Y8Om>ze+oVx5aH&WUC&#hwa&2JIGC%Sn?6B(pThrJBEhwDJApUTQU$EdJ2(9X5u@Tqb`q zXJ7s*GZfL-8vj04=%?e@8oKn|8N#+L@k?jj7Frb!e@YMziN78p97j~XSMVE+Mq?6A z9VRR;0&0s)+acjXQH0`v`iNj_tUz01?2kxu$-?EK2}~7Yr}xQ#4;D-=@tl%_;nbz!&G; zT%GLd$ZAz(N@ zMKp*bw0Kdl8xm~K(!HgpSX?iEUynLP#o}&-RpI>9< z_Z99B5qT~y*Dd)~9a;ZNeAtKKXi^`}g!gLP^@li;8>=7H1<|OpxOVQ}jFaUVP zP_~apd85gxwrFTqpqc|>HrK2i@phc@5o~|=0Ko$?6A^LQNayPR_-f8aWBmU0h2emc z(uzY@b$`~dHN5}B-kYtrZETH#_jrmra?T$sZ9*70s!wuSk(ES=2el;coZaqxVi72k zus{Goft0nK-1Y#-*?@5 zzn#`8ydE~)YU zr-XIung?EPO|Fb?kA?nCkPlnas}zUd;ut3Z$&iivM71R()gXMxG{K7V! ze#7zS6C6nGNYfQHf8TW{pf3-w97CZdZInind+AmG-?qD_0IVK3+dAiZ(_N?E5b3(* zn`)TA1`M~p#{*}McgA8coji>RH$gQ|SNz^Kxyx@)P7!NE5zYxp(mS4n0vG#T-ZiuQ zDJrKIsZEnL_zTSQ+b9X6WVUg-M!P?6)-}rm*NxVYsG9$V4(g^#O`S2(C0(bj-B*PX zk}OW|*|JOJ{~Gyv&_s^dE;AGS;v=4`je$|BI5@yDZeQ zf8zp54cAOOGQZAAOjbB4ULYDJ0YMmD>3OrJsss{y12VIK9(CvC6iQ*&xCl_VRc1}M z+Ha+>`*NQ-@nHM)6N5GnogD|V^Art5#=2RW`i}i33J?U#v9IC;U>Ipq+o#GJJ!qm! zO7b1pifaE0OzB;khZ`p<8$M{VnFO-C#3vmBz;3^8w&j+4PFDfZM$Ie!l}_8blQg&C z)vHGPZg08P%$8G|;NVsz#ciAyZ_zNR?FN{Wcu^2q*b`jP#yzOD*kuFCo!73u!8TgA z|IO0{>138Y%pum7{nO#FoBFmo z0{xA`9jd|=NkWqUK;lKY#`gh3FgBeZ1#_Iskc2vLm>58B%p&l&j;&a8p<=aH>o1RJ z*LrVgMuN3BmtE~E2)O23s{h_}Z;hU7t}TY*7q8QhsF-bIdrI#>wJb+m8*$|b3J&nJ z{xb0i)#aQT!P4koC4g)8LV!ArF{MV+=j2y(&^g%HML2nxU-3-m2M0Q7Q(Kd^*_Wqu zuptxPU&c|XPXD>1=3_d= zoz5dg8`df<^Gq8mkDkbU@ZaeH%>593fev>i(=r9q)}(q3r3P4r3uHCz#7-2O_vHEd zjO_pB*IFaFHwpjZ0W|!Jy@_~}({P=N3mxko3A9wM8hObc#Zi1`C;C79B^;Qz|KKlp z{hx0BpMCQmEsUcv(ez)2E&7l7H1L1o0)RHHLmxpAw2A-g_pAD!f!lrJ|31rSjb_|* z<1zeH8Yz&#d3z=Sf}x(&A%7Qj$Xa{KdgreOrJLNHiUwl`nCrrUxL#%J8J~SDNS@&M zI>*y#6qs3gNz+eez3iP})+6w;G}r0!*dNC&k)}1Le(ge_Q%Ud9S!z*m5|%1}Y~h)S z4&J08)a->khfq#qkrnqFVaRTWheqUGBEH;e4H815PnduQh=|j(SagGY$hz{_V?K_3 zA82u(k*$_obI$$riHAY%bYiCa>A_lYq}6McYZWhzvq|vKhNuTpX`61)*XeXx3qbrK=imPRHKOX^nB+y2%sTlp-ud-!w*Nb>Q+@ybQ~tlt^J%cz8x$(b z(*-H!WT_Fr`d0F$z(r}&SuWBfD$+bkW_FO~BxQgWM@o*oP@pcC@t)%38cxQTX;vDk z5*u1ZBYOiX8xwbxZcEhvNznaM1YLx7uxB;A19m0oiE^JS?{KBCAV99Thads4sJ;j?&}k@6_)}AIi3HOx8R1$7Os91+`YK|C%y4s#*MD^VAuK7ZR)hv@V?F9yLyOj z1!$w&-_}rBhsUJiTj77kJ`lQh8ITS5zt?rD@}KJrp7cMT}_9z=|Cdt#AS&de`Z#g8nSB1#r3lAorF4Ce$LeDk$y zyQ7YC&@}0)j!6WNGg;0iTT;AA^F3&tx@`MXxh4>g5)RSm0^cyO_`h<>=Hpbq-SpgQP%5tHY5^cP zvlr7r^P>%-jLP5%?hKtg`wyV*quw? zAe1Z@6Oy;>rx?6!g5}$D4F=8gMHUkkGA|OA2Nm5|Whrm=n7lEOE$6z^i^)pm+4urC z-7(pxrqLJc7A~XDH$OJGJ^GpT56ddT4YkAtka)bcBk0xpk zZrQ>I+niODOwwfn)jtvvaCr>sYe8o!Cdj@yE<1WQztbFejh(N14Jn$t7ySd@Jmr@^hc>L3a^o1K$imr+habP#2y z=Pxf&MD=&k6y2vwbQjS%d!%rEmFu>666^=@TG&5jI;&It?hdw^ur0u@*L@UR+&4KQK=~{iw+rjzbu?QBnWVm|L4G~`hPg?Q~m$X^I797nT9VTnlCfP zQhvJ(XQZgw=RULHut5drxm%j+xb9*L17L4gfO{GJnl^WX0q~;UWzTTSESx-%u)hll zYuK#~_efX=JKD>1jiYFL|5{XKbClJ#mwTPTarZgm9m78t_~W|-uW%GI1h&hoEcZkr z=3{pi##Wc+LGNlW&SE?IpN7J3e=jy*6aDw9`5!&E?>_nee3no9E1sq4EG8Fe_*xu& ziwmd`(ZRdmEUHFzC?HWXvmQOFqc&4v$r69=8r!i8xTgq@zc+PN1cD@CmPSb-JUu{h zw!-oDcO=MhM$Sbyxi?%pGB1jZ|GCCzK-K(;E^;!BK0*!n9fm#=3-~iA)ZSiEe<4Bm zKlHN|{m;{7LH5@GY>fXH)a3u(lmGAM`Lt72e&{VkpZ}O zPN+6SHGlw>9QZ3P{7sH4>wxnRhl<;Z)|gZ?W5|yYC-9&!0n`>MP~yQ#gs9fPIYI!H zqXfQai3vd4#RW8k1)zq|fb|otMgvsm#D;0~^jcpZpn9Zr5B}{RYtbrsJbCax;%7_# zA8yCKHlPjszwZue`Tx34{vV&`vvdBhcI!`5KCi2i>E!WEKgI+fX7t$((3836--8$4 zJ)u|mQanmVuYGM#=Bz%O)u}dU+1|w0br%)$4V`lW_bW@|-M=>%@W&c**4TvGw-NFKfUomNtr9z0q7o<6&Ow&VXqF>p$X zeXM}%`M++@8MsydpTXcM|J!HzNZz5Ou06Rp7YrV?f4~$TKRsHx2UYG*d|%>=8h$ra zl%`VAs4>4MWB8n$1`Quj#ZkdrKq0!)vQ zyC<#x>|wO+`@hUWT#&0G#|4>*3M=LBHf((bz?v;bYIBbzx2I4I`^1$1%LgKb2fx*a zF=~%}@Vg02P4Tr`yxHozWuID+AodC7B)Fx^#gQye_vw=|2J$+d=nMN=9FhGkrsM(_ zb98WIB%33XVr4(083on5K(R#ROclUzQS3Yy!T zPo>gFy|Ce7Ih3?A5sBf}PlyI{5-wwsmlf2duUqXB&3!k;9vcvnG*nWTZf}0O0sE8y z=$+YXGDRAb+@wG3V|=+`DrWZw&IC`V>zcJ@U)T=z4x5(cQJP1^eZ`K)KDD3PRXVLOc9;pBZ00;N+_%p=Mc#BK|s^K==9XhMJy!vP7o&Z(Fa z#3lim1!SinT`bsWX+oeuzD!Q&J4*5wXiA~>%L~xCS9Z&k!VnWA5Qq$D1#3lfydr2q zNP=>*NLM7(gi#Fuu3wJ&UW``x7Fxealgl(Mj2rOPk%86?h@UzC*jc$2Es*vJl4i)w~aD z4W_NY^=)^ZR!ma!$fyUX%NNZnE(Srm*RpE>9Qb2@w7zu(8iK=8>#JJ4E)O zem2!Lx2$@XDc7dE*HrhKrmDlYKKZgS(xvQyHfOAE>{glLr%F!T_OO7p5ULAXrSWn> zUNc(MkUz^9fwO0Mny&8cuyJXoYHf$bwfIHNiy~vf>{XHGGDeQqz24Y3j3{e;MS`3ZfSV4R z#{L3&{rJ<>%P5DJclWW1u&bBYRwma(Gd>6%};dvfy|3WvmnnrPh7q{4NbkKoEd6DMD*PlLZ1SZ?EeUp7@ zduJW-2pzr@9VED~O%$TG;`iUb)UajK3ry)z^3_mZ zzb2G2ELB6>&26?&h*u!)J0Xb)*H1|x)~zR{pzbVc1v^TH+hEv-h=m~B?LKuOlI%3c zhl#DtoE=uaubhWz#l-NN|a3MISI%mTtHK%d_jN z3i$y2`7t`mm&p<3!yM@eY{!jr_!n2?M2(-zUkBk;2}|aD)Uh1Wq@g5bG@8hq_-sb`itjs0}hc25;DvK z2aRO!176{`6~lRHWr89+&f*$;nme5g{`vLRUeJ1VsMEP4lRQm}ugiig4(8eb0V&TdY=KYMe1bMf}_x_LKRxY4G3%k{MB`|>^Y$+i&irV;lPjp~fx znuo?8_D|%#<*_NZ!fkdy3Yfs$+)~ND@VN5qZElgoNGecg&2ZbI`^EvF zVJ8+X*K3R0;Qx@)qIrzD_+_hUwu9N3t^ct2*aT_I&1>nc6kdyuZAWNmH5gz0@df%K zYtJx3J{CDxupNwsGGv$~=WY@iXGHhhg57reFY zabLsX(JqF)^{4e8Y`NRlg{iz8J_QMVr_BxfuF?bKRbNz(Rx9ehS;@`8GcJ zHA+B*NpLV#=p`oid*?MZUd+svr=(&k}vq_E9`(vh7i-mi@#P&Il+KsFs z=Q5l3uo>+AVms~Z+qUoSZ$qs&(dliU@EVm=ZN()D-4Ql`{U5#_pn=QS(Pf~0UuyuW z;k8TBqE6Zp=H`vaVlfa`Bz;jAy`q9FXx)y|;mZ6nj9YU5rUeW#GY~Zm+t~_K>)!8l zAnQ5Jjl0$gv+~Fcc79!^;u_1o#iqATVM$5;6S+6WmP2-+L5DRsSa&`UYGyR98KSqG zi8Q9HosDd?^^9Z(Yt7-eAARM39(?TW@HVqf>!pYmsvx7^gwB}i{hX)lGCeOx(>5@q zri56Xf}sRj!v{A=$?E6gA27;kjH8liHeg@WLSIWz#a2SsJ)TaJ(Pj;4?QA}nR&l=p zY^U9Iy3~3rw)v0Jf!2<@S?5@P22|OG_cfgVrOnedY`Ye_Z81%5pf2H&b=mheIeKmv znWvnUOIsyCRDLuncdr!-nn9Xx=+91E_4Ij^&vyCWR>2=w|GDeA-D>?O&wa}O`&m9_ zwzg{4-o~VCPdVBC-Ey+EB`<*4zS^!}RJnCE8P}H1?J|A91M;!eA+*+wl6i_Y&gbl7 z!GxjsI>*y#6qx?)r0J&?_n>vq>dp*eR?i`Y2KjZ(^setSf(}G3g!7AoL(VZi2llh^ zCdj6TQY28{v`k(7UZ1Do&eai#hu5vXq z{qSo6={@Tix}HZA`rTES^zjPu8D}n?;vuQKXJcB-!EPZy~xs!zTgeuOYyQ zLS`L=vj`Hn(PQ-f0HS=g(=2*_kfk9#cmY`k=@I!z0`*6n&fwoli_KNIptOcAWW_E9 zfLxJ$0^nw(U_ZqXh5z5-BA6fivhOsShb|4sA0%rXl9-tP3fR^_dP0B&GkJjycy8o_ zUo5NB>97a+GeMIm33)0)_AZMQ{;gi4I9bdyx7j=kB5TOHu}2zF#HSIWD1pA}5m?XA z-JIk+(V=+BI46iMvn&;lKVRbM1=0im$c@dSh7|!p!*$e1zk=) zke~p>QBrq_w1w*n5HzMZ+)L}l-)8lCu;u0ihlW{S(9?*bgpiOuz$v;;9Iv?r|u|Za7KP6|f^WQ{v7H8qjvPvp03^B=GuKG3S;7=KR|HV&t6|9D^KMd|IVMf{-5(R zh9~@kjR70{e_Y?G>i-AszFjfAUu9+h!7`|M}V9e=Gi1p)(IB0h{rEx61!J zPyYX(=d({h8bl&KB#`Uy0YPn@N{RW$5kS;!f08@?#&QQz5sn{jX=fV6!^;@PD_4|9eh<@Pz+A$H&0` zZ8*6p#X)o7)_Q^kj;|jdVLzeie+x8SPVLZgkUCX_ILCTki_NJqgn%XR?r);__@9q| z|Lji_{)Y?H5x$_@ZSFzjU=#iy4EojhU&ryE@c-xdl>Pt9M#2*~c^wY0E>>9DARDoH zO%c;D&Q2D|X20DEQf^ud-WXfjklk+spi)KUdMMQs)%g>s&K6ez!Yj++&0C(m(R1zD zZ!w9ML>o<6I~p=}>;SPGf2k?nM*RN>g1|=n?>SZde}B+@!vCM+vkw1%2Gsu`Ka{oa z>oHLM6PEuQWBI)h{Nv#EM@8$qV)WfUb^KotTIei5?5~HCfDQQH8#q<`Kk)lc{y(4P z({BG|Cx50Lz#A#RMH)7s{icWCSw?V|I^5R8!E}CLe$ff!pHMH@_~|zzN8d9Pq}e@ULqS|@n#L5B>ugX`pbjxhLIoM>T%w~i zD~_P!5p;up%laMVYCCe|QqF(YM*$UyB*k|@%i*kfTkYpmP3`xYN~z03LhldE{h34w z`~yl*gZsT8I{7lO>0Fg*-eLn;x9SF#zH2PC2h@&HDrPX)i0Qha-RqXg2aj91Gs zniHsjB{NICAuEzUrp~gB{sRi&3;d(~f1QEvKl%UuNuP(&e-)>-r`cUTgFlGqD|-V+ zEXU|KUPk!;U_YXRYXTN6l?CD5If^L4z$ZkLm>i%_5|J(Q71VJNdZl>h96B*yp1 zb+%dTaZ7C=ofvJaQp)vG#Yb^EixQaW?&b{n{!f26dGr0*tGD0Vi}11U*xL8+4!TaS zS9$+luiJZi|DWUY44pziW}MC}3-Sz1qnMyD4VDX@$s>*tduo%I$k@$l_K+V)yg=NI z(}Khy!aFosE+!;rFKkH(MeiwD;G~EGwBm>)N@l-2pBF`Te00QXP15|YF=;D&T00TB-H==@~ERWKhwOx63-*#-v`U;)1 z#>WVaWu^p?A0bE=M+|dtEebv2K#$(T|DXLbw!T6am&bqvHg(OGaeVYX%XzO;n9T9U zUVPF=@A?0KIij%DQvM!Wu%m%IBeYD4C`K#S?%4x$hbh9#BJIpb!q|Qiq6wxXL}`L% zQ6V>kok~gxB1w@)gen#e8=EPPRQF=vObCK==lLJdBFza3Nr9u7+Lra~8S2@N?fRDW z4ie6wahL|Tj2}#oZlk+smPg^y?T~gv*zg$6L^%3xYOCRUmi1lq5$#(0DJKbDu&cwa z1`b2PxGAtMyA~&5*a)~53QdDKS-?&(0WzB2qbyI0G)QA4e!82JguzNkP@*cO@aGPu zogfW~2#;o{I!mLZ*l8-aQFa~Ee~_F_qe#&-%>({kj14qmwArL@qYPcYx?0>yj+e6$y<#W0Y|cKh4tx zDs2&$@l^MoWpQqRgb3$FG{u2T{sIjtx{Hdr30igS%7ul9E;EvM;wUNjomus5B!9a+ zJ9+u~%wB}>noMQ^E@1SLA?Si9ied;o=qqfqp|>#~azJ-oW)d-wA@r&2-4Vbq8I0)%AQQbb=rp^<4Cu+)>x&^ofLu zY2wJ0?QC<+G+Xy|_48v)L1&pn1qdf>s}?vUNPfdG@gl)Ku$<`YSiy1`4sIEq4%6OS{?K@k*pfZNDloqOyKLD(?j$e;PR5_3}a62(ZO#AtpB$-xGkdK7V_sMUlxel z{y0NdUb0?+ItG^!5vb^*+M@Y#!nk)rQJe~*A0;LHt-5Q<&3H&82nSq^A7B22T$ddn z{A(bOe#i*dMV_+7jw?qZWQDP@)mmm}lud8E2G`@P-fpmP81f{8g_b=+UOP%d?(%oC z8{`cz{YSj_u7c|EnL;u}sId<`-XaYdw>Qp7K@v8(>u5pJWg(F29gd3c()=O~uShUf zIs_g=8ztz+Q%q0Q5O7l>hMK}4F-cZ@j__N7!etgS{*#f(kq!`U|LKy*@kZCFskS;JgK`p!p83^{3+B}sa zou|t<1h$o?3xaYSz;W^EP_9hKF`X02Ffa67W^$!{CJpdSL8h5p>^C@Ez>|ekR%}jb zF(mC9|AR9xFIjlkoYAS@E#oA}w=Bs+r~=AUXz~`h1y$ISHXxx*|DphmOP3 zNJq1TW1>mC%qIvJ=zpx`Qoqp$=Wdh;1qu*CO-M3Efs^1~$TdQc!v9+4q{A*ZZ?6X6 zXo!h%dlwKJ>txw%;dul})YvtWSe-}cpj&b;FSu;+<4;$hzq9w9#f9*-*RCeUbY`R| z%#l<)6Py@EVKfDGlAPfq&EgUEM9x&+gx=#xS8kWVl3?rSZI3E_7RcXRard&xwTmiDY@i zB$R;g?C^FMuAwz(TXI5QpS)^INs&Li8h4Wa;m=V0Es|$zdN-pkjsh^lkx&$ z229L0^VRj0Y^OkZqet9LPfyVsTGk0{6lmr&mvM4&4hgqOj^16qs_Y*>>i23&GO zP3j|lQC!>eZQ#va+w0n0n0BLHtzFC$QeKn%XUwI~nR7-u(j`U3eU?(044fwdD4}X9c6}|}rG8%clJDA*b;cI_jufoCPX6S{J z8{&5dlN&ap79Htt$nASQd*uzf-EMC<3<5s{_-?;Duvf$%1^9*m8%=Jy9srs}MRkLq z2Pn9jzIN+h1E4s>SrefCz_nK%z8SeA58n*B?kI$>hfKhq-1NHLU=+GN*W-ZH33eax zjkv}ec`T;Y9}YAo^KFm4LwGp+Vv2^wm1L86DXuG;ETfpGDg~AY@X;M1xADCkiW*%V z%d*arIZgtG-jsg~&N6~?_!g8m5e-NjBn>3ai$Zvt3e!`o+L-KF{MG*0h2cs9$)3>Rs>cF>0QYV_X7u~&V36FNPQ z^zaSC0GGuj}+CH$%tkj^K9G5SBjJo^i0apo;oP z;xhtEt8CrXttG+u{s)9X0HH5{cyRT>i>B8yPxI0h_vIxmD@kDrj_uh)HU;(%*Sy-E zRT3<~I*|xz#J*p|M$^Y)2N@nRcmUU7k37#wP@pIY#J@~!-bM&TipFva4Pno> zhb`P=BZ&1JWRXg%B;vi5$HALd7f=I_v4_Q+Seny&fwCN`wMf1{AtZz);Y8JG1ly*e zR7!JH%p;1jWuB$fV7vzF$Z0a>S`IjW$XE;l`>QJykX*hq zwE)2WIaL$wKjOu871UmB`3)Yql@&L(P)E()EVsZnF}&zIh6>R8wQ@YX{j!@zf9U_B zCjD4Eia+R?yo9f9vvZt>K^lspRVCH}7-6}*1-|8qsDdQG5D-iwrL6RYir3uU_9&Dw zyXrFVMuu9g?Oh8}1Q77;m$U{-P0F#X*RaYZ*EW`}G6-O2$!ZMDN~BHqV{~fz85C&- zeL?FxiPPX#Ujg>o=yF2IuSrwQP#e<*cS$-}3Z6G}{lbDC(f-~ki&XeX|) zwg(&@x9BlEGB%!amZu9+%*m443sU4!a7jSj7bP<~MiT zID^+|!dOS8CTSihH-}K03Ex8bG@<*XL5?$}_$eWF&d_cH9v<|z>(vLrnAy`jO@2%# zAl=HHU1qZ!3**cLipQ*6-ANIQG?Q9jN~9*|ELr^n=f+{XgGW4US0A?9mxs;YGq;u{ zsWiTo97Hc)N$mzWW`O_9c#U`F7)6vV%HDkl?l(5Bk0Dj91w8EXxo$|^wQf3kDtCFx zCIqT>m=2o(o9&XapBv_4UWLa}XZwAZVRQ+$TfZ!vNy2d~lt`e2Otj|gc1Xo#(qOno z8kSLHG3RC)bJL!c(%sOp2Ju+RH?~0ExQ7~<$;T@+CZY@7S&7oBMcG}A()#^+MasbG z+pBOoxe0rtQExDs`r`XW@oSw11VqqY2~o=F!Do!+8^;I4B~H%S-_bljaT|%vMI(0r1S&>}2 zM34|o?n{3A+VjDZrFP{^gpsB`4TBlih8bW>%@^zfclT(>P_b)n6B`&{8W?s!c)3(_ z%414`C40nUaml0vDwY%)z#mPT?)EipcY!Gyi_Fk(z$yKz$ZVurG5+!7A160&FRrh~aEJ8#x>kwAYdq)69~zuuq}LZX zeW{ZX-q5D@S6x6M<9xZL2>xZ0K7egdn5S9Bl@S~PC?JRf(F@QX3tN^1Tz!|Pi}8z! z9B91Pv&JSt^=B~yaQlCgBB1xu5wU|#&y~9yFCT4c5cy34|9jsa+McaoIg)}>?SzlU zz^3wBA}E1;iNNiNi)lv8;2Go4*uUmDL1WMMz5W3xrq3_C%gfD5tQ&6-x|fg%fw5w@|AZgzBMMO?j1(c7|)<9r(#vt9=U)M=?Y@~35ne_MXP%;j&%+gJZu$1~eKSC8y=-LAbF4u;;qod(@e ze`@f!a+O1IuJ5Ix;X23DX%z6h1KQG9PTCZv0X+)RBp_L#635Yw5bUC4Ccis+R&aQo zi~)=YJ>(na(yb-nm4h{2_bF}FgU4HVPVpdv!#-2@DP(wtodl8e}*m!|)W-t@b> zJJYnA6K)hcI$@OZ=Xq2RwjGztm>ja}9TS`<5Ugp;`_VXC-;=Bj!0jnl*l#)ea+$_N zFksT(G+@F}$sv|CdP%00CW84h0Lf~aYPd(U@wg+&paWdZ2sb%V9CQDP3aKx9N*qfk z2@RBS!3!p35JW!WMJ8@=CGyEer!nTCoO4`od!+D{$8gV0B&Vji79W8AM{|*9x5u+IToIwHIXcFF3a{~tJe`Q( z;E-f-3Yt2GFU-J$AYRgfyyiW+6!*m7NX!Q z%ow8!gE#d>+}Gdc%pKcxn{L3SGj|$qzSL{TNMP%Vu%^Q8pwpq>BU2k>~KHcObp9xEg&jZpphp6~+ zNm7}pK|U6u<&X*3Y)3)j6UKQS#I7_D!acmSvsY3#VS3asaF3?Ca(u-*4~0ufc@K=B z(6MUR7oloqE*?AsQ~tQ5;hxK26Yj?%V)mHu@`A@d38FLp5Z<~jHx}YJixQ#->v5~U zTFD)mpgc_rlr9TK{n%cDXL=ars#CWfjr3_3n!{E$KI?5mi%e7~Dny&8caBM1Z zY9Ui%{2{O~@RtqI8*;So+%K?b+_I1{O|^YX&aT5WS3OzU0UH?J{IEWE04N z;nR4_@X5;v3}53T_D)r}mXS&Wy7gr@6$qS8Q52*JdVUw(Muva^8A_HFv#2H-#B@@x}Y!w)wyNt-l7O|;}WoIMicMRq^u0~)_w;8Vzk9)fKPoP;u*cV# z2$jmwGYHqsS5Y$S6m!CuVv-acPO3Ulc4(tcC;9%gba8N`m@{-^%juLW3f;0)K@TP-m zvXdnQAV|@WKl)CPr^$zOQqDKvi&#=_!8Xl7X?SAd5pK%n&U+APUxmZNI=T6Ap59&J zJIEa^MFvS_v2YJ&T$ajYDLl1>3RcGY`#gxV=2N82C(?4mjgO6Nv17ZoH|TLOsEu*< zY)@WM9xDbq>LzDM`ARO+w0M`tVDaKD#P@I|$-PdsziI0Y?c8f|nrwKc8IM8t_2Hw=fF9c2OH~nwT=xv9Gv%VZ4W@Zq(Ku z8`#ry@X86Un74nxbRM0id4~QW{BerZ)UFA?RYuS{P^8;1(vFR_^sEaWLeee`jYTrH zMFv@K;(Our4dvv*7bqq;)S2|6WQF4>G+1ufo?AU+ci-*vn+(!Ek9w-g=Iz#h#FtUr z>+Wui)h}D+_OibSOQo^b&Lh34!NBe+s3Yquk4zf8p>o)c$HGM) zh%Aop@I95ZR+4w?D|8htvN)RFGx;M5xL>^q1DHke#q}~tNIX{eJ57!y;3Xw!x@0f> z*CmdDhRIM*wV2`K?U1j44yN?l4Xdq zrbZrPQUt`FNbZ`&+V}&yDkB$-hNRaP!e^H}7mbr*+qS8=+Qg2%xWn0!{5hc-L zxzNrv6*<-9S@bjV>Wa9U$IQ4P>k2%~Oy-<0l2G`*`=l-S|ZM+H`nZOEzUTb!|_x z!k#n~=*WyF&L_jge5|@CZ9+(Rf++dEnm1b@J=NW z>2ZqVU>OU$rPK;7ljzqa5#7&UO1DgKSc;MoC%Qj6@CJ@V2iy-640SaPOC?1I&q1R5 zbuH`qK1;zlv*9s4q9>)-_Z2~N4eikPQSrlaA_Ay^z2NRmTrdHKTUb6`U0+qQ7Wl$- zvU0S>jo=KsbV`LY=5Jg9Cy2^l*?wIK*S0HC=pmGb3HDy?>xszL5hG)c68;op+C#c2rwDe1Npuh;1Ni&I>w8brO z209znb|4H(0%IlQ4(KG;m{%CXnjs0CE_lqg@nTBj0yC+LD9C;?4Wjb0dMj9UuA2kR z3kmr&7zK%Byq1E{-AuT9+RN$jMESn9c)1Ot`~rWxe~HQ)X@Y)=k`TNeUa(SMoV zplnyp1skhH#K$(Kx7;`x=7Jyky>1)|Sc zbp9AzBh|RiQ;kb=P32+bWEwL;HX(OgJTg~71OrerRW>+1VZi5F64lo?W;0ef%Eyha z>vOIn6;Y#A$Qq_6=hO7$jrwZs2_MWFaAWNk57?aN2@qV(|Gnld>pRNk!*kqznJ<$Q z`X){CG%dd5A_d1MKw-2?gu_u6PfiZSHw=PpKKqy8lEil1`U?H8*RRUX96+N*dUQ7N zDPE;H>&A)AS0aFT5zTUyLy|jXJGO(K>ykle#SWNhmF<<#g;Yi1n33c=b%} zY`1gL0X+~O3(_n^g~+bJzFAVjHY?5v4)2-FloOt6HY!NVc;%|1l4mgqHV-iw*B$)F zt=&bE{z^|_lKsk1?W7h6AgI&~5=etN z85&j+waVu83KD$Sa$0-di>kXIZMg5wwGDx%l9)z8gkv-|Qu%Z0Y+S@~7%myU!ZB}Q zS>L6(xLG{C1}*ZX-~)hd%5t)Tyh6%oTyZ&%l4+VRcz4LotE(7rl`x?1uhVw;J(Blj3&9TNWlQJs*9gbq);O<47u1)8HA4JgCC!f@OOJAgFuIL}+YRWpr#kBps4(T`^5#Ed zsUU{wG}KNI{(YvBw!;f3=ba)=W7*kA4SU5ML%EPya`#{&FEI5DuAvcdBHCqK0tO2p zzdt7#77g7G#BIZ&DYdXcTOnn6Kgm>3<6c^=m+8oUSh8OuB z$%@2j#>j`!U#Km_HBPj?$5dHRQ}qDdwCbY92S_EQk=hcyyL_elihCl%wNGQrGc!TS zqkA*!7udd{*cjJo;>pT7?^300BX_q1(rpG}Ci&(HjcZByWlyETE7gq^j_`tE&(aW9 zXV!MDw@?7JC=^E&Qi($*A|9!$o9XLl%=nH>Xd2w|NV;+m4!Egtj3qtNavZ@H(HPS? zL-#+Pz4__<&DG7j%U3eVnH%hJu0YFk%{-H)&t2 z$d%Yob5;VxNI}qXS?Sb>Fuz>Jq^ToN6;T>wn+PYF^sg&&{&juZg2DvM|~-%4uQL3-fGH|6fB& z36XzpYOqI&!=r(ynK~8-Sf_r1oinhItssl3VRpsRB*cKQIKorrE6$pwlrTXZ-C-ue zi1w;6P+6UWTe#*`@DO|Cb6h}T0K)P98Fv#tM*mEg9JDx`&K;S|)AUv-W+7-HTTbFA zkYm1JoMGIMc%LC0;i9X0ij2^43O@3Thm~ODUYN=7`92EgXz9wV+R0iB(c%Nb+A379a-rGVIB|Bj}JL}0*?oI-`5axZJ~o9Ovn z6cZ{Vy?F*Ep~raUj@0ljdYKwYp~M8rwJ4}+?V#`Al1k}X`;`QdRJNq~OqUlD*mBDG z2gOnefIaCTjDdfXn7q>+xUQ$#xH_4IJZR|zg)Y;yFo<$bUF*b5{i0mgu?E36OUA)Y zh)z8Ng>T|}lqLarAzeNB;}i^+yg6OY;&LYeu~g+4NI4%w4K?Bv2Mq7SMH51@R2Ld~ z`xI~oRpMw$RoGM+yAMg6b!d!NTpi5i&qBzqZT0ZO8Ng?r@48(zDmW>DZJa+pqgZa4CBGz7^!x8e z;%Oa;1fgkuZ=(w-5k`f@{VSJAA@2~^*|$Af)?8@s^>(hi!HiW`wKk;}G`rPIu8_$~ zK}W&4_bGbAHG{%KzhW)$Y|nNW{mJ1q^FqTqr4oqVLgKcpQ^nAXFVFtZo6EE7%YWXS zzJ2rN?DU#DRJjiPe-^E@@DJ5Hi%1l)gfcVB%(j|pXEga^ePda09#U`$ngyr!%mF$1 z^^z@1WP%+__Q&?rE$0tc{oqQ|Q;-vOc_JLs&V+}AmhC>i>QkZf!svb93Iv75uI7 zRto5DX=Ja|t2HdqfX-QL9hUfTUrX2b*7#aNi>|15>e^nv;T=hLK{OTyj+ar+ACHRE zFf8^GQm={gZq`6m%RvEQ{*qP$K}zUGtNWy*jU2eE{b$QM?R1J5|NWZeGi~uUJfv$s zDv%(opC{#{LLV2gZAkVqsgUw+dLcYD%M=;MF`^JQAs^ln@JzL0CixhUtU%-9J|kl^ zxi_3aiaA+m0~C)bl!NLStC}uAK|)d(xd^1?%kYiW9Ua53d`U?uv!*b{NPV%Cf+2H{ z`79)~#;T+5&b3TkRW<Kw~fC$XbjPPXBA zj5Ur;Ia!d!gyd*JO1mYZk1oZ}ugSOuL?#W= zV*CQ2ExKPHWJH;8CE#cO4dBNF3{|pG@$75 znrJMJdYaO%ms;(LuersedTy@fjLziq3Ft%c+3T@$R(6|G{dpQBExw^Wz3DM?J4Sb zTLn}jK+oLO4`s`#acKnVl#-iN7l~jEHG|&Yml1Xw+2Zw#aKD8uUYno8Q>mHxU*2|% zaNnG-$#g$P(2=u=5B5Fvgn)^Zw}x?0!d7k!TX9?$Wel2#w(CpN7{A_JBLde=TXu9? zuZ{_1v=284o?qz3t}L9qFQ-v@^?vnnC8qAeh9Xr7jsfG*G9OlMDWfrEOIqOMUzls) zqJ*GXjv*RDI3`eD>QlIgicyYKNTijiy+DQv*otR4P73tp9WH|Tm!<)~NYR%N5=Fn1Q=vLWfkwPaM^yD@ zHzwsFt*+v?6S5bVO|rVVTe3&iq&yC*fvm_1qUnNYiV`LKltd*GP|mb~6nc5o5tc`w z~D1O|;H`ti(sbB8F*jE7>!O7=c^CGk{(E z(ePu20p0R|MnaeGa~zNhl1Jd2ohG4rbh>w29yQ8@)KY>hhFh&piH|yF%#-<@b{jkP zZ1zioB9Vb&fOw)U&vsa|mONX2U(M9jsW#x+F|@(cy2-5VlNXd~6}q0SbDIOn??+*q}@{19EI}4(>Ke!ef~MUwjuv^!5$( zU)-Pkbj6w*zr4FVKSoD%IZ@$E^yq(>f1bbm=16*vfI^=hy*|AGP=Ze?|3NSnO-mnobM*G+kuNf*i4N>5-nzcs$nIC#v9Hq~R--d#h~Pk+~D1Y01O`y}Oom zAtQ$&5))H`C`q^lcU-o3DUn86siH*sY#O!q0Itj__ekJ8%i@-IEL_Ss8zdnVB;mNE z02Rq9Zb!?I3;Fm9-x%(|+Z&IxOSs;AuZmu4c`)qC}VJnXkjdK@WApTHIcJX;;fbcs{FN9 zJ3VQs$u7mXVaHaI8-Sd z1pU&*5fYW!0B!&yON>pRvEm`0xr4#TLCREHN!WFivHNngipU-Nm(7C&|0nzRdHA*K z_qzSzU@-Vb&8mk)XpqcRtTgeKHRjk^-uN-*3}CpTt43urtw!2kFE z{J-cm*PWbj75gcd?#5C-Cr|`v=b9M}er?r!yXbAHdQjC60ZfM|uX3W(5+R{8MyIAp zLbNl|7n!#S@Z2rQKrY9?4Zje~=p4%sRq0qzr2Ns_;5x)+41*p-+uqQNB!)D4E$@EYl~Ir!gZT93M(Y4H2s*vY_M> z9N0O*p$hTmo-y#fOqHf`J+cu}9#xqyqCOtp4tZ&e_1VR9~Izi~XDJks$4@VOV z<=zbxyi|E}Tp0dPVVV#WN3(em-wXBrJetkpdxXPPL`8XDWkh6T8#b9iVFY!O7IT>? z6U%V(YU(#pT|#ay7CIpFJHP~@yE+xV_c>8s7G^CqZB*1(-mS-y$eomKb5KMZRnjYn z318o5z?oN-e?zUI2ab{<8`mD#t}_<;8Bs!62hvJByk@$}fTa9-f;kD7G0ESQbKc3& z!g4xmuAfkS6wvJjTFd&G@BlASjuvc*I4HE|iaefX)dM#J$VVVb`9zXj`$_vNdiRyGFt8? zoWK_0Ayn>fSgM``n*kT^VIp~>KiZ*XZT2}MvP25oV1ChL5mQVV8iZCwdP@>1{R}{2 zk@eUc-cGeXm)y$dfJfUCd_ZO~&#}Ej+j^50-5IDx`bNV$dW0pNT}Y=6)Bb(`Z@X+&Ox`$qyf{&OI7!wWt~BmQnUD?aPiJa z!d2r&fn$_TK9Hbz0cifik`^kq(kSf301reePi5)kEJpx#&ayfhDo~|dOCebRHskO< z!HXzB*(%VH%~TK3*RIfG)4Z?ImQl(b(pTq{NB$UDNUWD4eH5^I;&F3F?NWhf?ew5b zLN8##Q4E=@Wn!>9oHIJkU#T*`%dIsW5lZo0`gtAk1o zF6wWg-BG*OQ(8h9&cS&Sz{7yj@1X7+Bb(8*K?|zcIP_k|gA821*NA%9t{;{2xIp7W zHJ`3!okBQcK@lSxd_bA-+z1n-_p~63*Ni`!K^8Ec;ZfzbgQqpQN98#~-z9C(1s&KtaS~?w6b&m;0pZ1px0-0;V>`_kDlsjbV-T#^_{) z2AisVWhIUfGC3D)xP$gI=Y`p0wi&=10lj=LLjigt$8q$m`0%!hijM3wpB)LkDAfIl zNpZADCs9nELF1zmBt2!fWVVvXwN#YVFxYdqdA63G>%ES)T7uYDf8cGst*ot{qGMU_ zw_!IPKu8Z;$O^lsjCxH-Np3E?!icUyv1iLFiOmp2loLlfM%{6%gP@`iA`2YFRUJJ1 zbjE%egUWijn4Gh%VmPGc*mTT;N*UToLvoDXyuEyV!Ujl|i!T)dCSNVRd zJLEInTa=Vle@h}D|Bgy9`CrDruklO+=F1=3Le(0DM5#P^#Y)*Q%cE5klNkwhbN!ue zCw2O-qD54kW=k~>6)I}S>?djm*|MeEYqCi5`}Up-_`Tj)9CY)jA~kT!xT0(8$f|dB z>_QdvQ@yUQ|0y$Ps%F~v`WPLQGX5WkYZ8Sqc^xIof>3>S`n$1g#yGqrAg4GxMxNUp zbccSwJFtwSH`2Zxw;Xh1aZ=t8ye%x;5z#T?;Bb>JLZii^O0`CjD=eVd$$u8plBZtbeTMMR4zpsEe5UWRs}vEgeW z-JyxlO9QER!KKPF!7vh9Xqn1TS8|-qRtPZoQb}nB?3)sCQr}BPl=rHS!tYxd8mKLC z7@~IKS4zS`j4;QJ;J+%gkRs5+hh|=$O2uFSA6`xi16j4CiGV-Wy;HKVA(6;aB)^KL z_0s$Xr_2Pnv@pr^E13!7`Mb+khi36;u8vk^x;Y;TSqCC`A4X;y@Sp+C23#~R@+c{U z+r>h#qNQlLE#zyZFnoa~OD^W|XaGpM8(=0IK(dQv5|(4~L0r80fooFatQy>_h1&i! zPM4v~jAe$#%h>zpB42fwln2C*$wGKRGv>QD!Q?j_cctu^HQr<}oSvr{P0fDPACC8`~E2%96 zT(2th^^ml<8h|W8J%8r*d#NJu}JI<5ljSk|(fHc`4mi;CDfLI>_B1L>GY(Rch{>V@7! zfb4=3A|)V@g_T5CqWe&HpZKIZ>EiB4b@#wQ0&tilMo& z2dckNTmNVz<{(KZE~IduWMH}jSA!V@!D!O!1{#dca;!5rBr?O7>3W0;Jfn=o;NnOD zB|JnLv<#fPav5C70d!c8|DBr*paMSV(RsP*j=m;RQF%x3ig3;4G+us$x%c|Uq4okl z9C;3rbBCne($;KTJ3yq`wo(|mEC8lsZ0pb;IU_P5zJl4SBV>K|cucf3rZQ-r<7sGQ zFz`Lc#eD^>t4iU~<)p)l*K0pV8ss<=IHNoCjd>BL>v*m!3JbbC6E~Yz*=`D{Xv&#c zPJX^BS$Us7bA5kgOfnq#gYL992o-4Yj72P(47q>ic1LDEuaEnoHyMpoKdsKdQ>X`e zFT6vSdbL$QU#?1<`H*y_k;H%EAn2!jG<_X1$O2nocVwWj08b}< z$8$y+jBi;yVO%st<**@1J||?Fsv7SRJfW^@Vm8-vhf~Mz8Bjf)Jwr$@3xTP@tQ3rH%*1jar(hMU?PCt<98za$4)P0%S_eHr+XTcSDv8BKaUJ#lxaj$3DK;qw|9l-2Wm z$MGiKKzHO!3NjK)vR;FcF%P7z#!n+t=H<6%WPPl$`WtRL?%pV)8 zH!xl-_Pe1!nFN6zt7k!l1s>s%r6Hn5Qm=BlPY$nZJl9DtoOY+-K%a!$m2)o#r}3wI zZkD6sTi^4I`GqcVyPiAkYIr`M-!s?m_6O)WpQlWe$rdXlfI|+=HK^otLcHM=yT)og zOVuxFoDt8##$Tfi5W9|XR{fw)x=z>WX^1YLUo}eXh5Tm9vo=Ve0+SDo_w0oO(wj^N zo(Afa`6rRWBgc0j)R&k$-**jIg8{~PgnLs3YoseOzj=Foc4ZeI3lPHzs>H<3Q(8!_ z$M;>6>v4u;+V_Tzf;wdEXBOi~rKw$tOy>*yAJj4jz5*(80#mjgGs{~7Roz8~6Hv48;wCzNRkI1tpSfPIZ=keM zHyAm-KhnD^UXOVn0TGLZmt>GZ=uL;Nad)~R6&P@;MtEYBuOW*YQ=}Pr_N3> zj;18I58`qTNh3WY%-eh#WH{|l9Bd5O6!@KygwCUBAu8%=yagvXGH+jZ81#m?>&u%A zk>AD)CX9e*Ost9m@m5_EK}{SF6JHRuXXx8X(h`PZdrVE3QJM zh^7|edK|`8>8L%P6-R_H#OWQ$!9E`oxZ!Ni@6tS!nO!oR>m=X-UXYlzwvhJIlzAh; zF9Ifb!zOs6CV2FW&#q(4?i;HE(<-YPlJrh+8@Wv6NYStk@> z5sxEjB$vUZuL?*kkRw>!aw^-EBwTq`A|}(et|50FTS&B6EDN4dF-1iV^>wjoDXJ%8 znQ;P?QgL)kxY`j?T%WNokB!vTHqJ7tr1k^GqX`51F(7+ePWBj`3&T6ys$;ZrZSdlk zc@sXp#zipabx@BNID5}?bo|2q_vrvuxZDWwfjx-XRuUTQBhQRD|Oiq{*M+#(+O zPT%VbkiN>b!0Uu4D$e*onX@>Fcu6H0m94bZWD$QUWv z^>Hn+>=>nq^l~<~k;5%v+)+R1dy_!I9Y~S2oS(n!lUPX{TSC7k^oi#U23_J!HFOW? z*D-7l<3NA|0~vtl@TjE11(2p{%;~yLw?{@34brgB1GNw42nWRy1PZPhS5OV0jzOyj z{-huJ17ZL*c6YIii-?J9+TW7D5r7LUN12HjbPZ<8_oh>C>UY)2^=0`K&f6*>wZ8B{ z-{5XX;ba()&@!uUFc^`ES~{pyF(gSAsZgug$v7TyN__EP6!frA6#)=c2i5S_$(JJe$>rI}%eQY{ z{qyqe+w1SHP)0#K^L&43stLR9h`1wH!*sOH`fVi^N_oaIlBu?smJ0wqe>UoxYJ;BR z`hIURP;2i>p0K#jQeMVFh!rZz8FsQ~s<%VmAB4j&)IbzkHj~As%L2fG%7KA#M}31m z4Z~p6?}sjtV0iv3Q4XdY&DB8=n=Dg%<`W!%Un|#3O+_e^@C9Qd4g8V$_69xN3;eDg z$+awS`~?R>?mwG?B|)Gfn5|=~aVDc+>bYd7VF<#(mUt3JnDTq#4jkjzJCosvxXwro z?a4Y;T%184k~rfU0#y`}b77*IUt%b^dAKrTBDvbj?GH_T+92$?gVA83hZ^yFEf3`f zdA2w~CtAk=wE_b^`I7#j8~S80aQ%UXIMjGmP)A`)F%lp|C40p4XQP4JJ><~c5=JDW z{uE-xREfNfw5-@)Nzg!Sw87y;le^-{Jo zNIe`q=g6gfl*4pQn0;^34ajt;VfvQ!{+DC)%ynGf6+Mhi?~a1Wz;k-WetDLq!=K2< zEEQG4`TbOtSos~L{6$N>zUvN6joNhB!=rxRH!iy%?odLkZZ()fCP|!Sgsrdq1Wn&# z7|J{;XD|&$;Upw_D95tEe*#_c{R&N;q3fFn!S9dy&d8aJWN){g)?HIAsWWC^Jl}lW zWQ4KfV6~Z!k*FVb?;;Ilrh3+YIOzH&Q#cw;`+Y~Ao;PBrm-AQ)GoLLO-bL(R|%^WR>iaU8>TR zROQ>F>r+SqNfH(au#tdNY|GCvf6dFylg!D8+^}%bUj9zA&uN!PATu&@i}e>Wucw?% zz;imj+|oPS&Bm~6o!G<1pyRP_$7;GM)Bzt$_C^e^QtufgP&Fyqzn1uFNYUr1SukhB$?46 zMm^}-=Tv9VV_n}LTdg)UEOE2lX_9)K6#SgBfJN>S6D_xfwt=SE^af4OZ&7-Nok3#xg~1Jr80Y9xnA_k8k|s-1ZF|Fx-|9Ae)2Q?oLYV$_ z5b0gJvpwhxZPBzpY*N43>X=tMwVK#Lvb-F~dKq7g;;(Nw@#bXbD2zGdaDI0BO=MBW z9%IArHfg6hu-2Hg>CI^Z$MtXYhH5kk@xBm4t<}^S_>Gp<1Y4@|4)~#sY>di@vcD8$ z}4+nT07hoVC-$|8in=~pmf$~!?T1~tzP9b=_ zWy{0OzTcv~uAU`O!2}Iuw`8MXJ5&a}HlzN)S9fl!r^Rs-eIPUmD2Ed#X?+|gw>0r3 z;*`3Hh47AqwQcv?pwk<52SYkE%{Obcy1uL%tzKW2t^rOdgIg{$gVYJ+Gu#FoqH=_0 z#O(^~>Olt=jL;MaF+SYhc<2w>775xeIy$52G#7t9ja4qJ*r&N2PlsN=M?Ec`v_R>Q zCr`qtuXJ%AGXgLk3q=bVO#s1VT&E={ab{gzlb!8;&JRNy&HiBQjr2b3=z=1LmB81z$|yVA!*0*sfxT|0J8EeY4uZ)R%5%y( z63S3LY}rC%hjqu@VRNAQ2*Lv`+m(d6DlQq@*x-9~I37|hJ0QI21(wx>|DV~VLc|;x zp#sap%gSp8^;G5csI{yNHapvcW=@-Ewwqlcx~RUPoZwN+XDr3hMhGS-v4AjhS4>wt zHr~lCQ&@2e!NP7>vVbfntGKV|d|-=Q<8F(N8=V$4oon>p<6OR0Jcrs)Hq0S9DEj@b z?fn`Ix&zu8t7&Ksl`^WWp3*!VM3y(qal|egv~5?1*X;~D{%FihQ;k|JS7mdkO=6Uj zTNZ|JAgYpcw$Im~81HQNhXdbHApA*<47d@i=wg%J5vA!5M{Y1au<;<@t` zj_-b}Ws%;XUEil(yKCCi+H`_;4!E@Av0Z0x97td?PgVDIVB6W^n%D33eA?DBvZ*j; z79=iukm*fnQPEPjZL8{Di?Q)o2B9?ox3i0fw3IWn309UW!1X-Jf>0Ik-r4Rq?QPs< zp3l1eXl%9Fsnt%!y0sE6pe9#5S{}H;VcfPIrO_O+_OR3KSuIPesPP+Gs+K%<0>&*o zKZ6`YcD8#>+pEVKwAC0H?Lo9JuB@9l@P!zx9eZ%CP>e*9c_`Ap=NwulSV4cwIxdGp zMm=w!ZA+s4X00~LX7dNvL~XX3P8-%<(^lAqJ%8LZx3=i1VHbd?0QrMZ124>AROX6S z5p?~g?Sl0hzSr}-&cJlg9M)=(crA{EM8(~cIf5Hm#l!6zpf|Lw>8#i6cunO$##RUV z3eY(2T0`pPHt}dYXbu{UrcIM{YNN&70XyOu<@`2I{G9cnH?;NLW}Ef99qRY3mbCSu zUmaMT{Kcn#CZ~UN|D5L*EpeGXkz2kkFZ#qJv)MO(4nIa zwH8yeW9dXXT0s@sQ5huC&oK*9u$=_OSdd=dmj8yG7HzjjO=@-1t}0rm%C74>PNVP& zhB0kY;Wr-g$h!UpL)vP#z1GO;M3;TD1QQeet!@ABW9olTLmGK3xxh>sW!deuY^A)> z>@_;RKeFecDXUb<{C4C4459=tBe4T!F**fOQ)C0->l7H1E=Z06Un!oty_~IvHN8fs zHyByFbEs7XuJsLr06C*`A=JqeCyoCB(I+uH?i52&+I>6Bc+~24TC~}+w$uO*c)5i%j8#xdbC*M}ZJYeMtlw^R`>m#Fs9mdF%)`LQ z;6fD$B302+Y1^_OD5~2yZMIxH_Ik}m!)x2eV&3+tDAlK7w`Dtm+MeGYcSZwicS8Ad zgqGEqO6qvFffS{7va{Xo*f#gEKWvZ23QvlCHM;sB;G#MTyK$?jE<6i z@Ug6Hsiy|RK?O;+&#)yp>U9Q9(|Fee0-eYtN$dRRv~$NLqm53p-|@}s21rz)J?NUn z;`OdAp8FlvYj<0|^?DntIoeXl&UUA1FZ5oc>$m+*$D+9<_N1H;>k>JRZVrg}#+<3- zIJzO9(N@~-#O1R@J424woQ7N(N@)ak(t&}rw&=@p~RRSTwUTWt6GCwC_wg-DbRaNZ54fgPP;fiv3>l7wLx0rkTO4S}%nV*YOcP4ep2l=S z_+Y6N0B75_wBxrMU9UUr>DAZLhnSW7Z`=T0K%u|wxolB!!L(bp@o3Z=_|0Lr*)z?7 z_gR8I&BZwiSNaiXK}Sj#g9^z>h6Vo&D6#S;OYO)!zN6uYAv_aOLZToHshoaD&=8kO zyJ@e2LC0FrxAS=hqamgJHe;swMy>V( z;_vJynYj_D5OE?bAO;zEJKL>6&I&hd4#u5kUmvawv0iO(I4!QHF}Y@Jj`b|~BJ#l3 z*>2bt&vuvf$Fwt~ra7~AkD#hAWRU8$-e$dKpEgG3`KIy~jS?DpQ}PDy-#3_#rHpZ6 zAJ^qRHj9_G+6~$pHEXrEafUdDX(Hr`EJ|~Z6!E&*v#p^wU<0A#%HI!2Zo82?b#ci| ztGtrf>f62!AsG*v4I`&EDy(1<=~GO+abmS{4%8NF^;)f-zGH{_j*t?VG$lb%5hskj zYuD67)TR_coh?rGSg+q3GzMecs?6Kc_GddT3C<_jM}lE^m9=`d?a6O+I^*GR#B_Uz zN)}j(ue4uCMN)dSTRl56x-%R$o2=6v;8}@M$2VWMRA5+$9j(tsy zHiQ|7Azif|K!)-nU8`qDfm3hDy6r{}Yh7yL;OGR62{7~4AX>d~zcCy)3@;kBno-1k z2_a<2M>`Q5Br;&Um2*jS8UxB2qqdr?fs7jfP(P-iI5CSvXvR=h1tE;+47fA21*!JX zZ_!5E^JPr8g}eJfrMRgKNO;+HuM8Tkaj(i&@M+-qRQ1k&Q zvn^U3I_?gdjj>q)or);JY(5Vmo>oQZe>}Uq5X)j;NV-Wtq=LA!-OQ(9(002yY-roS zK*uQN@&r^UVa`$6%q8_Ue6QUZjyfIPQcJH6u%m-gp)Bk9yg_a31W%4EHU=4=c06Uj z)gSjpZF8GUg4C)7+J<7if*VJlkL#^QvtMsE8jZ%F15MeZZnQgt)_ABRQ@~U#HiQ>P z>WHvn>uh`gF#1m8(3e>^9b3H~He2Iv!|O{IU!jP+4D_^4o9$++-N7h0>jrHNdV^lm zqh>8y-u4^#8;?DEM2&{H`n2m3V6w!B6kLnA4%9WSjoxHNF%>D7X*n2;dTgXULON`< z1apoNW`AIN{+PY6PVIulSJ zMxG+zZ3rZYUOZMVexStKJpJydJ8CxjW-QY4`P=NP@k|eGvuKYpAy{_Q+5lrfmQ&0u zL-+g33(|5rJuu)ln*%!m(;qfQ9k12b4VfY>c;Z6_93sO`Nw$yNXxI^!?QVb6?=xRF zA*&}~!Lc)qonwu~7DQU!xI;bWxAglE^MmO{)?i=+EsQ;|Lm)hn)qG}7qv3)?raZjnssW-B9_@f|1;&@Db;8qx(U~1yBYLs*w?U)rwS8^D?kJDFWgJW6$t1)8K?zD` zm2N?!urehNZ6Swxp5JY^8m4V)Yl}WGIFu;teR$v2PQ}&P>-KbLl@+0FT{G{^;*`Gh zJ_MZgbNhTq+m!j*Ce$_oQkD(J`9 z`pt1uZ?&d2tLJ5HFz1#$b#^rTxZQ1zJ0qhEq9MI77>QM8tc|fk-M|ZZXS=3{%Ga9TctWsAS%R{4 z$DU5wAA8+lmr^YDmjx6tV8jZf!6&h0E+_H=eUY39(SR7zGEvGqjI=i6bSnK#q z3w}bu2I8BxQZeZD2hE-~g~`xkgKlQT7&zDL1fiB~-E216j5UW{v(uCz5yz*<22D;J zax<1vpQcpCN2ok`Zb|fX=#9J9((jmS(f!VqHQtmJSSySBI?lp10#2{hY_-~rQLRRW z3Sh$0@?^lZaQ6A=jUl5u81>tYLAzJ0DMzExRD+1PD)no^z~$#E&_JGx`7osT?be{r z2IU)R+01S?hql=3H9F#dLvy6nYK(hyE+J*ilZ{r7HGOeeI6S3k#vOY>sx<7Y#;;BQ z_CAE^4I*;*%Y}8%Hyf z4WP)vyKH1ZJ8@$D z@Wz~a*HFd?z?cnYvU*XF_df7g#Mx5Huvht1{cujbDf{1Bjh54>kHU;O{AOYi06+&I zw*Yi?h_CT|e6QYe8qn!E#%gim$G4HV9Qe}y5%hUqKWGg@jH)gnrqej3VS$)RylDF+ z88U{9_$gL(8Ue&0C7P-8xibk;z#*CKZ|^5@Jlo$kAl(NunkKq!50Mr z@6qzELCZGp-`?KZC943t67U5W7R7*=R2kx=qCVqDA|~&dxM2i`la+#-gGR%SJXFFi z#5D%dWKS9^5oEyE4a1)cg)I%GTmmJlN^3PIRCkI*NZeFDr?<*&4Utz@Mj*xE<}sav zc$Z{p5MpYD7_x>E|GB7Z8FncXm&G#E=Kih&1@-4pg?F^Tu$@~5#o-_bCLWWkBbtOU zCl@sGrtDvpOU;8v_+%HMH-BU)IoErZoJ8X|hXVjH_hM5MEAU9KJzS_3#n$sEz#vq> zmkY+om8*Yrt;!!ZXayVu;{U#gr}lSMDR?1%<}-JkFF^i@gh>NCRF3d%RR!~}m^YvR z)vnHu-ya`d9Dn(6czXP+j=4}HyBddd!hf~N&V@1jy0e}8dzXw@7~cwV@M*iVwWE~J zZ7|SJQLyn)v#5HoI4D^6sCIBb9T6+ZuH>Tvy*Z(r$6jC%Pf}A5SdaIG^zx-nTcz%K(tp!k?01P*>)$ zNfrpEZ0m38@QplAzL&=^xn=Aca0BrU!?I->Y+5QF2*&n4jwba>mdxrZQ*P(|<;AXk z*9skSYL{3`5j{pa-dqfmQ64a!l3Tifn?@Z$nA)L`JC%(_jc*ZW@g~sp_vkb|(N5DPYYreF_8|lL z3#`9wD}}F~P8lweIyzzN#tFL%eB%tt+UHF=Dk}~)xX)4=gn;6Tl~(r1O?lZ`4$-Gr zxK?w!dn8T(p#jUt73yM0JH)}tUC*cSt;(Y-Y<1k?KL9i*&t@~4Ko-t2p6mg~u09{W z|8#uu<>J%n>EZc5oY}hCSsM+y)F|$sZL4&?_VS-I8qVOz&823kB#A{%ma)LWDRGs_ z8=8<9<+Lil3(8Xp)dns^^pwl zNtigx0D_egvGGH|pHCc|^MDh`UK2OZMB1Me8pS`ez`G6?2+tm*x#WH7|CaGo;dDd` zA@72f%Bte&)M^(ooOu#M7+=Bwd62w=l!@OHY+8^+#R8Og!-$md{_Wuz*(V=Q-X4*C z;y5zJ%UZ@@T!L0jm8Yu(Uhunc@Og-l{GZUl?2o_=7KecDn7rfYZ~NvBdz!x z+BIU=Ms04-6J~BoS(=IODpXECCV|)r@8njbk;WRvz)-5|LilkcLF?W^%i|zqwI9wu zo)+(+gD~Z_^G_eN%L_ZLdtpH8iUQj$rz>XD$s}PDnu_fnq}6q*@nHGz@$&e9oLE8& z72Jl^2sP}qd=uGwTrG1-qByFL!&n9#%4BaNO1Z@`wVYOG=(O>Y$?p~|r#ZFS$H-$? zsx=G3)M^kSA~QZ^zBsJX7*CdjO#+@KW*w`R18@z)Gj`H^7+hlt&(aG_mN?o{E$`13 zb*r9EN+$!#_noVNHo4+fn(yFbKf;IRYZ=AUtkwHs_7v@WEJ_9BOzM0lWz?X+j} zw}QR{B+Df;aSj9KqAAX+gR8{N&np6}uRv-w%y5ciV+?6o%s%V}p=SewXU+2sNl*yW^s0nA3#^6$?+_Lkb1>8%_B9O;z?EA zHdGw-Ou-2;O@{RaWgv&KvlfB}MD$%%WSAP?u*u<iWyOc*@zLRgvr?&Db}bytPYonCuN$h~j{-pf#v{R!Upy zRVjD|(o@utxa#11nd5R-)_C;F^{j;2VwEI%XC{YaP_{t~<(lP}BFwNWOIb^Bg{!TN zme!VH&s^|&t3>Pr@X;I5d7?o9Z<*x~r5Jx?Ys$GR8?``;!PbX54 zmc($f1Aw(q+x*UjbDDaokeJ1Z1^S~52mzd#G$xZkiVv!3N@k2kK{Od>AzXgAHe~q^ zo+g2=RGm)Q0=K6aP@K#lFZhQe(rmWcHkxQWCX~GWaDkogVKFuFE?r>5QgSarZ}UA8 zWwR0dLr8|x#eB*@fIJqQx(0kvxJtZu#&Y*HEpQnE_dz(6_l21)hyWn&oWA)1serqWbE<(h`1Fovi&dxSX?M`!319NZxPsP+M3IASw%Da+erBZ?INeIunU{DI6h87pU!pK z>VtU8x9S zhmb=u!jdLD4l^yr#e@S&3CzV>DHhVOHS(xsb(1ohszeI{49uXEd9=nT6{lsV7+ADu z9t4v)s)*wkF-&w5>LVD$CS9+Q%gFzcQ5D^i8iCR{j5rV8Cby2Y_pMtse+<|Mfie=v z0|9=mw#|rN9LLcWJH+zx;>a(LR0&Q{j95BG6_X@hA+=Qk7>!ID;p&{-WEj>dz2uzM zLlvs$0kMwiN~wb=OXoSmEA*5V-Fk5MLnUx51fKgr^XD+~5p;lkO{KY~Vw6Ji#yZ>4 zMEQWAL>Q0ZPBgAv{RUMvqH&Srj~qas#f<`+ibXW?*zQ5CR+t(4oR?xQ^_`R+q03n);d(cNaE13qU>?#}Fq8z=HGGmlu`E6Y^1^7MIt29)cGj zB@z3YDpeC=E99LDrDw4=1Ar?+@W?n^ILgk+S(+nngM#2(8DO=jfnR-*1f@Gn&Sv3bJkd`c7MW7%^RY^3UeBI+ED>c#?OlLtPJQ zI47qN%&TbZFrv?EsK`YJxO4WnmA< zFSP>%fvDaGvq0>RcbBK{6~25B5up&)FS5}rNX4(0>}y)9U7)okNc{SoCh0=j0q}5i z$d5t#E*tHF2S_wmA4{BipFqMD9wtFT=5zt9;0(ELqKa?XXd1`YvO%GqfxT*;g<)Mn z*U4fd;2p)VEkEG%kS++%yealXxn+BTkp<>FP3SEFEWP3uW-Gw|T@+z6CO4H#o|RDs zTy51Hg!0uI(0&@F0jIM?eFjfxb|t$jy#Y&K+uxPMDT$wx@4k!T^to2bX#5+XZ{x1p+Y-U^P|!` zH1fH=!xZu}0%ZZ5rZjm5wo;UzCUYoxA)}Gdx)2-+rby@+DdpGF@RA_{??P(22*xCp zEcKeaB7;cKC5`16{laJxE^>8(byZ=0EzZP{6=z4>)Z%1M1?zNXf>WLV4ZC}ZWc(?3 z&t-)OIPN9BqLEExX_GSj)A*Kzv1JU0AEAXE+2n4atspX$Qc{|-3J!|*e~6PaC|vPv zv+p#{B9M7M%VKaK00FuOIg5Q>6Y_!4PY>1MB82x04`>wC3Hl2O%~eBHE{oDLnobW0cv6xq+LyoY zm*0>n2pR*C`3jUvbPd|s0dX~afV)RrRnA@fTO3THFY)gWV=n%4_W4Ns2WfU4^bY}o zvFt)fa0X;t+=}ryAMdM;zkE+)b&VDnFk^gj;Ju+Ylz>vR#u{gqQk4mgCm#Adf1@{a zKTan59><&=?f#TEqn!dIXG%p1=WuyyLQ((>Z)w97wC9m~3`(wAwdS(iGx;&pMx9so zEm-cVkOD6ra`}GvoOy;j`C6zD#t!H4KA2+ztkQ`%!}~t-LYlC;B%qGCaoaMSeGzB% z5t{^&V8GRhN-f!zl%qp=*DehVx2SAPp_xk&65>B(z^ohPfNRSNjZ@R|y5O!YMC4x$ zA`H604J+fVmp;wD=AY&%js8VZlgWj$$`)h>9BydU)xK&)i6DYXdDVmO!>OIfM@byX z(!vnqA()`C^-ZZbLGw$Rcv7UKHSM!hol>T28-&Cl2KU zu8zQsA-I8zv&fSnVUq~JF6D);bV)@5;7iRJ_*0$QFQOl^4tr<(Fu@6;) zoGcAO=X=Uouk+WpOz3n8@!`Mtdq|^+a{o!0I`SuZ2HC$r z6Wm3tNS3mMJCK}Y^r77It_~%FPOhqRa!PrT%2al&fuQt=alkO%TCM4jBZTf1b5eY$ z)>`>9w$XOT^6NlnF727~-sXk^s)DBQ%s=~l1gV0q9K!opOKRjWO{q8C2LX-cBxaWnbqk319~Zfw)God7NdTknlZn)ohSBLF={z zE&uiE=fTC7&mZ4^Iz9e!d2)LE@zdq6dsczUnmgt{CUG`*!D$9-m}d<7l*Qhq?Gp>? z3%0N*O#-aIjG{b+Dxr-r%GWZv~j%i%uvA8D@Gyi(|9lN|)yl;~%I^-YX=sb>7d5`F? zKXH~EkY=ONKxL%Fh6AxX8Vx(O85jDLax!8pf(#Q-GvbI`(SKzLdm9L4T`-(|O*@ra zNo?Pmc;PS%Msy@Z{y6ii9{qCo{^a|^?+JJMRT=GoS?*~d`foQy1Tolu6p!h@gRnCC*aE0=);@f$;r`W@-U(-48^e$ zvT+Ks1}b?w?$(xQ-$tU>ePDHG5F2(T^OjgZaNp~2>Np}l{)|!p`5)xtoJAKY^{$nE zc4+R?3#t9qtnU=OHRN@gul0Q?-`T6lEvyc}RlXA2`;WUdPPDcsg@j5AsO$_Q?JJ*9 zbg3sDLTZO_{acxBWEM=O7_$vQgy}*#9uqsTkOX68HjRur0hxkv0;z&^R3%ES=y2tP zp>Y@77b9lE6F~*QSein0CrIY4_@yYiDBlf4T)S3wvTL(idf)eS&**{1Ig)dGu;fVG zh6#ETLDq?w|2NlcfjKA?>t=W~Wsw11pyW;cjTo5B(T70Vu`QvCMuC}f^+*beB7z z;n`mukn-qigw)9LMwD8OS=p7ZgOrFQ9gxBZANICdfcJbG#KPiuD#zi40gKWvfiIhY zbK-!|k=JastDfY>sH&g-y7<>{I9#1oFW-m*&%}FRlPCTG`RnhRkUt7Pn}FIJ1?Dlw zan{FYij^nj-dx17#l&*xbRi-rp3xvWs(wN6X-Ql7BM0+IRot!x^Ln7R5uu*PKqR?l zxtxFX0Sp0r_6wcQzbt)_d-0qdkRRWF{Js#QB!AcJtvCju)ne#!ov1afVxI3iD)qib zFjzN2^}-kNLe;|t3SraZ{JwlrB&_bioM#%NV}^w!P<4i@*1Ey(ljprMGFIjvq5V1b z`2HA+>2T%5aHt=9+m=0Fey_wldC-FWK$cK@NBJ~3ijz6{EJR8nP1`=2v5NOV5iN}s zayV0N3~7uo7JEnnk|+UrUz4nRWCz*Wrg>LOb_L3=fV4bV+l}~2QT-J<6fauOE1Zu>|&|q#QU00?eMH7RU zke@CYcbqq+>KWkf9szqi7^9a-bM_1QJ3^hIxubs$t}^^;U;I)1$}~>WdYXn+Z|NWF z`h7wY7O~p{(rXwq?D_YHN41*xf55Rdo)2Z-B!&1Om8BlY6onuRjrhP);wB^NIk@Cd zk%Q1q*V1^RiLz6l#XeEk_>~%^WtIj?g$>3+CG{TF}WIEDT3XLY@nL5XS=M zw-fN}jvS(M$(Cl%1)Kor2~`Xje>@ z(}MDUo7_4}3_jR6n+_R}qfWYypdTGaX<|@70ZZ5$ZcCP8BE>Mj{1%1tFIGeb4O=WjcGGC-q=||J7l&4s6$yPbx?bV8B2sUUWE_FcQ_xhfNxi`l~;n#dMAN`mS z;`F@QlE{*-K(;_A14&#v_nUMD9FVR3Q4sC(DXDvTk%J~ehTQUKn*Tmc7st8CzMO=j ztDRK*sBTCZyL2?q4#-xg(U@(mdhC?V;$(3^wz|#MX;A$r1P)?*%@t4RrkagbN3;bi zrJON&pQOlr{pL1QZK#_SR5)pKM=be-CKY{4qF=dIbBkZODlSePR3_ZhasplFqnJ!K z35Hl$Phu&QLiRGA!)T{w$&8nBSH&$LcP7NKU{zYo-Bu|efQT;};s{0sCt*>imCvJb z5`#UKxiIZLhf1H^@HHZDBWYNZPEPCRZMX!DR0iN#1vYRD!GW>V%wmxn3`-L041oOd znyIzaYIFu-E!Bz>hmm?WOs2u<5x{q-%TW{Gux zs->BgNfik~3&hIQB~4Quv|zXFn&=$qqp%`b?D{E!-xa)eLK!ttjMh=VTWx?&Hb*3h zaN$_?{BU7Xw9Ij8!`!6dauU)|9PQs*@mQF%Z}S90E%1DVIRdW-2KFfosWmV+f*c|1 zL$R%Nig6$nZ z%ws}kmT~gDf};gh4QWujM!N@cUqiuvK@xT>^HJS=y#rJ96hiUWSGfz-J-d%`iyvr!lr`4bN{ z{d%29qeWdVHFds|vjp7QEaT*q2~~`jwt-wm){`@Q5}s0`i3+I9!M~SVm+2B~OjvXM zp0r!-Izpia9ZIiiqRKRo9kr}o>rHnToga!=j3cBrO&5rI59n21Lg&l?UqNoJ4gqC8 zxw78-IA;k>F>h#fyBholpwkLOzLtlxR`QUeYSAhNYf1A<;xA z#j+DGPUbNfH0Polq0t+SW1NNBo|L;d^ZLP8_u)>!S=N>Ava zS-AKGaxX64?*j>SjkGSGN#l$&_=!e-I%Ploe4&N`wFn>_0|JQU*b0b~n(qpVM7!~! zcrq7i`jK6oH`nUWYLJNk)=71#@F z;962NI=@|WS29*yJ_~V;0X!~oJ(?2xIdUia!fSIbZW_FdvUHxM_aNV?9U_vMSR6nP zOs0BRURf^Ys~7-ScuFj5d2eHR2>FG?-BfNNaLnYM09h!v#NHwXMDe1@(_;D*cW1rn zY9ORQ%2)VT0!532HX&#Wh5m z->!LGtR|Q2nBuQY<4Xc{GR~}$uAkY$-L1jw!ZbjGYQ*<%G>;u78vj2ngIs7pe_^Es zDb%z?;7ZA4urTKH!+%Js^X|plNG3 z2V^UkL7^6xR)fUcNwv$~`j(ocDSaG>s+YCMdi6JcGdx*^SP5(qcucu&gG%hkpps)_XnZfy&SYt9-0Nr0N#SP z0LUt26q%G>t6hkxN1#^obwS%hbYf#^SD9}3TDZX2;Yo1AB64|jMxdOK(y!$0n8qYx zlQ<2~8!K*$or_&7Ki)C1^Vpv_M$%ZG=95A)y>8wPW>t-f{wtS{@XU1m|lLbE8m z0PW}p-A1F)5bL7In7mz@oazEiKW2f?kkvnk(+z98TBR0hHC02)ju=(dq0r}oFR6nB zC!v7&FEma%3mNC(Lg>YShc;9%6ca-PxY7v~Iqwi*FHMRV8|ZXsC*K zS&2sSE0y6>uy2;h%w=9faVu$}Qnkc5R1Sxdy2t}vR|;+FNzW;Q2^5I8k=5Nc#gJ`n5r_Cy-hd+Hhx5{Wi>iLfHy|_)M;WS)Q|2uJ8@XuWm zL_VNDNOQQ@iZsPq4GN@BHY4tIh&QHDMni%!Fn45;sZVD=o*%wN+J4<}_U*qhubyf+ zyF$zS-vxjFm;b2!VK0lP?qhZR-&Uj9EY<(*_FDh0|N9ajQ$q1W43Sye+d`Y{ic_do z&)ei?bRy&>`@57*+`W>oETt20*1CA|%hW5VZC{EqQ~oKtG9OsZGKDTe1b->n|SlE+J=m!Dff@3KbAL_#o`c;LZw zuWe!ZP*%OV$>`R1tp+@0;Y{cp&WNVGG%y4_&gLYI9B|-$Pf>tX6(4Sf(f&F*IxB)1&K1 zVqMoS#@gyA1a&|NI#<=PRdh0O1*tNp4J;|DZa16#-CcG3zp*NtDV4I^`kr0MkA0noffuCV0&QxJ zHF+VMP;YTw7}IeT@DcK*4ScD6M~So!G%PQ1KPL z52kvj#`uwzVV^}#?Yo?9JL9S(mE=uZL6*9p*vs@?@NBzwh{{dN6>S}cA^ES<_eE4V zSsJ-~Dc1;5b>|SIktR%DhXH0o+mRr+(wKcG>k2Vm>@(4v63L;Kws;bZ0;Yrn#B~Vf zn6i}Vl%|4stA?kz{?#&ZFH)MaaTZ=Mh{DwXp_I69HQbF``%VHH#$h~Jm~F2s#ENd- za8(t1975qeF-$8nx`r7HrHFg9CFN46O9$FPtwzXqDzd>PfBUDK~P?sK2rW z`+?)?QqUjlUecn+Qu&zbGA{d@Zj?1-pADco`y8?SaNchrZ>KSv?RG?#SZ9+YtKY<;F+EKp|;HU$)wT3V?TsrThw)WW-{y4aRH1XcXo z|6$$8e#|&Hge8O~RKcRrViqTCRlP+(Tvtf|g>C~5Rev#0a&_&zjpF=PrK;{0fXQeI ziDVK8Pl5mHgIOj+7__HiT{LM+MgYHCy5I^p-hra3ViGA&G2E$qISTO(%aTj9d8^h3 z79caY3lY0vQj&uhtONGd3n^yx9xVT(c9=>`+ye|8hdT(z9E@e`R+J&+DmGrs2@|qe zs_|cEG1Nu7W{8uYFc~s;3rK>L+oFig>ys3_#-U<%%l#_rLmnS;n#XyGr(9%7iv^qV z3G))b2(W6A%RFTGRpJ0iSZwjIg)^N`A*P(Tq8T9#{(t}P|6?YF=+H(#Ux3QbdDNkT zI%0Slw0R{P*#&?>8k7iu3c6L7U>6LAx?kkvZLTLFUc$OiOF^z{TY?l)PpFDOs2D*@ zZbH#bp^#-D*0GsN@Xls4nk;m!3Vk}(YKL4)oG7nh`X@Y9D8Y8m z_52o!)!)hkMZO4)BddKK`lzrD3qxNT8BqZF(hlTpsXYqHaOKnpk(g+ON0&To0czyD z@rAccWtxht&(c#5C{j?-n|6d7mn~1(oY!jR3o#8zCjHA(MsI>}AqyXqSWcC~b>|G~ zNM68liLOK!wP7jK`meRudPRQ>)dgJ@r_slI#&C8$K#d#e0|M!5pT&Yak_ zIyt4+j8KBQzAllZo!z;524E2h;Ou}!Y@j(253s%&S!V8-G$#L<1uP|E zo}l`bzJ`L-T-wz0*gS>f{I__-#X9((su|EFj~v>|5pXw5|j7^Gk&;zXv? zi`9z1pK#ep4k_WjiNgK&g|LJJ@y2KC<|&#cRiFk~fo$m}qBD6u-JsZFtt0WU!>5S* z0w>9r5##BXc|yH3@EG6U#@FlC>$`g9Fi}}2B%~U0oR$C>ux@ai`0B=0Wd*Td2%WJ| zJYB1UDaz!FV%V!P>Xb*Pu?R7T@m@ny@7D3%T@YueQW(@NqOc`Exd1^6Yer+Vna=7q z0Ls?oa z^zD&~cT_5*d1dR5J#tzM*t`0*NZvWdGKw+pL_xUw#{n4!EQA^(nzb5jR!82;h^akt zl|_LFCTYqiCCac5C@L7rR*dC-Bzjidkzd!f=EG@AAgng`x|7rGH z&32~{|I_aDdjF39d5O<G($2C*CtKa8yzo%cKsk_=8alI+?uHUkG!m#MJ zyNYq(5yWIkU%sL(BnU9G@f^r7??=x8ab-oB|2vM>ws%K9+8HPEP0TtGgZkk=-+lmz zEQH|kH6xI(J7Mh6@PR{t5g38t)A{?=4HZU^uMH>5_CvA34Z1c!MV7=O_wVMzfe{D} z8U*?Kj6li1I0^HFjf1Zncdac4k6K7DfEktoV z6;Ys;>X?mAVvpd-_Q5y{!wu)5FbCqz{6z50yEX}9zsrz%fK&bhGrY_M1!H3W4nSGz z$6d3Ez%ROf2!#_;je;#~v##x9{Ndv$j$lpn4!I*IoTz{$olBgNrBoBlxkJ7cy31EghTi0@`{wp=)V)E?z8&(O62y z3SJ!AO%c`B!wFtWgB!+^3G+`NY@8p_=xux`G3++vPmvc(Gh$XM2upZDvox;D^8ebU z`8=Pyr)XnSUKq523Oeq?iybRwCK*u=9Ht6uP{FdtDl8fuEJzgbX!Irp@Da-ZM`m=s z`z-g!#`#$}UYx6}AdQ#>5dzXnp9GT$xFA8Z2hKeC=Z?63>|L|O3F3z`+S2_P07 zCoetp@;Hcl9ozc0P>u6=UtUbpbpAr;1-}mFmm&Yml3<*_ zU+>7pbucHF?=Q%W_%-lkMCr@1Lhu4%5?_QD3H#?cOOu5R#CB~u-o>|MMx%v=C{kBo zW8nYh2;L-)*XI#E#U5!qu?)UqU4)FyFN2D0V(|hoXJO>GG_c&xK21%$Y<))Ox=at* z;o|>Kk1yYSeEYYH_s7R)B#!L6bQ6Pxv3I-#FIaT*LlRd>lpaZ2Z6uFn!yw?bB}MsiEC$jl$Zc!V{wU|~GQp1PqO zb&aX>F;>hC-&{9&1y<)$o!9a}R-l*AfLQfohKZhu_1H>vtVn_Mi=0bT#?#fVxwq1b zB1Fb`Y_J@2o}o2DO_2grJkROvyL1+w(&Rdu{{Y~kY1vVv&z*Odr|-#}Cg86@uTAbT zAYkb@3KYy%cUqv}A9NNfpDMm7!BA5fsYlyExj>#rY2e z-o(=9$$eMiG711?_y|DA=qL!mmZ~X0TyF(Y2EXQcu$qD;2Nv2(Haf7L#l!PRm(51! z+_Si29@%JdNkrM~_$%|WG)~NBxDyjZK0qBgu@9Mg;&B{rJnHr0nI>sEjjccdBwYQ3 z(f5UjwJ7$PL(WtdmPw8}ARj)SpB}y^aYBy&>*)Qbi<8gC*r@#BX$Y?d@W(+BqpgqP9@?lF!fgrBo< zP9HB2Zi=`)oO(fc#*=+MrHO{r+)r{H-=FY9A%YywXb_^%3I8P2_o3vCQjS1S33v+d zt;JQZEAlKQ{83uZ62bv@!0JP6PDRnD^Y<#XS0R3zq8PfI4-|F9s3}=%3-WbMKG?Gn zu0#Y^5w43C2!`9Ecwo=aXd25fJcy85RxfH#+4GF&U@76j83fUx+ChZYMm{BhCRib? zK&+tu5IfWJaQtJ=kFAeG!5@_t_3`ZT!c{dp9@6s@6Rv7~ABw-VPgl{=LG6~Xyj?-*7 zEmE0=d(iAOJI>9ZKWO!vW3Mypjmw&_$vdv(&L*q@m=oCyO35+DOn8K>S~?N;WzAzG z=uLX4unYz?4F1JFMqZWYc0bl=Jk;tfg)!j>n5xt9H4^}OfhMW*Y~6eGI>c;soWDqs4GE zX99+b#8&|8V-N+iY^ExU_y&>@)9(?egGE@2tdAXi%FR`KWk|0(tQLt+d^s9U$f?-}Ne4vNs8^6~@9tJ^Eb@*(!wvax)C9D+a3SaPtIg+|^&wRH_iE9($z zSo-%bvV-o3dxSZ+CubEp#Tq1U(DdL0Lja;OFS$%T0WF+>x z&p4Ki*VwTvnsu4b@i_2QH4SLwN`8qItEc=PW3hRA0nu9L0G$KQoG^@UL7X1NS>!LDpyym_cf@Tt@W1_r ziNmpS#x2-r@;`{&Gk-4Q*YjJvu$w=X+3SV6FR2qt^9JNp9Tl`nQ)A=>K2MQ1ut_&d zm{Lw4kW`hJ@~|ZE2U1&6L+?4dsbq>NBvqoS#FUgyB%Z?ae*{zf>t_F1?S3nmvP{sg zWQwk#`^=xG2#ejMn@XlwWw44=m6&3e+IsHK9dQoq!FjAbUu&N&*W5CLQso9ROHeJ~4Bejm7ljj4r5YV7KO{O--O z1JZ5G_Q;IQ;$(3^THW4h@W&nrfdutPtI@C@>NJMpspVew%*@$Aep0B~3K;9yK#jhFB45m(~j zyL%)~WWD-aM+PuUg8c6mneyDOrAnrlF;qWJ-Wn9aAR=RWgMo{78!HCu5RwI0wMv6j zCz-6$zL8U@sV&ye_bD<(&E-<6o{lLh)(-%>#QrPc-IuuZN=#X`q@_eVn};lA;lh+f z<=RyZ26Y+nTD8OWNHB?FU9?8VeCvQxC_-RwI4JR=CdzsBgSPrukyb`oYfikR$1NY! zHpkyAs5xly3H|vD;t9Hj8d3^d{o+;Cqr-xxcd9|P~m;yhdWO4=-ZrpvA zdi&zdXI9i+AYKT&DaJuAb$3Xrq;0nvh4R^{eFEgCO}eRON`*g5QguDx+Wwv{<}YS+ zlil0Stmo^d1c|t^&pcD~!_P-wvHMp!Xytg9Iob0}0gvuWe(s1nXbfKbN=|7qVM`qK znko3u%k$*5m=Z1Z_e-h-QzGs7f8oz7ZJ*y}Usv#i+>wuS77+?8*+V_>^uGvC>5D`` zyb@E`*EFGmE!852WC}b5jN!-`NbtcTSI&PkLQkS`;s={wB)7+k!A*AFlf4**3 zFs0&N7Ar;8=o$xKnJ?B1#88kIxtCw-N;aVhReS;iLOBm6XtsT3YF|eoq+>`XUIqbsM-Jr!&kb$5r2E&=lD#SO zvydg#IQe&WyqJFW#bQ)mY5SxsnFSHpNq$VI$Ie(1fQ2%Se4Q9^x$2>3rS{dCa>_WT z6Lv<^X#sj8oibuQNM`utV*w#Hp!S<#iXEr2hAGb-rSe)#i9?oD*daAlm->NMxPx9v z_nF83GW#s4j7zt2@C0X`nc7#neT?{C#hjH)u|@x9qV{!|f=Rkd0qgHnJzcI~=mD+& z*}0*+e-);L!I*gqFI?ipz9a9|15gImU=8P2P5sgMpi8=c9o;7hV(|Bcl=HFxhfvg! ztZ_t%n|t1sm>A)r0%htcPMlX_3g93)3QV(v{8(U0WGcnW_(-`zl(QJ|AH9V6EJ_0! zJ~GYsj<{P}ub}$?Q!>typILv#H9Xyk9S+E=VAF)AY@Me0LpO*>LT~E}ItwLo z=TlMpN|rYT;B1gfF7PXhNp~9Cm~mnrGzC7?qdPL1wxR;yV`zRUxwe!?b{6~OZNQTZ zlfb^u{0U1Rk~9B}B+PI2sYpG0NN)W%l32glr-IlDJ;$sCTnZ(GTOAI0wQd!y%mPg* zzvlZ%7S)9qBhQ|F1xv*0bAPnITc{>6PU6`*dR?-^86zVW#<#mw;1ipSna+dHh;N}V zSkN*6m3kG5$hZ2rBQ6>z_HUXameOW95UXm;Gy3&YL~m#iirIC=X{|A2=dmx5XFORp z)I8~s;{Y6=G$M4w<1kAZiR7yZp=8byk45QIBGFWgxpcKuoOSOQ4bv$(OX3l`FHl^* zw?ENQr#~-|ZuVGVC?a5`J3aqJs;(fU3NZdk-P zuP2Q90sIS)y0UqF4!x{D!sRdur}ndlyqDE+L5HIT1Uz!mV8-Gs)y@OORBaf>-*v36 zdYeFN1oe#Pb}4N5xg&1(#Y4lZm^#lpWHfm;Q%Mk|EV-c}*)dGqB_o#JG8U2aHZJg* zOW^RAjgEbiqD*W1*o3KL8iZNGE~g3O(>U~%+@hE&evKok{V<*c(HocS#0hc#`uhs3^gr;~5(Il0Q$3K7^vvH~ z##AlEthoM{-~RgTZ}9qm#WS_Q)XMAs-nV~&*RON^zvAs*U~1*{zsc=iT(htLxg&1- z+gPcU*Z;cP|J!3IdEMK;z|_j?f8*Q#o8s;(-u}y&S{>9?b^Cu)oU}f#c>7Ds#VXZ* z#qBTO{s!;PMM|7+g)|4 z&uwEj*~adrB@dR7!mu!1scfxs6mea?Z}|*Wm2+6uQPGnQMR2f#HNNya;v&4Own{Cep-?AvgCAJ){(+0JdfiPY9u1^J#>)9SeuVf&RNRQ+x5_nXfdeT zjA#uM$dWMMWgUgZ6g<<>nk>Y7c2qc`?2gvtnB0?fqBWj})l`^7`Uq5onQaRAvOuh5 z9i`>uR@L6+`-_6_v&g#Yj_`2$@#kamJ@u|x-NTfQ0sioyrrBGKbqf`w2m9$anLOYP0F3Wc%wy0HUUeYK@vp5RUxO#>jQq5}xowCbQ?D0^? zU0bEqO)R!4t4@7i<-HV%me>Ff$#mM7P9bOVIrZ$LUq;qP>L-vh@~>6%Q|*@>F0PA+ zliMjvn9x{Mi1~;G(S-PH9>$9$=1Wbdm(V#okp{G?T#&C8-eh zvamAN?v5NL30**ptf5i8Mc}pSJ|7V9zX6@+qQmkw+F&19c=* zi;=o%I_E#L#f4Z{@={*8nasV6i}G47N)ksoAlS!e96j4-xrDHqJ92pM#Fsx^^Q!U~ zcjSXi{luFeQuweSt}KQ-rJQgc8oqsNpF83%gRr?jck)?}dG1)LkAEIUS!t8MUGw@l z2$xmZT*;j?nQUpVq2+5w#afL z7)KKXCW8ZfPplsra%mUlCg_qzejx^fgU`z$zf4(FJpKbtq)JCDz*}g|iUtIaAAb|rU8Cfh3RoY8bD)=q)w7uXU{^buOa4NX)XwJ&N26%gh*?uZdqV{cha ztHqMz3)lv4r-3)cS)=ngqY23(pV^QX6|?b@d{IMi746P%*L+1TWs%yoIqwzR`KAt) z4L*0oT{6&(PG$A?_ms0<=Q#3WpP3L2{FX5MTI(pPaDrpLQDsQHIJ#kpEZRQ8*Hdw# zpbj*rP|zK;qnF_hC7gw0!h=b~eBv<$tz1>p6fT=5@^t(eJ_SANiM%j>hEIY1<&Y;) z@p!!>hk)Rrek42M7F1hsmv~Sf9_~M?#Fs*R0Je?~DvX(cLs^TLm~$8UUn1D%aZM^m zu1`o9x!}XMKWe1^oJM{;!x}F4!Tz}q?vJ=go(}ToX+8zupz_EyFbNDN7aI9K;3nq;-OHHE>u#CRqCBC$4Sf`OaKN~v}aZQRDiO2aVHcR)3PvfP=#)@H-LeWZXVvr!mE2?_p=9FiHG zi>0KH-^IQcyI1oNYlx926`#gj9V&}hQYH9`d@V>(P2^({eDbqIEC zW!hC$_dE~eOKIx0_M&Jchp;b2Qai4z!o-2q{$#6ltK9q3N1tyx_44m04@$pZGcY|o z#~-Jp{UhO#<*X=h6gM(hz()%)dyMnCK6-p>J>3zSrSXJCEP*vu)qiefn*J@U$Y4xp zkp{5;r_%tBbZhD4mTwW|sH*=`40x%3^MsCUE>N?4{`2=kRsT@qs#u~W*FRRlvXJ06 zreKr)gBhK$vn&kruDl})Nj%>byg=qzsI=r&>pvfoyUA{ai{*X_%afki58ks+xp6n% zzQCFD2zcJG+vu#RcC$*Nk)lv1DN{z>O zMCZjMq*MAem}N7K!#b9`^;ti6q}h=FGE~YmD}IIr+Y>c?Zo#Op%D<;-dac}FEcT8e zoVf6175IlyS;0%4FpA;p#(2ulSn@9B=|!4YRLZipV{xHY9-LknXTCc0Au7fT8I4Fb7cyDkhm73D z$u%hIG=&hxC^jLDs!Ep-0IO#FmImn$adHL#B!%6hD!-*M5s>Rw#oeSp=@dC;r@# zUZYW@a(PM2SE`0teG*0CJYkc7r%9>shNRMuJuy}4DHP;Ec8no=11}`ekd)*e^{L1^ zi+wG^f)u@0q1&ZiW;se8GqRP-I0d%heb`5BB|HS!&JvjsHt8z08XJDe8$CfEMt0cPNc*Oa25FQ zW2vd$Q`H5ApS!Mb&IXWIV{$^Gdit_j_R`iFyqe=E459}t9igk}m19wJ6NlNXlt!>wptI1ZZ{}$b zm+38micwIkPHc1`ZGJ@2B#p_8B@;k)v(H2u24Dp>)q6_xb}CxU6UJ{X3rL|{rMxnLTLz?81n0q=<0ZVp?{O~2V@?a`M;dpI6_Vf6>&Z`#{Byrl~+ zq?!{!k1ORX@g)i~N;X&XjbxA5I8GQDWkKk#2$_25$ClQU;3f#!Bv&p>h7swX$eJ>) z&q<*68QD{OZbA&gFqSIKj3^e?1_-d-LpobepZ&9+|OOoGjq4 z)8LOi62fb%o`KWbCNPT*`KMe3P0JHwu`c7Q{1Q)$_gEzG$0W|??rH)j;+a<C&gNOl z5-`WisP_l4z7wbEJ&+qL0xvKBaa=0;cZgeqkvV6XAColIa!i4Z>J3Zzc#2O!EDoZ{ z+aRf2gYswM2MOpn2+yiq2kP#-Bkuk*o-q{+zW=y;1SB2_S(Q%LNAo=1*tEGD@bO|t zr8CbDxL75UibG`I9XXjqF`x|_jJ=$9brmWe$*r8c9Z0DjylT>wk2)`{7qR}Xi^k>x z>Xng=F@i8B%9{mdiO|y7hxTl#G$`*B);iP6%I*t%&Sxy)kU8wF1s!<=;OLVrj`D-R zv$+{X(Y>pEy0YLjDu-$@oP9nrR2K`rm7A8CA2Ju>j!1_hv~9|yTaD_bqaf!jD>cp2 zIH40J3#$vM8NVQ&_(m_HhcsPK3-kKm(uS*IcS}tdP&@C)`+RstMXQ@Ojj=YTvCk}5 zlV}frAhXzC2EudBsQ-&loIggM(vWk!4*tbTamC_G*a`}^YmRy1sDsCO_QRx?IZ tRdyinWg{?1pw{8jE4XK literal 0 HcmV?d00001 diff --git a/assets/jfrog/artifactory-ha-107.77.5.tgz b/assets/jfrog/artifactory-ha-107.77.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cf406bb9a5cd111bea9d1b7f78b8be83f9be3f3c GIT binary patch literal 166002 zcmV)eK&HPRiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{b{jX6Fg}0tDG*A#k`i^3)Xg?M&VI5iCz{xnexj00PG(jC zyFn6Bv(W+2lDLlc?1OyY%k7i=4hldw`bJV0UougjnON)w3b#U4p->mhB^}{FGCuPr zxN|VUT>3LSjsEg*Pq*9c?(OWrzuj)P{BLis*ZoUxXLql+v%S5u^W-nx-cGOgOwVt6ii+;$0FhD2w}O?dun)=l7oZU9Y=VTb`4M zU_neXMdWSag#KVbU2e5-l4L)h_)nhryRDEUBo0X&P$K#*4+Sg^se}><6LQRn_$~5D zjE4~kTL|f9@=q;wbY(TMar9lsN(Z6i8`g4w8gU4Pr}J#B?V1e_+ix$k4D z3g8HxW&qJ!9OE(JNTf-^xTNtI;V42={43)q!NCO{t9K*Dr&x;37DB_6Mj?`nMFQbC zL;s$;%YY8wByWNr$qzRBU_N;D}PMoBps%L@PNgV z#1bk&bvssqcZ2O-Z!6f^!Oxy-kM?#(+d&XMd-i1K$@bQEINW-+g}3*fb%a#2*(nj4 zh>cm{oqFLX@wjzCW><`dus%+KmWQDImWM)e$r900xbs6j>P#_>C8jaq0ESF4jrxej zLgFYQT>PJGCbC5a%7@Ho)g$`o+{#j~icG20Ln$~v|5j*f|teIzD$ zYj>}|)7=S3xBFy!cYBEO=-C$D3wB3aJHxG=XW{N}dwVa~+TJ3&qi`$OdNz8ByJRQq zcAxFy?z2(2yWJX-m~bo=Cu(nXx3;|Qw%2`n)_vOF-RbZ4{HNXB-qzk%-QE6nxBbaB z)F13A?f*+0r9?ci062I5Z}ob6JGGTS5!{W`}fHILF48HnfW3eUXU5OxoNe=5gX!2 z$*wDiPVtzWk}(xh5i27s3NK{A1>qUB%FCXlQ8XX{CsJq#2zh8avmm}BGyU})o)Yza zMT-gkekNL?0LN%Z5W6Ith9QYjD%8+*w|qksh3`x$Vmup+^V)|V`4W$HOYfK@eRRx2 z!Vw#xgp(2BBo2sLhu%iH1+=v>A1d13sPta91d9ve2@wcKf&mh!CA`+tB+$AA4R3Rx z8#&<@ef0juOrp~PJ+Hqq8h=O3k0}5P*8i~gO1*wp1dK6Q6z^vr< zl8kA*S@*@f{DDR3loWrxWoaz!s{sv3fO%fgE^{hKh=xo~(1^3CSp$%~9q|rD}?M((%LI?rV zj;?4FsgVaPq5A9U-(H^{e{=rr@!P|~IpPxY4v|4ekRat$&N>%lCOVR*LJ^9Pa-s!! zWV&_Ww5^sLA#?ERqY;h-fmektmQZ8`?Hi<(%tbj^4~@PF3xyK#Sx5#Xf(`(huB@Pe ztqo_i$K^TIXr{Qe-2lzgSOsGUqY}2%G^T)MDRdieq0)=K6%+^xvBckznHA-RfT}>~)C8!%O#`YRQc_yLi8{6UEo3YA0b5x_ z&`YcssuB9s6mb?ARL&7O-~XU#WP#}5a7yD2PUVDg`d`3xJA8U!4p-cJbNTLyoB6g)kPgU4Vk5$>Inp{=WKooVr3H^q%G|67+*K2FpPfjv5 zky}C#en|r&3NJ|4R>gt{3js11YPaiW78P;H zjNONteJz>Q6qAwgZ~$=CpxaQyoHq=FVuggW>zOxX;mi~Czf`@hsubZNiSoWkjz=RJ zcv=fo=K|+^ktsm z9G;AXIVkA`Ge3Z)IP5cIO1|_>EiKXShx)<-D_&rhUr{Bs5ZNanZ!iGhvzn|iRlqPL zTeoHTlSWRppfQnGj9(-yqQOkVupn@hH>!3g(J<6lD=Kmjpb{2lQg=&_aH{Cj8@)p2 z6;fxXihf;vBWBNNVN8kb2%&5zId8v@12&x!y)&`uEn;yrD;x^cW`+I3rqeWr^Muwd z8?ItW6U}V8 zGvzaguiWKE&Rxoo${0_ny?7c%Y}nDtf$UQbvvYd5|LX0bKMfUs%HJ0Vuc4_R^=op= zmr)uORpHgPp@_ueKI(1zy{_N&LNcT{_If>!_jc5QDl7ZFP_(AJY1|SgScogeLqlfs z5BYpIRXx0xYF8bO$BJiQuOxw!I?cfSbh>(@)8n>X{2?&i1ETH8P1TZA3|a-Tegm?aR@oR)H(>= zYt^0-234O^9&MtC;7bB*6IhT!DMY4;R2v}WQL*L~98usj=nOHJp`6o-SxP%U;ZOrg z%qHA~la!ngVfE6gJ)yg53l$rmsE%f*uJ1C*#k45gCc~lXQb=M+aU`HI4Xf0mshVqA zZ5LqCH9cwbPIRS6t%!}sdIZ1cAwd;cm z4QzXQOa7t++dxJZG0jI?_OJRkSiO9WJWq)TUPL9~IC@d&=Zn?%XUE?izPl-xvVDKC z`u_Cz&Efg}>ARa>TKEcRi2>1|gl!mKzoi$7#eI|tk6oGK+27oub35aJ~) z^fF4CX^-I*xt5(3L8K=q#4CRRSq0}+Tl2_qnHcjl-WTs!e9D;2UV`L!!s#WA$e0|8 z07qDx>)5#vBna3vIpGX!e>9fC>ESeuC7lv;n+C>92_DjjN@|b)A!kXhJ=lNqre#jY zTJ@k1K_A)_$x}!v;BE|LRx?>ztc6=Pkwny%r^h-huYgQU-F1S9NWlAP0K~o8& zzNNd-&x~XA?|W}jZ55LNGaK}Y|E%YC;diEoJu%0RqtQDiPdE`Imbo~QUGZ6cj@510 zKB0B3QrbXgZwBa+@Jx>bl53)5`Vq?Qyp#|Q=;dfG>~Zh}q?V`Mr(2*Ft9dCSaai6o zu=yp&h{TtavltF1mzYykP9QnKvT&!Q)+>#PMF7bZ58)^#BoszBk{@yuF;a^Rd;wtr z#b6*rwRxB~`Gak-Zw{q;J>ULxe)#T(^B?w44OIq6M$#;cLM5rCBzAPWT4t${SPJq= zt+e7+YG(&r6wwh0WMe+L44$X^hnt)q*W21DWq_a!rCLC z6R`kCN(AaZ?LO@llr=b^oy%TF>xDZJy(BSggBSmej=w|y{O5BNGDLz2D@*_tNJu4| zVO8Tf5)mN@+ERsM(*9>QlodE*43zZNcV3o9yiy)_XGr6YJ9y~9w zI1VGiq2U#c5k}0s)K{PSmNUCZEM9%K4Pseb*JV6ydzm4kDr}Tp`in6C`eI@WiFBxo z`7TjJH#dfsH=vyvfI50n9K9kD zo|z8yp*tfa$n=u%12#<*qig^5vgdE9b91+i`~!!7`rqZYp3Ze*?`ik_dqg5Z(9I3} z8HecR#*z212#kuJ(Gkd0{n)j5Gvk50+!lJN`cFh-&0>5#-^vv;;KH|ze zT*;>BgConc&l^|ZOq?c@YX*4SJzq<0K778tH>t<-)+^jS8yN0SVViPVy`lCL{P1~LXe`mWo%wUGdz>{qWz zX!K?)`c3}AI|M_2Dkd}@%LzH4JctMzo$*vi(>7zW&f@6yCPo+8miEdqI?f_B}tsPt!=!BqE;L^kEti4p)WQ zuiUCH(}N_OGId7R_leo z4C*npS7=PayhSQd&-xy8wJI7u9KijgrnIGN?CgY8s0h=S8F1J=8Ea!vxV<#v*5|j< zFp4u!(x9J|`?P{y5jde}^`xRni9&56zy=r5810{)9lhQ^I6FT5NpBssRSHGnvROfS z_3|Wpc^nTk@5wlgtC@u>g5!k5g=>PRYWR{(11xPJMZ{wq2gDR)+;XDC9G0K;EEg+& zpWr#QKoMC@)kzh-sr-epjNN}zV1IfU=%uegowh)TgIG3YpOF)m_u(2`rRb8@>eRRTvpsEL2 zbKgfH8K&b+MB@?LL|2%{G#+m%+D15Mz_d)e3RoYtRl#;EYv(Y+LefAG%!5gG$KtkW zw1jG7*>Smb^1-BB!7l<-QlPd*)Q+2WBB{uH=0Y&4G^PlfRul18nw(>OsrYsOY4_i&;ptsuUf`HEk6&o$A?<%w8O3T@R^% z`P~Glz*G(Yeo14@XV9I$+o9V#$h@Q3NU_M(^I#0*l2GS(;Kw83hq`sJ)v{e_BzcKC zML@}yIJiiYWy-GTE^2a+fNrxQ79bWQf`duXgjve~`B9^<)v3Mi6MtvVzc!brR-?KJ z;E&_OOTuSHeozP*GikKZfNH~hF8%9iv}vvxaCC)d!gAe9ic!Ig9aMW2@J5Tgg7$}k zMX4k(XshhgI_skC+WC+%skUU|zV(g#>YIx#tL{^KJ_38>+F7&3B<5ox`v}eLE+gb!!%8(zH8E9>GycDIr*{ORqkTWW4w7GAd0+|lf+TFYSU83_4k z9bz%i7;jj-wJ+XO@K>J;JX^q-AoC^D1?6*9+swE;Wu-Ph_0+wkW5ZU3m17jiRMb*3 z^u)hzAvCpRnv{BFz0>wyezw$ChzTbikY}snQ(Pv4i;iL{QSP%KnHAd5-(I~uFeWvy zrf+A1-=fZ2%qe~~>>P6(MD`p4S6G?Ty~>@44xghS zyia}f@BeOelE%LI1r}rzq#NMvo^LKjwubAgTUO-~S8HO~L9M3@9gSxd4 zIvTWtxPtu2Q6w%8=Y6fB!tWJa;p>SD!Je7`$9J3rn3 zG27U=>U_l(Sre1B!f!7q{+28a3ZBVLf?uW*MmIMdYXk1COa}MTy~%VNbG6F1Y_aW* zU899=rnLw!Z-KXXBniJg+RnjPIDDwH$0PE72;{X?_15SsgN}PJw3PF&oFvRkdGvKB zU%Jl)uSG?~G4hByvKo)e&?-07Fft9dG*DFT?vI3VA`3rsSb*81F}v- z)ZNH-M2&ZLWmA{|co7xSBQkj04G+5;#H7Xy_LYCzQ5x}bVf7W1{>qG(sK zEJPz$Cf?q1L}FAFi?g>Sfw};oxAn9Zg0>s0>|SH^qcuCD+F5SC%rmY#NP@|vR{DdF zVD7)V_WphD*I&NHR%P`awr3jgG?X>JWPh}*>5*0zy~Qpj*A;J?hX*x&nuk_RIODoN zO&Gh-XOp?WO;KC6wv}p`QgfUv+nQUlzO7P;-1N}Qb+&D#WdO!O)I5Lbs+Z$hro_LeyoonRplh5L&MiKe>tn&*KFu(QRpa4;`c-@n}-oE@H?e|PxP z&6*i+F_^$?IXi#jpRVsWbOWAxQ?&1|2}GkCJ$id`e0sM3?yTP`6Q3CgI?eB zDZ;BpUE7|6TGd(7%6QEMpT3JQ*ZAgkU6}bat7u{d-F6*J zwS}vY#VbOG3!VoPN(x!tR-gRzX)yzeaYVgK9fgY0f_1^qfQzqE(?!wq4S znJh!grI8d`Ef1*SW4}U~t@o7muU4cQZb3gc`2fhDHps$ogJf-jjM!fYJ67h`HVjAZ zF;)1YqkovsA(pt0zINniD0;4oo*Sb(zeUGGDjm^l_`XlUu%S zy4cU(^QPd&85o7Tv}ntSNCu^kM*4iPX{J$odIT&MEFz$c)>m{flZX?2#|V>d7r+!X zYH0K84I3AnHQ@SIA5nl#*$Y2=W1Sf&*;_(gAr;!>46G9xqwO}@L3}R=7hmBx{7MHB zS%DWg4)ss(lz<_Uwx~0%Mf<8@RgUYA;JBpTX$3P)K*E0Fcm1y4(^v1#T|AU*n=8ZI z_s_Z(8b>7?rllfFm@6~C>@>ErVt*_0N;S1MZ-7M57$p%z$|Bd&2U{pYfja=PHY78Xja)zqBpLbxxE7*EqwCzt(<>7jf}UDKCzeIs~O7rl0&7j4Q5jB24|0!1urevKkGp~vs|~gYLD@oCaEV_n|EL_I*f4%E9634~M7c ze}DVt+~p(cJYr_TdR9K|KJB%asrz>S@8@UVo*wSM8k9h6>Bt=Q5DpFw2ZK44cjwe~ zT0i{z+3EiI!STD-N8gknENc5MRkJ$p4psYetG#-8esX;L2FAF5aCY>=VX1hpJU?!Y zqgQXL<%`AN{&YS#JUBf(t8Y zy&PuE3=|yQA~qh=chFLIS$AujeIdl zWyr2#e~PbtYkn0PLsfrDqlk(Z@86?oT0be77dDH(Q7}(jzbw;QD@H5u!=ROO?xd(Z?_994cS3ld}PTwph1&osu#-aiJFEXd^VipI5 zve4nC$`ur_tzAzGo$&rX6$(z_^_^+& zSfxi1lzm$SRzJhb572cNsh!Q*>D4;(!UnFqTnw$~!c}2bH9-!Y7Ij3MQeZojIgk7r z4uifETCW4KzE8EwqW=z0)r@&g0oRo_Z`c~vnmyL3FIA0uXKv5+10Kb$i;0OKh8Q2a zU|zxNI`5Q4&DuzPPP4fqd1=aAV0Hz3^{LQj+r`?_<_zvOR#@7SyKuI$4M`<3FN18I z>q})G2334e@?--V)wh&r6Nh|_GEavlaiXbi<0e@!hH4LT4~phKG}T`uQ*OuCo|b5VwO}3csuPYNC?A=KMD1%S))%%X3+X<(fsf1^>`x zK{}NzH0y4VpP7WnjJc69-+oKuRFdLs*owZXVWS6_vgmj8Tgr0gshL^-&KRZn&>6-=>Ut34^yEU#)gXQp?hQ=(##q7nfooXL!8%=`;+Cp`J z?zVmEAk}Q0(%M_Usyh=d3t*Wgox}XO4gw6FE+Sw4r5Oq95gNz2u#}lLWZ=fG6qoJp#l#uXPFu{u%NQT36?q#&H-gqApJ!xR!@d?#R{jh^4^$( zJhcd4Luj=3tGR&9Z~)#~nD%3xBDYk%Mr~VYzG%>PG_oderG!rfEHl;tuZ}aTH<-GJ zU4elGj#00>wS%xI+>P-x7I5jsVh=nMAms|=^FTwY?}rr}Q3muyQzX>6F;ktUv+q5p zQq%X8hJDoQZg*P-t_!T>^nTM=I#Gcn9%nfoAl9xd$5GB4I?7>- zo8uKjULH{H$HB}Ryx0Jd`u^1f4=_R2{iLPDcyzZ$J0lr1cyIzD#@`9 zF;$a4$HWM<_Rz+*P_m-osy1jUMb@zZ-W{JEx+y#9IA)v}(`mz`bv8>7N~ZXNpfst4 zrh8G0hBR>OTc`N?00$E?fMM)*i;)on_31?W#&XcR!yDUA*O(0qUvpFU)@(`+6o9_-c)o1kY=r|$qK;qzH!+h5N)Q#S2w=9T(HG9vuimd_1Pv1c; zoFvf)%Ow_l?;GU<`1CT(lJv=2#`T`%nYYTG$JMjK%QgPevC)iNG%dNWA>m2%<@BQ~tQ$*MW<^x57S zwo4I)#fW51n&6C9G>`*p_6+PnCkKpX$e2GWY7&Qr93-4vQkLpyMQRtaQMp|z(3D-0 z5U^i6-H1*@!^Nuo48dL(4Ot8R(V##tPl5Wa(-K<-tf(B(=AM~*V&N!~adDHv7A(@T zlw{^(eN4wVoel{<9v!-g%!HOCvepNgB|k>Ngho#IPc>_|^aRh9K=zXKw!Y+r@V^R5 zuHzr(*Pe5jm8Xlf-9i4uQZ&Uggd+h7T65n!6L~Lysmc9f6cGn>0$7%67=mFOYb+^Q zf44t?n#M72!!S88<5llpS!nuBR!y)lBwEQI0*`bWLe&+71I~m%HVAQnw`5TPD+99` z%<7k1+s235z-7X&&=fL*j7&zZhRKjj^JyQg8*d%-0`)fB=8Xr($qxrYs|zx@;H_%G zaAg@xtec1lB5_Hy3d4m3mIzB&^?-XCgg;9z1MjcUSr4Kr;^^x;1JnzxK)N7o%Byvq z*{W$nZEY0Woz84voUEVSg(Z4TCF;ATlXd?HiC1PU1!Hd{ub5g4ebEd27hZ_X9G^~p z5Z2BdOR1!o(5h*`E!tu=jWw3&^zPVFB-K=otFfk@5%@%c-q&B6Had(?$sjPn?_LjV z5L1JTraRh)Gxy@gSx6F9MVp6dbW{5i1XT!GJDh0&GtXFO+cb_)?w(qX7RR~ndj-8! zJp#WY96*55qZ75SoKCqe;Pd7r9toc&FIL~bdp$TmI=QiVw`rD%N86P^a0EpFUD{~P zJ+hBQ8kiH~Ib?H^LAw*34RC@3NK2WY0nGU#Q&|4|&!w@WDBNsTg`JvLt_Y$(mMpGU zOq^JaY~LK5pkW$Z5GhIr5u~G{uIJGaU=_hjCgD`%-heEQW_I(BgJe)iAwHKu8;QvH z4!YsgtvfI$3AT|~!%K+%3*n-riAeyrnd_V+5e|rbrzD;Yo5?v#x0p5Al$utra7|)b z$b~>k$dc!#U8#{<_3m(;gWqM*(yf6Gh2(=Y9wEL)SF8a<**7EjdrDVd{ zuOyJ?G*spPn*aQ|wlKZKlAK?VnW^v}>X~0s74y{d^6;CZcj)Bw=!gBYL-gI@Pw@61 z@qd`-#fyK$@apj0tD0gpt!U%zb27y=GQIgfzq(`aDW3XcGYe)C)Uq|ha)wnqFr3QC zdCI9OWzoT=#rO4^0$#8VQ$@Er>c2H`z(2kWNLMjna6$!uf}%}bF~WZGd)b;ms%U#N1O}&mFBdgSb zrw_6Ot%_lWB;h2;-E;vQHRT=RnWuHlvLR^IQHeB+Y+&hjVGtlTiQ@QEL97Q%-ltL- zO+5#69Fy>S9-SJ$_)H%{b`&~gz^BX|?Zs3asIu&>V~5*>1CBjJD#!_kNcS`z7bjeY zzfUeIX9nOrvzY5rGy=O#M1D!l9^wzDW4r6o5)ro7o)pvZx*FC#Xz z4IBR8PLO$37<&;NGyh(!~24G}1Q<(#UVx9YD46;tj*$OB^Zu<{L%jBo#WkhmALIbb=0! zUY#P2<8gjgF~`t8L~5{*1`z4)6bkmy&uhJ|um88(+1^^)MDU`Qy~spwB|k!vBF?5d zN|p7Xk7!IPO+pFlSnvBj(npziOyg@m4<}yVuNQ0Y3*Fi*^vRrY<_t=A8jLuwYxH15 zc^XWNKdBLR?V&CYPhmb-vkhnr4NYq(VJt%HCb_vOAvqq6XrSFo?b&#`QC0LpWk%n-nMalM-Hc1i2 z07BTijOu(f**H{9954!rRuqNkC?0bn1Y$!agn}yTG&4Z7DBh}CC7LwL+1nOs%z|^b zw8D8ODjxAm`@}EsibqWehO189)g;4E#*I6Pnj*0yRFi5LUgj|;E0w>gscLUMno|zv zljg=-s773<#9Sx_M0nV^3#G^l%Qtn)=nDu@jm(z)#11Q(Fc3?B{%6M5oy#=KR&O%oN2@d2z^Z?v!a@0+9Jh@31`!3r`Lwn8i2h6GJw$1!sc-tTo8^% z1SG{x`@>%<31iCFab-%{^}#JpsSKyJnt*j8tEp5W+plJoWEa|F-q?Wb5SLww`_U z%4X))@=2kGbId&-aruvp%R)^0O&qdlg4)~Oer7pW^>q!`M}veD99HvCl1lhUUCKHl^|wi5kag6xG8xxA@TRIz> zG#d)&3}O&MT(FR;-3JyALn5yTi7TrFwhm5A76aq}bhgx5Z&02~H&E?Ye2McYYH%MP zvY0^pLtp0~RZTP;y}SwbObM6!=OMWAA(~4m+hx_qO>?u#Q=6or7?h#_sUE)WSELu+ z62FQqRdzxn?oFTN1!|WRba+~r=c#*5WmNYF!-ZTHMi|Wdi9bfa=uphwbY_;{tDh#X z`-`RhZeNOKU9jH{^yQB+_drt`XZIIsZ^7#{39%#t$+0Bk?7*(i!lx{XXgvNNidcS^ zWhKh)#@z+Eqx4%N!0s+5`)<|Cz6jNvasH+-mFc@DIOymIiWadnB6Aj~BaXdIEKo{k zpxM#FiOFlCYEJX4ein4TW8e@sWJZl>!=>cRxCCg+Og+Zx0hc(g8^ptONgj)DWwIgLQo77SauURVJd9I#Vpi>nqm{1JItWDV9G7! z!14~c5Z&t{U`Uw^qn0G2=N9WEi;Q!OqdFLkXbiWKx!&M7)={TIL`SG?OSD0LoF;N+ zj_l!nEa|?jpKtXaa70aBW{p;D!A7#Jh(ddUdDwmq5hOJS)#pxYdm&KF5RN7FY^#M0 zr~%nmE)#6mb3s)$4`@(JY&C^nlGZxx;7>(r^|)_MX}fnIsb#9%NM>Eu{4Y&r%QDC# znf+|Y>q>%Gn9A3TpXgUkmQ>W>BAe&X1`B#^#%m+& z1AYus8c8_X5h3$@yT2-$p_(%;W)kY#eM{|Gx{jSF`IxCAoXlnMEJd(_=CBj<#zpVv zisMLQ#Tv8N1Aen*1$b`=vYzGb56Z69FMINmW%`h*l43HWQ5#WKr(b~Fm?Iilhy8*9 z>5?}eZ*h!OXTCanGx+L&C?Qab4lDM{*_(m;zLnqcWceP{AZURqZ6df*LE3c2xN-&3 z8j(8y!6uHuXx9(+H#9M%V?ACqV}aAS772zka5V&n5Tj3(roEF0%Ms(#g6b5ULr5%A zZUqcDhO!W-H2kafKpI=2(dtf>)T;WR;OMD8$nxCe2`aOrrE4GO)?R_e+)EjJ^hOk-2xezD-`=tmHVp`FZ^rdd1_`~1lSL_M4op+X6lDA ztMxC)?3Y$s>ITA<7j2}ch$&P1xqnE(AAp4kwk(P;speXUu(Ist4!Q> z^JWQw`RU$01ZLaLpH*O95+j#qXPE_GU`P@8mqepIZ zN1~Jm&VJ-be>jfRdyu95*gR*qRgC$ZN5O({5ekYT)HqKjt}kK1zyORN63)UDR8eR~ zbo5_NMvP}!;UPjYu`82bxM%IQY7AfU0Oj^gnU!trwklD{O%hBPg1K{W+$}iK5xH0# z5Qs6Jjfo2M&3;AKrp<14ceZs%G@U)E6j9vxqDd2MCJ!#2y>c=~wC`g#kWJSk_pM&o z=aciue*Y}&_wOgigR>8Dd)t_tpb#C_(2kDU=#TvQv*XX7FLr#6$4WL-9oFbJ%a4|Y z*UKC)?{m>tXzY>6RhV3HejfSUpM}re@}yBflYg~?@tO%C5ox-zjGt{#V^cd{%Y*73wqV4vQ#1do4 z(3nUB8RU?}z~GE>ZEpz9+Y-xIK{-~g9! zU3NvaW;82l6xqx1qtQDiPdE`8XTuDEbgt)!a3vc8(zH8 zHC*T!ugw9T-sX_Dw^KQzZS5{RqHR5`)Y?_7+xAjezf|2T!y$wW3Fj^siO401`sfPt zSRZQkvw(aiBZbZ!C>bKx34^%LfE4e(IePbZh4wyr&2&}(6NCBEW~gvNk0UUo7qeL6 zYgmtL0yTVfiq`EZfihna_nldhtY&5swP)r*%M_XysEL?js^qnim7G`5TTEkv0);Rl zVB!yDt{A@{{M>l$5`oapbDKQX%_XU+gqm4jPimGS!C-nTL>{J=j~ltL4(1! zNQX>C2kxvJl;i|Yv*_0*bbKBRJA#o`$D*1l9YUUGl^_n&ImCKY%N7Sw8ZOF%(3F}B z#&liVkRD+r_orS!wGBiz5QA5NlMNYCa6WfHsMA+g!FJj#29bd!vUIA0YYN*9BT$_~ zJVhO%NPAgySRje?^c36DnY!zIg2m)~im%TF{V(G5rcy=+>ea>evO;>P&LMDA3D!>c z*2pUYEd$!>?$mv+?~q<~CE=W#10vem>2|YuGU2c%1c!vrEiz=`tiFJ5 z!=_-iMV{=I3MjTd4}cC4mQBG$-B*Ejy0srgR-y@j5}D2wO*_BhR1!0nyWMHAm_oR7 zBV(hU->aL2rk+M@d_H1)ilrvB2(7JhGG&sS<1pmNL-r>mtp9mc&Bi%s7XFFatA-!8 zkxllnwkjl+sX(i`*_k9lO`}BZRp=+gog>_-VLmAM=XgwF*|ue`RoAXC4@s#0YOmGw zT2e^KvPKj10u{QRH2^(-f&S5Uhw=}n2QVC1XI(5Gqgx8HB)>qb@Nf3k%z%XtKipbo zI$j_!CDn!(gk?;d9Yhj&Vkl9_}U65H0&-mJ(LyAF@2d6(6 zyy^F*&z%typh%jp1T>i_TA43FNu*g>u|h>q6+Vj6M(xbILdLgh6>{ZplWbB~MRonT z(@sI!yUn6EH>-=6grZ8ju6Dcj#lji5{RB8N({09nyP-FUgNsM)h$!g4*Zj@dooq!;Kz>61S-3#|k5$w`+@v*dCrUBIgrP59 zsHJdcCWo_r+57!+YooL7f4PAwDSh?XwF6)}tG&+Z78-JbFUqsFOe9z%#3@l4LFlDH|ZiTci0S@RxLs#eb>RTmH z7ak3!IFE}u@S3SttGXBt!}9520czA9JNjP_S_1vaqISKWsgBB67I`L9F}Fl^0L^l zEO%ND(@vvCv7Q`PJMe+qFYfZ2iXKwy%a4i%0oroRWF*wrBMo15#`d~*kY2O+!HIRc zvVv@CV0KBk5_W9#9h+gNcwLq$@s0VM)nUR#!_R09O08|8HE*o`8)7nrNQ0y2YX~lS z3Tci^@}en?=|wsunQoQmyXZbZ**XHF*()SE5 zJSTC?Vdpa1)Y1vvWO|M`D9_N1lMXF5@mwG%J^bU%tge^<;K?}E(w z=1;Kav>kk~Tu2LU?}o%&;Dri5^)9qacc&XX>!6a|-__mV=_|X$y{R+C1(=VCJgI)L z`m8=WJ2=VS7OwV8*kJX}+C>!T=F{%x&d#N*DL7N;mPUY!T#CdtA5G66aqU9bp|LL=n!3R zdfmNU?@h1!WDnBhqERYSh>;6M4*=0^9w=w3<@{-kW1CD}n@nSyjcMzR zW3%=Ams~t8^4-O9_Cc2R*{59DPiXf18L#Vh<80pEAUY$hgTb3DLg56m z{m`j)5z7ja{C=JlYl>q$CLubp@Fmg*Ae}op!gOkDo$5&R!tIM+MPn`Fg=9oy5^h4C z2Ahk^rr^q2A8PMpowOlasUb_VL=(mQ3|c9p_1=(H7@ZOv{>Z5$$FVtQ2%SCl8)|!_ zB_;^FR~_X*XTsIyt9AW1sd958RrFW))z?lPsbZ8T^Cg|iq>X`qc_ z6`7*(*nyYErWa@(0+U)%9fVP6Do&$l6UD6399%3QnvDo9D>hLuVa%p`%IuP})(Q6! zS|2A{N@CvsaiB(l;}CNtLg$da`R;I2eMbL|juR3OBn~cY&Q!B%HKX@#?aj5ddna$M zx@tNXMyobwK{fb)A>#fDdQBrTBv@8WEn9}XDA)SviQn7vw~W=L>hZ7*()!*&z?6e#0>J6){6IvbaSK)mH&R5`j zUdBEF6Tj%Bf`h>=i7(MmO{zzn0|kax0&MpQe$Oxgs_m(|GI~BVihk zw7W!t<-~`OyQo2>J*zF0X9Bx)al)rjb$?vp(|+ZKjT z<0Q3iOrBBkY3pv(kX$8*m>}nbjrwTy{lS~#!C@chMD_4#zV!260I@($ zzlBxZ6c{nUDpd6R<@%jc&Kw z-P_rLf4kjo>EEs1&Xb+L^mcaldOO?OJ3CMQ((Uc;ZEybtbsu7Yi=I?S%>UB8cU$Gb z{Xw1s7LPfWX=KvkLTUt%pCRX$b~+@X%^BfH-rw$j(Q3`{>ChzgJ2FEzH@2MGs_QY6 z^DE>^gblP#ep>*&{ra9ydjp&=T3;^vpda^7-yOaC1}$CV%hs1_Vv9!?Jp^*=35P3>78QJQQ+*uIUTgdh99;eC^}(d_RJ_AW1JtG|T;DoAbE9FffcP&?*2u z08hPvk2&ypqs?j3i`Dmo!-Lbqv-5ZRZx7AD7xw%EJ}t+>!}TVcLz{nPG%ix+1~O|4 zwhtFP?N38PRsZf!L8~;>jQho+VK0riAME*fH1u!BNADhvf|h8g1^zG;^fRZS7Q38b zuYI(hf54}S5*5Th#;gBF#s3suGrp{}n3WqxY>1qht}cjt4a+joBE$(wmpY1bXE^=kiY|KBkfoDf`(?-7| zHO{>qhS#J`1I^9(_5Mek&poFT*S}afBMz{^`?z7HSFAAP0-V#0sKa} zr$;BHe(JbZcj+yaWC|VC-t)e(6(;b`{J3fB9;ih##`~+LAN|#A>N?qCfVEU%MO^Fd zC06C#@!4S?9Z59BGbHhaI_-|gRhCQK8p#)o#*=gy(Lf=GHsj5Vn7@FI*&L`>Segvv zCSHKCkhFHX!I_2l4RD72P}m9+7jBG$=p%^Oo&^ha5!5&7{(Mx9gX#wcF5V4(5CYy z451PRLJ~`gqq3Ca@#K&r05dsVgqs&Tm3m) zZaP-+xs*Z$ni4r-p(@WwL@se`qPJ;d0XOm=i=){Ws*fO|SPLZ6rjr)}awK0;Tk`zJ>}IvRlj?F#Eed>4cy+K$b_#no|{RK`Fc6gKIumo#w&qr7Bx93Ng1 zJ{y=|#WZ%MD!;ge?2LvX`gY$oss*e->XgI9O9&(^l|#nh2Bm~f`qYV3 zli)4{7{aDWDhb!3^sfPn1+(!E4e|;iQF~E)FN*#9;)^d@xg~Owlw=v&(Mf-vZglR9 z-`rRc^yKvD?f&Uc=O31b+0NXPgO&6$4I`h6I`$&v@a@aP(+@oA2jJNyKJpeP1);{q zS9RYVohZ_j+ictmOGFwnBqqoUOl-`5v{&C(aR$_#w?lw`w9(gJJKbzQ#Ol^|x3bm? zds|$%xjj`>{tZs!Ag2TOns5u`mb2O9TV2~+qP=S$V#1f|?s9J6)pi>CSyso630iLi z=tk3q@Gx=%^=_p~`Y@WL)|coYQwL4SbVzg*V_W_J)Z6#h%fe)lHl&44KnSUWFsKvfl-o@5Hr{5 z3FZ>5qpx4|x=;MwXa4m@uDgoKl@-6xek9l?N?;z0DVk*F3Mpb^brQ4?3{YtQtrBOB z;t}g-LQ*auO-PhHZJUr*Jv1QXInUv_|dbiQmIUMDyXH4#zblhG3aVeng~oM$|K8iKBSc_BEn`v*|F zaPOf?+Pf$8JCZz&1GKjdf70n79gXNUYI`{_8;neMQ#+CXvDL>s2spo}dqv5>t8(^2 zuk81P(^!sB``?6T0JQHh3>)1}{aA%5?!PESqPK9ip4Iii?S=;6&hKrevVK|}cDvlH zf+TV0Db>w=>KV1Yc<2c&Z>M5tg~d~wY4mD#RaNWvK%46TF5D2#nu25k=(iL{`nn4z z2@Ju6+!ISnLJV`!NL-qDf+E9m1?=S^=HO?NJe*C4X}SV88-0(ZyWr75S=&ul^r z4i`2+*4Nr?v2+Iuo2FfYwi@4OzuW;0Pxa|VGX5`%kvtpXeB^Xbc1|4|H8d{Zz%Aoq-lgEEdW|!B*{E(|U`NNt^D2E|@LK z`VtWfH=012>*(_2X29F#kM>dk7R{csTa?^wqgrB7h-jiqLAe=!WL79qUEBdg5JKw{DU%K;SvSCF z41)0O>zh@^(J6!sLT7IVR`1<0K~ciRWWWR|a<;yE2d!;}^*`Dy*%u}NurDJqC(vqj zJG4<7#;}lQf?EbV-o)P|?8=7Y*8!t|fRyd)o?QYxrypf9845%oCO>@D`7F zWa8$Yu?rF}JMcoK_WUjt8<^jl+!1rRj%4NMtw9d7VHK(c=B-0BxcQ})#y-b-`&M|E z*INQ3okr&4W=+8*uyhXi=2S<>Gr@Cg zVwbX+Kxtj>+K0O}zHrv-LY2QHW4bISY^*WoO+>tiyg5_JiU9G!K@;&DF zwo`kXS-tOs-g+)?J&h(h{;lTE)LA@n7Wmv5D;HXNs+yoLF1dJejEB^L<143u+=6q> zh0%C2Z#;Tt$IkV(f$V8RZBK{RY;U*+^#*mrgaj8_m6zrTs@TXz=LFkG6A4|roaq>q zO-^uB*t4AisvV+ogYiJMM&mI6bX(YLQLQC1FTrOGLK?a2r9nbOD#>vkK-3rufr&S$ zOhCIBGYCIA)}gi$4nt#8)!6w!9o-kJQAluMCyRXVE~)Ni(;>AM$CpRZ)k_?q{tL7& zlc*UdO8e2@Q2+ZKN%l9va*~?q92?;*KvjQ3_eVh>a1OnGc0 zbtI$^&DkhoL59=>Z3(reJW|Dv;t_i}gRVLX&X9rrkH#UnMn2>@)F0r@DI}VW1LBtH zWo0-SQz7~6ow<|HB@|3EB^5Aj=y@BpZB?f$d6?Kc!LyYeh!T(8s}caDHO~7np%!6B~F+5%kDBtMitzr=ZfK|Gwzv;kTwqclr7t4Sw z4GY!ev}_nj8K8@>5V4}Jvu@1Ijrt-w()b3t?SS0&mmgIPL|FGzgR13ZpE=9v{F~@2 z#Ds7xi&Ub*m;Ygy2Qq9;a<@1L&k8D*sG?61PmvMU0P>vYZBOhfnXb< zcE63*8-=8_!n~MKvSfCU zMJh225?oT+2LPu6AI$4-8%vkSpkwbdIu~RnI+CYClCb@}HN6NaM_%%9K%cjicnd0x*fs44#mo}n+cZvK9xE``U)q>~0)V~|gQOMLr{uy~A)LwnB0N=FH zKc8!HK7f+u^#cw9jVO2=Ja5^y9}Kol5uS}YzRp&;%hC{pG+rN(3aABia6oZFoZyGLak6aQbcGP_uBbSS(bi`RK zNgO^%gQEuRfz#fvqd;G1JxGIrE88q_Bz0^Fi_PD)1J@(M7h_QHFt`)cw^S-wFGv}G zfT|%#l{^%)PSuP@7f{s;nF)`z-9F-!b^A8v z`~P>lz3pDn|9`93d-CZ2|4|+td@Q4U)g)JTlPA&KQWdkgPd%{5XQ^k-{-4s=8!{$^ z06f%v{lCX7Sax3CeS#-1u*$DR$vhoL~>^<0do*ce46RM^FiMVcsg?E?Rmf=`R~bInf@yQ@R9z1jHixJS6%<^N})?c zxj?Y*MWG8A`A4MBIv?+Gf`3a%OMnr^D>E53U5nmr36{acpXubvMi5^wD=exjwt@Wo z*uB$CXP4Ul!#ur=v4_4D5m+eyZI}1|_SSayasPje=lv3iIhV~h^x27Vc`yHnB%(+a zoWc0lKn=Wk_onWe4GXJPRJ-w4Zf?B%jWvjW;KTMDn(EA@U%3sjD$`H0{>$xuVEUf*SGz3@SS0_c z!(Qq9x4rk6|NWyp3lw#3B13Uk0q=dqHN3fro12#Bc^~B9xN50@4I5QMY}$*3LItMn zlA5`7j9BPYvgw(0#nswNXOpL?N}g6L^yzo>TgqfDomwr&ILk`TIen@Lx`5Qs=D-Ph zT~}P2XSMOE(fRSY<+Bw1x2YNL$N?77|DC;Vnf~wf9`AoX%Hz=gB6+uKZti_V>3Cnw z?s@0)|NDwxch+{wqnek3)D+DwlRl){G1~}#*n6P@0^RIaCr$(f@IvZ$fo;MR8jl@M8V% zR$2f1;P(0P2C|m`{$=;9tX)EmLC*_|8b!01k6VFe-&ze zK-0XGzIY*u=-b4lw7;KvXZ$&yrRcv&<3+ef;}Lsk{ZDsyr>y_o+TMQD|9q6EtjK*x zx>!V;KO%LsLoaOrLl%t}Vu3PdC6D3}(_Q)0OFZ{kYX6(O$alH>|I0G=Kik#)-+SEu zALY^aKleDf7tUaARhvxP{QDi~6hE9|*EDlCDzkcfDzjQkWvcqw#d_JMQ+a7JO~}-` zbL%~hs!Q$vDIIf@!!zJCxvc_l;r&myeE+lE-FrO$eUxX82}!ozPj z|Cq=t#xD{U(O~xA_TRmoor?YU_SPf)|0qxOZoaVCWs+|`(s=A&JQY4=os0>*)1OYD z-h*Az7jf_7OLz0-w&mnMk&qzw)=pUHI#46zyZ|GjLW$q4dv!4@)IZ{O^-4ao#Vo=^ z?+c__eN=M^v1jb9W50q=H% zIKat0V0)hDnl*gtP5J?!<>>!Nc*$jONB8eV^nb70Ez|$*lSldg<2+^;k>3{T_SG2` zwd0X!s~xhkvQh{c^6frSov4HK z8?KTQ zAqD{tA}qu^n6|cBjx5Yc-*n)&ln7~l-4|^|CgCYqQ!InY8)w$z z`UoU(9R?qKx-8S+MaH0doQzHED(jhV2(DmDNd8Afn zb}oBEB5|+alwMoRrF@1Dv+xxaJOx4LWg3p}>nEVb{_z>E<673hyy7Ok_1$bo4JTg6 z^lsO&J8?P|Em$EP$n{nn5+N6ToBLit^m>zw&r*@RJpC6EOEO9$acc{(x%9uc*WKGI z)Bmj}y+{4;M|ti^|6Kx$lSJg#fdhjsgIm+m>Q4O^r=xSt=wLSV1fXKP<@rYRjR4(! zjN_O|>?jMI7yaeh%9#KR_}v|r*Wj0!PhksK2=&q=#F7jo$C8X^eNad&3gum_gMLS` z9oKT_x6g((S!kxG&JI&gROs|wx_zgebD!}pxs&c9Pb{HkK&Zy0@V5K#X&G9k9)mS- z_f}qJj`vk_Ugg3vk>En4(@xn-8wP6=1?rfeXw^S6tKz@Jf>fadsY z&L3L=XWhe8rJHVZ#dPU+>v9psUAo%1drORN(e5n)w>)m{;)`HH!ZaehNLC838|hWC zaw(=qsWFTVwS0l;Ny4Wz2E_b^z1&^iLL;dT~E>|vN3n+GWojSt=gtxzRTs??xxynoXL4xiO7M;xp}~1Nv@^40EG{^ zh{Mx(U%X@SDPyvaBu`24)AwS|4Nyu8lo%>}!&#a%))*ISjBZza&fpECg9(nu;LfJ) z-B=mu>*Bq>q`Xv;hi+?^Hlh(RLR|aSvYM(qfVvrT8%!`KAza8-MK#Z8G1{7Ad1d+8 z3n_1Bhzsp=M2k%I5o{NY5^vWPk3cvjoFST|wvRh)Y7Fel(t%oAcVazYP@)Nkk-h_3{Mr z+)GNtaXgTi%QUIk9J;g@4!tBR|7mwc4VKm5Sq0PJ1)m~sbhnJ;;n2@#VC`dK(}UyF zeK4vi#w2J~t}vCa89&kK3=LAvp}eZRH)7l~2@oI2?MEfII_>9mBzy7PmGkVN%fGK8auUH$*;z59CGHufkwfBPvgif0mM zLS1}I;!e7cV=Jv&$M&|}_Sdh|V^bs~F{VfsfE;Vm?C-qBdA;)_=fjNzNPrhfb}p6v zXk!UjSO69l)*XPgG|k0}ClE{%Z626*FEv<~qLW{eype^6jm=)MkTJFK`*9FL@OQAz zerK=Sv-zB*I1{n(Kx|LD-Tp>9!W4ygO28%tbjyL`f!4n}KD_M^FX@zNv*~N2sUF+0 ztN^@IUQGV@vGomrcLBM=ESL1v`v1}~3Wngf-@v-k1UT>y&;`HCcl!BiP_6D8v43ak zCb6IY-uea%gKxyvY<&ZiG5k1!`6bs+#8TOD0ls8hkG(iat&O}K(v+v!DmQ~*VUMd= z*yFE?{d5LF)M>zjIMFz;R(NLNQlfiq9@zkt5|>6Js+s#SP%vq_5KN!0y_}c)KPmvv$Y_R#*Z%Pl#J7W@JfwG+l ztbf=)zdU-ge{gwv{_EA-{fo=~`PGm8Uq6Cx7o%pr4mv%<=vKX$x!__RUqO{UW&Q@m zlRZtegB}r5Z~Bz|%p207_*rlL%#VG8uQ%g1RCp8SztoFB7Ef zH`r3hM~!N^`wVEvxRfP=mT_rwZLDXy=&n*lk%CD_^H&*L78GixPm2eNRDoq~d*GL+ zOfU65n9DF&La%gx4$}S9g9GZCuq}7d{I`*IAW}+l83AG22>i6LCavOTRC`an0C^!i z9bQu1xG0g^NSpO?;-SNI>J^QDW;D(TJioR0vnO@~SyfR!>kl)*7$Pn3Bn&VCZLM)@L*+m#U+a9%j#@jOAjsT|2Yf)I!EqWzlwAoE zU%rPxHRrLlM%37cZkv3Zd6Yz%UwX;BYIWj-blwe7JkqogH%aJPnaynL3IvO%B}Gw= z#$314)-tjU+-V^uYS6q*uCw~Yd+3#LoghTeL1(!P68m0G)@%dL2*1cuUkMHe*LE+r@3kny!UQpQdb}3@JI#>3~1%(aB z*hGORr-%Kk@AvyB`>&7t1%96jV5J$W@Qxt2AKeBhjwUc7Kf5TP=T|cY z85!^__wYj3=KBNyytmCZR$#gP+=owgtVDA-}MkENUAB3$KI$|(ShkfxI`xgJn%F`H* zr_L>Sp4NvC1}yFFQgQ6omy}$zPL)#j*ba#iwBce^)T~nzwR){{SQLK_pUyyHS4jBF zXaAKNSASL*li9SYwWw`aReSMd@Iof03D?H8@M}=o{6{|;;*?-i@5P*ZUuU@d{+e#( zRfI(22#I;JV&|wLvdo>4FIzkBa2$PJ`=S898pJWd1i4Aa^nkT-drS?j@BeEHD;ISf zW3nFxE`~~EukxkIe5m#*I(Q7z_RI<4Y1mZ~21JkqzKnJ6Q(kH(7#)e|U3se)`j8|NQFm^z8Kb^t)fLj!zHvkFU=A|NEz- z^ZwyQ|NQ5pgZ|~OXZ?$!o>W4LVlD{&F%1x9XY35HH?0IKu}y#Zid7OLa}dXvkVMTWfobj28z0lK!8E0x9Cbylj>w~}sYr7vIM2a@c0cI6q02Zd4+ zj1?%qr}aF_VDQvD+X=9{;?qgEeh@*7tr+PoY&hlM)W)i8t-|0ImZGLLuwkY{Sq!lu zqHH(v?I8;a6{n4teSfWD79Qvl%e(iC5 z&R`n(A#A_Hb$Z(`%aqI>_PSIph(|SCMZ*Awej&9+d@t-%qBbZyFu5_oGR&6Q@qJ*M z<^5%+R9sc*jGJ9nX}5*0D>IZOao`0n2Me4zkSoJBrRX~Mg+~6X`{FCOFXWCg=W5$zw*yvjJ7s&nircx@xE;G(_%QnG zXYLZWto0|?xzk;0rgNv=7Sg%RP!`j<6?J4Go!bIu$vQW@g(iQqLE+{tSK9VhqHVM7 zl&UuSqe{=_1n`w9*_K)UWlWxYy3Kem@3Ro&HGo)*>q_EWh~=7qEScY`J1Cw$BQdJQ zfGu5D9QiBZ$l0Dsww!%a#hWd(@wGE++iCi%aBs`}o7GJyoXdAZFODMU)sqXe)+z*de;s~5~E-DpM z$q;wKV88@aGQ{@lKpEvLyALErpTduMe);BN<;B#fV&%nLc`?hl&%NgcI3+0n3LdsJ z0H7om=sfi^l?9bKH4K%^IxZG0X@Rp~xTJbvEfz3ogS2FGVm!bQ-MWJy49KjOx~}(F ziG5#**r#o)RNJ*LtCV-0FupQ@tzx!+86{qyb~E0s_g#p6mw;M~gXf8OAtqi1Y%xAw z_`Sm2vtrW^$)@M1gBC)PzkoBg6AUJ||Z-U4Nt@hJSOT$6yuGSsRfzj*3 zdI@lj(U6f5=QW}@XoCre*C^9zGsv|&d=J>|V}1`!Mc|kI>#L)~ z{>kOh<*!%g{Ws_Ri|?;4Pk-#6T)jCuHch5;>!J>tMjc^#=_Dxjryg;{$Q|+jD-z$p z$TIEIFbCCzt(`!=}CY%=>4@M+f_tr%e|w-+Rur z<1^?V_Rse(k4{hKTY=NpboBk#N5}N2%?09zHwULDC;fxVrV}ai8m%f)uQJ`WRSMd?yj5ZQF}EXbEYDcJ7oID5+AnO=Zwwo`fNXR*JWY3qQNGV>frSM>xALx>0vNFUfqy)T8ZeIK{j+aZaKtrH9-uXb7aVXW_uI zFJ<((y)j!r>hG;Gc&<~~-QC1I5O9is$O)oh+-%utkB$z&esB%#YMqbIwHD5jpNK8f zl@|$~vjQrQNiznanY@HnulELcg5l&AqJwynxCnyQzi)f(&2GEvbX%Z(;3hm)E`YfG z<8%Oj<}U)b#s4>IF3!S5)=PlRu|)Ot>IK6M?VuWBEyBAprEu?6BMnjkVvk`9{*@lKSAI<7;+3lBohe2gX8P>N_US*`vxyo$Kt;dPD4gv9iiPPc7(3pl zP2MO1=29yqPFhQwgLHeHy7_tip*tJ~Q9x#D`|?zSd=CKRHI8TEfWrsVsqV8={Z4g2oZw*;S>eY=)xOAe;NkS=x7wh z>DT=`=uJrwN4nts9tNW^*#o_9SNWcgC&s#jXp#?GCvg&o@o4rVv}aG5r<-*whKz*n z0EUt#@uS!yxePpxm}^1#Bm5(JV!v;h(TIRUto-(`#! zmxGNFcyo_`rN6%%+Xf?vWvUw%Ak4jUnS@KsfXi8Y4ttJMoDOfmS{;(No4CociMRlG z;XtxgDC9zckcla7S>0lf^=q)t>oT3gNp8J5k(gEnRvw;rPnh#jDDG=k1eYBBSSR*z z`Lk`S`}B!dzHMCjMx3oqZom>V0~)TuV#6)&im}=2m&4V~&}~?=AeI{8Mx~KPc%x~Q zk==%zL$xBJPd&}n_0BmY;3Ofl!$7m$;NZXTIG6!z|~XtWW#LBPP;9^a8o+n1O*dUR1_3b<^wp&2$ez-+YIqPVI8sUSWY-t+D4hc z+wiW#cpk(ySepv70nAg=FYMb)%DWUJFwa0ueN~eoq zPM~Ki%x05U_^ogdx)>J?F~N|D5iO_H7?8qm@;~i?mObUl(72A+Rh&j?qKWneC;PXt z5Ah!Ot=4#17djI7T|iPIJtVav_{S7tqWSy;whaYJgZP`5h3Cyowh`#!Im#JH&W++? zG};jM{gZ9;$yzA6l#bWZ9wjle<(Meo^dL$RN~>2^EMT*wvrx5MCVfl()A{&u?Qcu_ z=+{d}-aA-L`*DOU;3WQ_O>h5(V|2US?(X(B`+v9F&Hul*z1#g;Z+mCAx4pHsz5V=e z-Ob+a*5=)bOa>^Ltskr>D5f} zp#<$Ff%t0=BrN!~bK4t0;`Y{5R%C3ZR+G62B7YB@#r|P{(KMlo>+7jMf@DqQ|BdZR zV)|<$0!EzgrZFwv*cG)*tUXv0wM#rn;s{11m0FbhVhmA0QeGn?WrQ*;8E|8ltciyNg~sHm2noAzLq9=DgKTkP3DQg0~b;3KxVi#()1$bPjI=_#Pa5zkl*w|M>K~_QVHI=2Vs&7Gpy$e|HJY!02KnD$LH?X9!V;iB zHs>l1b2+W^9uvNnsB!DMDfJe_pX#~?&n ztR@sbVb5!V^|lP3X}@+cWW_tQN{LP$3e%TbJOmhz-OZg{Je?TFS3-K`8(IxI;-l9e zJc}WlZ)_z*tYXk6kzxvhS~S;uIBFnjU^!0$=^QnH(5smlm*qpvFF%*GG`WDiM*S+%Or#W)QYJX62TFw+{BXI<9^ zn-YvuizR4)Jp^6#*;X@xvYLT4%|VG%Fgq;tQA@LV3RH$QK2#lF+E2TY^B2q=YB(1x4A?jM>GIeI%Ss1j}j#L zx@*b?=(XE2@oO6G5sI9&KZ>!;1{j`_4IA-D1 zdtgdAsg`g`&WsO3NZ{e?GZZHfkpSY;=zVBdQ6YcO&NjZf#PcVhdw#VpO?9u4wOKqR=6uZ6Ir*HgCwrYiDtr4R=c~=xp5w&s)wpdJDV3%eGgBc zSFy82-YP7g+@Qx^oTT0YZi%0Y5~q*zSHt6~tKspAtpkhr(-{O&r-5b=48d=|0S7i_ z1&ljoW%Aug*aE-*{tX~w7)hSDy*(Gt)1ZC>hJngZ`6YA^Co@t1fVBc7o@XfS-dW_< zSr#10S8m`8cUa+9=zmjWy0wc+=m(r$gTq^pzLHs9$TQ;|bInBAo%{@ntS66|y0yz5 zJkQ+~ipo6$$_iO6jYd@0&^IM>SDNMDE?sokJiKqLcG7b1thQ*Pt#GdE zWR63r&`CV?#>)fUVe`K7+$(*c+Ur)V=WTx3T_t6@fV>}2YJcN-DA_u(2i%f8os$r^ zJw%qcNuEmqR*iWBXUiQkLBXv{AO&29GA!PPcX1HW`z_~N$bW6Wsl;hU%}&A%~J0vZl>lvY*Acw~N^} z3mzJ7;HRv6ATcy-CYBFuw0uGJ4X+d4FU>fmLelIg{+S%t)$j4Ui_EXW2aVbj- zpvI-mwVBgKy3A!ZS4{rA7TIj^G%m2E?fn_~^6RL*rDvItu$CDoAbwjI{tcX2;g?=* zb>e83{!U|@%pBgqQO%<%mQ5pjR_@#8F`Xsnn(og*x}SR1fWJq9`QdhZ70 zO^gmjE^^s@VXpOk6U>uh##UjsOoPT34C?2mS%N zSzr)K3&wmSR!Qc~gZQS!VtoJ(AxuC|1?|TXyblIdo;uJxS*cE*(!423wX%~+F2x#; z%0A9sebo^vgy@xsAtOi_2RMp`@#`5wqy?UY0VbfWHEwCS;j19;8s%6XBqXpF4J8Pg zYBQ<)?|d3XN<>Azhpe8Y$7fm7lk7w5Sx6S0RlH(MZ`oI^PMi=?W=ypWxJg3S%ItJo zS0Gs85mOZ9Xe{*id>UoHv}~~wyajCIu{M(OeRZ7@gw*aeEWnzIL}-wxDAutuu$-c2**S%2sdzMu(Rb%$JVt2_u~?3@`^93bYw{l z_@sUzf8fyNDz}{FzNn(;G}*1tqVP+ZR#i&$XZsfyznq>Q-WSmq6ZV=BzU;pk@uyIl z9RM5ht3zNt1aiqr7r2~Sb1PG#JeqLGezo9Ir}9PVJ%bE{M!&3i%bXwI+XaKdx$hSg zE_l75u<7km#CCPA?3W8FaZ?$37b)=M^ss;R{eJ&s|MhXd!0%H5>_b`gFL+0g+mCJo z6h{*nk)K@@(DSPq7oV5;T9+aUExEPo|RrM9;uF1beT*G$KK0d8nxV z@DYP~I_#^j&Eh}Vn?@!lvBo)g{hJRT3|QK|;^GLdFNnCTv$9TAO4^piB-n7tCudtY zQEqwz*Snb}_IWHi2M(XkLd9?%37}|v{aImJX49+IqPF2x?Zu1k)vI{b^wdQ|+^R`| z^RtI&h*LsRw_r|ss56{t&rP@YDiUd~NTixfd5)5_0QQR>j+HpSbxFQ$fNOd;LBL|TNQRo_TsOI6-tdS>MexbV~}J4w=U?iZFSkUZQFKr8C|w*+vqNK z*=Cn*n^`t;>O1GoojZ3XW+L)OX8ze38GC2!T+e#f+Bd%7i-y44luEUIq2P<2g!Dy- z&*Rnb1r$PKAj253oqe44MHcFyL8GE74O$<625XY8mpYpN*8UbnLYd#x5m|Bws_cL6 z7YZ2PPqZ>BtSUw;c0Rq`e7*mEpSIh;9ibn2&&W(~CqhI&9+(0IE{rgis?c;XekCbw zM~XS|$Pr^9jBtJ)U6`G*eNO^RfR$XArz$*mk**-!mTBHEYyE4I9@2=h z`M*2j=C>oVAj2{I#}VUdf(Z#v87F-1|L>0Iquy4ULJq!+BjyUPGK$Q6c5^bYe(jXE z{Y1w`(HPOqu5o{$f+)1W99U!|ErGrRe~|7e7V#rjmCvk8F0z(7IPEZMGE)9Lrm&xDj_bftRnSB zqv1hgc82!!r15#8HrQWNL@3}<>@VCKXjNfBL$?v+=ces!f&rs1&gY}tLskG3uSbX6 zlq=x-IJ~X6(8|)-6Mt1lc5A&FDm_gGJ>OXmv zC11w@;9vJ--_1jwa0E`2n+!AlqI-=6%;J~qJRk`N)~6w$5Q5_U3=jY5T#Dvw!(0g^ zxuk97dd6M5Ood>k^IQ$i3_`=ISs1YLj-dHvgR`IJrcXaM0cO?D%=B2ufOTr|EsSi^ z|BEnY7d>kmXc_%;EBh8kuBLBcMEVxShM4mI2;-61|CcbzcmKCAQgcO-fW~V+aN-2- z1Rj7h$YtDS(aG}ddfdze;OUlnbqTBIEIEQ+rOi~=6iQNJZa|UOTa;=7{s1AkM}KEJG<1!F9^td_W_tUOZ8ikcrKel_&YB7io!|J9tjLuzfKkK{j@s+^t0{ zA|f7M_=vpu3hkhgF*U|m%n5CdW3p@Ni9bC_hDV*Z*C#{oo_=4zAtDHx%npP3u-o6&xfwVyymUJ!0z52EBub>yuIw6k z`hLd?*jchLVC(lb^+DK*N&x9>?l(LU$P{o@v5(tk#8~Tp*4x9&`)!zn24CK8+X26} zdtdT}NIV~pPgmKqrfXt&f8x1`+gVYG)C)aEl1Tz0fiWk>QwxFu0Hdn{rU!WvW@(Mb z;~61(S5_w~Eo!8_E?Vz6T@3GzB5DNXG%M|S4Gd&z(0-eT9FvCtK!N`B%A-Bd1?U8H z3Fz5&oK{j|e5Z;~@VU==o{3LDdSX(_Vbt$=&b1x2niaY%xHclp%b#ootEf9W{cfp= zKU2wp7k?VF8jMP9mmiPesk7m!DA3Sdp}iAq{itfH{eF6mQa#`CVwJXRvGxA_vNHYN zm(YER*N1utts-xZXNsQBuMYlu2BG_xDMVhC-Hu|CkuAUFM%p5r7#?>#AlAiW=Q{EfhB zBE6fot1H13AWE0p`pFDmFj`E))~H?g*WpdA&03w!8nDcEt?qn)s|uc|q@6ZN%VeOg zWktvO@mob+Bl@-6j;>2;KUCp9>ng`HZZjo|NF{E=xSFS!a@4>pf&r$-07J%-G)`0? z5Oo@m!FH%zx!d7|`@lxY7Y8;#b6l48tHFt8Yc)fXL>K-d!|x0+WkakHu}Tn;I^={m z4Hl6?RlF|>f|M#U+__PsT!5Ds|eZQ zbiF?Le!R2|^ysijm~8#zPsyWTC5s$l3$+xcyj1XrKeHm+;iMf6HvQgC{Oj*{F{AS! zu}i|eR1qoh%Cfy%Fn}z)m))~>ZtX15bHDwN$v4!cbmN0sgWM2`gh05}uqd^uo`SC2 z!e#vF#^iS;Jzc{&O7}(})CF+;6>jtY51xZ|enSqG(Z{bOQ4Y zADLsrbW0n2YO%bNW9vy*3js}5=p6eYvi=n++#BE+@C!Q3?p;b3y((anW$JRdP3fHd zGvqLOyJrelAQSW5Y}yLben0$fNNT)Ng3IMs9X+y z!)8}1Kj0fSVQk~@i?zcG{s(Mkj9(`DQvC-u5u&jvU}VXnrhXB#ss0bxl=eh*`VVa4 zB|Ck?CNA&)A8fw-zrdyvH}U@on^a1=R=JN1Bk%tOn}T;G{~K&3ct=Nb{s%S-^H|Ou zcsBUmlZ380Cn}Im){cDEYv-qEw<;w#E4Mk%A{vu16S*<=WTFR(eb*96q)mwP-bx<8 z-#qv&rNntmk6NW{5$$536a6tg8H3uCH)J|BV;SHZDo%I_#mD8|2!!13o$$a0Gxo>Aln&cKJbYUXS zvzDUf{$LlW1yH(;*fmip{OHjDY`1fk(V(R%3e1Gy;E%Pt#%NcxTUY-}OnddEZwkKa zT+oYD-W{Z$9B3fwnwZS9qWiYXp*)*kF-y1D(-M*`pc8k~@=p5SXlBu)wOzQ|FrkvX z&#=7Tagv=AzOc!bL&a~R!kxe0#Zkcjt8`!>*W7<7nm`>Doe*@|yMIU_9~6KwWH;QN z!~1!j^z=uNiDE8#={ChFIdRP-@To7tJAEIoB#VrU?zwE%s;DqlhIu?~mVP&j6ID~b zdeu%sJR;iR-~-`XL)mEwjwbp?V7k22N%6dOD%;aU(i67)4_s`ad-^Yw|xDx;OD34PEg5Uo@0epUT+tf7ejic{KFo|DmB8 zP3`&V|E;0l`zE-w@K__bvco6V3`ls`=|l^bQtS*aa*Y_$qBL|kUYPiiC`Dw@idoU@ z^NOrgU_t(lTAW}8!hKF6ox*;UnD>v)cJk!jNlEM~+04@KK(@dZ@|smgQ28Osiuo1|nOJa{PK zxC_I;V+x(Rt8GDZDDuK8k63@}2fRZNeZHNI`M_4a+A9VJ<3O4pd%AjTs0;sOm2BO( z0ysD}e#e8iK7gHkIU4~N_SctBEv+prtp&iE&i3}lu6M54?p|xF0vbxjH$9KN`n!~O zQNbhU1iO{BBnKauj*rzg8RGf5ClE!mp>-}MC%#C&Z!gUuzI*P=TK7{pT2K*e8?C&h zn@^-jG8$B2brLhMvL#whci(p}6pNoHG}a8|AaVi1<=Dyn(S;<(=$jUoW9WMP^W5~W zV)<3d83w=L?NZI{%cHg6WIDjZ*2>oHi)cTE5BPJ}JH2Gu-=)Hwpk%jqQzK94?!+0U zIfan6K1<<%rMsSvHbuwhFQrX}XYvqg?4_oX#t^<3M&biphD!dxI61zCcra(Pd0mn9 z&uIkXi3ub;Td)UR|K}E9^9+zU(s%s$#26g&q<7`wXePk%`SpJ3H6U_keg|m>bfla4{=VrxuSEngDK}L;O1$|>JwP07mY>gAQ=xlVuzJDA=!1NA*`0xz z0~|cJcPM>PF|gu713H2jB=00dti~~R(mpt>Mt8#SglbYVsI=LeeE{J<;JK>7E{Se_0hu~(f=}wqSSpGHp=$DcDedjea)jg3yPcgMQU1|a|BNs>B$AG2g1qF5mw zk3^9$%CO*&{YKc#TYw4I*Wg7Yrp|zC)P^sr`ArcsN*PPo1{AXHza>(o8hi;BmHYTK zrb^n!EaTG`>Ne>Dnv5_zB{-N!dPSY?D{Y84iawo-Mc!R?FW2RUq1njge7n(68DRAg z!%98CfUz^8{-W1ijO&iL!?)dMO@#OFc>#7*tXdWfe+ z%b6JoY_!bf@E&0sKerxudn?yIjR`I#lrQb}?cYMRxhewuFEr`3?PH?(-`Y~k{yoi2 z0v#qfB2OR@Ee9N2>vw2!Ap)(!)CNwF)4D%Keha1*7l>VylT$SQ^M6mIo3rF~#sGJ- zyt@{-7#us!Z&wa!_&j9lS>=Gs)f^gQ70ZW6(uuO7izJT85sa)rT?4WHLxK?z2M)Pn zgF%x-m-wHSA#`rszuqFvQWo4f_OZWYVAk9mV;rLv3)AL1Kh!4dCO+7cfCi{u-G?s; zhIO4;3BXl=eeK~l*dNNV9-3ap-lbC`I<5Nk$1SAvFE$&Yi=*&W5ydTlS2N!)v7lbd353f1&drkH$4T2n5 zwSvzNe};jNx{wnsK;<5zG2q!%^$SqUcO33fK>kuoMouHK%xHzDV}5>o4gSke53GlNalFTd>OZ!U<&Mk$?;S6ukaN5? zlq2VKmcQOG^1j_l`nj(_F)KhXOklP!IDtrHEl+EHf!m}=ZY&J^ic18>`JGSN(~Dc* z(*iSS- zIijlPz8Bon?Oby?1;l+NpuN+y15{9eH5>u zP#lNrPoBEa3OcH<2f1MSaieEg{K9!O;~b`fg(GE!s0r8wUJ$)33H@CI8|t5HPOvL` z_evrD6ErQ^Qe1{wt#J$8vSRhiexB>({A!<;-WL<=3o|0D&JNmWY_t-1BI}^IX%2t` z!F&tw@Sq|BZf)rt0R<;d#N3LsMx7_mzk;f-I+QP4i`p(+E?cg^-;}Hw+!`GH75#iU z5b7!3IyL+<f42#FOjo?o2my1tx2AGG>smV- zo4a{|$hZIU0@^R`UgYw84ThjuWOsZl((o5c@~$VqOc<_z+ZN4ROO*{v_~E>I9%AHX z=H`m&`u$$Eb8950K8k8@xB4MNQK08PadGCK#cQfkm@0O9Lrt^dRZ?(Su5c$oi0YCFY+RO!W zN@UOmU}ImLJEaS;5x|wKEA3Tu&#>WZPU**jcCG z_AyI4jo7fnC(YO2v4K~_b!kooF-br&L-(K^!h^+-4OB4VP&VF3J)X(Ia0rfx4mqnqzq$}n|4g_wfE}l=X^F&bGZZd_o{C(fH zmiFdes~!#CPX2vud{sRvJUy???a^)DpuP+v!qBY|jF9a@!z5w4{Z~#2(5v|i!uvqGsj$rtA^;4* z?*_+%y1Ckew`3F_?caC(51cg|K?bc6Q<|iQhZoSR8-QlI`vCLPgIiv3S_%%{&VS=} z&z>qfd{5G38|{)Arijzxq_=R`WDZrZrTSMsJfdIys%cX^B%UxX76cCQ>04uOEBX0O z{phn95!_j@pP#FX_i8UMF9tOPZLI6OZ>Ag zcabf$BS{H1LRKvx7^cU{_H}zWFyrGsje_DQTpEQh1k%WCCygRxV9FPh76+xc2>~Jp z$b-2g*{Kk?Ie{^AkVB|iDvAbT(TsWrjA+50qP{r9IgJh|Z{E)7lN`NZOW%&s9FzJY zw?ZOItm@h^C5+f^7sLh8bUcz!rCvU#43%bJOL~hJ1mmPB^`i2?!Vau}i=3E90zdjRx=CzX@*LeI>|n>UB&3 zxbxr#=WuWuCjr}hMxW}(0e~l$SECu9oT`r*=-0(|piqJwP_FlMI6B?n7M&}S7Vu=D z2TeEKi=4uoudqv?0c=!~__Fe7y!q1du=RNSS_$!Wd9wf14`{elO3P`J32vk+$JFB+ zP4icnkr*ugRefFIA8N-l6P+~?e}^l145#%Wbzo~&j#Wlc-h|`7t+0pJOhi=WttpQs z6jc7{_@l!KO$s{^CZfXW%Xl#PH}YQKhaTEmC$Fo;e{Ly8;S|^_qVe9f9HB*cOZyax zJi;?OYUisDd&%i1tC4bI(>85V!2x(@;f8{(+^XS6E%JDX4Ca@oy z;yuEK2iUM=$%-1FfqSWNJA;h%+F44QgoNvj7@6oMn?jy=X6cX7o*2RY(>(b4Jb3*eVj zLJBDXF!>6D%ITJq8UwT+j2_!AdnX&M>ViGC2K@JeCB&BaB~tXDPpY~As=;WCPOSoC zGD332eP+TbMl=WmAaOjihyx00n3Z-8#tvg8v~CsFTQS4|F&s>pK362Ms%L^TB`c1| z6<8{7dAR|@**e%2qVc9NS!F!Rpe|0b^}H-TYxW$G$*iTDcz}`^;R0dm`1C&Wjb-@M ziC2rv`cTJkK0#S>*`f(8=g%YgvK59k&N^*N0u>;|k%e za7$4Q_04z1%I?&^Lb-<{tR`E_3a69jJ-_<|q6j4hUmjyYZG)&x0%3oKV1=x&QwQdz z_}WwX{4v)@Y7}I_|EI&xU)9T2%8Fb0kT#BD)7V9vM0AD9eOd4gmrwtR7WMr*vj{-e zk0-$yF~R9YE=Gl6CT7W0Zn=O$?OO;HfZ~n)9yv(_1shzrvTgGmi2n+A_$-1G3<_Zg zvjy{JoE=CE##s0)kjw<1cD<3ASnBf2nruOm7uNuL+d{*89SyMbtTn+Y4{N2K-Wae7 zf{Yn<{Yz~*KPU~c>V~BjwRXkkt8A!w8BOTM)Rd0&p1wkpk{>wYY=B|UgjI!OS%;BP zZ26Zmv>(NrjcM`4^{s3;Qu$wookxoIADEQJ59$?7XtV^ns=UeCD)!+8P{*Gy8bpJ; z6P&Rtl>v}!VQbe-^as}177nSeOb6wo31*?rzu(So27Zll+i@IIeE7fW6h%miHmoN_ zjajN}M<(1!XI?$Y<)qHJn<&!r+hpe!d4j}=2Hm~qui+L2QETSZ@f%Ba{oY0wM=_(b z^oECb;9;H^U_@{*p>fd#hj-vj9Qn1mE(PKvO5R)*nh@$ps>1_L2Cf zLGvoS-#C~3*HlC3q1){K*r{rR$kp8bi9Y-M%Y)fTTse~8OCe*9vIMW4`*&=|Vd#lY z`>?}gjX}z5s}1(#NU8&Orvt|KwEd?dV()BcQnC>{Gi({{(_Yx$(h~*wbw^6|7~(tq zB}?swF=T)fjyR}F6YXo9g!^BePx>1ff@o8%>?rEbhVM9N9?qHBkKOsryaTzQo=M9tE!ch!s$)-B}q5-d!+ zMY}r<0PCQAPNt!d#;+Crx3DR~>H(}es@u^R;N;zn{fbt!8MC#KJ z-)m2*(k_@jyYlv(JyWg(w-;m;yCh=4&NVXX?(vi;{b0N0@T1)iKnwWm3HcKJ(z~tc z!DR&ee0`$*0*VMW?*{~vjHU6vJlofGuT{}{74kO~N3i@C=4NDdgV!Q`2%{N?JwoPgVk#BEw0=;drW8czoW)s+>Kc#U(D8F`(YtK z8)Ld=VNlH&&}4FOpt1YdTVB|FI?x-rN!PZ6*X*aNU>#{T!^A?>@%KzRvjTtG7ojKR zM3gRVLS;zc&ieV|-7Tk)lZ>q;KNurcJ&UOk;gQtux zztO2m?;RrdlVD&_{CL~@k<_6x2qegeZu1VT1HS$se!+BET_+-#r6xs^!`E0qtF6)u zrxoiGJGn`nzYtmfinxx15nhcE_kxc~0IMHBs03-8&I{Ehh@P>%!-=q9t61r^_x>2; zCA(R*TB9c>MC#qkpD>2;e@ARuZq?mg0)nP87$nJn`2&A^+!s{u%G5y`25ByW^)^1q z+NVhML3(n+hMYph8vGOSMG+^CCytDWW%(NxCU^uXD9(L_uUh^KUWGZg-W{$$7L~H^ zRm^vAysjF^wA&{nthEdFAWN43fq-H>9uEe@B^nw*N(=e|iMONjM@v%;?_WP5Q}NR& zpnXl)Nsn0rp*`%)JK2Ez4DiqZ9+?QHJsHWpLP=s7l~#T_$z-&w(mR(|HdeSW*mKa? zM>k&@@eh zBUS|)cewlAOpQIc>N-u%qpbboam6OOd7wGDF1cL!yN}TqQtjT?Io)p8!jj%qVnj4f zA2PpEIjK~cO`v~IB9-A4M%SfxH~*X3rL!$rQXLdA-gPleUp-(sPC5^ZkI?^o-)nW%dxy_4xIqZ$e zoKqcs5q^<2m4-K}i_WEpT!ID{zy|HV7b^2(NA0)Y*5p)}=7HF*r2@a?`0pztF2dpLEeHc7Qe^Z5-`^<2{jWI^R31!g4ORQ2!4bV14pFRTb z1TYl{gJ9w_8A0>OVUR-jPVW=XdmWqltudxERcQC9gCIyzpiu4Vnvt1m8Kq-)*U6kv zlqj7c`~}-U`~z=veJ~P{-kGEVY6M=G&i?|(nMO*GJ`+CBcO>%=X8Rr;%3;}}51K3N zKLmAr)(P9VY?U_5ldABt^z!mqo5EM{$G6}Cx(ZycVczHnpa$Qy*ZS8lN!*q*gaC;-;`*fFy)Q_$Mk z3l2>nifs3kA2bCxUS3yoLZZ55xDelsw2~j&r?pk;@3|HuB0e2XfsH-wO~FY)4Sq>L z`3}OR3OSqIs+SwflM#`=<`5CP!_F+{2N$3fWT0x5XA7t+;;QlozTl=%0ncNk?42HVS1ABg>UKLp#K2JF32+nO~ zNx|sMh>*&2^bFfefRAte<2_bezPuP(ZhIsFbV?wrvg>=ti-zm z8trTv89W+>ygqvhRRn-4K-|C}Lf-(|{kqt?DWO-ao*Cs-KaiCaFC36zRFNHBL0AxqovS~Niq6!g1G zf;S)HSW#=q-{~#vD{QFJnLP&aP?J?`-K|GF*f;WjE z5=Sp_1j>iLwAb0s{{3ULqCqwP>tX+whKtE{(o-aU3f6ZuD#`v2DY@azILCDO&T{yQ zWX5Rv&{;DaXjd4jb#Fw7Gr^9rB%}z0By(}(ydsRU7*|P63t5~kCRKJ;=(xtQ%eLxSV1#w`)Bv40F)Y`FQUj55h`E=1MYf-&; zsW#WWgPL}E@Uk*~aT!Fi6*QWx!^4i?Q6kCjtEdH5!!*OrFI6XCcKn zRz@ITt!kz;zxVP_7gvnx{qVU(b?P)n=OcOkb+~8`mH>_ojyxFhFso`1BdOv*pgBh$ zxlj#>p81EX)=@=H?r;B0N#lypatLrUDx2uN=kHY@B*peO>14qXc^d;dXfYk{UH!!X zK`oXmXZf8Dw!cdgMR@(sVW4$V&irsD;S1%1!=JX0KUZMbyA@Ym;DJ0nv5mT5@*gBW z;T~-z&P`H5)HTGRsOB}Y+e}^%tD#_!id9Gsuhm4o8Si1}hGpDy^)8P=? zKj17lkOn-@`KUG#p8c5dz>~N!LqW5e`*~J&#&ay#$6ykYc5%XGpl_K7+}H@Pyw0V` zKmz`4o86E>?chR})F05^aJkr0v=~8@{s~P=>jRDdc?<)G8bA|D+Ozkt?`;^%?U;b8 z?Kl4JGQ8f`x0ukDypQyk9JXlaFuuuc2QEiEYk@wWG!b*m9|~+>Cwk&o&Lg?okIocO z4x`e;hy}B)5(o-w)npQ!X%4#ibEL_gfcW&H9Pc**G_#0Wf;?*JB`~(?9vns=$k}H{ zre6&4278sKz_tO&gQWzVHJfUttQm-=09J)5>eyzqJxFXO0 zZ{>LTS%w)8U07N8+9V$7Q@|Ls1YvS*1{wi<`iUtO|C|`jjwbnSiR~hl&EFB06M>T|W`AN$vkVw8{3bHfm zmF^n%x(xuYAOVEK;e$8QxxG;p-U$es4QQm_-gkikiEgbD8?r}{3qrDW_y3y2wQ3u- zbN#IJWJL6gJgkFHO8Z+<&pcpnpda|b@h_5ftaZY(reCt8{pPzRB5}z@I$u95nQEra?X{B?*siADwsJklDjvZ z2fnDSbxWA~d&3#VD>$1NZ5do>KP928y-^kh_&a*>hL=cVfa1 z$KSz!y%pF%emLese?UwMjOwnG?Fxmxn|*9o4ihcm4I?3W_-SC~Ng%$^sit`a%2xHl zF|DWjO5VBE0d;t?^}RHGIEufHzqXW2V;*AIqmho}P#>{;ki@)|Z{cXo@ytW()@iJM z)lX$3w)@@G;~+o&s--PmQ2>mypwVDMJseG5UZ8engRk3N3-Xq~k=3z>K9JeiR>Wb& zt9`4J6VPxTXA(dciv>S}7%p0Pd>kyFeKgUnH%Q8m?&D!qVuMKCTxI*WN_)L^frGiT zZZXQj!nXaNl0LSq^PSb7cNw-C)$no8kTD!Hn}=o^6xtu87YpGYv$io^y%$G`%eD6n zomu_!@{X#UaQrHwICEoup3_zy_R#ZgTk(8p;qV(OH*w9Yg}6Jxl6ia>*F$H zC%Bmy;pHaToUXn+q6_~MIDYeaGV2c&JNX5J4k6HTuhcel>KJJIEZ}~#>^28@04K-R zg9z;hX_r>{-02P2nO+R&z}icdrB4;1EaJQPxH%Px6aiT<7{cBpSR2#`twr3K{uT46AVv>l{l`w~>wTmzT{aaR=sf{}e^OPiV zRRs+Ce2WtS5Lm5KL?Y^TLY&Hr*$5pmDpgU^&`7>@X#m{Yd*X# z_0{6`6!j=&Q!ue4VX=X?X4I?PZ)V)$+pHz=VT{r1SzYU??XqxR-?~VCHFiY!w1%0B z;@cyaV-iV!d>5- zIK7^lx4{m`g*fjVDiaQhC@i47g#%5JnHdnG@vqeXr{G3`d4eyp5ZOMK?+fqVnn@kc zwTc!EisT8a&k6VJwJ@wkIWKqhrHolbPXdmaz#4Th+vn5M*-f^H<9uXE8uk|wF7t7C z%AV1|RCc-#Q3nAm$T|;%H{-&D*c_>{N?Jp^O4J(R1_nifo^al6RQzwU?bqYkO|rjN zA;{i@Kf`muF#G-4qKf*Et1CxYPP=tzcEg_?IxeQae_RQiQi!!u6$|HWcSClr>Sr^= ztjWyax=os_AnP@kyzhhfFNJZIOexo#21)VZ!Ldd9a{sgo?t1xLNW24ZJ+YzZ5}YU* za$wLfHpfpZ{Jxv}cJ*WlV7lDMJcji9clDh5FXTd-0 zm$$b7lqngR%G6LL?8A0|c5X%_pQ`XU;lAzl?b$XaEP!|L{$Ec$1Qk5?LCt#kH9nAgy@H8hw;-gO>l-8#4R^c`|qy7c%B$#^&=zyi!||)Qfw}$)SOUe z4-ODsFtyRa#CIE4FboZ~N{7T6?Cg=&N79XUfII9;FJ~&dm2{OA(}LbvnL*UJ!$vU` zyx?R+YL$Yg{2wrm=2OcS?EX!)-%rp0yWhV8A}`({%hIFM?ObA2Jq(w7qTCGucxS1@ zkdKYjVc$_FC%DA7UjTL+LQonrn0tmH47Bz&mqzoo)>?IqYhxQ2B$^NyMEf?P z`0gk7%}6etsRSRjc-aAQ>2pb6)-@a4y^ZDw$>=QNKkaZ>I2l6$$F-!gUR4tb#;abD zx^9~N(o+yvaq|%lIfs<;I90Z2G&v~u4UdPalPf+88Vsvw(bl7l4jEiEC{bsj2XC6l z)=5n=YL+F1%}5BvbA)o35wY6O4nZ|d06nXP4JekgQZ9(+@@sSL7}!Eg+RTHC#@)<* z3U02?QY#r?@h_Q!+oPU^noPj%!-|?P2D_YKWvwoNJ7??4ZvPL#ZSi}92cmwp97br^ zR$99+FN=A7{u(axef`lF!Pl_4mcR~dq_Rr8>U<`Il7^3%;H z-Vb8e(jn5~W;xyRh(}#SCs}(spGn={lEm=MX|W{XxTgDs^Y=V~jG&q51bs3D5g)6R z>RLnE(xzuudDlf=%C!ZpKAl$zX}`U3RUY#z#3?efNy?xQisZ^+?(~#(wZOrChwi$R z_>3QiwzqEfx7KjKbReyJd*zXV_;auS*WAandz_aE9WbxJ?^UbnT|^^4lb>B3FdO;2 z{~)1>8^*3KB{5JZq+-y~kl7r;{i2-oxvPsJb z%ygyFR4YKq&0TQZGGrB)HT-=+<}(~XJd*kP9SQ za;B5N$T^g(;?Lf8|8d~88Ri%z?;p<-B`F1@$Vl2~e=p_|#a`IpZ9^30R?T(5-7tR@ zmLIUftGN+`8NfQo8&nB|&2A2fY~OlCI)fjL(k1v@x6I7jc8_?SlgAB$wk{h8RPtJF0vB60H zkPokI2o!Yw{By1ATwu7qw7GyN78q&FV(1tD*R1hu%$6Np+AA()-tXjPPkPNf(b|NWSa8K~Mv{UOc)WTmQj3#1|Iy_c&%ofC3&bZBji z>$iSNkMSJ?*#Ehg`yof1q?@FcZ55vIl;`pza*&jOQ+5@m5%G>qtOE2^2$o61ssv4i zZ`GAI%uNgGI!ex&&}CfOOt0hjK-L5GyjwEM`alO=@x;d;DRD~S-MNzBpvdV_bpT~h z@=8URde$N3Q4sck`Yy6 zVc&!fQw`z4lmcYh)@BsVkx=xXTV2hG4$Zv2N-5z=zCQ+hpOg&WTV2$NPnF1a;-obw zQP3yYGV;@rylT3Ob3Nkq?*%58i&nPB$H+#vH{~e~)!~_AeR&lLD9lpV6>xY_wnT?& zk2m_#=BVC^pAGN&w>#LzyttEx(>Hi1bee&Ss_)w!bOLdrI^QQw>V48Rp;*^1M8mdjn-uB79?}@pNyn3OU+f ziuf04>a}TU6*Kp!EK+r%?kc-CwM@#MCK!%vQE*uT&Er+XWh z?!EA}B3pcZYP|~{?vwMvCKk0mTThyu&-=Q)wn1VZRel-AFS$byrX}L+Fw%#LU^M8c z5GGdpreG>>YT2P`36GX)PN)-yY6(enpD2mPO8S41$VKkjVmeaEYGw z1Bh~*jol~XtPn&Y+V7^i6uu`8RnIO>JQ+kVI#;x=_4vf58Q8EvRx51IHCDIZ{o4B^ zimud0t2a4u-NM0w>b_>BW5h6aAS};7XxlPf!(fDMa|?B;yh9&NGw`C}(TT*{dj2VX zlt7;qPpgcb9gJAJMH8iy7w{P&H%^!}|C%|y=bYDRQ`Jodv1b1^YUwWO!v~40GQ~M} zSh;=wBq#e>Ja3eLV;da`_Ywdr4Kz(8r0I<$T78bc6Ob|$%aUWtk^8!1EEorzFk@1H z^t!&cEM2MLT*eO=DX{E87LYqRdnU9~|NvR>6RHP#kQOCVB=s=IkNj?Re16TI@@plD2JJA^J zgR4%{(iGs{xiTSn+N~U>ui>E8Ss~CVJ3}e|tF@cLr0Z~LLmQ)SA~*E&bNDE%nmHM& z0 z0uDMJ;C3t7W}kfAvBmc~3HYEF+?V`VwbSm&sxXSm9%yn&4eG z9OQXdm;7~5a|bC-cfr%rZArTpBj2~URlCOB?HE(xd^{Wm@>}}Lo3n)y*sER1&~shv zYw)khWTHlCvc2(}gJ;xuuLkU#s-{q-GS zIgYVtyx59QR0REwWpsxn-!d>RThuP^J_0aayx>*ye+ZmB?~*)}4y`IsX)PPf;*f_8 z#FJKr>4n}ewY4Ee5Ai?c?X17Pc(Y~aSRXD=U`%bUDcXy>q=mt%XBHl|#+t$yEOC7p zU7oOEC=ufh(r6yA-GuM4-`aBE)fZcs&ammI)VJ~MaxrS3yIAz=VT_QC#%(%Df+4Fp zD;v+_hTaOV%RcnkP-V<(pXgtiSFKH?fdZBx>eGV8it`QG!IFkg@RY=I`%W2lT2sG{ z3OjMPyZP(O>8(*{d3?Q~gISZ;z+|BRSuRgaRWFXTtZmQP+vV`-l!e*q{baJr-`{tb zc;Qf4xYfN;pBq;Ilm8dKBS~152k0DXZc^n8-EcVs=R`39p>jx^_M)Qu-DNLi(B)~< z(V~-tCm_K4F39m@d0g zmeg{Y4l3`t5pos~sF40iW5&N{eJEx2PV4pCeU2wxwdp0_agV}(Tog*9I!zDssX6Bj zjX(Xc8lBKnhN2oCL>wg0Sqsrv;CxgA2MeUZ9HM=t4TcU>F<7+{#Q&Z##3a19N}7ce z24s=Ds?M4SzHU324fj0$F~1|=%}!#a&%dLVcAb~F*s@B1bjwyJOo30km6P4U)+evy z?qvb>^=zx>nv~l+9gS7|lL#iV8{(%^g}lhFN?WN%fD^_-WoC~?3oB1Snl>2GpPmK< z7dq~3=PtSMVkDpwSFZnz87o{v)>s4GN3d-fkeK=i2jKFlhv$VOvlj&8r{t74WoG77K8(xkIB`?} zNw^78#>OR=+uktS5rg{~Pxwg-zw$ybbQ(@3=}2}BU3;9rbsql}Oqn9WikwACjBgr5 zvte6okY1~1guh|9K5UrYzij0M!cL$D;LHb2^wZH+); z9@h)YgAhaF!M8L-Z+AgFimF`5$57FQ+|f9aj9GD-7dmWB*-arY6c)b|se|998CN5- zjCmIO;QeyW-^+AhT>4gGRE^K!@N3jtW(C_w@41QOZLI1fn8g7HJt?F@oatcRLX?^T z-8P_i3~1$7Y7dM>;m<0(iiU!dv5N1}c_4Y_s$Y?YjZ8pY1Ok}B+uo%8)7PTlStLc* zeAJU1wIS)|_9BF!FaY_pk_nASlUyjTgCNRRNEuuXENnxTSzIf3o+78thABN~;~=uY z3<)+?IGUc+7vAtoBx+e6mRJS%qXTf}4JMl?S4~=WV0PKjbm;1@+Ve*qXf!9@z`+*_ z25bNs!w95q*#upYfp(N?Z0!Cv1Jf#k^^F+atLKEwor=k|*P8ZIYn`X>b z(N_5YlwRj?NU;m{Pt1`QV2C+!si#qIHWp9c_>E;fXP=m0Ckfz*X}_IgJIY@P`9Tdi zf{7ixqe1e5$Hz*-IZ!bMPRM|=b&4biLr7w$t6tc?P2GxC@nA=XPW$a%$+vP3I;jrt z!_)49=4z4)+wGWkdF#Y9NP@9#Qn)Cnk)KZ`&kLdvf5@%aV-fhyIJP0Uo78k<`;w5H3``@whl$=-E(f1mzM=sJZ#P|zwtsERNmMV!=Uhgmv z$s$|T%-!z{r#4GlOFT{l!IE6%)8AR^ zaujXJQ+CWO8ab}AC<6q9bQ^6go5;^7;&rEsZRIfS-XLkAYQi+bR~7Z7hJoG&gTYBY zRddWnp&SB)9(qYiL-JGS^u$e>Z@X=qZu2vU5YCGuJGf?ln z&9YTBrIhZg{9qXAfjXwDjR)~SK3b_w3jE=3%*znWuIbg%pY~2r*1)3;ixJxcp?dZtJt0&gCg-DB?F7o7CLbkgMHInroyzJ88o!><&5Qw~Por&78wF z{2Z-Z$%M_FdJKiCA|f3+{#|V?jb?iqu# zPnQ}D_t;%!F&F1C20}doQ9tjTT83A{dKwwkqr?XR2^oXR3Ym4B+Yjvn)~-8A{R+ze zy|PmS{B$#+g!@bR$}Abv*ufJYX@wgIuioytyq@1v8#PJPdgx~)g;8~_PT0*{6mYl5kwbJ;#Y z21__OLVvs7McrQbio(~R2M?J9q|-{w(qR~QVWw2l38(&Z8q&yPG4{YC0=2o^B93O{ zt>Va4qAuldS~KRFTxc@NdpxFI$o!#&*vuBsb7&DwS{KL96$w6I#&7A1TOfy3sA1>h zQ^UPG&dFAUH(bjcX(jyhS|es#iRlo{nK!Sg0-RI&<`P8*^0ixy)53USK;&lYc~qa|H5*;gcuL=#&sgNBIkve8 z=xk&ygV)MV#o}Hx;@8@uge=H5-%+7HE?OU?xNYsM*3wtcIS9(7r0hC~@K{A4#A!r^ zY=rkwj8tvviV1bIS5&h(YHZJK)AM$A>Wdu0RFT(udEUlrhgTbwiH2AKMn$+jNWgm; z0&bOGH?{N~v>bfXO0}4>o2X0NDVC@;Da*=@W)OD7#a2p2h z3ijXadQ(Hl#LpG9F}+cMwK`#tQpXV%gcFbE`V9(Jk}MOQ`!qLH(P_%S=h^|UOIEaK zWZbXs)!VR$?hTT*ajs4gt>z+%Xek?q#C6`p;g(OdNg#BxV|y{S-E5<)pKzcyicm4X zSHWVV67yi~k84$x1S9seM3mD*v&7lU-q+*?(##oeAaFGK{W|nMsB& z1zJ^#UTBe0d(T1(P>V4khRU$Mr2!hpXFJKgl1VCi5A`Oj7ScHm%9~J3Xa&iy(J}8O z#uZ>tu?}r94nN2`R4Nz90LjU9ZNlD=b}Lf@1|K$eofX{8MM*lxft=qRofop7U8@~` z0C`0ussxux02I^2E39yiniwU6-pk8w|5Og?H+oBL$2%n*YqxbjMQxmA&1mX^=UQ`I zx0q%|O=#KBxD0eG(sMsdUDTo!tcjFsWqm79Jqr0)g+7P_A`+j)u&Y8o24_W8vja`V+ zSBXsvd958cT1XA=6wL|goTrH?k}B6TqEmOHHx_iNj&=%_4ZsODFN>@G7hNC5+U-1( zsUNIxP%hy*Z+EUkUuLs69rE4I9LtV%rTZpz$5pg z>kT^?L-(!X*&+KK3{D6ijUW~+&^IMY+gx|m$PEI#vrc+Z0(puc{|B~ z?RrZ?Xw=(=XXpG5HO;;}x_~e>B`DW_6Fed`O(ybzm$7Ix>g}Bepn+4AIm?qcm=Yhg zZL1NxBJT*E+ZKT!?G}*-&-(5*Y<=oU1#QC_gJIVT`~&3}&Rz_Rj1w?Ht|#<4^={JH zaS*GxrU^Z!36+04u-m!#?nWlb43d>wJyAen83%wN)Mj2|^1-Q8xf}c|m3lYa+3<8| z9~k)&oy;na7v!Ng85hYNI)e6f1>paw?KylWuxAAGi&uaQmX~3Fov!u!%1^rC1R_;A?t=z90F)P zF+g2Q3R;PexhIsl$7!)&)~j!$ z-(I-rgTbrZu|cxMr!72#Qb*y3C~g!Qj-P`*aK~fGw1DI3GpMO8bh7ng?th)kLX(U6 zx=@wW!rIfYwijGQs|$5x{5OFPnQLm}91up9FA&t{6WG_d@o1v>t*h+ojMk1w>WE8< zVE_!z;zQL9@KaBjjI6(!utVD^ADW9I&8fhN*<792oQ*j(-oiFv(^>ZsK()>EV6wD0 zVZB=PSJ@d0b!oKK4}$V{3vrHSYt*GYtPXMWOk?QU7IikpNIh?0Y><|n3KdKTMFdpt zT}M0(C6kHSj3q%5+%h}BmKk8n*~+5;QY3RtNClEDOnI5ocHmIOmk zNYe;%TA+ne9>v)-E)ui}@I@^MKtE?m!s4MfPEF>ETx3>_|f~Ge7xRIMj zW*Q+MbKA(qmu5$v<)_MMX%I+@Qn%Epi#$&x>1ag4;D(u7M4x+@DV|R0zj*|Pb9N)P zAdPIYCAsT34ScqxqO5eT*_!IK7W0tRC&@J2u+wOiOyl7-+_7ueRC1DyY&9f#jW-GP zsei2#z^^LWoq(5A9C!HS2AO-b&pr|i;%{g!irY^`Et z@(CRa(E!AiKKLl1c5yce5*8}9kqyx)1D4EZ?9jD2UE9GKKDE1$xzK2?d>uxm)m6xF zuFF0wRC}%o6}3Rve%s~!LiJTu|1rzq4Aof}W_#`|X7>}v5f@DuQp4KRp_9HZvQjAb zNw0HCBu8;ZYc{dnA3s{Jkn3W$r|V6W8I$!YK9t4s2{OZwgae%QD0!%NNrvL24zqa(DiP8r~c-;j@g9u(?H@Og6K)_=8nd`lTrBbW0mPbiVUG|+N@tU z>QCxB*D!`NuHp(tJPi4r#LMHyc3_Vmqr0q%j8w%12zg8{^&L!(?@p-Dkw{;W0b}H6 z$GrXPx|?Xp@CHdOH*7AzJu&!;Xt-^cvhRBrNtdLK5RcTJgr_1CNyULQAmTSTQO64i$awb zG@7_Tw++zk6-L&q@47(R21qkAGF_D^<|(GGP=&GKd@c;7rJ-1X@fc6xsY);pcgb5U z@wUtrL|s)%O(QU%!M(M1dXdarSxJmF6G#&h2Cb{~HCk{`xtgF=Oe5cI6^t+)koM!@ z5mRLkv=yc>pg`Eq*HI{dW5`-=a2y+(I{ym#s3a4Ko*X9;7~~>ZJKpyDoCzEf`cSxd zG-ParW^K@PN|C9fr$PuJ%{n>a(JfQ)R{BOlzG~Gm>c^ITbe+xQ7wx(+U@!7@z;QK- z<2vTiH;JxoYqyy(CJHxgR(ZlKfc?Y}V21usJG^1@Eu$ye>U2(iFL2bt96Rd9(VBFP z1HRMUem2Grwdr6w3xm^$g^;sUj?Z>_u_p|@w}qNi>St$>G=7&A|b*iOn!?P2Ehuv5~*GAyL+z%apP zS;fEXaKif3r{K++sa}-1RB#;SvWcglyY_`;_xgrdm z3$nHqciS3Nt+cpJ2ZW7JT166T)*CSFK0^)k!oBDQyyti>az?2m3>k~aRL8w$>mt@B z)C_Ig#>?cSu5wc-jY#jpS{>m0sG-A@EoW_kw@ZL)!(cwkr_-!e(oF4GBt^FfUS5~i z{P%*#i38I_mE;6M*YgAAwkZw6O)_PEkWSGhkj7(HcI^j%?bi&z!4p<|bPO;d}ML792jjV}SmYh4)tyvQJVc~qOlY#IorGtE2wn6Rc* zIBmnxGg`(MXnv2;wN!VcVjg*QkH_qS^AO74x?m0VtdyWUQql-CD3eF>I-7GHyrYI` zp*Cl zV1w+1V7}yDVO3oiCe*;;P)GWVm%Gm~PGw?4ZkydmM9z>D$OUN*#E4S-$2)0#bmMUja^r>rdf$S!CyGkbQktB_X=}E}c209J(b!5! zv*Edgs9%~Uyr%69HeA%$8=UTT%Z7?1pLOtRVJ1anA3iIzs?P_5eTXffsNtr;*1tjd&}J9Y@vtb-@~^DxOB zegBowlL{o>REI+ma-OR{bq=uKVR+B#PfgXf-*q9kXIMUXMw1EVZdG2D>f(eZ6Jg_m zCX9y3ByWmos-wn6e=HhP(L6E0m>svewHySRxU}UDzbUJ}{{VD68p~i}3{qwe+a+^= zTVTE3;NI<~lXP3RvoR0YT8eAvyEvOm^3I0{shBsT$N~Swt19ir1lfw6ep)5{xMpoM zXy+9q?RR4XCs5IF(otEWl*|ZKOv#CW1!q0Zl_R4IJy$#rJp#1pu1uW;RYu+IqX8yJ z9Dq+s;DPXz6iV;tTWAqPp30|m$6{vkf&-s*S9-q$w#$&W_vERVu_$Y|L=2qYaDbV8 zzRHcjzE0->Ak2ntwzH&@pQ$}?SnS3f0u-|ab4I%2+M0t#*Ta@1BT8z#WhK9+4Z~dJ z;%VQx{BUB{iZverghrS9UID? z?aF~P2#bSIdAtBZ?u2c3?!*tOXS;HcKB4GY1uF`BH0P!ReVD+8Rm?#9jwztwRP|d4 zS2}f(_B`ezay{twf9UqF{&{+G)&1vXzjJkTes zh|a}jBxjj2k_}zY6X2~hB13ii+VW}w5SAB(vTg(=GE4SM61LALy36JwQwkqx+qJ&4 zK`#gkBNscM4xuzkoUjGF99c&mw4v^GLWs)RvR_?+x_f1d+e+}ZCL_|zehE!3zfk*5 z3C4D2;j<{S!@i{S8-?8Ihum| zf0Y6x;m&3pEZA=ff< z7G8U}C14%kCIaS(-C92m$e<10BiB+Uz~UP=#zM;q4ipphvYUr;9YBa*qLQ0m+hFu- z@Zp49fj&BVgmV&%$b{Z9LRErMV`5m?wTYRryg{8M$AL)VV3=aE7q=X)_Vceha4g;B z;e1DLsg|XxwPSY+gdB=i)isYn?{I%uRsNlU^?7mCbY;_bySHA%E700b{fPs@xH7k% zxOBo$jK8&(UURLQ+esGIlM+zpDjpiLk$7S1XEURaAi@m6Hb@R*F_%DSD3y9_8qaiGR;VD<}nT$?-b7 z--HyXb7tQd>1Ny~G)jV+PP%O~10=k3i7ZqTFyOEh<5`q(NzMAcO5DV01l~KkN}tlh zS(Lx@CV$6efq&|^Ep`t2P?S#3UZ;q7GpurT+3&6H4cC<;un znebi>{W6wB<|%`)?Bj$}f2bm0EbP4!*!GINkp4_>xpmk(`rc>5b+PufLl2h7Ah#{s z+wQMfPwORjmjhwv*Gw@ocXt^K&tg_HRu6?`B}hXCBpYC++tPR#Br#?avjKcOn`F#& zp@I^&;OowCOt!-^2uC3@^#H{1k;GhWF zFYL~)yDdVO-^urjWfp?1HMf`1Njft*deW*lvPJ1-n_Q(gXageuplzI*vL%Ps@2DVh z89nZ6$LDL&RHM|bSA|I^Rst7>I0{@ zMoDi=pwS4(I~I+0|NVE$6Kgj&?tz*i+y$ZU(b#u$Z8dayU|3^KNz5QyE(9K2vFVIrv&a!)pN zq6%BR%rq)1aX8B6gAki;Dz}7_X%KZxybK?artQWCA}qhsZOdx69l!k60>MiqmZgG3 zJc9ag%XH#+?zc-j=_p%IIbtBz6=^b^?2Hg+aN2Aeb>~3$v z{~L`)?*FabW_#zqn%g_O&Fyx3dwcJ{8qIdA+4wKg_^`t$|D{rj{;$R#?khjJzsQd~ z^iv1zi8^HO`BGnpwCasb@*Ry*DH*gHjqQbvP3kpp3jOZjo}xG*q}&*pJ3o+O0dMJ$#A1e$yxV-$~re?xx?PFV}gp(MyS zrct8hIE4pi0BlS{(go0kL8OtAZdH{m5Kh%7Fa??dgV|Kzl@uPKYn4cC6Jy6!Ry7#( zCV}dLOeI*BIxmkDB=w<=&ZUX!uufj+%&}=alg{Q-JMa<}Q%b z#AC7^1RJpX^k#nlaW)gg4t4{ifLm9S#s(uV@T-musUKs9i~^nlKA z6Tq?*NDZ?@R3ZCBp3-J98?iV>ua>DwjRE;tF$@9~Euj|}4Keby&esT<9R{vQUF}Yi z7e;ClDdunH;zJM&ez2+cf6f`gVISvE$*4GV8qM)p%!HEo;F3{g@b#$PAW2LkVLj|5 zDa$9J(H|*6^Z>Zc>;x5z+%!Etoduv+`Q3)a z!ZC}3TMCz_5+S0RrvTYUIS$n96(q!g9{3Q1TOPqy^kpBC`eQytUM0IC+B}H4KrAz0 zK6rrBki_gZfTi4Y?IN3mg>=Yc{TGk*GP}D;0h6a36D&$L(Mk7i!b8{;gvY@+fNY(G zH81jG&8J40?Y~L#=u_B})U55Pckmn#6SFA|%>INVaFS9aUN$lFUd+Nd34`bc5H}1W zpcARMZsC7TZ;wce!vjG0Z=DkOe;azSYJaWcFrpk{k3`8O} z-6PA0LYM$nxGWqUP?7)AR<}FaE?+O$OS*~ zlu#+*%~+DsP?O&sk3;`1kg`U^qZ+Kd2yWrenm3{GSSn6@PQzqg8^w%mk|2)RE%(4d zH-DPz`*bMDi`o{m83hWQ&a!h;{7e<{+O$t*EXJc&z!N1{xO$r_<{MrN!g8UlGlK#butp}NXf_L_x(QAWfMvBSZg#a&}W~!@z=!$p&?`(Qwrd8sH;rlSs%pt26{p| z{}d1)l%JJCUUqP*i#xd#`mC#y-bk*$(S<}3B$B4hq9nms`LB$rd<{%aDemj`z%sIR z%!Q}{!XUi|Po?~Xe+LnvB&2sD4H7xkkc~}(W<7W-6Xdw!eGCrH1RS_fsd^I+&Mjxlb0P4s5?Mw6At?`*M2d|N;=ZZtFv9=2Igzt!Gf~BmUkUgj9#^YGfhQ8#&W!Jc&Km0%nN1#6tr|jU!xt$UtyxuglD)b z_AMNvy3e80CmL?7C@u9U9k%4r7%w)bK_uw}wMXG}pUF8cVX6#mHnCy0XV2+5W(f_V zO)WP&Dm-Wh(Y!D@r(@HhC5TP%pfIQ7rlRgm$rgPk<)%$Xm;e$@>~>RgLlZ>Fc=9YY zE4d-})G%OhDv98X#TZk^)s6%I)yzzaM|Boy{syKVRO_!4Ke^P^v-8W|QMXDUpaKgy z3EhVjxt)I8-Q}==lATh(EUcFUN~@j}@*JpKcADr|DO$CouZw=g)POVKL|_V=%iz@k zQ;y+MyaKV&goKO=sZP08dey}4RtNzW2YQ%PkI~}VVkkpZ;@&ZQ>oW5Uk-7UiYk(rb z$nqI^WRC3#ScK2x%_5emmh~Jfm(mSNur$i;6c8Y8AqhFyQi9m8$w|)5+C-2xH=Iks zg3-8+c^op=EZ$CSqR%eui{FpP~?Y%pyOXn(RR?#c0NY`k!9TJWm4zJK0A{HxpQ^FlQ5_ z2+h+UB4*LOMJbA`Rsmuw80%30$QizzrI0{M5~hH^hLl<}Qf`R^Z%un8S4PV1!_Jf|*hx08#e6LyDlgy>w582iRNFGV`WEXRzs&~#-bec5B)kb|P$(6v6V zqM9i&3x??s41z$>)z`O=*#3+svXQyHf%9d^Q7Mz#b`0vBJVsz>BAu~VFrVQ?klY5& zlBkYQx-eBTj7l_)84~_n?GVt&*c;|KEFKuIL5MBOT+lt#UBGUgTxtPCC@*X+N1IH3 zAac9;JCv6%3>xa|D3(R1OgIva*fc5n)t|Otiwg8tM5{-;E{0( zMK5C-qca?o{uEvu4AoK?r6U*zMf)OE;?Nxey4MRmUp5|Lfp4FXxLNVPK{ zy+M^c?+khajocr5m#@xWUy>g?{eI`{vezAu^S*m6fBu4W&VC}__s)(t2@CKB_{|I) z%*;$6sUY(mGpXG{U?-)TPtD04q6!qExX5Dph+OtAPr94r?EI|OJA2XZoxSXycF!(1 z$!WKL^r~}q*?HbO>0SN=B=n+pdDb1E`#?v*xajmRdq=NNI(>5Sx_@y#=;CRMw}l}K zp|tFbM*?yPg5NJgtuRY2bT*6mEDof24ig?JXGx$x%W)lhDOwwaNT;ByXm%Y4;Ov5X zfl-r@sjGWdu*SLY$yP7F$AqmzIRgAgvyd-CKZP}vhbr2$67NeITyWWsnn zcT6q%CMy9?Vrw#p*fx_qUq?Yf5TAv?5Cl3H+&Jb!n0pJ| zWkRTz2)G?D-yg_5Gsg#y$xts@h@}9OMF3s8r*xdP;mg+ACBQldfVZzTvIUU`0XXU^ zK?*Qv(+$997l3LGZR#-+8snY0JjKmfEz&T_E4qNq)bN-Tp9GOwOoy+!7K8PB@5J?} z3H%?kXX>1SN81G;BYp@ zj}s}nXSZwqvhd#PHZ6sE6VA~J3YN~yWjokh2_+*2{A3f-iOirlB~D_7W>Cfb=0JCB z8U=~jkLLC^)MF=n7%D3i$Sqrv?MTTNuUfDuvDU8wk-6?+b@GbeNlge=N@vKW&qp*FW^HF+rhD+r6ckPBq`!NDZ zC@A$ffI9h+VM%;bicnn`Xr&EuKmy$ef%QT`?E*1#rVnF%wK`+%ERbGh-Y1flg2Ra_TOJV2ci;~|%@6c>Rt8j3O^j-&PS zAy~_3#$=}nnI@XtA96WW{?9e=b|+*h34M|5p?uCNu9Y%_FFm|KWIk9Vf&W4ATMOQR zwgF?AA!s5ul`D0QG&1J54AY3a0;jT;Sb1F(=T-mD_MHFE_~rcnO^vt@*~k6<|Bao- zPBZWSzrC~l#sB|f{2r0-Uc@|`(D79;o)8tFgt8?RH9DHmIH|bxu)ccyn4G7v^P2eF z6Y9zzvO`M&IE^7KcrKBG2ohE&&soUt;3R+u;!zOcE!&U^C|2Na;3o&&v?QP9zP~8Vm{3bav8-`gS(&3g06-z$%^`=FDFEky#?&B5ZS zYLLl^`#dWeA5SWxtbPcxR@e&fSJ&8X>t|D%uK8{>&(L?a#0HApz=bOiYUJN zQ>RI4BQ>VX3m8fbazE8@K$zL>BK-h!fkrnRu-4K z`@KulHWPsB3Iq|oc^Wi~K97&Dza}DNY(}0m3=$ghuw$x^?>*QtyVOGdw9FC6SXo zTcvKn(@lGUsoQ?d+R{=aXIeu3)p|uzxf*nKJ@S<)7p#VAyEN4zwm-F?`sMeh{Brsq zoy}@k<>dqFfDh<@&33b$)Bm=2T61-C2~G$egn{p%E>OHB1^uycnY znbO~+97??#3O>Tf62&GNra>s#9uJYv9`%$kDe8X>S$m;0yv|krHq77hTCh zJP-N!fc*T5#Xh-=<+0I=v^P?pMxIn}PUujO(=<$inl4ln(}ayxodsulR@}83=rH8t ztqF_$S|Z`sf+*oNd0y3GgkKBkP}HUX-;?lbLcy;|_%(+gY~c(#UJ~3&ITMEIq8Fsd z$YZ2}ws@6MQ0YwnAQvb&3Kn5~%qa~*P`340VB9rreEt8-G=5!|pC0W56Fu@_^S}NSjPd}&8Vzb2dWS%(F_{jni|Uo=DP4-DHDnLn@H|0M@p*O zFN3Oi>dn#vQf*a@$Hz1%ZM0i#v@IXV!{8GS;Wv6q&u6;Ho2ig5##Qy#8}-*Ca>*eL z9E6wgkko21O9fM#nAFHcXE6Bjynj3(-G2YPe}MOI@)XkEuAtb!&3BZTvL-t5n^Jon zlR(9$VUlCBe_g1i2evlK!z+$_N4~;;VV)-ZR2Ny$SW7~oh!oa^C0O|QsPjFW>o=cz zXZr& zjReZ=!UPez$(FO(Qi8}W)?2UKbIv?^WRo~Y>gpc?s9DU&kYOm-s}5L7ggu5-2Gxjp z%E*V;10c`q!f6oWrozp^sRR8!6ialn9q!hl2JK$`4LJ?Qs@UJ7M_Po%YX&WDkAq~A z4nf{VgB}`*rSLseWx2ORBAMIPqU+U1%73t?*lI1}2@|#EmqQmHWY4_(spp=1pTQCR zmp^(xH52;s`((f3`9BW%kcJ=d_W3$oP&7c3R=9lyTqx_cF|Gpd^f6{=VC;gwMM=XlW&~AYM%2K^Cp~Bbyb5PBJSXwsu{w8Hz=Gl*+CAk9YOG+59d&NSDnn*NeqySUlH*TSGQ(`QKmRNZl*erlfDRNGn@h)+#! zxpI~U=>li}k+G|@ zvIq`eysc=;ks~Ghjs5*^)uYnIfaLiR4KH|{ypju}`!XO3cqnTkXXEz6LcvJQfLfjo z7I%xEyPcQy8#$0lA3TVG)e%76y?dXzuQv7k%$J|FqAm#X`QP<_JdN3mKdb+JbOokq?nW^369JWxGPJL%1;Zy`mEKbNjYY zfdHrcv${H1Q;cuM<0QW_`95A~7&Sl{DQ{a~txJFd{;*)E_mAoo7YWJy5KI=24-Mc2 zmyg!)GwS=9QH;1l+47}=F-YRTOKO*L14q8;!=dnp6kr z@R&~}2d@$u-qE=*yV2c`E>m#!re!f8E?=c_K>jz!nIuG=l|?-(ZCqOf7KsvUm1RGUI-o zyx>?;S*6*$)j40?zFkFTaoVEBb$hl4L%l``1JM-|c2AAOE@A*#6@G^-+GGf&cek|K|Ahy&7YG>YzgprIb|G)fN0wtBX_ z$6Sf?+ru7n%|@}+{(U}v`#B%KW@B7+0*gL4qMD6HCFW_u;B5{cd2EXp=sxf@V7ixzX*R{gugGp&+b8e zG6VX^4L_=ptzi&tiHZ8F=Ba=DuE0MccQo-P+T&;xjHh%)ya|oQOb=m8NEkuHlVCLW z?;i%jzyp`Xbun2svY__v9W<`{2NC&N_5AkjLyq*;;n|%@5(*-i7qjG3O+|<>JCCe) zHZ&)-G5N-)YzkHMM&Ew(MJRm#Us3*x6EO>er1s(R06!%E?d-M-`hW9F{`ZgaTR#6& z@djX(#0Vc-kWr&GmV5Jo${I_EiZ#)v7aSt$-w=LsKz{yJA9W!W;tXRq6DAV)yNQxO z0_8^IUKU!hy9H1{=J-6Mu1_vUEt~52gQp5!QJONZyKfSxDFo4s`u-z#_t9EL{)&gx z1Mv$AN~uvPm*0-(!IsOvCPeD!aC{CjUtaPX7U`KeRGz2FQhJoQM)Fq@k1x+zepi1p z|F;zrbK}okdE~oU_6DL^yn$%G*X5K~90i<#nmUzxlc%D_?GB#?cBVET<$ zEDSjr#eAyEO6txHbTXllAF>#daU|2()|3fB$0lzEnZ<07xcNUm`Y1jRdHOGA#jM;% zg$^&skYSDp3nZ9b`c)U+?R8oD%TeFQ9l#ew;y*}{xNkqeK$(|(#LZxE^J%uiYTf_U zw6J?mU>Ma$Txr$eCt2nd`u>!f>wW8`$Mq3c%yjul)@-HTKc&w9XD@@E+oxHEm3seV z=8r#n4PauQW&xJ(`jgv${_IuAOz_jJ#_B`()V7fSi@&1%PfTg}LCgO<9RIh|EaZRK z{Zjw+qx?Pt|G&S!|I}w6|F{2P!~dFp4a3@Q!La5|qP0?J;A$9rugJjvv>U}Gk@|n; z;_3lz{E95U%p6@kakwl#zWpy#*Jk+El-&^XOv3MFl0SIwG8hg8qivC8z zs0Yz3wOCE&Gj<@SbuWA1f?Y8_Iv{Irk50}9-2=d=4xf;dcXkJxale&wWnX0dnOlJn=RR@QNc?a84?+PL`@9 zdc!#8%Y1PmQX?w3hqwVgBopK#e~-S}N<|C?PZr&hAr%u+W6lR&8i%A-8_^&n&DLJM zQE$|n2Rn`3-M@s$o0I<}N`;&)jpriaF{{7%v-5v#H+Hu7^7g;>Ui*vu_c4Ad)jy4V zvd;eXATyAAm{g;YsBVz;vX3Y9m?rc%h;^vh26^|c^7N}(O>*_#bjIU^M#)$5FDIcm zIpaPfrZHJ}VM;l{0^Y!IUNkl`pHM+&G={v~$%GLx7YUmxt0ROKvrI=X0D(Y$za)iA z%9dcT;trux9*qeNLl8+YY#5T!%Xgl~W2h^UaOmJ0Gm>x6#96P@YR@W9aY*D=Vv9$I z)mBwLoX{Y8M&$f;OyprzZn7GVvnrcPHu6*%GGh|>*)M?eXCG}nt32I8(DEP9@v}_Ii9+DK^BnZKVo ze0z12n|52ep;|h<6r`kL#cK0--(eMpfMnn<#45{RM!zavpSn<~I{XV~)bKysZWha8OrNU1nlJeFni zr&}3Fg)x_N1I-SW<^-9EDgF(dQ?Xa08V5Wgl7N?_F&I2DX!a%$Nf3<(z=DrL8cf|< zSGGqvSvqEQvAWtO-2g>-}=NXA-R9U%Ogo1H@YkH_Yz&{Z;64J?~7#0ZmkK6{IhgAWbr0h zW8~nFq)`%t53}wE)-wW_=cBHA2T#TCL6mIdN_VO0h;&#hV&m=Gl97^k?+l8h5?`Zt zG-fWJcITTb$Wyk}%bpp&`h^?9gRLzxfbwK>b(ujjSqquzvM_SZUS_8Xh3;v6oiWmCEu z)1uW`Wmhgb2~BT{fIW2H<@UEd{#-e1p@{mvOn(XXUGu_JBrMJouz6nOQ(1!cVlKoP zOYV4lGf*3A5os?V@p2FgXuOQpm*6JOHkYfF-x?XnA&UYQB~TVt?xW1##m}cfG?>wt zy`Etzk?tGjr3sH^(}nMrIa3_MTZ9b5g%h(WPYek4S6S;>%x5f4=3p>9tp1xv zOjJ>KJghxDzaO5DB13}Ivf4ySsnuPl3G;3)SR8QwS-T;r%KmM?Quf`R|14pW zjnxoP^XZm-W4~4fG@msajYi|?mi{w`0|enBp={S+(ZM=?TpxzqyD@txiBo1(;WBL~ zXBx>`NqD@1kz~yISke+|CDo1hZd$u-{jt_HtiD<`7B=z{J|RMDOpDA?#99SD<=nF- zk}s!lb`*csDg0+0tKe6a(lC$n!t)}qGH#W`bIYvcALY%8O^cMKz!YDU9M)vPv1{MC z6aR~f3dA*3u3{Hj$b<6c&YZn-VY?4(#C^ZDe;7}$1rW|-mXIlZL-e2sRF*D3c>ga7 zVV}|A@<(~pGIH9VCT_j20Ck@kyJWB{Y#ZD6k|tjSp^UioR50+-iad4{GoM9CKtti0 z=AM>+@=VHjPq!Al%nT}DFnke2aE(|JWY&E66b;pbU>q_3bsY9pA^c^wRTdu$0Kr~c z)Jc(H_WWmRrM!@*zFsd&1sSQFMgEKj(R+;+TdLtHFcvc87(I`|rDT>YXwwv6TR;~0 zF!gR&az>|1amXxm+ZMn(pd4h_>m>_%v3&|m|eP|?x)exCLdV3 zUTwYpY_w=LVele3MdlM5nkYLaLn@e0c%<2h7X~a!RC*(TMP_L{4Z%zCtJQRaB~+y4j)>K) z+3%q}FL{>!Cu!0jVtd|yl6)~`yw?IiwV8+dq<3P_{-M2qD?ZG?T`K?+iH#9~31=U{ zd~#nE^z;B!+hm?mWc5P;>U{BZ%e=Wy5!SFhqc~@v+s6Pu^VQQW=k2}9cFe|l+W1e! zWyhIm=JmssRK7)8Tt-!XK>M|n0TqSZ8OR3!0{f7EJ%m++lnVALNoIL#hJ0q>=?BY! z%*GpKAZK6M4sy?z>&G)KF41b0rHuSr+gtI~avcgTSGcUR%p2QL_VIF^+)TxQ#kVXT z1U~CVUOb0dRo}CDFH5xdeQ1Yp?^jEY=zBKr>y42afq9YX(LPfX1 z<*l+{!F*T_w)o0`EooJ@%|o90FJc}g$9zhINHJVzrZ~uduZ0*pOv)L90{lTqb zf56w|BREl%Vc@;2wTt1Dy!os=D?X0VcJcPOpHdgM`@n?yz6pMtkN87ePvTiI z1ERS@8T(a<9&)zu1j^_myNmlv_i?59ijy`-V_A#aRNo#tWTuQdP16iT48 zx|n>BKJLx`vAx^gYvuF*?zHy4)c^V@zeis|Zkr($lS<_gc@fgFsJuAoyuAA9usW~e zKhF-U5&m;<^^^Q-4Zk4x|1wr4=ykt$`P0>R z=e@JqS@wW=f~Zv-mz%|DN_Q!(9L(9A3Cqj zPrG(1^p?KjQ&t3d+_~&L?+m(tc=Nr^7YLGR0eq$nqW|jRd~o@)-yIxQZ5p)24UhZ1 zAG-ZwcYYk)vUqVjcX>>sv}B2Fi$S-4);TSiS}Ir!Md}x})%mE4ZEf1OeBj& z8gx7TqgR>nvXF`-@C2i=Hz^%-u5EtgIRJ}>pM_GGLl%mi$h}aGPF_oT9ds{WUo3#6 zq{#tG(%C~ZJL?^F2A3~-CkrPR1s)a2iy(Yxe(uOLC-|v5fIWZAMnR;Ko(B<`#oSN5 zLH4nbuyUnG&F@|AV3Wj3)`CLu0Z0 z93$klU`;*Aj8wLvAR6&HW^uR+!jKGAVEu4TGIOsyS{8SDx(*TcJI|l@E>Hjas&fSF z5g0~>h+;Y%2FdBa>Nq%LAz3;q1=72?A4D(%l)q4E+e8IMD7(HI{4}`io?iXbIhC8i zCT^-a-$+h+1?*6=&iakye)cVLOMH*)G5H`!VRwW|b zx0;b0RyE^*fpp&_a_ffcfuO^XZI~3=f>bQ;G5l2jt7>0nNaC=X`P2DKFXUlW|EpT5 zXmD32o#)+?!|DaH>%o7YR4Z9hQy+9)>a11_b*R^UpoZzcs+CHof7yG{Il4UW|D@k` z+%$mSy*NG6FHSKfB01tw67#THIqnTE`@QF{FMH=_`lI7OByliIr37BB{IlONaQ_+8 zxjUJo^RvrN?@XR4`uxdH$N7XUn3D5JY^K%k9``aG#LN$bT*;0Pc`hh{Vj4unZIB@w z@t6^c`y1;k2ofYD5M;)sgu){x*-acXF9{_d!NeI}%ve;Bt*#WT!$y5alFa!G@9|?6 zLgJf*1JMvPA@X=`^Eh1e&rdHdf%dMBd;P1E^P`T$>0#APn@f&$%W6gL`I67=7Lr|E z`9ZuuAbHj4o=H(KCzniU7Zd$d^_V)x$5)r_a{rGIgHb=-Y!fk@f- z>bU!&^ZMlSu)1|i<1Ic*wg8P=mVfAWnlS8nU_r@^b6Cx<-h@vX9`h4=i^~S-a)Lx; z!}x6{3dxK6xSY=z@tFvu9#h((<^dKcY}JJjE&eUu>l0KH^qjMzw=#NTMHoekB^a-| zTu8TG-*^i~6in4%GLrYh?i)Ith3pXCdJ)82*T3H|P1@a*8}#d-ho*;XNQt^R%cZFUs)I9sm!2YXg&g0DP0 z6aOJZIORS&^ifc_e>BDO^Ft!VcTVEf#$`|K)v&Z+Aa7zi_lHXlfeDH^e}fVEnbiJG zs%yngtK`>jB}rQ;6fVJR&c!PPeio&e4@XYhJ!*uyBO z+}lYShjpUHc0hhE8S$^x%DYOx`?CAb&wh*5AG_fI6Gn~2{< z#RJD!PYS!s7*4ViuniuvC4Jb^b7~m~Gy*#!fg@04 zHLT_2+$`Y%|%=dvZGRVWjT_nbqfLF5Y!!V1oZBFUTh_?^J%Za-grMyh$)r*w{ zcig?~^iBp@L9P^y_Xu?*CeBh2hDnq)c*txjmHX1}>^3dyGrPGLHeJf_x@ZW_-Y6SF zc2h2Fx|G#6w>=jEGkf$AIa0<)Z7P5YD*=xzNob>$YgKdUL21|D2vx&}+^~6F@;bRI zhm4GP8u{92kuyW6^z5S`7742GY2>q*Y_Y`K(pMZ?t_@G2xNK0T*gaf@NK}=5lgDH6 zh9!r?QXmB$XYG-amwm^BNMb?qXt2~k86tQBM#O{@CK5Uf12G{N}cw_|NKmA|L)ZOU!(Tq*SF2x&396&$jTJ< zV=YhE;Z+_HZ9z07tL^7OByoghEe-1)3%90W8fnY>+S{zP@*R?-WDs@IPjN+5(Gc=8 z)VBcvz9z`8ghzx%hN8{+qpkUPO^`K6NkSO21a2J6qTDm$;`p2^17i8ueIOn*{V$DU zvK}!{N+@z4M$^(!@=9e=DVL^lQuTD%QmTLW;UrE0oA{uPkcC{%KZuA_@yIYuG&4OvJCTr73F3$`AB^RK zlN-ina?1q?nXs4vJx2VlPLA*(no>zp5v<>oB@>Qms`)L8Vd->~^5AAoRpxYl%D zu+fOYemq50o4!JeQ=v)G;8g6)o!@cb zN8co56xdnvnA|GjD4p>;*t7la3qzsPKzQ|0$j5=;qXfuwNX29;31(Lw4|y!EXyjkv zaUi)>#XAZajSs88u%8>#YQ=jF-m<^2pWFN2?tHuZL_X^?|2Pdpc-;K9-IULMVv^_T zM{V`l^Een!65GD{WDkJy(8o`wlFwX)d^~3HOO~8+pY`dTp?W0JQ@CkeQ#BRAl(iL2argP_m&I@XCaR?R^V(Yp?cJ{=)8xla|E$J4K-h` zt|{xD&TJiv5lDFOjsD2J|DqAN$*%s zoX()mj^yPDS8hqd9h&^Ucf4S12sGqlms{eRRWqOKt*_rc<_AZv^p!(TK$?O2WBK%yc(l$waCiAOgNTd%g91a9jz*m27_{(%Fp1 z3G)vd6#!VPsd&Ot@uAqPDP_@@XRq~6Su1?9ky-X&Ds}hi%%BdA?&{iG1oO^{APX*u z*4A;HDf#=~UR?g|vi`UB+5f|x#<1}41K&3q4fXvfKy12FCD4v?Rm0<2Y>8PAMJ(Q` zT*-f}Z&YyP>hWQ9>-S%Nslk76sqQ90$OzWO^sz*$6dD4#(XIvi7io~aYxgb5+)uq# zfDhIJ!xZcnEF#rk8qJ1%E<(m;q^ST#%>LtDr6MN$Zh-I%${&$ILgNJXwt9zyh53=M z)kmlFh7l^a43qpdNCdfvIYcM-j>-B(?|1{74K8|TR~NnG!?mwe)9-^YMB5F5*Xlil z)`y!Uh`cZbHx$Wu_#IfBlRC6cVmc$$8wsKIgsf@cRgJpl&NcbkB~B1)r9ej-Fyn;J z@-tRk-}BNqmU@CXTw9+BQez|XI~m7pMrwDSM7{3qT~#q}mXNB`?(c_2UI(>Jk``!E z%Hc@z>L?-WEh5xCL?DQ=8wZJC;RqcS!~Lx$Jk2(67Ak=2gGjIXT zPJTo$WRHW#0tuo~5CsV%A?LF?c`X>S_k&w+TKhrF%_rlbtB7u;TnNcB_ze(tj$4PFVS@6qg)BxSen?ok~eVoe4 zlUo)KxnN|gQ%Dl`s&1R^Us~S-tQkQ|^=9?Z$FIRjU&| z*4m25iP*nHQfVkMmMVGnEJuSHC<@kN=eSqvRoDV&-5-G|;8IztDHAoT875G6Dw68j z|99^Jxa7>R1GC>XIjMOaOOn(FuuHOsSqiRIA<2^Jw){+8u!XY7&@^54mEJ=4d}6jx z2Bo+_pcLudQ+9?HJ|fS)-d)6uwZ-nwM~;x)e5^TjAndP z@<)Neq$HrGgnLKhXeE$8cKT<<;elGQ3YfF=%We_OkV-)x^ce#z36hX$OT667R)MZD zsXevZKR2gqZ{fRl@MmLcwQL70UL7q9`0)cjqPrvyeOWq~bohtHb8qiu9ZELmSkC_7 zSbnU*IMwW!wHAY5VJkqHZDf~11PIx(L%a^JCU zd=l|^3P_p+7`~KXdyt>&sHZ+sGUtyBqeBF{Wido1f+LC`cay-I5HC#OA_09=BEdt3 zH_;p}hXL_|lTd- zRX6l!86|8~RKFg9^!GEV`SJqwiwnkG;7Q1VPWO1viXQ!9VWT}StCw@Ac+Jd zF|Y;%$AN&@31CQeU?&bNX#)fb1k3hc4g|}x5g3W$d~ATkh=eGXf_v`AyI-&B6+e1r zR>NIPlkeSk?z!ild+xdCo)1(SA@PDdeJOpn%*I1hr^en>w1GC^PKTVMX*qs0awD=1 zQfI(r0d0j$fV^U0s>lRvAc5?=V&rIr^_(6>7ayY_JV%gAC)O7hYs069LF8XX815jt zSeVtvfqzks6SsScFS;jg(8q8cE?gxmYmeS~{MK4!OnA6Nz?R&=D0qJO34W>#qJQ75`U;52}jWP(0j`X#;D|`Gq%ER7Ef^Zl+37$ z`u-UPPeT@-9#gY5Pj!LfB!b|{n9x6=X7R!zdctp8Qe!S#OQ}<~hr2{d`AN(;o;i3j zmlX_N20=)`A=HMD0W^kl<_7ZP5AkJNVBr+6PVwc$L2tgvKmUj(*J2`@@RRbQcm;h< z3MwSkuzQLxRUJW$`$K#gR~_za`-*yGzBpg-jHqnp8z{SZpbV;-K1u;{vOII70kM2;#dS8M zygXX8B$P2Z*5NEGYYYJ@%8lT@g37~9D&=-UVJne1@q_In?vMDaxm%xZDPyN{i%Hdh z1F@`wuwP*^wmb;?6kQ?Wr+noowzhObQH**9rq?s!&1t6tu}IzG=$_B+%!#~Sg47K$ zawCjJ{)lh)lC8UuASk^^v|P1}ws4{XJ9mPkp&x*u)8e~8jy?dpuqf1$FhCNi>2Aa~ z2zINW=?2nV8Xk9DF89IYIu59xXdfpuR2x`~+FhxYQuVge+Fi%n?u`s@J20_0u;mL+ zG`LNL{$9Al!81G<;i!z-r~U}MHVHX6B_JqSleeqN0@iTnnFP9G5m9@~QM=wzF~53I z+ufl{mf6OrVa*%^x81Z-q!8SNf(8s<&4d2C3jWjAwlGhc?+C``>ZkP9S`%!?fqUlq z1H!V`ruEGP3H-;9aTGH3Gl0Aor3elD0KY4H6fo2C(!Ka)umroH9}vy&z4sI$AnCwp z5pBVp77xxMBXxtz1e{SzXb1^-BsaWOE;+G z1bwi5gxo>M{}k#Gf%6eR8Ker>DZWfo`lPCp8}n1IQ&?Oi-!ct~qq4ysS2KRdyAQTe z-G=du@93vm)-YuLYyc~qgmI#N!Gb}oU(hkpP6}+e_25i1Eq$B6ib8Z|XzORHn$BV9i`jV@+$%j~ zzHS_#1LrzfTM}+S1nqZ0O>#YNC+xSvgbI>$QD88?#K_DBTUhX%khb2*Y(4r z7$+~jzV9X{8GA0%+9@kb&8PNkY^~PbbM5(Z|I82(;ZMdm=w4PG&-DkFGHqCG!tHS2 z;i&4cKRu_Q&~-S9a2)SYI>yy$n>bVd%MqDsKMczJYlq$6&DhY{9iP794ICT+H;-yz zU^R3v0FHwk?##yR&&}Qww|hDsv3^t>=kBHLe+Ta#JIGmoOYSE2zk{2cTjd^h1?l;6 zV40@|VISaPO{t{;0gT5F$+me=-^0UELcxUtj~ru)3Xf6& z<0cqiP=5q`kq{vl28hsKyrw2hRJ!+~bZ=O?M{{#P()!|6O8iM-Qcy>@f+T}p@k*iz z(OnRILeEC>aw9S>fkU^&FfIC!kNeV5AR9W`JBW6Zs1-F;FQ5Yod@zM%C_K=ZKUmU7@lh+13 zM>5F>GwziAhXsf}3x~!QByCOW%5zGc<~exs79WcB`VB0!;Bkz>Pn9`a`#m%Y#k<2PT|! zZKR>i9kd9(?8jlu{ElF;qM|(G)*bwc4GET_+T05<9UWK&%5+Uk*&CFxzl$dFdTQZe zc!t$*XL3TLq8navg^kEog+qw)CnM(Q9#*Y!AmIc`2XYg%{&3^1x6nyAj$&;MG=c<2 zXYQcty!94Ze~9kG|BBtAs)?kDId?;kNI<*H)zK5zCXJr(2~0tO^WOt>4kmFzU9#Xx zW4KR)>#hhz;~=0nT;OF*z0k?RBhBGnk2Fm~T1Jt7<_~b6?Q6`pN5!71J3(kJlw~HY zP-$SYjC7uQm+w+C1)UZ23JC!E*Co^LE%!Dba7ofHE+VegV`=805I2{Lq|vtP4@i@4 z7|`U8F*zBNdEp=VU}WRBO~*V;7p@z_A=n$@Fd!f8yOBG@363a?;@SpW;PNp2z#YOV zzPPSFKMCpcEj+@37o#vheaIHOfdX=FSzJWVM?`~&jpr>`O7RBTs}%}-rOC@A|IU_s zH-W9*Fx(fVw;A@NhH9=aqnbh*5R`&pdo;%x3`p3R*q|~cXy(?pZbz29ogZ1qcGv^m z?}j*AkAznea#IXp^uSVF9uwNFP%m6JI`@Mqw#OX_Aze*Bak*PE4#X(1S4K*3`p^yF z`X$@Or_IBdYLB2vC{sXRSK&UEIyn0J&rY)(> z3>=UfQ*nL3zC3(D`$Y#u*8kyyG%6kh8O`4S6C?G1=;(w6cSaFDDP4z~QcujG@-D?v zq|KoT{{%~3--3lJ_do zl5V7J?6EI;euF2ZJ-8Q%FlTfiLE$ME_>b(~C2hPm(EAZN8{h!a0t8)_^gN;$WtS`! zQQ`+LWbIhEI5CgauCdeO-Xe}>H^S02> z%F}h5*_IX6f}&VgZgyO}@dk_(ucZ9vznsTE5j%WF9a(!UE@`gQpZ)MR8??fUG(l=d zat0EX3hLy*d^T0Kj5Y ziu+ji3U%2zqQVNifM>I6RCxd{OJXx&l{Q)IbP_^CxIr#}hTef*B`1UV7L#BxcCkL+ z<-B<>57T=w3Zn#V);hJF#$N5H`Mgu5!k)F7I4pQ!JZi&cxfAx|YY$;AKPOorAgy_s z9k2bMKP@kl5~!$qSDWxdA-!@o?luAvs|A7wO>vTvbI9HhHA5tu*%9oznVO*T`Ud z{ss2r$)6T|J0Fi_0o<)aDFmJ<62t&AkDwRSsVS8Pe#`=IV@TPEL>*Ln>e}kt1>SURb#;|hjS-*jHus)3(?3OaL-B-A6UrIw*IT=dHk8nN{AjhX z-`KJ|e*{j#;pmdy*LB0uCG{_p@0H?k9CfuA8+xU~<00rXNTgr9dbm*v&u|1KtmI=j zE$06bwOiA}x|HEhZpm!h+XJ@`RjG89>`DPOkt3h=HxK|yJ9%Ld8cI*4Gxffgsv~cp zWmKdjAic25EVPp4+t#K{-N0i+A}pHP;$XcodK>D=nx%g^7if0;M!|;keCXn zAeTbnE?#u6@aVpxUpMlV81IEm4o6#+QCD4(1XFcEDvN;(pUCHj8zr$ICXT{su(sl; zOAl!DPXg7(b{01&Do(u=h**}(gBX=+h(2Gj?cLOib>Jrc8Jw#3-Q>hfBa-^|@%QPm zDU8@Q9iZYe_?6P`Pzn57dWyFgQaq^WHoAo){|pN(Xz4z}VQ!MRkmN?^2MqwLhJZHo z7xafrSOs4sk$Xh-RckAlMXi#MRQG}$3#{KkM34fW)fFyZ3 zozj4n3Z1LUL}{$`$e6Ksr30B1l+R>Kk`(2nLUUHsV>n-MQqYr;lCk=Z zLl&8I<`&LsJ)iuS${~cP)olZPqp`Qu{6-u71bMnCPBTOI0)-axnL&8|hPrh4&S6eH zcUk9_K3j`aiIz15c#vuUb7A=aGD3$TK^1a5ldUykS=yy=k2egXn|iOLf|fW{u+w-3 zJEfdzvXp@5$ab8pHaS^K`aowd>D3KcY^<`F0Q_mNncR6ct4XbHmE8o~8?oG^P!L;I ztjTV7G}>|#7b14m_(iZDQD;3_=c87rxau5(TO>LT!z6~pgHT}uCtYfII1i&!COA1^ z)4qV1gu^77)B<@Rl9Fs3Z>SB0Y(&syoJ8YpGLEo=l#_u_IMbnUol)*q7|OV3fvq#% z#^{j!C_Y4>DzZ!e02Qwo$><&>sfF};RUu4;Hz&Wzm>YKopa-+I_Vpyh1{nj*i4I6@ zp!7rK13C0gKvs`R+pa&LwjxFu3n<2UJgTLT;5cbv*ZT(1Y4&l%YM&W;gy%;`Nq7XR zhL#PUAW((KC&5xg|CYa)(Df^sqNplKs@C#XLJhO6#xB*L!h`_BDm&xy_w9`e7n9B`xFL)piWdq%F zAHWTJw1MtDXZ|xA=-yLDM^{elNojb4EH;h-OegIm8jLs{5? z{qP*>%0MM2f*8wx!7O~-Q*_6VA+JX2X45_K2PseZaIzn{5ts#!FHt;lyVTG0;RYr2 z`ANvVRme!8a2m&?%&NP)1Nh|826Ir$`%SjjYKGIQ;+;W zde_Z-v{DU~-?RG14sytNkDzoFa$q3zkAewXwTnh!m>B9ZnH8d4tGY7jqFQ_?J%Nsx zBjFW!J&`RJz42fGmMFf@@cRhXr#uSBEu2n^mvL0q)Tz#PeO(z({~oh(kpc27Uz%WvKV^zijAp!5u=CtZnD zKW*-|;s-pvb2SLLz-5Jgte5J@56;3<>`_^HP-KvqLn=Rxv8VhfCfWIUA3Sz2N$_w4 znvHzi5Z^;{`N)z&&b;2CK)h6kI7mM`bhM=l&d7>WPU;E#PX44oz`LdDw%`uA$dn$bB%=|WWHyZdf-&S~|P zAr_fXpcj{C?EoJS9wx?JCBgF`2!j%lN-$Folq-9HEyjubo`gV53*4z{hU*Vvv>b;7 zGV_yh!P6T2C`5=+ZxEixsp?1rq`^BWKJiC;VIVdQUCEPt3EOO~g%K<01~hppR30MBk_wC?d$*nN#WHh@quB9REWmZPr#tyG1UF!yeIQ zf>VtaGsn;FV|O%pY$QyA+bIIET3jZJn)JmS2E=FPSqj4Qgd5uB5WbRUnP$ghg8hKs zf{}hEQVl$6voMG%uG`^0D?L!aG8Oes-Q4rnP(U-~e{r;fHze)Fa zk=4=M2rr}asWn_Q&%}NSHrwe>bQasMZa51bfaF1OH7o_CBCA8JtTk4?N z))v}nK7HEQd#WW6qbyIL*?GPvJR1~t7jrg0r}Gi8BY`+)DoG%h>E#AwT|JhYtz2h# zTYki{8su5i^2P;jB5Ss_{R*9TQE9N^K*69@QxvMiuvkMi(wKA1t2U(bEFU%IrUD~@ zeV&;|T{_Ex0tN*g;n(D>D8)W9DIkr|PJ)y~oB}NzhXWRA%u^N3IcR+54tSMWeYiB) zuD-qVtl>Oy4pc>TidVGt#Hqe4UO7BU8W)i90*ODnQc zH0LmNklIMuyG}@hRU}z`;>IU5Fh*@Lab(9N*^ZG^i$5WoWg}X|c9jb|HFw6lG;xNU zE#qA=zZSZTqX8X(lJ(#k)DVDDw_2U-4rxR;UOzlKapPS#>7K~G;M2A-nP*tq!By=j z%0h#JK02Vx;S|?iIy}%ic-TvWme8Hn4UfC4n)pA3$-1QZ;Nv-a%7+mat3^i5WRLK zYupSST3K4OlL8XZ0rM-DRBPMdUr3R0G-V`Y2}--z^65d9R(A$Gdr)nP<0cz%2nET* z#(ov#K_4gk$jgC8Gi%Z<-R(3c6XUYbbxDivg=LD{;J58NvwrRaZ z9ug_rf2FUg%Iz)th?#yw0HuCH8nqKQ8OMZ0dem7L;b2wlf-$_+sxHzrkOBnjkb`19 zx{v`OBUo0(+TODt;6#cMB!52EYdI^XXKk1<9!O!7U8a zf-8A;k@SPZlq}QYE6Lb8K5R=+Uid2x&!AYk_pEepw{)+~Rz~V~&+tu+QDxdsxp>9F zvC&=P7`;L-X*7^(@VQdqi6aHIhi=oP3uzaJFc$2QNsdzksQCO)1SRSPL7)~$c!s0i zAUxMVFHB0p34m8DFVT#XD)^!6#uz!pC$;voqmSyXcB8rHAU~bZhvl{M{S`%Q?$EA|g@>~@7&3l3e?pF&0UEjm0T zWTl%cAxJ968Hoof33aOIb0HVf2$+FxIBQ803Rd(tt?0G8A{} zd6(wH$6tN>t#|m!Od@|+IzRCf3=TM@UK9>XF08zgWE~^A@(8(u0UBTz(&)mqXyp2E zoP=-VYp9!%Kh)H~Ggr#!%F}a*UQzEmY~pFTq#~jgPOpfVjz=>BZahyd+pRuT#)l5 zB`I%jN*>nr>*$v+|OHxtNk&NL`E>*po zXJX`!Q`-)!Xo6k=DV?}@B~X|UT8L3h)Hm`VlvnKBtjyBu?V6j=Qgf8lKea|3_58ql z@%6N5@JzD>T5hBcj{}+$n^(d>TRgiK;U*ZCVjzVoqFa7sD@`a~=Bt-y-ZS#-BL`rc z23KtcapIs7*si2B_bdm6r?{|Qeo|$LD)N3VRr9AVP?w)fDwm&FQWnw7N-w^Cv|sBy ztEMfb^;M7y$lUdmWZ%eNexlyT&zud#Zk1Ul4ZMUXk!Gh3V|;0CZ10+O%;-DO-IA_0 zo4fnXcHN4O{w^CAwWW**%iH=5T4|M^-N-reco23^k=ska(RYy6O@`{tA~M!1=N?OY zv(?zQQ&xMGJrbp%LeUAoCQd?PGj%+$46U@cBj>N@*L8PiF!xwDMpY` zjr$&l0Rl+W$i!tdD#a_X_i{tNH2<2zw`PA`r}l5AE_DTbFN7 z>GJIxcWE8v<0)M}zHyh2wJv9JX!_R@GZ9zcUYd`k=Agh-bUb|QyFt#rw`k-1(8tH) zAQ|U`{+u?J>&0gK_JqR2H0<%z3y=Xc&Z(q9n_B6W{ z-CoT+)o-$h0j+oi`y4{8+3#s&!Qvv134sBH=K;v%#YOZK?w?{yc?$l3=Vir8TGqX0 z=UHR#DffA5wh6+!ZWpZjgkm&V>~&nf!nkue!s=DHtXo{s1`|gS^qKcq&x3e8B3csm zP_r$SKm|0j69;Ptz>Ju52wwC(=`D>r)T>bH?L>)Jc&l_^(el!J?nZFt4tx)Isw+wX z@T$eTw04?N5yY_!iiTP$s0%l4`LTRJf(J(;V3Qr9g3vL`EAW&~a(qw7?KT4VVH#R| zVDx;*d7YPDP+saaeUhpg+pgg{nWB5b*ULzbZol`Og{v#*PF9fR_+|TijPCWbKUZgh zjk`(%%gJ)EOcQ^*b~sVZ5LfJTwjRXaX|Lc%PMGaLM7hZA4bsvNG8a_pY(Mm4aMmgF zOVt#_p&`HyESPQBdOys_mN_#!g23$pa)BF4ilZYj>*W61(wQpaXQ+X?rhO;QQ z5*tE{)-+L$X3KIOhjOQqyf7uMPRR8ca(f<;omr$`syl7SULtQTqE;2JDS+20TP1lq z(WIkw4=f|eyO~Zci@)Z}WTMv9XA31yQ@zaOoNJ{F9478J5i7TKjA0*j2LtR8;m%W| zKj2Z+&Apu$kRO3IfqYC6j!(D-g~AA8O1thjhMXAS{s57w4c>5zY|3aI^+$$13 zdrUMYSOvMEKR9H04V+u#=e@okTzoprOjGpVJs-mmug%07mhRda)(38!_}w=68hkoTTHmR)JB`iPz^2Mzug$IozVk4w z`Eg#BHNTu8YHfIu$FhW-SGL;Fr)(>U)Vma>E$sQ9l4d|ln%q5?!Vs^`of?+&@TUH0 zUd}YS%w$OuIq@*%N#*Z+Y-wUnnNk9^q5J@*Kv}XIZNpN2E(vYzQBJvS z8weBK3cwBhfy%z9=6QsJxRO2Q-8^K8W*StSO}+$`69bjdQ!xSmH* zD6Ww|A*;@tkJE|kx{0^~08kp46nUh}Pt9kV9c5Atcan3X4ej069c=qoANggCT|7!2Sf(l_Uq6h@ zul<?rx!Sy}#f`M;@G(E#HSD$0XIi;x`}Luu(4@yl+|#-TT+Oz?Q;vUIiU zdZ+|v6paLE!{OY>8vnT{sfgFl9 zisP>?VbX)KI@$7`);$@9G&n;vo>-$B+eXrAq9-oKYFgW}xVj?0eAe8pSDoT=*Ha5%UO_g9cJp~_lb)nk zAaB6v++(#cYy0~E+4*+Y^zVOnbnbl{(EVm(pQa^pzT=Oa0uNK5kGkP-6vo&oJge{Q zvS%lFFmwv7eg1be8ajoo`V;mib^dh<1)AuR7LK>2MwQc|iueRJ8G3miR(n}?nq{f? z$X>^4G_xwqsY)TILa~H2NbvbY${m21w}s2m?i9|k=D%kRS-S^l#Ot+7c?4O(6*#;@ zRTkOClZ4z|hGorx7<(z~XA!ab)PmDa@L+_axZnqV@{Im&Y{yVz^o2Vd&<0hfc*S^S zQqf0U@7r<9r~@KoyL<^t@UCSgn`eDlM2HUa^;!nH_tVf71whA%RP$M$%X)zY21SPM+bxkbG1o{aE4>cNg3 zq-Qy(VO6}!o(Z1!sE?C$glfOe^zW6t)O^ra(BPxm&T~FRawU2mscdkJ@NwtqpTWBH z4O;OvBZ&~z)at`ga>)k`rO3nx*z8UjgXDppW-n54XrKC{3cJUO{XGRvVj(cJWWi@*x5yNXdT{1PVE{)4Ee@9OPK*U)~F_<&(k#7#=(rdtR@Y_#WGb$(w@Y|Ys>(p zm^&Kb0Maj=xsh6Rs;KpuMI&{5PzG{(iUqHq>q!$ah!xhR;?EDA7ysm+}V=I zn{Ngn`u6~_*D8dW6O@|Cm=d_(YVMN537Cpv!E0E7;7trZTbl{7mW17T6q%Oo~76#jv%dJOs9kfsDIMP(DphINuo`lT2z1X!(t;rF~pv2{ez4qi*Koz{A(u&KW0JwGsX<&7Q)ZK>m~@LQ4l5I!bX%5=(jgr~cged|9mK)Q+ z9uCfpQLWW!Y}YnB&DIMPMo5mRRu8y)G2z0s$xg#q<8zsou!U^ss*pu-vx_^NDz)yS^to*}#DlK0LmT?;J z#mIeSj4Zm+(ji?G(!QSV&l#f6CfwF$2{%Rh1^8U5aHhz;aNtR=9%&*GoE;j$R@glS z>+@T-_f@C(I9rrfWqUTQe4xrku_4)&xU9uV4PO%aSz5D21E}g6KxX=5W7~mpk00Vo z*|UYNSp}69J?XN>$adJ&HDf9yON^;Gck&<}}1bD(x}nBMnrOB&BG&K6=>qdZw|tLAdgQLd>QAAUi{<--sNC6tzK|ZIcQgXXDJIA-vr-1)E5ja{ z_EXg)fOScprDB_R`sSO|Ojb>zF(!WYE=@-iLT=>6v0j1dz&kh%8=X|H#_rfy^J#_rtYX>vRv^3sl+8dFZko?PdQ;QY@IX?z?c4S_ zQ^g39D|<6O8lHN7gi0grohI8~y)wo(mvFwm$AIlF{`z(J2pijQxSu4dm2B?^_t{O>m$Ff@g_(phKd(B zXD=Ve1)kG_zS{C-H(h3r9v`<^A#rE3Rj+j#drwiT{`KdLR(%U?HCpw}PP5ghx9>ue zu_?s)RY=&j8O5foB$}x8T0KCDmpg$x0QT*k_-EL=n;y=?==5$Nvznc`VOvC?=1?+S z3eLxO8Gdy0O?qX-a>M0Kj;4;-u+)CG&tf>~<~@tufNhNBdbiz)wR^YS7z_DsyA!MW zZo83|_+A!aF9T1O*C{z$d3`NNXw!W+)*7~Yw8SqBM0rk`hlnP0CwN0I`_H9 zGA|s&ba-Ahn>>P&SyCtkHE2=)9|-7mqo6?k)9BHM7QM>md@VU;Th3Ai!!A0_#BDkl z`vG*okB8UuG}ezj%Go15A=&Is>|jJ@aS--5!_g(J({6avzCe z)f1;eMy_9Xkac0dkfAuq^DI-;X;T2b@nAp*Hu5F?Qm5d7K#6COVK^N+auqkA{WW0N z^x$}eyME8_nj{+aWD>nz0`Uuj+|-!$fo7iAW+H#K{kI#e=HEW zpN|wdzqL`NCwwOrYDB#+77RNyitSLq5n)P91Txoh(ybr#K?F8~P1+g?u-%R{RF0Fh z{-xYWEYBD#_LflulMCsL1rO%6(6iR0lrcsGeruG{~zPZW_i0F+5{; z=GGDB=HUF7tO_HO5y^Z!i|cZ2%qfQhE%QOAwRtax13x%rv`b^43+%;BiBF-l$H%k~ zq) z-%-p4V%j`ri&wsWr%6~=o>{rsru24?<8UxetY5{^0kB>9qvI+7?p;Y7VSH*2>0qw1Fi;ld&8pE_A|zyc9Z$ zd@b_yNncS81#z}NWp1P*+v)^x7o2LwDiaajtf4tX-eOtdjr5BZ>l!;tt4VW*A?6}7 zh0Br65M)&Ahcu2;R0O--Xjxt5=^|Ol@KImZ7N_xr=7^W+6h-$^k7RiYK2u_}1cK`scy@>it7r)I5xkPYcwGekMwyu2Xy|g$Mdm1oMi<`ubPhaY7CT z>m^k3&{9=uf1r5Zfp8{!upf-E(MCArSzBGp^X^9O<6@aJM@qKRw{Ua}f+|JESo%4@ zJR<^h4lq+Zfwr2PAJ$v?)_@EU3N|#~Bd9?Z|-cY2n;Q1 z%(iY>x@;WYuaOWUo>jvpsg+Xiggd}ZU3JCaN$v*N^Ign&aCtd0(Hc;^mF%EC4d zhS99lGrVDjlBjJ&%>9DC)ssIEhE)Z2G zd;wE21(JqmIX`hrAX}vj{(cNeTyc=-5>%4}3Q3i=bI5_T4Qz&5SQDsqCRVa`Hy}^k1+YC+A{%xrz=NE2 z!AYV6)-H=NY8Z}#gr3?nO@##+a|%f^kft~v6t6fqf+shdK1hB1{6r2?5KiEtlrp{Q zU?4PGpI9+sP?qnnF*-CO0o~`s#oR)9$7XMmv|>S9n$@MUgvkF^3_3BRPC7AS6Ziax z?&0Y`-$nW^t^g5#5Ij8r3~5gBX|o)+2q=etxdc$vEL{(^8~RkdRBeBg_SnZuQ2V`6`1mmH9lZr~-LYA*4 zW*JbY8b;Oe8eX5Kbx-?%nJCq-v`kcNPRVTU2=^fE#&?mfc0nenY2iba0(uc4Yw|k^ zaWcjPQ$<6O;UYu5noZBYTyb5 z4^1N+S5CJ4$a)R+Mz(q)4z`qpGU~RSjP1U&?Sc|YoBV=kZlv;G-seOmrH;ap^42gN zGhJygAemQa5+iHg7S@Y53rZ5#Gx^qL?orl*_Vs1l7b5A#B5B%r@med=a3M3Z5YN3L zKjmeRdFh;s_xGuP+%EGZyX7Td+$uZ8t4BQF@r{=Tza_FQkM!tgUm{BSiyy9KV%fL& zXs@$(u`}TH_pgDDNJVzJT+=I$W$41Ux7@C|31 zEX~cprVjPt$cK_*773LKFgNhHfRfUAgriF)rFhV`&a~-l8o4tS!K2-QD%@>ywoQf^ ztt_^x6dPKnmadNc3<>m9|4y%3b>OpZT($Q3E?&iOQ%f%6O`e@wWaO4JbsO2aEgOcy z=9;9PW6fq>bY)#|eGc^ej2kt{&V36vXsKmkmcN`jpd2oF{73MfWFt(S)Y+nEp`4lz zTmDNnC-Y)bbT7n{+&vR7ch|jbkG075j8leTuz!s=k!+$Ve%6DJQZOhG#fa zshBHP0NQ3=0X%VI90;eD8`}|hKi4v}71HG)&{7IRibE+I2Ft)s4c+Osr)%n5C)X5q z{gzhM*Jm06#PK$tEnv$GHcIg_Z;@Gy(lxDT_Mvg2Uc-oHX3x+;im!Prnn|c^%xr>x z9ykdej+C$x>0^7#nYi$%yItuXXNG1)I-R0b!E06VvbvJZQlnSzZC{p5t7eTr9$^4p30S%A;e&Lp`5NtShh6IALaWcEUIqs>v;!q5qtk>B?Nd6Eckk?+VHkD!$K z44CR&ebk$RpsIF4cIk8)(0h5lwn=fm)lCx)98$l)fo8K2qAQ4Vrs8yfXhr`{J9SH5}l_|zv$dU&j8?{dR^ zH^M>MTvDy+x!bB%Ye#$8rHdZzv%OTL5cv~~;_6%=8`0q{dvnWYdr3_IZ$; zzvevMEuz$~HXW~ez|w|1gR!#xcV^vSU(eM{N-JPQ8ORlsC40|Q544-(FMFj4R1Y#C zAKu0Ya*5!a_#2MuQ;anFU40UAZ*Ddsix0cT#}?Dn?2`l2vS!HX+1}46ZxWI;XAScy z6;n(nHv^5z;kCys%SWCLUUFTf%wIxn-6oQR=={X*o^Y4b<8a`2sQ_b{^TFq|EGa}; zrV{cR6sS8gkO=q=a^&ArqezOuEOUrxc`ZXo`^D}~WADQ`Z6Tu1Ke$#9A+#A+=93y} zKAW^v;1 z1cKnDW|4b*>?gxdl$P}2?k9Ri; z1Q!+?`tT%-lg6kD<&}uKKRzD#-Dl+C{)*O2e5oEjZ?!f8SF&4pG;q5Zz0b+H@!)+J zp?AFT;C((JIPVw52huSLTzS$|BdWA4 zUdgjNu_QAPBz98F9ith~*Wrgp5gjOFW;Kz3fJXmhn9GVjQXN?+j)JRaAjs+Yy77~j z(+m{FM89?%`NEuqAh6%3GQ+wE_{_~V_&_1egih+@cnPn~{(j8jN zHaE&wV<3_@X$|3Q8BZg-4z=a6zH>YdrhG0yl-HQXMeFY~kiA9OZgS>p$vB|fLiwoZ`*ae# zD7jT+O+?MBBF~la>1QgJigM8`sCr9jRQ$WhqOyqS79EQX#0|W(;EA+@Fbe=-*AH3l z#9SIo zB}4DPK~4%!(Kqy#GgS}$gKKFa&-b@#ojNOvo2nt`8;#C0^kMx4s_ktdz#xzDTSw`- z!3*l_3>#c*zsMd|0+()Cl{6SNdo)J+L)D75U1gRtNB2ZKxG?Be7k^ic6?`}yAH zUTwF2uzE<(?)2--g2Upqk%Su_Wq8eKf%Lf7Biwn0pT}5nsSz)r$eo_h+oR4f_GHo? zIKJ};AJ2~}FDn)8@W+2tuy=QK7HrHm!073p+84?1#{-uaN4uLGXS>$-!d*|atlCxEKeEg-9B z-Pz0raWbB53$c+7 z7W&<$E!BJe8I&lRbJFrS(0d|Auqoybmkr@)KH=N>`L6<`gz10Bf zAjkGh3fDEzm>ICEe{n4hc5|m*+e6Ry$+AUcY0c@dVPG-8(mLDR0X~IJahd#!zH;xy zz2QCY-m`nVY}Lx*%UXPu{ZoRHAKWHE3DFpi!YFZr1UdKN2Q>#C)DIyj^!)yq4m3t? zgqa8Xc*K;?bOFk%oWhY&lk~;uo9S#-+#<{~B|(Gem|ej}1GA5-Q$ z{r-BoY(>3D@dr3trOnb{MRFTWI#>v&op`hhBN{R?jWO?3z2)}g4C>rO%gqJauIyS@ z6nj0(@Aw+pEq5opFmdylwa*UiM%{V12KxP6Pu<1?;Y*ejRwOuP_j0+Dfd<4-O6 z*Cn`&M0#4eLrgTiBG(>c@j@`XsS(7}C2o|Yjv+$C>R}I^TC1Z}9sp^QU*PVT!WFNX zunqj=86J#q6x-WN4VVarb;1ig?5Q2WRBwiHeuC;L(8jk}5c+w{F?&#VfW?YS)l z+@xGzA})1JW(Ne>Ggs}9oVe6l;m1^8@d`W5r$4kLYtF^^6~|eTp@xI*-e%ys`l#M&gZ^NCP*r%5Veg~{j;y7aN1}?1HL`1JZGWE% zt#Y|i#=)7cxP}8yZmya#FB4F_qc0Eno(`iV4?mM; zx6aF9l-!(;!zjtg!?yDCGntsj3YN&{o_fdPjKRUSN;(ym{hAdAPWx ze{$RO)^WNqy>)=MP4B!yJZoT*7`HZ21Ua48jCT6GetnFi%Q+`j`sR*iHtpfIrZ$E6 zDbKArG;?ybHrcalG^G2^^N~k$OG&XFG$2Hfhi>MD7$;Nr?Wr~h@_|0F1ndhX)F^Mv z&Gcv;(P4JDj-;OOONj@lE6OP|8yQV2rbX!5`(K2W0)zzEKt|v@C}<*%4ag6AA-v5x zVJIV)Nu*s$D%6{G$0|3@M^H27NQ0pfdal?b1(Y@Z2%uVHkn*u?s(2`TE0m_Z%$rDh zkWnp$!Mb%G1|J7mqsjBN#DPQi0&(5&mKf0(tZ_xI6JvI`lJ>=Q`O*f+AmCi=X+qR_ zR0e(nF4Yw(g;!^(qFF3!*D&>B8d{?};o%H@aZYYFwD?_T4&_TFy35>j>DwiL3DRWsItex$H3hP2gPt_I^o za=qms(c*U3gGmMZg0N64=ZY}Dyy23t0-Q$i>nsXOCmE|k@9+A{BG#gFltod$NFsL= z-sfEoHWRqE7H|snwoj;5!mbUqyJKbIe^h0^2bkkkL zmU9meVvLaFR%gO}bF*8wI=toKAw*5tGS6wWz4k539PSL#a@2M=r+8KW zxYMc~Z8rC|8&6?HF&SqQD$?Yz%x;R$)TcDGn-0sm!c+A^)0f%O-b@+TrY;+oa@^Ub zb2&2Bb;{FOE-?G*9mOMSqg{*X_^lbby43V>#vS6@8KUVOD`?%=Ds}Kx>j%0`O4b0@ zRwvWGv7Z;$)+Ule=c2fSB2?z8t1dIHtdwS+Zjy(I1*~*Ig0dYyvVBhS2`u~Fi;TE2 z`@-!{_36;iH!SC9riaBWPmlRWWC3wClcT1ZYi%=Sm`2e|=Z0BM7V{6)0^(}sTHyMT z-A4A(aqJ_NOkc)O%`5Sleh1ectOCOrt=-h}GTYcf#;Xlj^H@y6R6`@e8DDhqi22ez zNEau1VBU#5Fl@u*^gNBA_EU7WpJYBV+M!N$8f398OL1ic%HNVKyOx|vrN5LmNyQd4 z)Wn3|S|<~HV_$mur#d~W&da4NPF{Lx|2U<)^0m$w?DN;>!G~9wH z&K^~=Dd)bk`e+q~@y_ZyYc%{;oGi#=wipZz#pYvjyGIW%`^=H0!q^oPn+o$dzY6pA zyef%Zhnb?1Ox0mB^bu8wF`ad$dO@(QIB}CPOF?j*1C=HA{Pqq~76sP?$^Gr~gJowk z2`meUtbMS5KP$I))`8AbPOBLoizBZ5eKqrlX9-+ub&gm|((0()sdb*Wt1(T3k)D(E zSjXCCp3kIE`HVw|Q@rv;c!o?iZA{Y@-dQT;OwpD#w{xgogattmDz)C z7{tDZquc719W7xsO&1|oCKFEIG*)tKdRZ{dT~I=iK42TVW+H5Lj&^Gwcb>KCwXL@K z4vdRd+u}5_Kz8=}-d3w#Yd81ypS5c3x(T{f->H3E-y+X8pVeBH&RL7EKd-l5=uNZ< zal1Jt#IlxeJ|mex%_)(Pqz`JFwkfG?W=~0N^O{pq+nhEfriD9macfKD0Wz1jZ53$? z&9W4)z0N-EY5iiQea1xJXMCOU3m9trkd>jdoIBNn3aNeoIT<@4Ridor-EL3+&Qh}S zs87?Cuo;S#X$O!`h7#0(wC=h7pm6PD0XrJpwI)v$H;qf>!@cEfo!-q!4m)y#J5tv9 zk8wDV&f|+HPQnN-gAzUP7`t6b^)g5xW^TgLT>7>=FSI{915UqP;ue8?7vk0U>z zVM3^79%Q~af&4J&MW42+`nk}I8ekVzPhzMEF7B6r%b-! zxJ_jtHOXh*17zi?lSshqIBO_Nv#_fUpQ?6Y?4++1%S$mI1>JwNbJs{_Z_ z+GeVv708QLQVYCVH`A;7b`^D&=vDClYR0-)<<`eOPN33d7gkc(Bdx&BkG?Rjr^a=w zN25&7;_|Xa`me05NIJhZE&38w^|PtVSkw_w6bjE{v&gxOrr395@vb&AFgvAlpyu$j;cfZ++9A zO3qaqhA|75fRG5~{#z@JJ>I>)3FemBu{(2 zXygY;$hjEycyhA&f<<$)=v-c)KfEl8Zc%GP>J?hPv%spQhA5TXt&Sv~J)F4yAkHVc z;gF9qP0H!D!Cahb-^FfuT60d_=U>rI6&#!Wh8Y<@pIVL@WBh4rI`T65Vt=@%3ZqWx zo$V1n#CEg!HioH+5ZeF@Wk?bvOe1<{?F){-rbhGy$KRCW(JdL(=3hOkT4mg+7z&i6 zTq#PIP^{b-nHb)ger4>Rx6CB3lM!x%0X{7yjTYJtqs}0{b4BbL;@Jx|gIydC_HV0L zj|A(sQ{5{9SjU;k;m%GwL+BbMj`y0K`UYzBgAjs0Iy-H7Wshkj63_Sb01ZRW?_Gkj zNN)jXZm=XoIB<^#m;flFX5{z%0Nhszoyr$O2$hT7GwdNhpsB|q(=4BaG}tf33F<;&DwKr7uA49n(T*P{IKXD+rWhyu z-K}x)Kmg3a#7bj>hjl~zK*u!)7xVF5E7^|L?ZAy=djBwIx0Uz1{M$QSF$SjGd1w@6 z_!&=0C$!UOcj|lfmOZbKF&7!`r<1}Way@SbV-{S`>%c2Yzm#L|h8slR+J5Iae`tSTdu^FnIhpDOrM5Rv^wgIKji$BRx&idQ>*CbRAWy`C=w3& zJ)N8}aw9Cf39~W>+y*5zoNAj>r}a)|)i{g2etWllQrIE(wN8v`LsvzDRnqAZ9yH&i zRc6i%23eGxaaA@T!q3>8UJfF{PykkX{KIh!UDPo;!; zXU#$w*+bvXhiDLdyw*4ArV$z5X%tuCF`PU6I{WoC}mRwi)@V zKOPRY{ecljeL)|`RogIaB$1xQ;W+BzZRL$+gRDA)^Bv_iQ*6kqcNmFvb)qWO5$9Nz z>7YLz4$5@bFQ@Xxu6X2wlKKz}Sed#=K8Sh(MFH2Q0ObQIW%L#&uDK{CSDhDRvuomW zfYNC8}(^5;Ffd2{LrNmsT}-uCSL+23!-qG z;7DQsYc}l}Kmd_)SHfhv5iJ)uF17_5O|_#`9hoxJ&{jT4l2LlHFH<|V#}sr+NedGz z2RYKO?Nfh5(GhZTR`mzoFyE=4+VI=B3zFN}Z#9Y7Z0tQnyN#!nZerfEgGK;pDPUXt?DYYOwC;W07FC!oYd5g6m`Q{p_(x@cxKvyL3=om4ZLJX z!W7K!fwYbe^{8>pwrKb;2l_5K8Hi_oo@D^BnHv?u{d9H_r=4jmLo`^Xwepoqj%kwu&z2~ivYyA-xWi-a zK$p7u9uB;H_R3n=FTm&ed&Tg5nNg)7#a{}T7i_8bDm=>c?($U%x>S;+T7b`eV{vIM zP#5-K5pY^UMQZlDr9@pO8<6#N;s$*T6K)5_YK#XeFIf3N%9hZ=qk-RbEqA!roquV5 zAF^4zRr=o%?bCJffqUjQM{q6lSz8lIk13v2wJZAzP!H{|V5h4>#V)yXYW%8_9Zh~r zllH(MTK22!@A_Zc+kV&oN_Bmu zACHfhE2#3odEa?Z^j9Wp?Dkq6VcMTX65L9Ey)aV8NO-5HkB&zIrdv}Osi?wdI+Aiy zF=eBZC0`0dT#6}>r#TeTxfOFL{~SlyJyo6>DK%0EDR+ngT72jf%;7^}FdW1-y=Vpl zDPyF53^8)vcaVcL7fhvOogrZ?CFQ3KB#?EJ8JHeBXm2bjxi||c*BV9y@FZ zqsfuH0vdbUP5B@?z1-@wLah`r-XcYe?3f0>-vFO+5aR?%03~AqQW%))F)9ZXm+_f9 z_{fcXaO8CK297!dD}_A0rd&Kx1(r0GWR1!T&qBjg6Xlly$_FwTEXt=gFujF7Fs80ju__fAwwAPnMXl9oY}YnB&DM*f=k0o{pl)~?$@SK0 z(F5ywSp|@JjIpSt#!e#d_LuEIPh#2fdM|>wmcrX zBl%A+g*)rUP~Rf6ZyD|FtLerz)o3iCh|jVUOKoq}+Rxc9@LWjs{O;}%}A5nygyq#FnJ$aeoAy_!OIr?^bE;6|?w+b&%$8rEdN z%txISYLUy3$ywTh6_;(vfSQvm^Y)&50@zBmFoU`9_35yPh8r;h$30H0@FM#(Z} z9%eAH&Yp)X>f9DHNMo3d#I>1W#^sZ_I<9pMWnEg8=r?#_G zZwX`BHyis$ofrFc+y0_$nNIPlw!cs3qFk=nR|9;k7*f<@p!4mnXIwQp1m3%&bMM>E zl+G1ElWF}kf+?rsD-|I7eh#jXPA56JVo$-3Ot;+QEpbI&7M!D_y!cx|YGgi~Q;rYa z5fNtaUqxgS{m&+4yd1`w(ANb9m+O zaZ+!O6PI+$=P<+NBUR<^$lv2;2%By=D#CZ*gELKPX1bKj;UJ=#qT>@c!d{uMPhL|r zWry_kL>@bOh58X5A?I7Zw_)U#jBp=cw3EmW`cM>v05a+nM0hlCySRfdlB%=#rYx<+ ziz6|GM<-!;il9QdfKA1L)I7&EI~-DJmxu;t^A*)~19Xg$J5Iu(oA_OKFt|h>PH;5z z1MD#sA*6DR{f~4g>Z1@M_~ZV z|BRW+%BXXKBTVHD3NZF)49#fZcl~5=iQ*CN`n^l!Cx|pGJCeZ;bU`w1D_xRV1fkXn z$z87z^uk>n$8MilEM}=eo6X(*X1mT+AzIkcZ1$|avzw_dxgHzBBFItLGtb=^^>Kj7 zX5i5%D(|?QrjvOP2}=!#KXB(iaZ50jQq~z(i@pb|ei|v1-6JnXEM$N{*AaT4pnGHV zdOnmcO*`3-!X7QFZkeZ3%&lG{-fYW{smoZ@7$?u%I`t@}LSkmr!1W}rIe{|-uzs5kp`K?1rODakJDDrhetSbT1jAk__Ggj}k+JIK_3UO)p+F47?Cim64Xt<8E|G$S4Ui zfOaL%#8EfGZi1gcn`Un(?2})~`9AM_&?tnRuuod>Q=7`gIO$esv&w+BD_?MiU_he8 zpA912DYD?;UJrK@{|rBmaa6Uvcp8OcW|F?+jYY-9DPDcB4VN(Tp+UvUXd}hAnVoOd zpUlFqwLb@Xq~D`X^Jw!~ee=VKgQj5lwAFmRFSS+mV8UbVu$S!k!D%hu}`;M!)FPI4|<5Rtvla3#^@F!zG!rqq8 zGGy4tue4*mUk(R;aLOs}iY@P?$4W5sh1CL#U%$V`4<~p<~lb|)?{3aP`v$#!aLcg*bXzZWc+p;|>@Mf%V zxdjL>Rx-u^4lWE`KUkRWM?$7_;#R=SQ4t2cXLv9qID%?0C*<^Jb#-<1@uNrZ@9OHR z{_pz3#}60Q9=-K=?a{-Bj~>0fu)6m4*_ZV|?DLwN;a!okLi|rb&gqh1UyQWtz_+)Dpm7pd2ZrrFUceJ z_B@PEwYSNTgB`$hbx-^=>}ib#VL!IEN@uq!wNXzKRq0@nBFctoZ>9_vhGcIi4Nbwz z-kM=Zvl^@bog!o+-l&WonYn%eLzmO z8VD>)r4j-}d8@TmPOSpBl@+fTX(v!?pm>#%W`Yh63rMQx1ihx$A<#*gzPa!dv{qmi zqevnx`~53x2-0Lzx~;7iz|Vz|aecKwJqP4b0Ceo}SjXOYFt{w2%YJ|wfuEqwFi2b< zlFiU>+et`MI>@y{jMn9H*(nsS;%?-Rl9*oCDM^b?P@IG#2D5%aDQtlO7m6vAs$?fZ$e)IA7e)d_zOfBct!{7?Razta9o$^ZJ>FFri|tAFc{p8v;_gZuwH`N7}(tsiro zKl3N!fBKc-ul%z=-ad#*|HXIz{P+IO_a|Te^}o>jrJwKq?!xbW?|1*v_x{e8dw=Hd z{h{7>cYpLh{X?bq|JpzK%8&l%@BiqJed%v}>EO@&``>@_-!6Rl^fzDp$nX8(-|6;# zwf+4+dj9xN{L}yGU;T~0^;3WQcmD5x{7Yxw@BZUI{YQSa{O?v5{>ZQXbo=LDZv5h3 zx%bPJU-)_V|N4io-ut_M``7+A{QXzo{_$V)GR^hbaC7k}{Y{h$B+um5&)>#uEo>BFtF zZ(jXpC&l95PhR!j^Q*u13qSYWpZo5Q{N;c1FaOQ&|D*5!vtRE{e*8DS`}e>9uYCWX zyz?)A`yc+`2fzF$e*UNbKlZLX9?Gu$Taudk)RPu%xEn+@Gt7*wky4h(8VMoB%spe6 ztyv7o)?SvvlS)xNX^|F^N|Gs|1r;jFRw^Z-jY{hGx$haWhU$6V=l#9i|1kG`&ULQq zI_F&1b-rh-+Wm~q-IIQJom*hs3%RKH!y&3jjU|gS^l}R++do~R_-@@DkC?ugVS21( zL`utK)@hChK0QCeXF5|lJJ0-7{;Q~~jGKn3ER`0(gv_xO%0<qIn$SRHkDweO zpiV!qyo)0J8FoD%m( zWpfHYtE7w%%?UYMM)Hw3D0CARCb~8~)AhJpJ=XU&=zzJV zcM2|qDu>FHQjR^bnI_pN%@iEjOE|Rm^&dqa3{xFno;8l!D-~-N#3+@omA`_!DGa>Tq){FBC=9-n8by5U{bx8*DD+I;oE*ric3OIBj6EzBZ^v+^6X zg@sQ70VSJ%*o}bwg`>Mk7s#oAzM49Df=ibO|w0cd{C;EKHC5daY7JVfLTP^A)#mwj3>kiZW-u z-jTaIW73?-EepeAk`!E&V{TGv2z%d#6dN88*f&USxps1?P;Pf(?4PSwjIUi5-a7T- z)LjYzmZvSImq~rT^5|iW?r7ilv;f&C^CglNWVw3v*6GB&hoR@}AFgsc{d7i+Y{I8j zgZKIyS1)-mWhFTpB4$kZG%79p3BsdE#(Fp>HDBfOvXDKYtkvM>BkK(2yeqRM%R$M8 zO=_Lw5`9r2-b2ZBoAjPS)8?BcrC%AfXVK>>KE?T@2ghDh*&m`>TtjFJXz{Hpq1>|j_RXJd3O`Az7H^OJ^8q^btTeW5``xNPD$p&vq|B2F^THcGOqI#=UBi&o zsio(ZHEL4)>YcnjRt6Y9plD9qWy+{Nm1Oub^3+)ccYDDa@O@Oh=_aMbqMf>oXJ1_0 z?3fqvdZT237vJIUgYZnb5sr@{53*HXL&phL}cz(&75*cjncLYFPrvJxW=PN z!M#m_d#wo5>fljUxnQTQTk2o87bpf8BJB=_s1{31dXI_UeXFiIwKl3|MrwZAsD$~q zKdh{=7Gz5|1mS~AQ`L^qF07uHbTad#k4gGUX~NU{VcZiZ?0s$I_K?b4_XaAA(X7?1 z8BycmL5OL4+dTGsaF(5delU1zzv7gwS|Qgzha#g##cvPu?^;RrVu2{?N&bYS-z?<&~9nlKE@VTD2_v1by1VQUk zQ{xUFoD=r+LZP+QpSgz;Tp!c+9MPF`ojZ?Wfv`Sw*5b=_Z=cMW>k!Rz1Ygh86}xOA z++2OrRz*$*6*a=T!9C7W&D|`;M)HW}+@MMOB$&rG%sy!~=S75(!68Jd?8F<7FBMfr zC%)f7*-J@xduy}*Y=RH&{G<=VZtLGZl-q>FT5cT6kFtEx@RF&TzeiXkGbX|yq3%&> zRek2&_&GvH&(De$36ot{JJ`1uH=_8rW;~i0i9YjyUW+ZAbVK(I^|@Q)m+~e2hua+A zAD!5r-I%0xc(`7}qBr%nq>OwgGvYl3rDo zdYOh~UcO1IU!bUv{*Y2&W_m-RP}}9b=U&cJoX^c|R@j?aS5W?QZ1=aAdMcm1``~%A zLu>v0jfki3A%ZA~;QoUZ`26r~5=}?Wsv0UMN!*vt=G47;?Y+9~uE8PmbG8Pt>w?+) z3-<-oEFF108Cx{WI`MT&`GYZE_H7SZwLkedceF{pp`?XMN=x#EI;X1n#5{f4akloD zipP!BxyNtKei0~*Sguk2*lxx?iw23Dt-{R9kq1*LXG}vzh1?p=d+$9>HcB`l#aL=Z zvE#0NH=oXz-fL1@;2kb0kdUu&U2;WP+9KdR;p;G(`<d+?ASW}f`h!dw`$G!WWMB6m!rDTkwoV@qw z^VLcXOLW$%^S1YP^ZCV>Je`XwY;@`rCbJ}4wi?XznEv@nX?w+iMdo;Cq@=pX7R!`K zPHUCNzRJ{R-bIJXoh*GV-gH)`0*Hs-gl2_H55!lyGwGbE>fi1FQ%O%1XxdJ{}c zPg9eZFuyt@LaO>|i49`Hl9!&M1tR0Hwt25F(&B$WR0bz-BGg*$58t1s|#ZX>8w z`*o$K75rsqGk==~E-gFHZ{n()59-ZNOG|}*>Cpqc;#3N6**JTm& z$23e@r9M_aNHMW`O2h00ifxy!z4g&(EwE`8c(yF8c{*;>X_;0Vf3Trib|)h8>Lm@N z^Y$yE=;E+6o$4oq#@bd7vy@p`1j!hocd%-!tdO@9b;p7QMf@ZbNZgS?j`j>d~@uV?M|gsfDKVF$Lsoq7uyQu{Kq}8*svVm#;rl{G3_a}O4AO$i4XNO4=dkOW+*s!PhNOXS+-Z?>F-a6)RVb!Lt$bC)c6>C`e#@U={RN7%{6`ctiY$i*SU zFDwstS<${FbD#9QW%BprY#TR8^P6-71$o+T`A7 zLs)Zh#nZ*Q2^puSwkev`I^T7hnmcG=s9& zfNMHGk64O~St}KLEe&y$0xY-gTuPf1xHnZH1(RibXp#2bREjV?2@FMGaV<}Z+`Sh;QW@Kc4( z%<{*V{wkV1!GDqrDvJ7C{e1(K5-eF->$IIORGYnn=g@FTRo^achu%Kv`c;&tbbQ+! zxjoY|Sy843LsU=aq-M{@%y@lY(xTp$dA0JEMajFmeBJpE{_3x_Uz^sM=6 zyU(QQQ~{B-pk?cLtuWO$qY+L>{Q~C0x3)P|2+Jg+j5!qz7Y}%vvqs-opP5=0cc-+y zI`n3}Ei-Nk>tPn-)Im}!y4Y+&ig8Hf7f%b%>n9h(lOw#7C~o&C<> z#RvJ&>U#$&UN>GOK5{U4@W_oUD}x#r@~6?|Dw!uzjt`y`InJJ#J>U0cbl^I-!27Ei zGkuI|?6ypyrk`b#8xl;WZjg%A%Bsb@y5<~xQMOEjJu5$>EPuBAi4}+Wj&@44L!U@B za=^Qc*i9kXS!u_)2opm|i}lWFD{LfI%B-*2@kzJFU5SttY|)T#$bYoP%j#wC>m5U? zWig-!%hw`ub7h*DvaK-suTltdaj<5-#0+39OF3bO83-kMh5=%$oOrL8o|t$M#bXw>;R?4)&w zfWqQA7qr4ut*j(1;+993-3&c9&bP&TdfgSPJ$a|XDo<_pe^00g9uYna6(b!R;PR!p ztbOa%#1K`hq=VUNse9uiS2@+#={jU_E~8H=jc6af^V+DX>L-sL{vabnhg!tfG{$dg zH_Oblcxxw&K1^=RwBM8EJ<^FX>Vtnm_&m8x_oyQoN4DvG*|*-UIRT%hTUZ$&h+nF1 zWg%%17vn6?URE%3d~>6hMU`p%75*9O6{FFyMhu#;j6qwPIg=g5Ug#cIVnt~`4N z;ir%iAjBnK)|jgPZvK=^_bBSL2F!`KrP(saM>$buH=m89b@rRR1t(`V5N{7ZTc)5Og|;%6w1|t$NSBtCL8Z>*e{Hlqz_M>xX_9c$ zP0^FiCP0o!|P_5&g1yYNmaZ{ArH=SBfBL*u04;1xsU} zScg?6n`O=NFfZ}akU!$dlg3NO&La8-LR6100gs1|e-q%V(QNX{G5s7wHeo_aqQBGW zBX=Y7MuK~CY-BT68x;-TYH8eC8CS4mdB6Fw24}6D~xVPd%~{SZs;i3d()gw zYS1z9y=yD@xOA_Bp{nhckN2YQlNQks2&ZU&=JYWQ^3UJ6RJ>3?wY+$}pSt`Y_HST^k-Qs-Hdl$3wy1x66<8vSB3YDbXf@ZTT9^agF_G+WO zik1xO`q`^3SM)Hhl1i4zB%7;Dd-7j?EB5SAtw?Z^eRkN={f|tWsM`}#RBG2?*na!N zSnRskM~$Jc%iOkF{&~Q&TCWI5F|getLwQ~{{rWr^)b-=`8ZL3R`U%RVkBS6Rf~$@8 zr3#K(Ev_R?pOCp2rj~Ztl0nmM7$%h3ah_Z9Y{}8|*~mM7aVLkLL^wTejvD@HRRl{X5@(l6 zfLP$Mrr^lc#-%C~WKh==Rm@ioFBr3mu_?2X?gH`t@XVIQA$LPD3z83Q_?Q|nVWf$q z1@3yYzc5_${xj=&r57ed6*D14CHa}ejC%sT4}o)bo;aGvv{gA1dUC#?HDJVql#rddVvhEX z&kk6&HjTRf<|*B@^wfX}N%HwhfTi%po{W1Uv7TA((HBg56#2-nBEAqxFpa9c{!_xa zxoYk~TXm-Gu(T6K7npN&q({9SJ|pEp3K~kY^J?_cz4=mZK@^uu=xaCCk*N@+U8*Ia z&Y_s>No7+r7e`&d&UQ)((cX|~wQ0V^Oz69wrCQmv_4BlspYR@wqA51k>e&px@M!|x zH>~n6vk?fV=(!ZjLz7NRH6vc?%s+47yAAn1dUg6%|D*Ey4^SiD=5IHnBb=fQiY9oh z*le*U^>vZ%*M*zrS-fSRlCY7vusS(|hKMCYO=#POQBEE!f>o`a9#ET;l*t&u`?$Q> zFs%@|YL(k$QRNrUrM^8;0 z>Az%GQ=n1yCY6KlBGAs{R9OItEVPoez~!UMP%#;qL6pRi&PR98T%2|#dg&){hVumP z_+@K%2T>BIs2XlgkBFS(VXpIH=LYgNS^tM4y#rdFN2t+E=U%z^YUc$R=Xn}(@lvtm z$lVb#7kG+ke@xr8RZFLJIiOT?V`6grb|88#EJ8~IO=h25=G>@HqkLC-+)ejCMgCJN zmV9S2@yl$c^eEouGiJ(Z&Y>7r$&%Ohu-FUdOVP)&A6?C9SJf!qKFR$~JeTgf|K>L0 zC2ikr$QkM$=EKX?Q_#25jo<_vf6nlL;TJwn{-YkCMID`xqQb2R)c@njDbID4v44iy zlUmj7G!mSu&>lig_4LfeQGZNGQ3(h?VR&@xD+9UP1Qc!RmMGm_GSlC+3h9JgYQ=7QT#&mDJv zxyQ3rU2d&ZEV*doojZlrDcM`=r0@^}x`TX&+{+ zAL&$ket}%(;wak*DJpv^l+;QW32L{0E?wi&Fv(<*g>ba~pB|E7n;?F+O2v|+N!!LV zrE_u$EF~>)EHW=(jNXK6GUq@0dC!|HCK59}c-V+{zR?O}4jb)Lefwa=;er_z)7C#c zwoEay@}QYI)F|)PKR+nkXt=XljUVjaplGrdKSpLzywL}bu=HVs;w38cA)~bhldZ7! zM3a|Q&4)<4rK2iUO9~oBc$|~i>D!!H892{(8}fjh5i!d5;DFw$?ykAvw$8cx$&G1@M ztGZnH$IHUChK|{L*!j*|VCQ*!`p2c4swEU_-lPewYfi_U8DoK?uBtAcCBzzTZ?CGz zP(CqSzi3G!)C4GVYe^fcjdz8}u>IOf%iD4xhxe3&4w&Y<4)=J{)mw%*zpJPd1kYZne~FZ4V(yy9J{2lswO=%f(5>lH(q2vv+A4cg1xt zscv8Of&BH+Qxpy*TqK5#IA@R}9a$+acF84nHuu+7Ppbb!K@rFcU(Qc$o3LA*Vwvk? zeZG2Z>$b?{P1`Dun0X8VX(-zhESM9lL8Zag^*OyOOuOHkzt9csfoVwjuDEMd$k{{->Y|mt0$_lF^ z`Hl8u$Ml^ST80rq?is2k9RKhE4Mj<^GN|hp4{Ta8Rw8?>)8nHm=GNhrN3NY*5?w(v zJUSj>C&-?)_~wJMz^$e0q+-d{<&8qVaHHWw${y8I3mS`aKlw+Szx*&~+f7L~;b%kD zyn^GmW<*pbn;ATpU#qp@Onq{QnzY+|YKq^pf?2Y;jrLCt#Z_KtedJ*w73+u0Wlf&_ zZo`8Qj)_p?vM-w-JwHTNUq`m)_SNHRzWb0G@$shT3r!@Ibf{Jh7?XMvNsG8EXK3a! zwFnQbWh3z~8`WD2wp1oxE2>u)G$AgI@fx`d$v?tMxqYN|RU!?dIT`iNzkal|%`jBj zu-YeOSz8-W>&73=GMIeBZDZwBD4c`F6j3!cQinoRTQvO`)Zo_RWm#JT z3}L%O=*>y4bx_!*Yy~lpXLx{>T1vpPOBL{%;YAMxZo#K!hYLD~jG-A9yDb~SOAJ*y3%=v!9?MVoy;A>;H~?1*{O zQwlDPY&jV@N8V?W#ngLOl2;$jd^@~G7y{nAa3p(kWwP05gi|qZc9FK>wYRtBJTlU) z-6m%`M%6{%TD5ixYlL&oBZ^JN4DlGG#M$9_<*?6)5gBT?LOrPb*!QLfv=USgJq}lS zR4KeE6*~q0VcZr*MCB=%?B0q~!x|B;PtzmOk(I};rKygzILbgxEp95&Qn-CbulV?c zltlCLTH&n_Zy~a6*Xv6g9DSR{Wx7NiLBG&wq^T$kyAtGn!M%a@G!+^X{uQEXMcaSd z#mXRSf}aXIX^}-(R*<>7&CzpbjD43By+RuX)Zhe!KQ{#o&m)NkZYL6NWa;f3hQU{c zk9CSP@@$<`ytHvXA}uX+cc{ht)iMeZ%J9JSo}mp*|AR)Ttn|*+CQ?mqrH*^2LPOcG zfXpN7vZm=_*-5gMA3xqceQCSe%*|R*H}jr&Zdz!v)J~dYRh;h2t(B*=PPs<<;;YQd zZUxFJ9bJ|&(>EKAdhA`C8!9()vCXzMb{c6{zZ^?*tdPb$^KJ6@KoeJEiRph2ujlo?fmBa~3ot9NIGZCbnq!BBjcA=W_(IVObAJ=TOBX zCZrfkU{LBwhUcd55$ex0TD#a7j-uVA}#bOcidlSCzcezt2B$^lGC^VwAea zmU%gbjxT%#Ulmg_#ylN^`#@ft;gWgr=K2@v^4qM#gNIEjJy79Wku6i9AO@1&pjMu6 z9X9%YQpKX2`Q#O#e#ThPkzwe6Imvyo`5 zzu8tFr#6!nZm3Q^Wr6zmu!VE~cv;rXC;SH!H@t|w892Eif+0mm3&!Rmoe0<&nrL;;i`0BgYe!X3C z!vo3(<9C`)s0h8iV_jX2L_j%nRQnRfb(Q7cx|7pOivB|YEz19$kovx=Xm zt#ivdm*41~81=%)^@;zX>|vN0pR1f~^d%a&RdEwq+AbeB(5ew_e*Eo?zcSJ%VB03J zJ>qX17UtfqFFTalCQsuboRGIj`)#ZCuKvWYxkrdKxDl=~U6Yku0o6R-Cdq7nSVd^onDdPm_zpGM~yRH`K!J`J~wiCVp9KHqmiXj zCwb(4#yeI;yVC5Hvrf%EX-2A+-EuH3dshfrwoSfXpS!_mU%>l7qYWH`F-G#&hZTBk zxoEb|?U3xMuSm8{yoC~#;?6REL*>1b=j-vtduzOZ^7;wi^1Aj&u1M{e$mpTA0%m;#QoSFqT#tF;^!jr~ZAx>$Bx^lAwJ|JkY~Ce#WDL}FElQmmgH$PBCHGE0@L8QbrLivZ z;|B#tdD$}`43rVl7ANc&bMwNvq4?0rFB_S!wc3M+haK8OsvaA4eaW^FCM*96T~r;> z_+<)^_qbZ8CSq57wI}+B;Lq3>+nt(Ag+q-Qv1Qbd1!_f>_e$<%a6_k5PkmmW zHK!#o>g$VAyG`kLR_{`6nO{>WWRBYuBUNovxd6B9d5KFBa=fvm1zC#U(%LX~jilfB zRqn_nDaXt<|5-0IHjR3EBDE=^bnhDH)-y@=uOcWH_dS?)6f39`)EuE{x3?W=j6O^H zW49r~2|51w!3yrtDPK)r6@`@ z98)yWz%;J0u53?XLzeLJ)vpcwn%QOx=G}I?>aZmAD*TmQF(Q& zv+cvZyhEApHA!yTrIndFEg`2*9(1k9Pf;wWl19yJd~lIk&;5{j`D9gfuHt61<+D7t z3@a_K4jf%pmsCjBzH#f}@cpCLY%8^p&YgeaR-8xJ>YdiC>*r9iMN$Yu<#+}E4Vl5b zl-sQj%cRF$KW+L^D1ZHUBhCj^S_|**TiH@3z2|uB zpF7nOA`8u;$xA(3vW1hz2gl#V9}=FL(SB5M)YkP!LR9T!FON+O=J+|AFZ5C4{Tc8~>PXz{G5bfA8MN$5P?ZVV*fv*s!=(jR6~oQ& zwnDk2n4&KUGQtH?O@E~>x>uqjwXQK}H|c40ghQjdV0HG|dtALQ@}pvQ;}0ur-!)OV zQU)bM$y2<)Pjl;A<>p{T^>+pn0yL3@izF=)BMCP*%-z0bSX!%e329s1T)GTXdU?&~ zibv;|;bZvkbpp#~kDkP+HTBsuKjI)d^}hX{6RTw++E^L6mD%yjlfM!wO1_dCE^pQv zFN2CAynOyL0h~L3M2q06zMwI8vh;F&*KKX8LhV_XR-d=^zM$+!_>_4h1D{``g%23t zyu@S7?WqCuTcn80;1i3UPD@72(aBQ`H%nV8l-uI5wCVBL*ox9~B;PUVfl*U;OVma@G2Y!O3b?#L7k9e7?S4Wk zF72x+GUE811uDikpVy#U?7r9q3Lo^?D;i!mtbZkBU1s?9xoiEEz-H!W+;RcavXo9v!z!mNwZC_ zdFoW|>$bP$QuCzd)v(7Wx$ivu;zaC&6)PAQaf_bT<3CMhzFJNV-WFPCo^>ehL4tW? zEml9*JJdV41{8*u)mE63gin*&)aJOvJUkgx=ztJZo5XFAiZzq=YSJjOn)mUKya2BT zzVj_=_=ARf!)utEs%t9fjjh|uRyU(}c=IhlGVjR)yyM+hM-%K%&0gViWmy_|;}pDI zt3iR@)o@bCc;OgX%F;cD;^>mCG@A@=(2g5B9VeaH<(4>3-D8W^=G>iptLs*U`@p3LiPX>4{|p1eUD z=fgIe)4NNkXRLP@<0?_{ObUM09!4JBV{Cq1+`}NDmB=9I%RKOkOjjrT>7P84P%(j(twKdcV9C$ zGNesIu+6LTkCjTfc>0YwHz{1lW2?SB_OLT!xcBh%@}reU87&$5+qYHHfr)~kS4Hy2 zucWWL8IYVRtAhM$C25f;iN^2?Z#jPnq%22(-)3ehl&Q7&sl=&;hEg*S$v6pK+FlqQ;e}Zk1%wv z|ANRlIR*7DGGB4~=7#A|`QCRNHk6~$*I!<)l0g}V)uip0I?nr`*!=eL$tpgiB@HN) zQ1N|}d!+170}9$K{QkOj4R6`SK7se1#7GGw>(+gx?@w;JR37R-r4m25h0Hr`8P;tD{wT5cuSJgLU(OqP+?n0Yc4W4^>pz$mBZZ`}HTvoLWA z)EA;6zbJBB4df0=oDF}_GG_H#w&z^7ZVKZ3>=Vn|N)USzR(yOmZH@e?ImnpJQn6++ z_0L}>Ft;ekT>2xeB-B2{`8oH|A+`s;D1D6MT6edk2TjZ0zhg!iXpY-rq?CxXIvHq! zO)YJ~)@pi8DSIK5@)#ahzIwic2fi67+L6>Yaip(q!pSMm?=2sNEVP!iF#d8hD?9m6 z{fmZ4H}^^1L-@+2r=*WXxY#~C=dInmKL_#b-Gz_upPeNd=9h22hFAC4a*bP$npl^i znorv6#U7oW`&zcxHUCYxRI7A0_dMb=#Uf+wi6{FeuL#<3&tc28eTgBeNDZ&otu5!s zRWky1m46W~6po~{Eb%_zqmy2K0@X0xz4CRs;)fGC5yQ_(v=Zj&mEFzMX^{{wPL4mD zSgNhM^9l7Z?ZPH!&ak}K!_{mb-sa8JRM<8A%vHsgZzs#1m2^ouap;2lXUe8Mq5ABE zC6zj3~ z33^_H?Vb&*Kl#Lb#hQI24(kr3>CKVzxQbYn5Vm6qmIwHa=}3X<_`AQ(30g zzFXxJP`cWy_B_7rZ93|9{cX?f(zn(bD4dj-o{z1F-@4mzRUUR4mpXmT=+>xXcpM>) zp84o5!O+?G_hW3F80Fj`xmkkO(u$HgoU6ELv*qd+hK{VcEr9WxR9WD3j*M`j`n#}e zC#Nh7K5i~;D~vWJ8p;LyfyBLdu}zCM;?stiNF)+>c|r$yxCGy1~qQnxTukbLsWlx=C-dACd(Rt@kMX7BqStM zc_vOgGLZ)oL?`q};54yw(O4`Rr@2gXE&;Diz-iCX)FfzXu6Uktpj!q8i%g^V_s)RD ziZU$aBVS2KNJyBQSR0>QzyXO|7L$tt1R%iWaac?$9eOD`rHKsq zv-q8-LPI||087B^Lap;Ga2gjr{E5gU696?98)S01bbv!-k^!_A=m+3&Y7m1we>O;f z%Aql-2mqiHJwZAF=$lal08lwBKAQj_?K`;b&@B>yQ2w?#7BFWJsbF`7ixmrh>8fY( z?Reca<-i3yci|heNIoD3pfSY9N{M-dl86ue0y>C_r1502=pd1a006EROW@Asdv-Jn zcN&ENbXa>W zVfDpu*Y+`3zPsjuwFX!ZhJD{I2Mm7WT^FN+!4Hlz9+5g!#+DJOJ@{f$X-vN#RVbVp zJqWd0LkS11P*LiBRoRv0Au6#e9|NkdD;vEP2NSX7)9Lmgi39SueYJi#E0hKhB^sdp z_e>619($1EOCyPoy|-i$$%}||B9jDJ!U3&6e4e@Zq#Yv`pULay1#rF1xHX^Q3331y z1rQzaLFD)Y)-1Bfa`bIb`_0mykrG?QZ}zr_d_bpwNJMwzMCE{7E(R2x&fZm&4!hS~ z7!yA>iwgooHe2jDEQ$Ug2hiA0Umdpf*fDbK^6T~m?(8e=}_vQsR5`~p_)YYXoLphs}*{S z#T6BSf%xmz>%MhikpO+!Cvj$2xNky&Og^J8?z&kkv1q_DQMunZ@1|||;@+7v`;lhQ ziej<5G)klqoe#xR=C(-DZ}?gu7KbPP*Oepbc3wZx-yMZQ7o z7YC&rdrPrH0Xn+;PpIe{wZFN2^%kDQ=ki#LE>Vq$F)Jc_keVQMr0+u!BI#gth{^#x zy82Qmp~pZff+$m195Jn~;g{(9->flcWZ0!ldmf7eMHBe z*v|)qvgRQ7j^|K_z!?Zy5X5F7h$?$Fd;?CSxMTlv;|zE{fzu$~4hiWkwC z$Rk?yijUz_O}`WPn%VsV-zB2xsQo^K6dfP>eKAFu2M|pL}Uws4>dHe2}bsNc@Z5(X>wK(%hRuvevz>`VHdl|J%6 zqyQ3;O(fBH-C<6grr34$-?D9&8^I2zw{RU_Axr@G;~xrnm?FeX3Cghyt!X{>MxWoOO^U zhA8+BO1RL`9BPt%e&>WB|!j%WpU%HED2WK5fKv4nzNfC!=CB^J7 zbhLM0Xk=t!Z|`nl;_Pm2+@GAi68Iz&e(!!fxhk=xIpmCfSvs2q^Hiau0m*;bU(eyL?&z;b`EYp={*MDE2Y za)2p?V;50QE12k#zXirp$K92ZNb3bBZ>I(s-a237EekKRtj5DA%Bkqd@jftvIJ13q1J_i zIM3f#7vJK+A=XEiaI{x2+JCKlOY_t647j9L^pR{MGC>2cJ+k*=2|9CiPBOy_YPely zzu;sGJCYf7OE%a=pFO8XJE)0yMGi2m=r-!&&=^FH|KNf$?S6u?ZWE^>f&i0628SM^ zb(=^PQ?iCA^&PPNfK)^A`2)%|l<;go(Ru}I14-vi^d;J`d0dPiqvsd`OC6Ft5GBBg z!5zdfsb4XcbkGowl?Goo{RWeLt}pIah(U&y{R+@E&>S-JeKsqtAvUYQ2bTQ`(Id